Propositions and Proofs

Similar documents
Inductive Predicates

COMP 182 Algorithmic Thinking. Proofs. Luay Nakhleh Computer Science Rice University

Introduction to Sets and Logic (MATH 1190)

Predicates, Quantifiers and Nested Quantifiers

Discrete Mathematics and Its Applications

First order Logic ( Predicate Logic) and Methods of Proof

Logic, Sets, and Proofs

Discrete Mathematics & Mathematical Reasoning Predicates, Quantifiers and Proof Techniques

Propositional Logic Not Enough

Before you get started, make sure you ve read Chapter 1, which sets the tone for the work we will begin doing here.

3. The Logic of Quantified Statements Summary. Aaron Tan August 2017

Transparencies to accompany Rosen, Discrete Mathematics and Its Applications Section 1.3. Section 1.3 Predicates and Quantifiers

Supplementary Logic Notes CSE 321 Winter 2009

Automated Reasoning Lecture 5: First-Order Logic

Examples: P: it is not the case that P. P Q: P or Q P Q: P implies Q (if P then Q) Typical formula:

2-4: The Use of Quantifiers

Predicate Logic. Andreas Klappenecker

2. Use quantifiers to express the associative law for multiplication of real numbers.

Chapter 1 Elementary Logic

MAT2345 Discrete Math

CSCE 222 Discrete Structures for Computing. Predicate Logic. Dr. Hyunyoung Lee. !!!!! Based on slides by Andreas Klappenecker

Predicate Calculus - Syntax

Section Summary. Predicate logic Quantifiers. Negating Quantifiers. Translating English to Logic. Universal Quantifier Existential Quantifier

Beyond First-Order Logic

Part I: Propositional Calculus

Logic and Proofs. (A brief summary)

MATH 22 INFERENCE & QUANTIFICATION. Lecture F: 9/18/2003

Logic and Proofs. (A brief summary)

Chapter 1. Logic and Proof

The predicate calculus is complete

2/2/2018. CS 103 Discrete Structures. Chapter 1. Propositional Logic. Chapter 1.1. Propositional Logic

Logic Overview, I. and T T T T F F F T F F F F

Chapter 4, Logic using Propositional Calculus Handout

With Question/Answer Animations. Chapter 2

Logic. Propositional Logic: Syntax

Math 10850, fall 2017, University of Notre Dame

Lecture 3 : Predicates and Sets DRAFT

Why Learning Logic? Logic. Propositional Logic. Compound Propositions

The Curry-Howard Isomorphism

Intelligent Agents. First Order Logic. Ute Schmid. Cognitive Systems, Applied Computer Science, Bamberg University. last change: 19.

Arithmetic Decision Procedures: a simple introduction

LECTURE NOTES DISCRETE MATHEMATICS. Eusebius Doedel

Review. Propositional Logic. Propositions atomic and compound. Operators: negation, and, or, xor, implies, biconditional.

CS2742 midterm test 2 study sheet. Boolean circuits: Predicate logic:

Formal Logic: Quantifiers, Predicates, and Validity. CS 130 Discrete Structures

Logical Operators. Conjunction Disjunction Negation Exclusive Or Implication Biconditional

Today. Proof using contrapositive. Compound Propositions. Manipulating Propositions. Tautology

Discrete Structures for Computer Science

ICS141: Discrete Mathematics for Computer Science I

Logic and Proof. Aiichiro Nakano

COMP 2600: Formal Methods for Software Engineeing

G52DOA - Derivation of Algorithms Predicate Logic

Proofs: A General How To II. Rules of Inference. Rules of Inference Modus Ponens. Rules of Inference Addition. Rules of Inference Conjunction

1.3 Predicates and Quantifiers

Section Summary. Predicates Variables Quantifiers. Negating Quantifiers. Translating English to Logic Logic Programming (optional)

Negation introduction

3/29/2017. Logic. Propositions and logical operations. Main concepts: propositions truth values propositional variables logical operations

Section 1.1 Propositions

A Guide to Proof-Writing

Logic As Algebra COMP1600 / COMP6260. Dirk Pattinson Australian National University. Semester 2, 2017

Metainduction in Operational Set Theory

THE LOGIC OF QUANTIFIED STATEMENTS. Predicates and Quantified Statements I. Predicates and Quantified Statements I CHAPTER 3 SECTION 3.

What are the recursion theoretic properties of a set of axioms? Understanding a paper by William Craig Armando B. Matos

Announcements CompSci 102 Discrete Math for Computer Science

Completeness for FOL

! Predicates! Variables! Quantifiers. ! Universal Quantifier! Existential Quantifier. ! Negating Quantifiers. ! De Morgan s Laws for Quantifiers

Logic and Mathematics:

ICS141: Discrete Mathematics for Computer Science I

Quantifiers Here is a (true) statement about real numbers: Every real number is either rational or irrational.

CSCE 222 Discrete Structures for Computing. Review for Exam 1. Dr. Hyunyoung Lee !!!

CS 220: Discrete Structures and their Applications. Predicate Logic Section in zybooks

Section Summary. Predicate logic Quantifiers. Negating Quantifiers. Translating English to Logic. Universal Quantifier Existential Quantifier

MAT 243 Test 1 SOLUTIONS, FORM A

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

PREDICATE LOGIC. Schaum's outline chapter 4 Rosen chapter 1. September 11, ioc.pdf

CM10196 Topic 2: Sets, Predicates, Boolean algebras

Propositional Logic: Syntax

cse 311: foundations of computing Fall 2015 Lecture 6: Predicate Logic, Logical Inference

1. Propositions: Contrapositives and Converses

CSI30. Chapter 1. The Foundations: Logic and Proofs Nested Quantifiers

Propositional natural deduction

3 The Semantics of the Propositional Calculus

INTRODUCTION TO LOGIC 8 Identity and Definite Descriptions

A Little Deductive Logic

Introduction to Intuitionistic Logic

Mat 243 Exam 1 Review

LING 501, Fall 2004: Quantification

Mathematical Preliminaries. Sipser pages 1-28

Introduction to Predicate Logic Part 1. Professor Anita Wasilewska Lecture Notes (1)

Chapter 3. The Logic of Quantified Statements

Introducing Proof 1. hsn.uk.net. Contents

Intro to Logic and Proofs

Predicate Calculus. Lila Kari. University of Waterloo. Predicate Calculus CS245, Logic and Computation 1 / 59

Logic Part II: Intuitionistic Logic and Natural Deduction

Mathematical Reasoning. The Foundation of Algorithmics

Lecture Notes on DISCRETE MATHEMATICS. Eusebius Doedel

Discrete Mathematics and Probability Theory Spring 2014 Anant Sahai Note 1

Tools for reasoning: Logic. Ch. 1: Introduction to Propositional Logic Truth values, truth tables Boolean logic: Implications:

Argument. whenever all the assumptions are true, then the conclusion is true. If today is Wednesday, then yesterday is Tuesday. Today is Wednesday.

Logic and Propositional Calculus

Transcription:

Propositions and Proofs Gert Smolka, Saarland University April 25, 2018 Proposition are logical statements whose truth or falsity can be established with proofs. Coq s type theory provides us with a language for writing propositions and proofs. Propositions are accommodated as types and proofs are accommodated as elements of types. This way proof checking reduces to type checking. Implications are accommodated as function types, and universal quantifications are accommodated as dependent function types. The remaining propositional forms such as conjunction, disjunction, and existential quantification are accommodated with inductive types. This setup provides for a basic form of logical reasoning known as intuitionistic reasoning. In contrast to classical reasoning, intuitionistic reasoning does not built in the law of excluded middle. 1 BHK Proofs Propositions are build from basic propositions with connectives and quantifiers. Here are prominent forms of propositions you will have encountered before. Name Notation Reading equality s = t s equals t truth true falsity false conjunction P Q P and Q disjunction P Q P or Q implication P Q if P then Q negation P not P equivalence P Q P if and only if Q universal quantification x : X. px for all x in X, px existential quantification x : X. px for some x in X, px Truth and falsity of propositions is established by proofs. We say that a proposition P is true if we have a proof of P, and we say that a proposition P is false if we 1

have a proof of P. Following a design known as BHK interpretation, 1 proofs are modelled as computational values: A proof of a conjunction P Q is a pair consisting of a proof of P and a proof of Q. A proof of a disjunction P Q is a tagged value containing either a proof of P or a proof of Q. The tag says whether we have a proof of the left proposition or the right proposition. A proof of an implication P Q is a function that for every proof of P yields a proof of Q. A proof of a universal quantification x : X. px is a function that for every term s of type X yields a proof of the proposition ps. A proof of an existential quantification x : X. px is a pair consisting of a term s of type X and a proof of the proposition ps. The term S is called the witness of the proof. has a unique proof I. has no proof. We have now said what we admit as proofs of conjunctions, disjunctions, implications, universal and existential quantifications, and. This gives us a set of proof rules modelling basic intuitions about logical reasoning. The above listing of proof forms specifies all primitive proofs of the propositional forms mentioned. Hence, every proof of an implication P Q, say, is a function from proofs of P to proofs of Q. Thus, if f is a proof of P Q and a is a proof of P, the application of f to a yields a proof of Q. We now define negation with implication and : P := P Thus a proof of P is a function that given a proof of P yields a proof of. Since has no proof, the existence of such a function guarantees that P has no proof. We define equivalence of propositions as one would expect: P Q := (P Q) (Q P) Thus a proof of an equivalence is a pair of two functions translating proofs from left to right and from right to left. From what we have said it is clear that λx : P.x is a proof P P, and that (λ_.λx.x, λ_.i) is a proof of ( ). It remains to say what counts as a proof of an equation s = t. We postpone this question until we have worked out the presented design in more detail. 1 The BHK view of proofs originated in the 1930 s in the work of the mathematicians Luitzen Brouwer, Arend Heyting, and Andrey Kolmogorov. 2

2 Propositions as Types Given a type theory with inductive types and dependent function types, it is natural to accommodate propositions as types and proofs as elements of propositions such that the elements of a proposition P serve as the proofs of P. This design is known as propositions as types principle and yields a natural realization of BHK proofs. We will explain the propositions as type principle as it is realized in Coq s type theory. Implications and universal quantifications are accommodated as function types P Q and dependent function types x : X. px, which establishes their proofs exactly as specified by the BHK interpretation. The remaining propositions are represented with inductive types. Coq s type theory is designed such that every proposition is a type but not every type is a proposition. To this end, Coq has a special type P (read prop ) serving as type of all propositions. We have P T, which ensures that every proposition is a type. Types in T that are not in P (e.g., N and B) are called proper types. When we define an inductive type, we can decide whether it is a proposition or a proper type. The types P and T are known as universes. Having a separate universe for propositions (e.g., P) makes is possible to impose assumptions on propositions without affecting proper types. Here are the inductive definitions we will use for truth, falsity, conjunctions, and disjunctions. 2 : P := [I : ] : P := [] (X : P)(Y : P) : P := (X : P)(Y : P) : P := [ C : X Y X Y ] [ L : X X Y R : Y X Y ] We call the value constructors of inductive propositions proof constructors. Following the BHK view of proofs, and conjunctions come with one proof constructor each, and disjunctions comes with two proof constructors. The requirement that has no proof is realized by defining as an inductive proposition that has no proof constructor. Here are the types of the constructors introduced by the inductive definitions of 2 We have named the proof constructors for conjunctions and disjunctions different from Coq. 3

truth, falsity, conjunctions, and disjunctions: : P : P I : : P P P C : X : P Y : P. X Y X Y : P P P L : X : P Y : P. X X Y R : X : P Y : P. Y X Y We will treat the arguments X and Y of C, L, and R as implicit arguments. For L and R this means that information from the surrounding context is needed to infer Y and X, respectively. A predicate is a function that eventually yields a proposition. Note that and are inductive predicates. The universe of propositions is closed under forming implications and universal quantifications. That is, if P and Q are propositions, then the function type P Q is a proposition. Moreover, if X is a type and p is a predicate, then the dependent function type x : X. px is a proposition. An important consequence of the propositions as types principle is the fact that proof checking reduces to type checking. Thus Coq doesn t have a special-purpose proof checker but just a general-purpose type checker. In short, proof checking in Coq is type checking. 3 Proof Terms We can now write proofs of propositions as terms. Here are a few straightforward examples. We assume that X, Y, and Z are propositions. Proposition Proof X Y x λxy.x X (X Y ) Y λxf.f x (X Y ) (Y Z) X Y λf gx.g(f x) ( Z : P. Z) X λf.f X In the proof terms on the right we have omitted the types of the argument variables since they can be inferred from the propositions on the left. A logical principle known as exfalso says that from falsity one can derive everything. We can prove the principle with the following proof term: x λh. match H [] The function takes a proof H of as argument and returns a proof of X. To do so, the function matches on H. Every rule of the match must yield a proof of X. Since 4

has no constructor, the match has no rule, and hence it is vacuously true that every rule yields a proof of X. Here are a few proof terms for propositions involving negation. Recall that negation is defined as s := s. The trick is that the definition of negation is automatically unfolded whenever this is necessary (that is, the term s is automatically replaced with the implication s ). X X λxf.f x X X Y λxf. match f x [] (X Y ) Y X λf gx. g(f x) X X λxf. f (λg.gx) X (X X) λf g. f (λx.gxx) (X X) ( X X) λf g. let x = g(λx.f xx) in f xx Here are a few proof terms for propositions involving conjunctions and disjunctions. X Y X λx. Rx X Y Y X λh. match H [ Cxy Cyx ] X Y Y X λh. match H [ L x Rx Ry Ly ] The proposition X (Y Z) X Y X Z requires a proof term with two matches: λh. match H [ CxH 1 match H 1 [ Ly L(Cxy) Rz R(Cxz) ] ] This is also the case for the proposition ( X Y ) (X Y ): λh 1 H 2. match H 2 [ Cxy match H 1 [ L f f x R g gy ] ] Russell s law is the proposition X : P. (X X). following proof term: It can be shown with the λxh. match H [Cf g let x = g(λx.f xx) in f xx] 4 Proof Diagrams The construction of proof terms requires a certain information structure. One needs to keep track of the types one has to construct proof terms for, and also of the variables and their types that have been introduced by lambdas and rules of matches. Proof term construction can be assisted with a proof diagram displaying the necessary information. Here is an example: 5

X : P f : X X g : X X X : P. (X X) assert X apply g X X : X apply f xx x : X apply f xx The diagram is written top-down beginning with the initial claim and records the construction of the proof term λxh. match H [ Cf g let x = g(λx.f xx) in f xx ] for the proposition X : P. (X X). Proof diagrams are have-want diagrams in that they record on the left what we have and on the right want we want. When we start, the proof diagram is partial and just consists of the first line. As the proof term construction proceeds, we add further lines and further proof goals (separated through horizontal lines) until we arrive at a complete proof diagram. With Coq one can construct proof terms interactively using commands called tactics. Coq then shows information similar to what we see in a proof diagram. There may be several proof goals open at a point in time, where each proof goal consists of a list of assumptions called context and a claim. The assumptions are typed variables as shown on the left of a proof diagram, and a claim is a type as shown on the right of a proof diagram. There may be more than one proof goal open at a point in time and one may navigate between open goals. Interactive proof term construction with Coq is convenient since the bookkeeping and verification is done by Coq and the proof goals with their assumptions and claims are displayed nicely. We show two further examples of complete proof diagrams. X (X X) f : X g : X X apply f X x : X apply gxx the proof term constructed is λf g.f (λx.gxx). 6

x : X X (Y Z) (X Y ) (X Z) 1. y : Y (X Y ) (X Z) apply L xy 2. z : Z (X Y ) (X Z) apply R xz the proof term constructed is λh. match H [ C xh 1 match H 1 [ L y L(C xy) R z R(C xz) ] ] Exercise 1 The following propositions formulate well-known properties of conjunction and disjunction: X Y Y X X Y Y X commutativity X (Y Z) (X Y ) Z X (Y Z) (X Y ) Z associativity X (Y Z) X Y X Z X (Y Z) (X Y ) (X Z) distributivity X (X Y ) X X (X Y ) X absorption Make sure you can construct proof terms for all propositions using proof diagrams. Exercise 2 Prove the following propositions. a) (X Y ) X Y. b) X Y (X Y ). 5 A Difficult Proof Not every proof is easy to find. The proposition ( p. px py) p. py px where p : X P has a short proof, but takes insight to find it. The trick consists in instantiating the predicate p of the premise with λz. pz px where p is the predicate from the conclusion. Here is a proof diagram. f : ( p. px py) p : X P apply f (λz. pz px) apply λh.h ( p. px py) p. py px py px px px The proof term constructed is λf p. f (λz. pz px)(λh.h). 7

6 Existential Quantification We will represent an existential quantification x.s as an application ex(λx.s) of a suitable defined inductive predicate ex. The use of the abstraction λx.s ensures that x is a local variable whose scope is the term s. Let X be a type and p : X P be a predicate on X. Following the BHK design, we postulate that a proof of an existential quantification x.px is a pair consisting of a witness t and a proof of the instance pt. We realize this design with an inductive definition: ex(x : T)(p : X P) : P := [ E : x : X. px ex p ] As an example, we prove the de Morgan law for existential quantification: ( x.px) x. px. We give a prove diagram for each direction. f : ( x.px) x : X H : px apply f (E xh) ( x.px) x. px The proof term constructed is λf xh. f (E xh). f : x. px x : X H : px apply f xh ( x. px) ( x.px) The proof term constructed is λf H 1. match H 1 [ E xh f xh ]. Barber Paradox In a village, there cannot be a barber who shaves everyone who doesn t shave himself. We prove a generalisation of this statement. Fact 3 Let X be a type and p be a binary predicate on X. x y. pxy pyy is provable. Then the proposition Proof Suppose there is an x such that pxy pyy for all y. Then pxx pxx, which is contradictory by Russell s law. The barber paradox explains why there cannot be a set that contains all sets that don t contain themselves. To see this, let the type X in Fact 3 be the type of sets and 8

let p be the inverse membership predicate for sets (i.e., pxy := y x). The barber paradox also explains why there cannot be a Turing machine that halts on the code of a Turing machine if and only if this machine doesn t halt on its own code. For this, let X be the type of all Turing machine codes and pxy say that the machine with code x holds on code y if and only if the machine with code y doesn t halt on y. Exercise 4 Prove the following propositions with proof diagrams and give the resulting proof terms. a) ( x y. pxy) y x. pxy. b) ( x. px qx) ( x.px) ( x.qx). c) ( x.px) x. px. d) (( x.px) Z) x. px Z. 7 Impredicative Characterizations The following equivalences, known as impredicative characterisations of conjunction, disjunction, existential quantification, falsity, and truth, are easy to prove: X Y Z. (X Y Z) Z X Y Z. (X Z) (Y Z) Z x.px Z. ( x. px Z) Z Z. Z Z. Z Z The equivalences tell us that the inductively defined propositions on the left can be characterised by propositions only using universal quantification and implication. The right-hand sides of the equivalences are in fact propositions expressing the proof rules realized by the matches for the inductive predicates on the left. This important insight becomes apparent in the proof terms for the equivalences. Here are the proof terms for the two directions of the equivalence for disjunctions: λhzf g. match H [ L x f x R y gy ]. λh. H(X Y ) L R The direction from left to right just applies the match for disjunctions. The other direction (right to left) instantiate the variable Z on the right-hand side with the inductive proposition on the left-hand side and the two proof constructors. The proof terms for the other logical constants have the same structure. 9

The impredicative characterisations tell us that a type theory without inductive types suffices for the definition of conjunction, disjunction, existential quantification, falsity, and truth. Exercise 5 Make sure that you can derive the impredicative characterisations of the inductive propositions X Y, X Y, x.px,, and by expressing with a proposition the effect the tactic destruct has for the inductive proposition. The idea is that an application of a proof of the derived proposition will have the same effect as the tactic destruct. 8 Excluded Middle The proof rules coming with the propositions as types principle constitute a basic proof system known as intuitionistic logic or constructive logic. We say that a proposition follows intuitionistically or constructively if it can be shown with the proof rules coming with the propositions as types principle. Not every proposition considered true in Mathematics can be shown constructively. A proposition that cannot be shown constructively is excluded middle (XM for short): XM := X : P. X X XM says that for every proposition X the disjunction X X is true. XM is a basic assumption in standard Mathematics. If we want to use XM in Coq, we have to assume it explicitly. That is, to prove X using XM, we prove the implication XM X. Coq provides a command making it possible to assume XM for an entire development (similar to assumptions in sections). We say that a proposition follows classically if it can be shown with XM. The fact that constructive logic does not built-in XM is a virtue, not a defect. This way we can distinguish between proofs not using XM and proofs using XM. The philosophy here is that XM is a basic assumption in standard Mathematics but not a basic proof rule. We may say that constructive logic minimizes the built-in assumptions and thus provides finer proof checking (e.g., this proof doesn t rely on XM). It turns out that many interesting facts can be shown without assuming XM. Assuming XM, we can prove the following propositions for all propositions X 10

and Y. None of these propositions is provable without XM. X X ( X Y ) Y X (X Y ) X Y ( x.px) x. px ((X Y ) X) X (X Y ) (Y X) (X Y ) X Y Fact 6 The following propositions are equivalent. That is, if we can prove one of them, we can prove all of them. 1. X : P. X X excluded middle 2. X : P. X X double negation 3. XY : P. ( X Y ) Y X contraposition 4. XY : P. ((X Y ) X) X Peirce s law Proof It suffices to prove the implications 1 2, 2 3, 3 4, and 4 1. In each case, one applies the assumption after doing all possible intros. After this the proof is routine, the assumption is not needed further. For 4 1, one instantiates Y in 4 with. Nice exercises. Exercise 7 Consider the propositions X X ( X Y ) Y X (X Y ) X Y ((X Y ) X) X (X Y ) (Y X) (X Y ) X Y a) Prove each of the above propositions using X X. b) The double negation of a proposition s is s. Prove the double negation of each of the above propositions. Exercise 8 Prove the following propositions using XM. a) ( x.px) x. px. b) ( x.px) x. px. 11

Exercise 9 (Prominent Propositions) Here is a list of prominent propositions you should know: X (X X) (X Y ) X Y ( x.px) x. px (X Y ) X Y ( x.px) x. px X X X X ( X Y ) (Y X) exfalso Russell de Morgan de Morgan de Morgan de Morgan excluded middle double negation contraposition (X Y ) X Y classical implication ( x.px) x. px a) Prove the first four propositions. b) Prove the directions of all equivalences. counterexample c) Prove all quantifier-free propositions assuming X X. d) Prove the remaining propositions with excluded middle. Drinker Paradox Consider a bar populated by at least one person. Using excluded middle, one can prove that one can pick some person in the bar such that everyone in the bar drinks Whiskey if this person drinks Whiskey. The proof is easy. Either everyone in the bar drinks Whiskey or not everyone in the bar drinks Whiskey. If everyone in the bar drinks Whiskey, we pick some person in the bar and are done (we assumed that the bar is populated). If not everyone in the bar drinks Whiskey, there is some person x who doesn t drink Whiskey. Hence everyone drinks Whiskey if x drinks Whiskey (the trick is in the proof rule for implication). The formalisation and proof the statement are somewhat tricky. We will assume a type representing the persons in the bar. A type is called inhabited if it has at least one element. Fact 10 Let X be an inhabited type and p be a predicate on X. Then the proposition x. px x.px is provable assuming XM. Proof By XM we have either x. px or x. px. In the first case the proof is straightforward. We consider the second case. Let x. px. Using XM we can show x.px. Since X is inhabited, it suffices to prove px x.px for some x, which is now trivial. Makes a nice Coq exercise. 12

9 Notational Issues Following Coq, we use the precedence order for the notations for the logical constants. Thus we may omit parentheses as in the following example: X Y Z Z Y ((( ( X) Y ) Z) Z) Y The notations,, and are in addition right associative. As it comes to quantifiers, we use notational conveniences we also use for λ-abstractions. For instance, we may write xy z. s or x y z. s for x. y. z. s. 13

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback