chchlectures

A First-and-Second level Logic course for

Philosophy students

Thomas Forster

July 20, 2009

2

The rubric ‘[309 only]’ in a chapter or section heading signifies to canterburystudents that the material in that chapter or section is examinable for 309students only. It doesn’t mean that 209 students shouldn’t look at it, and itdoesn’t mean I won’t lecture it to 209s.

Stuff to fit in:

Need to have some live examples of sequent proofsquestion-begging?‘refute’Appeal to argument by analogy suggests that we recognise—at some level—

that the structure of an argument is important in discovering whether or not itis a good one. It’s not just the truth of the conclusion that makes the argumentgood. This is one reason why the material conditional is so puzzling!

Introduction

The text that follows is the material from which I lecture a first-year course inPhilosophical Skills at the University of East Anglia and a second year coursein Logic at the University of Canterbury at Christchurch (New Zealand). Boththese courses are intended for philosophy students.

I am on record as arguing that possible world semantics has no useful ap-plications in philosophy, so the quarrelsome reviewer may ask why I includeit in this text. One answer is that people expect it; a better answer is thatthere is good evidence that compelling students to acquire formal skills sharp-ens up their wits generally: studies suggest that secondary school pupils whoare subjected to more mathematics than a control group write better essays.Elementary modal logic is a good source of syntactic drill. Think of it as doingsudoku or crosswords. Sudoku is no more applicable (and for that matter noless applicable) than modal logic, and shares with it the useful feature that itkeeps the lobes in trim.

Contents

0.1 Stuff to fit in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1 Introduction to Logic 71.1 What is Logic? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.2 Start Here! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.2.1 Non truth functional connectives . . . . . . . . . . . . . . 131.3 Intension and Extensions . . . . . . . . . . . . . . . . . . . . . . 14

1.3.1 The Material Conditional . . . . . . . . . . . . . . . . . . 161.3.2 The Type-Token Distinction . . . . . . . . . . . . . . . . . 191.3.3 Valid Argument . . . . . . . . . . . . . . . . . . . . . . . 211.3.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

1.4 Tautology and Validity . . . . . . . . . . . . . . . . . . . . . . . . 241.5 Proof Systems for Propositional Logic . . . . . . . . . . . . . . . 26

1.5.1∧

and∨

vs ∧ and ∨ . . . . . . . . . . . . . . . . . . . . . 281.5.2 Conjunctive and Disjunctive Normal Form . . . . . . . . . 29

1.6 Further Useful Logical Gadgetry . . . . . . . . . . . . . . . . . . 311.6.1 The Analytic-Synthetic Distinction . . . . . . . . . . . . . 311.6.2 Copies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321.6.3 The Use-Mention Distinction . . . . . . . . . . . . . . . . 331.6.4 Language-metalanguage distinction . . . . . . . . . . . . . 351.6.5 Semantic optimisation and the principle of charity . . . . 351.6.6 Fault-tolerant pattern-matching . . . . . . . . . . . . . . . 371.6.7 Overinterpretation . . . . . . . . . . . . . . . . . . . . . . 38

2 Proof systems for Propositional Logic 412.1 The Rules of Natural Deduction . . . . . . . . . . . . . . . . . . 41

2.1.1 What do the rules mean?? . . . . . . . . . . . . . . . . . . 432.1.2 Worries about reductio and hypothetical reasoning . . . . 452.1.3 Goals and Assumptions . . . . . . . . . . . . . . . . . . . 462.1.4 Some Exercises . . . . . . . . . . . . . . . . . . . . . . . . 47

2.2 Soundness and completeness of the natural deduction rules . . . 492.3 Sequent Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

2.3.1 Soundness of the Sequent Rules . . . . . . . . . . . . . . . 572.3.2 The rule of cut . . . . . . . . . . . . . . . . . . . . . . . . 582.3.3 Two tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3

4 CONTENTS

2.3.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . 612.4 Harmony and conservativeness . . . . . . . . . . . . . . . . . . . 61

2.4.1 Conservativeness . . . . . . . . . . . . . . . . . . . . . . . 612.4.2 Harmony . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

2.5 Hilbert-style Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . 632.5.1 The Deduction Theorem . . . . . . . . . . . . . . . . . . . 65

2.6 Interpolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662.7 Completeness of Propositional Logic . . . . . . . . . . . . . . . . 682.8 Compactness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

2.8.1 Why “compactness”? . . . . . . . . . . . . . . . . . . . . 712.9 Why do we need proof systems for propositional Logic. . . ?? . . . 71

3 Predicate (first-order) Logic 733.1 Towards First-Order Logic . . . . . . . . . . . . . . . . . . . . . . 73

3.1.1 The syntax of first-order Logic . . . . . . . . . . . . . . . 763.2 Some exercises to get you started . . . . . . . . . . . . . . . . . . 773.3 First-order and second-order . . . . . . . . . . . . . . . . . . . . . 78

3.3.1 Higher-order vs Many-Sorted . . . . . . . . . . . . . . . . 793.3.2 First-person and third-person . . . . . . . . . . . . . . . . 80

3.4 Using predicate calculus . . . . . . . . . . . . . . . . . . . . . . . 803.4.1 Equality and Substitution . . . . . . . . . . . . . . . . . . 84

3.5 Natural Deduction Rules for First-Order Logic . . . . . . . . . . 863.6 Sequent Rules for First-Order Logic . . . . . . . . . . . . . . . . 87

3.6.1 Prenex Normal Form . . . . . . . . . . . . . . . . . . . . . 883.7 Soundness again . . . . . . . . . . . . . . . . . . . . . . . . . . . 893.8 Hilbert-style systems for first-order Logic . . . . . . . . . . . . . 893.9 Semantics for First-order Logic . . . . . . . . . . . . . . . . . . . 90

3.9.1 Completeness . . . . . . . . . . . . . . . . . . . . . . . . . 913.10 Interpolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 933.11 Compactness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943.12 Skolemisation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 943.13 What is a Proof? . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

4 Constructive and Classical truth 974.1 A Radical Translation Problem . . . . . . . . . . . . . . . . . . . 1004.2 Classical Reasoning from a Constructive Point of View . . . . . . 1024.3 Prophecy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1104.4 Constructive Reasoning from a Classical Point of View . . . . . . 111

5 Possible World Semantics 1135.0.1 Language and Metalanguage again . . . . . . . . . . . . . 115

5.1 Some Useful Short Cuts . . . . . . . . . . . . . . . . . . . . . . . 1175.1.1 Double negation . . . . . . . . . . . . . . . . . . . . . . . 1175.1.2 If there is only one world then the logic is classical . . . . 117

5.2 Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185.3 Independence Proofs . . . . . . . . . . . . . . . . . . . . . . . . . 119

0.1. STUFF TO FIT IN 5

5.3.1 Some Worked Examples . . . . . . . . . . . . . . . . . . . 1195.3.2 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

6 Possible World Semantics for other intensional logics 1256.1 Modal Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

7 Curry-Howard 1277.1 Decorating Formulæ . . . . . . . . . . . . . . . . . . . . . . . . . 127

7.1.1 The rule of →-elimination . . . . . . . . . . . . . . . . . . 1277.1.2 Rules for ∧ . . . . . . . . . . . . . . . . . . . . . . . . . . 1287.1.3 Rules for ∨ . . . . . . . . . . . . . . . . . . . . . . . . . . 129

7.2 Propagating Decorations . . . . . . . . . . . . . . . . . . . . . . . 1307.2.1 Rules for ∧ . . . . . . . . . . . . . . . . . . . . . . . . . . 1307.2.2 Rules for → . . . . . . . . . . . . . . . . . . . . . . . . . . 1317.2.3 Rules for ∨ . . . . . . . . . . . . . . . . . . . . . . . . . . 1327.2.4 Remaining Rules . . . . . . . . . . . . . . . . . . . . . . . 133

7.3 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8 Other Logics 1378.1 Relevance Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1388.2 Resource Logics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

9 Abuses of Logic 1419.1 Dialethism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

10 Some Applications of Logic 14710.1 Berkeley’s Master Argument for Idealism . . . . . . . . . . . . . 147

10.1.1 Priest on Berkeley . . . . . . . . . . . . . . . . . . . . . . 14810.2 The Paradoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

11 Appendices 15511.1 Index of definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 15511.2 Appendix: failure of completeness of second-order logic . . . . . . 155.1 Appendix: Negation in Sequent Calculus . . . . . . . . . . . . . . 157

0.1 Stuff to fit in

FallaciesIn particular fallacy of affirming the consequent.Fallacy of equivocation. verb: to equivocate.

Bronze is a metal, all metals are elements, so bronze is an element.

here we equivocate on the word ‘metal’. It appears twice, and the twooccurrences of it bear different meanings—at least if we want both the premissesto be true. But if both premisses are true then the conclusion must be true—andit isn’t!

6 CONTENTS

Talk about the problem of inferring individual obligation from collectiveobligation?

How to use these notes

Passages in small type are not going to be lectured and may be omitted. You maywish to come back and read them later, after you have mastered the mainstreammaterial.

Chapter 1

Introduction to Logic

1.1 What is Logic?Operationalism is the philosophy of science that defines scientific concepts in terms of the operations that theyperform or partake in. Typically it defines them in terms of the apparatus (physical apparatus—galvanometers,pipettes etc) used by scientists to investigate them. It’s often felt to be a good starting point: operationalise yourconcepts! That way at least you have something to go on. Nucleic acids are so-called because they dissolve in weakalkali (in contrast to the cell proteins which are digested by acid—hence the acid in your stomach). In neurologythere is a syndrome ‘Hypsarrhythmia’ is so-called because of the very dysrhythmic EEG picture. ‘Slow wave sleep’ isso-called because of what it looks like on an EEG recording. Operationalism is wonderfully and memorably parodiedby the definition of the superego as that part of the ego which is soluble in ethanol.

In Philosophy of Science operationalism is usually regarded as an error: it somehow abandons the endeavourto get to the heart of a phenomenon and thereby fails to engage with the fundamental concern of the philosopheror the scientist.

But perhaps Logic is different. Logic is defined not by its subject matter but by its method (or perhaps for

once it is proper to use that much overused word ‘methodology’): anything that is done with sufficient precision is part

of logic. People sometimes say the same about Mathematics—that it has no subject matter and that everything

done with sufficient rigour is part of Mathematics.

1.2 Start Here!

If you start doing philosophy it’s beco’s you want to understand. If you wantto understand then you certainly want to reason properly the better to stay onthe Road to Understanding. This course is going to concentrate on the task ofhelping you to reason properly. It is, i suppose, not completely obvious thatwe don’t really have a free choice about how you reason if you want to reasonproperly: however there is an objective basis to it, and in this course we willmaster a large slab of that objective basis.

There is an important contrast with Rhetoric here. With rhetoric anythinggoes that works. power transactions blah. With reason too, I suppose anythinggoes that works, but what do we mean by ‘works’? What are we trying todo when we reason? The stuff of reasoning is argument and an argument issomething that leads us from premisses to conclusions. (An argument, as theBlessed Python said, isn’t just contradiction: an argument is a connected seriesof statements intended to establish a proposition.1

1http://www.mindspring.com/ mfpatton/sketch.htm

7

8 CHAPTER 1. INTRODUCTION TO LOGIC

Good reasoning will give us true conclusions from true premisses. That isthe absolutely minimal requirement!

We are trying to extract new truths from old. And we want to do it reliably.In real life we don’t usually expect 100% reliability because Real Life is lived inan Imperfect World. However for the moment we will restrict ourselves to tryingto understand reasoning that is 100% reliable. Altho’ this is only a start on theproblem, it is at least a start. The remaining part of the project:—trying to clas-sify reasoning that is usually-pretty-reliable or that gives us plausible conclusionsfrom plausible premisses—turns out to be not a project-to-understand-reasoningbut actually the same old global project-to-understand-how-the-world-works. . .

George and Daniel are identical twins; George smokes and Danieldoesn’t. Therefore George will die before Daniel.

The fact that this is a pretty good inference isn’t a fact about reasoning; it’s afact about the way the world works. Contrast this with

“It is monday and it is raining; therefore it is monday”

You don’t need to know anything about how the world works to know thatthat is a good inference—a 100% good inference in fact! This illustrates howmuch easier it is to grasp 100%-reliable inference than moderately-reliable in-ference.

The study of reasoning is nowadays generally known as ‘Logic’. Like anystudy it has a normative wing and a descriptive wing. Modern logic is putnormative vs descriptiveto good descriptive use in Artificial Intelligence where at least part of thetime we are trying to write computer programs that will emulate human waysof thinking. A study with a title like ‘Feminist Logic’ alluded to above wouldbelowbe part of a descriptive use of Logic. We might get onto that later—nextyear perhaps—but on the whole the descriptive uses of logic are not nowadaysconsidered part of Philosophy and for the moment we are going to concentrate onthe normative role of Logic, and it is in its normative role that Logic tells us howto reason securely in a truth-preserving way. Interestingly all of that was sortedout in a period of about 50 years ending about 70 years ago. (1880-1930). It’sall done and dusted. Logic provides almost the only area of Philosophy wherethere are brute facts to be learned and tangible skills to be acquired. And it’sonly a part of Logic that is like that. That’s the part you are going to havedinned into you by me.

Digression on RhetoricLogic is (or at least starts as) the study of argument and it is agent-invariant. An argument is a good argument

or a bad argument irrespective of who is using it: Man or Woman, Black, White, Gay, Asian, Transgendered. . . .Out in the real world there are subtle rules about who is and is not allowed to use what argument—particularlyin politics. Those rules are not part of Logic; they are part of Rhetoric: the study of how to use words to influencepeople. That’s not to say that they aren’t interesting or important—they are. Logicians are often very interestedin Rhetoric—I certainly am—but considerations of what kind of argument can be used by whom is no part of ourstudy here. For example “feminist logic” is a misnomer: whetehr or not a form of reasoning is truth-preservingdoes not depend on how many X-chromosomes are possessed by the people who use it. People who use the termare probably thinking that it would be a good thing to have a feminist take on rhetoric (agreed!) or that it mightbe a good idea to study how women reason (ditto).

Even if your primary interest is in rhetoric (and it may be, since we all have to be interested in rhetoric andwe don’t all have to study logic) logic is an important fragment of rhetoric that can be studied in isolation and aspart of a preparation for a fuller study of rhetoric.

Reasoning is the process of inferring statements from other statements.

1.2. START HERE! 9

What is a statement? I can give it a sort of contrastive2 explanation by contrast-ing statements with commands or questions. A statement is something thathas a truth-value, namely true or false. We often use the word ‘proposition’in philosophy-speak. This is an unfortunate word, because of the connotationsof ‘proposal’ and embarking on a course of action. This is something to do withthe way in which the tradition has read Euclid’s geometry. The propositions inEuclid are actually something to do with constructions.

You might find the idea of evaluation useful. Evaluation is what you do—ina context—to a statement, or to a question, or a command. In any context acommand evaluates to an action; a question evaluates to an answer; a statementevaluates to a truth-value (i.e., to true or false). That doesn’t really give youa definition of what any of these expressions ‘context’, ‘evaluate’, ‘statement’,‘question’ etc actually mean (that would be too much to ask at this stage, tho’we do later take the concept of evaluation seriously) but it tells you somethingabout hwo they fit together, and that might be helpful.

We are going to start off by analysing the kind of reasoning we can do withsome simple gadgets for combining statements—such as ‘and’ and ‘or’ and ‘not’.

We are not going to attempt to capture Conversational Implicature. “Acar was parked near a house; suddenly it moved”. You know it’s the car thatmoved, not a house. Also if someone says p′ rather than p where p→ p′ and p′

takes longer to say, you take it that they mean p′ ∧ ¬p. But that is inferred bynon-logical means. (See section 1.6.5 on semantic optimisation). Logic is notequipped to handle these subtleties. These are known challenges for AI people(their keyword for it is ‘the frame problem’) and for people who do naturallanguage processing. (their keyword is ‘pragmatics’).

From ‘It is monday and it is raining’ we can infer ‘It is raining’. This is agood inference. It’s good purely in virtue of the meaning of the word ‘and’. Anyinference from a compound statement of the form ‘A and B’ to ‘A’ is good—inthe sense that it is truth-preserving.

premisses above the line, conclusion below the line, thus

premisses

conclusion

It is monday and it is raining——————————

It is raining

It is tuesday and the sun is shining——————————

The sun is shining

There are other similiarly simple inferences around. From ‘It is raining’ wecan infer ‘It is monday or it is raining’.

2A contrastive explanation of something is an explanation given by contrasting it withsomething that it isn’t, in the hope that the listener will put two and two together and getthe right idea!


It is raining—————————–

It is monday or it is raining

Not very useful, one might think, since the conclusion seems to containless information than the premisses did but it definitely is a truth-preservinginference: if the stuff above the line is true then sure as eggs is eggs the stuffbelow the line is true too! And the inference is truth-preserving in virtue ofthe meaning of the word ‘or’. (If you doubt this inference read section 1.6.7 onoverinterpretation.)

Introduce some symbols here: ∧ &, ¬, (and →?). These things are calledconnectives. (N.B, ‘¬’ is a connective even though it doesn’t connect twothings: it is a unary connective.Connective

Truth-functional connectives

Now we encounter a very important idea: the idea of a truth-functional con-nective. ∧, ∨ and ¬ are truth-functional. By saying that ‘∧’ is truth-functionalTruth-functionalwe mean that if we want to know the truth-value of A ∧ B it suffices for us toknow the truth values of A and of B; similarly if we want to know the truth-value of A∨B it suffices for us to know the truth values of A and of B. Similarlyif we want to know the truth-value of ¬A it suffices for us to know the truthvalue of A.echo of ‘sufficient condition’

here

Truth Tables

Take ∧ for example. If I want to know the truth-value of A ∧ B it suffices forme to know the truth values of A and of B. Since ∧ has only two inputs andeach input must be true or false and it is only the truth-value of the inputs thatmatters then in some sense there are only 4 cases (contexts, situations, whateveryou want to call them) to consider, and we can represent them in what is calleda truth table.Truth Table

A ∧ BF F FF F TT F FT T T

. . . sometimes written . . .

A ∧ B0 0 00 0 11 0 01 1 1

1.2. START HERE! 11

Both the T/F notation and the 0/1 notation are in common use, and youshould expect to see them both and be able to cope with both. I tend to use0/1 because ‘T’s and ‘F’s tend to look the same in the crowd—such as you findin a truth-table.

There are truth-tables for other connectives, ∨ and ¬:

A ∨ B0 0 00 1 11 1 01 1 1

A NOR B0 1 00 0 11 0 01 0 1

A XOR B0 1 00 0 11 0 01 1 1

A NAND B0 0 00 1 11 1 01 1 1

¬ A1 00 1

A → ⊥F T FT F F

because ‘⊥’ must always evaluate to the false.Of course we would usually write it like

¬ AF TT F

NAND and NOR and XOR sometimes used. But mainly in electronics ratherthan philosophy.


Actually we can get away with using just AND, OR and NOT.You can also draw Venn diagrams if you like!There are four one-place truth-functional connectives. The only one we are

interested in is negation, but there are three others. There is the one-placeconnective that always returns the true and one that always returns the false.Then there is the connective that just gives you back what you gave it: one mightcall it the identity connective. We don’t have standard notations for these threeconnectives, since we never use them. In the truth-tables that follow I writethem here with one, two and three question marks respectively.

? AT TT F

?? AF TF F

??? AT TF F

How many binary truth-functional connectives are there?And we can construct truth-tables for compound expressions—like

A ∨ (B ∧ C).Take this very slowly, withlots of examples logical equivalent: have the same truth-table

Work from the inside out. Long word: compositional.A ∨ (B ∨ C) buzzword associativeidempotence: A∧A is equivalent to A; A∨A is equivalent to A. ∧ and ∨

are idempotent.distributivityWe need the notion of the principal connective of a formula:

DEFINITION 1 A formula whose principal connective is a

∧ is a conjunction∨ is a disjunction→ is a conditional←→ is a biconditional

ThusA ∧B is a conjunction, and A and B are its conjuncts;A ∨B is a disjunction, and A and B are it disjuncts;A→ B is a conditional, where A is the antecedent and B is the consequent.

1.2. START HERE! 13

EXERCISE 1 What are the principal connectives of the formulæ below?

(P → Q) ∨ (Q→ P )(P → Q)→ ¬(Q→ P )P → (P ∨Q)P → (Q ∨ P )P → (P ∧Q)P ∨ ¬P¬(A ∨ ¬(A ∧B))(A ∨B) ∧ (¬A ∨ ¬B)P → (Q→ P )(P ←→ Q) ∧ (P ∨Q)(P ←→ Q)←→ (Q←→ P )A ∨ (B ∧ (C ∨D));¬(P ∨Q)A→ [(A→ C)→ ((B → C)→ C)]B → [(A→ C)→ ((B → C)→ C)](A ∨B)→ [(A→ C)→ ((B → C)→ C)]

We write ‘→’ for the connective that we use to formalise inference. It willobey the rule “from p and p → q infer q”. This rule is called modus ponens.q is the conclusion or the consequent; p is the minor premiss and p→ q isthe major premiss.

The bundle of rows of the truth-table exhaust all the possibilities that atruth-functional connective can see. Any truth-functional connective can becharacterised by a truth-table.

1.2.1 Non truth functional connectives

Causation and necessity are not truth-functional. Consider

1. Labour will lose the next election because unemployment will be risingthroughout 2009;

2. Necessarily Man is a rational animal.

The truth-value of (1) depends on more than the truth values of “unemploy-ment will be rising throughout 2009” and “Labour will lose the next election”;the truth-value of (2) depends on more than the truth value of “Man is a ratio-nal animal”. Necessity and causation are not truth-functional and accordinglycannot be captured by truth-tables.

Can we say anything intelligent about the difference? Digression here toexplain intensional-extensional distinction:


1.3 Intension and Extensions

The intension-extension distinction is a device of mediæval philosophy whichwas re-imported into the analytic tradition by Church [8]3 and Carnap [5] inthe middle of the last century, probably under the influence of Franz Brentano.

The standard illustration in the literature concerns the two properties ofbeing human and being a featherless biped—a creature with two legs and nofeathers. There is a perfectly good sense in which these concepts are the same(one can tell that this illustration dates from before the time when the West hadencountered Australia with its kangaroos! It actually goes back to Aristotle),but there is another perfectly good sense in which they are different. We namethese two senses by saying that ‘human’ and ‘featherless biped’ are the sameproperty in extension but different properties in intension.

Intensions are generally finer than extensions. Lots of different properties-in-intension correspond to the property-in-extension that is the class of human.Not just featherless bipeds and rational animals but naked apes. Possessors oflanguage? Tool makers?

The intension-extension distinction has proved particularly useful in computer science—specifically in thetheory of computable functions, since the distinction between a program and the graph of a function correspondsneatly to the difference between a function-in-intension and a function-in-extension. Computer Science provides uswith perhaps the best-motivated modern illustration. A piece of code that needs to call another function can do itin either of two ways. If the function being called is going to be called often, on a restricted range of arguments,and is hard to compute, then the obvious thing to do is compute the set of values in advance and store them ina look-up table in line in the code. On the other hand if the function to be called is not going to be called veryoften, and the set of arguments on which it is to be called cannot be determined in advance, and if there is an easyalgorithm available to compute it, then the obvious strategy is to write code for that algorithm and call it whenneeded. In the first case the embedded subordinate function is represented as a function-in-extension, and in thesecond case as a function-in-intension.

The concept of algorithm seems to be more intensional than function-in-extension but not as intensional as

function-in-intension. Different programs can instantiate the same algorithm, and there can be more than one

algorithm for computing a function-in-extension. Not clear what the identity criteria for algorithms are. Indeed

it has been argued that there can be no satifactory concept of algorithm see [2]. This is particularly unfortunate

because of the weight the concept of algorithm is made to bear in some philosophies of mind (or some parodies of

philosophy-of-mind [“strong AI”] such as are to be found in [24]).4

3. . . “The foregoing discussion leaves it undetermined under what circumstances two func-tions shall be considered the same. The most immediate and, from some points of view, thebest way to settle this question is to specify that two functions f and g are the same if theyhave the same range of arguments and, for every element a that belongs to this range, f(a)is the same as g(a). When this is done we shall say that we are dealing with functions inextension.

It is possible, however, to allow two functions to be different on the ground that the ruleof correspondence is different in meaning in the two cases although always yielding the sameresult when applied to any particular argument. When this is done we shall say that we aredealing with functions in intension. The notion of difference in meaning between two rulesof correspondence is a vague one, but, in terms of some system of notation, it can be madeexact in various ways. We shall not attempt to decide what is the true notion of difference inmeaning but shall speak of functions in intension in any case where a more severe criterion ofidentity is adopted than for functions in extension. There is thus not one notion of functionin intension, but many notions; involving various degrees of intensionality”. Church [8]. p 2.

4Perhaps that is why is is made to carry that weight! If your sights are set not on devisinga true philosophical theory, but merely on cobbling together a philosophical theory that willbe hard to refute then a good strategy is to have as a keystone concept one that is so vaguethat any attack on the theory can be repelled by a fallacy of equivocation. The unclarity inthe key concept ensures that the target presented to aspiring refuters is a fuzzy one, so thatno refutation is ever conclusive. This is why squids have ink.

1.3. INTENSION AND EXTENSIONS 15

The intension–extension distinction is not a formal technical device, and itdoes not need to be conceived or used rigorously, but as a piece of logical slangit is very useful.

One reason why it is useful is captured by an apercu of Quine’s ([27] p23): “No entity without identity”. What this obiter dictum means is that ifyou wish to believe in the existence of a suite of entities—numbers, ghosts,functions-in-intension or whatever it may be—then you must be able to tellwhen two numbers (ghosts, functions-in-intension) are the same number (ghost,etc.) and when they are different numbers (ghosts, etc). If we are to reasonreliably about entities from a particular suite we need identity criteria forthem.

What has this last point got to do with the intension/extension distinction?The point is that we have a much better grasp of identity criteria for exten-sions than for intensions. Propositions are intensions, and the correspondingextensions are truth-values: there are two of them, the true and the false.

You might think there are more. Wouldn’t it be a sensible precaution to have also a don’t-know up our sleeve asa third truth-value? 5 The trouble is that although ‘don’t-know” is third possibility, it’s not a third truth-value forthe proposition: it’s a third possible state of your relation to that proposition: a relation of not-knowing. What isit you don’t know? You don’t know which of the two(!) mutually-exclusive and jointly-exhaustive possibilities forthat proposition (truth vs falsity) holds.

There are various things that might tempt you into thinking that the third possibility is a third truth-value.

If you don’t know the truth-value of the proposition you are evaluating it may be merely that you are unsure which

proposition it is that you are evaluating. To argue for a third truth-value you have to be sure that none of the

plausible cases can be accounted for in this way. There are tricks you can play with three-valued truth-tables—and

we shall see some of them later—but the extra truth-values generally don’t seem to have any real meaning.

The difference between the true and the false is uncontroversial but it’s notclear when two propositions are the same proposition. To say—as some peopledo—that two propositions are the same proposition iff they are true in the samepossible world appeals to some pretty dodgy machinery and it’s not clear thatit explains anything. What is a possible world after all? (Properties, too, areintensions: the corresponding extensions are sets, and it’s much easier to seewhen two sets are the same or different than it is to see when two propertiesare the same or different. We are not going to do much set theory here (onlya tiny bit in section 10.2) and the only reason why I am bringing it in at thisstage is to illustrate the intension/extension distinction.)

The fact that it is not always clear when two propositions-(in-intension) arethe same proposition sabotages all attempts to codify reasoning with propositions-in-intension. If it is not clear to me whether or not p implies q this might bebecause in my situation there are two very similar salient propositions, p andp′, one of which implies q and the other doesn’t—and I am equivocating un-consiously between them. If we had satisfactory identity criteria for proposi-tions then fallacy of equivocation would be less of a danger, but we don’t! Sowhat we want to do in logic—at least to start with—is study relations beweenpropositions-in-extension. This sounds as if all we are going to do is study therelationship between the true and the false—which would make for a rather

5And why stop there? On at least one reading of a text (The Heart Sutra) in the ClassicalBuddhist literature there are no fewer than five truth-values: true and false as usual ofcourse, but also both, neither and finally none-of-the-above.


short project. However if we think of propositions-in-extension as things-that-have-been-evaluated-to-true-or-to-false then we have a sensible programme.We can combine propositions with connectives, ∧, ∨, ¬ and so on, and thethings that evaluate them to true and false are valuations: a valuation is arow in a a truth-table. The connectives we want are truth-functional.They don’t yet know what a

fallacy of equivocation is. There is a long tradition of trying to obtain an understanding of intensions bytunneling towards them through the corresponding extensions. Hume’s heroicattempt to understand causation (between event-types) by means of constantconjunction between the corresponding event tokens is definitely in this spirit.

There is a certain amount of coercion going on in the endeavour to thinkonly in terms of extensional (truth-functional) connectives: we have to make dowith extensional mimics of the intensional connectives that are the first thingsthat come to mind. The best extensional approximation to “p unless q” seemsto be p∨q. But this doesn’t feel quite right: disjunction is symmetrical: p∨q hasthe same truth-value as q ∨ p, but ‘unless’ doesn’t feel symmetrical. Similarly‘and’ and ‘but’ are different intensionally but both are best approximated by‘∧’. Notice that Strawson’s example: ‘Mary got married and had a baby’ 6=‘Mary had a baby and got married’ doesn’t show that ‘and’ is intensional, butrather that our word ‘and’ is used in two distinct ways, logical conjunction andtemporal succession.

*******************************************************************Statements, too, have intensions and extensions. The intension of a state-

ment is its meaning. Mediæval writers tended to think that the meaning of apiece of language was to be found in the intention of the speaker, and so theword ‘intention’ (or rather its latin forbears) came to mean content or meaning.‘Extension’ seems to be a back-formation from ‘intention’: the extension of astatement is its truth-value, or—better perhaps—a tabulation of its truth-valuein contexts: its evaluation behaviour.

Connectives that are truth-functional are extensional. The others (such as “implies” “because”) are intensional.Everything we study is going to be truth-functional. This is a policy decision taken to keep things simple in theshort term. We may get round to studying non-truth-functional (“intensional”) systems of reasoning later, butcertainly not in first year.

I talked about intensions and extensions not just because they are generally important but because theintension-extension distinction is the way to cope with the difficulties we will have with implies. The connectivesand and or and not are truth-functional, but implies and because and necessarily are not.

1.3.1 The Material ConditionalClearly we are going to have to find a way of talking about implication, or something like it. Given that we areresolved to have a purely truth-functional logic we will need a truth-functional connective that behaves like implies.(‘Necessarily’ is a lost cause but we will try to salvage if-then).

Must obey modus ponens

A A → B

B

A conditional is a binary connective that is an attempt to formalise a relationof implication. The word ‘conditional’ is also used (in a second sense) to denotea formula whose principal connective is a conditional (in the first sense). Thuswe say that ‘→’ is a conditional and we say that A→ B’ is a conditional. Theconditional ¬B → ¬A is the contrapositive of the conditional A → B, andthe converse is B → A. (cf., converse of a relation). A formula like A ←→ Bis a biconditional.


The two components glued together by the connective are the antecedent(from which one infers something) and the consequent (which is the somethingthat one infers). In modus ponens one affirms the antecedent and infers theconsequent, thus:

A→ B A

B

Modus tollens is the rule:

A→ B ¬A

¬B

Affirming the consequent and inferring the antecedent:

A→ B B

A

is a fallacy (= defective inference). This is an important fallacy, for reasonsthat will emerge later. This particular fallacy is the fallacy of affirming theconsequent.

In fact—because it is only truth-functional logic we are trying to capture—we will stipulate that p→ q will be equivalent to ‘¬(p∧¬q)’ or to ‘¬p∨ q’. → isthe material conditional. p→ q evaluates to true unless p evaluates to trueand q evaluates to false.

Lots of students dislike the material conditional as an account of implication. The usual cause of this uneaseis that in some cases a material conditional p → q evaluates to true for what seem to them to be spurious andthoroughly unsatisfactory reasons: namely, that p is false or that q is true. How can q follow from p merely becauseq happens to be true? The meaning of p might have no bearing on q whatever! Standard illustrations in theliterature include

If Julius Cæsar is Emperor then sea water is salt.

definition of valuation hereThese example seem odd because we feel that to decide whether or not p implies q we need to know a lot more thanthe truth-values of p and q.

This unease shows that we have forgotten that we were supposed to be examining a relation between extensions,and have carelessly returned to our original endeavour of trying to understand implication between intensions. ∧ and∨, too, are relations between intensions but they also make sense applied to extensions. Now if p implies q, whatdoes this tell us about what p and q evaluate to? Well, at the very least, it tells us that p cannot evaluate to true

when q evaluates to false.

Thus we can expect the extension corresponding to a conditional to satisfy modus ponens at the very least.

How many extensions are there that satisfy modus ponens? For a connective C to satisfy modus ponens it sufficesthat in each of the two rows of the truth table for C where p is true, if pCq is true in that row then q is true too.

p C q

1 ? 10 ? 11 0 00 ? 0

We cannot make p C q true in the third row, because that would cause C to disobey modus ponens, but it doesn’tmatter what we put in the centre column in the three other rows. This leaves eight possibilities:


(1) :p q

q(2) :

p p ←→ q

q(3) :

p ¬p

q(4) :

p p → q

q

p C1 q p C2 q p C3 q p C4 p

1 1 1 1 1 1 1 0 1 1 1 11 0 0 1 0 0 1 0 0 1 0 00 1 1 0 0 1 0 1 1 0 1 10 0 0 0 1 0 0 1 0 0 1 0

(5) :p ⊥

q(6) :

p p ∧ q

q(7) :

p ¬p ∧ q

q(8) :

p ¬p ∧ ¬q

q

p C5 q p C6 q p C7 q p C8 p

1 0 1 1 1 1 1 0 1 1 0 11 0 0 1 0 0 1 0 0 1 0 00 0 1 0 0 1 0 1 1 0 0 10 0 0 0 0 0 0 0 0 0 1 0

(The horizontal lines should not go all the way across, but be divided into four segments, one for each truthtable. I haven’t worked out how to make that happen!)

obtained from the rule of modus ponens by replacing ‘p → q’ by each of the eight extensional binary connectivesthat satisfy the rule.

(1) will never tell us anything we didn’t know before; we can never use (5) because its major premiss is nevertrue; (6) is a poor substitute for the rule that tells us that we can infer q from p ∧ q (which we will later call therule of “∧-elimination”); (3), (7) and (8) we will never be able to use if our premisses are consistent.

(2), (4) and (6) are the only sensible rules left. The advantage of (4) is that you can use it whenever you canuse (2) or (6). So it’s more use!

We had better check that this policy of evaluating p → q to true unless there is a very good reason not todoes not get us into trouble. Fortunately, in cases where the conditional is evaluated to true merely for spuriousreasons, then no harm can be done by accepting that evaluation. For consider: if it is evaluated to true merelybecause p evaluates to false, then we are never going to be able to invoke it (as a major premiss at least), and if itis evaluated to true merely because q evaluates to true, then if we invoke it as a major premiss, the only thing we canconclude—namely q—is something we knew anyway.

This last paragraph is not intended to be a justification of our policy of using only the material conditional: it is

merely intended to make it look less unnatural than it otherwise might. The astute reader who spotted that nothing

was said there about conditionals as minor premisses should not complain. They may wish to ponder the reason for

this omission.

So we have a conditional that is defined on extensions. So far so good. Rea-sonable people might expect that what one has to do next is solve the problemof what the correct notion of conditional is for intensions. We can make a startby saying that P implies Q if—for all valuations—what P evaluates to materi-ally implies what Q evaluates to. This does not solve the problem of identifyingthe intensional conditional, but it gets us a surprisingly long way. However thisis a very hard problem, since it involves thinking about the internal structureof intensions and nobody really has a clue about that. (This is connected tothe fact that we do not really have robust criteria of identity for intensions, asmentioned earlier.) It has spawned a vast and inconclusive literature, and wewill have to get at least some way into it. See chapters 4 and 5.

Once we’ve got it sorted out . . .

A → BF T FF T TT F FT T T

or, in 0/1 notation:


A → B0 1 00 1 11 0 01 1 1

It’s sometimes written ⊃ (particularly in the older philosophical literature)and sometimes with a double shaft: ⇒.

Going for the material conditional means we don’t have to worry ourselvessick about whether or not A → (B → A) captures a correct principle of infer-ence. If we take the arrow to be a material conditional then it is! (If the arrowis intensional then it is not at all clear that A → (B → A) is a good principleof inference).

Now we need the notion of Logical Form and Valid Argument. Anargument is valid if it is truth-preserving in virtue of its form, that is to sayevery other argument that is a token of the same argument type is also truth-preserving. need a few more examples

1.3.2 The Type-Token Distinction

The terminology ‘type-token’ is due to the remarkable nineteenth century Amer-ican philosopher Charles Sanders Peirce. (It really is ‘e’ before ‘i’ . . . Yes i know,but then we’ve always known that Americans can’t spell.) The expression

((A→ B)→ A)→ A

is sometimes called Peirce’s Law. Do not worry if you can’t see what itmeans: it’s quite opaque. But do try constructing a truth-table for it!

The two ideas of token and type are connected by the relation “is an instanceof”. Tokens are instances of types.

It’s the distinction we reach for in situations like the following

• (i) “I wrote a book last year”(ii) “I bought two books today”

In (ii) the two things I bought were physical objects, but the thing Iwrote in (i) was an abstract entity. What I wrote was a type. The things Ibought today with which I shall curl up tonight are tokens. This importantdistinction is missable because we typically use the same word for boththe type and the token.

• A best seller is a book large numbers of whose tokens have been sold.There is a certain amount of puzzlement in copyright law about ownershipof tokens of a work versus ownership of the type. James Hewitt owns thecopyright in Diana’s letters to him but not the letters themselves. (Or isit the other way round?)


• I read somewhere that “ . . . next to Mary Woollstonecroft was buriedShelley’s heart, wrapped in one of his poems.” To be a bit more precise,it was wrapped in a token of one of his poems.

• You have to write an essay of 5000 words. That is 5000 word tokens. Onthe other hand, there are 5000 words used in this course material thatcome from latin. Those are word types.

• Grelling’s paradox: a heterological word is one that is not true of itself.6

‘long’ is heterological: it is not a long word. ‘English’ is not heterologicalbut homological, for it is an English word. Notice that it is word typesnot word tokens that are heterological (or homological!) It doesn’t makeany sense to ask whether or not ‘italicised’ is heterological. Only wordtokens can be italicised!

• Genes try to maximise the number of tokens of themselves in circulation.We attribute the intention to the gene type because it is not the actionof any one token that invites this mentalistic metaphor, but the actionof them all together. However it is the number of tokens that the typeappears to be trying to maximise.

• First diner:

“Isn’t it a bit cheeky of them to put “vegetables of the day”when there is nothing but carrots in the way of vegetables?”

Second diner:

“Well, you did get more than one carrot so perhaps they’rewithin their rights!”

The type-token distinction is important throughout Philosophy.People who do æsthetics have to be very careful about the difference be-

tween things and their representations—and related distinctions. I can’t en-joy being unhappy, so how can I enjoy reading Thomas Hardy? There is animportant difference between the fictional disasters that befall Jude the Ob-scure (to which we have a certain kind of relation) and the actual disastersthat befall the actual Judes of this world—to which these fictional disastersallude—and to which we have (correctly) an entirely different reaction. Thetype/token/representation/etc. distinction is not just a plaything of logicians:it really matters.

In Philosophy of Mind there are a variety of theories called Identity Theo-ries: mental states are just physiological states of some kind, probably mostlystates of the brain. But if one makes this identification one still has to de-cide whether a particular mental state type—thinking-about-an-odd-number-of-elephants, say—is to be identified with a particular type of physiologicial

6This is a sleeper for next year’s logic course. It’s intended to deprive you of sleep. Is theword ‘heterological’ heterological?


state? Is it is just that every time I think about an odd number of elephants (soI am exhibiting a token of the type of that mental state, then there is a tokenof physiological state I must be in—but the states might vary (be instances ofdifferent physiological state-types) from time to time? These two theories areType Identity and Token Identity.

1.3.3 Valid Argument

Now that we are armed with this distinction we can give a nice snappy definitionof the important concept of Valid Argument.

DEFINITION 2 A valid argument (type) is one such that any argument ofthat form (any token of it) with true premisses has a true conclusion.

And while we are about it, we’ll give a definition of a related concept as aspin-off.

DEFINITION 3 A sound argument (token) is a token of a valid argumenttype all of whose premisses are true.

The final example on sheet 1 is an example of a valid argument. It is amatter of debate whether or not it is sound!

Arguments that are valid are valid in virtue of their structure. That is whatmakes Logic possible!

The idea that the reliability of an argument relies at least in part on its shapeor form is deeply embedded in everyday rhetoric. Hence the rhetorical deviceof the tu quoque and the rhetorical device of argument by analogy This was New wordbeautifully parodied in the following example (due, I think, to Dr. Johnson—the same who kicked the stone) of the young man who desired to have carnalknowledge of his paternal grandmother7 and responded to his father’s entirelyreasonable objections with: “You, sir, did lie with my mother: why should I nottherefore lie with yours?”

H I A T U SWhen filling in a truth-table, first count the number of distinct letters that

appear in the expression. That will tell you how many rows there are. Oneletter: two rows; two letters; four rows; three letters..?

Do lots of examples at the board!

(A ∧B) ∨ (¬A ∧ C)

(A ∨ (B ∨ C)(A ∨B)

7Don’t ask me, I don’t know why either!


1.3.4 Exercises

Don’t look down on puzzles:

A logical theory may be tested by its capacity for dealing with puz-zles, and It is a wholesome plan, in thinking about logic, to stockthe mind with as many puzzles as possible, since these serve muchthe same purpose as is served by experiments in physical science.

Bertrand Russell

EXERCISE 2 This first bundle is just for you to sharpen your wits.

1. Brothers and sisters have I noneThis man’s father is my father’s son

Who is the speaker referring to?

2. Hilary and Jocelyn are married. They invite four couples for dinner, whoall arrive at more-or-less the same time. There is a lot of handshaking.We are told that nobody shakes hands with themselves or their partner.Later, Jocelyn asks everyone else how many hands they have shaken andeveryone gives a different answer.

The question is :- How many hands has Hilary shaken?

3. You are told that every card that you are about to see has a number onone side and a letter on the other. You are then shown four cards lyingflat, and on the uppermost faces you see

E K 4 7

It is alleged that any card with a vowel on one side has an even numberon the other. Which of these cards do you have to turn over to check thisallegation?

4. You and I are going to play a game. There is an infinite line of beadsstretching out in both directions. (camera over here please, Clive) Eachbead has a bead immediately to the left of it and another immediately tothe right. A round of the game is a move of mine followed by a move ofyours. I move first, and my move is always to point at a bead. All thebeads look the same: they are not numbered or anything like that. I maypoint to any bead I have not already indicated. You then have to give thebead a label, which is one of the letters a–z. The only restriction on yourmoves is that whenever you are called upon to put a label on the neighbourof a bead that already has a label, the new label must be the appropriateneighbour of the bead already labelled, respecting alphabetical order: thepredecessor if the new bead is to the left of the old bead, and the successorif the new bead is to the right. For example, suppose you have labelled a


bead with ‘p’; then if I point at the bead immediately to the right of it youhave to label that bead ‘q’; were I to point to the bead immediately to theleft of it you would have to label it ‘o’. If you have labelled a bead ‘z’ thenyou would be in terminal trouble were I to point at the bead immediately tothe right of it; if you have labelled a bead ‘a’ then you would be in terminaltrouble if I then point at the bead immediately to the left of it. We decidein advance how many rounds we are going to play. I win if you ever violatethe condition on alphabetic ordering of labels. You win if you don’t lose.

Clearly you are going to win the one-round version, and it’s easy for youto win the two-round version. The game is going to last for five rounds.How do you plan your play? How do you feel about playing six rounds?

5. A bag contains a certain number of black balls and a certain number ofwhite balls. (The exact number doesn’t matter). You repeatedly do thefollowing. Put your hand in the bag and remove two balls at random: ifthey are both white, you put one of them back and discard the other; if oneis black and the other is white, you put the black ball back in the bag anddiscard the white ball; if they are both black, you discard them both and putinto the bag a random number of white balls from an inexhaustible supplythat just happens to be handy.

What happens in the long run?

Those exercises might take you a little while, but they are entirely do-able.Discuss them with your friends. You might want to devote your first seminardiscussion to them. Don’t give up on them: persist until you crack them!

Now for a bit of Logic!

EXERCISE 3 Write out truth tables forA ∨ (B ∧ C) and (A ∨B) ∧ (A ∨ C)

EXERCISE 4 Let P abbreviate “I bought a lottery ticket” and Q “I won thejackpot”. To what natural English sentences do the following formulæ corre-spond?

1. ¬P ;

2. P ∨Q;

3. P ∧Q;

4. P → Q;

5. ¬P → ¬Q;

6. ¬P ∨ (P ∧Q).

EXERCISE 5 Formalise in propositional logic, using propositional letters ofyour choice.


1. Assuming that the lectures are dull, if the text is not readable then Alfredwill not pass.

2. If Logic is difficult Alfred will pass only if he concentrates.

3. If Alfred studies, then he receives good marks. If he does not study, thenhe enjoys college. If he does not receive good marks then he does not enjoycollege.

[Deduce from this that Alfred receives good marks]

4. If Herbert can take the flat only if he divorces his wife then he should thinktwice. If Herbert keeps Fido, then he cannot take the flat. Herbert’s wifeinsists on keeping Fido. If Herbert does not keep Fido then he will divorcehis wife—provided that she insists on keeping Fido. [Deduce: Herbertshould think twice]

5. If Herbert grows rich, then he can take the flat. If he divorces his wife hewill not receive his inheritance. Herbert will grow rich if he receives hisinheritance. Herbert can take the flat only if he divorces his wife.

6. If God exists then He is omnipotent. If God exists then he is omniscient.If God exists then he is benevolent. If God can prevent evil then—if Heknows that evil exists—then He is not benevolent if he does not prevent it.If God is omnipotent, then He can prevent evil. If God is omniscient thenHe knows that evil exists if it does indeed exist. Evil does not exist if Godprevents it. Evil exists. [Deduce that God does not exist]

These examples are taken from [18]. Long out of print, but you can some-times find second-hand copies. If you find one, buy it. I’ll tell you later whoAlfred is. (I don’t know about Herbert: I am making enquiries).

1.4 Tautology and Validity

The cat sat on the mat and the dog sat in front of the fire.

This will be abbreviated toA ∧D

where blah. It is true that C and D both have internal structure (subject-verb-object etc) but that internal structure is not of the kind that can be expressedusing and/or/not.

(Concept of a valid argument is not the only thing that matters from the rhetorical point of view, from the

point of view of transacting power relations: there are other things to worry about, but as far as we are concerned,

arguments that are useful in power-transactions without being valid are not of much concern to us. Logic really has

nothing to say about arguments in terms of the rights of the proponents of various sides to say what they say: it

concerns itself only with what they say, not with their right to say it.)

1.4. TAUTOLOGY AND VALIDITY 25

In a valid argument the premisses imply the conclusion. We can infer theconclusion from the premisses. People often confuse these two words, and useone when they mean the other. You mustn’t! You are Higher Life Forms.

Then we can replace the propositions in the argument by letters. This throwsaway the content of the argument but preserves its structure. You no longerknow which token you are looking at, but you do know the type.

Some expressions have in their truth-tables a row where the whole formulacomes out false. ‘A∨B’ is an example; in the row where A and B are both falseA ∨B comes out false too. Such formulæ are said to be falsifiable.

Some expressions—‘A∨¬A’ is an example—come out true in all rows. Suchan expression is said to be tautology.

DEFINITION 4

• A Tautology is an expression which comes out true under all valuations (= in all rows of its truth table).

• A tautology is also said to be logically true.

• The negation of a tautology is said to be logically false.

• A formula that is not the negation of a tautology is said to be satisfiable.

We use the word ‘tautology’ in popular parlance too—it’s been borrowed from Logic and misused

(surprise surprise). Once my ex (an EFL teacher) threatened to buy me a new pair of trousers.

When i said that I would rather have the money instead she accused me of tautology (thinking of

the repetition in ‘rather’ and ‘instead’). She’s wrong: it’s not a tautology, the repetition makes it

a pleonasm.

These two ideas, (i) of valid argument, and (ii) tautology are closely related,and you might get them confused. But it’s easy:

DEFINITION 5 An argument

P1, P2, . . . Pn

C

is valid if and only if the conditional

(P1 ∧ P2 ∧ . . . Pn)→ C

(whose antecedent is the conjunction of its premisses and whose consequentis its conclusion) is a tautology.

In order to be happy with the idea of a valid argument you really have tohave the idea of there being slots or blanks in the argument which you canfill in. The two miniature arguments over here [it is monday and it is raining


therefore it is monday, and: the cat sat on the mat and the dog in front of thefire therefore the cat sat on the mat] are two tokens of the one argument-type.

We will be going into immense detail later about what form the slots take,what they can look like and so on. You’re not expected to get the whole pictureyet, but i would like you to feel happy about the idea that these two argumentsare tokens of the same argument-type.

EXERCISE 6 Write out truth-tables for all the formulæ in exercise 1.

EXERCISE 7 Identify the principal connective of each formula below. In eachpair of formulæ, say whether they are (i) logically equivalent or are (ii) negationsof each other or (iii) neither. (∆ is exclusive-or).

¬(¬A ∨ ¬B); ¬(A ∨B)(¬A ∧ ¬B); ¬(A ∨B)A∆(B∆C); (A∆B)∆CP∆P ; P ∨ PP ∧ P ; P∆P .

LOTS OF ILLUSTRATIONS HEREPause for deep breath. How many new words have we learned today?Truth-functional; tautology, valid, sound, premiss, conclusion, modus po-

nens. evaluate, associative.When do we talk about fallacy of equivocation?

The arguments I’ve used as illustrations so far are very simple. Only twopremisses and one conclusion. Altho’ it’s true that all the arguments we areconcerned with will have only one conclusion, many of them will have morethan two premisses. So we have to think about how we obtain the conclusionof an argument from its premisses. This we do by manipulating the premissesaccording to certain rules, which enable us to take the premisses apart andreassemble them into the conclusions we want. These rules have the form oflittle atomic arguments, which can be assembled into molecular argumentswhich are the things we are actually interested in.

1.5 Proof Systems for Propositional Logic

Describe introduction and elimination rules here.Explain ⊥. Explain the idea that ¬ is to be short for → ⊥. “If p then i’ll

eat my hat”. Then we can do the rest of the rules.Boole did this something like 150 years ago. I once met his grandson, (in-

deed i have a copy of one of his books) who was i think the same age as mygrandfather, so 150 yrs ago sounds about right. Boole introduced an algebra abit like the algebra of numbers to give a streamlined description of valid argu-ments. He used + and × instead of ∨ and ∧. This is the algebra we are going

1.5. PROOF SYSTEMS FOR PROPOSITIONAL LOGIC 27

to study. Distributivity of or and over or, like times over plus. true and falselike 0 and 1.

Can introduce a few rules at this stage (possibly even before we have intro-duced symbols). As soon as we mention AND OR and NOT we can make theconnection with logic gates. (This is a recurring theme: paradoxes correspondto oscillating circuits built with NAND gates)

Explain difference between truth and acceptance. Use it to motivate therules. This is the point to distinguish between introduction and elim rules: Useand Persuade.

http://www.dpmms.cam.ac.uk/ tf/kannitverstan.html

I shall try to use lower case Roman letters for propositional letters (‘atomic’formulæ) and upper case letters for compound (‘molecular’) formulæ. There areseveral different traditions that use this gadgetry of formal Logic, and they havedifferent habits. Philosophers tend to use lower case Roman letters (‘p’, ‘q’ etc.);Other communities use upper case Roman letters or even Greek letters. Someof this overlaps with notations for sets: A, B and C might be sets rather thanpropositions. This overlap will be significant for the readers of chapter 7 but itwill be quite good for the rest of you anyway to get used to the inconsistencyof notation, co’s That’s Life. It’s important to realise that symbols have onlythe meaning we choose to give them, and the sooner you learn this lesson thesooner the task is done.8

DEFINITION 6 A valuation is a function that sends each propositional letterto a truth-value.

Truth-tables are a convenient way of representing/tabulating all the valua-tions a formula can have. If a formula has n propositional letters in it, thereare precisely 2n ways of evaluating each propositional letter in it to true or tofalse. This is why the truth-table for ∧ has four rows.

EXERCISE 8 Can you see why it’s 2n?

(each time you add a new propositional letter you double the number ofpossible combinations)

Usually we can get by with propositional connectives that have only twoarguments (or, in the case of ¬, only one!) but sometimes people have beenknown to consider connectives with three arguments, for example

8The belief that certain words inevitably have certain meanings is related the belief inMagic. This is far too complex a matter to treat adequately here


if p then q else r1 1 1 1... 1 0 1... 1 1 0... 1 0 0...

......

......

......

...

EXERCISE 9 You might like to write out the rest of the truth-table for thisconnective, putting the truth-value of the compound formula under the ‘if’ asI have done. What I have written in the top row means that if p then qelse r is true when p, q and r are all true. What do we want to say about

the truth of if p then q else r when p and r are true but q is false?(How many other rows will the truth-table have?)

Explain this

1.5.1∧

and∨

vs ∧ and ∨The connectives ∧ and ∨ are associative (it doesn’t matter how you bracketA ∨ B ∨ C) so we can omit brackets . . . . This looks like a simplification but itbrings a complication. If we ask what the principal connective is of ‘A∨B ∨C’we don’t know which of the two ‘∨’s to point to. We could write∨

A,B,C

to make sure that there is only one ‘∨’ to point to. This motivates more complexnotations like ∨

i∈I

Ai (1.1)

. . . since there it is obvious that the ‘∨

’ is the principal connective. However thisnotation looks rather mathematical and could alarm some people so we wouldotherwise prefer to avoid it! However we can’t really avoid it entirely: we doneed the notion of the disjunction of a set of formulæ (and the notion of theconjunction of a set of formulæ). We will return to those two ideas later. Forthe moment just take on board the idea that ‘A ∨B ∨ C’ is a disjunction, thatits principal connective is ‘∨’ and its immediate subformulæ are ‘A’, ‘B’ and‘C’. . .

The empty conjunction and the empty disjunction

Since a conjunction or disjunction can have more than two disjuncts, it’s worthasking if it can have fewer. . .

As we have just seen, ‘∨’ and ‘∧’ have uppercase versions ‘∨

’ and ‘∧

’ thatcan be applied to sets of formulæ:

∨p, q is obviously the same as p ∨ q for

example, and∧p, q is p ∧ q by the same token.

1.5. PROOF SYSTEMS FOR PROPOSITIONAL LOGIC 29

Slightly less obviously∧p and

∨p are both p. But what is

∨∅? (Big

vee of the empty set of formulæ). Does it even make sense? Yes it does, and ifwe are brave we can even calculate what it is.

If X and Y are sets of formulæ then∨

(X ∪ Y ) had better be the same as∨X ∨

∨Y . Now what if Y is ∅, the empty set? Then∨

X

=∨

(X ∪ ∅)

(because X = X ∪ ∅)= (

∨X) ∨ (

∨∅)

so

(∨X) ∨ (

∨∅) = (

∨X) (1.2)

and this has got to be true for all sets X of formulæ. This compels∨∅ to

be the false. If it were anything else then a situation might arise in which theleft-hand side of 1.2 were true and the right-hand-side false.

Similarly∧∅ is the true.

1.5.2 Conjunctive and Disjunctive Normal Form

Each row of a truth-table for a formula records the truth-value of that formulaunder a particular valuation: each row corresponds to a valuation and vice versa.The Disjunctive Normal Form of a formula A is simply the disjunction of therows in which A comes out true, and each row is thought of as the conjunctionof the atomics and negatomics that come out true in that row.

Using these definitions it is not blindingly obvious that a single propositionalletter by itself (or a disjunction of two propositional letters, or a conjunction oftwo propositional letters) is a formula in both CNF and DNF, though this is infact the case. One can give an alternative pair of definitions, which althoughless appealing is probably more correct.

DEFINITION 7

A formula is in Disjunctive Normal Form if there are no connectiveswithin the scope of any negation sign and no ‘∨’ within the scope of a ‘∧’;

A formula is in Conjunctive Normal Form if there are no connectiveswithin the scope of any negation sign and no ‘∧’ within the scope of a ‘∨’.

We cannot describe CNF in terms of rows of truth-tables in the cute way wecan describe DNF.

EXERCISE 10 Recall the formula “if p then q else r” from exercise 9. Putit into DNF (easy) and into DNF (needs a bit of work).


EXERCISE 11 For each of the following formulæ say whether it is in CNF, inDNF, in both or in neither.

(i) ¬(A ∧B)(ii) A ∧ (B ∨ C)(iii) A ∨ (B ∧ ¬C)(iv) A ∨ (B ∧ (C ∨D))(v) A(vi) (A ∨B)(vii) (A ∧B)

THEOREM 8 Every formula is equivalent both to something in CNF and tosomething in DNF.

Proof:

We force everything into a form using only ∧, ∨ and ¬, using equivalenceslike p→ q ←→ ¬p ∨ q.

Then we use the following equivalences to “import” ¬, so that the ‘¬’ signappears only attached to propositional letters.

¬(A ∧B) can be rewritten as ¬A ∨ ¬B;

¬(A ∨B) can be rewritten as ¬A ∧ ¬B;

These are the de Morgan laws. There is also:

¬(A→ B) can be rewritten as A ∧ ¬B;

Then use the two distributive laws to turn formulæ into CNF or DNF

A ∨ (B ∧ C)←→ (A ∨B) ∧ (A ∨ C) (1.1)

A ∧ (B ∨ C)←→ (A ∧B) ∨ (A ∧ C) (1.2)

So

A ∨ (B ∧ C) can be rewritten as (A ∨B) ∧ (A ∨ C)

A ∧ (B ∨ C) can be rewritten as (A ∧B) ∨ (A ∧ C)

We use the first to push ∨ below ∧ when putting something into CNF, and weuse the second to push ∧ below ∨ when putting something into DNF.

Two further simplifications are allowed:

1. We can replace θ ∧ (A ∨ ¬A) by θ;

2. We can replace θ ∨ (A ∧ ¬A) by θ.

1.6. FURTHER USEFUL LOGICAL GADGETRY 31

In DNF inconsistencies vanish: the empty disjunction is the false, and InCNF tautologies vanish: the empty conjunction is the true. (Recall what wewere saying on page 28 about the empty conjunction and the empty disjunction.)

Finally, by using CNF and DNF we can show that any truth-functionalconnective whatever can be expressed in terms of ∧, ∨ and ¬. Any formula isequivalent to the disjunction of the rows (of the truth-table) in which it comesout true. To illustrate, consider the expression P ←→ Q. If you write out thetruth-table for this formula you will see that the two rows in which it comes outtrue are (i) the row in which both P and Q are true, and (ii) the row in whichthey are both false. Therefore P ←→ Q is equivalent to (P ∧Q) ∨ (¬P ∧ ¬Q).

EXERCISE 12 (starred: this one is hard!9) In a propositional language p, q,. . . are the atomic formulæ; recall that ¬p etc. are negatomics; a literal isa formula that is an atomic or a negatomic; A, B are complex formulæ. Thedual A of a propositional formula A is the result of replacing every literal in Aby its negation.

Notice that A is typically not logically equivalent to ¬A! A formula A is self-dual if it is logically equivalent to its own dual: that is to say that A←→ A isa tautology. (For example: p XOR q is self-dual—‘p’ and ‘q’ being literals—eventho’ A XOR B is not self-dual in general.)

Show—by considering disjunctive normal forms or otherwise—that wheneverA is a self-dual formula there is a formula B such that A is logically equivalentto B ←→ B.

1.6 Further Useful Logical Gadgetry

We’ve already encountered the intension/extension distinction and the type-token distinction. There are a few more.

1.6.1 The Analytic-Synthetic Distinctionmight want to make a pointabout lazy evaluation here(For the moment—until I get this section sorted out—read the articles in The

Stanford online encyclopædia or in Wikipædia.)This is one of a trio of distinctions collectively sometimes known as Hume’s

wall. They are the Analytic-synthetic distinction, the a priori-a posteriori dis-tinction and the necessary-contingent distinction. It is sometimes alleged thatthey are all the same distinction—specificallyAnalytic = necessary = a prioriandSynthetic = contingent = a posteriori.

Hume’s wall indeed. Quine famously claimed that the analytic-syntheticdistinction is spurious. Kant thought there were assertions that were syntheticbut a priori. Kripke claims there are necessary truths that are a posteriori.

9See [15]—but only if you are a real enthusiast.


The cast of philosophical pantomime includes the analytic truth “All bach-elors are unmarried”.10 You can see that this allegation is true merely byanalysing it—hence analytic.

The analytic/synthetic distinction seems to be connected with the inten-sion/extension distinction11: facts about intensions are analytic and facts aboutextensions are synthetic; equations between intensions are analytic and equa-tions between extensions are synthetic. To illustrate

1. The equation

bachelor = unmarried man

expressing the identity of the two properties-in-intension bachelor andunmarried man is an analytic truth;

2. The inequation

human 6= featherless biped

expressing the distinctness of the two properties-in-intension human andfeatherless biped is also an analytic truth;

3. The equation

human = featherless biped

expressing the identity of the two properties-in-extension human and feath-erless biped is a synthetic truth;

4. It’s analytic that man is a rational animal. . .

5. but purely synthetic that the set of humans is coextensive with the set offeatherless bipeds. (Sets are monadic properties-in-extension)More detail needed here

1.6.2 Copies

Buddhas

It is told that the Buddha could perform miracles. But—like Jesus—he felt theywere vulgar and ostentatious, and they displeased him.

A merchant in a city of India carves a piece of sandalwood into a bowl. He places it at the top of

some bamboo stalks which are high and very slippery, and declares that he will give the bowl to

anyone who can get it down. Some heretical teachers try, but in vain. They attempt to bribe the

merchant to say they had succeeded. The merchant refuses, and a minor disciple of the Buddha

arrives. (His name is not mentioned except in this connection). The disciple rises through the air,

flies six times round the bowl, then picks it up and delivers it to the merchant. When the Buddha

hears the story he expels the disciple from the order for his frivolity.

10“Oh no they aren’t!!”11See for example Carnap Meaning and Necessity, [5].


But that didn’t stop him from performing them himself when forced into acorner. In Siete Noches (from which the above paragraph is taken) J. L. Borgesprocedes to tell the following story, of a miracle of courtesy. The Buddha hasto cross a desert at noon. The Gods, from their thirty-three heavans, each sendhim down a parasol. The Buddha does not want to slight any of the Gods, sohe turns himself into thirty-three Buddhas. Each God sees a Buddha protectedby a parasol he sent.12

Apparently he did this routinely whenever he was visiting a city with severalgates, at each of which people would be waiting to greet him. He would makeas many copies of himself as necessary to be able to appear at all the gatessimultaneously, and thereby not disappoint anyone.

Minis

Q: How many Elephants can you fit in a mini?A: Four: two in the front and two in the back.

Q: How many giraffes can you fit in a mini?A: None: it’s full of elephants.

SetsIf A is a set with three members and B is a set with four members, how many ordered pairs can you make whosefirst component is in A and whose second component is in B?

Weeeeell . . . you pick up a member of A and you pair it with a member of B . . . that leaves two things in A soyou can do it again . . . . The answer must be three!

Wrong! Once you have picked up a member of A and put it into an ordered pair—it’s still there!One would tend not to use the word token in this connection. One would be more likely to use a word like copy.

One makes lots of copies of the members of A. Just as the Buddha made lots of copies of himself rather than lotsof tokens of himself. I suppose you could say that the various tokens of a type are copies of each other.

It is possible to do a lot of rigorous analysis of this distinction, and a lot of refinements suggest themselves.

However, in the culture into which you are moving the distinction is a piece of background slang useful for keeping

your thoughts on an even keel, rather than something central you have to get absolutely straight. In particular we

will need it when making sense of ideas like disjoint union.

1.6.3 The Use-Mention Distinction

We must distinguish words from the things they name: the word ‘butterfly’is not a butterfly. The distinction between the word and the insect is knownas the “use-mention” distinction. The word ‘butterfly’ has nine letters and nowings; a butterfly has two wings and no letters. The last sentence uses theword ‘butterfly’ and the one before that mentions it. Hence the expression‘use-mention distinction’. (It is a bit more difficult to illustrate the differencebetween using and mentioning butterflies!)

As so often the standard example is from Alice through the looking-glass.

[. . . ] The name of the song is called ‘Haddock’s eyes’”.

“Oh, that’s the name of the song is it”, said Alice, trying to feelinterested.

12As is usual with Borges, one does not know whether he has a source for this story in theliterature, or whether he made it up. And—again, as usual—it doesn’t matter.


“No, you don’t understand,” the Knight said, looking a little vexed.“That’s what the name is called. The name really is ‘The aged, agedman’.”

“Then I ought to have said, ‘That’s what the song is called’?” Alicecorrected herself.

“No you oughtn’t: that’s quite another thing! The song is called‘Ways and means’, but that’s only what it is called, you know!”

“Well, what is the song, then?” said Alice, who was by this timecompletely bewildered.

“I was coming to that,” the Knight said. “The song really is ‘A-sitting on a Gate’ and the tune’s my own invention”.

The situation is somewhat complicated by the dual use of single quotationmarks. They are used both as a variant of ordinary double quotation marksfor speech-within-speech (to improve legibility)—as in “Then I ought to havesaid, ‘That’s what the song is called’?”—and also to make names of words—‘butterfly’. Even so, it does seem clear that the White Knight has got it wrong.At the very least if the name of the song is “An aged aged man” as he says thenclearly Alice was right to say that was what the song was called, It might havemore names than just that one—such as ‘Ways and means’—but that was noreason for him to tell her she had got it wrong. And again, if his last utteranceis to be true he should leave the single quotation marks off the title, or failingthat (as Martin Gardner points out in The Annotated Alice) burst into song.These mistakes must be mistakes of the White Knight not Lewis Carroll, butit is hard to see what purpose these errors serve, beyond multiplying in Alice’shead the sense of nightmare and confusion that she already feels . . . Perhaps hehad the reader in his sights too.

In the following example Ramsey uses the use-mention distinction to gener-ate something very close to paradox: the child’s last utterance is an example ofwhat used to be called a “self-refuting” utterance: whenever this utterance ismade, it is not expressing a truth.

PARENT: Say ‘breakfast’.

CHILD: Can’t.

PARENT: What can’t you say?

CHILD: Can’t say ‘breakfast’.

Rather like the paradoxes, the use-mention distinction can end up being asource of humour. A nice illustration is the joke about the compartment inthe commuter train, where the passengers have travelled together so often thatthey have all told all the jokes they know, and have been reduced to numberingthe jokes and reciting the numbers instead. In most versions of this story,an outsider arrives and attempts to join in the fun by announcing “Fifty-six!”which is met with a leaden silence and he is told “It’s not the joke, it’s the


way you tell it”. In another version he then tries “Forty-two!” and the train isconvulsed with laughter. Apparently they hadn’t heard that one before.

We make a fuss of this distinction because we should always be clear aboutthe difference between a thing and its representation. Thus, for example, wedistinguish between numerals and the numbers that they represent.

If we write numbers in various bases (Hex, binary, octal . . . ) the numbers stay the same, but the numerals weassociate with each number change. Thus the numerals ‘XI’, ‘B’, ‘11’, ‘13’ ‘1011’ all represent the same number.

Notice that bus “numbers” are typically numerals not numbers. Not long ago, needing a number 7 bus to gohome, I hopped on a bus that had the string ‘007’ on the front. It turned out to be an entirely different route!Maybe this confusion in people’s minds is one reason why this service is now to be discontinued.

A good place to start reading is the first six paragraphs (that is, up to aboutp. 37) of Quine’s [26].

A related error is the attribution of powers of an object to representations ofthat object. I tend to think that this is a use-mention confusion. But perhapsit’s a deliberate device, and not a confusion at all. So do we want to stop peopleattributing to representations powers that strictly belong to the things beingrepresented? Wouldn’t that spoil a lot of fun? Perhaps, but on the other handit might help us understand the fun better. There was once a famous Englishstand-up comic by the name of Les Dawson who (did mother-in-law jokes butalso) had a routine which involved playing the piano very badly. I think LesDawson must in fact have been quite a good pianist: if you want a sharp act thatinvolves playing the piano as badly as he seemed to be playing it you really haveto know what you are doing. The moral is that perhaps you only experiencethe full frisson to be had from use-mention confusion once you understand theuse-mention distinction properly.

At any rate we will want to distinguish between the symbol ‘false’ which weuse to denote the truth-value false, and the symbol ‘⊥’ which is a propositionalletter that is constrained to evaluate to false under all valuations. Similarlywe will want to distinguish between the symbol ‘true’ which we use to denotethe truth-value true, and the symbol ‘>’ which is a propositional letter that isconstrained to evaluate to true under all valuations.13

1.6.4 Language-metalanguage distinctionmonadic?

language vs metalanguage v important for rhetoric. Participants in a debatewill represent themselves as expert witnesses who are above the fray when theyare in fact interested parties. If you speak metalanguage you have the last word,which is what every debater wants.

There are some intellectual cultures that make great use of the device ofalways putting tokens of their opponents’ lexicon inside quotation marks. Expand this section: write

it out properly; connect withuse-mention

(Useful later in connection with sequent calculus and possible world seman-tics)

1.6.5 Semantic optimisation and the principle of charity

When a politician says “We have found evidence of weapons-of-mass-destructionprogramme-related activities”, you immediately infer that that have not found

13I suspect I shall be lax about respecting this distinction!


weapons of mass destruction (whatever they are). Why do you draw this infer-ence?

Well, it’s so much easier to say “We have found weapons of mass destruc-tion” than it is to say “We have found evidence of weapons-of-mass-destruction-related programme-related activities” that the only conceivable reason for thepolitician to say the second is that he won’t be able to get away with assertingthe first. After all, why say something longer and less informative when you cansay something shorter and more informative? One can see this as a principleabout maximising the amount of information you convey while minimising theamount of energy you expend in conveying it. If you were a first-year economicsstudent you would probably be learning some elementary optimisation theoryat this stage, and you might like to learn some on the fly: economists have hadsome enlightening things to say about philosophy of language. It’s not difficultto learn enough optimisation theory to be able to see where it could usefullylead. (It’s not a bad idea to think of ourselves as generally trying to minimise theeffort involved in conveying whatever information it is that we want to convey.)

Quine used the phrase “The Principle of Charity” for the assumption onemakes that the people one is listening to are trying to minimise effort in this way.It’s a useful principle, in that by charitably assuming that they are not beingunneccessarily verbose it enables one to squeeze a lot more information out ofone’s interlocutors’ utterances than one otherwise might, but it’s dangerous.Let’s look at this more closely.

Suppose I hear you say

We have found evidence of weapons-of-mass-destruction programme-related activities. (1)

Now you could have said

We have found weapons of mass destruction. (2)

. . . so why did you not? Naturally I will of put two and two together and inferthat you were not in a position to say (2), which means that you have not foundweapons of mass destruction. However, you should notice that (1) emphaticallydoes not imply that

We have not found weapons of mass destruction. (3)

After all, had you been lucky enough to have found weapons of mass de-struction then you have most assuredly found evidence of weapons-of-mass-destruction programme-related activities: the best possible evidence indeed. Sowhat is going on?

What’s going on is that (1) does not imply (3), but that (4) does!

We had no option but to say “We have found evidence of weapons-of-mass-destruction programme-related activities” rather than “Wehave found weapons of mass destruction ”. (4)


Of course (1) and (4) are not the same!Perhaps a better example—more enduring and more topical—is80% of our trains arrive within 5 minutes of their scheduled time. (A)Note this does not imply:

No more than 80% of our trains arrive within5 minutes of their scheduled time. (B)

The claim (A) is certainly not going to be falsified if the train company improvesits punctuality. So when people say of claims like these that “Well, that meansthat 20% of their trains are more than five minutes late” what is going on?

What is going on is that although (A) doesn’t imply (B), (C) certainly doesimply (B).

The train company has chosen to say “80% of our trains arrivewithin 5 minutes of their scheduled time”, and the traincompanies wish to put themselves in the best possible light. (C)

. . . and the second conjunct of (C) is a safe bet.Now the detailed ways in which this optimisation principle is applied in or-

dinary speech do not concern us here—beyond one very simple consideration. Iwant you to understand this optimisation palaver well enough to know when youare tempted to apply it, and to lay off. The languages of formal logic are lan-guages of the sort where this kind of subtle reverse-engineering of interlocutors’intentions is a hindrance not a help. Everything has to be taken literally.

The conjunction fallacy

Linda is 31 years old, single, outspoken, and very bright. She majored in phi-losophy. As a student, she was deeply concerned with issues of discriminationand social justice, and also participated in anti-nuclear demonstrations. Whichis more probable?

1. Linda is a bank teller;

2. Linda is a bank teller and is active in the feminist movement.

Thinking that (2) is more probable than (1) is the conjunction fallacy—the mistake of attaching a higher probability to P ∧ Q than to P . See [34](from which this comes) and also the Wikipædia article. See also the beautifuldiscussion of the Rabbinical tradition in [35] starting on p. 247.

1.6.6 Fault-tolerant pattern-matchingSupply some samples

Fault-tolerant pattern matching is very useful in everyday life but absolutelyno use at all in the lower reaches of computer science. Too easily fault-tolerantpattern matching can turn into overenthusiastic pattern matching—otherwiseknown as syncretism: the error of making spurious connections between ideas. A


rather alarming finding in the early days of experiments on sensory deprivationwas that people who are put in sensory deprivation tanks start hallucinating:their receptors expect to be getting stimuli, and when they don’t, they wind uptheir sensitivity until they start getting positives. Since they are in a sensorydeprivation chamber, those positives are one and all spurious.

1.6.7 Overinterpretation

My brother-in-law once heard someone on the bus say “My mood swings keepchanging.” He—like you or I on hearing the story—knew at once that what thespeaker was trying to say was that they suffer from mood swings!

Reinterpreting silly utterances like this so that they make sense is somethingthat we are incredibly good at. And by ‘incredibly good’ I mean that this isone of the things we can do vastly better that computers do (in contrast to thethings like multiplying 100-digit numbers, which computers can do very muchbetter than we can). In fact we are so good at it that nobody has yet quiteworked out how we do it, though there is a vast literature on it, falling underthe heading of what people in linguistics call “pragmatics”. Interesting thoughthat literature is I am mentioning it here only to draw your attention to thefact that learning to do this sort of thing better is precisely what we are notgoing to do. I want you to recognise this skill, and know when you are using it,in order not to use it at all!

Why on earth might we not want to use it?? Well, one of the differencesbetween the use of symbols in formal languages (like in logic) and the use ofsymbols in everyday language is that in formal setings we have to use symbolsrigidly and we suffer for it if we don’t. If you give your computer an instructionwith a grammatical error in it the O/S will reject it: “Go away and try again.”One of the reasons why we design mathematical language (and programminglanguages) in this po-faced fault-intolerant way is that that is the easiest way todo it. Difficult though it is to switch off the error-correcting pattern-matchingsoftware that we have in our heads, it is much more difficult still to discover howit works and thereby emulate it on a machine—which is what we would have todo if we were to have a mathematical or programming language that is fault-tolerant and yet completely unambiguous. In fact this enterprise is generallyregarded as so difficult as to be not worth even attempting. There may even besome deep philosophical reason why it is impossible even in principle: I don’tknow.

Switching off our fault-tolerant pattern-matching is difficult for a variety ofreasons. Since it comes naturally to us, and we expend no effort in doing it, itrequires a fair amount of self-awareness even to realise that we are doing it. An-other reason is that one feels that to refrain from sympathetically reinterpretingwhat we find being said to us or displayed to us is unwelcoming, insensitive,autistic and somehow not fully human. Be that as it may, you have to switchall this stuff off all the same. Tough!

So we all need some help in realising that we do it. I’ve collected in theappendix to this chapter a few examples that have come my way. I’m hoping


that you might find them instructive.

Affirming the consequent

Years ago I was teaching elementary Logic to a class of first-year law students,and I showed them this syllogism:

“If George is guilty he’ll be reluctant to answer questions; George isreluctant to answer questions. Therefore George is guilty.”

Then I asked them: Is this argument valid? A lot of them said ‘yes’.We all know that an obvious reason—the first reason that comes to mind—

why someone might be reluctant to answer questions is that they might havesomething to hide. And that something might be their guilt. So if they are re-luctant to answer questions you become suspicious at once. Things are definitelynot looking good for George. Is he guilty? Yeah—string him up!

But what has this got to do with the question my first-years were actuallybeing asked? Nothing whatever. They were given a premiss of the form P → Q,and another premiss Q. Can one deduce P from this? Clearly not. Thinkingthat you can is the fallacy of affirming the consequent.

There are various subtle reasons for us to commit this fallacy, and we haven’tgot space to discuss them here. The question before the students in this casewas not: do the premisses (in conjunction with background information) giveevidence for the conclusion? The question is whether or not the inference fromthe premisses to the conclusion is logically valid. And that it clearly isn’t.The mistake my students were making was in misreading the question, andspecifically in misreading it as a question to which their usual fault-tolerantpattern-matching software would give them a swift answer.

Scope ambiguitiesExplain what it is!

Years ago when I was about ten a friend of my parents produced a Germanquotation, and got it wrong. (I was a horrid child, and I blush to recall theepisode). I corrected him, and he snapped “All right, everybody isn’t the sonof a German Professor”) (My father was Professor of German at UniversityCollege London at the time). Quick as a flash I replied “What you mean is ‘Noteverybody is the son of a professor of German’.”.

I was quite right. (Let’s overlook the German professor/professor of Germanbit). He said that Everybody Isn’t the son of a professor of German. That’s nottrue. Plenty of people are; I am, for one. What he meant was “Not everybody is. . . ”. It’s the difference between “(∀x)(¬ . . .)” and “¬(∀x)(. . .)”—the differenceis real, and it matters.

The difference is called a matter of scope. ‘Scope’? The point is thatin “(∀x)(¬ . . .)” the “scope” of the ‘∀x’ is the whole formula whereas in the‘¬(∀x)(. . .) it isn’t.


For you, the moral of this story is that you have to identify with the annoyingten-year old rather than with the adult that he annoyed: it’s the annoying 10-year-old that is your role model here!

It is a curious fact that humans using ordinary language can be very casualabout getting the bits of the sentence they are constructing in the right orderso that each bit has the right scope. We often say things that we don’t literallymean. (“Everybody isn’t the son of . . . ” when we mean “Not everybody is. . . ”) On the receiving end, when trying to read things like (∀x)(∃y)(x lovesy) and (∃y)(∀x)(x loves y), people often get into tangles because they try toresolve their uncertainty about the scope of the quantifiers by looking at theoverall meaning of the sentence rather than by just checking to see which orderthey are in!

Sequent calculus: make a fuss about language metalanguageIllustrate rule of UG with an ethical example. If i have to perform this

action because i am in this predicament then anyone in this predicament shouldbe performing this action. Categorical imperative.

Talk a bit about interpolation.

Chapter 2

Proof systems forPropositional Logic

We know what a valid expression of propositional logic is. We know how todetect them by using truth tables. In this chapter we explaore a method forgenerating them.

2.1 The Rules of Natural Deduction

In the following table we see that for each connective we have two rules: oneto introduce the connective and one to eliminate it. These two rules are calledthe introduction rule and the elimination rule for that connective. RichardBornat (one of the designers of JAPE) calls the elimination rules “use” rules be-cause the elimination rule for a connective C tells us how to use the informationwrapped up in a formula whose principal connective is C.

(The idea that everything there is to know about a connective can be cap-tured by an elimination rule plus an introduction rule has the same ratheroperationalist flavour possessed by the various meaning is use doctrines oneencounters in philosophy of language. In this particular form it goes back toPrawitz, and possibly to Gentzen.) references?

The rules tell us how to use the information contained in a formula (Someof these rules come in two parts.)

41

42 CHAPTER 2. PROOF SYSTEMS FOR PROPOSITIONAL LOGIC

∨-int: AA ∨B ; B

A ∨B ; ∨-elim: A ∨B

[A]

...C

[B]

...C

C

∧-int: A BA ∧B ; ∧-elim: A ∧BA ; A ∧B

B

→-int

[A]

...B

A→ Ba; →-elim: A A→ B

B

N.B.: in →-introduction you don’t have to cancel all occurrencesof the premiss: it is perfectly all right to cancel only some of them .

Ex falso sequitur quodlibetb; ⊥A contradiction

[¬A]

...⊥A

aThere needn’t be any occurrences of A among the premisses, nor need they allbe discharged.

b“From the false follows whatever you like”.

Some of these rules look a bit daunting so let’s start by cutting our teeth onsome easy ones.

EXERCISE 13 Using just the two rules for ∧, the rule for ∨-introduction and→-elimination see what you can do with the following sets of formulæ:

1. A, A→ B;

2. A, A→ (B → C);

3. A, A→ (B → C), B;

4. A, B, (A ∧B)→ C;

5. A, (A ∨B)→ C;

6. A ∧B, A→ C;

These last two rules are the only rules that specifically mention negation.¬B is B → ⊥, so the inference

A ¬A⊥ (2.1)

—which looks like a new rule—is merely an instance of →-elimination.

2.1. THE RULES OF NATURAL DEDUCTION 43

Finally we need the identity rule:

A B C . . .

A(2.2)

(where the list of extra premisses may be empty) which records the fact thatwe can deduce A from A. Not very informative, one might think, but it turnsout to be useful. After all, how else would one obtain a proof of the undoubtedtautology A → (B → A), otherwise known as ‘K’? If we take seriously theobservation in the box above—that you can cancel assumptions that aren’tthere—then we will not need this rule. To my taste, it seems less bizarre todiscard assumptions than to cancel assumptions that aren’t there. It’s a matterof taste.

It is customary to connect the several occurrences of a single formula atintroductions (it may be introduced several times) with its occurrences at elim-ination by means of superscripts. Square brackets are placed round eliminatedformulæ.

There are funny logics where you are not allowed to use an assumption morethan once: in these resource logics assumptions are like sums of money. Thisalso gives us another illustration of the difference between an argument (as inlogic) and a debate (as in rhetoric). In rhetoric it may happen that a point,albeit a good point, can be usefully made only once . . . in an ambush perhaps. Do some very simple illus-

trations of compound proofshere

2.1.1 What do the rules mean??

One way in towards an understanding of what the rules do is to dwell on thepoint made by my friend Richard Bornat that elimination rules are use rules:

(i) The rule of →-elimination tells you how to use the information wrappedup in ‘A → B’. ‘A → B’ informs us that if A, then B. So the way to use theinformation is to find yourself in a situation where A holds. You might not bein such a situation, and if you aren’t you might have to assume A with a viewto using it up later—somehow. We will say more about this.

(ii) ∨-elimination tells you how to use the information in ‘A∨B’. If you aregiven A∨B, how are you to make use of this information without supposing thatyou know which of A and B is true? Well, if you know you can deduce C fromA, and you ALSO know that you can deduce C from B, then as soon as youare told A ∨B you can deduce C. One could think of the rule of ∨-eliminationas a function that takes (1) A ∨ B, (2) a proof of C from A and (3) a proof ofC from B, and returns a proof of C from A ∨ B. This will come in useful onpage 51.

Here is an example, useful to those of you who fry your brains doing sudoku(I can probably find better examples. After all in this case there is an easierproof that the five in the top right bax has to be in the bottom left corner ofthat box)


3 81 6 4 9 7

4 7 1 62 8 7

5 1 88 4 5 27 1 8 4

4 3 5 7 16 5

The 5 in the top left-hand box must be in the first column, and in one of thefirst two rows. Similarly the 5 in the middle box on the top must be in the firstcolumn, and in one of the first two rows. They must be in different rows. Sowhere is the five in the rightmost of the three top boxes? Either the five in theleft box is on the first row and the five in the middle box is on the second rowor the five in the middle box is on the first row and the five in the left box is onthe second row. We don’t know which of the possibilities is the true one, but itdoesn’t matter: either way the 5 in the rightmost box must be in the bottomrow, and that means it must be in the leftmost square in the bottom row.

There is a more general form of ∨-elimination:

[A1] [A2]...

...C C

. . . [An]...C A1 ∨A2 ∨ . . . An ∨-elimC

(2.1)

where we can cancel more than one assumption. That is to say we have a setA1 . . . An of assumptions, and the rule accepts as input a list of proofs of C:one proof from A1, one proof from A2, and so on up to An. It also accepts thedisjunction A1 ∨ . . . An of the set A1 . . . An of assumptions, and it outputs aproof of C. What happens if the set A1 . . . An of assumptions (and thereforealso the list of proofs) is empty? That would be a rule that accepted as inputan empty list of proofs of C, and an empty disjunction of assumptions. This isjust the rule of ex falso sequitur quodlibet.1

1If you are a third-year pedant you might complain that all instances of ∨-elimination havetwo inputs, a disjunction and a list of proofs; ex falso sequitur quodlibet in contrast only hasone: only the empty disjunction. So it clearly isn’t a special case of ∨-elimination. However ifyou want to get A rather than B as the output of an instance of ∨-elimination with the emptydisjunction as input then you need as your other input the empty list of proofs of A, ratherthan the empty list of proofs of B. So you are right, there is something fishy going on: therule of ex falso sequitur quodlibet strictly has two inputs: (i) the empty disjunction and (ii)the empty list of proofs of A. It’s a bit worrying that the empty list of proofs of A seems to bethe same thing as the empty list of proofs of B. If you want to think of the ex falso sequiturquodlibet as a thing with only one input then, if you feed it the false and press the button,you can’t predict which proposition it will give you a proof of! It’s a sort of nondeterministicengine. This may or may not matter, depending on how you conceptualise proofs. This issomething that will be sorted out when we reconceptualise proof theory properly if we ever


The rule of ∨-elimination is a hard one to grasp so do not panic if you don’tget it immediately. However, you should persist until you do.

2.1.2 Worries about reductio and hypothetical reasoning

Many people are unhappy about hypothetical reasoning of the kind used in therule of →-introduction. I am not entirely sure why, so I am not 100% certainwhat to say to make the clouds roll away. However here are some thoughts.

The unease about argument by reductio ad absurdum seems to be that ifI attempt to demonstrate the falsity of p by assuming p and then deducing acontradiction from it then—if I succeed—I have somehow not so much provedthat p was false but instead contrived to explode the machinery of deductionaltogether: if p was false how could I have sensibly deduced anything from it inthe first place?! I have somehow sawn off the branch I was sitting on. I thoughtI was deducing something, but I couldn’t have been. This unease then infectsthe idea of hypothetical reasoning: reasoning where the premisses are—if notactually known to be false—at least not known to be true. No idea is so crazythat no distinguished philosopher can ever be found to defend it, and one canindeed find a literature in which this idea is defended.

Evert Beth said that Aristotle’s most important discovery was that the sameprocesses of reasoning used to infer new truths from propositions previouslyknown to be true are also used to deduce consequences from premises not knownto be true and even from premises known to be false.2

But it’s not hard to see that life would be impossible without hypotheticalreasoning. Science would be impossible: one would never be able to test hy-potheses, since one would never be able to infer testable predictions from them!Similarly, as one of my correspondents on the philosophy-in-europe mailing listpointed out, a lawyer cross-examining a hostile witness will draw inferences fromthe witness’s testimony in the hope of deducing an absurdity. Indeed if one wereunwilling to imagine oneself in the situation of another person (which involvessubscribing to their different beliefs) then one would be liable to be labelled asautistic.

Finally one might mention the Paradox of the Unexpected Hanging in thisconnection. There are many things it seems to be about, and one of them ishypothetical reasoning. (“If he is to be hanged on the friday then he wouldknow this by thursday so it can’t be friday . . . ” Some people seem to think

do. We will think about this a bit in section 3.13. For the moment just join the first andsecond years in not thinking about it at all.

2Spinoza believed hypothetical reasoning to be incoherent, but that’s because he believedall truths to be necessary, and even people who are happy about counterfactual reasoning arenervous about attempting to reason from premisses known to be logically false! This maybe why there is no very good notion of explanation in Mathematics or Theology. They bothdeal with necessary truth, and counterfactuals concerning necessary truths are problematic.Therefore explanation in these areas is obstructed to the extent that explanation involvescounterfactuals. (There is a literature on how the structure of Mandarin supposedly obstructshypothetical reasoning by its speakers, see for example [4], but I do not know it.)


that altho’ this is a reasonable inference the prisoner can only use it once hehas survived to thursday: he cannot use it hypothetically. . . )3

2.1.3 Goals and Assumptions

When you set out to find a proof of a formula, that formula is your goal. Aswe have just mentioned, the obvious way to attack a goal is to see if you canobtain it as the output of (a token of) the introduction rule for its principalconnective. If that introduction rule is →-introduction then this will generatean assumption. Once you have generated an assumption you will need—sooneror later—to extract the information it contains and you will do this by meansof the elimination rule for the principal connective of that assumption. It’sactually idiotically simple:

1. Attack a goal with the introduction rule for its principal connective;

2. Attack an assumption with the elimination rule for its principal connec-tive.

Consider (1). We have the goal ((A → B) → A) → ((A → B) → B). Theprincipal connective of this formula is the arrow in the middle that I underlined.So we assume the antecedent (which is (A→ B)→ A) and then the consequent(which is (A → B) → B) becomes our new goal. So we have traded the oldgoal ((A→ B)→ A) → ((A→ B)→ B) for the new goal ((A→ B)→ B) andgenerated the new assumption ((A→ B)→ A).

Your first step—when challenged to find a natural deduction proof of aformula—should be to identify the principal connective. (That was the point ofexercise 1.) For example, when challenged to find a proof of (A ∧B)→ A, theobvious gamble is to expect that the last step in the proof was a→-introductionrule applied to a proof of A with the assumption A ∧B.

2.1.4 The small print

It isn’t always true that you should attack an assumption (or goal) with theelimination (introduction) rule for its main connective. It might be that thegoal or assumption you are looking at is a propositional letter and thereforenot have a principal connective! In those circumstances you might have to trysomething else. Your assumption might be P and if you have in your knapsackthe formula (P ∨ Q) → R it might be a good idea to whack the ‘P ’ with a ∨-introduction to get P ∨Q so you can then do a →-elimination and get R. Andof course you might wish to refrain from attacking your assumption with theelimination rule for its principal connective. If you assumption is P ∨Q and youalready have in your knapsack the formula (P ∨Q)→ R you’d be crazy not to

3However, this is almost certainly not what is at stake in the Paradox of the UnexpectedHanging. A widespread modern view—with which I concur—is that the core of the puzzle isretained in the simplified version where the judge says “you will be hanged tomorrow and youdo not believe me”.


use →-elimination to get R. And in so doing you are not using the eliminationrule for the principal connective of P ∨Q.

And even when a goal or assumption does have a principal connective attack-ing it with their appropriate rule for that principal connective is not absolutelyguaranteed to work. Consider the task of finding a proof of A ∨ ¬A. (A hereis a propositional letter, not a complex formula). If you attack the principalconnective you will of course use ∨-int and generate the attempt

A ∨-intA ∨ ¬A (2.1)

or the attempt

¬A ∨-intA ∨ ¬A (2.2)

and clearly neither of these is going to turn into a proof of A∨¬A, since weare not going to get a proof of A (nor a proof of ¬A). It turns out you have to usethe rule of contradiction: assume ¬(A∨¬A) and get a contradiction. There is apattern to at least some of these cases where attacking-the-principal-connectiveis not the best way forward, and we will say more about it later.

The moral of this is that finding proofs is not a simple join-up-the-dotsexercise: you need a bit of ingenuity at times. Is this because we have setup the system wrongly? Could we perhaps devise a system of rules which wascompletely straightforward, and where short tautologies had short proofs4 whichcan be found by blindly following rules like always-use-the-introduction-rule-for-the-principal-connective-of-a-goal? You might expect that, the world being thekind of place it is, the answer is a resounding ‘NO!’ but curiously the answer tothis question is not known. I don’t think anyone expects to find such a system,and i know of no-one who is trying to find one, but the possibility has not beenexcluded.

In any case the way to get the hang of it is to do lots of practice!! So hereare some exercises.

2.1.5 Some ExercisesGet these in something likeincreasing order of difficultyEXERCISE 14 Find natural deduction proofs of the following tautologies:

1. (P → Q)→ ((Q→ R)→ (P → R));

2. (P ∨Q)→ (((P → R) ∧ (Q→ S))→ (R ∨ S));

3. (P ∧Q)→ (((P → R) ∨ (Q→ S))→ (R ∨ S));

4. P → (¬P → Q);

5. (((P → Q)→ Q)→ Q)→ (P → Q);

6. ¬(A ∨B)→ (¬A ∧ ¬B);

4‘short’ here can be given a precise meaning.


7. ¬(A ∧B)→ (¬A ∨ ¬B); (hard!) (*)

8. A→ (A→ A) (you will need the identity rule);

9. A ∨ ¬A; (*)

10. (A ∧ (B ∨ C))→ ((A ∧B) ∨ (A ∧ C));

11. (A ∨ (B ∧ C))→ ((A ∨B) ∧ (A ∨ C));

12. A → [(A → C) → ((B → C) → C)] (for this and the next you will needthe identity rule);

13. B → [(A → C) → ((B → C) → C)] (then put these last two together toobtain a proof of

14. (A ∨B)→ [(A→ C)→ ((B → C)→ C)].

The starred items will need the rule of classical negation. For the others youshould be able to find proofs that do not use classical negation.

A word of advice. You will find with several of these proofs (certainly 10 and11 for example) that an assumption that you have generated can be used morethan once.

You can also attempt the first two parts of exercise 39 on p. 104.

EXERCISE 15 Life is complicated on Planet Zarg. The Zarglings believe thereare three truth-values: true, intermediate and false. Here we write them as1, 2 and 3 respectively. Here is the truth-table for the connective → on planetZarg:

P → Q1 1 11 2 21 3 32 1 12 1 22 3 33 1 13 1 23 1 3

On Zarg the truth-value of P ∨Q is simply the smaller of the truth-values ofP and Q; the truth-value of P ∧Q is the larger of the truth-values of P and Q.

Write out Zarg-style truth-tables for

1. P ∨Q;

2. P ∧Q;

2.2. SOUNDNESS AND COMPLETENESS OF THE NATURAL DEDUCTION RULES49

3. ((P → Q)→ P )→ P ;

4. P → (Q→ P );

5. (P → Q)→ Q);

[Brief reality check: What is a tautology on Planet Earth?]What might be a good definition of tautology on Planet Zarg?According to your definition of a tautology-on-planet-Zarg, is it the case that

if P and Q are formulæ such that P and P → Q are both tautologies, then Q isa tautology?

There are two possible negations on Zarg:

P ¬1P ¬2P1 3 32 2 13 1 1

Given that the Zarglings believe ¬(P ∧¬P ) to be a tautology, which negationdo they use?

Using that negation, do they believe the following formulæ to be tautologies?P ∨ ¬P?(¬¬P ) ∨ ¬P?¬¬(P ∨ ¬P )?(¬P ∨Q)→ (P → Q)?

2.2 Soundness and completeness of the naturaldeduction rules

The rules of natural deduction are sound: every formula we can prove usingnatural deduction is a tautology. They preserve truth: if you reason using theserules from true premisses your conclusions will be true as well. Whatever ourlogical machinery (and it might be deliberately over-simplified, as it is whenwe start off with propositional logic) we want to be sure that the rules that wedecide on for reasoning with that machinery are sound in this sense.

Completeness is a feature complementary to soundness. Not only are therules sound, but they exhaust the possible modes of truth-preserving reason-ing (in this language) in the sense that any truth-preserving inference can becaptured by reasoning according to these formulations. We say the rules arecomplete. We prove this in section 2.7. It is impossible to overstate the signif-icance of this fact. There is a finite system of rules of inference which capturesall truth-preserving reasoning expressible in this syntax. The power of this sim-plification is incalculable and has impressed generations of logicians. There is atradition in modern logic that holds that a body of principles of reasoning thatcannot be finitely codified is simply not part of Logic at all. Not everybodybelieves this, but it is a widely held view.


In the case of propositional logic we have truth-tables, which enable us todecide quite quickly when a formula is valid (or when a principle of reasoningis truth-preserving aka sound). This is so convenient that one tends to forgetthat there is actually a method of generating all the valid principles (and all thetautologies aka valid formulæ) over and above a method of recognising themwhen they pop up. In fact there are several ways of doing this, and we willsee some of them, and we will prove that they do this: that is, that they arecomplete. You will discover that it’s nowhere near as easy to test predicatecalculus formulæ for validity as it is to test propositional formulæ: there is noeasy analogue of truth-tables. Despite this there is a way of generating all thetruth-preserving principles of reasoning that are expressible with this syntax,and we will be seeing them, and I hope to prove them complete too.

You must get used to the idea that all notions of logical validity, or of soundinference, can be reduced to a finite set of rules in the way that propositionallogic and predicate calculus can. Given that—as we noted on p 21—the validityof an argument depends entirely on its syntactic form, perhaps we should not besurprised to find that there are finite mechanical methods for recognising validarguments. However this holds good only for arguments of a particularly simplekind. If we allow variables to range over predicate letters then things start togo wrong. Opinion is divided on how important is this idea of completeness. Ifwe have something that looks like a set of principles of reasoning but discoverthat it cannot be generated by a finite set of rules, does that mean it isn’t partof logic?Mention here other notions

of validity: true in all finitemodels: true in all infinitemodels

The rules are sound in that they preserve truth: in any token of the rule ifthe premisses are true then the conclusions are true too. For the rules like ∧-introduction, ∨-introduction, ∧-elimination,→-elimination . . . it’s obvious whatis meant: for any valuation v if the stuff above the line is true according to vthen so is the stuff below the line.

What I am planning to convince you is that any complex proof made up bycomposing lots of tokens of ∧-int, →-elim and so on has the property that anyvaluation making all the premisses true also makes the conclusion true. Thatis to say, we claim that all complex proofs are truth-preserving. Notice thatthis has as a special case the fact that any complex proof with no premisses hasa conclusion that is logically valid. Every valuation making all the premissestrue will make the conclusion true. Now since there are no premisses, everyvaluation makes all the premisses true, so every valuation makes the conclusiontrue. So the conclusion is valid!Rephrase this

However this way of thinking about matters doesn’t enable us to make senseof →-introduction and ∨-elimination. To give a proper description of what isgoing on we need to think of the individual (atomic) introduction and elimi-nation rules as gadgets for making new complex proofs out of old (slightly lesscomplex) proofs.

That is to say you think of the rule of ∧-introduction as a way of takinga complex proof D1 of A and a complex proof D2 of B and giving a complexproof D3 of A ∧ B. We are trying to show that all complex deductions aretruth-preserving.

2.2. SOUNDNESS AND COMPLETENESS OF THE NATURAL DEDUCTION RULES51

The fact that ∧-introduction is truth-preserving in the sense of the previousparagraph now assures us that it has the new property that:

If

• D1 is a truth-preserving deduction of A (that is to say, any valuationmaking the premisses of D1 true makes A true); and

• D2 is a truth-preserving deduction of B (that is to say, any valuationmaking the premisses of D2 true makes A true);

Thenthe deduction D3:

D1

...A

D2

...B ∧-int

A ∧B

(2.1)

too, is truth-preserving in the sense that any valuation making the premissesof D3 true—and they are just (the premisses of D1) ∪ (premisses of D2)—makesA ∧B true too.

This sounds like a much more complicated way of thinking of ∧-introductionas truth-preserving than the way we started out with, but we need this wayof seeing things when we come to consider the rules that involve cancellingassumptions, namely→-introduction, ∨-elimination and classical contradiction.Let us now consider these two.

→-introduction

Suppose we have a deduction D of B from A, C1 . . . Cn, and that D is truth-preserving. That is to say, any valuation making all of A, C1 . . . Cn true willalso make B true. Now consider the deduction D′ (of A → B from C1 . . . Cn)that is given us by an application of →-introduction. We want this to be truth-preserving as well, that is to say, we want any valuation making C1 . . . Cn trueto make A→ B true too.

Let’s check this. Let v be a valuation making C1 . . . Cn true. Then either

(i) it makes A true in which case—beco’s D was truth-preserving—itmakes B true as well and thereby makes A→ B true.

Or

(ii) it makes A false. Any valuation making A false makes A → Btrue.

Remember: you don’t have to cancel all occurrences of the premiss. (seepage 42.)


∨-elimination

We can tell a similar story about ∨-elimination. Suppose we have a truth-preserving deduction D1 of C from A (strictly: from A and a bag of extraassumptions like the C1 . . . Cn of the previous paragraph) and a truth-preservingdeduction D2 of C from B (and extra assumptions). That is to say that anyvaluation making A (and the extra assumptions) true makes C true, and anyvaluation making B (and the extra assumptions) true makes C true. Now, anyvaluation making A ∨ B (and the extra assumptions) true will make one of Aand B true. So the new proof

[A]...D1

...C

[B]...D2

...C A ∨B ∨-elimC

(2.2)

—that we make fromD1 andD2 by applying ∨-elim to it—is truth-preservingas well.

In excruciating detail: let v be a valuation that makes A∨B (and the extraassumptions) true. Since v makes A ∨ B true, it must either (i) make A true,in which case we conclude that C must be true beco’s of D1; or (ii) make Btrue, in which case we conclude that C must be true beco’s of D2. Either wayit makes C true.

EXERCISE 16 Annotate the following proofs, indicating which rules are usedwhere and which premisses are being cancelled when.

P P → Q

Q

(P → Q)→ Q

P → ((P → Q)→ Q)

(2.3)

P ∧QQ

P ∨Q(P ∧Q)→ (P ∨Q)

(2.4)

P ¬P⊥Q

P → Q

(2.5)

2.3. SEQUENT CALCULUS 53

P ∨QP P → R

R

Q Q→ R

R

R(P ∨Q)→ R

(2.6)

A BA ∧B

B → (A ∧B)A→ (B → (A ∧B))

(2.7)

(A→ B)→ B A→ B

B((A→ B)→ B)→ B

(A→ B)→ (((A→ B)→ B)→ B)

(2.8)

2.3 Sequent Calculus

Imagine you are given the task of finding a natural deduction proof of thetautology

(p→ (q → r))→ ((p→ q)→ (p→ r)).

Obviously the first thing you do is to attack the principal connective, andclaim that (p→ q)→ (p→ r) is obtained by an →-introduction as follows:

p→ (q → r)... →-int

(p→ q)→ (p→ r)

(2.1)

in the hope that we can fill the dots in later. Notice that we don’t know atthis stage how many lines or how much space to leave . . . . At the second stagethe obvious thing to do is try →-introduction again, since ‘→’ is the principalconnective of ‘(p→ q)→ (p→ r)’. This time my proof sketch has a conclusionwhich looks like

... →-intp→ r→-int

(p→ q)→ (p→ r)

(2.2)

and we also know that floating up above this—somewhere—are the twopremisses p → (q → r) and p → q. But we don’t know where on the page toput them!

This motivates a new notation. Record the endeavour to prove


(p→ (q → r))→ ((p→ q)→ (p→ r))

by writing

` (p→ (q → r))→ ((p→ q)→ (p→ r)).

using the new symbol ‘`’.5 Then stage two (which was formula 2.1) can bedescribed by the formula

p→ (q → r) ` ((p→ q)→ (p→ r)).

which says that (p→ q)→ (p→ r) can be deduced from p→ (q → r). Thenthe third stage [which I couldn’t write down and which was formula 2.2, whichsaid that p→ r can be deduced from p→ q and p→ (q → r)] comes out as

p→ (q → r), p→ q ` p→ r

This motivates the following gadgetry.A sequent is an expression Γ ` ψ where Γ is a set of formulæ and ψ is a

formula. Γ ` ψ says that there is a deduction of ψ from Γ. In sequent calculusone reasons not about formulæ—as one did with natural deduction—but in-stead about sequents, which are assertions about deductions between formulæ.Programme: sequent calculus is natural deduction with control structures! Asequent proof is a program that computes a natural deduction proof.

Capital Greek letters denote sets of formulæ and lower-case Greek lettersdenote formulæ.

We accept any sequent that has a formula appearing on both sides. Suchsequents are called initial sequents. Clearly the allegation made by an initialsequent is correct!

There are some obvious rules for reasoning about these sequents. Our en-deavour to find a nice way of thinking about finding a natural deduction proofof

(p→ (q → r))→ ((p→ q)→ (p→ r))

gives us something that looks in part like

p→ (q → r), (p→ q), p ` rp→ (q → r), (p→ q) ` (p→ r)

p→ (q → r) ` (p→ q)→ (p→ r)

` (p→ (q → r))→ ((p→ q)→ (p→ r))

and this means we are using a rule

Γ, A ` B→ RΓ ` A→ B

(2.3)

5For some reason this symbol is called ‘turnstile’.


Of course there are lots of other rules, and here is a summary of them:

∨L : Γ, ψ ` ∆ Γ′, φ ` ∆′

Γ ∪ Γ′, ψ ∨ φ ` ∆ ∪∆′ ∨ R: Γ ` ∆, φΓ ` ∆, ψ ∨ φ

∨ R: Γ ` ∆, ψΓ ` ∆, ψ ∨ φ

∧L : Γ, ψ, φ ` ∆Γ, ψ ∧ φ ` ∆ ∧R : Γ ` ∆, ψ Γ′ ` ∆′, φ

Γ ∪ Γ′ ` ∆ ∪∆′, ψ ∧ φ

¬L : Γ ` ∆, ψΓ,¬ψ ` ∆ ¬R : Γ, ψ ` ∆

Γ ` ∆,¬ψ

→ L : Γ ` ∆, φ Γ′, ψ ` ∆′

Γ ∪ Γ′, φ→ ψ ` ∆ ∪∆′ → R : Γ, ψ ` ∆, φΓ ` ∆, ψ → φ

Weakening-L: Γ ` ∆Γ, A ` ∆; Weakening-R: Γ ` ∆

Γ ` ∆, B ;

Contraction-L: Γ, ψ, ψ ` ∆Γ, ψ ` ∆ ; Contraction-R: Γ ` ∆, ψ, ψ

Γ ` ∆, ψ ;

Cut:Γ ` ∆, ψ Γ′, ψ ` ∆′

Γ ∪ Γ′ ` ∆,∆′ .

In this box I have followed the universal custom of writing ‘Γ, ψ’ for ‘Γ∪ψ;I have not so far followed the similarly universal custom of writing ‘Γ,∆’ insteadof ‘Γ ∪∆’ but from now on I will.

You might find useful the terminology of eigenformula. The eigenformulaof an application of a rule is the formula being attacked by that application. Ineach rule in the box above I have underlined the eigenformula.

There is no rule for the biconditional: we think of a biconditional as aconjunction of two conditionals.

Now that we have rules for ¬ we no longer have to think of ¬p as p → ⊥.(see appendix 11..1.)

The two rules of ∨-R give rise to a derived rule which makes good sensewhen we are allowed more than one formula on the right. it is

Γ ` ∆, A,B

Γ ` ∆, A ∨B

Γ ` ∆, A,BΓ ` ∆, A ∨B

I shall explain soon (section 2.3.3) why this is legitimate.


A word is in order on the two rules of contraction. Whether one needs thecontraction rules or not depends on whether one thinks of the left and righthalves of sequents as sets or as multisets. Both courses of action can be arguedfor. If one thinks of them as multisets then one can keep track of the multipletimes one exploits an assumption. If one thinks of them as as sets then onedoesn’t need the contraction rules. It’s an interesting exercise in philosophy ofmathematics to compare the benefits of the two ways of doing it, and to considerthe sense in which they are equivalent. Since we are not hell-bent on rigour wewill equivocate between the two approaches: in all the proofs we consider it willbe fairly clear how to move from one approach to the other and back.

A bit of terminology you might find helpful. Since premisses and conclusionare the left and right parts of a sequent, what are we going to call the thingsabove and below the line in a sequent rule? The terminology precedent andsuccedent is sometimes used. I’m not going to expect you to know it: I’moffering it to you here now because it might help to remind you that it’s adifferent distinction from the premiss/conclusion distinction. I think it is moreusual to talk about the upper sequent and the lower sequent.

You will notice that I have cheated: some of these rules allow there to bemore than one formula on the right! There are various good reasons for this, butthey are quite subtle and we may not get round to them. If we are to allow morethan one formula on the right, then we have to think of Γ ` ∆ as saying thatevery valuation that makes everything Γ true also makes something in ∆ true.We can’t correctly think of Γ ` ∆ as saying that there is a proof of somethingin ∆ using premisses in Γ because:

A ` A

is an initial sequent. so we can use ¬−R to infer

` A,¬A.

So ` A,¬A is an OK sequent. Now it just isn’t true that there is always aproof of A or a proof of ¬A, so this example shows that it similarly just isn’ttrue that a sequent can be taken to assert that there is a proof of something onthe right using only premisses found on the left—unless we restrict matters sothat there is only one formula on the right. This fact illustrates how allowingtwo formulæ on the right can be useful: the next step is to infer the sequent

` A ∨ ¬A

and we can’t do that unless we allow two formulæ on the right.However, it does help inculcate the good habit of thinking of sequents as

metaformulæ, as things that formalise facts about formulæ rather than facts ofthe kind formalised by the formulæ.

One thing you will need to bear in mind, but which we have no space toprove in this course, is that sequent proofs with more than formula on the rightcorrespond to natural deduction proofs using the rule of classical negation.Display this properly


N.B.: commas on the left of a sequent mean ‘and’ while commas on theright-hand side mean ‘or’ ! This might sound odd, but it starts to look naturalquite early, and you will get used to it easily.

A summary of what we have done so far with Natural Deduction and SequentCalculus.

• A sequent calculus proof is a log of attempts to build anatural deduction proof.

• So a sequent is telling you that there is a proof of theformula on the right using as premisses the formulæ onthe left.

• But we muck things up by allowing more than one formulaon the right so we have to think of a sequent as saying ifeverything on the left is true then something on the rightis true.

• Commas on the left are and, commas on the right are or.

EXERCISE 17 Now find sequent proofs for the formulæ in exercise 14 (page47). For the starred formulæ you should expect to have to have two formulæ onthe right at some point.

2.3.1 Soundness of the Sequent Rules

If we think of a sequent Γ ` ∆ as an allegation that there is a natural deductionproof of something in ∆ using assumptions in Γ, then we naturally want tocheck that all basic sequents are true and that all the sequent rules are truth-preserving. That is to say, in each rule, if the sequent(s) above the line maketrue allegations about the existence of deductions, then so does the sequentbelow the line

To illustrate, think about the rule ∧-L:

A,B ` C∧ L

A ∧B ` C(2.1)

It tells us we can infer “A∧B ` C” from “A,B ` C”. Now “A,B ` C” saysthat there is a deduction of C from A and B. But if there is a deduction of Cfrom A and B, then there is certainly a deduction of C from A ∧ B, becauseone can get A and B from A ∧B by two uses of ∧-elim.

The →-L rule can benefit from some explanation as well. Assume the twosequents above the line. We want to use them to show that there is a derivationof something in ∆ from φ → ψ and all the premisses in Γ. The first sequentabove the line tells us that there is either a deduction of something in ∆ usingpremisses in Γ (in which case we are done) or there is a deduction of φ. Butwe have φ→ ψ, so we now have ψ. But then the second sequent above the linetells us that we can infer something in ∆.


In fact it is easy to check that not only are they truth-preserving they areeffective. Consider ∧-L, for example. Assume Γ, A,B ` ∆. This tells us thatExplain “effective”there is a deduction D of some δ in ∆) assuming only assumptions in Γ pluspossibly A or B or both. We have several cases to consider.

(i) If D does not use A or B then it is a witness to the truth of Γ, A∧B ` ∆;(ii) If it uses either A or B (or both) then we can append6 one (or two)

applications of ∧-elimination to it to obtain a new proof that is a witness to thetruth of Γ, A ∧B ` ∆finish this off, with a picture

The one exception is ¬-R. (¬-L is OK because of ex falso.) If we think ofthe rule of ¬-R as telling us something about the existence blahInsert discussion of ¬-R rule

here This illustrates how

• sequent rules on the right correspond to natural-deductionintroduction rules; and

• sequent rules on the left correspond to natural-deductionelimination rules.

The sequent rules are all sound. Given that the sequent Γ ` φ arose as a wayof saying that there was a proof of φ using only assumptions in Γ it would benice if we could show that the sequent rules we have are sound in the sensethat we cannot deduce any false allegations about the existence of proofs fromtrue allegations about the existence of proofs. However, as we have seen, this issabotaged by our allowing multiple formulæ on the right.

However, there is a perfectly good sense in which they are sound. If we thinkof the sequent Γ ` ∆ as saying that every valuation making everything in Γ truemakes something in ∆ true then all the sequent rules are truth-preserving.

All this sounds fine. There is however a huge problem:

2.3.2 The rule of cut

It’s not hard to check that if the two upper sequents in an application of therule of cut make true allegations about valuations, then the allegation made bythe lower sequent will be true too,

Γ ` ∆, A A,Γ′ ` ∆′

Γ,Γ′ ` ∆,∆′

[hint: consider the two cases: (i) A true, and (ii) A false.] Since it is truth-preserving (“sound”) and we want our set of inference rules to be exhaustive(“complete”) we will have to either adopt it as a rule or show that it is derivablefrom the other rules.

There is a very powerful argument for not adopting it as a rule if we canpossibly avoid it: it wrecks the subformula property. If—without using cut—we build a sequent proof whose last line is ` Φ then any formula appearing

6The correct word is probably ‘prepend’ !


anywhere in the proof is a subformula of Φ. If we are allowed to use the rule ofcut then, well . . .

Imagine yourself in the following predicament. You are trying to prove asequent φ ` ψ. Now if cut is not available you have to do one of two things:you can use the rule-on-the-right for the chief connective of ψ, or you can usethe rule-on-the-left for the chief connective of φ. There are only those twopossibilities. (Of course realistically there may be more than one formula onthe left and there may be more than one formula on the right, so you havefinitely many possibilities rather than merely two, but that’s the point: thenumber of possibilities is finite.) If you are allowed cut then the task of provingφ ` ψ can spawn the two tasks of proving the two sequents

φ ` ψ, θ and θ, φ ` ψ

and θ could be anything at all. This means that the task of finding a proofof φ ` ψ launches us on an infinite search. Had there been only finitely manythings to check then we could have been confident that whenever there is a proofthen we can be sure of finding it by searching systematically. If the search isinfinite it’s much less obvious that there is a systematic way of exploring allpossibilities.

If we take the other horn of the dilemma we have to show that the rule ofcut is unnecessary, in the sense that every sequent that can be proved with cutcan be proved without it. If we have a theory T in the sequent calculus and wecan show that every sequent that can be proved with cut can be proved withoutit then we say we have proved cut-elimination for T . Typically this is quitehard to do, and here is why. If we do not use cut then our proofs have thesubformula property. (That was the point after all!). Now consider the emptysequent:

`

The empty sequent7 claims we can derive the empty conjunction (the thing onthe right is the empty conjunction) from the empty disjunction (the thing onthe left is the empty disjunction). So it claims we can derive the false fromthe true. This we certainly cannot do, so we had better not have a proof of theempty sequent! Now any cut-free proof of the empty sequent will satisfy thesubformula property, and clearly there can be no proof of the empty sequentsatisfying the subformula property. Therefore, if we manage to show that everysequent provable in the sequent version of T has a cut-free proof then we haveshown that there is no proof of the empty sequent in T . But then this says thatthere is no proof of a contradiction from T : in other words, T is consistent.

7I’ve put it into a box, so that what you see—in the box—is not just a turnstile withnothing either side of it but the empty sequent, which is not the same thing at all . . . being(of course) a turnstile with nothing either side of it.


So: proving that we can eliminate cuts from proofs in T is as hard as showingthat T is free from contradiction. As it happens there is no contradiction to bederived from the axioms we have for predicate calculus but proving this is quitehard work. We can prove that all cuts can be eliminated from sequent proofsin predicate calculus but I am not going to attempt to do it here.

2.3.3 Two tips

2.3.3.1 Keep a copy!!

One of things to bear in mind is that one can always keep a copy of the eigen-formula. What do I mean by this? Well, suppose you are challenged to find aproof of the sequent

Γ ` φ→ ψ (2.1)

You could attack a formula in Γ but one thing you can do is attack theformula on the right, thereby giving yourself the subordinate goal of provingthe sequent

Γ, φ ` ψ (2.2)

However, you could also generate the goal of proving the sequent

Γ, φ ` ψ, φ→ ψ (2.3)

The point is that if you do a→-R to sequent 2.3.3 you get sequent 2.3.3. Thusyou get the same result as if you had done a ∈-R to sequent 2.3.3. Sometimeskeeping a copy of the eigenformula in this way is the only way of finding a proof.

For example, there is a proof of the sequent

(A→ B)→ B ` (B → A)→ A

but you have to keep copies of eigenformulæ to find it. That’s a hard one!In both these illustrations the extra copy you are keeping is a copy on the

right. I should try to find an illustration where you need to keep a copy on theleft too.

EXERCISE 18 Find a proof of the sequent:

(A→ B)→ B ` (B → A)→ A

Another reason why keeping copies can be useful. You might be wonderingwhy the ∨-R rule is not of the form

Γ ` A,B

Γ ` A ∨B

2.4. HARMONY AND CONSERVATIVENESS 61

The answer is we can justify that as a derived rule by the following inference:

Γ ` A,B

Γ ` A ∨B,B

Γ ` A ∨B,A ∨B

Γ ` A ∨B

. . . keeping an extra copy of ‘A ∨B’

2.3.3.2 Keep checking your subgoals for validity

It sounds obvious, but when you are trying to find a sequent proof by workingupwards from your goal sequent, you should check at each stage that the goal-sequents you generate in this way really are valid in the sense of making trueclaims about valuations. After all, if the subgoal you generate doesn’t followfrom the assumptions in play at that point then you haven’t a snowflake inhell’s chance of proving it, have you? It’s usually easy to check by hand that ifeverything on the left is true them something on the right must be true.

As I say, it sounds obvious but lots of people overlook it!And don’t start wondering: “if it’s that easy to check the validity of a

sequent, why do we need sequent proofs?”. The point is that one can use thesequent gadgetry for logics other than classical logic, for which simple tautology-checking of this kind is not available. See section 2.9.

2.3.4 Exercises

You can now attempt to find sequent proofs for all the formulæ in exercise 14page 47. At this stage you can also attempt exercise 39 on page 104. We usually treat seq calcu-

lus as arising from ND but infact the proofs that sequentcalculus reasons about couldbe any proofs at all—evenHilber-style proofs as below.

2.4 Harmony and conservativeness

2.4.1 Conservativeness

This is why we need the identity rule. O/w we would need ∧-intro and elim toprove K.

Plonk and tonk

2.4.2 Harmony

There is an æsthetic underlying the introduction and elimination rules: thefeeling is that, for each quantifier, the introduction and elimination rule shouldcomplement each other. What might this mean, exactly? Well, the introductionrule for a connective £ tells us how to parcel up information in a way representedby the formula A£B, and the corresponding elimination (“use”!) rule tells ushow to use the information wrapped up in A£B. We certainly don’t want to


set up our rules in such a way that we can somehow extract more informationfrom A£B than was put into it in the first place. This would probably violatemore than a mere æsthetic, in that it could result in inconsistency. But we alsowant to ensure that all the information that was put into it (by the introductionrules) can be extracted from it later (by the use rules). If our rules complementeach other neatly in this way then something nice will happen. If we bundleinformation into A£B and then immediately extract it, we might as well havedone nothing at all. Consider

D1

...A

D2

...B ∧-int

A ∧B ∧-elimB

(2.1)

where we wrap up information and put it inside A ∧ B and then immediatelyunwrap it. We can clearly simplify this to:

D2

...B

(2.2)

This works because the conclusion A ∧ B that we infer from the premissesA and B is the strongest possible conclusion we can infer from A and B andthe premiss A∧B from which we infer A and B is the weakest possible premisswhich will give us both those conclusions. If we are given the ∧-elimination rule,what must the introduction rule be? From A ∧ B we can get both A and B,so we must have had to put them in in the first place when we were trying toprove A ∧ B by ∧-introduction. Similarly we can infer what the ∧-eliminationrule must be once we know the introduction rule.

The same goes for ∨ and →. Given that the way to prove A → B is toassume A and deduce B from it, the way to use A → B must be to use it inconjunction with A to deduce B; given that the way to use A→ B is to use itin conjunction with A to infer B it must be that the way to prove A→ B is toassume A and deduce B from it. That is why it’s all right to simplify

[A]...B →-int

A→ B A →-elimB

(2.3)

to

A...B

(2.4)

2.5. HILBERT-STYLE PROOFS 63

And given that the way to prove A∨B is to prove one of A and B, the way touse A∨B is to find something that follows from A and that also—separately—follows from B; given that the way to use A∨B is to find something that followsfrom A and that also—separately—follows from B, it must be that the way toprove A→ B is to assume A and thereby prove B. That is why it’s all right tosimplify

[A1]...C

[A2]...C

A1 ∨-intA1 ∨A2 ∨-elim

C

(2.5)

should simplify to

A1

...C

(2.6)

DEFINITION 9 We say a pair of introduction-plus-elimination rules (for £)are harmonious if (i) A£B is the strongest thing we can infer from the pre-misses for £-introduction and (ii) A£B is the weakest thing that (with the otherpremisses to the £-elimination rule, if any8) implies the conclusion of the £-elimination rule.

What we have shown above is that the rules for→, ∧ and ∨ are harmonious.

2.5 Hilbert-style Proofs

In this style of proof we have only three axiomsK: A→ (B → A)S: (A→ (B → C))→ ((A→ B)→ (A→ C))T : (¬A→ B)→ ((¬A→ ¬B)→ A)and the rules of modus ponens and substitution. ‘K’ and ‘S’ are standard

names for the first two axioms. There is a good reason for this, which we willsee in chapter 7. The third axiom does not have a similarly standard name.

Notice that only two connectives appear here: → and ¬. How are we sup-posed to prove things about ∧ and ∨ and so on? The answer is that we define theother connectives in terms of→ and ¬, somewhat as we did on page 30—exceptthat there we defined our connectives in terms of a different set of primitives.

Here is an example of a proof in this system:

8Do not forget that the elimination rule for A£B might have premisses in addition toA£B: →-elimination and ∨-elimination do, for example.


1. A→ ((A→ A)→ A) Instance of K

2. (A→ ((A→ A)→ A))→ ((A→ (A→ A))→ (A→ A)) Instance of S

3. (A→ (A→ A))→ (A→ A) Modus Ponens (1) and (2)

4. A→ (A→ A) Instance of K:

5. A→ A Modus Ponens (3) and (4)

I thought I would give you an illustration of a proof before giving you adefinition. Here is the definition.

DEFINITION 10 A Hilbert-style proof is a list of formulæ wherein every for-mula is either an axiom is is obtained from earlier formulæ in the list by modusponens or substitution.

Some comments at this point.

1. We can do without the rule of substitution, simply by propagating thesubstitutions we need back to the axioms in the proof and ruling that asubstitution instance of an axiom is an axiom.

2. We can generalise this notion to allow assumptions as well as axioms. Thatway we have—as well as the concept of an outright (Hilbert)-proof—theconcept of a Hilbert-proof of a formula from a list of assumptions.

3. An initial segment of a Hilbert-style proof is another Hilbert-style proof—of the last formula in the list.

4. Hilbert-style proofs suffer from not having the subformula property, as theboxed proof (above, page 63) shows.

EXERCISE 19 You have probably already found natural deduction proofs forK and S. If you have not done so, do it now. Find also a natural deductionproof of T , the third axiom. (You will need the rule of classical negation).

EXERCISE 20 Go back to Zarg and—using the truth-table for ¬ that you de-cided that the Zarglings use—check that the Zarglings do not believe axiom T tobe a tautology.

I will spare you the chore of testing whether or not the Zarglings believe Sto be a tautology. One reason is that it would involve writing out a truth-tablewith a dispiritingly large number of rows. How many rows exactly?

EXERCISE 21 [For enthusiasts only]Find Hilbert-style proofs of the following tautologies

(a) B → ¬¬B.(b) ¬A→ (A→ B).(c) A→ (¬B → ¬(A→ B)).(d) (A→ B)→ ((¬A→ B)→ B).

2.5. HILBERT-STYLE PROOFS 65

Notice how easy it is to prove that the Hilbert-style proof system is sound!After all, every substitution-instance of a tautology is a tautology, and if A→ Band A are tautologies, so is B. This needs massive expan-

sion

2.5.1 The Deduction Theorem

In this Hilbert-style proof system the only rules of inference are modus ponensand substitution. Establishing that A → A is a theorem—as we did above—isquite hard work in this system. If we had a derived rule that said that if we havea Hilbert-style proof of A using a premiss B then we have a Hilbert-style proofof A→ B then as a special case we would know that there was a Hilbert-proofof A→ A.

To justify a derived rule that says that if we have a Hilbert-proof of A fromB then there is a Hilbert-proof of A→ B we will have to show how to transforma proof of B with an assumption A in it into a proof of A→ B. Let the Hilbert-proof of B be the list whose ith member is Bi. The first thing we do is replaceevery Bi by A→ Bi to obtain a new list of formulæ. This list isn’t a proof, butit is the beginnings of one.

Suppose Bk had been obtained from Bi and Bj by modus ponens with Bi

as major premiss, so Bi was Bj → Bk. This process of whacking ‘A →’ onthe front of every formula in the list turns these into A → (Bj → Bk) andA → Bj . Now altho’ we could obtain Bk from Bj and Bj → Bk by modusponens we clearly can’t obtain A → Bk from A → Bj and A → (Bj → Bk)quite so straightforwardly. However we can construct a little Hilbert-style proofof A → Bk from A → Bj and A → (Bj → Bk) using S. When revising youmight like to try covering up the next few formulæ and working it out yourself.

1. (A→ (Bj → Bk))→ ((A→ Bj)→ (A→ Bk)) S

2. A→ (Bj → Bk)

3. (A→ Bj)→ (A→ Bk) modus ponens (1), (2)

4. A→ Bj

5. A→ Bk modus ponens (3), (4)

Lines (2) and (4) I haven’t labelled. Where did they come from? Well, whatwe have just seen is an explanation of how to get A→ Bk from A→ (Bj → Bk)and A → Bj given that we can get Bk from Bj and Bj → Bk. What the boxshows us is how to rewrite any one application of modus ponens. What we haveto do to prove the deduction theorem is to do this trick to every occurrence ofmodus ponens. Revise this: it isn’t correct

If we apply this process to:A→ ((A→ B)→ B)A,A→ B ` BA ` ((A→ B)→ B)we obtain


1. (A→ B)→ (((A→ B)→ (A→ B))→ (A→ B)) Instance of K

2. ((A → B) → (((A → B) → (A → B)) → (A → B))) → (((A → B) →((A→ B)→ (A→ B)))→ ((A→ B)→ (A→ B))) Instance of S

3. ((A→ B)→ ((A→ B)→ (A→ B)))→ ((A→ B)→ (A→ B)) ModusPonens (1) and (2)

4. (A→ B)→ ((A→ B)→ (A→ B)) Instance of K:

5. (A→ B)→ (A→ B) Modus Ponens (3) and (4)

6. ((A→ B)→ (A→ B))→ (((A→ B)→ A)→ ((A→ B)→ B) Instanceof S

7. ((A→ B)→ A)→ ((A→ B)→ B) Modus ponens (6), (5)

8. A Assumption

9. A→ ((A→ B)→ A) Instance of K.

10. (A→ B)→ A Modus ponens (9), (8).

11. (A→ B)→ B modus ponens (10), (7).

(Of course the annotations at the beginning and end of the lines are notpart of the proof but are part of a commentary on it. That’s the language-metalanguage distinction again.)More to do here

2.6 Interpolation

By now the reader will have had some experience of constructing natural deduc-tion proofs. If they examine their own practice they will notice that if they aretrying to prove a formula that has, say, the letters ‘p’, ‘q’ and ‘r’ in it, they willnever try to construct a proof that involves letters other than ‘p’, ‘q’ and ‘r’.There is a very strong intuition of irrelevance at work here. It’s so strong and soobvious that you probably don’t notice that it is at work—it seems too obviousto be worth mentioning. Nevertheless it most emphatically is worth mentioningNot only is it worth mentioning, and obvious, it is also correct! This topic is tobe the subject of this section.

EXERCISE 22 Suppose A is a propositional formula and ‘p’ is a letter appear-ing in A. Show that there are formulæ A1 and A2 not containing ‘p’ such thatA is semantically equivalent to (A1 ∧ p) ∨ (A2 ∧ ¬p). [Hint: consider how youmight be able to simplify A on coming to know the truth-value of ‘p’.][[A]] notation

For syntax buffs only: Notice that I put the letter ‘p’ in quotation marks butnot the letter ‘A’. Thus ‘A’ is a variable ranging over formulæ but the letter ‘p’is a specific letter appearing in A. What would have happened had I left off thesingle quotes in the first line?

2.6. INTERPOLATION 67

DEFINITION 11 Let L(P ) be the set of propositional formulæ that can be builtup from the literals in the alphabet P .

Let us overload this notation by letting L(s) be the set of propositional for-mulæ that can be built up from the literals in the formula s.

Suppose s→ t is a tautology, but s and t have no letters in common. Whatcan we say? Well, there is no valuation making s true and t false. But, sincevaluations of s and t can be done independently, it means that either there is novaluation making s true, or there is no valuation making t false. With a viewto prompt generalisation, we can tell ourselves that, despite s and t having noletters in common, L(s) and L(t) are not disjoint because true is the conjunctionof the empty set of formulæ and false is the disjunction of the empty set offormulæ and therefore both true and false belong to the language over theempty alphabet—which is to say to L(s) ∩ L(t). We established that eithers→ false is a tautology (so s is the negation of a tautology) or true → t is atautology (so t is a tautology). But since s → true and false → t are alwaystautologies, we can tell ourselves that what we have established is that thereis some formula φ in the common vocabulary (which must be either true orfalse) such that both s→ φ and φ→ t are tautologies. If we now think abouthow to do this “with parameters” we get a rather more substantial result.

THEOREM 12 (The interpolation lemma)Let P , Q, and R be three disjoint propositional alphabets; let s be a formula inL(P ∪ Q) and t a formula in L(Q ∪ R). If s ` t, then there is u ∈ L(Q) suchthat s ` u and u ` t. The formula u is an interpolant.

Proof: We do this by induction on the number of variables common to s and t.We have already established the base case, where L(s)∩L(t) is empty. Supposenow that s and t have n+ 1 variables in common. Let the n+ 1th be ‘p’. Thenthere are s′ and s′′, both p-free, such that s is equivalent to (s′ ∧ p) ∨ (s′′ ∧ ¬p)(this is by exercise 22). Similarly, there are t′ and t′′ such that t is equivalentto (t′ ∧ p) ∨ (t′′ ∧ ¬p). We know that any valuation making s true must maket true. But, also, any valuation making s true must either make s′ ∧ p true (inwhich case it makes t′ ∧ p true) or make s′′ ∧ ¬p true (in which case it makest′′ ∧¬p true). So s′ ` t′ and s′′ ` t′′. By induction there are interpolants u′ andu′′ such that s ` u′, u′ ` t′, s′′ ` u′′ and u′′ ` t′′. The interpolant we need for sand t is (u′ ∧ p) ∨ (u′′ ∧ ¬p).

(Here is another proof—that i nicked from Sam Buss. You may prefer it tomine. Think of the literals (and let there be k of them) from Q that occur ins, and of the valuations of those k literals which can be extended to valuationsthat make s true. Let v1 . . . vn be those valuations. Now let u be the disjunction∨

1≤i≤n

(q1(i) ∧ q2(i) . . . qk(i))

where qj(i) is qj or ¬qj depending on whether or not vi believes qj . (shades ofthe proof of part 3→ 2 of theorem 13) s ` u is immediate. To show u ` t notice


that a valuation on Q that satisfies u can be extended to a valuation on P ∪Qthat satisfies s. Any such valuation also satisfies t since s ` t. Hence u ` t asdesired.)

EXERCISE 23 Find an interpolant S for

(A ∧B) ∨ (¬A ∧ C) ` (B → C)→ (D → C)

and supply proofs (in whatever style you prefer) of

(A ∧B) ∨ (¬A ∧ C) → S

and

S → ((B → C)→ (D → C))Say something about inter-polation equiv to complete-ness but much more appeal-ing: humans have strong in-tuitions of irrelevance fromhaving to defend ourselvesfrom conmen over many gen-erations

2.7 Completeness of Propositional Logic

This section is not recommended for first-years.

THEOREM 13 The completeness theorem for propositional logic. The follow-ing are equivalent:

(1) φ is provable by natural deduction.(2) φ is provable from the three axioms K, S and T .(3) φ is truth-table valid.

Proof: We will prove that (3) → (2) → (1) → (3).(2)→ (1). First we show that all our axioms follow by natural deduction–by

inspection. Then we use induction: if there are natural deduction proofs of Aand A→ B, there is a natural deduction proof of B!

(1) → (3).To show that everything proved by natural deduction is truth-table valid we

need only note that, for each rule, if the hypotheses are true (under a givenvaluation), then the conclusion is too. By induction on composition of rulesthis is true for molecular proofs as well. If we have a molecular proof with nohypotheses, then vacuously they are all true (under a given valuation), so theconclusion likewise is true (under a given valuation). But the given valuationwas arbitrary, so the conclusion is true under all valuations.First use of ‘arbitrary’ in this

sense (3) → (2).(This proof is due to Mendelson [23] and Kalmar [19].) Now to show that

all tautologies follow from our three axioms.At this point we must invoke exercise 21, since we need the answers to

complete the proof of this theorem. It enjoins us to prove the following:

2.7. COMPLETENESS OF PROPOSITIONAL LOGIC 69

(a) B → ¬¬B.(b) ¬A→ (A→ B).(c) A→ (¬B → ¬(A→ B)).(d) (A→ B)→ ((¬A→ B)→ B).

If we think of a propositional formula in connection with a truth-table forit, it is natural to say things like: p ←→ q is true as long as p and q are bothtrue or both false, and false otherwise. Thus truth-tables for formulæ shouldsuggest to us deduction relations like

A,B ` A←→ B,

¬A,¬B ` A←→ B,

and similarlyA,¬B ` ¬(A←→ B).

To be precise, we can show:Let A be a molecular wff containing propositional letters p1 . . . pn, and let f

be a map from k ∈ IN : 1 ≤ k ≤ n to true, false. If A is satisfied in therow of the truth-table where pi is assigned truth-value f(i), then

P1 . . . Pn ` A,

where Pi is pi if f(i) = true and ¬pi if f(i) = false. If A is not satisfied inthat row, then

P1 . . . Pn ` ¬A,

and we prove this by a straightforward induction on the rectype of formulæ. ‘rectype’ not explainedWe have only two primitive connectives, ¬ and →, so two cases.¬

Let A be ¬B. If B takes the value true in the row P1 . . . Pn, then,by the induction hypothesis, P1 . . . Pn ` B. Then, since ` p→ ¬¬p(this is exercise 21p 64(a)), we have P1 . . . Pn ` ¬¬B, which is tosay P1 . . . Pn ` ¬A, as desired. If B takes the value false in the rowP1 . . . Pn, then, by the induction hypothesis, P1 . . . Pn ` ¬B. But¬B is A, so P1 . . . Pn ` A.

→Let A be B → C.

Case (1): B takes the value false in row P1 . . . Pn. If B takes thevalue false in row P1 . . . Pn, then A takes value true and we wantP1 . . . Pn ` A. By the induction hypothesis we have P1 . . . Pn ` ¬B.Since ` ¬p → (p → q) (this is exercise 21(b)), we have P1 . . . Pn `B → C, which is P1 . . . Pn ` A.


Case (2): C takes the value true in row P1 . . . Pn. Since C takes thevalue T in row P1 . . . Pn, A takes value true, and we want P1 . . . Pn `A. By the induction hypothesis we have P1 . . . Pn ` C, and so, byK, P1 . . . Pn ` B → C, which is to say P1 . . . Pn ` A.

Case (3): B takes value true and C takes value false in rowP1 . . . Pn. A therefore takes value false in this row, and we wantP1 . . . Pn ` ¬A. By the induction hypothesis we have P1 . . . Pn ` Band P1 . . . Pn ` ¬C. But p → (¬q → ¬(p → q)) is a theorem(this is exercise 21(c)) so we have P1 . . . Pn ` ¬(B → C), which isP1 . . . Pn ` ¬A.

Suppose now that A is a formula that is truth-table valid and that it haspropositional letters p1 . . . pn. Then, for example, both P1 . . . Pn−1, pn ` A andP1 . . . Pn−1, ¬pn ` A, where the capital letters indicate an arbitrary choice of¬ or null prefix as before. So, by the deduction theorem, both pn and ¬pn `(P1 ∧ P2 . . . ∧ Pn−1) → A and we can certainly show that (p → q) → (¬p →q)→ q is a theorem (this is exercise 21(d)), so we have P1 . . . Pn−1 ` A, and wehave peeled off one hypothesis. Clearly this process can be repeated as often asdesired to obtain ` A.

There is another assertion—equivalent to theorem 13—which, too, is knownas the completeness theorem. Sometimes it is a more useful formulation.

COROLLARY 14 φ is consistent (not refutable from the axioms) iff there is avaluation satisfying it.

Proof: 6` ¬φ (i.e., φ is consistent) iff ¬φ is not tautologous. This is turn is thesame as φ being satisfiable.

2.8 Compactness

We close this chapter with an observation which—altho’ apparently banal—actually has considerable repercussions. Suppose there is a deduction of a for-mula φ from a set Γ of formulæ. In principle Γ could be an infinite set of course(there are infinitely many formulæ after all) but any deduction of φ from Γ is afinite object and can make use of only finitely many of the formulæ in Γ. Thatis to say, we have established:

THEOREM 15 If θ follows from Γ then it follows from a finite subset of Γ

This is actually pretty obvious. So obvious in fact that one might not thinkit was worth pointing out. However, it depends sensitively on some features onemight take for granted and therefore not notice. If we spice up our languageinto something more expressive in a manner that does not preserve those nicefeatures we might find that it isn’t true any more. For example it won’t workif our formulæ can be infinitely long or if our proofs are allowed to be infinitelylong.

2.9. WHY DO WE NEED PROOF SYSTEMS FOR PROPOSITIONAL LOGIC. . . ??71

Here is a realistic illustration. Since the infinite sequence 0, 1, 2, 3, . . . exhauststhe natural numbers, it seems entirely reasonable to adopt a rule of inference:

F (0), F (1), F (2), . . .

(∀n)(F (n))

This is called the ω-rule9. There are infinitely many premisses. However it isclear that the conclusion does not follow from any finite subset of the premisses,so we would not normally be licenced to infer the conclusion. The fact that inthis case we are so licenced makes the ω-rule very strong.

2.8.1 Why “compactness”?

The word ‘compactness’ comes from nineteenth century topologists’ attemptsto capture the difference between plane figures of finite extent (for example,the circle of radius 1 centred at the origin) and plane figures of infinite extent(for example the left half-plane)—and to do this without talking about anynumerical quantity such as area. The idea is to imagine an attempt to coveryour chosen shape with circular disks. A set of disks that covers the figure inquestion is a covering of the figure. It’s clearly going to take infinitely manydisks to cover the half-plane. A plane figure F that is finite (perhaps ‘bounded’is a better word) in the sense we are trying to capture has the feature thatwhenever we have a set O of disks that cover F then there is a finite subsetO′ ⊆ O of disks that also covers F . Such a figure is said to be compact. Theconnection between these two ideas was made by Tarski. A nice example of formalisa-

tion

2.9 Why do we need proof systems for proposi-tional Logic. . . ??

. . . given that we can check the validity of any inference by means of truth-tables?? You may well be asking this question.

There are several reasons, but the general theme common to them is thatthere are more complex kinds of Logic where there is no handy and simple ana-logue of the truth-table gadgetry. This being the case we need more complicatedgadgets, and the process of mastering those gadgets is greatly helped by prac-tising on propositional calculus in the first instance—using the toy versions ofthe gadgets in question.

In particular we will be studying in later chapters both predicate calculusand constructive logic (where we reason without using the laws of excludedmiddle and double negation). In neither of these cases are truth-tables sensitiveenough for us to be able to use them and them alone for checking the validityof inferences.

9‘ω’ (pronounced ‘omega’) is the last letter of the Greek alphabet. The capital form is ‘Ω’.


Chapter 3

Predicate (first-order) Logic

3.1 Towards First-Order Logic

The following puzzle comes from Lewis Carroll.

EXERCISE 24 Dix, Lang, Cole, Barry and Mill are five friends who dinetogether regularly. They agree on the following rules about which of the twocondiments—salt and mustard—they are to have with their beef. (For somereason they always have beef?!)

Formalise the following.

1. If Barry takes salt, then either Cole or Lang takes only one of the twocondiments, salt and mustard (and vice versa). If he takes mustard theneither Dix takes neither condiment or Mill takes both (and vice versa).

2. If Cole takes salt, then either Barry takes only one condiment, or Milltakes neither (and vice versa). If he takes mustard then either Dix orLang takes both (and vice versa).

3. If Dix takes salt, then either Barry takes neither condiment or Cole takesboth (and vice versa). If he takes mustard then either Lang or Mill takesneither (and vice versa).

4. If Lang takes salt, then either Barry or Dix takes only one condiment (andvice versa). If he takes mustard then either Cole or Mill takes neither (andvice versa).

5. If Mill takes salt, then either Barry or Lang takes both condiments (andvice versa). If he takes mustard then either Cole or Dix takes only one(and vice versa).

As I say, this puzzle comes from Lewis Carroll. The task he sets is to as-certain whether or not these conditions can in fact be met. I do not know theanswer, and it would involve a lot of hand-calculation—which of course is thepoint! You are welcome to try.

73

74 CHAPTER 3. PREDICATE (FIRST-ORDER) LOGIC

The way to do this is to create a number of propositional letters, one eachto abbreviate each of the assorted assertions “Barry takes salt”, “Mill takesmustard” and so on. How many propositional letters will there be? Obviously10, co’s you can count them: each propositional letter corresponds to a choiceof one of Dix, Lang, Cole, Barry, Mill, and one choice of salt, mustard and2 × 5 = 10. We could use propositional letters ‘p’, ‘q’, ‘r’, ‘s’, ‘t’, ‘u’, ‘v’, ‘w’,‘x’ and ‘y’. This is probably what you have done. But notice that using tendifferent letters—mere letters—in this way fails to capture certain relations thathold between them. Suppose they were arranged like:

‘p’: Barry takes salt ‘u’: Barry takes mustard‘q’: Mill takes salt ‘v’: Mill takes mustard‘r’: Cole takes salt ‘w’: Cole takes mustard‘s’: Lang takes salt ‘x’: Lang takes mustard‘t’: Dix takes salt ‘y’: Dix takes mustard

Then we see that two things in the same row are related to each other in away that they aren’t related to things in other rows; ditto things in the samecolumn. This subtle information cannot be read off just from the letters ‘p’,‘q’, ‘r’, ‘s’, ‘t’, ‘u’, ‘v’, ‘w’, ‘x’ and ‘y’ themselves. That is to say, there isinternal structure to the propositions “Mill takes salt” etc, that is not capturedby reducing each to one letter. The time has come to do something about this.

A first step would be to replace all of ‘p’, ‘q’, ‘r’, ‘s’, ‘t’, ‘u’, ‘v’, ‘w’, ‘x’ and‘y’ by things like ‘ds’ and ‘bm’ which will mean ‘Dix takes salt’ and ‘Barry takesmustard’. Then we can build truth-tables and do other kinds of hand-calculationas before, this time with the aid of a few mnemonics. If we do this, the newthings like ‘bm’ are really just propositional letters as before, but slightly biggerones. The internal structure is visible to us—we know that ‘ds’ is really shortfor ‘Dix takes salt’ but it is not visible to the logic. The logic regards ‘ds’ as asingle propositional letter. To do this satisfactorily we must do it in a way thatmakes the internal structure explicit.

What we need is Predicate Logic. It’s also called First-Order Logicand sometimes Predicate Calculus. In this new pastime we don’t just usesuggestive mnemonic symbols for propositional letters but we open up the oldpropositional letters that we had, and find that they have internal structure.“Romeo loves Juliet” will be represented not by a single letter ‘p’ but by some-thing with suggestive internal structure like L(r, j). We use capital Romanletters as predicate symbols (also known as relation symbols). In this casethe letter ‘L’ is a binary relation symbol, co’s it relates two things. The ‘r’ andthe ‘j’ are arguments to the relation symbol. They are constants that denotethe things that are related by the (meaning of the) relation symbol.

The obvious way to apply this to exercise 24 is to have a two-place predicateletter ‘T ’, and symbols ‘d’, ‘l’, ‘m’, ‘b’ and ‘c’ for Dix, Lang, Mill, Barry and Cole,respectively. I am going to write them in lower case beco’s we keep upper caseletters for predicates—relation symbols. And we’d better have two constantsfor the condiments salt and mustard: ‘s’ for salt and—oops!—can’t use ‘m’ for

3.1. TOWARDS FIRST-ORDER LOGIC 75

mustard co’s we’ve already used that letter for Mill! Let’s use ‘u’. So, insteadof ‘p’ and ‘q’ or even ‘ds’ etc we have:

‘T (b, s)’: Barry takes salt ‘T (b, u)’: Barry takes mustard‘T (m, s)’: Mill takes salt ‘T (m,u)’: Mill takes mustard‘T (c, s)’: Cole takes salt ‘T (c, u)’: Cole takes mustard‘T (l, s)’: Lang takes salt ‘T (l, u)’: Lang takes mustard‘T (d, s)’: Dix takes salt ‘T (d, u)’: Dix takes mustard

And now the symbolism we are using makes it clear what it is that two thingsin the same row have in common, and what two things in the same column havein common. I have used here a convention that you always write the relationsymbol first, and then put its arguments after it, enclosed within brackets.We don’t write ‘mTs’. Tho’ we do write “Hesperus = Phosphorous” (the twoancient names for the evening star and the morning star) and when we write therelation symbol between its two arguments we say we are using infix notation.(Infix notation only makes sense if you have two arguments not three: If you hadthree aguments where would you put the relation symbol if not at the front?)

What you should do now is look at the question on page 24, the one con-cerning Herbert’s love life, pets and accommodation.

If Herbert can take the flat only if he divorces his wife then heshould think twice. If Herbert keeps Fido, then he cannot take theflat. Herbert’s wife insists on keeping Fido. If Herbert does notkeep Fido then he will divorce his wife—provided that she insists onkeeping Fido.

You will need constant names ‘h’ for Herbert, ‘f ’ for Fido, and ‘w’ for thewife. You will also need a few binary relation symbols: K for keeps, as in“Herbert keeps Fido”. Some things might leave you undecided. Do you wantto have a binary relation symbol ‘T ’ for takes, as in “Herbert takes the flat”?If you do you will need a constant symbol ‘f ’ to denote the flat. Or would yourather go for a unary relation symbol ‘TF ’ to be applied to Herbert? No-one elseis conjectured to take the flat after all . . . If you are undecided between these,all it means is that you have discovered the wonderful flexibility of predicatecalculus.

Rule of thumb: We use Capital Letters for properties; on the whole we usesmall letters for things. (We do tend to use small letters for functions too).The capital letters are called relational symbols or predicate letters andthe lower case letters are called constants.

EXERCISE 25 Formalise the following, using a lexicon of your choice

1. Romeo loves Juliet; Juliet loves Romeo.

2. Balbus loves Julia. Julia does not love Balbus. What a pity. (I found thisin a latin primer: Balbus amat Juliam; Julia not amat Balbum . . . .)


3. Fido sits on the sofa; Herbert sits on the chair.

4. Fido sits on Herbert.

5. The sofa sits on Herbert. [just because something is absurd doesn’t meanit can’t be said!]

6. Alfred drinks more whisky than Herbert; Herbert drinks more whisky thanMary.

7. John scratches Mary’s back. Mary scratches her own back. [A binaryrelation can hold between a thing and itself. It doesn’t have to relate twodistinct things.]

8. None but the brave deserve the fair.

9. Brothers and sisters have I none; this man’s father is my father’s son.

3.1.1 The syntax of first-order Logic

All the apparatus for constructing formulæ in propositional logic work two inthis new context: If A and B are formulæ so are A ∨B, A ∧B, ¬A and so on.There is areally an abuse of

notation here: we should usequasi-quotes . . .

However we now have new ways of creating formulæ.The language now has constants and variables. Constants tend to be

lower-case letters at the start of the latin alphabet (‘a’, ‘b’ . . . ) and variablestend to be lower-case letters at the end of the alphabet (‘x’, ‘y’, ‘z’ . . . ). Sincewe tend to run out of letters we often enrich them with subscripts to obtain alarger supply: ‘x1’ etc.

Function letters are lower-case latin letters, typically ‘f ’ ‘g’ ‘h’. We applythem to variables and constants, and this gives us terms: f(x), g(a, y) andsuchlike. In fact we can even apply them to terms: f(g(a, y)), g(f(g(a, y), x))and so on. So a term is either a variable or a constant or something built upfrom variables-and-constants by means of function letters. What is a function?That is, what sort of thing do we try to capture with function letters? We haveseen an example: father-of is a function: you have precisely one father; son-ofis not a function. Some people have more than one, or even none at all.

Predicate letters are upper-case letters from the latin alphabet, usually fromthe early part: ‘F ’ ‘G’ . . . . They are called predicate letters because they arisefrom a programme of formalising reasoning about predicates and predication.‘F (x, y)’ could have arisen from ‘x is fighting y’. Each predicate letter has aparticular number of terms that it expects; this is the arity of the letter. If wefeed it the correct number of terms—so we have an expression like F (x, y)—wecall the result an atomic formula.

The equality symbol ‘=’ is a very special predicate letter: you are notallowed to reinterpret it the way you can reinterpret other predicate letters. Inthis respect it behaves like ‘∧’ and ‘∀’ and so on. It is said to be part of thelogical vocabulary.

3.2. SOME EXERCISES TO GET YOU STARTED 77

Unary predicates have one argument, binary predicates have two; n-aryhave n. Similarly functions.

Atomic formulæ can be treated the way we treated literals in propositionallogic: we can combine them together by using ‘∧’ ‘∨’and the other connectives.

Finally we can bind variables with quantifiers . . . free complete this explanationFor example, in a formula like

(∀x)(F (x)→ G(x))

the letter ‘x’ is a variable: you can tell because it is bound by the universalquantifier. The predicate letter ‘F ’ is not a variable. It is not bound by aquantifier, and cannot be: the syntax forbids it. In a first-order language youare not allowed to treat predicate letters as variables: you may not bind themwith quantifiers. Binding predicate letters with quantifiers (treating them asvariables) is the tell-tale sign of second-order Logic. I warned you earlier(on page 70) that completeness and compactness can fail if the syntax becomestoo expressive. Second-order Logic is a case in point: there is no completenesstheorem for second-order logic and this makes it very hard to handle. Seeappendix 11.11.2.

3.2 Some exercises to get you started

This may take you an hour or more.

EXERCISE 26 Render the following into Predicate calculus, using a lexicon ofyour choice

1. Anyone who has forgiven at least one person is a saint.

2. Nobody in the logic class is cleverer than everybody in the history class.

3. Everyone likes Mary—except Mary herself.

4. Jane saw a bear, and Roger saw one too.

5. Jane saw a bear and Roger saw it too.

6. Everybody loves my baby, but my baby loves nobody but me.

7. Socrates is a man; all men are mortal. Therefore Socrates is mortal.

8. Daisy is a cow; all cows eat grass. Therefore Daisy eats Grass.

9. Daisy is a cow; all cows are mad. Therefore Daisy is mad.

10. No thieves are honest; some dishonest people are found out. ThereforeSome thieves are found out.

11. No muffins are wholesome; all puffy food is unwholesome. Therefore allmuffins are puffy.


12. No birds except peacocks are proud of their tails; some birds that are proudof their tails cannot sing. Therefore some peacocks cannot sing.

13. Warmth relieves pain; nothing that does not relieve pain is useful in toothache.Therefore warmth is useful in toothache.

14. A wise man walks on his feet; an unwise man on his hands. Therefore noman walks on both.

15. A wise man walks on his feet; an unwise man on his hands. Therefore noman walks on neither.

16. No fossil can be crossed in love; an oyster may be crossed in love. There-fore oysters are not fossils.

17. All who are anxious to learn work hard; some of these students work hard.Therefore some of these students are anxious to learn.

18. His songs never last an hour. A song that lasts an hour is tedious. There-fore his songs are never tedious.

19. Some lessons are difficult; what is difficult needs attention. Therefore somelessons need attention.

20. All humans are mammals; all mammals are warm blooded. Therefore allhumans are warm-blooded.

In the previous question you have just seen a lot of argument tokens. Twoargument tokens belong to the same argument types if the predicate logic formulæyou have forced them into are the same or are “alphabetic variants”. Group theminto argument types.

3.3 First-order and second-order

We need to be clear right from the outset about the difference between first-orderand second-order. In first-order languages predicate letters and function letterscannot be variables. The idea is that the variables range only over individualinhabitants of the structures we consider, not over sets of them or properties ofthem. This idea—put like that—is clearly a semantic idea. However it can be(and must be!) given a purely syntactic description.

In propositional logic every wellformed expression is something which willevaluate to a truth-value: to true or to false. These things are called booleansso we say that every wellformed fomula of propositional logic is of type bool.

In first order logic it is as if we have looked inside the propositional variables(letters, literals—call them what you will) ‘A’, ‘B’ etc that were the things thatevaluate to true or to false, and have discovered that the letter—as it mightbe—‘A’ actually, on closer inspection, turned out to be ‘F (x, y)’. To know thetruth-value of this formula we have to know what objects the variables ‘x’ and‘y’ point to, and what binary relation the letter ‘F ’ represents.

3.3. FIRST-ORDER AND SECOND-ORDER 79

First-order logic extends propositional logic in another way too. Blah quan-tifiers.

3.3.1 Higher-order vs Many-Sorted

Higher-order

A predicate modifier is a second-order function letter. They are sometimescalled adverbial modifiers. For example we might have a predicate modifier Vwhose intended meaning is something like “a lot” or “very much’, so that ifL(x, y) was our formalisation of x loves y then V(L(x, y)) means x loves y verymuch. We will not consider them further.

Many-sorted

If you think the universe consists of only one kind of stuff then you will have onlyone domain of stuff for your variables to range over. If you think the universehas two kinds of stuff (for example, you might think that there are two kinds ofstuff: the mental and the physical) then you might want two domains for yourvariables to range over.

The most straightforward example of a two-sorted language known to me isone that will make sense only to the maths students among you: vector spaces.Vectors and scalars are different things, and you have different styles of variablesto range over them. If you are a cartesian dualist trying to formulate a theoryof mind in first-order logic you would want to have variables of two sorts: formental and for physical entities.

subsubsectionBeware of theseThe following formula looks like a first-order sentence that says there are at

least n distinct things in the universe. (Remember the∨

symbol from page 28.)

(∃x1 . . . xn)(∀y)(∨i≤n

y = xi) (3.1)

But if you are the kind of pedant that does well in Logic you will noticethat it isn’t a formula of the first-order logic we have just seen because thereare variables (the subscripts) ranging over variables! If you put in a concreteactual number for n then what you have is an abbreviation of a formula of ourfirst-order language. Thus

(∃x1 . . . x3)(∀y)(∨i≤3

y = xi) (3.2)

is an abbreviation of

(∃x1x2x3)(∀y)(y = x1 ∨ y = x2 ∨ y = x3) (3.3)

(Notice that formula 3.3.1 isn’t actually second-order either, because the dodgyvariables are not ranging over subsets of the domain.)


3.3.2 First-person and third-person

Natural languages have these wonderful gadgets like ‘I’ and ‘you’. These connectthe denotation of the expressions in the language to the users of the language.This has the effect that if φ is a formula that contains one of these pronounsthen different tokens of φ will have different semantics! This is completelyunheard-of in the languages of formal logic: semantics is defined on formula-types not formula-tokens. Another difference between formal languages andnatural languages is that the users of formal languages (us!) do not belong tothe world described by the expressions in those languages. (Or at least if we dothen the semantics has no way of expressing this fact.) Formal languages do havevariables, and variables function grammatically like pronouns, but the pronounsthey resemble are third person pronouns not first- or second-person pronouns.This is connected with their use in science: no first- or second-person perspectivein science. This is because science is agent/observer-invariant. Connected toobjectivity. The languages that people use/discuss in Formal Logic do not dealin any way with speech acts/formula tokens: only with the types of which theyare tokens.Blend these two paragraphs.

Also make the point thatpredicate calculus semanticsis not—to use CS jargon—done in real time.

3.4 Using predicate calculus

George is the best student.Then nested quantifiers. Emphasise the need to switch off fault-tolerant

pattern matching. (∀x)(∃y)(L(x, y)). I know two pop stars. I know no morethan two pop stars. There is no best student)

Once you’ve tangled with a few syllogisms you will be able to recognisewhich of them are good and which aren’t. ‘Good’? A syllogism (or any kindof argument in this language, not just syllogisms) is valid if the truth of theconclusion follows from the truth of the premisses simply by virtue of the logicalstructure of the argument. Recall the definition of valid argument from propo-sitional logic. You are a valid argument if you are a token of an argument typesuch that every token of that type with true premisses has a true conclusion.We have exactly the same definition here! The only difference is that we nowhave a slightly more refined concept of argument type.

We can use the expressive resources of the new language to detect that

Socrates is humanAll humans are mortalSocrates is mortal

. . . is an argument of the same type as

Daisy is a cowall cows are madDaisy is mad

3.4. USING PREDICATE CALCULUS 81

Both of these are of the form:

M(s) (∀x)(M(x)→ C(x))

C(s)

We’ve changed the letters but that doesn’t matter. The overall shape of thetwo formulæ is the same, and it’s the shape that matters.

The difference between the situation we were in with propositional logic andthe situation we are in here is that we don’t have a simple device for testingvalidity the way we had with propositional logic. There we had truth tables. Totest whether an argument in propositional logic is valid you form the conditionwhose antecedent is the conjunction of the premisses of the argument and whoseconsequent is the conclusion. The argument is valid iff the conditional is atautology, and you write out a truth-table to test whether or not the conditionalis a tautology.

I am not going to burden you with analogues of the truth-table method forpredicate logic. For the moment what i want is merely that you should get usedto rendering english sentences into predicate logic, and then get a nose for whichof the arguments are valid.

There is a system of natural deduction we can set up to generate all validarguments capturable by predicate calculus and we will get round to it but for supply referencethe moment I want to use this new gadget of predicate calculus to describe someimportant concepts that you can’t capture with propositional logic.

DEFINITION 16

• A relation R is transitive if

∀x∀y∀z((R(x, y) ∧R(y, z))→ R(x, z))

• A relation R is symmetrical if

∀x∀y(R(x, y)←→ R(y, x))

• (∀x)(R(x, x)) says that R is reflexive; and (∀x)(¬R(x, x)) says that R isirreflexive.

• A relation that is transitive, reflexive and symmetrical is an equivalencerelation.

A binary relation R is extensional if (∀x)(∀y)(x = y ←→ (∀z)(R(x, z) ←→ R(y, z)). Notice that a relationcan be extensional without its converse being extensional: the relation R(x, y) defined by “x is the mother of y”is extensional (Two women with the same children are the same woman) but its converse isn’t (two distinct peoplecan have the same mother).

There is a connection of ideas bween ‘extensional’ as in ‘extensional relation’ and ‘extension’ as contrastedwith ‘intension’,

Beginners often assume that symmetrical relations must be reflexive. Theyare wrong, as witness “rhymes with”, “conflicts with”, “can see the whites ofthe eyes of”, “is married to”, “is the sibling of” and many others.


Observe that equality is transitive, reflexive and symmetrical and is thereforean equivalence relation.

It may be worth making the point that not all relations are binary relations.There is a natural three-place relation of betweenness that relates points on aline, but this doesn’t concern us much as philosophers. Another example (againnot of particular philosophical interest but cutely everyday) is the three-placerelation of “later than” between hours on a clock. We cannot take this relationto be binary because, if we do, it will simply turn out to be the universalrelation—every time on the clock is later than every other time if you wait longenough: 3 o’clock is latwer than 12 o’clocka and 12 o’clock is later than 3 o’clock.However, with a three-place relation we can say “Starting at 12 o’clock we firstreach 3 o’clock and then 6 o’clock” (which is true) and “Starting at 12 o’clockwe first reach 6 o’clock and then 3 o’clock” (which isn’t). So we think of ourthree-place relation as “starting at x and reading clockwise we encounter y firstand then z”)

These properties of relations are in any case useful in general philosophy butthey are useful in particular in connection with possible word semantics to beseen in chapter 5.

Explain whyx is bigger than y; y is bigger than z. Therefore x is bigger than z.is not valid.Notice that you are not allowed to bind predicate letters. It is in virtue

of this restriction that this logic is sometimes called first-order Logic. Aswe explained in section 3.1.1 if you attempt to bind predicate letters you areengaging in what is sometimes called second-order logic and the angels willweep for you. It is the work of the devil.

De Morgan laws for the quantifiers: ¬∃¬ and ∀; ¬∀¬ and ∃.

EXERCISE 27 What are the principal connectives of the following formulæ offirst-order logic?

(∃y)(F (y) ∨ P )(∃y)(F (y)) ∨ PA→ (∀x)(B(x))

For the moment we are going to concentrate on just reading expressions ofpredicate calculus, so that we feel happy having them on our sofas and don’tpanic. And in getting used to them we’ll get a feeling for the difference betweenthose that are valid and those that aren’t.

1. (∀x)(F (x) ∨ ¬F (x))This is always going to be true, whatever property F is. Every x is eitherF or it isn’t. The formula is valid

2. (∀x)(F (x)) ∨ (∀x)(¬F (x))This isn’t always going to be true. It says (as it were) that everything isa frog or everything is not a frog. The formula is not valid; however it issatisfiable.


3. (∃x)(F (x) ∨ ¬F (x))

This is always going to be true, whatever property F is, as long as thereis something. So it is valid

4. This next expression, too, is always going to be true—as long as there issomething.

(∃x)(F (x)) ∨ (∃x)(¬F (x))

We adopt as a logical principle the proposition that the universe is notempty. That is to say we take these last two expressions to be logicallytrue.

5. In

(∃y)(∀x)L(x, y) (∀x)(∃y)L(x, y)

the left-hand formula implies the right hand formula but not vice versa.

6. These two formulæ are equivalent:

(∃x)(∀y)(F (y)→ F (x)) (∃x)((∃y)F (y))→ F (x))

There is at most one frog:

(∀xy)(F (x) ∧ F (y)→ x = y)

There is precisely one frog:

(∃x)(F (x) ∧ (∀y)(F (y)→ y = x))

EXERCISE 28 What does it mean to say that a variable is free in a formula?

1. Is ‘x’ free in (∀x)(F (x)→ G(y))? Is ‘y’ free?

2. Is ‘x’ free in F (x) ∧ (∀x)(G(x))?

EXERCISE 29 Consider the two formulæ

(∀x)(∃y)(L(x, y)) and (∃y)(∀x)(L(x, y)).

does either imply the other?If we read ‘L(x, y)’ as ‘x loves y’ then what do these sentences say in ordinary

English?

I think of this exercise as a kind of touchstone for the first-year student oflogic. It would be a bit much to ask a first-year student (who, after all, mightnot be going on to do second-year logic) to give a formal proof of the implicationor to exhibit a countermodel to demonstrate the independence but exercise 29is a fair test.


EXERCISE 30 Formalise in predicate logic, using abbreviations of your choice,the following arguments. In each case say whether or not the argument is valid.

1. If George is guilty he will be reluctant to answer questions. George isreluctant to answer questions. Therefore George is guilty.

2. Everybody drives a car unless they own a bicycle. Thomas Forster owns abicycle. Therefore Thomas Forster does not drive a car.

EXERCISE 31 Match up the formulæ on the left with their English equivalentson the right.

(i) (∀x)(∃y)(x loves y) (a) Everyone loves someone(ii) (∀y)(∃x)(x loves y) (b) There is someone everyone loves(iii) (∃y)(∀x)(x loves y) (c) There is someone that loves everyone(iv) (∃x)(∀y)(x loves y) (d) Everyone is loved by someone

EXERCISE 32 In each of the following pairs of formulæ, determine whetherthe two formulæ in the pair are (i) logically equivalent or are (ii) negations ofeach other or (iii) neither. In each formula circle the principal connective.

(∃x)(F (x)); ¬∀x¬F (x)(∀x)(∀y)F (x, y); (∀y)(∀x)F (x, y)(∃x)(F (x) ∨G(x)); ¬(∀x)(¬F (x) ∨ ¬G(x))(∀x)(∃y)(F (x, y)); (∃y)(∀x)(F (x, y))(∃x)(F (x))→ A; (∀x)(F (x)→ A)(∃x)(F (x)→ A); (∀x)(F (x))→ A

(In the last two formulæ ‘x’ is not free in A)Wouldn’t it be nice to do without variables, since once they’re bound it

doesn’t matter which they are? It would—and there is a way of doing it, calledPredicate Functor Logic. Quine [29] and Tarski-Givant [33] wrote about it, andwe will see glimpses in chapter 7. Unfortunately it seems that the human brain(most of them anyway—certainly mine and probably yours) are not configuredto process the kind of syntax one is forced into if one doesn’t have variables. Asfar as I know all natural languages have pronouns rather than the contrivancesrequired by variable-free syntax.

3.4.1 Equality and Substitution

Equality is a deeply deeply problematic notion in all branches of philosophy.It was really quite brave of Frege to so much as attempt to define it. Hisdefinition of equality says that it is the intersection of all reflexive relations.A binary relation R is reflexive if R(w,w) holds for all w: (That’s what the‘(∀w)(R(w,w))’ is doing in the formula 3.4.1 below.) So Frege’s definition is


x = y iff (∀R)[(∀w)(R(w,w))→ R(x, y)] (3.1)

The first thing to notice is that this definition is second-order! You can tellthat by the ‘(∀R)’ and the fact that the R is obviously a predicate letter becauseof the ‘R(w,w)’.

Notice that this definition is not circular (despite what you might have ex-pected from the appearance of the word ‘reflexive’) since the definiendum doesnot appear in the definiens.

3.4.1.1 Substitution

Consider the binary relation “every property that holds of x holds also of y andvice versa”. This is clearly reflexive! If x and y are equal then they stand inthis relation (because two things that are equal stand in every reflexive rela-tion, by definition) so they have the same properties. This justifies the rule ofsubstitution. (If you have good French have a look at [9]).

A(t) t = xsubst

A(x)(3.2)

In the rule of substitution you are not obliged to replace every occurrenceof ‘t’ by ‘x’. (This might remind you of the discussion on page 42 where weconsider cancelling premisses.)

The following example is a perfectly legitimate use of the rule of substitution,where we replace only the first occurrence of ‘t’ by ‘x’. In fact this is how weprove that equality is a symmetrical relation!

t = t t = x substx = t(3.3)

Given that, the rule of substitution could more accurately be represented by

A[t/x] t = xsubst

A(3.4)

. . . the idea being that A is some formula or other—possibly with free occur-rences of ‘x’ in it—and A[t/x] is the result of replacing all free occurrences of‘x’ in A by ‘t’. This is a bit pedantic, and on the whole our uses of substitutionwill look more like 3.2 than 3.4.

However we will definitely be using the A[t/x] notation in what follows, sobe prepared. Sometimes the [t/x] is written the other side, as

[t/x]A. (3.5)

This notation is intended to suggest that [t/x] is a function from formulæ toformulæ that is being applied to the formula A.


One thing that may cause you some confusion is that sometimes a formulawith a free variable in it will be written in the style “A(x)” making the variableexplicit. Sometimes it isn’t made explicit. When you see the formula in 3.4.1it’s a reasonable bet that the variable ‘x’ is free in A, or at least could be: afterall, there wouldn’t be much point in substituting ‘t’ for ‘x’ if ‘x’ weren’t free,now would it?!

3.5 Natural Deduction Rules for First-Order Logic

To the natural deduction rules for propositional calculus we add rules for intro-ducing and eliminating the quantifiers:

Rules for ∃

A(t)∃-int

(∃x)(A(x)

[A(t)](1)

...C (∃x)(A(x))

∃-elim(1)C

(3.1)

Notice the similarity between ∨-elimination and ∃-elimination.

Rules for ∀...

A(t)(∀x)(A(x))∀−int (∀x)(A(x))

A(t) ∀-elim

To prove that everything has property A, reason as follows. Let x be anobject about which we know nothing, reason about it for a bit and deduce thatx has A; remark that no assumptions were made about x; Conclusion: all xsmust therefore have property A. But it is important that x should be an objectabout which we know nothing, otherwise we won’t have proved that every x hasA, merely that A holds of all those x’s that satisfy the conditions x satisfiedand which we exploited in proving that x had A. The rule of ∀-introductiontherefore has the important side condition: ‘t’ not free in the premisses. Theidea is that if we have proved that A holds of an object x selected arbitrarily,then we have actually proved that it holds for all x.

The rule of ∀-introduction is often called Universal Generalisation orUG for short. It is a common strategy and deserves a short snappy name. Iteven deserves a joke.1

THEOREM 17 Every government is unjust.

1Thanks to Aldo Antonelli.

3.6. SEQUENT RULES FOR FIRST-ORDER LOGIC 87

Proof: Let G be an arbitrary government. Since G is arbitrary, it is certainlyunjust. Hence, by universal generalization, every government is unjust.

This is of course a fallacy of equivocation.In the propositional calculus case a theorem was a formula with a proof that

had no undischarged assumptions. We have to tweak this definition slightly inthis new situation of natural deduction rules for first-order logic. We have toallow undischarged assumptions like t = t: it’s hard to see how else we are goingto prove obvious logical truths like (∀x)(∀y)(x = y → y = x). (The fact thatsymmetry of equality is a logical truth is worth noting. This is because equalityis part of the logical vocabulary . . . Must say a lot more about

equality being part of thelogical vocabulary

However, we will not develop this further but will procede immediately to asequent treatment.

3.6 Sequent Rules for First-Order Logic

∀ left:

F (t),Γ ` ∆(∀x)(F (x)),Γ ` ∆ ∀ − left

where ‘t’ is an arbitrary term(If ∆ follows from Γ plus the news that Trevor has property F then it will

certainly follow from Γ plus the news that everybody has property F .) eigenvariable

∀ right:

Γ ` ∆, F (t)Γ ` ∆, (∀x)(F (x)) ∀ − right

where ‘t’ is a term not free in the lower sequent. We explain ∀-R by saying: ifwe have a deduction of F (a) from Γ then if we replace every occurrence of ‘a’in Γ by ‘b’ we have a proof of F (b) from the modified version [b/a]Γ. If thereare no occurrences of ‘a’ to replace then [b/a]Γ is just Γ and we have a proof ofF (b) from the original Γ. But that means that we have proved (∀x)(F (x)) fromΓ.

∃ left:

F (a),Γ ` ∆(∃x)(F (x)),Γ ` ∆ ∃ − left

where ‘a’ is a variable not free in the lower sequent.

∃ right:

Γ ` ∆, F (t)Γ ` ∆, (∃x)(F (x)) ∃ − right


where ‘t’ is an arbitrary term.(Notice that in ∀-L and ∃-R the thing that becomes the bound variable (the

eigenvariable) is an arbitrary term whereas with the other two rules it has tobe a variable)

We will of course have to allow sequents like ` x = x as initial sequents.You might like to think about what the subformula property would be for

first-order logic. What must the relation “subformula-of” be if it is to be thecase that every proof of a formula φ using only these new rules is to containonly subformulæ of φ?

3.6.1 Prenex Normal Form

There is a generalisation of CNF and DNF to first-order logic: it’s called Prenexnormal form. The definition is simplicity itself. A formula is in Prenex normalform if it is of the form

(Qv1)(Qv2) · · · (Qvn)(....)

where the Qs are quantifiers, and the dots at the end indicate a purelyboolean formula: one that contains no quantifiers. All quantifiers have been“pulled to the front”.

EXERCISE 33 Which of the following formulæ are in Prenex normal form?Insert some formulae here!!

THEOREM 18 Every formula is logically equivalent to one in PNF.

To prove this we need to be able to “pull all quantifiers to the front”. Whatdoes this piece of italicised slang mean? Let’s illustrate:

(∀x)F (x) ∧ (∀y)G(y)

is clearly equivalent to(∀x)(∀y)(F (x) ∧G(y))

(If everything is green and everything is a frog then everything is both greenand a frog and vice versa).

EXERCISE 34 Find proofs of the following sequents:

¬∀xφ(x) ` ∃x¬φ(x),¬∃xφ(x) ` ∀x¬φ(x),φ ∧ ∃xψ(x) ` ∃x(φ ∧ ψ(x)),φ ∨ ∀xψ(x) ` ∀x(φ ∨ ψ(x)),φ→ ∃xψ(x) ` ∃x(φ→ ψ(x)),φ→ ∀xψ(x) ` ∀x(φ→ ψ(x)),∃xφ(x)→ ψ ` ∀x(φ(x)→ ψ)∀xφ(x)→ ψ ` ∃x(φ(x)→ ψ),∃xφ(x) ∨ ∃xψ(x) ` ∃x(φ(x) ∨ ψ(x)),∀xφ(x) ∧ ∀xψ(x) ` ∀x(φ(x) ∧ ψ(x)),

3.7. SOUNDNESS AGAIN 89

In this exercise φ and ψ are formulæ in which ‘x’ is not free, while φ(x) andψ(x) are formulæ in which ‘x’ may be free. The point in each case is that in theformula being deduced the scope of the quantifier is larger: it has been “pulledto the front”. If we keep on doing this to a formula we end up with somethingthat is in PNF. ]and explain to your flatmates what this has to do with theorem 18.

Explain why PNF isimportant—why normalform theorems are im-portant in general. Itimposes a linear order onthe complexity of formulæ.

EXERCISE 35 Prove the following sequents. The first one is really quite easy.The second one underlines the fact that you do not need a biconditional in thedefinition of ‘symmetric’.

1. ` ¬(∃x)(∀y)(P (y, x)←→ ¬(P (y, y)))

2. ∀x∀y(R(x, y)→ R(y, x)) ` ∀x∀y(R(x, y)←→ R(y, x));

This is Russell’s paradox of the set of all sets that are not members ofthemselves. (See section 10.2.)

3. ` ¬(∃x)(∀y)(P (y, x)←→ (∀z)(P (z, y)→ ¬P (y, z)))

This formula concerns the modified paradox of Russell concerning the setof those sets that are not members of any member of themselves.

It is noticeably harder, and is recommended mainly for enthusiasts. Youwill certainly need to “keep a copy”! You will find it much easier to finda proof that uses cut. Altho’ there is certainly a proof that never hasmore than one formula on the right you might wish to start off withoutattempting to respect this constraint.

EXERCISE 36 Find a proof of the following sequent:

(∀x)[P (x)→ P (f(x))] ` (∀x)[P (x)→ P (f(f(x)))]

For this you will definitely need to keep a copy. (On the left, as it happens)

3.7 Soundness again

At this point we should have a section analogous to section 2.2 where we provethe soundness of natural deduction for propositional logic and section 2.3.1where we prove the sequent calculus for propositional logic. Work to be done here

In contrast to soundness, completeness is hard. See section 3.9.

3.8 Hilbert-style systems for first-order Logic

At this point there should be a section analogous to section 2.5. However I thinkwe can safely omit it.


3.9 Semantics for First-order Logic

This section is not recommended for first-years.We arrived at the formulæ of first-order logic by a process of codifying what

was logically essential in some scenario or other. Semantics is the reverse pro-cess: picking up a formula of LPC and considering what situations could havegiven rise to it by the kind of codification that we have seen in earlier pages, forexample in exercises 30 page 84, 25 page 75, and 26 page 77.Need more formalisation ex-

ercises A valid formula is one that is true in all models. We’d better be clear whatthis means! So let’s define what a model is, and what it is for a formula to betrue in a model.

Signatures, structures, carrier set. Then we can explain again the differencebetween a first-order theory and a higher-order theory.

The obvious examples of structures arise in mathematics and can be mis-leading and in any case are not really suitable for our expository purposes here.We can start off with the idea that a structure is a set-with-knobs on. Here isa simple example that cannot mislead anyone.

The carrier set is the set Beethoven, Handel, Domenico Scarlatti and theknobs are (well, ‘is’ rather than ‘are’ because there is only one knob in this case)the binary relation “is the favourite composer of”. We would obtain a differentstructure by adding a second relation: “is older than” perhaps.

Now we have to give a rigorous explanation of what it is for a formula to betrue in a structure.Need some formal semantics

here!DEFINITION 19A theory is a set of formulæ closed under deduction.

We say T decides ψ if T ` ψ or T ` ¬ψ.Let us extend our use of the ‘L’ notation to write ‘L(T )’ for the language to

which T belongs.2

A theory T is complete if T decides every closed φ in L(T ).

DEFINITION 20 A Logic is a theory closed under uniform substitution.

A typical way for a theory to arise is as the set of things true in a givenstructure M. We write this Th(M). Thus Th(M) = φ :M |= φ. Theoriesthat arise in this way, as the set of things true in a particular structure, are ofcourse complete—at least as long as the structure is finite, because then we cansimply write down a complete description of it.

A related typical way in which a theory can arise is as the set of all sentencestrue in a given class of structures.

Theories that arise in the first way are obviously going to be complete!Surprisingly some theories that arise in the second way can be complete too:

2For sticklers:L(T ) =:

[s∈T

L(s)

where L(s) is as defined in the second part of definition 11 on page 67.

3.9. SEMANTICS FOR FIRST-ORDER LOGIC 91

DLO is the theory of dense linear orders. It is expressed in a language L(DLO)with equality and one two-place predicate <. Its axioms say that < is transitiveand irreflexive, and that between any two things there is a third, and that thereis no first or last element.

EXERCISE 37 Write out the axioms of DLO. Can there be a finite model ofDLO?

It’s not hard to show that this theory is complete, using a famous construc-tion of Cantor’s.

A famous example of an incomplete theory is the theory known as PeanoArithmetic. Its incompleteness was proved by Godel.

We need one more technicality: the concept of a countable language.A first-order language with a finite lexicon has infinitely many expressions init, but the set of expressions is said to be countable: that is to say we cancount the expressions using the numbers 1, 2, 3, 4 . . . which are sometimescalled the counting numbers and sometimes called the natural numbers. (If youwere a mathematics or computer science student I would drag you kicking andscreaming through a proof of this fact) The set of natural numbers is usuallywritten with a capital ‘N’ in a fancy font, for example IN. There is some smallprint to do with the fact that we might have an infinite supply of variables . . . .After all, there is no limit on the length of expressions so there is no limit onthe number of variables that we might use, so we want to be sure we will neverrun out. The best way to do this is to have infinitely many variables. We canachieve this while still having a finite alphabet by saying that our variables willbe not ‘x’, ‘y’ . . . but ‘x’, ‘x′’, ‘x′′’ . . . the idea being that you can always makeanother variable by plonking a ‘′’ on the right of a variable.

THEOREM 21 Every theory in a countable language can be extended to a com-plete theory.

“countable”?Proof: Suppose T is a theory in a language L(T ) which is countable. Then wecount the formulæ in L(T ) as φ1, φ2 . . . and define a sequence of theories Ti asfollows.

T0 = T and thereafter

Ti+1 is to be Ti if Ti decides φi and is Ti ∪ φi otherwise.

3.9.1 Completeness

∈-terms

For any theory T we can always add constants to L(T ) to denote witnesses to∃n sentences in T . ∃n sentence?

Suppose T ` (∃x)(F (x)). There is nothing to stop us adding to L(T ) a newconstant symbol ‘a’ and adding to T an axiom F (a). Clearly the new theory willbe consistent if T was. Why is this? Suppose it weren’t, then we would have


a deduction of the false from F (c). Therefore, by →-introduction, we wouldhave a proof of ¬F (c). But then, by UG, we would have a proof of ∀x¬F (x) inT . But T also proves (∃x)(F (x)), so T was inconsistent.

Notice that nothing about the letter ‘a’ that we are using as this constanttells us that a is a thing which is F . We could have written the constant ‘aF ’or something suggestive like that. Strictly it shouldn’t matter: variables andconstant symbols do not have any internal structure that is visible to the lan-guage3, and the ‘F ’ subscript provides a kind of spy-window available to anyonementioning the language, but not to anyone merely using it. The possibility ofwriting out novel constants in suggestive ways like this will be useful later.

EXERCISE 38

1. Find a proof of the sequent ` (∃x)(∀y)(F (y)→ F (x))

2. Find a natural deduction proof of (∃x)(∀y)(F (y)→ F (x))

3. Find a proof of the sequent ` (∃x)(F (x)→ (∀y)(F (y))

4. Find a natural deduction proof of (∃x)(F (x)→ (∀y)(F (y))

The first item tells us that for any F with one free variable we can invent aconstant whose job it is to denote an object which has property F as long asanything does. If there is indeed a thing which has F then this constant candenote one of them, and as long as it does we are all right. If there isn’t such athing then it doesn’t matter what it denotes. The appeal to the law of excludedmiddle in this patter should alert you to the possibility that this result is notconstructively correct. (So you should expect to find that you need to have twoExplain constructively cor-

rect formulæ on the right at some point in the proof of exercise 38.)This constant is often written (εx)F (x). Since it points to something that

has F as long as there is something that has F , we can see that

(∃x)(F (x)) and F ((εx)F (x))

are logically equivalent. So we have two rules

(∃x)(F (x)) and F ((εx)F (x))F ((εx)F (x)) (∃x)(F (x))

The right-hand one is just a special case of ∃-introduction but the left-handone is new, and we call it ε-introduction.

Notice that this gives us an equivalence between a formula that definitelybelongs to predicate calculus (co’s it has a quantifier in it) and something thatappears not to4. Hilbert was very struck by this fact, and thought he hadstumbled on an important breakthrough: a way of reducing predicate logic topropositional logic. Sadly he hadn’t, but the ε-terms are useful gadgets all thesame, as we are about to see.

3Look again at formula 3.3.1 on page 79 and the discussion on page 74.4The ‘ε’ is not a quantifier, but it is a binder: something that binds variables. ‘∃’ and ‘∀’

are binders of course, and so is ‘λ’ which we will meet in chapter 7.

3.10. INTERPOLATION 93

THEOREM 22 Every consistent theory has a model.

Proof:Let T1 be a consistent theory in a countable language L(T1).Now we do the following things

1. Add axioms to T1 to obtain a complete extension;

2. Add ε terms to the language.

Notice that when we add ε-terms to the language we add new formulæ: if‘(εx)F (x))’ is a new ε-term we have just added then ‘G((εx)F (x)))’ is a newformula, and T1 doesn’t tell us whether it is to be true or to be false. Thatis to say L(T1) doesn’t contain ‘(εx)F (x)’ or ‘G((εx)F (x)))’. Let L(T2) bethe language obtained by adding to L(T1) the expressions like ‘(εx)F (x)’ and‘G((εx)F (x)))’.

We extend T1 to a new theory in L(T2) that decides all these new formulæwe have added. This gives us a new theory, which we will—of course—call T2.

It’s worth thinking about what sort of formulæ we generate. We added termslike (εx)(F (x)) to the language of T1. Notice that if H is a two-place predicatein L(T ) then we will find ourselves inventing the term (εy)H(y, (εx)F (x)) whichis a term of—one might say—depth 2. And there will be terms of depth 3, 4and so on as we persist with this process. All atomic questions about ε termsof depth n are answered in Tn+1.

Repeat and take the union of all the theories Ti we obtain in this way: callit T∞. (Easy to see that all the Ti are consistent—we prove this by induction).T∞ is a theory in a language L∞, and it will be complete. The model for T∞will be the structure whose carrier set is the set of ε terms we have generateden route. All questions about relations between the terms in the domain areanswered by T∞. Does this make it a model of T? Might not T∞ assert thatthere is a wombat but yet deny of each term that it is a wombat? This is whatwe fear . . .

The key fact is that if T∞ asserts that there is a wombat, then that is becauseone of the Ti asserts that there is a wombat. But if Ti does this, then at stagei+ 1 we add a term and tell it to be a wombat. So there is a term asserted byT∞ to be a wombat. This means that the thing we fear cannot happen.

This is a result of fundamental importance. Any theory that is not actuallyself-contradictory is a description of something. It’s important that this holdsonly for first-order logic. It does not work for second-order logic, and this factis often overlooked. (If you want a discussion of this, look at appendix 11.11.2).A touching faith in the power of the completeness theorem is what lies behindthe widespread error of reifying possibilities into possible worlds. See [11]. Also Schutte’s proof

3.10 Interpolation

There is a precise analogue in predicate calculus of the interpolation lemma forpropositional logic of section 2.6.


THEOREM 23 The Interpolation LemmaIf A → B is a valid formula of first-order logic then there is a formula C

containing only predicate letters that appear in both A and B such that A→ Cand C → B are both valid formulæ of first-order logic.

A proof of this fact is beyond the scope of this course. The proof relies onthe subformula property mentioned earlier. The disjoint-vocabulary case isintuitively obvious, but it’s not at all clear how to do the induction.

Close attention to the details of the proof of the completeness theorem willenable us to prove it and get bounds on the complexity of the interpolatingformula. These bounds are not very good!

The interpolation lemma is probably the most appealing of the consequencesof the completeness theorem, since we have very strong intuitions about irrel-evant information. Hume’s famous dictum that one cannot derive an “ought”from an “is” certainly arises from this intuition. The same intuition is at work inthe hostility to the ex falso sequitur quodlibet that arises from time to time: ifthere has to be a connection in meaning between the premisses and the conclu-sion, then an empty premiss—having no meaning—can presumably never implyanything.

3.11 Compactness

Recall section 2.8 at this point.

3.12 Skolemisation

Find a proof of the sequent

∀x∃yR(x, y) ` (∀x1)(∃y1)(∀x2)(∃y2)(R(x1, y1)∧R(x2, y2)∧(x1 = x2 → y1 = y2))

3.13 What is a Proof?

“No entity without identity” said Quine. The point he is making is that youcan’t claim to know what your entities (widgets, wombats . . . ) are until you havea way of telling whether two given widgets, wombats . . . are the same widget,wombat . . . or not. One of the difficulties with proof theory is that although ournotions of proof allow us to tell whether two proofs are the same or not, theygenerally seem to be too fine.

Consider the sequent

P (a), P (b) ` (∃x)P (x).

Given our concept of sequent proof it has two proofs depending on whethersupply themwe instantiate ‘x’ to ‘a’ or to ‘b’. But do we really want to distinguish between

3.13. WHAT IS A PROOF? 95

these two proofs? Aren’t they really the same proof? This looks like a problem:if one had the correct formal concept of proof, one feels, it would not be makingspurious distinctions like this. A correct formalisation would respect the folk-intuitions that the prescientific notion comes with. Not all of them, admittedly,but some at least, and surely this one. Arriving at the most parsimonious wayof thinking about phenomena is part of what good old conceptual analysis isfor.

But does it matter? There are people who say that it doesn’t. Ken Manders Reference?is a philosopher of Mathematics at Pittsburgh who says that all formalisationsof pre-scientific concepts result in spurious extra detail in this way, and that it’sjust a fact of life. His favoured examples are knots and computable functions.He thinks this is inevitable: this is the kind of thing that does just happenif you mathematise properly. Typically there won’t be just one right way ofthinking about any mathematical entity. The error of thinking that there isalways precisely one he lays at Frege’s door.

This makes me think: might we not be able to avoid this overdeterminationby having an operationalist view of mathematical entities? Operationalism isusually a dirty word in Philosophy of Science and Ken says this is because itresults in very impoverished theoretical entities (He mentions Bridgeman in thisconnection).

So why might it be less problematic in Mathematics? Anything to do withthe idea that Mathematics has no subject matter? If you are a scientific real-ist then operationalism is clearly a bad idea because it won’t capture the fullthrobbing reality of the entities you are looking it. But in Mathematics. . . ? If itis true that anything done with sufficient rigour is part of Mathematics then wemight be all right. Of course the idea that Mathematics has no subject matteris just, in new dress, the old idea that all of mathematics is a priori and has noempirical content. Better still, it might be the correct expression of that insight.

Ken thinks there is a parallel between the overdetermination of ordered pairsand the overdetermination of knots but i think these are different. I don’t thinkwe are implementing knots, i think we are trying to formalise them. But perhapsit really is the same. Fit this in somewhere: take

a formula of the Σ1 frag-ment of second-order logic.Delete the existential quanti-fiers. The result is a formulain 1st order logic with func-tion letters. If it is refutablethen so was the Σ1 formulawe started with. So there is arefutation procedure for theΣ1 fragment of second-orderlogic.Similarly there is a refuta-tion procedure for the setof formulæ true in all finitestructures.


Chapter 4

Constructive and Classicaltruth

Suppose you are the hero in a mediæval romance. You have to rescue thePrincess from captivity and maltreatment at the hands of the Evil Dragon. Todo this you will of course need a Magic Sword to cut off the head of the EvilDragon, and a Magic Key to open the door of the dungeon, co’s it had a Spellput on it by the Evil Dragon, so if you are to open it, only a Magic Key will do.How are you to procede?

You can cheer yourself up with the thought: “Things aren’t as bad as theymight look. After all, these stories always have happy endings: the Dragonalways gets killed and the Princess always gets rescued. This being the casethere must be a Magic Key and there must be a Magic Sword! If there weren’tthere wouldn’t be a Happy Ending, and there always is a Happy Ending.”1

You can say this to yourself—and you’d be right: there must indeed be aMagic Sword and a Magic Key. However this is not a great deal of use to you.It doesn’t begin to solve the problem, since what you want is not an existencetheorem for Magic Keys and Magic Swords—what you actually want is to findthe gadgets and have them in your little hot hand. And the chain of reasoningyou have just put yourself through, sound tho’ it undeniably is, tells you nothingabout where to find the damned things. It’s reassuring up to a point, in thatthis inference-from-authorial-omniscience constitutes a sort of prophecy that theMagic Key and Magic Sword will turn up eventually, but it doesn’t put themin your hand. (We will return to Prophecy later—section 4.3).

This is a perfect example of a nonconstructive existence theorem. Wehave a proof that there is a whatever-it-is, but the proof that there is one doesnot reveal where the whatever-it-is is to be found. Further, this is an exampleof a situation where a nonconstructive existence theorem is of very little use.There are standard examples from mathematics where it is a little clearer whatis going on, but this example will have to serve our purposes here. In order not

1This may be related to the Kantian notion of transcendental argument.

97

98 CHAPTER 4. CONSTRUCTIVE AND CLASSICAL TRUTH

to find ourselves in the predicament of the hero of the mediæval romance whohas proved the existence of the sword and the key but does not know whereto find them we could consider restricting the principles of reasoning we useto those principles which, whenever they prove that (∃x)(Sword(x)), also proveSword(a) for some a. The thinking behind this suggestion is that the Hero’senergies (and perhaps his wits) are limited, and there is therefore no point inhaving clever inferences that supply him with information that he cannot useand which will only distract him.Another—more striking—

example is Prior’s Cretan:“Everything I say is false”.It is clear that he must havesaid something else. Forsuppose that were the onlything he had said. Then wewould have the liar paradox,since “Everything I say isfalse” is equivalent to “wnatI am now saying is false” ifthat is the only thing thespeaker says. Yet we cannotdetermine what else he hassaid!This is more striking, but itis a less satisfactory exam-ple, since it relies on self-reference, which is fraughtwith problems. Those prob-lems have nothing to do withnonconstructivity, so it isbest not to use an examplethat drags them in.

The principles of reasoning it is suggested we should restrict ourselves to aresaid to be constructive and proofs constructed in accordance with them arealso said to be constructive. One of my students said that principles of reason-ing that were well-behaved in this way should be called “exhibitionist” and thephilosophy of mathematics that insisted on them should be called “exhibition-ism”.

(A reluctance to infer ∀xF (x) from ¬∃x¬F (x) may be what is behind thereluctance a lot of people have in concluding that vacuous universal quantifica-tion always gives you the true.

⋂∅ = V . Trivially everything belongs to all

members of the empty set. Clearly there cannot be a member of the empty setto which you do not belong (that’s a ¬∃¬) so you belong to all of them.)

Let’s work on our mediæval-romance illustration. What principle of rea-soning have we used that conflicts with exhibitionism? Well, we started off bysupposing that there were no key and no sword, and found that this contra-dicted the known fact there is a happy ending. So our assumption must havebeen wrong. It isn’t true that there is no key and no sword. That is to say

¬(There is no key) and ¬(There is no sword) (*)

And from this we wished to infer

There is a key and a sword (**)

Now our proof of (*) can’t violate exhibitionism—not literally at least—co’s(*) isn’t of the form (∃x) . . .. But our proof of (**) definitely can—and it does.And since the only thing we did to our proof of (*) (which was exhibitionist)to obtain the proof of (**) (which is not exhibitionist) is to apply of the law ofdouble negation then clearly that application of the law of double negation wasthe fatal step.

(And this isn’t a rerun of the problem with reductio ad absurdum that wesaw in section 2.1.2!!!)

Since we can sometimes find ourselves in situations where a nonconstruc-tive proof is no use to us, we want to distinguish between constructive andnonconstructive proofs of, say

(∃x)(x is a Magic Sword). (MS)

Typically (tho’ not invariably) a nonconstructive proof of MS will take theform of an assumption that there are no Magic Swords followed by a deductionof a contradiction from it. Such a proof can be divided into two parts:

99

1. a first half—not using excluded middle or double negation—in which wederive a contradiction from ¬(∃x)(x is a Magic Sword), and thereby prove¬¬(∃x)(x is a Magic Sword); and

2. a second part in which we use the law of double negation to infer (∃x)(xis a Magic Sword).

This certainly throws the spotlight on the law of double negation. Let’sintermit briefly to think about it. A couple of things to notice.

The obvious way to prove the law of double negation in natural deduction isto use the rule of classical negation. In contrast we can give a natural deductionproof of triple negation: ¬¬¬p→ ¬p without using the rule of classical negation.Indeed we can prove (((p → q) → q) → q) → (p → q) just using the rules for→. (This was part 5 of exercise 14 on page 47.)

Classically we acknowledge nonconstructive proof (in that we think the sec-ond part of the proof is legitimate) and we believe that (∃x)(x is a Magic Sword)and ¬¬(∃x)(x is a Magic Sword) are the same proposition—and we can do thiseven while recognising the important difference between constructive proof andnonconstructive proof. Is there anything to be said for a contrasting viewpointin which we acknowledge only constructive proof and we believe that (∃x)(x is aMagic Sword) and ¬¬(∃x)(x is a Magic Sword) are different propositions? Thatis to say we renounce step (2) not because it gives us misleading informationabout a true conclusion (namely that it tells us that there is a Magic Swordwithout telling us where to find it) but rather because it tells us something thatis simply not true!

Notice that our desire to distinguish between constructive and nonconstruc-tive proof clearly does not commit us to this second position. It would be anerror to think that because we wish to eschew certain kinds of proof it there-fore follows either that the proofs are not good proofs or that the things whoseproofs are eschewed are not true. This error has parallels elsewhere. Here arefive I can think of, and no doubt there are more.

• Philosophers of Science are—rightly—concerned that the endeavour tounderstand science done by earlier people in the West should not be seenmerely as part of a process whose culminating point is us. They warnus against doing ‘whig history’—a reference to the great whig historianLord Macauley whose histories had precisely this character. One strategyfor doing this is to pretend that there is no such thing as progress in thesciences.

• People who study sociology of science are concerned with how scientifictheories propagate though communities. For them, questions of the con-tent and truth of those theories are a distraction, and one strategy fornot being distracted is to pretend that the theories simply do not havecontent.

• A strategy for not worrying about the ills to which flesh is heir is to denythe reality of matter.


• The law of rape protects girls under the age of consent from the sexualattentions of men. It protects them whether they are 4, or even 15 andsexually mature. People who are concerned to protect adolescent girls willnot wish any debate on how to do it to be sidetracked into a discussion ofprecisely how much worse a rape of a 4-year old is that of a 15-year old.One way of forstalling such a discussion is to deny that between these twocrimes is there any difference to be discussed.

• Psychotherapists have to help their clients in their (the clients’) difficultiesin personal relations. The pyschotherapist has no way of telling whetheror not the client’s version of events is true, but they have to help anyway.Therefore the truth (or otherwise) of the client’s story cannot be a con-sideration. In these circumstance it is easy to slip into the position thatthere is no such thing as truth.

The fact that the inference from considerations like MS to exhibitionism isfallacious doesn’t mean that exhibitionism is mistaken. (If you wish to pursuethis look at [10], [21] and [22].)

Even if constructivism is a mistake there might nevertheless be somethingto be said for exploring some of the consequences of adopting it: plenty of truthshave been inferred from falsehoods (see www.dpmms.cam.ac.uk/~tf/kannitverstan.html).

4.1 The Radical Translation Problem with Clas-sical and Constructive Logic

Radical Translation is the problem confronted by the field anthropologist ob-serving members of a strange tribe going about their everyday business, doingthings, making utterances (in a language the field anthropologist has no dictio-nary for, and no interpreter) and expressing agreement or disagreement. Theproblem is: how does the anthropologist translate utterances of the strangetribe’s language into his-or-her own language? There is a procedural problemof course: (“how do you set about it?”) but there is also a more philosophicalproblem: what are the criteria for success or failure? Should the anthropologistbe willing to ascribe deviant notions of truth or deviant notions of inference tothe tribe if that makes the translation go more smoothly? Might the anthropol-ogist ever be forced to the conclusion that the people of the alien tribe do notbelieve the law of non-contradiction, for example?

Quine wrote extensively about this problem of radical translation (it allstarts in [28]), and his general drift is that the anthropologist would never (orhardly ever!) be forced into concluding that the tribe has a deviant notion oftruth or a deviant logic; there would always be enough slop in the system forone to be able to reinterpret one’s way out of such an impasse. The catchphraseassociated with this view was “the indeterminacy of translation”.

The general view nowadays seems to be that Quine was wrong in at leastsome of what he wrote about this, if not all of it. However he did at least

4.1. A RADICAL TRANSLATION PROBLEM 101

do us a favour by making us think about what the criteria for correct versusincorrect translations might be. Constructive and classical logic might be a goodcase study because we have quite a lot of data to work on. How are classicallogicians and constructive logicians to make sense of what the other is saying? Edit below here

Do constructivists have a different concept of proposition from the ratheroperational concept held by classical logicians? For that matter do paraconsis-tentists have a different concept of proposition..?

Is it that the two parties have different propositional attitudes that they arecalling by the same name? Or do they have the same attitudes to two differentpropositions for which they are using the same description? Can they agree ona description of their disagreement?

This touches a very delicate area in philosophy, and one on which there isvery little satisfactory literature. How can one give a coherent acount of theincoherent? (cf Prior on the paradox) Say something about how

there is nothing like the neg-ative interpretation for para-consistent logics.

The classical logician probably regards the intuitionist’s insistence on puttingdouble negations in front of propositions that haven’t been proved constructivelyas a manœuvre that imports into the language some considerations that properlybelong to pragmatics. He would say “The constructivist and I agree that thereis a Magic Sword, but our reasons for being sure there is one don’t actually giveus a recipe for finding it”. Why not just say that? The logic is surely the lastthing to mutilate! The point that Logic is the last thing you tweak in order toaccommodate data is one that Quine was fond of making.

The classical principles of reasoning preserve truth. What do the principlesof constructive reasoning preserve? The answer you will give seems to depend onwhether you are a classical or a constructive mathematician/logician/philosopher.From the classical point of view the answer seems to be that they preservethe property of having-a-proof-that-respects-exhibitionism. And from the con-structive point of view? Some constructivists think that constructive reasoningpreserves truth, and some would say that it preserves something rather-like-truth-but-not-exactly.

Leaving this second flavour of constructivist out of the debate for the mo-ment one can ask: given that classical and constructive logicians agree that thepurpose of reasoning is to preserve truth, is the disagreement between them adisagreement about

(i) which things are true? or

(ii) the nature of truth? or

(iii) which rules preserve truth?

If (ii) then does this disagreement arise from a different view of what propo-sitions are?

For the classical logician a proposition is something that in each settingevaluates to a truth-value determined by that setting. You hold it up to the


light and you see true or false.2

I suspect that the disagreement is rather over the idea that propositions arecharacterised by their propensity to evaluate to truth-values.

What is a proposition, constructively?

4.2 Classical Reasoning from a Constructive Pointof View

Let’s approach this radical translation problem from the point of view of theconstructive logician. Quine somewhere alludes to a principle of charity: thereis a default assumption that what the foreigner is saying not only can be madesense of but can probably be made sense of in such a way that it comes outtrue.

The considerations that led us to consider constructive logic lead us to expectthat if A is a classical tautology then ¬¬A should be constructively correct. Thisis straightforwardly true in the propositional case, and was proved by Glivenkomany years ago ([12] and [13].) Let’s announce this fact as a theorem.

THEOREM 24 If there is a classical proof of a formula Φ of propositional logicthen there is a constructive proof of ¬¬Φ.

Proof:

To do this properly we have to have a Hilbert-style axiomatisation (onewhose sole rule of inference is modus ponens) that does not exploit any defini-tions of connectives in terms of other connectives. (We retain the definition of¬ in terms of ⊥). The obvious thing to do is replace every rule of inference byan axiom taking the form of a conditional whose antecedent is the premiss andwhose consequence is the conclusion. This gives us immediately the followingaxioms:

A→ A ∨B (from ∨-introduction)A→ B ∨A (from ∨-introduction)A ∧B → A (from ∧-elimination)A ∧B → B (from ∧-elimination)

If we have more than one premiss in the rule then one gets the following

2As it happens there are only two truth-values in this picture but the number of truth-values is not, I think, the point at issue. Indeed, constructivists even agree that (in somesense) there are no more than two truth values: the assumption that no two of the threepropositions A, B and C agree on their truth value leads to a contradiction. That is to saythere is a constructive proof of the sequent

¬(A←→ B), ¬(B ←→ C), ¬(A←→ C) `Do not waste time trying to find it—it is very big!

4.2. CLASSICAL REASONING FROM A CONSTRUCTIVE POINT OF VIEW103

A→ (B → (A ∧B)) (from ∧-introduction)A→ (B → (B ∧A)) (from ∧-introduction)A→ ((A→ B)→ B) (from →-elimination)(A→ B)→ (A→ B) (from →-elimination)

The rule of classical contradiction can be captured easily:

¬¬A→ A

The two “action at a distance” rules require a bit more thought. First →-introduction:

Suppose we have a Hilbert proof

A...

B

We want to obtain from this a Hilbert proof of

...

A→ B

To do this we exploit the deduction theorem from section 2.5.1. For this it issufficient to have K and S as axioms.∨-elimination is a bit harder. Suppose we have proofs

A B

......

C C

and we have A ∨B. How are we to obtain a proof of C?Well, the two proofs of C will give us proofs of A → C and of B → C. So

all we need now is an axiom that says

(A→ C)→ ((B → C)→ ((A ∨B)→ C))

Now, to complete the proof of Glivenko’s theorem, suppose we have a Hilbert-style proof D of Φ:

...

Φ

Suppose we simply prefix every formula in the list with ¬¬. What doesthat give us? The result—let us call it D∗—isn’t a Hilbert-style proof of ¬¬Φbut we are very nearly there. It is a string of formulæ wherein every formula iseither the double negation of a (substitution instance of an) axiom or the doublenegation of a theorem. There are two key facts that we now need:


1. The double negation of each of the new axioms is constructively provable;

2. There is a Hilbert-style proof (not using classical negation or double nega-tion!) of ¬¬B from ¬¬A and ¬¬(A→ B).

So, to obtain our proof of ¬¬Φ from our proof D of A we first decorate Dwith double negations to obtain D∗ as above. We next replace every occurrenceof a doubly negated axiom in D∗ with a prefix containing a proof of that doublynegated axiom that does not use the rule of classical negation or double negation.Next, wherever we have an entry ¬¬B in the list that is preceded by ¬¬(A→ B)and ¬¬A we insert the missing lines from the Hilbert-style proof of ¬¬B from¬¬(A→ B) and ¬¬A.

The result is a Hilbert-style proof of ¬¬Φ.

EXERCISE 39 Provide, without using the rule of classical negation,

1. a natural deduction proof of ¬¬((¬A→ B)→ ((¬A→ ¬B)→ A));

2. a natural deduction proof of ¬¬B from ¬¬A and ¬¬(¬¬A→ ¬¬B);

Provide sequent proofs of the following, respecting the one-formula-on-the-rightconstraint.

1. ` ¬¬((¬A→ B)→ ((¬A→ ¬B)→ A));

2. ¬¬A,¬¬(¬¬A→ ¬¬B) ` ¬¬B.

It’s much harder to prove theorem 24 by reasoning about natural deductionproofs or sequent proofs instead of Hilbert proofs, though it can be done. Thereader may be wondering why we ever used Hilbert-style proofs in the first place,since they do not have the subformula property and are so hard to find. Thereason is that results like the one we are using can be proved much more easilyusing Hilbert-style proofs.

Theorem 24 doesn’t work for predicate calculus because

¬¬(¬(∀x)(F (x))→ (∃x)(¬F (x))) (4.1)

is classically valid but is not constructively provable. Something like theorem24 is true, but the situation is more complicated. In the propositional case, theconstructive logician who hears the classical logician assert p can interpret it as¬¬p. If there are quantifiers lurking then the constructive logician not only hasto whack ‘¬¬’ on the front of p but has to do something to the inside of p, andit’s not immediately obvious what that might be. Working out quite what hasto be done to the inside of p was one of the many major contributions to Logicof Godel [14].

(If you are to do any philosophy you will need in any case to think a bitabout the explanatory power of interpretations. It’s behind a lot of reductionist


strategies in the sciences. The negative interpretation is a nice simple exampleto start on.)

The way the constructive logician narrates this is something like the follow-ing. Here grokking is a propositional attitude whose precise nature is knownat any rate to the constructive logician but possibly not to anyone else. Theconstructive logician muses:3

“The classical logician reckons he can grok A∨B whenever he groksA or groks B but he also says that when he groks A ∨ B it doesn’tfollow from that—according to him—that he groks either of them.How different from me! When I say that I grok A ∨ B it certainlyfollows that I grok at least one of them. Since—when he says thathe groks A∨B—it is entirely possible that he groks neither A nor B,it must be that what he really means is that he groks something like¬(¬A∧¬B), since he can grok that without grokking A or grokkingB. Accordingly henceforth whenever I hear him assert A∨B I shallmentally translate this into ¬(¬A∧¬B). At least for the moment.”

Or again:

“When the classical logician says that he groks (∃x)W (x) it doesn’tfollow from that—according to him—that there is anything which hegroks to be W , though he certainly groks (∃x)W (x) whenever thereis an a such that he groks W (a). How different from me! When I saythat I grok (∃x)W (x) there most certainly is an x which I grok to beW . Since—when he says that he groks (∃x)W (x)—it is entirely pos-sible that there is no x which he groks to beW—it must be that whathe really means is that he groks something like ¬(∀x)(¬W (x)) sincehe can grok that without there being anything which he groks to beW . Accordingly henceforth whenever I hear him assert (∃x)W (x)I shall mentally translate this into ¬(∀x)(¬W (x))—at least untilanybody comes up with a better idea.”

and again:

“Given what the classical logician says about the conditional andtruth preservation, it seems to me that when (s)he claims to grokA→ B all one can be certain of it that it cannot be the case that Ais true and B is false. Accordingly henceforth whenever I hear themassert A→ B I shall mentally translate this into ¬(A ∧ ¬B).”

Let us summarise the clauses in the translation here. φ∗ is what the con-structive logician takes the classical logician to be saying when they say φ.

DEFINITION 25 We define φ∗ by recursion on the subformula relation:φ∗ is ¬¬φ when φ is atomic;

3For you SciFi buffs: Robert Heinlein: Stranger in a Strange Land.


(¬φ)∗ is ¬(φ∗);(φ ∨ ψ)∗ is ¬(¬φ∗ ∧ ¬ψ∗);(φ ∧ ψ)∗ is (φ∗ ∧ ψ∗);(φ→ ψ)∗ is ¬(φ∗ ∧ ¬ψ∗);((∀x)φ(x))∗ is (∀x)(φ(x)∗);((∃x)φ(x))∗ is ¬(∀x)(¬φ(x)∗).

What drives the constructivists’ choices of readings of the classical logicians’utterances? How did they know to interpret A ∨ B as ¬(¬A ∧ ¬B)? Why dothey not just throw up their hands? Because of the principle of charity fromp. 102: this interpretative ruse enables the constructivist to pretend, wheneverthe classical logician is uttering something that (s)he believes to be a classicaltautology, that what is being uttered is something that the constructivist be-lieves to be constructively correct. (One wouldn’t want to go so far as to saythat it enables the constructivist to actually understand the classicist, but itdoes enable him to construe what he hears as both sensible and true.)

The claim is that if φ is a classical tautology then φ∗ is constructively prov-able. In fact we will prove something rather more fine-grained. For this we needthe notion of a stable formula.

DEFINITION 26 A formula φ is stable if ¬¬φ→ φ is constructively correct.

This is an important notion because the law of double negation is all we haveto add to constructive propositional logic to get classical propositional logic.

We will need the following

LEMMA 27 Formulæ built up from negated and doubly-negated atomics solelyby ¬, ∧ and ∀ are stable.

Proof: We do this by induction on quantifiers and connectives.For the base case we have to establish that ¬¬A→ A holds if a is a negatomic

or a doubly negated atomic formula. This is easy. The induction steps requirea bit more work.

¬ :

For the case of ¬ we need merely the fact that triple negation is the sameas single negation. In fact we can do something slightly prettier.4

[p]2 [p→ q]1→-elimq →-int (1)

(p→ q)→ q [((p→ q)→ q)→ q]3→-elimq →-int (2)p→ q →-int (3)

(((p→ q)→ q)→ q)→ (p→ q)

(4.2)

. . . noting that ¬p is just p→ ⊥4This was part 5 of exercise 14 on page 47.


∧ :

We want to deduce (p∧q) from ¬¬(p∧q) given that we can deduce p from¬¬p and that we can deduce q from ¬¬q. The following is a derivation of¬¬p from ¬¬(p ∧ q):

[p ∧ q]1∧-elimp [¬p]2

→-elim⊥ →-int (1)¬(p ∧ q) ¬¬(p ∧ q)

→-elim⊥ →-int (2)¬¬p

(4.3)

and the following is a derivation of ¬¬q from ¬¬(p ∧ q):

[p ∧ q]1∧-elimq [¬q]2

→-elim⊥ →-int (1)¬(p ∧ q) ¬¬(p ∧ q)

→-elim⊥ →-int (2)¬¬q

(4.4)

But both p and q are stable by induction hypothesis, so we can deduceboth p and q and thence p ∧ q.

∀ :

First we show ¬¬∀ → ∀¬¬.

[(∀x)φ(x)]1∀ elim

φ(a) [¬φ(a)]2→-elim⊥ →-int (1)

¬(∀x)φ(x) [¬¬(∀x)φ(x)](3)→-elim⊥ →-int (2)

¬¬φ(a)∀-int

(∀x)¬¬φ(x)→-int (3)

¬¬(∀x)φ(x) → (∀x)¬¬φ(x))(4.5)

So ¬¬∀xφ implies ∀x¬¬φ. But ¬¬φ→ φ by induction hypothesis, whence∀xφ.

So in particular everything in the range of the negative interpretation isstable. Also, φ and φ∗ are classically equivalent. So the negative interpretationwill send every formula in the language to a stable formula classically equivalentto it.


LEMMA 28 If φ is classically valid then φ∗ is constructively correct.

Proof: We do this by showing how to recursively transform a classical proof ofφ into a constructive proof of φ∗.

There is no problem with the three connectives ¬, ∧ or ∀ of course. We dealwith the others as follows.

∨-introduction

[¬p∗ ∧ ¬q∗]1∧-elim¬p∗ p∗

→-elim⊥ →-int (1)¬(¬p∗ ∧ ¬q∗)

[¬p∗ ∧ ¬q∗]1∧-elim¬q∗ q∗

→-elim⊥ →-int (1)¬(¬p∗ ∧ ¬q∗)

(4.6)are derivations of (p ∨ q)∗ from p∗ and from q∗ respectively.

∨-elimination

We will have to show that whenever there is a deduction of r∗ from p∗ and adeduction of r∗ from q∗, and we are allowed (p∨ q)∗ as a premiss, then there isa constructive derivation of r∗.

[p∗]1

...r∗ [¬r∗]3

→-elim⊥ →-int (1)¬p∗

[q∗]2

...r∗ [¬r∗]3

→-elim⊥ →-int (2)¬q∗∧-int¬p∗ ∧ ¬q∗ ¬(¬p∗ ∧ ¬q∗)

→-elim⊥ →-int (3)¬¬r∗(4.7)

. . . and we infer r∗ because r∗ is stable.

→-introduction

Given a constructive derivation

p∗

...q∗

we can build the following

[p∗ ∧ ¬q∗]1∧-elim

p∗

...q∗

[p∗ ∧ ¬q∗]1∧-elim¬q∗

→-elim⊥ →-int (1)¬(p∗ ∧ ¬q∗)

(4.8)

which is of course a proof of (p→ q)∗.


→-elimination

The following is a deduction of q∗ from (p→ q)∗ and p∗:

p∗ [¬q∗]1)∧-int

p∗ ∧ ¬q∗ ¬(p∗ ∧ ¬q∗)→-elim⊥ →-int (2)¬¬q∗

(4.9)

. . . q∗ is stable so we can infer q∗.

∃-introduction

Constructively ∃ implies ¬∀¬ so this is immediate.

∃-elimination

We use this where we have a classical derivation

φ(x)...p

and have been given ∃yφ(y).By induction hypothesis this means we have a constructive derivation

φ∗(x)...p∗

.

Instead of ∃yφ(y) we have ¬(∀y)¬φ∗(y).

[φ∗(a)]2

...p∗ [¬p∗]1

→-elim⊥ →-int (2)¬φ∗(a)

∀-int(∀y)¬φ∗(y) ¬(∀y)¬φ∗(y)

→-elim⊥ →-int (1)¬¬p∗(1)

(4.10)

and p∗ follows from ¬¬p∗ because p∗ is stable.


The Classical Rules

In a classical proof we will be allowed various extra tricks, such as being able toassume p∨¬p whenever we like. So we are allowed to assume (p∨¬p)∗ wheneverwe like. But this is ¬(¬p∗ ∧ ¬¬p∗) which is of course a constructive theorem.

In the rule of classical negation we assume ¬p and deduce the false, thenclaiming that we have a proof of p. The same effect can be achieved by allowingus to infer ¬¬p from p in one hit. This rule of double negation as one mightcall it—looks strronger than the rule of classical negation, but even so we canjustify a starred version. The starred version tells us we can infer p∗ from ¬¬p∗from p∗. By lemma 27 every formula built up from ∀, ∧ and ¬ is stable. Butfor any formula p whatever, p∗ is such a formula.

Under the stars we obtain a proof of ¬¬p∗ from our assumption of ¬p. Nowp∗ is stable by lemma 27 so we infer p∗.

There are other rules we could add—instead of excluded middle or doublenegation—to constructive logic to get classical logic, and similar argument willwork for them.

Substitutivity of Equality

To ensure that substitutivity of equality holds under the stars we want to prove(∀xy)(¬¬φ(x)→ ¬¬(x = y)→ ¬¬φ(y))

[¬φ(y)]1 [x = y]2subst¬φ(x) ¬¬φ(x)

→-elim⊥ →-int (2)¬(x = y) ¬¬(x = y)

→-elim⊥ →-int (1)¬¬φ(y)

(4.11)which is a proof of ¬¬φ(y) from ¬¬φ(x) and ¬¬(x = y).This completes the proof of lemma 28

4.3 Prophecy

What does this * interpretation tell the constructive logician? Let us considera simple case where φ(x) and φ(x)∗ are the same, and the classical logician hasa proof of (∃x)(φ(x)). Then the constructive logician acknowledges that thereis a proof of ¬(∀x)(¬φ(x)). What is (s)he to make of this? There isn’t officiallya proof of (∃x)(φ(x)), but they can at least conclude that there can never be aproof of ¬(∃x)(φ(x)). This makes a good exercise!

EXERCISE 40 Using the natural deduction rules derive a contradiction fromthe two assumptions ¬(∀x)(¬φ(x)) and ¬(∃x)(φ(x)).

4.4. CONSTRUCTIVE REASONING FROM A CLASSICAL POINT OF VIEW111

If there can never be a proof of ¬(∃x)(φ(x)) then the assumption that thereis an x which is φ cannot lead to contradiction. In contrast the assumptionthat there isn’t one will lead to contradiction. So would your money be onthe proposition that you will find an x such that φ or on the proposition thatyou won’t? It’s a no-brainer. This is why people say that to the constructivelogician nonconstructive existence theorems have something of the character ofprophecy.

4.4 Constructive Reasoning from a Classical Pointof View

How is the classical logician supposed to react when the constructive logiciandoes something obviously absurd like deny the law of excluded middle? (S)hewill react in the way we all react when confronted with apparently sensible peo-ple saying obviously absurd things: we conclude that they must mean somethingelse.

Possible world semantics is a way of providing the classical logician withsomething sensible that the constructive logician might mean when they comeout with absurdities like excluded-middle-denial. It’s pretty clear that construc-tive logicians don’t actually mean the things that classical logicians construethem as meaning in their (the classicists’) attempt to make sense of their (theconstructivists’) denial of excluded middle. But that doesn’t mean that theexercise is useless. It’s such a good story that it doesn’t matter where it comesfrom. And it merits a whole chapter to itself.


Chapter 5

Possible World Semantics

To get a semantics for constructive logic we need something a great deal morecomplicated than truth-tables! A first step is to increase the number of truth-values, and we have seen some uses of three-valued truth-tables (see exercise 15p. 47). However, many-valued truth-tables are not the way to go. For one thing,it can be shown that three-valued truth-tables do not draw the distinctions wewant, and no finite number of truth-values will ever do the trick. This is veryhard to prove and we won’t attempt it here. Another reason is that if we tryto capture constructive validity by means of truth-tables we are still thinking ofit as as an extensional logic not an intensional logic, and—since that does notcorrectly engage with the spirit that moves constructive logic—it is unlikely togive us decent semantics for it.

The final reason for not using many-valued truth-tables is that there is some-thing to hand that is not only more faithful to the constructive conception butis much more fun and susceptible of wider application: that is Possible WorldSemantics, which is the subject of this chapter.

DEFINITION 29 A possible world model M has several components:

1. There is a collection of worlds with a binary relation ≤ between them;

2. There is also a binary relation between worlds and formulæ, written ‘W |=φ’;

3. Finally there is a designated (or ‘actual’ or ‘root’) world WM0 .

We stipulate the following connections between the ingredients:

1. W |= A ∧B iff W |= A and W |= B;

2. W |= A ∨B iff W |= A or W |= B;

3. W |= A→ B iff every W ′ ≥W that |= A also |= B;

4. W |= ¬A iff there is no W ′ ≥W such that W ′ |= A;

113

114 CHAPTER 5. POSSIBLE WORLD SEMANTICS

5. W |= (∃x)A(x) iff there is an x in W such that W |= A(x);

6. W |= (∀x)A(x) iff for all W ′ ≥W and all x in W ′, W ′ |= A(x).

We stipulate further that for atomic formulæ φ, if W |= φ and W ≤W ′,then W ′ |= φ. (The idea is that if W ≤ W ′, then W ′ in some sense containsmore information than W .)

Naturally no world believes the false: ¬(W |= ⊥)Then we say

M |= A if WM0 |= A

4 is a special case of 3: ¬A is just A→ ⊥, and no world believes ⊥!The relation which we here write with a ‘≤’ is the accessibility relation

between worlds. We assume for the moment that it is transitive and reflexive.That is to say, if W1 can see W2 and W2 can see W3 then W1 can see W3, andW can always see itself. Did I say ‘see’ just then? That’s logicians’ slang whichyou may as well get used to.

Chat about quantifier alternation. There is a case for writing out the def-initions in a formal language, on the grounds that the quantifier alternation(which bothers a lot of people) can be made clearer by use of a formal language.The advantage of not using a formal language is that it makes the language-metalanguage distinction clearer.

The |= relation between worlds and propositions is certainly epistemicallyproblematic. For example W believes ¬p iff no world beyond W believes p.This being so, how can anyone in W come to know ¬p? They would have tovisit all worlds ≥ W ! So this possible worlds talk is not part of an epistemicstory! This being the case, one should perhaps beware of the danger of takingthe “world W believes φ” slang too literally. Even if W believes ¬φ then insome sense it doesn’t know that it believes ¬φ. . . unless of course W includesamong its inhabitants all the worlds ≥ W . But that makes for a scenario fartoo complicated for us to entertain in a book like this. And it is arguable thatit is a scenario of which no coherent account can be given. See [11].

The possible worlds semantics is almost certainly not part of a constructivistaccount of truth or meaning at all. (Remember: we encountered it as theclassical logicians’ way of making sense of constructive logic!) If it were, thefact that it is epistemically problematic would start to matter.

The relation ≤ between worlds is transitive. A modelM believes φ (or not,as the case may be) iff the designated world W0 ofM believes φ (or not). Whencooking up W0 to believe φ (or not) the recursions require us only to look atworlds ≥W0. This has the effect that the designated world ofM is ≤ all otherworlds inM. This is why we sometimes call it the ‘root’ world. This use of theword ‘root’ suggests that the worlds beyond W0 are organised into a tree: so ifW1 and W2 are two worlds that cannot see each other then there is no worldthey can both see. However we are emphatically not making this assumption.

115

Quantifiers

The rules for the quantifiers assume that worlds don’t just believe primitivepropositions but also that they have inhabitants. I think we generally takeit that our worlds are never empty: every world has at least one inhabitant.However there is no global assumption that all worlds have the same inhabitants.Objects may pop in and out of existence. However we do take the identityrelation between inhabitants across possible worlds as a given.

5.0.1 Language and Metalanguage again

It is very important to distinguish between the stuff that appears to the left ofa ‘|=’ sign and that which appears to the right of it. The stuff to the right ofthe ‘|=’ sign belongs to the object language and the stuff to the left of the ‘|=’sign belongs to the metalanguage. If you do not keep this distinction clear inyour mind you will end of making one of the two mistakes below (tho’ you areunlikely to make both.)

Remember what the aim of the Possible World exercise was. It was to givepeople who believe in classical logic a way of making sense of the thinking ofpeople who believe in constructive logic. That means that it’s perfectly OK touse classical logic in reasoning with/manipulating stuff to the left of a ‘|=’ sign.

For example here is a manœuvre that is perfectly legitimate: if

¬(W |= A→ B)

then it is not the case that

(∀W ′ ≥W )(if W ′ |= A then W ′ |= B)

So in particular

(∃W ′ ≥W )(W ′ |= A but ¬(W ′ |= B))

The inference drawn here from ¬∀ to ∃¬ is perfectly all right in the classicalmetalanguage, even though it’s not allowed in the constructive object language.

In contrast it is not all right to think that—for example—W |= ¬A ∨ ¬Bis the same as W |= ¬(A ∧ B) (on the grounds that ¬A ∨ ¬B is the sameas ¬(A ∧ B)). One way of warding off the temptation to do is is to remindourselves—again—that the aim of the Possible World exercise was to give peoplewho believe in classical logic a way of making sense of the thinking of peoplewho believe in constructive logic. That means that it is not OK to use classicallogic in reasoning with/manipulating stuff to the right of a ‘|=’ sign.

Another way of warding off the same temptation is to think of the stuff afterthe ‘|=’ sign as stuff that goes on in a fiction. You, the reader of a fiction, knowthings about the characters in the fiction that they do not know about each


other. Just because something is true doesn’t mean they know it!! (This iswhat the literary people call Dramatic Irony.)1

(This reflection brings with it the thought that reading “W |= ¬¬A” as “Wbelieves not not A” is perhaps not the happiest piece of slang. After all, incircumstances where W |= ¬¬A there is no suggestion that the fact-that-no-world-≥-W -believes-A is encoded in W in any way at all. )Could say more about this

Another mistake is to think that we are obliged to use constructive logic inthe metalanguage which we are using to discuss constructive logic—to the leftof the ‘|=’ sign. I suspect it’s a widespread error. It may be the same mistake asthe mistake of supposing that you have to convert to Christianity to understandwhat is going on in the heads of Christians. Christians of some stripes wouldno doubt agree with the assertion that there are bits of it you can’t understanduntil you convert, but I think that is just a mind-game.Doesn’t this duplicate earlier

stuff? We could make it easier for the nervous to discern the difference between theplaces where it’s all right to use classical reasoning (the metalanguage) and theobject language (where it isn’t) by using different fonts or different alphabets.One could write “For all W” instead of (∀W ) . . .”. That would certainly be auseful way of making the point, but once the point has been made, persistingwith it looks a bit obsessional: in general people seem to prefer overloading todisambiguation.

A possibly helpful illustration

Let us illustrate with the following variants on the theme of “there is a MagicSword.” All these variants are classically equivalent. The subtle distinctionsthat the possible worlds semantics enable us to make are very pleasing.

1. ¬∀x¬MS(x)

2. ¬¬∃xMS(x)

3. ∃x¬¬MS(x)

4. ∃xMS(x)

The first two are constructively equivalent as well.To explain the differences we need the difference between histories and

futures.

• A future (from the point of view of a world W ) is any world W ′ ≥W .

• A history is a string of worlds—an unbounded trajectory through theavailable futures.No gaps between worlds...?

1Appreciation of the difference between something being true and your interlocutor know-ing it is something that autists can have trouble with. Some animals that have “a theory ofother minds” (in that they know that their conspecifics might know something) too can havedifficulty with this distinction.

5.1. SOME USEFUL SHORT CUTS 117

¬∀x¬MS(x) and ¬¬∃xMS(x) say that every future can see a future in whichthere is a Magic Sword, even though there might be histories that avoid MagicSwords altogether: Magic Swords are a permanent possibility: you should nevergive up hope of finding one.

How can this be, that every future can see a future in which there is a magic sword but there is a history that

contains no magic sword–ever? It could happen like this: each world has precisely two immediate children. If it is

a world with a magic sword then those two worlds also have magic swords in them. If it is a world without a magic

sword then one of its two children continues swordless, and the other one acquires a sword. We stipulate that the

root world contains no magic sword. That way every world can see a world that has a magic sword, and yet there

is a history that has no magic swords.

∃x¬¬MS(x) says that every history contains a Magic Sword and moreoverthe thing which is destined to be a Magic Sword is already here. Perhaps it’sstill a lump of silver at the moment but it will be a Magic Sword one day.

5.1 Some Useful Short Cuts

5.1.1 Double negation

The first one that comes to mind is W |= ¬¬φ. This is the same as (∀W ′ ≥W )(∃W ′′ ≥ W ′)(W ′′ |= φ). “Every world that W can see can see a world thatbelieves φ”. Let’s thrash this out by hand.

By clause 4 of definition 29

W |= ¬(¬φ)

iff(∀W ′ ≥W )¬(W ′ |= ¬φ) (6.1)

Now

W ′ |= ¬φ iff (∀W ′′ ≥W ′)¬(W ′′ |= φ) by clause 4 of definition 29 so

¬(W ′ |= ¬φ) is the same as ¬(∀W ′′ ≥W ′)¬(W ′′ |= φ) which is

(∃W ′′ ≥W ′)(W ′′ |= φ).

Substituting this last formula for for ‘W ′ |= ¬φ’ in (6.1) we obtain

(∀W ′ ≥W )(∃W ′′ ≥W ′)(W ′′ |= φ)

5.1.2 If there is only one world then the logic is classical

If M contains only one world—W , say—then M believes classical logic. Letme illustrate this in two ways:

1. SupposeM |= ¬¬A. Then W |= ¬¬A, since W is the root world ofM. IfW |= ¬¬A, then for every world W ′ ≥W there is W ′′ ≥W that believesA. So in particular there is a world ≥ W that believes A. But the onlyworld ≥ W is W itself. So W |= A. So every world ≥ W that believes¬¬A also believes A. So W |= ¬¬A→ A.


2. W either believes A or it doesn’t. If it believes A then it certainly believesA∨¬A, so suppose W does not believe A. Then no world that W can seebelieves A. So W |= ¬A and thus W |= (A ∨ ¬A). So W believes the lawof excluded middle.We must show that the logic

of quantifiers is classical too The same arguments can be used in models with more than one world, forindividual worlds than can see only themselves.

5.2 Persistence

For atomic formulæ φ we know that if W |= φ then W ′ |= φ for all W ′ ≥W . Weachieved this by stipulation, and it echoes our original motivation. Even though¬¬(∃x)(x is a Magic Sword) is emphatically not to be the same as (∃x)(x is aMagic Sword), it certainly is inconsistent with ¬(∃x)(x is a Magic Sword) andso it can be taken as prophecy that a Magic Sword will turn up one day. Theidea of worlds as states of knowledge where we learn more as time elapses sitsvery well with this. By interpreting ¬¬(∃x)(x is a Magic Sword) as “Everyfuture can see a future that contains a Magic Sword” possible world semanticscaptures the a way in which ¬¬(∃x)(x is a Magic Sword) can be incompatiblewith the nonexistence of Magic Swords while nevertheless not telling us how tofind a Magic Sword.

We will say φ is persistent if whenever W |= φ then (∀W ′ ≥W )(W ′ |= φ)We want to prove that all formulæ are persistent.

THEOREM 30 All formulæ are persistent.

Proof:We have taken care of the atomic case. Now for the induction on quantifiers

and connectives.

¬ W |= ¬φ iff (∀W ′ ≥ W )¬(W ′ |= φ). Therefore if W |= ¬φ then (∀W ′ ≥φ)¬(W ′ |= φ), and, by transitivity of ≥, (∀W ′′ ≥ W ′)¬(W ′′ |= φ). Butthen ¬(W ′ |= ¬φ).

∨ Suppose φ and ψ are both persistent. If W |= ψ ∨ φ then either W |= φor W |= ψ. By persistence of φ and ψ, every world ≥ satisfies φ (or ψ,whichever it was) and will therefore satisfy ψ ∨ φ.

∧ Suppose φ and ψ are both persistent. If W |= ψ ∧ φ then W |= φ andW |= ψ. By persistence of φ and ψ, every world ≥ satisfies φ and everyworld ≥ satisfies ψ and will therefore satisfy ψ ∧ φ.

∃ Suppose W |= (∃x)φ(x), and φ is persistent. Then there is an x in Wwhich W believes to be φ. Suppose W ′ ≥ W . As long as x is in W ′ thenW ′ |= φ(x) by persistence of φ and so W ′ |= (∃x)(φ(x)).

∀ SupposeW |= (∀x)φ(x), and φ is persistent. That is to say, for allW ′ ≥Wand all x, W ′ |= φ(x). But if this holds for all W ′ ≥ W , then it certainlyholds for all W ′ ≥ any given W ′′ ≥W . So W ′′ |= (∀x)(φ(x)).

5.3. INDEPENDENCE PROOFS 119

→ Finally suppose W |= (A→ B), and W ′ ≥ W . We want W ′ |= (A→ B).That is to say we want every world beyond W ′ that believes A to alsobelieve B. We do know that every world beyond W that believes A alsobelieves B, and every world beyondW ′ is a world beyondW , and thereforebelieves B if it believes A. So W ′ believes A→ B.

That takes care of all the cases in the induction.

It’s worth noting that we have made heavy use of the fact that ≤ is transitive.Later we will consider other more general settings where this assumption is notmade.

Now we can use persistence to show that this possible world semantics alwaysmakes A → ¬¬A comes out true. Suppose W |= A. Then every world ≥ Walso believes A. No world can believe A and ¬A at the same time. (W |= ¬Aonly if none of the worlds ≥ W believe A; one of the worlds ≥ W is W itself.)So none of them believe ¬A; so W |= ¬¬A.

This is a small step in the direction of a completeness theorem for the possibleworld semantics.

5.3 Independence Proofs Using Possible worldsemantics

5.3.1 Some Worked Examples

Challenge: Find a countermodel for A ∨ ¬A

The first thing to notice is that this formula is a classical (truth-table) tautology.Because of subsection 5.1.2 this means that any countermodel for it must containmore than one world.

The root world W0 must not believe A and it must not believe ¬A. If itcannot see a world that believes A then it will believe ¬A, so we will have toarrange for it to see a world that believes A. One will do, so let there be W1

such that W1 |= A. picture here

Challenge: Find a countermodel for ¬¬A ∨ ¬A

The root world W0 must not believe ¬¬A and it must not believe ¬A. If itcannot see a world that believes A then it will believe ¬A, so we will have toarrange for it to see a world that believes A. One will do, so let there be W1

such that (W1 |= A). It must also not believe ¬¬A. It will believe ¬¬A as longas every world it can see can see a world that believes A. So there had betterbe a world it can see that cannot see any world that believes A. This cannotbe W1 because W1 |= A, and it cannot be W0 itself, since W0 ≤ W1. So theremust be a third world W2 which does not believe A.


Challenge: Find a countermodel for ((A→ B)→ A)→ A

You may recall from exercise 15 on page 47 that this formula is believed tobe false on Planet Zarg. There we had a three-valued truth table. Here we aregoing to use possible worlds. As before, with A∨¬A, the formula is a truth-tabletautology and so we will need more than one world

Recall that a modelM satisfies a formula ψ iff the root world ofM believesψ: that what it is for a model to satisfy ψ. Definition!

As usual I shall write ‘W0’ for the root world; and will also write ‘W |= ψ’to mean that the world W believes ψ; and ¬(W |= ψ) to mean that W doesnot believe ψ. (I’m using these mathematical symbols not merely to annoyyou—tho’ of course it will—but to make it easier to do back-of-the-envelopecalculations of the kind you are about to see!)

So we know that ¬(W0 |= ((A→ B)→ A)→ A).Now the definition of W |= X → Y is (by definition 29)

(∀W ′ ≥W )(W ′ |= X → W ′ |= Y ) (5.1)

(“W believes A→ B iff every world visible from W that believes X also believesY ”—you can see why I prefer the symbols!)

So since

¬(W0 |= ((A→ B)→ A)→ A)

we know that there must be a W ′ ≥W0 which believes ((A→ B)→ A but doesnot believe A. (In symbols: (∃W ′ ≥ W0)(W ′ |= ((A → B) → A) ∧ ¬(W ′ |=A).) Remember too that in the metalanguage we are allowed to exploit theequivalence of ¬∀ with ∃¬. Now every world can see itself, so might this W ′

happen to be W0 itself? No harm in trying. . .So, on the assumption that this W ′ that we need is W0 itself, we have:

1. W0 |= ((A→ B)→ A); and

2. ¬(W0 |= A).

This is quite informative. Fact (1) tells us that every W ′ ≥W0 that believesA → B also believes A. Now one of those W ′ is W0 itself (Every world cansee itself: remember that ≥ is reflexive). Put this together with fact (2) whichsays that W0 does not believe A, and we know at once that W0 cannot believeA→ B. How can we arrange for W0 not to believe A→ B? Recall the definition(1) above of W |= A → B. We have to ensure that there is a W ′ ≥ W0 thatbelieves A but does not believe B. This W ′ cannot be W0 because W0 doesnot believe A. So there must be a new world (we always knew there would be!)visible from W0 that believes A but does not believe B. (In symbols this is(∃W ′ ≥W0)(W ′ |= A ∧ ¬(W ′ |= B)).)

So our countermodel contains two worlds W0 and W ′, with W0 ≤W ′. W ′ |=A but ¬(W0 |= A), and ¬(W ′ |= B).


Let’s check that this really works. We want

¬(W0 |= ((A→ B)→ A)→ A)

We have to ensure that at least one of the worlds beyond W0 satisfies (A→B)→ A but does not satisfy A. W0 doesn’t satisfy A so it will suffice to checkthat it does satisfy (A → B) → A. So we have to check (i) that if W0 satisfies(A → B) then it also satisfies A and we have to check (ii) that if W ′ satisfies(A→ B) then it also satisfies A. W ′ satisfies A so (ii) is taken care of. For (i)we have to check that W0 does not satisfy A→ B. For this we need a world ≥W0 that believes A but does not believe B and W ′ is such a world.

It turns out that Zarg-truth-value 1 means “true in W0 and in W ′”; Zarg-truth-value 2 means “true in W ′”, and Zarg-truth-value 3 means “true in nei-ther”. Check and amplify: make a

big fuss about thisChallenge: Find a model that satisfies (A → B) → B but does notsatisfy (B → A)→ A

We must have

W0 |= (A→ B)→ B (1)

and

¬(W0 |= (B → A)→ A) (2)

By (2) we must have W1 ≥W0 such that

W1 |= B → A (3)

but

¬(W1 |= A) (4)

We can now show

¬(W1 |= A→ B) (5)

If (5) were false then W1 |= B would follow from (1) and then W1 |= A wouldfollow from (3). (5) now tells us that there is W2 ≥W1 such that

W2 |= A (6)

and

¬(W2 |= B) (7)

From (7) and persistence we infer

¬(W1 |= B) (8)

and


¬(W0 |= B) (9)

Also, (4) tells us

¬(W0 |= A). (10)

So far we have nothing to tell us that W0 6= W1. So perhaps we can get awaywith two worlds W0 and W1 with W1 |= A and W0 believing nothing.

W0 believes (A → B) → B vacuously: it cannot see a world that believesA → B so—vacuously—every world that it can see that believes A → B alsobelieves B. However, every world that it can see believes (B → A) but it doesnot believe A itself. That is to say, it can see a world that does not believe Aso it can see a world that believes B → A but does not believe A so it does notbelieve (B → A)→ A.

5.3.2 Exercises

EXERCISE 41 Here is a three-valued truth-table for →:

P → Q1 1 11 2 21 3 32 1 12 1 22 3 33 1 13 1 23 1 3

Observe that if we think of the truth-value 1 as true then this connectiveobeys modus ponens. (Why does this matter?)

1. Write out a truth-table for ((p→ q)→ q)→ (p ∨ q). (The truth-table forZarg-style disjunction is on p 47.)

(Before you start, ask yourself how many rows this rows this truth-tablewill have).

2. Identify a row in which the formula does not take truth-value 1.

3. Find a sequent proof for ((p→ q)→ q)→ (p ∨ q).

EXERCISE 42 Find a model that satisfies (p→ q)→ q but not p ∨ q.

EXERCISE 43 Find a model that satisfies p→ q but not ¬p ∨ q.

EXERCISE 44 Find a model that doesn’t satisfy p ∨ ¬p. How many worldshas it got? Does it satisfy ¬p ∨ ¬¬p? If it does, find one that doesn’t satisfy¬p ∨ ¬¬p.


EXERCISE 45 Find a model that satisfies A → (B ∨ C) but doesn’t satisfy(A→ B) ∨ (A→ C))

EXERCISE 46 Find a model that satisfies ¬(A∧B) but does not satisfy ¬A∨¬B

EXERCISE 47 Find countermodels for:

1. (A→ B) ∨ (B → A);

2. (∃x)(∀y)(F (y)→ F (x)) (which is the formula in exercise 38 on page 92).

3. ¬¬(¬(∀x)(F (x))→ (∃x)(¬F (x))). (This last formula was formula 4.2 onpage 104. You may need the hint that in possible world semantics there isno overriding assumption that there are only finitely many worlds.)

EXERCISE 48


Chapter 6

Possible World Semanticsfor other intensional logics

Dear Reader, ignore thischapter for the moment: it’sall in draught.

I can’t resist subtitling this “thinking outside the box”!The designated world is often called the real world.Consider a model M in which the set of worlds is totally ordered by ≤.

That is to say W1 ≤ W2 ∨W2 ≤ W1 holds for all worlds W1 and W2. By nowther reader will have done exercise 47 number (1) and will have noticed thatany countermodel to (A → B) ∨ (B → A) will have in it a world that believesA but does not believe B and a world that believes B but does not believe A.By persistence we can see immediately that neither of these worlds can see theother. This tells us that (A → B) ∨ (B → A) holds in any model where theworlds are totally ordered by ≤.

This is a simple illustration of the following point: putting conditions on thebehaviour of the relation between the worlds will affect the logic we get. If it’san equivalence relation you get classical logic. There are other conditions wecan put on the relation between worlds that correspond to certain propositions.Use of the symbol ‘≤’ suggests a partial order, and if we want to consider otherways of relating worlds that are not partial orders it might be an idea to usea different symbol. Generally we use the uncontroversial letter ‘R’. So takedefinition 29 page 113 and replace ‘≤’ throughout by ‘R’.

6.1 Modal Logic

The apparatus of possible world semantics was originally invented not to makesense of constructive reasoning but to make sense of reasoning about neces-sity. In the logic of necessity (called Modal Logic we have two new one-placeconnectives, 2 and , to mean ‘necessarily’ and ‘possibly’.

And we add two more clauses:

DEFINITION 31

125

126CHAPTER 6. POSSIBLE WORLD SEMANTICS FOR OTHER INTENSIONAL LOGICS

W |= 2A iff (∀W ′)(WRW ′ →W ′ |= A)W |= A iff (∃W ′)(WRW ′ ∧W ′ |= A)

When using 2 and we drop the clause for the symbol ¬ and we use classicalnegation instead, typically notating it with the symbol ‘∼’. So W |=∼ A iffW 6|= A.

It’s now easy to check that ∼ 2 ∼ is the same as .EXERCISE 49 Show that:

1. if R is an equivalence relation then M |= the law of excluded middle.

2. if R is symmetrical then W |= A implies W |= 2A;

3. using the definition of W |= ¬ψ from definition 29 (page 113) clause (4)show that if R is symmetrical then M |= A→ ¬¬A.

4. if R is transitive then W |= A implies W |= A.

Examples of modal operators.Tense Logic goes back to Prior.1 The accessibility relation R is taken to be

temporal order so it is a partial ordering as before. Is it a total ordering? Thisdepends on whether or not you are in the Garden of Forking Paths. [3].

Boolos/Solovay and the incompleteness theoremBeliefmultiple modal operators; multiple accessibility relations. Adverbial modi-

fiers.Communicating automataThe advantage is: very economical syntax!Warning: the iteration testBarcan formula:“It ought to be the case that everyone does p”does not imply“Everyone ought to do p”

1Prior was undoubtedly one of the best if not the best logician New Zealand has produced.Sadly he died relatively young. Time and modality, Past present and future. All in Polishnotation ugh.

Chapter 7

Curry-Howard

This chapter is particularly recommended for anyone who is thinking of goingon to do linguistics. It’s actually less alarming than most first-years will think,and it may well be worth having a bash at.

The Curry-Howard trick is to exploit the possibility of using the letters ‘A’,‘B’ etc. to be dummies not just for propositions but for sets. This meansreading the symbols ‘→’, ‘∧’, ‘∨’ etc. as symbols for operations on sets as wellas on formulæ. The result is a kind of cosmic pun. Here is the simplest case.

Altho’ we use it as a formula in propositional logic, the expression ‘A→ B’ isused by various mathematical communities to denote the set of all functions fromA to B. To understand this usage you don’t really need to have decided whetheryour functions are to be functions-in-intension or functions-in-extension; eitherwill do. The ideas in play here work quite well at an informal level. A functionfrom A to B is a thing such that when you give it a member of A it gives youback a member of B.

This ambiguity in the use of ‘A → B’ is quite different from the ambiguityarising from the two uses of the word ‘tank’. Those two uses are completelyunrelated. In contrast the two uses of the arrow in ‘A → B’ have a deep andmeaningful relationship.

7.1 Decorating Formulæ

7.1.1 The rule of →-elimination

Consider the rule of →-elimination

A A→ B

B(7.1)

If we are to think of A and B as sets then this will say something like “If Ihave an A and a way of obtaining a B from an A then I have a B”. So A→ B

127

128 CHAPTER 7. CURRY-HOWARD

will be the set of functions that give you a member of B when fed a member ofA. Thus we can decorate 7.1.1 to obtain

a : A f : A→ B

f(a) : B(7.2)

which says something like: “If a is in A and f takes As to Bs then f(a) isa B.1 This gives us an alternative reading of the arrow: ‘A → B’ can now beread ambiguously as either the conditional “if A then B” (where A and B arepropositions) or as a notation for the set of all functions that take members ofA and give members of B as output (where A and B are sets).

These new letters preceding the colon sign are decorations. The ideaof Curry-Howard is that we can decorate entire proofs—not just individualformulæ—in a uniform and informative manner.

We will deal with →-int later. For the moment we will look at the rules for∧.

7.1.2 Rules for ∧7.1.2.1 The rule of ∧-introduction

Consider the rule of ∧-introduction:

A B

A ∧B(7.1)

If I have an A and a B then I have a . . . ? thing that is both A and B? No.If I have one apple and I have one banana then I don’t have a thing that is bothan apple and a banana but I have a sort of plural object that I suppose is a pairof an apple and a banana. (By the way I hope you are relaxed about havingcompound objects like this in your world. Better start your breathing exercisesnow.) The thing we want is called an ordered pair: 〈a, b〉 is the ordered pairof a and b. So the decorated version of 7.1 is

a : A b : B〈a, b〉 : A×B

(7.2)

What is the ordered pair of a and b? It might be a kind of funny plural object,like the object consisting of all the people in this room, but it’s safest to beentirely operationalist2 about it: all you know about ordered pairs is that thereis a way of putting them together and a way of undoing the putting-together,so you can recover the components. Asking for any further information aboutwhat they are is not cool: they are what they do. That’s operationalism foryou. Be doo be doo.

1So why not write this as ‘a ∈ A’ if it means that a is a member of A? There are variousreasons, some of them cultural, but certainly one is that here one tends to think of thedenotations of the capital letters ‘A’ and ‘B’ and so on as predicates rather than sets.

2Have a look at chapter 1

7.1. DECORATING FORMULÆ 129

7.1.2.2 The rule of ∧-elimination

If you can do them up, you can undo them: if I have a pair-of-an-A-and-a-Bthen I have an A and I have a B.

〈a, b〉 : A ∧Ba : A

〈a, b〉 : A ∧Bb : B

A×B is the set 〈a, b〉 : a ∈ A∧ b ∈ B of3 pairs whose first components arein A and whose second components are in B. A×B is the Cartesian productof A and B.

(Do not forget that it’s A×B not A∩B that we want. A thing in A∩B isa thing that is both an A and a B: it’s not a pair of things one of which is anA and the other a B; remember the apples and bananas above.)

7.1.3 Rules for ∨To make sense of the rules for ∨ we need a different gadget.

A

A ∨BB

A ∨BIf I have a thing that is an A, then I certainly have a thing that is either an

A or a B—namely the thing I started with. And in fact I know which of A andB it is—it’s an A. Similarly If I have a thing that is a B, then I certainly havea thing that is either an A or a B—namely the thing I started with. And infact I know which of A and B it is—it’s a B.

Just as we have cartesian product to correspond with ∧, we have disjointunion to correspond with ∨. This is not like the ordinary union you mayremember from school maths. You can’t tell by looking at a member of A ∪ Bwhether it got in there by being a member of A or by being a member of B.After all, if A ∪ B is 1, 2, 3 it could have been that A was 1, 2 and B was2, 3, or the other way round. Or it might have been that A was 2 and Bwas 1, 3. Or they could both have been 1, 2, 3! We can’t tell. However,with disjoint union you can tell.

To make sense of disjoint union we need to rekindle the idea of a copy fromsection 1.6.2. The disjoint union AtB of A and B is obtained by making copiesof everything in A and marking them with wee flecks of pink paint and makingcopies of everything in B and marking them with wee flecks of blue paint, thenputting them all in a set. We can put this slightly more formally, now that wehave the concept of an ordered pair: A tB is

(A× pink) ∪ (B × blue),

where pink and blue are two arbitrary labels.(Check that you are happy with the notation: A × pink is the set of all

ordered pairs whose first component is in A and whose second component is in3If you are less than 100% happy about this curly bracket notation have a look at the

discrete mathematics material on my home page.


pink which is the singleton of4 pink, which is to say whose second componentis pink. Do not ever confuse any object x with the set x—the set whose solemember is x! So an element of A × pink is an ordered pair whose firstcomponent is in A and whose second component is pink. We can think of suchan ordered pair as an object from A labelled with a pink fleck.)Say something about A t

B = B tA ∨-introduction now says:

a : A b : B〈a, pink〉 : A tB 〈b, blue〉 : A tB

∨-elimination is an action-at-a-distance rule (like →-introduction) and totreat it properly we need to think about:

7.2 Propagating Decorations

The first rule of decorating is to decorate each assumption with a variable, athing with no syntactic structure: a single symbol.5 This is an easy thing toremember, and it helps guide the beginner in understanding the rest of thegadgetry. Pin it to the wall:

Decorate each assumption with a variable!

How are you to decorate formulæ that are not assumptions? You can workthat out by checking what rules they are the outputs of. We will discover throughsome examples what extra gadgetry we need to sensibly extend decorationsbeyond assumptions to the rest of a proof.

7.2.1 Rules for ∧7.2.1.1 The rule of ∧-elimination

A ∧BB

We decorate the premiss with a variable:

x : A ∧BB

. . . but how do we decorate the conclusion? Well, x must be an ordered pair ofsomething in A with something in B. What we want is the second componentof x, which will be a thing in B as desired. So we need a gadget that when wegive it an ordered pair, gives us its second component. Let’s write this ‘snd’.

4The singleton of x is the set whose sole member is x.5You may be wondering what you should do if you want to introduce the same assumption

twice. Do you use the same variable? The answer is that if you want to discharge twoassumptions with a single application of a rule then the two assumptions must be decoratedwith the same variable.

7.2. PROPAGATING DECORATIONS 131

x : A ∧Bsnd(x) : B

By the same token we will need a gadget ‘fst’ which gives the first compo-nent of an ordered pair so we can decorate6

A ∧BA

to obtain

x : A ∧Bfst(x) : A

7.2.1.2 The rule of ∧-introduction

Actually we can put these proofs together and whack an ∧-introduction on theend:

x : A ∧B x : A ∧Bsnd(x) : B fst(x) : A〈snd(x), fst(x)〉 : B ∧A

7.2.2 Rules for →7.2.2.1 The rule of →-introduction

Here is a simple proof using →-introduction.

[A→ B] AB

(A→ B)→ B

We decorate the two premisses with single letters (variables): say we use ‘f ’to decorate ‘A → B’, and ‘x’ to decorate ‘A’. (This is sensible. ‘f ’ is a lettertraditionally used to point to functions, and clearly anything in A→ B is goingto be a function.) How are we going to decorate ‘B’? Well, if x is in A and f isa function that takes things in A and gives things in B then the obvious thingin B that we get is going to be denoted by the decoration ‘f(x)’:

f : [A→ B] x : Af(x) : B

??? : (A→ B)→ B

6Agreed: it’s shorter to write ‘x1’ and ‘x2’ than it is to write ‘fst(x)’ and ‘snd(x)’ but thiswould prevent us using ‘x1 and x2’ as variables and in any case I prefer to make explicit thefact that there is a function that extracts components from ordered pairs, rather than havingit hidden it away in the notation.


So far so good. But how are we to decorate ‘(A→ B)→ B’? What can the‘???’ stand for? It must be a notation for a thing (a function) in (A→ B)→ B;that is to say, a notation for something that takes a thing in A→ B and returnsa thing in B. What might this function be? It is given f and gives back f(x).So we need a notation for a function that, on being given f , returns f(x).(Remember, we decorate all assumptions with variables, and we reach for thisnotation when we are discharging an assumption so it will always be a variable).We write this

λf.f(x)

This notation points to the function which, when given f , returns f(x). Ingeneral we need a notation for a function that, on being given x, gives backsome possibly complex term t. We will write:

λx.t

for this. Thus we have

f : [A→ B] x : Af(x) : B

λf.f(x) : (A→ B)→ B

Thus, in general, an application of →-introduction will gobble up the proof

x : A...

t : B

and emit the proof

[x : A]...

t : Bλx.t : A→ B

This notation—λx.t—for a function that accepts x and returns t is incrediblysimple and useful. Almost the only other thing you need to know about it isthat if we apply the function λx.t to an input y the output must be the resultof substituting ‘y’ for all the occurrences of ‘x’ in t. In the literature this resultis notated in several ways, for example [y/x]t or t[y/x].

7.2.3 Rules for ∨We’ve discussed ∨-introduction but not ∨-elimination. It’s very tricky and—at this stage at least—we don’t really need to. It’s something to come backto—perhaps!

7.2. PROPAGATING DECORATIONS 133

7.2.4 Remaining Rules

7.2.4.1 Identity Rule

Here is a very simple application of the identity rule. See [31]: SemanticalArchæology.

A BB

B → AA→ (B → A)

Can you think of a function from A to the set of all functions from B to A?If I give you a member a of A, what function from B to A does it suggest toyou? Obviously the function that, when given b in B, gives you a.

This gives us the decoration

a : A b : Bb : B

λb.a : B → Aλa.(λb.a) : A→ (B → A)

The function λa.λb.a has a name: K for Konstant. (See section 2.5.) Show how do do this usingthe option of cancelling non-existent assumptions.7.2.4.2 The ex falso

The ex falso sequitur quodlibet speaks of the propositional constant ⊥. Tocorrespond to this constant proposition we are going to need a constant set.The obvious candidate for a set corresponding to ⊥ is the empty set. Now⊥ → A is a propositional tautology. Can we find a function from the empty setto A which we can specify without knowing anything about A? Yes: the emptyfunction! (You might want to check very carefully that the empty function ticksall the right boxes: is it really the case that whenever we give the empty functiona member of the empty set to contemplate it gives us back one and only oneanswer? Well yes! It has never been known to fail to do this!! Look again atpage 98.) That takes care of ⊥ → A, the ex falso.

7.2.4.3 Double Negation

What are we to make of A → ⊥? Clearly there can be no function from A tothe empty set unless A is empty itself. What happens to double negation underthis analysis?

((A→ ⊥)→ ⊥)→ A

• If A is empty then A → ⊥ is the singleton of the empty function and isnot empty. So (A→ ⊥)→ ⊥ is the set of functions from a nonempty setto the empty set and is therefore the empty set, so ((A→ ⊥)→ ⊥)→ Ais the set of functions from the empty set to the empty set and is thereforethe singleton of the empty function, so it is at any rate nonempty.


• However if A is nonempty then A→ ⊥ is empty. So (A→ ⊥)→ ⊥ is theset of functions from the empty set to the empty set and is nonempty—being the singleton of the empty function—so ((A → ⊥) → ⊥) → A isthe set of functions from a nonempty set to the empty set and is thereforeempty.

So ((A→ ⊥)→ ⊥)→ A is not reliably inhabited. This is in contrast to allthe other truth-table tautologies we have considered. Every other truth-tabletautology that we have looked at has a lambda term corresponding to it.to be continued

A final word of warning: notice that we have not provided any λ-gadgetryfor the quantifiers. This can in fact be done, but there is no spacetime here todo it properly.

7.3 Exercises

In the following exercises you will be invited to find λ terms to correspond toparticular wffs—in the way that the lambda term λa.λb.a (aka ‘K’) correspondsto A→ (B → A) (also aka ‘K’ !) You will discover very rapidly that the way tofind a λ-term for a formula is to find a proof of that formula: λ-terms encodeproofs!

EXERCISE 50 Find λ-terms for

1. (A ∧B)→ A;

2. ((A→ B) ∧ (C → D))→ (A ∧B → B ∧D);

3. (A→ B)→ ((B → C)→ (A→ C));

4. ((A→ B)→ A)→ ((A→ B)→ B);

5. (A→ (B → C))→ (B → (A→ C));

6. (A→ (B → C))→ (B ∧A)→ C));

7. ((A→ B)→ A))→ ((A→ B)→ B);

Finding λ-terms in exercise 50 involves of course first finding natural de-duction proofs of the formulæ concerned. A provable formula will always havemore than one proof. (It won’t always have more than one sensible proof!) Forexample the tautology (A→ A)→ (A→ A) has these proofs (among others)

[A]1 [A→ A]2→-elim

A →-int (1)A→ A →-int (2)

(A→ A)→ (A→ A)

(7.1)

7.3. EXERCISES 135

[A]1 [A→ A]2→-elim

A [A→ A]2→-elim

A →-int (1)A→ A →-int (2)

(A→ A)→ (A→ A)

(7.2)

[A]1 [A→ A]2→-elim

A [A→ A]2→-elim

A [A→ A]2→-elim

A →-int (1)A→ A →-int (2)

(A→ A)→ (A→ A)(7.3)

[A]1 [A→ A]2→-elim

A [A→ A]2→-elim

A [A→ A]2→-elim

A [A→ A]2→-elim

A →-int (1)A→ A →-int (2)

(A→ A)→ (A→ A)(7.4)

EXERCISE 51 Decorate all these proofs with λ-terms. If you feel lost, youmight like to look at the footnote7 for a HINT.

***************************************************************Things still to do in this chapter.(i) Make more explicit the connection with constructive logic(ii) Scott’s cute example in semantical archaeology(iii) So far we’ve been inputting proofs and outputting λ-terms. It’s now

time to start doing it the other way round.(iv) Church Numerals, fixed point combinators(v) Explain α and β conversion.((P → Q)→ P )→ P (1)

“. . . take Q as a two-element set and P as a five-element set which resultsfrom adjoining three new elements to Q thus Q ⊆ P . Consider a mappingf ∈ (P → Q). Now two of the three new elements of P must map to the sameelement of Q. This rules defines a function F ∈ ((P → Q)→ Q) where F (f) isthe element just described. Note that this function F was defined with reference

7Notice that in each proof of these proofs all the occurrences of ‘A → A’ are cancelledsimultaneously.. Look at the footnote on page 130.


only to the division of P into its two parts (viz Q and P \Q). Hence the functionF is invariant under permutations of the elements withing the two parts. Nowsuppose we had a general method of establishing (1). Then we would have afunction

τ ∈ (((P → Q)→ P )→ P )

invariant under all permutations of P and Q (without reference to the parts).But consider that either τ(F ) ∈ Q or τ(F ) ∈ P \Q. The two-element part andthe three element part can be permuted at will. Thus τ(F ) is not invariant . . .

********************************************************************We might find some nice things to say about∧

C

[(A→ C)→ ((B → C)→ C)]

which is supposed to be A ∨B. After all,

A→ [(A→ C)→ ((B → C)→ C)]

andB → [(A→ C)→ ((B → C)→ C)]

are both provable and therefore

(A ∨B)→ [(A→ C)→ ((B → C)→ C)]

will be provable as well. (We saw this in exercise 14)blah harmony section 2.4(∀x)[(A→ F (x))→ ((B → F (x))→ F (x))]

Chapter 8

Other Logics

Logic of questions. Logic of commands is the study of programming languages.A rich and beautiful topic. Here the distinction between different kinds ofevaluations lazy vs strict really matters

Infinitary Logic? The quantifiers as infinitary conjunction and disjunction.Harmony tells us that A ∨ B can be seen as the conjunction of all [(A →C) ∧ (B → C)]→ C

Monadic second-order logic is OK. Possibly talk about branching-quantifierlogics.

The logics we consider have arisen from thinking about modes of inferencethat preserve certain features of the propositions we are reasoning about. Inthe case of classical logic, the thing being preserved is truth. As it happensit doesn’t make any difference whether it is truth-in-a-particular-interpretationwe are preserving or truth-in-all-interpretatations. With constructive logic we Say something about thisrestrict ourselves to rules that preserve the property of having a proof thatrespects the existence property. That tightens up the rules we are allowed touse. Sometimes it might make sense to relax them. When? If we think that theuniverse is not infinite then we might drop our guard to the extent of allowingourselves the luxury of rules of inference that do not preserve the property ofbeing true in all models but do at least preserve the property of being true inall finite models. After all, if the only models in which the conclusions we arenow allowed to draw could fail would be infinite models then we have nothingto fear. As it happens, the extra principles we could safely allow ourselves touse on this assumption are neither easy to capture with rules nor particularlyuseful. But it opens the door to other possibilities.

We might be interested in principles of reasoning that—even if they don’twork in all models, at least preserve truth-in-models-where-there-is-a-God, ortruth-in-models-that-contain-humans (we aren’t going to find ourselves in anythat don’t, are we!) or all truth-in-all-models-where-there-has-not-been-a-nuclear-war (not much point in planning for that contingency really, is there?—it’ssomething you try to avoid, not something you prepare for.)

However most of these relaxations don’t result in new logics as that word is

137

138 CHAPTER 8. OTHER LOGICS

generally understood. . .

8.1 Relevance Logic

K seems obvious: Clearly we can deduce A from A. Adding further informationmight enable us to deduce more things, but it cannot prevent us from deducingthings we could deduce already. If we could deduce A from A, we can certainlydeduce it from A and B. Thus no-one can argue against A ∧B → A. And—aslong as we accept the equivalence of A → (B → C) and A ∧ B → C—we candeduce K.

This uncontroversial fact is sometimes referred to as the monotonicity ofdeductive logic. It can do no harm to have this word explained. The word‘monotone’ in mathematics refers to functions f which satisfy conditions like

x ≤ y → f(x) ≤ f(y).

We say such a function is monotone increasing with respect to ≤. If instead fsatisfies x ≤ y → f(x) ≥ f(y) we say f is monotone decreasing with respect to≤.

We use it here because the function F that takes a set of assumptions A andreturns the set F (A) of its logical consequences is monotone increasing withrespect to set inclusion:

A ⊆ B → F (A) ⊆ F (B).

(We have in fact encountered this notion of monotonicity earlier under adifferent name: the phenomenon of persistence that we saw in section 5.2 tellsus that in a possible world model for constructive logic the function λW.Φ :W |= Φ (that sends each world to the set of things it believes) is a functionthat is monotone increasing with respect to the accessibility relation.)Not quite true, there being

two posets involved not one.Clarify this: Sum: sets-of-number to numbers is mono-tone

However, ordinary commonsense reasoning is not monotone in this way. Inreal life we might infer1 q from p even if we are not deductively authorised todo so, as long as the evidence is suggestive enough—while reserving the rightto change our minds later. There are circumstances in which I might infer qfrom p but definitely not from p ∧ r. This can happen if q is true in most caseswhere p holds (so we are generally happy to risk inferring q from p) but not inthe unlikely event of r.2 In those cases we infer q from p but not from p ∧ r.Defeasible reasoning is not monotone.

It is not monotone with respect to time either. If i am allowed to retractbeliefs then the set of things K(t) that I hold true at time t is not a monotone

1Notice that I am using the word ‘infer’ not the word ‘deduce’ here!2The standard example is

Tweety is a birdTweety can fly.

The sting in the tail is that Tweety is a penguin. We’re in NZ so actually Tweety was a kiwibut never mind.

8.2. RESOURCE LOGICS 139

functon of t: t ≤ t′ does not imply K(t) ⊆ K(t′). After all, if at time t I amtold that Tweety is a bird, then I may well hold-true-at-time-t that Tweety canfly. However, when I learn—at time t + 1—that Tweety is in fact a kiwi I nolonger hold true that Tweety can fly.

Blah a theory of inference-tokens not inference-types Blah

8.2 Resource Logics

Drop weakening and contraction.p doesn’t suddenly cease to be true just because i act on the assumption that

p. So the idea that you can use each assumption precisely once means that theps and qs that you are minding so carefully are not propositions, but somethingelse: they must be dollar coins, or something.3 When I make this point and say“Why call it a logic, not just a first-order theory of double-entry bookkeeping?”,Ed Mares replies: “Beco’s it has cut-elimination”. What I should have repliedthen (but i am doing it belatedly now, because i didn’t see it at the time) is thatif it’s not propositions we are manipulating then why is cut-elimination such abig deal? I suppose it means that this theory of double-entry bookkeeping hasadditive cancellation: you can borrow a resource and pay it back. Or perhapsit means that you can lay off your bets. That makes it important all right, butwhat does that have to do with *logic*?

The poppy fields of Marseilles

3One of these logics was started by the great French proof-theorist Jean-Yves Girard, andI remember the example he used in a talk I went to: “Eeef I have zee dollair, I can buy eizairzee packet of condoms or zee packet of fags, but I cannot buy boace zee packet of fags andzee packet of condoms!”.

140 CHAPTER 8. OTHER LOGICS

Chapter 9

Abuses of Logic

Some very special conditions have to be met before you can properly use alogic to formalise anything. Of course sometimes you can use a logic as akind of syntactic sugar for the formalism that you are are constructing (butwithholding from the public)

Propositional logic is a triumph of ellipsis. We can get away with writing ‘p’instead of ‘pch,co

t ’ (which would mean that Chap ch in context co asserts p attime t) as long as we can hold all these other parameters constant. In settingswhere the other parameters cannot be held constant the ellipsis is not safe. Yetit is precisely this kind of ellipsis we have to perform if what we want is a logicnot a first-order theory of deduction-tokens-in-context.

Have a section on the use of boolean Logic to describe electrical circuits;specifically on when it’s OK. Contrast the picture where you have an outputthat is guaranteed to be false to the picture where you have an output whichcannot consistently be assigned a value.

*************************************************************************Here is an example of how not to do it, taken from a standard text (names

changed to preserve anonymity). Kevin and his friends (not his real name)wrote:

MgO + H2 → Mg + H2O

(This would require extreme conditions but never mind1; there is worse to come)

C + O2 → CO2

CO2 + H2O → H2CO3

Then assume we have some MgO, H2, O2 and C. They end up representingreactions by means of formulæ like

(MgO ∧ H2) → (Mg ∧ H2O) (K1)1I suppose it just might work if you roasted magnesia in a stream of hydrogen at a tem-

perature above the melting point of magnesium metal.

141

142 CHAPTER 9. ABUSES OF LOGIC

This is on the basis that if one represents “I have some MgO” by the proposi-tional letter ‘MgO’ (and others similarly)2 then the displayed formula does notrepresent the reaction it is supposed to represent at all. p → q does not sayanything like “p and then q” (at which point p no longer!) but once one “has”Mg and H2O as a result of the reaction allegedly captured by the displayedformula one no longer “has” any Mg or H2O: it’s been used up! In contrast,p and p → q are not in any sense “used up” by modus ponens. And nothingwill be achieved by trying to capture the fact that the reagants are used up bywriting something like

(MgO ∧ H2) → ((Mg ∧ H2O) ∧ ¬MgO ∧ ¬ H2)

Consider what this would mean. It would mean that from the assumptionMgO ∧ H2 we would be able to infer ¬MgO ∧ ¬ H2, and this conclusion con-tradicts the assumption, so we would infer ¬(MgO ∧ H2), and that is clearlynot what was intended. The problem—part of it at least—is that we have triedto get away without datestamping anything.

If we spice up the formalism we are using by means of some datestamp-ing, then it all becomes much more sensible. Rather than write ‘MgO’ to mean“Kevin has some magnesia” we write ‘MgO(t)’ to mean “at time tKevin [or who-ever it happens to be] has some magnesia”—and the other reagents similarly—then instead of (K1) we have

MgO(t) ∧ H2(t) → Mg(t+ 1) ∧ H2O(t+ 1) (K2)

which is altogether more sensible. Notice that just as we left the datestampsout of the original formulation, here we have left out the name of the poor helotin the lab coat. That is perfectly OK, because [. . . ]

In writing ‘MgO(t)’ we have taken the magnesia to be a predicate and pointsin time as arguments. We could have written it the other way round: ‘t(MgO)’with time as the predicate and magnesia as the argument. That way it moreobviously corresponds to “at time t there is some magnesia”. Or we could makethe lab technician explicit by writing something like ‘K(MgO, t)’ which wouldmean something like “Kevin has some magnesia at time t”. Indeed we couldeven have had a three-place predicate and a formulation like ‘H(k,MgO,t)’ tomean that “Kevin has some magnesia at time t”. All of these can be made towork.

The moral of all this is that if there are important features—such as datestamping—that your formalisation takes no account of, then you shouldn’t be surprised ifthings go wrong.

To forestall the charge that I have tried to burn a straw man instead of aheretic, I should point out that this example (of how not to do it) comes from atextbook (which should be showing us how we should do it), to wit [censored]3

2Do not be led astray by the fact that this is three letters in English! It’s only one in thepropositional language we are setting up here!

3Most of us have at one time or another committed to paper sottises like this—if notworse—and yet gone on to lead subsequently blameless lives. The law providing that spentconvictions should be overlooked is a good one, and it is there to protect others as well as me.

9.1. DIALETHISM 143

9.1 Dialethism

Dialethism is the doctrine the some propositions can be both true and false:that some contradictions are true. There is more to dialethism than the nicecute Zen-flavoured insight that Hey guys you don’t have to be like conflictedabout whether the glass is half-empty or half full, co’s it’s—like—both! It’sa lot more serious than that. It rejects an ancient principle that has beenaround and unmolested since it was expounded a Aristotle a good long timeago. That is the principle of non-contradiction. Granted, the arguments fornon-contradiction that you find in Aristotle are terrible. But the argumentsagainst it that the dialethists put up are no better.

Why should one reject it after all this time?Aristotle is credited with two important ideas (among others). One is the

law of noncontradiction—nothing can be both true and false; the other is theapercu that reasoning from assumptions (“hypothetical reasoning”) is just likereasoning from data.

There is one difference—or apparent difference—between these two styles ofreasoning. The principle of ex falso sequitur quodlibet says that from the falseyou can infer anything you like. This is undeniably a truth-preserving principleof inference—vacuously! (Unless you are already a dialethist, that is) Howeveralthough it is a valid truth-preserving principle of inference it can in practiceonly be used in reasoning from assumptions and not in reasoning from data. Ifyou reason from data you will never find yourself proving the false and thereforenever seeking to infer anything from it. That’s not to say that Aristotle waswrong. I am not suggesting that the ex falso is an illegitimate weapon to use ininferring from data, merely a weapon that we will never, as a matter of fact, bein a position to use.

(And we do need the ex falso when reasoning hypothetically. Suppose I havesomehow established (A→ B)→ A. I can infer A as follows. Either A is true,in which case I’m done, or it isn’t. So on that second horn we have ¬A. If wethen assume A we get A ∧ ¬A whence the false and then B by the ex falso. Sothe horn that is labelled ‘¬A’ gives us A → B. But we know (A → B) → Awhichever horn we are on, so modus ponens tells us that A holds in this hornas well. Either way, therefore, we can infer B, so we have a proof of A from(A→ B)→ A) which was what we wanted.)

Notice that if you believe that there are true contradictions then you willhold that the ex falso is not truth-preerving and accordingly is not a good modeof inference. There may be reasons to believe there are true contradictions, butwe haven’t reached that step yet.

Consider now the predicament of someone who believes themself to be rea-soning from data. They suddenly find that they have proved the false. Whatshould they do now? Are they going to use the ex falso? Of course not! What isthe correct thing to do in these circumstances? If you have derived the false thenit must be that you weren’t reasoning from data but were actually reasoningfrom assumptions. Worse it means that (at least) one of the things you thoughtwere data were nothing of the sort: they were unlicenced assumptions—and


false ones at that. Best drop everything you are doing and try to find out asapwhich of the things you had been trusting is wrong.

Notice that the reason why the party of the last paragraph refrains frominvoking the ex falso is not their belief that the ex falso was not a valid form ofinference. Nor does this sobering tale give us a reason to suppose that the exfalso is not a valid form of inference after all.

********************************************************************Eschewing the ex falso in these circumstances on the grounds that there

are true contradictions isn’t really a starter. The candidate true contradictionsthat have been sent to us involve things like the set-theoretic paradoxes, or thecontradiction underlying Bradley’s infinite regress. The contradictory informa-tion in the cockpit confronting the dialethist pilot is not of this high-flown kind.“It’s OK, i’m a dialethist” isn’t a useful response to this predicament. (“I’ma dialethist, get me out of here” would be more like it.) You always have tobacktrack and find the mistake: that requirement is not waived for dialethists.edit below here

One of the temptations to Dialethism (in set theory, for example) is anunhealthy pessimism, a counsel of despair.

And there are lots of statuses a proposition might have in a realistic situation:on-hold,failed-first-test,passed-first-test,in-conflict-with-questionable-evidence,supported-by-questionable-evidenceand dozens of others. (And typically these things are not naturally to be

thought of as truth-values)The paraconsistentists deny the principle of ex falso sequitur quodlibet. Gen-

erally, people who start a movement by denying something that has hithertobeen accepted have some particular purpose in mind. Some paraconsistentists(the dialethists) want to keep open the option of accepting some contradictions(things of the form p ∧ ¬p) as true. However the reason usually given is thatthey are interested in the predicament of people who are attempting to reasonfrom unreliable premisses. If you are reasoning from uncertain premisses andyou reach a contradiction you clearly don’t want to be able to infer everything.So clearly the ex falso must be wrong . . . mustn’t it? It is of course true thatonce you have deduced a falsehood you don’t want to be licensed to infer every-thing. But the point is really that once you have reached a falsehood you don’tactually want to deduce anything at all—until you have backtracked and foundthe mistake! It’s precisely because the ex falso is sound that you have to stopdoing whatever you were doing, and backtrack.

If the ex falso were not sound, one would have less incentive to backtrack. Sowhy not deny the ex falso and just refuse to backtrack? Answer: because con-tradictions aren’t true, and once you have inferred one you know that somethinghas gone wrong—and you have to backtrack. (You have to backtrack not be-cause you have proved a contradiction, but because you have proved somethingfalse.) Putting it off does no good. In the end you have to go to the dentist

9.1. DIALETHISM 145

to have the tooth filled or pulled . . . (This mistake is part of an—unsound—strategy of pretending that defeasible reasoning from unreliable premisses islike [secure] reasoning from secure premisses.)

I say this to the paraconsistentists: “Look at it this way. Suppose that I—abeliever in the ex falso—am given the task of designing an inference engine thatworks with unreliable information. What am i going to program it to do shouldit discover a contradiction in its database? Am i going to say that in thesecircumstances the program should say to itself “Wow, that’s jolly! Everythinghas suddenly become a lot easier! Now i can now infer anything i want!”? Ofcourse i am not, and nor would you, in my shoes. (My ex falso sequitur quodlibetbeliever shoes, that is; and don’t tell me that you don’t know what what youwould do in my shoes—on the grounds that you can’t imagine what it would belike to believe in the ex falso; you might be crazy but you are not autistic.)”

This reply to the paraconsistentists sounds question-begging. We have toback-track when we encounter a contradiction because contradictions cannot betrue and we must have made a mistake, so we don’t need to deny the ex falso.But why did anyone ever want to deny the ex falso in the first place? In order topreserve the pretence, when they were doing defeasible reasoning with uncertainpremisses, that they were reasoning from sound premisses and could proceedaccordingly. Notice that in the normal course of events we use the ex falso onlyin situations where there are outstanding assumptions. [We distinguish herebetween assumptions adopted-for-the-sake-of-argument and data points whichare the things we are given. (Latin datum thing which is given: 3rd declensionneuter noun; plural data.)]

It has all the signs of a solution looking for a problem. Is it not very strikingthat the cries for paraconsistent help with solving the paradoxes of set theorycomes from the paraconsistentists and not from the set theorists? The onlypeople who are asking for help from the paraconsistentists are people in AI whotry to write systems to reason with unreliable information. See [16] for example.And they are in the grip of the errors i recount above, presumably because theyhave been spooked by an early acquaintance with baby logic into thinking that anonstandard logic will be useful to them. (Some of them—perhaps all of them—are engineers suffering under the inferiority complex that mathematicians haveinflicted on them.)

******************************************************************The contradiction might be merely apparent. It may be that p and ¬p

are being asserted in two different contexts which means that the apparentcontradiction is seen—once the context is supplied—to not be a contradictionat all. The obvious thing to do is not to shun the law of non-contradiction butto make the context explicit. And of course this is precisely what you cannotdo if you are hell-bent on setting up a Logic.

The inescapable brute fact is that the ex falso sequitur quodlibet is truth-preserving; it just is: get over it. So if you wish to deny it you have to say whatit is your inferences are supposed to be preserving, since it is can’t be truth. Itmight be exhibitionism: that would be sensible. But—one way or another—ifyou want your logic to be well-motivated you have to have a good story to tell


about why truth-preservation is not enough. And that is hard! Out there inthe jungle, if you are a metazoan trying to make a living, you will take—anduse—any information that comes your way, even if it is acquired by methodsthat violate local human rights legislation, respect agendas, or the directives oflocal medical ethics committees; or exploits the axiom of choice or the law ofexcluded middle. You want bad people to be banged up, and good food to becaught and eaten. Squeamishness is not a virtue—it never was. There are—no doubt—interesting metaphysical points to be made, but not in the contextof maintaining a database of information relevant to the predicament of themetazoan trying to make a living.

If we distinguish between false and not-true then we have to rephrase theex falso. A rule that infers anything you please (quodlibet) from something thatisn’t true is truth-preserving. The paraconsistentists don’t so much deny the exfalso (well, they do, but they needn’t) as arrange things so that they can’t useit. If p is both false and true then the ex falso is not applicable to it!

Chapter 10

Some Applications of Logic

The logical gadgetry we have seen so far can lead in two directions:

1. The gadgetry can be exposed to philosophical analysis. We can try to getstraight things like the constructive concept of proposition or truth. See,for example, [21], [22] and [10].

2. We can use the logic tools to attack problems in philosophy. My favouriteexample of this is Berkeley’s master argument for idealism.

10.1 Berkeley’s Master Argument for Idealism

(Two dialogues of Hylas and Philonous)Berkeley’s Master Argument for Idealism combines immediate appeal and

extremely murk, which makes it an ideal thing for logicians to practice theirgadgets on. In this section I cover some of the modern work on it using thosegadgets. My purpose here is pedagogical rather than investigatory: I want toshow what can be done with the logical machinery we developed in the earlierchapters. I want to put the machinery through its paces, and Berkeley’s Masterargument is a stretch where the going is hard enough to test all the runnersthoroughly: the murkiness of Berkeley’s argument makes for lots of pitfalls inthe application of logical gadgetry—and that of course suits my pedagogicalpurpose.

In what follows we will see natural deduction, modal operators, ε-terms, andthe intension/extension distinction. And hundreds-and-thousands on top!

The purpose of Berkeley’s Master Argument is to prove that everythingexists in the mind. Berkeley cast it in the form of dialogue, as people didin those days. The two interlocutors are Philonous and Hylas. Philonous isBerkeley’s mouthpiece, Hylas the stooge.

HYLAS : What more easy than to conceive of a tree or house existingby itself, independent of, and unperceived by any mind whatsoever.I do at present time conceive them existing after this manner.

147

148 CHAPTER 10. SOME APPLICATIONS OF LOGIC

PHILONOUS : How say you, Hylas, can you see a thing that is atthe same time unseen?

HYLAS : No, that were a contradiction.

PHILONOUS : Is it not as great a contradiction to talk of conceivinga thing which is unconceived?

HYLAS : It is

PHILONOUS : This tree or house therefore, which you think of, isconceived by you?

HYLAS : How should it be otherwise?

PHILONOUS : And what is conceived is surely in the mind?

HYLAS : Without question, that which is conceived exists in themind.

PHILONOUS How then came you to say, you conceived a house ora tree existing independent and out of all mind whatever?

HYLAS That was I own an oversight . . .

There is surely some simple point to be made by appealing to the differ-ence between “intensional” and “extensional” attitudes. You can desire-a-sloopslooplessnesswithout there being a sloop. Don’t we have to ask some awkward questionsabout which of these “conceive” is, intensional or extensional? Surely it is onlyif it is extensional that Philonous’ trick ever gets started; and it is surely clearthat Hylas reckons that the conceiving he is doing is intensional. Though thisis probably intentional with a ‘t’, as in Chisholm.

10.1.1 Priest on Berkeley

In [25] Graham Priest gives a very elegant formulation of Berkeley’s MasterArgument, and I will recapitulate it here.

Priest starts off by distinguishing, very properly, between conceiving ob-jects and conceiving propositions. This answers our concerns in the pre-vious section about equivocating between intensional and extensional kinds ofconceiving. Accordingly in his formalisation he will have two devices. One is asentence operator T which is syntactically a modal operator and a the other isa predicate τ whose intended interpretation is that τ(x) iff x is conceived. Itis presumably true that both these devices should be relativised—in the senseof having an extra argument place where we can put in a name of whoever isdoing the conceiving, but since this is probably going to be plugged with somefixed constant we will ignore it. As a matter of record, no developments of thisproblem have depended on “conceivable” meaning conceivable not just by mebut by anyone else, but one certainly should not exclude this possibility. Untilfurther notice, then Tφ means that the proposition φ is being conceived by me,and τ(x) means that I am contemplating the object x.

10.1. BERKELEY’S MASTER ARGUMENT FOR IDEALISM 149

In addition to the usual devices of the ε-calculus from section 3.9.1 we willadopt the following schemes for these syntactic devices.

φ→ ψ

T (φ)→ T (ψ)

Priest calls this affixing. The other rule is one that tells us that if we conceivean object to be something then we conceive it.

T (φ(x))τ(x)

Let us call it the mixed rule. We of course have the usual rule of ε-introduction for ε-terms (from page 92) namely

∃yΨ(y)Ψ(εxΨ(x))

Priest’s formalisation procedes as follows. One particular ε-term we shallneed a great deal is εx.¬τ(x). Since it takes up a lot of space it will be abbre-viated to ‘c’.

What do we know about this c? Not a great deal, but we do know that it isunconceived iff anything is. Thus: (∃x¬τ(x)) → ¬τ(c). We will use this againlater. Provide a proof of this

By affixing we infer T (∃x¬τ(x))→ T (¬τ(c)). Let us now adopt the premissthat I conceive that something exists unconceived by me. This is T (∃x¬τ(x)).(This is the first of two innocent-looking formulations of realism from which wewill derive a contradiction). This is the antecedent of the conditional we havejust proved so we infer the consequent, to wit T (¬τ(c)).

By the mixed rule we can infer the consequent, namely τ(c).Let us now return to our first formula, (∃x¬τ(x))→ ¬τ(c), and use it again.

The antecedent of this is (∃x¬τ(x)) which we are going to adopt with a view torefuting it, so we conclude ¬τ(c). However, in the first leg of this argument, inthe preceding paragraph, we proved τ(c). Thus we have proved a contradiction.

Thus, by judicious use of the ε machinery, we have derived a contradictionfrom the two assumptions (∃x)¬τ(x) and T (∃x¬τ(x)), which both sound likepossible formulations of realism.

(∃x¬τ(x))→ ¬τ(c)Affixing

T (∃x¬τ(x))→ T (¬τ(c)) T (∃x¬τ(x))→-elim

T (¬τ(c))Mixed Rule

τ(c)(∃x¬τ(x))→ ¬τ(c) (∃x¬τ(x))

→-elim¬τ(c)→-elim⊥

(10.1)It seems pretty clear that this is a correct formalisation of Berkeley’s argu-

ment. This raises two questions. The first is: is this a proof? and the second: ifnot, can we find one? The answer to the first is that it is not a legitimate proof


as long as we regard ε terms as introduced by contextual definition, so that—to They don’t know contextualdefinitionstake a pertinant example—the ‘T (¬τ(c))’ on the left branch is merely a variant

notation for ‘T (∃x¬τ(x))’ and therefore does not match the antecedent of themixed rule because it has no free variable in it, and in particular has no freeoccurrence of c. Therefore the mixed rule is not applicable and we cannot useit to infer τ(c) from T (¬τ(c)). Accordingly the argument is fallacious.

It is of course true that the argument given is correct if we think of c as aconstant and (∃x¬τ(x))→ ¬τ(c) as an axiom. We can even provide a proof ofthis that does not use constants or epsilon gadgetry.

Consider the following first-order theory T . It has a predicate τ and aunary operator T , and we adopt the mixed rule and the affixing rule as rules ofinference. It has no ε machinery.

In what follows, let p be something for which we have Tp. In Priest’s orig-inal proof we had two premisses, (∃x¬τ(x)) and T (∃x¬τ(x)). Here we need(∃x¬τ(x)) but instead of T (∃x¬τ(x)) any premiss of the form Tp will do. Iprefer the intuitionistic definition of negation here: those with constructive in-tuitions will feel that this proof is best thought of as a constructive proof that ev-erything is not-not-conceived (as long as some proposition is entertained) ratherthan a classical proof that everything is conceived (as long as some propositionis entertained). Also I want to show that such funny business as is going ondoesn’t depend on excluded middle.

[p]1 [τ(x)→ ⊥]2identity rule

τ(x)→ ⊥→-int (1)

p→ (τ(x)→ ⊥)Affixing

Tp→ T (τ(x)→ ⊥) Tp→-elim

T (τ(x)→ ⊥)Mixed Rule

τ(x) [τ(x)→ ⊥]2→-elim⊥ →-int (2)

(τ(x)→ ⊥)→ ⊥∀-int

(∀x)((τ(x)→ ⊥)→ ⊥)(10.2)

Neither the affixing rule nor the mixed rule have anything of the form Tφas a conclusion. This means that if we want to conclude Tφ we have to haveit as a premiss. So if we interpret (i) T as a falsum operator—so that Tp isalways false, and (ii) τ as a predicate with empty extension—so τ(x) is alwaysfalse, then the rules are truth-preserving. So we cannot expect to be able toprove that even one thing is τ without some extra premisses. This result is bestpossible.

It has been said that this is not the way the mixed rule should be used,and that it should be applied only to antecedents in which there are no freevariables. The point of the preceding analysis is to anticipate this objection,on the basis that whatever its force, it applies equally well to Priest’s originalformulation—formula 10.1, since ‘T (¬τ(c))’ does not, properly viewed, have any

10.2. THE PARADOXES 151

occurrences of ‘c’ in it either. We can argue that ‘c’ is a constant and denotesa particular object. But then it’s not clear that is a particular object which isunconceived if anything is. That exploits excluded middle.

10.2 The Paradoxes

I haver apologized to the reader—several times—(e.g. section 2.9)—for inflictingon them all this apparatus of proof system when it is usually easier to checkfor validity of a formula by inspecting a truth-table than it is to find a proof.Even in predicate calculus (where there is no easy analogue of truth-tables) itseems easier to check validity by inspection than by looking for a proof. Inthis section we are going to see some natural deduction and sequent rules fora subject matter in a setting where the proof-theoretical gadgetry is genuinelyilluminating.

Let us consider Russell’s paradox of the set of those sets that are not membersof themselves. Let us use the notation ‘x : φ(x)’ for the set of all x that areφ. We write ‘x ∈ y’ to mean that x is a member of y. Since x : φ(x) is theset of all things that are φ we want to have

φ(a)←→ a ∈ x : φ(x) (10.1)

This gives us two natural deduction rules

φ(a)a ∈ x : φ(x) ∈-int; a ∈ x : φ(x)

φ(a) ∈-elim

(Do not confuse these with the rules for ε-terms!!)Let us now use this to analyse Russell’s paradox of the set of all sets that

are not members of themselves. We can, as before, write ‘¬(x ∈ x)’ instead of‘x ∈ x→ ⊥’, but to save yet more space we will instead write ‘x 6∈ x’.

The following is a proof that x : x ∈ x→ ⊥ is not a member of itself.

[(x : x 6∈ x ∈ x : x 6∈ x)]1∈-elim

(x : x 6∈ x ∈ x : x 6∈ x)→ ⊥ [x : x 6∈ x ∈ x : x 6∈ x]1→-elim⊥ →-int (1)

x : x 6∈ x ∈ x : x 6∈ x)→ ⊥(10.2)

Clearly space is going to be a problem, so let’s abbreviate ‘x : x 6∈ x’ to‘R’ (for Russell).

[R ∈ R]1∈-elim

(R ∈ R)→ ⊥ [R ∈ R]1→-elim⊥ →-int (1)

(R ∈ R)→ ⊥

(10.3)

But we can extend this proof by one line to get a proof that x : x 6∈ x isa member of itself after all!


[R ∈ R]1∈-elim

(R ∈ R)→ ⊥ [R ∈ R]1→-elim⊥ →-int (1)

(R ∈ R)→ ⊥∈-int

R ∈ R

(10.4)

. . . and put these two proofs together to obtain a proof of a contradiction

[R ∈ R]1∈-elim

(R ∈ R)→ ⊥ [R ∈ R]1→-elim⊥ →-int (1)

(R ∈ R)→ ⊥∈-int

R ∈ R

[R ∈ R]1∈-elim

(R ∈ R)→ ⊥ [R ∈ R]1→-elim⊥ →-int (1)

(R ∈ R)→ ⊥→-elim⊥(10.5)

10.2. THE PARADOXES 153

b∈

a`

b∈

a

a∈

b`

a∈

b

b∈

a`

b∈

a¬

Lb∈

a,

b6∈

a`

→L

b∈

a,

a∈

b,

a∈

b→

b6∈

a`

∀L

b∈

a,

a∈

b,(∀

z)(

z∈

b→

b6∈

z)`

→L

a∈

b,

b∈

a,

b∈

a→

(∀z)(

z∈

b→

b6∈

z),

(∀z)(

z∈

b→

b6∈

z)→

b∈

a`

∧L1

a∈

b,

b∈

a,

b∈

a←→

(∀z)(

z∈

b→

b6∈

z)`

¬R

b∈

a,

b∈

a←→

(∀z)(

z∈

b→

b6∈

z)`

a6∈

b→

Rb∈

a←→

(∀z)(

z∈

b→

b6∈

z)`

b∈

a→

a6∈

b∀

L(∀

y)(

y∈

a←→

(∀z)(

z∈

y→

y6∈

z))`

b∈

a→

a6∈

b∀

R(∀

y)(

y∈

a←→

(∀z)(

z∈

y→

y6∈

z))`

(∀z)(

z∈

a→

a6∈

z)

a∈

a`

a∈

a

a∈

a`

a∈

a

a∈

a`

a∈

a¬

La∈

a,

a6∈

a`

→L

a∈

a,

a∈

b→

a6∈

a`

∀L

(∀z)(

z∈

a→

a6∈

z),

a∈

a`

→L

a∈

a→

(∀z)(

z∈

a→

a6∈

z),

a∈

a`

→L

(∀y)(

y∈

a←→

(∀z))

(z∈

y→

y6∈

z))

,a∈

a→

(∀z)(

z∈

a→

a6∈

z),

(∀z)(

z∈

a→

a6∈

z)→

a∈

a`

∧L1

(∀y)(

y∈

a←→

(∀z)(

z∈

y→

y6∈

z))

,a∈

a←→

(∀z)(

z∈

a→

a6∈

z)`

∀L

(∀y)(

y∈

a←→

(∀z)(

z∈

y→

y6∈

z))

,(∀

y)(

y∈

a←→

(∀z)(

z∈

y→

y6∈

z))`

Contr

act-

L(∀

y)(

y∈

a←→

(∀z)(

z∈

y→

y6∈

z))`

∃L

(∃x)(∀

y)(

y∈

x←→

(∀z)(

z∈

y→

y6∈

z))`

(10.6

)


Chapter 11

Appendices

11.1 Index of definitions

11.2 Appendix: failure of completeness of second-order logic

Second-order arithmetic includes as one of its axioms the following:Second-order induction axiom: (∀F )([F (0) ∧ (∀n)(F (n) → F (n + 1))] →

∀n)(F (n)))And we can give a second-order definition of what it is for a natural number

to be standard:

DEFINITION 32

standard(n)←→bf (∀F )([F (0) ∧ (∀m)(F (m)→ F (m+ 1))]→ F (n))

This axiom enables us to prove—in second-order arithmetic—that every nat-ural number is standard: simply take ‘F (n)’ to be ‘standard(n)’.

Another thing we can prove by induction is the following:if n is a natural number then, for any model M of arithmetic, there is a

unique embedding from [0, 1, . . . n] into an initial segment of M. It requires a This isn’t really second-order; it’s much worse. . .little bit of work to show that the converse is true, but it is.

One consequence of this is that second-order arithmetic is what they callcategorical: it is a theory with only one model. We exploit this fact here.Add to the language of second-order arithmetic the constant symbol ‘a’, andinfinitely many axioms a 6= 0, a 6= 1, a 6= 2, a 6= 3 . . . . This theory is nowconsistent, since no contradiction can be deduced from it in finitely many steps,but it has no models.

Valuation and evaluationWe don’t examine evaluation at all. We are aware in an abstract sort of way

that if we know what a valuation does to propositional letters then we know

155

156 CHAPTER 11. APPENDICES

what it does to molecular formulæ but we pay not attention to the mechanicsof how these truth-values are actually calculated.. eager vs lazy A ∨ (B ∧ (. . .also apercu about Popper

One’s intuitions about what [[A ∨ B]] should be when one or both of [[A]]and [[B] is intermediate seems to depend to a certain extent on whether ourevaluation strategy is eager or lazy.

Suppose we kid ourselves that there should be three truth-values: true, falseand undecided. What is the truth-value of A ∨B when A is undecided? Do wewant to say that its also undecided, on the grounds that indecision about oneletter is enough to contaminate the whole formula? Or do we rather say “Well,it’s true if the truth-value of B is true and undecided otherwise”. This lookslike a riddle about eager vs lazy evaluation because of the mistake of thinkingthat ‘undecided’ is a third truth-value.

A ∨ (B ∧ (C ∨ (D ∧ . . .))))

Computer science has been a wonderfully fertilising influence on modern phi-losophy. Not only has it brought new ideas to the subject, but it has breathednew life into old ones. A striking example is the way in which Computer Sci-ence’s concern with evaluation and strategies (lazy, eager and so on) for evalua-tion has made the intension/extension distinction nowadays almost more famil-iar to computer scientists than to philosophers. Intensions evaluate to exten-sions. In the old, early-twentieth century logic, evaluation just happened, andthe subject was concerned with that part of metaphysics that was unaffectedby how evaluation was carried out. For example, the completeness theorem forpropositional logic says that a formula is derivable iff it is true under all valu-ations: the internal dynamic of valuations is not analysed or even considered.Modern semantics for programming languages has a vast amount to say aboutthe actual dynamics of evaluation as a process. The old static semantics gavea broad and fundamental picture, but was unsuited for the correct analysis ofcertain insights that happened to appear at that time. A good example of aninsight whose proper unravelling was hampered by this lack of a dynamic per-spective is Popper’s idea of falsifiability. Let us examine a natural setting forthe intuition that gave rise to it.

Let us suppose that, in order to be confirmed as a widget, an object x hasto pass a number of independent tests. If investigator I wants to test whether acandidate x is a widget or not, I subjects it to these tests, all of which it has topass. Which test does I run first? Obviously the one that is most likely to fail!It will of course be said that this is so that if x passes it the theory T (that x isa widget) is more strongly confirmed than it would have been if it had passedan easy one. Indeed I have heard Popperians say precisely this.

It seems to me that although this is true, it does not go to the heart ofthe insight vouchsafed to Popper. This traditional account concerns merely thetheory that is being confirmed, and not any of I’s other preoccupations. Bytaking into account a more comprehensive decription of I we can give a moresatisfactory account of this intuition. Specifically it is helpful to regard the

.1. APPENDIX: NEGATION IN SEQUENT CALCULUS 157

execution of the various tests as events that have a cost to I. Suppose candidatex has to pass two tests T1 and T2 to be confirmed as a widget. Suppose alsothat most candidates fail T1 but most pass T2. What is I to do? ObviouslyI can minimise his expected expenses of investigation by doing T1 first. It isof course true that if x is indeed a widget then by the time it has passed bothtests, I will have inevitably have incurred the costs of running both T1 and T2.But a policy of doing T1 first rather than doing T2 first will in the long run saveI resources because of the cases where x is not a widget.

Notice that this point of view has something to say also about the situationdual to the one we have just considered, in which the investigator I has anumber of tests and a candidate x can be shown to be a widget by passing evenone of them. In this situation the dual analysis tells I that the best thing todo in order to minimise the expected cost of proving x to be a widget is to tryfirst the test most likely to succeed. Although this is logically parallel (“dual”)to the situation we have just considered, the traditional Popperian analysis hasnothing to say about it at all. This is surely a warning sign.

This is not to say that Popper’s insight is not important: it clearly is. Theclaim is rather that it has not been received properly. Properly understoodit is not straightforwardly a piece of metaphysics concerning verification andsupport, but a superficially more mundane fact about strategies for minimisingcosts for agents in an uncertain world. That may have metaphysical significancetoo, but perhaps only to the extent that mathematics is part of metaphysics.

If there is a moral to be drawn, it may be the following. Do we suffer from apersistent tendency to think that certain problems are part of metaphysics whenthey are not? Peter Godfrey-Smith’s recent penetrating analysis of Hempel’spuzzle of the ravens is another recent apercu to the effect that a problem hithertogenerally regarded as metaphysical might dissolve if seen in another way.

.1 Appendix: Negation in Sequent Calculus

It is possible to continue thinking of ¬P as P → ⊥. The way to do this is tothink of any sequent as having an unlimited supply of ⊥s on the right. Infinitelymany? Not necessarily: it will suffice to have an indeterminate finite numberof them. Or perhaps a magic pudding [20] of ⊥s: something that emits a ⊥whenever you ask it nicely. In these circumstances the ¬-R rule simply becomesa special case of →-R. Considerations of this kind are an essential input intoany discussion that aims to determine precise what sort of data object the right-hand-side of a sequent is: list, set, multiset, stream, magic pudding . . .

Quite what happens to the rule of ¬-L if we continue to think of ¬P asP → ⊥ is a topic I shall leave to the reader for the moment.

158 CHAPTER 11. APPENDICES

Bibliography

[1] Berkeley, G. Three dialogues of Hylas and Philonous.

[2] Andreas Blass, Nachum Dershowitz and Yuri Gurevich. When are two algo-rithms the same? Bulletin of Symbolic Logic 15 (june 2009)pp 145–168.

[3] J.L. Borges Labyrinths [publ’n data??]

[4] Chung-Ying Cheng. Inquiries into Classical Chinese Logic. Philosophy Eastand West, Vol. 15, No. 3/4 (Jul–Oct., 1965), pp. 195-216

[5] Carnap, R. Meaning and Necessity. University of Chicago Press 1947

[6] Carrol, L. Through the Looking Glass and what Alice found there.

[7] Chang, C. L. and Lee, R. C. T, Symbolic Logic and Mechanical TheoremProving, Academic Press 1973.

[8] Church, A. The calculi of λ-conversion. Princeton 1941

[9] Marcel Crabbe. L’Egalite et l’extensionalite. Logique et Analyse 185-188 dec2004 pp 365-374.

[10] Michael Dummett: Elements of Intuitionism Oxford Logic Guides.

[11] T.E.Forster. The Modal æther. www.dpmms.cam.ac.uk/~tf/modalrealism.ps

[12] Glivenko, V. Sur la Logique de M. Brouwer. Bulletin de L’Academie Royalde Belgique, serie de la Classe des Sciences 14 1928 pp 225-8.

[13] Glivenko, V. Sur quelques points de la Logique de M. Brouwer. Bulletinde L’Academie Royal de Belgique, serie de la Classe des Sciences 15 1929 pp183-8

[14] Godel, K. An interpretation of the intuitionistic sentential Logic. Reprintedin Hintikka (ed) The Philosophy of Mathematics Oxford readings in Philios-ophy 1969 pp 128-9.

[15] W.H. Gottschalk, The theory of Quarternality, Journal of Symbolic Logic18 (fascicule 3) pp 193–6.)

159

160 BIBLIOGRAPHY

[16] Carl Hewitt. Common sense for concurrency and strong paraconsistencyusing unstratified inference and reflection. arXiv:0812.4852

[17] Wilfrid Hodges Logic Penguin

[18] Donald Kalish and Richard Montague: LOGIC: techniques of formal rea-soning. Harcourt Brace 1964

[19] Kalmar, L. Uber die Axiomatisierbarkeit des Aussagenkalkuls, Acta Scien-tarum Mathematicarum 7 1934-5 pp 222-43.

[20] Norman Lindsay The magic pudding.

[21] Per Martin-Lof. Truth of a Proposition, Evidence of a Judgement, Validityof a Proof, Synthese 73, pp.407-420.

[22] Per Martin-Lof. On the meaning of the Logical Constants and the Justifica-tions of the Logical Laws’, Nordic Journal of Philosophical Logic 1(1) (1996),pp.11-60.

http://www.hf.uio.no/ifikk/filosofi/njpl/vol1no1/meaning/meaning.html

[23] Mendelson, E. (1979) Introduction to Mathematical Logic. (2nd edn) VanNostrand

[24] Roger Penrose: The Emperor’s New Mind

[25] Graham Priest Some Priorities of Berkeley, Logic and Reality: Essays onthe Legacy of Arthur Prior, ed. B.J.Copeland, Oxford University Press, 1996.

[26] Quine, Mathematical Logic

[27] Quine, Ontological relativity and Other Essays

[28] Quine, Word and Object

[29] Quine, Predicate functor Logic in Selected Logic papers.

[30] Quine, Ontological remarks on the propositional calculus in Selected LogicPapers 265–272.

[31] Scott D.S. Semantical Archæology, a parable. In: Harman and Davidsoneds, Semantics of Natural Languages. Reidel 1972 pp 666–674.

[32] Peter Smith: An introduction to Formal Logic CUP.

[33] Alfred Tarski and Steven Givant. A formulation of Set Theory withoutvariables. AMS colloquium publication 41 1987.

[34] Tversky and Kahnemann Extensional versus Intuitive reasoning Psycho-logical Review 90 293-315.

[35] Tymoczko and Henle. Sweet Reason: A Field Guide to Modern Logic.Birkhauser 2000 ISBN

Documents

chchlectures