* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download lecture notes in Mathematical Logic
History of logic wikipedia , lookup
Abductive reasoning wikipedia , lookup
List of first-order theories wikipedia , lookup
Quantum logic wikipedia , lookup
Mathematical proof wikipedia , lookup
Foundations of mathematics wikipedia , lookup
Non-standard analysis wikipedia , lookup
Combinatory logic wikipedia , lookup
Mathematical logic wikipedia , lookup
Law of thought wikipedia , lookup
Model theory wikipedia , lookup
Structure (mathematical logic) wikipedia , lookup
Curry–Howard correspondence wikipedia , lookup
First-order logic wikipedia , lookup
Intuitionistic logic wikipedia , lookup
Quasi-set theory wikipedia , lookup
Principia Mathematica wikipedia , lookup
Laws of Form wikipedia , lookup
lecture notes in Mathematical Logic Contents 1 Propositional Logic 1.1 Formulas of propositional logic 1.2 Semantics of propositional logic 1.3 Normal form . . . . . . . . . . 1.4 Satisfiability . . . . . . . . . . . 1.5 Provability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 8 10 14 23 27 2 Predicate Logic 2.1 Formulas of predicate logic 2.2 Semantics of predicate logic 2.3 Provability . . . . . . . . . 2.4 Completeness . . . . . . . . 2.5 Compactness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 36 40 46 48 50 . . . . . . . . . . 1 These are lecture notes in progress, supplementing a course in Mathematical Logic as presented at the Czech Technical University in Prague during 2013– 2015. Please send your comments to [email protected]. version: March 21, 2017 2 Introduction In this text we study mathematical logic as the language and deductive system of mathematics and computer science. The language is formal and very simple, yet expressive enough to capture all mathematics. We want to first convince the reader that it is both usefull and necessary to explore these foundations, starting with the language. The language of mathematics Why do we need a special formal language at all? We talk about most things using a natural language and apparently it works just fine. Why would the situation be different in mathematics? (1) Not long ago, a mathematical notion would be introduced as follows: Given a sequence of real numbers, consider, gentle reader, the ensemble of all numbers possesing the property that whenever a number is chosen arbitrarily close in magnitude to the considered number from the ensemble, a number from the sequence can be found arbitrarily far, i.e. beyond any given member of the sequence, which will be even closer in magnitude than the number chosen. A definition of the set of cluster points in calculus could look like that. But if we make it any longer or add another pronoun or two, parsing the sentence alone will become more difficult than understanding the actual mathematical content. That’s one of the reasons that led people to invent a formal language: an economy of expression. Indeed, using the well-known epsilon-delta language of calculus and set theory, the notion above can be expressed with a single line. {x ∈ R; (∀ε > 0)(∀n0 ∈ N)(∃n > n0 )|an − x| < ε} (2) The natural language is rich and often ambiguous. This can be a problem when we want to express ourselves with absolute clarity, leaving no doubt about what exactly we had in mind. The formal language of symbols is also free from the ubiquitous exceptions and irregularities of the natural language. (3) The most fundamental reason for introducing a special language, distinct from the colloquial language we use every day, is the fact that the language itself can misguide us. Consider the well-known Berry’s paradox in which the Berry number is defined as the smallest natural number which cannot be defined using less than fourteen words. There is only finitely many words, so there is only finitely many fourteen-tuples of words, and therefore only finitely many numbers can be defined by them. But there are infinitely many numbers, hence some 3 numbers cannot be defined like that, and the first of these is the Berry number defined above — using thirteen words. The paradox results from using a language able to “talk about itself”. The language used in giving the “definition” is also used as a meta-language which talks about definitions, using expressions like “cannot be defined”. We certainly expect the language of mathematics to be a powerful tool able to express mathematical ideas, not paradoxial statements about itself. Apparently, the natural language allows for such conundrums. We introduce instead a strict, simple, formal language to give definitions, formulate theories, give proofs, etc. We will continue to use our colloquial language as an informal meta-language to talk about mathematics, but will practice mathematics itself in the formal language of predicate logic. We will describe this language in two traditional parts. Firstly, we introduce the propositional connectives and study propositional logic. Later, we refine this language introducing quantifiers and predicates and study predicate logic. Statements expressed in this formal language are called formulas. What is a proof ? Another of the motivating problems that led to the invention of formal logic was to clarify the fundamental notion of a proof : what does it entail to prove a statement? Can the notion of a proof be defined rigorously so that we can effectively recognize valid proofs and study them mathematically? The gentle reader surely has some intuitive idea of what a proof should be: a line of argument which starts with self-evident or explicitly accepted assumptions, goes in a series of obviously correct steps, and culminates with the desired statement, which is hence demonstrated beyond any doubt. As an example, we present to the reader the following argument — is this a proof ? Let ≺ be a binary relation satisfying (i) for every x ≺ y and y ≺ z we also have x ≺ z (ii) for no x does x ≺ x hold Then for no x ≺ y can we have y ≺ x. In the opposite case, we simultaneously have x ≺ y and y ≺ x for some x, y; hence we also have x ≺ x due to (i). But this cannot happen, due to (ii). Hence no such x, y can exist. Mathematical logic introduces the notion of a formal proof : a finite sequence of formulas, each of which is either an axiom explicitly given in advance, or is derived from some previously proven formulas using a deduction rule, explicitly given in advance. The question is, of course, which axioms and what rules should those be. We will desribe the Hilbert system of predicate logic, which has established itself as a standard. The argument above is not a formal proof in this sense — in fact, it’s not even a sequence of formulas. It is an example of an informal proof , which a mathematician would routinely present. With a bit of effort though, it can be made into a formal proof. It is important to notice that in a formal proof, the “meaning” of the ≺ symbol has no part. We are merely manipulating symbols — an act of pure 4 syntax, not dependent on which relation exactly does ≺ denote, and what do (i) and (ii) “mean” then. A reader familiar with the notion of an ordered set will surely notice that such a relation is a strict partial ordering, and we have just proved that it must be antisymetric. But the correctness of the formal proof does not depend on this (or any other) understanding — in fact, it can be verified mechanically. Is is natural to ask whether we can effectively decide the provability of a formula. We will see that this is possible in propositional logic (we say that propositional logic is decidable) but not in predicate logic. However, if we know in advance that a given formula is provable, a proof can effectively be found. Syntax and semantics The language of predicate logic, just as any other language, formal or natural, has its syntax and its semantics. Syntax sets the rules of grammar: what do we even consider to be wellformed expressions (called terms and formulas) and how can simple expressions be combined into complex ones, much like simple statements are combined into compound sentences in the natural language. The syntactic considerations are entirely formal: we study the expressions of a language as strings of symbols. In particular, formal proofs, being sequences of formulas, are purely syntactic. Semantics assigns a meaning to the expressions and asks whether the formulas we consider are true. That’s a meeting point of logic and philosophy that spawned logic centuries ago: using a suitable language (logos), we try to capture truth — or at least the truth about mathematical objects. The basic questions mathematical logic asks then are is it true? (semantically) and can it be proved? (syntactically). Another fundamental question is the relation between truth and provability. We will show that the Hilbert system is correct and complete. This means that every formula provable in the system is true, and conversely that every true formula is provable in the system. So the notions of truth and provability correspond to each other in the best possible way. Such a formal system is a good framework for doing mathematics. Logic as metamathematics Every field of study has its objects of interest and a suitable language to talk about them. Calculus, for instance, deals with real numbers, limits, etc, and uses the well-known epsilon-delta formalism as its language. Linear algebra deals with vector spaces, linear operators, matrices, etc, and uses its own language, quite different from the language of calculus. Arithmetic studies natural numbers and uses yet another language. What does mathematical logic deal with then, as a separate field? Broadly speaking, the language and methods of mathematics themselves. The expressive and deductive apparatus, common to all branches of mathematics, is now the object of interest. Formulas, theories, definitions, theorems, proofs, all used as everyday tools in the respective fields, become themselves the objects of study. For instance, we will study the relation of consequence between formulas, like e.g. arithmetic studies the relation of divisibility between numbers; we will study proofs, like e.g. algebra studies polynomials. In this sense, mathematical logic is metamathematics. 5 At the same time, mathematical logic is itself a part of mathematics: its methods borrow from algebra, set theory, computer science and topology. Other fields of mathematics benefit from interaction with logic by studying e.g. the completeness or decidability of various algebraic theories, the consistency of various topological and set-theoretical principles, the complexity of decision algorithms, etc. The benefit is mutual, and the interaction has been very fruitful in the twentieth century, leading to many deep results in both mathematics and computer science — and to some hard open problems as well. Logic and computer science Computability theory, also called recursion theory, separated from mathematical logic during the thirties of the last century. In turned out that some parts of logic are of a special nature: they can be entirely carried out by a mechanical procedure; for example, to verify that one formula is an instance of another, or that a given sequence of formulas constitutes a formal proof. Finding a proof, on the other hand, is usually far from being routine, and to decide provability is in general not even possible. It became a question, then, what exactly should we consider a mechanical procedure; which integer functions, for instance, can we consider to be effectively computable, i.e. such that the computation of their function values can be delegated to a machine? For which decision problems is there a decision procedure, correctly answering each particular case in finite time? There is a philospohical aspect to this question: to what extent can reason be replaced by a machine, and where exactly lies the boundary beyond which it can not? Various formalizations of an algorithm were proposed since then: Turing machines, recursive functions, register machines and others. Eventually it turned out that all these formalizations are equivalent; for instance, a function is recursive if and only if it can be computed by a Turing machine. This led to the generally accepted thesis (the Church thesis) that there is a “definite” idea of an algorithm, independent of the ways we are describing it. The basic formalizations of computability precede the advent of actual computing machines (not to mention the later mega-industry). The theory of recursion is not concerned with the limitations of actual physical machines, such as time and space constraints, and asks instead what can even be computed , in principle. Any actual computer is a very modest incorporation of a Turing machine; a programmer can view recursion theory as the freest form of programming, limited only by the boundaries of the possible. Let us note right away that some problems provably lie beyond this boundary. For example, no algorithm can correctly decide for every given polynomial with integer coefficients whether it has integer roots; no algorithm can correctly decide for every given arithmetical formula whether it is provable in arithmetic; no algorithm can correctly decide for every Turing machine and every input whether the computation will halt. These negative results probably do not appeal very much to the practical programmer interested in the positive side of computability, i.e. the problems which can be algorithmically solved. After finding out that an algorithm indeed exists, practical questions follow, concerning the time and memory requirements, possible optimizations, etc. These questions are studied in complexity theory. A typical question there is e.g. whether there is an algorithm solving the given 6 problem in only polynomialy many steps (with respect to the size of the input), or what is the minimal possible degree of such a polynomial. A typical result then is a lower or an upper bound. We will only touch upon the questions of computational complexity when we come across certain problems in logic and arithmetic which have a very prominent position in the complexity hierarchy. The most important of these are the problems which are complete for some class of problems, which roughly means “at least as complex as any other problem from the class.” Computationally hard problems appear already in propositional logic, the satisfiability problem being the most prominent. Logic and set theory We will describe the first-order language of predicate logic which allows for quantifying objects (as in “every prime larger than 2”), but not sets of objects (as in “every commutative subgroup” or “every bounded subset”); this is only possible in the language of second-order logic. Languages of higher orders allow for quantifying systems of sets, families of such systems, etc. The first-order language of predicate logic, however, is fully capable of capturing all usual mathematics. This is done by laying the foundations of mathematics on set-theory, which originated in about the same time as mathematical logic, and its position in mathematics also is two-fold in a similar way: it is a separate field with its own topics and problems, but also has a metamathematical side. It turned out soon after the discovery of set theory that the primitive notion of “being a member of a set” can be used to model all the usual notions of mathematics such as number , relation, function, etc. Algebra can be viewed then as a study of relations and functions on sets, general topology as a study of certain families of sets and mappings between them, functional analysis as a topology on families of functions, etc. All the usual objects of mathematics (numbers, functions, spaces, . . . ) or computer science (graphs, trees, languages, databases, . . . ) can then be viewed as sets endowed with a suitable structure. The axiomatic theory of sets makes it possible to reduce the language of mathematics to the language of first-order predicate logic: quantifying objects (i.e. sets) is also quantifying sets of objects, which themselves are individual objects (i.e. sets) again. We will not develop an axiomatic theory of sets, however; only the most basic set theoretical notions and constructions will be needed. They are surveyed in the appendix for the reader’s convenience. What we omit We will not trace the historical development of logic or its philosophical roots. We will not mention the Aristotelian syllogisms, the stoic school of ancient Greece, or the scholastic logic of the middle ages. We only become interested in logic at the turn of the twentieth century where it truly becomes a mathematical field. We will entirely omit non-classical logics such as logics with more than two truth-values, modal logic, languages with infinitely long expressions or nonstandard quantifiers (“for uncountably many”), fuzzy logic, etc. 7 Chapter 1 Propositional Logic In this chapter we study the simplest part of mathematical logic — the propositional logic which only studies the language of mathematics on the level of propositional connectives: ¬ negation, ∧ conjunction, ∨ disjunction, → implication, ↔ equivalence. The purpose of these symbols is to capture in the formal language we are building the most natural figures of speech made by the connectives not, and , or , if . . . then . . . , if and only if . In propositional logic, we ignore the inner structure of the individual propositions connected with these symbols. In an analogy with the natural language, this can be viewed as analyzing a compound statement without analyzing the individual sentences. 1.1 Formulas of propositional logic 1.1.1 Definition. Let A be a nonempty set, whose members we will call atomic formulas or propositional atoms. Then a propositional formula above A is any expression obtained using the following rules in finitely many steps. (i) Every atomic formula from A is a formula. (ii) Given formulas ϕ and ψ, the following are also formulas: (¬ϕ), (ϕ ∧ ψ), (ϕ ∨ ψ), (ϕ → ψ), (ϕ ↔ ψ). Every substring of a formula which is itself a formula is its subformula. The formulas obtained by using the propositional connectives read, respectively: “not ϕ”, “ϕ and ψ”, “ϕ or ψ”, “if ϕ then ψ” (“ϕ implies ψ”), “ϕ is equivalent with ψ” (“ϕ if and only if ψ”, often abbreviated as “ϕ iff ψ”).1 In propositional logic, we don’t care at all what the atomic propositions are. It is natural to picture them as some elementary statements of our language, e.g. “all primes are odd”, or of some formal language, such as (∀x)(∀y)(xy = yx). But as we will not study the inner structure of these atomic statements, we regard them simply as indecomposable symbols. For now, we only deal with how they are composed together into more complex formulas using the connectives. We will generally use the letters A, B, C . . . , P, Q, R, . . . , possibly indexed, as in 1 Negation is a unary connective (takes one argument); the other connectives are binary. 8 A1 , A2 , A3 , . . . etc as atomic propositions. When studying predicate logic later, we will refine the language and analyze their inner structure too. 1.1.2 Example. ((A ∧ (¬B)) → (((¬C) ∨ D) ↔ (¬E))) is a propositional formula: A is an atomic formula; B is an atomic formula, so (¬B) is a formula; so (A∧(¬B)) is a formula. Now C is an atomic formula, so (¬C) is a formula, hence ((¬C) ∨ D) is a formula. Next, E is an atomic formula, so (¬E) is a formula, and (((¬C)∨D) ↔ (¬E)) is a formula; so ((A∧(¬B)) → (((¬C)∨D) ↔ (¬E))) is a formula. All the previous formulas are its subformulas, but the substring → (((¬C is not. Note the inherent finiteness of formulas: they are finite strings, in which only finitely many atomic formulas and finitely many connectives occur. That’s an important feature of the classical logic, as opposed to other possible logics that study infinitely long conjunctions etc. 1.1.3 Exercise. (a) The definition of a propositional formula requires strict parentheses; strictly speaking, A ∧ B is not a formula — but (A ∧ B) is. It is common practice to omit some parentheses, by a set of rules analogous to those of operator precedence used in programming languages or arithmetic. For instance, we usually read 7∗3+5 as (7∗3)+5, not 7∗(3+5): some operators bind more strongly than others, so we don’t need to parentesize them. Formulate a convenient operator precedence for propositional connectives. (b) Accept the usual convention by which the binding force of connectives declines in the following order: ¬, {∧, ∨}, →, ↔; i.e., conjunction and disjunction have the same precedence. Using this convention, fill the missing parentheses in A ∧ ¬B → C ↔ D; in the other direction, omit all parentheses in the formula ((A ∨ (B ∧ C)) ↔ (((¬A) ∧ B) ∨ ((¬C) → D))) that can be omitted. (c) The expression A ∨ B ∧ C is not unambiguous under the usual operator precedence, so we still need some parentheses. Strenghten the rules so that every expression is unambiguous even without parentheses. 1.1.4 Definition. If a propositional formula ϕ is constructed using only atoms A1 , . . . , An , we will occasionally write ϕ(A1 , . . . , An ). If propositional formulas ψ1 , . . . , ψn are given, denote by ϕ(ψ1 , . . . , ψn ) the formula obtained from ϕ by replacing all occurrences of Ai with ψi , for all i ≤ n; call ϕ(ψ1 , . . . , ψn ) an instance of ϕ(A1 , . . . , An ). 1.1.5 Exercise. Which of the following are instances of (¬Z → Y ) ∨ (X ↔ Z)? (¬A → A) ∨ (A ↔ A), (¬A → Y ) ∨ (X ↔ A), (¬A → Y ) ∨ (X ↔ ¬¬A), (¬A → Y ) ∨ (X ↔ Z), (¬¬A → B) ∨ (C ↔ ¬A), (A → B) ∨ (C ↔ ¬A), (¬Z → Y ) ∧ (X ↔ Z), (¬(A ∨ B) → (B ↔ C)) ∨ ((B ∧ ¬A) ↔ (A ∨ B)), (¬(A → B) → (B ↔ C)) ∨ ((B ∧ ¬A) ↔ (¬A ∨ B)). 1.1.6 Exercise. The syntax of propositional formulas defined in 1.1.1 is sometimes called infix , as the connective stands “inbetween” the statements. In an obvious analogy, a prefix or postfix syntax can be defined, in which e.g. ∨¬AB or A¬B∨ are formulas, respectively. (a) Give a formal definition of a propositional formula in the prefix and postfix notation.2 Note that they do not require any parentheses. (b) Rewrite the infix formula ((A → B) ∧ (¬((A ∨ B) ↔ C))) in prefix. Rewrite the prefix formula ∧ → AB¬ ↔ ∨ABC in postfix. Rewrite the postfix formula AB → AB ∨ C ↔ ¬∧ in infix. 2 The prefix notation, introduced by J. Lukasiewicz ([T], p. 39), is often called “Polish”. 9 1.1.7 Exercise. (a) Implement a parser of propositional formulas, i.e. a program that reads propositional formulas and recognizes their structure; in particular, it recognizes whether the input is a propositional formula or not. For simplicity, use e.g. - for negation, + for disjunction, . for conjunction, > for implication, = for equivalence; recognize e.g. the roman capitals as atomic propositions (limiting the complexity of formulas to 27 variables). For instance, (-((A>(B+C))=((A.B)>C))) stands for (¬((A → (B ∨ C)) ↔ ((A ∧ B) → C))). Recognize formulas in the infix, prefix, and postfix notation. (b) Notice that a natural data structure to use in the parser is a binary tree. Draw the syntactic tree of the formula above. (c) Implement methods that write the formula out in infix, prefix and postfix. (d) Implement methods in the infix parser that recognize and output infix formulas with parentheses omitted by the usual rules. (e) Implement a method that recognizes, for two propositional formulas given on input, whether one is an instance of the other. 1.2 Semantics of propositional logic We have introduced propositional formulas as syntactic objects: strings of symbols of a certain form. Now we describe the semantics of propostional logic which assigns truth values to propositional formulas. We will show how the truth of a formula is determined by the truth of its subformulas and we will introduce the fundamental notion of a logical consequence. Truth values From the point of view of propositional logic, the atomic propositions are just symbols, standing for some nondescript elementary statements. They are either true or false, but we have no intention (and no way, really) to decide their truth — it is given externally by a truth evaluation, and no possibility is a priori ruled out. We only require that the truth of composite formulas corresponds to the natural understanding of the propositional connectives. 1.2.1 Definition. A mapping v from the set of propositional formulas into {0, 1} is a truth evaluation if for every two formulas ϕ and ψ the following hold: v(¬ψ) = 1 if and only if v(ϕ) = 0 v(ϕ ∧ ψ) = 1 if and only if v(ϕ) = 1 and v(ψ) = 1 v(ϕ ∨ ψ) = 1 if and only if v(ϕ) = 1 or v(ψ) = 1 v(ϕ → ψ) = 1 if and only if v(ϕ) = 0 or v(ψ) = 1 v(ϕ ↔ ψ) = 1 if and only if v(ϕ) = v(ψ) The value v(ϕ) is the truth value of ϕ under v. We say that ϕ is true under v if v(ϕ) = 1, or that v satisfies ϕ. Every evaluation of the atomic formulas extends to a truth evaluation of all formulas in a unique way. This happens by induction on complexity: given an evaluation of atomic formulas, extend it just as the previous definition requires to negations, conjunctions, etc. Note how the definition follows the same recursive scheme as the very definition of a formula.3 3 The definition of truth values based on the syntactic form is designed, obviously, to capture 10 The truth value of a formula apparently depends only on the evaluation of the propositional atoms that actually appear in it. We will prove this trivial statement now, to illustrate a proof by induction on complexity. 1.2.2 Lemma. Let ϕ be a propositional formula, let A1 , A2 , . . . , An be the propositional atoms occuring in ϕ. Let v and w be two evaluations agreeing on Ai , i ≤ n, i.e. v(Ai ) = w(Ai ) for every i ≤ n. Then v(ϕ) = w(ϕ). Proof. (i) For an atomic formula the statement is trivial. (ii) If ϕ is of the form ¬ψ and the statement holds for ψ, then v(ϕ) = v(¬ψ) = 1 − v(ψ) = 1 − w(ψ) = w(¬ψ) = w(ϕ). (iii) If ϕ is of the form ψ ∧ ϑ and the statement holds for ψ a ϑ, then v(ϕ) = v(ψ ∧ ϑ) = 1 iff v(ψ) = 1 = v(ϑ), which is iff w(ψ) = 1 = w(ϑ), which is iff w(ψ ∧ϑ) = w(ϕ) = 1. (iv) If ϕ is of the form ψ ∨ϑ and the statement holds for ψ a ϑ, then v(ϕ) = v(ψ ∨ ϑ) = 1 iff v(ψ) = 1 or v(ϑ) = 1, which is iff w(ψ) = 1 or w(ϑ) = 1, which is iff w(ψ ∨ ϑ) = w(ϕ) = 1. We leave the remaining cases of (v) an implication ψ → ϑ and (vi) an equivalence ψ ↔ ϑ to the reader. Notice again how the recursive structure of the preceding proof corresponds to the recursive definition of a propositional formula. Truth tables The truth values just introduced can be expressed in a compact form by the following truth table. A 0 0 1 1 B 0 1 0 1 ¬A 1 1 0 0 A∧B 0 0 0 1 A∨B 0 1 1 1 A→B 1 1 0 1 A↔B 1 0 0 1 By 1.2.2, the evaluation only depends on the evaluation of atoms occuring in the given formula. There is only finitely many of those, as a formula is a finite string; so there is only finitely many evaluations to consider. Hence a truth table can be recursively compiled for any propositional formula. 1.2.3 Exercise. Compile the table of truth values for (A ∧ ¬B) → (¬C ∨ D). How many evaluations is there to consider? 1.2.4 Exercise. Show that every truth table (with 2n rows) is a truth table of some propositional formula (with n atoms). 1.2.5 Exercise. Implement a procedure which outputs the truth table of a given formula. Apparently, this requires an evaluator that computes the values recursively, for all possible evaluations. A programmer will notice that we are describing certain bit operations: on inputs of 0 or 1, we return a value of 0 or 1. It is customary for some to write the natural understanding of the connectives “and”, “or”, etc, as used in everyday language. The disjunction is used in the usual “non-exclusive” sense, so that A ∨ B is true if A is true or B is true, including the case when both are true. The semantics of implication is sometimes called material implication — the truth of A → B under a given evaluation means just that B is true if A is true; this does not mean that there is any actual cause-and-effect. 11 ~A, A&B, A|B instead of ¬A, A ∧ B, A ∨ B. Introducing these operations, we impose an algebraic structure on the set {0, 1}. In fact, we have already used some elementary properties of this structure, when we wrote v(¬ψ) = 1 − v(ψ) for brevity in the proof of 1.2.2. We will deal with the algebraic properties of logic when we study Boolean algebras. Tautologies In general, the truth value of a formula depends on the evaluation of atoms. However, some formulas are special in that their truth or falsity does in fact not depend on the evaluation. 1.2.6 Definition. A propositional formula is (i) a contradiction if it is true under no evaluation; (ii) satisfiable if it is true under some evaluation; (iii) a tautology if it is true under all evaluations. If ϕ is a tautology, we write |= ϕ. For instance, A → A is a tautology and B ∧ ¬B is a contradiction. A → B is satisfiable, but is neiter a tautology nor a contradiction. Every tautology is satisfiable, and contradictions are precisely the non-satisfiable formulas. A negation of a tautology is a contradiction and vice versa. Tautologies are “always true”. We cannot expect such formulas to say anything specific: they are true regardless what they even talk about. The formula A → A is always true, for any statement A, true or false. For example, the statement if every sequence of reals converges, then any sequence of reals converges is surely true, but it doesn’t really say anything about convergence. It is true simply due to its form, A → A. 1.2.7 Exercise. Verify that the following equivalences (the deMorgan laws) are tautologies: ¬(A ∧ B) ↔ (¬A ∨ ¬B), ¬(A ∨ B) ↔ (¬A ∧ ¬B). 1.2.8 Exercise. Find out which of the following formula are tautologies, contradictions, and satisfiable formulas. ¬A → (A → B); A → (A → ¬A); A → (B → ¬A); ¬(A → B) → A; (A → B) ∨ (B → A); ¬A ∧ (B → A); (A ↔ B) ∧ (B → ¬A); ((A → B) ∧ (B → C) ∧ (C → D)) → (A → D). 1.2.9 Exercise. Which of the following are tautologies? A → (B → A), (A → (B → C)) → ((A → B) → (A → C)), (¬B → ¬A) → (A → B). 1.2.10 Exercise. Verify that the following equivalences are tautological. ¬¬A ↔ A; (A ∧ A) ↔ A; (A ∨ A) ↔ A; (A ∧ B) ↔ (B ∧ A); (A ∨ B) ↔ (B ∨ A); (A ∧ B) ∧ C ↔ A ∧ (B ∧ C); (A ∨ B) ∨ C ↔ A ∨ (B ∨ C); A ∧ (A ∨ B) ↔ A; A∨(A∧B) ↔ A; A∧(B∨C) ↔ (A∧B)∨(A∧C); A∨(B∧C) ↔ (A∨B)∧(A∨C); (A → B) ↔ (¬A ∨ B); A → (B ∧ ¬B) ↔ ¬A; A → (B → C) ↔ (A ∧ B) → C; (A ↔ (B ↔ C)) ↔ ((A ↔ B) ↔ C). 1.2.11 Exercise. Verify that the following formulas are tautologies. (A ∧ (A → B)) → B, ((A → B) ∧ ¬B) → ¬A, (A → B) ∧ (C → D) ∧ (A ∨ C) → (B ∨ D), (A → B) ∧ (C → D) ∧ (¬B ∨ ¬D) → (¬A ∨ ¬C) 12 1.2.12 Example. The truth of some formulas can be decided more effectively than in the general case, i.e. by checking the 2n evaluations. (a) The formula ((A → (B → C)) → ((A → B) → (A → C))) is of a very special form: it consists entirely of implications. The truth of such a formula can be verified by considering the “worst possible case”: for an evaluation v under which this formula is false, we necessarily have v(A → (B → C)) = 1 and v((A → B) → (A → C)) = 0. hence v(A → B) = 1 and v(A → C) = 0; so v(A) = 1 and v(C) = 0; hence v(B) = 1. But under such evaluation, v(A → (B → C)) = 0, so the whole formula is satisfied. (b) Show that a propositional formula consisting entirely of equivalences is a tautology if and only if the number of occurrences of every propositional atom is even. (Hint: the connective ↔ is commutative and associative.) 1.2.13 Definition. Let ϕ, ψ be propositional formulas. Say that ψ is a logical consequence of ϕ, or that ψ follows from ϕ, if every evaluation satisfying ϕ also satisfies ψ. In that case, write4 ϕ |= ψ. If ϕ |= ψ and ψ |= ϕ hold simultaneously, say that ϕ a ψ are logically equivalent and write ϕ |= ψ. The basic properties of the relation of consequence are easy to see: (i) ϕ |= ψ if and only if ϕ → ψ is a tautology. (ii) ϕ |= ψ if and only if ϕ ↔ ψ is a tautology. (iii) Every two tautologies — and every two contradictions — are equivalent. (iv) If ϑ is a tautology, then ϕ |= (ϕ ∧ ϑ) for every formula ϕ. (v) If ξ is a contradiction, then ϕ |= (ϕ ∨ ξ) for every formula ϕ. 1.2.14 Exercise. (a) Is the formula B ∨C a consequence of (A∨B)∧(¬A∨C)? (b) Is (A → B) ∧ (B → C) ∧ (C → A) equivalent to A ↔ C? 1.2.15 Exercise. For every pair of formulas in the following sets, find out whether one is a consequence of the other, or vice versa. (a) (A ∧ B) → C, (A ∨ B) → C, (A → C) ∧ (B → C), (A → C) ∨ (B → C) (b) A → (B ∧ C), A → (B ∨ C), (A → B) ∧ (A → C), (A → B) ∨ (A → C) 1.2.16 Exercise. Let ϕ and ψ be formulas, let ϑ be a tautology, and let ξ be a contradiction. Then ϕ |= ϕ ∨ ψ, ψ |= ϕ ∨ ψ, ϕ ∧ ψ |= ϕ, ϕ ∧ ψ |= ψ, |= ξ → ϕ, |= ϕ → ϑ, |= ϕ ∧ ϑ ↔ ϕ, |= ϕ ∨ ϑ ↔ ϑ, |= ϕ ∧ ξ ↔ ξ, |= ϕ ∨ ξ ↔ ϕ, |= ϑ ↔ ¬ξ. 1.2.17 Exercise. Find out whether the following equivalence is a tautology, and consider the statement “The contract is valid if and only if it is written in blood or is verified by two witnesses and specifies a price and a deadline.” ((B ∨ W ) ∧ (P ∧ D)) ↔ (B ∨ (W ∧ P ∧ D)) 1.2.18 Exercise. How many mutually non-equivalent formulas exist over the finite set A1 , . . . , An of propositional atoms? (Hint: use 1.2.4.) 1.2.19 Exercise. Let ϕ0 and ψ0 be two logically equivalent formulas. If ϕ0 is a subformula of ϕ, and ψ is obtained from ϕ by replacing all occurrences of ϕ0 with the equivalent ψ0 , then ϕ and ψ are equivalent again. 1.2.20 Example. Let ϕ be a propositional formula. (a) If ϕ is a tautology, then every instance of ϕ is a tautology. 4 For a tautology ψ, the notation |= ψ corresponds to ψ being true under any evaluation. 13 (b) If ϕ is a contradiction, then every instance of ϕ is a contradiction. (c) If ϕ is neither a tautology nor a contradiction, then for any given truth table there is an instance of ϕ with the prescribed truth values. (This strenghtens 1.2.4.) In particular, some instance of ϕ is a tautology and some instance of ϕ is a contradiction. Assume that ϕ(A1 , . . . , An ) is neither a tautology nor a contradiction. Then for some evaluation f we have f (ϕ) = 0 and for some evaluation t we have t(ϕ) = 1. For every i ≤ n, choose a formula ψi (X) such that v(ψi (X)) = f (Ai ) under v(X) = 0 and w(ψi (X)) = t(Ai ) under w(X) = 1. Then the instance ϕ(ψ1 (X), . . . , ψn (X)) of ϕ is equivalent to X. Given any truth table, choose a formula ϑ with the prescribed values, as in 1.2.4. Then ϕ(ψ1 (ϑ), . . . , ψn (ϑ)) is an instance of ϕ with the prescribed table. 1.2.21 Exercise. Find an instance of A1 → (A2 ∨¬A3 ) which (i) is a tautology, (ii) is a contradiction, (iii) has the truth table 00:1, 01:0, 10:0, 11:1. 1.2.22 Exercise. Implement a procedure which for a given formula ϕ and a given truth table finds an instance of ϕ with the prescribed truth values. 1.3 Normal form In this section we study the expressive power of individual connectives: the language of propositional logic can be reduced in various ways, and every propositional formula can be equivalently expressed in a canonical normal form. We will show how to find this form and how to minimize it. The expressive power of connectives The language of propositional logic is built using the connectives ¬, ∧, ∨, → and ↔. These connectives express the most needed figures of speech, and we want to capture them in the formal language of mathematics. However, we have not yet tried to capture other useful figures of speech, such as the exclusive disjunction, meaning “one or the other, but not both.” This can be done with the connective A4B called XOR (exclusive or ) with truth values of (A ∧ ¬B) ∨ (B ∧ ¬A). It is reasonable to ask whether we should include 4 among the basic connectives. Such a language would surely be redundant, as 4 can be equivalently expressed using the other connectives (namely by ¬, ∧ and ∨; or by ¬ and ↔, as A4B |= ¬A ↔ B), so we can consider 4 a useful shorthand, but can do without it. Similarly, we can consider A ↔ B just a shortand for (A → B) ∧ (B → A). We can ask the same question about each of the connectives. A natural requirement for economy of language leads us to notice that some connectives can be expressed using the others, and the language of propositional logic can be reduced . For example, all the classical connectives can be equivalently expressed using just ¬ and ∧; indeed, (A ∨ B) ↔ ¬(¬A ∧ ¬B), (A → B) ↔ ¬(A ∧ ¬B) and (A ↔ B) ↔ (¬(A ∧ ¬B) ∧ ¬(B ∧ ¬A)) are tautologies. 1.3.1 Definition. A set C of connectives is complete if for any propositional formula there is an equivalent formula using only connectives from C. 14 So we have just shown that {¬, ∧} is a complete set of connectives. 1.3.2 Exercise. (a) Show that {¬, ∨} and {¬, →} are complete. Reducing the language of propositional logic to ¬ and → will be the first step of introducing the formal deductive system of propositional logic later. (b) Consider a binary connective ⊥ (false), for which the truth value of A⊥B is 0 under all evaluations. Show that {⊥, →} is a complete set. 1.3.3 Exercise. (a) Show that A → B cannot be equivalently expressed using only ¬ and ↔. So {¬, ↔} is not complete. (b) Show that a propositional formula using only ∧ and ∨ can never be a tautology or a contradiction. So {∧, ∨} is not complete. (c) Show that {∧, ∨, →, ↔} is not complete either. 1.3.4 Exercise. An extreme case of a universal set is a universal connective able to express all formulas by itself. These happen to exist: A ↑ B (NAND) and A ↓ B (NOR) with truth values defined as in ¬(A∧B) and ¬(A∨B), respectively. Show that ↑ and ↓ are indeed universal. Which evaluations satisfy the formula (((((((A ↑ B) ↓ C) ↑ D) ↓ E) ↑ F ) ↓ G) ↑ H)? 1.3.5 Lemma. ↑ and ↓ are the only universal connectives. Proof. Let A B be a universal connective. Then under u(A) = 1 = u(B) we must have u(A B) = 0, for if u(A B) = 1, then every formula built from A, B using only would have a value of 1 under u (which is easily seen by induction); but then could not be universal. Similarly, under v(A) = 0 = v(B) we have v(A B) = 1. Notice that the universal connectives ↑ and ↓ indeed have this property. It remains to check the value of A B under w(A) = 0, w(B) = 1 and z(A) = 1, z(B) = 0. Considering the four possibilities, we see that A B behaves either as A ↑ B or A ↓ B and we are done, or as ¬A or ¬B, which are easily seen not to be universal. As a corollary, we obtain that the universal sets {¬, ∧}, {¬, ∨}, {¬, →}, {⊥, →} from above are also minimal , i.e. they cannot be further reduced. 1.3.6 Exercise. Implement a procedure which translates a given formula into an equivalent formula in a given minimal universal set of connectives. 1.3.7 Exercise. After introducing XOR, NAND and NOR, we can ask what exactly do we consider a connective. Abstractly, a binary connective is a mapping from {0, 1} × {0, 1} to {0, 1}. Hence there is as many “connectives” as there are 2 mappings from 22 to 2, i.e. 22 = 16. Compile the truth table of all 16 binary connectives and decribe them using the connectives introduced so far. Normal form 1.3.8 Definition. A propositional formula is (i) a literal if it is an atomic formula or a negation of an atomic formula; (ii) a minterm if it is a conjunction of literals; (iii) a maxterm or a clause if it is a dijunction of literals; (iv) in a disjunctive normal form (DNF) if it is a disjunction of minterms; 15 (v) in a conjunctive normal form (CNF) if it is a conjunction of maxterms; (vi) in a complete normal form if all minterms/maxterms use the same atoms. For instance, ¬A, B, ¬C, ¬D are literals; A ∧ ¬B ∧ ¬C is a minterm and B ∨ ¬C ∨ D is a clause; (A ∧ ¬B) ∨ (¬A ∧ C) is in a disjunctive normal form; (B ∨ ¬C) ∧ (A ∨ C) is in a conjunctive normal form; (A ∧ ¬B ∧ C) ∨ (¬A ∧ B ∧ C) is in a complete dicjunctive normal form. Without loss of generality, we can require that minterms and maxterms do not contain duplicit literals (as in A ∧ ¬B ∧ A or B ∨ B ∨ ¬C) and that the normal form does not contain duplicit minterms or maxterms. Moreover, we can require that the disjunctive form contains no contradictions and the conjunctive form contains no tautologies. The names minterm and maxterm correspond to minimal and maximal elements in certain ordered sets, namely Boolean algebras of propositions. Before stating the normal form theorem, we describe a few standard syntactic operations on formulas that gradually lead toward the normal form. 1.3.9 Exercise. (a) Every formula can be equivalently expressed so that the negation only stands in the literals. This can be proved using the tautologies ¬(A ∧ B) ↔ (¬A ∨ ¬B), ¬(A ∨ B) ↔ (¬A ∧ ¬B), ¬(A → B) ↔ (A ∧ ¬B), ¬(A ↔ B) ↔ (A ∧ ¬B) ∨ (B ∧ ¬A), ¬¬A ↔ A recursively. We say that we propagate the negation down to literals. (b) Propagate the negations to literals in ¬(A → (B → C); ¬(A ↔ (B ∧ (C → D))); ¬(A ∨ (B → (C ∧ D))). (c) Implement a procedure that propagates negations to literals in a given formula. To ease notaion, we will sometimes use the expression ϕ (ψ ∧ ϑ) in the following; this denotes that ϕ is precisely the formula (ψ ∧ ϑ). We want to keep the equality symbol = with its special meaning to use it in the language of predicate logic later. So is an expression of our metalanguage when we talk about formulas; it is not a new symbol of the formal language of logic. In some previous situations, the connectives ∧ a ∨ played a very similar, “dual” role (recall NAND and NOR). We want to show a few aspects of this duality, including the duality between the disjunctive and conjunctive normal form. This duality will later be generalized to a duality in Boolean algebras. 1.3.10 Lemma (duality). For a propositional formula ϕ which only uses the connectives ¬, ∧, ∨, let ϕ∗ be the formula obtained from ϕ by replacing every occurrence of ∧ with ∨, every occurrence of ∨ with ∧, and every literal with the opposite literal. Then ϕ∗ is equivalent to ¬ϕ. Proof. If ϕ is a literal, the statement is trivial. If the statement holds for ψ and ϑ, then for the composite formulas we have: (¬ψ)∗ ¬(ψ ∗ ) |= ¬(¬ψ) for a negation, (ψ ∧ ϑ)∗ (ψ ∗ ∨ ϑ∗ ) |= (¬ψ ∨ ¬ϑ) |= ¬(ψ ∧ ϑ) for a conjunction, and (ψ ∨ ϑ)∗ (ψ ∗ ∧ ϑ∗ ) |= (¬ψ ∧ ¬ϑ) |= ¬(ψ ∨ ϑ) for a disjunction. 1.3.11 Exercise. Let ϕ be a formula, and let ϕd and ϕc be formulas in a disjunctive and conjunctive form, respectively, such that ϕ |= ϕd |= ϕc . Then ϕ∗d and ϕ∗c are the conjunctive and disjunctive form of ¬ϕ, respectively. 16 1.3.12 Exercise. Show by induction that for a formula in CNF, distributing the clauses results in an equivalent formula in DNF. For example, the formula (A ∨ ¬B) ∧ (¬C ∨ D) becomes (A ∧ ¬C) ∨ (A ∧ D) ∨ (¬B ∧ ¬C) ∨ (¬B ∧ D). State and prove the dual statement about distributing a DNF. 1.3.13 Theorem (the normal form theorem). Every propositional formula can be equivalently expressed in a complete conjunctive an complete disjunctive form. That is, for a formula ϕ, there is a formula ϕd in a complete DNF and a formula ϕc in a complete CNF, such that ϕ |= ϕd and ϕ |= ϕc . Proof. If the given formula ϕ is a literal, it is already in a complete normal form. If ϕ is built up from ψ a ϑ, we will find an equivalent formula ϕd in a complete disjunctive normal form by induction, assuming we already know ψd , ψc , ϑd , ϑc . By duality, finding a complete conjunctive normal form is analogous. (¬) For ϕ (¬ψ) we have ϕ |= (¬ψ)c |= (ψc )∗ ϕd by 1.3.11. (∨) For ϕ (ψ ∨ ϑ) we have ϕ |= (ψd ∨ ϑd ) ϕd . (∧) For ϕ (ψ ∧ ϑ) we obtain ϕd distributing ψc ∧ ϑc as in 1.3.12. (→) For ϕ (ψ → ϑ) we have ϕ |= ¬ψ ∨ ϑ |= (ψc )∗ ∨ ϑd ϕd by (¬) a (∨). (↔) For ϕ (ψ ↔ ϑ) let ϕd (ψ ∧ ϑ)d ∨ (¬ψ ∧ ¬ϑ)d |= ϕ by (¬), (∧), (∨). If the normal form thus obtained is not complete, use the equivalences ϕ |= (ϕ ∧ X) ∨ (ϕ ∧ ¬X) and ϕ |= (ϕ ∨ X) ∧ (ϕ ∨ ¬X) to introduce a missing literal X into all incomplete minterms or maxterms. Notice that the proof is constructive: not only does it prove existence, it actually provides a definite procedure to arrive at the desired normal form. 1.3.14 Example. Performing the steps of the preceding proof recursively, find the complete disjunctive normal form of the following formula. Along the way, remove contradictions and duplicities from the emerging disjunction (which does not alter the truth value). Lastly, distribute the missing literals. (A ∧ ¬(B → C)) ↔ (D → C) ((A ∧ ¬(B → C)) ∧ (D → C)) ∨ (¬(A ∧ ¬(B → C)) ∧ ¬(D → C)) ((A ∧ B ∧ ¬C) ∧ (¬D ∨ C)) ∨ ((¬A ∨ ¬B ∨ C) ∧ (D ∧ ¬C)) (A ∧ B ∧ ¬C ∧ ¬D) ∨ (¬A ∧ D ∧ ¬C) ∨ (¬B ∧ D ∧ ¬C) (A∧B ∧¬C ∧¬D)∨(¬A∧B ∧D ∧¬C)∨(¬A∧¬B ∧D ∧¬C)∨(A∧¬B ∧D ∧¬C) 1.3.15 Exercise. Find the complete disjunctive and conjunctive normal form of A → (B ∧ C), A → (B ∨ C), (A ∧ B) → C, (A ∨ B) → C, (A ∨ B) → (¬B ∧ C). 1.3.16 Exercise. (a) Compile the truth table of the previous formulas and notice the connection with the complete disjunctive form: the complete minterms correspond precisely to the evaluations satisfying the formula. This holds in general, as can be seen from the very definition of satisfaction for negations, conjunctions and disjunctions. Hence the complete disjunctive form carries the same information as the truth table. This trivializes exercise 1.2.4. (b) Describe the evaluations corresponding to the complete maxterms of the complete conjunctive form. From these observations, we obtain that the complete normal form of a given formula is unique, up to the order of minterms/maxterms and the order of literals in them. 1.3.17 Exercise. (a) Let ϕ and ψ be propositional formulas and let ϕd a ψd their complete disjunctive forms. Then ϕ |= ψ if and only if every complete 17 minterm of ϕd is also a complete minterm of ψd . State the dual statement for conjunctive normal forms. (b) Find the complete DNF of ¬((A ∨B) → ¬C) and decide whether it is a consequence of ¬(A → (B ∨ ¬C)). (c) Find the complete CNF of A → (¬B ∧ C) and decide whether the formula B → (A → C) is its consequence. (d) Find the DNF of (A → (D ∨ ¬E)) → (C ∧ ¬(A → B)) and decide whether it is a consequence of (¬(E → D)) ∧ A. 1.3.18 Exercise. Is there a formula ϕ such that both ϕ → (A∧B) and (ϕ∨¬A) are tautologies? (Hint: what is the complete DNF of such a formula?) 1.3.19 Exercise. Give the missing dual half of the proof of 1.3.13, i.e. describe how to arrive at the conjunctive normal form, by induction on complexity. 1.3.20 Exercise. Implement a procedure that rewrites a given formula into its complete conjunctive/disjunctive normal form. Minimization We have described a way to arrive at the complete normal form. Now we will describe a method of finding a minimal normal form, which can be useful in applications. 1.3.21 Example. The following formula is in a complete disjunctive form: (A ∧ ¬B ∧ ¬C) ∨ (¬A ∧ ¬B ∧ ¬C) ∨ (A ∧ B ∧ C) ∨ (A ∧ B ∧ ¬C) ∨ (¬A ∧ B ∧ ¬C) It is natural to ask whether it can be written in a shorter normal form, and what is the shortest normal form possible. Notice that some pairs of the complete minterms differ in precisely one literal, e.g. (A ∧ ¬B ∧ ¬C) and (¬A ∧ ¬B ∧ ¬C). Using the distributivity law, every such pair can be equivalently replaced with one shorter minterm; in this case, (¬B ∧ ¬C). Similarly, the complete minterms (A ∧ B ∧ ¬C) ∨ (¬A ∧ B ∧ ¬C) can be replaced with (B ∧ ¬C). Now the minterms (¬B ∧ ¬C) ∨ (B ∧ ¬C) can be merged to ¬C, and the formula becomes (A ∧ B) ∨ ¬C. This is a DNF where nothing can be merged anymore. There is more than one way to merge the minterms with opposite literals: pairing the first two via A, ¬A and the second two via C, ¬C, we get (¬B ∧ ¬C) ∨ (A ∧ B) ∨ (¬A ∧ B ∧ ¬C) which cannot be further simplified either, but the one above is shorter: two minterms instead of three, and fewer literals in each. So the choice of merging the minterms can make a difference. 1.3.22 Example ([Sha]). A switching circuit can be described by a diagram where every switch is annotated with a necessary and sufficient condition for the current to flow. For example, the current flows through A B C ¬B A 18 if and only if the formula (A ∧ B) ∨ ((A ∨ C) ∧ ¬B) holds. This can be minimized to A ∨ (C ∧ ¬B) like above, which corresponds to a simpler, yet functionally equivalent circuit. A ¬B C 1.3.23 Exercise. (a) A lightbulb is operated by three switches in the obvious way: toggling any switch toggles the state of the light. Design the simplest circuit possible and write the corresponding formula. (b) A committee of four members votes by pressing buttons. Design the simplest circuit possible such that the committee passes a proposal if at least three members vote in favor. Write the corresponding formula. 1.3.24 Exercise. Addition of four-bit integers can be realized with four Boolean functions b0 , b1 , b2 , b3 , where bi computes the value of the i-th bit of the output. Writing the inputs5 as x3 x2 x1 x0 and y3 y2 y1 y0 , we have b0 (x0 , y0 ) = x0 4y0 and b1 (x0 , x1 , y0 , y1 ) = (x1 4y1 )4(x0 ∧ y0 ). Describe the Boolean functions b2 (x0 , x1 , x2 , y0 , y1 , y2 ) and b3 (x0 , x1 , x2 , x3 , y0 , y1 , y2 , y3 ) explicitly, and reduce them to a most economic form. Buy eight switches, twelve leds, the gates for logical connectives, and construct a “computer” capable of four-bit addition. 1.3.25 Definition. A disjunctive normal form is minimal if there is no equivalent normal form with fewer minterms or fewer literals. It is possible that a given formula has more than one minimal normal form (see examples below). All of them can be discovered by brute force: there is finitely many disjunctive forms above the finitely many atoms, so we can exhaustively search for the minimal ones. Quine-McCluskey We describe a procedure from [Mc] which considers all possible ways in which minterms can be merged in a given normal form, arriving at the shortest minterms possible, and then uses them to express the given formula in a minimal disjunctive normal form. The algorithm uses bit sequences (i.e. strings of ones and zeros) instead of minterms, assuming a correspondence between atom names and bit positions. For example, 1101 codes A ∧ B ∧ ¬C ∧ D. A complete disjunctive form can then be given by simply enumerating P the complete minterms (resp. their codes, in decimal) in an expression like m(0, 2, 5, 6, 7, 8, 10, 12, 13, 14, 15). This represents a formula in four variables (say A, B, C, D) whose disjunctive form contains e.g. the minterm ¬A ∧ B ∧ C ∧ D, coded by 0111=7, and ten other minterms. 1.3.26 Example. We will show how the Quine-McCluskey algorithm works on the formula above. To discover the pairs of complete minterms which differ in precisely one literal, and hence can be merged using the distributivity law, is to 5 Here we use the big-endian notation x3 · 23 + x2 · 22 + x1 · 21 + x0 · 20 , so e.g. 13 is 1101. 19 discover the pairs of four-bit strings which differ in precisely one bit position. To do that, first group the codes by the number of positive bits: the pairs will only come from the neighbouring groups then. This is done in the second column of the table below. Now pair the minterms in all possible ways. While searching for candidates to pair with a given code, it suffices to search the very next group. For example, the candidates to pair with 0000 are just 0010 and 1000. Denote the pairs thus obtained with a code having - at the altering position. For example, the pair of 0000 and 0010 results in 00-0, also called m(0,2). In the corresponding normal form, (¬A ∧ ¬B ∧ ¬C ∧ ¬D) ∨ (¬A ∧ ¬B ∧ C ∧ ¬D) gets simplified to (¬A∧¬B ∧¬D). This is done in the next column. Notice that the grouping still works: the codes in every group have the prescribed number of positive bits. Now pair the sets of two into sets of four, in the same fashion. For example, 00-0 and 10-0 differ in precisely one bit position an can be merged into -0-0; in the corresponding normal form, ¬A ∧ ¬B ∧ ¬D and A ∧ ¬B ∧ ¬D merge into ¬B ∧¬D. Some minterms might appear repeatedly; for example, -000 and -010 also merge into -0-0. These duplicities can be removed, as they correspond to merging the same set of complete minterms, differing only in order. Continue in this fashion, merging sets of four into sets of eight, etc, until none can be further merged with any other. These are the prime implicants of the formula. The minimal normal form will consist exclusively of these; it is easy to see that the form would not be minimal otherwise. In the present case, it so happens that all the implicants are sets of four merged minterms — in general, they can be of any size 2k . 0 0000: m0 1 0010: m2 1000: m8 0101: m5 0110: m6 1010: 1100: m10 m12 0111: 1101: 1110: 1111: m7 m13 m14 m15 2 3 4 00-0: -000: -010: 0-10: 1-00: 10-0: -101: 01-1: -110: 011-: 1-10: 11-0: 110-: -111: 11-1: 111-: m(0,2) m(0,8) m(2,10) m(2,6) m(8,12) m(8,10) m(5,13) m(5,7) m(6,14) m(6,7) m(10,14) m(12,14) m(12,13) m(7,15) m(13,15) m(14,15) -0-0: -0-0: --10: --10: 1--0: 1--0: -1-1: -1-1: -11-: -11-: m(0,2,8,10) m(0,8,2,10) m(2,10,6,14) m(2,6,10,14) m(8,12,10,14) m(8,10,12,14) m(5,13,7,15) m(5,7,13,15) m(6,14,7,15) m(6,7,14,15) 11--: 11--: m(12,14,13,15) m(12,13,14,15) This finishes phase one of the algorithm. In phase two, decide which implicants to use in the minimal normal form. To begin with, see which implicants cover which minterms. 20 -0-0: --10: 1--0: -1-1: -11-: 11--: 0 * m(0,2,8,10) m(2,6,10,14) m(8,10,12,14) m(5,7,13,15) m(6,7,14,15) m(12,13,14,15) 2 * * 5 6 7 8 * 10 * * * * * * * 12 13 * * 15 * * * * * 14 * * * * * * Some minterms are only covered by one implicant; for example, 0=0000 is only covered by m(0,2,8,10), and m(5,7,13,15) is the only implicant covering 5=0101. These are the esential implicants: they must be present in the minimal form. In the original language, this means the minimal form will necessarily contain the minterms (¬B ∧ ¬D) and (B ∧ D). The essential implicants cover m(0,2,5,7,8,10,13,15). It remains to find a minimal cover of the rest. --10: 1--0: -11-: 11--: m(2,6,10,14) m(8,10,12,14) m(6,7,14,15) m(12,13,14,15) 6 * 12 14 * * * * * * * These coverings are not mutually independent: every implicant covering 6 or 12 also covers 14. This is minterm dominance. Hence 14 can be ignored and it only remains to cover 6 and 12. --10: 1--0: -11-: 11--: m(2,6,10,14) m(8,10,12,14) m(6,7,14,15) m(12,13,14,15) 6 * 12 * * * Now each of the remaining minterms covered by m(2,6,10,14) is also covered by m(6,7,14,15), and vice versa. The same relation holds for the implicants m(8,10,12,14) and m(12,13,14,15). This is implicant dominance. It suffices to choose one from each; choose the first from each, for instance. --10: 1--0: m(2,6,10,14) m(8,10,12,14) 6 * 12 * After these reductions, all implicants become essential for a cover of the remaining minterms. These are the secondary essentials. The corresponding minimal normal form is then (¬B ∧ ¬D) ∨ (B ∧ D) ∨ (C ∧ ¬D) ∨ (A ∧ ¬D). In the extreme case when all primary implicats are essential, the minimal form is uniquely determined. Generally, as in the present case, it depends on the covering choices. Any of the following is also a minimal normal form. (¬B ∧ ¬D) ∨ (B ∧ D) ∨ (C ∧ ¬D) ∨ (A ∧ B) (¬B ∧ ¬D) ∨ (B ∧ D) ∨ (B ∧ C) ∨ (A ∧ ¬D) (¬B ∧ ¬D) ∨ (B ∧ D) ∨ (B ∧ C) ∨ (A ∧ B) 21 1.3.27 Exercise. Add 4=0100 (i.e. ¬A ∧ B ∧ ¬C ∧ ¬D) to the disjunctive form above, perform the QMC algorithm, and see how the minimal form changes. 1.3.28 Exercise. Implement the Quine-McCluskey algorithm. Karnaugh mapping A complete disjunctive form can be captured by a bitmap. If the cells are appropriately indexed with bit sequences as above, the map can be used in minimizing the form. The appropriate indexing relies on neigbouring cells having indexes differing in precisely one bit position. With four variables, for instance, this can be done as follows: 0000 0100 1100 1000 0001 0101 1101 1001 0011 0111 1111 1011 0010 0110 1110 1010 The cells filled with 1 correspond to the minterms of the complete disjunctive form. Hence the Karnaugh map carries the same information as the truth table. With the indexing above, the formula from 1.3.26 has the following map. 1 0 1 1 0 1 1 0 0 1 1 0 1 1 1 1 Merging the minterms with opposing literals, as we did in 1.3.26, corresponds to merging neighbours in the map. Note that 0, 2 or 8, 10 are neighbours too: the map “overflows” in both directions. The implicants discovered with QMC correspond to maximal blocks of neighbouring pisitive cells of size 2k . For example, --10 corresponds to the rightmost column and -0-0 corresponds to the four corners. A minimal form then corresponds to a minimal cover of the positive cells by such maximal blocks. 1.3.29 Exercise. (a) Find the implicants discovered in 1.3.26 in the map above. Notice the position of the essential implicants. (b) Consider a disjunctive form corresponding to the map above, but with 0100 filled. Write and draw the implicants of this formula and write a minimal normal form. 1.3.30 Exercise. Draw the Karnaugh map of the formula from 1.3.21. Notice that the implicants are of different sizes. Write a minimal normal form. 1.3.31 Exercise. Describe an appropriate indexing of a Karnaugh map for five variables, and generally for any given number of variables. With a small number of variables, Karnaugh mapping can be a useful aid in finding minimal forms — the implicants can be “seen” in the map, while QMC has to search for them. This is the only advantage, however, and it disappears quite rapidly: with every extra variable, QMC adds a single bit to the codes, while the Karnaugh map doubles in size. 22 1.4 Satisfiability In this section, we deal with satisfiability of propositional formulas and propositional theories. The question of satisfiability of formulas is a link between mathematical logic and complexity theory via the well-known SAT Problem. We describe the resolution method which effectively decides the satisfiability of finite propositional theories, and prove the compactness theorem which deals with satisfiability of infinite theories. SAT Problem Compiling a truth table is an effective procedure deciding satisfiability of a propositional formula. However, for a formula with n variables, there are 2n evaluations to consider, so the method of truth tables is not particularly effective: the complexity of computation grows exponentially in relation to the size of input. It is natural to ask whether there is a more effective way. The problem of deciding satisfiability of any given propositional formula is known as SAT , and an algorithm solving this problem is a SAT solver . So far, we have described two: compiling the truth table and finding the complete normal form. Now we ask how complex a SAT solver needs to be. The focus is shifted now: while the solvability of SAT is trivial from the point of view of logic, the complexity of a solution is interesting for computer science. It is proven in [Co] that SAT is NP-complete. The NP class of complexity consists of problems that can be solved in polynomial time with a non-deterministic Turing machine.6 Cook’s theorem says that every such problem can be reduced to SAT, with a deterministic machine in polynomial time. A solution to SAT than yields a solution to the original problem. Hence SAT itself must be computationally very hard: at least as hard as any problem from NP. In fact, [Co] proves more: SAT is NP-complete even in the case when the input formulas are presented in a disjunctive form, and moreover none of the minterms contains more than three literals. The P class of complexity consists of the problems which can be solved in polynomial time with a deterministic Turing machine. As a consequence of Cook’s theorem, we get that if there is a deterministic polynomial SAT solver (i.e. if SAT is in P), then a deterministic polynomial solution also exists for all problems from NP, and so P = N P . The question whether P = N P is known as the PNP Problem, and is widely considered to be one of the most important open questions of computer science. By Cook’s theorem, the question can be reduced to the existence of a deterministic polynomial SAT solver. Resolution We generalize the basic notions of propositional logic form formulas to sets of formulas, i.e. propositional theories, and describe an algorithm that decides the satisfiability of finite theories. This is a SAT solver, because to satisfy a finite theory ϕ1 , . . . , ϕn is to satisfy the formula ϕ1 ∧ . . . ∧ ϕn . 1.4.1 Definition. Any set of propositional formulas is a propositional theory, and its members are its axioms. A propositional theory T is satisfied under an evaluation v, if v satisfies every axiom in T . A theory is satisfiable if there is an evaluation satisfying it. 6 See [Mo] for an introduction into Turing machines and computability in general. 23 1.4.2 Definition. Lat T be a propositional theory and let ϕ be a propositional formula. Say that ϕ follows from T , or that it is a consequence of T , and write T |= ϕ, if every evaluation satisfying T also satisfies ϕ. More generally, if S and T are propositional theories, say that T follows from S, and write S |= T , if every evaluation satisfying S also satisfies T . If both S |= T and T |= S hold simultaneously, say that S and T are equivalent, and write S |= T . If T is a propositional theory and ϕ is a formula, then T |= ϕ if and only if T ∪ {¬ϕ} is not satisfiable. Two theories S and T are equivalent if and only if for every formula ϕ we have T |= ϕ iff S |= ϕ. In other words, two theories are equivalent if they have the same consequences. 1.4.3 Exercise. Are {A ∨ ¬B, C ∨ ¬A, A} and {C, B → C, A ∨ ¬C} equivalent? Are {A ∨ B, ¬A ∨ C} and {A → C, B ∨ C} equivalent? The resolution method extends a given porpositional theory into an equivalent theory R(T ) whose satisfiability can be decided trivially. We know hat every formula, and so every finite theory as well, can be expressed in a conjunctive normal form. Hence without loss of generality, we can view any given proositional theory as a set of clauses, and the clauses as sets of literals. If (A ∨ B1 ∨ . . . ∨ Bn ) and (¬A ∨ C1 ∨ . . . ∨ Cm ) are two clauses, then (B1 ∨ . . . ∨ Bn ∨ C1 ∨ . . . ∨ Cm ) is their reslovent. The resolvent can be empty, e.g. A a ¬A have an empty resolvent; we will denote an empty resolvent as ⊥ and call it a contradiction, as usual. Is is easy to see that the resolvent is a consequence of the two clauses. 1.4.4 Lemma. Every truth evaluation satisfying clauses (A ∨ B1 ∨ . . . ∨ Bn ) and (¬A ∨ C1 ∨ . . . ∨ Cm ) also satisfies (B1 ∨ . . . ∨ Bn ∨ C1 ∨ . . . ∨ Cm ). If T is a finite set of clauses, denote by r(T ) the union of T with the set of all possible resolvents of clauses from T . Clearly T ⊆ r(T ), and if T is finite, r(T ) is finite too. The theories T and r(T ) are equivalent, as all the clauses in r(T ) are consequences of T . Put r0 (T ) = T and rn+1 (T ) = r(rn (T )). Then T = r0 (T ) ⊆ r1 (T ) ⊆ . . . ⊆ rn (T ) ⊆ rn+1 (T ) ⊆ . . . is an increasing chain of finite theories. As there are only finitely many clauses using the finitely many literals from T , and resolution does not introduce new literals, the increasing chain must stabilize at some finite step, i.e. rn (T ) = rn+1 (T ) for some n ∈ N. We will call this set of clauses the resolution closure of T and denote it by R(T ). 1.4.5 Example. The resolution closure of T = {A ∨ B, B → C, C → D, D → E} grow by the following contributions to the rn (T ): r0 : A ∨ B, ¬B ∨ C, ¬C ∨ D, ¬D ∨ E r1 : A ∨ C, ¬B ∨ D, ¬C ∨ E r2 : A ∨ D, ¬B ∨ E, A ∨ E Checking all pairs of clauses systematically, it is easy to check that there are no other resolvents. The resoltion closure has stabilized after two iterations. The theories T , r(T ) and R(T ) are equivalent. In particular, T is satisfiable iff R(T ) is satisfiable. Now we can formulate the theorem that makes the resolution method work. 1.4.6 Theorem (J. Herbrand). A finite set T of clauses is satisfiable if and only if its resolution closure R(T ) does not contain a contradiction. 24 Proof. One direction is immediate: if R(T ) contains a contradiction, it is not satisfiable, and neither is the equivalent theory T . In the other direction, we show that R(T ) is satisfiable, provided it does not contain a contradiction. Let A1 , . . . , Ak be the language of T , i.e. the atoms occurring in the clauses from T . By induction, we define an evaluation v of these atoms which satisfies R(T ). If Aj is the first atom not yet evaluated, define v(Aj ) as follows: if there is a clause in R(T ) which consists exclusively of ¬Aj and literals evaluated inversely to the evaluation so far, put v(Aj ) = 0; otherwise, put v(Aj ) = 1. If ϕ is a clause form R(T ) not satisfied by v, then ϕ consists exclusively of literals evaluated inversely to v; in that case, let j ≤ k be the first possible index such that all atoms occurring in some such ϕ are among A1 , . . . , Aj . This does not necessarily mean that all of them occur in ϕ, but the atom Aj must occur, or the chosen j was not the first possible. We check the case when ϕ contains the literal Aj — the opposite case when ϕ contains ¬Aj is analogous. So we have v(Aj ) = 0, otherwise ϕ is satisfied. Hence by the definition of v, there is some clause ψ in R(T ) consisting exclusively of ¬Aj and literals evaluated inversely to A1 , . . . , Aj−1 . The atom Aj must occur in ψ, otherwise j was not the first possible; so ψ contains ¬Aj . But then the resolvent of ϕ and ψ, a member of R(T ), consists exclusively of literals evaluated inversely to Aj , . . . , Aj−1 . This contradicts the minimality of the chosen j ≤ k. The only remaining possibility is that the resolution is empty, i.e. a contradiction. But R(T ) does not contain a contradiction. 1.4.7 Example. Is {P ∧ Q → R, ¬R ∧ P, ¬Q ∨ ¬R} satisfiable? The resolution stabilizes without reaching a contradiction, and moreover ¬Q is among the resolvents, so P, ¬Q, ¬R is the only satisfying evaluation. 1.4.8 Exercise. (a) Is the formula (¬B ∧ ¬D) → (¬A ∧ ¬E) a consequence of {A → (B ∨ C), E → (C ∨ D), ¬C}? Checking truth tables means considering 25 evaluations of four different formulas. Denote the formula as ϕ and the theory as T and ask instead whether T, ¬ϕ is satisfiable. (b) It is natural to also ask whether the theory T is itself satisfiable, because if not, any formula is its consequence. Check the satisfiability of T . 1.4.9 Exercise. Check {B ∧D → E, B ∧C → F, E ∨F → A, ¬C → D, B} |= A and {B ∧ D → E, B ∧ C → F, E ∨ F → A, C → D, B} |= A. 1.4.10 Exercise. The Law and Peace political party needs to get their minister out of a corruption case. This requires either to intimmidate witness A or to bribe judge B. To intimmidate A, person C needs to be jailed. To bribe judge B, the company F must be overtaken and given contract E. Jailing C and overtaking F require killing person D. Does Law and Peace need to kill D? 1.4.11 Exercise. Implement the resolution method as a program which translates a given finite theory into a set of clauses, generates all resolvents, and either stops at a contradiction or stabilizes at a satisfiable resolution closure, obtaining a satisfying evaluation as in 1.4.6. Compactness Satisfiability of a finite propositional theory is not really different from satisfiability of a formula. We discuss now the interesting case: infinite theories. We prove the compactness theorem for propositional logic, which is in 25 fact a principle inherent in all mathematics based on set theory. We show two applications of compactness: colouring graphs and linearizing orders. 1.4.12 Exercise. (a) In the language of {An ; n ∈ N}, consider the infinite theories S = {¬An ↔ An+2 ; n ∈ N} and T = {¬An ↔ (An+1 ∨ An+2 ); n ∈ N}. Decide whether they are satisfiable, and if so, describe the satisfying evaluations. (b) Show that neither of the theories S and T follows from the other. (c) For an infinite theory T , it is natural to ask whether there is a finite fragment T0 ⊂ T such that T |= T0 . The satisfiability of T could then be reduce to the satisfiability of T0 . Show that S and T above have no equivalent finite part. 1.4.13 Theorem (compactness of propositional logic). A propositional theory is satisfiable if and only if every finite fragment is satisfiable. The theorem is only interesting for infinite theories, and one direction is immediate: an evaluation satisfying the theory also satisfies every fragment — the strength is in the opposite direction. We present two proofs of the compactness theorem. Firstly, we assume the language of the theory to be countable, which makes it possible to build the satisfying evaluation by induction. In the proof, we use the notion of a finitely satisfiable theory, which is a theory whose every finite part can be satisfied. We are to show that such a theory is, in fact, satisfiable. 1.4.14 Lemma. Let T be a finitely satisfiable theory, let ϕ be a formula. Then either T ∪ {ϕ} or T ∪ {¬ϕ} is also finitely satisfiable. Proof. If not, then some finite parts T0 ∪{ϕ} ⊆ T ∪{ϕ} and T1 ∪{¬ϕ} ⊆ T ∪{¬ϕ} are not satisfiable. But then T0 ∪ T1 ⊆ T is a non-satisfiable fragment of T : an evaluation satisfying T0 ∪ T1 could satisfy neither ϕ nor ¬ϕ. Proof of the compactness theorem. Let T be a finitely satisfiable propositional theory. Assume that the language of T is countable, and enumerate all7 propositional formulas as {ϕn ; n ∈ N}. We construct by induction a propositional theory U extending T . Start with U0 = T . If a finitely satisfiable theory Un is known, let Un+1 be either the finitely satisfiable Un ∪ {ϕn } or the finitely satisfiable Un ∪ {¬ϕ S n }; one of these must be the case, by the previous lemma. Finaly, put U = Un . Notice that U is finitely satisfiable: a finite part of U is a finite part of some Un already. Moreover, the following holds for any formulas ϕ and ψ: (i) ¬ϕ ∈ U iff ϕ ∈ / U . Both cannot be the case, as U is finitely satisfiable. The formula ϕ is one of the ϕn , so either ϕ ∈ Un+1 or ¬ϕ ∈ Un+1 at the latest. (ii) ϕ ∧ ψ ∈ U iff ϕ, ψ ∈ U . For if ϕ ∧ ψ ∈ U but ϕ ∈ / U or ψ ∈ / U , then ¬ϕ ∈ U or ¬ψ ∈ U by (i), so either {¬ϕ, ϕ∧ψ} or {¬ψ, ϕ∧ψ} is a non-satisfiable finite part of U . Conversely, if ϕ, ψ ∈ U but ϕ ∧ ψ ∈ / U , then ¬(ϕ ∧ ψ) ∈ U by (i), and {ϕ, ψ, ¬(ϕ ∧ ψ)} is a non-satisfiable finite part of U . (iii) ϕ ∨ ψ ∈ U iff ϕ ∈ U or ψ ∈ U . For if (ϕ ∨ ψ) ∈ U but ϕ, ψ ∈ / U , then ¬ϕ, ¬ψ ∈ U by (i), and {ϕ ∨ ψ, ¬ϕ, ¬ψ} is a non-satisfiable finite part of U . Similarly in the other direction. (iv) ϕ → ψ ∈ U iff either ¬ϕ ∈ U or ψ ∈ U . For if ϕ → ψ ∈ U but ¬ϕ, ψ ∈ / U , then ϕ, ¬ψ ∈ U by (i) and {ϕ, ϕ → ψ, ¬ψ} is a non-satisfiable finite part of U . Similarly in the other direction. 7 Note that we enumerate all formulas, not just those in T . 26 (v) ϕ ↔ ψ ∈ U iff either ϕ, ψ ∈ U or ϕ, ψ ∈ / U . For if ϕ ↔ ψ ∈ U but e.g. ϕ ∈ U and ψ ∈ / U , then ¬ψ ∈ U by (i) and {ϕ ↔ ψ, ϕ, ¬ψ} is a non-satisfiable finite part of U . Similarly in the other direction. Now let v(ϕ) = 1 iff ϕ ∈ U . The properties above say precisely that v is a truth evaluation. Clearly v satisfies all formulas from U , in particular all formulas from T ⊆ U . Hence T is satisfiable. It remains to prove the theorem for a language A of arbitrary cardinality. We present a general proof, which needs a few notions from set-theoretical topology. Proof of the compactness theorem. Let T be a finitely satisfiable theory. For every finite fragment S ⊆ T denote by sat(S) the set of all evaluations v : A → 2 satisfying S. By assumption, sat(S) is nonempty for every finite S ⊆ T . It is easily seen that sat(S) is closed in the topological product 2A . The system S = {sat(S); S ⊆ T finite} is centered, as the intersection sat(S1 ) ∩ · · · ∩ sat(Sn ) contains the nonempty sat(S1 ∪ · · · ∪ Sn ). Hence we have a centered system S of nonemptyTclosed sets in 2A , which is a compact Ttopological space, so the 6 ∅ satisfies all finite intersection S is nonempty. Every evaluation v ∈ S = S ⊆ T simultaneously; in particular, it satisfies every formula from T . Notice that the above proof is purely existential : we have shown that a satisfying evaluation exists, without presenting any particular one. 1.4.15 Lemma. Let T be a propositional theory T and ϕ be a propositional formula. Then T |= ϕ if and only if T0 |= ϕ for some finite T0 ⊆ T . Proof. T |= ϕ iff T ∪ {¬ϕ} is not satisfiable, which by the compactness theorem means that T0 ∪ {¬ϕ} is not satisfiable for some finite T0 ⊆ T . So T0 |= ϕ. 1.4.16 Lemma. Let T be a propositional theory, and let S be a finite propositional theory such that S |= T . Then there is a finite T0 ⊆ T such that T0 |= T . Proof. For every formula ϕ from S, we have T |= ϕ by assumption.S By the previous lemma, there is a finite Tϕ ⊆ T such that Tϕ |= ϕ. Put T0 = ϕ∈S Tϕ . Being a finite union of finite sets, T0 is a finite part of T ; in particular, T |= T0 . Clearly T0 |= S, and by assumption, S |= T ; hence T0 |= T . For example, the propositional theories from 1.4.12 have no equivalent finite fragment. By the lemma just proven, they have no finite equivalent at all. 1.5 Provability So far, we have been concerned with the semantics of propositional logic, asking questions of truth, satisfiability and consequence. Now we describe the other face of propositional logic, the formal deductive system. We introduce the notion of a formal proof and ask which formulas are provable, either in logic alone or from other formulas. We demonstrate the deduction theorem which considerably simplifies and shortens provability arguments. We demonstrate the completeness of propositional logic, showing the notions of truth and provability in accord. 27 A formal deductive system When proposing a deductive system for propositional logic, we first need to specify the language it will use. In this language, certain formulas are chosen as axioms from which everything else will be derived, and a set of deductive rules is explicitly given which are the only permitted ways of deriving anything. It is almost philosophical to ask what the axioms and the rules should be, and different formal systems answer this question differently. The system introduced by D. Hilbert is widely recognized as the standard. The Hilbert system The language of the Hilbert deductive system is the language of propositional logic reduced to the connectives ¬ and →. The purpose of this reduction is an economy of expression; we know from 1.3.2 that {¬, →} is a minimal complete set of connectives. The axioms are all instances of any of the following formulas: H1: A → (B → A) H2: (A → (B → C)) → ((A → B) → (A → C)) H3: (¬B → ¬A) → (A → B) The only deductive rule is the rule of detachment or modus ponens: MP: From ϕ and ϕ → ψ, derive ψ. Do H1–H3 constitute the right foundation upon which the provability of propositions should stand, and does MP truly capture the way reason progresses from the known to the new? We will not be concerned with these questions here, leaving them to the philosophy of mathematics. 1.5.1 Exercise. Note that there are not just three axioms, but infinitely many axioms of three types. (a) Which of the following formulas are axioms, and of which type? (b) Implement a procedure which recognizes if a given input formula is a Hilbert axiom, and of which type. (A → B) → ((¬C ↔ (D ∧ E)) → (A → B)) (A → B) → ((¬C ↔ (D ∧ E)) → (A → (A ∨ B))) (A → ((B ∧ ¬C) → D)) → ((A → (B ∧ ¬C)) → (A → D)) (A → ((B ∧ ¬C) → D)) → ((A → (B ∧ ¬C)) → D) (¬(A ∧ B) → (C ∨ D)) → (¬(C ∨ D) → (A ∧ B)) (¬(A ∧ B) → ¬¬(C ∨ D)) → (¬(C ∨ D) → (A ∧ B)) 1.5.2 Definition. Let ϕ be a propositional formula. Say that a finite sequence ϕ1 , . . . , ϕn of propositional formulas is a proof of ϕ in propositional logic, if every ϕi from the sequence is either an instance of an axiom, or is derived from some previous ϕj , ϕk , j, k < i by modus ponens, and ϕn is ϕ. If a proof of ϕ exists, say that ϕ is provable and write ` ϕ. The notion of a proof captures what we expect from it in mathematics: starting from explicitly given assumptions, it proceeds by explicitely given rules, and is verifiable in each of its finitely many steps. This verification can even be mechanical, see 1.5.6. 1.5.3 Example. The following sequence is a formal proof of A → A in propositional logic. In every step, we note which axiom or rule exactly is being used. 28 H1: (A → ((A → A) → A)) H2: (A → ((A → A) → A)) → ((A → (A → A)) → (A → A)) MP: (A → (A → A)) → (A → A) H1: (A → (A → A)) MP: (A → A) Note that the notion of a proof is entirely syntactic: it is a sequence of formulas, i.e. expressions of certain form, which itself is of certain form. The questions of truth or satisfaction are entirely irrelevant here. It is easy to verify that the sequence above is indeed a proof, but it gives no hint about how to find a proof. We will see later that for a provable formula, even finding the proof is a mechanical procedure, although very hard computationally. Introducing formal proofs, a note of warning is in order: we also present “proofs” in this text, and they are not sequences of formulas (except 1.5.3). To clearly separate these two levels of a language, we could call our proofs demonstrations or metaproofs, as is sometimes done. However, we keep calling them “proofs” and rely on the reader’s ability to differentiate between a formal proof in logic and a demonstration given in English, which is the metalanguage we use to talk about logic, i.e. about formulas, theories — and proofs. 1.5.4 Exercise. Verify that the following sequence is a formal proof.8 In each step, say which rule or axiom is being used. Can you find a shorter proof? ¬A → (¬B → ¬A) (¬B → ¬A) → (A → B) ((¬B → ¬A) → (A → B)) → (¬A → ((¬B → ¬A) → (A → B))) ¬A → ((¬B → ¬A) → (A → B)) (¬A → ((¬B → ¬A) → (A → B))) → ((¬A → (¬B → ¬A)) → (¬A → (A → B))) (¬A → (¬B → ¬A)) → (¬A → (A → B)) ¬A → (A → B) 1.5.5 Exercise. Let ϕ1 , . . . , ϕn be a formal proof, and let A1 , . . . , Ak be all the propositional atoms appearing there. Let ψ1 , . . . , ψk be any propositional formulas. Then the sequence ϕ∗1 , . . . , ϕ∗n , where the formula ϕ∗i is an instance of ϕi obtained by substituting ψj for Aj , is a propositional proof again. In short, every “instance of a proof” is a proof again, hence a proof of any formula can be easily rewritten into a proof of its instance. 1.5.6 Exercise. Implement a proof checker , i.e. a program that reads a sequence of formulas on input (one formula per line) and verifies that the sequence constitutes a formal proof. 1.5.7 Definition. Let T be a propositional theory, let ϕ be a propositional formula. A sequence ϕ1 , . . . , ϕn of propositional formulas is a proof of ϕ in T if every ϕi is either an axiom of logic, or an axiom from T , or it is derived from some previous ϕj , ϕk by modus ponens. If there is such a proof, say that ϕ is provable in T , and write T ` ϕ. 8 The formula being proved is a theorem of ancient logic, and as such is originaly formulated in Latin: ex impossibili sequitur quodlibet, or from the impossible, anything follows. 29 The generalization is in that we allow formulas from T as steps of the proof. The notation ` ϕ introduced before corresponds to the case when ϕ is provable in an empty theory, i.e. in logic alone. If the theory in question is finite, it is usual to simply list its axioms. For example, we write B, ¬A → ¬B ` A instead of {B, ¬A → ¬B} ` A (see below). Similarly, if a theory T is extended with extra axioms ϕ and ψ, it is usual to write shortly T, ϕ, ψ instead of T ∪ {ϕ, ψ} etc. 1.5.8 Exercise. (a) Verify the steps of a formal proof of A → B from ¬A: ¬A, ¬A → (¬B → ¬A), ¬B → ¬A, (¬B → ¬A) → (A → B), A → B. (b) Give a proof of A → B from B and a proof of A from B, ¬A → ¬B. 1.5.9 Exercise ([T]). For a propositional theory T , denote by T hm(T ) the set of formulas provable in T . Decide which the following hold: (a) T ⊆ T hm(T ) (b) T hm(T hm(T )) = T hm(T ) (c) S ⊆ T if and only if T hm(S) ⊆ T hm(T ) (d) S ⊆ T hm(T ) if and only if T hm(S) ⊆ T hm(T ) (e) T hm(S ∪ T ) = T hm(S) ∪ T hm(T ) (f) T hm(S ∪ T ) = T hm(S ∪ T hm(T )) = T hm(T hm(S) ∪ T hm(T )) S S (g) If Tn ⊆ Tn+1 for every n ∈ N, then T hm( Tn ) = T hm(Tn ) S S (h) If Tn is a directed system, then T hm( Tn ) = T hm(Tn ) Correctness and consistence Having introduced formal proofs, it is natural to ask which formulas are provable, in logic or in a given theory. We show first that the Hilbert system is correct and propositional logic is therefore consistent. 1.5.10 Theorem (correctness). Let T be a propositional theory and let ϕ be a propositional formula. If ϕ is provable in T , then ϕ is a logical consequence of T . In particular, porpositional logic itself only proves tautologies. Proof. Let ϕ1 , ϕ2 , . . . , ϕn be a proof of ϕ in T . If ϕi is an axiom of propositional logic, it is a tautology, as we have verified in 1.2.9 and 1.2.20, so T |= ϕi . If ϕi is a member of T , then T |= ϕi by definition. Finally, if ϕi is derived for some previous two by modus ponens, note that an evaluation satisfying % and % → ϑ also satisfies ϑ; hence modus ponens only derives tautologies from tautologies, and only derives consequences of T from consequences of T . 1.5.11 Definition. A propositional theory is inconsistent if it proves every formula; otherwise, it is consistent. A formal system itself is inconsistent if the empty theory is inconsistent. Hence by the correctness theorem, propositional logic is consistent: a formula which is not a tautology cannot be proven. We also get from correctness that 1.5.12 Theorem. Every satisfiable theory is consistent. 30 Proof. Let v be an evaluation satisfying T . If T is inconsistemt, it proves any formula, in particular some ϕ and ¬ϕ, simultaneously. By the correctness theorem, T |= ϕ and T |= ¬ϕ. Hence v satisfies both ϕ and ¬ϕ, which is impossible. The property that an inconsistent theory proves both ϕ and ¬ϕ, for some formula ϕ, does in fact characterize the inconsistent theories, and is sometimes taken as the definition. For if ψ is any formula, we have ` ¬ϕ → (ϕ → ψ) by 1.5.4, so if T ` ϕ and T ` ¬ϕ, use modus ponens twice to get T ` ψ. Deduction theorem We present an indispensable technical tool: the deduction theorem, which simplifies and shortens proofs. We use it to show provability of some simple formulas needed later. 1.5.13 Theorem (deduction). Let T be a propositional theory, let ϕ, ψ be propositional formulas. Then T ` ϕ → ψ if and only if T, ϕ ` ψ. The deduction theorem formalizes the usual technique of proving an implication ϕ → ψ: the assumption ϕ is added to the theory, and the conclusion ψ is proved. Such a proof is typically shorter, as we are proving a simpler formula from stronger assumptions. In 1.5.4, for instance, we have given a formal proof of ¬ϕ → (ϕ → ψ) in propositional logic, in seven steps. In 1.5.8 we have proved ϕ → ψ from ¬ϕ in five notably easier steps. Proof. (i) If T ` ϕ → ψ, let ϑ1 , ϑ2 , . . . , ϑn (ϕ → ψ) be a proof. Extend this sequence by ϕ, ψ, obtaining ϑ1 , ϑ2 , . . . , (ϕ → ψ), ϕ, ψ, a proof of ψ form T, ϕ. (ii) If T, ϕ ` ψ, let ϑ1 , ϑ2 , . . . , ϑn ψ be a proof of ψ in T, ϕ. By induction, we show that T ` ϕ → ϑi for every ϑi . In particular, T ` ϕ → ψ for i = n. (a) If ϑi is an axiom, then ϑi , ϑi → (ϕ → ϑi ), ϕ → ϑi is a proof of ϕ → ϑi . (b) If ϑi is from T , then the sequence from (a) is a proof of ϕ → ϑi from T . (c) If ϑi ϕ, we need to show T ` ϕ → ϕ. But ` ϕ → ϕ by 1.5.3. (d) If ϑi is derived from some previous ϑj , ϑj → ϑi using modus ponens, we already have T ` ϕ → ϑj and T ` ϕ → (ϑj → ϑi ). A proof of ϕ → ϑi in T is then obtained by extending the proofs of ϕ → ϑj and ϕ → (ϑj → ϑi ) by H2: (ϕ → (ϑj → ϑi )) → ((ϕ → ϑj ) → (ϕ → ϑi )) MP: (ϕ → ϑj ) → (ϕ → ϑi ) MP: ϕ → ϑi This covers all cases of ϑi being in the original proof. The demonstration is constructive: it describes an algorithm which translates a proof of ψ from T, ϕ into a proof of ϕ → ψ from T , and vice versa. 1.5.14 Example. We show how to rewrite the proof 1.5.8 of A → B from ¬A into a proof of ¬A → (A → B) in logic. We follow the constructive demonstration of the deduction theorem: for each of the formulas ϑ1 , ϑ2 , ϑ3 , ϑ4 , ϑ5 , i.e ¬A, ¬A → (¬B → ¬A), ¬B → ¬A, (¬B → ¬A) → (A → B), A → B of the original proof, we construct a proof of ¬A → ϑi . (1) ϑ1 is ¬A itself, case 1.5.13 (c), using 1.5.3: (¬A → ((¬A → ¬A) → ¬A)) (¬A → ((¬A → ¬A) → ¬A)) → ((¬A → (¬A → ¬A)) → (¬A → ¬A)) (¬A → (¬A → ¬A)) → (¬A → ¬A) 31 (¬A → (¬A → ¬A)) (¬A → ¬A) (2) ϑ2 is an axiom of logic, case 1.5.13 (a): ¬A → (¬B → ¬A) (¬A → (¬B → ¬A)) → (¬A → (¬A → (¬B → ¬A))) ¬A → (¬A → (¬B → ¬A)) (3) ϑ3 was derived from ϑ1 and ϑ2 , case 1.5.13 (d): (¬A → (¬A → (¬B → ¬A))) → ((¬A → ¬A) → (¬A → (¬B → ¬A))) (¬A → ¬A) → (¬A → (¬B → ¬A)) ¬A → (¬B → ¬A) (4) ϑ4 is an axiom of logic, case 1.5.13 (a): (¬B → ¬A) → (A → B) ((¬B → ¬A) → (A → B)) → (¬A → ((¬B → ¬A) → (A → B))) ¬A → ((¬B → ¬A) → (A → B)) (5) ϑ5 was derived from ϑ3 and ϑ4 , case 1.5.13 (d): (¬A → ((¬B → ¬A) → (A → B))) → ((¬A → (¬B → ¬A)) → (¬A → (A → B))) (¬A → (¬B → ¬A)) → (¬A → (A → B)) ¬A → (A → B) Apparently, formal proofs of even simple formulas can get quite tedious.9 The deduction theorem makes it possible to keep provability arguments tolerably simple. At the same time, the use of the deduction theorem can always be eliminated as above, mechanically. 1.5.15 Exercise. Demonstrate that (A → (B → C)) → (B → (A → C)) and (A → B) → ((B → C) → (A → C)) are provable. The deduction theorem makes it possible to show provability without actually giving a formal proof . 1.5.16 Exercise. Extend your proof checker to a proof preprocessor which accepts provability arguments like above and unfolds every use of the deduction theorem into an actual formal proof. We will be using the deduction theorem freely when showing provability of various propositional formulas below. The gentle reader can try and see how much more tedious it would be to present the actual formal proofs. 1.5.17 Lemma. (i) ` ¬¬A → A, (ii) ` A → ¬¬A. Proof. Using 1.5.4 and the deduction theorem, we have 1.5.4: ` ¬¬A → (¬A → ¬¬¬A) DT: ¬¬A ` (¬A → ¬¬¬A) H3: ` (¬A → ¬¬¬A) → (¬¬A → A) MP: ¬¬A ` ¬¬A → A DT: ¬¬A ` A DT: ` ¬¬A → A 9 The formal proof obtained above can in fact be simplified: the first eleven steps prove an instance of an axiom, which, moreover, is already present as the sixth step. Eliminating the redundancies leads to the proof in 1.5.4. 32 and (i) ` ¬¬¬A → ¬A H3: ` (¬¬¬A → ¬A) → (A → ¬¬A) MP: ` A → ¬¬A 1.5.18 Lemma. (i) ` (A → B) → (¬B → ¬A), (ii) ` A → (¬B → ¬(A → B)) Proof. Using 1.5.17 and the deduction theorem, we have 1.5.17, DT: ¬¬A ` A MP: ¬¬A, A → B ` B 1.5.17, MP: ¬¬A, A → B ` ¬¬B DT: A → B ` ¬¬A → ¬¬B H3, MP: A → B ` ¬B → ¬B DT: ` (A → B) → (¬B → ¬B) and MP: A, A → B ` B DT: A ` (A → B) → B (i), MP: A ` ¬B → ¬(A → B) DT: ` A → (¬B → ¬(A → B)) 1.5.19 Lemma. ` (¬A → A) → A. Proof. Using 1.5.18 and the deduction theorem, we have MP: ¬A, ¬A → A ` A DT: ¬A ` (¬A → A) → A 1.5.18, MP: ¬A ` ¬A → ¬(¬A → A) DT, DT: ` ¬A → ¬(¬A → A) H3, MP: ` (¬A → A) → A 1.5.20 Exercise. ` (A → ¬B) → (B → ¬A), ` (¬A → B) → (¬B → A). Using the previous lemmas, we obtain the following characterization of provability. This can be viewed as a formalization of a proof by contradiction. 1.5.21 Lemma. T ` ϕ if and only if T, ¬ϕ is inconsistent. Proof. (i) By 1.5.4 we have ` ¬ϕ → (ϕ → ψ), so ` ϕ → (¬ϕ → ψ) by 1.5.15. Hence if T ` ϕ, then T ` ¬ϕ → ψ, and so T, ¬ϕ ` ψ by the deduction theorem. (ii) If T, ¬ϕ is inconsistent, it proves any formula, in particular T, ¬ϕ ` ϕ, and we have T ` ¬ϕ → ϕ by the deduction theorem. Now ` (¬ϕ → ϕ) → ϕ by 1.5.19, hence T ` ϕ by modus ponens. These provability results are only concerned with the connectives ¬ and →; we show now some simple proofs of formulas concerning the other connectives, taking them as shortcuts for equivalents in the basic language. 33 1.5.22 Lemma. (i) A ∧ B ` A, B, (ii) A, B ` A ∧ B. Proof. (i) A ∧ B stands for ¬(A → ¬B). By 1.5.4 we have ¬A → (A → B), so by 1.5.17 and 1.5.18 we have ` ¬(A → ¬B) → A by modus ponens. Hence ¬(A → ¬B) ` A by the deduction theorem. Also, ¬B → (A → ¬B) is an axiom, hence 1.5.17 and 1.5.18 give ` ¬(A → ¬B) → B by modus ponens, so ¬(A → ¬B) ` B by the deduction theorem. (ii) We have A, B ` ¬¬B by 1.5.17, so by 1.5.18 A, ¬¬B ` ¬(A → ¬B). Hence A, B ` A ∧ B by modus ponens. 1.5.23 Lemma. A ↔ B standing for (A → B) ∧ (B → A), we have (i) A ↔ B ` A → B; A ↔ B ` B → A (ii) A → B, B → A ` A ↔ B (iii) If ` A ↔ B, then T ` A iff T ` B. (iv) ` (A1 → (A2 → . . . (An → B) . . . ) ↔ ((A1 ∧ A2 . . . ∧ An ) → B) 1.5.24 Exercise. (i) A ` A ∧ A, (ii) A ` A ∨ A, (iii) A ∧ A ` A, (iv) A ∨ A ` A. Completeness of propositional logic We show now the completeness of the Hilbert system: it proves exactly the tautologies. This means that the set of axioms and rules of inference fully characterize the truth of propositional formulas by entirely formal, syntactic means. 1.5.25 Lemma (neutral formula). Let T be a propositional theory and let ϕ, ψ be propositional formulas. If T, ϕ ` ψ and T, ¬ϕ ` ψ, then T ` ψ. Proof. From T, ¬ϕ ` ψ we have T ` ¬ψ → ¬¬ϕ by 1.5.18, so T, ¬ψ ` ¬¬ϕ by the deduction theorem, and T, ¬ψ ` ϕ by 1.5.17. From T, ϕ ` ψ we have T ` ϕ → ψ by the deduction theorem, so T, ¬ψ ` ψ by modus ponens, and T ` ¬ψ → ψ. By 1.5.19 we have ` (¬ψ → ψ) → ψ, so T ` ψ. For a propositional formula ϕ and a truth evaluation v, let ϕv denote either ϕ, in case v(ϕ) = 1, or ¬ϕ, in case v(ϕ) = 0. In any case, v(ϕv ) = 1. 1.5.26 Lemma. Let ϕ be a propositional formula and let A1 , . . . , An be its propositional atoms. Then Av1 , . . . , Avn ` ϕv for any evaluation. Proof. If ϕ is an atom itself, the statement is trivial. If ϕ is ¬ψ and the statement is already proved for ψ, consider two cases. For v(ψ) = 0, the formula ψ v is ¬ψ, and by induction Av1 , . . . , Avn ` ¬ψ; but ¬ψ is ϕv . For v(ψ) = 1, the formula ψ v is ψ, and by induction Av1 , . . . , Avn ` ψ. By 1.5.17 we have ` ψ → ¬¬ψ, hence Av1 , . . . , Avn ` ¬¬ψ by modus ponens; but ¬¬ψ is ϕv . If ϕ is ψ → ϑ and the statement is already proved for ψ and ϑ, consider the cases of v(ψ) and v(ϑ). If v(ψ) = 0, ψ v is ¬ψ and ϕv is ψ → ϑ. By 1.5.4 and the deduction theorem we have ¬ψ ` ψ → ϑ, so the statement follows by induction. In case v(ψ) = 1 = v(ϑ), we have v(ϕ) = 1, so ϕv is ψ → ϑ. By H1 and the deduction theorem we have ϑ ` ψ → ϑ; but ϑ is ϑv , so the statement follows by induction. In case v(ψ) = 1, v(ϑ) = 0 we have v(ϕ) = 0, so ϕv is ¬ϕ, i.e. ¬(ψ → ϑ). By 1.5.18 and the deduction theorem we have ψ, ¬ϑ ` ¬(ψ → ϑ); but ψ is ψ v and ¬ϑ is ϑv , so the statement follows by induction. 34 1.5.27 Theorem (E. Post). Every propositional tautology is provable. Proof. Let ϕ be a tautology, and let A1 , . . . , An be its propositional atoms. For every evaluation v we have Av1 , . . . , Avn ` ϕ by the previous lemma. Let w be an w evaluation which agrees with v everywhere except An . We have Aw 1 , . . . , An ` ϕ v v v w again, i.e. A1 , A2 , . . . , An−1 , An ` ϕ. Hence we have Av1 , Av2 , . . . , Avn−1 , An ` ϕ Av1 , Av2 , . . . , Avn−1 , ¬An ` ϕ simultaneously and Av1 , . . . , Avn−1 ` ϕ by 1.5.25. Repeat n times to get ` ϕ. 1.5.28 Theorem (completeness of propositional logic). Let ϕ be a propositional formula and T a propositional theory. Then T ` ϕ iff T |= ϕ. In particular, propositional logic itself proves exactly the tautologies. Proof. One direction is the corectess theorem. In the other direction, let T |= ϕ. By the compactness theorem, we already have T0 |= ϕ for some finite part T0 = {ϕ1 , . . . , ϕn } of T . This means that ϕ1 → (ϕ2 → . . . (ϕn → ϕ) . . . ) is a tautology, and is provable in propositional logic by Post’s theorem. Using the deduction theorem n times, we get ϕ1 , . . . , ϕn ` ϕ, hence T ` ϕ. We have demonstrated the correspondence between truth and provability in propositional logic. This has interesting corollaries and equivalents. 1.5.29 Theorem. A propositional theory is consistent iff it is satisfiable. Proof. One direction is 1.5.12. If T is not satisfiable, then by compactness some finite {ϕ1 , . . . , ϕn } ⊆ T is not satisfiable. Hence ¬ϕ1 ∨ . . . ∨ ¬ϕn is a tautology, denote it by ϕ. By the completeness theorem, ϕ is provable in logic, so T ` ϕ as well. At the same time, every ϕi is provable in T , hence T ` ϕ1 ∧ . . . ∧ ϕn by 1.5.22. But this formula is equivalent to ¬ϕ, so T ` ¬ϕ by 1.5.23. In the demonstration we use the compactness theorem, which itself follows from the previous theorem. For if T is not satisfiable, it is inconsistent. But the formal proof of a contradiction in T only uses a finite part T0 ⊆ T , as a proof is a finite sequence. So the finite T0 is inconsistent, hence not satisfiable. The completeness theorem itself also follows from the previous theorem. For if T |= ϕ, then T, ¬ϕ is not satisfiable, and is therefore inconsistent. Hence some finite part T0 , ¬ϕ is inconsistent, which means T0 ` ϕ by 1.5.21. Decidability of propositional logic The question of provability for propositional formulas is, by the completeness theorem, the same as the question of truth. Yet the truth of a propositional formula can be effectively decided, hence there is a procedure effectively deciding provability of any given propositional formula. We say that propositional logic is decidable. In the next chapter, we study predicate logic, which also has a completeness theorem, but is undecidable. In predicate logic, there is no analogy of the truth tables which could effectively decide the truth of formulas. 35 Chapter 2 Predicate Logic The language of propositional connectives is hardly fine enough to be the language of mathematics. In this chapter, we study the language in more detail, introducing the functional and relational symbols used in mathematics to describe objects and their properties, and study its syntax and semantics. We extend the Hilbert axioms and rules of inference to these new symbols and describe the deductive system of predicate logic, which has become the formal framework of mathematics. We prove the corectness and completeness theorem, and show the compactness of predicate logic. 2.1 Formulas of predicate logic In propositional logic, we have studied the connectives and how they operate on the atomic statements, ignoring the inner structure of these statements. Now we study this structure in detail. When studying the formal language of mathematics, designed to describe mathematical structures, we must ask first what the language is supposed to express. Surely we want to name some particular objects, for instance. The language of predicate logic contains constant symbols for this. For example, the symbols 0 and 1 in arithmetic or π in real analysis are names for some prominent numbers, the constants sin or exp name certain functions, etc. Apart from names of particular objects, we need generic names for objects, when we speak about some number, space, permutation, etc. This is the purpose of variables. Following tradition, we will mostly use small latin letters (x, y, z, . . . ) for variables, possibly indexed (x1 , x2 , x3 , . . . ). We need to be able to talk about properties of objects and relations among objects, such as divisibility of numbers, various orderings, perpendicularity of lines, symmetry of graphs, equivalence of grammars, etc. The language of predicate logic contains relational symbols, or predicates, for this. For example, ≤ is the usual relational symbol for an ordering, k denotes parallels in geometry, ∈ usually denotes membership in a set, etc. The predicates differ in arity: the unary predicates describe a property of an object (prime number, maximal element), binary predicates express a relation between two objects (perpendicular lines, one set being a member of another, one number dividing another), etc. 36 We also need to talk about various operations we perform on the objects: multiplying numbers, composing permutations, concatenating words, intersecting sets, inverting ratios, etc. The language of predicate logic contains functional symbols for this, differing in arity as with relational symbols. We need to quantify our statements: sometime we want to state a property of all objects of interest (“for every vector in the space . . . ”), other times we state an existence of an object. This is the purpose of quantifires: the universal quantifier ∀ and the existential quantifier ∃, in classical logic.1 Finally, we want to compose our statements into logical compounds with propositional connectives, as we did in propositional logic. 2.1.1 Definition. The language of predicate logic consists of (a) a set of constant symbols (b) a set of functional symbols, each having a specified arity (c) a set of relational symbols, each having a specified arity (d) an unlimited set of variables (e) the propositional connectives ¬, ∧, ∨, →, ↔ (f) the quantifiers ∀ and ∃ (g) parentheses {[()]} for readability We assume that these sets of symbols are mutually disjoint, so that a variable is not simultaneously a constant, a bracket is not a predicate, a connective is not a function name, etc.2 The symbols in (a), (b), (c) are specific for the given language and reflect the area we want to describe using it (see examples below). These are the extralogical or special symbols. The other symbols are the logical symbols, common to all predicate languages: we need variables, connectives, etc in every language, whatever field we want to describe. The binary symbol = for equality is prominent among the relational symbols. Usually, it is also considered a logical symbol, and its behaviour is described by extra axioms. Unless we state otherwise, we assume = to be a binary relational symbol of any language we consider, making it a language with equality. 2.1.2 Example. (a) The language of set theory has one binary predicate ∈. (b) The language of oriented graphs has one binary predicate →. (c) The language of order theory has one binary predicate <. (d) The language of group theory has a binary functional symbol ∗, a constant symbol 1, a unary functional symbol −1 , and no relational symbols. (e) The language of arithmetic has constants 0 and 1, a binary predicate <, a unary functional symbol S, and binary functional symbols + a ∗. We see that the various languages are designed with the intention to describe a specific area of mathematics. For example, the language of < is perfectly suitable to describe any order relation, but would be insufficient to describe 1 Yes, 2 Just these look like an inverted A and E, standing for alle und existiert, or all and exists. like the syntax of a programming language forbids a variable named && or while, etc. 37 arithmetic. Similarly, the language of group theory is adequate to describe the group operation, the neutral element, and the inverses, but would be unsuitable for describing an order. In the examples, we have specified the languages in their basic form. It is common practice to extend the language as we learn about new properties of the objects. For instance, studying arithmetic, we soon discover the relation of divisibility, the notion of least common multiples, etc. It is natural to extend the basic language by, say, a binary predicate x|y and a binary functional symbol lcm(x, y), even if we could do without them. Similarly, when studying sets, we soon arrive at the existence of an empty set, and it is natural to name it with a constant, say ∅, to introduce a functional symbol ∩ for intersections, etc. We will describe the formalities of extending a language later. 2.1.3 Definition. Let L be a language of predicate logic. A term of L is every expression obtained by applying the following operations finitely many times: (a) Every constant of L is a term. (b) Every variable of L is a term. (c) If t1 , . . . , tn are terms of L, and f is an n-ary functional symbol of L, then f (t1 , . . . , tn ) is a term. For binary operations, it is customary to use the infix notation and write e.g. x + y instead of the formally correct +(x, y). 2.1.4 Example. The basic language of set theory, graph theory and order theory has no terms except the variables. The expressions 1, x ∗ 1, x ∗ y, x−1 , (x ∗ y)−1 , y ∗ x ∗ y −1 are terms of group theory. The expressions 1, x + y, x + 1, y ∗ 0, x ∗ (y + z), S(x ∗ (1 + 1)) are terms of arithmetic. 2.1.5 Definition. Let L be a language of predicate logic. A formula of L is every expression obtained by applying the following rules finitely many times: (a) If t1 and t2 are terms of L, then t1 = t2 is a formula. (b) If t1 , . . . , tn are terms of L and R is an n-ary relational symbol of L, then R(t1 , . . . , tn ) is a formula. (c) If ϕ, ψ are formulas, then the following are also formulas: (¬ϕ), (ϕ ∧ ψ), (ϕ ∨ ψ), (ϕ → ψ), (ϕ ↔ ψ). (d) If x is a variable and ϕ is a formula, then (∀x)ϕ and (∃x)ϕ are formulas. A subformula of a formula is any substring which is a formula itself. The formulas from (a) and (b) are atomic — they are the simplest statements possible in the language. Clearly, the atomic formulas are precisely the formulas having no proper subformulas. The formulas from (c) are constructed from simpler formulas using the propositional connectives, as in the previous chapter. The language of predicate logic is finer than the language of propositional logic: the connectives are applied to expressions with an inner structure, as opposed to nondivisible propositional atoms. 38 The formulas (∀x)ϕ and (∃x)ϕ from (d) read, respectively, “for all x, ϕ” and “there is an x such that ϕ.” An important feature of the language is that formulas only quantify variables, i.e. objects, not sets of objects, or properties, or sets of properties, etc; this is a first-order language. We will not be concerned with languages of higher orders.3 As with binary functional symbols, it is customary to use infix notation with binary predicates and write e.g. x < y instead of < (x, y), or x ∈ y instead of ∈ (x, y) etc. The negated atomic formulas are usually written as x 6= y, x ∈ / y, x 6< y etc, instead of the formally correct ¬(x = y), ¬(x ∈ y), ¬(x < y). We also write (∀x, y)ϕ instead of (∀x)(∀y)ϕ, (∃x, y)ϕ instead of (∃x)(∃y)ϕ, etc. 2.1.6 Example. (a) The following expressions are formulas of set theory: x ∈ y, x ∈ / y, (∀x)(x ∈ / x), (∀x)(x ∈ / y), (∃y)(∀x)(x ∈ / y), (∀x)((x ∈ y) → (x ∈ z)), (∀x)(∀y)(∀z)((z ∈ x ↔ z ∈ y) → (x = y)), (∀t)((t ∈ z) ↔ ((t = x) ∨ (t = z))), (∀t)((t ∈ z) ↔ (t ∈ x ∧ t ∈ z)), (∀t)((t ∈ z) ↔ (∀u)(u ∈ t → u ∈ x)). (b) The following are formulas of the language4 of directed graphs: x → y, (∀x)(x 6→ x), (∃x)(∀y)(x → y), (∀x)(∀y)(x → y), (∀x)(∀y)(x → y ↔ y → x), (∃x)(∃y)(∃z)(x → y ∧ y → z ∧ z → x), (∃x)(∃y)(∀z)(x → z ∨ y → z). (c) These expressions are formulas of the language of order theory: x < y, (∀x)(x 6< x), (∀x)(∀y)(∀z)((x < y ∧ y < z) → (x < z)), ¬(x < y ∧ y < x), (∃x)(∀y)(x < y), (∃z)(x < z ∧ z < y), (∀x)(∀y)[(x < y) → (∃z)(x < z ∧ z < y)], (∃y)[(x < y) ∧ (∀z)((x < z) → (y < z ∨ y = z))], (∀x)(∀y)(∃z)(x < z ∧ y < z). (d) The following expressions are formulas of group theory: 1 ∗ x = x, (∀x)(1 ∗ x = x ∧ x = x ∗ 1), (∀x)(∀y)(∀z)(x ∗ (y ∗ z) = (x ∗ y) ∗ z), x ∗ x−1 = 1, x ∗ x = 1, (x ∗ y)−1 = y −1 ∗ x−1 , (∃y)(y ∗ x ∗ y −1 = x), (∀x)(∀y)(x ∗ y = y ∗ x). (e) The following expressions are formulas of arithmetic: x < y, S(x) 6= 0, x+0 = 1∗x, (∃x)(y = S(x)), (∃u)(x∗u = y), (∃u)(∃v)((x∗u = y)∧(x∗v = z)), 0 6= 1, (∃u)((x ∗ u = y) ∧ (x ∗ u = z)), (∀y)[(∃z)(x = y ∗ z) → (y = 1 ∨ z = 1)], (@u)(x = u + u), (∃u)(x = u ∗ u), (∀x)(∃y)(x < y ∧ (∃u)(x = (u + u) + 1)), (∀x)(∀y)(∀z)(x ∗ (y + z) = (x ∗ y) + (x ∗ z)), (x ∗ y = 0) → (x = 0 ∨ y = 0), (∀x)(∀y)(x + y = y + x), S(x) = S(y) → x = y. Beside the usual quantifications “for all” and “there exists”, it is sometimes convenient to state that a given property holds “for almost every number” or “for infinitely many numbers”. For instance, the usual definition of a limit in calculus requires that every neighbourhood contains almost all members of the sequence, arithmetic proves that there are infinitely many primes, etc. In the language of arithmetic, these statements are often expressed with (∀∞ x)ϕ and (∃∞ x)ϕ, which stand for (∃y)(∀x)((x > y) → ϕ) and (∀y)(∃x)((x > y) ∧ ϕ). 2.1.7 Exercise. Describe in full detail why the following is a formula of arithmetic, and write out all of its subformulas. (∀x)(∃y)((x < y) ∧ (∀z)((∃u)(y = z ∗ u) → ((z = 1) ∨ (z = y)))) 3 Languages of higher orders have variables not only for objects, but also for sets of objects, or different sets of variables for different types of objects, such as separate variables for natural numbers. Such logic differs substantially from the first-order predicate logic; for example, the second-order logic is not compact. We have mentioned in the introduction how set theory can be used in mathematics to work around the limitations of a first-order language. 4 The binary relational symbol → for an arrow between nodes in a graph is completely unrelated to the → connective. This is one of the cases of “standard abuse of notation”, violating the agreement that the various classes of symbols are mutually disjoint. 39 2.1.8 Exercise. Write the formulas of the basic language of set theory which express the following properties of sets: the set x is empty; there is an empty set; no set is a member of itself; the set x is a subset of y; sets with the same elements are equal; the set x has exactly three elements; the set x is a union of y and z; the set x is an intersection of y and z; the union of y and z is the smallest superset of both; the intersection of y and z is the largest subset of both; for every two sets x and y, there is a set with precisely the elements x and y; for every set, there is a set of all its subsets; there is no set of all sets. 2.1.9 Exercise. Write the formulas of the language of oriented graphs which express the following properties: there are no loops; every two nodes are connected by a path of length at most five; x has arrows to all other nodes; x is an isolated node; there are no isolated nodes; every node lies on a triangle. 2.1.10 Exercise. Write the formulas of the language of order which express the following properties in ordered sets: every two elements are comparable; between every two comparable elements, there is another; there are two comparable elements with no other between them; every two elements have a common upper bound; x is the largest (smallest) element; there is a largest (smallest) element; there is at most one largest element; there is no largest or smallest element; there are at least two maximal elements; below any element exists a minimal element; no two maximal elements are comparable. 2.1.11 Exercise. Write the formulas of the language of arithmetic which express the following properties of natural numbers: x is even; x is odd; x is a square; x divides y; x is a power of two; x only has odd divisors; x is a common divisor of y and z; x is the greatest common divisor of y and z; x is the least common multiple of y and z; x is a prime; x is the largest prime dividing y; every prime except 2 is odd; there are infinitely many primes; there are infinitely many twin5 primes; every number has only finitely many divisors; every even number except 2 is a sum of two primes; 0 is the smallest number; every number except 0 has an immediate predecessor; no two numbers have the same successor; there is no largest number. 2.2 Semantics of predicate logic The terms and formulas of predicate logic are purely syntactical objects, expressions of a certain form. Now we assign meaning to these expressions: terms become names of objects, and formulas become statements about those objects. 2.2.1 Definition. Let L be a language of predicate logic. Then a model of L, or a structure for L, is a nonempty set M equipped with (i) a designated element cM ∈ M for every constant symbol c; (ii) an n-ary function f M : M n → M for every n-ary functional symbol f ; (iii) an n-ary relation RM ⊆ M n for every n-ary relational symbol R. The set M is the underlying set or the universe and its elements are the individuals. We say that the structure M = (M, RM , . . . , f M , . . . , cM , . . . ) realizes the symbols of L in the set M , and we write M |= L. 5 Twin primes are neighbouring primes, e.g. 17 and 19. 40 To emphasize the difference between syntax and semantics, i.e. the difference between the symbols of a language and their realization, we will differentiate between e.g. the symbol 0 of the language of arithmetic and the natural number 0 realizing this symbol in the standard model N. Similarly, + is a symbol of arithmetic, while +N is a binary function on the set of natural numbers, which is not the same thing. It is important to separate the symbol and its meaning;6 in another model, the same symbol can be realized differently. For example, both the set R+ of positive real numbers and the set Z of integers realize the language7 of groups. In the first case, the binary functional symbol ∗ is realized by the binary operation of multiplying positive reals, the unary symbol −1 is realized by the usual operation of an inverse, and the constant 1 is realized by the neutral element 1. In the second case, ∗ is realized by the operation of addition, the inverse being the opposite integer and the neutral integer 0 playing the role of 1. A model for a language assigns a meaning to the constant, functional and relational symbols. If we want to assign meaning to other expressions of the language, i.e. terms and formulas, we need to start with variables. 2.2.2 Definition. Let L be a language and let M = (M, . . . ) |= L be a structure. Then every mapping e from the set of variables of L into M is an evaluation of variables. For a given evaluation e and a given term t of L, define the value t[e] ∈ M of t under e by induction on complexity as follows: (a) if t is a constant c, let t[e] = cM ; (b) if t is a variable x, let t[e] = e(x); (c) if t is f (t1 , . . . , tn ), where f is an n-ary functional symbol realized by f M and ti are terms with values ti [e] ∈ M , let t[e] = f M (t1 [e], . . . , tn [e]). 2.2.3 Lemma. Let M |= L and let e1 and e2 be evaluations which agree on variables x1 , . . . , xk . Then for any term t of L containing only variables x1 , . . . , xk the values t[e1 ] and t[e2 ] are identical. Given a structure and an evaluation, we can finally define satisfaction of formulas. We will use the following notation. If e is an evaluation of variables in M , then for a variable x and an element m ∈ M , let e(x/m) denote the evaluation which maps x to m but otherwise agrees with e. 2.2.4 Definition. Let L be a language, let M |= L, and let e be an evaluation of variables in M. We say that a formula ϕ of L is satisfied in M under e, and write M |= ϕ[e], in the following cases: (a) M |= (t1 = t2 )[e] iff the values t1 [e] ∈ M and t2 [e] ∈ M are identical. (b) M |= R(t1 , . . . , tn )[e] iff (t1 [e], . . . , tn [e]) ∈ RM , where R is an n-ary relational symbol realized in M by RM . (c) M |= (¬ψ)[e] iff M |= ψ[e] is not the case; we write M 6|= ψ[e]. 6 Even if for everyday symbols like + the relationship is so routine it is comfortable to ignore the difference and indentify the symbol with its “obvious” meaning. 7 Not only do they realize the language, but they are actually groups. 41 (d) M |= (ψ ∧ ϑ)[e] iff M |= ψ[e] and M |= ϑ[e]. (e) M |= (ψ ∨ ϑ)[e] iff M |= ψ[e] or M |= ϑ[e]. (f) M |= (ψ → ϑ)[e] iff M 6|= ψ[e] or M |= ϑ[e]. (g) M |= (ψ ↔ ϑ)[e] iff M |= ψ[e] exactly when M |= ϑ[e]. (h) M |= ((∀x)ψ)[e] iff M |= ψ[e(x/m)] for every m ∈ M . (i) M |= ((∃x)ψ)[e] iff M |= ψ[e(x/m)] for some m ∈ M . If M |= ϕ[e] holds for every evaluation e, we say that the formula ϕ is satisfied in M, or holds in M, and write M |= ϕ. If ϕ is satisfied in every model M |= L, we say that ϕ is logically valid and write |= ϕ. We require that the binary predicate = for equality is always realized by the identity relation, as we would expect. The satisfaction of other atomic formulas is given by the realizations of the special symbols of L in the structure. The inductive steps for logical connectives and quantifiers are then defined according to our understanding of the expressions “and”, “for all”, etc. Clearly for a given M, ϕ, e we have either M |= ϕ[e] or M |= ¬ϕ[e], and the truth of a formula under a given evaluation only depends on the variables that actually occur in the formula. In fact, we can say more. Free and bound variables Different variables can occur in formulas in different roles. For example, the variable x is quantified in the arithmetical formula (∃x)(y = x + x), but y is not. This influences the satisfaction of the formula. 2.2.5 Definition. Let ϕ be a formula of a language L. An occurrence of a variable x in ϕ is bound if it occurs in a subformula of the form (∀x)ψ or (∃x)ψ. An occurrence which is not bound is free. A formula without free variables is a closed formula or a sentence of L. A formula without bound variables is open. In the arithmetical formula (∀y)(∀z)(x = y ∗ z → (x = y ∨ x = z)), for instance, the variable x is free and y, z are bound. By the next lemma, satisfaction of this formula only depends on the evaluation of x. 2.2.6 Lemma. Let M |= L and let e1 and e2 be two evaluations agreeing on the variables x1 , . . . , xn . Then for any formula ϕ of L whose free variables are among x1 , . . . , xn we have M |= ϕ[e1 ] if and only if M |= ϕ[e2 ]. Proof. If ϕ is either of the form t1 = t2 or R(t1 , . . . , tk ), where t1 , . . . , tk are terms of L, then all variables in ϕ are free, so e1 and e2 agree on all variables in ϕ, and all the terms ti have the same values under e1 and e2 . Hence by definition of satisfaction for atomic formulas, M |= ϕ[e1 ] if and only if M |= ϕ[e2 ]. The induction steps for logical connectives are obvious. If ϕ is of the form (∀x)ψ, then M |= ϕ[e1 ] means, by definition, that M |= ψ[e1 (x/m)] for every m ∈ M . But for every m ∈ M , the evaluations e1 (x/m) and e2 (x/m) agree on the free variables of ψ: if xi is free in ϕ, the agreement is assumed; if xi is x, they agree by definition of e(x/m). Hence by the induction hypothesis we have M |= ψ[e1 (x/m)] iff M |= ψ[e2 (x/m)]. Thus M |= ψ[e2 (x/m)] for every m ∈ M , i.e. M |= ((∀x)ψ)[e2 ], i.e. M |= ϕ[e2 ]. The induction step for ∃ is analogous. 42 Consider for instance the arithmetical formula (∃y)(x = y + y) and the standard model N with the usual operations. Then N |= (∃y)(x = y + y)[e] is true under the evaluations e which evaluate the free variable x to an even number e(x) ∈ N. The evaluation of the bound variable y does not matter. We will commonly evaluate free variables only. In particular, a closed formula has no free variables, and is thus satisfied in a given model under all evaluations, or under none. A variable can have both free and bound occurrences in a formula, for instance in ((∀x)(x ∗ x = 1)) → (x ∗ x = 1). This is an undesirable situation,8 but can always be avoided. The hint is in the preceding observation: the satisfaction of (∃z)(x = z + z) also depends on the evaluation of x only, hence N |= (∃y)(x = y + y)[e] iff N |= (∃z)(x = z + z)[e], for any evaluation e. 2.2.7 Lemma. For every formula ϕ of a language L, there is a formula ψ in which no variable is simultaneously free and bound, and for every model M |= L and every evaluation e we have M |= ϕ[e] if and only if M |= ψ[e] Whenever we write ϕ(x1 , . . . , xn ), we mean that all the free variables of ϕ are among x1 , . . . , xn and none of them is bound in ϕ at the same time. 2.2.8 Exercise. For each of the following formulas of the language of oriented graphs, describe all evaluations of variables in the set M = {0, 1, 2, 3}, equipped with the relation {(0, 0), (0, 1), (0, 2), (0, 3), (1, 3), (2, 3), (3, 0), (3, 3)}, for which the formula is (resp. is not) satisfied — or show that no such evaluation exists. (x → x); ¬(x → x); (∃y)(x → y); (∃y)(y → x); (∀y)(x → y); (∀y)(y → x); (∃u)(x → u ∧ u → y); (∃u)(x → u ∧ u → u); (∃u)(∃v)(x → u ∧ u → v ∧ v → y). Decide which of the following sentences are true in this structure. (∀x)(∃y)((x → y) ∧ (y → x)); (∀x)(∃y)(∃z)((x → y) ∧ (y → z) ∧ (z → x)); (∀x)(∀y)(∃u)(∃v)((x → u) ∧ (u → v) ∧ (v → y)); (∀x)(∀y)((x → y) ∨ (y → x)). 2.2.9 Exercise. For each of the following formulas of the language of order, find an evaluation which makes the formula satisfied (resp. not) in the structures (N, <), (N, |), (N, N × N), (Z, <), (Q, <), (R, <), (P (N), ⊂) — or show that no such evaluation exists: (∀y)(x < y ∨ x = y); (∀y)¬(x < y); (∃z)(x < z ∧ z < y); (x < y) ∧ ¬(∃z)(x < z ∧ z < y); ¬(x < y ∨ y < x); (∃y)(∃z)(y < x < z). Decide which of the following sentences are true in these structures: (∀x)(∀y)(∀z)(x < y ∧ y < z → x < z); (∀x)¬(x < x); (∀x)(∃y)(x < y); (∀x)(∀y)(x < y → (∃z)(x < z ∧ y < z)); (∀x)(∀y)(x < y ∨ x = y ∨ y < x). 2.2.10 Exercise. For each of the following formulas of the language of groups, find an evaluation which makes the formula satisfied (resp. not) in the structures (Z, +, −, 0) and (Q+ , ∗,−1 , 1), or show that no such evaluation exists: 1 ∗ x = x; (∃y)(y ∗ y = x); (∃y)(y ∗ y ∗ y = x); (x ∗ y)−1 = x−1 ∗ y −1 ; (∃y)(y ∗ x ∗ y −1 = x) Decide if (∀x)[(∀y)(x ∗ y = y) → (x = 1)] is satisfied in these structures. 2.2.11 Exercise. For each of the following formulas of arithmetic, find an evaluation in the standard model N with the usual order and operations which makes the formula satisfied (or not) — or show that no such evaluation exists. (∃x)(y = S(x)); (∃u)(x ∗ u = y); (∃x)(∃y)(∃z)((u = x ∗ z) ∧ (v = y ∗ z)); (∃u)(∃v)((x ∗ u = y) ∧ (x ∗ v = z)); (∀y)(∀z)(x = y ∗ z) → (y = 1 ∨ z = 1); (∃y)(x < y ∧ (∃u)(y = (u + u) + 1)); (∀y)((∃u)(y = u ∗ u) → (y < x)). 8 Similar to a local variable masking a global variable of the same name in source code. 43 2.2.12 Exercise. Write a sentence in {+, ∗, 0, 1} which is (a) true in N, but not in Z; (b) true in Z, but not in Q; (c) true in Q, but not in R; (d) true in R, but not in C. The number classes are equipped with the usual operations. 2.2.13 Exercise. Consider a language with a single unary predicate P and decide which models satisfy the sentence (∀x)(∀y)[x = y ∨ (P (x) ∧ ¬P (y))]. 2.2.14 Exercise. Consider the following sentences in a language with a binary relational symbol and two binary functional symbols ⊗ a ⊕. (i) (∀x)(∀y)(x ⊗ y x ∧ x ⊗ y y) (ii) (∀x)(∀y)(x y ↔ (∃z)(x ⊕ z = y)) (iii) (∀x)(∀y)(∀z)(x ⊕ z y ⊕ z → x y) (iv) (∀x)(∀y)(∀z)((x ⊕ y) ⊕ z = x ⊕ (y ⊕ z)) (v) (∀x)(∀y)(∀z)(z x ∧ z y → z x ⊗ y) Decide which of these sentences are satisfied in the following structures. (a) the natural numbers N with the usual order, multiplication and addition; (b) the interval (−1, 1) with the usual order, multiplication, and half of sum; (c) the interval [0, 1] with the usual order, multiplication, and half of sum; (d) the set N with divisibility, greatest common divisor, and multiplication; (e) the set P (N), where is inclusion, ⊗ is intersection and ⊕ is union. 2.2.15 Definition. A formula of a language L which is true in every model of L is logically valid . A formula which is satisfied in at least one model under at least one evaluation is satisfiable. A non-satisfiable formula is a contradiction. Clearly, every logically valid formula is satisfiable, and contradictions are precisely the non-satisfiable formulas; a negation of a logically valid formula is a contradiction and vice versa. An easy source of logically valid formulas are the propositional tautologies: it suffices to substitute formulas of L for the propositionals atoms of a tautology. For instance, (x < y) ∨ ¬(x < y) is a logically valid formula of the language of order. As in propositional logic, we cannot expect the logically valid formulas to say anything specific: thanks to its syntactical form, the formula (x < y) ∨ ¬(x < y) is satisfied in any model of the language < of order, whichever relation realizes the predicate < on any given set, and however the variables x and y are evaluated. 2.2.16 Exercise. For every formula ϕ(x) with one free variable, the formulas ¬(∀x)ϕ(x) ↔ (∃x)¬ϕ(x) and ¬(∃x)ϕ(x) ↔ (∀x)¬ϕ(x) are logically valid. For every formula ψ(x, y) with two free variables, the formulas ¬(∀x)(∃y)ψ(x, y) ↔ (∃x)(∀y)¬ψ(x, y) and ¬(∃x)(∀y)ψ(x, y) ↔ (∀x)(∃y)¬ψ(x, y) are logically valid. 2.2.17 Exercise. Is at least one of the following formulas (in a language with one binary predicate R) logically valid? Show so, or show a counterexample. (∀x)(∃y)R(x, y) → (∃y)(∀x)R(x, y); (∃y)(∀x)R(x, y) → (∀x)(∃y)R(x, y). 44 2.2.18 Exercise. Consider the following formulas in a language with two binary predicates P, Q. Decide which of them are logically valid, satisfiable or contradictory. If the formula is not a contradiction, describe a model where it is satisfied; if it is not logically valid, describe a model in which it is not satisfied. (∀x)(P (x) ∧ Q(x)) ↔ ((∀x)P (x) ∧ (∀x)Q(x)) (∃x)(P (x) ∧ Q(x)) ↔ ((∃x)P (x) ∧ (∃x)Q(x)) (∀x)(P (x) ∨ Q(x)) ↔ ((∀x)P (x) ∨ (∀x)Q(x)) (∃x)(P (x) ∨ Q(x)) ↔ ((∃x)P (x) ∨ (∃x)Q(x)) (∀x)(P (x) → Q(x)) ↔ ((∀x)P (x) → (∀x)Q(x)) (∃x)(P (x) → Q(x)) ↔ ((∃x)P (x) → (∃x)Q(x)) (∀x)(P (x) ↔ Q(x)) ↔ ((∀x)P (x) ↔ (∀x)Q(x)) (∃x)(P (x) ↔ Q(x)) ↔ ((∃x)P (x) ↔ (∃x)Q(x)) Substitution of terms In mathematics, it is usual to substitute into terms and formulas, like with equations in elementary algebra. If x1 , . . . , xn are mutually distinct variables and t, t1 , . . . , tn are terms of L, let tx1 ,...,xn [t1 , . . . , tn ] be the term obtained from t by replacing every occurence of xi with ti . For example, if t is the arithmetical term x ∗ (y + z) and t1 , t2 , t3 are (a + b), 1, (d ∗ e), respectively, then tx,y,z [t1 , t2 , t3 ] is (a + b) ∗ (1 + d ∗ e). It is easy to check by induction that tx1 ,...,xn [t1 , . . . , tn ] is again a term of L. Similarly for a formulas ϕ of L, a variable x and a term t, let ϕx [t] be the formula obtained from ϕ by replacing every free occurence of x with t. It is easy to check that ϕx [t] is agan a formula of L. Analogously, we can define ϕx1 ,...,xn [t1 , . . . , tn ]. Every such formula is an instance of ϕ. The purpose of such substitutions is that the formula ϕx [t] “says” about t what ϕ “says” about x. For example, let ϕ be the formula (∃y)(x = y + y) of arithmetic, with one free variable x, which says x is an even number . If t is p + q, then ϕx [t] is the formula (∃y)(p + q = y + y) with free variables p, q, which says p + q is an even number . But if t is y + 1, then ϕx [t] is the formula (∃y)(y+1 = y+y), in which y is bound. This leads us to the following definition. 2.2.19 Definition. Let x be a variable, t a term and ϕ a formula of L. The term t is substituable for x into ϕ if no variable y in t is bound in any subformula of ϕ in which x is free. Whenever we write ϕx [t] in the following, we assume that the term t is substituable. By the lemma above, the formula ϕ can be rewritten, if needed, into an equivalent formula with bound variables renamed. 2.2.20 Exercise. Show by induction that if t, t1 , . . . , tn are terms, then the expression obtained from t by replacing mutually distinct variables x1 , . . . , xn in t with t1 , . . . , tn , respectively, is a term again. Similarly, if ϕ is a formula, then the expression obtained from ϕ by replacing the free occurences of x1 , . . . , xn in ϕ by t1 , . . . , tn is a formula again. 2.2.21 Exercise. Let M |= L, let ϕ be a formula of L, let x1 , . . . , xn be variables, and let e be an evaluation under which ti [e] is mi ∈ M . Then tx1 ,...,xn [t1 , . . . , tn ][e] is t[e(x1 /m1 , xn /mn )], and M |= ϕx1 ,...,xn [t1 , . . . , tn ][e] holds if and only if M |= ϕ[e(x1 /m1 , xn /mn )]. 45 2.3 Provability The Hilbert system As in the case of propositional logic, we start with reducing the language: we retain only ¬ and → as propositional connectives, and consider the other ones as shortcuts. We only use ∀ as a quantifier, and consider (∃x)ϕ a shortcut for ¬(∀x)¬ϕ. The purpose of this reduction is to simplify the basic language and reduce the number of axioms. Every formula of a given language L can be equivalently expressed in the reduced language. As axioms, we accept the following formulas describing the syntactical properties of the connectives and the universal quantifier. Firstly, for any formulas A, B, C of L, each of the following formulas is an axiom of predicate logic: H1: A → (B → A) H2: (A → (B → C)) → ((A → B) → (A → C)) H3: (¬B → ¬A) → (A → B) With these axioms, propositional logic becomes a part of predicate logic. If the set A of primary (propositional) formulas is taken to be the set of atomic formulas of L and formulas of the form (∀x)ϕ and (∃x)ϕ, where x is a variable and ϕ is a formula of L, then every formula of L is obtained from A using just propositional connectives. If we also accept modus ponens as a rule of inference, then every propositional formula over A will be provable in predicate logic. The syntactical properties of the general quantifier ∀ are described by two axiom schemata. The first is the schema of specification axioms: for every formula ϕ of L, every variable x, and every term t of L substituable into ϕ for x, the formula (∀x)ϕ → ϕx [t] is an axiom of predicate logic. The meaning of these axioms is very natural: if the formula ϕ holds “for every” x, then it also holds in every particular case. The second schema will be useful in finding the prenex form of formulas. For every two formulas ϕ, ψ of L and every variable x which is not free in ϕ, the following formula is an axiom: (∀x)(ϕ → ψ) → (ϕ → (∀x)ψ) The rules of deduction for predicate logic are modus ponens which we know from propositional logic, and which brings all propositional provability with it, and the rule of generalization: For any variable x, from ϕ, derive (∀x)ϕ. Hence if ϕ is a provable formula, then (∀x)ϕ is also provable — such is the position of free variables. Later, we also specify the axioms describing the binary predicate = for equality; that will extend the predicate logic in language L into a logic with equality. Introducing the axioms and rules of deduction for predicate logic gives a new meaning to the ` symbol for provability. The notion of a proof is defined analogously, but ` now means provability from the axioms just introduced, using both rules of deduction. 46 2.3.1 Definition. Let L be a language of predicate logic. A finite sequence ϕ1 , . . . , ϕn of formulas of L is a proof of ϕ in predicate logic, if ϕn is ϕ and every ϕi is either an axiom of predicate logic or is derived from some previously proven formulas using one of the deduction rules. If such a proof exists, we say that ϕ is provable in predicate logic, and write ` ϕ. Logic with equality The binary predicate = for equality has a prominent position: usually, we consider it to be a symbol of every language, and in semantics, we require that it is always realized the way we expect, i.e. by the identity relation. Now we describe its syntactical properties in three shemas of axioms which capture the natural ideas about equality: every individual is equal to itself, equal individuals satisfy the same relations and give the same results under operations. (E1) For every variable x, the formula x = x is an axiom. (E2) For variables x1 , . . . , xn , y1 , . . . , yn and an n-ary predicate R: x1 = y1 → (x2 = y2 → . . . → (xn = yn → R(x1 , . . . , xn ) → R(y1 , . . . , yn )) . . . ) (E3) For variables x1 , . . . , xn , y1 , . . . , yn and an n-ary functional symbol f : x1 = y1 → (x2 = y2 → . . . → (xn = yn → f (x1 , . . . , xn ) = f (y1 , . . . , yn )) . . . ) 2.3.2 Lemma. For any variables x, y, z (i) ` x = y → y = x (ii) ` x = y → (y = z → x = z) Proof. (i) The formula9 x = y → x = x → x = x → y = x is an instance of (E2). Reordering the assumptions in the implication as usual, we get that x = x → x = x → x = y → y = x is provable as well. Hence we get ` x = y → y = x from (E1) using modus ponens. (ii) The formula y = x → z = z → y = z → x = z is an instance of (E2); hence ` z = z → y = x → y = z → x = z as well. Using modus ponens and (E1) we get ` y = x → y = z → x = z, so ` x = y → y = z → x = z by (i). 2.3.3 Lemma. For terms s1 , . . . , sn , t1 , . . . , tn such that ` si = ti , (i) if s is a term and t is obtained from s by replacing the occurences of si with the corresponding ti , then ` s = t. (ii) if ϕ is a formula, and ψ is obtained from ϕ by replacing the occurences of si in atomic subformulas by the corresponding ti , then ` ϕ ↔ ψ. 2.3.4 Lemma. For any terms s1 , . . . , sn , t1 , . . . , tn , t, any variable x not occuring in t, and any formula ϕ, (i) ` s1 = t1 → s2 = t2 → . . . → sn = tn → t[s1 , . . . , sn ] = t[t1 , . . . , tn ] (ii) ` s1 = t1 → s2 = t2 → . . . → sn = tn → ϕ[s1 , . . . , sn ] ↔ ϕ[t1 , . . . , tn ] (iii) ` ϕx [t] ↔ (∀x)(x = t → ϕ) (iv) ` ϕx [t] ↔ (∃x)(x = t ∧ ϕ) We leave the straightforward proofs by induction to the reader. 9 The ommited parentheses accumulate to the right. 47 2.4 Completeness In the previous sections, we have described the semantics and syntax of predicate logic, i.e. satisfaction of formulas in structures and the formal deductive system. Now we show that they correspond to each other: formulas provable in the Hilbert system are precisely the logically valid formulas. For generality, instead of provability in logic and satisfaction in models of the language, we will study provability in a given theory and satisfaction in it models. Predicate logic itself becomes a special case — an empty theory. 2.4.1 Definition. Let L be a language of predicate logic. A theory in L is any set of formulas of L; these formulas are its axioms. A realization M of L is a model of T , denoted by M |= T , if every axiom from T is satisfied in M. If a formula ϕ of L holds in every model M |= T , we say that ϕ is a logical consequence of T and write T |= ϕ. In particular, any realization of L is a model of the empty theory; if a formula ϕ holds in every realization of L, we say that ϕ is logically valid and write |= ϕ. Axiomatizing a theory is a standard way to describe the structures we want to deal with. In a language designed for this particular purpose, we formulate the axioms which we find natural or interesting, and study the structures satisfying these axioms, i.e. models of the theory. Working in a given theory, we are then mostly interested in ist specific properties and consequences, i.e. statements which reflect its axioms. The logically valid formulas, which hold in every realization of the language, are not very interesting from this point of view: they hold in any other model of any other theory with the same language. For example, (∀x)(∀y)(x < y → x < y) is a logically valid formula of the language < of orders. It holds in every realization of a language with one binary predicate, i.e. in any set equipped with a binary relation. The specific properties of a relation which is an ordering do not reflect in the satisfation of this formula. We work now towards the completenes theorem of predicate logic, which says that formulas provable in a theory are exactly those which are its logical consequences. One direction of this statement is contained in the following. 2.4.2 Theorem (correctness). Let T be a theory in L, let ϕ be a formula of L. If ϕ is provable in T , then it holds in every model of T . Proof. Let ϕ1 , . . . , ϕn be a proof of ϕ in T , let M |= T be any model. We show by induction that every ϕi holds in M under any evaluation. (i) If ϕi is an axiom of T , then M |= ϕi by definition. (ii) If ϕi is an axiom of propositional logic, it is a tautology, and it is easy to verify that it holds in M (and any other model of L) under any evaluation. (iii) If ϕi is an axiom of specification of the form (∀x)ψ → ψx [t], let e be any evaluation of variables in M. If (∀x)ψ does not hold in M under e, the implication does hold. In the opposite case, we have M |= ψ[e(x/m)] for any m ∈ M , in particular for t[e] ∈ M , hence M |= ψx [t][e]. 48 (iv) If ϑi is an axiom of the form (∀x)(ψ → ϑ) → (ψ → (∀x)ϑ), where x is not free in ψ, let e be any evaluation of variables, and consider the only interesting case when M |= (∀x)(ψ → ϑ)[e]. Then for any m ∈ M we have M |= (ψ → ϑ)[e(x/m)], i.e. either M 6|= ψ[e(x/m)] or M |= ϑ[e(x/m)]. In the first case we also have M 6|= ψ[e], as x is not free in ϕ; in the second case we have M |= (∀x)ϑ[e] by definition. Hence in any case we have M |= (ψ → (∀x)ϑ)[e]. (v) If ϕi is one of the axioms of equality, we easily verify that it holds in M (as well as any other model of L) under any evaluation. (vi) If ϕi is derived from some previous ϕj and ϕj → ϕi by modus ponens, then for any evaluation e we already have M |= ϕj [e] and M |= (ϕj → ϕi )[e] by induction. We know from propositional logic that modus ponens is correct, i.e. that under these assumptions M |= ϕi [e] as well. (vii) If ϕi is of the form (∀x)ϕj , derived from some previous ϕj by generalization, then for every evaluation e we already have M |= ϕj [e] by induction. In particular, M |= ϕj [e(x/m)] for any m ∈ M , hence M |= (∀x)ϕj [e] by definition, so we have M |= ϕi [e]. We have shown that every ϕi from the proof ϕ1 , . . . , ϕn holds in every model M |= T under every evaluation. For the case of ϕn , this proves the theorem. From the proof of the correctness theorem we see that the axioms of predicate logic and all formulas provable from these using the deduction rules hold not only in a model of the given theory, but in any other model of its language as well. Hence every formula provable in predicate logic is logically valid . Using the correctness theorem, a formula ϕ can be shown to not be provable in a given theory T : it suffices to find a model M |= T and an evaluation under which ϕ does not hold. For instance, the formula x∗y = y ∗x cannot be provable in group theory, as it does not hold in a group with non-commuting elements; at the same time, x ∗ y 6= y ∗ x cannot be provable either, as it does not hold in any commutative group. 2.4.3 Theorem. A theory which has a model is consistent. Proof. Let M |= T and let ϕ be any closed formula. By the definition of satisfaction, either ϕ or ¬ϕ holds in M. By the correctnes theorem then, either ¬ϕ or ϕ is not provable in T . Hence T is consistent. Any realization M |= L of the language is a model of the empty theory in L, as a special case. Thus by the correctnes theorem, predicate logic is consistent. The completeness theorem By the correctness theorem, every formula provable in predicate logic is logically valid. We show now the opposite direction: every logically valid formula has a formal proof in oredicate logic. This shows that the syntax and semantics of the Hilbert system are in perfect accord. As with the correctness theorem, we study provability in a given theory. 2.4.4 Theorem (Gödel). Let L be a language of predicate logic and let T be a theory in L. Then for every closed formula ϕ of L, T ` ϕ if and only if T |= ϕ. 49 2.4.5 Theorem (Gödel). A theory is consistent if and only if it has a model. The implication from left to right in the first theorem is precisely the statement of the correctness theorem, and the implication from right to left in the second theorem is 2.4.3. Note that the first theorem follows from the second: if T is a theory, ϕ is a formula of its language, and ϕ is the closure of ϕ, then T ` ϕ means by the deduction theorem exactly that T, ¬ϕ is onconsistent. By 2.4.5, this is if and only if T, ¬ϕ does not have a model, which is, by definition, if and only if every model of T satisfies ϕ. Hence it remains to find a model for the given consistent theory. 2.5 Compactness 2.5.1 Theorem (compactness). Let T be a theory and ϕ a formula in a language of predicate logic. Then T |= ϕ iff T0 |= ϕ for some finite T0 ⊆ T . Proof. By the completeness theorem, T |= ϕ iff T ` ϕ. Every proof of ϕ in T is a finite sequence and only uses finitely many axioms from some finite T0 ⊆ T . Hence T0 ` ϕ, and we have T0 |= ϕ. The other direction is immediate. 2.5.2 Theorem (compactness). Let L be a language of predicate logic and T a theory in L. Then T has a model iff every finite fragment of T has a model. Proof. By the completeness theorem, T has a model iff it is consistent. But T is consistent if and only if every finite T0 ⊆ T is consistent. 2.5.3 Example. The terms S(0), S(S(0)), S(S(S(0))), . . . of arithmetic are called numerals; they are usually denoted as n, if the symbol S is used n times. For instance, 4 is shorthand for S(S(S(S(0)))). Extend the basic language of arithmetic with a new constant c and extend Peano arithmetic into a theory T by adding all formulas n 6= c as new axioms. Every finite fragment of T has a model: it is satisfied in the standard model N if c is realized by a natural number large enough — larger than any of the finitely many numerals mentioned in the finitely many axioms. By the compactness theorem, T itself has a model M. The individual cM ∈ M which realizes the constant c in M cannot realize any numeral n. Hence M cannot be isomorphic to N where, on the contrary, every individual realizes a numeral. The model M is a nonstandard model of arithmetic.10 2.5.4 Exercise. Let S and T be equivalent theories (i.e. every formula from T is provable in S and vice versa), and let S be finite. Show that in that case, T is equivalent to some finite T0 ⊆ T . Hence if T can be equivalently replaced by some finite theory S, it can also be replaced with a finite fragment of itself. 2.5.5 Example. For a natural number n, let n×1 denote the term 1+1+· · ·+1 (n summands) of the language {+, ∗, 0, 1}, and let χn be the formula n × 1 = 0. A field which satisfies every ¬χn is a field of characteristic zero; if it satisfies ¬χ1 ∧ ¬χ2 ∧ . . . ∧ ¬χn−1 ∧ χn , it is a field of characteristic n.11 10 It is natural to ask then what is the position of N among the other models of arithmetic. It can be shown that the “initial segment” of every model of arithmetic is isomophic to N. 11 It can be shown that the characteristic of any given field is either zero or a prime number. For instance, the reals have characteristic zero and Z5 is of characteristic 5. Similarly for Zp , hence there are finite fields of arbitrarily large finite characteristic. 50 The theory of fields extended with the formulas ¬χn becomes the theory of fields of characteristic zero; denote it as T . Using the compactness theorem, we show that this theory cannot be axiomatized by a finite number of formulas. Let ϕ be a sentence that holds in all fields of characteristic zero. By the compactness theorem, we have T0 |= ϕ for some finite T0 ⊆ T . The finite theory T0 contains only finitely many of the axioms ¬χn ; let m be the index of the last one in T0 . Then every field of characteristic larger than m is a model of T0 , and therefore satisfies ϕ. So every finite set of formulas satisfied in the fields of characteristic zero is already satisfied in any field of sufficiently large characteristic. In first-order predicate logic, fields of characteristic zero can only be axiomatized with an infinite set of formulas. 2.5.6 Exercise. Find a finite theory T which has both finite and infinite models, and a formula ϕ which holds in every finite model of T , but T 6|= ϕ. 2.5.7 Exercise. Consider a system of predicate logic whose syntax and deductive system is identical to the Hilbert system, but the semantics is different: only finite sets are considered realizations of a language. Show that such a logic is not compact and not complete. 51 Bibliography [Ba] J. Barwise, An Introduction to First-Order Logic, in Handbook of Mathematical logic, Elsevier, 1977 [Bo] G. Boole, The mathematical analysis of logic, Cambridge, 1847 [Co] S. A. Cook, The complexity of theorem-proving procedures, Proc. of the Third ACM Symposium on Theory of Computing (1971), 151–158 [F] G. Frege, Begriffsschrift: eine der arithmetischen nachgebildete Formelsprache des reinen Denkens, Halle, 1879 [H] D. Hilbert, Die logischen Grundlagen der Mathematik , Math. Annalen 88 (1923), 151–165 [Ka] M. Karnaugh, The map method for synthesis of combinatorial logical circuits, Trans. AIEE 72 (1953), 593–598 [Kl] S. C. Kleene, Mathematical logic, Dover Publications, 1967 [L] J. Lukasiewicz, Elementy logiki matematycznej , Warszawa, 1929 [Mc] E. J. McCluskey, Minimization of Boolean Functions, BSTJ 35 (1956), 1417–1444 [Me] E. Mendelsohn, Introduction to mathematical logic, Van Nostrand, 1979 [Mo] J. D. Monk, Mathematical logic, Springer Verlag, 1976 [P] E. Post, Introduction to a General Theory of Elementary Propositions, American Journal of Mathematics 43:3 (1921), 163–185 [Sha] C. E. Shannon, A Symbolic Analysis of Relay and Switching Circuits, Trans. AIEE 57:12 (1938), 713–723 [She] H. M. Sheffer, A set of five independent postulates for Boolean algebras, Trans. AMS 14 (1913), 481–488 [T] A. Tarski, Logic, Semantics, Metamathematics, Clarendon Press, 1956 52