not (not p and q) -> p or (not q)
Q: Is this formula true or false?
A: True.
Q: How did you know that?
A: De Morgan’s Law. Start with an axiom and use it to prove something about this case. Or we could draw the truth table to check all values of p and q. Or we could use a SAT solver
Q: What would you feed a SAT solver to see if this formula is always true?
A: Negate the formula and see if it’s ever possible to make that true. Effectively, look for a counterexample to the formula.
These are all called Model Theoretic Approaches
All of these strategies center around finding satisfying instances, counterexamples, full search of the solution space, etc.
Q: What is a proof?
A: Starting with a series of assumptions, a set of logical steps, and then a conclusion
A: A convincing argument that some claim is true
25 x^2 - 8 = 1
Q: How do we solve for x?
25 x^2 = 9 – add 8 to both sides
x^2 = 9 / 25 – divide both sides by 25
x = sqrt(9 / 25) – take square root of both sides
x = sqrt(9) / sqrt(25) – some rule about simplifying square roots of fractions that probably has a name?
x = (+/- 3) / (+/- 5) – arithmetic
This proof is a sequence of steps, and the justification for the transformation between each step. Thus, it can be checked by checking that each rule is applied correctly, and the result is correct.
Are there similar rules for manipulating logical expressions?
De Morgan’s Law (1): not (p and q) -> not p or not q
Is this enough to prove the formula we started with?
not (not p and q) -> p or (not q)
not ((not p) and q) -> not (not p) or not q
Now we need a rule to transform not (not p) into p in order to finish the proof
Completeness in proof theoretic world: A set of axioms that is enough to prove any claim (that can be proven)
Soundness: You cannot prove anything that is not true using the set of axioms
We could take the set of all axioms, and that would be sound and complete. However, it would be really hard to work with because it’s so big.
We want to find a minimal set of axioms that is both sound and complete.
Suppose you have to formulas A and B that are always true.
A B
_______ (and introduction)
A and B
The above says that from A and B, you can conclude A and B
Here, we are only modifying the syntax. We are not dealing with the semantics
So even though the above axioms seems really obvious to us, we still need the axiom because the computer doesn’t understand the formulas, it is just manipulating the syntax.
.
A B
_______ (and introduction)
A and B
A and B A and B
_______ (and elim 1) _________ (and elim 2)
A B
A A -> B
____________ (implication elimination)
B
not not A
__________ (double negative elimination)
A
A B
_______ (or intro 1) ________ (or intro 2)
A or B A or B
A or B [A...C] [B...C] // [A...C] = side proof that concludes C from assuming A
______________________ (or elim)
C
[A...B]
_______ (implication introduction)
A -> B
[A...⊥] // ⊥ = bottom symbol = False
_______ (not introduction)
not A
A not A
_________ (not elimination)
⊥ // contradiction
Soundness is easier to prove than completeness. For soundness, we just need to show that each rule is sound. For completeness, it is much more complicated.
For example, Alloy’s completeness proof was someone’s PhD thesis. Wait, but Alloy isn’t complete. How does it have a completeness proof?