Lecture 003

Proof

We will prove that the following program swap value: x:=x+y; y:=x-y; x:=x-y, assuming the program terminates and x, y map to arbitrary constant.

\begin{align*} & w [[ x:=x+y ; y:=x-y ; x:=x-y ]] v \tag{1, assumption} \\ & v(x)=a \text { and } v(y)=b \tag{2, assumption}\\ & \cdots \\ & w(x)=b \text { and } w(y)=a \tag{to show} \end{align*}

The strategy is to break the statement one by one:

Propositional Sequent Calculus

valid: true no matter which truth values we assign to the variables

satisfiable: there is some way to assign truth values to the variables so that the resulting formula is true

There are many choices, and the same concepts may admit many different formalization, suitable for different purposes. For example, we could have very few inference rules (in propositional logic often just one!) and many axioms, usually called a Hilbert-style system. Or we could have many rules and essentially no axioms.

simple sequent (statement): e.g. F_1, ..., F_n \vdash G

Right and Left Rules

conclusion: things below the line

premises: things above the line

example of right rule:

\frac{\Gamma, F, \Gamma \vdash G}{\Gamma \land F \land G} \land R

example of left rule:

\frac{\Gamma, F, G \vdash H}{\Gamma, F \land G \vdash H} \land L

rule of identity:

\frac{\Gamma, F, \vdash F}{} \text{id}

We write (and read) this rule bottom-up. We can branch top with smaller proofs (leaves), and eventually leads to all leaves to identities to finish proof. The difference between \to and \vdash is only that \vdash have an explicit "left" and "right" side, but proposition containing \to has no such notion of "left" and "right" side. Like, \vdash establishes a pointer.

If there are multiple things on the top (splitting), then it is "and"-related.

Failure of A Inference System

Implication

We can use the following left and right and rule.

\frac{\Gamma, F \vdash G}{\Gamma \vdash F \to G} \to R
\frac{\Gamma, F, G \vdash H}{\Gamma, F, F \to G \vdash H} \to L ?

However, the above can't prove (p \to p) \to q \vdash q, indicating the system is incomplete. We could fix it be letting the right hand rule be:

\frac{\Gamma \vdash F \quad \Gamma, G \vdash H}{\Gamma, F \to G \vdash H} \to L

Disjunction

\frac{\Gamma, F \vdash H \quad \Gamma, G \vdash H}{\Gamma, F \vee G \vdash H} \lor L

But the following rule (not invertible) can't prove p \lor (p \to q).

\frac{\Gamma \vdash F}{\Gamma \vdash F \vee G} \vee R_1 ? \quad \frac{\Gamma \vdash G}{\Gamma \vdash F \vee G} \lor R_2 ?

In intuitionistic logic, proofs correspond to (functional) programs, and propositions correspond to their types. For example, an intuitionistic proof of F \to G is a function of type F \to G that takes a proof of F into a proof of G.

Fix for Gentzen's Inference System

We fix this problem by allowing "all the left hand side to prove any of the right hand side" (ie F_1, ..., F_n \vdash G_1, ..., G_m is valid if whenever all F_i are true then at least one G_j is true.)

The disjunctive right hand rule (invertible) becomes:

\frac{\Gamma \vdash F, G, \Delta}{\Gamma \vdash F \land G, \Delta} \lor R

Properties of A Inference System

Sound: never prove false statement

Complete: every true statement is provable

Decidable: we can prove or disprove any statement

Consistent: cannot prove both a statement and its negation

Gödel’s incompleteness theorem: "No sufficiently powerful logic can be both consistent and complete."

Proving Soundness

To prove soundness of a system, you can prove all rules are sound. That is: We assume all premise (top) as well as assumption (buttom left), and show conclusion (bottom right).

Proving Invertible

Invertible means we don't lose information by applying rules. This makes our proving system no need to backtrack.

To prove invertible of a system, you can prove all rules are invertible.

To prove invertible of a rule, just prove from bottom up. (ie. assume bottom, and top left, prove top right)

Proving Termination

Every premise of every rule is smaller than its conclusion (bottom). Each rule removes at least one of the boolean connectives (e.g. \land, \lor) when going up.

Termination: when terminate, we might end up

There is a small matter of strategy: in such a prover, we should probably apply 0-premise rules (proof is done!), before 1-premise rules (a proof goal replaced by an equivalent, smaller one), before 2-premise rules (because we now have two sequents to prove). This is only a heuristic and a matter of efficiency

Proving Completeness

For propositional language (not other system with integers and general arithmetic), invertibility and termination implies completeness.

clarification on terminology:

Table of Content