sreejith a. v. ([email protected]) iit goa, lecture...

Logic for Computer Science

Sreejith A. V. ([email protected])

IIT Goa, lecture notes

Contents

I Mathematical Tools 2

1 Introduction 3

2 Set Theory 4

2.1 Mathematical Induction . . . . . . . . . . . . . . . . . . . . . 4

II Propositional Logic 7

3 Introduction to Propositional Logic 8

3.1 Declarative statements . . . . . . . . . . . . . . . . . . . . . . 8

3.2 Propositions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.3 Formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3.4 Encoding using logic . . . . . . . . . . . . . . . . . . . . . . . 14

3.4.1 Digital circuits . . . . . . . . . . . . . . . . . . . . . . 15

3.4.2 Mathematical statements . . . . . . . . . . . . . . . . . 15

3.4.3 Puzzles . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.5 Satisfiability of propositional formulas . . . . . . . . . . . . . . 17

3.6 Semantic entailment . . . . . . . . . . . . . . . . . . . . . . . 19

3.7 Compactness* . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.8 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 Natural Deduction 28

4.1 Natural Deduction Rules . . . . . . . . . . . . . . . . . . . . . 29

4.2 Soundness theorem . . . . . . . . . . . . . . . . . . . . . . . . 35

4.3 Completeness: Huth & Ryan . . . . . . . . . . . . . . . . . . . 37

4.4 Completeness: Hintikka* . . . . . . . . . . . . . . . . . . . . . 40

4.5 Strong Completeness* . . . . . . . . . . . . . . . . . . . . . . 43

4.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

ii

CONTENTS

5 Deterministic SAT Solvers 465.1 2-CNF satisfiability . . . . . . . . . . . . . . . . . . . . . . . . 465.2 Horn clause satisfiability . . . . . . . . . . . . . . . . . . . . . 515.3 DPLL algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 535.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

6 Randomized SAT Solvers 566.1 2-CNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566.2 3-CNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

III First Order Logic 64

7 First Order Logic 657.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657.2 Terms and Formulas . . . . . . . . . . . . . . . . . . . . . . . 677.3 Natural Deduction . . . . . . . . . . . . . . . . . . . . . . . . 687.4 Soundness and Completeness . . . . . . . . . . . . . . . . . . . 68

8 First Order Theories 698.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698.2 Theory of Equality . . . . . . . . . . . . . . . . . . . . . . . . 718.3 Peano arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . 728.4 Presburger arithmetic . . . . . . . . . . . . . . . . . . . . . . . 738.5 Theory of Reals . . . . . . . . . . . . . . . . . . . . . . . . . . 748.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

9 Program Verification 76

iii

CONTENTS

iv

Notations

1. p, q, p1, p2, . . . (small letters) - propositional symbols

2. α, β, γ, . . . (small greek letters) - formulas

3. Γ,∆,Ψ . . . (capital greek letters) - sets of formulas

1

Part I

Mathematical Tools

2

Chapter 1

Introduction

We require the following mathematical concepts to understand the lecturenotes. The notions of sets, cardinality of sets (countable, uncountable), func-tions, relations, trees, binary trees, infinite trees, parse trees, graphs, math-ematical induction, structural induction. We would also be using notionsfrom computational complexity perspective like Non-deterministic polyno-mial time (NP), NP-hard, NP-complete, undecidability etc.

3

Chapter 2

Set Theory

2.1 Mathematical Induction

Consider a property which is true for every natural number. We will denoteby P (n) the fact that the property is true for the number n. For example

1. P (n) : The sum of numbers from 1 to n is n(n+1)2

.

2. P (n) : The sum of numbers from 1 to n2 is n(n+1)(2n+1)6

.

3. P (n) : There is a prime number greater than n.

We can use mathematical induction to prove the correctness of such prop-erties. There are three components in mathematical induction.

1. Induction Hypothesis (IH): This is the property, P (n) we are interestedin proving, for all n ∈ N. In many cases we will have to restate thetheorem statement in a way suitable for induction. For example, thestatement, “there are infinite number of primes” can be rephrased as“For all n, there is a prime number greater than n”.

2. Base case: In the base case, we show that the theorem statement (inother words P (n)) is true for the smallest n. In the case of all theexamples above, the least number for which P (n) is true is n = 1.There might be cases when the base case need not be 1. There arecertain situations, when the base case consists of more than 1 case.

3. Inductive step: In the inductive step, we first assume that the statementP (n) is true and show that P (n + 1) is true. In a stronger version ofinduction, we assume that P (k) is true for all numbers k ≤ n. Usingthis assumption we show that P (n+ 1) is true.

4

2.1. MATHEMATICAL INDUCTION

The statement of weak mathematical induction can be expressed usingthe following equivalence statement (understanding the following expressionwill require knowing first order logic).(

P (1) ∧ ∀n(P (n) =⇒ P (n+ 1)

))=⇒ ∀x P (x)

Let us look at an example now.

Theorem 2.1. The number of subsets of an n element set is 2n.

Proof. The induction hypothesis is the following.For all n ≥ 0, the number of subsets of an n element set is 2n.

We now show that the theorem is true for the base case.Base case (n = 0): The only subset of a 0 element set (empty set) is theempty set itself.Inductive step: Let us assume that the claim is true for an n element set.That is the number of subsets is 2n. Now let us consider an n + 1 elementset. Without loss of generality we can assume the set is {1, 2, . . . , n + 1}.We can now partition the set of all subsets into two parts. (1) All setswithout element n+ 1. and (2) all sets with the element n+ 1. By inductionhypothesis, the first part consists of 2n elements (the set of all subsets of{1, 2, . . . , 2n}). Each subset in the second part can be created by taking asubset from the first part and inserting the n + 1 element. Therefore thispart also consists of 2n elements. Hence the total number of subsets of n+ 1elements is 2n + 2n = 2× 2n = 2n+1.

One has to be extremely careful while designing a proof by induction.All arguments we make in the inductive step should necessarily hold for allvalues of n. Otherwise we can fall into traps, proving statements which arefalse. Here is an example of a wrong use of induction hypothesis. Readersare requested to find out what is wrong in the proof.

Example 2.1. What is wrong in the following proof by induction.We prove using induction that

“For all classes of size n, either everyone is male or everyone is female.”Base case (n = 1): For a class of size 1, the claim is obviously true.Inductive step: Let us assume the claim holds for all classes of size n.

Consider a class {1, 2, . . . , n, n+1} of size n+1. From induction hypothesis,it follows that in the class of {1, 2, . . . , n} either all are male or all are female.That is the persons 1 and n have the same gender. Using induction hypothesisagain, the class of {1, 2, . . . , n−1, n+1} also has either all male or all female.This gives us that 1 and n + 1 is of the same gender. Therefore our claimholds for the class {1, 2, . . . , n+ 1}.

5

2. Set Theory

Exercise 2.1. Prove using induction hypothesis the following

1. 1 + 2 + · · ·+ n = n(n+1)2

.

2. 12 + 22 + · · ·+ n2 = n(n+1)(2n+1)6

.

3. The pigeon hole principle

Exercise 2.2. Prove the equivalence between mathematical induction andstrong mathematical induction.

6

Part II

Propositional Logic

7

Chapter 3

Introduction to PropositionalLogic

3.1 Declarative statements

We are interested in creating a language in which mathematical proofs canbe written. The language should be simple enough so that vague and un-ambiguous statements cannot be written. On the other hand, it should bepowerful enough for proofs to be written. We will build a language in whichall of mathematics can be embedded. We begin with propositional logic, thefoundation on which other logics are built on.

We say that true and false are boolean values. They will be denotedby the symbols T and F respectively. Declarative sentences are statementswhich can be assigned either true or false. For example,

1. 179179 is a composite number.

2. Sun rises in the east and Japan is in Europe

3. Kattapa killed Bahubali.

4. P = NP

5. John Snow’s father is Ned Stark

Since the number 179179 is divisible by 7,11,13 and 179, statement (1) istrue. On the other hand statement (2) is false since Japan is not in Europe.Statement (3) is true. We do not yet know whether Statement (4) is true orfalse but the statement as such can be assigned true or false. Statement (5)is true or false depending on till which episode you have watched game ofthrones.

8

3.2. PROPOSITIONS

The following statements are not declarative

1. What is the time?

2. Submit your assignments today.

3. Teek Hai!

Some declarative statements can be thought of as atomic . That is,those statements cannot be further split into logical sentences. In the aboveexample Statement (2) is not atomic because it can be split into sentences“Sun rises in the east” and “Japan is in Europe”.

3.2 Propositions

As mathematicians we are not interested in the information contained inthe declarative sentences. That is, we are not interested whether “Kattapakilled Bahubali” or “Sun rises in the east” in the real world. Rather we areinterested in only whether the statements are true or false and what otherstatement can we understand from them. For example, consider the followingstatement.

“If it rains in Delhi today, you will fail in logic course.”

This is a weird statement but the statement is a declarative statement.That is, it can either be true or false. To summarize the point being made.We are not really interested in the weirdness or the reality of the real world.We are only interested in statements which can be assigned boolean values.Hence we map declarative sentences to symbols. We will denote atomicsentences using symbols p, q, r, . . . or p1, p2, . . . . These will be termed aspropositions and the logic we build using propositions as propositional logic.We will also denote true by T and false by F.

Propositions can be modified/combined using certain symbols called log-ical connectives . This way we can build complex logical statements. Thelogical connectives we will be interested in and their semantics follow

Negation For any sentence, its negation is the opposite of it. For example,the negation of “Kattapa killed Bahubali” is “Kattapa did not kill Bahubali”.Similarly negation of “P=NP” is “P 6= NP”. The negation of a propositionalsymbol, p is denoted as ¬p (and called negation of p). If the p is true then¬p is false. On the other hand, if p is false, ¬p is true. The following truthtable summarizes the semantics of negation.

9

3. Introduction to Propositional Logic

Table 3.1 Truth table for negation

p ¬pT FF T

Conjunction stands for and. When it is used to connect two declarativesentences it means that both the sentences are true. For example, “2 is aprime number” and “2 is an even number”. We use the symbol ∧ to denoteand. The following truth table captures the meaning of ∧.

Table 3.2 Truth table for conjunction

p q p ∧ qT T TT F FF T FF F F

Disjunction stands for or. Disjunctions are slightly different from the orwe use in English (or most natural languages). Assume that I made thefollowing announcement in class.

“Tomorrow there will be a lecture or an exam.”

It is natural for you to assume that there will either be a lecture tomorrowand no exam, or there will be an exam and no lecture. That is, you wouldnever think of the possibility of both a lecture and an exam going to be heldtomorrow. But, or used in a mathematical sentence, can mean both of themhappening. This is the difference of disjunction in or in logic and naturallanguage. We have a name for the or in natural language. We call it xor andis denoted by the symbol ⊕. See Exercise 3.3. Coming back to disjunctionin logic, the symbol for or is ∨ and its semantics is given by the followingtruth table.

Table 3.3 Truth table for disjunction

p q p ∨ qT T TT F TF T TF F F

The semantics for xor is given below.

10

3.2. PROPOSITIONS

Table 3.4 Truth table for xorp q p⊕ qT T FT F TF T TF F F

Implication is used to state a necessary condition. It is denoted by thesymbol ⇒. The statment

If x is prime, then x 6= 4

is an example of an implication. Typically it is written in the form “If p thenq” and in propositional logic as p⇒ q. Its truth table is given in Table 3.5.

Table 3.5 Truth table for implication

p q p⇒ qT T TT F FF T TF F T

We will explain the truth table with an example. Consider the statement

“If you work hard, you get good grades”.

The statement is true if you work hard and got good grade. On theother hand it is false if you work hard and did not get good grades. Thetricky question is, what if you did not work hard and got good grades. Doesthis violate our the statement? No, it doesnt and hence we can assign thestatement to be true in this case also. Similarly the statement is true, if wedid not work hard and did not get good grades.

Implication is a little tricky to understand especially for beginners. Thefollowing puzzle helps you to understand it better.

Puzzle 3.1 (Wason). The following cards are kept on the table. Each cardhas a letter on one side and a number on the other side. We make the

11


following claim: “If a card has a vowel on one side, then it has an evennumber on its opposite side”. Which cards must one flip to check if the claimis correct?

Solution. The answer is cards A and 7. Let us look at each of the card andcheck whether we need to flip or not. Card A has to be flipped, because weneed to be sure that on the opposite side is a vowel. Card K need not bechecked. Why? Because, it does not matter to us if, the opposite side has aneven number or odd number. Similarly we do not have to flip 4 since it doesnot matter to us whether the opposite side was vowel or consonant. On theother hand, card 7 has to be flipped because we have to make sure it is not avowel on the other side. Because if there was a vowel, we would have violatedthe claim.

3.3 Formulas

By repeatedly using logical connectives we can make complex declarativestatements. For example,

If x is prime and x 6= 2, then x is odd

is a statement made by first conjuncting two statements “x is prime”and “x 6= 2”. It is then used in implication with statement “x is odd”. Inpropositional logic this statement can be wrriten as follows

(“x is prime” ∧ “x 6= 2”)⇒ “x is odd”

Such complex statements in logic are called formulas . We denote proposi-tional formulas by greek letters like α, β, γ, . . . etc or α1, α2, . . . .

Definition 3.1. A formula is inductively constructed using the followingrules (and no other rules)

1. A proposition is a formula

2. If α and β are formulas then ¬α, α ∨ β, α ∧ β, α⇒ β are formulas

We can write truth tables for formulas by inductively building the table.Consider the following formula and its truth table

α ::=((p⇒ ¬q)⇒ (q ∨ ¬p)

).

12

3.3. FORMULAS

Table 3.6 Truth table for α ::=((p⇒ ¬q)⇒ (q ∨ ¬p)

)p q ¬p ¬q p⇒ ¬q q ∨ ¬p αT T F F F T TT F F T T F FF T T F T T TF F T T T T T

For a formula α with propositions p1, p2, . . . , pn, a valuation is a particularT/F assignment to the propositions p1, . . . , pn. That is a valuation, v :{p1, p2, . . . , pn} → {T, F} is a function from the propositions to booleanvalues. Note that, there are 2n different valuations possible for n propositions.

Example 3.1. Consider the formula p ∧ q. One particular valuation is p isassigned T and q is assigned F. The formula is evaluated to false for thisvaluation.

We say that two formulas are equivalent if they have the same truth table.It will be denoted by the symbol ≡.

Example 3.2. If and only if (written also as iff ) is used to denote a nec-essary and sufficient condition. In symbolic form it is denoted by ⇔. Se-mantically p⇔ q is equivalent to p⇒ q and q ⇒ p. The truth table is givenbelow.

Table 3.7 Truth table for if and only if

p q p⇔ qT T TT F FF T FF F T

Here is another example which introduces the contrapositive of an impli-cation. The formula (¬q ⇒ ¬p) is the contrapositive of the statement p⇒ q.The following exercise shows that an implication and its contrapositive areequivalent.

Exercise 3.1. Show that the following formulas are equivalent.

1. p⇒ q

2. (¬q ⇒ p)

13


3. ¬p ∨ q

What is the complement of p⇒ q?

Exercise 3.2 (DeMorgan’s law). Show that p∧ q ≡ ¬(¬p∨¬q) and p∨ q ≡¬(¬p ∧ ¬q)

The following exercise connects xor and disjunctions.

Exercise 3.3. Write a formula using only the symbols disjunctions and nega-tions which is equivalent to p⊕ q.

Exercise 3.4. Consider you are given a truth table with propositions p1, . . . , pn.Give an algorithm which outputs a formula (using only symbols ∨,∧,¬) hav-ing the same truth table.

The above exercise (along with demorgan’s law) show that any formulacan be converted into an equivalent formula which uses only the symbols ∧and ¬.

Exercise 3.5. Convert any formula into an equivalent formula which usesonly symbols ∧ and ¬.

We say that a formula α is satisfiable if there is a valuation which makesα true. In other words, α is satisfiable if we can find atleast one T in thecolumn for α in the truth table of α. A formula α is a tautology if for allvaluations α is true. In other words ¬α is not satisfiable. On the other hand,α is a contradiction or unsatisfiable if α is not satisfiable. That is ¬α is atautology.

Exercise 3.6. 1. Give a formula which is a tautology?

2. Give a formula which is satisfiable but not a tautology?

3. Give a formula which is a contradiction?

3.4 Application of Logic: Encoding problems

We use propositional logic to encode different problems.

14

3.4. ENCODING USING LOGIC

3.4.1 Digital circuits

Exercise 3.7. We can view a proposition being assigned to 1 or 0 (in place ofT or F). That is a proposition p can be thought of as a bit variable. Extendingthe idea, a valuation to a n proposition symbols can be thought of as an n-bitnumber. Use this view to write a formula to encode addition relation betweentwo n-bit numbers. That is, write a formula which satisfies the followingcondition

p1p2 . . . pn

+

q1q2 . . . qn

=

r1r2 . . . rn

View p1, . . . , pn, q1, . . . , qn, r1, . . . , rn as propositions.

3.4.2 Mathematical statements

Exercise 3.8 (Pigeon hole principle). If n+ 1 pigeons are placed on n holes,atleast one hole will have more than one pigeon. This is the pigeon holeprinciple. Now, consider n + 1 pigeons and n holes. Let proposition pi,jdenote the fact that the ith pigeon is in the jth hole. Write a propositionallogic formula to encode the pigeon hole principle.

3.4.3 Puzzles

Exercise 3.9 (Smullyan). Use propositional logic to answer the followingquestions

1. You are trapped in a room. There are two doors. Either the doors leadto an exit or to a lion (note that both leading to an exit or to a lionare also possible). In Door 1, it is written “This door is exit and otherdoor leads to lion”. In Door 2, it is written “One of the rooms leadto exit, the other to a lion”. You are told that only one of the writtenstatements are true and the other false. Which door would you choose?

2. Similar to the previous question. You are trapped in a room. Thereare two doors. Either the doors lead to an exit or to a lion (note thatboth leading to an exit or to a lion are also possible). In Door 1, it iswritten “Atleast one of the doors is an exit”. In Door 2, it is written“There is a lion on the other door”. You are told that either both aretrue statements or both are false. Which door would you choose?

15


3. One more question with same flavour. You are trapped in a room.There are two doors. Either the doors lead to an exit or to a lion (notethat both leading to an exit or to a lion are also possible). In Door 1, itis written “This door is exit or the other door leads to lion”. In Door2, it is written “The exit is the other door”. The statements are eitherboth true or both false. Which door would you choose?

Exercise 3.10 (Smullyan). * Can you think of encoding the following prob-lem in propositional logic such that it has a solution iff the formula is satis-fiable.

The reader is expected to understand how to go about doing this. He/sheis not expected to write the entire formula (which is going to be very big).

Exercise 3.11 (Indian Puzzle championship 2010). * Fill in the grid in sucha way that every row and every column contains numbers from (1−5) exactlyonce. Some cells may remain blank. The numbers inside the grid representthe height of the building in the corresponding cell. The numbers outside thegrid represent the number of buildings visible from that direction.

Encode the problem in propositional logic.

16

3.5. SATISFIABILITY OF PROPOSITIONAL FORMULAS

3.5 Satisfiability of propositional formulas

How hard is it to check whether a propositional formula is satisfiable?

Problem SATInput: A propositional formula αOutput: YES if α is satisfiable, otherwise NO

For a formula α with n propositions the truth table has 2n number ofrows. Therefore building the truth table and checking each row is a trivialway to check for satisfiability. This algorithm though takes exponential time,since the number of rows in the truth table is 2n. In other words, O(2n) is anupper bound for checking satisfiability of a formula with n propositions. Theinteresting question is, does there exist a faster algorithm. Or even better,does there exist a polynomial time algorithm. That is, an algorithm whosenumber of steps is O(nc) for some constant c. It turns out, we do not yetknow the answer to this question. Most computer scientists think there isno polynomial time algorithm for SAT. The problem is NP-complete (in NPand is NP-hard) and hence finding a polynomial time algorithm is equivalentto answering P=NP.

Exercise 3.12. Show that SAT is in NP?

To show that SAT is NP-hard, we need to reduce from an NP-completeproblem into SAT. The next exercise asks you to reduce from the Hamiltonianproblem.

Exercise 3.13. Give a polynomial time algorithm which takes as input agraph G = (V,E) and outputs a propositional formula α such that the graphhas a Hamiltonian cycle if and only if α is satisfiable. Does the valuationwhich makes α true give us the cycle? [A Hamiltonian cycle is a cycle whichtraverses every vertex exactly once.]

Now assume that we do not know that Hamiltonian cycle is NP-complete.Can you argue from the definition of NP-hardness? We need to show thatthere is a reduction from every NP problem into SAT.

Exercise 3.14. Given a non-deterministic Turing Machine which runs inpoly(n) time (say in time n2) and an input of size n, construct a propositionallogic formula (of size polynomial in n) such that the formula is satisfiable ifand only if the Turing machine accepts the input.

The following theorem is a consequence of our discussion until now.

17


Theorem 3.1. SAT is NP-complete.

Proof. A problem is NP-complete if it is both in NP and is NP-hard. Itfollows from Exercise 3.12 and Exercise 3.13 that SAT is NP-complete.

A literal is either a proposition or a negation of a proposition. That is,it is of the form p or ¬p, where p is a proposition. A clause is a literal or adisjunction of literals. A CNF formula is a conjunction of clauses. Considerthe following problem.

Problem CNF SATInput: A CNF formula αOutput: YES if α is satisfiable, otherwise NO

The set of all CNF formulas is a subset of the set of all propositionalformulas. Hence CNF-SAT is also in NP. It is a different matter that it isalso NP-hard. We will give a reduction from SAT to CNF SAT.

Theorem 3.2. CNF-SAT is NP-hard.

Proof. We will give a reduction from SAT to CNF SAT. Let α be a proposi-tional formula. Our aim is to give a CNF formula α such that α is satisfiableif and only if α is satisfiable. We first replace subformulas of the from (β ⇒ γ)in α by (¬β∨γ). The second step is to push the negations to the propositionsusing De-Morgan’s law. That is subformulas of type ¬(γ ∨ β) is replaced by¬γ∧¬β. Similarly, ¬(γ∧β) is replaced by ¬γ∨¬β. This is done inductivelyuntil all negations apply to propositions. We now need to convert the for-mula into a conjunction of disjunctions. To convert subformulas of the form(β ∧ γ) ∨ ψ we introduce a new proposition p (which is not present in theformula). We then replace (β ∧ γ)∨ ψ by (ψ ∨ p)∧ (β ∨¬p)∧ (γ ∨¬p). It iseasy to see that the two formulas are equivalent with respect to satisfiability.Inductively applying this translation will give us a CNF formula.

We will now look at special CNF formulas. A k-CNF formula is a con-junction of clauses with at most k-literals. For example, the following is a2-CNF formula

(p ∨ ¬q) ∧ (¬r ∨ s) ∧ (t ∨ q) ∧ ¬tIt is also a k-CNF formula for all k ≥ 2. On the other hand, this is not a2-CNF formula because it has a disjunction of 3 literals.

(p ∨ q ∨ ¬r)

The above formula though is a 3-CNF formula. The set of all 3-CNF formulasis a subset of the set of all CNF formulas. Hence 3-CNF SAT is also in NP.

The following exercise asks you to show that 3-CNF SAT is NP-hard.

18

3.6. SEMANTIC ENTAILMENT

Problem 3-CNF SATInput: A 3-CNF formula αOutput: YES if α is satisfiable, otherwise NO

Exercise 3.15. Show that 3-CNF SAT is NP-hard.

In short we have that SAT, CNF SAT and 3-CNF SAT are all NP-complete, since they are in NP and are NP-hard. It is reasonable to assumethat there does not exist polynomial time algorithms for NP-complete prob-lems. Therefore we search for fragments of CNF whose satisfiability can bechecked in polynomial time. The next two sections look at fragments whichgive linear time satisfiability algorithms.

3.6 Semantic entailment

In the previous sections, we saw the semantics of formulas. The truth tableof a formula tells us for what valuation makes the formula true or false. Inthis section, we are interested in a relationship between formulas. Let us firstdefine semantic entailment in its simpler form. Consider two formulas α andβ.

Definition 3.2. We say that α semantically entails β by the following no-tation.

α |= β

It means that, for all valuations which make α true, β is also evaluated totrue.

We can see semantic entailment in a non-mathematical setting as follows:In all the worlds where α is true, β is also true. Let us look at an example

Planets have mass |= There is gravity in planets

The example says that: Consider a world where planets have mass. Thenplanets will also show gravity. In short, “Planets have mass” semanticallyentails the statement “There is gravity in planets”. This is a fact of theuniverse we live in. The above example was used to press the meaning of |=and is not really a good example for mathematicians.

Mathematicians require precise definitions like definition 3.2. Below wegeneralise this. Let Γ be a set of formulas and β a formula. Then

Γ |= β

19


denotes that for all valuations which make all formulas in Γ true, we have βis true. Let us understand when Γ is finite. That is Γ = {α1, α2, . . . , αn} forsome n ∈ N. We take a little liberty in writing {α1, α2, . . . , αn} |= β as

α1, α2, . . . , αn |= β

That is, we skip the set notation when it is clear to the reader. The followingexercises show the relation between semantic entitlement in the finite caseand the implication relation.

Exercise 3.16. Show that the following statements are equivalent.

1. α |= β

2. T |= (α⇒ β)

Exercise 3.17. Extend the argument in the previous exercise, and show thatthe following statements are equivalent.

1. α1, α2, . . . , αn |= β

2. T |=(α1 ⇒

(α2 ⇒ . . . (αn ⇒ β)

))3. T |= (α1 ∧ α2 ∧ . . . αn)⇒ β

Let us go back to the case when Γ is infinite. There does not existequivalent definitions like those in Exercise 3.17. This is because infiniteimplication or conjunction is not allowed in our logic.

There is one tricky case, we will elaborate on. Consider an arbitraryformula α. Then

F |= α

Let us go through the definition of semantic entailment. It says that for allvaluations which make the left hand side (here it is F) true, we have that αis true. This is correct, since there is no valuation which makes F true. Inother words, since there is no valuation which make F true, the statement isvacuously true . What this means is that F |= ¬α and F |= α. In short, iffalsity is true, then anything is true.

20

3.7. COMPACTNESS*

3.7 Compactness*

We say that a set Γ (finite or infinite) of propositional formulas is satisfiableif there is a valuation which makes all formulas in Γ true. The followingexercise answers, when is a finite set satisfiable.

Exercise 3.18. A finite set Γ = {α1, α2, . . . , αn} is satisfiable if and only if∧ni=1 αi is satisfiable.

The interesting question is, when is an infinite set satisfiable? The com-pactness theorem says that if a set is unsatisfiable, then there is a finite setwhich is unsatisfiable.

Theorem 3.3 (Compactness). Γ is satisfiable if and only if for all finitesubsets Y ⊆ Γ, Y is satisfiable.

Proof. The forward direction of the proof is easy to see. Let us thereforeshow the other direction. We assume Γ is unsatisfiable and identify a finiteset which is unsatisfiable. Let us first enumerate the propositions used bythe formulas in Γ as

p1, p2, . . .

We add a new proposition p0 (this is added just for ease of explanation and isnot fundamental to the proof) to this list. Now, we build an complete binarytree where every node in the tree corresponds to a valuation for some finite setof propositions. To be precise, a node at height t in the tree corresponds toa valuation for all propositions {p0, p1, . . . , pt}. In short every node at heightt corresponds to a function v : {p0, p1, . . . , pt} → {T, F}. We will inductivelydefine the valuation corresponding to every node. The root node (at height0) corresponds to the function v : {p0} → {T, F}, such that v(p0) = T .Consider an arbitrary node at height t with valuation v : {p1, . . . , pt} →{T, F}. The valuation of its children extends v as follows. The left nodecorresponds to the valuation vl : {p1, . . . , pt+1} → {T, F} where vl(pt+1) = Tand for all other propositions pi where i ≤ t, vl(pi) = v(pi). Similarly theright node corresponds to vr : {p1, . . . , pt+1} → {T, F} such that vr(pt+1) = Fand for all other propositions pi where i ≤ t, vr(pi) = v(pi).

We now trim the above infinite tree as follows. Take a formula α ∈ Γ.If a valuation v does not satisfy α, then remove all descendants of the nodecorresponding to v (but keep the node v). Note that, if v does not satisfy Γthen any extension of v also does not satisfy Γ. We do the above trimming forall formulas α ∈ Γ. We claim that, the trimmed tree is a finite tree. Assumenot. Then there exists an infinite path in the tree. We claim that thisrepresents a valuation v : {p1, p2, . . . } → {T, F} which satisfies all formulas

21


in Γ. Assume not. Then there exists a formula α ∈ Γ such that v doesnot satisfy α. Let α be over propositions {p1, . . . , pt}. There is a valuationv′ : {p1, . . . , pt} → {T, F} which extends to v, such that v′ does not satisfyα. This leads to a contradiction. Hence the trimmed tree is a finite tree.

Let V = {v1, v2, . . . , vk} be the set of all valuations in the leaf of thetrimmed tree. Therefore any valuation v extends atleast one of the vis in V .Now, for each vi ∈ V we pick one αi ∈ Γ such that vi does not satisfy αi.Call this set Y = {α1, α2, . . . , αk}. We claim Y is not satisfiable. Assumenot. Then there exists a valuation v : {p0, . . . , pt} → {T, F} which satisfiesY and t is the height of the trimmed tree. Since the tree is finite thereis an extension vi of v which does not satisfy formula αi ∈ Y . This is acontradiction, since if vi satisfies αi, its extension v should also. Hence, wehave a finite set Y which is not satisfiable.

3.8 Exercises

Exercise 3.19. Which of the following are correct?

1. p ∨ q |= p

2. ¬q, p ∨ q |= p

3. (p⇒ q) |= (¬q ⇒ ¬p)

4. p⇒ q, s⇒ t |= (p∨s)⇒ (q∧ t)

5. (p⇒ q)∧(p⇒ r) |= p⇒ (q∧r)

6. p ∧ ¬p |= (r ⇒ q)

Exercise 3.20. What can we say about the following?

1. T |= α 2. T 6|= α

Exercise 3.21 (Nyayasutra). Are the following arguments correct? Writethe statements using entails.

1. If there is smoke, then there is fire. There is smoke on hill. Therefore,there is fire.

2. Fire causes smoke. There is smoke on hill. Therefore, there is fire.

3. If there is smoke, then there is fire. There is no smoke. Therefore,there is no fire.

Exercise 3.22 ([?]). Let S = {s1, . . . , sn} be a set of radio stations. LetF = {f1, . . . , fk} be a set of frequencys. Let E be the set of pairs of stationswhich are close to each other. Write the following constraints in propositionallogic. To model this problem, define a set of propositional variables {xij | i ∈

22

3.8. EXERCISES

{1, ..., n}, j ∈ {1, ..., k}}. Intuitively, variable xij is set to true if and only ifstation i is assigned the frequency j.

1. Every station is assigned at least one frequency.

2. Every station is assigned not more than one frequency.

3. Close stations are not assigned the same frequency.

Exercise 3.23 ([?]). Are these two programs equivalent? Explain why youthink so.

if (!a && !b) h();else

if (!a) g();else f();

if (a) f();else

if (b) g();else h();

Figure 3.1: Two code fragments - Are they equivalent?

Exercise 3.24 ([?]). Consider three persons A, B, C who need to sit in arow, but: (a) A does not want to sit next to C. (b) A does not want to sit inthe left chair. (c) B does not want to sit to the right of C.

Write a propositional formula that is satisfiable if and only if there isa seat assignment for the three persons that satisfies all constraints. Is theformula satisfiable? If so, give an assignment. Clearly mention the meaningof each proposition.

Exercise 3.25. Let α and β be arbitrary propositional formulas. Is thefollowing correct?

If α 6|= β then α |= ¬β

If yes, argue why? Otherwise, give an example when this is wrong.

Exercise 3.26 (Smullyan [?]). In an island every inhabitant is either type Tand makes only true statements, or type F and makes only false statements.Mr. Holmes hears gold is buried in the island. He goes there, meets aninhabitant and asks him, Is there gold in this land? The inhabitant replies,If I am of type T, then there is gold here. Answer the following?

(a) What is the inhabitants type?

(b) Is gold buried in this island?

23


Exercise 3.27 (Logicians in the coffee bar). Three logicians walk in to acoffee bar, and is subsequently greeted by the waiter who asks, Would all ofyou like to drink coffee?. The replies of the logicians are given below,Logician 1 : I dont knowLogician 2 : I dont knowLogician 3 : Yes. Bring coffee for all of usProvide an explanation for the responses of the logicians to the waiters ques-tion.

Exercise 3.28. Assume α ⇒ β is a tautology. Moreover α and β do notshare a common atomic proposition. Show that either α is unsatisfiable or βis a tautology (or both). Show that the assumption about not sharing atomicpropositions is necessary.

Exercise 3.29. A set of symbols is called complete if there exists equivalentformulas for every CNF formula using only those symbols and propositions(T and F are also not available). Show the following.

1. The symbols {∧,⇔,⊕} form a complete set.

2. No strict subset of {∧,⇔,⊕} form a complete set.

Exercise 3.30. Check whether the following are a complete set or not.

1. {⇒,¬}

2. {∨,∧,⇒, ⇐⇒ }

3. The NAND operator.

4. The NOR operator.

Exercise 3.31. Write an algorithm which outputs the number of satisfyingassignments of a propositional formula. You can assume the input formulato be given in a form you want (either as a string, or a parse tree etc).

Exercise 3.32. Let β be a formula over propositions Q = {q1, . . . , qn}. β isneither a tautology nor a contradiction. Let α be an arbitrary formula overpropositions P = {p1, . . . , pn} where P ∩ Q = ∅. Consider another formulaψ, got by replacing every occurrence of p1 in α by β. Use mathematicalinduction to prove.

α is satisfiable if and only if ψ is satisfiable

Exercise 3.33. Suppose α is a wff which doesnt use any negation symbol,show that the length of α is odd.

Exercise 3.34. Show that all the wffs have balanced parenthesis.

24

3.8. EXERCISES

Exercise 3.35. Write the set of all subformulas of the following wff s.

1. (((p1⇒ p2) ⇐⇒ (p1⇒ p3))⇒ p3)

2. (((p1 ∧ p2)⇒ p3) ⇐⇒ ((p1⇒ p2) ∨ (p1⇒ p3)))

Exercise 3.36. Let S be a set of all subformulas of α. Prove that |S||α|.(here, |α| denotes the length of the formula α).

Exercise 3.37. Write derivation trees and derivation sequences for the fol-lowing wff s.

1. (((p1⇒ p2) ⇐⇒ (p1⇒ p3))⇒ p3)

2. (((p1 ∧ p2)⇒ p3) ⇐⇒ ((p1⇒ p2) ∨ (p1⇒ p3)))

Exercise 3.38. Check whether the valuation v satisfies the wff s given below.v(p1) = T, v(p2) = F , and v(p3) = T .

1. ((p1 ⇒ p2)⇒ (¬p1))

2. (((p1⇒ p2) ∧ (p1⇒ p3)) ⇐⇒ (p1⇒ (p2 ∨ p3)))

Exercise 3.39. Let α be a wff, c be the number of places at which binaryconnectives occur in α and s be the number of places at which atomic propo-sitions occur in α. (For example, if α is (p1 ⇒ (p2 ⇒ (¬p1))) then c = 2 ands = 3). Show by using mathematical induction s = c+ 1.

Exercise 3.40. Check whether the following formulas are valid/satisfiable/unsatisfiable.

1. ((p ∨ q)⇒ p)

2. ((p ∧ q)⇒ p)

3. ((p⇒ q)⇒ q)

4. ((¬(¬p))⇒ p)

5. (p⇒ (p ∨ q))

6. (p⇒ (p ∧ q))

7. (p⇒ (p⇒ q))⇒ (p⇒ q)

8. ((p ⇒ r) ⇒ (q ⇒ r)) ⇒ ((p ∨q)⇒ r)

9. ((p⇒ r)⇒ ((¬p⇒ r))⇒ r

Exercise 3.41. Prove (or disprove)

1. If T |= p and T |= (p⇒ q), then T |= q.

2. If V |= p and V |= (p⇒ q), then V |= q.

3. If α and (α⇒ β) are satisfiable, then β is satisfiable.

25


Exercise 3.42. Prove or Disprove the following statements

1. If a formula is valid, then it is satisfiable.

2. If a formula α is unsatisfiable, then (¬α) is valid.

3. If a formula is satisfiable, then it is valid.

4. If a formula is valid, then it is not unsatisfiable.

5. A formula, say α, is satisfiable, then (¬α) is unsatisfiable.

Exercise 3.43. Given n construct a set of formulas Γn of size n such thatΓn is not satisfiable, but every proper subsetof Γn is satisfiable.

Exercise 3.44. Prove or Disprove the following statements. Given thatΓ1,Γ2 are sets of well formed formulas.

1. Γ1 ⊆ Γ2,Mod(Γ2) ⊆Mod(Γ1)

2. Γ1 ⊆ Γ2,Mod(Γ1) ⊆Mod(Γ2)

3. If Γ |= α, then Mod(Γ) ⊆Mod(α)

Exercise 3.45. Prove the following statements.

1. Γ |= α iff Γ ⊆ {¬α} is unsatisfiable.

2. Γ |= α⇒ β iff Γ ⊆ {α} |= β

Exercise 3.46. Show that a valuation v satisfies the following formula iffv(pi) = T for an even number of i’s, 1 ≤ i ≤ n.

(. . . (p1 ⇐⇒ p2) ⇐⇒ p3) ⇐⇒ . . . ) ⇐⇒ pn)

Exercise 3.47. Define recursively the following notions about propositionalformulas.

1. Atoms(α) is the set of all propositions occurring in α.

2. SF (α) is the set of all sub formulas of α.

3. |α| denotes the length of the formula.

Exercise 3.48 (Relevance Lemma). Let v1 and v2 are two valuations suchthat v1(p) = v2(p), for all propositions p ∈ Atoms(α) for some formula α.Prove that v1 |= α iff v2 |= α.

26

3.8. EXERCISES

Exercise 3.49. 1. Write an algorithm to convert a formula in DNF toCNF.

2. Give a polynomial time algorithm to check whether a DNF formula issatisfiable or not.

3. Give an algorithm to check whether a CNF formula is satisfiable or not.How much time does it take?

Exercise 3.50. 1. Prove that for every formula α there exists formulasβ in disjunctive normal form and γ in conjunctive normal form suchthat α ≡ β and α ≡ γ.

2. Give an example of propositional formula α of size n such that convert-ing it to a CNF will lead to exponential size formula.

3. A formula G is given with the following truth table. Construct an equiv-alent formula in CNF.

Table 3.8 Construct a CNF formula for the following truth table.

p q r F0 0 0 10 0 1 00 1 0 00 1 1 01 0 0 11 0 1 11 1 0 01 1 1 1

27

Chapter 4

Natural Deduction

Mathematical proofs typically use a set of axioms along with some rules toderive a theorem. In this chapter we will look at a set of rules (called Naturaldeduction ) to derive a theorem from a set of axioms. For a set of formulasΓ and a formula β, we will denote by

Γ ` β

if using the rules in natural deduction and starting from the axioms Γ wecan derive the axiom β. There are two important properties the naturaldeduction set of rules satisfy.

Theorem 4.1 (Soundness). If Γ ` β, then Γ |= β.

The soundness theorem shows that statements we can prove, are all truestatements assuming the axioms are true. In other words, using the naturaldeduction proof rules, we cannot derive false theorems. Every proof systemexpects this property. A proof system without soundness does not makemuch sense.

Exercise 4.1. Explain what the following statement mean?If T ` β, then T |= β.

Natural deduction also satisfy the following interesting property.

Theorem 4.2 (Completness). If Γ |= β, then Γ ` β.

The completeness theorem says that, all true statements in the axiomsystem can be proved using the natural deduction proof rules. Mathemati-cians are interested in completeness. It assures them that all true theoremscan be proved and therefore it is worthwhile to search for proofs. Do we havecompleteness for every logic? Godel showed that there is a logic which is not

28

4.1. NATURAL DEDUCTION RULES

complete (infact the logic is embedded in set theory, making set theory notcomplete). That means there are true statements in the logic which cannotbe proved.

If we want to say α ` β and β ` α then we use the notation α a` β.

4.1 Natural Deduction Rules

We will now develop the rules to derive theorems from a set of axioms. Keepin mind that a proof is a sequence of formulas each of them generated byapplying some rule on the previously generated formulas. Therefore, we needto identify rules by which we can introduce the logical symbols {¬,∨,∧,⇒}. We also need to identify rules by which each of these symbols can beeliminated along with proving some other formula. During the course of thelecture we will introduce and eliminate other symbols too.

And-introduction (∧i) Let us assume that we already have a proof of αand a proof of β. That is, starting from a set of axioms and applying therules of natural deduction, we are able to prove α (and similarly β). In otherwords, let us assume the following holds

Γ ` αΓ ` β

The and-introduction rule can now be applied to get a proof of α ∧ β. Thatis,

Γ ` α ∧ βAs you would expect the rule holds for any set of axioms. Hence we need

a notation to represent the rules without mentioning the set of axioms. Thefollowing pictorial representation does this.

α β∧i

α ∧ β

Figure 4.1: And-Introduction (∧i)

On the top of the separating line we have α and β, the two formulas forwhich we already have a proof. The formula below the line is a consequent ofthe formulas mentioned above and applying the and-introduction rule. Therule is mentioned beside the line. This pictorial representation will be usedfor mentioning other rules.

29

4. Natural Deduction

And-elimination (∧e1) This rule, asks the following question. Let usassume we have a proof of α ∧ β. What else can we infer from this? Isnt ittrue that if α and β are true, both of them have to be true also. This is whatthe and-elimination rule says. If we can prove α ∧ β, then we can prove α(and similarly β).

α ∧ β∧e1α

(a) ∧e1

α ∧ β∧e2

β

(b) ∧e2

Figure 4.2: And-Elimination

The and-elimination has two rules. One to prove the left hand side of theconjunction. The other to derive the right hand side. Why do we requiretwo rules? Isnt only the left rule enough? Note that the natural deductionrules does not assume any property of conjunction. In other words, it is notassumed that conjunction is a commutative operation. In fact commutativityis something we can prove using the rules we have seen till now.

Below we give the natural deduction for (α ∧ β) ∧ γ ` α ∧ (β ∧ γ). Wefollow the notation used in Huth and Ryan.

1. (α ∨ β) ∨ γ axiom

2. (α ∨ β) assumption

3. α assumption

4. α ∨ (β ∨ γ) ∨i1, 3

5. β assumption

6. β ∨ γ ∨i1, 5

7. α ∨ (β ∨ γ) ∨i2, 6

8. α ∨ (β ∨ γ) ∨e, 2, 3–4, 5–7

9. γ assumption

10. β ∨ γ ∨i2, 9

11. α ∨ (β ∨ γ) ∨i2, 10

12. α ∨ (β ∨ γ) ∨e, 1, 2–8, 9–11

Figure 4.3: Proof

Exercise 4.2. Prove the following.

30


1. (commutative) α ∧ β ` β ∧ α.

Double-negation elimination (¬¬e) Consider the following statement

“It is not true that it is not raining.”

The above statement uses two negations to say, “It is raining”. Our nextrule says that such double negations can be eliminated.

¬¬α ¬¬eα

Figure 4.4: Double negation-Elimination (¬¬e)

Double-negation introduction (¬¬i) The double negation can be in-troduced by the following rule

α ¬¬i¬¬α

Figure 4.5: Double negation-Introduction (¬¬i)

Implication-elimination (⇒ e) Implication elimination is something whichis very natural. The high school mathematics has lots of proofs with impli-cation elimination without explicitly mentioning it. This rule is also calledas modus ponens . It says that, if we have a proof for α⇒ β and we have aproof for α, then β can be derived. Note that, if formulas α⇒ β is true andα is true, then β is true necessarily (see truth table for implication). Therule for eliminating implication is given below

α α⇒ β⇒ e

β

Figure 4.6: Implication-elimination (⇒ e)

Implication-introduction (⇒ i) This rule for introducing implication isa little tricky. It says that, if we assume α and are able to derive β, thenwe should be able to prove α ⇒ β. It will require some time to convinceyourself that this rule is not “nonsense”. We denote this using our pictorialrepresentation as follows.

31


α...β

⇒ iα⇒ β

Figure 4.7: Implication-introduction (⇒ i)

Disjunction-introduction Let us assume that we have a proof of α. Thenclearly we have a proof of α ∨ β, no matter what β is. This is because if αis true, α ∨ β is true for all β. The following rules introduces this disjunc-tion symbol. Note that, since we do not know about the commutativity ofdisjunction we need two rules.

α ∨i1α ∨ β

(a) ∨i1

β∨i2

α ∨ β

(b) ∨i2

Figure 4.8: Disjunction-introduction

Disjunction-elimination (∨e) Let us assume we have a proof of α ∨ β.Moreover we have a proof of γ assuming α as an axiom. Similarly we have aproof of γ assuming β as an axiom. We can therefore note that γ should beprovable from the original set of axioms. This is what disjunction eliminationhelps us achieve.

Figure 4.9: Disjunction-elimination (∨e)

Exercise 4.3. Prove the following.

1. (commutative) α ∨ β ` β ∨ α

32


2. (associative) α ∨ (β ∨ γ) ` (α ∨ β) ∨ γ

3. (distributive) α ∧ (β ∨ γ) a` (α ∧ β) ∨ (α ∧ γ).

4. α ∨ (β ∧ γ) a` (α ∨ β) ∨ (α ∨ γ).

False-elimination (Fe) The rule says that, from a contradiction we canderive any formula. In other words, from falsity anything is provable.

FFeα

Figure 4.10: False-elimination (Fe)

Negation-elimination (¬e) Let us assume we are able to prove α andalso prove ¬α. Clearly we have proved a contradiction. The following rulecan be used for proving contradictions.

α ¬α ¬eF

Figure 4.11: Negation-elimination (¬e)

Negation-introduction (¬i) We are all used to proof by contradiction.This proof strategy assumes that a certain property is true and use that toprove a contradiction. This allow us to claim that our original assumptionwas wrong. This is exactly what this proof rule helps us to achieve.

α...F ¬i¬α

Figure 4.12: Negation-introduction (¬i)

Let us now some examples of natural deduction.

Example 4.1. Show that α ∨ β, α ∨ ¬β ` α.

33


1. α ∨ β axiom

2. α ∨ ¬β axiom

3. ¬α assumption

4. α assumption

5. F ¬e 4,3

6. β Fe 5

7. β assumption

8. β ∨e 1, 4-6, 7

9. α assumption

10. F ¬e 9,3

11. ¬β Fe 10

12. ¬β assumption

13. ¬β ∨e 2, 9-11,12

14. F ¬e 8,13

15. ¬¬α ¬i 3-14

16. α ¬¬e 15

Figure 4.13: Proof of α ∨ β, α ∨ ¬β ` α

Example 4.2. Show that ¬α ` α⇒ β

1. ¬α axiom

2. α assumption

3. F ¬e 2, 1

4. β Fe 3

5. α⇒ β ⇒ i 2-4

Figure 4.14: Proof of ¬α ` α⇒ β

Example 4.3. Show that ¬α ` ¬(α ∧ β)

34

4.2. SOUNDNESS THEOREM

1. ¬α axiom

2. α ∧ β assumption

3. α ∧e1 2

4. F ¬e 3,1

5. ¬(α ∧ β) ¬i 2-4

Figure 4.15: Proof of ¬α ` ¬(α ∧ β)

Exercise 4.4 (modus tollens). Show that α⇒ β,¬β ` ¬α.

Exercise 4.5 (LEM). Show that T ` α ∨ ¬α.

Introduction Elimination

Figure 4.16: The rules of Natural Deduction

4.2 Soundness theorem

The proof of the theorem involves mathematical induction. If you are notused to induction, go through Chapter 2.1.

35


Let us restate the soundness theorem first.

Theorem 4.3 (Soundness). If Γ ` ψ, then Γ |= ψ.

The theorem says that, all formulas proved using natural deduction aretrue in a world where the axioms are true. The rest of this section will bedevoted to proving the soundness theorem. The proof is by mathematicalinduction on the length of the proof. The length of a proof is the number ofsteps required in a natural deduction proof. The induction hypothesis is asfollows:

“For all set of formulas Γ, if Γ ` ψ where proof length is n,then Γ |= ψ holds.”

Base Case (n = 1): The only proof of length 1 is as follows

Γ ` α — Axiom

where α ∈ Γ is an axiom. From the definition of |= it follows that Γ |= α.Inductive step: Let us assume that the induction hypothesis holds for all

proofs of length less than or equal to n. We will show that the claim holds forproofs of length n + 1. Consider one such proof. We will do a case analysison the rule applied to derive ψ in the n+ 1th step of the proof.

Case ∧i: The step is and-introduction. That is, we have Γ ` ψ and ψ isof the form α ∧ β for some formulas α and β which were derived earlier inthe proof. Hence we know that Γ ` α and Γ ` β. From induction hypothesis(since the proof lengths are less than n + 1) it follows Γ |= α and Γ |= β.From the semantics of ∧, we get Γ |= α ∧ β.

Case ∧e: That means, Γ ` ψ and ψ has been derived by applying an andelimination from a formula of the form ψ ∧ α or α ∧ ψ. We will assume theformer (the latter will have a symmetric argument). This means, there wasa step in the proof which derived ψ ∧ α and hence Γ ` ψ ∧ α. Since theproof length of ψ ∧ α is less than n + 1, from induction hypothesis we getΓ |= ψ ∧ α. From the semantics of and (∧) it follows Γ |= ψ.

Case ¬¬i: That is ψ is of the form ¬¬α for an α which was derived earlierin the proof. From induction hypothesis and semantics of negation (appliedtwice), it follows Γ |= ψ.

Case ¬¬e: We can assume ψ is got by elimination the double negationfrom a formula ¬¬ψ which was derived earlier in the proof. Again, applyinginduction hypothesis and using the semantics of negation, we get that Γ |= ψ.

Case ⇒ i: Let us assume that Γ ` ψ and ψ is of the form α ⇒ β andthe rule applied was implication-introduction. Therefore, after assuming α,

36

4.3. COMPLETENESS: HUTH & RYAN

there is a derivation of β in the proof. In other words, Γ∪α ` β. This proofis of length less than n + 1 and hence Γ ∪ α |= β. From the semantics ofimplication, it follows that Γ |= α⇒ β.

Similarly going through all the other cases will finish the proof of thesoundness theorem. The reader is asked to try showing this.

Exercise 4.6. Show the remaining cases, left out in Theorem 4.3.

4.3 Completeness theorem: Huth & Ryan

We say that a formula α is a theorem if α can be proved without assumingany axioms. That is, T ` α.

In this section we prove the completeness theorem in a weaker setting,where Γ is a finite set of formulas. The stronger result will be given later.

Theorem 4.4 (Completeness). Let Γ be a finite set of formulas. Then,Γ |= ψ implies Γ ` ψ.

The theorem says that, if our formula is true in a world where the axiomsare true, then the formula can be proved from the axioms. The rest of thesection is proving the theorem. The proof strategy we follow is given inFigure 4.17.

1. Reduce completeness theorem to prov-ing “If α is a tautology then α is a theorem”.

2. For every valuation v, we give a formula βv and a proof βv ` α

3. We combine all the proofs above to show α is a theorem.

Figure 4.17: Proof of Completeness Theorem

Our first step is to reduce the completeness theorem to a simpler case.

Lemma 4.5. If α is a tautology, then α is a theorem. That is, if T |= α,then T ` α

Before we prove the lemma, let us show how it would imply completenesstheorem. Let us assume that Γ = {α1, . . . , αn} and α1, α2, . . . , αn |= ψ. FromExercise 3.17 we know this is equivalent to T |= (α1 ∧ α2 ∧ . . . αn) ⇒ ψ.

37


Our Lemma 4.5 shows that this is equivalent to T ` (α1 ∧α2 ∧ . . . αn)⇒ ψ.From Exercise 4.12 it follows that α1, α2, . . . , αn ` ψ. This finishes thecompleteness theorem.

Now we can go the proof of Lemma 4.5.

Proof of Lemma 4.5. Let P be the set of all propositions in α. For a partic-ular valuation, v of P , we can define the following formula βv

βv =∧p∈P

v(p)=T

p ∧∧p∈P

v(p)=F

¬p

That is βv is the conjunction of all propositions which are assigned true in thevaluation along with the neg of all propositions which are assigned false. Letα be an arbitrary formula. Then the following claim holds for any valuationv because βv is satisfied by exactly one valuation, namely v.

Claim 4.6.

βv 6|= α iff βv |= ¬α

See exercise 4.18 for the proof of the above claim. We now prove thefollowing for all subformulas ψ of α.

If βv |= ψ then βv ` ψIf βv 6|= ψ then βv ` ¬ψ (4.1)

The proof is by structural induction on the parse tree of α. Let us do a caseanalysis of the type of node.

Case ψ := p: Let us first consider the case βv |= p. Since p is a conjunctin βv and-elimination gives us βv ` p. Now if βv 6|= p, then βv |= ¬p, whichimplies ¬p is a conjunct in βv. Therefore, βv ` ¬p.

Case ψ := γ1 ∧ γ2: Let us first consider the case βv |= γ1 ∧ γ2.

Let βv |= γ1 ∧ γ2=⇒ βv |= γ1 and βv |= γ2 (semantics of and)

=⇒ βv ` γ1 and βv ` γ2 (induction hypothesis)

=⇒ βv ` γ1 ∧ γ2 (and-introduction)

38

4.3. COMPLETENESS: HUTH & RYAN

Now let us prove the other if condition.

Let βv 6|= (γ1 ∧ γ2)=⇒ βv |= ¬(γ1 ∧ γ2) (definition of semantic entailment)

=⇒ βv |= ¬γ1 ∨ ¬γ2 (Demorgan’s law (proof in Exercise 3.2))

=⇒ βv 6|= γ1 or βv 6|= γ2 (semantics of or)

=⇒ βv ` ¬γ1 or βv ` ¬γ2 (induction hypothesis)

=⇒ βv ` ¬γ1 ∨ ¬γ2 (or-introduction)

=⇒ βv ` ¬(γ1 ∧ γ2) (See Exercise 4.10 for this derivation)

We have shown both sides of equation 4.1.Case ψ := γ1 ∨ γ2: Let us first consider the case βv |= γ1 ∨ γ2. From the

semantics of disjunction, it follows that βv |= γ1 or βv |= γ2. By inductionhypothesis, we have βv ` γ1 or βv ` γ2. From or-introduction, it followsthat βv ` γ1 ∨ γ2. Now let us assume βv 6|= γ1 ∨ γ2. From the semanticsof disjunction and negation, it follows that βv |= ¬γ1 and βv |= ¬γ2. Byinduction hypothesis, we have βv ` ¬γ1 and βv ` ¬γ2. Now exercise 4.10gives us βv ` ¬(γ1 ∨ γ2).

Case ψ := ¬γ: Let us first assume βv |= ¬γ. Therefore βv 6|= γ. Frominduction hypothesis, therefore it follows that βv ` ¬γ. Now, let us assumeβv 6|= ¬γ. This is equivalent to βv |= γ which from induction hypothesis givesus βv ` γ. Introducing double negation will give us βv |= ¬¬γ.

Case ψ := γ1 ⇒ γ2: Let us consider the case βv |= γ1 ⇒ γ2.

Let βv |= γ1 ⇒ γ2

=⇒ βv |= ¬γ1 ∨ γ2 (see Exercise 3.1)

=⇒ βv 6|= γ1 or βv |= γ2 (semantics of or and negation)

=⇒ βv ` ¬γ1 or βv ` γ2 (induction hypothesis)

=⇒ βv ` ¬γ1 ∨ γ2 (or-introduction)

=⇒ βv ` γ1 ⇒ γ2 (see Exercise 4.13)

Now let us assume βv 6|= γ1 ⇒ γ2.

Let βv 6|= γ1 ⇒ γ2

=⇒ βv |= ¬(¬γ1 ∨ γ2) (see Exercise 3.1)

=⇒ βv |= γ1 and βv 6|= γ2 (semantics of or and negation, demorgan)

=⇒ βv ` γ1 and βv ` ¬γ2 (induction hypothesis)

=⇒ βv ` γ1 ∧ ¬γ2 (and-introduction)

=⇒ βv ` ¬(γ1 ⇒ γ2) (see Exercise 4.13)

39


Thus equation 4.1 is true for the implication case.We have exhausted all the ways in which formulas can be built. Therefore,

the claim in equation 4.1 holds. Let us go back to the lemma and assumeits hypothesis, T |= α. That is, for all valuations v over the propositions,βv |= α. From our discussion above we have βv ` α. Exercise 4.17 now givesus T ` α.

4.4 Completeness: Alternate proof using Hin-

tikka sets*

In this section we give an alternate proof for completeness. We prove thesimpler version, namelyLemma 4.5. If T |= α, then T ` α

As seen in the previous section, the above lemma along with the exercises3.17 and 4.12, will give us the completeness theorem. The rest of the sectionis for proving the above lemma.

Natural deduction gives us rules to derive proofs of statements. What isan important property these rules should satisfy? It should not help us toderive both a property and its negation. That is, we do not want naturaldeduction to satisfy T ` α and T ` ¬α for any formula α. In fact if it does,then using natural deduction you can prove any formula.

Exercise 4.7. If T ` α and T ` ¬α, then T ` β for all β.

So what we are interested in is a property called consistency . We saythat a formula α is consistent if T 6` ¬α. That is, α is consistent if thereis no proof for ¬α. Note that, this does not say that there is a proof for α.The following theorem connects consistent formulas and Lemma 4.5. In fact,it also shows that natural deduction is consistent.

Claim 4.7. The following statements are equivalent.

1. If T |= α, then T ` α

2. If ¬α is consistent, then ¬α is satisfiable.

Proof. (1 =⇒ 2) : Let ¬α be consistent. That is T 6` ¬¬α. ThereforeT 6` α (otherwise contradiction by double-negation introduction). From (1)we get T 6|= α and hence ¬α is satisfiable.(2 =⇒ 1) : Let T |= α. Therefore ¬α is not satisfiable. From (2) we get¬α is not consistent. In other words T ` ¬¬α. The claim now follows fromdouble-negation elimination.

40

4.4. COMPLETENESS: HINTIKKA*

We will now prove that “If β is consistent, then β is satisfiable”. Fora finite set X of formulas, we say X is consistent if the formula

∧α∈X α is

consistent. Given a consistent set X, we can extend the sets in a meaningfulway as follows. Let us order all propositional logic formulas into a sequence

α0, α1, . . .

We define X0 = X and for all i ≥ 0 we define Xi+1 as follows.

Xi+1 =

{Xi, if Xi ∪ αi is not consistent

Xi ∪ αi, otherwise

We now define the maximal consistent extension of X, (denoted by X)as⋃i≥0Xi. This maximal consistent set satisfy some interesting properties.

Lemma 4.8. Let X be as defined above. Then

1. For all i ≥ 0, αi ∈ X iff ¬αi /∈ X.

2. For all i, j ≥ 0, αi ∧ αj ∈ X iff αi ∈ X and αj ∈ X.

3. For all i, j ≥ 0, αi ∨ αj ∈ X iff αi ∈ X or αj ∈ X.

4. For all i, j ≥ 0, αi ⇒ αj ∈ X iff αi /∈ X or αj ∈ X.

Proof. We will prove each of the above claims.

1. Let αj = ¬αi and k = max{i, j}. We show that αi ∈ Xk iff αj /∈ Xk.

Let β =∧ki=0 αi. Let us first assume that both αi and ¬αi are not inXk.

Then, β ∧ αi and β ∧¬αi are not consistent. Therefore T ` ¬(β ∧ αi)and T ` ¬(β ∧ ¬αi). From Example 4.2, it follows that T ` ¬β.This is a contradiction, since β is consistent. Now, let us assume bothαi and ¬αi both are in Xk. That is, T 6` ¬(β ∧ αi ∧ ¬αi). This is acontradiction from exercise 4.5. Therefore either one of αi or αj should

be in Xk and hence in X.

2. Let αl = αi∧αj and k = max{i, j, l}. We show that αl ∈ Xk iff αi ∈ Xk

and αj ∈ Xk. Let β =∧ki=0 αi. First, let us assume αl /∈ Xk. That

is, T ` ¬(β ∧ αi ∧ αj). From Demorgan’s exercise 4.10 we know thisis equivalent to T ` ¬β ∨ ¬αi ∨ ¬αj. Since β is consistent, T 6` ¬β.Therefore (semantics of disjunction) gives, T ` ¬αi or T ` ¬αj.This shows that either αi /∈ Xk or αj /∈ Xk. Now let us consider theother direction of the claim. Let αi /∈ Xk or αj /∈ Xk. In other words,

41


T ` ¬αi or T ` ¬αj. Applying or-introduction and demorgan’s lawswe get T ` ¬(β ∧αi∧αj). Therefore α ∈ Xk. This proves the forwarddirection of the claim.

We leave the rest of the claims for the reader to prove.

Exercise 4.8. Prove the remaining cases in Lemma 4.8.

Our next lemma says that if a formula β is in X, then β is satisfiable.

Lemma 4.9. If β ∈ X, then β is satisfiable.

Proof. Let V be a set which contains either propositions or its negations. Wedefine V as follows. If p ∈ X, then p ∈ V . On the other hand, if p /∈ X, then¬p ∈ V . It is easy to see that, there is a satisfying assignment which makesall formulas in V true. We are done, if we show that V |= β. We prove thefollowing induction hypothesis by structural induction on subformulas of β.

γ ∈ X ⇐⇒ V |= γ

Case γ = p, a proposition: If p ∈ X, by definition V |= γ. On the otherhand, if p /∈ X, we have by definition V |= ¬p and therefore V 6|= p.

Case γ = ¬ψ: If ¬ψ ∈ X, then (by properties of X, Lemma 4.8) ψ /∈ X.By our induction hypothesis it follows V 6|= ψ and therefore (semantics ofnegation) V |= ¬ψ. Let us assume ¬ψ /∈ X. By Lemma 4.8, ψ ∈ X, whichby IH gives us V |= ψ. Therefore V 6|= ¬ψ.

Case γ = ψ1∧ψ2: If ψ1∧ψ2 ∈ X, then (Lemma 4.8) ψ1 ∈ X and ψ2 ∈ X.By IH, V |= ψ1 and V |= ψ2 and therefore V |= ψ1 ∧ ψ2. Let us now assumeψ1 ∧ ψ2 /∈ X. Therefore (Lemma 4.8) ψ1 /∈ X or ψ2 /∈ X. From IH, we getV 6|= ψ1 or V 6|= ψ2. Therefore V |= ¬ψ1 ∨ ¬ψ2. Which by demorgan’s lawsproves the case.

We leave the rest of the case as exercise.

Exercise 4.9. Prove the remaining cases in Lemma 4.9.

We now have enough understanding to prove the completeness theorem.

Proof of Lemma 4.5. Let ¬α be consistent. Extend the set X = {¬α} toX, the maximal consistent set. Lemma 4.9, gives that all formulas in X aresatisfiable and therefore ¬α is satisfiable too.

42

4.5. STRONG COMPLETENESS*

4.5 Strong Completeness*

In Section 4.3 we saw the completeness theorem for the case when Γ is finite.In this section we will show that the completeness theorem is true even forthe infinite case. Compactness theorem will help us in this regard.

Theorem 4.10 (Strong completeness). Let Γ be a set of formulas and ψ bea formula. Then Γ ` ψ if Γ |= ψ.

Proof. Let Γ |= ψ. Therefore Γ 6|= ¬ψ. It follows that Γ ∪ ¬ψ is not satis-fiable. The compactness theorem of propositional logic (Theorem 3.3) givesus that there exists a finite subset Γ′ ⊆ Γ such that Γ′∪¬ψ is not satisfiable.Therefore we have Γ′ 6|= ¬ψ. In other words Γ′ |= ψ. From the completenesstheorem for propositional logic (see Theorem 4.4) we have Γ′ ` ψ. SinceΓ′ ⊆ Γ, we have Γ ` ψ.

4.6 Exercises

Exercise 4.10 (syntactic variant of De Morgan’s law). Prove the following.

1. ¬(α ∧ β) a` ¬α ∨ ¬β 2. ¬α ∧ ¬β a` ¬(α ∨ β)

Exercise 4.11 (Hilbert’s axioms). Prove the following.

1. T `(α⇒ (β ⇒ α)

)2. T `

(¬β ⇒ ¬α

)⇒(α⇒ β

)3. T `

(α⇒ (β ⇒ γ)

)⇒((α⇒ β)⇒ (α⇒ γ)

)Exercise 4.12. Show that the following are equivalent

1. α1, α2, . . . , αn ` β 2. T ` (α1 ∧ α2 ∧ . . . αn)⇒ β

3. T `(α1 ⇒

(α2 ⇒ (. . . (αn ⇒ β))

))Exercise 4.13. Prove the following.

1. ¬γ1 ∨ γ2 a` γ1 ⇒ γ2

2. γ1 ∧ ¬γ2 a` ¬(γ1 ⇒ γ2)

3. ¬α ` α⇒ β

4. α⇒ β, β ⇒ α ` α⇒ γ

Exercise 4.14. Show that the following are theorems

43


1. α ∨ ¬α

2. α⇒ α

3. α⇒ ¬¬α

4. (α⇒ β)⇒ (¬β ⇒ ¬α)

5. (¬α⇒ α)⇒ α

6. (¬α⇒ (α⇒ β))

7. ¬¬α⇒ α

8. (α⇒ β)⇒ ((α⇒ ¬β)⇒ ¬β))

Exercise 4.15. Let Ψ be a formula over only the proposition p. Assume thatp ` ψ and ¬p ` ψ. Show that, T ` ψ.

Exercise 4.16. Let us introduce a new connective xor: α ⊕ β which shouldabbreviate (¬α ∧ β) ∨ (α ∧ ¬β). Design introduction and elimination rulesfor xor.

Exercise 4.17. Let P = {p1, . . . , pn} be a set of propositions. For a valuationv over P , we define Γv = {pi | v(pi) = T} ∪ {¬pi | v(pi) = F}. Consider aformula α such that Γv ` α for all valuation v. Show that T ` α.

Exercise 4.18. Let v be a valuation. Then the following holds for all for-mulas α.

βv 6|= α iff βv |= ¬α

Exercise 4.19 (Strong soundness theorem). If Γ ` α then Γ |= α.

Exercise 4.20. If Γ is satisfiable then Γ is consistent.

Exercise 4.21. Consider a new natural deduction set of rules you have cre-ated. Let Γ be a set of propositional formulas (the set need not be finite).Let us also define by Γ `∗ α to be a proof of α from Γ using your naturaldeduction rules. Let us also say that Γ is consistent, if you cannot prove αor ¬α using your natural deduction rules for any α from Γ. Prove that thefollowing two statements are equivalent.

1. If Γ `∗ α then Γ |= α.

2. If Γ is satisfiable then Γ is consistent.

Exercise 4.22. Design introduction and elimination rules for Nand oper-ator. Consider the logic which uses only negation and Nand operator aslogical symbols. Prove the completeness theorem using the introduction andelimination rules for Nand and negation. Prove also the soundness theorem.

Exercise 4.23. Prove the deduction theorem for a set (need not be finite) Γof propositional formulas : Γ ` (α⇒ β) iff Γ ∪ {α} ` β.

44

4.6. EXERCISES

Exercise 4.24. Prove or disprove the following statements.

1. If Γ1 ⊆ Γ2 and Γ1 is consistent then Γ2 is consistent.

2. If Γ1 ⊆ Γ2 and Γ2 is consistent, then Γ1 is consistent.

45

Chapter 5

Deterministic SAT Solvers

In this chapter we will look at algorithms to check whether a formula issatisfiable or not. We are more interested in special cases of propositionalformulas which give polynomial time algorithm for satisfiability. Later welook at a general algorithm which works very well in practise even thoughits worst case running time is exponential. The algorithm is used in mostmodern SAT solvers.

5.1 2-CNF satisfiability

In this section we will look at satisfiability of 2-CNF formulas. Let α be a2-CNF formula. We will formalise the notations for the algorithm by usingthe following example.

(¬p ∨ ¬q) ∧ (¬r ∨ ¬p) ∧ (p ∨ q) ∧ (q ∨ r) ∧ (¬q ∨ p) (5.1)

We construct a graph Gα = (Vα, Eα) which will capture the informationcontained in the formula α. The vertices of the graph will be the propositionsand their negations. That is {p, q, r,¬p,¬q,¬r} will be the vertex set of theexample 5.1. In general, Vα will be as follows.

Vα ::= {p | p is a proposition in α} ∪ {¬p | p is a proposition in α}

We identify the edges now. Consider example 5.1. For each clause (¬p ∨¬q), we draw an edge from p to ¬q and another edge from q to ¬p. This willdenote the formulas p⇒ ¬q and q ⇒ ¬p. Note that

(¬p ∨ ¬q) ≡ (p⇒ ¬q) ∧ (q ⇒ ¬p)

46

5.1. 2-CNF SATISFIABILITY

Thus the graph of example 5.1 (shown in Figure 5.1), will represent thefollowing equivalent formula.

(p⇒ ¬q) ∧ (q ⇒ ¬p) ∧ (r ⇒ ¬p) ∧ (p⇒ ¬r) ∧ (¬p⇒ q)∧(¬q ⇒ p) ∧ (¬q ⇒ r) ∧ (¬r ⇒ q) ∧ (q ⇒ p) ∧ (¬p⇒ ¬q) (5.2)

r

q

p

¬r

¬q

¬p

Figure 5.1: Only few edges of the graph of formula 5.1 is shown.

In general (l1, l2) ∈ Eα if and only if (¬l1 ∨ l2) is a clause in the α or(l1 ∨ ¬l2) is a clause in α.

Now consider the following edges in Figure 5.1: (p,¬q) and (¬q, r). Itmeans formula 5.2 has conjuncts of the form (p ⇒ ¬q) and (¬q ⇒ r).Therefore any satisfying assignment for formula 5.2 should also satisfy theimplication (p ⇒ r). That is α |= (p ⇒ r). In general, if there is a directedpath (however long) from literal s to literal t in graph Gα, then α |= (s⇒ t).

Claim 5.1. If there is a path from literal s to literal t in Gα, then α |= (s⇒t).

Proof. Since there exist a path, s to t in Gα, there exists literals l0, l1, . . . , lksuch that l0 = s, lk = t and edges (l0, l1), (l1, l2), . . . , (lk−1, lk) ∈ Eα. From ourarguments above, we have α |= (li, li+1) for all i < k. We now use inductionto show that α |= (l0 ⇒ lk).

The induction hypothesis: α |= (l0 ⇒ li) for all i ≤ k.Base case (i = 1): This is true since α |= (l0 ⇒ l1).

47

5. Deterministic SAT Solvers

Induction step: Let the hypothesis be true for all i ≤ j. We show that thehypothesis is true for j + 1. By induction hypothesis we have α |= (l0 ⇒ lj).We also know that α |= (lj ⇒ lj+1). Therefore α |= (l0 ⇒ lj) ∧ (lj ⇒ lj+1).From the semantics of implication we know (l0 ⇒ lj) ∧ (lj ⇒ lj+1) |= (l0 ⇒lj+1). Hence we get α |= (l0 ⇒ lj+1). This proves the induction step.

Consider the case, when there is a path from p to ¬p. That is α |= (p⇒¬p). The implication (p⇒ ¬p) can only be satisfied by an assignment whichmaps p to false. That is all valuations which make α true should necessarilybe such that p is mapped to false. On the other hand, if there is a path from¬p to p, the satisfying assignment should map p to true. Therefore, if thereis a path from p to ¬p as well as a path from ¬p to p, the formula cannotbe satisfied. The Figure 5.1 shows a path from p to ¬p and from ¬p to p.Therefore the formula 5.1 is not satisfiable.

Aspvall et al.[1] showed that this is also a sufficient condition for non-satisfiability. In other words, if for all proposition p, either the path fromp to ¬p or the path from ¬p to p does not exist, then the formula willbe satisfied. To summarize, the necessary and sufficient condition for non-satisfiability of a formula α, is for a proposition and its negation to be in thesame strongly connected component in the graph Gα.

Aspvall’s theorem (Theorem 5.6) gives us a polynomial time algorithm(see Algorithm 1) to check for satisfiability. The algorithm can be imple-mented by running multiple depth first search on the graph Gα. This givesus an O(|α|2) algorithm. We can use Kosaraju’s linear time algorithm fordetecting strongly connected components in a graph, to check whether p and¬p are in the same strongly connected component. This will give us a lineartime algorithm for 2-CNF SAT.

Algorithm 1 2-CNF SAT (also known as 2-SAT)

Input: A 2-CNF formula αOutput: YES if α is satisfiable, otherwise NO1: Construct the graph Gα as discussed above.2: if there is a proposition p such that there is a path from p to ¬p and vice

versa then3: output NO4: else5: ouput YES6: end if

We are left with proving the correctness of the above algorithm. Let α

48

5.1. 2-CNF SATISFIABILITY

be a 2-CNF formula. Let us assume Gα satisfy the following property

For no proposition p there is a path from p to ¬p and back. (5.3)

We show that if there is no proposition p such that there is a path from pto ¬p and back to p in the graph Gα, then α is satisfiable. In fact we givean algorithm (Algorithm 2) which outputs the assignment to the propositionwhich makes α true. The algorithm first identifies the strongly connectedcomponents of Gα. The strongly connected components of a graph can belinearly ordered such that all edges go in the forward direction. This pavesthe way for some interesting properties. For all the explanations below weassume ¬¬p to be p for a proposition p. First we see that if there is a pathfrom p to q in Gα, then there is a path from ¬q to ¬p also in Gα.

Claim 5.2. Let there exist a path from literal r to t. Then there exists apath from ¬r to ¬t.

Proof. Let the path be through the edges (l0, l1), (l1, l2), . . . , (lk−1, lk) wherel0 = r and lk = t. From the definition of Gα it follows that (li ⇒ li+1) for alli < k, is a conjunct in Gα. Therefore its contrapositive (¬li+1 ⇒ li) is a alsoa conjunct. Hence there is a path from ¬r to ¬t.

The next claim gives an interesting property of strongly connected com-ponent. It says that if two literals are in the same strongly connected com-ponent, then both the negations will also be in one component.

Claim 5.3. Let literals l1, l2 ∈ Ci for some i ≤ k. Then there exists a j ≤ ksuch that ¬l1,¬l2 ∈ Cj

Proof. Since l1, l2 ∈ Ci, we have that there is a path from l1 to l2 and back.From claim 5.2, we know there is a path from ¬l2 to ¬l1 and back. Therefore¬l1 and ¬l2 should lie in the same strongly connected component.

The explanation of the algorithm given in 2 is as follows. Let us assumethere are no propositions p for which there is a path from p to ¬p and backto p in the graph Gα. We now build a satisfying assignment for α. First,enumerate the strongly connected components of G

C1, C2, . . . , Ck

such that there is no edge from Ci to Cj if j < i. This is possible sincethe strongly connected components form a directed acyclic graph. We assignall the literals in Ck to true first. Note that there is no edge going fromCk to any other component. Now we inductively assign values to literals in

49


Ck − 1, . . . , C2, C1 in that order. Consider the component Ci. If a literal inCi is already assigned a value assign all the literals in Ci to false. Otherwiseassign all the literals in Ci to true. This is the end of the algorithm.

Algorithm 2 2-CNF assignment

Input: A 2-CNF formula α such that Gα satisfies property (5.3).Output: An assignment of the propositions such that α is satisfiable.1: Sort the strongly connected components of Gα in a topological ordering.

C1, C2, . . . , Ck

That is, all edges are from Ci to Cj where i ≤ j.2: for i=k to 1 do3: if there is a literal l in Ci such that ¬l was already assigned then4: Assign False to every literal in Ci5: else6: Assign True to every literal in Ci7: end if8: end for

Before we go into the correctness of the above algorithm, let us understandone crucial fact about the algorithm. We argue that, a literal is assigned toTrue (by the algorithm) if and only if it is seen for the first time. Let uselaborate. If the algorithm sees ¬p in component Ci and it has not seen p tillnow (that is p is not in any Cj for a j > i), then ¬p is assigned to True. Onthe other hand if p is in the component Cj for a j > i, then ¬p is assignedto False. This will be first step to prove the correctness of the algorithm.

Claim 5.4. A literal l1 is assigned True by the algorithm if and only if thealgorithm has not assigned ¬l1 earlier.

Proof. Let l1 ∈ Ci for an i ≤ k.(⇒) : Let us assume ¬l1 is seen earlier. That is ¬l1 was assigned a booleanvalue before the algorithm reached Ci. Hence, the if condition (line 3) of thealgorithm is true and therefore l1 is assigned False.(⇐) : Let us assume l1 is assigned False. Therefore there exists a literall2 ∈ Ci such that ¬l2 ∈ Cj for a j > i. By claim 5.3 it follows that ¬l1 ∈ Cjand therefore ¬l1 was already assigned.

Finally, we can show the correctness of the algorithm.

Theorem 5.5. The algorithm ouputs a satisfying valuation when Gα satisfiesproperty 5.3.

50

5.2. HORN CLAUSE SATISFIABILITY

Proof. Assume the ouput of the algorithm does not satisfy α. Therefore,there is an implication (li ⇒ lj) which is not satisfied and there is path fromli to lj in Gα. Let li ∈ Ci and lj ∈ Cj. The implication is false only if liis true and lj is false. Note that from the way in which strongly connected

li

Ci

lj

Cj

¬lj

Ck

¬li

Cm

Figure 5.2: Strongly connected components and literals

components are ordered (see Figure 5.2) we have that i < j. If lj is mappedto false, then ¬lj was mapped earlier to true (note that for a proposition pwe denote by ¬¬p to mean p). That is, there is a set Ck such that k > jand ¬lj ∈ Ck. Since there is a path in the graph from li to lj, from claim 5.2there is a path from ¬lj to ¬li too. Again, from the way we have orderedthe strongly connected components it follows that there is a set Cm wherem > k and ¬li ∈ Cm (see Figure 5.2). Therefore, our algorithm would haveassigned ¬li earlier and hence li would have been assigned false. This is acontradiction. Therefore the algorithm will never assign li to true and lj tofalse.

We summarize our discussion till now by arguing that α is not satisfiableif and only if there is a proposition p such that there is a path from p to ¬pin Gα and back.

Theorem 5.6 (Aspvall et al.[1]). α is not satisfiable if and only if there is aproposition p such that there is a path from p to ¬p and back in Gα.

Proof. (⇒) : We assume the contrapositive of the theorem. So let us assumeproperty 5.3. The Algorithm 2 gives a satisfying assignment to α. From thecorrectness (Theorem 5.5) of the algorithm it follows that α is satisfiable.(⇐) : Consider a proposition p such that there is a path from p to ¬p andback in Gα. From claim 5.1 it follows that α |= (p⇒ ¬p) and α |= (¬p⇒ p).Since p cannot be assigned True or False, α is not satisfiable.

5.2 Horn clause satisfiability

A formula is a Horn clause formula if it can be generated by the followinggrammar.

51


P ::= T | F | p {where p is a proposition}C ::= P | P ∧ CH ::= C ⇒ P | H ∧H

Here is an example of a Horn clause formula.

(T ⇒ p) ∧ ((p ∧ q)⇒ r) ∧ (F ⇒ q) ∧ (p⇒ F )

Here are some examples of formulas which are not Horn clause formulas.

1. p⇒ (q ∧ r) : Implications cannot have conjunctions on the right side.

2. ¬p⇒ q : Negations are not allowed

3. p⇒ (q ⇒ r) : Implications cannot be nested.

The polynomial time algorithm for checking satisfiability of Horn-clauseformulas is given in Algorithm 3.

Algorithm 3 Horn-clause-SAT

Input: A Horn clause formula αOutput: No if α is unsatisfiable, otherwise Yes and the satisfying assignment

1: Mark all T in α.2: while there exists a clause (p1 ∧ p2 ∧ · · · ∧ pk) ⇒ pk+1 such that pi is

marked for all i ≤ k but pk+1 is not do3: Mark pk+1

4: end while5: if there exists a F which is marked then6: Output No7: else8: Output assignment which maps all marked propositions to T and un-

marked to F9: end if

The correctness of the algorithm follows from the two lemmas below.

Lemma 5.7. If the Horn-clause-SAT algorithm outputs No, then the formulais not satisfiable.

Proof. We first show the following loop invariant.

Let v be a satisfying assignment of α. Then, the marked propo-sitions will be assigned true in v.

52

5.3. DPLL ALGORITHM

The loop invariant holds before we enter the while loop in line (2), sinceonly T is marked. So, let us assume that the loop invariant is true beforeit enters the while loop. We show that, the loop invariant holds after a runof the while loop. Consider that the while loop marks a proposition pk+1

because all propositions p1, . . . , pk was marked and α contains the clause(p1 ∧ p2 ∧ · · · ∧ pk)⇒ pk+1. Let v be an arbitrary assignment which makes αtrue. We know from the loop invariant that v assigns true to all propositionsp1, . . . , pk. Since v also satisfies the clause (p1 ∧ p2 ∧ · · · ∧ pk) ⇒ pk+1 (notethat α is a conjunction of such clauses), v should necessarily assign pk+1 totrue. Therefore, the loop invariant remains to hold once we exit the whileloop also.

We can now prove the lemma. Let us assume that the algorithm outputsNo. Therefore, F was marked. Our loop invariant says that all valuationswhich satisfies α should necessarily be such that it assigns true to F. This isnot possible and hence the formula is not satisfiable.

Lemma 5.8. If the Horn-Clause-SAT algorithm outputs Yes, then the for-mula is satisfiable.

Proof. Let α be the formula given as input to the algorithm. We first provethe following claim.

If pk+1 is not marked and there is a clause p1∧p2∧· · ·∧pk ⇒pk+1 in α, then atleast one of p1, . . . , pk is not marked.

Assume the above claim is false. Then all the propositions p1, . . . , pk aremarked. But then step 2 of the algorithm will mark pk+1 also. This is acontradiction. Hence atleast one of p1, . . . , pk is not marked.

We use the above claim to prove the lemma. There can be two types ofclauses, (1) either a clause has all propositions marked or (2) it has atleast oneproposition not marked. So consider the latter case. A clause with atleastone proposition not marked. From our above claim, it follos that atleastone proposition in the left hand side of the implication is not marked. Thealgorithm ensures this clause is satisfied, since all propositions not marked areassigned false. Now, consider the former case. A clause whose all propositionsare marked. The algorithm assigns all propositions to true and hence theclause is satisfied. Therefore the clause is satisfied by the valuation given bythe algorithm.

5.3 DPLL algorithm

The DPLL algorithm takes as input a CNF formula and says whether theformula is satisfiable or not. It is the foundation for most modern SAT

53


solvers. The solvers though now use far more complex heuristics.

Algorithm 4 DPLL Algorithm

Input: A CNF formula αOutput: UNSATISFIABLE if α is unsatisfiable, SATISFIABLE otherwise1: repeat2: Reduce the size of α by doing the following eliminations

Tautology Elimination:3: Remove clauses in α which are tautologies

Pure Literal elimination:4: Remove clauses which contain a pure literal.

One Literal elimination: Let l be a one literal5: Remove all clauses which contain the literal l6: Remove ¬l from all clauses.

Empty clause check7: if there is an empty clause then8: return UNSATISFIABLE9: end if

Empty formula check10: if α contains no clause then11: return SATISFIABLE12: end if13: until the size of α is not reduced by loop

Splitting: Pick a proposition p. Let α be of form (C1 ∨ p) ∧ · · · ∧ (Ck ∨p) ∧ (Ck+1 ∨ ¬p) ∧ · · · ∧ (Cm ∨ ¬p) ∧ Cm+1.

14: Call DPLL algorithm with α1 ::= C1 ∧ · · · ∧ Ck ∧ Cm+1.15: Call DPLL algorithm with α2 ::= Ck+1 ∧ · · · ∧ Cm ∧ Cm+1.16: if α1 or α2 is satisfiable then17: return SATISFIABLE18: else19: return UNSATISFIABLE20: end if

5.4 Exercises

Exercise 5.1. Give a polynomial time algorithm which takes as input a graphG = (V,E) and outputs a propositional formula α such that the graph is 3colorable if and only if α is satisfiable. That is, give a polynomial timereduction from 3-colorability to SAT.

54

5.4. EXERCISES

Exercise 5.2. Let us assume you have the following programs.

1. Horn-SAT: The program on input a formula α outputs Yes if α is asatisfiable Horn clause formula. Otherwise it outputs No.

2. 2CNF-SAT: The program on input a formula α outputs Yes if α is asatisfiable 2CNF formula. Otherwise it outputs No.

Use these programs to check whether the following formulas are satisfiable ornot.

(a) Let α be a conjunction of clauses (disjunction of literals) with at mostone literal negated in a clause.

(b) α is generated by the following grammar. G is the start symbol and pisare propositions.P := p1 | p2 | . . . | pn | ¬p1 | ¬p2 | . . . | ¬pnC := P ∧ C | PG := C | (P ⇒ G)

55

Chapter 6

Randomized SAT Solvers

In this chapter we will look at randomized algorithms for propositional for-mulas. In the first section, we give a polynomial time algorithm for checkingsatisfiability for 2-CNF formulas. Then we give an exponential time algo-rithm checking satisfiability for 3-CNF formulas. This algorithm will bebetter than the trivial O(2n) algorithm of going through all the assignmentsto the n propositions. You will observe that both the algorithms are easy todescribe. The difficult part is proving that the algorithm answers correctlywith “high” probability.

6.1 2-CNF

The algorithm is given in Algorithm 5. In the algorithm the number of timesthe loop needs to be iterated (i.e. m) will be fixed later depending on theconfidence in the algorithm the user requires.

The following claim is an easy observation about the algorithm.

Lemma 6.1. If the formula α is unsatisfiable then Algorithm 5 returns UN-SAT. Contra positively, if the algorithm returns SAT, then the formula issatisfiable.

Due to the above lemma, the important question we need to answer is, ifthe formula is satisfiable, how often will the algorithm return UNSAT. Thatis, what is the probability that the algorithm fails. So, let us assume thatthe formula is satisfiable and try to answer how long will the algorithm taketo return SAT. This will help us in deciding what is a good value for m.

We now try to estimate the expected running time of the algorithm, as-suming the formula is satisfiable and the loop runs for ever (i.e m =∞). LetS be a satisfying assignment for α. We will try to find the expected running

56

6.1. 2-CNF

Algorithm 5 2-CNF Satisfiability

Input: A 2-CNF formula αOutput: α is satisfiable or not.1: Start with an arbitrary truth assignment.2: for m steps do3: if assignment makes α true then4: Return SAT5: end if6: Choose a clause not satisfiable.7: Choose uniformly at random one of the propositions in the clause and

change its assignment.8: end for9: Return UNSAT.

time for finding S. Note that, there may be other satisfying assignments andthe algorithm might find them before it finds S. Therefore, the expectedrunning time we find is a worst case estimate. Consider the ith iteration ofthe loop. We define Ai and Xi as follows

Ai = the assignment at the beginning of the ith iteration of the loop

Xi = the number of variables whose assignments in Ai differ from that of S

We can try to understand some properties of Xi. Note that if Xi = n,then all assignments to variables in Ai differ from S. The algorithm thereforewill find a clause which is not satisfiable. In that clause, assignments to boththe propositions are wrong and hence no matter which proposition we pickand change the assignment we get that Xi+1 = n− 1.

Prob [Xi+1 = n− 1 | Xi = n] = 1

Let us now move on to the general case when Xi = k < n. We are interestedin identifying the probability of Xi+1 = k− 1. Let us analyse our algorithm.We have k assignments differing from S and our algorithm picks a clausewhich is not satisfiable. Atleast one of the proposition in this clause is as-signed a truth value in Ai which is different from that in S (note that, itcould happen that both the propositions are assigned differently). Our algo-rithm picks one of the two proposition with equal probability and changes itsassignment. Therefore, we pick a proposition whose value is different withprobability greater than or equal to 1

2. If both the propositional values are

different we pick with probability 1. Otherwise we pick with probability 12.

Therefore

Prob [Xi+1 = k − 1 | Xi = k] ≥ 1

2

57

6. Randomized SAT Solvers

A similar analysis also gives us

Prob [Xi+1 = k + 1 | Xi = k] ≤ 1

2

Our current understanding is captured by the following set of equationsand in Figure 6.1.

Prob [Xi+1 = n− 1 | Xi = n] = 1

Prob [Xi+1 = k − 1 | Xi = k] ≥ 1

2, ∀k, where 0 < k < n

Prob [Xi+1 = k + 1 | Xi = k] ≤ 1

2, ∀k, where 0 < k < n

(6.1)

Let us assume that when we enter the first loop, we have an assignment suchthat X1 = k. We are interested in finding out how many steps m are requiredsuch that Xm = 0. Note that, at any iteration of the loop, we can go rightone step in the figure (towards n) with probability greater than or equal tohalf and we can move left (towards 0) with probability, less than or equal tohalf.

Figure 6.1: At each loop iteration,the algorithm walks one step to-wards the left or right with prob-ability ≥ 1

2or ≤ 1

2respectively.

The walk given by Equation 6.1 is difficult to analyse and therefore weanalyse a “pessimistic” version of the above probability distribution. Theequations in this version are approximated by a “Markov chain” as follows(see also Figure 6.2).

Prob [Xi+1 = n− 1 | Xi = n] = 1

Prob [Xi+1 = k − 1 | Xi = k] =1

2,∀k, where 0 < k < n

Prob [Xi+1 = k + 1 | Xi = k] =1

2,∀k, where 0 < k < n

(6.2)

Note that, in the former setting, the probability of going left at any pointwas greater or equal to in the latter setting. Therefore, the probability ofreaching 0 in m number of steps is greater in the former than in the latter.Therefore, the expected number of steps to reach 0 from k using these set ofequations is greater than what we had before. We will give an upperboundfor these sets of equations.

58

6.1. 2-CNF

Figure 6.2: Markov Chain approxi-mation: At each loop iteration, thealgorithm walks one step towardsthe left or right with probability ex-actly 1

2. This is a worst case sce-

nario for our algorithm.

Let k be such that 0 ≤ k ≤ n. We will denote by Zk, the randomvariable representing the number of steps from k to 0. We are interested inthe expected value of Zn (denoted by E[Zn]). The Equations 6.2 gives us thefollowing

E[Z0] = 0

E[Zn] = 1 + E[Zn−1]

∀ 0 < k < n, E[Zk] =1

2(1 + E[Zk−1]) +

1

2(1 + E[Zk+1)]

= 1 +1

2(E[Zk−1] + E[Zk+1])

(6.3)

This contains n + 1 equations on n + 1 variables. The following claimholds for equations 6.3.

Lemma 6.2. For all k, where 0 ≤ k < n we have E[Zk] = 2nk − k2

Proof. The proof is by induction on k. It is easy to observe that the claimholds for the base case k = 0. Let us assume it true for some k and showthat it holds for k + 1. We know the following

E[Zk] = 1 +1

2(E[Zk−1] + E[Zk+1])

Therefore, the lemma holds due to the following analysis

E[Zk+1] = 2(E[Zk]− 1

)− E[Zk−1]

= 2(2nk − k2 − 1)−(2n(k − 1)− (k − 1)2

)= 2(2nk − k2 − 1)−

(2nk − 2n− (k2 − 2k + 1)

)= 2nk − k2 − 1 + 2n− 2k

= 2n(k + 1)− (k + 1)2

From this, we get that

E[Zn] = 1 + 2n(n− 1)− (n− 1)2 = n2

59


In other words, the expected number of steps required from any position kto 0 is less than or equal to n2. This proves the following.

Lemma 6.3. If a 2-CNF formula is satisfiable, then the algorithm 5 outputsSAT in an expected running time of at most n2.

With the above lemma, we can derive a “good” value for m. We showthat, if m = 2n2t, then the algorithm answers correctly with a probabilitygreater than or equal to (1− 1

2t).

Theorem 6.4. Let m = 2n2t. Then Algorithm 5. fails with probability lessthan or equal to 1

2t.

Proof. We know that if the formula is not satisfiable, the algorithm does notfail. So, let us assume that the formula is satisfiable. Let Z be the randomvariable representing the number of steps taken to output SAT. ApplyingMarkov’s inequality to the above lemma gives us

Prob [Z ≥ 2n2] ≤ 1

2

Let us consider our algorithm as running t loops with each loop running 2n2

times. Then, an inside loop fails with probability less than or equal to half.Hence, the probability of the algorithm failing t times is given by the unionbound as

Prob [ algorithm fails ] ≤ 1

2t

6.2 3-CNF

Our algorithm will be a modification of the 2-CNF algorithm. What couldgo wrong if we applied the same algorithm for the 3-CNF case. The Markovchain for a 3-CNF formula is given in Figure 6.3. Exercise ?? shows that theexpected running time for this algorithm is O(2n). This is not good enough,since even going through all possible solutions takes only this much time.

We modify our algorithm as follows.As in the 2-CNF algorithm, we know that if the formula is unsatisfiable,

then the algorithm will return UNSAT. Let us now calculate the expectedrunning time of the algorithm if m = ∞ and assuming the formula is sat-isfiable. Like in the previous analysis, let S be the satisfying assignment.Let us now consider the run of an outer loop. We start from an arbitraryassignment for α. For the ith iteration of the inner loop we denote by Ai

60

6.2. 3-CNF

Figure 6.3: Markov Chain approxi-mation: At each loop iteration, thealgorithm walks one step towardsthe left or right with probability 1

3,

and 23

respectively. This is a worstcase scenario for our algorithm.

Algorithm 6 3-CNF Satisfiability

Input: A 3-CNF formula αOutput: α is satisfiable or not.1: for m steps do2: Start with an arbitrary truth assignment.3: for 3n steps do4: if assignment makes α true then5: Return SAT6: end if7: Choose a clause not satisfiable.8: Choose uniformly at random one of the propositions in the clause

and change its assignment.9: end for10: end for11: Return UNSAT.

the assignment at the beginning of the inner loop. We want to bound theprobability that the 3n steps of the inner loop does not identify the satisfyingassignment. Let us assume that the after the initial arbitrary assignment, kmany propositions are wrongly assigned. Let us denote by qk the probabil-ity that we reach a satisfying assignment within 3n steps of the inner loop.That is, the probability of reaching 0 from k by doing a random walk on theMarkov Chain given in Figure 6.3. Note that, in the special case of k = 0,we have q0 = 1. For a general k > 0, there is no bound on the number of leftor right moves required to reach 0. Let us consider, a special case when thenumber of right moves is k and the number of left moves is 2k. Clearly qk isgreater than the probability of this happening. Thus

qk ≥(

3k

k

)(1

3

)2k(2

3

)kStirling’s formula gives that there are constants c1 and c2 such that for

any n > 0, we have c1√n(ne

)n ≤ n! ≤ c2√n(ne

)n. This can now be used to

61


find a better bound for qk.

qk ≥3k!

k!2k!(1

3

)2k(2

3

)k≥

c1√

3k(3ke

)3k

c2√k(k

e)kc2√

2k(2ke

)2k

(1

3

)2k(2

3

)k≥ c

1√k

1

2k, for a constant c

We now have a bound on qk. Let us now calculate the probability qthat we find the satisfying assignment given that we start from a randomassignment. Then,

q =n∑k=0

Prob [assignment to exactly k propositions are different from that of S ]× qk

≥ 1

2n+

n∑k=1

(n

k

)1

2nc√k

1

2k

≥ 1

2nc√n

+n∑k=1

(n

k

)1

2nc√n

1

2k

=c√n2n

n∑k=0

(n

k

)1

2k

=c√n2n

(1 +1

2)n ( using the expansion for (1 +

1

2)n)

=c√n

(3

4

)nThus the probability of success starting from an arbitrary assignment and

walking 3n steps is ≥ c√n

(34

)n. Thus the expected running time of the outer

loop for success is given by

O(√n(4

3

)n)

Let a be denoted by this number. Thus the total number of steps of thealgorithm is a× 3n. We will now show that taking m = 2at will ensure thatthe probability of failure of our algorithm is less than or equal to 1

2t.

Theorem 6.5. Let a =√nc

(43

)n) and m = 2at. Then the running time of

Algorithm 6. is O(n32

(43

)n) and the probability of failure is less than or equal

to 12t

.

62

6.2. 3-CNF

Proof. The running time of the algorithm is 3n×√nc

(43

)n) = O(n

32

(43

)n). The

algorithm will fail only if the formula is satisfiable. Let Z be the randomvariable denoting the number of outer loops required for finding the satisfyingassignments. Using Markov’s inequality we can show that

Prob [Z ≥ 2a] ≤ 1

2

Let us again consider that we are running the algorithm t times and eachtime we are running the outer loop for 2a times. Thus the probability offailure for all the t times is given by the union bound by

Prob [algorithm fails ] ≤ 1

2t

63

Part III

First Order Logic

64

Chapter 7

First Order Logic

7.1 Introduction

Consider the logical derivations in Table 7.1. Which one of the reasoning iscorrect?

Table 7.1 Two proofs - One is correct, one wrong.

Proof A1. All mathematicians are intelligent.2. Ramanujan was a mathematician.3. Therefore, Ramanujan was intelligent.

Proof B1. There is a mathematician who is intelligent.2. Ramanujan was a mathematician.3. Therefore, Ramanujan was intelligent.

You could see that Proof A is correct, whereas Proof B is not. Naturaldeduction of propositional logic will not help us to reach a correct conclusion.We need a stronger, richer logic for these kind of reasoning. We will showthat, first order logic (also called predicate logic) will help us.

Consider the following statement.

Everyone is younger than a father. (7.1)

Our aim is to capture the information contained in the statement. We firstintroduce a predicate called father (which will be denoted by F ). Introducingthis predicate, allows us to write a formula like

F (Ashoka)

The meaning we intend to convey is, “Ashoka is a father”. We can thus writeF (Alexander), F (Shivaji) etc. Let us introduce another predicate younger(which will be denoted by Y ). We denote by Y (Shivaji, Ashoka) to mean

65

7. First Order Logic

“Shivaji is younger than Ashoka”. The difference between the predicates Fand Y is that F takes one value as parameter whereas Y takes two param-eters. We say that F is a unary predicate whereas Y is a binary predicate .A predicate which takes k parameters (where k > 2) will be called a k− arypredicate. We denote by arity the number of parameters of a predicate. Thatis, arity of F is 1, whereas the arity of Y is 2.

The names Ashoka,Alexander, Shivaji are called constants . This isin contrast to a variable . Variables will be represented by x, y, z, . . . . Avariable is used as a symbol which can take any value from the domain ofour problem. In our current discussion, a variable can take name of anyperson. Variables allow us to write formulas like

F (x), F (y), F (z), . . .

Combined with quantifiers variables are a very powerful addition to our logic.Let us introduce universal quantifier first. For a variable x, we write

∀x

to mean, for all x. For a variable y, the existential quantifier is denoted by

∃y

and it means, there exists y. We can now rewrite the statement (7.1) in firstorder logic as follows.

∀x ∃y (Y (x, y) ∧ F (y))

It says, for every one (∀x), there is some person (∃y), who is older than him(Y (x, y)) and such that he (y) is a father. The variable x and y can take thename of any person. That is the domain of x and y is the set of all humanbeings (past and present).

In the above notation, given a person, we cannot identify who his/herfather is. That is, the predicates we used was not good enough to keeptrack of this information. If we need to write properties using this informa-tion, we need to use a new predicate (let us call it father of, Ff) such thatFf(Mahendra,Ashoka) will mean father of Mahendra is Ashoka. Note thatfather of is a function. That is, for every x, there exists exactly one y suchthat Ff(x, y) is true. In such cases, we can use a function notation. Letus denote by ff the function which gives the father of a person. That isff(Mahendra) = Ashoka. A function takes as parameter domain elementsand returns a domain element. Consider the following sentence

Everyone is younger than his/her father. (7.2)

66

7.2. TERMS AND FORMULAS

This can now be written using the function ff as follows

∀x∃y ((y = ff(x))⇒ Y (x, y))

It says, for all x, there exists someone who will be older than him, if hewas his/her father. Note that, the statement does not say that any personneeds to have a father. Similar to arity of predicates we can define arity of afunction. It is defined as the number of parameters in its domain.

7.2 Terms and Formulas

Definition 7.1. Terms are inductively defined as follows.

1. All constants are terms

2. All variables are terms

3. If t1, . . . , tn are terms, and f is a function of arity n, then f(t1, . . . , tn)is also a term.

4. Nothing else is a term.

In Baukus normal form, the grammar for terms can be written as follows.

t ::= c | x | f(t, t, . . . , t)

Definition 7.2. Formulas are inductively defined as follows

1. If P is a predicate of arity n and t1, . . . , tn are terms, then P (t1, . . . , tn)is a formula.

2. If φ is a formula, then ¬φ is also a formula.

3. If α, β are formulas, then α ∨ β, α ∧ β, α⇒ β are all formulas.

4. If α is a formula, then ∃x α is a formula.

5. If α is a formula, then ∀x α is a formula.

6. Nothing else is a formula.

In Baukus normal form, the grammar for formulas can be written as follows.

φ ::= P (t, t, . . . , t) | ¬φ | φ ∨ φ | φ ∧ φ | φ⇒ φ | ∃xφ | ∀xφ

Informally, the terms look like functions (which output an element fromthe domain), whereas formulas look like predicates (which have a true orfalse value).

67

7. First Order Logic

7.3 Natural Deduction

We follow Huth and Ryan for natural deduction.

7.4 Soundness and Completeness

The proof for soundness and completeness can be found in Enderton.

68

Chapter 8

First Order Theories

We follow the book “The calculus of computation” by Bradley and Manna.

8.1 Introduction

A first order theory T consists of the following

1. A set of symbols called constants, predicates and functions.

2. A set of axioms which give meaning to these symbols.

Let us elaborate on the interplay between axioms and symbols. Considerthe following formula:

∀x ∃y R(x, y)

What is the meaning of R in the above formula. Given only the symbol R,there is no way we know what it means. Let us rewrite the above sentenceusing a different symbol.

∀x ∃y x ≤ y

Suddenly we see a meaning in the above statement. The reason, being wehave a notion of what < stands for. Usually, we use < to mean a total order.Note that, you might encounter < to mean a partial order sometimes. Letus assume < stands for total order in the above statement. The questionarises, how do we tell an ”alien” what is a total order (in short what does< mean)? If our alien understands first order logic, we can give the set ofaxioms of a total order.

1. (Transitivity) ∀x, y, z (a < b ∧ b < c)⇒ (a < c)

2. (Antisymmetry) ∀x, y (x < y)⇒ (y < x)

69

8. First Order Theories

3. (Trichotomy law) ∀x, y (x < y) ∨ (y < x)

Note that in a partial order, the Trichotomy law does not hold. The aboveaxioms give meaning to the < predicate.

Example 8.1. We will denote by T<, the theory of < symbol along with theabove axioms of transitivity, antisymmetry, and trichotomy law.

Given a theory T , we will abuse notation and use T also to denote theset of axioms of the theory. For a theory T , we say a formula α is T -valid(or valid in theory T ) if the following holds for all models M ,

If for all axioms A in T , M |= A then M |= α.

In other words, we say α is T -valid if

T |= α

Recollect that, from the completeness theorem this will also mean

T ` α

We say that α is T -satisfiable if there exists a model M such that M |= Afor all axioms A in T and M |= α. We say that a theory T is complete if forall formulas α which uses only the symbols in T ,

either T |= α or T |= ¬α

Consider the above theory T<. We show that T< is not complete.

Lemma 8.1. T< is not a complete theory.

Proof. Consider the formula

α ::= ∀x, y(x < y)⇒ (∃z x < z < y)

We show that T< neither satisfies α nor ¬α. To show that the theory does notsatisfy α, it is enough to give a model which satisfies the axioms of T< but notα. The natural numbers with the associated total order is one such model.Similarly to show that the theory does not satisfy ¬α, it is sufficient to givea model which satisfies the axioms of T, but not ¬α. The rational numberswith the associated total order is a model which satisfies this condition.

We say that a theory T is consistent if for all formulas α we do not havethat T |= α and T |= ¬α. If a theory is not consistent, we say that it isinconsistent .

70

8.2. THEORY OF EQUALITY

Example 8.2. The theory consisting of the axioms α and ¬α for any α isinconsistent. On the other hand with some effort one can show that T< isconsistent.

We say that a theory T is decidable, if there exists an algorithm P whichon input α outputs yes if T |= α, and outputs no, otherwise. The theoryof all symbols and no axioms is undecidable. On the other hand, T< isdecidable. We will see that, most of the theories are undecidable, but thereare interesting theories which are decidable.

8.2 Theory of Equality

The theory of Equality (denoted by TE) consists of the following set of sym-bols:

• A binary predicate called equality, denoted as =.

• All constants, functions, predicates.

The axioms of TE consists of the following

1. (Reflexive) ∀x (x = x)

2. (Symmetry) ∀x, y (x = y)⇒ (y = x)

3. (Transitivity) ∀x, y, z ((x = y) ∧ (y = z))⇒ (x = z)

4. (function congruence)

∀x1, . . . , xn, y1, . . . , yn (n∧i=1

xi = yi)⇒ f(x1, . . . , xn) = f(y1, . . . , yn)

5. (predicate congruence)

∀x1, . . . , xn, y1, . . . , yn (n∧i=1

xi = yi)⇒ (P (x1, . . . , xn) ⇐⇒ P (y1, . . . , yn))

Exercise 8.1. Prove the following using natural deduction and axioms of TE

TE ` ((a = b) ∧ (b = c))⇒ g(f(a), b) = g(f(c), a)

The satisfiability problem of the theory of equality is undecidable.

Theorem 8.2. Satisfiability of theory of equality is undecidable.

Note that first order logic (without equality) itself is undedicable. Henceit is not surprise that first order logic with equality is undecidable (consideronly formulas which do not use equality). This leads us to search for logicswhich are decidable.

71


8.3 Peano arithmetic

Peano arithmetic was a proposed theory of arithmetic. We will denote it byTPA. It consists of the following sets of symbols.

• The constants 0, 1

• The binary predicate = and ternary predicates addition (denoted by+) and multiplication (denoted by .).

The axioms of Peano arithmetic are as follows.

(zero) ∀x ¬(x+ 1 = 0)(successor) ∀x, y ((x+ 1 = y + 1)⇒ (x = y))(plus zero) ∀x (x+ 0 = x)(plus successor) ∀x, y (x+ (y + 1)) = (x+ y) + 1(times zero) ∀x (x.0 = 0)(times successor) ∀x, y (x.(y + 1)) = (x.y + x)(induction) For all formulas α(x) with a single free variable x:(

α(0) ∧ ∀x (α(x)⇒ α(x+ 1)))⇒ ∀x α(x)

The intended interpretation of the axioms are in natural numbers (i.e.{0, 1, . . . }).

The logic is quite cumbersome to write. For example

x.x+ x.x+ x.x+ x+ x+ 1 + 1 + 1 + 1 + 1 = 0

represents the polynomial 3x2 + 2x + 5 = 0. Therefore, we will continue touse the polynomial notation inside formulas (but keeping in mind that wecan convert it into the formula form whenever required).

Exercise 8.2. Express the following properties in TPA. That is, for each ofthe following properties, write a formula in TPA such that the formula is trueif and only if the property is true.

1. x > y : is true iff x is greater than y.

2. x ≥ y

3. Prime(x) : is true iff x is a prime number

4. Even(x) : is true iff x is an even number

5. Goldbach Conjecture: Every even integer greater than 2 is the sum oftwo prime numbers.

72

8.4. PRESBURGER ARITHMETIC

Use natural deduction and the axioms of TPA to show the following.

Exercise 8.3. Show that there are infinite number of primes. That is,

TPA ` ∀x ∃y (y > x ∧ Prime(y))

Unfortunately satisfiability of TPA is also not decidable.

Theorem 8.3. Satisfiability of Peano arithmetic is undecidable.

But a more shocking result is the incompleteness theorem of Godel. Hesaid that

Theorem 8.4 (Godel’s incompleteness theorem). Peano arithmetic is not acomplete theory. That is, there is a formula α such that neither TPA ` α norTPA ` ¬α.

Keep in mind that, we are not saying TPA does not satisfy the complete-ness theorem. TPA satisfies the soundness and completeness results. In otherwords.

TPA |= α ⇐⇒ TPA ` α

Godel’s incompleteness result is saying that there is a formula α such thatneither can we derive α from the axioms of TPA, nor can we derive ¬α fromthe axioms of TPA. It was a strong statement at the time of its discovery.It says that there are theorems in first order logic of arithmetic, which cannever be proved true or false. The exact statement of Godel is more powerfuland says no matter how we extend Peano arithmetic, still we are left withstatements which can neither be proved nor disproved.

8.4 Presburger arithmetic

We will denote Presburger arithmetic by TPresb. The theory is named afterPresburger, a mathematician who designed the axioms and proved decidabil-ity of the theory. It is a theory of addition over integers. It consists of thefollowing sets of symbols.


• The binary predicates =, < and ternary predicates addition (denotedby +) and subtraction (denoted by −).

73


The theory is intended to be interpreted over Integers. The axioms ofPresburger arithmetic are:

(successor) ∀x, y ((x+ 1 = y + 1)⇒ (x = y))(plus zero) ∀x (x+ 0 = x)(plus successor) ∀x, y (x+ (y + 1)) = (x+ y) + 1(times zero) ∀x (x.0 = 0)(times successor) ∀x, y (x.(y + 1)) = (x.y + x)(subtraction) ∀x, y, z (x = y − z ⇐⇒ y = x+ z)(order successor) ∀x (x+ 1 > x)(order transitive) ∀x, y, z (x > y ∧ y > z)⇒ (x > z)(order antisymmetric) ∀x, y (x > y)⇒ ¬(y > x) ∧ ¬(x = y)(induction) For all formulas α(x) with a single free variable x:(

α(0) ∧ ∀x > 0 (α(x)⇒ α(x+ 1)))⇒ ∀x > 0 α(x)

Use the axioms above along with natural deduction to prove the following.

Exercise 8.4. Prove the following

1. TPresb ` ∀x, y, z((x > z) ∧ (y ≥ 0)

)⇒ (x+ y > z)

2. TPresb ` ∀x, y((x > 0) ∧ (x = 2y ∨ x = 2y + 1)

)⇒ (x− y > 0)

Fortunately, Presburger arithmetic turns out to be decidable. The satis-

fiability problem is in O(222|α|

).

8.5 Theory of Reals

Tarski showed that the theory of reals is decidable. The symbols for thetheory of reals is as follows.


• The binary predicate = and ternary predicates addition (denoted by+) and multiplication (denoted by .).

As the name suggests, the theory is to be interpreted over reals. We skipthe set of axioms because the list is big. The big takeaway from the theoryof reals is that it is decidable.

74

8.6. SUMMARY

8.6 Summary

We summarize the different theories in the table below.

Name Symbols Interpretation over DecidabilityFirst order theory all relations all models UndecidableTheory of equality all relations, = all models UndecidablePeano arithmetic 0, 1,+, .,= Natural numbers UndecidablePresburger arithmetic 0, 1,+,−, >,= Integers DecidableTheory of Reals 0, 1,+, .,= Reals Decidable

75

Chapter 9

Program Verification

We followed Huth and Ryan for Program verification.

76

Index

≡, 102-CNF, 36

atomic, 6

clause, 35CNF formula, 35conjunction, 7consistency, 30consistent, 31contradiction, 11contrapositive, 10

Declarative sentences, 5disjunction, 7

equivalent, 10

formulas, 9

Horn clause, 42

iff, 10implication, 8

k-CNF, 36

literal, 35logical connectives, 6

modus ponens, 21

Natural deduction, 18negation, 6

propositions, 6

satisfiable, 11

semantic entailment, 14semantics, 6

tautology, 11truth table, 6

unsatisfiable, 11

vacuously true, 15valuation, 10

77

Bibliography

[1] Aspvall, Plass, and Tarjan. A linear-time algorithm for testing the truth ofcertain quantified boolean formulas. IPL: Information Processing Letters,8, 1979.

78

sreejith a. v. ([email protected]) iit goa, lecture...

Documents