predicate logic - sinica
TRANSCRIPT
Predicate Logic
Bow-Yaw Wang
Institute of Information ScienceAcademia Sinica, Taiwan
October 13, 2021
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 1 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof AssistantBow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 2 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof AssistantBow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 3 / 156
Limitation of Propositional Logic
Consider the following sentence:
Every student is younger than some instructor.(每位學生都比某位授課者年輕。)
How do we express it in propositional logic?▸ What are propositional atoms?
To express the sentence, let us define some predicates.▸ Informally, a predicate is a function from objects to truth values.
For example, S(andy) denotes that Andy is a student; I (paul)denotes that Paul is an instructor; Y (andy ,paul) denotes that Andyis younger than Paul.
We also use variables to denote an object.▸ S(x) means x is a student; I (x) means x is an instructor; Y (x , y)
means x is younger than y .
Here is a predicate logic formula expressing the sentence:
∀x(S(x) Ô⇒ (∃y(I (y) ∧Y (x , y)))).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 4 / 156
More Examples
“Not all birds can fly.”▸ Let B(x) denote x is a bird, and F (x) denote x can fly.▸ ¬(∀x(B(x) Ô⇒ F (x))).
“Some bird cannot fly.”
∃x(B(x) ∧ ¬F (x)).
Do “not all birds can fly” and “some bird cannot fly” have the samemeaning?
▸ What are the “meaning” of these sentences?▸ What is the “same”?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 5 / 156
More Examples
“Andy and Paul have the same biological maternal grandmother.”▸ Let M(x , y) denote that x is y ’s mother.▸ Consider
∀x∀y∀u∀v(M(x , y)∧M(y , andy)∧M(u, v)∧M(v ,paul) Ô⇒ x = u).
▸ Let m(x) denote x ’s biological mother.▸ Consider
m(m(andy)) = m(m(paul)).
Since everyone has exactly one biological mother, we introduce afunction m(x) to denote this fact.
In this chaper, we will consider these questions formally.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 6 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal languageTermsFormulaeFree and bound variablesSubstitution
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 7 / 156
Syntax
In our examples, there are two sorts of things:▸ B(x), M(x , y), B(x) ∧ ¬F (x) are formulae. They denote truth values;▸ y , paul , m(x) are terms. They denote objects.
Hence a predicate vocabulary has three sets.
P is a set of predicate symbols (B(x),M(x , y) etc).
F is a set of function symbols (m(x) etc).
C is a set of constant symbols (andy ,paul etc).
A function symbol f ∈ F with arity n (or n-arity) takes n arguments.
Observe that a 0-arity (or nullary) function is in fact a constant.
Hence C ⊆ F . We can ignore C for convenience.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 8 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal languageTermsFormulaeFree and bound variablesSubstitution
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 9 / 156
Terms
Definition
Terms are defined as follows.
Any variable is a term;
If c ∈ F is a nullary function symbol, c is a term;
If t1, t2, . . . , tn are terms and f ∈ F has arity n > 0, thenf (t1, t2, . . . , tn) is a term;
Nothing else is a term.
In Backus Naur form, we have
t ∶∶= x ∣ c ∣ f (t, . . . , t)
where x ∈ var is a variable, c ∈ F a nullary function symbol, and f ∈ Fa function symbol with arity > 0.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 10 / 156
Terms
Let n, f ,g ∈ F be function symbols with arity 0, 1, and 2 respectively.
g(f (n),n), f (f (n)), f (g(n,g(f (n),n))) are terms.
g(n), f (n,n), n(g) are not terms.
Let 0,1, . . . be nullary function symbols, and +,−,× binary functionsymbols.
+(×(3, x),1), +(×(x , x),+(×(2,×(x , y))),×(y , y)) are terms.
In infix notation, they are (3×x)+1, (x ×x)+((2×(x ×y))+(y ×y)).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 11 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal languageTermsFormulaeFree and bound variablesSubstitution
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 12 / 156
Formulae
Definition
Formulae are defined as follows.
If P ∈ P is a predicate symbol with arity n ≥ 1, and t1, t2, . . . tn areterms over F , then P(t1, t2, . . . , tn) is a formula;
If φ is a formula, so is (¬φ);
If φ and ψ are formulae, so are (φ ∧ ψ), (φ ∨ ψ), and (φ Ô⇒ ψ).
If φ is a formula and x is a variable, then (∀xφ) and (∃xφ) areformulae;
Nothing else is a formula.
In Backus Naur form, we have
φ ∶∶= P(t1, . . . , tn) ∣ (¬φ) ∣ (φ∧φ) ∣ (φ∨φ) ∣ (φ Ô⇒ φ) ∣ (∀xφ) ∣ (∃xφ)
where P ∈ P is a predicate symbol of arity n, t1, . . . , tn terms over F ,and x ∈ var a variable.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 13 / 156
Convention
It is very tedious to write parentheses.
We will assume the following binding priorities.▸ ¬, ∀x and ∃x (tightest)▸ ∨, ∧▸ Ô⇒ (right-associative and loosest)
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 14 / 156
Parse Tree
∀x
∧
Ô⇒
P
x
Q
x
S
x y
A predicate logic formula can be represented as a parse tree.▸ ∀x , ∃y are nodes;▸ arguments of function symbols are also nodes.
The above figure gives the parse tree of∀x((P(x) Ô⇒ Q(x)) ∧ S(x , y)).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 15 / 156
Example
Example
Write “every son of my father is my brother” in predicate logic.
Proof.
Let me denote ’me’, S(x , y) (x is a son of y), F (x , y) (x is the father ofy), and B(x , y) (x is a brother of y) be predicate symbols of arity 2.Consider
∀x∀y(F (x ,me) ∧ S(y , x) Ô⇒ B(y ,me)).
Alternatively, let f (f (x) is the father of x) be a unary function symbol.Consider
∀x(S(x , f (me)) Ô⇒ B(x ,me)).
Translating an English sentence into predicate logic can be tricky.
Can you identify problem(s) in the example?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 16 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal languageTermsFormulaeFree and bound variablesSubstitution
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 17 / 156
Constants and Variables
Let c ,d be constants (nullary functions).
Consider ∀x(P(x) Ô⇒ Q(x)) ∧ P(c) Ô⇒ Q(c).▸ If P(x) implies Q(x) for all x and P(c) is true, then Q(c) is true.
Intuitively, ∀y(P(y) Ô⇒ Q(y)) ∧ P(c) Ô⇒ Q(c) should have thesame meaning.
∀y(P(y) Ô⇒ Q(y)) ∧ P(d) Ô⇒ Q(d) is different.▸ We do not know if Q(c) is true.
Things can get very complicated when there are several variables.▸ ∀x((P(x) Ô⇒ Q(x)) ∧ S(x , y))▸ ∀z((P(z) Ô⇒ Q(z)) ∧ S(z , y))▸ ∀y((P(y) Ô⇒ Q(y)) ∧ S(y , x))
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 18 / 156
Free and Bound Variables
Definition
Let φ be a predicate logic formula. An occurrence of x in φ is free in φ ifit is a leaf node without ancestor nodes ∀x or ∃x in the parse tree of φ.Otherwise, the occurrence of x is bound. The scope of ∀x in ∀xφ is theformula φ minus any subformula in φ of the form ∀xψ or ∃xψ.
Ô⇒
∀x
∧
P
x
Q
x
∨
¬
P
x
Q
y
(∀x(P(x) ∧Q(x))) Ô⇒ (¬P(x) ∨Q(y))Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 19 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal languageTermsFormulaeFree and bound variablesSubstitution
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 20 / 156
Subsitution
Variables denote objects in predicate logic.
Hence variables can be replaced by terms (but not formulae).▸ Replace x in x ≠ x + 1 by 2 to get 2 ≠ 2 + 1.▸ What if we replace x by 2 = 2?
However, bound variables should not be replaced.
The variables x and y in ∀xφ and ∃yψ denote all or some objectsrespectively.
▸ What if we replace x in ∃x(x = 0) by 1?
Definition
Given a variable x , a term t and a formula φ, define φ[t/x] to be theformula obtained by replacing each free occurrence of x in φ with t.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 21 / 156
Example
Let φ = (∀x(P(x) ∧Q(x))) Ô⇒ (¬P(x) ∨Q(y)). Considerφ[f (x , y)/x].
Ô⇒
∀x
∧
P
x
Q
x
∨
¬
P
f
x y
Q
y
(∀x(P(x) ∧Q(x))) Ô⇒ (¬P(x) ∨Q(y))[f (x , y)/x]
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 22 / 156
Variable Capture in Substitution
Let φ = ∃y(y < x) and ψ = ∃z(z < x).▸ Since φ and ψ only differ in bound variables, they should have the
same meaning.
Consider φ[(y − 1)/x] = ∃y(y < y − 1).
The variable y in y − 1 is caught by the bound variable in φ.
Consider ψ[(y − 1)/x] = ∃z(z < y − 1).
The variable y in y − 1 is not caught in the substitution ψ[(y − 1)/x].
Definition
Let t be a term, x a variable, and φ a formula. t is free for x in φ if nofree x leaf in φ occurs in the scope of ∀y or ∃y for any variable yoccurring in t.
Examples: y − 1 is free for x in ∃z(z < x); y − 1 is not free for x in∃y(y < x).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 23 / 156
Example
∧
S
x
∀y
Ô⇒
P
x
Q
y
Consider φ = S(x) ∧ ∀y(P(x) Ô⇒ Q(y)) and t = f (y , y).
The two occurrences of x in φ are free.
The right occurrence of x in φ is in the scope of ∀y and y occurs in t.
t is not free for x in φ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 24 / 156
Substitution and Variable Capture
When t is not free for x in φ, the substitution φ[t/x] is not desirable.
However, we can always rename bound variables for substitution.
When we write φ[t/x], we mean all bound variables in φ are renamedso that t is free for x in φ.
Examples.▸ φ = ∃y(y < x) and t = y − 1. t is not free for x in φ. Rename the
bound variable y to z and obtain ψ = ∃z(z < x). t is free for x in ψ.▸ φ = S(x) ∧ ∀y(P(x) Ô⇒ Q(y)) and t = f (y , y). t is not free for x inφ. Rename the bound variable y to z and obtainψ = S(x) ∧ ∀z(P(x) Ô⇒ Q(z)). t is free for x in ψ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 25 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof AssistantBow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 26 / 156
Natural Deduction for Predicate Logic
Similar to propositional logic, predicate logic has its natural deductionproof system.
Naturally, the natural deduction proof rules for contradiction (�),negation (¬), and Boolean connectives (∨, ∧, Ô⇒ ) are the same asthose in propositional logic.
Additionally, there are proof rules for equality (=) and quantification(∀ and ∃).
Again, these additional rules have two types: introduction andelimination rules.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 27 / 156
Equality
Let s and t be terms.
What do we mean by s = t?
Shall we say 2 + 1 = 2 + 1?
What about 261 − 1 = 2305843009213693951?
Apparently, if two terms are syntactically equal, they are equal.▸ This is called intensional equality.
In practice, if two terms denote the same object, they are equal.▸ This is called extensional equality.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 28 / 156
Natural Deduction Proof Rules for Equality
The introduction rule for equality is as follows.
t = t = i
The elimination rule for equality is as follows.
t1 = t2 φ[t1/x]φ[t2/x]
= e
(t1 and t2 are free for x in φ).▸ The requirement “t1 and t2 are free for x in φ” is called the side
condition of the proof rule.
By convention, we assume the side condition holds in all substitutions.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 29 / 156
Example
Example
Showx + 1 = 1 + x , (x + 1) > 1 Ô⇒ (x + 1) > 0 ⊢ (1 + x) > 1 Ô⇒ (1 + x) > 0.
Proof.
1 x + 1 = 1 + x premise2 (x + 1) > 1 Ô⇒ (x + 1) > 0 premise3 (1 + x) > 1 Ô⇒ (1 + x) > 0 =e 1, 2
In step 3, take φ = x > 1 Ô⇒ x > 0, t1 = x + 1, and t2 = 1 + x . Thenφ[t1/x] = (x + 1) > 1 Ô⇒ (x + 1) > 0,φ[t2/x] = (1 + x) > 0 Ô⇒ (1 + x) > 0.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 30 / 156
Symmetry of Equality
Example
Show t1 = t2 ⊢ t2 = t1.
Proof.
1 t1 = t2 premise2 t1 = t1 =i3 t2 = t1 =e, 1, 2
Take φ = (x = t1). φ[t1/x] = (t1 = t1) and φ[t2/x] = (t2 = t1).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 31 / 156
Transitivity of Equality
Example
Show t1 = t2, t2 = t3 ⊢ t1 = t3.
Proof.
1 t2 = t3 premise2 t1 = t2 premise3 t1 = t3 =e, 1, 2
Take φ = (t1 = x). φ[t2/x] = (t1 = t2) and φ[t3/x] = (t1 = t3).
Thus, the rules =i and =e give us the reflexity, symmetry, andtransitivity of equality.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 32 / 156
Natural Deduction Proof Rules for Universal Quantification
The elimination rule for universal quantification is the following:
∀xφφ[t/x] ∀xe
when t is free for x in φ.
To see why t must be free for x in φ, let φ be ∃y(x < y). For naturalnumbers, ∀x∃y(x < y) is clearly true (“for any number, there is alarger number”). But if we take t = y , φ[t/x] = ∃y(y < y). This iswrong. Hence t must be free for x in φ.
▸ If we really need to replace x by y in this case, we should rewrite∃y(x < y) to ∃z(x < z) and obtain ∃z(x < z)[x/y] = ∃z(y < z).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 33 / 156
Natural Deduction Proof Rules for Universal Quantification
The introduction rule for universal quantification opens a new box fora fresh variable x0:
x0 ....φ[x0/x]∀xφ ∀xi
(By “fresh,” we mean x0 does not occur outside of the box.)
Informally, the rule ∀x i says “if we can establish φ[x0/x] for a freshx0, then we can derive ∀xφ.”
▸ Intuitively, x0 can be an arbitrary term since it is fresh and assumesnothing. If we can show φ[x0/x], we have ∀xφ.
▸ Another way to see this is to replace x0 by a term t in the box. Wewould have a proof for φ[t/x]. That is, we have shown ∀xφ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 34 / 156
Example
Example
Show ∀x(P(x) Ô⇒ Q(x)),∀xP(x) ⊢ ∀xQ(x).
Proof.
1 ∀x(P(x) Ô⇒ Q(x)) premise2 ∀xP(x) premise3 x0 P(x0) Ô⇒ Q(x0) ∀xe 1 ⌉4 P(x0) ∀xe 2 ∣5 Q(x0) Ô⇒ e 4, 3 ⌋6 ∀xQ(x) ∀x i 3–5
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 35 / 156
Example
Example
Show P(t),∀x(P(x) Ô⇒ ¬Q(x)) ⊢ ¬Q(t) for any term t.
Proof.
1 P(t) premise2 ∀x(P(x) Ô⇒ ¬Q(x)) premise3 P(t) Ô⇒ ¬Q(t) ∀xe 24 ¬Q(t) Ô⇒ e 1, 3
In step 3, we apply ∀xe by replacing x with t. We could apply thesame rule with a different term, say, a. Hence the rule ∀xe is in fact ascheme of rules; one for each term t (free of x in φ).
Also, we have different introduction and elimination rule. for differentvariables. That is, we have ∀x i, ∀xe, ∀y i, ∀ye, and so on. We willsimply write ∀i and ∀ e when bound variables are clear.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 36 / 156
Universal Quantification and Conjunction
It is helpful to compare proof rules for universal quantification andconjunction.
Introduction rules:▸ To establish ∀xφ, we need to show φ[t/x] for any term t. This is
accomplished by proving φ[x0/x] with the box for a fresh variable x0;▸ To establish φ ∧ ψ, we need to show φ and ψ.
Elimination rules:▸ To eliminate ∀xφ, we pick a term (free for x in φ) and deduce φ[t/x];▸ To eliminate φ ∧ ψ, we deduce φ (or ψ).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 37 / 156
Natural Deduction Proof Rule for Existential Quantification
The introduction rule for existential quantification is as follows.
φ[t/x]∃xφ ∃xi
when t is free for x in φ.
To see why t must be free for x in φ, consider ∃x∀y(x = y). This isclearly wrong for, say, natural numbers. Let φ = ∀y(x = y) and t = y .Since φ[t/x] = ∀y(y = y) is deducible (=i, ∀y i), we would have∃x∀y(x = y).
Recall the elimination rule for universal quantification:
∀xφφ[t/x] ∀xe
when t is free for x in φ.∀xe is the “dual” of ∃x i.
▸ Recall the duality of ∧e and ∨i.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 38 / 156
Natural Deduction Proof Rule for Existential Quantification
The elimination rule for existential quantification is as follows.
∃xφx0
φ[x0/x]....χ
χ ∃xe
Informally, the rule ∃xe says: to show χ from ∃xφ, we show χ byassuming φ[x0/x] for a fresh variable x0.
▸ Intuitively, x0 stands for an unknown term t such that φ[t/x] holds. Ifwe can deduce χ by assuming φ[t/x], then χ is deducible from ∃xφ.
Note that x0 must not occur in χ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 39 / 156
Existential Quantification and Disjunction
It is helpful to compare the elimination rules for existentialquantification and disjunction.
Recall
φ ∨ ψ
φ....χ
ψ....χ
χ ∨e
To eliminate φ ∨ ψ, we show that χ is deducible by assuming φ orassuming ψ.
To eliminate ∃xφ, we show that χ is deducible by assuming φ[x0/x].
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 40 / 156
Subformula Property I
An elimination rule has subformula property if it must conclude with asubformula of the eliminated formula.
For example, both ∧e1 and ¬e have the subformula property.
φ ∧ ψφ
∧e1¬¬φφ
¬¬e
Since the conclusion of ∀xe has the same logical structure as theeliminated formula, we also say ∀xe has the subformula property.
∀xφφ[t/x] ∀xe
▸ Strictly speaking, φ[t/x] may not be a subformula of ∀xφ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 41 / 156
Subformula Property II
The subformula property helps proof search.▸ We need not invent a formula for rules with the property.▸ Such rules are good for automated proof search.
∨e and ∃xe however do not have the subformula property.
φ ∨ ψ
φ....χ
ψ....χ
χ ∨e
∃xφx0
φ[x0/x]....χ
χ ∃xe
▸ The conclusion χ must be chosen carefully.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 42 / 156
Examples I
Example
Show ∀xφ ⊢ ∃xφ.
Proof.
1 ∀xφ premise2 φ[x/x] ∀xe 13 ∃xφ ∃x i 2
(Is x free for x in φ[x/x]?)
Is it correct?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 43 / 156
Examples II
Example
Show ∀x(P(x) Ô⇒ Q(x)),∃xP(x) ⊢ ∃xQ(x).
Proof.
1 ∀x(P(x) Ô⇒ Q(x)) premise2 ∃xP(x) premise3 x0 P(x0) assumption ⌉4 P(x0) Ô⇒ Q(x0) ∀xe 1 ∣5 Q(x0) Ô⇒ e 3, 4 ∣6 ∃xQ(x) ∃x i 5 ⌋7 ∃xQ(x) ∃xe 2, 3–6
(Can we close the box at line 5 instead of 6? Why not?)
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 44 / 156
Examples III
Example
Show ∃xP(x),∀x∀y(P(x) Ô⇒ Q(y)) ⊢ ∀yQ(y).
Proof.
1 ∃xP(x) premise2 ∀x∀y(P(x) Ô⇒ Q(y)) premise3 y0 ⌉4 x0 P(x0) assumption ⌉ ∣5 ∀y(P(x0) Ô⇒ Q(y)) ∀xe 2 ∣ ∣6 P(x0) Ô⇒ Q(y0) ∀ye 5 ∣ ∣7 Q(y0) Ô⇒ e 4, 6 ⌋ ∣8 Q(y0) ∃xe 1, 4–7 ⌋9 ∀yQ(y) ∀y i 3–8
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 45 / 156
Box Box Box I
Fresh variables in box must not appear outside!
If not, we could show ∃xP(x),∀x(P(x) Ô⇒ Q(x)) ⊢ ∀yQ(y)!1 ∃xP(x) premise2 ∀x(P(x) Ô⇒ Q(x)) premise3 x0 ⌉4 x0 P(x0) assumption ⌉ ∣5 P(x0) Ô⇒ Q(x0) ∀xe 2 ∣ ∣6 Q(x0) Ô⇒ e 4, 5 ⌋ ∣7 Q(x0) ∃xe 1, 4–6 ⌋8 ∀yQ(y) ∀y i 3–7
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 46 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof AssistantBow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 47 / 156
Equivalent Predicate Logic Formulae I
Let φ and ψ be predicate logic formulae.
φ ⊣⊢ ψ denotes tha φ ⊢ ψ and ψ ⊢ φ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 48 / 156
Equivalent Predicate Logic Formulae II
Theorem
Let φ and ψ be predicate logic formulae. We have
1 (a) ¬∀xφ ⊣⊢ ∃x¬φ; (b) ¬∃xφ ⊣⊢ ∀x¬φ.
2 When x is not free in ψ:(a) ∀xφ ∧ ψ ⊣⊢ ∀x(φ ∧ ψ); (b) ∀xφ ∨ ψ ⊣⊢ ∀x(φ ∨ ψ);(c) ∃xφ ∧ ψ ⊣⊢ ∃x(φ ∧ ψ); (d) ∃xφ ∨ ψ ⊣⊢ ∃x(φ ∨ ψ);(e) ∀x(ψ Ô⇒ φ) ⊣⊢ ψ Ô⇒ ∀xφ;(f) ∃x(φ Ô⇒ ψ) ⊣⊢ ∀xφ Ô⇒ ψ;(g) ∀x(φ Ô⇒ ψ) ⊣⊢ ∃xφ Ô⇒ ψ;(h) ∃x(ψ Ô⇒ φ) ⊣⊢ ψ Ô⇒ ∃xφ .
3 (a) ∀xφ ∧ ∀xψ ⊣⊢ ∀x(φ ∧ ψ); (b) ∃xφ ∨ ∃xψ ⊣⊢ ∃(φ ∨ ψ).
4 (a) ∀x∀yφ ⊣⊢ ∀y∀xφ (b) ∃x∃yφ ⊣⊢ ∃y∃xφ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 49 / 156
∃x¬φ ⊢ ¬∀xφ
1 ∃x¬φ premise2 ∀xφ assumption ⌉3 x0 ¬φ[x0/x] assumption ⌉ ∣4 φ[x0/x] ∀e 2 ∣ ∣5 � ¬e 4, 3 ⌋ ∣6 � ∃xe 1, 3–5 ⌋7 ¬∀xφ ¬i 2–6
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 50 / 156
¬∀xφ ⊢ ∃x¬φ
1 ¬∀xφ premise2 ¬∃x¬φ assumption ⌉3 x0 ⌉ ∣4 ¬φ[x0/x] assumption ⌉ ∣ ∣5 ∃x¬φ ∃x i 4 ∣ ∣ ∣6 � ¬e 5, 2 ⌋ ∣ ∣7 φ[x0/x] RAA 4–6 ⌋ ∣8 ∀xφ ∀x i 3–7 ∣9 � ¬e 8, 1 ⌋
10 ∃x¬φ RAA 2–9
The proof structure is similar to ¬(p1 ∧ p2) ⊢ ¬p1 ∨ ¬p2.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 51 / 156
¬(p1 ∧ p2) ⊢ ¬p1 ∨ ¬p2
1 ¬(p1 ∧ p2) premise2 ¬(¬p1 ∨ ¬p2) assumption ⌉3 ¬p1 assumption ⌉ ∣4 ¬p1 ∨ ¬p2 ∨i1 3 ∣ ∣5 � ¬e 4, 2 ⌋ ∣6 p1 RAA 3–5 ∣3’ ¬p2 assumption ⌉ ∣4’ ¬p1 ∨ ¬p2 ∨i2 3’ ∣ ∣5’ � ¬e 4’, 2’ ⌋ ∣6’ p2 RAA 3’–5’ ∣7 p1 ∧ p2 ∧i 6, 6’ ∣8 � ¬e 7, 1 ⌋9 ¬p1 ∨ ¬p2 RAA 2–8.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 52 / 156
∀xφ ∧ ψ ⊢ ∀x(φ ∧ ψ) and ∀x(φ ∧ ψ) ⊢ ∀xφ ∧ ψ (x not free in ψ)
1 (∀xφ) ∧ ψ premise2 ∀xφ ∧e1 13 ψ ∧e2 24 x0 ⌉5 φ[x0/x] ∀xe 2 ∣6 φ[x0/x] ∧ ψ ∧i 5, 3 ∣7 (φ ∧ ψ)[x0/x] x not free in ψ ⌋8 ∀x(φ ∧ ψ) ∀x i 4–7
1 ∀x(φ ∧ ψ) premise2 x0 ⌉3 (φ ∧ ψ)[x0/x] ∀xe 1 ∣4 φ[x0/x] ∧ ψ x not free in ψ ∣5 ψ ∧e2 4 ∣6 φ[x0/x] ∧e1 4 ⌋7 ∀xφ ∀x i 2–68 ∀xφ ∧ ψ ∧i 7, 5
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 53 / 156
(∃xφ) ∨ (∃xψ) ⊢ ∃x(φ ∨ ψ)
1 (∃xφ) ∨ (∃xψ) premise2 ∃xφ assumption ⌉3 x0 φ[x0/x] assumption ⌉ ∣4 φ[x0/x] ∨ ψ[x0/x] ∨i1 3 ∣ ∣5 (φ ∨ ψ)[x0/x] same as 4 ∣ ∣6 ∃x(φ ∨ ψ) ∃x i 5 ⌋ ∣7 ∃x(φ ∨ ψ) ∃xe 2, 3–6 ⌋2’ ∃xψ assumption ⌉3’ y0 ψ[y0/x] assumption ⌉ ∣4’ φ[y0/x] ∨ ψ[y0/x] ∨i2 3’ ∣ ∣5’ (φ ∨ ψ)[y0/x] same as 4’ ∣ ∣6’ ∃x(φ ∨ ψ) ∃x i 5’ ⌋ ∣7’ ∃x(φ ∨ ψ) ∃xe 2’, 3’–6’ ⌋8 ∃x(φ ∨ ψ) ∨e 1, 2–7, 2’–7’
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 54 / 156
∃x∃yφ ⊢ ∃y∃xφ
1 ∃x∃yφ premise2 x0 (∃yφ)[x0/x] assumption ⌉3 ∃y(φ[x0/x]) x and y different ∣4 y0 φ[x0/x][y0/y] assumption ⌉ ∣5 φ[y0/y][x0/x] x , y , x0, y0 different ∣ ∣6 ∃xφ[y0/y] ∃x i 5 ∣ ∣7 ∃y∃xφ ∃y i 6 ⌋ ∣8 ∃y∃xφ ∃ye 3, 4–7 ⌋9 ∃y∃xφ ∃xe 1, 2–8
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 55 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logicModelsSemantic entailmentSemantics of equality
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 56 / 156
Deduction and Satisfaction
Let Γ be a set of predicate logic formulae and ψ a predicate logicformula.
We know how to show Γ ⊢ ψ.▸ Intuitively, ψ “holds” when every formulae in Γ hold.
What if we want to show Γ /⊢ ψ?▸ How do we show “there is no such deduction?”
Intuitively, we want to argue that ψ does not hold even when everyformulae in Γ hold.
Hence we will discuss when predicate logic formulae “hold.”
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 57 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logicModelsSemantic entailmentSemantics of equality
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 58 / 156
Models
Recall that we have constant, function, and predicate symbols inpredicate logic.
The semantics of terms and atomic predicates are defined in models.
Definition
Let F and P be a set of function and predicate symbols respectively. Amodel M of (F ,P) consists of
A non-empty set A called the universe;
For function symbol f ∈ F with arity n ≥ 0, a function fM ∶ An → A;▸ Particularly, a constant symbol c ∈ F is an element cM ∈ A.
For predicate symbol P ∈ P with arity n > 0, a set PM ⊆ An.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 59 / 156
Example of Models
Let F = {e, ⋅} and P = {≤} where e is a constant, ⋅ a binary function,and ≤ a binary predicate symbol respectively. We use infix notationfor ⋅ and ≤.
Consider the model M:▸ the universe A is the set of all binary finite strings;▸ eM is the empty string ε;▸ ⋅M is string concatenation;▸ ≤M is the string prefix relation.
For instance, 00 ⋅M 111 = 00111 and 01 ≤M 011.
In this model,▸ ∀x((x ≤ x ⋅ e) ∧ (x ⋅ e ≤ x)) is true.▸ ∃y∀x(y ≤ x) is true.▸ ∀x∀y∀z((x ≤ y) Ô⇒ (x ⋅ z ≤ y ⋅ z)) is false.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 60 / 156
Environment
For the semantics of ∀xφ and ∃xφ, we need to check whether φ istrue when x is assigned to an element of the universe.
A model (F ,P) however does not give semantics to variables.
Definition
An environment for a universe A is a function l ∶ var → A. If l is anenvironment, x ∈ var, and a ∈ A, the environment l[x ↦ a] is defined asfollows.
l[x ↦ a](y) = { a if x = yl(y) if x ≠ y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 61 / 156
Semantics of Predicate Logic Formulae
Definition
Let M be a model of (F ,P), l an environment, and φ a predicate logicformula. M ⊧l φ holds is defined as follows.
M ⊧l P(t1, t2, . . . , tn) holds if (a1, a2, . . . , an) ∈ PM wherea1, a2, . . . , an ∈ A are computed for t1, t2, . . . , tn by F and l ;
M ⊧l ∀xψ holds if M ⊧l[x↦a] ψ for every a ∈ A;
M ⊧l ∃xψ holds if M ⊧l[x↦a] ψ for some a ∈ A;
M ⊧l ¬ψ holds if it is not the case M ⊧l ψ;
M ⊧l ψ0 ∨ ψ1 holds if M ⊧l ψ0 holds or M ⊧l ψ1 holds;
M ⊧l ψ0 ∧ ψ1 holds if M ⊧l ψ0 holds and M ⊧l ψ1 holds;
M ⊧l ψ0 Ô⇒ ψ1 holds if M ⊧l ψ1 holds whenever M ⊧l ψ0 holds.
If M ⊧l φ holds, we say φ computes to T in M with respect to l . Also, wewrite M /⊧l φ when it is not the case M ⊧l φ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 62 / 156
Sentences
Let φ be a predicate logic formula, l and l ′ two environments thatagree on free variables of φ.
▸ That is, l(x) = l ′(x) for every free variable x in φ.
By induction on φ, it is straightforward to show M ⊧l φ holds if andonly if M ⊧l ′ φ.
A sentence is a predicate logic formula without free variables.
Let φ be a sentence. Either▸ M ⊧l φ holds for every environment l ; or▸ M ⊧l φ does not hold for every environment l .
Hence we write M ⊧ φ (or M /⊧ φ) for a sentence φ since the choiceof l does not matter.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 63 / 156
Example
Consider (F ,P) = ({alma},{loves}) where alma is a constant andloves is a binary predicate.
Let M be a model of (F ,P) with the universe A = {a,b, c},almaM = a, and lovesM = {(a, a), (b, a), (c , a)}.
Consider the statement:
None of Alma’s lovers’ lovers love her.
We first translate the statement into a predicate logic formula φ:
∀x∀y(loves(x , alma) ∧ loves(y , x) Ô⇒ ¬loves(y , alma)).
We have M /⊧ φ.▸ Choose a for x and b for y . We have (a, a) ∈ lovesM and
(b, a) ∈ lovesM but it is not the case (b, a) /∈ lovesM.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 64 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logicModelsSemantic entailmentSemantics of equality
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 65 / 156
Semantic Entailment
Definition
Let Γ be a (possibly infinite) set of predicate logic formulae and ψ apredicate logic formula.
Γ ⊧ ψ holds (or Γ semantically entails ψ) if for every model M andenvironment l , M ⊧l ψ holds whenever M ⊧l φ holds for every φ ∈ Γ;
ψ is satisfiable if there is a model M and an environment l such thatM ⊧l ψ holds;
ψ is valid if M ⊧l ψ holds for every model M and environment lwhere we can compute ψ;
Γ is consistent or satisfiable if there is a model M and anenvironment l such that M ⊧l φ for every φ ∈ Γ.
Note that “⊧” has two different meanings:▸ M ⊧ ψ means “ψ computes to T in M;”▸ φ1, φ2, . . . , φn ⊧ ψ means “ψ is semantically entailed by φ1, φ2, . . . , φn.”
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 66 / 156
Checking M ⊧ ψ and φ1, φ2, . . . , φn ⊧ ψ
Let ψ,φ1, φ2, . . . , φn be sentences.
To check if M ⊧ ψ holds, we need to enumerate all elements in theuniverse if ψ contains ∀ or ∃.
To check if φ1, φ2, . . . , φn ⊧ ψ holds, we need to consider all possiblemodels satisfying φ1, φ2, . . . , φn.
Both sound difficult since a model may contain an infinite number ofelements in its universe.
However, we may still prove semantic entailments.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 67 / 156
Examples I
Example
Show ∀x(P(x) Ô⇒ Q(x)) ⊧ ∀xP(x) Ô⇒ ∀xQ(x).
Proof.
LetM be a model thatM ⊧ ∀x(P(x) Ô⇒ Q(x)). There are two cases:
M /⊧ ∀xP(x). Then M ⊧ ∀xP(x) Ô⇒ ∀xQ(x).
M ⊧ ∀xP(x). Let a be an element in the universe of M. We havea ∈ PM since M ⊧ ∀xP(x) and hence a ∈ QM sinceM ⊧ ∀x(P(x) Ô⇒ Q(x)). That is, M ⊧ ∀xQ(x). We concludeM ⊧ ∀xP(x) Ô⇒ ∀xQ(x).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 68 / 156
Examples II
Example
Show ∀xP(x) Ô⇒ ∀xQ(x) /⊧ ∀x(P(x) Ô⇒ Q(x)).
Proof.
Let M′ be a model where A′ = {a,b}, PM′ = {a}, and QM
′ = {b}. SinceM′ /⊧ ∀xP(x), M′ ⊧ ∀xP(x) Ô⇒ ∀xQ(x). Since a ∈ PM′
but a /∈ QM′
,M′ /⊧ ∀x(P(x) Ô⇒ Q(x)).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 69 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logicModelsSemantic entailmentSemantics of equality
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 70 / 156
Semantics of Equality
Observe that = is also a binary predicate.
But the symbol “=” is somewhat special.▸ We did not say =∈ P.▸ Rather, we explicitly say that = denotes the equality.
This is because we do not want to interpret the equality arbitrarily.▸ It sounds absurd if a = b means a is not b.
In all model M, we always have =M△= {(a, a) ∶ a ∈ A}.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 71 / 156
Outline1 The need for a richer language2 Predicate logic as a formal language
TermsFormulaeFree and bound variablesSubstitution
3 Proof theory of predicate logic4 Quantifier equivalences5 Semantics of predicate logic
ModelsSemantic entailmentSemantics of equality
6 Undecidability of predicate logic7 Expressiveness of predicate logic
Existential second-order logicUniversal second-order logic
8 The Coq Proof AssistantBow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 72 / 156
Validity Problem for Predicate Logic
Definition
Given a predicate logic formula φ, the validity problem for predicate logicis to check whether ⊧ φ holds or not.
For a propositional logic formula φ, it is decidable to check whether⊧ φ holds.
▸ The validity problem for propositional logic is coNP-complete.
For a predicate logic formula φ, it is unclear how to design analgorithm.
We will show the validity problem for predicate logic is undecidable.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 73 / 156
Post Correspondence Problem
Definition
Given C = ((s1, t1), (s2, t2), . . . , (sk , tk)) where si , ti are non-empty binarystrings for every 1 ≤ i ≤ k. The Post correspondence problem (PCP) is tocheck whether there are 1 ≤ i1, i2, . . . , in ≤ k such that si1si2⋯sin = ti1ti2⋯tin .
For example, consider C = ((1,101), (10,00), (011,11)). We have
1 011 10 011 = 101 11 00 11.
The Post correspondence problem is undecidable.▸ For details, study computational complexity.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 74 / 156
Undecidability of Validity Problem I
Theorem
The validity problem for predicate logic is undecidable.
Proof.
Let C = ((s1, t1), (s2, t2), . . . , (sk , tk)) be an instance of PCP. We build apredicate logic formula φ so that C has a solution iff ⊧ φ holds.Let F = {e, f0, f1} and P = {P}. The function symbols e, f0(), f1() encodebinary strings. The binary predicate symbol P(s, t) means “there arei1, i2, . . . , im so that s = si1si2⋯sim and t = ti1ti2⋯tim .”For instance, 1011 = f1(f1(f0(f1(e)))) = f1011(e). Moreover, we writefb1b2⋯bh(v) for fbh(fbh−1⋯fb1(v)⋯) where b1b2⋯bh is a binary string.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 75 / 156
Undecidability of Validity Problem II
Proof (cont’d).
Define
φ1△=
k
⋀i=1
P(fsi (e), fti (e))
φ2△= ∀v∀w(P(v ,w) Ô⇒
k
⋀i=1
P(fsi (v), fti (w))
φ3△= ∃zP(z , z)
We claim ⊧ φ1 ∧ φ2 Ô⇒ φ3 iff C has a solution.Suppose ⊧ φ1 ∧ φ2 Ô⇒ φ3. Consider the model M for (F ,P) as follows.
The universe A is the set of all finite binary strings. eM△= ε, fM0 (s) △= s0,
and fM1 (s) △= s1. Finally, PM = {(s, t) ∶ there are i1, i2, . . . , im so that s =si1si2⋯sim and t = ti1ti2⋯tim}. We have M ⊧ φ1 ∧ φ2 Ô⇒ φ3. Moreover,since M ⊧ φ1 and M ⊧ φ2 (why?), M ⊧ φ3. That is, there is a binarystring z and i1, i2, . . . , in such that z = si1si2⋯sin = ti1ti2⋯tin .
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 76 / 156
Undecidability of Validity Problem III
Proof (cont’d).
Conversely, suppose C has a solution i1, i2, . . . , in that si1si2⋯sin = ti1ti2⋯tin .We need to show M′ ⊧ φ1 ∧φ2 Ô⇒ φ3 for every model M′ defining eM
′
,fM
′
0 , fM′
1 , and PM′
. Clearly, M′ ⊧ φ1 ∧ φ2 Ô⇒ φ3 when M′ /⊧ φ1 ∧ φ2.It suffices to consider M′ ⊧ φ1 ∧ φ2, and show M′ ⊧ φ3 as well.Let A′ be the universe of M′. We interpret finite binary strings in A′ asfollows.
interpret(ε) △= eM′
interpret(s0) △= fM′
0 (interpret(s))interpret(s1) △= fM
′
1 (interpret(s)).Hence, for instance, the string 1011 is interpreted as the elementfM
′
1 (fM′
1 (fM′
0 (fM′
1 (eM′)))). Generally, a finite binary string s isinterpreted as fM
′
s (eM′) in A′.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 77 / 156
Undecidability of Validity Problem IV
Proof (cont’d).
Since M′ ⊧ φ1, we have
(interpret(si), interpret(ti)) ∈ PM′
for 1 ≤ i ≤ k .
Since M′ ⊧ φ2, we have for every (interpret(s), interpret(t)) ∈ PM′
,
(interpret(ssi), interpret(tti)) ∈ PM′
for 1 ≤ i ≤ k .
Thus,(interpret(si1si2⋯sin), interpret(ti1ti2⋯tin)) ∈ PM
′
.
Moreover, si1si2⋯sin = ti1ti2⋯tin since i1, i2, . . . , in is a solution to C . Henceinterpret(si1si2⋯sin) = interpret(ti1ti2⋯tin). In other words, M′ ⊧ φ3.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 78 / 156
Undecidability of Validity Problem V
Corollary
The satisfiability problem for predicate logic is undecidable.
Proof.
Observe ⊧ φ holds iff ¬φ is not satisfiable.
Theorem
For any predicate logic sentence φ, ⊢ φ iff ⊧ φ.
Corollary
It is undecideable to check whether ⊢ φ for any predicate logic sentence φ.
The undecidability of provability problem for predicate logic means itis impossible to build a perfect automatic theorem prover.
Just like art, human creativity is still important in mathematics!
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 79 / 156
A Glimpse into Completeness I
Similar to propositional logic, the natural deduction proof system forprediate logic is both sound and complete.
Proving completeness however is much harder for predicate logic.▸ There is no truth table for predicate logic.
We will give the first step to establish completeness.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 80 / 156
A Glimpse into Completeness II
Lemma
Let Γ be a set of predicate logic formulae. The following are equivalent:
1 Γ ⊧ φ implies Γ ⊢ φ;
2 Γ ⊧ � implies Γ ⊢ �.
Proof.
(1) to (2). Suppose Γ ⊧ �. Then Γ ⊢ � by (1).(2) to (1). Suppose Γ ⊧ φ. Then Γ ∪ {¬φ} ⊧ �. Hence Γ ∪ {¬φ} ⊢ �.Therefore Γ ⊢ φ using RAA.
To show completeness, it suffices to show that for every Γ, Γ /⊢ �implies Γ is satisfiable.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 81 / 156
Completeness and Undecidability
We have two facts about predicate logic formulae.▸ ⊧ φ implies ⊢ φ; and▸ it is undecidable to check if ⊢ φ.
If a predicate logic formula is valid, then there is a natural deductionproof.
On the other hand, it is impossible to have a program which checkswhether there is a natural deduction proof.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 82 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logicExistential second-order logicUniversal second-order logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 83 / 156
Reachability
s0 s1
s2s3
Example
Let A = {s0, s1, s2, s3} andRM = {(s0, s1), (s1, s0), (s1, s1), (s1, s2), (s2, s0), (s3, s0), (s3, s2)}. Wewrite s → s ′ if (s, s ′) ∈ RM, and say there is a transition from s to s ′.
Definition
Given a directed graph G and nodes n,n′ in G , the reachability problemfor G is to check whether there is a path of transition from n to n′.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 84 / 156
Reachability in Predicate Logic
Let (F ,P) = (∅,{R}) with a binary predicate R.
A model of (F ,P) denotes a directed graph.
Can we write a predicate logic formula φ with free variables u and vto express u → ⋯→ v?
Consider
u = v∨R(u, v)∨∃x0(R(u, x0) ∧ R(x0, v))∨∃x0∃x1(R(u, x0) ∧ R(x0, x1) ∧ R(x1, v)) ∨⋯
But this is not a predicate logic formula since it is infinite.
We will show it is impossible to express reachability in predicate logic.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 85 / 156
Compactness Theorem
Theorem
Let Γ be a set of predicate logic sentences. If all finite subset of Γ issatisfiable, Γ is satisfiable.
Proof.
Assume Γ is not satisfiable. Then Γ ⊧ �. By the completeness theorem forpredicate logic, Γ ⊢ �. Since deductions are finite, we have ∆ ⊢ � for somefinite subset ∆ of Γ. By the soundness theorem for predicate logic, ∆ ⊧ �.∆ is not satisfiable, a contraction.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 86 / 156
Lowenhein-Skolem Theorem
Theorem
Let ψ be a predicate logic sentence. If ψ has a model with at least nelements for every n ≥ 1, ψ has a model with infinitely many elements.
Proof.
Define φn△= ∃x1∃x2⋯∃xn ⋀
1≤i<j≤n¬(xi = xj). Let Γ = {ψ} ∪ {φn ∶ n > 1}. For
every finite subset ∆ of Γ, ∆ is satisfiable. By the compactness theorem, Γis satisfiable by some model M. Particularly, M ⊧ ψ holds. Since M ⊧ φnfor every n ≥ 1, M has infinitely many elements.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 87 / 156
Reachability in Predicate Logic
Theorem
There is no predicate logic formula ψ with exactly two free variables u, vand exactly one binary predicate R such that ψ holds in directed graphs iffthere is a path in the graph from the node associated with u to the nodeassociated with v .
Proof.
Suppose ψ is a predicate logic formula expressing a path from u to v . Let
c and c ′ be constants. Define φ0△= c = c ′, φ1
△= R(c , c ′), and
φn△= ∃x1∃x2⋯∃xn−1(R(c , x1) ∧ R(x1, x2) ∧⋯ ∧ R(xn−1, c ′)).
Then φn expresses that there is a path of length n from c to c ′. LetΓ = {ψ[c/u][c ′/v]} ∪ {¬φi ∶ i ≥ 0}. For every finite subset ∆ of Γ, ∆ issatisfiable since there is always a path of an arbitrary finite length from cto c ′. By the compactness theorem, Γ is satisfiable. A contradiction.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 88 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logicExistential second-order logicUniversal second-order logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 89 / 156
Existential Second-Order Logic
In predicate logic, we can ask if there is an element with a certainproperty.
▸ Predicate logic is also called first-order logic.
We can generalize the concept and ask if there is a predicate with acertain property in existential second-order logic.
Let P be an n-ary predicate symbol.
∃Pφ is an existential second-order logic formula.
Let M be a model for all function and predicate symbols except Pand MT the same model with an additional n-ary relationT (= PMT ) ⊆ An. Define
M ⊧l ∃Pφ if MT ⊧l φ for some T (= PMT ) ⊆ An.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 90 / 156
Unreachability in Existential Second-Order Logic I
Consider the existential second-order logic formula∃P∀x∀y∀z(C1 ∧ C2 ∧ C3 ∧ C4) where
C1△= P(x , x)
C2△= P(x , y) ∧ P(y , z) Ô⇒ P(x , z)
C3△= P(u, v) Ô⇒ �
C4△= R(x , y) Ô⇒ P(x , y).
▸ Ci ’s are Horn clauses.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 91 / 156
Unreachability in Existential Second-Order Logic II
s0 s1
s2s3
Consider the directed graph M in the previous slide.
Let l(u) = s0 and l(v) = s3.
Does M ⊧l ∃P∀x∀y∀z(C1 ∧ C2 ∧ C3 ∧ C4) hold?
▸ Take T△= {(s, s ′) ∈ A ×A ∶ s ′ ≠ s3} ∪ {(s3, s3)}.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 92 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logicExistential second-order logicUniversal second-order logic
8 The Coq Proof Assistant
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 93 / 156
Universal Second-Order Logic
Let P be an n-ary predicate symbol.
∀Pφ is a universal second-order logic formula.
Let M be a model for all function and predicate symbols except P.Define
M ⊧l ∀Pφ if MT ⊧l φ for every T (= PMT ) ⊆ An.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 94 / 156
Reachability in Universal Second-Order Logic I
Theorem
Let M be a model of (∅,{R}) with a binary predicate symbol R.M ⊧l ∀P∃x∃y∃z(¬C1 ∨ ¬C2 ∨ ¬C3 ∨ ¬C4) holds iff l(v) is R-reachable
from l(u) in M, where C1△= P(x , x), C2
△= P(x , y) ∧ P(y , z) Ô⇒P(x , z), C3
△= P(u, v) Ô⇒ �, and C4△= R(x , y) Ô⇒ P(x , y).
Proof.
Assume MT ⊧l ∃x∃y∃z(¬C1 ∨ ¬C2 ∨ ¬C3 ∨ ¬C4) for every T ⊆ A ×A.Consider the reflexive and transitive closure T ∗ of RM. ThenMT∗ ⊧l ′ C1 ∧ C2 ∧ C4 where l ′ = l[x , y , z ↦ a,b, c] for all a,b, c ∈ AMT .Hence MT∗ ⊧l ′ ¬C3 and so MT∗ ⊧l ′ P(u, v). In other words,(l ′(u), l ′(v)) = (l(u), l(v)) ∈ T ∗. There is a finite path from l(u) tol(v).
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 95 / 156
Reachability in Universal Second-Order Logic II
Proof (cont’d).
Conversely, assume there is a finite path from l(u) to l(v). Let T ⊆ A ×A.There are two cases.
T is not reflexive, not transitive, or does not contain RM. ThenMT ⊧l ′ ¬C1, MT ⊧l ′ ¬C2, or MT ⊧l ′ ¬C4 for somel ′ = l[x , y , z ↦ a,b, c] for some a,b, c ∈ AMT .
T is reflexive, transitive, and contains RM. Then T contains thereflexive, transitive closure of RM. Note that (l(u), l(v)) is in thereflexive, transitive closure of RM. Hence MT ⊧l ′ ¬C3.
In all cases, we have MT ⊧l ∃x∃y∃z(¬C1 ∨ ¬C2 ∨ ¬C3 ∨ ¬C4).
Reachability is in fact expressible in existential second-order logic.
Given an existential second-order logic formula φ, whether there is anexistential second-order logic formula ψ such that ψ and ¬φ areequivalent is an open problem.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 96 / 156
Second- and Higher-Order Logic
If we allow both quantifiers in a formula, we get second-order logic.▸ For instance, ∃P∀Q(∀x∀y(Q(x , y) Ô⇒ Q(y , x)) Ô⇒∀u∀v(Q(u, v) Ô⇒ P(u, v))) is a second-order logic sentence.
Furthermore, if we allow quantifiers over relations of relations, we getthird-order logic.
Designing higher-order logic need be careful.▸ Nice properties such as compactness and completeness often fail.▸ Soundness theorem can also fail!
☀ Consider A△
= {x ∶ x /∈ x}.
Many theorem provers (Coq, Isabelle, HOL etc) are in fact based onhigher-order logics.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 97 / 156
Outline
1 The need for a richer language
2 Predicate logic as a formal language
3 Proof theory of predicate logic
4 Quantifier equivalences
5 Semantics of predicate logic
6 Undecidability of predicate logic
7 Expressiveness of predicate logic
8 The Coq Proof AssistantBow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 98 / 156
The Coq Proof Assistant
Coq is a proof assistant which checks every proof steps.
It has been developed by Institut national de recherche eninformatique et en automatique (INRIA) at France since 1984.
It is used to check the proofs of the four color theorem (September2004) and Feit-Thompson theorem (September 2012).
It is also used in the CompCert project to formally verify an optimizingC compiler for PowerPC, ARM, and 32-bit x86 processors (2005).
Coq is available on various platforms.
The contents of this lecture are borrowed from Coq Tutorial.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 99 / 156
Using Coq
We start up and exit Coq as follows.
$ coqtop
Welcome to Coq 8.12.0 (October 2020)
Coq < Quit .
$
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 100 / 156
Prop, Set, and Type
A sort classifies specifications.▸ a logical proposition has the sort Prop;▸ a mathematical collection has the sort Set; and▸ an abstract type has the sort Type.
Every Coq expression has a sort.
Coq < Check False .
False
: Prop
Coq < Check nat .
nat
: Set
Coq < Check O .
0
: nat
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 101 / 156
Basic Proof Tactics I
Let us do some simple proofs.
We first set up our context .
Coq < Section Simple .
Coq < Hypothesis P Q : Prop .
P is assumed
Q is assumed
In this code, we start a section called Simple.
We also make two hypotheses. Both P and Q are logical propositions.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 102 / 156
Basic Proof Tactics II
We first show P Ô⇒ P.
Coq < Lemma one_line : P -> P .
1 subgoal
P : Prop
Q : Prop
============================
P -> P
We declare a lemma called one line.
Coq asks us to show P Ô⇒ P from the hypotheses P and Q.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 103 / 156
Basic Proof Tactics III
The tactic intros introduces new hypotheses with the given name.
one_line < intros HP .
1 subgoal
P : Prop
Q : Prop
HP : P
============================
P
How does intros compare to the Ô⇒ i rule?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 104 / 156
Basic Proof Tactics IV
The tactic exact uses the named hypothesis.
one_line < exact HP .
Proof completed.
The command Qed finishes up the lemma.
one_line < Qed .
intros HP.
exact HP.
one_line is defined
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 105 / 156
Basic Proof Tactics V
We can check our new lemma and print its proof.
Coq < Check one_line .
one_line
: P -> P
Coq < Print one_line .
one_line = fun HP : P => HP
: P -> P
Observe how our proof is represented in Coq.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 106 / 156
Basic Proof Tactics VI
Tactics start with lowercase letters such as intros and exact.▸ We use tactics to construct formal proofs.
Commands on the other hand start with uppercase letters such asQuit, Section, Lemma, Qed, Print.
▸ We use commands to operate Coq.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 107 / 156
Basic Proof Tactics VII
Let us prove P Ô⇒ (P Ô⇒ Q) Ô⇒ Q.
Coq < Lemma MP : P -> (P -> Q) -> Q .
1 subgoal
P : Prop
Q : Prop
============================
P -> (P -> Q) -> Q
MP < intros HP HI .
1 subgoal
P : Prop
Q : Prop
HP : P
HI : P -> Q
============================
Q
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 108 / 156
Basic Proof Tactics VIII
The tactic apply matches the conclusion with the named hypothesisand lists unresolved conditions.
MP < apply HI .
1 subgoal
P : Prop
Q : Prop
HP : P
HI : P -> Q
============================
P
MP < exact HP .
Proof completed.
How does apply compare to Ô⇒ e?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 109 / 156
Basic Proof Tactics IX
Let us finish up the lemma and see the proof term.
MP < Qed .
intros HP HI.
apply HI.
exact HP.
MP is defined
Coq < Print MP .
MP = fun (HP : P) (HI : P -> Q) => HI HP
: P -> (P -> Q) -> Q
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 110 / 156
Basic Proof Tactics X
Let us prove P ∧Q Ô⇒ Q ∧ P.
Coq < Lemma conj_comm : P /\ Q -> Q /\ P .
1 subgoal
P : Prop
Q : Prop
============================
P /\ Q -> Q /\ P
conj_comm < intros conj .
1 subgoal
P : Prop
Q : Prop
conj : P /\ Q
============================
Q /\ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 111 / 156
Basic Proof Tactics XI
The tactic elim eliminates a named hypothesis.
conj_comm < elim conj .
1 subgoal
P : Prop
Q : Prop
conj : P /\ Q
============================
P -> Q -> Q /\ P
Observe that P ∧Q is decomposed into P and Q.
How does elim compare to ∧e1 and ∧e2?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 112 / 156
Basic Proof Tactics XII
We introduce two more hypotheses HP and HQ.
conj_comm < intros HP HQ .
1 subgoal
P : Prop
Q : Prop
conj : P /\ Q
HP : P
HQ : Q
============================
Q /\ P
Now we can use the hypotheses HP and HQ.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 113 / 156
Basic Proof Tactics XIII
The tactic split splits a conjunction into two.
conj_comm < split .
2 subgoals
P : Prop
Q : Prop
conj : P /\ Q
HP : P
HQ : Q
============================
Q
subgoal 2 is:
P
How does split compare to ∧i?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 114 / 156
Basic Proof Tactics XIV
We use hypotheses to prove the lemma.
conj_comm < exact HQ .
1 subgoal
P : Prop
Q : Prop
conj : P /\ Q
HP : P
HQ : Q
============================
P
conj_comm < exact HP .
Proof completed.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 115 / 156
Basic Proof Tactics XV
Let us finish up the lemma and see its proof term.
conj_comm < Qed .
intros conj.
elim conj.
intros HP HQ.
split.
exact HQ.
exact HP.
conj_comm is defined
Coq < Print conj_comm .
conj_comm =
fun conj0 : P /\ Q =>
and_ind (fun (HP : P) (HQ : Q) =>
conj HQ HP) conj0
: P /\ Q -> Q /\ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 116 / 156
Basic Proof Tactics XVI
Let us try to prove P ∨Q Ô⇒ Q ∨ P.
Coq < Lemma disj_comm : P \/ Q -> Q \/ P .
1 subgoal
P : Prop
Q : Prop
============================
P \/ Q -> Q \/ P
disj_comm < intros disj .
1 subgoal
P : Prop
Q : Prop
disj : P \/ Q
============================
Q \/ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 117 / 156
Basic Proof Tactics XVII
We eliminate the hypothesis disj.
disj_comm < elim disj .
2 subgoals
P : Prop
Q : Prop
disj : P \/ Q
============================
P -> Q \/ P
subgoal 2 is:
Q -> Q \/ P
How does elim compare to ∨e?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 118 / 156
Basic Proof Tactics XVIII
We next introduce a new hypothesis P.
disj_comm < intros HP .
2 subgoals
P : Prop
Q : Prop
disj : P \/ Q
HP : P
============================
Q \/ P
subgoal 2 is:
Q -> Q \/ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 119 / 156
Basic Proof Tactics XIX
The tactic right selects the left operand in a disjunction.
disj_comm < right .
2 subgoals
P : Prop
Q : Prop
disj : P \/ Q
HP : P
============================
P
subgoal 2 is:
Q -> Q \/ P
How does right compare to ∨i2?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 120 / 156
Basic Proof Tactics XX
The tactic assumption searches an exact hypothesis for theconclusion.
disj_comm < assumption .
1 subgoal
P : Prop
Q : Prop
disj : P \/ Q
============================
Q -> Q \/ P
We can combine a sequence of tactics by semicolon (;).
disj_comm < intros HQ; left; assumption .
Proof completed.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 121 / 156
Basic Proof Tactics XXI
We finish up the lemma and print our proof.
disj_comm < Qed .
intros disj.
elim disj.
intros HP.
right.
assumption.
intros HQ; left; assumption.
disj_comm is defined
Coq < Print disj_comm .
disj_comm =
fun disj : P \/ Q =>
or_ind (fun HP : P => or_intror Q HP)
(fun HQ : Q => or_introl P HQ) disj
: P \/ Q -> Q \/ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 122 / 156
Basic Proof Tactics XXII
Let us prove a lemma about double negation: P Ô⇒ ¬¬P.
Coq < Lemma PNNP : P -> ~~P .
1 subgoal
P : Prop
Q : Prop
============================
P -> ~ ~ P
PNNP < intros HP .
1 subgoal
P : Prop
Q : Prop
HP : P
============================
~ ~ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 123 / 156
Basic Proof Tactics XXIII
In Coq, ¬P is a shorthand for P Ô⇒ �.
We use red to expand a toplevel shorthand.
PNNP < red .
1 subgoal
P : Prop
Q : Prop
HP : P
============================
~ P -> False
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 124 / 156
Basic Proof Tactics XXIV
We introduce another hypothesis ¬P.
PNNP < intros HNP .
1 subgoal
P : Prop
Q : Prop
HP : P
HNP : ~ P
============================
False
How does this intros compare to ¬i?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 125 / 156
Basic Proof Tactics XXV
We have P and ¬P. The tactic absurd P exploits the contraction.
PNNP < absurd P .
2 subgoals
P : Prop
Q : Prop
HP : P
HNP : ~ P
============================
~ P
subgoal 2 is:
P
How does absurd compare to ¬e?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 126 / 156
Basic Proof Tactics XXVI
The tactic trivial performs a simple proof search.
PNNP < trivial .
1 subgoal
P : Prop
Q : Prop
HP : P
HNP : ~ P
============================
P
PNNP < trivial .
Proof completed.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 127 / 156
Basic Proof Tactics XXVII
Let us finish up the lemma, conclude the section, and check it.
PNNP < Qed .
intros HP.
red.
intros HNP.
absurd P.
trivial.
trivial.
PNNP is defined
Coq < End Simple .
Coq < Check PNNP .
PNNP
: forall P : Prop , P -> ~ ~ P
Note the hypothesis P is generalized after closing the section.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 128 / 156
Basic Proof Tactics XXVIII
Coq actually provides a complete tactic tauto.
Coq < Hypotheses P Q R S : Prop .
P is assumed
Q is assumed
R is assumed
S is assumed
Coq < Hypothesis H0 : (P /\ Q) -> R .
H0 is assumed
Coq < Hypothesis H1 : R -> S .
H1 is assumed
Coq < Hypothesis H2 : Q /\ ~S .
H2 is assumed
Coq < Lemma homework : ~P .
1 subgoal
P : Prop
Q : Prop
R : Prop
S : Prop
H0 : P /\ Q -> R
H1 : R -> S
H2 : Q /\ ~ S
============================
~ P
homework < tauto .
Proof completed.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 129 / 156
Basic Proof Tactics XXIX
Coq in fact uses intuitionistic logic.
Coq < Goal forall P : Prop , P \/ ~P .
1 subgoal
============================
forall P : Prop , P \/ ~ P
Unnamed_thm < tauto .
Toplevel input , characters 0-5:
> tauto .
> ^^^^^
Error: tauto failed.
▸ Goal declares an unnamed lemma.
To do classical logic, add
Coq < Require Import Classical .
Coq < Check classic .
classic
: forall P : Prop , P \/ ~ P
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 130 / 156
More Proof Tactics I
Let us set up a section for predicate logic.
Coq < Section Easy .
Coq < Hypothesis D : Set .
D is assumed
Coq < Hypothesis R : D -> D -> Prop .
R is assumed
In a new section, we declare a set D and a binary predicate symbol R.
Let us set up a subsection where R is symmetric and transitive.
Coq < Section R_sym_trans .
Coq < Hypothesis R_symmetric :
forall x y : D, R x y -> R y x .
R_symmetric is assumed
Coq < Hypothesis R_transitive :
forall x y z : D, R x y -> R y z -> R x z .
R_transitive is assumed
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 131 / 156
More Proof Tactics II
Let us prove ∀x ∈ D(∃y ∈ D, (Rxy) Ô⇒ Rxx).
Coq < Lemma refl_if :
forall x : D, (exists y, R x y) -> R x x .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
============================
forall x : D, (exists y : D, R x y) -> R x x
Our predicate logic formula is written asforall x : D, (exists y, R x y) -> R x x .
Observe that we did not specify y ∈ D but Coq infers it anyway.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 132 / 156
More Proof Tactics III
The tactic intros again introduces a new hypothesis.
refl_if < intros x .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
============================
(exists y : D, R x y) -> R x x
How does it compare to ∀i?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 133 / 156
More Proof Tactics IV
We introduce another hypothesis ∃y ∈ D(Rxy).
refl_if < intros Ey .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
Ey : exists y : D, R x y
============================
R x x
This is simply Ô⇒ i .
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 134 / 156
More Proof Tactics V
Let us eliminate ∃y ∈ D(Rxy).
refl_if < elim Ey .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
Ey : exists y : D, R x y
============================
forall x0 : D, R x x0 -> R x x
How does elim compare to ∃e?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 135 / 156
More Proof Tactics VI
We get the instance of ∃y ∈ D(Rxy) by intros.
refl_if < intros y Rxy .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
Ey : exists y : D, R x y
y : D
Rxy : R x y
============================
R x x
Now elim and intros look really like ∃e.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 136 / 156
More Proof Tactics VII
We apply the hypothesis R transitive.
refl_if < apply R_transitive with y .
2 subgoals
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
Ey : exists y : D, R x y
y : D
Rxy : R x y
============================
R x y
subgoal 2 is:
R y x
Note that we need to give the hint y.
How does apply compare to ∀e?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 137 / 156
More Proof Tactics VIII
The first subgoal is trivial.
refl_if < trivial .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
Ey : exists y : D, R x y
y : D
Rxy : R x y
============================
R y x
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 138 / 156
More Proof Tactics IX
For the other subgoal, we apply ∀xy ∈ D(Rxy Ô⇒ Ryx).
refl_if < apply R_symmetric .
1 subgoal
D : Set
R : D -> D -> Prop
R_symmetric : forall x y : D, R x y -> R y x
R_transitive : forall x y z : D, R x y -> R y z -> R x z
x : D
Ey : exists y : D, R x y
y : D
Rxy : R x y
============================
R x y
Now the goal is trivial.
refl_if < trivial .
Proof completed.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 139 / 156
More Proof Tactics X
Let us finish up the lemma and see the proof term.
refl_if < Qed .
intros x.
intros Ey.
elim Ey.
intros y Rxy.
apply R_transitive with y.
trivial.
apply R_symmetric.
trivial.
refl_if is defined
Coq < Print refl_if .
refl_if =
fun (x : D) (Ey : exists y : D, R x y) =>
ex_ind
(fun (y : D) (Rxy : R x y) =>
R_transitive x y x Rxy (R_symmetric x y Rxy)) Ey
: forall x : D, (exists y : D, R x y) -> R x x
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 140 / 156
Smullyan’s Drinkers’ Paradox I
We will prove Smullyan’s drinkers’ paradox:“in any non-empty bar, there is a person such that she drinks theneveryone drinks.”
Let us set up the context.
Coq < Section DrinkersParadox .
Coq < Require Import Classical .
Coq < Hypothesis bar : Set .
bar is assumed
Coq < Hypothesis Joe : bar .
Joe is assumed
Coq < Hypothesis drinks : bar -> Prop .
drinks is assumed
Note that Joe is in the bar.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 141 / 156
Smullyan’s Drinkers’ Paradox II
Here is what we want to prove.
Coq < Lemma drinker : exists x : bar , drinks x ->
forall y : bar , drinks y .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
============================
exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 142 / 156
Smullyan’s Drinkers’ Paradox III
By LEM, we have (∃x ∈ bar(¬drinks x)) ∨ ¬(∃x ∈ bar(¬drinks x)).
We consider the two cases.
drinker < Check (classic (exists x : bar , ~ drinks x)) .
classic (exists x : bar , ~ drinks x)
: (exists x : bar , ~ drinks x) \/
~ (exists x : bar , ~ drinks x)
drinker < elim (classic (exists x : bar , ~ drinks x)) .
2 subgoals
bar : Set
Joe : bar
drinks : bar -> Prop
============================
(exists x : bar , ~ drinks x) ->
exists x : bar , drinks x -> forall y : bar , drinks y
subgoal 2 is:
~ (exists x : bar , ~ drinks x) ->
exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 143 / 156
Smullyan’s Drinkers’ Paradox IV
We introduce the hypothesis non drinker.
drinker < intros non_drinker .
2 subgoals
bar : Set
Joe : bar
drinks : bar -> Prop
non_drinker : exists x : bar , ~ drinks x
============================
exists x : bar , drinks x -> forall y : bar , drinks y
subgoal 2 is:
~ (exists x : bar , ~ drinks x) ->
exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 144 / 156
Smullyan’s Drinkers’ Paradox V
We eliminate non drinker and obtain an instance.
drinker < elim non_drinker; intros Jane Jane_non_drinker .
2 subgoals
bar : Set
Joe : bar
drinks : bar -> Prop
non_drinker : exists x : bar , ~ drinks x
Jane : bar
Jane_non_drinker : ~ drinks Jane
============================
exists x : bar , drinks x -> forall y : bar , drinks y
subgoal 2 is:
~ (exists x : bar , ~ drinks x) ->
exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 145 / 156
Smullyan’s Drinkers’ Paradox VI
The tactic exists uses a term as a witness to an existential formula.
drinker < exists Jane .
2 subgoals
bar : Set
Joe : bar
drinks : bar -> Prop
non_drinker : exists x : bar , ~ drinks x
Jane : bar
Jane_non_drinker : ~ drinks Jane
============================
drinks Jane -> forall y : bar , drinks y
subgoal 2 is:
~ (exists x : bar , ~ drinks x) ->
exists x : bar , drinks x -> forall y : bar , drinks y
How does exists compare to ∃i?
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 146 / 156
Smullyan’s Drinkers’ Paradox VII
Observe that we have a contradiction.
The tactic tauto will do.
drinker < tauto .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
============================
~ (exists x : bar , ~ drinks x) ->
exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 147 / 156
Smullyan’s Drinkers’ Paradox VIII
We introduce a hypothesis for the other subgoal.
drinker < intros no_non_drinker .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
============================
exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 148 / 156
Smullyan’s Drinkers’ Paradox IX
Joe is our witness.
drinker < exists Joe .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
============================
drinks Joe -> forall y : bar , drinks y
We introduce more hypotheses.
drinker < intros Joe_drinker y .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
Joe_drinker : drinks Joe
y: bar
============================
drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 149 / 156
Smullyan’s Drinkers’ Paradox X
For y ∈ bar , we have drinks y ∨ ¬drinks y by LEM.
drinker < elim (classic (drinks y)) .
2 subgoals
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
Joe_drinker : drinks Joe
y : bar
============================
drinks y -> drinks y
subgoal 2 is:
~ drinks y -> drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 150 / 156
Smullyan’s Drinkers’ Paradox XI
The first subgoal is easy.
drinker < tauto .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
Joe_drinker : drinks Joe
y : bar
============================
~ drinks y -> drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 151 / 156
Smullyan’s Drinkers’ Paradox XII
We introduce a hypothesis that y does not drink.
drinker < intros y_non_drinker .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
Joe_drinker : drinks Joe
y : bar
y_non_drinker : ~ drinks y
============================
drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 152 / 156
Smullyan’s Drinkers’ Paradox XIII
This is contradictory to no non drinker.
drinker < absurd (exists x, ~ drinks x) .
2 subgoals
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
Joe_drinker : drinks Joe
y : bar
y_non_drinker : ~ drinks y
============================
~ (exists x : bar , ~ drinks x)
subgoal 2 is:
exists x : bar , ~ drinks x
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 153 / 156
Smullyan’s Drinkers’ Paradox XIV
Again, the first subgoal is trivial.
The second subgoal has a witness y .
drinker < trivial .
1 subgoal
bar : Set
Joe : bar
drinks : bar -> Prop
no_non_drinker : ~ (exists x : bar , ~ drinks x)
Joe_drinker : drinks Joe
y : bar
y_non_drinker : ~ drinks y
============================
exists x : bar , ~ drinks x
drinker < exists y; trivial .
Proof completed.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 154 / 156
Smullyan’s Drinkers’ Paradox XV
Let us finish up the lemma and see its proof term.
drinker < Qed .
(* proof script skipped *)
Coq < Print drinker .
drinker =
or_ind
(fun non_drinker : exists x : bar , ~ drinks x =>
ex_ind
(fun (Jane : bar) (Jane_non_drinker : ~ drinks Jane) =>
ex_intro (fun x : bar => drinks x -> forall y : bar , drinks y) Jane
(fun H : drinks Jane =>
let H0 := Jane_non_drinker H in
False_ind (forall y : bar , drinks y) H0)) non_drinker)
(fun no_non_drinker : ~ (exists x : bar , ~ drinks x) =>
ex_intro (fun x : bar => drinks x -> forall y : bar , drinks y) Joe
(fun (_ : drinks Joe) (y : bar) =>
or_ind (fun H : drinks y => H)
(fun y_non_drinker : ~ drinks y =>
False_ind (drinks y)
(let H := ex_intro (fun x : bar => ~ drinks x) y y_non_drinker in
(let H0 := no_non_drinker in
fun H1 : exists x : bar , ~ drinks x => H0 H1) H))
(classic (drinks y)))) (classic (exists x : bar , ~ drinks x))
: exists x : bar , drinks x -> forall y : bar , drinks y
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 155 / 156
Where to go?
Proof assistants are used to check long proofs in mathematics andlogic.
▸ Four color theorem, Feit-Thompson theorem, incompleteness theorem.
We only discuss elements of predicate logic.
Lots of interesting topics are missing. For instance,▸ Soundness and competeness theorems of natural deduction for
predicate logic;▸ Godel’s incompleteness theorem;▸ Number theory, real analysis Coq libraries.
Many resources are available for learning Coq.▸ Short NTU summer courses (FLOLAC).▸ “Interactive Theorem Proving and Program Development Coq’Art:
The Calculus of Inductive Constructions”, Bertot and Casteran.▸ “Software Foundations”, on-line book athttps://softwarefoundations.cis.upenn.edu/.
Bow-Yaw Wang (Academia Sinica) Predicate Logic October 13, 2021 156 / 156