Symbolic logic is the study of assertions (declarative statements) using the connectives, and, or, not, implies, for all, there exists. It is a ``starter language'' for stating laws for other areas. (Example: in algebra, we use symbolic logic to declare, ``for all (every) integer(s), i, there exists an integer j such that j > i.'') Without symbolic logic, modern math, physics, philosophy, computing, and electronics simply would not exist.
Anyone who works in one of the above-stated technical areas must be competent in using symbolic logic, and in particular, performing deduction.
Deduction is the synthesis of new facts --- consequences --- from
known facts. An example: a cases analysis of the assertion that
x < 0 v x > 0 lets us deduce that x != 0 and that 1.0/x is a non-erroneous, floating-point
number.
Another example, stated in almost every logic text written
in the last 50 years, goes
All humans are mortal
and
Socrates is a human.
Therefore,
Socrates is mortal.
These examples of deduction go beyond what we can do with mere truth tables alone, and the purpose of Chapter 1 of the Huth-and-Ryan text (the optional course text) is to provide a set of deduction rules (also known as inference rules) that you can use to deduce new facts. The rules (and the examples in Chapter 1 of Huth and Ryan) are written to be independent from math and physics and computing. We will summarize the main features of the deduction rules and give lots of applied examples in this Chapter.
Up to now, we have used informally symbolic logic and
algebra rules to deduce knowledge generated
by computer programs. That is, we have used
programmming-logic-rules-for-assign-if-functions-while
+ algebra laws (simplification, substitution)
+ symbolic-logic rules (^i, ^e, ve, ...)
We will develop the symbolic-logic rules in detail.
Examples of propositions from algebra are
x > 0
y == 2*x + 1
2 > 4
(Note that the third proposition is always understood as false,
whereas the first two might be true or false, depending on
the values of x and y.)
Examples of propositions written in English are
Socrates is a human.
The sun is shining.
I have a million bucks in my pocket.
In English, we can also write sentences that are not propositions:
``Will it rain tomorrow?'' is a question and not a true-false proposition.
We will always stay within algebra and form true-false
propositions from arithmetic operators like + and /
and comparison operators
like == and >.
The operators, ^, v, -->, ~, are called propositional connectives because they connect together propositions to make new propositions. (Example: (x > 0 v x < 0) --> ~(2x = 0) is a proposition that connects together x > 0, x < 0, and 2x = 0 with ~, v, and -->.)
Later we will study FORALL and EXIST, which are more delicate than the propositional connectives and are called quantifiers.
The propositional connectives are a kind of data-structure language for building propositional-data-structures from basic, primitive propositions. For this reason, we must have laws for constructing the propositions and for disassembling them. These laws are called inference rules or deduction rules, and a natural deduction system is a set of inference rules, where for each connective, there is a rule for constructing a proposition with a connective (this is called an introduction rule) and there is a rule for disassembling a proposition with the connective (this is called an elimination rule).
For the sections that follow, we will review the introduction and elimination rules for each propositional connective, give examples of their use in proofs, describe strategies for applying to rules, and present relevant applications in programming logic. When we present the rules, we will use the letters, P, Q, R, ..., to represent propositions (rather than use x > 0, etc., as propositions).
The notation,
P0, P1, ..., Pm |- Q
(read as, ``P0, P1, ..., Pm entails Q'') is a claim --- a
sequent --- that asserts propositions Pi
let us deduce Q.
The Pi are called premises and Q is called the consequent.
For example, x > y, y = z + 1 |- x > z. It says, ``when premises x > y and y = z + 1 are accepted as facts (true propositions), then consequent x > z is guaranteed to be a fact as well.
When we state such a claim --- a sequent --- we must supply a proof to support the claim. We use deduction rules to make a proof.
P Q P ^ Q P ^ Q
^i : --------- ^e1 : -------- ^e2 : --------
P ^ Q P Q
It is a tradition to draw the rules as a kind of ``arithemtic sum-up
expression'': when we have proof of the propositions above the horizontal
bar, then we deduce a proof of the proposition below the bar.
The rules are used to build proofs of new facts from starting facts (premises). A proof is written as a sequence of deduction steps. Here are some examples.
=================================================== P, Q, R |- R ^ (Q ^ P) 1. P premise (a starting fact) 2. Q premise 3. R premise 4. Q ^ P ^i 2,1 5. R ^ (Q ^ P) ^i 3,4 ===================================================Read line 4 like this: ``from the fact stated on line 2 and the fact stated on line 1, we deduce Q ^ P by applying the ^i law.'' Lines 4 and 5 construct new facts from the starting facts (premises) on lines 1-3. A proof generates new knowledge from existing knowledge by using deduction rules.
=================================================== P ^ (Q ^ R) |- R ^ P 1. P ^ (Q ^ R) premise 2. P ^e1 1 3. Q ^ R ^e2 1 4. R ^e2 3 5. R ^ P ^i 4,2 ===================================================The two examples seen so far suggest that a proposition like R ^ P is like a pair, (R, P), in Python that we can disassemble by indexing. The ^e rule does the indexing, and the ^i-does the pair-building.
=================================================== P |- P ^ P 1. P premise 2. P ^ P ^i 1,1 ===================================================This example shows you can use a premise multiple times in a proof.
It is easy to prove P ^ Q |- P (use ^e1), but we cannot prove P |- P ^ Q. This reminds us that deduction rules develop new knowledge, but the knowledge might be weaker than the starting facts used to deduce the knowledge. When we have propositions P and Q and we prove both P |- Q and also Q |- P, we write P -||- Q and say that P and Q are equivalent --- they hold the ``same amounts of knowledge.''
1. Premises premise
(fill in)
i. P
(fill in)
j. Q
k. P ^ Q ^i i,j
1. Premises premise
2. P ^ Q premise
3. P ^e1 1
4. Q ^e2 1
(fill in)
i. R
1. P ^ (Q ^ R) premises
(fill in)
i. R
(fill in)
k. P
k+1. R ^ P ^i i,j
1. P ^ (Q ^ R) premises
2. P ^e1 1 (succeeded in proving subgoal, P)
3. Q ^ R ^e2 1
(fill in)
i. R
i+1. R ^ P ^i i,j
1. P ^ (Q ^ R) premises 2. P ^e1 1 (succeeded in proving subgoal, P) 3. Q ^ R ^e2 1 4. R ^e2 3 (succeeded in proving subgoal, R) 5. R ^ P ^i 4,2
===================================================
"""{ x > y ^ y == 3 }"""
x = x - 1
"""{ 1. x = xold - 1 premise (from the forwards-assignment law)
2. xold > y ^ y = 3 premise (the fact that held before the assignment)
3. xold > y ^e1 2
4. x > y - 1 algebra 1 3
5. y == 3 ^e2 2
6. x > y - 1 ^ y = 3 ^i 4,5
(the last line of the proof must not mention any occurrence of xold)
}"""
===================================================
There must also be a rule for applying a fact of form, P v Q, to deduce new knowledge. In real life, we call the rule ``case analysis''. For example, say that you have either 4 quarters in your pocket or 10 dimes in your pocket. In either case, you can buy a one-dollar coffee. Why? You do a case analysis: (i) in the case you have 4 quarters, that totals a dollar, and you can buy the coffee; (ii) in the case you have 10 dimes, that totals a dollar, and you can buy the coffee. So, in both cases, you can buy the coffee.
This pattern of deduction is formalized in the ve-rule below.
... P assume ... Q assume
P Q P v Q ... R ... R
vi1 : -------- vi2 : -------- ve: ------------------------------
P v Q P v Q R
The ve-rule is the deduction-rule form of
case analysis: you assume P and do deductions that prove R and
then you assume Q and do another sequence of deductions to
reprove R. Each case is a ``subproof'' that is
indented with ellipses. Once both cases are proved, you conclude
R no matter what.
=================================================== P |- Q v P 1. P premise 2. Q v P vi2 1 ===================================================What is interesting here is that proposition Q can be any proposition at all, because it need not be a true fact (P is the fact that matters here). For example, we can prove 2 == 1 + 1 |- (2 == 1 + 1) v (1 == 0). This sequence is valid, because it is enough that 2 == 1 + 1 is a fact; literally, 1 == 0 does not matter.
A similar result goes
===================================================
P ^ Q |- P v Q
1. P ^ Q premise
2. P ^e1 1
3. P v Q vi1 2
===================================================
For that matter, we reprove this result using ^e2:
===================================================
P ^ Q |- P v Q
1. P ^ Q premise
2. Q ^e2 1
3. P v Q vi2 2
===================================================
We cannot prove P v Q |- P ^ Q, which clearly
shows that the vi rule generates ``weaker knowledge'' from its facts.
Here is a proof that uses case analysis --- ve ---
to prove a useful sequent.
===================================================
P v Q, S |- (P ^ S) v (Q ^ S)
1. P v Q premise
2. S premise
... 3. P assumption (the first case for line 1)
... 4. P ^ S ^i 3,2
... 5. (P ^ S) v (Q ^ S) vi1 4
... 6. Q assumption (the second case for line 1)
... 7. Q ^ S ^i 6,2
... 8. (P ^ S) v (Q ^ S) vi2 7
9. (P ^ S) v (Q ^ S) ve 1, 3-5, 6-8
===================================================
Each case --- the P case and the Q case --- proved the
same fact, so we conclude that the fact holds no matter what.
The ellipses are used here to show that we started a subproof with
an additional what-if premise (called an assumption)
for a case analysis.
When both cases prove the same fact, then the ve rule finishes. Here, line 9 states that, starting from the cases asserted on line 1, the proof that P proves the goal is stated in lines 3-5 and the proof that Q proves the goal is stated in lines 6-8.
The assumption on line 3 (and the one on line 6) acts like a local variable inside a called function --- it can be used only within the function body. This is because the assumption is a what-if premise that is used only for the sake of discussion of the case analysis.
If you are studying the optional textbook, you will see that its authors
draw boxes around the subproofs, like this, rather
than indent with ellipses:
1. P v Q premise
2. S premise
+--------------------------------------
| 3. P assumption
| 4. P ^ S ^i 3,2
| 5. (P ^ S) v (Q ^ S) vi1 4
+--------------------------------------
+--------------------------------------
| 6. Q assumption
| 7. Q ^ S ^i 6,2
| 8. (P ^ S) v (Q ^ S) vi2 7
+-------------------------------------
9. (P ^ S) v (Q ^ S) vE 1, 3-5, 6-8
Do as you please.
Finally,
here is a simple but vital proof:
===================================================
P v P |- P
1. P v P premise
... 2. P assumption
... 3. P assumption
4. P ve 1, 2-2, 3-3
===================================================
1. Premises premise
2. P v Q premise
... i. P assumption
(fill in)
... j. R
... k. Q assumption
(fill in)
... l. R
m. R ve 2,i-j,k-l
1. Premises premise
(fill in)
i. P
j. P v Q vi1 i
===================================================
def reciprocal(n) :
"""{ pre (n < 0) v (n > 0)
post answer == 1.0 /n
return answer
}"""
answer = 1.0 / n
return answer
# We show that the function's argument satisfies the precondition:
x = 5
"""{ 1. x == 5 premise
2. x > 0 algebra 1
3. (x > 0) v (x < 0) vi1 2
}"""
y = reciprocal(x)
"""{ 1. y == 1.0/x premise (by function-call law)
2. x == 5 premise (from above)
3. x == 5 ^ y == 1.0/x ^i 2,3
}"""
===================================================
Here is a little programming trick:
if x < 0 :
y = 0 - 1
else :
y = 1
x = x * y
At the end x is always nonnegative, because the if-command
sets y to the opposite parity (sign) as x. We can use ve to prove this:
===================================================
if x < 0 :
y = 0 - 1
else :
y = 1
"""{ 1. (x < 0 ^ y == -1) v (x >=0 ^ y == 1) premise (if-law) }"""
x = x * y
"""{ 1. x == xold * y premise
2. (xold < 0 ^ y == -1) v (xold >= 0 ^ y == 1) premise
... 3. xold < 0 ^ y == -1 assumption
... 4. xold < 0 ^e1 3
... 5. y == -1 ^e2 3
... 6. xold * y > 0 algebra 4 5
... 7. x > 0 subst 1 6
... 8. x >= 0 algebra 7
... 9. xold >=0 ^ y == 1 assumption
... 10. xold >= 0 ^e1 9
... 11. y == 1 ^e2 10
... 12. xold * y >= 0 algebra 10 11
... 13. x >= 0 subst 1 12
14. x >= 0 ve 2,3-8,9-13
}"""
===================================================
The proof matches exactly the
informal reasoning why x = x * y makes x nonnegative at the end.
With this understanding, it is easy to accept that P, P --> Q |- Q; this yields the -->e rule.
But there must also be a rule for building propositions of the form, P --> Q. Say that a family of propositions, P, R, S, T, ... are enough to prove proposition, Q. Say we know that R, S, T, ... are facts. Thus, if we only knew that P was a fact, too, then we would have Q as a fact. In this sense, R, S, T, ... are enough to prove that P --> Q is a fact.
Stated more precisely, the situation where P, R, S, T, ... |- Q lets us conclude that R, S, T, ... |- P --> Q. These two ideas, which go hand in hand, are formalized below.
... P assume
... Q P --> Q P
-->i : ----------- -->e : -----------------
P --> Q Q
The -->i-rule is a case analysis --- it says, consider the
case when P is a fact.
(We don't know this for certain; it is a case/possibility
we want to discuss.) If assuming P (plus using other facts
we already have) leads to a proof of Q, then we conclude
that P --> Q is a fact.
=================================================== (P ^ Q) --> R, P --> Q, P |- R 1. (P ^ Q) --> R premise 2. P premise 3. P --> Q premise 4. Q -->e 3,2 5. P ^ Q ^i 2,4 6. R -->e 1,5 ===================================================
=================================================== (P v Q) --> R, Q |- R 1. (P v Q) --> R premise 2. Q premise 3. P v Q vi2 2 4. R -->e 1,3 ===================================================Here is an example that uses -->i:
=================================================== P, (Q ^ P) --> R |- Q --> R 1. P premise 2. (Q ^ P) --> R premise ... 3. Q assumption ... 4. Q ^ P ^i 3,1 ... 5. R -->e 2,4 6. Q --> R -->i 3-5 ===================================================The proof includes the case that, when Q is assumed a fact then R would follow as a fact, too. The subproof lets us conclude that Q --> R is a fact.
Here, two if-then facts entail a third one:
===================================================
P --> Q, Q --> R |- P --> R
1. P --> Q premise
2. Q --> R premise
... 3. P assumption
... 4. Q -->e 1,3
... 5. R -->e 2,4
6. P --> R -->i 3-5
===================================================
Notice how we assumed P to move the proof forwards to a proof of R.
We employ a similar tactic in this example:
===================================================
P --> (Q --> R) |- (Q ^ P) --> R
1. P --> (Q --> R) premise
... 2. Q ^ P assumption
... 3. P ^e2 2
... 4. Q --> R -->e 1,3
... 5. Q ^e1 2
... 6. R -->e 4,6
7. (Q ^ P) --> R -->i 2-6
===================================================
It is possible to nest cases-analyses, as in this cruical example:
===================================================
P --> R, Q --> R |- (P v Q) --> R
1. P --> R premise
2. Q --> R premise
... 3. P v Q assumption
... ... 4. P assumption
... ... 5. R -->e 1,4
... ... 6. Q assumption
... ... 7. R -->e 2,6
... 8. R ve 3,4-5,6-7
9. (P v Q) --> R -->i 3-8
===================================================
Here, the ``or reasoning'' is nested inside the ``implies reasoning.''
This example shows how mastery of basic deduction rules allows one
to reason far more precisely than ordinary people do in real life.
1. Premises premise
... i. P assumption
(fill in)
... j. Q
k. P --> Q -->i i-j
1. Premises premise
2. P --> Q premise
(fill in)
i. P
j. Q -->e 2,i
(fill in)
k. R
P --> (Q --> R), Q ^ P |- RAn easy application of the (**)-^i tactic generates this simpler subgoal,
P --> (Q --> R), Q, P |- Rand we quickly finish the proof by applying the (**)--->e tactic twice to deduceR.
Recall the loop for finding a letter in a string:
===================================================
index = 0 # the position of the letter in s we are examining
found = False # did we find c in s yet?
while index != len(s) and not found :
"""{ invariant (found --> s[index] = c) ^
(~found --> FORALL 0 <= i < index, s[i] != c)
modifies found, index
}"""
if s[index] == c :
found = True
else :
index = index + 1
# after we quit the loop:
"""{ 1. ~(index != len(s) premise
2. invariant premise
3. index == len(s) algebra 1
}"""
===================================================
After the loop finishes, we use -->e with the invariant
to ensure that we print
the correct answer:
===================================================
"""{ invariant }"""
if found :
"""{ 1. found premise
2. invariant premise
3. found --> (s[index] == c) ^e1 2
4. s[index] == c -->e 3,1
}"""
print "found", c, "at", index
else :
"""{ 1. ~found premise (from if-law)
2. invariant premise
3. index == len(s) premise
4. ~found --> FORALL 0 <= i < index: s[i] != c ^e2 2
5. FORALL 0 <= i < index, s[i] != c -->e 3,1
6. FORALL 0 <= i < len(s), s[i] != c subst 3,5
}"""
print c, "not found"
"""{ (s[index] == c) v (FORALL 0 <= i < len(s), s[i] != c) }"""
===================================================
Here is a second example, where we reason backwards from
the goal, x * y > 0, to obtain the subgoal for completing
the program successfully:
===================================================
"""{ subgoal: (x < 0 --> y <= 0) ^ (x >= 0 --> y > 0) }"""
if x < 0 :
"""{ subgoal: 1. -1 * y >= 0
2. y <= 0 algebra 1 }"""
x = -1
"""{ subgoal: x * y > 0 }"""
else :
"""{ subgoal: 1. 1 * y > 0
2. y > 0 algebra 1 }"""
x = 1
"""{ subgoal: x * y > 0 }"""
"""{ goal: x * y > 0 }"""
===================================================
We propose y = x + 1 as the command to start the program.
To prove that the assignment achieves the subgoal established by
the if-command, we undertake a proof that must use -->i (twice):
===================================================
y = x + 1
"""{ 1. y == x + 1 premise
... 2. x < 0 assumption
... 3. x + 1 < 1 algebra 2
... 4. x + 1 <= 0 algebra 3
... 5. y <= 0 substitution 1, 4
6. (x<0) --> (y <= 0) -->i 2, 5
... 7. x >=0 assumption
... 8. x + 1 > 0 algebra 7
... 9. y > 0 algebra 8, 1
10. (x >= 0) --> (y > 0) -->i 7,9
11. (x < 0 --> y <= 0) ^ (x >= 0 --> y > 0) ^i 6,10 }"""
===================================================
What is clearcut, however, is that
whenever we can prove, P ^ ~P, for some proposition,
P, we have a contradiction.
A contradiction states an impossible situation, that is, P is a fact
at the same time that it is not a fact.
The optional Huth-and-Ryan text uses this symbol
--- _|_ --- to stand for a contradiction.
They also give an extra rule to deduce you have
proved a contradiction:
P ~P
~e : ---------
_|_
I don't like their name for this rule, but I will use it, anyway.
If you start from some premises and you prove a contradiction, it means that the premises disagree with each other. (For example, from premises x > 0 and x < 0 we can deduce x > 0 ^ ~(x > 0). The problem is that the premises disagree about what is a true fact.)
When we encounter a contradiction in real life, we usually ``start over'' and try our reasoning again, from a different set of premises. In logic, contradictions are not only a signal that we should ``start over'' (that is, change the premises of the proof we are building), but they are also useful for finishing a line of logical reasoning where we must consider all cases, even the impossible ones, that follow from some starting set of premises.
There is a special law for reasoning forwards from an impossible situation --- the _|_e law --- which says, in the case of a contradiction, everything becomes a fact. That is, if False is a fact, so is everything else.
_|_
_|_e : ------ for any proposition, Q, at all
Q
=================================================== P v Q, ~P |- Q 1. P v Q premise 2. ~P premise ... 3. P assumption ... 4. _|_ ~e 3,2 ... 5. Q _|_e 4 ... 6. Q assumption 7. Q ve 1,3-5,6-6 ===================================================Considering the premise, P v Q, we develop the two-case analysis. The first case, where P holds true, is impossible, because it causes a contradiction. The _|_e-rule lets us gracefully prove Q in this ``impossible case.'' (You can read lines 3-6 as saying, ``in the case when P might hold true, there is a contradiction, and in such an impossible situation, we can deduce whatever we like, so we deduce Q to finish this impossible case.'')
The second case, that Q holds true, is the only realistic case, and it immediately yields the consequent. The proof finishes the two-case analysis with a step of ve.
Here is another example:
===================================================
P --> _|_ |- P --> R
1. P --> _|_ premise
... 2. P assumption
... 3. _|_ -->e 1,3
... 4. R _|_e 4
5. P --> R -->i 3-5
===================================================
and a minor variation:
===================================================
~P |- P --> Q
1. ~P premise
... 2. P assumption
... 3. _|_ ~e 2,1
... 4. Q _|_e 3
5. P --> Q -->i 2-4
===================================================
That is, if we know P is impossible, we can make any old
if-then claim we want about would follow if P
somehow became true. (Example: ``if I am the president of the U.S.,
then everyone gets a tax refund of a million bucks.'' It's a true
statement but not so useful, since I am not the president.)
1. Premises premise
2. ~P premise
(fill in)
i. P
j. _|_ ~e i,2
k. Q _|_e j
In the previous proof example, we see that
~P |- P --> Q is proved quickly once
we obtain as a new fact (via an assumption, thanks to the
(***)--->i tactic!).
===================================================
x = 3
if x > 0
y = 1
else :
y = 2
"""{ goal: y = 1 }"""
===================================================
Clearly, the then-arm is executed to get the result ---
the else-arm will never execute. But the law for conditionals
says we must analyze both arms to conclude a logical result in advance
of execution. Our analysis quickly
concludes that the else-arm is impossible, and the
_|_e-law finishes the job. Say that the goal of the code
that follows is to force y == 1:
===================================================
x = 3
"""{ 1. x == 3 premise }"""
if x > 0
"""{ 1. x > 0 premise
2. x == 3 premise
}"""
y = 1
"""{ 1. y == 1 premise }"""
else :
"""{ 1. ~(x > 0) premise
2. x == 3 premise
3. (~(x > 0) ^ x == 3) ^i 1,2
}"""
y = 2
"""{ 1. y = 2 premise
2. ~(x > 0) ^ x == 3 premise
3. ~(x > 0) ^e1 2
4. x == 3 ^e2 2
5. x > 0 algebra 4
6. _|_ ~e 5,3
7. y == 1 _|_e 6 (!)
}"""
"""{ 1. (y == 1) v (y == 1) premise
... 2. y == 1 assumption
... 3. y == 1 assumption
4. y == 1 ve 1, 2-2, 3-3
}"""
===================================================
Because it is impossible to have both ~(x > 0) and
x == 3 at the same time (line 6), we have reached an impossible situation,
and we can conclude whatever we want
to finish this impossible case.
Another way of thinking about a contradiction is a kind of ''program crash''. A logic proof is like a computer program, and when one uses the premises (the ``inputs'') of a proof to compute a contradiction, this is like a program crash (a thrown exception). The ~e rule announces the crash/exception, and the _|_e rule acts like an exception handler, cleaning up the mess and outputting some recovery answer.
Another rule for negation lets us deduce when an assertion is incompatible with facts we already know. Therefore, we deduce the assertion's negation as following from the facts:
... P assume
... _|_
~i: ----------
~P
The rule says that we can discuss the case when P holds;
if a contradiction results, then it
is impossible for P to ever be a fact --- indeed,
~P is the fact that holds.
=================================================== P, Q --> ~P |- ~Q 1. P premise 2. Q --> ~P premise ... 3. Q assumption ... 4. ~P -->e 2,3 ... 5. _|_ ~e 1,4 6. ~Q ~i 3-5 ===================================================Here, the premises, P and Q --> ~P, are so strong that it is impossible for Q to ever be proved as a fact. (Lines 3-5 show that, if Q ever was proved a fact, it would cause a contradiction/crash.) So, ~Q (``Q is impossible'') is proved, instead.
=================================================== P |- ~~P 1. P premise ... 2. ~ P assumption ... 3. _|_ ~e 1,2 4. ~(~P) ~i 2-3 ===================================================Note that the ~i rule is not capable of proving ~~P |- P. Indeed, if ``it is impossible that it is impossible for P to be a fact'', does this mean that P (is proved to be) a fact? (Example: Last night, you came home late and used your keys to enter your apartment. This morning, you can't find your keys. You say, ``It's not that I don't have my keys!'' But do you have them in hand --- do you have the evidence that you have your keys? In mathematics, there are number problems where people have proved that it is impossible for there not to be a solution. But no one yet knows exactly what the solution is!)
These examples support this understanding of ~P:
1. Premises premises
... i. P assumption
(fill in)
... j. _|_
k. ~P ~i, i-j
The ~i-tactic was used with good success in the previous
example.
In real life, we use opposites a lot --- the opposite of daytime is nighttime, the opposite of happy is sad, and so on. We might even say that ~daytime equals nighttime, and so on. (But what is ~raining? Does it equal sunny? overcast? snowing? Some concepts have no natural opposite.)
If we work with circuits or similar True/False or ``opposite'' systems, then then we should be able to prove ~~P |- P. Here is the rule that lets us do so:
... ~P assume
... _|_
Pbc: ----------
P
The Pbc (``proof by contradiction'')
rule says that, when ~P leads to a contradiction,
then we have built a proof of P.
In a sense, Pbc
built ``something from nothing'' --- a ``proof'' of P from
an argument that says ~P leads to an impossible situation.
But does this mean we have ``built'' P?
In a world where the word ``not'' means the ``opposite of'',
we have.
=================================================== ~~P |- P 1. ~~P premise ... 2. ~P assumption ... 3. _|_ ~e 2,1 4. P Pbc 2-3 ===================================================Here is a famous consequence of Pbc: from no starting premises at all, we can prove P v ~P for any proposition we can imagine:
=================================================== |- P v ~P ... 1. ~(P v ~P) assumption ... ... 2. P assumption ... ... 3. P v ~P vi1 2 ... ... 4. _|_ ~e 3,1 ... 5. ~P ~i 2 ... 6. P v ~P vi 5 ... 7. _|_ ~e 6,1 8. P v ~P Pbc 1-7 ===================================================Now that we have done this proof, say that P stands for ``God has red hair.'' We have this result:
Pbc constructs ``something from nothing.'' This appeals to circuit builders, where ~ and v are just gates/on-off switches, but not always to computer scientists, who like to compute/build data values and data structures in constructive ways, with algorithms. For this reason, some logicians (actually, not so many) refuse to accept the Pbc rule, except in specific circumstances.
Here is
an example of a ``specific circumstance'': for the integers,
if we can
write a function,
def propertyP(i,j) :
"""{ pre i and j are integers
post returns True or False and _always terminates_
}"""
that mechanically decides whether propertyP(m,n) is True or False
for every possible combination of integers, m and n,
then we can safely use the assertion,
|- propertyP(m,n) v ~propertyP(m,n)
for all choices of integers m and n.
The function, propertyP, is called a decision procedure.
Typically, when people accept that |- P v ~P is a fact, it is because they are using a decision procedure to answer the question. When we consider situations that do not have decision procedures, the situation gets murky, as in the example about the color of God's hair.
Here is a surprising result, due to Pbc:
===================================================
P --> Q |- Q v ~P
1. P --> Q premise
2. P v ~P (previous proof, using Pbc)
... 3. P assumption
... 4. Q -->e 1,3
... 5. Q v ~P vi1 4
... 6. ~P assumption
... 7. Q v ~P vi2 6
8. Q v ~P ve 2, 3-5, 6-7
===================================================
This proof says that the dependency of Q on P forces us to
conclude that either Q is already a fact or P is impossible.
It is slightly odd that an ``if-then'' dependency would ensure
either of the two outcomes. But this is the consequence
of Pbc's ability to build something from nothing.
This result also relies on Pbc:
This last result follows because Pbc lets us deduce that P --> Q |- Q v ~P --- no longer does P --> Q tell us that P gives the needed knowledge for constructing/deducing Q; no longer does P --> Q tell us that Q physically depends on P. Instead, due to Pbc, we must read P --> Q as stating a coincidence about the underlying True/False values of P and Q. For this reason, the --> operator is no longer necessary in a logic that uses the Pbc rule; this is why there is no need for an --> gate in circuit theory (you use Q v ~P instead).
There is no truly useful tactic for applying the Pbc-rule. It is indeed a rule of ``last resort'', because it says, to try to prove Premises |- P, one should assume ~P and see if this leads one into a contradiction, that is, a proof that Premises,~P |- _|_. This is a kind of logical ``wild-goose chase.'' But later in the chapter, we will see how computers can be made to chase after such geese.
When we add the rules for implies, we can prove one other key equivalence:
If we accept Pbc (or equivalently, we accept P v ~P as a fact), then we have these important results: (Note, for each equivalence, -||-, that follows, the first part, stated with |-, can be proved without Pbc, but the reverse direction requires Pbc.)
In algebra, the inference rules presented here for ^, v, _|_, and ~ define the structure of a Boolean lattice, and the origins of modern abstract algebra and logic come from George Boole's attempt to formalize ``what it means'' to compute with ^, v, ~.
A more striking result (again, provided we accept the Pbc rule)
is that every proposition written with ^, v, ~ can be
rewritten as an equivalent proposition in this structure,
called conjunctive normal form (cnf):
(A00 v A01 v ... A0n) ^ (A10 v A11 v ... A1n) ^ ... ^ (Am0 v Am1 v ... Amn)
where each Aij is either a primitive proposition, P, or a negated
primitive proposition, ~P.
A cnf-proposition is an ``and-or'' proposition, where ``or-clauses'' (disjunctive clauses) are ``anded together.'' The cnf structure is easy for a computer to manipulate and forms the starting point for a powerful computerized proof technique known as resolution theorem proving, which we consider shortly.
For example, P ^ (Q v ~R) is in cnf, but (P ^ Q) v ~R is not. (Why?) But the latter proposition is equivalent to (P v ~R) ^ (Q v ~R), which is in cnf.
Here is another example: ~(Q v ~R) is equivalent to ~Q ^ ~~R, which is equivalent to ~Q ^ R, which is in cnf.
Again, a proposition in conjunctive normal form is a sequence of one or more conjunctions, A1 ^ A2 ^ ... ^ Am, where each Ai is itself a sequence of one or more disjunctions, Bi1 v Bi2 v ... v Bin, where each component, Bij, is itself a primitive proposition, P, or the negation, ~P, of one.
There are specific logical equivalences we apply to transform a proposition into cnf. Here they are, stated within an algorithm that converts an arbitrary proposition into one in cnf:
A --> B -||- ~A v B
~(~A) -||- A ~(A ^ B) -||- ~A v ~B ~(A v B) -||- ~A ^ ~B
(A ^ B) v C -||- (A v C) ^ (B v C)
=================================================== (~P --> Q) v ~(Q v ~R) -||- (~~P v Q) v ~(Q v ~R) (step 1) -||- (P v Q) v ~(Q v ~R) -||- (P v Q) v (~Q ^ ~~R) -||- (P v Q) v (~Q ^ R) (step 2) -||- (~Q v P v Q) ^ (R v P v Q) (step 3) ===================================================The result, which is in cnf, can be simplified further:
These constructions suggest that propositional logic, using all the deduction rules including Pbc, boils down to an and-or game. And in some sense, this is true. But the story changes when we add the quantifiers, FORALL (``for all'') and EXIST (``there exists'').
Resolution theorem proving depends on propositions in cnf as well as the Pbc rule. To prove a sequent, A1, A2, ..., Am |- B, we
To do Step 3, we first reorganize all of A'1, A'2, ..., A'm, notB' into one large conjunctive normal form proposition, and then we split the proposition into its set of disjunctive clauses.
Here is an example. We want to prove
P --> R, Q --> R |- (P v Q) --> R
We translate the premises and negated goal into this cnf proposition:
(~P v R) ^ (~Q v R) ^ (P v Q) ^ ~R
This gives this set of disjunctive clauses:
{~P v R, ~Q v R, P v Q, ~R}
From these clauses, we must prove a contradiction.
To finish Step 3,
we forget our existing deduction rules and
use just this one deduction rule, the
resolution rule, which works with disjunctive clauses:
A v P ~P v B
res: --------------------------
A v B
The res rule maps two facts to a new fact.
Indeed, by a nested cases analysis (ve), we can manually prove
that A v P, ~P v B |- A v B. This is why we
can use res as a deduction rule.
But res is a special deduction rule, because the clause it generates is smaller than the union of its two premises --- it removes a proposition from future computation. So, if we use res on all possible combinations of all the disjunctive premises that we started with, at some point we will generate all possible facts --- the mechanical application of res will not run forever.
Here is the example and a proof using the res rule.
When we apply the res rule, we connect the two clauses used:
===================================================
~P v R ~Q v R P v Q ~R
| | | |
| +--------------+ |
| R v P |
| | |
+----------------------+ |
R v R = R |
| |
+---------------------------+
(empty) = _|_
===================================================
We used res three times and deduced an empty disjunctive clause,
which means False, that is _|_.
Notice we compressed the clause, R v R, into just R.
This is a key step in applying the res rule to uncover _|_.
The proof search can be conducted more than one way:
===================================================
~P v R ~Q v R P v Q ~R
| | | ||
| +--------------+ ||
| R v P ||
| | ||
| +----------------------+|
| P |
| | |
+-------------------------------+ |
R |
| |
+-------------------------------++
(empty) = _|_
===================================================
Here, the premise ~R must be used twice to prove the contradiction.
For this reason, a computerized implementation
tries all possible combinations of each res-generated
clause with all existing clauses, searching to build an empty clause.
Of course, if a sequent is unsound, resolution will not prove it.
For example, if we try to prove that P v Q entails P ^ Q
(and of course it does not), we attempt this proof, which fails:
P v Q ~P v ~Q
| |
+----------------+
Q v ~Q | (always true --- this clause can be ignored)
| |
+---------+
~Q v ~P (back where we started; no use continuing...)
There is no way to deduce an empty clause. Indeed, the set of clauses
we can possibly generate consists of everything we see in the above
attempt (if we include the mirror clause, P v ~P, which is
easily generated, too).
And this is why an implementation can halt the
proof search --- if the implementation generates all possible combinations
of disjunctive clauses and no more new clauses appear,
then the search stops, with failure.
The purpose of this section is to describe ways that we give meaning to propositions and to show that the deduction rules in this chapter generate new knowledge that means what we think it means.
Return to Chapter 0 of these notes and review the truth tables for
^, v, ~.
Also, here is the standard truth table for -->:
P Q | P --> Q
---------------
t t | t
t f | f
f t | t
f f | t
The table's last two rows are a bit surprising --- given that
P --> Q is understood as ``Q depends on P,'' how
can we give a meaning to P --> Q when P is false and
no dependency can be demonstrated or refuted? The value, t, is used
to complete the table because we must insert something, and we
might argue there is no contradiction in saying that
P --> Q is true when P is false. In a more technical
sense, the values in the last two rows somehow connect to our
ability to prove
~P |- P --> Q and also
~P |- P --> ~Q --- they relate to our
willingness to consider impossible cases (and embrace the _|_e rule).
Nonetheless, we see that our understanding of implication as a truth table is open to discussion.
Recall that we can build a truth table of a compound proposition.
We can do this for any sequent, computing the values of its premises
and its goal.
Here is an example:
P, Q v R |- (P ^ Q) v (P ^ R)
P Q R | P Q v R (P ^ Q) v (P ^ R)
-------------------------------------------------------
t t t | t t t
t t f | t t t
t f t | t t t
t f f | t f f
f t t | f t f
f t f | f t f
f f t | f t f
f f f | f f f
According to the compound truth table,
P, Q v R entails (P ^ Q) v (P ^ R),
because, in every row where both P and also Q v R compute to t,
then so does (P ^ Q) v (P ^ R).
We can also use the deduction rules to build a proof of P, Q v R |- (P ^ Q) v (P ^ R).
Now, we have two questions:
Because of soundness and completeness, one way to determine whether there is a proof for a sequent, P1, P2, ..., Pn |- Q, is to build its truth table and see if the truth table tells us whether the claim is true. If yes, then we know there is a proof. This brute-force technique is easy to program; why did we bother to learn about conjunctive normal form and resolution theorem proving, then? The reason is that truth tables will fail us when we add the for-all (FORALL) and there-exists (EXIST) operators to logic, but resolution theorem proving can and will be expanded to work with them. This is the reason for its success.
The key reason why truth tables work as they do to predict existence of proofs is because they are intimately tied to the Pbc rule. Say that we are purists and refuse to use the Pbc inference rule. The set of rules that remain are certainly sound with respect to the truth tables, but they are not complete. (For example, a compound truth table shows that |- P v ~P, but this cannot be proved without Pbc.)
You might argue that the deduction system lacking Pbc is too weak. Or, you might argue that our understanding of the meaning of deduction is incorrect. If you are an algebraist, you shrug your shoulders, because you already know that the full set of deduction rules is sound and complete for any mathematical model of meaning that forms a Boolean lattice. The set of rules that omit Pbc is sound and complete for any any mathematical model of meaning that forms a Heyting lattice.
The point is, meaning goes well beyond primitive notions like """{0, 1}""" and """{t, f}""", and mathematicians have understood this for about 200 years. Indeed, there are many different forms of meaning and many different forms of symbolic logic that deduce assertions with those meanings. This is why the Huth and Ryan textbook present temporal logic and modal logic in the latter chapters of their book. The former is useful for reasoning about protocols and communication patterns within distributed systems, and the latter is useful for studying how knowledge evolves with the passage of time, an area of importance to database systems. Both can be given meaning by annotated-tree structures known as Kripke models.
Propositions must be understood in the context in which they are stated, and x > 0 is True sometimes and is False sometimes. Rather than using a simple two-valued, t,f, model of meaning, we should generalize to a model that takes context into account. The appropriate generalization of the two-valued truth-table model to a many-valued model is called a Boolean lattice.
The meaning of a proposition
is the set of all the contexts that make the proposition a fact.
For example, in algebra class, perhaps we study the
properties of an unknown integer variable, x. We make
statements like this:
x > 0
x + 1 = 2
x % 2 = 0
2x - x = x
x = x + 1
We next ask, ``in which contexts are these propositions facts?''
We write [[ P ]] to name the set of those contexts that make
P a fact. For the above primitive propositions, we have
[[ x > 0 ]] = { 1, 2, 3, ... } (that is, x > 0 is a fact in the context
where x equals 1 or 2 or 3 or ...)
[[ x + 1 = 2 ]] = { 1 }
[[ x % 2 = 0 ]] = { ... -4, -2, 0, 2, 4, 6, ... }
[[ 2x - x = x ]] = Int, that is, { ..., -2,-1,0,1,2,3, ... }
[[ x = x + 1 ]] = { }
These sets are the meanings of the propositions.
What is the ``world of meanings'' from which these sets are taken?
Surely, it is not just t,f --- it is the set of all subsets
of the ints. (We write this is P(Int), where Int = {...,-2,-1,0,1,2,...}.)
Here is a crude, partial drawing of this
world of meanings, P(Int):
{...,-2,-1,0,1,2,3, ...}
...
... {...,-2,0,2,4,6,...} {...,-1,1,3,5,7, ...} {1,2,3, ...} ...
...
... {-2,0,2} {-1,0,1} {-2,0,1} {0,1,2} ...
... {-2,-1} {-2,0} {-1,0} {0,1} {0,2} {-1,1} {1,2} ...
... {-2} {-1} {0} {1} {2} ...
{ }
This collection is infinite, and many sets within the collection are infinite.
The structure is a Boolean lattice, named after George Boole,
who studied first this form of meaning-world: It lets us union sets,
intersect sets, and make complements of sets.
We use the Boolean lattice give meaning to ^, v,
and ~. Say that N is the set of
all contexts under study. Each proposition, P,
has a meaning that is some subset of N. (In the above example,
N = {0,1,2,3,...}.) We define the connectives like this:
===================================================
[[ P ^ Q ]] = [[P]] intersection [[Q]]
(that is, the contexts that
make both P and Q facts is the intersection of
the ones that make P a fact and the ones that
make Q a fact)
[[ P v Q ]] = [[P]] union [[Q]]
[[ ~P ]] = N - [[P]] (that is, set complement: we remove all contexts
in which [[P]] is a fact)
===================================================
For example,
[[ (x + 1 = 2) v (x % 2 = 0) ]] = [[ x + 1 = 2 ]] union [[ x % 2 = 0 ]] = {...,-2,0,1,2,4,...}
[[ (x > 0) ^ (x + 1 = 2) ]] = [[ x > 0 ]] intersection [[ x + 1 = 2 ]] = {1}
[[ ~(x + 1 = 2) ]] = {...-2,-1,0,1,2,...} - {1} = {...-2,1,0,2,3,...}
With these definitions, it is easy to calculate that
[[ P v ~P ]] = Int and [[ P ^ ~P ]] = { }, and so on.
Indeed, all the equivalences stated in the earlier section become set equalities
in the Boolean-lattice model, e.g., [[ P ^ Q ]] = [[ ~(~P v ~Q) ]]
and [[ P ]] = [[ ~~P ]].
It is a famous and important result that the full set of deduction rules in this chapter are sound and complete for the Boolean-lattice models:
([[P1]] intersection [[P2]] intersection ... intersection [[Pn]]) is a subset of [[ Q ]]no matter what meanings are given to P1, P2, ... Q.
[[P1]] intersection [[P2]] intersection ... intersection [[Pn]] is a subset of [[Q]]then we can prove P1, P2, ..., Pn |- Q.
But what about implication? Since ~ is defined as set complement,
we define the meaning of P --> Q as
[[ P --> Q ]] = [[ Q ]] union (S - [[ P ]])
that is, the equivalence, P --> Q -||- Q v ~P, is
used in the model. This is a bit disappointing, but it is the price
we pay for using elementary set theory as the model for meanings.
To understand why this definition of implication is not foolish,
note that the set, [[ Q ]] union (S - [[ P ]]), is the largest
set, S, such that S intersection [[P]] is a subset of [[Q]],
which explains why P, P-->Q |- Q is valid reasoning.
(Remember --- in the Boolean lattice, P |- Q means
[[P]] is a subset of [[Q]].)
There are simpler Boolean lattices than the powerset of all the integers.
The following are all examples of Boolean lattices, where S names the
set of all possible contexts:
S = {*} S = {day,night} S = {wkday,sat,sun}
{*} {day,night} {wkday,sat,sun}
{} {day} {night} {wkday,sat} {wkday,sun} {sat,sun}
{} {wkday} {sat} {sun}
{}
Notice that the context set, S = {*}, generates the truth-table
semantics of propositional logic. (True is {*} and False is {}.)
In this sense, truth tables are a
special case of Boolean-lattice semantics.
Perhaps you noted that the ^i rule is a kind of pairing rule:
^i pairs a proof of P and a proof of Q to make a proof of
P ^ Q. We can make pairs in Python, like this:
p = (3, "abc")
p is a pair of data type int * string, which we can even write
as int ^ string, if we wish!
We index the pair like this
print p[0], p[1] # prints 3 "abc"
The indexing looks like what we do with the ^e rules.
There is also a coincidence between functions and the rules for
implication. When we prove P --> Q with -->i,
we use an assumption, P, to prove Q.
In Python, we build functions that take parameters (``assumptions'')
to return answers, e.g.,
def f(s): # pre: s has data type string
ans = len(s) # calculate the length of string s
return ans # post: ans has data type int
This function has as its data type, string --> int.
In general, a function that takes an argument of data type P to compute
an answer of type Q has data type, P --> Q.
When we call such a function, by supplying an argument of data type, P, we get in return an answer of type Q (e.g., f("abc") for the above function). This is the same as applying the -->e-rule to a proof of type P --> Q and a proof of type P to get a proof of type Q as the answer. Q function from P -->i = def f() argument returns ... Q answer return -->e = f(arg) -->
There is a general principle here: the meaning of a proposition need not be a true-false value or a set of contexts but a data structure, and a proposition is a fact exactly when there is a computer data-structure that acts as the evidence to support the proposition. This is an adventurous turn that connects logic with programming. It is called the Heyting interpretation of logic.
We now develop this approach using Python data structures.
p = (3, "abc") print p[0], p[1] # prints 3 "abc"p is a pair of type int * string, which we also write as int ^ string. The pair, p, witnesses (proves) the proposition int ^ string. Pairing, (_,_), acts like ^i, and indexing (_[0] and _[1]) act like ^e1 and ^e2.
We simulate a variant type like int + string in Python like this:
u = ("left", 3)
v = ("right", "abc")
We use the tags, "left" and "right" to mark whether
the value came from the left or right clause of the type int + string.
Both u and v are data structures of type int + string.
Think of int + string as int v string. This makes ("left",_)
the vi1 rule and ("right",_) the vi2 rule. The
ve rule is an if-command written in this style:
w = ... # a value from the type/proposition, int v string
if w[0] == "left" :
value = w[1] # an int
... use the int to compute an answer of some type, R
elif w[0] == "right" :
value = w[1] # a string
... use the string to compute an answer of some type, R
The if-command gives the cases analysis for data structure w, of
type/proposition int + string.
def g(i) : # pre: i: int
if i > 0
answer = "a" * i # make a string of i-many 'a's
else :
answer = ""
return answer # post: answer: string
The function's body builds a string-typed
answer dependent on its int-typed parameter (assumption)--- it is like the
proof we build when using the -->i rule.
When we call the function, e.g.,
print g(4) # prints "aaaa"
we are combining a data structure of type int --> string
with one of type int to get a data structure
of type string. This is like using -->e.
raise ExceptionThe data type of an exception is _|_, and the _|_e-rule is an ``exception handler'' that lets us recover from an exception by inserting any value we wish of any type at all. In Python, the _|_e-rule is coded like this:
try:
... raise Exception ... # a ``contradiction''
except: # traps the error and recovers
...any value we wish of any type at all...
To finish this development, we treat ~P as an abbreviation for P --> _|_ --- ~P is a computer function that does raise Exception if it is ever called with a P data structure as its argument! In this way, both P and ~P cannot participate together in a useful computation --- an exception gets raised.
With the above understanding --- the Heyting interpretation --- of the rules, ^i, ^e, vi, ve, -->i, -->e, and _|_e (note that the ~e and ~i rules are unnecessary when we treat ~P as P --> _|_), we have soundness: for every proof we make, P1, P2, ... |- Q, there is a computer data structure of data type Q that is assembled from data structures of types P1, P2, ...; and we have completeness: whenever we build a program of data type Q using input variables P1, P2, ... and the above Python constructions, there is a proof we can build by imitating the program within the deduction rules. The proof proves P1, P2, ... |- Q.
In this reading, programming and logic are the same thing.
Notice that the assignment command is missing from the language we used, as are loops. The correspondence between propositional logic and data-structure programming extends only as far as the class of simply-typed functional programs. Propositional logic is not expressive enough to represent repetitive, possibly nonterminating computation, and variable update is not part of its nature. There are other logics that mate to these features.
The ideas in this section are often used to define the type-checking laws for a modern programming language. The constructions of the language are written in inference-rule form, and a compiler's type checker is a proof-checker that checks that a program is correctly written according to the inference rules. In this way, a modern programming language is a logic, like the one we studied in this chapter, and when we are writing a program, we are writing a proof in the program's ``typed-syntax logic.'' There are many scholarly texts that show how one designs and uses languages in this way.
A key property of a Boolean lattice, P(S), generated from set S, is that every set, U in P(S), has as its complement, S - U. This justifies the claim that P -||- ~~P and supports the Pbc rule.
The absence of Pbc as a sound reasoning rule means that we can use lattice models that lack a set-complement operation, that is, the model no longer needs to hold all possible subsets of S as contexts and this means for some sets, U, in the lattice, S - U does not exist.
A lattice that has fewer sets in it than the powerset lattice, P(S), and can support the following operations is called a Heyting lattice. (Note: the explanation that follows is highly simplified but conveys the key ideas, nonetheless.)
[[ P ]] = the set of contexts in which P is a fact (just like before)
[[ P ^ Q ]] = [[ P ]] intersection [[ Q ]]
[[ P v Q ]] = [[ P ]] union [[ Q ]]
[[ ~P ]] = the largest set, R, of contexts, such that
R intersection [[ P ]] = {}
[[ P --> Q ]] = the largest set, R, of contexts, such that
R intersection [[ P ]] is a subset of [[ Q ]]
The last definition states that P --> Q is a set of
contexts where, if P is a fact in the context, then so is Q.
With substantial work, one can prove soundness and completeness for the deduction rules less Pbc for Heyting lattices.
The simplest example of a Heyting lattice is this ``three-valued''
logic:
{day, night}
{day}
{}
The set complement of {day} does not exist, yet if [[ Q ]] = {day},
then [[ ~Q ]] is {} --- the contexts where ``Q is impossible.''
There are of course more complex ``many-valued'' Heyting lattices,
but the one above shows that the absence of set complement
means that ~~Q is different from Q
(here, [[ ~~Q ]] = {day, night}).
Every Boolean lattice is a Heyting lattice, but there are many lattices that are Heyting lattices that are not Boolean lattices (e.g., the one above).
Here are two questions for which no one knows the answer:
n = readInt()
while n > 1 :
if n % 2 = 0 :
n = n / 2
else :
n = 3*n + 1
print n
The program has been tested with integers up to about 1018 as well,
with successful termination. But no one has
stated a proof that the conjecture holds for all integers.
Goldbach's conjecture and Collatz's conjecture are open, unsolved problems; they are not known to be facts or falsities as of today. We cannot claim Goldbach v ~Goldbach as of today --- we just don't know. If we accept the Pbc rule, which lets us prove |- Goldbach v ~Goldbach, then we have a practical problem: Is Goldbach's conjecture proved True or is it proved False? The ``proof'' of |- Goldbach v ~Goldbach is impractical --- it is a claim empty of content. Maybe someday in the future someone will prove or disprove Goldbach's conjecture.
A possible-worlds (Kripke) model gives meaning to propositions with respect to the passage of time. For each point in time, there are sets listing those primitive facts that are known at that specific time. The sets are organized with regards to the passage of time, so that a fact known at time n holds for all future times, m > n, as well. And, as time passes, we discover new primitive facts, so that the sets grow in size.
In this formulation, P ^ Q, at time n, is understood as saying, ``both P and Q are known to be facts as of now (time n) and from now on (times m > n). P v Q means ``P is known to be a fact, or Q is known to be a fact as of now and from now on.'' ~P means ``P is not a fact now and will never be in the future.'' That is, we know it is impossible for P to ever be known as a fact.
P --> Q is understood as saying, ``if P is ever discovered as a fact now or at any time in the future, we will find Q as a fact at that very same time.'' In this way, P --> Q can be a fact before P is uncovered as a fact.
Also, there are times when we cannot establish P and we cannot establish ~P either. This might be the case at the start of time, where we know (almost) no facts at all. Or, it might be as of today, with respect to Goldbach's and Collatz's conjectures.
In the possible-worlds model, the meaning of a proposition is the times when the proposition is known as a fact. The possible-worlds model is sound and complete for our deduction rules less Pbc.
A possible-worlds (Kripke)
model is meant to show the present time and all possible
future times. For example, say that we work in a propositional
logic where there are three primitive propositions, G (stands for
``Goldbach's conjective holds''), C (stands for ``Collatz's
conjecture holds), and B (''Bush is president'').
Here is a Kripke model that shows how time might
unfold with regards to these three primitive propositions:
(In the picture, time moves from left to right.)
+--b:{C}--+-----c:{C,G}
| |
a:{ }-+ +----d:{C}
|
+------------e:{G,B}
The model says, at the start of time, a, we know neither
C nor G nor B. In one future, b, we discover C, in another
possible future, e, we discover G and B. From b, we might
progress to futures c or d. Futures c, d, and e mark
the end of time. (It is of course acceptable to have Kripke structures
that allow time to run forever!)
At time a, C is not a fact, nor is ~C. But at time b, C is a fact. Also at b, ~B is a fact because it is impossible for B to be discovered at any future reachable from b. So, at b, C ^ ~B is a fact. Also at a, B --> G is a fact, because at all futures reachable from a, whenever B appears, G does also.
To summarize, here are the meanings of some propositions in the above
Kripke model:
[[ C ]] = {b,c,d}
[[ ~B ]] = {b,c,d}
[[ C ^ ~B ]] = {b,c,d}
[[ ~C ]] = {e}
[[ C v ~ C ]] = {b,c,d,e}
[[ B --> G ]] = {a,b,c,d,e}
[[ G --> B ]] = {d,e}
Kripke models are also useful in database and artificial-intelligence
applications, when one must state propositions and do deductions
based on what is already
known and what might be known in the future. (The logic for doing this
is called modal logic.)
Also, state-transition diagrams, which are used to describe the behaviors
of multi-object programs and also computer networks,
are Kripke structures, and there is a logic,
called temporal logic, that one uses to analyze these systems.
See your textbook.
S1, S2, ... |- Tfirst look at the connectives within T and note that you will probably need the introduction rules for those connectives to assemble the clauses you prove into T. Then, look at the connectives within each of the premises, Si, and note that you will probably need the elimination rules for those connectives to disassemble the premises into the primitive propositions needed to assemble into T.
To choose the order for using the introduction and elimination rules, think about the tactics you might use to disassemble the premises and assemble the goal. The inference rules in this chapter are reviewed below in the order in which they should be tactically applied:
1. Premises premise
(fill in)
i. P
(fill in)
j. Q
k. P ^ Q ^i i,j
1. Premises premise
2. P v Q premise
... i. P assumption
(fill in)
... j. R
... k. Q assumption
(fill in)
... l. R
m. R ve 2,i-j,k-l
1. Premises premise
... i. P assumption
(fill in)
... j. Q
k. P --> Q -->i i-j
1. Premises premises
... i. P assumption
(fill in)
... j. _|_
k. ~P ~i, i-j
1. Premises premise
2. P ^ Q premise
3. P ^e1 1
4. Q ^e2 1
(fill in)
i. R
1. Premises premise
2. P --> Q premise
(fill in)
i. P
j. Q -->e 2,i
(fill in)
k. R
1. Premises premise
2. ~P premise
(fill in)
i. P
j. _|_ ~e i,2
k. Q _|_e j
1. Premises premise
(fill in)
i. P
j. P v Q vi1 i
1. Premises premise
... i. ~P assumption
(fill in)
... j. _|_
k. P Pbc i-j