Preface This book is an introduction to metalogic, aimed especially at students of computer science and philosophy. "Metalogic" is socalled because it is the discipline that studies logic itself. Logic proper is concerned with canons of valid inference, and its symbolic or formal version presents these canons using formal languages, such as those of propositional and predicate, a.k.a., firstorder logic. Meta-logic investigates the properties of these language, and of the canons of correct inference that use them. It studies topics such as how to give precise meaning to the expressions of these formal languages, how to justify the canons of valid inference, what the properties of various proof systems are, including their computational properties. These questions are important and interesting in their own right, because the languages and proof systems investigated are applied in many different areas-in mathematics, philosophy, computer science, and linguistics, especially-but they also serve as examples of how to study formal systems in general. The logical languages we study here are not the only ones people are interested in. For instance, linguists and philosophers are interested in languages that are much more complicated than those of propositional and first-order logic, and computer scientists are interested in other kinds of languages altogether, such as programming languages. And the methods we discuss here-how to give semantics for formal languages, how to prove results about formal languages, how to investigate the properties of formal languages-are applicable xiii xiv PREFACE in those cases as well. Like any discipline, metalogic both has a set of results or facts, and a store of methods and techniques, and this text covers both. Some students won't need to know some of the results we discuss outside of this course, but they will need and use the methods we use to establish them. The Löwenheim-Skolem theorem, say, does not often make an appearance in computer science, but the methods we use to prove it do. On the other hand, many of the results we discuss do have relevance for certain debates, say, in the philosophy of science and in metaphysics. Philosophy students may not need to be able to prove these results outside this course, but they do need to understand what the results are-and you really only understand these results if you have thought through the definitions and proofs needed to establish them. These are, in part, the reasons for why the results and the methods covered in this text are recommended study-in some cases even required- for students of computer science and philosophy. The material is divided into three parts. Part 1 concerns itself with the theory of sets. Logic and metalogic is historically connected very closely to what's called the "foundations of mathematics." Mathematical foundations deal with how ultimately mathematical objects such as integers, rational, and real numbers, functions, spaces, etc., should be understood. Set theory provides one answer (there are others), and so set theory and logic have long been studied side-by-side. Sets, relations, and functions are also ubiquitous in any sort of formal investigation, not just in mathematics but also in computer science and in some of the more technical corners of philosophy. Certainly for the purposes of formulating and proving results about the semantics and proof theory of logic and the foundation of computability it is essential to have a language in which to do this. For instance, we will talk about sets of expressions, relations of consequence and provability, interpretations of predicate symbols (which turn out to be relations), computable functions, and various relations between and constructions using these. It will be good to have shorthand symbols for these, and think through the general propxv erties of sets, relations, and functions in order to do that. If you are not used to thinking mathematically and to formulating mathematical proofs, then think of the first part on set theory as a training ground: all the basic definitions will be given, and we'll give increasingly complicated proofs using them. Note that understanding these proofs-and being able to find and formulate them yourself-is perhaps more important than understanding the results, and especially in the first part, and especially if you are new to mathematical thinking, it is important that you think through the examples and problems. In the first part we will establish one important result, however. This result-Cantor's theorem-relies on one of the most striking examples of conceptual analysis to be found anywhere in the sciences, namely, Cantor's analysis of infinity. Infinity has puzzled mathematicians and philosophers alike for centuries. Noone knew how to properly think about it. Many people even thought it was a mistake to think about it at all, that the notion of an infinite object or infinite collection itself was incoherent. Cantor made infinity into a subject we can coherently work with, and developed an entire theory of infinite collections-and infinite numbers with which we can measure the sizes of infinite collections-and showed that there are different levels of infinity. This theory of "transfinite" numbers is beautiful and intricate, and we won't get very far into it; but we will be able to show that there are different levels of infinity, specifically, that there are "countable" and "uncountable" levels of infinity. This result has important applications, but it is also really the kind of result that any self-respecting mathematician, computer scientist, or philosopher should know. In the second part we turn to first-order logic. We will define the language of first-order logic and its semantics, i.e., what first-order structures are and when a sentence of first-order logic is true in a structure. This will enable us to do two important things: (1)'We can define, with mathematical precision, when a sentence is a logical consequence of another. (2) We can also consider how the relations that make up a first-order structure are described- xvi PREFACE characterized-by the sentences that are true in them. This in particular leads us to a discussion of the axiomatic method, in which sentences of first-order languages are used to characterize certain kinds of structures. Proof theory will occupy us next, and we will consider the original version of the sequent calculus and natural deduction as defined in the 1930s by Gerhard Gentzen. (Your instructor may choose to cover only one, then any reference to "derivations" and "provability" will mean whatever system they chose.) The semantic notion of consequence and the syntactic notion of provability give us two completely different ways to make precise the idea that a sentence may follow from some others. The soundness and completeness theorems link these two characterization. In particular, we will prove Gödel's completeness theorem, which states that whenever a sentence is a semantic consequence of some others, there it is also provable from them. An equivalent formulation is: if a collection of sentences is consistent-in the sense that nothing contradictory can be proved from them-then there is a structure that makes all of them true. The second formulation of the completeness theorem is perhaps the more surprising. Around the time Gödel proved this result (in 1929), the German mathematician David Hilbert famously held the view that consistency (i.e., freedom from contradiction) is all that mathematical existence requires. In other words, whenever a mathematician can coherently describe a structure or class of structures, then they should be be entitled to believe in the existence of such structures. At the time, many found this idea preposterous: just because you can describe a structure without contradicting yourself, it surely does not follow that such a structure actually exists. But that is exactly what Gödel's completeness theorem says. In addition to this paradoxical-and certainly philosophically intriguing-aspect, the completeness theorem also has two important applications which allow us to prove further results about the existence of structures which make given sentences true. These are the compactness and the Löwenheim-Skolem theorems. xvii In the third part, we connect logic with computability. Again, there is a historical connection: David Hilbert had posed as a fundamental problem of logic to find a mechanical method which would decide, of a given sentence of logic, whether it has a proof. Such a method exists, of course, for propositional logic: one just has to check all truth tables, and since there are only finitely many of them, the method eventually yields a correct answer. Such a straightforward method is not possible for first-order logic, since the number of possible structures is infinite (and structures themselves may be infinite). Logicians were working to find a more ingenious methods for years. Alonzo Church and Alan Turing eventually established that there is no such method. In order to do this, it was necessary to first provide a precise definition of what a mechanical method is in general. If a decision procedure had been proposed, presumably it would have been recognized as an effective method. To prove that no effective method exists, you have to define "effective method" first and give an impossibility proof on the basis of that definition. This is what Turing did: he proposed the idea of a Turing machine1 as a mathematical model of what a mechanical procedure can, in principle, do. This is another example of a conceptual analysis of an informal concept using mathematical machinery; and it is perhaps of the same order of importance for computer science as Cantor's analysis of infinity is for mathematics. Our last major undertaking will be the proof of two impossibility theorems: we will show that the so-called "halting problem" cannot be solved by Turing machines, and finally that Hilbert's "decision problem" (for logic) also cannot. This text is mathematical, in the sense that we discuss mathematical definitions and prove our results mathematically. But it is not mathematical in the sense that you need extensive mathematical background knowledge. Nothing in this text requires knowledge of algebra, trigonometry, or calculus. We have made a special effort to also not require any familiarity with the way 1Turing of course did not call it that himself. xviii PREFACE mathematics works: in fact, part of the point is to develop the kinds of reasoning and proof skills required to understand and prove our results. The organization of the text follows mathematical convention, for one reason: these conventions have been developed because clarity and precision are especially important, and so, e.g., it is critical to know when something is asserted as the conclusion of an argument, is offered as a reason for something else, or is intended to introduce new vocabulary. So we follow mathematical convention and label passages as "definitions" if they are used to introduce new terminology or symbols; and as "theorems," "propositions," "lemmas," or "corollaries" when we record a result or finding. Other than these conventions, we will use the methods of logical proof that may already be familiar from a first logic course, and we will also make extensive use of the method of induction to prove results. Two chapters of the appendix are devoted to these proof methods.

PART I Sets, Relations, Functions 1 CHAPTER 1 Sets 1.1 Extensionality A set is a collection of objects, considered as a single object. The objects making up the set are called elements or members of the set. If x is an element of a set a, we write x ∈ a; if not, we write x ∉ a. The set which has no elements is called the empty set and denoted "∅". It does not matter how we specify the set, or how we order its elements, or indeed how many times we count its elements. All that matters are what its elements are. We codify this in the following principle. 2 3 1.1. EXTENSIONALITY Definition 1.1 (Extensionality). If A and B are sets, then A = B iff every element of A is also an element of B , and vice versa. Extensionality licenses some notation. In general, when we have some objects a1, . . . , an , then {a1, . . . ,an} is the set whose elements are a1, . . . ,an . We emphasise the word "the", since extensionality tells us that there can be only one such set. Indeed, extensionality also licenses the following: {a,a,b} = {a,b} = {b,a}. This delivers on the point that, when we consider sets, we don't care about the order of their elements, or how many times they are specified. Example 1.2. Whenever you have a bunch of objects, you can collect them together in a set. The set of Richard's siblings, for instance, is a set that contains one person, and we could write it as S = {Ruth}. The set of positive integers less than 4 is {1,2,3}, but it can also be written as {3,2,1} or even as {1,2,1,2,3}. These are all the same set, by extensionality. For every element of {1,2,3} is also an element of {3,2,1} (and of {1,2,1,2,3}), and vice versa. Frequently we'll specify a set by some property that its elements share. We'll use the following shorthand notation for that: {x : φ(x)}, where the φ(x) stands for the property that x has to have in order to be counted among the elements of the set. Example 1.3. In our example, we could have specified S also as S = {x : x is a sibling of Richard}. Example 1.4. A number is called perfect iff it is equal to the sum of its proper divisors (i.e., numbers that evenly divide it but aren't identical to the number). For instance, 6 is perfect because its proper divisors are 1, 2, and 3, and 6 = 1 + 2 + 3. In fact, 6 is 4 CHAPTER 1. SETS the only positive integer less than 10 that is perfect. So, using extensionality, we can say: {6} = {x : x is perfect and 0 ≤ x ≤ 10} We read the notation on the right as "the set of x 's such that x is perfect and 0 ≤ x ≤ 10". The identity here confirms that, when we consider sets, we don't care about how they are specified. And, more generally, extensionality guarantees that there is always only one set of x 's such that φ(x). So, extensionality justifies calling {x : φ(x)} the set of x 's such that φ(x). Extensionality gives us a way for showing that sets are identical: to show that A = B , show that whenever x ∈ A then also x ∈ B , and whenever y ∈ B then also y ∈ A. 1.2 Subsets and Power Sets We will often want to compare sets. And one obvious kind of comparison one might make is as follows: everything in one set is in the other too. This situation is sufficiently important for us to introduce some new notation. Definition 1.5 (Subset). If every element of a set A is also an element of B , then we say that A is a subset of B , and write A ⊆ B . If A is not a subset of B we write A ⊈ B . If A ⊆ B but A ≠ B , we write A ⊊ B and say that A is a proper subset of B . Example 1.6. Every set is a subset of itself, and ∅ is a subset of every set. The set of even numbers is a subset of the set of natural numbers. Also, {a,b} ⊆ {a,b, c }. But {a,b, e } is not a subset of {a,b, c }. Example 1.7. The number 2 is an element of the set of integers, whereas the set of even numbers is a subset of the set of integers. However, a set may happen to both be an element and a subset of some other set, e.g., {0} ∈ {0, {0}} and also {0} ⊆ {0, {0}}. 5 1.2. SUBSETS AND POWER SETS Extensionality gives a criterion of identity for sets: A = B iff every element of A is also an element of B and vice versa. The definition of "subset" defines A ⊆ B precisely as the first half of this criterion: every element of A is also an element of B . Of course the definition also applies if we switch A and B : that is, B ⊆ A iff every element of B is also an element of A. And that, in turn, is exactly the "vice versa" part of extensionality. In other words, extensionality entails that sets are equal iff they are subsets of one another. Proposition 1.8. A = B iff both A ⊆ B and B ⊆ A. Now is also a good opportunity to introduce some further bits of helpful notation. In defining when A is a subset of B we said that "every element of A is . . . ," and filled the ". . . " with "an element of B". But this is such a common shape of expression that it will be helpful to introduce some formal notation for it. Definition 1.9. (∀x ∈ A)φ abbreviates ∀x(x ∈ A→ φ). Similarly, (∃x ∈ A)φ abbreviates ∃x(x ∈ A ∧ φ). Using this notation, we can say that A ⊆ B iff (∀x ∈ A)x ∈ B . Now we move on to considering a certain kind of set: the set of all subsets of a given set. Definition 1.10 (Power Set). The set consisting of all subsets of a set A is called the power set of A, written ℘(A). ℘(A) = {B : B ⊆ A} Example 1.11. What are all the possible subsets of {a,b, c }? They are: ∅, {a}, {b}, {c }, {a,b}, {a, c }, {b, c }, {a,b, c }. The set of all these subsets is ℘({a,b, c }): ℘({a,b, c }) = {∅, {a}, {b}, {c }, {a,b}, {b, c }, {a, c }, {a,b, c }} 6 CHAPTER 1. SETS 1.3 Some Important Sets Example 1.12. We will mostly be dealing with sets whose elements are mathematical objects. Four such sets are important enough to have specific names: N = {0,1,2,3, . . .} the set of natural numbers Z = {. . . ,−2,−1,0,1,2, . . .} the set of integers Q = {m/n : m,n ∈ Z and n ≠ 0} the set of rationals R = (−∞,∞) the set of real numbers (the continuum) These are all infinite sets, that is, they each have infinitely many elements. As we move through these sets, we are adding more numbers to our stock. Indeed, it should be clear that N ⊆ Z ⊆ Q ⊆ R: after all, every natural number is an integer; every integer is a rational; and every rational is a real. Equally, it should be clear that N ⊊ Z ⊊ Q, since −1 is an integer but not a natural number, and 1/2 is rational but not integer. It is less obvious that Q ⊊ R, i.e., that there are some real numbers which are not rational. We'll sometimes also use the set of positive integers Z+ = {1,2,3, . . . } and the set containing just the first two natural numbers B = {0,1}. Example 1.13 (Strings). Another interesting example is the set A∗ of finite strings over an alphabet A: any finite sequence of elements of A is a string over A. We include the empty string Λ among the strings over A, for every alphabet A. For instance, B∗ = {Λ,0,1,00,01,10,11, 000,001,010,011,100,101,110,111,0000, . . .}. 7 1.4. UNIONS AND INTERSECTIONS Figure 1.1: The union A ∪ B of two sets is set of elements of A together with those of B . If x = x1 . . . xn ∈ A∗is a string consisting of n "letters" from A, then we say length of the string is n and write len(x) = n. Example 1.14 (Infinite sequences). For any set A we may also consider the set Aω of infinite sequences of elements of A. An infinite sequence a1a2a3a4 . . . consists of a one-way infinite list of objects, each one of which is an element of A. 1.4 Unions and Intersections In section 1.1, we introduced definitions of sets by abstraction, i.e., definitions of the form {x : φ(x)}. Here, we invoke some property φ, and this property can mention sets we've already defined. So for instance, if A and B are sets, the set {x : x ∈ A∨x ∈ B } consists of all those objects which are elements of either A or B , i.e., it's the set that combines the elements of A and B . We can visualize this as in Figure 1.1, where the highlighted area indicates the elements of the two sets A and B together. This operation on sets-combining them-is very useful and common, and so we give it a formal name and a symbol. 8 CHAPTER 1. SETS Figure 1.2: The intersection A ∩B of two sets is the set of elements they have in common. Definition 1.15 (Union). The union of two sets A and B , written A ∪ B , is the set of all things which are elements of A, B , or both. A ∪ B = {x : x ∈ A ∨ x ∈ B } Example 1.16. Since the multiplicity of elements doesn't matter, the union of two sets which have an element in common contains that element only once, e.g., {a,b, c }∪{a,0,1} = {a,b, c,0,1}. The union of a set and one of its subsets is just the bigger set: {a,b, c } ∪ {a} = {a,b, c }. The union of a set with the empty set is identical to the set: {a,b, c } ∪ ∅ = {a,b, c }. We can also consider a "dual" operation to union. This is the operation that forms the set of all elements that are elements of A and are also elements of B . This operation is called intersection, and can be depicted as in Figure 1.2. Definition 1.17 (Intersection). The intersection of two sets A and B , written A ∩ B , is the set of all things which are elements of both A and B . A ∩ B = {x : x ∈ A ∧ x ∈ B } 9 1.4. UNIONS AND INTERSECTIONS Two sets are called disjoint if their intersection is empty. This means they have no elements in common. Example 1.18. If two sets have no elements in common, their intersection is empty: {a,b, c } ∩ {0,1} = ∅. If two sets do have elements in common, their intersection is the set of all those: {a,b, c } ∩ {a,b,d } = {a,b}. The intersection of a set with one of its subsets is just the smaller set: {a,b, c } ∩ {a,b} = {a,b}. The intersection of any set with the empty set is empty: {a,b, c } ∩ ∅ = ∅. We can also form the union or intersection of more than two sets. An elegant way of dealing with this in general is the following: suppose you collect all the sets you want to form the union (or intersection) of into a single set. Then we can define the union of all our original sets as the set of all objects which belong to at least one element of the set, and the intersection as the set of all objects which belong to every element of the set. Definition 1.19. If A is a set of sets, then ⋃︁ A is the set of elements of elements of A:⋃︂ A = {x : x belongs to an element of A}, i.e., = {x : there is a B ∈ A so that x ∈ B } Definition 1.20. If A is a set of sets, then ⋂︁ A is the set of objects which all elements of A have in common:⋂︂ A = {x : x belongs to every element of A}, i.e., = {x : for all B ∈ A,x ∈ B } Example 1.21. Suppose A = {{a,b}, {a,d, e }, {a,d }}. Then⋃︁ A = {a,b,d, e } and ⋂︁ A = {a}. 10 CHAPTER 1. SETS Figure 1.3: The difference A \ B of two sets is the set of those elements of A which are not also elements of B . We could also do the same for a sequence of sets A1, A2, . . .⋃︂ i Ai = {x : x belongs to one of the Ai }⋂︂ i Ai = {x : x belongs to every Ai }. When we have an index of sets, i.e., some set I such that we are considering Ai for each i ∈ I , we may also use these abbreviations: ⋃︂ i ∈I Ai = ⋃︂ {Ai : i ∈ I }⋂︂ i ∈I Ai = ⋂︂ {Ai : i ∈ I } Finally, we may want to think about the set of all elements in A which are not in B . We can depict this as in Figure 1.3. Definition 1.22 (Difference). The set difference A \ B is the set of all elements of A which are not also elements of B , i.e., A \ B = {x : x ∈ A and x ∉ B }. 11 1.5. PAIRS, TUPLES, CARTESIAN PRODUCTS 1.5 Pairs, Tuples, Cartesian Products It follows from extensionality that sets have no order to their elements. So if we want to represent order, we use ordered pairs ⟨x, y⟩. In an unordered pair {x, y}, the order does not matter: {x, y} = {y,x}. In an ordered pair, it does: if x ≠ y , then ⟨x, y⟩ ≠ ⟨y,x⟩. How should we think about ordered pairs in set theory? Crucially, we want to preserve the idea that ordered pairs are identical iff they share the same first element and share the same second element, i.e.: ⟨a,b⟩ = ⟨c,d ⟩ iff both a = c and b = d . We can define ordered pairs in set theory using the WienerKuratowski definition. Definition 1.23 (Ordered pair). ⟨a,b⟩ = {{a}, {a,b}}. Having fixed a definition of an ordered pair, we can use it to define further sets. For example, sometimes we also want ordered sequences of more than two objects, e.g., triples ⟨x, y, z ⟩, quadruples ⟨x, y, z,u⟩, and so on. We can think of triples as special ordered pairs, where the first element is itself an ordered pair: ⟨x, y, z ⟩ is ⟨⟨x, y⟩, z ⟩. The same is true for quadruples: ⟨x, y, z,u⟩ is ⟨⟨⟨x, y⟩, z ⟩,u⟩, and so on. In general, we talk of ordered n-tuples ⟨x1, . . . ,xn⟩. Certain sets of ordered pairs, or other ordered n-tuples, will be useful. 12 CHAPTER 1. SETS Definition 1.24 (Cartesian product). Given sets A and B , their Cartesian product A × B is defined by A × B = {⟨x, y⟩ : x ∈ A and y ∈ B }. Example 1.25. If A = {0,1}, and B = {1,a,b}, then their product is A × B = {⟨0,1⟩, ⟨0,a⟩, ⟨0,b⟩, ⟨1,1⟩, ⟨1,a⟩, ⟨1,b⟩}. Example 1.26. If A is a set, the product of A with itself, A × A, is also written A2. It is the set of all pairs ⟨x, y⟩ with x, y ∈ A. The set of all triples ⟨x, y, z ⟩ is A3, and so on. We can give a recursive definition: A1 = A Ak+1 = Ak × A Proposition 1.27. If A has n elements and B has m elements, then A × B has n * m elements. Proof. For every element x in A, there are m elements of the form ⟨x, y⟩ ∈ A × B . Let Bx = {⟨x, y⟩ : y ∈ B }. Since whenever x1 ≠ x2, ⟨x1, y⟩ ≠ ⟨x2, y⟩, Bx1 ∩ Bx2 = ∅. But if A = {x1, . . . ,xn}, then A × B = Bx1 ∪ * * * ∪ Bxn , and so has n * m elements. To visualize this, arrange the elements of A × B in a grid: Bx1 = {⟨x1, y1⟩ ⟨x1, y2⟩ . . . ⟨x1, ym⟩} Bx2 = {⟨x2, y1⟩ ⟨x2, y2⟩ . . . ⟨x2, ym⟩} ... ... Bxn = {⟨xn, y1⟩ ⟨xn, y2⟩ . . . ⟨xn, ym⟩} Since the xi are all different, and the y j are all different, no two of the pairs in this grid are the same, and there are n *m of them.□ 13 1.6. RUSSELL'S PARADOX Example 1.28. If A is a set, a word over A is any sequence of elements of A. A sequence can be thought of as an n-tuple of elements of A. For instance, if A = {a,b, c }, then the sequence "bac" can be thought of as the triple ⟨b,a, c⟩. Words, i.e., sequences of symbols, are of crucial importance in computer science. By convention, we count elements of A as sequences of length 1, and ∅ as the sequence of length 0. The set of all words over A then is A∗ = {∅} ∪ A ∪ A2 ∪ A3 ∪ . . . 1.6 Russell's Paradox Extensionality licenses the notation {x : φ(x)}, for the set of x 's such that φ(x). However, all that extensionality really licenses is the following thought. If there is a set whose members are all and only the φ's, then there is only one such set. Otherwise put: having fixed some φ, the set {x : φ(x)} is unique, if it exists. But this conditional is important! Crucially, not every property lends itself to comprehension. That is, some properties do not define sets. If they all did, then we would run into outright contradictions. The most famous example of this is Russell's Paradox. Sets may be elements of other sets-for instance, the power set of a set A is made up of sets. And so it makes sense to ask or investigate whether a set is an element of another set. Can a set be a member of itself? Nothing about the idea of a set seems to rule this out. For instance, if all sets form a collection of objects, one might think that they can be collected into a single set-the set of all sets. And it, being a set, would be an element of the set of all sets. Russell's Paradox arises when we consider the property of not having itself as an element, of being non-self-membered. What if we suppose that there is a set of all sets that do not have themselves as an element? Does R = {x : x ∉ x} exist? It turns out that we can prove that it does not. 14 CHAPTER 1. SETS Theorem 1.29 (Russell's Paradox). There is no set R = {x : x ∉ x}. Proof. For reductio, suppose that R = {x : x ∉ x} exists. Then R ∈ R iff R ∉ R, since sets are extensional. But this is a contradicion. □ Let's run through the proof that no set R of non-selfmembered sets can exist more slowly. If R exists, it makes sense to ask if R ∈ R or not-it must be either ∈ R or ∉ R. Suppose the former is true, i.e., R ∈ R. R was defined as the set of all sets that are not elements of themselves, and so if R ∈ R, then R does not have this defining property of R. But only sets that have this property are in R, hence, R cannot be an element of R, i.e., R ∉ R. But R can't both be and not be an element of R, so we have a contradiction. Since the assumption that R ∈ R leads to a contradiction, we have R ∉ R. But this also leads to a contradiction! For if R ∉ R, it does have the defining property of R, and so would be an element of R just like all the other non-self-membered sets. And again, it can't both not be and be an element of R. How do we set up a set theory which avoids falling into Russell's Paradox, i.e., which avoids making the inconsistent claim that R = {x : x ∉ x} exists? Well, we would need to lay down axioms which give us very precise conditions for stating when sets exist (and when they don't). The set theory sketched in this chapter doesn't do this. It's genuinely naïve. It tells you only that sets obey extensionality and that, if you have some sets, you can form their union, intersection, etc. It is possible to develop set theory more rigorously than this. Summary A set is a collection of objects, the elements of the set. We write x ∈ A if x is an element of A. Sets are extensional-they are 15 1.6. RUSSELL'S PARADOX completely determined by their elements. Sets are specified by listing the elements explicitly or by giving a property the elements share (abstraction). Extensionality means that the order or way of listing or specifying the elements of a set doesn't matter. To prove that A and B are the same set (A = B) one has to prove that every element of X is an element ofY and vice versa. Important sets include the natural (N), integer (Z), rational (Q), and real (R) numbers, but also strings (X ∗) and infinite sequences (X ω) of objects. A is a subset of B , A ⊆ B , if every element of A is also one of B . The collection of all subsets of a set B is itself a set, the power set ℘(B) of B . We can form the union A ∪ B and intersection A ∩ B of sets. An ordered pair ⟨x, y⟩ consists of two objects x and y , but in that specific order. The pairs ⟨x, y⟩ and ⟨y,x⟩ are different pairs (unless x = y). The set of all pairs ⟨x, y⟩ where x ∈ A and y ∈ B is called the Cartesian product A × B of A and B . We write A2 for A ×A; so for instance N2 is the set of pairs of natural numbers. Problems Problem 1.1. Prove that there is at most one empty set, i.e., show that if A and B are sets without elements, then A = B . Problem 1.2. List all subsets of {a,b, c,d }. Problem 1.3. Show that if A has n elements, then ℘(A) has 2n elements. Problem 1.4. Prove that if A ⊆ B , then A ∪ B = B . Problem 1.5. Prove rigorously that if A ⊆ B , then A ∩ B = A. Problem 1.6. Show that if A is a set and A ∈ B , then A ⊆ ⋃︁ B . Problem 1.7. Prove that if A ⊊ B , then B \ A ≠ ∅. 16 CHAPTER 1. SETS Problem 1.8. Using Definition 1.23, prove that ⟨a,b⟩ = ⟨c,d ⟩ iff both a = c and b = d . Problem 1.9. List all elements of {1,2,3}3. Problem 1.10. Show, by induction on k , that for all k ≥ 1, if A has n elements, then Ak has nk elements. CHAPTER 2 Relations 2.1 Relations as Sets In section 1.3, we mentioned some important sets: N, Z, Q, R. You will no doubt remember some interesting relations between the elements of some of these sets. For instance, each of these sets has a completely standard order relation on it. There is also the relation is identical with that every object bears to itself and to no other thing. There are many more interesting relations that we'll encounter, and even more possible relations. Before we review them, though, we will start by pointing out that we can look at relations as a special sort of set. For this, recall two things from section 1.5. First, recall the notion of a ordered pair : given a and b , we can form ⟨a,b⟩. Importantly, the order of elements does matter here. So if a ≠ b then ⟨a,b⟩ ≠ ⟨b,a⟩. (Contrast this with unordered pairs, i.e., 2element sets, where {a,b} = {b,a}.) Second, recall the notion of a Cartesian product: if A and B are sets, then we can form A × B , the set of all pairs ⟨x, y⟩ with x ∈ A and y ∈ B . In particular, A2 = A × A is the set of all ordered pairs from A. Now we will consider a particular relation on a set: the <relation on the set N of natural numbers. Consider the set of all pairs of numbers ⟨n,m⟩ where n < m, i.e., R = {⟨n,m⟩ : n,m ∈ N and n < m}. 17 18 CHAPTER 2. RELATIONS There is a close connection between n being less than m, and the pair ⟨n,m⟩ being a member of R, namely: n < m iff ⟨n,m⟩ ∈ R . Indeed, without any loss of information, we can consider the set R to be the <-relation on N. In the same way we can construct a subset of N2 for any relation between numbers. Conversely, given any set of pairs of numbers S ⊆ N2, there is a corresponding relation between numbers, namely, the relationship n bears to m if and only if ⟨n,m⟩ ∈ S . This justifies the following definition: Definition 2.1 (Binary relation). A binary relation on a set A is a subset of A2. If R ⊆ A2 is a binary relation on A and x, y ∈ A, we sometimes write Rxy (or xRy) for ⟨x, y⟩ ∈ R. Example 2.2. The set N2 of pairs of natural numbers can be listed in a 2-dimensional matrix like this: ⟨0,0⟩ ⟨0,1⟩ ⟨0,2⟩ ⟨0,3⟩ . . . ⟨1,0⟩ ⟨1,1⟩ ⟨1,2⟩ ⟨1,3⟩ . . . ⟨2,0⟩ ⟨2,1⟩ ⟨2,2⟩ ⟨2,3⟩ . . . ⟨3,0⟩ ⟨3,1⟩ ⟨3,2⟩ ⟨3,3⟩ . . . ... ... ... ... . . . We have put the diagonal, here, in bold, since the subset of N2 consisting of the pairs lying on the diagonal, i.e., {⟨0,0⟩, ⟨1,1⟩, ⟨2,2⟩, . . . }, is the identity relation on N. (Since the identity relation is popular, let's define IdA = {⟨x,x⟩ : x ∈ X } for any set A.) The subset of all pairs lying above the diagonal, i.e., L = {⟨0,1⟩, ⟨0,2⟩, . . . , ⟨1,2⟩, ⟨1,3⟩, . . . , ⟨2,3⟩, ⟨2,4⟩, . . .}, 19 2.2. SPECIAL PROPERTIES OF RELATIONS is the less than relation, i.e., Lnm iff n < m. The subset of pairs below the diagonal, i.e., G = {⟨1,0⟩, ⟨2,0⟩, ⟨2,1⟩, ⟨3,0⟩, ⟨3,1⟩, ⟨3,2⟩, . . . }, is the greater than relation, i.e., Gnm iff n > m. The union of L with I , which we might call K = L ∪ I , is the less than or equal to relation: Knm iff n ≤ m. Similarly, H = G ∪ I is the greater than or equal to relation. These relations L, G , K , and H are special kinds of relations called orders. L and G have the property that no number bears L or G to itself (i.e., for all n, neither Lnn nor Gnn). Relations with this property are called irreflexive, and, if they also happen to be orders, they are called strict orders. Although orders and identity are important and natural relations, it should be emphasized that according to our definition any subset of A2 is a relation on A, regardless of how unnatural or contrived it seems. In particular, ∅ is a relation on any set (the empty relation, which no pair of elements bears), and A2 itself is a relation on A as well (one which every pair bears), called the universal relation. But also something like E = {⟨n,m⟩ : n > 5 or m × n ≥ 34} counts as a relation. 2.2 Special Properties of Relations Some kinds of relations turn out to be so common that they have been given special names. For instance, ≤ and ⊆ both relate their respective domains (say, N in the case of ≤ and ℘(A) in the case of ⊆) in similar ways. To get at exactly how these relations are similar, and how they differ, we categorize them according to some special properties that relations can have. It turns out that (combinations of) some of these special properties are especially important: orders and equivalence relations. 20 CHAPTER 2. RELATIONS Definition 2.3 (Reflexivity). A relation R ⊆ A2 is reflexive iff, for every x ∈ A, Rxx . Definition 2.4 (Transitivity). A relation R ⊆ A2 is transitive iff, whenever Rxy and Ryz , then also Rxz . Definition 2.5 (Symmetry). A relation R ⊆ A2 is symmetric iff, whenever Rxy , then also Ryx . Definition 2.6 (Anti-symmetry). A relationR ⊆ A2 is anti-symmetric iff, whenever both Rxy and Ryx , then x = y (or, in other words: if x ≠ y then either ¬Rxy or ¬Ryx). In a symmetric relation, Rxy and Ryx always hold together, or neither holds. In an anti-symmetric relation, the only way for Rxy and Ryx to hold together is if x = y . Note that this does not require that Rxy and Ryx holds when x = y , only that it isn't ruled out. So an anti-symmetric relation can be reflexive, but it is not the case that every anti-symmetric relation is reflexive. Also note that being anti-symmetric and merely not being symmetric are different conditions. In fact, a relation can be both symmetric and anti-symmetric at the same time (e.g., the identity relation is). Definition 2.7 (Connectivity). A relation R ⊆ A2 is connected if for all x, y ∈ X , if x ≠ y , then either Rxy or Ryx . 21 2.3. EQUIVALENCE RELATIONS Definition 2.8 (Irreflexivity). A relation R on A is called irreflexive if, for all x ∈ A, ¬Rxx . Definition 2.9 (Asymmetry). A relation R on A is called asymmetric if for no pair x, y ∈ A we have Rxy and Ryx . 2.3 Equivalence Relations The identity relation on a set is reflexive, symmetric, and transitive. Relations R that have all three of these properties are very common. Definition 2.10 (Equivalence relation). A relation R ⊆ A2 that is reflexive, symmetric, and transitive is called an equivalence relation. Elements x and y of A are said to be R-equivalent if Rxy . Equivalence relations give rise to the notion of an equivalence class. An equivalence relation "chunks up" the domain into different partitions. Within each partition, all the objects are related to one another; and no objects from different partitions relate to one another. Sometimes, it's helpful just to talk about these partitions directly. To that end, we introduce a definition: Definition 2.11. Let R ⊆ A2 be an equivalence relation. For each x ∈ A, the equivalence class of x in A is the set [x]R = {y ∈ A : Rxy}. The quotient of A under R is A/R= {[x]R : x ∈ A}, i.e., the set of these equivalence classes. The next result vindicates the definition of an equivalence class, in proving that the equivalence classes are indeed the partitions of A: 22 CHAPTER 2. RELATIONS Proposition 2.12. If R ⊆ A2 is an equivalence relation, then Rxy iff [x]R = [y]R . Proof. For the left-to-right direction, suppose Rxy , and let z ∈ [x]R . By definition, then, Rxz . Since R is an equivalence relation, Ryz . (Spelling this out: as Rxy and R is symmetric we have Ryx , and as Rxz and R is transitive we have Ryz .) So z ∈ [y]R . Generalising, [x]R ⊆ [y]R . But exactly similarly, [y]R ⊆ [x]R . So [x]R = [y]R , by extensionality. For the right-to-left direction, suppose [x]R = [y]R . Since R is reflexive, Ryy , so y ∈ [y]R . Thus also y ∈ [x]R by the assumption that [x]R = [y]R . So Rxy . □ Example 2.13. A nice example of equivalence relations comes from modular arithmetic. For any a, b , and n ∈ N, say that a ≡n b iff dividing a by n gives remainder b . (Somewhat more symbolically: a ≡n b iff (∃k ∈ N)a − b = kn.) Now, ≡n is an equivalence relation, for any n. And there are exactly n distinct equivalence classes generated by ≡n ; that is, N/≡n has n elements. These are: the set of numbers divisible by n without remainder, i.e., [0]≡n ; the set of numbers divisible by n with remainder 1, i.e., [1]≡n ; . . . ; and the set of numbers divisible by n with remainder n − 1, i.e., [n − 1]≡n . 2.4 Orders Many of our comparisons involve describing some objects as being "less than", "equal to", or "greater than" other objects, in a certain respect. These involve order relations. But there are different kinds of order relations. For instance, some require that any two objects be comparable, others don't. Some include identity (like ≤) and some exclude it (like <). It will help us to have a taxonomy here. 23 2.4. ORDERS Definition 2.14 (Preorder). A relation which is both reflexive and transitive is called a preorder. Definition 2.15 (Partial order). A preorder which is also antisymmetric is called a partial order. Definition 2.16 (Linear order). A partial order which is also connected is called a total order or linear order. Every linear order is also a partial order, and every partial order is also a preorder, but the converses don't hold. Example 2.17. Every linear order is also a partial order, and every partial order is also a preorder, but the converses don't hold. The universal relation onA is a preorder, since it is reflexive and transitive. But, if A has more than one element, the universal relation is not anti-symmetric, and so not a partial order. Example 2.18. Consider the no longer than relation≼ on B∗: x ≼ y iff len(x) ≤ len(y). This is a preorder (reflexive and transitive), and even connected, but not a partial order, since it is not antisymmetric. For instance, 01 ≼ 10 and 10 ≼ 01, but 01 ≠ 10. Example 2.19. An important partial order is the relation ⊆ on a set of sets. This is not in general a linear order, since if a ≠ b and we consider ℘({a,b}) = {∅, {a}, {b}, {a,b}}, we see that {a} ⊈ {b} and {a} ≠ {b} and {b} ⊈ {a}. Example 2.20. The relation of divisibility without remainder gives us a partial order which isn't a linear order. For integers n, m, we write n | m to mean n (evenly) divides m, i.e., iff there is some integer k so that m = kn. On N, this is a partial order, but not a linear order: for instance, 2 ∤ 3 and also 3 ∤ 2. Considered as a relation on Z, divisibility is only a preorder since it is not anti-symmetric: 1 | −1 and −1 | 1 but 1 ≠ −1. 24 CHAPTER 2. RELATIONS Definition 2.21 (Strict order). A strict order is a relation which is irreflexive, asymmetric, and transitive. Definition 2.22 (Strict linear order). A strict order which is also connected is called a strict linear order. Example 2.23. ≤ is the linear order corresponding to the strict linear order <. ⊆ is the partial order corresponding to the strict order ⊊. Definition 2.24 (Total order). A strict order which is also connected is called a total order. This is also sometimes called a strict linear order. Any strict order R on A can be turned into a partial order by adding the diagonal IdA, i.e., adding all the pairs ⟨x,x⟩. (This is called the reflexive closure of R.) Conversely, starting from a partial order, one can get a strict order by removing IdA. These next two results make this precise. Proposition 2.25. If R is a strict order on A, then R+ = R ∪ IdA is a partial order. Moreover, if R is total, then R+ is a linear order. Proof. SupposeR is a strict order, i.e., R ⊆ A2 andR is irreflexive, asymmetric, and transitive. Let R+ = R ∪ IdA. We have to show that R+ is reflexive, antisymmetric, and transitive. R+ is clearly reflexive, since ⟨x,x⟩ ∈ IdA ⊆ R+ for all x ∈ A. To show R+ is antisymmetric, suppose for reductio that R+xy and R+yx but x ≠ y . Since ⟨x, y⟩ ∈ R ∪ IdX , but ⟨x, y⟩ ∉ IdX , we must have ⟨x, y⟩ ∈ R, i.e., Rxy . Similarly, Ryx . But this contradicts the assumption that R is asymmetric. To establish transitivity, suppose that R+xy and R+yz . If both ⟨x, y⟩ ∈ R and ⟨y, z ⟩ ∈ R, then ⟨x, z ⟩ ∈ R since R is transitive. Otherwise, either ⟨x, y⟩ ∈ IdX , i.e., x = y , or ⟨y, z ⟩ ∈ IdX , i.e., 25 2.5. GRAPHS y = z . In the first case, we have that R+yz by assumption, x = y , hence R+xz . Similarly in the second case. In either case, R+xz , thus, R+ is also transitive. Concerning the "moreover" clause, supposeR is a total order, i.e., that R is connected. So for all x ≠ y , either Rxy or Ryx , i.e., either ⟨x, y⟩ ∈ R or ⟨y,x⟩ ∈ R. Since R ⊆ R+, this remains true of R+, so R+ is connected as well. □ Proposition 2.26. If R is a partial order on X , then R− = R \ IdX is a strict order. Moreover, if R is linear, then R− is total. Proof. This is left as an exercise. □ Example 2.27. ≤ is the linear order corresponding to the total order <. ⊆ is the partial order corresponding to the strict order⊊. The following simple result which establishes that total orders satisfy an extensionality-like property: Proposition 2.28. If < totally orders A, then: (∀a,b ∈ A)((∀x ∈ A)(x < a↔ x < b) → a = b) Proof. Suppose (∀x ∈ A)(x < a ↔ x < b). If a < b , then a < a, contradicting the fact that < is irreflexive; so a ≮ b . Exactly similarly, b ≮ a. So a = b , as < is connected. □ 2.5 Graphs A graph is a diagram in which points-called "nodes" or "vertices" (plural of "vertex")-are connected by edges. Graphs are a ubiquitous tool in discrete mathematics and in computer science. They are incredibly useful for representing, and visualizing, relationships and structures, from concrete things like networks of various kinds to abstract structures such as the possible outcomes of decisions. There are many different kinds of graphs in 26 CHAPTER 2. RELATIONS the literature which differ, e.g., according to whether the edges are directed or not, have labels or not, whether there can be edges from a node to the same node, multiple edges between the same nodes, etc. Directed graphs have a special connection to relations. Definition 2.29 (Directed graph). A directed graph G = ⟨V,E⟩ is a set of vertices V and a set of edges E ⊆ V 2. According to our definition, a graph just is a set together with a relation on that set. Of course, when talking about graphs, it's only natural to expect that they are graphically represented: we can draw a graph by connecting two vertices v1 and v2 by an arrow iff ⟨v1,v2⟩ ∈ E . The only difference between a relation by itself and a graph is that a graph specifies the set of vertices, i.e., a graph may have isolated vertices. The important point, however, is that every relation R on a set X can be seen as a directed graph ⟨X ,R⟩, and conversely, a directed graph ⟨V,E⟩ can be seen as a relation E ⊆ V 2 with the set V explicitly specified. Example 2.30. The graph ⟨V,E⟩ with V = {1,2,3,4} and E = {⟨1,1⟩, ⟨1,2⟩, ⟨1,3⟩, ⟨2,3⟩} looks like this: 1 2 3 4 27 2.6. OPERATIONS ON RELATIONS This is a different graph than ⟨V ′,E⟩ with V ′ = {1,2,3}, which looks like this: 1 2 3 2.6 Operations on Relations It is often useful to modify or combine relations. In Proposition 2.25, we considered the union of relations, which is just the union of two relations considered as sets of pairs. Similarly, in Proposition 2.26, we considered the relative difference of relations. Here are some other operations we can perform on relations. Definition 2.31. Let R, S be relations, and A be any set. The inverse of R is R−1 = {⟨y,x⟩ : ⟨x, y⟩ ∈ R}. The relative product of R and S is (R | S ) = {⟨x, z ⟩ : ∃y(Rxy ∧ S yz )}. The restriction of R to A is R↾A = R ∩ A 2. The application of R to A is R[A] = {y : (∃x ∈ A)Rxy} Example 2.32. Let S ⊆ Z2 be the successor relation on Z, i.e., S = {⟨x, y⟩ ∈ Z2 : x + 1 = y}, so that Sxy iff x + 1 = y . S −1 is the predecessor relation on Z, i.e., {⟨x, y⟩ ∈ Z2 : x −1 = y}. S | S is {⟨x, y⟩ ∈ Z2 : x + 2 = y} S ↾N is the successor relation on N. S [{1,2,3}] is {2,3,4}. 28 CHAPTER 2. RELATIONS Definition 2.33 (Transitive closure). Let R ⊆ A2 be a binary relation. The transitive closure of R is R+ = ⋃︁ 0<n∈NR n , where we recursively define R1 = R and Rn+1 = Rn | R. The reflexive transitive closure of R is R∗ = R+ ∪ IdX . Example 2.34. Take the successor relation S ⊆ Z2. S 2xy iff x + 2 = y , S 3xy iff x +3 = y , etc. So S +xy iff x +n = y for some n > 1. In other words, S +xy iff x < y , and S ∗xy iff x ≤ y . Summary A relation R on a set A is a way of relating elements of A. We write Rxy if the relation holds between x and y . Formally, we can consider R as the sets of pairs ⟨x, y⟩ ∈ A2 such that Rxy . Being less than, greater than, equal to, evenly dividing, being the same length as, a subset of, and the same size as are all important examples of relations (on sets of numbers, strings, or of sets). Graphs are a general way of visually representing relations. But a graph can also be seen as a binary relation (the edge relation) together with the underlying set of vertices. Some relations share certain features which makes them especially interesting or useful. A relation R is reflexive if everything is R-related to itself; symmetric, if with Rxy also Ryx holds for any x and y ; and transitive if Rxy and Ryz guarantees Rxz . Relations that have all three of these properties are equivalence relations. A relation is anti-symmetric if Rxy and Ryx guarantees x = y . Partial orders are those relations that are reflexive, anti-symmetric, and transitive. A linear order is any partial order which satisfies that for any x and y , either Rxy or x = y or Ryx . (Generally, a relation with this property is connected). Since relations are sets (of pairs), they can be operated on as sets (e.g., we can form the union and intersection of relations). We can also chain them together (relative product R | S ). If we 29 2.6. OPERATIONS ON RELATIONS form the relative product of R with itself arbitrarily many times we get the transitive closure R+ of R. Problems Problem 2.1. List the elements of the relation ⊆ on the set ℘({a,b, c }). Problem 2.2. Give examples of relations that are (a) reflexive and symmetric but not transitive, (b) reflexive and antisymmetric, (c) anti-symmetric, transitive, but not reflexive, and (d) reflexive, symmetric, and transitive. Do not use relations on numbers or sets. Problem 2.3. Show that ≡n is an equivalence relation, for any n ∈ N, and that N/≡n has exactly n members. Problem 2.4. Give a proof of Proposition 2.26. Problem 2.5. Consider the less-than-or-equal-to relation ≤ on the set {1,2,3,4} as a graph and draw the corresponding diagram. Problem 2.6. Show that the transitive closure ofR is in fact transitive. CHAPTER 3 Functions 3.1 Basics A function is a map which sends each element of a given set to a specific element in some (other) given set. For instance, the operation of adding 1 defines a function: each number n is mapped to a unique number n + 1. More generally, functions may take pairs, triples, etc., as inputs and returns some kind of output. Many functions are familiar to us from basic arithmetic. For instance, addition and multiplication are functions. They take in two numbers and return a third. In this mathematical, abstract sense, a function is a black box: what matters is only what output is paired with what input, not the method for calculating the output. Definition 3.1 (Function). A function f : A → B is a mapping of each element of A to an element of B . We call A the domain of f and B the codomain of f . The elements of A are called inputs or arguments of f , and the element of B that is paired with an argument x by f is called the value of f for argument x , written f (x). The range ran(f ) of f is the subset of the codomain consisting of the values of f for some argument; ran(f ) = { f (x) : x ∈ A}. 30 31 3.1. BASICS Figure 3.1: A function is a mapping of each element of one set to an element of another. An arrow points from an argument in the domain to the corresponding value in the codomain. The diagram in Figure 3.1 may help to think about functions. The ellipse on the left represents the function's domain; the ellipse on the right represents the function's codomain; and an arrow points from an argument in the domain to the corresponding value in the codomain. Example 3.2. Multiplication takes pairs of natural numbers as inputs and maps them to natural numbers as outputs, so goes from N × N (the domain) to N (the codomain). As it turns out, the range is also N, since every n ∈ N is n × 1. Example 3.3. Multiplication is a function because it pairs each input-each pair of natural numbers-with a single output: × : N2 → N. By contrast, the square root operation applied to the domain N is not functional, since each positive integer n has two square roots: √ n and − √ n. We can make it functional by only returning the positive square root: √ : N→ R. Example 3.4. The relation that pairs each student in a class with their final grade is a function-no student can get two different final grades in the same class. The relation that pairs each student in a class with their parents is not a function: students can have zero, or two, or more parents. We can define functions by specifying in some precise way what the value of the function is for every possible argment. Different ways of doing this are by giving a formula, describing a 32 CHAPTER 3. FUNCTIONS method for computing the value, or listing the values for each argument. However functions are defined, we must make sure that for each argment we specify one, and only one, value. Example 3.5. Let f : N→ N be defined such that f (x) = x + 1. This is a definition that specifies f as a function which takes in natural numbers and outputs natural numbers. It tells us that, given a natural number x , f will output its successor x + 1. In this case, the codomain N is not the range of f , since the natural number 0 is not the successor of any natural number. The range of f is the set of all positive integers, Z+. Example 3.6. Let g : N→ N be defined such that g (x) = x+2−1. This tells us that g is a function which takes in natural numbers and outputs natural numbers. Given a natural number n, g will output the predecessor of the successor of the successor of x , i.e., x + 1. We just considered two functions, f and g , with different definitions. However, these are the same function. After all, for any natural number n, we have that f (n) = n + 1 = n + 2 − 1 = g (n). Otherwise put: our definitions for f and g specify the same mapping by means of different equations. Implicitly, then, we are relying upon a principle of extensionality for functions, if ∀x f (x) = g (x), then f = g provided that f and g share the same domain and codomain. Example 3.7. We can also define functions by cases. For instance, we could define h : N→ N by h(x) = {︄ x 2 if x is even x+1 2 if x is odd. Since every natural number is either even or odd, the output of this function will always be a natural number. Just remember that if you define a function by cases, every possible input must fall into exactly one case. In some cases, this will require a proof that the cases are exhaustive and exclusive. 33 3.2. KINDS OF FUNCTIONS Figure 3.2: A surjective function has every element of the codomain as a value. 3.2 Kinds of Functions It will be useful to introduce a kind of taxonomy for some of the kinds of functions which we encounter most frequently. To start, we might want to consider functions which have the property that every member of the codomain is a value of the function. Such functions are called surjective, and can be pictured as in Figure 3.2. Definition 3.8 (Surjective function). A function f : A → B is surjective iff B is also the range of f , i.e., for every y ∈ B there is at least one x ∈ A such that f (x) = y , or in symbols: (∀y ∈ B)(∃x ∈ A)f (x) = y . We call such a function a surjection from A to B . If you want to show that f is a surjection, then you need to show that every object in f 's codomain is the value of f (x) for some input x . Note that any function induces a surjection. After all, given a function f : A → B , let f ′ : A → ran(f ) be defined by f ′(x) = f (x). Since ran(f ) is defined as { f (x) ∈ B : x ∈ A}, this function f ′ is guaranteed to be a surjection Now, any function maps each possible input to a unique output. But there are also functions which never map different inputs to the same outputs. Such functions are called injective, and can be pictured as in Figure 3.3. 34 CHAPTER 3. FUNCTIONS Figure 3.3: An injective function never maps two different arguments to the same value. Definition 3.9 (Injective function). A function f : A → B is injective iff for each y ∈ B there is at most one x ∈ A such that f (x) = y . We call such a function an injection from A to B . If you want to show that f is an injection, you need to show that for any elements x and y of f 's domain, if f (x) = f (y), then x = y . Example 3.10. The constant function f : N → N given by f (x) = 1 is neither injective, nor surjective. The identity function f : N → N given by f (x) = x is both injective and surjective. The successor function f : N → N given by f (x) = x + 1 is injective but not surjective. The function f : N→ N defined by: f (x) = {︄ x 2 if x is even x+1 2 if x is odd. is surjective, but not injective. Often enough, we want to consider functions which are both injective and surjective. We call such functions bijective. They look like the function pictured in Figure 3.4. Bijections are also sometimes called one-to-one correspondences, since they uniquely pair elements of the codomain with elements of the domain. 35 3.3. FUNCTIONS AS RELATIONS Figure 3.4: A bijective function uniquely pairs the elements of the codomain with those of the domain. Definition 3.11 (Bijection). A function f : A → B is bijective iff it is both surjective and injective. We call such a function a bijection from A to B (or between A and B). 3.3 Functions as Relations A function which maps elements of A to elements of B obviously defines a relation between A and B , namely the relation which holds between x and y iff f (x) = y . In fact, we might even-if we are interested in reducing the building blocks of mathematics for instance-identify the function f with this relation, i.e., with a set of pairs. This then raises the question: which relations define functions in this way? Definition 3.12 (Graph of a function). Let f : A → B be a function. The graph of f is the relation R f ⊆ A × B defined by R f = {⟨x, y⟩ : f (x) = y}. The graph of a function is uniquely determined, by extensionality. Moreover, extensionality (on sets) will immediate vindicate the implicit principle of extensionality for functions, whereby if f and g share a domain and codomain then they are identical if they agree on all values. Similarly, if a relation is "functional", then it is the graph of a function. 36 CHAPTER 3. FUNCTIONS Proposition 3.13. Let R ⊆ A × B be such that: 1. If Rxy and Rxz then y = z ; and 2. for every x ∈ A there is some y ∈ B such that ⟨x, y⟩ ∈ R. Then R is the graph of the function f : A → B defined by f (x) = y iff Rxy . Proof. Suppose there is a y such that Rxy . If there were another z ≠ y such that Rxz , the condition on R would be violated. Hence, if there is a y such that Rxy , this y is unique, and so f is well-defined. Obviously, R f = R. □ Every function f : A → B has a graph, i.e., a relation on A×B defined by f (x) = y . On the other hand, every relation R ⊆ A×B with the properties given in Proposition 3.13 is the graph of a function f : A → B . Because of this close connection between functions and their graphs, we can think of a function simply as its graph. In other words, functions can be identified with certain relations, i.e., with certain sets of tuples. We can now consider performing similar operations on functions as we performed on relations (see section 2.6). In particular: Definition 3.14. Let f : A → B be a function with C ⊆ A. The restriction of f to C is the function f ↾C : C → B defined by (f ↾C )(x) = f (x) for all x ∈ C . In other words, f ↾C = {⟨x, y⟩ ∈ R f : x ∈ C }. The application of f to C is f [C ] = { f (x) : x ∈ C }. We also call this the image of C under f . It follows from these definition that ran(f ) = f [dom(f )], for any function f . These notions are exactly as one would expect, given the definitions in section 2.6 and our identification of functions with relations. But two other operations-inverses and relative products-require a little more detail. We will provide that in the section 3.4 and section 3.5. 37 3.4. INVERSES OF FUNCTIONS 3.4 Inverses of Functions We think of functions as maps. An obvious question to ask about functions, then, is whether the mapping can be "reversed." For instance, the successor function f (x) = x + 1 can be reversed, in the sense that the function g (y) = y − 1 "undoes" what f does. But we must be careful. Although the definition of g defines a function Z → Z, it does not define a function N → N, since g (0) ∉ N. So even in simple cases, it is not quite obvious whether a function can be reversed; it may depend on the domain and codomain. This is made more precise by the notion of an inverse of a function. Definition 3.15. A function g : B → A is an inverse of a function f : A → B if f (g (y)) = y and g (f (x)) = x for all x ∈ A and y ∈ B . If f has an inverse g , we often write f −1 instead of g . Now we will determine when functions have inverses. A good candidate for an inverse of f : A → B is g : B → A "defined by" g (y) = "the" x such that f (x) = y . But the scare quotes around "defined by" (and "the") suggest that this is not a definition. At least, it will not always work, with complete generality. For, in order for this definition to specify a function, there has to be one and only one x such that f (x) = y- the output of g has to be uniquely specified. Moreover, it has to be specified for every y ∈ B . If there are x1 and x2 ∈ A with x1 ≠ x2 but f (x1) = f (x2), then g (y) would not be uniquely specified for y = f (x1) = f (x2). And if there is no x at all such that f (x) = y , then g (y) is not specified at all. In other words, for g to be defined, f must be both injective and surjective. 38 CHAPTER 3. FUNCTIONS Proposition 3.16. Every bijection has a unique inverse. Proof. Exercise. □ However, there is a slightly more general way to extract inverses. We saw in section 3.2 that every function f induces a surjection f ′ : A → ran(f ) by letting f ′(x) = f (x) for all x ∈ A. Clearly, if f is an injection, then f ′ is a bijection, so that it has a unique inverse by Proposition 3.16. By a very minor abuse of notation, we sometimes call the inverse of f ′ simply "the inverse of f ." Proposition 3.17. Every function f has at most one inverse. Proof. Exercise. □ 3.5 Composition of Functions We saw in section 3.4 that the inverse f −1 of a bijection f is itself a function. Another operation on functions is composition: we can define a new function by composing two functions, f and g , i.e., by first applying f and then g . Of course, this is only possible if the ranges and domains match, i.e., the range of f must be a subset of the domain of g . This operation on functions is the analogue of the operation of relative product on relations from section 2.6. A diagram might help to explain the idea of composition. In Figure 3.5, we depict two functions f : A → B and g : B → C and their composition (g ◦ f ). The function (g ◦ f ) : A → C pairs each element of A with an element of C . We specify which element of C an element of A is paired with as follows: given an input x ∈ A, first apply the function f to x , which will output some f (x) = y ∈ B , then apply the function g to y , which will output some g (f (x)) = g (y) = z ∈ C . 39 3.6. PARTIAL FUNCTIONS Figure 3.5: The composition g ◦ f of two functions f and g . Definition 3.18 (Composition). Let f : A → B and g : B → C be functions. The composition of f with g is g ◦ f : A → C , where (g ◦ f )(x) = g (f (x)). Example 3.19. Consider the functions f (x) = x + 1, and g (x) = 2x . Since (g ◦ f )(x) = g (f (x)), for each input x you must first take its successor, then multiply the result by two. So their composition is given by (g ◦ f )(x) = 2(x + 1). 3.6 Partial Functions It is sometimes useful to relax the definition of function so that it is not required that the output of the function is defined for all possible inputs. Such mappings are called partial functions. Definition 3.20. A partial function f : A ↦→ B is a mapping which assigns to every element of A at most one element of B . If f assigns an element of B to x ∈ A, we say f (x) is defined, and otherwise undefined. If f (x) is defined, we write f (x) ↓, otherwise f (x) ↑. The domain of a partial function f is the subset of A where it is defined, i.e., dom(f ) = {x ∈ A : f (x) ↓}. 40 CHAPTER 3. FUNCTIONS Example 3.21. Every function f : A → B is also a partial function. Partial functions that are defined everywhere on A-i.e., what we so far have simply called a function-are also called total functions. Example 3.22. The partial function f : R ↦→ R given by f (x) = 1/x is undefined for x = 0, and defined everywhere else. Definition 3.23 (Graph of a partial function). Let f : A ↦→ B be a partial function. The graph of f is the relation R f ⊆ A × B defined by R f = {⟨x, y⟩ : f (x) = y}. Proposition 3.24. SupposeR ⊆ A×B has the property that whenever Rxy and Rxy ′ then y = y ′. Then R is the graph of the partial function f : X ↦→ Y defined by: if there is a y such that Rxy , then f (x) = y , otherwise f (x) ↑. If R is also serial, i.e., for each x ∈ X there is a y ∈Y such that Rxy , then f is total. Proof. Suppose there is a y such that Rxy . If there were another y ′ ≠ y such that Rxy ′, the condition on R would be violated. Hence, if there is a y such that Rxy , that y is unique, and so f is well-defined. Obviously, R f = R and f is total if R is serial. □ Summary A function f : A → B maps every element of the domain A to a unique element of the codomain B . If x ∈ A, we call the y that f maps x to the value f (x) of f for argument x . If A is a set of pairs, we can think of the function f as taking two arguments. The range ran(f ) of f is the subset of B that consists of all the values of f . If ran(f ) = B then f is called surjective. The value f (x) is unique in that f maps x to only one f (x), never more than one. 41 3.6. PARTIAL FUNCTIONS If f (x) is also unique in the sense that no two different arguments are mapped to the same value, f is called injective. Functions which are both injective and surjective are called bijective. Bijective functions have a unique inverse function f −1. Functions can also be chained together: the function (g ◦ f ) is the composition of f with g . Compositions of injective functions are injective, and of surjective functions are surjective, and (f −1 ◦ f ) is the identity function. If we relax the requirement that f must have a value for every x ∈ A, we get the notion of a partial functions. If f : A ↦→ B is partial, we say f (x) is defined, f (x) ↓ if f has a value for argument x , and otherwise we say that f (x) is undefined, f (x) ↑. Any (partial) function f is associated with the graph R f of f , the relation that holds iff f (x) = y . Problems Problem 3.1. Prove Proposition 3.16. That is, show that if f : A → B is bijective, an inverse g of f exists. You have to define such a g , show that it is a function, and show that it is an inverse of f , i.e., f (g (y)) = y and g (f (x)) = x for all x ∈ A and y ∈ B . Problem 3.2. Show that if f : A → B has an inverse g , then f is bijective. Problem 3.3. Prove Proposition 3.17. That is, show that if g : B → A and g ′ : B → A are inverses of f : A → B , then g = g ′, i.e., for all y ∈ B , g (y) = g ′(y). Problem 3.4. Show that if f : A → B and g : B → C are both injective, then g ◦ f : A → C is injective. Problem 3.5. Show that if f : A → B and g : B → C are both surjective, then g ◦ f : A → C is surjective. 42 CHAPTER 3. FUNCTIONS Problem 3.6. Suppose f : A → B and g : B → C . Show that the graph of g ◦ f is R f | Rg . Problem 3.7. Given f : A ↦→ B , define the partial function g : B ↦→ A by: for any y ∈ B , if there is a unique x ∈ A such that f (x) = y , then g (y) = x ; otherwise g (y) ↑. Show that if f is injective, then g (f (x)) = x for all x ∈ dom(f ), and f (g (y)) = y for all y ∈ ran(f ). CHAPTER 4 The Size of Sets 4.1 Introduction When Georg Cantor developed set theory in the 1870s, one of his aims was to make palatable the idea of an infinite collection-an actual infinity, as the medievals would say. A key part of this was his treatment of the size of different sets. If a, b and c are all distinct, then the set {a,b, c } is intuitively larger than {a,b}. But what about infinite sets? Are they all as large as each other? It turns out that they are not. The first important idea here is that of an enumeration. We can list every finite set by listing all its elements. For some infinite sets, we can also list all their elements if we allow the list itself to be infinite. Such sets are called countable. Cantor's surprising result, which we will fully understand by the end of this chapter, was that some infinite sets are not countable. 4.2 Enumerations and Countable Sets We've already given examples of sets by listing their elements. Let's discuss in more general terms how and when we can list the elements of a set, even if that set is infinite. 43 44 CHAPTER 4. THE SIZE OF SETS Definition 4.1 (Enumeration, informally). Informally, an enumeration of a set A is a list (possibly infinite) of elements of A such that every element of A appears on the list at some finite position. If A has an enumeration, then A is said to be countable. A couple of points about enumerations: 1. We count as enumerations only lists which have a beginning and in which every element other than the first has a single element immediately preceding it. In other words, there are only finitely many elements between the first element of the list and any other element. In particular, this means that every element of an enumeration has a finite position: the first element has position 1, the second position 2, etc. 2. We can have different enumerations of the same setA which differ by the order in which the elements appear: 4, 1, 25, 16, 9 enumerates the (set of the) first five square numbers just as well as 1, 4, 9, 16, 25 does. 3. Redundant enumerations are still enumerations: 1, 1, 2, 2, 3, 3, . . . enumerates the same set as 1, 2, 3, . . . does. 4. Order and redundancy do matter when we specify an enumeration: we can enumerate the positive integers beginning with 1, 2, 3, 1, . . . , but the pattern is easier to see when enumerated in the standard way as 1, 2, 3, 4, . . . 5. Enumerations must have a beginning: . . . , 3, 2, 1 is not an enumeration of the positive integers because it has no first element. To see how this follows from the informal definition, ask yourself, "at what position in the list does the number 76 appear?" 6. The following is not an enumeration of the positive integers: 1, 3, 5, . . . , 2, 4, 6, . . . The problem is that the even 45 4.2. ENUMERATIONS AND COUNTABLE SETS numbers occur at places ∞ + 1, ∞ + 2, ∞ + 3, rather than at finite positions. 7. The empty set is enumerable: it is enumerated by the empty list! Proposition 4.2. If A has an enumeration, it has an enumeration without repetitions. Proof. Suppose A has an enumeration x1, x2, . . . in which each xi is an element of A. We can remove repetitions from an enumeration by removing repeated elements. For instance, we can turn the enumeration into a new one in which we list xi if it is an element of A that is not among x1, . . . , xi−1 or remove xi from the list if it already appears among x1, . . . , xi−1. □ The last argument shows that in order to get a good handle on enumerations and countable sets and to prove things about them, we need a more precise definition. The following provides it. Definition 4.3 (Enumeration, formally). An enumeration of a set A ≠ ∅ is any surjective function f : Z+ → A. Let's convince ourselves that the formal definition and the informal definition using a possibly infinite list are equivalent. First, any surjective function from Z+ to a set A enumerates A. Such a function determines an enumeration as defined informally above: the list f (1), f (2), f (3), . . . . Since f is surjective, every element of A is guaranteed to be the value of f (n) for some n ∈ Z+. Hence, every element of A appears at some finite position in the list. Since the function may not be injective, the list may be redundant, but that is acceptable (as noted above). On the other hand, given a list that enumerates all elements of A, we can define a surjective function f : Z+ → A by letting f (n) be the nth element of the list, or the final element of the 46 CHAPTER 4. THE SIZE OF SETS list if there is no nth element. The only case where this does not produce a surjective function is when A is empty, and hence the list is empty. So, every non-empty list determines a surjective function f : Z+ → A. Definition 4.4. A set A is countable iff it is empty or has an enumeration. Example 4.5. A function enumerating the positive integers (Z+) is simply the identity function given by f (n) = n. A function enumerating the natural numbers N is the function g (n) = n − 1. Example 4.6. The functions f : Z+ → Z+ and g : Z+ → Z+ given by f (n) = 2n and g (n) = 2n + 1 enumerate the even positive integers and the odd positive integers, respectively. However, neither function is an enumeration of Z+, since neither is surjective. Example 4.7. The function f (n) = (−1)n ⌈ (n−1)2 ⌉ (where ⌈x⌉ denotes the ceiling function, which rounds x up to the nearest integer) enumerates the set of integers Z. Notice how f generates the values of Z by "hopping" back and forth between positive and negative integers: f (1) f (2) f (3) f (4) f (5) f (6) f (7) . . . −⌈ 02⌉ ⌈ 1 2⌉ −⌈ 2 2⌉ ⌈ 3 2⌉ −⌈ 4 2⌉ ⌈ 5 2⌉ −⌈ 6 2⌉ . . . 0 1 −1 2 −2 3 . . . You can also think of f as defined by cases as follows: f (n) = ⎧⎪⎪⎪⎨⎪⎪⎪⎩ 0 if n = 1 n/2 if n is even −(n − 1)/2 if n is odd and > 1 47 4.2. ENUMERATIONS AND COUNTABLE SETS Although it is perhaps more natural when listing the elements of a set to start counting from the 1st element, mathematicians like to use the natural numbers N for counting things. They talk about the 0th, 1st, 2nd, and so on, elements of a list. Correspondingly, we can define an enumeration as a surjective function from N to A. Of course, the two definitions are equivalent. Proposition 4.8. There is a surjection f : Z+ → A iff there is a surjection g : N→ A. Proof. Given a surjection f : Z+ → A, we can define g (n) = f (n + 1) for all n ∈ N. It is easy to see that g : N → A is surjective. Conversely, given a surjection g : N→ A, define f (n) = g (n+1).□ This gives us the following result: Corollary 4.9. A set A is countable iff it is empty or there is a surjective function f : N→ A. We discussed above than an list of elements of a set A can be turned into a list without repetitions. This is also true for enumerations, but a bit harder to formulate and prove rigorously. Any function f : Z+ → A must be defined for all n ∈ Z+. If there are only finitely many elements in A then we clearly cannot have a function defined on the infinitely many elements of Z+ that takes as values all the elements of A but never takes the same value twice. In that case, i.e., in the case where the list without repetitions is finite, we must choose a different domain for f , one with only finitely many elements. Not having repetitions means that f must be injective. Since it is also surjective, we are looking for a bijection between some finite set {1, . . . ,n} or Z+ and A. 48 CHAPTER 4. THE SIZE OF SETS Proposition 4.10. If f : Z+ → A is surjective (i.e., an enumeration of A), there is a bijection g : Z → A where Z is either Z+ or {1, . . . ,n} for some n ∈ Z+. Proof. We define the function g recursively: Let g (1) = f (1). If g (i ) has already been defined, let g (i+1) be the first value of f (1), f (2), . . . not already among g (1), . . . , g (i ), if there is one. If A has just n elements, then g (1), . . . , g (n) are all defined, and so we have defined a function g : {1, . . . ,n} → A. If A has infinitely many elements, then for any i there must be an element of A in the enumeration f (1), f (2), . . . , which is not already among g (1), . . . , g (i ). In this case we have defined a funtion g : Z+ → A. The function g is surjective, since any element of A is among f (1), f (2), . . . (since f is surjective) and so will eventually be a value of g (i ) for some i . It is also injective, since if there were j < i such that g ( j ) = g (i ), then g (i ) would already be among g (1), . . . , g (i − 1), contrary to how we defined g . □ Corollary 4.11. A set A is countable iff it is empty or there is a bijection f : N → A where either N = N or N = {0, . . . ,n} for some n ∈ N. Proof. A is countable iff A is empty or there is a surjective f : Z+ → A. By Proposition 4.10, the latter holds iff there is a bijective function f : Z → A where Z = Z+ or Z = {1, . . . ,n} for some n ∈ Z+. By the same argument as in the proof of Proposition 4.8, that in turn is the case iff there is a bijection g : N → A where either N = N or N = {0, . . . ,n − 1}. □ 4.3 Cantor's Zig-Zag Method We've already considered some "easy" enumerations. Now we will consider something a bit harder. Consider the set of pairs of natural numbers, which we defined in section 1.5 thus: N × N = {⟨n,m⟩ : n,m ∈ N} 49 4.3. CANTOR'S ZIG-ZAG METHOD We can organize these ordered pairs into an array, like so: 0 1 2 3 . . . 0 ⟨0,0⟩ ⟨0,1⟩ ⟨0,2⟩ ⟨0,3⟩ . . . 1 ⟨1,0⟩ ⟨1,1⟩ ⟨1,2⟩ ⟨1,3⟩ . . . 2 ⟨2,0⟩ ⟨2,1⟩ ⟨2,2⟩ ⟨2,3⟩ . . . 3 ⟨3,0⟩ ⟨3,1⟩ ⟨3,2⟩ ⟨3,3⟩ . . . ... ... ... ... ... . . . Clearly, every ordered pair in N × N will appear exactly once in the array. In particular, ⟨n,m⟩ will appear in the nth row and mth column. But how do we organize the elements of such an array into a "one-dimensional" list? The pattern in the array below demonstrates one way to do this (although of course there are many other options): 0 1 2 3 4 . . . 0 0 1 3 6 10 . . . 1 2 4 7 11 . . . . . . 2 5 8 12 . . . . . . . . . 3 9 13 . . . . . . . . . . . . 4 14 . . . . . . . . . . . . . . . ... ... ... ... ... . . . . . . This pattern is called Cantor's zig-zag method. It enumerates N×N as follows: ⟨0,0⟩, ⟨0,1⟩, ⟨1,0⟩, ⟨0,2⟩, ⟨1,1⟩, ⟨2,0⟩, ⟨0,3⟩, ⟨1,2⟩, ⟨2,1⟩, ⟨3,0⟩, . . . And this establishes the following: Proposition 4.12. N × N is countable. Proof. Let f : N → N × N take each k ∈ N to the tuple ⟨n,m⟩ ∈ N ×N such that k is the value of the nth row and mth column in Cantor's zig-zag array. □ 50 CHAPTER 4. THE SIZE OF SETS This technique also generalises rather nicely. For example, we can use it to enumerate the set of ordered triples of natural numbers, i.e.: N × N × N = {⟨n,m,k⟩ : n,m,k ∈ N} We think of N×N×N as the Cartesian product of N×N with N, that is, N3 = (N × N) × N = {⟨⟨n,m⟩,k⟩ : n,m,k ∈ N} and thus we can enumerate N3 with an array by labelling one axis with the enumeration of N, and the other axis with the enumeration of N2: 0 1 2 3 . . . ⟨0,0⟩ ⟨0,0,0⟩ ⟨0,0,1⟩ ⟨0,0,2⟩ ⟨0,0,3⟩ . . . ⟨0,1⟩ ⟨0,1,0⟩ ⟨0,1,1⟩ ⟨0,1,2⟩ ⟨0,1,3⟩ . . . ⟨1,0⟩ ⟨1,0,0⟩ ⟨1,0,1⟩ ⟨1,0,2⟩ ⟨1,0,3⟩ . . . ⟨0,2⟩ ⟨0,2,0⟩ ⟨0,2,1⟩ ⟨0,2,2⟩ ⟨0,2,3⟩ . . . ... ... ... ... ... . . . Thus, by using a method like Cantor's zig-zag method, we may similarly obtain an enumeration of N3. And we can keep going, obtaining enumerations of Nn for any natural number n. So, we have: Proposition 4.13. Nn is countable, for every n ∈ N. 4.4 Pairing Functions and Codes Cantor's zig-zag method makes the enumerability of Nn visually evident. But let us focus on our array depicting N2. Following the zig-zag line in the array and counting the places, we can check that ⟨1,2⟩ is associated with the number 7. However, it would be nice if we could compute this more directly. That is, it would 51 4.4. PAIRING FUNCTIONS AND CODES be nice to have to hand the inverse of the zig-zag enumeration, g : N2 → N, such that g (⟨0,0⟩) = 0, g (⟨0,1⟩) = 1, g (⟨1,0⟩) = 2, . . . , g (⟨1,2⟩) = 7, . . . This would enable to calculate exactly where ⟨n,m⟩ will occur in our enumeration. In fact, we can define g directly by making two observations. First: if the nth row and mth column contains value v , then the (n+1)st row and (m−1)st column contains value v+1. Second: the first row of our enumeration consists of the triangular numbers, starting with 0, 1, 3, 5, etc. The k th triangular number is the sum of the natural numbers < k , which can be computed as k (k+1)/2. Putting these two observations together, consider this function: g (n,m) = (n +m + 1)(n +m) 2 + n We often just write g (n,m) rather that g (⟨n,m⟩), since it is easier on the eyes. This tells you first to determine the (n+m)th triangle number, and then subtract n from it. And it populates the array in exactly the way we would like. So in particular, the pair ⟨1,2⟩ is sent to 4×32 + 1 = 7. This function g is the inverse of an enumeration of a set of pairs. Such functions are called pairing functions. Definition 4.14 (Pairing function). A function f : A × B → N is an arithmetical pairing function if f is injective. We also say that f encodes A × B , and that f (x, y) is the code for ⟨x, y⟩. We can use pairing functions encode, e.g., pairs of natural numbers; or, in other words, we can represent each pair of elements using a single number. Using the inverse of the pairing function, we can decode the number, i.e., find out which pair it represents. 52 CHAPTER 4. THE SIZE OF SETS 4.5 An Alternative Pairing Function There are other enumerations of N2 that make it easier to figure out what their inverses are. Here is one. Instead of visualizing the enumeration in an array, start with the list of positive integers associated with (initially) empty spaces. Imagine filling these spaces successively with pairs ⟨n,m⟩ as follow. Starting with the pairs that have 0 in the first place (i.e., pairs ⟨0,m⟩), put the first (i.e., ⟨0,0⟩) in the first empty place, then skip an empty space, put the second (i.e., ⟨0,2⟩) in the next empty place, skip one again, and so forth. The (incomplete) beginning of our enumeration now looks like this 1 2 3 4 5 6 7 8 9 10 . . . ⟨0,1⟩ ⟨0,2⟩ ⟨0,3⟩ ⟨0,4⟩ ⟨0,5⟩ . . . Repeat this with pairs ⟨1,m⟩ for the place that still remain empty, again skipping every other empty place: 1 2 3 4 5 6 7 8 9 10 . . . ⟨0,0⟩ ⟨1,0⟩ ⟨0,1⟩ ⟨0,2⟩ ⟨1,1⟩ ⟨0,3⟩ ⟨0,4⟩ ⟨1,2⟩ . . . Enter pairs ⟨2,m⟩, ⟨2,m⟩, etc., in the same way. Our completed enumeration thus starts like this: 1 2 3 4 5 6 7 8 9 10 . . . ⟨0,0⟩ ⟨1,0⟩ ⟨0,1⟩ ⟨2,0⟩ ⟨0,2⟩ ⟨1,1⟩ ⟨0,3⟩ ⟨3,0⟩ ⟨0,4⟩ ⟨1,2⟩ . . . If we number the cells in the array above according to this enumeration, we will not find a neat zig-zag line, but this arrange53 4.5. AN ALTERNATIVE PAIRING FUNCTION ment: 0 1 2 3 4 5 . . . 0 1 3 5 7 9 11 . . . 1 2 6 10 14 18 . . . . . . 2 4 12 20 28 . . . . . . . . . 3 8 24 40 . . . . . . . . . . . . 4 16 48 . . . . . . . . . . . . . . . 5 32 . . . . . . . . . . . . . . . . . . ... ... ... ... ... ... ... . . . We can see that the pairs in row 0 are in the odd numbered places of our enumeration, i.e., pair ⟨0,m⟩ is in place 2m + 1; pairs in the second row, ⟨1,m⟩, are in places whose number is the double of an odd number, specifically, 2 * (2m + 1); pairs in the third row, ⟨2,m⟩, are in places whose number is four times an odd number, 4 * (2m+1); and so on. The factors of (2m+1) for each row, 1, 2, 4, 8, . . . , are exactly the powers of 2: 1 = 20, 2 = 21, 4 = 22, 8 = 23, . . . In fact, the relevant exponent is always the first member of the pair in question. Thus, for pair ⟨n,m⟩ the factor is 2n . This gives us the general formula: 2n * (2m + 1). However, this is a mapping of pairs to positive integers, i.e., ⟨0,0⟩ has position 1. If we want to begin at position 0 we must subtract 1 from the result. This gives us: Example 4.15. The function h : N2 → N given by h(n,m) = 2n(2m + 1) − 1 is a pairing function for the set of pairs of natural numbers N2. Accordingly, in our second enumeration of N2, the pair ⟨0,0⟩ has code h(0,0) = 20(2*0+1)−1 = 0; ⟨1,2⟩ has code 21*(2*2+1)−1 = 2 * 5 − 1 = 9; ⟨2,6⟩ has code 22 * (2 * 6 + 1) − 1 = 51. Sometimes it is enough to encode pairs of natural numbersN2 without requiring that the encoding is surjective. Such encodings have inverses that are only partial functions. 54 CHAPTER 4. THE SIZE OF SETS Example 4.16. The function j : N2 → N+ given by j (n,m) = 2n3m is an injective function N2 → N. 4.6 Uncountable Sets Some sets, such as the set Z+ of positive integers, are infinite. So far we've seen examples of infinite sets which were all countable. However, there are also infinite sets which do not have this property. Such sets are called uncountable. First of all, it is perhaps already surprising that there are uncountable sets. For any countable set A there is a surjective function f : Z+ → A. If a set is uncountable there is no such function. That is, no function mapping the infinitely many elements of Z+ to A can exhaust all of A. So there are "more" elements of A than the infinitely many positive integers. How would one prove that a set is uncountable? You have to show that no such surjective function can exist. Equivalently, you have to show that the elements of A cannot be enumerated in a one way infinite list. The best way to do this is to show that every list of elements of A must leave at least one element out; or that no function f : Z+ → A can be surjective. We can do this using Cantor's diagonal method. Given a list of elements of A, say, x1, x2, . . . , we construct another element of A which, by its construction, cannot possibly be on that list. Our first example is the set Bω of all infinite, non-gappy sequences of 0's and 1's. Theorem 4.17. Bω is uncountable. Proof. Suppose, by way of contradiction, that Bω is countable, i.e., suppose that there is a list s1, s2, s3, s4, . . . of all elements of Bω. Each of these si is itself an infinite sequence of 0's and 1's. 55 4.6. UNCOUNTABLE SETS Let's call the j -th element of the i -th sequence in this list si ( j ). Then the i -th sequence si is si (1), si (2), si (3), . . . We may arrange this list, and the elements of each sequence si in it, in an array: 1 2 3 4 . . . 1 s1(1) s1(2) s1(3) s1(4) . . . 2 s2(1) s2(2) s2(3) s2(4) . . . 3 s3(1) s3(2) s3(3) s3(4) . . . 4 s4(1) s4(2) s4(3) s4(4) . . . ... ... ... ... ... . . . The labels down the side give the number of the sequence in the list s1, s2, . . . ; the numbers across the top label the elements of the individual sequences. For instance, s1(1) is a name for whatever number, a 0 or a 1, is the first element in the sequence s1, and so on. Now we construct an infinite sequence, s , of 0's and 1's which cannot possibly be on this list. The definition of s will depend on the list s1, s2, . . . . Any infinite list of infinite sequences of 0's and 1's gives rise to an infinite sequence s which is guaranteed to not appear on the list. To define s , we specify what all its elements are, i.e., we specify s (n) for all n ∈ Z+. We do this by reading down the diagonal of the array above (hence the name "diagonal method") and then changing every 1 to a 0 and every 1 to a 0. More abstractly, we define s (n) to be 0 or 1 according to whether the n-th element of the diagonal, sn(n), is 1 or 0. s (n) = {︄ 1 if sn(n) = 0 0 if sn(n) = 1. If you like formulas better than definitions by cases, you could also define s (n) = 1 − sn(n). 56 CHAPTER 4. THE SIZE OF SETS Clearly s is an infinite sequence of 0's and 1's, since it is just the mirror sequence to the sequence of 0's and 1's that appear on the diagonal of our array. So s is an element of Bω. But it cannot be on the list s1, s2, . . . Why not? It can't be the first sequence in the list, s1, because it differs from s1 in the first element. Whatever s1(1) is, we defined s (1) to be the opposite. It can't be the second sequence in the list, because s differs from s2 in the second element: if s2(2) is 0, s (2) is 1, and vice versa. And so on. More precisely: if s were on the list, there would be some k so that s = sk . Two sequences are identical iff they agree at every place, i.e., for any n, s (n) = sk (n). So in particular, taking n = k as a special case, s (k ) = sk (k ) would have to hold. sk (k ) is either 0 or 1. If it is 0 then s (k ) must be 1-that's how we defined s . But if sk (k ) = 1 then, again because of the way we defined s , s (k ) = 0. In either case s (k ) ≠ sk (k ). We started by assuming that there is a list of elements of Bω, s1, s2, . . . From this list we constructed a sequence s which we proved cannot be on the list. But it definitely is a sequence of 0's and 1's if all the si are sequences of 0's and 1's, i.e., s ∈ Bω. This shows in particular that there can be no list of all elements of Bω, since for any such list we could also construct a sequence s guaranteed to not be on the list, so the assumption that there is a list of all sequences in Bω leads to a contradiction. □ This proof method is called "diagonalization" because it uses the diagonal of the array to define s . Diagonalization need not involve the presence of an array: we can show that sets are not countable by using a similar idea even when no array and no actual diagonal is involved. 57 4.6. UNCOUNTABLE SETS Theorem 4.18. ℘(Z+) is not countable. Proof. We proceed in the same way, by showing that for every list of subsets of Z+ there is a subset of Z+ which cannot be on the list. Suppose the following is a given list of subsets of Z+: Z1,Z2,Z3, . . . We now define a set Z such that for any n ∈ Z+, n ∈ Z iff n ∉ Zn : Z = {n ∈ Z+ : n ∉ Zn} □ Z is clearly a set of positive integers, since by assumption each Zn is, and thus Z ∈ ℘(Z+). But Z cannot be on the list. To show this, we'll establish that for each k ∈ Z+, Z ≠ Zk . So let k ∈ Z+ be arbitrary. We've defined Z so that for any n ∈ Z+, n ∈ Z iff n ∉ Zn . In particular, taking n = k , k ∈ Z iff k ∉ Zk . But this shows that Z ≠ Zk , since k is an element of one but not the other, and so Z and Zk have different elements. Since k was arbitrary, Z is not on the list Z1, Z2, . . . The preceding proof did not mention a diagonal, but you can think of it as involving a diagonal if you picture it this way: Imagine the sets Z1, Z2, . . . , written in an array, where each element j ∈ Zi is listed in the j -th column. Say the first four sets on that list are {1,2,3, . . . }, {2,4,6, . . . }, {1,2,5}, and {3,4,5, . . . }. Then the array would begin with Z1 = {1, 2, 3, 4, 5, 6, . . . } Z2 = { 2, 4, 6, . . . } Z3 = {1, 2, 5 } Z4 = { 3, 4, 5, 6, . . . } ... . . . Then Z is the set obtained by going down the diagonal, leaving out any numbers that appear along the diagonal and include those j where the array has a gap in the j -th row/column. In the above case, we would leave out 1 and 2, include 3, leave out 4, etc. 58 CHAPTER 4. THE SIZE OF SETS 4.7 Reduction We showed ℘(Z+) to be uncountable by a diagonalization argument. We already had a proof that Bω, the set of all infinite sequences of 0s and 1s, is uncountable. Here's another way we can prove that ℘(Z+) is uncountable: Show that if ℘(Z+) is countable then Bω is also countable. Since we know Bω is not countable, ℘(Z+) can't be either. This is called reducing one problem to another-in this case, we reduce the problem of enumerating Bω to the problem of enumerating ℘(Z+). A solution to the latter-an enumeration of ℘(Z+)-would yield a solution to the former-an enumeration of Bω. How do we reduce the problem of enumerating a set B to that of enumerating a set A? We provide a way of turning an enumeration of A into an enumeration of B . The easiest way to do that is to define a surjective function f : A → B . If x1, x2, . . . enumerates A, then f (x1), f (x2), . . . would enumerate B . In our case, we are looking for a surjective function f : ℘(Z+) → Bω. Proof of Theorem 4.18 by reduction. Suppose that ℘(Z+)were countable, and thus that there is an enumeration of it, Z1, Z2, Z3, . . . Define the function f : ℘(Z+) → Bω by letting f (Z ) be the sequence sk such that sk (n) = 1 iff n ∈ Z , and sk (n) = 0 otherwise. This clearly defines a function, since whenever Z ⊆ Z+, any n ∈ Z+ either is an element of Z or isn't. For instance, the set 2Z+ = {2,4,6, . . . } of positive even numbers gets mapped to the sequence 010101 . . . , the empty set gets mapped to 0000 . . . and the set Z+ itself to 1111 . . . . It also is surjective: Every sequence of 0s and 1s corresponds to some set of positive integers, namely the one which has as its members those integers corresponding to the places where the sequence has 1s. More precisely, suppose s ∈ Bω. Define Z ⊆ Z+ by: Z = {n ∈ Z+ : s (n) = 1} Then f (Z ) = s , as can be verified by consulting the definition of f . 59 4.8. EQUINUMEROSITY Now consider the list f (Z1), f (Z2), f (Z3), . . . Since f is surjective, every member of Bω must appear as a value of f for some argument, and so must appear on the list. This list must therefore enumerate all of Bω. So if ℘(Z+) were countable, Bω would be countable. But Bω is uncountable (Theorem 4.17). Hence ℘(Z+) is uncountable. □ It is easy to be confused about the direction the reduction goes in. For instance, a surjective function g : Bω → B does not establish that B is uncountable. (Consider g : Bω → B defined by g (s ) = s (1), the function that maps a sequence of 0's and 1's to its first element. It is surjective, because some sequences start with 0 and some start with 1. But B is finite.) Note also that the function f must be surjective, or otherwise the argument does not go through: f (x1), f (x2), . . . would then not be guaranteed to include all the elements of B . For instance, h(n) = 000 . . . 0⏞ ⏟⏟ ⏞ n 0's defines a function h : Z+ → Bω, but Z+ is countable. 4.8 Equinumerosity We have an intuitive notion of "size" of sets, which works fine for finite sets. But what about infinite sets? If we want to come up with a formal way of comparing the sizes of two sets of any size, it is a good idea to start by defining when sets are the same size. Here is Frege: If a waiter wants to be sure that he has laid exactly as many knives as plates on the table, he does not need to count either of them, if he simply lays a knife to the right of each plate, so that every knife on the table lies 60 CHAPTER 4. THE SIZE OF SETS to the right of some plate. The plates and knives are thus uniquely correlated to each other, and indeed through that same spatial relationship. (Frege, 1884, §70) The insight of this passage can be brought out through a formal definition: Definition 4.19. A is equinumerous with B , written A ≈ B , iff there is a bijection f : A → B . Proposition 4.20. Equinumerosity is an equivalence relation. Proof. We must show that equinumerosity is reflexive, symmetric, and transitive. Let A,B , and C be sets. Reflexivity. The identity map IdA : A → A, where IdA(x) = x for all x ∈ A, is a bijection. So A ≈ A. Symmetry. Suppose A ≈ B , i.e., there is a bijection f : A → B . Since f is bijective, its inverse f −1 exists and is also bijective. Hence, f −1 : B → A is a bijection, so B ≈ A. Transitivity. Suppose that A ≈ B and B ≈ C , i.e., there are bijections f : A → B and g : B → C . Then the composition g ◦ f : A → C is bijective, so that A ≈ C . □ Proposition 4.21. If A ≈ B , then A is countable if and only if B is. Proof. Suppose A ≈ B , so there is some bijection f : A → B , and suppose that A is countable. Then either A = ∅ or there is a surjective function g : Z+ → A. If A = ∅, then B = ∅ also (otherwise there would be an element y ∈ B but no x ∈ A with g (x) = y). If, on the other hand, g : Z+ → A is surjective, then g ◦ f : Z+ → B is surjective. To see this, let y ∈ B . Since g is surjective, there is an x ∈ A such that g (x) = y . Since f is surjective, there is an n ∈ Z+ such that f (n) = x . Hence, (g ◦ f )(n) = g (f (n)) = g (x) = y 61 4.9. SETS OF DIFFERENT SIZES, AND CANTOR'S THEOREM and thus g ◦ f is surjective. We have that g ◦ f is an enumeration of B , and so B is countable. If B is countable, we obtain that A is countable by repeating the argument with the bijection f −1 : B → A instead of f . □ 4.9 Sets of Different Sizes, and Cantor's Theorem We have offered a precise statement of the idea that two sets have the same size. We can also offer a precise statement of the idea that one set is smaller than another. Our definition of "is smaller than (or equinumerous)" will require, instead of a bijection between the sets, an injection from the first set to the second. If such a function exists, the size of the first set is less than or equal to the size of the second. Intuitively, an injection from one set to another guarantees that the range of the function has at least as many elements as the domain, since no two elements of the domain map to the same element of the range. Definition 4.22. A is no larger than B , written A ⪯ B , iff there is an injection f : A → B . It is clear that this is a reflexive and transitive relation, but that it is not symmetric (this is left as an exercise). We can also introduce a notion, which states that one set is (strictly) smaller than another. Definition 4.23. A is smaller than B , written A ≺ B , iff there is an injection f : A → B but no bijection g : A → B , i.e., A ⪯ B and A ≉ B . It is clear that this is relation is anti-reflexive and transitive. (This is left as an exercise.) Using this notation, we can say that a set A is countable iff A ⪯ N, and that A is uncountable iff N ≺ A. This allows us to restate Theorem 4.18 as the observation that 62 CHAPTER 4. THE SIZE OF SETS Z+ ≺ ℘(Z+). In fact, Cantor (1892) proved that this last point is perfectly general: Theorem 4.24 (Cantor). A ≺ ℘(A), for any set A. Proof. The map f (x) = {x} is an injection f : A → ℘(A), since if x ≠ y , then also {x} ≠ {y} by extensionality, and so f (x) ≠ f (y). So we have that A ⪯ ℘(A). We show that there cannot be a surjective function g : A → ℘(A), let alone a bijective one, and hence that A ≉ ℘(A). For suppose that g : A → ℘(A). Since g is total, every x ∈ A is mapped to a subset g (x) ⊆ A. We show that g cannot be surjective. To do this, we define a subset A ⊆ A which by definition cannot be in the range of g . Let A = {x ∈ A : x ∉ g (x)}. Since g (x) is defined for all x ∈ A, A is clearly a well-defined subset of A. But, it cannot be in the range of g . Let x ∈ A be arbitrary, we show that A ≠ g (x). If x ∈ g (x), then it does not satisfy x ∉ g (x), and so by the definition of A, we have x ∉ A. If x ∈ A, it must satisfy the defining property of A, i.e., x ∈ A and x ∉ g (x). Since x was arbitrary, this shows that for each x ∈ A, x ∈ g (x) iff x ∉ A, and so g (x) ≠ A. In other words, A cannot be in the range of g , contradicting the assumption that g is surjective. □ It's instructive to compare the proof of Theorem 4.24 to that of Theorem 4.18. There we showed that for any list Z1, Z2, . . . , of subsets of Z+ one can construct a set Z of numbers guaranteed not to be on the list. It was guaranteed not to be on the list because, for every n ∈ Z+, n ∈ Zn iff n ∉ Z . This way, there is always some number that is an element of one of Zn or Z but not the other. We follow the same idea here, except the indices n are now elements of A instead of Z+. The set B is defined so that it is different from g (x) for each x ∈ A, because x ∈ g (x) iff x ∉ B . Again, there is always an element of A which is an element of one 63 4.10. THE NOTION OF SIZE, AND SCHRÖDER-BERNSTEIN of g (x) and B but not the other. And just as Z therefore cannot be on the list Z1, Z2, . . . , B cannot be in the range of g . The proof is also worth comparing with the proof of Russell's Paradox, Theorem 1.29. Indeed, Cantor's Theorem was the inspiration for Russell's own paradox. 4.10 The Notion of Size, and Schröder-Bernstein Here is an intuitive thought: if A is no larger than B and B is no larger than A, then A and B are equinumerous. To be honest, if this thought were wrong, then we could scarcely justify the thought that our defined notion of equinumerosity has anything to do with comparisons of "sizes" between sets! Fortunately, though, the intuitive thought is correct. This is justified by the SchröderBernstein Theorem. Theorem 4.25 (Schröder-Bernstein). If A ⪯ B and B ⪯ A, then A ≈ B . In other words, if there is an injection from A to B , and an injection from B to A, then there is a bijection from A to B . This result, however, is really rather difficult to prove. Indeed, although Cantor stated the result, others proved it.1 For now, you can (and must) take it on trust. Fortunately, Schröder-Bernstein is correct, and it vindicates our thinking of the relations we defined, i.e., A ≈ B andA ⪯ B , as having something to do with "size". Moreover, Schröder-Bernstein is very useful. It can be difficult to think of a bijection between two equinumerous sets. The Schröder-Bernstein Theorem allows us to break the comparison down into cases so we only have to think of an injection from the first to the second, and vice-versa. 1For more on the history, see e.g., Potter (2004, pp. 165–6). 64 CHAPTER 4. THE SIZE OF SETS Summary The size of a set A can be measured by a natural number if the set is finite, and sizes can be compared by comparing these numbers. If sets are infinite, things are more complicated. The first level of infinity is that of countably infinite sets. A set A is countable if its elements can be arranged in an enumeration, a one-way infinite list, i.e., when there is a surjective function f : Z+ → A. It is countably infinite if it is countable but not finite. Cantor's zigzag method shows that the sets of pairs of elements of countably infinite sets is also countable; and this can be used to show that even the set of rational numbers Q is countable. There are, however, infinite sets that are not countable: these sets are called uncountable. There are two ways of showing that a set is uncountable: directly, using a diagonal argument, or by reduction. To give a diagonal argument, we assume that the set A in question is countable, and use a hypothetical enumeration to define an element of A which, by the very way we define it, is guaranteed to be different from every element in the enumeration. So the enumeration can't be an enumeration of all of A after all, and we've shown that no enumeration of A can exist. A reduction shows that A is uncountable by associating every element of A with an element of some known uncountable set B in a surjective way. If this is possible, than a hypothetical enumeration of A would yield an enumeration of B . Since B is uncountable, no enumeration of A can exist. In general, infinite sets can be compared sizewise: A and B are the same size, or equinumerous, if there is a bijection between them. We can also define that A is no larger than B (A ⪯ B) if there is an injective function from A to B . By the Schröder-Bernstein Theorem, this in fact provides a sizewise order of infinite sets. Finally, Cantor's theorem says that for any A, A ≺ ℘(A). This is a generalization of our result that ℘(Z+) is uncountable, and shows that there are not just two, but infinitely many levels of infinity. 65 4.10. THE NOTION OF SIZE, AND SCHRÖDER-BERNSTEIN Problems Problem 4.1. Define an enumeration of the positive squares 1, 4, 9, 16, . . . Problem 4.2. Show that if A and B are countable, so is A ∪ B . To do this, suppose there are surjective functions f : Z+ → A and g : Z+ → B , and define a surjective function h : Z+ → A ∪ B and prove that it is surjective. Also consider the cases where A or B = ∅. Problem 4.3. Show that if B ⊆ A and A is countable, so is B . To do this, suppose there is a surjective function f : Z+ → A. Define a surjective function g : Z+ → B and prove that it is surjective. What happens if B = ∅? Problem 4.4. Show by induction on n that if A1, A2, . . . , An are all countable, so is A1 ∪ * * * ∪An . You may assume the fact that if two sets A and B are countable, so is A ∪ B . Problem 4.5. According to Definition 4.4, a set A is enumerable iff A = ∅ or there is a surjective f : Z+ → A. It is also possible to define "countable set" precisely by: a set is enumerable iff there is an injective function g : A → Z+. Show that the definitions are equivalent, i.e., show that there is an injective function g : A → Z+ iff either A = ∅ or there is a surjective f : Z+ → A. Problem 4.6. Give an enumeration of the set of all non-negative rational numbers. Problem 4.7. Show that Q is countable. Recall that any rational number can be written as a fraction z/m with z ∈ Z, m ∈ N+. Problem 4.8. Define an enumeration of B∗. Problem 4.9. Recall from your introductory logic course that each possible truth table expresses a truth function. In other words, the truth functions are all functions from Bk → B for some k . Prove that the set of all truth functions is enumerable. 66 CHAPTER 4. THE SIZE OF SETS Problem 4.10. Show that the set of all finite subsets of an arbitrary infinite countable set is countable. Problem 4.11. A subset of N is said to be cofinite iff it is the complement of a finite set N; that is, A ⊆ N is cofinite iff N \A is finite. Let I be the set whose elements are exactly the finite and cofinite subsets of N. Show that I is countable. Problem 4.12. Show that the countable union of countable sets is countable. That is, wheneverA1, A2, . . . are sets, and eachAi is countable, then the union ⋃︁∞ i=1Ai of all of them is also countable. [NB: this is hard!] Problem 4.13. Let f : A × B → N be an arbitrary pairing function. Show that the inverse of f is an enumeration of A × B . Problem 4.14. Specify a function that encodes N3. Problem 4.15. Show that ℘(N) is uncountable by a diagonal argument. Problem 4.16. Show that the set of functions f : Z+ → Z+ is uncountable by an explicit diagonal argument. That is, show that if f1, f2, . . . , is a list of functions and each fi : Z+ → Z+, then there is some f : Z+ → Z+ not on this list. Problem 4.17. Show that if there is an injective function g : B → A, and B is uncountable, then so is A. Do this by showing how you can use g to turn an enumeration of A into one of B . Problem 4.18. Show that the set of all sets of pairs of positive integers is uncountable by a reduction argument. Problem 4.19. Show that Nω, the set of infinite sequences of natural numbers, is uncountable by a reduction argument. 67 4.10. THE NOTION OF SIZE, AND SCHRÖDER-BERNSTEIN Problem 4.20. Let P be the set of functions from the set of positive integers to the set {0}, and letQ be the set of partial functions from the set of positive integers to the set {0}. Show that P is countable and Q is not. (Hint: reduce the problem of enumerating Bω to enumerating Q ). Problem 4.21. Let S be the set of all surjective functions from the set of positive integers to the set {0,1}, i.e., S consists of all surjective f : Z+ → B. Show that S is uncountable. Problem 4.22. Show that the set R of all real numbers is uncountable. Problem 4.23. Show that if A ≈ C and B ≈ D , and A ∩ B = C ∩D = ∅, then A ∪ B ≈ C ∪D . Problem 4.24. Show that if A is infinite and countable, then A ≈ N. Problem 4.25. Show that there cannot be an injection g : ℘(A) → A, for any set A. Hint: Suppose g : ℘(A) → A is injective. Consider D = {g (B) : B ⊆ A and g (B) ∉ B }. Let x = g (D). Use the fact that g is injective to derive a contradiction.

PART II First-order Logic 69 CHAPTER 5 Syntax and Semantics 5.1 Introduction In order to develop the theory and metatheory of first-order logic, we must first define the syntax and semantics of its expressions. The expressions of first-order logic are terms and formulas. Terms are formed from variables, constant symbols, and function symbols. Formulas, in turn, are formed from predicate symbols together with terms (these form the smallest, "atomic" formulas), and then from atomic formulas we can form more complex ones using logical connectives and quantifiers. There are many different ways to set down the formation rules; we give just one possible one. Other systems will chose different symbols, will select different sets of connectives as primitive, will use parentheses differently (or even not at all, as in the case of so-called Polish notation). What all approaches have in common, though, is that the formation rules define the set of terms and formulas inductively. If done properly, every expression can result essentially in only one way according to the formation rules. The inductive definition resulting in expressions that are uniquely readable means we can give meanings to these expressions using the same method-inductive definition. 70 71 5.2. FIRST-ORDER LANGUAGES Giving the meaning of expressions is the domain of semantics. The central concept in semantics is that of satisfaction in a structure. A structure gives meaning to the building blocks of the language: a domain is a non-empty set of objects. The quantifiers are interpreted as ranging over this domain, constant symbols are assigned elements in the domain, function symbols are assigned functions from the domain to itself, and predicate symbols are assigned relations on the domain. The domain together with assignments to the basic vocabulary constitutes a structure. Variables may appear in formulas, and in order to give a semantics, we also have to assign elements of the domain to them-this is a variable assignment. The satisfaction relation, finally, brings these together. A formula may be satisfied in a structure M relative to a variable assignment s , written as M, s ⊨ A. This relation is also defined by induction on the structure of A, using the truth tables for the logical connectives to define, say, satisfaction of A ∧ B in terms of satisfaction (or not) of A and B . It then turns out that the variable assignment is irrelevant if the formula A is a sentence, i.e., has no free variables, and so we can talk of sentences being simply satisfied (or not) in structures. On the basis of the satisfaction relation M ⊨ A for sentences we can then define the basic semantic notions of validity, entailment, and satisfiability. A sentence is valid, ⊨ A, if every structure satisfies it. It is entailed by a set of sentences, Γ ⊨ A, if every structure that satisfies all the sentences in Γ also satisfies A. And a set of sentences is satisfiable if some structure satisfies all sentences in it at the same time. Because formulas are inductively defined, and satisfaction is in turn defined by induction on the structure of formulas, we can use induction to prove properties of our semantics and to relate the semantic notions defined. 5.2 First-Order Languages Expressions of first-order logic are built up from a basic vocabulary containing variables, constant symbols, predicate symbols and 72 CHAPTER 5. SYNTAX AND SEMANTICS sometimes function symbols. From them, together with logical connectives, quantifiers, and punctuation symbols such as parentheses and commas, terms and formulas are formed. Informally, predicate symbols are names for properties and relations, constant symbols are names for individual objects, and function symbols are names for mappings. These, except for the identity predicate =, are the non-logical symbols and together make up a language. Any first-order language L is determined by its non-logical symbols. In the most general case, L contains infinitely many symbols of each kind. In the general case, we make use of the following symbols in first-order logic: 1. Logical symbols a) Logical connectives: ¬ (negation), ∧ (conjunction), ∨ (disjunction), → (conditional), ∀ (universal quantifier), ∃ (existential quantifier). b) The propositional constant for falsity ⊥. c) The two-place identity predicate =. d) A countably infinite set of variables: v0, v1, v2, . . . 2. Non-logical symbols, making up the standard language of first-order logic a) A countably infinite set of n-place predicate symbols for each n > 0: An0 , A n 1 , A n 2 , . . . b) A countably infinite set of constant symbols: c0, c1, c2, . . . . c) A countably infinite set of n-place function symbols for each n > 0: f n0 , f n 1 , f n 2 , . . . 3. Punctuation marks: (, ), and the comma. Most of our definitions and results will be formulated for the full standard language of first-order logic. However, depending 73 5.2. FIRST-ORDER LANGUAGES on the application, we may also restrict the language to only a few predicate symbols, constant symbols, and function symbols. Example 5.1. The language LA of arithmetic contains a single two-place predicate symbol <, a single constant symbol 0, one one-place function symbol ′, and two two-place function symbols + and ×. Example 5.2. The language of set theory LZ contains only the single two-place predicate symbol ∈. Example 5.3. The language of ordersL≤ contains only the twoplace predicate symbol ≤. Again, these are conventions: officially, these are just aliases, e.g., <, ∈, and ≤ are aliases for A20, 0 for c0, ′ for f 1 0 , + for f 2 0 , × for f 21 . In addition to the primitive connectives and quantifiers introduced above, we also use the following defined symbols: ↔ (biconditional), truth ⊤ A defined symbol is not officially part of the language, but is introduced as an informal abbreviation: it allows us to abbreviate formulas which would, if we only used primitive symbols, get quite long. This is obviously an advantage. The bigger advantage, however, is that proofs become shorter. If a symbol is primitive, it has to be treated separately in proofs. The more primitive symbols, therefore, the longer our proofs. You may be familiar with different terminology and symbols than the ones we use above. Logic texts (and teachers) commonly use either ∼, ¬, and ! for "negation", ∧, *, and& for "conjunction". Commonly used symbols for the "conditional" or "implication" are →, ⇒, and ⊃. Symbols for "biconditional," "bi-implication," or "(material) equivalence" are ↔, ⇔, and ≡. The ⊥ symbol is variously called "falsity," "falsum,", "absurdity,", or "bottom." The ⊤ symbol is variously called "truth," "verum,", or "top." 74 CHAPTER 5. SYNTAX AND SEMANTICS It is conventional to use lower case letters (e.g., a, b , c) from the beginning of the Latin alphabet for constant symbols (sometimes called names), and lower case letters from the end (e.g., x , y , z) for variables. Quantifiers combine with variables, e.g., x ; notational variations include ∀x , (∀x), (x), Π x , ⋀︁ x for the universal quantifier and ∃x , (∃x), (Ex), Σ x , ⋁︁ x for the existential quantifier. We might treat all the propositional operators and both quantifiers as primitive symbols of the language. We might instead choose a smaller stock of primitive symbols and treat the other logical operators as defined. "Truth functionally complete" sets of Boolean operators include {¬,∨}, {¬,∧}, and {¬,→}-these can be combined with either quantifier for an expressively complete first-order language. You may be familiar with two other logical operators: the Sheffer stroke | (named after Henry Sheffer), and Peirce's arrow ↓, also known as Quine's dagger. When given their usual readings of "nand" and "nor" (respectively), these operators are truth functionally complete by themselves. 5.3 Terms and Formulas Once a first-order language L is given, we can define expressions built up from the basic vocabulary of L. These include in particular terms and formulas. Definition 5.4 (Terms). The set of terms Trm(L) of L is defined inductively by: 1. Every variable is a term. 2. Every constant symbol of L is a term. 3. If f is an n-place function symbol and t1, . . . , tn are terms, then f (t1, . . . , tn) is a term. 75 5.3. TERMS AND FORMULAS 4. Nothing else is a term. A term containing no variables is a closed term. The constant symbols appear in our specification of the language and the terms as a separate category of symbols, but they could instead have been included as zero-place function symbols. We could then do without the second clause in the definition of terms. We just have to understand f (t1, . . . , tn) as just f by itself if n = 0. Definition 5.5 (Formula). The set of formulas Frm(L) of the language L is defined inductively as follows: 1. ⊥ is an atomic formula. 2. If R is an n-place predicate symbol of L and t1, . . . , tn are terms of L, then R(t1, . . . , tn) is an atomic formula. 3. If t1 and t2 are terms of L, then =(t1, t2) is an atomic formula. 4. If A is a formula, then ¬A is formula. 5. If A and B are formulas, then (A ∧ B) is a formula. 6. If A and B are formulas, then (A ∨ B) is a formula. 7. If A and B are formulas, then (A→ B) is a formula. 8. If A is a formula and x is a variable, then ∀x A is a formula. 9. If A is a formula and x is a variable, then ∃x A is a formula. 10. Nothing else is a formula. The definitions of the set of terms and that of formulas are inductive definitions. Essentially, we construct the set of formulas in infinitely many stages. In the initial stage, we pronounce all atomic formulas to be formulas; this corresponds to the first 76 CHAPTER 5. SYNTAX AND SEMANTICS few cases of the definition, i.e., the cases for ⊥, R(t1, . . . , tn) and =(t1, t2). "Atomic formula" thus means any formula of this form. The other cases of the definition give rules for constructing new formulas out of formulas already constructed. At the second stage, we can use them to construct formulas out of atomic formulas. At the third stage, we construct new formulas from the atomic formulas and those obtained in the second stage, and so on. A formula is anything that is eventually constructed at such a stage, and nothing else. By convention, we write = between its arguments and leave out the parentheses: t1 = t2 is an abbreviation for =(t1, t2). Moreover, ¬=(t1, t2) is abbreviated as t1 ≠ t2. When writing a formula (B ∗C ) constructed from B , C using a two-place connective ∗, we will often leave out the outermost pair of parentheses and write simply B ∗C . Some logic texts require that the variable x must occur in A in order for ∃x A and ∀x A to count as formulas. Nothing bad happens if you don't require this, and it makes things easier. Definition 5.6. Formulas constructed using the defined operators are to be understood as follows: 1. ⊤ abbreviates ¬⊥. 2. A↔ B abbreviates (A→ B) ∧ (B → A). If we work in a language for a specific application, we will often write two-place predicate symbols and function symbols between the respective terms, e.g., t1 < t2 and (t1 + t2) in the language of arithmetic and t1 ∈ t2 in the language of set theory. The successor function in the language of arithmetic is even written conventionally after its argument: t ′. Officially, however, these are just conventional abbreviations for A20(t1, t2), f 2 0 (t1, t2), A20(t1, t2) and f 1 0 (t ), respectively. 77 5.4. UNIQUE READABILITY Definition 5.7 (Syntactic identity). The symbol ≡ expresses syntactic identity between strings of symbols, i.e., A ≡ B iff A and B are strings of symbols of the same length and which contain the same symbol in each place. The ≡ symbol may be flanked by strings obtained by concatenation, e.g., A ≡ (B ∨ C ) means: the string of symbols A is the same string as the one obtained by concatenating an opening parenthesis, the string B , the ∨ symbol, the string C , and a closing parenthesis, in this order. If this is the case, then we know that the first symbol of A is an opening parenthesis, A contains B as a substring (starting at the second symbol), that substring is followed by ∨, etc. 5.4 Unique Readability The way we defined formulas guarantees that every formula has a unique reading, i.e., there is essentially only one way of constructing it according to our formation rules for formulas and only one way of "interpreting" it. If this were not so, we would have ambiguous formulas, i.e., formulas that have more than one reading or intepretation-and that is clearly something we want to avoid. But more importantly, without this property, most of the definitions and proofs we are going to give will not go through. Perhaps the best way to make this clear is to see what would happen if we had given bad rules for forming formulas that would not guarantee unique readability. For instance, we could have forgotten the parentheses in the formation rules for connectives, e.g., we might have allowed this: If A and B are formulas, then so is A→ B . Starting from an atomic formula D , this would allow us to form D → D . From this, together with D , we would get D → D → D . But there are two ways to do this: 78 CHAPTER 5. SYNTAX AND SEMANTICS 1. We take D to be A and D →D to be B . 2. We take A to be D →D and B is D . Correspondingly, there are two ways to "read" the formula D → D→D . It is of the form B→C where B is D and C is D→D , but it is also of the form B→C with B being D→D and C being D . If this happens, our definitions will not always work. For instance, when we define the main operator of a formula, we say: in a formula of the form B →C , the main operator is the indicated occurrence of →. But if we can match the formula D → D → D with B → C in the two different ways mentioned above, then in one case we get the first occurrence of → as the main operator, and in the second case the second occurrence. But we intend the main operator to be a function of the formula, i.e., every formula must have exactly one main operator occurrence. Lemma 5.8. The number of left and right parentheses in a formula A are equal. Proof. We prove this by induction on the way A is constructed. This requires two things: (a) We have to prove first that all atomic formulas have the property in question (the induction basis). (b) Then we have to prove that when we construct new formulas out of given formulas, the new formulas have the property provided the old ones do. Let l (A) be the number of left parentheses, and r (A) the number of right parentheses in A, and l (t ) and r (t ) similarly the number of left and right parentheses in a term t . We leave the proof that for any term t , l (t ) = r (t ) as an exercise. 1. A ≡ ⊥: A has 0 left and 0 right parentheses. 2. A ≡ R(t1, . . . , tn): l (A) = 1 + l (t1) + * * * + l (tn) = 1 + r (t1) + * * * + r (tn) = r (A). Here we make use of the fact, left as an exercise, that l (t ) = r (t ) for any term t . 3. A ≡ t1 = t2: l (A) = l (t1) + l (t2) = r (t1) + r (t2) = r (A). 79 5.4. UNIQUE READABILITY 4. A ≡ ¬B : By induction hypothesis, l (B) = r (B). Thus l (A) = l (B) = r (B) = r (A). 5. A ≡ (B ∗ C ): By induction hypothesis, l (B) = r (B) and l (C ) = r (C ). Thus l (A) = 1+ l (B)+ l (C ) = 1+ r (B)+ r (C ) = r (A). 6. A ≡ ∀x B : By induction hypothesis, l (B) = r (B). Thus, l (A) = l (B) = r (B) = r (A). 7. A ≡ ∃x B : Similarly. □ Definition 5.9 (Proper prefix). A string of symbols B is a proper prefix of a string of symbols A if concatenating B and a non-empty string of symbols yields A. Lemma 5.10. If A is a formula, and B is a proper prefix of A, then B is not a formula. Proof. Exercise. □ Proposition 5.11. If A is an atomic formula, then it satisfes one, and only one of the following conditions. 1. A ≡ ⊥. 2. A ≡ R(t1, . . . , tn) where R is an n-place predicate symbol, t1, . . . , tn are terms, and each of R, t1, . . . , tn is uniquely determined. 3. A ≡ t1 = t2 where t1 and t2 are uniquely determined terms. Proof. Exercise. □ 80 CHAPTER 5. SYNTAX AND SEMANTICS Proposition 5.12 (Unique Readability). Every formula satisfies one, and only one of the following conditions. 1. A is atomic. 2. A is of the form ¬B . 3. A is of the form (B ∧C ). 4. A is of the form (B ∨C ). 5. A is of the form (B →C ). 6. A is of the form ∀x B . 7. A is of the form ∃x B . Moreover, in each case B , or B and C , are uniquely determined. This means that, e.g., there are no different pairs B , C and B ′, C ′ so that A is both of the form (B →C ) and (B ′ →C ′). Proof. The formation rules require that if a formula is not atomic, it must start with an opening parenthesis (, ¬, or with a quantifier. On the other hand, every formula that start with one of the following symbols must be atomic: a predicate symbol, a function symbol, a constant symbol, ⊥. So we really only have to show that if A is of the form (B ∗C ) and also of the form (B ′ ∗′ C ′), then B ≡ B ′, C ≡ C ′, and ∗ = ∗′. So suppose both A ≡ (B ∗C ) and A ≡ (B ′ ∗′ C ′). Then either B ≡ B ′ or not. If it is, clearly ∗ = ∗′ and C ≡ C ′, since they then are substrings of A that begin in the same place and are of the same length. The other case is B ≡ B ′. Since B and B ′ are both substrings ofA that begin at the same place, one must be a proper prefix of the other. But this is impossible by Lemma 5.10. □ 5.5 Main operator of a Formula It is often useful to talk about the last operator used in construct81 5.5. MAIN OPERATOR OF A FORMULA ing a formula A. This operator is called the main operator of A. Intuitively, it is the "outermost" operator of A. For example, the main operator of ¬A is ¬, the main operator of (A∨B) is ∨, etc. Definition 5.13 (Main operator). The main operator of a formula A is defined as follows: 1. A is atomic: A has no main operator. 2. A ≡ ¬B : the main operator of A is ¬. 3. A ≡ (B ∧C ): the main operator of A is ∧. 4. A ≡ (B ∨C ): the main operator of A is ∨. 5. A ≡ (B →C ): the main operator of A is →. 6. A ≡ ∀x B : the main operator of A is ∀. 7. A ≡ ∃x B : the main operator of A is ∃. In each case, we intend the specific indicated occurrence of the main operator in the formula. For instance, since the formula ((D→E)→(E→D)) is of the form (B→C ) where B is (D→E) and C is (E →D), the second occurrence of → is the main operator. This is a recursive definition of a function which maps all nonatomic formulas to their main operator occurrence. Because of the way formulas are defined inductively, every formula A satisfies one of the cases in Definition 5.13. This guarantees that for each non-atomic formula A a main operator exists. Because each formula satisfies only one of these conditions, and because the smaller formulas from which A is constructed are uniquely determined in each case, the main operator occurrence of A is unique, and so we have defined a function. We call formulas by the following names depending on which symbol their main operator is: 82 CHAPTER 5. SYNTAX AND SEMANTICS Main operator Type of formula Example none atomic (formula) ⊥, R(t1, . . . , tn), t1 = t2 ¬ negation ¬A ∧ conjunction (A ∧ B) ∨ disjunction (A ∨ B) → conditional (A→ B) ∀ universal (formula) ∀x A ∃ existential (formula) ∃x A 5.6 Subformulas It is often useful to talk about the formulas that "make up" a given formula. We call these its subformulas. Any formula counts as a subformula of itself; a subformula of A other than A itself is a proper subformula. Definition 5.14 (Immediate Subformula). If A is a formula, the immediate subformulas of A are defined inductively as follows: 1. Atomic formulas have no immediate subformulas. 2. A ≡ ¬B : The only immediate subformula of A is B . 3. A ≡ (B ∗ C ): The immediate subformulas of A are B and C (∗ is any one of the two-place connectives). 4. A ≡ ∀x B : The only immediate subformula of A is B . 5. A ≡ ∃x B : The only immediate subformula of A is B . Definition 5.15 (Proper Subformula). If A is a formula, the proper subformulas of A are recursively as follows: 1. Atomic formulas have no proper subformulas. 2. A ≡ ¬B : The proper subformulas of A are B together with 83 5.7. FREE VARIABLES AND SENTENCES all proper subformulas of B . 3. A ≡ (B ∗ C ): The proper subformulas of A are B , C , together with all proper subformulas of B and those of C . 4. A ≡ ∀x B : The proper subformulas of A are B together with all proper subformulas of B . 5. A ≡ ∃x B : The proper subformulas of A are B together with all proper subformulas of B . Definition 5.16 (Subformula). The subformulas of A are A itself together with all its proper subformulas. Note the subtle difference in how we have defined immediate subformulas and proper subformulas. In the first case, we have directly defined the immediate subformulas of a formula A for each possible form of A. It is an explicit definition by cases, and the cases mirror the inductive definition of the set of formulas. In the second case, we have also mirrored the way the set of all formulas is defined, but in each case we have also included the proper subformulas of the smaller formulas B , C in addition to these formulas themselves. This makes the definition recursive. In general, a definition of a function on an inductively defined set (in our case, formulas) is recursive if the cases in the definition of the function make use of the function itself. To be well defined, we must make sure, however, that we only ever use the values of the function for arguments that come "before" the one we are defining-in our case, when defining "proper subformula" for (B∗ C ) we only use the proper subformulas of the "earlier" formulas B and C . 5.7 Free Variables and Sentences 84 CHAPTER 5. SYNTAX AND SEMANTICS Definition 5.17 (Free occurrences of a variable). The free occurrences of a variable in a formula are defined inductively as follows: 1. A is atomic: all variable occurrences in A are free. 2. A ≡ ¬B : the free variable occurrences of A are exactly those of B . 3. A ≡ (B ∗ C ): the free variable occurrences of A are those in B together with those in C . 4. A ≡ ∀x B : the free variable occurrences in A are all of those in B except for occurrences of x . 5. A ≡ ∃x B : the free variable occurrences in A are all of those in B except for occurrences of x . Definition 5.18 (Bound Variables). An occurrence of a variable in a formula A is bound if it is not free. Definition 5.19 (Scope). If ∀x B is an occurrence of a subformula in a formula A, then the corresponding occurrence of B in A is called the scope of the corresponding occurrence of ∀x . Similarly for ∃x . If B is the scope of a quantifier occurrence ∀x or ∃x in A, then the free occurrences of x in B are bound in ∀x B and ∃x B . We say that these occurrences are bound by the mentioned quantifier occurrence. Example 5.20. Consider the following formula: ∃v0 A 2 0(v0, v1)⏞  ⏟⏟  ⏞ B 85 5.8. SUBSTITUTION B represents the scope of ∃v0. The quantifier binds the occurence of v0 in B , but does not bind the occurence of v1. So v1 is a free variable in this case. We can now see how this might work in a more complicated formula A: ∀v0 (A 1 0(v0) → A 2 0(v0, v1))⏞          ⏟⏟          ⏞ B →∃v1 (A 2 1(v0, v1) ∨ ∀v0 D⏟ ⏞⏞ ⏟ ¬A11(v0))⏞             ⏟⏟             ⏞ C B is the scope of the first ∀v0, C is the scope of ∃v1, and D is the scope of the second ∀v0. The first ∀v0 binds the occurrences of v0 in B , ∃v1 the occurrence of v1 in C , and the second ∀v0 binds the occurrence of v0 in D . The first occurrence of v1 and the fourth occurrence of v0 are free in A. The last occurrence of v0 is free in D , but bound in C and A. Definition 5.21 (Sentence). A formula A is a sentence iff it contains no free occurrences of variables. 5.8 Substitution Definition 5.22 (Substitution in a term). We define s [t/x], the result of substituting t for every occurrence of x in s , recursively: 1. s ≡ c : s [t/x] is just s . 2. s ≡ y : s [t/x] is also just s , provided y is a variable and y ≡ x . 3. s ≡ x : s [t/x] is t . 4. s ≡ f (t1, . . . , tn): s [t/x] is f (t1[t/x], . . . , tn[t/x]). 86 CHAPTER 5. SYNTAX AND SEMANTICS Definition 5.23. A term t is free for x in A if none of the free occurrences of x in A occur in the scope of a quantifier that binds a variable in t . Example 5.24. 1. v8 is free for v1 in ∃v3A24(v3, v1) 2. f 21 (v1, v2) is not free for vo in ∀v2A 2 4(v0, v2) Definition 5.25 (Substitution in a formula). IfA is a formula, x is a variable, and t is a term free for x in A, then A[t/x] is the result of substituting t for all free occurrences of x in A. 1. A ≡ ⊥: A[t/x] is ⊥. 2. A ≡ P (t1, . . . , tn): A[t/x] is P (t1[t/x], . . . , tn[t/x]). 3. A ≡ t1 = t2: A[t/x] is t1[t/x] = t2[t/x]. 4. A ≡ ¬B : A[t/x] is ¬B[t/x]. 5. A ≡ (B ∧C ): A[t/x] is (B[t/x] ∧C [t/x]). 6. A ≡ (B ∨C ): A[t/x] is (B[t/x] ∨C [t/x]). 7. A ≡ (B →C ): A[t/x] is (B[t/x] →C [t/x]). 8. A ≡ ∀y B : A[t/x] is ∀y B[t/x], provided y is a variable other than x ; otherwise A[t/x] is just A. 9. A ≡ ∃y B : A[t/x] is ∃y B[t/x], provided y is a variable other than x ; otherwise A[t/x] is just A. Note that substitution may be vacuous: If x does not occur in A at all, then A[t/x] is just A. The restriction that t must be free for x in A is necessary to exclude cases like the following. If A ≡ ∃y x < y and t ≡ y , 87 5.9. STRUCTURES FOR FIRST-ORDER LANGUAGES then A[t/x] would be ∃y y < y . In this case the free variable y is "captured" by the quantifier ∃y upon substitution, and that is undesirable. For instance, we would like it to be the case that whenever ∀x B holds, so does B[t/x]. But consider ∀x ∃y x < y (here B is ∃y x < y). It is sentence that is true about, e.g., the natural numbers: for every number x there is a number y greater than it. If we allowed y as a possible substitution for x , we would end up with B[y/x] ≡ ∃y y < y , which is false. We prevent this by requiring that none of the free variables in t would end up being bound by a quantifier in A. We often use the following convention to avoid cumbersume notation: If A is a formula with a free variable x , we write A(x) to indicate this. When it is clear which A and x we have in mind, and t is a term (assumed to be free for x in A(x)), then we write A(t ) as short for A(x)[t/x]. 5.9 Structures for First-order Languages First-order languages are, by themselves, uninterpreted: the constant symbols, function symbols, and predicate symbols have no specific meaning attached to them. Meanings are given by specifying a structure. It specifies the domain, i.e., the objects which the constant symbols pick out, the function symbols operate on, and the quantifiers range over. In addition, it specifies which constant symbols pick out which objects, how a function symbol maps objects to objects, and which objects the predicate symbols apply to. Structures are the basis for semantic notions in logic, e.g., the notion of consequence, validity, satisfiablity. They are variously called "structures," "interpretations," or "models" in the literature. 88 CHAPTER 5. SYNTAX AND SEMANTICS Definition 5.26 (Structures). A structure M, for a language L of first-order logic consists of the following elements: 1. Domain: a non-empty set, |M | 2. Interpretation of constant symbols: for each constant symbol c of L, an element cM ∈ |M | 3. Interpretation of predicate symbols: for each n-place predicate symbol R of L (other than =), an n-place relation RM ⊆ |M |n 4. Interpretation of function symbols: for each n-place function symbol f of L, an n-place function f M : |M |n → |M | Example 5.27. A structure M for the language of arithmetic consists of a set, an element of |M |, 0M, as interpretation of the constant symbol 0, a one-place function ′M : |M | → |M |, two twoplace functions +M and ×M, both |M |2 → |M |, and a two-place relation <M ⊆ |M |2. An obvious example of such a structure is the following: 1. |N | = N 2. 0N = 0 3. ′N(n) = n + 1 for all n ∈ N 4. +N(n,m) = n +m for all n,m ∈ N 5. ×N(n,m) = n * m for all n,m ∈ N 6. <N = {⟨n,m⟩ : n ∈ N,m ∈ N,n < m} The structure N for LA so defined is called the standard model of arithmetic, because it interprets the non-logical constants of LA exactly how you would expect. However, there are many other possible structures forLA. For instance, we might take as the domain the set Z of integers instead 89 5.10. COVERED STRUCTURES FOR FIRST-ORDER LANGUAGES of N, and define the interpretations of 0, ′, +, ×, < accordingly. But we can also define structures for LA which have nothing even remotely to do with numbers. Example 5.28. A structure M for the language LZ of set theory requires just a set and a single-two place relation. So technically, e.g., the set of people plus the relation "x is older than y" could be used as a structure for LZ , as well as N together with n ≥ m for n,m ∈ N. A particularly interesting structure for LZ in which the elements of the domain are actually sets, and the interpretation of ∈ actually is the relation "x is an element of y" is the structure HF of hereditarily finite sets: 1. |HF | = ∅ ∪ ℘(∅) ∪ ℘(℘(∅)) ∪ ℘(℘(℘(∅))) ∪ . . . ; 2. ∈HF = {⟨x, y⟩ : x, y ∈ |HF | ,x ∈ y}. The stipulations we make as to what counts as a structure impact our logic. For example, the choice to prevent empty domains ensures, given the usual account of satisfaction (or truth) for quantified sentences, that ∃x (A(x)∨¬A(x)) is valid-that is, a logical truth. And the stipulation that all constant symbols must refer to an object in the domain ensures that the existential generalization is a sound pattern of inference: A(a), therefore ∃x A(x). If we allowed names to refer outside the domain, or to not refer, then we would be on our way to a free logic, in which existential generalization requires an additional premise: A(a) and ∃x x = a, therefore ∃x A(x). 5.10 Covered Structures for First-order Languages Recall that a term is closed if it contains no variables. 90 CHAPTER 5. SYNTAX AND SEMANTICS Definition 5.29 (Value of closed terms). If t is a closed term of the language L and M is a structure for L, the value ValM(t ) is defined as follows: 1. If t is just the constant symbol c , then ValM(c ) = cM. 2. If t is of the form f (t1, . . . , tn), then ValM(t ) = f M(ValM(t1), . . . ,ValM(tn)). Definition 5.30 (Covered structure). A structure is covered if every element of the domain is the value of some closed term. Example 5.31. Let L be the language with constant symbols zero, one, two, . . . , the binary predicate symbol <, and the binary function symbols + and ×. Then a structure M forL is the one with domain |M | = {0,1,2, . . .} and assignments zeroM = 0, oneM = 1, twoM = 2, and so forth. For the binary relation symbol <, the set <M is the set of all pairs ⟨c1, c2⟩ ∈ |M |2 such that c1 is less than c2: for example, ⟨1,3⟩ ∈ <M but ⟨2,2⟩ ∉ <M. For the binary function symbol +, define +M in the usual way-for example, +M(2,3)maps to 5, and similarly for the binary function symbol ×. Hence, the value of f our is just 4, and the value of ×(two,+(three, zero)) (or in infix notation, two×(three+zero) ) is ValM(×(two,+(three, zero)) = = ×M(ValM(two),ValM(two,+(three, zero))) = ×M(ValM(two),+M(ValM(three),ValM(zero))) = ×M(twoM,+M(threeM, zeroM)) = ×M(2,+M(3,0)) = ×M(2,3) = 6 91 5.11. SATISFACTION OF A FORMULA IN A STRUCTURE 5.11 Satisfaction of a Formula in a Structure The basic notion that relates expressions such as terms and formulas, on the one hand, and structures on the other, are those of value of a term and satisfaction of a formula. Informally, the value of a term is an element of a structure-if the term is just a constant, its value is the object assigned to the constant by the structure, and if it is built up using function symbols, the value is computed from the values of constants and the functions assigned to the functions in the term. A formula is satisfied in a structure if the interpretation given to the predicates makes the formula true in the domain of the structure. This notion of satisfaction is specified inductively: the specification of the structure directly states when atomic formulas are satisfied, and we define when a complex formula is satisfied depending on the main connective or quantifier and whether or not the immediate subformulas are satisfied. The case of the quantifiers here is a bit tricky, as the immediate subformula of a quantified formula has a free variable, and structures don't specify the values of variables. In order to deal with this difficulty, we also introduce variable assignments and define satisfaction not with respect to a structure alone, but with respect to a structure plus a variable assignment. Definition 5.32 (Variable Assignment). A variable assignment s for a structure M is a function which maps each variable to an element of |M |, i.e., s : Var → |M |. A structure assigns a value to each constant symbol, and a variable assignment to each variable. But we want to use terms built up from them to also name elements of the domain. For this we define the value of terms inductively. For constant symbols and variables the value is just as the structure or the variable assignment specifies it; for more complex terms it is computed recursively using the functions the structure assigns to the function symbols. 92 CHAPTER 5. SYNTAX AND SEMANTICS Definition 5.33 (Value of Terms). If t is a term of the language L, M is a structure for L, and s is a variable assignment for M, the value ValMs (t ) is defined as follows: 1. t ≡ c : ValMs (t ) = c M. 2. t ≡ x : ValMs (t ) = s (x). 3. t ≡ f (t1, . . . , tn): ValMs (t ) = f M(ValMs (t1), . . . ,Val M s (tn)). Definition 5.34 (x -Variant). If s is a variable assignment for a structure M, then any variable assignment s ′ for M which differs from s at most in what it assigns to x is called an x -variant of s . If s ′ is an x -variant of s we write s ∼x s ′. Note that an x -variant of an assignment s does not have to assign something different to x . In fact, every assignment counts as an x -variant of itself. Definition 5.35 (Satisfaction). Satisfaction of a formula A in a structure M relative to a variable assignment s , in symbols: M, s ⊨ A, is defined recursively as follows. (We write M, s ⊭ A to mean "not M, s ⊨ A.") 1. A ≡ ⊥: M, s ⊭ A. 2. A ≡ R(t1, . . . , tn): M, s ⊨ A iff ⟨ValMs (t1), . . . ,Val M s (tn)⟩ ∈ RM. 3. A ≡ t1 = t2: M, s ⊨ A iff ValMs (t1) = Val M s (t2). 4. A ≡ ¬B : M, s ⊨ A iff M, s ⊭ B . 5. A ≡ (B ∧C ): M, s ⊨ A iff M, s ⊨ B and M, s ⊨ C . 93 5.11. SATISFACTION OF A FORMULA IN A STRUCTURE 6. A ≡ (B ∨C ): M, s ⊨ A iff M, s ⊨ A or M, s ⊨ B (or both). 7. A ≡ (B →C ): M, s ⊨ A iff M, s ⊭ B or M, s ⊨ C (or both). 8. A ≡ ∀x B : M, s ⊨ A iff for every x -variant s ′ of s , M, s ′ ⊨ B . 9. A ≡ ∃x B : M, s ⊨ A iff there is an x -variant s ′ of s so that M, s ′ ⊨ B . The variable assignments are important in the last two clauses. We cannot define satisfaction of ∀x B(x) by "for all a ∈ |M |, M ⊨ B(a)." We cannot define satisfaction of ∃x B(x) by "for at least one a ∈ |M |, M ⊨ B(a)." The reason is that a is not symbol of the language, and so B(a) is not a formula (that is, B[a/x] is undefined). We also cannot assume that we have constant symbols or terms available that name every element of M, since there is nothing in the definition of structures that requires it. Even in the standard language the set of constant symbols is countably infinite, so if |M | is not countable there aren't even enough constant symbols to name every object. Example 5.36. Let L = {a,b, f ,R} where a and b are constant symbols, f is a two-place function symbol, and R is a two-place predicate symbol. Consider the structure M defined by: 1. |M | = {1,2,3,4} 2. aM = 1 3. bM = 2 4. f M(x, y) = x + y if x + y ≤ 3 and = 3 otherwise. 5. RM = {⟨1,1⟩, ⟨1,2⟩, ⟨2,3⟩, ⟨2,4⟩} The function s (x) = 1 that assigns 1 ∈ |M | to every variable is a variable assignment for M. Then ValMs (f (a,b)) = f M(ValMs (a),Val M s (b)). 94 CHAPTER 5. SYNTAX AND SEMANTICS Since a and b are constant symbols, ValMs (a) = a M = 1 and ValMs (b) = b M = 2. So ValMs (f (a,b)) = f M(1,2) = 1 + 2 = 3. To compute the value of f (f (a,b),a) we have to consider ValMs (f (f (a,b),a)) = f M(ValMs (f (a,b)),Val M s (a)) = f M(3,1) = 3, since 3 + 1 > 3. Since s (x) = 1 and ValMs (x) = s (x), we also have ValMs (f (f (a,b),x)) = f M(ValMs (f (a,b)),Val M s (x)) = f M(3,1) = 3, An atomic formula R(t1, t2) is satisfied if the tuple of values of its arguments, i.e., ⟨ValMs (t1),Val M s (t2)⟩, is an element of R M. So, e.g., we have M, s ⊨ R(b, f (a,b)) since ⟨ValM(b),ValM(f (a,b))⟩ = ⟨2,3⟩ ∈ RM, but M, s ⊭ R(x, f (a,b)) since ⟨1,3⟩ ∉ RM[s ]. To determine if a non-atomic formula A is satisfied, you apply the clauses in the inductive definition that applies to the main connective. For instance, the main connective in R(a,a)→ (R(b,x) ∨ R(x,b) is the →, and M, s ⊨ R(a,a) → (R(b,x) ∨R(x,b)) iff M, s ⊭ R(a,a) or M, s ⊨ R(b,x) ∨R(x,b) Since M, s ⊨ R(a,a) (because ⟨1,1⟩ ∈ RM) we can't yet determine the answer and must first figure out if M, s ⊨ R(b,x) ∨R(x,b): M, s ⊨ R(b,x) ∨R(x,b) iff M, s ⊨ R(b,x) or M, s ⊨ R(x,b) And this is the case, since M, s ⊨ R(x,b) (because ⟨1,2⟩ ∈ RM). Recall that an x -variant of s is a variable assignment that differs from s at most in what it assigns to x . For every element 95 5.11. SATISFACTION OF A FORMULA IN A STRUCTURE of |M |, there is an x -variant of s : s1(x) = 1, s2(x) = 2, s3(x) = 3, s4(x) = 4, and with si (y) = s (y) = 1 for all variables y other than x . These are all the x -variants of s for the structure M, since |M | = {1,2,3,4}. Note, in particular, that s1 = s is also an x -variant of s , i.e., s is always an x -variant of itself. To determine if an existentially quantified formula ∃x A(x) is satisfied, we have to determine if M, s ′ ⊨ A(x) for at least one x -variant s ′ of s . So, M, s ⊨ ∃x (R(b,x) ∨R(x,b)), since M, s1 ⊨ R(b,x) ∨R(x,b) (s3 would also fit the bill). But, M, s ⊭ ∃x (R(b,x) ∧R(x,b)) since for none of the si , M, si ⊨ R(b,x) ∧R(x,b). To determine if a universally quantified formula ∀x A(x) is satisfied, we have to determine if M, s ′ ⊨ A(x) for all x -variants s ′ of s . So, M, s ⊨ ∀x (R(x,a) →R(a,x)), since M, si ⊨ R(x,a) → R(a,x) for all si (M, s1 ⊨ R(a,x) and M, s j ⊭ R(x,a) for j = 2, 3, and 4). But, M, s ⊭ ∀x (R(a,x) →R(x,a)) since M, s2 ⊭ R(a,x) → R(x,a) (because M, s2 ⊨ R(a,x) and M, s2 ⊭ R(x,a)). For a more complicated case, consider ∀x (R(a,x) → ∃y R(x, y)). Since M, s3 ⊭ R(a,x) and M, s4 ⊭ R(a,x), the interesting cases where we have to worry about the consequent of the conditional are only s1 and s2. Does M, s1 ⊨ ∃y R(x, y) hold? It does if there is at least one y -variant s ′1 of s1 so that M, s ′ 1 ⊨ R(x, y). In fact, s1 is such a y -variant (s1(x) = 1, s1(y) = 1, and ⟨1,1⟩ ∈ RM), so the answer is yes. To determine if M, s2 ⊨ ∃y R(x, y) we have 96 CHAPTER 5. SYNTAX AND SEMANTICS to look at the y -variants of s2. Here, s2 itself does not satisfy R(x, y) (s2(x) = 2, s2(y) = 1, and ⟨2,1⟩ ∉ RM). However, consider s ′2 ∼y s2 with s ′ 2(y) = 3. M, s ′ 2 ⊨ R(x, y) since ⟨2,3⟩ ∈ R M, and so M, s2 ⊨ ∃y R(x, y). In sum, for every x -variant si of s , either M, si ⊭ R(a,x) (i = 3, 4) or M, si ⊨ ∃y R(x, y) (i = 1, 2), and so M, s ⊨ ∀x (R(a,x) → ∃y R(x, y)). On the other hand, M, s ⊭ ∃x (R(a,x) ∧ ∀y R(x, y)). The only x -variants si of s with M, si ⊨ R(a,x) are s1 and s2. But for each, there is in turn a y -variant s ′i ∼y si with s ′ i (y) = 4 so that M, s ′i ⊭ R(x, y) and so M, si ⊭ ∀y R(x, y) for i = 1, 2. In sum, none of the x -variants si ∼x s are such that M, si ⊨ R(a,x) ∧ ∀y R(x, y). 5.12 Variable Assignments A variable assignment s provides a value for every variable-and there are infinitely many of them. This is of course not necessary. We require variable assignments to assign values to all variables simply because it makes things a lot easier. The value of a term t , and whether or not a formula A is satisfied in a structure with respect to s , only depend on the assignments s makes to the variables in t and the free variables of A. This is the content of the next two propositions. To make the idea of "depends on" precise, we show that any two variable assignments that agree on all the variables in t give the same value, and that A is satisfied relative to one iff it is satisfied relative to the other if two variable assignments agree on all free variables of A. 97 5.12. VARIABLE ASSIGNMENTS Proposition 5.37. If the variables in a term t are among x1, . . . , xn , and s1(xi ) = s2(xi ) for i = 1, . . . , n, then ValMs1 (t ) = Val M s2 (t ). Proof. By induction on the complexity of t . For the base case, t can be a constant symbol or one of the variables x1, . . . , xn . If t = c , then ValMs1 (t ) = c M = ValMs2 (t ). If t = xi , s1(xi ) = s2(xi ) by the hypothesis of the proposition, and so ValMs1 (t ) = s1(xi ) = s2(xi ) = ValMs2 (t ). For the inductive step, assume that t = f (t1, . . . , tk ) and that the claim holds for t1, . . . , tk . Then ValMs1 (t ) = Val M s1 (f (t1, . . . , tk )) = = f M(ValMs1 (t1), . . . ,Val M s1 (tk )) For j = 1, . . . , k , the variables of t j are among x1, . . . , xn . So by induction hypothesis, ValMs1 (t j ) = Val M s2 (t j ). So, ValMs1 (t ) = Val M s2 (f (t1, . . . , tk )) = = f M(ValMs1 (t1), . . . ,Val M s1 (tk )) = = f M(ValMs2 (t1), . . . ,Val M s2 (tk )) = = ValMs2 (f (t1, . . . , tk )) = Val M s2 (t ). □ Proposition 5.38. If the free variables in A are among x1, . . . , xn , and s1(xi ) = s2(xi ) for i = 1, . . . , n, then M, s1 ⊨ A iff M, s2 ⊨ A. Proof. We use induction on the complexity of A. For the base case, where A is atomic, A can be: ⊥, R(t1, . . . , tk ) for a k -place predicate R and terms t1, . . . , tk , or t1 = t2 for terms t1 and t2. 1. A ≡ ⊥: both M, s1 ⊭ A and M, s2 ⊭ A. 2. A ≡ R(t1, . . . , tk ): let M, s1 ⊨ A. Then ⟨ValMs1 (t1), . . . ,Val M s1 (tk )⟩ ∈ R M . For i = 1, . . . , k , ValMs1 (ti ) = Val M s2 (ti ) by Proposition 5.37. So we also have ⟨ValMs2 (ti ), . . . ,Val M s2 (tk )⟩ ∈ R M. 98 CHAPTER 5. SYNTAX AND SEMANTICS 3. A ≡ t1 = t2: suppose M, s1 ⊨ A. Then ValMs1 (t1) = Val M s1 (t2). So, ValMs2 (t1) = Val M s1 (t1) (by Proposition 5.37) = ValMs1 (t2) (since M, s1 ⊨ t1 = t2) = ValMs2 (t2) (by Proposition 5.37), so M, s2 ⊨ t1 = t2. Now assume M, s1 ⊨ B iff M, s2 ⊨ B for all formulas B less complex than A. The induction step proceeds by cases determined by the main operator of A. In each case, we only demonstrate the forward direction of the biconditional; the proof of the reverse direction is symmetrical. In all cases except those for the quantifiers, we apply the induction hypothesis to sub-formulas B of A. The free variables of B are among those of A. Thus, if s1 and s2 agree on the free variables of A, they also agree on those of B , and the induction hypothesis applies to B . 1. A ≡ ¬B : if M, s1 ⊨ A, then M, s1 ⊭ B , so by the induction hypothesis, M, s2 ⊭ B , hence M, s2 ⊨ A. 2. A ≡ B ∧C : exercise. 3. A ≡ B ∨ C : if M, s1 ⊨ A, then M, s1 ⊨ B or M, s1 ⊨ C . By induction hypothesis, M, s2 ⊨ B or M, s2 ⊨ C , so M, s2 ⊨ A. 4. A ≡ B →C : exercise. 5. A ≡ ∃x B : if M, s1 ⊨ A, there is an x -variant s ′1 of s1 so that M, s ′1 ⊨ B . Let s ′ 2 be the x -variant of s2 that assigns the same thing to x as does s ′1. The free variables of B are among x1, . . . , xn , and x . s ′1(xi ) = s ′ 2(xi ), since s ′ 1 and s ′ 2 are x -variants of s1 and s2, respectively, and by hypothesis s1(xi ) = s2(xi ). s ′1(x) = s ′ 2(x) by the way we have defined s ′ 2. Then the induction hypothesis applies to B and s ′1, s ′ 2, so M, s ′2 ⊨ B . Hence, there is an x -variant of s2 that satisfies B , and so M, s2 ⊨ A. 99 5.12. VARIABLE ASSIGNMENTS 6. A ≡ ∀x B : exercise. By induction, we get that M, s1 ⊨ A iff M, s2 ⊨ A whenever the free variables in A are among x1, . . . , xn and s1(xi ) = s2(xi ) for i = 1, . . . , n. □ Sentences have no free variables, so any two variable assignments assign the same things to all the (zero) free variables of any sentence. The proposition just proved then means that whether or not a sentence is satisfied in a structure relative to a variable assignment is completely independent of the assignment. We'll record this fact. It justifies the definition of satisfaction of a sentence in a structure (without mentioning a variable assignment) that follows. Corollary 5.39. If A is a sentence and s a variable assignment, then M, s ⊨ A iff M, s ′ ⊨ A for every variable assignment s ′. Proof. Let s ′ be any variable assignment. Since A is a sentence, it has no free variables, and so every variable assignment s ′ trivially assigns the same things to all free variables of A as does s . So the condition of Proposition 5.38 is satisfied, and we have M, s ⊨ A iff M, s ′ ⊨ A. □ Definition 5.40. If A is a sentence, we say that a structure M satisfies A, M ⊨ A, iff M, s ⊨ A for all variable assignments s . If M ⊨ A, we also simply say that A is true in M. Proposition 5.41. Let M be a structure, A be a sentence, and s a variable assignment. M ⊨ A iff M, s ⊨ A. Proof. Exercise. □ 100 CHAPTER 5. SYNTAX AND SEMANTICS Proposition 5.42. Suppose A(x) only contains x free, and M is a structure. Then: 1. M ⊨ ∃x A(x) iff M, s ⊨ A(x) for at least one variable assignment s . 2. M ⊨ ∀x A(x) iff M, s ⊨ A(x) for all variable assignments s . Proof. Exercise. □ 5.13 Extensionality Extensionality, sometimes called relevance, can be expressed informally as follows: the only factors that bears upon the satisfaction of formula A in a structure M relative to a variable assignment s , are the size of the domain and the assignments made by M and s to the elements of the language that actually appear in A. One immediate consequence of extensionality is that where two structures M and M′ agree on all the elements of the language appearing in a sentence A and have the same domain, M and M′ must also agree on whether or not A itself is true. Proposition 5.43 (Extensionality). Let A be a formula, and M1 and M2 be structures with |M1 | = |M2 |, and s a variable assignment on |M1 | = |M2 |. If cM1 = cM2 , RM1 = RM2 , and f M1 = f M2 for every constant symbol c , relation symbol R, and function symbol f occurring in A, then M1, s ⊨ A iff M2, s ⊨ A. Proof. First prove (by induction on t) that for every term, ValM1s (t ) = Val M2 s (t ). Then prove the proposition by induction on A, making use of the claim just proved for the induction basis (where A is atomic). □ 101 5.13. EXTENSIONALITY Corollary 5.44 (Extensionality for Sentences). Let A be a sentence and M1, M2 as in Proposition 5.43. Then M1 ⊨ A iff M2 ⊨ A. Proof. Follows from Proposition 5.43 by Corollary 5.39. □ Moreover, the value of a term, and whether or not a structure satisfies a formula, only depends on the values of its subterms. Proposition 5.45. Let M be a structure, t and t ′ terms, and s a variable assignment. Let s ′ ∼x s be the x -variant of s given by s ′(x) = ValMs (t ′). Then ValMs (t [t ′/x]) = ValMs ′ (t ). Proof. By induction on t . 1. If t is a constant, say, t ≡ c , then t [t ′/x] = c , and ValMs (c ) = cM = ValMs ′ (c ). 2. If t is a variable other than x , say, t ≡ y , then t [t ′/x] = y , and ValMs (y) = Val M s ′ (y) since s ′ ∼x s . 3. If t ≡ x , then t [t ′/x] = t ′. But ValMs ′ (x) = Val M s (t ′) by definition of s ′. 4. If t ≡ f (t1, . . . , tn) then we have: ValMs (t [t ′/x]) = = ValMs (f (t1[t ′/x], . . . , tn[t ′/x])) by definition of t [t ′/x] = f M(ValMs (t1[t ′/x]), . . . ,ValMs (tn[t ′/x])) by definition of ValMs (f (. . . )) = f M(ValMs ′ (t1), . . . ,Val M s ′ (tn)) by induction hypothesis = ValMs ′ (t ) by definition of Val M s ′ (f (. . . )) □ 102 CHAPTER 5. SYNTAX AND SEMANTICS Proposition 5.46. LetM be a structure, A a formula, t a term, and s a variable assignment. Let s ′ ∼x s be the x -variant of s given by s ′(x) = ValMs (t ). Then M, s ⊨ A[t/x] iff M, s ′ ⊨ A. Proof. Exercise. □ 5.14 Semantic Notions Give the definition of structures for first-order languages, we can define some basic semantic properties of and relationships between sentences. The simplest of these is the notion of validity of a sentence. A sentence is valid if it is satisfied in every structure. Valid sentences are those that are satisfied regardless of how the non-logical symbols in it are interpreted. Valid sentences are therefore also called logical truths-they are true, i.e., satisfied, in any structure and hence their truth depends only on the logical symbols occurring in them and their syntactic structure, but not on the non-logical symbols or their interpretation. Definition 5.47 (Validity). A sentence A is valid, ⊨ A, iff M ⊨ A for every structure M. Definition 5.48 (Entailment). A set of sentences Γ entails a sentence A, Γ ⊨ A, iff for every structure M with M ⊨ Γ , M ⊨ A. Definition 5.49 (Satisfiability). A set of sentences Γ is satisfiable if M ⊨ Γ for some structure M. If Γ is not satisfiable it is called unsatisfiable. 103 5.14. SEMANTIC NOTIONS Proposition 5.50. A sentence A is valid iff Γ ⊨ A for every set of sentences Γ . Proof. For the forward direction, let A be valid, and let Γ be a set of sentences. Let M be a structure so that M ⊨ Γ . Since A is valid, M ⊨ A, hence Γ ⊨ A. For the contrapositive of the reverse direction, let A be invalid, so there is a structure M with M ⊭ A. When Γ = {⊤}, since ⊤ is valid, M ⊨ Γ . Hence, there is a structure M so that M ⊨ Γ but M ⊭ A, hence Γ does not entail A. □ Proposition 5.51. Γ ⊨ A iff Γ ∪ {¬A} is unsatisfiable. Proof. For the forward direction, suppose Γ ⊨ A and suppose to the contrary that there is a structure M so that M ⊨ Γ ∪ {¬A}. Since M ⊨ Γ and Γ ⊨ A, M ⊨ A. Also, since M ⊨ Γ ∪ {¬A}, M ⊨ ¬A, so we have both M ⊨ A and M ⊭ A, a contradiction. Hence, there can be no such structure M, so Γ ∪ {A} is unsatisfiable. For the reverse direction, suppose Γ ∪ {¬A} is unsatisfiable. So for every structure M, either M ⊭ Γ or M ⊨ A. Hence, for every structure M with M ⊨ Γ , M ⊨ A, so Γ ⊨ A. □ Proposition 5.52. If Γ ⊆ Γ ′ and Γ ⊨ A, then Γ ′ ⊨ A. Proof. Suppose that Γ ⊆ Γ ′ and Γ ⊨ A. Let M be such that M ⊨ Γ ′; then M ⊨ Γ , and since Γ ⊨ A, we get that M ⊨ A. Hence, whenever M ⊨ Γ ′, M ⊨ A, so Γ ′ ⊨ A. □ 104 CHAPTER 5. SYNTAX AND SEMANTICS Theorem 5.53 (Semantic Deduction Theorem). Γ∪{A} ⊨ B iff Γ ⊨ A→ B . Proof. For the forward direction, let Γ ∪ {A} ⊨ B and let M be a structure so that M ⊨ Γ . If M ⊨ A, then M ⊨ Γ ∪ {A}, so since Γ ∪ {A} entails B , we get M ⊨ B . Therefore, M ⊨ A → B , so Γ ⊨ A→ B . For the reverse direction, let Γ ⊨ A→B and M be a structure so that M ⊨ Γ ∪ {A}. Then M ⊨ Γ , so M ⊨ A→ B , and since M ⊨ A, M ⊨ B . Hence, whenever M ⊨ Γ ∪ {A}, M ⊨ B , so Γ ∪ {A} ⊨ B . □ Proposition 5.54. Let M be a structure, and A(x) a formula with one free variable x , and t a closed term. Then: 1. A(t ) ⊨ ∃x A(x) 2. ∀x A(x) ⊨ A(t ) Proof. 1. Suppose M ⊨ A(t ). Let s be a variable assignment with s (x) = ValM(t ). Then M, s ⊨ A(t ) since A(t ) is a sentence. By Proposition 5.46, M, s ⊨ A(x). By Proposition 5.42, M ⊨ ∃x A(x). 2. Exercise. □ Summary A first-order language consists of constant, function, and predicate symbols. Function and constant symbols take a specified number of arguments. In the language of arithmetic, e.g., we have a single constant symbol 0, one 1-place function symbol ′, two 2-place function symbols + and ×, and one 2-place predicate symbol <. From variables and constant and function symbols we form the terms of a language. From the terms of a language 105 5.14. SEMANTIC NOTIONS together with its predicate symbol, as well as the identity symbol =, we form the atomic formulas. And in turn from them, using the logical connectives ¬, ∨, ∧, →, ↔ and the quantifiers ∀ and ∃ we form its formulas. Since we are careful to always include necessary parentheses in the process of forming terms and formulas, there is always exactly one way of reading a formula. This makes it possible to define things by induction on the structure of formulas. Occurrences of variables in formulas are sometimes governed by a corresponding quantifier: if a variable occurs in the scope of a quantifier it is considered bound, otherwise free. These concepts all have inductive definitions, and we also inductively define the operation of substitution of a term for a variable in a formula. Formulas without free variable occurrences are called sentences. The semantics for a first-order language is given by a structure for that language. It consists of a domain and elements of that domain are assigned to each constant symbol. Function symbols are interpreted by functions and relation symbols by relation on the domain. A function from the set of variables to the domain is a variable assignment. The relation of satisfaction relates structures, variable assignments and formulas; M ⊨ [s ]A is defined by induction on the structure of A. M ⊨ [s ]A only depends on the interpretation of the symbols actually occurring in A, and in particular does not depend on s if A contains no free variables. So if A is a sentence, M ⊨ A if M ⊨ [s ]A for any (or all) s . The satisfaction relation is the basis for all semantic notions. A sentence is valid, ⊨ A, if it is satisfied in every structure. A sentence A is entailed by set of sentences Γ , Γ ⊨ A, iff M ⊨ A for all M which satisfy every sentence in Γ . A set Γ is satisfiable iff there is some structure that satisfies every sentence in Γ , otherwise unsatisfiable. These notions are interrelated, e.g., Γ ⊨ A iff Γ ∪ {¬A} is unsatisfiable. 106 CHAPTER 5. SYNTAX AND SEMANTICS Problems Problem 5.1. Prove Lemma 5.10. Problem 5.2. Prove Proposition 5.11 (Hint: Formulate and prove a version of Lemma 5.10 for terms.) Problem 5.3. Give an inductive definition of the bound variable occurrences along the lines of Definition 5.17. Problem 5.4. Is N, the standard model of arithmetic, covered? Explain. Problem 5.5. Let L = {c, f ,A} with one constant symbol, one one-place function symbol and one two-place predicate symbol, and let the structure M be given by 1. |M | = {1,2,3} 2. cM = 3 3. f M(1) = 2, f M(2) = 3, f M(3) = 2 4. AM = {⟨1,2⟩, ⟨2,3⟩, ⟨3,3⟩} (a) Let s (v ) = 1 for all variables v . Find out whether M, s ⊨ ∃x (A(f (z ), c ) → ∀y (A(y,x) ∨ A(f (y),x))) Explain why or why not. (b) Give a different structure and variable assignment in which the formula is not satisfied. Problem 5.6. Complete the proof of Proposition 5.38. Problem 5.7. Prove Proposition 5.41 Problem 5.8. Prove Proposition 5.42. 107 5.14. SEMANTIC NOTIONS Problem 5.9. Suppose L is a language without function symbols. Given a structure M, c a constant symbol and a ∈ |M |, define M[a/c ] to be the structure that is just like M, except that cM[a/c ] = a. Define M | |= A for sentences A by: 1. A ≡ ⊥: not M | |= A. 2. A ≡ R(d1, . . . ,dn): M | |= A iff ⟨dM1 , . . . ,d M n ⟩ ∈ R M. 3. A ≡ d1 = d2: M | |= A iff dM1 = d M 2 . 4. A ≡ ¬B : M | |= A iff not M | |= B . 5. A ≡ (B ∧C ): M | |= A iff M | |= B and M | |= C . 6. A ≡ (B ∨C ): M | |= A iff M | |= B or M | |= C (or both). 7. A ≡ (B→C ): M | |= A iff not M | |= B or M | |= C (or both). 8. A ≡ ∀x B : M | |= A iff for all a ∈ |M |, M[a/c ] | |= B[c/x], if c does not occur in B . 9. A ≡ ∃x B : M | |= A iff there is an a ∈ |M | such that M[a/c ] | |= B[c/x], if c does not occur in B . Let x1, . . . , xn be all free variables in A, c1, . . . , cn constant symbols not in A, a1, . . . , an ∈ |M |, and s (xi ) = ai . Show that M, s ⊨ A iff M[a1/c1, . . . ,an/cn] | |= A[c1/x1] . . . [cn/xn]. (This problem shows that it is possible to give a semantics for first-order logic that makes do without variable assignments.) Problem 5.10. Suppose that f is a function symbol not in A(x, y). Show that there is a structure M such that M ⊨ ∀x ∃y A(x, y) iff there is an M′ such that M′ ⊨ ∀x A(x, f (x)). (This problem is a special case of what's known as Skolem's Theorem; ∀x A(x, f (x)) is called a Skolem normal form of ∀x ∃y A(x, y).) Problem 5.11. Carry out the proof of Proposition 5.43 in detail. 108 CHAPTER 5. SYNTAX AND SEMANTICS Problem 5.12. Prove Proposition 5.46 Problem 5.13. 1. Show that Γ ⊨ ⊥ iff Γ is unsatisfiable. 2. Show that Γ ∪ {A} ⊨ ⊥ iff Γ ⊨ ¬A. 3. Suppose c does not occur in A or Γ . Show that Γ ⊨ ∀x A iff Γ ⊨ A[c/x]. Problem 5.14. Complete the proof of Proposition 5.54. CHAPTER 6 Theories and Their Models 6.1 Introduction The development of the axiomatic method is a significant achievement in the history of science, and is of special importance in the history of mathematics. An axiomatic development of a field involves the clarification of many questions: What is the field about? What are the most fundamental concepts? How are they related? Can all the concepts of the field be defined in terms of these fundamental concepts? What laws do, and must, these concepts obey? The axiomatic method and logic were made for each other. Formal logic provides the tools for formulating axiomatic theories, for proving theorems from the axioms of the theory in a precisely specified way, for studying the properties of all systems satisfying the axioms in a systematic way. 109 110 CHAPTER 6. THEORIES AND THEIR MODELS Definition 6.1. A set of sentences Γ is closed iff, whenever Γ ⊨ A then A ∈ Γ . The closure of a set of sentences Γ is {A : Γ ⊨ A}. We say that Γ is axiomatized by a set of sentences ∆ if Γ is the closure of ∆ We can think of an axiomatic theory as the set of sentences that is axiomatized by its set of axioms ∆. In other words, when we have a first-order language which contains non-logical symbols for the primitives of the axiomatically developed science we wish to study, together with a set of sentences that express the fundamental laws of the science, we can think of the theory as represented by all the sentences in this language that are entailed by the axioms. This ranges from simple examples with only a single primitive and simple axioms, such as the theory of partial orders, to complex theories such as Newtonian mechanics. The important logical facts that make this formal approach to the axiomatic method so important are the following. Suppose Γ is an axiom system for a theory, i.e., a set of sentences. 1. We can state precisely when an axiom system captures an intended class of structures. That is, if we are interested in a certain class of structures, we will successfully capture that class by an axiom system Γ iff the structures are exactly those M such that M ⊨ Γ . 2. We may fail in this respect because there are M such that M ⊨ Γ , but M is not one of the structures we intend. This may lead us to add axioms which are not true in M. 3. If we are successful at least in the respect that Γ is true in all the intended structures, then a sentence A is true in all intended structures whenever Γ ⊨ A. Thus we can use logical tools (such as proof methods) to show that sentences are true in all intended structures simply by showing that they are entailed by the axioms. 4. Sometimes we don't have intended structures in mind, but instead start from the axioms themselves: we begin with 111 6.2. EXPRESSING PROPERTIES OF STRUCTURES some primitives that we want to satisfy certain laws which we codify in an axiom system. One thing that we would like to verify right away is that the axioms do not contradict each other: if they do, there can be no concepts that obey these laws, and we have tried to set up an incoherent theory. We can verify that this doesn't happen by finding a model of Γ . And if there are models of our theory, we can use logical methods to investigate them, and we can also use logical methods to construct models. 5. The independence of the axioms is likewise an important question. It may happen that one of the axioms is actually a consequence of the others, and so is redundant. We can prove that an axiom A in Γ is redundant by proving Γ \ {A} ⊨ A. We can also prove that an axiom is not redundant by showing that (Γ \ {A})∪ {¬A} is satisfiable. For instance, this is how it was shown that the parallel postulate is independent of the other axioms of geometry. 6. Another important question is that of definability of concepts in a theory: The choice of the language determines what the models of a theory consists of. But not every aspect of a theory must be represented separately in its models. For instance, every ordering ≤ determines a corresponding strict ordering <-given one, we can define the other. So it is not necessary that a model of a theory involving such an order must also contain the corresponding strict ordering. When is it the case, in general, that one relation can be defined in terms of others? When is it impossible to define a relation in terms of other (and hence must add it to the primitives of the language)? 6.2 Expressing Properties of Structures It is often useful and important to express conditions on functions and relations, or more generally, that the functions and re112 CHAPTER 6. THEORIES AND THEIR MODELS lations in a structure satisfy these conditions. For instance, we would like to have ways of distinguishing those structures for a language which "capture" what we want the predicate symbols to "mean" from those that do not. Of course we're completely free to specify which structures we "intend," e.g., we can specify that the interpretation of the predicate symbol ≤ must be an ordering, or that we are only interested in interpretations of L in which the domain consists of sets and ∈ is interpreted by the "is an element of" relation. But can we do this with sentences of the language? In other words, which conditions on a structure M can we express by a sentence (or perhaps a set of sentences) in the language of M? There are some conditions that we will not be able to express. For instance, there is no sentence of LA which is only true in a structure M if |M | = N. We cannot express "the domain contains only natural numbers." But there are "structural properties" of structures that we perhaps can express. Which properties of structures can we express by sentences? Or, to put it another way, which collections of structures can we describe as those making a sentence (or set of sentences) true? Definition 6.2 (Model of a set). Let Γ be a set of sentences in a language L. We say that a structure M is a model of Γ if M ⊨ A for all A ∈ Γ . Example 6.3. The sentence ∀x x ≤ x is true in M iff ≤M is a reflexive relation. The sentence ∀x ∀y ((x ≤ y ∧ y ≤ x)→ x = y) is true in M iff ≤M is anti-symmetric. The sentence ∀x ∀y ∀z ((x ≤ y ∧ y ≤ z ) → x ≤ z ) is true in M iff ≤M is transitive. Thus, the models of { ∀x x ≤ x, ∀x ∀y ((x ≤ y ∧ y ≤ x) → x = y), ∀x ∀y ∀z ((x ≤ y ∧ y ≤ z ) → x ≤ z ) } are exactly those structures in which ≤M is reflexive, antisymmetric, and transitive, i.e., a partial order. Hence, we can take them as axioms for the first-order theory of partial orders. 113 6.3. EXAMPLES OF FIRST-ORDER THEORIES 6.3 Examples of First-Order Theories Example 6.4. The theory of strict linear orders in the language L< is axiomatized by the set ∀x ¬x < x, ∀x ∀y ((x < y ∨ y < x) ∨ x = y), ∀x ∀y ∀z ((x < y ∧ y < z ) → x < z ) It completely captures the intended structures: every strict linear order is a model of this axiom system, and vice versa, if R is a linear order on a set X , then the structure M with |M | = X and <M = R is a model of this theory. Example 6.5. The theory of groups in the language 1 (constant symbol), * (two-place function symbol) is axiomatized by ∀x (x * 1) = x ∀x ∀y ∀z (x * (y * z )) = ((x * y) * z ) ∀x ∃y (x * y) = 1 Example 6.6. The theory of Peano arithmetic is axiomatized by the following sentences in the language of arithmetic LA. ∀x ∀y (x ′ = y ′ → x = y) ∀x 0 ≠ x ′ ∀x (x + 0) = x ∀x ∀y (x + y ′) = (x + y)′ ∀x (x × 0) = 0 ∀x ∀y (x × y ′) = ((x × y) + x) ∀x ∀y (x < y ↔∃z (z ′ + x) = y)) plus all sentences of the form (A(0) ∧ ∀x (A(x) → A(x ′))) → ∀x A(x) 114 CHAPTER 6. THEORIES AND THEIR MODELS Since there are infinitely many sentences of the latter form, this axiom system is infinite. The latter form is called the induction schema. (Actually, the induction schema is a bit more complicated than we let on here.) The last axiom is an explicit definition of <. Example 6.7. The theory of pure sets plays an important role in the foundations (and in the philosophy) of mathematics. A set is pure if all its elements are also pure sets. The empty set counts therefore as pure, but a set that has something as an element that is not a set would not be pure. So the pure sets are those that are formed just from the empty set and no "urelements," i.e., objects that are not themselves sets. The following might be considered as an axiom system for a theory of pure sets: ∃x ¬∃y y ∈ x ∀x ∀y (∀z (z ∈ x ↔ z ∈ y) → x = y) ∀x ∀y ∃z ∀u (u ∈ z ↔ (u = x ∨ u = y)) ∀x ∃y ∀z (z ∈ y ↔∃u (z ∈ u ∧ u ∈ x)) plus all sentences of the form ∃x ∀y (y ∈ x ↔ A(y)) The first axiom says that there is a set with no elements (i.e., ∅ exists); the second says that sets are extensional; the third that for any sets X and Y , the set {X ,Y } exists; the fourth that for any set X , the set ∪X exists, where ∪X is the union of all the elements of X . The sentences mentioned last are collectively called the naive comprehension scheme. It essentially says that for every A(x), the set {x : A(x)} exists-so at first glance a true, useful, and perhaps even necessary axiom. It is called "naive" because, as it turns out, it makes this theory unsatisfiable: if you take A(y) to be ¬y ∈ y , you get the sentence ∃x ∀y (y ∈ x ↔¬y ∈ y) 115 6.3. EXAMPLES OF FIRST-ORDER THEORIES and this sentence is not satisfied in any structure. Example 6.8. In the area of mereology, the relation of parthood is a fundamental relation. Just like theories of sets, there are theories of parthood that axiomatize various conceptions (sometimes conflicting) of this relation. The language of mereology contains a single two-place predicate symbol P , and P (x, y) "means" that x is a part of y . When we have this interpretation in mind, a structure for this language is called a parthood structure. Of course, not every structure for a single two-place predicate will really deserve this name. To have a chance of capturing "parthood," PM must satisfy some conditions, which we can lay down as axioms for a theory of parthood. For instance, parthood is a partial order on objects: every object is a part (albeit an improper part) of itself; no two different objects can be parts of each other; a part of a part of an object is itself part of that object. Note that in this sense "is a part of" resembles "is a subset of," but does not resemble "is an element of" which is neither reflexive nor transitive. ∀x P (x,x), ∀x ∀y ((P (x, y) ∧ P (y,x)) → x = y), ∀x ∀y ∀z ((P (x, y) ∧ P (y, z )) → P (x, z )), Moreover, any two objects have a mereological sum (an object that has these two objects as parts, and is minimal in this respect). ∀x ∀y ∃z ∀u (P (z,u) ↔ (P (x,u) ∧ P (y,u))) These are only some of the basic principles of parthood considered by metaphysicians. Further principles, however, quickly become hard to formulate or write down without first introducting some defined relations. For instance, most metaphysicians interested in mereology also view the following as a valid principle: whenever an object x has a proper part y , it also has a part z that has no parts in common with y , and so that the fusion of y and z is x . 116 CHAPTER 6. THEORIES AND THEIR MODELS 6.4 Expressing Relations in a Structure One main use formulas can be put to is to express properties and relations in a structure M in terms of the primitives of the language L of M. By this we mean the following: the domain of M is a set of objects. The constant symbols, function symbols, and predicate symbols are interpreted in M by some objects in|M |, functions on |M |, and relations on |M |. For instance, if A20 is in L, then M assigns to it a relation R = A20 M. Then the formula A20(v1, v2) expresses that very relation, in the following sense: if a variable assignment s maps v1 to a ∈ |M | and v2 to b ∈ |M |, then Rab iff M, s ⊨ A20(v1, v2). Note that we have to involve variable assignments here: we can't just say "Rab iff M ⊨ A20(a,b)" because a and b are not symbols of our language: they are elements of |M |. Since we don't just have atomic formulas, but can combine them using the logical connectives and the quantifiers, more complex formulas can define other relations which aren't directly built into M. We're interested in how to do that, and specifically, which relations we can define in a structure. Definition 6.9. Let A(v1, . . . , vn) be a formula ofL in which only v1,. . . , vn occur free, and let M be a structure for L. A(v1, . . . , vn) expresses the relation R ⊆ |M |n iff Ra1 . . . an iff M, s ⊨ A(v1, . . . , vn) for any variable assignment s with s (vi ) = ai (i = 1, . . . ,n). Example 6.10. In the standard model of arithmetic N, the formula v1 < v2 ∨ v1 = v2 expresses the ≤ relation on N. The formula v2 = v ′1 expresses the successor relation, i.e., the relation R ⊆ N2 where Rnm holds if m is the successor of n. The formula v1 = v ′2 expresses the predecessor relation. The formulas ∃v3 (v3 ≠ 0∧v2 = (v1+v3)) and ∃v3 (v1+v3′) = v2 both express the 117 6.5. THE THEORY OF SETS < relation. This means that the predicate symbol < is actually superfluous in the language of arithmetic; it can be defined. This idea is not just interesting in specific structures, but generally whenever we use a language to describe an intended model or models, i.e., when we consider theories. These theories often only contain a few predicate symbols as basic symbols, but in the domain they are used to describe often many other relations play an important role. If these other relations can be systematically expressed by the relations that interpret the basic predicate symbols of the language, we say we can define them in the language. 6.5 The Theory of Sets Almost all of mathematics can be developed in the theory of sets. Developing mathematics in this theory involves a number of things. First, it requires a set of axioms for the relation ∈. A number of different axiom systems have been developed, sometimes with conflicting properties of ∈. The axiom system known as ZFC, Zermelo-Fraenkel set theory with the axiom of choice stands out: it is by far the most widely used and studied, because it turns out that its axioms suffice to prove almost all the things mathematicians expect to be able to prove. But before that can be established, it first is necessary to make clear how we can even express all the things mathematicians would like to express. For starters, the language contains no constant symbols or function symbols, so it seems at first glance unclear that we can talk about particular sets (such as ∅ or N), can talk about operations on sets (such as X ∪Y and ℘(X )), let alone other constructions which involve things other than sets, such as relations and functions. To begin with, "is an element of" is not the only relation we are interested in: "is a subset of" seems almost as important. But we can define "is a subset of" in terms of "is an element of." To do this, we have to find a formula A(x, y) in the language of set theory which is satisfied by a pair of sets ⟨X ,Y ⟩ iff X ⊆ Y . But X 118 CHAPTER 6. THEORIES AND THEIR MODELS is a subset of Y just in case all elements of X are also elements ofY . So we can define ⊆ by the formula ∀z (z ∈ x → z ∈ y) Now, whenever we want to use the relation ⊆ in a formula, we could instead use that formula (with x and y suitably replaced, and the bound variable z renamed if necessary). For instance, extensionality of sets means that if any sets x and y are contained in each other, then x and y must be the same set. This can be expressed by ∀x ∀y ((x ⊆ y ∧ y ⊆ x) → x = y), or, if we replace ⊆ by the above definition, by ∀x ∀y ((∀z (z ∈ x → z ∈ y) ∧ ∀z (z ∈ y → z ∈ x)) → x = y). This is in fact one of the axioms of ZFC, the "axiom of extensionality." There is no constant symbol for ∅, but we can express "x is empty" by ¬∃y y ∈ x . Then "∅ exists" becomes the sentence ∃x ¬∃y y ∈ x . This is another axiom of ZFC. (Note that the axiom of extensionality implies that there is only one empty set.) Whenever we want to talk about ∅ in the language of set theory, we would write this as "there is a set that's empty and . . . " As an example, to express the fact that ∅ is a subset of every set, we could write ∃x (¬∃y y ∈ x ∧ ∀z x ⊆ z ) where, of course, x ⊆ z would in turn have to be replaced by its definition. To talk about operations on sets, such has X ∪Y and ℘(X ), we have to use a similar trick. There are no function symbols in the language of set theory, but we can express the functional relations X ∪Y = Z and ℘(X ) =Y by ∀u ((u ∈ x ∨ u ∈ y) ↔ u ∈ z ) ∀u (u ⊆ x ↔ u ∈ y) 119 6.5. THE THEORY OF SETS since the elements of X ∪Y are exactly the sets that are either elements of X or elements of Y , and the elements of ℘(X ) are exactly the subsets of X . However, this doesn't allow us to use x ∪ y or ℘(x) as if they were terms: we can only use the entire formulas that define the relations X ∪Y = Z and ℘(X ) = Y . In fact, we do not know that these relations are ever satisfied, i.e., we do not know that unions and power sets always exist. For instance, the sentence ∀x ∃y ℘(x) = y is another axiom of ZFC (the power set axiom). Now what about talk of ordered pairs or functions? Here we have to explain how we can think of ordered pairs and functions as special kinds of sets. One way to define the ordered pair ⟨x, y⟩ is as the set {{x}, {x, y}}. But like before, we cannot introduce a function symbol that names this set; we can only define the relation ⟨x, y⟩ = z , i.e., {{x}, {x, y}} = z : ∀u (u ∈ z ↔ (∀v (v ∈ u ↔ v = x) ∨ ∀v (v ∈ u ↔ (v = x ∨ v = y)))) This says that the elements u of z are exactly those sets which either have x as its only element or have x and y as its only elements (in other words, those sets that are either identical to {x} or identical to {x, y}). Once we have this, we can say further things, e.g., that X ×Y = Z : ∀z (z ∈ Z ↔∃x ∃y (x ∈ X ∧ y ∈Y ∧ ⟨x, y⟩ = z )) A function f : X →Y can be thought of as the relation f (x) = y , i.e., as the set of pairs {⟨x, y⟩ : f (x) = y}. We can then say that a set f is a function from X to Y if (a) it is a relation ⊆ X ×Y , (b) it is total, i.e., for all x ∈ X there is some y ∈ Y such that ⟨x, y⟩ ∈ f and (c) it is functional, i.e., whenever ⟨x, y⟩, ⟨x, y ′⟩ ∈ f , y = y ′ (because values of functions must be unique). So "f is a function from X toY " can be written as: ∀u (u ∈ f →∃x ∃y (x ∈ X ∧ y ∈Y ∧ ⟨x, y⟩ = u)) ∧ ∀x (x ∈ X → (∃y (y ∈Y ∧maps(f ,x, y)) ∧ (∀y ∀y ′ ((maps(f ,x, y) ∧maps(f ,x, y ′)) → y = y ′))) 120 CHAPTER 6. THEORIES AND THEIR MODELS where maps(f ,x, y) abbreviates ∃v (v ∈ f ∧ ⟨x, y⟩ = v ) (this formula expresses "f (x) = y"). It is now also not hard to express that f : X →Y is injective, for instance: f : X →Y ∧ ∀x ∀x ′ ((x ∈ X ∧ x ′ ∈ X ∧ ∃y (maps(f ,x, y) ∧maps(f ,x ′, y))) → x = x ′) A function f : X →Y is injective iff, whenever f maps x,x ′ ∈ X to a single y , x = x ′. If we abbreviate this formula as inj(f ,X ,Y ), we're already in a position to state in the language of set theory something as non-trivial as Cantor's theorem: there is no injective function from ℘(X ) to X : ∀X ∀Y (℘(X ) =Y →¬∃f inj(f ,Y,X )) One might think that set theory requires another axiom that guarantees the existence of a set for every defining property. If A(x) is a formula of set theory with the variable x free, we can consider the sentence ∃y ∀x (x ∈ y ↔ A(x)). This sentence states that there is a set y whose elements are all and only those x that satisfy A(x). This schema is called the "comprehension principle." It looks very useful; unfortunately it is inconsistent. Take A(x) ≡ ¬x ∈ x , then the comprehension principle states ∃y ∀x (x ∈ y ↔ x ∉ x), i.e., it states the existence of a set of all sets that are not elements of themselves. No such set can exist-this is Russell's Paradox. ZFC, in fact, contains a restricted-and consistent-version of this principle, the separation principle: ∀z ∃y ∀x (x ∈ y ↔ (x ∈ z ∧ A(x)). 121 6.6. EXPRESSING THE SIZE OF STRUCTURES 6.6 Expressing the Size of Structures There are some properties of structures we can express even without using the non-logical symbols of a language. For instance, there are sentences which are true in a structure iff the domain of the structure has at least, at most, or exactly a certain number n of elements. Proposition 6.11. The sentence A≥n ≡ ∃x1 ∃x2 . . . ∃xn (x1 ≠ x2 ∧ x1 ≠ x3 ∧ x1 ≠ x4 ∧ * * * ∧ x1 ≠ xn ∧ x2 ≠ x3 ∧ x2 ≠ x4 ∧ * * * ∧ x2 ≠ xn ∧ ... xn−1 ≠ xn) is true in a structure M iff |M | contains at least n elements. Consequently, M ⊨ ¬A≥n+1 iff |M | contains at most n elements. Proposition 6.12. The sentence A=n ≡ ∃x1 ∃x2 . . . ∃xn (x1 ≠ x2 ∧ x1 ≠ x3 ∧ x1 ≠ x4 ∧ * * * ∧ x1 ≠ xn ∧ x2 ≠ x3 ∧ x2 ≠ x4 ∧ * * * ∧ x2 ≠ xn ∧ ... xn−1 ≠ xn ∧ ∀y (y = x1 ∨ . . . y = xn) . . . )) is true in a structure M iff |M | contains exactly n elements. 122 CHAPTER 6. THEORIES AND THEIR MODELS Proposition 6.13. A structure is infinite iff it is a model of {A≥1,A≥2,A≥3, . . . }. There is no single purely logical sentence which is true in M iff |M | is infinite. However, one can give sentences with non-logical predicate symbols which only have infinite models (although not every infinite structure is a model of them). The property of being a finite structure, and the property of being a uncountable structure cannot even be expressed with an infinite set of sentences. These facts follow from the compactness and Löwenheim-Skolem theorems. Summary Sets of sentences in a sense describe the structures in which they are jointly true; these structures are their models. Conversely, if we start with a structure or set of structures, we might be interested in the set of sentences they are models of, this is the theory of the structure or set of structures. Any such set of sentences has the property that every sentence entailed by them is already in the set; they are closed. More generally, we call a set Γ a theory if it is closed under entailment, and say Γ is axiomatized by ∆ is Γ consists of all sentences entailed by ∆. Mathematics yields many examples of theories, e.g., the theories of linear orders, of groups, or theories of arithmetic, e.g., the theory axiomatized by Peano's axioms. But there are many examples of important theories in other disciplines as well, e.g., relational databases may be thought of as theories, and metaphysics concerns itself with theories of parthood which can be axiomatized. One significant question when setting up a theory for study is whether its language is expressive enough to allow us to formulate everything we want the theory to talk about, and another is whether it is strong enough to prove what we want it to prove. 123 6.6. EXPRESSING THE SIZE OF STRUCTURES To express a relation we need a formula with the requisite number of free variables. In set theory, we only have ∈ as a relation symbol, but it allows us to express x ⊆ y using ∀u (u ∈ x→u ∈ y). Zermelo-Fraenkel set theory ZFC, in fact, is strong enough to both express (almost) every mathematical claim and to (almost) prove every mathematical theorem using a handful of axioms and a chain of increasingly complicated definitions such as that of ⊆. Problems Problem 6.1. Find formulas in LA which define the following relations: 1. n is between i and j ; 2. n evenly divides m (i.e., m is a multiple of n); 3. n is a prime number (i.e., no number other than 1 and n evenly divides n). Problem 6.2. Suppose the formula A(v1, v2) expresses the relation R ⊆ |M |2 in a structure M. Find formulas that express the following relations: 1. the inverse R−1 of R; 2. the relative product R | R; Can you find a way to express R+, the transitive closure of R? Problem 6.3. Let L be the language containing a 2-place predicate symbol < only (no other constant symbols, function symbols or predicate symbols- except of course =). Let N be the structure such that |N | = N, and <N = {⟨n,m⟩ : n < m}. Prove the following: 1. {0} is definable in N; 2. {1} is definable in N; 124 CHAPTER 6. THEORIES AND THEIR MODELS 3. {2} is definable in N; 4. for each n ∈ N, the set {n} is definable in N; 5. every finite subset of |N | is definable in N; 6. every co-finite subset of |N | is definable in N (where X ⊆ N is co-finite iff N \ X is finite). Problem 6.4. Show that the comprehension principle is inconsistent by giving a derivation that shows ∃y ∀x (x ∈ y ↔ x ∉ x) ⊢ ⊥. It may help to first show (A→¬A) ∧ (¬A→ A) ⊢ ⊥. CHAPTER 7 Derivation Systems 7.1 Introduction Logics commonly have both a semantics and a derivation system. The semantics concerns concepts such as truth, satisfiability, validity, and entailment. The purpose of derivation systems is to provide a purely syntactic method of establishing entailment and validity. They are purely syntactic in the sense that a derivation in such a system is a finite syntactic object, usually a sequence (or other finite arrangement) of sentences or formulas. Good derivation systems have the property that any given sequence or arrangement of sentences or formulas can be verified mechanically to be "correct." The simplest (and historically first) derivation systems for first-order logic were axiomatic. A sequence of formulas counts as a derivation in such a system if each individual formula in it is either among a fixed set of "axioms" or follows from formulas coming before it in the sequence by one of a fixed number of "inference rules"-and it can be mechanically verified if a formula is an axiom and whether it follows correctly from other formulas by one of the inference rules. Axiomatic proof systems are easy to describe-and also easy to handle meta-theoretically- 125 126 CHAPTER 7. DERIVATION SYSTEMS but derivations in them are hard to read and understand, and are also hard to produce. Other derivation systems have been developed with the aim of making it easier to construct derivations or easier to understand derivations once they are complete. Examples are natural deduction, truth trees, also known as tableaux proofs, and the sequent calculus. Some derivation systems are designed especially with mechanization in mind, e.g., the resolution method is easy to implement in software (but its derivations are essentially impossible to understand). Most of these other proof systems represent derivations as trees of formulas rather than sequences. This makes it easier to see which parts of a derivation depend on which other parts. So for a given logic, such as first-order logic, the different derivation systems will give different explications of what it is for a sentence to be a theorem and what it means for a sentence to be derivable from some others. However that is done (via axiomatic derivations, natural deductions, sequent derivations, truth trees, resolution refutations), we want these relations to match the semantic notions of validity and entailment. Let's write ⊢ A for "A is a theorem" and "Γ ⊢ A" for "A is derivable from Γ ." However ⊢ is defined, we want it to match up with ⊨, that is: 1. ⊢ A if and only if ⊨ A 2. Γ ⊢ A if and only if Γ ⊨ A The "only if" direction of the above is called soundness. A derivation system is sound if derivability guarantees entailment (or validity). Every decent derivation system has to be sound; unsound derivation systems are not useful at all. After all, the entire purpose of a derivation is to provide a syntactic guarantee of validity or entailment. We'll prove soundness for the derivation systems we present. The converse "if" direction is also important: it is called completeness. A complete derivation system is strong enough to show 127 7.2. THE SEQUENT CALCULUS that A is a theorem whenever A is valid, and that Γ ⊢ A whenever Γ ⊨ A. Completeness is harder to establish, and some logics have no complete derivation systems. First-order logic does. Kurt Gödel was the first one to prove completeness for a derivation system of first-order logic in his 1929 dissertation. Another concept that is connected to derivation systems is that of consistency. A set of sentences is called inconsistent if anything whatsoever can be derived from it, and consistent otherwise. Inconsistency is the syntactic counterpart to unsatisfiablity: like unsatisfiable sets, inconsistent sets of sentences do not make good theories, they are defective in a fundamental way. Consistent sets of sentences may not be true or useful, but at least they pass that minimal threshold of logical usefulness. For different derivation systems the specific definition of consistency of sets of sentences might differ, but like ⊢, we want consistency to coincide with its semantic counterpart, satisfiability. We want it to always be the case that Γ is consistent if and only if it is satisfiable. Here, the "if" direction amounts to completeness (consistency guarantees satisfiability), and the "only if" direction amounts to soundness (satisfiability guarantees consistency). In fact, for classical first-order logic, the two versions of soundness and completeness are equivalent. 7.2 The Sequent Calculus While many derivation systems operate with arrangements of sentences, the sequent calculus operates with sequents. A sequent is an expression of the form A1, . . . ,Am ⇒ B1, . . . ,Bm, that is a pair of sequences of sentences, separated by the sequent symbol⇒. Either sequence may be empty. A derivation in the sequent calculus is a tree of sequents, where the topmost sequents are of a special form (they are called "initial sequents" or "axioms") and every other sequent follows from the sequents imme128 CHAPTER 7. DERIVATION SYSTEMS diately above it by one of the rules of inference. The rules of inference either manipulate the sentences in the sequents (adding, removing, or rearranging them on either the left or the right), or they introduce a complex formula in the conclusion of the rule. For instance, the ∧L rule allows the inference from A, Γ ⇒ ∆ to A∧B, Γ ⇒ ∆, and the →R allows the inference from A, Γ ⇒ ∆,B to Γ ⇒ ∆,A→B , for any Γ , ∆, A, and B . (In particular, Γ and ∆ may be empty.) The ⊢ relation based on the sequent calculus is defined as follows: Γ ⊢ A iff there is some sequence Γ0 such that every A in Γ0 is in Γ and there is a derivation with the sequent Γ0 ⇒ A at its root. A is a theorem in the sequent calculus if the sequent ⇒ A has a derivation. For instance, here is a derivation that shows that ⊢ (A ∧ B) → A: A ⇒ A ∧LA ∧ B ⇒ A →R ⇒ (A ∧ B) → A A set Γ is inconsistent in the sequent calculus if there is a derivation of Γ0 ⇒ (where every A ∈ Γ0 is in Γ and the right side of the sequent is empty). Using the rule WR, any sentence can be derived from an inconsistent set. The sequent calculus was invented in the 1930s by Gerhard Gentzen. Because of its systematic and symmetric design, it is a very useful formalism for developing a theory of derivations. It is relatively easy to find derivations in the sequent calculus, but these derivations are often hard to read and their connection to proofs are sometimes not easy to see. It has proved to be a very elegant approach to derivation systems, however, and many logics have sequent calculus systems. 7.3 Natural Deduction Natural deduction is a derivation system intended to mirror actual reasoning (especially the kind of regimented reasoning em129 7.3. NATURAL DEDUCTION ployed by mathematicians). Actual reasoning proceeds by a number of "natural" patterns. For instance, proof by cases allows us to establish a conclusion on the basis of a disjunctive premise, by establishing that the conclusion follows from either of the disjuncts. Indirect proof allows us to establish a conclusion by showing that its negation leads to a contradiction. Conditional proof establishes a conditional claim "if . . . then . . . " by showing that the consequent follows from the antecedent. Natural deduction is a formalization of some of these natural inferences. Each of the logical connectives and quantifiers comes with two rules, an introduction and an elimination rule, and they each correspond to one such natural inference pattern. For instance, →Intro corresponds to conditional proof, and ∨Elim to proof by cases. A particularly simple rule is ∧Elim which allows the inference from A ∧ B to A (or B). One feature that distinguishes natural deduction from other derivation systems is its use of assumptions. A derivation in natural deduction is a tree of formulas. A single formula stands at the root of the tree of formulas, and the "leaves" of the tree are formulas from which the conclusion is derived. In natural deduction, some leaf formulas play a role inside the derivation but are "used up" by the time the derivation reaches the conclusion. This corresponds to the practice, in actual reasoning, of introducing hypotheses which only remain in effect for a short while. For instance, in a proof by cases, we assume the truth of each of the disjuncts; in conditional proof, we assume the truth of the antecedent; in indirect proof, we assume the truth of the negation of the conclusion. This way of introducing hypothetical assumptions and then doing away with them in the service of establishing an intermediate step is a hallmark of natural deduction. The formulas at the leaves of a natural deduction derivation are called assumptions, and some of the rules of inference may "discharge" them. For instance, if we have a derivation of B from some assumptions which include A, then the →Intro rule allows us to infer A→ B and discharge any assumption of the form A. (To keep track of which assumptions are discharged at which in130 CHAPTER 7. DERIVATION SYSTEMS ferences, we label the inference and the assumptions it discharges with a number.) The assumptions that remain undischarged at the end of the derivation are together sufficient for the truth of the conclusion, and so a derivation establishes that its undischarged assumptions entail its conclusion. The relation Γ ⊢ A based on natural deduction holds iff there is a derivation in whichA is the last sentence in the tree, and every leaf which is undischarged is in Γ . A is a theorem in natural deduction iff there is a derivation in which A is the last sentence and all assumptions are discharged. For instance, here is a derivation that shows that ⊢ (A ∧ B) → A: [A ∧ B]1 ∧ElimA 1 →Intro (A ∧ B) → A The label 1 indicates that the assumption A ∧ B is discharged at the →Intro inference. A set Γ is inconsistent iff Γ ⊢ ⊥ in natural deduction. The rule ⊥I makes it so that from an inconsistent set, any sentence can be derived. Natural deduction systems were developed by Gerhard Gentzen and Stanisław Jaśkowski in the 1930s, and later developed by Dag Prawitz and Frederic Fitch. Because its inferences mirror natural methods of proof, it is favored by philosophers. The versions developed by Fitch are often used in introductory logic textbooks. In the philosophy of logic, the rules of natural deduction have sometimes been taken to give the meanings of the logical operators ("proof-theoretic semantics"). 7.4 Tableaux While many derivation systems operate with arrangements of sentences, tableaux operate with signed formulas. A signed formula is a pair consisting of a truth value sign (T or F) and a sentence TA or F A. 131 7.4. TABLEAUX A tableau consists of signed formulas arranged in a downwardbranching tree. It begins with a number of assumptions and continues with signed formulas which result from one of the signed formulas above it by applying one of the rules of inference. Each rule allows us to add one or more signed formulas to the end of a branch, or two signed formulas side by side-in this case a branch splits into two, with the two added signed formulas forming the ends of the two branches. A rule applied to a complex signed formula results in the addition of signed formulas which are immediate sub-formulas. They come in pairs, one rule for each of the two signs. For instance, the ∧T rule applies to TA ∧ B , and allows the addition of both the two signed formulas TA and TB to the end of any branch containing TA ∧ B , and the rule A ∧ BF allows a branch to be split by adding F A and F B side-by-side. A tableau is closed if every one of its branches contains a matching pair of signed formulas TA and F A. The ⊢ relation based on tableaux is defined as follows: Γ ⊢ A iff there is some finite set Γ0 = {B1, . . . ,Bn} ⊆ Γ such that there is a closed tableau for the assumptions {F A,TB1, . . . ,TBn} For instance, here is a closed tableau that shows that ⊢ (A∧B)→A: 1. 2. 3. 4. 5. F (A ∧ B) → A TA ∧ B F A TA TB ⊗ Assumption →F 1 →F 1 →T 2 →T 2 A set Γ is inconsistent in the tableau calculus if there is a closed tableau for assumptions {TB1, . . . ,TBn} 132 CHAPTER 7. DERIVATION SYSTEMS for some Bi ∈ Γ . Tableaux were invented in the 1950s independently by Evert Beth and Jaakko Hintikka, and simplified and popularized by Raymond Smullyan. They are very easy to use, since constructing a tableau is a very systematic procedure. Because of the systematic nature of tableaux, they also lend themselves to implementation by computer. However, a tableau is often hard to read and their connection to proofs are sometimes not easy to see. The approach is also quite general, and many different logics have tableau systems. Tableaux also help us to find structures that satisfy given (sets of) sentences: if the set is satisfiable, it won't have a closed tableau, i.e., any tableau will have an open branch. The satisfying structure can be "read off" an open branch, provided every rule it is possible to apply has been applied on that branch. There is also a very close connection to the sequent calculus: essentially, a closed tableau is a condensed derivation in the sequent calculus, written upside-down. 7.5 Axiomatic Derivations Axiomatic derivations are the oldest and simplest logical derivation systems. Its derivations are simply sequences of sentences. A sequence of sentences conunts as a correct derivation if every sentence A in it satisfies one of the following conditions: 1. A is an axiom, or 2. A is an element of a given set Γ of sentences, or 3. A is justified by a rule of inference. To be an axiom, A has to have the form of on of a number of fixed sentence schemas. There are many sets of axiom schemas that provide a satisfactory (sound and complete) derivation system for first-order logic. Some are organized according to the connectives they govern, e.g., the schemas A→ (B → A) B → (B ∨C ) (B ∧C ) → B 133 7.5. AXIOMATIC DERIVATIONS are common axioms that govern →, ∨ and ∧. Some axiom systems aim at a minimal number of axioms. Depending on the connectives that are taken as primitives, it is even possible to find axiom systems that consist of a single axiom. A rule of inference is a conditional statement that gives a sufficient condition for a sentence in a derivation to be justified. Modus ponens is one very common such rule: it says that if A and A→ B are already justified, then B is justified. This means that a line in a derivation containing the sentence B is justified, provided that both A and A→ B (for some sentence A) appear in the derivation before B . The ⊢ relation based on axiomatic derivations is defined as follows: Γ ⊢ A iff there is a derivation with the sentence A as its last formula (and Γ is taken as the set of sentences in that derivation which are justified by (2) above). A is a theorem if A has a derivation where Γ is empty, i.e., every sentence in the derivation is justfied either by (1) or (3). For instance, here is a derivation that shows that ⊢ A→ (B → (B ∨ A)): 1. B → (B ∨ A) 2. (B → (B ∨ A)) → (A→ (B → (B ∨ A))) 3. A→ (B → (B ∨ A)) The sentence on line 1 is of the form of the axiom A→ (A ∨ B) (with the roles of A and B reversed). The sentence on line 2 is of the form of the axiom A→(B→A). Thus, both lines are justified. Line 3 is justified by modus ponens: if we abbreviate it as D , then line 2 has the form C →D , where C is B → (B ∨ A), i.e., line 1. A set Γ is inconsistent if Γ ⊢ ⊥. A complete axiom system will also prove that ⊥→ A for any A, and so if Γ is inconsistent, then Γ ⊢ A for any A. Systems of axiomatic derivations for logic were first given by Gottlob Frege in his 1879 Begriffsschrift, which for this reason is often considered the first work of modern logic. They were perfected in Alfred North Whitehead and Bertrand Russell's Principia Mathematica and by David Hilbert and his students in the 134 CHAPTER 7. DERIVATION SYSTEMS 1920s. They are thus often called "Frege systems" or "Hilbert systems." They are very versatile in that it is often easy to find an axiomatic system for a logic. Because derivations have a very simple structure and only one or two inference rules, it is also relatively easy to prove things about them. However, they are very hard to use in practice, i.e., it is difficult to find and write proofs. CHAPTER 8 The Sequent Calculus 8.1 Rules and Derivations For the following, let Γ, ∆, Π, Λ represent finite sequences of sentences. Definition 8.1 (Sequent). A sequent is an expression of the form Γ ⇒ ∆ where Γ and ∆ are finite (possibly empty) sequences of sentences of the language L. Γ is called the antecedent, while ∆ is the succedent. The intuitive idea behind a sequent is: if all of the sentences in the antecedent hold, then at least one of the sentences in the succedent holds. That is, if Γ = ⟨A1, . . . ,Am⟩ and ∆ = ⟨B1, . . . ,Bn⟩, then Γ ⇒ ∆ holds iff (A1 ∧ * * * ∧ Am) → (B1 ∨ * * * ∨ Bn) holds. There are two special cases: where Γ is empty and when ∆ is empty. When Γ is empty, i.e., m = 0, ⇒ ∆ holds iff B1∨* * *∨ 135 136 CHAPTER 8. THE SEQUENT CALCULUS Bn holds. When ∆ is empty, i.e., n = 0, Γ ⇒ holds iff ¬(A1 ∧ * * * ∧ Am) does. We say a sequent is valid iff the corresponding sentence is valid. If Γ is a sequence of sentences, we write Γ,A for the result of appending A to the right end of Γ (and A, Γ for the result of appending A to the left end of Γ). If ∆ is a sequence of sentences also, then Γ, ∆ is the concatenation of the two sequences. Definition 8.2 (Initial Sequent). An initial sequent is a sequent of one of the following forms: 1. A ⇒ A 2. ⊥ ⇒ for any sentence A in the language. Derivations in the sequent calculus are certain trees of sequents, where the topmost sequents are initial sequents, and if a sequent stands below one or two other sequents, it must follow correctly by a rule of inference. The rules for LK are divided into two main types: logical rules and structural rules. The logical rules are named for the main operator of the sentence containing A and/or B in the lower sequent. Each one comes in two versions, one for inferring a sequent with the sentence containg the logical operator on the left, and one with the sentence on the right. 8.2 Propositional Rules Rules for ¬ Γ ⇒ ∆,A ¬L ¬A, Γ ⇒ ∆ A, Γ ⇒ ∆ ¬R Γ ⇒ ∆,¬A Rules for ∧ 137 8.3. QUANTIFIER RULES A, Γ ⇒ ∆ ∧LA ∧ B, Γ ⇒ ∆ B, Γ ⇒ ∆ ∧LA ∧ B, Γ ⇒ ∆ Γ ⇒ ∆,A Γ ⇒ ∆,B ∧R Γ ⇒ ∆,A ∧ B Rules for ∨ A, Γ ⇒ ∆ B, Γ ⇒ ∆ ∨LA ∨ B, Γ ⇒ ∆ Γ ⇒ ∆,A ∨R Γ ⇒ ∆,A ∨ B Γ ⇒ ∆,B ∨R Γ ⇒ ∆,A ∨ B Rules for → Γ ⇒ ∆,A B, Π ⇒ Λ →LA→ B, Γ, Π ⇒ ∆, Λ A, Γ ⇒ ∆,B →R Γ ⇒ ∆,A→ B 8.3 Quantifier Rules Rules for ∀ A(t ), Γ ⇒ ∆ ∀L ∀x A(x), Γ ⇒ ∆ Γ ⇒ ∆,A(a) ∀R Γ ⇒ ∆,∀x A(x) In ∀L, t is a closed term (i.e., one without variables). In ∀R, a is a constant symbol which must not occur anywhere in the lower sequent of the ∀R rule. We call a the eigenvariable of the ∀R inference. Rules for ∃ A(a), Γ ⇒ ∆ ∃L ∃x A(x), Γ ⇒ ∆ Γ ⇒ ∆,A(t ) ∃R Γ ⇒ ∆,∃x A(x) 138 CHAPTER 8. THE SEQUENT CALCULUS Again, t is a closed term, and a is a constant symbol which does not occur in the lower sequent of the ∃L rule. We call a the eigenvariable of the ∃L inference. The condition that an eigenvariable not occur in the lower sequent of the ∀R or ∃L inference is called the eigenvariable condition. We use the term "eigenvariable" even though a in the above rules is a constant symbol. This has historical reasons. In ∃R and ∀L there are no restrictions on the term t . On the other hand, in the ∃L and ∀R rules, the eigenvariable condition requires that the constant symbol a does not occur anywhere outside of A(a) in the upper sequent. It is necessary to ensure that the system is sound, i.e., only derives sequents that are valid. Without this condition, the following would be allowed: A(a) ⇒ A(a) *∃L ∃x A(x) ⇒ A(a) ∀R ∃x A(x) ⇒ ∀x A(x) A(a) ⇒ A(a) *∀RA(a) ⇒ ∀x A(x) ∃L ∃x A(x) ⇒ ∀x A(x) However, ∃x A(x) ⇒ ∀x A(x) is not valid. 8.4 Structural Rules We also need a few rules that allow us to rearrange sentences in the left and right side of a sequent. Since the logical rules require that the sentences in the premise which the rule acts upon stand either to the far left or to the far right, we need an "exchange" rule that allows us to move sentences to the right position. It's also important sometimes to be able to combine two identical sentences into one, and to add a sentence on either side. Weakening Γ ⇒ ∆ WLA, Γ ⇒ ∆ Γ ⇒ ∆ WR Γ ⇒ ∆,A 139 8.5. DERIVATIONS Contraction A,A, Γ ⇒ ∆ CLA, Γ ⇒ ∆ Γ ⇒ ∆,A,A CR Γ ⇒ ∆,A Exchange Γ,A,B, Π ⇒ ∆ XL Γ,B,A, Π ⇒ ∆ Γ ⇒ ∆,A,B, Λ XR Γ ⇒ ∆,B,A, Λ A series of weakening, contraction, and exchange inferences will often be indicated by double inference lines. The following rule, called "cut," is not strictly speaking necessary, but makes it a lot easier to reuse and combine derivations. Γ ⇒ ∆,A A, Π ⇒ Λ Cut Γ, Π ⇒ ∆, Λ 8.5 Derivations We've said what an initial sequent looks like, and we've given the rules of inference. Derivations in the sequent calculus are inductively generated from these: each derivation either is an initial sequent on its own, or consists of one or two derivations followed by an inference. Definition 8.3 (LK derivation). An LK-derivation of a sequent S is a tree of sequents satisfying the following conditions: 1. The topmost sequents of the tree are initial sequents. 2. The bottommost sequent of the tree is S . 3. Every sequent in the tree except S is a premise of a correct application of an inference rule whose conclusion stands 140 CHAPTER 8. THE SEQUENT CALCULUS directly below that sequent in the tree. We then say that S is the end-sequent of the derivation and that S is derivable in LK (or LK-derivable). Example 8.4. Every initial sequent, e.g., C ⇒ C is a derivation. We can obtain a new derivation from this by applying, say, the WL rule, Γ ⇒ ∆ WLA, Γ ⇒ ∆ The rule, however, is meant to be general: we can replace the A in the rule with any sentence, e.g., also with D . If the premise matches our initial sequent C ⇒ C , that means that both Γ and ∆ are just C , and the conclusion would then be D,C ⇒ C . So, the following is a derivation: C ⇒ C WLD,C ⇒ C We can now apply another rule, say XL, which allows us to switch two sentences on the left. So, the following is also a correct derivation: C ⇒ C WLD,C ⇒ C XLC,D ⇒ C In this application of the rule, which was given as Γ,A,B, Π ⇒ ∆ XL Γ,B,A, Π ⇒ ∆, both Γ and Π were empty, ∆ is C , and the roles of A and B are played by D and C , respectively. In much the same way, we also see that D ⇒ D WLC,D ⇒ D 141 8.6. EXAMPLES OF DERIVATIONS is a derivation. Now we can take these two derivations, and combine them using ∧R. That rule was Γ ⇒ ∆,A Γ ⇒ ∆,B ∧R Γ ⇒ ∆,A ∧ B In our case, the premises must match the last sequents of the derivations ending in the premises. That means that Γ is C,D , ∆ is empty, A is C and B is D . So the conclusion, if the inference should be correct, is C,D ⇒ C ∧D . C ⇒ C WLD,C ⇒ C XLC,D ⇒ C D ⇒ D WLC,D ⇒ D ∧RC,D ⇒ C ∧D Of course, we can also reverse the premises, then A would be D and B would be C . D ⇒ D WLC,D ⇒ D C ⇒ C WLD,C ⇒ C XLC,D ⇒ C ∧RC,D ⇒ D ∧C 8.6 Examples of Derivations Example 8.5. Give an LK-derivation for the sequent A∧B ⇒ A. We begin by writing the desired end-sequent at the bottom of the derivation. A ∧ B ⇒ A Next, we need to figure out what kind of inference could have a lower sequent of this form. This could be a structural rule, but it is a good idea to start by looking for a logical rule. The only logical connective occurring in the lower sequent is ∧, so we're looking for an ∧ rule, and since the ∧ symbol occurs in the antecedent, we're looking at the ∧L rule. 142 CHAPTER 8. THE SEQUENT CALCULUS ∧LA ∧ B ⇒ A There are two options for what could have been the upper sequent of the ∧L inference: we could have an upper sequent of A ⇒ A, or of B ⇒ A. Clearly, A ⇒ A is an initial sequent (which is a good thing), while B ⇒ A is not derivable in general. We fill in the upper sequent: A ⇒ A ∧LA ∧ B ⇒ A We now have a correct LK-derivation of the sequent A ∧B ⇒ A. Example 8.6. Give an LK-derivation for the sequent ¬A∨B ⇒ A→ B . Begin by writing the desired end-sequent at the bottom of the derivation. ¬A ∨ B ⇒ A→ B To find a logical rule that could give us this end-sequent, we look at the logical connectives in the end-sequent: ¬, ∨, and →. We only care at the moment about ∨ and → because they are main operators of sentences in the end-sequent, while ¬ is inside the scope of another connective, so we will take care of it later. Our options for logical rules for the final inference are therefore the ∨L rule and the →R rule. We could pick either rule, really, but let's pick the →R rule (if for no reason other than it allows us to put off splitting into two branches). According to the form of →R inferences which can yield the lower sequent, this must look like: A,¬A ∨ B ⇒ B →R ¬A ∨ B ⇒ A→ B If we move ¬A ∨ B to the outside of the antecedent, we can apply the ∨L rule. According to the schema, this must split into two upper sequents as follows: 143 8.6. EXAMPLES OF DERIVATIONS ¬A,A ⇒ B B,A ⇒ B ∨L ¬A ∨ B,A ⇒ B XRA,¬A ∨ B ⇒ B →R ¬A ∨ B ⇒ A→ B Remember that we are trying to wind our way up to initial sequents; we seem to be pretty close! The right branch is just one weakening and one exchange away from an initial sequent and then it is done: ¬A,A ⇒ B B ⇒ B WLA,B ⇒ B XLB,A ⇒ B ∨L ¬A ∨ B,A ⇒ B XRA,¬A ∨ B ⇒ B →R ¬A ∨ B ⇒ A→ B Now looking at the left branch, the only logical connective in any sentence is the ¬ symbol in the antecedent sentences, so we're looking at an instance of the ¬L rule. A ⇒ B,A ¬L ¬A,A ⇒ B B ⇒ B WLA,B ⇒ B XLB,A ⇒ B ∨L ¬A ∨ B,A ⇒ B XRA,¬A ∨ B ⇒ B →R ¬A ∨ B ⇒ A→ B Similarly to how we finished off the right branch, we are just one weakening and one exchange away from finishing off this left branch as well. A ⇒ A WRA ⇒ A,B XRA ⇒ B,A ¬L ¬A,A ⇒ B B ⇒ B WLA,B ⇒ B XLB,A ⇒ B ∨L ¬A ∨ B,A ⇒ B XRA,¬A ∨ B ⇒ B →R ¬A ∨ B ⇒ A→ B 144 CHAPTER 8. THE SEQUENT CALCULUS Example 8.7. Give an LK-derivation of the sequent ¬A∨¬B ⇒ ¬(A ∧ B) Using the techniques from above, we start by writing the desired end-sequent at the bottom. ¬A ∨ ¬B ⇒ ¬(A ∧ B) The available main connectives of sentences in the end-sequent are the ∨ symbol and the ¬ symbol. It would work to apply either the ∨L or the ¬R rule here, but we start with the ¬R rule because it avoids splitting up into two branches for a moment: A ∧ B,¬A ∨ ¬B ⇒ ¬R ¬A ∨ ¬B ⇒ ¬(A ∧ B) Now we have a choice of whether to look at the ∧L or the ∨L rule. Let's see what happens when we apply the ∧L rule: we have a choice to start with either the sequent A,¬A ∨ B ⇒ or the sequent B,¬A∨B ⇒ . Since the proof is symmetric with regards to A and B , let's go with the former: A,¬A ∨ ¬B ⇒ ∧LA ∧ B,¬A ∨ ¬B ⇒ ¬R ¬A ∨ ¬B ⇒ ¬(A ∧ B) Continuing to fill in the derivation, we see that we run into a problem: A ⇒ A ¬L ¬A,A ⇒ ?A ⇒ B ¬L ¬B,A ⇒ ∨L ¬A ∨ ¬B,A ⇒ XLA,¬A ∨ ¬B ⇒ ∧LA ∧ B,¬A ∨ ¬B ⇒ ¬R ¬A ∨ ¬B ⇒ ¬(A ∧ B) The top of the right branch cannot be reduced any further, and it cannot be brought by way of structural inferences to an initial sequent, so this is not the right path to take. So clearly, it was a 145 8.6. EXAMPLES OF DERIVATIONS mistake to apply the ∧L rule above. Going back to what we had before and carrying out the ∨L rule instead, we get ¬A,A ∧ B ⇒ ¬B,A ∧ B ⇒ ∨L ¬A ∨ ¬B,A ∧ B ⇒ XLA ∧ B,¬A ∨ ¬B ⇒ ¬R ¬A ∨ ¬B ⇒ ¬(A ∧ B) Completing each branch as we've done before, we get A ⇒ A ∧LA ∧ B ⇒ A ¬L ¬A,A ∧ B ⇒ B ⇒ B ∧LA ∧ B ⇒ B ¬L ¬B,A ∧ B ⇒ ∨L ¬A ∨ ¬B,A ∧ B ⇒ XLA ∧ B,¬A ∨ ¬B ⇒ ¬R ¬A ∨ ¬B ⇒ ¬(A ∧ B) (We could have carried out the ∧ rules lower than the ¬ rules in these steps and still obtained a correct derivation). Example 8.8. So far we haven't used the contraction rule, but it is sometimes required. Here's an example where that happens. Suppose we want to prove ⇒ A∨¬A. Applying ∨R backwards would give us one of these two derivations: ⇒ A ∨R ⇒ A ∨ ¬A A ⇒ ¬R ⇒ ¬A ∨R ⇒ A ∨ ¬A Neither of these of course ends in an initial sequent. The trick is to realize that the contraction rule allows us to combine two copies of a sentence into one-and when we're searching for a proof, i.e., going from bottom to top, we can keep a copy of A ∨ ¬A in the premise, e.g., ⇒ A ∨ ¬A,A ∨R ⇒ A ∨ ¬A,A ∨ ¬A CR ⇒ A ∨ ¬A 146 CHAPTER 8. THE SEQUENT CALCULUS Now we can apply ∨R a second time, and also get ¬A, which leads to a complete derivation. A ⇒ A ¬R ⇒ A,¬A ∨R ⇒ A,A ∨ ¬A XR ⇒ A ∨ ¬A,A ∨R ⇒ A ∨ ¬A,A ∨ ¬A CR ⇒ A ∨ ¬A 8.7 Derivations with Quantifiers Example 8.9. Give anLK-derivation of the sequent ∃x ¬A(x) ⇒ ¬∀x A(x). When dealing with quantifiers, we have to make sure not to violate the eigenvariable condition, and sometimes this requires us to play around with the order of carrying out certain inferences. In general, it helps to try and take care of rules subject to the eigenvariable condition first (they will be lower down in the finished proof). Also, it is a good idea to try and look ahead and try to guess what the initial sequent might look like. In our case, it will have to be something like A(a) ⇒ A(a). That means that when we are "reversing" the quantifier rules, we will have to pick the same term-what we will call a-for both the ∀ and the ∃ rule. If we picked different terms for each rule, we would end up with something like A(a) ⇒ A(b), which, of course, is not derivable. Starting as usual, we write ∃x ¬A(x) ⇒ ¬∀x A(x) We could either carry out the ∃L rule or the ¬R rule. Since the ∃L rule is subject to the eigenvariable condition, it's a good idea to take care of it sooner rather than later, so we'll do that one first. 147 8.8. PROOF-THEORETIC NOTIONS ¬A(a) ⇒ ¬∀x A(x) ∃L ∃x ¬A(x) ⇒ ¬∀x A(x) Applying the ¬L and ¬R rules backwards, we get ∀x A(x) ⇒ A(a) ¬L ¬A(a),∀x A(x) ⇒ XL ∀x A(x),¬A(a) ⇒ ¬R ¬A(a) ⇒ ¬∀xA(x) ∃L ∃x¬A(x) ⇒ ¬∀xA(x) At this point, our only option is to carry out the ∀L rule. Since this rule is not subject to the eigenvariable restriction, we're in the clear. Remember, we want to try and obtain an initial sequent (of the form A(a) ⇒ A(a)), so we should choose a as our argument for A when we apply the rule. A(a) ⇒ A(a) ∀L ∀x A(x) ⇒ A(a) ¬L ¬A(a),∀x A(x) ⇒ XL ∀x A(x),¬A(a) ⇒ ¬R ¬A(a) ⇒ ¬∀x A(x) ∃L ∃x ¬A(x) ⇒ ¬∀x A(x) It is important, especially when dealing with quantifiers, to double check at this point that the eigenvariable condition has not been violated. Since the only rule we applied that is subject to the eigenvariable condition was ∃L, and the eigenvariable a does not occur in its lower sequent (the end-sequent), this is a correct derivation. 8.8 Proof-Theoretic Notions Just as we've defined a number of important semantic notions (validity, entailment, satisfiabilty), we now define corresponding proof-theoretic notions. These are not defined by appeal to satisfaction of sentences in structures, but by appeal to the derivability 148 CHAPTER 8. THE SEQUENT CALCULUS or non-derivability of certain sequents. It was an important discovery that these notions coincide. That they do is the content of the soundness and completeness theorem. Definition 8.10 (Theorems). A sentence A is a theorem if there is a derivation in LK of the sequent ⇒ A. We write ⊢ A if A is a theorem and ⊬ A if it is not. Definition 8.11 (Derivability). A sentence A is derivable from a set of sentences Γ , Γ ⊢ A, iff there is a finite subset Γ0 ⊆ Γ and a sequence Γ ′0 of the sentences in Γ0 such that LK derives Γ ′ 0 ⇒ A. If A is not derivable from Γ we write Γ ⊬ A. Because of the contraction, weakening, and exchange rules, the order and number of sentences in Γ ′0 does not matter: if a sequent Γ ′0 ⇒ A is derivable, then so is Γ ′′ 0 ⇒ A for any Γ ′′ 0 that contains the same sentences as Γ ′0 . For instance, if Γ0 = {B,C } then both Γ ′0 = ⟨B,B,C ⟩ and Γ ′′ 0 = ⟨C,C,B⟩ are sequences containing just the sentences in Γ0. If a sequent containing one is derivable, so is the other, e.g.: B,B,C ⇒ A CLB,C ⇒ A XLC,B ⇒ A WLC,C,B ⇒ A From now on we'll say that if Γ0 is a finite set of sentences then Γ0 ⇒ A is any sequent where the antecedent is a sequence of sentences in Γ0 and tacitly include contractions, exchanges, and weakenings if necessary. 149 8.8. PROOF-THEORETIC NOTIONS Definition 8.12 (Consistency). A set of sentences Γ is inconsistent iff there is a finite subset Γ0 ⊆ Γ such that LK derives Γ0 ⇒ . If Γ is not inconsistent, i.e., if for every finite Γ0 ⊆ Γ , LK does not derive Γ0 ⇒ , we say it is consistent. Proposition 8.13 (Reflexivity). If A ∈ Γ , then Γ ⊢ A. Proof. The initial sequent A ⇒ A is derivable, and {A} ⊆ Γ . □ Proposition 8.14 (Monotony). If Γ ⊆ ∆ and Γ ⊢ A, then ∆ ⊢ A. Proof. Suppose Γ ⊢ A, i.e., there is a finite Γ0 ⊆ Γ such that Γ0 ⇒ A is derivable. Since Γ ⊆ ∆, then Γ0 is also a finite subset of ∆. The derivation of Γ0 ⇒ A thus also shows ∆ ⊢ A. □ Proposition 8.15 (Transitivity). If Γ ⊢ A and {A} ∪ ∆ ⊢ B , then Γ ∪ ∆ ⊢ B . Proof. If Γ ⊢ A, there is a finite Γ0 ⊆ Γ and a derivation π0 of Γ0 ⇒ A. If {A} ∪ ∆ ⊢ B , then for some finite subset ∆0 ⊆ ∆, there is a derivation π1 of A, ∆0 ⇒ B . Consider the following derivation: π0 Γ0 ⇒ A π1 A, ∆0 ⇒ B Cut Γ0, ∆0 ⇒ B Since Γ0 ∪ ∆0 ⊆ Γ ∪ ∆, this shows Γ ∪ ∆ ⊢ B . □ Note that this means that in particular if Γ ⊢ A and A ⊢ B , then Γ ⊢ B . It follows also that if A1, . . . ,An ⊢ B and Γ ⊢ Ai for each i , then Γ ⊢ B . 150 CHAPTER 8. THE SEQUENT CALCULUS Proposition 8.16. Γ is inconsistent iff Γ ⊢ A for every sentence A. Proof. Exercise. □ Proposition 8.17 (Compactness). 1. If Γ ⊢ A then there is a finite subset Γ0 ⊆ Γ such that Γ0 ⊢ A. 2. If every finite subset of Γ is consistent, then Γ is consistent. Proof. 1. If Γ ⊢ A, then there is a finite subset Γ0 ⊆ Γ such that the sequent Γ0 ⇒ A has a derivation. Consequently, Γ0 ⊢ A. 2. If Γ is inconsistent, there is a finite subset Γ0 ⊆ Γ such that LK derives Γ0 ⇒ . But then Γ0 is a finite subset of Γ that is inconsistent. □ 8.9 Derivability and Consistency We will now establish a number of properties of the derivability relation. They are independently interesting, but each will play a role in the proof of the completeness theorem. Proposition 8.18. If Γ ⊢ A and Γ ∪ {A} is inconsistent, then Γ is inconsistent. Proof. There are finite Γ0 and Γ1 ⊆ Γ such that LK derives Γ0 ⇒ A and A, Γ1 ⇒ . Let the LK-derivation of Γ0 ⇒ A be π0 and the LK-derivation of Γ1,A ⇒ be π1. We can then derive π0 Γ0 ⇒ A π1 A, Γ1 ⇒ Cut Γ0, Γ1 ⇒ 151 8.9. DERIVABILITY AND CONSISTENCY Since Γ0 ⊆ Γ and Γ1 ⊆ Γ , Γ0 ∪ Γ1 ⊆ Γ , hence Γ is inconsistent. □ Proposition 8.19. Γ ⊢ A iff Γ ∪ {¬A} is inconsistent. Proof. First suppose Γ ⊢ A, i.e., there is a derivation π0 of Γ ⇒ A. By adding a ¬L rule, we obtain a derivation of ¬A, Γ ⇒ , i.e., Γ ∪ {¬A} is inconsistent. If Γ∪{¬A} is inconsistent, there is a derivation π1 of ¬A, Γ ⇒ . The following is a derivation of Γ ⇒ A: A ⇒ A ¬R ⇒ A,¬A π1 ¬A, Γ ⇒ Cut Γ ⇒ A □ Proposition 8.20. If Γ ⊢ A and ¬A ∈ Γ , then Γ is inconsistent. Proof. Suppose Γ ⊢ A and ¬A ∈ Γ . Then there is a derivation π of a sequent Γ0 ⇒ A. The sequent ¬A, Γ0 ⇒ is also derivable: π Γ0 ⇒ A A ⇒ A ¬L ¬A,A ⇒ XLA,¬A ⇒ Cut Γ,¬A ⇒ Since ¬A ∈ Γ and Γ0 ⊆ Γ , this shows that Γ is inconsistent. □ Proposition 8.21. If Γ ∪ {A} and Γ ∪ {¬A} are both inconsistent, then Γ is inconsistent. Proof. There are finite sets Γ0 ⊆ Γ and Γ1 ⊆ Γ and LKderivations π0 and π1 of A, Γ0 ⇒ and ¬A, Γ1 ⇒ , respectively. We can then derive 152 CHAPTER 8. THE SEQUENT CALCULUS π0 A, Γ0 ⇒ ¬R Γ0 ⇒ ¬A π1 ¬A, Γ1 ⇒ Cut Γ0, Γ1 ⇒ Since Γ0 ⊆ Γ and Γ1 ⊆ Γ , Γ0∪Γ1 ⊆ Γ . Hence Γ is inconsistent.□ 8.10 Derivability and the Propositional Connectives Proposition 8.22. 1. Both A ∧ B ⊢ A and A ∧ B ⊢ B . 2. A,B ⊢ A ∧ B . Proof. 1. Both sequents A ∧ B ⇒ A and A ∧ B ⇒ B are derivable: A ⇒ A ∧LA ∧ B ⇒ A B ⇒ B ∧LA ∧ B ⇒ B 2. Here is a derivation of the sequent A,B ⇒ A ∧ B : A ⇒ A B ⇒ B ∧RA,B ⇒ A ∧ B □ Proposition 8.23. 1. A ∨ B,¬A,¬B is inconsistent. 2. Both A ⊢ A ∨ B and B ⊢ A ∨ B . Proof. 1. We give a derivation of the sequent A∨B,¬A,¬B ⇒: A ⇒ A ¬L ¬A,A ⇒ A,¬A,¬B ⇒ B ⇒ B ¬L ¬B,B ⇒ B,¬A,¬B ⇒ ∨LA ∨ B,¬A,¬B ⇒ 153 8.11. DERIVABILITY AND THE QUANTIFIERS (Recall that double inference lines indicate several weakening, contraction, and exchange inferences.) 2. Both sequents A ⇒ A∨B and B ⇒ A∨B have derivations: A ⇒ A ∨RA ⇒ A ∨ B B ⇒ B ∨RB ⇒ A ∨ B □ Proposition 8.24. 1. A,A→ B ⊢ B . 2. Both ¬A ⊢ A→ B and B ⊢ A→ B . Proof. 1. The sequent A→ B,A ⇒ B is derivable: A ⇒ A B ⇒ B →LA→ B,A ⇒ B 2. Both sequents ¬A ⇒ A→B and B ⇒ A→B are derivable: A ⇒ A ¬L ¬A,A ⇒ XLA,¬A ⇒ WRA,¬A ⇒ B →R ¬A ⇒ A→ B B ⇒ B WLA,B ⇒ B →RB ⇒ A→ B □ 8.11 Derivability and the Quantifiers Theorem 8.25. If c is a constant not occurring in Γ or A(x) and Γ ⊢ A(c ), then Γ ⊢ ∀x A(x). Proof. Let π0 be an LK-derivation of Γ0 ⇒ A(c ) for some finite Γ0 ⊆ Γ . By adding a ∀R inference, we obtain a proof of Γ0 ⇒ ∀x A(x), since c does not occur in Γ or A(x) and thus the eigenvariable condition is satisfied. □ 154 CHAPTER 8. THE SEQUENT CALCULUS Proposition 8.26. 1. A(t ) ⊢ ∃x A(x). 2. ∀x A(x) ⊢ A(t ). Proof. 1. The sequent A(t ) ⇒ ∃x A(x) is derivable: A(t ) ⇒ A(t ) ∃R A(t ) ⇒ ∃x A(x) 2. The sequent ∀x A(x) ⇒ A(t ) is derivable: A(t ) ⇒ A(t ) ∀L ∀x A(x) ⇒ A(t ) □ 8.12 Soundness A derivation system, such as the sequent calculus, is sound if it cannot derive things that do not actually hold. Soundness is thus a kind of guaranteed safety property for derivation systems. Depending on which proof theoretic property is in question, we would like to know for instance, that 1. every derivable A is valid; 2. if a sentence is derivable from some others, it is also a consequence of them; 3. if a set of sentences is inconsistent, it is unsatisfiable. These are important properties of a derivation system. If any of them do not hold, the derivation system is deficient-it would derive too much. Consequently, establishing the soundness of a derivation system is of the utmost importance. Because all these proof-theoretic properties are defined via derivability in the sequent calculus of certain sequents, proving (1)–(3) above requires proving something about the semantic properties of derivable sequents. We will first define what it 155 8.12. SOUNDNESS means for a sequent to be valid, and then show that every derivable sequent is valid. (1)–(3) then follow as corollaries from this result. Definition 8.27. A structure M satisfies a sequent Γ ⇒ ∆ iff either M ⊭ A for some A ∈ Γ or M ⊨ A for some A ∈ ∆. A sequent is valid iff every structure M satisfies it. Theorem 8.28 (Soundness). If LK derives Θ⇒ Ξ , then Θ⇒ Ξ is valid. Proof. Let π be a derivation of Θ⇒ Ξ . We proceed by induction on the number of inferences n in π. If the number of inferences is 0, then π consists only of an initial sequent. Every initial sequent A ⇒ A is obviously valid, since for every M, either M ⊭ A or M ⊨ A. If the number of inferences is greater than 0, we distinguish cases according to the type of the lowermost inference. By induction hypothesis, we can assume that the premises of that inference are valid, since the number of inferences in the proof of any premise is smaller than n. First, we consider the possible inferences with only one premise. 1. The last inference is a weakening. Then Θ ⇒ Ξ is either A, Γ ⇒ ∆ (if the last inference is WL) or Γ ⇒ ∆,A (if it's WR), and the derivation ends in one of Γ ⇒ ∆ WLA, Γ ⇒ ∆ Γ ⇒ ∆ WR Γ ⇒ ∆,A By induction hypothesis, Γ ⇒ ∆ is valid, i.e., for every structure M, either there is some C ∈ Γ such that M ⊭ C or there is some C ∈ ∆ such that M ⊨ C . 156 CHAPTER 8. THE SEQUENT CALCULUS If M ⊭ C for some C ∈ Γ , then C ∈ Θ as well since Θ = A, Γ , and so M ⊭ C for some C ∈ Θ. Similarly, if M ⊨ C for some C ∈ ∆, as C ∈ Ξ , M ⊨ C for some C ∈ Ξ . Consequently, Θ⇒ Ξ is valid. 2. The last inference is ¬L: Then the premise of the last inference is Γ ⇒ ∆,A and the conclusion is ¬A, Γ ⇒ ∆, i.e., the derivation ends in Γ ⇒ ∆,A ¬L ¬A, Γ ⇒ ∆ and Θ = ¬A, Γ while Ξ = ∆. The induction hypothesis tells us that Γ ⇒ ∆,A is valid, i.e., for every M, either (a) for some C ∈ Γ , M ⊭ C , or (b) for some C ∈ ∆, M ⊨ C , or (c) M ⊨ A. We want to show that Θ⇒ Ξ is also valid. Let M be a structure. If (a) holds, then there is C ∈ Γ so that M ⊭ A, but A ∈ Θ as well. If (b) holds, there is C ∈ ∆ such that M ⊨ C , but C ∈ Ξ as well. Finally, if M ⊨ A, then M ⊭ ¬A. Since ¬A ∈ Θ, there is C ∈ Θ such that M ⊭ C . Consequently, Θ⇒ Ξ is valid. 3. The last inference is ¬R: Exercise. 4. The last inference is ∧L: There are two variants: A∧B may be inferred on the left from A or from B on the left side of the premise. In the first case, the π ends in A, Γ ⇒ ∆ ∧LA ∧ B, Γ ⇒ ∆ 157 8.12. SOUNDNESS and Θ = A ∧ B, Γ while Ξ = ∆. Consider a structure M. Since by induction hypothesis, A, Γ ⇒ ∆ is valid, (a) M ⊭ A, (b) M ⊭ C for some C ∈ Γ , or (c) M ⊨ C for some C ∈ ∆. In case (a), M ⊭ A ∧ B , so there is C ∈ Θ (namely, A ∧ B) such that M ⊭ C . In case (b), there is C ∈ Γ such that M ⊭ C , and C ∈ Θ as well. In case (c), there is C ∈ ∆ such that M ⊨ C , and C ∈ Ξ as well since Ξ = ∆. So in each case, M satisfies A∧B, Γ ⇒ ∆. Since M was arbitrary, Γ ⇒ ∆ is valid. The case where A ∧B is inferred from B is handled the same, changing A to B . 5. The last inference is ∨R: There are two variants: A∨B may be inferred on the right from A or from B on the right side of the premise. In the first case, π ends in Γ ⇒ ∆,A ∨R Γ ⇒ ∆,A ∨ B Now Θ = Γ and Ξ = ∆,A ∨ B . Consider a structure M. Since Γ ⇒ ∆,A is valid, (a) M ⊨ A, (b) M ⊭ C for some C ∈ Γ , or (c) M ⊨ C for someC ∈ ∆. In case (a), M ⊨ A∨B . In case (b), there is C ∈ Γ such that M ⊭ C . In case (c), there isC ∈ ∆ such that M ⊨ C . So in each case, M satisfies Γ ⇒ ∆,A ∨ B , i.e., Θ⇒ Ξ . Since M was arbitrary, Θ⇒ Ξ is valid. The case where A∨B is inferred from B is handled the same, changing A to B . 6. The last inference is →R: Then π ends in A, Γ ⇒ ∆,A →R Γ ⇒ ∆,A→ B 158 CHAPTER 8. THE SEQUENT CALCULUS Again, the induction hypothesis says that the premise is valid; we want to show that the conclusion is valid as well. Let M be arbitrary. Since A, Γ ⇒ ∆,B is valid, at least one of the following cases obtains: (a) M ⊭ A, (b) M ⊨ B , (c) M ⊭ C for some C ∈ Γ , or (c) M ⊨ C for some C ∈ ∆. In cases (a) and (b), M ⊨ A→B and so there is aC ∈ ∆,A→B such that M ⊨ C . In case (c), for some C ∈ Γ , M ⊭ C . In case (d), for some C ∈ ∆, M ⊨ C . In each case, M satisfies Γ ⇒ ∆,A→ B . Since M was arbitrary, Γ ⇒ ∆,A→ B is valid. 7. The last inference is ∀L: Then there is a formula A(x) and a closed term t such that π ends in A(t ), Γ ⇒ ∆ ∀L ∀x A(x), Γ ⇒ ∆ We want to show that the conclusion ∀x A(x), Γ ⇒ ∆ is valid. Consider a structure M. Since the premise A(t ), Γ ⇒ ∆ is valid, (a) M ⊭ A(t ), (b) M ⊭ C for some C ∈ Γ , or (c) M ⊨ C for someC ∈ ∆. In case (a), by Proposition 5.54, if M ⊨ ∀x A(x), then M ⊨ A(t ). Since M ⊭ A(t ), M ⊭ ∀x A(x) . In case (b) and (c), M also satisfies ∀x A(x), Γ ⇒ ∆. Since M was arbitrary, ∀x A(x), Γ ⇒ ∆ is valid. 8. The last inference is ∃R: Exercise. 9. The last inference is ∀R: Then there is a formula A(x) and a constant symbol a such that π ends in Γ ⇒ ∆,A(a) ∀R Γ ⇒ ∆,∀x A(x) 159 8.12. SOUNDNESS where the eigenvariable condition is satisfied, i.e., a does not occur in A(x), Γ , or ∆. By induction hypothesis, the premise of the last inference is valid. We have to show that the conclusion is valid as well, i.e., that for any structure M, (a) M ⊨ ∀x A(x), (b) M ⊭ C for some C ∈ Γ , or (c) M ⊨ C for some C ∈ ∆. Suppose M is an arbitrary structure. If (b) or (c) holds, we are done, so suppose neither holds: for all C ∈ Γ , M ⊨ C , and for all C ∈ ∆, M ⊭ C . We have to show that (a) holds, i.e., M ⊨ ∀x A(x). By Proposition 5.42, if suffices to show that M, s ⊨ A(x) for all variable assignments s . So let s be an arbitrary variable assignment. Consider the structure M′ which is just like M except aM ′ = s (x). By Corollary 5.44, for any C ∈ Γ , M′ ⊨ C since a does not occur in Γ , and for any C ∈ ∆, M′ ⊭ C . But the premise is valid, so M′ ⊨ A(a). By Proposition 5.41, M′, s ⊨ A(a), since A(a) is a sentence. Now s ∼x s with s (x) = ValM ′ s (a), since we've defined M′ in just this way. So Proposition 5.46 applies, and we get M′, s ⊨ A(x). Since a does not occur in A(x), by Proposition 5.43, M, s ⊨ A(x). Since s was arbitrary, we've completed the proof that M, s ⊨ A(x) for all variable assignments. 10. The last inference is ∃L: Exercise. Now let's consider the possible inferences with two premises. 1. The last inference is a cut: then π ends in Γ ⇒ ∆,A A, Π ⇒ Λ Cut Γ, Π ⇒ ∆, Λ Let M be a structure. By induction hypothesis, the premises are valid, so M satisfies both premises. We distinguish two 160 CHAPTER 8. THE SEQUENT CALCULUS cases: (a) M ⊭ A and (b) M ⊨ A. In case (a), in order for M to satisfy the left premise, it must satisfy Γ ⇒ ∆. But then it also satisfies the conclusion. In case (b), in order for M to satisfy the right premise, it must satisfy Π \Λ. Again, M satisfies the conclusion. 2. The last inference is ∧R. Then π ends in Γ ⇒ ∆,A Γ ⇒ ∆,B ∧R Γ ⇒ ∆,A ∧ B Consider a structure M. If M satisfies Γ ⇒ ∆, we are done. So suppose it doesn't. Since Γ ⇒ ∆,A is valid by induction hypothesis, M ⊨ A. Similarly, since Γ ⇒ ∆,B is valid, M ⊨ B . But then M ⊨ A ∧ B . 3. The last inference is ∨L: Exercise. 4. The last inference is →L. Then π ends in Γ ⇒ ∆,A B, Π ⇒ Λ →LA→ B, Γ, Π ⇒ ∆, Λ Again, consider a structure M and suppose M doesn't satisfy Γ, Π ⇒ Λ, Π . We have to show that M ⊭ A→ B . If M doesn't satisfy Γ, Π ⇒ Λ, Π , it satisfies neither Γ ⇒ ∆ nor Π ⇒ Λ. Since, Γ ⇒ ∆,A is valid, we have M ⊨ A. Since B, Π ⇒ Λ is valid, we have M ⊭ B . But then M ⊭ A→ B , which is what we wanted to show. □ Corollary 8.29. If ⊢ A then A is valid. 161 8.13. DERIVATIONS WITH IDENTITY PREDICATE Corollary 8.30. If Γ ⊢ A then Γ ⊨ A. Proof. If Γ ⊢ A then for some finite subset Γ0 ⊆ Γ , there is a derivation of Γ0 ⇒ A. By Theorem 8.28, every structure M either makes some B ∈ Γ0 false or makes A true. Hence, if M ⊨ Γ then also M ⊨ A. □ Corollary 8.31. If Γ is satisfiable, then it is consistent. Proof. We prove the contrapositive. Suppose that Γ is not consistent. Then there is a finite Γ0 ⊆ Γ and a derivation of Γ0 ⇒ . By Theorem 8.28, Γ0 ⇒ is valid. In other words, for every structure M, there is C ∈ Γ0 so that M ⊭ C , and since Γ0 ⊆ Γ , that C is also in Γ . Thus, no M satisfies Γ , and Γ is not satisfiable. □ 8.13 Derivations with Identity predicate Derivations with identity predicate require additional initial sequents and inference rules. Definition 8.32 (Initial sequents for =). If t is a closed term, then ⇒ t = t is an initial sequent. The rules for = are (t1 and t2 are closed terms): t1 = t2, Γ ⇒ ∆,A(t1) = t1 = t2, Γ ⇒ ∆,A(t2) t1 = t2, Γ ⇒ ∆,A(t2) = t1 = t2, Γ ⇒ ∆,A(t1) Example 8.33. If s and t are closed terms, then s = t,A(s ) ⊢ A(t ): A(s ) ⇒ A(s ) WL s = t,A(s ) ⇒ A(s ) = s = t,A(s ) ⇒ A(t ) 162 CHAPTER 8. THE SEQUENT CALCULUS This may be familiar as the principle of substitutability of identicals, or Leibniz' Law. LK proves that = is symmetric and transitive: ⇒ t1 = t1 WLt1 = t2 ⇒ t1 = t1 = t1 = t2 ⇒ t2 = t1 t1 = t2 ⇒ t1 = t2 WLt2 = t3, t1 = t2 ⇒ t1 = t2 = t2 = t3, t1 = t2 ⇒ t1 = t3 XLt1 = t2, t2 = t3 ⇒ t1 = t3 In the proof on the left, the formula x = t1 is our A(x). On the right, we take A(x) to be t1 = x . 8.14 Soundness with Identity predicate Proposition 8.34. LK with initial sequents and rules for identity is sound. Proof. Initial sequents of the form ⇒ t = t are valid, since for every structure M, M ⊨ t = t . (Note that we assume the term t to be closed, i.e., it contains no variables, so variable assignments are irrelevant). Suppose the last inference in a derivation is =. Then the premise is t1 = t2, Γ ⇒ ∆,A(t1) and the conclusion is t1 = t2, Γ ⇒ ∆,A(t2). Consider a structure M. We need to show that the conclusion is valid, i.e., if M ⊨ t1 = t2 and M ⊨ Γ , then either M ⊨ C for some C ∈ ∆ or M ⊨ A(t2). By induction hypothesis, the premise is valid. This means that if M ⊨ t1 = t2 and M ⊨ Γ either (a) for some C ∈ ∆, M ⊨ C or (b) M ⊨ A(t1). In case (a) we are done. Consider case (b). Let s be a variable assignment with s (x) = ValM(t1). By Proposition 5.41, M, s ⊨ A(t1). Since s ∼x s , by Proposition 5.46, M, s ⊨ A(x). since M ⊨ t1 = t2, we have ValM(t1) = ValM(t2), and hence s (x) = ValM(t2). By applying Proposition 5.46 again, we also have M, s ⊨ A(t2). By Proposition 5.41, M ⊨ A(t2). □ 163 8.14. SOUNDNESS WITH IDENTITY PREDICATE Summary Proof systems provide purely syntactic methods for characterizing consequence and compatibility between sentences. The sequent calculus is one such proof system. A derivation in it consists of a tree of sequents (a sequent Γ ⇒ ∆ consists of two sequences of formulas separated by ⇒). The topmost sequents in a derivation are initial sequents of the form A ⇒ A. All other sequents, for the derivation to be correct, must be correctly justified by one of a number of inference rules. These come in pairs; a rule for operating on the left and on the right side of a sequent for each connective and quantifier. For instance, if a sequent Γ ⇒ ∆,A→B is justified by the →R rule, the preceding sequent (the premise) must be A, Γ ⇒ ∆,B . Some rules also allow the order or number of sentences in a sequent to be manipulated, e.g., the XR rule allows two formulas on the right side of a sequent to be switched. If there is a derivation of the sequent ⇒ A, we say A is a theorem and write ⊢ A. If there is a derivation of Γ0 ⇒ A where every B in Γ0 is in Γ , we say A is derivable from Γ and write Γ ⊢ A. If there is a derivation of Γ0 ⇒ where every B in Γ0 is in Γ , we say Γ is inconsistent, otherwise consistent. These notions are interrelated, e.g., Γ ⊢ A iff Γ ∪ {¬A} is inconsistent. They are also related to the corresponding semantic notions, e.g., if Γ ⊢ A then Γ ⊨ A. This property of proof systems-what can be derived from Γ is guaranteed to be entailed by Γ-is called soundness. The soundness theorem is proved by induction on the length of derivations, showing that each individual inference preserves validity of the conclusion sequent provided the premise sequents are valid. Problems Problem 8.1. Give derivations of the following sequents: 1. ⇒ ¬(A→ B) → (A ∧ ¬B) 164 CHAPTER 8. THE SEQUENT CALCULUS 2. (A ∧ B) →C ⇒ (A→C ) ∨ (B →C ) Problem 8.2. Give derivations of the following sequents: 1. ∀x (A(x) → B) ⇒ (∃y A(y) → B) 2. ∃x (A(x) → ∀y A(y)) Problem 8.3. Prove Proposition 8.16 Problem 8.4. Prove that Γ ⊢ ¬A iff Γ ∪ {A} is inconsistent. Problem 8.5. Complete the proof of Theorem 8.28. Problem 8.6. Give derivations of the following sequents: 1. ⇒ ∀x ∀y ((x = y ∧ A(x)) → A(y)) 2. ∃x A(x) ∧ ∀y ∀z ((A(y) ∧ A(z )) → y = z ) ⇒ ∃x (A(x) ∧ ∀y (A(y) → y = x)) CHAPTER 9 Natural Deduction 9.1 Rules and Derivations Natural deduction systems are meant to closely parallel the informal reasoning used in mathematical proof (hence it is somewhat "natural"). Natural deduction proofs begin with assumptions. Inference rules are then applied. Assumptions are "discharged" by the ¬Intro, →Intro, ∨Elim and ∃Elim inference rules, and the label of the discharged assumption is placed beside the inference for clarity. Definition 9.1 (Assumption). An assumption is any sentence in the topmost position of any branch. Derivations in natural deduction are certain trees of sentences, where the topmost sentences are assumptions, and if a sentence stands below one, two, or three other sequents, it must follow correctly by a rule of inference. The sentences at the top of the inference are called the premises and the sentence below the conclusion of the inference. The rules come in pairs, an introduction and an elimination rule for each logical operator. They introduce a logical operator in the conclusion or remove 165 166 CHAPTER 9. NATURAL DEDUCTION a logical operator from a premise of the rule. Some of the rules allow an assumption of a certain type to be discharged. To indicate which assumption is discharged by which inference, we also assign labels to both the assumption and the inference. This is indicated by writing the assumption as "[A]n ." It is customary to consider rules for all the logical operators ∧, ∨, →, ¬, and ⊥, even if some of those are consider as defined. 9.2 Propositional Rules Rules for ∧ A B ∧IntroA ∧ B A ∧ B ∧ElimA A ∧ B ∧ElimB Rules for ∨ A ∨IntroA ∨ B B ∨IntroA ∨ B A ∨ B [A]n C [B]n Cn ∨ElimC Rules for → [A]n Bn →IntroA→ B A→ B A →ElimB Rules for ¬ 167 9.3. QUANTIFIER RULES [A]n ⊥n ¬Intro ¬A ¬A A ¬Elim⊥ Rules for ⊥ ⊥ ⊥IA [¬A]n ⊥n ⊥CA Note that ¬Intro and ⊥C are very similar: The difference is that ¬Intro derives a negated sentence ¬A but ⊥C a positive sentence A. Whenever a rule indicates that some assumption may be discharged, we take this to be a permission, but not a requirement. E.g., in the→Intro rule, we may discharge any number of assumptions of the form A in the derivation of the premise B , including zero. 9.3 Quantifier Rules Rules for ∀ A(a) ∀Intro ∀x A(x) ∀x A(x) ∀ElimA(t ) In the rules for ∀, t is a ground term (a term that does not contain any variables), and a is a constant symbol which does not occur in the conclusion ∀x A(x), or in any assumption which is undischarged in the derivation ending with the premise A(a). We call a the eigenvariable of the ∀Intro inference. 168 CHAPTER 9. NATURAL DEDUCTION Rules for ∃ A(t ) ∃Intro ∃x A(x) ∃x A(x) [A(a)]n C n ∃ElimC Again, t is a ground term, and a is a constant which does not occur in the premise ∃x A(x), in the conclusion C , or any assumption which is undischarged in the derivations ending with the two premises (other than the assumptions A(a)). We call a the eigenvariable of the ∃Elim inference. The condition that an eigenvariable neither occur in the premises nor in any assumption that is undischarged in the derivations leading to the premises for the ∀Intro or ∃Elim inference is called the eigenvariable condition. We use the term "eigenvariable" even though a in the above rules is a constant. This has historical reasons. In ∃Intro and ∀Elim there are no restrictions, and the term t can be anything, so we do not have to worry about any conditions. On the other hand, in the ∃Elim and ∀Intro rules, the eigenvariable condition requires that the constant symbol a does not occur anywhere in the conclusion or in an undischarged assumption. The condition is necessary to ensure that the system is sound, i.e., only derives sentences from undischarged assumptions from which they follow. Without this condition, the following would be allowed: ∃x A(x) [A(a)]1 *∀Intro ∀x A(x) ∃Elim ∀x A(x) However, ∃x A(x) ⊭ ∀x A(x). 169 9.4. DERIVATIONS 9.4 Derivations We've said what an assumption is, and we've given the rules of inference. Derivations in natural deduction are inductively generated from these: each derivation either is an assumption on its own, or consists of one, two, or three derivations followed by a correct inference. Definition 9.2 (Derivation). A derivation of a sentence A from assumptions Γ is a tree of sentences satisfying the following conditions: 1. The topmost sentences of the tree are either in Γ or are discharged by an inference in the tree. 2. The bottommost sentence of the tree is A. 3. Every sentence in the tree except the sentence A at the bottom is a premise of a correct application of an inference rule whose conclusion stands directly below that sentence in the tree. We then say that A is the conclusion of the derivation and that A is derivable from Γ . Example 9.3. Every assumption on its own is a derivation. So, e.g., C by itself is a derivation, and so is D by itself. We can obtain a new derivation from these by applying, say, the ∧Intro rule, A B ∧IntroA ∧ B These rules are meant to be general: we can replace the A and B in it with any sentences, e.g., by C and D . Then the conclusion would be C ∧D , and so C D ∧IntroC ∧D 170 CHAPTER 9. NATURAL DEDUCTION is a correct derivation. Of course, we can also switch the assumptions, so that D plays the role of A and C that of B . Thus, D C ∧IntroD ∧C is also a correct derivation. We can now apply another rule, say, →Intro, which allows us to conclude a conditional and allows us to discharge any assumption that is identical to the antecedent of that conditional. So both of the following would be correct derivations: [C ]1 D ∧IntroC ∧D 1 →Intro C → (C ∧D) C [D]1 ∧IntroC ∧D 1 →Intro D → (C ∧D) Remember that discharging of assumptions is a permission, not a requirement: we don't have to discharge the assumptions. In particular, we can apply a rule even if the assumptions are not present in the derivation. For instance, the following is legal, even though there is no assumption A to be discharged: B 1 →IntroA→ B 9.5 Examples of Derivations Example 9.4. Let's give a derivation of the sentence (A∧B)→A. We begin by writing the desired conclusion at the bottom of the derivation. (A ∧ B) → A Next, we need to figure out what kind of inference could result in a sentence of this form. The main operator of the conclusion is →, so we'll try to arrive at the conclusion using the →Intro rule. It is best to write down the assumptions involved and label the inference rules as you progress, so it is easy to see whether all assumptions have been discharged at the end of the proof. 171 9.5. EXAMPLES OF DERIVATIONS [A ∧ B]1 A 1 →Intro (A ∧ B) → A We now need to fill in the steps from the assumption A ∧ B to A. Since we only have one connective to deal with, ∧, we must use the ∧ elim rule. This gives us the following proof: [A ∧ B]1 ∧ElimA 1 →Intro (A ∧ B) → A We now have a correct derivation of (A ∧ B) → A. Example 9.5. Now let's give a derivation of (¬A∨B)→(A→B). We begin by writing the desired conclusion at the bottom of the derivation. (¬A ∨ B) → (A→ B) To find a logical rule that could give us this conclusion, we look at the logical connectives in the conclusion: ¬, ∨, and →. We only care at the moment about the first occurence of → because it is the main operator of the sentence in the end-sequent, while ¬, ∨ and the second occurence of → are inside the scope of another connective, so we will take care of those later. We therefore start with the →Intro rule. A correct application must look like this: [¬A ∨ B]1 A→ B 1 →Intro (¬A ∨ B) → (A→ B) This leaves us with two possibilities to continue. Either we can keep working from the bottom up and look for another application of the →Intro rule, or we can work from the top down and 172 CHAPTER 9. NATURAL DEDUCTION apply a ∨Elim rule. Let us apply the latter. We will use the assumption ¬A ∨ B as the leftmost premise of ∨Elim. For a valid application of ∨Elim, the other two premises must be identical to the conclusion A→ B , but each may be derived in turn from another assumption, namely the two disjuncts of ¬A ∨B . So our derivation will look like this: [¬A ∨ B]1 [¬A]2 A→ B [B]2 A→ B 2 ∨ElimA→ B 1 →Intro (¬A ∨ B) → (A→ B) In each of the two branches on the right, we want to derive A→ B , which is best done using →Intro. [¬A ∨ B]1 [¬A]2, [A]3 B 3 →IntroA→ B [B]2, [A]4 B 4 →IntroA→ B 2 ∨ElimA→ B 1 →Intro (¬A ∨ B) → (A→ B) For the two missing parts of the derivation, we need derivations of B from ¬A and A in the middle, and from A and B on the left. Let's take the former first. ¬A and A are the two premises of ¬Elim: [¬A]2 [A]3 ¬Elim⊥ B By using ⊥I , we can obtain B as a conclusion and complete the branch. 173 9.5. EXAMPLES OF DERIVATIONS [¬A ∨ B]1 [¬A]2 [A]3 ⊥Intro⊥ ⊥IB 3 →IntroA→ B [B]2, [A]4 B 4 →IntroA→ B 2 ∨ElimA→ B 1 →Intro (¬A ∨ B) → (A→ B) Let's now look at the rightmost branch. Here it's important to realize that the definition of derivation allows assumptions to be discharged but does not require them to be. In other words, if we can derive B from one of the assumptions A and B without using the other, that's ok. And to derive B from B is trivial: B by itself is such a derivation, and no inferences are needed. So we can simply delete the assumption A. [¬A ∨ B]1 [¬A]2 [A]3 ¬Elim⊥ ⊥IB 3 →IntroA→ B [B]2 →IntroA→ B 2 ∨ElimA→ B 1 →Intro (¬A ∨ B) → (A→ B) Note that in the finished derivation, the rightmost →Intro inference does not actually discharge any assumptions. Example 9.6. So far we have not needed the ⊥C rule. It is special in that it allows us to discharge an assumption that isn't a sub-formula of the conclusion of the rule. It is closely related to the ⊥I rule. In fact, the ⊥I rule is a special case of the ⊥C rule- there is a logic called "intuitionistic logic" in which only ⊥I is allowed. The ⊥C rule is a last resort when nothing else works. For instance, suppose we want to derive A ∨¬A. Our usual strategy would be to attempt to derive A ∨ ¬A using ∨Intro. But this would require us to derive either A or ¬A from no assumptions, and this can't be done. ⊥C to the rescue! 174 CHAPTER 9. NATURAL DEDUCTION [¬(A ∨ ¬A)]1 ⊥ 1 ⊥CA ∨ ¬A Now we're looking for a derivation of ⊥ from ¬(A ∨ ¬A). Since ⊥ is the conclusion of ¬Elim we might try that: [¬(A ∨ ¬A)]1 ¬A [¬(A ∨ ¬A)]1 A ¬Elim⊥ 1 ⊥CA ∨ ¬A Our strategy for finding a derivation of ¬A calls for an application of ¬Intro: [¬(A ∨ ¬A)]1, [A]2 ⊥ 2 ¬Intro ¬A [¬(A ∨ ¬A)]1 A ¬Elim⊥ 1 ⊥CA ∨ ¬A Here, we can get ⊥ easily by applying ¬Elim to the assumption ¬(A∨¬A) and A∨¬A which follows from our new assumption A by ∨Intro: [¬(A ∨ ¬A)]1 [A]2 ∨IntroA ∨ ¬A ¬Elim⊥ 2 ¬Intro ¬A [¬(A ∨ ¬A)]1 A ¬Elim⊥ 1 ⊥CA ∨ ¬A On the right side we use the same strategy, except we get A by ⊥C : 175 9.6. DERIVATIONS WITH QUANTIFIERS [¬(A ∨ ¬A)]1 [A]2 ∨IntroA ∨ ¬A ¬Elim⊥ 2 ¬Intro ¬A [¬(A ∨ ¬A)]1 [¬A]3 ∨IntroA ∨ ¬A ¬Elim⊥ 3 ⊥CA ¬Elim⊥ 1 ⊥CA ∨ ¬A 9.6 Derivations with Quantifiers Example 9.7. When dealing with quantifiers, we have to make sure not to violate the eigenvariable condition, and sometimes this requires us to play around with the order of carrying out certain inferences. In general, it helps to try and take care of rules subject to the eigenvariable condition first (they will be lower down in the finished proof). Let's see how we'd give a derivation of the formula ∃x ¬A(x)→ ¬∀x A(x). Starting as usual, we write ∃x ¬A(x) → ¬∀x A(x) We start by writing down what it would take to justify that last step using the →Intro rule. [∃x ¬A(x)]1 ¬∀x A(x) 1 →Intro ∃x ¬A(x) → ¬∀x A(x) Since there is no obvious rule to apply to ¬∀x A(x), we will proceed by setting up the derivation so we can use the ∃Elim rule. Here we must pay attention to the eigenvariable condition, and choose a constant that does not appear in ∃x A(x) or any assumptions that it depends on. (Since no constant symbols appear, however, any choice will do fine.) 176 CHAPTER 9. NATURAL DEDUCTION [∃x ¬A(x)]1 [¬A(a)]2 ¬∀x A(x) 2 ∃Elim ¬∀x A(x) 1 →Intro ∃x ¬A(x) → ¬∀x A(x) In order to derive ¬∀x A(x), we will attempt to use the ¬Intro rule: this requires that we derive a contradiction, possibly using ∀x A(x) as an additional assumption. Of course, this contradiction may involve the assumption ¬A(a) which will be discharged by the →Intro inference. We can set it up as follows: [∃x ¬A(x)]1 [¬A(a)]2, [∀x A(x)]3 ⊥ 3 ¬Intro ¬∀x A(x) 2 ∃Elim ¬∀x A(x) 1 →Intro ∃x ¬A(x) → ¬∀x A(x) It looks like we are close to getting a contradiction. The easiest rule to apply is the ∀Elim, which has no eigenvariable conditions. Since we can use any term we want to replace the universally quantified x , it makes the most sense to continue using a so we can reach a contradiction. [∃x ¬A(x)]1 [¬A(a)]2 [∀x A(x)]3 ∀ElimA(a) ¬Elim⊥ 3 ¬Intro ¬∀x A(x) 2 ∃Elim ¬∀x A(x) 1 →Intro ∃x ¬A(x) → ¬∀x A(x) It is important, especially when dealing with quantifiers, to double check at this point that the eigenvariable condition has not been violated. Since the only rule we applied that is subject to the eigenvariable condition was ∃Elim, and the eigenvariable a 177 9.6. DERIVATIONS WITH QUANTIFIERS does not occur in any assumptions it depends on, this is a correct derivation. Example 9.8. Sometimes we may derive a formula from other formulas. In these cases, we may have undischarged assumptions. It is important to keep track of our assumptions as well as the end goal. Let's see how we'd give a derivation of the formula ∃x C (x,b) from the assumptions ∃x (A(x) ∧ B(x)) and ∀x (B(x) → C (x,b)). Starting as usual, we write the conclusion at the bottom. ∃x C (x,b) We have two premises to work with. To use the first, i.e., try to find a derivation of ∃x C (x,b) from ∃x (A(x) ∧ B(x)) we would use the ∃Elim rule. Since it has an eigenvariable condition, we will apply that rule first. We get the following: ∃x (A(x) ∧ B(x)) [A(a) ∧ B(a)]1 ∃x C (x,b) 1 ∃Elim ∃x C (x,b) The two assumptions we are working with share B . It may be useful at this point to apply ∧Elim to separate out B(a). ∃x (A(x) ∧ B(x)) [A(a) ∧ B(a)]1 ∧ElimB(a) ∃x C (x,b) 1 ∃Elim ∃x C (x,b) The second assumption we have to work with is ∀x (B(x) → C (x,b)). Since there is no eigenvariable condition we can instantiate x with the constant symbol a using ∀Elim to get B(a)→C (a,b). 178 CHAPTER 9. NATURAL DEDUCTION We now have both B(a)→C (a,b) and B(a). Our next move should be a straightforward application of the →Elim rule. ∃x (A(x) ∧ B(x)) ∀x (B(x) →C (x,b)) ∀ElimB(a) →C (a,b) [A(a) ∧ B(a)]1 ∧ElimB(a) →ElimC (a,b) ∃x C (x,b) 1 ∃Elim ∃x C (x,b) We are so close! One application of ∃Intro and we have reached our goal. ∃x (A(x) ∧ B(x)) ∀x (B(x) →C (x,b)) ∀ElimB(a) →C (a,b) [A(a) ∧ B(a)]1 ∧ElimB(a) →ElimC (a,b) ∃Intro ∃x C (x,b) 1 ∃Elim ∃x C (x,b) Since we ensured at each step that the eigenvariable conditions were not violated, we can be confident that this is a correct derivation. Example 9.9. Give a derivation of the formula ¬∀x A(x) from the assumptions ∀x A(x) → ∃y B(y) and ¬∃y B(y). Starting as usual, we write the target formula at the bottom. ¬∀x A(x) The last line of the derivation is a negation, so let's try using ¬Intro. This will require that we figure out how to derive a contradiction. [∀x A(x)]1 ⊥ 1 ¬Intro ¬∀x A(x) 179 9.7. PROOF-THEORETIC NOTIONS So far so good. We can use ∀Elim but it's not obvious if that will help us get to our goal. Instead, let's use one of our assumptions. ∀x A(x) → ∃y B(y) together with ∀x A(x) will allow us to use the →Elim rule. ∀x A(x) → ∃y B(y) [∀x A(x)]1 →Elim ∃y B(y) ⊥ 1 ¬Intro ¬∀x A(x) We now have one final assumption to work with, and it looks like this will help us reach a contradiction by using ¬Elim. ¬∃y B(y) ∀x A(x) → ∃y B(y) [∀x A(x)]1 →Elim ∃y B(y) ¬Elim⊥ 1 ¬Intro ¬∀x A(x) 9.7 Proof-Theoretic Notions Just as we've defined a number of important semantic notions (validity, entailment, satisfiabilty), we now define corresponding proof-theoretic notions. These are not defined by appeal to satisfaction of sentences in structures, but by appeal to the derivability or non-derivability of certain sentences from others. It was an important discovery that these notions coincide. That they do is the content of the soundness and completeness theorems. Definition 9.10 (Theorems). A sentence A is a theorem if there is a derivation of A in natural deduction in which all assumptions are discharged. We write ⊢ A if A is a theorem and ⊬ A if it is not. 180 CHAPTER 9. NATURAL DEDUCTION Definition 9.11 (Derivability). A sentence A is derivable from a set of sentences Γ , Γ ⊢ A, if there is a derivation with conclusionA and in which every assumption is either discharged or is in Γ . If A is not derivable from Γ we write Γ ⊬ A. Definition 9.12 (Consistency). A set of sentences Γ is inconsistent iff Γ ⊢ ⊥. If Γ is not inconsistent, i.e., if Γ ⊬ ⊥, we say it is consistent. Proposition 9.13 (Reflexivity). If A ∈ Γ , then Γ ⊢ A. Proof. The assumption A by itself is a derivation of A where every undischarged assumption (i.e., A) is in Γ . □ Proposition 9.14 (Monotony). If Γ ⊆ ∆ and Γ ⊢ A, then ∆ ⊢ A. Proof. Any derivation of A from Γ is also a derivation of A from ∆. □ Proposition 9.15 (Transitivity). If Γ ⊢ A and {A} ∪ ∆ ⊢ B , then Γ ∪ ∆ ⊢ B . Proof. If Γ ⊢ A, there is a derivation δ0 of A with all undischarged assumptions in Γ . If {A} ∪ ∆ ⊢ B , then there is a derivation δ1 of B with all undischarged assumptions in {A}∪∆. Now consider: ∆, [A]1 δ1 B 1 →IntroA→ B Γ δ0 A →ElimB 181 9.8. DERIVABILITY AND CONSISTENCY The undischarged assumptions are now all among Γ ∪ ∆, so this shows Γ ∪ ∆ ⊢ B . □ When Γ = {A1,A2, . . . ,Ak } is a finite set we may use the simplified notation A1,A2, . . . ,Ak ⊢ B for Γ ⊢ B , in particular A ⊢ B means that {A} ⊢ B . Note that if Γ ⊢ A and A ⊢ B , then Γ ⊢ B . It follows also that if A1, . . . ,An ⊢ B and Γ ⊢ Ai for each i , then Γ ⊢ B . Proposition 9.16. Γ is inconsistent iff Γ ⊢ A for every sentence A. Proof. Exercise. □ Proposition 9.17 (Compactness). 1. If Γ ⊢ A then there is a finite subset Γ0 ⊆ Γ such that Γ0 ⊢ A. 2. If every finite subset of Γ is consistent, then Γ is consistent. Proof. 1. If Γ ⊢ A, then there is a derivation δ of A from Γ . Let Γ0 be the set of undischarged assumptions of δ. Since any derivation is finite, Γ0 can only contain finitely many sentences. So, δ is a derivation of A from a finite Γ0 ⊆ Γ . 2. This is the contrapositive of (1) for the special case A ≡ ⊥. □ 9.8 Derivability and Consistency We will now establish a number of properties of the derivability relation. They are independently interesting, but each will play a role in the proof of the completeness theorem. 182 CHAPTER 9. NATURAL DEDUCTION Proposition 9.18. If Γ ⊢ A and Γ ∪ {A} is inconsistent, then Γ is inconsistent. Proof. Let the derivation of A from Γ be δ1 and the derivation of ⊥ from Γ ∪ {A} be δ2. We can then derive: Γ, [A]1 δ2 ⊥ 1 ¬Intro ¬A Γ δ1 A ¬Elim⊥ In the new derivation, the assumption A is discharged, so it is a derivation from Γ . □ Proposition 9.19. Γ ⊢ A iff Γ ∪ {¬A} is inconsistent. Proof. First suppose Γ ⊢ A, i.e., there is a derivation δ0 of A from undischarged assumptions Γ . We obtain a derivation of ⊥ from Γ ∪ {¬A} as follows: ¬A Γ δ0 A ¬Elim⊥ Now assume Γ ∪ {¬A} is inconsistent, and let δ1 be the corresponding derivation of ⊥ from undischarged assumptions in Γ ∪ {¬A}. We obtain a derivation of A from Γ alone by using ⊥C : Γ, [¬A]1 δ1 ⊥ ⊥CA □ 183 9.9. DERIVABILITY AND THE PROPOSITIONAL CONNECTIVES Proposition 9.20. If Γ ⊢ A and ¬A ∈ Γ , then Γ is inconsistent. Proof. Suppose Γ ⊢ A and ¬A ∈ Γ . Then there is a derivation δ of A from Γ . Consider this simple application of the ¬Elim rule: ¬A Γ δ A ¬Elim⊥ Since ¬A ∈ Γ , all undischarged assumptions are in Γ , this shows that Γ ⊢ ⊥. □ Proposition 9.21. If Γ ∪ {A} and Γ ∪ {¬A} are both inconsistent, then Γ is inconsistent. Proof. There are derivations δ1 and δ2 of ⊥ from Γ ∪ {A} and ⊥ from Γ ∪ {¬A}, respectively. We can then derive Γ, [¬A]2 δ2 ⊥ 2 ¬Intro ¬¬A Γ, [A]1 δ1 ⊥ 1 ¬Intro ¬A ¬Elim⊥ Since the assumptions A and ¬A are discharged, this is a derivation of ⊥ from Γ alone. Hence Γ is inconsistent. □ 9.9 Derivability and the Propositional Connectives 184 CHAPTER 9. NATURAL DEDUCTION Proposition 9.22. 1. Both A ∧ B ⊢ A and A ∧ B ⊢ B 2. A,B ⊢ A ∧ B . Proof. 1. We can derive both A ∧ B ∧ElimA A ∧ B ∧ElimB 2. We can derive: A B ∧IntroA ∧ B □ Proposition 9.23. 1. A ∨ B,¬A,¬B is inconsistent. 2. Both A ⊢ A ∨ B and B ⊢ A ∨ B . Proof. 1. Consider the following derivation: A ∨ B ¬A [A]1 ¬Elim⊥ ¬B [B]1 ¬Elim⊥ 1 ∨Elim⊥ This is a derivation of ⊥ from undischarged assumptions A ∨ B , ¬A, and ¬B . 2. We can derive both A ∨IntroA ∨ B B ∨IntroA ∨ B □ 185 9.10. DERIVABILITY AND THE QUANTIFIERS Proposition 9.24. 1. A,A→ B ⊢ B . 2. Both ¬A ⊢ A→ B and B ⊢ A→ B . Proof. 1. We can derive: A→ B B →ElimB 2. This is shown by the following two derivations: ¬A [A]1 ¬Elim⊥ ⊥IB 1 →IntroA→ B B →IntroA→ B Note that →Intro may, but does not have to, discharge the assumption A. □ 9.10 Derivability and the Quantifiers Theorem 9.25. If c is a constant not occurring in Γ or A(x) and Γ ⊢ A(c ), then Γ ⊢ ∀x A(x). Proof. Let δ be a derivation of A(c ) from Γ . By adding a ∀Intro inference, we obtain a proof of ∀x A(x). Since c does not occur in Γ or A(x), the eigenvariable condition is satisfied. □ Proposition 9.26. 1. A(t ) ⊢ ∃x A(x). 2. ∀x A(x) ⊢ A(t ). Proof. 1. The following is a derivation of ∃x A(x) from A(t ): A(t ) ∃Intro ∃x A(x) 186 CHAPTER 9. NATURAL DEDUCTION 2. The following is a derivation of A(t ) from ∀x A(x): ∀x A(x) ∀ElimA(t ) □ 9.11 Soundness A derivation system, such as natural deduction, is sound if it cannot derive things that do not actually follow. Soundness is thus a kind of guaranteed safety property for derivation systems. Depending on which proof theoretic property is in question, we would like to know for instance, that 1. every derivable sentence is valid; 2. if a sentence is derivable from some others, it is also a consequence of them; 3. if a set of sentences is inconsistent, it is unsatisfiable. These are important properties of a derivation system. If any of them do not hold, the derivation system is deficient-it would derive too much. Consequently, establishing the soundness of a derivation system is of the utmost importance. Theorem 9.27 (Soundness). If A is derivable from the undischarged assumptions Γ , then Γ ⊨ A. Proof. Let δ be a derivation of A. We proceed by induction on the number of inferences in δ. For the induction basis we show the claim if the number of inferences is 0. In this case, δ consists only of a single sentence A, i.e., an assumption. That assumption is undischarged, since assumptions can only be discharged by inferences, and there are no inferences. So, any structure M that satisfies all of the undischarged assumptions of the proof also satisfies A. 187 9.11. SOUNDNESS Now for the inductive step. Suppose that δ contains n inferences. The premise(s) of the lowermost inference are derived using sub-derivations, each of which contains fewer than n inferences. We assume the induction hypothesis: The premises of the lowermost inference follow from the undischarged assumptions of the sub-derivations ending in those premises. We have to show that the conclusion A follows from the undischarged assumptions of the entire proof. We distinguish cases according to the type of the lowermost inference. First, we consider the possible inferences with only one premise. 1. Suppose that the last inference is ¬Intro: The derivation has the form Γ, [A]n δ1 ⊥n ¬Intro ¬A By inductive hypothesis, ⊥ follows from the undischarged assumptions Γ ∪ {A} of δ1. Consider a structure M. We need to show that, if M ⊨ Γ , then M ⊨ ¬A. Suppose for reductio that M ⊨ Γ , but M ⊭ ¬A, i.e., M ⊨ A. This would mean that M ⊨ Γ ∪ {A}. This is contrary to our inductive hypothesis. So, M ⊨ ¬A. 2. The last inference is ∧Elim: There are two variants: A or B may be inferred from the premise A ∧ B . Consider the first case. The derivation δ looks like this: Γ δ1 A ∧ B ∧ElimA 188 CHAPTER 9. NATURAL DEDUCTION By inductive hypothesis, A ∧ B follows from the undischarged assumptions Γ of δ1. Consider a structure M. We need to show that, if M ⊨ Γ , then M ⊨ A. Suppose M ⊨ Γ . By our inductive hypothesis (Γ ⊨ A ∨ B), we know that M ⊨ A∧B . By definition, M ⊨ A∧B iff M ⊨ A and M ⊨ B . (The case where B is inferred from A ∧ B is handled similarly.) 3. The last inference is ∨Intro: There are two variants: A ∨ B may be inferred from the premise A or the premise B . Consider the first case. The derivation has the form Γ δ1 A ∨IntroA ∨ B By inductive hypothesis, A follows from the undischarged assumptions Γ of δ1. Consider a structure M. We need to show that, if M ⊨ Γ , then M ⊨ A ∨ B . Suppose M ⊨ Γ ; then M ⊨ A since Γ ⊨ A (the inductive hypothesis). So it must also be the case that M ⊨ A ∨ B . (The case where A ∨ B is inferred from B is handled similarly.) 4. The last inference is →Intro: A → B is inferred from a subproof with assumption A and conclusion B , i.e., Γ, [A]n δ1 Bn →IntroA→ B By inductive hypothesis, B follows from the undischarged assumptions of δ1, i.e., Γ ∪ {A} ⊨ B . Consider a structure M. The undischarged assumptions of δ are just Γ , 189 9.11. SOUNDNESS since A is discharged at the last inference. So we need to show that Γ ⊨ A→ B . For reductio, suppose that for some structure M, M ⊨ Γ but M ⊭ A → B . So, M ⊨ A and M ⊭ B . But by hypothesis, B is a consequence of Γ ∪ {A}, i.e., M ⊨ B , which is a contradiction. So, Γ ⊨ A→ B . 5. The last inference is ⊥I : Here, δ ends in Γ δ1 ⊥ ⊥IA By induction hypothesis, Γ ⊨ ⊥. We have to show that Γ ⊨ A. Suppose not; then for some M we have M ⊨ Γ and M ⊭ A. But we always have M ⊭ ⊥, so this would mean that Γ ⊭ ⊥, contrary to the induction hypothesis. 6. The last inference is ⊥C : Exercise. 7. The last inference is ∀Intro: Then δ has the form Γ δ1 A(a) ∀Intro ∀x A(x) The premise A(a) is a consequence of the undischarged assumptions Γ by induction hypothesis. Consider some structure, M, such that M ⊨ Γ . We need to show that M ⊨ ∀x A(x). Since ∀x A(x) is a sentence, this means we have to show that for every variable assignment s , M, s ⊨ A(x) (Proposition 5.42). Since Γ consists entirely of sentences, M, s ⊨ B for all B ∈ Γ by Definition 5.35. Let M′ be like M except that aM ′ = s (x). Since a does not occur in Γ , 190 CHAPTER 9. NATURAL DEDUCTION M′ ⊨ Γ by Corollary 5.44. Since Γ ⊨ A(a), M′ ⊨ A(a). Since A(a) is a sentence, M′, s ⊨ A(a) by Proposition 5.41. M′, s ⊨ A(x) iff M′ ⊨ A(a) by Proposition 5.46 (recall that A(a) is just A(x)[a/x]). So, M′, s ⊨ A(x). Since a does not occur in A(x), by Proposition 5.43, M, s ⊨ A(x). But s was an arbitrary variable assignment, so M ⊨ ∀x A(x). 8. The last inference is ∃Intro: Exercise. 9. The last inference is ∀Elim: Exercise. Now let's consider the possible inferences with several premises: ∨Elim, ∧Intro, →Elim, and ∃Elim. 1. The last inference is ∧Intro. A ∧ B is inferred from the premises A and B and δ has the form Γ1 δ1 A Γ2 δ2 B ∧IntroA ∧ B By induction hypothesis, A follows from the undischarged assumptions Γ1 of δ1 and B follows from the undischarged assumptions Γ2 of δ2. The undischarged assumptions of δ are Γ1∪γ2, so we have to show that Γ1∪Γ2 ⊨ A∧B . Consider a structure M with M ⊨ Γ1 ∪ Γ2. Since M ⊨ Γ1, it must be the case that M ⊨ A as Γ1 ⊨ A, and since M ⊨ Γ2, M ⊨ B since Γ2 ⊨ B . Together, M ⊨ A ∧ B . 2. The last inference is ∨Elim: Exercise. 3. The last inference is →Elim. B is inferred from the premises A→ B and A. The derivation δ looks like this: 191 9.12. DERIVATIONS WITH IDENTITY PREDICATE Γ1 δ1 A→ B Γ2 δ2 A →ElimB By induction hypothesis, A → B follows from the undischarged assumptions Γ1 of δ1 and A follows from the undischarged assumptions Γ2 of δ2. Consider a structure M. We need to show that, if M ⊨ Γ1 ∪ Γ2, then M ⊨ B . Suppose M ⊨ Γ1∪Γ2. Since Γ1 ⊨ A→B , M ⊨ A→B . Since Γ2 ⊨ A, we have M ⊨ A. This means that M ⊨ B (For if M ⊭ B , since M ⊨ A, we'd have M ⊭ A→ B , contradicting M ⊨ A→ B). 4. The last inference is ¬Elim: Exercise. 5. The last inference is ∃Elim: Exercise. □ Corollary 9.28. If ⊢ A, then A is valid. Corollary 9.29. If Γ is satisfiable, then it is consistent. Proof. We prove the contrapositive. Suppose that Γ is not consistent. Then Γ ⊢ ⊥, i.e., there is a derivation of ⊥ from undischarged assumptions in Γ . By Theorem 9.27, any structure M that satisfies Γ must satisfy ⊥. Since M ⊭ ⊥ for every structure M, no M can satisfy Γ , i.e., Γ is not satisfiable. □ 9.12 Derivations with Identity predicate Derivations with identity predicate require additional inference rules. 192 CHAPTER 9. NATURAL DEDUCTION =Introt = t t1 = t2 A(t1) =ElimA(t2) t1 = t2 A(t2) =ElimA(t1) In the above rules, t , t1, and t2 are closed terms. The =Intro rule allows us to derive any identity statement of the form t = t outright, from no assumptions. Example 9.30. If s and t are closed terms, then A(s ), s = t ⊢ A(t ): s = t A(s ) =ElimA(t ) This may be familiar as the "principle of substitutability of identicals," or Leibniz' Law. Example 9.31. We derive the sentence ∀x ∀y ((A(x) ∧ A(y)) → x = y) from the sentence ∃x ∀y (A(y) → y = x) We develop the derivation backwards: ∃x ∀y (A(y) → y = x) [A(a) ∧ A(b)]1 a = b 1 →Intro ((A(a) ∧ A(b)) → a = b) ∀Intro ∀y ((A(a) ∧ A(y)) → a = y) ∀Intro ∀x ∀y ((A(x) ∧ A(y)) → x = y) 193 9.13. SOUNDNESS WITH IDENTITY PREDICATE We'll now have to use the main assumption: since it is an existential formula, we use ∃Elim to derive the intermediary conclusion a = b . ∃x ∀y (A(y) → y = x) [∀y (A(y) → y = c )]2 [A(a) ∧ A(b)]1 a = b 2 ∃Elima = b 1 →Intro ((A(a) ∧ A(b)) → a = b) ∀Intro ∀y ((A(a) ∧ A(y)) → a = y) ∀Intro ∀x ∀y ((A(x) ∧ A(y)) → x = y) The sub-derivation on the top right is completed by using its assumptions to show that a = c and b = c . This requies two separate derivations. The derivation for a = c is as follows: [∀y (A(y) → y = c )]2 ∀ElimA(a) → a = c [A(a) ∧ A(b)]1 ∧ElimA(a) →Elima = c From a = c and b = c we derive a = b by =Elim. 9.13 Soundness with Identity predicate Proposition 9.32. Natural deduction with rules for = is sound. Proof. Any formula of the form t = t is valid, since for every structure M, M ⊨ t = t . (Note that we assume the term t to be ground, i.e., it contains no variables, so variable assignments are irrelevant). Suppose the last inference in a derivation is =Elim, i.e., the derivation has the following form: 194 CHAPTER 9. NATURAL DEDUCTION Γ1 δ1 t1 = t2 Γ2 δ2 A(t1) =ElimA(t2) The premises t1 = t2 and A(t1) are derived from undischarged assumptions Γ1 and Γ2, respectively. We want to show that A(t2) follows from Γ1 ∪ Γ2. Consider a structure M with M ⊨ Γ1 ∪ Γ2. By induction hypothesis, M ⊨ A(t1) and M ⊨ t1 = t2. Therefore, ValM(t1) = ValM(t2). Let s be any variable assignment, and s ′ be the x -variant given by s ′(x) = ValM(t1) = ValM(t2). By Proposition 5.46, M, s ⊨ A(t1) iff M, s ′ ⊨ A(x) iff M, s ⊨ A(t2). Since M ⊨ A(t1), we have M ⊨ A(t2). □ Summary Proof systems provide purely syntactic methods for characterizing consequence and compatibility between sentences. Natural deduction is one such proof system. A derivation in it consists of a tree formulas. The topmost formulas in a derivation are assumptions. All other formulas, for the derivation to be correct, must be correctly justified by one of a number of inference rules. These come in pairs; an introduction and an elimination rule for each connective and quantifier. For instance, if a formula A is justified by a→Elim rule, the preceding formulas (the premises) must be B → A and B (for some B). Some inference rules also allow assumptions to be discharged. For instance, if A→B is inferred from B using→Intro, any occurrences of A as assumptions in the derivation leading to the premise B may be discharged, and is given a label that is also recorded at the inference. If there is a derivation with end formulaA and all assumptions are discharged, we say A is a theorem and write ⊢ A. If all undischarged assumptions are in some set Γ , we say A is derivable from Γ and write Γ ⊢ A. If Γ ⊢ ⊥ we say Γ is inconsistent, otherwise consistent. These notions are interrelated, e.g., Γ ⊢ A iff 195 9.13. SOUNDNESS WITH IDENTITY PREDICATE Γ∪{¬A} is inconsistent. They are also related to the corresponding semantic notions, e.g., if Γ ⊢ A then Γ ⊨ A. This property of proof systems-what can be derived from Γ is guaranteed to be entailed by Γ-is called soundness. The soundness theorem is proved by induction on the length of derivations, showing that each individual inference preserves entailment of its conclusion from open assumptions provided its premises are entailed by their undischarged assumptions. Problems Problem 9.1. Give derivations of the following: 1. ¬(A→ B) → (A ∧ ¬B) 2. (A→C ) ∨ (B →C ) from the assumption (A ∧ B) →C Problem 9.2. Give derivations of the following: 1. ∃y A(y) → B from the assumption ∀x (A(x) → B) 2. ∃x (A(x) → ∀y A(y)) Problem 9.3. Prove Proposition 9.16 Problem 9.4. Prove that Γ ⊢ ¬A iff Γ ∪ {A} is inconsistent. Problem 9.5. Complete the proof of Theorem 9.27. Problem 9.6. Prove that = is both symmetric and transitive, i.e., give derivations of ∀x ∀y (x = y→y = x) and ∀x ∀y ∀z ((x = y ∧y = z ) → x = z ) Problem 9.7. Give derivations of the following formulas: 1. ∀x ∀y ((x = y ∧ A(x)) → A(y)) 2. ∃x A(x)∧∀y ∀z ((A(y)∧A(z ))→y = z )→∃x (A(x)∧∀y (A(y)→ y = x)) CHAPTER 10 The Completeness Theorem 10.1 Introduction The completeness theorem is one of the most fundamental results about logic. It comes in two formulations, the equivalence of which we'll prove. In its first formulation it says something fundamental about the relationship between semantic consequence and our proof system: if a sentence A follows from some sentences Γ , then there is also a derivation that establishes Γ ⊢ A. Thus, the proof system is as strong as it can possibly be without proving things that don't actually follow. In its second formulation, it can be stated as a model existence result: every consistent set of sentences is satisfiable. Consistency is a proof-theoretic notion: it says that our proof system is unable to produce certain derivations. But who's to say that just because there are no derivations of a certain sort from Γ , it's guaranteed that there is a structure M? Before the completeness theorem was first proved-in fact before we had the proof systems 196 197 10.1. INTRODUCTION we now do-the great German mathematician David Hilbert held the view that consistency of mathematical theories guarantees the existence of the objects they are about. He put it as follows in a letter to Gottlob Frege: If the arbitrarily given axioms do not contradict one another with all their consequences, then they are true and the things defined by the axioms exist. This is for me the criterion of truth and existence. Frege vehemently disagreed. The second formulation of the completeness theorem shows that Hilbert was right in at least the sense that if the axioms are consistent, then some structure exists that makes them all true. These aren't the only reasons the completeness theorem-or rather, its proof-is important. It has a number of important consequences, some of which we'll discuss separately. For instance, since any derivation that shows Γ ⊢ A is finite and so can only use finitely many of the sentences in Γ , it follows by the completeness theorem that if A is a consequence of Γ , it is already a consequence of a finite subset of Γ . This is called compactness. Equivalently, if every finite subset of Γ is consistent, then Γ itself must be consistent. Although the compactness theorem follows from the completeness theorem via the detour through derivations, it is also possible to use the the proof of the completeness theorem to establish it directly. For what the proof does is take a set of sentences with a certain property-consistency-and constructs a structure out of this set that has certain properties (in this case, that it satisfies the set). Almost the very same construction can be used to directly establish compactness, by starting from "finitely satisfiable" sets of sentences instead of consistent ones. The construction also yields other consequences, e.g., that any satisfiable set of sentences has a finite or countably infinite model. (This result is called the Löwenheim-Skolem theorem.) In general, the construction of structures from sets of sentences is used often in logic, and sometimes even in philosophy. 198 CHAPTER 10. THE COMPLETENESS THEOREM 10.2 Outline of the Proof The proof of the completeness theorem is a bit complex, and upon first reading it, it is easy to get lost. So let us outline the proof. The first step is a shift of perspective, that allows us to see a route to a proof. When completeness is thought of as "whenever Γ ⊨ A then Γ ⊢ A," it may be hard to even come up with an idea: for to show that Γ ⊢ A we have to find a derivation, and it does not look like the hypothesis that Γ ⊨ A helps us for this in any way. For some proof systems it is possible to directly construct a derivation, but we will take a slightly different approach. The shift in perspective required is this: completeness can also be formulated as: "if Γ is consistent, it is satisfiable." Perhaps we can use the information in Γ together with the hypothesis that it is consistent to construct a structure that satisfies every sentence in Γ . After all, we know what kind of structure we are looking for: one that is as Γ describes it! If Γ contains only atomic sentences, it is easy to construct a model for it. Suppose the atomic sentences are all of the form P (a1, . . . ,an) where the ai are constant symbols. All we have to do is come up with a domain |M | and an assignment for P so that M ⊨ P (a1, . . . ,an). But that's not very hard: put |M | = N, cMi = i , and for every P (a1, . . . ,an) ∈ Γ , put the tuple ⟨k1, . . . ,kn⟩ into PM, where ki is the index of the constant symbol ai (i.e., ai ≡ cki ). Now suppose Γ contains some formula ¬B , with B atomic. We might worry that the construction of M interferes with the possibility of making ¬B true. But here's where the consistency of Γ comes in: if ¬B ∈ Γ , then B ∉ Γ , or else Γ would be inconsistent. And if B ∉ Γ , then according to our construction of M, M ⊭ B , so M ⊨ ¬B . So far so good. What if Γ contains complex, non-atomic formulas? Say it contains A ∧ B . To make that true, we should proceed as if both A and B were in Γ . And if A ∨ B ∈ Γ , then we will have to make at least one of them true, i.e., proceed as if one of them was in Γ . This suggests the following idea: we add additional formulas 199 10.2. OUTLINE OF THE PROOF to Γ so as to (a) keep the resulting set consistent and (b) make sure that for every possible atomic sentence A, either A is in the resulting set, or ¬A is, and (c) such that, whenever A ∧ B is in the set, so are both A and B , if A ∨B is in the set, at least one of A or B is also, etc. We keep doing this (potentially forever). Call the set of all formulas so added Γ∗. Then our construction above would provide us with a structure M for which we could prove, by induction, that it satisfies all sentences in Γ∗, and hence also all sentence in Γ since Γ ⊆ Γ∗. It turns out that guaranteeing (a) and (b) is enough. A set of sentences for which (b) holds is called complete. So our task will be to extend the consistent set Γ to a consistent and complete set Γ∗. There is one wrinkle in this plan: if ∃x A(x) ∈ Γ we would hope to be able to pick some constant symbol c and add A(c ) in this process. But how do we know we can always do that? Perhaps we only have a few constant symbols in our language, and for each one of them we have ¬A(c ) ∈ Γ . We can't also add A(c ), since this would make the set inconsistent, and we wouldn't know whether M has to make A(c ) or ¬A(c ) true. Moreover, it might happen that Γ contains only sentences in a language that has no constant symbols at all (e.g., the language of set theory). The solution to this problem is to simply add infinitely many constants at the beginning, plus sentences that connect them with the quantifiers in the right way. (Of course, we have to verify that this cannot introduce an inconsistency.) Our original construction works well if we only have constant symbols in the atomic sentences. But the language might also contain function symbols. In that case, it might be tricky to find the right functions on N to assign to these function symbols to make everything work. So here's another trick: instead of using i to interpret ci , just take the set of constant symbols itself as the domain. Then M can assign every constant symbol to itself: cMi = ci . But why not go all the way: let |M | be all terms of the language! If we do this, there is an obvious assignment of functions (that take terms as arguments and have terms as values) to function symbols: we assign to the function symbol f ni the 200 CHAPTER 10. THE COMPLETENESS THEOREM function which, given n terms t1, . . . , tn as input, produces the term f ni (t1, . . . , tn) as value. The last piece of the puzzle is what to do with =. The predicate symbol = has a fixed interpretation: M ⊨ t = t ′ iff ValM(t ) = ValM(t ′). Now if we set things up so that the value of a term t is t itself, then this structure will make no sentence of the form t = t ′ true unless t and t ′ are one and the same term. And of course this is a problem, since basically every interesting theory in a language with function symbols will have as theorems sentences t = t ′ where t and t ′ are not the same term (e.g., in theories of arithmetic: (0 + 0) = 0). To solve this problem, we change the domain of M: instead of using terms as the objects in |M |, we use sets of terms, and each set is so that it contains all those terms which the sentences in Γ require to be equal. So, e.g., if Γ is a theory of arithmetic, one of these sets will contain: 0, (0 + 0), (0 × 0), etc. This will be the set we assign to 0, and it will turn out that this set is also the value of all the terms in it, e.g., also of (0 + 0). Therefore, the sentence (0 + 0) = 0 will be true in this revised structure. So here's what we'll do. First we investigate the properties of complete consistent sets, in particular we prove that a complete consistent set contains A ∧ B iff it contains both A and B , A ∨ B iff it contains at least one of them, etc. (Proposition 10.2). Then we define and investigate "saturated" sets of sentences. A saturated set is one which contains conditionals that link each quantified sentence to instances of it (Definition 10.5). We show that any consistent set Γ can always be extended to a saturated set Γ ′ (Lemma 10.6). If a set is consistent, saturated, and complete it also has the property that it contains ∃x A(x) iff it contains A(t ) for some closed term t and ∀x A(x) iff it contains A(t ) for all closed terms t (Proposition 10.7). We'll then take the saturated consistent set Γ ′ and show that it can be extended to a saturated, consistent, and complete set Γ∗ (Lemma 10.8). This set Γ∗ is what we'll use to define our term model M(Γ∗). The term model has the set of closed terms as its domain, and the interpretation of its predicate symbols is given by the atomic sentences 201 10.3. COMPLETE CONSISTENT SETS OF SENTENCES in Γ∗ (Definition 10.9). We'll use the properties of saturated, complete consistent sets to show that indeed M(Γ∗) ⊨ A iff A ∈ Γ∗ (Lemma 10.11), and thus in particular, M(Γ∗) ⊨ Γ . Finally, we'll consider how to define a term model if Γ contains = as well (Definition 10.15) and show that it satisfies Γ∗ (Lemma 10.17). 10.3 Complete Consistent Sets of Sentences Definition 10.1 (Complete set). A set Γ of sentences is complete iff for any sentence A, either A ∈ Γ or ¬A ∈ Γ . Complete sets of sentences leave no questions unanswered. For any sentence A, Γ "says" if A is true or false. The importance of complete sets extends beyond the proof of the completeness theorem. A theory which is complete and axiomatizable, for instance, is always decidable. Complete consistent sets are important in the completeness proof since we can guarantee that every consistent set of sentences Γ is contained in a complete consistent set Γ∗. A complete consistent set contains, for each sentence A, either A or its negation ¬A, but not both. This is true in particular for atomic sentences, so from a complete consistent set in a language suitably expanded by constant symbols, we can construct a structure where the interpretation of predicate symbols is defined according to which atomic sentences are in Γ∗. This structure can then be shown to make all sentences in Γ∗ (and hence also all those in Γ) true. The proof of this latter fact requires that ¬A ∈ Γ∗ iff A ∉ Γ∗, (A ∨ B) ∈ Γ∗ iff A ∈ Γ∗ or B ∈ Γ∗, etc. In what follows, we will often tacitly use the properties of reflexivity, monotonicity, and transitivity of ⊢ (see sections 8.8 and 9.7). Proposition 10.2. Suppose Γ is complete and consistent. Then: 1. If Γ ⊢ A, then A ∈ Γ . 202 CHAPTER 10. THE COMPLETENESS THEOREM 2. A ∧ B ∈ Γ iff both A ∈ Γ and B ∈ Γ . 3. A ∨ B ∈ Γ iff either A ∈ Γ or B ∈ Γ . 4. A→ B ∈ Γ iff either A ∉ Γ or B ∈ Γ . Proof. Let us suppose for all of the following that Γ is complete and consistent. 1. If Γ ⊢ A, then A ∈ Γ . Suppose that Γ ⊢ A. Suppose to the contrary that A ∉ Γ . Since Γ is complete, ¬A ∈ Γ . By Propositions 8.20 and 9.20, Γ is inconsistent. This contradicts the assumption that Γ is consistent. Hence, it cannot be the case that A ∉ Γ , so A ∈ Γ . 2. Exercise. 3. First we show that if A∨B ∈ Γ , then either A ∈ Γ or B ∈ Γ . Suppose A ∨ B ∈ Γ but A ∉ Γ and B ∉ Γ . Since Γ is complete, ¬A ∈ Γ and ¬B ∈ Γ . By Propositions 8.23 and 9.23, item (1), Γ is inconsistent, a contradiction. Hence, either A ∈ Γ or B ∈ Γ . For the reverse direction, suppose that A ∈ Γ or B ∈ Γ . By Propositions 8.23 and 9.23, item (2), Γ ⊢ A ∨ B . By (1), A ∨ B ∈ Γ , as required. 4. Exercise. □ 10.4 Henkin Expansion Part of the challenge in proving the completeness theorem is that the model we construct from a complete consistent set Γ must make all the quantified formulas in Γ true. In order to guarantee this, we use a trick due to Leon Henkin. In essence, the 203 10.4. HENKIN EXPANSION trick consists in expanding the language by infinitely many constant symbols and adding, for each formula with one free variable A(x) a formula of the form ∃x A(x) → A(c ), where c is one of the new constant symbols. When we construct the structure satisfying Γ , this will guarantee that each true existential sentence has a witness among the new constants. Proposition 10.3. If Γ is consistent in L and L′ is obtained from L by adding a countably infinite set of new constant symbols d0, d1, . . . , then Γ is consistent in L′. Definition 10.4 (Saturated set). A set Γ of formulas of a language L is saturated iff for each formula A(x) ∈ Frm(L) with one free variable x there is a constant symbol c ∈ L such that ∃x A(x) → A(c ) ∈ Γ . The following definition will be used in the proof of the next theorem. Definition 10.5. Let L′ be as in Proposition 10.3. Fix an enumeration A0(x0), A1(x1), . . . of all formulas Ai (xi ) of L′ in which one variable (xi ) occurs free. We define the sentences Dn by induction on n. Let c0 be the first constant symbol among the di we added toLwhich does not occur in A0(x0). Assuming that D0, . . . , Dn−1 have already been defined, let cn be the first among the new constant symbols di that occurs neither inD0, . . . ,Dn−1 nor inAn(xn). Now let Dn be the formula ∃xn An(xn) → An(cn). 204 CHAPTER 10. THE COMPLETENESS THEOREM Lemma 10.6. Every consistent set Γ can be extended to a saturated consistent set Γ ′. Proof. Given a consistent set of sentences Γ in a language L, expand the language by adding a countably infinite set of new constant symbols to formL′. By Proposition 10.3, Γ is still consistent in the richer language. Further, let Di be as in Definition 10.5. Let Γ0 = Γ Γn+1 = Γn ∪ {Dn} i.e., Γn+1 = Γ ∪ {D0, . . . ,Dn}, and let Γ ′ = ⋃︁ n Γn . Γ ′ is clearly saturated. If Γ ′ were inconsistent, then for some n, Γn would be inconsistent (Exercise: explain why). So to show that Γ ′ is consistent it suffices to show, by induction on n, that each set Γn is consistent. The induction basis is simply the claim that Γ0 = Γ is consistent, which is the hypothesis of the theorem. For the induction step, suppose that Γn is consistent but Γn+1 = Γn ∪ {Dn} is inconsistent. Recall that Dn is ∃xn An(xn) → An(cn), where An(xn) is a formula of L′ with only the variable xn free. By the way we've chosen the cn (see Definition 10.5), cn does not occur in An(xn) nor in Γn . If Γn ∪ {Dn} is inconsistent, then Γn ⊢ ¬Dn , and hence both of the following hold: Γn ⊢ ∃xn An(xn) Γn ⊢ ¬An(cn) Since cn does not occur in Γn or in An(xn), Theorems 8.25 and 9.25 applies. From Γn ⊢ ¬An(cn), we obtain Γn ⊢ ∀xn ¬An(xn). Thus we have that both Γn ⊢ ∃xn An(xn) and Γn ⊢ ∀xn ¬An(xn), so Γn itself is inconsistent. (Note that ∀xn ¬An(xn) ⊢ ¬∃xn An(xn).) Contradiction: Γn was supposed to be consistent. Hence Γn ∪ {Dn} is consistent. □ We'll now show that complete, consistent sets which are saturated have the property that it contains a universally quantified 205 10.5. LINDENBAUM'S LEMMA sentence iff it contains all its instances and it contains an existentially quantified sentence iff it contains at least one instance. We'll use this to show that the structure we'll generate from a complete, consistent, saturated set makes all its quantified sentences true. Proposition 10.7. Suppose Γ is complete, consistent, and saturated. 1. ∃x A(x) ∈ Γ iff A(t ) ∈ Γ for at least one closed term t . 2. ∀x A(x) ∈ Γ iff A(t ) ∈ Γ for all closed terms t . Proof. 1. First suppose that ∃x A(x) ∈ Γ . Because Γ is saturated, (∃x A(x) → A(c )) ∈ Γ for some constant symbol c . By Propositions 8.24 and 9.24, item (1), and Proposition 10.2(1), A(c ) ∈ Γ . For the other direction, saturation is not necessary: Suppose A(t ) ∈ Γ . Then Γ ⊢ ∃x A(x) by Propositions 8.26 and 9.26, item (1). By Proposition 10.2(1), ∃x A(x) ∈ Γ . 2. Exercise. □ 10.5 Lindenbaum's Lemma We now prove a lemma that shows that any consistent set of sentences is contained in some set of sentences which is not just consistent, but also complete. The proof works by adding one sentence at a time, guaranteeing at each step that the set remains consistent. We do this so that for every A, either A or ¬A gets added at some stage. The union of all stages in that construction then contains either A or its negation ¬A and is thus complete. It is also consistent, since we made sure at each stage not to introduce an inconsistency. 206 CHAPTER 10. THE COMPLETENESS THEOREM Lemma 10.8 (Lindenbaum's Lemma). Every consistent set Γ in a language L can be extended to a complete and consistent set Γ∗. Proof. Let Γ be consistent. Let A0, A1, . . . be an enumeration of all the sentences of L. Define Γ0 = Γ , and Γn+1 = {︄ Γn ∪ {An} if Γn ∪ {An} is consistent; Γn ∪ {¬An} otherwise. Let Γ∗ = ⋃︁ n≥0 Γn . Each Γn is consistent: Γ0 is consistent by definition. If Γn+1 = Γn ∪ {An}, this is because the latter is consistent. If it isn't, Γn+1 = Γn ∪ {¬An}. We have to verify that Γn ∪ {¬An} is consistent. Suppose it's not. Then both Γn ∪ {An} and Γn ∪ {¬An} are inconsistent. This means that Γn would be inconsistent by Propositions 8.20 and 9.20, contrary to the induction hypothesis. For every n and every i < n, Γi ⊆ Γn . This follows by a simple induction on n. For n = 0, there are no i < 0, so the claim holds automatically. For the inductive step, suppose it is true for n. We have Γn+1 = Γn ∪ {An} or = Γn ∪ {¬An} by construction. So Γn ⊆ Γn+1. If i < n, then Γi ⊆ Γn by inductive hypothesis, and so ⊆ Γn+1 by transitivity of ⊆. From this it follows that every finite subset of Γ∗ is a subset of Γn for some n, since each B ∈ Γ∗ not already in Γ0 is added at some stage i . If n is the last one of these, then all B in the finite subset are in Γn . So, every finite subset of Γ∗ is consistent. By Propositions 8.17 and 9.17, Γ∗ is consistent. Every sentence of Frm(L) appears on the list used to define Γ∗. If An ∉ Γ∗, then that is because Γn ∪ {An} was inconsistent. But then ¬An ∈ Γ∗, so Γ∗ is complete. □ 10.6 Construction of a Model Right now we are not concerned about =, i.e., we only want to show that a consistent set Γ of sentences not containing = is satisfiable. We first extend Γ to a consistent, complete, and saturated 207 10.6. CONSTRUCTION OF A MODEL set Γ∗. In this case, the definition of a model M(Γ∗) is simple: We take the set of closed terms of L′ as the domain. We assign every constant symbol to itself, and make sure that more generally, for every closed term t , ValM(Γ ∗)(t ) = t . The predicate symbols are assigned extensions in such a way that an atomic sentence is true in M(Γ∗) iff it is in Γ∗. This will obviously make all the atomic sentences in Γ∗ true in M(Γ∗). The rest are true provided the Γ∗ we start with is consistent, complete, and saturated. Definition 10.9 (Term model). Let Γ∗ be a complete and consistent, saturated set of sentences in a language L. The term model M(Γ∗) of Γ∗ is the structure defined as follows: 1. The domain |M(Γ∗)| is the set of all closed terms of L. 2. The interpretation of a constant symbol c is c itself: cM(Γ ∗) = c . 3. The function symbol f is assigned the function which, given as arguments the closed terms t1, . . . , tn , has as value the closed term f (t1, . . . , tn): f M(Γ ∗)(t1, . . . , tn) = f (t1, . . . , tn) 4. If R is an n-place predicate symbol, then ⟨t1, . . . , tn⟩ ∈ RM(Γ ∗) iff R(t1, . . . , tn) ∈ Γ∗. A structure M may make an existentially quantified sentence ∃x A(x) true without there being an instance A(t ) that it makes true. A structure M may make all instances A(t ) of a universally quantified sentence ∀x A(x) true, without making ∀x A(x) true. This is because in general not every element of |M | is the value of a closed term (M may not be covered). This is the reason the satisfaction relation is defined via variable assignments. However, for our term model M(Γ∗) this wouldn't be necessary- because it is covered. This is the content of the next result. 208 CHAPTER 10. THE COMPLETENESS THEOREM Proposition 10.10. Let M(Γ∗) be the term model of Definition 10.9. 1. M(Γ∗) ⊨ ∃x A(x) iff M ⊨ A(t ) for at least one term t . 2. M(Γ∗) ⊨ ∀x A(x) iff M ⊨ A(t ) for all terms t . Proof. 1. By Proposition 5.42, M(Γ∗) ⊨ ∃x A(x) iff for at least one variable assignment s , M(Γ∗), s ⊨ A(x). As |M(Γ∗)| consists of the closed terms of L, this is the case iff there is at least one closed term t such that s (x) = t and M(Γ∗), s ⊨ A(x). By Proposition 5.46, M(Γ∗), s ⊨ A(x) iff M(Γ∗), s ⊨ A(t ), where s (x) = t . By Proposition 5.41, M(Γ∗), s ⊨ A(t ) iff M(Γ∗) ⊨ A(t ), since A(t ) is a sentence. 2. Exercise. □ Lemma 10.11 (Truth Lemma). Suppose A does not contain =. Then M(Γ∗) ⊨ A iff A ∈ Γ∗. Proof. We prove both directions simultaneously, and by induction on A. 1. A ≡ ⊥: M(Γ∗) ⊭ ⊥ by definition of satisfaction. On the other hand, ⊥ ∉ Γ∗ since Γ∗ is consistent. 2. A ≡ R(t1, . . . , tn): M(Γ∗) ⊨ R(t1, . . . , tn) iff ⟨t1, . . . , tn⟩ ∈ RM(Γ ∗) (by the definition of satisfaction) iff R(t1, . . . , tn) ∈ Γ∗ (by the construction of M(Γ∗)). 3. A ≡ ¬B : M(Γ∗) ⊨ A iff M(Γ∗) ⊭ B (by definition of satisfaction). By induction hypothesis, M(Γ∗) ⊭ B iff B ∉ Γ∗. Since Γ∗ is consistent and complete, B ∉ Γ∗ iff ¬B ∈ Γ∗. 4. A ≡ B ∧C : exercise. 5. A ≡ B ∨ C : M(Γ∗) ⊨ A iff M(Γ∗) ⊨ B or M(Γ∗) ⊨ C (by definition of satisfaction) iff B ∈ Γ∗ or C ∈ Γ∗ (by induction hypothesis). This is the case iff (B ∨C ) ∈ Γ∗ (by Proposition 10.2(3)). 209 10.7. IDENTITY 6. A ≡ B →C : exercise. 7. A ≡ ∀x B(x): exercise. 8. A ≡ ∃x B(x): M(Γ∗) ⊨ A iff M(Γ∗) ⊨ B(t ) for at least one term t (Proposition 10.10). By induction hypothesis, this is the case iff B(t ) ∈ Γ∗ for at least one term t . By Proposition 10.7, this in turn is the case iff ∃x A(x) ∈ Γ∗. □ 10.7 Identity The construction of the term model given in the preceding section is enough to establish completeness for first-order logic for sets Γ that do not contain =. The term model satisfies every A ∈ Γ∗ which does not contain = (and hence all A ∈ Γ). It does not work, however, if = is present. The reason is that Γ∗ then may contain a sentence t = t ′, but in the term model the value of any term is that term itself. Hence, if t and t ′ are different terms, their values in the term model-i.e., t and t ′, respectively-are different, and so t = t ′ is false. We can fix this, however, using a construction known as "factoring." Definition 10.12. Let Γ∗ be a consistent and complete set of sentences in L. We define the relation ≈ on the set of closed terms of L by t ≈ t ′ iff t = t ′ ∈ Γ∗ Proposition 10.13. The relation ≈ has the following properties: 1. ≈ is reflexive. 2. ≈ is symmetric. 3. ≈ is transitive. 210 CHAPTER 10. THE COMPLETENESS THEOREM 4. If t ≈ t ′, f is a function symbol, and t1, . . . , ti−1, ti+1, . . . , tn are terms, then f (t1, . . . , ti−1, t, ti+1, . . . , tn) ≈ f (t1, . . . , ti−1, t ′, ti+1, . . . , tn). 5. If t ≈ t ′, R is a predicate symbol, and t1, . . . , ti−1, ti+1, . . . , tn are terms, then R(t1, . . . , ti−1, t, ti+1, . . . , tn) ∈ Γ∗ iff R(t1, . . . , ti−1, t ′, ti+1, . . . , tn) ∈ Γ∗. Proof. Since Γ∗ is consistent and complete, t = t ′ ∈ Γ∗ iff Γ∗ ⊢ t = t ′. Thus it is enough to show the following: 1. Γ∗ ⊢ t = t for all terms t . 2. If Γ∗ ⊢ t = t ′ then Γ∗ ⊢ t ′ = t . 3. If Γ∗ ⊢ t = t ′ and Γ∗ ⊢ t ′ = t ′′, then Γ∗ ⊢ t = t ′′. 4. If Γ∗ ⊢ t = t ′, then Γ∗ ⊢ f (t1, . . . , ti−1, t, ti+1, , . . . , tn) = f (t1, . . . , ti−1, t ′, ti+1, . . . , tn) for every n-place function symbol f and terms t1, . . . , ti−1, ti+1, . . . , tn . 5. If Γ∗ ⊢ t = t ′ and Γ∗ ⊢ R(t1, . . . , ti−1, t, ti+1, . . . , tn), then Γ∗ ⊢ R(t1, . . . , ti−1, t ′, ti+1, . . . , tn) for every n-place predicate symbol R and terms t1, . . . , ti−1, ti+1, . . . , tn . □ Definition 10.14. Suppose Γ∗ is a consistent and complete set in a language L, t is a term, and ≈ as in the previous definition. Then: [t ]≈ = {t ′ : t ′ ∈ Trm(L), t ≈ t ′} 211 10.7. IDENTITY and Trm(L)/≈= {[t ]≈ : t ∈ Trm(L)}. Definition 10.15. Let M = M(Γ∗) be the term model for Γ∗. Then M/≈ is the following structure: 1. |M/≈ | = Trm(L)/≈. 2. cM/≈ = [c ]≈ 3. f M/≈([t1]≈, . . . , [tn]≈) = [f (t1, . . . , tn)]≈ 4. ⟨[t1]≈, . . . , [tn]≈⟩ ∈ RM/≈ iff M ⊨ R(t1, . . . , tn). Note that we have defined f M/≈ and RM/≈ for elements of Trm(L)/≈ by referring to them as [t ]≈, i.e., via representatives t ∈ [t ]≈. We have to make sure that these definitions do not depend on the choice of these representatives, i.e., that for some other choices t ′ which determine the same equivalence classes ([t ]≈ = [t ′]≈), the definitions yield the same result. For instance, if R is a one-place predicate symbol, the last clause of the definition says that [t ]≈ ∈ RM/≈ iff M ⊨ R(t ). If for some other term t ′ with t ≈ t ′, M ⊭ R(t ), then the definition would require [t ′]≈ ∉ RM/≈ . If t ≈ t ′, then [t ]≈ = [t ′]≈, but we can't have both [t ]≈ ∈ RM/≈ and [t ]≈ ∉ RM/≈ . However, Proposition 10.13 guarantees that this cannot happen. Proposition 10.16. M/≈ is well defined, i.e., if t1, . . . , tn , t ′1, . . . , t ′ n are terms, and ti ≈ t ′i then 1. [f (t1, . . . , tn)]≈ = [f (t ′1, . . . , t ′ n)]≈, i.e., f (t1, . . . , tn) ≈ f (t ′1, . . . , t ′ n) and 212 CHAPTER 10. THE COMPLETENESS THEOREM 2. M ⊨ R(t1, . . . , tn) iff M ⊨ R(t ′1, . . . , t ′ n), i.e., R(t1, . . . , tn) ∈ Γ∗ iff R(t ′1, . . . , t ′ n) ∈ Γ ∗. Proof. Follows from Proposition 10.13 by induction on n. □ Lemma 10.17. M/≈ ⊨ A iff A ∈ Γ∗ for all sentences A. Proof. By induction on A, just as in the proof of Lemma 10.11. The only case that needs additional attention is when A ≡ t = t ′. M/≈ ⊨ t = t ′ iff [t ]≈ = [t ′]≈ (by definition of M/≈) iff t ≈ t ′ (by definition of [t ]≈) iff t = t ′ ∈ Γ∗ (by definition of ≈). □ Note that while M(Γ∗) is always countable and infinite, M/≈ may be finite, since it may turn out that there are only finitely many classes [t ]≈. This is to be expected, since Γ may contain sentences which require any structure in which they are true to be finite. For instance, ∀x ∀y x = y is a consistent sentence, but is satisfied only in structures with a domain that contains exactly one element. 10.8 The Completeness Theorem Let's combine our results: we arrive at the completeness theorem. Theorem 10.18 (Completeness Theorem). Let Γ be a set of sentences. If Γ is consistent, it is satisfiable. Proof. Suppose Γ is consistent. By Lemma 10.6, there is a saturated consistent set Γ ′ ⊇ Γ . By Lemma 10.8, there is a Γ∗ ⊇ Γ ′ which is consistent and complete. Since Γ ′ ⊆ Γ∗, for each formula A(x), Γ∗ contains a sentence of the form ∃x A(x)→A(c ) and 213 10.9. THE COMPACTNESS THEOREM so Γ∗ is saturated. If Γ does not contain =, then by Lemma 10.11, M(Γ∗) ⊨ A iff A ∈ Γ∗. From this it follows in particular that for all A ∈ Γ , M(Γ∗) ⊨ A, so Γ is satisfiable. If Γ does contain =, then by Lemma 10.17, M/≈ ⊨ A iff A ∈ Γ∗ for all sentences A. In particular, M/≈ ⊨ A for all A ∈ Γ , so Γ is satisfiable. □ Corollary 10.19 (Completeness Theorem, Second Version). For all Γ and sentences A: if Γ ⊨ A then Γ ⊢ A. Proof. Note that the Γ 's in Corollary 10.19 and Theorem 10.18 are universally quantified. To make sure we do not confuse ourselves, let us restate Theorem 10.18 using a different variable: for any set of sentences ∆, if ∆ is consistent, it is satisfiable. By contraposition, if ∆ is not satisfiable, then ∆ is inconsistent. We will use this to prove the corollary. Suppose that Γ ⊨ A. Then Γ∪{¬A} is unsatisfiable by Proposition 5.51. Taking Γ ∪ {¬A} as our ∆, the previous version of Theorem 10.18 gives us that Γ ∪ {¬A} is inconsistent. By Propositions 8.19 and 9.19, Γ ⊢ A. □ 10.9 The Compactness Theorem One important consequence of the completeness theorem is the compactness theorem. The compactness theorem states that if each finite subset of a set of sentences is satisfiable, the entire set is satisfiable-even if the set itself is infinite. This is far from obvious. There is nothing that seems to rule out, at first glance at least, the possibility of there being infinite sets of sentences which are contradictory, but the contradiction only arises, so to speak, from the infinite number. The compactness theorem says that such a scenario can be ruled out: there are no unsatisfiable infinite sets of sentences each finite subset of which is satisfiable. Like the completeness theorem, it has a version related to entailment: if an infinite set of sentences entails something, already a finite subset does. 214 CHAPTER 10. THE COMPLETENESS THEOREM Definition 10.20. A set Γ of formulas is finitely satisfiable if and only if every finite Γ0 ⊆ Γ is satisfiable. Theorem 10.21 (Compactness Theorem). The following hold for any sentences Γ and A: 1. Γ ⊨ A iff there is a finite Γ0 ⊆ Γ such that Γ0 ⊨ A. 2. Γ is satisfiable if and only if it is finitely satisfiable. Proof. We prove (2). If Γ is satisfiable, then there is a structure M such that M ⊨ A for all A ∈ Γ . Of course, this M also satisfies every finite subset of Γ , so Γ is finitely satisfiable. Now suppose that Γ is finitely satisfiable. Then every finite subset Γ0 ⊆ Γ is satisfiable. By soundness (Corollaries 9.29 and 8.31), every finite subset is consistent. Then Γ itself must be consistent by Propositions 8.17 and 9.17. By completeness (Theorem 10.18), since Γ is consistent, it is satisfiable. □ Example 10.22. In every model M of a theory Γ , each term t of course picks out an element of |M |. Can we guarantee that it is also true that every element of |M | is picked out by some term or other? In other words, are there theories Γ all models of which are covered? The compactness theorem shows that this is not the case if Γ has infinite models. Here's how to see this: Let M be an infinite model of Γ , and let c be a constant symbol not in the language of Γ . Let ∆ be the set of all sentences c ≠ t for t a term in the language L of Γ , i.e., ∆ = {c ≠ t : t ∈ Trm(L)}. A finite subset of Γ ∪ ∆ can be written as Γ ′ ∪ ∆′, with Γ ′ ⊆ Γ and ∆′ ⊆ ∆. Since ∆′ is finite, it can contain only finitely many terms. Let a ∈ |M | be an element of |M | not picked out by any of them, and let M′ be the structure that is just like M, but also cM ′ = a. Since a ≠ ValM(t ) for all t occuring in ∆′, M′ ⊨ ∆′. 215 10.9. THE COMPACTNESS THEOREM Since M ⊨ Γ , Γ ′ ⊆ Γ , and c does not occur in Γ , also M′ ⊨ Γ ′. Together, M′ ⊨ Γ ′∪ ∆′ for every finite subset Γ ′∪ ∆′ of Γ ∪ ∆. So every finite subset of Γ ∪ ∆ is satisfiable. By compactness, Γ ∪ ∆ itself is satisfiable. So there are models M ⊨ Γ ∪ ∆. Every such M is a model of Γ , but is not covered, since ValM(c ) ≠ ValM(t ) for all terms t of L. Example 10.23. Consider a language L containing the predicate symbol <, constant symbols 0, 1, and function symbols +, ×, −, ÷. Let Γ be the set of all sentences in this language true in Q with domain Q and the obvious interpretations. Γ is the set of all sentences of L true about the rational numbers. Of course, in Q (and even in R), there are no numbers which are greater than 0 but less than 1/k for all k ∈ Z+. Such a number, if it existed, would be an infinitesimal: non-zero, but infinitely small. The compactness theorem shows that there are models of Γ in which infinitesimals exist: Let ∆ be {0 < c }∪{c < (1÷k ) : k ∈ Z+} (where k = (1 + (1 + * * * + (1 + 1) . . . )) with k 1's). For any finite subset ∆0 of ∆ there is a K such that all the sentences c < k in ∆0 have k < K . If we expand Q to Q′ with cQ ′ = 1/K we have that Q′ ⊨ Γ ∪ ∆0, and so Γ ∪ ∆ is finitely satisfiable (Exercise: prove this in detail). By compactness, Γ ∪ ∆ is satisfiable. Any model S of Γ ∪ ∆ contains an infinitesimal, namely cS. Example 10.24. We know that first-order logic with identity predicate can express that the size of the domain must have some minimal size: The sentence A≥n (which says "there are at least n distinct objects") is true only in structures where |M | has at least n objects. So if we take ∆ = {A≥n : n ≥ 1} then any model of ∆must be infinite. Thus, we can guarantee that a theory only has infinite models by adding ∆ to it: the models of Γ ∪ ∆ are all and only the infinite models of Γ . So first-order logic can express infinitude. The compactness theorem shows that it cannot express finitude, however. For sup216 CHAPTER 10. THE COMPLETENESS THEOREM pose some set of sentences Λ were satisfied in all and only finite structures. Then ∆ ∪ Λ is finitely satisfiable. Why? Suppose ∆′ ∪ Λ′ ⊆ ∆ ∪ Λ is finite with ∆′ ⊆ ∆ and Λ′ ⊆ Λ. Let n be the largest number such that A≥n ∈ ∆′. Λ, being satisfied in all finite structures, has a model M with finitely many but ≥ n elements. But then M ⊨ ∆′ ∪ Λ′. By compactness, ∆ ∪ Λ has an infinite model, contradicting the assumption that Λ is satisfied only in finite structures. 10.10 A Direct Proof of the Compactness Theorem We can prove the Compactness Theorem directly, without appealing to the Completeness Theorem, using the same ideas as in the proof of the completeness theorem. In the proof of the Completeness Theorem we started with a consistent set Γ of sentences, expanded it to a consistent, saturated, and complete set Γ∗ of sentences, and then showed that in the term model M(Γ∗) constructed from Γ∗, all sentences of Γ are true, so Γ is satisfiable. We can use the same method to show that a finitely satisfiable set of sentences is satisfiable. We just have to prove the corresponding versions of the results leading to the truth lemma where we replace "consistent" with "finitely satisfiable." Proposition 10.25. Suppose Γ is complete and finitely satisfiable. Then: 1. (A ∧ B) ∈ Γ iff both A ∈ Γ and B ∈ Γ . 2. (A ∨ B) ∈ Γ iff either A ∈ Γ or B ∈ Γ . 3. (A→ B) ∈ Γ iff either A ∉ Γ or B ∈ Γ . 217 10.11. THE LÖWENHEIM-SKOLEM THEOREM Lemma 10.26. Every finitely satisfiable set Γ can be extended to a saturated finitely satisfiable set Γ ′. Proposition 10.27. Suppose Γ is complete, finitely satisfiable, and saturated. 1. ∃x A(x) ∈ Γ iff A(t ) ∈ Γ for at least one closed term t . 2. ∀x A(x) ∈ Γ iff A(t ) ∈ Γ for all closed terms t . Lemma 10.28. Every finitely satisfiable set Γ can be extended to a complete and finitely satisfiable set Γ∗. Theorem 10.29 (Compactness). Γ is satisfiable if and only if it is finitely satisfiable. Proof. If Γ is satisfiable, then there is a structure M such that M ⊨ A for all A ∈ Γ . Of course, this M also satisfies every finite subset of Γ , so Γ is finitely satisfiable. Now suppose that Γ is finitely satisfiable. By Lemma 10.26, there is a finitely satisfiable, saturated set Γ ′ ⊇ Γ . By Lemma 10.28, Γ ′ can be extended to a complete and finitely satisfiable set Γ∗, and Γ∗ is still saturated. Construct the term model M(Γ∗) as in Definition 10.9. Note that Proposition 10.10 did not rely on the fact that Γ∗ is consistent (or complete or saturated, for that matter), but just on the fact that M(Γ∗) is covered. The proof of the Truth Lemma (Lemma 10.11) goes through if we replace references to Proposition 10.2 and Proposition 10.7 by references to Proposition 10.25 and Proposition 10.27 □ 10.11 The Löwenheim-Skolem Theorem The Löwenheim-Skolem Theorem says that if a theory has an infinite model, then it also has a model that is at most countably 218 CHAPTER 10. THE COMPLETENESS THEOREM infinite. An immediate consequene of this fact is that first-order logic cannot express that the size of a structure is uncountable: any sentence or set of sentences satisfied in all uncountable structures is also satisfied in some countable structure. Theorem 10.30. If Γ is consistent then it has a countable model, i.e., it is satisfiable in a structure whose domain is either finite or countably infinite. Proof. If Γ is consistent, the structure M delivered by the proof of the completeness theorem has a domain |M | that is no larger than the set of the terms of the language L. So M is at most countably infinite. □ Theorem 10.31. If Γ is consistent set of sentences in the language of first-order logic without identity, then it has a countably infinite model, i.e., it is satisfiable in a structure whose domain is infinite and countable. Proof. If Γ is consistent and contains no sentences in which identity appears, then the structure M delivered by the proof of the completness theorem has a domain |M | identical to the set of terms of the language L′. So M is countably infinite, since Trm(L′) is. □ Example 10.32 (Skolem's Paradox). Zermelo-Fraenkel set theory ZFC is a very powerful framework in which practically all mathematical statements can be expressed, including facts about the sizes of sets. So for instance, ZFC can prove that the set R of real numbers is uncountable, it can prove Cantor's Theorem that the power set of any set is larger than the set itself, etc. If ZFC is consistent, its models are all infinite, and moreover, they all contain elements about which the theory says that they are uncountable, such as the element that makes true the theorem of ZFC that the power set of the natural numbers 219 10.11. THE LÖWENHEIM-SKOLEM THEOREM exists. By the Löwenheim-Skolem Theorem, ZFC also has countable models-models that contain "uncountable" sets but which themselves are countable. Summary The completeness theorem is the converse of the soundness theorem. In one form it states that if Γ ⊨ A then Γ ⊢ A, in another that if Γ is consistent then it is satisfiable. We proved the second form (and derived the first from the second). The proof is involved and requires a number of steps. We start with a consistent set Γ . First we add infinitely many new constant symbols ci as well as formulas of the form ∃x A(x) → A(c ) where each formula A(x) with a free variable in the expanded language is paired with one of the new constants. This results in a saturated consistent set of sentences containing Γ . It is still consistent. Now we take that set and extend it to a complete consistent set. A complete consistent set has the nice property that for any sentence A, either A or ¬A is in the set (but never both). Since we started from a saturated set, we now have a saturated, complete, consistent set of sentences Γ∗ that includes Γ . From this set it is now possible to define a structure M such that M(Γ∗) ⊨ A iff A ∈ Γ∗. In particular, M(Γ∗) ⊨ Γ , i.e., Γ is satisfiable. If = is present, the construction is slightly more complex. Two important corollaries follow from the completeness theorem. The compactness theorem states that Γ ⊨ A iff Γ0 ⊨ A for some finite Γ0 ⊆ Γ . An equivalent formulation is that Γ is satisfiable iff every finite Γ0 ⊆ Γ is satisfiable. The compactness theorem is useful to prove the existence of structures with certain properties. For instance, we can use it to show that there are infinite models for every theory which has arbitrarily large finite models. This means in particular that finitude cannot be expressed in first-order logic. The second corollary, the Löwenheim-Skolem Theorem, states that every satisfiable Γ has a countable model. It in turn shows that uncountability can220 CHAPTER 10. THE COMPLETENESS THEOREM not be expressed in first-order logic. Problems Problem 10.1. Complete the proof of Proposition 10.2. Problem 10.2. Complete the proof of Proposition 10.10. Problem 10.3. Complete the proof of Lemma 10.11. Problem 10.4. Complete the proof of Proposition 10.13. Problem 10.5. Use Corollary 10.19 to prove Theorem 10.18, thus showing that the two formulations of the completeness theorem are equivalent. Problem 10.6. In order for a derivation system to be complete, its rules must be strong enough to prove every unsatisfiable set inconsistent. Which of the rules of derivation were necessary to prove completeness? Are any of these rules not used anywhere in the proof? In order to answer these questions, make a list or diagram that shows which of the rules of derivation were used in which results that lead up to the proof of Theorem 10.18. Be sure to note any tacit uses of rules in these proofs. Problem 10.7. Prove (1) of Theorem 10.21. Problem 10.8. In the standard model of arithmetic N, there is no element k ∈ |N | which satisfies every formula n < x (where n is 0′...′ with n ′'s). Use the compactness theorem to show that the set of sentences in the language of arithmetic which are true in the standard model of arithmetic N are also true in a structure N ′ that contains an element which does satisfy every formula n < x . Problem 10.9. Prove Proposition 10.25. Avoid the use of ⊢. 221 10.11. THE LÖWENHEIM-SKOLEM THEOREM Problem 10.10. Prove Lemma 10.26. (Hint: The crucial step is to show that if Γn is finitely satisfiable, so is Γn ∪ {Dn}, without any appeal to derivations or consistency.) Problem 10.11. Prove Proposition 10.27. Problem 10.12. Prove Lemma 10.28. (Hint: the crucial step is to show that if Γn is finitely satisfiable, then either Γn ∪ {An} or Γn ∪ {¬An} is finitely satisfiable.) Problem 10.13. Write out the complete proof of the Truth Lemma (Lemma 10.11) in the version required for the proof of Theorem 10.29. CHAPTER 11 Beyond First-order Logic 11.1 Overview First-order logic is not the only system of logic of interest: there are many extensions and variations of first-order logic. A logic typically consists of the formal specification of a language, usually, but not always, a deductive system, and usually, but not always, an intended semantics. But the technical use of the term raises an obvious question: what do logics that are not first-order logic have to do with the word "logic," used in the intuitive or philosophical sense? All of the systems described below are designed to model reasoning of some form or another; can we say what makes them logical? No easy answers are forthcoming. The word "logic" is used in different ways and in different contexts, and the notion, like that of "truth," has been analyzed from numerous philosophical stances. For example, one might take the goal of logical reasoning to be the determination of which statements are necessarily 222 223 11.2. MANY-SORTED LOGIC true, true a priori, true independent of the interpretation of the nonlogical terms, true by virtue of their form, or true by linguistic convention; and each of these conceptions requires a good deal of clarification. Even if one restricts one's attention to the kind of logic used in mathematics, there is little agreement as to its scope. For example, in the Principia Mathematica, Russell andWhitehead tried to develop mathematics on the basis of logic, in the logicist tradition begun by Frege. Their system of logic was a form of higher-type logic similar to the one described below. In the end they were forced to introduce axioms which, by most standards, do not seem purely logical (notably, the axiom of infinity, and the axiom of reducibility), but one might nonetheless hold that some forms of higher-order reasoning should be accepted as logical. In contrast, Quine, whose ontology does not admit "propositions" as legitimate objects of discourse, argues that second-order and higher-order logic are really manifestations of set theory in sheep's clothing; in other words, systems involving quantification over predicates are not purely logical. For now, it is best to leave such philosophical issues for a rainy day, and simply think of the systems below as formal idealizations of various kinds of reasoning, logical or otherwise. 11.2 Many-Sorted Logic In first-order logic, variables and quantifiers range over a single domain. But it is often useful to have multiple (disjoint) domains: for example, you might want to have a domain of numbers, a domain of geometric objects, a domain of functions from numbers to numbers, a domain of abelian groups, and so on. Many-sorted logic provides this kind of framework. One starts with a list of "sorts"-the "sort" of an object indicates the "domain" it is supposed to inhabit. One then has variables and quantifiers for each sort, and (usually) an identity predicate for each sort. Functions and relations are also "typed" by the sorts of objects they can take as arguments. Otherwise, one keeps the 224 CHAPTER 11. BEYOND FIRST-ORDER LOGIC usual rules of first-order logic, with versions of the quantifier-rules repeated for each sort. For example, to study international relations we might choose a language with two sorts of objects, French citizens and German citizens. We might have a unary relation, "drinks wine," for objects of the first sort; another unary relation, "eats wurst," for objects of the second sort; and a binary relation, "forms a multinational married couple," which takes two arguments, where the first argument is of the first sort and the second argument is of the second sort. If we use variables a, b , c to range over French citizens and x , y , z to range over German citizens, then ∀a ∀x[(Marr iedTo(a,x)→(DrinksW ine(a)∨¬EatsWurst(x))]] asserts that if any French person is married to a German, either the French person drinks wine or the German doesn't eat wurst. Many-sorted logic can be embedded in first-order logic in a natural way, by lumping all the objects of the many-sorted domains together into one first-order domain, using unary predicate symbols to keep track of the sorts, and relativizing quantifiers. For example, the first-order language corresponding to the example above would have unary predicate symbolss "German" and "F rench," in addition to the other relations described, with the sort requirements erased. A sorted quantifier ∀x A, where x is a variable of the German sort, translates to ∀x (German(x) → A). We need to add axioms that insure that the sorts are separate- e.g., ∀x ¬(German(x)∧F rench(x))-as well as axioms that guarantee that "drinks wine" only holds of objects satisfying the predicate F rench(x), etc. With these conventions and axioms, it is not difficult to show that many-sorted sentences translate to firstorder sentences, and many-sorted derivations translate to firstorder derivations. Also, many-sorted structures "translate" to corresponding first-order structures and vice-versa, so we also have a completeness theorem for many-sorted logic. 225 11.3. SECOND-ORDER LOGIC 11.3 Second-Order logic The language of second-order logic allows one to quantify not just over a domain of individuals, but over relations on that domain as well. Given a first-order language L, for each k one adds variables R which range over k -ary relations, and allows quantification over those variables. If R is a variable for a k -ary relation, and t1, . . . , tk are ordinary (first-order) terms, R(t1, . . . , tk ) is an atomic formula. Otherwise, the set of formulas is defined just as in the case of first-order logic, with additional clauses for second-order quantification. Note that we only have the identity predicate for first-order terms: if R and S are relation variables of the same arity k , we can define R = S to be an abbreviation for ∀x1 . . . ∀xk (R(x1, . . . ,xk ) ↔ S (x1, . . . ,xk )). The rules for second-order logic simply extend the quantifier rules to the new second order variables. Here, however, one has to be a little bit careful to explain how these variables interact with the predicate symbols of L, and with formulas of L more generally. At the bare minimum, relation variables count as terms, so one has inferences of the form A(R) ⊢ ∃R A(R) But if L is the language of arithmetic with a constant relation symbol <, one would also expect the following inference to be valid: x < y ⊢ ∃R R(x, y) or for a given formula A, A(x1, . . . ,xk ) ⊢ ∃R R(x1, . . . ,xk ) More generally, we might want to allow inferences of the form A[λx⃗ .B(x⃗)/R] ⊢ ∃R A where A[λx⃗ .B(x⃗)/R] denotes the result of replacing every atomic formula of the form Rt1, . . . , tk in A by B(t1, . . . , tk ). This last rule 226 CHAPTER 11. BEYOND FIRST-ORDER LOGIC is equivalent to having a comprehension schema, i.e., an axiom of the form ∃R ∀x1, . . . ,xk (A(x1, . . . ,xk ) ↔R(x1, . . . ,xk )), one for each formula A in the second-order language, in which R is not a free variable. (Exercise: show that if R is allowed to occur in A, this schema is inconsistent!) When logicians refer to the "axioms of second-order logic" they usually mean the minimal extension of first-order logic by second-order quantifier rules together with the comprehension schema. But it is often interesting to study weaker subsystems of these axioms and rules. For example, note that in its full generality the axiom schema of comprehension is impredicative: it allows one to assert the existence of a relation R(x1, . . . ,xk ) that is "defined" by a formula with second-order quantifiers; and these quantifiers range over the set of all such relations-a set which includesR itself! Around the turn of the twentieth century, a common reaction to Russell's paradox was to lay the blame on such definitions, and to avoid them in developing the foundations of mathematics. If one prohibits the use of second-order quantifiers in the formula A, one has a predicative form of comprehension, which is somewhat weaker. From the semantic point of view, one can think of a secondorder structure as consisting of a first-order structure for the language, coupled with a set of relations on the domain over which the second-order quantifiers range (more precisely, for each k there is a set of relations of arity k). Of course, if comprehension is included in the proof system, then we have the added requirement that there are enough relations in the "second-order part" to satisfy the comprehension axioms-otherwise the proof system is not sound! One easy way to insure that there are enough relations around is to take the second-order part to consist of all the relations on the first-order part. Such a structure is called full, and, in a sense, is really the "intended structure" for the language. If we restrict our attention to full structures we have what 227 11.3. SECOND-ORDER LOGIC is known as the full second-order semantics. In that case, specifying a structure boils down to specifying the first-order part, since the contents of the second-order part follow from that implicitly. To summarize, there is some ambiguity when talking about second-order logic. In terms of the proof system, one might have in mind either 1. A "minimal" second-order proof system, together with some comprehension axioms. 2. The "standard" second-order proof system, with full comprehension. In terms of the semantics, one might be interested in either 1. The "weak" semantics, where a structure consists of a firstorder part, together with a second-order part big enough to satisfy the comprehension axioms. 2. The "standard" second-order semantics, in which one considers full structures only. When logicians do not specify the proof system or the semantics they have in mind, they are usually refering to the second item on each list. The advantage to using this semantics is that, as we will see, it gives us categorical descriptions of many natural mathematical structures; at the same time, the proof system is quite strong, and sound for this semantics. The drawback is that the proof system is not complete for the semantics; in fact, no effectively given proof system is complete for the full second-order semantics. On the other hand, we will see that the proof system is complete for the weakened semantics; this implies that if a sentence is not provable, then there is some structure, not necessarily the full one, in which it is false. The language of second-order logic is quite rich. One can identify unary relations with subsets of the domain, and so in 228 CHAPTER 11. BEYOND FIRST-ORDER LOGIC particular you can quantify over these sets; for example, one can express induction for the natural numbers with a single axiom ∀R ((R(0) ∧ ∀x (R(x) →R(x ′))) → ∀x R(x)). If one takes the language of arithmetic to have symbols 0, ′,+,× and <, one can add the following axioms to describe their behavior: 1. ∀x ¬x ′ = 0 2. ∀x ∀y (s (x) = s (y) → x = y) 3. ∀x (x + 0) = x 4. ∀x ∀y (x + y ′) = (x + y)′ 5. ∀x (x × 0) = 0 6. ∀x ∀y (x × y ′) = ((x × y) + x) 7. ∀x ∀y (x < y ↔∃z y = (x + z ′)) It is not difficult to show that these axioms, together with the axiom of induction above, provide a categorical description of the structure N, the standard model of arithmetic, provided we are using the full second-order semantics. Given any structure M in which these axioms are true, define a function f from N to the domain of M using ordinary recursion on N, so that f (0) = 0M and f (x + 1) = ′M(f (x)). Using ordinary induction on N and the fact that axioms (1) and (2) hold in M, we see that f is injective. To see that f is surjective, let P be the set of elements of |M | that are in the range of f . Since M is full, P is in the secondorder domain. By the construction of f , we know that 0M is in P , and that P is closed under ′M. The fact that the induction axiom holds in M (in particular, for P ) guarantees that P is equal to the entire first-order domain of M. This shows that f is a bijection. Showing that f is a homomorphism is no more difficult, using ordinary induction on N repeatedly. 229 11.3. SECOND-ORDER LOGIC In set-theoretic terms, a function is just a special kind of relation; for example, a unary function f can be identified with a binary relation R satisfying ∀x ∃!y R(x, y). As a result, one can quantify over functions too. Using the full semantics, one can then define the class of infinite structures to be the class of structures M for which there is an injective function from the domain of M to a proper subset of itself: ∃f (∀x ∀y (f (x) = f (y) → x = y) ∧ ∃y ∀x f (x) ≠ y). The negation of this sentence then defines the class of finite structures. In addition, one can define the class of well-orderings, by adding the following to the definition of a linear ordering: ∀P (∃x P (x) → ∃x (P (x) ∧ ∀y (y < x →¬P (y)))). This asserts that every non-empty set has a least element, modulo the identification of "set" with "one-place relation". For another example, one can express the notion of connectedness for graphs, by saying that there is no nontrivial separation of the vertices into disconnected parts: ¬∃A (∃x A(x) ∧ ∃y ¬A(y) ∧ ∀w ∀z ((A(w) ∧ ¬A(z )) → ¬R(w, z ))). For yet another example, you might try as an exercise to define the class of finite structures whose domain has even size. More strikingly, one can provide a categorical description of the real numbers as a complete ordered field containing the rationals. In short, second-order logic is much more expressive than first-order logic. That's the good news; now for the bad. We have already mentioned that there is no effective proof system that is complete for the full second-order semantics. For better or for worse, many of the properties of first-order logic are absent, including compactness and the Löwenheim-Skolem theorems. On the other hand, if one is willing to give up the full secondorder semantics in terms of the weaker one, then the minimal 230 CHAPTER 11. BEYOND FIRST-ORDER LOGIC second-order proof system is complete for this semantics. In other words, if we read ⊢ as "proves in the minimal system" and ⊨ as "logically implies in the weaker semantics", we can show that whenever Γ ⊨ A then Γ ⊢ A. If one wants to include specific comprehension axioms in the proof system, one has to restrict the semantics to second-order structures that satisfy these axioms: for example, if ∆ consists of a set of comprehension axioms (possibly all of them), we have that if Γ ∪ ∆ ⊨ A, then Γ ∪ ∆ ⊢ A. In particular, if A is not provable using the comprehension axioms we are considering, then there is a model of ¬A in which these comprehension axioms nonetheless hold. The easiest way to see that the completeness theorem holds for the weaker semantics is to think of second-order logic as a many-sorted logic, as follows. One sort is interpreted as the ordinary "first-order" domain, and then for each k we have a domain of "relations of arity k ." We take the language to have built-in relation symbols "truek (R,x1, . . . ,xk )" which is meant to assert that R holds of x1, . . . , xk , where R is a variable of the sort "k -ary relation" and x1, . . . , xk are objects of the first-order sort. With this identification, the weak second-order semantics is essentially the usual semantics for many-sorted logic; and we have already observed that many-sorted logic can be embedded in firstorder logic. Modulo the translations back and forth, then, the weaker conception of second-order logic is really a form of firstorder logic in disguise, where the domain contains both "objects" and "relations" governed by the appropriate axioms. 11.4 Higher-Order logic Passing from first-order logic to second-order logic enabled us to talk about sets of objects in the first-order domain, within the formal language. Why stop there? For example, third-order logic should enable us to deal with sets of sets of objects, or perhaps even sets which contain both objects and sets of objects. And fourth-order logic will let us talk about sets of objects of that kind. 231 11.4. HIGHER-ORDER LOGIC As you may have guessed, one can iterate this idea arbitrarily. In practice, higher-order logic is often formulated in terms of functions instead of relations. (Modulo the natural identifications, this difference is inessential.) Given some basic "sorts" A, B , C , . . . (which we will now call "types"), we can create new ones by stipulating If σ and τ are finite types then so is σ → τ. Think of types as syntactic "labels," which classify the objects we want in our domain; σ → τ describes those objects that are functions which take objects of type σ to objects of type τ. For example, we might want to have a type Ω of truth values, "true" and "false," and a type N of natural numbers. In that case, you can think of objects of type N → Ω as unary relations, or subsets of N; objects of type N → N are functions from natural numers to natural numbers; and objects of type (N → N) → N are "functionals," that is, higher-type functions that take functions to numbers. As in the case of second-order logic, one can think of higherorder logic as a kind of many-sorted logic, where there is a sort for each type of object we want to consider. But it is usually clearer just to define the syntax of higher-type logic from the ground up. For example, we can define a set of finite types inductively, as follows: 1. N is a finite type. 2. If σ and τ are finite types, then so is σ → τ. 3. If σ and τ are finite types, so is σ × τ. Intuitively, N denotes the type of the natural numbers, σ → τ denotes the type of functions from σ to τ, and σ × τ denotes the type of pairs of objects, one from σ and one from τ. We can then define a set of terms inductively, as follows: 1. For each type σ, there is a stock of variables x , y , z , . . . of type σ 232 CHAPTER 11. BEYOND FIRST-ORDER LOGIC 2. 0 is a term of type N 3. S (successor) is a term of type N→ N 4. If s is a term of type σ, and t is a term of type N→ (σ → σ), then Rs t is a term of type N→ σ 5. If s is a term of type τ → σ and t is a term of type τ, then s (t ) is a term of type σ 6. If s is a term of type σ and x is a variable of type τ, then λx . s is a term of type τ → σ. 7. If s is a term of type σ and t is a term of type τ, then ⟨s , t⟩ is a term of type σ × τ. 8. If s is a term of type σ × τ then p1(s ) is a term of type σ and p2(s ) is a term of type τ. Intuitively, Rs t denotes the function defined recursively by Rs t (0) = s Rs t (x + 1) = t (x,Rs t (x)), ⟨s , t⟩ denotes the pair whose first component is s and whose second component is t , and p1(s ) and p2(s ) denote the first and second elements ("projections") of s . Finally, λx . s denotes the function f defined by f (x) = s for any x of type σ; so item (6) gives us a form of comprehension, enabling us to define functions using terms. Formulas are built up from identity predicate statements s = t between terms of the same type, the usual propositional connectives, and higher-type quantification. One can then take the axioms of the system to be the basic equations governing the terms defined above, together with the usual rules of logic with quantifiers and identity predicate. 233 11.5. INTUITIONISTIC LOGIC If one augments the finite type system with a type Ω of truth values, one has to include axioms which govern its use as well. In fact, if one is clever, one can get rid of complex formulas entirely, replacing them with terms of type Ω! The proof system can then be modified accordingly. The result is essentially the simple theory of types set forth by Alonzo Church in the 1930s. As in the case of second-order logic, there are different versions of higher-type semantics that one might want to use. In the full version, variables of type σ → τ range over the set of all functions from the objects of type σ to objects of type τ. As you might expect, this semantics is too strong to admit a complete, effective proof system. But one can consider a weaker semantics, in which a structure consists of sets of elements Tτ for each type τ, together with appropriate operations for application, projection, etc. If the details are carried out correctly, one can obtain completeness theorems for the kinds of proof systems described above. Higher-type logic is attractive because it provides a framework in which we can embed a good deal of mathematics in a natural way: starting with N, one can define real numbers, continuous functions, and so on. It is also particularly attractive in the context of intuitionistic logic, since the types have clear "constructive" intepretations. In fact, one can develop constructive versions of higher-type semantics (based on intuitionistic, rather than classical logic) that clarify these constructive interpretations quite nicely, and are, in many ways, more interesting than the classical counterparts. 11.5 Intuitionistic Logic In constrast to second-order and higher-order logic, intuitionistic first-order logic represents a restriction of the classical version, intended to model a more "constructive" kind of reasoning. The following examples may serve to illustrate some of the underlying motivations. 234 CHAPTER 11. BEYOND FIRST-ORDER LOGIC Suppose someone came up to you one day and announced that they had determined a natural number x , with the property that if x is prime, the Riemann hypothesis is true, and if x is composite, the Riemann hypothesis is false. Great news! Whether the Riemann hypothesis is true or not is one of the big open questions of mathematics, and here they seem to have reduced the problem to one of calculation, that is, to the determination of whether a specific number is prime or not. What is the magic value of x? They describe it as follows: x is the natural number that is equal to 7 if the Riemann hypothesis is true, and 9 otherwise. Angrily, you demand your money back. From a classical point of view, the description above does in fact determine a unique value of x ; but what you really want is a value of x that is given explicitly. To take another, perhaps less contrived example, consider the following question. We know that it is possible to raise an irrational number to a rational power, and get a rational result. For example, √ 2 2 = 2. What is less clear is whether or not it is possible to raise an irrational number to an irrational power, and get a rational result. The following theorem answers this in the affirmative: Theorem 11.1. There are irrational numbers a and b such that ab is rational. Proof. Consider √ 2 √ 2 . If this is rational, we are done: we can let a = b = √ 2. Otherwise, it is irrational. Then we have ( √ 2 √ 2 ) √ 2 = √ 2 √ 2* √ 2 = √ 2 2 = 2, which is certainly rational. So, in this case, let a be √ 2 √ 2 , and let b be √ 2. □ Does this constitute a valid proof? Most mathematicians feel that it does. But again, there is something a little bit unsatisfying 235 11.5. INTUITIONISTIC LOGIC here: we have proved the existence of a pair of real numbers with a certain property, without being able to say which pair of numbers it is. It is possible to prove the same result, but in such a way that the pair a, b is given in the proof: take a = √ 3 and b = log3 4. Then ab = √ 3 log3 4 = 31/2*log3 4 = (3log3 4)1/2 = 41/2 = 2, since 3log3 x = x . Intuitionistic logic is designed to model a kind of reasoning where moves like the one in the first proof are disallowed. Proving the existence of an x satisfying A(x)means that you have to give a specific x , and a proof that it satisfies A, like in the second proof. Proving that A or B holds requires that you can prove one or the other. Formally speaking, intuitionistic first-order logic is what you get if you omit restrict a proof system for first-order logic in a certain way. Similarly, there are intuitionistic versions of secondorder or higher-order logic. From the mathematical point of view, these are just formal deductive systems, but, as already noted, they are intended to model a kind of mathematical reasoning. One can take this to be the kind of reasoning that is justified on a certain philosophical view of mathematics (such as Brouwer's intuitionism); one can take it to be a kind of mathematical reasoning which is more "concrete" and satisfying (along the lines of Bishop's constructivism); and one can argue about whether or not the formal description captures the informal motivation. But whatever philosophical positions we may hold, we can study intuitionistic logic as a formally presented logic; and for whatever reasons, many mathematical logicians find it interesting to do so. There is an informal constructive interpretation of the intuitionist connectives, usually known as the BHK interpretation (named after Brouwer, Heyting, and Kolmogorov). It runs as follows: a proof of A ∧ B consists of a proof of A paired with a proof of B ; a proof of A ∨ B consists of either a proof of A, or a proof of B , where we have explicit information as to which is the 236 CHAPTER 11. BEYOND FIRST-ORDER LOGIC case; a proof of A→B consists of a procedure, which transforms a proof of A to a proof of B ; a proof of ∀x A(x) consists of a procedure which returns a proof of A(x) for any value of x ; and a proof of ∃x A(x) consists of a value of x , together with a proof that this value satisfies A. One can describe the interpretation in computational terms known as the "Curry-Howard isomorphism" or the "formulas-as-types paradigm": think of a formula as specifying a certain kind of data type, and proofs as computational objects of these data types that enable us to see that the corresponding formula is true. Intuitionistic logic is often thought of as being classical logic "minus" the law of the excluded middle. This following theorem makes this more precise. Theorem 11.2. Intuitionistically, the following axiom schemata are equivalent: 1. (A→⊥)→ ¬A. 2. A ∨ ¬A 3. ¬¬A→ A Obtaining instances of one schema from either of the others is a good exercise in intuitionistic logic. The first deductive systems for intuitionistic propositional logic, put forth as formalizations of Brouwer's intuitionism, are due, independently, to Kolmogorov, Glivenko, and Heyting. The first formalization of intuitionistic first-order logic (and parts of intuitionist mathematics) is due to Heyting. Though a number of classically valid schemata are not intuitionistically valid, many are. The double-negation translation describes an important relationship between classical and intuitionist logic. It is defined inductively follows (think of AN as the "intuitionist" translation of 237 11.5. INTUITIONISTIC LOGIC the classical formula A): AN ≡ ¬¬A for atomic formulas A (A ∧ B)N ≡ (AN ∧ BN ) (A ∨ B)N ≡ ¬¬(AN ∨ BN ) (A→ B)N ≡ (AN → BN ) (∀x A)N ≡ ∀x AN (∃x A)N ≡ ¬¬∃x AN Kolmogorov and Glivenko had versions of this translation for propositional logic; for predicate logic, it is due to Gödel and Gentzen, independently. We have Theorem 11.3. 1. A↔ AN is provable classically 2. IfA is provable classically, thenAN is provable intuitionistically. We can now envision the following dialogue. Classical mathematician: "I've proved A!" Intuitionist mathematician: "Your proof isn't valid. What you've really proved is AN ." Classical mathematician: "Fine by me!" As far as the classical mathematician is concerned, the intuitionist is just splitting hairs, since the two are equivalent. But the intuitionist insists there is a difference. Note that the above translation concerns pure logic only; it does not address the question as to what the appropriate nonlogical axioms are for classical and intuitionistic mathematics, or what the relationship is between them. But the following slight extension of the theorem above provides some useful information: 238 CHAPTER 11. BEYOND FIRST-ORDER LOGIC Theorem 11.4. If Γ proves A classically, ΓN proves AN intuitionistically. In other words, if A is provable from some hypotheses classically, thenAN is provable from their double-negation translations. To show that a sentence or propositional formula is intuitionistically valid, all you have to do is provide a proof. But how can you show that it is not valid? For that purpose, we need a semantics that is sound, and preferrably complete. A semantics due to Kripke nicely fits the bill. We can play the same game we did for classical logic: define the semantics, and prove soundness and completeness. It is worthwhile, however, to note the following distinction. In the case of classical logic, the semantics was the "obvious" one, in a sense implicit in the meaning of the connectives. Though one can provide some intuitive motivation for Kripke semantics, the latter does not offer the same feeling of inevitability. In addition, the notion of a classical structure is a natural mathematical one, so we can either take the notion of a structure to be a tool for studying classical first-order logic, or take classical first-order logic to be a tool for studying mathematical structures. In contrast, Kripke structures can only be viewed as a logical construct; they don't seem to have independent mathematical interest. A Kripke structure M = ⟨W,R,V ⟩ for a propositional language consists of a setW , partial order R onW with a least element, and an "monotone" assignment of propositional variables to the elements ofW . The intuition is that the elements ofW represent "worlds," or "states of knowledge"; an element v ≥ u represents a "possible future state" of u; and the propositional variables assigned to u are the propositions that are known to be true in state u . The forcing relation M,w ⊩ A then extends this relationship to arbitrary formulas in the language; readM,w ⊩ A as "A is true in state w ." The relationship is defined inductively, as follows: 1. M,w ⊩ pi iff pi is one of the propositional variables as239 11.6. MODAL LOGICS signed to w . 2. M,w ⊮ ⊥. 3. M,w ⊩ (A ∧ B) iff M,w ⊩ A and M,w ⊩ B . 4. M,w ⊩ (A ∨ B) iff M,w ⊩ A or M,w ⊩ B . 5. M,w ⊩ (A→ B) iff, whenever w ′ ≥ w and M,w ′ ⊩ A, then M,w ′ ⊩ B . It is a good exercise to try to show that ¬(p ∧ q ) → (¬p ∨ ¬q ) is not intuitionistically valid, by cooking up a Kripke structure that provides a counterexample. 11.6 Modal Logics Consider the following example of a conditional sentence: If Jeremy is alone in that room, then he is drunk and naked and dancing on the chairs. This is an example of a conditional assertion that may be materially true but nonetheless misleading, since it seems to suggest that there is a stronger link between the antecedent and conclusion other than simply that either the antecedent is false or the consequent true. That is, the wording suggests that the claim is not only true in this particular world (where it may be trivially true, because Jeremy is not alone in the room), but that, moreover, the conclusion would have been true had the antecedent been true. In other words, one can take the assertion to mean that the claim is true not just in this world, but in any "possible" world; or that it is necessarily true, as opposed to just true in this particular world. Modal logic was designed to make sense of this kind of necessity. One obtains modal propositional logic from ordinary propositional logic by adding a box operator; which is to say, if 240 CHAPTER 11. BEYOND FIRST-ORDER LOGIC A is a formula, so is □A. Intuitively, □A asserts that A is necessarily true, or true in any possible world. ♢A is usually taken to be an abbreviation for ¬□¬A, and can be read as asserting that A is possibly true. Of course, modality can be added to predicate logic as well. Kripke structures can be used to provide a semantics for modal logic; in fact, Kripke first designed this semantics with modal logic in mind. Rather than restricting to partial orders, more generally one has a set of "possible worlds," P , and a binary "accessibility" relation R(x, y) between worlds. Intuitively, R(p,q ) asserts that the world q is compatible with p; i.e., if we are "in" world p, we have to entertain the possibility that the world could have been like q . Modal logic is sometimes called an "intensional" logic, as opposed to an "extensional" one. The intended semantics for an extensional logic, like classical logic, will only refer to a single world, the "actual" one; while the semantics for an "intensional" logic relies on a more elaborate ontology. In addition to structureing necessity, one can use modality to structure other linguistic constructions, reinterpreting □ and ♢ according to the application. For example: 1. In provability logic, □A is read "A is provable" and ♢A is read "A is consistent." 2. In epistemic logic, one might read □A as "I know A" or "I believe A." 3. In temporal logic, one can read □A as "A is always true" and ♢A as "A is sometimes true." One would like to augment logic with rules and axioms dealing with modality. For example, the system S4 consists of the ordinary axioms and rules of propositional logic, together with 241 11.7. OTHER LOGICS the following axioms: □(A→ B) → (□A→□B) □A→ A □A→□□A as well as a rule, "from A conclude □A." S5 adds the following axiom: ♢A→□♢A Variations of these axioms may be suitable for different applications; for example, S5 is usually taken to characterize the notion of logical necessity. And the nice thing is that one can usually find a semantics for which the proof system is sound and complete by restricting the accessibility relation in the Kripke structures in natural ways. For example, S4 corresponds to the class of Kripke structures in which the accessibility relation is reflexive and transitive. S5 corresponds to the class of Kripke structures in which the accessibility relation is universal, which is to say that every world is accessible from every other; so □A holds if and only if A holds in every world. 11.7 Other Logics As you may have gathered by now, it is not hard to design a new logic. You too can create your own a syntax, make up a deductive system, and fashion a semantics to go with it. You might have to be a bit clever if you want the proof system to be complete for the semantics, and it might take some effort to convince the world at large that your logic is truly interesting. But, in return, you can enjoy hours of good, clean fun, exploring your logic's mathematical and computational properties. Recent decades have witnessed a veritable explosion of formal logics. Fuzzy logic is designed to model reasoning about 242 CHAPTER 11. BEYOND FIRST-ORDER LOGIC vague properties. Probabilistic logic is designed to model reasoning about uncertainty. Default logics and nonmonotonic logics are designed to model defeasible forms of reasoning, which is to say, "reasonable" inferences that can later be overturned in the face of new information. There are epistemic logics, designed to model reasoning about knowledge; causal logics, designed to model reasoning about causal relationships; and even "deontic" logics, which are designed to model reasoning about moral and ethical obligations. Depending on whether the primary motivation for introducing these systems is philosophical, mathematical, or computational, you may find such creatures studies under the rubric of mathematical logic, philosophical logic, artificial intelligence, cognitive science, or elsewhere. The list goes on and on, and the possibilities seem endless. We may never attain Leibniz' dream of reducing all of human reason to calculation-but that can't stop us from trying.

PART III Turing Machines 245 CHAPTER 12 Turing Machine Computations 12.1 Introduction What does it mean for a function, say, from N to N to be computable? Among the first answers, and the most well known one, is that a function is computable if it can be computed by a Turing machine. This notion was set out by Alan Turing in 1936. Turing machines are an example of a model of computation-they are a mathematically precise way of defining the idea of a "computational procedure." What exactly that means is debated, but it is widely agreed that Turing machines are one way of specifying computational procedures. Even though the term "Turing machine" evokes the image of a physical machine with moving parts, strictly speaking a Turing machine is a purely mathematical construct, and as such it idealizes the idea of a computational procedure. For instance, we place no restriction on either the time or memory requirements of a Turing machine: Turing machines can compute something even if the computation would 246 247 12.1. INTRODUCTION Figure 12.1: A Turing machine executing its program. require more storage space or more steps than there are atoms in the universe. It is perhaps best to think of a Turing machine as a program for a special kind of imaginary mechanism. This mechanism consists of a tape and a read-write head. In our version of Turing machines, the tape is infinite in one direction (to the right), and it is divided into squares, each of which may contain a symbol from a finite alphabet. Such alphabets can contain any number of different symbols, say, but we will mainly make do with three: ▷, ⊔, and I . When the mechanism is started, the tape is empty (i.e., each square contains the symbol ⊔) except for the leftmost square, which contains ▷, and a finite number of squares which contain the input. At any time, the mechanism is in one of a finite number of states. At the outset, the head scans the leftmost square and in a specified initial state. At each step of the mechanism's run, the content of the square currently scanned together with the state the mechanism is in and the Turing machine program determine what happens next. The Turing machine program is given by a partial function which takes as input a state q and a symbol σ and outputs a triple ⟨q ′, σ′,D⟩. Whenever the mechanism is in state q and reads symbol σ, it replaces the symbol on the current square with σ′, the head moves left, right, or stays put according to whether D is L, R, or N , and the mechanism goes into state q ′. For instance, consider the situation in section 12.1. The visible part of the tape of the Turing machine contains the end-of248 CHAPTER 12. TURING MACHINE COMPUTATIONS tape symbol ▷ on the leftmost square, followed by three 1's, a 0, and four more 1's. The head is reading the third square from the left, which contains a 1, and is in state q1-we say "the machine is reading a 1 in state q1." If the program of the Turing machine returns, for input ⟨q1,1⟩, the triple ⟨q2,0,N ⟩, the machine would now replace the 1 on the third square with a 0, leave the read/write head where it is, and switch to state q2. If then the program returns ⟨q3,0,R⟩ for input ⟨q2,0⟩, the machine would now overwrite the 0 with another 0 (effectively, leaving the content of the tape under the read/write head unchanged), move one square to the right, and enter state q3. And so on. We say that the machine halts when it encounters some state, qn , and symbol, σ such that there is no instruction for ⟨qn, σ⟩, i.e., the transition function for input ⟨qn, σ⟩ is undefined. In other words, the machine has no instruction to carry out, and at that point, it ceases operation. Halting is sometimes represented by a specific halt state h. This will be demonstrated in more detail later on. The beauty of Turing's paper, "On computable numbers," is that he presents not only a formal definition, but also an argument that the definition captures the intuitive notion of computability. From the definition, it should be clear that any function computable by a Turing machine is computable in the intuitive sense. Turing offers three types of argument that the converse is true, i.e., that any function that we would naturally regard as computable is computable by such a machine. They are (in Turing's words): 1. A direct appeal to intuition. 2. A proof of the equivalence of two definitions (in case the new definition has a greater intuitive appeal). 3. Giving examples of large classes of numbers which are computable. Our goal is to try to define the notion of computability "in principle," i.e., without taking into account practical limitations of 249 12.2. REPRESENTING TURING MACHINES time and space. Of course, with the broadest definition of computability in place, one can then go on to consider computation with bounded resources; this forms the heart of the subject known as "computational complexity." Historical Remarks Alan Turing invented Turing machines in 1936. While his interest at the time was the decidability of firstorder logic, the paper has been described as a definitive paper on the foundations of computer design. In the paper, Turing focuses on computable real numbers, i.e., real numbers whose decimal expansions are computable; but he notes that it is not hard to adapt his notions to computable functions on the natural numbers, and so on. Notice that this was a full five years before the first working general purpose computer was built in 1941 (by the German Konrad Zuse in his parent's living room), seven years before Turing and his colleagues at Bletchley Park built the code-breaking Colossus (1943), nine years before the American ENIAC (1945), twelve years before the first British general purpose computer-the Manchester Small-Scale Experimental Machine-was built in Manchester (1948), and thirteen years before the Americans first tested the BINAC (1949). The Manchester SSEM has the distinction of being the first stored-program computer-previous machines had to be rewired by hand for each new task. 12.2 Representing Turing Machines Turing machines can be represented visually by state diagrams. The diagrams are composed of state cells connected by arrows. Unsurprisingly, each state cell represents a state of the machine. Each arrow represents an instruction that can be carried out from that state, with the specifics of the instruction written above or below the appropriate arrow. Consider the following machine, 250 CHAPTER 12. TURING MACHINE COMPUTATIONS which has only two internal states, q0 and q1, and one instruction: q0start q1 ⊔, I ,R Recall that the Turing machine has a read/write head and a tape with the input written on it. The instruction can be read as if reading a blank in state q0, write a stroke, move right, and move to state q1. This is equivalent to the transition function mapping ⟨q0,⊔⟩ to ⟨q1, I ,R⟩. Example 12.1. Even Machine: The following Turing machine halts if, and only if, there are an even number of strokes on the tape. q0start q1 I , I ,R ⊔,⊔,R I , I ,R The state diagram corresponds to the following transition function: δ(q0, I ) = ⟨q1, I ,R⟩, δ(q1, I ) = ⟨q0, I ,R⟩, δ(q1,⊔) = ⟨q1,⊔,R⟩ The above machine halts only when the input is an even number of strokes. Otherwise, the machine (theoretically) continues to operate indefinitely. For any machine and input, it is possible to trace through the configurations of the machine in order to determine the output. We will give a formal definition of configurations later. For now, we can intuitively think of configurations as a series of diagrams showing the state of the machine at any point in time during operation. Configurations show the content of the tape, the state of the machine and the location of the read/write head. 251 12.2. REPRESENTING TURING MACHINES Let us trace through the configurations of the even machine if it is started with an input of 4 I s. In this case, we expect that the machine will halt. We will then run the machine on an input of 3 I s, where the machine will run forever. The machine starts in state q0, scanning the leftmost I . We can represent the initial state of the machine as follows: ▷I0I I I ⊔ . . . The above configuration is straightforward. As can be seen, the machine starts in state one, scanning the leftmost I . This is represented by a subscript of the state name on the first I . The applicable instruction at this point is δ(q0, I ) = ⟨q1, I ,R⟩, and so the machine moves right on the tape and changes to state q1. ▷I I1I I ⊔ . . . Since the machine is now in state q1 scanning a stroke, we have to "follow" the instruction δ(q1, I ) = ⟨q0, I ,R⟩. This results in the configuration ▷I I I0I ⊔ . . . As the machine continues, the rules are applied again in the same order, resulting in the following two configurations: ▷I I I I1 ⊔ . . . ▷I I I I ⊔0 . . . The machine is now in state q0 scanning a blank. Based on the transition diagram, we can easily see that there is no instruction to be carried out, and thus the machine has halted. This means that the input has been accepted. Suppose next we start the machine with an input of three strokes. The first few configurations are similar, as the same instructions are carried out, with only a small difference of the tape input: ▷I0I I ⊔ . . . 252 CHAPTER 12. TURING MACHINE COMPUTATIONS ▷I I1I ⊔ . . . ▷I I I0 ⊔ . . . ▷I I I ⊔1 . . . The machine has now traversed past all the strokes, and is reading a blank in state q1. As shown in the diagram, there is an instruction of the form δ(q1,⊔) = ⟨q1,⊔,R⟩. Since the tape is infinitely blank to the right, the machine will continue to execute this instruction forever, staying in state q1 and moving ever further to the right. The machine will never halt, and does not accept the input. It is important to note that not all machines will halt. If halting means that the machine runs out of instructions to execute, then we can create a machine that never halts simply by ensuring that there is an outgoing arrow for each symbol at each state. The even machine can be modified to run infinitely by adding an instruction for scanning a blank at q0. Example 12.2. q0start q1 I , I ,R ⊔,⊔,R ⊔,⊔,R I , I ,R Machine tables are another way of representing Turing machines. Machine tables have the tape alphabet displayed on the x -axis, and the set of machine states across the y -axis. Inside the table, at the intersection of each state and symbol, is written the rest of the instruction-the new state, new symbol, and direction of movement. Machine tables make it easy to determine in what state, and for what symbol, the machine halts. Whenever there is a gap in the table is a possible point for the machine to halt. Unlike state diagrams and instruction sets, where the points 253 12.2. REPRESENTING TURING MACHINES at which the machine halts are not always immediately obvious, any halting points are quickly identified by finding the gaps in the machine table. Example 12.3. The machine table for the even machine is: ⊔ I q0 I ,q1,R q1 ⊔,q1,⊔ I ,q0,R As we can see, the machine halts when scanning a blank in state q0. So far we have only considered machines that read and accept input. However, Turing machines have the capacity to both read and write. An example of such a machine (although there are many, many examples) is a doubler. A doubler, when started with a block of n strokes on the tape, outputs a block of 2n strokes. Example 12.4. Before building a doubler machine, it is important to come up with a strategy for solving the problem. Since the machine (as we have formulated it) cannot remember how many strokes it has read, we need to come up with a way to keep track of all the strokes on the tape. One such way is to separate the output from the input with a blank. The machine can then erase the first stroke from the input, traverse over the rest of the input, leave a blank, and write two new strokes. The machine will then go back and find the second stroke in the input, and double that one as well. For each one stroke of input, it will write two strokes of output. By erasing the input as the machine goes, we can guarantee that no stroke is missed or doubled twice. When the entire input is erased, there will be 2n strokes left on the tape. The state diagram of the resulting Turing machine is depicted in Figure 12.2. 254 CHAPTER 12. TURING MACHINE COMPUTATIONS q0start q1 q2 q3q4q5 I ,⊔,R I , I ,R ⊔,⊔,R I , I ,R ⊔, I ,R ⊔, I ,L I , I ,L I , I ,L ⊔,⊔,L I , I ,L ⊔,⊔,R Figure 12.2: A doubler machine 12.3 Turing Machines The formal definition of what constitutes a Turing machine looks abstract, but is actually simple: it merely packs into one mathematical structure all the information needed to specify the workings of a Turing machine. This includes (1) which states the machine can be in, (2) which symbols are allowed to be on the tape, (3) which state the machine should start in, and (4) what the instruction set of the machine is. Definition 12.5 (Turing machine). A Turing machine M is a tuple ⟨Q , Σ ,q0, δ⟩ consisting of 1. a finite set of states Q , 2. a finite alphabet Σ which includes ▷ and ⊔, 3. an initial state q0 ∈ Q , 255 12.4. CONFIGURATIONS AND COMPUTATIONS 4. a finite instruction set δ : Q × Σ ↦→ Q × Σ × {L,R,N }. The partial function δ is also called the transition function of M . We assume that the tape is infinite in one direction only. For this reason it is useful to designate a special symbol ▷ as a marker for the left end of the tape. This makes it easier for Turing machine programs to tell when they're "in danger" of running off the tape. Example 12.6. Even Machine: The even machine is formally the quadruple ⟨Q , Σ ,q0, δ⟩ where Q = {q0,q1} Σ = {▷,⊔, I }, δ(q0, I ) = ⟨q1, I ,R⟩, δ(q1, I ) = ⟨q0, I ,R⟩, δ(q1,⊔) = ⟨q1,⊔,R⟩. 12.4 Configurations and Computations Recall tracing through the configurations of the even machine earlier. The imaginary mechanism consisting of tape, read/write head, and Turing machine program is really just in intuitive way of visualizing what a Turing machine computation is. Formally, we can define the computation of a Turing machine on a given input as a sequence of configurations-and a configuration in turn is a sequence of symbols (corresponding to the contents of the tape at a given point in the computation), a number indicating the position of the read/write head, and a state. Using these, we can define what the Turing machine M computes on a given input. 256 CHAPTER 12. TURING MACHINE COMPUTATIONS Definition 12.7 (Configuration). A configuration of Turing machine M = ⟨Q , Σ ,q0, δ⟩ is a triple ⟨C,n,q ⟩ where 1. C ∈ Σ ∗ is a finite sequence of symbols from Σ , 2. n ∈ N is a number < len(C ), and 3. q ∈ Q Intuitively, the sequence C is the content of the tape (symbols of all squares from the leftmost square to the last non-blank or previously visited square), n is the number of the square the read/write head is scanning (beginning with 0 being the number of the leftmost square), and q is the current state of the machine. The potential input for a Turing machine is a sequence of symbols, usually a sequence that encodes a number in some form. The initial configuration of the Turing machine is that configuration in which we start the Turing machine to work on that input: the tape contains the tape end marker immediately followed by the input written on the squares to the right, the read/write head is scanning the leftmost square of the input (i.e., the square to the right of the left end marker), and the mechanism is in the designated start state q0. Definition 12.8 (Initial configuration). The initial configuration of M for input I ∈ Σ ∗ is ⟨▷ ⌒ I ,1,q0⟩. The ⌒ symbol is for concatenation-we want to ensure that there are no blanks between the left end marker and the beginning of the input. 257 12.5. UNARY REPRESENTATION OF NUMBERS Definition 12.9. We say that a configuration ⟨C,n,q ⟩ yields the configuration ⟨C ′,n ′,q ′⟩ in one step (according to M ), iff 1. the n-th symbol of C is σ, 2. the instruction set of M specifies δ(q , σ) = ⟨q ′, σ′,D⟩, 3. the n-th symbol of C ′ is σ′, and 4. a) D = L and n ′ = n − 1 if n > 0, otherwise n ′ = 0, or b) D = R and n ′ = n + 1, or c) D = N and n ′ = n, 5. if n ′ > len(C ), then len(C ′) = len(C ) + 1 and the n ′-th symbol of C ′ is ⊔. 6. for all i such that i < len(C ′) and i ≠ n, C ′(i ) = C (i ), Definition 12.10. A run of M on input I is a sequence Ci of configurations of M , where C0 is the initial configuration of M for input I , and each Ci yields Ci+1 in one step. We say that M halts on input I after k steps if Ck = ⟨C,n,q ⟩, the nth symbol of C is σ, and δ(q , σ) is undefined. In that case, the output of M for input I is O , where O is a string of symbols not beginning or ending in ⊔ such that C = ▷ ⌒ ⊔i ⌒ O ⌒ ⊔ j for some i, j ∈ N. According to this definition, the outputO ofM always begins and ends in a symbol other than ⊔, or, if at time k the entire tape is filled with ⊔ (except for the leftmost ▷), O is the empty string. 12.5 Unary Representation of Numbers Turing machines work on sequences of symbols written on their tape. Depending on the alphabet a Turing machine uses, these 258 CHAPTER 12. TURING MACHINE COMPUTATIONS sequences of symbols can represent various inputs and outputs. Of particular interest, of course, are Turing machines which compute arithmetical functions, i.e., functions of natural numbers. A simple way to represent positive integers is by coding them as sequences of a single symbol I . If n ∈ N, let I n be the empty sequence if n = 0, and otherwise the sequence consisting of exactly n I 's. Definition 12.11 (Computation). A Turing machine M computes the function f : Nn → N iff M halts on input I k1 ⊔ I k2 ⊔ . . . ⊔ I kn with output I f (k1,...,kn ). Example 12.12. Addition: Build a machine that, when given an input of two non-empty strings of I 's of length n and m, computes the function f (n,m) = n +m. We want to come up with a machine that starts with two blocks of strokes on the tape and halts with one block of strokes. We first need a method to carry out. The input strokes are separated by a blank, so one method would be to write a stroke on the square containing the blank, and erase the first (or last) stroke. This would result in a block of n +m I 's. Alternatively, we could proceed in a similar way to the doubler machine, by erasing a stroke from the first block, and adding one to the second block of strokes until the first block has been removed completely. We will proceed with the former example. q0start q1 q2 ⊔, I ,R I , I ,R I , I ,R ⊔,⊔,L I ,⊔,N 259 12.6. HALTING STATES 12.6 Halting States Although we have defined our machines to halt only when there is no instruction to carry out, common representations of Turing machines have a dedicated halting state, h, such that h ∈ Q . The idea behind a halting state is simple: when the machine has finished operation (it is ready to accept input, or has finished writing the output), it goes into a state h where it halts. Some machines have two halting states, one that accepts input and one that rejects input. Example 12.13. Halting States. To elucidate this concept, let us begin with an alteration of the even machine. Instead of having the machine halt in state q0 if the input is even, we can add an instruction to send the machine into a halt state. q0start q1 h I , I ,R ⊔,⊔,N ⊔,⊔,R I , I ,R Let us further expand the example. When the machine determines that the input is odd, it never halts. We can alter the machine to include a reject state by replacing the looping instruc260 CHAPTER 12. TURING MACHINE COMPUTATIONS tion with an instruction to go to a reject state r . q0start q1 h r I , I ,R ⊔,⊔,N ⊔,⊔,N I , I ,R Adding a dedicated halting state can be advantageous in cases like this, where it makes explicit when the machine accepts/rejects certain inputs. However, it is important to note that no computing power is gained by adding a dedicated halting state. Similarly, a less formal notion of halting has its own advantages. The definition of halting used so far in this chapter makes the proof of theHalting Problem intuitive and easy to demonstrate. For this reason, we continue with our original definition. 12.7 Combining Turing Machines The examples of Turing machines we have seen so far have been fairly simple in nature. But in fact, any problem that can be solved with any modern programming language can als o be solved with Turing machines. To build more complex Turing machines, it is important to convince ourselves that we can combine them, so we can build machines to solve more complex problems by breaking the procedure into simpler parts. If we can find a natural way to break a complex problem down into constituent parts, we can tackle the problem in several stages, creating several simple Turing machines and combining then into one machine that can solve the problem. This point is especially important when tackling the Halting Problem in the next section. 261 12.7. COMBINING TURING MACHINES Example 12.14. Combining Machines: Design a machine that computes the function f (m,n) = 2(m + n). In order to build this machine, we can combine two machines we are already familiar with: the addition machine, and the doubler. We begin by drawing a state diagram for the addition machine. q0start q1 q2 ⊔, I ,R I , I ,R I , I ,R ⊔,⊔,L I ,⊔,N Instead of halting at state q2, we want to continue operation in order to double the output. Recall that the doubler machine erases the first stroke in the input and writes two strokes in a separate output. Let's add an instruction to make sure the tape head is reading the first stroke of the output of the addition machine. q0start q1 q2 q3 q4 ⊔, I ,R I , I ,R I , I ,R ⊔,⊔,L I ,⊔,L I , I ,L ▷, ▷,R It is now easy to double the input-all we have to do is connect the doubler machine onto state q4. This requires renaming the states of the doubler machine so that they start at q4 instead of q0-this way we don't end up with two starting states. The final diagram should look as in Figure 12.3. 262 CHAPTER 12. TURING MACHINE COMPUTATIONS q0start q1 q2 q3 q4 q5 q6 q7q8q9 ⊔, I ,R I , I ,R I , I ,R ⊔,⊔,L I ,⊔,L I , I ,L ▷, ▷,R I ,⊔,R I , I ,R ⊔,⊔,R I , I ,R ⊔, I ,R ⊔, I ,L I , I ,L I , I ,L ⊔,⊔,L I , I ,L ⊔,⊔,R Figure 12.3: Combining adder and doubler machines 12.8 Variants of Turing Machines There are in fact many possible ways to define Turing machines, of which ours is only one. In some ways, our definition is more liberal than others. We allow arbitrary finite alphabets, a more restricted definition might allow only two tape symbols, I and ⊔. We allow the machine to write a symbol to the tape and move at the same time, other definitions allow either writing or moving. We allow the possibility of writing without moving the tape head, other definitions leave out the N "instruction." In other ways, 263 12.8. VARIANTS OF TURING MACHINES our definition is more restrictive. We assumed that the tape is infinite in one direction only, other definitions allow the tape to be infinite both to the left and the right. In fact, one can even allow any number of separate tapes, or even an infinite grid of squares. We represent the instruction set of the Turing machine by a transition function; other definitions use a transition relation where the machine has more than one possible instruction in any given situation. This last relaxation of the definition is particularly interesting. In our definition, when the machine is in state q reading symbol σ, δ(q , σ) determines what the new symbol, state, and tape head position is. But if we allow the instruction set to be a relation between current state-symbol pairs ⟨q , σ⟩ and new statesymbol-direction triples ⟨q ′, σ′,D⟩, the action of the Turing machine may not be uniquely determined-the instruction relation may contain both ⟨q , σ,q ′, σ′,D⟩ and ⟨q , σ,q ′′, σ′′,D ′⟩. In this case we have a non-deterministic Turing machine. These play an important role in computational complexity theory. There are also different conventions for when a Turing machine halts: we say it halts when the transition function is undefined, other definitions require the machine to be in a special designated halting state. Since the tapes of our turing machines are infinite in one direction only, there are cases where a Turing machine can't properly carry out an instruction: if it reads the leftmost square and is supposed to move left. According to our definition, it just stays put instead, but we could have defined it so that it halts when that happens. There are also different ways of representing numbers (and hence the input-output function computed by a Turing machine): we use unary representation, but you can also use binary representation. This requires two symbols in addition to ⊔ and ▷. Now here is an interesting fact: none of these variations matters as to which functions are Turing computable. If a function is Turing computable according to one definition, it is Turing computable according to all of them. 264 CHAPTER 12. TURING MACHINE COMPUTATIONS 12.9 The Church-Turing Thesis Turing machines are supposed to be a precise replacement for the concept of an effective procedure. Turing took it that anyone who grasped the concept of an effective procedure and the concept of a Turing machine would have the intuition that anything that could be done via an effective procedure could be done by Turing machine. This claim is given support by the fact that all the other proposed precise replacements for the concept of an effective procedure turn out to be extensionally equivalent to the concept of a Turing machine-that is, they can compute exactly the same set of functions. This claim is called the Church-Turing thesis. Definition 12.15 (Church-Turing thesis). The Church-Turing Thesis states that anything computable via an effective procedure is Turing computable. The Church-Turing thesis is appealed to in two ways. The first kind of use of the Church-Turing thesis is an excuse for laziness. Suppose we have a description of an effective procedure to compute something, say, in "pseudo-code." Then we can invoke the Church-Turing thesis to justify the claim that the same function is computed by some Turing machine, eve if we have not in fact constructed it. The other use of the Church-Turing thesis is more philosophically interesting. It can be shown that there are functions whch cannot be computed by a Turing machines. From this, using the Church-Turing thesis, one can conclude that it cannot be effectively computed, using any procedure whatsoever. For if there were such a procedure, by the Church-Turing thesis, it would follow that there would be a Turing machine. So if we can prove that there is no Turing machine that computes it, there also can't be an effective procedure. In particular, the Church-Turing thesis is invoked to claim that the so-called halting problem not only can265 12.9. THE CHURCH-TURING THESIS not be solved by Turing machines, it cannot be effectively solved at all. Summary A Turing machine is a kind of idealized computation mechanism. It consists of a one-way infinite tape, divided into squares, each of which can contain a symbol from a pre-determined alphabet. The machine operates by moving a read-write head along the tape. It may also be in one of a pre-determined number of states. The actions of the read-write head are determined by a set of instructions; each instruction is conditional on the machine being in a certain state and reading a certain symbol, and specifies which symbol the machine will write onto the current square, whether it will move the read-write head one square left, right, or stay put, and which state it will switch to. If the tape contains a certain input, represented as a sequence of symbols on the tape, and the machine is put into the designated start state with the read-write head reading the leftmost square of the input, the instruction set will step-wise determine a sequence of configurations of the machine: content of tape, position of read-write head, and state of the machine. Should the machine encounter a configuration in which the instruction set does not contain an instruction for the current symbol read/state combination, the machine halts, and the content of the tape is the output. Numbers can very easily be represented as sequences of strokes on the Tape of a Turing machine. We say a function N → N is Turing computable if there is a Turing machine which, whenever it is started on the unary representation of n as input, eventually halts with its tape containing the unary representation of f (n) as output. Many familiar arithmetical functions are easily (or not-so-easily) shown to be Turing computable. Many other models of computation other than Turing machines have been proposed; and it has always turned out that the arithmetical functions computable there are also Turing computable. 266 CHAPTER 12. TURING MACHINE COMPUTATIONS This is seen as support for theChurch-Turing Thesis, that every arithmetical function that can effectively be computed is Turing computable. Problems Problem 12.1. Choose an arbitary input and trace through the configurations of the doubler machine in Example 12.4. Problem 12.2. The double machine in Example 12.4 writes its output to the right of the input. Come up with a new method for solving the doubler problem which generates its output immediately to the right of the end-of-tape marker. Build a machine that executes your method. Check that your machine works by tracing through the configurations. Problem 12.3. Design a Turing-machine with alphabet {⊔,A,B } that accepts any string of As and Bs where the number of As is the same as the number of Bs and all the As precede all the Bs, and rejects any string where the number of As is not equal to the number of Bs or the As do not precede all the Bs. (E.g., the machine should accept AABB , and AAABBB , but reject both AAB and AABBAABB .) Problem 12.4. Design a Turing-machine with alphabet {⊔,A,B } that takes as input any string α of As and Bs and duplicates them to produce an output of the form αα. (E.g. input ABBA should result in output ABBAABBA). Problem 12.5. Alphabetical?: Design a Turing-machine with alphabet {⊔,A,B } that when given as input a finite sequence of As and Bs checks to see if all the As appear left of all the Bs or not. The machine should leave the input string on the tape, and output either halt if the string is "alphabetical", or loop forever if the string is not. 267 12.9. THE CHURCH-TURING THESIS Problem 12.6. Alphabetizer: Design a Turing-machine with alphabet {⊔,A,B } that takes as input a finite sequence of As and Bs rearranges them so that all theAs are to the left of all the Bs. (e.g., the sequence BABAA should become the sequence AAABB , and the sequence ABBABB should become the sequence AABBBB). Problem 12.7. Trace through the configurations of the machine for input ⟨3,5⟩. Problem 12.8. Subtraction: Design a Turing machine that when given an input of two non-empty strings of strokes of length n and m, where n > m, computes the function f (n,m) = n −m. Problem 12.9. Equality: Design a Turing machine to compute the following function: equality(x, y) = {︄ 1 if x = y 0 if x ≠ y where x and y are integers greater than 0. Problem 12.10. Design a Turing machine to compute the function min(x, y) where x and y are positive integers represented on the tape by strings of I 's separated by a ⊔. You may use additional symbols in the alphabet of the machine. The function min selects the smallest value from its arguments, so min(3,5) = 3, min(20,16) = 16, and min(4,4) = 4, and so on. CHAPTER 13 Undecidability 13.1 Introduction It might seem obvious that not every function, even every arithmetical function, can be computable. There are just too many, whose behavior is too complicated. Functions defined from the decay of radioactive particles, for instance, or other chaotic or random behavior. Suppose we start counting 1-second intervals from a given time, and define the function f (n) as the number of particles in the universe that decay in the n-th 1-second interval after that initial moment. This seems like a candidate for a function we cannot ever hope to compute. But it is one thing to not be able to imagine how one would compute such functions, and quite another to actually prove that they are uncomputable. In fact, even functions that seem hopelessly complicated may, in an abstract sense, be computable. For instance, suppose the universe is finite in time-some day, in the very distant future the universe will contract into a single point, as some cosmological theories predict. Then there is only a finite (but incredibly large) number of seconds from that initial moment for which f (n) is defined. And any function which is defined for only finitely many inputs is computable: we could list the outputs in one big table, or code it in one very big Turing machine state transition diagram. We are often interested in special cases of functions whose 268 269 13.1. INTRODUCTION values give the answers to yes/no questions. For instance, the question "is n a prime number?" is associated with the function isprime(n) = {︄ 1 if n is prime 0 otherwise. We say that a yes/no question can be effectively decided, if the associated 1/0-valued function is effectively computable. To prove mathematically that there are functions which cannot be effectively computed, or problems that cannot effectively decided, it is essential to fix a specific model of computation, and show about it that there are functions it cannot compute or problems it cannot decide. We can show, for instance, that not every function can be computed by Turing machines, and not every problem can be decided by Turing machines. We can then appeal to the Church-Turing thesis to conclude that not only are Turing machines not powerful enough to compute every function, but no effective procedure can. The key to proving such negative results is the fact that we can assign numbers to Turing machines themselves. The easiest way to do this is to enumerate them, perhaps by fixing a specific way to write down Turing machines and their programs, and then listing them in a systematic fashion. Once we see that this can be done, then the existence of Turing-uncomputable functions follows by simple cardinality considerations: the set of functions from N to N (in fact, even just from N to {0,1}) are uncountable, but since we can enumerate all the Turing machines, the set of Turing-computable functions is only countably infinite. We can also define specific functions and problems which we can prove to be uncomputable and undecidable, respectively. One such problem is the so-called Halting Problem. Turing machines can be finitely described by listing their instructions. Such a description of a Turing machine, i.e., a Turing machine program, can of course be used as input to another Turing machine. So we can consider Turing machines that decide questions about other Turing machines. One particularly interesting question is 270 CHAPTER 13. UNDECIDABILITY this: "Does the given Turing machine eventually halt when started on input n?" It would be nice if there were a Turing machine that could decide this question: think of it as a quality-control Turing machine which ensures that Turing machines don't get caught in infinite loops and such. The interestign fact, which Turing proved, is that there cannot be such a Turing machine. There cannot be a single Turing machine which, when started on input consisting of a description of a Turing machine M and some number n, will always halt with either output 1 or 0 according to whether M machine would have halted when started on input n or not. Once we have examples of specific undecidable problems we can use them to show that other problems are undecidable, too. For instance, one celebrated undecidable problem is the question, "Is the first-order formula A valid?". There is no Turing machine which, given as input a first-order formula A, is guaranteed to halt with output 1 or 0 according to whether A is valid or not. Historically, the question of finding a procedure to effectively solve this problem was called simply "the" decision problem; and so we say that the decision problem is unsolvable. Turing and Church proved this result independently at around the same time, so it is also called the Church-Turing Theorem. 13.2 Enumerating Turing Machines We can show that the set of all Turing-machines is countable. This follows from the fact that each Turing machine can be finitely described. The set of states and the tape vocabulary are finite sets. The transition function is a partial function from Q × Σ to Q × Σ × {L,R,N }, and so likewise can be specified by listing its values for the finitely many argument pairs for which it is defined. Of course, strictly speaking, the states and vocabulary can be anything; but the behavior of the Turing machine is independent of which objects serve as states and vocabulary. So we may assume, for instance, that the states and vocabulary symbols are 271 13.2. ENUMERATING TURING MACHINES natural numbers, or that the states and vocabulary are all strings of letters and digits. Suppose we fix a countably infinite vocabulary for specifying Turing machines: σ0 = ▷, σ1 = ⊔, σ2 = I , σ3, . . . , R, L, N , q0, q1, . . . . Then any Turing machine can be specified by some finite string of symbols from this alphabet (though not every finite string of symbols specifies a Turing machine). For instance, suppose we have a Turing machine M = ⟨Q , Σ ,q , δ⟩ where Q = {q ′0, . . . ,q ′ n} ⊆ {q0,q1, . . . } and Σ = {▷, σ′1, σ ′ 2, . . . , σ ′ m} ⊆ {σ0, σ1, . . . }. We could specify it by the string q ′0q ′ 1 . . . q ′ n ▷ σ ′ 1 . . . σ ′ m ▷ q ▷ S (σ ′ 0,q ′ 0) ▷ . . . ▷ S (σ ′ m,q ′ n) where S (σ′i ,q ′ j ) is the string σ ′ iq ′ j δ(σ ′ i ,q ′ j ) if δ(σ ′ i ,q ′ j ) is defined, and σ′iq ′ j otherwise. Theorem 13.1. There are functions from N to N which are not Turing computable. Proof. We know that the set of finite strings of symbols from a countably infinite alphabet is countable. This gives us that the set of descriptions of Turing machines, as a subset of the finite strings from the countable vocabulary {q0,q1, . . . , ▷, σ1, σ2, . . . }, is itself enumerable. Since every Turing computable function is computed by some (in fact, many) Turing machines, this means that the set of all Turing computable functions from N to N is also enumerable. On the other hand, the set of all functions from N to N is not countable. This follows immediately from the fact that not even the set of all functions of one argument from N to the set {0,1} is countable. If all functions were computable by some Turing machine we could enumerate the set of all functions. So there are some functions that are not Turing-computable. □ 272 CHAPTER 13. UNDECIDABILITY 13.3 The Halting Problem Assume we have fixed some finite descriptions of Turing machines. Using these, we can enumerate Turing machines via their descriptions, say, ordered by the lexicographic ordering. Each Turing machine thus receives an index: its place in the enumeration M1, M2, M3, . . . of Turing machine descriptions. We know that there must be non-Turing-computable functions: the set of Turing machine descriptions-and hence the set of Turing machines-is enumerable, but the set of all functions from N to N is not. But we can find specific examples of noncomputable function as well. One such function is the halting function. Definition 13.2 (Halting function). The halting function h is defined as h(e,n) = {︄ 0 if machine Me does not halt for input n 1 if machine Me halts for input n Definition 13.3 (Halting problem). The Halting Problem is the problem of determining (for any e , n) whether the Turing machine Me halts for an input of n strokes. We show that h is not Turing-computable by showing that a related function, s , is not Turing-computable. This proof relies on the fact that anything that can be computed by a Turing machine can be computed using just two symbols: ⊔ and I , and the fact that two Turing machines can be hooked together to create a single machine. 273 13.3. THE HALTING PROBLEM Definition 13.4. The function s is defined as s (e ) = {︄ 0 if machine Me does not halt for input e 1 if machine Me halts for input e Lemma 13.5. The function s is not Turing computable. Proof. We suppose, for contradiction, that the function s is Turing-computable. Then there would be a Turing machine S that computes s . We may assume, without loss of generality, that when S halts, it does so while scanning the first square. This machine can be "hooked up" to another machine J , which halts if it is started on a blank tape (i.e., if it reads ⊔ in the initial state while scanning the square to the right of the end-of-tape symbol), and otherwise wanders off to the right, never halting. S ⌒ J , the machine created by hooking S to J , is a Turing machine, so it is Me for some e (i.e., it appears somewhere in the enumeration). Start Me on an input of e I s. There are two possibilities: either Me halts or it does not halt. 1. Suppose Me halts for an input of e I s. Then s (e ) = 1. So S , when started on e , halts with a single I as output on the tape. Then J starts with a I on the tape. In that case J does not halt. But Me is the machine S ⌒ J , so it should do exactly what S followed by J would do. So Me cannot halt for an input of e I 's. 2. Now suppose Me does not halt for an input of e I s. Then s (e ) = 0, and S , when started on input e , halts with a blank tape. J , when started on a blank tape, immediately halts. Again,Me does what S followed by J would do, soMe must halt for an input of e I 's. This shows there cannot be a Turing machine S : s is not Turing computable. □ 274 CHAPTER 13. UNDECIDABILITY Theorem 13.6 (Unsolvability of the Halting Problem). The halting problem is unsolvable, i.e., the function h is not Turing computable. Proof. Suppose h were Turing computable, say, by a Turing machine H . We could use H to build a Turing machine that computes s : First, make a copy of the input (separated by a blank). Then move back to the beginning, and run H . We can clearly make a machine that does the former, and if H existed, we would be able to "hook it up" to such a modified doubling machine to get a new machine which would determine if Me halts on input e , i.e., computes s . But we've already shown that no such machine can exist. Hence, h is also not Turing computable. □ 13.4 The Decision Problem We say that first-order logic is decidable iff there is an effective method for determining whether or not a given sentence is valid. As it turns out, there is no such method: the problem of deciding validity of first-order sentences is unsolvable. In order to establish this important negative result, we prove that the decision problem cannot be solved by a Turing machine. That is, we show that there is no Turing machine which, whenever it is started on a tape that contains a first-order sentence, eventually halts and outputs either 1 or 0 depending on whether the sentence is valid or not. By the Church-Turing thesis, every function which is computable is Turing computable. So if this "validity function" were effectively computable at all, it would be Turing computable. If it isn't Turing computable, then, it also cannot be effectively computable. Our strategy for proving that the decision problem is unsolvable is to reduce the halting problem to it. This means the following: We have proved that the function h(e,w) that halts with output 1 if the Turing-machine described by e halts on input w and outputs 0 otherwise, is not Turing-computable. We will show that 275 13.5. REPRESENTING TURING MACHINES if there were a Turing machine that decides validity of first-order sentences, then there is also Turing machine that computes h. Since h cannot be computed by a Turing machine, there cannot be a Turing machine that decides validity either. The first step in this strategy is to show that for every input w and a Turing machine M , we can effectively describe a sentence T (M ,w) representing the instruction set of M and the input w and a sentence E(M ,w) expressing "M eventually halts" such that: ⊨ T (M ,w) → E(M ,w) iff M halts for input w . The bulk of our proof will consist in describing these sentences T (M ,w) and E(M ,w) and verifying that T (M ,w) → E(M ,w) is valid iff M halts on input w . 13.5 Representing Turing Machines In order to represent Turing machines and their behavior by a sentence of first-order logic, we have to define a suitable language. The language consists of two parts: predicate symbols for describing configurations of the machine, and expressions for numbering execution steps ("moments") and positions on the tape. We introduce two kinds of predicate symbols, both of them 2-place: For each state q , a predicate symbol Qq , and for each tape symbol σ, a predicate symbol Sσ. The former allow us to describe the state of M and the position of its tape head, the latter allow us to describe the contents of the tape. In order to express the positions of the tape head and the number of steps executed, we need a way to express numbers. This is done using a constant symbol 0, and a 1-place function ′, the successor function. By convention it is written after its argument (and we leave out the parentheses). So 0 names the leftmost position on the tape as well as the time before the first execution step (the initial configuration), 0′ names the square to the right 276 CHAPTER 13. UNDECIDABILITY of the leftmost square, and the time after the first execution step, and so on. We also introduce a predicate symbol < to express both the ordering of tape positions (when it means "to the left of") and execution steps (then it means "before"). Once we have the language in place, we list the "axioms" of T (M ,w), i.e., the sentences which, taken together, describe the behavior of M when run on input w . There will be sentences which lay down conditions on 0, ′, and <, sentences that describes the input configuration, and sentences that describe what the configuration of M is after it executes a particular instruction. Definition 13.7. Given a Turing machine M = ⟨Q , Σ ,q0, δ⟩, the language LM consists of: 1. A two-place predicate symbolQq (x, y) for every state q ∈ Q . Intuitively, Qq (m,n) expresses "after n steps, M is in state q scanning the mth square." 2. A two-place predicate symbol Sσ(x, y) for every symbol σ ∈ Σ . Intuitively, Sσ(m,n) expresses "after n steps, the mth square contains symbol σ." 3. A constant symbol 0 4. A one-place function symbol ′ 5. A two-place predicate symbol < For each number n there is a canonical term n, the numeral for n, which represents it in LM . 0 is 0, 1 is 0′, 2 is 0′′, and so on. More formally: 0 = 0 n + 1 = n ′ The sentences describing the operation of the Turing machine M on input w = σi1 . . . σik are the following: 277 13.5. REPRESENTING TURING MACHINES 1. Axioms describing numbers: a) A sentence that says that the successor function is injective: ∀x ∀y (x ′ = y ′ → x = y) b) A sentence that says that every number is less than its successor: ∀x x < x ′ c) A sentence that ensures that < is transitive: ∀x ∀y ∀z ((x < y ∧ y < z ) → x < z ) d) A sentence that connects < and =: ∀x ∀y (x < y → x ≠ y) 2. Axioms describing the input configuration: a) After 0 steps-before the machine starts-M is in the inital state q0, scanning square 1: Qq0(1,0) b) The first k + 1 squares contain the symbols ▷, σi1 , . . . , σik : S▷(0,0) ∧ Sσi1 (1,0) ∧ * * * ∧ Sσik (n,0) c) Otherwise, the tape is empty: ∀x (k < x → S⊔(x,0)) 3. Axioms describing the transition from one configuration to the next: For the following, let A(x, y) be the conjunction of all sentences of the form ∀z (((z < x ∨ x < z ) ∧ Sσ(z, y)) → Sσ(z, y ′)) where σ ∈ Σ . We use A(m,n) to express "other than at square m, the tape after n + 1 steps is the same as after n steps." 278 CHAPTER 13. UNDECIDABILITY a) For every instruction δ(qi , σ) = ⟨q j , σ′,R⟩, the sentence: ∀x ∀y ((Qqi (x, y) ∧ Sσ(x, y)) → (Qq j (x ′, y ′) ∧ Sσ′(x, y ′) ∧ A(x, y))) This says that if, after y steps, the machine is in state qi scanning square x which contains symbol σ, then after y +1 steps it is scanning square x +1, is in state q j , square x now contains σ′, and every square other than x contains the same symbol as it did after y steps. b) For every instruction δ(qi , σ) = ⟨q j , σ′,L⟩, the sentence: ∀x ∀y ((Qqi (x ′, y) ∧ Sσ(x ′, y)) → (Qq j (x, y ′) ∧ Sσ′(x ′, y ′) ∧ A(x, y))) ∧ ∀y ((Qqi (0, y) ∧ Sσ(0, y)) → (Qq j (0, y ′) ∧ Sσ′(0, y ′) ∧ A(0, y))) Take a moment to think about how this works: now we don't start with "if scanning square x . . . " but: "if scanning square x + 1 . . . " A move to the left means that in the next step the machine is scanning square x . But the square that is written on is x +1. We do it this way since we don't have subtraction or a predecessor function. Note that numbers of the form x + 1 are 1, 2, . . . , i.e., this doesn't cover the case where the machine is scanning square 0 and is supposed to move left (which of course it can't-it just stays put). That special case is covered by the second conjunction: it says that if, after y steps, the machine is scanning square 0 in state qi and square 0 contains symbol σ, then after y + 1 steps it's still scanning square 0, is now in state q j , the symbol on square 0 is σ′, and the squares other than 279 13.6. VERIFYING THE REPRESENTATION square 0 contain the same symbols they contained ofter y steps. c) For every instruction δ(qi , σ) = ⟨q j , σ′,N ⟩, the sentence: ∀x ∀y ((Qqi (x, y) ∧ Sσ(x, y)) → (Qq j (x, y ′) ∧ Sσ′(x, y ′) ∧ A(x, y))) Let T (M ,w) be the conjunction of all the above sentences for Turing machine M and input w In order to express that M eventually halts, we have to find a sentence that says "after some number of steps, the transition function will be undefined." Let X be the set of all pairs ⟨q , σ⟩ such that δ(q , σ) is undefined. Let E(M ,w) then be the sentence ∃x ∃y ( ⋁︂ ⟨q ,σ⟩∈X (Qq (x, y) ∧ Sσ(x, y))) If we use a Turing machine with a designated halting state h, it is even easier: then the sentence E(M ,w) ∃x ∃y Qh(x, y) expresses that the machine eventually halts. Proposition 13.8. If m < k , then T (M ,w) ⊨ m < k Proof. Exercise. □ 13.6 Verifying the Representation In order to verify that our representation works, we have to prove two things. First, we have to show that if M halts on input w , then T (M ,w) → E(M ,w) is valid. Then, we have to show the converse, i.e., that if T (M ,w)→E(M ,w) is valid, then M does in fact eventually halt when run on input w . 280 CHAPTER 13. UNDECIDABILITY The strategy for proving these is very different. For the first result, we have to show that a sentence of first-order logic (namely, T (M ,w)→E(M ,w)) is valid. The easiest way to do this is to give a derivation. Our proof is supposed to work for all M and w , though, so there isn't really a single sentence for which we have to give a derivation, but infinitely many. So the best we can do is to prove by induction that, whatever M and w look like, and however many steps it takes M to halt on input w , there will be a derivation of T (M ,w) → E(M ,w). Naturally, our induction will proceed on the number of steps M takes before it reaches a halting configuration. In our inductive proof, we'll establish that for each step n of the run of M on input w , T (M ,w) ⊨ C (M ,w,n), where C (M ,w,n) correctly describes the configuration of M run on w after n steps. Now if M halts on input w after, say, n steps, C (M ,w,n) will describe a halting configuration. We'll also show that C (M ,w,n) ⊨ E(M ,w), whenever C (M ,w,n) describes a halting configuration. So, if M halts on input w , then for some n, M will be in a halting configuration after n steps. Hence, T (M ,w) ⊨ C (M ,w,n) where C (M ,w,n) describes a halting configuration, and since in that case C (M ,w,n) ⊨ E(M ,w), we get that T (M ,w) ⊨ E(M ,w), i.e., that ⊨ T (M ,w) → E(M ,w). The strategy for the converse is very different. Here we assume that ⊨ T (M ,w)→E(M ,w) and have to prove thatM halts on inputw . From the hypothesis we get thatT (M ,w) ⊨ E(M ,w), i.e., E(M ,w) is true in every structure in which T (M ,w) is true. So we'll describe a structure M in which T (M ,w) is true: its domain will be N, and the interpretation of all theQq and Sσ will be given by the configurations of M during a run on input w . So, e.g., M ⊨ Qq (m,n) iff T , when run on input w for n steps, is in state q and scanning square m. Now since T (M ,w) ⊨ E(M ,w) by hypothesis, and since M ⊨ T (M ,w) by construction, M ⊨ E(M ,w). But M ⊨ E(M ,w) iff there is some n ∈ |M | = N so that M , run on input w , is in a halting configuration after n steps. 281 13.6. VERIFYING THE REPRESENTATION Definition 13.9. Let C (M ,w,n) be the sentence Qq (m,n) ∧ Sσ0(0,n) ∧ * * * ∧ Sσk (k,n) ∧ ∀x (k < x → S⊔(x,n)) where q is the state of M at time n, M is scanning square m at time n, square i contains symbol σi at time n for 0 ≤ i ≤ k and k is the right-most non-blank square of the tape at time 0, or the right-most square the tape head has visited after n steps, whichever is greater. Lemma 13.10. If M run on input w is in a halting configuration after n steps, then C (M ,w,n) ⊨ E(M ,w). Proof. Suppose that M halts for input w after n steps. There is some state q , square m, and symbol σ such that: 1. After n steps,M is in state q scanning square m on which σ appears. 2. The transition function δ(q , σ) is undefined. C (M ,w,n) is the description of this configuration and will include the clauses Qq (m,n) and Sσ(m,n). These clauses together imply E(M ,w): ∃x ∃y ( ⋁︂ ⟨q ,σ⟩∈X (Qq (x, y) ∧ Sσ(x, y))) since Qq ′(m,n) ∧ Sσ′(m,n) ⊨ ⋁︁ ⟨q ,σ⟩∈X (Qq (m,n) ∧ Sσ(m,n)), as ⟨q ′, σ′⟩ ∈ X . □ So if M halts for input w , then there is some n such that C (M ,w,n) ⊨ E(M ,w). We will now show that for any time n, T (M ,w) ⊨ C (M ,w,n). 282 CHAPTER 13. UNDECIDABILITY Lemma 13.11. For each n, if M has not halted after n steps, T (M ,w) ⊨ C (M ,w,n). Proof. Induction basis: If n = 0, then the conjuncts of C (M ,w,0) are also conjuncts of T (M ,w), so entailed by it. Inductive hypothesis: If M has not halted before the nth step, then T (M ,w) ⊨ C (M ,w,n). We have to show that (unless C (M ,w,n) describes a halting configuration), T (M ,w) ⊨ C (M ,w,n + 1). Suppose n > 0 and after n steps, M started on w is in state q scanning square m. Since M does not halt after n steps, there must be an instruction of one of the following three forms in the program of M : 1. δ(q , σ) = ⟨q ′, σ′,R⟩ 2. δ(q , σ) = ⟨q ′, σ′,L⟩ 3. δ(q , σ) = ⟨q ′, σ′,N ⟩ We will consider each of these three cases in turn. 1. Suppose there is an instruction of the form (1). By Definition 13.7(3a), this means that ∀x ∀y ((Qq (x, y) ∧ Sσ(x, y)) → (Qq ′(x ′, y ′) ∧ Sσ′(x, y ′) ∧ A(x, y))) is a conjunct ofT (M ,w). This entails the following sentence (universal instantiation, m for x and n for y): (Qq (m,n) ∧ Sσ(m,n)) → (Qq ′(m ′,n ′) ∧ Sσ′(m,n ′ ) ∧ A(m,n)). By induction hypothesis, T (M ,w) ⊨ C (M ,w,n), i.e., Qq (m,n) ∧ Sσ0(0,n) ∧ * * * ∧ Sσk (k,n) ∧ ∀x (k < x → S⊔(x,n)) 283 13.6. VERIFYING THE REPRESENTATION Since after n steps, tape square m contains σ, the corresponding conjunct is Sσ(m,n), so this entails: Qq (m,n) ∧ Sσ(m,n)) We now get Qq ′(m ′,n ′) ∧ Sσ′(m,n ′ ) ∧ Sσ0(0,n ′ ) ∧ * * * ∧ Sσk (k,n ′ ) ∧ ∀x (k < x → S⊔(x,n ′ )) as follows: The first line comes directly from the consequent of the preceding conditional, by modus ponens. Each conjunct in the middle line-which excludes Sσm (m,n ′ )- follows from the corresponding conjunct in C (M ,w,n) together with A(m,n). If m < k , T (M ,w) ⊢ m < k (Proposition 13.8) and by transitivity of <, we have ∀x (k < x → m < x). If m = k , then ∀x (k < x → m < x) by logic alone. The last line then follows from the corresponding conjunct inC (M ,w,n), ∀x (k < x → m < x), and A(m,n). If m < k , this already is C (M ,w,n + 1). Now suppose m = k . In that case, after n+1 steps, the tape head has also visited square k + 1, which now is the rightmost square visited. So C (M ,w,n + 1) has a new conjunct, S⊔(k ′ ,n ′), and the last conjuct is ∀x (k ′ < x→S⊔(x,n ′ )). We have to verify that these two sentences are also implied. We already have ∀x (k < x → S⊔(x,n ′ )). In particular, this gives us k < k ′ → S⊔(k ′ ,n ′). From the axiom ∀x x < x ′ we get k < k ′ . By modus ponens, S⊔(k ′ ,n ′) follows. Also, sinceT (M ,w) ⊢ k < k ′ , the axiom for transitivity of < gives us ∀x (k ′ < x → S⊔(x,n ′ )). (We leave the verification of this as an exercise.) 284 CHAPTER 13. UNDECIDABILITY 2. Suppose there is an instruction of the form (2). Then, by Definition 13.7(3b), ∀x ∀y ((Qq (x ′, y) ∧ Sσ(x ′, y)) → (Qq ′(x, y ′) ∧ Sσ′(x ′, y ′) ∧ A(x, y))) ∧ ∀y ((Qqi (0, y) ∧ Sσ(0, y)) → (Qq j (0, y ′) ∧ Sσ′(0, y ′) ∧ A(0, y))) is a conjunct of T (M ,w). If m > 0, then let l = m − 1 (i.e., m = l + 1). The first conjunct of the above sentence entails the following: (Qq (l ′ ,n) ∧ Sσ(l ′ ,n)) → (Qq ′(l ,n ′ ) ∧ Sσ′(l ′ ,n ′) ∧ A(l ,n)) Otherwise, let l = m = 0 and consider the following sentence entailed by the second conjunct: ((Qqi (0,n) ∧ Sσ(0,n)) → (Qq j (0,n ′ ) ∧ Sσ′(0,n ′ ) ∧ A(0,n))) Either sentence implies Qq ′(l ,n ′ ) ∧ Sσ′(m,n ′ ) ∧ Sσ0(0,n ′ ) ∧ * * * ∧ Sσk (k,n ′ ) ∧ ∀x (k < x → S⊔(x,n ′ )) as before. (Note that in the first case, l ′ ≡ l + 1 ≡ m and in the second case l ≡ 0.) But this just is C (M ,w,n + 1). 3. Case (3) is left as an exercise. We have shown that for any n, T (M ,w) ⊨ C (M ,w,n). □ 285 13.6. VERIFYING THE REPRESENTATION Lemma 13.12. If M halts on input w , then T (M ,w)→E(M ,w) is valid. Proof. By Lemma 13.11, we know that, for any time n, the description C (M ,w,n) of the configuration of M at time n is entailed by T (M ,w). Suppose M halts after k steps. It will be scanning square m, say. Then C (M ,w,k ) describes a halting configuration of M , i.e., it contains as conjuncts both Qq (m,k ) and Sσ(m,k ) with δ(q , σ) undefined. By Lemma 13.10 Thus, C (M ,w,k ) ⊨ E(M ,w). But since (M ,w) ⊨ C (M ,w,k ), we have T (M ,w) ⊨ E(M ,w) and therefore T (M ,w) → E(M ,w) is valid. □ To complete the verification of our claim, we also have to establish the reverse direction: if T (M ,w) → E(M ,w) is valid, then M does in fact halt when started on input m. Lemma 13.13. If ⊨ T (M ,w)→E(M ,w), thenM halts on input w . Proof. Consider the LM -structure M with domain N which interprets 0 as 0, ′ as the successor function, and < as the less-than relation, and the predicates Qq and Sσ as follows: QMq = {⟨m,n⟩ : started on w , after n steps, M is in state q scanning square m } SMσ = {⟨m,n⟩ : started on w , after n steps, square m of M contains symbol σ } In other words, we construct the structure M so that it describes what M started on input w actually does, step by step. Clearly, M ⊨ T (M ,w). If ⊨ T (M ,w) → E(M ,w), then also M ⊨ E(M ,w), i.e., M ⊨ ∃x ∃y ( ⋁︂ ⟨q ,σ⟩∈X (Qq (x, y) ∧ Sσ(x, y))). As |M | = N, there must be m, n ∈ N so that M ⊨ Qq (m,n) ∧ Sσ(m,n) for some q and σ such that δ(q , σ) is undefined. By the definition of M, this means thatM started on inputw after n steps is in state q and reading symbol σ, and the transition function is undefined, i.e., M has halted. □ 286 CHAPTER 13. UNDECIDABILITY 13.7 The Decision Problem is Unsolvable Theorem 13.14. The decision problem is unsolvable. Proof. Suppose the decision problem were solvable, i.e., suppose there were a Turing machine D of the following sort. Whenever D is started on a tape that contains a sentence B of first-order logic as input, D eventually halts, and outputs 1 iff B is valid and 0 otherwise. Then we could solve the halting problem as follows. We construct a Turing machine E that, given as input the number e of Turing machine Me and input w , computes the corresponding sentenceT (Me ,w)→E(Me ,w) and halts, scanning the leftmost square on the tape. The machine E ⌒ D would then, given input e and w , first compute T (Me ,w)→E(Me ,w) and then run the decision problem machine D on that input. D halts with output 1 iffT (Me ,w)→E(Me ,w) is valid and outputs 0 otherwise. By Lemma 13.13 and Lemma 13.12, T (Me ,w)→E(Me ,w) is valid iff Me halts on input w . Thus, E ⌒ D , given input e and w halts with output 1 iff Me halts on input w and halts with output 0 otherwise. In other words, E ⌒ D would solve the halting problem. But we know, by Theorem 13.6, that no such Turing machine can exist. □ Summary Turing machines are determined by their instruction sets, which are finite sets of quintuples (for every state and symbol read, specify new state, symbol written, and movement of the head). The finite sets of quintuples are enumerable, so there is a way of associating a number with each Turing machine instruction set. The index of a Turing machine is the number associated with its instruction set under a fixed such schema. In this way we can "talk about" Turing machines indirectly-by talking about their indices. One important problem about the behavior of Turing machines is whether they eventually halt. Let h(e,n) be the func287 13.7. THE DECISION PROBLEM IS UNSOLVABLE tion which = 1 if the Turing machine with index e halts when started on input n, and = 0 otherwise. It is called the halting function. The question of whether the halting function is itself Turing computable is called the halting problem. The answer is no: the halting problem is unsolvable. This is established using a diagonal argument. The halting problem is only one example of a larger class of problems of the form "can X be accomplished using Turing machines." Another central problem of logic is the decision problem for first-order logic: is there a Turing machine that can decide if a given sentence is valid or not. This famous problem was also solved negatively: the decision problem is unsolvable. This is established by a reduction argument: we can associate with each Turing machine M and input w a first-order sentence T (M ,w)→ E(M ,w) which is valid iff M halts when started on input w . If the decision problem were solvable, we could thus use it to solve the halting problem. Problems Problem 13.1. The Three Halting (3-Halt) problem is the problem of giving a decision procedure to determine whether or not an arbitrarily chosen Turing Machine halts for an input of three strokes on an otherwise blank tape. Prove that the 3-Halt problem is unsolvable. Problem 13.2. Show that if the halting problem is solvable for Turing machine and input pairs Me and n where e ≠ n, then it is also solvable for the cases where e = n. Problem 13.3. We proved that the halting problem is unsolvable if the input is a number e , which identifies a Turing machine Me via an enumaration of all Turing machines. What if we allow the description of Turing machines from section 13.2 directly as input? (This would require a larger alphabet of course.) Can there be a Turing machine which decides the halting problem 288 CHAPTER 13. UNDECIDABILITY but takes as input descriptions of Turing machines rather than indices? Explain why or why not. Problem 13.4. Prove Proposition 13.8. (Hint: use induction on k −m). Problem 13.5. Complete case (3) of the proof of Lemma 13.11. Problem 13.6. Give a derivation of Sσi (i,n ′ ) from Sσi (i,n) and A(m,n) (assuming i ≠ m, i.e., either i < m or m < i). Problem 13.7. Give a derivation of ∀x (k ′ < x→S⊔(x,n ′ )) from ∀x (k < x → S⊔(x,n ′ )), ∀x x < x ′, and ∀x ∀y ∀z ((x < y ∧ y < z ) → x < z ).)

APPENDIX A Proofs A.1 Introduction Based on your experiences in introductory logic, you might be comfortable with a proof system-probably a natural deduction or Fitch style proof system, or perhaps a proof-tree system. You probably remember doing proofs in these systems, either proving a formula or show that a given argument is valid. In order to do this, you applied the rules of the system until you got the desired end result. In reasoning about logic, we also prove things, but in most cases we are not using a proof system. In fact, most of the proofs we consider are done in English (perhaps, with some symbolic language thrown in) rather than entirely in the language of first-order logic. When constructing such proofs, you might at first be at a loss-how do I prove something without a proof system? How do I start? How do I know if my proof is correct? Before attempting a proof, it's important to know what a proof is and how to construct one. As implied by the name, a proof is meant to show that something is true. You might think of this in terms of a dialogue-someone asks you if something is true, say, if every prime other than two is an odd number. To answer "yes" is not enough; they might want to know why. In this case, you'd give them a proof. In everyday discourse, it might be enough to gesture at an answer, or give an incomplete answer. In logic and mathematics, 291 292 APPENDIX A. PROOFS however, we want rigorous proof-we want to show that something is true beyond any doubt. This means that every step in our proof must be justified, and the justification must be cogent (i.e., the assumption you're using is actually assumed in the statement of the theorem you're proving, the definitions you apply must be correctly applied, the justifications appealed to must be correct inferences, etc.). Usually, we're proving some statement. We call the statements we're proving by various names: propositions, theorems, lemmas, or corollaries. A proposition is a basic proof-worthy statement: important enough to record, but perhaps not particularly deep nor applied often. A theorem is a significant, important proposition. Its proof often is broken into several steps, and sometimes it is named after the person who first proved it (e.g., Cantor's Theorem, the Löwenheim-Skolem theorem) or after the fact it concerns (e.g., the completeness theorem). A lemma is a proposition or theorem that is used to in the proof of a more important result. Confusingly, sometimes lemmas are important results in themselves, and also named after the person who introduced them (e.g., Zorn's Lemma). A corollary is a result that easily follows from another one. A statement to be proved often contains some assumption that clarifies about which kinds of things we're proving something. It might begin with "Let A be a formula of the form B→C " or "Suppose Γ ⊢ A" or something of the sort. These are hypotheses of the proposition, theorem, or lemma, and you may assume these to be true in your proof. They restrict what we're proving about, and also introduce some names for the objects we're talking about. For instance, if your proposition begins with "Let A be a formula of the form B → C ," you're proving something about all formulas of a certain sort only (namely, conditionals), and it's understood that B→C is an arbitrary conditional that your proof will talk about. 293 A.2. STARTING A PROOF A.2 Starting a Proof But where do you even start? You've been given something to prove, so this should be the last thing that is mentioned in the proof (you can, obviously, announce that you're going to prove it at the beginning, but you don't want to use it as an assumption). Write what you are trying to prove at the bottom of a fresh sheet of paper-this way you don't lose sight of your goal. Next, you may have some assumptions that you are able to use (this will be made clearer when we talk about the type of proof you are doing in the next section). Write these at the top of the page and make sure to flag that they are assumptions (i.e., if you are assuming p, write "assume that p," or "suppose that p"). Finally, there might be some definitions in the question that you need to know. You might be told to use a specific definition, or there might be various definitions in the assumptions or conclusion that you are working towards. Write these down and ensure that you understand what they mean. How you set up your proof will also be dependent upon the form of the question. The next section provides details on how to set up your proof based on the type of sentence. A.3 Using Definitions We mentioned that you must be familiar with all definitions that may be used in the proof, and that you can properly apply them. This is a really important point, and it is worth looking at in a bit more detail. Definitions are used to abbreviate properties and relations so we can talk about them more succinctly. The introduced abbreviation is called the definiendum, and what it abbreviates is the definiens. In proofs, we often have to go back to how the definiendum was introduced, because we have to exploit the logical structure of the definiens (the long version of which the defined term is the abbreviation) to get through our proof. By 294 APPENDIX A. PROOFS unpacking definitions, you're ensuring that you're getting to the heart of where the logical action is. We'll start with an example. Suppose you want to prove the following: Proposition A.1. For any sets A and B , A ∪ B = B ∪ A. In order to even start the proof, we need to know what it means for two sets to be identical; i.e., we need to know what the "=" in that equation means for sets. Sets are defined to be identical whenever they have the same elements. So the definition we have to unpack is: Definition A.2. Sets A and B are identical, A = B , iff every element of A is an element of B , and vice versa. This definition usesA and B as placeholders for arbitrary sets. What it defines-the definiendum-is the expression "A = B" by giving the condition under which A = B is true. This condition- "every element of A is an element of B , and vice versa"-is the definiens.1 The definition specifies that A = B is true if, and only if (we abbreviate this to "iff") the condition holds. When you apply the definition, you have to match the A and B in the definition to the case you're dealing with. In our case, it means that in order for A ∪B = B ∪A to be true, each z ∈ A ∪B must also be in B∪A, and vice versa. The expression A∪B in the proposition plays the role of A in the definition, and B ∪ A that of B . Since A and B are used both in the definition and in the statement of the proposition we're proving, but in different uses, you have to be careful to make sure you don't mix up the two. For instance, it would be a mistake to think that you could prove the proposition by showing that every element of A is an element 1In this particular case-and very confusingly!-when A = B , the sets A and B are just one and the same set, even though we use different letters for it on the left and the right side. But the ways in which that set is picked out may be different, and that makes the definition non-trivial. 295 A.3. USING DEFINITIONS ofB , and vice versa-that would show thatA = B , not thatA∪B = B ∪ A. (Also, since A and B may be any two sets, you won't get very far, because if nothing is assumed about A and B they may well be different sets.) Within the proof we are dealing with set-theoretic notions such as union, and so we must also know the meanings of the symbol ∪ in order to understand how the proof should proceed. And sometimes, unpacking the definition gives rise to further definitions to unpack. For instance, A ∪ B is defined as {z : z ∈ A or z ∈ B }. So if you want to prove that x ∈ A ∪ B , unpacking the definition of ∪ tells you that you have to prove x ∈ {z : z ∈ A or z ∈ B }. Now you also have to remember that x ∈ {z : . . . z . . .} iff . . . x . . . . So, further unpacking the definition of the {z : . . . z . . .} notation, what you have to show is: x ∈ A or x ∈ B . So, "every element of A ∪ B is also an element of B ∪ A" really means: "for every x , if x ∈ A or x ∈ B , then x ∈ B or x ∈ A." If we fully unpack the definitions in the proposition, we see that what we have to show is this: 296 APPENDIX A. PROOFS Proposition A.3. For any sets A and B : (a) for every x , if x ∈ A or x ∈ B , then x ∈ B or x ∈ A, and (b) for every x , if x ∈ B or x ∈ A, then x ∈ A or x ∈ B . What's important is that unpacking definitions is a necessary part of constructing a proof. Properly doing it is sometimes difficult: you must be careful to distinguish and match the variables in the definition and the terms in the claim you're proving. In order to be successful, you must know what the question is asking and what all the terms used in the question mean-you will often need to unpack more than one definition. In simple proofs such as the ones below, the solution follows almost immediately from the definitions themselves. Of course, it won't always be this simple. A.4 Inference Patterns Proofs are composed of individual inferences. When we make an inference, we typically indicate that by using a word like "so," "thus," or "therefore." The inference often relies on one or two facts we already have available in our proof-it may be something we have assumed, or something that we've concluded by an inference already. To be clear, we may label these things, and in the inference we indicate what other statements we're using in the inference. An inference will often also contain an explanation of why our new conclusion follows from the things that come before it. There are some common patterns of inference that are used very often in proofs; we'll go through some below. Some patterns of inference, like proofs by induction, are more involved (and will be discussed later). We've already discussed one pattern of inference: unpacking, or applying, a definition. When we unpack a definition, we just restate something that involves the definiendum by using the definiens. For instance, suppose that we have already established in the course of a proof that D = E (a). Then we may apply the 297 A.4. INFERENCE PATTERNS definition of = for sets and infer: "Thus, by definition from (a), every element of D is an element of E and vice versa." Somewhat confusingly, we often do not write the justification of an inference when we actually make it, but before. Suppose we haven't already proved that D = E, but we want to. If D = E is the conclusion we aim for, then we can restate this aim also by applying the definition: to prove D = E we have to prove that every element of D is an element of E and vice versa. So our proof will have the form: (a) prove that every element of D is an element of E; (b) every element of E is an element of D ; (c) therefore, from (a) and (b) by definition of =, D = E . But we would usually not write it this way. Instead we might write something like, We want to show D = E . By definition of =, this amounts to showing that every element of D is an element of E and vice versa. (a) . . . (a proof that every element of D is an element of E) . . . (b) . . . (a proof that every element of E is an element of D) . . . Using a Conjunction Perhaps the simplest inference pattern is that of drawing as conclusion one of the conjuncts of a conjunction. In other words: if we have assumed or already proved that p and q , then we're entitled to infer that p (and also that q ). This is such a basic inference that it is often not mentioned. For instance, once we've unpacked the definition of D = E we've established that every element of D is an element of E and vice versa. From this we can conclude that every element of E is an element of D (that's the "vice versa" part). 298 APPENDIX A. PROOFS Proving a Conjunction Sometimes what you'll be asked to prove will have the form of a conjunction; you will be asked to "prove p and q ." In this case, you simply have to do two things: prove p, and then prove q . You could divide your proof into two sections, and for clarity, label them. When you're making your first notes, you might write "(1) Prove p" at the top of the page, and "(2) Prove q" in the middle of the page. (Of course, you might not be explicitly asked to prove a conjunction but find that your proof requires that you prove a conjunction. For instance, if you're asked to prove that D = E you will find that, after unpacking the definition of =, you have to prove: every element of D is an element of E and every element of E is an element of D). Proving a Disjunction When what you are proving takes the form of a disjunction (i.e., it is an statement of the form "p or q"), it is enough to show that one of the disjuncts is true. However, it basically never happens that either disjunct just follows from the assumptions of your theorem. More often, the assumptions of your theorem are themselves disjunctive, or you're showing that all things of a certain kind have one of two properties, but some of the things have the one and others have the other property. This is where proof by cases is useful (see below). Conditional Proof Many theorems you will encounter are in conditional form (i.e., show that if p holds, then q is also true). These cases are nice and easy to set up-simply assume the antecedent of the conditional (in this case, p) and prove the conclusion q from it. So if your theorem reads, "If p then q ," you start your proof with "assume p" and at the end you should have proved q . Conditionals may be stated in different ways. So instead of "If p then q ," a theorem may state that "p only if q ," "q if p," or "q , 299 A.4. INFERENCE PATTERNS provided p ." These all mean the same and require assuming p and proving q from that assumption. Recall that a biconditional ("p if and only if (iff) q") is really two conditionals put together: if p then q , and if q then p . All you have to do, then, is two instances of conditional proof: one for the first conditional and another one for the second. Sometimes, however, it is possible to prove an "iff" statement by chaining together a bunch of other "iff" statements so that you start with "p" an end with "q"-but in that case you have to make sure that each step really is an "iff." Universal Claims Using a universal claim is simple: if something is true for anything, it's true for each particular thing. So if, say, the hypothesis of your proof is A ⊆ B , that means (unpacking the definition of ⊆), that, for every x ∈ A, x ∈ B . Thus, if you already know that z ∈ A, you can conclude z ∈ B . Proving a universal claim may seem a little bit tricky. Usually these statements take the following form: "If x has P , then it has Q " or "All P s are Q s." Of course, it might not fit this form perfectly, and it takes a bit of practice to figure out what you're asked to prove exactly. But: we often have to prove that all objects with some property have a certain other property. The way to prove a universal claim is to introduce names or variables, for the things that have the one property and then show that they also have the other property. We might put this by saying that to prove something for all P s you have to prove it for an arbitrary P . And the name introduced is a name for an arbitrary P . We typically use single letters as these names for arbitrary things, and the letters usually follow conventions: e.g., we use n for natural numbers, A for formulas, A for sets, f for functions, etc. The trick is to maintain generality throughout the proof. You start by assuming that an arbitrary object ("x") has the property P , and show (based only on definitions or what you are allowed to assume) that x has the property Q . Because you have 300 APPENDIX A. PROOFS not stipulated what x is specifically, other that it has the property P , then you can assert that all every P has the property Q . In short, x is a stand-in for all things with property P . Proposition A.4. For all sets A and B , A ⊆ A ∪ B . Proof. Let A and B be arbitrary sets. We want to show that A ⊆ A ∪ B . By definition of ⊆, this amounts to: for every x , if x ∈ A then x ∈ A ∪ B . So let x ∈ A be an arbitrary element of A. We have to show that x ∈ A ∪ B . Since x ∈ A, x ∈ A or x ∈ B . Thus, x ∈ {x : x ∈ A ∨ x ∈ B }. But that, by definition of ∪, means x ∈ A ∪ B . □ Proof by Cases Suppose you have a disjunction as an assumption or as an already established conclusion-you have assumed or proved that p or q is true. You want to prove r . You do this in two steps: first you assume that p is true, and prove r , then you assume that q is true and prove r again. This works because we assume or know that one of the two alternatives holds. The two steps establish that either one is sufficient for the truth of r . (If both are true, we have not one but two reasons for why r is true. It is not necessary to separately prove that r is true assuming both p and q .) To indicate what we're doing, we announce that we "distinguish cases." For instance, suppose we know that x ∈ B ∪C . B ∪C is defined as {x : x ∈ B or x ∈ C }. In other words, by definition, x ∈ B or x ∈ C . We would prove that x ∈ A from this by first assuming that x ∈ B , and proving x ∈ A from this assumption, and then assume x ∈ C , and again prove x ∈ A from this. You would write "We distinguish cases" under the assumption, then "Case (1): x ∈ B" underneath, and "Case (2): x ∈ C halfway down the page. Then you'd proceed to fill in the top half and the bottom half of the page. Proof by cases is especially useful if what you're proving is itself disjunctive. Here's a simple example: 301 A.4. INFERENCE PATTERNS Proposition A.5. Suppose B ⊆ D andC ⊆ E . Then B∪C ⊆ D∪E . Proof. Assume (a) that B ⊆ D and (b) C ⊆ E . By definition, any x ∈ B is also ∈ D (c) and any x ∈ C is also ∈ E (d). To show that B ∪C ⊆ D ∪E, we have to show that if x ∈ B ∪C then x ∈ D ∪E (by definition of ⊆). x ∈ B ∪ C iff x ∈ B or x ∈ C (by definition of ∪). Similarly, x ∈ D ∪ E iff x ∈ D or x ∈ E . So, we have to show: for any x , if x ∈ B or x ∈ C , then x ∈ D or x ∈ E . So far we've only unpacked definitions! We've reformulated our proposition without ⊆ and ∪ and are left with trying to prove a universal conditional claim. By what we've discussed above, this is done by assuming that x is something about which we assume the "if" part is true, and we'll go on to show that the "then" part is true as well. In other words, we'll assume that x ∈ B or x ∈ C and show that x ∈ D or x ∈ E .2 Suppose that x ∈ B or x ∈ C . We have to show that x ∈ D or x ∈ E . We distinguish cases. Case 1: x ∈ B . By (c), x ∈ D . Thus, x ∈ D or x ∈ E . (Here we've made the inference discussed in the preceding subsection!) Case 2: x ∈ C . By (d), x ∈ E . Thus, x ∈ D or x ∈ E . □ Proving an Existence Claim When asked to prove an existence claim, the question will usually be of the form "prove that there is an x such that . . . x . . . ", i.e., that some object that has the property described by ". . . x . . . ". In this case you'll have to identify a suitable object show that is has the required property. This sounds straightforward, but a proof of this kind can be tricky. Typically it involves constructing or defining an object and proving that the object so defined has the 2This paragraph just explains what we're doing-it's not part of the proof, and you don't have to go into all this detail when you write down your own proofs. 302 APPENDIX A. PROOFS required property. Finding the right object may be hard, proving that it has the required property may be hard, and sometimes it's even tricky to show that you've succeeded in defining an object at all! Generally, you'd write this out by specifying the object, e.g., "let x be . . . " (where . . . specifies which object you have in mind), possibly proving that . . . in fact describes an object that exists, and then go on to show that x has the propertyQ . Here's a simple example. Proposition A.6. Suppose that x ∈ B . Then there is an A such that A ⊆ B and A ≠ ∅. Proof. Assume x ∈ B . Let A = {x}. Here we've defined the set A by enumerating its elements. Since we assume that x is an object, and we can always form a set by enumerating its elements, we don't have to show that we've succeeded in defining a set A here. However, we still have to show that A has the properties required by the proposition. The proof isn't complete without that! Since x ∈ A, A ≠ ∅. This relies on the definition of A as {x} and the obvious facts that x ∈ {x} and x ∉ ∅. Since x is the only element of {x}, and x ∈ B , every element of A is also an element of B . By definition of ⊆, A ⊆ B . □ Using Existence Claims Suppose you know that some existence claim is true (you've proved it, or it's a hypothesis you can use), say, "for some x , x ∈ A" or "there is an x ∈ A." If you want to use it in your proof, you can just pretend that you have a name for one of the things which your hypothesis says exist. Since A contains at least one 303 A.4. INFERENCE PATTERNS thing, there are things to which that name might refer. You might of course not be able to pick one out or describe it further (other than that it is ∈ A). But for the purpose of the proof, you can pretend that you have picked it out and give a name to it. It's important to pick a name that you haven't already used (or that appears in your hypotheses), otherwise things can go wrong. In your proof, you indicate this by going from "for some x , x ∈ A" to "Let a ∈ A." Now you can reason about a, use some other hypotheses, etc., until you come to a conclusion, p . If p no longer mentions a, p is independent of the asusmption that a ∈ A, and you've shown that it follows just from the assumption "for some x , x ∈ A." Proposition A.7. If A ≠ ∅, then A ∪ B ≠ ∅. Proof. Suppose A ≠ ∅. So for some x , x ∈ A. Here we first just restated the hypothesis of the proposition. This hypothesis, i.e., A ≠ ∅, hides an existential claim, which you get to only by unpacking a few definitions. The definition of = tells us that A = ∅ iff every x ∈ A is also ∈ ∅ and every x ∈ ∅ is also ∈ A. Negating both sides, we get: A ≠ ∅ iff either some x ∈ A is ∉ ∅ or some x ∈ ∅ is ∉ A. Since nothing is ∈ ∅, the second disjunct can never be true, and "x ∈ A and x ∉ ∅" reduces to just x ∈ A. So x ≠ ∅ iff for some x , x ∈ A. That's an existence claim. Now we use that existence claim by introducing a name for one of the elements of A: Let a ∈ A. Now we've introduced a name for one of the things ∈ A. We'll continue to argue about a, but we'll be careful to only assume that a ∈ A and nothing else: Since a ∈ A, a ∈ A∪B , by definition of ∪. So for some x , x ∈ A∪B , i.e., A ∪ B ≠ ∅. 304 APPENDIX A. PROOFS In that last step, we went from "a ∈ A ∪ B" to "for some x , x ∈ A∪B ." That doesn't mention a anymore, so we know that "for some x , x ∈ A ∪ B" follows from "for some x , x ∈ A alone." But that means that A ∪ B ≠ ∅. □ It's maybe good practice to keep bound variables like "x" separate from hypothtical names like a, like we did. In practice, however, we often don't and just use x , like so: Suppose A ≠ ∅, i.e., there is an x ∈ A. By definition of ∪, x ∈ A ∪ B . So A ∪ B ≠ ∅. However, when you do this, you have to be extra careful that you use different x 's and y 's for different existential claims. For instance, the following is not a correct proof of "If A ≠ ∅ and B ≠ ∅ then A ∩ B ≠ ∅" (which is not true). Suppose A ≠ ∅ and B ≠ ∅. So for some x , x ∈ A and also for some x , x ∈ B . Since x ∈ A and x ∈ B , x ∈ A ∩ B , by definition of ∩. So A ∩ B ≠ ∅. Can you spot where the incorrect step occurs and explain why the result does not hold? A.5 An Example Our first example is the following simple fact about unions and intersections of sets. It will illustrate unpacking definitions, proofs of conjunctions, of universal claims, and proof by cases. Proposition A.8. For any sets A, B , and C , A ∪ (B ∩ C ) = (A ∪ B) ∩ (A ∪C ) Let's prove it! Proof. We want to show that for any sets A, B , andC , A∪(B∩C ) = (A ∪ B) ∩ (A ∪C ) 305 A.5. AN EXAMPLE First we unpack the definition of "=" in the statement of the proposition. Recall that proving sets identical means showing that the sets have the same elements. That is, all elements of A ∪ (B ∩C ) are also elements of (A ∪B) ∩ (A ∪C ), and vice versa. The "vice versa" means that also every element of (A∪B)∩(A∪C )must be an element of A ∪ (B ∩ C ). So in unpacking the definition, we see that we have to prove a conjunction. Let's record this: By definition, A ∪ (B ∩ C ) = (A ∪ B) ∩ (A ∪ C ) iff every element of A ∪ (B ∩C ) is also an element of (A ∪ B) ∩ (A ∪C ), and every element of (A ∪ B) ∩ (A ∪C ) is an element of A ∪ (B ∩C ). Since this is a conjunction, we must prove each conjunct separately. Lets start with the first: let's prove that every element of A ∪ (B ∩C ) is also an element of (A ∪ B) ∩ (A ∪C ). This is a universal claim, and so we consider an arbitrary element of A ∪ (B ∩C ) and show that it must also be an element of (A ∪ B) ∩ (A ∪C ). We'll pick a variable to call this arbitrary element by, say, z . Our proof continues: First, we prove that every element of A∪(B∩C ) is also an element of (A ∪ B) ∩ (A ∪C ). Let z ∈ A ∪ (B ∩C ). We have to show that z ∈ (A ∪ B) ∩ (A ∪C ). Now it is time to unpack the definition of ∪ and ∩. For instance, the definition of ∪ is: A ∪ B = {z : z ∈ A or z ∈ B }. When we apply the definition to "A ∪ (B ∩ C )," the role of the "B" in the definition is now played by "B ∩ C ," so A ∪ (B ∩ C ) = {z : z ∈ A or z ∈ B ∩ C }. So our assumption that z ∈ A ∪ (B ∩C ) amounts to: z ∈ {z : z ∈ A or z ∈ B ∩C }. And z ∈ {z : . . . z . . .} iff . . . z . . . , i.e., in this case, z ∈ A or z ∈ B ∩C . 306 APPENDIX A. PROOFS By the definition of ∪, either z ∈ A or z ∈ B ∩C . Since this is a disjunction, it will be useful to apply proof by cases. We take the two cases, and show that in each one, the conclusion we're aiming for (namely, "z ∈ (A ∪ B) ∩ (A ∪C )") obtains. Case 1: Suppose that z ∈ A. There's not much more to work from based on our assumptions. So let's look at what we have to work with in the conclusion. We want to show that z ∈ (A ∪ B) ∩ (A ∪ C ). Based on the definition of ∩, if we want to show that z ∈ (A ∪ B) ∩ (A ∪C ), we have to show that it's in both (A ∪ B) and (A ∪ C ). But z ∈ A ∪ B iff z ∈ A or z ∈ B , and we already have (as the assumption of case 1) that z ∈ A. By the same reasoning-switching C for B-z ∈ A∪C . This argument went in the reverse direction, so let's record our reasoning in the direction needed in our proof. Since z ∈ A, z ∈ A or z ∈ B , and hence, by definition of ∪, z ∈ A∪B . Similarly, z ∈ A∪C . But this means that z ∈ (A∪B)∩(A∪C ), by definition of ∩. This completes the first case of the proof by cases. Now we want to derive the conclusion in the second case, where z ∈ B ∩C . Case 2: Suppose that z ∈ B ∩C . Again, we are working with the intersection of two sets. Let's apply the definition of ∩: Since z ∈ B ∩ C , z must be an element of both B and C , by definition of ∩. It's time to look at our conclusion again. We have to show that z is in both (A∪B) and (A∪C ). And again, the solution is immediate. 307 A.5. AN EXAMPLE Since z ∈ B , z ∈ (A ∪ B). Since z ∈ C , also z ∈ (A ∪ C ). So, z ∈ (A ∪ B) ∩ (A ∪C ). Here we applied the definitions of ∪ and ∩ again, but since we've already recalled those definitions, and already showed that if z is in one of two sets it is in their union, we don't have to be as explicit in what we've done. We've completed the second case of the proof by cases, so now we can assert our first conclusion. So, if z ∈ A ∪ (B ∩C ) then z ∈ (A ∪ B) ∩ (A ∪C ). Now we just want to show the other direction, that every element of (A ∪ B) ∩ (A ∪ C ) is an element of A ∪ (B ∩C ). As before, we prove this universal claim by assuming we have an arbitrary element of the first set and show it must be in the second set. Let's state what we're about to do. Now, assume that z ∈ (A ∪ B) ∩ (A ∪ C ). We want to show that z ∈ A ∪ (B ∩C ). We are now working from the hypothesis that z ∈ (A ∪ B) ∩ (A ∪ C ). It hopefully isn't too confusing that we're using the same z here as in the first part of the proof. When we finished that part, all the assumptions we've made there are no longer in effect, so now we can make new assumptions about what z is. If that is confusing to you, just replace z with a different variable in what follows. We know that z is in both A∪B and A∪C , by definition of ∩. And by the definition of ∪, we can further unpack this to: either z ∈ A or z ∈ B , and also either z ∈ A or z ∈ C . This looks like a proof by cases again-except the "and" makes it confusing. You might think that this amounts to there being three 308 APPENDIX A. PROOFS possibilities: z is either in A, B or C . But that would be a mistake. We have to be careful, so let's consider each disjunction in turn. By definition of ∩, z ∈ A ∪ B and z ∈ A ∪ C . By definition of ∪, z ∈ A or z ∈ B . We distinguish cases. Since we're focusing on the first disjunction, we haven't gotten our second disjunction (from unpacking A ∪ C ) yet. In fact, we don't need it yet. The first case is z ∈ A, and an element of a set is also an element of the union of that set with any other. So case 1 is easy: Case 1: Suppose that z ∈ A. It follows that z ∈ A ∪ (B ∩C ). Now for the second case, z ∈ B . Here we'll unpack the second ∪ and do another proof-by-cases: Case 2: Suppose that z ∈ B . Since z ∈ A ∪ C , either z ∈ A or z ∈ C . We distinguish cases further: Case 2a: z ∈ A. Then, again, z ∈ A ∪ (B ∩C ). Ok, this was a bit weird. We didn't actually need the assumption that z ∈ B for this case, but that's ok. Case 2b: z ∈ C . Then z ∈ B and z ∈ C , so z ∈ B ∩ C , and consequently, z ∈ A ∪ (B ∩C ). This concludes both proofs-by-cases and so we're done with the second half. So, if z ∈ (A ∪ B) ∩ (A ∪C ) then z ∈ A ∪ (B ∩C ). □ A.6 Another Example 309 A.6. ANOTHER EXAMPLE Proposition A.9. If A ⊆ C , then A ∪ (C \ A) = C . Proof. Suppose that A ⊆ C . We want to show that A∪(C \A) = C . We begin by observing that this is a conditional statement. It is tacitly universally quantified: the proposition holds for all sets A and C . So A and C are variables for arbitrary sets. To prove such a statement, we assume the antecedent and prove the consequent. We continue by using the assumption that A ⊆ C . Let's unpack the definition of ⊆: the assumption means that all elements of A are also elements of C . Let's write this down-it's an important fact that we'll use throughout the proof. By the definition of ⊆, since A ⊆ C , for all z , if z ∈ A, then z ∈ C . We've unpacked all the definitions that are given to us in the assumption. Now we can move onto the conclusion. We want to show that A ∪ (C \ A) = C , and so we set up a proof similarly to the last example: we show that every element of A ∪ (C \ A) is also an element of C and, conversely, every element of C is an element of A ∪ (C \ A). We can shorten this to: A ∪ (C \ A) ⊆ C and C ⊆ A ∪ (C \ A). (Here we're doing the opposite of unpacking a definition, but it makes the proof a bit easier to read.) Since this is a conjunction, we have to prove both parts. To show the first part, i.e., that every element of A ∪ (C \A) is also an element ofC , we assume that z ∈ A∪(C \A) for an arbitrary z and show that z ∈ C . By the definition of ∪, we can conclude that z ∈ A or z ∈ C \ A from z ∈ A ∪ (C \ A). You should now be getting the hang of this. A ∪ (C \A) = C iff A ∪ (C \A) ⊆ C and C ⊆ (A ∪ (C \A). First we prove that A ∪ (C \ A) ⊆ C . Let z ∈ A ∪ (C \ A). So, either z ∈ A or z ∈ (C \ A). 310 APPENDIX A. PROOFS We've arrived at a disjunction, and from it we want to prove that z ∈ C . We do this using proof by cases. Case 1: z ∈ A. Since for all z , if z ∈ A, z ∈ C , we have that z ∈ C . Here we've used the fact recorded earlier which followed from the hypothesis of the proposition that A ⊆ C . The first case is complete, and we turn to the second case, z ∈ (C \ A). Recall that C \ A denotes the difference of the two sets, i.e., the set of all elements of C which are not elements of A. But any element ofC not in A is in particular an element ofC . Case 2: z ∈ (C \ A). This means that z ∈ C and z ∉ A. So, in particular, z ∈ C . Great, we've proved the first direction. Now for the second direction. Here we prove that C ⊆ A∪(C \A). So we assume that z ∈ C and prove that z ∈ A∪(C \A). Now let z ∈ C . We want to show that z ∈ A or z ∈ C \ A. Since all elements of A are also elements of C , and C \A is the set of all things that are elements of C but not A, it follows that z is either in A or in C \A. This may be a bit unclear if you don't already know why the result is true. It would be better to prove it stepby-step. It will help to use a simple fact which we can state without proof: z ∈ A or z ∉ A. This is called the "principle of excluded middle:" for any statement p, either p is true or its negation is true. (Here, p is the statement that z ∈ A.) Since this is a disjunction, we can again use proof-by-cases. Either z ∈ A or z ∉ A. In the former case, z ∈ A ∪ (C \A). In the latter case, z ∈ C and z ∉ A, so z ∈ C \A. But then z ∈ A∪(C \A). Our proof is complete: we have shown that A ∪ (C \ A) = C . □ 311 A.7. PROOF BY CONTRADICTION A.7 Proof by Contradiction In the first instance, proof by contradiction is an inference pattern that is used to prove negative claims. Suppose you want to show that some claim p is false, i.e., you want to show ¬p . The most promising strategy is to (a) suppose that p is true, and (b) show that this assumption leads to something you know to be false. "Something known to be false" may be a result that conflicts with-contradicts-p itself, or some other hypothesis of the overall claim you are considering. For instance, a proof of "if q then ¬p" involves assuming that q is true and proving ¬p from it. If you prove ¬p by contradiction, that means assuming p in addition to q . If you can prove ¬q from p, you have shown that the assumption p leads to something that contradicts your other assumption q , since q and ¬q cannot both be true. Of course, you have to use other inference patterns in your proof of the contradiction, as well as unpacking definitions. Let's consider an example. Proposition A.10. If A ⊆ B and B = ∅, then A has no elements. Proof. Suppose A ⊆ B and B = ∅. We want to show that A has no elements. Since this is a conditional claim, we assume the antecedent and want to prove the consequent. The consequent is: A has no elements. We can make that a bit more explicit: it's not the case that there is an x ∈ A. A has no elements iff it's not the case that there is an x such that x ∈ A. So we've determined that what we want to prove is really a negative claim ¬p, namely: it's not the case that there is an x ∈ A. To use proof by contradiction, we have to assume the corresponding positive claim p, i.e., there is an x ∈ A, and prove a contradiction from it. We indicate that we're doing a proof 312 APPENDIX A. PROOFS by contradiction by writing "by way of contradiction, assume" or even just "suppose not," and then state the assumption p . Suppose not: there is an x ∈ A. This is now the new assumption we'll use to obtain a contradiction. We have two more assumptions: that A ⊆ B and that B = ∅. The first gives us that x ∈ B : Since A ⊆ B , x ∈ B . But since B = ∅, every element of B (e.g., x) must also be an element of ∅. Since B = ∅, x ∈ ∅. This is a contradiction, since by definition ∅ has no elements. This already completes the proof: we've arrived at what we need (a contradiction) from the assumptions we've set up, and this means that the assumptions can't all be true. Since the first two assumptions (A ⊆ B and B = ∅) are not contested, it must be the last assumption introduced (there is an x ∈ A) that must be false. But if we want to be thorough, we can spell this out. Thus, our assumption that there is an x ∈ A must be false, hence, A has no elements by proof by contradiction. □ Every positive claim is trivially equivalent to a negative claim: p iff ¬¬p . So proofs by contradiction can also be used to establish positive claims "indirectly," as follows: To prove p, read it as the negative claim ¬¬p . If we can prove a contradiction from ¬p, we've established ¬¬p by proof by contradiction, and hence p . In the last example, we aimed to prove a negative claim, namely that A has no elements, and so the assumption we made for the purpose of proof by contradiction (i.e., that there is an 313 A.7. PROOF BY CONTRADICTION x ∈ A) was a positive claim. It gave us something to work with, namely the hypothetical x ∈ A about which we continued to reason until we got to x ∈ ∅. When proving a positive claim indirectly, the assumption you'd make for the purpose of proof by contradiction would be negative. But very often you can easily reformulate a positive claim as a negative claim, and a negative claim as a positive claim. Our previous proof would have been essentially the same had we proved "A = ∅" instead of the negative consequent "A has no elements." (By definition of =, "A = ∅" is a general claim, since it unpacks to "every element of A is an element of ∅ and vice versa".) But it is easily seen to be equivalent to the negative claim "not: there is an x ∈ A." So it is sometimes easier to work with ¬p as an assumption than it is to prove p directly. Even when a direct proof is just as simple or even simpler (as in the next example), some people prefer to proceed indirectly. If the double negation confuses you, think of a proof by contradiction of some claim as a proof of a contradiction from the opposite claim. So, a proof by contradiction of ¬p is a proof of a contradiction from the assumption p; and proof by contradiction of p is a proof of a contradiction from ¬p . Proposition A.11. A ⊆ A ∪ B . Proof. We want to show that A ⊆ A ∪ B . On the face of it, this is a positive claim: every x ∈ A is also in A ∪ B . The negation of that is: some x ∈ A is ∉ A ∪ B . So we can prove the claim indirectly by assuming this negated claim, and showing that it leads to a contradiction. Suppose not, i.e., A ⊈ A ∪ B . We have a definition of A ⊆ A ∪ B : every x ∈ A is also ∈ A ∪B . To understand what A ⊈ A ∪B means, we have to use some elementary logical manipulation 314 APPENDIX A. PROOFS on the unpacked definition: it's false that every x ∈ A is also ∈ A ∪ B iff there is some x ∈ A that is ∉ C . (This is a place where you want to be very careful: many students' attempted proofs by contradiction fail because they analyze the negation of a claim like "all As are Bs" incorrectly.) In other words, A ⊈ A ∪ B iff there is an x such that x ∈ A and x ∉ A ∪ B . From then on, it's easy. So, there is an x ∈ A such that x ∉ A ∪ B . By definition of ∪, x ∈ A ∪ B iff x ∈ A or x ∈ B . Since x ∈ A, we have x ∈ A ∪ B . This contradicts the assumption that x ∉ A ∪ B . □ Proposition A.12. If A ⊆ B and B ⊆ C then A ⊆ C . Proof. Suppose A ⊆ B and B ⊆ C . We want to show A ⊆ C . Let's proceed indirectly: we assume the negation of what we want to etablish. Suppose not, i.e., A ⊈ C . As before, we reason that A ⊈ C iff not every x ∈ A is also ∈ C , i.e., some x ∈ A is ∉ C . Don't worry, with practice you won't have to think hard anymore to unpack negations like this. In other words, there is an x such that x ∈ A and x ∉ C . Now we can use this to get to our contradiction. Of course, we'll have to use the other two assumptions to do it. Since A ⊆ B , x ∈ B . Since B ⊆ C , x ∈ C . But this contradicts x ∉ C . □ 315 A.8. READING PROOFS Proposition A.13. If A ∪ B = A ∩ B then A = B . Proof. Suppose A ∪ B = A ∩ B . We want to show that A = B . The beginning is now routine: Assume, by way of contradiction, that A ≠ B . Our assumption for the proof by contradiction is that A ≠ B . Since A = B iff A ⊆ B an B ⊆ A, we get that A ≠ B iff A ⊈ B or B ⊈ A. (Note how important it is to be careful when manipulating negations!) To prove a contradiction from this disjunction, we use a proof by cases and show that in each case, a contradiction follows. A ≠ B iff A ⊈ B or B ⊈ A. We distinguish cases. In the first case, we assume A ⊈ B , i.e., for some x , x ∈ A but ∉ B . A ∩ B is defined as those elements that A and B have in common, so if something isn't in one of them, it's not in the intersection. A ∪ B is A together with B , so anything in either is also in the union. This tells us that x ∈ A∪B but x ∉ A∩B , and hence that A ∩ B ≠ B ∩ A. Case 1: A ⊈ B . Then for some x , x ∈ A but x ∉ B . Since x ∉ B , then x ∉ A ∩B . Since x ∈ A, x ∈ A ∪B . So, A ∩B ≠ B ∩A, contradicting the assumption that A ∩ B = A ∪ B . Case 2: B ⊈ A. Then for some y , y ∈ B but y ∉ A. As before, we have y ∈ A ∪ B but y ∉ A ∩ B , and so A ∩ B ≠ A ∪ B , again contradicting A ∩ B = A ∪ B . □ A.8 Reading Proofs Proofs you find in textbooks and articles very seldom give all the details we have so far included in our examples. Authors ofen 316 APPENDIX A. PROOFS do not draw attention to when they distinguish cases, when they give an indirect proof, or don't mention that they use a definition. So when you read a proof in a textbook, you will often have to fill in those details for yourself in order to understand the proof. Doing this is also good practice to get the hang of the various moves you have to make in a proof. Let's look at an example. Proposition A.14 (Absorption). For all sets A, B , A ∩ (A ∪ B) = A Proof. If z ∈ A ∩ (A ∪ B), then z ∈ A, so A ∩ (A ∪ B) ⊆ A. Now suppose z ∈ A. Then also z ∈ A ∪ B , and therefore also z ∈ A ∩ (A ∪ B). □ The preceding proof of the absorption law is very condensed. There is no mention of any definitions used, no "we have to prove that" before we prove it, etc. Let's unpack it. The proposition proved is a general claim about any sets A and B , and when the proof mentions A or B , these are variables for arbitrary sets. The general claims the proof establishes is what's required to prove identity of sets, i.e., that every element of the left side of the identity is an element of the right and vice versa. "If z ∈ A ∩ (A ∪ B), then z ∈ A, so A ∩ (A ∪ B) ⊆ A." This is the first half of the proof of the identity: it estabishes that if an arbitrary z is an element of the left side, it is also an element of the right, i.e., A ∩ (A ∪ B) ⊆ A. Assume that z ∈ A ∩ (A ∪ B). Since z is an element of the intersection of two sets iff it is an element of both sets, we can conclude that z ∈ A and also z ∈ A∪B . In particular, z ∈ A, which is what we wanted to show. Since that's all that has to be done for the first half, we know that the rest of the proof must be a proof of the second half, i.e., a proof that A ⊆ A ∩ (A ∪ B). "Now suppose z ∈ A. Then also z ∈ A ∪ B , and therefore also z ∈ A ∩ (A ∪ B)." 317 A.9. I CAN'T DO IT! We start by assuming that z ∈ A, since we are showing that, for any z , if z ∈ A then z ∈ A∩(A∪B). To show that z ∈ A∩(A∪B), we have to show (by definition of "∩") that (i) z ∈ A and also (ii) z ∈ A ∪ B . Here (i) is just our assumption, so there is nothing further to prove, and that's why the proof does not mention it again. For (ii), recall that z is an element of a union of sets iff it is an element of at least one of those sets. Since z ∈ A, and A ∪ B is the union of A and B , this is the case here. So z ∈ A ∪B . We've shown both (i) z ∈ A and (ii) z ∈ A ∪B , hence, by definition of "∩," z ∈ A ∩ (A ∪ B). The proof doesn't mention those definitions; it's assumed the reader has already internalized them. If you haven't, you'll have to go back and remind yourself what they are. Then you'll also have to recognize why it follows from z ∈ A that z ∈ A ∪ B , and from z ∈ A and z ∈ A ∪ B that z ∈ A ∩ (A ∪ B). Here's another version of the proof above, with everything made explicit: Proof. [By definition of = for sets, A ∩ (A ∪ B) = A we have to show (a) A ∩ (A ∪ B) ⊆ A and (b) A ∩ (A ∪ B) ⊆ A. (a): By definition of ⊆, we have to show that if z ∈ A ∩ (A ∪ B), then z ∈ A.] If z ∈ A ∩ (A ∪ B), then z ∈ A [since by definition of ∩, z ∈ A∩(A∪B) iff z ∈ A and z ∈ A∪B ], so A∩(A∪B) ⊆ A. [(b): By definition of ⊆, we have to show that if z ∈ A, then z ∈ A∩(A∪B).] Now suppose [(1)] z ∈ A. Then also [(2)] z ∈ A ∪ B [since by (1) z ∈ A or z ∈ B , which by definition of ∪ means z ∈ A ∪ B ], and therefore also z ∈ A ∩ (A ∪ B) [since the definition of ∩ requires that z ∈ A, i.e., (1), and z ∈ A ∪ B), i.e., (2)]. □ A.9 I Can't Do It! We all get to a point where we feel like giving up. But you can do it. Your instructor and teaching assistant, as well as your fellow students, can help. Ask them for help! Here are a few tips to help you avoid a crisis, and what to do if you feel like giving up. 318 APPENDIX A. PROOFS To make sure you can solve problems successfully, do the following: 1. Start as far in advance as possible. We get busy throughout the semester and many of us struggle with procrastination, one of the best things you can do is to start your homework assignments early. That way, if you're stuck, you have time to look for a solution (that isn't crying). 2. Talk to your classmates. You are not alone. Others in the class may also struggle-but the may struggle with different things. Talking it out with your peers can give you a different perspective on the problem that might lead to a breakthrough. Of course, don't just copy their solution: ask them for a hint, or explain where you get stuck and ask them for the next step. And when you do get it, reciprocate. Helping someone else along, and explaining things will help you understand better, too. 3. Ask for help. You have many resources available to you- your instructor and teaching assistant are there for you and want you to succeed. They should be able to help you work out a problem and identify where in the process you're struggling. 4. Take a break. If you're stuck, it might be because you've been staring at the problem for too long. Take a short break, have a cup of tea, or work on a different problem for a while, then return to the problem with a fresh mind. Sleep on it. Notice how these strategies require that you've started to work on the proof well in advance? If you've started the proof at 2am the day before it's due, these might not be so helpful. This might sound like doom and gloom, but solving a proof is a challenge that pays off in the end. Some people do this as a career-so there must be something to enjoy about it. Like 319 A.10. OTHER RESOURCES basically everything, solving problems and doing proofs is something that requires practice. You might see classmates who find this easy: they've probably just had lots of practice already. Try not to give in too easily. If you do run out of time (or patience) on a particular problem: that's ok. It doesn't mean you're stupid or that you will never get it. Find out (from your instructor or another student) how it is done, and identify where you went wrong or got stuck, so you can avoid doing that the next time you encounter a similar issue. Then try to do it without looking at the solution. And next time, start (and ask for help) earlier. A.10 Other Resources There are many books on how to do proofs in mathematics which may be useful. Check out How to Read and do Proofs: An Introduction to Mathematical Thought Processes (Solow, 2013) and How to Prove It: A Structured Approach (Velleman, 2019) in particular. The Book of Proof (Hammack, 2013) and Mathematical Reasoning (Sandstrum, 2019) are books on proof that are freely available online. Philosophers might find More Precisely: The Math you need to do Philosophy (Steinhart, 2018) to be a good primer on mathematical reasoning. There are also various shorter guides to proofs available on the internet; e.g., "Introduction to Mathematical Arguments" (Hutchings, 2003) and "How to write proofs" (Cheng, 2004). Motivational Videos Feel like you have no motivation to do your homework? Feeling down? These videos might help! • https://www.youtube.com/watch?v=ZXsQAXx_ao0 • https://www.youtube.com/watch?v=BQ4yd2W50No • https://www.youtube.com/watch?v=StTqXEQ2l-Y 320 APPENDIX A. PROOFS Problems Problem A.1. Suppose you are asked to prove that A ∩ B ≠ ∅. Unpack all the definitions occuring here, i.e., restate this in a way that does not mention "∩", "=", or "∅. Problem A.2. Prove indirectly that A ∩ B ⊆ A. Problem A.3. Expand the following proof of A ∪ (A ∩ B) = A, where you mention all the inference patterns used, why each step follows from assumptions or claims established before it, and where we have to appeal to which definitions. Proof. If z ∈ A ∪ (A ∩ B) then z ∈ A or z ∈ A ∩ B . If z ∈ A ∩ B , z ∈ A. Any z ∈ A is also ∈ A ∪ (A ∩ B). □ APPENDIX B Induction B.1 Introduction Induction is an important proof technique which is used, in different forms, in almost all areas of logic, theoretical computer science, and mathematics. It is needed to prove many of the results in logic. Induction is often contrasted with deduction, and characterized as the inference from the particular to the general. For instance, if we observe many green emeralds, and nothing that we would call an emerald that's not green, we might conclude that all emeralds are green. This is an inductive inference, in that it proceeds from many particlar cases (this emerald is green, that emerald is green, etc.) to a general claim (all emeralds are green). Mathematical induction is also an inference that concludes a general claim, but it is of a very different kind that this "simple induction." Very roughly, an inductive proof in mathematics concludes that all mathematical objects of a certain sort have a certain property. In the simplest case, the mathematical objects an inductive proof is concerned with are natural numbers. In that case an inductive proof is used to establish that all natural numbers have some property, and it does this by showing that (1) 0 has the property, and (2) whenever a number n has the property, so does n + 1. Induction on natural numbers can then also of321 322 APPENDIX B. INDUCTION ten be used to prove general about mathematical objects that can be assigned numbers. For instance, finite sets each have a finite number n of elements, and if we can use induction to show that every number n has the property "all finite sets of size n are . . . " then we will have shown something about all finite sets. Induction can also be generalized to mathematical objects that are inductively defined. For instance, expressions of a formal language suchh as those of first-order logic are defined inductively. Structural induction is a way to prove results about all such expressions. Structural induction, in particular, is very useful- and widely used-in logic. B.2 Induction on N In its simplest form, induction is a technique used to prove results for all natural numbers. It uses the fact that by starting from 0 and repeatedly adding 1 we eventually reach every natural number. So to prove that something is true for every number, we can (1) establish that it is true for 0 and (2) show that whenever it is true for a number n, it is also true for the next number n + 1. If we abbreviate "number n has property P " by P (n), then a proof by induction that P (n) for all n ∈ N consists of: 1. a proof of P (0), and 2. a proof that, for any n, if P (n) then P (n + 1). To make this crystal clear, suppose we have both (1) and (2). Then (1) tells us that P (0) is true. If we also have (2), we know in particular that if P (0) then P (0 + 1), i.e., P (1). (This follows from the general statement "for any n, if P (n) then P (n + 1)" by putting 0 for n. So by modus ponens, we have that P (1). From (2) again, now taking 1 for n, we have: if P (1) then P (2). Since we've just established P (1), by modus ponens, we have P (2). And so on. For any number k , after doing this k steps, we eventually arrive at P (k ). So (1) and (2) together establish P (k ) for any k ∈ N. 323 B.2. INDUCTION ON N Let's look at an example. Suppose we want to find out how many different sums we can throw with n dice. Although it might seem silly, let's start with 0 dice. If you have no dice there's only one possible sum you can "throw": no dots at all, which sums to 0. So the number of different possible throws is 1. If you have only one die, i.e., n = 1, there are six possible values, 1 through 6. With two dice, we can throw any sum from 2 through 12, that's 11 possibilities. With three dice, we can throw any number from 3 to 18, i.e., 16 different possibilities. 1, 6, 11, 16: looks like a pattern: maybe the answer is 5n + 1? Of course, 5n + 1 is the maximum possible, because there are only 5n + 1 numbers between n, the lowest value you can throw with n dice (all 1's) and 6n, the highest you can throw (all 6's). Theorem B.1. With n dice one can throw all 5n + 1 possible values between n and 6n. Proof. Let P (n) be the claim: "It is possible to throw any number between n and 6n using n dice." To use induction, we prove: 1. The induction basis P (1), i.e., with just one die, you can throw any number between 1 and 6. 2. The induction step, for all k , if P (k ) then P (k + 1). (1) Is proved by inspecting a 6-sided die. It has all 6 sides, and every number between 1 and 6 shows up one on of the sides. So it is possible to throw any number between 1 and 6 using a single die. To prove (2), we assume the antecedent of the conditional, i.e., P (k ). This assumption is called the inductive hypothesis. We use it to prove P (k +1). The hard part is to find a way of thinking about the possible values of a throw of k + 1 dice in terms of the possible values of throws of k dice plus of throws of the extra k +1-st die-this is what we have to do, though, if we want to use the inductive hypothesis. The inductive hypothesis says we can get any number between k and 6k using k dice. If we throw a 1 with our (k +1)-st die, this 324 APPENDIX B. INDUCTION adds 1 to the total. So we can throw any value between k + 1 and 6k + 1 by throwing 5 dice and then rolling a 1 with the (k + 1)-st die. What's left? The values 6k + 2 through 6k + 6. We can get these by rolling k 6s and then a number between 2 and 6 with our (k + 1)-st die. Together, this means that with k + 1 dice we can throw any of the numbers between k + 1 and 6(k + 1), i.e., we've proved P (k + 1) using the assumption P (k ), the inductive hypothesis. □ Very often we use induction when we want to prove something about a series of objects (numbers, sets, etc.) that is itself defined "inductively," i.e., by defining the (n+1)-st object in terms of the nth. For instance, we can define the sum sn of the natural numbers up to n by s0 = 0 sn+1 = sn + (n + 1) This definition gives: s0 = 0, s1 = s0 + 1 = 1, s2 = s1 + 2 = 1 + 2 = 3 s3 = s2 + 3 = 1 + 2 + 3 = 6, etc. Now we can prove, by induction, that sn = n(n + 1)/2. Proposition B.2. sn = n(n + 1)/2. Proof. We have to prove (1) that s0 = 0 * (0 + 1)/2 and (2) if sn = n(n + 1)/2 then sn+1 = (n + 1)(n + 2)/2. (1) is obvious. To prove (2), we assume the inductive hypothesis: sn = n(n + 1)/2. Using it, we have to show that sn+1 = (n + 1)(n + 2)/2. What is sn+1? By the definition, sn+1 = sn + (n + 1). By inductive hypothesis, sn = n(n + 1)/2. We can substitute this into 325 B.3. STRONG INDUCTION the previous equation, and then just need a bit of arithmetic of fractions: sn+1 = n(n + 1) 2 + (n + 1) = = n(n + 1) 2 + 2(n + 1) 2 = = n(n + 1) + 2(n + 1) 2 = = (n + 2)(n + 1) 2 . □ The important lesson here is that if you're proving something about some inductively defined sequence an , induction is the obvious way to go. And even if it isn't (as in the case of the possibilities of dice throws), you can use induction if you can somehow relate the case for n + 1 to the case for n. B.3 Strong Induction In the principle of induction discussed above, we prove P (0) and also if P (n), then P (n+1). In the second part, we assume that P (n) is true and use this assumption to prove P (n + 1). Equivalently, of course, we could assume P (n − 1) and use it to prove P (n)- the important part is that we be able to carry out the inference from any number to its successor; that we can prove the claim in question for any number under the assumption it holds for its predecessor. There is a variant of the principle of induction in which we don't just assume that the claim holds for the predecessor n − 1 of n, but for all numbers smaller than n, and use this assumption to establish the claim for n. This also gives us the claim P (k ) for all k ∈ N. For once we have established P (0), we have thereby established that P holds for all numbers less than 1. And if we know that if P (l ) for all l < n then P (n), we know this in particular for n = 1. So we can conclude P (2). With this we have proved P (0), P (1), P (2), i.e., P (l ) for all l < 3, and since we have also the 326 APPENDIX B. INDUCTION conditional, if P (l ) for all l < 3, then P (3), we can conclude P (3), and so on. In fact, if we can establish the general conditional "for all n, if P (l ) for all l < n, then P (n)," we do not have to establish P (0) anymore, since it follows from it. For remember that a general claim like "for all l < n, P (l )" is true if there are no l < n. This is a case of vacuous quantification: "all As are Bs" is true if there are no As, ∀x (A(x) → B(x)) is true if no x satisfies A(x). In this case, the formalized version would be "∀l (l < n → P (l ))"-and that is true if there are no l < n. And if n = 0 that's exactly the case: no l < 0, hence "for all l < 0, P (0)" is true, whatever P is. A proof of "if P (l ) for all l < n, then P (n)" thus automatically establishes P (0). This variant is useful if establishing the claim for n can't be made to just rely on the claim for n − 1 but may require the assumption that it is true for one or more l < n. B.4 Inductive Definitions In logic we very often define kinds of objects inductively, i.e., by specifying rules for what counts as an object of the kind to be defined which explain how to get new objects of that kind from old objects of that kind. For instance, we often define special kinds of sequences of symbols, such as the terms and formulas of a language, by induction. For a simple example, consider strings of consisting of letters a, b, c, d, the symbol ◦, and brackets [ and ], such as "[[c ◦ d][", "[a[]◦]", "a" or "[[a ◦ b] ◦ d]". You probably feel that there's something "wrong" with the first two strings: the brackets don't "balance" at all in the first, and you might feel that the "◦" should "connect" expressions that themselves make sense. The third and fourth string look better: for every "[" there's a closing "]" (if there are any at all), and for any ◦we can find "nice" expressions on either side, surrounded by a pair of parenteses. We would like to precisely specify what counts as a "nice term." First of all, every letter by itself is nice. Anything that's 327 B.4. INDUCTIVE DEFINITIONS not just a letter by itself should be of the form "[t ◦ s ]" where s and t are themselves nice. Conversely, if t and s are nice, then we can form a new nice term by putting a ◦ between them and surround them by a pair of brackets. We might use these operations to define the set of nice terms. This is an inductive definition. Definition B.3 (Nice terms). The set of nice terms is inductively defined as follows: 1. Any letter a, b, c, d is a nice term. 2. If s and s ′ are nice terms, then so is [s ◦ s ′]. 3. Nothing else is a nice term. This definition tells us that something counts as a nice term iff it can be constructed according to the two conditions (1) and (2) in some finite number of steps. In the first step, we construct all nice terms just consisting of letters by themselves, i.e., a,b, c,d In the second step, we apply (2) to the terms we've constructed. We'll get [a ◦ a], [a ◦ b], [b ◦ a], . . . , [d ◦ d] for all combinations of two letters. In the third step, we apply (2) again, to any two nice terms we've constructed so far. We get new nice term such as [a◦ [a◦a]]-where t is a from step 1 and s is [a ◦ a] from step 2-and [[b ◦ c] ◦ [d ◦b]] constructed out of the two terms [b ◦ c] and [d ◦ b] from step 2. And so on. Clause (3) rules out that anything not constructed in this way sneaks into the set of nice terms. Note that we have not yet proved that every sequence of symbols that "feels" nice is nice according to this definition. However, it should be clear that everything we can construct does in fact "feel nice:" brackets are balanced, and ◦ connects parts that are themselves nice. 328 APPENDIX B. INDUCTION The key feature of inductive definitions is that if you want to prove something about all nice terms, the definition tells you which cases you must consider. For instance, if you are told that t is a nice term, the inductive definition tells you what t can look like: t can be a letter, or it can be [r ◦ s ] for some other pair of nice terms r and s . Because of clause (3), those are the only possibilities. When proving claims about all of an inductively defined set, the strong form of induction becomes particularly important. For instance, suppose we want to prove that for every nice term of length n, the number of [ in it is < n/2. This can be seen as a claim about all n: for every n, the number of [ in any nice term of length n is < n/2. Proposition B.4. For any n, the number of [ in a nice term of length n is < n/2. Proof. To prove this result by (strong) induction, we have to show that the following conditional claim is true: If for every k < n, any nice term of length k has k/2 ['s, then any nice term of length n has n/2 ['s. To show this conditional, assume that its antecedent is true, i.e., assume that for any k < n, nice terms of length k contain < k/2 ['s. We call this assumption the inductive hypothesis. We want to show the same is true for nice terms of length n. So suppose t is a nice term of length n. Because nice terms are inductively defined, we have two cases: (1) t is a letter by itself, or (2) t is [r ◦ s ] for some nice terms r and s . 1. t is a letter. Then n = 1, and the number of [ in t is 0. Since 0 < 1/2, the claim holds. 2. t is [r ◦ s ] for some nice terms r and s . Let's let k be the length of r and l be the length of s . Then the length n of t is k + l + 3 (the lengths of r and s plus three symbols [, ◦, 329 B.5. STRUCTURAL INDUCTION ]). Since k + l + 3 is always greater than k , k < n. Similarly, l < n. That means that the induction hypothesis applies to the terms r and s : the number m of [ in r is < k/2, and the number o of [ in s is < k ′/2. The number of [ in t is the number of [ in r , plus the number of [ in s , plus 1, i.e., it ism+o+1. Sincem < k/2 and o < l/2 we have: m + o + 1 < k 2 + l 2 + 1 = k + l + 2 2 < k + l + 3 2 = n/2. In each case, we've shown that the number of [ in t is < n/2 (on the basis of the inductive hypothesis). By strong induction, the proposition follows. □ B.5 Structural Induction So far we have used induction to establish results about all natural numbers. But a corresponding principle can be used directly to prove results about all elements of an inductively defined set. This often called structural induction, because it depends on the structure of the inductively defined objects. Generally, an inductive definition is given by (a) a list of "initial" elements of the set and (b) a list of operations which produce new elements of the set from old ones. In the case of nice terms, for instance, the initial objects are the letters. We only have one operation: the operations are o(s , s ′) =[s ◦ s ′] You can even think of the natural numbers N themselves as being given be an inductive definition: the initial object is 0, and the operation is the successor function x + 1. In order to prove something about all elements of an inductively defined set, i.e., that every element of the set has a property P , we must: 330 APPENDIX B. INDUCTION 1. Prove that the initial objects have P 2. Prove that for each operation o, if the arguments have P , so does the result. For instance, in order to prove something about all nice terms, we would prove that it is true about all letters, and that it is true about [s ◦ s ′] provided it is true of s and s ′ individually. Proposition B.5. The number of [ equals the number of ] in any nice term t . Proof. We use structural induction. Nice terms are inductively defined, with letters as initial objects and the operations o for constructing new nice terms out of old ones. 1. The claim is true for every letter, since the number of [ in a letter by itself is 0 and the number of ] in it is also 0. 2. Suppose the number of [ in s equals the number of ], and the same is true for s ′. The number of [ in o(s , s ′), i.e., in [s ◦ s ′], is the sum of the number of [ in s and s ′. The number of ] in o(s , s ′) is the sum of the number of ] in s and s ′. Thus, the number of [ in o(s , s ′) equals the number of ] in o(s , s ′). □ Let's give another proof by structural induction: a proper initial segment of a string of symbols t is any string t ′ that agrees with t symbol by symbol, read from the left, but t ′ is longer. So, e.g., [a ◦ is a proper initial segment of [a ◦ b], but neither are [b ◦ (they disagree at the second symbol) nor [a ◦ b] (they are the same length). Proposition B.6. Every proper initial segment of a nice term t has more ['s than ]'s. Proof. By induction on t : 1. t is a letter by itself: Then t has no proper initial segments. 331 B.6. RELATIONS AND FUNCTIONS 2. t = [s ◦ s ′] for some nice terms s and s ′. If r is a proper initial segment of t , there are a number of possibilities: a) r is just [: Then r has one more [ than it does ]. b) r is [r ′ where r ′ is a proper initial segment of s : Since s is a nice term, by induction hypothesis, r ′ has more [ than ] and the same is true for [r ′. c) r is [s or [s ◦ : By the previous result, the number of [ and ] in s is equal; so the number of [ in [s or [s ◦ is one more than the number of ]. d) r is [s ◦r ′ where r ′ is a proper initial segment of s ′: By induction hypothesis, r ′ contains more [ than ]. By the previous result, the number of [ and of ] in s is equal. So the number of [ in [s ◦ r ′ is greater than the number of ]. e) r is [s ◦ s ′: By the previous result, the number of [ and ] in s is equal, and the same for s ′. So there is one more [ in [s ◦ s ′ than there are ]. □ B.6 Relations and Functions When we have defined a set of objects (such as the natural numbers or the nice terms) inductively, we can also define relations on these objects by induction. For instance, consider the following idea: a nice term t is a subterm of a nice term t ′ if it occurs as a part of it. Let's use a symbol for it: t ⊑ t ′. Every nice term is a subterm of itself, of course: t ⊑ t . We can give an inductive definition of this relation as follows: Definition B.7. The relation of a nice term t being a subterm of t ′, t ⊑ t ′, is defined by induction on s ′ as follows: 1. If t ′ is a letter, then t ⊑ t ′ iff t = t ′. 332 APPENDIX B. INDUCTION 2. If t ′ is [s ◦ s ′], then t ⊑ t ′ iff t = t ′, t ⊑ s , or t ⊑ s ′. This definition, for instance, will tell us that a ⊑ [b ◦ a]. For (2) says that a ⊑ [b ◦ a] iff a = [b ◦ a], or a ⊑ b , or a ⊑ a. The first two are false: a clearly isn't identical to [b ◦ a], and by (1), a ⊑ b iff a = b, which is also false. However, also by (1), a ⊑ a iff a = a, which is true. It's important to note that the success of this definition depends on a fact that we haven't proved yet: every nice term t is either a letter by itself, or there are uniquely determined nice terms s and s ′ such that t = [s ◦ s ′]. "Uniquely determined" here means that if t = [s ◦ s ′] it isn't also = [r ◦ r ′] with s ≠ r or s ′ ≠ r ′. If this were the case, then clause (2) may come in conflict with itself: reading t ′ as [s ◦ s ′] we might get t ⊑ t ′, but if we read t ′ as [r ◦ r ′] we might get not t ⊑ t ′. Before we prove that this can't happen, let's look at an example where it can happen. Definition B.8. Define bracketless terms inductively by 1. Every letter is a bracketles term. 2. If s and s ′ are bracketless terms, then s ◦ s ′ is a bracketless term. 3. Nothing else is a bracketless term. Bracketless terms are, e.g., a, b◦d, b◦a◦b. Now if we defined "subterm" for bracketless terms the way we did above, the second clause would read If t ′ = s ◦ s ′, then t ⊑ t ′ iff t = t ′, t ⊑ s , or t ⊑ s ′. Now b ◦ a ◦ b is of the form s ◦ s ′ with s = b and s ′ = a ◦ b. It is also of the form r ◦ r ′ with r = b ◦ a and r ′ = b. Now is a ◦b a subterm of b ◦ a ◦b? The answer is yes if we go by the first reading, and no if we go by the second. The property that the way a nice term is built up from other nice terms is unique is called unique readability. Since inductive 333 B.6. RELATIONS AND FUNCTIONS definitions of relations for such inductively defined objects are important, we have to prove that it holds. Proposition B.9. Suppose t is a nice term. Then either t is a letter by itself, or there are uniquely determined nice terms s , s ′ such that t = [s ◦ s ′]. Proof. If t is a letter by itself, the condition issatisfied. So assume t isn't a letter by itself. We can tell from the inductive definition that then t must be of the form [s ◦ s ′] for some nice terms s and s ′. It remains to show that these are uniquely determined, i.e., if t = [r ◦ r ′], then s = r and s ′ = r ′. So suppose t = [s ◦ s ′] and t = [r ◦ r ′] for nice terms s , s ′, r , r ′. We have to show that s = r and s ′ = r ′. First, s and r must be identical, for otherwise one is a proper initial segment of the other. But by Proposition B.6, that is impossible if s and r are both nice terms. But if s = r , then clearly also s ′ = r ′. □ We can also define functions inductively: e.g., we can define the function f that maps any nice term to the maximum depth of nested [. . . ] in it as follows: Definition B.10. The depth of a nice term, f (t ), is defined inductively as follows: f (s ) = 0 if s is a letter f ([s ◦ s ′] = max(f (s ), f (s ′)) + 1 For instance f ([a ◦ b]) = max(f (a), f (b)) + 1 = = max(0,0) + 1 = 1, and f ([[a ◦ b] ◦ c]) = max(f ([a ◦ b]), f (c)) + 1 = = max(1,0) + 1 = 2. Here, of course, we assume that s an s ′ are nice terms, and make use of the fact that every nice term is either a letter or of 334 APPENDIX B. INDUCTION the form [s ◦ s ′]. It is again important that it can be of this form in only one way. To see why, consider again the bracketless terms we defined earlier. The corresponding "definition" would be: g (s ) = 0 if s is a letter g (s ◦ s ′) = max(g (s ), g (s ′)) + 1 Now consider the bracketless term a ◦ b ◦ c ◦ d. It can be read in more than one way, e.g., as s ◦ s ′ with s = a and s ′ = b ◦ c ◦ d, or as r ◦ r ′ with r = a ◦ b and r ′ = c ◦ d. Calculating g according to the first way of reading it would give g (s ◦ s ′) = max(g (a), g (b ◦ c ◦ d)) + 1 = = max(0,2) + 1 = 3 while according to the other reading we get g (r ◦ r ′) = max(g (a ◦ b), g (c ◦ d)) + 1 = = max(1,1) + 1 = 2 But a function must always yield a unique value; so our "definition" of g doesn't define a function at all. Problems Problem B.1. Define the set of supernice terms by 1. Any letter a, b, c, d is a supernice term. 2. If s is a supernice term, then so is [s ]. 3. If t and s are supernice terms, then so is [t ◦ s ]. 4. Nothing else is a supernice term. Show that the number of [ in a supernice term s of length n is ≤ n/2 + 1. 335 B.6. RELATIONS AND FUNCTIONS Problem B.2. Prove by structural induction that no nice term starts with ]. Problem B.3. Give an inductive definition of the function l , where l (t ) is the number of symbols in the nice term t . Problem B.4. Prove by induction on nice terms t that f (t ) < l (t ) (where l (t ) is the number of symbols in t and f (t ) is the depth of t as defined in Definition B.10). APPENDIX C Biographies C.1 Georg Cantor Fig. C.1: Georg Cantor An early biography of Georg Cantor (gay-org kahn-tor) claimed that he was born and found on a ship that was sailing for Saint Petersburg, Russia, and that his parents were unknown. This, however, is not true; although he was born in Saint Petersburg in 1845. Cantor received his doctorate in mathematics at the University of Berlin in 1867. He is known for his work in set theory, and is credited with founding set theory as a distinctive research discipline. He was the first to prove that there are infinite sets of different sizes. His theories, and especially his theory of infinities, caused much debate among mathematicians at the time, and his work was controversial. Cantor's religious beliefs and his mathematical work were in336 337 C.2. ALONZO CHURCH extricably tied; he even claimed that the theory of transfinite numbers had been communicated to him directly by God. In later life, Cantor suffered from mental illness. Beginning in 1984, and more frequently towards his later years, Cantor was hospitalized. The heavy criticism of his work, including a falling out with the mathematician Leopold Kronecker, led to depression and a lack of interest in mathematics. During depressive episodes, Cantor would turn to philosophy and literature, and even published a theory that Francis Bacon was the author of Shakespeare's plays. Cantor died on January 6, 1918, in a sanatorium in Halle. Further Reading For full biographies of Cantor, see Dauben (1990) and Grattan-Guinness (1971). Cantor's radical views are also described in the BBC Radio 4 program A Brief History of Mathematics (du Sautoy, 2014). If you'd like to hear about Cantor's theories in rap form, see Rose (2012). C.2 Alonzo Church Fig. C.2: Alonzo Church Alonzo Church was born in Washington, DC on June 14, 1903. In early childhood, an air gun incident left Church blind in one eye. He finished preparatory school in Connecticut in 1920 and began his university education at Princeton that same year. He completed his doctoral studies in 1927. After a couple years abroad, Church returned to Princeton. Church was known exceedingly polite and careful. His blackboard writing was immaculate, and he would preserve important pa338 APPENDIX C. BIOGRAPHIES pers by carefully covering them in Duco cement (a clear glue). Outside of his academic pursuits, he enjoyed reading science fiction magazines and was not afraid to write to the editors if he spotted any inaccuracies in the writing. Church's academic achievements were great. Together with his students Stephen Kleene and Barkley Rosser, he developed a theory of effective calculability, the lambda calculus, independently of Alan Turing's development of the Turing machine. The two definitions of computability are equivalent, and give rise to what is now known as the Church-Turing Thesis, that a function of the natural numbers is effectively computable if and only if it is computable via Turing machine (or lambda calculus). He also proved what is now known as Church's Theorem: The decision problem for the validity of first-order formulas is unsolvable. Church continued his work into old age. In 1967 he left Princeton for UCLA, where he was professor until his retirement in 1990. Church passed away on August 1, 1995 at the age of 92. Further Reading For a brief biography of Church, see Enderton (2019). Church's original writings on the lambda calculus and the Entscheidungsproblem (Church's Thesis) are Church (1936a,b). Aspray (1984) records an interview with Church about the Princeton mathematics community in the 1930s. Church wrote a series of book reviews of the Journal of Symbolic Logic from 1936 until 1979. They are all archived on John MacFarlane's website (MacFarlane, 2015). C.3 Gerhard Gentzen Gerhard Gentzen is known primarily as the creator of structural proof theory, and specifically the creation of the natural deduction and sequent calculus proof systems. He was born on November 24, 1909 in Greifswald, Germany. Gerhard was homeschooled for three years before attending preparatory school, where he was behind most of his classmates in terms of educa339 C.3. GERHARD GENTZEN tion. Despite this, he was a brilliant student and showed a strong aptitude for mathematics. His interests were varied, and he, for instance, also write poems for his mother and plays for the school theatre. Fig. C.3: Gerhard Gentzen Gentzen began his university studies at the University of Greifswald, but moved around to Göttingen, Munich, and Berlin. He received his doctorate in 1933 from the University of Göttingen under Hermann Weyl. (Paul Bernays supervised most of his work, but was dismissed from the university by the Nazis.) In 1934, Gentzen began work as an assistant to David Hilbert. That same year he developed the sequent calculus and natural deduction proof systems, in his papers Untersuchungen über das logische Schliessen I–II [Investigations Into Logical Deduction I–II]. He proved the consistency of the Peano axioms in 1936. Gentzen's relationship with the Nazis is complicated. At the same time his mentor Bernays was forced to leave Germany, Gentzen joined the university branch of the SA, the Nazi paramilitary organization. Like many Germans, he was a member of the Nazi party. During the war, he served as a telecommunications officer for the air intelligence unit. However, in 1942 he was released from duty due to a nervous breakdown. It is unclear whether or not Gentzen's loyalties lay with the Nazi party, or whether he joined the party in order to ensure academic success. In 1943, Gentzen was offered an academic position at the Mathematical Institute of the German University of Prague, which he accepted. However, in 1945 the citizens of Prague revolted against German occupation. Soviet forces arrived in the city and arrested all the professors at the university. Because of his membership in Nazi organizations, Gentzen was taken to a forced labour camp. He died of malnutrition while in his cell on 340 APPENDIX C. BIOGRAPHIES August 4, 1945 at the age of 35. Further Reading For a full biography of Gentzen, see MenzlerTrott (2007). An interesting read about mathematicians under Nazi rule, which gives a brief note about Gentzen's life, is given by Segal (2014). Gentzen's papers on logical deduction are available in the original german (Gentzen, 1935a,b). English translations of Gentzen's papers have been collected in a single volume by Szabo (1969), which also includes a biographical sketch. C.4 Kurt Gödel Fig. C.4: Kurt Gödel Kurt Gödel (ger-dle) was born on April 28, 1906 in Brünn in the AustroHungarian empire (now Brno in the Czech Republic). Due to his inquisitive and bright nature, young Kurtele was often called "Der kleine Herr Warum" (Little Mr. Why) by his family. He excelled in academics from primary school onward, where he got less than the highest grade only in mathematics. Gödel was often absent from school due to poor health and was exempt from physical education. He was diagnosed with rheumatic fever during his childhood. Throughout his life, he believed this permanently affected his heart despite medical assessment saying otherwise. Gödel began studying at the University of Vienna in 1924 and completed his doctoral studies in 1929. He first intended to 341 C.4. KURT GÖDEL study physics, but his interests soon moved to mathematics and especially logic, in part due to the influence of the philosopher Rudolf Carnap. His dissertation, written under the supervision of Hans Hahn, proved the completeness theorem of first-order predicate logic with identity (Gödel, 1929). Only a year later, he obtained his most famous results-the first and second incompleteness theorems (published in Gödel 1931). During his time in Vienna, Gödel was heavily involved with the Vienna Circle, a group of scientifically-minded philosophers that included Carnap, whose work was especially influenced by Gödel's results. In 1938, Gödel married Adele Nimbursky. His parents were not pleased: not only was she six years older than him and already divorced, but she worked as a dancer in a nightclub. Social pressures did not affect Gödel, however, and they remained happily married until his death. After Nazi Germany annexed Austria in 1938, Gödel and Adele emigrated to the United States, where he took up a position at the Institute for Advanced Study in Princeton, New Jersey. Despite his introversion and eccentric nature, Gödel's time at Princeton was collaborative and fruitful. He published essays in set theory, philosophy and physics. Notably, he struck up a particularly strong friendship with his colleague at the IAS, Albert Einstein. In his later years, Gödel's mental health deteriorated. His wife's hospitalization in 1977 meant she was no longer able to cook his meals for him. Having suffered frommental health issues throughout his life, he succumbed to paranoia. Deathly afraid of being poisoned, Gödel refused to eat. He died of starvation on January 14, 1978, in Princeton. Further Reading For a complete biography of Gödel's life is available, see John Dawson (1997). For further biographical pieces, as well as essays about Gödel's contributions to logic and philosophy, see Wang (1990), Baaz et al. (2011), Takeuti et al. (2003), and Sigmund et al. (2007). 342 APPENDIX C. BIOGRAPHIES Gödel's PhD thesis is available in the original German (Gödel, 1929). The original text of the incompleteness theorems is (Gödel, 1931). All of Gödel's published and unpublished writings, as well as a selection of correspondence, are available in English in his Collected Papers Feferman et al. (1986, 1990). For a detailed treatment of Gödel's incompleteness theorems, see Smith (2013). For an informal, philosophical discussion of Gödel's theorems, see Mark Linsenmayer's podcast (Linsenmayer, 2014). C.5 Emmy Noether Fig. C.5: Emmy Noether Emmy Noether (ner-ter) was born in Erlangen, Germany, on March 23, 1882, to an upper-middle class scholarly family. Hailed as the "mother of modern algebra," Noether made groundbreaking contributions to both mathematics and physics, despite significant barriers to women's education. In Germany at the time, young girls were meant to be educated in arts and were not allowed to attend college preparatory schools. However, after auditing classes at the Universities of Göttingen and Erlangen (where her father was professor of mathematics), Noether was eventually able to enrol as a student at Erlangen in 1904, when their policy was updated to allow female students. She received her doctorate in mathematics in 1907. Despite her qualifications, Noether experienced much resis343 C.5. EMMY NOETHER tance during her career. From 1908–1915, she taught at Erlangen without pay. During this time, she caught the attention of David Hilbert, one of the world's foremost mathematicians of the time, who invited her to Göttingen. However, women were prohibited from obtaining professorships, and she was only able to lecture under Hilbert's name, again without pay. During this time she proved what is now known as Noether's theorem, which is still used in theoretical physics today. Noether was finally granted the right to teach in 1919. Hilbert's response to continued resistance of his university colleagues reportedly was: "Gentlemen, the faculty senate is not a bathhouse." In the later 1920s, she concentrated on work in abstract algebra, and her contributions revolutionized the field. In her proofs she often made use of the so-called ascending chain condition, which states that there is no infinite strictly increasing chain of certain sets. For instance, certain algebraic structures now known as Noetherian rings have the property that there are no infinite sequences of ideals I1 ⊊ I2 ⊊ . . . . The condition can be generalized to any partial order (in algebra, it concerns the special case of ideals ordered by the subset relation), and we can also consider the dual descending chain condition, where every strictly decreasing sequence in a partial order eventually ends. If a partial order satisfies the descending chain condition, it is possible to use induction along this order in a similar way in which we can use induction along the < order on N. Such orders are called well-founded or Noetherian, and the corresponding proof principle Noetherian induction. Noether was Jewish, and when the Nazis came to power in 1933, she was dismissed from her position. Luckily, Noether was able to emigrate to the United States for a temporary position at BrynMawr, Pennsylvania. During her time there she also lectured at Princeton, although she found the university to be unwelcoming to women (Dick, 1981, 81). In 1935, Noether underwent an operation to remove a uterine tumour. She died from an infection as a result of the surgery, and was buried at Bryn Mawr. 344 APPENDIX C. BIOGRAPHIES Further Reading For a biography of Noether, see Dick (1981). The Perimeter Institute for Theoretical Physics has their lectures on Noether's life and influence available online (Institute, 2015). If you're tired of reading, Stuff You Missed in History Class has a podcast on Noether's life and influence (Frey and Wilson, 2015). The collected works of Noether are available in the original German (Jacobson, 1983). C.6 Bertrand Russell Fig. C.6: Bertrand Russell Bertrand Russell is hailed as one of the founders of modern analytic philosophy. Born May 18, 1872, Russell was not only known for his work in philosophy and logic, but wrote many popular books in various subject areas. He was also an ardent political activist throughout his life. Russell was born in Trellech, Monmouthshire, Wales. His parents were members of the British nobility. They were free-thinkers, and even made friends with the radicals in Boston at the time. Unfortunately, Russell's parents died when he was young, and Russell was sent to live with his grandparents. There, he was given a religious upbringing (something his parents had wanted to avoid at all costs). His grandmother was very strict in all matters of morality. During adolescence he was mostly homeschooled by private tutors. Russell's influence in analytic philosophy, and especially logic, is tremendous. He studied mathematics and philosophy at 345 C.6. BERTRAND RUSSELL Trinity College, Cambridge, where he was influenced by the mathematician and philosopher Alfred North Whitehead. In 1910, Russell and Whitehead published the first volume of Principia Mathematica, where they championed the view that mathematics is reducible to logic. He went on to publish hundreds of books, essays and political pamphlets. In 1950, he won the Nobel Prize for literature. Russell's was deeply entrenched in politics and social activism. During World War I he was arrested and sent to prison for six months due to pacifist activities and protest. While in prison, he was able to write and read, and claims to have found the experience "quite agreeable." He remained a pacifist throughout his life, and was again incarcerated for attending a nuclear disarmament rally in 1961. He also survived a plane crash in 1948, where the only survivors were those sitting in the smoking section. As such, Russell claimed that he owed his life to smoking. Russell was married four times, but had a reputation for carrying on extra-marital affairs. He died on February 2, 1970 at the age of 97 in Penrhyndeudraeth, Wales. Further Reading Russell wrote an autobiography in three parts, spanning his life from 1872–1967 (Russell, 1967, 1968, 1969). The Bertrand Russell Research Centre at McMaster University is home of the Bertrand Russell archives. See their website at Duncan (2015), for information on the volumes of his collected works (including searchable indexes), and archival projects. Russell's paper On Denoting (Russell, 1905) is a classic of 20th century analytic philosophy. The Stanford Encyclopedia of Philosophy entry on Russell (Irvine, 2015) has sound clips of Russell speaking on Desire and Political theory. Many video interviews with Russell are available online. To see him talk about smoking and being involved in a plane crash, e.g., see Russell (n.d.). Some of Russell's works, including his Introduction to Mathematical Philosophy are available as free audiobooks on LibriVox (n.d.). 346 APPENDIX C. BIOGRAPHIES C.7 Alfred Tarski Fig. C.7: Alfred Tarski Alfred Tarski was born on January 14, 1901 in Warsaw, Poland (then part of the Russian Empire). Described as "Napoleonic," Tarski was boisterous, talkative, and intense. His energy was often reflected in his lectures-he once set fire to a wastebasket while disposing of a cigarette during a lecture, and was forbidden from lecturing in that building again. Tarski had a thirst for knowledge from a young age. Although later in life he would tell students that he studied logic because it was the only class in which he got a B, his high school records show that he got A's across the board-even in logic. He studied at the University of Warsaw from 1918 to 1924. Tarski first intended to study biology, but became interested in mathematics, philosophy, and logic, as the university was the center of the Warsaw School of Logic and Philosophy. Tarski earned his doctorate in 1924 under the supervision of Stanisław Leśniewski. Before emigrating to the United States in 1939, Tarski completed some of his most important work while working as a secondary school teacher in Warsaw. His work on logical consequence and logical truth were written during this time. In 1939, Tarski was visiting the United States for a lecture tour. During his visit, Germany invaded Poland, and because of his Jewish heritage, Tarski could not return. His wife and children remained in Poland until the end of the war, but were then able to emigrate to the United States as well. Tarski taught at Harvard, the College 347 C.8. ALAN TURING of the City of New York, and the Institute for Advanced Study at Princeton, and finally the University of California, Berkeley. There he founded the multidisciplinary program in Logic and the Methodology of Science. Tarski died on October 26, 1983 at the age of 82. Further Reading For more on Tarski's life, see the biography Alfred Tarski: Life and Logic (Feferman and Feferman, 2004). Tarski's seminal works on logical consequence and truth are available in English in (Corcoran, 1983). All of Tarski's original works have been collected into a four volume series, (Tarski, 1981). C.8 Alan Turing Alan Turing was born in Mailda Vale, London, on June 23, 1912. He is considered the father of theoretical computer science. Turing's interest in the physical sciences and mathematics started at a young age. However, as a boy his interests were not represented well in his schools, where emphasis was placed on literature and classics. Consequently, he did poorly in school and was reprimanded by many of his teachers. Turing attended King's College, Cambridge as an undergraduate, where he studied mathematics. In 1936 Turing developed (what is now called) the Turing machine as an attempt to precisely define the notion of a computable function and to prove the undecidability of the decision problem. He was beaten to the result by Alonzo Church, who proved the result via his own lambda calculus. Turing's paper was still published with reference to Church's result. Church invited Turing to Princeton, where he spent 1936–1938, and obtained a doctorate under Church. Despite his interest in logic, Turing's earlier interests in physical sciences remained prevalent. His practical skills were put to work during his service with the British cryptanalytic department at Bletchley Park during World War II. Turing was a central figure in cracking the cypher used by German Naval communications- 348 APPENDIX C. BIOGRAPHIES the Enigma code. Turing's expertise in statistics and cryptography, together with the introduction of electronic machinery, gave the team the ability to crack the code by creating a de-crypting machine called a "bombe." His ideas also helped in the creation of the world's first programmable electronic computer, the Colossus, also used at Bletchley park to break the German Lorenz cypher. Fig. C.8: Alan Turing Turing was gay. Nevertheless, in 1942 he proposed to Joan Clarke, one of his teammates at Bletchley Park, but later broke off the engagement and confessed to her that he was homosexual. He had several lovers throughout his lifetime, although homosexual acts were then criminal offences in the UK. In 1952, Turing's house was burgled by a friend of his lover at the time, and when filing a police report, Turing admitted to having a homosexual relationship, under the impression that the government was on their way to legalizing homosexual acts. This was not true, and he was charged with gross indecency. Instead of going to prison, Turing opted for a hormone treatment that reduced libido. Turing was found dead on June 8, 1954, of a cyanide overdose-most likely suicide. He was given a royal pardon by Queen Elizabeth II in 2013. Further Reading For a comprehensive biography of Alan Turing, see Hodges (2014). Turing's life and work inspired a play, Breaking the Code, which was produced in 1996 for TV starring Derek Jacobi as Turing. The Imitation Game, an Academy Award 349 C.9. ERNST ZERMELO nominated film starring Bendict Cumberbatch and Kiera Knightley, is also loosely based on Alan Turing's life and time at Bletchley Park (Tyldum, 2014). Radiolab (2012) has several podcasts on Turing's life and work. BBC Horizon's documentary The Strange Life and Death of Dr. Turing is available to watch online (Sykes, 1992). (Theelen, 2012) is a short video of a working LEGO Turing Machine- made to honour Turing's centenary in 2012. Turing's original paper on Turing machines and the decision problem is Turing (1937). C.9 Ernst Zermelo Fig. C.9: Ernst Zermelo Ernst Zermelo was born on July 27, 1871 in Berlin, Germany. He had five sisters, though his family suffered from poor health and only three survived to adulthood. His parents also passed away when he was young, leaving him and his siblings orphans when he was seventeen. Zermelo had a deep interest in the arts, and especially in poetry. He was known for being sharp, witty, and critical. His most celebrated mathematical achievements include the introduction of the axiom of choice (in 1904), and his axiomatization of set theory (in 1908). Zermelo's interests at university were varied. He took courses in physics, mathematics, and philosophy. Under the supervision of Hermann Schwarz, Zermelo completed his dissertation Investigations in the Calculus of Variations in 1894 at the University of 350 APPENDIX C. BIOGRAPHIES Berlin. In 1897, he decided to pursue more studies at the University of Göttigen, where he was heavily influenced by the foundational work of David Hilbert. In 1899 he became eligible for professorship, but did not get one until eleven years later-possibly due to his strange demeanour and "nervous haste." Zermelo finally received a paid professorship at the University of Zurich in 1910, but was forced to retire in 1916 due to tuberculosis. After his recovery, he was given an honourary professorship at the University of Freiburg in 1921. During this time he worked on foundational mathematics. He became irritated with the works of Thoralf Skolem and Kurt Gödel, and publicly criticized their approaches in his papers. He was dismissed from his position at Freiburg in 1935, due to his unpopularity and his opposition to Hitler's rise to power in Germany. The later years of Zermelo's life were marked by isolation. After his dismissal in 1935, he abandoned mathematics. He moved to the country where he lived modestly. He married in 1944, and became completely dependent on his wife as he was going blind. Zermelo lost his sight completely by 1951. He passed away in Günterstal, Germany, on May 21, 1953. Further Reading For a full biography of Zermelo, see Ebbinghaus (2015). Zermelo's seminal 1904 and 1908 papers are available to read in the original German (Zermelo, 1904, 1908). Zermelo's collected works, including his writing on physics, are available in English translation in (Ebbinghaus et al., 2010; Ebbinghaus and Kanamori, 2013). 351 C.9. ERNST ZERMELO Glossary anti-symmetric R is anti-symmetric iff, whenever both Rxy and Ryx , then x = y ; in other words: if x ≠ y then not Rxy or not Ryx (see section 2.2). assumption A formula that stands topmost in a derivation, also called an initial formula. It may be discharged or undischarged (see section 9.1). asymmetric R is asymmetric if for no pair x, y ∈ A we have Rxy and Ryx (see section 2.4). bijection A function that is both surjective and injective (see section 3.2). binary relationA subset of A2; we writeRxy (or xRy) for ⟨x, y⟩ ∈ R (see section 2.1). bound Occurrence of a variable within the scope of a quantifier that uses the same variable (see section 5.7). Cartesian product (A × B) Set of all pairs of elements of A and B ; A × B = {⟨x, y⟩ : x ∈ A and y ∈ B } (see section 1.5). Church-Turing Theorem States that there is no Turing machine which decides if a given sentence of first-order logic is valid or not (see section 13.7). Church-Turing Thesis states that anything computable via an effective procedure is Turing computable (see section 12.9). 352 353 GLOSSARY closed A set of sentences Γ is closed iff, whenever Γ ⊨ A then A ∈ Γ . The set {A : Γ ⊨ A} is the closure of Γ (see section 6.1). compactness theorem States that every finitely satisfiable set of sentences is satisfiable (see section 10.9). complete consistent set A set of sentences is complete and consistent iff it is consistent, and for every sentence A either A or ¬A is in the set (see section 10.3). completeness Property of a proof system; it is complete if, whenever Γ entails A, then there is also a derivation that establishes Γ ⊢ A; equivalently, iff every consistent set of sentences is satisfiable (see section 10.1). completeness theorem States that first-order logic is complete: every consistent set of sentences is satisfiable. composition (g ◦ f ) The function resulting from "chaining together" f and g ; (g ◦ f )(x) = g (f (x)) (see section 3.5). connected R is connected if for all x, y ∈ A with x ≠ y , then either Rxy or Ryx (see section 2.2). consistent In the sequent calculus, a set of sentences Γ is consistent iff there is no derivation of a sequent Γ0 ⇒ with Γ0 ⊆ Γ (see section 8.8). In natural deduction, Γ is consistent iff Γ ⊬ ⊥ (see section 9.7). If Γ is not consistent, it is inconsistent.. covered A structure in which every element of the domain is the value of some closed term (see section 5.9). decision problem Problem of deciding if a given sentence of firstorder logic is valid or not (see Church-Turing Theorem). deduction theorem Relates entailment and provability of a sentence from an assumption with that of a corresponding conditional. In the semantic form (Theorem 5.53), it states that Γ ∪ {A} ⊨ B iff Γ ⊨ A → B . In the prooftheoretic form, it states that Γ ∪ {A} ⊢ B iff Γ ⊢ A→ B . derivability (Γ ⊢ A) In the sequent calculus, A is derivable from Γ if there is a derivation of a sequent Γ0 ⇒ A where Γ0 ⊆ Γ is a finite sequence of sentences in Γ (see 354 GLOSSARY section 8.8). In natural deduction, A is derivable from Γ if there is a derivation with end-formula A and in which every assumption is either discharged or is in Γ (see section 9.7). derivation In the sequent calculus, a tree of sequents in which every sequent is either an initial sequent or follows from the sequents immediately above it by a rule of inference (see section 8.1). In natural deduction, a tree of formulas in which every formula is either an assumption or follows from the formulas immediately above it by a rule of inference (see section 9.1). difference (A \B) the set of all elements of A which are not also elements of B : A \ B = {x : x ∈ A and x ∉ B } (see section 1.4). discharged An assumption in a derivation may be discharged by an inference rule below it (the rule and the assumption are then assigned a matching label, e.g., [A]2). If it is not discharged, it is called undischarged (see section 9.1). disjoint two sets with no elements in common (see section 1.4). domain (of a function) (dom(f )) The set of objects for which a (partial) function is defined (see section 3.1). domain (of a structure) (|M |) Non-empty set from from which a structure takes assignments and values of variables (see section 5.9). eigenvariable In the sequent calculus, a special constant symbol in a premise of a ∃L or ∀R inference which may not appear in the conclusion (see section 8.1). In natural deduction, a special constant symbol in a premise of a ∃Elim or ∀Intro inference which may not appear in the conclusion or any undischarged assumption (see section 9.1). entailment (Γ ⊨ A) A set of sentences Γ entails a sentence A iff for every structure M with M ⊨ Γ , M ⊨ A (see section 5.14). 355 GLOSSARY enumeration A possibly infinite list of all elements of a set A; formally a surjective function f : N→ A (see section 4.2). equinumerous A and B are equinumerous iff there is a total bijection from A to B (see section 4.8). equivalence relation a reflexive, symmetric, and transitive relation (see section 2.2). extensionality (of satisfaction) Whether or not a formula A is satisfied depends only on the assignments to the nonlogical symbols and free variables that actually occur in A. extensionality (of sets) Sets A and B are identical, A = B , iff every element of A is also an element of B , and vice versa (see section 1.1). finitely satisfiable Γ is finitely satisfiable iff every finite Γ0 ⊆ Γ is satisfiable (see section 10.9). formula Expressions of a first-order language L which express relations or properties, or are true or false (see section 5.3). free An occurrence of a variable that is not bound (see section 5.7). free for A term t is free for x in A if none of the free occurrences of x in A occur in the scope of a quantifier that binds a variable in t (see section 5.8). function (f : A → B) A mapping of each element of a domain (of a function) A to an element of the codomain B (see section 3.1). graph (of a function) the relation R f ⊆ A × B defined by R f = {⟨x, y⟩ : f (x) = y}, if f : A ↦→ B (see section 3.3). halting problem The problem of determining (for any e , n) whether the Turing machine Me halts for an input of n strokes (see section 13.3). inconsistent see consistent. 356 GLOSSARY injective f : A → B is injective iff for each y ∈ B there is at most one x ∈ A such that f (x) = y ; equivalently if whenever x ≠ x ′ then f (x) ≠ f (x ′) (see section 3.2). intersection (A ∩ B) The set of all things which are elements of both A and B : A ∩ B = {x : x ∈ A ∧ x ∈ B } (see section 1.4). inverse function If f : A → B is a bijection, f −1 : B → A is the function with f −1(y) = whatever unique x ∈ A is such that f (x) = y (see section 3.4). inverse relation (R−1) The relation R "turned around"; R−1 = {⟨y,x⟩ : ⟨x, y⟩ ∈ R} (see section 2.6). irreflexive R is irreflexive if, for no x ∈ A, Rxx (see section 2.4). Löwenheim-Skolem Theorem States that every satisfiable set of sentences has a countable model (see section 10.11). linear order A connected partial order (see section 2.4). model A structure in which every sentence in Γ is true is a model of Γ (see section 6.2). partial function (f : A ↦→ B) A partial function is a mapping which assigns to every element of A at most one element of B . If f assigns an element of B to x ∈ A, f (x) is defined, and otherwise undefined (see section 3.6). partial order A reflexive, anti-symmetric, transitive relation (see section 2.4). power set (℘(A)) The set consisting of all subsets of a set A, ℘(A) = {x : x ⊆ A} (see section 1.2). preorder A reflexive and transitive relation (see section 2.4). range (ran(f )) the subset of the codomain that is actually output by f ; ran(f ) = {y ∈ B : f (x) = y for some x ∈ A} (see section 3.1). reflexive R is reflexive iff, for every x ∈ A, Rxx (see section 2.2). satisfiable A set of sentences Γ is satisfiable if M ⊨ Γ for some structure M, otherwise it is unsatisfiable (see section 5.14). 357 GLOSSARY sentence A formula with no free variable. (see section 5.7). sequence (finite) (A∗) A finite string of elements of A; an element of An for some n (see section 1.3). sequence (infinite) (Aω) A gapless, unending sequence of elements of A; formally, a function s : Z+ → A (see section 1.3). sequent An expression of the form Γ ⇒ ∆ where Γ and ∆ are finite sequences of sentences (see section 8.1). set A collection of objects, considered independently of the way it is specified, of the order of the objects in the set, and of their multiplicity (see section 1.1). soundness Property of a proof system: it is sound if whenever Γ ⊢ A then Γ ⊨ A (see section 8.12 and section 9.11). strict linear order A connected strict order (see section 2.4). strict order An irreflexive, asymmetric, and transitive relation (see section 2.4). structure (M) An interpretation of a first-order language, consisting of a domain (of a structure) and assignments of the constant, predicate and function symbols of the language (see section 5.9). subformula Part of a formula which is itself a formula (see section 5.6). subset (A ⊆ B) A set every element of which is an element of a given set B (see section 1.2). surjective f : A → B is surjective iff the range of f is all of B , i.e., for every y ∈ B there is at least one x ∈ A such that f (x) = y (see section 3.2). symmetric R is symmetric iff, whenever Rxy then also Ryx (see section 2.2). theorem (⊢ A) In the sequent calculus, a formula A is a theorem (of logic) if there is a derivation of the sequent ⇒ A (see section 8.8). In natural deduction, a formula A is a theorem if there is a derivation of A with all assumptions discharged (see section 9.7). We also say that A is a theorem of a theory Γ if Γ ⊢ A. 358 GLOSSARY total order see linear order. transitive R is transitive iff, whenever Rxy and Ryz , then also Rxz (see section 2.2). transitive closure (R+) the smallest transitive relation containing R (see section 2.6). undischarged see discharged. union (A∪B) The set of all elements of A and B together: A∪B = {x : x ∈ A ∨ x ∈ B } (see section 1.4). valid (⊨ A) A sentence A is valid iff M ⊨ A for every structure M (see section 5.14). variable assignment A function which maps each variable to an element of |M | (see section 5.11). x -variant Two variable assignments are x -variants, s ∼x s ′, if they differ at most in what they assign to x (see section 5.11). Photo Credits Georg Cantor, p. 336: Portrait of Georg Cantor by Otto Zeth courtesy of the Universitätsarchiv, Martin-Luther Universität Halle–Wittenberg. UAHW Rep. 40-VI, Nr. 3 Bild 102. Alonzo Church, p. 337: Portrait of Alonzo Church, undated, photographer unknown. Alonzo Church Papers; 1924– 1995, (C0948) Box 60, Folder 3. Manuscripts Division, Department of Rare Books and Special Collections, Princeton University Library. cO Princeton University. The Open Logic Project has obtained permission to use this image for inclusion in noncommercial OLP-derived materials. Permission from Princeton University is required for any other use. Gerhard Gentzen, p. 339: Portrait of Gerhard Gentzen playing ping-pong courtesy of Ekhart Mentzler-Trott. Kurt Gödel, p. 340: Portrait of Kurt Gödel, ca. 1925, photographer unknown. From the ShelbyWhite and Leon Levy Archives Center, Institute for Advanced Study, Princeton, NJ, USA, on deposit at Princeton University Library, Manuscript Division, Department of Rare Books and Special Collections, Kurt Gödel Papers, (C0282), Box 14b, #110000. The Open Logic Project has obtained permission from the Institute's Archives Center to use this image for inclusion in non-commercial OLP-derived materials. Permission from the Archives Center is required for any other use. Emmy Noether, p. 342: Portrait of Emmy Noether, ca. 1922, courtesy of the Abteilung für Handschriften und Seltene Drucke, 359 360 Photo Credits Niedersächsische Staatsund Universitätsbibliothek Göttingen, Cod. Ms. D. Hilbert 754, Bl. 14 Nr. 73. Restored from an original scan by Joel Fuller. Bertrand Russell, p. 344: Portrait of Bertrand Russell, ca. 1907, courtesy of the William Ready Division of Archives and Research Collections, McMaster University Library. Bertrand Russell Archives, Box 2, f. 4. Alfred Tarski, p. 346: Passport photo of Alfred Tarski, 1939. Cropped and restored from a scan of Tarski's passport by Joel Fuller. Original courtesy of Bancroft Library, University of California, Berkeley. Alfred Tarski Papers, Banc MSS 84/49. The Open Logic Project has obtained permission to use this image for inclusion in non-commercial OLP-derived materials. Permission from Bancroft Library is required for any other use. Alan Turing, p. 348: Portrait of Alan Mathison Turing by Elliott & Fry, 29 March 1951, NPG x82217, cO National Portrait Gallery, London. Used under a Creative Commons BY-NC-ND 3.0 license. Ernst Zermelo, p. 349: Portrait of Ernst Zermelo, ca. 1922, courtesy of the Abteilung für Handschriften und Seltene Drucke, Niedersächsische Staatsund Universitätsbibliothek Göttingen, Cod. Ms. D. Hilbert 754, Bl. 6 Nr. 25. Bibliography Aspray, William. 1984. The Princeton mathematics community in the 1930s: Alonzo Church. URL http://www.princeton. edu/mudd/finding_aids/mathoral/pmc05.htm. Interview. Baaz, Matthias, Christos H. Papadimitriou, Hilary W. Putnam, Dana S. Scott, and Charles L. Harper Jr. 2011. Kurt Gödel and the Foundations of Mathematics: Horizons of Truth. Cambridge: Cambridge University Press. Cantor, Georg. 1892. Über eine elementare Frage der Mannigfaltigkeitslehre. Jahresbericht der deutschen MathematikerVereinigung 1: 75–8. Cheng, Eugenia. 2004. How to write proofs: A quick quide. URL http://cheng.staff.shef.ac.uk/proofguide/ proofguide.pdf. Church, Alonzo. 1936a. A note on the Entscheidungsproblem. Journal of Symbolic Logic 1: 40–41. Church, Alonzo. 1936b. An unsolvable problem of elementary number theory. American Journal of Mathematics 58: 345–363. Corcoran, John. 1983. Logic, Semantics, Metamathematics. Indianapolis: Hackett, 2nd ed. Dauben, Joseph. 1990. Georg Cantor: His Mathematics and Philosophy of the Infinite. Princeton: Princeton University Press. 361 362 BIBLIOGRAPHY Dick, Auguste. 1981. Emmy Noether 1882–1935. Boston: Birkhäuser. du Sautoy, Marcus. 2014. A brief history of mathematics: Georg Cantor. URL http://www.bbc.co.uk/programmes/ b00ss1j0. Audio Recording. Duncan, Arlene. 2015. The Bertrand Russell Research Centre. URL http://russell.mcmaster.ca/. Ebbinghaus, Heinz-Dieter. 2015. Ernst Zermelo: An Approach to his Life and Work. Berlin: Springer-Verlag. Ebbinghaus, Heinz-Dieter, Craig G. Fraser, and Akihiro Kanamori. 2010. Ernst Zermelo. Collected Works, vol. 1. Berlin: Springer-Verlag. Ebbinghaus, Heinz-Dieter and Akihiro Kanamori. 2013. Ernst Zermelo: Collected Works, vol. 2. Berlin: Springer-Verlag. Enderton, Herbert B. 2019. Alonzo Church: Life and Work. In The Collected Works of Alonzo Church, eds. Tyler Burge and Herbert B. Enderton. Cambridge, MA: MIT Press. Feferman, Anita and Solomon Feferman. 2004. Alfred Tarski: Life and Logic. Cambridge: Cambridge University Press. Feferman, Solomon, JohnW. Dawson Jr., Stephen C. Kleene, Gregory H. Moore, Robert M. Solovay, and Jean van Heijenoort. 1986. Kurt Gödel: Collected Works. Vol. 1: Publications 1929–1936. Oxford: Oxford University Press. Feferman, Solomon, JohnW. Dawson Jr., Stephen C. Kleene, Gregory H. Moore, Robert M. Solovay, and Jean van Heijenoort. 1990. Kurt Gödel: Collected Works. Vol. 2: Publications 1938–1974. Oxford: Oxford University Press. Frege, Gottlob. 1884. Die Grundlagen der Arithmetik: Eine logisch mathematische Untersuchung über den Begriff der Zahl. Breslau: Wilhelm Koebner. Translation in Frege (1953). 363 BIBLIOGRAPHY Frege, Gottlob. 1953. Foundations of Arithmetic, ed. J. L. Austin. Oxford: Basil Blackwell & Mott, 2nd ed. Frey, Holly and Tracy V. Wilson. 2015. Stuff you missed in history class: Emmy Noether, mathematics trailblazer. URL http://www.missedinhistory.com/podcasts/ emmy-noether-mathematics-trailblazer/. Podcast audio. Gentzen, Gerhard. 1935a. Untersuchungen über das logische Schliessen I. Mathematische Zeitschrift 39: 176–210. English translation in Szabo (1969), pp. 68–131. Gentzen, Gerhard. 1935b. Untersuchungen über das logische Schliessen II. Mathematische Zeitschrift 39: 176–210, 405–431. English translation in Szabo (1969), pp. 68–131. Gödel, Kurt. 1929. Über die Vollständigkeit des Logikkalküls [On the completeness of the calculus of logic]. Dissertation, Universität Wien. Reprinted and translated in Feferman et al. (1986), pp. 60–101. Gödel, Kurt. 1931. über formal unentscheidbare Sätze der Principia Mathematica und verwandter Systeme I [On formally undecidable propositions of Principia Mathematica and related systems I]. Monatshefte für Mathematik und Physik 38: 173–198. Reprinted and translated in Feferman et al. (1986), pp. 144– 195. Grattan-Guinness, Ivor. 1971. Towards a biography of Georg Cantor. Annals of Science 27(4): 345–391. Hammack, Richard. 2013. Book of Proof. Richmond, VA: Virginia Commonwealth University. URL http://www.people. vcu.edu/~rhammack/BookOfProof/BookOfProof.pdf. Hodges, Andrew. 2014. Alan Turing: The Enigma. London: Vintage. 364 BIBLIOGRAPHY Hutchings, Michael. 2003. Introduction to mathematical arguments. URL https://math.berkeley.edu/~hutching/ teach/proofs.pdf. Institute, Perimeter. 2015. Emmy Noether: Her life, work, and influence. URL https://www.youtube.com/watch?v= tNNyAyMRsgE. Video Lecture. Irvine, Andrew David. 2015. Sound clips of Bertrand Russell speaking. URL http://plato.stanford.edu/entries/ russell/russell-soundclips.html. Jacobson, Nathan. 1983. Emmy Noether: Gesammelte Abhandlungen-Collected Papers. Berlin: Springer-Verlag. John Dawson, Jr. 1997. Logical Dilemmas: The Life and Work of Kurt Gödel. Boca Raton: CRC Press. LibriVox. n.d. Bertrand Russell. URL https://librivox. org/author/1508?primary_key=1508&search_category= author&search_page=1&search_form=get_results. Collection of public domain audiobooks. Linsenmayer, Mark. 2014. The partially examined life: Gödel on math. URL http://www.partiallyexaminedlife.com/ 2014/06/16/ep95-godel/. Podcast audio. MacFarlane, John. 2015. Alonzo Church's JSL reviews. URL http://johnmacfarlane.net/church.html. Menzler-Trott, Eckart. 2007. Logic's Lost Genius: The Life of Gerhard Gentzen. Providence: American Mathematical Society. Potter, Michael. 2004. Set Theory and its Philosophy. Oxford: Oxford University Press. Radiolab. 2012. The Turing problem. URL http://www. radiolab.org/story/193037-turing-problem/. Podcast audio. 365 BIBLIOGRAPHY Rose, Daniel. 2012. A song about Georg Cantor. URL https:// www.youtube.com/watch?v=QUP5Z4Fb5k4. Audio Recording. Russell, Bertrand. 1905. On denoting. Mind 14: 479–493. Russell, Bertrand. 1967. The Autobiography of Bertrand Russell, vol. 1. London: Allen and Unwin. Russell, Bertrand. 1968. The Autobiography of Bertrand Russell, vol. 2. London: Allen and Unwin. Russell, Bertrand. 1969. The Autobiography of Bertrand Russell, vol. 3. London: Allen and Unwin. Russell, Bertrand. n.d. Bertrand Russell on smoking. URL https://www.youtube.com/watch?v=80oLTiVW_lc. Video Interview. Sandstrum, Ted. 2019. Mathematical Reasoning: Writing and Proof. Allendale, MI: Grand Valley State University. URL https: //scholarworks.gvsu.edu/books/7/. Segal, Sanford L. 2014. Mathematicians under the Nazis. Princeton: Princeton University Press. Sigmund, Karl, John Dawson, Kurt Mühlberger, Hans Magnus Enzensberger, and Juliette Kennedy. 2007. Kurt Gödel: Das Album–The Album. The Mathematical Intelligencer 29(3): 73– 76. Smith, Peter. 2013. An Introduction to Gödel's Theorems. Cambridge: Cambridge University Press. Solow, Daniel. 2013. How to Read and Do Proofs. Hoboken, NJ: Wiley. Steinhart, Eric. 2018. More Precisely: The Math You Need to Do Philosophy. Peterborough, ON: Broadview, 2nd ed. 366 BIBLIOGRAPHY Sykes, Christopher. 1992. BBC Horizon: The strange life and death of Dr. Turing. URL https://www.youtube.com/watch? v=gyusnGbBSHE. Szabo, Manfred E. 1969. The Collected Papers of Gerhard Gentzen. Amsterdam: North-Holland. Takeuti, Gaisi, Nicholas Passell, and Mariko Yasugi. 2003. Memoirs of a Proof Theorist: Gödel and Other Logicians. Singapore: World Scientific. Tarski, Alfred. 1981. The Collected Works of Alfred Tarski, vol. I–IV. Basel: Birkhäuser. Theelen, Andre. 2012. Lego turing machine. URL https://www. youtube.com/watch?v=FTSAiF9AHN4. Turing, Alan M. 1937. On computable numbers, with an application to the "Entscheidungsproblem". Proceedings of the London Mathematical Society, 2nd Series 42: 230–265. Tyldum, Morten. 2014. The imitation game. Motion picture. Velleman, Daniel J. 2019. How to Prove It: A Structured Approach. Cambridge: Cambridge University Press, 3rd ed. Wang, Hao. 1990. Reflections on Kurt Gödel. Cambridge: MIT Press. Zermelo, Ernst. 1904. Beweis, dass jede Menge wohlgeordnet werden kann. Mathematische Annalen 59: 514–516. English translation in (Ebbinghaus et al., 2010, pp. 115–119). Zermelo, Ernst. 1908. Untersuchungen über die Grundlagen der Mengenlehre I. Mathematische Annalen 65(2): 261–281. English translation in (Ebbinghaus et al., 2010, pp. 189-229). About the Open Logic Project The Open Logic Text is an open-source, collaborative textbook of formal meta-logic and formal methods, starting at an intermediate level (i.e., after an introductory formal logic course). Though aimed at a non-mathematical audience (in particular, students of philosophy and computer science), it is rigorous. Coverage of some topics currently included may not yet be complete, and many sections still require substantial revision. We plan to expand the text to cover more topics in the future. We also plan to add features to the text, such as a glossary, a list of further reading, historical notes, pictures, better explanations, sections explaining the relevance of results to philosophy, computer science, and mathematics, and more problems and examples. If you find an error, or have a suggestion, please let the project team know. The project operates in the spirit of open source. Not only is the text freely available, we provide the LaTeX source under the Creative Commons Attribution license, which gives anyone the right to download, use, modify, re-arrange, convert, and re-distribute our work, as long as they give appropriate credit. Please see the Open Logic Project website at openlogicproject.org for additional information.