Tools Guide

GitHub account

First, you will need to create a GitHub account here . If you already have one, you can use your existing account.

Your GitHub account will need to be set up to use two-factor authentication (a new requirement). When logged into your GitHub account (link above), click your icon in the upper-left corner (it will say “Signed in as…(your account name)”). Select “Settings” and then “Account security”. Scroll down until you find “Two-factor authentication”. If it is disabled, then enable it. I use an SMS number, but you are welcome to use an authenticator app instead (I’m not familiar with that process, though).

Sireum Logika

In CIS 301, we will use a tool called Logika, which is a verifier and a proof checker for propositional, predicate, and programming logic. You will need to install the IntelliJ-based Sireum IVE (Integrated Verification Environment), which contains Logika.

Go here to install Logika.

Under 1.1.1 Installation, with the Release tab selected, choose either “IVE for Window"s” or “IVE for macOS”. The instructions below should update based on your selection. For Windows, you will see:

Follow the instructions to download and run Logika.

Windows Users

For Windows, right-click the download (sireum-v3-ive-win64.zip) and select “Extract All…”. This should bring up the “Extract Compressed (Zipped) Folders” dialog. Type C:\ as the destination, so that the dialog looks like:

There should be NO subfolders – you want to extract directly on the C:\ drive. Click “Extract”. It will take a few minutes to extract the files, and then you should see the folder “C:\Sireum” with no subfolders. Navigate to “C:\Sireum\apps\idea\bin” and find the “idea64.exe” file:

Double-click the “idea64.exe” file to launch the Sireum IVE within IntelliJ. If you get a “Windows protected your PC” popup, click “More info” and then “Run anyway”. I recommend pinning the Sireum IVE to your taskbar – after you run the exe file, you can right-click the icon in the taskbar and select “pin to taskbar”.

MacOS Users

For Mac users, start by opening the Terminal. Copy the command listed on the download page and execute that command in the terminal. That command should download Sireum IVE and avoid being blocked by GateKeeper. You should see a popup with the Sireum icon, and you can drag that icon into the Applications folder.

To run Sireum, double-click the Sireum icon within the “Applications” folder.

Using GitHub to start homework assignments

To start a homework assignment (or to clone any existing repository, including homework solutions and lecture examples), first:

• Click to “accept the assignment” from the link in Canvas (if you are cloning a homework assignment or solution).
• Go to the URL created for your assignment (or to the URL of the repository you want to clone).
• You should be looking at a website that looks something like this:

Click the Green Code button, so that you see something like this:

Click the clipboard icon next to the listed URL to copy it to your clipboard. Next, open Sireum IVE. You should see:

Click Get from VCS. Now you should see something like:

Paste the URL you copied from GitHub in the URL textbox above. Under Directory, navigate to a folder on your computer specifically for CIS 301 (create one if it doesn’t exist). Create a new empty folder within that CIS 301 folder to hold this new project. Select that new folder in the Directory box, so that you now have something like this:

Click Clone. You should see a popup like this:

Click Use Token. Now you see:

Click Generate… This will bring up a browser asking you to login to your GitHub account. Do so there. It will then bring up a page about a New personal access token. Edit the expiration date of the token so that it expires after the end of the semester. Scroll down to the bottom of that page and click Generate token.

This should bring a new page that says Personal access tokens. There should be a token that is highlighted in green with a clipboard icon next to it. Click the clipboard icon to copy the token. If you get an error in the GitHub page when creating your token that says, Note has already been taken, just change the listed note to anything else (it says IntelliJ IDEA GitHub integration plugin by default, but you can edit it to whatever you want.

Go back to the dialog in Sireum/IntelliJ and paste in your token in the textbox. Click Log In. You should see something like this:

If you don’t see the panel on the left side, click the Project label on the left border. Expand the src folder to see your starting files. Now you can double-click one of those src files to view and edit it.

Check your GitHub settings in Sireum IVE

After successfully cloning a GitHub repository, check your GitHub settings in Sireum/IntelliJ. Go to File→Settings, then Version Control, then GitHub. If you see your GitHub account listed, like this, then you are done:

If you don’t see your GitHub account, click the + icon and then Login with token…. Paste in the same personal access token you used before, and select Add Account:

Committing and pushing changes

When you are finished working, commit and push your changes to GitHub. (I recommend doing this anytime you are at a stopping point, as well as when you are completely done.)

To do this, select Git in the menu, then Commit. Type in something under Commit Message. Click the down arrow next to the Commit button at the bottom, and select Commit and Push:

In the resulting dialog, click Push. The first time you commit and push in IntelliJ, it will likely ask you to enter your name and email (this is just for documentation purposes in your repository). Enter them in the dialog and say OK.

If you go back to the URL of your GitHub repository and refresh the page, you should see your latest work.

Homework 0 will help you test the GitHub process.

Cloning additional repositories

Sireum IVE looks a little different after it has been run the first time. If you want to clone a second (or third, etc.) repository, first open Sireum. It will automatically open your most recent project.

To clone a new project, select File→New→Project from Version control. Then, follow the instructions in Using GitHub to start homework assignments above. You will likely not have to do anything with a personal access token or with entering information about your GitHub account. If you do have trouble working with additional repositories, though, I recommend trying to generate a new personal access token when prompted.

Using Sireum IVE in the lab classrooms

Sireum IVE (with Logika) is available in the CS computer lab classrooms (DUE 1114, 1116, and 1117). To find it, open a File Explorer, then open the C:\ drive. From there, navigate to “C:\Sireum\apps\idea\bin” and run the “idea64.exe” file. This will launch Sireum as usual.

If you want to complete your assignment using multiple computers, you can: - Clone the repo using the process above (if it is your first time working on the current assignment on this computer) - Commit/push your changes when you are ready to leave this computer - Do Git->Pull to get your latest changes if you come back to a different computer

Remote access

If you have any problems installing Sireum on your own computer, you can access it remotely from the CS department. See here for information on remote access. When you connect to the department Window’s server, you can follow the instructions above to find Sireum as you would on a lab computer.

Basic Logical Reasoning

What is logical reasoning?

Logical reasoning is an analysis of an argument according to a set of rules. In this course, we will be learning several sets of rules for more formal analysis, but for now we will informally analyze English sentences and logic puzzles. This will help us practice the careful and rigorous thinking that we will need in formal proofs and in computer science in general.

Premises and conclusions

A premise is a piece of information that we are given in a logical argument. In our reasoning, we assume premises are true – even if they make no sense!

A conclusion in a logical argument is a statement whose validity we are checking. Sometimes we are given a conclusion, and we are trying to see whether that conclusion makes sense when we assume our premises are true. Other times, we are asked to come up with our own (valid) conclusion that we can deduce from our premises.

Example

Suppose we are given the following premises:

• Premise 1: If a person wears a red shirt, then they don’t like pizza.
• Premise 2: Fred is wearing a red shirt.

Given those pieces of information, can we conclude the following?

Fred doesn’t like pizza.

Yes! We take the premises at face value and assume them to be true (even though it is kind of ridiculous that shirt color has anything to do with a dislike of pizza). The first premise PROMISES that any time we have a person with a red shirt, then that person does not like pizza. Since Fred is such a person, we can conclude that Fred doesn’t like pizza.

Logical arguments with “OR”

Interpreting English sentences that use the word “or” can be tricky – the or can either be an inclusive or or an exclusive or. In programming, we are used to using an inclusive or – a statement like p || q is true as long as at least one of p or q is true, even if both are true. The only time a statement like p || q is false is if both p and q are false.

In English, however, the word “or” often implies an exclusive or. If a restaurant advertises that customers can choose “chips or fries” as the side for their meal, they are certainly not intending that a customer demand both sides.

However, since this course is focused on formal logic and analyzing computer programs and not so much on resolving language ambiguity, we will adopt the stance that the word “or” always means inclusive or unless otherwise specified.

Or example #1

With that in mind, suppose we have the following premises:

• I have a dog or I have a cat.
• I do not have a cat.

What can we conclude?

The only time an “or” statement true is when at least one of its parts is true. Since we already know that the right side of the or (“I have a cat”) is false, then we can conclude that the left side MUST be true. So we conclude:

I have a dog.

In general, if you have an or statement as a premise and you also know that one side of the or is NOT true, then you can always conclude that the other side of the or IS true.

Or example #2

Suppose we have the following premises:

• I have a bike or I have a car.
• I have a bike.

Can we conclude anything new?

First of all, I acknowledge that the most natural interpretation of the first premise is an exclusive or – that I have EITHER a bike OR a car, but not both. I think that is how most people would naturally interpret that sentence as well. However, in this course we will always consider “or” to be an inclusive or, unless we specifically use words like “but not both”.

With that in mind, the second premise is already sufficient to make the first premise true. Since I have a bike, the statement “I have a bike or I have a car” is already true, whether or not I have a car. Because of this, we can’t draw any further conclusions beyond our premises.

Or example 3

Suppose we have the following premises:

• I either have a bike or a car, but not both.
• I have a bike.

What can we conclude?

This is the sentence structure I will use if I mean an exclusive or – “either p or q but not both”.

In this setup, we CAN conclude that I do not have a car. This is because an exclusive or is FALSE when both sides are true, and I already know that one side is true (I have a bike). The only way for the first premise to be true is when I do not also have a car.

Logical arguments with if/then (aka implies, →)

Statements with of the form, if p, then q are making a promise – that if p is true, then they promise that q will also be true. We will later see this structure using the logical implies operator.

If/then example 1

Suppose we have the following premises:

• If it is raining, then I will get wet.
• It is raining.

What can I conclude?

The first premises PROMISES that if it is raining, then I will get wet. Since we assume this premise is true, then we must keep the promise. Since the second premise tells us that it IS raining, then we can conclude:

I will get wet.

If/then example 2

Suppose we have the following premises:

• If I don’t hear my alarm, then I will be late for class.
• I am late for class.

Can we conclude anything new?

The first premise promises that if I don’t hear my alarm, then I will be late for class. And if we knew that I didn’t hear my alarm, then we would be able to conclude that I will be late for class (in order to keep the promise).

However, we do NOT know that I don’t hear my alarm. All we are told is that I am late for class. I might be late for class for many reasons – maybe I got stuck in traffic, or my car broke down, or I got caught up playing a video game. We don’t have enough information to conclude WHY I’m late for class, and in fact we can’t conclude anything new at at all.

If/then example 3

Suppose we have the following premises:

• If I don’t hear my alarm, then I will be late for class.
• I’m not late for class.

What can we conclude?

This is a trickier example. We saw previously that the first premise promised that anytime I didn’t hear my alarm, then I would be late for class. But we can interpret this another way – since I’m NOT late for class, then I must have heard my alarm. After all, if I DIDN’T hear my alarm, then I would have been late. But I’m not late, so the opposite must be true. So we can conclude that:

I hear my alarm.

Reframing an if/then statement like that is called writing its contrapositive. Any time we have a statement of the form if p, then q then we can write the equivalent statement if not q, then not p.

Knights and Knaves

We will now move to solving several kinds of logic puzzles. While these puzzles aren’t strictly necessary to understand the remaining course content, they require the same rigorous analysis that we will use when doing more formal truth tables and proofs. Plus, they’re fun!

The puzzles in this section and the rest of this chapter are all either from or inspired by: What is the Name of This Book?, by Raymond Smullyan.

Island of Knights and Knaves

This section will involve knights and knaves puzzles, where we meet different inhabitants of the mythical island of Knights and Knaves. Each inhabitant of this island is either a knight or a knave.

Knights ALWAYS tell the truth, and knaves ALWAYS lie.

Example 1

Can any inhabitant of the island of Knights and Knaves say, “I’m a knave”?

Example 2

You see two inhabitants of the island of Knights and Knaves – Ava and Bob.

• Ava says that Bob is a knave.
• Bob says, “Neither Ava nor I are knaves.”

What types are Ava and Bob?

Example 3

If you see an “or” statement in a knights and knaves puzzle, assume that it means an inclusive or. This will match the or logical operator in our later truth tables and proofs, and will also match the or operator in programmimg.

You see two different inhabitants – Eve and Fred.

• Eve says, “I am a knave or Fred is a knight.”

What types are Eve and Fred?

Example 4

You see three new inhabitants – Sarah, Bill, and Mae.

• Sarah tells you that only a knave would say that Bill is a knave.
• Bill claims that it’s false that Mae is a knave.
• Mae tells you, “Bill would tell you that I am a knave.”

What types are Sarah, Bill, and Mae?

Other Puzzles

We will look at a variety of other logic puzzles, each of which involve some statements being false and some statements being true.

Lion and Unicorn

The setup for a Lion and Unicorn puzzle can vary, but the idea is that both Lion and Unicorn have specific days that they tell only lies, and other specific days that they only tell the truth.

Here is one example:

Lion always lies on Mondays, Tuesdays, and Wednesdays.
Lion always tells the truth on other days.
Unicorn always lies on Thursdays, Fridays, and Saturdays, and always tells the truth on other days.

On Sunday, everyone tells the truth.

Lion says: “Yesterday was one of my lying days."
Unicorn says: “Yesterday was one of my lying days, too.”

What day is it?

Tweedledee and Tweedledum

The Tweedledee and Tweedledum puzzles originate from Through the Looking-glass and What Alice Found There, by Lewis Carroll. There are different versions of these puzzles as well, but all of them involve the identical twin creatures, Tweedledee and Tweedledum. Like with Lion and Unicorn, there are different days on which Tweedledee and Tweedledum either only lie or only tell the truth (and often one creature is lying while the other is telling the truth).

Example 1

Consider this puzzle:

Tweedledee and Tweedledum are identical. You know that one of them lies Mon/Tues/Wed,and that the other lies Thurs/Fri/Sat. (They tell the truth on non-lying days.)

You don’t know which is which.

You see both of them together.
The first one says: “I’m Tweedledum."
The second one says: “I’m Tweedledee.”

Which is which? What day is it?

Example 2

Consider a second puzzle, with the same setup as to which days each twin lies and tells the truth.

You know that either Tweedledum or Tweedledee has lost a rattle. You find it, and want to return it to the correct one. You don’t know what day it is, but are sure that it isn’t Sunday (so one must be lying and one must be telling the truth).

The first one says: “Tweedledee owns the rattle.”

The second one says: “I’m Tweedledee ¬”

Who gets the rattle?

Portia’s Caskets

This type of puzzle originates from The Merchant of Venice, by William Shakespeare. In the play, Portia’s father devised riddles to test potential suitors for his daughter.

Here is one such puzzle:

There are three caskets – one gold, one silver, and one lead. One of the caskets contains a portrait (of Portia). Each casket has a message on it, and you know that at most one of the messages is true.

Gold casket message: “The portrait is in this casket.” Silver casket message: “The portrait is not in this casket.” Lead casket message: “The portrait is not in the gold casket.”

Where is the portrait?

Operators and Circuits

In this chapter, we review basic notions about gates and learn the relationship between circuits and assignment-based computer programs. This sets the stage for analyzing modern programs.

Logical operators

There are four basic logic gates, with corresponding logical operators:

Meaning	Logical Operator	Logic Gate
p AND q	p ∧ q
p OR q	p ∨ q
NOT p	¬p
p IMPLIES q	p → q

In the above drawings, the input wires are labelled with the names P and Q. The output that is computed is emitted from the rightmost wire which exits the gate. For these simple gates, it is possible to exhaustively test every permutation of potential inputs and summarize results in a table, called a truth table.

Let’s examine the AND gate. The AND gate emits a high voltage (1) exactly when high voltages are sensed at input wires P and Q; otherwise low voltage (0) is emitted. The gate’s physical behavior is summarized by in the following table:

AND: P Q |
-------------
     1 1 | 1
     1 0 | 0
     0 1 | 0
     0 0 | 0

Truth tables

For the remainder of this course, we will use T (read “true”) for 1 and F (read “false”) for 0. This is because we will examine applications that go far beyond circuit theory and base-two arithmetic. Here are the truth tables for the AND, OR, NOT and IMPLIES gates:

AND: P Q |
-------------
     T T | T
     T F | F
     F T | F
     F F | F


OR: P Q |
-------------
     T T | T
     T F | T
     F T | T
     F F | F


NOT: P |
-------------
     T | F
     T | T


IMPLIES: P Q |
-----------------
         T T | T
         T F | F
         F T | T
         F F | T

A few comments:

• The OR gate is inclusive – as long as one of its inputs is true, then its output is true.

• You might be confused by the IMPLIES gate. We’ll cover it in detail below.

• In the next section, we will learn to write our truth tables in a slightly different format so they can be automatically checked by Sireum Logika.

Implies operator

The implies operator can be difficult to understand. It helps to think of it as a promise: we write P → Q, but we mean If P is true, then I promise that Q will also be true. If we BREAK our promise (i.e., if P is true but Q is false), then the output of an implies gate is false. In every other situation, the output of the implies gate is true.

As a reminder, here is the truth table for the implies operator, → :

P Q | P → Q
-----------------
T T |   T
T F |   F
F T |   T
F F |   T

It is likely clear why P → Q is true when both P and Q are true – in this situation, we have kept our promise.

It is also easy to understand why P → Q is false when P is true and Q is false. Here, we have broken our promise – P happened, but Q did not.

In the other two cases for P → Q we have that P is false (and Q is either true or false). Here, P → Q is true simply because we haven’t broken our promise. In these cases, the implication is said to be vacuously true because we have no evidence to prove that it is false.

Circuits

We can also compose the gates to define new operations.

For example, this circuit:

Written ¬(P ∧ Q), defines this computation of outputs:

P Q | ¬(P ∧ Q)
-----------------
T T | F
T F | T
F T | T
F F | T

We can work out the outputs in stages, like this:

We begin by writing the value of each set of inputs on the left, under their corresponding symbol on the right. Next we apply the operator (gate) with the highest precedence (covered in Operator Precedence in the next section). In our case the () make the AND ( ∧ ) symbol the highest.

A truth assignment is a unique permutation of the possible inputs for a system. For the ∧-gate, it is a 2-variable sequence. Considering the first row we see we have T ∧ T. Looking that up in the ∧-gate truth table we see the result is also “T”, and we record that under the ∧ symbol. We do the same thing all the other truth assignments.

After the initial transcribing of the truth values under their respective variables, we look up the truth-values in the gate tables, not the variables. Also observe that while ∧ is symmetric – i.e. T ∧ F and F ∧ T are both false – the IMPLIES gate is not.

Now we look up the value under the ∧ symbol in the ¬ gate table. In the first row we see that the truth assignment for the first row, “T”, is “F” and record it under the ¬ symbol. Do this for every row and we are done.

Truth Tables in Logika

Now that we’ve seen the four basic logic gates and truth tables, we can put them together to build bigger truth tables for longer logical formulae.

Operator precedence

Logical operators have a defined precedence (order of operations) just as arithmetic operators do. In arithmetic, parentheses have the highest precedence, followed by exponents, then multiplication and division, and finally addition and subtraction.

Here is the precedence of the logical operators, from most important (do first) to least important (do last):

1. Parentheses
2. Not operator, ¬
3. And operator, ∧
4. Or operator, ∨
5. Implies operator, →

For example, in the statement (p ∨ q) ∧ ¬p, we would evaluate the operators in the following order:

1. The parentheses (which would resolve the (p ∨ q) expression)
2. The not, ¬
3. The and, ∧

Sometimes we have more than one of the same operator in a single statement. For example: p ∨ q ∨ r. Different operators have different rules for resolving multiple occurrences:

1. Multiple parentheses - the innermost parentheses are resolved first, working from inside out.
2. Multiple not ( ¬ ) operators – the rightmost ¬ is resolved first, working from right to left. For example, ¬¬p is equivalent to ¬(¬p).
3. Multiple and ( ∧ ) operators – the leftmost ∧ is resolved first, working from left to right. For example, p ∧ q ∧ r is equivalent to (p ∧ q) ∧ r.
4. Multiple or ( ∨ ) operators – the leftmost ∨ is resolved first, working from left to right. For example, p ∨ q ∨ r is equivalent to (p ∨ q) ∨ r.
5. Multiple implies ( → ) operators – the rightmost → is resolved first, working from right to left. For example, p → q → r is equivalent to p → (q → r).

Top-level operator

In a logical statement, the top-level operator is the operator that is applied last (after following the precedence rules above).

For example, in the statement:

p ∨ q → ¬p ∧ r

We would evaluate first the ¬, then the ∧, then the ∨, and lastly the →. Thus the → is the top-level operator.

Classifying truth tables

In our study of logic, it will be convenient to characterize logical formula with a description of their truth tables. We will classify each logical formula in one of three ways:

• Tautology - when all truth assignments for a logical formula are true
• Contradictory - when all truth assignments for a logical formula are false
• Contingent - when some truth assignments for a logical formula are true and some are false.

For example, p ∨ ¬ p is a tautology. Whether p is true or false, p ∨ ¬ p is always true.

On the other hand, p ∧ ¬ p is contradictory. Whether p is true or false, p ∧ ¬ p is always false.

Finally, something like p ∨ q is contingent. When p and q are both false, then p ∨ q is false. However, p ∨ q is true in every other case.

If all truth assignments for a logical formula are True, the formula is said to be a tautology.

Logika syntax

From this point forward, the course will expect you to use Logika formatted truth tables. The Logika truth table for the formula ¬(p ∧ q) is:

      *
-----------------
p q | ¬(p ∧ q)
-----------------
T T | F T T T
T F | T T F F
F T | T F F T
F F | T F F F
-----------------
Contingent
- T: [T F] [F T] [F F]
- F: [T T]

Logika truth tables have standard format (syntax) and semantic meanings. All elements of the truth table must be included to be considered correct.

1. The first line should have a single asterisk (*) over the top-level operator in the formula.

2. Next is a line of - (minus sign) characters, which must be at least as long as the third line to avoid getting errors.

3. The third line contains variables | formula. As Logika uses some capital letters as reserved words, you should use lower-case letters as variable names. Additionally, variables should be listed alphabetically.

4. The fourth line is another row of -, which is the same length as the second line.

5. Next come the truth assignments. Under the variables, list all possible combinations of T and F. Start with all T and progress linearly to all F. (T and F must be capitalized.) After the Truth assignments is another row of -. Using each truth assignment, fill in truth assignments (T or F) under each operator in the formula in order of precedence (with the top-level operator applied last). Optionally, you can fill in the values for each variable under the forumla (as in the example above). However, it is only required that you fill in the truth assignments under each operator. Be careful to line up the truth assignments DIRECTLY below each operator, as Logika will reject truth tables that aren’t carefully lined up.

6. Under the truth assignments, put another line of - (minus sign) characters, which should be the same length as the second line.

7. Finally, classify the formula as either Tautology (if everything under the top-level operator is T), Contradictory (if everything under the top-level operator is F), or Contingent (if there is a mix of T and F under the top-level operator). If the formula is contingent, you must also list which truth assignments made the formula true (i.e., which truth assignments made the top-level operator T) and which truth assignments made the formula false. Follow the image above for the syntax of how to list the truth assignments for contingent examples.

Alternative logical operators

In order to type each traditional logical operator in Logika, you must insert a special Unicode symbol. You can do this by typing: Shift-Command-Ctrl-Semicolon and then a letter corresponding to a specific symbol. Here is how to insert each operator:

• NOT, ¬. Shift-Command-Ctrl-Semicolon-N
• OR, ∨. Shift-Command-Ctrl-Semicolon-V
• AND, ∧, Shift-Command-Ctrl-Semicolon-∧
• IMPLIES, →, Shift Command Ctrl - (the last symbol is a dash, -)

This can be tedious. While you can create keyboard shortcuts in IntelliJ for certain keystrokes, it is easier to use one of the available ASCII replacements instead. Here are alternatives for each operator:

• NOT: !, ~, not
• OR: V (a capital V), |, or
• AND: ∧, &, and
• IMPLIES: →, implies

In the remainder of this book, I will often use these ASCII replacement characters because they are easier to type.

Example

Suppose we want to write a Logika truth table for:

(p ∧ q) →  ¬r

First, we make sure we have a new file in Sireum with the .logika extension. Then, we construct this truth table shell:

                *
----------------------
p q r | (p ∧ q) →  ¬r
----------------------
T T T |
T T F |
T F T |
T F F |
F T T |
F T F |
F F T |
F F F |
----------------------

In the table above, we noticed that the → operator was the top-level operator according to our operator precedence rules.

Next, we fill in the output for the corresponding truth assignment under each operator, from highest precedence to lowest precedence. First, we evaluate the parentheses, which have the highest precedence. For example, we put a T under the ∧ in the first row, as p and q are both T in that row, and T ∧ T is T:

                *
----------------------
p q r | (p ∧ q) →  ¬r
----------------------
T T T |    T
T T F |    T
T F T |    F
T F F |    F
F T T |    F
F T F |    F
F F T |    F
F F F |    F
----------------------

In this example, we are only filling in under each operator (instead of also transcribing over each variable value), but either approach is acceptable.

Next, we fill in under the ¬ operator, which has the next-highest precedence:

                *
----------------------
p q r | (p ∧ q) →  ¬r
----------------------
T T T |    T       F
T T F |    T       T
T F T |    F       F
T F F |    F       T
F T T |    F       F
F T F |    F       T
F F T |    F       F
F F F |    F       T
----------------------

Then, we fill in under our top-level operator, the →. Notice that we must line up the T/F values under the - in the → symbol. For example, we put a F under the → on the first row, as (p ∧ q) is T there and ¬r is F, and we know that T→F is F because it describes a broken promise.

                *
----------------------
p q r | (p ∧ q) →  ¬r
----------------------
T T T |    T    F  F
T T F |    T    T  T
T F T |    F    T  F
T F F |    F    T  T
F T T |    F    T  F
F T F |    F    T  T
F F T |    F    T  F
F F F |    F    T  T
----------------------

Lastly, we examine the list of outputs under the top-level operator. We see that some truth assignments made the formula true, and that others (one) made the formula false. Thus, the formula is contingent. We label it as such, and list which truth assignments made the formula true and which made it false:

                *
----------------------
p q r | (p ∧ q) → ¬r
----------------------
T T T |    T    F F
T T F |    T    T T
T F T |    F    T F
T F F |    F    T T
F T T |    F    T F
F T F |    F    T T
F F T |    F    T F
F F F |    F    T T
----------------------
Contingent

- T: [T T F] [T F T] [T F F] [F T T] [F T F] [F F T] [F F F]
- F: [T T T]

If you typed everything correctly, you should see a popup in Sireum logika that says: “Logika Verified” with a purple checkmark:

If you instead see red error markings, hover over them and read the explanations – it means there are errors in your truth table.

If you see no errors and no purple check, you will need to manually run Logika. Right-click in the text area that contains your truth table, and select “Logika check”.

Satisfiability

We say that a logical statement is satisfiable when there exists at least one truth assignment that makes the overall statement true.

In our Logika truth tables, this corresponds to statements that are either contingent or a tautology. (Contradictory statements are NOT satisfiable.)

For example, consider the following truth tables:

          *
-----------------------
p q r | p → q V ¬r ∧ p
-----------------------
T T T |   T   T F  F
T T F |   T   T T  T
T F T |   F   F F  F
T F F |   T   T T  T
F T T |   T   T F  F
F T F |   T   T T  F
F F T |   T   F F  F
F F F |   T   F T  F
------------------------

Contingent

- T: [T T T] [T T F] [T F F] [F T T] [F T F] [F F T] [F F F]
- F: [T F T]

And

      *
------------
p | p V ¬p 
------------
T |   T F
F |   T T
-------------

Tautology

Both of these statements are satisfiable, as they have at least one (or more than one) truth assignment that makes the overall statement true.

Logical Equivalence

Two (or more) logical statements are said to be logically equivalent IFF (if and only if, ↔) they have the same truth value for every truth assignment; i.e., their truth tables evaluate exactly the same. (We sometimes refer to this as semantic equivalence.)

An example of logically equivalent statements are q ∧ p and p ∧ (q ∧ p):

         *
--------------
p q | (p ∧ q)
--------------
T T |  T T T
T F |  T F F
F T |  F F T
F F |  F F F
---------------
Contingent
- T : [T T]
- F : [F F] [F T] [T F]

         *
-------------------
p q |  p ∧ (q ∧ p)
-------------------
T T |  T T  T T T
T F |  T F  F F T
F T |  F F  T F F
F F |  F F  F F F
--------------------
Contingent
- T : [T T]
- F : [F F] [F T] [T F]

In these examples, notice that exactly the same set of truth assignments makes both statements true, and that exactly the same set of truth assignments makes both statements false.

Finding equivalent logical statements of fewer gates (states) is important to several fields. In computer science, fewer states can lead to less memory, fewer operations and smaller programs. In computer engineering, fewer gates means fewer circuits less power and less heat.

Common equivalences

We can similarly use truth tables to show the following common logical equivalences:

• Double negative: ¬ ¬ p and p
• Contrapositive: p → q and ¬ q → ¬ p
• Expressing an implies using an OR: p → q and ¬ p ∨ q
• One of DeMorgan’s laws: ¬ (p ∧ q) and ( ¬ p ∨ ¬ q)
• Another of DeMorgan’s laws: ¬ (p ∨ q) and ( ¬ p ∧ ¬ q)

Expressing additional operators

The bi-implication (↔) and exclusive or (⊕) operators are not directly used in this course. However, we can simulate both operators using a combination of ¬, ∧, ∨, and →:

• p ↔ q, which means “p if and only if q”, can be expressed as (p → q) ∧ (q → p)
• p ⊕ q, which means “p exclusive or q”, can be expressed as (p ∨ q) ∧ ¬(p ∧ q)

Semantic Entailment

Definition

We say a set of premises, p1, p2, …, pn semantically entail a conclusion c, and we write:

p1, p2, ..., pn ⊨ c

if whenever we have a truth assignment that makes p1, p2, …, pn all true, then c is also true for that truth assignment.

(Note: we can use the ASCII replacement |= instead of the Unicode ⊨, if we want.)

Showing semantic entailment

Suppose we have premises p ∧ q and p → r. We want to see if these premises necessarily entail the conclusion r ∧ q.

First, we could make truth tables for each premise (being sure to list the variables p, q and r in each case, as that is the overall set of variables in the problem):

//truth table for premise, p ∧ q

          *
----------------------
p q r | p ∧ q
----------------------
T T T |   T
T T F |   T
T F T |   F
T F F |   F
F T T |   F
F T F |   F
F F T |   F
F F F |   F
----------------------
Contingent

- T: [T T T] [T T F]
- F: [T F T] [T F F] [F T T] [F T F] [F F T] [F F F]

//truth table for premise, p → r

          *
----------------------
p q r | p → r
----------------------
T T T |   T
T T F |   F
T F T |   T
T F F |   F
F T T |   T
F T F |   T
F F T |   T
F F F |   T
----------------------
Contingent

- T: [T T T] [T F T] [F T T] [F T F] [F F T] [F F F]
- F: [T T F] [T F F]

Now, we notice that the truth assignment [T T T] is the only one that makes both premises true. Next, we make a truth table for our potential conclusion, r ∧ q (again, being sure to include all variables used in the problem):

//truth table for potential conclusion, r ∧ q
          *
----------------------
p q r | r ∧ q
----------------------
T T T |   T
T T F |   F
T F T |   F
T F F |   F
F T T |   T
F T F |   F
F F T |   F
F F F |   F
----------------------
Contingent

- T: [T T T] [F T T]
- F: [T T F] [T F T] [T F F] [F T F] [F F T] [F F F]

Here, we notice that the truth assignment [T T T] makes the conclusion true as well. So we see that whenever there is a truth assignment that makes all of our premises true, then that same truth assignment also makes our conclusion true.

Thus, p ∧ q and p → r semantically entail the conclusion r ∧ q, and we can write:

p ∧ q, p → r ⊨ r ∧ q

Semantic entailment with one truth table

The process of making separate truth tables for each premise and the conclusion, and then examining each one to see if any truth assignment that makes all the premises true also makes the conclusion true, is fairly tedious.

We are trying to show that IF each premise is true, THEN we promise the conclusion is true. This sounds exactly like an IMPLIES statement, and in fact that is what we can use to simplify our process. If we are trying to show that p1, p2, …, pn semantically entail a conclusion c (i.e., that p1, p2, ..., pn ⊨ c), then we can instead create ONE truth table for the statement:

(p1 ∧ p2 ∧ ... ∧ pn) → c

If this statement is a tautology (which would mean that anytime all the premises were true, then the conclusion was also true), then we would also have that the premises semantically entail the conclusion.

In our previous example, we create a truth table for the statement (p ∧ q) ∧ (p → r) → r ∧ q:

                           *
--------------------------------------
p q r | (p ∧ q) ∧ (p → r) → r ∧ q
--------------------------------------
T T T |    T    T    T     T    T
T T F |    T    F    F     T    F
T F T |    F    F    T     T    F
T F F |    F    F    F     T    F
F T T |    F    F    T     T    T 
F T F |    F    F    T     T    F
F F T |    F    F    T     T    F
F F F |    F    F    T     T    F
---------------------------------------
Tautology

Then we see that it is indeed a tautology.

Propositional Atoms

Definition

A propositional atom is statement that is either true or false, and that contains no logical connectives (like and, or, not, if/then).

Examples of propositional atoms

For example, the following are propositional atoms:

• My shirt is red.
• It is sunny.
• Pigs can fly.
• I studied for the test.

Examples of what are NOT propositional atoms

Propositional atoms should not contain any logical connectives. If they did, this would mean we could have further subdivided the statement into multiple propositional atoms that could be joined with logical operators. For example, the following are NOT propositional atoms:

• It is not summer. (contains a not)
• Bob has brown hair and brown eyes. (contains an and)
• I walk to school unless it rains. (contains the word unless, which has if…then information)

Propositional atoms also must be either true or false – they cannot be questions, commands, or sentence fragments. For example, the following are NOT propositional atoms:

• What time is it? (contains a question - not a true/false statement)
• Go to the front of the line. (contains a command - not a true/false statement)
• Fluffy cats (contains a sentence fragment - not a true/false statement)

Identifying propositional atoms

If we are given several sentences, we identify its propositional atoms by finding the key statements that can be either true or false. We further ensure that these statements do not contain any logical connectives (and, or, not, if/then information) - if they do, we break the statement down further. We then assign letters to each proposition.

For example, if we have the sentences:

My jacket is red and green. I only wear my jacket when it is snowing. It did not snow today.

Then we identify the following propositional atoms:

p: My jacket is red
q: My jacket is green
r: I wear my jacket
s: It is snowing
t: It snowed today

Notice that the first sentence, “My jacket is red and green”, contained the logical connective “and”. Thus, we broke that idea into its components, and got propositions p and q. The second sentence, “I only wear my jacket when it is snowing”, contained if/then information about when I would wear my jacket. We broke that sentence into two parts as well, and got propositions r and s. Finally, the last sentence, “It did not snow today”, contained the logical connective “not” – so we removed it and kept the remaining information for proposition t.

Each propositional atom is a true/false statement, just as is required.

In the next section, we will see how to complete our translation from English to propositional logic by connecting our propositional atoms with logical operators.

NOT, AND, OR Translations

Now that we have seen how to identify propositional atoms in English sentences, we will learn how to connect these propositions with logical operators in order to complete the process of translating from English to propositional logic.

NOT translations

When you see the word “not” and the prefixes “un-” and “ir-”, those should be replaced with a NOT operator.

Example 1

For example, if we have the sentence:

I am not going to work today.

Then we would first identify the propositional atom:

p: I am going to work today

and would then use a NOT operator to express the negation. Our full translation to propositional logic would be: ¬p

Example 2

As another example, suppose we have the sentence

My sweater is irreplaceable.

We would identify the propositional atom:

p: My sweater is replaceable.

And again, our complete translation would be: ¬p

AND translations

When you see the words “and”, “but”, “however”, “moreover”, “nevertheless”, etc., then the English sentence is expressing a conjunction of ideas. When translating to propositional logic, all of these words should be replaced with a logical AND operator.

It might seem strange that the sentences “It is cold and it is sunny” and “It is cold but it is sunny” should be translated the same way – but really, both sentences are expressing two facts:

1. It is cold
2. It is sunny

Using “but” instead of “and” in English adds a subtle comparison of the first fact to the second fact, but such nuances are beyond the capabilities of propositional logic (and are somewhat ambiguous anyway).

Example 1

Suppose we want to translate the following sentence to propositional logic:

I like cake but I don't like cupcakes.

We would first identify two propositional atoms:

p: I like cake
q: I like cupcakes

We would then translate the clause “I don’t like cupcakes” to ¬q, and then would translate the connective “but” to a logical AND operator. We would finish with the following translation:

p ∧  ¬q

Example 2

Suppose we want to translate the following sentence to propositional logic:

The school doesn't have both a pool and a track.

We would first identify two propositional atoms:

p: The school has a pool
q: The school has a track

We would then see that we are really taking the sentence, “The school has a pool and a track” and negating it, which leaves us with the following translation:

 ¬(p ∧ q)

OR translations

When you see the word “or” in a sentence, or some other clear disjunction of statements, then you will translate it to a logical OR operator. Because the word “or” in English can be ambiguous, We first need to determine whether the “or” is inclusive (in which case we would replace it with a regular OR operator) or exclusive (in which case we need to add a clause to explicitly express that both statements cannot be true).

As we saw in section 1.1 , the word “or” in an English sentence is usually meant to be exclusive. However, because the logical OR is INclusive, and since the purpose of this class is not to have you wrestle with subtleties of the English language, then you can assume that an “or” in a sentence is inclusive unless clearly stated otherwise.

Inclusive OR statements

Suppose we want to translate the following sentence to propositional logic:

You watch a movie and/or eat a snack.

We would first identify two propositional atoms:

p: You watch a movie
q: You eat a snack

The “and/or” in our sentence makes it extremely clear that the intent is an inclusive or, since the sentence is true if you both watch a movie and eat a snack. This leaves us with the following translation:

p V q

Exclusive OR statements

In this class, if the meaning of “or” in a sentence is meant to be exclusive, then the sentence will clearly state that the two statements aren’t both true.

For example, suppose we want to translate the following sentence to propositional logic:

On Saturday, Jane goes for a run or plays basketball, but not both.

We would first identify two propositional atoms:

p: Jane goes for a run on Saturday
q: Jane plays basketball on Saturday

We then apply our equivalence for simulating an exclusive or operator, which we saw in section 2.4 . This leaves us with the following translation:

(p V q) ∧  ¬(p ∧ q)

Implies Translations

In this section, we will learn when to use an implies (→) operator when translating from English to propositional logic. In general, you will want to use an implies operator any time a sentence is making a promise – if one thing happens, then we promise that another thing will happen. The trick is to figure out the direction of the promise – promising that if p happens, then q will happen is subtly different from promising that if q happens, then p will happen.

Look for the words “if”, “only if”, “unless”, “except”, and “provided” as clues that the propositional logic translation will use an implies operator.

IF p THEN q statements

An “IF p THEN q” statement is promising that if p is true, then we can infer that q is also true. (It is making NO claims about what we can infer if we know q is true.)

For example, consider the following sentence:

If it is hot today, then I'll get ice cream.

We first identify the following propositional atoms:

p: It is hot today
q: I'll get ice cream

To determine the order of the implication, we think about what is being promised – if it is hot, then we can infer that ice cream will happen. But if we get ice cream, then we have no idea what the weather is like. It might be hot, but it might also be cold and I just decided to get ice cream anyway. Thus we finish with the following translation:

p → q

Alternatively, if we don’t get ice cream, we can be certain that it wasn’t hot – since we are promsied that if it is hot, then we will get ice cream. So an equivalent translation is:

 ¬q →  ¬p

(This form is called the contrapositive, which we learned about it in section 2.4 ). We’ll study it and other equivalent translations more in the next section.)

p IF q statements

A “p IF q” statement is promising that if q is true, then we can infer that p is also true. (It is making NO claims about what we can infer if we know p is true.) Equivalent ways of expressing the same promise are “p PROVIDED q” and “p WHEN q”.

For example, consider the following sentence:

You can login to a CS lab computer if you have a CS account.

We first identify the following propositional atoms:

p: You can login to a CS lab computer
q: You have a CS account

To determine the order of the implication, we think about what conditions need to be met in order for me to be promised that I can login. We see that if we have a CS account, then we are promised to be able to login. Thus we finish with the following translation:

q → p

In this example, if we knew we could login to a CS lab computer, we wouldn’t be certain that we had a CS account. There might be other reasons we can login – maybe you can use your eID account instead, for example.

Alternatively, if we can’t login, we can be certain that we don’t have a CS account. After all, we are guaranteed to be able to login if we do have a CS account. So another valid translation is:

 ¬p →  ¬q

p ONLY IF q

A “p ONLY IF q” statement is promising that the only time p happens is when q also happens. So if p does happen, it must be the case that q did too (since p can’t happen without q happening too).

For example, consider the following sentence:

Wilma eats cookies only if Evelyn makes them.

We first identify the following propositional atoms:

p: Wilma eats cookies
q: Evelyn makes cookies

What conditions need to be met for Wilma to eat cookies? If Wilma is eating cookies, Evelyn must have made cookies – after all, we know that Wilma only eats Evelyn’s cookies. Thus we finish with the following translation:

p → q

Equivalently, we are certain that if Evelyn DOESN’T make cookies, then Wilma won’t eat them – since she only eats Evelyn’s cookies. We can also write:

 ¬q →  ¬p

However, if we know that Evelyn makes cookies, we can’t be sure that Wilma will eat them. We know she won’t eat any other kind of cookie, but maybe Wilma is full today and won’t even eat Evelyn’s cookies…we can’t be sure.

p UNLESS b, p EXCEPT IF q

The statements “p UNLESS q” and “p EXCEPT IF q” are equivalent…and both can sometimes be ambiguous. For example, consider the following sentence:

I will bike to work unless it is raining.

We first identify the following propositional atoms:

p: I will bike to work
q: It is raining

Next, we consider what exactly is being promised:

• If it isn’t raining, will I bike to work?   YES ¬ I promise to bike to work whenever it isn’t raining.
• If I don’t bike to work, is it raining?   YES ¬ I always bike when it’s not raining, so if I don’t bike, it must be raining.
• If it’s raining, will I necessarily not bike to work?   Well, maybe? Some people might interpret the sentence as saying I’ll get to work in another way if it’s raining, and others might think no promise has been made if it is raining.
• If I bike to work, is it necessarily not raining?   Again, maybe? It’s not clear if I’m promising to only bike in non-rainy weather.

As we did with ambiguous OR statements, we will establish a rule in this class for intrepeting “unless” statements that will let us resolve ambiguity.

If you see the word unless when you are doing a translation, replace it with the words unless possibly if.

If we rephrase the sentence as:

I will bike to work *unless possibly if* it is raining.

We see that there is clearly NO promise about whether I will bike in the rain. I might, or I might not – but the only thing that I am promising is that I will bike if it is not raining, or that IF it’s not raining, THEN I will bike. With that in mind, we can complete our translation:

 ¬q → p

Equivalently, if we don’t bike, then we are certain that it must be raining – since we have promised to ride our bike every other time. We can also write:

 ¬p → q

Equivalent Translations

As we saw in section 2.4 ), two logical statements are said to be logically equivalent if and only if they have the same truth value for every truth assignment.

We can extend this idea to our propositional logic translations – two (English) statements are said to be equivalent iff they have the same underlying meaning, and iff their translations to propositional logic are logically equivalent.

Common equivalences, revisited

We previously identified the following common logical equivalences:

• Double negative: ¬ ¬ p and p
• Contrapositive: p → q and ¬ q → ¬ p
• Expressing an implies using an OR: p → q and ¬ p ∨ q
• One of DeMorgan’s laws: ¬ (p ∧ q) and ( ¬ p ∨ ¬ q)
• Another of DeMorgan’s laws: ¬ (p ∨ q) and ( ¬ p ∧ ¬ q)

Equivalence example 1

Suppose we have the following propositional atoms:

p: I get cold
q: It is summer

Consider the following three statements:

• I get cold except possibly if it is summer.
• If it’s not summer, then I get cold.
• I get cold or it is summer.

We translate each sentence to propositional logic:

• I get cold except possibly if it is summer.

  • p → ¬q
  • Meaning: I promise that if I get cold, then it must not be summer…because I am always cold when it’s not summer.

• If it’s not summer, then I get cold.

  • ¬q → p
  • Meaning: I promise that anytime it isn’t summer, then I will get cold.

• I get cold or it is summer.

  • p V q
  • Meaning: I’m either cold or it’s summer…because my being cold is true every time it isn’t summer.

As we can see, each of these statements is expressing the same idea.

Equivalence example 2

Suppose we have the following propositional atoms:

p: I eat chips
q: I eat fries

Consider the following two statements:

• I don’t eat both chips and fries.
• I don’t eat chips and/or I don’t eat fries.

We translate each sentence to propositional logic:

• I don’t eat both chips and fries.

  • ¬(p ∧ q)

• I don’t eat chips and/or I don’t eat fries.

  • ¬p V ¬q

These statements are clearly expressing the same idea – if it’s not the case that I eat both, then it’s also true that there is at least one of the foods that I don’t eat. This is an application of one of DeMorgan’s laws: that ¬ (p ∧ q) is equivalent to ( ¬ p ∨ ¬ q).

If we were to create truth tables for both ¬(p ∧ q) and ¬p V ¬q, we would see that they are logically equivalent (that the same truth assignments make each statement true).

Equivalence example 3

Using the same propositional atoms as example 2, we consider two more statements:

• I don’t eat chips or fries.
• I don’t eat chips and I don’t eat fries.

We translate each sentence to propositional logic:

• I don’t eat chips or fries.

  • ¬(p V q)

• I don’t eat chips and I don’t eat fries.

  • ¬p ∧ ¬q

These propositions are clearly expressing the same idea – I have two foods (chips and fries), and I don’t eat either one. This demonstrates another of DeMorgan’s laws: that ¬ (p ∨ q) is equivalent to ( ¬ p ∧ ¬ q). If we were to create truth tables for each proposition, we would see that they are logically equivalent as well.

Knights and Knaves, revisited

Recall the Knights and Knaves puzzles from section 1.2 . In addition to solving these puzzle by hand, we can devise a strategy to first translate a Knights and Knaves puzzle to propositional logic, and then solve the puzzle using a truth table.

Identifying propositional atoms

To translate a Knights and Knaves puzzle to propositional logic, we first create a propositional atom for each person that represented whether that person was a knight. For example, if our puzzle included the people “Adam”, “Bob”, and “Carly”, then we might create propositional atoms a, b, and c:

a: Adam is a knight
b: Bob is a knight
c: Carly is a knight

Translating statements

Once we have our propositional atoms, we can translate each statement in the puzzle to propositional logic. For each one, we want to capture that the statement is true IF AND ONLY IF the person speaking is a knight. (That way, the statement would be false whenever the person was not a knight – i.e., when they were a knave.) We recall that we can express if and only if using a conjunction of implications. So if we want to write p if and only if q, then we can say (p → q) ∧ (q → p).

As an example, suppose we have the following statement:

Adam says: Bob is a knight and Carly is a knave.

Adam’s statement should be true if and only if he is a knight, so we can translate it as follows:

(a → (b ∧  ¬c)) ∧ ((b ∧  ¬c) → a)

Which reads as:

If I am a knight, then Bob is a knight and Carly is a knave. Also, if Bob is a knight and Carly is a knave, then I am a knight.

We repeat this process for each statement in the puzzle. Finally, since we solve a Knights and Knaves puzzle by finding a truth assignment (i.e., assignment of who is a knight and who is a knave) that works for ALL statements, then we finish by AND-ing together our translations for each speaker. When we fill in the truth table for our final combined proposition, then a valid solution to the puzzle is any truth assignment that makes the overall proposition true. If it was a well-made puzzle, then there should only be one such truth assignment.

Full example

Suppose we meet two people on the Island of Knights and Knaves – Ava and Bob.

Ava says, "Bob and I are not the same".
Bob says, "Of Ava and I, exactly one is a knight."

We first create a propositional atom for each person:

a: Ava is a knight
b: Bob is a knight

Then, we translate each statement:

• Bob and I are not the same
  • Translation: (a → (a ∧ ¬b V ¬a ∧ b)) ∧ ((a ∧ ¬b V ¬a ∧ b) → a)
  • Meaning: If Ava is a knight, then either Ava is a knight and Bob is a knave, or Ava is a knave and Bob is a knight (so they aren’t the same type). Also, if Ava and Bob aren’t the same type, then Ava must be a knight (because her statement would be true).
• Bob says, “Of Ava and I, exactly one is a knight.
  • Bob is really saying the same thing as Ava…if exactly one is a knight, then either Ava is a knight and Bob is a knave, or Ava is a knave and Bob is a knight.
  • Translation: (b → (a ∧ ¬b V ¬a ∧ b)) ∧ ((a ∧ ¬b V ¬a ∧ b) → b)

We combine our translations for Ava and Bob and end up with the following propositional logic statement:

(a → (a ∧ ¬b V ¬a ∧ b)) ∧ ((a ∧ ¬b V ¬a ∧ b) → a) ∧ (b → (a ∧ ¬b V ¬a ∧ b)) ∧ ((a ∧ ¬b V ¬a ∧ b) → b)`

We then complete the truth table for that proposition:

                                                                                  *
---------------------------------------------------------------------------------------------------------------
a b | (a → (a ∧ ¬b V ¬a ∧ b)) ∧ ((a ∧ ¬b V ¬a ∧ b) → a) ∧ (b → (a ∧ ¬b V ¬a ∧ b)) ∧ ((a ∧ ¬b V ¬a ∧ b) → b)
---------------------------------------------------------------------------------------------------------------
T T |    F    F F  F F  F     F     F F  F F  F    T    F    F    F F  F F  F     F     F F  F F  F    T
T F |    T    T T  T F  F     T     T T  T F  F    T    T    T    T T  T F  F     F     T T  T F  F    F
F T |    T    F F  T T  T     F     F F  T T  T    F    F    T    F F  T T  T     F     F F  T T  T    T
F F |    T    F T  F T  F     T     F T  F T  F    T    T    T    F T  F T  F     T     F T  F T  F    T
---------------------------------------------------------------------------------------------------------------

Contingent

- T: [F F]
- F: [T T] [T F] [F T]

And we see that there is only one truth assignment that satisfies the proposition – [F F], which corresponds to Ava being a knave and Bob being a knave.

Conclusion

As you can see, solving a Knights and Knaves problem by translating each statement to propositional logic is a tedious process. We ended up with a very involved final formula that made filling in the truth table somewhat arduous. Such problems are usually much simpler to solve by hand – but this process demonstrates that we can apply a systematic approach to solve Knights and Knaves problems with translations and truth tables.

Introduction

While we can use truth tables to check whether a set of premises entail a conclusion, this requires testing all possible truth assignments – of which there are exponentially many. In this chapter, we will learn the process of natural deduction in propositional logic. This will allow us to start with a set of known facts (premises) and apply a series of rules to see if we can reach some goal conclusion. Essentially, we will be able to see whether a given conclusion necessarily follows from a set of premises.

We will use the Logika tool to check whether our proofs correctly follow our deduction rules. HOWEVER, these proofs can and do exist outside of Logika. Different settings use slightly different syntaxes for the deduction rules, but the rules and proof system are the same. We will merely use Logika to help check our work.

Sequents, premises, and conclusions

A sequent is a mathematical term for an assertion. We use the notation:

p0, p1, ..., pm ⊢ c

The p0, p1, …, pm are called premises and c is called the conclusion. The ⊢ is called the turnstile operator, and we read it as “prove”. The full sequent is read as:

Statements p0, p1, ..., pm PROVE c

A sequent is saying that if we accept statements p0, p1, …, pm as facts, then we guarantee that c is a fact as well.

For example, in the sequent:

p → q , ¬ q  ⊢  ¬ p

The premises are: p → q and ¬q, and the conclusion is ¬p.

(Shortcut: we can use |- in place of the ⊢ turnstile operator.)

Sequent validity

A sequent is said to be valid if, for every truth assignment which make the premises true, then the conclusion is also true.

For example, consider the following sequent:

p → q , ¬ q  ⊢  ¬ p

To check if this sequent is valid, we must find all truth assignments for which both premises are true, and then ensure that those truth assignments also make the conclusion true.

Here is a (non-Logika syntax) type of truth table that combines all three statements:

p q | (p → q) | ( ¬q) |  ¬p
---------------------------
T T |    T     |  F   | F
T F |    F     |  T   | F
F T |    T     |  F   | T
F F |    T     |  T   | T

Examining each row in the above truth table, we see that only the truth assignment [F F] makes both premises (p → q and ¬q) true. We look right to see that the same truth assignment also makes the conclusion ( ¬p) true, which means that the sequent is valid.

Using Logika for proof verification

We can use the Logika tool to help check the correctness of our proofs. (Again, Logika is just a tool to help check our work – we could write the same argument in a different environment or on paper, and the meaning would be the same.)

Each Logika proof should be written in a separate file with a .logika extension. Logika verification knows each of the deduction rules we will see in the next few chapters, and will automatically check to ensure that your steps obey these deduction rules as you type your proof. If a proof is correct, you will see a purple checkmark in the lower right corner that says “Logika verified”. If you have logic errors, you will see them highlighted in red.

Sometimes, the Logika verification needs to be run manually. If you don’t see either red errors or a purple checkmark, right-click in the text area that contains the proof and select “Logika Check”.

Logika proof syntax

Sequents in Logika have the following form:

< 0 or more premises, separated by commas > ⊢ < 1 conclusion >

Proofs in Logika are structured in two columns, with claims on the left and their supporting justification on the right:

premises ⊢ conclusion
{
    1. claim_a          justification_a
    2. claim_b          justification_b
       ...              ...
    736. conclusion     justification_ef
}

Each claim is given a number, and these numbers are generally in order. However, the only rule is that claim numbers be unique (they may be out of order and/or non-consecutive). Once we have justified a claim in a proof, we will refer to it as a fact.

We will see more details of Logika proof syntax as we progress through chapter 4.

Premise justification

The most basic justification for a claim in a proof is “premise”. This justification is used when you pull in a premise from the sequent and introduce it into your proof. All, some or none of the premises can be introduced at any time in any order. Please note that only one premise may be entered per claim.

For example, we might bring in the premises from our sequent like this:

p, q,  ¬r |- p ∧ q
{
    1. p            premise
    2. q            premise
    3.  ¬r           premise
    ...
}

We could also bring in the same premise multiple times, if we wanted. We could also use non-sequential line numbers, as long as each line number was unique:

p, q,  ¬r |- p ∧ q
{
    7. p            premise
    10. q           premise
    2.  ¬r           premise
    8. p            premise
    ...
}

We could only bring in some portion of our premises, if we wanted:

p, q,  ¬r |- p ∧ q
{
    1. p            premise
    ...
}

But we can only list one premise in each claim. For example, the following is not allowed:

p, q,  ¬r |- p ∧ q
{
    //THIS IS WRONG ¬

    1. p, q,  ¬r         premise
    ...
}

Deduction rules

The logical operators (AND, OR, NOT, IMPLIES) are a kind of language for building propositions from basic, primitive propositional atoms. For this reason, we must have laws for constructing propositions and for disassembling them. These laws are called inference rules or deduction rules. A natural deduction system is a set of inference rules, such that for each logical operator, there is a rule for constructing a proposition with that operator (this is called an introduction rule) and there is a rule for disassembling a proposition with that operator (this is called an elimination rule).

For the sections that follow, we will see the introduction and elimination rules for each logical operator. We will then learn how to use these deduction rules to write a formal proof showing that a sequent is valid.

AND Rules

In this section, we will see the deduction rules for the AND operator.

AND introduction

Clearly, when both p and q are facts, then so is the proposition p ∧ q. This makes logical sense – if two propositions are independently true, then their conjunction (AND) must also be true. The AND introduction rule, ∧i, formalizes this:

        P   Q   
∧i :  ---------   
        P ∧ Q

We will use the format above when introducing each of our natural deduction rules:

• P and Q are not necessarily individual variables – they are placeholders for some propositional statement, which may itself involve several logical operators.
• On the left side is the rule name (in this case, ∧i)
• On the top of the right side we see what we already need to have established as facts in order to use this rule (in this case, P and also Q ). These facts can appear anywhere in our scope of the proof, in whatever order. (For now, all previous lines in the proof will be within our scope, but this will change when we get to more complex rules that involve subproofs).
• On the bottom of the right side, we see what we can claim by using that proof rule.

Here is a simple example of a proof that uses ∧i. It proves that if propositional atoms p, q, and r are all true, then the proposition r ∧ (q ∧ p) is also true:

p, q, r ⊢ r ∧ (q ∧ p)
{
    1. p                    premise
    2. q                    premise
    3. r                    premise
    4. q ∧ p                ∧i 2 1
    5. r ∧ (q ∧ p)          ∧i 3 4
}

You can read line 4 like this: “from the fact q stated on line 2 and the fact p stated on line 1, we deduce q ∧ p by applying the ∧i rule”. Lines 4 and 5 construct new facts from the starting facts (premises) on lines 1-3.

Note that if I had instead tried:

p, q, r ⊢ r ∧ (q ∧ p)
{
    1. p                    premise
    2. q                    premise
    3. r                    premise
    4. q ∧ p                ∧i 1 2
    ...
}

Then line 4 would not have been accepted. The line numbers cited after the ∧i rule must match the order of the resulting AND statement. The left-hand side of our resulting AND statement must correspond to the first line number in ∧i justification, and the right-hand side of our resulting AND statement must correspond to the second line number in the justification:

{
    ...
    4. p			        (some justification)
    5. q			        (some justification)
    6. p ⋀ q                ⋀i 4 5
    ...
    9. q ⋀ p                ⋀i 5 4
    ...
}

AND elimination

The idea of the AND elimination rules is that if we have a proposition p ⋀ q as a fact, then we can separately claim both p and q as individual facts. After all, the only time p ⋀ q is true in a truth table is when both p and q are individually true. There are two AND elimination rules – ∧e1 and ∧e2. ∧e1 allows us to claim that the left (first) side of an AND statement is individually true, and ∧e2 allows us to do the same with the right (second) side. Here is the formalization of each rule:

        P ∧ Q              P ∧ Q
 ∧e1 : ---------    ∧e2 : ---------
          P                  Q

Here is a simple example showing the syntax of the ∧e1 rule:

p ∧ q ⊢ p
{
    1. p ∧ q            premise
    2. p                ∧e1 1
}

We can read the justification ∧e1 1 as: AND-elimination 1 from line 1, or “take the AND statement on line 1 and extract its first (left) side”.

Here is a simple example showing the syntax of the ∧e2 rule:

p ∧ q ⊢ q
{
    1. p ∧ q            premise
    2. q                ∧e2 1
}

We can read the justification ∧e2 1 as: AND-elimination 2 from line 1, or “take the AND statement on line 1 and extract its second (right) side”.

Example 1

Suppose we want to prove the following sequent:

p ∧ (q ∧ r) ⊢ r ∧ p

Whenever we approach a proof, a good first strategy is to see what we can extract from the premises. If we have a premise that is an AND statement, then we can use ∧e1 and then ∧e2 to extract both its left and right side as separate claims. So we start our proof like this:

p ∧ (q ∧ r) ⊢ r ∧ p
{
    1. p ∧ (q ∧ r)          premise
    2. p                    ∧e1 1
    3. q ∧ r                ∧e2 1
    ...
}

But now we have a new AND statement as a claim – q ∧ r. We can again use both ∧e1 and ∧e2 to extract each side separately:

p ∧ (q ∧ r) ⊢ r ∧ p
{
    1. p ∧ (q ∧ r)          premise
    2. p                    ∧e1 1
    3. q ∧ r                ∧e2 1
    4. q                    ∧e1 3
    5. r                    ∧e2 3
    ...
}

Now that we have done all we can with our premises and the resulting statements, we examine our conclusion. Whenever our conclusion is a conjunction (AND statement), we know that we must separately show both the left side and the right side of that conclusion. Then, we can use ∧i to put those sides together into our goal AND statement.

In this example, we have already proved both sides of our goal AND statement – r (from line 5) and p (from line 2). All that remains is to use ∧i to put them together:

p ∧ (q ∧ r) ⊢ r ∧ p
{
    1. p ∧ (q ∧ r)          premise
    2. p                    ∧e1 1
    3. q ∧ r                ∧e2 1
    4. q                    ∧e1 3
    5. r                    ∧e2 3
    6. r ∧ p                ∧i 5 2
}

Example 2

Suppose we want to prove the following sequent:

p ∧ q ∧ r, a ∧ (t ∨ s) ⊢ q ∧ (t ∨ s)

We again try to use AND-elimination to extract what we can from our premises. We might try something like this:

p ∧ q ∧ r, a ∧ (t ∨ s) ⊢ q ∧ (t ∨ s)
{
    1. p ∧ q ∧ r            premise
    2. a ∧ (t ∨ s)          premise
    3. p                    ∧e1 1   //NO ¬ Won't work.
    ...
}

However, we get into trouble when we try to use ∧e1 to extract the left side of the premise p ∧ q ∧ r. The problem has to do with operator precedence – we recall that ∧ operators are processed from left to right, which means that p ∧ q ∧ r is equivalent to (p ∧ q) ∧ r. By reminding ourselves of the “hidden parentheses”, we see that when we use ∧e1 on the premise p ∧ q ∧ r, we extract p ∧ q. Similarly, ∧e2 will extract r.

We try again to extract what we can from our premises:

p ∧ q ∧ r, a ∧ (t ∨ s) ⊢ q ∧ (t ∨ s)
{
    1. p ∧ q ∧ r            premise
    2. a ∧ (t ∨ s)          premise
    3. p ∧ q                ∧e1 1 
    4. r                    ∧e2 1                     
    5. a                    ∧e1 2 
    6. t ∨ s                ∧e2 2
    ...  
}

As before, we look at our resulting claims – we see a p ∧ q, and we know that we can use AND elimination again to extract both sides. Now we have:

p ∧ q ∧ r, a ∧ (t ∨ s) ⊢ q ∧ (t ∨ s)
{
    1. p ∧ q ∧ r            premise
    2. a ∧ (t ∨ s)          premise
    3. p ∧ q                ∧e1 1 
    4. r                    ∧e2 1                     
    5. a                    ∧e1 2 
    6. t ∨ s                ∧e2 2
    7. p                    ∧e1 3
    8. q                    ∧e2 3
    ...
}

Now, we look at what we are trying to prove – q ∧ (t ∨ s). Since its top-level operator is the AND, we know that we must separately prove q and t ∨ s. Then, we can use AND introduction to put the two pieces together to match our conclusion. We see that we already have q on line 8 and t ∨ s on line 6, so we add our final line to finish the proof:

p ∧ q ∧ r, a ∧ (t ∨ s) ⊢ q ∧ (t ∨ s)
{
    1. p ∧ q ∧ r            premise
    2. a ∧ (t ∨ s)          premise
    3. p ∧ q                ∧e1 1 
    4. r                    ∧e2 1                     
    5. a                    ∧e1 2 
    6. t ∨ s                ∧e2 2
    7. p                    ∧e1 3
    8. q                    ∧e2 3
    9. q ∧ (t ∨ s)          ∧i 8 6
}

You might notice that lines 5 and 7 were not needed, as both p and a were not part of the conclusion. That’s true – we could have eliminated those steps. However, it’s a good idea to extract as much information as possible while you are getting used to doing these proofs – it doesn’t hurt to have extra claims, and you may find that you end up needing them.

OR Rules

In this section, we will see the deduction rules for the OR operator.

OR introduction

If we know that a proposition P is true, then it will also be the case that both P ∨ Q and Q ∨ P are also true. It doesn’t matter what Q is – it might even be something that is know to be false. Because P is true, it will make the overall OR statement true as well.

There are two OR introduction rules – ∨i1 and ∨i2. ∨i1 allows us to claim an OR statement with some previous fact on the left (first) side, and ∨i2 allows us to do the same with the right (second) side. Here is the formalization of each rule:

         P                  Q     
∨i1 : --------    ∨i2 :  -------- 
       P ∨ Q              P ∨ Q 

Here is a simple example showing the syntax of the ∨i1 rule:

p ⊢ p ∨ q
{
    1. p                premise
    2. p ∨ q            ∨i1 1
}

We can read the justification ∨i1 1 as: OR introduction 1 from line 1, or “create a OR statement that puts the claim from line 1 on the first (left) side, and puts something new on the second side”.

Here is a simple example showing the syntax of the ∨i2 rule:

p ⊢ q ∨ p
{
    1. p                premise
    2. q ∨ p            ∨i2 1
}

We can read the justification ∨i2 1 as: OR introduction 2 from line 1, or “create a OR statement that puts the claim from line 1 on the second (right) side, and puts something new on the first side”.

OR elimination

The OR elimination rule is used when we have an OR statement of the form P ∨ Q, and we wish to use it to extract new information. In real life, we call the rule “case analysis”. For example, say that you have either 12 quarters in your pocket or 30 dimes in your pocket. In either case, you can buy a $3.00 coffee. Why? You do a case analysis:

• In the case you have 12 quarters, that totals $3.00, and you can buy the coffee;
• In the case you have 30 dimes, that totals $3.00, and you can buy the coffee.

So, in both cases, you can buy the coffee.

We can formalize the idea behind the OR elimination rule as follows:

• In order for the OR statement P ∨ Q to be true, at least one of P and Q must be individually true
• If we are able to reach some conclusion R if we assume P is true, and we are able to reach the SAME conclusion R if we assume Q is true…
• …Then no matter what, R will be true.

Subproofs

OR elimination will be our first proof rule that uses subproofs. Subproofs are tools for case analysis or what-if excursions, used to support justification for later claims. In propositional logic, they will always contain one assumption. This assumption is a proposition whose scope is limited to the subproof. The syntax of a subproof in Logika looks like this:

premises ⊢ consequent
{
    1. fact_A       justification_1
    ...             ...
    17. {
        18. fact_ D     assume
        ...             ...
        25. fact_G      some_rule  using claim 1 // this is ok
        ...             ...
    }
    ...             ...
    45. fact_R      some_rule using claim 25   // this is NOT ok
}

Opening and closing braces, {...}, define the scope of claims. Other than the first { which goes directly under the sequent, the opening brace is given a claim number, but no justification. Closing braces are not given claim numbers. The use of braces is analogous to their use to define scope in Java, C# and C.

In the example above, the subproof starting on line 17 creates an environment where fact_D is true. The justification used on claim number 25, which uses claim 1, is valid. The scope of claim 1 includes subproof 17.

However, the justification for line number 45 is invalid. Fact_G on line number 25 was proven true in an environment where fact_D is true (ie subproof 17). That environment ends (falls out of scope) when the closing brace for the subproof is reached. This happens before line 45.

Only specific deduction rules allow you to close a scope and create a new claim based on that subproof in the enclosing (outer) scope. These rules always take a subproof (i.e “17”) as part of the justification.

Syntax

Here is the OR elimination rule:

                 { P assume       { Q assume
      P ∨ Q        ... R    }      ... R     }
∨e : -------------------------------------------
                         R

In order to use the ∨e rule, we must have three things:

• An OR statement of the form P ∨ Q
• A subproof that begins by assuming the left side of the OR statement (P) and ends with some claim R
• A subproof that begins by assuming the right side of the OR statement (Q) and ends with the same claim R

If we have all three parts, we can use the ∨e and cite the OR statement and both subproofs to claim that R is true no matter what.

Here is a simple example showing the syntax of the ∨e rule:

p ∨ q ⊢ q ∨ p 
{
    1. p ∨ q            premise
    2. {
        3. p            assume
        4. q ∨ p        ∨i2 3
    }
    5. {
        6. q            assume
        7. q ∨ p        ∨i1 6
    }
    8. q ∨ p            ∨e 1 2 5
}

Here, we have the OR statement p ∨ q. We then have two subproofs where we separately assume that the two sides or the OR are true. The first subproof on line 2 starts by assuming the left side of the OR, p. It then uses OR introduction to reach the goal conclusion, q ∨ p. After reaching our goal, we end the first subproof and immediately start a second subproof. In the second subproof, we assume that the the right side of our OR statement is true, q. We then use the other form of OR introduction to reach the SAME conclusion as we did in the first subproof – q ∨ p. We end the second subproof and can now use ∨e to state that our conclusion q ∨ p must be true no matter what. After all, we knew that at least one of p or q was true, and we were able to reach the conclusion q ∨ p in both cases.

When using the justification:

∨e 1 2 5

The first line number corresponds to our original OR statement (line 1 with p ∨ q for us), the second line number corresponds to the subproof where we assumed the first (left) side of that OR statement (line 2 for us, which starts the subproof where we assumed p), and the third line number corresponds to the subproof where we assumed the second (right) side of that OR statement (line 5 for us, which starts the subproof where we assumed q)

This proof shows that the OR operator is commutative.

Example 1

Suppose we want to prove the following sequent:

p ∧ (q ∨ r) ⊢ (p ∧ q) ∨ (p ∧ r)

As we have done before, we start by extracting whatever we can from our premises:

p ∧ (q ∨ r) ⊢ (p ∧ q) ∨ (p ∧ r)
{
    1. p ∧ (q ∨ r)                  premise
    2. p                            ∧e1 1
    3. q ∨ r                        ∧e2 1
    ...
}

Next, we look at what we are trying to prove, and see that its top-level operator is an OR. If we already had either side of our goal OR statement (i.e., either p ∧ q or p ∧ r), then we could use ∧i to create the desired proposition. This isn’t the case for us, though, so we need to use a different strategy.

The next consideration when we want to prove an OR statement is whether we have another OR statement, either as a premise or a fact we have already established. If we do, then we can attempt to use OR elimination with that OR statement to build our goal conclusion ((p ∧ q) ∨ (p ∧ r)). We have the OR statement q ∨ r available, so we’ll try to use OR elimination – we’ll have a subproof where we assume q and try to reach (p ∧ q) ∨ (p ∧ r), and then a subproof where we assume r and try to reach (p ∧ q) ∨ (p ∧ r):

p ∧ (q ∨ r) ⊢ (p ∧ q) ∨ (p ∧ r)
{
    1. p ∧ (q ∨ r)                  premise
    2. p                            ∧e1 1
    3. q ∨ r                        ∧e2 1
    4. {
        5. q                        assume
        6. p ∧ q                    ∧i2 5
        7. (p ∧ q) ∨ (p ∧ r)        ∨i1 6
    }
    8. {
        9. r                        assume
        10. p ∧ r                   ∧i2 9
        11. (p ∧ q) ∨ (p ∧ r)       ∨i2 10
    }
    12. (p ∧ q) ∨ (p ∧ r)           ∨e 3 4 8
}

We can make our final claim:

12. (p ∧ q) ∨ (p ∧ r)           ∨e 3 4 8

Because we had an OR statement on line 3 (q ∨ r), assumed the left side of that OR (q) in subproof 4 and reached the conclusion of (p ∧ q) ∨ (p ∧ r), and then assumed the right side of our OR (r) in subproof 8 and reached the SAME conclusion of (p ∧ q) ∨ (p ∧ r).

Example 2

Suppose we want to prove the following sequent:

(p ∨ q) ∧ (p ∨ r) ⊢ p ∨ (q ∧ r)

Note that this is the same as the previous example, but the premises are switched with the conclusion. If we prove this direction too, we will have shown that (p ∨ q) ∧ (p ∨ r) is equivalent to p ∨ (q ∧ r). We’ll learn more about this process in section 4.8.

We start by pulling in our premises and extracting whatever information we can:

(p ∨ q) ∧ (p ∨ r) ⊢ p ∨ (q ∧ r)
{
    1. (p ∨ q) ∧ (p ∨ r)                premise
    2. p ∨ q                            ∧e1 1
    3. p ∨ r                            ∧e2 1
    ...
}

We see that the top-level operator of our conclusion (p ∨ (q ∧ r)) is an OR, so we apply the same strategy we did in the previous example – we see if we have an OR statement already available as a claim, and then try to use OR elimination on it to build to our conclusion in both subproofs. In this case, though, we have TWO or statements – p ∨ q and p ∨ r. We will see that it doesn’t matter which of these we choose, so let’s pick the first one – p ∨ q:

(p ∨ q) ∧ (p ∨ r) ⊢ p ∨ (q ∧ r)
{
    1. (p ∨ q) ∧ (p ∨ r)                premise
    2. p ∨ q                            ∧e1 1
    3. p ∨ r                            ∧e2 1
    4. {
        5. p                            assume
        6. p ∨ (q ∧ r)                  ∨i1 5
    }
    7. {
        8. q                            assume
        
        //what do we do now?
    }
    ...
}

We are able to finish the first subproof, but it’s not clear what to do in the second subproof. We assume q, and know we have the goal of reaching the same conclusion as we did in the first subproof, p ∨ (q ∧ r)…but we don’t have enough information yet to get there. The only piece of information that we haven’t used that might help us is our second OR statement – p ∨ r. We are already inside a subproof, but we can still nest other subproofs – just as we can nest conditional statements in computer programs.

We start on a nested OR elimination approach with p ∨ r:

(p ∨ q) ∧ (p ∨ r) ⊢ p ∨ (q ∧ r)
{
    1. (p ∨ q) ∧ (p ∨ r)                premise
    2. p ∨ q                            ∧e1 1
    3. p ∨ r                            ∧e2 1

    //OR elimination for p ∨ q
    4. {
        5. p                            assume
        6. p ∨ (q ∧ r)                  ∨i1 5
    }
    7. {
        8. q                            assume

        //start on OR elimination with p ∨ r
        9. {
            10. p                       assume
            11. p ∨ (q ∧ r)             ∨i1 10
        }
        12. {
            13. r                       assume
            14. q ∧ r                   ∧i 8 13
            15. p ∨ (q ∧ r)             ∨i2 14
        }
        16. p ∨ (q ∧ r)                 ∨e 3 9 12
    }
    17. p ∨ (q ∧ r)                     ∨e 2 4 7
}

Note that we use the ∨e rule twice – on line 16 to tie together subproofs 9 and 12 (where we processed the OR statement p ∨ r), and on line 17 to tie together subproofs 4 and 7 (where we processed the OR statement p ∨ q).

When we first started this problem, we mentioned that it didn’t matter which OR statement we chose to work with – p ∨ q or p ∨ r. Indeed, we could have chosen p ∨ r instead – but we would end up nesting another OR elimination for p ∨ q:

(p ∨ q) ∧ (p ∨ r) ⊢ p ∨ (q ∧ r)
{
    1. (p ∨ q) ∧ (p ∨ r)                premise
    2. p ∨ q                            ∧e1 1
    3. p ∨ r                            ∧e2 1

    //OR elimination for p ∨ r
    4. {
        5. p                            assume
        6. p ∨ (q ∧ r)                  ∨i1 5
    }
    7. {
        8. r                            assume

        //start on OR elimination with p ∨ q
        9. {
            10. p                       assume
            11. p ∨ (q ∧ r)             ∨i1 10
        }
        12. {
            13. q                       assume
            14. q ∧ r                   ∧i 13 8
            15. p ∨ (q ∧ r)             ∨i2 14
        }
        16. p ∨ (q ∧ r)                 ∨e 2 9 12
    }
    17. p ∨ (q ∧ r)                     ∨e 3 4 7
}

Implies Rules

In this section, we will see the deduction rules for the implies operator.

Implies elimination

Remember that → is a kind of logical “if-then”. Here, we understand p → q to mean that p holds knowledge sufficient to deduce q – so, whenever p is proved to be a fact, then p → q enables q to be proved a fact, too. This is the implies elimination rule, →e, and we can formalize it like this:

       P → Q    P
 →e :  ------------
             Q

Here is a simple example of a proof that shows the syntax of the →e rule:

a, a → b ⊢ b
{
    1. a                    premise
    2. a → b                premise
    3. b                    →e 2 1
}

Note that when we use →e, we first list the line number of the implies statement, and then list the line number that contains the left side of that implies statement. The →e allows us to claim the right side of that implies statement.

Implies introduction

The idea behind the next deduction rule, implies introduction, is that we would be introducing a new implies statement of the form P → Q. In order to do this, we must be able to show our logical “if-then” – that IF P exists, THEN we promise that Q will also exist. We do this by way of a subproof where we assume P. If we can reach Q by the end of that subproof, we will have shown that anytime P is true, then Q is also true. We will be able to close the subproof by introducing P → Q with the →i rule. We can formalize the rule like this:

       { P assume   
         ... Q    } 
→i : -------------- 
          P → Q 

Here is a simple example of a proof that shows the syntax of the →i rule:

a → b, b → c ⊢ a → c
{
    1. a → b               premise
    2. b → c               premise
    3. {
        //we want to prove a → c, so we start by assuming a

        4. a                assume
        5. b                →e 1 4
        6. c                →e 2 5

        //...and try to end with c
    }
    //then we can conclude that anytime a is true, then c is also true

    7. a → c                →i 3
}

Note that when we use →i, we list the line number of the subproof we just finished. We must have started that subproof by assuming the left side of the implies statement we are introducing, and ended that subproof with the right side of the implies statement we are introducing.

Example 1

Suppose we want to prove the following sequent:

p → (q → r) ⊢ (q ∧ p) → r

We start by listing our premise:

p → (q → r) ⊢ (q ∧ p) → r
{
    1. p → (q → r)          premise
}

We can’t extract any information from the premise, so we shift to examining our conclusion. The top-level operator of our conclusion is an implies statement, so this tells us that we will need to use the →i rule. We want to prove (q ∧ p) → r, so we need to show that whenever q ∧ p is true, then r is also true. We open a subproof and assume the left side of our goal implies statement (q ∧ p). If we can reach r by the end of the subproof, then we can use →i to conclude (q ∧ p) → r:

p → (q → r) ⊢ (q ∧ p) → r
{
    1. p → (q → r)          premise
    2. {
        3. q ∧ p            assume

        //goal: get to r
    }
    //use →i to conclude (q ∧ p) → r
}

Now we can complete the proof:

p → (q → r) ⊢ (q ∧ p) → r
{
    1. p → (q → r)          premise
    2. {
        3. q ∧ p            assume
        4. q                ∧e1 3
        5. p                ∧e2 3
        6. q → r            →e 1 5
        7. r                →e 6 4 
        //goal: get to r
    }
    //use →i to conclude (q ∧ p) → r

    8. (q ∧ p) → r          →i 2
}

Example 2

Suppose we want to prove the following sequent:

p → (q → r) ⊢ (p → q) → (p → r)

We see that we will have no information to extract from the premises. The top-level operator is an implies statement, so we start a subproof to introduce that implies statement. In our subproof, we will assume the left side of our goal implies statement (p → q) and will try to reach the right side of our goal (p → r):

p → (q → r) ⊢ (p → q) → (p → r)
{
    1. p → (q → r)          premise
    2. {
        3. p → q            assume

        //goal: get to p → r
    }
    //use →i to conclude (p → q) → (p → r)
}

We can see that our goal is to reach p → r in our subproof – so we see that we need to introduce another implies statement. This tells us that we need to nest another subproof – in this one, we’ll assume the left side of our current goal implies statement (p), and then try to reach the right side of that current goal (r). Then, we’d be able to finish that inner subproof by using →i to conclude p → r:

p → (q → r) ⊢ (p → q) → (p → r)
{
    1. p → (q → r)          premise
    2. {
        3. p → q            assume

        4. {
            5. p            assume

            //goal: get to r
        }
        //use →i to conclude p → r

        //goal: get to p → r
    }
    //use →i to conclude (p → q) → (p → r)
}

Now we can complete the proof:

p → (q → r) ⊢ (p → q) → (p → r)
{
    1. p → (q → r)          premise
    2. {
        3. p → q            assume

        4. {
            5. p            assume
            6. q            →e 3 5
            7. q → r        →e 1 5 
            8. r            →e 7 6  

            //goal: get to r
        }
        //use →i to conclude p → r

        9. p → r             →i 4   

        //goal: get to p → r
    }
    //use →i to conclude (p → q) → (p → r)

    10. (p → q) → (p → r)   →i 2 
}

Example 3

Here is one more example, where we see we can nest a →i subproof and a ∨e subproof:

p → r, q → r ⊢ (p ∨ q) → r
{
    1. p → r                premise
    2. q → r                premise
    3. {
        //assume p ∨ q, try to get to r 

        4. p ∨ q             assume

        //nested subproof for OR elimination on p ∨ q
        //try to get to r in both cases
        5. {
            6. p            assume
            7. r            →e 1 6
        }
        8. {
            9.  q           assume
            10. r           →e 2 9
        }
        11. r                ∨e 4 5 8

        //goal: get to r
    }
    //use →i to conclude (p ∨ q) → r

    12. (p ∨ q) → r         →i 3
}

Negation Rules

In this section, we will see the deduction rules for the NOT operator. In this section, we will introduce the contradiction symbol (⊥, or _|_ in ASCII). This symbol is also referred to as the bottom operator. We will be able to claim that a contradiction occurs when, for some proposition P, we have proved both the facts P and ¬ P. This indicates that we are in an impossible situation, and often means that we have made a bad previous assumption.

Not elimination

The not elimination rule allows you to claim that you have reached a contradiction. We can formalize the rule like this:

        P   ¬ P
¬ e : -----------
          ⊥

Here is a simple example of a proof that shows the syntax of the ¬ e rule:

q, ¬ q ⊢ ⊥
{
    1. q                premise
    2. ¬ q              premise
    3. ⊥                ¬ e 1 2
}

We use the ¬ e rule when we have facts for both P and ¬ P for some proposition P. When we use the justification, we first list the line number of the claim for P (line 1, in our case) and then the line number of the claim for ¬ P (line 2, in our case).

Sometimes, the proposition P itself has a NOT operator. Consider this example:

¬ q, ¬ ¬ q ⊢ ⊥
{
    1. ¬ q              premise
    2. ¬ ¬ q            premise
    3. ⊥                ¬ e 1 2
}

Here, our proposition P is the claim ¬ q, and our proposition that is of the form ¬ P is the claim ¬ ¬ q.

Not introduction

The not introduction rule allows us to introduce a NOT operation. If assuming some proposition P leads to a contradiction, then we must have made a bad assumption – P must NOT be true after all. We can then introduce the fact ¬ P. We can formalize the not introduction rule like this:

       { P assume
         ... ⊥  }
¬ i:   --------------
           ¬ P

Here is a simple example of a proof that shows the syntax of the ¬ i rule:

p,  q → ¬ p  ⊢  ¬ q
{
    1. p            premise
    2. q → ¬ p      premise
    3. {
        4. q        assume
        5. ¬ p      →e 2 4
        6. ⊥        ¬e 1 5
    }
    7. ¬ q          ¬i 3
}

Note that the not introduction rule involves a subproof – if we wish to prove ¬ P for some proposition P, then we start a subproof where we assume P. If we are able to reach a contradiciton on the last line of that subproof, then we can use the ¬ i rule after the subproof ends to claim that our assumption was bad and that it is actually ¬ P that is true. When we use ¬i as a justification, we list the line number corresponding to this subproof.

Bottom elimination

There is a special law for reasoning forwards from an impossible situation — the ⊥e law — which says, in the case of a contradiction, everything becomes a fact. (That is, “if False is a fact, so is everything else ¬”.) This rule is called “bottom elimination”, and is written as ⊥e. Here is a formalization of the rule:

         ⊥
⊥e :  ------  for any proposition, Q, at all
         Q

Here is a simple example of a proof that shows the syntax of the ⊥e rule:

p, ¬ p  ⊢ q
{
    1. p            premise
    2. ¬ p          premise
    3. ⊥            ¬ e 1 2
    4. q            ⊥e 3
}

Note that when we use ⊥e as the justification, we list the line number of where we reached a contradiction (⊥).

The bottom elimination rule works well with case analysis, where we discover that one case is impossible. Here is a classic example:

p ∨ q, ¬ p ⊢ q
{
    1. p ∨ q        premise
    2. ¬ p          premise
    3. {
        4. p        assume
        5. ⊥        ¬e 4 2
        6. q        ⊥e 5
    }
    7. {
        8. q        assume
    }
    9. q            ∨e 1 3 7
}

Considering the premise, p ∨ q, we analyze our two cases by starting OR elimination. The first case, where p holds true, is impossible, because it causes a contradiction. The ⊥e-rule lets us gracefully prove q in this “impossible case”. (You can read lines 4-6 as saying, “in the case when p might hold true, there is a contradiction, and in such an impossible situation, we can deduce whatever we like, so we deduce q to finish this impossible case”.)

The second case, that q holds true, is the only realistic case, and it immediately yields the conclusion. The proof finishes the two-case analysis with the ∨e rule.

Proof by contradiction

The proof by contraction rule, pbc, says that when assuming ¬ P leads to a contradiction for some proposition P, then we made a bad assumption and thus P must be true. It is very similar to the ¬ i rule, except pbc has us assuming ¬ P and eventually concluding P, while the ¬ i rule has us assuming P and eventually concluding ¬ P.

Here is a formalization of pbc:

        { ¬ P assume
          ... ⊥   }
pbc:   ---------------
             P

And here is an example that demonstrates the syntax of the rule:

¬ ¬ p ⊢ p
{
    1. ¬ ¬ p        premise
    2. {
        3. ¬ p      assume
        4. ⊥        ¬e 3 1
    }
    5. p            pbc 2
}

When we use the pbc rule as a justification for a claim P, we cite the line number of the subproof where we assumed ¬ P and ended in a contradiction.

Example 1

Suppose we want to prove the following sequent:

¬p ∧ ¬q |- ¬(p ∨ q)

We start by listing our premise, and extracting the two sides of the AND statement:

¬p ∧ ¬q ⊢ ¬(p ∨ q)
{
    1. ¬p ∧ ¬q          premise
    2. ¬p               ∧e1 1
    3. ¬q               ∧e2 1
    ...
}

Next, we see that our conclusion has the form NOT (something), so this tells us that we will need to introduce a NOT (using the ¬ i rule). In fact, ANY time we wish to prove a proposition of the form NOT (something), we will always use the ¬ i rule. (We will discuss proof strategies in detail in the next section.) Since we want to prove ¬ (p ∨ q), then we open a subproof where we assume p ∨ q. If we can end that subproof with a contradiction, then we can use ¬ i afterwards to conclude ¬(p ∨ q).

We know that we want this proof structure:

¬p ∧ ¬q ⊢ ¬(p ∨ q)
{
    1. ¬p ∧ ¬q          premise
    2. ¬p               ∧e1 1
    3. ¬q               ∧e2 1
    4. {
        5. p ∨ q        assume

        //want to reach a contradiction
    }
    //will use ¬ i to conclude ¬(p ∨ q)
}

We know we must reach a contradiction in our subproof. We see that we have claims ¬p, ¬q, and p ∨ q . Since at least one of p ∨ q is true, and since either one would yield a contradiction with one of ¬p or ¬q, then we start on OR elimination:

¬p ∧ ¬q ⊢ ¬(p ∨ q)
{
    1. ¬p ∧ ¬q          premise
    2. ¬p               ∧e1 1
    3. ¬q               ∧e2 1
    4. {
        5. p ∨ q        assume

        //OR elimination subproofs on p ∨ q
        6. {
            7. p        assume
            8. ⊥        ¬e 7 2
        }
        9. {
            10. q       assume
            11. ⊥       ¬e 10 3
        }

        //use ∨e rule to tie together subproofs

        //want to reach a contradiction
    }
    //will use ¬ i to conclude ¬(p ∨ q)
}

We see that both OR elimination subproofs ended with a contradiction (⊥). Just like any other use of ∨e, we restate that common conclusion after the two subproofs. We knew at least one of p or q were true, and both ended in a contradiction – so the contradiction holds no matter what:

¬p ∧ ¬q ⊢ ¬(p ∨ q)
{
    1. ¬p ∧ ¬q          premise
    2. ¬p               ∧e1 1
    3. ¬q               ∧e2 1
    4. {
        5. p ∨ q        assume

        //OR elimination subproofs on p ∨ q
        6. {
            7. p        assume
            8. ⊥        ¬e 7 2
        }
        9. {
            10. q       assume
            11. ⊥       ¬e 10 3
        }

        //use ∨e rule to tie together subproofs
        12. ⊥           ∨e 5 6 9

        //want to reach a contradiction
    }
    //will use ¬ i to conclude ¬(p ∨ q)
}

All that remains is the use the ¬ i rule to finish subproof 4, as that subproof ended with a contradiction:

¬p ∧ ¬q ⊢ ¬(p ∨ q)
{
    1. ¬p ∧ ¬q          premise
    2. ¬p               ∧e1 1
    3. ¬q               ∧e2 1
    4. {
        5. p ∨ q        assume

        //OR elimination subproofs on p ∨ q
        6. {
            7. p        assume
            8. ⊥        ¬e 7 2
        }
        9. {
            10. q       assume
            11. ⊥       ¬e 10 3
        }

        //use ∨e rule to tie together subproofs
        12. ⊥           ∨e 5 6 9

        //want to reach a contradiction
    }
    //will use ¬ i to conclude ¬(p ∨ q)

    13. ¬(p ∨ q)        ¬ i 4
}

Example 2

When doing propositional logic translations, we learned that p → q is equivalent to its contrapositive, ¬q → ¬p. We will prove one direction of this equivalence (to show two statements are provably equivalent, which we will see in section 4.8, we would need to prove both directions):

p → q ⊢ ¬q → ¬p

We notice that the top-level operator of our conclusion is an IMPLIES operator, so we know that we need to introduce an implies operator. We saw in the previous section that the blueprint for introducing an implies operator is with a subproof: assume the left side of the goal implies statement, and try to reach the right side of the goal implies statement by the end of the subproof.

We have this proof structure:

p → q ⊢ ¬q → ¬p
{
    1. p → q                premise
    2. {
        3. ¬q               assume

        //goal: reach ¬p
    }
    //use →i to conclude ¬q → ¬p
}

We see that our goal in the subproof is the show ¬p – if we could do that, then we could tie together that subproof with the →i rule. Since our intermediate goal is to prove NOT (something), then we use our strategy for not introduction as an inner subproof. We finish the proof as shown:

p → q ⊢ ¬q → ¬p
{
    1. p → q                premise
    2. {
        3. ¬q               assume

        //use ¬i strategy to prove ¬p
        4. {
            5. p            assume
            6. q            →e 1 5
            7. ⊥            ¬e 6 3
        }
        8. ¬p               ¬i 4

        //goal: reach ¬p
    }
    //use →i to conclude ¬q → ¬p

    9. ¬q → ¬p              →i 2
}

Example 3

Suppose we want to prove the sequent:

¬(¬p ∨ ¬q) ⊢ p ∧ q

We see that there is nothing to extract from our premise, and that the top-level operator of the conclusion (p ∧ q) is an AND. We see that we will need to introduce an AND statement – but the only way we can create p ∧ q is to separately prove both p and q.

It is not immediately clear how to prove either p or q. We will discuss proof strategies in more detail in the next section, but pbc is a good fallback option if you don’t have a clear path for how to prove something and some of the claims in the proof involve negation. Since we wish to prove p, then will will assume ¬p in a subproof. If we can reach a contradiction, then we can use pbc to conclude p:

¬(¬p ∨ ¬q) ⊢ p ∧ q
{
    1. ¬(¬p ∨ ¬q)           premise
    2. {
        3. ¬p               assume

        //goal: contradiction
    }
    //use pbc to conclude p

    //similarly prove q

    //use ∧i to conclude p ∧ q
}

In subproof 2, we know we need to end with a contradiction. The only propositions we have to work with are ¬(¬p ∨ ¬q) and ¬p. But if we use ∨i1 with ¬p, then we could have ¬p ∨ ¬q – and then we could claim a contradiction ¬ We complete the proof as shown (using the same strategy to prove q):

¬(¬p ∨ ¬q) ⊢ p ∧ q
{
    1. ¬(¬p ∨ ¬q)           premise
    2. {
        3. ¬p               assume
        4. ¬p ∨ ¬q          ∨i1 3

        //goal: contradiction
        5. ⊥                ¬e 4 1
    }
    //use pbc to conclude p

    6. p                    pbc 2

    //similarly prove q
    7. {
        8. ¬q               assume
        9. ¬p ∨ ¬q          ∨i2 8
        10. ⊥               ¬e 9 1
    }
    11. q                   pbc 7

    //use ∧i to conclude p ∧ q
    12. p ∧ q               ∧i 6 11
}

Law of the excluded middle

The law of the excluded middle (LEM) is famous consequence of pbc: from no starting premises at all, we can prove p ∨ ¬ p for any proposition we can imagine:

⊢ p ∨ ¬ p
{
    1. {
        2. ¬ (p ∨ ¬ p)      assume
        3. {
            4. p            assume
            5. p ∨ ¬ p      ∨i1 4
            6. ⊥            ¬e 5 2
        }
        7.  ¬ p             ¬i 3
        8.  p ∨ ¬ p         ∨i2 7
        9.  ⊥               ¬e 8 2
    }
    10. p ∨ ¬ p             pbc 1
}

In other proofs involving negation and no clear path forward, it is sometimes useful to first derive LEM (this is possible since no premises are needed). If we have the claim p ∨ ¬ p in a proof, then we can use OR elimination where we separately assume p and then ¬ p to try to reach the same conclusion. Here is one such example:

p → q ⊢ ¬ p ∨ q
{
    1. p → q                premise

    2. {                             // start of previous p ∨ ¬ p proof
        3. ¬ (p ∨ ¬ p)      assume
        4. {
            5. p            assume
            6. p ∨ ¬ p      ∨i1 5
            7. ⊥            ¬e 6 3
        }
        8.  ¬ p             ¬i 4
        9.  p ∨ ¬ p         ∨i2 8
        10. ⊥               ¬e 9 3
    }
    11. p ∨ ¬ p             pbc 2    // conclusion of p ∨ ¬ p proof

    12. {
        13. p               assume
        14. q               →e 1 13
        15. ¬ p ∨ q         ∨i2 14
    }
    16. {
        17. ¬ p             assume
        18. ¬ p ∨ q         ∨i1 17
    }
    19. ¬ p ∨ q             ∨e 11 12 16
 }

Summary and Strategies

When examining more complex propositional logic sequents, it can be challenging to know where to start. In this section, we summarize all available rules in propositional logic, and discuss stratgies for approaching proofs.

AND rules

Rule summaries:

        P   Q               P ∧ Q                  P ∧ Q  
∧i :  ---------     ∧e1 : ----------      ∧e2 : ---------- 
        P ∧ Q                 P                      Q

Rule syntax summaries:

{ 
    ...
    x. p		    (...)
    y. q			(...)
    z. p ∧ q        ∧i x y
    ...
}

{ 
    ...
    x. p ∧ q	    (...)
    y. p            ∧e1 x
    z. q            ∧e2 x
    ...
}

OR rules

Rule summaries:

                                                           { P assume     { Q assume
          P                   Q                  P ∨ Q       ... R   }      ... R   }
∨i1 : ---------     ∨i2 : ----------      ∨e : --------------------------------------- 
        P ∨ Q               P ∨ Q                                R

Rule syntax summaries:

{ 
    ...
    x. p		    (...)
    y. p ∨ q        ∨i1 x
    ...
}

{ 
    ...
    x. q		    (...)
    y. p ∨ q        ∨i2 x
    ...
}

{
    ...
    a. p ∨ q        (...)
    b. {
        c. p        assume
        ...
        d. r        (...)
    }
    f. {
        g. q        assume
        ...
        h. r        (...)
    }
    i. r            ∨e a b f
    ...
}

Implies rules

Rule summaries:

                           { P assume 
      P → Q    P             ... Q   }
 →e : -----------     →i : ------------    
           Q                  P → Q   

Rule syntax summaries:

{ 
    ...
    x. p → q	        (...)
    y. p                (...)
    z. q                →e x y
}

{ 
    ...
    a. {
        b. p            assume
        ///
        c. q            (...)
    }
    d. p → q            →i a
}

Negation rules

Rule summaries:

                           { P assume                             { ¬ P assume
        P   ¬ P             ... ⊥   }             ⊥e                ... ⊥     }
 ¬ e : ----------    ¬ i : -----------    ⊥e : --------     pbc:  --------------
           ⊥                   ¬ P                 Q                    P

Rule syntax summaries:

{
    x. p            (...)
    y. ¬ p          (...)
    z. ⊥            ¬ e x y 
}

{
    a. {
        b. p        assume
        ...
        c. ⊥        (...)
    }
    d. ¬ p          ¬ i a
}

{
    x. ⊥            (...)
    z. q            ⊥e x
}

{
    a. {
        b. ¬ p      assume
        ...
        c. ⊥        (...)
    }
    d. p            pbc a
}

Strategies

1. Write down all premises first. Can you extract anything from the premises?
   • If you have p∧q, use ∧e1 to extract p by itself and then ∧e2 to extract q by itself.
   • If you have p→q and p, use →e to get q.
   • If you have p and ¬p, use ¬e to claim a contradiction, ⊥.
2. Look at the top-level operator of what you are trying to prove.

   • Are you trying to prove something of the form p→q?

     • Use →i. Open a subproof, assume p, and get to q by the end of the subproof. After the subproof, use →i to conclude p→q.

   • Are you trying to prove something of the form ¬p?

     • Use ¬i. Open a subproof, assume p, and get a contradiction, ⊥, by the end of the subproof. After the subproof, use ¬i to conclude ¬p.

   • Are you trying to prove something of the form p ∧ q?

     • Try to prove p by itself and then q by itself. Afterward, use ∧i to conclude p ∧ q.

   • Are you trying to prove something of the form p ∨ q?

     • See if you have either p or q by itself – if you do, use either ∨i1 or ∨i2 to conclude p ∨ q.
3. You’ll need to nest the approaches from step 2. Once you are in a subproof, think about what you are trying to prove by the end of that subproof. Follow the strategy in step 2 to prove your current goal, nesting subproofs as needed. As you work, stop and scan the propositions that you have available. See if you can extract anything from them as you did for the premises in step 1.
4. No match, or still stuck?
   • Do you have an OR statement available? Try using OR elimination to prove your goal conclusion.
   • Do your propositions have NOT operators, but don’t fit the form for using ¬i? Try using pbc. If you are trying to prove something of the form p, open a subproof, assume ¬p, and try to reach a contradiction by the end of the subproof. Afterward, use pbc to conclude p.
   • As a last resort, try pasting in the proof for the law of the excluded middle (see section 4.5). Then use OR elimination on p ∨ ¬p.

Proofs can be quite challenging. You might follow one approach, get stuck, and not be able to make progress. If this happens, backtrack and follow a different approach. If you are using Logika to verify your work, make sure it does not mark any lines in the proof in red – this means that you’ve made an invalid conclusion along the way, or that your justification for a particular line doesn’t follow the expected format. Try to fix these errors before continuing on with the proof.

Theorems

Definition

A theorem in propositional logic is something that is always true with no need for premises. The truth table for a theorem is always a tautology – it is true for any truth assignment.

To express a theorem as a sequent, we write:

⊢ (theorem)

This shows that we are trying to prove our theorem with NO premises. Such a proof will always immediately begin with a subproof, as there are no premises to process.

Law of the excluded middle, revisited

For example, the law of the excluded middle (LEM), p ∨ ¬p, is a theorem. We proved in section 4.5 that p ∨ ¬p is always true with no premises:

⊢ p ∨ ¬ p
{
    1. {
        2. ¬ (p ∨ ¬ p)      assume
        3. {
            4. p            assume
            5. p ∨ ¬ p      ∨i1 4
            6. ⊥            ¬e 5 2
        }
        7.  ¬ p             ¬i 3
        8.  p ∨ ¬ p         ∨i2 7
        9.  ⊥               ¬e 8 2
    }
    10. p ∨ ¬ p             pbc 1
}

We also see that the truth table for LEM is a tautology:

      *
-------------
p | p ∨ ¬ p
-------------
T |   T F
F |   T T
-------------
Tautology

Another example

Suppose we wish to prove the following theorem of propositional logic:

(p → q) → ((¬p → q) → q)

We would need to prove the sequent:

⊢ (p → q) → ((¬p → q) → q)

We see that the top-level operator of what we are trying to prove is an implies operator. So, we begin our proof using the strategy for implies introduction:

⊢ (p → q) → ((¬p → q) → q)
{
    1. {
        2. p → q                assume

        //goal: reach (¬p → q) → q
    }
    //use →i to conclude (p → q) → ((¬p → q) → q)
}

Inside subproof 1, we are trying to prove (¬p → q) → q. The top-level operator of that statement is an implies, so we nest another subproof with the goal of using implies introduction:

⊢ (p → q) → ((¬p → q) → q)
{
    1. {
        2. p → q                assume

        3. {
            4. ¬p → q           assume

            //goal: reach q
        }

        //use →i to conclude (¬p → q) → q

        //goal: reach (¬p → q) → q
    }
    //use →i to conclude (p → q) → ((¬p → q) → q)
}

Now we must prove q in subproof 3. We have available propositions p → q and ¬p → q – we can see that if we had LEM (p ∨ ¬p) available, then we could use OR elimination to get our q in both cases. We insert the LEM proof into subproof 3:

⊢ (p → q) → ((¬p → q) → q)
{
    1. {
        2. p → q                        assume

        3. {
            4. ¬p → q                   assume

            //Begin LEM proof, p ∨ ¬p
            5. {
                6. ¬ (p ∨ ¬ p)          assume
                7. {
                    8. p                assume
                    9. p ∨ ¬ p          ∨i1 8
                    10. ⊥               ¬e 9 6
                }
                11.  ¬ p                ¬i 7
                12.  p ∨ ¬ p            ∨i2 11
                13.  ⊥                  ¬e 12 6
            }
            14. p ∨ ¬ p                 pbc 5

            //End LEM proof for p ∨ ¬p

            //use OR elimination on p ∨ ¬p 

            //goal: reach q
        }

        //use →i to conclude (¬p → q) → q

        //goal: reach (¬p → q) → q
    }
    //use →i to conclude (p → q) → ((¬p → q) → q)
}

Finally, we do OR elimination with p ∨ ¬p and tie together the rest of the proof:

⊢ (p → q) → ((¬p → q) → q)
{
    1. {
        2. p → q                        assume

        3. {
            4. ¬p → q                   assume

            //Begin LEM proof, p ∨ ¬p
            5. {
                6. ¬ (p ∨ ¬ p)          assume
                7. {
                    8. p                assume
                    9. p ∨ ¬ p          ∨i1 8
                    10. ⊥               ¬e 9 6
                }
                11.  ¬ p                ¬i 7
                12.  p ∨ ¬ p            ∨i2 11
                13.  ⊥                  ¬e 12 6
            }
            14. p ∨ ¬ p                 pbc 5

            //End LEM proof for p ∨ ¬p

            //use OR elimination on p ∨ ¬p, try to reach q
            15. {
                16. p               assume
                17. q               →e 2 16
            }
            18. {
                19. ¬ p             assume
                20. q               →e 4 19
            }
            21. q                   ∨e 14 15 18

            //goal: reach q
        }

        //use →i to conclude (¬p → q) → q
        22. (¬p → q) → q            →i 3

        //goal: reach (¬p → q) → q
    }
    //use →i to conclude (p → q) → ((¬p → q) → q)

    23. (p → q) → ((¬p → q) → q)    →i 1
}

If we complete a truth table for (p → q) → ((¬p → q) → q), we also see that it is a tautology:

              *
-------------------------------
p q | (p → q) → ((¬p → q) → q)
-------------------------------
T T |    T    T   F  T    T
T F |    F    T   F  T    F
F T |    T    T   T  T    T
F F |    T    T   T  F    T
------------------------------
Tautology

Equivalence

In this section, we will revisit the notion of equivalence. In chapter 2, we saw how we could use truth tables to show that two logical formulae are equivalent. Here, we will see that we can also show they are equivalent using our natural deduction proof rules.

Semantic equivalence

We saw in section 2.4 that two (or more) logical statements S1 and S2 were said to be semantically equivalent if and only if:

S1 ⊨ S2

and

S2 ⊨ S1

As a reminder, the S1 ⊨ S2 means S1 semantically entails S2, which means that every truth assignment that satisfies S1 also satisfies S2.

Semantic equivalence between S1 and S2 means that each proposition semantically entails the other – that S1 and S2 have the same truth value for every truth assignment; i.e., their truth tables evaluate exactly the same.

Showing semantic equivalence with two truth tables

For example, if we wished to show that the propositions p → ¬ q and ¬ (p ∧ q) were semantically equivalent, then we could create truth tables for each proposition:

        *
--------------
p q | p → ¬ q
--------------
T T |  F  F
T F |  T  T
F T |  T  F
F F |  T  T
--------------
Contingent

- T: [T F] [F T] [F F]
- F: [T T]

      *
----------------
p q | ¬ (p ∧ q)
----------------
T T | F    T
T F | T    F
F T | T    F
F F | T    F
----------------
Contingent

- T: [T F] [F T] [F F]
- F: [T T]

We see that the same set of truth assignments, [T F] [F T] [F F], satisfies both p → ¬ q and ¬ (p ∧ q).

Showing semantic equivalence with one truth table

To show that propositions S1 and S2 are semantically equivalent, we need to show that if S1 is true, then so is S2, and that if S2 is true, then so is S1. Instead of comparing the truth tables of both S1 and S2, we could instead express our requirements as a bi-implication: S1 ↔ S2. To express a bi-implication operator, we can use a conjunction of two implications: (S1 → S2) ∧ (S2 → S1). If this conjunction is a tautology, then we know that if one proposition is true, then the other one is too – that S1 and S2 are semantically equivalent.

Below, we show that p → ¬ q and ¬ (p ∧ q) are semantically equivalent using one truth table:

                              *
-------------------------------------------------------
p q | ((p → ¬ q) → ¬ (p ∧ q)) ∧ (¬ (p ∧ q) → (p → ¬ q))
-------------------------------------------------------
T T |     F F    T F    T     T  F    T    T    F F 
T F |     T T    T T    F     T  T    F    T    T T
F T |     T F    T T    F     T  T    F    T    T F
F F |     T T    T T    F     T  T    F    T    T T
-------------------------------------------------------
Tautology

Provable equivalence

Two propositional logic statements S1 and S2 are provably equivalent if and only if we can prove both of the following sequents:

S1 ⊢ S2

and

S2 ⊢ S1

We can also write:

S2 ⟛ S1

For example, suppose we wish to show that the propositions p → ¬ q and ¬ (p ∧ q) are provably equivalent. We must prove the following sequents:

p → ¬ q ⊢ ¬ (p ∧ q)

and

¬ (p ∧ q) ⊢ p → ¬ q

We complete both proofs below:

p → ¬ q ⊢ ¬ (p ∧ q)
{
    1. p → ¬ q              premise
    2. {
        3. p ∧ q            assume
        4. p                ∧e1 3
        5. q                ∧e2 3
        6. ¬ q              →e 1 4
        7. ⊥                ¬ e 5 6  
    }
    8. ¬ (p ∧ q)            ¬ i 2
}

¬ (p ∧ q) ⊢ p → ¬ q
{
    1. ¬ (p ∧ q)            premise
    2. {
        3. p                assume
        4. {
            5. q            assume
            6. p ∧ q        ∧i 3 5
            7. ⊥            ¬ e 6 1
        }
        8. ¬ q              ¬ i 4
    }
    9. p → ¬ q              →i 2
}

Soundness and Completeness

Section 4.8 showed us that we can prove two statements are semantically equivalent with truth tables and provably equivalent with deduction proofs. Does it matter which approach we use? Will there ever be a time when two statements are semantically equivalent but not provably equivalent, or vice versa? Will there ever be a time when a set of premises semantically entails a conclusion, but that the premises do not prove (using our deduction proofs) the conclusion, or vice versa?

These questions lead us to the notions of soundness and completeness. Formal treatment of both concepts is beyond the scope of this course, but we will introduce both definitions and a rough idea of the proofs of soundness and completeness in propositional logic.

Soundness

A proof system is sound if everything that is provable is actually true. Propositional logic is sound if when we use deduction rules to prove that P1, P2, ..., Pn ⊢ C (that a set of premises proves a conclusion) then we can also use a truth table to show that P1, P2, ..., Pn ⊨ C (that a set of premises semantically entails a conclusion).

Propositional logic is, in fact, sound.

To get an idea of the proof, consider the ∧e1 deduction rule. It allows us to directly prove:

P ∧ Q ⊢ P

I.e., if we have P ∧ Q as a premise or as a claim in part of a proof, then we can use ∧e1 to conclude P. We must also show that:

P ∧ Q ⊨ P

I.e., that any time P ∧ Q is true in a truth table, then P is also true. And of course, we can examine the truth table for P ∧ Q, and see that it is only true in the cases that P is also true.

Consider the ∧i deduction rule next. It allows us to directly prove:

P, Q ⊢ P ∧ Q

I.e., if we have both P and Q as premises or claims in part of a proof, then we can use ∧i to conclude P ∧ Q. We must also show that:

P, Q ⊨ P ∧ Q

I.e., that any time both P and Q are true in a truth table, then P ∧ Q is also true. And of course, we can examine the truth table for P ∧ Q and see that whenever P and Q are true, then P ∧ Q is also true.

To complete the soundness proof, we would need to examine the rest of our deduction rules in a similar process. We would then use an approach called mathematical induction (which we will see for other applications in Chapter 7) to extend the idea to a proof that applies multiple deduction rules in a row.

Completeness

A proof system is complete if everything that is true can be proved. Propositional logic is complete if when we can use a truth table to show that P1, P2, ..., Pn ⊨ C, then we can also use deduction rules to prove that P1, P2, ..., Pn ⊢ C.

Propositional logic is also complete.

We assume that P1, P2, ..., Pn ⊨ C, and we consider the truth table for (P1 ∧ P2 ∧ ... ∧ Pn) → C (since that will be a tautology whenever P1, P2, ..., Pn ⊨ C). In order to show propositional logic is complete, we must show that we can use our deduction rules to prove P1, P2, ..., Pn ⊢ C.

The idea is to use LEM for each propositional atom A to obtain A ∨ ¬A (corresponding to the truth assignments in the (P1 ∧ P2 ∧ ... ∧ Pn) → C truth table). We then use OR elimination on each combination of truth assignments, with separate cases for each logical operator being used.

Motivation

In this chapter, we will learn to further decompose statements in terms of their verbs (called predicates) and their nouns (called individuals). This leads to predicate logic (also called first-order logic).

As a motivation of why we want more expressive power, suppose we wanted to translate the following statements to propositional logic:

All humans are mortal.
Socrates is a human.
Socrates is mortal.

Unfortunately, each statement would be a propositional atom:

p: All humans are mortal.
q: Socrates is a human.
r: Socrates is mortal.

But what if we wanted to prove that given the premises: “All humans are mortal” and “Socrates is a human”, that the conclusion “Socrates is mortal” naturally followed? This logical argument makes sense – Socrates is a human, and all such individuals are supposed to be mortal, so it should follow that Socrates is mortal. If we tried to write such a proof in propositional logic, though, we would have the sequent:

p, q ⊢ r

…and we clearly don’t have enough information to complete this proof.

We need a richer language, which we will get with predicate logic.

Syntax

In this section, we will examine the syntax for translating English sentences to predicate logic. We will still create propositions (statements that are either true or false) using logical connectives (∧, ∨, →, and ¬), but now we will identify the following from our English sentences

predicates: these will be the verbs in the sentences
individuals: these will be the nouns in the sentences
quantifiers: these will help us specify if we mean all individuals or at least one individual

Domains

Predicate logic involves expressing truth about a set of individuals. But the same statement might be true for one group of individuals, but false for others. Thus, we first need to consider which set of individuals we are discussing – called the domain.

A domain might be the set of all humans, the set of all animals, the set of all college classes, etc.

Individuals

An individual is an element within a specified domain. For example, if our domain is the set of all people, then Bob might be a particular individual. If our domain is the set of all college classes, then CIS301 might be a particular individual.

Predicates

A predicate is a function that returns a boolean. It can have one or many parameters, each of which are individuals in a particular domain. A predicate will describe a characteristic of an individual or a comparison between multiple individuals.

For example, suppose our domain is the set of people. Suppose Alice, Bob, and Carla are individuals in our domain. Alice is Bob’s mother, and Carla is an unrelated individual. Carla is 5'10 and 20 years old, Alice is 5'5 and 35 years old, and Bob is 4'10 and 10 years old.

Suppose we have the predicates:

• isAdult(person) - returns whether person is an adult
• isMotherOf(person1, person2) - returns whether person1 is the mother of person2
• isTallerThan(person1, person2) - returns whether person1 is taller than person2

Using our individuals above, we would have that:

• isAdult(Alice) is true, since Alice is 35 years old
• isAdult(Bob) is false, since Bob is 10 years old
• isMotherOf(Alice, Bob) is true, since Alice is Bob’s mother
• isMotherOf(Carla, Bob) is false, since Carla is not Bob’s mother
• isTallerThan(Carla, Alice) is true, since Carla is 5'10 and Alice is 5'5.

Quantifiers

We will introduce two quantifiers in predicate logic, which help us make claims about a domain of individuals.

Universal quantifier

The ∀ quantifier, called the universal quantifier and read as for all, lets us write propositions that pertain to ALL individuals in a domain.

∀ n P(n) means: for every individual n (in some domain), P(n) is true. Here, n is a variable that stands for a particular individual in the domain. You can think of it like a foreach loop in C#:

foreach(type n in domain)
{
    //P(n) is true every time
}

where n is initially the first individual in the domain, then n is the second individual in the domain, etc.

Existential quantifier

The ∃ quantifier, called the existential quantifier and read as there exists, lets us write propositions that pertain to AT LEAST ONE individual in a domain.

∃ n P(n) means: there exists at least one individual n (in some domain) where P(n) is true. You can again think of it as a foreach loop:

foreach(type n in domain)
{
    //we can find at least one time where P(n) is true
}

Universal quantifier example

For example, suppose our domain is all candy bars, and that we have the predicate isSweet(bar), which returns whether bar is sweet. We might write:

∀ x isSweet(x)

Which we would read as: for all candy bars x, x is sweet, or, more compactly, as: all candy bars are sweet.

Existential quantifier example

If instead we wrote:

∃ x isSweet(x)

We would read it as: there exists at least one candy bar x where x is sweet, or, more compactly, as there exists at least one sweet candy bar.

Early examples

Suppose our domain is animals, and that we have the following two predicates:

• isDog(x): whether animal x is a dog
• hasFourLegs(x): whether animal x has four legs

Let’s consider what several predicate logic statements would mean in words:

• ∀ x isDog(x) - translates to: All animals are dogs. This means that EVERY SINGLE ANIMAL in my domain is a dog (which is probably unlikely).
• ∃ x hasFourLegs(x) - translates to: There exists at least one animal that has four legs.

Next, consider the following proposition:

∀ x (isDog(x) ∧ hasFourLegs(x))

This translates to: All animals are dogs and have four legs. This means that EVERY SINGLE ANIMAL in my domain is a dog and also has four legs. While it is possible that this is true depending on our domain, it is unlikely. What if our domain of animals included cats, chickens, etc.?

Perhaps instead we intended to say: All dogs have four legs. Another way to phrase this is, “For all animals, IF that animal is a dog, THEN it has four legs.” We can see from the IF…THEN that we will need to use an implies statement. Here is the correct translation for All dogs have four legs:

∀ x (isDog(x) → hasFourLegs(x))

We will usually want to use the → operator instead of the ∧ operator when making a claim about ALL individuals.

Finally, consider this proposition:

∃ x (isDog(x) → hasFourLegs(x))

This translates to: There exists an animal x, and if that animal is a dog, then it has four legs. Recall that an implies statement p→q is true whenever p and q are both true AND whenever p is false. So this claim is true in two cases:

• If our domain includes a dog that has four legs
• If our domain includes an animal that is not a dog

We likely only meant to include the first case. In that case, we would want to say, There exists a dog that has four legs – here is that translation:

∃ x (isDog(x) ∧ hasFourLegs(x))

We will usually want to use the ∧ operator instead of the → operator when writing a proposition about one/some individuals.

Predicates from math

All of our examples in this section involved predicates over domains like people, animals, or living things. A different domain that we are used to working with is some set of numbers: the integers, the positive numbers, the rational numbers, etc.

Perhaps our domain is the set of all integers. Then > is a predicate with two parameters – x > y is defined as whether x is bigger than y, for two integers x and y. We might write:

∀ x (x + 1 > x)

Because for all integers, x + 1 is bigger than x. We might also write:

∃ x (x > x * x * x)

Because -4 > -4 * -4 * -4, i.e., -4 > -64. The same is true for any negative number.

Other common predicates in math are: <, <=, >=, ==, and !=.

Quantifier symbols

The official symbol for the universal quantifier (“for all”) is an upside-down A, like this: ∀. You are welcome to substitute either a capital A, or with the word all or forall. This will be especially handy when we reach Chapter 6 on writing proofs in predicate logic.

The official symbol for the existential quantifier (“there exists”) is a backwards E, like this: ∃. You are welcome to substitute either a capital E, or with the word some or exists.

Single Quantifier

In this section, we will see how to translate simpler statements between English to predicate logic. These translations will involve a single quantifier.

Example: Predicate logic to English

Suppose our domain is animals and that we have the following two predicates:

• isMouse(x): whether animal x is a mouse
• inHouse(x): whether animal x is in the house

Suppose we also have that Squeaky is an individual in our domain.

We will practice translating from predicate logic to English. Think about what the following propositions mean, and click to reveal each answer:

• isMouse(Squeaky) ∧ ¬inHouse(Squeaky)

  • Click here for solution

    --> "Squeaky is a mouse, and Squeaky is not in the house."
    
    

• ∃ x isMouse(x)

  • Click here for solution

    --> "There is a mouse".
    
    

• ¬(∃ x isMouse(x))

  • Click here for solution

    --> "There is not a mouse."
    
    

• ∃ x ¬isMouse(x)

  • Click here for solution

    --> "There is an animal that is not a mouse".
    
    

• ∀ x isMouse(x)

  • Click here for solution

    --> "All animals are mice."
    
    

• ¬(∀ x isMouse(x))

  • Click here for solution

    --> "Not all animals are mice."
    
    

• ∀ x ¬isMouse(x)

  • Click here for solution

    --> "All animals are not mice."
    
    

• ∀ x (isMouse(x) → inHouse(x))

  • Click here for solution

    --> "All mice are in the house."
    
    

• ∀ x (isMouse(x) ∧ inHouse(x))

  • Click here for solution

    --> "Every animal is a mouse and is in the house." (We usually don't want ∧ with ∀.)
    
    

• ¬(∀ x (isMouse(x) → inHouse(x)))

  • Click here for solution

    --> "Not all mice are in the house."
    
    

• ∀ x (inHouse(x) → isMouse(x))

  • Click here for solution

    --> "Everything in the house is a mouse."
    
    

• ¬(∀ x (inHouse(x) → isMouse(x)))

  • Click here for solution

    --> "Not everything in the house is a mouse."
    
    

• ∃ x (isMouse(x) ∧ inHouse(x))

  • Click here for solution

    --> "There is a mouse in the house."
    
    

• ∃ x (isMouse(x) → inHouse(x))

  • Click here for solution

    --> "There exists an animal, and if that animal is a mouse, then it is in the house." Recall that this statement will be true if there is an animal that is NOT a mouse (since the → would be vacuously true) as well as being true if there is a mouse in the house.
    
    

• ¬(∃ x (isMouse(x) ∧ inHouse(x)))

  • Click here for solution

    --> "There is not a mouse in the house."
    
    

Translation guide

When translating from English to predicate logic, you can look for particular wording in your sentences to see how to choose a quantifier and/or negation placement. We will also see that certain phrases can be translated multiple (equivalent) ways.

• Every/all/each/any is translated as: ∀ x ...

• Some/at least one/there exists/there is is translated as: ∃ x ...

• None/no/there does not exist can be translated as either ¬(∃ x ...) or ∀ x ¬(...)

• Not every/not all can be translated as either ¬(∀ x ...) or ∃ x ¬(...)

• Some P-ish thing is a Q-ish thing is translated as: ∃ x (P(x) ∧ Q(x))

• All P-ish things are Q-ish things is translated as: ∀ x (P(x) → Q(x))

• No P-ish thing is a Q-ish thing can be translated as either ¬(∃ x (P(x) ∧ Q(x))) or ∀ x (P(x) → ¬Q(x))

• Not all P-ish things are Q-ish things can be translated as either ¬(∀ x (P(x) → Q(x))) or ∃ x (P(x) ∧ ¬Q(x))

DeMorgan’s laws for quantifiers

In the translation guide above, we saw that we could often translate the same statement two different ways – one way using an existential quantifier and one way using a universal quantifier. These equivalencies are another iteration of DeMorgan’s laws, this time applied to predicate logic.

Suppose we have some domain, and that P(x) is a predicate for individuals in that domain. DeMorgan’s laws give us the following equivalencies:

• ¬(∃ x P(x)) is equivalent to ∀ x ¬P(x)
• ¬(∀ x P(x)) is equivalent to ∃ x ¬P(x)

In Chapter 6, we will learn to prove that these translations are indeed equivalent.

Example: English to predicate logic

Suppose our domain is people and that we have the following two predicates:

• K(x): whether person x is a kid
• M(x): whether person x likes marshmallows

We will practice translating from English to predicate logic. Think about what the following sentences mean, and click to reveal each answer:

• No kids like marshmallows.
  • Click here for solution

    ¬(∃ x (K(x) ∧ M(x)), or equivalently, ∀ x (K(x) → ¬M(x))

    
    
• Not all kids like marshmallows.
  • Click here for solution

    ¬(∀ x (K(x) → M(x)), or equivalently, ∃ x (K(x) ∧ ¬M(x))

    
    
• Everyone who likes marshmallows is a kid.
  • Click here for solution

    ∀ x (M(x) → K(x))

    
    
• Some people who like marshmallows are not kids.
  • Click here for solution

    ∃ x (M(x) ∧ ¬K(x))

    
    
• Some kids don’t like marshmallows.
  • Click here for solution

    ∃ x (K(x) ∧ ¬M(x))

    
    
• Anyone who doesn’t like marshmallows is not a kid.
  • Click here for solution

    ∀ x (¬M(x) → ¬K(x))

    
    

Evaluating predicate logic statements on a toy domain

Suppose we have the following toy domain of people with the following characteristics:

• Bob, age 10, lives in Kansas, has siblings, has brown hair
• Jane, age 25, lives in Delaware, has no siblings, has blonde hair
• Alice, age 66, lives in Kansas, has siblings, has gray hair
• Joe, age 50, lives in Nebraska, has siblings, has black hair

Now suppose that we have the following predicates for individuals in our domain:

• Ad(x): whether person x is an adult (adults are age 18 and older)
• KS(x): whether person x lives in Kansas
• Sib(x): whether person x has siblings
• Red(x): whether person x has red hair

We will practice evaluating predicate logic statements on our domain of people. Think about whether the following propositions would be true or false over our domain, and then click to reveal each answer:

• ∀ x Ad(x)

  • Click here for solution

    This proposition translates as, "All people are adults". This is false for our domain, as we have one person (Bob) who is not an adult.
    
    

• ∀ x ¬Ad(x)

  • Click here for solution

    This proposition translates as, "All people are not adults". This is false for our domain, as we have three people (Jane, Alice, and Joe) are are adults.
    
    

• ¬(∀ x Ad(x))

  • Click here for solution

    This proposition translates as, "Not all people are adults". This is true for our domain, as we can find a person (Bob) who is not an adult.
    
    

• ∀ x (KS(x) → Sib(x))

  • Click here for solution

    This proposition translates as, "Everyone who lives in Kansas has siblings". This is true for our domain, as we have two people who live in Kansas (Bob and Alice), and both of them have siblings.
    
    

• ∃ x (¬KS(x) ∧ Sib(x))

  • Click here for solution

    This proposition translates as, "There is a person who doesn't live in Kansas and has siblings". This is true for our domain, as Joe lives in Nebraska and has siblings.
    
    

• ¬(∃ x (KS(x) ∧ ¬Ad(x))

  • Click here for solution

    This proposition translates as, "There does not exist a person who lives in Kansas and is not an adult". This is false for our domain, as Bob lives in Kansas and is not an adult.
    

• ¬(∃ x (Sib(x) ∧ Red(x))

  • Click here for solution

    This proposition translates as, "There does not exist a person with siblings who has red hair". This is true for our domain, as no one with siblings (Bob, Alice, or Joe) has red hair.
    

• ∀ x (Red(x) → Sib(x))

  • Click here for solution

    This proposition translates as, "All people with red hair have siblings". This is true for our domain, as no one has red hair. This means that the implies statement is vacuously true for every person (since `Red(x)` is false for each person), which makes the overall proposition true.
    

• ∀ x (KS(x) ∨ Sib(x))

  • Click here for solution

    This proposition translates as, "Everyone lives in Kansas and/or has siblings". This is false for our domain -- there is one person, Jane, who doesn't live in Kansas and also doesn't have siblings.
    

Multiple Quantifiers

Translations that involve more than one quantifier (which often happens when some of the predicates have more than one parameter) are more challenging. We will divide these translations into two categories:

• Translations that involve several of the same quantifier (multiple universal quantifiers or multiple existential quantifiers)
• Translations that mix quantifiers

In many of the sections, we will using the predicates below (which are over the domain of shapes):

• isCircle(x) - whether shape x is a circle
• isSquare(x) - whether shape x is a square
• isRectangle(x) - whether shape x is a rectangle
• biggerThan(x, y) - whether shape x is bigger than shape y

Several of the same quantifier

First, we consider translations that involve several of the same quantifier. There are two ways we can translate such statements – either using prenex form (quantifiers out front) or Aristotelian form (quantifiers nested).

Prenex form

The prenex form of a predicate logic translation lists all the quantifiers at the beginning of the statement. This is only recommended when all the quantifiers are the same type – either all universal or all existential.

Prenex example 1

Suppose we wished to translate, Some circle is bigger than some square. Here, we are making three claims:

• There exists a shape that is a circle
• There exists a shape that is a square
• The shape that is a circle is bigger than the shape that is a square

With that in mind, we can see that we will use two existential quantifiers. We can translate the statement as follows:

∃ x ∃ y (isCircle(x) ∧ isSquare(y) ∧ biggerThan(x, y))

Which reads: There are two shapes, x and y, where x is a circle, y is a square, and x (which is a circle) is bigger than y (which is a square).

Equivalently, we could have written:

∃ x ∃ y (isCircle(y) ∧ isSquare(x) ∧ biggerThan(y, x))

Which reads: There are two shapes, x and y, where y is a circle, x is a square, and y (which is a circle) is bigger than x (which is a square).

Prenex example 2

Next, suppose we wished to translate: Every circle is bigger than all squares. Again, we are quantifying two things – ALL circles and also ALL squares. We can see that we will need to use two universal quantifiers. We can translate the statement as follows:

∀ x ∀ y ((isCircle(x) ∧ isSquare(y)) → biggerThan(x, y))

Which reads: For each combination (x, y) of shapes, if x is a circle and y is a square, then x (which is a circle) is bigger than y (which is a square).

Aristotelian form

The Aristotelian form of a predicate logic translation embeds the quantifiers within the translation. This format is possible for any kind of translation – whether the quantifiers are all the same type or mixed types.

Aristotelian form example 1

Suppose we wished to translate, Some circle is bigger than some square using Aristotelian form. We know that we will still need two existential quantifiers, but we will only introduce each quantifier just before the corresponding variable is needed in a predicate.

We can translate the statement using Aristotelian form as follows:

∃ x (isCircle(x) ∧ (∃ y (isSquare(y) ∧ biggerThan(x, y)))

Which reads as: There exists a shape x that is a circle and there exists a shape y that is a square, and x (which is a circle) is bigger than y (which is a square).

Aristotelian form example 2

Let’s repeat our translation for, Every circle is bigger than all rectangles using Aristotelian form. We know that we will still need two existential quantifiers, but we will only introduce each quantifier just before the corresponding variable is needed in a predicate.

We can translate the statement using Aristotelian form as follows:

∀ x (isCircle(x) → (∀ y (isSquare(y) → biggerThan(x, y))))

Which reads as: For every shape x, if x is a circle, then for every shape y, if y is s square, then x (which is a circle) is bigger than y (which is a square).

Mixed quantifiers

Now, we will turn to examples that mix universal and existential quantifiers. We will see below that quantifier order matters in this case, so it is safest to translate such statements using embedded quantifiers. The embedded form can be tricky to write, so we will see a way to systematically translate any statement that needs multiple quantifiers into predicate logic (using Aristotelian form).

Systematic translation

Suppose we wish to translate, Every circle is bigger than at least one square. We see that we are first making a claim about all circles. Without worrying about the rest of the statement, we know that for all circles, we are saying something. So we write:

For all circles, SOMETHING

Trying to formalize a bit more, we assign a variable to the current circle we are describing (x). For each circle x, we are saying something about that circle. So we express SOMETHING(x) as some claim about our current circle, and write:

For each circle x, SOMETHING(x)

We see that we will need a universal quantifier since we are talking about ALL circles, and we also follow the guide of using an implies statement to work with a for-all statement:

∀ x (isCircle(x) → SOMETHING(x))

Next, we describe what SOMETHING(x) means for a particular circle, x:

SOMETHING(x): x is bigger than at least one square

Trying to formalize a bit more about the square, we write:

SOMETHING(x): There exists a square y, and x is bigger than y

Now we can use an existential quantifier to describe our square, and plug in our isSquare and biggerThan predicates to have a translation for SOMETHING(x):

SOMETHING(x): ∃ y (isSquare(y) ∧ biggerThan(x, y))

Now, we can plug SOMETHING(x) into our first partial translation, ∀ x (isCircle(x) → SOMETHING(x)). The complete translation for Every circle is bigger than at least one square is:

∀ x (isCircle(x) → (∃ y (isSquare(y) ∧ biggerThan(x, y))))

Follow-up examples

In these examples, suppose our domain is animals and that we have the following predicates:

• El(x): whether animal x is an elephant
• Hi(x): whether animal x is a hippo
• W(x, y): whether animal x weighs more than animal y

Suppose we wish to translate: There is exactly one hippo. We might first try saying: ∃ x Hi(x). But this proposition would be true even if we had 100 hippos, so we need something more restricted. What we are really trying to say is:

• There exists a hippo
• AND, any other hippo is the same one

Let’s use our systematic approach, streamlining a few of the steps:

• There exists an animal x that is a hippo, and SOMETHING(x)
• ∃ x (Hi(x) ∧ SOMETHING(x))

To translate SOMETHING(x), the claim we are making about our hippo x:

• SOMETHING(x): any other hippo is the same as x
• SOMETHING(x): for each hippo y, x is the same as y
• SOMETHING(x): `∀ y (Hi(y) → (x == y))

Now we can put everything together to get a complete translation:

∃ x (Hi(x) ∧ (∀ y (Hi(y) → (x == y)))

Here are a few more translations from English to predicate logic. Think about what the following statements mean, and click to reveal each answer:

• Every elephant is heavier than some hippo.

  • Click here for solution

    ∀ x (El(x) -> (∃ y (Hi(y) ^ W(x, y))))

    
    

• There is an elephant that is heavier than all hippos.

  • Click here for solution

    ∃ x (El(x) ^ (∀ y (Hi(y) -> W(x, y))))

    
    

• No hippo is heavier than every elephant.

  • Click here for solution

    ¬(∃ x (Hi(x) ^ (∀ y (El(y) -> W(x, y)))))

    
    

Order matters!

We have learned that when dealing with mixed quantifiers, it is safest to embed them within the translation. If we put the mixed quantifiers out front of a translation, then we can accidentally include them in the wrong order and end up with an incorrect translation.

Suppose we have this predicate, over the domain of people:

likes(x, y): whether person x likes person y

Further suppose that liking a person is not necessarily symmetric: that just because person x likes person y does not mean that person y necessarily likes person x.

Consider these pairs of propositions:

∀ x ∀ y likes(x, y)     vs.     ∀ y ∀ x likes(x, y)  
∃ x ∃ y likes(x, y)     vs.     ∃ y ∃ x likes(x, y)

Is there any difference between each one? No! The two versions of the first proposition both say that every person likes every other person, and the two versions of the second proposition both say that there is a person who likes another person.

But what about:

∀ x ∃ y likes(x, y)     vs.     ∃ y ∀ x likes(x, y)

Suppose our domain is made up of the following people:

Bob: likes Alice and James
Alice: likes Bob
James: likes Alice

The first proposition, ∀ x ∃ y likes(x, y), says that all people have some person (not necessarily the same person) that they like. This would certainly be true for our domain, as every person has at least one person that they like. The second proposition, ∃ y ∀ x likes(x, y) is saying that there is a person (the SAME person) that everyone likes. This proposition would be false for our domain, as there is no one person that is liked by everyone.

Precedence with quantifiers

In section 2.2, we discussed operator precedence for propositional logic statements. The same operator precedence holds for predicate logic statements, except that our two quantifiers (∀ and ∃) have the same precedence as the NOT operator. If we have a proposition with multiple quantifiers, then the quantifiers are resolved from right to left. For example, ∃ y ∀ x likes(x, y) should be interpreted as ∃ y (∀ x likes(x, y)).

Here is an updated list of operator precedence, from most important (do first) to least important (do last):

1. Parentheses
2. Not operator (¬), universal quantifier (∀), existential quantifier (∃)
3. And operator, ∧
4. Or operator, ∨
5. Implies operator, →

And here is our updated list of how to resolve multiple operators with the same precedence:

1. Multiple parentheses - the innermost parentheses are resolved first, working from inside out.
2. Multiple not ( ¬ ) operators – the rightmost ¬ is resolved first, working from right to left. For example, ¬¬p is equivalent to ¬(¬p).
3. Multiple and ( ∧ ) operators – the leftmost ∧ is resolved first, working from left to right. For example, p ∧ q ∧ r is equivalent to (p ∧ q) ∧ r.
4. Multiple or ( ∨ ) operators – the leftmost ∨ is resolved first, working from left to right. For example, p ∨ q ∨ r is equivalent to (p ∨ q) ∨ r.
5. Multiple implies ( → ) operators – the rightmost → is resolved first, working from right to left. For example, p → q → r is equivalent to p → (q → r).
6. Multiple quantifiers – the rightmost quantifier is resolved first, working from right to left. For example, ∃ y ∀ x likes(x, y) should be interpreted as ∃ y (∀ x likes(x, y)).

When we get to predicate logic proofs in Chapter 6, we will see that Logika uses a different precedence for quantifiers – there, quantifiers have the LOWEST precedence (done last) of any operator. This ends up being more forgiving than confusing, as it will accept propositions as correct that are really missing parentheses. For example, Logika will accept: ∃ x isMouse(x) ∧ inHouse(x). Technically, this proposition should be incorrect – if we correctly treat quantifiers as having a higher precedence than ∧, then inHouse(x) would no longer know about the variable x or its quantifier.

We should use parentheses with quantifiers to express our intended meaning, and so we should write ∃ x (isMouse(x) ∧ inHouse(x)) instead. But if we forget the parentheses, then Logika will forgive us.

Rules with ∀

Just as with our propositional logic operators, there will be two inference rules for each of our predicate logic quanitifiers – an “introduction rule and an “elimination” rule.

In this section, we will see the two inference rules for the universal (∀) quantifier.

For all elimination

For all elimination allows us to take a claim that uses a universal quantifier – a statement about ALL individuals in a domain – and make the same statement about a specific individual in the domain. After all, if the statement is true for ALL individuals, then it follows that it should be true for a particular individual. We can formalize the rule as follows:

     ∀ x P(x)
∀e: ----------- 
       P(v)     where v is a particular individual in the domain

Here is a simple example showing the syntax of the ∀e rule. It shows that given the premises: All humans are mortal and Socrates is a human, that we can prove that Socrates is mortal:

∀ x (isHuman(x) → isMortal(x)),  isHuman(Socrates) ⊢ isMortal(Socrates)
{
    1. ∀ x (isHuman(x) → isMortal(x))               premise
    2. isHuman(Socrates)                            premise
    3. isHuman(Socrates) → isMortal(Socrates)       ∀e 1 Socrates
    4. isMortal(Socrates)                           →e 3 2
}

We can read the justification ∀e 1 Socrates as: “for all elimination of the for-all statement on line 1, plugging in the individual Socrates”.

For all introduction

If we can show that a property of the form P(a) holds for an arbitrary member a of a domain, then we can use for all introduction to conclude that the property must hold for ALL individuals in the domain – i.e., that ∀ x P(x). We can formalize the rule as follows:

     { a              (a is fresh)
       ... P(a) }
∀i: ---------------
      ∀ x P(x) 

Here is a simple example showing the syntax of the ∀i rule: “Everyone is healthy; everyone is happy. Therefore, everyone is both healthy and happy.”:

∀ x isHealthy(x), ∀ y isHappy(y)  |-  ∀ z(isHealthy(z) ∧ isHappy(z))
{

  1. ∀ x isHealthy(x)                   premise
  2. ∀ y isHappy(y)                     premise
  3. {
       4. a
       5. isHealthy(a)                  ∀e 1 a
       6. isHappy(a)                    ∀e 2 a
       7. isHealthy(a) ∧ isHappy(a)     ∧i 5 6
  }
  8. ∀ z (isHealthy(z) ∧ isHappy(z))    ∀i 3
}

If we wish to introduce a for-all statement, the pattern is:

• Open a subproof and introduce an arbitrary/fresh individual in the domain (in the example above, we used a). It MUST be a name that we have not used elsewhere in the proof. The idea is that your individual could have been anyone/anything in the domain.

• When you introduce your individual, you do NOT include a justification on that line

• If you have other for-all statements available within the scope of the subproof, then it is often useful to use ∀e to plug your fresh individual into them. After all, if those statements are true for ALL individuals, then they are also true for your fresh individual.

• If you are trying to prove something of the form ∀ x P(x), then you need to reach P(a) by the end of the subproof. You need to show that your goal for-all statement holds for your fresh individual. In our case, we wished to prove ∀ z (isHealthy(z) ∧ isHappy(z)), so we reached isHealthy(a) ∧ isHappy(a) by the end of the subproof.

• After the subproof, you can use ∀i to introduce a for-all statement for your last claim in the subproof – that since the individual could have been anyone, then the proposition holds for ALL individuals. The ∀i justification needs the line number of the subproof.

• When you use ∀i, it does not matter what variable you introduce into the for-all statement. In the example above, we introduced ∀ z – but that was only to match the goal conclusion in the proof. We could have instead introduced ∀ x, ∀ y, ∀ people, etc. We would use whatever variable we chose in the rest of that proposition – i.e., ∀ z (isHealthy(z) ∧ isHappy(z)), or ∀ people (isHealthy(people) ∧ isHappy(people)), etc.

Examples

In this section, we will look at several proofs involving the universal quantifier.

Example 1

Suppose we wish to prove the following sequent:

∀ x P(x) ⊢ ∀ y P(y)

This will let us show that it doesn’t matter what variable we use with a universal quantifier – both ∀ x P(x) and ∀ y P(y) are saying the same thing: for all individuals, P holds for that individual.

Since the top-level operator of our conclusion is a for-all statement, we see that we will need to use for all introduction. Following the pattern above, we open a subproof and introduce a fresh individual, a. Since we wish to introduce the for-all statement ∀ y P(y), then we know we need to reach P(a) by the end of our subproof:

∀ x P(x) ⊢ ∀ y P(y)
{
    1. ∀ x P(x)         premise
    2. {
        3. a            //our fresh individual

        //need: P(a)
    }
    //want to use ∀i to conclude ∀ y P(y)
}

Since we have an available for-all statement in our subproof (∀ x P(x), from line 1), then we use ∀e to plug a into it:

∀ x P(x) ⊢ ∀ y P(y)
{
    1. ∀ x P(x)         premise
    2. {
        3. a            //our fresh individual
        4. P(a)         ∀e 1 a
        //need: P(a)
    }
    //want to use ∀i to conclude ∀ y P(y)
}

At that point, we see that we have exactly the proposition we wanted to end our subproof – P(a). All that remains is to use ∀i to state that since a could have been anyone, that the proposition we reached at the end of subproof 2 must hold for all individuals. Here is the completed proof:

∀ x P(x) ⊢ ∀ y P(y)
{
    1. ∀ x P(x)         premise
    2. {
        3. a            //our fresh individual
        4. P(a)         ∀e 1 a
        //need: P(a)
    }
    //want to use ∀i to conclude ∀ y P(y)
    5. ∀ y P(y)         ∀i 2
}

Example 2

Suppose we wish to prove that, given the following premises in the domain of people:

• All students have a phone and/or a laptop
• Everyone is a student

Then we can conclude:

• Everyone has a phone and/or a laptop

First, we identify the following predicates:

• isStudent(x) - whether person x is a student
• hasPhone(x) - whether person x has a phone
• hasLaptop(x) = whether person x has a laptop

Then, we can translate our premises and goal conclusion to predicate logic:

• All students have a phone and/or a laptop translates to: ∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x))
• Everyone is a student translates to: ∀ x isStudent(x)
• Everyone has a phone and/or a laptop translates to: ∀ x (hasPhone(x) ∨ hasLaptop(x))

We need to prove the following sequent:

∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x)), ∀ x isStudent(x) ⊢ ∀ x (hasPhone(x) ∨ hasLaptop(x))

As with our previous example, we see that we are trying to prove a for-all statement (∀ x (hasPhone(x) ∨ hasLaptop(x))). This means we will need to open a subproof and introduce a fresh individual – perhaps bob. By the end of the subproof, we must show that our goal for-all statement holds for that individual – that hasPhone(bob) ∨ hasLaptop(bob). We start the proof as follows:

∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x)), ∀ x isStudent(x) ⊢ ∀ x (hasPhone(x) ∨ hasLaptop(x))
{
    1. ∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x))          premise
    2. ∀ x isStudent(x)                                         premise
    3. {
        4. bob
        
        //goal: hasPhone(bob) ∨ hasLaptop(bob)
    }
    //use ∀i to conclude ∀ x (hasPhone(x) ∨ hasLaptop(x))
}

We have two available for-all statements within the subproof – x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x)) and ∀ x isStudent(x). Since those propositions hold for all individuals, they also hold for bob. We use ∀e to plug in bob to those two propositions:

∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x)), ∀ x isStudent(x) ⊢ ∀ x (hasPhone(x) ∨ hasLaptop(x))
{
    1. ∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x))          premise
    2. ∀ x isStudent(x)                                         premise
    3. {
        4. bob
        5. isStudent(bob) → hasPhone(bob) ∨ hasLaptop(bob)      ∀e 1 bob
        6. isStudent(bob)                                       ∀e 2 bob 
        //goal: hasPhone(bob) ∨ hasLaptop(bob)
    }
    //use ∀i to conclude ∀ x (hasPhone(x) ∨ hasLaptop(x))
}

Line 5 is an implies statement the form p → q, and line 6 is a statement of the form p. Thus we can use →e to conclude hasPhone(bob) ∨ hasLaptop(bob) (the “q” in that statement) – which is exactly what we needed to end the subproof. All that remains is to apply our ∀i rule after the subproof. Here is the completed proof:

∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x)), ∀ x isStudent(x) ⊢ ∀ x (hasPhone(x) ∨ hasLaptop(x))
{
    1. ∀ x (isStudent(x) → hasPhone(x) ∨ hasLaptop(x))          premise
    2. ∀ x isStudent(x)                                         premise
    3. {
        4. bob
        5. isStudent(bob) → hasPhone(bob) ∨ hasLaptop(bob)      ∀e 1 bob
        6. isStudent(bob)                                       ∀e 2 bob   
        7. hasPhone(bob) ∨ hasLaptop(bob)                       →e 5 6
        //goal: hasPhone(bob) ∨ hasLaptop(bob)
    }
    //use ∀i to conclude ∀ x (hasPhone(x) ∨ hasLaptop(x))
    8. ∀ x (hasPhone(x) ∨ hasLaptop(x))                         ∀i 3
}

Example 3

Next, suppose we wish to prove the following sequent:

∀ x (S(x) → Pz(x)), ∀ x (Pz(x) → D(x)), ∀ x ¬D(x) ⊢ ∀ x ¬S(x)

We again see that the top-level operator of what we are trying to prove is a universal quantifier. We use our strategy to open a subproof, introduce a fresh individual (maybe a), and plug that individual into any available for-all statements. Since we wish to prove ∀ x ¬S(x), then we will want to reach ¬S(a) by the end of the subproof. Here is a sketch:

∀ x (S(x) → Pz(x)), ∀ x (Pz(x) → D(x)), ∀ x ¬D(x) ⊢ ∀ x ¬S(x)
{
    1. ∀ x (S(x) → Pz(x))               premise
    2. ∀ x (Pz(x) → D(x))               premise
    3. ∀ x ¬D(x)                        premise
    4. {
        5. a
        6. S(a) → Pz(a)                 ∀e 1 a
        7. Pz(a) → D(a)                 ∀e 2 a
        8. ¬D(a)                        ∀e 3 a

        //goal: ¬S(a)
    }
    //use ∀i to conclude ∀ x ¬S(x)
}

Now, we see that our goal is to reach ¬S(a) by the end of the subproof – so we need to prove something whose top-level operator is a NOT. We recall that we have a strategy to prove NOT(something) from propositional logic – we open a subproof, assuming something (S(a), in our case), try to get a contradiction, and use NOT introduction after the subproof to conclude NOT (something) (¬S(a) for us). Here is the strategy:

∀ x (S(x) → Pz(x)), ∀ x (Pz(x) → D(x)), ∀ x ¬D(x) ⊢ ∀ x ¬S(x)
{
    1. ∀ x (S(x) → Pz(x))               premise
    2. ∀ x (Pz(x) → D(x))               premise
    3. ∀ x ¬D(x)                        premise
    4. {
        5. a
        6. S(a) → Pz(a)                 ∀e 1 a
        7. Pz(a) → D(a)                 ∀e 2 a
        8. ¬D(a)                        ∀e 3 a
        9. {
            10. S(a)                    assume

            //goal: contradiction
        }
        //use ¬i to conclude ¬S(a)

        //goal: ¬S(a)
    }
    //use ∀i to conclude ∀ x ¬S(x)
}

We can complete the proof as follows:

∀ x (S(x) → Pz(x)), ∀ x (Pz(x) → D(x)), ∀ x ¬D(x) ⊢ ∀ x ¬S(x)
{
    1. ∀ x (S(x) → Pz(x))               premise
    2. ∀ x (Pz(x) → D(x))               premise
    3. ∀ x ¬D(x)                        premise
    4. {
        5. a
        6. S(a) → Pz(a)                 ∀e 1 a
        7. Pz(a) → D(a)                 ∀e 2 a
        8. ¬D(a)                        ∀e 3 a
        9. {
            10. S(a)                    assume
            11. Pz(a)                   →e 6 10
            12. D(a)                    →e 7 11
            13. ⊥                       ¬e 12 8
            //goal: contradiction
        }
        //use ¬i to conclude ¬S(a)
        14. ¬S(a)                       ¬i 9

        //goal: ¬S(a)
    }
    //use ∀i to conclude ∀ x ¬S(x)
    15. ∀ x ¬S(x)                       ∀i 4
}

Rules with ∃

In this section, we will see the two inference rules for the existential (∃) quantifier.

Exists introduction

We can use the exists introduction rule, ∃i, when we have a proposition of the form P(a) for an arbitrary member a of a domain. Since we found one individual where a proposition held, then we can also say that there exists an individual for which the proposition is true. We can formalize the rule as follows:

       P(d)         where  d  is an individual
∃i: -----------
      ∃ x P(x)

Here is a simple example showing the syntax of the ∃i rule:

isHuman(Socrates) ⊢  ∃ x isHuman(x)
{
    1. isHuman(Socrates)            premise
    2. ∃ x isHuman(x)               ∃i 1 Socrates
}

When we use the ∃i rule to justify a claim like ∃ x P(x), we include the line number of where the proposition held for a particular individual, as well as the name of the individual. In the proof above, we claim ∃ x isHuman(x) with justification ∃i 1 Socrates – line 1 corresponds to isHuman(Socrates), where our ∃ x isHuman(x) proposition held for a particular individual. The Socrates part of the justification is the name of the individual.

Note that we can use the ∃i rule to introduce any variable, not just x. You can choose which variable to introduce based on the variables used in the conclusion. For example, the following proof is also valid:

isHuman(Socrates) ⊢  ∃ z isHuman(z)
{
    1. isHuman(Socrates)            premise
    2. ∃ z isHuman(z)               ∃i 1 Socrates
}

Exists elimination

Since the ∃i-rule constructs propositions that begin with ∃, the ∃e-rule (exists elimination) disassembles propositions that begin with ∃.

Here is a quick example (where our domain is living things):

• All humans are mortal
• Someone is human
• Therefore, someone is mortal

We don’t know the name of the human, but it does not matter. Since ALL humans are mortal and SOMEONE is human, then our anonymous human must be mortal. The steps will go like this:

• Since “someone is human” and since we do not know his/her name, we will just make up our own name for them – “Jane”. So, we assume that “Jane is human”.

• We use the logic rules we already know to prove that “Jane is mortal”.

• Therefore, SOMEONE is mortal and their name does not matter.

This approach is coded into the last logic law, ∃e (exists elimination).

Suppose we have a premise of the form ∃ x P(x). Since we do not know the name of the individual “hidden” behind the ∃ x, we make up a name for it, say a, and discuss what must follow from the assumption that P(a) holds true. Here is the formalization of the ∃e rule:

                  {a  P(a)   assume       // where  a  is a new, fresh name
      ∃ x P(x)      ...  Q         }      // a  MUST NOT appear in  Q
∃e: -----------------------------------
                     Q

That is, if we can deduce Q from P(a), and we do not mention a within Q, then it means Q can be deduced no matter what name the hidden individual has. So, Q follows from ∃ P(x).

We can work the previous example, with ∃e:

All humans are mortal
Someone is human
Therefore, someone is mortal

We make up the name, jane, for the human whose name we do not know:

∀ h(isHuman(h) → isMortal(h)), ∃ x isHuman(x) |- ∃ y isMortal(y)
{
    1. ∀ h(isHuman(h) → isMortal(h))        premise
    2. ∃ x isHuman(x)                       premise
    3. {
        4. jane isHuman(jane)               assume
        5. isHuman(jane) → isMortal(jane)   ∀e 1 jane
        6. isMortal(jane)                   →e 5 4
        7. ∃y isMortal(y)                   ∃i 6 jane
    }
    8. ∃y isMortal(y)                       ∃e 2 3
}

Line 4 proposes the name jane and the assumption that isHuman(jane). The subproof leads to Line 7, which says that someone is mortal. (We never learned the individual’s name!) Since Line 7 does not explicitly mention the made-up name, jane, we use Line 8 to repeat Line 7 – without knowing the name of the individual “hiding” inside Line 2, we made a subproof that proves the result, anyway. This is how ∃e works.

Note that when we use the ∃e rule as a justification we include first the line number of the there-exists statement that we processed (by naming the hidden individual) in the previous subproof, and then the line number of that subproof. In the example above, we say ∃e 2 3 because line 2 includes the there-exists statement we processed (∃ x isHuman(x)) in the previous subproof and line 3 is the subproof.

When using ∃e, the previous subproof must begin with introducing a name for a hidden individual in a there-exists statement and then immediately substituting that name into the there-exists statement. The justification on the first line is always assume. The last line in the subproof should contain NO mention of the chosen name. Whatever we claim on the last line in the subproof, we must claim EXACTLY the same thing immediately afterwards when we use the ∃e rule.

You are welcome to use any name for the hidden individual – not just jane or a. The only restriction is that you cannot have used the name anywhere else in the proof.

Examples

In this section, we will look at several proofs involving the existential quantifier.

Example 1

Suppose we wish to prove the following sequent:

∃ x (Human(x)) ⊢ ∃ y (Human(y))

Following the same approach in the ∃e example above, we know that there is SOME human. Let’s introduce the alias bob for that human:

∃ x (Human(x)) ⊢ ∃ y (Human(y))
{
    1. ∃ x (Human(x))               premise
    2. {
        3. bob Human(bob)           assume

        //goal: get to our conclusion, ∃ y (Human(y))
    }
    //use ∃e to restate our conclusion, since we know SOME such human exists
}

Since we have Human(bob) in our subproof, we can use ∃i in our subproof to instead say that there exists some human. We will introduce the y variable, since that’s what we want in our conclusion:

∃ x (Human(x)) ⊢ ∃ y (Human(y))
{
    1. ∃ x (Human(x))               premise
    2. {
        3. bob Human(bob)           assume
        4. ∃ y (Human(y))           ∃i 3 bob

        //goal: get to our conclusion, ∃ y (Human(y))
    }
    //use ∃e to restate our conclusion, since we know SOME such human exists
}

All that remains is to use ∃e to restate our conclusion after the subproof. Since we knew someone was a human, and since we reached a claim that didn’t use our alias, then we can restate the result outside the scope of the subproof:

∃ x (Human(x)) ⊢ ∃ y (Human(y))
{
    1. ∃ x (Human(x))               premise
    2. {
        3. bob Human(bob)           assume
        4. ∃ y (Human(y))           ∃i 3 bob

        //goal: get to our conclusion, ∃ y (Human(y))
    }
    //use ∃e to restate our conclusion, since we know SOME such human exists
    5. ∃ y (Human(y))               ∃e 1 2
}

Example 2

Suppose we wish to prove the following sequent:

∃ x (Adult(x) ∨ Kid(x)) ⊢ (∃ x Adult(x)) ∨ (∃ x Kid(x))

We will begin as we did previously: by introducing an alias for our person that is either an adult or a kid (say, alice):

∃ x (Adult(x) ∨ Kid(x)) ⊢ (∃ x Adult(x)) ∨ (∃ x Kid(x))
{
    1. ∃ x (Adult(x) ∨ Kid(x))              premise
    2. {
        3. alice Adult(alice) ∨ Kid(alice)  assume

        //goal: get to our conclusion, (∃ x Adult(x)) ∨ (∃ x Kid(x))
    }
    //use ∃e to restate our conclusion, since we know SOME such person is either an adult or kid
}

To finish our proof, we can use OR elimination on Adult(alice) ∨ Kid(alice), and then ∃e afterwards to restate our conclusion. Here is the completed proof:

∃ x (Adult(x) ∨ Kid(x)) ⊢ (∃ x Adult(x)) ∨ (∃ x Kid(x))
{
    1. ∃ x (Adult(x) ∨ Kid(x))                  premise
    2. {
        3. alice Adult(alice) ∨ Kid(alice)      assume
        4. {
            5. Adult(alice)                     assume
            6. ∃ x Adult(x)                     ∃i 5 alice
            7. (∃ x Adult(x)) ∨ (∃ x Kid(x))    ∨i1 6
        }
        8. {
            9. Kid(alice)                       assume
            10. ∃ x Kid(x)                      ∃i  9 alice
            11. (∃ x Adult(x)) ∨ (∃ x Kid(x))   ∨i2 10
        }
        12. (∃ x Adult(x)) ∨ (∃ x Kid(x))       ∨e 3 4 8

        //goal: get to our conclusion, (∃ x Adult(x)) ∨ (∃ x Kid(x))
    }
    //use ∃e to restate our conclusion, since we know SOME such person is either an adult or kid

    13. (∃ x Adult(x)) ∨ (∃ x Kid(x))           ∃e 1 2
}

Example 3

Suppose we wish to prove the following (in the domain of living things):

• All bunnies are fluffy
• There is a fast bunny
• Therefore, there is a creature that is fast and fluffy

We can translate our premises and desired conclusion to predicate logic, and write the following sequent:

∀ x (Bunny(x) → Fluffy(x)), ∃ x (Fast(x) ∧ Bunny(x)) ⊢ ∃ x (Fast(x) ∧ Fluffy(x))

Since we are trying to prove a claim about some individual, it makes sense that we would start the process of an ∃e subproof where we introduce an alias (thumper) for the fast bunny. We will try to reach the conclusion by the end of that subproof. Here is the setup:

∀ x (Bunny(x) → Fluffy(x)), ∃ x (Fast(x) ∧ Bunny(x)) ⊢ ∃ x (Fast(x) ∧ Fluffy(x))
{
    1. ∀ x (Bunny(x) → Fluffy(x))                   premise
    2. ∃ x (Fast(x) ∧ Bunny(x))                     premise
    3. {
        4. thumper Fast(thumper) ∧ Bunny(thumper)   assume
        5. Fast(thumper)                            ∧e1 4
        6. Bunny(thumper)                           ∧e2 4

        //goal: ∃ x (Fast(x) ∧ Fluffy(x))
    }

    //use ∃e to restate ∃ x (Fast(x) ∧ Fluffy(x)), since we know there is SOME fast bunny
}

To finish our subproof, we see that we have a proposition about all creatures (∀ x (Bunny(x) → Fluffy(x))) and that we are working with an individual creature (thumper). We can use ∀e to prove Bunny(thumper) → Fluffy(thumper). After that, we have a few more manipulations using propositional logic rules, our ∃i rule to transition our claim from being about our alias thumper to being about an unnamed individual, and then our ∃e rule to pull our final claim out of the subproof. Here is the completed proof:

∀ x (Bunny(x) → Fluffy(x)), ∃ x (Fast(x) ∧ Bunny(x)) ⊢ ∃ x (Fast(x) ∧ Fluffy(x))
{
    1. ∀ x (Bunny(x) → Fluffy(x))                   premise
    2. ∃ x (Fast(x) ∧ Bunny(x))                     premise
    3. {
        4. thumper Fast(thumper) ∧ Bunny(thumper)   assume
        5. Fast(thumper)                            ∧e1 4
        6. Bunny(thumper)                           ∧e2 4
        7. Bunny(thumper) → Fluffy(thumper)         ∀e 1 thumper
        8. Fluffy(thumper)                          →e 7 6
        9. Fast(thumper) ∧ Fluffy(thumper)          ∧i 5 8
        10. ∃ x (Fast(x) ∧ Fluffy(x))               ∃i 9 thumper

        //goal: ∃ x (Fast(x) ∧ Fluffy(x))
    }
    //use ∃e to restate ∃ x (Fast(x) ∧ Fluffy(x)), since we know there is SOME fast bunny

    11. ∃ x (Fast(x) ∧ Fluffy(x))                   ∃e 2 3
}

Nested Quantifiers

Our examples so far have included propositions with single quantifiers. This section will discuss how to prove sequents that use nested quantifers. We will see that the approach is the same as before, but that we must take caution to process the quantifiers in the correct order. Recall that quantifier precedence is from right to left (i.e., from the outside in), so that ∀ x ∀ y P(x, y) is equivalent to ∀ x (∀ y P(x, y)).

Example 1

Suppose we wish to prove the following sequent:

∀ x ∀ y P(x, y) ⊢ ∀ y ∀ x P(y, x)

Since we wish to prove a for-all statement of the form ∀ y (SOMETHING), then we know we must start with our for all introduction template:

∀ x ∀ y P(x, y) ⊢ ∀ y ∀ x P(y, x)
{
    1. ∀ x ∀ y P(x, y)              premise
    2. {
        3. a 
        
        //need: ∀ x P(a, x)
    }
    //want to use ∀i to conclude ∀ y ∀ x P(y, x)
}

But now we see that we want to prove ANOTHER for-all statement, ∀ x P(a, x). So we again use our for all introduction strategy in a nested subproof:

∀ x ∀ y P(x, y) ⊢ ∀ y ∀ x P(y, x)
{
    1. ∀ x ∀ y P(x, y)              premise
    2. {
        3. a 
        4. {
            5. b

            //need: P(a, b)
        }
        //want to use ∀i to conclude ∀ x P(a, x)

        //need: ∀ x P(a, x)
    }
    //want to use ∀i to conclude ∀ y ∀ x P(y, x)
}

Now, in subproof 4, we see that we must use ∀e on our premise (∀ x ∀ y P(x, y)) to work towards our goal of P(a, b). We have two available individuals – a and b. When we use ∀e, we must eliminate the OUTER (top-level) quantifier and its variable. In the case of ∀ x ∀ y P(x, y), we see that we must eliminate the ∀ x. Since the x is the first parameter in P(x, y), and since we are hoping to reach P(a, b) by the end of subproof 4, we can see that we need to plug in the a for the x so that it will be in the desired position:

∀ x ∀ y P(x, y) ⊢ ∀ y ∀ x P(y, x)
{
    1. ∀ x ∀ y P(x, y)              premise
    2. {
        3. a 
        4. {
            5. b
            6. ∀ y P(a, y)          ∀e 1 a

            //need: P(a, b)
        }
        //want to use ∀i to conclude ∀ x P(a, x)

        //need: ∀ x P(a, x)
    }
    //want to use ∀i to conclude ∀ y ∀ x P(y, x)
}

Note that on line 6, we could NOT have used ∀e to eliminate the ∀ y in ∀ x ∀ y P(x, y), as it was not the top-level operator.

Next, we apply ∀e again to ∀ y P(a, y) to leave us with P(a, b). All that remains at that point is to use ∀i twice as planned to wrap up the two subproofs. Here is the completed proof:

∀ x ∀ y P(x, y) ⊢ ∀ y ∀ x P(y, x)
{
    1. ∀ x ∀ y P(x, y)              premise
    2. {
        3. a 
        4. {
            5. b
            6. ∀ y P(a, y)          ∀e 1 a
            7. P(a, b)              ∀e 6 b

            //need: P(a, b)
        }
        //want to use ∀i to conclude ∀ x P(a, x)

        8. ∀ x P(a, x)              ∀i 4

        //need: ∀ x P(a, x)
    }
    //want to use ∀i to conclude ∀ y ∀ x P(y, x)

    9. ∀ y ∀ x P(y, x)              ∀i 2
}

Example 2

Suppose we have the predicate IsBossOf(x, y) in the domain of people, which describes whether person x is the boss of person y. We wish to prove the following sequent:

∃ x ∀ y IsBossOf(x, y) ⊢ ∀ y ∃ x IsBossOf(x, y)

You can read the premise as “There is a person that is everyone’s boss”. From this statement, we are trying to prove the conclusion: “All people have a boss”. Here is the completed proof:

∃ x ∀ y IsBossOf(x, y) ⊢ ∀ y ∃ x IsBossOf(x, y)
{
  1. ∃ x ∀ y IsBossOf(x, y)             premise
  2. {
       3. a ∀ y IsBossOf(a, y)          assume
       4. {
            5. b
            6. IsBossOf(a, b)           ∀e 3 b
            7. ∃ x IsBossOf(x, b)       ∃i 6 a
       }
       8. ∀ y ∃ x IsBossOf(x, y)        ∀i 4
  }
  9. ∀ y ∃ x IsBossOf(x, y)             ∃e 1 2
}

In the above proof, we let a be our made-up name for the boss-of-everyone. So, we have the assumption that ∀ y IsBossOf(a, y). Next, we let b be “anybody at all” who we might examine in the domain of people. The proof exposes that the boss of “anybody at all” in the domain must always be a. ∀i and then ∃e finish the proof.

Here is the proof worked again, with the subproofs swapped:

∃ x ∀ y IsBossOf(x, y) ⊢ ∀ y ∃ x IsBossOf(x, y)
{
  1. ∃ x ∀ y IsBossOf(x, y)             premise
  2. {
       3. b
       4. {
            5. a ∀ y IsBossOf(a, y)     assume
            6. IsBossOf(a, b)           ∀e 5 b
            7. ∃ x IsBossOf(x, b)       ∃i 6 a
       }
       8. ∃ x IsBossOf(x, b)            ∃e 1 4
  }
  9. ∀ y ∃ x IsBossOf(x, y)             ∀i 2
}

Can we prove the converse? That is, if everyone has a boss, then there is one boss who is the boss of everyone?

∀ y ∃ x IsBossOf(x, y) ⊢ ∃ x ∀ y IsBossOf(x, y)

NO. We can try, but we get stuck:

∀ y ∃ x IsBossOf(x, y) ⊢ ∃ x ∀ y IsBossOf(x, y)
{
    1. ∀ y ∃ x IsBossOf(x, y)           premise
    2. {
        3. a
        4. ∃ x IsBossOf(x, a)           ∀e 1 a
        5. {
            6. b IsBossOf(b, a)         assume
        }
        7. ∀ y isBoss(b, y)             ∀i 2  NO--THIS PROOF IS TRYING TO FINISH
                                          THE OUTER SUBPROOF WITHOUT FINISHING
                                          THE INNER ONE FIRST.

    ...can't finish
}

We see that the “block structure” of the proofs warns us when we are making invalid deductions.

Equivalence

In Chapter 5, we saw DeMorgan’s laws for quantifiers – that if we have some domain, and if P(x) is a predicate for individuals in that domain, then the following statements are equivalent:

• ¬(∃ x P(x)) is equivalent to ∀ x ¬P(x)
• ¬(∀ x P(x)) is equivalent to ∃ x ¬P(x)

The process of proving that two predicate logic statements are equivalent is the same as it was in propositional logic – we must prove the second proposition using the first as a premise, and we must prove the first given the second as a premise.

Example - how to prove equivalence

For example, to prove that ¬(∃ x P(x)) is equivalent to ∀ x ¬P(x), we must prove the sequents:

¬(∃ x P(x)) ⊢ ∀ x ¬P(x)

and

∀ x ¬P(x) ⊢ ¬(∃ x P(x))

We prove both directions below:

¬(∃ x P(x)) ⊢ ∀ x ¬P(x)
{
    1. ¬(∃ x P(x))              premise
    2. {
        3. a
        4. {
            5. P(a)             assume
            6. ∃ x P(x)         ∃i 5 a
            7. ⊥                ¬e 6 1
        }
        8. ¬P(a)                ¬i 4
    }
    9. ∀ x ¬P(x)                ∀i 2
}

and

∀ x ¬P(x) ⊢ ¬(∃ x P(x))
{
    1. ∀ x ¬P(x)                premise
    2. {
        3. ∃ x P(x)             assume
        4. {
            5. a P(a)           assume
            6. ¬P(a)            ∀i 1 a
            7. ⊥                ¬e 5 6
        }
        8. ⊥                    ∃e 3 4
    }
    9. ¬(∃ x P(x))              ¬i 2
}

More extensive list of equivalences

Here is a more extensive list of equivalences in predicate logic. The remaining proofs are left as exercises for the reader:

• ¬(∃ x P(x)) is equivalent to ∀ x ¬P(x)
• ¬(∀ x P(x)) is equivalent to ∃ x ¬P(x)
• ∀ x (P(x) → ¬Q(x)) is equivalent to ¬(∃ x P(x) ∧ Q(x))
• ∀ x ∀ y P(x, y) is equivalent to ∀ y ∀ x P(x, y)
• ∃ x ∃ y P(x, y) is equivalent to ∃ y ∃ x P(x, y)
• Q ∧ (∀ x P(x)) is equivalent to ∀ x (Q ∧ P(x)) (where x does not appear in Q)
• Q v (∀ x P(x)) is equivalent to ∀ x (Q V P(x)) (where x does not appear in Q)
• Q ∧ (∃ x P(x)) is equivalent to ∃ x (Q ∧ P(x)) (where x does not appear in Q)
• Q V (∃ x P(x)) is equivalent to ∃ x (Q V P(x)) (where x does not appear in Q)

Summary and Strategies

In this section, we summarize all available rules in propositional logic, and discuss strategies for approaching proofs.

Rules with universal quantifier (∀)

Rule summaries:

     ∀ x P(x)
∀e: ----------- 
       P(v)     where v is a particular individual in the domain

     { a              (a is fresh)
       ... P(a) }
∀i: ---------------
      ∀ x P(x) 

Rule syntax summaries:

{ 
    ...
    r. ∀ x P(x) 	        (...)
    s. P(v)                 ∀e r v
    ...
}

{ 
    ...
    r. {
        s. a
        ...
        t. P(a)             (...)
    }
    u. ∀ x P(x)             ∀i r
}

Rules with existential quantifier (∃)

Rule summaries:

       P(d)         where  d  is an individual
∃i: -----------
      ∃ x P(x)

                  {a  P(a)   assume       // where  a  is a new, fresh name
      ∃ x P(x)      ...  Q         }      // a  MUST NOT appear in  Q
∃e: -----------------------------------
                     Q

Rule syntax summaries:

{
    ...
    r. P(d)                 (...)
    s. ∃ x P(x)             ∃i r d
    ...
}

{
    ...
    b. ∃ x P(x)             (...)
    c. {
        d. a P(a)           assume
        ...
        e. Q                (...)
    }
    f. Q                    ∃e b c
}

Reminder: propositional logic rules are still available

When doing proofs in predicate logic, remember that all the deduction rules from propositional logic are still available. You will often want to use the same strategies we saw there – not introduction to prove a NOT, implies introduction to create an implies statement, OR elimination to process an OR statement, etc.

However, keep in mind that propositional logic rules can only be used on claims without quantifiers as their top-level operator. For example, if we have the statement ∀ x (S(x) ∧ Pz(x)), then we cannot use ∧e – the top-level operator is a universal quantifier, and the ∧ statement is “bound up” in that quantifier. We would only be able to use ∧e after we had used ∀ e to eliminate the quantifier.

Strategies

1. Write down all premises first. Can you extract anything from the premises?

   • If you have a for-all statement and an available individual, use ∀e to plug that individual into the for-all statement.
   • If you have p∧q, use ∧e1 to extract p by itself and then ∧e2 to extract q by itself.
   • If you have p→q and p, use →e to get q.
   • If you have p and ¬p, use ¬e to claim a contradiction, ⊥.

2. Look at the top-level operator of what you are trying to prove.

   • Are you trying to prove something of the form ∀ x P(x)?

     • Use ∀i. Open a subproof, introduce a fresh a, and get to P(a) by the end of the subproof. After the subproof, use ∀i to conclude ∀ x P(x).

   • Are you trying to prove something of the form ∃ x P(x)?

     • You will usually have another there-exists (∃) statement available as a premise or previous claim. Open a subproof, and assume an alias for the individual in your there-exists statement. Get to ∃ x P(x) by the last line of the subproof. After the subproof, use ∃e to restate ∃ x P(x).

   • Are you trying to prove something of the form p→q?

     • Use →i. Open a subproof, assume p, and get to q by the end of the subproof. After the subproof, use →i to conclude p→q.

   • Are you trying to prove something of the form ¬p?

     • Use ¬i. Open a subproof, assume p, and get a contradiction, ⊥, by the end of the subproof. After the subproof, use ¬i to conclude ¬p.

   • Are you trying to prove something of the form p ∧ q?

     • Try to prove p by itself and then q by itself. Afterward, use ∧i to conclude p ∧ q.

   • Are you trying to prove something of the form p ∨ q?

     • See if you have either p or q by itself – if you do, use either ∨i1 or ∨i2 to conclude p ∨ q.

3. You’ll need to nest the approaches from step 2. Once you are in a subproof, think about what you are trying to prove by the end of that subproof. Follow the strategy in step 2 to prove your current goal, nesting subproofs as needed. As you work, stop and scan the claims that you have available. See if you can extract anything from them as you did for the premises in step 1.

4. No match, or still stuck?

   • Do you have a there-exists statement available? Try using ∃e to reach your goal.
   • Do you have an OR statement available? Try using OR elimination to prove your goal conclusion.
   • Do your statements have NOT operators, but don’t fit the form for using ¬i? Try using pbc. If you are trying to prove something of the form p, open a subproof, assume ¬p, and try to reach a contradiction by the end of the subproof. Afterward, use pbc to conclude p.
   • As a last resort, try pasting in the proof for the law of the excluded middle (see section 4.5). Then use OR elimination on p ∨ ¬p.

Think of doing a proof as solving a maze, and of all our deduction rules as possible directions you can turn. If you have claims that match a deduction rule, then you can try applying the rule (i.e, “turning that direction”). As you work, you may apply more and more rules until the proof falls into place (you exit the maze)…or, you might get stuck. If this happens, it doesn’t mean that you have done anything wrong – it just means that you have reached a dead end and need to try something else. You backtrack, and try a different approach instead (try turning in a different direction).

Soundness and Completeness

Soundness and completeness definitions

We now revisit the notions of soundness and completeness. We recall from propositional logic that a proof system is sound if everything that is provable is actually true. A proof system is complete if everything that is true can be proved.

Interpretations

When we write statements in logic, we use predicates and function symbols (e.g., ∀ i (i * 2) > i). An interpretation gives the meaning of:

• The underlying domain – what set of elements it names

• Each function symbol – what answers it computes from its parameters from the domain

• Each predicate – which combinations of arguments from the domain lead to true answers and false answers

Interpretation example - integers

Here is an example. Say we have the function symbols: +, -, *, and /, and the predicate symbols: > and =. What do these names and symbols mean? We must interpret them.

The standard interpretation of arithmetic is that:

• int names the set of all integers

• +, -, *, and / name the integer addition, subtraction, multiplication, and division functions (that take two integers as “parameters” and “return” an integer result)

• = and > name integer equality comparison and integer less-than comparison predicates (that take two integers as “parameters” and “return” the boolean result of the comparison)

With this interpretation of arithmetic, we can interpret statements. For example,∀ i (i * 2) > i interprets to false, as when i is negative, then i * 2 < i. Similarly, ∃ j (j * j) = j interprets to true, as 1 * 1 = 1.

Now, given the function names +, -, *, /, and the predicates, =, >, we can choose to interpret them in another way. For example, we might interpret the underlying domain as just the nonnegative integers. We can interpret +, *, /, >, = as the usual operations on ints, but we must give a different meaning to -. We might define m - n == 0, whenever n > m.

Yet another interpretation is to say that the domain is just {0, 1}; the functions are the usual arithmetic operations on 0 and 1 under the modulus of 2. For example, we would define 1 + 1 == 0 because (1 + 1) mod 2 == 0. We would define 1 > 0 as true and any other evaluation of < as false.

These three examples show that the symbols in a logic can be interpreted in multiple different ways.

Interpretation example - predicates

Here is a second example. There are no functions, and the predicates are IsMortal(_), IsLeftHanded(_) and IsMarriedTo(,). An interpretation might make all (living) members of the human race as the domain; make IsMortal(h) defined as true for every human h; make IsLeftHanded(j) defined as true for exactly those humans, j, who are left handed; and set IsMarriedTo(x, y) as true for all pairs of humans (x, y) who have their marriage document in hand.

We can ask whether a proposition is true within ONE specific interpretation, and we can ask whether a proposition is true within ALL possible interpretations. This leads to the notions of soundness and completeness for predicate logic.

Valid sequents in predicate logic

A sequent, P_1, P_2, ..., P_n ⊢ Q is valid in an interpretation, I, provided that when all of P_1, P_2, …, P_n are true in interpretation I, then so is Q. The sequent is valid exactly when it is valid in ALL possible interpretations.

Soundness and completeness in predicate logic

We can then define soundness and completeness for predicate logic:

soundness: When we use the deduction rules to prove that P_1, P_2, ..., P_n ⊢ Q, then the sequent is valid (in all possible interpretations)

completeness: When P_1, P_2, ..., P_n ⊢ Q is valid (in all possible interpretations), then we can use the deduction rules to prove the sequent.

Note that, if P_1, P_2, ..., P_n ⊢ Q is valid in just ONE specific interpretation, then we are not guaranteed that our rules will prove it. This is a famous trouble spot: For centuries, mathematicians were searching for a set of deduction rules that could be used to build logic proofs of all the true propositions of arithmetic, that is, the language of int, +, -, *, /, >, and =. No appropriate rule set was devised.

In the early 20th century, Kurt Gödel showed that it is impossible to formulate a sound set of rules customized for arithmetic that will prove exactly the true facts of arithmetic. Gödel showed this by formulating true propositions in arithmetic notation that talked about the computational power of the proof rules themselves, making it impossible for the proof rules to reason completely about themselves. The form of proposition he coded in logic+arithmetic stated “I cannot be proved”. If this proposition is false, it means the proposition can be proved. But this would make the rule set unsound, because it proved a false claim. The only possibility is that the proposition is true (and it cannot be proved). Hence, the proof rules remain sound but are incomplete.

Gödel’s construction, called diagonalization, opened the door to the modern theory of computer science, called computability theory, where techniques from logic are used to analyze computer programs. You can study these topics more in CIS 570 and CIS 575.

Computability theory includes the notion of decidability – a problem that is decidable CAN be solved by a computer, and one that is undecidable cannot. A famous example of an undecidable problem is the Halting problem: given an arbitrary computer program and program input, can we write a checker program that will tell if the input program will necessarily terminate (halt) on its input? The answer is NO - the checker wouldn’t work on itself.

Induction Process

Mathematical induction allows us to prove that every nonnegative integer satisfies a certain property. In this chapter, we will use mathematical induction to prove several mathematical claims. When we reach the next several chapters on programming logic, we will see that mathematical induction is very similar to the process of proving correctness for programs with loops.

Domino effect

To prove that a property $P(n)$ is true for an arbitrary nonnegative integer $n$ using mathematical induction, we must show two things:

1. Base case. We must prove that $P(n)$ is true for the smallest possible value of $n$. Usually this is $n = 0$ or $n = 1$, but occasionally we will define a property for all values greater than or equal to 2, or some bigger number.

2. Inductive step. We assume the inductive hypothesis – that $P(k)$ holds for some arbitrary nonnegative integer $k$. Then, we must show that the property still holds for $k + 1$. In other words, we must prove that $P(k) \rightarrow P(k + 1)$ – that IF $P(k)$ holds for some arbitrary nonnegative integer $k$, THEN $P(k + 1)$ holds as well.

How do these two steps prove anything at all? Suppose we are proving that a property holds for all positive integers $n$. In the base case, we prove that the property holds when $n = 1$. Proving the inductive step allows us to say that whenever the property holds for some number, then it also holds for the number right after that. Since we already know the the property holds when $n = 1$, then the inductive step allows us to infer that the property still holds when $n = 2$. And at that point we know the property holds for $n = 2$, so the inductive step again allows us to infer that the property holds for $n = 3$, etc.

Think of mathematical inductive like a line of dominoes. The “base case” tells us that the first domino will fall, and the “inductive step” tells us that if one domino falls, then the one right after it will fall as well. From these two pieces, we can conclude that the entire line of dominoes will fall (i.e., that the property will hold for the entire set of numbers).

Summation property

There is a well-known formula for adding all positive integers up to some bound, $n$:

To see how this works, suppose $n = 3$. We have that $1 + 2 + 3 = 6$, and also that $\dfrac{3(3+1)}{2} = 6$.

Suppose instead that $n = 7$. We have that $1 + 2 + 3 + 4 + 5 + 6 + 7 = 28$, and also that $\dfrac{7(7+1)}{2} = 28$.

First induction proof

Let $P(n)$ be the equation:

We wish to use mathematical induction to prove that $P(n)$ holds for all positive integers $n$.

We will refer to $1 + 2 + ... + n$ as $LHS(n))$ and we will refer to $\dfrac{n(n+1)}{2}$ as $RHS(n))$. To prove that $P(n)$ holds for some positive integer $n$, we must prove that $LHS(n)) = RHS(n))$.

Base case

We must prove that $P(n)$ holds for the smallest positive integer, $n = 1$, that is, that $LHS(1) = RHS(1))$. The sum of all integers from 1 to 1 is just 1, so we have that $LHS(1) = 1$. We also have that:

We have that $LHS(1) = RHS(1)$. Thus $P(1)$ is true, so the base case holds.

Inductive step

We assume the inductive hypothesis - that $P(k)$ holds for some arbitrary positive integer $k$. In other words, we assume that $LHS(k) = RHS(k)$ for our arbitrary $k$. We must prove that $P(k+1)$ also holds – i.e., that $LHS(k+1) = RHS(k+1)$. We have that: