Reading1. D. van Dalen, Logic and Structure, Springer-Verlag, third-fourth edition.2. A. Troelstra & H. Schwichtenberg, Basic Proof Theory, Cambridge Univer-

sity Press, 1996.3. J.-Y. Girard, Y. Lafont & P. Taylor, Proofs and Types, Cambridge University

Press, Cambridge 1989.4. S. Artemov, “Explicit provability and constructive semantics”, Bulletin of

Symbolic Logic, volume 7, No.1, pp. 1-36, 2001

TIME100 project: “The greatest scientists of the century”(20 positions):

• Technology - 6 (airplane, rocket, TV, transistor, plastic, WWW)• Biology & Medicine - 4 (psychoanalysis, penicillin, DNA, polio)• Physics & Astronomy - 3 (Einstein, Fermi, Hubble)• Anthropology - 1 (The Leakeys)• Economy - 1 (Keynes)• Environment - 1 (Rachel Carson)• Psychology - 1 (Piaget)

• Computer Science - 1 (Turing, a logician)• Mathematics - 1 (Godel, a logician)• Philosophy - 1 (Wittgenstein, who began as a logician)

Three traditions in Logic

1. Classical: Frege, Hilbert, Godel, Tarski

2. Constructive: Brouwer, Heyting, Kolmogorov, Godel

3. Explicit: Skolem, Curry, Godel, Church - bridge to computing!

1

Fundamental results in Logic make their way from foundational topics toreal applications within one lifetime

Propositional Logic: consistent, decidable, not feasible (if P 6= NP ). Manypractical methods reduce to this level (Deep Space 1)

Boole (1854), Post (1920): boolean circuits, boolean values in programming,duality of proof search and model checking

Gentzen (1933): normalization of proofs basis for “all” modern provers, proofcheckers

Downside: limited expressive power!

First order logic: one sort of objects, quantifiers ∀, ∃. Consistent, undecidablebut recursively enumerable, formalizes all “usual” mathematical reasoning. Firstorder theories are typically not categorical. Formal arithmetic, set theory, theoryof reals, theory of groups, rings, fields, etc. can be presented as FO theories.

Frege (1879): proofs in first order systems as positive tests of validness

Downside: not “object oriented” ”, no direct representation of dynamicfeatures (time, actions, etc.) hence excessive coding, computationally un-friendly! Another trouble: ∃-sickness (later).

Logic Programming: computing by provingJ. Robinson (1965): resolution + unification = single rule proof system for

the first order logic. A theoretical prototype of PROLOG programming language(1972).

Verification problem: “does a program satisfy its specification?” is subsumedby the programming language. Japanese “fifth generation computer initiative”.Pure PROLOG: easy to write a program, “almost” the usual math slang. Thelanguage of choice in AI.

Downside: Relatively slow. Later refinements improved its efficiency butthe logical purity has been lost.

2

Higher order logic: Higher sorts of quantified variables. “Very” undecidable,not axiomatizable, not compact. HO theories: second order arithmetic (analysis),type theories. Close to the natural language, widely used for proof checking in ver-ification.

Andrews (1982): classical HOL prover

Downside: No efficient proof search, no complete proof systems possible,difficulties with semantics and consistency.

Modal Logic: (Lewis & Langford (1932)) extends the usual logic (typicallypropositional) by new atoms 2F - “F is necessary” to capture dynamics. Usuallypreserves decidability

Godel (1933): provability calculus ( = S4). The most popular modal logic: knowl-edge representation, dynamic logic, nonmonotonic reasoning, etc.

1. Classical axioms and rules2. 2(F→G)→(2F→2G)3. 2F→F

4. 2F→22F

5. F/2F (necessitation rule)

Godel’s provability problem: find an intended provability model for S4. Re-mained open for > 60 years.

McKinsey - Tarski (1948): topological semantics 2F = interior(F ), leads tologics for dynamic systems

Kripke (1959): possible worlds a la Leibniz

Hoare (1969): partial correctness statementsA{G}B = “if A holds before the execution of G then B holds afterwards” .

Recently Hoare was knighted by the British Queen.

3

Pratt (1976): logic of programs,[C]φ = φ holds while C is executed,

each [C] is an S4-modality, Kripke style semantics where possible worlds are ma-chine states

Pnueli (1977): branching temporal logic = logic of concurrency, Turing awardin CS

Logic of Knowledge: a core AI topic, KA(φ) = “agent A knows φ”, multiplemodalities S4 and S5, negative introspection, common knowledge operator.

Logical Omniscience: unrealistic assumption that an agent knows all logicalconsequences of its knowledge.

Major Problem (Joe Halpern, Rohit Parikh, and others): builda logic of knowledge that distinguishes “hard” and “easy” facts

Intuitionism: constructive approach to mathematics

Brouwer (1900s):

“It does not make sense to think of truth or falsity of a math-ematical statement independently of our knowledge concerningthe statement. A statement is true if we have a proof of it, andfalse if we can show that the assumption that there is a proof forthe statement leads to a contradiction.”

4

Constructive semantics problemBHK problem: find the intended provability semantics of intuitionistic

logic satisfying BHK conditions:

• a proof of A∧B consists of a proof of A and a proof of B,• a proof of A∨B is given by presenting either a proof of A or a proof of B,• a proof of A→B is a construction which, given a proof of A returns a proof ofB,• absurdity ⊥ is a proposition which has no proof, ¬A is A→⊥.

Crucial for understanding connections between computations and deriva-tions!

Major models for intuitionistic logic

1. Algebraic semantics (Birkhoff, 1935)2. Topological semantics (Stone, 1937; Tarski, 1938)3. Realizability semantics (Kleene, 1945)4. Beth models (1956)5. Dialectica Interpretation (Godel, 1958)6. Curry - Howard isomorphism (1958)7. Medvedev’s logic of problems (1962)8. Kripke models (1965)9. Kuznetsov-Muravitsky-Goldblatt provability interpretation (1976)10. Categorical semantics (Goldblatt, 1979)

None solves the original BHK-problem!

5

Intuitionistic system = classical system + effective ∨ and ∃.

Existential property of intuitionistic systems:a constructive proof of ∀x∃yA(x, y) yields computable term(program) f(x) such that ∀xA(x, f(x)) holds.

Corollary: intuitionistic correctness proof =program + correctness proof =

verified program

Downside: produces correct but computationally not optimal programs

Explicit tradition: Functions vs. Quantifiers:

Skolem (1920), Herbrand (1930), Godel (1930):quantifiers ∀, ∃ are ghosts of functions, a precursor to automated reasoning!:

logic explicit logic

∀x∃yA(x, y) A(x, f(x))

∃xA(x)→∃yB(y) A(x)→B(f(x))

By its nature the closest to Computer Science. Addresses the right set of ques-tions: whether f(x) is computable, feasible, etc.

Downside: Too many Skolem functions, unification problems.

Shonfinkel (1924), Church (1929, 1930):λ-calculus = universal functional language, foundational motivations.

Normal form = the result of a computation,normalization process = computation

McCarthy (1960): λ-calculus implemented in LISP,

6

universal machine = LISP-compiler in LISP.Functional programming languages.

Curry (1934), Howard (1969):typed λ-calculus, implemented in MLt:F ∼ term t has type F ∼ t is a proof of the proposition F

proofs ∼ functional programsassumptions ∼ initial datadeduction ∼ execution sequence

Girard (1971): second order λ-calculus, yields the consistency of the secondorder arithmetic, is implemented in the prover Coq

Martin-Lof (1982): type theory with intuitionistic logic, is implementedin NuPRL/MetaPRL prover at Cornell-Caltech, verification, programming viaproofs, formally verified mathematics

Constructive quantifiers = computable Skolem functionsGood news: intuitionistic correctness proof =

= program + correctness proof = verified programBad news: the above scheme is not efficient. Too long detour:

formal specs S(x, y) 7→ constructive proof of ∀x∃yS(x, y) 7→7→ computable Skolem function y = f(x)

Compromise: reverse engineering of proofs, write a proof of ∀x∃yS(x, y) tar-geting a specific algorithm y = f(x)

Godel, 1933: provability is a modality2F ∼ “there exists a proof of F”

2A → 2B

∃x(x is a proof of A) → ∃y(y is a proof of B)“x is a proof of A” → “f(x) is a proof of B”

x:A → f(x):BCurry-Howard Isomorphism of proofs and programs: typed λ-terms (programs)

correspond to a simple case when the provability does not iterate

2A1, . . . ,2An ⇒ 2B

x1:A1, . . . , xn:An ⇒ t(x1, . . . , xn):B

7

The general case - iterated provability Godel (1933):

Provability Calculus, a.k.a. S4

1. Classical axioms and rules2. 2(F→G)→(2F→2G) (implicit application)3. 2F→F (reflexivity)4. 2F→22F (implicit proof checker)5. Internalization rule: ` F

` 2F

Reflects the basic intuition of Provability as a logic operator. Derives all basicfacts about Provability.

Examples of derivations in S4.

2 and ∧ commute:

A→(B→A ∧B) A ∧B→A2(A→(B→A ∧B)) 2(A ∧B→A)2A→2(B→A ∧B) 2(A ∧B)→2A2A→(2B→2(A ∧B)) 2(A ∧B)→2B(2A ∧2B)→2(A ∧B) 2(A ∧B)→(2A ∧2B)

2 factors out through ∨:

A→A ∨B But not 2(A ∨B)→(2A ∨2B)!2(A→A ∨B) Consider B to be ¬A2A→2(A ∨B)2B→2(A ∨B)(2A ∨2B)→2(A ∨B)

Godel’s embedding of Int into S4:

1. translate Int-formula F into a classical language 2:tr(F ) = “box each subformula of F”,

2. test the translation in S4:Int proves F ⇔ S4 proves tr(F )

8

(Godel (1933), McKinsey & Tarski (1948))

The mission of finding the intended provability semantics of Int has notbeen accomplished though, since

S4 itself was left without an exact provability model

Int ↪→ S4 ↪→ ? ↪→ REAL PROOFS

FMU on Provability (Godel, 1931):

Proof T (X, Y ) ∼ “X is a proof of Y ”Provable T (Y ) = ∃XProof T (X, Y ) ∼ “Y is provable”“T is consistent” = Consis T = ¬Provable T (false)Reflection scheme: Provable T (φ) → φConsistency is a special case of reflection:

¬Provable T (false) = Provable T (false)→ false

Incompleteness Theorem:T does not prove Consis T

Reflection is not provable:T does not prove Provable T (ϕ) → ϕ

Corollary Godel (1933): S4 modality 6= Provable(·)

Indeed, 2(2F→F ) is provable in S4:2F→F - reflexivity axiom2(2F→F ) - by Internalization rule

However, under the interpretation of 2 as Provable thisasserts that reflection is internally provable

Provable T (Provable T (F )→F )which is false by Godel’s Incompleteness Theorem.

Godel’s problem: find an exact provability semantics of S4.

9

1938 Godel: changing format of S4 from 2F to t:F standing for t is aproof of F for an appropriate system of proof terms that corresponds to S4.If successful yields• complete logical description of provability (Godel’s problem)• formalization of constructive semantics for intuitionistic logic (BHK-problem)• quantitative logic of knowledge (logical omniscience problem)• much richer type systems for programming languages (referential types, codingcomputations in types)• etc.A solution (Artemov, 1995): proof polynomilas, proof carrying formulas, the Logicof Proofs LP.

Int ↪→ S4 ↪→ LP ↪→ REAL PROOFS

Examples of derivations.

Derivation in S4 Derivation in LP2A→2A ∨2B x:A→x:A ∨ y:B2(2A→2A ∨2B) a:(x:A→x:A ∨ y:B)2A→22A x:A→!x:x:A22A→2(2A∨2B) !x:x:A→(a·!x):(x:A∨y:B)2A→2(2A∨2B) x:A→(a·!x):(x:A∨y:B)[→(a·!x+b·!y):(. . .)]2B→2A ∨2B y:B→x:A ∨ y:B2(2B→2A ∨2B) b:(y:B→x:A ∨ y:B)2B→22B y:B→!y:y:B22B→2(2A∨2B) !y:y:B→(b·!y):(x:A∨y:B)2B→2(2A∨2B) y:B→(b·!y):(x:A∨y:B)[→(a·!x+b·!y):(. . .)]2A∨2B→2(2A∨2B) x:A∨y:B→(a·!x+b·!y):(x:A∨y:B)

Comparing formatsType (logic) derivation A→B, A ` B

(plain types - propositions)λ-derivation (Curry-Howard) s:(A→B), t:A ` (s·t):B

(plain typed λ-terms, explicit, but no proof iterations allowed)Modal derivation (in S4) 2A∨2B ` 2(2A∨2B)

(provability iterates, but is implicit)Proof polynomial derivation x:A∨y:B ` (a·!x + b·!y):(x:A∨y:B)

(provability is explicit a:(x:A→x:A∨y:B)and iterates freely) b:(y:B→x:A∨y:B)

10

Reflective types

Type derivation:A ` B→A∧B︸ ︷︷ ︸

type

λ-derivation:x:A ` λy.p(x, y):︸ ︷︷ ︸

term

(B→A∧B)︸ ︷︷ ︸type

Reflexive λ-derivation:

u:x:A ` λv.p2(u, v):︸ ︷︷ ︸term

(y:B→p(x, y):(A ∧B))︸ ︷︷ ︸type

Knowledge with justificationsProof polynomials made modal logic explicit (van Benthem Problem)

Joe Halpern: An agent knows the product of two very large prime integers. Inwhat sense does the agent know those primes? Another version: in what sensedoes an agent know all the tautologies?

Research program:Knowledge representation systems on the basis of explicit modal logics

p:F ∼ “p is a justification for F”n:F ∼ “there is a proof of F of length ≤ n”

k:F holds for large k’s but does not hold for “small” k’s

Stability of verificationThe common architecture of verification systems (Davis-Schwartz,1979):

verified rule: 2“premises” ⇒ 2“conclusion”trusted core + extensions by verified rules.

Stability property: “extended system = original system”Godel Incompleteness Theorem yields that stability is not internally verifiable.

Explicit verification mechanism: build a computable function f(x) such thatx:“premises” ⇒ f(x):“conclusion”

11

Theorem: Explicit stability is verifiable

Circumvents Godel’s Incompleteness, covers all known and intended cases, theright language for stability issues

Research program: Explicit reflection mechanisms for verification

Reflection in automated deductionGoal: to build a proof systems matching conciseness as the natural reasoning (ver-ification, formalization of mathematics, programming by extracts, etc.)

Challenge: reflective reasoning“Similar to the previous argument with A instead of B . . .”

Reflection ∼ interpreter of a language in itselfGodel numbering is universal but notoriously inefficientA promising approach: incorporating reflection axiomatically

Research program:Build feasible reflection for major provers (NuPRL, HOL, Coq, etc.).Verify the proof of the Second Godel Incompleteness Theorem(a weak version of a much smaller First Incompleteness Theorem was verified atStanford in the early 1990s).

12

The rest of the lecture plan

1. Truth tables and tautologies2. Hilbert style systems, completeness of the classical propositional logic.3. Brouwer-Heyting-Kolmogorov semantics – “truth tables” for intuitionistic

logic.4. Heyting proof systems, deduction theorem.5. Possible world semantics, soundness. Monotonicity principle.6. Soundness and completeness w.r.t. Kripke semantics.7. Properties of Int.

Propositional formulasLanguage: connectives ∧,∨,→, boolean constant ⊥ (for falsum), variables

p0, p1, p2, . . ..Formulas (inductive definition):

1. ⊥ and p0, p1, p2, . . . are formulas2. If A, B are formulas then (A ∧B), (A ∨B),(A→B) are formulas.

Defined connectives: ¬A is A→⊥, A ↔ B is (A→B) ∧ (B→A), > is⊥→⊥.

Excessive ), ( are omitted using the following precedence convention:¬,∧,∨,→,↔. For example, A∧B→¬C∨D∧A should be read as (A∧B)→((¬C) ∨ (D ∧ A)). Similar connectives are right associative: A → B → Cmeans A→(B→C).

Classical truth tables. We postulate two truth values true and false

(a.k.a. 1 and 0) and assume the following tables:• ⊥ is always false

• A ∧B is true iff A is true and B is true• A ∨B is true iff A is true or B is true• A→B is true iff B is true or A is false (“material implication”)

The (defined) truth tables:• ¬A is true iff A is false

• > is true• A ↔ B is true iff . . .

13

Inductive definition of truth values of a compound formula given truth valuesof atomic formulas, not a definition of connectives!

A given formula F is a tautology iff F is true under all interpretations. Fis satisfiable is F is true under at least one interpretation. An interpretationwhich makes F true is called a model of F .

Lemma F is a tautology iff ¬F is not satisfiable

Detecting a tautology and finding a satisfying interpretation are dual ap-proaches to the same problem.

Proof Systems are algorithms that generate tautologies. A sound proof sys-tem generates only tautology. A complete proof system generates all of them.

Components of Hilbert style proof systemsAxioms is a designated set of formulas.

Rules of inference are designated rules having format

A1, A2, . . . , An

C

where A1, A2, . . . , An are called premises (antecedent) and C the conclusion(succedent) of that rule.

Theorems are generated from axioms by the rules of inference.Hilbert proof systems have many axioms and minimal set of rules. They

are good for specification purposes, but are not very proof friendly. Here weconsider a typical Hilbert proof system.

14

Propositional axioms of classical logic Cl1. A → (B → A)

2. (A → (B → C)) → ((A → B) → (A → C))3. A ∧B → A4. A ∧B → B5. A → (B → (A ∧B))6. A → (A ∨B)7. B → (A ∨B)8. (A → C) → ((B → C) → (A ∨B → C))9. ⊥ → A10. ¬¬A → ARule of inference: Modus Ponens (MP)

A → B, A

B

Example of a derivation (a formal proof)1. (A → ((A → A) → A) → ((A → (A → A)) → (A → A)) (axiom 2)

2. A → ((A → A) → A) (axiom 1)3. (A → (A → A)) → (A → A) (from 1., 2., by MP)4. A → (A → A) (axiom 1)5. A → A (from 3. and 4., by MP)

What an effort to establish such a trivial fact! Are all formal proof sys-tems that bad? Fortunately, it is not the case. There are very efficient andnatural proof systems at our disposal.

Notation: ` F denotes F is derivable, i.e. there is a formal derivation ofF in a given proof system.

15

Derivations from hypothesesLet Γ be a set of formulas. By Γ ` F we denote the fact that F can be

derived from hypotheses Γ. Note that here formulas from Γ are not neces-sarily tautologies!. This is a formalization of hypothetical reasoning when anagent makes assumptions “for the sake of argument” without insisting on itsvalidity.

Example of a derivation from hypotheses A → B, B→C ` A→C

1. A → B (a hypothesis)2. B→C (a hypothesis)3. (B→C)→(A→(B→C)) (axiom 1)4. A→(B→C) (from 2 and 3, by MP)5. (A → B) → ((A → (B→C))→(A→C)) (axiom 2)6. (A → (B→C))→(A→C) (from 1 and 5, by MP)7. A→C (from 4 and 6, by MP)

Soundness of formal proofs

Theorem If ` F then F is a tautology (i.e. F is true under any interpre-tation).

General Theorem If Γ ` F then F is true in any model of Γ.Proof. Let interpretation I be a model of Γ. Suppose also that there is a

derivation of F from hypotheses Γ. Each sentence in such a derivation is either anaxiom, or from Γ, or follows from some other formulas occurring in this derivationearlier. We claim that every sentence in the derivation is true under interpretationI. Indeed, a sentence from Γ is true under I, every axiom is also true under I

since the axiom is a tautology (check it by yourself). The rule of inference ModusPonens when applied to true premises A → B, A produces B which is thus alsotrue under I (truth tables for →!)

16

Some additional rules and facts

Deduction Theorem (DT) Γ, A ` B iff Γ ` A → B.

Before we produce a proof of this theorem, let us try to use it. It improvesthe efficiency of derivations immensely.1. A ` A (by definition of derivations from hypotheses)2. ` A → A (by DT)

1. A → B, B→C, A ` C (MP twice)2. A → B, B→C ` A → C (by DT, from 1)

More examples: de Morgan principle (¬A ∨ ¬B) ↔ ¬(A ∧B)1. A,¬A ` ⊥ (by MP, since ¬A is A → ⊥)

2. B,¬B ` ⊥ (likewise)3. A,B,¬A ` ⊥ (from 1)4. A,B,¬B ` ⊥ (from 2)5. A ∧B,¬A ` ⊥ (given A ∧B derive A,B first)6. A ∧B,¬B ` ⊥ (likewise)7. A ∧B,¬A ∨ ¬B ` ⊥ (by axiom 8)8. ¬A ∨ ¬B ` (A ∧B) → ⊥ (by DT)9. ` (¬A ∨ ¬B) → ((A ∧B) → ⊥) (by DT)10. ` (¬A ∨ ¬B) → ¬(A ∧B) (1/2 of de Morgan)

Proof of the Deduction Theorem.Direction “Γ ` A → B yields Γ, A ` B” is trivial, by MP.We establish “Γ, A ` B yields Γ ` A → B” by induction on (the length of) a

proof of B in Γ, A. There are four possible cases: 1) B ∈ Γ, 2) B is an axiom, 3)B is A, and 4) B follows from earlier sentences in this derivation by MP.

1. If B ∈ Γ, then Γ ` A → B since Γ ` B2. If B is an axiom - likewise3. If B is A, then Γ ` A → B, since Γ ` A → A

4. If B follows from earlier sentences C → B and C in this derivation by MP.By the induction hypothesis, Γ ` A → (C → B) and Γ ` A → C. Using axiom(2) (A → (C → B)) → ((A → C) → (A → B)) by MP twice, we get the desired

17

Γ ` A → B.Note: the above induction provides an efficient algorithm transforming

the proof Γ, A ` B to a proof Γ ` A → B

More rules

• A,B ` A ∧B, by axiom 5 and DT

• ⊥ ` B. Easy, from axiom 9: ⊥→B, by MP.

• A,¬A ` B. Indeed, A,A → ⊥ ` ⊥, by MP, ⊥ ` B, above, thusA,A→⊥ ` B

• B ∨ C,¬B,¬C ` ⊥. Read ¬X as X → ⊥, use axiom(B → ⊥) → ((C → ⊥) → (B ∨ C → ⊥)) and MP three times.

Intuitionism: intended “truth tables” for intuitionistic logic (a.k.a. BHKconditions), an attempt to define implication

• a proof of A∧B consists of a proof of A and a proof of B,• a proof of A∨B is given by presenting either a proof of A or a proof of B,• a proof of A→B is a construction which, given a proof of A returns a proof ofB,• absurdity ⊥ is a proposition which has no proof, ¬A is A→⊥.

Uses unspecified notions of “proof” and “construction”!

Intuitionistic tautology = a formula which is provable regardless of the provabilityof its atoms: A→ A, A ∧ B → A, A→ A ∨ B, A→¬¬A, etc. Heyting (1931):an axiom system Int for propositional intuitionistic logic on basis of this vagueintuition only: skip the double negation principle (axiom 10).

Propositional axioms of classical logic Cl1. A → (B → A)

2. (A → (B → C)) → ((A → B) → (A → C))3. A ∧B → A4. A ∧B → B5. A → (B → (A ∧B))

18

6. A → (A ∨B)7. B → (A ∨B)8. (A → C) → ((B → C) → (A ∨B → C))9. ⊥ → A10. ¬¬A → ARule of inference: Modus Ponens (MP)

A → B, A

B

Propositional axioms of classical logic Int1. A → (B → A)

2. (A → (B → C)) → ((A → B) → (A → C))3. A ∧B → A4. A ∧B → B5. A → (B → (A ∧B))6. A → (A ∨B)7. B → (A ∨B)8. (A → C) → ((B → C) → (A ∨B → C))9. ⊥ → A

Rule of inference: Modus Ponens (MP)

A → B, A

B

What is left? Proof theoretically: Deduction Theorem survives, as doesevery fact which is independent of axiom 10.

Int gives some positive test of the desired ”constructive” meaning. Com-pleteness issue cannot be even stated properly before semantics is made rigid.

Two artificial but very useful semantics, each living its own life now:1. Topological semantics (Stone, 1937; Tarski, 1938)

2. Possible worlds semantics (Kripke, 1965).Int is known to be complete with respect to each of them!

19

Topological semanticsUniverse is a topological space T (think real space Rn). Propositional letters

are evaluated by open subsets of T. Each formula F is thus assigned an open subsett(F ) of T according to the inductive rule: t(⊥) = ∅, t(A ∧ B) = t(A) ∩ t(B),t(A ∨ B) = t(A) ∪ t(B), t(A→B) is interior (t(A) ∪ t(B)) (here X denotes the

complement of X). In particular, t(¬A) is interior (t(A)).A tautology is a formula which is always evaluated T regardless to an evaluation

of its atoms. Examples:t(A→A)= interior (t(A) ∪ t(A)) = interior(T) = T.t(¬A ∨ A) = {interior (t(A))} ∪ t(A) which not necessarily equals T: take T=R,t(A) = (0, 1). Then t(¬A ∨ A) = R− {0, 1}, i.e. a line without two points. Thus¬A ∨A is not an intuitionistic tautology.

Possible Worlds Semantics by Saul Kripke.

Classical logic, propositional and quantified alike, gives a static picture of theworld. A classical interpretation (model) is an assignment of truth values to atomsof the language. Intuitionistic logic can be explained on the basis of the idea of“possible worlds” which can be traced back to Leibniz. The possible worlds uni-verse consists of a collection of classical models W connected by a binary acces-sibility relation a ¹ b “world b is accessible from world a”. In other worlds, thepossible worlds constitute a graph, not necessarily finite. Whereas classical connec-tives operate within individual worlds (i.e. nodes in W ), intuitionstic connectivesreach out to all the worlds accessible from a given one (possible worlds).

Intuitionistic Kripke model is a triple K = (W,¹, |=), where W isa nonempty set (elements of which are called “possible worlds”),¹ a partial order on W (in particular, reflexive, transitive), and |=a monotone truth assignment having form: “world|=formula” suchthat each propositional letter p gets some truth value in any worldfrom W respecting the monotonicity property: if x |= p and x ¹ ythen y |= p.

20

AA

AA

AA

AA

AA

AA

AA

AA

AA

AA

¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢¢

r

r r

AA

AA

AA

AAK

A

A

¢¢¢¢¢¢¢¢

A

The definition of x |= F (read as a formula F is true in a world x, or xforces F ) goes by induction on F : x 6|= ⊥x |= A ∧B iff “x |= A and x |= B”x |= A ∨B iff “x |= A or x |= B”x |= A→B iff “y |= B or y 6|= A” for all y such that x ¹ y(i.e. if x |= A→B holds classically in all accessible worlds).

As in the case of the topological semantics, connectives ∧,∨ behave likein the usual classical semantics in any given world, whereas→ (and thus ¬)refer to all the worlds accessible from a given one.

The important feature of Kripke models for Int is the monotonicity prop-erty of truth assignments:for any formula F if x |= F and x ¹ y then y |= F .

Proof: an easy induction on the complexity of F .

ExampleConsider a three-element “V-shaped” model with W = {0, 1, 2} given by anoriented graph below. According to this graph, 0 ¹ 1, 0 ¹ 2, and neither of1 ¹ 2, 2 ¹ 1, 1 ¹ 0, . . . holds.

21

Notational convention: we label the nodes with propositional vari-ables true at a given node. By default, all variables not listed nextto a node are assumed false at this node. In particular, 1 |= p,2 |= q, 1 6|= q, 2 6|= p, 0 6|= p, 0 6|= q, and all other variables are falseat all nodes.

AA

AA

AA

AAK

0

1

p

¢¢¢¢¢¢¢¢

q

2

r

r r

Question: for each of the formulas p∧q, p∨q, p→q, ¬p, list the nodes wherethis formula is true.

Answer:Formula p∧ q is false at every node. Formula p∨ q is true at 1 and 2, but notat 0. Formula p→ q) is true at 2 and false at 1 (by the usual truth tables).It is false at 0, since it is false at 1, which is accessible from 0. Formula ¬pis false at 1, since 1 |= p.

22

AA

AA

AA

AAK

0

1

p

¢¢¢¢¢¢¢¢

q

2

r

r r

On the other hand, ¬p is true at 2, since 2 is the only node accessible from2 and p is false there. Finally, ¬p is false at 0 since p holds at 1 which isaccessible from 0.

Note, that 0 6|= p and 0 6|= ¬p!. Hence a classical property that either formulaF or its negation ¬F holds at every given world fails: there is the third possi-bility when neither of those formulas holds. This third option corresponds to theinformation state when an agent does not have evidences of F neither evidencesof ¬F .

Definition. A formula F is true in a model K (notation: K |= F ) if Fholds at every node of K. A formula F is valid (in a given class of models)if it is true in every model (of this class).

Soundness TheoremIf Int ` F then F is valid in all intuitionistic Kripke models.

Proof. A pretty straightforward induction on the length of derivationin a given logic. We first prove that axioms are true in every model. Thenwe check that rules when applied to formulas true in all models (of a givenclass) produce a formula true in every such model as well.

To show that ¬¬p→ p is not derivable in Int, it now suffices to build acountermodel K = (W,¹, |=) for this formula. Consider W = {0, 1} with0 ¹ 0, 0 ¹ 1, 1 ¹ 1. Put 0 6|= p and 1 |= p. Clearly, K is a legitimate Intmodel.

23

Moreover, 1 6|= ¬p, since p holds at 1. Likewise, 0 6|= ¬p, since p holds at 1which is accessible from 0. Therefore 0 |= ¬¬p. Since 0 6|= p, 0 6|= ¬¬p→p.

Exercise: find an intuitionistic countermodel for ¬p ∨ p.

Completeness TheoremFor intuitionistic logic Int

` F iff F is valid in all models.

Completeness Theorem (general form)For intuitionistic logic Int

Γ ` F iff F is valid in all models of Γ.The proof of the completeness will be given next time when we will learn

more about advanced proof systems for Int.

Exercise 1.1. Suppose a derivation Γ, A ` B has n lines, i.e. n stepseach of which is either invoking and axiom or a hypothesis from Γ, invokingA, or using the rule Modus Ponens once. Give a reasonable upper bound ofthe number of steps in the derivation Γ ` A→B obtained by applying theproof of the Deduction Theorem above.

Exercise 1.2. Prove that p∨¬p is not valid in the topological semanticsfor intuitionistic logic.

Exercise 1.3. Prove that p→¬¬p is valid in the topological semanticsfor intuitionistic logic.

Exercise 1.4 Prove that p→¬¬p is valid in Kripke semantics for intu-itionistic logic.

Exercise 1.5. Show that Int 6` p∨¬p by finding a countermodel Kripkefor this formula (i.e. find a Kripke model K such that this formula is notforced at some node of K).

Exercise 1.6. Establish the disjunctive property of Int: ` A ∨B yields(` A or ` B).Note that such a property fails for the classical logic where p∨¬p is provable, butneither of p nor ¬p is.

Exercise 1.7. Show that Int is not a three valued logic. In particular,show that the formula (p ↔ q)∨(p ↔ r)∨(p ↔ s)∨(q ↔ r)∨(q ↔ s)∨(r ↔ s)is not derivable in Int.

24

Hint: note, that the fact that Cl is two valued is reflected by the fact that(p ↔ q)∨ (q ↔ r)∨ (p ↔ r) is a tautology, and thus a theorem of Cl). The naturalmeaning of this formula is that for any three propositions p, q, r at least two ofthem are equivalent (have the same truth value). In other words, there are nothree different truth values to pairwise distinguish three propositions. A naturalformal representation of a three valued property of Int would be the provabilityof formula (p ↔ q) ∨ (q ↔ r) ∨ . . . ∨ (p ↔ s) (for all six pairs of p, q, r, s). Shownow that the latter formula is not provable in Int.

Exercise 1.8. Prove Glivenko’s Theorem (embedding the classical logicinto Int): Cl` A iff Int` ¬¬A.

In what sense is this an embedding? In the most natural algorithmic sense:given an oracle (a test, if you wish) for Int we will get an oracle for Cl. The moralhere is that intuitionistic logic emulates the classical one (but not the other wayaround. It takes more than Cl to capture Int).

25