Completeness of the proof checking algorithm

In this section we will present two completeness theorems about the proof check-ing algorithm, analogous to the two soundness theorems from section 6.3.2, i.e.

one theorem linking the algorithm toPLsemantics and one to PTLsemantics.

More precisely, the completeness theorems hold under the assumption that the prover in the proof checking algorithm has a certain minimal proving power.

The first completeness theorem establishes that for every validPL entailment there is a PTL text that proves this entailment and that will be successfully checked by the algorithm. The second completeness theorem establishes that for every validPTL formula there is a PTL text that proves this formula and that will be successfully checked by the algorithm.

First we need to define the minimal proving power that the first completeness theorem requires from the prover. In this definition as well as in the proof of the first completeness theorem, we will refer to a restricted version of PL, in which the only connectives are→and¬, the only logical constant is⊥and the only quantifier is∃, and which we call PL¬,→,⊥,∃.

Definition 6.4.1. A prover P is called sufficiently strong if it satisfies the following properties:

1. There is some translation functiontfrom PLformulae to PL_{¬,→,⊥,∃} for-mulae with the following three properties:

ˆ For anyPLformulae Φ,t(Φ) is logically equivalent to Φ.

ˆ If Φ is aPLformula such thatt(Φ)∈Γ, thenP(Γ`^?Φ) = 1.

ˆ If Φ is aPLformula such that Φ∈Γ, thenP(Γ`^?t(Φ)) = 1.

2. If Γ is a premise list and a Φ is a PLformula such that (¬Φ→ ⊥)∈Γ, thenP(Γ`^?Φ) = 1.

3. If Φ∈Γ and ¬Φ∈Γ, thenP(Γ`^?⊥) = 1.

4. If Φ → ∃_hv1,...,vni (Ψ1∧. . .∧Ψn) ∈ Γ and Ψn does not contain free occurrences of v₁, . . . , v_n, thenP(Γ`^?(Φ→Ψ_n)) = 1.

5. If (Φ→Ψ)∈Γ and Φ∈Γ, thenP(Γ`^?Ψ) = 1.

6. IfT is aPLterm and Ψ1T x,Ψ2T

x,Ψ3T

x ∈Γ, thenP(Γ`^?∃_hxi(Ψ1∧Ψ2∧ Ψ3)) = 1.

6.4. COMPLETENESS OF THE PROOF CHECKING ALGORITHM 151 7. If∃_hxiΦ∈Γ, thenP(Γ`^?∃_hviΦ^v_x) = 1.

8. IfT is aPLterm, thenP(Γ`^?T =T) = 1.

9. IfT₁=T₂∈Γ and Φ^T_x¹ ∈Γ, thenP(Γ`^?Φ^T_x²) = 1.

10. If∀_hv1,...,vni(Ψ₁∧. . .∧Ψ_n ↔ Φ)∈ Γ and T₁, . . . , T_n are PLterms such that T₁ 6= u, . . . , T_n 6= u, Ψ₁^T_v¹

1 . . .^T_vⁿ

n, . . . , Ψ_n^T_v¹

1 . . .^T_vⁿ

n are in Γ, then P(Γ`^?Φ^T_v¹

1 . . .^T_vⁿ

n) = 1.

Definition 6.4.2. Given a proverP and a PTLtextθ, we writecheckP(θ) for the resultcheck(θ) of applying the proof checking algorithm with proverP toθ.

For the first completeness theorem, we would like to state that if Φ1, . . . ,Φk |= Ψ and P is a sufficiently strong prover, then there is a PTL textθ such thatcheckP(L; Φ1, . . . ,Φk `θΨ) =>. But there is a problem with this wording: In the definition of L; Φ1, . . . ,Φk `θ Ψ, we have Φ⁰₁∧. . .∧Φ⁰_k among the assumptions on the left hand side of the main → operator. This basically means that we may assume Φ⁰₁, . . . , Φ⁰_k to be true before looking at the thm(thm,Ψ⁰, θ) on the right hand side of that →. But we have to show that the presuppositions of Φ⁰₁, . . . , Φ⁰_k are fulfilled before we may assume them to be true. There presuppositions amount from function applications involv-ing the function and relation symbols of L, which are assumed to be defined on urelements and to return urelements. Based on these assumptions, the pre-suppositions of Φ⁰₁, . . . , Φ⁰_k are actually always fulfilled. But to ensure that a prover with the above defined minimal proving power can prove that these presuppositions are fulfilled, we have to give to the prover some intermediate reasoning steps. In order to do this, we do not work withPTLtexts of the form L; Φ₁, . . . ,Φ_k `<sub>θ</sub>Ψ as defined previously, but withPTLtexts of a similar form, denotedL;ξ; Φ1, . . . ,Φk `θΨ, with the following definition:

Definition 6.4.3. LetLbe aPLlanguage, let Φ₁, . . . ,Φ_kand Ψ beL-formulae and letξ and θbe PTL texts. Then we define L;ξ; Φ₁, . . . ,Φ_k `_θ Ψ to be the followingPTLtext:

∃c1 U(c1)∧. . .∧ ∃cl U(cl)∧Fk₁(f₁^k1)∧. . .∧Fk_m(f_m^km)∧

R_k⁰

1(R^k

0 1

1 ) ∧ . . . ∧ R_k⁰

n(R^k

0

nn) → (ξ ∧ (Φ⁰₁ ∧ . . . ∧ Φ⁰_k → thm(thm,Ψ⁰, θ))).

(6.28)

Here theξgives us the possibility to add intermediate reasoning steps needed for proving the presuppositions of Φ⁰₁, . . . , Φ⁰_k. One can easily see that ifξ=>, thenL;ξ; Φ1, . . . ,Φk `θΨ is equivalent toL; Φ1, . . . ,Φk`θΨ.

For proving the completeness theorems, we will make use of the completeness of a certain system of natural deduction forPL_{¬,→,⊥,∃}. More precisely, it is a system of natural deduction with variable declaration (see Velleman, 2006). This means that it has special proof lines for declaring variables, and that a variable vmay only appear freely in a formulaϕifϕis inside the scope of a declaration ofv.

This system of natural deduction has eight rules:

¬Φ→ ⊥

Φ proof by contradiction Φ ¬Φ

⊥ ¬-elimination

Φ..

..

Ψ

Φ→Ψ →-introduction Φ→Ψ Φ

Ψ →-elimination Φ^T_x

∃xΦ Φ^v_x

∃-introduction ∃xΦ Declare: v

Φ_x^v

∃-elimination

T =T =-introduction

T1=T2 Φ^T_x¹

Φ^T_x² =-elimination

Velleman (2006) sketches a completeness proof for such a system of natural deduction with variable declaration. He actually defines a system which has both existential and universal quantifiers, but the universal quantifiers play no role in his completeness proof, so that the proof goes through without them.

Additionally, he is not precise about which connectives and which rules for the connectives he presupposes, but one can easily check that the above set is sufficient for his completeness proof to go through.

We still need two definitions and one lemma before presenting the first com-pleteness theorem:

Definition 6.4.4. Given a PTL text ϕ, we let PL(ϕ) denote the PLformula generated from ϕ by replacing every term t occurring in ϕas an argument of a logical relation symbol by PL(t), replacing every other termt occurring inϕ without being a proper subterm of an occurrence of a term in ϕ by PL(t) =

>, dropping all occurrences of 3 and relativizing all quantifiers to 6= u (i.e.

recursively replacing∃x ψ by∃x(x6=u∧ψ)).

Lemma 6.4.5. Let L be a PL language. For every L-formula Φ, there is a listhT1, . . . , T_niofL-terms that includes all terms occurring inΦand such that every term T_i in this list is either a variable, a constant symbol or of the form f(T_i1, . . . , T_ik)for somek-ary function symbolf ofL andi₁, . . . , i_k < i.

Proof. Trivial from the recursive definition ofL-term.

Definition 6.4.6. Given a situation as in the above lemma, we callht1, . . . , tni a list of the terms inΦordered by term construction.

We are now ready to present and prove the first completeness theorem, which links the proof checking algorithm toPLsemantics:

Theorem 6.4.7. Suppose that Lis a PL language and that Φ1, . . . ,Φk,Ψ are L-formulae such that Φ1, . . . ,Φk |= Ψ. Let P be a sufficiently strong prover.

Then there are PTL textsξandθsuch that checkP(L;ξ; Φ1, . . . ,Φk`θΨ) =>.

Proof. LetT1, . . . , Tn be a list of the terms in Φ⁰₁∧ · · · ∧Φ⁰_k∧Ψ ordered by term construction. Nowξis defined to beU(T1) &. . .&U(Tn).

By the completeness of the above natural deduction calculus, there is a natural deduction derivationD oft(Φ1), . . . ,t(Φk)`t(Ψ). The idea is that we

6.4. COMPLETENESS OF THE PROOF CHECKING ALGORITHM 153

Im Dokument Proof-checking mathematical texts in controlled natural language (Seite 164-167)