MATHEMATICAL LOGIC
ANDRÁS SIMON
1. WARMUP
Logic is important for software engineers for various reasons. But the most important
reason is the help it provides in solving puzzles such as the ones below (due to Raymond
Smullyan). In all these puzzles, the characters (A, B, and sometimes C) are either knights,
who always tell the truth, or knaves, who always lie. The problem usually is that we don’t
know who is a knight and who is a knave.
1.1. Exercise. B says that A says that A is a knave. Is B a knight or a knave?
1.2. Exercise. B says that both he and A are knaves. What are they?
1.3. Exercise. B says that at least one of him and A is a knave. What are they?
Later we will see how logic helps us solving these without thinking.
2. C LASSICAL PROPOSITIONAL LOGIC
This is the mother of all logics. And it’s the logic which we can use to demonstrate
concepts and problems that are relevant to almost all logics. (It’s also the logic that helps us
solve the kind of puzzles in the previous section.)
2.1. Syntax. Atomic formulas: Π = { p0 , . . . , pn , . . .} but in practice we’ll use p, q and their
indexed versions. Formulas:
FormΠ = Π | ¬ FormΠ | FormΠ ∧ FormΠ
That is, FormΠ is the smallest set containing Π which is closed under ¬ and ∧ (FormΠ =
∩{ H : Π ⊆ H and (∀ ϕ, ψ ∈ H )(¬ ϕ ∈ H and ϕ ∧ ψ ∈ H ) }). ¬ (not) and ∧ (and) are
logical connectives (that is, functions mapping (pairs of) formulas to formulas).
(Formulas are sometimes called propositions or sentences.)
Precedence: ¬ binds closer than ∧ (and in general: unary connectives bind closer than
binary ones).
2.1. Examples. p, ¬¬( p ∧ q), p ∧ ¬( p ∧ q), p ∧ ¬q are formulas but p¬ ∧ q is not.
Notation. Lowercase greek letters, such as ϕ, ψ, χ,. . . , usually denote formulas; uppercase
greek letters, such as Σ, ∆,. . . denote sets of formulas.
2.2. Proposition (Induction on formulas). If a property holds for all atomic formulas, and its
truth is preserved by the connectives (that is, if it’s true for ϕ and ψ, then it’s also true for ¬ ϕ and
ϕ ∧ ψ), then it’s true for every formula.
Similar statements hold for all the logics we’ll encounter. The difference will be the set of
atomic formulas and the connectives.
1
2.3. Definition (Derived connectives).
def
• ϕ ∨ ψ = ¬(¬ ϕ ∧ ¬ψ) (“or”)
def
• ϕ → ψ = ¬ ϕ ∨ ψ (“if. . . then”)
def
• ⊥ = p0 ∧ ¬ p0 (“false”, “bottom”)
def
• > = ¬⊥ (“truth”, “top”)
def
• ϕ ↔ ψ = ( ϕ → ψ) ∧ (ψ → ϕ) (equivalence, “if and only if” )
2.2. Semantics. What do formulas “mean”? Most importantly, when are they true? Apart
from some important special cases, we don’t know, and in fact, the question doesn’t make
sense. Formulas have truth values only with respect to a state of affairs. Such a state of
affairs is called a model.
2.4. Definition (model). A model for propositional logic is a function: M : Π −→ {0, 1}.
2.5. Definition (meaning of a formula). The meaning of ϕ ∈ FormΠ in the model M (notation: ϕM ) is given by an extension of M from Π to FormΠ :
• pM = M( p) if p ∈ Π
• (¬ ϕ)M = 1 − ϕM
• ( ϕ ∧ ψ)M = ϕM · ψM .
We say that ϕ holds in M, or ϕ is true in M, or M is a model of ϕ, if ϕM = 1 .
That is, ¬ and ∧ are implemented by functions from {0, 1} (or {0, 1}2 ) to {0, 1}; such
functions are called truth functions, and they can be specified by truth tables. For example,
p q p∧q
p ¬p
0 0
0
the truth tables of ¬ and ∧ are 0 1 and 0 1
0 .
1 0
1 0
0
1 1
1
Another, equivalent way of defining the |= relation is this:
• M |= p iff M( p) = 1
• M |= ¬ ϕ iff M 6|= ϕ (that is, if M |= ϕ doesn’t hold)
• M |= ϕ ∧ ψ iff M |= ϕ and M |= ψ.
2.6. Proposition. M |= ϕ ⇐⇒ ϕM = 1
Proof. By induction on formulas: for p ∈ Π, M |= p ⇐⇒ pM = M( p) = 1. Now suppose
that the statement holds for ϕ; then
M |= ¬ ϕ ⇐⇒ M 6|= ϕ ⇐⇒ ϕM 6= 1 ⇐⇒ ϕM = 0 ⇐⇒ (¬ ϕ)M = 1 − ϕM = 1.
Finally, if it holds for ϕ and ψ, then
M |= ϕ ∧ ψ ⇐⇒ (M |= ϕ and M |= ψ)
⇐⇒ ϕM = 1 = ψM ⇐⇒ ( ϕ ∧ ψ)M = ϕM · ψM = 1.
2
2.7. Exercise. In the proof, we used the fact that ϕM ∈ {0, 1}. Where? Prove this by induction on formulas!
2.8. Examples. (1) When is ϕ ∨ ψ true in a model M? By the definition of ∨, M |= ϕ ∨ ψ iff
M |= ¬(¬ ϕ ∧ ¬ψ) iff (M |= ¬ ϕ ∧ ¬ψ doesn’t hold) iff (it’s not true that both M |= ¬ ϕ and
M |= ¬ψ) iff (it’s not true that both M 6|= ϕ and M 6|= ψ) iff M |= ϕ or M |= ψ.
(2) What about M |= ϕ → ψ?
M |= ϕ → ψ ⇐⇒ M |= ¬ ϕ ∨ ψ ⇐⇒ M |= ¬ ϕ or M |= ψ ⇐⇒ M 6|= ϕ or M |= ψ.
That is, M 6|= ϕ → ψ iff M |= ϕ and M 6|= ψ. This is the only way for ϕ → ψ to not to be
true in M.
(3) M |= ¬¬ ϕ iff M 6|= ¬ ϕ iff M |= ϕ.
What we have been doing in the first two of these examples is deriving the truth functions
of the derived connectives.
How do we compute the truth value of a formula in a model? One possibility is using
truth tables (the columns are the subformulas). For example, is ¬(( p ∧ q) ∨ r ) true in a
model M in which p and q are true, but r is not (that is, M( p) = M(q) = 1, M(r ) = 0)?
p q r p ∧ q ( p ∧ q) ∨ r ¬(( p ∧ q) ∨ r )
1 1 0
1
1
0
2.9. Definition. Let M be a model and Σ ∪ { ϕ } ⊆ Form. Then
(1) M |= Σ iff (∀ ϕ ∈ Σ)M |= ϕ (“M is a model of Σ”)
(2) Σ |= ϕ iff ∀M(M |= Σ =⇒ M |= ϕ) (ϕ is a (semantic) consequence of Σ)1
(3) |= ϕ if ∅ |= ϕ, that is, if ϕ is true in every model (because every model is a model of
the empty set) (ϕ is valid, or a tautology)
(4) ϕ, respectively Σ is satisfiable, if it has a model, and is unsatisfiable otherwise, that is,
if it’s not satisfiable
(5) ϕ ≡ ψ (ϕ and ψ are equivalent) if they have (i.e. are true in) the same models.
2.10. Examples.
(1) If M( p) = 1 and M(q) = 0, then M |= { p, ¬q, q → p}; for every
model M and formula ϕ, M |= { ϕ } ⇐⇒ M |= ϕ.
(2) { p → q, p} |= q; if ϕ ∈ Σ, then Σ |= ϕ
(3) |= p ∨ ¬ p, |= p → p, but 6|= p → ¬ p
(4) Unsatisfiable: p ∧ ¬ p. Every valid formula is satisfiable; p → ¬ p is satisfiable but
not valid. p is an even simpler example of a satisfiable but not valid formula.
(5) As we have seen above, ϕ ≡ ¬¬ ϕ. p ∧ q ≡ q ∧ p, that is, conjunction is commutative,
and is also associative: p ∧ (q ∧ r ) ≡ ( p ∧ q) ∧ r. And the sameV
hold for disjunction,
too, of course. Hence we can
safely W
write p1 ∧ p2 ∧ · · · ∧ pn (= in=1 pi ), and if Σ is a
V
finite set of formulas, then Σ and Σ makes sense.
2.11. Exercise. For a finite set of formulas Σ (Σ is satisfiable iff
V
Σ is satifiable).
2.12. Proposition. ϕ is valid iff ¬ ϕ is unsatisfiable. More generally, Σ |= ϕ iff Σ ∪ {¬ ϕ} is
unsatisfiable.
1Beware! We now have two different relations that are denoted by |=. But there’s no danger of confu-
sion, because one is a relation between models and formulas, and the other is between sets of formulas and
formulas.
3
Proof.
Σ |= ϕ ⇐⇒ ∀M(M |= Σ =⇒ M |= ϕ)
⇐⇒ 6 ∃M(M |= Σ & M 6|= ϕ) ⇐⇒ 6 ∃M(M |= Σ & M |= ¬ ϕ)
It is because of this proposition that satisfiability is such an important notion.
2.13. Corollary. ϕ is satisfiable iff ¬ ϕ is not valid.
Proof. ϕ is satisfiable iff ϕ is not unsatisfiable iff ¬¬ ϕ is not unsatisfiable iff ¬ ϕ is not valid.
valid
satisfiable
unsatisfiable
but not valid
F IGURE 1. The vertical line in the middle is an axis of symmetry
Is it possible to decide whether a formula is (un)satisfiable or valid? In most logics it’s
not, but in propositional logic, these properties are decidable, even if the decision procedure
is not practical. One method is the use of truth tables.
2.14. Example. |= ¬ p → ( p → q), because
p q ¬ p p → q ¬ p → ( p → q)
0 0 1
1
1
1
1
0 1 1
1 0 0
0
1
1
1
1 1 0
that is, ¬ p → ( p → q) is true in all models (see below). (Of course, if merely some of the
lines ended with 1s, then ϕ were satisfiable but not valid; and if all lines ended with 0s, that
is, ϕ were false in all models, ϕ were unsatisfiable.)
If there are n propositional variables in ϕ, then the truth table which decides its (un)satisfiability/valid
has 2n lines; this is why this is not a practical decision procedure.
There are two reasons why this decision procedure works: (1) we can compute the truth
values of ϕ in a given model (2) even though there are infinitely many models, we need to
check the truth value of ϕ only in finitely many models, because of the following
2.15. Proposition. If M and M0 are models which differ on p only, and p doesn’t occur in ϕ, then
M |= ϕ ⇐⇒ M0 |= ϕ.
Proof. By formula induction.
That’s why we could say in the previous example that the formula is true in all models,
even though we checked its truth only in four.
4
2.16. Corollary. The set { ϕ : |= ϕ } of formulas that are valid in propositional logic is decidable.
2.17. Proposition. ϕ ≡ ψ iff |= ϕ ↔ ψ; consequently, since |= ϕ ⇐⇒ |= ϕ ↔ >, |= ϕ ⇐⇒
ϕ ≡ >.
That is, ≡ is only a useful notation.
2.18. Exercise. Give an example of a two-element set of formulas that is unsatisfiable, but
all of whose proper subsets are satisfiable.
2.19. Exercise. Give an example of a three-element set of formulas that is unsatisfiable, but
all of whose proper subsets are satisfiable.
2.20. Exercise. Give an example of an n-element set of formulas that is unsatisfiable, but all
of whose proper subsets are satisfiable.
2.21. Exercise. Is the infinite set
Σ = { p1 ∨ p2 , ¬ p2 ∨ ¬ p3 , p3 ∨ p4 , ¬ p4 ∨ ¬ p5 , . . . } = { p2n−1 ∨ p2n , ¬ p2n ∨ ¬ p2n+1 : n > 1 }
of formulas satisfiable?
2.22. Exercise. Which of the following statements are true?
(1) If |= ϕ ∨ ψ, then |= ϕ or |= ψ.
(2) If |= ϕ → ψ and |= ϕ, then |= ψ.
(3) If ϕ → ψ and ϕ are satisfiable, then ψ is satisfiable.
(4) If |= ϕ → ψ and ϕ is satisfiable, then ψ is satisfiable.
2.23. Exercise. Is the following reasoning correct? “If it rains, I’ll take my umbrella with
me. It doesn’t rain. So I won’t take my umbrella with me.” That is, { p → q, ¬ p} |= ¬q?
This shouldn’t be confused with { p → q, p} |= q which is true (and even has a name,
modus ponens).
∗∗∗
Now we can attempt to treat our puzzles as problems in propositional logic. Let’s see the
first one:
B says that A says that A is a knave. Is B a knight or a knave?
We can assume of the participants that they are propositional variables that are equivalent
with each of the propositions they utter (so knights will correspond to true, knaves with
false propositional variables), since they are knights (true) iff all their utterances are true,
and knaves (false) iff all their utterances are false. Thus for example in this puzzle “A says
that A is a knave” can be represented by the formula A ↔ ¬ A; and since B says this,
B ↔ ( A ↔ ¬ A). So the question is the truth value of A and B in models of the latter
formula In any given model, the knights are the true, the knaves are the false propositional
variables. If more than one model satisfies the formulas, that is, the propositional variable
corresponding to at least one participant has different truth values in different models of
the formula, than the puzzle doesn’t contain enough information to decide whether that
participant is a knight or a knave. This is the case with our first puzzle:
5
A B A ↔ ¬ A B ↔ ( A ↔ ¬ A)
0 0
0
1
0 1
0
0
1 0
0
1
1 1
0
0
Here there are two models, and they differ in the value of A, but B is false in both. So what
we have got is that { B ↔ ( A ↔ ¬ A) } |= ¬ B, whence B is a knave, but A can be anything,
because { B ↔ ( A ↔ ¬ A) } 6|= A and { B ↔ ( A ↔ ¬ A) } 6|= ¬ A. This is of course the same
conclusion that we reached without using logic.
Let’s check the next one!
B says that both he and A are knaves. What are they?
The hard part is the translation to logic. But our formula will surely start with B ↔ . . .,
because B says something, and as we have agreed before, (the propositional variable corresponding to) everybody is equivalent to each of the sentences that he says. And what B
says is that they are both knaves; but “X is a knave” means that X is not true, that is, ¬ X is
true. So “both A and B are knaves” is translated to the formula ¬ A ∧ ¬ B. So the formula
we’re looking for, and whose models we’re interested in is B ↔ (¬ A ∧ ¬ B).
A B ¬ A ¬ B ¬ A ∧ ¬ B B ↔ (¬ A ∧ ¬ B)
0 0
1
1
1
0
0 1
1
0
0
0
1 0
0
1
0
1
1 1
0
0
0
0
In this case we have exactly one model, so the character of all participants is determined:
A is a knight and B is a knave, just like we found out the first time, because { B ↔ (¬ A ∧
¬ B) } |= A ∧ ¬ B.
2.24. Exercise. B says that at least one of him and A is a knave. Find out their character
using logic.
∗∗∗
2.25. Theorem (Deduction theorem for |=). Σ ∪ { ϕ} |= ψ ⇐⇒ Σ |= ϕ → ψ.
Proof.
Σ 6|= ϕ → ψ
⇐⇒
⇐⇒
⇐⇒
⇐⇒
∃M(M |= Σ and M 6|= ϕ → ψ)
∃M(M |= Σ and (M |= ϕ and M 6|= ψ))
∃M(M |= Σ ∪ { ϕ} and M 6|= ψ)
Σ ∪ { ϕ} 6|= ψ
2.26. Theorem (Some identities).
6
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)
(14)
¬¬ ϕ ≡ ϕ (we have seen this already)
ϕ → ⊥ ≡ ¬ ϕ (“indirect proof”)
ϕ → (ψ → χ) ≡ ϕ ∧ ψ → χ (“currying”)
|= ( ϕ ∧ ( ϕ → ψ)) → ψ (MP)
ϕ → ψ ≡ ¬ψ → ¬ ϕ (contraposition)
ϕ ∨ ψ ≡ ¬ϕ → ψ
¬( ϕ ∧ ψ) ≡ ϕ → ¬ψ.
∧ and ∨ are commutative and associative
ϕ ∧ ϕ ≡ ϕ, ϕ ∨ ϕ ≡ ϕ (idempotency)
( ϕ ∨ ψ) ∧ ϕ ≡ ϕ, ( ϕ ∧ ψ) ∨ ϕ ≡ ϕ (absorption)
ϕ ∧ (ψ ∨ χ) ≡ ( ϕ ∧ ψ) ∨ ( ϕ ∧ χ), ϕ ∨ (ψ ∧ χ) ≡ ( ϕ ∨ ψ) ∧ ( ϕ ∨ χ) (distributivity)
¬( ϕ ∨ ψ) ≡ ¬ ϕ ∧ ¬ψ, ¬( ϕ ∧ ψ) ≡ ¬ ϕ ∨ ¬ψ (De Morgan)
|= ϕ → ϕ ∨ ψ
|= ϕ ∧ ψ → ϕ
2.27. Theorem.
(1) If ψ1M = ψ2M , and ϕ2 is obtained from ϕ1 by replacing an occurrence of
ψ1 by ψ2 , then ϕ1M = ϕ2M .
(2) For a model M, p1 , . . . , pn ∈ Π and σ1 , . . . , σn ∈ Form, let M0 be the following model:
M0 ( pi ) = σiM and M0 ( p) = M( p) for all other propositional variables. Then for all
0
formulas ϕ, ϕM = ϕ[σ1 /p1 , . . . , σn /pn ]M , where ϕ[σ1 /p1 , . . . , σn /pn ] is the formula we
obtain from ϕ by simultaneously substituting σ1 , . . . , σn for p1 , . . . , pn .2
Proof. The first is proved by formula induction on ϕ1 , the second by formula induction on
ϕ.
2.28. Corollary.
(1) If ψ1 ≡ ψ2 , and ϕ1 , ϕ2 are as in the theorem, then ϕ1 ≡ ϕ2 .
(2) If |= ϕ, then |= ϕ[σ1 /p1 , . . . , σn /pn ] for all p1 , . . . , pn ∈ Π and σ1 , . . . , σn ∈ Form.
Proof. 1. If ϕ1 6≡ ϕ2 , then ϕ1M 6= ϕ2M for some model M, even though ψ1M = ψ2M because
of ψ1 ≡ ψ2 .
2. If 6|= ϕ[σ1 /p1 , . . . , σn /pn ], that is, if M 6|= ϕ[σ1 /p1 , . . . , σn /pn ] for some model M, then
M0 6|= ϕ by (2) of the theorem, so that 6|= ϕ, where M0 is the model defined in (2) for which
0
ϕM = ϕ[σ1 /p1 , . . . , σn /pn ]M = 0.
That is, one can “compute” with propositional formulas as in algebra. It is because of (1)
of the corollary that we can claim for example that ϕ ∧ (ψ ∨ ψ) ≡ ϕ ∧ ψ (we replace (ψ ∨ ψ)
by the equivalent ψ), and it is because of (2) that for example |= p ∨ ¬ p and |= ϕ ∨ ¬ ϕ are
equivalent. The first is a special case of the second, and the second follows from the first by
(2).
2.3. Normal forms.
2.29. Definition. A formula is
2Here’s the official definition of simultaneous substitution:
• p[σ1 /p1 , . . . , σn /pn ] = σi if p = pi and p otherwise
• (¬ ϕ)[σ1 /p1 , . . . , σn /pn ] = ¬( ϕ[σ1 /p1 , . . . , σn /pn ])
• ( ϕ ∧ ψ)[σ1 /p1 , . . . , σn /pn ] = ϕ[σ1 /p1 , . . . , σn /pn ] ∧ ψ[σ1 /p1 , . . . , σn /pn ]
7
• a literal if it’s atomic or the negation of an atomic formula;
• in disjunctive normal form (DNF) if it’s the disjunction of the conjunctions of literals,
W
Vm
that is, it has the form in=1 j=i 1 lij , where lij are literals;
• in conjunctive normal form (CNF) if it’s the conjunction of disjunctions of literals, that
V
Wm
is, it has the form in=1 j=i 1 lij , where lij are literals.
2.30. Remark. Satisfiability of a formula in DNF is easy to decide, because it’s satisfiable iff
one of its disjuncts (which is a conjunction) is satisfiable; and a conjunction is satisfiable iff
no propositional variable occurs in it together with its negation.
Similarly, the validity of a formula in CNF is easy to decide, because it’s valid iff one of
its conjuncts (which is a disjunction) is valid; and a disjunction is valid iff a propositional
variable occurs in it together with its negation.
2.31. Theorem (DNF, CNF). Every formula ϕ is equivalent to one in disjunctive normal form (ϕ∨ )
and to one in conjunctive normal form (ϕ∧ ) which contain at most those propositional variables
which ϕ does.
Proof. (DNF) Let M be the set of those lines of the truth
table of ϕ which make ϕ true (that
W
∨
is, those whose last column has 1 in it), and let ϕ = M∈ M ϕM , where
ϕM =
^
{ p : M( p) = 1} ∧
^
{¬ p : M( p) = 0}
for all M ∈ M.
Then by the definition of ϕM
M |= ϕM0 ⇐⇒ M0 = M for all model M and M0 ∈ M
(1)
(where, just like in the rest of this proof, two models are considered equal, if they assume
the same truth values on the propositional variables occurring in ϕ), and from this, ϕ ≡ ϕ∨
already follows, because for all models M,
M |= ϕ∨ ⇐⇒ (∃M0 ∈ M)M |= ϕM0
⇐⇒ (∃M0 ∈ M)M = M0 ⇐⇒ M ∈ M ⇐⇒ M |= ϕ
where the second equivalence is true because of (1), and the last is true because of the
definition of M and 2.15.
W
Vm
(CNF) We know by the first part of the proof that ¬ ϕ ≡ in=1 j=i 1 lij for some n, m1 , . . . , mn
and set {lij : 0 < i ≤ n, 0 < j ≤ mi } of literals. But then by the De Morgan identities
(2.26(12))
ϕ ≡ ¬¬ ϕ ≡ ¬
_n
i =1
^ mi
j =1
lij ≡
^n
¬
i =1
^ mi
j =1
lij ≡
^n
i =1
_ mi
¬lij ≡
j =1
^n
i =1
_ mi
l0 ,
j=1 ij
where lij0 = ¬lij if lij is atomic, and lij0 = p if lij = ¬ p.
Or one can “dualize” the proof for DNF:
Let M be those lines of the truth
table of ϕ which make ϕ false (that is, those whose last
V
column has 0 in it), and let ϕ∧ = M∈ M ϕM , where
ϕM =
_
{ p : M( p) = 0} ∨
for all M ∈ M.
8
_
{¬ p : M( p) = 1}
Then by the definition of ϕM
(2)
M 6|= ϕM0 ⇐⇒ M0 = M for all model M and M0 ∈ M
and from this, ϕ ≡ ϕ∧ already follows, because for all models M,
M |= ϕ∧ ⇐⇒ (∃M0 ∈ M)M 6|= ϕM0
⇐⇒ (∃M0 ∈ M)M = M0 ⇐⇒ M ∈ M ⇐⇒ M 6|= ϕ
where the second equivalence is true because of (2), and the last is true because of the
definition of M and 2.15.
2.32. Example. Write down formulas in CNF and DNF that are equivalent to ϕ = ( p →
q) ↔ (¬ p → ¬q)!
p q p → q ¬ p ¬q ¬ p → ¬q ( p → q) ↔ (¬ p → ¬q)
0 0
1
1
1
1
1
0 1
1
1
0
0
0
1 0
0
0
1
1
0
1 1
1
0
0
1
1
∧
∨
So ϕ = ( p ∨ ¬q) ∧ (¬ p ∨ q) and ϕ = (¬ p ∧ ¬q) ∨ ( p ∧ q) will work.
2.33. Example. Write down a formula in CNF that is equivalent to ϕ = ¬( p ∧ ((q ∧ r ) → s))!
p q r s q ∧ r (q ∧ r ) → s p ∧ ((q ∧ r ) → s) ¬( p ∧ ((q ∧ r ) → s))
0 0 0 0
0
1
0
1
0 0 0 1
0
1
0
1
0 0 1 0
0
1
0
1
0 0 1 1
0
1
0
1
0 1 0 0
0
1
0
1
0 1 0 1
0
1
0
1
0 1 1 0
1
0
0
1
0 1 1 1
1
1
0
1
1 0 0 0
0
1
1
0
1 0 0 1
0
1
1
0
1 0 1 0
0
1
1
0
1 0 1 1
0
1
1
0
0
1
1
0
1 1 0 0
1 1 0 1
0
1
1
0
1 1 1 0
1
0
0
1
1 1 1 1
1
1
1
0
So ϕ∧ = (¬ p ∨ q ∨ r ∨ s) ∧ (¬ p ∨ q ∨ r ∨ ¬s) ∧ (¬ p ∨ q ∨ ¬r ∨ s) ∧ (¬ p ∨ q ∨ ¬r ∨ ¬s) ∧
(¬ p ∨ ¬q ∨ r ∨ s) ∧ (¬ p ∨ ¬q ∨ r ∨ ¬s) ∧ (¬ p ∨ ¬q ∨ ¬r ∨ ¬s) ≡ (¬ p ∨ q ∨ r ) ∧ (¬ p ∨ q ∨
¬r ) ∧ (¬ p ∨ ¬q ∨ r ) ∧ (¬ p ∨ ¬q ∨ ¬r ∨ ¬s) ≡ (¬ p ∨ q) ∧ (¬ p ∨ ¬q ∨ r ) ∧ (¬ p ∨ ¬q ∨ ¬r ∨ ¬s)
will work.
That’s not the usual way of constructing CNFs; one usually proceeds along identities.
Here’s the new algorithm. Given a formula ϕ of whose equivivalent in CNF we want
obtain, we do the following.
9
(1) Eliminate the defined connectives until only ¬, ∨ and ∧ remain.
(2) As long as possible, replace subformulas of the form ¬¬ψ, ¬(ψ1 ∧ ψ2 ) and ¬(ψ1 ∨ ψ2 )
by ψ, ¬ψ1 ∨ ¬ψ2 and ¬ψ1 ∧ ¬ψ2 .
(3) As long as possible, replace subformulas of the form ψ ∨ (χ1 ∧ χ2 ) and (χ1 ∧ χ2 ) ∨ ψ
to (ψ ∨ χ1 ) ∧ (ψ ∨ χ2 ) and (χ1 ∨ ψ) ∧ (χ2 ∨ ψ).
(4) (At this point we already have a CNF equivivalent to ϕ, but to clean up a little bit,
apply the associativity, commutativity and idempotency of ∧ and ∨.)
This way we get a formula equivalent to the original one because of 2.26 and 2.27.
2.34. Example. Let’s redo this way one of the examples above!
( p → q) ↔ (¬ p → ¬q)
≡(¬ p ∨ q) ↔ (¬¬ p ∨ ¬q)
≡[(¬ p ∨ q) → (¬¬ p ∨ ¬q)] ∧ [(¬¬ p ∨ ¬q) → (¬ p ∨ q)]
≡[¬(¬ p ∨ q) ∨ (¬¬ p ∨ ¬q)] ∧ [¬(¬¬ p ∨ ¬q) ∨ (¬ p ∨ q)]
def.
def.
def.
double negation
≡[¬(¬ p ∨ q) ∨ ( p ∨ ¬q)] ∧ [¬( p ∨ ¬q) ∨ (¬ p ∨ q)]
De Morgan
≡(¬¬ p ∧ ¬q) ∨ ( p ∨ ¬q)[(¬ p ∧ ¬¬q) ∨ (¬ p ∨ q)]
double negation
≡[( p ∧ ¬q) ∨ ( p ∨ ¬q)] ∧ [(¬ p ∧ q) ∨ (¬ p ∨ q)]
distributivity
≡[( p ∨ ( p ∨ ¬q)) ∧ (¬q ∨ ( p ∨ ¬q))] ∧ [(¬ p ∨ (¬ p ∨ q)) ∧ (q ∨ (¬ p ∨ q))] assoc., comm., idemp.
≡[( p ∨ ¬q) ∧ (¬q ∨ p)] ∧ [(¬ p ∨ q) ∧ (q ∨ ¬ p)] ≡ ( p ∨ ¬q) ∧ (¬ p ∨ q).
2.35. Example. And another one:
¬( p ∧ ((q ∧ r ) → s))
≡¬( p ∧ (¬(q ∧ r ) ∨ s))
≡¬ p ∨ ¬(¬(q ∧ r ) ∨ s)
≡¬ p ∨ (¬¬(q ∧ r ) ∧ ¬s)
≡¬ p ∨ ((q ∧ r ) ∧ ¬s)
≡(¬ p ∨ (q ∧ r )) ∧ (¬ p ∨ ¬s)
≡((¬ p ∨ q) ∧ (¬ p ∨ r )) ∧ (¬ p ∨ ¬s)
def.
De Morgan
De Morgan
double negation
distributivitys
distributivity
2.36. Exercise. Construct a CNF equivalent to ( p ∧ q) ↔ (r ∨ s) both by the truth table
method and the above algorithm!
2.4. Horn formulas. There is probably no efficient algorithm for deciding the satisfiability
of a formula in CNF; for example, the decision procedure using truth tables is exponential
in the number of propositional variables occurring in the formula. But there is an important
subset of CNFs whose satisfiability can be decided in linear time.
2.37. Definition. A formula in CNF is a Horn-formula if each of its conjuncts contains at
most one propositional variable (i.e. only one positive literal).
2.38. Example. ( p ∨ ¬q) ∧ (¬r ∨ ¬ p ∨ s) ∧ (¬ p ∨ ¬q) ∧ s ∧ ¬t is a Horn formula.
10
It’s instructive to rewrite the conjuncts in Horn formulas in an “implicational” form, using the following equivalences (depending on whether the conjunct contains both negative
and positive, only negative, or only positive literals):
¬ p1 ∨ · · · ∨ ¬ p n ∨ q ≡
^n
i =1
pi → q
¬ p1 ∨ · · · ∨ ¬ p n ≡
^n
i =1
pi → ⊥
p ≡ > → p.
Using these equivalences the example above becomes (q → p) ∧ ( p ∧ r → s) ∧ ( p ∧ q →
⊥) ∧ (> → s) ∧ (t → ⊥).
And here’s the algorithm for deciding satisfiability of a Horn formula, using the implicational form, because it’s easier to understand (note that the conversion to this form is linear,
too):
(1) Mark all propositional variables p such that > → p is one of the
conjuncts.
V
V
(2) While there is a conjunct of the form in=1 pi → q or in=1 pi → ⊥
such that p1 , . . . , pn are all marked but q is not (a) in the first case,
mark q (b) in the second case, output UNSATISFIABLE and stop.
(3) Output SATISFIABLE and stop.
2.39. Theorem. This algorithm is correct and runs in time linear in the number of propositional
variables occurring in the input.
We omit the simple proof, just note that linearity is trivial, because in every step we mark
an unmarked propositional variable; and if the algorithm outputs SATISFIABLE, then the
model in which exactly the variables which are marked are true, is a model of the input
formula.
2.40. Corollary. If no conjunct in a Horn formula is of the form in=1 pi → ⊥, that is, if all its
conjuncts contain a positive literal, then it is satisfiable. If no conjunct in a Horn formula is of the
form > → p, that is, if all its conjuncts contain at least one negative literal, then it is satisfiable.
V
Proof. In the first case we don’t get to the case UNSATISFIABLE in the loop (2). In the second
case we don’t even enter the loop.
2.41. Examples. 1. The example above: (q → p) ∧ ( p ∧ r → s) ∧ ( p ∧ q → ⊥) ∧ (> →
s) ∧ (t → ⊥) is satisfiable: First we mark s because of (1). But then we skip (2) and get
immediately to (3), because only s is marked and there is no conjunct of the form s → p or
s → ⊥.
2. (¬ p ∨ ¬q ∨ ¬s) ∧ ¬t ∧ (¬r ∨ p) ∧ r ∧ q ∧ (¬u ∨ s) ∧ u or
( p ∧ q ∧ s → ⊥) ∧ (t → ⊥) ∧ (r → p) ∧ (> → r ) ∧ (> → q) ∧ (u → s) ∧ (> → u)
in implicational form. First we mark r, q and u. Then we enter the loop (2) and first we
mark p and s, but then in the second turn we get UNSATISFIABLE, because p ∧ q ∧ s → ⊥ is
one of the conjuncts and p, q and s are all marked.
2.5. Compactness.
2.42. Theorem. If all finite subsets of the set of formulas Σ is satisfiable, then Σ is satisfiable.
11
This is not trivial at all. When one wants to satisfy infinitely many constraints simultaneously, it usually doesn’t help if one can satisfy every finite subset of it simultaneously. For
example, if for all n, Cn is only satisfied by real numbers in the interval (0, 1/n), then finitely
many Cn s are satisfiable simultaneously, but not all of them, because ∩n∈N (0, 1/n) = ∅.
2.43. Corollary. If Σ |= ϕ, then Σ has a finite subset ∆ such that ∆ |= ϕ.
Proof. Σ |= ϕ iff Σ ∪ { ¬ ϕ } is unsatisfiable iff Σ has a finite subset ∆ such that ∆ ∪ { ¬ ϕ } is
unsatisfiable iff Σ has a finite subset ∆ such that ∆ |= ϕ.
2.5.1. An application of compactness. A coloring of the graph G = h V, E i with k colours is a
function f : V → { 1, . . . , k } such that f (v) 6= f (w) when h v, w i ∈ E. For such a graph G,
let ΠG = { pvi : v ∈ V ( G ) and 1 ≤ i ≤ k }, and let Σ( G ) ⊆ FormΠG consist of the following
formulas:
• pv1 ∨ . . . ∨ pvk for all v ∈ V (“every vertex has a colour”)
• ¬( pvi ∧ pvj ) for all v ∈ V and 1 ≤ i < j ≤ k (“every vertex has at most one colour”)
• ¬( pvi ∧ pwi ) for all h v, w i ∈ E and 1 ≤ i ≤ k, (“neighbouring vertices have distinct
colours”)
2.44. Proposition. G is colourable with k colours iff Σ( G ) is satisfiable.
Proof. One has to use the equivalence M( pvi ) = 1 ⇐⇒ f (v) = i (where v ∈ V and
1 ≤ i ≤ k), in one direction to define a model M satisfying Σ( G ), and in the other direction
as the definition of the colouring f .
That is, if G is colourable, then Σ( G ) is true in the model defined this way; the first batch
of formulas is true because every vertex has a colour, the second because every vertex has
at most one colour, and the third because neighbouring vertices have distinct colours.
Conversely, if M |= Σ( G ), then f is defined on V because the first batch of formulas is
true in M, f is a function because of the second batch, and f is a colouring (neighbouring
vertices are assigned distinct colours by f ) because of the third.
2.45. Corollary. If all finite subgraphs of a graph can be coloured by k colours, then the whole graph
can be coloured by k colours.
Proof. Let G be the graph to be coloured. Because of the previous proposition, we need
to show the satisfiability of Σ( G ), and by the compactness theorem, this can be done by
showing that all its finite subsets are satisfiable.
And since we know that all finite subgraphs of G are colourable, all that’s left to show
is that this implies the satisfiability of all finite subsets of Σ( G ). (The problem is that not
all finite subsets of Σ( G ) has the form Σ( H ) for some finite subgraph H of G.) But it’s
true because if ∆ ⊆ Σ( G ) is finite, then there is a finite subgraph H of G such that ∆ ⊆
Σ( H )(⊆ Σ( G )): one can take H to be the induced subgraph of G whose set of vertices is
{v ∈ V ( G ) : pvi occurs in ∆}.
3. P ROOF THEORY OF PROPOSITIONAL LOGIC
So far, the question, whether a formula follows from a set of formulas was couched in
set theoretic terms (in terms of satisfiablity, that is, existence of a model). This is not a big
deal in the case of propositional logic, but with more complex logics it’s desirable to express
12
“consequence” in a more syntactic way, which is better suited to be tackled by a computer.
That way is called the proof theory of a logic. It is usually comprised of a calculus that is
intended to derive the consequences of sets of formulas in a mechanical way, producing
“proofs” which can be machine checked. This is especially important in the case of logics
whose valid formulas form an undecidable set.
We start with a simple calculus.
3.1. Hilbert-type calculus for propositional logic.
3.1. Definition (Logical axioms). (A1) ϕ → (ψ → ϕ)
(A2) [ ϕ → (ψ → χ)] → [( ϕ → ψ) → ( ϕ → χ)]
(A3) (¬ ϕ → ¬ψ) → [(¬ ϕ → ψ) → ϕ]
It’s easy to see that these axioms are valid in propositional logic.
3.2. Definition (Derivation). Let Σ ⊆ Form. A sequence of formulas ϕ1 , . . . ϕn is a proof (or
derivation) (of length n) from Σ if for all 1 ≤ k ≤ n one of the following conditions holds:
• ϕk is an instance of one of the logical axioms
• ϕk ∈ Σ
• there are 1 ≤ i and j < k such that ϕi = ϕ j → ϕk ; in this case we say that ϕk comes
from ϕ j and ϕ j → ϕk by detachment (or modus ponens).
3.3. Definition (Derivability). Let Σ ∪ { ϕ} ⊆ Form.
• ϕ is provable (derivable) from Σ if there is a derivation from Σ whose last formula is
ϕ. Notation: Σ ` ϕ.
• ϕ is a theorem (or is derivable) if ∅ ` ϕ. Notation: ` ϕ.
3.4. Lemma. Let Γ ∪ ∆ ∪ { ϕ, ψ } ⊆ Form.
(1) If ϕ ∈ Γ then Γ ` ϕ.
(2) (monotonicity) If Γ ` ϕ and Γ ⊆ ∆ then ∆ ` ϕ.
(3) (transitivity) If Γ ` ψ for all ψ ∈ ∆, and ∆ ` ϕ, then Γ ` ϕ.
(4) (compactness) If Γ ` ϕ then Γ has a finite subset Γ0 such that Γ0 ` ϕ.
The last item here (which will turn out to be equivalent to 2.42) is a rare example of a
theorem that is easier to show for ` than for |=.
An example of a derivation:
3.5. Example. ` ϕ → ϕ
(1)
ϕ → (( ϕ → ϕ) → ϕ)
(A1)
(2)
[ ϕ → (( ϕ → ϕ) → ϕ)] → [( ϕ → ( ϕ → ϕ)) → ( ϕ → ϕ)]
( ϕ → ( ϕ → ϕ)) → ( ϕ → ϕ)
ϕ → ( ϕ → ϕ)
ϕ→ϕ
(A2)
(3)
(4)
(5)
3.6. Examples.
(1) ` ( ϕ → ⊥) → ¬ ϕ
(2) { ϕ, ¬ ϕ } ` ⊥
(3) { ϕ → ψ, ψ → η } ` ϕ → η
13
MP 1,2
(A1)
MP 3,4
(4) { ϕ → (ψ → η ), ψ} ` ϕ → η
(5) ` ¬¬ ϕ → ϕ
3.7. Definition. Σ ⊆ FormΠ is consistent if Σ 6` ⊥; it is inconsistent otherwise.
Simple examples of inconsistent sets of formulas are { ⊥ }, which is inconsistent by 3.4(1),
and { p, ¬ p }, which is inconsistent by 3.6(2).
3.8. Theorem (Soundness). ` is sound with respect to |=, that is, Σ ` ϕ =⇒ Σ |= ϕ.
This is the least we expect from a calculus. The proof is a simple induction on the length
of derivations. One observes (as we have already done) that the axioms are valid, and that
detachment preserves validity.
3.9. Theorem (Deduction theorem for `). Σ ∪ { ϕ } ` ψ ⇐⇒ Σ ` ϕ → ψ.
The proof is just a little more involved than that of 2.25 (with which it should be compared), and proceeds by induction on the length of derivations.
3.10. Lemma. Σ ` ϕ iff Σ ∪ {¬ ϕ} is inconsistent.
Proof. (⇒) Σ ∪ {¬ ϕ} ` ϕ by 3.4(2) and Σ ∪ {¬ ϕ} ` ¬ ϕ by 3.4(1), so Σ ∪ {¬ ϕ} ` ⊥ by 3.6(2)
and 3.4(3).
(⇐) Because of the deduction theorem, Σ ∪ {¬ ϕ} ` ⊥ =⇒ Σ ` ¬ ϕ → ⊥, from which
Σ ` ¬¬ ϕ by 3.6(1) and 3.4(3); but then Σ ` ϕ by 3.6(5) and 3.4(3).
3.11. Theorem (Completeness). ` is complete with respect to |=, that is, Σ |= ϕ =⇒ Σ ` ϕ.
Completeness theorems are rarely easy; and this is no exception.
3.12. Corollary. Σ is consistent iff it is satisfiable.
Proof. Σ is consistent iff Σ 6` ⊥ iff Σ 6|= ⊥ iff Σ has a model.
∗∗∗
Let’s return for a moment to inconsistent sets of formulas. The trouble with an inconsistent set of formula is that everything is derivable from it.
3.13. Proposition. Σ ⊆ FormΠ is inconsistent iff Σ ` ϕ for every ϕ ∈ FormΠ .
The dual of the notion of inconsistency is that of completeness (of a set of formulas, not
of a calculus for a logic).
3.14. Definition. Let Π be the smallest set such that Σ ⊆ FormΠ . Then Σ is complete, if for
every ϕ ∈ FormΠ , Σ ` ϕ or Σ ` ¬ ϕ.
For example, { ¬ p } ⊆ Form{ p } is complete, but { ¬ p ∨ q } ⊆ Form{ p,q } is not. The first
follows from 3.11 and the simple fact that for every ϕ ∈ Form{ p } , { ¬ p } |= ϕ iff M |= ϕ,
where M is a model with M( p) = 0; and the second follows from 3.8, because, clearly,
{ ¬ p ∨ q } 6|= p and { ¬ p ∨ q } 6|= ¬ p.
3.15. Exercise. Show that { p, q } is complete.
3.16. Proposition. Let Π be the smallest set such that Σ ⊆ FormΠ . Then Σ is complete iff it has at
most one model.
14
Here, as always, we identify models that agree on all members of Π.
Proof. Because of 3.11, we’ll write |= in place of `.
(⇒) By the completeness of Σ, we have either Σ |= p or Σ |= ¬ p for every p ∈ Π. If both
of these are true, then Σ has no models, for p would be both true and false in any of them.
So we may assume that exactly one of these cases holds. If it’s the first, then p must be true,
and if it’s the second, then p must be false in all models of Σ. So all models of Σ agree on all
p ∈ Π.
(⇐) If Σ has no models, then Σ |= ϕ for every ϕ ∈ FormΠ , so Σ is complete. Otherwise,
let M-be the unique model of Σ; then Σ |= ϕ iff M |= ϕ. And since every formula or its
negation is true in a model, it follows that Σ |= ϕ or Σ |= ¬ ϕ for every ϕ ∈ FormΠ .
3.17. Proposition. If Σ is a set of formulas, then Σ+ = { ϕ : Σ ` ϕ } is closed under `, that is,
Σ+ ` ϕ implies ϕ ∈ Σ+ .
Proof. By 3.4(3) { ϕ : Σ ` ϕ } ` ψ implies Σ ` ψ.
3.18. Proposition. Let Σ ⊆ FormΠ be closed under ` and let Σ0 = { ¬ ϕ : Σ ` ϕ } = { ¬ ϕ : ϕ ∈
Σ }. Then
(1) Σ is complete iff Σ ∪ Σ0 = FormΠ
(2) Σ is consistent iff Σ ∩ Σ0 = ∅.
Proof. The first is true by the definition of completeness. As for the second, the (⇐) direction
holds because of 3.13; and the other is true, for if ϕ ∈ Σ ∩ Σ0 , that is, { ϕ, ¬ ϕ } ⊆ Σ, then
Σ ` ⊥ by 3.6(2) and 3.4(3) (or 3.4(2)).
3.2. Resolution for propositional logic.
3.19. Definition. A clause is a finite set of literals. The empty clause is denoted by:
V
Wm
The set of clauses corresponding to the CNF in=1 j=i 1 lij is
.
{{l11 , l12 , . . . , l1m1 }, {l21 , l22 , . . . , l2m2 }, . . . , {ln1 , ln2 , . . . , lnmn }}.
3.20. Example. The set of clauses corresponding to ( p ∨ ¬q) ∧ (¬ p ∨ q ∨ q) is {{ p, ¬q}, {¬ p, q}}.
3.21. Proposition. If the set of clauses corresponding to two CNFs are equal, then they are equivalent.
The converse is false, because, for example, p ∨ ¬ p ≡ q ∨ ¬q but their sets of clauses:
{{ p, ¬ p}} and {{q, ¬q}} are different.
Proof. Define the truth of caluses and sets of clauses in a model the following way: a clause
is true in a model M if at least one of its elements is true in M, and a set of clauses is true
in M if all its members
are true in M.
Wm
Then M |= j=1 l j ⇐⇒ M |= {l1 , . . . lm }, so
M |=
^n
i =1
_ mi
j =1
lij ⇐⇒ for all 1 ≤ i ≤ n-re
M |=
_ mi
l
j=1 ij
⇐⇒ for all 1 ≤ i ≤ n-re M |= {li1 , li2 , . . . , limi }
⇐⇒ M |= {{l11 , l12 , . . . , l1m1 }, {l21 , l22 , . . . , l2m2 }, . . . , {ln1 , ln2 , . . . , lnmn }}
and from this the proposition follows.
15
3.22. Definition (Resolution). Let C and D be two clauses with p ∈ C and ¬ p ∈ D. The
resolvent of C and D with respect to p is C \ { p} ∪ D \ {¬ p}.
3.23. Example. The resolvent of { p, q, ¬r } and { p, ¬q} with respect to q is { p, ¬r }.
3.24. Proposition. If E is a resolvent of the clauses C and D, then {C, D } |= E.
In other words, resolution is sound.
Proof. Say p ∈ C and ¬ p ∈ D, E = C \ { p} ∪ D \ {¬ p} is the resolvent of C and D with
respect to p, and let M be a model such that M |= {C, D }. If M( p) = 0, then M |= C \ { p}
(because M |= C but M 6|= p), so M |= E, since C \ { p} ⊆ E.
If, on the other hand, M( p) = 1, then M |= D \ {¬ p} (because M |= D but M 6|= ¬ p),
so M |= E, since D \ {¬ p} ⊆ E.
So we have M |= E in both cases.
Remarks. The following slight modification of resolution is not sound: if p ∈ C and ¬ p ∈
D, then the resolvent’ of C and D with respect to p is (C ∪ D ) \ { p, ¬ p}.
The following example shows that this is not sound. Let C = { p} and D = { p, ¬ p}; then
(C ∪ D ) \ { p, ¬ p} = , even though {C, D } 6|= , since {C, D } has a model while does
not.
One can’t “speed up” resolution by resolving simultaneously with respect to two propositional variables: for example, is not a resolvent of C = { p, q}, D = {¬ p, ¬q}, and in
fact, it doesn’t follow from them, since {C, D } is satisfiable.
3.25. Definition. A derivation by resolution of a clause E from a set Σ of causes is a finite
binary tree T such that
• each vertex of T is (labeled by) a clause
• E is (the label of) the root of T
• each leaf of T is (labeled by) an element of Σ
• every internal (i.e., non-leaf) vertex (labeled by) D of T has two children (labeled by
clauses) of which D is a resolvent.
(It’s a mouthful to always say “labeled by”, and we won’t, but we need to say that if we
want to be careful, because otherwise we’d have to identify vertices which (are labeled by)
the same clause, and would end up with a graph which is not a tree. Or we could only use
a clause once in every proof.)
The length of a derivation is the number of internal vertices. E is derivable from Σ (notation: Σ `r E) if E has a derivation by resolution from Σ. Σ is refutable if Σ `r .
3.26. Example. The refutation of {{¬ p}, { p, q}, {¬q}} in two steps:
{¬ p}
{ p, q}
@
@
{q}
{¬q}
@
@
3.27. Example. The refutation of ( p → q) ∧ (q → ¬ p) ∧ p, that is, of {{¬ p, q}, {¬q, ¬ p}, { p}}
(in two steps):
16
{¬ p, q}
@
@
{¬q, ¬ p}
{¬ p}
{ p}
@
@
3.28. Proposition (Soundness). If Σ is a set of clauses and E is a clause, then Σ `r E =⇒ Σ |= E.
Proof. By induction on the length of the derivation. Let M be a model of Σ. If E is derivable
from Σ in 0 steps, then E ∈ Σ, so M |= E. If E is derivable from Σ in n > 0 steps, then
E is a child of two clauses which are derivable in n − 1 steps (and thus true in M by the
induction hypothesis), but then E is true in every model of these two clauses by 3.24, and
hence in M, too.
3.29. Remark. `r is not complete. For example, ∅ |= { p, ¬ p}, even though ∅ 6`r { p, ¬ p}
(note that in this context { p, ¬ p} is the clause corresponding to the formula p ∨ ¬ p, not the
set of formulas { p, ¬ p}), because nothing is derivable from the empty set of clauses.
3.30. Theorem. The set of clauses Σ is unsatisfiable iff Σ `r
.
That is, even though resolution is not complete, it is refutation complete, and this is enough
in practice, because of the following.
3.31. Corollary. For Σ ⊆ Form, Σ |= ϕ ⇐⇒ Σ ∪ {¬ ϕ} `r
Of course, for Σ ⊆ Form, by Σ `r
.
we mean ∪{ the set of clauses of σ∧ : σ ∈ Σ } `r
Proof. Σ |= ϕ ⇐⇒ Σ ∪ {¬ ϕ}is unsatisfiable ⇐⇒ Σ ∪ {¬ ϕ} `r
.
.
3.32. Corollary (Compactness). A set of formulas is satisfiable iff all its finite subsets are satisfiable.
Proof. Clearly, it’s enough to show this for sets of clauses. But for those, it is easy, because
if a set of clauses Σ is unsatisfiable, then the empty clause is derivable from it by 3.30; and
since the derivation is a finite tree, it has only finitely many leaves, so the derivation uses
only finitely many clauses from Σ. So Σ has a finite subset from which is derivable, and
then that finite subset is unsatisfiable by 3.28
The other direction (if Σ is satisfiable, then so are its finite subsets) is obvious.
3.33. Definition. Let Σ be a set of clauses.
def
Res(Σ) = Σ ∪ { C : C is the resolvent of two clauses in Σ }.
def
def
Furthermore, Res0 (Σ) = Σ, Resn+1 (Σ) = Res( Resn (Σ)) and Res∗ (Σ) = ∪n∈N Resn .
In other words, Resk (Σ) is the set of clauses derivable from Σ in at most k steps, and
Res∗ (Σ) is the set of all clauses derivable from Σ.
3.34. Proposition. If Σ is finite, then Resk+1 (Σ) = Resk (Σ) for some k ∈ N.
17
Proof. Since Σ is finite, there are only finitely many propositional variables occurring in its
clauses. When resolving two clauses, all literals in the resolvent are already present in the
two clauses. But there are only finitely many different clauses using a finite set of literals3,
so Res∗ (Σ) is finite. From this the proposition follows, because then Res0 (Σ) ⊆ Res1 (Σ) ⊆
· · · ⊆ Resn (Σ) ⊆ . . . can’t all be different.
3.35. Corollary. Satisfiability of a finite set of clauses is decidable by resolution.
Proof. If a finite set Σ of clauses is unsatisfiable, then ∈ Resn (Σ) for some n by the completeness theorem (3.30); and if it is satisfiable, then Resn (Σ) = Resn+1 (Σ) for some n by the
previous proposition.
4. I NTERLUDE :
SOME POSSIBLE MIDTERM PROBLEMS
Problem Which of the following propositional formulas are valid?
(a)
(b)
(c)
(d)
( p → ¬q) → ¬(q ∧ p)
(( p → r ) ∧ (q → ¬r )) → ( p → ¬q)
( p → ⊥) → ¬ p
( p ∨ q) ∧ (¬ p ∨ ¬q) → ( p → q)
Solution. Let’s check the validity of the four formulas one by one. (a) is valid, for if
( p → ¬q) → ¬(q ∧ p) is not true in a model M, then M |= p → ¬q but M 6|= ¬(q ∧ p),
that is, M |= q ∧ p. But then M |= p, p → ¬q, so M |= ¬q ∧ q, a contradiction.
Or we can show that (a) is valid by resolution:
|= ( p → ¬q) → ¬(q ∧ p) ⇐⇒ { p → ¬q} |= ¬(q ∧ p) ⇐⇒ { p → ¬q, q ∧ p} is unsatisfiable
Converting this set of formulas to a set of clauses, we get {{¬ p, ¬q}, {q}, { p}}, which is
indeed unsatisfiable, because the empty clause can be derived from it:
{ p}
{¬ p, ¬q}
@
@
{¬q}
{q}
@
@
Alternatively, one can of course check the validity of (a) by a truth table.
(b): Let’s do this with resolution.
|= (( p → r ) ∧ (q → ¬r )) → ( p → ¬q) ⇐⇒ {( p → r ) ∧ (q → ¬r )} |= p → ¬q
⇐⇒ {( p → r ) ∧ (q → ¬r ), ¬( p → ¬q)} is unsatisfiable
⇐⇒ {{¬ p, r }, {¬q, ¬r }, { p}, {q}} is unsatisfiable
and this last statement is true, because the empty clause is derivable from {{¬ p, r }, {¬q, ¬r }, { p}, {q}}:
3note that clauses are sets, not formulas; so for example the clause corresponding to the disjunction p ∨ p ∨ p
is { p }
18
{¬ p, r }
{ p}
@
@
{r }
{¬q, ¬r }
@
@
{¬q}
{q}
@
@
So (b) is valid. So is, trivially, (c).
But (d) is not. We could get this by a truth table (there are only 2 variables involved, so
it’s doable), by resolution, or by common sense.
Common sense: for ( p ∨ q) ∧ (¬ p ∨ ¬q) → ( p → q) to be false in a model M, ( p ∨ q) ∧
(¬ p ∨ ¬q) should be true and p → q should be false in M. The latter implies M( p) = 1
and M(q) = 0 (so there is only one such model), but then M |= ( p ∨ q) ∧ (¬ p ∨ ¬q), so M
is indeed a model in which (d) fails.
Resolution:
|= ( p ∨ q) ∧ (¬ p ∨ ¬q) → ( p → q) ⇐⇒ {( p ∨ q) ∧ (¬ p ∨ ¬q), ¬( p → q)} is unsatisfiable
⇐⇒ {{ p, q}{¬ p, ¬q}, { p}, {¬q}} is unsatisfiable
Now that we have a set of clauses (or a CNF), we can see, without resolution that it is
satisiable, because the final two clauses dictate that a model of this should make p true and
q false; so all we have to check is that in this model the remaining two clauses are true.
Which they are, because p is in one of them and ¬q is in the other.
But even if we didn’t notice this and started the resolution process, we’d soon see that
it won’t be able to derive , because if Σ = {{ p, q}{¬ p, ¬q}, { p}, {¬q}}, then Res(Σ) =
Σ ∪ {{ p, ¬ p}, {q, ¬q}} and Res( Res(Σ)) = Res(Σ).
Problem. (A, B, C are either knights, who always tell the truth, or knaves, who always lie.)
A: Exactly one of us is a knight. B: I’m a knight. C: All three of us are knaves.
Who is a knight and who is a knave?
Solution. Let’s combine truth table with common sense. We need to find model(s) of the
set of formulas
Σ = { A ↔ 5( A, B, C ), B ↔ B, C ↔ ¬ A ∧ ¬ B ∧ ¬C }
Here 5( A, B, C ) stands for a formula which is true iff exactly one of A, B and C are true. We
could define it like this: ( A ∧ ¬ B ∧ ¬C ) ∨ (¬ A ∧ B ∧ ¬C ) ∨ (¬ A ∧ ¬ B ∧ C ), but the details
don’t matter, the importan thing is that we know when this holds in a model.
First, some common sense: we can leave out B ↔ B, since this is true in every model.
Also, C must be false (in the model we’re looking for), because C ↔ ¬ A ∧ ¬ B ∧ ¬C, so C
being true would imply ¬C also being true. With this we have eliminated 4 lines of the
8-line truth table. Also, instead of C ↔ ¬ A ∧ ¬ B ∧ ¬C we can just say ¬(¬ A ∧ ¬ B) or,
equivalently, A ∨ B, because we know that C is false. What’s left is this:
19
A B C A ∨ B 5( A, B, C ) A ↔ 5( A, B, C )
Σ
0 0 0
0
0
1
0
0 1 0
1
1
0
0
1 0 0
1
1
1
1
1 1 0
1
0
0
0
So there’s exactly one model of Σ, and only A is true in it, so A is a knight and the others
are all knaves.
V
Problem. Which of the following two sets of sentences are consistent? Which are complete?
Σ = { p ∧ ¬q, r → ( p ∨ q)}
Γ = { p ∧ ¬r, p → (q ∧ r )}
Solution. The question is whether they have models (by 3.11) and if so, how many (by
3.16).
The clausal form of Σ is {{ p}, {¬q}, {¬r, p, q}}. From this more than one model can
be read off: because of the first two clauses, if M is a model of Σ, then M( p) = 1 and
M(q) = 0; but then the third clause will also be true in M irrespective of whether r is true
in it. So Σ has at least two models: one in which p and r are true and q is false, and one in
which p is true and q and r are false. So Σ is consistent and not complete.
Γ, on the other hand, is clearly inconsistent (and hence complete, by 3.13), because in any
model that satisfies it, p must be true because of p ∧ ¬r ∈ Γ, but then both ¬r and r (because
of p → (q ∧ r ) ∈ Γ) must be true. Of course we can show this by resolution, too. The set of
clauses corresponding to Γ is
{{ p}, {¬r }, {¬ p, q}, {¬ p, r }}
(note that p → (q ∧ r ) ≡ ¬ p ∨ (q ∧ r ) ≡ (¬ p ∨ q) ∧ (¬ p ∨ r )), and from this, the empty
clause can be derived by resolution, like this:
{ p}
{¬ p, r }
@
@
{r }
{¬r }
@
@
Problem. Let Σ = {¬ p, q}. Which of the following are true?
(a)
Σ |= r → ( p ∨ ¬q)
(b)
Σ |= p ∨ q
(c)
Σ |= ( p ∨ ¬q) → r
(d)
Σ |= ¬ p → (q → ¬ p)
Solution. (a) doesn’t hold, because, since in any model of Σ, p ∨ ¬q doesn’t hold, r →
( p ∨ ¬q) doesn’t either, if r is true in it.
(b) holds, because q is true in every model of Σ.
(c) holds, because of the same reason (a) doesn’t: p ∨ ¬q is false in every model of Σ, so
the implication ( p ∨ ¬q) → r is true in every such model.
20
(d) holds, because actually |= ¬ p → (q → ¬ p).
5. F IRST- ORDER LOGIC
One can get surprisingly far with propositional logic, but it cannot talk about things and
relations between them. We need an extension of propositional logic that is for example
able to express that there are more than one things, or that a relation is transitive; or a query
in a relational database.
5.1. Syntax. There are two kinds of symbols in propositional logic (propositional variables
and connectives), and one syntactic category (formulas). By contrast, in first-order logic,
besides formulas, there are terms, the idea being that these denote things (such as numbers,
or points, or lines, etc.) of which the formulas say something. These two are built up using
five kinds of symbols:
(1) infinitely many variables (x, y, z, . . . and their indexed versions); Var denotes the set
of variables
(2) logical connectives (∧, ¬, ∀ (universal quantifier, to be read as “for all”), and =
(equality))
(3) relation symbols (P, R, S, . . . and their indexed versions)
(4) function symbols ( f , g, h, . . . and their indexed versions)
(5) constant symbols (c, d, e, . . . and their indexed versions)
Just as in propositional logic it was occasionally useful to vary the set of propositional variables, it’s best not to fix in advance the set of relation, function and constant symbols. We
say that a first order language is a set L = R ∪ F ∪ C , where R is a set of relation symbols,
F is a set of function symbols, and C is a set of constant symbols, and these sets are mutually disjoint. We assume that there is a function ρ which assigns a natural number to each
relation and function symbol. (If ρR = n or ρ f = n, than we say that R (or f ) has arity n.)
5.1. Definition (First order terms). Let L = R ∪ F ∪ C be a first order language. TermL is
the smallest set T for which the following are true:
(1) Var ⊆ T
(2) C ⊆ T
(3) if f ∈ F and t1 , . . . , tρ f ∈ T, then f (t1 , . . . , tρ f ) ∈ T.
5.2. Example. Let L be the language in which e is the only constant symbol (i.e., C = {e}),
F = {·}, where ρ(·) = 2, and R is empty. (This by the way is the language of group theory.)
Then ·(y, ·( x, e)) ∈ TermL . With the usual infix notation one writes this term as y · ( x · e).
5.3. Proposition (Term induction). If T is a property of terms such that
• T holds for all variables and constant symbols, and
• if f is an n-ary function symbol, and T holds for each t1 , . . . , tn ∈ Term, then T holds for
f ( t1 , . . . , t n )
then T holds for every term.
5.4. Definition (First-order formulas). Let L = R ∪ F ∪ C be a first-order language. Then
FormL , the formulas of L is the smallest set F such that
(1) if R ∈ R is n-ary, and t1 , . . . , tn ∈ TermL , then R(t1 , . . . , tn ) ∈ F
21
(2) if t1 , t2 ∈ TermL , then t1 = t2 ∈ F
(3) if ϕ, ψ ∈ F, then ¬ ϕ and ϕ ∧ ψ ∈ F
(4) if ϕ ∈ F and x ∈ Var, then ∀ xϕ ∈ F.
The formulas in item (1) are sometimes called relational atomic formulas, and those defined
in (1) and (2) are called atomic formulas.
5.5. Definition (Derived connectives).
def
• ϕ ∨ ψ = ¬(¬ ϕ ∧ ¬ψ)
def
• ϕ → ψ = ¬ϕ ∨ ψ
def
• ϕ ↔ ψ = ( ϕ → ψ) ∧ (ψ → ϕ)
def
• ∃ xϕ = ¬∀ x ¬ ϕ (∃ is the existential quantifier, to be read as “there exists”)
In the next section we’ll define the truth conditions for the connectives. But there will be
no surprises: the “old” ones will work as before, and ∀ xϕ will be true in a model if ϕ is true
for everything in that model, and ∃ xϕ will be true in a model if ϕ is true for something in
that model.
5.6. Examples.
(1) In the language L of the previous example, ∀ x ∃y(·( x, y) = e) (or
∀ x ∃y( x · y = e)) (that is, ∀ x ¬∀y(¬ x · y = e) or even ∀ x ¬∀y( x · y 6= e)) is a formula
(which happens to be true in groups, but we don’t officially know yet what that
means).
(2) Let A (apple) and R (rotten) be one-argument relation symbols. Then the formula
corresponding to “All apples are rotten” is ∀ x ( A( x ) → R( x )). “There is a rotten
apple” (that is, some apples are rotten) is ∃ x ( A( x ) ∧ R( x )).
(3) Let B (for “boy”), G (for “girl”) be one-argument relation symbols, and let L be a twoargument relation symbol (L( x, y) means that “x loves y”). Then the formalization
of “Everybody loves somebody” is ∀ x ∃yL( x, y). “Everybody is loved by somebody”
is ∀ x ∃yL(y, x ). “Every girl loves a boy” is ∀ x ( G ( x ) → ∃y( B(y) ∧ L( x, y))). “There is
a girl who loves every boy” is ∃ x ( G ( x ) ∧ ∀y( B(y) → L( x, y))). “There is a girl who
loves only boys” ∃ x ( G ( x ) ∧ ∀y( L( x, y) → B(y))).
5.7. Proposition (Formula-induction). If T is a property of formulas such that
• T holds for all atomic formulas
• if T holds for ϕ and ψ, then T holds for ¬ ϕ, ϕ ∧ ψ and ∀ xϕ (for all x ∈ Var)
then T holds for all formulas.
5.2. Semantics.
5.8. Definition (Model). Let L = R ∪ F ∪ C be a first-order language. Then M is an Lmodel (or L-structure), if it’s a function on L ∪ {∗} (with ∗ ∈
/ L) such that (denoting M(·)
M
by · throughout)
•
•
•
•
∗M = M(∗) = |M| (the universe of M) is a non-empty set
for all R ∈ R, RM ⊆ |M|ρR (that is, RM is a ρr argument relation on |M|)
for all f ∈ F , f M : |M|ρ f −→ |M| (that is, f M is a ρ f -argument function on |M|)
for all c ∈ C , cM ∈ |M|.
22
Usually we denote |M| simply by M. M is a model, if it is an L-model for some first-order
language L.
We’re about to define the meaning of L-formulas in L-models. The idea is that the meaning of a relation symbol R in a model M is the relation RM , the meaning of a function
symbol f is the function f M , and the meaning of the constant symbol c is the element cM
of M. In practice, we’ll often denote the relation RM of M simply by R, and likewise
with function and constant symbols. A further notational simplification is that we specify
a model by listing its components: M = h M, . . . i, where we write the relations, functions
and constants of the model in place of the dots. But in this case it shoudl be clear which
relation (function, constant) is the meaning of which relation symbol (function symbol, constant symbol).
5.9. Definition (Evaluation). Let M be a model with universe M. Then σ is an evaluation
into M if it’s a function σ : Var −→ M.
That is, an evaluation assigns an element of the model to each variable. We can think of
it as a “context”, or an “environment” which give value to (to borrow a term that will be
defined soon: free) variables, or a record in a table of a relational database.
5.10. Definition (The value of terms). Let σ be an evaluation into the L-model M. The
value of the terms of L in M according to σ are defined by recursion on terms.
• x M [σ] = σ( x ) if x ∈ Var
• cM [σ] = cM if c ∈ C
• f (t1 , . . . , tρ f )M [σ] = f M (t1M [σ], . . . , tM
ρ f [ σ ]) if f ∈ F and t1 , . . . , tρ f ∈ TermL .
5.11. Example. Legyen L be the language of number theory: R = {≤}, ρ(≤) = 2, F =
{+, ·}, ρ(+) = ρ(·) = 2, and C = {0, 1}. One L-model is the set of natural numbers with
the usual relations, functions and constant: that is, N = h N, ≤N , +N , ·N , 0N , 1N i, where
N is the set of natural numbers, ≤N is the usual ordering of natural numbers, +N is the
usual addition on natural numbers, and so on.
Let σ be the evaluation which assigns 3 to every variable. Then ·(+(0, y), +( x, 1))N [σ ]
(or, using the usual infix notation, ((0 + y) · ( x + 1))N [σ ]) = 12. Beware: ·(3, +( x, 1)) is not
a term in this language (because 3 is not a term).
Another model of L is the structure M whose universe is again N, but ≤M is divisibility,
+M is greatest common divisor, ·M is least common multiple, 0M = 1 and 1M = 33. Using
the same evaluation σ as before, we get ·(+(0, y), +( x, 1))M [σ] = ·M (+M (1, 3), +M (3, 33)) =
·M (1, 3) = 3 here.
5.12. Definition (The value of formulas). Let σ be an evaluation into the L-model M. The
truth of L-formulas in M according to the evaluation σ is defined by recursion on formulas.
M
• M |= R(t1 , . . . , tρR )[σ] ⇐⇒ h t1M [σ], . . . , tM
ρR [ σ ] i ∈ R
•
•
•
•
M |= (t1 = t2 )[σ] ⇐⇒ t1M [σ] = t2M [σ]
M |= ¬ ϕ[σ] ⇐⇒ M 6|= ϕ[σ]
M |= ( ϕ ∧ ψ)[σ] ⇐⇒ M |= ϕ[σ] and M |= ψ[σ]
M |= ∀ xϕ[σ] ⇐⇒ M |= ϕ[σ0 ] for all evaluations σ0 which differ from σ at most on
x.
23
The last condition can be expressed equivalently as follows:
M |= ∀ xϕ[σ] ⇐⇒ M |= ϕ[σ( x/m)] for all m ∈ M
where σ ( x/m) is the evaluation that agrees with σ on all variables different from x, and
assumes the value m on x.
Finally, M |= ϕ, if M |= ϕ[σ] for all evaluations σ into M.
5.13. Corollary. M |= ∃ xϕ[σ] ⇐⇒ there is an m ∈ M such that M |= ϕ[σ( x/m)]
Proof. M |= ∃ xϕ[σ ] iff M |= ¬∀ x ¬ ϕ[σ ] iff M 6|= ∀ x ¬ ϕ[σ] iff it’s not true that M |=
¬ ϕ[σ( x/m)] for every m ∈ M, iff it’s not true that M 6|= ϕ[σ( x/m)] for every m ∈ M, iff
there is an m ∈ M such that M |= ϕ[σ( x/m)].
5.14. Example. Let L, N and σ be as in the previous example. N |= ∀ x ¬( x + y = 0))[σ ]
(that is, writing according to the usual mathematical conventions, N |= ∀ x ( x + y 6= 0)[σ ]),
N |= ∀ x (0 ≤ x + y)[σ], N 6|= ∀ x ( x 6= 0 → ∃y( x · y = 1))[σ]. If the universe of M is
Q, ≤M is the usual ordering of the rationals, +M is addition on the rationals, etc., then
M |= ∀ x ( x 6= 0 → ∃y( x · y = 1))[σ].
5.15. Definition (Free variables). For t ∈ TermL and ϕ ∈ FormL , FV (t), respectively, FV ( ϕ)
denotes the set of free variables of t and ϕ, defined as follows:
• FV ( x ) = { x } if x ∈ Var
• FV (c) = ∅ if c ∈ C
• FV ( f (t1 , . . . , tρ f )) = ∪{ FV (ti ) : 1 ≤ i ≤ ρ f }
• FV ( R(t1 , . . . , tρR )) = ∪{ FV (ti ) : 1 ≤ i ≤ ρR }
• FV (t1 = t2 ) = FV (t1 ) ∪ FV (t2 )
• FV (¬ ϕ) = FV ( ϕ)
• FV ( ϕ ∧ ψ) = FV ( ϕ) ∪ FV (ψ)
• FV (∀ xϕ) = FV ( ϕ) \ { x }.
In particular, by the first three clauses, FV (t) for a term is exactly the set of variables occurring in t.
ϕ is a sentence if FV ( ϕ) = ∅. SentL = { ϕ ∈ FormL : FV ( ϕ) = ∅ } is the set of Lsentences.
For example, FV ( x = y → ∀yR( x, y)) = { x, y }.
5.16. Proposition. Let σ and τ be evaluations into the L-model M, t ∈ TermL and ϕ ∈ FormL .
(1) If σ FV (t) = τ FV (t), then tM [σ] = tM [τ ], and
(2) if σ FV ( ϕ) = τ FV ( ϕ), then M |= ϕ[σ] ⇐⇒ M |= ϕ[τ ].
These can be proved by induction on terms and formulas, respectively.
5.17. Corollary. If M is an L-model and ϕ ∈ SentL , then M |= ϕ iff M |= ϕ[σ] for some
evaluation σ into M.
5.18. Proposition. For all L-models M and ϕ ∈ FormL , M |= ϕ ⇐⇒ M |= ∀ xϕ. Hence if
FV ( ϕ) ⊆ { x1 , . . . , xn }, then M |= ϕ ⇐⇒ M |= ∀ x1 . . . ∀ xn ϕ.
If FV ( ϕ) ⊆ { x1 , . . . , xn }, we call ∀ x1 . . . ∀ xn ϕ ∈ SentL the universal closure of the formula
ϕ.
24
Proof. The first statement holds because
M 6|= ∀ xϕ
⇐⇒ there is a σ such that M 6|= ∀ xϕ[σ]
⇐⇒ there is a σ and a σ0 such that σ0 differs at most on x from σ and such that M 6|= ϕ[σ0 ]
⇐⇒ there is a σ0 such that M 6|= ϕ[σ0 ]
⇐⇒ M 6|= ϕ
Here it’s only the third equivalence which doesn’t hold by definition. And there, the left to
right direction is obvious, and the other direction is true because one can take σ to be σ0 .
From this, the second part of the proposition follows (for example by induction on the
cardinality of FV ( ϕ)).
Beware: we’re not claiming (and it’s not true), that M |= ϕ → ∀ xϕ in every model M.
For example, if M has at least two elements, then M 6|= x = c → ∀ x ( x = c) because
M 6|= x = c → ∀ x ( x = c)[σ] if σ( x ) = cM .
The fact that FV ( ϕ) ⊆ { x1 , x2 , . . . , xn } is often indicated by writing ϕ( x1 , x2 , . . . , xn ) in
place of ϕ.
5.19. Definition. Let M be an L-model, ϕ( x1 , x2 , . . . , xn ) ∈ FormL and m1 , m2 , . . . , mn ∈ M.
Then M |= ϕ( x1 , x2 , . . . , xn )[m1 , m2 , . . . , mn ] if there is an evaluation σ such that σ( xi ) = mi
(for all 1 ≤ i ≤ n) and M |= ϕ( x1 , x2 , . . . , xn )[σ].
Because of 5.16, one could write “for all evaluations σ” in place of “there is an evaluation
σ” in this definition. What’s important is that because of 5.16, it’s enough to evaluate the
free variables.
5.20. Definition. An occurrence of the variable x in a formula ϕ is bound, if it falls in a subformula of the form ∀ xψ of ϕ; and free otherwise.
For example, both occurrences of x, and the first occurrence of y is free, and the second
occurrence of y is bound in x = y → ∀yR( x, y). It’s not hard to show that
FV ( ϕ) = { x ∈ Var : x has a free occurrence in ϕ }
for all formulas ϕ.
5.21. Definition (substitution). For ϕ( x1 , x2 , . . . , xn ) ∈ FormL and t1 , t2 , . . . , tn ∈ TermL ,
ϕ( x1 /t1 , x2 /t2 , . . . , xn /tn ) denotes the formula resulting from writing the terms t1 , t2 , . . . , tn
in place of the free occurrences of x1 , x2 , . . . , xn in ϕ.
5.22. Example. If ϕ( x, y) is the formula x = y → ∀y( R( x, y)), then ϕ( x/ f ( x, y), y/g( x )) is
the formula f ( x, y) = g( x ) → ∀y( R( f ( x, y), y)). This example shows that this is parallel
substitution: otherwise the result would be
( x = y → ∀y( R( x, y))) ( x/ f ( x, y))(y/g( x ))
≡ ( f ( x, y) = y → ∀y( R( f ( x, y), y))) (y/g( x ))
≡ f ( x, g( x )) = g( x ) → ∀y( R( f ( x, y), y))
25
It’s tempting to think that M |= ∀ xϕ( x ) implies M |= ϕ( x/t) for every term t, but it’s
not true. For example, let M be a model whose universe contains at least two elements, let
ϕ( x ) be the formula ∃y¬( x = y), and let t be the variable y. Then M |= ∀ xϕ( x ) (that is,
M |= ∀ x ∃y¬( x = y)), but M 6|= ϕ( x/t) (that is, M 6|= ∃y¬(y = y)). The source of the
problem is that in the course of the substitution, a free occurrence of a variable (y in our
case) in t has become bound. We see the same phenomenon everywhere where there are
R1
operators (like ∀ and ∃ here) that bind variables. For example 0 y dx = y, and this is true
whatever term (for example z · y2 ) we substitute for y, as long as x doesn’t occur in that
R1
term, but not if it does; for example, 0 x dx (= 1/2) 6= x.
5.23. Definition.
(1) Given an L-structure M and Σ ⊆ FormL , M |= Σ iff for all ϕ in Σ
M |= ϕ. In this case we say that Σ is true in M.
(2) For Σ ∪ { ϕ} ⊆ FormL , we say that Σ |= ϕ (ϕ is a (semantic) consequence of Σ) iff
M |= ϕ for all L-structure M such that M |= Σ.
(3) For ϕ ∈ FormL , |= ϕ (ϕ is valid) iff ∅ |= ϕ, that is, if ϕ is true in every L-structure
under all evaluations.
(4) ϕ ∈ FormL or Σ ⊆ FormL is satisfiable iff it is true in some model under some evaluation, and unsatisfiable otherwise.
(5) ϕ ≡ ψ (ϕ and ψ are equivalent) if they are true in the same models under the same
evaluations. (For example, x = y ≡ y = x, (∀ x )(∀y) ϕ ≡ (∀y)(∀ x ) ϕ.)
Just as in propositional logic, we have ϕ ≡ ψ ⇐⇒ |= ϕ ↔ ψ.
5.24. Proposition. For Σ ∪ { ϕ} ⊆ SentL ,
Σ |= ϕ ⇐⇒ Σ ∪ {¬ ϕ} is unsatisfiable.
Proof. Σ |= ϕ iff ϕ is true in every model of Σ iff ¬ ϕ is false in every model of Σ iff Σ ∪ {¬ ϕ}
is unsatisfiable.
Unlike in propositional logic, the set of valid formulas in first-order logic is undecidable.
(Otherwise, the whole of mathematics would be decidable.) The reason is not that first
order models can be infinite; in fact, if we only allow finite models, the set of valid formulas
become even more complex (not even recursively enumerable).
The next proposition lists some important valid formulas (along with some that aren’t).
5.25. Proposition.
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
|= ∀ x ( ϕ ∧ ψ) ↔ (∀ xϕ ∧ ∀ xψ)
|= ∃ x ( ϕ ∨ ψ) ↔ (∃ xϕ ∨ ∃ xψ)
6|= ∀ x ( ϕ ∨ ψ) → (∀ xϕ ∨ ∀ xψ), but if x ∈
/ FV (ψ), then |= ∀ x ( ϕ ∨ ψ) ↔ (∀ xϕ ∨ ψ)
6|= (∃ xϕ ∧ ∃ xψ) → ∃ x ( ϕ ∧ ψ), but if x ∈
/ FV (ψ), then |= (∃ xϕ ∧ ψ) ↔ ∃ x ( ϕ ∧ ψ)
|= ∀ x ( ϕ → ψ) → (∀ xϕ → ∀ xψ)
6|= (∀ xϕ → ∀ xψ) → ∀ x ( ϕ → ψ)
|= ∀ x ∀yϕ → ∀y∀ xϕ
|= ∃ x ∃yϕ → ∃y∃ xϕ
|= ∃ x ∀yϕ → ∀y∃ xϕ
6|= ∀ x ∃yϕ → ∃y∀ xϕ
26
Proof. The “positive” statements follow easily from the truth definition, and it is easy to
find counterexamples for the “negative” ones. We check some of them.
(1) For any model M and evaluation σ into M, we have
M |= ∀ x ( ϕ ∧ ψ)[σ]
⇐⇒ for all m ∈ M, M |= ϕ ∧ ψ[σ( x/m)]
⇐⇒ for all m ∈ M, M |= ϕ[σ( x/m)] and M |= ψ[σ( x/m)]
⇐⇒ for all m ∈ M, M |= ϕ[σ( x/m)] and for all m ∈ M, M |= ψ[σ( x/m)]
⇐⇒ M |= ∀ xϕ[σ] and M |= ∀ xψ[σ]
⇐⇒ M |= ∀ xϕ ∧ ∀ xψ[σ]
(3) Let L be a language with two unary relation symbols R and S, and let M be the Lstructure h M, RM , SM i where M = { a, b }, RM = { a} and SM = {b}. Then M |=
∀ x ( R( x ) ∨ S( x )), but M 6|= ∀ xR( x ) ∨ ∀ xS( x ). “Everything is risky or safe” doesn’t imply
that “Everything is risky or everything is safe”.
To see that the second part of (3) holds, suppose that x ∈
/ FV (ψ), and let M and σ be
arbitrary. Then
M 6|= ∀ x ( ϕ ∨ ψ)[σ]
⇐⇒ there is an m ∈ M such that M 6|= ϕ ∨ ψ[σ( x/m)]
⇐⇒ there is an m ∈ M such that M 6|= ϕ[σ( x/m)] and M 6|= ψ[σ( x/m)]
⇐⇒ M 6|= ∀ xϕ[σ] and M 6|= ψ[σ]
⇐⇒ M 6|= ∀ xϕ ∨ ψ[σ]
(we used 5.16 in the last but one step).
(5) We need to show that |= (∀ x ( ϕ → ψ) ∧ ∀ xϕ) → ∀ xψ. For any model M and valuation
σ into M, we have
M |= ∀ x ( ϕ → ψ) ∧ ∀ xϕ[σ]
=⇒ M |= ∀ x ( ϕ → ψ)[σ] and M |= ∀ xϕ[σ]
=⇒ for all m ∈ M, M |= ϕ → ψ[σ( x/m)] and for all m ∈ M, M |= ϕ[σ( x/m)]
=⇒ for all m ∈ M, if M |= ϕ[σ( x/m)], then M |= ψ[σ( x/m)]; and for all m ∈ M, M |= ϕ[σ( x/m)]
=⇒ for all m ∈ M, M |= ψ[σ( x/m)]
=⇒ M |= ∀ xψ[σ]
(6) From “If everybody is a millionaire, then everybody is blonde” it doesn’t follow that
“every millionaire is blonde”. More precisely, let L be a language with two unary relation
symbols R and S, and let M be the L-structure h M, RM , SM i where M = { a, b }, RM =
{ a} and SM = {b}. Then M |= ∀ x.R( x ) → ∀ x.S( x ), because M 6|= ∀ x.R( x ); but M 6|=
∀ x ( R( x ) → S( x )), because M 6|= R( x ) → S( x )[ a]. Note that SM = ∅ would have worked,
too. All that mattered was that RM is not a subset of SM .
27
(9) Let M and σ be arbitrary. Then
M |= ∃ x ∀yϕ[σ]
=⇒ there is an m ∈ M such that M |= ∀yϕ[σ( x/m)]
=⇒ there is an m ∈ M such that for all m0 ∈ M, M |= ϕ[σ( x/m)(y/m0 )]
=⇒ for all m0 ∈ M there is an m ∈ M such that M |= ϕ[σ( x/m)(y/m0 )]
=⇒ for all m0 ∈ M M |= ∃ xϕ[σ(y/m0 )]
=⇒ M |= ∀y∃ xϕ[σ]
(10) “Everybody is loved by somebody”, that is, “For everyone there’s someone who loves
him/her” doesn’t imply that “There is somebody who loves everybody”. In more details:
let L be the empty language and let M be an L-structure with at least two elements. Then
M 6|= ∀ x ∃y.x = y → ∃y∀ x.x = y.
The deduction theorem is a bit more complicated for first order logic than for propositional logic. For example, { ϕ} |= ∀ xϕ (see 5.18), but 6|= ϕ → ∀ xϕ (for example, if ϕ is the
formula x = c, then ϕ → ∀ xϕ is not true in any model with at least two elements).
5.26. Theorem (Deduction theorem). If Σ ∪ { ϕ, ψ} ⊆ FormL , then
Σ ∪ { ϕ} |= ψ ⇐⇒ Σ |= ∀ x̄ϕ → ψ,
where x̄ = x1 , . . . , xn is a listing of the elements of FV ( ϕ) (in other words ∀ x̄ϕ is the universal
closure of ϕ). In particular, if Σ ∪ { ϕ, ψ} ⊆ SentL , then
Σ ∪ { ϕ} |= ψ ⇐⇒ Σ |= ϕ → ψ.
5.3. Examples.
5.27. Example. Let L be the empty language. We can express the fact that “the universe has
at least two elements” by the L-sentence ∃ x ∃y.x 6= y (this means that the models of this
sentence are exactly those whose universe has at leas two elements); that “the universe has
exactly two elements” by ∃ x ∃y( x 6= y ∧ ∀z(z = x ∨ z = y)); that “the universe has at most
three elements” by ∀ x ∀y∀z∀w(w = x ∨ w = y ∨ w = z).
5.28. Exercise. Give a set Σ of formulas in the empty language such that M |= Σ iff M is
infinite.
So we can also express the fact that the universe is infinite by a set of formulas; but
not the fact that it is finite, because of the following. If ∆ were a set of formulas that was
true in exactly the finite models, that is, if M |= ∆ iff M is finite, and if σn is a formula
which says that the universe has at least n elements, then every finite subset of the set
Σ = ∆ ∪ {σn : n ∈ N} were satisfiable. But then Σ were also satisfiable, which contradict
the assumption that ∆ has only finite models, because the compactness theorem holds for
first-order logic, too:
5.29. Theorem. If all finite subsets of the set of first-order formulas Σ is satisfiable, then Σ is
satisfiable.
28
Since there is no set of formulas that is true in exactly the finite models, it follows, that
there is no formula which is true in exactly the infinite ones, because if there were, its negation would define the finite models.
5.30. Example. Let L be the language with a binary relation symbol < and two constant
symbols, a and b. The intention is that a denotes Alice, b denotes Bob, and x < y means that
the value of x is smaller than the value of y.
(1) Alice is smaller than Bob: a < b
(2) Alice is smaller than someone who is smaller than Bob: ∃ x ( a < x ∧ x < b)
(3) Everybody who is smaller than Bob is smaller than Alice: ∀ x ( x < b → x < a).
(4) Everybody who is smaller than someone who is smaller than Bob is smaller than
Alice:
∀ x (∃y( x < y ∧ y < b) → x < a)
(5) If something is smaller than everything, then something is smaller than itself:
(∃ x ∀y.x < y) → ∃ x.x < x
(6) There is something that is smaller than anything that Alice is smaller than:
∃ x ∀y( a < y → x < y)
5.31. Example. Let L be the language {≤}, where ρ(≤) = 2. We formulate sentences that
express various facts about the binary relation that is the meaning of ≤:
(1) ≤ (strictly speaking, not ≤, but its meaning) is a preorder (that is, a reflexive, transitive relation):
∀ x ( x ≤ x ) ∧ (∀ x )(∀y)(∀z)(( x ≤ y ∧ y ≤ z) → x ≤ z)
(2) every element has an immediate successor (where y is an immediate successor of x
if x ≤ y and x 6= y, but there’s nothing between x and y):
(∀ x )(∃y)( x ≤ y ∧ x 6= y ∧ ∀z(( x ≤ z ∧ z ≤ y) → ( x = z ∨ y = z)))
(3) no element has an immediate successor:
(∀ x )(∀y)( x ≤ y → ∃z( x ≤ z ∧ z ≤ y ∧ x 6= z ∧ z 6= y))
(4) there is an element that is comparable with every other element:
(∃ x )(∀y)( x ≤ y ∨ y ≤ x )
(5) every set with at most two elements has a smallest upper bound:
(∀ x )(∀y)(∃z) ( x ≤ z ∧ y ≤ z ∧ (∀w)(( x ≤ w ∧ y ≤ w) → z ≤ w))
5.32. Example. Let L be the language of the model N = hN, 0N , sN , +N , ·N i. First we
formulate L-formulas ϕ( x ) whose meaning (in this case {n ∈ N : N |= ϕ( x )[n]}) in N is
(1) the square numbers: (∃y) x = y · y
(2) the even numbers: (∃y) x = y + y
(3) the odd numbers: (∃y) x = s(y + y)
(4) prime numbers: (∀y) ((∃z)( x = y · z) → y = s(0) ∨ y = x )
29
Now let’s formulate Goldbach’s conjecture (every even number greater than 2 is the sum
of two primes) in this language, using the unary predicates E( x ) (“x is even”), P( x ) (“x is
prime”) defined above:
(∀ x ) ( E( x ) ∧ 2 < x → (∃y)(∃z)( P(y) ∧ P(z) ∧ x = y + z)) ,
or, without abbreviations,
E( x )
z
}|
{
(∀ x )((∃y)( x = y + y) ∧2 < x
P(y)
z
}|
{
→ (∃y)(∃z)((∀w) ((∃z)(y = w · z) → w = s(0) ∨ w = y)
∧ (∀y) ((∃w)(z = y · w) → y = s(0) ∨ y = z) ∧ x = y + z))
|
{z
}
P(z)
Note that we had to rename bound variables to avoid clashes.
6. M ODAL AND TEMPORAL LOGICS
Modal logics, and temporal logics in particular, have some interesting applications in
computer science. These include reasoning about program correctness, about knowledge
of agents, etc.
6.1. Propositional modal logic. We’ll learn about the basics of (propositional) temporal
logic, but to do that, it’s useful to start with a more general class of logics: propositional
(multi)modal logic. Just like first order logic, it’s an extension of propositional logic, but in
a different direction.
Syntax. The simplest version of propositional modal logic (basic propositional modal logic) has
the same syntax as propositional logic, except that there is a new unary logical connective
. So now formulas are:
FormΠ = Π | ¬ FormΠ | FormΠ ∧ FormΠ | FormΠ
where, as in ordinary propositional logic, Π is the set of propositional variables. That is,
FormΠ is the smallest set containing Π which is closed under ¬, ∧, and . ϕ is pronounced “necessarily ϕ” or simply “box ϕ”.
Precedence: as before, unary connectives bind closer than binary ones, so ϕ ∧ ψ should
be read as ( ϕ) ∧ ψ and not as ( ϕ ∧ ψ).
6.1. Examples. All propositional formulas are examples of modal formulas; and so are p,
¬ ¬( p ∧ q), etc.
Apart from the usual ones (∨, →, ↔, ⊥, >, etc.) defined in the usual way, there is a new
def
derived connective, ♦: ♦ ϕ = ¬ ¬ ϕ, “it’s possible that ϕ” or simply “diamond ϕ”.
30
Semantics.
6.2. Definition (frame, model). F = h W, R i is a frame (or transition system), if W is a nonempty set (the set of worlds or states) and R ⊆ W × W (R is called the accessibility relation or
transition relation). (When sRt for some s, t ∈ W, we say that t is a neighbour of s, or that s
sees t.) M = hF , vi is a model if F is a frame and v : Π −→ P (W ); v is called an evaluation).
The idea is that to every propositional variable v assigns the set of states where it holds,
as can be seen in the first clause of the following definition.
6.3. Definition (meaning of a formula). The truth of a formula ϕ in the state s ∈ W of the
model M = hW, R, vi is defined as follows:
• M |=s p if s ∈ v( p)
• M |=s ¬ ϕ if M 6|=s ϕ
• M |=s ϕ ∧ ψ if M |=s ϕ and M |=s ψ
• M |=s ϕ if M |=t ϕ for all t ∈ W such that sRt.
Finally, M |= ϕ (ϕ is true in M) if (∀s ∈ W )M |=s ϕ; and F |= ϕ (ϕ is valid in F ) if for all
evaluations v, h F , v i |= ϕ. For a class K of frames, K |= ϕ (ϕ is valid in K) if ϕ is valid in
each element of K. ϕ is valid (notation: |= ϕ), if it is valid in every frame.
The changes in the semantics seem more profound than the change in the syntax of
propositional logic. But in reality, there is only one change in the semantics, too. The
fact that now a model is not simply a function mapping propositional variables to truth
values, but a non-empty set, together with a function which maps propositional variables
to the powerset of this set is not a great departure. Propositional logic could have been
defined with this kind of semantics, and all our important results would continue to hold.
For example, it would not change the set of valid formulas. So there is just one change
in semantics, too, corresponding to the one change in syntax: naturally, we have to define
truth for the new logical connective. And what this definition says is that ϕ holds in a
state s of a model M iff ϕ holds in all the neighbours of s in M. In other words, s sees only
states where ϕ holds. Consequently, ♦ ϕ holds in a state s of a model M iff ϕ holds in some
neighbour of s in M.
6.4. Example. Let F = hW, Ri and M = hF , vi, where W is the set {1, 2, 3}, R = {(1, 2), (2, 3)},
and v( p) = {1, 2}, v(q) = {1, 3}. Then
p,q
p
q
1
2
3
(1) M |=2 p ∧ ¬q
(2) M |=1 ¬ ♦ q, because 2 is the only neighbour of 1, and M 6|=2 q
(3) M |=1 ♦ ♦ q, because 1 has a neighbour (2) which has a neighbour (3) where q is
true.
(4) M |=1 ♦ q, because 1 has only one neighbour (2), and that has a neighbour (3)
where q is true.
(5) M |=1 ♦( p ∧ ♦ q), because 1 has a neighbour (2) where p is true and which has a
neighbour (3) where q is true.
31
(6) M |=1 ( p ∧ ♦ q), because 1 has only one neighbour (2), so it’s true for all neighbours of 1, that p is true there and that it has a neighbour (3) where q is true.
(7) M |=3 ⊥ because 3 has no neighbours.
(8) M |=2 ( p → ¬q) because 3 is the only neighbour of 2, and M 6|=3 p, so M |=3
p → ¬q
(9) F |= ♦ p → p because every state has at most one neighbour; so if something is
true in a neighbour of a state, then it is true in all neighbours of that state.
6.5. Examples.
(1) |= > because > is true in every state of every model
(2) 6|= ♦ >, because in every model, ♦ > is true in a state iff that state has a neighbour;
hence ♦ > is valid in a frame iff every state in the frame has a neighbour
(3) |= ( ϕ → ψ) → ( ϕ → ψ) (c.f. 5.25(5))
(4) 6|= ( ϕ → ψ) → ( ϕ → ψ) (c.f. 5.25(6))
(5) |= ♦( ϕ ∨ ψ) ↔ (♦ ϕ ∨ ♦ ψ) (c.f. 5.25(2))
(6) |= ♦( ϕ → ψ) → ( ϕ → ♦ ψ)
(7) if K |= ϕ, then K |= ϕ (c.f. 5.18)
(8) 6|= ϕ → ϕ (c.f. the remark following 5.18)
6.6. Proposition. Let R be the transition relation of the frame F .
F |= ⊥ ⇐⇒ F |= ∀s¬∃t.sRt
F |= p → p ⇐⇒ F |= ∀s.sRs, that is iff R is reflexive
F |= p → p ⇐⇒ R is transitive
F |= p → p ⇐⇒ R is dense, that is, if F |= ∀s, t(sRt → ∃w.sRwRt)
F |= p → ♦ p ⇐⇒ R is symmetric
F |= ♦ p → p ⇐⇒ F |= ∀s∀t∀w(sRt ∧ sRw → t = w), that is, if R is a partial
function
(7) F |= ♦ p → ♦ p ⇐⇒ F |= ∀s∀t∀w(sRt ∧ sRw → tRw).
(1)
(2)
(3)
(4)
(5)
(6)
Proof. We prove some of these equivalences. (Usually, the ⇐ direction is a straightforward
computation, but the other direction needs a little more attention.)
(2) (⇐) If R is reflexive and hF , vi |=s p for some v, then hF , vi |=s p, too, since s is a
neighbour of s.
/
i
q
¬
(⇒) If s is an irreflexive state, then with v( p) = W \ { s } (in picture: p ) we get h F , v i 6|=s
p → p, since p is true in all neighbours of s but not in s itself.
(3) (⇐) If R is transitive, and hF , vi |=s p, then p is true in this model in all neighbours
of s; but then because of transitivity, p is true in all neighbours of all neighbours of s; so
hF , vi |=s p.
(⇒) If R is not transitive, then there are states rRsRt with ¬rRt; let v( p) = W \ { t }. In
¬p
picture: q - q - q . But then hF , vi 6|=r p → p, since p is true in all neighbours of r,
but r has a neighbour (s), in which p is not true.
(5) (⇐) If R is symmetric and hF , vi |=s p for some v, then ♦ p is true in every neighbour
of s, since every neighbour of s sees s. So hF , vi |=s ♦ p.
(⇒) If R is not symmetric, then there are states sRt with ¬tRs; let v( p) = { s }. Then
hF , vi |=s p, but hF , vi 6|=s ♦ p because sRt but hF , vi 6|=t ♦ p.
32
6.2. Propositional temporal logic. How do all these relate to temporal logic? If the accessibility relation happens to be some kind of ordering, so we can say that sRt means that t
is “later” than s, then ϕ is true in s if ϕ is true in every moment later than s, or, in other
words, that “always in the future ϕ” is true in s. Here we use the fact that an ordering is a
transitive relation.
But when dealing with time, one usually wants to talk about the past, too, not just the
future. We need a slight extension of basic modal logic to accommodate this.
In basic multimodal logic, instead of having one modal connective , we have a family,
{i : i ∈ I }, of them. Accordingly, frames are of the forms h W, Ri ii∈ I , where Ri is the
accessibility relation corresponding to i . So now FormΠ is the smallest set containing Π
which is closed under ¬, ∧, and i (for every i ∈ I), and M |=s i ϕ if M |=t ϕ for all
t ∈ W such that sRi t.
The simplest kind of temporal logic is a bi-modal logic with the extra conditions that the
accessibility relations (R F and R P ; or < and >) corresponding to the two modalities (which
are written [F] and [P] instead of 1 and 2 ) are strict partial orders (irreflexive, transitive
relations), and are each other’s converses, that is, that sR F t ⇐⇒ tR P s for all states s, t. This
corresponds to the expectation that looking into the future works along the same relation
as looking into the past.
6.7. Proposition. Let F = hW, R F , R P i be any frame. Then
(1) F |= ϕ → [F] <P> ϕ iff sR F t =⇒ tR P s for all s, t ∈ W
(2) F |= ϕ → [P] <F> ϕ iff sR P t =⇒ tR F s for all s, t ∈ W.
Proof. We show only the first, the proof of the second is similar.
(⇐) This implication is true, because by our assumption, all states are “in the past” of all
the states that are in its future. In more detail: Suppose that h F, vi |=s ϕ for some evaluation
v and state s; we need to show that h F, vi |=s [F] <P> ϕ, that is, that h F, vi |=t <P> ϕ for all
t such that sR F t. But this is true, because tR P s by our assumption, and ϕ is true at s.
(⇒) Suppose that sR F t but ¬tR P s for some s, t ∈ W, and let v( p) = {s}. Then h F, vi |=s p,
but h F, vi 6|=s [F] <P> p, because sR F t, but h F, vi 6|=t <P> p, since s is the only state at which
p is true, but ¬tR P s.
6.8. Definition (time-frame, preliminary version). A frame F = hW, R F , R P i is a time-frame
or temporal frame if R F and R P are each other’s converses and R F (and hence R P , too) is a
strict partial ordering.
By the previous proposition and 6.6(3), we have the following.
6.9. Corollary. A frame F = hW, R F , R P i is a time-frame iff R F is irreflexive and
F |= ( ϕ → [F] <P> ϕ) ∧ ( ϕ → [P] <F> ϕ) ∧ ([F] ϕ → [F] [F] ϕ)
Since the two accessibility relations in a time-frame can be recovered from each other, it’s
not necessary to carry both of them around. So
6.10. Definition (time-frame, final version). A frame F = hW, Ri is a time-frame or temporal
frame if R is strict partial order, which corresponds to the modality [F]. The truth condition
for [ P] ϕ in such a frame is the following
M |=s [ P] ϕ ⇐⇒ M |=t ϕ for all t such that tRs.
33
6.11. Examples. Let F = hN, <i, where < is the usual ordering of the natural numbers;
and let M = hF , vi, where v(r ) = {42}. Then
(1) M |= r ∨ <P> r ∨ <F> r
(2) M |= <F> <P> r
(3) M 6|= <P> <F> r because M 6|=0 <P> <F> r since M 6|=0 <P> ϕ for any formula ϕ,
because 0 has no states in its past
(4) F 6|= <P> <F> > for the same reason
(5) F |= <F> <P> >
(6) F |= [P] ⊥ ∨ <P> [P] ⊥ because there is a state that has no states in its past and which
is in the past of every state
(7) F |= ϕ ∧ [P] ϕ → <F> [P] ϕ (see below!)
(8) |= <F> [P] ϕ → ϕ
(9) |= <P> [F] ϕ → ϕ
6.12. Proposition. Let F = hW, <i be a time-frame such that with < is total (that is, for every s,
t ∈ W, at least one (and hence, by transitivity and irreflexivity, exactly one) of s < t, s = t, t < s
holds). Then every s ∈ W has an immediate successor (that is, a t ∈ W with s < t such that there
is no w ∈ W with s < w < t) iff
F |= ϕ ∧ [P] ϕ → <F> [P] ϕ
Proof. (⇒) Suppose that hF , vi |=s ϕ ∧ [P] ϕ for some evaluation v and state s; we need to
show that hF , vi |=s <F> [P] ϕ. Because of our assumption, ϕ holds everywhere up to and
including s. So if t is an immediate successor of s, then hF , vi |=t [P] ϕ.
(⇐) If s doesn’t have an immediate successor, then let v( p) = {t : t < s or t = s}. Then
hF , vi |=s p ∧ [P] p but hF , vi 6|=s <F> [P] p, because hF , vi 6|=t [P] p for every t > s, since for
every such t there is a w with s < w < t, and hence hF , vi 6|=w p.
Besides [F], [P] and their duals, it’s customary to introduce the binary connectives S
(“since”) and U (“until”). Our extended set of formulas is the usual temporal ones but
now if ϕ and ψ are formulas, then so are ϕ U ψ (“ϕ until ψ”) and ϕ S ψ (“ϕ since ψ”), with
the following truth definition:
6.13. Definition. If F = hW, <i is a time-frame, M is the model hF , vi, and s ∈ W, then
M |=s ϕ U ψ ⇐⇒ there is a t with s < t such that M |=t ψ and M |=w ϕ for all w ∈ (s, t)
and
M |=s ϕ S ψ ⇐⇒ there is a t with t < s such that M |=t ψ and M |=w ϕ for all w ∈ (t, s).
This is the irreflexive version of since and until, which is appropriate for some situations,
for example: “This variable will have no value until it is assigned one” or “I’ll be hungry
until I eat something” (“I am hungry U I eat something”) and “I was afraid of wolves since
I saw one in the kitchen”. But using them it’s easy to express the reflexive version: “I’ve
been afraid of wolves since I saw one in the kitchen” is equivalent to “I was afraid of wolves
since I saw one in the kitchen and I’m still afraid.”, that is, “(I’m afraid of wolves S I see a
wolf in the kitchen) ∧ I’m afraid of wolves”.
34
6.14. Examples. Let F be the time-frame hN, <i, where < is the usual ordering of the natural numbers, and let M = hF , vi, where v( p) = {n ∈ N : 5 ≤ n ≤ 8}, v(q) = {2n : n ∈ N}
and v(r ) = {9, 11}. Then
q
q
p
3
4
5
q
1
0
2
r
q
r
p,q
p
p,q
11
10
9
8
7
6
...
(1) M |=4 ( p U r ) ∧ [F] <F> q: the first conjunct is true at state 4 because there is a state
> 4, namely 9, where r holds and such that p holds in all states strictly between 4
and 9; the second conjunct is true at state 4, and in fact true aat every state, because
for every state t later then any state s there is an even state later than t.
(2) M 6|=2 [F] <F> q → ( p U r ) because, as we have seen, [F] <F> q is true at every state,
but ( p U r ) is not true at state 2 because 9 is the only state where r is true but p doesn’t
hold at 3 ∈ (2, 9).
(3) M |=10 r S p because there is an earlier state 8 where p holds and such that r holds
in every state ∈ (8, 10) = {9}.
(4) M |=10 r S q for the same reason
(5) M 6|=10 r S ( p ∧ ¬q) because state 7 is the latest before 10 where p ∧ ¬q holds, but r
doesn’t hold in 8 ∈ (7, 10).
6.15. Proposition.
(1) |= ϕ U ψ → <F> ψ
(2) |= > U ψ ↔ <F> ψ
(3) |= > S ψ ↔ <P> ψ
(4) M |=s ⊥ U ψ iff s has an immediate successor where ψ is true; in particular, M |=s ⊥ U >
iff s has an immediate successor.
(5) M |=s ⊥ S ψ iff s has an immediate predecessor where ψ is true; in particular, M |=s
⊥ S > iff s has an immediate predecessor.
Proof. (1) If ϕ U ψ is true in a state s of a model, then there is a state t > s where ψ is true by
the truth definition of U .
(2) The → direction holds by the previous item. And if M |=s <F> ψ for some state s in a
model M, then there is a state t > s where ψ is true, and of course > is true in all states
between s and t.
(3) This is the “mirror image” of the previous one, and can be proved just like that (reversing
the ordering).
(4) If t is an immediate successor of s and ψ is is true in t then ⊥ is true at all states in
(s, t) = ∅. Conversely, M |=s ⊥ U ψ implies that there is a state t where ψ is true and such
that the interval (s, t) is empty, since ⊥ is false in every state.
(5) This is the mirror image of the previous statement.
35
7. S OLUTIONS
1.1 B lies (so he is a knave) because nobody can assert of himself that he is a knave. For if he
is one, he must lie, that is, say of himself that he is a knight; and if he is knight, he tells the
truth, which is that he is a knight. (We know nothing about A.)
1.2 B can not be a knight, because he would then have to be a knave; so he is a knave, which
means that “both B and A are knaves” is a lie. But then at least one of them cannot be a
knave; and B is one, so A must be a knight.
1.3 B cannot be a knave, because then what he said were true. So he’s a knight, and consequently A is a knave.
2.18 { p, ¬ p}
2.19 { p ∨ q, ¬ p, ¬q}
2.20 { p1 ∨ · · · ∨ pn−1 , ¬ p1 , . . . , ¬ pn−1 }
2.21 Yes, for example, it’s true in a model in which the variables with odd indices are true,
and the variables with even indices are false (or the other way round).
2.22
(1) No, for example ϕ = p, ψ = ¬ p. But the converse is true.
(2) Yes.
(3) No, for example ϕ = p, ψ = ⊥.
(4) Yes.
2.23 No. A model M for which M( p) = 0 and M(q) = 1 (it doesn’t rain, I take my
umbrella) is a model of the premises but not of the conclusion.
A B ¬ A ¬ B ¬ A ∨ ¬ B B ↔ (¬ A ∨ ¬ B)
0 0
1
1
1
0
That is, B is a knight and A is a knave.
2.24 0 1
1
0
1
1
1 0
0
1
1
0
1 1
0
0
0
0
3.15 For every ϕ ∈ Form{ p,q } , { p, q } |= ϕ iff M models ϕ, where M( p) = 1 = M(q). From
this the statement follows by 3.11.
5.28 Let Σ = {σn : n ∈ N} where σn says that there are at least n elements. For example, σ3
may be ∃ x ∃y∃z( x 6= y ∧ x 6= z ∧ y 6= z).
36