9 Formal proofs of deduction and soundness
In this file, we formalise some of the results on Hilbert systems that we have proven in the lectures. More precisely, we formalise the deduction theorem and the soundness theorem.
From Coq Require Import Utf8.
Definition ℕ := nat.9.1 Well-formed formulas
We use a minimal definition of well-formed formulas, with only one binary constructor (implication).
Inductive Wff {atoms : Set} :=
| P : atoms → Wff
| Impl : Wff → Wff → Wff.
Notation "F ⇒ F'" :=
(Impl F F') (at level 99, right associativity).9.2 Axioms and derivations
In order to define the KS+MP system, we first declare the axioms K and S. Note that this is an inductive predicate on well-formed formulas.
It can be observed that all we need here is a type W with a binary operation ⇒ on it. We will not use atomic formulas at all until we go into semantics.
Inductive IsAxiom {atoms : Set} : @Wff atoms → Prop :=
| K (A B : Wff) : IsAxiom (A ⇒ B ⇒ A)
| S (A B C: Wff) : IsAxiom ((A ⇒ B ⇒ C) ⇒ (A ⇒ B) ⇒ (A ⇒ C)).We now have enough to declare an inductive predicate stating what it means for a well-formed formula F to be derivable from a family of well-formed formulas Γ : J → Wff, where J is a set.
Inductive IsDerivableFrom {atoms : Set} {J : Set}
(Γ : J → @Wff atoms) : @Wff atoms → Prop :=
| axiom (a : Wff) (ha : IsAxiom a) : IsDerivableFrom Γ a
| premise (j : J) : IsDerivableFrom Γ (Γ j)
| mp (F F' : Wff) : IsDerivableFrom Γ F → IsDerivableFrom Γ (F ⇒ F') → IsDerivableFrom Γ F'.
Infix "⊢" := IsDerivableFrom (at level 70, no associativity).Making certain arguments implicit will be convenient later in proofs.
Arguments premise {atoms J Γ}.
Arguments mp {atoms J Γ}.In order to define what it means to be a theorem in KS+MP, let us define the empty family.
Recall that, in Rocq, the type Empty_set is declared as an inductive type with no constructors, and note that the pattern matching clause is indeed empty in the declaration below (no constructors to pattern match on).
Definition empty_family {atoms : Set} : Empty_set → @Wff atoms :=
fun i => match i with end.(We can then prove our first theorem, known as I.
Theorem I {atoms : Set} (F : @Wff atoms) : empty_family ⊢ (F ⇒ F).
Proof.
apply (mp (F ⇒ F ⇒ F)).
- apply axiom. apply K.
- apply (mp (F ⇒ (F ⇒ F) ⇒ F)).
+ apply axiom. apply K.
+ apply axiom. apply S.
Qed.Here is another proof of I, where we ‘reason forward’.
Theorem I' {atoms : Set} (F : @Wff atoms) : empty_family ⊢ (F ⇒ F).
Proof.
pose proof (S F (F ⇒ F) F) as s.
pose proof (axiom empty_family _ s) as s'.
pose proof (K F F) as k1.
pose proof (axiom empty_family _ k1) as k1'.
pose proof (K F (F ⇒ F)) as k2.
pose proof (axiom empty_family _ k2) as k2'.
pose proof (mp _ _ k2' s') as H.
pose proof (mp _ _ k1' H) as H1.
exact H1.
Qed.Intuitively, if we can derive a formula from the empty family, we can derive it from any family. The next result gives a formal proof of that fact.
Theorem derive_from_empty {atoms : Set} {J : Set}
(F : @Wff atoms) :
empty_family ⊢ F → ∀ (Γ : J → @Wff atoms), Γ ⊢ F.
Proof.
intros HF Γ.
induction HF.
+ apply axiom; assumption.
+ destruct j.
(* We can, in fact, never be in this case, since the empty family is empty! *)
+ apply (mp F). all: assumption.
Qed.9.3 The deduction theorem
The sum of two types is declared inductively. To define a function out of a sum by primitive recursion, one pattern-matches on the constructors inl and inr.
Definition sum_family {atoms : Set} {J₁ J₂ : Set}
(Γ₁ : J₁ → @Wff atoms) (Γ₂ : J₂ → @Wff atoms)
: J₁ + J₂ → @Wff atoms :=
fun j => match j with
| inl j₁ => Γ₁ j₁
| inr j₂ => Γ₂ j₂
end.The following notation will be convenient for us.
Declare Scope family_scope.
Notation "Γ₁ + Γ₂" := (sum_family Γ₁ Γ₂)
(at level 50, left associativity) : family_scope.
Open Scope family_scope.The next result will be used in the proof of the deduction theorem. It says that if a formula F is derivable from a family Γ₁, then for all family Γ₂, the formula F is derivable from the family Γ₁ + Γ₂.
Theorem derivable_from_sum_family {atoms : Set} {J₁ J₂ : Set}
(Γ₁ : J₁ → @Wff atoms) (F : @Wff atoms) :
Γ₁ ⊢ F → ∀ (Γ₂ : J₂ → @Wff atoms), (Γ₁ + Γ₂) ⊢ F.
Proof.
intros Fder1 Γ₂.
induction Fder1.
+ apply axiom. exact ha.
+ exact (premise (inl j)).
+ apply (mp F). all: assumption.
Qed.It is tempting to think that Theorem derivable_from_empty is a special case of Theorem derivable_from_sum_family, with Γ₁ = empty_family. However, if you try to apply Theorem derivable_from_sum_family to prove Theorem derivable_from_empty you will run into the issue that empty_family + Γ does not automatically reduce to Γ, blocking the unification necessary for Theorem derivable_from_empty to be applied. So additional properties will be required to make this work.
Let us now introduce a definition for a family consisting of just one formula, and notation for it.
Definition family_of_one {atoms : Set} (F : @Wff atoms) :
unit -> @Wff atoms := fun _ => F.
Notation "[ F ]" := (family_of_one F) (at level 45) : family_scope.We can now prove the deduction theorem.
Theorem deduction {atoms : Set} {J : Set}
(Γ : J → @Wff atoms) (F G : @Wff atoms) :
Γ ⊢ (F ⇒ G) ↔ (Γ + [F]) ⊢ G.
Proof.
split.
+ intro H.
apply (mp F).
- exact (premise (inr tt)).
- apply derivable_from_sum_family. exact H.
+ intro H.
induction H.
- apply (mp a).
* apply axiom. exact ha.
* apply axiom. apply K.
- destruct j.
* simpl. apply (mp (Γ j)).
apply premise.
apply axiom. apply K.
* simpl.
apply derive_from_empty.
apply I.
- apply (mp (F ⇒ F0)).
* assumption.
* apply (mp (F ⇒ F0 ⇒ F')).
assumption.
apply axiom. apply S.
Qed.We give two corollaries.
Theorem K' {atoms : Set} (F G : @Wff atoms) :
empty_family ⊢ (F ⇒ G ⇒ G).
Proof.
apply deduction.
apply derive_from_empty.
apply I.
Qed.The next corollary shows that, in our deductive system, we can derive a transitivity property for the constructor ⇒.
Theorem conj_trans {atoms : Set} (F G H : @Wff atoms) :
empty_family ⊢ ((F ⇒ G) ⇒ (G ⇒ H) ⇒ (F ⇒ H)).
Proof.
apply deduction.
apply deduction.
apply deduction.
apply (mp G).
+ apply (mp F).
- exact (premise (inr tt)).
- apply (derivable_from_sum_family); apply (derivable_from_sum_family).
exact (premise (inr tt)).
+ apply derivable_from_sum_family.
exact (premise (inr tt)).
Qed.9.4 Soundness
Recall the following notation from Boolean semantics.
Notation "b ≼ b'" :=
(implb b b') (at level 99, right associativity).
Fixpoint eval {atoms : Set} (v : atoms → bool) (F : Wff)
: bool :=
match F with
| P i => v i
| F ⇒ F' => (eval v F) ≼ (eval v F')
end.We also recall the concept of entailment.
Definition Entails {atoms : Set} {I : Set}
(Γ : I → Wff) (F : Wff) :=
∀ v : atoms → bool,
(∀ i : I, eval v (Γ i) = true) → eval v F = true.
Infix "⊨" := Entails (at level 110, right associativity).Then we can prove that if a well-formed formula F is derivable from a family Γ on the syntactic side, then Γ entails F, meaning that for all valuations such that the formulas in Γ evaluate to true, the formula F also evaluates to true.
If we did not have that, then our logic would not be not very useful: soundness is usually considered a minimal requirement for a deductive system and its proposed semantics to have.
Theorem soundness {atoms : Set} {J : Set} :
∀ Γ : J → @Wff atoms, ∀ F : Wff, (Γ ⊢ F) → Γ ⊨ F.
Proof.
intros Γ F HF.
unfold Entails.
intros v Hv.
induction HF. (* as [a | j | F1 F2 IF1 IH1 IF2 IH2]. *)
+ induction ha.
all: simpl.
(* This works because all the axioms in our deductive system are semantically valid formulas. *)
- destruct (eval v A), (eval v B).
all: reflexivity.
- destruct (eval v A), (eval v B), (eval v C).
all: reflexivity.
+ exact (Hv j).
+ revert IHHF1 IHHF2.
simpl.
destruct (eval v F), (eval v F').
all: auto.
Qed.