Hedman. A First Course in Logic, 2004 (Oxford)

Step 2: Get rid of all double negations and apply DeMorgan’s rules wherever possible. That is, replace all subformulas of the form

¬¬G with G,

¬(G H) with (¬G ¬H), and

¬(G H) with (¬G ¬H).

When there are no subformulas having these forms, proceed to Step 3.

Step 3: Apply the distributivity rule for wherever possible. That is, replace all subformulas of the form

(G (H K)) or ((H K) G) with ((G H) (G K)).

If we rid our formula of these subformulas, then we are left with a formula in CNF. If we change Step 3 to distributivity for , then we would get a formula in DNF.

Example 1.58 We demonstrate the CNF algorithm with

F = (A B) → (¬B A).

In Step 1, we get rid of →, rewriting the formula as

¬(A B) (¬B A).

In Step 2, we apply DeMorgan’s rule to obtain

(¬A ¬B) (¬B A)

Proceeding to Step 3, we see that the formula in Step 2 is in DNF. In particular it has the form (G (H K)) (taking G = (¬A ¬B)). By distributivity, we get

((¬A ¬B) ¬B) ((¬A ¬B) A).

We still have two ’s that need to be distributed:

(¬A ¬B) (¬B ¬B) (¬A A) (¬B A).

Now there are no subformulas of the form (G (H K)) or ((H K) G) and so we are done with Step 3. We see that we have a formula in CNF as was promised. This formula is not written in the best form. Since (¬A A) is a tautology, the above formula is equivalent to (¬A ¬B) (¬B) (¬B A) which is equivalent to (A ¬B) (¬A ¬B). Note that this is the same formula we obtained from the truth table following the proof of Theorem 1.57.

Inspecting the CNF algorithm, we see that Theorem 1.57 can be strengthened. This theorem states that for any formula F there exist formulas F1 in CNF and F2 in DNF that are equivalent to F . We now claim that F1

and F2 are provably equivalent to F . To see this, consider the algorithm step- by-step. In each step we replace certain subformulas with equivalent formulas. In each case we can formally prove the equivalence. For convenience, we use the notation F G to abbreviate “F and G are provably equivalent.”

Step 1:

F→ G (¬F G) by → -Definition

F↔ G (¬F G) (¬G F )by ↔ -Definition and → -Definition.

Step 2:

¬¬G G by Double negation and Example 1.43.

¬(G H) (¬G ¬H) by Proposition 1.44 (DeMorgan’s rules).

¬(G H) (¬G ¬H) by Proposition 1.44 (DeMorgan’s rules).

Step 3:

(G (H K)) ((G H) (G K)) by Proposition 1.46( -Distributivity).

((H K) G) ((G H) (G K)) by -Symmetry and Proposition 1.46.

By Theorem 1.50, the result F1 of this algorithm is provably equivalent to F . Likewise, F2 and F are provably equivalent. We record this strengthening of Theorem 1.57 as follows.

Proposition 1.59 For every formula F there exist formulas F1 in CNF and F2 in DNF such that F , F1, and F2 are provably equivalent.

1.7 Horn formulas

A Horn formula is a particularly nice type of formula in CNF. There is a quick method for determining whether or not a Horn formula is satisfiable. We discuss both this method and what is meant by “quick.”

Definition 1.60 A formula F is a Horn formula if it is in CNF and every disjunction contains at most one positive literal.

Clearly, the conjunction of two Horn formulas is again a Horn formula. This is not true for disjunctions.

Example 1.61 The formula A (¬A ¬B C) (¬B D) (¬C ¬D) is a Horn formula. The formula A B is not a Horn formula.

A basic Horn formula is a Horn formula that does not use . For example, (¬A ¬B C), A, and (¬B ¬D) are basic Horn formulas. Every Horn formula is a conjunction of basic Horn formulas.

There are three types of basic Horn formulas: those that contain no positive literal (such as (¬B ¬D)), those that contain no negative literals (such as A), and those that contain both a positive literal and negative literals (such as (¬A ¬B C)). If a basic Horn formula contains both positive and negative literals, then it can be written as an implication involving only positive literals. For example, (¬A ¬B C) is equivalent to (A B) → C. If a basic Horn formula contains no positive literal, then it can be written as an implication involving a contradiction. For example, if is a contradiction, then (¬B ¬D) is equivalent to (B D) → . Otherwise, if a basic Horn formula contains no negative literals, then it is an atomic formula. We can again write this as an implication if we wish. The atomic formula A is equivalent to T → A, where T is a tautology. In this way every basic Horn formula can be written as an implication and every Horn formula can be written as a conjunction of implications.

Example 1.62 The Horn formula in Example 1.61 can be written as follows:

(T → A) ((A B) → C) (B → D) ((C D) →).

Suppose we are given a Horn formula H and want to decide whether or not it is satisfiable. We refer to this decision problem as the Horn satisfiability problem. Unlike the other decision problems we have seen, there is an e cient algorithm for resolving the Horn satisfiability problem. There are three steps in this algorithm corresponding to the three types of basic Horn formulas. We assume that the Horn formula has been given as a conjunction of implications.

The Horn algorithm

Given a Horn formula H written as a conjunction of implications, list the atomic formulas occuring in H.

Step 1: Mark each atomic formula A in the list that is in a subformula of the form (T → A).

Step 2: If there is a subformula of the form (A1 A2 · · · Am) → C where each Ai has been marked and C has not been marked, then mark C. Repeat this step until there are no subformulas of this form and then proceed to step 3.

Step 3: Consider the subformulas of the form (A1 A2 . . . Am) →. If there exists such a subformula where each Ai has been marked, then conclude “No, H is not satisfiable.” Otherwise, conclude “Yes, H is satisfiable.”

Example 1.63 We demonstrate the Horn algorithm. Let H be the formula

(T → A) (C → D) ((A B) → C) ((C D) → ) (T → B).

The atomic subformulas of H are A, B, C, and D.

In Step 1 of the algorithm, since H has subformulas (T → A) and (T → B) we mark both A and B.

In Step 2, since H has subformula (A B) → C, we mark C. Now that C has been marked, we must also mark D because of the subformula (C → D).

In Step 3, since H has subformula (C D) → , the algorithm concludes “No, H is not satisfiable.”

Note that for the Horn formula in Example 1.62, the Horn algorithm yields a di erent conclusion.

We want to show that, for any given Horn formula, the Horn algorithm works quickly. First we show that it works.

Proposition 1.64 The Horn algorithm concludes “Yes, H is satisfiable” if and only if H is satisfiable.

Proof Let S = {C1, C2,. . . , Cn} be the set of atomic formulas occuring in H. After concluding the algorithm, some of these atomic formulas have been marked.

Suppose H is satisfiable. Then there exists an assignment A of S such that A |= H. For each basic Horn subformula B of H, A(B) = 1. If B has the form (T → Ci), then A(Ci) = 1. If B has the form (C1 C2 · · · Cm) → D where each A(Ci) = 1, then A(D) also equals 1. It follows that A(Ci) = 1 for each Ci that has been marked.

Suppose for a contradiction that the algorithm concludes “No, H is not satisfiable.” This only happens if there exists a subformula B of the form (A1 A2 · · · Am) → where each Ai has been marked. Since each Ai has been marked, A(Ai) = 1 for each Ai. By the semantics of → (Table 1.4), we have A(B) = 0 which is a contradiction. So if H is satisfiable, then the algorithm concludes “Yes, H is satisfiable.”

Conversely, suppose that the algorithm concludes “Yes, H is satisfiable.” Let A0 be the assignment of S defined by A0(Ci) = 1 if and only if Ci is marked. We claim that A0 |= H. It su ces to show that A0 models each basic Horn subformula of H.

Let B be a basic Horn formula that is a subformula of H. If B has the form (T → A), then A is marked in Step 1 of the algorithm and so A0(B) = 1. Otherwise B has the form (A1 A2 · · · An) → G where G is either an atomic formula or a contradiction . If A0(Ai) = 0 for some i, then A0(B) = 1. So assume that A0 models each Ai. Then each Ai has been marked. Since the algorithm concluded “Yes,” G is not . So G is an atomic formula. Since each

Ai is marked, G is also marked (Step 2 of the algorithm). Since A0(G) = 1, we have A0(B) = 1.

So the Horn algorithm works. Given any Horn formula H, the algorithm correctly determines whether or not H is satisfiable. We now consider the following question. How many steps does it take the Horn algorithm to reach a conclusion? The answer depends on the length of the input H. Suppose that the formula H is a string of n symbols, where n is some large natural number. We claim that the Horn algorithm concludes in fewer than n2 steps.

To verify this claim, we count the number of steps in the Horn algorithm. But what exactly is meant by a “step?” Looking at the algorithm, we see that there are three steps named Step 1, Step 2, and Step 3. This is not what is meant. We may have to repeat Step 2 more than once in which case it will take more than three steps to reach a “yes” or “no” answer. We precisely define what constitutes a “step of an algorithm” in Chapter 7. For the time being, let us count the number of times we must read the input H.

First we read the formula H symbol-by-symbol from left to right and list all of its atomic subformulas. Since H contains n symbols, there are at most n atomic formulas in our list. Then, in Step 1, we read through H again, this time looking for any occurences of the tautology T . We mark the appropriate atomic formulas. In Step 2, we are in search of subformulas of the form (A1 A2 · · · Am) → C where each Ai has been marked. If we find such a subformula where C has not been marked, then we mark C. Having marked a new atomic formula, we may have created new subformulas of the form (A1 A2 · · · Am) → C where each Ai has been marked. Each time we mark a formula in Step 2, we must go back and read H again. Since we can mark at most n atomic formulas, we must repeat Step 2 no more than n times. Finally, in Step 3, we must read H one more time (looking for ), to reach the conclusion. In all, we must read H at most 1 + 1 + n + 1 = n + 3 times to arrive at a conclusion. Since n2 > n + 3 for n > 2, this verifies our claim.

Definition 1.65 An algorithm is polynomial-time if there exists a polynomial p(x) such that given input of size n, the algorithm halts in fewer than p(n) steps.

The class of all decision problems that can be resolved by some polynomialtime algorithm is denoted by P.

If an algorithm is not polynomial-time, then by any measure, it is not quick. The previous discussion shows that the Horn algorithm is polynomial-time and so the Horn satisfiability problem is in P. In contrast, consider the following decision problems.

Validity problem: Given formula F , is F valid? Satisfiability problem: Given formula F , is F satisfiable?

Consequence problem: Given formulas F and G, is G a consequence of F ? Equivalence problem: Given formulas F and G, are F and G equivalent?

In some sense, these four problems are really the same. Any algorithm that works for one of these problems also works for all of these problems. If we had an algorithm for the Validity problem, for example, then we could use it to resolve the Satisfiability problem since F is satisfiable if and only if ¬F is not valid. Similarly, any algorithm for the Satisfiability problem can be used for the Consequence problem since G is a consequence of F if and only if ¬(F → G) is not satisfiable. Clearly, any algorithm for the Consequence problem can be used (twice) to resolve the Equivalence problem. Finally, given an algorithm that decides the Equivalence problem, we can check whether F is equivalent to a known tautology T to resolve the Validity problem. In particular, if one of these four problems is in P then all four are.

Truth tables provide an algorithm for solving each of these problems. For the Satisfiability problem, we first compute a truth table for F and then check to see if its truth value is ever one. This algorithm certainly works, but how many steps does it take? Computing the truth table is not just one step. Again, we count how many times we are required to read the input F . If F has n atomic formulas, then the truth table for F has 2n rows. We must refer to F to compute each of these rows. So we must read the input at least 2n times. This is exponential and not a polynomial. Given any polynomial p(x), 2n is larger than p(n) for su ciently big values of n. So this algorithm is not polynomial-time.

It is not known whether the Satisfiability problem (and the other three decision problems) is in P. We do not know of a polynomial-time algorithm for satisfiability, but this does not mean one does not exist. If someone could find such an algorithm, or prove that no such algorithm exists, then it would answer one of the most famous unsolved questions of mathematics: the P = NP question. We will define NP and discuss this problem in Chapter 7. For now, we merely point out that we do not present an e cient algorithm for the Satisfiability problem and such an algorithm probably does not exist.

We do, however, present an algorithm that is an alternative to truth tables for the Satisfiability problem. Formal proofs avoid truth tables, but do not always resolve this decision problem. Given a formula F , we can use formal proofs to show that F is unsatisfiable (by demonstrating that ¬F ), but we cannot show that F is satisfiable. Likewise, formal proofs can establish that a formula is valid or that one formula is a consequence of another, but they cannot show a formula to be not valid or not a consequence of another. If we find a formal proof for {F } G then we can rightly conclude “yes, G is a consequence of F .” But if G is not a consequence of F , then we will forever search in vain for a proof and never reach a conclusion. In the next section we present resolution, a refinement of formal proofs that does provide an algorithm (although not polynomial-time) for these decision problems.

1.8 Resolution

Resolution is a system of formal proof that involves a minimal number of rules. One of the rules is a variation of the cut rule. This rule states that from the formulas (F → G) and (G → H), we can deduce the formula (F → H). Another rule is a variation of the Substitution rule stated as follows.

Let H be a formula that contains F as a subformula. If G ≡ F , then we can deduce H form H where H is the formula obtained by replacing some occurrence of F in H with G.

That is, we consider Theorem 1.49 as a rule for deduction. This is really many rules in one, so we are kind of cheating to get few rules. In particular, for any pair of equivalent formulas F and G, we can deduce G from F . It may seem that this defeats one of our purposes: the Equivalence problem. However, the Substitution rule can be relaxed somewhat. The main purpose of this rule is to put the formulas into CNF. The crux of resolution is that, once the formulas are in CNF, we need only two rules to deduce everything. This will provide an algorithm for the Equivalence problem and the other decision problems from the previous section. It also brings us one step closer to proving the Completeness theorem for propositional logic.

1.8.1 Clauses. Suppose F is a formula in CNF. Then F is a conjunction of disjunctions of literals. We refer to a disjunction of literals as a clause. For convenience, we write each clause as a set. We regard

L1 L2 · · · Ln as the set {L1, L2, . . . , Ln}.

Any formula that is a disjunction of literals uniquely determines such a set. However, the set does not uniquely determine the formula. Recall that two sets are equal if and only if they contain the same elements. Order and repetition do not matter. For example, the formulas (L1 L2), (L2 L1), and (L1 L2 L2) each give rise to the same set {L1, L2}. Although these formulas are not identical, they are equivalent.

Proposition 1.66 Let C and D be clauses. If C and D are the same when viewed as sets, then C ≡ D.

Proof Let S be the set of literals occuring in C. Both C and D are equivalent to the disjunction of the literals in S.

If F is in CNF, then F is a conjunction of clauses and we can write F as a set of sets. We regard F as the set {C1, . . . , Cn} where the Cis are the clauses occuring in F (written as sets). For example, we regard the formula

(A B ¬C) (C D) ¬A (¬B ¬D), as the following set of four clauses

{{A, B, ¬C}, {C, D}, {¬A}, {¬B, ¬D}}.

Proposition 1.67 Let F and G be two formulas in CNF. If F and G are the same when viewed as sets, then F ≡ G.

Proof Let C be the set of clauses occuring in F . Both F and G are equivalent to the conjunction of the clauses in C. This proposition then follows from Proposition 1.66.

Throughout this section, we regard any formula in CNF as both a formula and as a set of clauses. If F and G are formulas in CNF, then their conjunction may be written either as the formula F G or as the set F G. By the previous proposition, there is no ambiguity in regarding F as both set and formula. However, we stress that viewing formulas as sets only makes sense for formulas in CNF. In particular, there is no nice set theoretic counterpart for disjunction or negation. The formulas F G and ¬F are not in CNF and cannot be viewed as sets of clauses.

1.8.2 Resolvents Given a formula in CNF, resolution repeatedly uses two rules to determine whether or not the formula is satisfiable. One of these rules states that any clause of F can be deduced from F . The other rule involves the resolvent of two clauses. We now define this notion.

Definition 1.68 Let C1 and C2 be two clauses. Suppose that A C1 and ¬A C2 for some atomic formula A. Then the clause R = (C1 − {A}) (C2 −

{¬A}) is a resolvent of C1 and C2.

We represent this situation graphically by the following diagram:

R

Example 1.69 Let C1 = {A1, ¬A2, A3} and C2 = {A2, ¬A3, A4}. Since A3 C1 and ¬A3 C2 we can find a resolvent.

Example 1.70 The resolvent of two clauses is not necessarily unique. In the previous example, since ¬A2 C1 and A2 C2, we also have

We now list the three rules for deduction used in resolution.

•Let G be any formula. Let F be the CNF formula resulting from the CNF algorithm when applied to G. Then F can be deduced from G.

•Let F be a formula in CNF. Any clause of F can be deduced from F .

•Let F be a formula in CNF. Any resolvent of two clauses of F can be deduced from F .

Remarkably, these three rules su ce for propositional logic. Resolution is complete. Prior to proving this fact, we must verify that these rules are sound. We show something stronger. We show that each of these rules can be derived using formal proofs. In the first rule, F can be derived from G by Proposition 1.59. If C is a clause of F , then we can derive C from F using -Symmetry and-Elimination.

It remains to be shown that R can be derived from F where R is a resolvent of two clauses of F . Note the similarity between this and the Cut rule. Let C1 and C2 be as in Example 1.69. Then C1 is equivalent to (¬A1 A2) → A3 and C2 is equivalent to A3 → (A2 A4). The Cut rule states that from these formulas we can derive the formula (¬A1 A2) → (A2 A4). This formula is equivalent to the resolvent obtained in Example 1.69.

Proposition 1.71 Let C1 and C2 be clauses and let R be a resolvent of C1 and C2. Then {C1, C2} R.

Proof Since C1 and C2 have a resolvent, there must exist an atomic formula A such that A is in one of these clauses and ¬A is in the other. With

(¬A G) for some clause G. The formula (F G) is a resolvent of C1 and C2. We may assume that R is this resolvent. We provide a formal proof for

{C1, C2} R.

Premise: F (A F ) and F (¬A G)

Conclusion: F (F G).