summary of logic and mathematical inquiry (80-211), spring...

Summary of Logic and Mathematical Inquiry (80-211), Spring 2011

Instructor: Jeremy AvigadT.A.: Dan Auerbach

Course goals

Teach students to read and write mathematical proofsTeach students the syntax and (informal) semantics of first-order logicTeach students to carry out logical calculations and manipulationsTeach students to carry out formal proofs (in natural deduction, and in an interactive proofassistant)Teach students basic mathematical concepts (sets, functions, relations, ...)Teach students about axiomatic foundations

Textbooks and software

Velleman, How to Prove ItTarski's WorldNotes on natural deduction and IsabelleThe Isabelle proof assistantExcerpts from Enderton, Set Theory

Topics covered

Informal mathematical proofPropositional logic and truth table semanticsProving propositional identities and simple set identitiesNatural deduction for propositional logicNatural deduction for first-order logic with equalityMathematical induction and recursion (both informal and formal)Relations: order relations, equivalence relations, equivalence classesFunctions: injections, surjections, bijections, etc.Axiomatic set theoryCardinality and the infiniteThe set-theoretic construction of the real numbers

Contents of this package

SyllabusNotes on natural deduction and IsabelleHomework assignments and solutionsExamsIsabelle scripts (including homework assignments and solutions)Isabelle cheat sheet

Logic and Mathematical Inquiry

Course 80-211

Spring, 2011

Course information

Time: Tuesday and Thursday, 9:00-10:20

Room: Porter Hall A18C

Course announcements, assignments, handouts, and grades will be postedon Blackboard: http://www.cmu.edu/blackboard/

Instructor

Name: Prof. Jeremy Avigad

Office: Baker Hall 161D

Mailbox: Baker Hall 135

e-mail: [email protected]

Office hours: Wednesdays, 9-10am and 4-5pm

Teaching Assistant

Name: Daniel Auerbach

Office: Dohery Hall 4302E

Mailbox: Baker Hall 135

e-mail: [email protected]

Office hours: Tuesday 6-7pm, Wednesday 6-7pm

Texts

Velleman, How to Prove It

Barker-Plummer, Barwise, and Etchemendy, Tarski’s World

We will also make use of the Isabelle theorem prover, which can be foundonline:

http://www.cl.cam.ac.uk/research/hvg/Isabelle/.

Additional notes and readings will be posted on Blackboard.

Requirements

Problem sets (50%): Due every Thursday

Midterm exam (20%): In class, Thursday, March 3

Final exam (30%): During the final exam period

Please read the relevant sections of the text before class so that we candiscuss them during the lecture.

Description

Among the range of human pursuits, mathematics is distinguished by theuse of precise, regimented language and methods of argumentation. In otherwords, there are implicit rules that govern how mathematical assertions aremade, and how they are proved. One of the great achievements of twentiethcentury logic has been to analyze mathematical language and methods ofinference in great detail, and represent them with precise formal calculi.There are a number of benefits to doing so:

• Philosophical: logical analysis serves to clarify and sharpen debatesas to the nature of mathematical objects, assumptions, inference, andtruth.

• Mathematical: the modeling provides useful mathematical informationabout mathematical language and inference, including their limitations

• Computational: it also makes it possible to use computers to helpcarry out and check mathematical reasoning.

This course is an introduction to the language and methods of mathematics,and to the logical study thereof. We will work on your ability to read andwrite clear mathematical proofs; at the same time, we will study the formallogical modeling of language and proof in symbolic terms. In addition, youwill experiment with software that relies on this formal logical modeling.

Background

This course has substantial mathematical content, but it does not assumeany background beyond high school mathematics.

Tentative Outline

1. Mathematical language and reasoning (Velleman 1–2, Tarski’s world)

(a) Propositional logic

(b) Sets

(c) First-order logic

2. Formal and informal proof (Velleman 3 and 6, Isabelle)

(a) Natural deduction for propositional logic

(b) Interactive theorem proving in Isabelle

(c) Natural deduction for first-order logic with equality

(d) The natural numbers and proof by induction

3. Foundations (Velleman 4, 5, and 7, Isabelle)

(a) Relations and functions

(b) Axioms for set theory

(c) Cardinality and Cantor’s theorem

(d) Axiomatic structures

(e) The construction of the real numbers

Grading and lateness policy

Homework is due at the beginning of class on Thursday. It can be turnedin late, until noon on Friday, to Dan Auerbach’s mailbox in Baker Hall 135,with a nominal penalty to your grade (roughly a third to a half of a lettergrade). Note that this is much better than not turning it in at all, whichcounts as a score of 0. For the software component of the course, you willbe asked to turn in portions of your assignment electronically. Unless askedto do so, however, please submit a hardcopy of your solutions.

The total point score on the homework assignments will vary from weekto week. But each homework assignment is ultimately scaled to a score from0 to 5 (4–5 is an A, 3–4 is a B, etc.) and all count equally towards the finalgrade. This is done to ensure fairness. The course is not curved, in thateveryone may earn an A, or everyone may fail.

Things invariably crop up during the semester: illness, travel, and so on.Taking that into account, I will drop your lowest two homework scores. Sinceyou are responsible for all the material on the exams, however, I encourageyou to do all the assignments.

Grades are determined based on clarity as well as correctness. You mayturn in an answer to a question that, arguably, has all the components of acorrect answer; but if the grader has to struggle to understand what you aresaying, or read between the lines, or weed out false or irrelevant information,you are unlikely to receive full credit.

You are allowed to work together on the homework assignments, and,in fact, this is encouraged. The only restriction is that when you write upthe actual solution you turn in you must do so alone, so that the answerreflects your own understanding. Failure to obey these guidelines constitutescheating.

The Isabelle interactive theorem prover

We will experiment with an interactive proof system called Isabelle. This isa cutting-edge research-grade proof tool rather than educational software,used to check mathematical proofs as well as software and systems design;so using it in an introductory course is a bit of a stretch. But it is a powerfuland remarkable system, and worth getting to know.

You have three options for using Isabelle:

• Use it in any of the Linux clusters on campus; see:

http://www.cmu.edu/computing/clusters/software/linux/index.html

• Install it on your computer. The instructions are here:

http://www.cl.cam.ac.uk/research/hvg/isabelle/download.html

The installations are easy on a Mac or Linux system, but, unfortu-nately, not as easy on Windows.

• Run it remotely. For example, if you use Windows, go to http://my.cmu.edu,go to “computing/ download software” and install “X-Win32.” Youcan then use that to log on to your Andrew account at unix.andrew.cmu.eduand run Isabelle from there.

Once you have Isabelle set up, try running it. For example, at a clustermachine type

isabelle emacs Test.thy

When the editor opens up, copy the following file exactly:

theory Test

imports Main

begin

lemma "(2::nat) + 2 = 4"

by auto

Then press the “process buffer” button (the downwards-pointing triangle).If the text background turns light blue, the system is working.

Logic and Mathematical Inquiry

Lecture notes

Jeremy Avigad

Version: Spring 2011

Contents

1 Natural deduction for propositional logic 1

1.1 Natural deduction . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Some propositional validities . . . . . . . . . . . . . . . . . . 5

1.3 Proof by contradiction . . . . . . . . . . . . . . . . . . . . . . 7

1.4 Excercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.5 Proof short cuts . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1.6 Sequent notation . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Propositional logic in Isabelle 11

2.1 Using Isabelle . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.2 The propositional rules . . . . . . . . . . . . . . . . . . . . . . 14

2.3 Additional proof methods . . . . . . . . . . . . . . . . . . . . 17

2.4 Reasoning with sets . . . . . . . . . . . . . . . . . . . . . . . 17

2.5 Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3 Natural deduction for first-order logic 21

3.1 Quantifiers in natural deduction . . . . . . . . . . . . . . . . 21

3.2 Some first-order validities . . . . . . . . . . . . . . . . . . . . 22

3.3 Equality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.4 First-order theories . . . . . . . . . . . . . . . . . . . . . . . . 24

3.5 Completeness for first-order logic . . . . . . . . . . . . . . . . 24

4 First-order logic in Isabelle 27

4.1 Quantifiers in Isabelle . . . . . . . . . . . . . . . . . . . . . . 27

4.2 Equality in Isabelle . . . . . . . . . . . . . . . . . . . . . . . . 29

4.3 Using lemmas and the library . . . . . . . . . . . . . . . . . . 30

4.4 Using Isabelle’s automated tools . . . . . . . . . . . . . . . . 31

ii CONTENTS

5 The natural numbers 335.1 Induction and recursion on the natural numbers . . . . . . . . 335.2 The natural numbers in Isabelle . . . . . . . . . . . . . . . . . 35

Chapter 1

Natural deduction forpropositional logic

1.1 Natural deduction

The formulas of propositional logic are obtained by starting with proposi-tional variables p, q, r, . . ., and then using propositional connectives (ϕ∧ψ),(ϕ ∨ ψ), (ϕ → ψ), and (¬ϕ) to build up more complicated formulas. Thesymbols ∧, ∨, →, and ¬ stand for “and,” “or,” “implies,” and “not,” re-spectively. I will also use > for “true,” ⊥ for “false,” and↔ for “if and onlyif.”

Remember that, under truth-table semantics, a propositional formula ϕis said to be valid, or a tautology, if ϕ is true under every assignment. Thisis written |= ϕ. More generally, if Γ is a set of formulas and ϕ is a formula,Γ entails ϕ, written Γ |= ϕ, if ϕ is true under every truth assignment thatmakes every formula in Γ true. In other words, Γ entails ϕ if the inference“from Γ, conclude ϕ” is valid. For example, computing truth tables showsthat the following hold:

• |= p ∧ q → q ∨ r

• {q, p ∧ r} |= q ∧ r

The purpose of a proof system is to provide a system of rules whichis sufficient to verify all valid formulas and entailments. Once we havedescribed our proof system, we will write ` ϕ to indicate the ϕ is provable,and, more generally, write Γ ` ϕ to mean that ϕ is provable from Γ. A goodproof system should have the property that it makes provability coincide

1

2 CHAPTER 1. PROPOSITIONAL LOGIC

with semantic entailment. That is, if there is a proof of ϕ from Γ, then Γshould entail ϕ (this is known as “soundness”). Conversely, if Γ entails ϕ,then it should be possible to prove ϕ from Γ. In fact, the system I am aboutto describe is sound and complete.

We will use a system of natural deduction, due to Gerhard Gentzen. Inthis system, the basic object is a proof of a formula from some hypotheses;the rules of the system enable us to construct complex proofs from simplerones. Rules are associated to each connective, characterizing its properusage. In particular, each logical connective has an associated introductionrule, which tells us what is needed to justify an assertion involving thisconnective; and an elimination rule, which tell what we may legitimatelyinfer from such an assertion.

To start with, you are allowed to make any assumption. This is just theassumption rule:

ϕ

The way to read this is as follows: assuming ϕ, you have proved ϕ.Here are the rules for conjunction:

ϕ ψ∧I

ϕ ∧ ψϕ ∧ ψ ∧E1ϕ

ϕ ∧ ψ ∧E2ψ

The first rule says “in order to prove ϕ ∧ ψ from some assumptions, proveϕ from those assumptions, and prove ψ from those assumptions.” In otherwords, whatever assumptions you have make to prove ϕ and ψ are assump-tions in the resulting proof. The other two rules are elimination rules. Theysay “if you have proved (or assumed) ϕ ∧ ψ, then you can conclude ϕ, andyou can conclude ψ.”

Turning to the rules for implication, the elimination rule is easy:

ϕ→ ψ ϕ→E

ψ

This says, “if you know ϕ→ ψ, and you know ϕ, then you can conclude ψ.”Once again, all the assumptions you made in the proofs of ϕ → ψ and ϕare in force. The introduction rule for implication is more subtle, becausein this rule a hypothesis can be cancelled.

ϕ

...ψ

→Iϕ→ ψ

1.1. NATURAL DEDUCTION 3

This says that in order to prove ϕ→ ψ, it suffices to assume ϕ and concludeψ. The three dots suggest a proof of ψ in which the assumption ϕ can beused any number of times. In concluding ϕ → ψ, this assumption is madeexplicit. In the resulting proof, then, ϕ is no longer an assumption; it hasbeen cancelled.

Reading a natural deduction proof can be difficult because hypothesesare introduced and cancelled at various times. In particular, it is useful toknow at which points in a proof particular hypotheses have been cancelled.This information is conveyed by labelling the hypothesis and the point thatit is cancelled with a letter x, y, z, . . .. For example, the following is a proofof ψ → (ϕ ∧ ψ) from hypothesis ϕ:

ϕx

ψ

ϕ ∧ ψx

ψ → ϕ ∧ ψ

One more instance of →I yields a proof of ϕ→ (ψ → ϕ ∧ ψ):

yϕ

xψ

ϕ ∧ ψx

ψ → ϕ ∧ ψy

ϕ→ (ψ → ϕ ∧ ψ)

Returning to the rules, here are the ones for negation:

ϕ

...⊥ ¬I¬ϕ

¬ϕ ϕ¬E⊥

To understand this, think of ⊥, or “false,” as being a contradiction. So, ifyou have proved ϕ and ¬ϕ, you have derived a contradiction. On the otherhand, to prove ¬ϕ, you should assume ϕ and show that a contradictionfollows.

It is also the case that anything follows from a contradiction:

⊥ϕ

This has the fancy Latin name, “ex falso sequitur quodlibet,” which means“anything you want follows from falsity.” Conversely, you can always assert> as an axiom.

Here are the rules for disjunction:


ϕ ∨I1ϕ ∨ ψ

ψ ∨I2ϕ ∨ ψ ϕ ∨ ψ

ϕ

...θ

ψ

...θ∨E

θ

The introduction rule is straightforward: to prove ϕ ∨ ψ, prove either one.The elimination rule is more confusing, but it is supposed to model thenatural process of proving θ from ϕ ∨ ψ by branching on cases: “Supposeϕ ∨ ψ. Case 1: ϕ holds. . . . and θ follows. Case 2: ψ holds. . . . and θfollows. Either way, we have θ.” Notice that in the resulting inference, thehypotheses ϕ and ψ are cancelled.

Finally, these are the rules for ↔:

ϕ

...ψ

ψ

...ϕ↔ I

ϕ↔ ψ

ϕ↔ ψ ϕ ↔ E1ψ

ϕ↔ ψ ψ ↔ E2ϕ

You should check that if we defined ϕ↔ ψ to be (ϕ→ ψ) ∧ (ψ → ϕ), theserules could be justified in terms of the rules for ∧ and →.

There is one more rule that is needed to ensure that we can derive allthe valid propositional formulas. It is reductio ad absurdum, or proof bycontradiction.

¬ϕ...⊥ϕ

Notice that this is different from the negation introduction rule: rather thanassume ϕ in order to prove ¬ϕ, it works the other way around.

There is some legalistic fine print associated with the implication in-troduction rule (similar considerations apply to disjunction elimination aswell). Properly stated, the rule should be read as follows: “Given ψ, you aremay conclude ϕ → ψ. Furthermore, if ϕ occurs as a hypothesis, you maycancel any instances of this hypothesis.” Note that you do not need thehypothesis ϕ to conclude ϕ→ ψ; if you know ψ outright, you know ϕ→ ψ.For example, this is a legal proof:

xψ

ϕ→ ψx

ψ → (ϕ→ ψ)

1.2. SOME PROPOSITIONAL VALIDITIES 5

1.2 Some propositional validities

Here are some propositional validities:

1. Commutativity of ∧: ϕ ∧ ψ ↔ ψ ∧ ϕ

2. Commutativity of ∨: ϕ ∨ ψ ↔ ψ ∨ ϕ

3. Associativity of ∧: (ϕ ∧ ψ) ∧ θ ↔ ϕ ∧ (ψ ∧ θ)

4. Associativity of ∨: (ϕ ∨ ψ) ∨ θ ↔ ϕ ∨ (ψ ∨ θ)

5. Distributivity of ∧ over ∨: ϕ ∧ (ψ ∨ θ)↔ (ϕ ∧ ψ) ∨ (ϕ ∧ θ)

6. Distributivity of ∨ over ∧: ϕ ∨ (ψ ∧ θ)↔ (ϕ ∨ ψ) ∧ (ϕ ∨ θ)

7. (ϕ→ (ψ → θ))↔ (ϕ ∧ ψ → θ).

8. (ϕ→ ψ)→ ((ψ → θ)→ (ϕ→ θ))

9. ((ϕ ∨ ψ)→ θ)↔ (ϕ→ θ) ∧ (ψ → θ)

10. ¬(ϕ ∨ ψ)↔ ¬ϕ ∧ ¬ψ

11. ¬(ϕ ∧ ψ)↔ ¬ϕ ∨ ¬ψ

12. ¬(ϕ ∧ ¬ϕ)

13. ¬(ϕ→ ψ)↔ ϕ ∧ ¬ψ

14. ¬ϕ→ (ϕ→ ψ)

15. (¬ϕ ∨ ψ)↔ (ϕ→ ψ)

16. ϕ ∨ ⊥ ↔ ϕ

17. ϕ ∧ ⊥ ↔ ⊥

18. ϕ ∨ ¬ϕ

19. ¬(ϕ↔ ¬ϕ)

20. (ϕ→ ψ)↔ (¬ψ → ¬ϕ)

21. (ϕ→ θ ∨ η)→ ((ϕ→ θ) ∨ (ϕ→ η))

22. (((ϕ→ ψ)→ ϕ)→ ϕ)


There is a simple heuristic for searching for proofs: work backwards fromthe goal using introduction rules, and work forwards from the hypothesisusing elimination rules, until all the pieces come together. For example,here is a proof of the forward direction of (5):

y

ϕ ∧ (ψ ∨ σ)

ψ ∨ σ

y

ϕ ∧ (ψ ∨ σ)ϕ

xψ

ϕ ∧ ψ(ϕ ∧ ψ) ∨ (ϕ ∧ σ)

y

ϕ ∧ (ψ ∨ σ)ϕ xσ

ϕ ∧ σ(ϕ ∧ ψ) ∨ (ϕ ∧ σ)

x(ϕ ∧ ψ) ∨ (ϕ ∧ σ)

y

(ϕ ∧ (ψ ∨ σ))→ ((ϕ ∧ ψ) ∨ (ϕ ∧ σ))

Here is a proof of the forward direction of (7):

y

ϕ→ (ψ → θ)

xϕ ∧ ψϕ

ψ → θ

xϕ ∧ ψψ

θ xϕ ∧ ψ → θ

y

(ϕ→ (ψ → θ))→ (ϕ ∧ ψ → θ)

Here is a proof of the forward direction of (10):

z¬(ϕ ∨ ψ)

xϕ

ϕ ∨ ψ⊥ x¬ϕ

z¬(ϕ ∨ ψ)

y

ψ

ϕ ∨ ψ⊥ y

¬ψ¬ϕ ∧ ¬ψ

z¬(ϕ ∨ ψ)→ ¬ϕ ∧ ¬ψ

Here is one more example:

zϕ ∨ ψ

xϕy

¬ϕ⊥ψ

xψ

xψ

y

¬ϕ→ ψz

ϕ ∨ ψ → (¬ϕ→ ψ)

1.3. PROOF BY CONTRADICTION 7

1.3 Proof by contradiction

Sometimes you follow the heuristic described above, and simply get stuck.In that case, there is one more thing to try: proof by contradiction. Thatis, assume the negation of what you are trying to prove, and show that thatyields a contradiction.

For example, here is a proof of the law of the excluded middle:

y

¬(ϕ ∨ ¬ϕ)

xϕϕ ∨ ¬ϕ

⊥ x¬ϕϕ ∨ ¬ϕ

x¬(ϕ ∨ ¬ϕ)

⊥ yϕ ∨ ¬ϕ

Here is a proof of a principle known as “double-negation elimination”:

y¬¬ϕ x¬ϕ

⊥x (RAA)

ϕy

¬¬ϕ→ ϕ

Here is another example:

z¬(ϕ ∧ ¬ψ)

yϕ

x¬ψ

ϕ ∧ ¬ψ⊥

x (RAA)ψ

y

ϕ→ ψz

¬(ϕ ∧ ¬ψ)→ (ϕ→ ψ)

1.4 Excercises

To get used to natural deduction, try finding natural deduction proofs ofany or all of the following.

1. (ϕ→ (ψ → θ))→ (ϕ ∧ ψ → θ).

2. (ϕ ∨ ψ) ∨ θ → ϕ ∨ (ψ ∨ θ)

3. ¬(ϕ→ ψ)→ ¬ψ


4. ¬(ϕ→ ψ)→ ϕ

5. (¬ϕ ∨ ψ)↔ (ϕ→ ψ)

6. (ϕ→ ψ) ∨ (ψ → ϕ)

7. ((ϕ→ ψ)→ ϕ)→ ϕ)

8. ¬(ϕ↔ ¬ϕ).

1.5 Proof short cuts

The proofs in the last section can be confusing and hard to understand.It is also often hard to use negative statements in a hypothesis. In fact, ininformal mathematical argumentation, one often uses a number of additionaltricks to make life easier. All of the things I am about to describe canbe justified on the basis of the rules presented in Section 1.1, but, strictlyspeaking, they are not part of the proof rules. One a homework assignment,if I say “give a natural deduction proof of . . . ,” I mean give a proof using therules in Section 1.1. On the other hand, if I say “you may use the additionalrules and equivalences described in the notes,” you may use the tricks I amabout to describe. Notice that many of the informal proof strategies inVelleman’s book rely on tricks like these. You should try to think aboutVelleman’s strategies in these terms.

One trick is to use the law of the excluded middle: for any formula, onecan prove ϕ ∨ ¬ϕ. So, at any point in a proof, you can reason by cases:first show that your conclusion follows from ϕ, and then show that it followsfrom ¬ϕ.

If you have a hypothesis ϕ→ ψ, it is sometimes useful to use the followingequivalence:

(ϕ→ ψ) ≡ (¬ϕ ∨ ψ).

Once again, this can be proved using the ordinary proof rules, but it isn’teasy! If you just assume the equivalence, however, it means that you can usethe hypothesis ϕ→ ψ be reasoning on cases: if you can show you conclusionfollows from ¬ϕ, and also that it follows from ψ, you are done.

Similarly, if you know ϕ ↔ ψ, you know that ϕ and ψ are either bothtrue of both false. So once again, you can reason by cases, first assumingthey are both true, then assuming they are both false.

1.6. SEQUENT NOTATION 9

Finally, the following equivalences involving negation can be used to pusha negation sign inwards:

¬¬ϕ ≡ ϕ

¬(ϕ ∧ ψ) ≡ ¬ϕ ∨ ¬ψ¬(ϕ ∨ ψ) ≡ ¬ϕ ∧ ¬ψ¬(ϕ→ ψ) ≡ ϕ ∧ ¬ψ¬(ϕ↔ ψ) ≡ (ϕ ∧ ¬ψ) ∨ (ψ ∧ ¬ϕ).

So, for example, if you know ¬(ϕ∧ψ), you can then reason on cases, assuming¬ϕ, and then ¬ψ.

Finally, it is often useful to make use of the fact that an implication isequivalent to its contrapositive:

(ϕ→ ψ) ≡ (¬ψ → ¬ϕ).

So, to prove ϕ → ψ, you can assume ¬ψ and show that ¬ϕ follows. Youshould check that this is as essentially the same as assuming ϕ and ¬ψ andderiving a contradiction, which is another common proof strategy.

The canonical way of proving ϕ ↔ ψ is to show that each proves theother. But it is often quicker to prove a chain of equivalences, say ϕ↔ θ ↔η ↔ π ↔ ψ. In other words, one proves, in turn, that each statement isequivalent to the next, relying implicitly on the transitivity of ↔.

1.6 Sequent notation

It will be helpful to have a description of natural deduction that keepstrack of the open hypotheses at each stage of the proof. To do so, let usexpress that ϕ follows from the hypotheses in Γ by writing Γ⇒ ϕ. Such anexpression is sometimes called a sequent.

If Γ is a set of formulas and ψ is a formula, it is convenient to write Γ, ψfor Γ ∪ {ψ}; and, more generally, it is convenient to leave off curly braceswhen listing the elements of a finite set. With this new mode of presentation,the natural deduction rules are expressed as follows:


AssumptionΓ, ϕ⇒ ϕ

Γ⇒ ϕ Γ⇒ ψ∧I

Γ⇒ ϕ ∧ ψΓ⇒ ϕ0 ∧ ϕ1 ∧EiΓ⇒ ϕi

Γ⇒ ϕi ∨IiΓ⇒ ϕ0 ∨ ϕ1

Γ⇒ ϕ ∨ ψ Γ, ϕ⇒ θ Γ, ψ ⇒ θ∨E

Γ⇒ θ

Γ, ϕ⇒ ψ→I

Γ⇒ ϕ→ ψ

Γ⇒ ϕ→ ψ Γ⇒ ϕ→E

Γ⇒ ψ

Γ,¬ϕ⇒ ⊥RAA

Γ⇒ ϕ

One can show that if it is possible to prove Γ ⇒ ϕ then it is possibleto prove Γ ∪ ∆ ⇒ ϕ for any set ∆. This is known as “weakening” theset of hypotheses. In practice, it is more convenient to fold weakening intothe rules by allowing any subset of Γ in the hypotheses. For example, thefollowing proof tree shows that ϕ→ (ψ → ϕ ∧ ψ) is provable:

ϕ⇒ ϕ ψ ⇒ ψ∧I

ϕ,ψ ⇒ ϕ ∧ ψ→I

ϕ⇒ ψ → ϕ ∧ ψ→I⇒ ϕ→ (ψ → ϕ ∧ ψ)

Chapter 2

Propositional logic in Isabelle

2.1 Using Isabelle

Now let’s start experimenting with Isabelle. If you are sitting at one ofthe machines in the clusters, you should log on to your Andrew account,and start a terminal console within the Xwindows environment. Then typeisabelle emacs to start the system.

First, some generalities. Isabelle is a research-grade proof system, usedby experts to verify computer hardware and software design as well as tocheck complex mathematical proofs. Fortunately, there are a lot of placesyou can turn to for more information. For example, Isabelle’s “documen-tation” web page includes a book-long tutorial introduction. See “courseinformation” under Blackboard for links and references.

Expressions need to be typed into Isabelle following a very precise syntax.Pay close attention to the format of your input, including quotation marks,parentheses, and so on. Use the examples in the example files for guidance.Notice that conjunction, disjunction, implication, and negation are indicateswith the symbols

&, |, ->, ~

respectively. To indicate provability from hypotheses, one uses the sequentarrow ==>, as in

P & Q ==> Q

For multiple hypotheses, you would write something like

[| P & Q; Q --> R; S |] ==> P & S

11

12 CHAPTER 2. PROPOSITIONAL LOGIC IN ISABELLE

Text between “(*” and “*)” are comments, as in:

(* This is a comment.*)

The following sets up a theory in Isabelle:

theory Examples1

imports Main

begin

(* your work goes here *)

end

The first line gives your theory a name (you can pick any name you want, aslong as it does not conflict with a theory name in the library that you use.The second line imports the main library, meaning that you can use any ofthe facts or concepts defined there. (This is a very large library – see theIsabelle documentation pages.) Isabelle “theories” are saved in files withthe extension “.thy” It is a good idea to use the same name as the theory.So, for example, you could save the theory above as “Examples1.thy” Usethe Proof General arrows (below the editor’s menu bar) to process the firstthree lines. Once a line has been processed, the editor shades it blue, and“freezes” it so that you cannot modify it. Pressing the backwards arrow“undoes” the commands, so you can go back to editing them.

Let us work through an intial proof. Start by typing

lemma "P & Q --> Q & P"

and use the arrow to process it. You thereby state your intent to prove thatstatement. Isabelle responds:

proof (prove): step 0

goal (1 subgoal):

1. P & Q --> Q & P

This tells you that you have one goal to fill. Type

apply (rule impI)

to apply the “implication introduction” rule, and the goal becomes:

2.1. USING ISABELLE 13

goal (1 subgoal):

1. P & Q ==> Q & P

If you look carefully, you will notice that the implication arrow became asequent arrow. In other words, now you need to prove Q & P from thehypothesis P & Q. Type

apply (erule conjE)

to use the conjunction elimination rule, and the goal becomes

goal (1 subgoal):

1. [| P; Q |] ==> Q & P

indicating that you have to prove Q&P using the two hypotheses P and Q.Type

apply (rule conjI)

to use the conjunction introduction rule

goal (2 subgoals):

1. [| P; Q |] ==> Q

2. [| P; Q |] ==> P

and now you have two subgoals, namely, proving P and Q, each from hy-potheses P and Q. But this is easy; just type

apply assumption

twice, and Isabelle declares

goal:

No subgoals!

Type the word

done

to finish the proof. Thus your proof should look like this:

lemma "P & Q --> Q & P"

apply (rule impI)

apply (erule conjE)

apply (rule conjI)

apply assumption

apply assumption

done


Isabelle will let you use the symbol + to repeat a command. For example, thelast two lines could be abbreviated apply assumption+, which tells Isabelleto apply the assumption command until it no longer succeeds.

You may notice that Isabelle has funny conventions for dropping paren-theses. For example, in the expression P & Q & R the parentheses associateto the right, so the expression is parsed as (P & (Q & R)). If you are everin doubt, you can always select the option “show brackets” from the Is-abelle/Settings menu, which displays all the parentheses.

Incidentally, the proof command sorry is a way of cheating: you tellthe system to accept the lemma or theorem without proof. On homeworkassignments, we will enter some theorems “sorried out” for you to fill in.

2.2 The propositional rules

We will start using Isabelle with five basic methods, or “tactics,” for buildingproofs.

• apply assumption

• apply (rule ...)

• apply (erule ...)

• apply (frule ...)

• apply (drule ...)

Roughly, use the “rule” tactic to apply an introduction rule to the conclusionof a sequent. For example, suppose your goal is a conjunction:

1. [| R; S; T |] ==> P & Q

Typing the command apply (rule conjI) reduces that to two subgoals,

1. [| R; S; T |] ==> P

2. [| R; S; T |] ==> Q

Try typing the command

thm conjI

to ask Isabelle to show you the contents of the “theorem” conjI. Generallyspeaking, the “rule” tactic matches the conclusion of the theorem to theconclusion of your goal, and asks you to prove the antecedents.

2.2. THE PROPOSITIONAL RULES 15

In the other direction, the “frule” tactic allows you to work forwardsfrom hypotheses. For example, if you type apply (frule conjunct1) withthe goal

1. [| P & Q; R; S |] ==> T

you are left with the goal

1. [| P & Q; R; S; P |] ==> T

In other words, the tactic uses P & Q to add P to the list of hypotheses. Thecommand apply (drule conjunct1) does almost the same thing, exceptthat it throws away the hypothesis after using it, leaving you with

1. [| R; S; P |] ==> T

The “erule” tactic is more confusing, because it matches patterns onboth sides of the conditional. Rather than explain how it works, let mejust point out the general heuristic that logical rules that end with an “E”are intended to be used with this tactic (whereas rules that end with “I”are intended to be used with the rule tactic (in both cases, the “e” standsfor “elimination”. For example, if you type apply (erule conjE) with thegoal

1. [| P & Q; R; S |] ==> T

you are left with the goal

1. [| R; S; P; Q |] ==> T

Here is a list of basic commands you can use to build propositional proofs:

apply assumption

apply (rule conjI)

apply (erule conjE)

apply (frule conjunct1)

apply (frule conjunct2)

apply (rule impI)

apply (erule impE)

apply (rule disjI1)

apply (rule disjI2)

apply (erule disjE)

apply (rule notI)

apply (erule notE)


apply (rule iffI)

apply (erule iffE)

apply (rule classical)

apply (rule ccontr)

In class, I will go over this list, and explain what each one does. I will alsomake sure that the file “Examples1.thy” on Blackboard uses all of these, soyou can see them in action: just use the arrow keys in Proof General to stepthrough the proofs and see how the commands change the current goal.

Here are a few more Isabelle commands you can try. First, typing

thm conjI

displays the “theorem” conjI as it appears in Isabelle’s library. Isabelle hasa number of built in automated reasoners; in particular

apply auto

is strong enough to prove any propositional tautology. This is useful fordebugging a proof; if you have applied some rules and think you have arrivedat an unprovable goal, calling auto will determine whether or not the goalis valid.

Finally, every once in a while issuing a command may not have thedesired effect. For example, if you type apply (frule conjunct1) andthere are two conjunctions on the left side of the sequent arrow, Isabellemay expand the wrong one. Typing

back

tells Isabelle to try again.

2.3 Additional proof methods

You will quickly come to learn that doing proofs by contradiction, or usingnegative hypotheses, is difficult when you are restricted to low-level proofrules. Fortunately, Isabelle knows most common equivalences. For exam-ple, if you type thm de_Morgan_conj, Isabelle will show you one of the deMorgan laws:

(~ (?P & ?Q)) = (~ ?P | ~ ?Q)

Now you can type:

2.4. REASONING WITH SETS 17

• subst de_Morgan_conj to replace the left-hand side by the right-handside in the conclusion of a goal

• subst de_Morgan_conj [symmetric] to replace the right-hand sideby the left-hand side in the conclusion of a goal

• subst (asm) de_Morgan_conj to replace the left-hand side by theright-hand side in one of the hypotheses in a goal

• subst (asm) de_Morgan_conj [symmetric] to replace the right-handside by the left-hand side in one of the in a goal

The command subst is short for “substitute.” We will come back to thisrule when we talk about equality in Isabelle. In the meanwhile, you can usethe variants above with any of the following identities:

de_Morgan_conj

de_Morgan_disj

not_not

not_imp

imp_conv_disj

Use the thm command to see what they are.

2.4 Reasoning with sets

Isabelle also knows about sets. For example:

lemma "A - (B Un C) = (A - B) Int (A - C)"

asserts the identify “A \ (B ∪C) = (A \B)∩ (A \C).” Notice the symbolicnotations for set union, intersection, and set difference.

The command

apply (rule set_ext)

yields the goal:

goal (1 subgoal):

1. !!x. (x : A - (B Un C)) = (x : (A - B) Int (A - C))

Here, the notation x : A, for example, means x ∈ A, and the equalitysymbol is an “iff.” The symbols !!x mean that x is supposed to be arbitrary.In other words, the command allows you to prove two sets are identical by


picking an arbitrary x, and showing that x is an element of one side iff it isan element of the other. (In the latest release of Isabelle, set_ext has beenrenamed set_eqI.)

Use the commands

apply (subst Diff_iff)

apply (subst Int_iff)

apply (subst Un_iff)

to unfold what it means to be an element of a difference, intersection, orunion. For example, if your goal contains x : A Un B, applying the thirdcommand rewrites the expression to x : A | x : B.

2.5 Completeness

Experimentation may serve to convince you that Isabelle’s rules and com-mands are sufficient to prove any tautology. But how can we be sure thatthis is the case? That is exactly what a completeness proof is supposed toestablish.

Here I will briefly sketch a proof that any valid sequent is provable,or, equivalently, that if a sequent is not valid, there is a truth assignmentthat makes the hypotheses true but the conclusion false. First, verify thatIsabelle’s rules are enough to show that any sequent Γ ⇒ ϕ is equivalentto Γ,¬ϕ ⇒ ⊥, and Γ ⇒ ¬ϕ is equivalent to Γ, ϕ ⇒ ⊥. In other words, wecan use Isabelle’s rules to go back and forth between the sequents in eachpair. Since Isabelle can also show that ¬¬ϕ is equivalent to ϕ, we neverhave to deal with more than one negation at the top level. And the previousobservation means that we can always remove a negation by moving it tothe other side of the sequent.

The strategy behind the proof of completeness is to show that we canunwrap all the other connectives until we are reduced to sequents that haveonly propositional variables, negations of propositional variables, ⊥, and>. But then it is easy to see that if such a sequent is not provable by the“assumption” rule, it is not valid.

The following rules let us “unwrap” a connective on the right side of asequent:

Γ⇒ ϕ Γ⇒ ψ

Γ⇒ ϕ ∧ ψ

Γ¬ϕ,¬ψ ⇒ ⊥Γ⇒ ϕ ∨ ψ

2.5. COMPLETENESS 19

Γ, ϕ⇒ ψ

Γ⇒ ϕ→ ψ

In other words, in each case Isabelle’s rules allow us to derive the conclusionfrom the hypotheses, and if the conclusion is not valid, then one of thehypothesis is necessary invalid as well. The following rules to the same forconnectives on the left:

Γ, ϕ, ψ ⇒ θ

Γ, ϕ ∧ ψ ⇒ θ

Γ, ϕ⇒ θ Γ, ψ ⇒ θ

Γ, ϕ ∨ ψ ⇒ θ

Γ,¬ϕ⇒ θ Γ, ψ ⇒ θ

Γ, ϕ→ ψ ⇒ θ

We need only iterate this unwrapping, moving formulas from side to sideof the sequent as necessary, until all the connectives other than negationhave been eliminated. Some of Isabelle’s automated reasoners follow such astrategy.

Chapter 3

Natural deduction forfirst-order logic

3.1 Quantifiers in natural deduction

As a model for mathematical reasoning, propositional logic is too limited.First-order logic does much better in that respect. Remember that onespecifies a first-order language by giving a list of function and relation sym-bols of various arities. These determine a set of terms, that is, syntacticexpressions that name elements in an intended domain interpretation, andformulas, that is, expressions that make assertions about that domain. Also,keep in mind the distinction between free and bound variables. For example,in the formula ∃y (x = 2 ∗ y), y is a bound variable, but x is free. This isevidenced that natural-language expressions make it clear that the formulais about x, but not y, as in “x is twice some number.” You can alwaysrename a bound variable without changing the meaning of a formula, butnever a free one.

I will use notation ϕ(x) to indicate that ϕ is a formula in which x is free(or, at least, might be free). Then, if t is any term, ϕ(t) denotes the result ofreplacing x by t. For exmaple, if ϕ(x) is the formula in the last paragraph,then ϕ(z + 1) is ∃y (z + 1 = 2 ∗ y), and ϕ(17) is ∃y (17 = 2 ∗ y).

To extend our systems of natural deduction to first-order logic, add thefollowing rules:

ϕ(y)∀I∀x ϕ(x)

∀x ϕ(x)∀E

ϕ(t)

where in the introduction rule, we require that y is not free in any openhypothesis. Similarly, we have the rules for the existential quantifier:

21

22 CHAPTER 3. FIRST-ORDER LOGIC

ϕ(t)∃I∃x ϕ(x) ∃x ϕ(x)

ϕ(y)

...ψ∃E

ψ

where again, in the elimination rule, we assume that y is not free in ψ orany hypothesis other than ϕ(y). The elimination rule exhibits a pattern ofreasoning that is similar to that of disjunction elimination: to show thatψ holds on assumption ∃x ϕ(x), let y be an “arbitrary” object satisfyingϕ(y), and show that ψ follows. Note that the universal introduction andexistential elimination rules allow you to rename the quantified variable.

In sequent form, the natural deduction rules are expressed as follows:

Γ⇒ ϕ(y)∀I

Γ⇒ ∀x ϕ(x)

Γ⇒ ∀x ϕ(x)∀E

Γ⇒ ϕ(t)

Γ⇒ ϕ(t)∃I

Γ⇒ ∃x ϕ(x)

Γ⇒ ∃x ϕ(x) Γ, ϕ(y)⇒ ψ∃E

Γ⇒ ψ

with the same restrictions above.

3.2 Some first-order validities

Once again, let’s consider some valid formulas, and examples of proofs.

1. ∀x ϕ↔ ϕ if x is not free in ϕ

2. ∃x ϕ↔ ϕ if x is not free in ϕ

3. ∀x (ϕ ∧ ψ)↔ ∀x ϕ ∧ ∀x ψ

4. ∃x (ϕ ∧ ψ)↔ ∃x ϕ ∧ ψ if x is not free in ψ

5. ∃x (ϕ ∨ ψ)↔ ∃x ϕ ∨ ∃x ψ

6. ∀x (ϕ ∨ ψ)↔ ∀x ϕ ∨ ψ if x is not free in ψ

7. ∀x (ϕ→ ψ)↔ (∃x ϕ→ ψ) if x is not free in ψ

8. ∃x (ϕ→ ψ)↔ (∀x ϕ→ ψ) if x is not free in ψ

9. ∀x (ϕ→ ψ)↔ (ϕ→ ∀x ψ) if x is not free in ϕ

3.3. EQUALITY 23

10. ∃x (ϕ→ ψ)↔ (ϕ→ ∃x ψ) if x is not free in ψ

11. ∃x ϕ↔ ¬∀x ¬ϕ

12. ∀x ϕ↔ ¬∃x ¬ϕ

13. ¬∃x ϕ↔ ∀x ¬ϕ

14. ¬∀x ϕ↔ ∃x ¬ϕ

For example, assuming x is not free in ψ, here is a proof of the forwarddirection of (4):

y

∃x (ϕ ∧ ψ)

xϕ ∧ ψϕ

∃x ϕ

xϕ ∧ ψψ

∃x ϕ ∧ ψx

∃x ϕ ∧ ψy

∃x (ϕ ∧ ψ)→ ∃x ϕ ∧ ψHere is proof of the converse direction:

y

∃x ϕ ∧ ψ∃x ϕ

xϕ

y

∃x ϕ ∧ ψψ

ϕ ∧ ψ∃x (ϕ ∧ ψ)

x∃x (ϕ ∧ ψ)

y

∃x ϕ ∧ ψ → ∃x (ϕ ∧ ψ)

3.3 Equality

The nature of the equality relation has traditionally posed a host of philo-sophical and logical puzzles, but at least in the context of first-order logic,the appropriate treatment is straightforward. First, we need to express thatequality is an equivalence relation, namely, it is reflexive, symmetric, andtransitive; and, second, we need to express the fact that one can substituteequal terms in any term or expression.

t = ts = tt = s

r = s s = tr = t

s̄ = t̄r(s̄) = r(t̄)

s̄ = t̄ ϕ(s̄)

ϕ(t̄)


3.4 First-order theories

There are two ways first-order logic can be used:

• To reason about a particular structure, like the natural numbers, thereal numbers, the universe of sets, etc.

• To reason about a class of structures, like groups, rings, linear orders,and so on.

Note that there is no theoretical difference between the two: in either case,one writes down some axioms and reasons about their consequences. Even-tually, in class, we will discuss first-order axioms for the following:

• Orderings (partial orders, linear orders, and so on).

• Algebraic structures, like groups, rings, and fields.

• The natural numbers.

• The real numbers.

3.5 Completeness for first-order logic

Recall that when it came to propositional logic, we had a notion of whatit means for a formula to be true under a particular truth assignment toits variables; we were then able to say that a formula is valid if and only ifit is true under all truth assignments. When it comes to first-order logic,instead of truth assignments, we speak of models. A first-order sentence isthen said to be valid if it is true in all models. The notion of entailmentlifts to first-order logic in a similar way. Just as for propositional logic, onecan show that Isabelle’s first-order rules are complete.

In contrast to first-order logic, however, there is no algorithm that willdecide whether or not a given sentence is valid. There is a “semi-decisionprocedure”: given a sentence, one can search systematically for a proofin a first-order deductive calculus. If the sentence is valid, the search willterminate; but there is no general method for detecting when one should giveup, in situations when the sentence turns out to be invalid. This means, inparticular, that Isabelle’s automated tools can sometimes fall into infinitesearches, in which case, you need to terminate them by hand.

Chapter 4

First-order logic in Isabelle

4.1 Quantifiers in Isabelle

In addition to propositional logic, Isabelle can handle first-order logic (andmuch, much more — but more on that later). But Isabelle has a very precisesyntax that may take getting used to. To say that “property P holds of x,”you write P x, and do say “relation R holds of x and y,” you write R x y

without parentheses, both without parentheses. So where, in class, we wrote

∀x (ϕ(x) ∧ ψ(x))→ ∀x ϕ(x) ∧ ∀x ψ(x),

in Isabelle you would write

(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)

and where we wrote∀x ∃y R(x, y)

in Isabelle you would write

ALL x. EX y. R x y

Isabelle is smart enough to figure out that P and Q are predicates, R is abinary relation, and x and y range over some (unspecified) domains. Notethe following differences, though:

• In Isabelle, if an expression depends on a variable, you have to makeit explicit. For example, in class we often wrote ∀x ϕ where ϕ is aformula that might have variables other than x free. In the expressionsabove, however, the only variable free in P x is x (and P, but that’sanother story).

25


• Isabelle uses a period to separate the quantifier from the expression.

• In Isabelle, quantifiers are given the widest scope possible, that is,they are assumed to extend to the end of the formula, unless theyare blocked by a parenthesis. In our informal notation, we assumedjust the opposite. So pay close attention to the placement of theparentheses in the example above.

• Isabelle uses the same parentheses-free notation for function applica-tion; for example, you would write f x in Isabelle, where we wouldwrite f(x).

• You can combine quantifiers and write, for example, ALL x y z. R

x y z instead of ALL x. ALL y. ALL z. R x y z.

There are four rules you should know regarding the quantifiers:

apply (rule allI)

apply (frule spec) (* or drule *)

apply (rule exI)

apply (erule exE)

For the most part, these do what you would expect, but some commentsare in order. Use rule allI when you are trying to prove something of theform ∀xϕ(x). Isabelle picks a variable, typically x in this example, and asksyou to prove ϕ(x).

Use frule spec when you have a hypothesis of the form ∀x ϕ(x), andyou want to use it. In that case, you are allowed to plug in any term youwant. In that case, Isabelle plugs in a placeholder (which can appear assomething cryptic, like ?x7), and then will try to figure out the right termlater. If you want to tell Isabelle explicitly what term you want, type, instead

apply (frule_tac x = "t" in spec)

where t is the term you want. Notice that the term appears in quotationmarks (but if it is a variable, let x or y, you can leave them off), frule

has become frule_tac, and it is always x on the left side of the equalitysign (which refers to the variable in the rule spec). (You can also use thecommand apply (erule allE), which has the same effect as drule spec.)

Similarly, use rule exI to prove something of the form ∃x ϕ(x). If youwant to specify the particular term, use

apply (rule_tac x = "t" in exI)

4.2. EQUALITY IN ISABELLE 27

instead. The command erule exE executes the elimination rule for theexistential quantifier.

Remember that sometimes Isabelle will do the wrong thing where thereis an ambiguity; for example, frule spec might apply to the wrong formulaif there are two universally quantified formulas in the hypotheses. In thatcase, you can repeatedly write back to make Isabelle consider the otherpossibilities.

In Isabelle, actually, variables can range over different domains, or “types.”If you do not specify types, Isabelle implicitly leaves them generic. But some-times you want to specify that a variable ranges over the natural numbers,say. You can do that by writing, for example,

ALL (x::nat) y. x + y = y + x

In this case, Isabelle infers that y is supposed to be a natural number, too.

4.2 Equality in Isabelle

Suppose you have an equation s = t as a hypothesis, and t occurs in theconclusion. Typing

apply (erule subst)

replaces t by s. If, instead, you have s in the conclusion, and want to replaceit by t, type

apply (erule ssubst)

But Isabelle has a much more versatile equality “rewriting” command,subst. The example, the theorem add_commute says x + y = y + x, andholds for many important classes of types, including the natural numbers.If you have the expression x+ 5 in the conclusion of a sequent, typing

apply (subst add_commute)

changes it to 5 + x. Typing

apply (subst add_commute [symmetric])

orients the equation in the other direction, though for add_commute thisdoesn’t change it. Typing

apply (subst (asm) add_commute)


applies the equation in a hypothesis. You can even specify which instancesto apply the substitution to. For example, if there are three plusses in thegoal, typing

apply (subst (1 3) add_commute)

applies substitution to the first and the third. (Sometimes you have toexperiment to figure out what order Isabelle uses for its counting.)

4.3 Using lemmas and the library

At this stage, you know enough about Isabelle that you can benefit fromlooking at the documentation

http://www.cl.cam.ac.uk/research/hvg/isabelle/documentation.html

on the Isabelle web pages. In particular, the tutorial is very helpful.One reason the system is so powerful is that any theorem you prove can

become part of your own personal “library” that can be used to prove othertheorems. For example, suppose you prove a theorem such as

lemma my_theorem: "P --> P & P"

If you add the phrase [rule_format], as in

lemma my_theorem [rule_format]: "P --> P & P"

the system records it as a sequent implication, P ==> P & P. Henceforth itbecomes a rule you can use: for example, typing

apply (rule my_theorem)

at a goal of the form Q & Q reduces the goal to Q. Similarly for identities:any equation you prove can be used with subst, to your heart’s desire.

The question then becomes this: how do you find useful theorems andidentities? One answer is to browse the documenation on the web. You canfind the libraries here:

http://www.cl.cam.ac.uk/research/hvg/isabelle/dist/library/HOL/index.html

You can also get to this page from the Isabelle documentation page, bychoosing “Higher-order logic” under “Theory libraries.” Also, Isabelle hasa flexible “find theorems” command, discussed on page 34 of the tutorial.You call it by choosing “Find theorems” under the “Proof general” menu.

4.4. USING ISABELLE’S AUTOMATED TOOLS 29

4.4 Using Isabelle’s automated tools

After a while, it becomes tedious to fill in every little step of a proof inIsabelle. One thing that makes Isabelle especially powerful is that there area number of automated reasoning methods that are built in to the system.For example, a method called auto is a workhorse. You can check that thecommand

apply auto

solves all of the homework problems and examples you have seen so far!There are other algorithms that work better in different situations. Forexample, apply blast sometimes work where apply auto fails.

Isabelle also have a very good “simplifier” which uses identities to tryto rewrite terms and expressions into a simpler form. You an invoke it bytyping

apply simp

You can also give the simplifier extra lists of rules to use when simplifyingexpressions. For example, typing

apply (simp add: algebra_simps)

adds some standard algebraic simplifications that are often useful. Typing

apply (simp only: algebra_simps)

tells the simplifier to use only these rules. You can also tell auto to useadditional simplification rules by typing

apply (auto simp add: algebra_simps)

and so on.There is also a built in arithmetic reasoner,

apply arith

that does well on problems involving equalities and inequalities on naturalnumbers, integers, and real numbers.

All of these are tools discussed at length in the Isabelle tutorial, at theend of Chapter 5, and also at the beginning of Chapter 3. In addition, thereare various other tricks that are often helpful. For example, sometimes youfind yourself in a situtation where you want to break up a proof into twosteps. Typing


apply (subgoal_tac "...")

amounts to temporary asserting the formula “. . . .” You are left with twosubgoals: first, you are asked to prove your original goal, using the formulayou have added; then you are asked to prove the formula you have added.

Chapter 5

The natural numbers

5.1 Induction and recursion on the natural num-bers

Let N be the set of natural numbers, with least element 0, and let succ(x) =x+ 1 be the successor function. The structure, (N, 0, succ) is characterizeduniquely, up to isomorphism, by the following clauses:

• 0 6= succ(x) for any x in N.

• For every x and y in N, if x 6= y, then succ(x) 6= succ(y). In otherwords, s is injective.

• If A is any subset of N with the property that 0 is in A and wheneverx is in A then succ(x) is in A, then A = N.

The last clause can be reformulated as the principle of induction:

Suppose P (x) is any property of natural numbers, such that Pholds of 0, and for every x, P (x) implies P (s(x)). Then every Pholds of every natural number.

This principle can be used to justify definitions by primitive recursion:

Let X be any set, a be any element of X, and let g(n, x) beany function from N×X to X. Then there is a unique functionf : N→ X satisfying the following two clauses:

• f(0) = a

• f(succ(n)) = g(n, f(n)) for every n in N .

31

32 CHAPTER 5. THE NATURAL NUMBERS

For example, one can define addition with the following two clauses:

x+ 0 = x

x+ succ(y) = succ(x+ y)

Having done so, one can define multiplication using the following two clauses:

x · 0 = 0

x · succ(y) = x · y + x

If we write 1 = succ(0), 2 = succ(1), and so on, it is easy to prove x+ 1 =succ(x) from the definition of addition. One can also define a predecessorfunction by

p(0) = 0

p(succ(x)) = x,

and “truncated subtraction” by

x .− 0 = 0

x .− (succ(y)) = p(x .− y).

With these definitions and the induction principle, and can prove all thefollowing identities:

1. x 6= 0→ succ(p(x)) = x

2. 0 + x = x

3. succ(x) + y = succ(x+ y), where 1 is defined to be succ(0)

4. (x+ y) + z = x+ (y + z)

5. x+ y = y + x

6. x(y + z) = xy + xz

7. 0 · x = 0

8. 1 · x = x

9. (xy)z = x(yz)

10. xy = yx

5.2. THE NATURAL NUMBERS IN ISABELLE 33

I did the first five of these in class; you will be asked to do some of the othersfor homework.

One can proceed to define <, exponentiation, factorial, and so on, andshow they they have the desired properties. One can then define divisibility,greatest common divisor, primality, and more. The remarkable thing isthat everything traces back to the principle of induction and definition byrecursion. As we have seen, it is useful to justify a more flexible form ofinduction:

Let P be any property of natural numbers. To show that Pholds of every x, it suffices to show that for every x, if P holdsof every number smaller than x, then P holds of x as well.

It is also useful to have a more flexible form of recursion:

Let X be any set. Then one can define a function f from Nto any set X by specifying f(n) in terms of the value of f atarguments less than n.

5.2 The natural numbers in Isabelle

The natural numbers are defined in Isabelle. The symbol 0 denotes zeroand the expression Suc denotes the successor function. Keep in mind thatIsabelle’s notation for functions and function application is different fromwhat is mathematically common. For example, rather than write f(x), inIsabelle one writes f x, without parentheses. So Suc 0 denotes the number1, and Suc (Suc 0) denotes the number 2, and so on.

In Isabelle, one can do proofs by induction. Given a goal of the involvingx, the command

apply (induct x)

allows you to do induction on x. After entering this command, you are leftwith two goals, one corrresponding to the base case, and one correspondingto the induction step.

In the Isabelle libraries, you can find definitions of addition and mul-tiplication and much, much more. All their properties are proved usingvariations on the principle of induction. To illustrate, we will define addi-tion and multiplication from scratch, using their recursive definitions, andderive some of their properties.

80-211 Logic and Mathematical Inquiry Spring 2011

Homework #1Due Thursday, January 13

1. Get the books and software required for this course, and log on to thecourse site on Blackboard.

2. Read the preface and introduction to Velleman.

3. Get Tarski’s World running and start playing with it. Do exercise 1.1,which has you submit a test file. Enter “Dan Auerbach” for the instruc-tor, and “[email protected]” as the e-mail address.

Notice that you do not need to turn anything in this week, other than theonline test.



Note: you only need to turn in solutions to problems that are starred. Theother problems are good practice (and fair game) for exams.

1. Read Chapter 1 of Velleman.

2.? Do exercise 2.5 on page 12 of Tarski’s World, and submit it to the GradeGrinder.


4. Do as much of exercises 2.7 and 2.8 of Tarki’s World as you can.

5. Do as many of the exercises to Section 1.1 of Velleman as you can.

6.? Do exercises 7 (a) and (b) on page 14 of Velleman, by writing out atruth table and determining whether the conclusion of the argument istrue whenever the premises are true (as in example 1.2.3 in the text).Indicate clearly what propositional variables you are using and whatthey represent. For part (a), since one of the premises is that Jane willwin the math prize, you can leave out all the lines of the truth tablewhere that premise is false. For part (b), notice that you only need touse one propositional variable to determine whether the main course isfish or beef; and similarly for the vegetable.

7. Do as many of the exercises to Section 1.2 of Velleman as you can.

8.? Do exercise 6 on page 24.




Solutions to Homework #2

6. For 7(a), let JM stand for “Jane will win the math prize,” PM mean“Pete will win the math prize,” and let JC and PC be the correspondingstatements for the chemistry prize. The premises are ¬(JM ∧ PM),PM ∨PC, and JM , and the conclusion is PC. The truth table, leavingout the lines where JM is false, is as follows:

JM PM JC PC JM ∧ PM ¬(JM ∧ PM) PM ∨ PC

T T T T T F T

T T T F T F T

T T F T T F T

T T F F T F T

T F T T F T T

T F T F F T F

T F F T F T T

T F F F F T F

All three premises are true on the fifth and seventh line, and on thoselines the conclusion is true as well. So, the inference is valid.

For 7(b), let MB say that the main course will be beef (so ¬MB saysthat the main course will be fish), and let V P say that the vegetablewill be peas. The first premise is MB ∨ ¬MB, which is always true, soI will leave it out. Similarly for the second premise. The third premiseis ¬(¬MB ∧ ¬V P ). The conclusion is ¬(MB ∧ V P ). Here is the truthtable:

MB V P ¬MB ¬V P ¬MP ∧ ¬V P ¬(¬MB ∧ ¬V P ) MB ∧ V P ¬(MB ∧ V P )

T T F F F T T F

T F F T F T F T

F T T F F T F T

F F T T T F F T

The third premise is true on the first three lines, but on the first line theconclusion is false. So the argument is not valid.

8. a. Here is a truth table for nand :P Q P |QT T F

T F T

F T T

F F T

b. P |Q ≡ ¬(P ∧Q)

c. ¬P ≡ P |P , P∧Q ≡ ¬(P |Q) ≡ (P |Q)|(P |Q), and P∨Q ≡ (P |P )|(Q|Q).

9. a.

¬(¬P ∨Q) ∨ (P ∧ ¬R) ≡ (¬¬P ∧ ¬Q) ∨ (P ∧ ¬R)

≡ (P ∧ ¬Q) ∨ (P ∧ ¬R)

≡ P ∧ (¬Q ∨ ¬R)

≡ P ∧ ¬(Q ∧R)

(Either of the last two lines is fine.)

b.

¬(¬P ∧Q) ∨ (P ∧ ¬R) ≡ (¬¬P ∨ ¬Q) ∨ (P ∧ ¬R)

≡ P ∨ ¬Q ∨ (P ∧ ¬R)

≡ ¬Q ∨ (P ∨ (P ∧ ¬R))

≡ ¬Q ∨ P

The last step uses the absorption law on page 21.

c.

(P ∧R) ∨ (¬R ∧ (P ∨Q)) ≡ (P ∧R) ∨ (¬R ∧ P ) ∨ (¬R ∧Q)

≡ ((P ∧R) ∨ (P ∧ ¬R)) ∨ (¬R ∧Q)

≡ (P ∧ (R ∨ ¬R)) ∨ (¬R ∧Q)

≡ (P ∧ T ) ∨ (¬R ∧Q)

≡ P ∨ (¬R ∧Q)

10. Assume you know the first DeMorgan law, ¬(P ∧Q) ≡ ¬P ∨¬Q. Then

¬P ∧ ¬Q ≡ ¬¬(¬P ∧ ¬Q) ≡ ¬(¬¬P ∨ ¬¬Q) ≡ ¬(P ∨Q),

which is just the other DeMorgan law turned around.



1. Read Chapter 2 of Velleman, and start reading Chapter 3.

2.? Do exercise 2.10 on page 14 of Tarski’s World, and submit it to theGrade Grinder.

3.? Do exercise 2.15 on pages 17–18 of Tarski’s World, and submit it to theGrade Grinder.

4. Do as much of exercises 2.11–2.14 and 2.16–2.17 of Tarki’s World as youcan.

5. Do as many of the exercises to Section 1.3, 1.4, and 1.5 of Velleman asyou can.

6.? Do exercise 4 on page 33. In other words, describe the sets using the“set-builder” notation we discussed in class.



9.? Write ordinary mathematical proofs of the identities in the previous twoexercises, as best you can.


11.? Make sure you are able to run Isabelle, for example, by following theinstructions on the course information sheet and handout, “RunningIsabelle in the clusters,” that appear under “Course information” onBlackboard. If you are successful at typing and checking the examplethere, simply write “Ran Isabelle” on your homework assignment. If youhave any problems, please let me and Dan know, either after class, inoffice hours, or by e-mail.



6. Velleman, exercise 4 on page 33.

a. {x ∈ N | x > 0 and x is a perfect square}, or {x ∈ N | x = y2 for some y > 0}b. {x ∈ N | x = 2y for some y}c. {x ∈ N | 10 ≤ x < 20}

7. Velleman, exercise 6 on page 42. (Draw Venn diagrams.)


a.

x ∈ (A ∪B) \ C ≡ (x ∈ A ∪B) ∧ (x 6∈ C)

≡ (x ∈ A ∨ x ∈ B) ∧ (x 6∈ C)

≡ (x ∈ A ∧ x 6∈ C) ∨ (x ∈ B ∧ x 6∈ C)

≡ (x ∈ A \ C) ∨ (x ∈ B \ C)

≡ x ∈ (A \ C) ∪ (B \ C)

b.

x ∈ A ∪ (B \ C) ≡ x ∈ A ∨ (x ∈ B \ C)

≡ x ∈ A ∨ (x ∈ B ∧ x 6∈ C)

≡ (x ∈ A ∨ x ∈ B) ∧ (x ∈ A ∨ x 6∈ C)

≡ (x ∈ A ∪B) ∧ ¬(x 6∈ A ∧ x ∈ C)

≡ (x ∈ A ∪B) ∧ (x 6∈ C \A)

≡ x ∈ (A ∪B) \ (C \A)

9. a. Suppose x is in (A ∪B) \ C. Then x is in A ∪B, but x is not in C.So x is in A, or x is in B. If x is in A, then x is in A \C, and hence(A \C) ∪ (B \C), as required. On the other hand, if x is in B, thenx is in B \C, and hence (A \C)∪ (B \C), as required. So, in eithercase, we have the desired conclusion.

For the reverse inclusion, suppose x is in (A \ C) ∪ (B \ C). Theneither x is in A \ C, or x is in B \ C. Consider both cases. If x is inA \C, then x is in A but not in C. But then x is in A∪B, and so in(A ∪B) \ C. On the other hand, if x is in B \ C, then x is in B butnot C, and so x is in (A ∪B) \ C in that case too.

b. Suppose x is in A ∪ (B \ C). Then either x is in A, or x is in B butnot C. Consider both cases. If x is in A, then x is in A∪B, but x isnot in C \ A. So x is in (A ∪ B) \ (C \ A), as desired. On the otherhand, if x is in B but not C, then again x is in A∪B but not C \A,which implies that x is in (A ∪B) \ (C \A), as desired.For the reverse inclusion, suppose x is in (A ∪B) \ (C \A). Then xis in A ∪ B, but x is not in C \ A. So x is in A, or x is in B. If xis in A, then x is in A ∪ (B \ C), as required. So suppose we are inthe other case, i.e., x is in B. Since x is not in C \A, we know thateither x is not in C, or x is in A. If x is not in C, then x is in B \C,and so x is in A∪ (B \C), as required. On the other hand, if x is inA, then x is in A ∪ (B \ C), as before. So, either way, we have thedesired conclusion.

10. Velleman, exercise 9, page 42. Let A = {1, 2} and let B = {2}. Then(A ∪B) \B = {1, 2} \ {2} = {1}, which is not equal to A.


Homework #4Due Thursday, February 3

1. Continue reading Chapter 3 of Velleman. Also read the handout onnatural deduction that I will post early next week.


3.? Do exercise 3.9 on pages 27–28 of Tarski’s World, and submit it to theGrade Grinder.

4. Do as as many of the other exercises through exercise 3.13 of Tarki’sWorld as you can.

5. Do as many of the exercises to Section 1.5, 2.1, 2.2, and 2.3 of Vellemanas you can.

6.? Do exercise 2 on page 53, explaining the variables that you use. (Seethe solutions to problem 1 on 332 for an example.)

7.? Do exercise 5 on page 54, both by writing out the truth table and check-ing that the two formulas always have the same truth values, and usingpropositional identities and calculating.

8.? Do exercise 3 on page 63. In other words, write down first-order expres-sions in a language with all the relevant symbols, assuming the variablesrange over real numbers. Don’t forget to indicate the free variables.

9.? Do exercise 2 on page 72. For parts (a) and (b), give both a symbolicexpression and a natural language expression, as in the solution to part1 on page 332.





a. S → P ∧ A, where S is “Mary will sell her house,” P is “Mary canget a good price,” and A is “Mary can find a nice apartment.”

b. M → C ∧D, where M is “one can get a mortgage,” C is “one has agood credit history,” and D is “one has an adequate down payment.”

c. ¬S → K, where S is “someone stops John” and K is “John will killhimself.”

d. F ∨ S → ¬P where F is “x is divisible by 4,” S is “x is divisible by6,” and P is “x is prime.” (The sentence is better represented usingfirst-order logic, and it is o.k. if you that is what you did.)


a. The truth table is straightforward. Here is a calculation:

(P ↔ Q) ≡ (P → Q) ∧ (Q→ P )

≡ (¬P ∨Q) ∧ (¬Q ∨ P )

≡ (¬P ∧ (¬Q ∨ P )) ∨ (Q ∧ (¬Q ∨ P ))

≡ (¬P ∧ ¬Q) ∨ (¬P ∧ P ) ∨ (Q ∧ ¬Q) ∨ (Q ∧ P )

≡ (¬P ∧ ¬Q) ∨ (P ∧Q)

b. Again, the truth table is straightfoward. Here is a calculation:

(P → Q) ∨ (P → R) ≡ (¬P ∨Q) ∨ (¬P ∨R)

≡ ¬P ∨ (Q ∨R)

≡ (P → Q ∨R).


a. ∀z (z > x→ z > y). x and y are free.

b. ∀a (∃x (ax2 + 4x− 2 = 0)↔ (a ≥ −2)). There are no free variables.

c. ∀x (x3 − 3x < 3→ x < 10). There are no free variables.

d. ∃x (x2 + 5x = w) ∧ ∃y (4− y2 = w)→ −10 ≤ w ∧ w ≤ 10. w is free.


a. ∀x (F (x) → R(x)), where F (x) is “x is in the Freshman class” andR(x) is “x has a roommate.” “Everyone in the Freshman class has aroommate.”

b. ∃x ∀y ¬L(x, y) ∨ ∃x ∀y L(x, y), where L(x, y) is “x likes y.” “Eithersomeone doesn’t like anyone, or someone likes everyone.”

c. ∃a ∈ A ∀b ∈ B ((a ∈ C ∧ b 6∈ C)∨ (b ∈ C ∧a 6∈ C)) (or some variant).

d. ∃y > 0 ∀x (ax2 + bx + c 6= y).


a. A2 = {2, 3, 1, 4}, A3 = {3, 4, 2, 6}, A4 = {4, 5, 3, 8}, and A5 ={5, 6, 4, 10}

b.⋂

i∈I Ai = {4},⋃

i∈I Ai = {1, 2, 3, 4, 5, 6, 8, 10}.



1. Finish reading Chapter 3 of Velleman.

2. Read the handout “Natural deduction for propositional logic” that isposted on Blackboard, under “Course documents.”




6. Do as as many of the other exercises through exercise 3.26 of Tarki’sWorld as you can. (This will be the last assignment that uses it.)

7. Do as many of the exercises to Sections 3.1-3.2 and 3.4-3.5 of Vellemanas you can.

8.? Do exercise 4 on page 106 of Velleman. Give an ordinary, informalproof. Note that this means using clear, grammatically correct Englishsentences, and avoiding logical symbols! This is the form in which math-ematical arguments are written, and you will be graded accordingly.

9.? Do exercise 19 on page 134 of Velleman. Again, give an ordinary, in-formal proof. (Hints: since saying that two sets are not disjoint meansthat there is an element that is in both of them, it may be easier toprove that the first statement is false iff the second statement is false.Remember that if F is a family of sets, saying x ∈

⋃F means that x is

in A for some set A ∈ F .)

10.? Give a natural deduction proof of ¬(¬p ∧ q) from the hypothesis p.

11.? Give a natural deduction proof of p ∨ (q ∧ r) → ((p ∨ q) ∧ (p ∨ r)).

12.? Give a natural deduction proof of s from p → s and ¬p → s. (Hint:you can derive p ∨ ¬p first, as we did in class, and use that. For a moredirect proof, try a proof by contradiction.)

13.? Give a natural deduction proof of ¬p ∧ ¬s from p → q, ¬(q ∧ r), r, ands → p.



8. Velleman, exercise 4 on page 106. Suppose A \B is disjoint from C andx ∈ A. Prove that if x ∈ C then x ∈ B.

Proof. Suppose A \B is disjoint from C and x is in A, and suppose x isin C. If x is in not in B, then x is in A \ B, which contradicts the factthat A \B is disjoint from C. So x is in B.

7. Velleman, exercise 19 on page 134. Suppose F and G are families of sets.Prove that

⋃F and

⋃G are disjoint iff for all A ∈ F and B ∈ G, A and

B are disjoint.

Proof. Suppose the second statement is false. Then for some A ∈ Fand B ∈ G, A and B are not disjoint. That means that there is someelement, x, in both A and B. But then x is in

⋃F and

⋃G, so the first

statement is false as well.

Conversely, suppose the first statement is false. Then there is an element,x, in both

⋃F and

⋃G. But x ∈

⋃F means that x is in A for some A

in F , and x ∈⋃G means that x is in B for some B in G. This means

that A and B are not disjoint, so the second statement is false as well.

10.

x¬p ∧ q¬p p

⊥ x¬(¬p ∧ q)

11.

yp ∨ (q ∧ r)

xpp ∨ q

xpp ∨ r

(p ∨ q) ∧ (p ∨ r)

xq ∧ rq

(p ∨ q)

xq ∧ rr

(p ∨ r)

(p ∨ q) ∧ (p ∨ r)x

(p ∨ q) ∧ (p ∨ r)y

p ∨ (q ∧ r) → (p ∨ q) ∧ (p ∨ r)

12. As suggested by the hints, one solution is to use the proof of p ∨ ¬pon page 7 of the notes “Natural deduction for propositional logic,” andproceed as follows:

p ∨ ¬pp → s xp

s¬p → s x¬p

sxs

Here is a more direct proof:

y¬s¬p → s

y¬sp → s xp

s⊥ x¬p

s⊥ ys

13.

¬(q ∧ r)

p → q xpq r

q ∧ r

⊥ x¬p

¬(q ∧ r)

p → qs → p xs

pq r

q ∧ r

⊥ x¬s¬p ∧ ¬s



1. Start reading Chapter 6 of Velleman. (We will come back to Chapter 4and 5 afterwards.)

2. Read the handout “Propositional logic in Isabelle” that is posted onBlackboard, under “Course documents.”

3.? Page 18 in Velleman considers the following argument:

The butler and the cook are not both innocent.Either the butler is lying or the cook is innocent.Therefore, the butler is either lying or guilty.

Using letters B for “the butler is innocent,” C for “the cook is innocent,”and L for “the butler is lying,“ formalize this inference and give a naturaldeduction proof to establish its validity. (In the proof, the first twolines should be uncancelled hypotheses, and the third line should be theconclusion.)

4.? Give a natural deduction proof of ((ϕ ∨ ψ)→ θ)→ (ϕ→ θ) ∧ (ψ → θ).

5.? Give a natural deduction proof of ϕ→ ψ from ¬(ϕ ∧ ¬ψ).

6.? For this part of the assignment, you need to verify some propositionallogic proofs using Isabelle. The instructions below assume you are usingIsabelle in one of the clusters. If you are using another installation,adapt them accordingly.

• Open a browser window, find “homework6.thy” under “Homeworkassignments” on blackboard, and save it to a directory, e.g. yourhome directory.

• Open up a terminal window (via Applications -> Accessories ->

Terminal), and from that directory type

isabelle emacs homework6.thy

to open the file. (In Unix, you can type ls to list directories, andcd [directory-name] to change directory. Typing cd alone putsyou in your home directory.)

• Complete the proofs in the file, following the instructions in thecomments.

• Save the file and exit Isabelle.

• Rename the file to homework6_[your-last-name].thy. For exam-ple, at the terminal window, type

mv homework6.thy homework6_smith.thy

• Mail the file to Dan, at [email protected]. For example,you can open a browser and use gmail or go to my.cmu.edu anduse web mail. Make sure you put “isabelle homework6 [your-last-name]” in the subject line and make sure you attach the renamedfile.

7.? Do exercise 13 on page 144 of Velleman, giving an ordinary, informalproof.

8.? Do exercise 19 on page 144 of Velleman. Again, give an ordinary, infor-mal proof. Keep in mind that, by definition, A4B = (A \B)∪ (B \A).



3. Use the letters B, C, and L as in the text.

L ∨ C

xL

L ∨ ¬B

¬(B ∧ C)

yB

xC

B ∧ C⊥ y¬B

L ∨ ¬B xL ∨ ¬B

4.

z(ϕ ∨ ψ) → θ

xϕ

ϕ ∨ ψθ x

ϕ→ θ

z(ϕ ∨ ψ) → θ

yψ

ϕ ∨ ψθ y

ψ → θ

(ϕ→ θ) ∧ (ψ → θ)z

((ϕ ∨ ψ) → θ) → (ϕ→ θ) ∧ (ψ → θ)

5.

¬(ϕ ∧ ¬ψ)

yϕ

z¬ψ

ϕ ∧ ¬ψ⊥ zψ

yϕ→ ψ

7. Prove that for every integer x, x2 + x is even.

Let x be any integer. If x is even, then x2 is also even, and x2 + x iseven. If x is odd, then x2 is odd, and again x2 + x is even. Either way,x2 + x is even.

(This proof presupposes the fact that if x is even, then x2 is even, andsimilarly for x odd. If you spelled out the proof in greater detail, e.g. bywriting x as 2k in the first case and 2k + 1 in the second case, that iseven better. You could also prove the theorem by factoring x2 + x asx(x+ 1) and again splitting on cases.)

8. Suppose A, B, and C are sets. Show that A4B and C are disjoint iffA ∩ C = B ∩ C.

Suppose A4B and C are disjoint. Let x be an element of A ∩C. Thenx is in both A and C. If x is not in B, then x is in A4B, contradictingthe fact that A4B and C are disjoint. So x is in B, and hence in B∩C.Conversely, if x is in B∩C, a similar argument shows that x is in A∩C.Since x was arbitrary, we have A ∩ C = B ∩ C.

In the other direction, suppose A ∩ C = B ∩ C, but A4B and C arenot disjoint. Let x be an element of both A4B and C. Then either xis in A \ B, or x is in B \ A. If x is in A \ B, then x is in A but notB; but then x is in A ∩ C but not B ∩ C, contradicting the hypothesis.Similarly, if x is in B \ A, then x is in B ∩ C but not A ∩ C, again acontradiction. So A4B and C are disjoint.



1. Remember that there is an in-class midterm on Thursday, March 3.

2. Finish reading Chapter 6 of Velleman.

3. Read the handout “Natural deduction for first-order logic” that is postedon Blackboard, under “Course documents.”

4.? Using Isabelle, carry out the instructions in “homework7.thy” under“Homework assignments” on Blackboard. Follow the same instructionsas last week:

• Save the file to a directory, e.g. your home directory.

• Run Isabelle by typing isabelle emacs homework7.thy





• E-mail the file to Dan, at [email protected], with “isabellehomework7 [your-last-name]” in the subject line.

5.? Give natural deduction proofs of the following:

• ∀x ϕ(x) ∨ ∀x ψ(x)→ ∀x (ϕ(x) ∨ ψ(x))

• ∀x ϕ(x)→ ¬∃x ¬ϕ(x)

6.? Formalize the following statements, and give a natural deduction proofin which the first three statements appear as (uncancelled) hypotheses,and the last line is the conclusion:

Every young and healthy person likes baseball.Every active person is healthy.Someone is young and active.Therefore, someone likes baseball.

Use Y (x) for “is young,” H(x) for “is healthy,” A(x) for “is active,” andB(x) for “likes baseball.

7.? Do exercise 4 on page 265 of Velleman, giving an ordinary, informalproof. As usual, style counts.

8.? Do exercise 11 on page 266 of Velleman. (Hint: in the inductive step,rewrite 4n+1 as 4(4n + 6n − 1) − 24n + 4, in order to use the inductivehypothesis.)



5. a.

a∀x ϕ(x) ∨ ∀x ψ(x)

b∀x ϕ(x)

ϕ(y)

ϕ(y) ∨ ψ(y)

∀x (ϕ(x) ∨ ψ(x))

b∀x ψ(x)

ψ(y)

ϕ(y) ∨ ψ(y)

∀x (ϕ(x) ∨ ψ(x))b

∀x (ϕ(x) ∨ ψ(x))a

∀x ϕ(x) ∨ ∀x ψ(x)→ ∀x (ϕ(x) ∨ ψ(x))

b.

b∃x ¬ϕ(x)

c¬ϕ(y)

a∀x ϕ(x)

ϕ(y)

⊥c

⊥b

¬∃x ¬ϕ(x)a

∀x ϕ(x)→ ¬∃x ¬ϕ(x)

6.

∃x (Y (x) ∧A(x))

∀x (Y (x) ∧H(x) → B(x))

Y (z) ∧H(z) → B(z)

aY (z) ∧A(z)

Y (z)

∀x (A(x) → H(x))

A(z) → H(z)

aY (z) ∧A(z)

A(z)

H(z)

Y (z) ∧H(z)

B(z)

∃x B(x)a

∃x B(x)

7. Claim: For every n ≥ 1, 1 + 3 + 5 + . . .+ (2n− 1) = n2.

Proof: by induction on n. In the base case, when n = 1, and both sidesare equal to 1. Assuming the claim is true of n, we have

1 + . . .+ (2(n+ 1)− 1) = (1 + . . .+ (2n− 1)) + 2n+ 1

= n2 + 2n+ 1

= (n+ 1)2.

8. Claim: for every n ≥ 1, 9|(4n + 6n− 1).

Proof: by induction on n. In the base case, when n = 0, 4n +6n−1 = 0,which is divisible by 9.

In the induction step, suppose the claim is true for n. Then

4n+1 + 6(n+ 1)− 1 = (4(4n + 6n− 1)− 24n+ 4) + 6n+ 5

= 4(4n + 6n− 1)− 18n+ 9.

By the inductive hypothesis, the first term is divisible by 9, and 18n and9 are clearly both divisible by 9.


Homework #8Due Thursday, March 17

Notice that this assignment is not due until after spring break.

1. Study for the in-class midterm on Thursday, March 3. It will cover allthe material we discuss in class through Tuesday, March 1, includingChapters 1–3 and 6 of Velleman, as well as natural deduction for propo-sitional logic and first-order logic with equality. (Note that we did notcover section 6.5 in Velleman.)

2. Start reading Chapter 4 of Velleman. Also read the handout, “First-order logic in Isabelle,” that is posted on Blackboard, under “Coursedocuments.”

3.? Remember that both the following express ∃!x ϕ(x), that is, the stat-ment that there is a unique x satisfying ϕ(x):

• ∃x (ϕ(x) ∧ ∀y (ϕ(y)→ y = x))

• ∃x ϕ(x) ∧ ∀y ∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)

Do the following:

a. Give a natural deduction proof of the second, assuming the first as ahypothesis.

b. Give a natural deduction proof of the first, asssuming the second asa hypothesis.

(Warning: these are long.)

4.? Using Isabelle, carry out the instructions in “homework8.thy” under“Homework assignments” on Blackboard. Follow the same instructionsin previous weeks week:








5. Do as many exercises in Sections 6.1–6.4 of Velleman as you can.

6.? Do exercise 9 on page 287 of Velleman.





3. a.

∃x (ϕ(x) ∧ ∀y (ϕ(y)→ y = x))

aϕ(z) ∧ ∀y (ϕ(y)→ y = z)

ϕ(z)

∃x ϕ(x)(∗)

∀y ∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)

∃x ϕ(x) ∧ ∀y ∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)a

∃x ϕ(x) ∧ ∀y ∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)

where (∗) is the proof

bϕ(y) ∧ ϕ(y′)

ϕ(y)

aϕ(z) ∧ ∀y (ϕ(y)→ y = z)

∀y (ϕ(y)→ y = z)

ϕ(y)→ y = zy = z

bϕ(y) ∧ ϕ(y′)

ϕ(y′)

aϕ(z) ∧ ∀y (ϕ(y)→ y = z)

∀y (ϕ(y)→ y = z)

ϕ(y′)→ y′ = z

y′ = z

z = y′

y = y′b

ϕ(y) ∧ ϕ(y′)→ y = y′

∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)

∀y ∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)

b. Let θ be the formula ∃x ϕ(x) ∧ ∀y ∀y′ (ϕ(y) ∧ ϕ(y′)→ y = y′).

θ

∃x ϕ(x)

xϕ(x)

θ

∀y, y′ (ϕ(y) ∧ ϕ(y′)→ y = y′)

ϕ(y) ∧ ϕ(x)→ y = x

yϕ(y)

xϕ(x)

ϕ(y) ∧ ϕ(x)y = x

yϕ(y)→ y = x

∀y (ϕ(y)→ y = x)

ϕ(x) ∧ ∀y (ϕ(y)→ y = x)

∃x (ϕ(x) ∧ ∀y (ϕ(y)→ y = x))x

∃x (ϕ(x) ∧ ∀y (ϕ(y)→ y = x))

6. Claim: For every n ≥ 2,∑n−1

k=1 Hk = nHn − n.Proof. First notice that for every n, Hn+1 = Hn+

1n+1 , so Hn = Hn+1−

1n+1 . Now use induction on n. In the base case, when n = 2, we have∑2−1k=1Hk = H1 = 1, and 2H2 − 2 = 2(1 + 1/2) − 2 = 3 − 2 = 1, so the

identity holds.

In the inductive step, suppose the claim is true for n. Then we have

n∑k=1

Hk =n−1∑k=1

Hk +Hn

= nHn − n+Hn by the IH

= (n+ 1)Hn − n

= (n+ 1)(Hn+1 −1

n+ 1)− n

= (n+ 1)Hn+1 − 1− n= (n+ 1)Hn+1 − (n+ 1),

as required.

7. Claim: For every n ≥ 1,∑n

i=1 i · i! = (n+ 1)!− 1.

Proof: Use induction on n. When n = 1, both sides are equal to 1.

In the induction step, suppose the claim is true for n. Then we have

n+1∑i=1

i · i! =n∑i=1

i · i! + (n+ 1) · (n+ 1)!

= (n+ 1)!− 1 + (n+ 1) · (n+ 1)!

= (1 + n+ 1) · (n+ 1)!− 1

= (n+ 2)!− 1.

8. Let us use complete induction to show that for every n ≥ 12, n can beobtained by adding multiplies of 3 and 7.

First, notice that we have 12 = 4 ·3, 13 = 7 ·1+2 ·3, and 14 = 7+7. If nis greater than or equal to 15, the inductive hypothesis implies that n−3can be obtained by adding multiples of 3 and 7. Since n = (n− 3) + 3,can can be obtained that way as well.



1. Continue reading Chapter 4 of Velleman. Also read the handout, “Thenatural numbers,” which is posted on Blackboard, under “Course docu-ments.”

2.? Using Isabelle, carry out the instructions in “homework9.thy” under“Homework assignments” on Blackboard. Follow the same instructionsas in previous weeks:



• Complete the proofs in the file, save the file, and exit Isabelle.




3.? Do problem 7(a) on page 296 of Velleman.

4.? In class, we gave recursive definitions of operations like addition andmultiplication on the natural numbers, and then showed how to definerelations like <, |, and Prime(x) using formulas. Using only these (andanything else we defined in class) express all the following using first-order logic:

a. For every x greater than or equal to 1, there is a prime numberbetween x and 2x.

b. x has at least three distinct prime divisors.

c. x is a power of 2. (Hint: express this by saying that the only primenumber that divides x is 2.)

5.? Prove x · (y + z) = x · y +x · z, using only the definitions of addition andmultiplication and other facts we proved in class. (In other words, youmay use the definition and properties 1–5 on the handout, “The naturalnumbers.”)

6.? Prove x · (y · z) = (x · y) · z in the same way.



3. Remember F0 = 0 and F1 = 1. Use complete induction on n. In thebase case, we have Fm−1F0 + FmF1 = Fm−1 · 0 + Fm · 1 = Fm.

In the induction step, suppose the formula holds for m and all n′ lessthan n + 1, and let us show that the claim holds of m and n + 1. Wehave

Fm+(n+1) = Fm+n + Fm+(n−1)

= (Fm−1Fn + FmFn+1) + (Fm−1Fn−1 + FmFn) by the IH

= Fm−1(Fn + Fn−1) + Fm(Fn+1 + Fn)

= Fm−1Fn+1 + FmFn+2,

as required.

4. a. ∀x (x ≥ 1→ ∃y (Prime(y) ∧ x ≤ y ∧ y ≤ 2 · x))

b. ∃w, y, z (Prime(w) ∧ Prime(y) ∧ Prime(z) ∧ w|x ∧ y|x ∧ z|x ∧ w 6=y ∧ w 6= z ∧ y 6= z)

c. ∀y (Prime(y) ∧ y|x→ y = 2)

5. Fix x and y, and use induction on z. In the base case, we have

x · (y + 0) = x · y by the definition of addition

= x · y + 0 by the definition of addition

= x · y + x · 0 by the definition of multiplication

In the inductive step, assume x · (y + z) = x · y + x · z. Then

x · (y + succ(z)) = x · succ(y + z) def +

= x · (y + z) + x def ·= (x · y + x · z) + x IH

= x · y + (x · z + x) associativity

= x · y + x · succ(z) def ·

6. Fix x and y and use induction on z. In the base case, we have

x · (y · 0) = x · 0= 0

= (x · y) · 0.

In the inductive step, we have

x · (y · succ(z)) = x · (y · z + y)

= x · (y · z) + x · y by the previous problem

= (x · y) · z + x · y by the IH

= (x · y) · succ(z).



Note: for the problems on this assignment, other than 3, you should begiving ordinary mathematical proofs, not symbolic calculations. That meansthat you should be using words rather than symbols for logical connectives,and using clear, readable, mathematical language.

1. Finish reading Chapter 4 of Velleman, and start reading Chapter 5.

2. Do as many exercises from Sections 4.1–4.4 as you can.

3.? Do the following:

a. Prove 0 · x = 0.

b. Prove succ(x) · y = x · y + y by induction on y. (This is tricky.)

c. Prove x · y = y · x.

Use only the definitions of addition and multiplication and other factsproved in class and on the last homework assignment. (In other words,you may use the definition and properties 1–6 and 9 on the handout,“The natural numbers.”)

4.? Do problem 9 on page 171 of Velleman.

5.? Do problem 6(d) on page 179 of Velleman.






3. a. Prove 0 · x = 0 by induction on x. When x = 0, we have 0 · 0 = 0 bythe definition of multiplication. In the successor case, we have

0 · succ(x) = 0 · x + 0

= 0 + 0

= 0.

b. Prove succ(x) · y = x · y + y by induction on y. When y = 0, bothsides are equal to 0 by the definition of multiplication and addition.In the successor case, we have

succ(x) · succ(y) = succ(x) · y + succ(x)

= (x · y + y) + succ(x)

= x · y + (y + succ(x))

= x · y + (succ(y + x))

= x · y + (succ(x + y))

= x · y + (x + succ(y))

= (x · y + x) + succ(y)

= x · succ(y) + succ(y)

c. Prove x · y = y · x by induction on x. In the base case, we have0 · y = 0 = 0 · y by the first part. In the induction step, we have

succ(x) · y = x · y + y

= y · x + y

= y · succ(x).

4. Show (A×B) \ (C ×D) = (A× (B \D)) ∪ ((A \ C)×B).

Let A, B, C, and D be arbitrary sets. Suppose p is in (A×B)\ (C×D).Then p is in A × B, but not in C × D. This means that p is a pair,(a, b), where a is in A and b is in B, but (a, b) is not in C ×D. This lastassertion means that either a is not in C, or b is not in D. In the firstcase, (a, b) is in (A \C)×B, and in the second case, it is in A× (B \D).So (a, b) is in (A× (B \D)) ∪ ((A \ C)×B).

Conversely, suppose p is in (A× (B \D)) ∪ ((A \ C)×B). Then eitherp is in (A × (B \ D)) or p is in ((A \ C) × B). In the first case, p is apair (a, b), where a is in A and b is in B but not D. In the second case,p is a pair (a, b), where a is in A but not C, and b is in B. Either way,p is in A×B, but p is not in C ×D. Thus p is in (A×B) \ (C ×D), asrequired.

5. Show (S ◦R)−1 = S−1 ◦R−1.

Suppose (x, y) is in (S ◦R)−1. Then (y, x) is in S ◦R. This means thatfor some z, (y, z) is in S, and (z, x) is in R. But that means that (x, z)is in R−1 and (z, y) is in S−1, so (x, y) is in S−1 ◦R−1.

Conversely, suppose (x, y) is in S−1 ◦R−1. Then for some z, (x, z) is inS−1 and (z, y) is in R−1, which means that (y, z) is in R and (z, x) is inS. This means that (y, x) is in R ◦ S, and so (x, y) is in (R ◦ S)−1.

6. Suppose R1 and R2 are relations on A.

a. If R1 and R2 are both reflexive, so is R1 ∩ R2. To prove this, let xbe any element of A. Then (x, x) is in both R1 and R2, and so inR1 ∩R2.

b. If R1 and R2 are both symmetric, so is R1 ∩ R2. To prove this,suppose (x, y) is an element of R1 ∩ R2. Then it is an element ofboth R1 and R2. Since R1 and R2 are both symmetric, (y, x) is anelement of both as well. So (y, x) is an element of R1 ∩R2.

c. If R1 and R2 are both transitive, so is R1∩R2. To prove this, suppose(x, y) and (y, z) are in R1 ∩ R2. Then they are in both R1 and R2.Since R1 and R2 are transitive, (x, z) is an element of both, andhence it is an element of R1 ∩R2.

7. a. This is a total order (the order that words appear in the dictionary).

b. This is not a partial order, because anti-symmetry fails: “bat” and“big” are related to one another both ways, but are not the same.

c. This is a total order, assuming no two countries have exactly the samepopulation. (If there are two countries with the same population, itis not a partial order).

8. a. pSq means that p is an ancestor of q.

b. p(S ◦ S−1)q means that p and q have a common descendent.


Homework #11Due Thursday, April 7

1. Finish reading Chapter 5 of Velleman, and start reading Chapter 7.

2. Do as many exercises from Chapter 4 and 5 as you can.

3.? Using Isabelle, carry out the instructions in “homework11.thy” under“Homework assignments” on Blackboard. Follow the same instructionsas in previous weeks:



• Complete the proofs in the file, save the file, and exit Isabelle.

• Rename the file to homework11_[your-last-name].thy. For ex-ample, at the terminal window, type



The additional Isabelle file, “orders.thy,” posted with the homeworkassignment is simply for reference and enjoyment. (It contains formalversions of the next two exercises.)

4.? Suppose ≤ is a partial order on a set A, and define another order, <, bythe following equivalence:

a < b if and only if a ≤ b and a 6= b.

Given an informal proof that the relation < is transitive.

5.? Suppose ≤ is a total order on a set A, and define < as above. Givean informal proof that < satisfies the trichotomy law: for any a and b,either a < b, or a = b, or b < a.

6.? Using first-order logic, with quantifiers ranging explicitly over the set A,write down formal expressions of what it means to say that ≤ is a partialorder. Then give a formal natural deduction proof of the fact stated inproblem 4. You can use the kinds of abbreviations we discussed in class;for example, you can use the transitivity of ≤ as follows:

trans(≤) a ≤ b b ≤ c

a ≤ c

Also, to unfold the definition of <, you can use the following rules:

a < ba ≤ b

a < ba 6= b

Recall also the rules for negation: for example, to prove a 6= b, assumea = b and derive ⊥.





4. To show < is transitive, suppose a < b and b < c. Then a ≤ b, a 6= b,b ≤ c, and b 6= c. Since ≤ is transitive, we have a ≤ c. Thus it sufficesto show a 6= c, since this implies a < c.

To that end, suppose a = c. Then from the assumptions we have c ≤ band b ≤ c, and antisymmetry implies b = c. But this contradicts thefact that b 6= c. So a 6= c, as required.

5. Given a and b, we need to show that either a < b, a = b, or b < a. Ifa = b, then we are done. So we can assume a 6= b. Since ≤ is a totalorder, we have a ≤ b or b ≤ a. In the first case, since a 6= b, we havea < b. In the second case, similarly, we have b < a. So either way, oneof a < b, a = b, or b < a holds.

6. By the usual natural deduction rules, it suffices to prove a < c froma < b and b < c.

trans(≤)a < ba ≤ b

b < cb ≤ c

a ≤ c

antisym(≤)b < cb ≤ c

ua = ca < ba ≤ b

c ≤ b

c = bb = c

b < cb 6= c

⊥u

a 6= ca < c

7. Suppose R1 and R2 are partial orders on a set A.

a. Let S = R1∩R2. Then S is also a partial order. Proof: For every a inA, aR1a and aR2a, so aSa. So S is reflexive. Suppose aSb and bSc.Then aR1b, aR2b, bR1c, and bR2c. By the transitivity of R1 and R2,aR1c and aR2c, so aSc. So S is transitive. Finally, suppose aSb andbSa. Then, in particular, aR1b and bR1a. Since R1 is antisymmetric,a = b. So S is antisymmetric.

b. R1 ∪ R2 need not be a partial order. For example, suppose R1 is ≤and R2 is ≥ on the natural numbers, and let T = R1 ∪ R2. Then0T1 and 1T0, but 0 6= 1. So T is not antisymmetric.

8. a. Show S is an equivalence relation on B. Let a, b, and c be anyelements of B. Then aSa, because aRa. So S is reflexive. If aSb thenaRb, and by the symmetry of R, we have bRa. Since (b, a) ∈ B ×B,we have bSa. So S is symmetric. Finally, suppose aSb and bSc. Thetransitivity of R implies aRc, and since (a, c) is in B × B, we haveaSc. So S is symmetric.

b. Show that if x is in B, [x]S = [x]R ∩ B. Suppose y is in [x]S . ThenxSy. By definition, xRy, and (x, y) is in B ×B. This implies y is inB, so y is in [x]R ∩B.

Conversely, suppose y is in [x]R ∩ B. Then xRy and y is in B. Butthen (x, y) is in B ×B, so xSy.


Homework #12Due Tuesday, April 19

Notice that this assignment is due on a Tuesday, after Carnival. Late as-signments will be accepted until noon on Wednesday.

1. We have now completed Chapters 1–6 of Velleman, excluding sections5.4 and 6.5. Read the two excerpts from Enderton’s book, Set Theory,titled “Axioms” and “The natural numbers.” These are posted under“Course documents” on Blackboard. Then read Chapter 7 of Velleman.

2. Do as many exercises from Chapter 5 of Velleman as you can.

3.? Do parts (b) and (c) of exercise 16 on page 224 of Velleman. (Part (a)is easy and just tedious.)





8.? Remember that the formal language of set theory contains only thesymbol ∈, where x ∈ y represents “x is an element of y.” In addition,the language has all the symbols of first-order logic, including equality,logical connectives, and quantifiers. In class we saw that in this languageone can define new notions. For example, we can define “x = {y}” tomean ∀z (z ∈ x ↔ z = y). In a similar way, write down formulas in thelanguage of set theory to represent all of the following notions:

a. x = y \ zb. x =

⋃y

c. x is nonempty

d. x has exactly two elements

e. x consists of all the nonempty subsets of y

9.? In class we defined the ordered pair 〈x, y〉 to be the set {{x}, {x, y}}.Prove that if 〈x, y〉 = 〈w, z〉 then x = w and y = z. (Hint: you shouldconsider two cases, one where x = y, and the other where x 6= y.)



3. Suppose R is an equivalence relation on A, S is an equivalence relationon B, and A and B are disjoint.

a. (not required)

b. Suppose x ∈ A. Then for any y if y is in [x]R, then (x, y) ∈ R, andso (x, y) ∈ R ∪ S. But this implies y ∈ [x]R∪S . Conversely, if y is in[x]R∪S , then (x, y) ∈ R or (x, y) ∈ S. But since S is a relation on Band A and B are disjoint, (x, y) can’t be in S, so (x, y) is in R. Soy ∈ [x]R. The corresponding claim for S is proved in the same way.

c. Suppose X ∈ (A∪B)/(R∪S). Then for some x in A∪B, X = [x]R∪S .But then x ∈ R or x ∈ S, so the previous part implies X = [x]R orX = [x]S , so X ∈ A/R or X ∈ A/S. Conversely, if X ∈ A/R,then X = [x]R = [x]R∪S for some x in A, and hence in A ∪ B. SoX ∈ A ∪B/R ∪ S. If X ∈ B/S, the argument is similar.

4. Suppose A is a nonempty set, and f : A→ A.

a. Suppose for every x in A, f(x) = a. Then for all x in A, (f ◦ g)(x) =f(g(x)) = a = f(x).

b. Conversely, suppose for every g : A → A, f ◦ g = f . Let a be anyelement of a, and let g be the constant function g(x) = a. Supposef = f ◦ g. Then for every x, f(x) = (f ◦ g)(x) = f(g(x)) = f(a). Sof is the constant function with value f(a).

5. With the definitions in this problem, we have fRg is and only if thereis some a such that for every x ≥ a, f(x) = g(x).

a. For every x ≥ 0, f(x) = |x| = x = g(x), so fRg.

b. To see that R is an equivalence relation, first show it is reflexive: forany x ≥ 0, f(x) = f(x). (Anything would work in place of 0.) If issymmetric: if f(x) = g(x) for every x ≥ a, then g(x) = f(x) for everyx ≥ a. Finally, let us show it is transitive. Suppose f(x) = g(x) forevery x ≥ a, and let g(x) = h(x) for every x ≥ b. Let c = max(a, b).Then for every x ≥ c, f(x) = g(x) and g(x) = h(x), so for everyx ≥ c, f(x) = h(x).

6. Let f(x) = 3xx−2 .

a. f(x) can never be 3, since otherwise we would have 3x − 6 = 3x, acontradiction. f is injective and surjective as a function from R toR \ {3}. To show that it is injective, suppose f(x) = f(x′). Cross-multiplying, we have 3xx′ − 6x = 3x′x− 6x′, which implies 6x = 6x′

and so x = x′. To show that it is surjective, suppose y is not equalto 3. Then an easy calculation shows y = f(2y/(y − 3)).

b. The previous calculation shows f−1(y) = 2yy−3 .

7. Given f : A → B injective, let B′ = rangef . Then f : A → B′ isinjective and surjective, and so, by Theorem 5.3.4, f−1 : B′ → A.

8.

a. ∀w (w ∈ x↔ w ∈ y ∧ w 6∈ z).

b. ∀w (w ∈ x↔ ∃u ∈ y (w ∈ u)).

c. ∃w (w ∈ x).

d. ∀y, z (y 6= z ∧ ∀w (w ∈ x↔ w = y ∨ w = z).

e. ∀w (w ∈ x↔ w ⊆ y ∧ ∃u (u ∈ w)), where w ⊆ y means ∀v (v ∈ w →v ∈ y).

9. Suppose (x, y) = (w, z). I need to show that x = y and w = z.

Case 1: x = y. Then (x, y) is a set containing a single element, {x}.Since (x, y) = (w, z), the right hand side is also a set with a singleelement, {x}. But this can only happen if w = z (because otherwise(w, z) contains two elements) and so (w, z) is a set with a single element{w}. But if {x} = {w} then x must be equal to w.

Case 2: x 6= y. Then (x, y) is a set containing two elements: a one-element set {x} and a two-element set {x, y}. Since (x, y) = (w, z), thelatter also has two elements, {w} and {w, z}. So w 6= z, {x} = {w}, and{x, y} = {w, z}. But this shows that x = w and y = z.


Homework #13Due Tuesday, April 26

This is the last homework assignment! Note the following:

• Class is cancelled on Thursday, April 28.

• This assignment is due Tuesday, April 26, the last day of class. (Asusual, we’ll accept late assignments until noon the next day.)

• The final exam will be on Friday, May 6, from 1 to 3 pm.

• Dan and I will hold extra office hours for review before the exam (we’llannounce them on Blackboard).

1. Finish reading Chapter 7 of Velleman’s book, and read the excerpt,“Construction of the Real Numbers,” from Enderton.

2. Do as many exercises as you can from Sections 7.1 and 7.2 of Velleman.

3.? Let R be an equivalence relation on A. Explain how the axioms of settheory (as listed in class, or in the “Axioms” chapter of Enderton) implythe following:

a. For every a ∈ A, the set [a]R exists.

b. The set A/R exists.

4.? Remember that we defined the successor of x, succ(x), to be x ∪ {x}.(Enderton writes this as x+.) A set A is said to be inductive if ∅ is inA, and whenever a set x is in A, succ(x) is in A. The axiom of infinitysays that there is an inductive set. We then define the natural numbers,N, to be the intersection of all inductive sets. This means that for anyset x, x is in N if and only if x is in every inductive set.

a. Show that N is inductive.

b. Show that if A is inductive and A ⊆ N, then A = N.

5.? To exercise 5 on page 312 of Velleman. This is tricky. Given that f is abijection from A to B, define an explicit function from P (A) to P (B),and prove that it is a bijection.

6.? Do exercise 6(a) on page 312 of Velleman. (You can use the proof in theappendix, but then you should also prove that the function g definedthere is one-to-one and onto. It helps to draw a picture.)




3. a. [a]R = {x ∈ A | (a, x) ∈ R}, so this set exists by the subset axiom.

b. A/R = {y ∈ P (A) | ∃a ∈ A (y = [a]R)}, so this set exists by thepower set axiom and the subset axiom.

4. a. Show N is inductive. 0 is in N, because 0 is in every inductive set.To show that N is closed under sucessor, suppose x is in N. Then ifA is any inductive set, x is in A. Since A is inductive, succ(x) is inA. Thus succ(x) is in N as well.

b. Suppose A is inductive. Then every element of N is in A, so N ⊆ A.Since we are assuming A ⊆ N, A = N.

5. Given a bijection f from A to B, define g : P (A) → P (B) by g(X) ={f(x) | x ∈ X}. Let us show that this is a bijection.

To show g is injective, suppose g(X) = g(Y ). Let x be in X. Thenf(x) is in g(X), and so f(x) is in g(Y ). This means that f(x) = f(y)for some y in Y . But f is injective, so x = y. So x is in Y . The sameargument shows that every element of Y is in X, so X = Y , as required.

To show g is surjective, let Y be any subset of B. Let X = {f−1(y) | y ∈Y }. Then g(X) = {f(f−1(y)) | y ∈ Y } = {y | y ∈ Y } = Y , as required.

6. Use the proof on page 365 in the textbook. To see that g is injective,let i and i′ be any elements of In, and suppose g(i) = g(i′). If neither inor i′ is equal to j, then f(i) = f(i′), which implies i = i′, because f isinjective. Suppose i = j. Then g(i) = k. Since i′ is in In, we can’t havef(i′) = k, because f(n + 1) = k and f is injective. So i′ must be equalto j as well.

To see that g is surjective, let y be any element of Im−1. Since f issurjective, there is an x in In+1 such that f(x) = y. If y is not equal tok, then x is not equal to n + 1, so x is in In and g(x) = y. If y is equalto k, then g(j) = y. Either way, there is an element x of In such thatg(x) = y.

7. Show that the set of finite subsets of Z+ is countable. For every n ∈ Z+,the set Sn of subsets of {0, . . . , n} is finite (with 2n+1 elements), andhence countable. By Theorem 7.2.2,

⋃Sn is countable. Every finite

subset of Z+ is in Sn for some n, so we are done.

LOGIC AND MATHEMATICAL INQUIRY

Midterm Exam Name:

March 3, 2011

Write your answers in the space provided, using the back of the page if necessary.You can use additional scratch paper. Justify your answers, and provide clear,readable explanations.

Problem Points Score

1 6

2 10

3 10

4 10

5 8

6 10

7 10

Total 64

GOOD LUCK

Problem 1. (6 points)

Use calculations with propositional logic to simplify the expression

¬(p ∧ ¬q) ∨ (¬p ∧ q).


Consider the following inference:

• Either John isn’t stupid and he is lazy, or he is stupid.

• John is stupid.

• Therefore, John isn’t lazy.

Part a) (3 points) Represent this inference in propositional logic, using the vari-ables S for “John is stupid” and L for “John is lazy.”

Part b) (4 points) What does it mean to say that a propositional inference isvalid? (Be clear and precise.)

Part c) (3 points) Determine whether the inference above is valid, and justifyyour answer.


Part a) (5 points) Write down a first-order sentence expressing:

Everyone who lives in Pittsburgh knows someone who lives in California.

Use the predicate symbols C(x) and P (x) for “lives in California,” and “lives inPittsburgh,” respectively, and the relation symbol K(x, y) for “x knows y.” Also,assume that quantifiers and variables range over people.

Part b) (5 points) Using the language of Tarski’s World, write down a first-ordersentence that is true of a world exactly when there is a large cube between twotetrahedra, one of which is small.


Give a clear, readable, proof of the following identity: A\(B∩C) = (A\B)∪(A\C).


Let F and G be families of sets. Show that if F ⊆ G, then⋂G ⊆ ⋂F .

Problem 6. (10 points) For Problems 6 and 7, use only the basic natural deductionrules.

Part a) (5 points) Give a natural deduction proof of ¬q → ¬p from p→ q.

Part b) (5 points) Give a natural deduction proof of p ∧ q from ¬(¬p ∨ ¬q).


Part a) (5 points) Give a natural deduction proof of ∀x B(x) from ∀x A(x) and∀x (A(x)→ B(x)).

Part b) (5 points) Give a natural deduction proof of ∃x A(x) ∨ ∃x B(x) from∃x (A(x) ∨B(x)).

Midterm Solutions

1. We have

¬(p ∧ ¬q) ∨ (¬p ∧ q) ≡ (¬p ∨ ¬¬q) ∨ (¬p ∧ q)

≡ ¬p ∨ (q ∨ (¬p ∧ q))

≡ ¬p ∨ q

2. a. The hypotheses are (¬S ∧ L) ∨ S and S. The conclusion is ¬L.

b. An inference in propositional logic is valid if the following holds: forevery truth assignment to the variables, if the hypotheses come outtrue under that assignment, so does the conclusion. (Less formally:for every line of the truth table, if the premises are true, so is theconclusion.)

c. The inference is not valid. If we assign S the value “true” and L thevalue “true,” then both hypotheses are true, but the conclusion isfalse.

3. a. ∀x (P (x)→ ∃y (C(y) ∧K(x, y)).

b. ∃x, y, z (Cube(x)∧Large(x)∧Tet(y)∧Tet(z)∧Small(z)∧Between(x, y, z).

4. Suppose x is in A \ (B ∩ C). Then x is in A, but x is not in both Band C. Then either x is not in B, or x is not in C. In the first case, xis in A \ B, and in the second case, x is in A \ C. Either way, x is in(A \B) ∪ (A \ C).

Conversely, suppose x is in (A \B) ∪ (A \C). Then either x is in A \Bor x is in A \ C. In the first case, x is in A but not B, and hence x isnot in B ∩C. So, in that case x is in A \ (B ∩C). In the second case, xis in A but not C, so again x is not in B ∩C. So, in the ase too, x is inA \ (B ∩ C).

5. Suppose x is in⋂G. Then for every set A in G, x is in A. Let B be

any set in F . Since F ⊆ G, B is in G, and so x is in B. Since B is anarbitrary set in F , x is in

⋂F .

6.

a.

b¬qp→ q ap

q

⊥ a¬pb¬q → ¬p

b.

¬(¬p ∨ ¬q)

a¬p¬p ∨ ¬q

⊥ ap

¬(¬p ∨ ¬q)

b¬q¬p ∨ ¬q

⊥bq

p ∧ q

7.

a.

∀x A(x)

A(y)

∀x (A(x)→ B(x))

A(y)→ B(y)

B(y)

∀x B(x)

b.

∃x (A(x) ∨B(x))

bA(y) ∨B(y)

aA(y)

∃x A(x)

∃x A(x) ∨ ∃x B(x)

aB(y)

∃x B(x)

∃x A(x) ∨ ∃x B(x)a

∃x A(x) ∨ ∃x B(x)b

∃x A(x) ∨ ∃x B(x)

LOGIC AND MATHEMATICAL INQUIRY

Final Exam Name:

May 6, 2011

Write your answers in the space provided, using the back of the page if necessary.You can use additional scratch paper. Justify your answers, and provide clear,readable explanations.

Problem Points Score

1 12

2 12

3 12

4 12

5 12

6 12

Total 72

GOOD LUCK


Part a) (2 points) Let A and B be sets, and let f be a function from A to B.What does it mean to say that f is injective?

Part b) (2 points) Let A and B be sets, and let f be a function from A to B.What does it mean to say that f is surjective?

Part c) (4 points) Show that if f : A→ B is injective, and g : B → C is injective,then g ◦ f is injective.

Part d) (4 points) Show that if f : A → B is surjective, and g : B → C issurjective, then g ◦ f is surjective.

Problem 2. (12 points) Let A be a set and let ≡ be an equivalence relation on A.Recall that for any element a in A, the equivalence class of a, written [a], is definedby [a] = {b ∈ A | a ≡ b}. Recall also that A/≡ is defined to be {[a] | a ∈ A}, the setof equivalence classes. For these problems, do not use any background facts otherthan these definitions and the definition of an equivalence relation.

Part a) (4 points) Show that for any a and b in A, b ∈ [a] if and only if [a] = [b].

Part b) (4 points) Show that if X and Y are elements of A/ ≡, then either Xand Y are disjoint (that is, X ∩ Y = ∅) or X = Y .

Part c) (4 points) Show A =⋃

(A/≡).

Problem 3. (12 points) Let N denote the natural numbers, with initial element 0and successor function s(x). Addition is characterized by the following two clauses:

1. for every x, x + 0 = x

2. for every x and y, x + s(y) = s(x + y).

Using induction and nothing beyond the two facts above, prove that for every x andy, x + y = y + x. Note that to make the induction work, you will have to proveauxilliary facts along the way.

Problem 4. (12 points) Prove the following using natural deduction.

Part a) (4 points) ∀x P (x) ∨ ∀x Q(x)→ ∀x (P (x) ∨Q(x))

Part b) (4 points) (p→ q)→ ¬(p ∧ ¬q)

Part c) (4 points) ¬(p ∧ ¬q)→ (p→ q)

Problem 5. (12 points) Express all of the following in the language of set theory,using only the relations ∈ and = and first-order logic. (In later parts, you can freelyuse symbols that you define in earlier parts.)

Part a) (2 points) x ⊆ y

Part b) (2 points) x = ∅

Part c) (2 points) x = y ∩ z

Part d) (2 points) x = P(y) (the power set of y)

Part e) (2 points) x = y ∪ {y}

Part f) (2 points) x has exactly two elements


Part a) (2 points) What does it mean to say that A ∼ B, that is, A and B areequinumerous?

Part b) (2 points) What does it mean to say that A is countably infinite?

Part c) (4 points) Prove that the set of rational numbers, Q, is countably infinite.

Part d) (4 points) Prove that P(N) is not countably infinite.

05/18/11 Examples1.thy 1

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/Examples1.thy

theory Examples1

imports Main

begin

(* Here is a list of basic commands for propositional logic:

apply assumption apply (rule conjI) apply (erule conjE) apply (frule conjunct1) - or "drule" apply (frule conjunct2) - or "drule" apply (rule impI) apply (erule impE) apply (rule disjI1) apply (rule disjI2) apply (erule disjE) apply (rule notI) apply (erule notE) apply (rule iffI) apply (erule iffE) apply (rule classical) apply (rule ccontr)

You can get more information about any of these using "thm", as in

thm conjI*)

lemma ex1: "P & Q --> Q & P" apply (rule impI) apply (erule conjE) apply (rule conjI) apply assumption apply assumptiondone

lemma ex2: "(P & Q) & R --> P & (Q & R)" apply (rule impI) apply (erule conjE) apply (erule conjE) apply (rule conjI) apply assumption apply (rule conjI) apply assumption apply assumptiondone

lemma ex3: "[| (P --> Q); (Q --> R)|] ==> P --> R" apply (rule impI) apply (erule impE) apply assumption apply (erule impE) apply assumption



apply assumptiondone

lemma ex4: "P | Q --> Q | P" apply (rule impI) apply (erule disjE) apply (rule disjI2) apply assumption apply (rule disjI1) apply assumptiondone

lemma ex5: "P & P <-> P" apply (rule iffI) apply (erule conjE) apply assumption apply (rule conjI) apply assumption+done

lemma ex6: "~ (P | Q) --> ~P" apply (rule impI) apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumptiondone

lemma ex7: "P | ~P" apply (rule classical) apply (rule disjI2) apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumptiondone

lemma ex8: "~(P & Q) --> ~P | ~Q" apply (rule impI) apply (rule ccontr) apply (erule notE) apply (rule conjI) apply (rule ccontr) apply (erule notE) apply (rule disjI1) apply assumption apply (rule ccontr) apply (erule notE) apply (rule disjI2) apply assumptiondone

(* some proof shortcuts *)

thm de_Morgan_conj



thm de_Morgan_conj [symmetric]thm de_Morgan_disjthm not_notthm not_impthm imp_conv_disj

lemma ex9: "~(P & Q) --> ~P | ~Q" apply (rule impI) apply (subst (asm) de_Morgan_conj) apply assumptiondone

lemma ex10: "~(P & Q) --> ~P | ~Q" apply (rule impI) apply (subst de_Morgan_conj [symmetric]) apply assumptiondone

(* examples of reasoning with sets *)

thm set_extthm subsetIthm Int_iffthm Un_iffthm Diff_iff

lemma ex11: "A - (B Un C) = (A - B) Int (A - C)" apply (rule set_ext) apply (subst Diff_iff) apply (subst Int_iff) apply (subst Un_iff) apply (subst Diff_iff)+ apply (rule iffI) apply (erule conjE) apply (rule conjI) apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumption apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI2) apply assumption apply (erule conjE)+ apply (rule conjI) apply assumption apply (rule notI) apply (erule disjE) apply (erule notE) apply assumption apply (erule notE) back



apply assumptiondone

end



theory Examples2

imports Main

begin

(*For first-order logic, you can use the following commands:

apply (rule allI) apply (frule spec) (* or drule *) apply (erule allE) apply (rule exI) apply (erule exE)

If you want to specify a particular term, like "f y", for a universalquantifier in a hypothesis, type

apply (frule_tac x ="f y" in spec)

Similarly, if you want to specify "f y" for the existential introductionrule, type

apply (rule_tac x = "f y" in exI)

If the term is just a variable, you can leave off the quotation marks.*)

lemma ex1: "(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)" apply (rule impI) apply (rule conjI) apply (rule allI) apply (drule_tac x = x in spec) apply (erule conjE) apply assumption apply (rule allI) apply (drule_tac x = x in spec) apply (erule conjE) apply assumptiondone

(* note: if you leave out the terms, Isabelle can infer them *)lemma ex1b: "(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)" apply (rule impI) apply (rule conjI) apply (rule allI) apply (drule spec) apply (erule conjE) apply assumption apply (rule allI) apply (drule spec) apply (erule conjE) apply assumptiondone



lemma ex2: "(EX x. P (f x)) --> (EX x. P x)" apply (rule impI) apply (erule exE) apply (rule_tac x = "f x" in exI) apply assumptiondone

lemma ex3: "(EX x. P x | Q x) --> (EX x. P x) | (EX x. Q x)" apply (rule impI) apply (erule exE) apply (erule disjE) apply (rule disjI1) apply (rule_tac x = "x" in exI) apply assumption apply (rule disjI2) apply (rule_tac x = "x" in exI) apply assumptiondone

lemma ex4: "(ALL x. P x --> Q x) --> ((ALL x. P x) --> (ALL x. Q x))" apply (rule impI) apply (rule impI) apply (rule allI) apply (drule_tac x = "x" in spec) apply (drule_tac x = "x" in spec) apply (erule impE) apply assumption+done

lemma ex5: "(EX (x::'a). ALL y. R x y) --> (ALL y. EX x. R x y)" apply (rule impI) apply (rule allI) apply (erule exE) apply (drule_tac x = "y" in spec) apply (rule_tac x = "x" in exI) apply assumptiondone lemma "x = y & P x --> P y" apply (rule impI) apply (erule conjE) apply (erule subst) apply assumptiondone

lemma "(x :: nat) + (y + z) = z + (x + y)" apply (subst add_assoc [symmetric]) apply (subst (3) add_commute) apply (rule refl)done

lemma "((x :: nat) + 1)^2 = x^2 + 2 * x + 1" apply (simp only: power2_eq_square algebra_simps)done



lemma "((x::'a::comm_ring) + y) * (x + y) = x * x + x * y + x * y + y * y" apply (simp add: algebra_simps)done

lemma "(-(x::'a::comm_ring) * - y) = x * y" apply simpdone

end

05/18/11 homework6.thy 1

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/homework6.thy

theory homework6

imports Main

begin

(* Replace the next four "sorry"'s with proofs, using only the following commands:


Remember that you can get more information about any of these using "thm", as in

thm conjI

Don't forget to type the word "done" at the end of the proof.

For reference, some examples of proofs appear at the end of this file.*) lemma exercise1: "P & (Q | R) --> (P & Q) | (P & R)"sorry

lemma exercise2: "(P | Q --> R) --> ((P --> R) & (Q --> R))"sorry

lemma exercise3: "(P --> Q) --> (~Q --> ~P)"sorry

lemma butler: "[| ~(B & C); L | C |] ==> L | ~B"sorry

(* These are sample proofs from the file Examples1.thy*)

lemma ex1: "P & Q --> Q & P"



apply (rule impI) apply (erule conjE) apply (rule conjI) apply assumption apply assumptiondone


lemma ex3: "[| (P --> Q); (Q --> R)|] ==> P --> R" apply (rule impI) apply (erule impE) apply assumption apply (erule impE) apply assumption apply assumptiondone




lemma ex7: "P | ~P" apply (rule classical) apply (rule disjI2)



apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumptiondone


end

05/18/11 solutions6.thy 1

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/solutions6.thy

theory homework6

imports Main

begin




thm conjI


For reference, some examples of proofs appear at the end of this file.*) lemma exercise1: "P & (Q | R) --> (P & Q) | (P & R)" apply (rule impI) apply (erule conjE) apply (erule disjE) apply (rule disjI1) apply (rule conjI) apply assumption+ apply (rule disjI2) apply (rule conjI) apply assumption+done

lemma exercise2: "(P | Q --> R) --> ((P --> R) & (Q --> R))" apply (rule impI) apply (rule conjI) apply (rule impI) apply (erule impE) apply (rule disjI1)



apply assumption+ apply (rule impI) apply (erule impE) apply (rule disjI2) apply assumption+done

lemma exercise3: "(P --> Q) --> (~Q --> ~P)" apply (rule impI) apply (rule impI) apply (rule notI) apply (erule impE) apply assumption apply (erule notE) apply assumptiondone

lemma butler: "[| ~(B & C); L | C |] ==> L | ~B" apply (erule disjE) apply (rule disjI1) apply assumption apply (rule disjI2) apply (rule notI) apply (erule notE) apply (rule conjI) apply assumption+done




lemma ex3: "[| (P --> Q); (Q --> R)|] ==> P --> R" apply (rule impI) apply (erule impE)



apply assumption apply (erule impE) apply assumption apply assumptiondone








end



theory homework7

imports Main

begin

(* Replace the next three "sorry"'s with proofs, using only the following commands:



thm conjI


For reference, some examples of proofs appear at the end of this file.*)

(* hint: for this one, you need to use "classical" or "ccontr" *)lemma exercise1: "~(P --> Q) --> P & ~Q"sorry

lemma exercise2: "~(P | Q) --> ~P & ~Q"sorry

lemma exercise3: "[| P --> Q; ~(Q & R); R; S --> P|] ==> ~P & ~S"sorry

(* this one is extra credit *)lemma extra_credit: "~(P <-> ~P)"sorry

(* Now prove the following, keeping in mind that "x : A" means "x is an element of A" (see the notes on using propositional logic in Isabelle that are posted on Blackboard).



In addition to the commands above, you will have to use commands like

apply (rule set_ext) -- renamed set_eqI in the latest version of Isabelle apply (rule subsetI) apply (subst Int_iff) apply (subst Un_iff) apply (subst Diff_iff)

to unwrap what it means for two sets to be equal, what it means for an element to be in an intersection, and so on.

You will also need to use

apply (subst (asm) ...)

to unwrap a definition that occurs as a hypothesis, that is, on the left side of a sequent.

You can also use any of the shortcuts described in the examples below, and in the notes.*)

(* Hint: remember that sometimes, the "=" symbol in Isabelle means "iff" *)(* (but not in the statement of this lemma, where it means set equality) *)lemma exercise4: "A Int B = B Int A"sorry

(* Note that here "<=" means subset inclusion *)lemma exercise5: "A - (B - C) <= (A - B) Un C"sorry











lemma ex8: "~(P & Q) --> ~P | ~Q" apply (rule impI) apply (rule ccontr) apply (erule notE) apply (rule conjI) apply (rule ccontr) apply (erule notE) apply (rule disjI1) apply assumption apply (rule ccontr) apply (erule notE)



apply (rule disjI2) apply assumptiondone


thm de_Morgan_conjthm de_Morgan_conj [symmetric]thm de_Morgan_disjthm not_notthm not_impthm imp_conv_disj


lemma ex10: "~(P & Q) --> ~P | ~Q" apply (rule impI) apply (subst de_Morgan_conj [symmetric]) apply assumptiondone



lemma ex11: "A - (B Un C) = (A - B) Int (A - C)" apply (rule set_ext) apply (subst Diff_iff) apply (subst Int_iff) apply (subst Un_iff) apply (subst Diff_iff)+ apply (rule iffI) apply (erule conjE) apply (rule conjI) apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumption apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI2) apply assumption apply (erule conjE)+



apply (rule conjI) apply assumption apply (rule notI) apply (erule disjE) apply (erule notE) apply assumption apply (erule notE) back apply assumptiondone

end



theory homework7

imports Main

begin




thm conjI


For reference, some examples of proofs appear at the end of this file.*)

(* hint: for this one, you need to use "classical" or "ccontr" *)

lemma exercise1: "~(P --> Q) --> P & ~Q" apply (rule impI) apply (rule conjI) apply (rule ccontr) (* or (rule classical) *) apply (erule notE) apply (rule impI) apply (erule notE) apply assumption apply (rule notI) apply (erule notE) apply (rule impI) apply assumptiondone

lemma exercise2: "~(P | Q) --> ~P & ~Q" apply (rule impI)



apply (rule conjI) apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI2) apply assumptiondone

lemma exercise3: "[| P --> Q; ~(Q & R); R; S --> P|] ==> ~P & ~S" apply (rule conjI) apply (rule notI) apply (erule impE) apply assumption apply (erule notE) apply (rule conjI) apply assumption+ apply (rule notI) apply (erule impE) apply (erule impE) apply assumption+ apply (erule notE) apply (rule conjI) apply assumption+done

lemma extra_credit: "~(P <-> ~P)" apply (rule notI) apply (erule iffE) apply (erule impE) apply (rule classical) apply (erule impE) apply assumption+ apply (erule notE) apply (rule classical) apply (erule impE) apply assumption+done

(* Now prove the following, keeping in mind that "x : A" means "x is an element of A" (see the notes on using propositional logic in Isabelle that are posted on Blackboard).

In addition to the commands above, you will have to use commands like

apply (rule set_ext) -- renamed set_eqI in the latest version of Isabelle apply (rule subsetI) apply (subst Int_iff) apply (subst Un_iff) apply (subst Diff_iff)

as well as



apply (subst (asm) ...)

to unwrap a definition

to unwrap what it means for two sets to be equal, what it means for an element to be in an intersection, and so on. You can also use any of the shortcuts described in the examples below, and in the notes.

*)

(* Hint: remember that sometimes, the "=" symbol in Isabelle means "iff" *)(* (but not in the statement of this lemma, where it means set equality) *)lemma exercise4: "A Int B = B Int A" apply (rule set_ext) apply (rule iffI) apply (subst Int_iff) apply (subst (asm) Int_iff) apply (erule conjE) apply (rule conjI) apply assumption+ apply (subst Int_iff) apply (subst (asm) Int_iff) apply (erule conjE) apply (rule conjI) apply assumption+done

(* Note that here "<=" means subset inclusion *)lemma exercise5: "A - (B - C) <= (A - B) Un C" apply (rule subsetI) apply (subst (asm) Diff_iff)+ apply (subst Un_iff) apply (subst Diff_iff) apply (subst (asm) de_Morgan_conj) apply (erule conjE) apply (erule disjE) apply (rule disjI1) apply (rule conjI) apply assumption+ apply (subst (asm) not_not) apply (rule disjI2) apply assumptiondone

lemma exercise5_alt: "A - (B - C) <= (A - B) Un C" apply (rule subsetI) apply (subst (asm) Diff_iff)+ apply (subst Un_iff) apply (subst Diff_iff) apply (erule conjE) apply (rule ccontr) apply (erule notE) apply (rule conjI) apply (rule ccontr)



apply (erule notE) apply (rule disjI1) apply (rule conjI) apply assumption+ apply (rule notI) apply (erule notE) apply (rule disjI2) apply assumptiondone






lemma ex5: "P & P <-> P" apply (rule iffI) apply (erule conjE) apply assumption



apply (rule conjI) apply assumption+done





thm de_Morgan_conjthm de_Morgan_conj [symmetric]thm de_Morgan_disjthm not_notthm not_impthm imp_conv_disj


lemma ex10: "~(P & Q) --> ~P | ~Q" apply (rule impI) apply (subst de_Morgan_conj [symmetric]) apply assumption



done



lemma ex11: "A - (B Un C) = (A - B) Int (A - C)" apply (rule set_ext) apply (subst Diff_iff) apply (subst Int_iff) apply (subst Un_iff) apply (subst Diff_iff)+ apply (rule iffI) apply (erule conjE) apply (rule conjI) apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI1) apply assumption apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule disjI2) apply assumption apply (erule conjE)+ apply (rule conjI) apply assumption apply (rule notI) apply (erule disjE) apply (erule notE) apply assumption apply (erule notE) back apply assumptiondone

end



theory homework8

imports Main

begin



apply (rule allI) apply (frule spec) (* or drule *) apply (frule_tac x ="f y" in spec) (* or any other term *) apply (erule allE) apply (rule exI) apply (rule_tac x = "f y" in exI) (* or any other term *) apply (erule exE)

Some examples from Examples2.thy are appended below. If you are in doubt about how Isabelle is interpreting implicit parentheses, choose

Settings / Show Brackets

from the "Isabelle" menu.*)

lemma exercise1: "[| (ALL x. A x --> B x); (ALL x. B x --> C x) |] ==> ALL x. A x --> C x"sorry

lemma exercise2: "(ALL x. P x) | (ALL x. Q x) --> (ALL x. P x | Q x)"sorry

lemma exercise3: "(ALL x. P x) --> ~ (EX x. ~P x)" sorry

lemma exercise4: "[| ALL x. Y(x) & H(x) --> B(x); ALL x. A(x) --> H(x); EX x. Y(x) & A(x)|] ==> EX x. B(x)"



sorry

(* Here are the examples *)


(* note: if you leave out the terms, Isabelle can infer them *)lemma ex1b: "(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)" apply (rule impI) apply (rule conjI) apply (rule allI) apply (drule spec) apply (erule conjE) apply assumption apply (rule allI) apply (drule spec) apply (erule conjE) apply assumptiondone



lemma ex4: "(ALL x. P x --> Q x) --> ((ALL x. P x) --> (ALL x. Q x))" apply (rule impI) apply (rule impI) apply (rule allI) apply (drule_tac x = "x" in spec)



apply (drule_tac x = "x" in spec) apply (erule impE) apply assumption+done

lemma ex5: "(EX (x::'a). ALL y. R x y) --> (ALL y. EX x. R x y)" apply (rule impI) apply (rule allI) apply (erule exE) apply (drule_tac x = "y" in spec) apply (rule_tac x = "x" in exI) apply assumptiondone

end



theory homework8

imports Main

begin



apply (rule allI) apply (frule spec) (* or drule *) apply (frule_tac x ="f y" in spec) (* or any other term *) apply (erule allE) apply (rule exI) apply (rule_tac x = "f y" in exI) (* or any other term *) apply (erule exE)

Some examples from Examples2.thy are appended below. If you are in doubt about how Isabelle is interpreting implicit parentheses, choose

Settings / Show Brackets

from the "Isabelle" menu.*)

lemma exercise1: "[| (ALL x. A x --> B x); (ALL x. B x --> C x) |] ==> ALL x. A x --> C x" apply (rule allI) apply (rule impI) apply (drule_tac x = x in spec)+ apply (erule impE) apply assumption apply (erule impE) apply assumption+done

lemma exercise2: "(ALL x. P x) | (ALL x. Q x) --> (ALL x. P x | Q x)"



apply (rule impI) apply (rule allI) apply (erule disjE) apply (rule disjI1) apply (erule allE) apply assumption apply (rule disjI2) apply (erule allE) apply assumptiondone

lemma exercise3: "(ALL x. P x) --> ~ (EX x. ~P x)" apply (rule impI) apply (rule notI) apply (erule exE) apply (erule notE) apply (erule allE) apply assumptiondone

lemma exercise4: "[| ALL x. Y(x) & H(x) --> B(x); ALL x. A(x) --> H(x); EX x. Y(x) & A(x)|] ==> EX x. B(x)" apply (erule exE) apply (rule_tac x = x in exI) apply (drule_tac x = x in spec)+ apply (erule conjE) apply (erule impE) apply (erule conjI) apply (erule impE) apply assumption+done

(* Here are the examples *)


(* note: if you leave out the terms, Isabelle can infer them *)lemma ex1b: "(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)" apply (rule impI) apply (rule conjI) apply (rule allI) apply (drule spec) apply (erule conjE) apply assumption



apply (rule allI) apply (drule spec) apply (erule conjE) apply assumptiondone



lemma ex4: "(ALL x. P x --> Q x) --> ((ALL x. P x) --> (ALL x. Q x))" apply (rule impI) apply (rule impI) apply (rule allI) apply (drule_tac x = "x" in spec) apply (drule_tac x = "x" in spec) apply (erule impE) apply assumption+done

lemma ex5: "(EX (x::'a). ALL y. R x y) --> (ALL y. EX x. R x y)" apply (rule impI) apply (rule allI) apply (erule exE) apply (drule_tac x = "y" in spec) apply (rule_tac x = "x" in exI) apply assumptiondone

end



theory Homework9

imports Main

begin

(*Remember that for first-order logic, you can use the following commands:







lemma ex1: "(ALL x. P x) & (ALL x. Q x) --> (ALL x. P x & Q x)" sorry

lemma ex2: "(EX x. P x) | (EX x. Q x) --> (EX x. P x | Q x)" sorry

lemma ex3: "(EX x. P x) & (ALL x. P x --> Q x) --> (EX x. Q x)" sorry end



theory Homework9

imports Main

begin

(*Remember that for first-order logic, you can use the following commands:







lemma ex1: "(ALL x. P x) & (ALL x. Q x) --> (ALL x. P x & Q x)" apply (rule impI) apply (rule allI) apply (erule conjE) apply (rule conjI) apply (drule_tac x = x in spec) apply assumption apply (drule_tac x = x in spec) back apply assumptiondone

lemma ex2: "(EX x. P x) | (EX x. Q x) --> (EX x. P x | Q x)" apply (rule impI) apply (erule disjE) apply (erule exE) apply (rule_tac x = x in exI) apply (rule disjI1) apply assumption apply (erule exE) apply (rule_tac x = x in exI) apply (rule disjI2) apply assumptiondone

lemma ex3: "(EX x. P x) & (ALL x. P x --> Q x) --> (EX x. Q x)" apply (rule impI)



apply (erule conjE) apply (erule exE) apply (drule_tac x = x in spec) apply (erule impE) apply assumption apply (rule_tac x = x in exI) apply assumptiondone end



theory Homework11

imports Main

begin

(* These are axioms for the natural numbers -- the recursive definitions of addition and multiplication, and the definition of 1. *)

lemma pl_0: "x + (0::nat) = x" by auto

lemma pl_Suc: "x + Suc y = Suc (x + y)" by auto

lemma ti_0: "x * (0::nat) = 0" by auto

lemma ti_Suc: "x * (Suc y) = x * y + x" by auto

lemma one_def: "1 = Suc 0" by auto

(* This file contains formal proofs of all the properties on the handout "The natural numbers," except for two, which have only a "sorry." Replace these "sorry"'s by proofs.

You should only need the following commands:

apply (induct x) - do induction on x apply (subst blah) - do a substitution in the goal using equality "blah" apply (subst blah [symmetric]) - do a substitution in the goal using equality in the other direction apply (erule ssubst) - do a substitution in the goal using an equality in the hypotheses apply (erule subst) - do a substitution in the other direction back - try a different substitution (if there is more than one) apply (rule refl) - apply reflexivity (x = x) apply (rule sym) - apply symmetry

For "blah," you can use any of the axioms above, or any of the previous lemmas.*)

lemma pl_x_one : "x + 1 = Suc x" apply (subst one_def) apply (subst pl_Suc) apply (subst pl_0) apply (rule refl)done



lemma pl_0_x : "(0::nat) + x = x" apply (induct x) apply (subst pl_0) apply (rule refl) apply (subst pl_Suc) apply (erule ssubst) apply (rule refl)done

lemma pl_Suc_x : "(Suc x) + y = Suc (x + y)" apply (induct y) apply (subst pl_0)+ apply (rule refl) apply (subst pl_Suc)+ apply (erule ssubst) apply (rule refl)done

lemma pl_assoc : "((x::nat) + y) + z = x + (y + z)" apply (induct z) apply (subst pl_0)+ apply (rule refl) apply (subst pl_Suc)+ apply (erule ssubst) apply (rule refl)done

lemma pl_commute : "(x::nat) + y = y + x" apply (induct y) apply (subst pl_0) apply (subst pl_0_x) apply (rule refl) apply (subst pl_Suc) apply (erule ssubst) apply (subst pl_Suc_x) apply (rule refl)done

lemma ti_pl_dist : "(x::nat) * (y + z) = (x * y) + (x * z)"sorry

lemma ti_assoc : "((x::nat) * y) * z = x * (y * z)"sorry

lemma ti_0_x : "(0::nat) * x = 0" apply (induct x) apply (subst ti_0) apply (rule refl) apply (subst ti_Suc) apply (erule ssubst) apply (rule pl_0)done

lemma ti_Suc_x : "(Suc x) * y = (x * y) + y" apply (induct y)



apply (subst ti_0)+ apply (subst pl_0) apply (rule refl) apply (subst ti_Suc)+ apply (erule ssubst) apply (subst pl_Suc)+ apply (subst pl_assoc)+ apply (subst pl_commute) back apply (rule refl)done

lemma ti_commute: "(x::nat) * y = y * x" apply (induct x) apply (subst ti_0) apply (subst ti_0_x) apply (rule refl) apply (subst ti_Suc) apply (subst ti_Suc_x) apply (erule ssubst) apply (rule refl)done

end



theory Homework11

imports Main

begin

(* These are axioms for the natural numbers -- the recursive definitions of addition and multiplication, and the definition of 1. *)






(* This file contains formal proofs of all the properties on the handout "The natural numbers," except for two, which have only a "sorry." Replace these "sorry"'s by proofs.

You should only need the following commands:

apply (induct x) - do induction on x apply (subst blah) - do a substitution in the goal using equality "blah" apply (subst blah [symmetric]) - do a substitution in the goal using equality in the other direction apply (erule ssubst) - do a substitution in the goal using an equality in the hypotheses apply (erule subst) - do a substitution in the other direction back - try a different substitution (if there is more than one) apply (rule refl) - apply reflexivity (x = x) apply (rule sym) - apply symmetry

For "blah," you can use any of the axioms above, or any of the previous lemmas.*)








lemma ti_pl_dist : "(x::nat) * (y + z) = (x * y) + (x * z)" apply (induct z) apply (subst ti_0) apply (subst pl_0)+ apply (rule refl) apply (subst pl_Suc) apply (subst ti_Suc)+ apply (erule ssubst) apply (subst pl_assoc) apply (rule refl)done

lemma ti_assoc : "((x::nat) * y) * z = x * (y * z)" apply (induct z) apply (subst ti_0)+ apply (rule refl)



apply (subst ti_Suc)+ apply (erule ssubst) apply (subst ti_pl_dist) apply (rule refl)done


lemma ti_Suc_x : "(Suc x) * y = (x * y) + y" apply (induct y) apply (subst ti_0)+ apply (subst pl_0) apply (rule refl) apply (subst ti_Suc)+ apply (erule ssubst) apply (subst pl_Suc)+ apply (subst pl_assoc)+ apply (subst pl_commute) back apply (rule refl)done


end

05/18/11 arith.thy 1

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/arith.thy

theory arith

imports Main

begin













lemma ti_pl_dist : "(x::nat) * (y + z) = (x * y) + (x * z)" apply (induct z) apply (subst ti_0) apply (subst pl_0)+ apply (rule refl) apply (subst pl_Suc) apply (subst ti_Suc)+ apply (erule ssubst) apply (subst pl_assoc) apply (rule refl)done

lemma ti_assoc : "((x::nat) * y) * z = x * (y * z)" apply (induct z) apply (subst ti_0)+ apply (rule refl) apply (subst ti_Suc)+ apply (erule ssubst) apply (subst ti_pl_dist) apply (rule refl)done


lemma ti_Suc_x : "(Suc x) * y = (x * y) + y" apply (induct y) apply (subst ti_0)+ apply (subst pl_0) apply (rule refl) apply (subst ti_Suc)+ apply (erule ssubst) apply (subst pl_Suc)+ apply (subst pl_assoc)+ apply (subst pl_commute) back apply (rule refl)done




end

05/18/11 orders.thy 1

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/orders.thy

theory Orders

imports Main

begin

locale order = fixes R :: "'a => 'a => bool" (infix "<#" 65) assumes refl : "x <# x" and trans : "x <# y ==> y <# z ==> x <# z" and asym : "x <# y ==> y <# x ==> x = y"

begin

definition minimal where "minimal a == (ALL x. x <# a --> x = a)"

definition minimum where "minimum a == (ALL y. a <# y)"

definition total where "total == (ALL x y. x <# y | y <# x)"

lemma "minimum a ==> minimal a" apply (unfold minimum_def minimal_def)(* apply (auto intro: asym) *) apply (rule allI) apply (rule impI) apply (drule_tac x = "x" in spec) apply (erule asym) apply assumptiondone

lemma "total ==> minimal a ==> minimum a" apply (unfold total_def minimal_def minimum_def) (* apply auto *) apply (rule allI) apply (drule_tac x = a in spec) apply (drule_tac x = y in spec) back apply (erule disjE) apply assumption apply (drule_tac x = y in spec) apply (erule impE) apply assumption apply (erule ssubst) apply (rule refl)done

definition S (infix "<<" 65) where "x << y == x <# y & x ~= y"

lemma "a << b ==> b << c ==> a << c" apply (unfold S_def)

05/18/11 orders.thy 2

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/orders.thy

(* apply (auto intro: trans asym) *) apply (erule conjE)+ apply (rule conjI) apply (erule trans) apply assumption apply (rule notI) apply (erule notE) apply (erule asym) apply (erule ssubst) apply assumptiondone

lemma "total ==> a << b | a = b | b << a" apply (unfold S_def total_def)(* apply auto *) apply (drule_tac x = a in spec) apply (drule_tac x = b in spec) apply (erule disjE) apply (case_tac "a = b") apply (rule disjI2) apply (rule disjI1) apply assumption apply (rule disjI1) apply (rule conjI) apply assumption+ apply (case_tac "a = b") apply (rule disjI2) apply (rule disjI1) apply assumption apply (rule disjI2) apply (rule disjI2) apply (rule conjI) apply assumption apply (rule notI) apply (erule notE) apply (rule sym) apply assumptiondone

end

Isabelle / Proof General Cheat Sheet

Applying rules and theorems

apply (rule theorem): use when the conclusion of theorem matches the conclu-sion of the current goal

apply (erule theorem): use when the conclusion of theorem matches the con-clusion of the current goal and the first premise of theorem matches a premiseof the current goal

apply (frule theorem): use when the first premise of theorem matches a premiseof the current goal

apply (drule theorem): like frule except it deletes the matching premise

back: useful if erule/drule/frule are choosing the wrong premise

apply assumption: when the conclusion of the current goal is also a premise

Automated methods

apply auto: applies automated tools to look for solution

apply force: like auto, but “do or die” (and only applies to the first goal)

apply clarify: like auto, but less aggressive

apply simp: simplifies current goal using term rewriting

apply (simp add:theorems): like the simplifier, but tells the simplifier to use ad-ditional theorems as well (useful groups of theorems for calculation are ring simpsand field simps)

apply clarsimp: a combination of clarify and simp

apply blast: a powerful first-order prover

apply arith: automatically solves linear arithmetic problems

Other methods

apply (insert theorem): adds theorem as an additional premise

1

apply (subgoal tac formula): adds formula as an additional premise, and alsoas a new goal to be proven later

apply (induct tac variable): splits into the appropriate cases to do inductionon variable (when variable has a natural notion of induction, for instance, it isa natural number)

apply (rule tac v1 = t1 and . . . and vn = tn in theorem): like rule, butallows the certain variables to be chosen manually (also erule tac,drule tac, andfrule tac are analagous)

apply (case tac . . . ): splits on cases

Handling equality

apply (subst theorem): applies a substitution (theorem should be an equality)

apply (subst (asm) theorem): applies a substitution to one of the hypotheses

apply (subst (i. . . j) theorem): applies a substitution at the positions indicated

apply (subst (asm) (i. . . j) theorem): applies a substitution at the positionsindicated in the hypotheses

apply (erule ssubst): applies a substitution from the hypotheses (useful inconjunction with insert).

apply (erule subst): applies a substitution from the hypotheses (in the right-to-left direction of the equality).

Logical rules

Propositional Logic:notI : (A ⇒ False) ⇒ ¬AnotE : [|¬A;A|] ⇒ BconjI : [|A;B|] ⇒ A ∧BconjE : [|A ∧B; [|A;B|] ⇒ C|] ⇒ Cconjunct1 : P ∧Q ⇒ Pconjunct2 : P ∧Q ⇒ Qcontext conjI : [|P ;P ⇒ Q|] ⇒ P ∧QdisjI1 : A ⇒ A ∨BdisjI2 : A ⇒ B ∨AdisjCI : (¬Q ⇒ P ) ⇒ P ∨Qexcluded middle: ¬P ∨ PdisjE : [|A ∨B;A ⇒ C;B ⇒ C|] ⇒ CimpI : (A ⇒ B) ⇒ (A → B)

2

impE : [|A → B;A;B ⇒ C|] ⇒ CimpCE : [|P → Q;¬P ⇒ R;Q ⇒ R|] ⇒ Rmp: [|A → B;A|] ⇒ BiffI : [|A ⇒ B;B ⇒ A|] ⇒ A = BiffE : [|A = B; [|A → B;B → A|] ⇒ C|] ⇒ Cclassical : (¬A ⇒ A) ⇒ AnotnotD : ¬¬P ⇒ Pde Morgan disj : (¬(P ∨Q)) = (¬P ∧ ¬Q)de Morgan conj : (¬(P ∧Q)) = (¬P ∨ ¬Q)disj not1 : (¬P ∨Q) = (P → Q)disj not2 : (P ∨ ¬Q) = (Q → P )

First Order Logic:exI : Pa ⇒ ∃x.PxexE : [|∃x.Px; !!x.Px ⇒ C|] ⇒ CallI : (!!x.Px) ⇒ ∀x.Pxspec: ∀x.Px ⇒ PxallE : [|∀x.Px;Px ⇒ R|] ⇒ R

Equality:sym: x = y ⇒ y = xtrans: [|x = y; y = z|] ⇒ x = z

Emacs/Proof General

“C” stands for the control key, and “C-key” means holding down the controlkey together with key.

C-k: delete the rest of the line

C-a: jump to the beginning of the current line

C-e: jump to the end of the current line

C-c C-n: process the next line in Isabelle (the next button)

C-c C-u: push back the processed part of the text by one line (the undo button)

C-c C-return: evaluate up to where the cursor is

C-c C-p: show the current state of a proof (for instance, in place of an errormessage currently being shown)

Other tips

Use the browser pages to find theorems.

3

You can derive your own theorems, and use them as rules.

Use the “find theorems” command in Proof General.

Under the Proof General menu, if you choose options/electric-terminator, thenext line of the proof is sent to Isabelle automatically whenever you end a linewith a semicolon.

4