Logika: Programming Logics
7. Applications of Propositional Logic to Program Proving

7. Applications of Propositional Logic to Program Proving

Symbolic logic is the study of assertions (declarative statements) using the connectives, and, or, not, implies, for all, there exists. It is a “starter language” for stating laws for other areas. (Example: in algebra, we use symbolic logic to declare, “for all (every) integer(s), i, there exists an integer j such that j > i.) Without symbolic logic, modern math, physics, philosophy, computing, and electronics simply would not exist.

Anyone who works in one of the above-stated technical areas must be competent in using symbolic logic, and in particular, in performing deduction.

Deduction is the synthesis of new facts — consequences — from known facts. An example: a cases analysis of the assertion that x < 0 v x > 0 lets us deduce that x != 0 and that 1.0/x is a non-erroneous, floating-point number. Another example, stated in almost every logic text written in the last 50 years, goes

All humans are mortal
 and
Socrates is a human.

 Therefore,
Socrates is mortal.

These examples of deduction go beyond what we can do with mere truth tables alone, and the purpose of this chapter is to provide a set of deduction rules (also known as inference rules) that you can use to deduce new facts. The rules will be written so that they can be used in math, physics, computing, etc.

We will develop the symbolic-logic rules in detail.

7.1. Propositions

Symbolic logic manipulates propositions, which are assertions – declarative statements that can be understood as “true” (it’s a fact) or “false” (it’s wrong).

Examples of propositions from algebra are

x > 0
y == 2*x + 1
2 > 4

The third proposition is always understood as false, whereas the first two might be true or false, depending on the values of x and y.

Examples of propositions written in English are

Socrates is a human.
The sun is shining.
I have a million bucks in my pocket.

In English, we can also write sentences that are not propositions: “Will it rain tomorrow?” is a question and not a true-false proposition. We will always stay within algebra and form true-false propositions from arithmetic operators like + and / and comparison operators like == and >. The operators, ^ (math: ∧), V (math: ∨), -> (math: →), ~ (math: ¬), are called propositional connectives because they connect together propositions to make new propositions. (Example: (x > 0 V x < 0) -> ~(2x = 0) is a proposition that connects together x > 0, x < 0, and 2x = 0 with ~, V, and ->.)

Later we will study FORALL (math: ∀) and EXIST (math: ∃), which are more delicate than the propositional connectives and are called quantifiers.

7.2. Inference Rules

The propositional connectives are a kind of data-structure language for building propositional-data-structures from basic, primitive propositions. For this reason, we must have laws for constructing the propositions and for disassembling them. These laws are called inference rules or deduction rules, and a natural deduction system is a set of inference rules, such that for each connective, there is a rule for constructing a proposition with a connective (this is called an introduction rule) and there is a rule for disassembling a proposition with the connective (this is called an elimination rule).

For the sections that follow, we will review the introduction and elimination rules for each propositional connective, give examples of their use in proofs, and describe strategies for applying to rules. When we present the rules, we will use the letters, P, Q, R, …, to represent propositions (rather than use x > 0, etc., as propositions).

The notation,

ASCII Math
P0, P1, ..., Pm |- Q

(read as, “P0, P1, …, Pm entails Q”) is a claim — a sequent — that asserts propositions Pi let us deduce Q. The Pi are called premises and Q is called the consequent. For example, x > y, y = z + 1 |- x > z. It says, “when premises x > y and y = z + 1 are accepted as facts (true propositions), then consequent x > z is guaranteed to be a fact as well.

When we state such a claim — a sequent — we must supply a proof to support the claim. We use deduction rules to make a proof.

7.3. And-Introduction and And-Elimination

It is easy to work with the conjunction connective, ^ (math: ∧). Clearly, P, Q |- P ^ Q, that is, when both P and Q are facts, then so is the proposition, P ^ Q. Dually, we accept that P ^ Q |- P as well as P ^ Q |- Q. Here are the deduction rules that formalize these intuitions:

7.3.1. Rules

        P   Q               P ^ Q              P ^ Q
^i :  ---------     ^e1 : ---------    ^e2 : ---------
        P ^ Q                 P                  Q

It is a tradition to draw the rules as a kind of “arithmetic sum-up expression”: when we have proof of the propositions above the horizontal bar, then we deduce a proof of the proposition below the bar.

The rules are used to build proofs of new facts from starting facts (premises). A proof is written as a sequence of deduction steps. Here are some examples.

7.3.2. Examples

p, q, r |- r ^ (q ^ p)

{
  1. p                    premise // (a starting fact)
  2. q                    premise
  3. r                    premise
  4. q ^ p                ^i 2 1
  5. r ^ (q ^ p)          ^i 3 4
}

Read line 4 like this: “from the fact stated on line 2 and the fact stated on line 1, we deduce q ^ p by applying the ^i law”. Lines 4 and 5 construct new facts from the starting facts (premises) on lines 1-3. A proof generates new knowledge from existing knowledge by using deduction rules.

p ^ (q ^ r) |-  r ^ p

{
  1. p ^ (q ^ r)        premise
  2. p                  ^e1 1
  3. q ^ r              ^e2 1
  4. r                  ^e2 3
  5. r ^ p              ^i 4 2
}

The two examples seen so far suggest that a proposition like r ^ p is like a pair, (r, p), in Python that we can disassemble by indexing. The ^e rule does the indexing, and the ^i-does the pair-building.

p |- p ^ p

{
  1. p            premise
  2. p ^ p        ^i 1 1
}

This example shows you can use a premise multiple times in a proof.

It is easy to prove P ^ Q |- P (use ^e1), but we cannot prove P |- P ^ Q. This reminds us that deduction rules develop new knowledge, but the knowledge might be weaker than the starting facts used to deduce the knowledge. When we have propositions P and Q and we prove both P |- Q and also Q |- P, we write P -||- Q (math: ) and say that P and Q are equivalent – they hold the “same amounts of knowledge”.

7.3.3. Tactics

A tactic is a useful step towards proving a goal. The rules for conjunction come with these two tactics, which we rate from (*) to (***) based on their utility:

  • (***) ^i-tactic: If your task is to prove Premises |- P ^ Q, then

    1. prove Premises |- P
    2. prove Premises |- Q
    3. use ^i.

    The proof you are building looks like this

    1. Premises     premise
         (fill in)
    i. P
         (fill in)
    j. Q
    k. P ^  Q       ^i i j
    
  • (**) ^e-tactic: If your task is to prove Premises |- R and you have as a premise or proved fact in your partial proof, P ^ Q, then apply ^e to extract P and Q to use in the proof

    1. Premises     premise
        . . .
    i.   P ^ Q      premise
    i+1. P          ^e1 i
    i+2. Q          ^e2 i
          (fill in)
    j.   R
    

Let’s apply the tactics to one of the previous examples:

  1. Prove P ^ (Q ^ R) |- R ^ P: Use the (***)-^i tactic to generate two subgoals, P ^ (Q ^ R) |- R and also P ^ (Q ^ R) |- P

    1.   P ^ (Q ^ R)   premises
           (fill in)
    i.   R
           (fill in)
    j.   P
    j+1. R ^ P         ^i i j
    
  2. Since the (***)-tactic can’t be used on either subgoal, apply the (**)-^e-tactic to the premise

    1.   P ^ (Q ^ R)   premise
    2.   P             ^e1 1     // (succeeded in proving subgoal, P)
    3.   Q ^ R         ^e2 1
          (fill in)
    i.   R
    i+1. R ^ P         ^i i 2
    
  3. We can prove the remaining subgoal by applying the ^e-tactic once more

    1.   P ^ (Q ^ R)   premises
    2.   P             ^e1 1     // (succeeded in proving subgoal, P)
    3.   Q ^ R         ^e2 1
    4.   R             ^e2 3     // (succeeded in proving subgoal, R)
    5.   R ^ P         ^i 4 2
    

7.4. Or-Introduction and Or-Elimination

It is a bit trickier reasoning about disjunction, V (math: ∨), because there are multiple meanings of the word in English. We use the meaning “one or the other or both”. This causes us to accept the entailments, P |- P V Q and Q |- P V Q (as well as P |- P V P), which give us the two versions of the Vi deduction rule, seen below.

There must also be a rule for applying a fact of form, P V Q, to deduce new knowledge. In real life, we call the rule “case analysis”. For example, say that you have either 4 quarters in your pocket or 10 dimes in your pocket. In either case, you can buy a one-dollar coffee. Why? You do a case analysis:

  1. In the case you have 4 quarters, that totals a dollar, and you can buy the coffee;
  2. In the case you have 10 dimes, that totals a dollar, and you can buy the coffee.

So, in both cases, you can buy the coffee.

This pattern of deduction is formalized in the Ve-rule below.

7.4.1. Rules

                                                      { P assume    { Q assume
         P                  Q                 P V Q     ... R    }    ... R    }
Vi1 : --------    Vi2 :  --------        Ve: ------------------------------------
       P V Q              P V Q                              R

The Ve-rule is the deduction-rule form of case analysis: you assume P and do deductions that prove R and then you assume Q and do another sequence of deductions to reprove R. Each case is a “subproof” that is indented with braces. Once both cases are proved, you conclude R no matter what.

7.4.2. Examples

p |- q V p

{
  1. p              premise
  2. q V p          Vi2 1
}

Perhaps it seems strange to “weaken” fact p by attaching q to it. Yet, we do this all the time. For example, when we say, “today is Tuesday, so today is a weekday”, we have weakened “today is Tuesday” to “today is Monday or Tuesday or … or Friday”. In math, we might have that x > 0, so we conclude that x != 0, that is, x > 0 |- (x < 0) V (x > 0).

What is more interesting is that proposition q in the above proof can be any proposition, and it need not be a true fact (p is the fact that matters here). For example, we can prove 2 == 1 + 1 |- (2 == 1 + 1) V (1 == 0). This sequent is valid, because it is enough that 2 == 1 + 1 is a fact; literally, 1 == 0 does not matter.

A similar result goes

p ^ q |- p V q

{
  1. p ^ q        premise
  2. p            ^e1 1
  3. p V q        Vi1 2
}

For that matter, we reprove this result using ^e2

p ^ q |- p V q

{
  1. p ^ q        premise
  2. q            ^e2 1
  3. p V q        Vi2 2
}

We cannot prove P V Q |- P ^ Q, which clearly shows that the Vi rule generates “weaker knowledge” from its facts.

Here is a proof that uses case analysis — Ve — to prove a useful sequent.

p V q, r |- (p ^ r) V (q ^ r)

{
  1. p V q                     premise
  2. r                         premise
  3. {
       4. p                    assume   // (the first case for line 1)
       5. p ^ r                ^i 4 2
       6. (p ^ r) V (q ^ r)    Vi1 5
  }
  7. {
       8. q                    assume   // (the second case for line 1)
       9. q ^ r                ^i 8 2
       10. (p ^ r) V (q ^ r)   Vi2 9
  }
  11.  (p ^ r) V (q ^ r)       Ve 1 3 7
}

Each case — the p case and the q case — proved the same fact, so we conclude that the fact holds no matter what.

Both subproofs must prove the same fact, and then the Ve rule finishes the proof. Here, line 11 states that, starting from the cases asserted on line 1, the proof that p proves the goal is stated in lines 4-6 and the proof that q proves the goal is stated in lines 8-10.

The assumption on line 4 (and the one on line 8) acts like a local variable inside a function – it can be used only within the function’s body. This is because the assumption is a what-if premise that is used only for the sake of discussion of the case.

Finally, here is a simple but vital proof

p V p |- p

{
  1. p V p         premise
  2. {
       3. p        assume
  }
  4. {
       5. p        assume
  }
  6. p             Ve 1 2 4
}

7.4.3. Tactics

There is one good tactic, and one not-so-good:

  • (***) Ve-tactic: To prove Premises |- R, if P V Q appears as a premise or proved fact in the partial proof, then

    1. prove Premises, P |- R
    2. prove Premises, Q |- R
    3. use the Ve-rule to prove R.

    The proof is structured like this

    1. Premises       premise
         . . .
    i. P V Q
    j. {
         k. P         assume
              (fill in)
         l. R
    }
    m. {
         n. Q         assume
              (fill in)
         o. R
    }
    p. R              Ve i j m
    
  • (*) Vi-tactic: To prove Premises |- P V Q, pick either of P or Q, and try to prove it. Finish with Vi

    1.  Premises     premise
         (fill in)
    i.  P
    j.  P V Q        Vi1 i
    

If you examine the previous proof example, you see that the proof was constructed by applying the Ve tactic, which made possible the use of the ^i tactic upon the two subgoals. The Vi tactic is used only when it is clear that it will yield progress towards the goal.

7.5. Implies-Introduction and Implies-Elimination

Remember that -> (math: →) is a kind of “logical if-then”. The word, “implies” has several shadings of meaning in spoken English, and there are multiple meanings of the word in logic. Here, we understand P -> Q to assert that P holds knowledge sufficient to deduce Q – so, whenever P is proved to be a fact, then P -> Q enables Q to be proved a fact, too.

With this understanding, it is easy to accept that P, P -> Q |- Q; this yields the ->e rule.

But there must also be a rule for building propositions of the form, P -> Q. Say that a family of propositions, P, R, S, T, … are enough to prove proposition, Q. Say we know that R, S, T, … are facts. Thus, if we only knew that P was a fact, too, then we would have Q as a fact. In this sense, R, S, T, … are enough to prove that P -> Q is a fact.

Stated more precisely, the situation where P, R, S, T, ... |- Q lets us conclude that R, S, T, ... |- P -> Q. These two ideas, which go hand in hand, are formalized below.

7.5.1. Rules

       { P assume
         ... Q    }                P -> Q   P
->i : --------------       ->e :  ------------
          P -> Q                       Q

The ->i-rule is a case analysis – it says, consider the case when P is a fact. (We don’t know this for certain; it is a case/possibility we want to discuss.) If assuming P (plus using other facts we already have) leads to a proof of Q, then we conclude that P -> Q is a fact.

7.5.2. Examples

Here are two simple uses of ->e

(p ^ q) -> r,  p -> q,  p  |-  r

{
  1. (p ^ q) -> r           premise
  2. p                      premise
  3. p -> q                 premise
  4. q                      ->e 3 2
  5. p ^ q                  ^i 2 4
  6. r                      ->e 1 5
}
(p V q) -> r,  q |-  r

{
  1. (p V q) -> r           premise
  2. q                      premise
  3. p V q                  Vi2 2
  4. r                      ->e 1 3
}

Here is an example that uses ->i

p,  (q ^ p) -> r  |-  q -> r

{
  1. p                       premise
  2. (q ^ p) -> r            premise
  3. {
       4. q                  assume
       5. q ^ p              ^i 4 1
       6. r                  ->e 2 5
  }
  7. q -> r                  ->i 3
}

The proof includes the case that, when q is assumed a fact then r would follow as a fact, too. The subproof lets us conclude that q -> r is a fact.

Here, two if-then facts entail a third one

p -> q,  q -> r  |- p -> r

{
  1. p -> q      premise
  2. q -> r      premise
  3. {
       4.  p     assume
       5.  q     ->e 1 4
       6.  r     ->e 2 5
  }
  7. p -> r      ->i 3
}

Notice how we assumed p to move the proof forwards to a proof of r. We employ a similar tactic in this example

p -> (q -> r) |-  (q ^ p) ->  r

{
  1. p -> (q -> r)      premise
  2. {
       3. q ^ p         assume
       4. p             ^e2 3
       5. q -> r        ->e 1 4
       6. q             ^e1 3
       7. r             ->e 5 6
  }
  8. (q ^ p) ->  r      ->i 2
}

It is possible to nest cases-analyses, as in this crucial example

p -> r,  q -> r  |-  (p V q) -> r

{
  1. p -> r            premise
  2. q -> r            premise
  3. {
       4. p V q        assume
       5. {
            6. p       assume
            7. r       ->e 1 6
       }
       8. {
            9.  q      assume
            10. r      ->e 2 9
       }
       11. r           Ve 4 5 8
  }
  12. (p V q) -> r     ->i 3
}

Here, the “or reasoning” is nested inside the “implies reasoning”. This example shows how mastery of basic deduction rules allows one to reason far more precisely than ordinary people do in real life.

7.5.3. Tactics

Implication comes with two good tactics:

  • (***) ->i-tactic: To prove Premises |- P -> Q,

    1. assume P
    2. prove Premises, P |- Q
    3. use ->i.

    The proof structure looks like this

    1.  Premises          premise
           . . .
    j.  {
          k.  P           assume
               (fill in)
          l.  Q
    }
    m.  P -> Q            ->i j
    
  • (*) ->e-tactic: To prove Premises |- R, if P -> Q appears as a premise or a proved fact in the partial proof, then

    1. prove Premises |- P
    2. use ->e to deduce Q
    3. prove Premises, P, Q |- R.

    Here, the tactic is to generate new knowledge that will bring us closer to the goal, R.

    1.  Premises      premise
           . . .
    i.  P -> Q
            (fill in)
    j.  P
    k.  Q             ->e i j
            (fill in)
    k.  R
    

In an earlier proof example, you see an immediate use of the (***)-->i tactic to the new subgoal

P -> (Q -> R), Q ^ P |- R

An easy application of the (**)-^i tactic generates this simpler subgoal

P -> (Q -> R), Q, P |- R

and we quickly finish the proof by applying the (*)-->e tactic twice to deduce R.

7.6. Negation

The word, “not”, has many shadings in English, and it does also in logic. We might read ~P as saying, “P is not a fact”, or “the opposite of P is a fact”, or “P can never be a fact”, or “it is impossible for P to be a fact”, or “P is ruled out”, or even “P is false”. The choice of deduction rules will decide the precise meaning of ~P. What is clearcut, however, is that whenever we can prove, P and also ~P, for some proposition, P, we have a contradiction. A contradiction states an impossible situation, that is, P is a fact at the same time that it is not a fact. It is a “crash”, “the end of the world (or at least of the proof!)”.

7.6.1. Rules

We use this symbol — _|_ (math: ⊥) — to stand for a contradiction. There is an extra rule to deduce you have proved a contradiction

        P    ~P
~e :  -----------
         _|_

(The name is not ideal, but we will use it, anyway.)

If you start from some premises and you prove a contradiction, it means that the premises disagree with each other. (For example, from premises x > 0 and x < 0 we can deduce x > 0 ^ ~(x > 0). The problem is that the premises disagree about what is true at the start.)

When we encounter a contradiction in real life, we usually “start over” and try our reasoning again, from a different set of premises. In logic, contradictions are not only a signal that we should “start over” (that is, change the premises of the proof we are building), but they are also useful for finishing a line of logical reasoning where we must consider all cases, even the impossible ones, that follow from some starting set of premises.

There is a special law for reasoning forwards from an impossible situation — the _|_e law — which says, in the case of a contradiction, everything becomes a fact. (That is, “if False is a fact, so is everything else!”.)

         _|_
_|_e :  ------  for any proposition, Q, at all
          Q

7.6.2. Examples

The _|_e-rule works well with case analysis, where we discover that one case is impossible. Here is the classic example

p V q, ~p |- q

{
  1. p V q      premise
  2. ~p         premise
  3. {
       4. p     assume
       5. _|_   ~e 4 2
       6. q     _|_e 5
  }
  7. {
       8. q     assume
  }
  9. q         Ve 1 3 7
}

Considering the premise, p V q, we develop the two-case analysis. The first case, where p holds true, is impossible, because it causes a contradiction. The _|_e-rule lets us gracefully prove q in this “impossible case”. (You can read lines 4-6 as saying, “in the case when p might hold true, there is a contradiction, and in such an impossible situation, we can deduce whatever we like, so we deduce q to finish this impossible case”.)

The second case, that q holds true, is the only realistic case, and it immediately yields the consequent. The proof finishes the two-case analysis with a step of Ve.

Here is another example

p -> _|_ |-  p -> r

{
  1. p -> _|_       premise
  2. {
       3. p         assume
       4. _|_       ->e 1 3
       5. r         _|_e 4
  }
  6. p -> r         ->i 2
}

The sequent can be read as, “if P generates a contradiction, then P generates anything we want!”. Here is a more interesting variation

~p |-  p -> q

{
  1. ~p        premise
  2. {
       3. p    assume
       4. _|_  ~e 3 1
       5. q    _|_e 4
  }
  6. p -> q    ->i 2
}

That is, if P is impossible, we can make any old if-then claim we want about would follow if P somehow became a fact. (Example: “if I am the president of the U.S., then everyone gets a tax refund of a million bucks”. It’s a true statement but not so useful, since I am not the president and will never be.)

7.6.3. Tactic

  • (*) _|_-tactic: To prove Premises |- Q, if ~P appears as a premise or as a proved fact in our partial proof, then
    1. prove Premises |- P
    2. use ~e to deduce _|_
    3. use the _|_e-rule to deduce Q.

The structure is

1.   Premises     premise
       . . .
i.   ~P
      (fill in)
j.   P
k.   _|_          ~e i j
l.   Q            _|_e k

In the previous proof example, we see that ~P |- P -> Q is proved quickly once we obtain as a new fact (via an assumption, thanks to the (***)-->i tactic!).

7.6.4. Negation Introduction

Another rule for negation lets us deduce when an assertion is incompatible with facts we already know.

For example, say that Q, R, S, … are some premises that we have used to prove facts. Say we add P to the premise set, but it is incompatible, that is, we prove, Q, R, S, ..., P |- _|_. So, in a world where Q, R, S, … are facts, P can never be a fact – we have Q, R, S, ... |- ~P.

Rule

       { P assume
         ... _|_  }
~i:   --------------
           ~P

The rule says that we can discuss the case when P holds; if a contradiction results, then it is impossible for P to ever be a fact – indeed, ~P is the fact that holds.

Examples

p,  q -> ~p  |-  ~q

{
  1. p           premise
  2. q -> ~p     premise
  3. {
       4. q      assume
       5. ~p     ->e 2 4
       6. _|_    ~e 1 5
  }
  7. ~q          ~i 3
}

Here, the premises, p and q -> ~p, are so strong that it is impossible for q to ever be proved as a fact. (Lines 4-5 show that, if q ever was proved a fact, it would cause a contradiction/crash.) So, ~q (“q is impossible”) is proved, instead.

p |- ~~p

{
  1. p           premise
  2. {
       3. ~p     assume
       4. _|_    ~e 1 3
  }
  5. ~(~p)       ~i 2
}

Note that the ~i rule is not capable of proving ~~P |- P. Indeed, if “it is impossible that it is impossible for P to be a fact”, does this mean that P (is proved to be) a fact? (Example: Last night, you came home late and used your keys to enter your apartment. This morning, you can’t find your keys. You say, “It’s not that I don’t have my keys!” But do you have them in hand – do you have the evidence that you have your keys In mathematics, there are number problems where people have proved that it is impossible for there not to be a solution. But no one yet knows exactly what the solution is!)

These examples support this understanding of ~P

~P says thatP is impossible

The three rules, _|_e, ~i, and ~e, give the meaning of “is impossible” to the operator, ~.

Tactic

The (***)-~i tactic says, to prove Premises |- ~P,

  1. assume P
  2. prove Premises, P |- _|_
  3. use ~i
1. Premises         premises
     . . .
j. {
     k.  P          assume
           (fill in)
     l.  _|_
}
m. ~P                ~i j

The ~i-tactic was used with good success in the previous example.

7.6.5. Proof by Contradiction

In circuit theory, the not-gate is a “flipper” – it flips low voltage to high and vice versa. In integer arithmetic, the negative symbol flips positive ints to negatives and vice versa. In these areas, for a datum, D, the phrase, ~D, means the “opposite of” or the “complement of” D.

In real life, we use opposites a lot – the opposite of daytime is nighttime, the opposite of happy is sad, and so on. We might even say that ~daytime equals nighttime, and so on. But what is ~raining? Does it equal sunny? overcast? snowing? Some concepts have no natural opposite.

If we work with circuits or similar True/False or “opposite” systems, then we should be able to prove ~~P |- P. Here is the rule that lets us do so:

Rule

        { ~P assume
          ... _|_   }
pbc:   ---------------
             P

The pbc (“proof by contradiction”) rule says that, when ~P leads to a contradiction, then we have built a proof of P.

That is, whenP is impossibleis impossible, pbc concludes not only thatP is possiblebut thatP is a certainty” – a fact.

In a sense, pbc builds “something from nothing” – a “proof” of “fact” P from an argument that says ~P leads to an impossible situation. But does this mean we have “built” P? In a world where the word “not” means the “opposite of”, we have.

Examples

~~p |- p

{
  1. ~~p          premise
  2. {
       3. ~p      assume
       4. _|_     ~e 3 1
  }
  5. p            pbc 2
}
~(~p V ~q)  |- p ^ q

{
  1. ~(~p V ~q)      premise
  2. {
       3. ~p         assume
       4. ~p V ~q    Vi1 3
       5. _|_        ~e 4 1
  }
  6. p               pbc 2
  7. {
       8.  ~q        assume
       9.  ~p V ~q   Vi2 8
       10. _|_       ~e 9 1
  }
  11.  q             pbc 7
  12.  p ^ q         ^i 6 11
}

Here is a famous consequence of pbc: from no starting premises at all, we can prove P V ~P for any proposition we can imagine.

|- p V ~p

{
  1. {
       2. ~(p V ~p)       assume
       3. {
            4. p          assume
            5. p V ~p     Vi1 4
            6. _|_        ~e 5 2
       }
       7.  ~p             ~i 3
       8.  p V ~p         Vi2 7
       9.  _|_            ~e 8 2
  }
  10. p V ~p              pbc 1
}

This is sometimes referred to as the law of the excluded middle (LEM) as P is either true or false. There is no third possibility (hence excluded middle). Now that we have done this proof, say that P stands for “God has red hair”. We have this result:

|- "God has red hair" V ~("God has red hair")

Do you accept this? Perhaps the pbc rule is not so well suited for deductions in the world of theology. A similar example is this one: let P stand for “I have stopped kicking my dog”. (But perhaps I do not even have a pet, let alone ever kicked one!)

pbc constructs “something from nothing”. This appeals to circuit builders, where ~ and V are just gates/on-off switches, but not always to computer scientists, who like to compute/build data values and data structures in constructive ways, with algorithms. For this reason, some logicians (actually, not so many) refuse to accept the pbc rule, except in specific circumstances.

Typically, when people accept that |- P V ~P is a fact, it is because they are using a decision procedure to answer the question. When we consider situations that do not have decision procedures, the situation gets murky, as in the example about the color of God’s hair.

Here is a surprising result, due to pbc

p -> q |- ~p V q

 {
   1. p -> q               premise

   2. {                             // start of previous p V ~p proof
         3. ~(p V ~p)      assume
         4. {
              5. p         assume
              6. p V ~p    Vi1 5
              7. _|_       ~e 6 3
         }
         8.  ~p            ~i 4
         9.  p V ~p        Vi2 8
         10. _|_           ~e 9 3
   }
   11. p V ~p              pbc 2    // conclusion of p V ~p proof

   12. {
         13. p             assume
         14. q             ->e 1 13
         15. ~p V q        Vi2 14
   }
   16. {
         17. ~p            assume
         18. ~p V q        Vi1 17
   }
   19. ~p V q              Ve 11 12 16
 }

This proof says that the dependency of q on p forces us to conclude that either q is already a fact or p is impossible. It is slightly odd that an “if-then” dependency would ensure either of the two outcomes. But this is the consequence of pbc’s ability to build something from nothing.

This result also relies on pbc

|- (P -> Q) V (Q -> P)

for any choice whatsover of propositions P and Q. (An example: let P stand for “It is raining” and Q stand for “I am the President”. The above sequent holds true, even though there is no dependency between the two propositions. Why is that so? Is it reasonable? The claim looks more benign when we restrict P and Q to be propositions about logic gates. The moral is, certain logic rules are meant for certain application areas, and the pbc rule works well in only circuit-theory-like worlds.)

This last result follows because pbc lets us deduce that P -> Q |- ~P V Q – no longer does P -> Q tell us that P gives the needed knowledge for constructing/deducing Q; no longer does P -> Q tell us that Q physically depends on P. Instead, due to pbc, we must read P -> Q as stating a coincidence about the underlying True/False values of P and Q. For this reason, the -> operator is no longer necessary in a logic that uses the pbc rule; this is why there is no need for an -> gate in circuit theory (you use ~P V Q instead).

There is no truly useful tactic for applying the pbc-rule. It is indeed a rule of “last resort”, because it says, to try to prove Premises |- P, one should assume ~P and see if this leads one into a contradiction, that is, a proof that Premises, ~P |- _|_. This is a kind of logical “wild-goose chase”. But later in the chapter, we will see how computers can be made to chase after such geese.

7.7. Important Equivalences

These useful equivalences can be proved with the laws for And and Or:

  • P V P -||- P
  • P ^ P -||- P
  • P V Q -||- Q V P
  • P ^ Q -||- Q ^ P
  • (P V Q) V R -||- P V (Q V R)
  • (P ^ Q) ^ R -||- P ^ (Q ^ R)
  • (P V Q) ^ R -||- (P ^ R) V (Q ^ R)
  • (P ^ Q) V R -||- (P V R) ^ (Q V R) P

If you are an algebraist, you already knew these assertions, which characterize a distributive lattice.

When we add the rules for implies, we can prove one other key equivalence:

  • (P ^ Q) -> R -||- P -> (Q -> R)

When we add the ~e, _|_e, and ~i rules, we can also prove:

  • ~(P V Q) -||- ~P ^ ~Q
  • ~(P V Q) -||- ~(~P -> Q)
  • (P -> ~Q) -||- ~(P ^ Q)
  • (P -> ~Q) -||- (~P) V Q
  • ~P -||- P -> _|_
  • ~P -||- ~~~P

Now we have characterized what algebraists call the Heyting lattices.

If we accept pbc (or equivalently, we accept P V ~P as a fact), then we have these important results: (Note, for each equivalence, -||-, that follows, the first part, stated with |-, can be proved without pbc, but the reverse direction requires pbc.)

  • P -||- ~~P
  • P ^ Q -||- ~(~P V ~Q)
  • P V Q -||- ~(~P ^ ~Q)
  • P V Q -||- ~P -> Q
  • ~P V ~Q -||- ~(P ^ Q)
  • ~P V Q -||- P -> Q
  • P -> Q -||- ~Q -> ~P
  • P -> Q -||- ~(P ^ ~Q)
  • (B ^ P) V (~B ^ Q) -||- (B -> P) ^ (~B -> Q)

In algebra, the inference rules presented here for ^, V, _|_, and ~ define the structure of a Boolean lattice, and the origins of modern abstract algebra and logic come from George Boole’s attempt to formalize “what it means” to compute with ^, V, ~.

7.8. Conjunctive Normal Form (CNF)

Computers can be programmed to manipulate propositions built with ^, V, ~. This is because the previous equivalences show we can eliminate all occurrences of -> and use ~, V instead (provided we accept the pbc rule).

A more striking result (again, provided we accept the pbc rule) is that every proposition written with ^, V, ~ can be rewritten as an equivalent proposition in this structure, called conjunctive normal form (cnf):

(A00 v A01 V ... A0n) ^ (A10 V A11 V ... A1n) ^ ... ^ (Am0 V Am1 V ... Amn)

where each Aij is either a primitive proposition, P, or a negated primitive proposition, ~P.

A cnf-proposition is an “and-or” proposition, where “or-clauses” (disjunctive clauses) are “anded together”. The cnf structure is easy for a computer to manipulate and forms the starting point for a powerful computerized proof technique known as resolution theorem proving, which we consider shortly.

For example, P ^ (Q V ~R) is in cnf, but (P ^ Q) V ~R is not. (Why?) But the latter proposition is equivalent to (P V ~R) ^ (Q V ~R), which is in cnf.

Here is another example: ~(Q V ~R) is equivalent to ~Q ^ ~~R, which is equivalent to ~Q ^ R, which is in cnf.

Again, a proposition in conjunctive normal form is a sequence of one or more conjunctions, A1 ^ A2 ^ ... ^ Am, where each Ai is itself a sequence of one or more disjunctions, Bi1 V Bi2 V ... V Bin, where each component, Bij, is itself a primitive proposition, P, or the negation, ~P, of one.

There are specific logical equivalences we apply to transform a proposition into cnf. Here they are, stated within an algorithm that converts an arbitrary proposition into one in cnf:

  1. First, remove all implications, A -> B, with this equivalence:

    A -> B  -||-  ~A V B
    
  2. Next, move all remaining negation operators inwards, by repeatedly applying these equivalences:

    ~(~A)  -||-  A
    ~(A ^ B)  -||-  ~A V ~B
    ~(A V B)  -||-  ~A ^ ~B
    
  3. At this point, all negation operators appear next to primitive propositions. To finish, repeatedly apply (inside out) this equivalence to group together all disjunction operators:

    (A ^ B) V C  -||-  (A V C)  ^  (B V C)
    

Let’s apply these steps to a nontrivial example

(~P -> Q) V ~(Q V ~R)

-||-  (~~P V Q)  V  ~(Q V ~R)        (step 1)

-||-  (P V Q)  V  ~(Q V ~R)
-||-  (P V Q)  V  (~Q ^ ~~R)
-||-  (P V Q)  V  (~Q ^ R)           (step 2)

-||-  (~Q V P V Q)  ^  (R V P V Q)   (step 3)

The result, which is in cnf, can be simplified further:

  1. Every disjunctive clause of form, (P V Q V ... V Q V R V ...), can be reduced by removing duplicates of the same proposition: (P V Q V ... V R V ...)
  2. Every disjunctive clause of form, (P V Q V ... V ~Q V R V ...), is always true and can be reduced to True.

Looking at the previous example, we see that (~Q V P V Q) ^ (R V P V Q) reduces to True ^ (R V P V Q), which is just R V P V Q. In this way, we reduce a complex proposition into its minimal, equivalent form, cnf.

These constructions suggest that propositional logic, using all the deduction rules including pbc, boils down to an and-or game. And in some sense, this is true. But the story changes when we add the quantifiers, FORALL (“for all”; math: ∀) and EXIST (“there exists”; math: ∃).

7.9. Models of Propositional Logic: Soundness and Completeness

When we say that “P is a fact”, what does this mean? Perhaps it means “P is True”, or “P is proved”, or “our confidence in P is absolute”.

The purpose of this section is to describe ways that we give meaning to propositions and to show that the deduction rules in this chapter generate new knowledge that means what we think it means.

7.9.1. Truth Tables

The most basic interpretation of propositions is that a proposition means either True (T, 1) or False (F, 0). This is a “circuit theory” interpretation. In this situation, the meanings of the connectives, ^, V, ~ are given by the truth tables in the Chapter on Circuits and Truth Tables.

Return to the Chapter on Circuits and Truth Tables of these notes and review the truth tables for ^, V, ~. A truth table defines how the “inputs” P and Q are converted into “outputs”. Next, here is the standard truth table for ->

--------------
 p q |  p -> q
--------------
 T T |    T
 T F |    F
 F T |    T
 F F |    T
 -------------

The table’s last two rows are a bit surprising – indeed, neither T nor F seem exactly correct as outputs here! Think of P -> Q as “the truth of “P forces the truth of Q”. So, when P is F, then Q is not forced to be anything at all. This makes T a reasonable answer for the last two rows of the table.

In a more technical sense, the values in the last two rows connect to our ability to prove ~P |- P -> Q and also ~P |- P -> ~Q – they relate to our willingness to consider impossible cases (and embrace the _|_e rule).

Nonetheless, we see that our understanding of implication as a truth table is open to discussion.

Recall that we can build a truth table of a compound proposition. We can do this for any sequent, computing the values of its premises and its goal. Here is an example: the sequent p, q v r  |-  (p ^ q) v (p ^ r) can be translated as p ^ (q v r) -> (p ^ q) v (p ^ r) and the following truth table can be constructed

--------------------------------------------
p  q  r  |  p ^ (q v r) -> (p ^ q) v (p ^ r)
--------------------------------------------
T  T  T  |    T    T    T     T    T    T
T  T  F  |    T    T    T     T    T    F
T  F  T  |    T    T    T     F    T    T
T  F  F  |    F    F    T     F    F    F
F  T  T  |    F    T    T     F    F    F
F  T  F  |    F    T    T     F    F    F
F  F  T  |    F    T    T     F    F    F
F  F  F  |    F    F    T     F    F    F
--------------------------------------------

According to the truth table, p, q V s entails (p ^ q) V (p ^ r), because, in every row where both p and also q V r compute to T, then so does (p ^ q) V (p ^ r).

We can of course use the deduction rules to build a proof of p, q V r |- (p ^ q) V (p ^ r).

Now, we have two questions:

  1. soundness: When we use the deduction rules to prove that P1, P2, ..., Pn |- Q, does this mean that the compound truth table also shows that P1, P2, ..., Pn entails Q?
  2. completeness: When we use a compound truth table and calculate that P1, P2, ..., Pn entails Q, does this mean we can use the deduction rules to build a proof that P1, P2, ..., Pn |- Q?

When we use all the inference rules presented in this chapter (that is, ^i, ^e, Vi, Ve, ->i, ->e, _|_e, ~i, ~e, pbc) then the short answer to both questions is “yes”. The inference rules encode completely all the information within truth tables, and truth tables decode all the deductions of inference rules.

Because of soundness and completeness, one way to determine whether there is a proof for a sequent, P1, P2, ..., Pn |- Q, is to build its truth table and see if the truth table tells us whether the claim is true. If yes, then we know there is a proof. This brute-force technique is easy to program; why did we bother to learn about cnf and resolution theorem proving, then? The reason is that truth tables will fail us when we add the for-all (FORALL; math: ∀) and there-exists (EXIST; math: ∃) operators to logic, but resolution theorem proving can and will be expanded to work with quantifiers. This is the reason for its success.

The reason why truth tables predict existence of proofs is because they are tied to the pbc rule. Say that we are purists and refuse to use the pbc inference rule. The set of rules that remain are certainly sound with respect to the truth tables, but they are not complete. (For example, a compound truth table shows that |- P V ~P, but this cannot be proved without pbc.)

You might argue that the deduction system lacking pbc is too weak. Or, you might argue that our understanding of the meaning of propositions is incorrect.

The point is, meaning goes beyond primitive notions like {0, 1} and {T, F}, and mathematicians have understood this for about 200 years. Indeed, there are many different forms of meaning and many different forms of symbolic logic that deduce assertions with those meanings.

7.10. Summary of Rules and Tactics

As a general principle, when you are proving a claim:

S1, S2, ... |- T

first look at the connectives within T and note that you will probably need the introduction rules for those connectives to assemble the clauses you prove into T. Then, look at the connectives within each of the premises, Si, and note that you will probably need the elimination rules for those connectives to disassemble the premises into the primitive propositions needed to assemble into T.

To choose the order for using the introduction and elimination rules, think about the tactics you might use to disassemble the premises and assemble the goal. The inference rules in this chapter are reviewed below in the order in which they should be tactically applied:

  • (***) ^i: use to prove Premises |- P ^ Q:

    1. Premises     premise
         (fill in)
    j. P
         (fill in)
    k. Q
    l. P ^ Q       ^i j k
    
  • (***) Ve-tactic: To prove Premises |- R, if P V Q appears as a premise or proved fact in the partial proof, then

    1. prove Premises, P |- R
    2. prove Premises, Q |- R
    3. use the Ve-rule to prove R.

    The proof is structured like this

    1. Premises          premise
          . . .
    j. P V Q
    k. {
         l. P            assume
             (fill in)
         m. R
    }
    n. {
         o. Q            assume
             (fill in)
         p. R
    }
    q. R                 Ve j k n
    
  • (***) ->i: use to prove Premises |- P -> Q

    1. Premises          premise
         . . .
    j. {
         k.  P           assume
              (fill in)
         l.  Q
    }
    m. P -> Q           ->i j
    
  • (***) ~i: use to prove Premises |- ~P

    1.  Premises         premises
          . . .
    j. {
         k.  P           assume
              (fill in)
         l.  _|_
    }
    m. ~P                ~i j
    
  • (**) ^e-tactic: If your task is to prove Premises |- R and you have as a premise or proved fact in your partial proof, P ^ Q, then apply ^e to extract P and Q to use in the proof

    1.   Premises      premise
            . . .
    i.   P ^ Q
    i+1. P             ^e1 i
    i+2. Q             ^e2 i
           (fill in)
    j.   R
    
  • (*) ->e-tactic: To prove Premises |- R, if P -> Q appears as a premise or a proved fact in the partial proof, then

    1. prove Premises |- P
    2. use ->e to deduce Q
    3. prove Premises, P, Q |- R.

    Here, the tactic is to generate new knowledge that will bring us closer to the goal, R

    1.  Premises      premise
           . . .
    i.  P -> Q
            (fill in)
    j.  P
    k.  Q             ->e i,j
            (fill in)
    k.  R
    
  • (*) _|_-tactic: To prove Premises |- Q, if ~P appears as a premise or as a proved fact in our partial proof, then

    1. prove Premises |- P
    2. use ~e to deduce _|_
    3. use the _|_e-rule to deduce Q.

    The structure is

    1.   Premises     premise
           . . .
    i.   ~P
          (fill in)
    j.   P
    k.   _|_          ~e j i
    l.   Q            _|_e k
    
  • (*) Vi: use to prove Premises |- P V Q

    1.  Premises     premise
          (fill in)
    i.  P
    j.  P V Q        Vi1 i
    
  • () pbc: use, as a last resort, to try to prove any Premises |- P

    1.  Premises         premise
          . . .
    i. {
         j. ~P           assume
             (fill in)
         k. _|_
    }
    k. P                 pbc i
    

This note was adapted from David Schmidt's CIS 301, 2008, Chapter 5 course note.