This page intentionally left blank

A First Course in Logic An introduction to model theory, proof theory, computability, and complexity

SHAWN HEDMAN Department of Mathematics, Florida Southern College

1

3

Great Clarendon Street, Oxford OX2 6DP Oxford University Press is a department of the University of Oxford. It furthers the University’s objective of excellence in research, scholarship, and education by publishing worldwide in Oxford New York Auckland Cape Town Dar es Salaam Hong Kong Karachi Kuala Lumpur Madrid Melbourne Mexico City Nairobi New Delhi Shanghai Taipei Toronto With oﬃces in Argentina Austria Brazil Chile Czech Republic France Greece Guatemala Hungary Italy Japan Poland Portugal Singapore South Korea Switzerland Thailand Turkey Ukraine Vietnam Oxford is a registered trade mark of Oxford University Press in the UK and in certain other countries Published in the United States by Oxford University Press Inc., New York c Oxford University Press 2004 The moral rights of the author have been asserted Database right Oxford University Press (maker) First published 2004

Reprinted (with corrections) 2006 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of Oxford University Press, or as expressly permitted by law, or under terms agreed with the appropriate reprographics rights organization. Enquiries concerning reproduction outside the scope of the above should be sent to the Rights Department, Oxford University Press, at the address above You must not circulate this book in any other binding or cover and you must impose the same condition on any acquirer A catalogue record for this title is available from the British Library Library of Congress Cataloging in Publication Data Data available Typeset by Newgen Imaging Systems (P) Ltd., Chennai, India Printed in Great Britain on acid-free paper by Biddles Ltd., King’s Lynn, Norfolk ISBN 0–19–852980–5 (Hbk) ISBN 0–19–852981–3 (Pbk) 10 9 8 7 6 5 4 3 2

To Julia

This page intentionally left blank

Acknowledgments Florida Southern College provided a most pleasant and hospitable setting for the writing of this book. Thanks to all of my friends and colleagues at the college. In particular, I thank colleague David Rose and student Biljana Cokovic for reading portions of the manuscript and oﬀering helpful feedback. I thank my colleague Mike Way for much needed technological assistance. This book began as lecture notes for a course I taught at the University of Maryland. I thank my students and colleagues in Maryland for their encouragement in beginning this project. The manuscript was prepared using the MikTex Latex system with a GNU Emacs editor. For the few diagrams that were not produced using Latex, the Gimp was used (the GNU Image Manipulation Program). I would like to thank the producers of this software for making it freely available. I cannot adequately acknowledge all those who have shaped the subject and my understanding of the subject contained within these pages. For the many names of logicians and mathematicians mentioned in the book, I fear there are many deserving names that I have left out. My apologies to those I have slighted in this respect. Many people, through books and personal interaction, have inﬂuenced my presentation of the subject. The books are included in the bibliography. Of my teachers, two merit special mention. I thank John Baldwin and David Marker at the University of Illinois at Chicago from whom I learned so much not so long ago. It is my hope that this book should lead readers to their outstanding books on Stability Theory and Model Theory. Most importantly, I must acknowledge my wife Julia and our young children Max and Sabrina. From Sabrina’s perspective, this book has been a life-long project. To Julia and Max, it may have seemed like a lifetime. It is to Julia that I owe the greatest debt of gratitude. Without Julia’s enduring patience, eﬀort, and support, this book certainly would not exist.

This page intentionally left blank

Contents

1

Propositional logic 1.1 1.2 1.3 1.4 1.5

1.6 1.7 1.8

1.9 2

What is propositional logic? Validity, satisﬁability, and contradiction Consequence and equivalence Formal proofs Proof by induction 1.5.1 Mathematical induction 1.5.2 Induction on the complexity of formulas Normal forms Horn formulas Resolution 1.8.1 Clauses 1.8.2 Resolvents 1.8.3 Completeness of resolution Completeness and compactness

1 1 7 9 12 22 23 25 27 32 37 37 38 40 44

Structures and ﬁrst-order logic

53

2.1 2.2 2.3 2.4

53 54 57 66 66 69 70 72 73 79 80 83 86 89

2.5 2.6

2.7

The language of ﬁrst-order logic The syntax of ﬁrst-order logic Semantics and structures Examples of structures 2.4.1 Graphs 2.4.2 Relational databases 2.4.3 Linear orders 2.4.4 Number systems The size of a structure Relations between structures 2.6.1 Embeddings 2.6.2 Substructures 2.6.3 Diagrams Theories and models

x

3

Contents

Proof theory 3.1 3.2

3.3

3.4

3.5 3.6 4

100 109 109 111 113 113 116 118 120 121 124 128 137

Properties of ﬁrst-order logic

147

4.1 4.2

147 152 153 156 161 163 170 174 175 179 183 189

4.3 4.4 4.5

4.6 4.7 5

Formal proofs Normal forms 3.2.1 Conjunctive prenex normal form 3.2.2 Skolem normal form Herbrand theory 3.3.1 Herbrand structures 3.3.2 Dealing with equality 3.3.3 The Herbrand method Resolution for ﬁrst-order logic 3.4.1 Uniﬁcation 3.4.2 Resolution SLD-resolution Prolog

99

The countable case Cardinal knowledge 4.2.1 Ordinal numbers 4.2.2 Cardinal arithmetic 4.2.3 Continuum hypotheses Four theorems of ﬁrst-order logic Amalgamation of structures Preservation of formulas 4.5.1 Supermodels and submodels 4.5.2 Unions of chains Amalgamation of vocabularies The expressive power of ﬁrst-order logic

First-order theories

198

5.1 5.2 5.3

199 205 211 211 214 216 221 222 228 233 239

5.4 5.5

5.6 5.7

Completeness and decidability Categoricity Countably categorical theories 5.3.1 Dense linear orders 5.3.2 Ryll-Nardzewski et al. The Random graph and 0–1 laws Quantiﬁer elimination 5.5.1 Finite relational vocabularies 5.5.2 The general case Model-completeness Minimal theories

Contents

5.8 5.9 6

267

6.1 6.2 6.3

267 271 275 276 277 279 280 281 285 286 289 290

6.5 6.6 6.7

Types Isolated types Small models of small theories 6.3.1 Atomic models 6.3.2 Homogeneity 6.3.3 Prime models Big models of small theories 6.4.1 Countable saturated models 6.4.2 Monster models Theories with many types The number of nonisomorphic models A touch of stability

Computability and complexity

299

7.1

301 302 307 309 312 316 320 327 332 332 335 337 338 344 347 348

7.2 7.3 7.4 7.5 7.6

7.7

7.8 8

247 257

Models of countable theories

6.4

7

Fields and vector spaces Some algebraic geometry

xi

Computable functions and Church’s thesis 7.1.1 Primitive recursive functions 7.1.2 The Ackermann function 7.1.3 Recursive functions Computable sets and relations Computing machines Codes Semi-decidable decision problems Undecidable decision problems 7.6.1 Nonrecursive sets 7.6.2 The arithmetic hierarchy Decidable decision problems 7.7.1 Examples 7.7.2 Time and space 7.7.3 Nondeterministic polynomial-time NP-completeness

The incompleteness theorems

357

8.1 8.2 8.3 8.4 8.5 8.6

358 362 370 374 380 383

Axioms for ﬁrst-order number theory The expressive power of ﬁrst-order number theory G¨ odel’s First Incompleteness theorem G¨ odel codes G¨ odel’s Second Incompleteness theorem Goodstein sequences

xii

9

10

Contents

Beyond ﬁrst-order logic

388

9.1 9.2 9.3 9.4

388 392 395 400

Second-order logic Inﬁnitary logics Fixed-point logics Lindstr¨ om’s theorem

Finite model theory

408

10.1 10.2 10.3 10.4

408 412 417 423

Finite-variable logics Classical failures Descriptive complexity Logic and the P = NP problem

Bibliography

426

Index

428

Preliminaries What is a logic? A logic is a language equipped with rules for deducing the truth of one sentence from that of another. Unlike natural languages such as English, Finnish, and Cantonese, a logic is an artiﬁcial language having a precisely deﬁned syntax. One purpose for such artiﬁcial languages is to avoid the ambiguities and paradoxes that arise in natural languages. Consider the following English sentence. Let n be the smallest natural number that cannot be deﬁned in fewer than 20 words. Since this sentence itself contains fewer than 20 words, it is paradoxical. A logic avoids such pitfalls and streamlines the reasoning process. The above sentence cannot be expressed in the logics we study. This demonstrates the fundamental tradeoﬀ in using logics as opposed to natural languages: to gain precision we necessarily sacriﬁce expressive power. In this book, we consider classical logics: primarily ﬁrst-order logic but also propositional logic, second-order logic and variations of these three logics. Each logic has a notion of atomic formula. Every sentence and formula can be constructed from atomic formulas following precise rules. One way that the three logics diﬀer is that, as we proceed from propositional logic to ﬁrst-order logic to second-order logic, there is an increasing number of rules that allow us to construct increasingly complex formulas from atomic formulas. We are able to express more concepts in each successive logic. We begin our study with propositional logic in Chapter 1. In the present section, we provide background and prerequisites for our study.

What is logic? Logic is deﬁned as the study of the principles of reasoning. The study of logics (as deﬁned above) is the part of this study known as symbolic logic. Symbolic logic is a branch of mathematics. Like other areas of mathematics, symbolic logic ﬂourished during the past century. A century ago, the primary aim of symbolic logic was to provide a foundation for mathematics. Today, foundational studies are just one part of symbolic logic. We do not discuss foundational issues in this

xiv

Preliminaries

book, but rather focus on other areas such as model theory, proof theory, and computability theory. Our goal is to introduce the fundamentals and prepare the reader for further study in any of these related areas of symbolic logic. Symbolic logic views mathematics and computer science from a unique perspective and supplies distinct tools and techniques for the solution of certain problems. We highlight many of the landmark results in logic achieved during the past century. Symbolic logic is exclusively the subject of this book. Henceforth, when we refer to “logic” we always mean “symbolic logic.”

Time complexity Logic and computer science share a symbiotic relationship. Computers provide a concrete setting for the implementation of logic. Logic provides language and methods for the study of theoretical computer science. The subject of complexity theory demonstrates this relationship well. Complexity theory is the branch of theoretical computer science that classiﬁes problems according to how diﬃcult they are to solve. For example, consider the following problem: The Sum 10 Problem: Given a ﬁnite set of integers, does some subset add up to 10? This is an example of a decision problem. Given input as speciﬁed (in this case, a ﬁnite set of integers) a decision problem asks a question to be answered with a “yes” or “no.” Suppose, for example, that we are given the following set as input: {−26, −16, −12, −8, −4, −2, 7, 8, 27}. The problem is to decide whether or not this set contains a subset of numbers that add up to 10. One way to resolve this problem is to check every subset. Since 10 is not in our set, such a subset must contain more than one number. We can check to see if the sum of any two numbers is 10. We can then check to see if the sum of any three numbers is 10, and so forth. This method will eventually provide the correct answer to the question, but it is not eﬃcient. We have 29 = 512 subsets to check. In general, if the input contains n integers, then there are 2n subsets to check. If the input set is large, then this is not feasible. If the set contains 23 numbers, then there are more than 8 million subsets to check. Although this is a lot of subsets, this is a relatively simple task for a computer. If, however, there are more than, say, 100 numbers in the input set, then, even for the fastest computer, the time required to check each subset exceeds the lifespan of earth.

Preliminaries

xv

Time complexity is concerned with the amount of time it takes to answer a problem. To answer a decision problem, one must produce an algorithm that, given any suitable input, will result in the correct answer of “yes” or “no.” An algorithm is a step-by-step procedure. The “amount of time” is measured by how many steps it takes to reach the answer. Of course, the bigger the input, the longer it will take to reach a conclusion. An algorithm is said to be polynomialtime if there is some number k so that, given any input of size n, the algorithm reaches its conclusion in fewer than nk steps. The class of all decision problems that can be solved by a polynomial-time algorithm is denoted by P. We said that complexity theory classiﬁes problems according to how diﬃcult they are to solve. The complexity class P contains problems that are relatively easy to solve. To answer the Sum 10 Problem, we gave the following algorithm: check every subset. If some subset adds up to 10, then output “yes.” Otherwise, output “no.” This algorithm is not polynomial-time. Given input of size n, it takes at least 2n steps for the algorithm to reach a conclusion and, for any k, 2n > nk for suﬃciently large n. So this decision problem is not necessarily in P. It is in another complexity class known as NP (nondeterministic polynomial-time). Essentially, a decision problem is in NP if a “yes” answer can be obtained in polynomial-time by guessing. For example, suppose we somehow guess that the subset {−26, −4, −2, 7, 8, 27} sums up to 10. It is easy to check that this guess is indeed correct. So we quickly obtain the correct output of “yes.” So the Sum 10 Problem is in NP. It is not known whether it is in P. The algorithm we gave is not polynomial-time, but perhaps there exists a better algorithm for this problem. In fact, maybe every problem in NP is in P. The question of whether P = NP is not only one of the big questions of complexity theory, it is one of the most famous unanswered questions of mathematics. The Clay Institute of Mathematics has chosen this as one of its seven Millennium Problems. The Clay Institute has put a bounty of one million dollars on the solution for each of these problems. What does this have to do with logic? Complexity theory will be a recurring theme throughout this book. From the outset, we will see decision problems that naturally arise in the study of logic. For example, we may want to know whether or not a given sentence of propositional logic is sometimes true (likewise, we may ask if the sentence is always true or never true). This decision problem, which we shall call the Satisﬁability Problem, is in NP. It is not known whether it is in P. In Chapter 7, we show that the Satisﬁability Problem is NP-complete. This means that if this problem is in P, then so is every problem in NP. So if we can ﬁnd a polynomial time algorithm for determining whether or not a given sentence of propositional logic is sometimes true, or if we can show that no such algorithm exists, then we will resolve the P = NP problem.

xvi

Preliminaries

In Chapter 10, we turn this relationship between complexity and logic on its head. We show that, in a certain setting (namely, graph theory) the complexity classes of P and NP (and others) can be deﬁned as logics. For example, Fagin’s Theorem states that (for graphs) NP contains precisely those decision problems that can be expressed in second-order existential logic. So the P = NP problem and related questions can be rephrased as questions of whether or not two logics are equivalent. From the point of view of a mathematician, this makes the P = NP problem more precise. Our above deﬁnitions of P and NP may seem hazy. After all, our deﬁnition of these complexity classes depends on the notion of a “step” of an algorithm. Although we could (and will) precisely deﬁne what constitutes a “step,” we utterly avoid this issue by deﬁning these classes as logics. From the point of view of a computer scientist, on the other hand, the relationship between logics and complexity classes justiﬁes the study of logics. The fact that the familiar complexity classes arise from these logics is evidence that these logics are natural objects to study. Clearly, we are getting ahead of ourselves. Fagin’s Theorem is not mentioned until the ﬁnal chapter. In fact, no prior knowledge of complexity theory is assumed in this book. Some prior knowledge of algorithms may be helpful, but is not required. We do assume that the reader is familiar with sets, relations, and functions. Before beginning our study, we brieﬂy review these topics.

Sets and structures We assume that the reader is familiar with the fundamental notion of a set. We use standard set notation: x ∈ A means x is an element of set A, x ∈ A means x is not an element of A, ∅ denotes the unique set containing no elements, A ⊂ B means every element of set A is also an element of set B, A ∪ B denotes the union of sets A and B, A ∩ B denotes the intersection of sets A and B, and A × B denotes the Cartesian product of sets A and B. Recall that the union A ∪ B of A and B is the set of elements that are in A or B (including those in both A and B), whereas the intersection A ∩ B is the set of only those elements that are in both A and B. The Cartesian product A × B of A and B is the set of ordered pairs (a, b) with a ∈ A and b ∈ B. We simply write A2 for A × A. Likewise, for n > 2, An denotes the Cartesian product of An−1 and A. This is the set of n-tuples (a1 , a2 , . . . , an ) with each ai ∈ A. For convenience, A1 (the set of 1-tuples) is an alternative notation for A itself.

Preliminaries

xvii

Example 1 Let A = {α, β, γ} and let B = {β, δ, }. Then A ∪ B = {α, β, γ, δ, }, A ∩ B = {β}, A × B = {(α, β), (α, δ), (α, ), (β, β), (β, δ), (β, ), (γ, β), (γ, δ), (γ, )}, and B 2 = {(β, β), (β, δ), (β, ), (δ, β), (δ, δ), (δ, ), (, β), (, δ), (, )}. Two sets are equal if and only if they contain the same elements. Put another way, A = B if and only if both A ⊂ B and B ⊂ A. In particular, the order and repetition of elements within a set do not matter. For example, A = {α, β, γ} = {γ, β, α} = {β, β, α, γ} = {γ, α, β, β, α}. Note that A ⊂ B includes the possibility that A = B. We say that A is a proper subset of B if A ⊂ B and A = B and A = ∅. A set is essentially a database that has no structure. For an example of a database, suppose that we have a phone book listing 1000 names in alphabetical order along with addresses and phone numbers. Let T be the set containing these names, addresses, and phone numbers. As a set, T is a collection of 3000 elements having no particular order or other relationships. As a database, our phone book is more than merely a set with 3000 entries. The database is a structure: a set together with certain relations. Deﬁnition 2 Let A be a set. A relation R on A is a subset of An (for some natural number n). If n = 1, 2, or 3, then the relation R is called unary, binary, or ternary respectively. If n is bigger than 3, then we refer to R as an n-ary relation. The number n is called the arity of R. As a database, our phone book has several relations. There are three types of entries in T : names, numbers, and addresses. Each of these forms a subset of T , and so can be viewed as a unary relation on T . Let N be the set of names in T , P be the set of phone numbers in T , and A be the set of addresses in T . Since a “relation” typically occurs between two or more objects, the phrase “unary relation” is somewhat of an oxymoron. We continue to use this terminology, but point out that a “unary relation” should be viewed as a predicate or an adjective describing elements of the set. We assume that each name in the phone book corresponds to exactly one phone number and one address. This describes another relation between the elements of T . Let R be the ternary relation consisting of all 3-tuples (x, y, z) of elements in T 3 such that x is a name having phone number y and address z. Yet another relation is the order of the names. The phone book, unlike the set T , is in alphabetical order. Let the symbol < represent this order. If x and y

xviii

Preliminaries

are elements of N (that is, if they are names in T ), then x < y means that x precedes y alphabetically. This order is a binary relation on T . It can be viewed as the subset of T 2 consisting of all ordered pairs (x, y) with x < y. Structures play a primary role in the study of ﬁrst-order logic (and other logics). They provide a context for determining whether a given sentence of the logic is true or false. First-order structures are formally introduced in Chapter 2. In the previous paragraphs, we have seen our ﬁrst example of a structure: a phone book. Let D denote the database we have deﬁned. We have D = (T |N , P , A, <, R). The above notation expresses that D is the structure having set T and the ﬁve relations N , P , A, <, and R on T . Although a phone book may not seem relevant to mathematics, the objects of mathematical inquiry often can be viewed as structures such as D. Number systems provide familiar examples of inﬁnite structures studied in mathematics. Consider the following sets: N denotes the set of natural numbers: N = {1, 2, 3, ...}, Z denotes the set of integers: Z = {..., −3, −2, −1, 0, 1, 2, 3, ...}, and Q denotes the set of rational numbers: Q = {a/b|a, b ∈ Z}. R denotes the set of real numbers: R is the set of all decimal expansions of the form z.a1 a2 a3 · · · where z and each ai are integers and 0 ≤ ai ≤ 9. √ C denotes the set of complex numbers: C = {a+bi|a, b ∈ R} where i = −1. Note that N, Z, Q, R, and C each represents a set. These number systems, however, are more than sets. They have much structure. The structure includes relations (such as < for less than) and functions (such as + for addition). Depending on what our interests are, we may consider these sets with any number of various functions and relations. The interplay between mathematical structures and formal languages is the subject of model theory. First-order logic, containing various relations and functions, is the primary language of model theory. We study model theory in Chapters 4–6. As we shall see, the perspective of model theory sheds new light on familiar structures such as the real and complex numbers.

Functions The notation f : A → B expresses that f is a function from set A to a subset of set B. This means that, given any a ∈ A as input, f yields at most one output f (a) ∈ B. It is possible that, given a ∈ A, f yields no output. In this case we say that f (a) is undeﬁned. The set of all a ∈ A for which f does produce an output is

Preliminaries

xix

called the domain of f . The range of f is the set of all b ∈ B such that b = f (a) for some a ∈ A. If the range of f is all of B, then the function is said to be onto B. The graph of f : A → B is the subset of A × B consisting of all ordered pairs (a, b) with f (a) = b. If A happens to be B n for some n ∈ N, then we say that f is a function on B and n is the arity of f . In this case, the graph of f is an (n + 1)-ary relation on B. The inverse graph of f : A → B is obtained by reversing each ordered pair in the graph of f . That is, (b, a) is in the inverse graph of f if and only if (a, b) is in the graph of f . The inverse graph does not necessarily determine a function. If it does determine a function f −1 : B → A (deﬁned by f −1 (b) = a if and only if (b, a) is in the inverse graph of f ) then f −1 is called the inverse function of f and f is said to be one-to-one. The concept of a function should be quite familiar to anyone who has completed a course in calculus. As an example, consider the function from R to R deﬁned by h(x) = 3x2 + 1. This function is deﬁned by a rule. Put into words, this rule states that, given input x, h squares x, then multiplies it by 3, and then adds 1. This rule allows us to compute h(0) = 1, h(3) = 28, h(72) = 15553, and so forth. In addition to this rule, we must be given two sets. In this example, the real numbers serve as both sets. So h is a unary function on the real numbers. The domain of h is all of R since, given any x in R, 3x2 + 1 is also in R. The function h is not one-to-one since h(x) and h(−x) both equal the same number for any x. Nor is h onto R since, given x ∈ R, h(x) = 3x2 + 1 cannot be less than 1. Other examples of functions are provided by various buttons on any calculator. Scientiﬁc calculators have buttons x2 , log x , sin x , and so forth. When you put a number into the calculator and then push one of these buttons, the calculator outputs at most one number. This is exactly what is meant by a “function.” The key phrase is “at most one.” As a nonexample, consider the square root. Given input 4, there are two outputs: 2 and −2. This is not a function. If we restrict the output to the positive square root (as most calculators do), then we do have a function. It is possible to get less than one output: you may get an ERROR message (say you input −35 and then push the log x button). The domain of a function is the set of inputs for which an ERROR does not occur. We can imagine a calculator that has a button h for the function h deﬁned in the previous paragraph. When you input 2 and then push h , the output is 13. This is what h does: it squares 2, multiplies it by 3, and adds 1. Indeed, if we have a programmable calculator we could easily make it compute h at the push of a button. Intuitively, any function behaves like a calculator button. However, this analogy must not be taken literally. Although calculators provide many examples of familiar functions, most functions cannot be programmed into a calculator.

xx

Preliminaries

Deﬁnition 3 A function f is computable if there exists a computer program that, given input x, • outputs f (x) if x is in the domain of f , and • yields no output if x is not in the domain of f . As we will see in Section 2.5, most functions are not computable. However, it is hard to eﬀectively demonstrate a function that is not computable. How can we uniquely describe a particular function without providing a means for its computation? As we will see, logic provides many examples. Computability theory is a subject of Chapter 7. Odd as it may seem, computability theory studies things that cannot be done by a computer. This subject arose from G¨ odel’s proof of his famous Incompleteness theorems. Proved in 1931, G¨ odel’s theorems rank among the great mathematical achievements of the past century. They imply that there is no computer algorithm to determine whether or not a given statement of arithmetic is true or false. Again, we are getting way ahead of ourselves. We will come to G¨odel’s theorems (as well as Fagin’s theorem) and state them precisely in due time. Let us now end our preliminary ramblings and begin our study of logic.

1

Propositional logic

1.1 What is propositional logic? In propositional logic, atomic formulas are propositions. Any assertion will do. For example, A = “Aristotle is dead,” B = “Barcelona is on the Seine,” and C = “Courtney Love is tall” are atomic formulas. Atomic formulas are the building blocks used to construct sentences. In any logic, a sentence is regarded as a particular type of formula. In propositional logic, there is no distinction between these two terms. We use “formula” and “sentence” interchangeably. In propositional logic, as with all logics we study, each sentence is either true or false. A truth value of 1 or 0 is assigned to the sentence accordingly. In the above example, we may assign truth value 1 to formula A and truth value 0 to formula B. If we take proposition C literally, then its truth is debatable. Perhaps it would make more sense to allow truth values between 0 and 1. We could assign 0.75 to statement C if Miss Love is taller than 75% of American women. Fuzzy logic allows such truth values, but the classical logics we study do not. In fact, the content of the propositions is not relevant to propositional logic. Henceforth, atomic formulas are denoted only by the capital letters A, B, C,. . . (possibly with subscripts) without referring to what these propositions actually say. The veracity of these formulas does not concern us. Propositional logic is not the study of truth, but of the relationship between the truth of one statement and that of another. The language of propositional logic contains words for “not,” “and,” “or,” “implies,” and “if and only if.” These words are represented by symbols: ¬ for “not,” ∧ for “and,” ∨ for “or,” → for “implies,” and ↔ for “if and only if.” As is always the case when translating one language into another, this correspondence is not exact. Unlike their English counterparts, these symbols represent concepts that are precise and invariable. The meaning of an English word, on the

2

Propositional logic

other hand, always depends on the context. For example, ∧ represents a concept that is similar but not identical to “and.” For atomic formulas A and B, A ∧ B always means the same as B ∧ A. This is not always true of the word “and.” The sentence She became violently sick and she went to the doctor. does not have the same meaning as She went to the doctor and she became violently sick. Likewise ∨ diﬀers from “or.” Conversationally, the use of “A or B” often precludes the possibility of both A and B. In propositional logic A∨B always means either A or B or both A and B. We must precisely deﬁne the symbols ¬, ∧, ∨, →, and ↔. We are confronted with the conundrum of how to deﬁne the ﬁrst word of a language (having recourse to no other words!). For this reason, we take the symbols ¬ and ∧ as primitives. We deﬁne the other symbols in terms of these two symbols. Although we do not deﬁne ¬ and ∧ in terms of the other symbols, we do describe the semantics of these symbols in an unambiguous manner. Before describing the semantics of the language, we discuss the syntax. Whereas the semantics regards the meaning, or interpretation, of sentences in the language, the syntax regards the grammar of the language. The syntax of propositional logic tells us which strings of symbols are permissible as formulas. Naturally, any atomic formula is a formula. We also have the following two rules. (R1) If F is a formula, then ¬F is a formula. (R2) If F and G are formulas, then (F ∧ G) is a formula. Deﬁnition 1.1 The formula ¬F is the negation of F and the formula (F ∧ G) is the conjunction of F and G. Deﬁnition 1.2 A ﬁnite string of symbols is a formula of propositional logic if and only if it is built up from atomic formulas by repeated application of rules (R1) and (R2). Example 1.3 ¬(¬(A ∧ B) ∧ ¬C) is a formula and ((A¬∧)B(C¬ is not. Note that we have restricted the deﬁnition of formula to the primitive symbols ¬ and ∧. If we were describing the syntax of propositional logic to a computer, then this deﬁnition of formula would suﬃce. However, to make formulas more palatable to humans, we include the other symbols (∨, →, and ↔) to be deﬁned later. We may regard formulas involving these symbols as abbreviations for more complicated formulas involving only ¬ and ∧. The inclusion of these symbols make the formulas easier (for us humans) to read.

Propositional logic

3

Also toward the aim of readability, we employ certain conventions. The use of these abbreviations and conventions alters our notion of “formula” somewhat. One of these conventions is the following: (C1) If F or (F ) is a formula, then we view F and (F ) as the same formula. That is, we may drop the outermost parentheses. This extends our deﬁnition of formula. Technically, by the above deﬁnition, A ∧ B is not a formula. However, using convention (C1), we do not distinguish A ∧ B from the formula (A ∧ B). The use of convention (C1) leads to some ambiguities that we presently address. Suppose that, in (R1), F denotes A ∧ B (which, by (C1) is a formula). Then ¬F does not represent the formula ¬A∧B. Rather, ¬F denotes the formula ¬(A ∧ B). As we shall see, ¬A ∧ B and ¬(A ∧ B) do not mean the same thing. Likewise, F ∧ G denotes the formula (F ) ∧ (G). The use of (C1) also requires care in deﬁning the notion of “subformula.” A subformula of a formula F (viewed as a string of symbols) is a substring of F that is itself a formula. However, because of (C1), not every such substring is a subformula. So we do not want to take this property as the deﬁnition of “subformula.” Instead, we deﬁne “subformula” as follows. Deﬁnition 1.4 The following rules deﬁne the subformulas of a formula. Any formula is a subformula of itself. Any subformula of F is also a subformula of ¬F . Any subformula of F or G is also a subformula of (F ∧ G). Example 1.5 Let A and B be atomic and let F be the formula ¬(¬A ∧ ¬B). The formula A ∧ ¬B occurs as a substring of F , but it is not a subformula of F . There is no way to build the formula F from the formula A ∧ ¬B. The subformulas of F are A, B, ¬A, ¬B, (¬A ∧ ¬B), and ¬(¬A ∧ ¬B). Having described the syntax of propositional logic, we now describe the semantics. That is, we say how to interpret the formulas. Not only must we describe the semantics for the symbols “∧” and “¬,” but we must also say how to interpret formulas in which these symbols occur together. For this we state the order of operations. It is the role of parentheses to dictate which subformulas are to be considered ﬁrst when interpreting a formula. If no parentheses are present, then we use the following rule: ¬ has priority over ∧ . For example, the formula ¬(A ∧ B) means “not both A and B.” The parentheses tell us that the “∧” in this formula has priority over “¬.” The formula ¬A ∧ B,

4

Propositional logic

on the other hand, has a diﬀerent interpretation. In the absence of parentheses, we use the rule that ¬ has priority over ∧. So this formula means “both not A and B.” The semantics of propositional logic is deﬁned by this rule along with Tables 1.1 and 1.2. These are examples of truth tables. Each row of these tables assigns truth values to atomic formulas and gives resulting truth values for more complex formulas. For example, the third row of Table 1.1 tells us that if A is true and B is false, then (A ∧ B) is false. We see that (A ∧ B) has truth value 1 only if both A and B have truth value 1, corresponding to our notion of “and.” Likewise, Table 1.2 tells us that ¬A has the opposite truth value of A, corresponding to our notion of negation. Using these two truth tables, we can ﬁnd truth tables for any formula. This is because every formula is built from atomic formulas via rules (R1) and (R2). Suppose, for example, we want to ﬁnd a truth table for the formula ¬(¬A ∧ ¬B). Given truth values for A and B, we can use Table 1.2 to ﬁnd the truth values of ¬A and ¬B. Given truth values for ¬A and ¬B, we can then use Table 1.1 to ﬁnd the truth value of (¬A ∧ ¬B). Finally, we can refer again to Table 1.2 to ﬁnd the truth value of ¬(¬A ∧ ¬B). The resulting truth table for this formula is shown in Table 1.3. Note that the formulas listed across the top of Table 1.3 are precisely the subformulas from Example 1.5. From this table we see that the formula ¬(¬A ∧ ¬B) has truth value 1 if and only if A or B has truth value 1. This formula corresponds to the notion of “or” discussed earlier. The symbol ∨ is used to denote this useful notion. Table 1.1

Truth table for A ∧ B

A

B

(A ∧ B)

0

0

0

0

1

0

1

0

0

1

1

1

Table 1.2

Truth table for ¬A

A

¬A

0

1

1

0

Propositional logic Table 1.3

5

Truth table for (A ∨ B)

A

B

¬A

¬B

(¬A ∧ ¬B)

¬(¬A ∧ ¬B)

0

0

1

1

1

0

0

1

1

0

0

1

1

0

0

1

0

1

1

1

0

0

0

1

Table 1.4

Truth table for (A → B)

A

B

¬A

(B ∨ ¬A)

(A → B)

0

0

1

1

1

0

1

1

1

1

1

0

0

0

0

1

1

0

1

1

Deﬁnition 1.6 The symbol ∨ is deﬁned as follows: for any formulas F and G, (F ∨ G) is an abbreviation for ¬(¬F ∧ ¬G). The formula (F ∨ G) is called the disjunction of F and G. Two other abbreviations that are convenient are the following. Deﬁnition 1.7 The symbols → and ↔ are deﬁned as follows: (F → G) abbreviates (G ∨ ¬F ), and (F ↔ G) abbreviates ((F → G) ∧ (G → F )). We previously remarked that the symbol → corresponds to the English word “implies” and the symbol ↔ corresponds to the phrase “if and only if.” Again, these correspondences are merely mnemonic devices for the semantics of the symbols. For example (A ↔ B) is true if A and B have the same truth values and is otherwise false. So ↔ behaves exactly like the phrase “if and only if.” The relationship between → and “implies” is a bit tenuous. Consider the truth table for (A → B) (Table 1.4). We see that (A → B) is true unless A is true and B is false. In particular, (A → B) is true whenever A is false. Thus, in logic, a false statement implies anything. This diﬀers from the colloquial use of the word “implies.” We would not say “Barcelona is on the Seine implies Aristotle is dead” or, even more egregious, “Barcelona is on the Seine implies Barcelona is not on the Seine.” However, (A → B) and (A → ¬A) are true statements of propositional logic whenever A is false.

6

Propositional logic

Having introduced new symbols, we must determine the order of operation for these symbols. When evaluating the truth value of a formula, we must know the order in which to proceed. Rather than ranking all of the symbols in a hierarchy, we state just one rule: ¬ has priority over ∧, ∨, →, and ↔. Beyond this, the parentheses dictate the order in which to proceed. Example 1.8 Consider the formula ((¬A → B)∧C)∨¬(A∧D). Call this formula F . Suppose we know that the truth values for A, B, C, and D are 1, 0, 1, and 0, respectively. To evaluate the truth value for F we begin with the subformula ¬A (using Table 1.2) since ¬ has priority. We next evaluate the subformula (¬A → B) (Table 1.4) which is in the innermost set of parentheses. We next evaluate the truth values for ((¬A → B) ∧ C) and (A ∧ D) (Table 1.1). We then ﬁnd the truth values for ¬(A ∧ D) (Table 1.2) and, ﬁnally, for F (Table 1.3). We obtain the following truth values. A B 1 0

C 1

D 0

¬A 0

(¬A → B) ((¬A → B) ∧ C) (A ∧ D) ¬(A ∧ D) F 1 1 0 1 1

This is just one row of a truth table for this formula. We could choose other truth values for A, B, C, and D other than 1, 0, 1, and 0. Since there are two possible values for each of these four atomic formulas, there are 24 = 16 ways to assign truth values to A, B, C, and D. So the full table has 16 rows. The completion of this table is left as Exercise 1.3(d). The role of parentheses is not only to determine the order of operations, but also to make formulas more readable. Toward this aim, we omit parentheses when they are not necessary. We have already discussed convention (C1) that allows us to drop the outermost parentheses from the formula (F ). We also use the following convention: (C2) For any formulas F , G, and H, we view F ∧ G ∧ H as the same formula as (F ∧ G) ∧ H and F ∨ G ∨ H as the same formula as (F ∨ G) ∨ H. Since the formulas (F ∧ G) ∧ H and F ∧ (G ∧ H) have the same truth tables, there is no ambiguity in dropping the parentheses and simply writing F ∧ G ∧ H. In contrast, F ∧ G ∨ H is ambiguous and is not permitted as a formula of propositional logic. The formulas (F ∧ G) ∨ H and F ∧ (G ∨ H) do not have the same truth tables. We have now completely deﬁned propositional logic.

Propositional logic

7

In summary, propositional logic, like any logic, is a language. Its dictionary contains the words ¬, ∧, ∨, →, and ↔. (The symbols “(” and “)” are used only as punctuation.) The words ∨, →, and ↔ are deﬁned in terms of ¬ and ∧. The words ¬ and ∧ are considered primitive and are listed in our hypothetical dictionary without deﬁnition. The dictionary also contains inﬁnitely many atomic formulas that are merely listed as capital letters (with subscripts, perhaps). The grammar of this language consists of the rules (R1) and (R2) along with conventions (C1) and (C2) regarding parentheses. Propositional logic, like any logic, also has rules for deduction. These rules follow from the semantics of the logic. The semantics of propositional logic are summarized by Tables 1.1 and 1.2 and the deﬁnitions of the symbols ∨, →, and ↔. The semantics and the rules for deduction that follow from the semantics are implicit in the words “not,” “and,” “or,” “implies,” and “if and only if” (although this correspondence is not exact). For example, if (A ∧ B) is true (truth value 1), then we can deduce that both A and B are true. And if A → B and A both have truth value 1, then it follows that B also has truth value 1. We discuss these and other rules for deduction in Section 1.5.

1.2 Validity, satisﬁability, and contradiction Let S = {A1 , . . . , An } be a set of atomic formulas. Let F(S) be the set of all formulas that can be built from the atomic formulas in S. Deﬁnition 1.9 An assignment of S is a function A : S → {0, 1}. That is, an assignment of S assigns truth values to each atomic formula in S. An assignment A of S naturally extends to all of F(S). Given any formula F in F(S), an assignment A of S corresponds to a unique row of the truth table for F . We deﬁne A(F ) to be the truth value of F in this row. An assignment A of S also extends to certain formulas not in F(S). Suppose F0 is a formula that is not in F(S). Let S0 be the set of atomic subformulas of F0 . If every extension of A to S ∪ S0 has the same value for F0 , then we deﬁne A(F0 ) to be this value. Example 1.10 Let A and B be atomic formulas. Let A be the assignment of {A, B} deﬁned by A(A) = 1 and A(B) = 0. Then A(A ∧ B) = 0, A(A ∨ B) = 1, A(A ∧ (C ∨ ¬C)) = 1, and A(B ∨ (C ∧ ¬C)) = 0.

8

Propositional logic

The reason A(A ∧ (C ∨ ¬C)) = 1 is that A(A) = 1 and, no matter what truth value we assign to C, (C ∨ ¬C) has truth value 1. Likewise A(B ∨ (C ∧ ¬C)) = 0 because both B and (C ∧ ¬C) have truth value 0, regardless of the truth value of C. Let A be an assignment of S and let F be a formula. If A(F ) = 1, then we say F holds under assignment A. Equivalently, we say A models F . We write A |= F to denote this concept. Deﬁnition 1.11 A formula is valid if it holds under every assignment. We use |= F to denote this. A valid formula is called a tautology. Example 1.12 The formula (C ∨ ¬C) from the previous example is a tautology. Deﬁnition 1.13 A formula is satisﬁable if it holds under some assignment. Deﬁnition 1.14 A formula is unsatisﬁable if it holds under no assignment. An unsatisﬁable formula is called a contradiction. Example 1.15 The formula (C ∧ ¬C) is a contradiction. Suppose that we want to determine whether or not a given formula is valid. This is an example of a decision problem. A decision problem is any problem that, given certain input, asks a question to be answered with a “yes” or a “no.” Given formula F as input, we may ask “Is F valid?” We refer to this as the validity problem. Likewise, we may ask “Is F satisﬁable?,” and refer to this the satisﬁability problem. For propositional logic, truth tables provide a systematic approach for resolving such decision problems. If all of the truth values for F are 1s, then F is valid. If some truth value is 1, then F is satisﬁable. Otherwise, if no truth values are 1s, F is unsatisﬁable. Example 1.16 Consider the formula (A ∧ (A → B)) → B. To determine whether this formula is satisﬁable, we compute the following truth table.

A

B

A→B

A ∧ (A → B)

(A ∧ (A → B)) → B

0

0

1

0

1

0

1

1

0

1

1

0

0

0

1

1

1

1

1

1

We see that (A ∧ (A → B)) → B has truth value 1 under any assignment. So not only is this formula satisﬁable, it is valid.

Propositional logic

9

Example 1.17 Consider now the formula ((A → B) → A) ∧ ¬A. Suppose we want to determine whether this formula is satisﬁable or not. Again we compute a truth table. A

B

(A → B)

((A → B) → A)

¬A

((A → B) → A) ∧ ¬A

0

0

1

0

1

0

0

1

1

0

1

0

1

0

0

1

0

0

1

1

1

1

0

0

This formula is unsatisﬁable. It is a contradiction. Theoretically, we can determine whether any formula F is valid, satisﬁable or unsatisﬁable by looking at a truth table. Unfortunately, this is not always an eﬃcient method. If F contains n atomic formulas, then there are 2n rows to compute in the truth table for F . So if F happens to have, say, 23 atomic formulas, then computing a truth table is not feasible. One of our aims in this chapter is to ﬁnd alternative methods for resolving the validity and satisﬁability problems that avoid truth tables. More generally, our aim is to contrive various ways of determining whether or not a given formula is a consequence of a given set of formulas. This is a central problem of any logic.

1.3 Consequence and equivalence We now introduce the fundamental notion of consequence. First, we deﬁne what it means for one formula to be a consequence of another. Later in this section, we similarly deﬁne what it means for a formula to be a consequence of a set of formulas. Deﬁnition 1.18 Formula G is a consequence of formula F if for every assignment A, if A |= F then A |= G. We denote this by F |= G. Note that the symbol |= is used in a variety of ways. There is always a formula to the right of this symbol. When we write |= F , the interpretation of “|=” depends on how we ﬁll in the blank. The blank may either be ﬁlled with an assignment A, a formula G, or not ﬁlled with the empty set. The three corresponding interpretations for |= are as follows: • A |= F means that A(F ) = 1. We read this as “A models F .” • G |= F means every assignment that models G also models F . That is, F is a consequence of G.

10

Propositional logic

• |= F means every assignment models F . That is, F is a tautology. So although |= has multiple interpretations, in context it is not ambiguous. The notion of consequence is closely related to the notion of “implies” discussed in Section 1.1. A formula G is a consequence of a formula F if and only if “F implies G” is always true. We restate this as the following proposition. Proposition 1.19 For any formulas F and G, G is a consequence of F if and only if F → G is a tautology. Proof We show that F → G is not a tautology if and only if G is not a consequence of F . By the deﬁnition of “tautology,” F → G is not a tautology if and only if there exists an assignment A such that A |= ¬(F → G). By the deﬁnition of “→,” A |= ¬(F → G) if and only if A |= ¬(¬F ∨ G). By the semantics of propositional logic, A |= ¬(¬F ∨ G) if and only if both A |= F and A |= ¬G. Finally, by the deﬁnition of “consequence,” there exists an assignment A such that A |= F and A |= ¬G if and only if G is not a consequence of F . Suppose we want to determine whether or not formula G is a consequence of a formula F . We refer to this as the consequence problem. By Proposition 1.19 this can be rephrased as a validity problem (since G is a consequence of F if and only if G → F is valid). Such problems can be resolved by computing a truth table. If the truth values for F → G are all 1s, then G is a consequence of F . Otherwise, it is not. In particular, if F is a contradiction, then G is a consequence of F regardless of G. Example 1.20 Let F and G be formulas. Each of the following can easily be veriﬁed by computing a truth table. (F ∧ G) |= F F |= (F ∨ G) (F ∧ ¬F ) |= G Deﬁnition 1.21 If both G is a consequence of F and F is a consequence of G, then we say F and G are equivalent. We denote this by F ≡ G. It follows from Proposition 1.19 that two formulas F and G are equivalent if and only if F ↔ G is a tautology. So we can determine whether two formulas F and G are equivalent by computing a truth table. Each of the equivalences in the following examples can easily be veriﬁed in this manner. Example 1.22 For all formulas F and G, (F ∧G) ≡ (G∧F ) and (F ∨G) ≡ (G∨F ).

Propositional logic

11

Example 1.23 For any formula F and any tautology T , (F ∧ T ) ≡ F and (F ∨ T ) ≡ T . Example 1.24 For any formula F and any contradiction ⊥, (F ∧ ⊥) ≡ ⊥ and (F ∨ ⊥) ≡ F . Example 1.25 (Distributivity rules) The following two equivalences exhibit the distributivity rules for ∧ and ∨. For all formulas F , G, and H, (F ∧ (G ∨ H)) ≡ ((F ∧ G) ∨ (F ∧ H)) and (F ∨ (G ∧ H)) ≡ ((F ∨ G) ∧ (F ∨ H)). Example 1.26 (DeMorgan’s rules) For all formulas F and G ¬(F ∧ G) ≡ (¬F ∨ ¬G), and ¬(F ∨ G) ≡ (¬F ∧ ¬G). The equivalences in the previous examples are basic. Note that we refer to some of these equivalences as “rules.” Each of these holds true for arbitrary formulas. From these basic equivalences, more elaborate equivalences can be created. Example 1.27 Using the equivalences in the previous examples, we show that ((C ∧ D) ∨ A) ∧ ((C ∧ D) ∨ B) ∧ (E ∨ ¬E) ≡ (A ∧ B) ∨ (C ∧ D). Let L denote the formula on the left in this equivalence. Note that (E ∨ ¬E) is a tautology. By Example 1.23, L is equivalent to ((C ∧ D) ∨ A) ∧ ((C ∧ D) ∨ B). According to the second distributivity rule in Example 1.25, this is equivalent to (C ∧ D) ∨ (A ∧ B) (viewing (C ∧ D) as the formula F in that rule). By Example 1.22, this is equivalent to (A∧B)∨(C ∧D) which is the formula on the right in our equivalence. Using the basic rules in Examples 1.22–1.26, we were able to verify that ((C ∧ D) ∨ A) ∧ ((C ∧ D) ∨ B) ∧ (E ∨ ¬E) ≡ (A ∧ B) ∨ (C ∧ D). This is itself a rule, holding for any formulas A, B, C, D, and E. Alternatively, we could have veriﬁed this equivalence by computing a truth table. Such a truth table would have had 25 = 32 rows. The previously established rules provided a more eﬃcient method of veriﬁcation. Likewise, we could state “rules for consequence” that would allow us to show that one formula is a consequence of another without having to compute truth tables. In the next section, we exploit this idea and introduce the notion of formal proof. Formal proofs allow us to “derive” formulas from sets of formulas. The following deﬁnition extends the notion of consequence to this setting.

12

Propositional logic

Deﬁnition 1.28 Let F = {F1 , F2 , F3 , . . .} be a set of formulas. For any assignment A, we say A models F, denoted A |= F if A |= Fi for each formula Fi in F. We say a formula G is a consequence of F, and write F |= G, if A |= F implies A |= G for every assignment A. Suppose that we want to determine whether a formula G is a consequence of a set of formulas F. If F is ﬁnite, then we could consider the conjunction F of all formulas in F and compute a truth table for F → G. This method would certainly produce an answer. However, if the set F is large, then computing such a truth table is neither an eﬃcient, nor a pleasant, thing to do. If F is inﬁnite, then this method does not work at all. Another approach is to derive G from F. Consider the following example. Example 1.29 Let F be the following set of formulas {A, (A → B), (B → C), (C → D), (D → E), (E → F ), (F → G)}. Suppose each of the seven formulas in F is true. Then, in particular, A and A → B are true. It follows that B must also be true. Likewise, since B and B → C are true, then C must also be true, and so forth. If each formula in F is true, then A, B, C, D, E, F , and G are true. Each of these formulas is a consequence of F. We do not need a truth table to see this. Let F be the conjunction of all formulas in F. That is, F = A ∧ (A → B) ∧ (B → C) ∧ (C → D) ∧ (D → E) ∧ (E → F ) ∧ (F → G). The truth table for F → G comprises 128 rows. Without computing a single row, we can see that each row will have truth value 1. The formula F → G is a tautology and, equivalently, G is a consequence of F. In the previous example, we repeatedly used the fact that if X and X → Y are both true, then Y is also true. That is, we used the fact that Y is a consequence of X ∧ (X → Y ). This follows from the truth table we computed in Example 1.16. Rather than compute another truth table (having 128 rows), we used a truth table we have already computed (having only four rows) to deduce that G is a consequence of F. We derived G from F using a previously validated rule.

1.4 Formal proofs A logic, by deﬁnition, has rules for deducing the truth of one sentence from that of another. These rules yield a system of formal proof. In this section, we describe such a proof system for propositional logic.

Propositional logic

13

A proof system consists of a set of basic rules for derivations. These rules allow us to deduce formulas from sets of formulas. It may take several steps to derive a given formula G from a set of formulas F, where each “step” is an application of one of the basic rules. The list of these steps forms a formal proof of G from F. Of particular interest is the relationship between the notion of formal proof and the notion of consequence. We want a proof system that is sound. That is, we want the following property to hold. (Soundness) If a formula G can be derived from a set of formulas F, then G is a consequence of F. If a proof system is sound, then it provides an alternative to truth tables for determining whether a formula G is a consequence of a set of formulas F. In this section, we present a proof system and prove that it is sound. We use this proof system in several examples. The proof system we introduce is intended to be user-friendly. To construct a proof deriving G from F, one may consider the question: why is G a consequence of F? The object is then to translate one’s reasoning into a formal proof. Although this process is necessarily pedantic, the large yet coherent set of basic rules we provide is intended to aid the translation of thought into formal proof. The aim of a formal proof system is to make the thought process infallible. Ideally, the proof system could replace the thought process. Instead of thinking, we could blindly follow a set of rules. If two people disagree about whether G truly is a consequence of F, there would be no need for debate. Both parties could perform a computation to see whether or not G is indeed a consequence of F. The reason that “not thinking” is ideal is that we could program a computer to perform this task. In Section 1.8, we introduce another proof system known as resolution. Resolution is a pared down proof system that takes the thinking out of formal proofs. Whereas resolution is intended for the mechanization of proofs, the proof system we describe in the present section is intended for human use. We now list the basic rules for our proof system. The veracity of many of these rules is self-evident. For example, if F and G can be derived from F, then F ∧ G can also be derived from F. We call this rule “∧-Introduction.” We use the following notation: we write F G to abbreviate “G can be derived from F.” Using this notation, ∧-Introduction is written as: if F F and F G then F (F ∧ G). Table 1.5 lists this and other basic rules for derivations.

14

Propositional logic Table 1.5

Basic rules for derivations

Premise G is in F F G and F ⊂

F

F G

Conclusion

Name

F G

Assumption

F

Monotonicity

G

F ¬¬G

Double negation

F F, F G

F (F ∧ G)

∧-Introduction

F (F ∧ G)

F F

∧-Elimination

F (F ∧ G)

F (G ∧ F )

∧-Symmetry

F F

F (F ∨ G)

∨-Introduction

F ∪ {F } H, F ∪ {G} H

F H

∨-Elimination

F (F ∨ G)

F (G ∨ F )

∨-Symmetry

F ∪ {F } G

F (F → G)

→-Introduction

F (F ∨ G),

F (F → G), F F

F G

→-Elimination

F F

F (F )

(, )-Introduction

F (F )

F F

(, )-Elimination

F ((F ∧ G) ∧ H)

F (F ∧ G ∧ H)

∧-Parentheses rule

F ((F ∨ G) ∨ H)

F (F ∨ G ∨ H)

∨-Parentheses rule

Table 1.6

More rules for derivations

Rules

Name

F (F ∨ G) if and only if F ¬(¬F ∧ ¬G)

∨-Deﬁnition

F (F → G) if and only if F (¬F ∨ G)

→-Deﬁnition

F (F ↔ G) if and only if both F (F → G) and F (G → F )

↔-Deﬁnition

There are a lot of rules. Note the organization of the list. It begins with a couple of rules that are quite intuitive: Assumption and Monotonicity. There follow a few similarly named rules for various symbols of propositional logic. The four rules that conclude the list reﬂect conventions (C1) and (C2). In addition to the rules in Table 1.5, we have the rules in Table 1.6 regarding the deﬁnitions of ∨, →, and ↔. Our list of rules is both too big and too small. It is too big in the sense that some of these rules are redundant. For example, since ∨ can be expressed in terms of ¬ and ∧, ∨-Symmetry follows from ∧-Symmetry (see Exercise 1.13). We could pare these redundant rules from our list. In fact, we really need only

Propositional logic

15

three rules! These rules must be phrased within the proper context and are the topic of Section 1.8. Our present concern is not economy, but utility. These rules allow us to derive formulas from other formulas. The more rules at our disposal, the better. In this sense, the above list is too small. As we shall see, there is no end to the rules that can be derived from those stated above. Having listed these rules for derivations, we now deﬁne “formal proof.” Deﬁnition 1.30 A formal proof in propositional logic is a ﬁnite sequence of statements of the form “X Y ” (where X is a set of formulas and Y is a formula) each of which follows from the previous statements by one of the rules in Table 1.5 or Table 1.6. We say that G can be derived from F if there is a formal proof concluding with the statement F G. A formal proof can always be put into two-column form. The best way to describe formal proofs is to give an example. Example 1.31 Let H = {(¬A ∨ B), (¬A ∨ C), (A ∨ ¬D)}. We derive the formula D → (A ∧ B ∧ C) from H.

Statement

Justiﬁcation

1. H ∪ {D} D

Assumption

2. H ∪ {D} (A ∨ ¬D)

Assumption

3. H ∪ {D} (¬D ∨ A)

∨-Symmetry applied to 2

4. H ∪ {D} (D → A)

→-Deﬁnition applied to 3

5. H ∪ {D} A

→-Elimination applied to 4 and 1

6. H ∪ {D} (¬A ∨ B)

Assumption

7. H ∪ {D} (A → B)

→-Deﬁnition applied to 6

8. H ∪ {D} B

→-Elimination applied to 7 and 5

9. H ∪ {D} (¬A ∨ C)

Assumption

10. H ∪ {D} (A → C)

→-Deﬁnition applied to 9

11. H ∪ {D} C

→-Elimination applied to 10 and 5

12. H ∪ {D} (A ∧ B)

∧-Introduction applied to 5 and 8

13. H ∪ {D} ((A ∧ B) ∧ C)

∧-Introduction applied to 12 and 11

14. H ∪ {D} (A ∧ B ∧ C)

∧-Parenthesis rule applied to 13

15. H (D → (A ∧ B ∧ C))

→-Introduction applied to 14

16. H D → (A ∧ B ∧ C)

(, )-Elimination

At ﬁrst glance, the above proof looks like a complicated way of demonstrating a fact that is not so complicated. However, reading the proof line-by-line we see that each line asserts a simple truth that is easy to verify. Proofs can be made

16

Propositional logic

more succinct by using additional rules. For example, note that in the previous proof we repeatedly introduced the symbol → only to eliminate it. Instead, we could have separately proved the following rule. Premise: F (¬F ∨ G), F F Conclusion: F G

Statement

Justiﬁcation

1. F F

Premise

2. F (¬F ∨ G)

Premise

3. F (F → G)

→-Deﬁnition applied to 2

4. F G

→-Elimination applied to 3 and 1

The proof in Example 1.31 essentially repeats the above argument three times. We can treat this four-line proof as a subroutine. Had we established this rule prior to Example 1.31, we could have referred to it three times to make the proof more concise. For lack of a better name, we christen this rule ∨-Modus Ponens. “Modus ponens” is a standard name for the rule we call →-Elimination. As the archaic name suggests, this rule has been around for a while. It is found in what can be considered the origin of formal proofs: Euclid’s Elements. The next ﬁve examples establish some other rules that facilitate the construction of proofs. Example 1.32 (Tautology rule) This rule states that, for any formula G, (¬G ∨ G) can be derived from any set of formulas. Premise: None Conclusion: F (¬G ∨ G)

Statement

Justiﬁcation

1. F ∪ {G} G

Assumption

2. F (G → G)

→-Introduction applied to 1

3. F (¬G ∨ G)

→-Deﬁnition applied to 2

Example 1.33 (Contradiction rule) This rule states that any formula G can be derived from the contradiction F ∧ ¬F . Premise: F (F ∧ ¬F ) Conclusion: F G

Propositional logic

Statement

Justiﬁcation

1. F (F ∧ ¬F )

Premise

2. F (¬F ∧ F )

∧-Symmetry applied to 1

3. F ¬F

∧-Elimination applied to 2

4. F (¬F ∨ G)

∨-Introduction applied to 3

5. F F

∧-Elimination applied to 1

6. F G

∨-Modus Ponens applied to 4 and 5

17

Example 1.34 (Contrapositive) This is the rule of logic that states that if p implies q, then ¬q implies ¬p. Premise: F ∪ {F } G Conclusion: F ∪ {¬G} ¬F

Statement

Justiﬁcation

1. F ∪ {F } G

Premise

2. F ∪ {F } ¬¬G

Double negation applied to 1

3. F (F → ¬¬G)

→-Introduction applied to 2

4. F (¬F ∨ ¬¬G)

→-Deﬁnition applied to 3

5. F (¬¬G ∨ ¬F )

∨-Symmetry applied to 4

6. F (¬G → ¬F )

→-Deﬁnition applied to 5

7. F ∪ {¬G} (¬G → ¬F )

Monotonicity applied to 6

8. F ∪ {¬G} ¬G

Assumption

9. F ∪ {¬G} ¬F

→-Elimination applied to 6 and 8

Example 1.35 (Proof by cases) This rule provides a useful way to structure a proof. Premise: F ∪ {F } G, F ∪ {¬F } G Conclusion: F G Statement

Justiﬁcation

1. F ∪ {F } G

Assumption

2. F ∪ {¬F } G

Assumption

3. F (¬F ∨ F )

Tautology rule

4. F G

∨-Elimination applied to 3, 2, and 1

18

Propositional logic

Example 1.36 (Proof by contradiction) Another way to structure a proof is by contradiction. As the following proof indicates, proof by contradiction is (in this context) essentially the contrapositive of proof by cases. Premise: F ∪ {F } G, F ∪ {F } ¬G Conclusion: F ¬F Statement

Justiﬁcation

1. F ∪ {F } G

Premise

2. F ∪ {¬G} ¬F

Contrapositive applied to 1

3. F ∪ {F } ¬G

Premise

4. F ∪ {¬¬G} ¬F

Contrapositive applied to 3

5. F ¬F

Proof by cases applied to 2 and 4

These are now established rules that may henceforth be used to justify statements in proofs. By “established” we mean that these rules are true, provided that the rules in Table 1.5 are true. We must prove that this is the case. We must prove that our proof system is sound: that if G can be derived from F, then G is in fact a consequence of F. Theorem 1.37 (Soundness) If F G, then F |= G. Proof If F G, then there is a formal proof concluding with F G. Each line of the proof contains a statement of the form X Y which is justiﬁed by one of the rules in Tables 1.5 or 1.6. We want to show that for each line of the proof, if X Y , then X |= Y . This can be accomplished by verifying each rule in the tables one-by-one. We demonstrate this by verifying three rules: Assumption, ∧-Elimination, and →-Introduction. The veriﬁcation of the remaining rules are left as an exercise. We begin with the ﬁrst rule of Table 1.5: Assumption. The conclusion of this rule is that F G. We must show, under the premise of this rule, that F |= G. But this is clear since the premise states that G is in F (if A models F then A must model G). Refer next to ∧-Elimination. This rule states that if F (F ∧ G), then F F . We must show that if F |= (F ∧ G), then F |= F . That is, we must show that F is a consequence of (F ∧ G). This is veriﬁed by the following truth table. F

G

(F ∧ G)

((F ∧ G) → F )

0

0

0

1

0

1

0

1

1

0

0

1

1

1

1

1

Propositional logic

19

Now consider →-Introduction. This rule states that if F ∪{F } G then F (F → G). To verify this, we must show that if F ∪ {F } |= G then F |= (F → G). Assuming that F ∪ {F } |= G, we want to show that, for any assignment A, if A |= F, then A |= (F → G). So suppose that A |= F and A(F ) is deﬁned. If A(F ) = 0, then A |= (F → G) regardless of the value of A(G). If, on the other hand, A(F ) = 1, then A |= F ∪ {F }. By our assumption, A |= G. In any case, we see that A |= (F → G). Since A was an arbitrary assignment modeling F, we conclude that F |= (F → G) as was required. Essentially, we must verify that each rule is true when is replaced by |=. For most of the rules, like ∧-Elimination, this can be accomplished by computing a small truth table. For the last four rules of Table 1.5, there is really nothing to prove. These four rules hold by conventions (C1) and (C2). Also, each rule in Table 1.6 is sound by virtue of the deﬁnitions of ∨, →, and ↔. We leave the veriﬁcation of the remaining rules in Table 1.5 as Exercise 1.22. Formal proofs provide a method for showing that a formula is a consequence of other formulas. The following Corollaries state that formal proofs can also show that a formula is valid or unsatisﬁable. Corollary 1.38 If G can be derived from the empty set, then G is a tautology. Proof If ∅ G, then, by Monotonicity, F G for every set of formulas F. By Theorem 1.37, F |= G for every set of formulas F. It follows that A |= G for any assignment A and G is a tautology. Corollary 1.39 If ¬G can be derived from the empty set, then G is a contradiction. Proof This is immediate from the previous Corollary and the deﬁnition of “contradiction.” Example 1.40 The following formal proof shows that ((A → B)∨A) is a tautology. Statement

Justiﬁcation

1. {¬A} ¬A

Assumption

2. {¬A} (¬A ∨ B)

∨-Introduction applied to 1

3. {¬A} (A → B)

→-Deﬁnition applied to 2

4. {¬A} ((A → B) ∨ A)

∨-Introduction applied to 3

5. {A} A

Assumption

6. {A} (A ∨ (A → B))

∨-Introduction applied to 5

7. {A} ((A → B) ∨ A)

∨-Symmetry applied to 6

8. ∅ ((A → B) ∨ A)

Proof by cases applied to 4 and 7

Formal proofs can also show that two formulas are equivalent.

20

Propositional logic

Deﬁnition 1.41 Formulas F and G are provably equivalent if both {F } G and {G} F . Corollary 1.42 If F and G are provably equivalent, then they are equivalent. Proof This follows immediately from Theorem 1.37. Consider now the converses of Theorem 1.37 and its Corollaries. Theorem 1.37 states that if G can be derived from F, then G is a consequence of F. Is the opposite true? Can we derive from F every consequence of F? Can every tautology be given a formal proof as in Example 1.40? If two formulas are equivalent, does this mean we can prove that they are equivalent? We claim that the answer to each of these questions is “yes.” We claim that every rule that is true in propositional logic, all inﬁnitely many of them, can be derived from the rules in Tables 1.5 and 1.6. This is not obvious. Example 1.43 It may seem that our list of rules is incomplete. For example, the formulas F and ¬¬F are clearly equivalent. So if we can derive the formula ¬¬F from a set of formulas F, then we should also be able to derive F from F. However this is not one of our rules. Double negation states that if F F , then F ¬¬F . We now show that the converse of Double negation, although not stated as a rule, can be derived from our rules. Premise: F ¬¬F Conclusion: F F Statement

Justiﬁcation

1. F ¬¬F

Premise

2. F ∪ {¬F } ¬¬F

Monotonicity applied to 1

3. F ∪ {¬F } ¬F

Assumption

4. F ∪ {¬F } (¬F ∧ ¬¬F )

∧-Introduction applied to 3 and 2

5. F ∪ {¬F } F

Contradiction rule (1.33) applied to 4

6. F {F } F

Assumption

7. F F

Proof by cases applied to 5 and 6

So not only are F and ¬¬F equivalent formulas, we can formally prove that they are equivalent formulas. We claim that each of the equivalences in the previous section are actually provably equivalent. In particular, we show that the Distributivity rules from Example 1.25 and DeMorgan’s rules from Example 1.26 can be given formal derivations. Proposition 1.44 (DeMorgan’s rules) The equivalent pairs of formulas in Example 1.26 are each provably equivalent.

Propositional logic

21

Proof We prove this for the second of DeMorgan’s rules. We demonstrate formal proofs for each of the following: {¬(F ∨ G)} (¬F ∧ ¬G), and {(¬F ∧ ¬G)} ¬(F ∨ G).

Statement

Justiﬁcation

1. {¬(¬F ∧ ¬G)} (F ∨ G)

∨-Introduction

2. {¬(F ∨ G)} ¬¬(¬F ∧ ¬G)

Contrapositive

3. {¬(F ∨ G)} (¬F ∧ ¬G)

Double negation

Statement

Justiﬁcation

1. {(¬F ∧ ¬G)} ∪ {(F ∨ G)} (F ∨ G)

Assumption

2. {(¬F ∧ ¬G)} ∪ {(F ∨ G)} (¬F ∧ ¬G)

Assumption

3. {(¬F ∧ ¬G)} ∪ {(F ∨ G)} ¬F

∧-Elimination applied to 2

4. {(¬F ∧ ¬G)} ∪ {(F ∨ G)} G

∨-Elimination applied to 1 and 3

5. {(¬F ∧ ¬G)} ∪ {(F ∨ G)} (¬G ∧ ¬F )

∧-Symmetry applied to 2

6. {(¬F ∧ ¬G)} ∪ {(F ∨ G)} ¬G

∧-Elimination applied to 5

7. {(¬F ∧ ¬G)} ¬(F ∨ G)

Proof by contradiction applied to 4 and 6

We have demonstrated that ¬(F ∨G) and (¬F ∧¬G) are provably equivalent. The veriﬁcation of DeMorgan’s ﬁrst rule is left as Exercise 1.23. Proposition 1.45 (∧-Distributivity) For any formulas F , G, and H, the formulas (F ∧ (G ∨ H)) and ((F ∧ G) ∨ (F ∧ H)) are provably equivalent. Proof To prove this, we must derive each formula from the other. Instead of providing formal proofs, we outline the derivations and leave the details to the reader. First we show that (F ∧ G) ∨ (F ∧ H) can be derived from F ∧ (G ∨ H). Premise: F F ∧ (G ∨ H). Conclusion: F (F ∧ G) ∨ (F ∧ H) We sketch a formal proof using Proof by cases. Assuming the premise, we show that (F ∧ G) ∨ (F ∧ H) can be derived from both F ∪ {G} and F ∪ {¬G}. From the premise, we see that F ∪ {G} F . It follows that (F ∧ G) can be derived from F ∪ {G}. We then obtain F ∪ {G} (F ∧ G) ∨ (F ∧ H) by ∨-Introduction.

22

Propositional logic

Next we show that F ∪ {¬G} (F ∧ G) ∨ (F ∧ H). From the premise we see that both F and (G ∨ H) can be derived from F ∪ {¬G}. Since, F ∪ {¬G} ¬G, we obtain F ∪ {¬G} H from (G ∨ H) by ∨-Modus Ponens. It follows that F ∪ {¬G} (F ∧H). Finally, we get F ∪{¬G} (F ∧G)∨(F ∧H) by ∨-Introduction. We must also show that the converse holds. Premise: F (F ∧ G) ∨ (F ∧ H) Conclusion: F F ∧ (G ∨ H) We prove this by twice applying ∨-Elimination. Since (G∨H) can be derived from both (F ∧G) and (F ∧H), we obtain F (G∨H) by applying ∨-Elimination to the premise. We obtain F F in the same manner. The conclusion then follows by ∧-Introduction. These arguments can be arranged as formal two-column proofs. We leave this as Exercise 1.24. Proposition 1.46 (∨-Distributivity) For any formulas F , G, and H, the formulas (F ∨ (G ∧ H)) and ((F ∨ G) ∧ (F ∨ H)) are provably equivalent. Proof Exercise 1.25. Of course, we do not need formal proofs to verify these equivalences. We could use truth tables. In the case of the Distributivity rules and DeMorgan’s rules, truth tables provide a more eﬃcient method of veriﬁcation than formal proofs. For now, the importance of Propositions 1.44, 1.45, and 1.46 is that they lend credence to our earlier claim that we can formally prove anything that is true in propositional logic. Later, these propositions will help us prove this claim. At the outset of this section, we said we would be interested in the relationship between the notion of formal proof and the notion of consequence. We proved in Theorem 1.37 that if G can be formally proved from F then G is a consequence of F . We stated, without proof, that the opposite of this is also true: if F |= G then F G. So the symbol |= introduced in the previous section and the symbol introduced in the present section mean the same thing in propositional logic. This is the Completeness theorem for propositional logic, the proof of which will be given at the conclusion of this chapter.

1.5 Proof by induction There are two types of proofs that must be distinguished. We have discussed and given several examples of formal proofs. This type of proof arises from the rules of the logic. Such proofs are said to take place within the logic, and we refer to them as internal proofs. Formal proofs have a limited scope. They can prove only sentences that can be written in the logic. In contrast, we may want to prove something about the logic itself. We may want to prove, say,

Propositional logic

23

that every sentence in the logic has a certain property. Such statements that refer to the logic itself generally can neither be stated nor proved within the logic. We give external proofs for such statements. External proofs are sometimes called meta-mathematical. However, this terminology belies the fact that external proofs are often more mathematical in nature than formal proofs. Induction is a method of external proof that is used repeatedly in this book. Suppose that we want to prove that some property holds for every formula of propositional logic. For example, in the next section we show that each formula of propositional logic is equivalent to some formula in conjunctive normal form. We will deﬁne “conjunctive normal form” later. Our present concern is the question of how can we prove such a thing for all formulas. We need a systematic way to check each and every formula F . We do this by induction on the complexity of F . Induction on the complexity of F is analogous to mathematical induction. 1.5.1 Mathematical induction. Recall that mathematical induction is a method of proof that allows us to prove something for all natural numbers. For example, suppose we want to prove that for all natural numbers n, the number 11n − 4n is divisible by 7. Using mathematical induction, we can do this in two steps. First, we show that the statement is true for n = 1. This is easy. Second, we show that if the statement holds for n = m for some m, then it also holds for n = m+1. This is the inductive step. In our example, we can do this by observing that 11m+1 − 4m+1 = 11m+1 − 11 · 4m + 7 · 4m = 11(11m − 4m ) + 7 · 4m . It follows that if 11m − 4m is divisible by 7, then so is 11m+1 − 4m+1 . This completes the proof. It’s like the domino eﬀect. It is true for n = 1, and so, by the second step of the proof, it must also be true for n = 2, and therefore n = 3, and n = 4, and so forth. We conclude that for every natural number n, 11n − 4n is divisible by 7. An example of mathematical induction that is more relevant to propositional logic is provided by the proof of Proposition 1.47. This proposition is a generalization of DeMorgan’s rules. First, we introduce some notation. Notation 1 Let F1 , . . . , Fn be formulas. We write n Fi to abbreviate F1 ∧ F2 ∧ . . . ∧ Fn , and i=1 n

Fi to abbreviate F1 ∨ F2 ∨ . . . ∨ Fn .

i=1

Proposition 1.47 Let {F1 , . . . , Fn } be a ﬁnite set of formulas. Then both n n n n ¬ Fi ≡ ¬Fi and ¬ Fi ≡ ¬Fi . i=1

i=1

i=1

i=1

n Proof We show that ¬( i=1 Fi ) ≡ ( i=1 ¬Fi ) by induction on n. n

24

Propositional logic

1 1 First, suppose n = 1. We need to show that ¬( i=1 Fi ) ≡ ( i=1 ¬Fi ). By the deﬁnitions of “ ” and “ ,” this is the same as ¬(F1 ) ≡ (¬F1 ), which is true by convention (C1). Our induction hypothesis is that, for some m ≥ 1 and any formulas F1 , . . . , Fm , we have m m Fi ≡ ¬Fi . ¬ i=1

We want to show that ¬ By the deﬁnition of

m+1

i=1

Fi

≡

m+1

i=1

¬Fi

.

i=1

we have m+1 m ¬ Fi ≡ ¬ Fi ∧ Fm+1 . i=1

i=1

By DeMorgan’s rule we get m+1 m (1) ¬ Fi ≡ ¬ Fi ∨ ¬Fm+1 . i=1

i=1

By our induction hypothesis, m m ¬ Fi ≡ ¬Fi . i=1

i=1

(†) Substituting this into (1) yields m+1 m ¬ Fi ≡ ¬Fi ∨ ¬Fm+1 . i=1

Finally, by the deﬁnition of

i=1

we arrive at m+1 m+1 ¬ Fi ≡ ¬Fi . i=1

i=1

m+1 We have shown that ¬( i=1 Fi ) ≡ ( i=1 ¬Fi ) as was required. We conclude n n that ¬( i=1 Fi ) ≡ ( i=1 ¬Fi ) for any n. The second equivalence of the proposition follows from the ﬁrst. Since n+1 n+1 ( i=1 ¬Fi ) ≡ ¬( i=1 Fi ) holds for any formulas Fi , it holds when each Fi is replaced by ¬Fi : n+1 n+1 ¬¬Fi ≡ ¬ ¬Fi . m+1

i=1

i=1

Propositional logic

25

Since these two formulas are equivalent, their negations are also equivalent: n+1 n+1 ¬ ¬¬Fi ≡ ¬¬ ¬Fi . i=1

i=1

n n Now ¬( i=1 Fi ) ≡ ( i=1 ¬Fi ) by double negation. Likewise, we can generalize the distributivity rules as follows. Proposition 1.48 Let {F1 , . . . , Fn } and {G1 , . . . , Gm } be ﬁnite sets of formulas. The following equivalences hold: m n n m Fi ∨ Gj ≡ (Fi ∨ Gj ) i=1

n

i=1

j=1

Fi

∧

m

j=1

i=1

Gj ≡

n

i=1

j=1

m

(Fi ∧ Gj )

j=1

Proof Exercise 1.27. There is one unjustiﬁed step in the proof of Proposition 1.47. In the step labeled with (†), we essentially said that if G ≡ G, then (G ∨ F ) ≡ (G ∨ F ). Although this substitution makes intuitive sense, we have not yet established this as a rule we may use. We validate this step in Theorem 1.49. We prove this theorem by induction on the complexity of formulas. We now describe this method of proof. 1.5.2 Induction on the complexity of formulas. Suppose we want to show that property P holds for every formula F . We can do this by induction on the complexity of F follows. First we show that every atomic formula possesses property P. This corresponds to verifying case n = 1 in mathematical induction. The atomic case is our induction basis. We then assume that property P holds for formulas G and H. This is our induction hypothesis. Our aim is to show that property P necessarily holds for ¬G, G ∧ H, G ∨ H, G → H, and G ↔ H. If we succeed at this, then we can rightly conclude that P holds for all formulas. This completes the proof. Theorem 1.49 (Substitution theorem) Suppose F ≡ G. Let H be a formula that contains F as a subformula. Let H be the formula obtained by replacing some occurrence of F in H with G. Then H ≡ H . Proof We prove this by induction on the complexity of H. First suppose H is atomic. Then the only subformula of H is H itself. So F = H. It follows that H = G and, since F ≡ G, we have H ≡ H .

26

Propositional logic

Our induction hypothesis is that the conclusion of the theorem holds for formulas H1 and H2 each of which contains an occurrence of F as a subformula. That is, H1 ≡ H1 and H2 ≡ H2 whenever H1 and H2 are formulas obtained from H1 and H2 by replacing an occurrence of F with G. Suppose H = ¬H1 . Then H = ¬H1 . Since H1 ≡ H1 , we have ¬H1 ≡ ¬H1 . It follows that H ≡ H as was required. Suppose H is one of the following formulas: H1 ∧ H2 , H1 ∨ H2 , H1 → H2 , or H1 ↔ H2 . Since F is a subformula of H, F is a subformula of H1 , a subformula of H2 , or is H itself. If F = H, then we have H = F ≡ G = H as in the atomic case. So we may assume that the occurrence of F that is to be replaced by G occurs either in H1 or H2 . With no loss of generality, we may assume that it occurs in H1 . If H = H1 ∧ H2 then H = H1 ∧ H2 . In this case we have: H1 ∧ H2 both H1 both H1 H1 ∧ H2

is true if and only if and H2 are true if and only if and H2 are true (since H1 ≡ H1 ) if and only if is true.

That is, H1 ∧ H2 ≡ H1 ∧ H2 . Since H ≡ H1 ∧ H2 , we have H ≡ H . If H = H1 ∨ H2 , then H = H1 ∨ H2 . By the deﬁnition of ∨, we have H ≡ ¬(¬H1 ∧ ¬H2 ) and H ≡ ¬(¬H1 ∧ H2 ). It follows from the previous cases (corresponding to ¬ and ∧) that H ≡ H . If H = H1 → H2 , then H = H1 → H2 . By the deﬁnition of →, H ≡ (¬H1 ∨ H2 and H ≡ (¬H1 ∨ H2 ). It follows from the previous cases (corresponding to ¬ and ∨) that H ≡ H . If H = H1 ↔ H2 , then H = H1 ↔ H2 . By the deﬁnition of ↔, H ≡ (H1 → H2 ) ∧ (H2 → H1 ) and H ≡ (H1 → H2 ) ∧ (H2 → H1 ). It follows from the previous cases (corresponding to ∧ and →) that H ≡ H . We conclude that for any formula H that contains F as a subformula, H ≡ H . In fact, this theorem remains true when “≡” is replaced by “provably equivalent.” Theorem 1.50 Suppose that F and G are provably equivalent. Let H be a formula that contains F as a subformula. Let H be the formula obtained by replacing some occurrence of F in H with G. Then H and H are provably equivalent. Proof The proof is similar to the proof of Theorem 1.49. Proceed by induction on the complexity of H. The induction hypothesis is that both

Propositional logic

27

H1 and H1 are provably equivalent, and H2 and H2 are provably equivalent where H1 and H2 are formulas obtained from H1 and H2 by replacing an occurrence of F with G. We want to verify in each of the ﬁve cases that H and H are provably equivalent. To do this, we refer to the rules in Tables 1.5 and 1.6 (whereas in the proof of Theorem 1.49 we referred to the semantics of propositional logic). We leave the details of this proof as Exercise 1.28. The word “induction” indicates that we are reasoning from a particular case to the general case. Proofs by induction involve two steps and conclude that some statement holds in general for all natural numbers or for all formulas. These two steps are called the “base step” and the “induction step.” In mathematical induction, the base step is the step where we show that the statement is true for n = 1. If we are using induction on the complexity of formulas, then the base step is the step where we verify the statement holds for all atomic formulas. The induction step for mathematical induction is the step where we show that, if the statement is true for n = m, then it is also true for n = m + 1. The induction step for induction on the complexity of formulas comprises ﬁve cases corresponding to ¬, ∧, ∨, →, and ↔. Note that, in the proof of Theorem 1.49, the cases corresponding to ∨, →, and ↔ followed quickly from the cases regarding ¬ and ∧. This is because ∨, →, and ↔ were deﬁned in terms of ¬ and ∧. This suggests an alternative form for the induction step which we now describe. Suppose we want to show that some property P holds for all formulas of propositional logic. To do this by induction on the complexity of formulas, we ﬁrst show that P holds for all atomic formulas (the base step). For the induction step, instead of verifying the ﬁve cases as above, we can sometimes do just three cases. First we show that P is preserved under equivalence. That is, we show that if F ≡ G and G possess property P , then so does F . If this is true, then we only need to consider the cases corresponding to ¬ and ∧. This suﬃces because every formula of propositional logic is equivalent to a formula that uses only ¬ and ∧ (and neither ∨, →, nor ↔). We demonstrate this version of the induction step in the next section where we prove that every formula in propositional logic is equivalent to a formula that is in conjunctive normal form.

1.6 Normal forms In Example 1.27 we showed that the formula ((C ∧ D) ∨ A) ∧ ((C ∧ D) ∨ B) ∧ (E ∨ ¬E) is equivalent to the formula (A ∧ B) ∨ (C ∧ D) which is a disjunction of two conjunctions. In this section we show that there is nothing special about ((C ∧ D) ∨ A) ∧ ((C ∧ D) ∨ B) ∧ (E ∨ ¬E). Every formula of propositional logic

28

Propositional logic

is equivalent to a formula that is a disjunction of conjunctions. We begin with some deﬁnitions. Deﬁnition 1.51 A literal is an atomic formula or the negation of an atomic formula, and we refer to these as being positive or negative, respectively. Example 1.52 If A is an atomic formula, then A is a positive literal and ¬A is a negative literal. Deﬁnition 1.53 A formula F is in conjunctive normal form (CNF) if it is a conjunction of disjunctions of literals. That is, n m Li,j F = i=1

j=1

where each Li,j is either atomic or a negated atomic formula. Deﬁnition 1.54 A formula F is in disjunctive normal form (DNF) if it is a disjunction of conjunctions of literals. That is, n m Li,j F = i=1

j=1

where each Li,j is either atomic or a negated atomic formula . Example 1.55 (A ∨ B) ∧ (C ∨ D) ∧ (¬A ∨ ¬B ∨ ¬D) is in CN F , (¬A ∧ B) ∨ C ∨ (B ∧ ¬C ∧ D) is in DN F , and (A ∨ B) ∧ ((A ∧ C) ∨ (B ∧ D)) is neither CN F nor DN F . Lemma 1.56 Let F be a formula in CNF and G be a formula in DNF. Then ¬F is equivalent to a formula in DNF and ¬G is equivalent to a formula in CNF. Proof If F is in CNF, then F is the formula n m Li,j i=1

j=1

for some literals Li,j . The negation of this formula n m Li,j ¬F = ¬ i=1

j=1

Propositional logic

is equivalent to n i=1

¬

m

29

Li,j

j=1

by Proposition 1.47. Likewise, by the same proposition, this is equivalent to n m ¬Li,j . i=1

j=1

This formula is in DNF and is equivalent to ¬F . Similarly, using Proposition 1.47 twice, we can prove that ¬G is equivalent to a formula in CNF. Theorem 1.57 Every formula F is equivalent to some formula F1 in CNF and some formula F2 in DNF. Proof We prove this by induction on the complexity of F . First suppose F is atomic. Then F is already both CNF and DNF. So we can take F1 = F2 = F . Our induction hypothesis is that the conclusion of the theorem holds for formulas G and H. That is, we suppose there exist formulas H1 and G1 in CNF and H2 and G2 in DNF such that H ≡ H1 ≡ H2 and G ≡ G1 ≡ G2 . The property of being equivalent to formulas in CNF and DNF is clearly preserved under equivalence. If F ≡ G, then, by our induction hypothesis, we can just take F1 = G1 and F2 = G2 . It therefore suﬃces to verify only two more cases corresponding to ¬ and ∧. Suppose ﬁrst that F has the form ¬G. Then F ≡ ¬G1 ≡ ¬G2 . Since G1 is in CNF, ¬G1 is equivalent to a formula G3 in DNF by Lemma 1.56. Likewise, ¬G2 is equivalent to a formula G4 in CNF. So we can take F1 = G4 and F2 = G3 . Now suppose F has the form G ∧ H. Then F ≡ G1 ∧ H1 by substitution (Theorem 1.49). Since G1 and H1 are both in CNF, so is their conjunction. It remains to be shown that F = G ∧ H is equivalent to a formula in DNF. Again using Theorem 1.49, F ≡ G2 ∧H2 . Since each of these formulas is in DNF, they can be written as follows: G2 = Mi and H2 = Nj i

j

where each Mi and Nj is a conjunction of literals. We then have Mi ∧ N j . F ≡ i

j

30

Propositional logic

Using the second equivalence of Proposition 1.48, we have

F ≡

i

(Mi ∧ Nj )

j

which is a disjunction of conjunctions of literals as was required. Given a formula F , the previous theorem guarantees the existence of a formula in DNF that is equivalent to F . Suppose we want to ﬁnd such a formula. One way to do this is to compute a truth table for F . For example, suppose F has the following truth table.

A

B

F

0

0

1

0

1

0

1

0

1

1

1

0

Then F is true under assignment A if and only if A corresponds to row 1 or 3 of the table. This leads to a formula in DNF. F is true if and only if either A and B are both false (row 1) OR A is true and B is false (row 3). So F is equivalent to (¬A ∧ ¬B) ∨ (A ∧ ¬B), which is in DNF. Likewise, by considering the rows in which F is false, we can ﬁnd an equivalent formula in CNF. F is true if and only if we are not in row 2 AND we are not in row 4. That is, F is true if and only if A or ¬B holds (NOT row 2) AND ¬A or ¬B holds (NOT row 4). So F is equivalent to (A∨¬B)∧(¬A∨¬B) which is in CN F . This actually provides an alternative proof of Theorem 1.57. Given any formula F , we can use a truth table to ﬁnd equivalent formulas in CNF and DNF. An alternative way to ﬁnd a formula in CNF equivalent to F is provided by the following algorithm. This algorithm is often, but not always, more eﬃcient than computing a truth table.

CNF Algorithm Step 1: Replace all subformulas of the form F → G with (¬F ∨ G) and all subformulas of the form F ↔ G with (¬F ∨ G) ∧ (¬G ∨ F ). When there are no occurrences of → or ↔, proceed to Step 2.

Propositional logic

31

Step 2: Get rid of all double negations and apply DeMorgan’s rules wherever possible. That is, replace all subformulas of the form ¬¬G with G, ¬(G ∧ H) with (¬G ∨ ¬H), and ¬(G ∨ H) with (¬G ∧ ¬H). When there are no subformulas having these forms, proceed to Step 3. Step 3: Apply the distributivity rule for ∨ wherever possible. That is, replace all subformulas of the form (G ∨ (H ∧ K)) or ((H ∧ K) ∨ G) with ((G ∨ H) ∧ (G ∨ K)). If we rid our formula of these subformulas, then we are left with a formula in CNF. If we change Step 3 to distributivity for ∧, then we would get a formula in DNF. Example 1.58 We demonstrate the CNF algorithm with F = (A ∨ B) → (¬B ∧ A). In Step 1, we get rid of →, rewriting the formula as ¬(A ∨ B) ∨ (¬B ∧ A). In Step 2, we apply DeMorgan’s rule to obtain (¬A ∧ ¬B) ∨ (¬B ∧ A) Proceeding to Step 3, we see that the formula in Step 2 is in DNF. In particular it has the form (G ∨ (H ∧ K)) (taking G = (¬A ∧ ¬B)). By distributivity, we get ((¬A ∧ ¬B) ∨ ¬B) ∧ ((¬A ∧ ¬B) ∨ A). We still have two ∨’s that need to be distributed: (¬A ∨ ¬B) ∧ (¬B ∨ ¬B) ∧ (¬A ∨ A) ∧ (¬B ∨ A). Now there are no subformulas of the form (G ∨ (H ∧ K)) or ((H ∧ K) ∨ G) and so we are done with Step 3. We see that we have a formula in CNF as was promised. This formula is not written in the best form. Since (¬A ∨ A) is a tautology, the above formula is equivalent to (¬A ∨ ¬B) ∧ (¬B) ∧ (¬B ∨ A) which is equivalent to (A ∨ ¬B) ∧ (¬A ∨ ¬B). Note that this is the same formula we obtained from the truth table following the proof of Theorem 1.57. Inspecting the CNF algorithm, we see that Theorem 1.57 can be strengthened. This theorem states that for any formula F there exist formulas F1 in CNF and F2 in DNF that are equivalent to F . We now claim that F1

32

Propositional logic

and F2 are provably equivalent to F . To see this, consider the algorithm stepby-step. In each step we replace certain subformulas with equivalent formulas. In each case we can formally prove the equivalence. For convenience, we use the notation F G to abbreviate “F and G are provably equivalent.” Step 1: F → G (¬F ∨ G) by → -Deﬁnition F ↔ G (¬F ∨ G) ∧ (¬G ∨ F )by ↔ -Deﬁnition and → -Deﬁnition. Step 2: ¬¬G G by Double negation and Example 1.43. ¬(G ∧ H) (¬G ∨ ¬H) by Proposition 1.44 (DeMorgan’s rules). ¬(G ∨ H) (¬G ∧ ¬H) by Proposition 1.44 (DeMorgan’s rules). Step 3: (G ∨ (H ∧ K)) ((G ∨ H) ∧ (G ∨ K)) by Proposition 1.46(∨-Distributivity). ((H ∧ K) ∨ G) ((G ∨ H) ∧ (G ∨ K)) by ∨ -Symmetry and Proposition 1.46. By Theorem 1.50, the result F1 of this algorithm is provably equivalent to F . Likewise, F2 and F are provably equivalent. We record this strengthening of Theorem 1.57 as follows. Proposition 1.59 For every formula F there exist formulas F1 in CNF and F2 in DNF such that F , F1 , and F2 are provably equivalent.

1.7 Horn formulas A Horn formula is a particularly nice type of formula in CNF. There is a quick method for determining whether or not a Horn formula is satisﬁable. We discuss both this method and what is meant by “quick.” Deﬁnition 1.60 A formula F is a Horn formula if it is in CNF and every disjunction contains at most one positive literal. Clearly, the conjunction of two Horn formulas is again a Horn formula. This is not true for disjunctions. Example 1.61 The formula A ∧ (¬A ∨ ¬B ∨ C) ∧ (¬B ∨ D) ∧ (¬C ∨ ¬D) is a Horn formula. The formula A ∨ B is not a Horn formula.

Propositional logic

33

A basic Horn formula is a Horn formula that does not use ∧. For example, (¬A ∨ ¬B ∨ C), A, and (¬B ∨ ¬D) are basic Horn formulas. Every Horn formula is a conjunction of basic Horn formulas. There are three types of basic Horn formulas: those that contain no positive literal (such as (¬B ∨ ¬D)), those that contain no negative literals (such as A), and those that contain both a positive literal and negative literals (such as (¬A ∨ ¬B ∨ C)). If a basic Horn formula contains both positive and negative literals, then it can be written as an implication involving only positive literals. For example, (¬A ∨ ¬B ∨ C) is equivalent to (A ∧ B) → C. If a basic Horn formula contains no positive literal, then it can be written as an implication involving a contradiction. For example, if ⊥ is a contradiction, then (¬B ∨ ¬D) is equivalent to (B ∧ D) →⊥ . Otherwise, if a basic Horn formula contains no negative literals, then it is an atomic formula. We can again write this as an implication if we wish. The atomic formula A is equivalent to T → A, where T is a tautology. In this way every basic Horn formula can be written as an implication and every Horn formula can be written as a conjunction of implications. Example 1.62 The Horn formula in Example 1.61 can be written as follows: (T → A) ∧ ((A ∧ B) → C) ∧ (B → D) ∧ ((C ∧ D) →⊥). Suppose we are given a Horn formula H and want to decide whether or not it is satisﬁable. We refer to this decision problem as the Horn satisﬁability problem. Unlike the other decision problems we have seen, there is an eﬃcient algorithm for resolving the Horn satisﬁability problem. There are three steps in this algorithm corresponding to the three types of basic Horn formulas. We assume that the Horn formula has been given as a conjunction of implications.

The Horn algorithm Given a Horn formula H written as a conjunction of implications, list the atomic formulas occuring in H. Step 1: Mark each atomic formula A in the list that is in a subformula of the form (T → A). Step 2: If there is a subformula of the form (A1 ∧A2 ∧· · ·∧Am ) → C where each Ai has been marked and C has not been marked, then mark C. Repeat this step until there are no subformulas of this form and then proceed to step 3. Step 3: Consider the subformulas of the form (A1 ∧ A2 ∧. . . ∧Am ) →⊥. If there exists such a subformula where each Ai has been marked, then conclude “No, H is not satisﬁable.” Otherwise, conclude “Yes, H is satisﬁable.”

34

Propositional logic

Example 1.63 We demonstrate the Horn algorithm. Let H be the formula (T → A) ∧ (C → D) ∧ ((A ∧ B) → C) ∧ ((C ∧ D) →⊥) ∧ (T → B). The atomic subformulas of H are A, B, C, and D. In Step 1 of the algorithm, since H has subformulas (T → A) and (T → B) we mark both A and B. In Step 2, since H has subformula (A ∧ B) → C, we mark C. Now that C has been marked, we must also mark D because of the subformula (C → D). In Step 3, since H has subformula (C ∧ D) →⊥, the algorithm concludes “No, H is not satisﬁable.” Note that for the Horn formula in Example 1.62, the Horn algorithm yields a diﬀerent conclusion. We want to show that, for any given Horn formula, the Horn algorithm works quickly. First we show that it works. Proposition 1.64 The Horn algorithm concludes “Yes, H is satisﬁable” if and only if H is satisﬁable. Proof Let S = {C1 , C2 ,. . . , Cn } be the set of atomic formulas occuring in H. After concluding the algorithm, some of these atomic formulas have been marked. Suppose H is satisﬁable. Then there exists an assignment A of S such that A |= H. For each basic Horn subformula B of H, A(B) = 1. If B has the form (T → Ci ), then A(Ci ) = 1. If B has the form (C1 ∧ C2 ∧ · · · ∧ Cm ) → D where each A(Ci ) = 1, then A(D) also equals 1. It follows that A(Ci ) = 1 for each Ci that has been marked. Suppose for a contradiction that the algorithm concludes “No, H is not satisﬁable.” This only happens if there exists a subformula B of the form (A1 ∧ A2 ∧ · · · ∧ Am ) →⊥ where each Ai has been marked. Since each Ai has been marked, A(Ai ) = 1 for each Ai . By the semantics of → (Table 1.4), we have A(B) = 0 which is a contradiction. So if H is satisﬁable, then the algorithm concludes “Yes, H is satisﬁable.” Conversely, suppose that the algorithm concludes “Yes, H is satisﬁable.” Let A0 be the assignment of S deﬁned by A0 (Ci ) = 1 if and only if Ci is marked. We claim that A0 |= H. It suﬃces to show that A0 models each basic Horn subformula of H. Let B be a basic Horn formula that is a subformula of H. If B has the form (T → A), then A is marked in Step 1 of the algorithm and so A0 (B) = 1. Otherwise B has the form (A1 ∧ A2 ∧ · · · ∧ An ) → G where G is either an atomic formula or a contradiction ⊥. If A0 (Ai ) = 0 for some i, then A0 (B) = 1. So assume that A0 models each Ai . Then each Ai has been marked. Since the algorithm concluded “Yes,” G is not ⊥. So G is an atomic formula. Since each

Propositional logic

35

Ai is marked, G is also marked (Step 2 of the algorithm). Since A0 (G) = 1, we have A0 (B) = 1. So the Horn algorithm works. Given any Horn formula H, the algorithm correctly determines whether or not H is satisﬁable. We now consider the following question. How many steps does it take the Horn algorithm to reach a conclusion? The answer depends on the length of the input H. Suppose that the formula H is a string of n symbols, where n is some large natural number. We claim that the Horn algorithm concludes in fewer than n2 steps. To verify this claim, we count the number of steps in the Horn algorithm. But what exactly is meant by a “step?” Looking at the algorithm, we see that there are three steps named Step 1, Step 2, and Step 3. This is not what is meant. We may have to repeat Step 2 more than once in which case it will take more than three steps to reach a “yes” or “no” answer. We precisely deﬁne what constitutes a “step of an algorithm” in Chapter 7. For the time being, let us count the number of times we must read the input H. First we read the formula H symbol-by-symbol from left to right and list all of its atomic subformulas. Since H contains n symbols, there are at most n atomic formulas in our list. Then, in Step 1, we read through H again, this time looking for any occurences of the tautology T . We mark the appropriate atomic formulas. In Step 2, we are in search of subformulas of the form (A1 ∧ A2 ∧ · · · ∧ Am ) → C where each Ai has been marked. If we ﬁnd such a subformula where C has not been marked, then we mark C. Having marked a new atomic formula, we may have created new subformulas of the form (A1 ∧ A2 ∧ · · · ∧ Am ) → C where each Ai has been marked. Each time we mark a formula in Step 2, we must go back and read H again. Since we can mark at most n atomic formulas, we must repeat Step 2 no more than n times. Finally, in Step 3, we must read H one more time (looking for ⊥), to reach the conclusion. In all, we must read H at most 1 + 1 + n + 1 = n + 3 times to arrive at a conclusion. Since n2 > n + 3 for n > 2, this veriﬁes our claim. Deﬁnition 1.65 An algorithm is polynomial-time if there exists a polynomial p(x) such that given input of size n, the algorithm halts in fewer than p(n) steps. The class of all decision problems that can be resolved by some polynomialtime algorithm is denoted by P. If an algorithm is not polynomial-time, then by any measure, it is not quick. The previous discussion shows that the Horn algorithm is polynomial-time and so the Horn satisﬁability problem is in P. In contrast, consider the following decision problems. Validity problem: Given formula F , is F valid? Satisﬁability problem: Given formula F , is F satisﬁable?

36

Propositional logic

Consequence problem: Given formulas F and G, is G a consequence of F ? Equivalence problem: Given formulas F and G, are F and G equivalent? In some sense, these four problems are really the same. Any algorithm that works for one of these problems also works for all of these problems. If we had an algorithm for the Validity problem, for example, then we could use it to resolve the Satisﬁability problem since F is satisﬁable if and only if ¬F is not valid. Similarly, any algorithm for the Satisﬁability problem can be used for the Consequence problem since G is a consequence of F if and only if ¬(F → G) is not satisﬁable. Clearly, any algorithm for the Consequence problem can be used (twice) to resolve the Equivalence problem. Finally, given an algorithm that decides the Equivalence problem, we can check whether F is equivalent to a known tautology T to resolve the Validity problem. In particular, if one of these four problems is in P then all four are. Truth tables provide an algorithm for solving each of these problems. For the Satisﬁability problem, we ﬁrst compute a truth table for F and then check to see if its truth value is ever one. This algorithm certainly works, but how many steps does it take? Computing the truth table is not just one step. Again, we count how many times we are required to read the input F . If F has n atomic formulas, then the truth table for F has 2n rows. We must refer to F to compute each of these rows. So we must read the input at least 2n times. This is exponential and not a polynomial. Given any polynomial p(x), 2n is larger than p(n) for suﬃciently big values of n. So this algorithm is not polynomial-time. It is not known whether the Satisﬁability problem (and the other three decision problems) is in P. We do not know of a polynomial-time algorithm for satisﬁability, but this does not mean one does not exist. If someone could ﬁnd such an algorithm, or prove that no such algorithm exists, then it would answer one of the most famous unsolved questions of mathematics: the P = NP question. We will deﬁne NP and discuss this problem in Chapter 7. For now, we merely point out that we do not present an eﬃcient algorithm for the Satisﬁability problem and such an algorithm probably does not exist. We do, however, present an algorithm that is an alternative to truth tables for the Satisﬁability problem. Formal proofs avoid truth tables, but do not always resolve this decision problem. Given a formula F , we can use formal proofs to show that F is unsatisﬁable (by demonstrating that ∅ ¬F ), but we cannot show that F is satisﬁable. Likewise, formal proofs can establish that a formula is valid or that one formula is a consequence of another, but they cannot show a formula to be not valid or not a consequence of another. If we ﬁnd a formal proof for {F } G then we can rightly conclude “yes, G is a consequence of F .” But if G is not a consequence of F , then we will forever search in vain for a proof and never reach a conclusion. In the next section we present resolution, a reﬁnement of formal proofs that does provide an algorithm (although not polynomial-time) for these decision problems.

Propositional logic

37

1.8 Resolution Resolution is a system of formal proof that involves a minimal number of rules. One of the rules is a variation of the cut rule. This rule states that from the formulas (F → G) and (G → H), we can deduce the formula (F → H). Another rule is a variation of the Substitution rule stated as follows. Let H be a formula that contains F as a subformula. If G ≡ F , then we can deduce H form H where H is the formula obtained by replacing some occurrence of F in H with G. That is, we consider Theorem 1.49 as a rule for deduction. This is really many rules in one, so we are kind of cheating to get few rules. In particular, for any pair of equivalent formulas F and G, we can deduce G from F . It may seem that this defeats one of our purposes: the Equivalence problem. However, the Substitution rule can be relaxed somewhat. The main purpose of this rule is to put the formulas into CNF. The crux of resolution is that, once the formulas are in CNF, we need only two rules to deduce everything. This will provide an algorithm for the Equivalence problem and the other decision problems from the previous section. It also brings us one step closer to proving the Completeness theorem for propositional logic. 1.8.1 Clauses. Suppose F is a formula in CNF. Then F is a conjunction of disjunctions of literals. We refer to a disjunction of literals as a clause. For convenience, we write each clause as a set. We regard L1 ∨ L2 ∨ · · · ∨ Ln as the set {L1 , L2 , . . . , Ln }. Any formula that is a disjunction of literals uniquely determines such a set. However, the set does not uniquely determine the formula. Recall that two sets are equal if and only if they contain the same elements. Order and repetition do not matter. For example, the formulas (L1 ∨ L2 ), (L2 ∨ L1 ), and (L1 ∨ L2 ∨ L2 ) each give rise to the same set {L1 , L2 }. Although these formulas are not identical, they are equivalent. Proposition 1.66 Let C and D be clauses. If C and D are the same when viewed as sets, then C ≡ D. Proof Let S be the set of literals occuring in C. Both C and D are equivalent to the disjunction of the literals in S. If F is in CNF, then F is a conjunction of clauses and we can write F as a set of sets. We regard F as the set {C1 , . . . , Cn } where the Ci s are the clauses occuring in F (written as sets). For example, we regard the formula

38

Propositional logic

(A ∨ B ∨ ¬C) ∧ (C ∨ D) ∧ ¬A ∧ (¬B ∨ ¬D), as the following set of four clauses {{A, B, ¬C}, {C, D}, {¬A}, {¬B, ¬D}}. Proposition 1.67 Let F and G be two formulas in CNF. If F and G are the same when viewed as sets, then F ≡ G. Proof Let C be the set of clauses occuring in F . Both F and G are equivalent to the conjunction of the clauses in C. This proposition then follows from Proposition 1.66. Throughout this section, we regard any formula in CNF as both a formula and as a set of clauses. If F and G are formulas in CNF, then their conjunction may be written either as the formula F ∧ G or as the set F ∪ G. By the previous proposition, there is no ambiguity in regarding F as both set and formula. However, we stress that viewing formulas as sets only makes sense for formulas in CNF. In particular, there is no nice set theoretic counterpart for disjunction or negation. The formulas F ∨ G and ¬F are not in CNF and cannot be viewed as sets of clauses.

1.8.2 Resolvents Given a formula in CNF, resolution repeatedly uses two rules to determine whether or not the formula is satisﬁable. One of these rules states that any clause of F can be deduced from F . The other rule involves the resolvent of two clauses. We now deﬁne this notion. Deﬁnition 1.68 Let C1 and C2 be two clauses. Suppose that A ∈ C1 and ¬A ∈ C2 for some atomic formula A. Then the clause R = (C1 − {A}) ∪ (C2 − {¬A}) is a resolvent of C1 and C2 . We represent this situation graphically by the following diagram: C1

C2

R Example 1.69 Let C1 = {A1 , ¬A2 , A3 } and C2 = {A2 , ¬A3 , A4 }. Since A3 ∈ C1 and ¬A3 ∈ C2 we can ﬁnd a resolvent. {A1 , ¬A2 , A3 }

{A1 , A2 , ¬A2 , A4 }.

{A2 , ¬A3 , A4 }

Propositional logic

39

Example 1.70 The resolvent of two clauses is not necessarily unique. In the previous example, since ¬A2 ∈ C1 and A2 ∈ C2 , we also have {A1 , ¬A2 , A3 }

{A1 , A2 , ¬A3 , A4 }.

{A2 , ¬A3 , A4 }

We now list the three rules for deduction used in resolution. • Let G be any formula. Let F be the CNF formula resulting from the CNF algorithm when applied to G. Then F can be deduced from G. • Let F be a formula in CNF. Any clause of F can be deduced from F . • Let F be a formula in CNF. Any resolvent of two clauses of F can be deduced from F . Remarkably, these three rules suﬃce for propositional logic. Resolution is complete. Prior to proving this fact, we must verify that these rules are sound. We show something stronger. We show that each of these rules can be derived using formal proofs. In the ﬁrst rule, F can be derived from G by Proposition 1.59. If C is a clause of F , then we can derive C from F using ∧-Symmetry and ∧-Elimination. It remains to be shown that R can be derived from F where R is a resolvent of two clauses of F . Note the similarity between this and the Cut rule. Let C1 and C2 be as in Example 1.69. Then C1 is equivalent to (¬A1 ∧A2 ) → A3 and C2 is equivalent to A3 → (A2 ∨ A4 ). The Cut rule states that from these formulas we can derive the formula (¬A1 ∧ A2 ) → (A2 ∨ A4 ). This formula is equivalent to the resolvent obtained in Example 1.69. Proposition 1.71 Let C1 and C2 be clauses and let R be a resolvent of C1 and C2 . Then {C1 , C2 } R. Proof Since C1 and C2 have a resolvent, there must exist an atomic formula A such that A is in one of these clauses and ¬A is in the other. With no loss of generality, we may assume that A is in C1 and ¬A is in C2 . So C1 is equivalent to (A ∨ F ) for some clause F and C2 is equivalent to (¬A ∨ G) for some clause G. The formula (F ∨ G) is a resolvent of C1 and C2 . We may assume that R is this resolvent. We provide a formal proof for {C1 , C2 } R. Premise: F (A ∨ F ) and F (¬A ∨ G) Conclusion: F (F ∨ G).

40

Propositional logic Statement

Justiﬁcation

1. F (A ∨ F )

Premise

2. F ∪ {¬A} (A ∨ F )

Monotonicity applied to 1

3. F ∪ {¬A} ¬A

Assumption

4. F ∪ {¬A} F

∨-Elimination applied to 2 and 3

5. F ∪ {¬A} (F ∨ G)

∨-Introduction applied to 4

6. F (¬A ∨ G)

Premise

7. F ∪ {¬¬A} (¬A ∨ G)

Monotonicity applied to 1

8. F ∪ {¬¬A} ¬¬A

Assumption

9. F ∪ {¬¬A} G

∨-Elimination applied to 7 and 8

10. F ∪ {¬¬A} (G ∨ F )

∨-Introduction applied to 9

11. F ∪ {¬¬A} (F ∨ G)

∨-Symmetry applied to 10

12. F (F ∨ G)

Proof by cases applied to 5 and 11

So anything that can be proved using resolution can be given a formal proof. It then follows from Theorem 1.37 that resolution is sound. In particular, if R is the resolvent of two clauses of a formula F in CNF, then R is a consequence of F . Ostensibly, resolution is a fragment of our formal proof system. As we now show, resolution is just as powerful as formal proofs.

1.8.3 Completeness of resolution. We show that resolution can be used to determine whether or not any given formula is satisﬁable. We may assume that the formula is in CNF. Given any formula F in CNF, let Res0 (F ) = {C|C is a clause of F }. For each n > 0, let Resn (F ) = Resn−1 (F ) ∪ {R|R is a resolvent of two clauses of Resn−1 (F )}. Since Res0 (F ) = F is a ﬁnite set, there are only ﬁnitely many clauses that can be derived from F using resolvents. In fact, there are only ﬁnitely many clauses that use the same atomic formulas as F . So, eventually, we will ﬁnd some m so that Resm (F ) = Resm+1 (F ). Let Res∗ (F ) denote such Resm (F ). This is the set of all clauses that can be derived from F using resolvents. Viewing it as a formula, Res∗ (F ) is the conjunction of all consequences of F that can be derived by resolvents. Proposition 1.72 Let F be a formula in CNF. If ∅ ∈ Res∗ (F ), then F is unsatisﬁable.

Propositional logic

41

Proof If ∅ ∈ Res∗ (F ), then ∅ ∈ Resn (F ) for some n. Since ∅ ∈ Res0 (F ) (∅ is not a clause) there must be some m such ∅ ∈ Resm (F ) and ∅ ∈ Resm+1 (F ) in which case ∅ is the resolvent of two clauses of Resm (F ). But ∅ can only be obtained as the resolvent of {A} and {¬A} for atomic A. Both {A} and {¬A} must be in Resm (F ). By the previous proposition, both A and ¬A are consequences of F . It follows that A ∧ ¬A is a consequence of F and F is unsatisﬁable. Example 1.73 Let F be the formula {{A, B, ¬C}, {¬A}, {A, B, C}, {A, ¬B}} We show that F is unsatisﬁable using resolution. Let C1 , C2 , C3 , and C4 denote the four clauses of F in the order given above. C1 C3 {A, B} C4 {A} C2 ∅ We see that {A, B} ∈ Res(F ), {A} ∈ Res2 (F ), and ∅ ∈ Res3 (F ). By Proposition 1.72, F is unsatisﬁable. We can arrange this as a two-column proof as follows.

Consequence of F

Justiﬁcation

C1

Clause of F

C3

Clause of F

{A, B}

Resolvent of C1 and C2

C4

Clause in F

{A}

Resolvent of {A, B} and C4

C2

Clause in F

∅

Resolvent of {A} and C2

We now consider the converse of Proposition 1.72. Let F be a formula in CNF. If F is unsatisﬁable, then must ∅ be in Res∗ (F )? We show that the answer is “yes.” Resolution is all we need to show unsatisﬁability. This is not immediately apparent. After all, for the “Justiﬁcation” column of these proofs, we have only two options. Either a clause is given, or it is a resolvent of two previously

42

Propositional logic

derived clauses. It may seem that this method of proof is too restrictive. We prove that it is not. Proposition 1.74 Let F be a formula in CNF. If F is unsatisﬁable, then ∅ ∈ Res∗ (F ). Proof Let F = {C1 , . . . , Ck }. We assume that none of the Ci s is a tautology (otherwise we just throw away these clauses and show that ∅ can be derived from what remains). We will prove this proposition by induction on the number n of atomic formulas that occur in F . Let n = 1. Let A be the only atomic formula occurring in F . Then there are only three possible clauses in F . Each Ci is either {A}, {¬A}, or {A, ¬A}. The last clause is a tautology, and so, by our previous assumption, it is not a clause of F . So the only clauses in F are {A} and {¬A}. There are three possibilities, F = {{A}}, F = {{¬A}}, or F = {{A}, {¬A}}. The ﬁrst two of these are satisﬁable. So F must be {{A}, {¬A}}. Clearly, ∅ ∈ Res∗ (F ). Now suppose F has atomic subformulas A1 , . . . , An+1 . Suppose further that ∅ ∈ Res∗ (G) for any unsatisﬁable formula G that uses only the atomic formulas A1 , . . . , An . We deﬁne some new formulas. Let F˜0 be the conjunction of all Ci in F that do not contain ¬An+1 . Let F˜1 be the conjunction of all Ci in F that do not contain An+1 . These are CNF formulas. We claim that, viewing these as sets, F˜0 ∪ F˜1 = F . For suppose that there is some clause Ci of F that is not in F˜0 ∪ F˜1 . Then Ci must contain both An+1 and ¬An+1 . But then Ci is a tautology, contrary to our previous assumption. So F˜0 ∪ F˜1 and F contain the same clauses. Let F0 = {Ci − {An+1 }|Ci ∈ F˜0 }. Let F1 = {Ci − {¬An+1 }|Ci ∈ F˜1 }. That is, F0 is formed by throwing An+1 out of each clause of F˜0 in which it occurs. Likewise, F1 is obtained by throwing ¬An+1 out of each clause of F˜1 . We claim that if we replace An+1 in F with a contradiction, then the resulting formula is equivalent to F0 . And if we replace An+1 in F with a tautology, then the resulting formula is equivalent to F1 . We give an example to illustrate this, but leave the veriﬁcation of this fact to the reader. Example 1.75 Suppose n = 2 so that An+1 is A3 . Let F = {{A1 , A3 }, {A2 }, {¬A1 , ¬A2 , A3 }, {¬A2 , ¬A3 }}. Then F˜0 = {{A1 , A3 }, {A2 }, {¬A1 , ¬A2 , A3 }} and F˜1 = {{A2 }, {¬A2 , ¬A3 }}. So F0 = {{A1 }, {A2 }, {¬A1 , ¬A2 }}

Propositional logic

43

and F1 = {{A2 }, {¬A2 }}. Now F is the formula (A1 ∨ A3 ) ∧ (A2 ) ∧ (¬A1 ∨ ¬A2 ∨ A3 ) ∧ (¬A2 ∨ ¬A3 ). If we know A3 has truth value 0, then this becomes (A1 ∨ 0) ∧ (A2 ) ∧ (¬A1 ∨ ¬A2 ∨ 0) ∧ (1) which is equivalent to F0 . If we know that A3 has truth value 1, then F reduces to (1) ∧ (A2 ) ∧ (1) ∧ (¬A2 ∨ 0) which is equivalent to F1 . Since An+1 must either have truth value 0 or 1, it follows that F ≡ F0 ∨ F1 . Since F is unsatisﬁable, F0 and F1 are each unsatisﬁable. The formulas F0 and F1 only use the atomic formulas A1 ,. . . , An . By our induction hypothesis, ∅ ∈ Res∗ (F0 ) and ∅ ∈ Res∗ (F1 ). (Note that ∅ can easily be derived from both F0 and F1 in our example.) Now F0 was formed from F˜0 by throwing An+1 out of each clause. Since we can derive ∅ from F0 , we can derive either ∅ or {An+1 } from F˜0 (by reinstating {An+1 } in each clause of F0 ). Likewise we can derive either ∅ or {¬An+1 } from F˜1 . If we can derive {An+1 } form F0 and {¬An+1 } from F1 , then we can derive ∅ from F˜0 ∪ F˜1 . Since F = F˜0 ∪ F˜1 , we conclude that ∅ ∈ Res∗ (F ). This yields an algorithm for the Satisﬁability problem. Given any formula G, we ﬁrst ﬁnd a formula F in CNF that is equivalent to G (using the CNF algorithm). We then compute the ﬁnite set Res∗ (F ). If ∅ ∈ Res∗ (F ), then the algorithm concludes “No, G is not satisﬁable.” Otherwise, it concludes “Yes, G is satisﬁable.” By Propositions 1.72 and 1.74, this algorithm works. This algorithm is not necessarily quick. As we previously mentioned, there is no known polynomial-time algorithm for this decision problem. However, in certain instances, this algorithm can reach a quick conclusion. If F is unsatisﬁable, then we do not necessarily have to compute all of Res∗ (F ). As soon as ∅ makes an appearance, we know that it is not satisﬁable. If F is satisﬁable, on the other hand, then truth tables can reach a quick conclusion. We only need to compute the truth table until we ﬁnd a truth value of 1. We summarize the main results of this section in the following theorem. This theorem is a ﬁnite version of the Completeness theorem for propositional logic. Theorem 1.76 Let F and G be formulas of propositional logic. Let H be the CNF formula obtained by applying the CNF algorithm to the formula F ∧ ¬G. The following are equivalent: 1. F |= G 2. {F } G 3. ∅ ∈ Res∗ (H) Proof (2) implies (1) by Theorem 1.37.

44

Propositional logic

(1) implies (3) by Proposition 1.74. We must show that (3) implies (2). By Proposition 1.59, we have {F ∧ ¬G} H. By ∧-Introduction, {F , ¬G} F ∧ ¬G. It follows that {F , ¬G} H. Since ∅ ∈ Res∗ (H), there must exist an atomic formula A such that both {A} and {¬A} are in Res∗ (H). It follows from Proposition 1.71 that both {H} A and {H} ¬A. Therefore, both {F , ¬G} A and {F , ¬G} ¬A. By proof by contradiction, we have {F } ¬¬G. Finally, {F } G by Double negation.

1.9 Completeness and compactness Completeness and compactness are two properties that a logic may or may not possess. We conclude our study of propositional logic by showing that this logic does, in fact, have each of these properties. A logic is a formal language that has rules for deducing the truth of one statement from that of another. If a sentence G can be deduced from a set of sentences F using these rules, then we write F G. The notation F |= G, on the other hand, means that whenever each sentence in F is true, G is also true. If F G, then F |= G. The opposite, however, is not necessarily true. Put another way, F |= G means that F implies G and F G means that we can prove that F implies G using the rules of the logic. But just because something is true does not mean we can prove it. Perhaps the rules of the logic are too weak to prove everything (or the expressive power of the logic is too strong). If we can prove everything that is true (that is, if F |= G does imply F G), then we say that the logic is complete. (Completeness:) F |= G if and only ifF G. In Section 1.4, we deﬁned the notation F G for propositional logic by listing a bunch of rules. However, completeness should be understood not as a statement about these speciﬁc rules, but as a statement about the logic itself. Completeness asserts the existence of a list of rules that allows us to deduce every consequence from any set of formulas of the logic. To prove this we need to demonstrate such a list of rules. We show that the rules in Tables 1.5 and 1.6, as well as the rules for resolution, suﬃce for propositional logic. As we will see in Chapter 9, second-order logic does not have completeness. We cannot give a nice list of rules that allow us to deduce every consequence from any set of second-order sentences.

Propositional logic

45

To prove that propositional logic has completeness, we must pass from ﬁnite to inﬁnite sets of formulas. If F is ﬁnite, then F |= G if and only if F G by Theorem 1.76. Suppose now that F is inﬁnite. If F is a set of formulas in CNF, then it can be viewed as a set of clauses. The set Resn (F) is deﬁned as it was for ﬁnite sets of clauses. Let Res∗ (F) denote the union of all of the sets Resn (F) (for n ∈ N). Again, Res∗ (F) is the set of all clauses that can be derived from F using resolution. If F is inﬁnite, then Res∗ (F) is inﬁnite and cannot be viewed as a formula. Such an inﬁnite set of clauses is satisﬁable if and only if there exists an assignment that models each clause of the set. To prove that propositional logic has completeness, it suﬃces to prove the following. Proposition 1.77 Let F be a set of formulas in CNF. Then ∅ ∈ Res∗ (F) if and only if F is unsatisﬁable. For ﬁnite F, this is a restatement of Propositions 1.72 and 1.74. Recall the proofs of these two statements. For Proposition 1.74, we assumed that F was unsatisﬁable, and we proved that ∅ ∈ Res∗ (F ) by induction on the number of atomic formulas occurring in F . But mathematical induction proves only that something is true for all ﬁnite n. So the method we used to prove Proposition 1.74 does not work if F involves inﬁnitely many atomic formulas. Consider the other direction of Proposition 1.77. Suppose ∅ ∈ Res∗ (F). Then ∅ ∈ Resn (F) for some n. That is, we can derive ∅ from F in a ﬁnite number of steps. Therefore, we can derive ∅ from some ﬁnite subset F of F. By Proposition 1.72, F is unsatisﬁable. Since F is a subset of F, F must be unsatisﬁable also. So one direction of Proposition 1.77 follows from the results of the previous section. We can deduce the inﬁnite case from the ﬁnite case by observing that if ∅ can be derived from F, then it can be derived from some ﬁnite subset of F. To prove the other direction of Proposition 1.77 we need an analogous idea. We need to show that if F is unsatisﬁable, then some ﬁnite subset of F is unsatisﬁable. This is known as compactness. Compactness: F is unsatisﬁable if and only if some ﬁnite subset of F is unsatisﬁable. Put another way, compactness says that F is satisﬁable if and only if every ﬁnite subset of F is satisﬁable. As with completeness, one direction of compactness always holds. If F is satisﬁable, then every ﬁnite subset of F must be satisﬁable also. But just because every ﬁnite subset of a set is satisﬁable does not necessarily mean that the set itself is satisﬁable. Consider, for example, the following set of English sentences.

46

Propositional logic

F0 = “There are ﬁnitely many objects in the universe.” F1 = “There is at least one object in the universe.” F2 = “There are at least two objects in the universe.” F3 = “There are at least three objects in the universe.” ··· Fn = “There are at least n objects in the universe.” ··· Taken together, these sentences are contradictory. If there are more than n objects for each n, then there cannot possibly be ﬁnitely many objects as F0 asserts. However, if we take only ﬁnitely many of the above statements, then there is no problem. Any ﬁnite set of these sentences is satisﬁable, but the collection as a whole is not. Any logic that can express these sentences does not have compactness. We prove that propositional logic does have compactness in Theorem 1.79. First, we prove the following lemma. This lemma may not seem relevant at the moment, but it is the key to proving Theorem 1.79. Lemma 1.78 Let X be an inﬁnite set of ﬁnite binary strings. There exists an inﬁnite binary string w ¯ so that any preﬁx of w ¯ is also preﬁx of inﬁnitely many x ¯ in X. Proof A binary string is a sequence on 0s and 1s such as 1011. The strings 1, 10, 101, and 1011 are the preﬁxes of 1011. We have an inﬁnite set X of such strings of ﬁnite length. We want to construct an inﬁnite string w ¯ of 0s and 1s so that each preﬁx of w ¯ is also a preﬁx of inﬁnitely many strings in X. We construct w ¯ step-by-step from left to right. In each step we will do two things. In the nth step, we not only decide what the nth digit of w ¯ should be, we also delete strings from X that we do not like. To determine what the ﬁrst digit of w ¯ should be, look at the ﬁrst digits of all the strings in X. Of course, there are inﬁnitely many strings and you cannot look at all these digits at once, but suppose that you are somehow omniscient. There are two possibilities. Either you see inﬁnitely many 1s or you do not. If inﬁnitely many strings in X start with 1, then we let the ﬁrst digit of w ¯ be a 1 and we delete all strings in X that begin with a 0 (we are still left with inﬁnitely many). Otherwise, if only ﬁnitely many strings in X start 1, we delete these and let the ﬁrst digit of w ¯ be a 0. Now suppose we have determined the ﬁrst n digits of w. ¯ Suppose too that we have deleted all sequences from X that do not start with these same n digits and are left with an inﬁnite subset X of X. To determine the (n + 1)th

Propositional logic

47

entry in w ¯ we look at the (n + 1)th digits of all the strings in X . Since X is inﬁnite, X must have inﬁnitely many strings of length n + 1 or greater. So again, there are two possibilities. If inﬁnitely many strings in X have 1s in the (n + 1)th place, then we let the (n + 1)th digit of w ¯ be 1. Otherwise, we let the (n + 1)th digit be 0. Either way, we delete all strings from X that do not share the same ﬁrst n + 1 entries as w. ¯ We are still left with an inﬁnite subset of X. Continuing this procedure, we obtain an inﬁnite sequence w ¯ so that the ﬁrst n digits of w ¯ agrees with the ﬁrst n digits of inﬁnitely many sequences in X. We have not really given a practical way of constructing w, ¯ but we have proven that such a string exists. We are ready now to prove propositional logic has compactness. Theorem 1.79 (Compactness of propositional logic) A set of sentences of propositional logic is satisﬁable if and only if every ﬁnite subset is satisﬁable. Proof As we remarked earlier, only one direction of this requires proof. Suppose F = {F1 , F2 , . . .} is a set of formulas and every ﬁnite subset of F is satisﬁable. Let A1 , A2 , A3 , . . . be a list without repetition of the atomic formulas occurring in F1 followed by the atomic formulas occurring in F2 (but not F1 ), and so on. Since every ﬁnite subset of F is satisﬁable, for each n there exists an assignn ment An such that An |= i=1 Fn . So each Fi in F holds under all but ﬁnitely many of these assignments. We may assume that An is deﬁned only on the atomic formulas occurring in F1 , . . . , Fn . For each n, the truth values An assigns to A1 , A2 , . . . forms a ﬁnite sequence of 0s and 1s. So X = {An |n = 1, 2,. . . } is an inﬁnite set of ﬁnite binary sequences. By the previous lemma, there exists an inﬁnite binary sequence w ¯ so that every preﬁx of w ¯ is a preﬁx of inﬁnitely many sequences in X. Deﬁne an assignment A on all the An s as follows: let A(An ) be the nth digit of w. ¯ We must show that every formula F in F holds under A. This follows from the fact that F holds under all but ﬁnitely many of the assignments in X. Let m be such that F contains no atomic formula past Am in our list. Then there is an An in X so that An |= F and the ﬁrst m entries of An are the same as A. It follows that A also models F . Proposition 1.77 follows from compactness. We can now prove that propositional logic has completeness. We could give a proof similar to that of Theorem 1.76 using Proposition 1.77 in place of Propositions 1.72 and 1.74. However, compactness yields a more direct proof. Theorem 1.80 (Completeness of propositional logic) For any sentence G and set of sentences F, F |= G if and only if F G. Proof By Theorem 1.37, if F G, then F |= G.

48

Propositional logic

Conversely, suppose that F |= G. Then F ∪ {¬G} is unsatisﬁable. By compactness, some ﬁnite subset of F ∪ {¬G} is unsatisﬁable. So there exists ﬁnite F0 ⊂ F such that F0 ∪ {¬G} is unsatisﬁable and, equivalently, F0 |= G. Since F0 is ﬁnite, we can apply Theorem 1.76 to get F0 G. Finally, F G by Monotonicity.

Exercises 1.1.

Show that ¬ and ∨ can be taken as primitive symbols in propositional logic. That is, show that each of the symbols ∧, →, and ↔ can be deﬁned in terms of ¬ and ∨.

1.2.

Show that ¬ and → can be taken as primitive symbols in propositional logic. That is, show that each of the symbols ∧, ∨, and ↔ can be deﬁned in terms of ¬ and →.

1.3.

Find the truth tables for each of the following formulas. State whether each is a tautology, a contradiction, or neither. (a) (¬A → B) ∨ ((A ∧ ¬C) ↔ B)

1.4.

(b)

(A → B) ∧ (A → ¬B)

(c)

(A → (B ∨ C)) ∨ (C → ¬A)

(d)

((A → B) ∧ C) ∨ (A ∧ D) .

In each of the following, determine whether the two formulas are equivalent. (a) (A ∧ B) ∨ C and (A → ¬B) → C (b)

(((A → B) → B) → B) and (A → B)

(c)

(((A → B) → A) → A) and (C → D) ∨ C

(d) A ↔ ((¬A ∧ B) ∨ (A ∧ ¬B)) and ¬B. 1.5.

Show that the following statements are equivalent. 1. F |= G, 2. |= F → G, 3. F ∧ ¬G is unsatisﬁable, and 4. F ≡ F ∧ G.

1.6.

Show that the following statements are equivalent. 1. F ≡ G, 2. |= F ↔ G, and 3.

(F ∧ ¬G) ∨ (¬F ∧ G) is unsatisﬁable.

Propositional logic

1.7.

(a)

(b) 1.8.

49

Find a formula F in CNF which has the following truth table. A

B

C

F

0

0

0

0

1

0

0

1

0

1

0

1

0

0

1

1

1

1

0

0

1

0

1

0

0

1

1

0

1

1

1

1

Find a formula in DNF having the above truth table.

Find formulas in CNF equivalent to each of the following. (a) (A ↔ B) ↔ C (b) (A → (B ∨ C)) ∨ (C → ¬A) (c)

1.9.

(¬A ∧ ¬B ∧ C) ∨ (¬A ∧ ¬C) ∨ (B ∧ C) ∨ A.

The Cut rule states that from the formulas (F → G) and (G → H) we can derive the formula (F → H). Verify this rule by giving a formal proof.

1.10. (a)

Let ↔-Symmetry be the following rule: Premise: F (F ↔ G) Conclusion: F (G ↔ F ) Verify this rule by giving a formal proof.

(b)

Give a formal proof demonstrating that {(F ↔ G)} (¬F ↔ ¬G).

1.11. Give formal proofs demonstrating that the formulas (F ∧ (F ∨ G)) and (F ∨ (F ∧ G)) are provably equivalent. 1.12. If F → G is a consequence of F, then so is ¬G → ¬F . We refer to this rule as →-Contrapositive. Verify this rule by giving a formal proof. 1.13. Show that ∨-Symmetry follows from the other rules of Tables 1.5 and 1.6. 1.14. Show that →-Elimination follows from the other rules of Tables 1.5 and 1.6. 1.15. Show that Double negation follows from Assumption, Monotonicity, and Proof by cases.

50

Propositional logic

1.16. Suppose that we remove from Table 1.5 the following four rules: ∨-Elimination, ∨-Symmetry, →-Introduction, and →-Elimination and replace these with DeMorgan’s rules, ∨-Distributivity, the Cut rule (from Exercise 1.9), and the converse of Double negation (if F ¬¬F then F F ). Show that the resulting set of rules is complete. 1.17. Use resolution to verify each of the following statements: (a) ¬A is a consequence of (A → B) ∧ (A → ¬B) (b) (¬A ∧ ¬B ∧ C) ∨ (¬A ∧ ¬C) ∨ (B ∧ C) ∨ A is a tautology (c)

((A → B) ∧ (A → ¬B)) → ¬A is a tautology.

1.18. For each formula in Exercise 1.3 ﬁnd an equivalent formula in CNF. 1.19. For each formula in Exercise 1.3, verify your answer to that problem by using resolution. 1.20. Determine whether or not the following Horn formulas are satisﬁable. If it is satisﬁable, ﬁnd an assignment that models the formula. (T → A1 ) ∧ (T → A2 ) ∧ (A1 ∧ A2 ∧ A3 → A4 ) ∧ (A1 ∧ A2 ∧ A4 → A5 ) (a) ∧(A1 ∧ A2 ∧ A3 ∧ A4 → A6 ) ∧ (A5 ∧ A6 → A7 ) ∧ (A2 → A3 ) ∧ (A7 →⊥)

(b)

(T → A1 ) ∧ (T → A2 ) ∧ (A1 ∧ A2 ∧ A4 → A3 ) ∧ (A1 ∧ A5 ∧ A6 ) ∧ (A2 ∧ A7 → A5 ) ∧(A1 ∧ A3 ∧ A5 → A7 ) ∧ (A2 → A4 ) ∧ (A4 → A8 ) ∧ (A2 ∧ A3 ∧ A4 → A9 ) ∧(A3 ∧ A9 → A6 ) ∧ (A6 ∧ A7 → A8 ) ∧ (A7 ∧ A8 ∧ A9 →⊥)

1.21. Consider the following formula in DNF. (A1 ∧ B1 ) ∨ (A2 ∧ B2 ) ∨ · · · ∨ (An ∧ Bn ) Given this formula as input, how many steps will it take the CNF algorithm to halt and output a formula in CNF? Is this algorithm polynomial-time? 1.22. Complete the proof of Theorem 1.37. 1.23. Complete the proof of Proposition 1.44. 1.24. Prove Proposition 1.45 by providing two formal proofs. 1.25. Prove Proposition 1.46. 1.26. What is wrong with the following claim? Why is the given “fake proof” not a proof? Claim: (A → B) ∨ C is not a subformula of any formula. Proof [Fake proof] Let F be any formula. We show that (A → B) ∨ C is not a subformula of F by induction on the complexity of F . If F is atomic, then clearly (A → B) ∨ C is not a subformula. Let F1 and F2 be two formulas. Our induction hypothesis is that neither F1 nor F2 has (A → B) ∨ C as a subformula.

Propositional logic

51

Suppose F is ¬F1 . If (A → B) ∨ C is a subformula of F , then either (A → B) ∨ C is a subformula of F1 or is F itself. It is not a subformula of F1 by our induction hypothesis. Moreover, since (A → B) ∨ C does not contain the symbol ¬, it cannot be F . Suppose F is F1 ∧ F2 . If (A → B) ∨ C is a subformula of F , then since (A → B) ∨ C does not contain the symbol ∧, it must be a subformula of either F1 or of F2 . But by our induction hypothesis, this is not the case. It follows that (A → B) ∨ C is not a subformula of any formula. 1.27. Prove Proposition 1.48 by mathematical induction. That is, given formulas {F1 , . . . , Fn } and {G1 , . . . , Gm }, prove each of the following by induction on n. m n m n (a) ( i=1 Fi ) ∨ ( j=1 Gj ) ≡ i=1 ( j=1 (Fi ∨ Gj )) m n m n (b) ( i=1 Fi ) ∧ ( j=1 Gj ) ≡ i=1 ( j=1 (Fi ∧ Gj )). 1.28. Prove Theorem 1.50 by induction on the complexity of H. 1.29. Let F and G be sets of formulas. We say that F is equivalent to G, denoted F ≡ G, if for every assignment A, A |= F if and only if A |= G. (a) Show that the following is true: For any F and G, F ≡ G if and only if both: F G for each G ∈ G and G F for each F ∈ F. (b)

Demonstrate that the following is not true: For any F and G, F ≡ G if and only if both: for each G ∈ G there exists F ∈ F such that G |= F , and for each F ∈ F there exists G ∈ G such that F |= G.

1.30. If a contradiction can be derived from a set of sentences, then the set of sentences is said to be inconsistent. Otherwise, the set of sentences is consistent. Let F be a set of sentences. Show that F is consistent if and only if it is satisﬁable. 1.31. Suppose that F is an inconsistent set of sentences (as deﬁned in Exercise 1.30). For each G ∈ F, let FG be the set obtained by removing G from F. (a) Prove that for any G ∈ F, FG ¬G by using the result of Exercise 1.30. (b)

Prove that for any G ∈ F, FG ¬G by sketching a formal proof.

1.32. A set of sentences F is said to be closed under conjunction if for any F and G in F, F ∧ G is also in F. Suppose that F is closed under conjunction

52

Propositional logic and is inconsistent (as deﬁned in Exercise 1.30). Prove that for any G ∈ F there exists F ∈ F such that {F } ¬G.

1.33. Call a set of sentences minimal unsatisﬁable if it is unsatisﬁable, but every proper subset is satisﬁable. (a) Show that there exist minimal unsatisﬁable sets of sentences of size n for any n. (b)

Show that any unsatisﬁable set of sentences has a minimal unsatisﬁable subset.

1.34. (Craig’s interpolation theorem) Suppose |= (F → G) and F is not a contradiction and G is not a tautology. Show that there exists a formula H such that every atomic in H is in both F and G and |= (F → H) and |= (H → G). 1.35. (Beth’s deﬁnability theorem) Let H be a subformula of F . Let A1 , . . . , Am be the atomic subformulas of F that do not occur in H. Suppose that, for any formula H , the formula H ↔ H is a consequence of the formula F ∧ F where F is the formula obtained by replacing each occurrence of H in F with H . Suppose also that m ≥ 1. Show that there exists a formula G having no atomic subformulas other than A1 , . . . , Am such that |= F → (H ↔ G).

2

Structures and ﬁrst-order logic

2.1 The language of ﬁrst-order logic First-order logic is a richer language than propositional logic. Its lexicon contains not only the symbols ∧, ∨, ¬, →, and ↔ (and parentheses) from propositional logic, but also the symbols ∃ and ∀ for “there exists” and “for all,” along with various symbols to represent variables, constants, functions, and relations. These symbols are grouped into ﬁve categories. • Variables. Lower case letters from the end of the alphabet (. . . x, y, z) are used to denote variables. Variables represent arbitrary elements of an underlying set. This, in fact, is what “ﬁrst-order” refers to. Variables that represent sets of elements are called second-order. Second-order logic, discussed in Chapter 9, is distinguished by the inclusion of such variables. • Constants. Lower case letters from the beginning of the alphabet (a, b, c, . . .) are usually used to denote constants. A constant represents a speciﬁc element of an underlying set. • Functions. The lower case letters f , g, and h are commonly used to denote functions. The arguments may be parenthetically listed following the function symbol as f (x1 , x2 , . . . , xn ). First-order logic has symbols for functions of any number of variables. If f is a function of one, two, or three variables, then it is called unary, binary, or ternary, respectively. In general, a function of n variables is called n-ary and n is referred to as the arity of the function. • Relations. Capital letters, especially P , Q, R, and S, are used to denote relations. As with functions, each relation has an associated arity. We have an inﬁnite number of each of these four types of symbols at our disposal. Since there are only ﬁnitely many letters, subscripts are used to accomplish this inﬁnitude. For example, x1 , x2 , x3 , . . . are often used to denote variables. Of course, we can use any symbol we want in ﬁrst-order logic. Ascribing the letters of the alphabet in the above manner is a convenient convention. If you turn to a random page in this book and see “R(a, x, y),” you can safely assume that R is a ternary relation, x and y are variables, and a is a constant. However, we may at times use symbols that we have not yet mentioned. We may use the symbol ♥ if we please. However, if we do so, we must say what this symbol represents,

54

Structures and ﬁrst-order logic

whether it is a constant, a variable, a function of 23 variables, a ternary relation, or what. • Fixed symbols. The ﬁxed symbols are ∧, ∨, ¬, →, ↔, (, ), ∃, and ∀. By “ﬁxed” we mean that these symbols are always interpreted in the same way. If you look on page 211 of this book and see the symbol ∧, it means the same thing as it did on page 8. It means “and.” The same is true for each of the ﬁxed symbols. In contrast, the interpretation of the function symbol f depends on the context. We may use this symbol to represent any function we choose. The ﬁxed symbols ∃ and ∀, called quantiﬁers, make the language of ﬁrstorder logic far more expressive than propositional logic. They are called the existential and universal quantiﬁers, respectively. In any ﬁrst-order formula, each quantiﬁer is immediately followed by a variable. We read ∃x as “there exists x such that” and ∀x as “for all x.” The following is an example of a sentence of ﬁrst-order logic: ∀y∃xR(f (x), y). This sentence says that for all y there exists x such that the relation R holds for the ordered pair (f (x), y). Here f is a unary function and R is a binary relation. Whether this sentence is true or not depends on the context. If the relation R is equality, then this sentence is true if and only if the function f is onto. Because of the ubiquity of equality in mathematics, we add to our list of ﬁxed symbols the symbol = for “equals.” We still refer to this as “ﬁrst-order logic” although it is often called “ﬁrst-order logic with equality.” The inclusion of equality allows the quantiﬁers to actually quantify. For example, the sentence ∃x1 ∃x2 ∃x3 (¬(x1 = x2 ) ∧ ¬(x1 = x3 ) ∧ ¬(x2 = x3 )) says that there exist at least three distinct elements. Likewise, we can write sentences that say there exist at least seven elements, or fewer than 23 elements, or exactly 45 elements. We have now completely listed the symbols of ﬁrst-order logic. Our next objective is to deﬁne the syntax and semantics. That is, we need to say which strings of these symbols are permissable as formulas and also how to interpret the formulas.

2.2 The syntax of ﬁrst-order logic The deﬁnition of a formula in ﬁrst-order logic is analogous to the deﬁnition of formula in propositional logic. We ﬁrst deﬁne atomic formulas and then give rules for constructing more complex formulas. We used upper case Roman letters such

Structures and ﬁrst-order logic

55

as F , G, and H to denote formulas in propositional logic. In ﬁrst-order logic, we reserve these letters for other uses and instead use lower case Greek letters such as ϕ, ψ, and θ to denote formulas. Prior to deﬁning formulas, we must deﬁne the term term. Terms are deﬁned inductively by the following two rules. (T1) Every variable and constant is a term. (T2) If f is an m-ary function and t1 , . . . , tm are terms, then f (t1 , . . . , tm ) is also a term. Deﬁnition 2.1 An atomic formula is a formula that has the form t1 = t2 or R(t1 , . . . , tn ) where R is an n-ary relation and t1 , . . . , tn are terms. As with propositional logic, we regard some of the ﬁxed symbols as primitive. The other symbols are deﬁned in terms of the primitive symbols. We view ¬, ∧, and ∃ as primitive. Every formula of ﬁrst-order logic is built from atomic formulas by repeated application of three rules. Each rule corresponds to a primitive symbol. (R1) If ϕ is a formula then so is ¬ϕ. (R2) If ϕ and ψ are formulas then so is ϕ ∧ ψ. (R3) If ϕ is a formula, then so is ∃xϕ for any variable x. Note that (R1) and (R2) were also rules for propositional logic and only the rule (R3) is new. Deﬁnition 2.2 A string of symbols is a formula of ﬁrst-order logic if and only if it is constructed from atomic formulas by repeated application of rules (R1), (R2), and (R3). The deﬁnitions of ∨, →, and ↔ are the same as in propositional logic. We deﬁne ∀xϕ as ¬∃x¬ϕ. For any formula ϕ, the two formulas ∀xϕ and ¬∃x¬ϕ are interchangeable. So from (R1) and (R3) we have the following: if ϕ is a formula, then so is ∀xϕ for any variable x. Example 2.3 ∀yP (x, y) ∨ ∃yQ(x, y) is a formula of ﬁrst-order logic and x(Q∀P )y∃)(∨ is not. In the next section, we discuss the semantics of ﬁrst-order logic. For this we need to know the order of operations of the symbols. Parentheses dictate the order of operations in any formula. In absence of parentheses, we use the following rule: ¬, ∃, and ∀ have priority over ∧, ∨, →, and ↔ .

56

Structures and ﬁrst-order logic

Example 2.4 ∃xP (x, y)∨Q(x, y) means (∃xP (x, y))∨(Q(x, y)) and ∀yP (x, y) → Q(x, y) means (∀yP (x, y)) → (Q(x, y)). We also use the following convention: the order in which to consider ¬, ∃, and ∀ is determined by the order in which they are listed. We again employ conventions (C1) and (C2) from Section 1.1. These allow us to drop parentheses that are not needed. Example 2.5 We write ¬∃x∀y∃zR(x, y, z) instead of ¬(∃x(∀y(∃z(R(x, y, z))))). Having deﬁned formulas, we next deﬁne the notion of a subformula. Deﬁnition 2.6 Let ϕ be a formula of ﬁrst-order logic. We inductively deﬁne what it means for θ to be a subformula of ϕ as follows: If ϕ is atomic, then θ is a subformula of ϕ if and only if θ = ϕ. If ϕ has the form ¬ψ, then θ is a subformula of ϕ if and only if θ = ϕ or θ is a subformula of ψ. If ϕ has the form ψ1 ∧ ψ2 , then θ is a subformula of ϕ if and only if θ = ϕ or θ is a subformula of ψ1 , or θ is a subformula of ψ2 . If ϕ has the form ∃xψ, then θ is a subformula of ϕ if and only if θ = ϕ or θ is a subformula of ψ. Example 2.7 Let ϕ be the formula ∃x∀yP (x, y) ∨ ∀x∃yQ(x, y) where P and Q are binary relations. The subformulas of ϕ are ∃x∀yP (x, y), ∀yP (x, y), P (x, y), ∀x∃yQ(x, y), ∃yQ(x, y), Q(x, y) and ϕ itself . Note that the formula P (x, y) ∨ ∀x∃yQ(x, y), occurring as part of ϕ, is not a subformula of ϕ. The free variables of a formula ϕ are those variables occurring in ϕ that are not quantiﬁed. For example, in the formula ∀yR(x, y), x is a free variable, but y is not since it is quantiﬁed by ∀. For any ﬁrst-order formula ϕ, let f ree(ϕ) denote the set of free variables of ϕ. We can deﬁne f ree(ϕ) inductively as follows: If ϕ is atomic, then f ree(ϕ) is the set of all variables occurring in ϕ, if ϕ = ¬ψ, then f ree(ϕ) = f ree(ψ), if ϕ = ψ ∧ θ, then f ree(ϕ) = f ree(ψ) ∪ f ree(θ), and if ϕ = ∃xψ, then f ree(ϕ) = f ree(ψ) − {x}. Deﬁnition 2.8 A sentence of ﬁrst-order logic is a formula having no free variables.

Structures and ﬁrst-order logic

57

Example 2.9 ∃x∀yP (x, y)∨∀x∃yQ(x, y) is a sentence of ﬁrst-order logic, whereas ∃xP (x, y) ∨ ∀xQ(x, y) is a formula but not a sentence (y is a free variable). Example 2.10 Let ϕ be the formula ∀y∃xf (x) = y. Then ϕ is a sentence since both of the variables occurring in ϕ are quantiﬁed. The formulas f (x) = y and ∃xf (x) = y are both subformulas of ϕ. Neither of these subformulas is a sentence. In contrast to the free variables of a formula ϕ, the bound variables of ϕ are those variables that do have quantiﬁers. For any ﬁrst-order formula ϕ, bnd(ϕ) denotes the set of bound variables occurring in ϕ. Again, this notion can be precisely deﬁned by induction. If ϕ is atomic, then bnd(ϕ) = ∅, if ϕ = ¬ψ, then bnd(ϕ) = bnd(ψ), if ϕ = ψ ∧ θ, then bnd(ϕ) = bnd(ψ) ∪ bnd(θ), and if ϕ = ∃xψ, then bnd(ϕ) = bnd(ψ) ∪ {x}. Every variable occurring in ϕ is in f ree(ϕ) or bnd(ϕ). As the next example shows, these two sets are not necessarily disjoint. A variable can have both free and bound occurrences within the same formula. Example 2.11 Consider the formula ∃x(R(x, y) ∧ ∃yR(y, x)). The variable y occurs free in R(x, y) and bound in ∃yR(y, x). The variable x occurs only as a bound variable. So, if ψ denotes this formula, then free(ψ) = {y} and bnd(ψ) = {x, y}. Notation We write ϕ(x1 , x2 , . . . , xn ) to denote a formula having free variables x1 , x2 , . . . , xn . We write ϕ(t1 , t2 , . . . , tn ) to denote the formula obtained by replacing each free occurrence of xi in ϕ with the term ti . When using this notation, it should always be assumed that each ti contains none of the variables in bnd(ϕ). (E.g., if ϕ(x) is ∃ y ¬(x = y) then we do not allow the substitution ϕ(y)). The presence of free variables distinguishes formulas from sentences. This distinction did not exist in propositional logic. The notion of truth is deﬁned only for sentences. It does not make sense to ask whether the formula y = x + 1 is true or not. But we can ask whether ∀y∃x(y = x + 1) or c1 = c2 + 1 is true or not. The answer, as we have already indicated, depends on the context.

2.3 Semantics and structures As with propositional logic, the semantics for ∧ and ¬ can be described by saying ∧ behaves like “and” and ¬ behaves like “negation.” Likewise, the semantics for the quantiﬁers ∃ and ∀ can be inferred from the phrases “there exists” and “for all.” However, we must be more precise when deﬁning the semantics of a logic.

58

Structures and ﬁrst-order logic

The goal of this section is to formally deﬁne the semantics of ﬁrst-order logic. First, we intuitively describe the semantics with some examples. Consider the ﬁrst-order sentence ∀y∃xf (x) = y. This sentence says that for all y there exists x so that f (x) = y. To determine whether this sentence is true or not, we need a context. It depends on what the variables represent and what the function f is. For example, suppose the variables are real numbers and f is deﬁned by the rule f (x) = x2 . Then the above sentence is false since there is no x such that f (x) = −1. If the function f is deﬁned by f (x) = x3 (or, if the variables represent complex numbers) then the sentence is true. Now consider ∀x∀y(R(x, y) → ∃z(z = x ∧ z = y ∧ (R(x, z) ∧ R(z, y))). This sentence says that for any x and y, if R(x, y) holds, then there exists some z other than x and y so that R(x, z) and R(z, y) both hold. Suppose again that the variables represent real numbers. If the relation R(x, y) means x < y, then the above sentence is true since between any two real numbers there exists other real numbers. That is, the real numbers are dense. However, if the variables represent integers (or if R means ≤) then this sentence is false. So whether a sentence is true or not depends on two things: our underlying set and our interpretation of the function, constant, and relation symbols. This observation leads us to the central concept of this chapter. A structure consists of an underlying set together with an interpretation of various functions, constants, and relations. The role of structures in ﬁrst-order logic is analogous to the role played by assignments in propositional logic. Given any sentence ϕ and any structure M , we deﬁne what it means for M to model ϕ. Intuitively, this means that the sentence ϕ is true with respect to M . As in propositional logic, we write M |= ϕ to denote this concept. The formal deﬁnition of this concept will be given later in this section. Structures naturally arise in many branches of mathematics. For example, a vector space is a structure. The groups, rings, and ﬁelds of abstract algebra also provide examples of structures. In graph theory, the graphs can be viewed as ﬁrst-order structures (we shall discuss this in detail in Section 2.4). The real numbers provide examples of structures that should be familiar to all readers. The real numbers form not one structure, but many. Recall that a structure has two components: and underlying set and an interpretation of certain functions, constants, and relations. When we refer to the “real numbers” we are only specifying the underlying set and not the symbols to be interpreted. We may want to consider the reals with the functions of addition and multiplication. That is one structure. Another structure is the reals with the relation ≤ and the constant 0. Depending on what aspect of the real numbers we wish to investigate, we may

Structures and ﬁrst-order logic

59

choose various functions, constants, and relations on the reals. The functions, constants, and relations that we choose to consider is called the vocabulary of the structure. Each choice of a vocabulary determines a diﬀerent structure having the real numbers as an underlying set. Deﬁnition 2.12 A vocabulary is a set of function, relation, and constant symbols. Deﬁnition 2.13 Let V be a vocabulary. A V-structure consists of a nonempty underlying set U along with an interpretation of V. An interpretation of V assigns: • an element of U to each constant in V, • a function from U n to U to each n-ary function in V, and • a subset of U n to each n-ary relation in V. We say M is a structure if it is a V-structure for some vocabulary V. We present structures by listing the underlying set, or universe, followed by the function, relation, and constant symbols that it interprets. Example 2.14 Let V = {f , R, c} where f is a unary function, R is a binary relation, and c is a constant. Then M = (Z|f , R, c) denotes a V-structure. The universe of M is the set of integers Z. To complete the description of M , we must say how the symbols of V are to be interpreted. We may say, for example, that M interprets f (x) as x2 , R(x, y) as x < y, and the constant c as 3. This completely describes the structure M . Example 2.15 Let V = {P , R} where P is a unary relation and R is a binary relation. Then M = (N|P , R) denotes a V-structure. The universe of M is the set of natural numbers N. To complete the description of M , we must say how the symbols of V are to be interpreted. We may say, for example, that M interprets P (x) as “x is an even number,” R(x, y) as “x + 1 = y.”

and

This information completely describes structure M . Example 2.16 R = (R|+, ·, 0, 1) denotes a structure in the vocabulary {+, ·, 0, 1} where + and · are binary functions and 0 and 1 are constants. The universe of R is the set of real numbers R. To complete the description of R, we must say how the symbols are to be interpreted. We may simply say that R interprets the symbols in the “usual way.” This means that R interprets + as plus, · as times, 0 as 0, and 1 as 1. This completely describes the structure R.

60

Structures and ﬁrst-order logic

Deﬁnition 2.17 Let V be a vocabulary. A V-formula is a formula in which every function, relation, and constant is in V. A V-sentence is a V-formula that is a sentence. If M is a V-structure, then each V-sentence ϕ is either true or false in M . If ϕ is true in M , then we say M models ϕ and write M |= ϕ. Structures in ﬁrst-order logic play an analogous role to assignments in propositional logic. But whereas, in propositional logic, there were only ﬁnitely many possible assignments for a sentence, there is no end to the number of structures that may or may not model a given sentence of ﬁrst-order logic. Intuitively, M |= ϕ means that the sentence ϕ is true of M . We must precisely deﬁne this concept. Before doing so, we consider one more example. Example 2.18 Consider again the structure R from Example 2.16. The vocabulary for this structure is {+, ·, 0, 1} which we denote by Var (the vocabulary of arithmetic). Consider the V-sentence ∀x∃y(1 + x · x = y). This sentence says that for any x there exists y that is equal to x2 + 1. This is true in R. If we take any real number, square it, and add one, then the result is another real number. So R |= ∀x∃y(1 + x · x = y). Consider next the V-sentence ∀y∃x(1 + x · x = y). This sentence asserts that for every y there is an x so that 1 + x2 = y. This sentence is not true in R. If we take y = −2, for example, then there is no such x. So the structure R does not model the sentence ∀y∃x(1 + x · x = y). Let M be a V-structure and let ϕ be a V-sentence. We now formally deﬁne what it means for M to model ϕ. First we deﬁne this concept for sentences ϕ that do not contain the abbreviations ∨, →, ↔, or ∀. We deﬁne M |= ϕ by induction on the total number of occurrences of the symbols ∧, ¬, and ∃. If ϕ has zero occurences of these symbols, then ϕ is atomic. • If ϕ is atomic, then ϕ either has the form t1 = t2 or R(t1 , . . . , tm ) where t1 , . . . , tm are terms and R is a relation in V. Since ϕ is a sentence, ϕ contains no variables, and so each ti is interpreted as some element ai in the universe U of M . In this case, M |= t1 = t2 if and only if a1 and a2 are the same element of U , and M |= R(t1 , . . . , tm ) if and only if the tuple (a1 , . . . , am ) is in the subset of U m assigned to the m-ary relation R. Now suppose that ϕ contains m+1 occurrences of ∧, ¬, and ∃. Suppose that M |= ψ has been deﬁned for any sentence ψ containing at most m occurrences of

Structures and ﬁrst-order logic

61

these symbols. Since ﬁrst-order formulas are constructed from atomic formulas using rules (R1), (R2), and (R3), there are three possibilities for ϕ. • If ϕ has the form ¬ψ, then M |= ϕ if and only if M does not model ψ. • If ϕ has the form ψ ∧ θ, then M |= ϕ if and only if both M |= ψ and M |= θ. The third possibility is that ϕ has the form ∃xψ. If x is not a free variable of ψ then M |= ϕ if and only if M |= ψ. Otherwise, let ψ(x) be a formula having x as a free variable. Before deﬁning M |= ϕ in this case, we introduce the notion of expansion. Deﬁnition 2.19 Let V be a vocabulary. An expansion of V is a vocabulary containing V as a subset. Deﬁnition 2.20 Let M be a V-structure. A structure M is an expansion of M if M has the same universe as M and interprets the symbols of V in the same way as M . If M is an expansion of M , then, reversing our point of view, we say that M is a reduct of M . If M is an expansion of M , then the vocabulary of M is necessarily an expansion of the vocabulary of M . Example 2.21 The structure M = (R|+, −, ·, <, 0, 1) is an expansion of M = (R|+, ·, <, 0) where each of these structures interpret the symbols in the usual way (see Example 2.16). Example 2.22 Any structure is (trivially) an expansion of itself. Our immediate interest is the expansion of a V-structure M obtained by adding a new constant to the vocabulary for each element of the universe UM of M . Let V(M ) denote the vocabulary V ∪ {cm |m ∈ UM } where each cm is a constant. Let MC denote the unique expansion of M to a V(M )-structure that interprets each cm as the element m. • If ϕ has the form ∃xψ(x), then M |= ϕ if and only if MC |= ψ(c) for some constant c of V(M ). We have now deﬁned M |= ϕ for any sentence ϕ that does not use ∨, →, ↔, or ∀. Since each of these symbols is deﬁned in terms of ¬, ∧, and ∃, the deﬁnition of M |= ϕ can be extended to all sentences in a natural way. Suppose that, for some sentence ϕ , M |= ϕ has been deﬁned. Suppose further that ϕ has a subformula of the form ¬(¬ψ ∧ ¬θ). Let ϕ be the sentence obtained by replacing an occurrence of the subformula ¬(¬ψ ∧ ¬θ) in ϕ with (ψ ∨ θ). We

62

Structures and ﬁrst-order logic

deﬁne M |= ϕ to mean the same as M |= ϕ . Likewise, if ϕ is obtained from ϕ by replacing a subformula of the form (ψ → θ) with (¬ψ ∨ θ), (ψ ↔ θ) with (ψ ← θ) ∧ (θ ← ψ), or ¬∃x¬ψ(x) with ∀xψ(x) then, as deﬁnition, M |= ϕ if and only if M |= ϕ . We have now deﬁned what it means for a V-structure M to be a model of a V-sentence ϕ. We further extend the deﬁnition to apply to all V(M )-sentences. Recall that V(M ) is the expansion of V obtained by adding a new constant for each element in the universe of M . There is a natural expansion of M to a V(M )structure denoted by MC . For any V(M )-sentence ϕ, we deﬁne M |= ϕ to mean MC |= ϕ. For any V-structure M , we refer to the constants of V(M ) that are not in V as parameters. Example 2.23 Let V< be the vocabulary consisting of a single binary relation <. Let R< be the V< -structure having underlying set R which interprets < in the usual way. Then R< models ∀x∃y∃z((y < x) ∧ (x < z)), ∀x∀y((x < y) → ∃z((x < z) ∧ (z < y))) (3 < 5) ∧ (−2 < 0),

and

¬∃x((x < −2) ∧ (5 < x)). The ﬁrst two are V< -sentences. The other two are V< (R< )-sentences that are not V< -sentences. We regard −2, 0, 3, and 5 as parameters. Note that we have not deﬁned the concept of “models” for formulas that are not sentences. Conventionally, when one says that a structure M models a formula ϕ(x1 , . . . , xn ), what is meant is that M models the sentence ∀x1 . . . ∀xn ϕ(x1 , . . . , xn ). Of course, the formula ϕ(x1 , . . . , xn ) may be true for some values of x1 , . . . , xn and not for others. The set of n-tuples for which the formula holds is called the set deﬁned by ϕ. Deﬁnition 2.24 Let ϕ(x1 , . . . , xn ) be a V-formula. Let M be a V-structure having underlying set UM . The set of all n-tuples (b1 , . . . , bn ) ∈ (UM )n for which M |= ϕ(b1 , . . . , bn ) is denoted by ϕ(M ). The set ϕ(M ) is called a V-deﬁnable subset of M (although it is actually a subset of (UM )n ). Typically, most subsets of a structure’s universe are not deﬁnable (as we will see in Section 2.5). The deﬁnable subsets are special subsets and play a central role in model theory (Chapters 4–6). The V-deﬁnable subsets are the subsets that the vocabulary V is capable of describing. For the sake of model theory, the notion of a ﬁrst-order structure can be deﬁned without reference to the syntax of

Structures and ﬁrst-order logic

63

ﬁrst-order logic. In general, a “structure” can be deﬁned as a set with together with special subsets having names. A ﬁrst-order structure is a structure having names for those sets that are deﬁnable by a ﬁrst-order formula (see Exercises 2.11 and 2.12). Example 2.25 Let V< and R< be as in the previous example. Consider the V< (R< )-formulas (x < y) ∨ (x > y) ∨ (x = y),

and

(¬(x < 3) ∧ ¬(x = 3) ∧ (5 < x)) ∨ (x = 5) ∨ (x < −2). Let ϕ(x, y) denote the ﬁrst formula and let ψ(x) denote the second formula. Then R< |= ϕ(x, y). By this we mean that R< models the sentence ∀x∀yϕ(x, y). It follows that the set deﬁned by ϕ(x, y) is all of R2 . In contrast, the formula ψ(x) does not hold for all x in R. So R< does not model this formula. The set ψ(R< ) deﬁned by ψ(x) is (−∞, −2) ∪ (3, 5]. Note that R< also does not model the formula ¬ψ(x). The set ¬ψ(R< ) is [2, 3] ∪ (5, ∞), the complement of ψ(R< ) in R. If M models ϕ, then we say ϕ holds in M , or simply, that ϕ is true in M . A sentence may be true in one structure and not in another. If a V-sentence ϕ holds in every V-structure, then it is valid, (or a tautology). If the sentence ϕ holds in some structure, then it is satisﬁable. Otherwise, if there is no structure in which ϕ is true, then ϕ is unsatisﬁable (or a contradiction). We use the same terminology as in propositional logic. We give the analogous deﬁnitions for consequence and equivalence. For V-sentences θ and ϕ, “θ is a consequence of ϕ” means that, for every V-structure M , if M |= ϕ then M |= θ. And “θ is equivalent to ϕ” means that θ and ϕ are consequences of each other. Again, we use the following notation: |= ϕ means that ϕ is a tautology, ϕ |= ψ means ψ is a consequence of ϕ, and ϕ ≡ θ means ϕ and ψ are equivalent. The deﬁnition of satisﬁability can be extended to apply to all formulas of ﬁrst-order logic (not just sentences). The formula ϕ(x1 , . . . , xm ) is satisﬁable if and only if the sentence ∀x1 . . . ∀xm ϕ(x1 , . . . , xm ) is satisﬁable. Therefore, the notions of unsatisﬁability, tautology, and consequence also apply to formulas as well as sentences (see Exercise 2.6). A primary aim of ours is to resolve the following decision problems. Validity problem: Given formula ϕ, is ϕ valid? Satisﬁability problem: Given formula ϕ, is ϕ satisﬁable?

64

Structures and ﬁrst-order logic

Consequence problem: Given formulas ϕ and ψ, is ψ a consequence of ϕ? Equivalence problem: Given formulas ϕ and ψ, are ϕ and ψ equivalent? These are, in some sense, variations of the same problem. For this reason we focus on just one of these: the Satisﬁability problem. If we could resolve this problem, then we could also resolve the Validity problem (by asking if ¬ϕ is unsatisﬁable), the Consequence problem (by asking if ϕ ∧ ¬ψ is unsatisﬁable), and the Equivalence problem (by asking if ϕ and ψ are consequences of each other). The question of whether or not a given formula is satisﬁable regards the syntax of the formula rather than the semantics. For example, consider the formula (y + 1) < y. If we interpret the vocabulary {+, <, 1} in the usual manner, then this formula cannot be satisﬁed. The result of adding one to a number cannot be less than the number. Under a diﬀerent interpretation, however, this formula is satisﬁable (suppose that we interpret < as “not equal”). For the same reason, 2 + 2 = 4 is not a tautology. For an example of a formula that is not satisﬁable, consider ∀xR(x, y) → ∃x¬R(x, y). This formula is unsatisﬁable by virtue of its structure. It has the form “p implies not p.” Regardless of how the binary relation R is interpreted, the formula is contradictory. The Satisﬁability problem for ﬁrst-order logic is decidedly more diﬃcult than the corresponding problem for propositional logic. In propositional logic we could, in theory, compute a truth table to determine whether or not a formula is satisﬁable. In ﬁrst-order logic, we would have to check every structure to do this. We have no systematic way for doing this. So, for now, we have no way of proving that a ﬁrst-order formula is unsatisﬁable. To show that a formula is satisﬁable, however, can be easy. We need only to ﬁnd one structure in which it is true. Example 2.26 Let ϕ be the sentence ∀x∃yR(x, y) ∧ ∃y∀x¬R(x, y). To show that this is satisﬁable, we must ﬁnd a structure M that models ϕ. Let M = (N|R) where N denotes the natural numbers and the binary relation R is interpreted as the successor relation. That is, R(x, y) holds if and only if y = x + 1 (y is the successor of x). Under this interpretation, ϕ says that every element has a successor and there exists an element that has no predecessor. This is true in M . Every natural number has a successor, but 0 has no predecessor. So M |= ϕ and ϕ is satisﬁable. It is also easy to see that ϕ is not a tautology. We need only to ﬁnd one structure that models ¬ϕ. Consider, for example, the structure N = (Z|R)

Structures and ﬁrst-order logic

65

where Z denotes the set of integers and the binary relation R is interpreted as the successor relation. This structure does not model ϕ since every integer has a predecessor. Example 2.27 Let VE be the vocabulary {E} consisting of one binary relation. Let M be a VR -structure. The relation E is an equivalence relation on M if and only if M models the three sentences ∀xE(x, x) ∀x∀y(E(x, y) → E(y, x)) ∀x∀y∀z((E(x, y) ∧ E(y, z) → E(x, z))). The ﬁrst sentence, call it ϕ1 , says that E is reﬂexive, the second sentence, ϕ2 , says that E is symmetric, and the third sentence ϕ3 says E is transitive. We have seen equivalence relations before. “Equivalence” was the name we gave to the relation ≡ between formulas of propositional logic. It is easy to see that this relation warrants the name we bestowed it. It clearly satisﬁes the three conditions of an equivalence relation. That is, the VE -structure (U |E) models each ϕi , where U is the set of all formulas of propositional logic and E is interpreted as ≡. We can show that these three sentences are not redundant, that all three are needed to deﬁne the notion of equivalence relation. To do this, we show that none of these sentences is a consequence of the other two. For example, to show that ϕ2 is not a consequence of ϕ1 and ϕ3 , we must ﬁnd a structure that is a model of ϕ1 ∧ ϕ3 ∧ ¬ϕ2 . That is, we must demonstrate a VE -structure where E is reﬂexive and transitive, but not symmetric. The VE -structure (R|E) where E is interpreted as ≤ on the real numbers is such a structure. Likewise, we can show that ϕ1 is not a consequence of ϕ2 and ϕ3 , and ϕ3 is not a consequence of ϕ1 and ϕ2 . We leave this as Exercise 2.4. In these examples we are able to show that certain formulas are satisﬁable by exhibiting structures in which they hold. Using this same idea, we can show that a given formula is not a tautology, that one formula is not a consequence of another, and that two given formulas are not equivalent. However, we have no way at present to show that a formula is unsatisﬁable, or a tautology, or that one formula is a consequence of another. This is the topic of Chapter 3 where we deﬁne both formal proofs and resolution for ﬁrst-order logic.

66

Structures and ﬁrst-order logic

2.4 Examples of structures Let us now examine some speciﬁc structures. We consider four types of structures that one encounters in mathematics and computer science: number systems, linear orders, databases, and graphs. 2.4.1 Graphs. Graph theory provides examples of mathematical structures that are both accessible and versatile. Deﬁnition 2.28 A graph is a set of points, called vertices, and lines, called edges so that every edge starts at a vertex and ends at a vertex. Two vertices are said to be adjacent if they are connected by an edge. The following are examples of graphs:

Graph 1

Graph 2

Graph 3

Graph 4

Instead of giving a picture, we can describe a graph by listing its vertices and edges. The following data completely describes a graph. Vertices: a, b, c, d, e Edges: ab, ad, ae, bc, cd, ce, de This graph has ﬁve vertices (a, b, c, d, and e) and seven edges (between vertices a and b, a and d, and so forth). Note that both Graphs 2 and 3 ﬁt this description. We regard Graphs 2 and 3 as two depictions of the same graph. We can view any graph as a structure G as follows. The underlying set U of G is the set of vertices. The vocabulary VG of G consists of a single binary relation R. The structure G interprets R as the edge relation. That is, for elements a and b of U , G |= R(a, b) if and only if the graph has an edge between vertices a and b. Each of the above graphs model each the following two VG -sentences. ∀x¬R(x, x) ∀x∀y(R(x, y) ↔ R(y, x)) The ﬁrst of these sentences says that the binary relation R is not reﬂexive (no vertex is adjacent to itself). The second sentence says that R is symmetric. Henceforth, when we speak of a graph, we mean a VG -structure that models the above

Structures and ﬁrst-order logic

67

two sentences. Our notion of a “graph” is more accurately described in graph theoretic terms as an “undirected graph with neither multiple edges nor loops.” Graphs 1–4 also model the sentence ∀x∃yR(x, y) which asserts that each vertex is adjacent to some other vertex. However, this is not true of all graphs. For example, consider the following graph:

Graph 5

The vertex in the middle of the square is not adjacent to any vertex. Therefore, this graph models ∃x∀y¬R(x, y) which is equivalent to the negation of ∀x∃yR(x, y). Any graph containing more than one vertex that models this negation must not be connected. We now deﬁne this terminology. Deﬁnition 2.29 For any vertices a and b of a graph, a path from a to b is a sequence of vertices beginning with a and ending with b such that each vertex other than a is adjacent to the previous vertex in the sequence. Deﬁnition 2.30 A graph is connected if for any two vertices a and b in G, there exists a path from a to b. Each of the Graphs 1–4 is connected. Since each has more than one vertex, each models ∀x∃yR(x, y). On the other hand, none of these graphs models ∃x∀yR(x, y). This sentence asserts that there exists a vertex that is adjacent to every vertex. Since no vertex is adjacent to itself, no graph models this sentence (i.e. the negation of ∃x∀yR(x, y) is a consequence of ∀x¬R(x, x)). However, Graph 1 contains a vertex that is adjacent to every vertex other than itself. This can be expressed in ﬁrst-order logic as follows: ∃x∀y(¬(x = y) → R(x, y)). Graph 4 also models this sentence. To distinguish Graph 1 from Graph 4, we can say that Graph 1 contains a unique vertex that is adjacent to every vertex other than itself. This can be expressed as a sentence of ﬁrst-order logic. To simplify this sentence, let ϕ(x) denote the formula ∀y(¬(x = y) → R(x, y)). For any graph G and any vertex a of G, G |= ϕ(a) if and only if a is adjacent to every vertex of G other than a itself. The following sentence says there is a unique such element: ∃yϕ(y) ∧ ∀z(ϕ(z) → (z = y)). This sentence distinguishes Graph 1 from Graphs 2–4.

68

Structures and ﬁrst-order logic

Graph 4, on the other hand, is characterized by the following sentence that says that ϕ(x) holds for every vertex x. ∀x∀y(¬(x = y) → R(x, y)). Any graph that models this sentence is called a clique (or a complete graph). The clique having n vertices is called the n-clique and is denoted by Kn . So Graph 4 is the 8-clique K8 . Note that, when n is speciﬁed, we use the deﬁnite article when referring to the n-clique. This is because any two n-cliques are essentially the same. More precisely, they are isomorphic. Deﬁnition 2.31 Graphs G1 and G2 are said to be isomorphic if there exists a one-to-one correspondence f from the set of vertices of G1 onto the set of vertices of G2 such that for any vertices a and b of G1 , a and b are adjacent in G1 if and only f (a) and f (b) are adjacent in G2 . Such a function f is called an isomorphism. Isomorphic graphs are essentially the same. Example 2.32 Consider the following two graphs. Graph G: Vertices: a, b, c, d Edges: ab, bc, cd, ad. Graph H: Vertices: w, x, y, z Edges: wx, wy, xz, yz. The function f deﬁned by f (a) = w, f (b) = x, f (c) = z,

and f (d) = y

is an isomorphism from G onto H. Both of these graphs can be depicted as squares. The only diﬀerence between G and H are the letters used to represent the vertices. We have demonstrated a VG -sentence distinguishing Graph 1 from Graph 4. We can do much better than this. There exists a VG -sentence distinguishing Graph 1 from all graphs that are not isomorphic to Graph 1. That is, there exists a VG -sentence ϕG such that for any graph H, H |= ϕG if and only if H is isomorphic to G. We prove this in Section 2.6 as Proposition 2.81. In this sense, ﬁrst-order logic is a powerful language for describing ﬁnite graphs. In another sense, however, ﬁrst-order logic is not a powerful language. Basic graph theoretic properties cannot be expressed using ﬁrst-order logic. For example, there is no ﬁrst-order sentence that says a graph has an even number

Structures and ﬁrst-order logic

69

of vertices. Also, ﬁrst order logic cannot say that a graph is connected. Recall that the sentence ∀x∃yR(x, y) holds in any connected graph having more than one vertex. However, just because this sentence holds in a structure does not mean that it is connected. There is no VG -sentence ϕ such that G |= ϕ if and only if G is a connected graph. These and other limitations of ﬁrst-order logic are discussed in Section 4.7. 2.4.2 Relational databases. Relational databases provide concrete examples of structures. Any collection of data can be viewed as a database, whether it be a phone book, a CD catalog, or a family tree. A relational database is presented as a set of tables. For example, the three tables below form a relational database (Tables 2.1–2.3). We now describe a structure D representing this relational database. The underlying set of D consists of all items occuring as an entry in some column of a table. So this set contains 13 names and four dates. Table 2.1

Parent table

Parent

Child

Ray

Ken

Ray

Sue

Sue

Tim

Dot

Jim

Bob

Jim

Bob

Liz

Jim

Tim

Sue

Sam

Jim

Sam

Zelda

Max

Sam

Max

Table 2.2 Women Dot Zelda Liz Sue

Female table

70

Structures and ﬁrst-order logic Table 2.3 Person

Birthday table Birthday

Ann

August 5

Leo

August 8

Max

July 28

Sam

August 1

Sue

July 24

The vocabulary V of D consists of a n-ary relation for each table where n is the number of columns in the table. That is, the vocabulary contains a unary relation F and binary relations P and B corresponding to the Female, Parent, and Birthday tables. The V-structure D interprets these relations as rows of the tables. For example, D |= B(a, b) if and only if “ab” is a row of the Birthday table. This completely describes the V-structure D. For example, we see that D |= F (Dot), D |= P (Zelda, M ax),

and

D |= ¬B(Zelda, July 28). In addition to B, F , and P , we can deﬁne ﬁrst-order formulas expressing various other relations in D. For example, the formula ¬F (x) says that x is male. The formula ∃z(P (x, z)∧P (z, y)) says that x is a grandparent of y. The conjunction of this formula with F (x) says that x is a grandmother of y. The formula ∃yB(x, y) says that x is a date and the negation of this formula says that x is a person. The formula ∃z(B(x, z) ∧ B(y, z)) asserts that x and y share the same birthday. There is no end to the relations that can be deﬁned (see Exercise 2.2). We return to this example at the end of Chapter 3 where we discuss Prolog. Prolog is a programming language based on ﬁrst-order Horn logic that can be used to present and search any relational database. 2.4.3 Linear orders. Next, we look at some structures in the vocabulary V< consisting solely of the binary relation <. Rather than use the notation “< (x, y)” we use the more familiar “x < y” to express that the binary relation < holds for the ordered pair (x, y). As our choice of symbols indicates, each of the structures we consider interprets < as “less than.” We consider four V< -structures denoted by N< , Z< , Q< , and R< . To deﬁne each structure, we must state what the underlying set is and how the symbols are to be interpreted. The underlying sets of the above structures are, in order, the natural numbers, the integers, the rational numbers, and the real numbers.

Structures and ﬁrst-order logic

71

Each of these structures interprets < in the usual way. We can present these structures more concisely as follows: • N< = (N| <) • Z< = (Z| <) • Q< = (Q| <) • R< = (R| <). These four structures have a lot in common. They are all V< -structures and each of them models the following V< -sentences: ∀x∀y((x < y) → ¬(y < x)) ∀x(¬(x < x)) ∀x∀y((x < y) ∨ (y < x) ∨ (x = y)) ∀x∀y∀z(((x < y) ∧ (y < z)) → (x < z)). Taken together, these sentences say that < linearly orders the underlying set. Each of the four structures models each of these four sentences. However, this is not true for all V< -sentences. Let ϕ be the sentence ∀x∃y(y < x), saying that there is no smallest element. Clearly, R< , Q< , and Z< are models of ϕ. However, N< does have a smallest element, namely 1. So N< does not model ϕ, rather N< models the sentence ∃x∀y¬(y < x), asserting that there is a smallest element. Call this sentence θ. Note that θ is equivalent to ¬ϕ. The sentence θ distinguishes N< from the other three models. Next let us ﬁnd a ﬁrst-order sentence distinguishing Z< from the other three structures. Observe that Z< has no smallest element and it is not dense. A linearly ordered set is dense if between any two elements, there is another element. This property can be expressed in ﬁrst-order logic by the following V< -sentence ∀x∀y((x < y) → ∃z((x < z) ∧ (z < y))). Call this sentence δ. Both Q< and R< model δ. Between any two rational numbers a and b there exist inﬁnitely many rational numbers [(a + b)/2 for one]. The same is true for the real numbers. However, the integers are not dense. Between 1 and 2 there are no other integers. So Z< |= ¬δ. The V< -sentence ϕ ∧ ¬δ distinguishes Z< from the other three structures. Now suppose that we want to distinguish between Q< and R< . We may use the fact that R< is bigger than Q< . (In the next section, we discuss the size of a structure in detail and show that, is some precise sense, there are more real

72

Structures and ﬁrst-order logic

numbers than rational numbers.) Another distinguishing characteristic is ordercompleteness. A linear order is order-complete if it cannot be split into two open intervals. √ The set √ of rational numbers, for example, is the union of the intervals (−∞, 2) and ( 2, ∞). The parentheses “(” and “)” indicate that the intervals √ do not contain the end points (this is what we mean by “open”). Since 2 is not a rational number, every rational number is in one of these two intervals. So Q< does not have order-completeness. The structure R< , on the other hand, does have order-completeness. This is a distinguishing characteristic of the real numbers. However, if we attempt to ﬁnd a V< -sentence that distinguishes R< from Q< , we will fail. For every V< -sentence ϕ, R< |= ϕ if and only if Q< |= ϕ. We give an elementary proof of this in Section 5.2. Our ﬁrst-order language is too weak to express any diﬀerence in these structures. We noted that R< is order-complete whereas Q< is not, but we cannot express this with a ﬁrstorder sentence (try it). Rather, order-completeness is a second-order concept. In second-order logic we can express things like “there do not exist two subsets such that. . . ” We also noted that R is bigger than Q, but, as we will see in Chapter 4, ﬁrst-order logic can not distinguish between one inﬁnite number and another. Both Q< and R< are inﬁnite, and that is all ﬁrst-order logic can say. From the point of view of V< -sentences, the structures R< and Q< are identical.

2.4.4 Number systems. Although ﬁrst-order logic cannot tell the diﬀerence between the V< -structures Q< and R< , it can tell the diﬀerence between the real numbers and the rational numbers in vocabularies other than V< . Consider the vocabulary of arithmetic {+, ·, 0, 1} having binary functions + and ·, and constants 0 and 1. Let Var denote this vocabulary and consider the following Var -structures: • A = (Z|+, ·, 0, 1), • Q = (Q|+, ·, 0, 1), • R = (R|+, ·, 0, 1), • C = (C|+, ·, 0, 1). The underlying sets of these structures are, in order, the integers, the rational numbers, real numbers, and the complex numbers. Each of these structures interprets the symbols of Var in the usual way. Rather than use the formal notation “+(x, y) = z” we use the more conventional “x + y = z.” Likewise, we write x · y instead of ·(x, y). We let 2 abbreviate (1 + 1), x2 abbreviate x · x, and so on. Any polynomial having natural numbers

Structures and ﬁrst-order logic

73

as coeﬃcients is a Var -term. Equations such as (for example) x5 − 9x + 3 = 0 are Var -formulas. Again, 3 and x5 are not symbols in Var , they are abbreviations for the Var terms (1 + (1 + 1)) and x · (x · (x · (x · x))), respectively. We still cannot express order-completeness in this vocabulary, but we can 2 distinguish between √ the structures R and Q. The Var -sentence ∃x(x = 2) asserts the existence of 2. It follows that R models this sentence and Q does not. Likewise, the equation 2x + 3 = 0 has a solution in Q but not in A. So Q |= ∃x(2x + 3 = 0), whereas A |= ¬∃x(2x + 3 = 0). To progress from N to Z to Q, we add solutions for more and more polynomials. We reach the end of the line with the complex numbers C. The complex √ numbers are obtained by adding to the reals, the solution i = −1 of the equation x2 + 1 = 0. The Var -sentence ∃x(x2 + 1 = 0) distinguishes C from the other structures in our list. The set C consists of all numbers of the form a + bi where a and b are both real numbers. The Fundamental Theorem of Algebra states that for any nonconstant polynomial P (x) having coeﬃcients in C, the equation P (x) = 0 has a solution in C (this is true even for polynomials of more than one variable). So there is no need to extend to a bigger number system. By virtue of adding a solution of x2 + 1 = 0 to R, we have added a solution for every polynomial. The names of these number systems reﬂect historical biases. The counting numbers 1, 2, 3, . . . are the “natural” numbers to consider in mathematics. Negative numbers are not natural, the square root of 2 is irrational, and the square root of −1 is imaginary. The names suggest that things get more complicated as we progress from “natural” numbers to “complex” numbers. From the point of view of ﬁrst-order logic, however, this is backwards. The structure C is the most simple. The structure R is not simple like C, but it does have many desirable properties. We will discuss the properties of these two structures in Chapter 5. The structure A is not so nice. The “A” stands for arithmetic, which sounds quite elementary. However, from the point of view of ﬁrst-order logic, A is most complex. We investigate the structure A in Chapter 8.

2.5 The size of a structure For any set U , |U | denotes the number of elements in U . For a V-structure M , |M | means |UM |, the number of elements in the underlying set UM of M . We refer to |M | as the size of M . For example, if M2 is Graph 2 from Section 2.1, then |M2 | = 5. If the underlying set of M is inﬁnite, then we could just write

74

Structures and ﬁrst-order logic

|M | = ∞ and say no more, but this oversimpliﬁes the situation. It implies that any two inﬁnite sets have the same size. This is not the case. To explain this, we need to say precisely what we mean by “same size.” Let A and B be two ﬁnite sets. Picture each set as a box of ping pong balls. Imagine reaching into box A with your left hand and box B with your right hand and removing one ball from each. Repeat this process. Reach in to the boxes and simultaneously remove a ball from each, and again, and again. Eventually, one of the boxes is emptied. If box B is emptied ﬁrst, then we conclude that box A must have contained at least as many balls as box B at the outset. That is, |B| ≤ |A|. Since A and B are ﬁnite, this is elementary. For inﬁnite sets we take this idea as deﬁnition of “|B| is less than or equal to |A|.” Deﬁnition 2.33 Let A and B be sets. We deﬁne “|B| ≤ |A|” as follows: |B| ≤ |A| if there exists a one-to-one function f from B into A. The function in this deﬁnition plays the same role as our right and left hands in the preceding discussion. The deﬁnition requires that f is one-to-one and has domain B. Given any element b in B, the function “picks out” an element f (b) from A. If such a function exists, we conclude that |B| ≤ |A|. Example 2.34 Let P be the set of all prime natural numbers and let E be the set of all even natural numbers. Let f : P → E be deﬁned by f (p) = 2p. This function is one-to-one. We conclude that |P | ≤ |E|. That is, there are at least as many even numbers as there are prime numbers. Example 2.35 Recall that N × N denotes the set of all ordered pairs (m, n) of natural numbers. Let f : N → N × N be deﬁned by f (n) = (n, 1) for all n ∈ N. This function is one-to-one. We conclude that |N| ≤ |N × N|. The reader should not be surprised by this fact. Less obvious is the fact that the opposite is true. Consider the function g : N × N → N deﬁned by g(m, n) = 2m 3n . This too is a one-to-one function. So not only is |N| less than or equal to |N × N|, but also |N × N| is less than or equal to |N|. Naturally, we conclude that these two sets have the same size. Deﬁnition 2.36 Let A and B be sets. We say A and B have the same size and write |A| = |B| if both |B| ≤ |A| and |A| ≤ |B|. We write |A| < |B| if both |A| ≤ |B| and it is not the case that |A| = |B| . So to show that two sets A and B have the same size we must demonstrate a one-to-one function from A to B and a one-to-one function from B to A. It suﬃces to show there exists a function f from A to B (or from B to A) that is both one-to-one and onto (since f −1 is also one-to-one and onto). Such a function is called a one-to-one correspondence or a bijection.

Structures and ﬁrst-order logic

75

Example 2.37 Let N be the natural numbers and again let E denote the even natural numbers. In some sense there are “more” natural numbers than even numbers (since E ⊂ N). However, these two sets have the same size. This is witnessed by the function f (x) = 2x deﬁning a bijection from N onto E. Example 2.38 Let R be the real numbers and let I be (0, 1), the set of all reals between 0 and 1. The function f : R → I deﬁned by f (x) = (2/π) arctan x is a bijection from R onto I. So |R| = |I|. If sets A and B can be put into one-to-one correspondence with each other, then they must have the same size. The following theorem states that the converse is also true. If |A| ≤ |B| and |B| ≤ |A|, then there must exist a bijection between A and B. This provides an alternative deﬁnition for “same size.” Theorem 2.39 Sets A and B have the same size if and only if there exists a bijection from A onto B. Proof Only one direction requires proof. As we previously remarked, if there exists a bijection between A and B, then A and B must have the same size. We now prove the opposite: if |A| = |B|, then such a bijection necessarily exists. Suppose A and B have the same size. By the deﬁnition of “same size” there exist one-to-one functions f : A → B and g : B → A. Our goal is to demonstrate a bijection h : A → B. Before deﬁning h, we deﬁne some sequences. Given any a ∈ A, we deﬁne a (possibly ﬁnite) sequence sa as follows. Let a1 = a. Now suppose am ∈ A has been deﬁned for some m ∈ N. Take bm ∈ B such that g(bm ) = am . If no such bm exists, then the sequence ends. Otherwise, if bm does exist, the sequence continues. Take am+1 ∈ A such that f (am+1 ) = bm . Again, if no such am+1 exists, the sequence terminates. Note that the sequence alternates between elements of A and elements of B. The sequence sa can be depicted as follows: g

f

g

f

g

a1 ← b1 ← a2 ← b2 ← a3 ← b3 · · · There are three possibilities for the sequence sa . Either it terminates with some element ai ∈ A, or it terminates with some element bi ∈ B, or it never terminates. These three possibilities partition the set A into three subsets. • Let AA be the set of all a ∈ A such that sa terminates in A. • Let AB be the set of all a ∈ A such that sa terminates in B. • Let AN be the set of all a ∈ A such that sa never terminates. Similarly, we can deﬁne sequences sb that begin with b ∈ B and partition B as follows: • Let BA be the set of all b ∈ B such that sb terminates in A.

76

Structures and ﬁrst-order logic

• Let BB be the set of all b ∈ B such that sb terminates in B. • Let BN be the set of all b ∈ B such that sb never terminates. The function f , when restricted to AA , is a bijection f : AA → BA . We know that f is one-to-one. To see that it is onto, take any b ∈ BA . Since the sequence sb terminates in A, there must exist a ∈ AA such that f (a) = b. (Otherwise, sb would be the one-element sequence b). Likewise g, when restricted to BB , forms a bijection g : BB → AB . Finally, AN and BN are in one-to-one correspondence by either g or f . A bijection h : A → B can now be deﬁned by putting these three parts together. a ∈ AA f (a), −1 h(a) = g (a), a ∈ AB f (a), a∈A N

For ﬁnite sets, Theorem 2.39 is elementary. To determine how many ping pong balls are in a given box, we put the ping pong balls into one-to-one correspondence with the set {1, 2, 3, . . . , k} for some k ∈ N (that is, we count them). We say that two boxes contain the same number of ping pong balls if each can be put into one-to-one correspondence with the same set {1, 2, 3, . . . , k} and, hence, with each other. If A and B are inﬁnite, we may have diﬃculty visualizing them as boxes of ping pong balls. We extrapolate our deﬁnitions for inﬁnite sets from the corresponding deﬁnitions for ﬁnite sets. Furthermore, we employ the following assumption. Assumption: If A and B are sets, then |A| ≤ |B| or |B| ≤ |A|. For ﬁnite A and B, this assumption is a fact that can be proved. If we remove ping pong balls one at a time from each of two given boxes, eventually one (or both) of the boxes will be emptied. We must be careful, however, when handling boxes containing inﬁnitely many ping pong balls (see Exercise 2.43). For inﬁnite A and B, we accept this assumption without proof. It is equivalent to an axiom of mathematics known as the Axiom of Choice. It follows from this assumption that, for any inﬁnite set A, |N| ≤ |A|. This leads to a crucial dichotomy of inﬁnite sets: either |N| = |A| or |N| < |A|. Deﬁnition 2.40 A set A is denumerable if there exists a bijection between A and N. Deﬁnition 2.41 A set A is countable if it is either ﬁnite or denumerable. Otherwise, A is uncountable. Proposition 2.42 The set of rational numbers Q is countable.

Structures and ﬁrst-order logic

77

Proof Clearly, |N| ≤ |Q| (since N ⊂ Q). Conversely, each nonzero element in Q can be written in a unique way as a reduced fraction of natural numbers times (−1)m for m = 1 or 2. Let f : Q → N be deﬁned by f ( ab (−1)m ) = 2a 3b 5m where a b is reduced. Further, let f (0) = 0. Now f is a one-to-one function from Q into N. By deﬁnition, |Q| ≤ |N|. Hence Q and N have the same size. In a similar manner, we showed in Example 2.35 that N×N has the same size as N. So N × N is a countable set. We use this to prove the following useful fact. Proposition 2.43 The union of countably many countable sets is countable. Proof For each n ∈ N, let An be a countable set. Let U denote the union of these sets. If the An s are each denumerable and are disjoint from one another, then U is as big as possible. Suppose this is the case. So each An can be enumerated as {a1 , a2 , a3 , . . .}. Let f (m, n) denote the mth element in the enumeration of An . This deﬁnes a bijection f : N × N → U . We conclude that U has the same size as N × N. Since N × N is countable, so is U . An example of an uncountable set is provided by the set of all subsets of N. For any set A, the set of all subsets of A is called the power set of A, denoted by P(A). We show that |P(A)| is always strictly bigger than |A|. Proposition 2.44 For any set A, |A| < |P(A)|. Proof To show that |A| < |P(A)| we must show that both |A| ≤ |P(A)| and |A| = |P(A)|. The one-to-one function f : A → P(A) deﬁned by f (a) = {a} (for each a ∈ A) shows that |A| ≤ |P(A)|. To show that |A| = |P(A)|, we must show that there does not exist a bijection between A and P(A). Let g be an arbitrary one-to-one function from A to P(A). We show that g is necessarily not onto. (Note that the above one-to-one function f is not onto.) For each element a in A, either a is in the set g(a) or a is not in g(a). Let X be the set of those elements a in A for which a is not in g(a). Then a ∈ X if and only if a ∈ g(a). For each a ∈ A, it cannot be the case that g(a) = X (otherwise we would have a ∈ X if and only if a ∈ X which is absurd). Since X is not in the range of g, g is not onto. Since g was arbitrary, we conclude that no one-to-one function from A to P(A) is onto. Corollary 2.45 Any denumerable set has uncountably many subsets. In particular, there are uncountably many subsets of N. We use this fact to show that there are uncountably many real numbers. Proposition 2.46 The set of real numbers R is uncountable.

78

Structures and ﬁrst-order logic

Proof We deﬁne a one-to-one function f from P(N) into R. Let X be an element of P(N). Then, as a subset of the natural numbers, X contains at most 10 single-digit numbers, at most 90 two-digit numbers, at most 900 three-digit numbers, and so forth. Let rX be the real number between 0 and 1 described as follows. The ﬁrst two digits following the decimal point represent the number of single-digit numbers in X. These are succeeded by each of the single-digit numbers in X listed in ascending order. The next two digits in the decimal expansion of rX represent the number of two-digit numbers in X. These are followed by the list of the two-digit numbers in X. The next three digits state how many three-digit numbers are in X, and so forth. For example, let X = {2, 4, 5, 6, 7, 8, 9, 10, 24, 213, 3246}. There are 07 singledigit numbers in X (namely 2, 4, 5, 6, 7, 8, and 9), there are 02 two-digit numbers (namely 10 and 24), there is 001 three-digit number (213), and 0001 four-digit number (3246). So we have rX = 0.0724567890210240012130001324600000000 . . . The number rX contains a complete description of the set X. It follows that the function f : P(N) → R deﬁned by f (X) = rX is a one-to-one function. Hence |P(N)| ≤ |R|. Since P(N) is uncountable, so is R. We next show that there are only countably many V-formulas for any countable vocabulary V. Proposition 2.47 If the vocabulary V is countable, then so is the set of all V-formulas. Proof We deﬁne a one-to-one function f from the set of all V-formulas into N. Since V is countable, we can assign a diﬀerent natural number to each symbol occurring in a V-formula. Then to each V-formula, there is an associated ﬁnite sequence of natural numbers. Suppose that a given V-formula ϕ has a1 , a2 , . . . , am as its associated sequence of natural numbers. Deﬁne f (ϕ) as the product 2a1 · 3a2 · 5a3 · · · · · pann where pn denotes the nth prime number. We recall two basic facts about the natural numbers: there are inﬁnitely many primes and there is a unique way to factor any given natural number into primes. So we can factor the natural number f (ϕ) to recover the sequence a1 , . . . , an and the formula ϕ. It follows that f is a one-to-one function as was required. By Proposition 2.47, most subsets of N are not deﬁnable in any countable vocabulary. The same idea used to prove Proposition 2.47 can be used to show that there are countably many sentences in English or any other natural language. So there exist uncountably many real numbers that elude description in

Structures and ﬁrst-order logic

79

any natural language. Likewise, there exist uncountably many subsets of the natural numbers that cannot be deﬁned. The following proposition shows that this is also true of functions on the natural numbers. Proposition 2.48 The set of all functions from N to N is uncountable. Proof Let F denote the set of all functions from N to N. We show that |I| ≤ |F |. Recall that I is the interval (0, 1) consisting of real numbers between 0 and 1. By Example 2.38, I and R have the same size. By the previous proposition, I is uncountable. Let r be an arbitrary element of I. Let fr : N → N be deﬁned by letting fr (n) be the nth digit in the decimal expansion of r. Clearly, if r1 and r2 are distinct numbers in I, then fr1 and fr2 are distinct functions. Therefore, the function assigning fr to input r is a one-to-one function from I to F . It follows that |I| ≤ |F | and |F | is uncountable. (In fact, we have shown that there exist uncountably many functions from N to the set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}). A function f (x) is said to be computable if there exists a computer program that outputs f (x) when given input x. Applying Proposition 2.47 to computer languages, we see that there are only countably many possible computer programs. It follows that there are uncountably many functions from N to N that cannot be computed. This is also true for functions on the reals. Most functions are not computable. This fact deﬁes empirical evidence. Most of the functions with which we are familiar (most functions one encounters in calculus, say) are computable. The notion of computability is discussed in detail in Chapter 7. In Section 7.6.1, we shall give examples of functions that are precisely deﬁned but not computable. At the outset of this section, we said that having a single notion of “inﬁnity” is misleading. We have replaced this with two notions. An inﬁnite set is either countable or uncountable. Many of the inﬁnite sets we encounter either have the same size as N or the same size as R. (Both P(N) and F have the same size as R. See Exercises 2.41 and 2.42.) This dichotomy is still crude. Proposition 2.44 guarantees the existence of arbitrarily large uncountable sets, so having a single notion of “uncountable” is now misleading. In Section 4.2, we introduce cardinal numbers to represent the size of a set and study the plethora of uncountable numbers in more depth. For now, we end our digression into the inﬁnite and return to our discussion of structures.

2.6 Relations between structures We consider certain relations that may or may not hold between two structures in the same vocabulary.

80

Structures and ﬁrst-order logic

2.6.1 Embeddings. Let M and N be structures. The notation f : M → N is used to denote “f is a function from M to N .” When using this notation, it is understood that f is not a symbol in the vocabularies of M or N . Each unary function in the vocabulary of M is interpreted as a function from the universe of M to itself. When we speak of a function from M to N , we actually mean a function from the underlying set of M to the underlying set of N . That is, to each element a from the universe UM of M , f assigns an element f (a) in the universe UN of N . We are most interested in the case where, for some vocabulary V, M , and N are both V-structures and f preserves certain V-formulas. Deﬁnition 2.49 Let V be a vocabulary and let M and N be V-structures. A function f : M → N preserves the V-formula ϕ(¯ x) if, for each tuple a ¯ of elements in M , M |= ϕ(¯ a) implies N |= ϕ(f (¯ a)). Deﬁnition 2.50 Let M and N be V-structures and let f : M → N be a function. If f preserves all V-formulas that are literals, then f is a literal embedding (or just an embedding). If f preserves all V-formulas, then f is an elementary embedding. Example 2.51 Consider the following two graphs: A

B

a

b e f

D

C

d

c

Let f : M → N be deﬁned by f (A) = a, f (B) = b, f (C) = c,

and f (D) = d.

Let g : M → N be deﬁned by f (A) = b, f (B) = e, f (C) = d,

and f (D) = f .

Then g is a literal embedding and f is not. Example 2.52 Recall the structures N< , Z< , Q< , and R< from Section 2.4.3. Let id : N< → Z< be the identity function deﬁned by id(x) = x. This is a literal embedding. Since N< |= ¬∃x(x < 0) and Z< |= ∃x(x < 0) this embedding does not preserve the formula ¬∃x(x < y), and so it is not an elementary embedding. The identity function id : Z< → Q< is also a literal embedding that is not elementary (it does not preserve the formula ¬∃x(y < x ∧ x < z)). The identity function from Q< to R< , on the other hand, is an elementary embedding. This will be proved in Chapter 5.

Structures and ﬁrst-order logic

81

We next show that literal embeddings necessarily preserve formulas other than literals. Deﬁnition 2.53 A quantiﬁer-free formula is a formula in which the quantiﬁers ∃ and ∀ do not occur. Deﬁnition 2.54 An existential formula is a formula of the form ∃y1 ∃y2 . . . ∃ym ϕ(¯ x, y1 , y2 , . . . , ym ), where ϕ(¯ x, y¯) is a quantiﬁer-free formula and m ≥ 0. We show that embeddings preserve existential formulas. First we prove the following proposition regarding quantiﬁer-free formulas. Proposition 2.55 Let f : M → N be an embedding. Then for any quantiﬁer-free formula ϕ(¯ x) and any tuple a ¯ of elements from the universe of M , M |= ϕ(¯ a) if and only if N |= ϕ(f (¯ a) ). Proof We proceed by induction on the complexity of ϕ. Suppose ϕ(¯ x) is atomic. Then, since f preserves literals, if M |= ϕ(¯ a), then N |= ϕ(f (¯ a)). Conversely, if N |= ϕ(f (¯ a)) then, since ¬ϕ(¯ x) is a literal preserved by f , it must be the case that M |= ϕ(¯ a). Now suppose that, for formulas ψ and θ, M |= ψ(¯ a) if and only if N |= ψ(f (¯ a) ),

and

M |= θ(¯ a) if and only if N |= θ(f (¯ a) ) for any tuple a ¯ of elements from the universe of M . This is our induction hypothesis. Since we want to prove the proposition only for quantiﬁer-free formulas, the induction step, as in propositional logic, comprises three parts corresponding to ¬, ∧, and ≡. We must show that M |= ϕ(¯ a) if and only if N |= ϕ(f (¯ a) ) when ϕ is ¬ψ, when ϕ is ψ ∧ θ, and when ϕ ≡ ψ. The ﬁrst two of these follow immediately from the semantics of ﬁrst-order logic and the latter follows from the deﬁnition of ≡. Proposition 2.56 Embeddings preserve existential formulas. Proof Let f : M → N be an embedding and let ϕ(¯ x) be an existential formula. We must show that, for any tuple a ¯ of elements from the universe UM of M , if M |= ϕ(¯ a) then N |= ϕ(f (¯ a)). Since ϕ(¯ x) is existential, it has the form x, y1 , y2 , . . . , ym ), where ϕ0 (¯ x, y¯) is a quantiﬁer-free formula ∃y1 ∃y2 . . . ∃ym ϕ0 (¯ and m ≥ 0. a, ¯b) for some tuple By the semantics of ∃, M |= ϕ(¯ a) means that M |= ϕ0 (¯ ¯b of elements from UM . Since ϕ0 is quantiﬁer-free, we have N |= ϕ0 (f (¯ a), f (¯b)) by the previous proposition. Again by the semantics of ∃, N |= ϕ(f (¯ a)).

82

Structures and ﬁrst-order logic

Note that if f : M → N is a literal embedding then, by Proposition 2.55, M |= a = b if and only if N |= f (a) = f (b). It follows that any literal embedding is necessarily a one-to-one function. Note too that any elementary embedding is a literal embedding. In general, “elementary” is a much stronger adjective that “literal.” However, if f happens to be onto, then these two notions coincide. Proposition 2.57 Let M and N be V-structures. If the function f : M → N is onto, then f is a literal embedding if and only if f is an elementary embedding. Proof Let f : M → N be an literal embedding that is onto. Then f −1 is a one-to-one function from N onto M . We show that both f and f −1 preserve each V-formula. That is, for each V-formula ϕ(¯ x) and each tuple a ¯ of elements from M , M |= ϕ(¯ a) if and only if N |= ϕ(f (¯ a)). We prove this by induction on the complexity of ϕ(¯ x). If ϕ(¯ x) is atomic, then this is precisely Proposition 2.55. Our induction hypothesis is that both f and f −1 preserve V-formulas ψ and θ. If ϕ is equivalent to ψ then it is also preserved by f and f −1 . Moreover, if ϕ is either ¬ψ or ψ ∧ θ, then, by the semantics of ¬ and ∧, ϕ is preserved by f and f −1 . It remains to be shown that ϕ is preserved in the case where ϕ is the formula ∃yψ. Let ϕ(¯ x) be the formula ∃yψ(¯ x, y). First we show that f preserves ϕ. Suppose that M |= ϕ(¯ a) for some tuple a ¯ of elements in M . Then, by the semantics of ∃, M |= ψ(¯ a, b) for some element b of M . Since ψ is preserved by f , N |= ψ(f (¯ a), f (b)). Again by the semantics of ∃, N |= ϕ(f (¯ a)). a)). Then, by Now we show that f −1 preserves ϕ. Suppose that N |= ϕ(f (¯ the semantics of ∃, N |= ψ(f (¯ a), c) for some element c of N . Since f is onto, a, b). Finally, c = f (b) for some element b of M . Since f −1 preserves ψ, M |= ψ(¯ again by the semantics of ∃, M |= ϕ(¯ a). Deﬁnition 2.58 Let M and N be V-structures. A function from M to N is an isomorphism if it is a one-to-one correspondence that preserves every V-formula. If such an isomorphism exists, then M and N are isomorphic, denoted by M ∼ = N. Deﬁnition 2.59 Let M and N be V-structures. If M and N model the same V-sentences, then M and N are said to be elementarily equivalent, denoted M ≡ N. Example 2.60 The V< -structures Q< and R< from Section 2.4.3 are elementarily equivalent. Proposition 2.61 Let M and N be V-structures. If M ∼ = N , then M ≡ N .

Structures and ﬁrst-order logic

83

Proof Let f : M → N be an isomorphism. Then both f and f −1 preserve every formula. In particular, for any sentence ϕ, M |= ϕ if and only if N |= ϕ. If V-structures M and N are elementarily equivalent, then we cannot distinguish them using ﬁrst-order logic. Moreover, if M and N are isomorphic, then they are essentially the same. The only diﬀerence between isomorphic structures is the names given to the elements of the underlying sets (recall Example 2.32). 2.6.2 Substructures. If B is a set, then A ⊂ B means that A is a subset of B. If N is a structure, then M ⊂ N means that M is a substructure of N . We now deﬁne this concept. Deﬁnition 2.62 For any structure N , M is a substructure of N , denoted M ⊂ N , if 1. M is a structure having the same vocabulary as N , 2. the underlying set UM of M is a subset of the underlying set UN of N , and 3. M interprets the vocabulary in the same manner as N on UM . Example 2.63 Recall the structures N< , Z< , Q< , and R from Section 2.4.3. We have N< ⊂ Z< ⊂ Q< ⊂ R. Likewise, for the structures discussed in Section 2.4.4, A ⊂ Q ⊂ R ⊂ C. Example 2.64 Let G be the following graph: Vertices: a, b, c, d, e Edges: ab, ac, ad, ae, bc, cd, de If we choose any subset of these vertices and any subset of edges involving the chosen vertices, then we obtain what is known in graph theory as a subgraph. Let H be the following subgraph of G. Vertices: a, b, c, d Edges: ab, ad, bc, cd Although H is a subgraph of G, H is not a substructure of G (viewing G and H as VG -structures). Since G |= R(a, c) and H |= ¬R(a, c), H does not interpret the binary relation R the same way as G does on the set {a, b, c, d}. The notion of substructure corresponds to the graph theoretic notion of induced subgraph. Let N be a V-structure and let UN be the underlying set for N . Not every subset of UN may serve as the universe for a substructure of N . Since a substructure is itself a V-structure, it must interpret each constant and function in V.

84

Structures and ﬁrst-order logic

Since N is a V-structure, it interprets each constant c in V as an element ac of UN . Let C be the subset of UN deﬁned by C = {ac |c a constant in V}. Let f be an n-ary function in V. A subset D of UN is closed under f if and only if, for each n-tuple a ¯ of elements of D, f (¯ a) is also an element of D. For D to be the universe of a substructure of N , it is necessary and suﬃcient that D contains each element in C and is closed under each function in V. Example 2.65 Let N be the structure (N|S) that interprets the binary relation S as the successor relation. That is, for any a and b in N, N |= S(a, b) if and only if b = a + 1. Since the vocabulary contains neither constants nor functions, every subset of N is the universe for a substructure of N . It follows that there are uncountably many substructures of N . Moreover, there exist uncountably many substructures, no two of which are isomorphic. We leave the veriﬁcation of this fact as Exercise 2.35. Example 2.66 Let N be the structure (N|s) that interprets the unary function s as the successor function. That is, for any a and b in N, N |= s(a) = b if and only if b = a + 1. Only those subsets of N that are closed under s may serve as the universe of a substructure. The closed subsets of N are the sets of the form {n|n ≥ d} for some d ∈ N. It follows that there are countably many substructures of N . Moreover, all of these substructures are isomorphic. So there is only one substructure up to isomorphism. Example 2.67 Let N be the structure (N|s, 1) that interprets the unary function s as the successor function and the constant 1 as the element 1 in N. If D ⊂ N is the universe of a substructure of N , then D must contain 1 and be closed under the function s. It follows that D must be all of N. Therefore, the only substructure of N is N itself. An alternative deﬁnition of substructure is provided by the notion of embedding. Proposition 2.68 Let N and M be structures in the same vocabulary. Then M is a substructure of N if and only if the identity function id : M → N deﬁned by id(x) = x is an embedding. Proof Exercise 2.26. If M ⊂ N , then, reversing our point of view, N is said to be an extension of M . Note the distinction between an “extension” and an “expansion” of a structure. A structure has both an underlying set and a vocabulary. An expansion of a structure has the same underlying set, but the vocabulary may be increased. An extension of a structure has the same vocabulary, but the underlying set may be enlarged.

Structures and ﬁrst-order logic

85

Deﬁnition 2.69 The formula ϕ(¯ x) is said to be preserved under extensions if, whenever M ⊂ N and a ¯ is a tuple of elements from the universe of M , if M |= ϕ(¯ a) then N |= ϕ(¯ a). Deﬁnition 2.70 The formula ϕ(¯ x) is said to be preserved under substructures if, whenever M ⊂ N and a ¯ is a tuple of elements from the universe of M , if N |= ϕ(¯ a) then M |= ϕ(¯ a). Proposition 2.71 Quantiﬁer-free formulas are preserved under substructures and extensions. Proof This follows immediately from Proposition 2.55. Proposition 2.72 Existential formulas are preserved under extensions. Proof This follows immediately from Proposition 2.56. In particular, existential sentences are preserved under extensions. Intuity ) holds ively, an existential sentence asserts that a quantiﬁer-free formula ϕ0 (¯ for some tuple y¯ of elements in the universe. If this is true in M and M ⊂ N , then it must also be true in N since every tuple of elements from the universe y ) holds of M is also a tuple of elements from the universe of N . Likewise, if ϕ0 (¯ for all tuples y¯ of elements in the universe of N , then, in particular, it holds y ) are for all elements in any substructure of N . So sentences of the form ∀¯ y ϕ0 (¯ preserved under substructures. Deﬁnition 2.73 A universal formula is a formula of the form x, y1 , y2 , . . . , ym ), ∀y1 ∀y2 . . . ∀ym ϕ(¯ where ϕ(¯ x, y¯) is a quantiﬁer-free formula and m ≥ 0. Proposition 2.74 Universal formulas are preserved under substructures. Proof Exercise 2.32. In Chapter 4, we prove converses of these propositions. We show in Section 4.5.1 that if a formula ϕ is preserved under substructures, then ϕ is equivalent to an universal formula. Likewise, if ϕ is preserved under extensions, then ϕ is equivalent to an existential formula. The notion of elementary embedding yields the following strengthening of the notion of substructure. Deﬁnition 2.75 Let N and M be structures in the same vocabulary. Then M is an elementary substructure of N (or, equivalently, N is an elementary extension of M ), denoted M ≺ N , if and only if the identity function id : M → N deﬁned by id(x) = x is an elementary embedding.

86

Structures and ﬁrst-order logic

If N is an elementary extension of M , then for any formula ϕ(¯ x) and any tuple a ¯ of elements from the universe of M , M |= ϕ(¯ a) if and only if N |= ϕ(¯ a). It follows that if M ≺ N , then M ≡ N . The converse of this does not hold. In the following example, M is a substructure of N and M ≡ N , but M is not an elementary substructure of N . Example 2.76 Let N be the natural numbers with the successor function. That is, N = (N|s) from Example 2.66. Let M be the substructure of N having universe {2, 3, 4, . . .}. Let f : N → M be deﬁned by f (n) = n + 1 for each n in N. Then f is an isomorphism from N onto M . We have both M ⊂ N and M ∼ = N. However, M is not an elementary substructure of N . There exists an elementary embedding of M into N , but it is not the identity function. In particular, let ϕ(x) be the formula ¬∃y(s(y) = x) saying that x has no predecessor. Then M |= ϕ(2), but N |= ¬ϕ(2). 2.6.3 Diagrams. The concept of a diagram (and, more speciﬁcally, an elementary diagram) of a V-structure M is a fundamental concept that we shall use repeatedly in this book (primarily in Chapter 4). Intuitively, a diagram of M is a set of ﬁrst-order sentences that together say “M can be embedded into me.” That is, M can be embedded into any model of the diagram of M . Likewise, the elementary diagram of M is a set of sentences such that M can be elementarily embedded into any model. We now explicitly deﬁne these sets of sentences. Recall that V(M ) denotes the expansion of V obtained by adding a constant for each element of the underlying set of M and MC denotes the expansion of M to a V(M )-structure that interprets these constants in the natural way. Deﬁnition 2.77 Let M be a V-structure. The elementary diagram of M , denoted ED(M ) is the set of all V(M )sentences that hold in MC . The literal diagram of M , denoted D(M ), is the set of all literals in ED(M ). We often refer to the literal diagram of M as simply the diagram of M . Example 2.78 Consider the graph deﬁned by the following information: Vertices: a, b, c, d Edges: ab, bc, cd, bd. Let G denote the VG -structure represented by this graph. The diagram D(G) contains the atomic formulas R(a, b), R(b, c), R(c, d),

and R(b, d)

Structures and ﬁrst-order logic

87

stating the edges of G. It also contains the negated atomic formulas ¬R(a, c)

and ¬R(a, d)

stating the edges that are not in G. There are also negated atomic formulas indicating that a, b, c, and d are distinct: ¬(a = b), ¬(a = c), ¬(a = d), ¬(b = c), ¬(b = d),

and ¬(c = d).

Note that G can be embedded into any graph which models these 12 literals in D(G). Moreover, D(G) contains the literals R(b, a), R(c, b), R(d, c),

and R(d, b)

along with ¬R(a, a), ¬R(b, b), ¬R(c, c), ¬R(d, d), and a = a, b = b, c = c, d = d, ¬(b = a), ¬(c = a), . . . and so forth. In all, there are 32 diﬀerent (although redundant) literals in D(G). Note that G can be embedded into any VG -structure that models all of these sentences. Proposition 2.79 Let M and N be V-structures. The following are equivalent: (i) M can be embedded into N . ˜ |= D(M ) for some expansion N ˜ of N . (ii) N ∼ (iii) N = N for some extension N of M . Proof Let UM and UN denote the underlying sets of M and N , respectively. First, we show (iii) implies (i). Suppose that M ⊂ N and N ∼ = N . Let f : N → N be an isomorphism. Then f restricted to M is an embedding of M into N . To see that (i) implies (ii), suppose that f : M → N is an embedding. Let C = {cm : m ∈ UM } be constants not in V. Let V(C) be the expansion V ∪ C of ˜ be the expansion of N to a V(C)-structure that interprets each cm ∈ C V. Let N ˜ |= D(M ). as the element f (m) ∈ UN . Then N ˜ be as in (ii). We want to show that (iii) holds. The set UM Finally, let N might not be a subset of UN . However, for each m ∈ UM , there must exist ˜ interprets as the constant cm . Let UN be the set obtained by m ∈ UN that N replacing each m ∈ UN with m. Now UM ⊂ UN . Let N be the V-structure having underlying set UN that interprets V in the same manner as N . Then the function f deﬁned by f (m) = m for m ∈ UM and f (x) = x for x ∈ UN − UM is and isomorphism from N onto N . Likewise we have the following.

88

Structures and ﬁrst-order logic

Proposition 2.80 Let M and N be V-structures. The following are equivalent: (i) M can be elementarily embedded into N . ˜ |= ED(M ) for some expansion N ˜ of N . (ii) N ∼ (iii) N = N for some elementary extension N of M . Proof Exercise 2.27. If M is a ﬁnite structure in a ﬁnite vocabulary, then D(M ) is ﬁnite. It follows that any ﬁnite structure is completely described by a single sentence of ﬁrst-order logic. Proposition 2.81 Let V be a ﬁnite vocabulary. For any ﬁnite V-structure M , there exists a V-sentence ϕM such that, for any V-structure N , N |= ϕM if and only if N ∼ = M. a) be the conProof Let {a1 , a2 , . . . , an } be the underlying set of M . Let ϕ(¯ junction of the ﬁnitely many sentences in D(M ) where a ¯ denotes the n-tuple x) denote the V-formula obtained by replacing each ai (a1 , a2 , . . . , an ). Let ϕ(¯ in ϕ(¯ a) with the variable xi (which we assume does not occur in ϕ(¯ a)). We x) by simply writing ∃¯ xϕ(¯ x). abbreviate the sentence ∃x1 ∃x2 . . . ∃xn ϕ(¯ Let ψn be the sentence ∀x1 ∀x2 . . . ∀xn+1

(xi = xj )

i=j

saying that, given any n + 1 elements, there must exist two that are equal. xϕ(¯ x). We must verify that this sentence Now let ϕM be the sentence ψn ∧ ∃¯ xϕ(¯ x), N contains n elements works. Suppose N |= ϕM . Then, since N |= ∃¯ b1 , . . . , bn so that N |= ϕ(b1 , . . . , bn ). By Proposition 2.79, M can be embedded into N . Let f : M → N be an embedding. Since N |= ψn , |N | ≤ n. It follows that f must be onto. By Proposition 2.57, f is elementary and, hence, an isomorphism. Corollary 2.82 If M is ﬁnite, then, for any structure N , M ∼ = N if and only if M ≡ N. As we previously mentioned, this corollary is not true for inﬁnite structures. If M is inﬁnite, then there exist many non-isomorphic structures N for which M ≡ N . This is proved in Chapter 4. Phrased another way, ﬁrst-order logic is not capable of fully describing inﬁnite structures. First-order logic is, in this sense, a weak language. Ironically, as a consequence of this weakness, ﬁrst-order logic

Structures and ﬁrst-order logic

89

has many desirable properties (discussed in Chapter 4) that make it a prominent logic. The weakness of ﬁrst-order logic gives rise to the subject of model theory.

2.7 Theories and models Model theory is the branch of logic concerned with the interplay between mathematical structures and sentences of a formal language. First-order logic serves as a primary language for this subject. Any structure M determines a set of ﬁrst-order sentences T h(M ) called the theory of M . Deﬁnition 2.83 For any V-structure M , the theory of M , denoted T h(M ), is the set of all V-sentences ϕ such that M |= ϕ. Conversely, any set of ﬁrst-order sentences Γ determines a class of structures M od(Γ). Deﬁnition 2.84 For any set of V-sentences, a model of Γ is a V-structure that models each sentence in Γ. The class of all models of Γ is denoted by M od(Γ). Note: The word class is used instead of set for M od(Γ) because of the following technicality: M od(Γ) is sometimes unbounded. It is unbounded precisely when Γ has an inﬁnite model. By unbounded we mean that for any set X, M od(Γ) is strictly bigger than X. If this is the case, then M od(Γ) must not be a set (it cannot be strictly bigger than itself). Under certain conditions on Γ, the theory of any model of Γ is Γ itself. If this is the case, then T h(M ) = Γ if and only if M ∈ M od(Γ). This happens only if Γ is a complete theory, a notion that we presently deﬁne. Deﬁnition 2.85 Let Γ be a set of V-sentences. Then Γ is a complete V-theory if, for any V-sentence ϕ either ϕ or ¬ϕ is in Γ and it is not the case that both ϕ and ¬ϕ are in Γ. Proposition 2.86 For any V-structure M , T h(M ) is a complete V-theory. Proof We show that for any vocabulary V, any V-structure M , and any Vsentence ϕ: † either ϕ or ¬ϕ is in T h(M ) and it is not the case that both ϕ and ¬ϕ are in T h(M ). With no loss of generality, we may assume that ϕ contains no occurrences of ∨, →, ↔, or ∀. This is because these symbols are deﬁned in terms of the primitive symbols ¬, ∧, and ∃. We proceed by induction on the number of total occurences of ¬, ∧, and ∃ in ϕ.

90

Structures and ﬁrst-order logic

If ϕ contains no occurrence of the primitive symbols, then ϕ has the form R(t1 , . . . , tn ) or t1 = t2 where t1 , . . . , tn are V-terms. That is, ϕ is atomic. Since ϕ is a sentence, each ti is variable-free. Since M is a V-structure and each ti is a variable-free V-term, M interprets each ti as an element ai of the universe U of M . By the deﬁnition of |=, M |= t1 = t2 if and only if a1 and a2 are the same element of U , and M |= R(t1 , . . . , tn ) if and only if the tuple (a1 , . . . , an ) is in the subset of U n that the interpretation of M assigns to R. In either case, we see that M |= ϕ or M |= ¬ϕ and not both. We have veriﬁed (†) for any vocabulary V, any V-structure M , and any atomic V-sentence ϕ. Now suppose that we have shown this for any V-sentence containing at most m total occurences of ¬, ∧, and ∃. This is our induction hypothesis. Suppose ϕ has the form ¬ψ or ψ ∧ θ. By our induction hypothesis, (†) holds for both ψ and θ. By the semantics of ¬ and ∧, the above statement also holds for ϕ. Finally, suppose that ϕ has the form ∃ψ(x). By the semantics of ∃, M |= ϕ if and only if MC |= ψ(c) for some constant c in the vocabulary of MC . Again by our induction hypothesis, the above statement holds for ψ(c), and therefore it holds for ϕ as well. It follows from induction that (†) holds for all sentences ϕ. This proposition, although quite elementary, is of fundamental importance. This proposition veriﬁes that ﬁrst-order logic avoids the ambiguities and paradoxes that arise in natural languages. In any set of ﬁrst-order sentences describing a given structure, there is nothing contradictory. Deﬁnition 2.87 A set of sentences Γ is said to be consistent if no contradiction can be derived from Γ. The word “derived” is formally deﬁned for ﬁrst-order logic in the next chapter, but the idea is analogous to the notion of “derived” for propositional logic. Deﬁnition 2.88 A theory is a consistent set of sentences. If T is a theory, then M od(T ) is called an elementary class. Let V be a vocabulary. Then a V-theory is a consistent set of V-sentences. A V-theory T is a complete theory if it is maximal in the following sense: any set of V-sentences that contains T as a proper subset is not consistent. This agrees with our previous deﬁnition of “complete theory.” Model theory studies theories and models and the interaction between them. Understanding the theory of a structure lends insight into the structure. The theory describes the structure. On the other hand, understanding the models of a theory lends insight into the theory. A theory T can be classiﬁed based on various properties of M od(T ).

Structures and ﬁrst-order logic

91

We continue our study of model theory in Chapters 4–6. Chapter 4 considers the properties of ﬁrst-order logic that make it an appropriate language for model theory. In Chapter 5 we focus on theories and consider some properties that a theory may or may not posses. In Chapter 6, we consider individual models of a theory that have special properties. Prior to this, in Chapter 3, we consider the basic problem of determining whether a given sentence of ﬁrst-order logic is satisﬁable. Toward this aim we develop formal proofs and resolution for ﬁrst-order logic.

Exercises 2.1.

Let V be the vocabulary {+, <, 1, 2, 3} where + is a binary function, < is a binary relation, and 1, 2, and 3 are constants. We write (x + y) for +(x, y) and x < y for < (x, y). Consider the following V-formulas: 1. ∀x∃y((x + y) = 1) 2.

∀x¬(x < 1)

3.

((1 + 1) = 2)

4.

2<1

5.

∀x(2 < 1) → (x + 2 < x + 1)

6.

∀x∀y∃z(x + y = z)

7.

∀x∀y∀z(((x + 3 = y) ∧ (x + 3 = z)) → (y = z))

8.

∀x∀y∀z(((x + y = 3) ∧ (x + z = 3)) → (y = z))

9.

∀x∀y(((x + 3) < (y + 3)) → (x < y))

10. ∀x∀y((x < 2) → ((x + 3) = 4)) (a)

Which of these 10 formulas are sentences?

(b) Which of these 10 formulas are satisﬁable? (c)

Which of these 10 formulas are tautologies?

(d) Let N+ be the V-structure having universe N that interprets the symbols of V in the usual way. Which of the above sentences does N+ model? (e)

Let R+ be the V-structure having universe R that interprets the symbols of V in the usual way. Which of the above sentences does R+ model?

(f)

List the terms occurring in the above formulas.

(g)

For each of the ten formulas, state the number of subformulas. How many atomic subformulas does each formula have?

92

2.2.

Structures and ﬁrst-order logic Let V be the vocabulary consisting of a binary relation P and a unary relation F . Interpret P (x, y) as “x is a parent of y” and F (x) as “x is female.” (a) Deﬁne a V-formula ϕB (x, y) that says that x is a brother of y. (b) Deﬁne a V-formula ϕA (x, y) that says that x is an aunt of y. (c) Deﬁne a V-formula ϕC (x, y) that says that x and y are cousins. (d) Deﬁne a V-formula ϕO (x) that says that x is an only child. (e) Deﬁne a V-formula ϕT (x) that says that x has exactly two brothers. (f)

2.3.

Give an example of a family relationship that cannot be deﬁned by a V-formula.

The ﬁnite spectrum of a ﬁrst-order sentence ϕ is the set of natural numbers n such that ϕ has a model of size M . Find a ﬁrst-order sentence ϕ having S as a ﬁnite spectrum for each of the following sets S: (a) S is the set of even natural numbers. (b) S is the set of odd natural numbers. (c)

S is the set of prime numbers.

(d) S is the set of perfect squares. 2.4.

Refer to Example 2.27. (a) Show that ϕ1 is not a consequence of ϕ2 and ϕ3 . (b)

2.5.

Show that ϕ3 is not a consequence of ϕ1 and ϕ2 .

Let Vgp be the vocabulary {+, 0} where + is a binary function and 0 is a constant. We use the notation x + y to denote the term +(x, y). Consider the following V-sentences. ∀x∀y∀z(x + (y + z) = (x + y) + z) ∀x((x + 0 = x) ∧ (0 + x = x)) ∀x(∃y(x + y = 0) ∧ ∃z(z + x = 0)), Let γ be the conjunction of these three sentences. (a) Show that γ is satisﬁable by exhibiting a model. (b)

Show that γ is not a tautology.

(c)

Let α be the sentence ∀x∀y((x + y) = (y + x)). Show that α is not a consequence of γ.

(d)

Show that γ is not equivalent to the conjunction of any two of the above three sentences.

Structures and ﬁrst-order logic

93

2.6.

A ﬁrst-order formula ϕ(x) is said to be satisﬁable if and only if the sentence ∀xϕ(x) is satisﬁable. Prove that a formula ϕ(x) is a tautology if and only if the sentence ∃xϕ(x) is a tautology.

2.7.

Let VN = {+, ·, 1}. Let N be the VN -structure having underlying set N that interprets this vocabulary in the usual manner. (a) Deﬁne a VN -formula ε(x) such that, for any a ∈ N, N |= ε(a) if and only if a is even. (b)

Deﬁne a VN -formula π(x) such that, for any a ∈ N, N |= π(a) if and only if a is prime.

(c)

Deﬁne a VN -formula µ(x, y) such that, for any a and b in N, N |= µ(a, b) if and only if a and b are relatively prime (that is, the greatest common divisor of a and b is 1).

(d)

Deﬁne a VN -formula ν(x, y, z) such that, for any a, b, and c in N, N |= ν(a, b, c) if and only if c is the least number divisible by both a and b.

2.8.

Goldbach’s conjecture states that every even integer greater than 2 is the sum of two primes. Whether or not this is true is an open question of number theory. State Golbach’s conjecture as a Var -sentence where Var = {+, ·, 0, 1}.

2.9.

Let Var = {+, ·, 0, 1} be the vocabulary of arithmetic. Let R be the Var -structure that has universe R and interprets the vocabulary in the usual manner. (a) Deﬁne a Var -formula α(x) such that, for any a ∈ R, R |= α(a) if and only if a is positive. (b) Deﬁne a Var -formula β(x, y) such that, for any a and b in R, A |= β(a, b) if and only if a ≤ b. (c)

Deﬁne a Var -formula γ(x) such that, for any a in R, R |= γ(a) if and only if the absolute value of a is less than 1.

2.10. Let Var and R be as in the previous exercise. Let V + = Var ∪ {f } be the expansion of Var obtained by adding a unary function f . Deﬁne a V + -sentence ζ such that, for any expansion R+ of R to a V + structure, R+ |= ζ if and only if R+ interprets f as a continuous function. 2.11. Let A and B be deﬁnable subsets of structure M . Suppose that A and B are both sets of n-tuples of elements from the underlying set of M . (a) Show that A ∪ B is deﬁnable. (b) Show that A ∩ B is deﬁnable. (c)

Show that A − B = {a|a ∈ A and a ∈ B} is deﬁnable.

94

Structures and ﬁrst-order logic

2.12. Let UM be the underlying set for structure M . Suppose that A ⊂ (UM )3 and B ⊂ (UM )3 are deﬁnable subsets of M . (a) Show that A × B ⊂ (UM )6 is deﬁnable. (b) Suppose we rearrange the order of the n-tuples. Consider the set of all (z, x, y) such that (x, y, z) is in A. Show that this set is deﬁnable. (c)

Show that C ⊂ (UM )2 is deﬁnable where C is the set of ordered pairs (x, y) such that (x, y, z) is in A for some z.

(d) Show that D ⊂ (UM )2 is deﬁnable where D is the set of ordered pairs (x, y) such that both (x, y, z) ∈ A for some z and (x, y, z) ∈ B for some z. (e)

Show that E ⊂ (UM )2 is deﬁnable where E is the set of ordered pairs (x, y) such that, for some z, (x, y, z) is in both A and B.

2.13. We deﬁne the distance d(a, b) between two vertices a and b of a graph as the least number of edges in a path from a to b. If no such path exists, then d(a, b) = ∞. Recall that VG is the vocabulary of graphs. (a) Show that, for any n ∈ N, there exists a VG -formula δn (x, y) so that, for any graph G, G |= δn (a, b) if and only if d(a, b) = n. (Deﬁne the formulas δn (x, y) by induction on n.) (b)

Does there exist a VG -formula δ∞ (x, y) so that, for any graph G, G |= δ∞ (a, b) if and only if d(a, b) = ∞? Explain your answer.

2.14. (a)

Deﬁne a VG -sentence ϕ such that ϕ has arbitrarily large ﬁnite models and, for any model G, G is a connected graph.

(b)

Find a connected graph that does not model the sentence ϕ you found in part (a).

2.15. (a)

Deﬁne a VG -sentence ϕ such that ¬ϕ has arbitrarily large ﬁnite models and, G |= ϕ for any connected graph G.

(b)

Find a graph that is not connected and models the sentence ϕ from part (a).

2.16. (a)

Deﬁne a VG -sentence ϕ such that ϕ has arbitrarily large ﬁnite models and, for any ﬁnite model G of ϕ, |G| is even.

(b)

Find a ﬁnite graph G such that |G| is even and G does not model the sentence ϕ from part (a).

2.17. (a)

Deﬁne a VG -sentence ϕ such that ¬ϕ has arbitrarily large ﬁnite models and, for any ﬁnite graph G, if |G| is even, then G |= ϕ.

(b)

Find a ﬁnite model G for the sentence ϕ from in part (a) such that |G| is odd.

Structures and ﬁrst-order logic

95

2.18. (a) Explain the diﬀerence between the ﬁrst-order preﬁxes ∃x∀y and ∀x∃y. (b) Explain the diﬀerence between the ﬁrst-order preﬁxes ∃x∀y∃z and ∀x∃y∀z. (c)

Explain the diﬀerence between the ﬁrst-order preﬁxes ∀x∃y∀z∃w and ∃x∀y∃z∀w.

2.19. Show that the sentences ∀x∃y∀z(R(x, y) ∧ R(x, z) ∧ R(y, z) ) and ∃x∀y∃z(R(x, y) ∧ R(x, z) ∧ R(y, z) ) are not equivalent by exhibiting a graph that models one but not both of these sentences. 2.20. For each n ∈ N, ∃≥n denotes a counting quantiﬁer. Intuitively, ∃≥n means “there exists at least n such that.” First-order logic with counting quantiﬁers is the logic obtained by adding these quantiﬁers (for each n ∈ N) to the ﬁxed symbols of ﬁrst-order logic. The syntax and semantics of this logic are deﬁned as follows. Syntax: for any formula ϕ of ﬁrst-order logic with counting quantiﬁers, ∃≥n xϕ is also a formula. Semantics: M |= ∃≥n ϕ(x) if and only if M |= ϕ(ai ) for each of n distinct elements a1 , a2 , . . . , an in the universe of M . (a) Using counting quantiﬁers, deﬁne a sentence ϕ7 such that M |= ϕ7 if and only if |M | > 7. (b) Using counting quantiﬁers, deﬁne a sentence ϕ23 such that M |= ϕ23 if and only if |M | ≤ 23. (c)

Using counting quantiﬁers, deﬁne a sentence ϕ45 such that M |= ϕ45 if and only if |M | = 45.

(d) Deﬁne a ﬁrst-order sentence ϕ (not using counting quantiﬁers) that is equivalent to the sentence ∃≥n x(x = x). (e)

Show that every formula using counting quantiﬁers is equivalent to a formula that does not use counting quantiﬁers. Conclude that ﬁrstorder logic with counting quantiﬁers has the same expressive power as ﬁrst-order logic.

2.21. Suppose we are presented with a graph G that has multiple edges. This means that there may be more than one edge between two vertices of G (so, by our strict deﬁnition of “graph,” a graph with multiple edges is not a graph). Describe G as a ﬁrst-order V-structure for a suitable vocabulary V. 2.22. Let Kn be the n-clique for some n ∈ N. Then any graph having at most n vertices is a subgraph of Kn .

96

Structures and ﬁrst-order logic

(a) How many substructures does Kn have? (b) How many substructures does Kn have up to isomorphism? (c)

How many elementary substructures does Kn have?

2.23. Deﬁne an inﬁnite structure having exactly n substructures where n is a natural number greater than 1. 2.24. Let G be Graph 1 from Section 2.4.1. (a) How many sentences are in the diagram of G? (b)

Find a sentence ϕG such that H |= ϕG if and only if H ∼ = G.

2.25. Repeat Exercise 2.24 with Graph 4 from Section 2.4.1. 2.26. Prove Proposition 2.68. 2.27. Prove Proposition 2.80. 2.28. (a)

Let N = (N|S, 1). Show that any proper substructure of N is not elementarily equivalent to N .

(b)

Let N< be the structure (N| <) from Section 2.4.3. Show that any inﬁnite substructure of N< is elementarily equivalent to N< but no proper substructure is an elementary substructure of N< .

2.29. Let A, B, and C be V-structures with A ⊂ B ⊂ C. For each of the following, either prove the statement or provide a counter-example. (a) If A ≺ B and B ≺ C, then A ≺ C. (b)

If A ≺ C and B ≺ C, then A ≺ B.

(c)

If A ≺ B and A ≺ C, then B ≺ C.

2.30. Let V be the vocabulary {s, P } consisting of a unary function s and a unary relation P . Let M be the V-structure with universe N that interprets s as the successor function and P as the predicate “even.” That is, for natural numbers a and b, M |= s(a) = b if and only if a + 1 = b, and M |= P (a) if and only if a is even. Let N be the V-structure with universe N that interprets s as the successor function and P as the predicate “odd.” That is, N interprets s the same way as M , but N |= P (a) if and only if a is odd. (a) Show that there exist embeddings f1 : M → N and f2 : N → M . (b)

Show that M and N are not isomorphic.

2.31. Deﬁne structures M and N in the same vocabulary so that there exist elementary embeddings f : M → N and g : N → M , but M ∼ N. = 2.32. Using the fact that existential formulas are preserved under extensions, prove that universal formulas are preserved under substructures.

Structures and ﬁrst-order logic

97

2.33. Let M and N be V-structures. A function f : M → N is said to be a homomorphism if it preserves atomic V-formulas. Suppose that f is onto (i.e each element in the universe of N is in the range of f ). Let ϕ be a V-formula that does not contain the symbols ¬, →, nor ↔. Show that f preserves ϕ. 2.34. Let M be a V-structure having underlying set U . For any n-tuple a ¯ = a be the substructure of M generated (a1 , . . . , an ) of elements from U , let ¯ by a ¯. That is, the underlying set of ¯ a is the smallest subset of U that contains each ai and also contains all of the constants of V and is closed under each function of V. Let a ¯ and ¯b be two n-tuples of elements from U . Show that the following are equivalent: (i) For every quantiﬁer-free V-formula ϕ(¯ x), M |= ϕ(¯ a) if and only if ¯ M |= ϕ(b). (ii) ¯ a ∼ = ¯b. 2.35. Let N be the structure (N|S) that interprets the binary relation S as the successor relation. Show that N has uncountably many non-isomorphic substructures. 2.36. Let A be a set. Prove that the following are equivalent. (i) A is inﬁnite. (ii)

|N| ≤ |A|.

(iii) |A ∪ B| = |A| for any ﬁnite set B. (iv) |PF (A)| = |A| where PF (A) is the set of all ﬁnite subsets of A. (v)

There exists a function f : A → A that is one-to-one but not onto.

(vi)

For any B with |B| < |A| and any function f : A → B, there exists b ∈ B such that f (a) = b for inﬁnitely many a ∈ A.

2.37. Find a V< -sentence ϕ so that the only models of ϕ interpret < as a dense linear order. Show that ϕ has only inﬁnite models. 2.38. Let Vf be the vocabulary consisting of a single unary function f . Find a Vf -sentence that has only inﬁnite models. 2.39. Find a set of sentences that has only uncountable models. 2.40. (a)

Let F be the set of all ﬁnite strings of letters of the alphabet. Show that F is countable.

(b) Let I be the set of all inﬁnite strings of letters of the alphabet. Show that I is uncountable. 2.41. (a) Let U = {1, 2, 3}. List the elements of P(U ). (b) Show that for any ﬁnite set U , if |U | = n then |P(U )| = 2n .

98

Structures and ﬁrst-order logic

(c)

Show that the power set of the natural numbers P(N) and the real numbers R have the same size.

2.42. Let F be the set of all functions from N to N. Show that F and R have the same size. 2.43. Box A contains inﬁnitely many ping pong balls that are numbered 1, 2, 3, . . . (a) Reach into box A and take out 100 balls and put them in your lap. Then put one back. Repeat this. Take out another 100 balls, put them in your lap, and then put one back. Suppose we do this countably many times. How many balls will you have in your lap? (b)

Suppose you began, in part (a), by taking out balls numbered 1–100 and then put ball 1 back. Suppose you then removed balls 101–200 and put ball 2 back. Then you took balls 201–300 into your lap, found ball 3, and put it back. And so forth. After doing this countably many times, which balls are left in your lap?

(c)

Now suppose that we repeatedly remove 99 balls from box A and never return any of these balls to the box. First we take balls 1–99 into our lap and, instead of putting ball 1 back, we take a marker, add two zeros, and turn it into 100. We then take balls 101–199 out of A, take ball 2 from our lap, turn it into 200, and keep them all in our lap. After repeating this countably many times, how many balls are in your lap and what numbers do they have on them?

(d)

Do the processes in (b) and (c) have diﬀerent results? If so, explain why this is the case (if not, look at (b) and (c) again). Note that after each stage, we have the same numbered balls in our lap. Suppose someone else put the ping pong balls in our lap and we do not know if a marker was used or not. What then? Why should the use of a marker aﬀect the outcome?

3

Proof theory

As with any logic, the semantics of ﬁrst-order logic yield rules for deducing the truth of one sentence from that of another. In this chapter, we develop both formal proofs and resolution for ﬁrst-order logic. As in propositional logic, each of these provides a systematic method for proving that one sentence is a consequence of another. Recall the Consequence problem for propositional logic. Given formulas F and G, the problem is to decide whether or not G is a consequence of F . From Chapter 1, we have three approaches to this problem: • We could compute the truth table for the formula F → G. If the truth values are all 1s then we conclude that F → G is a tautology and G is a consequence of F . Otherwise, G is not a consequence of F . • Using Tables 1.5 and 1.6, we could try to formally derive G from {F }. By the Completeness Theorem for propositional logic, G is a consequence of F if and only if {F } G. • We could use resolution. By Theorem 1.76, G is a consequence of F if and only if ∅ ∈ Res(H) where H is a formula in CNF equivalent to (F ∧ ¬G). Using these methods not only can we determine whether one formula is a consequence of another, but also we can determine whether a given formula is a tautology or a contradiction. A formula F is a tautology if and only if F is a consequence of (A ∨ ¬A) if and only if ¬F is a contradiction. In this chapter, we consider the analogous problems for ﬁrst-order logic. Given formulas ϕ and ψ, how can we determine whether ψ is a consequence of ϕ? Equivalently, how can we determine whether a given formula is a tautology or a contradiction? We present three methods for answering these questions. • In Section 3.1, we deﬁne a notion of formal proof for ﬁrst-order logic by extending Table 1.5. • In Section 3.3, we “reduce” formulas of ﬁrst-order logic to sets of formulas of propositional logic where we use resolution as deﬁned in Chapter 1. • Finally, in Section 3.4, we modify the notion of resolvents and develop resolution for ﬁrst-order logic.

100

Proof theory

One aim of resolution is to provide an automated proof system. Toward this aim, we consider variations of resolution such as SLD-resolution. We close this chapter with a section on Prolog, a programming language that implements SLD-resolution.

3.1 Formal proofs Let ϕ be a ﬁrst-order formula and let Γ be a set of ﬁrst-order formulas. We use the notation Γ ϕ to express that ϕ can be formally derived from Γ. As with propositional logic, the deﬁnition of this notion consists of a list of several rules. For propositional logic, formal proofs were deﬁned as sequences of statements each of which is justiﬁed by one of the rules in Tables 1.5 or 1.6. Changing the Roman letters to Greek letters yields Tables 3.1 and 3.2 below. For ﬁrst-order logic, this list of rules is incomplete. In contrast, if F and G are formulas of propositional logic and G is a consequence of F , then we can formally prove that G is a consequence of F using the rules of Table 1.5 or Table 1.6. This is the Completeness theorem for propositional logic. To obtain an analogous

Table 3.1 Premise ϕ is in Γ Γ ϕ and Γ ⊂

Γ

Rules for derivations Conclusion

Name

Γϕ

Assumption

Γ

ϕ

Monotonicity

Γϕ

Γ ¬¬ϕ

Double negation

Γ ψ, Γ ϕ

Γ (ψ ∧ ϕ)

∧-Introduction

Γ (ψ ∧ ϕ)

Γψ

∧-Elimination

Γ (ψ ∧ ϕ)

Γ (ϕ ∧ ψ)

∧-Symmetry

Γϕ

Γ (ϕ ∨ ψ)

∨-Introduction

Γ (ψ ∨ ϕ), Γ ∪ {ψ} θ, Γ ∪ {ϕ} θ

Γθ

∨-Elimination

Γ (ψ ∨ ϕ)

Γ (ϕ ∨ ψ)

∨-Symmetry

Γ ∪ {ϕ} ψ

Γ (ϕ → ψ)

→-Introduction

Γ (ϕ → ψ), Γ ϕ

F ψ

→-Elimination

Γψ

Γ (ψ)

(, )-Introduction

Γ (ψ)

Γψ

(, )-Elimination

Γ ((ψ ∧ ϕ) ∧ θ)

Γ (ψ ∧ ϕ ∧ θ)

∧-Parentheses rule

Γ ((ψ ∨ ϕ) ∨ θ)

Γ (ψ ∨ ϕ ∨ θ)

∨-Parentheses rule

Proof theory Table 3.2

101

More rules for derivations

Rules

Name

Γ (ϕ ∨ ψ) if and only if Γ ¬(¬ϕ ∧ ¬ψ)

∨-Deﬁnition

Γ (ϕ → ψ) if and only if Γ (¬ϕ ∨ ψ)

→-Deﬁnition

Γ (ϕ ↔ ψ) if and only if both Γ (ϕ → ψ) and Γ (ψ → ϕ)

↔-Deﬁnition

Γ ∀xϕ(x) if and only if Γ ¬∃x¬ϕ(x)

∀-Deﬁnition

Table 3.3

Yet more rules for derivations

Premise

Conclusion

Restriction

Name

Γ ϕ(t)

Γ ∃yϕ(y)

t is a term and y is a variable not in bnd(ϕ)

∃-Introduction

Γ ϕ(t0 )

Γ ∀yϕ(y)

(y) ∈ / bnd(ϕ) ant t0 is a variable or a constant not occurring in Γ

∀-Introduction

Γθ→ψ

Γ ∃xθ → ∃xψ

none

∃-Distribution

Γθ→ψ

Γ ∀xθ → ∀xψ

none

∀-Distribution

Γ Q1 x(Q2 yθ)

Γ Q1 xQ2 yθ

Each Qi is a quantiﬁer

Q-Parentheses rule

None

Γt=t

t is a term

Reﬂexivity

Γ ϕ(t), Γ t = t

Γ ϕ(t )

t and t are terms

Equality Substitution

result for ﬁrst-order logic, we must add rules to this list pertaining to quantiﬁers and equality. For example, we certainly should include the deﬁnition of ∀: Γ ∀xϕ(x) if and only if Γ ¬∃x¬ϕ(x). This and other rules are listed in Table 3.2. Table 3.3 contains rules regarding quantiﬁers and substitutions. Recall that ϕ(t) is the formula obtained by replacing each free occurrence of x in ϕ(x) with the term t (assuming t does not use variables in bnd(ϕ)). In the above rules, ϕ(x) may have free variables other than x. Also, we may use any letters in place of x and y. We demonstrate the rules in Table 3.3 with a couple of examples. Example 3.1 We demonstrate the rules ∃-Introduction and ∀-Introduction. Suppose that Γ R(a, b) where R is a binary relation and a and b are constants that do not occur in Γ. Then we can derive each of the following sentences (along with many others) from Γ: ∃zR(a, z) by ∃-Introduction ∀wR(w, b) by ∀-Introduction

102

Proof theory ∀w∀zR(w, z) by ∀-Introduction (twice), and ∃z∀wR(w, z) by ∀-Introduction followed by ∃-Introduction.

Suppose now that Γ R(f (b), b) where f is a unary function. Since f (b) is a term that is not a constant, we can derive from Γ the sentence ∃zR(z, b) but not the sentence ∀zR(z, b). Likewise, we cannot derive the sentence ∃z∀wR(w, z) from Γ. However, we can derive each of the following sentences: ∀wR(f (w), w) by ∀-Introduction ∃w∃zR(w, z) by ∃-Introduction (twice), and ∀z∃wR(w, z) by ∃-Introduction followed by ∀-Introduction. Example 3.2 We illustrate the usefulness of ∃-Distribution. Suppose we want to formally prove that ¬∃xψ(x) is a consequence of ∀x¬ψ(x). By ∀-Deﬁnition, we know that {∀x¬ψ(x)} ¬∃x¬¬ψ(x). It remains to be shown that {¬∃x¬¬ψ(x)} ¬∃xψ(x). Using ∃-Distribution, we can formally prove this in three steps. First, show that ψ(x) → ¬¬ψ(x) is a tautology. By the completeness of propositional logic, there exists a formal proof for this fact. Second, use ∃-Distribution to obtain the valid implication ∃xψ(x) → ∃x¬¬ψ(x). Third, by →-Contrapositive (Exercise 1.12), ¬∃¬¬ψ(x) → ¬∃xψ(x) is also valid. We conclude that, if Γ ∀x¬ψ(x) then Γ ¬∃xψ(x). This argument can be made into a formal proof deﬁned as follows (see Proposition 3.7). Deﬁnition 3.3 A formal proof in ﬁrst-order logic is a ﬁnite sequence of statements of the form “X Y ” each of which follows from the previous statements by one of the rules we have listed (including the deﬁnition of ∀ and the rules in Tables 3.1–3.3). We say that ϕ can be derived from Γ if there is a formal proof concluding with the statement Γ ϕ. Our ﬁrst priority is to show that this notion of formal proof is sound. We must show that if ϕ can be derived from Γ, then ϕ is in fact a consequence of Γ. We restate this as the following theorem. Theorem 3.4 (Soundness) If Γ ϕ then Γ |= ϕ. Note: This theorem follows from the semantics of ﬁrst-order logic (that is, the deﬁnition of “|=”) given in Section 2.3. When we say something is true “by the semantics” the reader is referred to this section.

Proof theory

103

Proof We check that each rule for deduction is sound. In Theorem 1.37 we veriﬁed each of the rules in Table 1.5. It follows that each of the rules in Table 3.1 are also sound. Moreover, ∀-Deﬁnition and each of the rules in Table 3.2 are sound by the deﬁnition of the symbols. Reﬂexivity and Equality substitution are sound by the deﬁnition of =. The Q-Parentheses rule is one of our conventions regarding the use of parentheses. It remains to be shown that the ﬁrst four rules of Table 3.3 are sound. First, consider ∃-Introduction. This rule states that if Γ ϕ(t), then Γ ∃xϕ(x). To show that this rule is sound, we must verify that if Γ |= ϕ(t) then Γ |= ∃xϕ(x). It suﬃces to show that, for any structure M , M |= ϕ(t) implies M |= ∃xϕ(x). This follows immediately from the semantics of ∃. For ∀-Introduction, suppose that Γ |= ϕ(c) where c is a constant that does not occur in Γ. Suppose that M is a V-structure that models Γ. For any element a of the underlying set UM of M , let Mc=a be the structure having underlying set UM that interprets c as a and interprets the other symbols of V in the same manner as M (if c ∈ V, then Mc=a is an expansion of M ). Since c does not occur in Γ, Mc=a models Γ (since M does). Since Γ |= ϕ(c), Mc=a |= ϕ(c). It follows that M |= ϕ(a). Since a is an arbitrary element from UM , M |= ∀xϕ(x) by the semantics of ∀. This shows that Γ |= ∀xϕ(x) and veriﬁes ∀-Introduction. Now consider ∃-Distribution. Suppose that M |= θ → ψ and M |= ∃xθ. Let UM denote the universe of M . We want to show that M |= ∃xψ. Case 1: x is not a free variable of θ. By the semantics of ∃, θ is equivalent to ∃xθ. So if M |= ∃xθ, then M |= θ and, by the semantics of →, M |= ψ. Now if x is not a free variable of ψ, then ψ ≡ ∃xψ. Otherwise, M |= ψ(x) means M |= ∀xψ(x) which means M |= ψ(a) for any a in UM . Either way, we see that M |= ∃xψ as we wanted to show. Case 2: x is a free variable of θ but not of ψ. In this case, M |= θ → ψ means M |= ∀x(θ(x) → ψ). By the semantics of ∀, M |= θ(a) → ψ for any a in UM . Since M |= ∃xθ, M |= θ(a) for some a ∈ UM . By the semantics of →, M |= ψ. Finally, M |= ∃xψ since ψ ≡ ∃xψ. Case 3: x is a free variable of both θ and ψ. Here M |= θ → ψ means M |= ∀x(θ(x) → ψ(x)). This means that, for all a in UM , M |= θ(a) → ψ(a). Since M |= ∃xθ it follows that M |= θ(a) for some a in UM . Hence M |= ψ(a). Again by the semantics of ∃, M |= ∃xψ. The veriﬁcation of ∀-Distribution is similar and is left as Exercise 3.4. Corollary 3.5 If both {ϕ} ψ and {ψ} ϕ, then ϕ ≡ ψ. The Completeness theorem for ﬁrst-order logic states that the converse of Theorem 3.4 is true. If ϕ is a consequence of Γ, then we can formally prove that it is a consequence. The rules for derivations we have given form a complete

104

Proof theory

set of rules for ﬁrst-order logic. It follows that the converse of Corollary 3.5 holds as well. However, the Completeness theorem will not be proved until the next chapter. For this reason, we presently do not assume that the converses of Theorem 3.4 and Corollary 3.5 hold. In the present chapter, just because two formulas are equivalent does not mean that we can formally prove that they are equivalent. For this, we again use the terminology “provably equivalent” previously deﬁned in Section 1.5. For the remainder of this section, we verify various instances of the converses of Theorem 3.4 and Corollary 3.5. For example, by the semantics of ∀, ϕ(t) is a consequence of ∀xϕ(x) for any term t. We now show that ϕ(t) can be formally derived from ∀xϕ(x). Proposition 3.6 For any formula ϕ(x) and any term t, {∀xϕ(x)} ϕ(t). Proof We use proof by Contradiction as deﬁned in Example 1.36. Premise: Γ ∀xϕ(x) Conclusion: Γ ϕ(t) Statement

Justiﬁcation

1. Γ ∀xϕ(x)

Premise

2. Γ ∪ {¬ϕ(t)} ∀xϕ(x)

Monotonicity applied to 1

3. Γ ∪ {¬ϕ(t)} ¬∃x¬ϕ(x)

∀-Deﬁnition applied to 2

4. Γ ∪ {¬ϕ(t)} ¬ϕ(t)

Assumption

5. Γ ∪ {¬ϕ(t)} ∃x¬ϕ(x)

∃-Introduction applied to 4

6. Γ ¬¬ϕ(t)

Proof by Contradiction applied to 3 and 5

7. Γ ϕ(t)

Double negation (from Example 1.43) applied to 6

Recall that M |= ϕ(x1 , . . . , xn ) means the same as M |= ∀y1 · · · ∀yn ϕ(y1 , . . . , yn ). This is how the symbol |= was deﬁned in section 2.3 for formulas having free variables. It follows that the formula ϕ(x1 , . . . , xn ) is equivalent to the sentence ∀y1 · · · ∀yn ϕ(y1 , . . . , yn ). By Proposition 3.6 and ∀Introduction, they are provably equivalent. We next show that the two formulas from Example 3.2 are provably equivalent. Proposition 3.7 The formulas ∀x¬ϕ(x) and ¬∃xϕ(x) are provably equivalent for any formula ϕ(x). Proof Example 3.2 provides proof that {∀x¬ϕ(x)} ¬∃xϕ(x). We now provide a formal proof for the converse. Premise: Γ ¬∃xϕ(x) Conclusion: Γ ∀x¬ϕ(x)

Proof theory

Statement

Justiﬁcation

1. Γ ∪ {¬¬ϕ(x)} ¬¬ϕ(x)

Assumption

2. Γ ∪ {¬¬ϕ(x)} ϕ(x)

Example 1.43

3. Γ ¬¬ϕ(x) → ϕ(x)

→-Introduction applied to 2

4. Γ ∃x¬¬ϕ(x) → ∃xϕ(x)

∃-Distribution applied to 3

5. Γ ¬∃xϕ(x) → ¬∃x¬¬ϕ(x)

→-Contrapositive (Exercise 1.12)

6. Γ ¬∃xϕ(x)

Premise

7. Γ ¬∃x¬¬ϕ(x)

→-Elimination applied to 5 and 6

8. Γ ∀x¬ϕ(x)

∀-Deﬁnition

105

By the semantics ∀, ∀xϕ(x) ≡ ∀yϕ(y) (ϕ(x) holds for each element x of some model if and only if ϕ(y) holds for each element y of that same model). We show that ∀xϕ(x) and ∀yϕ(y) are provably equivalent. Corollary 3.8 Let x and y be variables that do not occur in the formula ϕ(z). Then ∀xϕ(x) and ∀yϕ(y) are provably equivalent. Proof By Proposition 3.6, {∀xϕ(x)} ϕ(t) for any term t. In particular, {∀xϕ(x)} ϕ(y). By ∀-Introduction, {∀xϕ(x)} + ∀yϕ(y). Likewise (switching the roles of x and y), we see that {∀yϕ(y)} ∀xϕ(x). Likewise, we have the following. Corollary 3.9 Let x and y be variables that do not occur in formula ϕ(z). Then ∃xϕ(x) and ∃yϕ(y) are provably equivalent. We leave the proof of Corollary 3.9 to the reader (see Exercise 3.7). Corollary 3.10 For any formula ϕ(x), {∀xϕ(x)} ∃xϕ(x). Proof {∀xϕ(x)} ϕ(x) by Proposition 3.6. {ϕ(x)} ∃xϕ(x) by ∃-Introduction. Putting these two facts together, we see that {∀xϕ(x)} ∃xϕ(x). By the semantics of ﬁrst-order logic, we know that ∃xϕ(x) is a consequence of ∀xϕ(x) (if ϕ(x) holds for all elements of in a certain structure, then it holds for some elements in that structure). Corollary 3.10 states that we can formally prove this. Note that ∀xϕ(x) is not a consequence of ∃xϕ(x). So these formulas are not equivalent. However, if (and only if) the variable x has no free occurences

106

Proof theory

in ψ, then ∃xψ and ∀xψ are equivalent formulas. Moreover, they are provably equivalent. Proposition 3.11 Let x be a variable that does not occur as a free variable in the formula ψ. Then ψ, ∃xψ, and ∀xψ are provably equivalent. Proof We demonstrate that {ψ} ∀xψ and {∃xψ} ψ. The proposition then follows from Corollary 3.10 which implies {∀xψ} ∃xψ. First we show that {ψ} ∀xψ Premise: Γ ψ and c is a constant that does not occur in Γ Conclusion: Γ ∀xψ

Statement

Justiﬁcation

1. Γ ψ

Premise

2. Γ (ψ ∨ ¬(x = x))

∨-Introduction applied to 1

3. Γ (¬(x = x) ∨ ψ)

∨-Symmetry applied to 2

4. Γ (x = x) → ψ

→-Deﬁnition applied to 3

5. Γ ∀x(x = x) → ∀xψ

∀-Distribution applied to 4

6. Γ (c = c)

Reﬂexivity

7. Γ ∀x(x = x)

∀-Introduction applied to 6

8. Γ ∀xψ

→-Elimination applied to 5 and 7

Next, we show that {∃xψ} ψ Premise: Γ ∃xψ Conclusion: Γ ψ

Statement

Justiﬁcation

1. Γ ∃xψ

Premise

2. Γ ∪ {¬ψ} ∃xψ

Monotonicity applied to 1

3. Γ ∪ {¬ψ} ¬ψ

Assumption

4. Γ ∪ {¬ψ} ∀x¬ψ

The previous proof applied to 3

5. Γ ∪ {¬ψ} ¬∃xψ

Example 3.2 applied to 4

6. Γ ¬¬ψ

Proof by Contradiction applied to 2 and 5

7. Γ ψ

Double negation (from Example 1.43) applied to 6

Proof theory

107

Proposition 3.12 The formulas ∀x(ϕ(x) ∧ ψ(x)) and ∀xϕ(x) ∧ ∀xψ(x) are provably equivalent. Proof We leave the veriﬁcation of this as Exercise 3.8. It is not true that ∃x(ϕ(x) ∧ ψ(x)) and ∃xϕ(x) ∧ ∃xψ(x) are provably equivalent. We can show that {∃x(ϕ(x) ∧ ψ(x))} ∃xϕ(x) ∧ ∃xψ(x), but not the converse. However, if (and only if) x does not occur as a free variable of ψ, the converse is true. Proposition 3.13 If x does not occur as a free variable of ψ, then ∃xϕ(x) ∧ ∃xψ and ∃x(ϕ(x) ∧ ψ) are provably equivalent. Proof We only prove this equivalence in one direction. The other direction is straight forward and is left as Exercise 3.13. Premise: Γ ∃xϕ(x) ∧ ∃xψ Conclusion: Γ ∃x(ϕ(x) ∧ ψ)

Statement

Justiﬁcation

1. Γ ∃xϕ(x) ∧ ∃xψ

Premise

2. Γ ∃xψ

∧-Elimination applied to 1

3. Γ ψ

Proposition 3.11 applied to 2

4. Γ ¬ϕ(x) ∨ ψ

∨-Introduction and ∨-symmetry applied to 3

5. Γ ¬ϕ(x) ∨ ϕ(x)

Tautology rule (Example 1.32)

6. Γ (¬ϕ(x) ∨ ϕ(x)) ∧ (¬ϕ(x) ∨ ψ)

∧-Introduction applied to 4 and 5

7. Γ ¬ϕ ∨ (ϕ(x) ∧ ψ)

∨-Distributivity (Proposition 1.46) applied to 6

8. Γ ϕ(x) → (ϕ(x) ∧ ψ)

→-Deﬁnition applied to 7

9. Γ ∃xϕ(x) → ∃x(ϕ(x) ∧ ψ)

∃-Distribution applied to 8

10. Γ ∃xϕ(x)

∧-Symmetry and ∧-Elimination applied to 1

11. Γ ∃x(ϕ(x) ∧ ψ)

→-Elimination applied to 9 and 10

The previous propositions can be generalized as follows. Proposition 3.14 Let x1 , x2 , . . . , xn be variables that occur free in the formula ϕ but not in the formula ψ. Let Q1 , . . . , Qn be quantiﬁers (that is, for each i, Qi is either ∃ or ∀). Then the following two formulas are provably equivalent: Q1 x1 Q2 x2 · · · Qn xn ϕ(x1 , x2 , . . . , xn ) ∧ ψ, and Q1 x1 Q2 x2 · · · Qn xn (ϕ(x1 , x2 , . . . , xn ) ∧ ψ).

108

Proof theory

Proof We prove this by induction on n. We use the following claim. Claim If θ(x) and ψ(x) are provably equivalent, then so are Q1 xθ(x) and Q1 xψ(x). Proof of Claim If θ(x) and ψ(x) are provably equivalent, then ∅ θ(x) → ψ(x). By ∃-Distribution or ∀-Distribution (depending on which quantiﬁer is Q1 ), we have ∅ Q1 xθ(x) → Q1 xψ(x). Likewise, ∅ Q1 xψ(x) → Q1 xθ(x). The claim follows. We now prove the proposition. If n = 1 then this follows from Proposition 3.12 or 3.13 (depending on which quantiﬁer is Q1 ). Suppose now that n = m+1. Our induction hypothesis implies that the following two formulas are provably equivalent: Q2 x2 · · · Qm+1 xm+1 ϕ(x1 , x2 , . . . , xm+1 ) ∧ ψ, and Q2 x2 · · · Qm+1 xm+1 (ϕ(x1 , x2 , . . . , xm+1 ) ∧ ψ). It follows from the claim that the following two formulas are provably equivalent: Q1 x1 (Q2 x2 · · · Qm+1 xm+1 ϕ(x1 , x2 , . . . , xm+1 ) ∧ ψ), and Q1 x1 (Q2 x2 · · · Qn xn (ϕ(x1 , x2 , . . . , xn ) ∧ ψ)). The former of these, again by Proposition 3.12 or 3.13, is provably equivalent with Q1 x1 Q2 x2 · · · Qm+1 xm+1 ϕ(x1 , x2 , . . . , xm+1 ) ∧ ψ. The latter of the above two formulas, by the Q-Parentheses rule, is provably equivalent with Q1 x1 Q2 x2 · · · Qm+1 xm+1 (ϕ(x1 , x2 , . . . , xm+1 ) ∧ ψ). This completes the induction step and the proposition follows. Similarly, we have the following. Proposition 3.15 Let Q1 , . . . , Qn denote quantiﬁers. For each i, let Qi denote the quantiﬁer that is not Qi . That is, for each i, {Qi , Qi } = {∃, ∀}. For any formula ϕ(x1 , . . . , xn ), ¬Q1 x1 · · · Qn xn ϕ(x1 , . . . , xn )

is provably equivalent to

Q1 x1 · · · Qn xn ¬ϕ(x1 , . . . , xn ). Proof It suﬃces to show that both ¬∀x1 ϕ(x1 ) is provably equivalent to ∃x1 ¬ϕ(x1 ), and ¬∃x1 ϕ(x1 ) is provably equivalent to ∀x1 ¬ϕ(x1 ) (see Example 3.2).

Proof theory

109

The proposition can then be proved by induction on n in a similar manner to Proposition 3.14. We leave the details as Exercise 3.15. It follows from the previous propositions that any formula is provably equivalent to a formula in which the quantiﬁers preceed all other ﬁxed symbols. Informally, the quantiﬁers can be “pulled out in front” of any formula. We make this idea precise and prove it in the following section.

3.2 Normal forms One of our goals in this chapter is to develop resolution for ﬁrst-order logic. Recall that, in propositional logic, we needed to have the formulas in CNF before we could proceed with resolution. Likewise, in ﬁrst-order logic the formulas will need to be in a nice form. In this section, we deﬁne what we mean by “nice.” 3.2.1 Conjunctive prenex normal form. Deﬁnition 3.16 A formula ϕ is in prenex normal form (PNF) if it has the form Q1 x1 · · · Qn xn ψ where each Qi is a quantiﬁer (either ∃ or ∀) and ψ is a quantiﬁerfree ﬁrst-order formula. Moreover, if ψ is a conjunction of disjunctions of literals (atomic or negated atomic formulas), then ϕ is in conjunctive prenex normal form. So a formula is in prenex normal form if all of its quantiﬁers are in front. Example 3.17 ∀y∃x(f (x) = y) is in PNF, and ¬∀x∃yP (x, y, z) and ∃x∀y ¬P (x, y, z) ∧ ∀x∃yQ(x, y, z) are not. Theorem 3.18 For any formula of ﬁrst-order logic, there exists an equivalent formula in conjunctive prenex normal form. Proof Let ϕ be an arbitrary formula. First we show that there exists an equivalent formula ϕ in prenex normal form. We prove this by induction on the complexity of ϕ. If ϕ is atomic, then ϕ is already in PNF, so we can just let ϕ be ϕ. Suppose ψ and θ are formulas and there exist ψ and θ in PNF such that ψ ≡ ψ and θ ≡ θ . Clearly, if ϕ ≡ ψ then we can let ϕ be ψ . To complete the induction step, we must consider three cases corresponding to ¬, ∧, and ∃. First, suppose ϕ is the formula ¬ψ. Then ϕ ≡ ¬ψ . Since ψ is in PNF, ψ has the form Q1 x1 · · · Qm xm ψ0 for some quantiﬁer-free formula ψ0 and quantiﬁers Q1 , . . . , Qm . So ϕ ≡ ¬Q1 x1 · · · Qm xm ψ0 . By Proposition 3.15, this is equivalent to Q1 x1 · · · Qm xm ¬ψ0 where {Qi , Qi } = {∃, ∀}. This formula is in PNF, and so it may serve as ϕ .

110

Proof theory

Next, suppose ϕ is the formula ψ ∧ θ. Then ϕ ≡ ψ ∧ θ . Since ψ and θ are in PNF, ψ is Q1 x1 · · · Qm xm ψ0 (x1 , . . . , xm ), and θ is q1 x1 · · · qn xn θ0 (x1 , . . . , xn ) for some quantiﬁers Qi and qi and some quantiﬁer-free formulas ψ0 and θ0 . Let y1 , . . . , ym and z1 , . . . , zn be new variables (that is, variables not occurring in ψ or θ ). Then by Corollaries 3.8 and 3.9, ψ ≡ Q1 y1 · · · Qm ym ψ0 (y1 , . . . , ym ), θ ≡ q1 z1 · · · qn zn θ0 (z1 , . . . , zn ), and so ϕ ≡ Q1 y1 · · · Qm ym ψ0 (y1 , . . . , ym ) ∧ q1 z1 · · · qn zn θ0 (z1 , . . . , zn ). Applying Proposition 3.14 twice, ϕ ≡ Q1 y1 · · · Qm ym q1 z1 · · · qn zn (ψ0 (y1 , . . . , ym ) ∧ θ0 (z1 , . . . , zn )) which is in PNF. Let ϕ be this formula. Finally, suppose ϕ is the formula ∃xψ. Then ϕ ≡ ∃x0 ψ for some variable x0 . Since ψ is in PNF, ∃x0 ψ is in PNF. So in this case, we can let ϕ be ∃x0 ψ . Given an arbitrary formula ϕ we have shown that there exists an equivalent formula ϕ in prenex normal form. Let Q1 x1 · · · Qn xn ϕ0 be the formula ϕ . Each Qi denotes a quantiﬁer and ϕ0 is a quantiﬁer-free formula. We want to show that ϕ is equivalent to a formula in conjunctive prenex normal form. It remains to be shown that ϕ0 is equivalent to a formula that is a conjunction of disjunctions. This can be done by induction on the complexity of ϕ0 . Since it is quantiﬁer-free, we do not have to consider the part of the induction step corresponding to ∃. Therefore, the proof is identical to the proof of Theorem 1.57 where it was shown that every formula of propositional logic is equivalent to a formula in CNF. Example 3.19 Let ϕ be the formula ¬(∀x∃yP (x, y, z) ∨ ∃x∀y¬Q(x, y, z)) having free variable z. By the previous theorem, there exists a formula ϕ in PNF that is equivalent to ϕ. Moreover, the proof of the theorem indicates a method for ﬁnding such ϕ . First, noting that ϕ has the form ¬ψ, we distribute the negation to obtain ϕ ≡ ∃x∀y¬P (x, y, z) ∧ ∀x∃yQ(x, y, z). So ϕ is equivalent to a formula of the form ψ ∧ θ. By renaming variables, we get ϕ ≡ ∃x∀y¬P (x, y, z) ∧ ∀u∃vQ(u, v, z). By applying Proposition 3.14 twice, ϕ ≡ ∃x∀y∀u∃v(¬P (x, y, z) ∧ Q(u, v, z)) which is in PNF. Moreover, this formula is in conjunctive PNF.

Proof theory

111

Our goal is to ﬁnd a method for determining whether a given formula is satisﬁable or not. By Theorem 3.18, it suﬃces to have a method that works for formulas in conjunctive prenex normal form (although, as we shall see in later chapters, no method “works” entirely). Next we show that we can simplify our formulas further. We show that we need only consider formulas that are universal: formulas in PNF in which the existential quantiﬁer ∃ does not occur. 3.2.2 Skolem normal form. Deﬁnition 3.20 A formula is in Skolem normal form (SNF), if it is universal and in conjunctive prenex normal form. Given any formula ϕ of ﬁrst-order logic we deﬁne a formula ϕS that is in SNF. We prove in Theorem 3.22 that ϕ is satisﬁable if and only if ϕS is satisﬁable. The formula ϕS is called a Skolemization of ϕ. The following is a step-by-step procedure for ﬁnding ϕS . • First we ﬁnd a formula ϕ in conjunctive prenex normal form such that ϕ ≡ ϕ. So ϕ is Q1 x1 · · · Qm xm ϕ0 (x1 , . . . , xm ) for some quantiﬁer-free formula ϕ0 and quantiﬁers Q1 , Q2 , . . . , Qm . • If each Qi is ∀, then ϕ is a universal formula. In this case let ϕS be ϕ . • Otherwise, ϕ has existential quantiﬁers. In this case we deﬁne a formula s(ϕ ) that has fewer existential quantiﬁers than ϕ . (So if ϕ has just one existential quantiﬁer, then s(ϕ ) is universal.) Let i be least such that Qi is ∃. If i = 1, then ϕ is ∃x1 Q2 x2 · · · Qm xm ϕ0 (x1 , . . . , xm ). Let s(ϕ ) be Q2 x2 · · · Qm xm ϕ0 (c, x2 , . . . , xm ) where c is a constant symbol that does not occur in ϕ . If i > 1, then ϕ is ∀x1 · · · ∀xi−1 ∃xi Qi+1 xi+1 · · · Qm xm ϕ0 (x1 , . . . , xm ). Let s(ϕ ) be the formula ∀x1 · · · ∀xi−1 Qi+1 xi+1 · · · Qm xm ϕ0 (x1 , . . . , xi−1 , f (x1 , . . . , xi−1 ), xi+1 , . . . , xm ), where f is an (i − 1)-ary function symbol that does not occur in ϕ . So if the ﬁrst quantiﬁer in ϕ is ∃, we replace x1 with a new constant. And if the ith quantiﬁer in ϕ is ∃ and all previous quantiﬁers are ∀, replace xi with f (x1 , . . . , xi−1 ) where f is a new function symbol.

112

Proof theory

• Since s(ϕ ) has fewer existential quantiﬁers than ϕ , by repeating this process, we will eventually obtain the required universal formula ϕS . That is, ϕS is sn (ϕ ) = s(s(s · · · s(ϕ ))) for some n. Example 3.21 Suppose ϕ is the formula ¬(∀x∃yP (x, y, z) ∨ ∃x∀y¬Q(x, y, z)). First, we ﬁnd a formula ϕ in conjunctive prenex normal form that is equivalent to ϕ. In Example 3.19 it was shown that ϕ is equivalent to ∃x∀y∀u∃v(¬P (x, y, z) ∧ Q(u, v, z)). Let ϕ be this formula. Next we ﬁnd s(ϕ ) as deﬁned above. Then we ﬁnd s(s(ϕ )) and s(s(s(ϕ ))), and so forth, until we get a formula in SNF. In this example, since ϕ has only two existential quantiﬁers, we will stop at s(s(ϕ )). We have s(ϕ ) is ∀y∀u∃v(¬P (c, y, z) ∧ Q(u, v, z)), and s(s(ϕ )) is ∀y∀u(¬P (c, y, z) ∧ Q(u, f (y, u), z)) which is in SNF. So we have successfully Skolemized the given formula ϕ and obtained the formula ∀y∀u(¬P (c, y, z)∧Q(u, f (y, u), z)). This is the formula denoted by ϕS . Theorem 3.22 Let ϕ be a formula of ﬁrst-order logic and let ϕS be the Skolemization of ϕ. Then ϕ is satisﬁable if and only if ϕS is satisﬁable. Proof By Theorem 3.18, we may assume that ϕ is in conjunctive prenex normal form. By induction, it suﬃces to show that ϕ is satisﬁable if and only if s(ϕ) is satisﬁable. There are two possibilities for s(ϕ). Case 1: If ϕ has the form ∃x1 Q2 x2 · · · Qm xm ϕ0 (x1 , . . . , xm ), then s(ϕ ) is Q2 x2 · · · Qm xm ϕ0 (c, x2 , . . . , xm ) for some constant c. Let ψ(x1 ) be the formula Q2 x2 · · · Qm xm ϕ0 (x1 , . . . , xm ) so that ϕ is ∃x1 ψ(x1 ) and s(ϕ ) is ψ(c). By the semantics for ∃, M |= ∃x1 ψ(x1 ) if and only if MC |= ψ(c), where MC is an expansion of M by constants one of which is c . It follows that ∃x1 ψ(x1 ) is satisﬁable if and only if ψ(c) is satisﬁable. Case 2: If ϕ is ∀x1 · · · ∀xi−1 ∃xi Qi+1 xi+1 · · · Qm xm ϕ0 (x1 , . . . , xm ) then s(ϕ ) is the formula ∀x1 · · · ∀xi−1 Qi+1 xi+1 · · · Qm xm ϕ0 (x1 , . . . , xi−1 , f (x1 , . . . , xi−1 ), xi+1 , . . . , xm ), where f is an (i − 1)-ary function symbol that does not occur in ϕ . Now let ψ(x1 , . . . , xi ) be the formula Qi+1 xi+1 · · · Qm xm ϕ0 (x1 , . . . , xm ). Suppose that ∀x1 · · · ∀xi−1 ∃xi ψ(x1 , . . . , xi ) is satisﬁable. Let M be a model.

Proof theory

113

Let Mf be an expansion of MC that interprets f in such a way that for all constants c1 , . . . , ci−1 , Mf |= ψ(c1 , . . . , ci−1 , f (c1 , . . . , ci−1 )). Then Mf |= ∀x1 · · · ∀xi−1 ψ(x1 , . . . , xi−1 , f (x1 , . . . , xi−1 )). So if ∀x1 · · · ∀xi−1 ∃xi ψ(x1 , . . . , xi ) is satisﬁable, then so is ∀x1 · · · ∀xi−1 ψ(x1 , . . . , xi−1 , f (x1 , . . . , xi−1 )). Conversely, if M |= ∀x1 · · · ∀xi−1 ψ(x1 , . . . , xi−1 , f (x1 , . . . , xi−1 )), then, by the meaning of ∃, M |= ∀x1 · · · ∀xi−1 ∃xi ψ(x1 , . . . , xi ). It follows that ϕ is satisﬁable if and only if s(ϕ) is satisﬁable. Note that ϕ and ϕS are not necessarily equivalent. Theorem 3.22 merely states that one is satisﬁable if and only if the other is. For example, if ϕ is the formula ∃xψ0 (x, y) for atomic ψ0 (x, y), then ϕS is ψ(c, y) which is equivalent to ∀xψ(x, y). Of course, ∃xψ(x, y) and ∀xψ(x, y) are not equivalent formulas, but if one of these formulas is satisﬁable, then so is the other. For our purposes, this is all we need. To determine whether ϕ is satisﬁable, it suﬃces to determine whether ϕS is satisﬁable.

3.3 Herbrand theory In this section we “reduce” sentences of ﬁrst-order logic to sets of sentences in propositional logic. More precisely, given ϕ in SNF we ﬁnd a (possibly inﬁnite) set E(ϕ) of sentences of propositional logic such that ϕ is satisﬁable if and only if E(ϕ) is satisﬁable. We know E(ϕ) is unsatisﬁable if and only if ∅ ∈ Res∗ (E(ϕ)). So we can use the method of resolution from propositional logic to show that a ﬁrst-order sentence ϕ in SNF is unsatisﬁable. By Theorem 3.22, we can use this method to determine whether any sentence of ﬁrst-order logic is unsatisﬁable. The method we describe in this section will not necessarily tell us if a sentence ϕ is satisﬁable. Since E(ϕ) may be inﬁnite, there may be no way to tell whether ∅ is not in Res∗ (E(ϕ)). But if ∅ is in Res∗ (E(ϕ)), then, by the compactness of propositional logic, we can derive it in a ﬁnite number of steps. Recall that to show that ϕ is satisﬁable, we must exhibit a model for ϕ. We have done this in previous examples. But to show that ϕ is unsatisﬁable, we must show that it does not hold in any structure. Previously, we had no way of doing this. Theorem 3.25 provides the key. We show that, in certain circumstances, it suﬃces to show that ϕ does not hold in a speciﬁc type of structure called a Herbrand structure. 3.3.1 Herbrand structures. Deﬁnition 3.23 Let V be a vocabulary. The Herbrand universe for V is the set of all variable free V-terms.

114

Proof theory

For example, if V contains constant a and unary function f , then the Herbrand universe for V contains a, f (a), f (f (a)), and so forth. If, in addition, V contains a binary function g, then the Herbrand universe will also contain g(a, a), g(a, f (a)), g(g(f (a), f (a)), f (f (a))), f (g(f (a), a)), and so forth. Recall that a V-structure is a set together with an interpretation for each of the symbols in V. Suppose that we take the Herbrand universe for V as our underlying set. Call this set H. If V has no constant symbols, then H is empty. Suppose this is not the case. Then we can turn the Herbrand universe H into a V-structure by giving an interpretation for V. There is a natural interpretation for each of the constants and functions on H. Any V-structure that has H as its underlying set and interprets the constants and functions in this “natural” way is called a Herbrand V-structure. For example, suppose V = {f , R, c} where f is a unary function, R is a binary relation, and c is a constant. Then the Herbrand universe for V is H = {c, f (c), f (f (c)), f (f (f (c))), . . .}. Let M = (H | f , R, c) be a V-structure having underlying set H. The set H has an element called c (the ﬁrst element in the above listing of H). If M interprets the constant c as any element of H other than the one denoted by c, there would be serious ambiguity. If M is a Herbrand structure, then there is no ambiguity, the constant c in V is interpreted as the element c of H. This is the natural interpretation for the constant c. Likewise, there is a natural interpretation for the function f . The interpretation assigns to f a function from H to H. Given an element of H as input, f outputs an element of H. If M is a Herbrand structure, then the function f when applied to the element c outputs the element f (c) (the second element in the above listing of H). Likewise, given input f (c), f outputs the element of H denoted by f (f (c)). This is the natural interpretation of f on H. So a V-structure M is a Herbrand structure if it has universe H and interprets the constants and functions in the manner suggested by the names given to the elements of H. It is a Herbrand structure regardless of how the relations are interpreted. So, if V contains a relation and a constant, then there are many Herbrand V-structures. Let H be the Herbrand universe and let M be a Herbrand structure for the vocabulary V. We list a few basic facts: • H is empty if and only if V contains no constants. • H is ﬁnite if and only if V contains no functions. • M is the unique Herbrand V-structure if and only if V contains no relations or H is empty.

Proof theory

115

Deﬁnition 3.24 Let Γ be a set of sentences. The Herbrand vocabulary for Γ, denoted VΓ , is deﬁned as follows. Let V0 be the set of functions, relations, and constants occurring in Γ. If V0 contains no constants, then VΓ = V0 ∪ {c}. Otherwise, VΓ = V0 . The Herbrand universe for Γ, denoted H(Γ), is the Herbrand universe for VΓ . M is a Herbrand model of Γ, if M is a Herbrand VΓ -structure and M |= ϕi for each ϕi in Γ. In the case where Γ contains a single sentence ϕ, we will replace Γ in the above notation with ϕ. Consider, for example, the sentence ∀x((f (x) = x) ∧ (f (f (x)) = x)). Call this sentence ϕ. The Herbrand vocabulary for ϕ is Vϕ = {f , c}, where f is a unary function and c is a constant. The Herbrand universe for ϕ is H(ϕ) = {c, f (c), f (f (c)), . . .}. In any Herbrand Vϕ -structure, c and f (f (c)) are distinct elements of the universe H(ϕ). Since ϕ asserts that for all x, f (f (x)) = x, the sentence ϕ has no Herbrand model. Yet ϕ is satisﬁable (ﬁnd a model for ϕ). The following theorem shows that this only happens when ϕ uses the symbol “=”. So if ϕ is a satisﬁable sentence that is equality-free, then ϕ has a Herbrand model. Theorem 3.25 Let Γ = {ϕ1 , ϕ2 , . . .} be a set of equality-free sentences in SNF. Then Γ is satisﬁable if and only if Γ has a Herbrand model. Proof If Γ has a Herbrand model, then, of course, Γ is satisﬁable. Conversely, suppose Γ is satisﬁable. Let VΓ be the Herbrand vocabulary for Γ. Let N be a VΓ -structure that models each ϕi ∈ Γ. Let M be a Herbrand VΓ -structure. We deﬁne a VΓ -structure M that is a hybrid of N and M . The universe of M is H(Γ), the Herbrand universe for VΓ . Let M interpret functions and constants the same way as M and relations the same way as N . Since, M and N may have diﬀerent universes, this requires some explaining. “M interprets functions and constants the same way as M ” means that M is a Herbrand VΓ -structure. To complete our description of M we must say how M interprets relations. For any n-ary relation R in VΓ and t1 , . . . , tn in the universe H(Γ) of M , we must say whether M |= R(t1 , . . . , tn ) or M |= ¬R(t1 , . . . , tn ). Since each ti ∈ H(Γ) is a variable free VΓ -term and N is a VΓ -structure, either N |= R(t1 , . . . , tn ) or N |= ¬R(t1 , . . . , tn ). We deﬁne M so that M |= R(t1 , . . . , tn ) if and only if N |= R(t1 , . . . , tn ). The theorem follows from two claims. Claim 1 For any VΓ -sentence ψ that is both quantiﬁer-free and equality-free, M |= ψ if and only if N |= ψ. Claim 2 For any SNF VΓ -sentence ψ that is equality-free, if N |= ψ then M |= ψ.

116

Proof theory

If Claim 2 is true, then M must model Γ. This is because, for each ϕi ∈ Γ, N |= ϕi and ϕi is in SNF and equality-free. Since M is a Herbrand VΓ -structure, M is a Herbrand model of Γ. So if we can prove Claim 2, then the theorem follows. We ﬁrst prove Claim 1, and then show that Claim 2 follows from Claim 1. Proof of Claim 1 Let ψ be quantiﬁer-free. We show that M |= ψ if and only if N |= ψ by induction on the complexity of ψ. If ψ is atomic, then, since ψ does not use “=”, ψ must be R(t1 , . . . , tn ) for some n-ary R in VΓ and VΓ -terms ti . Since ψ is a sentence, each ti must be variable free. That is, each ti is in H(Γ). By the deﬁnition of M , M |= ψ if and only if N |= ψ. Suppose M |= ψ1 if and only if N |= ψ1 and M |= ψ2 if and only if N |= ψ2 . Then clearly, M |= ¬ψ1 if and only if N |= ¬ψ1 and M |= ψ1 ∧ ψ2 if and only if N |= ψ1 ∧ ψ2 . It follows that M |= ψ if and only if N |= ψ for any quantiﬁer-free sentence ψ, completing the proof of Claim 1. Proof of Claim 2 We prove this claim by induction on the number of quantiﬁers in ψ. If ψ has no quantiﬁers, then by Claim 1, M |= ψ if and only if N |= ψ. Suppose ψ is ∀x1 · · · ∀xn ψ0 (x1 , . . . , xn ) where ψ0 is quantiﬁer (and equality) free. Our induction hypothesis is that Claim 2 holds for any equality-free sentence in SNF having fewer than n quantiﬁers. Let t be a variable free VΓ -term. Let ψ (x1 ) be the formula ∀x2 · · · ∀xn ψ0 (x1 , x2 , . . . , xn ) obtained by removing the ﬁrst quantiﬁer from the sentence ψ. Let t be any variable free VΓ -term. That is, t is in H(Γ). We have N |= ψ implies N |= ψ (t) (by the semantics of ∀) which implies M |= ψ (t) (by our induction hypothesis). So if N |= ψ then M |= ψ (t). But t was an arbitrary element of H(Γ). So, if N |= ψ, then M |= ψ (t) for all t ∈ H(Γ). Since H(Γ) is the universe of M , M |= ∀x1 ψ (x1 ) (by the semantics of ∀). Since ∀x1 ψ (x1 ) and ψ are the same, the proof of Claim 2 is complete. In particular, if Γ from the previous theorem contains a single sentence ϕ, we get the following. Corollary 3.26 Let ϕ be an equality-free sentence in SNF. Then ϕ is satisﬁable if and only if ϕ has a Herbrand model. 3.3.2 Dealing with equality. Now suppose ϕ is in SNF and does use “=”. We deﬁne a formula ϕE that does not use equality. Whereas Corollary 3.26 does not

Proof theory

117

apply to ϕ, it does apply to ϕE . Moreover, we prove that ϕ is satisﬁable if and only if ϕE is satisﬁable. Let V be the vocabulary of ϕ. That is, V is the ﬁnite set of constants, relations, and functions that occur in ϕ. Let E be a binary relation that is not in V. Let ϕ= be the sentence obtained by replacing each occurrence of t1 = t2 in ϕ (for V-terms t1 and t2 ) with E(t1 , t2 ). Let ϕER be the following sentence. ∀x∀y∀z(E(x, x) ∧ (E(x, y) ↔ E(y, x)) ∧ (E(x, y) ∧ E(y, z) → E(x, z))). This sentence says “E is an equivalence relation.” For each relation R in V, let ϕR be the formula n ∀x1 · · · ∀xn ∀y1 · · · ∀yn E(xi , yi ) ∧ R(x1 , . . . , xn ) → R(y1 , . . . , yn ) , i=1

where n is the arity of R. Let ϕ1 be the conjunction of all ϕR taken over all relations R ∈ V. Likewise, for each function f in V, let ϕf be the formula n ∀x1 · · · ∀xn ∀y1 · · · ∀yn E(xi , yi ) → E(f (x1 , . . . , xn ), f (y1 , . . . , yn )) , i=1

where n is the arity of f . Let ϕ2 be the conjunction of all ϕf taken over all functions f ∈ V. Now let ϕE be the sentence ϕ= ∧ ϕER ∧ ϕ1 ∧ ϕ2 . The formulas ϕER , ϕ1 , and ϕ2 together say that the binary relation E behaves like equality. Note that ϕ= , ϕER , ϕ1 , and ϕ2 are each equality-free formulas in SNF. If we put ϕE into prenex normal form (by pulling the quantiﬁers out front, renaming variables if need be) we obtain an equality-free formula ϕE that is in SNF. Lemma 3.27 For any formula ϕ in SNF, ϕ is satisﬁable if and only if ϕE is satisﬁable. Proof Let V be the vocabulary of ϕ and let VE = V ∪ {E} where E is a binary relation that is not in V. If M |= ϕ, then we can obtain a model for ϕE by interpreting E as equality in M . Conversely, suppose ϕE has a model N . Then E is an equivalence relation on N . Let U be the underlying set of N and let U/E be the set of all E-equivalence classes in U . We deﬁne a V-structure NE having U/E as an underlying set. We must say how NE interprets the constants, relations, and functions of V. For each a ∈ N , let [a] denote the E-equivalence class containing a.

118

Proof theory

For each constant c in V, NE interprets c as [c], the E-equivalence class of the interpretation of c in N . Let R be an n-ary relation in V. For any n-tuple ([a1 ], . . . , [an ]) of elements of U/E, NE |= R([a1 ], . . . , [an ]) if and only if N |= R(a1 , . . . , an ). Let f be an n-ary relation in V. For any [b] ∈ U/E and n-tuple ([a1 ], . . . , [an ]) of elements of U/E, NE |= f ([a1 ], . . . , [an ]) = [b] if and only if N |= f (a1 , . . . , an ) = b. Because N models both ϕ1 and ϕ2 , the structure NE is well deﬁned. Finally, it can be shown that NE |= ϕE by induction on the complexity of ϕ. Example 3.28 Consider the sentence ∀x((f (x) = x) ∧ (f (f (x)) = x)). If this sentence is ϕ, then ϕ= is the sentence ∀x(¬E(f (x), x) ∧ E(f (f (x)), x)) and ϕ2 is the sentence ∀x∀y(E(x, y) → E(f (x), f (y))). Since ϕ contains no relations, we need not consider ϕ1 . The conjunction ϕE of ϕ= , ϕ2 , and ϕER , is equivalent to the following sentence ϕE in SNF. ∀x∀y∀z(¬E(f (x), x) ∧ E(f (f (x)), x) ∧ (E(x, y) → E(f (x), f (y))) ∧E(x, x) ∧ (E(x, y) ↔ E(y, x)) ∧ ((E(x, y) ∧ E(y, z)) → E(x, z))). Now, by Corollary 3.26, ϕE has a Herbrand model. That is, there is a model for ϕE having universe H(ϕ) = {c, f (c), f (f (c)), . . .}. Indeed, we may interpret E on H(ϕ) to be the equivalence relation having the following two classes: Codd = {t ∈ H(ϕ) | t has an odd number of f s}, and Ceven = {t ∈ H(ϕ) | t has an even number of f s}. It follows that ϕ has a model having only two elements. Let N be the structure having universe {codd , ceven } that interprets the function f by the rule f (codd ) = ceven and f (ceven ) = codd . Clearly, N |= ϕ. 3.3.3 The Herbrand method. We now describe a method for determining whether an arbitrary sentence ϕ of ﬁrst-order logic is unsatisﬁable. We have

Proof theory

119

shown that we may assume ϕ is equality-free and is in SNF. Let ϕ be ∀x1 · · · ∀xn ϕ0 (x1 , . . . , xn ), where ϕ0 is quantiﬁer-free and equality-free. Let H(ϕ) be the Herbrand universe of ϕ. Let E(ϕ) be the set {ϕ0 (t1 , . . . , tn ) | t1 , . . . , tn ∈ H(ϕ)}. So E(ϕ) is the set obtained by substituting terms from H(ϕ) for the variables of ϕ0 in every possible way. Let {ϕ1 , ϕ2 , . . .} be an enumeration of E(ϕ). We claim that ϕ is satisﬁable if and only if E(ϕ) is satisﬁable. If M is a model of ϕ, then M |= ∀x1 · · · ∀xn ϕ0 (x1 , . . . , xn ). In particular, M |= ϕ0 (t1 , . . . , tn ) for all variable free Vϕ -terms ti . That is, M models each ϕi in E(ϕ) and so E(ϕ) is satisﬁable. Conversely, suppose E(ϕ) is satisﬁable. Then, by Theorem 3.25, E(ϕ) has a Herbrand model M . Note that the Herbrand vocabulary for E(ϕ) is the same as the Herbrand vocabulary for ϕ. So the universe of M is H(ϕ). For each t1 , . . . , tn in H(ϕ), M models ϕ0 (t1 , . . . , tn ) since this sentence is in E(ϕ). It follows from the semantics of ∀ that M |= ∀x1 · · · ∀xn ϕ0 (x1 , . . . , xn ). That is, M |= ϕ and ϕ is satisﬁable. So ϕ is unsatisﬁable if and only if E(ϕ) is unsatisﬁable. Since E(ϕ) contains sentences with no quantiﬁers, we can view E(ϕ) as a set of sentences of propositional logic. Since ϕ is in SNF, each ϕi in E(ϕ) is in CNF. We know from propositional logic that the set E(ϕ) is unsatisﬁable if and only if ∅ ∈ Res∗ (E(ϕ)). By the compactness of propositional logic, E(ϕ) is unsatisﬁable if and only if some ﬁnite subset {ϕ1 , . . . , ϕm } is unsatisﬁable. So if ϕ is unsatisﬁable, then ∅ ∈ Res∗ ({ϕ1 , . . . , ϕm }) for some m. This gives us a method for showing that ϕ is unsatisﬁable. Check if ∅ is in Res∗ ({ϕ1 , . . . , ϕm }) for some m. Recall that Res∗ ({ϕ1 , . . . , ϕm }) is a ﬁnite set. If ∅ is in Res∗ ({ϕ1 , . . . , ϕm }) we stop and conclude that ϕ must be unsatisﬁable. Otherwise we continue and check Res∗ ({ϕ1 , . . . , ϕm , ϕm+1 }). If ϕ is unsatisﬁable, then this method will eventually ﬁnd ∅ and conclude that ϕ is unsatisﬁable in a ﬁnite number of steps. If ϕ is satisﬁable, however, this procedure will continue forever. So, in principle, we have a method to show that a given sentence of ﬁrstorder logic is unsatisﬁable. The ﬁrst step is to ﬁnd ϕ that is in SNF and does not use “=”. This can be done relatively quickly (in polynomial time). But to show that ∅ ∈ Res∗ (E(ϕ)) can take an arbitrarily large amount of time. This method is far from eﬃcient. Even if ∅ is in Res∗ (E(ϕ)), it may take a very long time to ﬁnd it. In the next section, we deﬁne another way to show that a formula is unsatisﬁable. We deﬁne resolution for ﬁrst-order logic. This method is not polynomial

120

Proof theory

time, but it is more systematic than the method described here. Herbrand theory will be useful in proving that the resolution we deﬁne works.

3.4 Resolution for ﬁrst-order logic We now deﬁne resolution for ﬁrst-order logic. Let ϕ be any sentence in SNF. Then ϕ has the form ∀x1 ∀x2 · · · ∀xm ϕ0 where ϕ0 is a conjunction of disjunctions of literals. In particular, ϕ0 is quantiﬁer-free, and so it can be viewed as a formula of propositional logic that is in CNF. Let C(ϕ0 ) denote the set of all clauses in the CNF formula ϕ0 . We deﬁne C(ϕ) to be C(ϕ0 ). That is, C(ϕ) = {C1 , . . . , Cm } where Ci is the set of all literals occurring in the ith disjunction. For example, if ϕ is the sentence = ∀x∀y∀z((P (x, y) ∨ ¬Q(x, z)) ∧ ((R(x, y, z) ∨ ¬P (f (x, y), z)), then C(ϕ) is the set {{P (x, y), ¬Q(x, z)}, {R(x, y, z), ¬P (f (x, y), z)}}. Note that a sentence ϕ in SNF uniquely determines C(ϕ). Conversely, by Proposition 1.67, C(ϕ0 ) determines ϕ0 up to equivalence. It follows that C(ϕ) determines ϕ up to equivalence. That is, if C(ϕ) = C(ψ) for sentences ϕ and ψ in SNF, then ϕ ≡ ψ. For this reason, we need not distinguish between formulas in SNF and sets of clauses. We want to say what it means for a clause R to be a resolvent of two clauses C1 and C2 . As in propositional logic, a resolvent of C1 and C2 is a consequence of the conjunction of C1 and C2 . Before giving a formal deﬁnition for resolvents, we consider a couple of examples. Example 3.29 Let C1 = {¬Q(x, y), P (f (x), y)} and C2 = {¬P (f (x), y), R(x, y, z)}. The clause R = {¬Q(x, y), R(x, y, z)} is a resolvent of C1 and C2 . This works the same way as in propositional logic. Since the literal P (f (x), y) occurs in one clause and the negation of this same literal occurs in the other, the resolvent can be formed by taking the union of C1 and C2 less P (f (x), y) and ¬P (f (x), y). Example 3.30 Let C1 = {¬Q(x, y), P (f (x), y)} and C2 = {¬P (z, y), R(x, y, z)}. Then we cannot directly ﬁnd a resolvent of C1 and C2 as in the previous example. Let C2 be the clause obtained by substituting f (x) for z in the clause C2 . That is, C2 = {¬P (f (x), y), R(x, y, f (x))}. We make two observations. First, we can easily ﬁnd a resolvent of C1 and C2 , namely R = {¬Q(x, y), R(x, y, f (x))}. Second, note that C2 is a consequence of C2 . This is because the SNF sentence represented by C2 asserts that the formula ¬P (z, y) ∨ R(x, y, z) holds for every

Proof theory

121

x, y, and z. In particular, this formula holds in the speciﬁc case where z = f (x). That is, C2 implies C2 . Hence, R, which is a consequence of {C1 , C2 }, is also a consequence of {C1 , C2 }. We deﬁne resolvents so that R is a resolvent of C1 and C2 (and of C1 and C2 as well). We diagram this situation as follows: C2 C1

C2

R So prior to ﬁnding a resolvent, we must ﬁrst make substitutions for variables to make certain literals look the same. In the previous example, we did a substitution that made P (f (x), y) and P (z, y) identical. This process is called uniﬁcation and we postpone the formal deﬁnition of “resolvent” until after we have discussed uniﬁcation in detail. 3.4.1 Uniﬁcation. Let L = {L1 , . . . , Ln } be a set of literals. We say L is uniﬁable if there exist variables x1 , . . . , xm and terms t1 , . . . , tm such that substituting ti for xi (for each i) makes each literal in L look the same. We denote such a substitution by sub = (x1 /t1 , x2 /t2 , . . . , xm /tm ). For any sentence ϕ in SNF, we denote the result of applying this substitution to ϕ by ϕsub. For example, if sub = (x/w, y/f (a), z/f (w)) and ϕ = {¬Q(x, y), R(a, w, z)}, then ϕsub = {¬Q(w, f (a)), R(a, w, f (w))}. If L is a set of literals, then Lsub denotes the set of all Li sub such that Li ∈ L. So L is uniﬁable if and only if there exists a substitution sub such that Lsub contains only one literal. If this is the case, we call sub a uniﬁer for L and say that sub uniﬁes L. Example 3.31 Let L = {P (f (x), y), P (f (a), w)}. Let sub1 = (x/a, y/w) and sub2 = (x/a, y/a, w/a). Then both sub1 and sub2 unify L. We have Lsub1 = {P (f (a), w)} and Lsub2 = {P (f (a), a)}. Note that, by making another substitution, we can get Lsub2 from Lsub1 . Namely, if sub3 = (w/a), then sub1 sub3 (sub1 followed by sub3 ) has the same eﬀect as sub2 . However, we cannot generate Lsub1 from Lsub2 since Lsub2 has no variables. So, in some sense, the uniﬁer sub1 is better for our purposes. It is more versatile. “Our purposes” will be resolution, and if we choose sub2 as our uniﬁer instead of sub1 , we might needlessly limit our options. Deﬁnition 3.32 Let L be a set of literals. The substitution sub is a most general uniﬁer for L if it uniﬁes L and for any other uniﬁer sub for L, we have subsub = sub .

122

Proof theory

In Example 3.31, sub1 is the most general uniﬁer. As we pointed out, this is the best uniﬁer for our purposes. Proposition 3.33 A ﬁnite set of literals is uniﬁable if and only if it has a most general unifer. There are two possiblities for a ﬁnite set L of literals, either it is uniﬁable or it is not. Proposition 3.33 asserts that if L is uniﬁable, then it automatically has a most general uniﬁer. We prove this by exhibiting an algorithm that, given L as input, outputs “not uniﬁable” if no uniﬁer exists and otherwise ouputs a most gerneal uniﬁer for L. The algorithm runs as follows.

The uniﬁcation algorithm Given: a ﬁnite set of literals L. Let L0 = L and sub0 = ∅. Suppose we know Lk and subk . If Lk contains just one literal, output “sub0 sub1 · · · subk is a most general uniﬁer for L.” Otherwise, there exist Li and Lj in Lk such that the nth symbol of Li diﬀers from the nth symbol of Lj (for some n). Suppose n is least in this regard. If the nth symbol of Li is a variable v and the nth symbol of Lj is the ﬁrst symbol of a term t that does not contain v or vice versa (with Li and Lj reversed) then: Let subk+1 = (v/t) and Lk+1 = Lk subk+1 . If any of the hypotheses of the previous sentence do not hold, output “L is not uniﬁable.” We must verify that this algorithm works. First we give a demonstration. Example 3.34 Let L = {R(f (g(x)), a, x), R(f (g(a)), a, b), R(f (y), a, z)}. First set L0 = L and sub0 = ∅. As we read each of the three literals in L0 from left to right, we see that each begins with “R(f (. . . ”, but then there is a discrepency. Whereas the second literal continues with “g(a)”, the third literal has “y”. We check that one of these two terms is a variable and the other is a term that does not contain that variable. This is the case and so we let sub1 = (y/g(a)), and L1 = L0 sub1 = {R(f (g(x)), a, x), R(f (g(a)), a, b), R(f (g(a)), a, z)}. We note that L1 contains more than one literal and proceed. Now all literals begin with R(f (g(. . . , but then the ﬁrst literal has “x” and the second has “a”.

Proof theory

123

One of these is a variable and the other is a term that does not contain that variable, and so we let sub2 = (x/a), and L2 = L1 sub2 = {R(f (g(a)), a, a), R(f (g(a)), a, b), R(f (g(a)), a, z)}. The set L2 still contains more than one literal, and so we continue. Each literal in L2 looks the same up to R(f (g(a)), a, . . . , but then the ﬁrst literal has “a” and the second has “b.” Neither of these is a variable, and so the algorithm concludes with output “L is not uniﬁable.” If the algorithm outputs “not uniﬁable,” it is for one of two reasons. One is illustrated by the previous example. Here we had a discrepency between two literals that did not involve a variable. Where one literal had the constant a, the other had b. Clearly, this cannot be reconciled by a substitution and the set is, in fact, not uniﬁable. The other possibility is that the dicrepency involves a variable and a term, but the variable occurs in the term. For example, the set {P (x, y), P (x, f (y))} is not uniﬁable. No matter what we substitute for the variables x and y, the second literal will have one more occurrence of f than the ﬁrst literal. The algorithm, noting a discrepency occurs with y and f (y), will terminate with “not uniﬁable” because the variable y occurs in the term f (y). Both reasons for concluding “not uniﬁable” are good reasons. If the algorithm yields this output, then the set must not be uniﬁable. Note that, when applied to the set L from Example 3.31, this algorithm outputs sub1 as the most general uniﬁer. So, in these examples, the algorithm works. We want to show that it always works. If the set L is a ﬁnite set, then only ﬁnitely many variables occur in L. It follows that the algorithm when applied to L must terminate in a ﬁnite number of steps. If it terminates with “L is not uniﬁable,” then, as we have already mentioned, L must not be uniﬁable. Otherwise, the algorithm outputs “sub0 sub1 · · · subk is a most genral uniﬁer.” We must show that, when this statement is the output, it is true. The algorithm outputs “sub0 sub1 · · · subk is the most genral uniﬁer” only if Lk = Lsub0 sub1 · · · subk contains just one literal. If this is the output, then sub0 sub1 · · · subk is a uniﬁer. We must show that it is a most general uniﬁer. Let sub be any other uniﬁer for L. We know that sub0 sub = sub because sub0 is empty. Now suppose that we know sub0 · · · subm sub = sub for some m, 0 ≤ m < k. Then Lm sub = Lsub0 · · · subm sub = Lsub = {L}. That is, since sub uniﬁes L, it also uniﬁes Lm . Suppose subm+1 is (x/t). By the deﬁnition of the algorithm, t must be a term in which the variable x does not occur. Moreover, for some literals Li and Lj in Lm , x occurs in the nth place of Li and t begins in the nth place of Lj

124

Proof theory

(for some n). Since sub uniﬁes Lm , sub must do the same thing to both x and t. That is, xsub = tsub . It follows that subm+1 sub = (x/t)sub = sub . By induction, we have sub0 · · · subm+1 sub = sub for all m < k. In particular, sub0 · · · subk sub = sub and sub0 · · · subk is the most general uniﬁer for L. 3.4.2 Resolution. We now deﬁne resolution for ﬁrst-order logic. Recall that for any literal L, L is the literal deﬁned by L = ¬L or ¬L = L. Deﬁnition 3.35 Let C1 and C2 be two clauses. Let s1 and s2 be any substitutions such that C1 s1 and C2 s2 have no variables in common. Let L1 , . . . , Lm ∈ C1 s1 and L1 , . . . , Ln ∈ C2 s2 be such that L = {L1 , . . . , Lm , L1 , . . . , Ln } is uniﬁable. Let sub be a most general uniﬁer for L. Then R = [(C1 s1 − {L1 , . . . , Lm }) ∪ (C2 s2 − {L1 , . . . , Ln })]sub is a resolvent of C1 and C2 . Let ϕ be a sentence in SNF. Then ϕ = {C1 , . . . , Cn } for some clauses C1 , . . . , Cn . Let Res(ϕ) = {R| R is a resolvent of some Ci and Cj in ϕ}. Let Res0 (ϕ) = ϕ, and Resn+1 = Res(Resn (ϕ)). Let Res∗ (ϕ) = n Resn (ϕ). The same notation was used in propositional logic. However, unlike the propositional case, Res∗ (ϕ) may be an inﬁnite set. To justify this notation and the deﬁnition of “resolvent” we need to show that ∅ ∈ Res∗ (ϕ) if and only if ϕ is unsatisﬁable. First we look at an example. Example 3.36 Let C1 = {Q(x, y), P (f (x), y)}, and C2 = {R(x, c), ¬P (f (c), x), ¬P (f (y), h(z))}. Suppose we want to ﬁnd a resolvent of C1 and C2 . First, we need to rename some variables since x and y occur in both C1 and C2 . Let s1 = (x/u, y/v). Then C1 s1 = {Q(u, v), P (f (u), v)} which has no variables in common with C2 . Second, note that C1 s1 contains a literal of the form P ( , ) and C2 contains literals of the form ¬P ( , ). Namely, P (f (u), v) is in C1 s1 and ¬P (f (c), x) and ¬P (f (y), h(z)) are in C2 . Let L = {P (f (u), v), P (f (c), x), P (f (y), h(z))}. By applying the uniﬁcation algorithm, we see that L is uniﬁable and sub = (u/c, y/c, v/h(z), x/h(z)) is a most general uniﬁer. We conclude that C1 and C2 have resolvent R = [(C1 s1 − {P (f (u), v)}) ∪ (C2 − {¬P (f (c), x), ¬P (f (y), h(z))})]sub = {Q(u, v), R(x, c)}sub = {Q(c, h(z)), R(h(z), c)}.

Proof theory

125

We verify that the resolvent R from the previous example is in fact a consequence of C1 and C2 . Recall that C1 and C2 represent sentences in SNF. C1 represents ∀x∀y(Q(x, y)) ∨ P (f (x), y)), and C2 represents ∀x∀y∀z(R(x, c)) ∨ ¬P (f (c), x) ∨ ¬P (f (y), h(z)). Suppose C1 and C2 hold (in some structure). Then, since these sentences are universal, they hold no matter what we plug in for the variables. In particular, C1 s1 sub ≡ ∀z(Q(c, h(z)) ∨ P (f (c), h(z))), and C2 sub ≡ ∀z(R(h(z), c)) ∨ ¬P (f (c), h(z)) both hold. That is, C1 s1 sub is a consequence of C1 and C2 sub is a consequence of C2 . Put another way, C1 s1 sub ≡ ∀z(¬Q(c, h(z)) → P (f (c), h(z))), and C2 sub ≡ ∀z(P (f (c), h(z)) → R(h(z), c)). From these two sentences, we can deduce ∀z(¬Q(c, h(z)) → R(h(z), c)) which is equivalent to ∀z(Q(c, h(z)) ∨ R(h(z), c)) which is the sentence represented by R. Hence, R is a consequence of the conjunction of C1 and C2 . In a similar manner, we can show that any resolvent of any two clauses is necessarily a consequence of the conjunction of the two clauses. It follows that if ∅ ∈ Res∗ (ϕ), then ϕ must be unsatisﬁable. Conversely, suppose ϕ is unsatisﬁable. We need to show that ∅ ∈ Res∗ (ϕ). At the end of the previous section we showed that ϕ is unsatisﬁable if and only if the set E(ϕ) is unsatisﬁable. Recall that E(ϕ) is the set of all sentences obtained by replacing each variable of ϕ with a term from the Herbrand universe. These sentences can be viewed as sentences of propositional logic. Suppose that C1 and C2 are in E(ϕ) and R is a resolvent of C1 and C2 in the sense of propostional logic. Then there are some clauses C1 and C2 of ϕ such that C1 = C1 sub1 and C2 = C2 sub2 . In the following lemma we show that there exists a resolvent R of C1 and C2 (in the sense od ﬁrst-order logic) and a substitution sub such that Rsub = R . So, essentially, this lemma says that any R that can be derived from E(ϕ) using propositional resolution can also be derived from ϕ using ﬁrst-order resolution.

126

Proof theory

Lemma 3.37 (Lifting lemma) Let ϕ be a sentence in SNF. If R ∈ Res(E(ϕ)), then there exists R ∈ Res(ϕ) such that such that Rsub = R for some substitution sub . This is called the “Lifting lemma” because we are “lifting” the resolvent R from propositional logic to ﬁrst-order logic. Let ϕ be a sentence in SNF and let C1 and C2 be two clauses of ϕ. Let s1 be a substitution such that C1 s1 and C2 have no variables in common. Let C1 and C2 in E(ϕ) be such that C1 s1 sub1 = C1 and C2 sub2 = C2 for some substitutions sub1 and sub2 . Let R be a resolvent (in propositional logic sense) of C1 and C2 . This setup can be diagramed as follows: C1

sub1

C1 s1

C2

C1

C2

R

sub2

The lemma says that if this setup holds, then there exists a resolvent R of C1 s1 and C2 (in the sense of ﬁrst-order logic) such that Rsub = R for some substitution sub . This conclusion can be diagramed as follows: C1 C1 s1

C2

R R In the ﬁrst diagram, the resolvent is taken as in propositional logic. In the second diagram, the resolvent R is as in Deﬁnition 3.35. The vertical lines in each diagram refers to a substitution. The lemma can be summarized as saying “if the ﬁrst diagram holds, then so does the second diagram.” Proof of Lemma Supose the ﬁrst diagram holds. Then there must exist some literal L ∈ C1 such that L ∈ C2 and R = (C1 − {L}) ∪ (C2 − {L}). This is the deﬁnition of resolvent for propositional logic.

Proof theory

127

Let sub = sub1 sub2 . Since C1 s1 and C2 have no variables in common, C1 s1 sub = C1 s1 sub1 = C1 and C2 sub = C2 sub2 = C2 . Let L1 = {L1 , . . . , Ln } be the set of all Li in C1 s1 such that Li sub = L. Likewise, let L2 = {L1 , . . . , Lm } be the set of all Li in C2 such that Li sub = L. We have the following diagram: sub

L1 L

⊂ C1 s1 ∈

C1

R

C2

⊃ L2

C2

sub

L

¯ 1 ∪ L2 ). This set is uniﬁable Let L = {L1 , . . . , Ln , L1 , . . . , Lm } (that is L = L since Lsub = {L}. Let sub be a most general uniﬁer for L. Then we can apply Deﬁnition 3.35 to ﬁnd the following resolvent of C1 and C2 : R = [(C1 s1 − L1 ) ∪ (C2 − L2 )]sub. Referring to the second diagram of the lemma, we see that it remains to be shown that R can be obtained from R by a substitution. We complete the proof of the lemma by showing that Rsub = R . By applying sub we get Rsub = [(C1 s1 − L1 ) ∪ (C2 − L2 )]subsub . Since sub is a uniﬁer for L and sub is a most general uniﬁer for L, we know subsub = sub . So we have Rsub = [(C1 s1 − L1 ) ∪ (C2 − L2 )]sub = (C1 s1 sub − L1 sub ) ∪ (C2 sub − L2 sub ) = (C1 − {L}) ∪ (C2 − {L}) = R . Corollary 3.38 Let ϕ be a sentence in SNF. If C ∈ Res∗ (E(ϕ)), then there exists C ∈ Res∗ (ϕ) and a substitution sub such that Csub = C . Proof If C ∈ Res∗ (E(ϕ)), then C ∈ Resn (E(ϕ)) for some n. We prove the corollary by induction on n. If n = 0, then C ∈ E(ϕ). Then, by the deﬁnition of E(ϕ), C is obtained by substituting variable free terms in for the variables of some C ∈ ϕ. For the induction step, we utilize the Lifting lemma. Suppose that for some m, each clause of Resm (E(ϕ)) is obtained from some clause of Res∗ (ϕ) via substitution. Let ϕ˜ ⊂ Res∗ (ϕ) be such that every clause of Resm (E(ϕ)) comes ˜ If C ∈ Resm+1 (E(ϕ)), then from some clause in ϕ. ˜ Then Resm (E(ϕ)) ⊂ E(ϕ). ˜ By the Lifting lemma, there is some C ∈ Res(ϕ) ˜ such that C ∈ Res(E(ϕ)). ∗ Csub = C for some substitution sub . Since ϕ˜ ⊂ Res (ϕ), C ∈ Res∗ (ϕ).

128

Proof theory

In particular, if ∅ ∈ Res∗ (E(ϕ)), then there exists some C ∈ Res∗ (ϕ) such that Csub = ∅ for some substitution sub . But this is only possible if C = ∅. So if ∅ ∈ Res∗ (E(ϕ)), then ∅ ∈ Res∗ (ϕ). We conclude that if ϕ is unsatisﬁable, then ∅ ∈ Res∗ (ϕ). We have shown that the notion of resolution deﬁned in this section works. We state this as a theorem. Theorem 3.39 Let ϕ be a sentence in SNF. Then ϕ is unsatisﬁable if and only if ∅ ∈ Res∗ (ϕ).

3.5 SLD-resolution One purpose of resolution is to provide a method of proof that can be done by a computer. Toward this aim, we reﬁne resolution in this section. Our goal is to ﬁnd a version of resolution that can be completely automated. The advantage of resolution over other formal proof systems is that it rests on a single rule. Resolution proofs may not be the most succinct. They will not lend insight as to why, say, a sentence ϕ is unsatisﬁable. The beneﬁt of resolution is precisely that it does not require any insight. To show that ϕ is unsatisﬁable, we can blindly compute Res∗ (ϕ) until we ﬁnd ∅. However, this method is not practical. If ∅ is in Res∗ (ϕ), then calculating the clauses in Res∗ (ϕ) one-by-one in no particular order is not an eﬃcient way of ﬁnding it. The ﬁrst two theorems of this section show that it is not necesssary to compute all of Res∗ (ϕ). We show that we only need to compute resolvents R of clauses C1 and C2 that have certain forms. We refer to C1 and C2 as the parents of R. Deﬁnition 3.40 N -resolution requires that one parent contain only negative literals. We look at an example from propositional logic. Let ϕ = {{A, B}, {¬A, C}, {¬B, D}, {¬C}, {¬D}}. We show that ϕ is unsatisﬁable using N -resolution. {¬A, C} {A, B}

{¬C} {¬A}

{¬B, D}

{B}

{¬B}

{¬D}

∅ Note that each resolvent has a parent that contains only negative literals.

Proof theory

129

Deﬁnition 3.41 Linear resolution requires that one parent be the resolvent from the previous step. The word “linear” refers to the diagram. The previous diagram is not linear because it has two “branches.” The following diagram illustrates a linear resolution for this same example.

{¬A, C} {A, B} {¬B, D} {¬D}

{¬C} {¬A} {B} {D}

∅ So we can derive the emptyset from ϕ either by N -resolution or linear resolution. The next two theorems show that this is true for any unsatisﬁable ϕ. That is, to show that ϕ is unsatisﬁable, we can restrict our computations to N -resolution or linear resolution. Theorem 3.42 Let ϕ be a sentence in SNF. Then ϕ is unsatisﬁable if and only if ∅ can be derived from ϕ by N -resolution. Proof If ∅ can be derived by N -resolution, then ∅ ∈ Res∗ (ϕ) and so ϕ is unsatisﬁable. Conversely, suppose ϕ is unsatisﬁable. By the Lifting lemma, it suﬃces to prove this theorem for propositional logic. This requires some explanation. If ∅ can be derived from E(ϕ) by N -resolution, then we can “lift” this to a derivation of ∅ from ϕ. By “lift” we mean that the former can be obtained from the latter via substitutions. Note that a clause C contains only negative literals if and only if Csub does (for any substitution sub). So an N -resolution derivation in propositional logic lifts to an N -resolution derivation in ﬁrst-order logic. Having said this, we assume ϕ is an unsatisﬁable set of sentences of propositional logic in CNF. By compactness, we may assume ϕ is ﬁnite. We showed that ∅ ∈ Res∗ (ϕ) in Proposition 1.74. Following that same proof, we show that ∅ can be derived by N -resolution. Let ϕ = {C1 , . . . , Ck }. We assume that none of the Ci s is a tautology (otherwise we just throw away these clauses and show that ∅ can be derived

130

Proof theory

from what remains). We will prove this proposition by induction on the number n of atomic subformulas of ϕ. First suppose n = 1. Let A be the only atomic formula that occurs in ϕ. Then there are only three possible clauses in ϕ. Each Ci is either {A}, {¬A}, or {A, ¬A}. The last clause is a tautology, and so, by our previous assumption, it is not a clause of ϕ. So the only clauses in ϕ are {A} and {¬A}. There are three possibilities, ϕ = {{A}}, ϕ = {{¬A}}, or ϕ = {{A}, {¬A}}. The ﬁrst two of these are satisﬁable. So ϕ must be {{A}, {¬A}}. Clearly, ∅ can be derived by N -resolution. Now suppose ϕ has atomic subformulas A1 , . . . , An+1 . Suppose further that ∅ can be derived by N -resolution from any unsatisﬁable formula ψ that uses only the atomic formulas A1 , . . . , An . Let ϕ˜0 be the conjunction of all Ci in ϕ that do NOT contain ¬An+1 . Let ϕ˜1 be the conjunction of all Ci in ϕ that do NOT contain An+1 . If An+1 and ¬An+1 are both in a clause, then that clause is a tautology. By our assumption, there is no such clause and ϕ˜0 ∪ ϕ˜1 = ϕ. Let ϕ0 = {Ci − {An+1 }|Ci ∈ ϕ˜0 }. Let ϕ1 = {Ci − {¬An+1 }|Ci ∈ ϕ˜1 }. That is, ϕ0 is formed by throwing An+1 out of each clause of ϕ˜0 in which it occurs. Likewise, ϕ1 is obtained by throwing ¬An+1 out of each clause of ϕ˜1 . Note that ϕ0 is the formula obtained by replacing An+1 in ϕ with a contradiction, and ϕ1 is obtained by replacing An+1 in ϕ with a tautology. Since An+1 must either have truth value 0 or 1, it follows that ϕ ≡ ϕ0 ∨ ϕ1 . Since ϕ is unsatisﬁable, ϕ0 and ϕ1 are each unsatisﬁable. The formulas ϕ0 and ϕ1 only use the atomic formulas A1 , . . . , An . By our induction hypothesis, we can derive ∅ from both ϕ0 and ϕ1 using N -resolution. Now ϕ0 was formed from ϕ˜0 by throwing An+1 out of each clause. Since we can derive ∅ from ϕ0 by N -resolution, we can derive either ∅ or {An+1 } from ϕ˜0 by N -resolution (by reinstating {An+1 } in each clause of ϕ0 ). Likewise, we can derive either ∅ or {¬An+1 } from ϕ˜1 by N -resolution. In any case, we can use N -resolution to derive ∅ from ϕ = ϕ˜0 ∪ ϕ˜1 . Theorem 3.43 Let ϕ be a sentence in SNF. Then ϕ is unsatisﬁable if and only if ∅ can be derived from ϕ by linear resolution. Proof As with Theorem 3.42, only one direction of this theorem requires proof. Suppose that ϕ is unsatisﬁable. We want to show that ∅ can be derived from ϕ by linear resolution. By the Lifting lemma, it suﬃces to prove this for propositional

Proof theory

131

logic. So suppose ϕ is a set of sentences in propositional logic that are in CNF. We say that a set of sentences is minimal unsatisﬁable if it is unsatisﬁable and every proper subset is satisﬁable. By Exercise 1.33(b), ϕ contains a minimal unsatisﬁable subset ϕ . The following lemma states that for any C ∈ ϕ , we can derive ∅ by linear resolution begining with C as one parent. The proof of this lemma completes the proof of Theorem 3.43. Lemma 3.44 Let F be a minimal unsatisﬁable set of sentences of propositional logic that are in CNF. For any C ∈ F, we can derive ∅ from F by linear resolution begining with C as one parent. Proof By the Compactness of propositional logic, it suﬃces to prove this for ﬁnite F. So we may view F as a formula in CNF. We proceed by induction on the number n of atomic subformulas of F. If n = 1, then F = {{A}, {¬A}} for some atomic formula A. In this case, the conclusion of the lemma is obvious. Now suppose that, for some n ∈ N, F contains n + 1 atomic subformulas. Our induction hypothesis is that the lemma holds for any formula in CNF containing at most n atomic subformulas. Let L be a literal in C. This literal partitions F into three subsets as follows. Let C = {C1 , . . . , Ci } be the set of clauses in F that contain L. Let D = {D1 , . . . , Dj } be the set of clauses in F that contain L. Let E = {E1 , . . . , Ek } be the set of clauses in F that contain neither L nor L. Any clause that contains both L and L is a tautology. Since F is minimal unsatisﬁable, F contains no such clauses. So every clause in F is in exactly one of the above three sets. Note that C is in C. We may assume that C1 = C. Case 1: C = {L}. For any clause D ∈ F, we can ﬁnd a resolvent of C and D if and only if D is in D. If D is in D, then let D denote the resolvent of C and D. That is, D is the formula obtained by removing L from the formula D. Since F is unsatisﬁable, we can derive ∅ from F by resolution. Since it is minimal unsatisﬁable the clause C, as well as each clause of F, is needed in this derivation. It follows that the clause D1 ∈ D must exist. Let FL be the set {D1 , . . . , Dj , E1 , . . . , Ek }. Note that FL is equivalent to the formula obtained from F by replacing L with a tautology and L with a contradiction. Either L or L is an atomic formula that occurs in F but not FL . If F contains n + 1 atomic subformulas, then FL

132

Proof theory

contains n atomic subformulas. Our induction hypothesis applies to any minimal unsatisﬁable subset of FL . Claim There is a minimal unsatisﬁable subset of FL containing D1 . First we show that FL is unsatisﬁable. Suppose to the contrary that FL is satisﬁable. Then there exists an assignment A deﬁned on the n atomic formulas of FL and not deﬁned on L. Let A be an extension of A such that A (L) = 1. Then A models each clause of F. This is a contradiction. Since F is unsatisﬁable, so is FL . By Exercise 1.33(b), FL contains a minimal unsatisﬁable subset. Suppose we remove D1 from FL . We show that the resulting set FL − {D1 } is satisﬁable. To see this, consider the set {C, D2 , . . . , Dj , E1 , . . . , Ek }. Since this is a proper subset of F (not containing D1 ∈ F), this set must be satisﬁable. Let A be an assignment that models this set. Since A models both C and D2 , it also models their resolvent D2 . Likewise, A models each formula of FL − {D1 } and this set is satisﬁable. It follows that any minimal unsatisﬁable subset of FL must contain D1 as claimed. By the induction hypothesis, ∅ can be derived from FL by linear resolution begining with D1 as one parent. The lemma states that ∅ can be derived from F by linear resolution begining with C. We begin this derivation by taking C and D1 as parents of the resolvent D1 . Consider now the set {D1 , D2 , . . . , Dj , E1 , . . . , Ek }. Note that this set is obtained from FL by reinstating L to the clauses D2 , . . . , Dj . Since ∅ can be derived from FL by linear resolution begining with D1 , either ∅ or L can be derived after reinstating L to these clauses. If ∅ is derived, then we are done. Otherwise, if L is derived, then ∅ is obtained from L and C to successfully conclude the linear resolution. Case 2: C contains literals other than L. For this case, consider the set FL deﬁned as follows: FL = {C1 , . . . , Ci , E1 , . . . , Ek }, where each Cs is obtained by removing L from Cs ∈ C. Note that FL is equivalent to the formula obtained from F by replacing L with a tautology and L with a contradiction. As with FL , the set FL contains n atomic subformulas and we can apply our induction hypothesis to any minimal unsatisﬁable subset of FL . Claim There is a minimal unsatisﬁable subset of FL containing C1 . The set FL is unsatisﬁable for the same reason that FL is unsatisﬁable. Any assignment that models FL can be extended to an assignment that models F. Since F is unsatisﬁable, no such assignment exists.

Proof theory

133

Now suppose that we remove C1 from FL . We show that the resulting set FL − {C1 } is satisﬁable. Since F is minimal unsatisﬁable, there exists an assignment A that models every formula of F other than C. Since F is unsatisﬁable, A |= ¬C. Since A |= ¬C and L ∈ C, it must be the case that A |= L. Since A models C2 and not L, A must model the formula C2 obtained by removing L from C2 . Likewise, A models each formula in FL − {C1 }. It follows that any minimal unsatisﬁable subset of FL must contain C1 as claimed. By the induction hypothesis, ∅ can be derived from FL by linear resolution begining with C1 as one parent. The set {C1 , . . . , Ci , E1 , . . . , Ek } is obtained from FL by reinstating L to some of the clauses. Either ∅ or L can be derived from this subset of F by linear resolution begining with C = C1 . If ∅ is derived, we are done. Suppose L is derived. Consider the set {L, D1 , . . . , Dj , E1 , . . . , Ek }. If we remove L from this set, then we have a proper subset of F which must be satisﬁable. Having L in this set, however, makes it unsatisﬁable. Any assignment A that models L also models each clause of C. Since F is unsatisﬁable, so is the above set. So there exists a minimal unsatisﬁable subset of this set containing L. By case 1, ∅ can be derived from this set by linear resolution begining with L as one parent. This completes the linear resolution and the proof. So if ϕ is unsatisﬁable, then we can prove that it is unsatisﬁable using either linear resolution or N -resolution. Anything that can be proved using resolution can also be proved using either of these restricted versions of resolution. Suppose we restrict further to resolution that is both linear resolution and N -resolution. Call this LN -resolution. Question 1 Can we derive ∅ from any unsatisﬁable ϕ using LN -resolution? The answer is “no.” Consider again the example ϕ = {{A, B}, {¬A, C}, {¬B, D}, {¬C}, {¬D}}. We showed that ϕ is unsatisﬁable using both N -resolution and linear resolution. Note that neither of these derivations was by LN -resolution. In fact, ∅ cannot be derived from ϕ using LN -resolution (try it). So LN -resolution is too weak to prove everything. However, suppose we restrict our attention to Horn sentences.

134

Proof theory

Deﬁnition 3.45 Let ϕ be a sentence in SNF. If each clause in ϕ contains at most one positive literal, then ϕ is a Horn sentence. This is the same deﬁnition we gave for sentences of propositional logic in CNF. Note that ϕ in our example is not Horn since it contains the clause {A, B}. The following theorem shows that if we require ϕ in Question 1 to be a Horn sentence, then the answer becomes “yes.” Theorem 3.46 Let ϕ be a sentence in SNF. If ϕ is a Horn sentence, then ϕ is unsatisﬁable if and only if ∅ can be derived from ϕ by LN -resolution. Proof Suppose ϕ is an unsatisﬁable Horn sentence. Again by the Lifting Lemma, we may assume that ϕ is a sentence of propositional logic. Let ϕ be a minimal unsatisﬁable subset of ϕ. By Theorem 3.42, there is an N -resolution derivation of ∅ from ϕ . In particular, ϕ must contain a negative clause N . By Lemma 3.44, there exists a linear resolution derivation of ∅ begining with N . So we have D

N

D1

D2 . . .

N1 N2 . . .

Dn

Nn

∅

for some clauses D, D1 , . . . , Dn and N1 , . . . , Nn . Since ϕ is Horn, D contains at most one positive literal. It follows that N1 is contains only negative literals. Likewise, each Ni is negative and this is an LN -resolution. Clauses that contain exactly one positive literal are called deﬁnite. Note that each Di in the previous proof is necessarily deﬁnite. The positive literal in Di “cancels” with one of the negative literals in Ni yeilding the negative resolvent Ni+1 . For each Ni there may be many possibilities for Di depending on which literal in Ni we want to cancel. A selector function chooses which literal in Ni to cancel at each stage. For example, we may say cancel the leftmost literal of Ni at each stage. Or we may require that we cancel a literal that has

Proof theory

135

appeared in the most Nj for j < i. We demand only that the selector function is invariant under substitutions of variables. That is, suppose that, for a given set of negative literals N , the selector function chooses L ∈ N . Then for any substitution of variables sub, we require that the selector function chooses Lsub from N sub. Deﬁnition 3.47 SLD-resolution is LN -resolution with a selector function. The “S” stands for selector, the “L” for linear, and the “D” for deﬁnite. Example 3.48 Let ϕ = {{¬A, C}, {A, ¬B}, {B}, {¬D, ¬C}, {D, ¬E}, {E}}. We will perform SLD-resolution on ϕ twice. First, we use the “leftmost” selector function. At each stage, we underline the literal that we seek to eliminate. {D, ¬E} {E} {¬A, C} {A, ¬B} {B}

{¬D, ¬C} {¬E, ¬C} {¬C} {¬A} {¬B} ∅

Now we use the “rightmost” selector function.

{¬A, C} {D, ¬E} {A, ¬B}

{¬D, ¬C}

{E}

{¬A, ¬D} {¬E, ¬A} {¬B, ¬E}

{B}

{¬B} ∅

136

Proof theory

Theorem 3.49 Let ϕ be a sentence in SNF. If ϕ is a Horn sentence, then ϕ is unsatisﬁable if and only if ∅ can be derived from ϕ by SLD-resolution for any choice of selector function that is invariant under substitutions. Proof Since the selector function is invariant under substitutions, we may apply the Lifting Lemma and assume that ϕ is a sentence of propositional logic. By Theorem 3.46, we can derive ∅ from ϕ by LN -resolution as follows: D

N

D1

D2 . . .

N1 N2 . . .

Dn

Nn

∅

In this derivation, N is a negative clause of ϕ and D, D1 , . . . , Dn are deﬁnite clauses of ϕ. We proceed by induction on n. If n = 0, then N contains only one literal L. Any concievable selector function must choose the literal L from N (there is no other choice). So in this case, the above LN -resolution is also SLD-resolution regardless of the choice of selector function. Now suppose that n in the above derivation equals m + 1 for some integer m ≥ 0. Then there are m + 2 steps in this derivation. Suppose further that if ∅ can be derived by LN -resolution in m + 1 steps, then it can also be derived by SLD-resolution. This is our induction hypothesis. Let L be the literal of N chosen by the selector function. Then L must occur in D or some Di . If it happens to occur in D, then SLDresolution begins with the same resolvent N1 as the above LN -resolution. From this point, ∅ is derived in m + 1 steps from N1 in the the above LN -resolution. By our induction hyposthesis, it can be derived by SLDresolution. Now suppose that L is in Di for some i = 1, . . . , n. Then SLD-resolution begins by ﬁnding the resolvent N of Di and N . Consider the following two

Proof theory

137

derivation by LN -resolution: D

N

Di

D1 D2

D3 . . .

N1

D

N2

D1

N3 . . .

D2 . . .

Di

N

Ni

Di−1

Ni+1

N N1 N2 . . . Ni−1

Ni

The derivation on the left is the same as before. Since the derivation on the right also begins with N and involves precisely the same deﬁnite clauses (in a diﬀerent order) the result Ni is the same as the result Ni+1 of the derivation on the left. The derivation on the left can be continued as above to obtain ∅. Since, Ni = Ni+1 , we can conclude the derivation on the right in exactly the same manner. So, in this new derivation, we derive ∅ in the same number of steps (m+2) as before. Beginning this derivation from the second step, we see that, using LN -resolution, ∅ can be derived from {N , D, D1 , . . . , Dn } in m + 1 steps. By our induction hyothesis, we can derive ∅ from this set using SLD-resolution.

3.6 Prolog There are many conceivable ways to implement resolution into a programming language. Prolog and Otter are two examples. The language of Prolog is based on ﬁrst-order Horn logic. Otter allows far more expressions. Otter can take a set of ﬁrst-order sentences, put them into CNF, and derive consequences using resolution and other methods. Whereas Otter is used as a theorem prover for elementary mathematics and has successfully obtained new results, Prolog is primarily a search engine for databases (Prolog is closely related to Datalog). Several versions of Prolog and Otter are freely available on the internet. (Otter may be downloaded from the pages of the Mathematics and Computer Science Division of Argonne National Laboratory where it was developed.)

138

Proof theory

In this section, we give some examples of Prolog programs and discuss how Prolog uses SLD-resolution. We refer the reader to Ref. [20] for details on Otter. We begin by deﬁning the basic syntax of Prolog. We consider only a fragment of Prolog called “pure Prolog.” In pure Prolog, there are symbols for conjunction and implication, but not disjunction, negation, or equality. Lower case letters are used for relations and functions. Commas are used for conjunction and “q :- p” is used for p → q. The Horn sentence ∀x∀y((P ((x, y)) ∧ E(f (x), y) → Q(x))) is written in Prolog as q(X) :-

p(X,Y), e(f(X),Y).

Note that if this were written as a disjuntion of literals, then the literal q(x) on the left would occur as a positive literal and the literals on the right would occur as negative literals. Recall that a Horn clause is a clause that contains at most one positive literal. So in Prolog, there is at most one literal to the left of :-. If it contains no positive literal, it is called a goal clause. Otherwise, it is called a program clause. There are two varieties of program clauses. If there are no negative literals, then it is called a fact. Otherwise it is called a rule. A program in Prolog is a set of program clauses. For example, the following is a program. p(ray,ken) p(ray,sue) p(sue,tim) p(dot,jim) p(bob,jim) p(bob,liz) p(jim,tim) p(sue,sam) p(jim,sam) p(zelda,max) p(sam,max) gp(X,Y) :- p(X,Z),p(Z,Y). This program consists of 11 facts and one rule. The facts, since they contain no variables, are sentences of propositional logic. These form a database. If we interpret the predicate p(X,Y) as “X is a parent of Y,” then the facts just list pairs of parents and children. The rule deﬁnes the relation gp(X,Y) as “X is a grandparent of Y.” Using ﬁrst-order logic, we can deﬁne gp(X,Y) in a single sentence without having to list all pairs of grandparents and grandchildren.

Proof theory

139

We can ask certain questions in Prolog. Questions are presented as a list of positive literals. We use “?-” for the Prolog prompt. The following is an example of a question we may ask: ?- gp(ray,X),p(X,max) This can be interpreted as “does there exist an X such that both gp(ray,X) and p(X,max) hold?” That is, is Ray a great-grandparent of Max? Prolog will not only answer this question, it will output all values for X for which the statement is true. We describe how Prolog does this. Let P denote the set of all sentences in the program. Let Q denote the sentence ∃X(gp(ray, X) ∧ p(X, max)). Our question asked if Q is a consequence of P . That is, we want to know if P ∧ ¬Q is unsatisﬁable. Note that ¬Q is equivalent to the Horn sentence ∀X(gp(ray, X) ∧ p(X, max) → 0). In Prolog this sentence is written as :- gp(ray,X),p(X,max) which is a goal clause. Prolog proceeds with SLD-resolution on P ∪ {¬Q} using the “leftmost” selection rule. Since, ¬Q is the only negative clause of P ∪ {¬Q}, SLD-resolution must begin with this clause. Prolog searches the program for something to unify with gp(ray,X), the leftmost literal of ¬Q. Prolog searches until it ﬁnds the rule gp(X,Y) :- p(X,Z),p(Z,Y) which has a positive occurrence of gp(X,Y). Prolog computes the following resolvent: gp(X,Y) :- p(X,Z),p(Z,Y)

:- gp(ray,X),p(X,max)

gp(ray,Y) :- p(ray,Z),p(Z,Y)

:- gp(ray,Y),p(Y,max)

:- p(ray,Z),p(Z,Y),p(Y,max). Prolog then searches and ﬁnds p(ray,ken) which can be uniﬁed with the leftmost literal of the above resolvent. Prolog then calculates the resolvent p(ken,Y),p(Y,max). Searching again, Prolog ﬁnds nothing that can be uniﬁed with p(ken,Y). So this is a dead end and Prolog must backtrack. Prolog goes back to the previous step and, instead of taking p(ray,ken), proceeds down the list to p(ray,sue). After computing the resolvent, Prolog will next ﬁnd p(sue,tim). This is another dead end, and so Prolog will backtrack and take

140

Proof theory

p(sue,sam) instead. This choice yields the following SLD-resolution: gp(X,Y) :- p(X,Z),p(Z,Y)

:- gp(ray,X),p(X,max)

p(ray,sue)

:- p(ray,Z),p(Z,Y),p(Y,max)

p(sue,sam)

:- p(sue,Y),p(Y,max)

p(sam,max)

:- p(sam,max)

∅

It follows that P ∧ ¬Q is unsatisﬁable, and so Q is a consequence of P . So Prolog can give an aﬃrmative answer to our question ?- gp(ray,X),p(X,max). Moreover, by keeping track of the substitutions that were made, Prolog can output the appropriate values for X. In the ﬁrst step of the above resolution, the substitution (X/Y ) was made (as indicated by the vertical lines in the ﬁrst diagram). Later, the substitution (Y /sam) was made. So X=sam works. Prolog will backtrack again and continue to ﬁnd all values for X that work. In this example, X = sam is the only solution. Some other questions we might ask are as follows:

Input

Output

?- p(bob,liz)

yes

?- gp(X,sam)

X=ray,X=bob,X=dot

?- gp(tim,max)

no

?- p(tim,X)

no

?- p(X,Y),p(Y,max)

X=jim,X=sue,Y=sam

The output “no” means Prolog has computed all possible SLD-resolutions and did not come across ∅. Suppose now we want to know who is the grandmother of whom. We will have to add some relations to be able to ask such a question. Let gm(X,Y) mean X is the grandmother of Y . We need to add sentences to the program that deﬁne this relation. One way is to list as facts all pairs for which gm holds. This is how the relation p was deﬁned in the original program. But this defeats the point. If we could produce such a list, then we would not need to ask Prolog the question. Another way is to introduce a unary relation f(X) for “female.” The following rule deﬁnes gm. gm(X,Y) :- gp(X,Y),f(X)

Proof theory

141

But now we need to deﬁne f(X). We do this by adding the following facts to the program: f(dot) f(sue) f(liz) f(zelda). We can now ask the question ?- gm(X,Y) to which Prolog responds X=dot,Y=tim X=dot,Y=sam X=sue,Y=max. There is one caveat that must be mentioned. Prolog does not use the Uniﬁcation algorithm as we stated it. This algorithm is not polynomial time. Recall that, to unify a set of literals, we look at the symbols one-by-one until we ﬁnd a discrepancy. If this discrepancy involves a variable and a term that does not include the variable, then we substitute the term for that variable and proceed. We must check that the variable does not occur in the term. This checking procedure can take exponentially long. Prolog avoids this problem simply by not checking. Because it excludes a step of the Uniﬁcation algorithm, Prolog may generate incorect answers to certain queries. This is a relatively minor problem that can be avoided in practice. Example 3.50 Consider the program consisting of the fact p(X,X) and the rule q(a) :- p(f(X),X). If we ask ?- q(a), then Prolog will output the incorrect answer of “yes.” Since it fails to check whether X occurs in f(X), Prolog behaves as though p(X,X) and p(f(X),X) are uniﬁable. In “pure Prolog,” we have been ignoring many features of Prolog. Prolog has many built in relation and function symbols. “Impure Prolog” includes is(X,Y) which behaves like X = Y . It also has binary function symbols for addition and multiplication. A complete list of all such function and relations available in Prolog would take several pages. We merely point out that we can express equations and do arithmetic with Prolog. So we can answer questions regarding the natural numbers using Prolog. There are three limitations to this. One is the before mentioned caveat regarding the Uniﬁcation algorithm. Another limitation is that Prolog uses Horn clauses. This is a restrictive language (try phrasing Goldbach’s conjecture from

142

Proof theory

Exercise 2.8 as a goal clause for some Prolog program). Third, suppose that Prolog was capable of carrying out full resolution for ﬁrst-order logic (as Otter does). Since resolution is complete, it may seem that we should be able to prove every ﬁrst-order sentence that is true of the natural numbers. This is not the case. Even if we had a computer language capable of implementing all of the methods discussed in this chapter, including formal proofs, Herbrand theory, and resolution, there would still exist theorems of number theory that it would be incapable of proving. This is a consequence of G¨odel’s incompleteness theorems that are the topic of Chapter 8.

Exercises 3.1.

Let ϕ be a V-sentence and let Γ be a set of V-sentences such that Γ ϕ. Show that there exists a derivation ϕ from Γ that uses only V-formulas.

3.2.

Let Γ be a set of V-sentences. Show that the following are equivalent: (i) For every universal V-formula ϕ, there exists an existential Vformula ψ such that Γ ϕ ↔ ψ.

3.3.

(ii)

For every V-formula ϕ, there exists an existential V-formula ψ such that Γ ϕ ↔ ψ.

(iii)

For every existential V-formula ϕ, there exists an universal Vformula ψ such that Γ ϕ ↔ ψ.

(iv)

For every V-formula ϕ, there exists a universal V-formula θ such that Γ ϕ ↔ θ.

Let Γ be a set of V-sentences. Show that the following are equivalent: (i) For every quantiﬁer-free V-formula ϕ(x1 , . . . , xn , y) (for n ∈ N), there exists a quantiﬁer-free V-formula ψ(x1 , . . . , xn ) such that Γ ∃yϕ(x1 , . . . , xn , y) ↔ ψ(x1 , . . . , xn ). (ii)

For every formula ϕ(x1 , . . . , xn ) (for n ∈ N), there exists a quantiﬁer-free formula θ(x1 , . . . , xn ) such that Γ ϕ(x1 , . . . , xn ) ↔ θ(x1 , . . . , xn ).

3.4.

Complete the proof of Theorem 3.4 by verifying the soundness of ∀-Distribution.

3.5.

Verify each of the following by providing a formal proof: (a) {∃x∀yϕ(x, y)} ∀y∃xϕ(x, y) (b) {∀x∃y∀zψ(x, y, z)} ∃x∀z∃yψ(x, y, z) (c)

{∃x∀y∃z∀wθ(x, y, z, w)} ∀y∃x∀w∃zθ(x, y, z, w).

Proof theory

3.6.

143

Verify that the following pairs of formulas are provably equivalent by sketching formal proofs: (a) ∃x∃yϕ(x, y) and ∃y∃xϕ(x, y). (b) ∀x∃y∃zψ(x, y, z) and ∀x∃z∃yψ(x, y, z). (c)

∃x1 ∀x2 ∀x3 ∃x4 ∃x5 ∃x6 θ(x1 , x2 , x3 , x4 , x5 , x6 ) and ∃x1 ∀x3 ∀x2 ∃x6 ∃x5 ∃x4 θ(x1 , x2 , x3 , x4 , x5 , x6 ).

3.7.

Let x and y be variables that do not occur in the formula ϕ(z). Show that ∃xϕ(x) and ∃yϕ(y) are provably equivalent by giving formal proofs.

3.8.

Show that ∀x(ϕ(x) ∧ ψ(x)) and ∀xϕ(x) ∧ ∀xψ(x) are provably equivalent by providing formal proofs.

3.9.

(a)

Show that {∃x(ϕ(x) ∧ ψ(x))} ∃xϕ(x) ∧ ∃xψ(x).

(b)

Show that the sentences ∃x(ϕ(x) ∧ ψ(x)) and ∃xϕ(x) ∧ ∃xψ(x) are not provably equivalent.

3.10. Show that ∃x(ϕ(x) ∨ ψ(x)) and ∃xϕ(x) ∨ ∀xψ(x) are provably equivalent by providing formal proofs. 3.11. (a) (b)

Show that {∀xϕ(x) ∨ ∀xψ(x)} ∀x(ϕ(x) ∨ ψ(x)). Show that the sentences ∀x(ϕ(x) ∨ ψ(x)) and ∀xϕ(x) ∨ ∀xψ(x) are not provably equivalent.

3.12. Let Vgp be the vocabulary {+, 0} where + is a binary function and 0 is a constant. We use the notation x + y to denote the term +(x, y). Let Γ be the set consisting of the following three Vgp -sentences from Exercise 2.5: ∀x∀y∀z(x + (y + z) = (x + y) + z) ∀x((x + 0 = x) ∧ (0 + x = x)) ∀x∃y(x + y = 0) ∧ ∃z(z + x = 0) (a) Show that Γ ∀x∀y∀z(x + y = x + z → (y = z)). (b) Show that Γ ∀x(∀y(x + y = y) → (x = 0)). (c)

Show that Γ ∀x∃y∀z((x + y = 0) ∧ (z + x = 0)) → (y = z).

3.13. Complete the proof of Proposition 3.13 by deriving ∃xϕ(x) ∧ ∃xψ from ∃x(ϕ(x) ∧ ψ). 3.14. Verify that ∀x∃y(f (x) = y) is a tautology by giving a formal proof. 3.15. Complete the proof of Proposition 3.15. 3.16. For each n ∈ N, let Φn be the sentence ∃x1 · · · ∃xn xi = xj i=j

asserting that there exist at least n elements.

144

Proof theory

Let ϕ1 be the sentence ∀x∀y((f (x) = f (y)) → (x = y)) saying that f is one-to-one and let ϕ2 be the sentence ∀y∃x(f (x) = y) saying that f is onto. Show that {ϕ1 , ϕ2 , Φn } Φn+1 by giving a sketch of a formal proof. 3.17. For each n ∈ N, let Φn be as deﬁned in the previous exercise. Consider the following three sentences: ∀x∀y((x < y) → ¬(x = y))) ∀x∀y∀z(((x < y) ∧ (y < z)) → (x < z)) ∀x∀y((x < y) → ∃z((x < z) ∧ (z < y))). Each of these sentences hold in any structure that interprets < as a dense linear order (such as Q< = (Q| <) or R< = (R| <)). Let ψ1 , ψ2 and ψ3 denote these three sentences in the order they are given. (a) Show that {ψ1 , ψ2 , ψ3 , Φn } Φn+1 . (b)

Show that it is not the case that {ψ1 , ψ3 , Φn } Φn+1 .

3.18. For each of the following formulas, ﬁnd an equivalent formula in Conjunctive Prenex Normal Form. Note that each of these formulas have x and y as free variables. (a) ¬∃zQ(x, y, z) ∨ ∀z∃wP (w, x, y, z) (b) ∀z(R(x, z) ∧ R(x, y) → ∃w(R(x, w) ∧ R(y, w) ∧ R(z, w))) (c)

∃z(S(y, z) ∧ ∃y(S(z, y) ∧ ∃z(S(x, z) ∧ (S(z, y))))).

3.19. Find the Skolemization of each of the formulas in the previous exercise. 3.20. Under what conditions on ϕ will the Skolemization ϕS be equivalent to ϕ? 3.21. Let V be the vocabulary {f , P } consisting of a unary function f and a unary relation P . Let ϕ be the formula ∀x(P (x) → P (f (x)) ∧ ∃xP (x) ∧ ∃x¬P (x)). (a)

Show that ϕ does not have a Herbrand model.

(b)

Find a Herbrand model for the Skolemization ϕs .

3.22. Let ϕ1 and ϕ2 be the sentences in the vocabulary {f } deﬁned in Exercise 3.16. Show that ϕ1 has a Herbrand model, but neither ϕ2 nor the Skolemization of ϕ2 has a Herbrand model.

Proof theory

145

3.23. Let ϕ(x) be a formula that is both quantiﬁer-free and equality-free. Show that ∃xϕ(x) is a tautology if and only if ϕ(t1 ) ∨ ϕ(t2 ) ∨ · · · ∨ ϕ(tn ) is a tautology for some n ∈ (N ) and terms ti in the Herbrand universe for ϕ. 3.24. Use the Herbrand method to show that the following sentence is not satisﬁable: ∀x¬R(x, x) ∧ ∀xR(x, f (x))∧ ∃x∀y(R(x, y) → R(f (x), y)). 3.25. A ﬁrst-order sentence is a Horn sentence if it is in SNF and each clause contains at most one positive literal. Describe a polynomial-time algorithm that determines whether or not a given Horn sentence is satisﬁable. (Use the Herbrand method and the Horn algorithm from Section 1.7.) 3.26. Is the following set of literals uniﬁable? {Q(f (g(w), h(x)), y, f (z, a)), Q(f (y, h(x)), g(w), f (g(w), x)), Q(f (g(z), h(a)), z, f (y, x))}. If so, give the most general uniﬁer and another uniﬁer that is not most general. 3.27. Is the following set of literals uniﬁable? {R(f (x), g(z)), R(y, g(x)), R(v, w), R(w, g(x))}. If so, give the most general uniﬁer and another uniﬁer that is not most general. 3.28. (a)

Using the Uniﬁcation algorithm, ﬁnd a most general uniﬁer for the set {R(x, y, z), R(f (w, w), f (x, x), f (y, y)}.

(b)

Now consider the set {R(x1 , . . . , xn+1 ), R(f (x0 , x0 )), . . . , f (xn , xn )}. Given this set as input, how many steps will it take the Uniﬁcation algorithm to halt and output a most general uniﬁer? Is this algorithm polynomial time?

3.29. Use resolution to prove that the following are tautologies: (a) (∃x∀yQ(x, y) ∧ ∀x(Q(x, x) → ∃yR(y, x))) → ∃y∃xR(x, y) (b) (∃x∀yR(x, y)) ↔ (¬∀x∃y¬R(x, y)) (c)

(∀x((P (x) → Q(x)) → ∀yR(x, y)) ∧ ∀y(¬R(a, y) → ¬P (a))) → R(a, b).

3.30. Let VE be the vocabulary {E} consisting of one binary relation. Let Γ be the set consisting of the following three VE -sentences from Example 2.27. ∀xE(x, x) ∀x∀y(E(x, y) → E(y, x)) ∀x∀y∀z((E(x, y) ∧ E(y, z) → E(x, z))).

146

Proof theory Using resolution, derive ∀x(E(x, y) ↔ E(x, z)) from Γ ∪ {∃x(E(x, y) ∧ E(x, z))}. (First put these sentences in SNF.)

3.31. Refer to the proof of Lemma 3.44. (a) Show that if C = {L}, then C = {C}. (b)

Show that if C = {L}, then FL is minimal unsatisﬁable.

3.32. P-resolution is the reﬁnement of resolution that requires that one parent contains only positive literals. Let ϕ be a sentence in SNF. Show that ϕ is unsatisﬁable if and only if ∅ can be derived from ϕ by P -resolution. 3.33. T-resolution is the reﬁnement of resolution that requires that neither parent is a tautology. Let ϕ be a sentence in SNF. Show that ϕ is unsatisﬁable if and only if ∅ can be derived from ϕ by T -resolution. 3.34. Let F be a formula of propositional logic in CNF. Let A be an assignment deﬁned on the atomic subformulas of F . Let A-resolution be the reﬁnement of resolution that requires that A(C) = 0 for one parent C. Show that F is unsatisﬁable if and only if ∅ can be derived from F by A-resolution. 3.35. Let F be a formula of propositional logic in CNF. Suppose that the atomic subformulas of F are among {A, B, C, . . . , X, Y , Z}. Let alphabeticalresolution be the reﬁnement of resolution having the following requirement. We only allow the resolvent R of C1 and C2 if there exists an atomic subformula of both C1 and C2 that precedes every atomic subformula of R alphabetically. Show that F is unsatisﬁable if and only if ∅ can be derived from F by alphabetical-resolution.

4

Properties of ﬁrst-order logic

We show that ﬁrst-order logic, like propositional logic, has both completeness and compactness. We prove a countable version of these theorems in Section 4.1. We further show that these two properties have many useful consequences for ﬁrst-order logic. For example, compactness implies that if a set of ﬁrst-order sentences has an inﬁnite model, then it has arbitrarily large inﬁnite models. To fully understand completeness, compactness, and their consequences we must understand the nature of inﬁnite numbers. In Section 4.2, we return to our discussion of inﬁnite numbers that we left in Section 2.5. This digression allows us to properly state and prove completeness and compactness along with the Upward and Downward L¨ owenheim–Skolem theorems. These are the four central theorems of ﬁrst-order logic referred to in the title of Section 4.3. We discuss consequences of these theorems in Sections 4.4–4.6. These consequences include amalgamation theorems, preservation theorems, and the Beth Deﬁnability theorem. Each of the properties studied in this chapter restrict the language of ﬁrstorder logic. First-order logic is, in some sense, weak. There are many concepts that cannot be expressed in this language. For example, whereas ﬁrst-order logic can express “there exist n elements” for any ﬁnite n, it cannot express “there exist countably many elements.” Any sentence having a countable model necessarily has uncountable models. As we previously mentioned, this follows from compactness. In the ﬁnal section of this chapter, using graphs as an illustration, we discuss the limitations of ﬁrst-order logic. Ironically, the weakness of ﬁrstorder logic makes it the fruitful logic that it is. The properties discussed in this chapter, and the limitations that follow from them, make possible the subject of model theory. All formulas in this chapter are ﬁrst-order unless stated otherwise.

4.1 The countable case Many of the properties of ﬁrst-order logic, including completeness and compactness, are consequences of the following fact: Every model has a theory and every theory has a model. Recall that a set of sentences is a “theory” if it is consistent (i.e. if we cannot derive a contradiction). “Every theory has a model” means that if a set

148

Properties of ﬁrst-order logic

of sentences is consistent, then it is satisﬁable. Recall too that, for any V-structure M , the “theory of M ,” denoted T h(M ), is the set of all V-sentences that hold in M . “Every model has a theory” asserts that T h(M ) is consistent. Put another way, the above fact states that any set of sentences Γ is consistent if and only if it is satisﬁable. In this section, we prove this fact for countable Γ and derive countable versions of completeness and compactness. Proposition 4.1 Let Γ be a set of sentences. If Γ is satisﬁable then Γ is consistent. Proof If Γ is satisﬁable then M |= Γ for some structure M . By Theorem 2.86, T h(M ) is a complete theory. In particular, T h(M ) is consistent. Since Γ is a subset of T h(M ), Γ is consistent. Now consider the converse. If Γ is consistent, then it is satisﬁable. One way to prove this is to demonstrate a model for Γ. Since Γ is an arbitrary set of sentences, this may seem to be a daunting task. However, there exists a remarkably elementary way to construct such a model. We use a technique known as a Henkin construction. This versatile technique will be utilized again in Sections 4.3 and 6.2. Theorem 4.2 Let Γ be a countable set of sentences. If Γ is consistent then Γ is satisﬁable. Proof Suppose Γ is consistent. We will demonstrate a structure that models Γ. Let V be the vocabulary of Γ. Let V + = V ∪ {c1 , c2 , c3 , . . .}, where each ci is a constant that does not occur in V. We let C denote the set {c1 , c2 , c3 , . . .}. Since both V and C are countable, so is V + (by Proposition 2.43). We shall deﬁne a complete V + -theory T + with the following properties. Property 1 Every sentence of Γ is in T + . Property 2 For every V + -sentence in T + of the form ∃xθ(x), the sentence θ(ci ) is also in T + for some ci ∈ C. The second property allows us to ﬁnd a model M + of T + . By the ﬁrst property, M + is also a model of Γ. If we can deﬁne such T + and M + , then this will prove the theorem. We deﬁne T + in stages. Let T0 be Γ. Enumerate the set of all V + -sentences as {ϕ1 , ϕ2 , . . .}. This is possible since the set of V + -sentences is countable (by Proposition 2.47). Suppose that, for some m ≥ 0, Tm has been deﬁned in such a way that Tm is consistent and only ﬁnitely many of the constants in C occur in Tm . To deﬁne Tm+1 , consider the sentence ϕm+1 . There are two cases: (a) If Tm ∪ {¬ϕm+1 } is consistent, then deﬁne Tm+1 to be Tm ∪ {¬ϕm+1 }.

Properties of ﬁrst-order logic

149

(b) If Tm ∪{¬ϕm+1 } is not consistent, then Tm ∪{ϕm+1 } is consistent. We divide this case into two subcases: (i) If ϕm+1 does not have the form ∃xθ(x) for some formula θ(x), then just let Tm+1 be Tm ∪ {ϕm+1 }. (ii) Otherwise ϕm+1 has the form ∃xθ(x). In this case let Tm+1 be Tm ∪ {ϕm+1 }∪{θ(ci )}, where i is such that ci does not occur in Tm ∪{ϕm+1 }. So given Tm which is consistent and uses only ﬁnitely many constants from C, we have deﬁned Tm+1 . In any case, Tm+1 is obtained by adding at most two sentences to Tm . Since Tm uses only ﬁnitely many constants from C, so does Tm+1 . Moreover, we claim that Tm+1 is consistent. Claim Tm+1 is consistent. Proof of Claim If Tm+1 is as in (a) or (b)(i), then Tm+1 is consistent by its deﬁnition. So assume that Tm+1 is as in part (ii) of (b). We know that Tm ∪ {ϕm+1 } is consistent. Suppose for a contradiction that Tm+1 = Tm ∪ {ϕm+1 } ∪ {θ(ci )} is inconsistent. Then we have Tm ∪ {ϕm+1 } ¬θ(ci ). Since ci does not occur in Tm ∪ {ϕm+1 } we have Tm ∪ {ϕm+1 } ∀x¬θ(x)

by ∀-Introduction.

Since ϕm+1 is the formula ∃xθ(x), we have Tm ∪ {ϕm+1 } ∃xθ(x)

by Assumption.

By the deﬁnition of ∀ we have Tm ∪ {ϕm+1 } ¬∀x¬θ(x). We see that we can derive both ∀x¬θ(x) and its negation from Tm ∪{ϕm+1 }. This contradicts our assumption that Tm ∪{ϕm+1 } is consistent. Our supposition that Tm+1 is inconsistent must be incorrect. We conclude that Tm+1 , like Tm , is consistent. Recall that T0 is Γ which is consistent and uses no variables from C. We can apply the above deﬁnition of Tm+1 with m = 0 to get T1 . By the claim, T1 is also consistent and it uses at most ﬁnitely many constants from C. And so we can again apply the deﬁnition of Tm+1 , this time with m = 1. This process generates the sequence T0 ⊂ T1 ⊂ T2 , . . . . We now deﬁne the V + -theory T + . Let T + be the set of all V + -sentences ϕ that occur in Ti for some i. Put another way, T + is the union of all of the Ti s.

150

Properties of ﬁrst-order logic

Put yet another way T + is the limit of the sequence T0 , T1 , T2 , . . . If we continue this process forever, then T + is the end result. We must verify that T + has all of the desired properties. First of all, + T is consistent. To see this, let ∆ be any ﬁnite subset of T + . Then ∆ is a subset of Tm for some m. Since Tm is consistent, so is ∆. So every ﬁnite subset of T + is consistent. If T + were inconsistent, then we could derive a contradiction from T + . Since formal proofs are ﬁnite, we could derive a contradiction from a ﬁnite subset of T + . Since every ﬁnite subset of T + is consistent, so is T + . So T + is a theory. We next show that T + is a complete theory. Let ϕ be an arbitrary V + -sentence. Then ϕ is ϕi for some i. Since either ϕi or ¬ϕi is in Ti ⊂ T + , T + is complete. Finally, we must show that T + has Properties 1 and 2. Since T0 = Γ, every sentence of Γ is in T + . So T + has Property 1. To show that T + has Property 2, let ∃xθ(x) be a V + -sentence in T + . This sentence is ϕm+1 for some m. Since this sentence is in T + , Tm ∪ {¬ϕm+1 } is inconsistent. In this case, Tm+1 is deﬁned as Tm ∪ {ϕm+1 } ∪ {θ(ci )} for some constant ci . So θ(ci ) is in T + and T + has Property 2. Having successfully deﬁned T + , we next deﬁne a V + -structure M + that models T + . The underlying set U + of M + is a set of variable-free V + -terms. Let t1 and t2 be two V + -terms that do not contain variables. We say t1 and t2 are the “same” if T + says they are. That is, t1 and t2 are the same if and only if T + t1 = t2 . (Note that, since T + is complete, either T + t1 = t2 or T + ¬(t1 = t2 ).) Let U + be such that every variable-free V + -term is the same as some term in U + and no two terms of U + are the same. So if t1 and t2 are the same, then U + does not contain both of them,it contains exactly one term that is the same as these terms. To complete our description of M + , we must say how M + interprets V + . Since the elements of U + are V + -terms, there is a natural interpretation. For any constant c ∈ V + , there exists a unique term t ∈ U + such that T + t = c. The structure M + interprets the constant c as the element t in its underlying set. Moreover, M + interprets the relations and functions of V + in the manner described by T + . More precisely, • for any n-ary relation R ∈ V + and any n-tuple t¯ of elements from U + , M + |= R(t¯) if and only if T + R(t¯), and • for any n-ary function f ∈ V + , any element s ∈ U + , and any n-tuple t¯ of elements in U + , M + |= f (t¯) = s if and only if T + f (t¯) = s. This completes our description of M + .

Properties of ﬁrst-order logic

151

Claim For any V + -sentence ϕ, M + |= ϕ if and only if T + ϕ. Proof Since every ﬁrst-order sentence is equivalent to a sentence that uses only the ﬁxed symbols ¬, ∧, ∃, and = (and neither ∨, ←, ↔, nor ∀), we may assume with no loss of generality that these are the only ﬁxed symbols occurring in ϕ. We proceed by induction on the total number of occurrences of ¬, ∧, and ∃ in ϕ. If ϕ has no occurrences of these three ﬁxed symbols, then ϕ must be atomic. In this case, M + |= ϕ if and only if T + ϕ by the deﬁnition of M + . Suppose now that ϕ has a total of m + 1 occurrences of ¬, ∧, and ∃. Our induction hypothesis is that the claim holds for any sentence having m or fewer occurrences of these symbols. If ϕ has the form ψ ∧ θ, then T + ϕ if and only if both T + ψ and T + θ (since T + is a complete theory). By our induction hypothesis, this happens if and only if M + models both ψ and θ and, therefore, ϕ as well. If ϕ has the form ¬ψ, then T + ϕ if and only if ψ is not in T + (since T + is a complete theory). By our induction hypothesis, this happens if and only if M + does not model ψ. By the semantics of ¬, M + does not model ψ if and only if M + |= ϕ. Lastly, suppose that ϕ has the form ∃xθ(x). By Property 2 and our deﬁnition of U + , T + ϕ if and only if T + θ(s) for some term s in U + (since T + is a complete theory). By our induction hypothesis, T + θ(s) if and only if M + |= θ(s). Finally, by the semantics of ∃, M + |= θ(s) for some term s ∈ U + if and only if M + |= ϕ. This completes the proof of the claim. It follows from this claim that M + |= T + . Hence, we have demonstrated a model for Γ as was required. Corollary 4.3 Let Γ be a countable set of formulas. If Γ is consistent, then Γ has a countable model. Proof The structure M + from the proof of Theorem 4.2 is countable. The following corollary is a countable version of the Compactness theorem for ﬁrst-order logic. Corollary 4.4 A countable set of formulas is satisﬁable if and only if every ﬁnite subset is satisﬁable. Proof Let Γ be a countable set of formulas. We prove that Γ is unsatisﬁable if and only if there exists a ﬁnite subset of Γ that is unsatisﬁable. Clearly, if there exists a ﬁnite subset of Γ that is not satisﬁable, then Γ is not satisﬁable either. So suppose Γ is not satisﬁable. By Theorem 4.2, Γ is inconsistent. That is, Γ ⊥

152

Properties of ﬁrst-order logic

for some contradiction ⊥. Since formal proofs are ﬁnite, ∆ ⊥ for some ﬁnite subset ∆ of Γ. By Theorem 3.4, ∆ |=⊥ and ∆ is unsatisﬁable. The following corollary is a countable version of the Completeness theorem for ﬁrst-order logic. Corollary 4.5 For any countable set of formulas Γ, Γ ϕ if and only if Γ |= ϕ. Proof If Γ ϕ, then Γ |= ϕ by Theorem 3.4. Conversely, suppose that Γ |= ϕ. Then Γ ∪ {¬ϕ} is unsatisﬁable. By Theorem 4.2, Γ ∪ {¬ϕ} is inconsistent. That is, Γ ∪ {¬ϕ} ⊥ for some contradiction ⊥. By Contrapositive, Γ ∪ {T } ¬¬ϕ, where T is the tautology ¬ ⊥. Finally, Γϕ by the Tautology rules and Double negation. All of the results of this section can be extended to include uncountable sets of sentences. We state and prove both the Compactness theorem and the Completeness theorem in their full generality in Section 4.3. This requires familiarity with cardinal numbers.

4.2 Cardinal knowledge We return to our discussion of inﬁnite sets. In Section 2.5, we deﬁned what it means for two sets to have the “same size.” We now introduce numbers to represent the size of a set. These numbers are called cardinals and the size of a set is called the cardinality of the set. If a set is ﬁnite, then its size is some natural number (or zero if the set is empty). So each natural number is a cardinal. The Hebrew letter ℵ (aleph) is used with subscripts to denote inﬁnite cardinals. The smallest inﬁnite cardinal is ℵ0 . This is the cardinality of the set N and, therefore, of every countably inﬁnite set. The cardinality of set A is denoted |A|. In Section 2.5 we made the assumption that for any sets A and B, either |A| ≤ |B| or |B| ≤ |A|. This assumption allows us to list the cardinals in ascending order as follows: 0, 1, 2, 3, . . . , ℵ0 , ℵ1 , ℵ2 , . . .

Properties of ﬁrst-order logic

153

The cardinals ℵ1 , ℵ2 , and beyond are uncountable cardinals. We showed that the set of real numbers is uncountable in Section 2.5. This raises a new question: where in the above list does |R| fall? Is it equal to ℵ1 or some other uncountable cardinal? We address this question and state some surprising results at the end of the present section. As we shall see, it is possible that the cardinality of the reals is bigger than ℵn for each natural number n. The above list of cardinals is only a partial list. To extend this list we must discuss ordinal numbers. 4.2.1 Ordinal numbers. There are two types of numbers: cardinals and ordinals. Whereas cardinals regard quantity, ordinals regard the length of an ordered list. The diﬀerence between cardinals and ordinals is the diﬀerence between 7 and 7th. This distinction is mere pedantry for ﬁnite numbers. For inﬁnite numbers, however, the distinction between cardinals and ordinals is essential. Example 4.6 Consider the following ordered lists of natural numbers: A = {1, 2, 3, . . .} B = {2, 3, 4, . . .} ∪ {1} C = {3, 4, 5, . . .} ∪ {1, 2} D = {1, 3, 5, 7, . . .} ∪ {2, 4, 6, 8, . . .}. As sets, each of these is identical to N. The cardinality of each of these sets is ℵ0 . However, the order in which these sets are listed diﬀers. In B, the number 1 follows inﬁnitely many numbers. In this sense, B is longer than A. Likewise C is longer than B and D is the longest of the four lists. Ordinal numbers recognize this distinction. The ordinal number ω describes the length of the natural numbers with the usual order. So ω describes the ordered set A. The length of B is denoted ω +1. Likewise, the ordinal ω +2 describes C. Finally, the ordinal representing the length of D is ω + ω. Whereas every set has a cardinality, not every set has an ordinality. Ordinality is deﬁned only for sets that are well ordered. A linearly ordered set is a set X with a binary relation < so that 1. for all a and b in X, exactly one of the following hold: either a < b, b < a, or a = b, and 2. for all a, b and c in X, if a < b and b < c then a < c. That is, a linearly ordered set is a set equipped with a notion of “less than” by which any two nonequal elements can be compared. A well-ordered set is a linearly ordered set that is ordered in such a way that every nonempty subset has a least element.

154

Properties of ﬁrst-order logic

Example 4.7 The natural numbers N with the usual ordering is a well ordered set. Any given set of natural numbers must contain a smallest number. The rational numbers Q with the usual ordering is a linearly ordered set that is not well ordered. To see this, consider the set {1/n | n ∈ N}. This subset of the rational numbers does not contain a smallest element. Any ﬁnite linearly ordered set is well ordered. The ordinality of a ﬁnite set does not depend on the particular order of the set. If ten people are standing in a queue, then, regardless of their arrangement, one thing is certain: the tenth person is last. As Example 4.6 demonstrates, the same cannot be said for inﬁnite sets. Deﬁnition 4.8 Let A be a ﬁnite well ordered set. The ordinality of A is the same as the cardinality of the set. So the ordinals, listed in ascending order, begin with the ﬁnite ordinals 0, 1, 2, 3, . . . . To continue the list we apply the following rule. Given any nonempty set of ordinals, there exists a least ordinal greater than each ordinal in that set. All ordinals are generated by repeated application of this single rule. The least ordinal greater than each ﬁnite ordinal is denoted by the Greek letter ω (omega). So ω is the smallest inﬁnite ordinal. This is the ordinality of N with the usual ordering. The least ordinal greater than ω is denoted ω + 1. The least ordinal greater than ω + 1 is ω + 2. These ordinals were illustrated in Example 4.6. For any ordinal α, the least ordinal greater than α is called the successor of α and is denoted α + 1. Let A be a well ordered set having ordinality α. Then α + 1 is the ordinality of the well ordered set A ∪ {b} where b is a new element (not in A) that is greater than each element of A. Every ordinal has a successor, but not every ordinal has an immediate predecessor. An ordinal that has an immediate predecessor is called a successor ordinal. A nonzero ordinal that is not the successor of any ordinal is called a limit ordinal. For example, ω is the smallest limit ordinal. The ordinals have a natural order. For any ordinal α, the successor of α and all subsequent ordinals are greater than α. We let < denote this order and refer to this as the usual order for the ordinals. Proposition 4.9 Any set of ordinals with the usual order is a well ordered set. Proof Let A be a set of ordinals. It is clear that A is a linearly ordered set. To show that it is a well ordered set, we must show that any nonempty subset X of A contains a least element. If X happens to contain 0, then X certainly has a least element. So suppose that 0 ∈ X. Let L be the set of all ordinals that are

Properties of ﬁrst-order logic

155

less than every ordinal in X. Since 0 ∈ X, L is nonempty. So there exists a least ordinal greater than each ordinal in L. This is the least ordinal in X. Since the set of all ordinals less than α is well ordered, it has an ordinality. We naturally deﬁne the ordinality of this set to be α. For example, the set {0, 1, 2, 3} of ordinals less than 4 has ordinality (and cardinality) 4. More generally, we now deﬁne the ordinality of an arbitrary well ordered set. Deﬁnition 4.10 The well ordered set A has ordinality α if there exists a one-toone correspondence f from A onto the set {β | β < α} that preserves the order. By “preserves the order” we mean that, for any x and y in A, x < y if and only if f (x) < f (y). This is an unambiguous deﬁnition of ordinality that agrees with all of the facts we have previously stated about ordinality. (In particular, the reader can verify the ordinalities stated in Example 4.6.) The ordinal α is identiﬁed with the set {β | β < α}. Clearly, any ordinal α uniquely determines the set {β | β < α}. Conversely, given {β | β < α}, we can deﬁne α as the least ordinal greater than each ordinal in this set. In light of this association, we consider α and {β | β < α} to be interchangeable entities. So the ordinal 4 is the set {0, 1, 2, 3}. The purpose of this is to facilitate our notation. In particular, we write |α| to denote the cardinality of the set {β | β < α}. We refer to α as being countable or uncountable depending on whether |α| is countable or uncountable. Whereas there is only one countably inﬁnite cardinal, there are many countably inﬁnite ordinals (see Exercise 4.21). We proceed now to list some countable ordinals. The ﬁrst ordinal is 0. After 0, we have the successors 1,2,3. . . followed by the limit ordinal ω. This is then followed by ω + 1, ω + 2, ω + 3, and so forth. The least ordinal greater than each ordinal in the set {ω + n | n ∈ N} is the limit ordinal ω + ω also known as ω · 2. This has successor ω · 2 + 1 which has successor ω · 2 + 2. Continuing in this manner we arrive at the limit ordinals ω · 3, ω · 4, and so forth. The least ordinal greater than each ordinal in the set {ω · n | n ∈ N} is the ordinal ω · ω also known as ω 2 . Likewise, ω 3 , ω 4 , and the limit ω ω are each ω ordinals as are ω ω and ω ωω

ωω

ω

.

Each of these ordinals is countable. The least ordinal greater than each countable ordinal is denoted ω1 . The cardinal ℵ1 is deﬁned as |ω1 |. Likewise, ω2 denotes the least ordinal greater than each ordinal of cardinality ℵ1 . We deﬁne ℵ2 as |ω2 |. Whereas ℵ2 is the cardinal immediately following ℵ1 , ω2 does not immediately follow ω1 . Rather, ω1 is followed by ω1 + 1, ω1 + 2, and so forth. The list of ordinals cannot be exhausted. Given any set of ordinals, there exist ordinals greater than all of those in that set. So it is nonsense to speak

156

Properties of ﬁrst-order logic

of the totality of all ordinals. When we refer to the list of ordinals, it should be understood that this is not a complete list. There necessarily exist ordinals beyond those in any list, no matter how extensive. In particular, we forbid ourselves from referring to the set (or list) of all ordinals. Although it is alluring terminology, “the set of all ordinals” does not make sense. We conclude our discussion of ordinal numbers by introducing the Well Ordering Principle. Consider the set Q. With its usual order, this set does not have an ordinality. As demonstrated in Example 4.7, this is not a well ordered set. With another order, however, Q is a well ordered set. Since Q has the same size as N, we can enumerate Q as {q1 , q2 , q3 , . . .}. The rational numbers with this order has ordinality ω. As Example 4.6 shows, Q may have diﬀerent ordinalities when arranged in a diﬀerent order. Likewise, we can impose a well ordering on any set. This is the Well Ordering Principle Proposition 4.11 (Well Ordering Principle) Any set X can be enumerated as {xβ | β < α} for some ordinal α. Moreover, we may require that α be the least ordinal such that |α| = |X|. Proof First we show that there exists an order < that makes X a well ordered set. Since there exist arbitrarily large ordinals, there exists an ordinal γ with |X| ≤ |γ|. By the deﬁnition of |X| ≤ |γ|, there exists a one-to-one function f from X into {β | β < γ}. For any x and y in X, we deﬁne x < y to mean f (x) < f (y). Since {β|β < γ} is well ordered, so is X with this order. Let α be the ordinality of this well ordered set. Now consider the set of all ordinals δ with |δ| = |X|. Since it contains α , this is a nonempty set of ordinals. By Proposition 4.9, there exists a least ordinal α in this set. Since |α| = |X|, there exists (by Theorem 2.39), a one-to-one correspondence g from {β|β < α} onto X. For each ordinal β < α, let xβ denote g(β). This provides the required enumeration {xβ |β < α} of X. The Well Ordering Principle is in fact equivalent to the statement that every set has a cardinality. It is also equivalent to our earlier assumption that, for any sets A and B, either |A| ≤ |B| or |B| ≤ |A|. Each of these statements is equivalent to an axiom of mathematics known as the Axiom of Choice. This axiom can be stated as follows: the Cartesian product of nonempty sets is nonempty. We view this as a reasonable axiom and employ it without further comment. 4.2.2 Cardinal arithmetic. The list of cardinal numbers begins with 0, 1, 2, 3, . . . , ℵ0 , ℵ1 , ℵ2 , . . . We extend this list indeﬁnitely by using ordinal numbers as subscripts. We deﬁne the inﬁnite cardinals by induction on the ordinals. Prior to stating this deﬁnition, we discuss what we mean by “induction on the ordinals.”

Properties of ﬁrst-order logic

157

This version of induction, known as transﬁnite induction, can be used to show that some property P holds for each ordinal α. Like other forms of induction, transﬁnite induction consists of two steps: the base step and the induction step. First, we show that P holds for 0. This is the base step. Second, we show that if P holds for all β < α, then it holds for α as well. This is the induction step. If we successfully complete these two steps, then we can rightly conclude that P does, in fact, hold for each ordinal α (since there is no least ordinal for which property P does not hold). Deﬁnition 4.12 We deﬁne the inﬁnite cardinals by transﬁnite induction. First we deﬁne (again) ℵ0 to be |N|. Let α be a nonzero ordinal. Suppose that ℵι has been deﬁned for each ι < α. Let γ be the least ordinal such that |γ| > ℵι for all ι < α. We deﬁne ℵα to be |γ|. Having deﬁned the cardinal numbers, we now deﬁne arithmetic operations for these numbers. Cardinal arithmetic must not be confused with ordinal arithmetic. Previous reference was made to ω + ω, ω · 2, and ω ω . Since ω is an ordinal, these are expressions of ordinal arithmetic (each represents a countable ordinal). We turn now to cardinal arithmetic. Deﬁnition 4.13 Let κ and λ be cardinals. Let A and B be disjoint sets with |A| = κ and |B| = λ. • Addition: κ + λ = |A ∪ B|. • Multiplication: κ · λ = |A × B|. • Exponentiation: κλ = |F (B, A)| where F (B, A) is the set of all functions f : B → A having B as a domain and a subset of A as a range. Note that these deﬁnitions are independent of our choice of A and B. The requirement that A and B are disjoint is needed only for adding ﬁnite cardinals. If κ and λ are ﬁnite cardinals, then these deﬁnitions correspond to the familiar notions of addition, multiplication, and exponentiation. We demonstrate (but do not prove) this fact with an example. Example 4.14 Let A = {a1 , a2 , a3 } and let B = {b1 , b2 , b3 , b4 }. Addition. We have A ∪ B = {a1 , a2 , a3 , b1 , b2 , b3 , b4 }. Clearly |A| + |B| = 3 + 4 = 7 = |A ∪ B|. Multiplication. Recall that A × B is the set {(ai , bj )|1 ≤ i ≤ 3, 1 ≤ j ≤ 4}. We list the elements of this set as follows: (a1 , b1 )

(a1 , b2 )

(a1 , b3 )

(a1 , b4 )

(a2 , b1 )

(a2 , b2 )

(a2 , b3 )

(a2 , b4 )

(a3 , b1 )

(a3 , b2 )

(a3 , b3 )

(a3 , b4 ).

158

Properties of ﬁrst-order logic

Observing the above arrangement of the elements in A × B, we see that the size of A × B is 3 · 4 = 12. So |A| · |B| = 3 · 4 = 12 = |A × B|. Exponentiation. The set F (B, A) consists of all functions f : B → A. Each function is determined by the values of f (b) for b ∈ B. For each of the four elements in B, there three possible values for f (b) in A. It follows that there are 3 · 3 · 3 · 3 = 34 functions in F (B, A). We see that |A||B| = 34 = 81 = |F (B, A)|. So for ﬁnite cardinals, addition, multiplication, and exponentiation are nothing new. We now consider these operations for inﬁnite cardinals. It turns out that adding and multiplying two inﬁnite cardinals are remarkably easy tasks (easier than adding and multiplying ﬁnite cardinals). In contrast, exponentiation for inﬁnite cardinals is remarkably hard. We deal with the two easier operations ﬁrst. All there is to know about the addition and multiplication of inﬁnite cardinals stems from the following result. Theorem 4.15 Let κ be an inﬁnite cardinal. Then κ · κ = κ. Proof We prove that this holds for κ = ℵα by transﬁnite induction on α. If α = 0, then this follows from Example 2.35 where it was shown that |N×N| = |N|. Suppose now that κ = ℵα for α > 0. Our induction hypothesis is that λ·λ = λ for all inﬁnite cardinals λ smaller than κ. Let δ be the least ordinal such that |δ| = κ. We regard δ as the set of ordinals less than δ. By the deﬁnition of cardinal multiplication, κ · κ is the cardinality of the set δ × δ of ordered pairs of ordinals less than δ. We show that |δ × δ| = |δ| by arranging the elements of δ × δ into a well ordered set having ordinality δ. Now, δ × δ is well ordered by the lexicographical order deﬁned as follows: (β1 , β2 ) precedes (γ1 , γ2 ) lexicographically if and only if either β1 < γ1 or both β1 = γ1 and β2 < γ2 where < is the usual order for ordinals. This order is analogous to the alphabetical order of words in a dictionary. The ordinality of this well ordered set is δ 2 which is bigger than δ. We now impose a new order on δ × δ. We claim that the new order makes δ × δ a well ordered set having ordinality δ. We denote this order by and deﬁne it as follows:

(β1 , β2 ) (γ1 , γ2 ) if and only if either (β1 , β2 ) precedes (γ1 , γ2 ) lexicographically OR γ2 is larger than both β1 and β2 .

Properties of ﬁrst-order logic

159

The set δ×δ with the order is a well ordered set. We leave the veriﬁcation of this as Exercise 4.18. This is also true of the lexicographical order. The crucial feature of is that, with this order, each element of δ × δ has fewer than κ predecessors. This is not true of the lexicographical order. Let (β1 , β2 ) be an arbitrary element of δ × δ. To see that this element has fewer than κ predecessors, ﬁrst note that (β1 , β2 ) (β, β) where β is the larger of β1 and β2 . Further, (γ1 , γ2 ) does not preceed (β, β) if either γ1 or γ2 is larger than β. Because of this, the predecessors of (β1 , β2 ) are contained in (β + 1) × (β + 1). For example, suppose (β1 , β2 ) = (1, 3). Then (β1 , β2 ) (3, 3). The set of all elements of δ × δ that preceed (3, 3) are contained in the following square: (0, 0)

(0, 1)

(0, 2)

(0, 3)

(1, 0)

(1, 1)

(1, 2)

(1, 3)

(2, 0)

(2, 1)

(2, 2)

(2, 3)

(3, 0)

(3, 1)

(3, 2)

(3, 3).

Note that this is the set 4 × 4 (recalling that the ordinal 4 is identiﬁed with {0, 1, 2, 3}). So, with the order , there are fewer than |4 × 4| = 16 predecessors of the ordered pair (3, 3). Likewise, for any β < δ, there are fewer than |(β + 1) ×(β + 1)| elements of δ × δ that preceed (β, β) in the order . Since δ is least such that |δ| = κ and β < δ, we have |β + 1| = |β| < κ. By our induction hypothesis, |(β + 1) × (β + 1)| = |β + 1|. It follows that each element of δ × δ has fewer than κ predecessors in the order as was claimed. Let γ denote the ordinality of δ × δ with . If γ were larger than δ, then there would necessarily exist elements with κ = |δ| predecessors. Since we have shown that this is not the case, we conclude that γ ≤ δ. It follows that κ · κ = |δ × δ| = |γ| ≤ |δ| = κ. Since it is clear that κ ≤ κ · κ, we have κ · κ = κ as was desired. By induction, this holds for κ = ℵα for each ordinal α. Corollary 4.16 Let κ and λ be nonzero cardinals. If either κ or λ is inﬁnite, then λ · κ is the larger of κ and λ. Proof Suppose that κ is inﬁnite and λ ≤ κ. We have κ ≤ λ · κ ≤ κ · κ. Since, κ · κ = κ by Theorem 4.15, we conclude that λ · κ = κ. Likewise, if λ is inﬁnite and κ ≤ λ, then λ · κ = λ. Corollary 4.17 Let κ and λ be cardinals. If either κ or λ is inﬁnite, then λ + κ is the larger of κ and λ. Proof If one of κ and λ is inﬁnite and the other is ﬁnite, then this corollary follows from Exercise 2.36. So suppose that κ and λ are both inﬁnite. If λ ≤ κ,

160

Properties of ﬁrst-order logic

then λ + κ ≤ λ · κ (this is true for any κ and λ with 2 ≤ λ). We have κ ≤ λ + κ ≤ λ · κ ≤ κ · κ = κ. We conclude that each of these inequalities must in fact be equalities. In particular, λ + κ = λ · κ = κ. The proof is identical for κ ≤ λ. We already know how to add and multiply ﬁnite cardinals. The previous corollaries tell us how to add and multiply inﬁnite cardinals: simply take the larger of the two numbers. So cardinal addition is easy: 5 + 2 = 7, 2 + ℵ0 = ℵ0 , ℵ1 + 7 = ℵ1 , and ℵ7 + ℵ23 = ℵ23 . Cardinal multiplication is equally easy: 5 · 2 = 10, 2 · ℵ0 = ℵ0 , ℵ1 · 7 = ℵ1 , and ℵ7 · ℵ23 = ℵ23 . Note that the same result is obtained either by adding or by multiplying two inﬁnite cardinals. This is also true for any ﬁnite number of inﬁnite cardinals. If we have n cardinals (for n ∈ N) at least one of which is inﬁnite, then whether we add them together or multiply them, we obtain the largest of the n cardinals. This is no longer true if we have inﬁnitely many cardinals. We extend the deﬁnitions of addition and multiplication to inﬁnite sums and products in an obvious way. Deﬁnition 4.18 Let α be an inﬁnite ordinal and let {κι | ι < α} be a set of cardinals. For each ι < α, let Aι be a set of cardinality κι . We assume that the Aι s are disjoint from each other. • Inﬁnite sums:

ι<α

κι = |

ι<α

Aι |.

• Inﬁnite products: Πι<α κι = |Πι<α Aι | where Πι<α Aι denotes the Cartesian product A0 × A1 × A2 × · · · Just as multiplication can be viewed as repeated applications of addition, exponentiation can be viewed as repeated applications of multiplication. That · κ · . .. = κλ . is, κ + κ + κ + . . . = κ · λ and κ · κ λ times

λ times

We leave the veriﬁcation of this as Exercise 4.20. Whereas an inﬁnite sum is as easy as multiplication, an inﬁnite product is as diﬃcult as exponentiation. We turn now to cardinal exponentiation. Proposition 4.19 For any set A, |P(A)| = 2|A| . Proof Recall that P(A) is the set of all subsets of A. Let F (A, 2) denote the set of all functions from A to the set {0, 1}. We deﬁne a one-to-one correspondence between P(A) and F (A, 2). Each B in P(A) corresponds to its characteristic

Properties of ﬁrst-order logic

161

function χB (x) in F (A, 2) deﬁned as follows: 0 if x ∈ B χB (x) = 1 if x ∈ B. Each set in P(A) uniquely determines its characteristic function and, in the other direction, each function f in F (A, 2) is the characteristic function of the set {a ∈ A|f (a) = 1}. It follows that this is a one-to-one correspondence and P(A) and F (A, 2) have the same size. Since |F (A, 2)| = 2|A| , so does |P(A)| = 2|A| . Proposition 4.20 For any inﬁnite cardinal κ and any cardinal λ with 2 ≤ λ < κ, λκ = κκ . Proof Let A be a set of cardinality κ. Then κκ is the cardinality of the set of functions from A to A. The graph of any such a function is a subset of A × A. It follows that κκ ≤ P(A × A). Also, since |A| = |A × A|, we have |P(A)| = |P(A × A)|. Putting this together we have 2κ ≤ λκ ≤ κκ ≤ |P(A × A)| ≤ |P(A)| = 2κ . It follows that 2κ = λκ = κκ . These two propositions reveal some basic facts regarding cardinal exponentiation. Suppose we want to compute λκ for 2 ≤ λ ≤ κ. By the latter proposition, λκ = 2κ . By the former proposition, this is |P(A)| where |A| = κ. This tells us that κ < 2κ (by Proposition 2.44), but it does not tell us precisely what 2κ is. This brings us back to a fundamental question posed at the outset of this section: how many real numbers are there? By Proposition 2.46, we know that |R| > ℵ0 . Moreover, the proof of Proposition 2.46 shows that R has the same size as P(ℵ0 ). So |R| = 2ℵ0 . But the question remains, which cardinal is this? Does 2ℵ0 equal ℵ1 or ℵ2 or ℵ23 or what? 4.2.3 Continuum hypotheses. How many points lie on a continuous line segment? We have shown in Proposition 2.42 that the rational number line contains only countably many points. But this line is not continuous. It has gaps. For √ number. example, 2 is not a rational √ So the rational numbers can be split into √ the two intervals (−∞, 2) and ( 2, ∞). A continuous line cannot be split in this manner. If a continuous line is split into two sets A and B so that each element of A is to the left of each element of B, then this split must occur at some point of the line. We follow Richard Dedekind and take this as the deﬁnition of continuous. The continuum problem. Let L be a continuous line segment. We regard L as a set of points. Does there exist an uncountable subset P of L such that |P | < |L|?

162

Properties of ﬁrst-order logic

The real number line is continuous. This is another way of saying that the reals are order-complete (mentioned in Section 2.4.3). So we may assume that the line segment L is an interval of real numbers. We showed in Example 2.38 that the interval (0, 1) of real numbers has the same size as R. It follows that any interval of real numbers has the same size as R. So the continuum Problem can be rephrased as follows. The continuum problem. Is there a subset of R that is bigger than Q and smaller than R? We know that |R| = 2ℵ0 > ℵ0 . The previous question asks if there exist any cardinals between ℵ0 and 2ℵ0 . That is, is the following true? The continuum hypothesis. 2ℵ0 = ℵ1 . More generally, is this how cardinal exponentiation behaves for all cardinals? The general continuum hypothesis. For each ordinal α, 2ℵα = ℵα+1 . As the word “hypothesis” suggests, this statement has neither been proved nor disproved. Remarkably, it cannot be proved or disproved from the standard axioms of mathematics. It is independent from these axioms. This has been proved! The standard axioms of mathematics are Zermeleo–Frankel set theory with the previously mentioned Axiom of Choice. These axioms are denoted ZFC. The study of ZFC is the subject of set theory. Set theory is one branch of logic that we do not treat in depth in this book. We have touched on the basics of set theory in Section 2.5 and the present section. We conclude our discussion of set theory by stating without proof some of the subject’s striking results. References are provided at the end of the section. In 1937, Kurt G¨ odel showed that the general continuum hypothesis is consistent with ZFC. So this hypothesis cannot be disproved. In 1963, Paul Cohen showed that there are models of ZFC in which the General Continuum Hypothesis is false. So this hypothesis cannot be proved from the axioms in ZFC. Cohen introduced a method known as forcing to obtain his result. Using this method one can ﬁnd models of ZFC in which 2ℵ0 = ℵα for any ﬁnite ordinal α (this is true for most inﬁnite ordinals α as well). The question of whether or not the general continuum hypothesis is true in speciﬁc standard models of ZFC remains unanswered. Indeed, by the results of G¨ odel and Cohen, such questions cannot be resolved from the axioms of ZFC alone. So how many real numbers are there? Or equivalently, how many subsets of N are there? Although this appears to be a precise and fundamental question, we cannot provide a deﬁnite answer. In the wake of Cohen’s forcing, the possibilities are endless. G¨ odel showed that the hypothesis 2ℵ0 = ℵ1 is consistent.

Properties of ﬁrst-order logic

163

Cohen’s methods show that the hypothesis 2ℵ0 = ℵ23 is also consistent. More generally, one can use forcing to prove the following result. Theorem 4.21 (Easton 1970) Let a0 < a1 < a2 < · · · be any increasing sequence of natural numbers. The assertion that 2ℵα = ℵaα for each ﬁnite ordinal α is consistent with ZFC. The possibilities are endless, but not everything is possible. Proved in 1974, Silver’s theorem restricts the possibilities. Theorem 4.22 (Silver) If 2ℵα = ℵα+1 for each α < ω1 , then 2ℵω1 = ℵω1 +1 . Phrased another way, this theorem says it is impossible for the general continuum hypothesis to hold for all cardinals up to ℵω1 and to fail for ℵω1 . Shelah later proved that this is also true for ℵω . If 2ℵn = ℵn+1 for all ﬁnite n, then 2ℵω = ℵω+1 . Whereas Easton showed that we can choose the values of 2ℵn to be almost anything we want, these choices restrict the possible values of 2ℵω . In fact, given any sequence a0 < a1 < a2 < · · · as in Easton’s theorem, the possible values of 2ℵω are bounded. Moreover, the values are uniformly bounded (regardless of our choice of ai s) by the number ℵω4 . This remarkable fact is due to Shelah. Theorem 4.23 (Shelah) If 2ℵn < ℵω for each ﬁnite n, then 2ℵω ≤ ℵω4 . Not only is this statement consistent with ZFC, it can be proved from the axioms of ZFC. To say that the proof of this theorem is not within the scope of this book is an understatement. For proofs of these results, we refer the reader to books dedicated to set theory. Both [18] and [25] are recommended. Kunen’s book [25] is an excellent introduction to forcing and contains a proof of Cohen’s result. Jech’s book [18] contains a proof of Silver’s theorem. Readers who have a strong background in set theory are referred to Shelah’s book [44] for a proof of theorem 4.23 (in particular, refer to the section titled “Why in the HELL is it four?”).

4.3 Four theorems of ﬁrst-order logic In this section, we prove four fundamental results for ﬁrst-order logic. We prove the Completeness theorem, the Compactness theorem, the Upward L¨owenheim– Skolem theorem, and the Downward L¨ owenheim–Skolem theorem. The ﬁrst three of these four are consequences of the fact that, in ﬁrst-order logic, every model has a theory and every theory has a model. In particular, any consistent set of sentences (any theory) is satisﬁable (has a model). This was proved for countable sets of sentences in Theorem 4.2. The ﬁrst objective of the present section is to extend this result to arbitrary sets of sentences.

164

Properties of ﬁrst-order logic

Suppose that Γ is an uncountable set of sentences. Since there are only countably many sentences in any countable vocabulary (by Proposition 2.47), the vocabulary of Γ must be uncountable. Although we have not previously encountered uncountable vocabularies, such vocabularies naturally arise in model theory. Example 4.24 Given any structure M , we may wish to consider the expansion MC of M to a vocabulary V(M ) containing a constant for each element of the underlying set of M . If M is uncountable, then so is the vocabulary V(M ). In particular, consider the structure R = (R|+, ·, 0, 1) (the real numbers in the vocabulary Var of arithmetic). We may want to consider a set of Var -sentences having parameters from the underlying set R of R. For example, we may want to study polynomials having real coeﬃcients. Such a set of sentences has vocabulary Var (R) containing a constant for each real number. This is an uncountable vocabulary. Example 4.25 We may wish to consider a vector space as a ﬁrst-order structure. One basic way of doing this is to use a vocabulary containing the constant 0, the binary function +, and a unary function mr for each scalar r. Let the set of vectors serve as the underlying set. Let V be the structure having this underlying set and interpreting 0 as the zero vector, + as vector addition, and mr as scalar multiplication by r. In particular, consider the vector space R2 of ordered pairs of real numbers. For this vector space, the scalars are real numbers. Let Vvs be the vocabulary consisting of the constant 0, the binary function +, and a unary function mr for each real number r. In this case, V is the Vvs -structure having R2 as an underlying set and interpreting 0 as the vector (0, 0), (a, b)+(c, d) as (a+c, b+d), and mr (a, b) as (ra, rb) for all real numbers a, b, c, d, and r. This is an example of a basic mathematical structure that requires an uncountable vocabulary. For any vocabulary V, let ||V|| denote the cardinality of the set of V-formulas. In Proposition 2.47, it was shown that ||V|| = ℵ0 for any countable V. The following proposition extends this result to uncountable vocabularies. Proposition 4.26 For any vocabulary V, ||V|| = |V| + ℵ0 . Proof By Corollary 4.17, |V| + ℵ0 is the larger of |V| and ℵ0 . If V is countable, then this sum is ℵ0 . This agrees with Proposition 2.47. Now suppose |V| = κ for some uncountable κ. We want to show that ||V|| = κ. For each n ∈ N, let Fn denote the set of V-formulas having length n. Then |Fn | ≤ κn . By repeatedly applying Corollary 4.16 we see that κn = κ. So we have ||V|| = Fn = |Fn | ≤ κn = κ = ℵ0 · κ = κ. n∈N

n∈N

n∈N

n∈N

Properties of ﬁrst-order logic

165

We now prove that every theory has a model. We follow the same Henkin Construction used to prove Theorem 4.2. Theorem 4.27 If a set of ﬁrst-order sentences is consistent, then it is satisﬁable. Proof Let Γ be a consistent set of ﬁrst-order sentences. If Γ is countable, then Γ is satisﬁable by Theorem 4.2. We generalize the proof of Theorem 4.2 to include uncountable Γ. Suppose that the cardinality κ of Γ is uncountable. Let α be the least ordinal with |α| = κ. Let V + = V ∪ {cι |ι < α}, where V is the vocabulary of Γ and each cι is a constant that does not occur in V. Let C be the set {cι |ι < α}. By Corollary 4.17, |V + | = |V| + |C| = κ + κ = κ. Moreover, by Proposition 4.26, the set of all V + -sentences also has cardinality κ. By the Well Ordering Principle, the set of all V + -sentences can be enumerated as {ϕι |ι < α}. As in the proof of Theorem 4.2, our goal is to deﬁne a complete V + -theory Tα with the following two properties. Property 1 Every sentence of Γ is in Tα . Property 2 For every V + -sentence in Tα of the form ∃xθ(x), the sentence θ(c) is also in T α for some c ∈ C. Prior to deﬁning Tα , we inductively deﬁne V + -theories Tι for ι < α. Let T0 be Γ. Now suppose that, for some nonzero β < α, Tγ has been deﬁned for each γ < β. We want to deﬁne Tβ . We assume that for each γ < β, Tγ uses at most |γ| + ℵ0 of the constants in C. Since |γ| + ℵ0 < κ = |C|, most of the constants in C are not used in Tγ (here we are using the fact that κ is uncountable). Note that T0 is a V-theory and so contains none of these constants. We must deﬁne Tβ so that Tβ uses at most |β| + ℵ0 of the constants in C. We now deﬁne Tβ . There are two possibilities: either β is a successor ordinal or it is not. If β is a successor ordinal, then β = γ +1 for some γ. By assumption, Tγ has been deﬁned. Consider the V + -sentence ϕγ . We deﬁne Tβ = Tγ+1 in the same manner that Tm+1 was deﬁned in the proof of Theorem 4.2. (a) If Tγ ∪ {¬ϕγ } is consistent, then deﬁne Tγ+1 to be Tγ ∪ {¬ϕγ }. (b) If Tγ ∪ {¬ϕγ } is not consistent, then Tγ ∪ {ϕγ } is consistent. We divide this case into two subcases. (i) If ϕγ does not have the form ∃xθ(x) for some formula θ(x), then just let Tγ+1 be Tγ ∪ {ϕγ }.

166

Properties of ﬁrst-order logic

(ii) Otherwise ϕγ has the form ∃xθ(x). In this case let Tγ+1 be Tγ ∪ {ϕγ } ∪ {θ(c)} where c is a constant in C that does not occur in Tγ ∪ {ϕγ }. Since Tγ contains fewer than κ constants of C, such a c exists. So if β = γ + 1, then Tβ = Tγ+1 is obtained by adding at most a sentence or two to Tγ . Since Tγ contains at most |γ| + ℵ0 of the constants in C, so does Tβ . Moreover, Tβ can be shown to be consistent in the same manner that Tm+1 was shown to be consistent in the ﬁrst claim in the proof of Theorem 4.2. Now suppose that β is not a successor ordinal. Then it is a limit ordinal. In this case, deﬁne Tβ as the set of all V + -sentences that occur in Tγ for some γ < β. Again, we claim that Tβ is consistent and contains at most |β| + ℵ0 of the constants in C. Claim 1 Tβ is consistent. Proof Suppose Tβ is not consistent. Then Tβ ⊥ for some contradiction ⊥. Since formal proofs are ﬁnite, ∆ ⊥ for some ﬁnite subset ∆ of Tβ . Since it is ﬁnite, ∆ ⊂ Tγ for some γ < β. But this contradicts our assumption that any such Tγ is consistent. We conclude that Tβ must be consistent as was claimed. Claim 2 Tβ contains at most |β| of the constants in C. Proof For each γ < β, let Cγ be the set of constants in C that occur in Tγ . Then the constants occurring in Tβ are γ<β Cγ . By assumption, |Cγ | ≤ |γ| + ℵ0 ≤ |β|+ℵ0 . Since we are assuming that β is a limit ordinal, β is inﬁnite. In particular, |β| + ℵ0 = |β|. So each |Cγ | ≤ |β|. It follows that the number of constants from C occurring in Tβ is Cγ ≤ |Cγ | ≤ |β| = |β| · |β| = |β|. γ<β γ<β γ<β This completes the proof of the claim. So for each β < α we have successfully deﬁned a V + -theory Tβ . These have been deﬁned in such a way that Tβ1 ⊂ Tβ2 for β1 < β2 < α. We now deﬁne Tα as the set of all V + -sentences that occur in Tβ for some β < α. Like each Tβ , Tα is a theory. This can be proved in the same manner as Claim 1 above. Unlike Tβ for β < α, Tα is a complete theory. This is because each V + -sentence is enumerated as ϕι for some ι < α. Either ϕι or ¬ϕι is in Tι+1 and, hence, in Tα as well. Since Γ = T0 ⊂ Tα , Tα has Property 1. Moreover, part (b)ii of the deﬁnition of Tγ+1 ⊂ Tα guarantees that Tα has Property 2. It was shown in the proof of Theorem 4.2 that any complete theory with Property 2 has a model. Therefore Tα has a model and Γ is satisﬁable.

Properties of ﬁrst-order logic

167

We have now established that a set of sentences is consistent if and only if it is satisﬁable (Theorems 4.1 and 4.27). Every model has a theory and every theory has a model. With this fact at hand, we can prove the completeness and compactness of ﬁrst-order logic. Theorem 4.28 (Completeness) For any sentence ϕ and any set of sentences Γ, Γ |= ϕ if and only if Γ ϕ. Proof That Γ ϕ implies Γ |= ϕ is Theorem 3.4. Conversely, suppose Γ |= ϕ. Then Γ ∪ {¬ϕ} does not have a model. Since every theory has a model, Γ∪{¬ϕ} must not be a theory. That is, Γ∪{¬ϕ} ⊥ for some contradiction ⊥. By the Contradiction rule (Example 1.33), we can derive ϕ from Γ ∪ {¬ϕ}. Since we can also derive ϕ from Γ ∪ {ϕ} (by Assumption), we have Γ ϕ by Proof by cases (Example 1.35). Theorem 4.29 (Compactness) Let Γ be a set of sentences. Every ﬁnite subset of Γ is satisﬁable if and only if Γ is satisﬁable. Proof Any model of Γ is a model of every ﬁnite subset of Γ. We must prove the opposite. Suppose that Γ has no model. Then Γ must not be a theory. This means that we can derive a contradiction ⊥ from Γ. Since derivations are ﬁnite, we can derive ⊥ from a ﬁnite subset of Γ. So if Γ is unsatisﬁable, then some ﬁnite subset of Γ must be unsatisﬁable. Theorem 4.30 (Upward L¨ owenheim–Skolem) If a theory T has an inﬁnite model, then T has arbitrarily large models. Proof Let M be an inﬁnite model of T . Let κ be any cardinal. We show that there exists a model N of T with |N | ≥ κ. To do this, we expand the vocabulary V of T by constants. Let C be a set of constants such that |C| = κ and each constant in C does not occur in V. Let V + denote V ∪ C. Let Γ be the set of all V + -sentences having the form ¬(c = d) where c and d are distinct constants from C. Any V + -structure that models Γ must have at least κ elements in its underlying set. We claim that T ∪ Γ is satisﬁable. If κ ≤ |M |, then T ∪ Γ is satisﬁable by an expansion of M . If M + is any expansion of M that interprets the constants of C as distinct elements of the underlying set of M , then M + |= T ∪ Γ. In particular, if κ is ﬁnite, then, since M is inﬁnite, such an M + exists. If κ is bigger than |M |, then no expansion of M can model Γ. It is still the case, however, that T ∪ Γ is satisﬁable. Any ﬁnite subset of T ∪ Γ will contain only ﬁnitely many constants from C. It follows that any ﬁnite subset of T ∪ Γ is satisﬁable by an expansion of M . By compactness, T ∪ Γ is satisﬁable. Let N model T ∪ Γ. Since N |= Γ, |N | ≥ κ as was required.

168

Properties of ﬁrst-order logic

The Downward L¨owenheim–Skolem theorem, unlike the Upward L¨owenheim–Skolem Theorem, is not an immediate consequence of the Compactness theorem. Rather, this theorem follows from the Tarski–Vaught criterion for elementary substructures. This criterion along with the Downward L¨ owenheim– Skolem theorem could have been stated and proved immediately following the deﬁnition of elementary substructure in Section 2.6.2. Recall that for V-structures M and N with M ⊂ N , M is an elementary substructure of N means that M |= ϕ(¯ a) if and only if N |= ϕ(¯ a) for any V-formula ϕ(¯ x) and tuple a ¯ of elements from the underlying set of M . We use M ≺ N to denote this important concept. The Tarski–Vaught criterion states that, to show M ≺ N , it suﬃces to only consider formulas ϕ(¯ x) that begin with ∃. Proposition 4.31 (The Tarski–Vaught criterion) Let M and N be V-structures with N ⊂ M . Suppose that for any V-formula ψ(¯ x, y) and any tuple a ¯ of elements from the underlying set of N , the following is true: M |= ∃yψ(¯ a, y) implies N |= ∃yψ(¯ a, y). Then N ≺ M . Proof To show that N ≺ M , we must show that, for every V-formula ϕ(¯ x) and every tuple a ¯ of elements from the underlying set UN of N : N |= ϕ(¯ a)

if and only if M |= ϕ(¯ a).

This can be done by induction on the complexity of ϕ. It is true for atomic ϕ since N ⊂ M . Clearly, if it is true for ϕ, then it is true for any formula equivalent to ϕ. Now suppose it is true for formulas ψ and θ. That is, suppose N |= ψ(¯ a)

if and only if M |= ψ(¯ a), and

N |= θ(¯ a)

if and only if M |= θ(¯ a)

for any tuple a ¯ of elements of UN . This is our induction hypothesis. We must show that this is also true for ψ ∧ θ, ¬θ, and ∃yθ. The ﬁrst two of these follow from the semantics of ∧ and ¬. Now suppose that ϕ(¯ x) has the form ∃yθ(¯ x, y). Suppose that N |= ∃yθ(¯ c, y) for some tuple c¯ of elements from UN . By the semantics of ∃, N |= θ(¯ c, b) for some b ∈ UN . By the induction hypothesis, M |= θ(¯ c, b). Again by the semantics of ∃, M |= ∃yθ(¯ c, y). We must also show that the reverse is true: that if M |= ∃yθ(¯ c, y), then N |= ∃yθ(¯ c, y). But this is exactly the condition stipulated in the proposition. If this condition holds, then we can complete the induction step and conclude that N |= ϕ(¯ a) if and only if M |= ϕ(¯ a) for all V-formulas ϕ(¯ x) as we wanted to show.

Properties of ﬁrst-order logic

169

The Tarski–Vaught criterion, as stated in the previous proposition, can be strengthened. We do not need N ⊂ M in the hypothesis. That N is a substructure of M follows from the other hypotheses of Proposition 4.31. Corollary 4.32 Let M be a V-structure. Let U be a subset of the underlying set x, y) and any tuple a ¯ of elements UM of M . Suppose that for any V-formula ϕ(¯ from U , if M |= ∃yϕ(¯ a, y), then M |= ϕ(¯ a, b) for some b ∈ U . Then U is the underlying set of an elementary substructure of M . Proof Recall that not every subset of UM may serve as the universe for a substructure of M . We must show that U contains each constant and is closed under each function of V. Given any constant c in V, M |= ∃x(x = c). It follows from our hypothesis on U that M |= (b = c) for some b ∈ U . Now let f be an n-ary function in V and let a ¯ be any n-tuple of elements from U . Since M |= ∃x(f (¯ a) = x), M |= (f (¯ a) = b) for some b ∈ U . So it makes sense to deﬁne N as the structure having underlying set U that interprets the symbols of V in the same manner as M . Since it interprets the constants and functions as well as the relations of V, N is a V-structure. Moreover, since N ⊂ M , we have N ≺ M by the Tarski–Vaught criterion. Theorem 4.33 (Downward L¨ owenheim–Skolem) Let M be a structure having vocabulary V and underlying set UM . For any X ⊂ UM , there exists an elementary substructure N of M such that 1. X is a subset of the universe of N , and 2. |N | ≤ |X| + ||V||. Proof We deﬁne a sequence X1 ⊂ X2 ⊂ X3 ⊂ · · · of subsets of UM . Let X1 = X. Now suppose Xm has been deﬁned for some m ∈ N. Suppose that |Xm | ≤ |X| + ||V||. Let V(Xm ) be the expansion of V obtained by adding new constants for each element of Xm . Let Mm be the natural expansion of M to this vocabulary. Let Em be the set of all V(Xm )-sentences of the form ∃xϕ(x) such that Mm |= ∃xϕ(x). Let α be the least ordinal such that |α| = |Em |. By the Well Ordering Principle, Em can be enumerated as {∃xϕι (x)|ι < α}. For each ι < α, there exists an element aι in UM such that M |= ϕ(aι ). Let A = {aι |ι < α}. Note that |A| ≤ |E| ≤ ||V||. Let Xm+1 be Xm ∪ A. We have |Xm+1 | = |Xm ∪ A| ≤ |Xm | + |A| ≤ (|X| + ||V||) + (||V||) = |X| + ||V||. Now let U = m<ω Xm .

170

Properties of ﬁrst-order logic

Claim 1 |U | ≤ |X| + ||V||. Proof We have Xm ≤ |Xm | ≤ (|X| + ||V| |) = (|X|+||V||)·ℵ0 = |X|+||V||. |U | = m<ω m<ω m<ω Claim 2 For any V-formula ϕ(¯ x, y) and any tuple a ¯ of elements from U , if M |= ∃yϕ(¯ a, y), then M |= ϕ(¯ a, b) for some b ∈ U . Proof Let ϕ(¯ x, y) be any V-formula. Suppose that M |= ∃yϕ(¯ a, y) for some tuple a ¯ of elements from U . Then a ¯ must be a tuple of elements from Xm for some m. a, b) for It follows that ∃yϕ(¯ a, y) is in Em . By the deﬁnition of Xm+1 , M |= ϕ(¯ some b ∈ Xm+1 ⊂ U . By Corollary 4.32, U is the underlying set of an elementary substructure N of M . We have both X ⊂ U and |N | ≤ |X| ∪ ||V|| as was required. Corollary 4.34 Let T be a theory having an inﬁnite model. Then T has a model of size κ for each inﬁnite cardinal κ with κ ≥ |T |. Proof We want to show that there exists a model M of T with |M | = κ. By the Upward L¨owenheim–Skolem theorem, there exists a model N of T with |N | ≥ κ. Let X be a subset of the universe of N with |X| = κ. By the Downward L¨owenheim–Skolem theorem, there exists an elementary substructure M of N such that X is contained in the universe of M and |M | ≤ |X| + ||V|| where V is the vocabulary of T . Moreover, ||V|| ≤ |T | by Exercise 4.17. Since |T | ≤ κ, we have ||V|| ≤ κ = |X|. It follows that |X| + ||V|| = |X| and |M | ≤ |X|. Since X is a subset of the universe of M , |M | = |X| = κ.

4.4 Amalgamation of structures In ﬁrst-order logic, we can amalgamate many structures into one. By “amalgamate” we simply mean to combine in some manner. There are various ways to make this idea precise. An amalgamation theorem of ﬁrst-order logic is a theorem that can be diagramed as follows: D M1

M2

C In this diagram, M1 and M2 are given ﬁrst-order structures, C is a set, and f1 : C → M1 and f2 : C → M2 are one-to-one functions having C as a domain.

Properties of ﬁrst-order logic

171

An amalgamation theorem states that given these structures, sets, and functions, there exists structure D and functions g1 : M1 → D and g2 : M2 → D so that g1 (f1 (c)) = g2 (f2 (c)) for each c ∈ C. That is, given the bottom half of this diagram, an amalgamation theorem asserts the existence of the top half. We prove several amalgamation theorems in this section. The above diagram depicts each of these theorems. Diﬀerent amalgamation theorems arise from the various restrictions we may place on the structures, sets, and functions in this diagram. For example, in Theorem 4.38 we require that C is a structure and f1 and f2 are elementary embeddings. We refer to this theorem as Elementary Amalgamation over Structures. The conclusion of this theorem states that the functions g1 and g2 in the diagram are in fact elementary embeddings. This theorem, as with all of the amalgamation theorems, is a consequence of compactness. We repeatedly use the following corollary of compactness. Deﬁnition 4.35 A set of sentences Γ is said to be closed under conjunction if for any sentences ϕ and ψ in Γ, the sentence ϕ ∧ ψ is also in Γ. Corollary 4.36 Let Γ be a set of sentences that is closed under conjunction. Let T be any consistent set of sentences. The set T ∪ Γ is inconsistent if and only if T ¬ϕ for some ϕ in Γ. Proof Clearly, if T entails the negation of a sentence that is in Γ, then T ∪ Γ is not consistent. The converse is a direct consequence of compactness. If T ∪ Γ inconsistent, then, by compactness, there exists an inconsistent ﬁnite subset ∆ of T ∪ Γ. Since T is consistent, there must exists sentences from Γ in ∆. Let Φ be the conjunction of the sentences in both ∆ and Γ. Then T ∪ {Φ} is inconsistent. By Proof by Contradiction, we have T ¬Φ. Since Γ is closed under conjunction, Φ is a sentence in Γ as was required. This corollary provides an alternative version of compactness. From now on, when we say that something is true “by compactness” we mean that it follows either from the Compactness theorem 4.29 or, equivalently, from Corollary 4.36. Our ﬁrst amalgamation theorem is known as the Joint Embedding lemma. This lemma states that any two models of a complete theory can be elementarily embedded into some other model of the same theory. This is a basic way to amalgamate many structures into one. In the above diagram, M1 ≡ M2 , g1 and g2 are elementary embeddings, and C is the empty set. Lemma 4.37 (Joint Embedding) Let M and N be V-structures that model a complete V-theory T . There exists a model D of T such that both M and N can be elementarily embedded into D. Moreover, if M or N is inﬁnite, then we can take D so that |D| is the same as the larger of |M | and |N |.

172

Properties of ﬁrst-order logic

Proof Consider the elementary diagrams ED(M ) and ED(N ). We may assume that the added constants in each of these sets are distinct. That is, we assume that the only constants occurring in both ED(M ) and ED(N ) are those constants occurring in V. We show that ED(M ) ∪ ED(N ) is consistent. Suppose not. Suppose that ED(M ) ∪ ED(N ) is contradictory. By compactness, ED(M ) ¬ϕ for some sentence ϕ ∈ ED(N ). As a sentence in ED(N ), ϕ has the form ψ(¯b) where ψ(¯ x) is a V-formula and ¯b is an n-tuple of constants not in V. Since M and N are elementarily equivalent V-structures, n must be at least 1. Since the parameters ¯b do not occur in ED(M ), we have ED(M ) ∀¯ x¬ψ(¯ x) by ∀-Introduction. We have M |= ∀¯ x¬ψ(¯ x) which implies M |= ¬∃¯ xψ(¯ x) which implies N |= ¬∃¯ xψ(¯ x) since M ≡ N . But this contradicts the fact that ψ(¯b) ∈ ED(N ). We conclude that our supposition must be wrong and ED(M ) ∪ ED(N ) is consistent. By Theorem 4.27, there exists a model D of ED(M ) ∪ ED(N ). By Proposition 2.80(b), both M and N can be elementarily embedded into D as required. The “moreover” clause in this lemma is a direct consequence of the Downward L¨owenheim–Skolem theorem. In fact, any number of models of a theory can be elementarily embedded into a single model of that theory. We leave this generalization of the Joint Embedding lemma as Exercise 4.23. We now prove the previously mentioned Elementary Amalgamation over Structures theorem. Theorem 4.38 (Elementary Amalgamation over Structures) Let M1 , M2 and N be V-structures that model a complete V-theory T . Let f1 : N → M1 and f2 : N → M2 be elementary embeddings. There exists a model D of T such that both M1 and M2 can be elementarily embedded into D in a manner that agrees on N . That is, there exists D |= T and elementary embeddings g1 : M1 → D and g2 : M2 → D such that f2 (f1 (c)) = g2 (g1 (c)) for each c in the universe of N . Proof Let V(N ) be the expansion of V that includes a constant ca for each element a of the underlying set of N . Let M1 be the expansion of M1 to a V(N )-structure that interprets each ca as f1 (a). Let M2 be the expansion of M2 to a V(N )-structure that interprets each ca as f2 (a).

Properties of ﬁrst-order logic

173

Since M1 ≡ M2 and f1 and f2 are both elementary, M1 ≡ M2 . Let T be the complete theory of these structures. By the Joint Embedding lemma, there exists a model D of T such that both M1 and M2 can be elementarily embedded into D. From the proof of Theorem 4.38, we see that something stronger is true. Nowhere in this proof did we use the fact that N is a model of T . In fact, N does not even have to be a structure. We need only that M1 ≡ M2 where the primes denote expansions by constants representing elements of N . This suﬃces to show that D and the two elementary embeddings exist. Theorem 4.39 (Elementary Amalgamation over Sets) Let M1 and M2 be Vstructures that model a complete V-theory T . Let C be a set of constants not in the vocabulary V of M1 and M2 . Let V(C) be V ∪ C. Let M1 (C) be an expansion of M1 to a V(C)-structure and let M2 (C) be an expansion of M2 to a V(C)-structure. If M1 (C) ≡ M2 (C), then there exists a V(C)-structure D(C) into which both M1 (C) and M2 (C) can be elementarily embedded. Proof The proof is the same as the proof of Theorem 4.38. If we do not require the two embeddings into D to be elementary, then we can relax the condition that the two structures are elementarily equivalent. The following lemma is a modiﬁed version of the Joint Embedding lemma. Instead of requiring that M1 models every sentence that M2 models, we require only that M1 models every existential sentence that M2 models. Under this hypothesis, we still obtain a structure D and embeddings of M1 and M2 into D, but now only one of these embeddings is elementary. Lemma 4.40 Let M and N be V-structures. Suppose that for any existential V-sentence ϕ, if N |= ϕ then M |= ϕ. Then there exists a V-structure D such that N can be embedded into D and M can be elementarily embedded into D. Proof Consider the literal diagram D(N ) and the elementary diagram ED(M ). We may assume that the added constants in each of these sets are distinct. That is, we assume that the only constants occurring in both ED(M ) and D(N ) are those constants occurring in V. We show that ED(M ) ∪ D(N ) is consistent. Suppose not. Suppose that ED(M )∪D(N ) is contradictory. By compactness, ED(M ) ¬ϕ for some sentence ϕ ∈ D(N ). As a sentence in D(N ), ϕ has the form ψ(¯b) where ψ(¯ x) is a literal and ¯b is an n-tuple of constants that do not occur in ED(M ).

174

Properties of ﬁrst-order logic

Since the parameters ¯b do not occur in ED(M ), we have ED(M ) ∀¯ x¬ψ(¯ x) by ∀-Introduction. We have M |= ∀¯ x¬ψ(¯ x) which implies M |= ¬∃¯ xψ(¯ x). Since ψ(¯ x) is a literal, ∃¯ xψ(¯ x) is existential. So, by the hypothesis of the theorem, if N |= ∃¯ xψ(¯ x), then M |= ∃¯ xψ(¯ x). Since this is not the case, N |= ¬∃¯ xψ(¯ x). But this cannot be the case either. It contradicts the fact that ψ(¯b) ∈ D(N ). We conclude that our supposition must be wrong and ED(M ) ∪ D(N ) is consistent. By Theorem 4.27, there exists a model D of ED(M ) ∪ D(N ). By Propositions 2.79 and 2.80, N can be embedded into D and M can be elementarily embedded into D. The following theorem follows from Lemma 4.40 just as Theorem 4.39 follows from the Joint Embedding lemma. Theorem 4.41 (Existential Amalgamation over Sets) Let M1 , M2 be V-structures and let C be a set of constants not in V. Let V(C) be V ∪ C. Let M1 (C) be an expansion of M1 to a V(C)-structure and let M2 (C) be an expansion of M2 to a V(C)-structure. If M2 (C) models every existential V-sentence that M1 (C) models, then there exists a V(C)-structure D into which M1 (C) can be embedded and M2 (C) can be elementarily embedded. Proof Apply Lemma 4.40 with M1 (C) as N and M2 (C) as M .

4.5 Preservation of formulas If a formula is equivalent to an existential formula, then it is preserved under extensions by Proposition 2.72 of Section 2.6.2. Using Theorem 4.41, we prove the converse. Proposition 4.42 If a formula is preserved under extensions, then it is equivalent to an existential formula. We in fact prove something stronger. Deﬁnition 4.43 Let T be a theory (not necessarily complete). We say that a formula ϕ(¯ x) is preserved under supermodels of T if for any two models M and N of T with M ⊂ N and any tuple a ¯ of elements from the universe of M , M |= ϕ(¯ a) implies N |= ϕ(¯ a). If instead N |= ϕ(¯ a) implies M |= ϕ(¯ a), then we say that ϕ(¯ x) is preserved under submodels of T .

Properties of ﬁrst-order logic

175

Deﬁnition 4.44 Formulas ϕ(x1 , . . . , xn ) and ψ(x1 , . . . , xn ) are said to be T -equivalent if T |= ∀x1 . . . ∀xn (ϕ(x1 , . . . , xn ) ↔ ψ(x1 , . . . , xn )). In this section, we prove that a formula ϕ is preserved under supermodels of T if and only if ϕ is T -equivalent to an existential formula. In particular, taking T to be the empty set of sentences, Proposition 4.42 holds. As a corollary to this, a formula is preserved under submodels of T if and only if it is T -equivalent to a universal formula. In the second part of this section, we deﬁne the notion of a chain of models and prove a preservation theorem regarding formulas of the form ∀¯ x∃¯ y ϕ for quantiﬁer-free ϕ. 4.5.1 Supermodels and submodels. Let T be a theory. We show that a formula ϕ is preserved under supermodels of T if and only if ϕ is T -equivalent to an existential formula. First, we show this is true in the case where ϕ is a sentence. Note that this is only interesting if neither ϕ nor ¬ϕ is in T . Otherwise, ϕ is T -equivalent to either the existential tautology ∃x(x = x) or the contradiction ∃x¬(x = x). Proposition 4.45 Let T be a theory. If a sentence is preserved under supermodels of T , then it is T -equivalent to an existential sentence. Proof Suppose that ϕ is a sentence that is preserved under supermodels of T . Let V be the vocabulary of T ∪ {ϕ}. Let C be the set of all existential V-sentences ψ such that T ∪ {ϕ} ψ. We want to show that T ∪ C ∪ {¬ϕ} is inconsistent. Let D be the set of all existential V-sentences that are not in C. So C ∪ D equals the set of all existential V-sentences. Let Γ be the set of all V-sentences that are equivalent to the negation of some sentence in D. Our goal is to show that T ∪ C ∪ {¬ϕ} is inconsistent. It suﬃces to show that T ∪ Γ ∪ {ϕ} is consistent. Claim If T ∪ Γ ∪ {ϕ} is consistent, then T ∪ C ∪ {¬ϕ} is inconsistent. Proof Suppose that T ∪Γ∪{ϕ} is consistent. Let N be a model. Then N models each existential sentence in C (since these are consequences of ϕ) and N models none of the existential sentences in D (since these are equivalent to the negation of sentences in Γ). Suppose for a contradiction that T ∪ C ∪ {¬ϕ} is also consistent. Let M be a model. Since the only existential sentences that N models are in C, M models every existential sentence that N models. By Theorem 4.41, there exists a structure D into which N can be embedded and M can be elementarily embedded. Since M can be elementarily embedded into D and M |= T , D is a model of T . Since M |= ¬ϕ, D |= ¬ϕ.

176

Properties of ﬁrst-order logic

Since N can be embedded into D, D has a substructure N that is isomorphic to N . Since N models ϕ, so does N . We have N ⊂ D, N |= ϕ, and D |= ¬ϕ. But D and N are both models of T . This contradicts the assumption that ϕ is preserved under extentions of models of T . This contradiction proves the claim. Claim T ∪ Γ ∪ {ϕ} is consistent. Proof Note that Γ is closed under conjunction. If T ∪Γ∪{ϕ} is inconsistent, then T ∪ {ϕ} ¬γ for some γ ∈ Γ (If ϕ is contradictory, then this is the Contradiction rule. Otherwise, this is Corollary 4.36.) By the deﬁnition of Γ, ¬γ is T -equivalent to a sentence ψ in D. Since T ∪ {ϕ} ψ, ψ ∈ C. This contradicts the fact that C and D are disjoint sets of sentences. We conclude that T ∪ Γ ∪ {ϕ} is consistent as claimed. By the two claims, T ∪ C ∪{¬ϕ} is inconsistent. So T ∪ C ϕ. By compactness, T ∪ {ψ1 ∧ ψ2 ∧ · · · ∧ ψn } ϕ for some ψ1 , . . . , ψn in C. Since each ψi is existential, their conjunction is equivalent to an existential sentence Ψ. Since T ∪ {ϕ} ψi for each ψi , T ∪ {ϕ} Ψ. By →-Introduction, we have both T ϕ → Ψ and T Ψ → ϕ. So ϕ is T -equivalent to the existential sentence Ψ. Using Proposition 4.45, we now prove two preservation theorems for formulas. Note that the sentence ϕ in Proposition 4.45 is not necessarily in the same vocabulary as T . Theorem 4.46 Let T be a V-theory. A V-formula ϕ(x1 , . . . , xn ) is preserved under supermodels of T if and only if ϕ(x1 , . . . , xn ) is T -equivalent to an existential formula. Proof If ϕ(x1 , . . . , xn ) is T -equivalent to an existential formula, then it is preserved under extensions by Proposition 2.72. We must prove the other direction of the theorem. Suppose that ϕ(x1 , . . . , xn ) is preserved under supermodels of T . If n = 0, then ϕ is a sentence and we may apply Proposition 4.45. Otherwise, for n ∈ N, let c1 , . . . , cn be constants not contained in V. Let V(C) be the expansion V ∪ {c1 , . . . , cn } of V. Consider the V(C)-sentence ϕ(c1 , . . . , cn ). Since the formula ϕ(x1 , . . . , xn ) is preserved under supermodels of T , so is the sentence ϕ(c1 , . . . , cn ). By Proposition 4.45, ϕ(c1 , . . . , cn ) is T -equivalent to a universal sentence ψ(c1 , . . . , cn ) (This sentence may or may not contain each constant ci ). We have T ϕ(c1 , . . . , cn ) ↔ ψ(c1 , . . . , cn ).

Properties of ﬁrst-order logic

177

Since the constants ci do not occur in T , T ∀x1 . . . ∀xn (ϕ(x1 , . . . , xn ) ↔ ψ(x1 , . . . , xn )) by ∀-Introduction.

Theorem 4.47 Let T be a V-theory. A V-formula ϕ(x1 , . . . , xn ) is preserved under submodels of T if and only if ϕ(x1 , . . . , xn ) is T -equivalent to a universal formula. Proof A formula ϕ is preserved under submodels of T if and only if its negation ¬ϕ is preserved under supermodels of T . If this is the case, then, by Theorem 4.46, ¬ϕ is T -equivalent to an existential sentence. Finally, ¬ϕ is T -equivalent to an existential sentence if and only if ϕ is T -equivalent to a universal sentence. We now turn our attention to quantiﬁer-free formulas. These formulas are preserved under both supermodels and submodels (this follows from Proposition 2.71). Conversely, suppose that a given formula ϕ is preserved under both supermodels and submodels of T . Then, by the previous two theorems, ϕ is T -equivalent to both an existential formula and a universal formula. This does not necessarily mean that ϕ is T -equivalent to a quantiﬁer-free formula as the following example shows. Example 4.48 Let VS be the vocabulary consisting of a single binary relation. Consider the VS -structure ZS = (Z|S). This structure has the set of integers as its underlying set and interprets S as the successor relation. That is, for any integers a and b, ZS |= S(a, b) if and only if b = a + 1. Let T be T h(ZS ). Consider the formula ∃z(S(x, z) ∧ S(z, y)). This formula says that y is the successor of the successor of x. We claim that this existential formula is not only preserved under supermodels of T , but also under submodels of T . To see this, consider the universal formula ∀z1 ∀z2 (S(x, z1 ) ∧ S(z2 , y) → z1 = z2 ). This formula says that there is at most one element between x and y. Since the theory T says that every element has a unique successor and no element is a successor of itself, this formula implies that there is exactly one element between x and y. So ∃z(S(x, z) ∧ S(z, y)) is T -equivalent to this universal formula. We now argue that ∃z(S(x, z) ∧ S(z, y)) is not T -equivalent to a quantiﬁerfree formula. Consider the ordered pairs (0, 2) and (4, 7) in Z2 . Since the only atomic VS -formulas are S(x, y) and x = y, each of these pairs satisfy the same atomic formulas in the structure ZS . It follows that ZS |= ψ(0, 2)

if and only if ZS |= ψ(4, 7)

178

Properties of ﬁrst-order logic

for any quantiﬁer-free VS -formula ψ (by induction on the complexity of ψ). However, ZS |= ∃z(S(0, z) ∧ S(z, 2)) and ZS |= ¬∃z(S(4, z) ∧ S(z, 7)). This shows that the formula ∃z(S(x, z) ∧ S(z, y)), although it is preserved under both submodels and supermodels of T , is not T -equivalent to a quantiﬁer-free formula. The following theorem provides a suﬃcient criterion for a formula to be T -equivalent to a quantiﬁer-free formula (provided T is complete). As the previous example shows, the property of being preserved under both submodels and supermodels of T is not suﬃcient. Theorem 4.49 Let T be a complete V-theory and let ϕ(x1 , . . . , xn ) be a Vformula. The following are equivalent: (i) The formula ϕ(x1 , . . . , xn ) is T -equivalent to a quantiﬁer-free formula. (ii) Let M be a model of T . Let a ¯ and ¯b be n-tuples from the universe of M such ¯ that a ¯ and b satisfy the same atomic V-formulas in M . Then, M |= ϕ(¯ a) if and only if M |= ϕ(¯b). Proof Clearly (i) implies (ii). We must prove the converse. Suppose (ii) holds. We want to show that ϕ(¯ x) is T -equivalent to a quantiﬁer-free formula. Let c¯ = (c1 , . . . , cn ) be a tuple of constants that are not in V. Let V(C) be V ∪ {c1 , . . . , cn }. Let Q be the set of all quantiﬁer-free V(C)-sentences ψ such that T ∪ {ϕ(¯ c)} ψ. Claim T ∪ Q ϕ(¯ c). Proof Suppose not. Then T ∪Q∪{¬ϕ(¯ c)} is consistent. By Theorem 4.27, there is a model M of this set of V(C)-sentences. Let P be the set of all quantiﬁer-free V(C)-sentences that hold in M . Note that P is closed under conjunction and Q ⊂ P. Subclaim T ∪ P ∪ {ϕ(¯ c)} is consistent. Proof Otherwise, by compactness, T ∪ {ϕ(¯ c)} ¬ψ for some ψ ∈ P. By the deﬁnition of Q we have ¬ψ ∈ Q. Since Q ⊂ P, ¬ψ is in P. But ψ is also in P. This contradicts the fact that P has a model M . This contradiction proves the subclaim. c)}. Both M and N By Theorem 4.27, there is a model N of T ∪ P ∪ {ϕ(¯ are V(C)-structures. Let a ¯ = (a1 , . . . , an ) be the n-tuple of elements from the

Properties of ﬁrst-order logic

179

underlying set of M that M interprets as the constants c¯. Let ¯b = (b1 , . . . , bn ) be the n-tuple that N interprets as c¯. Let M and N be the reducts of M and N to the vocabulary V. Since both M and N model the complete theory T , we can apply the Joint Embedding lemma 4.37. There exists a model D of T and elementary embeddings f : M → D and g : N → D. Consider the two n-tuples f (¯ a) = (f (a1 ), . . . , f (an )) and g(¯b) = (g(b1 ), . . . , g(bn )) of elements from the universe of D. Each of these tuples satisfy the same atomic formulas in D, namely those from P. However, D |= ¬ϕ(f (¯ a)) and D |= ϕ(g(¯b)). This contradicts (ii). This contradiction proves the claim. By compactness T ∪ {ψ} ϕ(¯ c) for some ψ ∈ Q (since Q is closed under c) for some conjunction). Moreover, ψ, like every V(C)-sentence, has the form ψ0 (¯ x). We have V-formula ψ0 (¯ c) → ϕ(¯ c) by →-Introduction. T ψ0 (¯ Since ψ ∈ Q, we also have T ϕ(¯ c) → ψ0 (¯ c). And so T ϕ(¯ c) ↔ ψ0 (¯ c) x)) by ∀-Introduction. and T ∀¯ x(ϕ(¯ x) ↔ ψ0 (¯ 4.5.2 Unions of chains. Deﬁnition 4.50 A sequence M0 ⊂ M1 ⊂ M2 ⊂ · · · of V-structures is called a chain. The length of the chain is the least ordinal α such that β < α for each Mβ in the sequence. Proposition 4.51 Let M0 ⊂ M1 ⊂ M2 ⊂ · · · be a chain of V-structures of length α (for some ordinal α). Suppose that, for some β < α, a ¯ is an n-tuple of elements in the universe of Mβ that are not in the universe of Mι for ι < β. For any quantiﬁer-free V-formula ϕ(x1 , . . . , xn ), a) for some γ such that β ≤ γ < α if and only if Mγ |= ϕ(¯ a) for all γ such that β ≤ γ < α. Mγ |= ϕ(¯ Proof This follows immediately from the fact that quantiﬁer-free formulas are preserved under both extensions and substructures (Proposition 2.55). Deﬁnition 4.52 We deﬁne the union of a chain of V-structures M0 ⊂ M1 ⊂ M2 ⊂ · · · . Let α be the length of this chain. The union of the chain is the V-structure M deﬁned as follows. The underlying set of M is β<α Uβ where Uβ is the underlying set of Mβ . Given any atomic V-formula ϕ(x1 , . . . , xn ) and any n-tuple (a1 , . . . , an ) of elements from the universe of M , M |= ϕ(a1 , . . . , an ) if

180

Properties of ﬁrst-order logic

and only if Mβ |= ϕ(a1 , . . . , an ) for all Mβ containing each ai in its universe (by the previous proposition, we can replace “all” with “some”). This describes how M interprets the vocabulary V and completes our deﬁnition of this structure. Example 4.53 Let V< be the vocabulary consisting of a single binary relation <. We deﬁne a chain of V< -structures of length ω. For each ﬁnite ordinal i, let Mi be the V< -structure that has underlying set {−i, −i + 1, −i + 2, −i + 3, . . . , } and interprets < as the usual order. So the underlying set of M0 is {0, 1, 2, . . .}, the underlying set of M1 is {−1, 0, 1, 2, . . .}, the underlying set of M2 is {−2, −1, 0, 1, 2, . . .}, and so forth. This forms a chain of V< -structures. The length of this chain is ω. The union of this chain is the V< -structure M that interprets < as the usual order on the integers (that is, M is the structure Z< from Section 2.4.3). Note that each Mi is necessarily a substructure of the union M . However, the structure M can be quite diﬀerent from the Mi s. In the previous example, each Mi is isomorphic to the structure N< = (N, <), but the union M is not even elementarily equivalent to this structure (this was shown in Section 2.3.4). Deﬁnition 4.54 An elementary chain is a chain of the form M0 ≺ M1 ≺ M2 ≺ · · · Unlike the situation in Example 4.53, if a chain is an elementary chain, then the union of the chain is elementarily equivalent to each structure in the chain. Proposition 4.55 The union of an elementary chain is an elementary extension of each structures in the chain. Proof Let M0 ≺ M1 ≺ M2 ≺ · · · be an elementary chain of length α. Let M be the union of this chain. Given β < α, we apply the Tarski–Vaught criterion (Corollary 4.31) to show that Mβ ≺ M . ¯ be an n-tuple of elements Let ψ(x1 , . . . , xn , y) be an V-formula and let a a, y). It suﬃces to show from the underlying set of Mβ . Suppose that M |= ∃yψ(¯ a, y). By the semantics of ∃, M |= ψ(¯ a, b) for some b in the that Mβ |= ∃yψ(¯ universe of M . By the deﬁnition of M , b must be in the universe of Mγ for some a, y). Since the chain is elementary, Mβ |= ∃yψ(¯ a, y) as γ < α. So, Mγ |= ∃yψ(¯ was required to show. Deﬁnition 4.56 A formula ϕ(x1 , . . . , xn ) is said to be preserved under unions of ¯ of elements chains if for any chain M0 ⊂ M1 ⊂ M2 ⊂ · · · and any n-tuple a a), then so does the union M of from the universe of M0 , if each Mi models ϕ(¯ this chain. a) If M0 ≺ M1 ≺ M2 ≺ · · · is an elementary chain, then each Mi models ϕ(¯ if and only if the union M models ϕ(¯ a) for any n-tuple of elements from the

Properties of ﬁrst-order logic

181

universe of M0 . For the formula ϕ(¯ x) to be preserved under unions of chains, this must be true for arbitrary chains. We want to determine which formulas have this property. Clearly, by the deﬁnition of the union of a chain, every atomic formula is preserved under unions of chains. Moreover, every existential formula is preserved under unions of chains since they are preserved under extensions (Proposition 2.72). Example 4.53 demonstrates that not all formulas are preserved under unions of chains. In that example, each Mi in the chain models the sentence ∃x∀y¬(y < x), but the union M does not. Deﬁnition 4.57 A formula is said to be ∀2 if it has the form ∀x1 · · · ∀xn ∃y1 · · · ∃ym ϕ for some quantiﬁer-free formula ϕ. More generally, we can deﬁne a hierarchy for all formulas in prenex normal form. A formula is ∀1 if it is universal and ∃1 if it is an existential formula. For each n ∈ N, we deﬁne the ∀n+1 formulas inductively. A formula is ∀n+1 if it has the form ∀x1 · · · ∀xm ϕ for some ∃n formula ϕ. Likewise, a formula is ∃n+1 if it has the form ∃x1 · · · ∃xm ϕ for some ∀n formula ϕ. Example 4.58 Let ϕ(¯ x) be a quantiﬁer-free formula. ∃x1 ∀x2 ∃x3 ∀x4 ∃x5 ∀x6 ∃x7 ∀x8 ϕ(¯ x) is a ∃8 formula, and x) is a ∀3 formula. ∀x1 ∀x2 ∃x3 ∃x4 ∃x5 ∀x6 ∀x7 ∀x8 ϕ(¯ Note that for m < n, a ∃m formula is equivalent to both a ∀n formula and a ∃n formula. The ∀2 formulas were singled out in the previous deﬁnition because these are the formulas of immediate interest. The following proposition shows that these formulas are preserved under unions of chains. As demonstrated by the sentence ∃x∀y¬(y < x), the same cannot be said of ∃2 sentences nor for ∀n formulas for n > 2. Proposition 4.59 ∀2 formulas are preserved under unions of chains. Proof Let ϕ(x1 , . . . , xn ) be a ∀2 formula. Let M0 ⊂ M1 ⊂ M2 ⊂ · · · be a chain and let M be the union of this chain. Let a ¯ be an n-tuple of elements from the a). We must show that M |= ϕ(¯ a). universe of M0 . Suppose that each Mi |= ϕ(¯ x) has the form ∀z1 · · · ∀zl ∃y1 · · · ∃ym ϕ0 (¯ x, y¯, z¯) Since it is a ∀2 formula, ϕ(¯ where ϕ0 is quantiﬁer-free. Let c¯ = (c1 , . . . , cl ) be an arbitrary l-tuple of elements from the universe UM of M . Each of these elements is contained in the universe a) holds in Mβ , Mβ |= ϕ0 (¯ a, ¯b, c¯) for of some structure Mβ in the chain. Since ϕ(¯ ¯ some m-tuple b of elements from its universe. Since quantiﬁer-free formulas are preserved under extensions, a, ¯b, c¯). M |= ϕ0 (¯ By the semantics of ∃, M |= ∃y1 · · · ∃ym ϕ0 (¯ a, y¯, c¯).

182

Properties of ﬁrst-order logic

Since c¯ is arbitrary, a, y¯, z¯) M |= ∀z1 · · · ∀zl ∃y1 · · · ∃ym ϕ0 (¯ by the semantics of ∀. Thus, we have shown that M |= ϕ(¯ a). Let T be a theory. Let M0 ⊂ M1 ⊂ M2 ⊂ · · · be a chain of models of T . If a formula is T -equivalent to a ∀2 formula, then, by Proposition 4.59, it is preserved under the union of this chain. We next prove that the converse of this also holds. If a formula is preserved under unions of chains of models of T , then that formula must be T -equivalent to a ∀2 formula. The following proposition shows that this is true for sentences. As with Proposition 4.45, this is only interesting for sentences that are not in T . Proposition 4.60 Let T be a theory. If a sentence is preserved under unions of chains of models of T , then it is T -equivalent to a ∀2 sentence. Proof Suppose that the sentence ϕ is preserved under unions of chains of models of T . Let C be the set of all ∀2 sentences ψ such that T ∪ {ϕ} ψ. Claim T ∪ C ϕ. Proof Suppose not. Then T ∪ C ∪ {¬ϕ} has a model M0 . We aim to construct a chain M0 ⊂ N1 ⊂ M1 ⊂ N2 ⊂ M2 ⊂ · · · such that, for each i ∈ N • Mi−1 ≺ Mi , and • each Ni models T ∪ {ϕ}. The existence of such a chain suﬃces to prove the claim. To see this, suppose that we have successfully constructed this chain and let M be the union. Then, by the deﬁnition of the union of a chain, M is also the union of both the chain M0 ⊂ M1 ⊂ M2 ⊂ · · · and the chain N1 ⊂ N2 ⊂ N3 ⊂ · · · . Since the former chain is an elementary chain and M0 models ¬ϕ, the union M models ¬ϕ by Proposition 4.55. Since each Ni models ϕ and ϕ is preserved under unions of chains of models of T , M models ϕ. This is a contradiction and this contradiction proves the claim. So we must describe how to construct a chain M0 ⊂ N1 ⊂ M1 ⊂ N2 ⊂ · · · possessing the above properties. We have already deﬁned M0 . Suppose that, for some i ∈ N we have deﬁned Mi−1 so that M0 ≺ Mi−1 . Then Mi−1 |= T ∪ {¬ϕ}. We must show that there exists an extension Ni of Mi−1 that models T ∪{ϕ}. Let ED∀ (Mi−1 ) be the set of all universal sentences in prenex normal form that are in ED(Mi−1 ). Subclaim ED∀ (Mi−1 ) ∪ T ∪ {ϕ} is consistent.

Properties of ﬁrst-order logic

183

Contrarily, suppose that this set is inconsistent. Note that, for any ϕ1 and ϕ2 in ED∀ (Mi−1 ), there exists a sentence ϕ in ED∀ (Mi−1 ) that is equivalent to ϕ1 ∧ ϕ2 . So although ED∀ (Mi−1 ) is not closed under conjunction, the conclusion of Corollary 4.36 holds. If ED∀ (Mi−1 ) ∪ T ∪ {ϕ} is not consistent, then T ∪ {ϕ} ¬θ for some sentence θ ∈ D(Mi−1 ). As a sentence in ED∀ (Mi−1 ), the sentence θ has the form ∀x1 . . . ∀xn ψ(x1 , . . . , xn , c1 , . . . , cm ) for some quantiﬁerfree V formula ψ(x1 , . . . , xn , y1 , . . . , ym ) and constants ci not in V. Since T ∪ {ϕ} ¬∀x1 . . . ∀xn ψ(x1 , . . . , xn , c1 , . . . , cm ), we have T ∪ {ϕ} ∃x1 . . . ∃xn ¬ψ(x1 , . . . , xn , c1 , . . . , cm ), and T ∪{ϕ} ∀y1 . . . ∀ym ∃1 . . . ∃xn ¬ψ(x1 , . . . , xn , y1 , . . . , ym ) by ∀-Introduction. Since ∀¯ y ∃¯ x¬ψ(¯ x, y¯) is a ∀2 sentence, it is in C. Since M0 |= C and M0 ≺ y ∃¯ x¬ψ(¯ x, y¯). This contracts the assumption that ∀¯ xψ(¯ x, c¯) ∈ Mi−1 , Mi−1 |= ∀¯ D(Mi−1 ). This contradiction veriﬁes the subclaim. By Theorem 4.27, ED∀ (Mi−1 ) ∪ T ∪ {ϕ} has a model Ni . Since D(Mi−1 ) ⊂ ED∀ (Mi−1 ), we may assume that Ni is an extension of Mi−1 by Proposition 2.79. Next, we must show there exists an extension Mi of Ni that is an elementary extension of Mi−1 . We apply Lemma 4.40 to the structures Mi−1 and Ni . Since Ni |= ED∀ (Mi−1 ), Ni models every universal sentence that Mi−1 models. It follows that Mi−1 models every existential sentence that Ni models. By Lemma 4.40, there exists a structure Mi such that N can be embedded into Mi and Mi−1 can be elementarily embedded into Mi . By Proposition 2.79, we may assume that Mi is an extension of both Ni and Mi−1 . Thus we construct the chain M0 ⊂ N1 ⊂ M1 ⊂ · · · As we have shown, this construction proves the claim. By compactness, it follows from the claim that T ϕ ↔ ψ for some sentence ψ in C. This proves the proposition. Theorem 4.61 Let T be a V-theory. A V-formula is T -equivalent to a ∀2 formula if and only if it is preserved under unions of chains of models of T . Proof This theorem follows from Proposition 4.60 in the same manner that Theorem 4.46 follows from Proposition 4.45. We leave the proof as Exercise 4.24. Corollary 4.62 The formulas that are preserved under unions of chains are precisely those formulas that are equivalent to a ∀2 formula. Proof Take T to be empty in Theorem 4.61.

4.6 Amalgamation of vocabularies In Section 4.4, we discussed various ways to amalgamate many structures into one. In each case, the given structures had the same vocabularies. For example,

184

Properties of ﬁrst-order logic

the Joint Embedding lemma 4.37 states that any two models M and N of a complete V-theory T can be elementarily embedded into a single model of T . Here it is understood that M and N have the same vocabulary as T . In this section, we show that this remains true even if M is a V1 -structure and N is a V2 -structure where V1 and V2 are diﬀerent expansions of V. The primary result of this section is Robinson’s Joint Consistency lemma. From this lemma, we are able to deduce results that are analogous to the amalgamation theorems of Section 4.4. We are also able to deduce the Craig Interpolation theorem and the Beth Deﬁnability theorem for ﬁrst-order logic. Lemma 4.63 (Robinson’s Joint Consistency) Let T1 be a V1 -theory and let T2 be a V2 -theory. Let V∩ = V1 ∩ V2 and let V∪ = V1 ∪ V2 . If T1 ∩ T2 is a complete V∩ -theory, then T1 ∪ T2 is a V∪ -theory. Proof We show that there exists a V∩ -structure D that has expansions D1 |= T1 and D2 |= T2 . If such a D exists, then we can deﬁne D∪ to be the V∪ -structure having the same underlying set as D that interprets V1 in the same manner as D1 and V2 in the same manner as D2 . Since D∪ is a model of both T1 and T2 , we can conclude that T1 ∪ T2 is a theory as the lemma states. To prove the existence of D, we construct elementary chains M0 ≺ M1 ≺ M2 ≺ M3 ≺ · · · of models of T1 and N0 ≺ N1 ≺ N2 ≺ N3 ≺ · · · of models of T2 . ˜i denote the reducts of Mi and Ni to the vocabulary V∩ . Since T∩ ˜ i and N Let M ˜i ≡ N ˜j for any i and j. We want to construct the two is a complete theory, M ˜i and N ˜i elementarily ˜ chains in such a way that Mi elementarily embeds into N ˜ embeds into Mi+1 for each i. We diagram the desired situation as follows: M0 ↓ N0

≺ M1 ↓ ≺ N1

≺ M2 ↓ ≺ N2

≺ M3 ↓ ≺ N3

≺ ··· ≺ ··· .

The arrows in this diagram represent embeddings that are elementary with ˜i → N ˜i denote the embeddings represpect to the vocabulary V∩ . Let fi : M ˜i → M ˜ i+1 denote the embeddings resented by ↓ in the diagram, and let gi : N represented by . We want to deﬁne these embeddings in such a way that gi (fi (a)) = a for any a in the underlying set of Mi and fi+1 (gi (b)) = b for any b in the underlying set of Ni . Before constructing these chains, we show how their existence proves the lemma. Suppose that we have successfully deﬁned two chains as described in the previous paragraph. Our goal is to ﬁnd a V∩ -structure D that has two expansions that model each of T1 and T2 . Let M be the union of the chain M0 ≺ M1 ≺ M2 ≺ · · · and let D be the reduct of M to a V∩ -theory (so D is ˜ i s). By Proposition 4.55, the expansion M of D the union of the chain of M

Properties of ﬁrst-order logic

185

models T1 . To complete the proof of the lemma, we must deﬁne an expansion of D that models T2 . Let N be the union of the chain N0 ≺ N1 ≺ · · · . Then N |= T2 by Pro˜ be the reduct of N to a V∩ -theory. We claim that D and position 4.55. Let N ˜ ˜ be deﬁned by f (a) = b if and N are isomorphic V∩ -structures. Let f : D → N only if fi (a) = b for some i. Note that fi (a) = b implies fj (a) = b for all j > i (since gi (fi (a)) = a and fi+1 (gi (b)) = b). So f is a well deﬁned function. Since each fi is elementary, so is f . Moreover, f is also one-to-one and onto. So f is an isomorphism as claimed. Let D2 be the expansion of D to a V2 -structure deﬁned as follows. For any V2 -formula ϕ(x1 , . . . , xn ), D2 |= ϕ(a1 , . . . , an )

if and only if N |= ϕ(f (a1 ), . . . , f (an ))

for any n-tuple (a1 , . . . , an ) of elements from the underlying set of D. Since N models T2 , so does D2 . So given two chains as described above, we can deﬁne the V∩ -structure D having expansions M |= T1 and D2 |= T2 as was required to prove the lemma. It remains to be shown that the two desired chains can be constructed. We carry out this construction by repeatedly applying Claim 2 below. As a stepping-stone toward Claim 2, we prove the following: Claim 1 For any M |= T1 and N |= T2 there exists an elementary extension ˜ can be elementarily embedded into N ˜ + where the tildes N + of N such that M denote the reduct to the vocabulary V∩ . ˜ ) ∪ ED(N ) is consistent. We assume that the Proof We show that the set ED(M ˜ ) and ED(N ) are those constants in V∩ . only constants occuring in both ED(M ˜ If ED(M ) ∪ ED(N ) is not consistent, then, by compactness, ED(N ) ¬θ for ˜ ). As a sentence in ED(M ˜ ), θ has the form ϕ(¯ some θ ∈ ED(M a) for some V∩ formula ϕ(¯ x) and n-tuple a ¯ of constants not in ED(N ). If, ED(N ) ¬ϕ(¯ a), then ED(N ) ∀¯ x¬ϕ(¯ x) by ∀-Introduction. Since the theory T2 contains the complete x¬ϕ(¯ x) must be in T . This contradicts the facts V∩ -theory T , the V∩ -sentence ∀¯ ˜ |= T and ϕ(¯ ˜ ). This contradiction proves the claim. that M a) ∈ ED(M Now suppose that we are given M |= T1 and N |= T2 and an elementary ˜ →M ˜ . By Claim 1, there exist elementary extension N + of N embedding g : N ˜ →N ˜ + . Moreover, we claim that we can ﬁnd and elementary embedding f : M + such N and f so that f (g(a)) = a for any a in the underlying set of N . ˜ → M ˜ is an elementary Claim 2 Suppose that M |= T1 , N |= T2 and g : N embedding (where the tildes again denote the reduct to the vocabulary V∩ ). ˜ → There exist elementary extension N + of N and elementary embedding f : M + ˜ N such that f (g(a)) = a for any a in the underlying set of N . Proof Let C = {ca |a ∈ UN } be a set consisting of constants for each element a in the underlying set UN of N . For any vocabulary V, let V(C) denote the expansion

186

Properties of ﬁrst-order logic

V ∪C. Let N (C) be the expansion of N to a V1 (C)-structure that interprets each ˜ (C) be the expansion of M ˜ to a V∩ (C)-structure that ca as the element a. Let M ˜ →M ˜ is elementary, N (C) |= interprets each ca as the element g(a). Since g : N ˜ ϕ(¯ c) if and only if M (C) |= ϕ(¯ c) for any V∩ -formula ϕ(x1 , . . . , xn ) and n-tuple ˜ (C) are models of the same c¯ of constants from C. It follows that N (C) and M complete V∩ (C)-theory. By Claim 1, there exist elementary extension N + (C) of ˜ (C) → N ˜ + (C). Since embeddings must N (C) and elementary embedding f : M preserve constants, f (g(a)) = a for each a ∈ UN . Let N + be the reduct of N + (C) to a V2 -structure. Since T1 and T2 are theories, they have models. To begin the construction of the chains, we can use any models M0 of T1 and N−1 of T2 . By Claim 1, there ˜0 → N ˜0 . exist elementary extension N0 of N−1 and elementary embedding f0 : M Having successfully deﬁned M0 , N0 , and f0 , we proceed to deﬁne the rest of the two chains inductively. Suppose that, for some i, we have deﬁned Mi |= T1 , Ni |= T2 and elementary ˜i → N ˜i . By claim 2, there exist elementary extension Mi+1 of embedding fi : M ˜i → M ˜ i+1 such that gi (fi (a)) = a for each a Mi and elementary embedding gi : N in the underlying set of Mi . (Here we have applied Claim 2 with Mi playing the role of N and Ni playing the role of M .) Applying Claim 2 yet again, there exist ˜ i+1 → N ˜i+1 elementary extension Ni+1 of Ni and elementary embedding fi+1 : M such that fi+1 (gi (b)) = b for any b in the underlying set of Ni . (Here Ni plays the role of N and Mi+1 plays the role of M .) Repeating this process produces the two desired chains. The following generalization of the Joint Embedding lemma is an immediate consequence of Robinson’s Joint Consistency lemma. Corollary 4.64 Let M be a V1 -structure and N be a V2 -structure such that M and N are elementarily equivalent as (V1 ∩ V2 )-structures. There exists a (V1 ∪ V2 )-structure D such that M can be V1 -elementarily embedded into D and N can be V2 -elementarily embedded into D. Proof Let T1 be ED(M ) and T2 be ED(N ). By Robinson’s Joint Consistency lemma, there exists a model D of T1 ∪ T2 . Note that if V1 = V2 , then the previous corollary is identical to the Joint Embedding lemma. Likewise, we can generalize the Elementary Amalgamation Over Structures theorem 4.38. We leave this as Exercise 4.34. We now turn our attention to the theorems of Craig and Beth. Theorem 4.65 (Craig Interpolation) Let ϕ be a V1 sentence and ψ be a V2 -sentence. If |= ϕ → ψ, then there exists a sentence θ that is both a V1 -sentence and a V2 -sentence such that |= ϕ → θ and |= θ → ψ.

Properties of ﬁrst-order logic

187

Proof Let V∩ = V1 ∩ V2 . Let C be the set of all V∩ consequences of ϕ. That is C is the set of all V∩ -sentences θ such that |= ϕ → θ. We want to show that ψ is a consequence of C. Suppose for a contradiction that M is a V1 ∪ V2 -structure that models both C and ¬ψ. Let T be the V∩ -theory of M . Claim T ∪ {ϕ} is consistent. Proof Otherwise, T ¬ϕ. Since T is closed under conjunctions, {θ} ¬ϕ for some θ ∈ T (by compactness). So the contrapositive {ϕ} ¬θ also holds (by Example 1.34). So ¬θ is a consequence of ϕ and so ¬θ ∈ C. Since C ⊂ T , we have both θ and ¬θ in T . Since M is a model of T , this is a contradiction. The consistency of T ∪ {ϕ} leads to another contradiction. Let T1 = T ∪ {ϕ} and T2 = T ∪ {¬ψ}. If both T1 and T2 are consistent, then so is T1 ∪ T2 by Robinson’s Joint Consistency lemma. But since |= ϕ → ψ, T1 ∪ T2 cannot be consistent. The assumption that C ∪ {¬ψ} is satisﬁable must be incorrect. It follows that C ψ. Since C is closed under conjunctions, {θ} ψ for some θ ∈ C. It follows that |= θ → ψ as was required. In order to state the Beth Deﬁnability theorem concisely, we introduce some terminology. We distinguish between two ostensibly diﬀerent notions of deﬁnability. Beth’s Deﬁnability theorem states that, for ﬁrst-order logic, these two notions are the same. Deﬁnition 4.66 Let T be a V-theory and let R be an n-ary relation in V. For any V ⊂ V, we say that R is explicitly deﬁned by T in terms of V if there exists a V -formula ϕ(x1 , . . . , xn ) such that T ϕ(x1 , . . . , xn ) ↔ R(x1 , . . . , xn ). Example 4.67 Let V = {≤, +, ·, 0, 1} and let V = {+, ·, 0, 1}. Let Ror = (R| ≤, +, ·, 0, 1) be the structure that interprets V in the usual way on the real numbers. Let T = T h(Ror ). Then the binary relation ≤ is explicitly deﬁned by T in terms of V . To see this, let ϕ(x, y) be the V -formula ∃z(x+(z ·z) = y). Since (z ·z) ≥ 0 for any real number z, T ϕ(x, y) ↔ x ≤ y. Deﬁnition 4.68 Let T be a V-theory and let R be an n-ary relation in V. For any V ⊂ V, we say that R is implicitly deﬁned by T in terms of V if the following holds. Given any V -structure M and two expansions N1 and N2 of M to V-structures that model T , a) if and only if N2 |= R(¯ a) N1 |= R(¯ for any n-tuple a ¯ of elements from the underlying set of M .

188

Properties of ﬁrst-order logic

If R is explicitly deﬁned by T in terms of V, then it is implicitly deﬁned as well. So the binary relation ≤ from Example 4.67 is implicitly deﬁned by T in terms of V . We now give a nonexample. Example 4.69 Let M be the structure (Z|B) that interprets the binary relation B as a symmetric successor relation. By this we mean that M |= B(a, b) if and only if a = b + 1 or b = a + 1. Let N1 = (Z|B, <) be the expansion of M that interprets < as the usual order on the integers. Let N2 be the expansion of M that interprets < backwards. That is, N2 |= a < b if and only if the integer a is greater than b. Let T = T h(N1 ). Since N1 and N2 are distinct expansions of M that model T , the relation < is not implicitly deﬁned by T in terms of {B}. If we replace the relation B with the successor relation S from Example 4.48, then the same conclusion holds. The relation < is not implicitly deﬁned by T h(Z|S, <) in terms of {S}. We leave the veriﬁcation of this as Exercise 4.37. Proposition 4.70 A relation R is implicitly deﬁned by T in terms of V if and only if for any V-structure M , there is at most one expansion N of M to a V ∪ {R}-structure such that T h(N ) ⊂ T . Proof Exercise 4.29. Example 4.71 Let TQ be the theory of the rational numbers in the vocabulary Var = {0, 1, +, ·}. Let V = Var ∪ {R} where R is a ternary relation. Let T be the theory TQ ∪ {ϕ} for some V-sentence ϕ. If ϕ has the form ∀x∀y∀z(ψ(x, y, z) ↔ R(x, y, z)) for some Var -formula ψ(x, y, z), then, by deﬁnition, R is explicitly deﬁned by T over Var . In this case, there is exactly one way to expand a given model of TQ to a model of T . Conversely, suppose there is exactly one way to expand any given model of TQ to a model of T . Then, by Proposition 4.70, R is implicitly deﬁned by T over Var . In this case, ϕ may not have the form ∀x∀y∀z(ψ(x, y, z) ↔ R(x, y, z)). For example, suppose that ϕ is the V-sentence ∀x∀y∀z∃u∃v∃w(u · v = 1 ∧ (R(x, y, z) ∨ (x + x + y = z + v + u) ∧(w + y = 0 ∧ (R(x, y, z) → x + x = z + w). There is exactly one way to expand a model of TQ to a model of this sentence. So this sentence implicitly deﬁnes the ternary relation R. Beth’s Deﬁnability theorem states that R is deﬁned implicitly if and only if it is deﬁned explicitly. This means that the above sentence ϕ must be TQ equivalent to a sentence of the form ∀x∀y∀z(ψ(x, y, z) ↔ R(x, y, z)). Indeed, we can take ψ(x, y, z) to be 2x + y = z. We leave the veriﬁcation of this to the reader.

Properties of ﬁrst-order logic

189

Theorem 4.72 (Beth Deﬁnability) A relation is implicitly deﬁned by a theory T in terms of V if and only if it is explicitly deﬁned by T in terms of V. Proof Only one direction of this theorem requires proof. Suppose R is an n-ary relation that is implicitly deﬁned by T in terms of V. If T ∪ {∃¯ xR(¯ x)} is not consistent, then R is explicitly deﬁned by the formula ¬(x = x). So suppose that this is not the case. Let D be the set of all V-formulas ψ having free variables among x1 , . . . , xn such that T R(x1 , . . . , xn ) → ψ. Let V(C) = V ∪ {c1 , . . . , cn }, where c1 , . . . , cn are constants that do not occur in V. Let D(¯ c) be the set of V(C)-sentences obtained by replacing each occurrence of xi in D with the constant ci (for i = 1, . . . , n). Claim T ∪ D(¯ c) R(¯ c). Proof Otherwise, T ∪ D(¯ c) ∪ {¬R(¯ c)} has a model M . c) is consistent. Let T0 be the V(C)-theory of M . We claim that T0 ∪ R(¯ c) ∈ D(C). This Otherwise, {R(¯ c)} ¬ψ(¯ c) for some ψ(¯ c) ∈ T0 . But then ¬ψ(¯ contradicts the facts that D(C) ⊂ T0 and T0 is consistent. c) and let T2 = T ∪ D(¯ c) ∪ {¬S(¯ c)} where S is an n-ary Let T1 = T0 ∪ R(¯ c)} is consistent (M is a relation that does not occur in V ∪ {R}. Since T0 ∪ {¬R(¯ model), so is T2 . By Robinson’s Joint Consistency lemma, T1 ∪ T2 is consistent. Let N be a model of T1 ∪ T2 . So N is a structure in the vocabulary V ∪ {R, S, c1 , . . . , cn }. Let N0 be the reduct of N to a V-structure. Let N1 be the expansion of N0 to a V ∪ {R}-structure that interprets R in the same manner as N . Let N2 be the expansion of N0 to a V ∪ {R}-structure that interprets R as N interprets the relation S. Let a ¯ be the n-tuple from the underlying set of N0 that N interprets as the a) and N2 |= ¬R(¯ a). This contradicts the assumption constants c¯. Then N1 |= R(¯ that R is implicitly deﬁned by T ⊂ T0 in terms of V. This contradiction proves the claim. Since T ∪ D(¯ c) R(¯ c), T ϕ(¯ c) → R(¯ c) for some V-formula ϕ(¯ x) ∈ D. Since ϕ(¯ x) ∈ D, we have T (ϕ(¯ x) ↔ R(¯ x)), and so R is explicitly deﬁned by T by the V-formula ϕ.

4.7 The expressive power of ﬁrst-order logic First-order logic, as any logic, is a language equipped with rules for deducing the truth of one sentence from that of another. These rules may be formulated as

190

Properties of ﬁrst-order logic

systems of deduction such as resolution and formal proofs discussed in Chapter 3. In this chapter, we have shown that the rules of deduction for ﬁrst-order logic entail many nice properties. These properties give rise to the model theory of the next two chapters. Because of these desirable properties, the language of ﬁrst-order logic is necessarily weak. In particular, the Compactness theorem and Downward L¨ owenheim–Skolem theorem impose limitations on the expressive power of ﬁrst-order logic. We claim that every property of ﬁrst-order logic discussed in this chapter is a consequence of the Compactness theorem and the Downward L¨owenheim–Skolem theorem. The completeness of ﬁrst-order logic can be deduced from compactness in the same manner that this is done in Theorem 1.80 for propositional logic. The theorems of Section 4.4 stating that inﬁnite structures M and N can be amalgamated in some manner into structure D are direct consequences of compactness. The Downward L¨ owenheim–Skolem theorem guarantees that there exists such D having the same size as M or N . Inspecting the proofs, we see that Robinson’s Joint Consistency lemma, the Beth Deﬁnability theorem, and the preservation theorems are consequences of compactness. By compactness, there cannot exist a sentence of ﬁrst-order logic that holds for inﬁnite structures and only for inﬁnite structures. By the Downward L¨owenheim–Skolem Theorem, there cannot exist a sentence of ﬁrst-order logic that holds for uncountable structures and only uncountable structures. Because of these restrictions, there are basic concepts that ﬁrst-order logic is incapable of expressing. Example 4.73 In ﬁrst-order logic, we cannot say that two deﬁnable subsets have the same size. To be precise, let V be a vocabulary that includes unary relations P and Q. For any V-structure M having underlying set U , let P (M ) = {a ∈ U |M |= P (a)} and let Q(M ) = {a ∈ U |M |= Q(a)}. There is no set of V-sentences that says P (M ) and Q(M ) have the same size. In contrast, we can easily write sentences that say P (M ) and Q(M ) both have size n for any particular n. We can easily deﬁne a set of sentences that say P (M ) and Q(M ) are both inﬁnite. Note that V may contain symbols other than P and Q. For example, V may contain a unary function f . If this is the case, then we can write a V-sentence ϕf that says f is a one-to-one correspondence between P (M ) and Q(M ). The existence of such a bijection is precisely what it means for P (M ) and Q(M ) to have the “same size.” So if M |= ϕf , then |P (M )| = |Q(M )|. But the converse of this is not true. There exists N |= ¬ϕf such that |P (N )| = |Q(N )|. Likewise, there is no V-sentence (nor set of V-sentences) that holds if and only if P and Q deﬁne subsets of equal size.

Properties of ﬁrst-order logic

191

To verify this, let Γ be a set of V-sentences. Suppose that |P (M )| = |Q(M )| for any model M of Γ. We show that |P (N )| = |Q(N )| for some V-structure N which does not model Γ. Let N0 be any V-structure such that P (N0 ) is uncountable and Q(N0 ) is denumerable. Then N1 |= ¬γ for some γ ∈ Γ. Let X be a subset of the universe U of N1 such that both X ∩ P (N1 ) and X ∩ Q(N1 ) are denumerable. By the Downward L¨ owenheim–Skolem Theorem, there exists a countable elementary substructure N of N1 that contains X in its universe. Since N ≺ N1 , we have N |= ¬γ. So N is a V-structure that does not model Γ for which |P (N )| = |Q(N )| = ℵ0 . Example 4.74 Let G be a graph. Recall that a path in G from vertex a to vertex b is a sequence of adjacent vertices beginning with a and ending with b. The length of the path is one less than the number of vertices in the sequence (that is, the number of edges in the path). By Exercise 2.13, there exist formulas dn (x, y) expressing the existence of a path between vertices x and y of length n. In contrast, we claim that the concept of a path cannot be expressed in ﬁrst-order logic. Whereas we can say there is a path of some speciﬁed length, we cannot say there is a path of arbitrary length. Suppose to the contrary that we have a formula φ(x, y) that holds of any vertices x and y in any graph G if and only if there exists a path from x to y in G. Consider the following set of sentences in a vocabulary containing R and constants a and b: ∀x∀yφ(x, y), ¬d1 (a, b), ¬d2 (a, b), ¬d3 (a, b), . . . The ﬁrst sentence says that there is a path between any two vertices. This sentence holds in a graph if and only if the graph is connected. Since the other sentences assert that there is no path between a and b, this set of sentences is contradictory. However, any ﬁnite subset of these sentences is satisﬁable. This contradicts the Compactness theorem. We conclude that the formula φ(x, y) cannot exist. So there is no ﬁrst-order formula that deﬁnes the concept of a path. Likewise, there is no ﬁrst-order sentence that holds in a graph if and only if it is connected. Another basic graph-theoretic property is k-colorability. A graph is said to be k-colorable if the vertices of the graph can be colored with k colors in such a way that no two vertices of the same color share an edge. There does not exist a ﬁrst-order sentence ϕk such that G |= ϕk if and only if G is a k-colorable graph. First-order logic cannot even say that there exists an even number of vertices in a ﬁnite graph. This is a consequence of the 0–1 law for ﬁrst-order logic that is a subject of Section 5.4 of the next chapter. This ﬁrst-order impotence is by no means limited to graph theory. We list some of the many fundamental concepts from various areas of mathematics that ﬁrst-order logic is incapable of expressing.

192

Properties of ﬁrst-order logic

• Linear orders: there is no ﬁrst-order sentence that holds for well ordered sets and only well ordered sets. • Group theory: there is no ﬁrst-order sentence that holds for simple groups and only simple groups. • Ring theory: there is no ﬁrst-order sentence that holds for Noetherian rings and only Noetherian rings. • Metric spaces: there is no ﬁrst-order sentence that holds for complete metric spaces and only complete metric spaces. In particular, the notion of a Cauchy sequence cannot be deﬁned To express these and other concepts, we must extend the logic. In Chapter 9, we consider extensions of ﬁrst-order logic such as inﬁnitary logics and second-order logic. Inﬁnitary logics permit as formulas inﬁnite conjunctions and disjunctions of ﬁrst-order formulas. For example, consider the disjunction 4.74. This is a i∈N di (x, y) of the ﬁrst-order formulas di (x, y) from Example formula of the inﬁnitary logic Lω1 ω as is the sentence ∀x∀y i∈N di (x, y). This sentence holds in a graph if and only if it is connected. Now suppose that we want to say that two deﬁnable subsets have the same size as in Example 4.73. Second-order logic can express this. This logic allows quantiﬁcation over subsets of the universe. Second-order logic is extremely powerful and can express each of the properties mentioned above. Extending ﬁrst-order logic comes at an expense. Since it can express the concept of a path, Lω1 ω must not have compactness. Likewise, since secondorder logic can say that two deﬁnable sets have the same size, the Downward L¨ owenheim–Skolem theorem must fail for this logic. Moreover, both compactness and completeness fail for second-order logic. Unlike ﬁrst-order logic, we cannot list a set of rules from which we can deduce all truths of second-order logic. In this sense, the expressive power of second-order logic is too great. The Compactness theorem and the Downward L¨owenheim–Skolem theorem make ﬁrst-order logic the primary language of model theory. Model theory considers the relationship between a set of sentences T and the set of structures Mod(T ) that model T . Just as ﬁrst-order logic can describe any ﬁnite structure up to isomorphism (by Proposition 2.81), inﬁnitary logics and second-order logic can describe any countable structure up to isomorphism. This makes for an uninteresting model theory. If T is the second-order theory of a countable structure M , then M is the only structure in Mod(T ). Moreover, by the failure of completeness, we have no way to determine which sentences are in T . Although there are basic concepts that cannot be deﬁned in ﬁrst-order logic, there are many concepts that can be deﬁned. Moreover, we claim that those

Properties of ﬁrst-order logic

193

properties that are ﬁrst-order deﬁnable form a natural class of mathematical objects. The language of ﬁrst-order logic, containing ∃, ∀, ∧, and ¬ is a natural mathematical language to consider. First-order theories, which are the topic of the next two chapters, are natural objects of study. Since the Compactness and Downward L¨ owenheim–Skolem theorems are central to model theory, we should consider the most powerful logic possessing these properties. By Lindstr¨ om’s theorem, which we shall prove in Section 9.4, ﬁrst-order logic is this logic. This theorem states that any extension of ﬁrst-order logic for which both the Compactness and Downward L¨ owenheim–Skolem theorems hold must be equivalent to ﬁrst-order logic itself. So in some precise sense, ﬁrst-order logic is the most powerful logic that possesses the properties discussed in this chapter.

Exercises 4.1.

Let T be an incomplete countable theory. For each of the following, either prove the statement or provide a counter example. (a) If T has an uncountable model, then T has a countable model. (b) If T has arbitrarily large ﬁnite models, then T has a denumerable model. (c)

If T has ﬁnite models and a denumerable model, then T has arbitrarily large ﬁnite models.

4.2.

Let T be an incomplete theory in an uncountable vocabulary. Repeat (a) and (b) from Exercise 4.1.

4.3.

Let T1 be a complete V1 -theory and let T2 be a complete V2 -theory. Show that T1 ∪ T2 is consistent if and only if ϕ1 ∧ ϕ2 is satisﬁable for every ϕ1 ∈ T1 and ϕ2 ∈ T2 .

4.4.

Let ϕ be a ﬁrst-order sentence that is not contained in any complete theory. Show that {ϕ} ¬ϕ.

4.5.

Let ϕ(x) be a quantiﬁer-free V-formula. Let C = {c1 , c2 , c3 , . . .} be a denumerable set of constants that do not occur in V. Let V(C) = V ∪ C. Show that the sentence ∃xϕ(x) is a tautology if and only if the sentence ϕ(t1 ) ∨ ϕ(t2 ) ∨ · · · ∨ ϕ(tn ) is a tautology for some n ∈ N and V(C)-terms t1 , . . . , t n .

4.6.

Let V be a vocabulary containing denumerably many constants {c1 , c2 , c3 , . . .}. Let T be a V-theory having the following two properties. • If T |= ∃xθ(x), then T |= θ(ci ) for some i ∈ N. • T |= ci = cj for any i, j ∈ N with i = j. Show that T is complete.

194

Properties of ﬁrst-order logic

4.7.

Let T be an incomplete V-theory and let θ be a V-formula. Suppose that for each M |= T there exists a V-formula ϕM such that M |= θ ↔ ϕM . Show that there exists ﬁnitely many V-formulas ϕ1 , . . . , ϕn such that T n i=1 (θ ↔ ϕi ).

4.8.

Let V be a vocabulary that contains only constants (and neither functions nor relations). Let M and N be two inﬁnite V-structures. Using the TarskiVaught Criterion, show that if M ⊂ N , then M ≺ N .

4.9.

Let R be the structure (R|+, ·, 0, 1, <) having the real numbers as an underlying set that interprets the vocabulary in the usual manner. (a) Show that there exists an elementary extension M of R that has inﬁnitesimals (an element c is an inﬁnitesimal if 0 < c < 1/n for each n ∈ N). (b)

Let UM be the underlying set of M . Show that the set of inﬁnitesimals in UM has the same size as the set of inﬁnite elements in UM (an element c is inﬁnite if n < c for each n ∈ N).

4.10. Let N be the V-structure (N|+, ·, 1) from Exercise 2.7. By part (c) of Exercise 2.7, there exists a V-formula λ(x, y) such that, for any a and b in N, N |= λ(a, b) if and only if a < b. By the Upward L¨ owenheim–Skolem theorem, N has an elementary extension M of cardinality ℵ1 . (a) Let c be in the universe of M . Show that c is not in N if and only if M |= λ(n, c) for each n ∈ N. Call such an element c “inﬁnite.” (b) Show that there is no least inﬁnite number in the universe of M . (That is, for every inﬁnite c, there exists an inﬁnite d such that M |= λ(d, c).) (c)

By part (b) of Exercise 2.7, there exists a V-formula π(x) such that, for any n ∈ N, N |= π(n) if and only if n is prime. Show that M |= π(c) for some inﬁnite c. Call such a c an “inﬁnite prime.”

(d) Show that there cannot be two consecutive inﬁnite primes in the universe of M . (a and b are consecutive if a + 1 = b.) (e)

Let ϕ(x) be a V-formula. Show that the following are equivalent: (i) N |= ϕ(n) for inﬁnitely many n ∈ N. (ii)

M |= ϕ(c) for some inﬁnite c.

(iii)

There exists an elementary extension M1 of M such that M1 |= ϕ(a) for ℵ23 many elements a in its universe.

4.11. A graph is said to be k-colorable if the vertices can be colored with k diﬀerent colors in such a way that no two vertices of the same color share an edge. A graph is said to be planar if it can be drawn on the Euclidian plane in such a way that no two edges cross each other. The Four Color Theorem states that any planar graph is four-colorable. This famous theorem was

Properties of ﬁrst-order logic

195

proved by Appel and Haken in 1976. Assuming that this theorem is true for ﬁnite graphs, prove that it is true for inﬁnite graphs. (Hint: Given an inﬁnite planar graph G, consider the union of D(G) and a suitable set of V -sentences where V an expansion of VR containing unary relations representing each of the colors.) 4.12. The relation < is a partial order on a set A if 1. for all a and b in X, at most one of the following hold: either a < b, b < a, or a = b, and 2. for all a, b and c in X, if a < b and b < c then a < c. If it is also true that either a < b or b < a for distinct a and b in A, then the partial order is a linear order. Using the compactness of ﬁrst-order logic, show that any partial order on a set A can be extended to a linear order on A. (Hint: First use induction to show that this is true for ﬁnite A.) 4.13. Let T be the set of all sentences in the vocabulary VR that hold in every connected graph. Show that there exists a model G of T that is not a connected graph. 4.14. Derive the Compactness theorem from the Completeness theorem. 4.15. Let T be the set of all sentences in the vocabulary V< = {<} that hold in every well ordered set. Show that there exists a model M of T that does not interpret < as a well ordering of the underlying set of M . 4.16. Let M be a V-structure having underlying set U . For any n-tuple a ¯ of elements from U , let ¯ a be the substructure of M generated by a ¯ as deﬁned in Exercise 2.34. Show that M can be embedded into a model of a theory T if and only if ¯ a can be embedded into a model of T for every ﬁnite tuple a ¯ of elements from U . 4.17. Let F be a set of formulas having an inﬁnite vocabulary V. Show that |F| = |V|. 4.18. Show that the order deﬁned in the proof of Theorem 4.15 makes δ × δ a well ordered set. 4.19. For any set A of cardinals, let supA denote the least cardinal λ such that κ ≤ λ for each κ ∈ A. Let α be an inﬁnite ordinal and let {κι | ι < α} be a set of cardinals. Show that Σι<α κι = sup{|α|, κι |ι < α}. 4.20. Show that the following equalities hold for any ordinal α and any cardinal κ, ι<α κ = κ · |α|, and Πι<α κ = κ|α| . 4.21. Prove that there are uncountably many countable ordinals. 4.22. Let α1 > α2 > α3 > · · · be a descending sequence of ordinals. Show that there can be only ﬁnitely many ordinals in this sequence.

196

Properties of ﬁrst-order logic

4.23. Let T be a complete theory. Let α be a nonzero ordinal. For each β < α, let Mβ be a model of T . (a) Show that there exists a model D of T such that each Mβ can be elementarily embedded into D. (b)

Show that we can ﬁnd D in part (a) so that |D| ≤ |α|·|Mβ | for each β.

4.24. Prove Theorem 4.61. 4.25. Let T be a V-theory. Let T∀ be the set of all universal sentences ψ such that T ψ. Let M be a V-structure that models T∀ . Show that M can be embedded into a model of T . 4.26. Let T be a V-theory and let ϕ(x) and ψ(x) be two V-formulas. Suppose that, for any models M and N of T with N ⊂ M , if M |= ϕ(a) then N |= ψ(a) for any element a in the universe of N . Show that there exists a universal V-formula θ(x) such that T ϕ(x) → θ(x) and T θ(x) → ψ(x). 4.27. Let T be an incomplete V-theory and let ϕ(¯ x) be a V-formula having n free variables (for n ∈ N). Let M be a model of T having underlying set UM . (a) Suppose that M |= ϕ(¯ a) if and only if M |= ϕ(¯b) for any n-tuples a ¯ ¯ and b of elements of UM that satisfy the same atomic V-formulas in M . Show that M |= ϕ(¯ x) ↔ ψ(¯ x) for some quantiﬁer-free V-formula ψ(¯ x). (b)

Show that ϕ(¯ x) is not necessarily T -equivalent to a quantiﬁer-free formula by providing appropriate example.

4.28. Let T be a V-theory and let ϕ(x1 , . . . , xn ) be a V-formula. Prove that the following are equivalent: (i) ϕ(x1 , . . . , xn ) is T -equivalent to a quantiﬁer-free formula. (ii)

For any model M of T and any V-structure C, if f : C → M and g : C → M are two embeddings of C into M , then M |= ϕ(f (c1 ), . . . , f (cn )) if and only if M |= ϕ(g(c1 , . . . , cn ))

for any n-tuple of elements from the underlying set of C. (Hint: see Exercise 2.34.) 4.29. Prove Proposition 4.70. 4.30. For any V-theory T , let T∀∃ be the set of ∀2 V-sentences that can be derived from T . Prove that the following are equivalent: (i) T∀∃ T . (ii) If M is the union of a chain of models of T , then M |= T .

Properties of ﬁrst-order logic

197

(iii) Let M be a V-structure having underlying set U . If for every a ∈ U , there exists N ⊂ M such that a is in the universe of N and N |= T , then M |= T . 4.31. Let V be a vocabulary and let R be an n-ary relation not in V. Let T be an incomplete theory in the vocabulary V ∪ {R}. Suppose that, for each M |= x) such that M |= R(¯ x) ↔ ϕM (¯ x). Prove T , there exists a V-formula ϕM (¯ that R is explicitly deﬁned by T in terms of V. (Hint: see Exercise 4.7.) 4.32. (Lyndon) Refer to Exercise 2.33. A formula is said to be positive if it does not contain the symbols ¬, →, nor ↔. Let T be a V-theory and let ϕ be a V-formula. Show that the following are equivalent: (i) ϕ is T -equivalent to a positive formula. (ii) ϕ is preserved by every homomorphism f : M → N that is onto where both M and N are models of T . 4.33. (Lyndon) Let ϕ and ψ be V-sentences in conjunctive prenex normal form. A relation R is said to occur negatively in ϕ if ¬R occurs as subformula. Prove that if |= ϕ → ψ then there exists a V-sentence θ in conjunctive prenex normal form such that |= ϕ → θ, |= θ → ψ, and every relation that occurs negatively in θ also occurs negatively in both ϕ and ψ. (Hint: Modify the proof of Theorem 4.65.) 4.34. Let V1 and V2 be two vocabularies. Let V = V1 ∩ V2 . Let M be a V1 -structure, N be a V2 -structure, C be a V-structure. Let f1 : C → M and f2 : C → N be V-elementary embeddings. Show that there exist (V1 ∪ V2 )-structure D, V1 -elementary embedding g1 : M → D, and V2 -elementary embedding g2 : N → D such that g1 (f1 (c)) = g2 (f2 (c)) for each c in the underlying set of C. 4.35. Derive Robinson’s Joint Consistency lemma from Compactness and Craig’s Interpolation theorems. 4.36. Show that the Beth Deﬁnability theorem holds for functions as well as relations. 4.37. Let M be the structure (Z|S) that interprets the binary relation S as the successor relation on the integers. Let N = (Z|S, <) be the expansion of M that interprets the binary relation < as the usual order. Let T = T h(N ). (a) Show that N is the only expansion of M to a the vocabulary {S, <} that models T . (b)

Show that < is not explicitly deﬁned by T in terms of {S}.

5

First-order theories

We continue our study of Model Theory. This is the branch of logic concerned with the interplay between sentences of a formal language and mathematical structures. Primarily, Model Theory studies the relationship between a set of ﬁrst-order sentences T and the class Mod(T ) of structures that model T . Basic results of Model Theory were proved in the previous chapter. For example, it was shown that, in ﬁrst-order logic, every model has a theory and every theory has a model. Put another way, T is consistent if and only if Mod(T ) is nonempty. As a consequence of this, we proved the Completeness theorem. This theorem states that T ϕ if and only if M |= ϕ for each M in Mod(T ). So to study a theory T , we can avoid the concept of and the methods of deduction introduced in Chapter 3, and instead work with the concept of |= and analyze the class Mod(T ). More generally, we can go back and forth between the notions on the left side of the following table and their counterparts on the right.

Formal languages

Mathematical structures

Theory

Elementary class

T

Mod(T )

T h(M )

M

|=

Sentences

Models

Formulas

Deﬁnable subsets

Consistent

Satisﬁable

Syntax

Semantics

Progress in mathematics is often the result of having two or more points of view that are shown to be equivalent. A prime example is the relationship between the algebra of equations and the geometry of the graphs deﬁned by the equations. Combining these two points of view yield concepts and results that would not be possible in either geometry or algebra alone. The Completeness theorem equates the two points of view exempliﬁed in the above table. Model Theory exploits the relationship between these two points of view to investigate mathematical structures.

First-order theories

199

First-order theories serve as our objects of study in this chapter. A ﬁrstorder theory may be viewed as a consistent set of sentences T or as an elementary class of structures Mod(T ). We shall present examples of theories and consider properties that the theories may or may not possess such as completeness, categoricity, quantiﬁer-elimination, and model-completeness. The properties that a theory possesses shed light on the structures that model the theory. We analyze examples of ﬁrst-order structures including linear orders, vector spaces, the random graph, and the complex numbers. In the ﬁnal section, we use the modeltheoretic properties of the theory of complex numbers to prove a fundamental result of algebraic geometry. As in the previous chapter, all formulas are ﬁrst-order unless stated otherwise. In particular, all theories are sets of ﬁrst-order sentences.

5.1 Completeness and decidability We demonstrate several examples of theories in this section. Variations of these theories are used throughout this chapter to illustrate the concepts to be introduced. Although any consistent set of sentences forms a theory, we typically restrict our attention to those theories that are deductively closed. Deﬁnition 5.1 Let Γ be a set of sentences. The deductive closure of Γ is the set of all sentences that can be formally derived from Γ. If Γ equals its deductive closure, then Γ is said to be deductively closed. Given a deductively closed theory, we consider the question of whether or not the theory is complete. To show that a V-theory T is complete, we must show that, for every V-sentence ϕ, either ϕ ∈ T or ¬ϕ ∈ T . It is a much easier task to show that T is incomplete. To accomplish this, it suﬃces to produce only one sentence ϕ such that neither ϕ nor ¬ϕ is in T . Instead of considering V-sentences, we can consider V-structures. To show that T is incomplete, it suﬃces to ﬁnd two models of T that are not elementarily equivalent. This is also a necessary condition for T to be incomplete. Proposition 5.2 Let T be a deductively closed theory. Then T is incomplete if and only if there exist models M and N of T that are not elementarily equivalent. Proof First suppose that T is incomplete. Then there exists a sentence ϕ such that neither ϕ nor ¬ϕ is in T . Since T is deductively closed, neither ϕ nor ¬ϕ can be derived from T . This happens if and only if both T ∪ {ϕ} and T ∪ {¬ϕ} are consistent. By Theorem 4.27, if these sets of sentences are consistent, then they are satisﬁable. So if T is incomplete, then, for some V-sentence ϕ, there

200

First-order theories

exist models M |= T ∪ {ϕ} and N |= T ∪ {¬ϕ}. Clearly, such M and N are not elementarily equivalent. Conversely, if there exist models M and N of T that are not elementarily equivalent, then there must be some sentence ϕ such that M |= ϕ and N |= ¬ϕ. If this is the case, then T must be incomplete. Theories shall be presented in one of two ways. We may deﬁne T to be T h(M ) for some structure M . Such theories are necessarily complete by Proposition 2.86. Similarly, given a class of structures, we may deﬁne T to be the set of all sentences that hold in each structure in the set. In this case, T is complete if and only if the given structures are elementarily equivalent to one another. So if there are two or more structures in the class, then the theory T deﬁned in this manner might be incomplete. Example 5.3 Let VR = {R} and VE = {E} be vocabularies consisting of a single binary relation. • Let TG be the set of all VR -sentences that hold in every graph. This is the theory of graphs. • Let TE be the set of all VE -sentences that hold in every structure that interprets E as an equivalence relation. This is the theory of equivalence relations. Since there exist ﬁnite models of TG and TE of diﬀerent sizes, neither of these theories is complete. Another way to deﬁne a theory T is to explicitly state which sentences are contained in T . Usually, T contains inﬁnitely many sentences and we cannot simply list all of them. To present such a theory T , it suﬃces to provide a set of sentences Γ so that T is the deductive closure of Γ. That is, we axiomatize the theory. Deﬁnition 5.4 Let T be a theory. An axiomatization of T is a subset Γ of T that has the same deductive closure of T (that is, Γ ϕ for each ϕ ∈ T ). We say that Γ axiomatizes T and that T is axiomatized by Γ. Example 5.5 The theory of graphs TG is the deductive closure of the two VG -sentences ∀x¬R(x, x)

and ∀x∀y(R(x, y) ↔ R(y, x)).

This agrees with our previous deﬁnition of TG . These two deﬁnitions are equivalent because a “graph,” by deﬁnition, is a structure that models these two sentences. Likewise, by the deﬁnition of “equivalence relation” the VE -theory

First-order theories

201

TE is the deductive closure of the VE -sentences ∀xE(x, x), ∀x∀y(E(x, y) → E(y, x)),

and

∀x∀y∀z((E(x, y) ∧ E(y, z)) ↔ E(x, z)). Of course, any theory T is an axiomatization of itself. This fact is neither interesting nor useful. An axiomatization is useful if it is somehow simpler than T . For example, whereas the theories TG and TE both contain inﬁnitely many sentences, the axiomatizations of these theories are ﬁnite and easy to understand. It is common practice in pure mathematics to deﬁne concepts by providing axiomatizations. However, not all axiomatizations are ﬁrst-order axiomatizations. Our deﬁnition of axiomatization is more restrictive than the colloquial use of this word in mathematics. If we open a book on, say, real analysis, then we might see a set of axioms or postulates from which the theory is derived. For example, on page 17 of Ref. [42] we see the following axiom for the real numbers. Completeness axiom. Every nonempty subset S of R that is bounded above has a least upper bound. We mentioned this property of the real numbers in Section 2.4.3. Although it is a precise and formal statement, we cannot translate it to a sentence of ﬁrst-order logic. To say “for all subsets S” we must quantify over subsets (as opposed to elements) of the set R. We can do this in second-order logic, but not ﬁrst-order logic. Although not all axiomatizations can be translated to the language of ﬁrstorder logic, there are many that can be. Of the plethora of possible examples in pure mathematics, we presently give three. These three examples are standard deﬁnitions of concepts that can be found in books on algebra, geometry, and logic, respectively. Example 5.6 A group is deﬁned as a set G equipped with a binary operation ◦, such that the following hold: (Closure) If a and b are in G, then so is a ◦ b. (Associativity) For every a, b, and c in G, a ◦ (b ◦ c) = (a ◦ b) ◦ c (Existence of identity) There is an element e in G such that a ◦ e = e ◦ a = a for every a in G. (Existence of inverses) For any a in G, there exists an element a−1 of G such that a ◦ a−1 = a−1 ◦ a = e. These sentences can easily be expressed as ﬁrst-order sentences in the vocabulary {◦, e} where ◦ is a binary function and e is a constant. In Exercise 2.5, they are

202

First-order theories

expressed in the vocabulary Vgp = {+, 0}. Let Tgp be the deductive closure of these Vgp -sentences. This is the theory of groups. Note that we do not need to state the closure axiom, since, for any function f , the sentence ∀¯ x∃y(f (¯ x) = y) is a tautology of ﬁrst-order logic. Example 5.7 A projective plane is a set lines each of which is comprised of points in such a way that any two lines intersect in exactly one point and any two points are contained in exactly one line. Moreover, to rule out trivial examples, a projective plane must have at least four points and four lines. We can translate this deﬁnition to a set of ﬁrst-order sentences in the vocabulary Vpg = {P , L, I}. This vocabulary contains two unary relations P (for “points”) and L (for “lines”) and one binary relation I (the “incidence relation”). The relation I(x, y) is used to express “x is a point contained on the line y.” We leave it to the reader to formalize the above deﬁnition as a set of Vpg -sentences. Let Tpg denote the deductive closure of these sentences. This is the theory of projective planes. Note that the axiomatization of Tpg is symmetric with respect to P and L. That is, if we replace P with L and vice versa, then this set of sentences remains the same. It follows that for any sentence in Tpg , if we swap P and L we obtain another sentence of Tpg . This is the fundamental principle of duality for projective planes. Example 5.8 In Section 4.2, we deﬁned the concept of a linearly ordered set as follows. The relation < is a linear order on structure M if M models the V< -sentences ∀x∀y((x < y) → ¬(y < x)), ∀x(¬(x < x)), ∀x∀y((x < y) ∨ (y < x) ∨ (x = y)),

and

∀x∀y∀z(((x < y) ∧ (y < z)) → (x < z)). Let TLO be the deductive closure of these sentences. We refer to TLO as the theory of linear orders. So there are two ways to deﬁne a particular theory. It can be deﬁned in terms of a class of structures or in terms of a set of sentences. We deﬁned the theory of groups Tgp in terms of a set of sentences (an axiomatization). Equivalently, we could deﬁne Tgp as the set of all Vgp -sentences that hold in all groups. Of course, this deﬁnition would not be helpful to a reader who is not previously familiar with groups. Another way that this latter deﬁnition is inferior is that it does not provide a method for determining precisely which sentences are in Tgp . If we are given an axiomatization Γ of a theory T , then (theoretically if not practically)

First-order theories

203

we can determine whether or not a sentence is in T using the methods described in Chapter 3. Deﬁnition 5.9 A V-theory T is decidable if there exists an algorithm that will determine, in a ﬁnite number of steps, whether or not any given V-sentence ϕ is in T . Proposition 5.10 A complete countable theory is decidable if and only if it has an axiomatization that is decidable. Proof Let T be a complete countable V-theory. Since T is an axiomatization of itself, only one direction of this proposition requires proof. Suppose we are given a decidable axiomatization Γ of T . We want to show that T is decidable. Let ϕ be an arbitrary V-sentence. We must describe a way to determine whether or not ϕ is in T . Since T is countable, so is the set of all V-sentences. So the set of all Vsentences can be enumerated as {ψ1 , ψ2 , ψ3 , . . .}. Moreover, we can ﬁnd such an enumeration in a systematic way. For example, if V is ﬁnite, then we can list the ﬁnitely many sentences that have no more than 10 symbols followed by those that have no more that 20 symbols, and so forth. Since Γ is decidable, we can determine whether or not each ψi is in Γ in a ﬁnite number of steps. So there exists an enumeration {γ1 , γ2 , γ3 , . . .} of Γ and an algorithm that, for given n ∈ N, produces the ﬁnite set {γ1 , γ2 , . . . , γn }. To determine whether or not ϕ is in T , we use the methods of Chapter 3 (either formal proofs, Herbrand’s method, or resolution) to determine whether or not ϕ can be derived from Γ. For example, we can list every formal proof that has fewer than 1000 steps that can be derived from {γ1 , . . . , γ10 }. There are only ﬁnitely many such proofs. If Γ ϕ occurs in one of these proofs, then we conclude “yes, ϕ is in T .” If Γ ¬ϕ occurs in one of these ﬁnitely many proofs, then we conclude “no, ϕ is not in T .” Otherwise, if neither Γ ϕ nor Γ ¬ϕ occurs, then we proceed to check more formal proofs. We can list every formal proof that has fewer than 2000 steps that can be derived from {γ1 , . . . , γ20 }. If that is not enough, we can then list every formal proof that has fewer than 3000 steps that can be derived from {γ1 , . . . , γ30 }, and so forth. Since T is complete, either Γ ϕ or Γ ¬ϕ. By compactness, the procedure we have described will eventually (in a ﬁnite number of steps) ﬁnd a formal proof for either Γ ϕ or Γ ¬ϕ. This procedure is not practical, to say the least. We would not want to (nor be able to) actually list all of these formal proofs. However, the deﬁnition of “decidable” requires only the existence of an algorithm. It does not have to be a good algorithm. By this deﬁnition, T is decidable.

204

First-order theories

Of the two ways to deﬁne a theory, it is better to provide an axiomatization. If an axiomatization is not given, then it is desirable to ﬁnd one. However, this is not always an easy task. In some cases, it may be diﬃcult or impossible to provide an axiomatization for a theory. Example 5.11 Let Tar = T h(A) where A = (Z|+, ·, 0, 1) is as in Section 2.4.3. This is the theory of arithmetic. Although this is a perfectly well deﬁned theory, we cannot provide a decidable axiomatization for it. The theory of arithmetic is undecidable. This is a consequence of G¨ odel’s Incompleteness theorems that are the subject of Chapter 8. Structures that have undecidable theories clearly do not lend themselves well to model-theoretic analysis. In the present chapter, we restrict our attention to ﬁrst-order theories that are most accessible and do not consider undecidable theories. Example 5.12 Let Vs = {s} where s is a unary function. Let Zs = (Z|s) be the Vs -structure that interprets s as the successor function on the integers. That is, for integers a and b, Zs |= s(a) = b if and only if b = a + 1. Let Ts = T h(Zs ). This is an unambiguous deﬁnition of Ts . There is only one Vs -theory ﬁtting this description. Now suppose that we want to provide an axiomatization for Ts . That is, from among the inﬁnitely many sentences in Ts , we want to ﬁnd a subset that succinctly describes this theory. One way to proceed is to ask: what are the salient features of the structure Zs ? If you were to describe this structure to someone who had no idea what the integers looked like, what would you say? There is no ﬁrst element. There is no last element. The successor of any element is unique as is the predecessor. We can express these things with Vs -sentences. Let σ1 be the sentence ∀x∃y(s(y) = x), and let σ2 be the sentence ∀x∀y(s(x) = s(y) → x = y). The ﬁrst of these says that every element has a predecessor (there is no “ﬁrst” element). The second of these sentences implies the uniqueness of the predecessor. We do not need to say that every element has a unique successor. Since any model interprets s as a function, the sentences ∀x∃y(s(x) = y)

and ∀x∀y(x = y → s(x) = s(y))

are tautologies. To axiomatize the Vs -theory Ts we are merely listing some of the sentences that hold in the Vs structure Zs . The problem is knowing when we are done. So far, we have listed the two sentences σ1 and σ2 . Together these sentences say that s is one-to-one and onto. This is not enough. By Proposition 2.86, Ts = T h(Zs ) is a complete theory. The set {σ1 , σ2 } is not

First-order theories

205

complete. There are ﬁnite models of these two sentences. An axiomatization of Ts must forbid ﬁnite cycles. That is, we must include sentences to say that for all x, s(x) = x, s(s(x)) = x, s(s(s(x))) = x, and so forth. For each n ∈ N, let θn be the Vs -sentence ∀x¬sn (x) = x where sn (x) abbreviates s(s(s · · · s(x))). n times

Let Γs = {σ1 , σ2 , θn |n ∈ N}. If the deductive closure of Γs is complete, then we are done. Otherwise, to obtain an axiomatization of Ts , we must proceed to add more sentences to Γs . We return to this example in Example 5.20 and show that Γs is indeed an axiomatization of Ts . It follows that Ts is decidable. We need a way to verify that a given V-theory T is complete. As we remarked at the outset, this is a more diﬃcult task than showing that T is incomplete. It is not diﬃcult to show that the theories TG , TE , Tgp , and TLO are incomplete. Throughout this chapter, we will consider examples of complete theories that contain these theories as subsets. One of our goals in this chapter is to deﬁne various criteria that imply completeness.

5.2 Categoricity A theory is complete if and only if all models of the theory are elementarily equivalent. This is a reformulation of Proposition 5.2. In particular, if all its models are isomorphic, then the theory must be complete. If this is the case, then we say that there is only one model up to isomorphism and that the theory is categorical. Theories describe structures. We distinguish two types of descriptions that are desirable. A complete description describes its subject entirely. A categorical description describes its subject uniquely. Let us lift our restriction to ﬁrst-order logic for the moment, and suppose that we want to describe an object using English sentences. Suppose we are in a crowded bar and I want to describe Dennis to you. If I tell you that Dennis is in the room, is over 2 m tall, has fuchsia hair, and is wearing sunglasses and a feather boa, then it is likely that there will be at most one person in the room ﬁtting this description. If there is exactly one person ﬁtting the description, then the description is categorical. A categorical description provides only enough information to single out its object and is not necessarily complete. We cannot deduce all there is to know about a person from a categorical description. Indeed, our categorical description leaves many unanswered questions about Dennis. In English, a complete description is necessarily categorical, but not the other way around. In the language of ﬁrst-order logic, since it is a weak language, this is reversed. A complete theory may not be categorical (it may have more

206

First-order theories

than one model). But, as we pointed out in the opening paragraph, if a theory is categorical, then it must be complete. Deﬁnition 5.13 A theory is absolutely categorical if it has only one model up to isomorphism. Any complete theory having a ﬁnite model is absolutely categorical. This follows from Proposition 2.81 where it was shown that for any ﬁnite V-structure M , there is a V-sentence ϕM that describes M up to isomorphism. By the Upward L¨ owenheim–Skolem theorem, these are the only examples of absolutely categorical theories. If a theory has an inﬁnite model, then it has arbitrarily large models. In particular, any such theory has models of diﬀerent cardinalities. Two structures of diﬀerent cardinalities cannot possibly be isomorphic. So absolutely categorical theories are nothing new. This is merely a new name for complete theories having a ﬁnite model. We extend the notion of categoricity so that it applies to theories having inﬁnite models. Deﬁnition 5.14 Let κ be a cardinal. A theory T is κ-categorical if T has exactly one model of size κ up to isomorphism. This deﬁnition circumvents the Upward L¨owenheim–Skolem theorem. Let N |= T . If N is not the same size as M , then, of course, N cannot be isomorphic to M . If T is κ-categorical, then this is the only reason that N may not be isomorphic to a model M of size κ. Among theories having inﬁnite models, κ-categoricity is a very strong property. As we shall see, we can attain much information about a theory and the structure of its models merely by knowing for which cardinals κ the theory is κ-categorical. One basic result is the following: Proposition 5.15 Let T be a deductively closed theory having only inﬁnite models. If T is κ-categorical for some κ ≥ |T |, then T is complete. Proof We prove the contrapositive. Suppose T is not complete. By Proposition 5.2, there exist M |= T and N |= T such that N ≡ M . By Corollary 4.34 of the L¨owenhiem–Skolem Theorems, there exist M ≡ M and N ≡ N such that |M | = |N | = κ. Since M ≡ N , M and N cannot be isomorphic and T is not κ-categorical. Deﬁnition 5.16 For any cardinal κ, we say that V-structure M is κ-categorical if the V-theory T h(M ) is κ-categorical. Whereas all ﬁnite structures have theories that are absolutely categorical, relatively few inﬁnite structures are κ-categorical for some κ. However, although it is rare, many important structures have this property. Structures that are

First-order theories

207

κ-categorical for inﬁnite κ play a central role in Model Theory. Examples of these structures include the complex numbers, vector spaces, and the random graph. We shall investigate these structures and their theories later in this chapter. Presently, we provide some elementary examples. Example 5.17 Recall from Section 2.4.1 that a clique is a graph that models the sentence ∀x∀y(¬(x = y) → R(x, y)) saying that any two distinct vertices share an edge. Let T be the VR -theory axiomatized by this sentence together with the sentences that deﬁne a graph. Since any two cliques of the same size are isomorphic, T is κ-categorical for all cardinals κ. Since T has ﬁnite models of diﬀerent sizes, it is not complete. Suppose that we add to this theory the sentences xi = xj ∃x1 ∃x2 · · · ∃xn i=j

for each n ∈ N. These sentences express that the underlying set contains at least n elements for each n ∈ N. That is, the universe is inﬁnite. Let Tclique denote the set of VR -sentences that can be derived from the union of these sentences with the theory of cliques. Equivalently, Tclique is the set of all VR -sentences that are true in all inﬁnite cliques. Since Tclique is κ-categorical for inﬁnite κ and has only inﬁnite models, it is complete by Proposition 5.15. Example 5.18 Let TE be the VE -theory of equivalence relations from Example 5.3. Each model of TE is completely determined by the number and the sizes of its equivalence classes. We describe two models M2 and N2 of TE . Let M2 have exactly two diﬀerent equivalence classes each of which is denumerable. Let N2 have a denumerable number of equivalence classes each containing exactly two elements. So both M2 and N2 have denumerable universes. Let {a1 , a2 , a3 , . . .} and {b1 , b2 , b3 , . . .} be the underlying sets of M2 and N2 , respectively. We depict M2 as tall and thin and N2 as short and fat in Tables 5.1 and 5.2. We claim that each of these structures is ℵ0 -categorical. Consider ﬁrst M2 . Let M be a countable VE -structure that is elementarily equivalent to M2 . The VE -sentence ∃x∃y(¬E(x, y) ∧ ∀z(E(x, z) ∨ E(y, z)) expresses that there are exactly two equivalence classes. Since M2 models this sentence, so does M . Also, M2 models the sentences saying that each element has at least n elements in its equivalence class for each n ∈ N. Since M2 ≡ M , M also models these sentences. So M , like M2 , has two denumerable equivalence

208

First-order theories Table 5.1

VE -structure M2

.

.

.

.

.

.

a5

a6

a3

a4

a1

a2

Table 5.2

VE -structure N2

b2

b4

b6

b8

.

.

.

b1

b3

b5

b7

.

.

.

classes. It follows that each equivalence class M can be put into one-to-one correspondence with either of the equivalence classes of M2 . Since they have the same number of equivalence classes, M2 and M are isomorphic and M2 is ℵ0 -categorical. We now show that N2 is κ-categorical for any inﬁnite κ. Let κ be inﬁnite and let N and N be two VE -structures of size κ that are both elementarily equivalent to N2 . Then each equivalence class of either N or N must contain exactly two elements (since this can be expressed with a ﬁrst-order sentence). Since κ is inﬁnite, both N and N have κ many equivalence classes. So the equivalence classes of N can be put into one-to-one correspondence with the equivalence classes of N . Since all equivalence classes have the same number of elements, N and N are isomorphic and N2 is κ-categorical as was claimed. We return now to M2 and show that this structure, unlike N2 , is not κcategorical for uncountable κ. This follows from the fact that ﬁrst-order logic cannot distinguish between one inﬁnite cardinal and another. Whereas we can deﬁne a set of VE -sentences to say that each equivalence class is inﬁnite, we cannot say that each equivalence class has size ℵ0 or size ℵ23 nor specify any other inﬁnite cardinality. For any cardinals λ and κ, let Mλκ be the VE -structure having one equivalence class of size λ, one of size κ, and no other equivalence classes. Then Mλκ ≡ M2 for any inﬁnite λ and κ. If λ < κ, then Mλκ is not isomorphic to Mκκ . Moreover, |Mκκ | = 2 · κ = κ = κ + λ = |Mκλ |. It follows that M2 is not κ-categorical for uncountable κ as we claimed.

First-order theories

209

Deﬁnition 5.19 Let T be a theory having only inﬁnite models. T is countably categorical if it is ℵ0 -categorical. T is uncountably categorical if it is κ-categorical for all uncountable κ. T is totally categorical if it is κ-categorical for all inﬁnite κ. That is, if it is both countably and uncountably categorical. The theory T h(M2 ) from Example 5.18 is countably categorical but not uncountably categorical. The theory T h(N2 ) from that example is totally categorical as is the theory Tclique from Example 5.17. We now demonstrate an example of an uncountably categorical theory that is not countably categorical. Example 5.20 Recall the Vs -theory Ts = T h(Zs ) from Example 5.12. Recall too the set Γs of Vs -sentences expressing that s is a one-to-one and onto function having no ﬁnite cycles. We claim that Γs axiomatizes Ts . To do verify this, we show that every model of Γs is also a model of Ts . Let us consider some speciﬁc models of Γs . Let Z2 be a VS -structure having underlying set {. . . , −3, −2, −1, 0, 1, 2, 3, . . .} ∪ {. . . , a−3 , a−2 , a−1 , a0 , a1 , a2 , a3 , . . .}. Let Z2 interpret s the same way as Zs on the integers. Further, suppose that Z2 |= s(ai ) = aj if and only if j = i + 1. Then Z2 interprets s as a one-to-one onto function having no ﬁnite cycles. So Z2 |= Γs . We say that such Z2 contains two copies of Z. Likewise, we can deﬁne models of Γs having any number of copies of Z. For any nonzero cardinal κ, let Zκ be the Vs -structure containing κ copies of Z. (So Z1 is Zs .) Let κ be an uncountable cardinal. Let N be a model of Γs of size κ. For any element a0 in the universe UN of N , there must exist a unique successor a1 and predecessor a−1 in UN . There must also exist successor a2 of a1 and predecessor a−2 of a−1 , and so forth. Since N has no ﬁnite cycles, each element a0 ∈ UN is contained in a copy of Z. Since |N | = κ, N must contain κ copies of Z. It follows that N ∼ = Zκ . So Zκ is the only model of Γs of size κ up to isomorphism and Γs is κ-categorical for all uncountable κ. By Proposition 5.15, the deductive closure of Γs is the complete theory Ts . Since the nonisomorphic models Z1 , Z2 , Z3 , . . . , Zℵ0 are each countable, Ts is not ℵ0 -categorical. We have demonstrated the existence of theories that are countably categorical and not uncountably categorical, theories that are uncountably categorical and not countably categorical, and theories that are totally categorical. We shall also see examples of theories that are not κ-categorical for any κ. For complete countable theories having inﬁnite models, these are the only four possibilities. This is a consequence of Morley’s theorem.

210

First-order theories

Theorem 5.21 (Morley) Let T be a countable theory. If T is κ-categorical for some uncountable κ, then T is κ-categorical for all uncountable κ. Morley’s proof of this theorem introduced methods and concepts to model theory that would bear fruit far beyond Morley’s theorem itself. The proof gave rise to the subject of stability theory. We touch upon some of the ingredients of this proof in Chapter 6 (see Exercise 6.33). However, we do not prove Morley’s theorem. Instead, we refer the reader to books devoted solely to model theory such as [29] and [39] and also to more advanced books on stability theory such as [1] and [6]. Also, for the serious student of model theory, Morley’s original proof in [32] remains essential reading. We conclude this section by stating without proof two results regarding categoricity and ﬁnite axiomatizability. Naturally, a theory is said to be ﬁnitely axiomatizable if it is axiomatized by a ﬁnite set of sentences. We have seen several examples of ﬁnitely axiomatizable theories including the theory of graphs, the theory of equivalence relations, the theory of groups, and others. All of these theories are incomplete. In the next section, we shall see examples of ﬁnitely axiomatizable complete theories having inﬁnite models. Such theories necessarily contain a sentence that has only inﬁnite models (see Exercises 2.37 and 2.38 for examples of such sentences). As a rule, most complete theories having inﬁnite models are not ﬁnitely axiomatizable. If we restrict our attention to totally categorical theories, then we can be more precise. Theorem 5.22 axiomatizable.

(Zil’ber) Totally

categorical

theories

are

not

ﬁnitely

Recall that the theory of cliques from Example 5.17 is ﬁnitely axiomatizable and κ-categorical for all κ. Since this theory has ﬁnite models, it is not totally categorical. In contrast, the theory Tclique of inﬁnite cliques is totally categorical, but is not ﬁnitely axiomatizable. To axiomatize Tclique we must include sentences saying that there exist more than n elements for each n ∈ N. Using counting quantiﬁers as deﬁned in Exercise 2.20, we can express each of these sentences as ∃≥n x(x = x). This is an example of a quasi-ﬁnite axiomatization. Deﬁnition 5.23 A theory T is quasi-ﬁnitely axiomatizable if there exists a ﬁnite set F of formulas in one free variable such that T is axiomatized by sentences of the form ∃≥n xϕ(x) with ϕ(x) ∈ F . Theorem 5.24 (Hrushovski) If T is totally categorical and has a ﬁnite vocabulary, then T is quasi-ﬁnitely axiomatizable. Zil’ber’s and Hrushovski’s theorems are actually corollaries to results regarding the general structure of models of totally categorical theories. Their proofs of are beyond the scope of this book (these theorems are proved in [38]). We focus

First-order theories

211

on more elementary properties of these theories. In the next section, we prove a fundamental result regarding countably categorical theories.

5.3 Countably categorical theories We investigate some speciﬁc countably categorical structures. We consider structures in the vocabulary V< consisting of a single binary relation <. Each of the examples we consider interprets < as a linear order. In the second part of this section, we prove a fundamental result that holds for all countably categorical theories. 5.3.1 Dense linear orders. Consider the closed unit interval of real numbers. Let R[0,1] be the structure {[0, 1]| <} having the closed interval [0, 1] of real numbers as an underlying set and interpreting < in the usual way. We list some V-sentences that hold in R[0,1] . For reference, we label these sentences as δ1 –δ7 . δ1 : ∀x∀y((x < y) → ¬(y < x)) δ2 : ∀x(¬(x < x)) δ3 : ∀x∀y((x < y) ∨ (y < x) ∨ (x = y)) δ4 : ∀x∀y∀z(((x < y) ∧ (y < z)) → (x < z)) δ5 : ∀x∀y((x < y) → ∃z(x < z ∧ z < y)) δ6 : ∃x∀y((x = y) ∨ (x < y)) δ7 : ∃x∀y((x = y) ∨ (y < x)). The ﬁrst four of these sentences say that < is a linear order. Recall from Example 5.8 that the theory TLO is deﬁned as the set of all consequences of these four sentences. The sentence δ5 says that between any two elements, there exists another element. That is, the linear order is dense (see Section 2.4.3). Finally, δ6 says that there exists a smallest element and δ7 says that there exists a largest element. Let TDLOE denote the set of V< -sentences that can be derived from the above seven sentences. This is the theory of dense linear orders with endpoints. Clearly, R[0,1] |= TDLOE . We claim that T h(R[0,1] ) = TDLOE . To show this, we must verify that TDLOE , unlike TLO , is a complete theory. We prove something stronger. Proposition 5.25 TDLOE is ℵ0 -categorical. Proof Let M and N be two models of TDLOE of size ℵ0 . We show that M and N are isomorphic. Let UM and UN denote the underlying sets of M and N

212

First-order theories

respectively. Enumerate these sets as follows: UM = {a1 , a2 , a3 , . . .}

and UN = {b1 , b2 , b3 , . . .}.

Since M and N model δ6 and δ7 , these sets must contain a smallest and a largest element (with respect to the order <). We may assume that a1 and b1 are the smallest elements in each set and a2 and b2 are the largest elements. We construct an isomorphism f : M → N step-by-step. In each step we deﬁne f for two elements of UM : Step 1: Let f (a1 ) = b1 and f (a2 ) = b2 . For n > 1, step n has two parts. Step n: Part a. Let An be the set of all ai ∈ UM for which f (ai ) has been deﬁned in some previous step. Let j be least such that aj is not in An . We deﬁne f (aj ). Since An is ﬁnite, we can ﬁnd elements c and d of An so that no element of An is between these two elements and aj is (that is, c < aj < d or d < aj < c). In this case, let f (aj ) be any element of UN that lies between f (c) and f (d). Since N |= δ5 , such f (aj ) exists. Part b. Let Bn be the set of all bi ∈ UN for which f −1 (bi ) has been deﬁned in some previous step (including f (aj ) from part a). Let j be least such that bj is not in Bn . Since Bn is ﬁnite, we can ﬁnd elements c and d of Bn so that no element of Bn is between these two elements and bj is (that is, c < bj < d or d < bj < c). In this case, let f −1 (bj ) be any element of UM that lies between f −1 (c) and f −1 (d). Since M |= δ5 , such a f −1 (bj ) exists. After completing step n for all n ∈ N, the function f is completely deﬁned. Since f (ai ) is deﬁned in Step i (part a) if not before, each ai is in the domain of f . Moreover, f (ai ) is deﬁned exactly once. So f has domain UM and is one-toone. Also, since f −1 (bi ) is deﬁned in Step i (part b) if not before, f is onto. By design, f preserves the order (ai < aj implies f (ai ) < f (aj )). So f is a literal embedding. By Proposition 2.57, f is an isomorphism as was desired. Corollary 5.26 TDLOE is complete. Proof By Proposition 5.15, any ℵ0 -categorical theory having only inﬁnite models is complete. So to show that TDLOE is complete, it suﬃces show that any dense linear order is necessarily inﬁnite. If a linear order is ﬁnite, then it can be listed as a1 < a2 < · · · < an for some n ∈ N. Such a linear order is not dense since there is no element between a1 and a2 . So TDLOE has only inﬁnite models and is complete. It follows from this corollary that any model of TDLOE is elementarily equivalent to R[0,1] . For example, suppose that we restrict the underlying set to the set of rational numbers in the interval [0, 1]. Let Q[0,1] denote the V< -structure having this set of rationals as its underlying set and interpreting < as the usual

First-order theories

213

order. This is a countable model of TDLOE . Since this theory is ℵ0 -categorical, it is essentially the only countable model of this theory. Any other countable model must be isomorphic to Q[0,1] . Moreover, since TDLOE is complete, Q[0,1] and R[0,1] , although not isomorphic, are elementarily equivalent. Proposition 5.27 For any uncountable cardinal κ, TDLOE is not κ-categorical. Proof We deﬁne a model H[0,2] of TDLOE that has the same size as R[0,1] , but is not isomorphic to R[0,1] . The structure H[0,2] is a hybrid of Q[0,1] and R[0,1] . Its universe is the union of the set of all rational numbers in the interval [0, 1] and the set of all real numbers in the interval [1, 2]. Again, this structure interprets < in the usual way. This structure models TDLOE . Since this theory is complete, H[0,2] ≡ R[0,1] . Moreover, |H[0,2] | = |Q[0,1] | + |R[0,1] | = ℵ0 + 2ℵ0 = 2ℵ0 . So H[0,2] has the same size as R[0,1] . To see that it is not isomorphic to R[0,1] , note that, in R[0,1] , there exist uncountably many elements between any two elements. This is not true in H[0,2] . So an isomorphism between these two models is impossible and TDLOE is not 2ℵ0 -categorical. By Morley’s theorem 5.21, TDLOE is not κ-categorical for any uncountable κ. Recall the V< -structures Q< and R< from 2.4.3. Since they have no endpoints, these are not models of TDLOE . We deﬁne the theory TDLO of dense linear orders without endpoints as the set of all V< -sentences that can be derived from the sentences δ1 , δ2 , δ3 δ4 , δ5 , ¬δ6 , and ¬δ7 . We negate the sentences saying there exist a smallest and largest element. Both Q< and R< are models of this theory. Corollary 5.28 TDLO is ℵ0 -categorical. Proof Any model of TDLO can be extended to a model of TDLOE by adding smallest and largest elements to the underlying set. If there were non-isomorphic countable models of TDLO , then these could be extended to non-isomorphic countable models of TDLOE . Since TDLOE is ℵ0 -categorical, so is TDLO . Corollary 5.29 TDLO is complete. Proof This is the same as the proof of Corollary 5.26. Since dense linear orders are necessarily inﬁnite, TDLO has no ﬁnite models. By Proposition 5.15, TDLO is complete. Corollary 5.30 Q< ≡ R< . Proof This follows immediately from the fact that Q< and R< are both models of the complete theory TDLO . In light of these examples, and speciﬁcally of the proof of Proposition 5.25, we now investigate arbitrary countably categorical theories.

214

First-order theories

5.3.2 Ryll-Nardzewski et al. Categoricity is a property of theories that is deﬁned in terms of the models of the theory. A theory T is countably categorical if and only if there is exactly one countable model (up to isomorphism) in Mod(T ). As we shall prove, there is a purely syntactic characterization of these theories. We show that a theory T is ℵ0 -categorical if and only if there are only ﬁnitely many formulas in n free variables up to T -equivalence. Equivalently, a V-structure M having universe U is ℵ0 -categorical if and only if, for each n ∈ N, only ﬁnitely many subsets of U n are V-deﬁnable. Proposition 5.31 Let T be a complete V-theory. If there are only ﬁnitely many formulas in n free variables up to T -equivalence for each n, then T is ℵ0 -categorical. We prove this proposition using a back-and-forth argument. This method of proof constructs an isomorphism between two structures by alternating back and forth between the elements of each of the two underlying sets. An example of a back-and-forth argument is provided by the proof of Proposition 5.25, where it was shown that any two countable models of TDLOE are isomorphic. The proof of Proposition 5.31 resembles the proof of Proposition 5.25. In fact, Proposition 5.25 is a special case of this proposition. Proof of Proposition 5.31 Suppose that there are only ﬁnitely many formulas in n free variables up to T -equivalence for each n. We show that T is ℵ0 -categorical. Let M and N be two models of T of size ℵ0 . Let UM and UN denote the underlying sets of M and N respectively. Enumerate these sets as UM = {a1 , a2 , a3 , . . .}

and UN = {b1 , b2 , b3 , . . .}.

We construct an isomorphism f : M → N step-by-step. In each step, we deﬁne f (ai ) for two elements ai of UM . For n ∈ N, let An be the set of all ai ∈ UM for which f (ai ) has been deﬁned in some step prior to step n. Since An is ﬁnite, we may regard it as a tuple of elements of UM . There are many ways to arrange the elements of a large ﬁnite set into a tuple. For any ai and aj in An , one of the two elements f (ai ) and f (aj ) ¯n be the tuple obtained by of UN must have been deﬁned before the other. Let a arranging the elements of An in the order in which f was deﬁned. Likewise, let Bn be the corresponding set of all f (ai ) ∈ UN for ai ∈ An . Let ¯bn be the tuple obtained by arranging the elements of Bn in the order in which f was deﬁned. Note that A1 = B1 = ∅. Note too that, since T is complete, N |= ϕ if and only if M |= ϕ for any V-sentence ϕ. For n ∈ N, assume that An and Bn have been deﬁned in such a way that M |= ϕ(¯ an ) if and only if N |= ϕ(¯bn ) for any V-formula ϕ in |An | free variables.

First-order theories

215

Step n: Part a. Let j be least such that aj is not in An . We deﬁne f (aj ). Let k = |An | = 2(n − 1). By hypothesis, there exists a ﬁnite set F of Vformulas in k +1 free variables so that every V-formula having k +1 free variables is T -equivalent to a formula in F. Let Φ(¯ x, y) be the conjunction of those formulas ϕ(¯ x, y) in F such that an , y). M |= ϕ(¯ an , aj ). Then M |= ∃yΦ(¯ This formula has |An | = k free variables. By the deﬁnitions of An and Bn , N |= ∃yΦ(¯bn , y). It follows that N |= ∃yΦ(¯bn , bi ) for some bi ∈ UN . Let f (aj ) = bi . an , aj ) and let ¯bn be the tuple (¯bn , bi ), where Part b. Let a ¯n be the tuple (¯ aj and bi are as deﬁned in part (a). Let l be least such that bl is not in ¯bn . As an , ai ) if and only in part (a), we can ﬁnd an element ai of UM so that M |= ϕ(¯ ¯ if N |= ϕ(bn , bl ) for any ϕ in 2n free variables. Deﬁne f (ai ) to be bl . After completing step n for each n ∈ N, the function f is completely deﬁned. Since f (ai ) is deﬁned in Step i (part a) if not before, each ai is in the domain of f . Moreover, f (ai ) is deﬁned exactly once. So f has domain UM and is one-toone. Also, since f −1 (bi ) is deﬁned in Step i (part b) if not before, f is onto. By design, f preserves all V-formulas and is an isomorphism as was desired. We now have two ways to show that a given theory is countably categorical. We can give a back-and-forth argument as we did for TDLOE in Proposition 5.25. Alternatively, we can show that there are only ﬁnitely many formulas in n free variables up to T -equivalence for each n. This may not seem practical. However, in Section 5.5 we discuss quantiﬁer elimination and provide a systematic approach to understanding the deﬁnable subsets of certain structures. The converse of Proposition 5.31 is also true. The countably categorical theories are precisely those theories that are complete and have few formulas (ﬁnitely many in n free variables for each n). Since this was proved by Ryll-Nardzewski in a 1959 paper, it is commonly referred to as the Ryll-Nardzewski theorem. Since it also appeared in 1959 in separate papers by Engeler and Svenonius, it is sometimes referred to as the Engeler–Ryll-Nardzewski–Svenonius theorem. We opt for brevity and refer to it as Theorem 5.32. Theorem 5.32 A complete theory T is ℵ0 -categorical if and only if, for each n ∈ N, there are only ﬁnitely many formulas in n free variables up to T -equivalence. One direction of this theorem was proved as Proposition 5.31. We postpone the proof of the other direction until Chapter 6 where we shall see several equivalent characterizations of ℵ0 -categorical theories.

216

First-order theories

5.4 The Random graph and 0–1 laws A random graph is a graph constructed by some random process such as rolling a die or ﬂipping a coin. The idea of implementing random processes in graph theory was conceived by Paul Erd¨ os and has served as a powerful tool for this and other areas of discrete mathematics. In this section, we discuss this idea and show how it gives rise to a complete ﬁrst-order theory TRG in the vocabulary of graphs. We prove that TRG is ℵ0 -categorical. Whereas there are many possible ﬁnite random graphs, there is only one denumerable random graph. From this fact we deduce a 0–1 law for ﬁrst-order logic. We assume basic knowledge of probability. Suppose that we have a set of vertices and want to build a graph. For example, suppose that we have ﬁve vertices v1 , v2 , v3 , v4 , and v5 . To deﬁne the graph, we must decide which pairs of vertices share an edge. Let us take the random approach and ﬂip a coin to make our decisions. Given any two vertices (v1 and v2 , say) we ﬂip a coin. If the coin lands heads up, then v1 and v2 share an edge. If the coin lands tails up, then they do not share an edge. We repeat this for every pair of vertices. Since there are ﬁve vertices, there are (5 · 4)/2 = 10 pairs of vertices to consider. After ﬂipping the coin 10 times, we will have completed the graph. Any graph having vertices v1 , v2 , v3 , v4 , and v5 is a possible outcome of this process. Since each of the ten ﬂips of the coin has two possible outcomes, there are 210 possible graphs. If the coin is fair (landing heads up as frequently as tails up), then each of these 210 graphs is equally likely. However, two or more of the outcomes may be isomorphic graphs. So, up to isomorphism, some graphs are more likely than others. For example, the 5-clique is an unlikely outcome. To obtain this result, each of our 10 ﬂips of the coin must land heads up. The probability of this happening is 1/210 . It is more likely that the outcome will have exactly one edge. The probability of this happening is 10/210 (so this will happen roughly 1% of the time). There are two ways to compute the probabilities in the previous paragraph. Suppose we want to compute the probability that the resulting graph has exactly m edges for some m ≤ 10. Using the formula for probability distribu 1 10 binomial 10 10! ( = ) (where tions, this probability is 10 m m 2 (10−m)!m! is the number of ways that m of the 10 edges can be chosen). Alternatively, since each of the 210 graphs are equally likely, this probability can be computed by counting the number of graphs having exactly m edges and dividing this number by 210 . For example the 5-clique is the only one of the 210 possible outcomes that has 10 edges. So the probability that this happens is 1/210 . More generally, suppose that we randomly construct a graph having vertices {v1 , v2 , . . . , vn } for some n ∈ N. There are n(n−1)/2 pairs of vertices to consider. To ease notation, denote n(n − 1)/2 by e(n) (this is the number of edges in

First-order theories

217

the n-clique). If we construct this graph by ﬂipping a fair coin as before, then there are 2e(n) possible outcomes each of which is equally likely. Let ϕ be a VR -sentence. Let Pn (ϕ) be the probability that our randomly constructed graph models the sentence ϕ. This probability can be computed by counting the number of outcomes that model ϕ and dividing by the total number of possibilities 2e(n) . Example 5.33 Let ϕ be the sentence ∀x∀y(x = y ∨ R(x, y)). For each n ∈ N, this sentence holds in only one of the 2e(n) graphs having vertices {v1 , . . . , vn } (namely, the n-clique). So Pn (ϕ) = 1/2e(n) . (In particular P5 (ϕ) = 1/2e(5) = 1/210 as previously noted.) If n is big, then this probability is close to zero. Example 5.34 Let ϕ be the VR -sentence saying that the graph has exactly one edge. For each n ∈ N, the number of graphs having vertices {v1 , . . . , vn } that model this sentence is the number of possible edges e(n). So Pn (ϕ) = e(n)/2e(n) . If n is big, then this probability is close to zero. For any V-sentence ϕ and any n ∈ N, Pn (ϕ) + Pn (¬ϕ) = 1. This is because every graph either models ϕ or ¬ϕ (and not both). So Pn (¬ϕ) = 1 − Pn (ϕ). In the previous two examples, since Pn (ϕ) approaches zero, Pn (¬ϕ) approaches 1 as n gets large. We express this by using limit notation: lim Pn (ϕ) = 0

n→∞

and

lim Pn (¬ϕ) = 1.

n→∞

The 0–1 Law for Graphs states that, for every VR -sentence θ, either limn→∞ Pn (θ) = 0 or limn→∞ Pn (θ) = 1. So either θ or its negation almost certainly holds in any large ﬁnite graph. This fact imposes limitations on what can be expressed by a VR -sentence. For example, the 0–1 Law for Graphs implies that there is no VR -sentence that holds only in those ﬁnite graphs having an even number of vertices. We have veriﬁed the 0–1 Law for Graphs for a couple of particular sentences in the above examples. To prove this law, we must consider some other (more complicated) VR -sentences. For each m ∈ N, let ρm be the VR -sentence m m xi = yj ∀x1 · · · ∀xm ∀y1 · · · ∀ym → ∃z

i=1 l

i=1

R(xi , z) ∧

m j=1

j=1

¬ (R(z, yj ) ∨ z = yj ) .

218

First-order theories

This sentence asserts that given any two sets of vertices X = {x1 , . . . , xm } and Y = {y1 , . . . , ym } such that X ∩ Y = ∅, there exists a vertex z not in X ∪ Y that shares an edge with each vertex in X and with no vertex in Y . Note that ρm2 implies ρm1 for m1 ≤ m2 . We examine ρm for various values of m. m = 1: The sentence ρ1 states that, for any vertices x and y there exists a vertex z that shares an edge with x but not y. Since x and z share an edge, they cannot be equal. Moreover, ρ1 asserts there exists such a z that is not equal to y. So any model of ρ1 must have at least three vertices corresponding to x, y, and z. Moreover, reversing the roles of x and y, there must exist a vertex w that shares an edge with y but not x. So any graph that models ρ1 must have at least four vertices. In fact, the smallest example has ﬁve vertices (take the sides of a pentagon as edges). m = 2: Let G be a graph that models ρ2 . Let a and b be two vertices of G. Then, there must exist a vertex c that shares and edge with a but not b and a vertex d that shares an edge with b but not a. Moreover, there must exist a vertex e that shares a vertex with both a and b and a vertex f that shares a vertex with neither a nor b. So there must be at least six vertices, but we are not done. There must also exist a vertex g that shares an edge with both e and d and with neither c nor d, and so forth. In contrast to ρ1 , it is not an easy task to draw a graph that models ρ2 (nor is it easy to determine the minimal number of vertices for such a graph). m > 2: It becomes increasingly diﬃcult to demonstrate a ﬁnite graph that models ρm as m gets larger. We will not attempt to compute the precise value for Pn (ρm ) for given m and n. However, there are some things that we can say with certainty regarding this value. As a ﬁrst observation, a graph that models ρm must have many vertices. In particular, Pn (ρm ) = 0 for n ≤ m. So if m is small, then so is Pn (ρm ). Less obvious is the fact that, for big m, Pn (ρm ) is close to 1. That is, lim Pn (ρm ) = 1.

n→∞

So although it is hard to give a concrete demonstration of a ﬁnite graph that models, say, ρ8 , we have a process that will produce such a graph with high probability. If we construct a graph on the vertices {v1 , . . . , vn } by ﬂipping a coin, then we will most likely obtain a graph that models ρ8 provided that n is suﬃciently large. We prove this key fact as the following lemma. Lemma 5.35 For each m ∈ N, limn→∞ Pn (ρm ) = 1. Proof Fix m ∈ N. Given N ∈ N, we compute Pn (¬ρm ) where n = N + 2m. Let G be a graph having n vertices. Let X = {x1 , . . . , xm } and Y = {y1 , . . . , ym } be two sets containing m vertices of G such that X ∩ Y = ∅. If

First-order theories

219

G |= ρm , then there exists a vertex z not in X or Y such that z shares an edge with each vertex in X and with no vertex in Y . We want to compute the probability that this is not the case. For any vertex z of G that is not in X or Y , say that z “works” for X and Y if z shares and edge with each vertex of X and no vertex of Y . For this to happen, each ﬂip of the coin must land heads up for the m pairs of vertices (z, xi ) and tails up for the m pairs of vertices (z, yi ). The probability of this happening is 1/22m . So given a particular z, it is unlikely that z works for X and Y . However, there are N possible vertices we may choose for z. Whereas the probability that any one of these does not work is (1 − 1/22m ), the probability that all N of the vertices do not work is (1 − 1/22m )N . Let k = (1 − 1/22m ). Since k is between 0 and 1, limN →∞ k N = 0. So if N is large, then it is likely that there exists a vertex z that works for X and Y even though the probability that any particular z works is small. This indicates that it may be likely that a large graph will model ρm . However, we have not ﬁnished the computation. For the graph G to model ρm , there must exist a vertex z that works for X and Y forall possible X and Y . Since n there are n = N + 2m vertices 2m in G, there are 2m ways to choose the vertices in X ∪ Y . There are then m ways to choose m of these vertices for the set X (and the remaining m for set Y ). In total, there are

n 2m

2m n2m n! < ≤ n2m = m N !m!m! m!m!

possible choices for X and Y . For each choice, the probability that no z works for X and Y is only k N . For G to model ¬ρm , this must happen for only one of these choices. Thus, Pn (¬ρm ) ≤ n2m k N = n2m k n /k 2m . Since many of the possible choices for X and Y overlap, this is deﬁnitely an overestimate of this probability. However, this estimate serves our purpose. Fact lim n2m k n = 0. n→∞

This fact follows solely from the fact that k < 1. Using calculus, it is easy to see that the function x2m k x reaches a maximum at x = −2m/ ln k. To see that this function then decreases to zero, repeatedly apply L’Hopital’s rule (2m times) to the expression x2m /k −x having indeterminate form ∞ ∞. Finally, since limn→∞ Pn (¬ρm ) = 0, limn→∞ Pn (ρm ) = 1.

220

First-order theories

We now deﬁne the VR -theory TRG . This is the theory of graphs that model ρm for all m ∈ N. That is, TRG is the VR -theory axiomatized by: ∀x¬R(x, x), ∀x∀y(R(x, y) ↔ R(y, x)), ∃x∃y¬(x = y), and ρm for each m ∈ N. Let ∆ be a ﬁnite subset of this inﬁnite set of sentences. By Lemma 5.35, ∆ is satisﬁed by a preponderance of the ﬁnite graphs of size n for suﬃciently large n. Since every ﬁnite subset is satisﬁable, TRG is satisﬁable by compactness. So TRG is indeed a theory. We show that it is a complete theory. Proposition 5.36 TRG is ℵ0 -categorical. Proof Let M and N be two denumerable models of TRG . Let UM and UN denote the sets of vertices of M and N respectively. Enumerate these sets as follows: UM = {a1 , a2 , a3 , . . .}

and UN = {b1 , b2 , b3 , . . .}.

We construct an isomorphism f : M → N using a back-and-forth argument. Step 1: Let f (a1 ) = b1 . Step (n + 1): (Part a) Let An be the set of vertices in UM for which f has been deﬁned in some previous step. Let j be least such that aj is not in An . Since N |= ρm for arbitrarily large m, there exists a vertex f (aj ) such that N |= R(f (ai ), f (aj )) if and only if M |= R(ai , aj ) for any ai ∈ An . (Part b) Let Bn = {f (ai )|ai ∈ An } ∪ {f (aj )}. Let j be least such that bj is not in Bn . By the same argument as in part a, we can ﬁnd f −1 (bj ) as desired. The function f deﬁned in this manner is a one-to-one function from M onto N that preserves the edge relation R. It follows that f is an isomorphism and TRG is ℵ0 -categorical. Deﬁnition 5.37 The random graph, denoted by GR , is the unique countable model of TRG . Proposition 5.38 Any ﬁnite graph can be embedded into any model of TRG . Proof Let G be a ﬁnite graph. Let M be an arbitrary model of TRG . We show that G embeds into M by induction on n = |G|. Clearly this is true if n = 1. Suppose that any graph of size m embeds into M for some m ∈ N. Let G be a graph having vertices {v1 , . . . , vm+1 }. By our induction hypothesis, the substructure G of G having vertices {v1 , . . . , vm } can be embedded into M . Let

First-order theories

221

f : G → M denote this embedding. Since M models ρk for arbitrarily large k, there exists a vertex f (an+1 ) of M such that M |= R(f (ai ), f (an+1 )) if and only if G |= R(ai , an+1 ) for i = 1, . . . , n. Thus G is embedded into M . By induction, any ﬁnite graph can be embedded into M . Proposition 5.39 TRG is complete. Proof It follows from the previous proposition that TRG has only inﬁnite models. By Proposition 5.36, TRG is ℵ0 -categorical. By Proposition 5.15, TRG is complete. Theorem 5.40 (0–1 Law for Graphs) For every VR -sentence θ, either limn→∞ Pn (θ) = 0 or limn→∞ Pn (θ) = 1. Proof Recall the axiomatization that was given for TRG . By Lemma 5.35, limn→∞ Pn (ϕ) = 1 for each sentence ϕ in this axiomatization. It follows that limn→∞ Pn (ϕ) = 1 for every sentence ϕ in TRG . Since TRG is complete, either TRG θ or TRG ¬θ for every VR -sentence θ. It follows that either limn→∞ Pn (θ) = 1 or limn→∞ Pn (¬θ) = 1. This result can be generalized. A vocabulary is relational if it contains no functions. So relational vocabularies may contain constants as well as relations. Let Mn be the set of all V-structures having underlying set {1, 2, 3, . . . , n}. Let PVn (θ) be the number of structures in Mn that model θ divided by |Mn |. Theorem 5.41 (0–1 Law for Relations) Let V be a ﬁnite relational vocabulary. For any V-sentence θ, either limn→∞ PVn (θ) = 0 or limn→∞ PVn (θ) = 1.

5.5 Quantiﬁer elimination Suppose that we want to analyze a given ﬁrst-order structure M . We could begin by trying to ﬁnd an axiomatization for T h(M ). Suppose we have accomplished this and T h(M ) is decidable. Then, for any sentence ϕ in the vocabulary of M , we can determine whether M |= ϕ or M |= ¬ϕ. However, understanding the theory T h(M ) is only a ﬁrst step toward understanding the structure M . To analyze M further, one must be familiar with the deﬁnable subsets of the structure. For example, suppose that we are presented with a rather complicated graph G. We are given the set of vertices {v1 , v2 , v3 , . . .} along with the set of all pairs of vertices that share edges in G. Suppose too that we are given a decidable axiomatization of T h(G). Then for any VR -sentence ϕ, we can determine whether or not ϕ holds in G. In some sense, this data represents all there is to know about the structure G. But suppose we want to determine which pairs of vertices (x1 , x2 ) satisfy the VR -formula ψ(x1 , x2 ) deﬁned by ∀y∃z∀u∃v(R(x1 , y) ∧ R(y, z) ∧ R(z, u) ∧ R(u, v) ∧ R(v, x2 )).

222

First-order theories

If neither ∀x1 ∀x2 ψ(x1 , x2 ) nor ∀x1 ∀x2 ¬ψ(x1 , x2 ) hold in G, then it may be a diﬃcult task to determine whether or not a given pair of vertices satisﬁes this formula. In the terminology of Section 4.5.2, ψ(x1 , x2 ) is a ∀4 formula. If you ﬁnd the formula ψ(x1 , x2 ) easy to comprehend, then consider a ∀23 formula or a ∃45 formula. In Chapter 9, we shall introduce a technique that helps us get a handle on such complicated formulas (pebble games). In the present section, we study a property that allows us to utterly avoid them. Deﬁnition 5.42 A V-theory T has quantiﬁer elimination if every V-formula ϕ(x1 , . . . , xn ) (for n ∈ N) there exists a quantiﬁer-free V-formula ψ(x1 , . . . , xn ) such that T ϕ(x1 , . . . , xn ) ↔ ψ(x1 , . . . , xn ). Quantiﬁer elimination is a purely syntactic property that greatly facilitates the study of certain mathematical structures. If a V-theory has this property, then every V-deﬁnable subset of every model is deﬁned by a quantiﬁer-free formula. For example, suppose G is a graph that has quantiﬁer elimination. Since all vertices of a graph satisfy the same quantiﬁer-free formulas (namely x = x and ¬R(x, x)), any VR -formula in one free variable either holds for all vertices or no vertices of G. For a pair of distinct vertices x1 and x2 of G, there are two possibilities: either R(x1 , x2 ) or ¬R(x1 , x2 ) holds in G. In particular, we can determine whether or not the above ∀4 formula ψ(x1 , x2 ) holds merely by checking whether or not x1 and x2 share an edge. One of the following two sentences must be in the VR -theory of G: ∀x1 ∀x2 (R(x1 , x2 ) → ψ(x1 , x2 )) or ∀x1 ∀x2 (R(x1 , x2 ) → ¬ψ(x1 , x2 )). Likewise, any graph having quantiﬁer elimination must model either ∀x1 ∀x2 (¬R(x1 , x2 ) → ψ(x1 , x2 )) or ∀x1 ∀x2 (¬R(x1 , x2 ) → ¬ψ(x1 , x2 )). The goal of this section is to formulate methods that determine whether or not a given complete theory has quantiﬁer elimination. 5.5.1 Finite relational vocabularies. Let T be a complete theory, and suppose that we want to determine whether or not T has quantiﬁer elimination. We make two initial observations. • Theorem 4.49 provides a suﬃcient criterion for a formula to be T -equivalent to a quantiﬁer-free formula. • To show that T has quantiﬁer elimination, it suﬃces to check this criterion only for existential formulas having only one occurences of “∃.” We elaborate and verify the latter point. Let T be a V-theory. To show that T has quantiﬁer elimination, we must show that ϕ(¯ x) is T -equivalent to a quantiﬁer-free formula for every V-formula

First-order theories

223

ϕ(¯ x) having at least one free variable. One way to do this is to proceed by induction on the complexity of ϕ(¯ x). If ϕ(¯ x) is quantiﬁer-free, then there is nothing to show. Suppose that both ψ and θ are T -equivalent to quantiﬁer-free formulas. If ϕ(¯ x) is T -equivalent to either of these formulas, their negations, or their conjunction, then ϕ(¯ x) is T -equivalent to a quantiﬁer-free formula. Now suppose ϕ(¯ x) is equivalent to ∃yψ(¯ x, y). To show that T has quantiﬁer elimination, it suﬃces to show that this formula is T -equivalent to a quantiﬁer-free formula. In this way, the problem of showing that T has quantiﬁer elimination reduces to the problem of showing that formulas of the form ∃yψ(¯ x, y) are T -equivalent to quantiﬁer-free formulas. Proposition 5.43 A V-theory T has quantiﬁer elimination if and only if for every quantiﬁer-free V-formula ϕ(x1 , . . . , xn , y) (for n ∈ N), there exists a quantiﬁerfree V-formula ψ(x1 , . . . , xn ) such that T ∃yϕ(x1 , . . . , xn , y) ↔ ψ(x1 , . . . , xn ). Proof Suppose that ∃yϕ(¯ x, y) is T -equivalent to a quantiﬁer-free formula for every quantiﬁer-free V-formula ϕ having at least two free variables. Then we can show that every V-formula θ is T -equivalent to a quantiﬁer-free formula by induction on the complexity of θ as in the preceeding paragraph. Conversely, if T has quantiﬁer elimination, then ∃yϕ(¯ x, y), like every V-formula, is T equivalent to a quantiﬁer-free formula. So to eliminate all of the quantiﬁers from a formula like ∀y∃z∀u∃v(R(x1 , y) ∧ R(y, z) ∧ R(z, u) ∧ R(u, v) ∧ R(v, x2 )), we need only be able to eliminate one occurrence of the quantiﬁer ∃ at a time. For complete T , Theorem 4.49 gives us a criterion for determining whether a given formula is T -equivalent to a quantiﬁer free formula. This yields a method for showing quantiﬁer elimination. We ﬁrst consider theories that have ﬁnite relational vocabularies. These vocabularies are particularly simple because of the following fact. Proposition 5.44 The vocabulary V is ﬁnite and relational if and only if there are only ﬁnitely many atomic V-formulas. Proof If V contains a function f , then we have the atomic formulas f (¯ x) = y, f (f (¯ x)) = y, f (f (f (¯ x)) = y, and so forth. Proposition 5.45 Let T be a complete theory in a ﬁnite relational vocabulary. The following are equivalent. (i) T has quantiﬁer-elimination. (ii) For any model M of T and any n ∈ N, if (a1 , . . . , an ) and (b1 , . . . , bn ) are n-tuples of UM that satisfy the same atomic formulas in M ,

224

First-order theories

then for any an+1 ∈ UM there exists bn+1 ∈ UM such that (a1 , . . . , an , an+1 ), and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in M (where UM denotes the underlying set of M ). Proof Suppose ﬁrst that T has quantiﬁer elimination. If (a1 , . . . , an ) and (b1 , . . . , bn ) satisfy the same atomic formulas, then they satisfy the same quantiﬁer-free formulas. This can be shown by induction on the complexity of a given quantiﬁer-free formula. Given an+1 ∈ UM , let Φ(x1 , . . . , xn+1 ) be the conjunction of all of the atomic and negated atomic formulas that hold of (a1 , . . . , an , an+1 ) in M . Such a formula Φ exists since there are only ﬁnitely many atomic formulas. By quantiﬁer elimination, ∃yΦ(x1 , . . . , xn , y) is T -equivalent to a quantiﬁer-free formula θ(x1 , . . . , xn ). Since M models θ(a1 , . . . , an ), M also models θ(b1 , . . . , bn ). It follows that M |= ∃yΦ(b1 , . . . , bn , y). Let bn+1 ∈ UM be such that M |= Φ(b1 , . . . , bn , bn+1 ). Conversely, suppose that (ii) holds. Let ϕ(x1 , . . . , xn , xn+1 ) be a quantiﬁerfree formula (for n ≥ N). By (ii), if (a1 , . . . , an ) and (b1 , . . . , bn ) satisfy the same atomic formulas, then M |= ∃yϕ(a1 , . . . , an , y) if and only if M |= ∃yϕ(b1 , . . . , bn , y). By Theorem 4.49, ∃yϕ(x1 , . . . , xn , y) is T equivalent to a quantiﬁer-free formula. By Proposition 5.43, T has quantiﬁer elimination. Example 5.46 Recall the VS -structure ZS = (Z|S) from Example 5.51. This structure interprets the binary relation S as the successor relation on the integers. As was pointed out in Example 4.48, the ordered pairs (0, 2) and (4, 7) satisfy the same atomic VS -formulas. Let TS = T h(ZS ). If TS had quantiﬁer elimination, then, by condition (ii) of Proposition 5.45, for every integer x there would exist an integer y such that (0, 2, x) and (4, 7, y) satisfy the same atomic formulas. To show that this is not the case, let x = 1. Then both S(0, x) and S(x, 2) hold. Clearly, there is no y that bears these relations to 4 and 7. We conclude that TS does not have quantiﬁer elimination. In particular, the formula ∃z(S(x, z) ∧ S(z, y)) is not TS -equivalent to a quantiﬁer-free formula (this was also shown in Example 4.48). Example 5.47 We show that TDLOE does not have quantiﬁer elimination. The only two atomic V< -formulas are x < y and x = y. Any two n-tuples of elements listed in ascending order will satisfy the same atomic formulas. In particular, this is true if n = 1. Consider the two elements 0 and 0.01 from the underlying set of Q[0,1] . These two elements satisfy the same atomic V< -formulas in Q[0,1] . However, since 0 is the smallest element, there is no y so that (0, y) satisﬁes the same atomic formulas as (0.01, 0.001). By Proposition 5.45, TDLOE does not have quantiﬁer elimination. In particular, the formula ∃y(y < x) is not TDLOE -equivalent to a quantiﬁer-free formula.

First-order theories

225

Using condition (ii) of Proposition 5.45, we can quickly show that some theories do not have quantiﬁer elimination as in the previous examples. To show that a theory T does have quantiﬁer elimination, (ii) requires us to consider all pairs of tuples from all models of T . If T is complete and has a ﬁnite relational vocabulary, then this condition can be simpliﬁed as the following corollary states. Corollary 5.48 Let T be a complete theory. If T has a ﬁnite relational vocabulary, then T has quantiﬁer elimination if and only if condition (ii) from Proposition 5.45 holds in some model M of T . Proof This follows from the assumption that T is complete. Let Φ and θ be as in the proof of Proposition 5.45. Let M be some model of T . If M models ∃yΦ(x1 , . . . , xn , y) ↔ θ(x1 , . . . , xn ), then, since T is complete, so does every model of T . Proposition 5.49 The theory TDLO of dense linear orders without endpoints has quantiﬁer elimination. Proof By the previous corollary, it suﬃces to verify condition (ii) of Proposition 5.45 for only one model. Let Q< be the V< -structure that interprets < as the usual order on the rational numbers. Let a ¯ = (a1 , . . . , an ) and ¯b = (b1 , .., bn ) be two n-tuples of rational numbers. With no loss of generality, we may assume that a1 < a2 < · · · < an . Suppose that a ¯ and ¯b satisfy the same atomic V< -formulas. Then we have b1 < b2 < · · · < bn . Let an+1 be any rational number. We must show that there exists a rational number bn+1 so that (b1 , . . . , bn , bn+1 ) satisﬁes the same atomic V< -formulas as (a1 , . . . , an , an+1 ). There are four cases: If an+1 = ai for some i = 1, . . . , n, then we can just let bn+1 = bi . If an+1 < ai for each i, then, since Q has no smallest element, we can ﬁnd bn+1 ∈ Q that is smaller than each bn+1 . Likewise, if an+1 is greater than each ai , then we can ﬁnd bn+1 ∈ Q that is greater than each bi . Otherwise, ai < an+1 < ai+1 for some i. Since Q is dense, we can ﬁnd bn+1 ∈ Q between bi and bi+1 . In any case, we can ﬁnd bn+1 as desired. So TDLO has quantiﬁer elimination by Corollary 5.48. Proposition 5.50 The theory TRG of the random graph has quantiﬁer elimination.

226

First-order theories

Proof Since TRG has a ﬁnite relational vocabulary, we can apply Corollary 5.48. Let U be the set of vertices of the random graph GR . Let (a1 , . . . , an ) and (b1 , . . . , bn ) be two n-tuples of U that satisfy the same atomic formulas in GR . We must show that for any x ∈ U , there exists y ∈ U such that (a1 , . . . , an , x) and (b1 , . . . , bn , y) satisfy the same atomic formulas in GR . This follows from the fact that GR models the VR -sentence ρm for arbitrarily large m. Example 5.51 Let V + = {<, Ps , Pb } be an expansion of T< that includes two + be the expansion of TDLOE to a V + unary relations Ps and Pb . Let TDLOE theory that interprets Ps (x) as the smallest element and Pb (x) as the biggest element in the order. Then this theory has quantiﬁer elimination. Recall from Example 5.47 that TDLOE does not have quantiﬁer elimination. It was shown in that example that ∃y(x < y) is not TDLOE -equivalent to a quantiﬁer-free + -equivalent to the quantiﬁer-free formula ¬Pb (x). formula. This formula is TDLOE + To show that TDLOE has quantiﬁer elimination, we can use an argument similar to the proof of Proposition 5.49. Example 5.52 Let T be an VE -theory that says E is an equivalence relation having inﬁnitely many inﬁnite classes. We show that T has quantiﬁer elimination. Let M be the VE -structure having denumerably many equivalence classes each of which is denumerable. Let (a1 , . . . , an ) and (b1 , . . . , bn ) be two n-tuples of elements from the universe UM of M that satisfy the same atomic VE -formulas in M . Let an+1 be any element of UM . Since there are inﬁnitely many equivalence classes in UM and each is inﬁnite, we can surely ﬁnd bn+1 ∈ UM such that M |= E(bi , bn+1 ) if and only if M |= E(ai , an+1 ). So T has quantiﬁer elimination. Now suppose that we expand the vocabulary by adding a unary relation P . Let TP be the expansion of T to the vocabulary {<, P } that says that P (x) holds for exactly one element x. Let N1 |= TP . Let a be the unique element such that N1 |= P (a). Let b be an element that is equivalent, but not equal, to a. Let c be an element that is not equivalent to a. Then b and c satisfy the same atomic formulas in N1 (since ¬P (b) and ¬P (c) both hold). Since there is no element y so that (b, a) and (c, y) satisfy the same atomic formulas, TP does not have quantiﬁer elimination. In particular, the formula ∃y(P (y) ∧ E(x, y)) is not TP -equivalent to a quantiﬁer-free formula. Now expand the vocabulary again to include the constant u. Let TP (u) be the expansion of TP to the vocabulary {<, P , u} that interprets u as the unique element for which P (u) holds. Since we have merely provided a name for an element that was already uniquely deﬁned, TP (u) is essentially the same as TP (the models of TP can easily be viewed as models of TP (u) and vice versa). However, in contrast to TP , TP (u) does have quantiﬁer elimination. The formula ∃y(P (y) ∧ E(x, y)) is TP (u) -equivalent to the atomic formula E(x, u).

First-order theories

227

The previous examples demonstrate that quantiﬁer elimination is a purely + syntactic property. The theories TDLOE and TDLOE (like the theories TP and TP (u) ) have very similar models. Given any model M of one of these theories, we can ﬁnd a model N of the other theory so that M and N have the same underlying set and the same deﬁnable subsets. Deﬁnition 5.53 Let M1 be a V1 -structure and M2 be a V2 -structure having the same underlying set. If the V1 -deﬁnable subsets of M1 are the same as the V2 -deﬁnable subsets of M2 then M1 and M2 are said to be bi-deﬁnable. Two theories T1 and T2 are bi-deﬁnable if every model of T1 is bi-deﬁnable with some model of T2 and vice versa. + The theories TDLOE and TDLOE are bi-deﬁnable as are TP and TP (u) . How+ ever, TDLOE and TP (u) have quantiﬁer elimination whereas TDLOE and TP do not. The following proposition states that any theory has a bi-deﬁnable theory with quantiﬁer elimination.

Proposition 5.54 Let T be a V-theory. There exists a theory Tm that is bideﬁnable with T and has quantiﬁer elimination. Proof For each V-formula ϕ(x1 , . . . , xn ) (with n ∈ N), let Rϕ be an n-ary relation that is not in V. Let Vm = V ∪ {Rϕ |ϕ is a V-formula}. Let Tm be the x) ↔ Rϕ (¯ x) for expansion of T to a Vm -theory that contains the sentence ϕ(¯ each V-formula ϕ. Since each relation Rϕ is explicitly deﬁned by Tm in terms of V, T , and Tm are bi-deﬁnable. Since every Vm -formula is Tm -equivalent to a quantiﬁer-free formula, Tm has quantiﬁer elimination. The theory Tm in the previous proof is called the Morleyization of T . Morleyizations demonstrate that the property of quantiﬁer elimination is not always useful. To analyze a structure M , we should choose an appropriate vocabulary. Ideally, we want to ﬁnd a vocabulary V so that M is bi-deﬁnable with some V -structure M where T h(M ) has quantiﬁer elimination. We must also require that the atomic V -formulas (and the relations between these formulas) are readily understood. The Morleyization of Tm is often of no use in this regard. If the atomic V -formulas are too complicated, then the quantiﬁer elimination of T h(M ) does not lend insight into the structure M . We have restricted our attention in this section to examples of theories that are particularly nice. With the exception of TS from Example 5.46, each theory we have considered is bi-deﬁnable with a theory in a ﬁnite relational vocabulary that has quantiﬁer elimination. This is a severe restriction. The astute reader may have anticipated the following fact. Proposition 5.55 Let T be a complete theory in a ﬁnite relational vocabulary. If T has quantiﬁer elimination, then T is ℵ0 -categorical.

228

First-order theories

Proof This follows immediately from Proposition 5.44 and Theorem 5.32. Corollary 5.48 provides a method for determining whether or not certain theories have quantiﬁer elimination. By the previous proposition, this method can only be used to show that ℵ0 -categorical theories have quantiﬁer elimination. To show that other theories have quantiﬁer elimination, we must devise other methods. 5.5.2 The general case. Let T be a complete V-theory, and suppose that we want to determine whether or not T has quantiﬁer elimination. We have described a method that is useful for ﬁnite relational V. If V is not both ﬁnite and relational, then this method may fail in one of two ways. We demonstrate these failures with two examples. Example 5.56 Let TE = T h(M2 ) where M2 is the countable VE -structure deﬁned in Example 5.18. Let Ts = T h(Zs ) where Zs is the Vs -structure deﬁned in Example 5.12. We deﬁne a theory T that contains both of these theories. Let V be the vocabulary {E, s}. Let T be the set of all V-sentences that can be derived from the set TE ∪ Ts ∪ {∀x∀y((s(x) = y → E(x, y))}. The models of T have two inﬁnite equivalence classes. The sentence ∀x∀y((s(x) = y → E(x, y)) implies that every element is in the same equivalence class as its successor, its successor’s successor, and so forth. So each equivalence class contains copies of the structure (Z, s). As in Example 5.20, each equivalence class may contain any number of copies of Z. Let M be the model that has two copies of Z in one equivalence class and one copy in the other. This structure can be depicted as follows:

(. . . a−2 , a−1 , a0 , a1 , a2 , . . .)

(. . . , b−2 , b−1 , b0 , b1 , b2 , . . .)

(. . . c−2 , c−1 , c0 , c1 , c2 , . . .)

The underlying set of M is UM = {ai , bi , ci |i ∈ Z}. The two boxes represent the two E equivalence classes. The successor of ai is ai+1 . Likewise for bi and ci .

First-order theories

229

The elements a0 and b0 satisfy the same atomic formulas in M (as does each element of UM ). However, there is no element y so that (a0 , y) and (b0 , c0 ) satisfy the same atomic formulas. If the vocabulary of T were ﬁnite and relational, then we could conclude that it does not have quantiﬁer elimination. However, the vocabulary of T contains the function s. In fact, T is both complete and has quantiﬁer elimination. Example 5.57 Let V = {E, Pi |i ∈ N} be the vocabulary consisting of a binary relation E and denumerably many unary relations Pi . Let M be a countable V-structure that interprets E as an equivalence relation that has inﬁnitely many equivalence classes of size 1, inﬁnitely many equivalence classes of size 2, and no other equivalence classes. Moreover, each Pi holds for exactly two elements that are in the same equivalence class. So if a is in a class of size 1, then ¬Pi (a) holds for each i ∈ N. To complete our description of M , if M |= E(b, c) ∧ ¬(b = c) then M |= Pi (b) ∧ Pi (c) for exactly one i. Let UM be the underlying set of M . If two tuples of elements from UM satisfy the same atomic V-formulas in M , then they satisfy the same V-formulas in M . However, T h(M ) does not have quantiﬁer elimination. The formula ∃y(¬(x = y) ∧ E(x, y)) is not T h(M )-equivalent to a quantiﬁer-free formula. Proposition 5.45 provides a necessary and suﬃcient condition for a complete theory T in a ﬁnite relational vocabulary to have quantiﬁer elimination. We restate this condition. (ii) For any model M of T and any n ∈ N, if (a1 , . . . , an ) and (b1 , . . . , bn ) are n-tuples of UM that satisfy the same atomic formulas in M , then for any an+1 ∈ UM there exists bn+1 ∈ UM such that (a1 , . . . , an , an+1 ) and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in M (where UM denotes the underlying set of M ). Corollary 5.48 states that, if the vocabulary V of T is ﬁnite and relational, then T has quantiﬁer elimination if and only if condition (ii) holds for some model M of T . If V is not ﬁnite and relational, then, as Example 5.57 demonstrates, we must verify (ii) for more than one model. So Corollary 5.48 fails for vocabularies that are not ﬁnite and relational. Example 5.56 demonstrates that one direction of Proposition 5.45 also fails for vocabularies that are not ﬁnite and relational. Condition (ii) does not necessarily hold for all theories that have quantiﬁer elimination. It is still true that (ii) implies quantiﬁer elimination. The proof that (ii) implies (i) in Proposition 5.45 makes no use of the hypothesis that the vocabulary is ﬁnite and relational. So (ii) is a suﬃcient condition for quantiﬁer elimination,

230

First-order theories

but, if the vocabulary is not ﬁnite and relational, it is not a necessary condition. The following Proposition provides two necessary and suﬃcient conditions for an arbitrary theory to have quantiﬁer elimination. Note that (ii) is a modiﬁed version of condition (ii). Proposition 5.58 Let T be a complete V-theory. The following are equivalent: (i) T has quantiﬁer elimination. ¯ and ¯b satisfy the same (ii) For any model M of T and any n ∈ N, if n-tuples a atomic formulas in M , then for any an+1 ∈ UM there exist an elementary extension N of M and an element bn+1 in UN such that (a1 , . . . , an , an+1 ) and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in N (where UM and UN denote the underlying sets of M and N ). (iii) For any V-structure C, if f : C → M and g : C → M are two embeddings of C into a model M of T , then M |= ∃yϕ(f (c1 ), . . . , f (cn ), y) if and only if M |= ∃yϕ(g(c1 ), . . . , g(cn ), y) for any quantiﬁer-free V-formula ϕ(x1 , . . . , xn , y) and any n-tuple (c1 , . . . , cn ) of elements from the underlying set of C. Proof By modifying the proof that (i) implies (ii) in Proposition 5.45, it can be shown that (i) implies (ii) . We leave this as Exercise 5.18. That (ii) implies (iii) follows from the fact that the tuples (f (c1 ), . . . , f (cn )) and (g(c1 ), . . . , g(cn )) satisfy the same quantiﬁer-free formulas in M (by the deﬁnition of “embedding”). It remains to be shown that (iii) implies (i). We assume that (i) does not hold and show that (iii) does not hold. Suppose that T does not have quantiﬁer elimination. By Proposition 5.43, there exists a quantiﬁer-free V-formula ϕ(x1 , . . . , xn , y) such that ∃yϕ(x1 , . . . , xn , y) is not T -equivalent to a quantiﬁer-free formula. By Theorem 4.49, there exists a model M of T and n-tuples a ¯ = (a1 , . . . , an ) and ¯b = (b1 , . . . , bn ) from the universe UM of M such that a ¯ and ¯b satisfy the same atomic V-formulas in M but M |= ∃yϕ(¯ a, y)

and M |= ¬∃yϕ(¯b, y).

Now if {a1 , . . . , an } happens to be the universe of a substructure of M , then we can take this to be C in (iii). Otherwise, we must consider the substructure ¯ a of M generated by a ¯ (as deﬁned in Exercise 2.34). This is the smallest substructure of M that contains {a1 , . . . , an }. Likewise, let ¯b be the smallest substructure of M that contains {b1 , . . . , bn }. Claim ¯ a ∼ = ¯b.

First-order theories

231

Proof By Exercise 2.34, this claim follows from the fact that a ¯ and ¯b satisfy the same atomic formulas (and, therefore, the same quantiﬁer-free formulas) in M . For readers who have not completed this exercise, we sketch the idea. Let A0 be the union of {a1 , . . . , an } together with the set of all elements in UM that interpret constants of V. Let A be the closure of A0 under all functions in V. Then ¯ a is the substructure of M that has A as an underlying set. The key point is that each element in ¯ a can be represented by a quantiﬁer-free Vterm having parameters among {a1 , . . . , an }. Let f be the function deﬁned by ¯ and ¯b satisfy the same quantiﬁer-free formulas, g(ai ) = bi for i = 1, . . . , n. Since a ¯ and the elements of ¯ a and b can be expressed with quantiﬁer-free terms, f can be extended to an isomorphism g : ¯ a → ¯b. To see that (iii) does not hold, let C = ¯ a, let f : C → ¯ a be the identity function, and let g : C → ¯b be as deﬁned above. Let T be a complete theory. To determine whether or not T has quantiﬁer elimination we can use either condition (ii) or (iii) from the previous proposition. However, depending on how much information we have regarding T , verifying these conditions may or may not be practical. It may not be easy to consider arbitrary elementary extensions in (ii) or arbitrary substructures in (iii). In speciﬁc cases, when T is known to have certain properties, there are methods for determining quantiﬁer elimination that are easier than (ii) and (iii). For example, if T has a ﬁnite relational vocabulary, then, as we have discussed, it suﬃces to consider property (ii). If T is a small theory, then, regardless of whether the vocabulary is ﬁnite or relational, we only need to consider condition (ii) for the countable saturated model of T . However, this fact will not be immediately useful to those who are not reading this book backwards. Small theories and saturated model are deﬁned and discussed in Chapter 6 (see Exercise 6.17). Another property that allows for a practical method for determining quantiﬁer elimination is the isomorphism property. Deﬁnition 5.59 We say that a structure M has the isomorphism property if any isomorphism between substructures of M can be extended to an isomorphism between submodels of M . If every model of T has the isomorphism property, then T is said to have the isomorphism property. Example 5.60 Recall the VS -structure ZS and the theory TS = T h(ZS ) from Examples 4.48 and 5.46. Since VS is relational, any subset of Z serves as the underlying set of a substructure of ZS . Let M1 be the substructure having universe {0, 2} and let M2 be the substructure having universe {4, 7}. Since both of these structures model the sentence ∀x∀y¬S(x, y), M1 and M2 are isomorphic. This isomorphism cannot be extended to submodels of ZS . So the theory TS does not have the isomorphism property.

232

First-order theories

Example 5.61 Recall the Vs -structure Zs and the theory Ts = T h(Zs ) from Examples 5.12 and 5.20. This theory is bi-deﬁnable with the VS -theory TS from the previous example. We show that Ts , unlike TS , has the isomorphism property. Let A and B be substructures of a model M of Ts . Since substructures must be closed under the function s, the underlying set of each of these substructures is a union of sets of the form {a, s(a), s(s(a)), . . .}. With no loss of generality, we may assume that {a, s(a), s(s(a)), . . .} is the underlying set of A and {b, s(b), s(s(b)), . . .} is the underlying set of B. There is exactly one isomorphism between these Vs -structures. This isomorphism can be extended to an isomorphism between submodels of M by mapping the predecessor of a to the predecessor of b, and so forth. If T has the isomorphism property, then we can simplify condition (iii) of Proposition 5.62. Instead of dealing with substructures, we can focus on submodels of models of T . Proposition 5.62 Let T be a complete V-theory that has the isomorphism property. The following are equivalent: (a) T has quantiﬁer elimination. (b) For any quantiﬁer-free V-formula ϕ(x1 , . . . , xn , y) and any models M and N of T with N ⊂ M , if M |= ∃yϕ(¯ a, y), then N |= ∃yϕ(¯ a, y) for any n-tuple a ¯ from the universe of N . Proof If (a) holds, then, since quantiﬁer-free formulas are preserved under submodels, (b) holds. We must prove the opposite direction. Suppose that (b) holds. We show that (iii) from Proposition 5.58 holds. Let C be a V-structure C and let f : C → M and g : C → M be two embeddings of C into a model M of T . Let C1 be the range of f and let C2 be the range of g. Then C1 and C2 are isomorphic substructures of M . Since T has the isomorphism property, the isomorphism g(f −1 ) : C1 → C2 extends to an isomorphism h : N1 → N2 between submodels N1 and N2 of M . To verify (iii), we must show that for any quantiﬁer-free V-formula ϕ M |= ∃yϕ(f (c1 ), . . . , f (cn ), y) if and only if M |= ∃yϕ(g(c1 ), . . . , g(cn ), y) for any n-tuple (c1 , . . . , cn ) of elements from the universe of C. Since existential formulas are preserved under supermodels, if N1 |= ∃yϕ(f (c1 ), . . . , f (cn ), y), then M |= ∃yϕ(f (c1 ), . . . , f (cn ), y). Condition (b) provides the converse: if M |= ∃yϕ(f (c1 ), . . . , f (cn ), y), then N1 |= ∃yϕ(f (c1 ), . . . , f (cn ), y).

First-order theories

233

So we have M |= ∃yϕ(f (c1 ), . . . , f (cn ), y) if and only if N1 |= ∃yϕ(f (c1 ), . . . , f (cn ), y). Likewise, M |= ∃yϕ(g(c1 ), . . . , g(cn ), y) if and only if N2 |= ∃yϕ(g(c1 ), . . . , g(cn ), y). Since h : N1 → N2 is an isomorphism that extends g(f −1 ), N1 |= ∃yϕ(f (c1 ), . . . , f (cn ), y) if and only if N2 |= ∃yϕ(g(c1 ), . . . , g(cn ), y). We conclude M |= ∃yϕ(f (c1 ), . . . , f (cn ), y) if and only if M |= ∃yϕ(g(c1 ), . . . , g(cn ), y) as desired. Proposition 5.63 Ts has quantiﬁer elimination. Proof Since Ts has the isomorphism property, it suﬃces to verify condition (b) of Proposition 5.62. Let ϕ(x1 , . . . , xn , y) be a quantiﬁer-free Vs -formula. Let a, y) for some n-tuple a ¯ of N ⊂ M be models of Ts and suppose N |= ¬∃yϕ(¯ elements from the underlying set of N . Any elementary extension of N also models ¬∃yϕ(¯ a, y). Let N be an elementary extension of N that contains many a, b) for some b that is not in the same copy of Z copies of Z. Then N |= ¬ϕ(¯ as any of the ai s. Since any two such bs bear the same atomic relations to each ai (namely ¬sm (ai ) = b and ¬sm (b) = ai for m ∈ N) any extension of N must model ¬∃yϕ(¯ a, y). In particular, M |= ¬∃yϕ(¯ a, y). This veriﬁes condition (b). We conclude that Ts has quantiﬁer elimination.

5.6 Model-completeness In this section, we discuss a property closely related to quantiﬁer elimination. As we shall see, there are many equivalent ways to deﬁne this property. The following is the standard deﬁnition. Deﬁnition 5.64 A theory T is model-complete if, for any models M and N of T , N ⊂ M implies N ≺ M . Example 5.65 Let Ns = {N|s} be the Vs -structure that interprets the binary relation s as the successor function on the natural numbers. Let N4 be the substructure of Ns having underlying set {4, 5, 6, . . .}. Then N4 ≡ Ns and N4 ⊂ Ns . Since Ns |= ∃x(s(x) = 4) and N4 |= ¬∃x(s(x) = 4), N4 is not an elementary substructure of Ns . It follows that T h(Ns ) is not model-complete. If we expand Ns to include a constant for the ﬁrst element, then we obtain a structure that does have a model-complete theory.

234

First-order theories

The following proposition perhaps explains why this property it is called “model-complete.” Proposition 5.66 A theory T is model-complete if and only if, for any model M of T , T ∪ D(M ) is complete. Proof Exercise 5.24. The Tarski–Vaught criterion 4.31 for elementary substructures yields the following criterion for model-completeness. Proposition 5.67 Let T be a V-theory. The following are equivalent: (i) T is model-complete. (ii) For any models M and N of T with N ⊂ M , M |= ∃yψ(¯ a, y) implies N |= ∃yψ(¯ a, y) for any V-formula ψ(¯ x, y) and any tuple a ¯ of elements from the universe of N . Proof It follows immediately from the deﬁnition of “model-complete” that (i) implies (ii). The converse follows from the Tarski–Vaught criterion 4.31. The following proposition shows that, in some sense, model-complete theories “almost” have quantiﬁer elimination. Proposition 5.68 Let T be a V-theory. The following are equivalent: (i) T is model-complete. (ii) Every V-formula is preserved under submodels and supermodels of T . (iii) Every V-formula is T -equivalent to an existential formula. (iv) Every V-formula is T -equivalent to a universal formula. Proof (i) implies (ii) by the deﬁnition of “model-complete.” (ii) implies (iii) by Proposition 4.45. Suppose that (iii) holds. Let ϕ(¯ x) be a V-formula. By (iii), ¬ϕ(¯ x) is T equivalent to an existential formula. It follows that ϕ(¯ x) is T -equivalent to a universal formula. So (iii) implies (iv). Finally, suppose that (iv) holds. Suppose that M and N are models of T and N ⊂ M . Let ψ(¯ x, y) be a V-formula and let a ¯ be a tuple of elements from the underlying set of N . Since ∃yψ(¯ x, y) is T -equivalent to a universal formula and universal formulas are preserved under submodels, if M |= ∃yψ(¯ a, y),

then N |= ∃yψ(¯ a, y).

By Proposition 5.67, T is model-complete.

First-order theories

235

It follows from Proposition 5.68 that every theory with quantiﬁer elimination is an example of a model-complete theory. We next demonstrate some examples that do not have quantiﬁer elimination. Example 5.69 Let TS be the VS -theory from Examples 4.48 and 5.46. Recall that every VS -formula is preserved under submodels and supermodels of TS . By Proposition 5.68, TS is model-complete. As was shown in Example 5.46, TS does not have quantiﬁer elimination. Example 5.70 Recall the V< -theory TDLOE of dense linear orders with endpoints. As was shown in Example 5.51, TDLOE does not have quantiﬁer elimination. To see that TDLOE is not model-complete, let R[a,b] denote the model having universe [a, b] for any real numbers a and b with a < b. Then R[c,d] is a submodel of R[a,b] whenever [c, d] is a subinterval of [a, b]. But R[c,d] is not an elementary submodel unless both a = c and b = d. (If a = c, then, + R[c,d] models ∀y ¬(y < c) and R[a,b] does not). In contrast, the expansion TDLOE of TDLOE to the vocabulary {<, Ps , Pb } is model-complete. This follows from the fact that it has quantiﬁer elimination as was discussed in Example 5.51. This illustrates that model-completeness, like quantiﬁer elimination, is a purely syntactic property. Example 5.71 We state, but do not verify, some facts regarding the real numbers. We refer the reader to [16] or [29] for proofs of these facts. Let R = (R|+, ·, 0, 1). Let Ror be the expansion of R to the vocabulary {<, +, ·, 0, 1}. Then T h(R) is model-complete. By Proposition 5.68, every formula in the vocabulary {+.·, 0, 1} is T h(R)-equivalent to an existential formula. In particular, the relation < is explicitly deﬁned by T h(Ror ) as ∃z(x + (z · z) = y). It follows that T h(Ror ) too is model-complete. In fact T h(Ror ) has quantiﬁer elimination (but T h(R) does not). Deﬁnition 5.72 Let T be a V-theory and let M |= T . We say that M is existentially closed with respect to T if, for any model N of T with M ⊂ N if N |= ϕ(¯ a)

then M |= ϕ(¯ a)

for any existential V-formula ϕ(¯ x) and any tuple a ¯ of elements from the universe of M . Proposition 5.73 A theory T is model-complete if and only if every model of T is existentially closed with respect to T . Proof It follows from the deﬁnitions that any model of a model-complete theory T is existentially closed with respect to T . We must prove the converse. Suppose every model of T is existentially closed with respect to T . Let V be the vocabulary of T . To show that T is model-complete, we show that every

236

First-order theories

V-formula is T -equivalent to a universal formula. It suﬃces to show that every existential V-formula is T -equivalent to a universal formula (see Exercise 3.2). Let ϕ(¯ x) be an existential V-formula. If M and N are models of T with M ⊂ N , then, since M is existentially closed with respect to T , N |= ϕ(¯ a) implies M |= ϕ(¯ a) for any tuple a ¯ of elements from the universe of M . That is, ϕ(¯ x) is preserved under submodels of T . By Theorem 4.47, ϕ(¯ x) is T -equivalent to a universal V-formula. By Exercise 3.2, every V-formula is T -equivalent to a universal formula. By Proposition 5.68, T is model-complete. Proposition 5.73 improves Proposition 5.67. Instead of verifying condition (ii) of Proposition 5.67 for every V-formula ψ, it suﬃces to verify this condition only for existential ψ. Deﬁnition 5.74 A theory is said to be ∀2 -axiomatizable if it has an axiomatization consisting of ∀2 sentences. Proposition 5.75 If T is model-complete, then T is ∀2 -axiomatizable. Proof Use Exercise 4.30. Lindstr¨ om’s theorem states that if T is κ-categorical for some κ, then the converse of Proposition 5.75 holds. To prove Lindstr¨ om’s theorem, we shall use the following result. Proposition 5.76 If T is ∀2 -axiomatizable, then any model of T can be extended to a model that is existentially closed with respect to T . Proof Let M be a model of T having underlying set U . We assume that both T and M are denumerable. For uncountable T or M , the proof is similar. Let V be the vocabulary of T . Let E be the set of existential formulas having parameters from U and no free variables. That is, E consists of formulas of the form ∃¯ xϕ(¯ x, a ¯) where ϕ is a quantiﬁer-free V-formula and a ¯ is a tuple of elements from U . Since both U and V are countable, so is E. Enumerate E as {θ1 , θ2 , θ3 , . . .}. (In the case where M is uncountable, invoke the Well Ordering Principle.) We inductively deﬁne a sequence of V-structures as follows. Let A0 = M . Suppose now that An has been deﬁned. To deﬁne An+1 , consider the formula θn+1 in the enumeration of E. Let An+1 be any extension of An that models T ∪ θn+1 . If no such extension exists, then just let An+1 = An . (In the case where M is uncountable, let Aα = β<α Aβ for limit ordinals α.) Let B1 be the union of the chain M = A0 ⊂ A1 ⊂ A2 ⊂ · · · . Since each Ai models T and ∀2 sentences are preserved under unions, B1 is a model of T . We claim that, for any extention N of B1 that models T , if N |= θi , then B1 |= θi for each θi ∈ E. If such an N exists, then Ai+1 |= θi . If this is the case, then B1 |= θi since Ai+1 ⊂ B1 and existential formulas are preserved under supermodels.

First-order theories

237

To obtain an existentially closed extension of M , we must repeat this process. Given Bi , for some i ∈ N, construct Bi+1 in the same way that B1 was x) be an existential V-formula constructed (with Bi playing the role of M ). Let ϕ(¯ ¯ and let b be a tuple of elements from the universe of Bi . If Bi has an extension that models T ∪ ϕ(¯b), then Bi+1 models ϕ(¯b). Let ME be the union of the chain B1 ⊂ B2 ⊂ · · · . Since T is ∀2 x) be an existential V-formula and let ¯b axiomatizable, ME models T . Let ϕ(¯ be a tuple of elements from the universe of ME . Then ¯b is a tuple from the universe of Bi for some i. If ME has an extension that models T ∪ ϕ(¯b), then Bi+1 models ϕ(¯b). Since existential formulas are preserved under supermodels, ME |= ϕ(¯b). This shows that ME is existentially closed with respect to T . Theorem 5.77 (Lindstr¨ om) Let T be a κ-categorical for some κ ≥ |T |. If T is ∀2 -axiomatizable, then T is model-complete. Proof Suppose that T is ∀2 -axiomatizable and not model-complete. We show that T is not κ-categorical. Let V be the vocabulary of T . If T is not model-complete, then there exists a model M of T that is not existentially closed with respect to T (by Proposition 5.73). So there exists an extension N of M and an existential V-formula ϕ(¯ x) such that N |= T ∪ ϕ(a1 , . . . , an ) and M |= ¬ϕ(a1 , . . . , an ) for some n-tuple (a1 , . . . , an ) of elements from the universe of M . Let V = V ∪{c1 , . . . , cn } where each ci is a constant not in V. Let M be the expansion of M to a V -structure that interprets each ci as the element ai . By Proposition 5.76, there exists an extension M1 of M that is existentially closed with respect to T h(M ). By this same proposition, there exists an extension M1 of M that is existentially closed with respect to T . Since it is existentially closed, a). Since M1 |= T h(M ), M1 |= ¬ϕ(¯ a). M1 |= ϕ(¯ By the Downward L¨ owenheim–Skolem theorem, there exist V-structure M0 and V -structure M0 both of size |T | such that M0 ≺ M1 and M0 ≺ M1 . By the Upward L¨ owenheim–Skolem theorem, there exist V-structure M2 and V structure M2 both of size κ such that M0 ≺ M2 and M0 ≺ M2 . Since M2 models ¬ϕ(¯ a), the reduct of M2 to V is not existentially closed. This reduct along with M2 are two models of T of size κ. Since one is existentially closed and the other is not, they cannot be isomorphic and T is not κ-categorical as we wanted to show. Example 5.78 We demonstrate a countable complete theory TL that is ∀2 axiomatizable but not model-complete. By Lindstr¨ om’s theorem, TL cannot be κ-categorical for any κ. To ﬁnd such TL , we expand upon Example 5.65. Recall that T h(Ns ) from Example 5.65 is not model-complete. This theory is also not ∀2 -axiomatizable. We cannot say that there exists an element with no predecessor

238

First-order theories

using a ∀2 Vs -sentence. To express this with a ∀2 sentence, we can expand to the vocabulary {s, 1}. Let Ns1 = {N|s, 1} be the expansion of Ns that interprets 1 as 1. Then T h(Ns1 ) is ∀2 -axiomatizable. However, as was pointed out in Example 5.65, this theory is also model-complete. We now deﬁne a structure NL that contains inﬁnitely many copies of Ns1 . The vocabulary for NL is VL = {r, u, ci |i ∈ Z} containing two unary functions r and u and a denumerable set of constants. The underlying set of NL is N × Z. Each constant ci is interpreted as (0, i) in NL . The functions are interpreted as follows. For each (a, b) ∈ N × Z, NL interprets r(a, b) as (a + 1, b) and u(a, b) as (a, b + 1). If we visualize NL in a plane with N as a horizontal axis and Z as a vertical axis, then NL interprets r as the “right-successor” and u as the “up-successor.” Let TL be T h(NL ). There exist inﬁnitely many elements of NL that are not the right-successors of any element. Each is named by a constant. By compactness there exists an elementary extension N of NL that has elements with no right-predecessor that are not named by constants. For the same reason that T h(Ns ) is not model-complete, TL is not model-complete. Moreover, TL is complete and ∀2 -axiomatizable. We leave the veriﬁcation of these facts to the reader. We conclude this section by providing methods for showing quantiﬁer elimination that involve model-completeness. Proposition 5.79 If T has the isomorphism property, then T is model-complete if and only if T has quantiﬁer elimination. Proof This follows immediately from Proposition 5.62 and the deﬁnition of “model-complete.” For any theory T , let T∀ denote the set of universal sentences that can be derived from T . By Theorem 4.47, a sentence ϕ is T -equivalent to some sentence in T∀ if and only if ϕ is preserved under substructures of models of T . It follows that the models of T∀ are precisely the substructures of models of T (see Exercise 4.25). Deﬁnition 5.80 A theory T has the amalgamation property if the following holds. For any models A, B, and C of T and embeddings fa : C → A and fb : C → B, there exists a model D and embeddings ga : A → D and gb : B → D such that ga (fa (c)) = gb (fb (c)) for each c in the underlying set of C. Proposition 5.81 If T is model-complete and T∀ has the amalgamation property, then T has quantiﬁer elimination. Proof To show that T has quantiﬁer elimination we verify condition (iii) of Proposition 5.58. Let M |= T and C |= T∀ . Let f : C → M and g : C → M

First-order theories

239

be two embeddings of C into M . Since T∀ has amalgamation, there exists a model D of T∀ and embeddings f : M → D and g : M → D such that f (f (c)) = g (g(c)) for each c in the underlying set of C. Since D models T∀ , there exists an extension N of D that models T (by Exercise 4.25). Since T is model-complete, the embeddings f : M → N and g : M → N are elementary embeddings. Let ϕ(x1 , . . . , xn ) be any formula in the vocabulary of T . We have M |= ϕ(f (c1 ), . . . , f (cn )) if and only if N |= ϕ(f (f (c1 )), . . . , f (f (cn ))) if and only if N |= ϕ(g (g(c1 )), . . . , g (g(cn ))) if and only if M |= ∃yϕ(g(c1 ), . . . , g(cn ), y), and T satisﬁes condition (iii) of Proposition 5.58 as we wanted to show.

5.7 Minimal theories We deﬁne and discuss strongly minimal theories. In some sense, strongly minimal theories are the most simple of ﬁrst-order theories. They are also among the most important and interesting theories. Strongly minimal theories have an intrinsic notion of independence that allows us to deﬁne, in an abstract setting, such concepts as basis and dimension. After discussing strongly minimal theories, we turn brieﬂy to o-minimal theories. Like strong minimality, o-minimality is deﬁned in terms of the deﬁnable subsets of models of a theory. Before giving these deﬁnitions, we must ﬁrst deﬁne deﬁnable. Let M be a V-structure having underlying set U . Recall that “D is a Vdeﬁnable subset of M ” means that D is a subset of U n for some n and D is deﬁned ¯ For by some V-formula ϕ(x1 , . . . , xn ). That is, d¯ ∈ D if and only if M |= ϕ(d). A ⊂ U , we say that D is an “A-deﬁnable subset of M ” if D is deﬁned by x, y¯) is a some formula ϕ(¯ x, a ¯) having parameters a ¯ ∈ Am for some m (where ϕ(¯ V-formula). We restate this important deﬁnition as follows. Deﬁnition 5.82 Let A be a subset of the universe U of V-structure M . Let V(A) be the expansion of V that contains a constant ca for each a ∈ A. Let M (A) be the expansion of M to a V(A)-structure that interprets each ca as the element a ∈ U . A V(A)-deﬁnable subset of M (A) is said to be an A-deﬁnable subset of M . A subset of U n is said to be a deﬁnable subset of M if it is A-deﬁnable for some A ⊂ U . When using this terminology, it is assumed that the vocabulary V is understood. Note that, for V-structure M having universe U , ∅-deﬁnable means the same as V-deﬁnable and U -deﬁnable means the same as deﬁnable.

240

First-order theories

Proposition 5.83 Let M be a V-structure having underlying set U . Every ﬁnite subset of U is deﬁnable. Proof Let D = {d1 , . . . , dk } be a ﬁnite subset of U . Then D is deﬁnable since k it is V(D)-deﬁnable by the formula i=1 (x = di ). A subset C of U is said to be co-inﬁnite in U if there are inﬁnitely many elements of U that are not in C. Likewise, C is said to be co-ﬁnite in U if its complement U − C is ﬁnite. Since ﬁnite subsets of are deﬁnable, so are co-ﬁnite subsets (take the negation of the formula saying x ∈ (U − C)). Deﬁnition 5.84 Let M be an inﬁnite V-structure having underlying set U . If the only deﬁnable subsets of U are ﬁnite or co-ﬁnite, then M is said to be a minimal structure. Note that the deﬁnition of a minimal structure only considers deﬁnable subsets of U and not of U n for n > 1. For any inﬁnite structure M , the formula (x = y) deﬁnes a subset of U 2 that is both inﬁnite and co-inﬁnite. Example 5.85 Let V< = {<}. Let Q< be the V< -structure that interprets < as the usual order on the rationals. Every V-formula ϕ(x) either holds for all elements or no elements of the underlying set Q. However, this is not true if we consider formulas having parameters from Q. The formula (x < 2) is clearly both inﬁnite and co-inﬁnite. So Q< is not minimal. Likewise, no inﬁnite model of the theory of linear orders TLO is minimal. Example 5.86 The random graph GR is not minimal. Every VR -formula ϕ(x) either holds for no vertices or all vertices of GR . However, the formula R(x, a) (having some vertex a of GR as a parameter) deﬁnes a subset of GR that is both inﬁnite and co-inﬁnite. Deﬁnition 5.87 An inﬁnite structure M is said to be strongly minimal if every structure N that is elementarily equivalent to M is minimal. A theory is said to be strongly minimal if all of its models are inﬁnite and strongly minimal. Strongly minimal structures (like minimal structures) are minimal in the sense that the deﬁnable subsets (deﬁnable by formulas in one free variable) are as few as possible. See Exercise 5.17 for an example of a minimal structure that is not strongly minimal. The usual way to show that a given structure M is strongly minimal is to ﬁrst show that the theory has quantiﬁer elimination in an appropriate vocabulary. If this is the case, then it suﬃces to consider only atomic formulas.

First-order theories

241

Proposition 5.88 Let T be a V-theory having quantiﬁer elimination. The following are equivalent: (i) T is strongly minimal. (ii) For any model M of T and any atomic V-formula ϕ(x, y1 , . . . , yn ), ϕ(x, a ¯) deﬁnes a ﬁnite or co-ﬁnite subset of the universe U of M for all a ¯ ∈ U n. Proof It follows from the deﬁnition of “strongly minimal” that (i) implies (ii). We show that (ii) implies (i) by induction on the complexity of formulas. Condition (ii) provides the base step for the induction. Moreover, if both θ(x) and ψ(x) deﬁne a ﬁnite or co-ﬁnite subset of U , then ¬θ(x) and θ(x) ∧ ψ(x) each deﬁne either a ﬁnite or co-ﬁnite subset of U . It follows by induction that every quantiﬁer-free formula deﬁnes a ﬁnite or co-ﬁnite subset of U . Since T has quantiﬁer elimination, this suﬃces to prove (i). Example 5.89 Recall the Vs -theory Ts from Example 5.12. By Proposition 5.63, Ts has quantiﬁer elimination. Each atomic Vs -formula has the form sn (x) = y (where sn (x) denotes the nth -successor of x). Since each element of each model of Ts has a unique nth -successor and a unique nth -predecessor, Ts is strongly minimal by Proposition 5.88. We use the following convenient notation. For any structure M and formula ϕ(x), let ϕ(M ) denote the subset of the universe of M deﬁned by ϕ(x). That is, ϕ(M ) = {a ∈ U |M |= ϕ(a)} where U is the universe of M . This notation makes sense for any formula ϕ(x) that is interpreted by the structure M . If M is a V-structure having underlying set U , then ϕ(M ) is deﬁned for any V(A)-formula ϕ(x) with A ⊂ U . Deﬁnition 5.90 Let M be a structure and let ϕ(x) be a formula in one free variable. If ϕ(M ) is ﬁnite, then ϕ(x) is said to be algebraic in M . Deﬁnition 5.91 Let M be a V-structure having underlying set U . For any A ⊂ U and b ∈ U , b is said to be algebraic over A in M if b ∈ ϕ(M ) for some algebraic V(A)-formula ϕ(x). The set of all elements of U that are algebraic over A is called the algebraic closure of A in M and is denoted by aclM (A). We say that A is algebraically closed in M if aclM (A) = A. It is easy to see that aclM (A) is closed under all functions in V and contains all elements of U that interpret constants. For this reason, we regard aclM (A) as a substructure of M (provided aclM (A) is nonempty). If M is strongly minimal,

242

First-order theories

then these substructures obey rules that justify the use of the word “closure.” The following four rules are easily veriﬁed regardless of whether M is strongly minimal: (Reﬂexivity) A ⊂ aclM (A). (Monotonicity) If A ⊂ B, then aclM (A) ⊂ aclM (B). (Idempotency) aclM (aclM (A)) = aclM (A) (Finite character) If a ∈ aclM (A), then a ∈ aclM (A0 ) for some ﬁnite subset A0 of A. If M happens to be strongly minimal, then we also have the Exchange rule. Proposition 5.92 (Exchange) Let M be a strongly minimal structure. Let A be a subset of the universe of M and let b and c be elements from the universe of M . If c ∈ aclM (A ∪ {b}) and c ∈ aclM (A), then b ∈ aclM (A ∪ {c}). x, y, z) and parameters Proof Since c ∈ aclM (A ∪ {b}), there exists a formula ϕ(¯ a, b, z) for some k ∈ N. a ¯ from A such that M |= ϕ(¯ a, b, c) and M |= ∃=k zϕ(¯ (“∃=k xθ(x)” is an abbreviation for the ﬁrst-order formula saying that θ(x) holds for exactly k many elements.) Claim Either ϕ(¯ a, y, c) is algebraic (in which case b ∈ aclM (A ∪ {c})), or =k a, y, z) is algebraic (in which case b ∈ aclM (A) ⊂ aclM (A ∪ {c})). ∃ zϕ(¯ Proof If ϕ(¯ a, y, c) is not algebraic, then it holds for all but ﬁnitely many elements y in U . So there exists l ∈ N such that M |= ∃=l y¬ϕ(¯ a, y, c). Since c ∈ aclM (A), =l a, y, z) holds for all but ﬁnitely many elements z in U . So the formula ∃ y¬ϕ(¯ for almost all z in U , the formula ϕ(¯ a, y, z) holds for all but l elements y of U . It follows that, for all but at most l elements y in U , the formula ϕ(¯ a, y, z) holds a, y, z) does not hold for for almost all z in U . In particular, the formula ∃=k zϕ(¯ most choices of y. So this formula must be algebraic as we wanted to show. The exchange rule allows us to assign a dimension to subsets of the universe of a strongly minimal structure. Before deﬁning this dimension, we ﬁrst must deﬁne the notions of independence and basis. Deﬁnition 5.93 Let A and C be subsets of the universe of M . We say that A is independent over C if, for every a ∈ A, a is not in aclM (A ∪ C − {a}). We say that A is independent if A is independent over ∅. Deﬁnition 5.94 Let A and C be subsets of the universe of M . A basis for A is a subset B ⊂ A such that B is independent and aclM (B) = aclM (A). We say that B is a basis for A over C if B is independent over C and aclM (A ∪ C) = aclM (B ∪ C). The exchange rule entails that any two bases of a set have the same size. This allows us to deﬁne dimension.

First-order theories

243

Lemma 5.95 Let A and C be subsets of the universe U of a strongly minimal structure M . If A has a ﬁnite basis over C, then any two bases of A over C have the same size. Proof We prove this for C = ∅. The proof is similar for C = ∅. Claim Let E and F be ﬁnite independent subsets of U . If |E| = |F | and E ⊂ aclM (F ), then F ⊂ aclM (E). Before proving the claim, we show that the claim implies the lemma. Let B1 and B2 be two bases for A (at least one of which is ﬁnite). With no loss of generality, we may assume that |B1 | ≤ |B2 |. Let E be any subset of B2 having the same size as B1 . Since E ⊂ aclM (A) = aclM (B1 ), the claim implies that B1 ⊂ aclM (E). By monotonicity, aclM (B1 ) ⊂ aclM (aclM (E)). By idempotency aclM (B1 ) ⊂ aclM (E). Since aclM (B1 ) = aclM (A), E is a basis for A. Since B2 is independent, E must be all of B2 . We conclude that B2 has the same size as B1 as we wanted to show. Proof of Claim We prove the claim by induction on n = |E|. If n = 1, then E = {e} and F = {f }. Since E is independent, e ∈ aclM (∅). By exchange, e ∈ aclM (f ) − aclM (∅) implies f ∈ acl(e). Now suppose that E = {e1 , . . . , em+1 } and F = {f1 , . . . , fm+1 } for some m ∈ N. Our induction hypothesis is that the claim holds for any sets E and F with |E| = |F | ≤ m. It follows that an independent set of size m + 1 cannot be contained in the algebraic closure of a set of size m. In particular, E cannot be contained in aclM (f2 , . . . , fm+1 ). So, for some i, ei ∈ aclM (F ) − aclM (f2 . . . fm+1 ). With no loss of generality, we may assume i = 1. By exchange, f1 ∈ aclM (e1 , f2 , . . . , fm+1 ). Now suppose that, for some k, we have {f1 , . . . , fk } ⊂ aclM (e1 , . . . , ek , fk+1 , . . . , fm+1 ). By our induction hypothesis, E is not in the algebraic closure of {e1 , . . . , ek , fk+1 , . . . , fm+1 } − {fk+1 } (since this set has size m). So some ei ∈ E is not in this algebraic closure. Clearly, i > k. With no loss of generality, suppose i = k + 1. Since ek+1 ∈ aclM (f1 , . . . , fk+1 ) ⊂ aclM (e1 , . . . , ek , fk+1 , . . . , fm+1 ),

244

First-order theories

we have, by exchange, fk+1 ∈ aclM (e1 , . . . , ek+1 , fk+2 , . . . , fm+1 ). Continuing in this manner (for m + 1 steps), we arrive at {f1 , . . . , fm+1 } ⊂ aclM (e1 , . . . , em+1 ) as we wanted to show. Proposition 5.96 Let A and C be subsets of the universe U of a strongly minimal structure M . If B1 and B2 are bases for A over C, then |B1 | = |B2 |. Proof If B1 or B2 is ﬁnite, then this proposition is the same as the previous lemma. So suppose both bases are inﬁnite. Let PF (B2 ) be the set of all ﬁnite subsets of B2 . By Exercise 2.36, |B2 | = |PF (B2 )|. By the ﬁnite character of algebraic closure, for each b ∈ B1 , there exists Fb ∈ PF (B2 ) such that b ∈ aclM (Fb ). If |B1 | > |B2 | = |PF (B2 )|, then some F ∈ PF (B2 ) must equal Fb for inﬁnitely many b ∈ B1 (again by Exercise 2.36). Since F is a ﬁnite set, this is impossible by the previous lemma. We conclude that |B1 | ≤ |B2 |. By the same argument, we have |B2 | ≤ |B1 |, and so these two bases have the same size. Deﬁnition 5.97 Let A and C be subsets of the universe of a strongly minimal structure. The dimension of A over C, denoted dim(A/C), is the cardinality of any basis for A over C. The dimension of A, denoted dim(A), is the dimension of A over ∅. The notion of dimension (as well as basis and independence) should be familiar to anyone who has studied linear algebra. As we shall see in the next section, inﬁnite vector spaces (viewed in an appropriate vocabulary) provide examples of strongly minimal structures. The notion of independence that we have deﬁned for strongly minimal theories corresponds exactly to the notion of linear independence in these examples. Likewise, the dimension of a subset of a vector space corresponds to the usual deﬁnition of dimension. The algebraic closure of a set of vectors corresponds to the span of the vectors. Vector spaces are completely determined by their dimension. The following lemma shows that this fact generalizes to arbitrary strongly minimal structures. Lemma 5.98 Let M be a strongly minimal V-structure. Let A and C be subsets of the universe U of M . If dimM (A) = dimM (C), then aclM (A) ∼ = aclM (C). We use the following terminology in the proof of Lemma 5.98. Deﬁnition 5.99 Let M be a V-structure and let A be a subset of the universe U of M . A function f : A → U is said to be M-elementary if M |= ϕ(a1 , . . . , an )

implies M |= ϕ(f (a1 ), . . . , f (an ))

for any V-formula ϕ(x1 , . . . , xn ) and tuple (a1 , . . . , an ) of elements from A.

First-order theories

245

Proof of Lemma 5.98 Let α be an ordinal such that |α| = dimM (A). Let BA = {ai |i < α} be a basis for A and let BC = {ci |i < α} be a basis for C. We ﬁrst show that the function f : BA → BC deﬁned by f (ai ) = ci is M elementary. Second, we show that f can be extended to an isomorphism from aclM (A) onto aclM (C). Claim 1 For any V-formula ϕ(¯ x) and tuple a ¯ of BA and corresponding tuple a) then M |= ϕ(f (¯ a)). f (¯ a) of BC , if M |= ϕ(¯ Proof We prove this by induction on the number of free variables in ϕ(¯ x). If there are zero free variables, then the claim asserts that M |= ϕ implies M |= ϕ for the V-sentence ϕ. Suppose now that ϕ(x1 , . . . , xm+1 ) has m + 1 free variables and the claim holds for any formula having fewer than m + 1 free variables. Suppose M |= ϕ(a1 , . . . , am+1 ). Since BA is independent, the formula ϕ(a1 , . . . , am , y) is not algebraic. Since M is strongly minimal, ¬ϕ(a1 , . . . , am , y) is algebraic. So M |= ∃=l y¬ϕ(a1 , . . . , am , y) for some l ∈ N (where the counting quantiﬁer ∃=l is as deﬁned in the proof of Proposition 5.92) . By induction, M |= ∃=l y¬ϕ(c1 , . . . , cm , y). Since BC is independent, M |= ϕ(c1 , . . . , cm+1 ). It follows that the claim holds for all ϕ(¯ x) and f is M -elementary. Claim 2 If BA ⊂ E ⊂ aclM (A) and a ∈ aclM (A) − E, then any M -elementary function g : E → aclM (C) extends to an M -elementary function g :(E ∪ {a}) → aclM (C). Proof Since a ∈ aclM (E), there exists a formula θ(x, e¯) having parameters from E such that M |= θ(a, e¯) and M |= ∃=l yθ(y, e¯) for some l ∈ N. Moreover, there exists such a θ so that l is as small as possible. This means that M |= θ(y, e¯) → ψ(y) for any V(E)-formula ψ(y) that holds for a (otherwise either θ(y, e¯) ∧ ψ(y) would deﬁne a set smaller that l that contains a). We want to show that g can be extended. Since g is M -elementary, M |= e)). So there exists b ∈ aclM (C) such that M |= θ(b, f (¯ e)). We extend ∃=l yθ(y, f (¯ g to E ∪{a} by deﬁning g (a) = b. For any V-formula ϕ(x1 , . . . , xn , y) and n-tuple (d1 , . . . , dn ) of elements from E, M |= ϕ(d1 , . . . , d2 , a) implies M |= θ(y, e¯) → ϕ(d1 , . . . , d2 , y) which implies M |= θ(y, g(¯ e)) → ϕ(g(d1 ), . . . , g(d2 ), y) (since g is M -elementary) which implies M |= ϕ(g(d1 ), . . . , g(d2 ), b) (since M |= θ(b, g(¯ e))). It follows that g is M -elementary as we wanted to show. Claim 2 shows that the M -elementary function deﬁned in Claim 1 can be repeatedly extended. By induction (transﬁnite induction if dimM (A) is

246

First-order theories

inﬁnite), we can extend this to an M -elementary function from aclM (A) to aclM (B). Such a function must be onto (see Exercise 5.34), and is therefore an isomorphism. Theorem 5.100 Countable strongly minimal theories are uncountably categorical. Proof Let T be a strongly minimal theory and let κ be an uncountable cardinal. Let M and N be two models of T of size κ. Let UN and UM be the underlying sets of N and M , respectively. Claim dimM (UM ) = dimN (UN ) = κ. Proof This follows from the assumption that the vocabulary V of T is countable. For any A ⊂ UM , |V(A)| = |A| + ℵ0 implies |aclM (A)| ≤ |A| + ℵ0 . In particular, if |A| < κ, then A cannot be a basis for UM . By the Joint Embedding lemma 4.37, there exists a model D of T that is an elementary extension of both M and N . Since dimD (UM ) = dimD (UN ) = κ, we have M = aclD (UM ) ∼ = aclD (UN ) = N by Lemma 5.98. Corollary 5.101 Strongly minimal theories are complete. Proof This follows immediately from Proposition 5.15. We now turn to a variant of strong minimality. Let M be an inﬁnite Vstructure. Suppose that V contains the binary relation < and M interprets < as a linear order on its underlying set U . An interval of M is a subset of U of the form (a, b) = {x ∈ U |a < x < b), (a, ∞) = {x ∈ U |a < x}, or (∞, a) = {x ∈ U |x < a} for some a and b in U . We also include singletons {a} ⊂ U as (degenerate) intervals. Clearly, any interval is a deﬁnable subset of M . The structure M is said to be o-minimal if every deﬁnable subset of M is a ﬁnite union of intervals. A theory is o-minimal if its models are o-minimal. As was demonstrated in Example 5.85, o-minimal theories are not strongly minimal. However, these two notions have much in common. The word “minimal” means the same for both. They are minimal in the sense that the deﬁnable subsets (deﬁnable by formulas in one free variable) are as few as possible. For o-minimal theories, “as few as possible” takes into account the presence of a linear order (o-minimal is short for “order-minimal”). Also, algebraically closed substructures of an o-minimal structure satisfy the exchange rule. So o-minimal structures, like strongly minimal structures, have an intrinsic notion of independence and dimension (however, o-minimal structures are not uncountably categorical).

First-order theories

247

Example 5.102 The following structures are o-minimal: • Q< = {Q| <}, • Ror = {R| <, +·, 0, 1}, and • Rexp = {R|exp, <, +, ·, 0, 1}, where Rexp interprets the unary function exp(x) as ex and the other symbols are interpreted in the usual way. That Q< is o-minimal follows from the fact that TDLO has quantiﬁer elimination (Proposition 5.49). Likewise, the o-minimality of Ror can be deduced from Tarski’s theorem. Tarski’s theorem states that Tor = T h(Ror ) has quantiﬁer elimination. (This fact was stated without proof in Example 5.71.) Not only did Alfred Tarski prove that Tor has quantiﬁer elimination, he also provided an algorithm to carry out the quantiﬁer elimination. Given any formula ϕ(¯ x) in the vocabulary Vor of Tor , Tarski’s algorithm produces a quantiﬁer-free Vor -formula x) (although this algorithm is far from eﬃcient). that is Tor -equivalent to ϕ(¯ Since Tarski’s algorithm allows sentences as input, this also shows that Tor is decidable. The question of whether Rexp has similar properties became known as Tarski’s Problem (one of several problems by this name). This problem motivated the conception of o-minimality in the 1980s. Nearly half a century after Tarski’s results regarding Ror , Alex Wilkie proved in the 1990s that Rexp is o-minimal. This structure does not have a theory with quantiﬁer elimination, but, as Wilkie proved, it is model-complete. Whether it is decidable remains unknown. For more on o-minimal structures, the reader is referred to [10] written by Lou van den Dries, the mathematician who introduced the concept. We now end our brief discussion of o-minimality and return to strongly minimal structures. In this section, we have proved several facts regarding strongly minimal structures, but have provided a dearth of examples of such structures. We correct this deﬁciency in the next section by analyzing speciﬁc examples of strongly minimal theories.

5.8 Fields and vector spaces We examine some basic algebraic structures that have strongly minimal theories. We consider vector spaces and the ﬁeld of complex numbers. We show that these structures, viewed in appropriate vocabularies, have theories with quantiﬁer elimination. From this we deduce strong minimality.

248

First-order theories

We use these examples to illustrate a fundamental trichotomy of strongly minimal theories. Strongly minimal theories are divided into those that are trivial and those that are nontrivial. They can also be divided into those that are locally modular and those that are nonlocally modular. Since trivial theories are necessarily locally modular (as we shall show), there are three possibilities: a strongly minimal theory is either nonlocally modular, trivial, or both nontrivial and locally modular. We shall deﬁne these concepts and provide examples of theories from each of these three categories. We begin with trivial strongly minimal theories. Deﬁnition 5.103 A strongly minimal theory is trivial if for any M |= T and any subset A of the universe of M , aclM (A) = a∈A aclM ({a}). Example 5.104 Recall Ts from Example 5.12. This theory was shown to be strongly minimal in Example 5.89. Let M be a model of Ts having underlying set U . Recall from Example 5.20 that M ∼ = Zκ for some cardinal κ where Zκ is the structure having κ copies of Z as its underlying set. For any a ∈ U , aclM (a) is the copy of Z that contains a. Likewise, for any A ⊂ U , aclM (A) consists of the copies of Z that contain some element of A. From this observation it follows that Ts is a trivial strongly minimal theory. For examples of strongly minimal theories that are not trivial, recall the concept of a group. A group consists of a set together with a binary function that satisﬁes the axioms listed in Example 5.6. We can view any group as a ﬁrstorder structure in the vocabulary Vgp = {+, 0} where + is a binary function representing the group operation and 0 is a constant representing the identity of the group. Now suppose that T is a strongly minimal theory containing the Vgp theory Tgp of groups. Let {a, b} be an independent set containing two elements from the universe of a model M of T . Then a + b is an element that is in aclM ({a, b}) but is contained in neither aclM ({a}) nor aclM ({b}). It follows that any such theory T is not trivial. We shall demonstrate examples of strongly minimal groups in this section. Each of these examples happens to be an Abelian group. A group is Abelian if, in addition to the properties listed in Example 5.6, the following holds: (Commutativity) For every a and b in G, a ◦ b = b ◦ a. Here, as in Example 5.6, ◦ denotes the group’s binary operation. This property can easily be expressed as a Vgp -sentence. This sentence is consistent with, but not a consequence of, the theory of groups Tgp (see Exercise 2.5(c)). Our choice of {+, 0} as the vocabulary for groups is somewhat arbitrary. We can just as well use the vocabulary {·, 1} or any other vocabulary consisting of a binary function and a constant. An additive group is a group in the vocabulary

First-order theories

249

{+, 0}. A multiplicative group has {·, 1} as its vocabulary. A ﬁeld is a structure with two binary operations each of which forms an Abelian group. Deﬁnition 5.105 Let Var be the vocabulary {+, ·, 0, 1} (the vocabulary of arithmetic). For any Var -structure F = (U |+, ·, 0, 1}, we say that F is a ﬁeld if the following hold:

• The reduct (U |+, 0) of F is an Abelian group. • The substructure (U − {0}|·, 1) of the reduct (U |·, 1) of F is an Abelian group. • F |= ∀x∀y∀z(z · (x + y) = z · x + z · y). • F |= ∀x∀y∀z((x + y) · z) = x · z + y · z). The theory of ﬁelds, denoted TF , is the set of all Var -sentences that hold in all ﬁelds. So a ﬁeld has both a multiplicative group structure and an additive group structure. The constant 0 necessarily has no multiplicative inverse and so must be excluded from the multiplicative group. The last two items in the above deﬁnition, called the distributive rules, dictate how the two operations interact. Example 5.106 The rational numbers and the real numbers, viewed as structures in the vocabulary Var , are examples of ﬁelds. Example 5.107 The integers do not form a ﬁeld. The structure (Z − {0}|·, 1) is not a group since no element (other than 1) has a multiplicative inverse. Suppose that we restrict our attention to the integers in the set Z7 = {0, 1, 2, 3, 4, 5, 6}. If we take the usual deﬁnition of addition and multiplication, then this set does not form a ﬁeld since it is not closed under addition or multiplication. Let us instead consider addition and multiplication modulo 7. This means that we take the remainder of the sum or product when divided by 7. For example, 3 + 6 = 2 (mod 7), 4 + 4 = 1 (mod 7), 5 · 4 = 6 (mod 7), 5 · 6 = 2 (mod 7) and so forth. Let F7 = (Z7 |+, ·, 0, 1) be the Var -structure that interprets + as addition modulo 7 and · as multiplication modulo 7 on the set Z7 . Then F7 is an example of a ﬁnite ﬁeld. For any positive integer a, Fa is deﬁned analogously. This structure is a ﬁeld if and only if a is prime. We leave the veriﬁcation of these facts to the reader. The examples of ﬁelds that we have given, namely Q, R, and F7 , are not strongly minimal. To obtain a strongly minimal structure, we consider vector spaces over these ﬁelds.

250

First-order theories

Deﬁnition 5.108 Let F be a ﬁeld. For each element a of F , let sa denote a unary function. Let VF = {+, 0, sa |a ∈ F }. A vector space over F is a structure M in the vocabulary VF that satisﬁes the following: • The reduct of M to {+, 0} is an Abelian group. • M |= ∀x(s1 (x) = x). • M |= ∀x∀y(sa (x + y) = sa (x) + sa (y)) for all a ∈ F . • M |= ∀x(sa+b (x) = sa (x) + sb (x)) for all a and b in F . • M |= ∀x(sa (sb (x)) = sa·b (x)) for all a and b in F . The theory of vector spaces over F is the set of VF -sentences that hold in each vector space over F . Example 5.109 We consider various vector spaces over R. • Let Rn be the set of all ordered n-tuples (a1 , . . . , an ) where each ai ∈ R. • Let R[x1 , . . . , xn ] be the set of all polynomials in n variables having coeﬃcients in R. • Let R≤2 [x] be the set of all polynomials in R[x1 , . . . , xn ] of degree at most 2. • Let Mn×n (R) be the set of all n × n matrices having real numbers as entries. There is a natural way to describe a vector space over R having any one of these sets as an underlying set. Each set carries a natural notion of addition and a zero element (either the matrix having all zero entries or the constant polynomial p(x) = 0). Moreover, we can deﬁne scalar multiplication for each. Given any element v from any one of these sets and any r ∈ R, the product r · v is a well-deﬁned element in the same set as v. Thus the unary function sr has a natural interpretation. We recall some facts about vector spaces from linear algebra. Let V be a vector space over a ﬁeld F . Let B = {v1 , . . . , vn } be a set of vectors in V . The span of B is the set of all linear combinations a1 · + v1 + · · · an · vn where each ai is in F . The set B is linearly independent if vi is not in the span of B − {vi } for each vi ∈ B. From this notion of independence, we can deﬁne linear bases and linear dimension. Two vector spaces having the same linear dimension over a ﬁeld are necessarily isomorphic. We repeatedly use the adjective “linear” to distinguish these terms from their strongly minimal counterparts. However, we will show that these two notions are the same. Proposition 5.110 The VF -theory TV of a vector space over an inﬁnite ﬁeld F has quantiﬁer elimination.

First-order theories

251

Proof Note that the theory of a vector space over F is ∀2 -axiomatizable. Also, any two uncountable models of the same size have the same linear dimension and, hence, are isomorphic. By Lindstr¨ om’s theorem, TV is model-complete. To show that TV has quantiﬁer elimination, it suﬃces to show that it has the isomorphism property (by Proposition 5.79). Let M |= TV . Claim Every substructure of M is a submodel. Proof A substructure is, by deﬁnition, closed under all functions in the vocabulary. Since TV ∀x(x + s−1 (x) = 0), every substructure contains the inverse for each element and also the constant 0. From this information it is easy to verify that any substructure of M is itself a vector space over F . It follows from this claim that TV has the isomorphism property and, hence, quantiﬁer elimination as well. Proposition 5.111 The VF -theory TV of a vector space over an inﬁnite ﬁeld F is a nontrivial strongly minimal theory. Proof Let M be an arbitrary model of TV . We must show that every VF (M )formula θ(x) deﬁnes either a ﬁnite or co-ﬁnite subset of the underlying set of M . By the previous proposition, it suﬃces to consider only atomic θ(x) (by Proposition 5.88). Atomic VF (M )-formulas have the form t1 = t2 for some VF (M )-terms t1 and t2 . If there is exactly one free variable x in the equation t1 = t2 , then this formula is TV -equivalent to a formula of the form x = t for some quantiﬁer-free VF -term t. That is, we can solve the equation for x (here we are using the fact that F is a ﬁeld). Clearly, this formula deﬁnes a set of size 1. Since TV has quantiﬁer elimination and every atomic formula deﬁnes a ﬁnite subset of every model, TV is strongly minimal. It is not trivial since (a + b) ∈ aclM ({a, b}) for independent {a, b}. Corollary 5.112 For any inﬁnite ﬁeld F , the VF -theory TV of vector spaces over F is κ-categorical if and only if κ > |F |. Proof First note that TV has no models smaller than |F |. If κ > |F |, then TV is κ-categorical by Proposition 5.98. If κ = |F |, then TV is not κ-categorical since any ﬁnite dimensional vector space over F has the same size as F . In particular, the theory of vector spaces over F is complete if F is inﬁnite. This is not true for ﬁnite ﬁelds. Finite dimensional vector spaces over ﬁnite ﬁelds are ﬁnite. To obtain a complete theory, we must only consider vector spaces of inﬁnite dimension over ﬁnite ﬁelds. Proposition 5.113 For any ﬁnite ﬁeld F , the theory of inﬁnite dimensional vector spaces over F is strongly minimal, nontrivial, and totally categorical.

252

First-order theories

Proof This can be proved by repeating the arguments we gave for vector spaces over inﬁnite ﬁelds. We leave the veriﬁcation of this to the reader. Let M model the theory of vector spaces over a ﬁeld F (either ﬁnite or inﬁnite). For any algebraically closed subsets A and B of the universe of M , the following holds: dimM (A ∪ B) = dimM (A) + dimM (B) − dimM (A ∩ B).

(5.1)

We state this fact from linear algebra without proof. We show that this is one property of vector spaces that does not generalize to all strongly minimal theories. Example 5.114 Let M be an inﬁnite dimensional vector space over a ﬁeld F . Let VF = VF ∪ {f } where f is a ternary function. Let M be the expansion of M to a VF -structure that interprets f as the function f (x, y, z) = x + y − z. This function is explicitly deﬁnable in terms of VF : M |= f (x, y, z) = u if and only if M |= ∃w(w + z = 0 ∧ x + y + w = u). It follows that M and M are bi-deﬁnable and M is strongly minimal. Now let N be the reduct of M to the vocabulary {f , sa |a ∈ F }. That is, the vocabulary of N contains neither + nor 0. Since M is strongly minimal and every deﬁnable subset of N is also a deﬁnable subset of M , N is strongly minimal. We claim that Equation (5.1) does not hold for N . Let a, b, and c be elements from the underlying set such that dimM (a, b, c) = 3. Then dimN (a, b, c) = 3. Clearly, dimN (a, b, c, f (a, b, c)) = dimM (a, b, c, a + b − c) = 3, dimN (a, b) = dimM (a, b) = 2, and dimN (c, f (a, b, c)) = dimM (c, a + b − c) = 2. If A = aclN ({a, b}) and B = aclN ({c, f (a, b, c)}), then A ∩ B = ∅. Thus we have 3 = dimN (A ∪ B) = dimN (A) + dimN (B) − dimN (A ∩ B) = 2 + 2 − 0 = 4 and Equation (5.1) fails. Note that aclM ({a, b}) ∩ aclM ({c, a + b − c}) is nonempty. It contains the constant 0 that was omitted from the vocabulary of N . This intersection also contains a + b and all of its scalar multiples. So in M , this intersection has dimension 1 and Equation (5.1) holds (as it does in every vector space). Deﬁnition 5.115 Let T be a strongly minimal theory. If Equation (5.1) holds for all M |= T , then T is said to be modular. If Equation (5.1) holds whenever A ∩ B is nonempty, then T is said to be locally modular. We say that a strongly minimal structure is modular or locally modular if its theory is. Equivalently, T is locally modular if and only if the expansion of T by a single constant is modular. Whereas the theory of a vector space over a ﬁeld is

First-order theories

253

modular, the theory T h(N ) from Example 5.114 is a locally modular strongly minimal theory that is not modular. If we expand N to include the constant 0, then the binary function + can be recovered as f (x, y, 0) = x + y. So this expansion of N is bi-deﬁnable with the modular structure M . Proposition 5.116 Let T be a strongly minimal theory. If T is trivial, then it is modular. Proof Let A and C be subsets of the universe of a model M of T . Let B0 be a basis for A ∩ C. Let B1 be a basis for A − aclM (A ∩ C) and let B2 be a basis for C − aclM (A ∩ C). Consider B0 ∪ B1 ∪ B2 . For any elements a and b of this union, it is not the case that a ∈ aclM ({b}) (by the deﬁnition of these three bases). It follows, since T is trivial, that B0 ∪ B1 ∪ B2 is an independent set. So B0 ∪ B1 is a basis for A, B0 ∪ B2 is a basis for C, and B0 ∪ B1 ∪ B2 is a basis for A ∪ C. Equation (5.1) clearly holds. A strongly minimal theory is nonlocally modular if it is not locally modular. To demonstrate an example of a nonlocally modular strongly minimal theory, we consider the complex numbers. Recall that the set C of complex numbers consists of all numbers of the form a + bi where a and b are real numbers an i is the square root of −1. Complex numbers are added and multiplied as follows: (a + bi) + (c + di) = (a + c) + (b + d)i, and (a + bi) · (c + di) = ac + adi + bci + bd(−1) = (ac − bd) + (ad + bc)i In this way, we can view the complex numbers as a Var -structure C. This structure is a ﬁeld (the multiplicative inverse of a + bi is a/(a2 + b2 ) − b/(a2 + b2 )i). We axiomatize the theory T h(C). We use without proof the Fundamental Theorem of Algebra. This theorem states that, for any nonconstant polynomial p(x) having coeﬃcients in C, there exists a solution in C to the equation p(x) = 0. Moreover, there are no more than d such solutions where d is the degree of the polynomial. Deﬁnition 5.117 The theory of algebraically closed ﬁelds, denoted TACF , is the Var -theory axiomatized by: • the axioms for the theory of ﬁelds TF , and • ∀y1 · · · ∀yn ∃x(xn + y1 · xn−1 + · · · + yn−1 · x + yn = 0) for each n ∈ N (where xn is an abbreviation for the Var -term x · x · · · · · x). Lemma 5.118 Let F be a ﬁeld. There exists an extension F˜ of F that models TACF .

254

First-order theories

Proof Note that the axioms for the theory of ﬁelds Tf are each ∀2 -sentences. By Proposition 5.76, F has an extension that is existentially closed with respect to Tf . By deﬁnition, any existentially closed ﬁeld is algebraically closed. The theory TACF of algebraically closed ﬁelds is not complete. By previous proposition, every ﬁeld can be extended to a model of TACF . In particular, ˜ 7 that models TACF . This the ﬁeld F7 from Example 5.107 has an extension F structure is not elementarily equivalent to C. To see this, let θ7 be the sentence ˜ 7 |= θ7 and C |= ¬θ7 . (1 + 1 + 1 + 1 + 1 + 1 + 1 = 0). Then F Deﬁnition 5.119 Let p be a prime number. Let θp be the Var -sentence saying that p·1 = 0. The theory of algebraically closed ﬁelds of characteristic p, denoted TACF p , is the deductive closure of TACF ∪ {θp }. To axiomatize C, we must include the negations of the θp . Deﬁnition 5.120 The theory of algebraically closed ﬁelds of characteristic 0, denoted TACF 0 , is the deductive closure of TACF ∪ {¬θp |p is prime}. We claim that TACF 0 is the complete Var -theory of C. Proposition 5.121 TACF 0 has quantiﬁer elimination. Proof We use condition (ii) of Proposition 5.58. Let M |= T and let (a1 , . . . , an ) and (b1 , . . . , bn ) be n-tuples from the universe U of M that satisfy the same atomic formulas in M . We must show that for any an+1 ∈ U there exists bn+1 in the universe of an elementary extension N of M such that (a1 , . . . , an , an+1 ) and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in N . We break the proof of this into two cases. In case 1, we are able to take N to be equal to M . Case 1: an+1 is a root of some polynomial having coeﬃcients among A = {a1 , . . . , an }. That is, M |= p(an+1 ) = 0 for some polynomial p(x) having coefﬁcients in A. We may assume that p(x) = 0 has the least number of solutions among all such polynomials (so p(x) is the minimal polynomial over A). Let q(x) be the polynomial obtained by replacing each occurrence of ai in p(x) with bi (for each i = 1, . . . , n). Since M is algebraically closed, M |= q(bn+1 ) = 0 for some bn+1 ∈ U . Since p(x) is minimal, (a1 , . . . , an , an+1 ) and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in M . This can be shown in the same way that Claim 2 was proved in the proof of Lemma 5.98. Case 2: an+1 is not a root of any polynomial having coeﬃcients among A = {a1 , . . . , an }. Let N be an elementary extension of M such that |N | > |M |. Since there are only countably many polynomials having coeﬃcients in A and each has only ﬁnitely many roots, there must exist bn+1 in the universe of N that is not a root of any of them. Clearly (a1 , . . . , an , an+1 ) and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in N .

First-order theories

255

Proposition 5.122 TACF 0 is a nonlocally modular strongly minimal theory. Proof Let M be an arbitrary model of TACF 0 . To show that TACF 0 is strongly minimal, it suﬃces to show that every atomic Var (M )-formula θ(x) deﬁnes either a ﬁnite or co-ﬁnite subset of the underlying set of M (by Proposition 5.88). Atomic Var (M )-formulas are TF -equivalent to formulas of the form p(x) = 0 where p(x) is a polynomial having coeﬃcients from the universe of M . Strong minimality follows from the fact that polynomials have ﬁnitely many roots. It remains to be shown that TACF 0 is not locally modular. Let a, b, and c be elements from a model M of TACF 0 such that dimM (a, b, c) = 3. Let A = aclM ({a, b}) and let B = aclM ({a + b · c, c}). Then dimM (A) = dimM (B) = 2 and dimM (A ∪ B) = 3. We state without proof the following fact: if d ∈ A ∩ B, then d ∈ aclM (∅). From this we see that dimM (A ∩ B) = 0 and TACF 0 is not modular. Corollary 5.123 TACF 0 is complete and uncountably categorical. It follows that TACF 0 is the complete theory of C. What does this fact tell us about the complex numbers? By quantiﬁer elimination, we know that any Var -formula ϕ is TACF 0 -equivalent to some quantiﬁer-free Var -formula ψϕ . Let us consider some speciﬁc formulas ϕ. For each n ∈ N, let pn (x, y0 , y1 , . . . , yn ) be the polynomial y0 + y1 · x + y2 · x2 + · · · + yn · xn = 0. Let ϕ(y0 , . . . , yn ) be the formula ∃xp(x, y0 , y1 , . . . , yn ) = 0. Since TACF 0 has quantiﬁer elimination, we know that this formula is TACF 0 -equivalent to a quantiﬁer-free Var -formula. However, TACF 0 implies every polynomial has a root. So the formula ϕ(y0 , y1 , . . . , yn ) holds for all y0 , . . . , yn in any model of TACF 0 . It follows that ϕ(y0 , y1 , . . . , yn ) is TACF 0 -equivalent to the quantiﬁerfree formula 1 = 1. Do not try to impress your complex analysis professor with this fact. Now, for any n, m ∈ N, let θn,m (y0 , . . . , yn , z0 , . . . , zm ) be the formula ∃x(pn (x, y0 , . . . , yn ) = 0 ∧ pm (x, z0 , . . . , zm ) = 0). This formula asserts that the two polynomials share a root. Whether or not this is true depends on the coeﬃcients (y0 , . . . , yn ) and (z0 , . . . , zm ) of the two polynomials. Since TACF 0 has quantiﬁer-elimination, there must exists a quantiﬁer-free formula ψθ (y0 , . . . , yn , z0 , . . . , zm ) that holds if and only if the two polynomials have a common root. This is not obvious. In fact, θn,m (y0 , . . . , yn , z0 , . . . , zm )

256

First-order theories

holds if and only if the determinate of the following matrix is not zero:

y0 0 . . 0 z0 0 . 0

y1 y0

. . . yn y1 . . .

0 z1 z0

...

...

0

0 ...

z1

0 yn ... ... y0 ...

... z0

z1

0 0

y1 zm

... ...

0 zm

... ... 0 ...

0 0 . . yn . 0 0 .

. . . zm

The determinant of this matrix is called the resultant of the two polynomials pn (x, y0 , . . . , yn ) and pm (x, z0 , . . . , zm ). Since the determinant is an algebraic expression in (y0 , . . . , yn , z0 , . . . , zm ), we can say that this determinate equals zero with a quantiﬁer-free Var -formula ϕθ (y0 , . . . , yn , z0 , . . . , zm ). Now suppose that we have k polynomials of the form pn (x, y0 , . . . , yn ). Let y¯ be the k ·(n+1)-tuple consisting of the coeﬃcients of these polynomials. Suppose we want to determine whether there exists a number that is simultaneously the root of each of these k polynomials. Since TACF 0 has quantiﬁer elimination, there exists some quantiﬁer-free expression having y¯ as variables that determines this. That is, there exist analogues for the resultant that work for each k > 2. The perspective of model theory is somewhat askew compared to other branches of mathematics. The light shed by model theory will not fully illuminate a structure in all of its detail. However, it can bring to light certain features of a structure that are shaded by other approaches. As a basic example, we have the fact that there exist resultants for several polynomials in several variables. That is, there exists a polynomial P (¯ y ) in the coeﬃcients y¯ of the given polynomials such that P (¯ y ) = 0 if and only if the polynomials have a common zero. Model theory provides an immediate proof of this fact, but it does not provide a description of the polynomial P (¯ y ). Resultants provide a superﬁcial example of the deep relationship between model theory and other branches of mathematics. Not only have model theoretic methods shed new light on various branches of mathematics, these methods have yielded results at the forefront of research. Most notable is Ehud Hrushovski’s 1996 proof of the Mordell–Lang conjecture for function ﬁelds. Implementing model-theoretic tools (such as strong minimality), Hrushovski answered in the aﬃrmative this long standing conjecture of algebraic geometry. The statement of this conjecture (not to mention the proof) is beyond the scope of this book. We consider an application of model theory to algebraic geometry that is far more fundamental.

First-order theories

257

5.9 Some algebraic geometry The model-theoretic properties of C provide elementary proofs for some fundamental theorems of algebraic geometry. In this section, we give one prominent example known as Hilbert’s Nullstellensatz. Algebraic geometry arises from the interplay between the algebra of polynomial equations and the geometry of the solutions of these equations. Let C[x1 , . . . , xn ] denote the set of all polynomials having variables x1 , . . . , xn and coeﬃcients in C. Each f (x1 , . . . , xn ) in C[x1 , . . . , xn ] deﬁnes a subset of Cn , namely Vf = {(x1 , . . . , xn ) ∈ Cn |f (x1 , . . . , xn ) = 0}. The set of solutions of a polynomial in two variables is called an algebraic curve. More speciﬁcally, if f (x, y) is a polynomial having complex coeﬃcients, then Vf is a complex algebraic curve. Example 5.124 Consider the polynomials f (x, y) = x3 − xy + x2 y − y 2 , and g(x, y) = x4 + 2x3 y + x2 y 2 − x2 y + 2xy 2 + y 3 . These two polynomials deﬁne the same complex algebraic curves. This is because they factor as f (x, y) = (x2 − y)(x + y) and g(x, y) = (x2 − y)(x + y)2 . Since they have the same factors, they have the same curves. Whether we plot f (x, y) = 0 or g(x, y) = 0 in the real plane, we will see the union of the parabola deﬁned by y = x2 and the line y = −x. Likewise, the complex curves deﬁned by these polynomials are identical. Deﬁnition 5.125 A polynomial f ∈ C[x1 , . . . , xn ] is irreducible if it cannot be factored as f (x1 , . . . , xn ) = p(x1 , . . . , xn ) · q(x1 , . . . , xn ) for two nonconstant polynomials p(x1 , . . . , xn ) and q(x1 , . . . , xn ) in C[x1 , . . . , xn ]. The polynomials f (x, y) and g(x, y) from the previous example are not irreducible. These polynomials have the two irreducible factors corresponding to the irreducible curves given by the line and the parabola. Hilbert’s Nullstellensatz states that two polynomials in C[x, y] deﬁne the same curves if and only if they have the same irreducible factors. As the following example shows, this is not true when restricted to the real numbers. Example 5.126 Let h(x, y) = (x2 + 1)(x2 − y)(x + y). Since (x2 + 1) is not zero for any real numbers, h(x, y) deﬁnes the same curve in R2 as the polynomials f (x, y) and g(x, y) from the previous example. In C2 , however, h(x, y) has the root (i, 0) that is not a root of f (x, y). So the complex algebraic curve deﬁned by h(x, y) is not the same as the curve deﬁned by f (x, y).

258

First-order theories

Theorem 5.127 (Hilbert’s Nullstellensatz) Let g(x, y) and h(x, y) be two polynomials having complex coeﬃcients. The complex algebraic curves deﬁned by g(x, y) and h(x, y) are the same if and only if g(x, y) and h(x, y) have the same irreducible factors. Proof A point (a, b) ∈ C2 is on the curve deﬁned by g(x, y) if and only if g(a, b) = 0. This happens if and only if p(x, y) = 0 for some irreducible factor p of g. It follows that if g(x, y) and h(x, y) have the same irreducible factors, then g(x, y) and h(x, y) deﬁne the same curves. Conversely, suppose that g(x, y) and f (x, y) do not have the same irreducible factors. Let p(x, y) be an irreducible factor of g(x, y) that is not a factor of h(x, y). We show that there exists (a, b) ∈ C2 such that p(a, b) = 0 and h(a, b) = 0. If we show this, then we can conclude that the curves deﬁned by g(x, y) and f (x, y) are not the same. Let P be the set of all polynomials in C[x, y] that have p(x, y) as a factor. Then g(x, y) ∈ P and h(x, y) ∈ P . For each f (x, y) ∈ C[x, y], let f (x, y) + P denote the set {f (x, y) + q(x, y)|q(x, y) ∈ P }. Note that f1 (x, y) + P = f2 (x, y) + P if and only if the polynomial f1 (x, y) − f2 (x, y) is in P . In particular, f (x, y) + P = P if and only if f (x, y) is in P . Let CP = {f (x, y) + P |f (x, y) ∈ C[x, y]}. So CP is a set of sets. We deﬁne a Var -structure N having CP as its underlying set. The Var structure N interprets the constants 0 and 1 as the elements P and 1 + P , respectively. We next deﬁne addition and multiplication for this structure. For f1 (x, y) and f2 (x, y) in C[x, y] let: (f1 + P ) + (f2 + P ) = (f1 + f2 ) + P , and (f1 + P ) · (f2 + P ) = (f1 · f2 ) + P . This completes our description of the Var -structure N = (CP |0, 1, +, ·). We claim that e : C → N deﬁned by e(a) = a + P is an embedding. We leave the veriﬁcation of this to the reader. The range Ce of e is a substructure of N that is isomorphic to C. For any f (x, y) ∈ C(x, y), let fe (x, y) be the result of applying e to each coeﬃcient of f (x, y). By the deﬁnition of addition and multiplication in N , fe (x, y) = f (x, y) + P . For example, if f (x, y) = 2x + 5xy 2 , then fe (x, y) = e(2)x + e(5)xy 2 = (2 + P )x + (5 + P )xy 2 = 2x + 5xy 2 + P .

First-order theories

259

Claim N |= ∃w∃z(pe (w, z) = 0 ∧ he (w, z) = 0). Proof This is witnessed by the elements x + P and y + P of CP . We have pe (x+P , y+P ) = p(x+P , y+P )+P (by the deﬁnition of pe ), and p(x+P , y+P ) = p(x, y) + P (by the deﬁnition of + and · in N ). So we have pe (x + P , y + P ) = (p(x, y) + P ) + P = (p(x, y) + P ) + (0 + P ) = p(x, y) + P . Since p(x, y) ∈ P , p(x, y) + P = P . Since N interprets 0 as the element P , N |= pe (x + P , y + P ) = 0. Likewise, he (x+P , y+P ) = h(x, y)+P . Since h(x, y) is not in P , h(x, y)+P = P , and N |= he (x + P , y + P ) = 0. Thus the claim is veriﬁed. We further claim that N is a ﬁeld. The axioms TF are easily veriﬁed. We leave this veriﬁcation to the reader. By Proposition 5.118, there exists an extension M of N that models TACF 0 . Since M is an extension of the model Ce and TACF 0 is model-complete, M is an elementary extension of Ce . We have Ce |= ∃w∃z(pe (w, z) = 0 ∧ he (w, z) = 0) (since Ce ≺ M ), and C |= ∃w∃z(p(w, z) = 0 ∧ h(w, z) = 0) (since e : C → Ce is an isomorphism). By the semantics of ∃, C |= (p(a, b) = 0 ∧ h(a, b) = 0) for some (a, b) ∈ C2 as we wanted to show.

Exercises 5.1.

A theory T is ∀1 -axiomatizable if it has an axiomatization consisting of universal sentences. (a) Prove that T is ∀1 -axiomatizable if and only if for every M |= T and every A ⊂ M , A is a model of T . (b)

5.2.

A theory T is ∃1 -axiomatizable if it has an axiomatization consisting of existential sentences. (a) Prove that T is ∃1 -axiomatizable if and only if for any model M of T and any embedding f : M → N , N is also a model of T . (b)

5.3.

Find an example of a complete ∀1 -axiomatizable theory or show that no such theory exists.

Find an example of a complete ∃1 -axiomatizable theory or show that no such theory exists.

Show that the following are equivalent: (i) T is ﬁnitely axiomatizable. (ii)

T is axiomatized by a single sentence.

(iii)

Any axiomatization of T has a ﬁnite subset that axiomatizes T .

260

5.4.

First-order theories

Show that the following theories are not ﬁnitely axiomatizable: (a) The theory Ts of the integers with a successor function. (b) The theory TRG of the random graph. (c)

The theory TACF 0 of algebraically closed ﬁelds of characteristic 0.

5.5.

Let T be a complete VE -theory that contains the theory of equivalence relations TE . Show that T is ﬁnitely axiomatizable if and only if T has a ﬁnite model.

5.6.

Let Γ1 be the set of V< -sentences that hold in every ﬁnite model of TLO . Let Γ2 be the set of sentences saying that there exist at least n elements for each n ∈ N. Let TF LO be the set V< -sentences that can be derived from Γ1 ∪ Γ2 . (a) Show that TF LO is a theory. (b) Show that TF LO is quasi-ﬁnitely axiomatizable. (c)

5.7.

Show that TF LO is not κ-categorical for any κ.

Let T1 and T2 be bi-deﬁnable theories each having ﬁnite vocabularies. (a) Show that T1 is complete if and only if T2 is. (b) Show that T1 is ﬁnitely axiomatizable if and only if T2 is. (c)

Show that T1 is quasi-ﬁnitely axiomatizable if and only if T2 is.

(d) Show that T1 is κ-categorical if and only if T2 is. (e) 5.8.

Let VP be the vocabulary consisting of a single unary relation P . Let T be a complete VP -theory having inﬁnite models. (a) Show that T is countable categorical. (b)

5.9.

Show that T1 is strongly minimal if and only if T2 is.

Give examples showing that T may or may not be totally categorical.

Show that there exists a complete quasi-ﬁnitely axiomatizable V-theory having inﬁnite models for every ﬁnite vocabulary V.

5.10. For any ﬁrst-order sentence ϕ, let Spec(ϕ) denote the ﬁnite spectrum of ϕ (as deﬁned in Exercise 2.3). Show that either Spec(ϕ) or Spec(¬ϕ) is coﬁnite. (Hint: Use the previous exercise.) 5.11. Let VE be the vocabulary consisting of a single binary relation E. Let M be an inﬁnite VE -structure that interprets E as an equivalence relation. Suppose that each equivalence class of M has the same size. (a) Show that T h(M ) is countably categorical. (b) Show that T h(M ) is uncountably categorical if and only if the equivalence classes are ﬁnite. (c)

Show that T h(M ) has quantiﬁer elimination.

First-order theories

261

5.12. Let VE be the vocabulary consisting of a single binary relation E. Let T be the VE -theory saying that E is an equivalence relation having inﬁnitely many equivalence classes of size 3, inﬁnitely many equivalence classes of size 5, and no other equivalence classes. (a) Axiomatize T . (b) How many models of size ℵ0 does T have up to isomorphism? (c)

How many models of size ℵ1 does T have up to isomorphism?

(d) Show that T does not have quantiﬁer elimination. (e)

Show that T is model-complete.

5.13. Show that TDLO has 2ℵ0 nonisomorphic models of size 2ℵ0 . + = {<, Pb , Ps } be the vocabulary consisting of a single binary 5.14. Let V< − + be the V< relation < and two unary relations Pb and Ps . Let TDLOE theory axiomatized by the V< -sentences δ1 –δ5 in Section 5.3 together with + -sentences: the following two V<

δ6 : ∀x∀y(Ps (x) → ¬(y < x)) δ7 : ∀x∀y(Pb (x) → ¬(x < y)). So Ps (x) means x is small and Pb (X) means x is big. − is incomplete. (a) Show that TDLOE − has exactly four countable models up to isomorphism. (b) Show that TDLOE

(c)

− has quantiﬁer elimination. Show that TDLOE

5.15. Let V< (C) be the vocabulary {<, c1 , c2 , c3 , . . .} consisting of a binary relation < and a denumerable set of constants. Let TCDLO be the complete expansion of TDLO to a V + (C)-theory that says ci < cj if and only if i < j. (a) Show that TCDLO has exactly three countable models up to isomorphism. (b) Show that TCDLO is complete. (c)

Show that TCDLO has quantiﬁer elimination.

5.16. Let VE be the vocabulary consisting of a single binary relation E. Let TE be the VE -theory that says E is an equivalence relation. Let M be a model of TE that has exactly one equivalence class of size n for each n ∈ N and no other equivalence classes. (a) Axiomatize T h(M ). (b) Show that T h(M ) is not ﬁnitely axiomatizable. (c) Show that M is not κ-categorical for any κ. Let V + = {E, f } where f is a unary function. Let ϕ+ be the V + -sentence saying for each x there exists a unique y such that both E(x, y) and

262

First-order theories ∀z(¬f (z) = y). Let M + be an expansion of M to a V + -structure that interprets f as a one-to-one and onto function and models ϕ+ . (d) Show that T h(M + ) is ﬁnitely axiomatizable. (e)

Show that T h(M + ) is not κ-categorical for any κ.

5.17. Let M and M + be as in Exercise 5.16. (a) Show that M is minimal but not strongly minimal. (b)

Show that M + is not minimal.

5.18. Complete the proof of Proposition 5.58 by showing that T has quantiﬁer elimination if and only if condition (ii) holds. 5.19. Let T be a countable complete theory. Show that T has quantiﬁer elimination if and only if condition (ii) from Proposition 5.58 holds for all countable models M of T . 5.20. Let B be the set of all ﬁnite sequences of 0s and 1s (including the empty sequence). Let M = (B|S) be the structure in the vocabulary of a single binary relation S that interprets S as follows. For sequences s1 and s2 in B, M |= S(s1 , s2 ) if and only if s2 is obtained by adding a 0 or a 1 to the end of s1 . So S is a successor relation and every element of B has exactly two successors and at most one predecessor. (a) Show that T h(B) is bi-deﬁnable with a model-complete theory that has a ﬁnite relational vocabulary. (Include a constant for the element having no predecessor.) (b) Show that any theory in a ﬁnite relational vocabulary that is bideﬁnable with T h(B) cannot have quantiﬁer elimination. (c)

Show that B is a strongly minimal structure.

5.21. Let VP s be the vocabulary consisting of denumerably many unary relations P1 , P2 , P3 , . . . and let I and O be disjoint ﬁnite subsets of N. Let ϕI,O (x) be the VP s -formula i∈I Pi (x) ∧ i∈O ¬Pi (x). This formula says that x is in each of the sets deﬁned by Pi for i ∈ I and outside each of the sets deﬁned by Pi for i ∈ O. Let TP be the VP s theory axiomatized by the sentences saying that there exist at least n elements satisfying ϕI,O for each n in N and any ﬁnite disjoint subsets I and O of N. (a) Show that TP has quantiﬁer elimination. (b)

Show that TP is not κ-categorical for any κ.

5.22. An automorphism of a structure M is an isomorphism f : M → M from M onto itself. Let T be a countable complete theory. (a) Suppose that, for any M |= T and tuples (a1 , . . . , an ) and (b1 , . . . , bn ) satisfying the same atomic formulas in M , there is an automorphism

First-order theories

263

f of M with f (ai ) = bi for i = 1, . . . , n. Show that T has quantiﬁer elimination. (b)

Suppose that T has quantiﬁer elimination. Show that, for any M |= T and tuples (a1 , . . . , an ) and (b1 , . . . , bn ) satisfying the same atomic formulas in M , there exist an elementary extension N of M and an automorphism f of N with f (ai ) = bi for i = 1, . . . , n.

5.23. Let TE = T h(M2 ) where M2 is the countable VE -structure deﬁned in Example 5.18. Let Ts = T h(Zs ) where Zs is the Vs -structure deﬁned in Example 5.20. We deﬁne a theory T that contains both of these theories. Let V be the vocabulary {E, s}. Let T be the set of all V-sentences that can be derived from the set TE ∪ Ts ∪ {∀x∀y(s(x) = y → E(x, y))}. (a) Show that T is complete. (b)

Refer to Exercise 5.22. Demonstrate a model M of T and tuples (a1 , . . . , an ) and (b1 , . . . , bn ) from the universe of M such that • (a1 , . . . , an ) and (b1 , . . . , bn ) satisfy the same atomic formulas in M , and • there is no automorphism f of M for which f (ai ) = bi for i = 1, . . . , n.

(c)

Show that T has quantiﬁer elimination.

5.24. Let T be a theory. Prove that T is model-complete if and only if, for any model M of T , T ∪ D(M ) is complete. 5.25. Let T be a theory. Let M be a model of T that can be embedded into any model of T . Show that if T is model-complete, then T is complete. 5.26. Show that T is model-complete if and only if, for any models M and N of T with M ⊂ N , there exists an elementary extension M of M such that M ⊂ N ⊂ M . 5.27. Let T be a model-complete theory. Let T∀∃ be the set of all ∀2 -sentences ϕ such that T ϕ. Show that M |= T∀∃ if and only if M |= T . (Hint: Show that every model of T∀∃ has an elementary extension that is the union of a chain of models of T .) 5.28. Let T be a theory and let M be a model of T . Show that M is existentially closed with respect to T if and only if M is existentially closed with respect to T∀ . 5.29. Show that the following theories have the amalgamation property: (a) The theory of graphs TG . (b) The theory of linear orders TLO . (c)

The theory of ﬁelds TF .

264

First-order theories

5.30. Let T be a theory. A theory T is the model-companion of T if T∀ = T∀ and T is model-complete. (a) Show that TRG is the model-companion of TG . (b) Show that TDLO is the model-companion of TLO . (c)

Show that TACF is the model-companion of TF .

5.31. Refer to the previous two exercises. Prove that if T has the amalgamation property and T is the model-companion of T , then T has quantiﬁer elimination. 5.32. Verify that aclM (aclM (A)) = aclM (A) for any structure M and any subset A of the underlying set of M . 5.33. Let M be a strongly minimal V-structure having underlying set U . Let ϕ(x, y) be a V-formula having two free variables. Show that there exists n ∈ N such that, for all a ∈ U : |ϕ(a, M )| is inﬁnite if and only if |ϕ(a, M )| ≥ n. Show that this is not true for the minimal structure M from Exercise 5.17. 5.34. Let M be a structure and let f : A → B be an M -elementary function between subsets A and B of M . Show that A is algebraically closed if and only if B is algebraically closed. 5.35. Let G be a graph having a strongly minimal theory. Let a and b be vertices of G such that dimG (a, b) = 2. Let dG (a, b) be the length of the shortest path (in G) from a to b if such a path exists and ∞ otherwise. Prove that there are exactly three possible values for dG (a, b) (including ∞). 5.36. Let T be a strongly minimal theory. Show that the following are equivalent. (i) T is locally modular. (ii)

If T is expanded by adding one constant to the vocabulary, then the result is modular.

(iii)

Some expansion of T by constants is modular.

5.37. Let T be a strongly minimal theory. Show that the following are equivalent. (i) T is modular. If c ∈ aclM (A ∪ {b}), then c ∈ aclM ({a, b}) for some a ∈ A for any model M of T and any subset A ∪ {b} of the underlying set of M with aclM (A) = A. (Hint: To show (ii) implies (i) use induction on n = dimM (A).) (ii)

First-order theories

265

5.38. Let Rf = {R|f , <, +, ·, 0, 1} be an expansion of Ror where f is a unary function. (a) Show that if Rf interprets f (x) as a polynomial, then Rf is o-minimal. (Use the fact that Ror is o-minimal.) (b) Show that if Rf interprets f (x) as sin(x), then Rf is not o-minimal. (c)

For any real number x, the ﬂoor of x, denoted "x#, is greatest integer less than or equal to x. Show that if Rf interprets f (x) as "x#, then Rf is not o-minimal.

5.39. Let M be a V-structure and let A be a subset of the universe U of M . The deﬁnable closure of A in M , denoted dclM (A), is the set of all d ∈ U such that M |= ∀x(x = d ↔ ϕ(x)) for some V(A)-formula ϕ(x). (The formula ϕ(x) is said to deﬁne the unique element d over A.) Show that if M is o-minimal, then dclM (A) = aclM (A) for all A ⊂ U . Show that this is not necessarily true if M is strongly minimal. 5.40. Show that TRG is not uncountably categorical. 5.41. We randomly construct a graph having vertices V = {v1 , v2 , v3 , . . .}. For each pair of vertices vi and vj , we ﬂip a coin. If the coin lands heads up, vi and vj share an edge. Otherwise, they do not share an edge. Suppose that our coin is unfair. Say that our coin lands heads up only 1 out of 1000 times. Show that (after ﬂipping the coin inﬁnitely many times) the resulting random graph will be isomorphic to GR (with probability 1). 5.42. We deﬁne a graph having N as vertices. Any natural number n can be uniquely factored as pa1 1 · pa2 2 · pa3 3 · · · pamm where the pi s are distinct primes. We say that each of the exponents ai in this factorization are “involved in n.” We now deﬁne our graph: two natural numbers a and b share an edge if and only if either a is involved in b or b is involved in a. Show that the resulting graph is isomorphic to the random graph. 5.43. Show that for every substructure A of the random graph GR , either GR ∼ = A or GR ∼ = (GR − A) (where (GR − A) is the substructure having the vertices that are not in A as an underlying set). 5.44. Show that the 0–1 law fails for vocabularies that are not relational. (Hint: Consider the sentence ∃xf (x) = x.) 5.45. Let TACF p be the Var -theory of algebraically closed ﬁelds of characteristic p (for prime p). Prove that, for any Var -sentence ϕ, the following are equivalent: (i) TACF 0 |= ϕ,

266

First-order theories

(ii)

TACF p |= ϕ for suﬃciently large primes p, and

(iii) TACF p |= ϕ for arbitrarily large primes p. 5.46. Algebraically closed ﬁelds of any characteristic are necessarily inﬁnite. However, every ﬁnite subset of TACF p has arbitrarily large ﬁnite models for any prime p. Using this fact (and the previous exercise) prove Ax’s theorem. Ax’s theorem: Let f (x) be a polynomial having complex coeﬃcients. If f : C → C is one-to-one, then f is onto.

6

Models of countable theories

We deﬁne and study types of a complete ﬁrst-order theory T . This concept allows us to reﬁne our analysis of M od(T ). If T has few types, then M od(T ) contains a uniquely deﬁned smallest model that can be elementarily embedded into any structure of M od(T ). We investigate the various properties of these small models in Section 6.3. In Section 6.4, we consider the “big” models of M od(T ). For any theory, the number of types is related to the number of models of the theory. For any cardinal κ, I(T , κ) denotes the number of models in M od(T ) of size κ. We prove two basic facts regarding this cardinal function. In Section 6.5, we show that if T has many types, then I(T , κ) takes on its maximal possible value of 2κ for each inﬁnite κ. In Section 6.6, we prove Vaught’s theorem stating that I(T , ℵ0 ) cannot equal 2. All formulas are ﬁrst-order formulas. All theories are sets of ﬁrst-order sentences. For any structure M , we conveniently refer to an n-tuple of elements from the underlying set of M as an “n-tuple of M .”

6.1 Types The notion of a type extends the notion of a theory to include formulas and not just sentences. Whereas theories describe structures, types describe elements within a structure. Deﬁnition 6.1 Let M be a V-structure and let a ¯ = (a1 , . . . , an ) be an n-tuple of a), is the set of all V-formulas ϕ(¯ x) having M . The type of a ¯ in M , denoted tpM (¯ ¯ is replaced by free variables among x1 , . . . , xn that hold in M when each xi in x a) = {ϕ(¯ x)|M |= ϕ(¯ a)}. ai . More concisely, but less precisely: tpM (¯ a) contains at most n free If a ¯ is an n-tuple, then each formula in tpM (¯ variables but may contain fewer. In particular, the type of an n-tuple contains a) contains T h(M ) as a sentences. For any structure M and tuple a ¯ of M , tpM (¯ a) provides the complete ﬁrst-order description of the tuple subset. The set tpM (¯ a ¯ and how it sits in M . This description is not necessarily categorical; many tuples within the same structure may have the same type. Example 6.2 Let Q< be the structure (Q| <) that interprets < as the usual order on the rational numbers. This structure is a model of the theory TDLO of dense linear orders discussed in Section 5.4. Consider the four-tuple (−2, −1, 1, 2). The

268

Models of countable theories

type tpQ< (−2, −1, 1, 2) contains the formulas x1 < x2 , x2 < x3 , and x3 < x4 . ¯ = (a1 , a2 , a3 , a4 ) Since TDLO has quantiﬁer elimination, for any four-tuple a a) is the same as of rational numbers, if a1 < a2 < a3 < a4 then tpQ< (¯ tpQ< (−2, −1, 1, 2). Deﬁnition 6.3 Let Γ be a set of formulas having free variables among x1 , . . . , xn . a) for some tuple a ¯ A structure M realizes Γ if Γ is a nonempty subset of tpM (¯ of M . Otherwise, M is said to omit Γ. The set Γ is realizable if it is realized in some structure. Note the distinction between the terms realizable and satisﬁable. The set a) is realizable by deﬁnition, but rarely is tpM (¯ a) satisﬁable (see ExertpM (¯ a) contains formulas that are not sentences. Recall cise 6.4). This is because tpM (¯ that a formula ϕ(¯ x) is equivalent to the sentence ∀¯ xϕ(¯ x). So when we say that a formula ϕ(x1 , . . . , xn ) is satisﬁable, we mean that it holds for all n-tuples of a structure. When we say that ϕ(x1 , . . . , xn ) is realizable, we mean that it holds for some n-tuple of a structure. We now deﬁne the key concept of this chapter. Deﬁnition 6.4 An n-type is a realizable set of formulas having free variables among x1 , . . . , xn . A type is an n-type for some n. a) are examples of types. Moreover, these are the only The sets tpM (¯ a) for some M examples we need to consider. Every type is a subset of tpM (¯ a) are called complete types. Types that are not complete and a ¯. The types tpM (¯ are called partial types. We typically use p, q, and r to denote types (Γ is used to denote arbitrary sets of formulas). We often write a type with its free variables as p(x1 , . . . , xn ). The notation p(t1 , . . . , tn ) represents the set of formulas obtained by replacing each xi with the term ti . Since types are generally not satisﬁable, they are not consistent. This is unfortunate. Much of the previous chapters has been devoted to consistent sets of formulas. We can recover results from the previous chapters and apply them to types by making the following observation: the formula ϕ(x) is realizable if and only if the sentence ϕ(c) is satisﬁable for some constant c. We state this more generally as the following proposition. Proposition 6.5 Let Γ(x1 , . . . , xn ) be a set of formulas having free variables among x1 , . . . , xn . Let c1 , . . . , cn be constants not in the vocabulary of Γ. Then Γ(x1 , . . . , xn ) is realizable if and only if Γ(c1 , . . . , cn ) is satisﬁable. Proof Γ(x1 , . . . , xn ) is realizable if and only if Γ(x1 , . . . , xn ) is a subset of tpM (¯ a) for some M and a ¯.

Models of countable theories

269

This happens if and only if M |= Γ(c1 , . . . , cn ) where M is an expansion of ¯ of M . M that interprets the constants c1 , . . . , cn as the tuple a So for any realizable set of formulas, there is a closely related set of sentences that is satisﬁable. This allows us to apply properties regarding satisﬁability to types that are not satisﬁable. In particular, the Compactness theorem remains true when “satisﬁable” is replaced with “realizable.” Proposition 6.6 Let Γ(x1 , . . . , xn ) be a set of formulas having free variables among x1 , . . . , xn . Every ﬁnite subset of Γ is realizable if and only if Γ is realizable. Proof Let c1 , . . . , cn be constants not in the vocabulary of Γ. By Proposition 6.5, Γ(x1 , . . . , xn ) is realizable if and only if Γ(c1 , . . . , cn ) is satisﬁable. By the Compactness theorem, Γ(c1 , . . . , cn ) is satisﬁable if and only in every ﬁnite subset of Γ(c1 , . . . , cn ) is satisﬁable. Finally, again by Proposition 6.5, every ﬁnite subset of Γ(c1 , . . . , cn ) is satisﬁable if and only if every ﬁnite subset of Γ(x1 , . . . , xn ) is realizable. Let T be a complete theory. Any type that is realized in a model of T , whether it is partial or complete, is called a type of T . The set of all complete types of T is denoted S(T ). Equivalently, S(T ) is the set of all complete types that contain T as a subset. We denote by Sn (T ) the set of all n-types in S(T ). Corollary 6.7 Let T be a complete theory and let Γ be a set of formulas having free variables among x1 , . . . , xn . If each ﬁnite subset of Γ is a type of T , then Γ is an type of T . Proof Apply Proposition 6.6 to the set Γ ∪ T . Example 6.8 Let VE be the vocabulary consisting of a single binary relation E. Let M be the V-structure that interprets E as an equivalence relation having exactly one equivalence class of size n for each n ∈ N and no other equivalence classes. Let T = T h(M ). We depict M as follows:

270

Models of countable theories

Each box represents an equivalence class. Each of these equivalence classes determines a unique type in S1 (T ). For any m ∈ N, let pm be the type of an element in the equivalence class containing exactly m elements. Any two such elements have the same type (we cannot distinguish between two elements in the same equivalence class using the vocabulary VE ). Let ϕm be the VE -formula saying that there are exactly m elements equivalent to x1 . Then ϕm (x1 ) ∈ pm and pm is the only type in S1 (T ) that contains ϕm . The set S1 (T ) contains the types p1 , p2 , p3 , and so forth. Given any element a in the universe of M , tpM (a) equals pm , where m is the number of elements in the equivalence class containing a. So M realizes each of the types pm for m ∈ N and no other types. However, there does exist another type in S1 (T ). Consider the set of V-formulas Γ(x1 ) = {¬ϕm (x1 )|m ∈ N}. These formulas say that, for each m ∈ N, there are not exactly m elements equivalent to x1 . Given any ﬁnite subset ∆ of Γ, ∆ ⊂ pm for suﬃciently large m ∈ N. By Corollary 6.7, Γ(x1 ) is a type of T . Let p∞ ∈ S1 (T ) be a complete type containing Γ as a subset. This type says that there exist inﬁnitely many elements equivalent to x1 . This type is not realized in M , but it is realized in an elementary extension of M . Let N1 be the model of T having M as a substructure and also having one denumerable equivalence class and no other inﬁnite equivalence classes. Then N1 realizes the type p∞ as well as the types p1 , p2 , p3 , . . . These are all of the types in S1 (T ). Now consider S2 (T ). This is the set of all 2-types realized in some model of T . Each 2-type contains formulas having at most two free variables (namely x1 and x2 ). For any m and l in N, let pm,l be the complete 2-type that says there are exactly m elements equivalent to x1 and l elements equivalent to x2 . Then pm,l is the unique 2-type containing the two 1-types pm (x1 ) and pl (x2 ) as subsets. Each formula in pm,l can be derived from T ∪ pm (x1 ) ∪ pl (x2 ). In particular, the formula E(x1 , x2 ) is in pm,l if and only if l = m. Consider now the partial 2-type Γ∞,∞ = p∞ (x1 ) ∪ p∞ (x2 ). This 2-type is the union of two complete 1-types, but it is not complete. To obtain a complete 2-type, we must say whether or not x1 is equivalent to x2 . Let p∞,∞ be the complete 2-type that contains Γ∞,∞ and the formula ¬E(x1 , x2 ). This type is not realized in N1 , but it is realized in the elementary extension N2 of N1 that contains exactly two denumerable equivalence classes. Let T be a complete theory and let p be in S(T ). By deﬁnition, p is realized in some model of T . As the previous example indicates, something stronger is true. Given any M |= T there exists an elementary extension N of M that realizes p. Proposition 6.9 Let T be a complete theory and let M |= T . Each type in S(T ) is realized in some elementary extension of M .

Models of countable theories

271

Proof Let p be an n-type in S(T ). Let ED(M ) be the elementary diagram of M . Let c1 , . . . , cn be constants that do not occur in ED(M ). By the Joint Consistency lemma 4.63, ED(M )∪p(c1 , . . . , cn ) is consistent. By Proposition 4.27, there exists a model N of ED(M ) ∪ p(c1 , . . . , cn ). This model realizes p and is an elementary extension of M .

6.2 Isolated types A type in S(T ) may be realized in some models of T and omitted in others. In this section, we focus on those types in S(T ) that are realized in every model of T . Deﬁnition 6.10 Let T be a complete theory and let p be an n-type in Sn (T ). If there exists some formula θ ∈ p such that p is the only type in Sn (T ) containing θ, then p is said to be isolated in Sn (T ) and the formula θ is said to isolate p in Sn (T ). A partial n-type is an isolated type of T if it is contained in a complete type that is isolated in Sn (T ). Otherwise, it is a nonisolated type of T . Our goal for this section is to show that the isolated types of T are realized in every model of T and that, for countable T , these are the only types realized in every model of T . Example 6.11 In Example 6.8, the type pm is isolated by the formula ϕm for each m in N. These are the only isolated types in S1 (T ). Likewise, the 2-types pm,l for m and l in N are the only isolated types of S2 (T ). The isolated types are precisely the types that are realized in M . These types are also realized in every model of T h(M ). Proposition 6.12 Let T be a complete theory and let p be a type of T . If p is isolated, then p is realized in every model of T . Proof Let q be an isolated type in Sn (T ) that contains p. Let θ(¯ x) be a formula that isolates q in Sn (T ). There exists a model M of T that realizes q. In particular, M |= ∃¯ xθ(¯ x). Since T is complete, the sentence ∃¯ xθ(¯ x) is in T . Let N be an arbitrary model of T . By the semantics of ∃, N |= θ(¯ a) for a) is in Sn (T ) and contains θ(¯ x), this type must some tuple a ¯ of N . Since tpN (¯ be q. Since N was an arbitrary model of T , every model realizes q, and, hence, p as well. If the vocabulary is countable, then the converse of Corollary 6.12 holds. If a type of T is realized in every model of a countable theory T , then that type must be isolated. Put another way, every nonisolated type of T is omitted by some model of T . To prove this, we use a Henkin construction to obtain a model that omits a given nonisolated type. The proof of Theorem 4.2 serves a precedent

272

Models of countable theories

for such a construction. The reader may want to refer to that proof. Essentially, the following theorem is proved by adding one step to the proof of Theorem 4.2. Theorem 6.13 (Omitting Types) Let T be a complete theory in a countable vocabulary V. If p is a nonisolated type in S(T ), then there exists a model M of T that omits p. Proof We want to demonstrate a structure that models T and omits p. Let V be the vocabulary of Γ. Let V + = V ∪ {c1 , c2 , c3 , . . .} where each ci is a constant that does not occur in V. Let C denote the set {c1 , c2 , c3 , . . .}. Let D denote the set of V + -terms and let Dn be the set of n-tuples of elements from D. We shall deﬁne a complete V + -theory T + with the following three properties. Property 1 Every sentence of T is in T + . Property 2 For every V + -sentence in T + of the form ∃xθ(x), the sentence θ(ci ) is also in T + for some ci ∈ C. x) in p such that the Property 3 For each d¯ in Dn , there exists a formula ϕ(¯ + ¯ sentence ¬ϕ(d) is in T . As in the proof of Theorem 4.2, Property 2 allows us to ﬁnd a model M + of T + . By Property 1, M + is a model of T . Property 3 ensures that p is not the type of any tuple of V + -terms in Dn . Recall from the proof of Theorem 4.2 that the underlying set of M + is a set of V + -terms. It follows that M + is a model of T that omits p as was required. So if we can successfully deﬁne T + having the above three properties, then this will prove the theorem. We deﬁne T + in stages. Let T0 be T . Since the vocabulary V is countable, V + is denumerable. By Proposition 2.47, there are denumerably many V + -formulas. It follows that there are denumerably many V + -terms and V + -sentences. Let {d¯1 , d¯2 , d¯3 , . . .} be an enumeration of Dn and let {ϕ1 , ϕ2 , ϕ3 . . .} enumerate the set of all V + -sentences. Suppose that Tm has been deﬁned in such a way that Tm is consistent and only ﬁnitely many sentences of Tm contain constants in C. We deﬁne Tm+1 in in the same way that Tm+1 was deﬁned in both two steps. First, we deﬁne Tm+1 Theorems 4.2 and 4.27. Step 1: to be Tm ∪ {¬ϕm+1 }. (a) If Tm ∪ {¬ϕm+1 } is consistent, then deﬁne Tm+1 (b) If Tm ∪{¬ϕm+1 } is not consistent, then Tm ∪{ϕm+1 } is consistent. We divide this case into two subcases. (i) If ϕm+1 does not have the form ∃xθ(x) for some formula θ(x), then just be Tm ∪ {ϕm+1 }. let Tm+1 (ii) Otherwise ϕm+1 has the form ∃xθ(x).

Models of countable theories

273

In this case let Tm+1 be Tm ∪ {ϕm+1 } ∪ {θ(ci )}, where i is such that ci does not occur in Tm ∪ {ϕm+1 }.

We know from the proof of Theorem 4.2 that if Tm is consistent, then so is . This was the ﬁrst claim of that proof. Also, if Tm contains only ﬁnitely Tm+1 . This is because many sentences that use constants from C, then so does Tm+1 Tm+1 is obtained by adding only a sentence or two to Tm . In Step 2, we ensure that the tuple d¯m+1 in the enumeration of Dn does not realize p. ∪ {¬ψ(d¯m+1 )}, where ψ(¯ x) is any formula in p such Step 2: Let Tm+1 = Tm+1 that Tm+1 is consistent. We must verify that such a formula ψ(¯ x) ∈ p exists. Let Θ(¯ c, d¯m+1 ) be the conjunction of the ﬁnitely many sentences in Tm+1 that contain constants is equivalent to T ∪ {Θ(¯ c, d¯m+1 )}. In particular, Tm+1 from C. Then Tm+1 ¯ Θ(¯ c, dm+1 ) (by ∧-Introduction). The tuple c¯ contains all the constants that occur and do not occur in d¯m+1 . The sentence Θ(¯ c, d¯m+1 ) may not contain all in Tm+1 c, x ¯) be the formula (or any) of the constants in d¯m+1 = (d1 , d2 , . . . , dn ). Let Θ(¯ obtained by replacing each occurrence of di in Θ with xi (for i = 1, . . . , n). Θ(¯ c, d¯m+1 ), this formula is Consider the formula ∃¯ y Θ(¯ y, x ¯). Since Tm+1 realized in every model of Tm+1 . If this formula is not in p, then its negation is (since p is a complete type). In this case, let ψ(¯ x) be ¬∃¯ y Θ(¯ y, x ¯). Since ¬ψ(¯ x) is equivalent to ∃¯ y Θ(¯ y, x ¯), ¯ ¯ Tm+1 ¬ψ(dm+1 ). In particular, Tm+1 = Tm+1 ∪ {¬ψ(dm+1 )} is consistent. So we may assume that the formula ∃¯ y Θ(¯ y, x ¯) is in p. In this case, we cannot ∪ {¬ψ(d¯m+1 )} to be consistent) nor let ψ be this formula (since we want Tm+1 its negation (since it is not in p). To ﬁnd a formula ψ that works we use the fact that p is not isolated. Since p is nonisolated, it is not the only type in S(T ) containing the formula ∃¯ y Θ(¯ y, x ¯). Let q be another type in S(T ) that contains this formula. Since p and q are diﬀerent types, there must be a formula in p that is not in q. Let ψ(¯ x) be any such formula. Then T ∪{∃¯ y Θ(¯ y, x ¯), ¬ψ(¯ x)} is realizable (since it is a subset of q ∈ S(T )). It follows that T ∪ {Θ(¯ y, x ¯), ¬ψ(¯ x)} is also realizable. By Proposition 6.5, c, d¯m+1 ), ¬ψ(d¯m+1 )} T ∪{Θ(¯ c, d¯m+1 ), ¬ψ(d¯m+1 )} is satisﬁable. Note that T ∪{Θ(¯ is Tm+1 = Tm+1 ∪{¬ψ(d¯m+1 )}. Since it is satisﬁable, it is consistent as we wanted to show. So given a consistent V + -theory Tm containing T and only ﬁnitely many other sentences, we have deﬁned the consistent V + -theory Tm+1 by adding a few sentences to Tm . Starting with T0 = T , this iterative process generates V + -theories T0 , T1 , T2 , and so forth. Let T + be the union of these theories. Since each Tm is consistent, so is T + . Also, by Step 1 of the deﬁnition of Tm+1 , either ϕm+1 or ¬ϕm+1 is in Tm+1 . Since this is true for each ϕm+1 in the

274

Models of countable theories

enumeration of all V + -sentences, T + is a complete theory. Since T = T0 ⊂ T + , T + has Property 1. Part (b)(ii) of Step 1 guarantees that T + has Property 2. Step 2 guarantees Property 3. So T + has all of the desired properties and a model M + of T + can be deﬁned as in the proof of Theorem 4.2. The underlying set of M + is a subset of D. Property 3 of T + ensures that no n-tuple of elements in D satisﬁes all formulas of p. It follows that M + is a model of T ⊂ T + that omits p. So, if T is countable, then a type in S(T ) is realized in every model of T if and only if it is isolated. This remains true when restricted to countable models. Corollary 6.14 Let T be a countable complete theory. A type p ∈ S(T ) is isolated if and only if it is realized in every countable model of T . Proof By Proposition 6.12, if p ∈ S(T ) is isolated, then it is realized in every model of T . In particular, it is realized in every countable model of T . Conversely, if p is nonisolated, then p is omitted from a model M + of T by the Omitting Types theorem. Moreover, the model M + constructed in the proof of that theorem is countable. In particular, every type realized in the countable model of an ℵ0 -categorical theory must be an isolated type. This yields characterizations of ℵ0 -categorical theories in terms of S(T ). Theorem 6.15 Let T be a complete theory having inﬁnite models. The following are equivalent. (i) T is ℵ0 -categorical. (ii) S(T ) is countable and every type in S(T ) is isolated. (iii) Sn (T ) is ﬁnite for each n ∈ N. (iv) There are ﬁnitely many formulas in n free variables up to T -equivalence for each n ∈ N. Proof Note that “(i) if and only if (iv)” is a restatement of Theorem 5.32. We proved as Proposition 5.31 that (iv) implies (i). It remains to be shown that (i) implies (iv). First, we show that (i) implies (ii). Suppose that T is ℵ0 -categorical and let a) in some model N of T . By p be any type in S(T ). Then p is realized as tpN (¯ the Downward L¨ owenhiem–Skolem theorem, there exists a countable elementary substructure M of N containing a ¯ in its universe. So p is realized in a countable model of T . Since T is ℵ0 -categorical, p is realized in every countable model of T . By Corollary 6.14 of the Omitting Types theorem, p is isolated. Moreover, since every type in S(T ) is realized in the countable model M , there are only countably many types in S(T ).

Models of countable theories

275

Next we show that (ii) implies (iii). Suppose that (ii) holds. Then S(T ) is countable. Suppose for a contradiction that Sn (T ) is denumerable. Let {p1 , p2 , p3 , . . .} be an enumeration of Sn (T ). For each i ∈ N, there is a formula ϕi that isolates pi . Let Γ = {¬ϕ1 , ¬ϕ2 , ¬ϕ3 , . . .}. Every ﬁnite subset of Γ is contained in inﬁnitely many types in Sn (T ). By Corollary 6.7, Γ is an n-type of T . So Γ is a subset of some pi in Sn (T ). Since Γ contains the formula ¬ϕi , this is a contradiction. This contradiction proves that Sn (T ) must be ﬁnite. It remains to be shown that (iii) implies (iv). Suppose that there are only ﬁnitely many types in Sn (T ). Let {p1 , . . . , pk } enumerate Sn (T ). If pi and pj are distinct types in this set, then there is some formula ϕij that is in pi and not in pj . By taking the conjunction of the formulas ϕij for various js, we obtain a formula Φi that is contained in pi and no other type of Sn (T ). We see that each type in Sn (T ) is isolated (we have incidently shown that (iii) implies (ii)). Now let ϕ be any formula in the vocabulary of T having n free variables. We claim that ϕ is T -equivalent to a disjunction of the formulas Φi for various values of i. For example, if ϕ is contained in p1 and p1 and no other type in Sn (T ), then ϕ is T -equivalent to the formula Φ1 ∨ Φ2 . Since there are only ﬁnitely many possible disjunctions of this form, there are ﬁnitely many formulas having n free variables up to T -equivalence. The proof of the Omitting Types theorem is similar to the proof of Theorem 4.2. Unlike Theorem 4.2, however, the Omitting Types theorem does not hold for theories having uncountable vocabularies (see Exercise 6.7). The Omitting Types theorem can be extended in another way. Theorem 6.16 (Countable Omitting Types) Let T be a complete theory in a countable vocabulary V. Let p1 , p2 , p3 , . . . be countably many types in S(T ) each of which is not isolated. There exists a model M of T that omits each pi . Proof This can be proved by modifying the proof of the Omitting Types theorem. See Exercise 6.9.

6.3 Small models of small theories Let T be a countable complete theory having inﬁnite models. If S(T ) is countable, then T is said to be a small theory. In this and the next sections, we investigate some of the countable structures in M od(T ). We show that if T is small, then M od(T ) contains a smallest countable model and a biggest countable model. Of course, any two countable structures have the same size. When we refer to the smallest or biggest countable model, we are referring to the types realized in the model.

276

Models of countable theories

At minimum, any model of T must realize the isolated types in S(T ). Countable atomic models realize only these types. When they exist, these are the smallest countable models in M od(T ). At the other extreme, countable saturated models realizes all types in S(T ) (although this is not the full deﬁnition). When they exist, these are the biggest countable models in M od(T ). We show that such models do exist if T is small. Moreover, we show that atomic and saturated models posses many useful properties. We deal with atomic models in this section and saturated models in the next. We begin with some examples (and nonexamples) of small theories. Example 6.17 By Proposition 6.15, any ℵ0 -categorical theory is small. Example 6.18 Let M be the VE -structure deﬁned in Example 6.8. Let T be T h(M ). It follows from the discussion in Example 6.8 that Sn (T ) is countable for each n. So T is small. Example 6.19 Let R< be the V< -structure (R| <). The V< -theory of R< is TDLO . Since TDLO is ℵ0 -categorical, it is small. Let CQ = (ca |a ∈ Q) be a countable set of constants. Let VQ be V< ∪ CQ . Let RQ be the expansion of R< to a VQ -theory that interprets each constant ca as the number a ∈ Q. Let T = T h(RQ ). Then T is countable but not small. For each real number r, let pr denote tpRQ (r). To see that T is not small, consider the set P = {pr |r ∈ R}. Given any two distinct real numbers b and c, there exists some rational number a between b and c. With no loss of generality, we may assume that b is smaller than c. Then x1 < ca is a VQ -formula in pb that is not in pc . We see that no two types in P are the same. It follows that |S1 (T )| ≥ 2ℵ0 and T is not small.

6.3.1 Atomic models. If T is small, then S(T ) contains countably many nonisolated types. By the Countable Omitting Types theorem 6.16, there exists a model of T that omits all of them. Such a model is said to be atomic. a) is an isolated type of T h(M ) Deﬁnition 6.20 A structure M is atomic if tpM (¯ for every tuple a ¯ of M . Example 6.21 The VE -structure M from Examples 6.8 and 6.18 is atomic. Since M has no inﬁnite equivalence class, each type realized in M is isolated by the formula ϕm for some m ∈ N where ϕm is as deﬁned in Example 6.8. Proposition 6.22 Let T be a countable complete theory. If T is small, then there exists a countable atomic model M of T .

Models of countable theories

277

Proof By the Countable Omitting Types theorem 6.16 there exists a model that omits all nonisolated types. By the Downward L¨ owenhiem–Skolem theorem, we can ﬁnd such a model that is countable. As the following example shows, the converse of this proposition does not hold. Example 6.23 Let T be the VQ -theory from Example 6.19. This theory is not small, but it does have a countable atomic model. Let QQ be the VQ -structure having Q as an underlying set and interpreting < as the usual order and each constant ca as the rational number a. This is a model of T . Each 1-type realized in QQ is isolated by the formula x1 = ca for some a ∈ Q. It follows that every type realized in QQ is isolated. Next, we give an example of a countable theory that does not have a countable atomic model. By Proposition 6.22, such a theory necessarily has uncountably many n-types for some n. Example 6.24 Let VP s be the vocabulary consisting of denumerably many unary predicates Pi for i ∈ N. Let TP be the VP s -theory deﬁned in Exercise 5.21. For any subset A of N, let ΓA be the set of formulas containing Pi (x1 ) for each i ∈ A and ¬Pi (x1 ) for each i ∈ A. By Corollary 6.7, this is a type of TP . Since TP has quantiﬁer elimination (by Exercise 5.21(a)), there is exactly one type pA in S1 (TP ) containing ΓA . Moreover, each type p in S1 (TP ) is pA for some A ⊂ N. It follows that |S1 (TP )| = |P(N)| = 2ℵ0 . For any p ∈ S1 (TP ), we claim that p is not isolated. Given any ﬁnite subset ∆ of p, there are inﬁnitely many relations Pi that do not occur in ∆. By the axioms of TP s , both ∆ ∪ {Pi (x1 )} and ∆ ∪ {¬Pi (x1 )} are realizable. So p is not isolated by any formula. Since S1 (TP ) has no isolated types, TP cannot possibly have an atomic model. 6.3.2 Homogeneity. Having established in Proposition 6.22 the existence of countable atomic models for small T , we now investigate some of the properties of these models. We show that countable atomic models are unique, prime, and homogeneous. Deﬁnition 6.25 A countable structure M is said to be homogeneous if, given a) = tpM (¯b), for any c of M , there exists d such n-tuples a ¯ and ¯b of M with tpM (¯ ¯ a, c) = tpM (b, d). that tpM (¯ Most of the countable structures we have discussed have been homogeneous. An example of a nonhomogeneous structure is provided by the structure M in Example 5.56. Referring to that example, let a ¯ = (a1 , . . . , an ) and let ¯b = (b1 , . . . , bn ). These tuples share the same type in M even though they are

278

Models of countable theories

diﬀerent in an obvious way. Whereas ¯b has equivalent elements that are far away (in terms of s), there are no such elements equivalent to a ¯. The structure is not homogeneous because this distinction cannot be expressed by a V-formula. A structure is homogeneous if any two tuples having the same type are indistinguishable (unlike a ¯ and ¯b in our example). This intuitive idea is made precise in Exercise 6.19. We now develop some properties of homogeneous structures that will be useful for our investigation of atomic and saturated structures. Proposition 6.26 Let T be a countable complete theory. Let M be a countable model of T and let N be a homogeneous model of T . Suppose that every type in S(T ) that is realized in M is also realized in N . There exists an elementary embedding f : M → N . Proof If a complete theory has a ﬁnite model, then all of its models are isomorphic (by Proposition 2.81). So we may assume that M is denumerable. Enumerate the underlying set of M as UM = {a1 , a2 , a3 , . . .}. Let UN be the underlying set of N . We construct an elementary embedding f : M → N step-by-step. In step n we deﬁne bn = f (an ). Step 1: Since N realizes every type realized in M , there exists b1 ∈ UN such that tpM (a1 ) = tpN (b1 ). Let f (a1 ) = b1 . Let a ¯n denote the n-tuple (a1 , . . . , an ). Suppose that, for some n ∈ N, ¯bn = (b1 , . . . , bn ) has been deﬁned such that tpM (¯ an ) = tpN (¯bn ). an , an+1 ) = Step n + 1: We want to deﬁne bn+1 = f (an+1 ) so that tpM (¯ tpN (¯bn , bn+1 ). Since N realizes every type realized in M , there exists an (n + 1)-tuple (c1 , . . . , cn+1 ) of N such that tpN (c1 , . . . , cn+1 ) = tpM (a1 , . . . , an+1 ). Let c¯n be (c1 , . . . , cn ). cn ) and tpN (¯bn ) both equal tpM (¯ an ), these two types equal each Since tpN (¯ other. Since N is homogeneous, there exists bn+1 such that tpN (¯bn , bn+1 ) = cn , cn+1 ). Since tpN (¯ cn , cn+1 ) = tpM (¯ an+1 ) we have tpN (¯bn , bn+1 ) = tpN (¯ an , an+1 ) as desired. Let f (an+1 ) = bn+1 . tpM (¯ In this manner we construct an inﬁnite sequence b1 , b2 , b3 , . . . of elements of an ) = tpN (¯bn ) UN and deﬁne f : M → N by f (ai ) = bi for each i ∈ N. Since tpM (¯ for each n ∈ N, this function is an elementary embedding. If two countable homogeneous models M and N realize the same types, then they can be elementarily embedded into each other by the previous proposition. Moreover, expanding on the proof of this proposition, we can construct and isomorphism between M and N .

Models of countable theories

279

Proposition 6.27 Let T be a countable complete theory. Let M and N be two countable homogeneous models of T that realize the same types of S(T ). Then M∼ = N. Proof We may assume that M and N are denumerable and enumerate the underlying sets as UM = {a1 , a2 , a3 , . . .}

and UN = {b1 , b2 , b3 , . . .}.

As in Proposition 5.31, we can give a back-and-forth argument to construct an isomorphism f : M → N . In step n + 1 of this construction, we must deﬁne both f (an+1 ) and f −1 (bn+1 ). We can deﬁne both of these in the same manner that f (an+1 ) was deﬁned in the proof in the previous proposition. We leave the details as Exercise 6.21. We return to our discussion of small models. We show that countable atomic models are homogeneous. As we shall see in the next section, the property of being homogeneous is by no means restricted to countable atomic models. Proposition 6.28 Countable atomic structures are homogeneous. Proof Let M be a countable atomic structure and let a ¯ and ¯b be two n-tuples of M realizing the same type p in Sn (T h(M )). Since M is atomic, this type is isolated by a formula θ(¯ x). Let c be any element of M . Let ψ(¯ x, xn+1 ) isolate a, c). Then ∃yψ(¯ x, y) is in tpM (¯ a) = p. Since p is also the type of ¯b in M , tpM (¯ M |= ∃yψ(¯b, y). So M |= ψ(¯b, d) for some d in M . So ψ(¯ x, y) is in tpM (¯b, d). Since a, c), we have tpM (¯ a, c) = tpM (¯b, d). By the deﬁnition this formula isolates tpM (¯ of homogeneous, M is homogeneous. Corollary 6.29 Countable atomic models are unique up to isomorphism. Proof Let M and N be two countable atomic models of a complete theory T . Then M and N are homogeneous by the previous proposition. Since M and N each realize only the isolated types in S(T ), M and N are isomorphic by Proposition 6.27. 6.3.3 Prime models. At the outset of this section, we said that atomic countable models are in some sense the “smallest” countable models. We justify this terminology by showing that the atomic countable model of a theory, if it exists, can be elementarily embedded into any other model of that theory. Deﬁnition 6.30 Let T be a theory and let M be a model of T . If M can be elementarily embedded into every model of T , then M is said to be a prime model of T . Proposition 6.31 Let T be a countable complete theory. A model M of T is a prime model of T if and only if M is countable and atomic.

280

Models of countable theories

Proof Suppose M is prime. By the Downward L¨owenhiem–Skolem theorem, there exists a countable model of T . Since M can be elementarily embedded into this model, M must be countable. It remains to be shown that M is atomic. Let p be a nonisolated type in S(T ). By the Omitting Types theorem 6.13, there exists a model N of T that omits p. Since M can be elementarily embedded into N , M must also omit p (see Exercise 6.1). So M realizes only the isolated types in S(T ) and is atomic. Now suppose that M is countable and atomic. Then every type realized in M is realized in every model of T . By Proposition 6.26, M can be elementarily embedded into any homogeneous model of T . In a similar manner, we show that, since M is atomic, it can be elementarily embedded into any model (homogeneous or not). Since M is countable, we can enumerate the underlying set of M as UM = {a1 , a2 , a3 , . . .}. (As usual, if M is ﬁnite, then this proposition is trivial.) For each n ∈ N, let a ¯n denote the n-tuple (a1 , . . . , an ). Let N be an arbitrary model of T . Let b1 be an element of N that realizes the isolated type tpM (a1 ). Suppose that, for some n ∈ N, we have deﬁned an n-tuple ¯b = (b1 , . . . , bn ) an ). Let θ(x1 , . . . , xn+1 ) be a formula that isolates of N so that tpN (¯bn ) = tpM (¯ a, an+1 ). Since ¯bn has the same type as a ¯n , N |= ∃yθ(¯bn , y). So N |= tpM (¯ ¯ θ(bn , bn+1 ) for some element bn+1 of N . Since there is only one type in Sn+1 (T ) containing θ, tpN (b1 , . . . , bn+1 ) = tpM (a1 , . . . , an+1 ). In this manner we can construct a sequence b1 , b2 , b3 , . . . as in the proof of Proposition 6.26. Let function f deﬁned by f (ai ) = bi is an elementary embedding of M into N . Since N was arbitrary, M is prime. We summarize the results of this section. If T is a small theory, then there exists an atomic countable model M of T . This model is unique up to isomorphism, is homogeneous, and can be elementarily embedded into any model of T . In this sense, M is the smallest model of T . Countable atomic models also exist for theories that are not small (recall Example 6.23 and see Exercise 6.14). We now turn our attention to big countable models.

6.4 Big models of small theories We deﬁne and investigate countable saturated models of a countable complete theory. We show that countable saturated models, like countable atomic models, are homogeneous and unique up to isomorphism. We also show that every countable model of a theory can be elementarily embedded into the countable saturated model (provided it exists). So countable saturated models are the largest countable models in the same sense that countable atomic models are

Models of countable theories

281

the smallest models. In the second part of this section, we extend the notion of saturation to apply to uncountable structures. 6.4.1 Countable saturated models. Before deﬁning countable saturated models, we must introduce the concept of a type over a set. Let M be a V-structure having underlying set UM . Let A be a subset of UM . A type over A is a type that allows parameters from A. More speciﬁcally, an n-type over A is a set of V(A)formulas in n free variables that is realized in some elementary extension of M . Example 6.32 Consider the structure Q< = {Q| <}. Let A be the set {1, 2, 3}. The three numbers in A break Q into four intervals. Each of these intervals corresponds to a 1-type over A. These types are isolated by the formulas (x1 < 1),

¬(x1 < 1) ∧ ¬(x1 = 1) ∧ (x1 < 2),

¬(x1 < 2) ∧ ¬(x1 = 2) ∧ (x1 < 3), and ¬(x1 < 3) ∧ ¬(x1 = 3). In addition, there are the three types over A isolated by the formulas x1 = 1, x1 = 2, and x1 = 3. So there are seven isolated types over A. Let B be the natural numbers and let C be the set of all rational numbers. Then there are denumerably many types over B exactly one of which is nonisolated. The nonisolated type contains the formulas ¬(x1 < n) for each n ∈ B. This type is not realized in Q< but is realized in an elementary extension of Q< . As was shown in Example 6.19, there are 2ℵ0 types over C. We make formal the deﬁnition of a type over a set and introduce notation for this concept. Deﬁnition 6.33 Let M be a V-structure having underlying set UM . For any subset A of UM , and for any tuple ¯b = (b1 , . . . , bn ) of elements of UM , the type of ¯b over A in M , denoted tpM (¯b/A), is the set of all V(A)-formulas having free ¯ is replaced by bi . variables among x1 , . . . , xn that hold in M when each xi in x The types tpM (¯b/A) are called complete types over A. Let S(A) denote the set of all complete types over A. The subset of all n-types in S(A) is denoted by Sn (A). Since the theory T is not mentioned in this notation, S(A) is ambiguous when taken out of context. In Example 6.32, we said that S(A) contains seven types when A = {1, 2, 3}. If T is the theory of the rational numbers with addition and multiplication, then this is not true. We shall only use the notation S(A) when T is understood. Deﬁnition 6.34 Let T be a complete theory. A countable model M of T is saturated if, for every ﬁnite subset A of the underlying set of M , every 1-type in S(A) is realized in M .

282

Models of countable theories

Example 6.35 Let T be the VE -theory deﬁned in Example 6.8. Recall that M is the model of T having exactly one equivalence class of size n for each n ∈ N. It was shown that there exists a type in S1 (T ) that is not realized in M . So this structure is not saturated. Let Nm be the model of T having exactly m inﬁnite equivalence classes. Let A = {a1 , . . . , am } be a set of elements from each of these inﬁnite classes. The type over A saying that x1 has an inﬁnite class but is not equivalent to ai for each i is not realized in Nm . The only countable saturated model of T is the countable model containing denumerably many inﬁnite equivalence classes. Example 6.36 Let T be the theory deﬁned in Example 5.56. The model containing countably many copies of Z in each equivalence class is the only saturated model of T . As with atomic models, countable saturated models exist for small theories. Unlike the atomic models, these are the only theories having countable saturated models. Proposition 6.37 A complete theory T is small if and only if it has a countable saturated model. Proof Suppose ﬁrst that T has a countable saturated model M . Then every type in S(T ) is realized by some tuple of M . Since M is countable, S(T ) must be countable also and T is small. Conversely, suppose that T is small. Let M1 be a countable model of T . We deﬁne an elementary chain of countable models M1 ≺ M2 ≺ M3 . . . Suppose that countable Mn has been deﬁned. Let A be a ﬁnite subset of the underlying set of Mn . If S1 (A) is uncountable, then so is Sk+1 (T ) where k = |A|. Since T is small, this is not the case. So we can enumerate S1 (A) as the possibly ﬁnite set {p1 , p2 , . . .}. For each pi in this set, there exists an owenhiem–Skolem elementary extension of Mn realizing pi . By the Downward L¨ theorem, there exists a countable elementary extension Ni of Mn that realizes pi . By Proposition 4.37, there exists a countable model MA of T such that Mn and each Ni can be elementarily embedded into MA . Since Mn is countable, there are countably many ﬁnite subsets of Mn . Again applying Proposition 4.37, there exists a countable model Mn+1 of T such that MA can be elementariliy embedded into Mn+1 for each ﬁnite subset A of Mn . Let M be the limit of the elementary chain M1 ≺ M2 ≺ M3 · · · . Then M is a countable model of M . Any ﬁnite subset A of the universe of M is in the universe of Mn for some n ∈ N. By the deﬁnition of Mn+1 , every type in S1 (A) is realized in Mn+1 . Since Mn+1 ≺ M , every type in S1 (A) is realized in M and M is saturated.

Models of countable theories

283

Proposition 6.38 Countable saturated models are homogeneous. Proof Let M be a countable saturated model of a complete theory T and let a ¯ = (a1 , . . . , an ) and ¯b = (b1 , . . . , bn ) be two n-tuples of M that realize the same a). Let p2 be type in Sn (T ). Let c be an element of M . Let p1 (x1 ) = tpM (c/¯ the type over ¯b obtained by replacing each occurrence of ai in p1 with bi (for i = 1, . . . , n). Claim p2 (x1 ) is realizable. Proof Let Φ(x1 , ¯b) be the conjunction of a given ﬁnite set of formulas in p2 (x1 ). ¯) ∈ p1 (x1 , a ¯). By the deﬁnition of p1 , M |= Φ(c, a ¯). So M |= Then Φ(x1 , a ¯). Since a ¯ and ¯b have the same type in M , M |= ∃yΦ(y, ¯b). This ∃yΦ(x1 , a shows that any ﬁnite subset of p2 (x1 ) is realizable. The claim then follows from Proposition 6.6. Since M is saturated, p2 (x1 ) is realizable in M . Let d be an element of M a, c) and M is homogeneous. that realizes this type. Then tpM (¯b, d) = tpM (¯ So countable saturated models, like atomic models, are homogeneous. From this fact we can immediately deduce two more properties of countable saturated models. They are universal and unique. Deﬁnition 6.39 Let T be a theory and let M be a countable model of T . If every countable model of T can be elementarily embedded into M , then M is said to be a universal model of T . Corollary 6.40 Countable saturated models are universal. Proof This follows from Propositions 6.38 and 6.26. The converse of Corollary 6.40 does not hold. Exercise 6.26 provides an example of a countable universal model that is not saturated. For the universal model to be saturated, it must be homogeneous. Proposition 6.41 Let T be a small theory. A countable model M of T is saturated if and only if it is universal and homogeneous. Proof A countable saturated model is universal and homogeneous by Corollary 6.40 and Proposition 6.38. We must prove the converse. Suppose that M is a countable model of T that is both universal and homogeneous. Let A be a ﬁnite subset of M and let p be a type in S1 (A). We must show that there exists an element d so that tpM (d/A) = p. The type p is realized in some elementary extension of M . By the Downward L¨ owenhiem–Skolem theorem, p is realized in some countable model N containing A. So tpN (c/A) = p for some element c of N . Since M is universal, N can be elementarily embedded into M . Let f : N → M be elementary. Let B be

284

Models of countable theories

{f (a)|a ∈ A}. Note that B does not necessarily equal A, but it does have the same type as A in M . That is, tpM (¯ a) = tpM (¯b), where (a1 , . . . , ak ) is some enumeration of A and ¯b = (f (a1 ), . . . , f (ak )). Since M is homogeneous, there ¯) = tpM (f (c), ¯b). For all formulas ϕ(x1 ) in p, since exists d so that tpM (d, a N |= ϕ(c) and f : N → M is elementary, we have M |= ϕ(d). So tpM (d/A) = p and p is realized in M . Since p is arbitrary, M is saturated. Next we show that the saturated model of a theory is unique up to isomorphism. This fact, like Corollary 6.40, is an immediate consequence of Proposition 6.38. Corollary 6.42 Let T be a complete small theory. Any two countable saturated models of T are isomorphic. Proof This follows immediately from Propositions 6.38 and 6.27. We summarize. Let T be a small theory. Then T possesses both a countable atomic model M and a countable saturated model N . Each of these is unique up to isomorphism. The countable atomic model is the smallest model in the sense that it can be elementarily embedded into any model of T . The countable saturated model M is the biggest countable model of T in the sense that every countable model of T can be elementarily embedded into M . Countable saturated models are characterized by this property together with homogeneity. Likewise, countable atomic models are characterized as prime models (which are necessarily homogeneous). We turn to theories that are not small in the next section. We close the present subsection by extracting the following characterization of ℵ0 -categorical theories from the above results. Proposition 6.43 A theory is ℵ0 -categorical if and only if it has an atomic model and a countable saturated model that are isomorphic. Proof Suppose T is ℵ0 -categorical. Since ℵ0 -categorical theories are small, T possesses a countable atomic model and a countable saturated model. These models must be isomorphic since T only has one countable model up to isomorphism. Conversely, suppose that T has an atomic model N and a countable saturated model M with N ∼ = M . Since M is universal, any countable model of T can be elementarily embedded into M . Since N ∼ = M , any countable model of T can be elementarily embedded into the atomic model. It follows that every countable model of T realizes only isolated types. So every type in S(T ) must be isolated and T is ℵ0 -categorical by Proposition 6.15.

Models of countable theories

285

6.4.2 Monster models. By deﬁnition, countable saturated models, as well as homogenous models and universal models, are countable. The following deﬁnitions extend these notions to uncountable structures. Deﬁnition 6.44 Let M be a V-structure having universe U and theory T = T h(M ). Let κ be an inﬁnite cardinal. We say that M is κ-saturated if, for each A ⊂ U with |A| < κ, every type in S1 (A) is realized in M . We simply say that M is saturated if M is |M |-saturated. We say that M is κ-universal if every model N of T with |N | < κ can be elementarily embedded into M . We simply say that M is universal if M is |M |-universal. To extend the notion of notion of a homogeneous model, recall from Section 5.7 the deﬁnition of an M -elementary function. Note that a countable model M is homogeneous if and only every ﬁnite M -elementary function can be extended. Deﬁnition 6.45 Let M be a structure and let κ be an inﬁnite cardinal. We say that M is κ-homogeneous if, for each A ⊂ U with |A| < κ and each a ∈ U , every M -elementary function f : A → U extends to an M -elementary function g : A∪{a} → U . We simply say that M is homogeneous if M is |M |-homogeneous. Proposition 6.46 A structure M is κ-saturated if and only if M is both κ-homogeneous and κ-universal. Proof This can be proved in the same manner as Proposition 6.41. We leave this as Exercise 6.30. In particular, a model is saturated if and only if it is both homogeneous and universal. As with countable saturated models, we can use the homogeneity of saturated models to show that any two elementarily equivalent saturated models of the same cardinality must be isomorphic (see Exercise 6.31). Now let T be a theory and suppose we wish to analyze the collection M od(T ) of all models of T . Suppose that we only care to consider models in M od(T ) of size less than κ. Since κ may be a ridiculously large cardinal, this is a reasonable assumption. If M is a saturated model of T of size κ, then we can replace the collection M od(T ) with the model M . Every structure in M od(T ) that we care to consider is an elementary substructure of M (since M is κ-universal). Moreover, any isomorphism between substructures of these models extends to an automorphism of M (by homogeneity and Exercise 6.20). Rather than considering the elements of M od(T ) as separate entities, the saturated model M allows us the convenience of working within a single model. Such a model is referred to as a monster model. Model theorists often use the preamble “we work inside of a monster model M . . . .”

286

Models of countable theories

Unfortunately, saturated models of large cardinalities may not exist. To guarantee the existence of arbitrarily large saturated models, we must assume set theoretic hypotheses beyond ZFC such as the General Continuum Hypothesis or (less severely) the existence of inaccessible cardinals. If we want to avoid such considerations, then we must settle for κ-saturated models instead of saturated models. Since they are both κ-universal and κ-homogeneous, κ-saturated models may serve as monster models. Although they are not necessarily homogeneous, κ-saturated models possess the fortunate property of existence. We prove this as the following proposition. The proof of this proposition also shows why saturated models may not exist. The κ-saturated model we construct is much larger than κ and so is not necessarily saturated. Proposition 6.47 Let T be a complete theory having inﬁnite models. Let κ be a cardinal. There exists a κ-saturated model of T . Proof As in the proof of Proposition 6.37, we deﬁne an elementary chain of models M1 ≺ M2 ≺ M3 · · · . To begin, let M1 be any model of T . Given Mi , let Mi+1 be a model of T that realizes every type over every subset of the universe of Mi . If δ is a limit ordinal, let Mδ be the union of the chain of Mβ for β < δ. Consider the model Mα where |α| = κ. Any subset of size κ of the universe of Mα must also be a subset of Mβ for some β < α. Every type over A is realized in Mβ+1 ≺ Mα .

6.5 Theories with many types Let T be a theory that is not small. By deﬁnition, |S(T )| is uncountable. We show that, in fact, |S(T )| = 2ℵ0 . We use this fact to show that T has the maximal number of nonisomorphic countable models. Lemma 6.48 Let T be a countable complete theory. Let P be an uncountable subset of S(T ). There exists a formula ψ such that both ψ and ¬ψ are contained in uncountably many types of P . Proof Let V be the vocabulary of T . Let F (T ) denote the set of all V-formulas that occur in some p in S(T ). That is, F (T ) is the set of formulas that are realized in some model of T . Each formula in F (T ) is either contained in uncountably many types of P or countably many (possibly zero) types of P . Let {ϕ1 , ϕ2 , ϕ3 , . . .} be the (possibly ﬁnite) set of those formulas in F (T ) that occur in only countably many types of P . Let Pi be the set of all types in P that contain the formula ϕi . Then Pi is countable. Let Pϕ be the union of all the Pi s. Since it is a countable union of countable sets, Pϕ is countable (by Proposition 2.43).

Models of countable theories

287

Now, Pϕ is the set of all types in P that contain ϕi for some i. Since P is uncountable, there must be uncountably many types in P that are not in Pϕ . Suppose it were the case that, for every formula ψ ∈ F (T ), either ψ ∈ Pϕ or ¬ψ ∈ Pϕ . Then there would be at most one type of in P not contained in Pϕ (namely, the type consisting of ¬ϕi for each i). So this cannot be the case and there must exist some formula ψ such that neither ψ nor ¬ψ is in Pϕ . By the deﬁnition of Pϕ , both ψ and ¬ψ are contained in uncountably many types of P . Proposition 6.49 Let T be a countable complete theory. If T is not small, then |S(T )| = 2ℵ0 . Proof First, we show that |S(T )| ≤ 2ℵ0 . Since T is countable, the set of all formulas in the vocabulary of T can be placed into one-to-one correspondence with N (by Proposition 2.47). Since each type is a set of formulas, |S(T )| ≤ |P(N)| = 2ℵ0 . Now suppose that T is not small. We show that |S(T )| ≥ 2ℵ0 . By deﬁnition, 2ℵ0 is the cardinality of the set of all functions from N to the set {0, 1}. Each such function can be viewed as a denumerable sequence of 0s and 1s. For each of these sequences, we deﬁne a distinct type in S(T ). Since T is not small, S(T ) is uncountable. By Lemma 6.48, there exists a formula ψ such that both ψ and ¬ψ are contained in uncountably many types of S(T ). Let χ0 be ¬ψ and χ1 be ψ. Let s be a ﬁnite sequence of 0s and 1s. For either i = 0 or i = 1, let s i be the sequence obtained by adding an i to the end of sequence s. Suppose that we have deﬁned a formula χs that is contained in uncountably many types in S(T ). Let Ps be the set of types in S(T ) that contain χs . By Lemma 6.48, there exists a formula ψ such that both ψ and ¬ψ are contained in uncountably many types of Ps . Let χs0 be χs ∧ ¬ψ and χs1 be χs ∧ ψ. In this manner we deﬁne a formula χs for each ﬁnite sequence s of 0s and 1s. By design, we have both T χs0 → χs and T χs1 → χs . Moreover, χs0 and χs1 cannot both be realized by the same elements of a model of T since one formula implies ψ and the other implies ¬ψ. Let {0, 1}ω denote the set of all denumerable sequences of 0s and 1s. For t ∈ {0, 1}ω and n ∈ N, let t|n denote the ﬁrst n terms of the sequence t. Let Γt be the set of all formulas χs such that s = t|n for some n ∈ N. Claim For each t ∈ {0, 1}ω , Γt is realizable. Proof By Proposition 6.6, it suﬃces to show that any ﬁnite subset of Γt is realizable. If ∆ is a ﬁnite subset of Γt , then, for some m ∈ N and every χs in ∆,

288

Models of countable theories

the sequence s has length less than m. Then T χt|m → χs for each χs in ∆. By deﬁnition, χt|m is contained in uncountably many types of S(T ). It follows that ∆ is contained in uncountably many types of S(T ). In particular, ∆ is realizable. Let pt be a type in S(T ) containing Γt . If t1 and t2 are distinct sequences in {0, 1}ω , then pt1 and pt2 are distinct types in S(T ) since there exists a formula ψ such that ψ is contained in one of these types and ¬ψ is contained in the other. It follows that |S(T )| ≥ |{0, 1}ω | = 2ℵ0 . So, for any countable T , there are only two possibilities for |S(T )|. Either |S(T )| = ℵ0 or |S(T )| = 2ℵ0 . This is true even if the continuum hypothesis is false. Even if there exists cardinal numbers between ℵ0 and 2ℵ0 , the set S(T ) is forbidden from having such cardinalities. We now show that if T is not small, then T has the maximal number of nonisomorphic models of size ℵ0 . First we compute this maximal number. Proposition 6.50 Let T be a countable V-theory and let κ be an inﬁnite cardinal. There exist at most 2κ nonisomorphic models of T of size κ. Proof Let U be any set of size κ. Let us count the number of V-structures having U as an underlying set. Suppose we wish to deﬁne such a V-structure. Given any constant c in V, we may interpret c as any element of U . There are |U | = κ many possibilities. We may interpret each n-ary relation in V as any subset of U n . There are |P(U n )| = 2κ possible choices. Finally, there are κκ = 2κ functions from U n to U . We may interpret each n-ary function in V as any one of these functions. So each symbol in V can be interpreted in at most 2κ diﬀerent ways on the set U . Since V is countable, there are at most ℵ0 · 2κ = 2κ ways to interpret this vocabulary on U . That is, there are at most 2κ V-structures having underlying set U . Let M be a model of T of size κ. Then there is a one-to-one correspondence between U and the underlying set of M . So, with no loss of generality, we may assume that M has underlying set U . It follows that there are at most 2κ models of T of size κ. So a countable theory T can have at most 2ℵ0 countable models. If T is not small, then it attains this maximal number. Proposition 6.51 Let T be a countable theory. If |S(T )| = 2ℵ0 then the number of nonisomorphic countable models is 2ℵ0 . Proof Suppose |S(T )| = 2ℵ0 . Since each type in S(T ) is realized in some countable model (by the Downward L¨owenhiem–Skolem theorem), there must be at

Models of countable theories

289

least 2ℵ0 countable models. By the previous proposition there are also at most this many countable models of T .

6.6 The number of nonisomorphic models Let T be a theory. For any inﬁnite cardinal κ, let I(T , κ) denote the number of nonisomorphic models of T of size κ. The function I(T , x) = y, restricted to inﬁnite cardinals x, is called the spectrum of T . When restricted to uncountable cardinals, this function is called the uncountable spectrum of T . The spectra provide a natural classiﬁcation of the class of ﬁrst-order theories. For example, totally categorical theories are the theories having the constant function I(T , x) = 1 as a spectrum. We have also seen uncountably categorical theories T having spectrum ℵ 0 , x = ℵ0 I(T , x) = 1, x > ℵ0 . The Baldwin–Lachlan theorem states that every uncountably categorical theory that is not totally categorical has this function as a spectrum. Of course, there are many possible spectra. Let T be a countable complete theory that has inﬁnite models. For any inﬁnite cardinal κ, 1 ≤ I(T , κ) ≤ 2κ . The lower bound of 1 follows from the L¨ owenhiem–Skolem theorems and the upper bound is from Proposition 6.50. It may seem that the possibilities for I(T , κ) are endless. It is a most remarkable fact that we can list the possible uncountable spectra for T . Largely due to the work of Shelah, the uncountable spectra for the seemingly boundless and unmanageable class of countable ﬁrst-order theories have been determined. Moreover, the work of Shelah shows that the spectrum of a given theory has structural consequences for the models of the theory. If a theory T has an uncountable spectrum other than the maximal I(T , κ) = 2κ , then the models of T have an inherent notion of independence. We deﬁned “independence” for strongly minimal structures in Section 5.7. By Theorem 5.100, any strongly minimal T has uncountable spectrum I(T , κ) = 1. The notion of independence for strongly minimal theories generalizes to a class of theories known as the simple theories that includes all theories having uncountable spectra other than I(T , κ) = 2κ . For these theories, the notion of independence give rise to a system of invariants (analogous to dimension) that determine up to isomorphism the models of the theory. As humbling as it sounds, simple theories are beyond the scope of this book (as are supersimple theories). In the next section, we shall say a little more about simple theories and other classes of theories and provide references.

290

Models of countable theories

Whereas the possible uncountable spectra for countable theories have been determined, there remain open questions regarding the possible values of I(T , ℵ0 ). We will discuss these unanswered questions in the next section. In the present section, we prove one notable fact regarding I(T , ℵ0 ). We prove that I(T , ℵ0 ) cannot equal 2. In contrast, there exist theories T for which I(T , ℵ0 ) = n for every natural number n other than 2. The theory TCDLO from Exercise 5.15 has exactly three countable models. For any n > 3, there exist expansions of TCDLO that have exactly n countable models up to isomorphism. The fact that I(T , ℵ0 ) cannot be 2 was proved by Vaught in [49]. Theorem 6.52 (Vaught) A complete theory cannot have exactly two countable models. Proof Let T be a complete theory. Suppose that T has two distinct countable models. We show that there exists a third countable model for T . Since T is complete and has more than one model, every model of T is inﬁnite. If T is not small, then by Proposition 6.51, T has uncountably many countable models. So we may assume that T is small. By Proposition 6.22, there exists an atomic model M1 of T . By Proposition 6.37, there exists a countable saturated model M2 of T . Since T is not ℵ0 -categorical, there exists a nonisolated type p ∈ Sm (T ) for some m ∈ N (by Theorem 6.15). Let a ¯ be an m-tuple from the saturated model M2 that realizes the m-type p. Expand the vocabulary V of T by adding constants c1 , . . . , cm . Let N be the expansion of M2 to this vocabulary interpreting the constants as the m-tuple a ¯. Let T = T h(N ). Since T is not ℵ0 -categorical, Sm (T ) is inﬁnite for some n (again, by Theorem 6.15). If follows that Sm (T ) is also inﬁnite, and so T , too, is not ℵ0 -categorical. If T has uncountably many nonisomorphic models, then so does T . Since we are assuming that this is not the case, T , like T , has both an atomic model N1 and a saturated model N2 . Moreover, by Proposition 6.43, N1 and N2 are not isomorphic. So N1 is not saturated. Let M3 denote the reduct of N1 to the vocabulary of T . Since N1 is not saturated, neither is M3 . Since a is an m-tuple of M3 ), M3 is not atomic. It M3 realizes the nonisolated type p (¯ follows that M3 is a model of T that is isomorphic to neither M1 nor M2 .

6.7 A touch of stability In this ﬁnal and all too brief section, we give an overview of some of the concepts that have shaped model theory during the nearly 40 years since the proof of Morley’s theorem. We state without proof many nontrivial facts. References are provided at the end of the section.

Models of countable theories

291

Deﬁnition 6.53 Fix a countable complete theory T and an inﬁnite cardinal κ. We say that T is κ-stable if for every subset A of a model of T , if |A| ≤ κ, then |S(A)| ≤ κ. This notion divides all ﬁrst-order theories into four classes. Deﬁnition 6.54 Let T be a countable complete theory. T is stable if it is κ-stable for arbitrarily large κ. T is superstable if it is κ-stable for suﬃciently large κ. T is ω-stable if it is κ-stable for all inﬁnite κ. We say that T is strictly stable if it is stable but not superstable. Likewise, we say that T is strictly superstable if it is superstable but not ω-stable. Alternatively, stable theories can be deﬁned as those theories that are κstable for some κ. If a theory is κ-stable for some κ, then it must be κ-stable for arbitrarily large κ. Countable superstable theories are characterized as those theories that are κ-stable for each κ ≥ 2ℵ0 . Also, “ω-stable” is synonymous with “ℵ0 -stable.” From these facts we see that every theory is ω-stable, strictly superstable, strictly stable, or unstable. Stability is a robust notion that has several equivalent formulations. The set of stable theories is often deﬁned in terms of deﬁnable orderings of the underlying sets of models. Deﬁnition 6.55 T has the order property if there is a formula ϕ(¯ x, y¯) such that ¯ ai |i < ω) and M |= ϕ(¯ ai , bj ) if and only if i < j for some M |= T and sequences (¯ (¯bj |j < ω) of tuples of M . Theorem 6.56 A theory is unstable if and only if it has the order property. In particular, the theory of any inﬁnite linear order is not stable. Note that unstable theories, like TDLO , can be small. Like theories that are not small, theories possessing the order property necessarily have the maximal uncountable spectra. Corollary 6.57 If T is unstable, then I(T , κ) = 2κ for all uncountable κ. The proof of Morley’s theorem in [32] utilizes the notion of ω-stability, although Morley did not use this terminology. A key component of Morley’s proof shows that if T is κ-categorical for uncountable κ, then T is ω-stable. The terminology “κ-stable” is due to Rowbottom. In the 1970s, the properties of stable theories were developed (primarily in the work of Shelah). These theories possess an intrinsic notion of independence, called forking independence. By a “notion of independence” we mean that forking independence satisﬁes some

292

Models of countable theories

basic properties such as symmetry: if a ¯ is forking independent from ¯b, then ¯b is forking independent from a ¯. A primary motivation for the study of stable theories was Shelah’s program of classifying theories according to their uncountable spectra (as discussed in the previous section). By the previous corollary, unstable theories have the maximal uncountable spectra. Shelah proved that this is also true for theories that are not superstable. So, for the classiﬁcation problem, one may focus on the superstable theories and further reﬁne this class (into DOP and NDOP). However, the tools developed for this study apply to a much wider class of theories. In his 1996 PhD thesis, Byunghan Kim proved that the notion of forking independence extends beyond the stable theories to a class known as the simple theories. Introduced by Shelah in a 1980 paper, the simple theories contain several important unstable ﬁrst-order theories such as the theory of the random graph (from Section 5.4). The term “simple” is used to indicate that unstable simple theories share some of the properties of stable theories. Among the unstable theories, these are the simplest to understand (from the point of view of stability theory). By Theorem 6.56, unstable simple theories must possess the order property. However, they avoid the following strict version of this property. Deﬁnition 6.58 A theory T has the strict order property if there is a formula ϕ(x1 , . . . , xn , y1 , . . . , yn ) such that ¯j ) if and only if i < j for some M |= T and sequences (¯ ai |i < ω) M |= ϕ(¯ ai , a of n-tuples of M . Simple theories, like stable theories, do not have the strict order property. Moreover, the notion of “forking” can be deﬁned for these theories. Kim’s theorem states that forking gives rise to a notion of independence for simple theories just as it does for stable theories. In particular, forking independence is symmetric. This discovery, 16 years after Shelah introduced simple theories, has made this an active area of current research in model theory. The notion of simplicity is now viewed as an extension of stability. The simple theories encompass the stable theories just as the stable theories encompass the superstable theories, and so forth. Thus the world of all ﬁrst-order theories is divided into several classes. We list these classes below and provide at least one example from each. The class of tame theories is not precisely deﬁned. A theory is “tame” if it lends itself to model-theoretic analysis. This class certainly includes all simple theories. It also includes the o-minimal theories discussed in Section 5.7. Whereas these theories share some of the model-theoretic features of strongly minimal theories, the ominimal theories by deﬁnition possess the strict order property and so are not simple. Theories that are not tame are called wild.

Models of countable theories

293

A hierarchy of ﬁrst-order theories: • The wild theories contain undecidable theories such as TN discussed in Chapter 8. • The tame theories include well-behaved theories such as the o-minimal theories and each of the theories below. • The simple theories include the theory of the random graph and each of the theories below. • The stable theories include the superstable theories below and also strictly stable theories such as the following. Let Vω = {Ei |i < ω} be the vocabulary containing countably many binary relations. Let Tst be the V-theory saying that – each Ei is an equivalence relation, – ∀x∀y(Ei+1 (x, y) → Ei (x, y)) for each i, – each equivalence class of Ei contains inﬁnitely many equivalence classes of Ei+1 for each i. This theory is stable but not superstable. • The supertable theories include the ω-stable theories below and also strictly superstable theories such as the following Vω -theory. Let Tsst be the Vω -theory saying that – each Ei is an equivalence relation, – there are exactly two Ei equivalence classes for each i, – the equivalence relation deﬁned by Ei (x, y) ∧ Ej (x, y) has exactly four inﬁnite classes for i = j. This theory is superstable but not ω-stable. • The ω-stable theories include all uncountably categorical theories as well as some noncategorical theories such as the theory of a single equivalence relation having two inﬁnite classes. • The uncountably categorical theories include the strongly minimal theories by Proposition 5.100. Each uncountably categorical structure is closely linked to a strongly minimal structure. For example, recall the strongly minimal structure Zs = (Z|s) (the integers with a successor function). Let ZP = (Z|s, P ) be the expansion of Zs containing a unary relation P that holds for every other integer. That is, ZP models ∀x(P (x) ↔ ¬P (s(x))). This structure is closely linked to Zs . Like Zs , ZP is an uncountably categorical structure. Since P (x) deﬁnes an inﬁnite and co-inﬁnite subset of ZP , the theory of ZP is not strongly minimal. • The strongly minimal theories include the theory of Zs as well as the theories of vector spaces and algebraically closed ﬁelds discussed in Section 5.7.

294

Models of countable theories

Note that the countably categorical theories are omitted from the above list. Whereas uncountably categorical theories are necessarily ω-stable, countably categorical theories provide a cross-section of the above classiﬁcation. There exist countably categorical theories that are strongly minimal (such as Tclique ), unstable (the random graph), and unsimple (dense linear orders). Lachlan’s Theorem states that countably categorical theories cannot be strictly superstable. Whether the same is true for strictly stable theories is an open question. A related open question is the following: Does there exist a countable simple theory T with 1 < I(T , ℵ0 ) < ℵ0 ? The theory TCDLO (deﬁned in Exercise 5.15) is an example of such a theory that is not simple. The question regarding simple theories has been resolved for certain cases. The Baldwin–Lachlan theorem states that there are no uncountably categorical examples. Byunghan Kim has extended this result to a class of simple theories known as the supersimple theories (this class contains all superstable theories as well as some unstable theories). A most famous open question in this area is known as Vaught’s Conjecture. This conjecture asserts that the number of countable models of a complete countable theory is either countable or 2ℵ0 . If the continuum hypothesis holds and 2ℵ0 = ℵ1 , then this conjecture is an immediate consequence of Proposition 6.50. If the continuum hypothesis does not hold, then there exist cardinals between ℵ0 and 2ℵ0 . Vaught’s Conjecture asserts that I(T , ℵ0 ) cannot take on such values. Robin Knight has recently proposed a counter example to this conjecture. However, Knight’s example is not simple. So the following question remains: Does there exist a countable simple theory T with ℵ0 < I(T , ℵ0 ) < 2ℵ0 ? As with the former question, partial results have been obtained. Shelah, Harrington, and Makkai showed that the answer is “no” for ω-stable theories. Buechler proved that Vaught’s Conjecture holds for a class of superstable theories. For more on stability theory, I recommend to the beginner both Poizat [39] and Buechler [6]. The later chapters of [39] are devoted to stability theory and serve as an excellent introduction. As the title suggests, [6] is entirely dedicated to the subject. Many of Shelah’s important results are contained in his epic [43]. Although this book is the well spring of stability theory, I do not recommend it as a source for learning stability theory. I also do not recommend studying the sun by staring directly at it. Secondary sources are preferable. Baldwin [1] is more comprehensive than both [39] and [6] and far more accessible than [43]. Both [26] and [37] are also recommended, but are unfortunately currently out of print. For simple theories, Wagner [50] is recommended.

Models of countable theories

295

Exercises 6.1.

Let M and N be V-structures and let f : M → N be an elementary embedding. Show that N realizes every type that M realizes, but N does not omit every type that M omits.

6.2.

Let T be a complete V-theory. For any V-formula ϕ, let Sϕ denote the set of all types in S(T ) that contain ϕ. The set {ϕ1 , ϕ2 , . . .} of V-formulas is said to be a cover of Sn (T ) if every type in Sn (T ) is in Sϕi for some i. Show that, for any n ∈ N, any cover of Sn (T ) has a ﬁnite subset that is also a cover of Sn (T ).

6.3.

Let T be a complete theory that has a ﬁnite model. Show that every type in S(T ) is isolated.

6.4.

Let T be a complete theory having inﬁnite models. (a) Show that any type in Sn (T ) for n > 1 is not satisﬁable. (b)

Give an example of a type p ∈ S1 (T ) that is satisﬁable.

6.5.

Let T be a complete theory and let p be a type of T . Show that the formula θ isolates p over T if and only if θ is realized in some model of T and, for each formula ϕ ∈ p, T θ → ϕ.

6.6.

Let T be a complete V-theory. Suppose that Sn (T ) is ﬁnite for some n ∈ N. (a) Show that there are only ﬁnitely many V-formulas in n free variables up to T -equivalence. (b)

6.7.

Show that T is not necessarily ℵ0 -categorical by providing an appropriate example.

We demonstrate that the Omitting Types theorem fails for theories in uncountable vocabularies. Let M be the VE -structure deﬁned in Example 6.8 (and Exercise 5.16). Let T be T h(M ). Let C = {ci |i < ω1 } be an uncountable set of constants. Let V be the expansion VE ∪ C. Let T be any expansion of T to a complete V -theory that says each of the constants in C are distinct. Consider the partial type q = {¬ϕ1 (x1 ), ¬ϕ2 (x1 ), ¬ϕ3 (x1 ), . . .}. Recall that ϕm (x1 ) is the VE -formula saying that there exists exactly m elements equivalent to x1 . (a) Show that q is not isolated. (b) Show that q is realized in every model of T . (c)

6.8.

Show that for each complete type p in S1 (T ) containing q, either p is isolated or p is omitted from some model of T .

Suppose we attempt to generalize the proof of the Omitting Types theorem 6.13 to theories having uncountable theories in the same manner

296

Models of countable theories

that Theorem 4.2 was generalized to Theorem 4.27. Speciﬁcally what goes wrong? 6.9.

Let T be a complete theory in a countable vocabulary V. (a) Let p1 and p2 be nonisolated types in Sn (T ). Following the proof of the Omitting Types theorem 6.13, prove that there exists a countable model of T that omits both p1 and p2 . (b) Let p1 , p2 , . . . , pk be nonisolated types in Sn (T ) (for k ∈ N). Describe how the proof of the Omitting Types theorem 6.13 can be modiﬁed to construct a model of T that omits each pi . (c)

Let p1 , p2 , p3 , . . . be countably many types in Sn (T ) each of which is not isolated. Describe how the proof of the Omitting Types theorem 6.13 can be modiﬁed to construct a model of T that omits each pi .

6.10. Give an example of a complete countable theory T and a nonisolated type p ∈ S(T ) such that p is not omitted in any uncountable model of T . That is, show that Corollary 6.14 fails for uncountable models. 6.11. Let T be a small theory. Prove that there exists an isolated type in S(T ). 6.12. Find an example of a theory T in a ﬁnite vocabulary so that Sn (T ) contains no isolated types for some n ∈ N. 6.13. Let T be a countable complete theory and let p be a type in S1 (T ). (a) Suppose that, for any model M of T , there are only ﬁnitely many elements a such that p = tpM (a). Show that p is isolated. (b)

Suppose that, for some model M of T , there is exactly one element a such that p = tpM (a). Show that p is not necessarily isolated by demonstrating an appropriate example.

6.14. Let T be a complete countable V-theory. The isolated types are said to be dense in S(T ) if every V-formula contained in a type of S(T ) is contained in an isolated type of S(T ). Prove that T has a countable atomic model if and only if the isolated types are dense in S(T ). 6.15. Let T be a countable complete theory. Show that M is a prime model of T if and only if T can be elementarily embedded into every countable model of T . a) denote 6.16. For any n-tuple a ¯ of elements from an V-structure M , let qf tpM (¯ a). Prove that the following the set of quantiﬁer-free V-formulas in tpM (¯ are equivalent statements regarding a complete theory T . (i) For any M |= T , n ∈ N, and any n-tuples a ¯ and ¯b of M , if ¯ ¯ a) = qf tpM (b) then tpM (¯ a) = tpM (b). qf tpM (¯

Models of countable theories

(ii)

297

For any n ∈ N, models N and M of T , and any n-tuple a ¯ of M and ¯b of N , if qf tpM (¯ a) = tpN (¯b). a) = qf tpN (¯b) then tpM (¯

(iii) T has quantiﬁer elimination. 6.17. Let T be a small theory and let M be the countable saturated model of T . Prove that T has quantiﬁer elimination if and only if the following holds. For any n ∈ N, if (a1 , . . . , an ) and (b1 , . . . , bn ) are n-tuples of M that satisfy the same atomic formulas in M , then for any an+1 there exists bn+1 such that (a1 , . . . , an , an+1 ) and (b1 , . . . , bn , bn+1 ) satisfy the same atomic formulas in M . 6.18. Let T be a theory. Suppose that there exists a unique nonisolated type in S1 (A) for each subset A of each model of T . Prove that T is uncountably categorical but not countably categorical. (Hint: Show that T is strongly minimal.) 6.19. Recall that an isomorphism f : M → M from a structure M onto itself is called an automorphism of M . Say that two elements a and b from the universe of M are indistinguishable in M if there exists an automorphism of M such that f (a) = b. Suppose that M is a countable homogeneous structure. Prove that a and b are indistinguishable if and only if tpM (a) = tpM (b). 6.20. We show that the notion of a homogeneous structure can be deﬁned in terms of automorphisms (see the previous exercise). (a) Let M be a countable structure. Prove that M is homogeneous if and only if, given any two tuples (a1 , . . . , an ) and (b1 , . . . , bn ) of M having the same type in M , there exists an automorphism f of M such that f (ai ) = bi for each i = 1, . . . n. (b)

Let M be a structure (not necessarily countable). Prove that M is homogeneous if and only if every M -elementary function can be extended to an automorphism.

6.21. Prove Proposition 6.27. 6.22. Let T be an incomplete theory. Show that T may have a countable atomic model, but it cannot have a prime model. 6.23. Let M be a countable saturated structure. Show that, for any subset A of the underlying set of M , every type in S(A) is realized in M . (That is, if every 1-type is realized, then every type is realized.) 6.24. Let M be a countable model of a complete theory T . Prove that M is the countable saturated model of T if and only if M is homogeneous and realizes every type in S(T ).

298

Models of countable theories

6.25. Let T be the theory in the vocabulary {E, s} deﬁned in Example 5.56 of the previous chapter. Prove that T is complete by showing that T has a countable atomic model. 6.26. Let V be the vocabulary consisting of a binary relation E and a unary function s. Let T∞ be the V-theory that says E is an equivalence relation having inﬁnitely many equivalence classes and each class contains a copy of (Z|s). (So T∞ is a modiﬁed version of T from the previous exercise.) Show that T∞ has a countable universal model that realizes every type in S(T ) but is not saturated. 6.27. A set of sets S is said to have the ﬁnite intersection property if the intersection of any ﬁnite number of sets in S is nonempty. (a) Let Zs = (Z|s) be the Vs -structure that interprets the unary function s as the successor function on the integers. Let D be the set of all inﬁnite subsets of Z that are deﬁnable (by some Vs with parameters from Z). Show that D has the ﬁnite intersection property but the intersection of all sets in D is empty. (For the ﬁrst part, use the fact that Zs is strongly minimal.) (b)

Let M be a countable V-structure having underlying set U . Show that M is saturated if and only if the intersection of all sets in D is nonempty for any set D of deﬁnable subsets of U having the ﬁnite intersection property.

6.28. Show that if a structure in ℵn -saturated, then it is ℵn+1 -universal. 6.29. Show that, for m ≤ n, if a structure is ℵn -homogeneous and ℵm -universal, then it is ℵm+1 -universal. 6.30. Show that a structure is κ-saturated if and only if it is both κ-homogeneous and κ-universal. 6.31. Let T be a complete theory. Let M and N be two uncountable homogeneous models of T that realize the same types of S(T ). Show that M ∼ =N using transﬁnite induction. (Compare this with Proposition 6.27.) 6.32. Assuming that the general continuum hypothesis it true, show that every theory has arbitrarily large saturated models. 6.33. Prove Morley’s theorem using the following facts. • Let κ be an uncountable cardinal. If T is ω-stable and has an uncountable model that is not saturated, then T has a model of size κ that is not ℵ1 -saturated. • If T is κ-categorical for some uncountable κ, then T is ω-stable.

7

Computability and complexity

In this chapter we study two related areas of theoretical computer science: computability theory and computational complexity. Each of these subjects take mathematical problems as objects of study. The aim is not to solve these problems, but rather to classify them by level of diﬃculty. Time complexity classiﬁes a given problem according to the length of time required for a computer to solve the problem. The polynomial-time problems P and the nondeterministic polynomialtime problems NP are the two most prominent classes of time complexity. Some problems cannot be solved by the algorithmic process of a computer. We refer to problems as decidable or undecidable according to whether or not there exists an algorithm that solves the problem. Computability theory considers undecidable problems and the brink between the undecidable and the decidable. There are only countably many algorithms and uncountably many problems to solve. From this fact we deduce that most problems are not decidable. To proceed beyond this fact, we must state precisely what we mean by an “algorithm” and a “problem.” One of the aims of this chapter is to provide a formal deﬁnition for the notion of an algorithm. The types of problems we shall consider are represented by the following examples. • The even problem: Given an n ∈ N, determine whether or not n is even. • The 10-clique problem: Given ﬁnite graph, determine whether or not there exists a subgraph that is isomorphic to the 10-clique. • The satisﬁability problem for ﬁrst-order logic: Given a sentence of ﬁrst-order logic, determine whether or not it is satisﬁable. The ﬁrst problem is quite easy. To determine whether a given number is even, we simply check whether the last digit of the number is 0, 2, 4, 6 or 8. The second problem is harder. If the given graph is large and does contain a 10-clique as a subgraph, then we may have to check many subsets of the graph before we ﬁnd it. Time complexity gives precise meaning to the ostensibly subjective idea of one problem being “harder” than another. The third problem is the most diﬃcult of the three problems. This problem is not decidable (it is semi-decidable). Whereas time complexity categorizes the ﬁrst two problems, the third problem falls into the realm of computability theory. We still have not deﬁned what constitutes a “problem.” We have merely provided a few examples. Note that each of these examples may be viewed as

300

Computability and complexity

a function. Given some input, each problem requires a certain output. In each of the examples we have cited, the output is a “yes” or “no” answer. This type of problem is called a decision problem. Other problems may require various output: the problem of ﬁnding the largest prime that divides a given number, for example. More generally, let f (¯ x) be a k-ary function on the non-negative integers. Consider the following problem: • The f -computability problem: Given x ¯, determine the value of f (¯ x). If this problem is decidable, then the function f is said to be computable. We claim that the f -computability problems are the only problems we need to consider. In fact, we take this as our deﬁnition of a problem. Every problem corresponds to a function on the non-negative integers. A decision problem corresponds to a function that only takes on the values 0 and 1 (we interpret 0 as “no” and 1 as “yes”). Let A be the set of all k-tuples x ¯ for which f (¯ x) = 1. The problem represented by f corresponds to the following decision problem: given x ¯, determine whether or not x ¯ is in A. In this way, every decision problem can be viewed as a subset of (N ∪ {0})k for some k. Every decision problem corresponds to a relation on the non-negative integers. The Even Problem corresponds to the set of non-negative even numbers. For the 10-Clique Problem, we can code each ﬁnite graph as a k-tuple of non-negative integers. Likewise, every formula of ﬁrst-order logic can be coded as a natural number. We shall discuss the required coding procedures in this chapter and the next. The goal of this chapter is to give precise meaning to notions such as algorithm, decidable, and polynomial-time. These notions have arisen in earlier chapters. In Chapter 5, we deﬁned decidable theories in terms of algorithms. Given a V-theory T and a V-sentence ϕ, we may ask whether or not ϕ is a consequence of T . This decision problem is decidable if and only if the theory T is decidable. The Satisﬁability Problem for First-order Logic (which we shall abbreviate FOSAT), was the central topic of Chapter 3. The corresponding problem for propositional logic (denoted PSAT), was discussed in Chapter 1. The deﬁnitions and results of the present chapter allow us to prove in the ﬁnal chapters some of the claims that were made in the previous chapters. In Chapter 8, we prove that the theory of arithmetic and other theories are undecidable. In chapter 10, we prove that FOSAT is undecidable. In contrast, PSAT is decidable. However, there is no known algorithm that decides PSAT quickly.

Computability and complexity

301

This problem is NP-complete. Again, we do not prove this until the ﬁnal chapter. In the present chapter, we deﬁne the concept of NP-completeness and discuss the relationship between PSAT and the P = NP question. The topics of computability and complexity do not ﬂow from the stream of ideas embodied in the model theory of the previous chapters. In fact, Sections 7.2 and 7.6.2 are the only sections of this chapter that require logic. However, there are strong connections between the topics of the present chapter and the logic of the previous chapters. The formal nature of computability has historically and philosophically linked this subject with the formal languages of logic. In addition to the connections mentioned in the previous paragraphs, we have the following fact: many of the classes of problems that naturally arise in computability and complexity can be deﬁned in terms of logic. We shall see evidence of this fundamental fact in Sections 7.2, 7.6.2, 8.3, and 10.4.

7.1 Computable functions and Church’s thesis We consider functions on the non-negative integers. Whenever we refer to a function in this chapter, we always mean a function of the form f : D → N ∪ {0} where the domain D of f is a subset of (N ∪ 0)k for some k. If the domain D happens to be all of (N ∪ {0})k , then the function f is said to be a total function. Otherwise, f is a partial function. Deﬁnition 7.1 Let f be an k-ary function on the non-negative integers. Then f is computable if there exists an algorithm which, given an k-tuple a ¯ of non-negative integers, • outputs f (¯ a) if a ¯ is in the domain of f , and • yields no output if a ¯ is not in the domain of f . To make this deﬁnition precise, we must state what constitutes an algorithm. Informally, an algorithm is a computer program. We claim that the deﬁnition of a computable function is invariant under our choice of programming language. If we have a computer program in C++ that computes the function f (x), then we can translate this to a program in Fortran or any other language. There are countably many computer programs and uncountably many functions (Propositions 2.47 and 2.48). So most functions are not computable. This fact ﬂies in the face of empirical evidence. Nearly every function that naturally arises in mathematics (every function one encounters in, say, calculus) is computable. We shall demonstrate several functions that are not computable in Section 7.6.1.

302

Computability and complexity

The set of computable functions is our primary object of study in this chapter. We take two approaches to circumscribing this set from among the uncountably many functions that are not computable. In Section 7.3, we make deﬁnite the notion of an algorithm by specifying a simpliﬁed computer language. This facilitates the analysis of the set of computable functions. In the present section, we take a diﬀerent approach. We consider some basic computable functions and show how more complex computable functions can be derived from them. We deﬁne a set of computable functions known as the recursive functions. This set is generated from a few functions by applying a few rules. We prove in Sections 7.3 and 7.4 that the two approaches yield the same functions: the recursive functions of the present section are precisely those that are computable by an algorithm in the sense of Section 7.3. Moreover, we claim that these functions are precisely those functions that can be computed by a C++ program, a Maple program, a Pascal program, or any other computer program. Thus, we demonstrate that computability is not a vague notion. It is a robust concept suitable for mathematical analysis. 7.1.1 Primitive recursive functions. We begin our analysis of computable functions with some examples. Example 7.2 The following functions are unquestionably computable: the zero function Z(x) = 0, the successor function s(x) = x + 1, and the projection functions pki (x1 , x2 , . . . , xk ) = xi . The projection functions are deﬁned for any k and i in N with i ≤ k. Deﬁnition 7.3 The functions s(x), Z(x), and pki (x) from the previous example are called the basic functions. From two given unary functions f and g we can deﬁne various new functions. One of these is the composition h(x) = f (g(x)). If we can compute both f (x) and g(x), then we can compute h(x). We generalize this idea to k-ary functions. Deﬁnition 7.4 Let S be a set of functions on the non-negative integers. The set is said to be closed under compositions if given any m-ary function h in S and k-ary functions g1 , g2 , . . . , gm in S (for any k and m in N) the k-ary function f deﬁned by f (x1 , . . . , xk ) = h(g1 (x1 , . . . , xk ), . . . , gm (x1 , . . . , xk )) is also in S.

Computability and complexity

303

The set of computable functions is closed under compositions. In particular, since the basic functions Z(x) and s(x) are both computable, so is the function s(Z(x)). This is the constant function c1 (x) = 1. Likewise, each of the constant functions cn (x) = n is a computable function. Functions on the non-negative integers can also be deﬁned inductively. That is, we can deﬁne a function f (x) by ﬁrst stating the value of f (0) and then describing how to compute f (x + 1) given the value of f (x). For example, we deﬁne the function f (x) = x! inductively as follows: f (0) = 1

and f (x + 1) = f (x) · (x + 1).

There are numerous ways to extend this idea to k-ary functions for k > 1. One way is provided by primitive recursion. Primitive recursion is a method for deﬁning an k-ary function in terms of two given functions: one of these is (k − 1)ary and the other is (k + 1)-ary. For the case where k = 1, we deﬁne the 0-ary functions to be the unary constant functions Z(x) and cn (x) for n ∈ N. Before deﬁning primitive recursion we demonstrate how it works with an example. Example 7.5 Let h(x, y) = 1 and let g(x, y, z, w) = w · z xy . From these 2-ary and 4-ary functions we deﬁne, using primitive recursion, the 3-ary function f . Let f (0, y, z) = h(y, z), and f (x + 1, y, z) = g(x, y, z, f (x, y, z)). For ﬁxed values y0 and z0 of y and z, the above deﬁnition inductively deﬁnes the unary function given by f (x, y0 , z0 ). We have f (0, y0 , z0 ) = 1 and f (x + 1, y0 , z0 ) = f (x, y0 , z0 ) · z0xy0 . From this deﬁnition, f (x, y, z) can be computed for any tuple (x, y, z) of nonnegative integers. Speciﬁcally, for any y and z, we have: f (1, y, z) = z y f (2, y, z) = z y z 2y = z 3y f (3, y, z) = z 3y z 3y = z 6y

f (4, y, z) = z 6y z 4y = z 10y f (5, y, z) = z 10y z 5y = z 15y , and f (6, y, z) = z 15y z 6y = z 21y .

We can see from this sequence that f (x, y, z) is explicitly deﬁned as follows: 2

f (x, y, z) = z y(x

+x)/2

.

Deﬁnition 7.6 Let S be a set of functions on the non-negative integers. The set is closed under primitive recursion if, for any k ∈ N, any (k − 1)-ary function h in S, and any (k + 1)-ary function g in S, the k-ary function f deﬁned as follows

304

Computability and complexity

is also in S: f (0, x2 , . . . , xk ) = h(x2 , . . . , xk ), f (x1 + 1, x2 , . . . , xk ) = g(x1 , . . . , xk , f (x1 , . . . , xk )). If k = 1, then we allow h to be any constant function. If both h and g are computable, then so is any function deﬁned from h and g be primitive recursion. So the set of computable functions is closed under primitive recursion as well as composition. Also, the computable functions include the basic functions Z(x), s(x), and pki from Example 7.2. Deﬁnition 7.7 The set of primitive recursive functions is the smallest set containing the basic functions and closed under both composition and primitive recursion. Whereas every primitive recursive function is computable, it is not true that every computable function is primitive recursive. The primitive recursive functions are only part of the set of computable functions. They are, however, a sizable part. Proposition 7.8 The addition function deﬁned by a(x, y) = x + y is primitive recursive. Proof Let h(y) = p11 (y) = y and g(x, y, z) = s(p33 (x, y, z)) = s(z). Since h(x) is a basic function, it is primitive recursive. Since g(x, y, z) is the composition of basic functions, it is also primitive recursive. We deﬁne a(x, y) using primitive recursion as follows: a(0, y) = h(y) = y, and a(x + 1, y) = g(x, y, a(x, y)) = s(a(x, y)) = a(x, y) + 1. It follows that a(x, y) is primitive recursive. Unlike addition, subtraction does not determine a total binary function on the non-negative integers. We let − denote a modiﬁed subtraction operation that is total. This function is deﬁned as follows: a − b if b ≤ a a−b= 0 otherwise.

Proposition 7.9 The function sub(x, y) = x − y is primitive recursive.

Proof First we show that the predecessor function pred(x) = x − 1 is primitive recursive. Let h1 (x) = Z(x) and g1 (x, y) = p21 (x, y). Let pred(0) = h1 (0) = 0, and pred(x + 1) = g1 (x, pred(x)) = x.

Computability and complexity

305

To deﬁne sub(x, y) by primitive recursion, let h2 (x) = p11 (x) and g2 (x, y, z) = pred(z). Then sub(x, 0) = h2 (x) = x and sub(x, y + 1) = g2 (x, y, sub(x, y)) = pred(sub(x, y)) and so sub(x, y) is primitive recursive. Proposition 7.10 The multiplication function deﬁned by m(x, y) = xy is primitive recursive. Proof Let h(y) = Z(y) and g(x, y, z) = a(y, z). By Proposition 7.8, a(y, z) is primitive recursive. We deﬁne m(x, y) using primitive recursion as follows: m(0, y) = h(y) = 0,

and

m(x + 1, y) = g(x, y, m(x, y)) = a(y, m(x, y)) = y + m(x, y). It follows that m(x, y) is primitive recursive. Consider the exponential function exp(x, y) = y x . Since this function is not total, it cannot be primitive recursive. If we deﬁne exp(0, 0) to be 1 (or any other number), then the resulting function is primitive recursive. Proposition 7.11 The function exp(x, y) is primitive recursive. Proof Let h(y) = s(0) and g(x, y, z) = m(y, z). By the previous proposition, m(y, z) is primitive recursive. We deﬁne exp(x, y) using primitive recursion as follows: exp(0, y) = h(y) = s(0) = 1,

and

exp(x + 1, y) = g(x, y, exp(x, y)) = m(y, exp(x, y)) = y · exp(x, y). It follows that exp(x, y) is primitive recursive. Proposition 7.12 Let p(x) be any polynomial having natural numbers as coeﬃcients. Then p(x) is primitive recursive. Proof This follows from the fact that p(x) can be written as a composition of constant functions, a(x, y), m(x, y), and exp(x, y). By deﬁnition, the set of primitive recursive functions is closed under the operations of composition and primitive recursion. By repeatedly using is fact, we can generate more and more primitive recursive functions from the basic functions. We next show that the set of primitive recursive functions is necessarily closed under operations other than composition and primitive recursion. Deﬁnition 7.13 Let S be a set of functions on the natural numbers. The set is closed under bounded sums if, for any k-ary function f (x1 , . . . , xk ) in S, the function sumf (y, x2 , . . . , xk ) = z

306

Computability and complexity

Proof Let f (x1 , . . . , xk ) be a primitive recursive function. Let h(x2 , . . . , xk ) = 0 and let g(x1 , . . . , xk , xk+1 ) = f (x1 , . . . , xk ) + xn+1 . Both h and g are primitive recursive. Moreover, the function sumf (y, x2 , . . . , xk ) can be deﬁned from h and g by primitive recursion: sumf (0, x2 , . . . , xk ) = 0, sumf (k + 1, x2 , . . . , xk ) = g(k, x2 , . . . , xk , sumf (k, x2 , . . . , xk )) = f (k, x2 , . . . , xk ) + sumf (k, x2 , . . . , xk ). Deﬁnition 7.15 Let S be a set of functions on the natural numbers. The set is closed under bounded products if, for any k-ary function f (x1 , . . . , xk ) in S, the function prodf (y, x2 , . . . , xk ) = Πz

the least z less than y such that f (¯ x, z) = 0 y if no such z exists.

Proposition 7.18 The set of primitive recursive functions is closed under bounded search. Proof Let f (¯ x, y) be a primitive recursive function. We show that bsf (¯ x, y) can be written as a composition of primitive recursive functions. The predecessor function pred(x) was shown to be primitive recursive in the

proof of Proposition 7.9. Let pos(x) be the function x − pred(x). This function determines whether or not x is positive: pos(x) = 1 for nonzero x and pos(0) = 0. We claim that ¯) = (Πw

We leave the veriﬁcation of this claim to the reader. By the previous proposi¯) is a composition of primitive recursive functions and is therefore tions, bsf (y, x primitive recursive.

Computability and complexity

307

Thus, we see that the primitive recursive functions form a vast set of computable functions. In fact, it may seem diﬃcult to demonstrate a total computable function that is not primitive recursive. We now give one well known example of such a function. 7.1.2 The Ackermann function. We deﬁne a total binary function A(n, x) that is computable but not primitive recursive. We refer to this function as the Ackermann function. It is one of several variations of a function ﬁrst introduced by Wilhelm Ackermann in 1928. The function A(n, x) is deﬁned as follows. For (n, x) ∈ N2 , A(0, x) = x + 1, A(n, 0) = A(n − 1, 1), and A(n, x) = A(n − 1, A(n, x − 1)). This function is computable. Let us compute some speciﬁc values of A(n, x). Since A(0, x) = x + 1, we have A(0, 1) = 2, A(0, 2) = 3, and so forth. We also have: A(1, 0) = A(0, 1) = 2, A(2, 0) = A(1, 1) = A(0, A(1, 0)) = A(0, 2) = 3, A(1, 2) = A(0, A(1, 1)) = A(0, 3) = 4, and A(3, 0) = A(2, 1) = A(1, A(2, 0)) = A(1, 3) = A(0, A(1, 2)) = A(0, 4) = 5. We record these and other values of A(n, x) in Table 7.1. Table 7.1

Values for A(n, x)

n=0

1

2

x=0

1

2

3

3 5

1

2

3

5

13

2

3

4

7

29

3

4

5

9

61

Although these computations may seem innocuous, it is practically impossible to extend the above table much further to the right. The column for n = 4 begins A(4, 0) = 13, A(4, 1) = 65534, and then the numbers get really big. The column for n = 5 begins A(5,0) = A(4,1) = 65533. The computation of A(5, 1) is beyond the capabilities of any computer. For each n ∈ N, let an (x) denote the unary function A(n, x). From the above computations, we see that a0 (x) = A(0, x) = x + 1, a1 (x) = A(1, x) = x + 2,

308

Computability and complexity

a2 (x) = A(2, x) = 2x + 3, and a3 (x) = A(3, x) = 2x+3 − 3. .2 ..

2 2 − 3.

The function a4 (x) is deﬁned by A(4, x) =

x+3 times

The functions an (x) for n > 4 cannot be expressed using conventional notation. We make two observations regarding these functions. First, note that the function an (x) can be deﬁned inductively from the function an−1 (x). This follows from the rules A(n, 0) = A(n − 1, 1) and A(n, x) = A(n − 1, A(n, x − 1)) in the deﬁnition of A(n, x). It follows that each an (x) is a primitive recursive function (since a0 (x) is). The second observation is that the function an−1 (x) is smaller than an (x) for each n ∈ N. Deﬁnition 7.19 We say that g(x1 , . . . , xk ) is smaller than f (x), and write g < f , ¯ having maximum entry xi = m. If g if g(x1 , . . . , xk ) < f (m) for all k-tuples x happens to be unary, then g < f simply means that g(n) < f (n) for all n. Let a∞ (x) = A(x, x). This function is not smaller than any of the functions an (x). Proposition 7.20 The function a∞ (x) = A(x, x) is not primitive recursive. Proof We show that every primitive recursive function is smaller than am (x) x) are smaller than a1 (x) and for some m ∈ N. The basic functions Z(x) and pki (¯ s(x) is smaller than a2 (x). Suppose now that f is the composition of g and h and g < ai and h < aj for some i and j in N. Further suppose that g and h are unary functions (we claim that what follows generalizes to higher arities). We show that f (x) = g(h(x)) is smaller than am+1 where m is larger than both i and j. To show this, we make two observations: for any x ∈ N and m ∈ N ∪ {0}: (x−1)

1. x < am 2.

(x+1) am (1)

(1) (for x > 0 and m > 0), and

= am+1 (x),

(x)

(x−1)

where am (1) denotes the composition am (am (· · · (am (1)))). We regard am

(1)

x times

as a function of x. (x−1) To see that the ﬁrst observation holds, note that a0 (1) = x for x > 0. For the second observation, recall from the deﬁnition of the Ackermann function that am+1 (x) = am (am+1 (x − 1)) = am (am (am+1 (x − 2))) = · · · . (x)

We see that am+1 (x) = am (am+1 (0)). Again by the deﬁnition of the Ackermann function: am+1 (0) = am (1). This establishes the second observation.

Computability and complexity

309

We now show that the composition of h and g is smaller than am+1 (x). We have g(h(x)) < ai (aj (x)) < am (am (x)). (x−1) By observation 1, am (am (x)) < am (am (am (1))). (x−1) (x+1) By observation 2, am (am (am (1))) = am (1) = am+1 (x). Now suppose that f is deﬁned from h and g by primitive recursion. Again, we suppose for simplicity that f is unary. In this case, h(x) = c for some constant c and g is a binary function. The function f is deﬁned for each n ∈ N as follows: f (0) = c and f (n + 1) = g(n, f (n)). Suppose that g < ai . We show that f < am for some m. Since aj < aj+1 for each j, there exists j such that aj (0) is bigger than the constant c. Let m be greater than both j and i + 1. We may assume that f (n) > n for each n (since f is smaller than some function with this property). Likewise, we may also assume that g is an increasing function. In particular, we use the inequality g(n, f (n)) < g(f (n), f (n)). Claim f (n) < am (n) for all n. Proof We prove this by induction on n. f (0) = c < am (0) by our choice of m. f (n + 1) = g(n, f (n)) < g(f (n), f (n)) (by our previous remarks) < ai (f (n)) < ai (am (n)) (by induction) < am−1 (am (n)) (since m > i + 1) = am (n + 1) (since A(m, n + 1) = A(m − 1, A(m, n))). This completes the proof. We conclude that the inductive method used to deﬁne A(n, x) is stronger than primitive recursion. To generate the set of computable functions from the basic functions, we must include closure operations beyond composition and primitive recursion. We claim that, in addition these two operations, we need only one more operation to obtain the entire set of computable functions. As we shall show, it suﬃces to modify the operation of bounded search. 7.1.3 Recursive functions. We now deﬁne the recursive functions. In addition to being closed under composition and primitive recursion, the set of recursive functions is also closed under unbounded search.

310

Computability and complexity

Deﬁnition 7.21 Let f (¯ x, y) be a (k+1)-ary function on the non-negative integers. We denote by usy f (¯ x, y) the (k)-ary function deﬁned as follows. For a given x, y) = z if and only if f (¯ x, y) is deﬁned for each y ≤ z and z is k-tuple x ¯, usy f (¯ least such that f (¯ x, z) = 0. If no such z exists, then x ¯ is not in the domain of x, y) . usy f (¯ Deﬁnition 7.22 Let S be a set of functions on the non-negative integers. The set is closed under unbounded search if the following holds. If f (¯ x, y) is in S, then x, y). so is the function usy (¯ Deﬁnition 7.23 The set of recursive functions is the smallest set containing the basic functions and closed under composition, primitive recursion, and unbounded search. Every recursive function is computable. To verify this, consider the unbouna, y) ded search process. Suppose that f (¯ x, y) is computable. To compute usy f (¯ for a given input a ¯, follow these steps: (1) Let n = 0 (2) Compute f (¯ a, n) a, y) = n. (3) If f (¯ a, n) = 0, then usy f (¯ Otherwise add 1 to the value of n and go to (2). Thus, usy f (¯ a, y) is computed in a ﬁnite number of steps provided that a ¯ is in x, y). If a ¯ is not in the domain of usy f (¯ x, y), then these three the domain of usy f (¯ steps will produce no output (the algorithm will either be unable to compute step (2) for some n or it will form an inﬁnite loop). Conversely, we claim that every computable function is recursive. In particular, the Ackermann function is recursive. We prove this as a consequence of Kleene’s Recursion theorem 7.38 of Section 7.4. Thus, we show that the Ackermann function is recursive without providing an explicit deﬁnition of this function in terms of unbounded search. We leave this explicit deﬁnition as Exercise 7.12. The assertion that every computable function is recursive is known as Church’s thesis. Section 7.4 provides evidence for Church’s thesis. Not only do we show that the Ackermann function is recursive, but we also prove that all functions computable by programs in a speciﬁc programming language are recursive. We do not prove Church’s thesis. Such a proof would have to consider every conceivable programming language. This is not feasible. Moreover, even if we were to somehow succeed in this task, then this still would not suﬃce as a proof of Church’s thesis. To fully understand Church’s thesis, we must make the distinction between functions that are computable by a computer program and those functions that are computable in the intuitive sense. A function is “programmable” if

Computability and complexity

311

there is a computer program (in some conventional programming language) that computes the function. It need not be feasible to execute the program in a reasonable amount of time or space. A function is “intuitively computable” if it can somehow be computed by some algorithm. Whereas the notion of a recursive function is precise, the notions of “programmable” and “intuitively computable” are increasingly more vague. From these deﬁnitions, we have the following two inclusions:

Recursive Functions

⊂

Programmable Functions

⊂

Intuitively Computable . Functions

Church’s thesis implies that each of these three sets contain the same functions. There are two possible scenarios in which this thesis is false. One possibility is that there exists a clever computer capable of computing a nonrecursive function. We claim that this is not the case. That is, we claim that the ﬁrst of the above inclusions is not proper. We provide evidence for this following Theorem 7.38 of Section 7.4. The other scenario involves the second inclusion. Let us temporarily entertain the possibility that there exist functions that are computable by some algorithm that cannot be implemented into a computer program. For example, consider the function π(n) = the nth digit in the decimal expansion of π. This function is intuitively computable since we have the following algorithm: construct a really big circle, measure the circumference and diameter, and divide (“really big” depends on n). Likewise, consider the function f (n) = |1000 · sin n| (rounded to the nearest integer). We can compute this function by constructing a really big triangle having an angle of n radians and taking the ratio of two sides. If we are trying to program a computer to evaluate these functions, then these algorithms do not lend much insight. There do, of course, exist computer algorithms that compute π(n) and f (n) (for example, we can use the Taylor series to compute the sine). However, it seems plausible that there exist other algorithms that cannot be carried out by a computer. Church’s thesis states that this is not the case: any function that is computable in the intuitive sense is recursive. From this point of view, Church’s thesis is not a statement of mathematics, but a statement of faith that precludes the possibility of proof (although disproof is possible). We make no assumptions regarding the veracity of Church’s thesis. We focus our attention on the set of recursive functions. We show in Section 7.4 that these functions are equivalent to the functions that are computable in a certain computer language. Moreover, we claim that these are precisely those functions that are computable by a program in C++ (or Basic or Cobol or Maple). This provides evidence in support of Church’s thesis, but this not our aim. Regardless of whether or not Church’s thesis is true, the set of recursive functions is of natural interest. Henceforth, when we refer to the computable functions we mean

312

Computability and complexity

a function in this precisely deﬁned set. Our aim in this chapter is to investigate this set of computable functions and the corresponding concept of decidability.

7.2 Computable sets and relations Let A be a subset of the non-negative integers. The characteristic function of A (denoted χA (x)) is deﬁned as follows: 1 x∈A χA (x) = 0 x ∈ A. The set A is said to be recursive if its characteristic function is recursive. Likewise, A is said to be primitive recursive if its characteristic function is. These deﬁnitions can be extended to any relation R on N ∪ {0}. That is, the recursive (and primitive recursive) subsets of (N ∪ {0})k for k > 1 are deﬁned in the same manner that we have deﬁned the recursive and primitive recursive subsets of N ∪ {0}. To each relation R on the non-negative integers there is an associated decision problem: namely, the problem of determining whether or not a given tuple x ¯ is in the set R. This decision problem is said to be decidable if and only if R is a recursive relation. By deﬁnition, every decision problem corresponds to some relation. So to study recursive relations is to study the set of all decidable decision problems. In this section, we restrict our attention to the primitive recursive relations. In Section 7.5 we consider the wider set of recursive relations and demonstrate (in Section 7.6) various subsets of N ∪ {0} that are not recursive. Example 7.24 Consider the binary relation x < y. The characteristic function for this relation is deﬁned by χ< (x, y) = 1 if x < y and χ< (x, y) = 0 otherwise. This function can be deﬁned as a composition of primitive recursive functions:

χ< (x, y) = 1 − (x − y).

It was shown in Proposition 7.9 that sub(x, y) = x − y is primitive recursive. It follows that the relation x < y is also primitive recursive. Primitive recursive relations allow us to deﬁne primitive recursive functions by cases. For example, consider the function f (x) deﬁned by cases as follows. g(x) if x < 10 f (x) = h(x) otherwise. If g(x) and h(x) are both primitive recursive, then so is f (x). More generally, we have the following.

Computability and complexity

313

Proposition 7.25 Let R1 , . . . , Rn be disjoint k-ary relations and let x), . . . , gn (¯ x) be k-ary functions. If each of these functions and relations is g1 (¯ primitive recursive, then so is the function deﬁned by cases as follows g1 (¯ x) if R1 (¯ x) g2 (¯ x) if R2 (¯ x) h(¯ x) = ... ... x) if Rk (¯ x). gk (¯ Proof We have x) · χ1 (¯ x) + g2 (¯ x) · χ2 (¯ x) + · · · + gk (¯ x) · χk (¯ x), f (¯ x) = g1 (¯ x) denotes the characteristic function for the relation Ri (¯ x) (for i = where χi (¯ 1, . . . , k). In this section, we show that several familiar relations (in addition to a < b) are primitive recursive. We also show that, given two primitive recursive relations A and B on the non-negative integers, the relations A ∪ B, A ∩ B, A × B, and other relations are also primitive recursive. Rather than considering these relations one-by-one and proving that each is primitive recursive, we instead take advantage of our background in ﬁrst-order logic. We show that if a relation is deﬁnable by a quantiﬁer-free formula in the vocabulary of arithmetic, then that relation is primitive recursive. Let N0 = (N ∪ {0}|+, ·, 0, 1) be the structure having the non-negative integers as an underlying set that interprets the vocabulary Var = {+, ·, 0, 1} in the usual way. Proposition 7.26 Let A be a deﬁnable subset of N0 . If A is deﬁnable by a quantiﬁer-free Var -formula, then A is primitive recursive. Proof Let ϕA (x1 , . . . , xn ) be a Var -formula that deﬁnes the k-ary relation A. We show that A is primitive recursive by induction on the complexity of ϕA . However, we do not proceed in the usual order. We ﬁrst prove the induction step and lastly consider the case where ϕA is atomic. Suppose that θ(¯ x) and ψ(¯ x) are Var -formulas that deﬁne primitive recursive subsets of N0 . Let B be the relation deﬁned by θ and let C be the relation deﬁned by ψ. Then the characteristic functions χB and χC are both primitive recursive. We must show that the characteristic function of A is also primitive recursive. x) ≡ θ(¯ x), then χA and χB are the same primitive recursive function. If ϕA (¯ x) is the formula ¬θ(¯ x), then χA (¯ x) is 1 if and only if χB (¯ x) is 0. If ϕA (¯

So χA (¯ x) = 1 − χB (¯ x). Since both χB (¯ x) and sub(x, y) = x − y are primitive x). recursive, so is χA (¯

314

Computability and complexity

Now suppose ϕA (¯ x) is the formula θ(¯ x) ∧ ψ(¯ x). Then χA (¯ x) equals the x). x), χC (¯ x)) = χB (¯ x) · χC (¯ composition m(χB (¯ x) is primitive recursive. This concludes the inducIn any of these cases, χA (¯ x) is primitive recursive tion step of the proof. It remains to be shown that χA (¯ ¯ is an atomic Var -formula. in the case where ϕA (X) Since there are no relations in the vocabulary, atomic Var -formulas have the form t1 = t2 for Var -terms t1 and t2 . Each term is a composition of the functions + and · applied to the constants and variables. So each Var -term may x) be regarded as a polynomial p(¯ x) having natural numbers as coeﬃcients. If ϕA (¯ x) = p2 (¯ x). By Proposition 7.12, each is atomic, then it must have the form p1 (¯ x) and p2 (¯ x) are primitive recursive functions. We must of the polynomials p1 (¯ show that the relation of equality is also primitive recursive. We previously demonstrated that the relation x < y is primitive recursive. It follows that y ≤ x (the negation of x < y) is also primitive recursive. Likewise, x ≤ y is a primitive recursive relation. Finally, the relation x = y, deﬁned as x ≤ y ∧ y ≤ x, is primitive recursive. (We are using the fact that the primitive recursive relations are closed under negations and conjunctions. This was proved as part of the induction step.) x) is atomic, then χA (¯ x) is the composition χeq (p1 (¯ x), p2 (¯ x)), where If ϕA (¯ χeq (x, y) = 1 if x = y and is otherwise zero. Since it is the composition of x) is primitive recursive. primitive recursive functions, χA (¯ This completes the base step for the induction. We conclude that every quantiﬁer-free Var -formula deﬁnes a primitive recursive subset of N0 . The converse of Proposition 7.26 does not hold. In the next chapter we prove that every primitive recursive relation is deﬁnable (see Corollary 8.15). However, not every primitive recursive relation is deﬁnable by a quantiﬁer-free formula. The formula that deﬁnes a primitive recursive relation may require quantiﬁers. Deﬁnition 7.27 Let F be a set of Var -formulas. We say that F is closed under bounded quantiﬁers if for any ϕ(x, y) ∈ F, the formula ∃y(y < x ∧ ϕ(x, y)) is also in F where y < x is an abbreviation for the formula ∃z(y + z = x). (The formula ϕ(x, y) may have free variables other than x and y.) Let ∆0 be the smallest set of Var -formulas containing the atomic formulas that is closed under equivalence, negation, conjunction, and bounded quantiﬁers. Note that the negation of the formula ∃y(y < x ∧ ϕ(x, y)) is equivalent to the formula ∀y(y < x → ¬ϕ(x, y)). So in any ∆0 formula, each variable y that is quantiﬁed by either ∃ or ∀ is bounded by another variable as y < x. That is, the bound variables are bounded by free variables. In particular, each ∆0 sentence must be quantiﬁer-free.

Computability and complexity

315

A relation is primitive recursive if and only if it is deﬁnable by a ∆0 formula. We presently prove one direction of this fact. The other direction shall become apparent after Section 8.3 of the next chapter and is left as Exercise 8.6. Proposition 7.28 Let A be a deﬁnable subset of N0 . If A is deﬁnable by a ∆0 formula, then A is primitive recursive. Proof We must add one step to the proof of the previous proposition. Suppose that ϕ(x, y) deﬁnes a primitive recursive subset A of N0 . We must show the formula ∃y(y < x ∧ ϕ(x, y)) also deﬁnes a primitive recursive subset. For convenience, we assume that x and y are the only free variables of ϕ(x, y) (this assumption does not alter the essence of the proof). Let χA (x, y) be the characteristic function for A. Since this function is primitive recursive, so is the function sumχ(x, y) = z

316

Computability and complexity

total, let us set pr(0) = 0. This function can be deﬁned by primitive recursion. Let h(x) = Z(x) and let g(x, y) be the least prime number greater than y. To verify that g(x, y) is primitive recursive, note that we can deﬁne this function using bounded search. The least prime number greater than y must be less than 2y. (“Chebychev proved it, and Erd¨ os proved it again, there is always a prime between n and 2n.”) The function pr(i) is deﬁned as follows: pr(0) = h(0) = 0, pr(n + 1) = g(n, pr(n)). We now deﬁne the prime factorization function pf (x, i). Every natural number x can be factored as x = pa1 1 pa2 2 . . . pakk , where pi denotes the ith prime number. Moreover, the exponents ai are uniquely determined by x. This is the Fundamental Theorem of Arithmetic. We deﬁne pf (x, i) to be the exponent ai that occurs on the ith prime in the prime factorization of x. To make this a total function, we deﬁne pf (x, i) to be 0 if x = 0 or i = 0. Proposition 7.29 The function pf (x, i) is primitive recursive. Proof We sketch the proof. The function pf (x, i) equals y if and only if div(pr(i)y , x) and ¬div(pr(i)(y+1) , x) both hold. Such a number y must be less than x (since px > x for all primes p and integers x). So we can deﬁne pf (x, i) in terms of the primitive recursive function pr(i), the primitive recursive relation div(x, y), and the primitive recursive operation of bounded search. It follows that pf (x, i) is primitive recursive.

7.3 Computing machines In the 1930s, Alan Turing described a theoretical computing machine to capture the notion of computability. Turing’s thesis states that every function that is intuitively computable can be computed by a Turing machine. Modern computers may be viewed as crude approximations of Turing’s machine (crude since they do not have inﬁnite memory). Variations of Turing’s machine known as register machines were developed in the 1960s by Shepherdson, Sturgis, and others. It was shown that each of these theoretical machines have the same computing power. The functions computable by either a Turing machine or a register machine are precisely the recursive functions. In light of these results, Turing’s thesis is equivalent to Church’s thesis. Henceforth, we refer to this as the Church–Turing thesis.

Computability and complexity

317

In this section, we describe a variation of the register machines. This machine executes programs written in a speciﬁc programming language that we shall describe. Functions computable by programs in this language are called T-computable. At the conclusion of this section, we prove that every recursive function is T -computable. We prove the converse of this in the next section. So the computing machine we describe has the same computing power as any register machine or Turing machine. We now describe our programming language. As we have previously indicated, it does not matter which programming language we choose. If a function is computable by a program in PASCAL, then this program can be translated to a program in C++ or any other programming language. For convenience and deﬁniteness, we use a simpliﬁed programming language we call T ++ . This language is convenient because it has only four types of commands. Of course, if we actually wanted to program a computer to perform a complicated task, then this language would not be so convenient. For each i ∈ N, T ++ has the following commands: Add i,

Rmv i,

RmvP i,

and GOTO i.

A program in T ++ is a ﬁnite sequence of commands. We now describe a machine that runs a given T ++ program P . This is called a turnip machine or, more simply, a T -machine. The machine consists of an enumerated row of bins. Each bin contains turnips. Let Bi denote the ith bin. We assume there are enough bins (and turnips) to carry out the program. Some of these bins may be empty. Whereas the bins are enumerated B1 , B2 , B3 , . . . , the commands that constitute the program are enumerated (1), (2), . . . (the latter sequence is ﬁnite). To run program P , the T -machine begins by reading the ﬁrst command. We now describe how the T -machine executes each of the four possible commands. Suppose that the machine is reading command (10) of program P . • If this command is Add i, then the machine puts one turnip in bin Bi and then proceeds to the next command (namely, command (11)). • If the tenth command is RmvP i, then there are two possibilities. If bin Bi is empty, then the machine does nothing and proceeds to the next command. Otherwise, the turnip machine removes one turnip from bin Bi and then goes to the previous command (namely, command (9)). • If the tenth command is Rmv i, then the T -machine removes a turnip from bin Bi (if there is one) and then, regardless of whether or not there was a turnip to be removed, proceeds to the next command (namely, (11)). • Finally, the command GOTO i causes the turnip machine to go to command (i) of program P .

318

Computability and complexity

The T -machine continues to operate until it comes to a line of the program that does not exist. For example, the following program causes the T -machine to halt immediately without doing anything: (1) GOTO 12. It is possible that the T -machine will never halt as the following T ++ program demonstrates: (1) Add 4 (2) RmvP 4. By adding one line the beginning of the previous program we obtain: (1) RmvP 4 (2) Add 4 (3) RmvP 4. If there is a turnip in bin B4 when we run this program, then the T -machine removes a turnip and halts. Otherwise, if B4 is empty, the T -machine will never halt. The number of turnips in each bin when the T -machine halts (if it halts) depends on how many turnips were in the bins at the outset. Thus, each T ++ program determines a function. In fact, each program P determines many functions. For each k ∈ N, we describe a k-ary function P (k) on the non-negative integers. Given (x1 , . . . , xk ) as input, put xi turnips in bin Bi for i = 1, . . . , k and leave the bins Bj empty for j > k. Run program P . We deﬁne P (k) (x1 , . . . , xk ) to be the number of turnips in bin B1 when the machine halts. If the T -machine does not halt, then P (k) (x1 , . . . , xk ) is undeﬁned. Deﬁnition 7.30 Let f be a partial or total k-ary function on the non-negative integers. We say that f is T-computable if f is P (k) for some T ++ program P . That is, f and P (k) have the same domain and f (x1 , . . . , xk ) = P (k) (x1 , . . . , xk ) for any (x1 , . . . , xk ) in this domain. Of course, the actual hardware for the T -machine is irrelevant. We could use cabbage instead of turnips. In fact, the concept of a T -machine does not require any vegetables. Modern computers can be used to simulate turnip machines. From now on, we assume that a T -machine is a computer that has been programmed to carry out the above commands. We view each Bi as a program variable that may take on any non-negative integer value. Although they may seem primitive, T -machines are capable of computing any recursive function.

Computability and complexity

319

Proposition 7.31 Every recursive function is T -computable. Proof We ﬁrst show that the basic functions are T -computable. The successor function s(x) corresponds to the one-lined program: (1) Add 1. The zero function is computed by the following T ++ program. (1) Rmv 1 (2) RmvP 1. Now consider the projection function pki (x1 , x2 , . . . , xk ) = xi (for i ≤ k). If i = 1, then this function is computed by the program (1) GOTO 12 or any other program that causes the T -machine to do nothing. For i > 1, consider the following program. (1) Rmv 1 (2) RmvP 1 (3) Add 1 (4) RmvP i (5) Rmv 1. This program moves the contents of Bi to B1 . The ﬁrst two lines set B1 to zero. Lines (3) and (4) successively increase B1 while decreasing Bi . When Bi reaches zero, we will have increased B1 one too many times. The ﬁnal line of the program corrects this. We claim that the set of T -computable functions is closed under both composition and primitive recursion. We leave the veriﬁcation of this as Exercise 7.9. It follows that every primitive recursive function is T -computable. It remains to be shown that the T -computable functions are closed under unbounded search. Suppose that the function h(x1 , . . . , xn , y) is T -computable. We describe a T ++ program that computes the least value of y for which h(x1 , . . . , xn , y) = 0. (1) ZERO Bn+1 (2) COMPUTE h(B1 , . . . , Bn , Bn+1 ) STORE IN Bn+2 (3) GOTO 5 (3) GOTO 8 (5) RmvP n + 2 (6) MOVE Bn+1 TO B1 (7) GOTO 10 (8) Add n + 1 (9) GOTO 2.

320

Computability and complexity

The command ZERO Bn+1 is an abbreviation for the commands that set Bn+1 to zero. Line (6) moves the contents of Bn+1 to B1 . We previously described programs for each of these operations. Likewise, if h is computable, then we can replace line (2) with a series of T ++ commands (see Exercise 7.8). We conclude that every recursive function is T -computable.

7.4 Codes We describe a process for coding and decoding T ++ programs as natural numbers. To each T ++ program P we assign a natural number called the code for P . Given the natural number, we can recover the entire program. Codes provide an invaluable tool for analyzing the set of T -computable functions. Using these codes, we shall be able to prove that every T -computable function is recursive. In light of this fact, the codes also lend insight into the recursive functions. The codes allow us to show, among other things, that the Ackermann function is recursive. Prior to assigning codes to programs, we assign codes to individual commands. To each command we assign a natural number as follows:

Command

Number

Add i

4i

Rmv i

4i − 1

RmvP i

4i − 2

GOTO i

4i − 3

Each command corresponds to exactly one natural number and each natural number corresponds to exactly one command. In particular, 0 is the only nonnegative integer that does not correspond to some T ++ command. Let P be a T ++ program. We may view P as a ﬁnite sequence of natural numbers. Suppose that P corresponds to the sequence (n1 , n2 , . . . , nk ). That is, ni is the number corresponding to command (i) of P (for i ≤ k = the length of P ). Let e = 2n1 3n2 5n3 · · · pnk k , where pk denotes the k th prime number. The program P uniquely determines the number e ∈ N. We refer to e as the code for P . A given natural number e is the code for some T ++ program if and only if e is divisible by each of the ﬁrst k primes (for some k) and no other primes. If e is the code for a program P , then we can recover this program by factoring e. This follows from the Fundamental Theorem of Arithmetic which states that every

Computability and complexity

321

natural number can be factored into primes in a unique manner. For example, the number 12 factors as 22 31 . This number corresponds to the T ++ program (1) RmvP 1 (2) GOTO 1 having sequence (n1 , n2 ) = (2, 1). The number 42 = 2 · 3 · 7 does not correspond to a program since it is divisible by 7 but not 5. We assign a program Pe to each e in N ∪ {0}. If e is the code for a T ++ program, then let Pe denote this program. For those numbers that do not code a program, we assign a “default program.” We arbitrarily choose the one-lined program (1) GOTO 12 to be this program. So if e does not code a program, then, by default, Pe is (1) GOTO 12. Consider the list of programs P0 , P1 , P2 , P3 , . . . . Since every program has a code, this list includes every T ++ program. (k) For each k ∈ N, let ϕke denote the function Pe (this notation helps distinguish the computable function from the program that computes the function). Consider the list of k-ary functions ϕk0 , ϕk1 , ϕk2 , ϕk3 , . . . . By Proposition 7.31, this list includes every recursive k-ary function on the non-negative integers. With the notable exception of the program (1) GOTO 12, every T ++ program occurs exactly once in the list P0 , P1 , P2 , . . . . The same cannot be said of the list of k-ary T -computable functions. Let f (¯ x) be a k-ary T -computable k function. We show that f (¯ x) occurs as ϕe for inﬁnitely many e. Notation 2 Let f (¯ x) and g(¯ x) be partial functions. We write f (¯ x) $ g(¯ x) if the two functions have the same domain and f (¯ x) = g(¯ x) for any x ¯ in this domain. x) Proposition 7.32 If f (¯ x) is a T -computable k-ary function, then f (¯ x) $ ϕke (¯ for inﬁnitely many e. Proof To any program that computes f (¯ x), we can add extraneous commands to obtain another program that computes f (¯ x). In particular, each recursive k-ary function occurs inﬁnitely many times in the list ϕk0 , ϕk1 , ϕk2 , ϕk3 . . . . We next show that the recursive functions expend this list. Theorem 7.33 Every T -computable function is recursive. x) for some Proof Let f (¯ x) be a T -computable k-ary function. Then f (¯ x) is ϕke (¯ k e ∈ N. Our goal is to show that ϕe is recursive. For convenience, suppose that k = 1. (This assumption does not alter the essence of the proof.) To compute ϕ1e (x), we set B1 equal to x and Bj equal to 0 for j > 1 and then run the program Pe . The T -machine executes the commands of Pe one-by-one in

322

Computability and complexity

the order determined by the program. We regard each executed command as a “step” of the computation. Suppose that the T -machine has completed n steps of the computation for some non-negative integer n. • Let bin(e, x, n, j) denote the value of bin Bj at this stage of the computation, and • let line(e, x, n) denote the line of the program that is to be executed next by the T -machine according to the program Pe . We claim that the functions line(e, x, n) and bin(e, x, n, j) are primitive recursive. To verify this, we deﬁne these functions in a primitive recursive manner. For ﬁxed values of e and x, we deﬁne the functions line(e, x, n) and bin(e, x, n, j) by induction on n. For each value of n, the function bin(e, x, n, j) is deﬁned for all j. When n = 0, the T -machine has not yet begun the computation. We have

line(e, x, 0) = 1, and x if j = 1 bin(e, x, 0, j) = 0 otherwise To determine line(e, x, n + 1) and bin(e, x, n + 1, j), we consider the line of the program previously executed, namely (line(e, x, n)), and examine the current contents bin(e, x, n, j) of bin Bj . Let Ln = line(e, x, n). Since there are four types of T ++ commands, there are four possibilities for Ln . If line (Ln ) of Pe is the command GOTO 12, then we set line(e, x, n+1) = 12 and bin(e, x, n + 1, j) = bin(e, x, n, j). Note that “line (Ln ) of Pe is the command GOTO 12” means that the exponent on the Lth n prime in the prime factorization of e is the number 4 · 12 − 3 = 45 that corresponds to the command GOTO 12. Another way to express this is pf (e, Ln ) = 45. More generally, if pf (e, Ln ) = 4i − 3 (corresponding to GOTO i), then line(e, x, n + 1) = i and bin(e, x, n + 1, j) = bin(e, x, n, j) If pf (e, Ln ) = 4i (corresponding to Add i), then line(e, x, n + 1) = line(e, x, n) + 1, and bin(e, x, n, j) + 1 if j = i bin(e, x, n + 1, j) = bin(e, x, n, j) if j = i.

(for all j).

Computability and complexity

323

If pf (e, Ln ) = 4i − 1 (corresponding to Rmv i), then line(e, x, n + 1) = line(e, x, n) + 1, and bin(e, x, n, j) − 1 if j = i bin(e, x, n + 1, j) = bin(e, x, n, j) if j = i. Finally, if pf (e, Ln ) = 4i − 2 (corresponding bin(e, x, n, j) − 1 bin(e, x, n + 1, j) = bin(e, x, n, j) line(e, x, n) − 1 line(e, x, n + 1) = line(e, x, n) + 1

to RmvP i), then if j = i if j = i

, and

if bin(e, x, n, i) = 0

.

if bin(e, x, n, i) = 0

Thus, we deﬁne the functions bin(e, x, n, j) and line(e, x, n). To see that this deﬁnition is primitive recursive, we make three observations. • By Proposition 7.29, pf (e, Ln ) is primitive recursive. • By Proposition 7.25, the above deﬁnitions by cases (including the cases based on the values of pf (e, Ln )) are primitive recursive. • The process of inductively deﬁning the two functions simultaneously is primitive recursive. We leave this as Exercise 7.11. We conclude that the functions bin(e, x, n, j) and line(e, x, n) are primitive recursive functions as claimed. Our goal is to show that the function ϕ1e (x) is recursive. If the computation terminates, then ϕ1e (x) equals the value of bin(e, x, n, 1) for any n beyond the ﬁnal step of the computation. Moreover, the computation terminates precisely when line(e, x, n) refers to a line of the program that does not exist. If Ln = line(e, x, n) is not a line of the program Pe , then pf (e, Ln ) = 0. So the program terminates at step n if n is least such that pf (e, Ln ) = 0. So we can deﬁne ϕ1e (x) from bin(e, x, n, j) and line(e, x, n) using unbounded search. Explicitly, for any e ∈ N: ϕ1e (x) $ bin(e, x, y, 1),

where y = usn pf (e, Ln ); Ln = line(e, x, n).

That is, ϕ1e (x) is the composition bin(e, x, usn pf (e, line(e, x, n)), 1). Since this function is deﬁned from primitive recursive functions using unbounded search, it is a recursive function. Since e was arbitrary, we conclude that every T -computable function is recursive. Theorem 7.33 frees us from our restrictive programming language T ++ . Whereas this choice of programming language was somewhat arbitrary, the resulting set of T -computable functions is not arbitrary. If we upgrade the T -machine so that it recognizes commands for adding and multiplying Bi and

324

Computability and complexity

Bj , then this will not provide any new computable functions. We may assume, without altering our concept of computability, that our programming language contains any number of commands for various recursive operations. This assumption may alter the concept of complexity. To deﬁne complexity classes in Section 7.7, we choose a particular extension of T ++ . The proof of Theorem 7.33 yields more than the statement of the theorem. Suppose we add a truly new feature to T ++ . Consider the command Copy(i, Bj ) that sets Bc equal to Bi where c represents the contents of Bj . For example, if B1 equals 9 and B2 equals 5, then Copy(1, B2 ) sets B5 equal to 9 (the contents of B1 are “copied” to B5 ). This command oﬀers a versatility in writing programs that is found in virtually every programming language other than our contrived T ++ . For example, this command allows us to write a program that, given input n in bin B1 , sets bin Bn equal to 1 and then halts. This simple task cannot be performed by a T -machine operating on T ++ commands (try it). Corollary 7.34 Suppose that T -machine (version 7.4) is an upgraded version of the T -machine that recognizes the command Copy(i, Bj ) as deﬁned above for each i and j in N. The functions computable by this machine are precisely the T -computable functions. Proof This can be proved in the same manner as Theorem 7.33. The coding must be changed to accommodate the new commands. The crux of the proof shows that the functions line(e, x, n) and bin(e, x, n, j) are primitive recursive. We can deﬁne these functions inductively as in the proof of Theorem 7.33 with the following addition. If pf (e, Ln ) is the code for the command Copy(i, Bj ), then line(e, x, n + 1) = line(e, x, n) + 1, and bin(e, x, n, i) if k = bin(e, x, n, j) bin(e, x, n + 1, k) = bin(e, x, n, k) otherwise The Church–Turing thesis implies that the computing power of T ++ cannot be improved upon. The previous corollary corroborates this. We next provide stronger evidence by showing that any function deﬁned from recursive functions in an inductive manner (such as the Ackermann function) is itself recursive. We prove this as a consequence of Kleene’s Recursion theorem at the end of this section. Prior to proving this, we extract two further results from the proof of Theorem 7.33. x), there Corollary 7.35 (Kleene Normal Form) For every recursive function ϕke (¯ x) $ exist two k + 2-ary primitive recursive functions f and g such that ϕke (¯ ¯, n)). f (e, x ¯, usn g(e, x

Computability and complexity

325

Proof Let f (e, x ¯, n) = bin(e, x ¯, n, 1) and g(e, x ¯, n) = pf (e, line(e, x ¯, n)). So not only is every computable function recursive, every computable funcx) has only tion is a recursive function having a certain form. The deﬁnition of ϕke (¯ one occurrence of the unbounded search process. Since every recursive function is T -computable, every recursive function can be deﬁned from the basic functions using primitive recursion, composition, and at most one application of unbounded search. ¯) $ ϕke (¯ x) is Corollary 7.36 The (k + 1)-ary function Uk deﬁned by Uk (e, x recursive. Proof By the proof of Theorem 7.33, Uk is the recursive function bin(e, x ¯, usn pf (e, line(e, x ¯, n)), 1). To prove Kleene’s Recursion theorem, we make use of the following lemma. Lemma 7.37 For all natural numbers n and m, there exists a binary primitive recursive function Snm such that n (e, x1 , . . . , xm ) = z implies ϕnz (y1 , . . . , yn ) $ ϕ(m+n)e (x1 , . . . , xm , y1 , . . . , yn ). Sm

Let us consider the content of this lemma prior to proving it. Suppose for simplicity that m = n = 1. Let f (x, y) be a recursive binary function. Then f (x, y) is the function ϕ2e (x, y) for some e. For each number a, let fa (x) denote the unary function deﬁned by fa (y) $ f (a, y). Since f (x, y) is recursive, so is fa (y). So fa (y) is the function ϕ1z (y) for some z. The lemma states that there exists a function S11 that produces a code z for fa (y) given (e, a) as input. Moreover, this function is a primitive recursive function. If we replace x with an m-tuple x ¯ and y with an n-tuple y¯, then we obtain the statement of the lemma in its full generality. This lemma is commonly referred to as the S–m–n Theorem. Proof of Lemma 7.37 We prove this theorem for m = n = 1. The proof is the same for arbitrary m and n. Let f (x, y) denote ϕ2e (x, y). To compute this function, we set bin B1 equal to x, bin B2 equal to y, and run the T ++ program Pe . We now describe a T ++ program Pz that computes the function fa (y) $ f (a, y) for given a. (1) MOVE B1 to B2 (2) Add 1 ... (a+1) Add 1 (a+2) Pe .

326

Computability and complexity

This program moves the contents of B1 to B2 , then sets B1 equal to a, and then runs the program Pe that computes f (a, y). So this program computes the function fa (x). Given a and e, the function S11 (a, e) computes the code z for the above program. Clearly, this can be done for any given a and e and so S11 (a, e) is a total function. We must show that it is primitive recursive. Let E(a) be the code for the program represented by the ﬁrst a + 1 “lines” of the program Pz . Since MOVE B1 to B2 is itself a program, it is more than one line. It is a subroutine. Let w be the number of lines in this subroutine and let E(0) be its code. We deﬁne E(a) inductively by E(a + 1) = E(a)p4(a+w+1) (the exponent 4 corresponds to the command Add 1). This is a primitive recursive deﬁnition of the function E(a). We now describe how to compute z from a and e. Since e is a code for a program, e factors as e = pa1 1 pa2 2 · · · pakk for some k and nonzero a1 · · · ak . The code for the above program Pz is the following product: ˆk ˆ1 ˆ2 pa2+w · · · pak+w , z = E(a)pa1+w

where a ˆj = aj + 4w if aj has the form 4i − 3 and a ˆj = aj otherwise (for j = 1, . . . , k). This represents “shifting” the lines of the program Pe . This program constitutes lines (1 + w) through (k + w) of the program Pz . Because of this shift, any occurrence of the command GOTO i (having code 4i − 3) in Pe must be changed to GOTO i + w in Pz . The deﬁnition of a ˆj by cases is primitive recursive by Proposition 7.25. The prime factorization of e is primitive recursive by Proposition 7.29. Moreover, we have shown the function E(a) to be primitive recursive. We conclude that the function S11 (e, a) = z, where z is as deﬁned above, is primitive recursive. Theorem 7.38 (Kleene’s Recursion theorem) Let f (y, x1 , . . . , xk ) be a (k + 1)-ary recursive function. For some number e, the k-ary function deﬁned by f (e, x1 , . . . , xk ) is the same function as ϕke (x1 , . . . , xk ). Proof Consider the (k + 1)-ary function h deﬁned as h(y, x1 , . . . , xk ) $ f (Sn1 (y, y), x1 , . . . , xk ), where Sn1 is as in Lemma 7.37. Since it is the composition of recursive functions, for some d. Let e = Sn1 (d, d). h is recursive. So h $ ϕk+1 d We have f (e, x1 , . . . , xk ) $ f (Sn1 (d, d), x1 , . . . , xk ) (by our choice of e) (d, x1 , . . . , xk ) (by our deﬁnition of h and d). By $ h(d, x1 , . . . , xk ) $ ϕk+1 d (d, x , . . . , xk ) $ ϕkz (x1 , . . . , xk ), where z = Sk1 (d, d). By our Lemma 7.37, ϕk+1 1 d deﬁnition of e, e = z and f (e, x1 , . . . , xk ) $ ϕke (x1 , . . . , xk ) as was required to show.

Computability and complexity

327

Corollary 7.39 The Ackermann function A(x, y) is recursive. Proof Let U2 be the ternary function deﬁned by U2 (e, x, y) $ ϕ2e (x, y). This function was shown to be recursive in Proposition 7.36. Using this function, we deﬁne another ternary function f as follows: if n = 0 x + 1 f (y, n, x) = U2 (y, n − 1, 1) if x = 0 and n > 0 U (y, n − 1, U (y, n, x − 1)) otherwise. 2

2

By Kleene’s Recursion theorem, there exists e ∈ N such that f (e, n, x) $ ϕ2e (n, x). It follows that if n = 0 x + 1 2 2 ϕe (n, x) = ϕe (n − 1, 1) if x = 0 and n > 0 ϕ2 (n − 1, ϕ2 (n, x − 1)) otherwise. e

e

Comparing this with the deﬁnition of A(, n, x) (Section 7.1.2), we see that A(n, x) = ϕ2e (n, x) for all n and x. Since ϕ2e (n, x) is recursive, so is A(n, x). In a similar way, we can show that any given function deﬁned from recursive functions in an inductive manner is itself recursive. This gives credence to our claim that every programmable function is recursive. For any speciﬁed programming language, we could prove this claim. We have done this for the contrived language T ++ . To prove that the set of C++ computable functions is the same as the set of recursive functions, we would have to delve into the grammar of C++. The skeptical reader may pursue the details regarding this or any other programming language, but we do not. We accept our claim as fact and use the terms computable and recursive interchangeably.

7.5 Semi-decidable decision problems We further study the subsets of N ∪ {0}. In Section 7.2, we deﬁned the recursive subsets of N ∪ {0}. In the present section we consider the recursively enumerable sets. The recursive sets are computable in the sense that they have computable characteristic functions. The recursively enumerable sets are computably generated in the following sense. Deﬁnition 7.40 Let A be a set of non-negative integers. We say that A is recursively enumerable if there exists a total recursive function f such that A = {f (0), f (1), f (2), f (3), . . .}.

328

Computability and complexity

So a set is recursively enumerable if it is the range of some total recursive function. Recall that every subset of (N ∪ {0})k corresponds to a decision problem. Whereas the recursive subsets correspond to decidable decision problems, recursively enumerable subsets correspond to semi-decidable decision problems. Deﬁnition 7.41 Let R be a subset of (N ∪ {0})k . The decision problem corresponding to R is semi-decidable if the following k-ary function is computable:

h(¯ x) =

1 undeﬁned

if x ¯∈R otherwise.

Example 7.42 Consider the Validity Problem for First-Order Logic (FOVAL). Given a ﬁrst-order sentence ϕ, we must determine whether or not ϕ is valid. We claim that this problem is semi-decidable. We describe an algorithm that determines the correct answer given valid ϕ. This algorithm lists each of the countably many formal proofs and checks them one-by-one. If a formal proof for ∅ ϕ is found, then the algorithm stops and outputs “yes, ϕ is valid.” Otherwise, the algorithm produces no output. Intuitively, this is what is meant by “semi-decidable.” Whereas this algorithm correctly determines whether a given sentence is valid, it will not tell us whether a given sentence is not valid. Formally, a decision problem is a relation on the non-negative integers. The algorithm from the previous example is stated informally. To prove that FOVAL is semi-decidable but not decidable, we code FOVAL as a subset of N. In Section 8.4, we describe a procedure for coding sentences of ﬁrst-order logic. That the set of codes for valid sentences is recursively enumerable follows from the completeness of ﬁrst-order logic. Examples of recursively enumerable sets that are not recursive are given in the next section. The codes from the previous section are used to deﬁne these and other noncomputable subsets of N ∪ {0}. In the present section, we discuss some of the numerous equivalent ways to deﬁne the concept of recursively enumerable sets. Proposition 7.43 Let A be a proper subset of the non-negative integers. The following are equivalent: (1) A is recursively enumerable (2) A is the domain of a partial recursive function (3) the decision problem of determining whether or not a given number x is in A is semi-decidable.

Computability and complexity

329

Proof Suppose ﬁrst that A is recursively enumerable. Then A is the range of a total recursive function f (x). The binary function g(x, y) = (f (x) − y) + (y − f (x)) is also total recursive. This function equals 0 if and only if y = f (x). The set A is the domain of the function ubx g(x, y). Since this function is deﬁned from a recursive function by unbounded search, ubx g(x, y) is recursive. So (1) implies (2). Suppose now that (2) holds. Suppose that A is the domain of a recursive function f (x). By deﬁnition, the decision problem corresponding to A is semidecidable if and only if the following function is computable: h(x) =

1 undeﬁned

if x ∈ A otherwise.

Since f (x) is recursive, so is the composition c1 (f (x)) $ h(x) (where c1 is the constant function c1 (x) = 1). So (2) implies (3). Finally, suppose that (3) holds. Then h(x) (as deﬁned above) is recursive. So h(x) $ ϕ1e (x) for some e. To compute h(x) we run program Pe with input x in bin B1 . Recall the primitive recursive functions bin(e, x, n, 1) and line(e, x, n) from the proof of Theorem 7.33. If we run program Pe with input x, then the computation terminates when pf (e, line(e, x, n)) = 0. Let a be any element of A. Let x if pf (e, line(e, x, n)) = 0 g(x, n) = a otherwise. The range of g(x, n) is A. To prove (1) we must ﬁnd a unary function having range A. Let g(n, m) if x = 2n 3m f (x) = a otherwise. Clearly f (x) is a unary function having the same range as g(x, y). So A is recursively enumerated by the function f (x) and (1) holds. The characterization of recursively enumerable sets as the domains of partial recursive functions yields the following characterization of the recursive sets. Proposition 7.44 A set A is recursive if and only if both A and A¯ are recursively enumerable (where A¯ is the set of non-negative integers not in A).

330

Computability and complexity

Proof First, we show that recursive implies recursively enumerable. Let g(x) be any recursive function having 1 in its domain, but not 0. If A is a recursive set, then the composition g(χA (x)) is a recursive function. This function has domain A. By the previous proposition, A is recursively enumerable. ¯ whence both A and A¯ are recursively Moreover, if A is recursive, then so is A, enumerable. Conversely, suppose that both A and A¯ are recursively enumerable. Then A is the domain of ϕ1e (x) and A¯ is the domain of ϕ1d (x) for some e and d. Let f (x) = usn (pf (e, line(e, x, n)) · pf (d, line(e, x, n))). That is f (x) is the number of steps it takes for either Pe or Pd to halt on input x. Since each x is either in ¯ the function f (x) is total. A or A, We have χA (x) = 1 − pf (e, line(e, x, f (x)). Since this function is recursive, so is the set A.

We next state without proof a most remarkable characterization of the recursively enumerable sets. Deﬁnition 7.45 A set A of non-negative integers is said to be Diophantine if there exists a polynomial p(x, y1 , . . . , yn ) having integer coeﬃcients such that A = {x| there exist non-negative integers a1 , . . . ,an such that p(x, a1 , . . . , an ) = 0}. Theorem 7.46 (Matiyasevich) A set is recursively enumerable if and only if it is Diophantine. Prior to its proof, this theorem was known as Davis’ conjecture. Yuri Matiyasevich proved this theorem in 1970 following the work on this conjecture by Martin Davis, Hilary Putnam, and Julia Robinson. To understand why this theorem is remarkable, let us consider some examples of Diophantine sets: • The set of even numbers is Diophantine (let p(x, y) = x − 2y). • The set of perfect squares is Diophantine (let p(x, y) = x − y 2 ). • The set of composite numbers (numbers that are not prime) is Diophantine (let p(x, y1 , y2 ) = x − (y1 + 2)(y2 + 2)). It is far more diﬃcult to show that the following sets are Diophantine: • The set {2, 4, 8, 16, 32, . . .} of powers of 2. • The set of prime numbers. • The set of palindromes {1221, 343, 11, 82628, 1010101, 8, 747, . . .}.

Computability and complexity

331

There is no obvious polynomial p(x, y1 , . . . , yn ) that works for any of these three sets. Prior to Matiyasevich’s proof, the question of whether or not these sets are Diophantine was an open question. In particular, Alfred Tarski posed the question of whether or not the powers of 2 form a Diophantine set. Matiyasevich’s theorem answers this and many other questions in the aﬃrmative. Since the function f (n) = 2n is easily shown to be primitive recursive, the range of this function is recursively enumerable and, therefore, Diophantine. Likewise, since the prime numbers form a primitive recursive set, this set, too, is Diophantine. A number written in base 10 is a palindrome if it represents the same number when written backwards. It is not diﬃcult to show that this set is recursive. By Matiyasevich’s theorem the set of palindromes and countless other sets are necessarily Diophantine. Matiyasevich’s theorem equates the number theoretic concept of Diophantine set with the concept of a computability generated set. In proving this theorem, Matiyasevich showed that the class of Diophantine sets is far more extensive than its deﬁnition suggests. This theorem also resolved a famous open problem of mathematics known as Hilbert’s 10th Problem. This is one of the 23 problems selected by David Hilbert as the most important mathematical problems at the turn of the twentieth century. The 10th problem is one of the more succinctly stated of Hilbert’s problems: Hilbert’s 10th Problem Given a Diophantine equation with any number of unknown quantities and with rational integral numerical coeﬃcients: to devise a process according to which it can be determined by a ﬁnite number of operations whether the equation is solvable in rational integers. There is no loss of generality in replacing the “rational integers” in this problem with integers. Phrased this way, the problem is to ﬁnd a method for determining x) is a given polywhether p(x1 , . . . , xn ) = 0 has integer solutions where p(¯ nomial having integer coeﬃcients. As stated, the problem is not to determine whether such a process exists, but rather to ﬁnd such a process. The implied optimism of this statement underestimates the complexity of the integers and reﬂects misconceptions that were commonly held at the time. These misconceptions were dispelled by G¨ odel’s Incompleteness theorems that are the subject of our next chapter. The First Incompleteness theorem shows that the integers are extraordinarily complex in the following sense: the ﬁrst-order theory of the natural numbers (in a vocabulary containing both multiplication and addition) is undecidable. The subject of computability began with G¨ odel’s results and the work of Kleene, Post, Turing, and others that followed. This subject made Hilbert’s 10th Problem precise by providing a formal deﬁnition for the “process” described in

332

Computability and complexity

the problem. It became apparent that Hilbert’s 10th Problem may be unsolvable. This idea motivated the work of Davis, Putnam, Robinson, and others that culminated in Matiyasevich’s theorem. Matiyasevich’s theorem resolves Hilbert’s 10th Problem by showing that an algorithmic process as described in the problem cannot exist. This follows from Matiyasevich’s theorem because there exist well known recursively enumerable sets that are not computable. These sets are the topic of the next section. For more on Matiyasevich’s theorem, the reader is referred to Matiyasevich’s book [31].

7.6 Undecidable decision problems In this section, we view some sets that lie beyond the brink of computability.

7.6.1 Nonrecursive sets. Let Wi be the domain of the function ϕ1e (x). By Proposition 7.43, the list W0 , W1 , W2 , W3 , W4 , . . . . includes every recursively enumerable set. Let J = {x | x ∈ Wx }. If this set is recursively enumerable, then J = We for some e. But then we have e ∈ We if and only if e ∈ We (by the deﬁnition of J). This is contradictory. We conclude that J must be diﬀerent from We for each e and so J is not recursively enumerable. It follows that the characteristic function of J, although it is a well-deﬁned function, is not computable. Now consider the set K = {x | x ∈ Wx }. Proposition 7.47 K is recursively enumerable, but not recursive. Proof If K is recursive, then so is the complement of K in the non-negative integers. The complement of K is J. Since, J is not recursive, neither is K. Moreover, K is recursively enumerable since it is the range of the function U2 (x, x) from Proposition 7.36. Let H1 be the set of ordered pairs (e, x) such that x ∈ We . That is, (e, x) is in H1 if and only if x is in the domain of the function ϕ1e computed by the program Pe . To determine whether or not a given pair (e, x) is in H1 is to determine whether or not the program Pe halts given input x. Likewise, we ¯) such that Pe halts given input x ¯. deﬁne Hk as the set of (k + 1)-tuples (e, x Let H = {e |(e, 0) ∈ H1 }. To determine whether or not e is in H is to determine

Computability and complexity

333

whether or not Pe halts on input 0. This decision problem is known as the Halting Problem. The problem corresponding to Hk is the Halting Problem on k-tuples. These problems are undecidable. Proposition 7.48 H is not recursive. Proof We ﬁrst show that H1 is not recursive. Note that K = {x |(x, x) ∈ H1 }. If we could determine whether or not a given pair is in H1 , then we could determine whether or not a given element is in K. Since K is not recursive, neither is H1 . We now show that H is not recursive. Given program Pe and input x, let Pd be the program obtained by adding as a preﬁx x copies of the command Add B1 to the program Pe . Running Pd with input 0 has the same outcome as running Pe with input x. So d ∈ H if and only if (e, x) ∈ H1 . Since H1 is not recursive, neither is H. We have now demonstrated that J, K, and H are three examples of nonrecursive sets. We have also demonstrated our primary tool for showing that a given set is not recursive. To show that K is not recursive, we reduced K to J. That is, we showed that if K is recursive, then so is J. Similarly, we reduced H to K (by way of H1 ). Deﬁnition 7.49 Let A and B be two sets of non-negative integers. We say that A is recursively reducible to B, denoted A ≤r B, if there exists a recursive unary function f such that x ∈ A if and only if f (x) ∈ B. Proposition 7.50 If B is recursive and A ≤r B, then A is also recursive. Proof If A ≤r B, then x ∈ A if and only if f (x) ∈ B for some recursive function f . It follows that the characteristic function of A is the composition χB (f (x)). Conversely, if A ≤r B and A is not recursive, then B is not recursive. We exploit this fact to provide many examples of nonrecursive sets. The set J is not recursive by its deﬁnition. Each of the other nonrecursive sets we deﬁne can be reduced to J. Rather than considering each set one-by-one, we prove Rice’s theorem. This theorem provides a plethora of nonrecursive sets. Rice’s theorem states that any nontrivial index set is not recursive. Deﬁnition 7.51 A set of non-negative integers A is said to be an index set if the following holds. If x ∈ A and ϕ1x $ ϕ1y , then y ∈ A. For example, both J and K are index sets (they are deﬁned in terms of the indices i of the sets Wi ). Likewise, the set of all x such that Wx contains the number 5 is an index set. For a nonexample, consider the set GOTO 12 = {x : Px is the program (1) GOTO 12 }.

334

Computability and complexity

Recall that, by default, any number such as 42 that does not code a T ++ program is in this set. Let y be the code for the program (1) GOTO 23. Then ϕ1y , like ϕ142 , is the identity function. But whereas 42 ∈ GOT O 12, y ∈ GOT O 12. So this set is not an index set. Note that this set is primitive recursive and, therefore, decidable. The following theorem states that this is not the case for any nontrivial index set. Theorem 7.52 (Rice) Let A be an index set. If A is neither ∅ nor N ∪ {0}, then A is not recursive. Proof Let A be a proper subset of N∪{0}. Let c be the code for the program: (1) Add 1 (2) RmvP 1. Since this program never halts ϕ1c (x) is undeﬁned for all x. ¯ Claim If c ∈ A, then K ≤r A. Proof By Proposition 7.47, K is recursively enumerable. It follows that the following function is recursive:

hK (x) =

1 undeﬁned

x∈K otherwise.

¯ Since A is not N, there exists e ∈ A. Since hK (x) is recursive, so is the function

g(x, y) =

ϕe (y) undeﬁned

hK (x) = 1 otherwise.

By Lemma 7.37, there exists a recursive function f (x) such that, for each x, ϕf (x) (y) $ g(x, y). Note that if x ∈ K, then ϕf (x) (y) $ ϕe . Otherwise, ϕf (x) $ ϕc . Since A is ¯ So an index set and c ∈ A and e ∈ A, we have x ∈ K if and only if f (x) ∈ A. ¯ K ≤r A as claimed. So if c ∈ A, then A¯ is not recursive by the claim. If A¯ is not recursive, then neither is A. If c ∈ A, then applying the claim to A¯ yields K ≤r A. Either way, A is not recursive.

Computability and complexity

335

Rice’s theorem provides an uncountable supply of nonrecursive sets. For example, consider the following: ID = {x | ϕ1x is the identity function } SQU ARE = {x | ϕ1x (y) $ y 2 } F IN = {x | Wx is ﬁnite} IN F = {x | Wx is inﬁnite} COF = {x | Wx is co-inﬁnite} T OT = {x : ϕx is total} REC = {x : Wx is recursive}. Since each of these is a nontrivial index set, each is nonrecursive by Rice’s theorem. In fact, none of these sets is recursively enumerable. Whereas each of these sets is recursively reducible to K (and, therefore, to J as well), K is not reducible to any of these sets. In this sense, each of the above sets is more complicated than K. The notion of recursive reducibility, as the notation ≤r suggests, imposes an order on the subsets of N ∪ {0}. Each set is ranked in a hierarchy according to this order. For example, IN F ≤r COF (Exercise 7.25). Intuitively, this means that the decision problem corresponding to COF is at least as diﬃcult as the decision problem for IN F . If we had some way of determining whether or not a given number is in COF (which we do not), then we could use this procedure to determine whether or not a given number is in IN F . Since both of these problems are undecidable, this may seem like hairsplitting. There are two reasons that we consider the hierarchy of undecidable decision problems. One reason is that it serves as a precursor to the classiﬁcation of decidable decision problems that is the topic of the ﬁnal two sections of this chapter. Another reason is that this hierarchy relates concepts from computability to the ﬁrst-order logic of the previous chapters. 7.6.2 The arithmetic hierarchy. The deﬁnable subsets of N0 are called arithmetic sets. The arithmetic hierarchy is the classiﬁcation of these sets according to the syntax of the formulas that deﬁne the set. Recall the deﬁnition of a ∆0 formula from Section 7.2. x, y) for Deﬁnition 7.53 A Var -formula is said to be Π1 if it has the form ∀yϕ(¯ x, y). some ∆0 formula ϕ(¯ x, y) for some ∆0 A Var -formula is said to be 1 if it has the form ∃yϕ(¯ formula ϕ(¯ x, y).

336

Computability and complexity

An arithmetic set is said to be Π1 if there exists a Π1 formula that deﬁnes the set. The 1 sets are deﬁned analogously. At the bottom of the arithmetic hierarchy we have the primitive recursive sets. These are precisely the sets deﬁnable by ∆0 formulas. The 1 sets correspond to recursively enumerable sets. Proposition 7.54 If a set is 1 , then it is recursively enumerable. Proof Suppose that A is 1 . Let ∃yϕ(x, y) be a Var -formula that deﬁnes A, where ϕ(x, y) is ∆0 . By Proposition 7.28, the set B = {(x, y)|N0 |= ϕ(x, y)} is primitive recursive. Let f (x) = usy (1 − χB (x, y)). Then f is a recursive function having domain A and A is recursively enumerable. Corollary 7.55 If a set is both 1 and Π1 , then it is recursive. Proof The negation of a Π1 formula is a 1 formula. The corollary follows from Propositions 7.44 and 7.54. The converses of these statements also hold. The 1 sets are precisely the recursively enumerable sets and the recursive sets are those in both 1 and Π1 . This is proved as Corollary 8.15 of the next chapter. Likewise, we classify every deﬁnable subset of N0 . Deﬁnition 7.56 Let n be a natural number. • A Var -formula is said to be Πn+1 if it has the form ∀yϕ(¯ x, y) for some ∆n formula ϕ(¯ x, y). x, y) for some ∆n • A Var -formula is said to be n+1 if it has the form ∃yϕ(¯ formula ϕ(¯ x, y). • A Var -formula is said to be ∆n+1 if it both a Πn+1 formula and a n+1 formula. An arithmetic set A is said to be Πn , n , or ∆n according to the formulas that deﬁne A. Note that every Πn set is n+1 and every n set is Πn+1 for each n ∈ N. Since each ﬁrst-order formula is equivalent to a formula in prenex normal form, the arithmetic hierarchy includes every arithmetic set. Moreover, there exist arithmetic sets at each of the denumerably many levels of the hierarchy. For each n ∈ N, there exist sets that are n but not Πn and vice versa. This is the Hierarchy theorem. We leave the proof of this as Exercises 7.29 and 7.30. In this section, not only have we demonstrated examples of nonrecursive sets, but we have also presented a vast hierarchy of such sets. Each of these sets corresponds to both an undecidable decision problem and a noncomputable function (namely, its characteristic function). Based on the results of Section 2.5, we made the initial observation that, since there are uncountably many sets

Computability and complexity

337

and countably many recursive sets, most sets are not recursive. Likewise, most decision problems are not decidable and most functions are not computable. In this section, we have shown more than this. We have shown that, even among the countably many deﬁnable subsets of N0 , the recursive sets are the exceptions and not the rule. Just as viewing the heavens puts earth into perspective, viewing the plethora of nonrecursive sets puts the recursive sets and decidable decision problems into proper perspective. We now return to earth and consider decidable decision problems. For those who would like to pursue the study of nonrecursive sets further, [48] is recommended.

7.7 Decidable decision problems The previous sections of this chapter have concerned the distinction between decision problems that are decidable and those that are not. We now focus on the distinction between those problems that are decidable and those that are really decidable. By deﬁnition, a decision problem is decidable if it can be resolved by some algorithm. There is nothing in this deﬁnition that requires the algorithm to be practical. A decision problem is said to be feasible if it can be resolved by an algorithm using a reasonable amount of time and space. This is an intuitive notion that will not be precisely deﬁned. This notion depends not only on our perception of “reasonable,” but also on our technological capabilities. Algorithms that are not feasible today may become feasible with quantum computers or other potential technologies of the future. Rather than considering the vague notion of feasibility, we focus on precisely deﬁned complexity classes. In particular, we consider the class of polynomialtime decision problems P and the class of nondeterministic polynomial-time problems NP that contains P. The class P was deﬁned in the Preliminaries prior to Chapter 1. We repeat the deﬁnition. Deﬁnition 7.57 An algorithm is polynomial-time if there exists a k ∈ N such that, given any input of length n > 2, the algorithm halts in fewer than nk steps. A decision problem is polynomial-time if it can be decided by a polynomial-time algorithm. The set of polynomial-time decision problems is denoted P. If a decision problem is not in P, then it is certainly not feasible. The converse is not true. If an algorithm halts in fewer than n1,000,000 steps (given input of length n), then it is polynomial-time but not necessarily feasible. So the set of polynomial-time algorithms contains the set of feasible algorithms as a proper subset. To make the above deﬁnition of polynomial-time precise, we must specify both how the “length” of the input is to be measured and what constitutes a “step” of an algorithm. The length of the input is the number of digits. For example, the length of 8427 is 4. The length of the ordered triple (17, 8, 109) is 6.

338

Computability and complexity

More generally, the length of a natural number x is "log(x)# + 1, where "log(x)# denotes the greatest integer less than log(x). The length of zero is 1. The length of a k-tuple of numbers is the sum of each of the k lengths. We assume that numbers are presented in the usual base 10 notation, in which case log is the common base 10 logarithm. To deﬁne a “step” of an algorithm, we must ﬁrst deﬁne the notion of an algorithm. We provide this deﬁnition in the second part of this section. The formal deﬁnition of an algorithm yields natural measures of computational time and space. In addition to the class of polynomial-time decision problems P, we also deﬁne the classes of polynomial-space (PSPACE) and logarithmic space (L). In the third and ﬁnal part of this section, we deﬁne the notion of a nondeterministic algorithm and make precise the class NP. We discuss the relationship between these various complexity classes. We begin with some examples. 7.7.1 Examples. We present several examples of decidable decision problems. For each problem, we informally describe an algorithm (using either English prose or pseudo-code) to verify that the problem is decidable. For some problems, we also provide (again, informally) a nondeterministic algorithm. An algorithm is a step-by-step procedure. At any stage of the algorithm, the next step is completely determined. In contrast, a nondeterministic algorithm may have more than one possible “next step” at a given stage. Essentially, in a nondeterministic algorithm, we are allowed to guess. One purpose of this subsection is to illustrate the complexity classes P, NP, and coNP. The “N” in NP and coNP indicates that these classes are deﬁned in terms of nondeterministic algorithms. Both NP and coNP contain P as a subset. Although we have not yet deﬁned a “step” of an algorithm, we can verify that certain problems are in P. We use the fact that any feasible algorithm is polynomial-time. So tasks such as multiplying or dividing numbers that are clearly feasible must be polynomial-time. We assume that if the input has length n, then it can be read in at most n steps. So, in polynomial-time, we can repeatedly read the input 1000 times, n times, or 3n5 times, but not 2n times. We also use the fortunate fact that the composition of polynomials is again a polynomial. If we write an algorithm that uses a certain polynomialtime algorithm as a subroutine a polynomial number of times, then the resulting algorithm, too, is polynomial-time. For future reference, each decision problem is given a short name. To avoid ambiguity, this name shall be written in capital letters.

The evens problem (EVENS) The evens problem corresponds to the set of even natural numbers. Since we can determine whether or not a given number is even merely by looking at its

Computability and complexity

339

last digit, EVENS is not only decidable, it is feasible. In contrast, consider the problem PRIMES of determining whether or not a given natural number is prime.

The primes problem (PRIMES) The prime problem corresponds to the set of prime numbers. Since this set is primitive recursive, we know that PRIMES, like the EVENS, is decidable. The following algorithm, written in pseudo-code, resolves this problem: Given: natural number n if n = 1 then output “not prime” and halt if n = 2 then output “prime” and halt else for k = 2, . . . ,n−1 do: divide n by k if remainder is 0 then output “not prime” and halt end for output “prime” halt This algorithm outputs “prime” if and only if the input is a prime number. Given input n, the algorithm checks each k between 1 and n to see if k divides n. √ √ In fact, we only need to check this for k between 1 and n (if n = a · b and a > n, √ then b < n). This observation oﬀers a more eﬃcient algorithm. Now, suppose we actually want to use this algorithm to determine whether or not a given number n is prime. If n is a three-digit number, then 100 ≤ n ≤ 999. √ To execute our algorithm, we must divide n by at most 32 numbers (since 32 > 999). We can easily do this on a computer. But suppose n is 23 digits long. Then n is between 1022 − 1 and 1023 . If n happens to be prime, then it will take at least √ 1022 computations for the algorithm to arrive at the output “prime.” If your computer can do this, then take a prime number 45 digits long. The algorithm will take 1022 steps. Compared to the length of the input, the algorithm takes exponentially long. This algorithm is not polynomial-time.

The composites problem (COMP) A natural number n is composite if n = a · b for natural numbers a and b both smaller than n. Put another way n is composite if it is neither 1 nor prime. So the above algorithm for P RIM ES can be altered slightly to produce an algorithm

340

Computability and complexity

deciding the decision problem COM P corresponding to the set of composite numbers. Consider now the following nondeterministic algorithm. Given: natural number n if n > 2 then choose i between 1 and n divide n by i if remainder is 0 then output “composite” and halt halt This algorithm is nondeterministic because of the command “choose i between 1 and n.” If n is big, then there are many possible values for i. So there are more than one way to proceed in the next step of the algorithm. If we are lucky and choose a value of i that divides n, then the algorithm quickly concludes that n is composite. So this algorithm, when its chooses correctly, determines whether a number is composite in polynomial-time. Deﬁnition 7.58 We deﬁne the class NP of nondeterministic polynomial time decision problems. Let PROB be an arbitrary decision problem. Given certain input, PROB produces an output of either “yes” or “no.” Let Y be the set of all inputs for which PROB produces the output of “yes” and let N be the analogous set of inputs that produce output “no.” • If there exists a nondeterministic algorithm which, given input x, can produce the output “yes” in polynomial-time if and only if x ∈ Y , then PROB is in NP. • If there exists a nondeterministic algorithm which, given input x, can produce the output “no” in polynomial-time if and only if x ∈ N , then PROB is in coNP. The nondeterministic algorithm we gave for COM P demonstrates that this decision problem is in NP. Since a number is not prime if and only if it is 1 or composite, P RIM ES is in coNP. It can also be shown that P RIM ES is in NP. This is not apparent from the above algorithms. To show that P RIM ES is in NP, we must come up with another algorithm. In fact, something much stronger is true. In 2002, Agrawal, Kayal, and Saxena proved that P RIM ES is in P. In their article “Primes are in P,” they demonstrate an algorithm that determines whether or not a number n is prime in fewer than l12 steps where l is the number of digits in n. The P = NP question asks whether every NP problem, like P RIM ES, is actually in P. This is among the most important unanswered questions of mathematics.

Computability and complexity

341

The big questions:

NP

P

coNP

Does coNP ∩ NP = P? Does coNP = NP? Does P = NP?

If P = NP, then coNP = NP. This is because any polynomial-time algorithm that determines whether an element is in a set A can also be used to determine whether an element is not in A. That is, if we deﬁne the class coP analogously to coNP, then coP necessarily equals P. This is not true for nondeterministic algorithms. A nondeterministic algorithm that determines whether an element is in A may be of no use in determining whether an element is not in A. We shall say much about P = NP and other important questions in Sections 7.8, 10.4, and 10.5. We presently present more examples. The next examples are from graph theory. Given a ﬁnite graph, we ask whether or not the graph has certain properties. We said that every decision problem corresponds to a relation on the non-negative integers. To view the following examples in this manner, we code each graph as a sequence of 1s and 2s. There is a natural way to do this. If G is a graph having vertices {v1 , . . . , vk }, then we deﬁne a k × k matrix as follows. The entry in row i and column j is 1 if vi and vk share an edge. Otherwise, this entry is 2. The resulting matrix is called the adjacency matrix of G. To input the graph G into a T -machine, we input the adjacency matrix as a k 2 -tuple.

The graph problem (GRAPH) The graph problem asks whether or not a given ﬁnite string of natural numbers is the adjacency matrix for some graph. We describe a polynomial-time algorithm for deciding this problem. First, we read through the string of numbers and check that each entry is either 1 or 2. At the same time, we count the entries to determine the length n of the sequence. We then determine whether or not n is √ a perfect square. We do this by checking whether k 2 = n for each k ≤ n. Since n is the length of the input, this can be done in polynomial-time. (In contrast,

342

Computability and complexity

√ recall the situation for PRIMES above. There, we could not check each k ≤ n in polynomial-time since n was the input having length log(n).) The matrix represents a graph if and only if it is symmetric and has 2s along the diagonal. This is because the edge relation in a graph is, by deﬁnition, symmetric and irreﬂexive. Checking these two properties is clearly a feasible task. The input is an adjacency matrix for a graph if and only if each of the above conditions is veriﬁed. Since GRAP H is in P, we may consider decision problems that take ﬁnite graphs as input. By this we mean that the decision problem takes a ﬁnite string of numbers as input and veriﬁes that the input represents a graph before proceeding.

The connectivity problem (CON) The connectivity problem asks whether or not a given ﬁnite graph is connected. Recall that a graph is connected if, given any two vertices x and y, there exists a path from x to y. We show that CON is in P. First, we demonstrate a polynomial-time algorithm for the problem P AT H. This decision problem takes a ﬁnite graph and two vertices of the graph as input and determines whether or not there exists a path between the given vertices. Given: a graph with n vertices and two particular vertices x and y. let S1 := {x}, let T1 := {x}, let i := 1 for i ≥ 1 if y ∈ Ti then output “x is connected to y” and halt else let Si+1 = {v : v ∈ Si and v shares an edge with some z ∈ Ti } let Ti+1 = Ti ∪ Si+1 if Si+1 is empty then output “no path” and halt else let i := i + 1 end for halt We leave it to the reader to verify that this algorithm determines whether or not x is connected to y in polynomial-time. Now consider CON . A graph with n vertices is in CON if and only if the vertex corresponding to the ﬁrst column of the adjacency matrix is connected to each of the other n − 1 vertices. So we can use the above algorithm n − 1 times to determine whether or not a graph with n vertices is in CON . It follows that CON , like P AT H, is in P.

Computability and complexity

343

The clique problem (CLIQUE) The clique problem corresponds to the set of all pairs (G, k), where G is a ﬁnite graph and k is a natural number such that G has the k-clique as a subgraph. This problem is in NP as the following algorithm demonstrates. Given: a graph G with n vertices and a natural number k ≤ n. choose a subgraph H of G of size k if every pair of vertices from H shares an edge then output “clique present” halt This algorithm is clearly nondeterministic. There are many ways to choose the subgraph H in the ﬁrst step. Prior to halting, this algorithm checks whether there exists an edge between every pair of vertices in H. Since |H| ≤ n, there are at most n(n − 1)/2 < n2 pairs of vertices to consider. So this nondeterministic algorithm halts in polynomial time and CLIQU E ∈ NP. The problem of determining whether a given ﬁnite graph does not contain a k-clique is coNP.

The max-clique problem (MAXCLIQUE) The max-clique problem corresponds to the set of all pairs (G, k) where G is a ﬁnite graph and k is a natural number such that the largest clique in G has size k. This problem is decidable. Given a ﬁnite graph G and natural number k, we could check every subgraph of G of size k or larger. Not only is this algorithm not feasible, it is not polynomial time. It is unknown whether or not MAXCLIQUE is in NP.

The satisﬁability problem for propositional logic (PSAT) and related problems Recall from the ﬁrst section of the ﬁrst chapter that formulas of propositional logic contain the symbols ¬, ∧, ∨, →, and ↔, “(”, and “)” as well as any ﬁnite number of atomic formulas which we denote A1 , A2 , A3 , and so forth. We now consider decision problems that take as input ﬁnite sequences of these symbols. To conform to our formal deﬁnition of a decision problem, we code each string of symbols as a natural number. For the present informal discussion, it is unnecessary to delve into the details of the coding. The Satisﬁability Problem (PSAT) corresponds to the set of satisﬁable formulas of propositional logic. This problem is decidable since, given any formula F of propositional logic, we can compute a truth table to determine

344

Computability and complexity

whether or not F is satisﬁable. Recall that the truth table has 2n rows where n is the number of atomic formulas occurring in F . However, to show that F is satisﬁable, we need only compute one row of the table. This provides the following nondeterministic polynomial-time algorithm for P SAT : Given: a formula F of propositional logic compute one row of the truth table for F if F has truth value 1 in this row then output “satisﬁable” halt So P SAT is in NP. It follows that the decision problem P U N SAT of determining whether F is unsatisﬁable is coNP. It is not known whether P SAT is in P. In fact, P SAT is in P if and only if P = NP. This decision problem is NP-complete. We deﬁne and discuss this phenomenon in the next section. We prove that P SAT is NP-complete in Section 10.4.

7.7.2 Time and space. We said that an algorithm is feasible if it can be executed in a reasonable amount of time and space. We now specify how time and space are to be measured. First, we deﬁne the concept of an “algorithm.” That is, we provide this notion with a deﬁnition that suﬃces for the complexity classes we are to consider. To do this, we modify the notion of a T ++ program. The purpose of T ++ was to serve as a simpliﬁed programming language to ease the coding process of Section 7.4. Because of their simplicity, T ++ programs are terribly ineﬃcient. They cannot even add in polynomial-time. Consider a T ++ program that outputs n + n given input n in bin B1 . The command Add 1 must be repeated n times in such a program. Since the length of n is measured in terms of log(n), this program takes exponentially long. We add commands to T ++ to obtain the more eﬃcient programming language T . The T programs are executed by an upgraded version of the T -machine that recognizes the new commands. We view the bins as program variables that take on non-negative integer values. The main feature of T is that it allows us to work with the decimal presentation of a number. Suppose that B1 equals 8472. The decimal presentation of B1 assigns the values 8, 4, 7, and 2 to B1 , B2 , B3 , and B4 , respectively. • The T command Dec converts the value v of B1 into its decimal presentation and stores the result and in bins B1 , B2 , . . . ,Bl where l is the length of v.

Computability and complexity

345

• The T command IDec(j) is the inverse of the Dec command. This command regards the values of B1 , B2 , . . . ,Bj as a decimal presentation of a number. The command IDec(j) computes the value of this number and sets B1 equal to the result. So IDec(5) computes B1 + 10 ∗ B2 + 100 ∗ B3 + 1000 ∗ B4 + 10000 ∗ B5 and sets B1 equal to the result. Writing a T ++ program to do this would not be pleasant, but it certainly could be done. The T commands Dec and IDec(5) are convenient names for T ++ subroutines. The same is true for the T command Length(i, j). • Length(i, j) sets Bj equal to the length of Bi . Finally, T also includes a variety of ways to move data. • Copy(i, j) sets Bj equal to Bi . • Copy(i, Bj ) sets Bv equal to Bi where v is the value of Bj . • Copy(Bi , j) sets Bj equal to Bv where v is the value of Bi . The commands for T include the T ++ commands (Add i, Rmv i, RmvP i, and GOTO i) and also, for each i and j in N, the commands: Dec, IDec(i), Length(i, j), Copy(i, j), Copy(i, Bj ), and Copy(Bi , j). A T program is a ﬁnite enumerated list of T commands. Deﬁnition 7.59 An algorithm is a T program. In previous sections, we tacitly deﬁned an algorithm to be a T ++ program. For computability theory, the two deﬁnitions are equivalent. The additional commands increase the eﬃciency, but not the computing power, of the programs. By Corollary 7.34, the functions computable by T programs are precisely the T -computable functions. Deﬁnition 7.60 Each executed T command constitutes one step of the computation of an algorithm. This deﬁnition of “step” makes precise the earlier deﬁnition of “polynomialtime.” We claim that this deﬁnition captures our intuitive notion of what can and cannot be accomplished in polynomial-time. Basic operations such as addition, multiplication, and division are polynomial-time as they should be. If I were to add two 7-digit numbers together without electronic (or mechanical) assistance, then I would rely on an algorithm I learned long ago and add the numbers digitby-digit. Using the command Dec, we can mimic this familiar algorithm with a

346

Computability and complexity

T program. Likewise, we can write T programs that carry out the polynomialtime procedures taught in grammar school for subtraction, multiplication, or long division. It follows that T programs (unlike T ++ programs) can compute polynomials in polynomial-time. We now turn from time to another measure of computational complexity. Deﬁnition 7.61 The space of a computation is the number of bins that are used. To be more precise, we must state what it means to “use” a bin. Deﬁnition 7.62 A computation uses bin Bi if the value of Bi is altered at some step of the computation. Deﬁnition 7.63 An algorithm is polynomial-space if there exists a k ∈ N such that, given any input of length n > 1, the algorithm uses fewer than nk bins. Space complexity also considers sublinear classes. These are classes where the number of bins used is less than the length of the input. We do not consider such classes in time complexity since we cannot even read the input in sublinear time. Deﬁnition 7.64 An algorithm is logarithmic-space if, given any input of length n (for suﬃciently large n), the algorithm uses fewer than log n bins. There exist nonfeasible algorithms that use only a small ﬁxed number of bins (see Exercise 7.34). To make space a useful measure of complexity, we consider algorithms that bound the size of the bins. We say that an algorithm is bounded if each bin has value less than 10 at each step of the computation (provided this is true of the input). Deﬁnition 7.65 A decision problem is polynomial-space if there exists a bounded polynomial-space algorithm that decides the problem. The set of all polynomialspace decision problems is denoted PSPACE. Deﬁnition 7.66 A decision problem is logarithmic-space if there exists a bounded logarithmic-space algorithm that decides the problem. The set of all logarithmicspace decision problems is denoted L. We state without proof two facts regarding the relationship between these complexity classes. For proofs, we refer the reader to either [36] or [47]. Proposition 7.67 L = P SP ACE. Proposition 7.68 L ⊂ P ⊂ P SP ACE. By the former proposition, at least one of the two inclusions in the latter proposition must be a proper inclusion. It is not known, however, which of these is proper.

Computability and complexity

347

7.7.3 Nondeterministic polynomial-time. An algorithm is a T program. By this deﬁnition, any algorithm is deterministic in the sense that, once the input is given, each step of the computation is completely determined. If we repeatedly execute an algorithm with the same input, then we will repeatedly observe the same computation and the same outcome. We now provide a formal deﬁnition for the notion of a nondeterministic algorithm. Let TN D be the programming language obtained by adding to T the commands “GOTO i OR j” for each i and j in N. The T -machine, upon reading this command, proceeds either to line (i) or line (j) of the program. A TN D program is a ﬁnite enumerated list of TN D commands. Deﬁnition 7.69 An nondeterministic algorithm is a TN D program. The GOTO i OR j command allows T programs to nondeterministically jump to one of any number of lines. For example, the following commands cause the T -machine to go to line (5), (6), (7), or (8) of the program. (1) GOTO 2 OR 5 (2) GOTO 3 OR 6 (3) GOTO 7 OR 8 The GOTO i OR j command can also be used to choose an arbitrary value for a bin. For example, the following commands cause the T -machine to assign to bin B2 an arbitrary number from 1 to 9. (1) Zero B2 (2) Add B2

(3) Compute B2 − 8 and store result in B3 (4) GOTO 6 (5) GOTO 8 (6) RmvP B3 (7) GOTO 2 OR 8 (8) . . . The reader may verify that the nondeterministic algorithms described earlier in this section can be written as TN D programs. The deﬁnition of a nondeterministic algorithm completes the deﬁnition of NP (Deﬁnition 7.58). The class NL (“nondeterministic log-space”) is deﬁned analogously. A decision problem is in this class if any correct “yes” output can be obtained by a nondeterministic algorithm using logarithmic-space. Replacing

348

Computability and complexity

“yes” with “no” yields the class coNL. In contrast to the open question NP = coNP, we have the following fact. Theorem 7.70 NL = coNL For a proof of this, we refer the reader to section 8.6 of [47]. This theorem represents one of only a few known facts regarding the relationship between these complexity classes. We also have the following extension of Proposition 7.67. Proposition 7.71 L ⊂ N L ⊂ P ⊂ N P ⊂ P SP ACE. By Proposition 7.68, at least one of the above inclusions must be proper. This is essentially all that is known. In particular the possibility that L = NP remains open.

7.8 NP-completeness We deﬁne the concept of an NP-complete problem and provide examples. Informally, the NP-complete decision problems are the most diﬃcult problems in NP. Cook’s theorem states that P SAT is NP-complete. We prove this theorem as a consequence of Fagin’s theorem in Section 10.3. In the present section, we take the NP-completeness of P SAT as fact and use P SAT to ﬁnd other examples NP-complete sets. Deﬁnition 7.72 A function f : (N ∪ {0})m → (N ∪ {0})n is a polynomial-time function if there exists a polynomial-time algorithm that computes f . Deﬁnition 7.73 For A ⊂ (N ∪ {0})m and B ⊂ (N ∪ {0})n , we say that A is polynomial-time reducible to B, denoted A ≤p B, if there exists a polynomialtime function f : A → B so that x ∈ A if and only if f (x) ∈ B. If A ≤p B, then the decision problem associated with A is at least as hard as the decision problem for B. The relation ≤p is a reﬁnement of recursively reducible relation ≤r from Section 7.6. The relation ≤p distinguishes between recursive sets whereas ≤r does not. Deﬁnition 7.74 A set A is NP-complete if it is in NP and for every set B in NP, B ≤p A. Let P ROB be an arbitrary decision problem. We refer to P ROB as NP-complete if the corresponding relation on the non-negative integers is NP-complete. Likewise, we view ≤p as a relation on decision problems. To show that P ROP is NP-complete, it suﬃces to show that P ROP is in NP and P SAT ≤p P ROB. This follows from the NP-completeness of P SAT (which we are currently taking on faith).

Computability and complexity

349

Proposition 7.75 Let CN F − SAT be the problem of determining whether or not a given formula of propositional logic in CNF is satisﬁable. This problem is NP-complete. Proof Clearly, CN F − SAT ≤p P SAT (via the identity function). Since P SAT is in NP so is CN F − SAT . Recall the CNF algorithm from Section 1.6. This algorithm produces a CNF formula equivalent to a given formula F . This algorithm is polynomial-time. So P SAT ≤p CN F − SAT . Since P SAT is NP-complete, so is CN F − SAT . Proposition 7.76 CLIQU E is NP-complete. Proof The algorithm for CLIQU E from Section 7.7.1 demonstrates that CLIQU E is in NP. To show that CLIQU E is NP-complete, we show that CN F − SAT ≤p CLIQU E. We sketch a proof of this. Given a formula F in CNF, we deﬁne a graph GF . Let F = {C1 , . . . , Ck } where each Ci is a set of literals. Let {L1 , . . . , Lm } be the set of all literals occurring in some clause of F . We must deﬁne the vertices and edge relation for GF . The set of all pairs (Ci , Lj ) where Lj is in Ci serves as the set of vertices. There is an edge between two vertices (Ci , Lj ) and (Cs , Lt ) if and only if Ci = Cs and Lj ≡ ¬Lt . The process of producing the adjacency matrix for GF given F is feasible and therefore polynomial-time. The following claim proves the proposition. Claim F is satisﬁable if and only if GF has a subgraph isomorphic to the k-clique (where k is the number of clauses in F ). Proof Suppose F is satisﬁable. Then A |= F for some assignment A. Each clause of F contains a literal to which A assigns the truth value 1. For i = 1, . . . , k, let f (i) be such that Lf (i) is in Ci and A |= Lf (i) . Consider the set of vertices Vk = {(C1 , Lf (1) ), (C2 , Lf (2) ), . . . , (Ck , Lf (k) )}. Since A |= Lf (1) ∧Lf (2) , it cannot be the case that Lf (1) ≡ ¬Lf (2) . By the deﬁnition of the edge relation in GF , vertices (C1 , Lf (1) ) and (C2 , Lf (2) ) share an edge. Likewise, every pair of vertices in Vk share an edge and so GF has the k-clique as a subgraph. Conversely if some subset of vertices {(C1 , Lf (1) ), (C2 , Lf (2) ), . . . , (Ck , Lf (k) )} form a k-clique, then we can ﬁnd an assignment A such that A |= Lf (i) for each i. By verifying that P SAT is NP-complete in theorem 10.20, we conclude that CN F − SAT , CLIQU E, and many other decision problems are also NP-complete. This is analogous to the situation in Section 7.6.1 where we demonstrated that the set J is nonrecursive and then reduced countless other sets to J in Rice’s theorem. In this way, we were able to demonstrate the nonrecursiveness of many sets by explicitly verifying the nonrecursiveness of one set. For NP-completeness, we do not have an analogue for Rice’s theorem. To obtain many examples of NP-complete problems, we must consider the problems

350

Computability and complexity

one-by-one. The proof of NP-completeness usually involves a construction of some sort. For example, we “constructed” the graph GF to prove Proposition 7.76. The construction relates two ostensibly diﬀerent problems and can be quite convoluted. We describe various known NP-complete problems. Instead of proofs of NP-completeness, we provide references at the end of the section.

The Sum k problem (SUMk) Recall the SU M 10 Problem from the Preliminaries. Given a ﬁnite set of integers, we are asked whether or not there exists a subset that adds up to 10. Similarly, we deﬁne the SU M k for any integer k. It is easy to see that these problems are in NP: choose an arbitrary subset and check to see if it sums up to k. Moreover, SU M k is NP-complete. Given an arbitrary formula F , there is a process for constructing a ﬁnite set of integers XF such that XF has a subset that sums to k if and only if F is satisﬁable.

The Hamilton problem Let G be a ﬁnite graph. A Hamilton path for G is a path that includes each vertex of G once and only once. The Hamilton problem is to determine whether or not a given graph has a Hamilton path. This problem is closely related to the Traveling Salesman problem. Given a set of cities, the Traveling Salesman problem is to ﬁnd the shortest route that visits each city. There is no known algorithm that eﬃciently solves this basic problem. The Traveling Salesman problem is not a decision problem and we do not refer to it as being NP-complete. The associated Hamilton problem, however, is NP-complete.

The k -Colorability problem (kC OLOR) A graph is said to be k-colorable if the vertices can be colored with k diﬀerent colors in such a way that no two vertices of the same color share an edge. The k-Colorability problem is to determine whether or not a given ﬁnite graph is k-colorable. For k > 2, this problem is NP-complete. For k = 2, it is not (see Exercise 7.33).

Minesweeper Many PCs come equipped with the game of Minesweeper. It is played on a grid that is, for our purposes, inﬁnite. There are bombs behind some of the squares of the grid. The player does not know the location of these bombs. The goal

Computability and complexity

351

is to uncover squares that do not have bombs. When a square is uncovered, the player either sees a bomb and the game is over, or there is a number that tells the player how many bombs are under squares adjacent to the uncovered square. Now suppose we are playing this game and are considering a certain covered square. We may have previously uncovered nearby squares that give us some information. There are three possibilities. Either we can deduce from the known information that there is a bomb under the square we are considering, or we can conclude that there is no bomb, or there is not enough information. To be a good Minesweeper player, we want to be able to determine which of these three situations is confronting us. This problem turns out to be NP-complete. More precisely, if we were to uncover many squares simultaneously, then we would see an arrangement of bombs and natural numbers. Let be the set of all ﬁnite arrangements consisting of bombs and natural numbers, including arrangements that do not follow the rules of Minesweeper. Let M S be the set of those conﬁgurations that can occur in the Minesweeper game. For example, a conﬁguration that has a square containing the number 3 surrounded by 5 bombs is not in M S. The decision problem corresponding to the set M S is NP-complete. This problem is equivalent to the problem in the previous paragraph. If we can determine whether a given conﬁguration is consistent with the rules of Minesweeper, then we can play the game eﬀectively. Given a covered square, if we can determine whether the existence of a bomb (or the lack thereof) is contradictory, then we can determine which of the three possible scenarios is confronting us. Since they are each NP-complete, the above problems are equivalent. If we have an algorithm for solving one of these problems, then we can use that algorithm to solve all of these problems. The proof of Proposition 7.76 demonstrates how an algorithm for CLIQU E can be used for P SAT . Likewise, if you are really good at playing Minesweeper, then you can use your skill to determine whether a given graph has a Hamilton path, or is 3-colorable, or whether a given formula of propositional logic is satisﬁable. More importantly, if you have a polynomial-time algorithm for solving the Minesweeper Problem, then you can win mathematical fame and the Clay Institute fortune by verifying that P = NP. Proposition 7.77 Some NP-complete problem is in P if and only if P = NP. Proposition 7.78 Some NP-complete problem is in coNP if and only if NP = coNP. Each of these propositions follow immediately from the deﬁnition of NP-complete.

352

Computability and complexity

Both [36] and [47] are excellent sources for computational complexity. With the exception of the Minesweeper problem, each of the above decision problems can be found in each of these two books. In addition, these books describe in depth the relationship between the complexity classes of the previous section and many other complexity classes that we have not considered. The Minesweeper problem is shown to be NP-complete in the article [22].

Exercises 7.1

Let {f1 , f2 , f3 , . . .} be an enumeration of the set of unary primitive recursive functions. Let Upr be the binary function deﬁned by Upr (x, y) = fy (x). (a) Show that the set of unary primitive recursive functions can be enumerated in such a way that Upr (x, y) is computable. (b) Show that the unary function deﬁned by g(x) = Upr (x, x) + 1 is not primitive recursive. (c)

Can part (a) and (b) be repeated with the set of recursive functions in place of the set of primitive recursive functions? Why or why not? .x ..

7.2

Show that the function G(x) = xx is primitive recursive.

7.3

Show that the function F (x) = x!(x − 1)!(x − 2)! · · · 3!2!1! is primitive recursive.

7.4

Show that the function E(x, n) = n!(1 + x + x2 + x3! + · · · + xn! ) is primitive recursive.

7.5

Show that the function P (x, y) = x!/(x − y)! is primitive recursive.

7.6

Let f (x, y) and g(x) be primitive recursive functions. (a) Show that the function ha (x, y) = z

x times

2

n

(b)

7.7

3

Let hb (x) be the least value of y less than g(x) such that f (x, y) = 0. If no such y exists, then hb (x) = g(x). Show that the function hb (x) is primitive recursive.

Let n be a natural number. If we take the deﬁnition of “recursive function” and replace the zero function Z(x) = 0 with the constant function cn (x) = n, then we obtain the set of n-recursive functions. That is, the set of nrecursive functions is the smallest set • containing the basic functions s(x), pki (x), and the constant function cn (x), and

Computability and complexity

353

• closed under composition, primitive recursion, and unbounded search. For each n ∈ N, let N≥n = {n, n + 1, n + 2, . . .}. Prove that a function on N≥n is recursive if and only if it is n-recursive. 7.8

7.9

Write T ++ programs that perform the following tasks on a T -machine: (a) Swap the contents of B1 and B2 . (b)

Set B2 equal to B1 and leave B1 unchanged.

(c)

Add B1 and B2 and store the result in B2 .

(d)

Multiply B1 and B2 and store the result in B2 .

Show that the set of T -computable functions is closed under compositions and primitive recursion.

7.10 Let f (x) be a function on the non-negative integers. The history function of f (x), denoted f H (x), is deﬁned inductively as f H (0) = 1

and f H (n + 1) = 2f (0) 3f (1) · · · pfn(n) ,

where pi denotes the ith prime. Suppose that f (x) = g(f H (x)) for some primitive recursive function g(x). (a) Show that f H (x) is primitive recursive. (b)

Show that f (x) is primitive recursive.

x) and h2 (¯ x) be k-ary primitive recursive functions. Let g1 (¯ x, y, z) 7.11 Let h1 (¯ x, y, z) be (k+2)-ary primitive recursive functions. Suppose that (k+ and g2 (¯ x, y) and f2 (¯ x, y) are deﬁned by simultaneous recursion 1)-ary functions f1 (¯ as follows. ¯) = h1 (¯ x), f1 (0, x ¯) = h2 (¯ x), f2 (0, x ¯) = g1 (¯ x, f1 (n, x ¯), f2 (n, x ¯)), and f1 (n + 1, x ¯) = g2 (¯ x, f1 (n, x ¯), f2 (n, x ¯)). f2 (n + 1, x Show that both f1 and f2 are primitive recursive functions. (Hint: Consider history functions for f1 and f2 as deﬁned in the previous exercise.) 7.12 Give an explicit deﬁnition of the Ackermann function in terms of unbounded search. 7.13 Let f be a k-ary function. The graph of f is the k +1-ary relation consisting of all (¯ x, y) such that f (¯ x) = y. (a) Show that f is a primitive recursive function if and only if the graph of f is a primitive recursive set.

354

Computability and complexity

(b) Show that f is a recursive function if and only if the graph of f is a recursively enumerable set. (c)

Show that f is a total recursive function if and only if the graph of f is a recursive set.

7.14 Let f (x, y) = "x/y# where "x/y# denotes the greatest integer less than x/y. Let g(x) be a primitive recursive function and let h(x, y) =

f (x, y) y = 0 g(x)

y = 0.

Show that h(x, y) is primitive recursive. (Use the previous exercise and the fact that a relation is primitive recursive if and only if it is deﬁnable by a ∆0 formula.) 7.15 Let f (x), g(x), and h(x) be primitive recursive functions. Let e(x) =

f (x)g(x) h(x)

if f (x) + g(x) > 0 if f (x) + g(x) = 0.

Show that e(x) is primitive recursive. 7.16 Let ϕ(x, y) be a ∆0 formula and let f (x) be a primitive recursive function. Show that the formula ∃y(y < f (x) ∧ ϕ(x, y)) is ∆0 , where y < f (x) is an abbreviation for the Var -formula ∃z(y + z = f (x)). 7.17 Assuming that every primitive recursive set is ∆0 , prove the following. (a) Every recursively enumerable set is 1 . (b) Every recursive set is both 1 and Π1 . 7.18 Let A be an inﬁnite set. Prove that A is recursive if and only if it is the range of an increasing recursive function. 7.19 Show that every inﬁnite recursively enumerable set has an inﬁnite recursive subset. 7.20 Let A and B be recursively enumerable sets. Show that there exist recursively enumerable subsets A1 ⊂ A and B1 ⊂ B such that A1 ∩ B1 = ∅ and A1 ∪ B1 = A ∪ B. 7.21 Show that the union of two recursively enumerable sets is recursive enumerable. Moreover, show that the function f (x, y) deﬁned by Wx ∪ Wy = Wf (x,y) is a recursive function. 7.22 Repeat the previous exercise with intersections instead of unions. 7.23 Show that there exists a partial recursive function that cannot be extended to a total recursive function.

Computability and complexity

355

7.24 Let A and B be subsets of N ∪ {0}. We say that A and B are recursively ¯ for some recursive subset R of N. Otherseparable if A ⊂ R and B ⊂ R wise, A and B are said to be recursively inseparable. Show that there exist recursively enumerable A and B that are recursively inseparable. 7.25 Let F IN , IN F , COF , T OT , and REC be as deﬁned in Section 7.6.1. (a) Show that F IN ≤r COF . (b)

Show that IN F ≤r COF .

(c)

Show that T OT ≤r COF .

(d)

Show that COF ≤r REC.

7.26 (a) Show that T OT is Π2 . (b) Show that F IN is 2 . (c) Show that COF is 3 .

7.27 Classify the set SQR = {e|ϕ1e (x) = x2 } as either Πn or n for some n. 7.28 Let Γ be either Πn or n for some n. We say that U ⊂ N2 is Γ-complete if U is Γ and for any set A that is Γ, A ≤r U . Show that REC = {e : We is recursive } is 3 -complete. 7.29 Let Γ be either Πn or n for some n. We say that U ⊂ N2 is Γ-universal if for any set A that is Γ, there exists e such that A = {x|(e, x) ∈ U }. (a) Show that it U is Γ-universal, then U is Γ-complete (see Exercise 7.28). ¯ is Πn -universal. (b) Show that if U is n -universal, then U (c) Show that if U is n -universal, then U is not ∆n . (Hint: consider the set {x|(x, x) ∈ U }.) 7.30 Refer to the previous exercise. (a) Show that the set H1 from Section 7.6.1 is 1 universal. (b) Let f : (N ∪ {0})2 → (N ∪ {0}) be a recursive one-to-one correspondence. Show that if Un is Πn -universal, then the set {(e, n)|∃y(e, f (x, y)) ∈ Un } is (c)

n -universal.

Using the previous exercise, conclude that there exist sets that are not ∆n for each n ∈ N.

n

sets and Πn

7.31 Show that constant functions cannot by computed by a T ++ algorithm in polynomial-time. Which functions can be computed by T ++ in polynomial-time?

356

Computability and complexity

7.32 Prove that every decision problem in NP is decidable. 7.33 Recall the k-Colorability problem from Section 7.8. (a)

Describe a polynomial-time nondeterministic algorithm for the k-colorability problem for k > 2.

(b)

Describe a polynomial-time algorithm for the 2-colorability problem.

7.34 Describe an algorithm that computes f (n) = 2n and uses only k bins for some k ∈ N. 7.35 For each k ∈ N, let kP SAT correspond to the set of satisﬁable formulas of propositional logic that contain at most k atomic subformulas. (a) Show that 2P SAT is in P. (b)

Using the fact that P SAT is NP-complete, show that 3P SAT is NP-complete.

7.36 Let P V AL correspond to the set of valid sentences of propositional logic. To which complexity classes does this problem belong? Is P V AL complete for any of these classes? (Use the fact that P SAT is NP-complete.) 7.37 Let ϕ be a sentence in the vocabulary VR of graphs. The ϕ-Graph problem is to determine whether or not a given ﬁnite graph models ϕ. Show that the ϕ-Graph problem is in P for any ﬁrst-order sentence ϕ.

8

The incompleteness theorems

In this chapter we prove that the structure N = (N|+, ·, 1) has a ﬁrst-order theory that is undecidable. This is a special case of G¨ odel’s First Incompleteness theorem. This theorem implies that any theory (not necessarily ﬁrst-order) that describes elementary arithmetic on the natural numbers is necessarily undecidable. So there is no algorithm to determine whether or not a given sentence is true in the structure N. As we shall show, the existence of such an algorithm leads to a contradiction. G¨ odel’s Second Incompleteness theorem states that any decidable theory (not necessarily ﬁrst-order) that can express elementary arithmetic cannot prove its own consistency. We shall make this idea precise and discuss the Second Incompleteness theorem in Section 8.5. G¨ odel’s First Incompleteness theorem is proved in Section 8.3. Although they are purely mathematical results, G¨ odel’s Incompleteness theorems have had undeniable philosophical implications. G¨ odel’s theorems dispelled commonly held misconceptions regarding the nature of mathematics. A century ago, some of the most prominent mathematicians and logicians viewed mathematics as a branch of logic instead of the other way around. It was thought that mathematics could be completely formalized. It was believed that mathematical reasoning could, at least in principle, be mechanized. Alfred North Whitehead and Bertrand Russell envisioned a single system that could be used to derive and enumerate all mathematical truths. In their three-volume Principia Mathematica, Russell and Whitehead rigorously deﬁne a system and use it to derive numerous known statements of mathematics. G¨odel’s theorems imply that any such system is doomed to be incomplete. If the system is consistent (which cannot be proved within the system by G¨ odel’s Second theorem), then there necessarily exist true statements formulated within the system that the system cannot prove (by G¨ odel’s First theorem). This explains why the name “incompleteness” is attributed to these theorems and why the title of G¨ odel’s 1931 paper translates (from the original German) to “On Formally Undecidable Propositions of Principia Mathematica and Related Systems” (translated versions appear in both [13] and [14]). Depending on one’s point of view, it may or may not be surprising that there is no algorithm to determine whether or not a given sentence is true in N. More surprising is the fact that we can prove that there is no such algorithm. The proof itself is truly remarkable. G¨ odel’s proof introduced the notions of

358

The incompleteness theorems

primitive recursive sets and relations discussed in the previous chapter. G¨ odel’s proof gave impetus to the subject of computability theory years before the advent of the computer. Moreover, G¨ odel deduced from his proof that any decidable system that can perform arithmetic on the natural numbers cannot prove its own consistency. This is a gem of mathematical reasoning and is, by any measure, among the great results of twentieth century mathematics.

8.1 Axioms for ﬁrst-order number theory We discuss some consequences of G¨odel’s First Incompleteness theorem. We prove this theorem in Section 8.3. In the present section we accept this theorem as a fact. We distinguish two related ﬁrst-order theories. The theory of arithmetic, denoted TA is the theory of the structure A = {Z|+, ·, 0, 1}. The theory TN of the structure N = (N|+, ·, 1) is ﬁrst-order number theory. We focus on the latter of these theories. By G¨ odel’s First Incompleteness theorem, not only TN , but also related theories (such as TA ) are undecidable. We claim that elementary number theory is contained in TN . Peruse any book on the subject and you will ﬁnd that the statements of interest (the theorems, lemmas, conjectures, and so forth) can be formulated as ﬁrst-order sentences in the vocabulary VN = {1, +, ·}. For example, the following VN -formulas represent the concepts of divisibility and prime number: let div(x, y) be ∃z(x · z = y) and prime(x) be ∀z(div(z, x) → z = 1 ∨ z = x) ∧ ¬(x = 1). By deﬁnition, N |= div(a, b) if and only if a divides b and N |= prime(a) if and only if a is prime. We can express that there are inﬁnitely many primes with the VN -sentence ∀x(prime(x) → ∃y(prime(y) ∧ y > x), where y > x is the VN -formula ∃z(x + z = y). Less obvious is the fact that we can express the Fundamental Theorem of Arithmetic as a VN -sentence. There are also VN -sentences that express the Chinese Remainder theorem, Wilson’s Theorem, Fermat’s Last theorem, Goldbach’s Conjecture, and Gauss’ Law of Quadratic Reciprocity. The reader does not need to be familiar with the all of the theorems of number theory listed in the previous paragraph. In the next section we show that for every recursive subset A of Nn (for some n), there exists a VN -formula ¯ ∈ A if and only if N |= ϕA (¯ a). This justiﬁes our ϕA (x1 , . . . , xn ) such that a admittedly vague claim that elementary number theory is contained in ﬁrst-order number theory.

The incompleteness theorems

359

The reader does need to be familiar with some basic number theory. The reader should recall the Fundamental Theorem of Arithmetic and the fact that there are inﬁnitely many primes from the previous chapter (Sections 7.1 and 7.3). In the present chapter, we shall state and use the Chinese Remainder theorem. The reader should also be aware that the proof of Fermat’s Last Theorem eluded mathematicians for hundreds of years before Andrew Wiles proved it in 1996 and Goldbach’s Conjecture remains unanswered (see Exercise 2.8). If TN had a decidable axiomatization, then, in principle, we could use the methods of Chapter 3 to answer every open question of number theory. By G¨ odel’s First Incompleteness theorem, this is not the case. Any deductive system (such as formal proofs or resolution) has inherent limitations. Since it is undecidable, TN does not have a decidable ﬁrst-order axiomatization (see Proposition 5.10). However, we now demonstrate a second-order theory containing TN that does have a decidable axiomatization. Let us axiomatize TN . We begin with the following two axioms: ∀x¬(x + 1 = 1), ∀x∀y(x + 1 = y + 1 → x = y). Any model of these two sentences is necessarily inﬁnite. Together they say that the function deﬁned by (x + 1) is one-to-one but not onto. The following axioms describe addition: ∀x∀y(x + y = y + x), ∀x∀y(x + (y + 1) = (x + y) + 1). Multiplication is described in a similar manner: ∀x∀y(x · y = y · x), ∀x(x · 1 = x), ∀x∀y(x · (y + 1) = (x · y) + x). Each of these axioms is ﬁrst-order. The ﬁnal axiom, called the Induction Axiom, is second-order. Second-order logic is a topic of the next chapter. Presently, it suﬃces to say that, in second-order logic, one can quantify over relations. In the following second-order sentence, S(x) represents an arbitrary unary relation. ∀1 S(S(1) ∧ ∀x(S(x) → S(x + 1))) → ∀xS(x). In this sentence, “∀1 S” is read “for all unary relations S . . . .” In eﬀect, the Induction Axiom says that any subset of the universe that contains 1 and is closed under the function x+1 necessarily contains every element in the universe.

360

The incompleteness theorems

These axioms describe N completely and categorically. The ﬁrst several axioms inductively deﬁne addition and multiplication and the ﬁnal axiom states that induction works. Proposition 8.1 Let M be a VN -structure. If each of the above axioms holds in M , then M is isomorphic to N. Proof As a VN -structure, M contains an element that interprets the constant 1. We inductively construct an isomorphism f : N → M by sending 1 to this element and (n + 1) to the successor f (n) + 1 of f (n) in M (for each n ∈ N). If M satisﬁes the Induction Axiom, then the range of f must be all of the underlying set of M . It follows that f is an isomorphism. It follows from this proposition that second-order logic does not have completeness. That is, we cannot hope to deﬁne second-order analogues for ﬁrst-order resolution and formal proofs. Any such formal system would provide a systematic way to determine whether or not a sentence is a consequence of the above axioms and, hence, whether or not the sentence is true in N. By G¨ odel’s First Incompleteness theorem (which we are presently taking on faith), there is no such algorithm. It also follows from Proposition 8.1 that no ﬁrst-order sentence nor set of ﬁrst-order sentences can express the Induction Axiom. First-order theories are subject to the L¨ owenheim–Skolem theorems and are incapable of describing an inﬁnite structure such as N up to isomorphism. Although we cannot say “for all subsets S . . .” in ﬁrst-order logic, we can say “for all deﬁnable subsets S . . .” For each VN -formula ϕ(x) in one free variable, let ψϕ be the VN -sentence (ϕ(1) ∧ ∀x(ϕ(x) → ϕ(x + 1)) → ∀xϕ(x)). Let Γind be the set of all such sentences ψϕ . This set of sentences is a ﬁrst-order “approximation” of the Induction Axiom. Deﬁnition 8.2 Let ΓN be the set of ﬁrst-order sentences obtained from the above axiomatization by replacing the Induction Axiom with the set Γind . By G¨ odel’s First Incompleteness theorem, ΓN is incomplete. So these sentences do not describe the structure N up to elementary equivalence. However, the set ΓN is a natural fragment of TN to consider. This fragment is often referred to as Peano Arithmetic. We describe the diﬀerence between TN and Peano arithmetic in terms of both VN -structures and VN sentences. Let M be a VN -structure. Then M interprets the VN -terms 1, 1+1, 1+1+1, and so forth. Denote the elements of M that interpret these terms as a1 , a2 , a3 , and so forth. If M |= ΓN , then the function e : N → M deﬁned by e(n) = an is an embedding. So any model of ΓN contains a substructure that is isomorphic

The incompleteness theorems

361

to N. In this sense, ΓN fully deﬁnes multiplication and addition on the natural numbers. Since ΓN is incomplete, some of its models contain elements beyond the natural numbers which exhibit behavior not witnessed in N. Whereas N can be embedded into every model of ΓN , it cannot be elementarily embedded into every model. Since it is incomplete, there necessarily exists a V-sentence ϕ in TN that cannot be derived from ΓN . It should be clear from the previous paragraph that such a sentence ϕ cannot be atomic. In fact, it cannot be a Σ1 sentence (as deﬁned in Section 7.6.2). Proposition 8.3 If ϕ(x1 , . . . , xk ) is equivalent to a Σ1 formula, then ΓN ϕ(tn1 , . . . , tnk ) if and only if N |= ϕ(n1 , . . . , nk ), where, for each n ∈ N, tn denotes the VN -term 1 + 1 + · · · + 1. n times

Proof Since ΓN ⊂ TN , if ΓN ϕ(tn1 , . . . , tnk ) then N |= ϕ(n1 , . . . , nk ). We must prove the converse of this. Suppose that N models ϕ(n1 , . . . , nk ). By completeness, it suﬃces to show that every model M of ΓN models ϕ(tn1 , . . . , tnk ). If this is true for some formula ϕ, then it is also true for any formula that is equivalent to ϕ. So we may assume that ϕ is in prenex normal form. Case 1 ϕ is a ∆0 formula (as deﬁned in Section 7.2). We proceed by induction on the number of quantiﬁers in ϕ. Since it is ∆0 , each quantiﬁer is bounded. Let M be an arbitrary model of ΓN . If ϕ is quantiﬁer-free, then M |= ϕ(tn1 , . . . , tnk ) since e : N → M (as deﬁned above) is an embedding. Now suppose that ϕ has n + 1 quantiﬁers. Our induction hypothesis is that the proposition holds for any ∆0 formula having at most n quantiﬁers. To ease notation, suppose that ϕ has only one free variable x. If the ﬁrst quantiﬁer in ϕ is ∀, then there exists a ∆0 formula ψ(x, y) having n quantiﬁers such that ϕ is equivalent to the formula ∀y(y < x → ψ(x, y)), where y < x is an abbreviation for the VN -formula ∃z(y + z = x). If N |= ∀y(y < n → ψ(n, y)) for some n ∈ N, then N |= ψ(n, m) for each m < n, in which case M |= ψ(tn , tm ) for each m < n by our induction hypothesis. It follows from the axioms in ΓN that M |= y < tn if and only if y = tm for some m < n. It follows that M |= ∀y(y < tn → ψ(tn , y)) as we wanted to show. Now suppose that the ﬁrst quantiﬁer in ϕ is ∃. Then ϕ has the form ∃yψ(x, y) for some ∆0 formula ψ(x, y) having n quantiﬁers.

362

The incompleteness theorems

If N |= ∃yψ(n, y) for some n ∈ N, then N |= ψ(n, m) for some m ∈ N, in which case M |= ψ(tn , tm ) by our induction hypothesis, and so M |= ∃yψ(tn , y). By induction, the proposition holds for any ∆0 formula ϕ. Case 2 ϕ is a Σ1 formula. By deﬁnition, ϕ is a Σ1 formula if it has the form ∃yψ for some ∆0 formula ψ. We have already considered such formulas in case 1. In the proof of case 1, we did not use the fact that the quantiﬁer ∃ is bounded in ∆0 formulas. So our proof of case 1 also proves case 2. In the ﬁnal Section 8.5, we explicitly demonstrate a VN -sentence ϕ0 that is true in N but cannot be derived from ΓN . If we augment ΓN by adding odel’s First Incomϕ0 as an axiom, then the result is still incomplete by G¨ pleteness theorem. There must exist a VN -sentence ϕ1 that is true in N that cannot be derived from ΓN ∪ {ϕ0 }. Likewise, continuing in this manner, there exists a VN -sentence ϕn+1 that is true in N that cannot be derived from ΓN ∪ {ϕ0 , ϕ1 , . . . , ϕn } ⊂ TN . Any decidable set of sentences in TN is necessarily incomplete. Contrapositively, any axiomatization of TN , such as TN itself, is necessarily undecidable.

8.2 The expressive power of ﬁrst-order number theory The reason that TN = T h(N) is undecidable is that so many subsets of N are VN -deﬁnable. In this section we prove that every recursive subset of Nn is a deﬁnable subset of N. Moreover, these sets are deﬁnable by a Σ1 formulas. The key to this immense expressive power is the fact that we can quantify over sequences of variable length. We demonstrate this idea with an example. Example 8.4 Let n be a natural number. Let Sn be the subset of N consisting of those natural numbers that can be written as the sum of the squares of n primes. That is, x ∈ Sn if and only if there exists prime numbers q1 , . . . , qn (not necessarily distinct) such that x = (q1 )2 + (q2 )2 + · · · + (qn )2 . The set Sn is a deﬁnable subset of N. Recall the VN -formula prime(x) from the previous section. Let ϕn (x) be the VN -formula n ∃z1 · · · ∃zn prime(zi ) ∧ (z1 · z1 + · · · + zn · zn = x) . i=1

Clearly, ϕn (x) deﬁnes the set Sn .

The incompleteness theorems

363

Now consider the subset S of N2 consisting of the pairs of natural numbers (x, n) such that x ∈ Sn . That is (x, n) is in S if and only if x can be written as the sum of the squares of n primes. Let us attempt to ﬁnd a VN -formula ϕS (x, y) that deﬁnes this set. The formula ϕS (x, y) must say that there exist prime numbers q1 , . . . , qy such that x = (q1 )2 + (q2 )2 + · · · + (qy )2 . The obstacle to writing such a formula is the phrase “there exist q1 , . . . , qy .” It seems that the number y of existential quantiﬁers in this formula is determined by a free-variable of the formula itself! Later in this section, we show that we can overcome this obstacle and deﬁne the ﬁrst-order VN -formula ϕS (x, y). To deﬁne the set S from the previous example, the formula ϕS (x, y) must express that there exists a sequence of length y having certain properties. This is an example of what we mean by “quantifying over sequences of variable length.” Using S as an example, we demonstrate a technique for expressing the formula ϕS (x, y). We then use this technique to show that any recursive subset of N is deﬁnable. To quantify over sequences of variable length, we encode the sequence. There are many ways to do this. The method we use encodes a given sequence as a triple of numbers l, m, and k. Any ﬁnite sequence of natural numbers uniquely deﬁnes its “code” [l, m, k]. Conversely, given l, m, and k, we can “decode” [l, m, k] to recover the original sequence. The coding and decoding process takes place within ﬁrst-order number theory. This allows us to replace “there exists a sequence of length y such that. . .” with an expression of ﬁrst-order number theory that begins “∃l∃m∃k . . . .” Given a ﬁnite sequence a ¯ of natural numbers, the code for a ¯ describes the sequence completely and categorically. The number m is the maximum number in the sequence and the number l represents the length of the sequence. To fully describe a particular sequence, we must provide more information. The number k completes the description. This number is more complicated than the maximum or the length of the sequence. We demonstrate k with some examples. First we show how to decode a sequence. Example 8.5 Suppose we are given the code [3, 5, 590]. This code represents a unique sequence of natural numbers a1 , a2 , a3 . The ﬁrst number of the code is the length of the sequence. The second number in the code tells us that one of the three numbers in the sequence is 5 and no number in the sequence is larger than 5. The third number k = 590 is the “key” to decoding the sequence a1 , a2 , a3 . This key works as follows. • Let d be the least number bigger than m that is divisible by each number less than l + 1.

364

The incompleteness theorems

In our example, d = l! = 3 · 2 · 1 = 6. • The ﬁrst number of the sequence is the remainder when k is divided by d+1. In our example, 590 has a remainder of 2 when divided by 6 + 1 = 7 (590 = 84 · 7 + 2). So the ﬁrst number of the sequence is a1 = 2. • The second number of the sequence is the remainder when k is divided by 2d + 1. In our example, 2d + 1 = 13. Since 590 = 45 · 13 + 5, the second number is a2 = 5. • The third number of the sequence is the remainder when k is divided by 3d + 1. In our example, 3d + 1 = 19. Since 31 · 19 = 589, the remainder a3 = 1. So [3, 5, 590] is the code for the sequence (2, 5, 1). Next, we demonstrate how to encode a given sequence. Example 8.6 Suppose we wish to encode the sequence (2, 8, 1). Clearly l = 3 and m = 8. We must ﬁnd a key k for the encryption. To ﬁnd k, we must think about how [3, 8, k] will be decoded. We want k to be such that the remainder when k is divided by d + 1 is 2, the remainder when k is divided by 2d + 1 is 8, and the remainder when k is divided by 3d + 1 is 1. Recall from the previous example that d is the least number exceeding m divisible by each number less than l + 1. Since 3! = 6 and m = 8, d is equal to 12. We must ﬁnd k such that the remainders when k is divided by 13, 25, and 37 are respectively 2, 8, and 1. There is a systematic way to ﬁnd such a number k. The ﬁrst step is to get a calculator. Let d1 = d+1, d2 = 2d+1, and d3 = 3d+1. Then k = a1 b1 d2 d3 +a2 b2 d1 d3 + a3 b3 d1 d2 , where the bi s are deﬁned as follows: Let b1 be least such that b1 d2 d3 has remainder 1 when divided by d1 . In our example, d2 d3 = 25 · 37 = 925. We must ﬁnd the least multiple of 925 that has a remainder of 1 when divided by d1 = 13. By checking each multiple 925, 2 · 925, . . . , 12 · 925, we ﬁnd that 7 · 925 = 6475 = 13 · 488 + 1 (the Euclidean algorithm works for this too). So b1 = 7. Likewise, let b2 and b3 be least such that b2 d1 d3 has remainder 1 when divided by d2 and b3 d1 d2 has remainder 1 when divided by d3 .

The incompleteness theorems

365

In our example, we must ﬁnd the least multiple of 481 = d1 d3 that has remainder 1 when divided by 25 = d2 and also the least multiple of 325 = d1 d2 that has remainder 1 when divided by 37 = d3 . Clearly, b2 = 21 and b3 = 23 since and 21 · 481 = 10101 = 404 · 25 + 1. and 23 · 325 = 202 · 37 + 1. (I confess, I am using a computer algebra system.) Now that we know b1 , b2 , and b3 , we can compute k = a1 b1 d2 d3 + a2 b2 d1 d3 + a3 b3 d1 d2 = 2 · 7 · 25 · 37 + 8 · 21 · 13 · 37 + 1 · 23 · 13 · 25 = 101233. There is more than one value for k that works as a code for the sequence (2, 8, 1). What really matters is not the number k, but the remainder when k is divided by d1 d2 d3 . In our example, since 101233 has a remainder of 5033 when divided by d1 d2 d3 = 12025, we can take k to be 5033, 101233, or any other number that has remainder 5033 when divided by 12025. Whereas there exist more than one code for a sequence, the opposite is not true. There exists exactly one sequence for each code. The sequence (2, 8, 1) can be recovered by decoding either of the codes [3, 8, 5033] or [3, 8, 101233]. In the previous examples we have successfully coded sequences of length three using only three numbers l, m, and k. This is not too impressive. However, any ﬁnite sequence can be coded in a similar manner. Regardless of the length of the sequence, the code requires only the three numbers l, m, and k. In the remainder of this section, we ﬁrst show that the technique described in these examples works and, secondly, use this technique to write VN -formulas to deﬁne the set S from Example 8.4 and other subsets of Nn . We view the coding process as a computable function. Given any ﬁnite sequence of natural numbers as input, this function outputs the code [l, m, k]. As was pointed out in Example 8.6, there exists more than one code for each sequence. To make it a function, we restrict the output to the code that has the smallest value for k. To verify that our coding technique works, we must show that this function is deﬁned for all ﬁnite sequences of natural numbers and that it is one-to-one. That is, we must show that every ﬁnite sequence has a code and no two sequences have the same code. Let us again walk through the coding process. Given a sequence (a1 , . . . , al ), let l be the length of the sequence and let m be the largest ai in the sequence. Let d be the least number exceeding m divisible by each number less than l + 1. Clearly, such d is uniquely deﬁned. We must ﬁnd k such that k has remainder ai when divided by di = i · d + 1 (for each i = 1, . . . , l). To obtain the smallest value for k, let k1 be the remainder when k is divided by d1 · d2 · · · · · dn . Output [l, m, k1 ] as the code for (a1 , . . . , al ). The only step of this process that requires veriﬁcation is the existence of k. For this we use the Chinese Remainder theorem.

366

The incompleteness theorems

Deﬁnition 8.7 A set of natural numbers {d1 , d2 , . . . , dl } is said to be relatively prime if, for 1 ≤ i < j ≤ l, there is no number that divides both di and dj other than 1. The Chinese Remainder theorem Let {d1 , . . . , dl } be a relatively prime set of natural numbers. Let (a1 , . . . , al ) be a sequence of natural numbers with ai ≤ di for i = 1, . . . , l. There exists k ∈ N such that when k is divided by di , the remainder is ai for each i = 1, . . . , l. Moreover, there exists a unique such k that is less than d1 · d2 · · · dl . Proof idea The idea behind the proof was demonstrated in Example 8.6. The following formula computes k: k = a1 b1 D1 + a2 b2 D2 + · · · + an bn Dn , where Di = (d1 · d2 · · · dn )/di and bi is least such that bi Di has remainder 1 when divided by di . The existence of bi follows from the fact that the set {d1 , . . . , dn } is relatively prime. Note that di divides Dj for i = j. So k has the same remainder as ai bi Di when divided by di . By design, bi Di has remainder 1. So ai bi Di has remainder ai · 1 when divided by di . For a detailed proof, the reader is referred to any book on elementary number theory such as [19]. Proposition 8.8 For any l and d in N, if d is divisible by each number less than l +1, then {d+1, 2·d+1, . . . , l ·d+1} is a relatively prime set of natural numbers. Proof Consider di = i · d + 1 and dj = j · d + 1 for 1 ≤ i < j ≤ l. Let p divide both di and dj . We want to show that p = 1. Claim p divides d. Proof Since p divides both di and dj , p divides dj − di = j · d − i · d = (j − i)d. It follows that either p divides d or p divides (j − i). Note that (j − i) < l. By assumption, (j − i) divides d. This proves the claim. Since p divides d, it also divides i · d. Since p divides di , it also divides di − i · d = 1. It follows that p = 1. Corollary 8.9 Every ﬁnite sequence of natural numbers has a code [l, m, k]. Moreover, no two sequences have the same code. Proof Any ﬁnite sequence has a length l and a maximal entry m. The existence of k follows from the previous proposition, which allows us to apply the Chinese Remainder theorem. To see that no two sequences have the same code, consider the decoding process described in Example 8.5. To decode [l, m, k] we ﬁrst ﬁnd d, the least number greater than m divisible by each number less than l + 1. Clearly, such a number exists and is unique. We then divide k by d + 1, 2 · d + 1, . . . , l · d + 1

The incompleteness theorems

367

and take the remainders as the sequence a1 , . . . , al . Since these remainders are uniquely determined, so is the sequence a1 , . . . , al . So the process we have described for coding ﬁnite sequences works. We next show that this process can be translated into the language of ﬁrst-order number theory. The following table translates some key phrases: Use the VN -formula

To say x is smaller than y x is not bigger than y

Denoted by

∃z(x + z = y)

x

x < (y + 1)

x≤y

∃z(x · z = y)

div(x, y)

y is divisible by each number less than x + 1

∀z(z ≤ x → div(z, y))

D(x, y)

y divided by x has remainder z

(z < x)∧ ∃q(y = q · x + z)

x divides y

rem(x, y, z)

The VN -formula rem(x, y, z) is the graph of a function. Given any x and y, there is at most one z that satisﬁes rem(x, y, z). Let Rem(x, y) represent this function. That is z = Rem(x, y) is deﬁned by ∃w(rem(x, y, w) ∧ z = w). Deﬁnition 8.10 Let f : Nk → N be a k-ary function on the natural numbers. x, y) such that We say that f is deﬁnable if there exists a VN -formula ϕf (¯ f (¯ a) = b if and only if N |= ϕf (¯ a, b). x, y). We say that f is deﬁned by ϕf (¯ We now show that we can decode sequences within ﬁrst-order number theory. Proposition 8.11 Let code (l, m, k, i) be the ith element in the sequence obtained by decoding [l, m, k]. This function is deﬁnable. Proof Let ϕ(x, l, m) be the VN -formula x > m ∧ D(l, x). Let δ(x, l, m) be the VN -formula ϕ(x, l, m) ∧ ∀z(z < x → ¬ϕ(z, l, m)) saying that x is least such that ϕ(x, l, m) holds. That is, δ(x, l, m) says that x = d. The function code(l, m, k, i) = z is deﬁned by (i ≤ l) ∧ ∃d(δ(d, l, m) ∧ z = Rem(k, i · d + 1)).

368

The incompleteness theorems

Next, we deﬁne a VN -formula seq(l, m, k) that says [l, m, k] is the code for a ﬁnite sequence. If we randomly choose the numbers, l, m, and k, then [l, m, k] will probably not be a code. For example, consider [2, 9, 24]. Since l = 2 and m = 9, d = 10. We have a1 = Rem(24, 10 + 1) = 2 and a2 = Rem(24, 20 + 1) = 3. Since the maximum entry of the sequence (a1 , a2 ) is 3 and not 9, [2, 9, 12] is not a code for this sequence. Since [2, 9, 12] is not the code for (2, 3), it is not the code for any sequence. To say that [l, m, k] is the code for a sequence, we must say that m is the maximum number in the sequence obtained by decoding [l, m, k]. Proposition 8.12 There exists an VN -formula seq(x, y, z) such that N |= seq(l, m, k) if and only if [l, m, k] is the code for some sequence. Proof Let seq(l, m, k) be the formula ∀i(i ≤ l → code(l, m, k, i) ≤ m) ∧ ∃i(i ≤ l ∧ code(l, m, k, i) = m)). Example 8.13 We now deﬁne the formula ϕS (x, y) from Example 8.4. We want to say there exist primes q1 , . . . , qy such that q12 + q22 + · · · + qy2 = x. To do this, we say there exists the sequence (a1 , . . . , ay ) deﬁned as the partial sums a1 = q12 , a2 = q12 + q22 , . . . , ay = q12 + q22 + · · · + qy2 and that x = ay . Let ps(x) be the VN -formula ∃z(prime(z) ∧ z · z = x) saying that x is a prime number squared and let psd(x, y) be the VN -formula ∃z(x + z = y ∧ ps(z)) saying that the diﬀerence y − x is the square of a prime number. Let ϕS (x, y) be the VN -formula ∃m∃k∃l(seq(m, k, l) ∧ ps(a1 ) ∧ ∀i(i < y → psd(ai , ai+1 )) ∧ x = ay ), where an is an abbreviation for code(m, k, l, n). We are now able to show that every recursive subset of N is Σ1 . We ﬁrst show that every recursive function on the natural numbers is deﬁnable by a Σ1 formula. Proposition 8.14 Let f : Nn → N be an n-ary function on the natural numbers. If f is recursive, then f is deﬁnable by a Σ1 formula. Proof By Exercise 7.7, it suﬃces to prove this for the 1-recursive functions on N. These are the function generated by composition, primitive recursion, and unbounded search from the constant function c1 (x) and the basic functions s(x)

The incompleteness theorems

369

and pni (x1 , . . . , xn ) from Section 7.1. By the deﬁnitions of these functions: s(x) = y is deﬁned by the VN -formula y = x + 1, c1 (x) = y is deﬁned by the VN -formula y = 1, and pni (x1 , x2 , . . . , xn ) = y is deﬁned by the VN -formula y = xi . Now suppose that f is a composition of functions: f (x1 , . . . , xn ) = h(g1 (x1 , . . . , xn ), . . . , gm (x1 , . . . , xn )). Suppose further that the m-ary function h is deﬁned by a Σ1 formula ϕh (x1 , . . . , xm , y) and, for each i = 1, . . . m, the n-ary functions gi is deﬁned by a Σ1 formula ϕgi (x1 , . . . , xn , y). Then f is deﬁned by the Σ1 formula

∃z1 · · · ∃zm

m

ϕgi (x1 , . . . , xn , zi ) ∧ ϕh (z1 , . . . , zm , y) .

i=1

Next suppose that f is obtained from functions h and g by primitive recursion: f (1, x2 , . . . , xn ) = g(x2 , . . . , xn ), f (x1 + 1, x2 , . . . , xn ) = h(x1 , . . . , xn , f (x1 , . . . , xn )). We must show that if both g and h are deﬁnable by Σ1 formulas, then so is f . For this, we must quantify over sequences of variable length. Suppose that g and h are deﬁned by ϕg (x2 , . . . , xn , y) and ϕh (x1 , . . . , xn , xn+1 , y). To ﬁnd ϕf (x1 , . . . , xn , y), consider how to compute f (z, x2 , . . . , xn ) for given z and tuple x2 , . . . , xn . We ﬁrst compute f (1, x2 , . . . , xn ) = g(x2 , . . . , xn ) = a1 . We then use a1 to compute f (2, x2 , . . . , xn ) = h(1, x2 , . . . , xn , a1 ) = a2 . We then use a2 to compute f (3, x2 , . . . , xn ) = h(2, x2 , . . . , xn , a2 ) = a3 , and so forth. We generate the sequence a1 , a2 , . . . where each ai equals f (i, x2 , . . . , xn ). The formula ϕf (z, x2 , . . . , xn , y) says that there exists such a sequence of length z and y is the last number in the sequence. That is, y = az . More explicitly, let ϕf (z, x2 , . . . , xn , y) be the formula ∃l∃m∃k(seq(l, m, k) ∧ z = l ∧ ϕg (x2 , . . . , xn , a1 )∧ ∀i(i < y → ϕh (i, x2 , . . . , xn , ai , ai+1 )) ∧ y = az ),

370

The incompleteness theorems

where each ai abbreviates the VN -term code(l, m, k, i). Then ϕf (¯ x, y) deﬁnes the function f . Moreover, if both ϕg and ϕh are Σ1 formulas, then, by its deﬁnition, so is ϕf . We have shown that the proposition holds for every primitive recursive function f . To show that every recursive function is deﬁnable by a Σ1 formula, we must consider unbounded search. Suppose that f (x1 , . . . , xn ) is deﬁned as the least natural number y such that both h(x1 , . . . , xn , y) = 0 and h(x1 , . . . , xn , z) is deﬁned for all z < y. Then f is deﬁned by the Vf -formula ∀z(z < y → ∃w(ϕh (x1 , . . . , xn , z, w) ∧ ¬(w = 0))) ∧ ϕh (x1 , . . . , xn , y, 0). Since the universal quantiﬁer is bounded, this formula is Σ1 provided that ϕh is. Corollary 8.15 For any A ⊂ Nk , A is recursive if and only if it is both Σ1 and Π1 . Proof If A is both Σ1 and Π1 , then it is recursive by Corollary 7.55. Conversely, x)) is recursive where suppose that A is recursive. Then the function f (¯ x) = s(χA (¯ χA is the characteristic function of A. By the previous proposition, f is deﬁned x, y). Since f (¯ a) = 2 if and only if a ¯ ∈ A, the Σ1 formula by a Σ1 formula ϕf (¯ x, (1 + 1)) deﬁnes the set A. Moreover, the compliment of A is deﬁned by the ϕf (¯ x, 1). So A is Π1 as well as Σ1 . Σ1 formula ϕf (¯ Corollary 8.16 If M |= ΓN and N ⊂ M , then any recursive subset of Nn is a deﬁnable subset of M . Proof This follows immediately from Proposition 8.3 and Corollary 8.15.

8.3 G¨ odel’s First Incompleteness theorem We now prove that TN is undecidable. We show that there is no algorithm that determines whether or not a given VN -sentence is true in TN . Suppose that ALG is an algorithm that takes VN -sentences as input and outputs either “yes” or “no.” Further suppose that an output of “yes” means that TN ϕ. We show that the converse cannot be true. We show that there necessarily exists a VN sentence β in TN for which ALG does not give the correct aﬃrmative output of “yes.” The key to our proof is on the ﬁrst page of this book (page xiii) where we ﬁnd the following English sentence: Let n be the smallest natural number that cannot be deﬁned in fewer than 20 words.

The incompleteness theorems

371

To make this sentence more precise, let us only consider the words deﬁned in the Oxford English Dictionary. Let A denote the sentence: There exists a least natural number that cannot be deﬁned using at most twenty words from the Oxford English Dictionary. The “A” is for “antinomy.” Since there are only ﬁnitely many words in the Oxford English Dictionary (contained in a mere ﬁnitely many volumes), there are only ﬁnitely many possible sentences having at most 20 words. It follows that the negation of A cannot be true. This negation entails that every number can be deﬁned in 20 words or less. On the other hand, A cannot be true. If A were true, then it would contradict itself since it contains fewer than 20 words. So, in English, we can write sentences such as A so that neither A nor the negation of A is true. What prevents us from writing such sentences in ﬁrst-order logic? Of course, a VN -sentence cannot refer to the Oxford English Dictionary. Let us attempt to modify the sentence A to obtain a sentence of ﬁrst-order logic. Instead of “words” let us count the number of symbols occuring in the VN -sentence. The symbols include variables, the ﬁxed symbols of ﬁrst-order logic, and the set VN . The length of a VN -formula is the number of symbols in the formula. For example, ∃x(y + y = x) has length 9 (counting parentheses). Consider now the sentence: The number n is deﬁnable by a VN -formula ϕ(x) having length at most l. We view this sentence as a formula, call it A (n, l), having free variables n and l. When we say that “n is deﬁnable by ϕ(x)” we mean that N |= ϕ(a) if and only if a = n. We now prove that A (n, l) cannot be expressed in ﬁrst-order logic. Proposition 8.17 There does not exist a VN -formula ψ(x, y) such that: N |= ψ(n, l) if and only if n is deﬁnable by a VN -formula having length at most l. Proof This follows from the elementary fact that TN is complete and consistent (by Theorem 2.86). Given any VN -sentence ϕ, either ϕ or ¬ϕ is in TN . If there exists a formula ψ(x, y) as described in the proposition, then we can write a VN -sentence ΨA that is neither true nor false in N. We now describe this sentence. If ψ(x, y) is a VN -formula, then so is ¬ψ(x, y) ∧ ∀z(¬ψ(z, y) → ∃w(x + w = z)). Let θ(x, y) denote this formula. This formula says that x is the least number not deﬁnable by a VN -formula having length at most y.

372

The incompleteness theorems

Let l be the length of θ(x, y). Then θ(x, (1 + 1)) has length l + m · 4, where m is the number of occurences of the variable y in θ(x, y). Of course, m ≤ l. So the length of θ(x, (1 + 1)) is at most 5l. In general, for any VN -term t, the length of θ(x, (t)) is at most (h + 2)l where h is the length of t (the “+ 2” is for the two parentheses around t). Let tn be the VN -term 1 + 1 + 1 + · · · + 1. This term has length 2n − 1. n times

Therefore, the term (tn ) · (tn ) representing n2 has length 2(2n − 1) + 5 = 4n + 3. Let sn (the “square” of n) denote this VN -term. It follows that the formula 2 θ(x, (sn )) has length at most (4n + 5)l. Let N √ be such that N > (4N + 5)l. 2 That is, let N be any integer greater than 2l + 5l + 4l . Let ΨA be the sentence ∃xθ(x, sN ). Claim N does not model the sentence ¬ΨA . Proof If N |= ¬ΨA , then N |= ∀x¬θ(x, sN ). By the deﬁnition of θ, this means that there is no least number x such that ¬ψ(x, sN ) holds. By induction, ψ(x, sN ) holds for every non-negative integer x. This means that every non-negative integer is deﬁnable by a formula having length at most N 2 . This is impossible since, up to equivalence, there are only ﬁnitely many VN -formulas of length less than N 2 . We must include the phrase “up to equivalence” because there are inﬁnitely many variables we may use. However, our choice of variables does not matter. Every VN -formula having length at most N 2 is equivalent to a formula that uses only the following symbols: x1 , x2 , . . . , xN 2 , ∧, ∨, ¬, →, ↔, (, ), ∃, ∀, =, 0, 1, ·, and + . Since this is a ﬁnite list of symbols, only ﬁnitely many formulas of length N 2 comprise these symbols. Claim N does not model the sentence ΨA . Proof The sentence ΨA asserts the existence of a least number x not deﬁnable by a formula of length less than N 2 . But θ(x, sN ) is a formula of length at most (4N + 5)l < N 2 that deﬁnes x. So ΨA is contradictory. Since TN is consistent, each of the two claims hold. Since TN is complete the proposition holds. It may seem that our discussion regarding the sentence A has not accomplished much. We have established that this sentence is an antinomy and as such cannot be expressed as a VN -sentence. Thus, we have provided no information beyond that contained in the ﬁrst paragraph of this book. However, we are now prepared to prove the G¨ odel’s First Incompleteness theorem.

The incompleteness theorems

373

Theorem 8.18 TN is undecidable. Proof Let ALG be an algorithm that halts in a ﬁnite number of steps and outputs either “yes” or “no” given any VN -sentence as input. Suppose that, for any VN -sentence ϕ, if ALG outputs “yes,” then TN ϕ. We demonstrate a VN -sentence β in TN for which ALG produces the incorrect output of “no.” Let n be an non-negative integer. We say that n is ALG-deﬁnable by a VN -formula ϕ(x) if ALG outputs “yes” when given the sentence ∀x(ϕ(x) ↔ x = tn ) as input (where tn is the VN -term representing n). Let R be the set of all (n, l) ∈ N2 such that n is ALG-deﬁnable by a formula ϕ(x) having length at most l. Claim R is recursive. Proof We show that the characteristic function χR (x, y) is computable and appeal to the Church–Turing thesis. To compute χR (n, l), given n and l, ﬁrst list every VN -formula in one free variable having length at most l. If we only include formulas having variables among x, x1 , x2 , . . . , xl , then this list is ﬁnite. For each formula ϕ(x) in the list, run the algorithm ALG with the sentence ∀x(ϕ(x) ↔ x = tn ) as input. If the algorithm halts with output “yes” for some ϕ(x) in our list, then χR (n, l) = 1. Otherwise, if “no” is the output for each ϕ(x) in the list, χR (n, l) = 0. We have described an algorithm that computes χR (x, y). We conclude that this function is recursive. By Corollary 8.15, R is a deﬁnable subset of N. Let ψALG (x, y) be a VN -formula that deﬁnes R. We now deﬁne a VN -sentence ΨALG in a manner analogous to the deﬁnition of ΨA in the proof of Proposition 8.17. Let θALG (x, y) be the formula ¬ψALG (x, y) ∧ ∀z(¬ψALG (z, y) → ∃w(x + w = z)) saying that x is the least number not ALG-deﬁnable by a VN -formula having √ length at most y. Let N be greater than 2l + 5l + 4l2 , where l is the length of θALG (x, y). Then N 2 is greater than the length of θALG (x, sN ), where sN is the VN -term representing N 2 as (tN ) · (tN ). Let ΨALG be the sentence ∃xθALG (x, sN ). Since only ﬁnitely many numbers are ALG-deﬁnable by some VN -formula having length at most N 2 , TN ΨALG . So N |= θALG (a, sN ) for some a ∈ N. Since it asserts that x is the least number such that ψALG (x, sN ) does not hold, the formula θALG (x, sN ) uniquely deﬁnes

374

The incompleteness theorems

a. So TN ∀x(θALG (x, sN ) ↔ x = ta ). Let β be the sentence ∀x(θALG (x, sN ) ↔ x = ta ). Suppose we execute ALG with input β. If the output is “yes,” then a is ALG-deﬁnable by the formula θALG (x, sN ) (by the deﬁnition of “ALG-deﬁnable”). Since the length of this formula is less than N 2 and a is not ALG-deﬁnable by such a formula, we conclude that the output must be “no.” Thus we have demonstrated a formula β ∈ TN for which ALG returns the output “no.” Since ALG is an arbitrary algorithm, we conclude that TN is undecidable. We make two comments regarding the above proof. First, note that this proof relies on the Church–Turing thesis. This is convenient, but by no means necessary. Since ALG is an arbitrary algorithm, it would be quite tedious to prove directly that R(x, y) is recursive. In the next two sections, we prove that TN is undecidable by an alternative proof that avoids the Church–Turing thesis. In fact, our “alternative proof” follows the original proof given by Kurt G¨ odel. The above proof is due to George Boolos [5]. Secondly, note that the proof of Theorem 8.18 proves more than the statement of Theorem 8.18. Theorem 8.19 (G¨ odel’s First Incompleteness theorem) If T is a decidable theory containing ΓN , then T is incomplete. Proof Repeat the proof of Theorem 8.18 using Corollary 8.16 where needed. The proof of Theorem 8.18 also extends to certain theories that do not contain ΓN (for example, see Exercise 8.11).

8.4 G¨ odel codes In this section, we set the stage for the proof of G¨odel’s Second Incompleteness theorem. To each V-formula ϕ, we assign a natural number called the G¨ odel code of ϕ. We let [ϕ] denote this natural number. G¨ odel codes for formulas are analogous to the codes of T ++ programs deﬁned in Section 7.4 and are deﬁned in a similar manner. We assign the odd natural numbers to symbols as follows: ( 1

) 3

¬ 5

∧ ∨ → ↔ = 7 9 11 13 15

∃ 17

∀ 19

+ · 21 23

0 25

1 x1 27 29

x2 31

... ...

Any ﬁnite string of symbols corresponds to a ﬁnite sequence of odd numbers. Suppose that s is the string of symbols corresponding to the numbers a1 , . . . , ak .

The incompleteness theorems

375

We assign to this string the number [s] = 2a1 · 3a2 · 5a3 · · · · · pakk where pk denotes odel code for s. the (k)th prime number. This is the G¨ Given a natural number n, there are many decision problems we may consider. • Is n the G¨ odel code for a symbol? • Is n the G¨ odel code for a variable? • Is n the G¨ odel code for a VN -term? • Is n the G¨ odel code for a VN -formula? • Is n the G¨ odel code for a VN -sentence in Skolem normal form? We can decide the answers to these and other decision problems by factoring n. If n is odd, then it is the code for some symbol. The number n codes a string of symbols if and only if n is divisible by each of the ﬁrst k prime numbers (for some k) and is divisible by no other prime numbers. Such n must be even since it is divisible by the ﬁrst prime p1 = 2. If n codes a sequence a1 , . . . , ak , then we can recover this sequence from the prime factorization of n. Since the factorization process is recursive, each of the above decision problems is decidable. By Corollary 8.15, the sets corresponding to these problems are deﬁnable subsets of N. So there exist VN -formulas var(x), term(x), and f orm(x) that deﬁne the set of G¨ odel codes for variables, terms, and formulas. That is, N |= f orm(n) if and only if n = [ϕ] for some VN -formula ϕ. Moreover, we claim that these formulas are ∆0 (see Exercise 8.7). Likewise, there exist ∆0 VN -formulas corresponding to rules of derivation from Section 3.1. Example 8.20 Consider the (, )-Introduction rule from Table 3.1. This rule states that if Γ ϕ, then Γ (ϕ). We deﬁne a V-formula ϕP I (x, y) such that N |= ϕP I (a, b)

if and only if a = [ϕ]

and b = [(ϕ)]

for some VN -formula ϕ. Let ϕ0 (x, y) be the VN -formula that says there exists a m p3m+2 for some m such that x = 2a1 3a2 · · · pamm and y = 21 · 3a1 · · · pmm−1 pam+1 a1 , . . . , am in N. Then N |= ϕ0 (a, b)

if and only if a = [s]

and b = [(s)]

for some string of symbols s. Let ϕP I (x, y) be the formula f orm(x) ∧ ϕ0 (x, y). By Exercise 8.7 f orm(x) is a ∆0 formula. It follows that ϕP I (x, y) is also ∆0 . Example 8.21 Consider the ∧-Introduction rule. We demonstrate a formula ϕ∧I (x, y, z) so that N |= ϕ∧I (a, b, c)

if and only if a = [ϕ], b = [ψ],

and c = [(ϕ) ∧ (ψ)]

376

The incompleteness theorems

for some VN -formulas ϕ, ψ, and θ. Let ϕ1 (a, b, c) be the VN -formula expressing that, for some m and n, a = 2a1 3a2 · · · pamm , b = 2b1 3b2 · · · pbnn ,

and

n 1 c = 2a1 3a2 · · · pamm p7m+1 pbm+2 · · · pbn+m+1 .

This formula says that c is the G¨ odel code for the string of symbols formed by putting a ∧ (having code 7) between the symbols coded by a and those coded by b. When using ∧-Introduction, we must be careful to include parentheses where needed. Let ϕ∧I (x, y, z) be the VN formula ∃u∃v(ϕP I (x, u) ∧ ϕP I (y, v) ∧ ϕ0 (u, v, z)). We claim that this formula, although it is not ∆0 , is equivalent to a ∆0 formula. By the deﬁnition of ϕP I (x, y), there is a primitive recursive function f (x) such that ϕP I (x, y) implies y < f (x). So ϕ∧I (x, y, z) is equivalent to the ∆0 formula ∃u∃v((u < f (x)) ∧ (v < f (y)) ∧ ϕP I (x, u) ∧ ϕP I (y, v) ∧ ϕ0 (u, v, z)), where, as usual, x < y abbreviates the VN -formula ∃z(x + z = y). In a similar manner, many of the rules for derivations from Chapter 3 can be expressed with ∆0 formulas. Let Generic rule be any rule from Table 3.1 other than ∨-Elimination and →-Introduction. There is a ∆0 formula ϕrule (x1 , x2 , y) such that N |= ϕrule (a1 , a2 , b) if and only if both • a1 = [ϕ1 ],a2 = [ϕ2 ], and b = [ψ] for some VN -formulas ϕ1 ,ϕ2 , and ψ, and • the Generic rule states that if Γ ϕ1 and Γ ϕ2 , then Γ ψ. This applies not only to rules in Table 3.1, but also to the rules of Tables 3.2 and 3.3 as well as DeMorgan’s rules, the Contradiction rule, the Cut rule, Modus Ponens, ∧-Distributivity, and so forth. Since VN can express rules for derivations, VN can express formal proofs. There are two rules from Table 3.1 that we have not considered. Since it contains Γ ∪ {ϕ} ψ in its premise, →-Introduction does not have the same format as our Generic rule. The formula representing →-Introduction is more complicated than the formulas for the other rules. Rather than dealing with this rule, we simply ignore it. For the same reason, we ignore ∨-Elimination. These rules are redundant. By Exercise 1.16, the rules mentioned in the previous paragraph form a complete set of rules for ﬁrst-order logic. So we have a complete set of rules of derivation for ﬁrst-order logic and each rule is represented by a ∆0 formula. Since there are only ﬁnitely many rules in this set, there exists a VN -formula Der(x, y, z) that says x, y, and z each code formulas and the formula coded by z can be derived from the formulas coded

The incompleteness theorems

377

by x and y by one of the rules in our set. This formula is the disjunction of the formulas corresponding to each of the rules. We have N |= Der(a, b, c) if and only if • a, b, and c are the G¨ odel codes for VN -formulas ϕ, ψ, and θ, and • θ follows from ϕ and ψ by ∧-Introduction or ∨-Distributivity or ∀-Introduction. . . and so forth. Since it is a disjunction of ∆0 formulas, Der(x, y, z) is also a ∆0 formula. For the remainder of this section, we exploit this fact and show that, for certain odel code VN -theories T , there exists a VN -formula P rT (x) that says “x is the G¨ of a formula that can be formally derived from T .” odel codes Deﬁnition 8.22 A set of VN -sentences Γ is recursive if the set of G¨ CΓ = {[ϕ]|ϕ ∈ Γ} is a recursive subset of N. Likewise, Γ is said to be primitive recursive if CΓ is. So a theory is recursive if and only if it is decidable. The set ΓN from Section 8.1 is clearly recursive. In fact, ΓN is primitive recursive. Proposition 8.23 For any recursive set of VN -sentences T , there exists a primitive recursive set of VN -sentences T0 such that T ϕ if and only if T0 ϕ for any VN -formula ϕ. Proof The proof is known as Craig’s trick. Let DT = {[ϕ]|T ϕ}. If T is recursive, then DT is recursively enumerable. Let f (x) be a recursive function having DT as its range. Then the set of consequences of T can be enumerated as ϕ1 , ϕ2 , ϕ3 , . . ., where, for each n ∈ N, f (n) = [ϕn ]. Let T0 = {(ϕn ) ∧ (ϕn ) ∧ . . . ∧ (ϕn )|n ∈ N}. n times

This is Craig’s trick. Clearly, T ϕ if and only if T0 ϕ. Moreover, we can determine whether or not a sentence ϕ is in T0 in a primitive recursive manner: ﬁrst count the number m of conjunctions in ϕ, and then compute f (1), . . ., f (m + 1). The formula ϕ is in T0 if and only if it is the conjunction of a formula having G¨ odel code f (i) for some i = 1, . . . , m + 1. (Exercise 8.15 oﬀers a more explicit proof.) We now deﬁne the formula P rT (x) for any recursive V-theory T . Proposition 8.24 For any recursive set of VN -sentences T , there exists a VN -formula P rT (x) such that N |= P rT ([ϕ]) if and only if T ϕ.

378

The incompleteness theorems

Proof By the previous proposition, it suﬃces to prove this for primitive recursive T . Let ψT (x) be a ∆0 formula such that N |= ψT ([ϕ]) if and only if ϕ ∈ T . We deﬁne a subset R of N2 inductively as follows: (x, 1) ∈ R if and only if N |= ψT (x), (x, n + 1) ∈ R if and only if there exist y and z such that (y, n) ∈ R, (z, n) ∈ R, and N |= Der(y, z, x). The set R is primitive recursive by its deﬁnition. By Exercise 8.6 (which can be extracted from our proof of Proposition 8.14), there exists a ∆0 VN -formula DrT (x, n) that deﬁnes this set. So N |= DrT ([ϕ], n) if and only if ϕ is a sentence that can be derived from T in at most n steps. Let P rT (x) be the formula ∃nDrT (x, n). Now suppose that T is a recursive set of VN sentences that contains ΓN as a subset. In this case, we claim that T ϕ if and only if T P rT (tϕ ), where tϕ is a VN -term such that N |= tϕ = [ϕ]. Essentially, this follows from the fact that ΓN is strong enough to express the coding process described earlier in this section. In particular, we use Proposition 8.3 to show that T ϕ implies T P rT (tϕ ) in the following proposition. The converse is left as Exercise 8.17. Notation 1 As in the proof of Proposition 8.17, we let tn denote the VN -term 1 + 1 + 1 + · · · + 1 for each n ∈ N. For any VN -formula ϕ, we let tϕ denote the n times

VN -term tn where n is the G¨odel code [ϕ] of ϕ. Proposition 8.25 Let T be a recursive set of VN -sentences such that ΓN ⊂ T . For any VN -sentence ϕ, if T ϕ, then T P rT (tϕ ). Proof Suppose that T ϕ. Then N |= P rT ([ϕ]) by Proposition 8.24. By the deﬁnition of P rT (x), N |= DrT ([ϕ], n) for some n ∈ N. It follows that N |= DrT (tϕ , tn ). Since DrT (x, y) is ∆0 , we have T DrT (tϕ , tn ) by Proposition 8.3. Finally, T P rT (tϕ ) by ∃-Introduction. Although T ϕ implies T P rT (tϕ ), it is NOT ALWAYS TRUE that (†) T ϕ → P rT (tϕ ). This is the crux of incompleteness. Just because something is true does not mean that we can prove it is so. As we shall show in the next section, there necessarily exists a sentence γ such that the sentence γ → P rT (tγ ) cannot be derived from T . By the deﬁnition of P rT in Proposition 8.24, γ → P rT (tγ ) is a consequence of T . So γ → P rT (tγ ), like the sentence β from the previous section, is a true sentence that cannot be derived from T . Thus, the failure of (†) reasserts G¨odel’s First Incompleteness theorem. Moreover, this failure has implications regarding

The incompleteness theorems

379

the nature of provability from which we deduce G¨ odel’s Second Incompleteness theorem. Although it is not true in general, (†) does hold in certain cases. In particular, it holds whenever ϕ has the form P rT (tψ ) for some VN -sentence ψ. Lemma 8.26 Let T be a recursive set of VN -sentences such that ΓN ⊂ T . Let ϕ be any VN -sentence and let ρ be the sentence P rT (tϕ ). Then T P rT (tϕ ) → P rT (tρ ). The proof of Lemma 8.26 is tedious and we omit it. We make some remarks regarding this proof at the end of this section. Lemma 8.27 Let T be a recursive set of VN -sentences such that ΓN ⊂ T . If N |= Der(a, b, c), then T (P rT (ta ) ∧ P rT (tb )) → P rT (tc ). Proof Since N |= Der(a, b, c), a, b, and c are the G¨ odel codes for some V-formulas ϕ, ψ, and θ. Moreover, θ follows from ϕ and ψ by one of our rules of derivation. We see that N |= (P rT (ta ) ∧ P rT (tb )) → P rT (tc ). The sentence (P rT (ta ) ∧ P rT (tb )) → P rT (tc ) is a ∀2 sentence in disguise, and so we cannot directly apply Proposition 8.3. Instead, consider the formula DrT (ta , x) ∧ DrT (tb , y) → DrT (tc , x + y + 1). If we can derive this formula from T , then we can obtain the desired result by ∃-Distribution. We must show that M |= DrT (ta , x) ∧ DrT (tb , y) → DrT (tc , x + y + 1). for each model M of T . This is certainly true if M happens to be N. However, M may contain “inﬁnite” elements (in the sense of Exercise 4.10). Moreover, since M may not be elementarily equivalent to N, these inﬁnite elements may behave diﬀerently than the natural numbers. By compactness, M |= DrT (ζ, η) for inﬁnite ζ and η in some model M of T . We must show that, even for these strange inﬁnite numbers, if M |= DrT (ta , ζ) and M |= DrT (tb , η), then M |= DrT (tc , ζ + η + 1). To see that this is the case, let us unravel the formula DrT (ta , x). In the proof of Proposition 8.24, this formula was deﬁned by primitive recursion from the formulas ψT (x) and Der(x, y, z). Recall that, in N, the formula ψT (x) deﬁnes the set of G¨ odel codes for sentences in T . In M , this formula may hold for an element ζ which is inﬁnite and therefore is not the G¨ odel code for any sentence. Even so, the formula DrT (ta , x) asserts that there exists a sequence a1 , . . . , ax so that ax = ta and, for each k = 1, . . . , x, either ψT (ak ) or

380

The incompleteness theorems

Der(ai , aj , ak ) for some i and j less than k. Since this formula is Σ1 (in fact, it is ∆0 ), this assertion is true in any model of T by Proposition 8.3. Since N |= Der(a, b, c), we have T Der(ta , tb , tc ) by Proposition 8.3. From this and the deﬁnition of DrT in the previous paragraph it follows that for any M |= T , if M |= DrT (ta , ζ) and M |= DrT (tb , η), then M |= DrT (tc , ζ + η + 1). Corollary 8.28 Let T be a recursive set of VN -sentences such that ΓN ⊂ T . Let a = [ϕ], b = [ψ], and c = [(ϕ) ∧ (ψ)] for some VN -sentences ϕ and ψ. Then T (P rT (ta ) ∧ P rT (tb )) → P rT (tc ). Corollary 8.29 Let T be a recursive set of VN -sentences such that ΓN ⊂ T . Let a = [ϕ], b = [ψ], and c = [(ϕ) → (ψ)] for some VN -sentences ϕ and ψ. Then T (P rT (ta ) ∧ P rT (tc )) → P rT (tb ). The proof of Lemma 8.26 is considerably more diﬃcult than the proof of Lemma 8.27. To prove Lemma 8.26, we must unravel the sentence P rT (tρ ). By its deﬁnition N |= P rT (tρ ) ↔ P rT ([P rT ([ϕ])]). So, N |= P rT (tρ ) if and only if T P rT ([ϕ]). From this observation, we see that N |= P rT (tϕ ) → P rT (tρ ). But, to prove Lemma 8.26, we must show that this is true for all models M of T . We must show that if M |= DrT (tϕ , η) for some η, then M |= DrT (tρ , ζ) for some ζ. To see that this is the case, note that, given a formal derivation of ϕ from T , one can construct, in a primitive recursive manner, a formal derivation of P rT (tϕ ) from T . It is the proof of this intuitive fact that is quite tedious. Typically, I have provided references where proofs have been omitted. In the case of Lemma 8.26, I know of no such reference. Even G¨odel’s original paper omits such intuitive but tedious details. Rather than a reference, I recommend to the reader Exercise 8.19. (That is, do it yourself reader!) Whereas a formal proof of Lemma 8.26 makes for horrible prose, it makes a good exercise for understanding the subtle concepts of the present section in preparation for the next section.

8.5 G¨ odel’s Second Incompleteness theorem Let T be a recursive VN -theory that contains ΓN . In the previous section, we showed that there exists a VN -formula P rT (x) such that T P rT (tϕ ) if and only if T ϕ. This holds for any VN -sentence ϕ. Suppose now that ϕ is a

The incompleteness theorems

381

contradiction. For deﬁniteness, let ϕ be the sentence ¬(1 = 1). The G¨ odel code for this sentence is 25 · 31 · 527 · 715 · 1127 · 133 = 97805776756277266140466823153062702475001841306686401367187500000. For our sanity, let c denote this number. In this section, we consider the sentence ¬P rT (tc ). G¨ odel’s Second Incompleteness theorem states that this sentence cannot be derived from T . For any theory T , T ¬(1 = 1) if and only if T is inconsistent. Since we are assuming that T is a theory, it is not the case that T ¬(1 = 1). By Proposition 8.24, N |= ¬P rT (tc ). And so, ¬P rT (tc ) is a true sentence that cannot be derived from T . In this sense, G¨ odel’s Second Incompleteness is a special case of the First Incompleteness theorem. The Second Incompleteness theorem says more than the First Incompleteness theorem since it asserts that the sentence ¬P rT (tc ) in particular cannot be derived from T . To prove G¨ odel’s Second Incompleteness theorem, we use the following Fixed Point lemma (often referred to as the Diagonalization lemma). The key to this lemma and its proof is a certain VN -formula D(x, y) that we now deﬁne. For any formula ϕ, let δϕ denote the formula ∃x(x = tϕ ∧ ϕ). If ϕ happens to have x as its only free variable, then δϕ is equivalent to the sentence ϕ(tϕ ) asserting that ϕ holds of its own G¨ odel number. Given the G¨ odel number for ϕ, we can compute the G¨odel number for δϕ in a primitive recursive manner. By Exercise 8.6, the relation between the G¨ odel number of ϕ and that of δϕ is deﬁnable by a ∆0 -formula. Let D(x, y) be a ∆0 formula that says x = [ϕ] and y = [δϕ ] for some VN -formula ϕ. Lemma 8.30 (Fixed Point lemma) Let T be a recursive set of VN -sentences such that ΓN ⊂ T . Let ϕ(x) be a VN -formula having one free variable. There exists a VN -sentence ψ such that T ψ ↔ ϕ(tψ ). Proof Let ψ be the sentence δθ where θ(x) is the formula ∃y(D(x, y) ∧ ϕ(y)). That is, ψ is the formula ∃x(x = tθ ∧ θ(x)). We see that ψ ≡ θ(tθ ) ≡ ∃y(D(tθ , y) ∧ ϕ(y)). By Completeness, we have (*) T ψ ↔ ∃y(D(tθ , y) ∧ ϕ(y)). Since D(x, y) is ∆0 and N |= D(tθ , tψ ), we have T D(tθ , tψ ). The primitive recursive function that takes [ϕ] to [δϕ ] is one-to-one. It follows that, for any model M of T , M |= ∀y(D(tθ , y) ↔ y = tψ ), and so T ∀y(D(tθ , y) ↔ y = tψ ). Substituting this into (*) yields: T ψ ↔ ∃y(y = tψ ∧ ϕ(y)), and so T ψ ↔ ϕ(tψ ) as we wanted to show.

382

The incompleteness theorems

Corollary 8.31 Let T be a decidable VN -theory containing ΓN . There exists a VN -sentence γ such that T γ ↔ ¬P rT (tγ ). Proof Apply the Fixed Point lemma to the formula ¬P rT (x). Proposition 8.32 If T and γ are as in the previous corollary, then TN ¬P rT (tγ ) and T γ. Proof The sentence γ asserts that it is not provable from T . If T γ, then T ¬P rT (tγ ). By Proposition 8.25, if T γ, then T P rT (γ). Since T is consistent, it must be the case that T γ. Since γ cannot be derived from T , ¬P rT (tγ ) ∈ TN by Proposition 8.24. The previous proposition provides an alternative proof for G¨ odel’s First Incompleteness theorem. For any recursive subset T of TN , the sentence γ that assert “I am not provable from T ” must be both true and not provable from T . This is the proof G¨ odel originally gave for the First Incompleteness theorem. The Second Incompleteness theorem is deduced by showing that γ and ¬P rT (tc ) are T -equivalent. Theorem 8.33 (G¨ odel’s Second Incompleteness theorem) If T is a decidable VN -theory that contains ΓN , then T ¬P rT (tc ). Proof Let γ be as in Corollary 8.31. We show that γ and ¬P rT (tc ) are T -equivalent. Since ¬(1 = 1) is contradictory, T ¬(1 = 1) → γ. Let b = [¬(1 = 1) → γ]. By Proposition 8.25, T P rT (tb ). Corollary 8.29 states that T (P rT (tc ) ∧ P rT (tb )) → P rT (tγ ). Since T P rT (tb ), we have T P rT (tc ) → P rT (tγ ). By contraposition, T ¬P rT (tγ ) → ¬P rT (tc ). This establishes T γ → ¬P rT (tc ) by the deﬁnition of γ. We now derive the converse from T . Let θ be the sentence ¬γ ↔ P rT (tγ ). Let p = [P rT (tγ )]. Since ¬γ can be derived from θ and P rT (tγ ): T (P rT (tθ ) ∧ P rT (tp )) → P rT (t¬γ ) by Lemma 8.27. Now since T θ, we have T P rT (tθ ) by Proposition 8.25. We also have, by Proposition 8.26, T P rT (tγ ) → P rT (tp ). By the previous three lines, T P rT (tγ ) → P rT (t¬γ ) Since ¬(1 = 1) can be derived from γ and ¬γ: T (P rT (tγ ) ∧ P rT (t¬γ )) → P rT (tc ) by Lemma 8.27. Since we have shown T P rT (tγ ) → P rT (t¬γ ) it follows that T P rT (tγ ) → P rT (tc ) and so T ¬P rT (tc ) → ¬P rT (tγ ). Finally, by the deﬁnition of γ, we have T ¬P rT (tc ) → γ.

The incompleteness theorems

383

We have successfully shown that T ¬P rT (tγ ) ↔ γ. G¨ odel’s Second Incompleteness theorem then follows from Proposition 8.32. The sentence ¬P rT (tc ) is commonly denoted Con(T ). This notation reﬂects the fact that N |= Con(T ) if and only if T is consistent. Now, suppose that we have a recursive set of V-sentences Γ and we want to determine whether or not T = Γ ∪ ΓN is consistent. Attempting to derive Con(T ) from T would be an extremely naive approach. The reason is that, if T happens to be inconsistent, then any VN -sentence can be derived from T . So if we are successful in deriving Con(T ) from T , then it is possible that T is inconsistent. By the Second Incompleteness theorem, it is not only possible, but necessary that T be inconsistent: T Con(T ) if and only if T is inconsistent. Whereas Con(T ) deﬁnes consistency semantically in N, it means precisely the opposite from the syntactic perspective of T .

8.6 Goodstein sequences In this section, we describe a true statement regarding the natural numbers that odel’s First can be formulated as a V-sentence but cannot be derived from ΓN . G¨ Incompleteness theorem guarantees the existence of such sentences, but does not provide an explicit example. Inexplicit examples are provided by the sentences γ from the previous section and β from the proof of Theorem 8.18. Since they are VN -sentences in TN , both γ and β are statements regarding the natural numbers. However, we do not know what these sentences express. The Fixed Point lemma implies the existence of γ such that ΓN γ ↔ ¬P rΓN (tγ ). This is all we know about of the sentence γ. Likewise, we know that the V-sentence β exists, but we do not know what it says about the natural numbers. We consider sequences of non-negative integers known as Goodstein sequences. Given any natural number n, there is a unique Goodstein sequence that begins with n as its ﬁrst term. Let us denote this sequence sn . The best way to describe these sequences is to provide an example. Suppose n = 14. Let a1 , a2 , a3 , . . . denote the terms of the sequence s14 . Then a1 = 14. To ﬁnd a2 , ﬁrst express the number 14 totally in base 2. That is, write 14 as a sum of powers of 2: 14 = 23 + 22 + 2. Moreover, write the exponents as sums of powers of two. Repeat this until every number occuring in the expression is a power of 2. In this case, write 14 as 2(2+1) + 22 + 2. To ﬁnd a2 , change each 2 in this expression to a 3 and then subtract 1: a2 = (3(3+1) + 33 + 3) − 1 = (81 + 9 + 3) − 1 = 93 − 1 = 92.

384

The incompleteness theorems

To ﬁnd a3 , ﬁrst express the number a2 totally in base 3: 92 = 3(3+1) +33 +2. The number 2 (which is not a power of 3) represents the sum 30 + 30 . In general, when writing a number totally in base n, we allow numbers less than n as coeﬃcients. Now change each 3 to a 4 and subtract 1: a3 = (4(4+1) + 44 + 2) − 1 = (1024 + 256 + 2) − 1 = 1282 − 1 = 1281, and so forth. To ﬁnd am , ﬁrst express am−1 totally in base m, then change each m to m + 1, and then subtract 1 from the result. This rule generates each Goodstein sequence. If am equals 0 for some m, then the Goodstein sequence terminates. Continuing with the sequence s14 , we have a4 = (5(5+1) + 55 + 1) − 1 = (15625 + 3125 + 1) − 1 = 18751 − 1 = 18750, a5 = (6(6+1) + 66 ) − 1 = (279936 + 46656) − 1 = 326592 − 1 = 326591. Now 326591 = 5 · 6(6) + 5 · 65 + 5 · 64 + 5 · 63 + 5 · 62 + 5 · 6 + 5. So a6 = (5 · 7(7) + 5 · 75 + 5 · 74 + 5 · 73 + 5 · 72 + 5 · 7 + 5) − 1 = 4215754. So the sequence s14 begins 14, 92, 1281, 18750, 326591, 4215754, . . . . Clearly, the next few terms of this sequence get larger and larger. In this respect, there is nothing special about the number 14. The sequence sn gets quite large for most choices of n. This is not true for n = 1, 2, or 3 but it is true for n = 4 (try it). For some values of n, sn grows very rapidly. For example, let n = 18. Then, written in base 2, 18 = 25 + 2. Written totally in base 2, we have a1 = 18 = 2(2 a2 = (3(3

3

+1)

2

+1)

+ 2,

and so

+ 3) − 1 = 328 + 2 = 22876792454963.

Computing a Goodstein sequence without a computer would be unpleasant. Even with a computer, this computation may not be feasible. Each step of the computation consists of two parts: we must increase the base and subtract 1. Whereas the ﬁrst part may increase our number greatly, the second part decreases the result slightly. Although they may appear cumbersome, Goodstein sequences possess the following charming property. Theorem 8.34 (Goodstein) Every Goodstein sequence converges to zero. Proof Let sn = (a1 , a2 , a3 , . . .) be an arbitrary Goodstein sequence. We deﬁne a sequence b1 , b2 , b3 , . . . of ordinals as follows. For each m ∈ N, let bm be the ordinal obtained by replacing each occurrence of (m + 1) with ω

The incompleteness theorems

385

in the total base (m + 1) representation of am . For example, if sn is s14 , then: a1 a2 a3 a4

= 2(2+1) + 22 + 2 implies = 3(3+1) + 33 + 2 implies = 4(4+1) + 44 + 1 implies = 5(5+1) + 55 implies

b1 b2 b3 b4

= ω (ω+1) + ω ω + ω = ω (ω+1) + ω ω + 2 = ω (ω+1) + ω ω + 1 = ω (ω+1) + ω ω .

Note that the sequence of bi s is decreasing. Continuing, we see that b5 = 5 · ω (ω) + 5 · ω 5 + 5 · ω 4 + 5 · ω 3 + 5 · ω 2 + 5 · ω + 5, b6 = 5 · ω (ω) + 5 · ω 5 + 5 · ω 4 + 5 · ω 3 + 5 · ω 2 + 5 · ω + 4, and so forth. Increasing the base in the sequence of ai s has no eﬀect on the sequence of bi s. Because we subtract 1 at each stage, bi+1 is necessarily smaller than bi . This observation proves the theorem. For any Goodstein sequence a1 , a2 , a3 · · · , the corresponding sequence of ordinals b1 > b2 > b3 · · · is decreasing. By Exercise 4.22, this latter sequence must be ﬁnite. This is easily proved by induction on the ordinals. We conclude that the sequence a1 , a2 , a3 , . . . must be ﬁnite. This only happens if am = 0 for some m. Although each sequence eventually reaches zero, it may take a very long time for this to happen. For example, we know that the mth term of the sequence s18 is zero for some m. Since each step the sequence decreases by at most 1, the number m must be at least 22876792454963 (since this is the value of a2 for this sequence). Note that the statement of Goodstein’s theorem can be formulated as a VN -sentence. Using the techniques of Section 8.2 we can deﬁne a VN -formula Good(l, m, k) that holds if and only if [l, m, k] codes the initial l nonzero terms of a Goodstein sequence. We can express that every Goodstein sequence is ﬁnite by saying that every such initial segment is contained in an initial segment having 1 as its ﬁnal term. Clearly am = 1 if and only if am+1 = 0 and the sequence terminates. (So the fact that 0 is not in our vocabulary is not a problem.) Let ΦGood denote this sentence. In 1982, Kirby and Paris proved the following. Theorem 8.35 ΓN ΦGood . Clearly, our proof of Goodstein’s theorem, since it refers to the inﬁnite ordinal ω, cannot be carried out in ΓN . Kirby and Paris’s theorem shows that no formal proof in ΓN can prove this theorem. Kirby and Paris show that Goodstein’s theorem is equivalent to an induction axiom that allows us to prove the conodel’s Second sistency of ΓN . In this way, Theorem 8.35 can be deduced from G¨ Incompleteness theorem. We refer the reader to [23] for the details of this proof.

386

The incompleteness theorems

Exercises 8.1.

Explain why G¨ odel’s Incompleteness theorems do not contradict the Completeness theorem (also proved by Kurt G¨odel).

8.2.

Encode the following ﬁnite sequences as a triple [l, m, k] using the method described in Section 8.2: (a) (1, 1, 1); (b) (3, 3, 3, 3, 3); (c) (1, 2, 3).

8.3.

What ﬁnite sequence is coded by the triple [4, 5, 373777]?

8.4.

The Fibonacci sequence is 1, 1, 2, 3, 5, 8, . . . (each number in the sequence is the sum of the previous two.) A number is called a Fibonacci number if it is one of the numbers in this sequence. Write a VN -formula φ(x) such that N |= φ(a) if and only if a is a Fibonacci number.

8.5.

(a)

Express the formula 1 + 2 + · · · + x =

(b)

Show that ΓN ∀xϕ(x) where ΓN is the set of axioms from Section 8.1.

x(x+1) 2

as a VN -formula ϕ(x).

8.6.

Prove that a deﬁnable subset D of N is deﬁnable by a ∆0 VN -formula if and only if D is primitive recursive.

8.7.

Show that the following sets of natural numbers are primitive recursive by describing a ∆0 formula that deﬁnes the set: (a) T = {n|n is the G¨odel code for a VN -term } (b) F = {n|n is the G¨odel code for a VN -formula } (c)

S = {n|n is the G¨odel code for a VN -sentence }.

8.8.

Let T be recursive VN -theory containing ΓN . Show that the set {n|N |= P rT (n)} is not primitive recursive.

8.9.

Show that the decision problems corresponding to each of the four sets deﬁned in the previous two problems are in NP. If P = NP, then which these problems are in P?

8.10. Consider the structure R = {R|+, ·, 0, 1}. The theory of R is decidable. For each n ∈ N the set {1, 2, 3, . . . , n} is a deﬁnable subset of R. Let Re be an expansion of R in which the natural numbers is a deﬁnable subset. Show that the theory of Re is undecidable. 8.11. Let V be a ﬁnite vocabulary and let T be a V-theory. Let D = {t1 , t2 , t3 , . . .} be a set of V-terms. A subset B of D2 is recursive if B = {(ti , tj )|(i, j) ∈ I} for some recursive subset I of N2 . Suppose that • for some M |= T , each recursive subset of D2 is a deﬁnable subset of M . • for each m ∈ N there exists a term tn ∈ D such that n is more than m times the length of tn . (i.e., there exist terms tn ∈ D that are arbitrarily short relative to n.) Prove that T is undecidable.

The incompleteness theorems

387

8.12. (L¨ ob) Let T be a recursive subset of TN . Show that there exists a VN -sentence ϕ so that T ϕ ↔ P rT (tϕ ). Show that, unlike the sentence γ that asserts its own unprovability, ϕ can be derived from T . 8.13. (Tarski) Let V = {[ϕ]|N |= ϕ}. Use the Fixed Point lemma to show that V is not a deﬁnable subset of N. 8.14. Show that for any two VN -formulas ϕ1 (x) and ϕ2 (x) in one free variable there exist VN -sentences ψ1 and ψ2 such that T ψ1 ↔ ϕ1 (tψ2 ) and T ψ2 ↔ ϕ2 (tψ1 ). 8.15. Let T be a recursive set of V-sentences. Let T0 = {(ϕ) ∧ (ϕ) ∧ . . . ∧ (ϕ)|T ϕ} and let C0 = {[ϕ]|ϕ ∈ T0 }. nϕ times

Recall the primitive recursive function bin(e, x, n, 1) from the proof of Theorem 7.33. Show that there exists a T ++ program Pe such that bin(e, x, x, 1) is the characteristic function of C0 . 8.16. Let T be a deductively closed VN -theory and let CT ⊂ N be the set of G¨ odel codes of sentences in T . Show that the following are equivalent. (i) T is decidable. (ii) CT is recursively enumerable. (ii) T is axiomatized by a primitive recursive set of sentences. 8.17. Let T be a recursive set of VN -sentences that contains ΓN . Show that if T P rT (tϕ ) then T ϕ. x) 8.18. Let T be a recursive set of VN -sentences such that ΓN ⊂ T . Let f (¯ x, y) be a VN -formula be a primitive recursive function on N and let ϕf (¯ x, y) → P rT (td ), where d expressing that f (¯ x) = y. Show that T ϕf (¯ x, y). (Proceed by induction on the primitive is the G¨ odel code for ϕf (¯ recursive function f .) 8.19. Sketch a proof for Lemma 8.26. 8.20. Let Tn be the set of Σn sentences in TN . Let Sn = {[ϕ]|ϕ ∈ Tn }. Show that Sn is a Σn set that is not Πn (see Exercise 7.29). 8.21. Let Tn be the set of Σn sentences in TN . Show that, for any n ∈ N, Tn is incomplete. 8.22. (Rosser) Let T be a recursive VN -theory that contains ΓN . Let Y = {[ϕ]|T ϕ} and N = {[ϕ]|T ¬ϕ}. Show that Y and N are recursively inseparable (as deﬁned in Exercise 7.24).

9

Beyond ﬁrst-order logic

We consider various extensions of ﬁrst-order logic. Informally, a logic L is an extension of ﬁrst-order logic if every sentence of ﬁrst-order logic is also a sentence of L. We also require that L is closed under conjunction and negation and has other basic properties of a logic. In Section 9.4, we list the properties that formally deﬁne the notion of an extension of ﬁrst-order logic. Prior to Section 9.4, we provide various natural examples of such extensions. In Sections 9.1–9.3, we consider, respectively, second-order logic, inﬁnitary logics, and logics with ﬁxed-point operators. We do not provide a thorough treatment of any one of these logics. Indeed, we could easily devote an entire chapter to each. Rather, we deﬁne each logic and provide examples that demonstrate the expressive power of the logics. In particular, we show that none of these logics has compactness. In the ﬁnal Section 9.4, we prove that if a proper extension of ﬁrst-order logic has compactness, then the Downward L¨ owenheim–Skolem theorem must fail for that logic. This is Lindstr¨ om’s theorem. The Compactness theorem and Downward L¨ owenheim–Skolem theorem are two crucial results for model theory. Every property of ﬁrst-order logic from Chapter 4 is a consequence of these two theorems. Lindstr¨ om’s theorem implies that the only extension of ﬁrst-order logic possessing these properties is ﬁrst-order logic itself.

9.1 Second-order logic Second-order logic is the extension of ﬁrst-order logic that allows quantiﬁcation of relations. The symbols of second-order logic are the same symbols used in ﬁrstorder logic. The syntax of second-order logic is deﬁned by adding one rule to the syntax of ﬁrst-order logic. The additional rule makes second-order logic far more expressive than ﬁrst-order logic. Speciﬁcally, the syntax of second-order logic is deﬁned as follows. Any atomic ﬁrst-order formula is a formula of second-order logic. Moreover, we have the following four rules: (R1) (R2) (R3) (R4)

If If If If

ϕ ϕ ϕ ϕ

is a formula then so is ¬ϕ. and ψ are formulas then so is ϕ ∧ ψ. is a formula, then so is ∃xϕ for any variable x. is a formula, then so is ∃Rn ϕ for any n and n-ary relation R.

Beyond ﬁrst-order logic

389

Deﬁnition 9.1 A string of symbols is a second-order formula if and only if it can be built up from atomic formulas using these four rules. Recall that rules (R1), (R2), and (R3) deﬁne the syntax for ﬁrst order logic. These rules regard the primitive symbols ¬, ∧, and ∃. We allow the same abbreviations ∀, ∨, →, and ↔ from ﬁrst-order logic. For any formula ϕ, we naturally deﬁne ∀Rn ϕ to be the formula ¬∃Rn ϕ. We deﬁne a second-order sentence in the same manner that we deﬁned the notion of a ﬁrst-order sentence. Deﬁnition 9.2 A second-order sentence is a formula having no free variables. This deﬁnition does not refer to relations. In second-order logic, relations like variables may have free or bound occurences within a formula. A second-order sentence may have free relations but not free variables. Let V be a vocabulary. A second-order sentence ϕ is a V-sentence if each constant and function occurring in ϕ is in V and each relation having free occurrence in ϕ is in V. A second-order V-sentence may contain relations that are not in V provided that they are bound by a quantiﬁer. Example 9.3 Let V = {P , Q} be the vocabulary consisting of unary relations P and Q. Consider the following sentence: ∀x∀y(R(x, y) → (P (x) ∧ Q(y)))∧ ∀x(P (x) → ∃yR(x, y))∧ ∀x∀y∀z(R(x, y) ∧ R(x, z) → y = z). Call this sentence ϕ0 . This is a ﬁrst-order sentence, but it is not a V-sentence since the relation R is not in V. Now let ϕ be the second-order sentence ∃R2 ϕ0 . This is a V-sentence since the free relations are in ϕ. We now deﬁne the semantics of second-order logic. Let M be a V-structure and let ϕ be a second-order V-sentence. We must say what it means for M to be a model of ϕ. We use the notation M |= ϕ to express that M is a model of ϕ. We deﬁne this concept by induction on the complexity of ϕ. If ϕ is ﬁrstorder, then M |= ϕ is as deﬁned in Section 2.3. Now, suppose M |= ϕ0 has been deﬁned and let ϕ have the form ∃Rn ϕ0 . Then M |= ϕ if and only if there exists an interpretation of R on the universe of M which makes ϕ0 true. Put another way, M |= ϕ if and only if there exists an expansion M of M to the vocabulary V ∪ {R} such that M |= ϕ0 . Example 9.4 Let V = {P , Q} and let M be a V-structure. Let ϕ0 and ϕ be as in Example 9.3. It makes no sense to ask whether M models ϕ0 since M is an V-structure and ϕ0 contains the relation R which is not in V. Whether a structure models ϕ0 depends on how R is interpreted. The sentence ϕ asserts

390

Beyond ﬁrst-order logic

that ϕ0 holds for some interpretation of R. As was pointed out in Example 9.3, the second-order sentence ϕ is a V-sentence. So for every V-structure M , either M |= ϕ or M |= ¬ϕ. To determine which is the case, let us consider what ϕ0 and ϕ say. Let P (M ) = {a ∈ U |M |= P (a)} and let Q(M ) = {a ∈ U |M |= Q(a)}. The sentence ϕ0 says that for each x in P (M ) there exists a unique y in Q(M ) such that R(x, y) holds. Note that if this is true, then there must be at least as many elements in Q(M ) as in P (M ). The sentence ϕ says that ϕ0 holds for some interpretation of R. This sentence is true in M if and only if |P (M )| ≤ |Q(M )|. Recall Examples 4.73 and 4.74 from Section 4.7. In Example 4.73 it was shown that no set of ﬁrst-order sentences can express |P (M )| = |Q(M )|. This is a consequence of the Downward L¨owenheim–Skolem theorem. Clearly, we can modify ϕ in the previous example to obtain a second-order sentence that holds in a structure M if and only if P (M ) and Q(M ) have the same size. In Example 4.74, it was shown that the graph-theoretic property of connectedness cannot be expressed in ﬁrst-order logic. We now show that this, too, can be expressed in second-order logic. Example 9.5 Let VR = {R} be the vocabulary of graphs. We write a secondorder VR -sentence ϕcon that holds in a graph G if and only if G is connected. This sentence asserts that there exists a linear order with certain properties. Recall that a binary relation L(x, y) is a linear order if and only if the following three sentences hold: ∀x∀y(L(x, y) ∨ L(y, x) ∨ y = x) ∀x∀y(L(x, y) → ¬L(y, x)) ∀x∀y∀z((L(x, y) ∧ L(y, z)) → L(x, z)). Let ϕlo (L) be the conjunction of these sentences. To deﬁne the sentence ϕcon we make the following observation: G is connected if and only if the vertices of G can be linearly ordered so that for each vertex v, if v is not the ﬁrst vertex, then there exists a previous vertex in the order adjacent to v. We express this as follows: ∃L2 (ϕlo (L) ∧ ∀x(∃yL(y, x) → ∃y(L(y, x) ∧ R(y, x)))). Let ϕcon be this sentence. Example 9.4 implies that the Downward L¨ owenheim–Skolem theorem fails in second-order logic. The previous example implies the failure of compactness. The next two examples demonstrate these failures in a direct way. We show that

Beyond ﬁrst-order logic

391

there exist second-order sentences expressing that “the universe is inﬁnite” and “the universe is uncountable.” Example 9.6 We demonstrate a second-order sentence ϕinf that holds in a structure if and only if the structure is inﬁnite. Let ϕ0 be the conjunction of the following ﬁrst-order sentences: 1. ∀x∃yR(x, y). 2. ∀x∀y∀z(R(x, y) ∧ R(x, z) → y = z). 3. ∀x∀y∀z(R(x, y) ∧ R(z, y) → x = z). 4. ∃y∀x¬R(x, y). Let M |= ϕ0 . By sentences 1 and 2, we can view R(x, y) as a function on the universe of M . Given any x in the universe, this function outputs the unique y for which R(x, y) holds. Sentence 3 asserts that this function is one-to-one. By sentence 4, this function is not onto. This is only possible if M is inﬁnite (any one to one function from a ﬁnite set to itself must be onto). So, if M |= ϕ0 , then M must be inﬁnite. Let ϕinf be the sentence ∃R2 ϕ0 . Inﬁnite structures and only inﬁnite structures model this sentence. Example 9.7 We demonstrate a second-order sentence ϕuncount that holds in a structure if and only if the structure is uncountable. Let Q(x) be a unary relation. In the manner demonstrated in the previous example, we can write a second-order sentence ϕ(Q) that holds if and only if Q(x) deﬁnes a ﬁnite set. Let ϕlo (L) be the sentence from Example 9.5 asserting that the binary relation L deﬁnes a linear order. Now let ϕcount be the sentence: ∃L2 (ϕlo (L)) ∧ ∀x∀Q1 ∀y((Q(y) → L(y, x)) → ϕ(Q)). Suppose M |= ϕcount . The sentence ϕcount says that we can linearly order the elements of the universe of M in such a way that each element has only ﬁnitely many predecessors. This is possible if and only if the universe is at most countable. So M |= ϕcount if and only if M is countable. Let ϕuncount be ¬ϕcount . We see that second-order logic does not share the properties of ﬁrstorder logic discussed in Chapter 4. The previous examples show that the two main results of Chapter 4, the Compactness theorem and the Downward L¨ owenheim–Skolem theorem, are not true in second-order logic. From the failure of compactness, we can deduce the failure of completeness (this was also shown in Section 8.1). There is no algorithmic way to determine whether or not a given second-order sentence is a consequence of a given set of second-order sentences. Likewise, there is no method for determining whether or not a structure models a certain second-order sentence, or whether or not two given structures

392

Beyond ﬁrst-order logic

model the same second-order sentences, and so forth. In short, second-order logic is too expressive to admit a useful model theory. Because second-order logic is too powerful, it is natural to consider various fragments of second-order logics. Monadic second-order logic is the fragment that only allows second-order quantiﬁcation over unary relations. So in monadic second-order logic, one can consider subsets of the universe U of a structure, but not subsets of U n for n > 1. In weak monadic second-order logic, one can consider only ﬁnite subsets of U . We now turn our attention to other extensions of ﬁrst-order logic.

9.2 Inﬁnitary logics The logic Lω1 ω is the extension of ﬁrst-order logic which allows countable conjunctions. That is, we have the following rule for forming formulas. (R2) If {ϕ1 , ϕ2 , ϕ3 , . . .} is a countable set of formulas, then i ϕi is also a formula. This is in addition to the rules of ﬁrst-order logic which state that any atomic formula is a formula and (R1) If ϕ is a formula then so is ¬ϕ, and (R3) If ϕ is a formula, then so is ∃vϕ for any variable v. Note that countable disjunctions are also allowed since ¬ ϕi ≡ ¬ϕi . Let M be a ﬁrst-order structure. If the vocabulary of M is countable, then there is a single sentence of Lω1 ω that describes M up to ﬁrst-order elementary equivalence. Namely, the conjunction of the sentences in T h(M ) is a Lω1 ω sentence. Moreover, Lω1 ω sentences can state precisely which types are realized in M . For each k-type p ∈ S(T h(M )), there exists a Lω1 ω sentence of the form ∃x1 · · · ∃xk p(x1 , . . . , xk ). It follows immediately from Proposition 6.27 that the logic Lω1 ω describes countable homogeneous structures up to isomorphism. As we shall show, Lω1 ω describes any countable structure, whether homogeneous or not, up to isomorphism. Deﬁnition 9.8 Structures M and N are said to be Lω1 ω -elementarily equivalent, denoted M ≡Lω1 ω N , if M and N model the same Lω1 ω sentences. We show that countable structures are Lω1 ω -elementarily equivalent if and only if they are isomorphic. To show this, we consider pebble games. Pebble games provide a method for determining whether or not two given structures in the same relational vocabulary are equivalent with respect to various logics including ﬁrst-order logic and Lω1 ω . Pebble games also serve as a useful tool for the ﬁnite-variable logics of Section 10.2.

Beyond ﬁrst-order logic

393

Let M and N be structures in the relational vocabulary V. There are various pebbles games that can be played on M and N . Each pebble game is played by two players named Spoiler and Duplicator. The disjoint union of the underlying sets of M and N serves as the game board for the pebble games. Let A and B denote the underlying sets of M and N , respectively. Since we may change the names of elements (using subscripts, for example) there is no loss of generality in assuming that A and B are disjoint. In each game, Spoiler and Duplicator alternately place pebbles on elements of A and B. Spoiler’s goal is to show that the two structures are somehow diﬀerent. In contrast, Duplicator’s objective is to show that M and N are partially isomorphic. Deﬁnition 9.9 Let M and N be structures in the same relational vocabulary V. Let f : M → N be a function that has as its domain a subset of UM (the underlying set of M ). This function is called a partial isomorphism if it preserves literals. That is, M |= ϕ(a1 , . . . , ak ) if and only if M |= ϕ(f (a1 ), . . . , f (ak )) for all k-tuples from the domain of f and all atomic V-formulas. (If the domain of f happens to be all of UM , then f is an isomorphism.) Each pebble game is played with a speciﬁed number of pairs of pebbles. Each pair has a distinct color. A speciﬁed number of rounds comprises each game. In each round, Spoiler ﬁrst chooses a color; mauve, say. Spoiler places a mauve pebble on an element of one of the structures. Duplicator completes the round by taking the other mauve pebble and placing it on an element of the opposite structure. The color of the pebbles determines a one-to-one correspondence between those elements of A and those of B which have pebbles on them. After any round, if this one-to-one correspondence is not a partial isomorphism, then Spoiler wins the game. Duplicator’s goal is defensive; to prevent Spoiler from winning. The Ehrenfeucht–Fraisse game of length m played on structures M and N is denoted EFm (M , N ). It is played with m pairs of pebbles and comprises m rounds. Spoiler places diﬀerent colored pebbles in each round. After m rounds, all of the pebbles have been placed and the game is over. Proposition 9.10 Let V be a relational vocabulary and let M and N be V-structures. The following are equivalent: (i) Duplicator can always prevent Spoiler from winning EFm (M , N ). (ii) For any V-sentence ϕ in prenex normal form having at most m variables, M |= ϕ if and only if N |= ϕ. Proof idea Suppose that M |= ∃xϕ(x) and N |= ∀x¬ϕ(x). If ϕ is quantiﬁerfree, then Spoiler can win EF1 (M , N ) by placing her pebble on an element of M such that M |= ϕ(a). Since N |= ∀x¬ϕ(x) Duplicator cannot match this move.

394

Beyond ﬁrst-order logic

The proposition can be proved by induction on m by extending this idea. We leave the details as Exercise 9.10. Corollary 9.11 Let V be a relational vocabulary and let M and N be Vstructures. Then M ≡ N if and only if, for each m ∈ N, Duplicator prevents Spoiler from winning EFm (M , N ). Proof This follows immediately from the previous proposition and the fact that every sentence of ﬁrst-order logic is equivalent to a sentence in prenex normal form. In the deﬁnition of EFm (M , N ), we allow the possibility that m = ω, in which case play continues indeﬁnitely. If at any point during the game the correspondence given by the color of the pebbles is not a partial isomorphism, Spoiler wins. This game provides the following characterization of Lω1 ω -equivalence. Proposition 9.12 Let V be a countable relational vocabulary and let M and N be V-structures. Then M ≡Lω1 ω N if and only if Duplicator can always prevent Spoiler from winning EFω (M , N ). We do not prove this proposition. Intuitively, the proof of Proposition 9.12 is similar to the proof of Proposition 9.10. We use Proposition 9.12 to show that two countable structures are Lω1 ω -equivalent if and only if they are isomorphic. Proposition 9.13 Let V be a relational vocabulary and let M and N be countable V-structures. Then M ≡Lω1 ω N if and only if M ∼ = N. Lω1 ω N . We prove that M ∼ Proof Suppose that M ≡ = N using a back-and-forth argument. Let UM and UN denote the underlying sets of M and N , respectively. Enumerate these sets as UM = {a1 , a2 , a3 , . . .}

and UN = {b1 , b2 , b3 , . . .}.

We construct an isomorphism f : M → N step-by-step. We use the fact that Duplicator can match Spoiler’s moves to prevent her from winning EFω (M , N ) (Proposition 9.12). In odd numbered rounds of the game (including the ﬁrst round of play) Spoiler ﬁnds the least i such that ai does not have a pebble on it, and then places a pebble on that element (so she chooses a1 in round 1). Duplicator matches Spoiler’s move by placing a pebble on some element of UM . Likewise, in even numbered rounds, Spoiler ﬁnds the least i such that bi does not have a pebble on it, and then places a pebble on that element. In choosing elements in this way, Spoiler guarantees that every element of UN and UM will eventually have a pebble. The color of the pebbles determine a function f : M → N . Since Duplicator matches Spoiler, this function is a partial isomorphism. Since it is one-to-one and onto, it is an isomorphism.

Beyond ﬁrst-order logic

395

Theorem 9.14 (Scott) Let V be a countable vocabulary and let M be a countable V-structure. There exists a single sentence of Lω1 ω that describes M up to isomorphism. To prove Scott’s theorem, one describes a countable set of Lω1 ω -sentences TEF that allow Duplicator to prevent Spoiler from winning EFω (M , N ) for any model N of TEF . For a full proof, refer to [16]. Example 9.15 By Scott’s theorem, the ﬁrst-order theory of the structure N = (N|+, ·, 1) is a consequence of a single sentence of Lω1 ω . We describe such a sentence ΦScott . Recall the axioms ΓN from Section 8.1. Let ΦScott be the conjunction of the sentences in ΓN together with the following sentence of Lω1 ω : ∀x(x = 1 ∨ x = (1 + 1) ∨ x = ((1 + 1) + 1) ∨ x = (((1 + 1) + 1) + 1) ∨ · · · ). Since the sentences ΓN deﬁne multiplication and addition on the natural numbers, any model of ΦScott is isomorphic to N. From this example and G¨ odel’s First Incompleteness theorem, it follows that Lω1 ω , like second-order logic, does not have completeness. That is, there is no formal system of deduction that is both sound and complete for Lω1 ω (this also follows from the failure of compactness). Unlike second-order logic, the Downward L¨ owenheim–Skolem theorem, the Tarski–Vaught criterion, and preservation theorems are true for Lω1 ω (see Exercise 9.7). As the title of this section suggests, there are inﬁnitary logics other than Lω1 ω . For any inﬁnite ordinals α and β, the logic Lαβ is deﬁned as follows. Any formula of ﬁrst-order logic is a formula of Lαβ . Moreover, we have the following rules: (R1) If ϕ is a formula then so is ¬ϕ. (R2) If {ϕi |i < β} is a set of formulas, then i<β ϕi is a formula. (R3) If ϕ is a formula and (xi |i < α) is a (possibly inﬁnite) tuple of elements, then ∃(xi |i < α)ϕ is a formula. So Lωω is another name for ﬁrst-order logic. The logic Lω1 ω holds a unique place among inﬁnitary logics since it shares some of the properties of ﬁrst-order logic (such as the Downward L¨ owenheim– Skolem theorem). In particular, pebble games provide a useful characterization of Lω1 ω -equivalence. Other inﬁnitary logics are not so nice. Since they can quantify over inﬁnite sets, the logics Lαβ for α > ω have an expressive power comparable to second-order logic.

9.3 Fixed-point logics We consider expansions of ﬁrst-order logic that allow for inductive deﬁnitions. Inductive deﬁnitions are common in mathematics and computer science. We have

396

Beyond ﬁrst-order logic

used inductive deﬁnitions in this book to deﬁne primitive recursive functions, formulas of propositional and ﬁrst-order logic, and other notions. Example 9.16 Consider the notion of a connected component of a graph. We deﬁne this concept inductively as follows. Let v be a vertex of a graph G. Let C0 (v) = {v}. For each n ∈ N, Cn (v) = {x|G |= R(x, y) for some y ∈ Cn−1 (v)}. If G is a ﬁnite graph, then Cm (v) = Cm+1 (v) for some m. If this is the case, then Cm (v) is the connected component of v in G. In any case, the connected component of v in G is deﬁned as n∈N Cn (v). Although ﬁrst-order logic can deﬁne the sets Cm (x) for each m, it cannot deﬁne the notion of a connected component (see Example 4.74). In this sense, ﬁrst-order logic is not closed under inductive deﬁnitions. Second-order logic and inﬁnitary logics are closed in this manner (see Exercise 9.15). We now consider logics that include various ﬁxed-point operators. Intuitively, these logics are minimal expansions of ﬁrst-order logic that are closed under inductive deﬁnitions. There is more than one way to make the notion of “inductive deﬁnition” precise. Each corresponds to a diﬀerent ﬁxed-point operator.

Inﬂationary ﬁxed-point logic (IFP) An operator is similar to a function. A function from set A to set B outputs an element f (a) ∈ B given an element a ∈ A as input. The deﬁnition of function requires that A and B are sets. The notion of an operator extends this notion to classes of objects other than sets. We consider certain operators deﬁned on the class of ﬁrst-order structures. Let ϕ(x1 , . . . , xk ) be a ﬁrst-order formula in the vocabulary V ∪{P } containing the k-ary relation P . We deﬁne an operator Oϕ,P on (V ∪ {P })-structures. Given a (V ∪ {P })-structure M as input, the operator Oϕ,P outputs the (V ∪ {P })-structure Oϕ,P (M ) deﬁned as follows. The underlying set of Oϕ,P (M ) is the same as M and Oϕ,P (M ) interprets V the same way as M . So as Vstructures, Oϕ,P (M ) is identical to M . The interpretation of P may not be the same. The structure Oϕ,P (M ) interprets P as P (M ) ∪ ϕ(M ), where P (M ) and ϕ(M ) denote the subsets of M deﬁned by P (¯ x) and ϕ(¯ x), respectively. Now let N be a V-structure. We may view N as a (V ∪ {P })-structure that interprets P as the empty set. That is, let N0 be the expansion of N to x¬P (¯ x). Then N and N0 are essentially the same V ∪ {P } such that N0 |= ∀¯ structure. The operator Oϕ,P generates a sequence of structures. For each i ∈ N, let Ni+1 = Oϕ,P (Ni ). Consider the sequence N0 , N1 , N2 , N3 , . . . . If N is a ﬁnite structure, then Nm+1 = Nm for some m ∈ N. This is because, if Nm+1

Beyond ﬁrst-order logic

397

and Nm are not the same, then the set deﬁned by P (¯ x) in Nm+1 is larger than the set deﬁned in Nm . This can happen for only ﬁnitely many m if N is ﬁnite. If N is inﬁnite, then we continue the sequence. For each ordinal α, let Nα interpret P as β<α P (Nβ ). Eventually, Nα+1 must equal Nα for some α. We refer to such a structure as the ﬁxed-point for the operator Oϕ,P on N . We let Nf denote this ﬁxed-point structure. Example 9.17 Let G be a graph. Then G is a structure in the vocabulary VR = {R}. Let P be a binary relation and let ϕ(x, y) be the (VR ∪ {P })-formula x = y ∨ ∃z(R(x, z) ∧ P (z, y)). Let G0 , G1 , G2 , . . . be the sequence of (VR ∪ {P })-structures generated by the operator Oϕ,P . Then G0 interprets P (x, y) as the empty relation, G1 interprets P (x, y) as the relation x = y, G2 interprets P (x, y) as the relation x = y ∨ R(x, y), and so forth. For each i ∈ N, Gi |= P (a, b) if and only if there exists a path from a to b in G of length at most i − 1. Let Gf denote the ﬁxed-point of this sequence. Then Gf |= P (a, b) if and only if a is in the connected component of b in the graph G. Whereas G is bi-deﬁnable with each Gi , it may not be bi-deﬁnable with Gf . As was demonstrated in Example 4.74, ﬁrst-order logic can express that there exists a path between x and y of length i ∈ N, but it cannot express that there exists a path. So the ﬁxed-point structure may contain a deﬁnable subset that is not deﬁnable in the original structure G. We now deﬁne inf lationary ﬁxed-point logic (denoted IFP ). Let N be a ﬁrstorder V-structure. In the logic IFP, every subset of N that is deﬁnable in some ﬁxed-point structure Nf is deﬁnable in N . The logic IFP is the least extension of ﬁrst-order logic with this property. More precisely, the syntax of IFP is deﬁned by the following rule together with the rules (R1), (R2), and (R3) from ﬁrst-order logic: (RIF P ) For any k-ary relation P , any (V ∪ {P })-formula ϕ(x1 , . . . , xk ) in k free variables, and any V-terms t1 ,. . . ,tk , [if pϕ,P ](t1 , . . . , tk ) is a V-formula of IFP. For any V-structure N , N |= [if pϕ,P ](t1 , . . . , tk ) means the tuple (t1 , . . . , tk ) is in the set deﬁned by P (x1 , . . . , xk ) in the ﬁxed-point structure Nf of the operator Oϕ,P on N . This deﬁnes the semantics of IFP.

398

Beyond ﬁrst-order logic

Partial ﬁxed-point logic (PFP) We obtain variations of IFP by varying the operator Oϕ,P . By deﬁnition, the structure Oϕ,P (M ) interprets P as P (M ) ∪ ϕ(M ). It follows that the set deﬁned by P is increasing in the sequence N1 , N2 , N3 , . . . deﬁned above. That is, for each i, P (Ni ) ⊂ P (Ni+1 ). The word “inﬂationary” refers to this fact. pf p pf p be such that Oϕ,P (M ) Now suppose we modify the operator Oϕ,P . Let Oϕ,P interprets P as ϕ(M ) instead of P (M ) ∪ ϕ(M ). Again consider the chain of pf p (Ni ) = Ni+1 . Unlike the inﬂationary structures N1 , N2 , N3 ,. . . generated by Oϕ,P operator, it is not necessarily true that P (Ni ) ⊂ P (Ni+1 ). Because of this, there is no guarantee that a ﬁxed-point exists for this operator. Example 9.18 Let V = {≤, S, 1} and let M be the structure (N| ≤, S, 1) that interprets the binary relation S as the successor relation and interprets ≤ and 1 in the obvious way. Let N be any model of T h(M ). Let P be a unary relation and let ϕ(x) be the following (V ∪ {P })-sentence: (x = 1) ∨ ∃y(P (y) ∧ S(y, x) ∧ ∀z(P (z) → (z ≤ y))). This formula says that either x = 1 or x is the successor of the greatest element y for which P (y) holds. Let N0 the expansion of N that interprets P as the empty pf p (Ni−1 ) for each i ∈ N. relation. Let Ni = Oϕ,P Then P (N1 ) = {1}, P (N2 ) = {1, 2}, P (N3 ) = {1, 3}, P (N4 ) = {1, 4}, and so forth. We see that there is no ﬁxed-point structure for this sequence. In contrast, if the sequence N1 , N2 , N3 ,. . . is instead generated by the inﬂationary operator, then P (Nm ) = {1, 2, 3, . . . , m} for each m ∈ N. The inﬂationary ﬁxed-point structure interprets P (x) as “x is the nth successor of 1 for some n.” Partial ﬁxed-point logic, denoted PFP, is deﬁned the same way as IFP using pf p Oϕ,P in place of Oϕ,P . The logic PFP can express that a term is in the ﬁxedpoint Nf of this operatorprovided this ﬁxed point exists. The syntax of PFP is deﬁned by the following rule together with the rules (R1), (R2), and (R3) from ﬁrst-order logic. (RP F P ) For any k-ary relation P , any (V ∪ {P })-formula ϕ(x1 , . . . , xk ) in k free variables, and any V-terms t1 ,. . . ,tk , [pf pϕ,P ](t1 , . . . , tk ) is a V-formula of PFP. For any V-structure N , N |= [pf pϕ,P ](t1 , . . . , tk ) means that the ﬁxed-point structure Nf of the operator Oϕ,P on N exists and the tuple (t1 , . . . , tk ) is in the set deﬁned by P (x1 , . . . , xk ) in Nf .

Beyond ﬁrst-order logic

399

Example 9.19 We show that PFP, like IFP, can express that there exists a path between vertices of a graph. Recall P and ϕ from Example 9.17. Since ϕ(x, y) is the formula x = y ∨ ∃z(R(x, z) ∧ P (z, y)) we see that P (M ) ⊂ ϕ(M ) for any pf p are identical. {P , R}-structure M . For this reason, the operators Oϕ,P and Oϕ,P

Least ﬁxed-point logic (LFP) Let ϕ be a formula in a vocabulary containing the relation P . The relation P is said to have a negative occurrence in ϕ if ϕ is equivalent to a formula in conjunctive prenex normal form in which the literal ¬P (t¯) occurs as a subformula for some tuple of terms t¯. We say that ϕ is positive in P if P has no negative occurences in ϕ. Example 9.20 The formula (x = 1) ∨ ∃y(P (y) ∧ S(y, x) ∧ ∀z(P (z) → (z ≤ y))) from Example 9.18 is not positive in P . The subformula P (z) → (z ≤ y) is equivalent to ¬P (z) ∨ (z ≤ y). pf p . If ϕ is positive in Let N1 , N2 , N3 ,. . . be the sequence generated by Oϕ,P P , then we have P (N1 ) ⊂ P (N2 ) ⊂ P (N3 ) ⊂ . . . and the ﬁxed-point structure exists. Least Fixed-Point Logic, denoted LFP, is the variation of PFP that allows [pf pϕ,P ](t1 , . . . , tk ) as a formula only if ϕ is positive in P . This formula is interpreted the same way in LFP as in PFP. Clearly, every formula of LFP is also a formula of PFP. Whether or not the converse is true is an open question. The following theorem relates this open question to a question from complexity theory.

Theorem 9.21 (Abiteboul–Vianu) LFP is equivalent to PFP on ﬁnite structures if and only if PSPACE = P. This theorem indicates a close relationship between ﬁxed-point logics and complexity classes. Indeed, the development of ﬁxed-point logics over the last two decades has been primarily motivated by complexity theory. A theorem of Immerman and Vardi states that, in some sense, LFP is equivalent to the class P. We shall state this theorem precisely in Section 10.3 where we discuss the subject of descriptive complexity. Note the phrase “on ﬁnite structures” in the previous theorem. This means that for any sentence ϕ of LFP there exists a sentence ψ of PFP such that M |= ϕ if and only if M |= ψ for any ﬁnite structure M . Likewise, Shelah and Gurevich showed in 1986 that LFP and IFP are equivalent on ﬁnite structures. This result was improved in 2003 by Stephan Kreutzer who proved the following remarkable fact. Theorem 9.22 (Kreutzer) LFP is equivalent to IFP.

400

Beyond ﬁrst-order logic

9.4 Lindstr¨ om’s theorem In this section, we deﬁne the concept of an arbitraryextension of ﬁrst-order logic. Each of the logics deﬁned in this chapter are examples of such extensions. The semantics of each of these logics is deﬁned in terms of the structures deﬁned in Chapter 2. Given any V-structure M and any V-sentence ϕ of one of these logics, either M |= ϕ or M |= ¬ϕ. Two sentences in the same vocabulary, but not necessarily in the same logic, are said to be equivalent if they hold in the same structures. A logic is a formal language. The logics we are considering are designed to describe structures and only structures (as deﬁned in Chapter 2). Moreover, extensions of ﬁrst-order logic behave like ﬁrst-order logic in certain fundamental ways that we shall describe. In deﬁning “extensions of ﬁrst-order logic,” we are by no means providing a deﬁnition for the notion of a “logic.” There are important logics (such as fuzzy logic, intuitionistic logic, and modal logic) that do not fall under the scope of what we are about to describe. For a logic L to be an extension of ﬁrst-order logic, it must possess certain basic properties. For any vocabulary V, we let L(V) denote the set of satisﬁable V-sentences of the logic L. We assume not only that the set L(V) exists, but also that it behaves as expected. In particular, if a V-structure models some sentence ϕ of L, then ϕ ∈ L(V). Furthermore, to be anextension of ﬁrst-order logic, L must possess each of the following properties: • The Extension Property: Any satisﬁable ﬁrst-order V-sentence is equivalent to a sentence in L(V). (That is, an extension of ﬁrst-order logic must contain ﬁrst-order logic.) • The Expansion Property: Let M be a V-structure and let M be an expansion of M . For any sentence ϕ in L(V), M |= ϕ if and only if M |= ϕ. (In particular, if V1 ⊂ V2 , then L(V1 ) ⊂ L(V2 ).) • The Relational property: Let M be a structure in a vocabulary V ∪ {f } containing a k-ary function f . Let MR be the structure obtained by replacing x, y) if and only if f with a (k + 1)-ary relation R. That is, MR |= R(¯ M |= f (¯ x) = y. As V-structures, MR and M are identical. For any ϕ ∈ L(V ∪ {f }) there exists ψ ∈ L(V ∪ {R}) such that, for any structures M and MR as described above, M |= ϕ if and only if MR |= ψ. (This allows us to assume that vocabularies are relational with no loss of generality.) • The Relativization Property: Let M be a V-structure. Let D ⊂ M be a substructure of M such that the universe of D is deﬁned by a ﬁrst-order V-formula ϕ(x) in one free variable. For any ψ ∈ L(V) there exists ψϕ ∈ L(V) such that M |= ψϕ if and only if D |= ϕ.

Beyond ﬁrst-order logic

401

• The Small Vocabulary Property: If a sentence ϕ of L is satisﬁed in a model of size κ, then it is satisﬁed in a structure having vocabulary of size κ. • The Closure Property: if ϕ and ψ are sentences of L, then so are ϕ ∧ ψ, ¬ϕ, and ∃xϕ. • The Isomorphism Property: if M ∼ = N , then for any sentence ϕ of L, M |= ϕ if and only if N |= ϕ. Deﬁnition 9.23 An extension of ﬁrst-order logic is any formal language that satisﬁes each of the above properties. Each of the logics we have considered is an extension of ﬁrst-order logic. For the ﬁxed-point logics of the previous section, this is a nontrivial fact (it is far from obvious that they are closed under negation). Whereas each extension of ﬁrst-order logic must possess each of the above properties, the following are the properties of ﬁrst-order logic that may or may not be shared by an extension of ﬁrst-order logic: • The Compactness property: for any set Γ of sentences of L, if every ﬁnite subset of Γ has a model, then Γ has a model. • The Downward L¨ owenheim–Skolem property: for any sentence ϕ of L, if M |= ϕ, then there exists N ⊂ M such that N |= ϕ and |N | = ℵ0 . Let L1 and L2 be two extensions of ﬁrst-order logic. We say that L2 is at least as strong as L1 , and write L1 ≤ L2 if every sentence of L1 is equivalent to a sentence of L2 . If both L1 ≤ L2 and L2 ≤ L1 , then we say that L1 and L2 have the same expressive power. Lindstr¨om’s theorem implies that ﬁrst-order logic is the strongest logic possessing both the Downward L¨ owenheim–Skolem property and the Compactness property. The following proposition is somewhat of a “warm-up” exercise for Lindstr¨ om’s theorem. Proposition 9.24 Let L be an extension of ﬁrst-order logic that has the Downward L¨ owenheim–Skolem property. Suppose that Lω1 ω ≤ L. For any structures M and N , if there exists an L sentence that holds in M but not N , then there exists such a sentence in Lω1 ω . Proof Suppose that M ≡Lω1 ω N . Suppose for a contradiction that M |= ϕ, and N |= ¬ϕ for some L sentence ϕ. By the Downward L¨ owenheim–Skolem property, ϕ has a model of size ℵ0 . By the Small Vocabulary Property, we may assume that ϕ ∈ L(V) for a countable vocabulary V. By the Expansion property (which may just as well be called the “Reduct property”), we may assume that M and N are V-structures. By the Relational property, we may assume that V is relational. By the Downward L¨ owenheim–Skolem property, there exist countable M0 ⊂ M and

402

Beyond ﬁrst-order logic

N0 ⊂ N such that M0 ≡Lω1 ω N0 , M0 |= ϕ, and N0 |= ¬ϕ. By Proposition 9.13, M0 ∼ = N0 . This contradicts the Isomorphism Property. This proposition states that, in some sense, Lω1 ω is the strongest extension of ﬁrst-order logic possessing the Downward L¨owenheim–Skolem property. Toward Lindstr¨ om’s theorem, let us strengthen this proposition. Lindstr¨ om’s Theorem regards ﬁrst-order logic rather than Lω1 ω . Prior to stating this theorem, we strengthen Proposition 9.24 in a diﬀerent direction. We replace the Downward L¨owenheim–Skolem property with a weaker property. Deﬁnition 9.25 Let κ be a cardinal. An extension of ﬁrst-order logic is said to have L¨ owenheim–Skolem number κ if for every set Γ of sentences of L, if Γ has a model and |Γ| ≤ κ, then Γ has a model of size at most κ. If L has the Downward L¨ owenheim–Skolem property, then L has L¨owenheim–Skolem number ℵ0 . The converse is not necessarily true. If a sentence ϕ has a countable model, then it is not necessarily true that every model of ϕ has a countable substructure that models ϕ as the Downward L¨ owenheim–Skolem property asserts. Proposition 9.26 Let L be an extension of ﬁrst-order logic that has L¨ owenheim– Skolem number ℵ0 . Suppose that Lω1 ω ≤ L. For any structures M and N , if there exists an L sentence that holds in M but not N , then there exists such a sentence in Lω1 ω . Proof Suppose that M ≡Lω1 ω N . Suppose for a contradiction that M |= ϕ, and N |= ¬ϕ for some L sentence ϕ. Let U be the underlying set of M and let V be the underlying set of N . By the Isomorphism property, we may assume that U and V are disjoint. By the Relational property, we may assume that the vocabulary V of M and N is relational. Since L has L¨ owenheim–Skolem number ℵ0 and ϕ is satisﬁable (M is a model), ϕ has a countable model. By the Small Vocabulary property, we may assume V is countable. We describe a structure M having U ∪ V as an underlying set. The vocabulary for M is VEF = V ∪ {PU , PV , R1 , R2 , . . .}. The unary relation PU deﬁnes the set U and the unary relation PV deﬁnes the set V in M. So M is isomorphic to the substructure PU (M) of M and N is isomorphic to the substructure PV (M) of M. By the Relativization property, there exists a sentence ϕU of L such that, for any VEF -structure S, S |= ϕU if and only if PU (S) |= ϕ. Likewise, there is a sentence ¬ϕV of L such that S |= ¬ϕV if and only if PV (S) |= ¬ϕ. Each Rn in the vocabulary of M is a 2n-ary relation. We now list countably many ﬁrst-order sentences that describe the interpretation of these relations in

Beyond ﬁrst-order logic

403

M. For each n ∈ N M |= Rn (x1 , . . . , xn , y1 , . . . , yn ) →

n

PU (xi ) ∧

i=1

n

PV (yi ).

i=1

For each n ∈ N and each quantiﬁer-free ﬁrst-order V-formula θ in n free variables, M |= Rn (x1 , . . . , xn , y1 , . . . , yn ) → (θ(x1 , . . . , xn ) ↔ θ(y1 , . . . , yn )). That is if Rn (a1 , . . . , an , b1 , . . . , bn ) holds then the function f (ai ) = bi is a partial isomorphism from PU (M) to PV (M). Moreover, for each n ∈ N, M |= Rn (x1 , . . . , xn , y1 , . . . , yn ) → ∀x∃yRn+1 (x1 , . . . , xn , x, y1 , . . . , yn , y), and M |= Rn (x1 , . . . , xn , y1 , . . . , yn ) → ∀y∃xRn+1 (x1 , . . . , xn , x, y1 , . . . , yn , y). Finally, M |= ∀x∃yR1 (x, y) ∧ ∀y∃xR1 (x, y). We have listed countably many ﬁrst-order sentences that hold in M. Let ΦEF be the conjunction of these sentences. We claim that, for any VEF -structure S, S |= ΦEF if and only if PU (S) ≡Lω1 ω PV (S). That is, ΦEF expresses that Duplicator wins EFω (PU (S), PV (S)). The ﬁnal sentence in the above list states that Duplicator can match Spoiler’s ﬁrst move. The previous sentences express that Duplicator can continue to match Spoiler indeﬁnitely. By the Closure property, ΦEF ∧ ϕU ∧ ¬ϕV is equivalent to a sentence of L. This sentence is satisﬁable since M is a model. Since L has L¨owenheim– Skolem number ℵ0 , there exists a countable model C of this sentence. Since C |= ΦEF , PU (C) ≡Lω1 ω PV (C). By Proposition 9.13, PU (C) ∼ = PV (C). Since C |= ϕU ∧ ¬ϕV , PU (C) |= ϕ and PV (C) |= ¬ϕ. This contradicts the isomorphism property. To state Lindstr¨ om’s theorem in its most general form, we consider a weak version of the Compactness property. Deﬁnition 9.27 Let κ be a cardinal. An extension of ﬁrst-order logic is said to have compactness number κ if for any set Γ of sentences of the logic, if |Γ| ≤ κ and every ﬁnite subset of Γ has a model, then Γ has a model. Theorem 9.28 (Lindstr¨ om) If an extension L of ﬁrst-order logic has L¨ owenheim– Skolem number ℵ0 and compactness number ℵ0 , then L has the same expressive power as ﬁrst-order logic. Proof Let Lf o denote ﬁrst-order logic. We must show that L ≤ Lf o . That is, each sentence ϕ of L is equivalent to some ﬁrst-order sentence ψϕ . Claim 1 If M ≡ N , then M |= ϕ if and only if N |= ϕ.

404

Beyond ﬁrst-order logic

Proof Suppose for a contradiction that M ≡ N , M |= ϕ, and N |= ¬ϕ. Recall the sentence ΦEF ∧ ϕU ∧ ¬ϕV from the proof of Proposition 9.26. The sentence ΦEF is the conjunction of countably many ﬁrst-order sentences. Let us now regard ΦEF as a countable set (since we can no longer take inﬁnite conjunctions). The Relativization property guarantees the existence of the L sentences ϕU and ¬ϕV . We claim that ΦEF ∪ {ϕU , ¬ϕV } has a countable model M. Since M ≡ N , Duplicator wins EFk (M , N ) for each k ∈ N. It follows from the deﬁnition of ΦEF that every ﬁnite subset of ΦEF ∪ {ϕU , ¬ϕV } is satisﬁable. Since L has compactness number ℵ0 , this set has a model. Since L has L¨owenheim–Skolem number ℵ0 , this countable set of sentences has a countable model. This leads to the same contradiction as in the proof of Proposition 9.26. This contradiction proves the claim. It remains to be shown that Lindstr¨om’s theorem follows from the claim. We must show that ϕ is equivalent to some ﬁrst-order sentence. Let M |= ϕ. Since L has L¨ owenheim–Skolem number ℵ0 , we may assume that M is countable. Since L has compactness number ℵ0 , we can use the following compactness argument that was used repeatedly in Chapter 4. Let T be the ﬁrst-order theory of M . Let C be the set of all ψ ∈ T such that each model of ϕ also models ψ (C is the set of “consequences” of ϕ in T ). Claim 2 Every model of ∆ models ϕ for some ﬁnite subset ∆ of C. Proof Suppose not. Then, by compactness, C ∪{¬ϕ} has a model N1 . Let T1 be the ﬁrst-order theory of N1 . Consider the set T1 ∪ {ϕ}. If this set does not have a model, then some ﬁnite subset does not have a model (again by compactness). So, for some θ ∈ T1 , ϕ ∪ {θ} has no model and ¬θ ∈ C. This contradicts the facts that C ⊂ T1 and T1 is consistent. This contradiction proves that T1 ∪ {ϕ} does have a model N2 . But now N1 ≡ N2 (since T1 is complete), N2 |= ϕ and N1 |= ¬ϕ. This directly contradicts Claim 1 and proves Claim 2. So ∆ and ϕ have the same models and ϕ is equivalent to the conjunction of the ﬁnitely many ﬁrst-order sentences in ∆.

Exercises 9.1.

Let G be a graph. AHamilton circuit in G is a path that begins and ends at the same vertex and includes each of the other vertices once and only once. (a) Write a second-order sentence that holds in G if and only if G has a Hamilton circuit. (b)

Write a Lω1 ω sentence that holds in G if and only if G has a Hamilton circuit.

Beyond ﬁrst-order logic

405

9.2.

Write a second-order sentence that holds in a structure M if and only if M is ﬁnite and the universe of M contains an odd number of elements.

9.3.

Let Kn denote the n-clique. Show that for any k ∈ N, Duplicator can prevent Spoiler from winning EFk (Kn , Km ) for suﬃciently large n and m.

9.4.

Let V< = {<}. Let L1 and L2 be ﬁnite V< -structures that interpret the binary relation < as a linear order. Show that if both |L1 | and |L2 | are larger than 2k , then Duplicator can prevent Spoiler from winning EFk (L1 , L2 ).

9.5.

Let G be a ﬁnite graph. The degree of a vertex v in G is the number of vertices adjacent to v. An Euler path is a path that includes each edge once and only once. Leonhard Euler proved that a ﬁnite graph has an Euler path if and only if there are at most two vertices of odd degree. (a) Show that there is no ﬁrst-order sentence ΦEuler such that G |= ΦEuler if and only if G has an Euler path. (Use Exercise 9.3.) (b) Write a second-order sentence that holds in G if and only if G has a Euler circuit. (Use the formula from Exercise 9.2.) (c)

Write a Lω1 ω sentence that holds in G if and only if G has a Euler circuit.

9.6.

A graph is said to be k-colorable if the vertices of the graph can be colored with k colors in such a way that no two vertices of the same color share an edge. Write a second-order existential sentence that holds in a graph G if and only if G is k-colorable.

9.7.

Each of the following are proved in Chapter 4 for ﬁrst-order logic. Show that each remains true when ﬁrst-order logic is replaced with Lω1 ω . (a) Proposition 4.31 (the Tarski–Vaught criterion) (b) Theorem 4.33 (the Downward L¨ owenheim–Skolem theorem) (c)

Theorem 4.47 (the Los–Tarski theorem)

9.8.

Let V< = {<}. Describe a V< -sentence in the logic Lω1 ω1 that says < is a well-ordering of the underlying set.

9.9.

Suppose that Duplicator prevents Spoiler from winning EFω (M , N ). Show that M |= ϕ if and only if N |= ϕ for each V-formula ϕ of Lω1 ω . (Use induction on the complexity of ϕ.)

9.10. Prove Proposition 9.10. 9.11. Let S be the set of all ﬁnite strings of symbols from the set {A, B, C, . . . , X, Y , Z, ), (, ∧, ¬}.

406

Beyond ﬁrst-order logic We describe a structure M having S as an underlying set. The vocabulary of M contains: • a unary relation a(s) interpreted as s = A or s = B,. . . , or s = Z, • a unary function n(x) interpreted as n(s) = ¬s, • a unary function p(x) interpreted as p(s) = (s), and • a binary function c(x, y) interpreted as p(s, t) = s ∧ t, where s and t denote arbitrary elements of S. Let f orm(s) be a formula that says the string s is a formula of propositional logic. Show that f orm(s) is not a ﬁrst-order formula. Show that f orm(s) can be expressed in any of the ﬁxed-point logics from Section 9.3.

9.12. Let LQ be the extension of ﬁrst-order logic that contains a new quantiﬁer Q. The syntax of LQ is deﬁned by adding the following rule to the rules that deﬁne the syntax of ﬁrst-order logic: (RQ) If ϕ is a formula of LQ , then so is Qxϕ. The formula Qxϕ(x) is to be interpreted as “there exist uncountably many x such that ϕ(x) holds.” This describes the semantics of LQ . Show that LQ is a logic that possesses compactness but not the Downward L¨owenheim– Skolem Property. 9.13. Show that every formula of second-order logic can be put into prenex normal form. That is, show that each formula is equivalent to a formula of the form Q1 R1i1 Q2 R2i2 . . . Qk Rkik ϕ where each Qj is either ∀ or ∃ and ϕ is a ﬁrst-order formula. 9.14. Let M onSO denote monadic second-order logic as deﬁned at the end of Section 10.1. Using the fact that M onSO has L¨ owenheim–Skolem number ℵ0 and is compact, show that (a) there is no sentence of M onSO that holds in connected graphs and only connected graphs; (b) there does exist a sentence of M onSO that holds in nonconnected graphs and only nonconnected graphs; (c)

Why does M onSO not contradict Lindstr¨ om’s theorem?

9.15. Show that LF P ≤ Lω1 ω . 9.16. Show that Lω1 ω ≤ SOL. 9.17. Show that LF P ≤ IF P . 9.18. Let T be a ﬁrst-order ℵ0 -categorical V-theory. Show that every V-formula of IFP is T -equivalent to a ﬁrst-order V-formula.

Beyond ﬁrst-order logic

407

9.19. Let L be an extension of ﬁrst-order logic. The Hanf number of L is the least cardinal κ such that every sentence of L that has a model of size κ has arbitrarily large models. (a) Show that L is equivalent to ﬁrst-order logic if and only if L has L¨ owenheim–Skolem number ℵ0 and Hanf number ℵ0 . (b)

Show that every extension of ﬁrst-order logic has a Hanf number.

9.20. (Lindstr¨ om) Let L be an extension of ﬁrst-order logic. Show that L is equivalent to ﬁrst-order logic if and only if L has L¨owenheim–Skolem number ℵ0 and the set of sentences of L that hold in every model is a recursively enumerable set.

10

Finite model theory

This ﬁnal chapter unites ideas from both model theory and complexity theory. Finite model theory is the part of model theory that disregards inﬁnite structures. Examples of ﬁnite structures naturally arise in computer science in the form of databases, models of computations, and graphs. Instead of satisﬁability and validity, ﬁnite model theory considers the following ﬁnite versions of these properties. • A ﬁrst-order sentence is ﬁnitely satisﬁable if it has a ﬁnite model. • A ﬁrst-order sentence is ﬁnitely valid if every ﬁnite structure is a model. Finite model theory developed separately from the “classical” model theory of previous chapters. Distinct methods and logics are used to analyze ﬁnite structures. In Section 10.1, we consider various ﬁnite-variable logics that serve as useful languages for ﬁnite model theory. We deﬁne variations of the pebble games introduced in Section 9.2 to analyze the expressive power of these logics. Pebble games are one of the few tools from classical model theory that is useful for investigating ﬁnite structures. In Section 10.2, it is shown that many of the theorems from Chapter 4 are no longer true when restricted to ﬁnite models. There is no analog for the Completeness and Compactness theorems in ﬁnite model theory. Moreover, we prove Trakhtenbrot’s theorem which states that the set of ﬁnitely valid ﬁrst-order sentences is not recursively enumerable. Descriptive complexity is the subject of 10.3. This subject describes the complexity classes discussed in Chapter 7 in terms of the logics introduced in Chapter 9. We prove Fagin’s theorem relating the class NP to existentional second-order logic. We prove the Cook–Levin theorem as a consequence of Fagin’s Theorem. This theorem states that the Satisﬁability Problem for Propositional Logic is NP-complete. We conclude this chapter (and this book) with a section describing the close connection between logic and the P = NP problem.

10.1 Finite-variable logics In this section, we discuss appropriate logics for the study of ﬁnite models. First-order logic, since it describes each ﬁnite model up to isomorphism, is too

Finite model theory

409

strong. For this reason, we must weaken the logic. It may seem counter-intuitive that we should gain knowledge by weakening our language. Recall that, for inﬁnite structures, ﬁrst-order logic is quite weak (compared to logics from the previous chapter). This weakness is demonstrated in the Compactness theorem, the L¨ owenheim–Skolem theorems, and the other theorems of Chapter 4. It is precisely these properties that make ﬁrst-order logic a productive logic for the study of inﬁnite structures. The weakness of ﬁrst-order logic gives rise to model theory. With this in mind, we consider the following logics. Deﬁnition 10.1 For k ∈ N, let Lk be the fragment of ﬁrst-order logic obtained by restricting to the k variables x1 , x2 , . . . , xk (or any other set of k variables). There are two reasons that ﬁrst-order logic is not appropriate for ﬁnite model theory. One reason is that it is too strong. The other reason is that it is too weak. This is the Fundamental Joke of Finite Model Theory. It is too strong for the reasons we have mentioned. First-order logic is too weak because it is incapable of deﬁning basic properties of ﬁnite structures. For example, there is no ﬁrst-order sentence expressing that a ﬁnite structure is a connected graph. Also, there is no ﬁrst-order sentence expressing that a ﬁnite structure has an even number of elements. For this reason, we consider various strengthenings of Lk . Deﬁnition 10.2 Let C k be k-variable logic with counting quantiﬁers. That is, C k contains all Lk formulas and is closed under negation, conjunction, and quantiﬁcation by the counting quantiﬁers ∃≤n for each n ∈ N. Since ∃≤n is ﬁrst-order expressible, we regard C k as a fragment of ﬁrst-order logic. So although C k is stronger than Lk , it cannot express properties such as connectedness that cannot be expressed in ﬁrst-order logic. Deﬁnition 10.3 For k ∈ N, let Lkω1 ω be the fragment of Lω1 ω obtained by restricting to the k variables x1 , x2 , . . . , xk . Finite model theory also considers ﬁnite-variable logics with a ﬁxed-point operator and other extensions of Lk . However, we restrict our attention to the above logics. We demonstrate what can and cannot be expressed in these logics by providing some examples and stating without proof some basic facts. Consider the logic L3 . Since this logic only allows three variables, it is a restrictive language. However, by using the variables in an economical way, we can express more than may be apparent. We can repeatedly use (and re-use) each of the three variables any number of times. For example, let VS be the vocabulary consisting of a single bina