Hedman. A First Course in Logic, 2004 (Oxford)

successor of x in ZS :

n−1

z1 z2 · · · zn S(x, z1) S(zi, zi+1) S(zn, y) .

i=1

If n is large, then this is not a formula of L3. However, we claim that it is equivalent to a L3 formula. We inductively define formulas ψi(x, y), for i N, that say y is the ith successor of x. We use the following convenient notation that allows us to keep track of bound variables as well as free variables.

Notation 1 We let ϕ(x1, . . . , xn | y1, . . . , ym) denote an arbitrary formula having free variables x1, . . . , xn and bound variables y1, . . . , ym. If a variable has both free and bound occurences within ϕ, then this variable is listed only as a free variable among the xis.

We now define the formulas ψi(x, y) for i N.

Let ψ1(x, y) be the formula S(x, y).

Let ψ2(x, y|z) be the formula z(S(x, z) S(z, y)).

For i ≥ 2, let ψi+1(x, y) be z(S(x, z) ψi(z, y|x)).

Note that x occurs in ψi(x, y|z) as both a free variable and a bound variable for i > 2.

Notation 2 For any formula ϕ, let V (ϕ) denote the number of variables occurring in ϕ.

Notation 3 Let qd(ϕ) denote the quantifier depth of ϕ defined inductively as follows: qd(ϕ) = 0 for atomic ϕ; qd(¬ϕ) = qd(ϕ); qd(ϕ ψ) = qd(ϕ ψ) = max{qd(ϕ), qd(ψ)}; and qd( xϕ(x)) = qd( xϕ(x)) = qd(ϕ(x)) + 1.

Example 10.4 For the formulas ψi(x, y|z) as defined above, V (ψi) = 3 and qd(ϕi) = i − 1.

Notation 4 Let M and N be structures in the same vocabulary V.

For k N, M ≡k N means that M |= ϕ if and only if N |= ϕ for any V-sentence ϕ with V (ϕ) ≤ k. That is M ≡k N means that M and N cannot be distinguished by sentences of the logic Lk.

For k and m in N, M ≡km N means M |= ϕ if and only if N |= ϕ for any V-sentence ϕ with V (ϕ) ≤ k and qd(ϕ) ≤ m.

We describe pebble games that determine whether or not two structures in the same relational vocabulary are equivalent with respect to various finite–variable logics. Recall the Ehrenfeucht–Fraisse game of length m from Section 9.2. This game is played with m pairs of pebbles and comprises m rounds.

Spoiler places di erent colored pebbles in each round. After m rounds, all of the pebbles have been placed and the game is over.

Proposition 10.5 Let V be relational and let M and N be V-structures. Duplicator prevents Spoiler from winning EFm(M , N ) if and only if M ≡mm N .

This is a restatement of Proposition 9.10.

We now define the k -pebble game of length m > k. Let M and N be structures in the relational vocabulary V. The k-pebble game of length m is denoted Pmk (M , N ). It is played just like EFk(M , N ) for the first k rounds. So after the first k rounds, there are k pebbles on each structure which are in one-to- one correspondence by color. But whereas EFk(M , N ) was finished at this point, Pmk (M , N ) is not. Spoiler continues the game by choosing one of the pebbles that has been placed and moving it to another element within the same structure. Duplicator then takes the pebble of the same color in the other structure and moves it. Play continues in this manner for m − k moves. We allow the possibility that m = ω, in which case play continues indefinitely. We omit the subscript and write P k(M , N ) to denote this version of the game. If at any point during the game the correspondence given by the color of the pebbles is not a partial isomorphism, Spoiler wins.

Proposition 10.6 Let M and N be structures in the same relational vocabulary. Duplicator prevents Spoiler from winning Pmk (M , N ) if and only if M ≡km N .

Proof This can be proved by extending the proof of Proposition 9.10.

Proposition 10.7 Let M and N be finite structures in the same relational vocabulary.

The following are equivalent:

(i)M and N satisfy the same sentences of Lkω1ω.

(ii)M ≡k N .

(iii)Duplicator prevents Spoiler from winning Pmk (M , N ) for each m.

(iv)Duplicator prevents Spoiler from winning P k(M , N ).

Sketch of proof It is clear that (i) implies (ii). By the previous proposition, (ii) implies (iii). That (iii) implies (iv) follows from the assumption that M and N are finite. Finally, (iv) implies (i) can be proved in the same manner as the previous proposition (using the idea of the proof of Proposition 9.10).

Example 10.8 Let M be a connected graph (not necessarily finite). Suppose that N ≡3 M . We claim that N is also a connected graph. That N is a graph follows from the fact that the axioms for the theory of graphs each use at most three variables. By compactness, there is no sentence that expresses connectivity. However, we claim that there does exist a set of sentences of L3 that expresses

412 Finite model theory

this. To see this, play the game P 3(M , N ). If N is not connected, then Spoiler can place pebbles on two vertices a and b of N such that there is no path from a to b in N . Duplicator must place his corresponding two pebbles on vertices of M . No matter which vertices c and d Duplicator chooses, there exists a path from c to d in M . Spoiler places her third pebble adjacent to c in M along the path toward d. Spoiler then removes the pebble from c and places it adjacent to the previous pebble. In this manner Spoiler “walks” the two pebbles toward the pebble on d. Eventually, these pebble will reach d at which point Spoiler wins the game. So if N is not connected, then Spoiler has a strategy for winning P 3(M , N ).

We can modify the k-pebble game of length m > k to obtain a game Cmk (M , N ) which captures the notion of Ck-equivalence. This game is again played by two players with k pairs of colored pebbles. But each round of Cmk (M , N ) consists of two steps. First, Spoiler selects a color, hazel say, and a finite subset X1 of either M or N . Duplicator then selects a subset X2 of the opposite structure so that |X2| = |X1|. Spoiler then places a hazel pebble onto an element of Xi for i = 1 or 2. Duplicator then places the other hazel pebble in X3−i. This is repeated k times after which all of the pebbles have been placed. As with Pmk (M , N ), Cmk (M , N ) continues for m − k rounds beyond the initial placing of the pebbles. Again, we allow for the possibility that m = ω in which case the game continues indefinitely. If at any time during the game, the color correspondence of pebbles does not define a partial isomorphism between M and N , Spoiler wins.

Proposition 10.9 Duplicator can always prevent Spoiler from winning Cmk (M , N ) if and only if M and N model the same sentences of Ck of quantifier depth at most m.

The proof of this proposition is similar to the proof of Proposition 9.10 in Section 9.2 (as are the proofs of Propositions 10.6 and 10.7). Detailed proofs of these propositions can be found in [11].

10.2 Classical failures

Many of the theorems of classical model theory fail when restricted to finite structures. We show that the Completeness and Compactness theorems become false statements when “satisfiable” is replaced by “finitely satisfiable.” Moreover, the set of finitely satisfiable sentences is not recursive. This is Trakhtenbrot’s theorem. We leave it as an exercise to show that certain preservation theorems and Beth’s Definability theorem no longer hold in the finite setting (Exercises 10.6– 10.8). The Downward L¨owenheim–Skolem theorem, as stated in Theorem 4.33,

remains true but becomes trivial. The Upward L¨owenheim–Skolem theorem cannot be formulated for finite structures. In short, many of the essential methods and tools of classical model theory cannot be applied in finite model theory.

A key result of Chapter 4 states that every model has a theory and every theory has a model (Theorem 4.27). In finite model theory, this is only half true. It is true that every finite model has a theory. In fact, every finite model has a finitely axiomatizable theory (by Proposition 2.81). It is not true that every theory has a finite model. Most theories discussed in Chapters 5 and 6 have no finite model. We show that the consequences of Theorem 4.27 also do not hold in the finite.

Proposition 10.10 (Failure of Compactness) There exists a set of first-order sentences Γ such that every finite subset of Γ is finitely satisfiable, but Γ is not.

Proof Let Γ = { ≥nx(x = x)|n N}.

In Chapter 4, we deduced the compactness of first-order logic from completeness. Following this same argument, we deduce the failure of completeness from the failure of compactness. The argument from Chapter 4 goes as follows. By the finite nature of proofs:

Γ ϕ implies ∆ ϕ

for some finite subset ∆ of Γ. By the definition of “|=,”

∆ |= ϕ implies Γ |= ϕ.

Completeness provides the vertical arrows in the diagram:

Γ |= ϕ ∆ |= ϕ

''

Γ ϕ ∆ ϕ.

So Γ |= ϕ if and only if ∆ |= ϕ for some finite subset ∆ of Γ. If we take ϕ to be a contradiction, then this is precisely compactness.

Proposition 10.11 (Failure of Completeness) There does not exist a formal proof system for first-order logic that is both sound and complete with respect to finite satisfiability.

Proof Replace |= with |=fin in the above argument and use Γ = { ≥nx(x = x)|n N} to derive a contradiction.

These are failures not only of first-order logic, but also the finite-variable logics of the previous section. Since the set Γ used in the proofs of Propositions 10.10 and 10.11 is a set of sentences of C1, these propositions hold for the logics Ck. To see that the same is true for the logics Lk, replace Γ with the

following set of L1 sentences in a vocabulary containing unary function f :

{ x¬(f (x) = x), x¬(f (f (x)) = x), x¬(f (f (f (x))) = x), . . .}.

We next prove a result that is stronger than Proposition 10.11. Consider the following decision problems:

•The Finite Satisfiability Problem: Given a first-order sentence, determine whether or not it is finitely satisfiable.

•The Finite Validity Problem: Given a first-order sentence, determine whether or not it is finitely valid.

We show that the Finite Satisfiability Problem is not decidable. Equivalently, we show that the set of finitely satisfiable sentences is not recursive. As a corollary to this, we show that the Finite Validity Problem is not semi-decidable. In contrast, the validity problem for first-order logic is semi-decidable. By the Completeness theorem, we can derive every valid sentence from the basic rules for deduction in Chapter 3. In the finite setting, not only does the Completeness theorem fail, but there is no way to recursively enumerate all of the finitely valid sentences. This is Trakhtenbrot’s theorem.

Theorem 10.12 (Trakhtenbrot) The set of finitely satisfiable sentences is not recursive.

Proof Given T ++ program Pe, we write a first-order sentence ϕe such that ϕe is finitely satisfiable if and only if Pe halts on input 0. This reduces the Finite Satisfiability Problem to the Halting Problem. The Halting Problem is undecidable by Proposition 7.48. If we successfully define ϕe, then we can conclude that the Finite Satisfiability Problem, too, is undecidable.

So it su ces to define the sentence ϕe. This sentence has the form

ϕ< ϕs ϕp ϕc θinit θhalt ψ1 ψ2 · · · ψL,

where L is the number of lines in Pe. To describe the sentence ϕe we describe each of the sentences in this conjunction one-by-one.

The sentence ϕ< is a sentence in the vocabulary {<} saying that < is a discrete linear order of the underlying set and there exists a smallest element and a largest element in this order. By a discrete linear order, we mean that for each element x other than the maximal element, there exists a least element greater than x. That is, every element other than the maximal element has a successor. The sentence ϕs says that the unary function s is the successor function. To make this a total function, we say that, if x is maximal, then s(x) = x. Likewise, ϕp says that the unary function p is the predecessor function and define p(x) = x for the smallest element. Since both s and p are definable in terms of <, the inclusion of these functions is not necessary but convenient.

So ϕ<, ϕs, and ϕp are sentences in the vocabulary {<, s, p}. We expand this vocabulary by adding constants C = {0, 1, 2, 3, . . . , L, L + 1} where L is the number of lines in Pe. The sentence ϕc describes these constants. It says 0 is the smallest element of the order and that i + 1 is the successor of i for i = 0, . . . , L:

p(0) = 0 s(0) = 1 s(1) = 0 s(1) = 2 · · · s(L) = L + 1.

To describe the sentences ψi, we expand the vocabulary again. Recall the coding process from Section 7.4. In particular, note that if j > e, then the program Pe cannot possibly mention bin Bj and its contents remain empty throughout the computation. To see that this is correct, suppose that Add Bj occurs as line (i) of Pe. Then p4i j occurs as a factor of e and so e must be bigger than j. The vocabulary of ψi includes unary functions l and bi for i = 1, . . . , e. Let Ve denote this vocabulary: Ve = {<, s, p, l, b1, . . . , be, 0, 1, . . . , L, L + 1}.

The sentences ψi have an intended interpretation. Suppose we run the program Pe on a T -machine beginning with all of the bins empty. The T -machine will execute the commands of Pe one-by-one in the order dictated by Pe. Each element of our underlying set is intended to represent a “step” of this computation. The function bi(x) represents the value of Bi after step x of the computation and l(x) represents the line of the program to be read next. The sentence θinit describes the initial configuration of the T -machine:

Each ψi for i > 0 corresponds to a line of the program. The lines of the program are not to be confused with the steps of the computation. The lines of the program are (1), (2), . . . , (L). The computation of the program may take any number of steps. The computation begins with line (1), but it then may jump to any other line (if the GOTO command occurs) and it may execute the same line several times within a loop. The T -machine continues to execute until it is told to read a line of the program that does not exist. If this happens, then the machine halts. The sentence θhalt expresses this as

x((l(x) = 0 l(x) = L + 1) → (s(x) = x (x < L + 1 S(L + 1) = L + 1))).

This sentence says that if the next line to be read after step x is either line (0) or line (L + 1), then the computation is finite (either x or L + 1 is the maximal element in the order).

The sentence ψi describes line (i) of Pe. We demonstrate this sentences with a few examples.

• If “(9) Add 4” occurs as the ninth line of Pe, then ψ9 is

• If line (4) is GOTO 12, then there are two possibilities. If there is no line (12) in the program, then ψ4 is

e

l(x) = 4 → l(s(x)) = 0 bi(s(x)) = bi(x) .

i=1

Note that l(s(x)) = 0 implies that Pe halts at step x + 1 (by θhalt). Otherwise, if line (12) does exist, then replace l(s(x)) = 0 in this sentence with l(s(x)) = 12.

• If line (1) is RmvP B6, then ψ1 is the sentence

(b6(x) = 0 → l(s(x)) = s(l(x))) (b6(x) > 0 → l(s(x)) = p(l(x))).

In this manner, each line of the program can be expressed as a Ve-sentence. This completes the description of the Ve-sentence ϕe. The computation of Pe on input 0 can be viewed as a model of this sentence. Moreover, any finite model describes such a computation. By design, ϕe has a finite model if and only if Pe halts on input 0. Since the Halting Problem is undecidable, so is the Finite Satisfiability Problem.

Corollary 10.13 (Trakhtenbrot) The set of finitely valid sentences is not recursively enumerable.

Proof We claim that the set of finitely satisfiable sentences is recursively enumerable. Given a sentence ϕ, we can consider each of the finitely many structures in the vocabulary of ϕ having size n for n = 1, 2, 3, . . . . If ϕ has a finite model, then (theoretically if not practically) we can find such a model in a finite number of steps. Since the set of finitely satisfiable sentences is not recursive by the previous theorem, the complement of this set cannot be recursively enumerable. The compliment is the set of sentences that are not satisfiable in a finite structure. A sentence ϕ is not finitely satisfiable if and only if ¬ϕ is finitely valid. It follows that the set of finitely valid sentences too is not recursively enumerable.

interpreted by each structure in S(V) as a linear order, then the ϕ-S problem is in P if and only if ϕ is equivalent to a sentence in SO-Horn. This is Gr¨adel’s theorem.

The following proposition supplies one direction of Fagin’s theorem.

Proposition 10.14 If ϕ is equivalent to a sentence in SO, then the ϕ-S problem is in NP.

Proof Suppose that ϕ is equivalent to a sentence in SO having k existential second-order quantifiers. We proceed by induction on k. For the base step, we take k = 0. In this case, ϕ is first-order and the proposition is a restatement of Exercise 7.37. (This exercise is easily verified by induction on the complexity of ϕ.) Now suppose ϕ has the form:

1R1i1 2R2i2 · · · k+1Rkik+1 ψ,

where ψ is first-order. Given a structure M in S as input, choose an arbitrary subset of U i1 where U is the underlying set of M . Let M1 be the expansion of M to the vocabulary V {R1} that interprets the i1-ary relation R1 as the arbitrarily chosen set. By induction, there is a nondeterministic algorithm that determines whether or not the second-order (V {R1})-sentence 2R2i2 · · · k+1 ψ holds in M1. If M1 models this sentence, then M models ϕ. Thus, we have a nondeterministic polynomial-time algorithm for the ϕ-S Problem.

The following proposition supplies one direction of Gr¨adel’s theorem.

Proposition 10.15 If ϕ is equivalent to a sentence in SO-Horn, then the ϕ-S Problem is in P.

Proof The proof we shall give works regardless of the number of second-order variables. For convenience, suppose that ϕ has the form Rkψ0 for some Horn sentence ψ0. So ψ0 has the form x1 · · · xtψ(x1, . . . , xt), where ψ(¯x) is a disjunction of conjunction of literals in the vocabulary V {R}. Now suppose we are given a finite V-structure M . We describe a procedure for determining whether or not M |= ϕ.

There are |M |t t-tuples of elements in the underlying set of M . For each t-tuple a¯, we consider the sentence ψ(¯a). For each V-literal in this sentence we check to see whether or not the literal holds for a¯ in M . If it is false, we delete that literal from the sentence ψ(¯a), and if it is true, we delete each clause containing that literal. In this way, we reduce the above sentence to a sentence θa¯ in the vocabulary {R, a1, . . . , at}. Let σ denote the conjunction of the sentences θa¯ taken over all t-tuples a¯ in M .

The sentence σ is satisfiable if and only if there exists some interpretation of R on M that makes ψ(¯a) true for each a¯ in M . That is, σ is satisfiable if and only if M |= ϕ. Since ψ is a Horn formula, σ is a Horn sentence (the conjunction of Horn sentences is Horn). Since it is a quantifier-free sentence, we may regard σ as a formula of propositional logic and use the Horn algorithm from Section 1.7. This is a polynomial-time algorithm.

Prior to proving the converses to these propositions, we prove a far weaker statement. Suppose that a ϕ-S problem is decided by a polynomial-time T ++ program. Since the programming language T ++ is extremely ine cient, this is a strong hypothesis. We show that, if this hypothesis holds, then ϕ is equivalent to a sentence of SO. We prove this by analyzing the proof of Trakhtenbrot’s theorem. Gr¨adel’s theorem and Fagin’s theorem are proved by extending this analysis.

Proposition 10.16 Let S be a set of finite V-structures and let ϕ be a V-sentence such that the ϕ-S problem can be decided by a T ++ program that runs in polynomial time. Then ϕ is equivalent to a sentence in SO.

Proof For convenience, suppose that V = {R} and S is the set of finite graphs. We describe a SO sentence Ψ such that G |= Ψ if and only if G |= ϕ for any finite graph G.

Let Pe be a T ++ program that decides whether or not a given graph models ϕ. Recall the sentence ϕe from the proof of Trakhtenbrot’s theorem. This is defined as the sentence ϕ< ϕs ϕp ϕc θinit θhalt ψ1 ψ2 · · · ψL in the vocabulary Ve = {<, s, p, l, b1, . . . , be, 0, 1, . . . , L, L + 1}. Let us simplify this vocabulary. Note that the constants are not necessary since each of the elements represented by 0, . . . , L + 1 is definable (they are the first L + 2 elements of the order). So we may replace each constant in ϕe with a subformula that defines the same element. We may also replace each function in ϕe with a relation. That is, replace the unary successor function s with the binary successor relation S, the unary function l with a binary relation LINE , b1 with BIN 1 and so forth. Let ϕE be the result of these changes. Consider the SO sentence

<2 S2 P 2 LINE 2 BIN 21 · · · BIN 2eϕE .

Let us abbreviate this sentence RELAT ION SϕE .

If a structure M models RELATIONS ϕE , then Pe must halt on input 0. In particular, given a finite graph G, if G |= RELATIONS ϕE , then Pe halts on input 0. We want a sentence that tells us whether or not Pe halts given input G. For this, we must alter the subformula θinit of ϕe. Recall that θinit describes the