This verification finishes the proof of completeness.

14.3* Other Proof Procedures and Hilbert’s Thesis

A great many other sound and complete proof procedures are known. We begin by considering modifications of our own procedure that involve only adding or dropping a rule or two, and first of all consider the result of dropping (R9). The following lemma says that it will not be missed. Its proof gives just a taste of the methods of proof theory, a branch of logical studies that otherwise will be not much explored in this book.

14.15 Lemma (Inversion lemma). Using (R0)–(R8):

(a)If there is a derivation of { A} , then there is a derivation of

{ A} .

(b)If there is a derivation of { A} , then there is a derivation of

{ A} .

Proof: The two parts are similarly proved, and we do only (a). A counterexample to the lemma would be a derivation of a sequent { A} for which no derivation of { A} is possible. We want to show there can be no counterexample by showing that a contradiction follows from the supposition that there is one. Now if there are any counterexamples, among them there must be one that is as short as

180 PROOFS AND COMPLETENESS

possible, so that no strictly shorter derivation would be a counterexample. So suppose that { A} is the sequent derived in such a shortest possible counterexample. We ask by what rule the last step { A} could have been justified.

Could it have been (R0)? If that were so, the counterexample would simply be the one-step derivation of { A} { A}, and we would have = , = { A}. The sequent { A} for which supposedly no derivation exists would then just be { A, A}. But there is a derivation of this sequent, in two steps, starting with { A} { A} by (R0) and proceeding to { A, A} by (R2a). So (R0) is excluded, and { A} must have been inferred from some earlier step or steps by one of the other rules.

Could it have been (R3)? If that were so, the counterexample would be a derivation

of

{ A} {(B C)}

where the last step was obtained from

{ A} {B, C} .

But then, since the derivation down to this last-displayed sequent is too short to be a counterexample, there will be a derivation of

{ A} {B, C} , and by applying (R3) we can then get

{ A} {(B C)} ,

which is precisely what we are supposed not to be able to get in the case of a counterexample to the lemma. Thus (R3) is excluded. Moreover, every case whereA is not an entering sentence is excluded for entirely similar reasons.

There remain to be considered three cases where A is an entering sentence. One case where A enters arises when { A} is obtained by (R1) from , where is a subset of not containing A and is a subset of . But in this case{ A} equally follows by (R1) from , and we have no counterexample.

If A enters when { A} is obtained by (R2b), the premiss must be{ A} itself or { A} { A} , and in the latter case, since the derivation of the premiss is too short to be a counterexample, there must exist a derivation of { A} { A} or { A} ; so we have no counterexample.

The other case where A enters arises when A is of the form B(s) and the last lines of the derivation are

{B(t)}

{s = t, B(s)}

using (R8b).

to which may be added the step

{s = t} {B(s)}

which follows by (R8a), and again we have no counterexample.

14.16 Corollary. Any sequent derivable using (R0)–(R9) is in fact derivable using only (R0)–(R8).

Proof: Suppose there were a counterexample, that is, a derivation using (R0)–(R9) the last step of which was not derivable using just (R0)–(R8). Among all such derivations, consider a derivation that is as short as possible for a counterexample.is not of the form { A} { A}, since any sequent of that form can be derived in one step by (R0). So in the sequent is inferred by from one or more premisses appearing as earlier steps. Since the derivation down to any earlier step is too short to be a counterexample, for each premiss there is a derivation of it using just (R0)–(R8). If there is only one premiss, let 0 be such a derivation of it. If there are more than one premiss, let 0 be the result of concatenating such a derivation for each premiss, writing one after the other. In either case, 0 is a derivation using only (R0)–(R8) that includes any and all premisses among its steps. Let be the derivation that results on adding as one last step, inferred by the same rule as in . If that rule was one of (R0)–(R8), we have a derivation of using only (R0)–(R8). If the rule was (R9a), then is of the form { A} , where we have a derivation of { A} using only (R0)–(R8). In that case, the inversion lemma tells us we have a derivation of , that is, of { A} , using only (R0)– (R8). Likewise if the rule was (R9b). So in any case, we have a derivation of using only (R0)–(R8), and our original supposition that we had a counterexample has led to a contradiction, completing the proof.

14.17 Corollary. The proof procedure consisting of rules (R0)–(R8) is sound and complete.

Proof: Soundness is immediate from the soundness theorem for (R0)–(R9), since taking away rules cannot make a sound system unsound. Completeness follows from completeness for (R0)–(R9) together with the preceding corollary.

Instead of dropping (R9), one might consider adding the following.

(R10) {(A → B)}

{ A}

.

{B}

14.18 Lemma (Cut elimination theorem). Using (R0)–(R9), if there are derivations of{(A → B)} and of { A} , then there is a derivation of {B} .

14.19 Corollary. Any sequent derivable using (R0)–(R10) is in fact derivable using only (R0)–(R9).

14.20 Corollary. The proof procedure consisting of rules (R0)–(R10) is sound and complete.

so soundness for (R0)–(R10) follows from the soundness theorem for (R0)–(R9). Completeness for (R0)–(R10) follows from the completeness theorem for (R0)–(R9), since adding rules cannot make a complete system incomplete.

Now Corollary14.19 follows, since the same sequents are derivable in any two sound and complete proof procedures: by Corollary14.17 a sequent will be derivable using (R0)–(R10) if and only if it is secure, and by Theorems 14.1 and 14.2 it will be secure if and only if it is derivable using (R0)–(R9).

And now Lemma 14.18 follows also, since if there are derivations of {(A → B)}and of { A} using (R0)–(R9), then there is certainly a derivation of{B} using (R0)–(R10) [namely, the one consisting simply of concatenating the two given derivations and adding a last line inferring {B} by (R10)], and by Corollary 14.19, this implies there must be a derivation of {B} using only (R0)–(R9).

Note the contrast between the immediately foregoing proof of the cut elimination lemma, Lemma 14.18, and the earlier proof of the inversion lemma, Lemma 14.15. The inversion proof is constructive: it actually contains implicit instructions for converting a derivation of { A} into a derivation of { A} . The cut elimination proof we have given is nonconstructive: it gives no hint how to find a derivation of {B} given derivations of { A} and {(A → B)} , though it promises us that such a derivation exists.

A constructive proof of the corollary is known, Gentzen’s proof, but it is very much more complicated than the proof of the inversion lemma, and the result is that while the derivation of { A} obtained from the proof of the inversion lemma is about the same length as the given derivation of { A} , the derivation of {B} obtained from the constructive proof of the foregoing corollary may be astronomically longer than the given derivations of {(A → B)} and{ A} combined.

So much for dropping (R9) or adding (R10). A great deal more adding and dropping of rules could be done. If enough new rules are added, some of our original rules (R0)–(R8) could then be dropped, since the effect of them could be achieved using the new rules. If we allowed & and officially, we would want rules for them, and the addition of these rules might make it possible to drop some of the rules for and , if indeed we did not choose to drop and altogether from our official language, treating them as abbreviations. Similarly for → and ↔.

In all the possible variations mentioned in the preceding paragraph, we were assuming that the basic objects would still be sequents . But variation is possible in this respect as well. It is possible, with the right selection of rules, to get by working only with sequents of form {D} (in which case one would simply write D), making deduction the central notion. It is even possible to get by working only with sequents of form (in which case one would simply write ), making refutation the central notion. Indeed, it is even possible to get by working only with sequents of form {D} (which in one would simply write D), making demonstration the central notion.

Just by way of illustration, the rules for a variant approach in which and → andand = are the official logical operators, and in which one works only with sequents of form D, are listed in Table 14-5.

Table 14-5. Rules of a variant sequent calculus

This variation can be proved sound and complete in the sense that a sequent D will be obtainable by these rules if and only if D is a consequence of . We give one sample deduction to give some idea how the rules work.

The lowercase Roman numerals (i)–(iii) associated with (Q0) indicate whether it is the first, second, or third sentence in = { A → B, B, A} that is playing the role of A in the rule (Q0).

In addition to such substantive variations as we have been discussing, considerable variations in style are possible, and in particular in typographical layout. For instance, if one opens an introductory textbook, one may well encounter something like what appears in Figure 14-1.

(i)~A → ~B

Figure 14-1. A ‘natural deduction’.

What appears in Figure 14-1 is really the same as what appears in Example 14.21, differently displayed. The form of display adopted in this book, as illustrated in Example 14.21, is designed for convenience when engaged in theoretical writing about deductions. But when engaged in the practical writing of deductions, as in introductory texts, the form of display in Figure 14-1 is more convenient, because it involves less rewriting of the same formula over and over again. In lines (1)–(7) in Figure 14-1, one only writes the sentence D on the right of the sequent D that occurs at the corresponding line in Example 14.21. Which of the sentences (i), (ii), (iii) occur in the set on the left of that sequent is indicated by the spatial position where D is written: if it is written in the third column, all of (i)–(iii) appear; if in the second, only (i) and (ii) appear; if in the first, only (i). Colloquially one sometimes speaks of deducing a conclusion D ‘under’ certain hypotheses , but in the form of display illustrated in Figure 14-1, the spatial metaphor is taken quite literally.

It would take us too far afield to enter into a detailed description of the conventions of this form of display, which in any case can be found expounded in many introductory texts. The pair of examples given should suffice to make our only real point here: that what is substantively the same kind of procedure can be set forth in very different styles, and indeed appropriately so, given the different purposes of introductory texts and of more theoretical books like this one. Despite the diversity of approaches possible, the aim of any approach is to set up a system of rules with the properties that if D is deducible from , then D is a consequence of (soundness), and that if D is a consequence of , then D is formally deducible from (completeness). Clearly, all systems of rules that achieve these aims will be equivalent to each other in the sense that D will be deducible from in the one system if and only if D is deducible fromin the other system. Except for one optional section at the end of the next chapter, there will be no further mention of the details of our particular proof procedure in the rest of this book.

A word may now be said about the relationship between any formal notion, whether ours or a variant, of deduction of a sentence from a set of sentences, and the notion in