Berardi A Short Introduction to Logic Summer Course Eugene 2002

8/2/2019 Berardi A Short Introduction to Logic Summer Course Eugene 2002

1/285

1

A Short Introduction to LogicSummer School on Proofs as Programs

2002 Eugene (Oregon)

Stefano Berardi Universit di Torino

[email protected]://www.di.unito.it/~stefano
mailto:[email protected]://www.di.unito.it/~stefanohttp://www.di.unito.it/~stefanomailto:[email protected]


2/285

2

http://www.di.unito.it/~stefano

(look for the first line in the topicTEACHING)

The text of this short course on Logic,together with the text of the next short

course onRealizability, may be found in

the home page of the author
http://www.di.unito.it/~stefanohttp://www.di.unito.it/~stefano


3/285

3

Plan of the course

Lesson 1.Propositional Calculus. Syntax and Semantic.

Proofs (Natural Deduction style). Completeness Result.

Lesson 2. Predicate Calculus. Syntax and Semantic.

Proofs (Natural Deduction style). Lesson 3. Gdel Completeness Theorem. Validity.

Completeness.

Lesson 4. Strong Normalization. Intuitionistic Logic.

Strong Normalization. Structure of Normal proofs. Next Course: Realization Interpretation.


4/285

4

Reference Text

Logic and Structure. Dirk van Dalen. 1994,

Springer-Verlag. Pages 215.


5/285

5

Using the Textbook

What we skipped:

1. Model theory of Classical Logic (most of 3)

2. Second Order Logic ( 4)

3. Model theory of Intuitionistic Logic (in 5) Roughly speaking: Lessons 1,2,3,4 correspond to

sections

1, 2, 3 and 4, 5 and 6

of Van Dalens textbook. Roughly speaking (and on the long run): in these Course

Notes, one slide corresponds to one page of VanDalens book.


6/285

6

Lesson 1

Propositional CalculusSyntax

Semantic

ProofsCompleteness


7/285

7

Plan of Lesson 1

We will quickly go through Syntax and Semantic ofPropositional Calculus again.

1.1 Syntax. The set of formulas of PropositionalCalculus.

1.2 Semantic. Truth tables, valuations, and tautologies. We will really start the course from here:

1.3 Proofs. We introduce Natural Deductionformalization of Propositional Calculus.

1.4 Completeness. We prove that logical rules proveexactly all true propositions.

Forthcoming Lesson: First Order Logic


8/285

8

1.1 Syntax

The symbol of the language.

Propositional symbols: p0, p1, p2,

Connectives: (and), (or), (not), (implies), (is equivalent to), (false).

Parenthesis: (, ).


9/285

9

1.1 Syntax

The set PROP of propositions: thesmallest closed under application ofconnectives:

1. PROP

2. pi PROP for all iN

3. PROP ()PROP

4. ,PROP (), (), (),

() PROP


10/285

10

1.1 Syntax

Examples:

(p0)

((p0)) (p0 (p1 p2))

(p0 (p1 p2))

Correct expressions of Propositional Logicare full of unnecessary parenthesis.


11/285

11

1.1 Syntax

Abbreviations. Let c=, , . We write

p0 c p1 c p2c

in the place of

(p0 c (p1 c (p2c )))

Thus, we write

p0 p1 p2, p0p1 p2,

in the place of

(p0 (p1 p2)), (p0 (p1 p2))


12/285

12

1.1 Syntax

We omit parenthesis whenever we mayrestore them through operator precedence:

binds more strictly than , , and, bind more strictly than , .

Thus, we write:

p0 for ((p0)),

p0 p1 for ((p0 ) p1)

p0 p1 p2 for ((p0 p1) p2),


13/285

13

1.1 Syntax

Outermost symbol. The outermost symbol

of

, pi, ,(), (), (), ()

are, respectively:

,pi,,,,,


14/285

14

1.1 Syntax

Immediate Subformulas :

1. Of and pi are none

2. Of is

3. Of (), (), (), ()are ,

is a subformula of iff there is some chain =0, ,n=, each formula being some immediate subformulaof the next formula.

Subformulas of=((p0 p1) p2) are:

itself, (p0 p1), p0, p1, p2.


15/285

15

1.2 Semantic

Interpreting Propositional constant and connective.

Each proposition pi may be either T (true) or F (false).

is always F (false).

, , , , are interpreted as unary or binary map(or Truth Tables), computing the truth of a statement

, (), (), (), (),

given to the truth of immediate subformulas , .


16/285

16

1.2 Semantic

Truth table of.=T =F

=F =T


17/285

17

1.2 Semantic

Truth table of.=T =F

=T = T = F

= F = F = F


18/285

18

1.2 Semantic

Disjunction is taken not exclusive: if

, then both , may be true.=T =F

=T = T = T

= F = T = F


19/285

19

1.2 Semantic

Implication is material: is true

also for unrelated statements , : it only

depends on the truth values of, .

=T =F

=T = T = T

= F = F = T


20/285

20

1.2 Semantic

Equivalence is identity of truthvalues.

=T =F

=T =T =F

=F =F =T


21/285

21

1.2 Semantic

Inductive definition. Fix any set I, any map v:NI, any

bI, and for any unary (binary) connective c, some unary

(binary) map Tc on I.

Then there is exactly one map h:PROPI, such that: f(pi) = v(i) I for all iN,

f() = b I

f() = T(f()) I

f( c ) = Tc(f(), f()) I

for all binary connectives c


22/285

22

1.2 Semantic

A Valuation is any map v:N{T,F}, assigning truth

values to Propositional constants.

Interpreting Propositional formulas. Any valuation v

may be extended by an inductive definition to somemap h:PROP{T,F}, by:

1. mapping into b=False,

2. using, as Tc, the truth table of connective c= , , ,

, . For all PROP, we denote h() by

[]v {T,F}


23/285

23

1.2 Semantic

Let PROP.

Tautologies. is a tautology iff for allvaluations v we have []v =T.

Contradictions. is a contradiction iff forall valuations v we have []v =F.

Tautology conveys our intuitive idea of

being logically true, or true no matterwhat the Propositional constants are.


24/285

24

1.2 Semantic

Some examples of tautologies

Double Negation Law: .

Excluded Middle: . An easy exercise: check that is a

tautology, i.e., that

[]v = True for all valuations v:N{T,F}.


25/285

25

1.3 Proofs

Formal Proofs. We introduce a notion offormal proof of a formula : Natural

Deduction.

A formal proof of is a tree

whose root is labeled ,

and whose children are proofs of the

assumptions 1, 2, 3, of the rule r weused to conclude .


26/285

26

1.3 Proofs

Natural Deduction: Rules. For each logicalsymbol c=, , , , and each formula withoutermost connective c, we give:

A set of Introduction rules for c, describingunder which conditions is true;

A set of Elimination rules for c, describingwhat we may infer from the truth of.

Elimination rules for c are justified in term ofthe Introduction rules for c we chose.


27/285

27

1.3 Proofs

Natural Deduction: the missingconnectives.

We treat

, ,

as abbreviating

(), ()(),

We do not add specific rules for theconnectives , .


28/285

28

1.3 Proofs

Natural Deduction: notations for proofs.

Let be any formula, and be any unordered (finite or

infinite) list of formulas. We use the notation

abbreviated by |- , for: there is a proof of whose assumptions are included

in .


29/285

29

1.3 Proofs

Natural Deduction: crossassumptions.

we use the notation

,

for: we drop zero or more assumptionsequal to from the proof of.

\


30/285

30

1.3 Proofs

Natural Deduction: assumptions of aproof

1 2 3

r --------------------------------

are inductively defined as:

all assumptions of proofs of1, 2, 3, ,minus all assumptions we crossed.


31/285

31

1.3 Proofs

Identity Principle: The simplest proof is:

having 1 assumption, , and conclusionthe same .

We may express it by: |-, for all We call this proof The Identity

Principle(from we derive ).


32/285

32

1.3 Proofs

Rules for Introduction rules: none ( is always false).

Elimination rules: from the truth of (a

contradiction) we derive everything:----

If|- , then |-, for all


33/285

33

1.3 Proofs

Rules for Introduction rules:

--------

If |- and |- then |-


34/285

34

1.3 Proofs

Elimination rules:

-------- -------

If |- , then |- and |-


35/285

35

1.3 Proofs

Rules for Introduction rules:

-------- -------

If |- or |- , then |-


36/285

36

1.3 Proofs

Elimination rules:

--------------------------------------

If |- and,|- and, |-, then |- We may drop any number of assumptions equal to (to

) from the first (from the second) proof of

\ \


37/285

37

1.3 Proofs

Rules for Introduction rule:

--------

If, |- , then |- We may drop any number of assumptions equal to

from the proof of.

\


38/285

38

1.3 Proofs

Elimination rule:

----------------

If |- and |-, then |- .


39/285

39

1.3 Proofs

The only axiom not associated to a connective, nor justified by some Introduction rule, is DoubleNegation:

.

---

If, |- , then |- We may drop any number of assumptions equal to

from the proof of.

\


40/285

40

1.3 Proofs

Lemma (Weakening and Substitution).

1. If |- and p, then p|-.

2. If |- and , |-, then |- .

Proof. Any proof with all free assumptions in has all

free assumption in p.

Replace, in the proof of with free

assumptions all in ,, all free assumptions by a proof of with all free assumptions in .


41/285

41

1.4 Completeness

Definition (Validity). |- is valid iff for allvaluations v such that v(){True}, we havev()=True (iff for no valuation v we havev(){True}, v()=False).

Validity conveys the idea |- is true no matterwhat the Propositional constants are.

Definition (Consistency). is consistent iff (|-

) is false (if does not prove ). Definition (Completeness). is complete iff for

all propositions , either |- or |- .


42/285

42

1.4 Completeness

Correctness. If |- is true in NaturalDeduction, then |-is valid.

Proof. Routine. By induction over the

proof of|-, considering:1. one case for each introduction and

elimination rule,

2. one for the Identity rule,3. one for Excluded middle.


43/285

43

1.4 Completeness

Completeness Theorem. If|- is valid, then then |-

is derivable in Natural Deduction.

Proof. We will pass through many Lemmas:

Lemma 1 (Consistency). If |- is not derivable, then

, is consistent.

Lemma 2 (Consistent Extension). For all formulas ,if is consistent, then either , or , is

consistent.


44/285

44

1.4 Completeness

Lemma 3 (Complete Consistent extension).

Any consistent set may be extended to some

consistent complete set .

Lemma 4 (Valuation Lemma). For everycomplete consistent consistent set there is

some valuation v such that v()={True}.

Lemma 5 (2nd

Valuation Lemma). For everyconsistent set there is some valuation v such

that v(){True}.


45/285

45

1.4 Completeness

Lemma 1 (Consistency). If |- is not

derivable, then , is consistent.

Proof. We will prove the contrapositive: if

, |-, then |-. This statement

follows by Double Negation.


47/285

47

1.4 Completeness

Lemma 3 (Complete Consistent extension). Anyconsistent set may be extended to some consistentcomplete set (such that for all formulas , either|- or |- ).

Proof. Fix any numbering of formulas 0, , n, .Let 0, , n, be the sequence of sets of formulasdefined by:

0 = n+1 = n, n, ifn, n is consistent

n+1 = n, n ifn, n is not consistent


48/285

48

1.4 Completeness

Proof of Complete Consistent Extension .

(Consistency) By the Consistent Extension lemma, if

n is consistent then n+1 is. Since 0 = is consistent,

then all n are consistent. Thus, = nn is consistent(a proof of with assumptions in would have all

assumptions in some n).

(Completeness) By construction, includes, for all

formulas n

, either n

or n

. By the Identity Principle,

in the first case |-n, in the second one |-n .


49/285

49

1.4 Completeness

Lemma 4 (Valuation Lemma). For every complete

consistent set there is some valuation v such that

v()={True}.

Proof. Define v()=T iff|-. We have to prove:

v( ) = F v( ) = T v( )=T or v()=T v( ) = T v( )=T and v()=T v( ) = T v( )=F or v()=T


50/285

50

1.4 Completeness

v( ) = F because |- is false, byconsistency of.


52/285

52

1.4 Completeness

v() = T v()=T and v()=T Left-to-Right: by -Elimination.

Right-to-Left: by -Introduction.


53/285

53

1.4 Completeness

v( ) = T v()=F or v()=T Left-to-Right: If v()=F, we are done. If v()=T, then

|-, and by -E |-, v()=T.

Right-to-Left. Assume either v()=F or v()=T, inorder to prove v()=T.

1. Case v( )=F. By completeness of , we have |-.Then ,|- by -Elimination, and ,|- by -

Elimination. We conclude |- by -Introduction. 2. Case v( )=T. If |-, then |- by some -

Introduction crossing no assumptions .


54/285

54

1.4 Completeness

Lemma 5 (2nd Valuation Lemma). For

every consistent set there is some

valuation v such that v(){True}.

Proof. Extend to some complete

consistent set , and find some

valuation v such that v()={True}. From

we conclude v(){True}.


55/285

55

1.4 Completeness

Proof of Completeness Theorem (end). If

|- is not derivable, then , is

consistent. Thus, for some v:N{T,F} we

have v(){T}, v()=T, therefore

v()=F. We conclude that |- is not valid.


56/285

56

Appendix to 1

Some Tautologies (Exercises).

Hilbert-style formalization (the idea).

Sequent Calculus (the idea).


57/285

57

Appendix to 1

Some examples ofTautologies.

All formulas which follow may be proved

to be tautology in two ways:

1. using the inductive definition of []v ;

2. using proofs in Natural Deduction,

together with the identifications of ,

with (), ()().


58/285

58

Appendix to 1

Associativity of , : ()

()

Commutativity of , :


59/285

59

Appendix to 1

Distributivity of , : () () ()

() () ()

DeMorgans Laws:

() ()


60/285

60

Appendix to 1

Idempotency of , :

Characterizing Implication

()

Characterizing Equivalence () () ()


61/285

61

Appendix to 1

Proof of: Excluded Middle is a tautology.

[]v = T([]v ,[]v) = T([]v,T([]v))

Case []v = True: []v = T(True, T(True)) =

T(True, False) = True.

Case []v = False: []v = T(False, T(False)) =

T(False, True) = True.


63/285

63

Appendix to 1

Modus Ponens: if and are

tautologies, then is a tautology.

Proof. Let v:N{T,F}. By hyp., []v

=

[]v = True. We have to prove []v =

True. If it were []v = False, then by []v =

True we would conclude []v = False.

This contradicts the hypothesis []v =True.


64/285

64

Appendix to 1

A first alternative formalization of proofsof Propositional Calculus:

Hilbert-style formalization.

We fix a set X of axioms, and weinductively define the set T of theorems:

1. All axioms are theorems.

2. If , are theorems, then is atheorem.


65/285

65

Appendix to 1

Hilbert-Style Proofs may be seen by trees

1. whose root is the formula being proved,

and

2. whose children are

none if is an axiom, and

are the proofs of , , if has beenproved by Modus Ponens.


66/285

Axioms

Hilbert-style proofs


67/285

67

Appendix to 1

In order to give some Hilbert-styleformalization for Propositional logic, we havetofix some set X of tautologies, able to deriveall tautologies through Modus Ponens.

Using Hilbert-style axiomatization we describethe notion of truth for Propositional logic, butwe miss an intuitive understanding of the

notion of (formal) proof. We prefer to introduce the notion of formal

proof throughNatural Deduction.


68/285

68

Appendix to 1

A second alternative formalization of proofs ofPropositional Calculus: Sequent Calculus.

We may in fact introduce proofs independently as rules

to derive a sequent |- rather than a formula.

The resulting notation for proofs is rather cumbersome

to use: we prefer Natural Deduction.

Sequent notation is instead convenient if we work in

Type Theory or in Automated Deduction: in this case

we have to precise the pair: assumptions /thesis .


69/285

69

Lesson 2

Predicate Calculus.

SyntaxSemantic

Proofs


70/285

70

Plan of Lesson 2

2.1 Syntax. The set of formulas of First Order

Logic.

2.2 Semantic. Interpreting formulas of First

Order Logic.

2.3 Proofs. We introduce Natural Deduction

formalization of First Order Logic.

Previous Lesson: Propositional Logic Forthcoming Lesson: Completeness Theorem

2 1 Syntax: The symbol of


71/285

71

2.1 Syntax: The symbol of

Predicate Calculus. Predicate Symbols: P, Q, R, , of integer arity n0, n1, n2,

.

They should include a name = for equality.

Function Symbols: f, g, h, , of integer arity m0, m1,m2,

Variables: x0, x1, x2,

Connectives: (and), (or), (not), (implies), (is

equivalent to), (false), and quantifiers: (exists), (forall).

Parenthesis: (, ).


72/285

72

2.1 Syntax

The set TERM of (first order) terms: the

smallest set including variables, and closed

under application of functions symbols:

1. xiTERM for all iN

2. t1, , tmTERM,

f

function name of arity m

f(t1,, tm)TERM, for all i, mN


73/285

73

2.1 Syntax

Examples of (first order) terms

Any variable: x, y, z,

If we have 0-ary (constant) function symbols a,

b, c, then a, b, c are also terms To show it, just apply a, b, c to the empty

sequence of terms.

If f is unary, g is binary, then

f(f(c)), g(f(a),b), g(x,y)

are terms


74/285

74

2.1 Syntax

The set ATOM of atomic formulas:

If t1, , tnTERM,

P predicate name of arity n P(t1,, tn)ATOM, for all nN

Examples: if P is unary, Q is binary, then

c=f(x), P(f(f(c))), Q(z, g(f(a),b)), P(g(x,y)) are atomic formulas


75/285

75

2.1 Syntax

The set FORM of (first order) formulas: the

smallest including atomic formulas, and closed

under application of connectives:

ATOM FORM FORM, x variable

(), (x), (x)FORM ,PROP (), (), (),

() PROP


76/285

76

2.1 Syntax

Examples of formulas:

(P(f(f(c))))

((P(g(x,y)) )) ((xP(x)) (P(y) P(z)))

(x(P(x) (P(y) P(z))))

Correct formulas require unnecessaryparenthesis.


77/285

77

2.1 Syntax

Abbreviations. Let c=, , . We write

p0 c p1 c p2c

in the place of

(p0 c (p1 c (p2c ))) Besides, we write

xy, xyz

in the place of

(x(y)), (x(y(z)))

We also use x,y for xy.


78/285

78

2.1 Syntax

We omit parenthesis whenever we may restore themthrough operator precedence:

, , bind more strictly than , , and, bind morestrictly than , .

Thus, we write: P(a) for ((P(a))),

P(a) Q(x,y) for ((P(a)) Q(x,y))

xP(x) P(y) P(z) for

((xP(x)) (P(y) P(z))) xP(x)P(y)P(z) for

(((xP(x))P(y)) P(z))


79/285

79

2.1 Syntax

Outermost symbol. The outermost symbol

of

x, f(t1

,, tn

), P(t1

,, tn

),

, , x, x,

(), (), (), ()

are, respectively:

x, f, P,, , , , , ,


80/285

80

2.1 Syntax

Immediate Subformulas of:

1. and P(t1,, tn), are none

2. , x, x is

3. (), (), (), ()

are ,

is a subformula of iff there is some chain =0, ,n=, each formula being some immediate subformulaof the next formula.

Subformulas of=xP(x) P(y) P(z) are: itself, xP(x), P(x), P(y)P(z), P(y), P(z)


81/285

81

2.1 Syntax

Free variables. We define free variables by inductionover the definition of a term or a formula.

FV(x) = x

FV(f(t1,, tm)) = FV(t1) FV(tm)

FV(P(t1,, tm)) = FV(t1) FV(tm) FV() = FV()

FV(x)=FV(x) = FV()-{x}

FV( c ) = FV() FV()

We callcloseda term (formula) e if FV(e)=. We callcloseda set of closed terms (formulas).


82/285

82

2.1 Syntax

Substitution. We define substitution e[x:=t] ofa variable x by a term t by induction over e(term or formula).

Terms: y[x:=t] = t if y=x

y[x:=t] = y if yx

f(t1,, tm)[x:=t] = f(t1[x:=t],, tm[x:=t])

Atomic Formulas:

P(t1,, tm)[x:=t]) = P(t1[x:=t],, tm[x:=t])


83/285

83

2.1 Syntax

Substitution (Formulas). Let Q=, be

any quantifier, c=, , , be any

binary connective.

()[x:=t] = ([x:=t])

( c )[x:=t] = [x:=t] c [x:=t]

(Qy)[x:=t] = Qy if y=x

(Qy)[x:=t] = Qy([x:=t]) if yx


84/285

84

2.1 Syntax

Binder. A binder for x in is anysubformula x or x of.

Free and Bound occurrences. An

occurrence of x in is bound iff x isinside some binder of x in , free in theopposite case.

A substitution e[x:=t] is sound iffno free occurrence of variable in t becomesboundafter substitution.


85/285

85

2.1 Syntax

Renaming. is a renaming of iff is obtained out

of by replacing some subformula Qx by Qy[x:=y],

with yFV(), and [x:=y] sound substitution.

Convertibility. We that two formulas are convertible iff

there is a chain of renaming transforming one into the

other.

We identify formulas up to convertibility. Intuitively, if

, are convertible, then they express the same

meaning using different names for bound variables.


86/285

86

2.1 Syntax

Substitution may always be considered sound.

Lemma (Substitution). For all substitutions [x:=t]

there is some suitable convertible to such that

[x:=t] is sound.

We omit the proof (it is conceptually simple, but rather

cumbersome).

Thus, any substitution [x:=t] becomes sound after

some renaming.

As a consequence, the result of a substitution is

determined only up to renaming.


87/285

87

2.2 Semantic

StructureM for a first order language: A universe M ofM, not empty.

For each Predicate Symbols: P, Q, R, , of integer arityn, n,n,, some predicates

PM

Mn, QMMn, R

MMn,

interpreting P, Q, R, .

For each Function Symbols: f, g, h, , of integerarity m, m,m, some functions

fM MnM, gM MnM, hM MnM, interpreting f, g, h, .


88/285

88

2.2 Semantic

Equality. Interpretation =M

of the equalityname should be the equality predicate.

This condition may be weakened to: =M

is

some equivalence relation compatible withall predicate and functions ofM. In this case, we obtain a structure by taking

the quotientM/=M

.

Constants, i.e., names c of functions of arity0, are interpreted by c

MM.


89/285

89

2.2 Semantic

Interpreting terms. LetMbe any model. Every

map v:{0,1,2,}M may be extended to some

map

[.]v,M:TERMSM IfMis fixed, we abbreviate [.]v,Mby [.]v.

We define [.]v,Mby induction over the definition

of a term.

[xi]v = v(i) M [f(t1,, tm)] v,M= fM([t1]v,, [tn]v) M


90/285

90

2.2 Semantic

Interpreting atomic formulas. Let Mbe any

model. Every map v:{0,1,2,}M from

indexes of variables to M may be extended to

some map [.]v,M: ATOMS {True, False}.1. First, we extend v to a map [.]v,Mon all terms

2. Then we define

[P(t1,,tm)]v,M=True if

([t1]v,M,,[tn]v,M)PM[P(t1,, tm)]v,M= False if

([t1]v,M,, [tn]v,M)PM


91/285

91

2.2 Semantic

Case definition. If v:{0,1,2,}M, and

mM, by

v[xi:=m]

we denote the map :{variables}Mdefined by cases:

1. v[xi:=m](j) = m if i=j2. v[xi:=m](j) = v(j) if ij

2 2 S i


92/285

92

2.2 Semantic

Let Mbe any model. We extended every map

v:{variables}M to some map

[.]v,M: ATOMS {True, False},

We will now extend [.]v,Mto some map[.]v,M: FORMULAS {True,False},

by induction over the definition of a formula.

We distinguish several cases, according if the

outermost connective of is, , , , , ,

2 2 S i


93/285

93

2.2 Semantic

Let Tc be the truth table of c=,,,,. []v,M = T([]v,M)for c=,,,: [ c ] v,M = Tc([]vM,[]v,M),

[x]v = True, iff []v[x:=m],M= Truefor some mM

[x]v = False, otherwise.

[x]v = True, iff []v[x:=m],M= Truefor all mM [x]v = False, otherwise.

2 2 S i


94/285

94

2.2 Semantic

We extend [.]v,Mto sets of formulas, by

[]v,M= {[]v,M| }

We also write M|=v, or is true in Munder substitution v, for []v,M= True.

2 2 S i


95/285

95

2.2 Semantic

Substitution Theorem.

Substitution on is interpreted by substitution on the

valuation map v.

Let m=[t]v,M:

[[x:=t]]v,M= []v[x:=m],M,

If xFV(), then[x:=t]= and therefore

[]v[x:=m],M = []v,M.

Proof. See Van Dalens book.

2 2 S i


96/285

96

2.2 Semantic Lemma (Quotient Lemma).

Take any structureM in which =M is someequivalence relation compatible with allpredicate and functions ofM.

Consider the quotient structure M/=M

. This

structure satisfies the same formulas asM:M|=v (M/=M)|=v

Proof. By induction over , using compatibilityof =

Mwith all predicate and function names.

Thus: in order to define a structure with anequality relation =

M, it is enough to define

some equivalence relation =M

compatible withall predicate and functions ofM.

2 3 P f


97/285

97

2.3 Proofs

From the Propositional case, we keep

1. Double Negation Rule.

2. Introduction and Elimination rules for each

logical symbol c = , , , .3. Abbreviations for connectives, .

The rules we have to add are:

1. Introduction and Elimination for , , and2. Rules for atomic formulas, including Equality.

2 3 P f


98/285

98

2.3 Proofs

Rules for : Introduction rule.

[x:=t]

---------

x If |-[x:=t] for some t, then |- x

2 3 P f


99/285

99

2.3 Proofs

Rules for : Elimination rule. ,

x ----------------

ProvidedxFV(,).

If |-x, , |-, and xFV(,), then |-

\

2 3 P f


100/285

100

2.3 Proofs

Rules for : Introduction rule.

------

x

ProvidedxFV() If |- and xFV(), then |-x

2 3 P f


101/285

101

2.3 Proofs

Rules for : Elimination rule.

x---------

[x:=t]

If |- x, then |- [x:=t] for all t

2 3 P f


102/285

102

2.3 Proofs

Rules for atomic formulas. Any set of rules of the

shape:

1 n

------------

for 1 n, atomic. For instance: reflexivity,

symmetry, transitivity of equality, compatibility ofequality with functions and predicates.

2 3 P f


103/285

103

2.3 Proofs

-----

t=t

t=u

-----

u=t

t=u u=v

------------

t=v

t1=u1 tn=un

--------------------------

f(t1,,tn)=f(u1,,un)

2 3 P f


104/285

104

2.3 Proofs

t1=u1 tn=un P(t1,,tn)

-----------------------------------------

P(u1,,un)

By induction on , we deduce:t1=u1 tn=un [x1:=t1,, x1:=tn]

----------------------------------------------------

[x1:=u1,, x1:=un]

2 3 P f


105/285

105

2.3 Proofs

Mathematical Theories T are identified with setsof axioms T.

is a theorem of T iff T|-.

An example: First Order Arithmetic PA haslanguage L={0, succ,


106/285

106

2.3 Proofs

An exercise for the next Lesson: derive,for z notfree nor bound in ,z(x[x:=z])

there is some z such that:if(x) is true for some x, then (z)

Hint: prove first x|-Thesis and x|-Thesis.Then conclude |-Thesis out of |- xx and-Elimination.

Appendix to 2


107/285

107

Appendix to 2

Proof of Th=z(x[x:=z]). As suggested, we are going to prove both

x|-Th and x|-Th, then conclude Th

out of |- xx and -Elimination. By renaming z with x, we may replace Th

by Th = x(x) in the proof:

Th and Th are convertible, hence they maybe identified.

Appendix to 2


110/285

110

Lesson 3

Validity Theorem

Gdel Completeness Theorem

Plan of Lesson 3


111/285

111

Plan of Lesson 3

3.1 Validity Theorem. All derivable sequents

are logicallytrue.

3.2 Completeness Theorem. All logically

true sequents are derivable.

Previous Lesson: First Order Logic

Forthcoming Lesson: Normalization.

3 1 Validity Theorem


112/285

112

3.1 Validity Theorem

Validity. A sequent |- is validiff for all models Mand valuations v, if []v,M{True} then []v,M=True.

We also write |= for |- is valid.

is validiff|- is valid(i.e., iff for all models M,[]v,M=True).

|- valid expresses our intuitive idea of logical

truth: |- is true no matter what are the meaning ofpredicate and function symbols in it

3 1 Validity Theorem


113/285

113

3.1 Validity Theorem

Derivability perfectly correspond to

validity (to our intuitive notion of truth)

Validity Theorem. If|- is provable, then

|- is valid.

Completeness Theorem (Gdel). Also the

converse holds: if |- is valid, then it is

provable.

3 1 Proof of Validity Theorem


114/285

114

3.1 Proof of Validity Theorem

Proof of Validity Theorem.

By induction on the proof of |-: we have to prove,

for all logical rules, that Validity is preserved:

if all premises are Valid then also the conclusion is

The only non-trivial steps concern Introduction and

Elimination rules for ,. Let us pick up -Introduction, -Elimination as sample

cases.

3 1 Proof of Validity Theorem


115/285

115

3.1 Proof of Validity Theorem

Proof of Validity Theorem:

-Introduction preserves validity. The inductive hypothesis is:

|-[x:=t] is valid. The thesis is:

|-x is valid. We assume []v,M{True} in order to

prove [x]v,M=True.

3.1-Introduction


116/285

116

preserves Validity1. Assume []v,M{True}.

2. From |-[x:=t] valid and 1 we obtain:[[x:=t]]v,M=True.

3. Set m=[t]v,MM. 4. By Substitution Theorem and 3:

[[x:=t]]v,M= []v[x:=m],M.

5. By 2, 4, we deduce []v[x:=m],M=True.6. By 5, we deduce [x]v,M= True.

3.1-Elimination


117/285

117

preserves Validity Proof of Validity Theorem:

-Elimination preserves validity. The inductive hypothesis is:

|-x and ,|- are valid, and xFV(,) The thesis is:

|- is valid. We assume []v,M{True}, in order to prove

[]v,M=True.

3.1-Elimination


118/285

118

preserves Validity1. Assume []v,M{True}.

2. By 1 and |-x valid, we deduce [x]v,M= True,that is:

[]v[x:=m ],M= True, for some mM

1. By xFV(), Sub.Thm: []v[x:=m],M= []v,M2. By 1, 3 we deduce []v[x:=m],M{True}

3. By ,|- valid, and 2, 4, we deduce []v[x:=m],M=True.

4. By x FV(), Sub.Thm: []v[x:=m],M= []v,M.5. By 5, 6, we conclude []v,M=True.

3 2 Completeness


119/285

119

3.2 Completeness

Completeness Theorem (Gdel).

1. (Weak closed form) If is closed consistent, then there

is some modelMsuch that []v,M{True} (for any

valuation v).

2. (Weak form) If is consistent, then there is some

model M and some valuation v such that []v,M{True}.

3. (Strong form)If |- is valid, then |- is provable. Proof. We will first prove weak closed form, then weak

and strong form out of it.

3.2 Proof of Completeness


120/285

120

(weak closed form)

Henkin Axioms. Fix, for each closed

formulas x of a language L, someconstant cx of L. Then we call Henkinaxiom for x the statement:x[x:=cx]

there is somesome z=cx such that, if(x)for some x, then (z)



121/285

121

(weak closed form) At the end of the previous section, we proved

|-z(x[x:=z])there is some z such that:

if(x) is true for some x, then (z) Intuitively, this means that all Henkin axioms

are logically correct (there exists someinterpretation z for cx).

Henkin Theories. A closed set H of formulas

in a language L is an Henkin Theory iff Hproves all Henkin axioms of language L.



122/285

122

(weak closed form) Lemma (Henkin Lemma). Let H be an Henkin

Theory of language L.

All closed sets HH of formulas of L areHenkin Theories.

Derivability from H commutes with theinterpretation of , on the set TERM0 ofclosed term, and for closed x, x.

1. H|- x H|- [x:=t], for some tTERM0

2. H|- x H|- [x:=t], for all tTERM0

3 2 Proof of Henkin Lemma


123/285

123

3.2 Proof of Henkin Lemma

If H proves all Henkin axioms of L, then thesame is true for all HH in L.

1. . If H|-x, then by Henkin axiom for xand -Elim. we get H|-[x:=cx], with cxclosed term.. If H|-[x:=t] for some closed t, we obtainH|-x by -Introd..

2. .Assume H|-x. Then H|-[x:=t] for all closed t by -Elim..

3 2 Proof of Henkin Lemma


125/285

125

Lemma Conservative Extensions. IfTT are two sets

of formulas, in the languages LL, we say that

T is a conservative extension of T ifT proves

no new theorem in the language L of T:

Ifis a formula of L, and T|-, then T|-

Lemma (Henkin Extension Lemma). For all

sets of closed formulas of L, there is some

Henkin theory H, of language LL, whichis a conservative extension of.

3.2 Proof of Henkin


126/285

126

Extension Lemma Fix any language L, any closed formulax of L, any closed , any cxL. Let

= {Henkin axiom for x} is + the Henkin axiom for .

Claim (one-step Henkin extension):

is aclosed conservative extension of,of language L=L{cx}.

3 2 Proof of the Claim


127/285

127

3.2 Proof of the Claim1. Assume , x[x:=cx]|- and cx not in , inorder to prove |- .2. cx is not in , nor in , because , are in the original

language L.

3. Replace cx in the proof of the sequent above by anyvariable zFV(,,).

4. Since cx is not in ,,, we obtain a proof of:, x[x:=z]|-

5. By -Elim., , z(x[x:=z])|-.6. By |-z(x[x:=z]) (end of the previous lesson) we

conclude |-.

3.2 Proof of Henkin


128/285

128

Extension Lemma Fix any enumeration of closed formulas of the shapexin L. Starting from 0=, we define

n+1 = n{xnn[x:=c]} By the Claim, each n+1 is a closed conservative

extension ofn, and therefore of.

Thus, 1=nNn is a closed conservative extension of: if we have a proof of in L in , then we have aproof of in some n, and by conservativity ofn w.r.t., also in .

1

includes all Henkin axiom for the language of theoriginal .

3.2 Proof of Henkin


129/285

129

Extension Lemma Define 0 = , n+1 = (n)1.

Then H= nNn is a closed conservative extension of

, including all n+1, and therefore all Henkin axiom

for all closed x in the language of all n . Thus, H includes all Henkin axioms for all closed x

in the language of H itself.

We conclude that H is an Henkin Theory, and a

closed conservative extension of. H is consistent if is: by conservativity, any proof of

in H is a proof of in .


k l d


130/285

130

(weak closed form)

Using Henkin Extension Lemma, we may

define, for all closed consistent of

language L, some closed consistent Henkin

H, of language LL. By adapting the Complete Set Lemma of

Propositional logic to the set of closed first

order formulas, we may define some closedcomplete H.


( k l d f )


131/285

131

(weak closed form) (closed, complete) is an Henkin theory by Henkin

Lemma.

defines a model M of , whose universe are the

closed terms of the language L of (modulo provable

equality in ).

We interpret each n-ary function name f by the map over

closed terms ofL

fM

: (t1,,tn) | f(t1,,tn), and each m-ary predicate name P by

PM

= {(t1,,tn) closed in L| |-P(t1,,tn)}


132/285

3.2 Valuation Thm


133/285

133

3.2 Valuation Thm

Theorem (Valuation Thm).1. For all closed v:

|-v() []v,M=True

In particular we have Weak Closed

Completeness:

[]v,M []v,M={True}

2. For all closed substitutions v, w: VAR {closed terms}:

[]v,M= [v()]w,M

3.2 Valuation Thm (1)


134/285

134


Proof of (1). By induction on . For atomic, we have |-v() []v,M=True by

definition of the structureM.

If the outermost symbol of is ,,,, we have toprove that |-v() commutes with the meaning of allPropositional connectives.

This follows by Completeness of and the result on

Complete sets in Propositional Logic.

We have still to prove that |-v() commutes with themeaning of, .



135/285

135


By Henkin Theory we have:1. |- x|-[x:=t], for some tTERM02. |-x|- [x:=t], for all tTERM0 We will prove that |-v() commutes with the meaning

of quantifier , using point 1, 2 above, inductivehypothesis on [x:=t], and the trivial syntacticalidentities:

a. v(x) = x v[x:=x](),b. v[x:=x][x:=t]() = v[x:=t]()

for all substitutions v, all terms t.

| v( x)M |= x


136/285

136

|- v(x)M|=vx 1. |- v(x) (Identity a)2. |- xv[x:=x]() ( Henkin)3. for some closed term t:

|-v[x:=x][x:=t]() (Identity b)

5. for some closed term t:

|-v[x:=t]() (Ind.Hyp.)

6. for some closed term t:

M|=v[x:=t] (def. of|=)

7. M|=vx

| v( x)M |= x


137/285

137

|- v(x)M|=vx 1. |- v(x) (Identity a)2. |- xv[x:=x]() ( Henkin)3. for all closed term t:

|-v[x:=x][x:=t]() (Identity b)

5. for all closed term t:

|-v[x:=t]() (Ind.Hyp.)

6. for all closed term t:

M|=v[x:=t] (def. of|=)

7. M|=vx


138/285


Theorem (weak form)


139/285

139

Theorem (weak form)

Assume is consistent, with possibly free variables.

We have to define some modelMand some valuation

v such that []v,M{True}.

Let c1,, c

n, be fresh constants. Set s(x

i)=c

ifor all

iN.

Then s()|- is not provable, otherwise, by replacing

back each ci with xi (and possibly renaming some bound

variable) also |- would be provable.


Theorem (weak form)


140/285

140

Theorem (weak form)

By the Weak form of Completeness, there is somemodel in which [s()]v,M {True} for any valuation

v.

By Valuation Thm., point 2, or all closed substitutions

s, v we have:[s()]v,M= True [s()]s,M = True

we conclude

[]s,M {True}

This concludes the proof of Weak CompletenessTheorem.


Theorem (strong form)


141/285

141

Theorem (strong form)

We will prove the contrapositive of Completeness: if|- is not provable, then there is some modelMand

some valuation v such that []v,M {True} but []v,M= False.

If |- is not provable, by the Consistency Lemma

, is consistent.

We apply the weak form of the Theorem to ,, and

we find some model Mand some valuation v such

that []v,M{True}, []v,M = True, that is,

[]v,M = False.

This concludes the proof of Strong Completeness

Theorem.


142/285

142

Lesson 4

Intuitionistic Logic

Strong Normalization

Normal Forms

Plan of Lesson 4


143/285

143

4.1 Intuitionistic Logic. The interest of proofs

without Excluded Middle.

4.2 Strong Normalization Results. All proofs may be

reduced to some canonical form.

4.3 Structure of normal form. Using normalization,

we may interpret intuitionistic proofs as programs.

Previous Lesson: Completeness Theorem

Forthcoming Lesson: none.

4.1 Intuitionistic Logic


144/285

144

g

The Introduction rules for a connective c

may be seen as adefinition of c.

Elimination rules for c may be seen as

consequences of the definition of c.

Double negation is the only rule not

justified by definition of some connective.

Double negation is aBeliefabout Truth.

4.1 Intuitionistic Logic


145/285

145

g

We believe that in Nature all statements are

either true or false.

Double negation is then justified by the

consideration that all statements which arenot false are true.

Double Negation looks like some external

axiom, breaking the Introduction/Elimination symmetry of logical rules.

4.1 Heyting Realization

Interpretation


146/285

146

Interpretation In a Natural Deduction Style of proofs, we obtainIntuitionistic Logic by removing Double Negation Rule.

InIntuitionistic Logic, some mathematical results are not

provable.

In Intuitionistic Logic, Introduction/Eliminationsymmetry provides a simple interpretation of any proof of

by someprogram ofspecification (a program which

effectively does what says). This interpretation was first proposed by Heyting, and

depends on the outermost connective of.

4.1 Heyting Interpretation

of Atomic Formulas


147/285

147

of Atomic Formulas.

A proof of an atomic formulas (x) should

provide, for all values of x, a proof of

without logical connectives, by Post rules

only. In particular, no proof of should exists

(unless we get it by Post Rules only).


of Propositional Connectives


148/285

148

of Propositional Connectives. A proof for 1(x)2(x) should provide a pair of

a proof1(x) and a proof of2(x).

A proof of1(x)2(x) should provide a programreturning, for all x, either a proof of 1(x) or aproof of 2(x) (thus, deciding, for each x,

whether 1(x) is true or2(x) is true). A proof of(x)(x) should provide a program

returning, for all x, and all proofs of(x), someproof of(x).


of Quantifiers


149/285

149

of Quantifiers.

A proof ofx(x,x) should provide, for allvalues of x and x, some proofs of(x,x).

A proof ofx(x,x) should provide, for allvalues of x, both some value for x and someproofs of(x,x).


of Quantifiers


150/285

150

of Quantifiers. There is no Heyting interpretation for Excluded Middle,

by:

Gdel Undecidability Theorem. There are some

arithmetical formulas (x), such that no computable

function (no computer program) is able is to decidewhether (x) is true or (x) is true.

For such a (x), Heyting interpretation of(x)(x) isfalse.

Double Negation proves Excluded Middle, hence it hasno Heyting Interpretation as well.


of Quantifiers


151/285

151

of Quantifiers.

Heyting interpretation is bridge between(intuitionistic) proofs and programming: .

Out of, say, an intuitionistic proof of

x.f(x,x)=0 Heyting interpretation provides,for all values of x, some x0 and some proofof f(x0,x)=0.

We will introduce a method, Normalization

providing an Heyting interpretation forIntuitionistic Proofs in Natural Deduction.

4.2 Normalization


152/285

152

For all connectives c, every c-Elimination is

justified by the corresponding c-

Introduction in the following sense:

If we have some c-I followed by some c-E,we may derive the conclusion of c-E just

by combining in some suitable way the

premises of c-I. We call any c-I followed by a c-E ac-Cut.

4.2 Normalization


153/285

153

Any c-Cut is, conceptually, a redundant step inthe proof, and it may be removed (often, at the

price ofexpanding the proof size considerably).

For any c-Cut we define an operation removing itwe call a c-reduction.

Removing a c-Cut may generated new Cuts.

Yet, we will prove that if we repeatedly remove

cuts in any order, eventually we get a (unique)proof without cuts.

4.2 Normalization


154/285

154

We call Normal any proof without Cuts, andNormalization the process removing all cuts (in

any order).

After Normalization, Intuitionistic Proofs

satisfyHeyting Interpretation.

Thus, normalizing an intuitionistic proof of is a

way of interpreting the truth of as a program of

specification . We will now define some c-reduction for all c.

4.2 Reduction Rule for


155/285

155

D1 D2

1 2

---------

12---------

i

Di

i



156/285

156

D

i 1 2

-------- E1 E2

12 --------------------------------

D

i

Ei

\\



157/285

157

D

-------- E

-------------------

\ E

D



158/285

158

D

------

x---------

[x:=t]

D[x:=t]

[x:=t]



159/285

159

D

[x:=t]

-------- E

x ------------------

D[x:=t]

E[x:=t]

4.2 Subject Reduction


160/285

160

If D is a proof of with assumptions wewrite |- D:.

We write D1E if we may obtain E out ofD by replacing some subtree of D with itsreduced version.

A proof D have finitely many subtrees,hence we have D1E for finitely many E.

We write DE for there is some chain D1 D1 D1 1 E from D to E.

4.2 Subject Reduction


161/285

161

Subject Reduction Theorem. Reducing aproof p we obtain a proofp having equal

hypothesis and conclusion:

|- D:, DE |-E:

4.2 Strong Normalization

(definition)


162/285

162

(definition)

Reduction Tree. We call reduction tree thetree of all reduction path from D.

Strong Normalization. D strongly

normalizes iff its reduction tree is finite.


Lemma


163/285

163

Lemma Strong Normalization Lemma.1. D strongly normalize iff all D1E strongly

normalize.

2. If D ends by an introduction, it strongly normalizes

iff all its premises strongly normalize. Proof.

1. Since D1E for finitely many Es, the reduction tree

of D is finite iff the reduction tree of all D1E is

finite.2. No reduction is defined over an Introduction.


Theorem


164/285

164

Theorem

We state (not yet prove) the normalizationresult we are looking for:

Strong Normalization Theorem (orHauptsatz). All intuitionistic proofs

strongly normalizes.

4.2 Computability


165/285

165

In the strong normalization proof, we will actuallyprove a notion of computability for a proof D,implying Strong Normalization.

Definition of Computable proof: by induction over theproofD.

D does not end with an Introduction. D is computableiff all D1E are computable.

D ends with an,,-Introduction. D is computable iffall its premises are.

D ends with an,-Introduction:next two pages

4.2 Computability for -I


166/285

166

The proof D

------

x is computable iff for all tTERM,

is computable

D[x:=t]

[x:=t]

4.2 Computability for -I


167/285

167

The proof

D

-------

is computable iff for all computable E,

is computable.

E

D

4.2 Computability Lemma


168/285

168

Lemma (Computability Lemma).

1. Identity principle (a one-formula proof) is

a computable proof.

2. If D is computable, then D is stronglynormalizable.

3. If D is computable and D1E, then E is

computable.

4.2 Computability, Point 1


169/285

169

1. Identity principle has no reduction. Thus,trivially, all its reduction are computable.

Thus, Identity Principle is computable.



170/285

170

2. Assume D is computable, in order to prove D stronglynormalizable. We argue by induction over the

definition of computable.

D does not end by an Introduction. Then all D1E

are computable, and by ind. hyp. stronglynormalizable. Thus, D itself is strongly normalizable.

D ends with an,,-Introduction. Then all premisesof D are computable, and by ind. hyp. strongly

normalizable. Thus, D itself is strongly normalizable.

4.2 Computability, Point 2,

-I case


171/285

171

I case The proof D

------


are computable. By ind. Hyp., all such proofs strongly

normalizes.

D[x:=t]

[x:=t]


-I case


172/285

172

I case Take t=x: then

D

is strongly normalizable. Thus, also

D

------

x is strongly normalizable.

4.2 Comp., Point 2, -I case The proof


173/285

173

D

-------


is computable. By ind. hyp., all such proofs stronglynormalize.

E

D

Take E=the Identity Principle: then

4.2 Comp., Point 2, -I case


174/285

174

Take E the Identity Principle: then

strongly normalizes. Thus, also

D

-------

strongly normalizes.

D



175/285

175

3. Assume D is computable, in order to prove that allD1E are computable. We argue by induction overthe definition of computable.

D does not end by an Introduction. All D1E arecomputable by def. of computable.

D ends with an ,,-Introduction. If D iscomputable, then all its premises are. By ind. hyp., allone-step reductions of all premises of D arecomputable. If D1E, this reduction takes place insome premise of D. Thus, E is computable because Eends with some ,,-Introd., and all its premises arecomputable.


-I case


176/285

176

I case The proof D

------


are computable. By ind. hyp., if D[x:=t] 1 E[x:=t],

then E is computable.

D[x:=t]

[x:=t]


-I case


177/285

177

Take any reduction D1 E. Then D[x:=t] 1 E[x:=t],hence

is computable. Thus, also

E

------

x is computable.

E[x:=t]

[x:=t]

4.2 Comp., Point 3, -I case


178/285

178

The proof D

-------


is computable. By ind. hyp., if we replace D by anyD1 E, we get a computable proof.

E

D

Take any reduction D1 E. Then for all computable D,

D


179/285

179

is computable. Thus, also

E

-------

is computable.

D

E

4.2 Computable

by Substitution and Replacing


180/285

180

y p g

Definition. Assume |-D:, =1,,n, andFV(,){x1,.,xm}. D is computable bysubstitution and replacing iff for all substitutionss(.)=(.)[x1:=t1,.,xm:=tm], for all computable

proofs p|-D1:s(i), , p|-Dn:s(n), the proof

is computable

D1 Dn

s(1) s(n)

s(D)s()



181/285

181

Theorem (Strong Normalization) All intuitionistic proofs D are Computable

by Substitution and Replacing.

As a Corollary, they are all StronglyNormalizing.



182/285

182

Proof. By induction over D.

We assume that all premises of D are

computable by substitution and replacing,we take any composition and substitutionof D, and we check it is computable.

We distinguish two cases, according if the

last rule in D is not an introduction, or it isan Introduction.

4.2 Strong Norm., Case 1


183/285

183

Case 1:D not ending with some Introduction. we have to prove that all D1E are computable

by substitution and composition.

If the c-reduction is applied to some premise of

D, the thesis follows by the inductive hypothesison the premises of D and the ComputabilityLemma.

If the c-reduction is applied to the conclusion

itself of D, the thesis is an immediateconsequence of the definition of computable forc-Introduction, for each connective c.



184/285

184

An example. Assume that D is computable bysubstitution and reduction, and that some -E:

D1 Dn

s(1) s(n)s(D)

s()

-----x

---------

[x:=t]



185/285

185

reduces to

This latter proof is computable by:

1. ind. hyp. over the premise D of the rule-E;2. definition of computability by substitution and

composition for such a D.

D1 Dn

s(1) s(n)

s(D)s()[x:=t]



186/285

186

Case 2:D ending with an,,-Introduction Any composition and substitution of the proof is

computable iff all its premises are.

This latter fact follows immediately by inductivehypothesis.

Case 2: D ending with ,-Introduction. Wehave to prove that these two rules preserve

computability by composition and substitution.

4.2 Strong Norm., Case 2:

-I Preserves computability


187/285

187

p y

Let x=x1,,xm. Assume xFV(1, , n),and

D1 Dn

1[x:=t, x:=t] n[x:=t, x:=t]

D [x:=t, x:=t][x:=t, x:=t]

is computable for all sub. [x:=t, x:=t] on D.

4.2 Strong Norm., Case 2,



188/285

188

p y

x is the bound variable of-I. By possibly renaming x, we may assume

xFV(t):

[x:=t, x:=t] = ([x:=t])[x:=t] for all formulas .

By xFV(1, , n) we also obtain:

(i[x:=t])[x:=t] = i[x:=t]




189/285

189

p y

Thus, we may simplify the hyp. to:

D1 Dn

1[x:=t] n[x:=t]

(D[x:=t])[x:=t]([x:=t])[x:=t]

is computable for all terms t, and all computable:

D1 Dn

1[x:=t], , n[x:=t]




190/285

190

By definition of computability for -I, weconclude thatD1 Dn

1[x:=t]

n[x:=t]

D[x:=t]

[x:=t]

----------------

x ([x:=t]) is computable




191/285

191

Assume

D1 Dn

1

[x:=t] ,, n

[x:=t] [x:=t]

D [x:=t]

[x:=t]

is computable for all computable E.




192/285

192

Then

D1 Dn

1[x:=t], , n[x:=t] [x:=t]

D [x:=t]

[x:=t]---------------------

[x:=t][x:=t] is computable by def. of computability for -I.

\


(end of the proof)


193/285

193

We checked that all proofs are computable bysubstitution and replacing.

If we replace each assumption i with the

Identity Principle for i, and each variable x by

itself, we re-obtain the original proof.

We conclude they all proofs are computable,

and therefore all have a finite reduction tree.

This ends the proof of Strong NormalizationTheorem.

4.3 Normal Forms


194/285

194

We will now study normal intuitionistic proofs. Then we will check that then intuitionistic

proofs satisfy Heyting Interpretation of logicalconnectives.

We introduce some terminology first. Main premise. The main premise of a logical

rule is the leftmost one.

Main Branches. A branch in a proof tree is aMain branch iff it includes, with eachconclusion of an Elimination, the Main premiseof such Elimination.

4.3 Structure of

Normal Forms


195/285

195

Lemma (Main Branch).1. All Elimination rules have a non-atomic main

premise, and discharge no assumptions on thebranch main premise.

2. All main branches either include some cut, or,from top to bottom, include first onlyelimination rules, then only atomic rules,eventually only introduction rules.

3. All Main Branches ending with an Eliminationrule include either some cut, or some freeassumption, or end with an introduction.

4.3 Proof of

Main Branch Lemma


196/285

196

1. By inspecting all Elimination rules.2. Assume there are no cuts, in order to prove that after

atomic rules there are only atomic rules orIntroductions, and after Introductions onlyIntroductions.

Below atomic rules there are only atomic rules orIntroductions. The conclusion of an atomic rule canonly be atomic. Thus, it is either the conclusion, thepremise of another atomic rule, or of someIntroduction. It cannot be the main premise of anElimination rule, because such main premise is notatomic.

4.3 Proof of

Main Branch Lemma


197/285

197

Below Introductions there are onlyIntroductions. The conclusion of an

Introduction is not atomic, thus it cannot

be the premise of an atomic rule. It can only be the conclusion of the proof,

or the premise of another Introduction. If

it were the main premise of an

Elimination we would have a cut.

4.3 Proof of

Main Branch Lemma


198/285

198

3. If a main branch include no cuts, then allIntroductions are at the end of the branch.

If the last rule is not an Introduction, then

there are no Introductions at all, onlyEliminations and atomic rules. In this

case no formula is discharged when we

are going up the main branch. Thus, the

uppermost formula of the branch is a freeassumption.


199/285



200/285

200

Let have outermost symbol somepredicate P, or some logical connective c.

Corollary (Cut-free theorems). All normal

proofs of end with, respectively, withsome atomic rule, or with some c-

Introduction.



201/285

201

Corollary (Heyting interpretation forNormal Proofs).

If has outermost symbol some predicateP, then all normal proofs of consistsonly of atomic rules.

There is no normal proof of (unlessthere is some proof of using onlyatomic rules).



202/285

202

Corollary (Conservativity over atomicformulas).

Thus, logical rules deduce no new result aboutatomic formulas:

First Order Intuitionistic Logic is a conservativeextension of the system of atomic rules.

This is a constructive result: we have somemethod (to normalize) turning any proof of any

atomic P(t1,,tn) in first order logic in someproof of the P(t1,,tn) using atomic rules.


203/285


204/285



205/285

205

By combining the result about normal formwith the fact that every proof may be

normalized, we obtain:

|- 12 |- i for some i{1,2} |- x |- [x:=t] for some tTERM



207/285

207

Programs from proofsSummer School on Proofs as Programs2002 Eugene (Oregon)

Stefano Berardi Universit di Torino

[email protected]


The text of this short course on
mailto:[email protected]://www.di.unito.it/~stefanohttp://www.di.unito.it/~stefanomailto:[email protected]


208/285

208


(look for the first line in the topic:

TEACHING)

Realizability, together with the text of theprevious short course onLogic, may be

found in the home page of the author:


209/285

Reference Text


210/285

210

L. Boerio OptimizingPrograms Extractedfrom Proofs. Ph. D. Thesis, C. S. Dept.

Turin University, 1997.

Available in the web page of the course:http://www.di.unito.it/~stefano

(look for the first line in the topic:

TEACHING)


211/285

211

Lesson 5

Realization Interpretation

A Model of Realizers

Harrop Formulas

Plan of Lesson 5


212/285

212

5.1 Realization 5.2 A Model of Realizers

5.2 Harrop Formulas.

5.1 Realization Interpretation

In the previous course we showed how in


213/285

213

In the previous course, we showed how, inIntuitionistic Logic, any proof D of may beinterpreted with some effective operation rassociated to .

Now, we will call such an r aRealizer of

. In the simplest case, r is the proof D itself,executed through normalization.

Yet, in order to effectively use Heyting

Interpretation, is is convenient to think of r as aseparate object.

We will now reformulate Heyting interpretationin term of Realizers.


We will abbreviate the statement r is a realizer


214/285

214

We will abbreviate the statement r is a realizer

of by r: . Language will be: multi-sorted language for

Integers and Lists of integers, with induction overIntegers and over Lists.

x denotes any sequences of variables, eachlabeled with its type, which is Integer or List.

Quantifiers are: yT.(x,y), yT.(x,y), withT=Integers, Lists.


All what we will say applies not just to


215/285

215

All what we will say applies not just to

T=Integers, List

but also to

T=any Bohm-Berarducci Data Types(of cardinality > 1)

Look at Boerio Ph.d in the course Web page

if you want to learn more.

5.1 A simply typed -calculus

We choose as r some simply typed lambda term,


216/285

216

We choose as r some simply typed lambda term,

with Data Types

Unit={unit}, Bool={True,False}, N={0,1,2,3,..},List={nil, cons(n,nil), cons(n,cons(m,nil)), }

as base types, with product types, and includingif, and primitive recursion recN, recL overintegers and lists.

(We could take any simply typed lambda term +

Bohm-Berarducci Data Types). We distinguish, in the definition ofr:,one case

for each possible outermost symbol of.

5.1 Dummy constants.


217/285

217

For each simple type T, we we will need somedummy element dummyT:T (just dT for short),to be used as default value for such type.

We define dT:T by induction over T.

1. dummyUnit = unit2. dummyBool = False

3. dummyN = 0

4. dummyList

= nil5. dummyTU = x. dummyU

6. dummyTU =


of Atomic Formulas.


218/285

218

r:P(t1,,tm) r=unit, and some proof ofwithout logical connectives exists.

We chose r=unit because a proof of an

atomic formula correspond to an emptyoperation, therefore to a dummy value.

The type Unit={unit} is the type of empty

operations.


of Propositional Connectives.


219/285

219

r(x):1(x)2(x) r(x)= andr1(x):1(x), r2(x):2(x)

r(x):1(x)2(x) r(x)= withi(x)Bool

i(x)=True r1:1(x)

i(x)=False r2:2(x)

(if i(x)=True, the canonical choice for r2 is adummy constant, and conversely)

r(x):1(x)2(x) for all s:1(x), r(x)(s):2(x)


of Quantifiers.


220/285

220

r(x):yT.(x,y) for all yT,r(x,y):(x,y)

r(x):yT.(x,y) for some y(x)Tr(x)=,

with s(x):(x,y(x))


According to our definition, a realizer


221/285

221

g ,

r:yT.(f(x,y)=0) is some pair r(x)=,of a function y=y(x):T, solving the equationf(x,y)=0 (w.r.t. the parameters in x), and some(dummy) realizer unit of f(x,y)=0.

yT.(f(x,y)=0) says there is a solution tof(x,y)=0, parametric in x, while rfinds it.

r:yT.(f(x,y)=0) may be seen as a programwhose specification is yT.(f(x,y)=0).

Realization interpretation turns any intuitionisticproof of s

Berardi A Short Introduction to Logic Summer Course Eugene 2002

Documents

Transcript of Berardi A Short Introduction to Logic Summer Course Eugene 2002