Annals of Pure and Applied Logic 133 (2005) 319338www.elsevier.com/locate/apal
Automated search for Gdels proofs
Wilfried Sieg, Clinton FieldDepartment of Philosophy, Carnegie Mellon University, Pittsburgh, PA, United States
We present strategies and heuristics underlying a search procedure that finds proofs for Gdelsincompleteness theorems at an abstract axiomatic level. As axioms we take for granted therepresentability and derivability conditions for the central syntactic notions as well as the diagonallemma for constructing self-referential sentences. The strategies are logical ones and have beendeveloped to search for natural deduction proofs in classical first-order logic. The heuristics aremostly of a very general mathematical character and are concerned with the goal-directed use ofdefinitions and lemmata. When they are specific to the meta-mathematical context, these heuristicsallow us, for example, to move between the object- and meta-theory. Instead of viewing this workas high-level proof search, it can be regarded as a first step in a proof-planning framework: thenext refining steps would consist in verifying the axiomatically given conditions. Comparisons withthe literature are detailed in Section 4. (The general mathematical heuristics are indeed general: inAppendix B we show that they, together with two simple algebraic facts and the logical strategies,suffice to find a proof of
2 is not rational.)
2004 Elsevier B.V. All rights reserved.
In a genuinely experimental spirit, we extended the intercalation method for proofsearch from pure first-order logic to parts of mathematics by interweaving general logical
This paper is dedicated to Helmut Schwichtenberg who shares our fascination with automated proof searchand who introduced the first author to the intricacies of Gdels arguments (through lectures in Mnster, a longtime ago). Corresponding author. Fax: +1 412 268 1400.
E-mail address: email@example.com (W. Sieg).
0168-0072/$ - see front matter 2004 Elsevier B.V. All rights reserved.doi:10.1016/j.apal.2004.10.014
320 W. Sieg, C. Field / Annals of Pure and Applied Logic 133 (2005) 319338
strategies with specific mathematical heuristics. The guiding question for our investigationwas: What is needed, in addition to purely logical considerations, for finding proofsof significant theorems in a fully automated way? We answer the question for Gdelsincompleteness theorems . When proved at an abstract axiomatic level they lendthemselves naturally to such an investigation; they have intricate, yet not overwhelminglydifficult proofs, and they are obviously significant. During the academic years 197577, thefirst author had taken steps towards establishing them interactively. That work was done fora computer-based course on Elementary Proof Theory; a detailed report was given in and a brief summary in .
Elementary Proof Theory presented the incompleteness theorems for ZF, that isZermeloFraenkel set theory without the axiom of infinity; see, for example, . Its majorinnovation consisted in carrying out the meta-mathematical work in a formal theory ofbinary trees and elementary inductive definitions, called TEM.1 Without the detour of theirarithmetization, the inductively given syntactic notions were shown to be representable inZF; the diagonal lemma was established and the proof of the HilbertBernays derivabilityconditions, central for the second theorem, was sketched. Within that high-level frameworkthe standard material on the incompleteness theorems is compact and the proofs are direct.It was natural to ask, whether the proofs can be found via an appropriate extension of theintercalation method.
The arguments for the incompleteness theorems are carried out in the first-order theoryTEM: instead of viewing syntactic objects as (having been coded as) natural numbers, weconsider them as finitely branching trees; instead of defining syntactic notions recursively,we specify them by elementary inductive definitions, briefly, by eids. In the language ofTEM we have the constant S for the empty tree and the function symbol [ , ] for the binaryoperation of building a tree from two given ones. We use X , Y , Zpossibly with indicesas variables ranging over binary trees. The axioms for S and [ , ] are formulated in analogyto those of DedekindPeano arithmetic for zero and successor. The further axioms of TEMinclude the induction principle for binary trees, and closure and minimality conditions forthe eids. Instead of discussing these axioms in generality the details do not matter forthe current project we specify some definitions that are actually needed to characterizethe formal theory for which the incompleteness theorems are to be proved.
The theory to be considered is ZF, Zermelo and Fraenkels theory of sets without theaxiom of infinity. The details of its axiomatic formulation do not matter either for thecurrent project. Let us assume that it is formulated in a first-order language with x , y, z possibly with indices as variables ranging over sets. To indicate the general characterof eids we specify the generating clauses of the familiar notion of a formula (taking forgranted the concepts of atomic formula and of variable); @ stands for any binary sententialconnective, Q for the existential or universal quantifier:If X is an atomic formula, X is a FORMULA;If X is a FORMULA, [, X] is a FORMULA;If X is a FORMULA and Y is a FORMULA, [@, [X, Y ]] is a FORMULA;If X is a variable and Y is a FORMULA, [[Q, X], Y ] is a FORMULA.
1 TEM abbreviates Theory for Elementary Meta-Mathematics. Feferman systematically investigates in hispapers  and  the use of finitary inductive definitions in meta-mathematics.
W. Sieg, C. Field / Annals of Pure and Applied Logic 133 (2005) 319338 321
We write also FORM(X) for X is a FORMULA. TEM contains for such eids aclosure and a minimality principle. The first principle asserts that FORM is closed underthe above clauses and is expressed by
FOR ALL X (if A(FORM, X) then FORM(X)).2
The minimality principle claims that FORM is the smallest such class. This isapproximated in first-order logic by the usual principle of induction for formulas:
If FOR ALL X (if A(P, X) then P(X))then FOR ALL X (if FORM(X) then P(X)).
Formulas are binary trees built up from the empty tree using pairing. In a similar way onecan generate inductively the relation X is a proof of Y from assumptions Z1, . . . , Zn orfrom a (n inductively generated) class of axioms; if X is a proof of Y using axioms of ZF,this relation is denoted by PROOF(X, Y ). To indicate that there is a ZF-proof for Y , wewrite ZF|-(Y ), ZF|-Y or THEO(Y ).
Using the constant and the set-theoretic pairing operation < ,> one can build upterms in the language of ZF whose parse trees are isomorphic to the binary trees; theyare used as names for the meta-mathematical trees in the same way as numerals inDedekindPeano arithmetic are used as names for natural numbers. With every meta-mathematical tree we can directly associate its set-theoretic name or code: CODE(S) = and CODE([X, Y ]) = . We also write |_X_| for CODE(X) orindicate it by X. This is the apparatus needed to formulate the representability conditionsfor the syntactic notions. We give them paradigmatically for FORM and PROOF:
If FORM(X) then ZF|- form(X), andIf NOT FORM(X) then ZF|- form(X);
form is a formula in the language of set theory for which these conditions are provablein TEM. Similarly, there is a formula proof in the language of ZF that represents theproof relation PROOF:
If PROOF(X, Y ) then ZF|- proof(X, Y), andIf NOT PROOF(X, Y ) then ZF|- proof(X, Y).
Using the first representability condition for PROOF one can establish:
If THEO(Y ) then ZF|- theo(Y),where theo(y) abbreviates (Ex) proof(x, y).3 Finally, we will use the Self-referenceLemma (or Diagonal Lemma) in the form: if F is a formula in the language of set
2A(P, X) is obtained from the generating clauses; it is the disjunction of the following TEM-formulas: (i) Xis atomic; (ii) (X)0 is and P((X)1); (iii) (X)0 is @ and P(((X)1)0) and P(((X)1)1); (iv) ((X)0)0 is Q and((X)0)1 is a variable and P((X)1). P can be viewed as either a meta-variable over TEM-formulas or as a freesecond-order variable; under the second reading we have an appropriate substitution rule in the logical calculusfor TEM.
3 The existential quantifier here is E , rather than the standard symbol , to reflect the notation used for ZF inAPROS. In addition, the universal quantifier is A.
322 W. Sieg, C. Field / Annals of Pure and Applied Logic 133 (2005) 319338
theory (with one free variable), then there is a sentence DF in that very language suchthat ZF proves (DFF(DF)). Applied to the formula theo(y), the self-referencelemma yields the Gdel sentence G that expresses its own unprovability, i.e., ZF proves(Gtheo(G)).
With this systematic background it is not difficult to prove that G is not provable inZF assuming, of course, that ZF is consistent. So let us assume in order to obtaina contradiction that ZF proves G; then, by the diagonal lemma concerning G, ZFproves theo(G). On the other hand, by the (semi-) representability of THEO, we caninfer from the fact that ZF proves G, that ZF establishes theo(G). Thus, ZF proves boththeo(G) and theo(G), and we have obtained a contradiction! The independence of Grequires a proof that G is not provable either; for that a stronger assumption concerningZF, stronger than mere consistency, has to be made. Gdel used for that purpose the notionof -consistency; the corresponding concept for the context of our meta-mathematical set-up is -consistency, thinking of as the class of (sets denoted by codes for) binary trees.ZF is -consistent is defined by the condition: there is no formula F(y) such that ZFproves (Ey) ( (y) & F(y)) and also F(Y) for all Y ; or equivalently, for all formulasF(y), if ZF proves F(Y) for all Y , then ZF does not prove (Ey) ( (y) & F(y)).
Assuming that ZF is -consistent, we show now that ZF does not prove the negationof the Gdel sentence G. By what we established already (and the fact that -consistencyimplies ordinary consistency) we know that
FOR ALL X : NOT PROOF(X, G);the representability of PROOF implies
FOR ALL X : ZF|- proof(X, G).But then the -consistency of ZF ensures
NOT ZF|- (Ey) proof(y, G).As the formula (Ey) proof(y, G) is abbreviated by theo(G), we can use the self-referencelemma for G to infer that this formula is in ZF provably equivalent to G. Thus,NOT ZF|-(G), and the independence of G from ZF has been established.
Given the axiomatic context provided by the representability of PROOF and THEOand the self-reference lemma applied to theo(y), the proofs are direct, yet intricate. Totake a first step towards describing the search algorithm that finds proofs of these andrelated theorems, we present briefly the basic ideas underlying the intercalation method forclassical logic; for the theoretical underpinnings we refer to Sieg , Sieg and Byrnes and Byrnes . We should emphasize at this point that, in our view, logical formalityper se does not facilitate the finding of proofs. However, logic within a natural deductionframework does help to bridge the gap between assumptions and conclusions by suggestingvery rough structures for arguments, i.e., logical structures that depend solely on thesyntactic form of assumptions and goals. This role of logic, though modest, is the crucialstarting-point for moving up to subject-specific considerations that support a theorem. Inthe case study at hand we will show, how far these logical considerations go, and how theycan be extended quite naturally by the leading mathematical ideas underlying Gdelsproofs.
W. Sieg, C. Field / Annals of Pure and Applied Logic 133 (2005) 319338 323
2. Intercalation: broad strategies & special heuristics
The intercalation method is a proof search procedure that is goal-directed and guidedby the possibly expanding syntactic context of the problem at hand. In first-order logicit is a complete procedure and a basis for broad logical strategies. The fundamentalidea is straightforward. In order to bridge the gap between premises A1, . . . , An and agoal B , one applies systematically the rules of the natural deduction calculus, i.e., theelimination rules are applied only from above, whereas the introduction rules are invertedand applied from below. Such systematic applications of the rules generate a searchspace that either contains a proof of B from the assumptions A1, . . . , An or provides asemantic counterexample to the claim that B is a logical consequence of A1, . . . , Antertium non datur; in addition, proofs contained in the search space are necessarily normal.The argument for this sharpened completeness theorem provides a method for searchingdirectly for normal proofs; indeed, it yields also a semantic argument for normal formtheorems in natural deduction. Such arguments concerning classical first-order logic werefirst given in , later also for intuitionistic logic and some modal logics in collaborationwith Cittadini in .
Normal proofs satisfy a similar subformula property as cut-free derivations in thesequent calculus. That, of course, allows a restriction of the systematic search and is basicfor broad strategies underlying our proof search: (i) extracting B via elimination rulesifB is a strictly positive subformula of an assumption, (ii) sub-goaling via the appropriateinverted introduction ruleif B is a logically complex formula, (iii) refuting B via therules for negationif B is a negation or an atomic formula and if an appropriate pairof contradictory formulas is available. In the latter case there must be a negation thatis a strictly positive subformula of an assumption. It is evident that direct proof searchis strongly and naturally constrained by the syntactic context of the problem, as onlyparticular subformulas can be intercalated between assumptions and goals.
With these logical strategies in the background let us return to the proof of the firstpart of the first incompleteness theorem and examine, how the intercalation method mightfind it with a little help (when pure logic is unable to proceed any further). So we beginwith the goal NOT (ZF|-(G)) and the premise ZFCONS. We also have a definition anda lemma available, namely, the definition
ZFCONS IFF NOT [ZF|-(G) AND ZF|-(G)]and the consequence of the diagonal lemma for theo(x), i.e.,
The goal cannot be extracted from the premises. Thus, the algorithm proceeds indirectlywith the assumption ZF|-(G) and needs a pair of contradictory formulas as new goals.
4 We could have chosen one of the more general formulations of consistency, for example,NOT (EXISTS X)(ZF|-(X) AND ZF|-(X)). The quantificational search in the SH-expansion (see )would find the appropriate instance quickly.
324 W. Sieg, C. Field / Annals of Pure and Applied Logic 133 (2005) 319338
However, no negation occurs as...