HANDBOOK OF PHILOSOPHICAL LOGIC 2ND EDITION VOLUME 13
HANDBOOK OF PHILOSOPHICAL LOGIC 2nd Edition Volume 13 edited by...
121 downloads
827 Views
7MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
HANDBOOK OF PHILOSOPHICAL LOGIC 2ND EDITION VOLUME 13
HANDBOOK OF PHILOSOPHICAL LOGIC 2nd Edition Volume 13 edited by D.M. Gabbay and F. Guenthner
Volume 1 – ISBN 0-7923-7018-X Volume 2 – ISBN 0-7923-7126-7 Volume 3 – ISBN 0-7923-7160-7 Volume 4 – ISBN 1-4020-0139-8 Volume 5 – ISBN 1-4020-0235-1 Volume 6 – ISBN 1-4020-0583-0 Volume 7 – ISBN 1-4020-0599-7 Volume 8 – ISBN 1-4020-0665-9 Volume 9 – ISBN 1-4020-0699-3 Volume 10 – ISBN 1-4020-1644-1 Volume 11 – ISBN 1-4020-1966-1 Volume 12 – ISBN 1-4020-3091-6
HANDBOOK OF PHILOSOPHICAL LOGIC 2nd EDITION VOLUME 13 Edited by D.M. GABBAY King’s College, London, U.K. and
F. GUENTHNER Centrum für Informations- und Sprachverarbeitung, Ludwig-Maximilians-Universität München, Germany
A C.I.P. Catalogue record for this book is available from the Library of Congress.
ISBN-10 ISBN-10 ISBN-13 ISBN-13
1-4020-3520-9 (HB) 1-4020-3521-7 (e-book) 978-1-4020-3520-3 (HB) 978-1-4020-3521-0 (e-book) Published by Springer, P.O. Box 17, 3300 AA Dordrecht, The Netherlands. www.springeronline.com
Printed on acid-free paper
All Rights Reserved © 2005 Springer No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, microfilming, recording or otherwise, without written permission from the Publisher, with the exception of any material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Printed in the Netherlands.
CONTENTS
Preface to the Second Edition Dov M. Gabbay The Practical Turn in Logic Dov M. Gabbay and John Woods
7 15
Fibring of Logics as a Universal Construction Carlos Caleiro, Walter Carnielli, Jo˜ a ˜o Rasga and Cristina Sernadas
123
Provability Logic Sergei N. Artemov and Lev D. Beklemishev
189
Index
361
PREFACE TO THE SECOND EDITION It is with great pleasure that we are presenting to the community the second edition of this extraordinary handbook. It has been over 15 years since the publication of the first edition and there have been great changes in the landscape of philosophical logic since then. The first edition has proved invaluable to generations of students and researchers in formal philosophy and language, as well as to consumers of logic in many applied areas. The main logic article in the Encyclopaedia Britannica 1999 has described the first edition as ‘the best starting point for exploring any of the topics in logic’. We are confident that the second edition will prove to be just as good! The first edition was the second handbook published for the logic community. It followed the North Holland one volume Handbook of Mathematical Logic, published in 1977, edited by the late Jon Barwise. The four volume Handbook of Philosophical Logic, published 1983–1989 came at a fortunate temporal junction at the evolution of logic. This was the time when logic was gaining ground in computer science and artificial intelligence circles. These areas were under increasing commercial pressure to provide devices which help and/or replace the human in his daily activity. This pressure required the use of logic in the modelling of human activity and organisation on the one hand and to provide the theoretical basis for the computer program constructs on the other. The result was that the Handbook of Philosophical Logic, which covered most of the areas needed from logic for these active communities, became their bible. The increased demand for philosophical logic from computer science and artificial intelligence and computational linguistics accelerated the development of the subject directly and indirectly. It directly pushed research forward, stimulated by the needs of applications. New logic areas became established and old areas were enriched and expanded. At the same time, it socially provided employment for generations of logicians residing in computer science, linguistics and electrical engineering departments which of course helped keep the logic community thriving. In addition to that, it so happens (perhaps not by accident) that many of the Handbook contributors became active in these application areas and took their place as time passed on, among the most famous leading figures of applied philosophical logic of our times. Today we have a handbook with a most extraordinary collection of famous people as authors! The table below will give our readers an idea of the landscape of logic and its relation to computer science and formal language and artificial intelligence. It shows that the first edition is very close to the mark of what was needed. Two topics were not included in the first edition, even though D. Gabbay and F. Guenthner (eds.), Handbook of Philosophical Logic, Volume 13, 7–11. c 2005, Springer. Printed in the Netherlands.
8
they were extensively discussed by all authors in a 3-day Handbook meeting. These are: • a chapter on non-monotonic logic • a chapter on combinatory logic and λ-calculus We felt at the time (1979) that non-monotonic logic was not ready for a chapter yet and that combinatory logic and λ-calculus was too far removed.1 Non-monotonic logic is now a very major area of philosophical logic, alongside default logics, labelled deductive systems, fibring logics, multi-dimensional, multimodal and substructural logics. Intensive reexaminations of fragments of classical logic have produced fresh insights, including at time decision procedures and equivalence with non-classical systems. Perhaps the most impressive achievement of philosophical logic as arising in the past decade has been the effective negotiation of research partnerships with fallacy theory, informal logic and argumentation theory, attested to by the Amsterdam Conference in Logic and Argumentation in 1995, and the two Bonn Conferences in Practical Reasoning in 1996 and 1997. These subjects are becoming more and more useful in agent theory and intelligent and reactive databases. Finally, fifteen years after the start of the Handbook project, I would like to take this opportunity to put forward my current views about logic in computer science, computational linguistics and artificial intelligence. In the early 1980s the perception of the role of logic in computer science was that of a specification and reasoning tool and that of a basis for possibly neat computer languages. The computer scientist was manipulating data structures and the use of logic was one of his options. My own view at the time was that there was an opportunity for logic to play a key role in computer science and to exchange benefits with this rich and important application area and thus enhance its own evolution. The relationship between logic and computer science was perceived as very much like the relationship of applied mathematics to physics and engineering. Applied mathematics evolves through its use as an essential tool, and so we hoped for logic. Today my view has changed. As computer science and artificial intelligence deal more and more with distributed and interactive systems, processes, concurrency, agents, causes, transitions, communication and control (to name a few), the researcher in this area is having more and more in common with the traditional philosopher who has been analysing 1 I am really sorry, in hindsight, about the omission of the non-monotonic logic chapter. I wonder how the subject would have developed, if the AI research community had had a theoretical model, in the form of a chapter, to look at. Perhaps the area would have developed in a more streamlined way!
PREFACE TO THE SECOND EDITION
9
such questions for centuries (unrestricted by the capabilities of any hardware). The principles governing the interaction of several processes, for example, are abstract an similar to principles governing the cooperation of two large organisation. A detailed rule based effective but rigid bureaucracy is very much similar to a complex computer program handling and manipulating data. My guess is that the principles underlying one are very much the same as those underlying the other. I believe the day is not far away in the future when the computer scientist will wake up one morning with the realisation that he is actually a kind of formal philosopher! The projected number of volumes for this Handbook is about 18. The subject has evolved and its areas have become interrelated to such an extent that it no longer makes sense to dedicate volumes to topics. However, the volumes do follow some natural groupings of chapters. I would like to thank our authors and readers for their contributions and their commitment in making this Handbook a success. Thanks also to our publication administrator Mrs J. Spurr for her usual dedication and excellence and to Kluwer Academic Publishers (now Springer) for their continuing support for the Handbook.
Dov Gabbay King’s College London
10
Logic
IT Natural language processing
Program control specification, verification, concurrency Expressive power for recurrent events. Specification of temporal control. Decision problems. Model checking.
Artificial intelligence
Logic programming
Planning. Time dependent data. Event calculus. Persistence through time— the Frame Problem. Temporal query language. temporal transactions. Belief revision. Inferential databases
Extension of Horn clause with time capability. Event calculus. Temporal logic programming.
Temporal logic
Expressive power of tense operators. Temporal indices. Separation of past from future
Modal logic. Multi-modal logics
generalised quantifiers
Action logic
Algorithmic proof
Discourse representation. Direct computation on linguistic input Resolving ambiguities. Machine translation. Document classification. Relevance theory logical analysis of language
New logics. Generic theorem provers
General theory of reasoning. Non-monotonic systems
Procedural approach to logic
Loop checking. Non-monotonic decisions about loops. Faults in systems.
Intrinsic logical discipline for AI. Evolving and communicating databases
Negation by failure. Deductive databases
Real time systems
Semantics for logic programs
Quantifiers logic
Constructive reasoning and proof theory about specification design
Expert systems. Machine learning Intuitionistic logic is a better logical basis than classical logic
Non-wellfounded sets
Hereditary finite predicates
λ-calculus extension to logic programs
Nonmonotonic reasoning
Probabilistic and fuzzy logic Intuitionistic logic
Set theory, higher-order logic, λcalculus, types
Montague semantics. Situation semantics
in
Negation failure modality
by and
Horn clause logic is really intuitionistic. of Extension logic programming languages
11
PREFACE TO THE SECOND EDITION
Imperative vs. declarative languages
Database theory
Complexity theory
Agent theory
Special comments: A look to the future
Temporal logic as a declarative programming language. The changing past in databases. The imperative future
Temporal databases and temporal transactions
Complexity questions of decision procedures of the logics involved
An essential component
Temporal systems are becoming more and more sophisticated and extensively applied
Dynamic logic
Database updates and action logic
Ditto
Possible tions
Multimodal logics are on the rise. Quantification and context becoming very active
Types. Term rewrite systems. Abstract interpretation
Abduction, relevance
Ditto
Agent’s implementation rely on proof theory.
Inferential databases. Non-monotonic coding of databases
Ditto
Agent’s reasoning is non-monotonic
A major area now. Important for formalising practical reasoning
Fuzzy and probabilistic data Database transactions. Inductive learning
Ditto
Connection with decision theory Agents constructive reasoning
Major now
Semantics for programming languages. Martin-L¨ ¨ of theories
Semantics for programming languages. Abstract interpretation. Domain recursion theory.
Ditto
Ditto
ac-
area
Still a major central alternative to classical logic
More central than ever!
12
A basic tool
Basic ground guage
Labelled deductive systems
Extremely useful in modelling
A unifying framework. Context theory.
Resource and substructural logics Fibring and combining logics
Lambek calculus
Truth maintenance systems Logics of space and time
Dynamic tax
backlan-
Program synthesis
Classical logic. Classical fragments
syn-
Modules. Combining languages
Fallacy theory
Logical Dynamics
Argumentation theory games
Widely applied here
Game semantics gaining ground
Object level/ metalevel
Extensively used in AI
Mechanisms: Abduction, default relevance Connection with neural nets
ditto
Time-actionrevision models
ditto
Annotated logic programs
Combining features
PREFACE TO THE SECOND EDITION
Relational databases
Labelling allows for context and control.
Linear logic
Linked databases. Reactive databases
Logical complexity classes
13
The workhorse of logic
The study of fragments is very active and promising.
Essential tool.
The new unifying framework for logics
Agents have limited resources Agents are built up of various fibred mechanisms
The notion of self-fibring allows for selfreference
Fallacies are really valid modes of reasoning in the right context. Potentially applicable
A dynamic view of logic
On the rise in all areas of applied logic. Promises a great future Important feature of agents
Always central in all areas
Very important for agents
Becoming part of the notion of a logic Of great importance to the future. Just starting
A new theory of logical agent
A new kind of model
DOV M. GABBAY AND JOHN WOODS
THE PRACTICAL TURN IN LOGIC
1
INTRODUCTORY REMARKS
The great advances in logic in the last century and a half saw a turn from its historical preoccupation with arguing and reasoning to a preoccupation with mathematics. It was a re-orientation that made possible important gains in both the foundations and the methodology of mathematics. The foundational contribution was largely of philosophical interest. It sought to establish a basis for logicism, for the reduction of mathematics to logic. 1 The methodological contribution also has its philosophical significance, but it threw its net more widely, capturing the interest of those who thought that mathematics could benefit deeply from the rigour and the standards of exact proof that the new logic was in process of articulating. It is difficult to overestimate the significance of the mathematical turn in logic. Not only did the new logic narrow logic’s former range of interests, it was able to do so only after determining that the traditional syllogistic approach to logic was inadequate for logic’s new ambitions. Ever since its inception 2500 years thence, logic had been in all essentials the logic of the syllogism. The mathematical turn brought an abrupt end to Aristotle’s hegemony. Given the venerability and persistence of that long-lived influence, it is perhaps not wholly inexplicable that mathematical logicians did not entirely break with the traditional line that logic is about reasoning and arguing. There are plenty of textbooks on mathematical logic, including some of the best and most senior, in which we find it said, without a shred of irony or embarrassment, that mathematical logic is the most general, or the basic, theory of reasoning. Those of greater circumspection would claim that the new symbolic logic is the root theory of mathematical reasoning. It would be a mistake to overlook the fact that mathematical logicians have been quick to recognize various respects in which even the claim of logic to be a theory of (mathematical) reasoning is implausible. To that end, various distinctions have been invoked: • process/product / • descriptive adequacy/normative legitimacy • actual circumstances/ideal conditions 1 The reductionist impulse also ran in the opposite direction, especially with the algebraicization of logic. [Hailperin, 2004; Valencia, 2004] and [Grattan-Guinness, 2004].
D. Gabbay and F. Guenthner (eds.), 122. Handbook of Philosophical Logic, Volume 13, 15 1 c 2005, Springer. Printed in the Netherlands.
16
DOV M. GABBAY AND JOHN WOODS
What these distinctions were thought to have had in common was that, (a) while mathematical logic misdescribed the left side and properly described the right side, nevertheless, (b) left side circumstances could be thought of as approximating to right hand conditions in ways that would make it plausible to say that logic makes fruitful provision for the left side too. From the beginning, and throughout its mathematical revolution, logic has been conceived of as a highly specialized investigation of language. In Aristotle’s hands, the language of logic was Greek; in the hands of Frege, the language was the stylized notation of the Begriffsschrift. We see in this passage from natural to artificial languages a not inconsiderable change. But here, too, there were common constants. One was that the target properties that a logic would seek to elucidate were represented as properties of linguistic structures. As Quine would say, with characteristic verve, ‘Logic is linguistics on purpose’. If modern mathematical logic attaches its findings to languages that no one speaks, or could, the complaint recurs that logic can’t be about reasoning and arguing. Here, too, distinctions were invoked. Chief among them was that between an actual sentence of a real language /its logical form in an artificial language Considerable effort was expended to show that when conditions are right, some at least of the properties of ideal linguistic structures map to certain natural language structures in a principled way. We return to this point below. We might refer to these efforts to support the claim that mathematical logic is a theory of reasoning and arguing as the Standard Picture. The Standard Picture is not lightly dismissible. It is closely patterned on widely accepted methods for showing that the empirical inaccuracies of our best scientific theories are discountable under the appropriate approximation relations. No one dismisses the physics of frictionless surfaces just because its laws fail in nature, even on the pre-game, freshly Zambonied ice of Maple Leaf Gardens. All the same, the Standard Picture of mathematical logic has come under scrutiny from two largely unconnected sources, computer science (including AI) and informal logic and argumentation theory. A common reservation is captured by this question: Are the approximations postulated by the Standard Picture sufficiently intimate to secure its claim that logical theory is justified in overriding empirical inaccuracy on the ground? Their answer, severally and jointly, is No. Informal logicians would observe that mathematical logic isn’t particularly adept at modelling fallacious reasoning; and computer scientists would point out the difficulties in getting plausible AI models out of standard logic. Some AI theorists would also note that certain features of reasoning and cognition generally are sublinguistic and thus lie exposed to systematic misdescription by theories that concentrate on investigating various properties of linguistic structures.2 2 Alternatively,
some theorists take subdoxastic processes to involve symbol manipulation, but in a different representational system than that in which doxastic reasoning occurs.
THE PRACTICAL TURN IN LOGIC
17
What these more recent developments have in common is an interest in the contingencies of human reasoning as they play out in real-life contexts. Collectively, we may denote this development in logical theory as the practical turn in logic. Our task in this chapter is to expose some of the more basic features of the logical structure of practical reasoning. We see our undertaking as having three main subtasks. Subtask 1: We shall attempt to orient ourselves to a theoretically fruitful conception of the practical. Subtask 2: We shall identify those features or aspects of practical reasoning that lay plausible claim to having a logic and, accordingly, we will say something about where the logic of practical reasoning leaves off and other interests (e.g., psychology) take affect. Subtask 3: We should indicate the extent to which, if at all, the practical turn in logic in incompatible with the mathematical turn. Out of a welter of criticisms certain themes have come to dominate, two of which are especially important. 1. Mathematical logic makes inadequate provision for the investigation of practical reasoning; 2. In its decontextual preoccupation with artificial languages, mathematical logic makes inadequate provision for the analysis of cognitive systems. Much of the work in mainline logic itself these past thirty years has been to modify the standard or classical expression of logic in ways that take such criticisms seriously into account. The sheer scope and intensity of these adjustments is discernible in the fecund pluralism of present-day research programmes. Suffice it here to note developments in modal, deontic and epistemic logics; relevant and linear logics; dynamic and temporal logics; logics of action and labelled deduction; adaptive and preservationist logics; dialetheic logics; dialogue and interrogative logics; and many more. To the extent possible, our approach here is to preserve the spirit of this collective attempt at logical self-reform in the cause of ‘userfriendliness’. But we also wish to emphasize what many of these otherwise attractive systems of logic do not. We wish to respond positively and constructively to the challenges implied by the two basic complaints noted just above. Accordingly, what we expressly seek for is 1. a logic of practical reasoning; and 2. a logic of cognitive systems. We should not be in any doubt about the magnitude of this task. In our view, the relevant research communities are a long way from producing models of practical reasoning that have the requisite breadth and depth. This is not to cavil against the research successes that have already been achieved. Rather, it is to take clear-eyed
18
DOV M. GABBAY AND JOHN WOODS
notice of how much there is yet to do. The present chapter has been produced with these challenges very much in mind. At the close of the Battle of Britain, Churchill admonished his countrymen not to think that this victory was the beginning of the end, but rather perhaps the end of the beginning. A like caution needs be sounded for the present programme to recover logic’s place as a theory of reasoning. Our own work is squarely within the ambit of this wise counsel. In most approaches, practical reasoning is distinguished in one or other of two ways. One sees its distinctive mark in the content of the reasoning; the other sees it in its standards of rigour. On the content side, practical reasoning is often said to be reasoning about what to do or how to solve problems; on the standards side, practical reasoning is thought of as governed by standards both less theoretical and less strict than those proposed by ‘pure’ or ‘formal’ logic. We do not dispute these conceptions of the practical, but we do favour an alternative. We find it both intuitively attractive and theoretically fruitful to conceive of practical reasoning as reasoning done by practical agents, and, in turn, to conceive of practical agency as governed by two jointly constitutive factors. One is the degree of access to requisite cognitive resources such as information, time and computational capacity. The other is the height of the cognitive target at which the practical agent’s reasoning aims. Given that both these factors are a matter of degree, practical agency is a comparative concept. As access enlarges, practicality recedes in favour of the theoretical, as we shall say. Similarly, the loftier the reasoner’s cognitive target, the greater is his (or its) need for cognitive resources with which to engineer its attainment. Intuitively, individual agents are paradigms of practical agency, whereas institutional agents such as NASA or Russian physics in the 1970s are theoretical agents par excellence. (But see below). This is a good place to enter an important caveat. What we are calling the practical turn in logic is but a part (albeit a fundamentally important part) of a more general transformation. In this more general form, we meet with logics that are sensitive to an agent’s cognitive wherewithal in relation to his (or its) cognitive targets. On this view, reasoning is sound only in relation to the cognitive task the reasoner has in mind and the cognitive resources available for its completion. To the extent that it is a theory of reasoning, logic must take these relativities duly into account. Accordingly, emerging from developments in argumentation theory, computer science and AI, as well as the sundry smaller transformations within mainstream logic itself, is a conception of logic as a theory of resource-bound, target-sensitive reasoning or, for short, “resource-target logics” ((RTL). The general view that we propose here is that a logic of reasoning must be a RTL. A practical RTL is a resource-target logic that takes into account how reasoning succeeds even in the face of comparatively scant resources, and the comparative modesty of its cognitive targets. This, the resource-target approach to cognitive agency, gives a conception of the practical that, while different from, is not especially hostile to either the subject matter or standards approach. It may be that practical agents in our sense deal rather more with matters of common or everyday interest to human beings than
THE PRACTICAL TURN IN LOGIC
19
theoretical agents in our sense do; it is also true that, since individual agents usually operate under press of comparatively modest resources, the standards against which to assess their cognitive performance would be less rigorous and exacting as those required in retrofitting the Concorde or testing a vaccine for AIDS. Even so, it is clear that the subject matter, standards and resources approaches to practical agency are disjoint.
1.1 Logic and Consequentialist Thinking Throughout its long history, the dominant view has been that logic investigates a quite particular form of reasoning in a quite particular way. With regard to the first, logic would investigate deductive or truth-preserving reasoning. With regard to the second, the reasoning in question would be amenable to examination by way of logical form. In its most basic sense a logic counts as formal to the degree that its target properties are definable for certain classes of semi-interpreted languages. When, in due course, inductive logics began to stir, this same basic picture would hold true, but with variations. Instead of truth-preservation, inductive logic would concern itself with probability-enhancement; and instead of deductive forms, inductive logic’s target properties would be defined for suitably different classes of semi-interpreted languages. Common to all logics, whether deductive or inductive, is a deeply embedded core idea, PROPOSITION 1 (The consequentialist thesis). The reasoning with which logic concerns itself is a matter of drawing consequences from premisses and/ or hypotheses (or sets of priors, for short). Further, a proposition is a consequence of a set of priors exactly when there is a conditional sentence with those priors as antecedent and that proposition as consequent. Accordingly, drawing a consequence is detaching a consequent3 It falls to a RTL, whether in its practical or its more general orientation, to reveal the extent to which the requisite aspects of reasoning comport with the consequentialist thesis. It would be difficult to overstate the centrality and dominance of Proposition 1. With it comes one of the most interesting questions in logical theory. QUESTION 2. Given that the reasoning that logic concerned with is the drawing of consequence from priors, shall we identify good reasoning with maximal draws, that is, the inference of all consequences of any given set of priors? In the majority of logics developed to date — classical first order systems are a paradigm in this regard — there is a substantial gap between the consequences that a set of priors has and the consequences of those priors that a competent reasoner would draw. It is a fateful contrast, giving rise to two quite different traditions in logical theory. These are the ideal reasoner and the consequence-attenuation 3 Note
Theorems
the predeliction here for what in the metatheory of formal systems are called Deduction
20
DOV M. GABBAY AND JOHN WOODS
models of logically correct reasoning. According to the ideal reasoner approach, reasoning is at its best when it is maximal. But, given that maximal draws are very large — indeed in standard deductive systems, infinite — human reasoning is, faute de mieux, reasoning that approximates to the maximality ideal as closely as human limitations allow, never mind that in standard systems the approximation relation is infinitely weak. We note in passing that the ideal reasoner model approach is also one that pivots on considerations of resource-availability.
The consequence-attenuation model calls into question the maximality assumption and, along with it, its optimality adaptation to human reasoning on the ground. Whereas, on the ideal reasoner approach, the existence of a consequence of a set of priors is independent of its drawability by a human agent, on the consequenceattenuation approach no proposition is a (requisite) consequence of a set of priors unless it is drawable from them by beings like us. There are two principal variants of the consequence-attenuation model, one radical, the other less so. In the radical variant, no proposition is in any sense a consequence of a set of priors unless it is humanly drawable from it. The moderate version allows that any consequent of a true conditional is a consequence of the conditional’s antecedent, but it requires that only a subset of a prior’s consequences are drawable consequences. There is another way of saying the same thing. Both the ideal reasoner model and the extreme consequence-attenuation model hold that a proposition isn’t a consequence of a set of priors unless it is drawable from it. Both acknowledge that there are lots of cases in which for given sets of priors some of their putative consequences are not drawable by beings like us. This leads the ideal reasoner modelist to conclude that those consequences are real, but the fact that we can’t draw them reflects some deficiency in us. For the extreme consequence-attenuation theorist, those putative consequences simply don’t exist; they aren’t real consequences. It is hardly surprising therefore that, of the two attenuationist models, moderate consequence-attenuation has had a more successful run. It acknowledges that whenever a proposition is a consequent of true conditional it is a bona fide consequent of the conditional’s antecedent. But it deviates from the ideal reasoner approach by insisting that only subsets of a prior’s consequences are drawable. This leaves the moderate attenuationist with a task that the ideal reasoner theorist isn’t encumbered with. It is the task of determining this question: Under what conditions is a real consequence of a set of priors a drawable consequence for beings like us? [Harman, 2002]. Here, too, the moderate attentuationist has two ways in which to proceed. In the first, he may follow Aristotle’s original lead, and define drawable consequences as any consequence of a consequence relation which is a certain kind of restriction of some more general relation. In Aristotle’s case, a drawable consequence of a set of priors is a syllogistic consequence of it, where syllogistic consequence is a restriction of what we call classical consequence; that is, where syllogistic consequence is classical consequence subject to further conditions [Woods, 2001;
THE PRACTICAL TURN IN LOGIC
21
Woods and Irvine, 2004].4 For all their differences, both the ideal reasoner and, in both versions, the consequence-attenuation models assume a fixed-target perspective. That is, they attempt to specify conditions on good reasoning relative to a given (and usually presupposed) cognitive target and a given (and usually presupposed) standard for hitting it. In the case of deductive logics of all stripes, the assumed target is truthpreservation and the assumed standard is validity. In the case of inductive logic the assumed target is ampliative reliability, and the assumed standard is a suitably high conditional probability. It is also widely assumed that in all cases of reasoning by the drawing of consequences, it is rationally permissible (if not obligatory, as some logicians aver) to set for oneself one or other of these goal-standard pairs. Accordingly, given any set of priors and whatever propositions are its consequences, it is always good reasoning to draw at least some of these consequences if doing so hits one or other of these particular targets. In the sections to follow we shall call these assumptions into question. Since, as we shall see in due course, these are not targets that are typical of practical reasoning, it is necessary that a practical logic take this fact properly into account. In a rough and ready way, practical reasoning answers to a distinction between enquiry and inference. In the language of premisses and conclusions, we might say that enquiry is a kind of premiss search, whereas inference is a matter of conclusion determination. It is clear that the consequentialist thesis is one that proposes that the appropriate focus of a logician’s enquiry is inference; and that enquiry, or premiss search, is best left to the more specialized disciplines. PROPOSITION 3 (Consequentialism). Consequentialism is a natural way for a logician to approach inference; and since inference is a large part of logic, consequentialism remains a dominant part of logic of practical reasoning. On the other hand, logic has had a historical place in investigations of the structure of enquiry, beginning with Aristotle’s On Sophistical Refutations. In present-day approaches, dialogue logics and interrogative logics preserve this orientation. And, although it is a matter of contention, some approaches to abductive logic incorporate an interest in the logic of discovery [Gabbay and Woods, 2005]. In the present chapter, we concentrate our attention on the consequentialist dimension of practical logic. Historically, we said, logic is an examination of consequentialist reasoning whose success or failure is definable for or representable in semi-interpreted formal languages. We have indicated our generally favourable view of consequentialism. What are we to say of the formalization thesis? The thesis of the formalizability of reasoning admits, in turn, of various interpretations and motivations, and these give rise to disagreements about scope. If we look again to Aristotle’s theory of the syllogism — or, alternatively, to his logic of immediate inference — it is 4 The logic of the syllogism allows for the joint satisfaction of the maximality condition and the radical attenuationist assumption. Syllogistic consequence is defined in such a way that from any set of priors any and every syllogistic consequence is a drawable consequence.
22
DOV M. GABBAY AND JOHN WOODS
easy to see that, although the logics’ target properties are attributes of natural languages, they apply to these linguistic structures independently of how constituent elements are interpreted, save for quantifier expressions, negation and the copula. From this perspective, Aristotle can be seen as specifying conditions on (consequentialist) reasoning that presupposes interpretations of these Greek expressions only, which operate for Aristotle as logical particles. In other approaches, intimated by Leibniz and expressly embraced by Peirce and by Frege, not even the logical particles of ordinary Greek (or whatever other natural language) are adequate for the purposes of logic. What would be required is an artificial language in which logical particles would be given stipulated interpretations and all else would be uninterpreted (rather than interpreted-but-ignored). Aristotle thought that natural languages could be wholly disambiguated, and this was presupposed in his own logical writings.5 Frege, on the other hand, took natural languages to be both fatally and irredeemably ambiguous, hence incapable of supporting logically clear thinking.6 The artificial language approach was given considerable impetus by Newton who abjured the use of natural languages in the formulation of his theory of gravity. Languages such as English were, he thought, too figurative to bear the burdens of scientific exactitude, and he emphasized the role in this regard of the new (symbolic) mathematics. In time, the mathematization of natural philosophy would extend to logic itself. Of course, the mathematical content of logic’s semi-interpreted language was restricted to what in such languages is capable of having content, namely, the logical particles. Propositional connectives took on an algebraic interpretation, and quantifiers came to imbibe the ideas of strict exhaustiveness, in the case of the universal quantifier, and of minimal non-emptiness, in the case of the existential quantifier. In the judgement of some logicians, the decision to define one’s logic over a semi-interpreted language is a considerable over-reaction to the imperfections of actual languages. It is a given that ambiguous content can be a serious impediment to logically correct reasoning. There are two ways of dealing with this problem. One is to produce a general theory of ambiguity which will make possible the disambiguation of affected sites. The other is to guarantee the removal of ambiguous content by the removal of all content whatever. Each option throws up its own difficulties. In the first instance, we have yet to produce a workable theory of ambiguity for any natural language. In the second instance, we appear to have thrown out the baby with the bathwater. When we bring these two factors together, it is easy to see how deeply modern logic risks the loss of its claim to be a theory of reasoning. True, even though the language of logic was contentless (ironically so, in the light of Frege’s hostility, on the same grounds, to actual human languages), it was still possible to calculate the consequences of a set of priors (as witness Leibniz: “calculemus”). But it could not 5 It is appropriate, therefore, that Aristotle’s first “logical” work, Categories, is devoted to a theory of ambiguity. 6 Frege thought that all declarative sentences of natural languages were truth-valueless, hence incapable of expressing “thoughts”. [Weiner, 2004].
THE PRACTICAL TURN IN LOGIC
23
seriously be supposed that the calculation of contentless consequences from sets of contentless priors is the same as drawing those consequences, i.e., as reasoning to their truth or probability. Some logicians sought to repair this sundering of of a theory that calculates consequences from a theory of drawing consequences by pushing the idea that, for any given system of semi-interpreted logic, there exists a wholly interpreted fragment of English (and any other human language) that has a backwards-reflecting representation in that logic. If, for example, Σ is a set of English sentences and K is an English sentence, then if, in a logical system L, the representation of K is a consequence of the representation of Σ, then this fact reflects backwards to the English originals, in which case, we would have it that K itself is also a consequence of Σ itself in English. Similarly, if ∆ is an argument in English, then if ∆ has a valid formalization in L, ∆ itself would be valid in English. More generally, a system of logic L can be a theory of reasoning to the extent that the medium of reasoning (English, say) is formalizable in L. There are difficulties with the formalization thesis. Accordingly, certain aspects of the damage done by logic’s contentless state to the historic mission of logic as a theory of reasoning remains undealt with. We shall pause to give an indication of where the difficulties lie with the formalization thesis. In doing so, we will reveal a further respect in which a practical logic offers hope of improvement over a strictly formal approach to reasoning.
1.2 Difficulties with the Formalization Thesis “Logic is an old subject and since 1879 it has been a great one”. So said W. V. Quine in yet another of his pungent dismissals. We will not take the time to expatiate on Quine’s remark. It suffices for our purposes to concentrate on just one facet of the change in logic initiated with the publication in 1879 of Frege’s Begriffsschrift (“Concept Writing”). Frege, as we saw, insisted that natural languages were not the proper subject of a logician’s interest. This was also Peirce’s view, a fitting concurrence given that Peirce, along with Frege, is the independent cofounder of modern quantification theory. The knock against natural languages is that they lack the precision and the unambiguousness required for logical theory. What is more, natural languages harbour contradictions. The task of logical theory had (in Frege’s view) become the task of finding a home for arithmetic. The Begriffsschrift was carefully designed to avert the purported defects of natural languages. Frege writes that to prevent anything intuitive from penetrating here unnoticed, I had to bend every effort to keep the chain of inferences free of gaps. In attempting to comply with this requirement in the strictest possible way I found the inadequacy of language to be an obstacle; no mater how unwieldy the expression I was ready to accept, I was less and less able, as the relations became more and more complex, to attain the precision that my purpose required. The deficiency led me to the idea of the
24
DOV M. GABBAY AND JOHN WOODS
present ideography [=technical notation=artificial language]. Its first purpose, therefore, is to provide us with the most reliable test of the validity of a chain of inferences and to point out every presupposition that tried to sneak in unnoticed so that its origin can be investigated [Frege, 1879, pp. 5–6]. Here, too, is Peirce, to much the same effect. It is true that the propositions must be expressed somehow; and for this reason formal logic, in order to disentangle itself completely from linguistic, or psychical, considerations, invents an artificial language of its own, of perfectly regular formation, and declines to consider any proposition under any other form of statement than in that artificial language [Peirce, 1992, pp. 144–145]. Not every made-up language (Esperanto, for example) counts as an artificial language in the logician’s sense. In fact, upon reflection, the logician’s artificial language strains to the uttermost the very idea of a language, as we shall see. This becomes evident by examining the most elementary part of logic, the propositional calculus, or the logic of propositions (PC for short).
1.3
The Language of PC
The target properties of PC are properties of sentences or of sets of sentences, or of these in relation to abstract set theoretic structures. The properties of tautologousness, contingency and contradictoriness are properties of sentences. The relational properties of consequence and equivalence are properties of sentencepairs. Consistency and inconsistency are properties of sets of sentences. Proof is a property of sequences derived from axioms; and axiomhood in turn is a property of sentences. Fundamental to the tracking of these target properties is the idea of the sentence. The sentences of PC are defined in the usual way. 1. The (possibly infinite) set of symbols p, q, r, s, t, p1 , p2 , p3 , . . . , pn is the set of atomic sentences of PC. 2. The molecular sentences of PC are all possible combinations of occurrences of atomic sentences and one or more connectives, ¬, ∧, ∨, ⊃, and ≡, as constrained by the following Formation Rules. F R1 If A is an atomic sentence of PC it is a sentence of PC. F R2 If A is a sentence of PC so is (¬A). F R3 If A and B are sentences of PC so too are (A ( ∧B), ((A∨B), ( ⊃B), and ((A≡B). (A
THE PRACTICAL TURN IN LOGIC
25
F R4 Nothing else is a sentence of PC. The connectives ¬, ∧, ∨, ⊂, and ≡ are pronounced as follows. ‘Not’ or ‘it is not the case that’, ‘and’, ‘or’, ‘if... then’ and ‘if and only if’. Accordingly, the connectives appear to bear some similarity to the English connectives ‘not’, ‘and’, ‘or’, ‘if... then’ and ’if and only if’. For this reason is is widely but erroneously believed that the connectives of PC capture the meaning or anyhow one of the meanings of their English counterparts. Properly understood, the connectives of PC have nothing to do with the meanings of English connectives. (We shall return to this point. But we should also note in passing that a good deal of the hostility of informal logicians to formal logic turn on the perfectly obvious fact that the PC-connectives don’t preserve the meanings of their English counterparts. This hostility is entirely misplaced.) If the connectives of PC are indifferent to whatever meanings the English connectives may or may not have, how are they to be interpreted? And, relatedly how are the atomic letters p, q, r, s, t, p1 , p2 , etc. also to be understood? We deal with these questions in reverse order. How are we to understand the pi ? Intuitively, they are wholly uninterpreted simple sentences of our artificial language. Even though they are completely devoid of semantic content (or meaning), it is stipulated that each atomic sentence has a truth value, i.e., is either true (T) T or false (F), and never both. This should strike the reader as exceedingly strange. How can a symbol that doesn’t say anything be true? The formal logician answers as follows: It is stipulated that the atomic sentences of PC satisfy the minimal condition on truth, viz., a principle known as, Convention T: ‘A’ is true if and only if A. The connectives of PC are also defined truth functionally. The negation (¬A) of A is T when A is F and F when A is T. The conjunction ((A∧B) of A and B is T just when A is T and B is T and otherwise is F. The disjunction ((A∨B) of A and B is F just when A is F and B is F and otherwise is T. The material conditional ( ⊃B) of A and B is F just when A is T and B is F and otherwise is T. The material (A equivalence (A ( ≡B) and A and B is T just when A and B have the same truth value and otherwise is F. We see in this an example of a truth conditional semantics for PC, which is the only kind of sematnics an ininterpreted language can have. . Because they lack semantic content, the closest that the PC-sentences can come to having a meaning is the conditions under which they are true (in the minimal sense of ‘true’ captured by Convention T). We can illustrate this by examining the standard truth table definition for one of the PC-connectives, say for ‘⊃’: row 1 row 2 row 3 row 4
A T T F F
B T F T F
A⊃B T F T T
26
DOV M. GABBAY AND JOHN WOODS
Each row in the truth table gives a valuation for ((A⊃B) which depends on the truth values of A and B. Consider each row in which ((A⊃B) comes out T. These are rows 1, 3 and 4. Each row tells us the truth values of A and B for that row. When ((A⊃B) is true, the row or rows in which it is true tell us the truth values of the components of ((A⊃B) which make it true. Row 1 tells us that ((A⊃B) is true when A and B both are true. Row 3 tells us that ((A⊃B) is true when (¬A) is true (because A is false), and B is true. Row 3 tells us that ((A⊃B) is true when (¬A) and (¬B) are both true (since A and B are both false). So, then, ((A⊃B) is true under three different possibilities. Each possibility is a conjunction (‘and’) of true sentences, and the totality of those possibilities is the disjunction (‘or’) of them all. Hence ((A⊃B) is true just in case ( ∧B) ∨ (¬A∧B) ∨ (¬A∧¬B) (A is also true. This latter sentence exhaustively sets out the conditions under which A⊃B) is true. Readers familiar with the technical details of PC will know that the disjunction of conjunctions presently under discussion is the characteristic formula of the truth table for ‘⊃’. It is easy to see that the truth-table for any arbitrarily selected connective also has a characteristic formula, which will always be a disjunction of the conjunctions of literals that make the sentence of the table true. This fact is fundamental to the proof of the functional completeness of PC. (PC is functionally complete in the sense that every truth functional connective is definable in terms of ¬ and one of the pair {∧, ∨}. It is important to emphasize that if the logician is not able to contrive a way for contentless sentences to be T or F, there is no prospect of his succeeding in tracking down target properties such as consequence (for pairs of sentences), and validity (for arguments constructed out of PC-sentences). Another way of saying this is that one of the most remarkable technical feats of logics such as PC is the way in which it is made possible for contentless syntactic structures to have properties such as these.
1.4
The Utility of PC
Not even the most ardent or doctrinaire mathematical logician believes that human reasoners should or could abandon their mother tongues. Frege and Peirce would grant that for everyday concerns — concerns that lie beyond the reach of the exact sciences — one’s mother tongue is the unavoidable medium in which they are to be addressed. What Frege and Peirce would also have insisted on is that human reasoning in a human language is something that lies beyond the ambit of logic. This is one of the things that disappoints (actually, infuriates) informal logicians about mathematical logicians. It is their insistence that ‘ordinary reasoning’ has no logic. However some formal logicians are heedful of such disappointment and are minded to respond to it in the following (and somewhat conciliatory) way. Consider a piece of human reasoning or argument-making which has been transacted in (say) English. Subject to certain constraints, that piece of English can be
THE PRACTICAL TURN IN LOGIC
27
tightly paired with a counterpart bit of the language of PC. The tightness of the fit is all-important. It allows us to say that if the PC-structure has one of our target logical properties, so too does the English structure have it. The process of finding an English structure’s counterpart in PC is called formalization. When a formalization works as it should, it maps an English structure to its logical form in PC. And, again when the formalization has been properly contrived, the property possessed by an English structure’s logical form is reflected backwards onto the English structure itself. The standard formalization rules for English and PC can be found in any standard First Year textbook. 1. Simple sentences of English, and only they, are formalized by arbitrarily selected atomic sentences of PC. 2. The English construction ‘not’ is formalized by ‘¬’. 3. The English constructions ‘and’, ‘or’, ‘if... then’ and ‘if and only if’ are formalized respectively by ‘∧’, ‘∨’, ‘⊃’ and ‘≡’. In this way, the formal logician thinks that he has the means to reassure his critic. In its most basic sense, the assurance is this: If we can formalize some reasoning (or arguing) in English in some or other logical system, then, since formalization has the backwards reflection property with respect to target concepts, then, if the logical form instantiates that concept, so too does the English construction. Essential to the case for the backwards reflection of target properties is that the connectives of English stand in the following truth conditional relationship. Let C be an English connective which is a candidate for formalization; and let K be its formalization in PC if it has one. Then C is properly formalized as K, provided that for any K-sentence that is false in PC, its corresponding C-sentence in English is also false. In other words, the falsity of a K-sentence is sufficient for the falsity of the corresponding C-sentence. But not conversely; the falsity of the C-sentence is not sufficient for the falsity of the K-sentence; nor does the truth of the respective C-sentence and K-sentence suffice for the truth of the other. So K can be absolutely the right formalization of C in PC without there being any need for C and K to be logically equivalent to one another, to say nothing of synonymous. We see, then, that the fact that our PC connectives do not mean the same as their English counterparts, or do not capture at least one of their meanings (in case they happen to be ambiguous), has nothing intrinsically to do with whether the formalization rules have the backwards reflection property with regard to our target concepts. But what is to be done when an English connective C fails this test? Then the rule is that the connective in question does not have a formalization in PC, nor does any sentence of English in which C occurs. The rule can now be explicitly stated. The Connective Rule — Where C is an English connective and K its counterpart in PC, K is the formalization of C in PC if the falsity of
28
DOV M. GABBAY AND JOHN WOODS
any K-sentence implies the falsity of its corresponding C-sentence; otherwise C has no formalization in PC.
1.5
The Irreducible Informality
Backwards reflection is a quite remarkable property. On the standard view, it shows that formalizing a contentful t argument in English as a contentless argument in PC allows us to determine with certainty whether the English argument is valid. Some people are of the view that this is too good to be true. To see what their reservation comes down to, it is necessary to emphasize that there are constraints on what can be inputs to our formalization rules. For example, we are not allowed to apply these rules to interrogative sentences of English, nor are we allowed to formalize molecular sentences of English as atomic sentences of PC. And we are not permitted to formalize any connective of English other than ‘not’, ‘or’, ‘and’, ‘if... then’, and ‘if and only if’, and those that can be defined in terms of them. Consider, in particular, the rule that only simple sentences of English can be mapped to atomic sentences of PC. Are there any other constraints on this atomic rule? Consider the argument: 1. If Sarah has been awarded the first university degree, then Sarah is a bachelor. 2. If Sarah is a bachelor then Sarah is an unmarried man. 3. Therefore, if Sarah has been awarded the first university degree, then she is an unmarried man. If we now apply the formalization rules to this argument, we see that its logical form in PC is 1.* If p then q 2.* If q then r 3.* Therefore if p then r. Here is an English argument with a valid logical form in PC. But the English argument is invalid. We wanted validity to have the backwards reflection property, but the present example shows that it doesn’t. We can solve this problem by noticing that our English argument equivocates on the ambiguous term ‘bachelor’. In premiss (1) it means one thing, and in premiss (2) it means something quite different. This suggests a way out of our difficulty. We can impose upon the formalization of English sentences the Disambiguation Rule. The rule says that for any expression of English which has more than one meaning, its different meanings require a mapping for each sentence in which it occurs to different expressions of PC. Applying this rule to our present example, we see that the correct logical form of our English argument is
THE PRACTICAL TURN IN LOGIC
29
(a) If p then q (b) If s then r (c) Therefore, if p then r. This gives us the desired result. The logical form is invalid. So it would appear that when we add the Disambiguation Rule to our rules of formalization, validity does indeed have the backwards reflection property; for we no longer have an argument which is valid in PC but invalid in English. What about invalidity? Does it too have the backwards reflection property? Consider the following argument. 1. The shirt is red. 2. Therefore, the shirt is coloured. The premiss is a simple sentence of English which entails the conclusion, also a simple sentence of English. Its logical form in PC is 1.* p 2.* Therefore, q which is invalid. Here is a second case to consider. (a) The figure is a triangle (b) The figure is a circle This is an inconsistent set of sentences in English. But the logical form of this set in PC is {p, q}, and {p, q} is a consistent set. In the first case, invalidity fails to have the backwards reflection property. In the second case, consistency fails to have the backwards reflection property. But we want all our target properties to satisfy the backwards reflection condition. We want this because we want PC to be useful in the appraisal of real-life reasoning. As it happens, we might be able to recover the backwards reflection property with regard to invalidity and consistency if we agree to impose a further condition on our formalization rules. Logical Inertia Rule: Simple sentences of English to which the formalization rules apply may not either imply one another or be inconsistent with one another. In other words, the simple sentences that are inputs to the formalization mechanism of PC must be logically inert. It seems, then, that we have recovered backwards reflection of validity by imposing the Disambiguation Rule, and likewise that we have recovered the backwards reflection of invalidity and consistency by imposing the Logical Inertia Rule. Even so, there is a cost to these recoveries.
30
DOV M. GABBAY AND JOHN WOODS
Let us deal first with the cost of imposing the Logical Inertia Rule. This requires us to be able to recognize implications and inconsistencies between simple English sentences in a principled way. This is equivalent to saying that we must have a theory of implication and inconsistency for English. But this is what our formal logic was supposed to provide. PC would analyze the properties of consequence and consistency, and our formalization rules would reflect them back into English. So PC together with the formalization rules would be a theory of consequenceand consistency for English. But, as we now see, we can’t run the formalization rules in a principled way until we have a theory of consequence and consistency for English. And we don’t have a theory of consequence and consistency for English until we’ve executed the formalization rules. So we would appear to have a bootstrapping problem. Faced with this kind of difficulty, most logicians have in effect withdrawn the Logical Inertia Rule and, in so doing, have abandoned the hope that invalidity and consistency would have the backwards reflection property. This, as Bertrand Russell said about another matter, has all the virtues of theft over honest toil. The Disambiguation Rule is also a serious matter. If it goes, then we lose the backwards reflection of validity. So the question now is whether we are able to apply this rule with requisite exactitude. The answer is No. We do not yet have a theory that permits us to recognize ambiguity in the general case. This leaves us with Hobson’s Choice. Either we can give up on the backwards reflection of validity or we can try to apply the Disambiguation Rule only intuitively. Most logicians opt, in effect, for the second option. This also matters. No one doubts that a native speaker of English is adept at recognizing large numbers of violations of the Logical Inertia Rule. This is part of what fluency in a language consists in — the intuitive ability to notice elementary logical connections. The same can be said for the fluent speaker’s untutored capacity for making and recognizing logical deductions in his own language. These are important capacities, part of what [Woods, 2004] calls our “rational survival kits”. The question is whether we have theories of such skills, and if so what they would look like. Gerald Massey has suggested that one place to look for theories of such capacities is in the Natural Logic of writers such as Lakoff [Massey, 1975a; Massey, 1975b; Massey, 1981]. We do not know whether Massey has retained his enthusiasm for Natural Logic over the years; but it is now clear, if it wasn’t before, that Natural Logic has not attracted anything like a large and settled theoretical consensus. Natural Logic aside, two additional points should be made. One is that nowhere in the capacious writings of informal logicians do we find any attempt to construct theories of (logical) consequence and (logical) consistency for natural languages. The other is that monitoring the Disambiguation Rule and the Logical Inertia Rule is not the business of (or within the capacity of) formal logic. If formal logic is to offer any theoretically focussed guidance to natural language reasoners and arguers, it will be able to do this only on the basis of an irreducibly informal deployment of the requisite constraints on formalization. Informality is prior to formality, and not displaceable by it.
THE PRACTICAL TURN IN LOGIC
31
What do we learn from the challenges that attach to the formalization thesis? We learn something about the limits of formal methods. We learn that these limits are drawn at the juncture at which the formalities of artificial languages engage the realities of human thinking. We also learn that a great part of the appeal offered by the formalization thesis has to do with effective recognizability. The consequence relation is effectively recognizable in PC. Any fragment of English that has a valid formalization in PC is also valid. But these validities are not effectively recognizable in English. The reason for this is that the property expressed by the clause “fragment of English that has a (proper) formalization in PC” is itself not an effectively recognizable property. We have it, then, that to the extent that a logician may wish to model validity-in-English in PC, he must reconcile himself to the loss of strict decidability. It is, so to say, a metamathematical setback, but it is hardly the end of the world. From this a more general lesson emerges. The logic of human thinking inherits the undecidabilities of attempts to formalize natural languages. A practical logic must take this into account. Accordingly, PROPOSITION 4 (Informality). The formalization thesis requires informal implementation. The difficulties that afflict the formalization thesis are far from fatal to it. They do nothing to disturb the claim that certain properties of PC (e.g. validity) reflect backwards onto fragments of English. What is disturbed — indeed demonstrably overturned — is any presumption that the formalization rules from English to PC are either exact or themselves formally expressible. Also lost is the idea that the formalization process is a strictly grammatical affair, transactable without the need to give a central role to logical considerations such as consequence and consistency. So we say again to anyone drawn to the formalization thesis that formalizing chunks of English in something as simple as PC is an intrinsically informal enterprise and with intrinsically logical components. There is a lesson to be drawn from this. Since a logic of human reasoning can’t be exhaustively formal even in simple cases such as PC, a logic of practical logic should take this expressly into account.
2
THE PRACTICAL
We now return to the issue of what constitutes the practical. In one sense, all reasoning is practical.7 All reasoning terminates in an answer to a question, a solution to a problem, a conclusion from some data, or a decision to postpone the quest until further facts are known; even aborted reasoning (“This is getting us nowhere!”) produces a kind of termination. 7 There is a philosophical tradition in which a practical reason is reason for an action that involves bodily behaviour. Needless to say, not all reasoning is practical in this sense. We ourselves are disposed to think that practical reasoning in this sense hardly carves out a natural kind, so to speak. (See here, e.g., Velleman [2000]). See also below
32
DOV M. GABBAY AND JOHN WOODS
Ordinary usage, even ordinary philosophical usage, gives little direct guidance for fixing the sense of practical reasoning. It is an expression layered with multiple meanings and suggestive of contrasts, among which are these: ordinary, common versus esoteric, specialized prudential versus aletheic moral versus factual informal versus formal precise versus fuzzy conclusion is an action versus conclusion is a proposition premiss is an action versus premiss is a proposition goal-directed, purposive versus context-free applied versus theoretical concrete versus abstract tolerant of incommensurabilities versus not To these we add a further contrast, to which we think it prudent to take particular note of. It is the contrast of practical versus strict We illustrate with an example. In the game of (ice) hockey, a hat trick is achieved by a player scoring three consecutive goals against the opposition. (There is a counterpart achievement in cricket.) “Consecutive” here means “without any goal being scored between the first and the third of this triple by any of the hat tricker’s team-mates.” This is what a hat trick is strictly speaking. But in practice, or for all practical purposes (including the triggering of bonus clauses in a player’s contract), a hat trick is just three goals in a game by one and the same player, never mind whether he scores them consecutively in our present sense of that term. So conceived of, practicality is resemblance enough to the real thing to be considered the real thing. Thus, in one sense, “practical” means “approximate”. Ours is an agency view of logic. It betokens, as we said, a return to the Laws of Thought approach. On the agency view, logic is a theory of reasoning, a theory of what thinkers do and have happen to them. Correspondingly, a practical logic is a theory of what practical agents think and reflect upon, cogitate over and decide, and act. If the linguistic conception makes it necessary for the logician to say, with care, what sort of thing a language is, the agency view makes it necessary to say, with care, what sort of thing a practical agent is. We repeat that a cognitive system is a triple of a cognitive agent, cognitive resources, and cognitive target performed in real time. Correspondingly, a logic of a cognitive system is a principled description of conditions under which agents deploy resources in order to perform cognitive tasks. Such is a practical logic when the agent it describes is a practical agent. Accordingly, DEFINITION 5 (Cognitive Systems). A cognitive system CS is a triple {X, R, A} of a cognitive agent X, cognitive resources R, and a cognitive agenda A executed in real time.
THE PRACTICAL TURN IN LOGIC
33
DEFINITION 6 (Practical logics, first pass). A practical logic is a systematic account of aspects of the behaviour of a cognitive system in which X is a practical agent. How agents perform is constrained in three crucial ways: in what agents are disposed towards doing or have it in mind to do (i.e., their agendas); in what they are capable of doing (i.e., their competence); and in the means to convert competence into performance (i.e., their resources). Loosely speaking, agendas here are programmes of action, exemplified by belief-revision and belief-update, decisionmaking and various kinds of case-making and criticism transacted by argument. For ease of exposition we classify this motley of practices under the generic heading “cognitive”, and we extend the term to those agents whose practices these are.8
2.1
A Hierarchy of Agency
An account of cognitive practice should include an account of the type of cognitive agent involved. Agency-type is set by two complementary factors. One is the degree of command of resources an agent needs to advance or close his (or its) agendas. For cognitive agendas, three types of resources are especially important. They are (1) information, (2) time, and (3) computational capacity. The other factor is the height of the cognitive goals that the agent has set. Seen this way, agency-types form a hierarchy H partially ordered by the relation C of commanding-greater-resources-in-support-of-higher-goals-than.9 H is a poset (a partially ordered set) fixed by the ordered pair C, X of the relation C on the unordered set of agents X. Human agency ranks low in H. If we impose a decision not to consider the question of membership in H of non-human primates, we could say that in the Hspace humans are the lowest of the low. In the general case the cognitive resources of information, time and computational capacity are for human agents comparatively less abundant than for agents of higher type, and their cognitive goals are comparatively more modest. What is more, for large classes of cases, humans perform their cognitive tasks on the basis of less information and less time than they might otherwise like to have, and under limitations on the processing and manipulating of complexity. Even so, paucity must not be confused with scarcity.10 There are cases galore in which an individual’s resources are adequate for the attainment of the attendant goal. In a rough and ready way, we can say that the comparative 8 Agendas
are discussed at greater length in [Gabbay and Woods, 2003] note in passing the difference of our hierarchical model from Harry Frankfurt’s hierarchical model of autonomous action. On this latter conception, the behaviour that an agent makes happen in the fullest sense of that expression is that which is motivated by a desire which the agent desires to have. See Frankfurt [1988, 58–68]. But cf. Bratman [1999, 185–206]. We also note a resource-sensitive approach to cognitive agency in much of the psychological literature. See Simon [1957] and a, by now, large psychological literature ably reviewed in Stanovich [1999] and Gigerenzer and Selten [2001]. 10 We have been guilty of this confusion in previous writings, notably in [Gabbay and Woods, 2003]. 9 We
34
DOV M. GABBAY AND JOHN WOODS
modesty of an agent’s cognitive goals inoculates him against cognitive-resource scarcity. But there are exceptions, of course. Institutional entities contrast with human agents in all these respects. A research group usually has more information to work with than any individual, and more time at its disposal; and if the team has access to the appropriate computer networks, more fire-power than most individuals even with good PCs. The same is true, only more so, for agents placed higher in the hierarchy — for corporate actors such as the NASA, and collective endeavours such as quantum physics since 1970. Similarly, the cognitive agendas that are typical of institutional agents are by and large stricter than the run-of-the-mill goals that motivate individual agents. In most things, NASA aims at stable levels of scientific confirmation, but, for individuals the defeasibly plausible very often suffices for local circumstances. These are vital differences. Agencies of higher rank are more at ease with runs at optimization. They can wait long enough to have a serious shot at total information, and they can run the calculations that close their agendas both powerfully and precisely. Individual agents stand conspicuously apart. For most tasks, the human cognitive agent is a satisficer. He must do his business with the information at hand, and, much of the time , sooner rather than later. Making do in a timely way with what he knows now is not just the only chance of achieving whatever degree of cognitive success is open to him as regards a given agenda; it may also be what is needed in order to avert unwelcome disutilities, or even death. (We do not, when seized by an onrushing tiger experience, wait before fleeing for a refutation of skepticism about the external world or a demonstration that the approaching beast is not an hallucination.) Given the comparative humbleness of his place in H, the human individual is frequently faced with the need to practise cognitive economies. This is certainly so when either the strictness of his goal or the supply of drawable resources create a cognitive strain. In such cases, he must turn paucity to advantage. That is, he must (1) deal with his resource-limits and in so doing (2) must do his best not to kill himself. There is a tension in this dyad. The paucities with which the individual is chronically faced are often the natural enemy of getting things right, of producing accurate and justified answers to the questions posed by his agenda. And yet not only do human beings contrive to get most of what they do right enough not to be killed by it, they also in varying degrees prosper and flourish. This being so, we postulate for the individual agent slight-resource adjustment strategies (SRAS) which he uses to advantage in dealing with the cognitive limitations that inhere in the paucities presently in view. We make this assumption in the spirit of Simon [1957] and an ensuing literature in psychology and economics. At the heart of this approach is the well-evidenced fact that, for ranges of cases, “fast and frugal” is almost as good as full optimization, and at much lower cost [Gigerenzer and Selten, 2001]. We shall not take time to detail the various conditions under which individuals extract outcome-economies from resourcelimitations and target modesty, but the examples to follow will give some idea of how these strategies work. For a fuller discussion, see also [Gabbay et al., 2002]
THE PRACTICAL TURN IN LOGIC
35
and [Gabbay and Woods, 2003]; cf. [Sperber and Wilson, 1987]. The hierarchical approach to agency gives us a principled hold on the distinction between practical and theoretical agents and, correspondingly, between practical and theoretical reasoning. Practical reasoning is reasoning done by a practical agent. An agent is a practical agent to the extent that she (or it) commands comparatively few cognitive resources in relation to comparatively modest cognitive goals. Theoretical reasoning is reasoning done by a theoretical agent. An agent is theoretical to the extent that it commands comparatively much in the way of cognitive resources, directed at comparatively strict goals. We have it, then, that DEFINITION 7 (Hierarchy of agency types). H is a hierarchy of agency types when H is a set of cognitive agents partially ordered by the (complex) relation of commanding more cognitive resources R in relation to higher cognitive goals than. DEFINITION 8 (Practical agency). A cognitive agent is a practical agent to the extent that he (or it) ranks low in H. DEFINITION 9 (Theoretical agency). A cognitive agent is a theoretical agent to the extent that it is typical of it to rank high in H. In some respects, our interpretation of the practical-theoretical dichotomy may strike the reader as nonstandard, if not eccentric; on the face of it, there is no natural non-negative antonym of our use of the word “practical”. We ourselves are prepared to put up with the nonstandardness in return for conceptual yield. We have cautioned against the equation of resource-paucity with resourcescarcity. It is, even so, quite true that in some sense practical agents operate at a cognitive disadvantage. But it is necessary not to make too much of this. What should be emphasized is that in relation to the cognitive standards that an institutional agent might be expected to meet, the resources available to a practical agent will not enable him (or it) to achieve that standard. Whether this constitutes an unqualified disadvantage depends on the nature of the task the individual has set for himself and the cognitive resources available to him. For a practical agent to suffer an unqualified disadvantage, two factors must intersect in the appropriate way: his resources must be inadequate for the standard he should hit, in relation to a goal that has reasonably been set. So the measure of an agent’s cognitive achievement is a function of three factors: his cognitive goal; the standard required (or sufficient) for achieving that goal; and the cognitive wherewithal on which he can draw to meet that standard. PROPOSITION 10 (Interaction of goals and resources). The resources and goals of a practical agent exert a reciprocal influence. By and large, a practical agent’s cognitive goals are comparatively modest, as we have said. Plausible belief defeasibly held is a practical agent’s stock-in-trade. For most of what presses for his cognitive response, neither mathematical nor scientific certainty is either required or possible. In discharging his cognitive agendas, it fits neither the relevant resource contingencies, the intellectual design, nor the imperatives of closure that a practical
36
DOV M. GABBAY AND JOHN WOODS
agent conduct his affairs on the model of axiomatic set theory, particle physics or welfare economics. An individual makes do with lesser ambitions because in general they are all that he need fulfill and all that he can afford. We see in this an essential equilibrium. The practical agent tends to set goals that he can attain and is stocked with the wherewithal that makes attainment possible (and frequent). In the matter of both goals set and the execution of standards for meeting them, the individual is a satisficer rather than an optimizer. There are exceptions, of course; a working mathematician won’t have a solution of the four-colour problem unless he has a full-coverage proof that is sound. The tendency to satisfice rather than optimize is not, however, what is distinctive of practical agency. This is a point to emphasize. In most of what they set out to do and end up achieving, institutional agents exhibit this same favoritism. What matters — and sets them apart from the likes of us — is not that they routinely optimize but that they satisfice against tougher goals and higher standards. It is necessary to have a brief further word about the proposed concurrence of the distinction between practical and theoretical agents and that between individuals and institutions. As we conceive of the first of this pair, it is true by our definition of the terms involved that practical agents rank comparatively low and theoretical agents comparatively high in the hierarchy H of agent types. It is not a matter of definition that there is an identity between practical agents and individuals and between theoretical agents and institutions. These concurrences are matters of fact and are so with a certain looseness. Some of the tasks open to an individual thinker, as well as the resources available for their completion, enable him to function as a theoretical agent in our technical sense. Again, someone who seeks a proof of the four-colour problem may find that he can proceed without press of time, short of his own mortality. Similarly, an institution that wishes to acquaint itself with the postal code of one of its clients can do so if a solitary employee takes the half-minute to consult the Post Office’s directory. Our proposal concerning these loose confederacies amounts to little more than this. If we were to take the union of individual and institutional cognitive agents and applied to it the ordering of greater-resources-in-application-to-higher goals, we would see as a matter of fact that PROPOSITION 11 (Individual and practical agents). It is typical of the cognitive behaviour and cognitive circumstances of individual agents that they tend to rank comparatively low in H. C OROLLARY 11( A ). It is typical of individuals to function as practical agents. Likewise, PROPOSITION 12 (Institutions and theoretical agents). It is typical of the cognitive behaviour and cognitive circumstances of institutional agents that they tend to rank comparatively high in H.
THE PRACTICAL TURN IN LOGIC
37
C OROLLARY 12( A ). It is typical of institutions to function as theoretical agents. It is also useful to emphasize that the type of agency involved in these concurrences is cognitive agency. For the much broader notion of agency that carries the meaning of ability to do, the differences between what individuals are able to do and what institutions are able to do is not well-captured by where they rank in H. Cognitive agency is another matter, enough so that it lends requisite plausibility to the claims of approximate concurrence. The approximation of the concurrence harbours another fact of interest (and intuitive plausibility). Given that the difference between practical and theoretical agency is a matter of quantities of resources and degrees of strictness of cognitive goals, then any cognitive task solvable with resources of that type is such that if a practical agent can solve it, so too can can theoretical agent solve it. Another way of saying this is that for large ranges of cases, whatever can be known by an individual agent can also be known by an institutional agent; not conversely, however.11
2.2 Normativity It is not infrequently supposed that it is intrinsic to logic to articulate standards of normative soundness, and that this separates logic from the domain of empirical enquiry. For all its substantial provenance, this is not a supportable view of logic.12 Contemporary cognitive science marks a distinction among three different models of cognitive performance. They are the normative model N which specify sets standards of optimal rational performance, irrespective of the costs — especially the computational costs — of compliance. The prescriptive model P attenuates these standards so as to make them computationally executable by beings like us. The descriptive model D gives a law-governed account of how beings like us actually perform. Following Stanovich [1999], it is possible to discern three different positions concerning how the three models, N , P , and D, are linked. The principle of linkage is nearness to the goal of good reasoning. On the panglossian approach, there is little or nothing to distinguish N , P , and D in relation to the good-reasoning goal. At the opposite extreme is the “apologist” position in which N meets the goal and both P and D fail it, and do so both seriously and next-toequally. The “meliorist” position takes up the middle position. N meets the goal. P fails it, but not so badly as to preclude approximate realization. D, on the other hand, fails it significantly. 11 The qualification, “ for large ranges of cases” is necessary. Exceptions include experiential knowledge. Only individuals can know what it is like to have arthritis or what it is like to be married to an arthritic. Conversely, both individuals and institutions alike may, absent the requisite experiences, have some knowledge of what arthritis is like or what being married to an arthritic is like. 12 For particularly blatant (though not untypical) expressions of this view, see [Walton, 2002, p. 474] and [Simon, 1957, p. 265].
38
DOV M. GABBAY AND JOHN WOODS
It is not our intention to deal with the panglossian-meliorist-apologist rivalries at length. If we were forced to choose among the three, we would opt for the panglossian position. In fact, however, we find ourselves drawn to a fourth position, which the panglossian position somewhat resembles, but which is also importantly different. Baldly stated, we reject the normative model, and reject its prescriptive submodel. Thus our own position is vacuously panglossian: D reflects good reasoning rather well, and no other model reflects it better (since there are none). What so inclines us is the failure of those who espouse the N -P -D trichotomy to demonstrate that N provides objectively correct standards for optimal rationality and that P provides objectively correct standards for a computationally realizable optimal rationality. (Sometimes this is called “optimization under constraint”. See [Stigler, 1961].) We will not debate this issue here (but see, e.g., [Woods, 2003, ch. 8]). But perhaps an example would help explain our reluctance. It is widely held that a system of logic is a normative model of good reasoning, because it contains provably sound rules for the valid derivation of conclusions from premisses (or databases). This presupposes that the hitting of validity-targets is invariably an instance of good reasoning. The truth is that in lots of situations valid deduction from premisses or a database is not the way in which good reasoning proceeds, well attested to by the example of ampliative reasoning. But what if the reasoner’s task were such as to require the use of deduction rules? Wouldn’t a system of logic whose deduction rules were provably sound and complete be a convincing model of that particular sort of good reasoning? No. Good reasoning is always good in relation to a goal or an agenda (which may be tacit). Reasoning of the sort in question is good if it meets its goal or closes its agenda using only valid deduction rules. Reasoning validly is never itself a goal of good reasoning; otherwise one could always achieve it simply by repeating a premiss as conclusion, or by entering in the same place an arbitrary necessary truth. Suppose, finally, that the would-be deductive reasoner had ready to hand a sound and complete set of deduction rules and a set of heuristic principles which, for any goal attainable through deductive reasoning, guided the reasoner in the selection of particular rules at each step of the deduction process. Wouldn’t those deduction rules together with those heuristic rules serve as a normative model of the sort of reasoning our reasoner has set out to do? And, given that no such heuristics would work if they weren’t actually used by real-life deducers, isn’t there reason to think that we have here a case in which a normative and a descriptive model converge in a panglossian way? Yes. But we propose a clarification and a caveat. The clarification is that we do not eschew the idea of normative cognitive performance. Our view is that there is no reliable way to capture this normativity save by attending to what beings like us actually do. Thus our normativity is descriptively immanent, rather than descriptively transcendent. The caveat that we would make is that no such set of deduction rules supplemented by the requisite heuristic rules suffice for the rationality of the goal that our reasoner may wish to achieve on any given occasion.
THE PRACTICAL TURN IN LOGIC
39
Before leaving this matter, it would be well to take note of two prominent arguments on behalf of the existence of normative models (and, by extension, of prescriptive models) of human cognitive performance. Let K be a kind of cognitive performance, and let S = {S1 , . . . , Sn } be the set of standards for K that are sanctioned in a normative model N . According to those who favour the normative model approach, there are two reasons for supposing that the standards Si are normative for us ground-zero reasoners. 1. The analyticity rationale. The Si are normative for us because they are analytically true descriptions of what it is for K to be rational. 2. The reflective equilibrium rationale. The Si are normative for us because they are in reflective equilibrium with what is taken to be rational K-practice. We reject both these rationales. The analyticity rationale stands or falls with the theoretical utility of the concept of analyticity (or truth solely by virtue of the meaning of constituent terms). There is a large literature, with which it is appropriate to associate the name of Quine, that counsels the rejection of analyticity. (See, e.g., [Quine, 1953]; cf. [Woods, 1998].) These criticisms will be familiar to many readers of this book, and we will not repeat them here. (We are not so much attempting to prove a case against the normative models approach as to indicate to the reader why it is that we do not adopt it.) Still, here is an instructive example. Until 1903 it was widely held that the axioms of intuitive set theory were analytic of the concept of set. Then the Russell paradox put an end to any such notion. The reflective equilibrium rationale can briefly be characterized as a balancing act between conservatism and innovation. Consider a proposed new K-principle. It should be rejected if it contradicts received opinion about K-rationality. Equally, consider a piece of K-behaviour. It should be rejected if it contradicts the established K-principles. But a new principle can be adopted if it attracts the requisite change in accepted K-behaviour. The doctrine of reflective equilibrium pivots on the fact that the K-theorist, like everyone else, begins in medias res. He cannot proceed except on the basis of what he already believes about K-hood, and he cannot proceed unless what he initially believes about K-hood is also believed by others who are relevantly situated. The qualification “relevantly situated” is important. If K-theory is a relatively technical matter, then the relevantly situated others could be the community of researchers into K. Their beliefs, and our K-theorist’s starting point, are a blend of individual K-judgements and sets of K-principles that are now in reflective equilibrium. We accept this account as a descriptively adequate representation of how a Ktheorist actually proceeds. We concede that at an operational level there is no other way for the K-theorist to proceed. These ways of proceedings are an indispensable heuristic for the would-be K-theorist. But it is a mistake to think that, because this is the way that he must proceed it must follow that the reflective equilibrium from
40
DOV M. GABBAY AND JOHN WOODS
which he does proceed is epistemically or normatively privileged. It is a mistake of a sort that we call the Heuristic Fallacy. DEFINITION 13 (The heuristic fallacy). The heuristic fallacy is the mistake of determining that any belief that is indispensable to the thinking up of a theory is a belief that must be formally derivable in the theory itself. We have it, then, that PROPOSITION 14 (Normativity). In a practical logic of cognitive systems, normativity is implicit in standard practice. Even so, the reflective equilibrium model of normative rationality is untenable. The anyticity model is also unsound. Our subscription to Proposition 14 is rooted in a philosophically fallibilist appreciation of a wholly fundamental fact. The fact is that, for all our limitations and our standing disposition to err, we get things right enough enough of the time to survive and prosper. In taking a falibilist approach to this fact, we commit ourselves to the view that not only do beings like us sometimes get things wrong but — of greater importance — that it is not irrational, as such, to pursue cognitive strategies and employ cognitive methods, knowing them to be susceptible to error.
2.3 A Further Word on Validity It is very much part of our intellectual tradition to value truth-preservation. Truthpreservation is facilitated by argument-structures that are monotonic. Let K Φ be any valid argument, with Φ the conclusion and K a (possibly empty) set of premisses. K Φ is valid just in case any valuation that makes every α ∈ S true also makes Φ true. Suppose now that we supplement K by arbitrarily selected propositions arbitrarily many times. Call this new set K ∪S. Let v be any valuation on which all members of K are true only if Φ is true. Let v* be any valuation making every member of K ∪ S true. Then v is properly included in v*. Since v provides that K Φ is valid, v* provides that K ∪ S Φ is valid. Validity therefore is a natural suppressor of enquiry. Once an argument has been determined to be valid there is nothing to be said for any further investigation from the point of view of truth-preservation. From that perspective, the distinction between admissible and inadmissible new consistent information is lost, just as there is nothing to be gained by belief-updating. And given that truth-preservation is your cognitive target, there is little to be said for belief-revision either. What justifies humanity’s (supposed) enthusiasm for truth-preservation? Part of the answer lies in the high levels of risk aversion implicit in truth-preserving manoeuvres. Truth-preserving manoeuvres are mother’s milk to error-avoidance, though this is not quite the word for it. What is intended is that valid reasoning is guaranteed to present us with conclusions that are no worse than the worst that can be said of the premiss-sets that imply them. If K is an inconsistent premiss-set, deducing Φ from it will not in general make for more inconsistency; and if the premiss-set contains a falsehood, deducing Φ from it won’t in general land you
THE PRACTICAL TURN IN LOGIC
41
with a new falsehood.13 But here, too, the empirical record suggests that human beings are not routinely committed to error-avoidance in so strict a sense. A third feature of truth-preservation should be mentioned. Truth-preservation is valuable only if there are truths to preserve. At the level of common sense, truths are liberally available. But no one with the slightest interest in the history of human cognitive performance will accept the congruence of what is true and what is taken for true by common sense. Validity does not preserve what-is-takenfor-true. What it preserves is truth. The value of truth-preservation is parasitic upon the existence of truths. So determining whether a piece of truth-preservation is valuable is no easier than determining whether a proposition you think is true is true. Where, then, do these points leave us? If we are happy with vacuous truth-preservation, validity is a standing invitation to admit new information indiscriminately and without adjustment. It is an attainable goal, but no one will think it a cognitive virtue. Perhaps the most telling point to make about truth-preservation is how slight a role it plays in our cognitive lives. In and of itself valid deduction plays no role in ampliative reasoning, and ampliative reasoning is practically all the reasoning that a human agent has time for, such is the rapidity and extent of the new information that plays over him second by second, and the abiding imperative of adjusting to new circumstances with genuinely new appreciations of the passing scene. In general, individual agents lack the time and information to lodge these new beliefs in combinations of old and new inputs that constitute a deductive demonstration of them. Ideal modellers have long recognized that reasoners in the rough, that is, reasoners operating in real time in the give-and-take of actual circumstance, operate in ways that deviate from the modeller’s putative norms. There is little inclination among such theorists to dismiss such performance-levels out of hand. But there is a near-universal disposition to regard them as subpar, as less than best. So conceived, real-life performance approximates to the performance called for by higher standards; and in this presumed suboptimality lies its subparness; it is, at best, approximate success. There is a name for such performance standards. They go under the collective designation of heuristics. We have nothing to say against the concept of heuristics, except this: PROPOSITION 15 (Heuristics). It is simply a mistake to suppose that a heuristically successful performance is, just so, a subpar performance.
13 Of course, if we allow for schematic deduction of an arbitrary proposition from an inconsistent K, we do get more inconsistency if the deductive apparatus is classical. (This is because negationinconsistency is classically equivalent to absolute inconsistency.) But, given the equivalence, it is far from clear that absolute inconsistency is worse than negation-inconsistency, pace logicians of paraconsistent bent.
42
DOV M. GABBAY AND JOHN WOODS
3 SLIGHT-RESOURCE ADJUSTMENT STRATEGIES14 The remarkable thing about human reasoning is that it is right enough enough of the time to make it possible not only that we survive but, in varying degrees, also to prosper. Since practical reasoners typically engage comparatively modest cognitive targets, and typically deploy comparatively scant cognitive resources for their attainment, it is reasonable to suppose that beings like us have engineered a successful adjustment to the paucities constitutive of our practical orientations. We now consider some of these accommodations.
3.1 Hasty Generalization Individual cognitive agents are hasty generalizers. Hasty generalization is a SRAS. But, in standard approaches to fallacy theory and theories of statistical inference, hasty generalization is a fallacy; it is a sampling error. This is the correct assessment if the agent’s objective is to find a sample that is guaranteed to raise the conditional probability of the generalization, and to do so in ways that comport with the theorems of the applied mathematics of chance. Such is an admirable goal for agents who have the time and know-how to construct or find samples that underwrite such guarantees. But as Mill shrewdly observes, human individuals often lack the wherewithal for constructing these inferences. The business of sample-to-generalization induction often exceeds the resources of individuals and is better left to institutions. (See [Woods, 2004].) A related issue, even supposing that the requisitely high inductive standards are meetable in a given situation in which a practical agent finds himself, is whether it is necessary or desirable for him (or it) to meet that standard. Again, it depends on what the associated cognitive goal is. If, for example, an individual’s goal is to have a reasonable belief about the leggedness of ocelots is, rather than to achieve the highest available degree of scientific certainty about it, it would suffice for him to visit Ozzie, the ocelot, at the local zoo, and generalize hastily: ”Well, I see that they’re four-legged”.
3.2 Generic Inference Often part of what is involved in a human reasoner’s facility with the one-off generalization is his tendency to eschew generalizations in the form of universally quantified conditional propositions. When he generalizes hastily the individual agent is often making a generic inference. In contrast to universally quantified conditional propositions, a generic claim is a claim about what is characteristically the case. “For all x, if x is a ocelot, then x is four-legged” is one thing; “Ocelots are four-legged” is quite another thing [Carlson and Pelletier, 1995]. The first is felled by any true negative instance, and thus is brittle. The second can withstand multiples of true negative instances, and thus is elastic. There are significant 14 These
strategies are expounded more extensively in [Gabbay and Woods, 2003]
THE PRACTICAL TURN IN LOGIC
43
economies in this. A true generic claim admits of true negative instances. So it is true that ocelots are four-legged, even though there are up to lots of ocelots that aren’t four-legged. The economy of the set-up is evident. With generic claims it is unnecessary to pay for every exception. Generic claims are a more affordable form of generalization than the universally quantified conditional. This is part of what explains their dominance in the hasty generalizations that individual agents tend actually to make (and to get right, or some near thing). It must not be thought, however, that what constitutes the rightness (or some near thing) of an individual’s hasty generalizations is that when he generalizes thus he generalizes to a generic claim. Although part of the story, the greater part of the rightness of those hasty generalizations arises from the fact that, in making them, an individual typically has neither set himself, nor met, the standard of inductive strength. This, together with our earlier remarks about validity, is telling. PROPOSITION 16 (Validity and inductive strength). Given the cognitive goals typically set by practical agents, validity and inductive strength are typically not appropriate (or possible) standards for their attainment. C OROLLARY 16( A ) This, rather than computational costs, is the deep reason that practical agents do not in the main execute systems of deductive or inductive logic as classically conceived.
3.3
Natural Kinds
Our adeptness with generic inference and hasty generalization is connected to our ability to recognize natural kinds. Natural kinds have been the object of much metaphysical skepticism of late [Quine, 1969], but it is a distinction that appeals to various empirical theorists. The basic idea is evident in concepts such as frame [Minsky, 1975], prototype [Smith and Medin, 1981], script [Schank and Abelson, 1977] and exemplar [Rosch, 1978]. It is possible, of course, that such are not a matter of metaphysical unity but rather of perceptual and conceptual organization. It goes without saying that even when the goal is comparatively modest — say, what might plausibly be believed about something at hand — not every hasty generalization that could be made comes anywhere close to hitting even that target. The (defeasible) rule of thumb is this: The hasty generalizations that succeed with these more modest goals are by and large those we actually draw in actual cognitive practice. We conjecture, that the comparative success of such generalizations is that they generalize to generic propositions, in which the process is facilitated by the agent’s adeptness in recognizing natural kinds.
3.4
Defaults
Generic inference tolerates exceptions, but it is not ex cathedra. The cognitive economy of individual agency is a highly fallibilist one. It is an economy charac-
44
DOV M. GABBAY AND JOHN WOODS
terized by defaults. A default is something taken as true in the absence of indications to the contrary [Reiter, 1980]. It is characterized by a process of reasoning known as “negation-as-failure” [Geffner, 1992]. For example, Harry checks the departure times for a direct flight from Vancouver to London early Saturday afternoon. Finding none posted, he concludes that there is no such flight at that time on Saturday. Default reasoning is a paradigm of presumptive reasoning, concerning which see the discussion below. As such, it is conservative and defeasible, which is the cognitive price one pays for conservatism. Conservatism is, among other things, a method for collecting defaults D. One of the principles of collection is: “D is what people have thought up to now, and still do” or “ D is common knowledge.” The economies achieved are the off-set costs of fresh-thinking. (Descartes’ epistemological project would be costly beyond price for an individual to execute.) Defaults are, in turn, intimately tied to factors of genericity, as we shall see in due course.
3.5
Discourse Economies
Further economies are evident in regularities affecting conversation. One such has been called The Reason Rule: One party’s expressed beliefs and wants are a prima facie reason for another party to come to have those beliefs and wants and, thereby, for those beliefs and wants to structure the range of appropriate utterances that party can contribute to the conversation. If a speaker expresses belief X, and the hearer neither believes nor disbelieves X, then the speaker’s expressed belief in X is reason for the hearer to believe X and to make his or her contributions conform to that belief. ([Jacobs and Jackson, 1983, p. 57] and [Jackson, 1996, p. 103]).15 The reason rule records a default. Like all defaults, it is defeasible. Like most defaults, it conserves crimped resources. Like defaults in general, it appears not to do intrinsic cognitive harm. A corollary to the reason rule is the ad ignorantiam rule: Ad Ignorantiam Rule: Human agents tend to accept without challenge the utterances and arguments of others except where they know or think they know or suspect that something is amiss. Here, too, factors that trigger the ad ignorantiam rule are dominantly economic. Individuals lack the time to fashion challenges whenever someone asserts some15 The reason rule reports a de facto regularity between real-life discussants. When the rule states that a person’s acceptance of a proposition is reason for a second party to accept it, “reason” means “is taken as reason” by the second party.
THE PRACTICAL TURN IN LOGIC
45
thing or advances a conclusion without reasons that are transparent to the addressee. Even when reasons are advanced, social psychologists report that addressees tend not to appraise them before accepting the conclusions they purport to underwrite. Addressees tend to do one or other of two different things before submitting such reasons to critical scrutiny. They tend to accept a person’s conclusion if they find it plausible. They also tend to accept the other party’s conclusion if it seems to them that this is a conclusion which is within that person’s competence to make; that is, if he is judged to be in a position to know what he is talking about, or if he is taken as having the appropriate expertise or authority. (See, e.g., [Petty and Cacioppo, 1986; Eagly and Chaiken, 1993; Axsom et al., 1987; O’Keefe, 1990], and the classic paper on the so-called atmosphere effect, [Woodworth and Sells, 1935]. But see also [Jacobs et al., 1985].)
3.6 Consciousness A further important respect in which individual agency stands apart from institutional agency is that human agents are conscious. (The consciousness of institutions, such as may be figuratively speaking, supervenes on the consciousness of the individual agents who constitute them.) Consciousness is both a resource and a limitation. Consciousness has a narrow bandwidth. This makes most of the information that is active in a human system at a time consciously unprocessible at that time. In what the mediaevals called the sensorium (the collective of the five senses operating concurrently), there exist something in excess of 10 million bits of information per second; but fewer than 40 bits filter into consciousness at those times. Linguistic agency involves even greater informational entropy. Conversation has a bandwidth of about 16 bits per second.16 The narrow bandwidth of consciousness bears on the need for cognitive economies. It helps elucidate what paucity of information consists in. We see it explained that at any given time the human agent has only slight information by the fact that if it is consciously held information there is a bandwidth constraint which regulates its quantity. There are also devices that regulate consciously processible information as to type. A case in point is informational relevance. When H. P. Grice issued the injunction, “Be relevant”, he left it undiscussed whether such an imperative could in fact be honoured or ignored by a conscious act of will. There is evidence that the answer to this question is No; that, in lot’s of cases, the mechanisms that steer us relevantly in the transaction of our cognitive tasks, especially those that enable us to discount or evade irrelevance, are automatic and pre-linguistic [Gabbay and Woods, 2003]. If there is marginal capacity 16 [Zimmermann, 1989]. Here is John Gray on the same point:“If we do not act in the way we think we do, the reason is partly to do with the bandwidth of consciousness — its ability to transmit information measured in terms of bits per second. This is much too narrow to be able to register the information we routinely receive and act on. As organisms active in the world, we process perhaps 14 million bits of information per second. The bandwidth of consciousness is around eighteen bits. This means that we have conscious access to about a millionth of the information we daily use to survive”[Gray, 2002, p. 66].
46
DOV M. GABBAY AND JOHN WOODS
in us to heed Grice’s maxim by consciously sorting out relevant from irrelevant information, it is likely that these informational relevancies are less conducive to the closing of cognitive agendas than the relevancies that operate “down below”. Thus vitally relevant information often can’t be processed consciously, and much of what can is not especially vital.17 Consciousness can claim the distinction of being one of the toughest problems, and correspondingly, one of the most contentious issues in the cognitive sciences. Since the agency-approach to logic subsumes psychological factors, it is an issue to which the present authors fall heir, like it or not. Many researchers accept the idea that information carries negative entropy, that it tends to impose order on chaos.18 If true, this makes consciousness a thermodynamically expensive state to be in, since consciousness is a radical suppressor of information. Against this are critics who abjure so latitudinarian a conception of information [Hamlyn, 1990] and who remind us that talk about entropy is most assured scientifically for closed systems (and that ordinary individual agents are hardly that). The grudge against promiscuous “informationalism” in which even physics goes digital [Wolfram, 1984] is that it fails to explain the distinction between energy-to-energy transductions and energy-to-information transformations [Tallis, 1999, p. 94]. Also targeted for criticism is the view that consciousness arises from or inheres in neural processes. If so, “[h]ow does the energy impinging on the nervous system become transformed into consciousness?” [Tallis, 1999, p. 94]. In the interests of economy, we decline to join the metaphysical fray over consciousness. The remarks we have made about consciousness are intended not as advancing the metaphysical project but rather as helping characterize the economic limitations under which individual cognitive agents are required to perform. It is characteristic of agents of all types to adjust their cognitive targets upwards as the cognitive resources for attaining them are acquirted. A practical agent may take on commitments previously reserved for agents of higher rank if, for example, he is given the time afforded by a tenured position in a university, the information stored in the university’s library and in his own PC, and the fire-power of his university’s mainframe. In like fashion, institutional agents constantly seek to expand their cognitive resources (while driving down the costs of their acquisition, storage and deployment), so that even more demanding targets might realistically be set. Accordingly, PROPOSITION 17 (Asset enhancement). Agents tend toward the enhancement of cognitive assets when this makes possible the realization of cognitive goals pre17 Consider here taxonomies of vision in which implicit perception has a well-established place [Rensink, 2000]. 18 Thus Colin Cherry: “In a descriptive sense, entropy is often referred to as a ’measure of disorder’ and the Second Law of Thermodynamics as stating that ‘systems can only proceed to a state of increased disorder; as time passes, entropy can never decrease.’ The properties of a gas can change only in such a way that our knowledge of the positions and energies of the particles lessens; randomness always increases. In a similar descriptive way, information is contrasted, as bringing order out of chaos. Information, then is said to be ‘like’ negative energy” [Cherry, 1966, p. 215].
THE PRACTICAL TURN IN LOGIC
47
viously unattainable (or unaffordable). C OROLLARY 17( A ) Asset enhancement is always tied to rising levels of cognitive ambition. In relation to cognitive tasks adequately performed with present resources, an interest in asset enhancement is obsessive beyond the range of what would count as natural and proportionate improvements upon what is already adequately dealt with.
4
LOGICS OF DOWN BELOW
A practical logic is one that takes account of reasoning as it actually occurs in beings like us. We have already taken note of empirical indications that much of human thinking is transacted subconsciously and/or sublinguistically. This is, as one might say, reasoning ‘down below’; and the logic that takes proper notice of it would correspondingly be a logic of down below. What might such logics look like? We shall now briefly review two possibilities, as well as a further suggestion from decision theory.
4.1 Connectionist Logic There is a large literature — if not a large consensus — on various aspects of nonsymbolic, subconscious cognition. If there is anything odd about our approach, it can only be the proposal to include such matters in the ambit of logic. Most, if not all, of what people don’t like about so liberal a conception of logic is already present in the standard objections to psychologism, which we will discuss in due course. Strictly speaking, there is room for the view that, while psychologism is not intrinsically hostile to logic, psychologism about the unconscious and the prelinguistic simply stretches logic further than it can go, and should therefore be resisted. This is an admonition that we respect but do not intend to honour. In this we draw encouragement from work by Churchland and others [Churchland, 1989; Churchland, 1995] on subconscious abductive processes. As Churchland observes, “... one understands at a glance why one end of the kitchen is filled with smoke: the toast is burning!” [1989, p. 199]. Churchland proposes that in matters of perceptional understanding, we possess “... an organized library’ of internal representations of various perceptual situations, situations to which prototypical behaviors are, the computed output of the well-trained network” [1989, p. 207]. Like Peirce [1958, p. 5.181], Churchland sees perception as a limit of explanation, and he suggests that all types of explanation can be modelled as prototype activation by way of “... vector coding and vector-to-vector transformation” rather than linguistic representation and standardly logical reasoning. On this approach the knowledge that comes from experience is modelled in the patterning of weights in the subject’s neural network, where it is seen as a disposition of the system to assume various
48
DOV M. GABBAY AND JOHN WOODS
activation configurations in the face of various inputs. Thus, as Robert Burton puts it, Churchland is drawn to the view that “inference to the best explanation is simply activation of the most appropriate available prototype vector” [Burton, 1999, p. 261]. PROPOSITION 18 (Connectionist logic). Abductive logic has, in part, the structure of a connectionist logic. The suggestion that practical reasoning involves a connectionist logic is attractive in two particular ways. One is that, unlike every other logic of explanation, connectionist explanation has a stab at being psychologically real. The other, relatedly, is that a connectionist logic is no enemy of the subconscious and prelinguistic sectors of cognitive practice. It is no panacea, either. There is nothing in the connectionist’s prototype-library that solves the problem of the deployment of wholly new hypotheses, as, for example, in the case of Planck’s postulation of quanta. On the other hand, the same is true of computer systems such as PI [Thagard, 1988], which mimic simple, existential, rule-forming and analogical genres of abduction. (See here [Burton, 1999, p. 264]). For, again, beyond that, we should not want to say that serial processing requires consciousness: Thoughts high in consciousness often seem serial, probably because they are associated with language, but at other times consciousness seems parallel, as when we attend to the visual scene before us. So the distinction between parallel and serial processing does not seem to map well onto the distinction between the conscious and the unconscious [Shiffrin, 1997, p. 62].
RWR Models Another possibility is the RWR (representation without rules) approach to cognitive modelling. On this view cognitive systems employ representational structures that admit of semantic interpretation, and yet there are no representation-level rules that govern the processing of these semantically interpretable representations [Horgan and Tienson, 1988; Horgan and Tienson, 1989; Horgan and Tienson, 1990; Horgan and Tienson, 1992; Horgan and Tienson, 1996; Horgan and Tienson, 1999b; Horgan and Tienson, 1999a]. Critics of RWR argue that it can’t be true of connectionist systems [Aizawa, 1994; Aizawa, 2000]. Since we want to leave it open that some at least of the cognitive processing of practical agents occurs ‘down below’, it matters whether this criticism is justified. We think not, although we lack the space to lay out our reservations completely. But the nub of our answer to critics of the RWR approach is as follows. 1. Critics such as Aizawa point out that connectionist nets are describable by programmable representation level rules. They conclude from this that connectionist nets execute these rules. [Aizawa, 1994, p. 468]
THE PRACTICAL TURN IN LOGIC
49
2. We accept that connectionist nets are describable by programmable representation-level rules. But we don’t accept that it follows from this that connectionist nets should be seen as executing such rules. There is an apt analogy from Marcello Guarini: The orbits of the planets are rule describable, but the planets do not make use of or consult rules in determining how they will move. In other words, planetary motion may conform to rules even if no rules are executed by the planets. [Guarini, 2001, p. 291] A full development of this defence can be found in [Guarini, 2001]. What, we were wondering, could a logic of down below be? We propose that a reasonable candidate is the requisite description of a cognitive system seen as a connectionist net that satisfies the condition of the RWR approach. It could be a logic of semantic processing without rules.
Questions about Representationalism Here would be a good place to raise a question about representationalism as such. For a long time, ‘the dominant position in cognitive science was not merely that the concept of representation might often play an important part in good scientific explanation of intelligent behaviour, but that explanatory strategies which appealed to representations offered our only hope for a scientific understanding of such behaviour.’ [Wheeler, 2001, 211]; see also [Sterelny, 1990]. However, as Wheeler and others19 have recently proposed, this dominant idea lies open to question. In the interests of space, we shall confine our remarks to a line of criticism developed in [Wheeler, 2001]. Part of what makes representationalism so interesting is that it is a claim about the central nervous system in human beings. It proposes that neural structures play a distinctive role in explaining intelligent behaviour and that part of that distinctive role is discharged representationally. If, then, something is to be found wanting in this picture as it relates to its representational presumptions, it must consist in some difficulty with the view that wherever there is intelligent behaviour going on, there must be some representation going on in strictly neural terms. The key test for representationalism is on-line intelligent behaviour, i.e., ‘the sort of behaviour that reveals itself as a suite of fluid and flexible real-time adaptive responses to ongoing sensory stimuli.’ [Wheeler, 2001, 213]. Off-line intelligence, on the other hand, is embodied in tasks such as wondering whether to have soup for lunch or reflecting on the advantages of daily exercise. 19 E.g., [Shannon, 1993; Thelen and Smith, 1993; Globus, 1992; Hendriks-Jansen, 1996; Wheeler, 1994; Beer, 1995; Brooks, 1991; Webb, 1994]. The span of these works is significant; they range over cognitive psychology, developmental psychology, neuroscience, cognitive philosophy and robotics.
50
DOV M. GABBAY AND JOHN WOODS
Here is a standard example of the orthodox representational approach as developed in AI. Consider a robot whose task it is to navigate around obstacles in getting to a light source. Given sensory inputs from a video camera, the robot executes perceptual inferences that enable it to build an internal model of the external environment. By consulting the model the robot is able to distinguish and coordinate between light source and obstacle, and plan accordingly, encoding the route to a satisfactory outcome as a set of movement instructions. We see in this example that ‘the bona fide well-springs of intelligence are fundamentally neural (e.g., inner mechanisms of inference, discrimination, estimation and route-planning)’. [Wheeler, 2001, 214]. Furthermore, within this heavily neuro-centric picture, representations are conceived as essentially context-dependent, stored descriptions of the environment, built during perception and then later accessed and manipulated by cognitively downstream reasoning algorithms that decide on the best thing to do, in order to achieve certain current goals. [Wheeler, 2001, 214] Recent work in behaviour-based robotics (e.g., [Brooks, 1991]) and evolutionary robotics (e.g., [Husbands and Meyer, 1998]) has had some success in constructing control systems of a sort whose success casts doubt on representational presumptions. Such systems are especially good in dealing with a phenomenon that Wheeler and Clark [1999] call ‘causal spread’. Causal Spread Causal spread obtains when some phenomenon of interest turns out to depend, in unexpected ways, upon causal factors external to the system previously/intuitively thought responsible. [Wheeler, 2001, 216] In the standard representational approach, what makes a robot behave cleverly in the presence of such factors are interactions between neurally sited representations and computational events. However, on the evolutionary approach, this robotic cleverness — its adaptive richness and flexibility — flows not only from its neurological wherewithal but also from features built into the robot’s body and to aspects of the robot’s environment. In this newer picture the notion of representations as descriptions of the environment is replaced with the idea of extra-neural ‘contextdependent codings for action’ [Wheeler, 2001, 218]. For this to matter, it must be true that part of the explanation of the ‘adaptive richness and complexity’ of the robot’s behaviour not be supplied by the functioning of its nervous system, but rather by appeal to various of its non-neural capabilities; and the point about causal spread is that, in dealing with it, the robot is able to code up for action in ways that do not involve the creation of an inner model of the external environment. These later Wheeler sees as part of the normal ecological backdrop of representational states and processes, which is not itself representational [Wheeler, 2001, 219].
THE PRACTICAL TURN IN LOGIC
51
Wheeler considers conditions under which it might be argued that the coding for action that it seems appropriate to attribute to a representation system’s normal ecological backdrop can, after all, be attributed to the system’s representational functions. Such might plausibly be supposed, Wheeler allows, provided that representational structures are both arbitrary and homuncular. A representation system is arbitrary when its representation functions turn not on any particular non-information properties of the system, but rather in the ways in which such components are organized and used. Right use, in turn, requires a homuncular mode of organization, typically a hierarchical arrangement of task-specific communicating subsystems, whose collective contribution constitutes performance of the main business of the overall system itself. There is reason to think, however, that there are conditions in which a system behaves intelligently and yet the homuncularity assumption fails. As standardly understood in the literature, a homuncular system is a kind of modular system. If homuncularism is true of beings like us when engaged in intelligent behaviour, then it must also be true that our neural activity embodies a recognizable neural modularity that involves the intercommunication of (at least somewhat) hierarchically organized modules.20 But, as Wheeler observes, there are conditions under which intelligent behaviour belies these assumptions.
Continuous Reciprocal Causation Typical of a modular system is what Wimsatt [1986] calls an aggregate system. An aggregate system is one in which various parts are identifiable by their explanatory function independently of taking note of the other parts, and non-trivial cases of system-wide behaviour can be explained by reference to the operation of comparatively few parts. Consider now what Clark [1997] calls continuous reciprocal causation. This is causation that involves multiple simultaneous interactions and complex dynamic feedback loops, such that (i) the causal contributions of each component in the system partially determines, and is partially determined by, the causal contributions of large numbers of other components in the system, and, moreover, (ii) those contributions may change radically over time. [Wheeler, 2001, 224] (emphases added) Faced with causation of this character, a system’s aggregativity begins to break down. In such circumstances, the system’s behaviour is more and more irreducibly holistic or higher-level. To the extent that this is so, the modularity assumption is compromised, and with it the view that the system in question is homuncular. The standard view that intelligent behaviour requires a thoroughgoing representationalism is challenged by the existence of causal spread. This challenge 20 Not
everyone would see it this way; e.g., those who endorse a non-reductive supervenience of the intentional on the neural.
52
DOV M. GABBAY AND JOHN WOODS
would be met if it could be shown that systems for intelligent behaviour were both arbitrary and homuncular and that the capacity for the appropriate exploitation of informational organization, required by the assumption of arbitrariness, is not itself supplied by the system’s homuncularity. There is no homuncularity without modularity, and if modularity is typified by aggregate systems, then there is reason to think that, in the presence of continuous reciprocal causation, intelligent systems cannot be aggregative; hence are not modular in ways that aggregate systems typify; hence cannot easily be seen as homuncular; hence cannot easily be seen as having the wherewithal for appropriateness of response to the informationorganization arrangements required by the arbitrariness assumption. So it would appear that representationalism’s defence against the phenomenon of causal spread does not succeed and, finally, that it cannot be said, with confidence at least, that on-line intelligent behaviour (the production of fluid and adaptable responses to ongoing sensory input) must or should be explained by appeal to neurally located representations.
An Example from Decision Theory According to classical decision theory, to the extent that he is rational an agent will decide upon courses of action that have the highest subjective expected utility (Raiffa [1968]). Such decisions are said to satisfy Bayes’ Decision Rule. Solutions of decision problems can be represented as decision trees. A decision tree is a mathematically describable structure in which an agent’s subjective probabilities and his utility functions are computed in ways that produce his subjective utilities averaged over various possible outcomes of alternative actions. This methodology is laid out in every textbook on the subject and will not detain us here. A decision tree can be said to be bushy (Cooper [2001]) when it exhibits a high degree of complexity. This is the complexity concomitant with large numbers of decisive situations flowing from the branches of a decision tree, of which, in turn, the branches may also be bushy. As Cooper points out, there is no limit to how many variations a complex decision situation might have, and the variations need not be trivial . . . It is mathematically obvious that when a great many mutually exclusive outcomes of a chance event are possible, with probabilities summing to one, most [Cooper, 2001, pp. of these probabilities must be extremely small. 54–55] Bushy problems, as we may now call them, require that the decisional agent not merely hit upon the same expected subjective utility as would be determined by an explicitly constructed decision tree. Rather the decisional agent must become his own decision theorist and do something that is similar to expressly constructing the requisite tree. Another way of saying this is that bushy problems require the deciding agent to do something fairly describable as similar to making an explicit decision theoretic analysis of his own decisional situation. As Cooper sees it,
THE PRACTICAL TURN IN LOGIC
53
Of course, the organism’s processing needed to accomplish all this might not proceed in ways exactly analogous to [the production of right-to-left computational tree algorithms]. No one supposes that an organism will literally draw trees in its brain. It has only to execute some black-box approximations of that, with the processing giving rise to behaviour that looks as if a tree analysis had taken place. It isn’t even clear that it must depend on the same general distinctions between choices, events, probabilities, consequences, and so on. The process need only result in behaviour that is so interpretable to us as [Cooper, 2001, p. 58] analysts accustomed to these concepts. Bushy problems can’t be solved by just any process that produces the same answer as a decision tree. While the real-life practical agent needn’t actually construct the very edifice that the mathematics of decision theory does construct, he must do something approximating to it. While he must do something that approximates to the construction of a decision tree, it is not required that he even have the concepts necessary for knowing what a decision tree is. And although he needn’t be able to conceptualize a decision tree, whatever the practical agent does do in that black box of his, it must be interpretable by those who do have the concept of a decision tree as the construction of a decision tree. The decision theory of ‘down below’ might now be identified with the task of determining whether, and upon what basis, what goes on in the decider’s black box is interpretable as approximating to the construction of a decision tree. Making this determination depends on whether we are able to say, and upon what basis, that the agent’s decisional behaviour is construable as if such a tree had been constructed. This much seems clear: that classical decision theorists take the view that whenever a practical agent takes a decision that comports (or comes close to comporting) with the winning answer produced by the requisite decision tree, then there exists a mathematical structure MS described by that tree, and further that the tree description of MS invokes concepts (choices, events, probabilities, utilities, consequences, etc.) which according to the decision theorist are necessary for an adequate conceptual analysis of decision. This, too, is the view of the present authors. The existence of MS gives rise to two possible inferences, one strong and one weak. The strong inference is that MS fits the circumstances of actual decisionmaking. The weak inference is that those actual circumstances can be interpreted as if MS fits them. (We note in passing that though they are exclusive, Cooper runs both inferences). The decision theory of down below tries to sort out which if either of these two inferences to draw. We ourselves are of the view that nothing stronger than the weak inference is plausible, and that even in its weak form, it may be too strong for its own good. This suggests a third possibility, both for the decision theorist and the logician. Grant that for every more or less correctly taken decision of a practical agent, there exists an MS. Similarly, grant that for every successfully made logical oper-
54
DOV M. GABBAY AND JOHN WOODS
ation by an actual agent there also exists an LS, i.e., a logical structure describable in some requisite logical theory in a language that invokes concepts (e.g., consequence, consistency, revision, plausibility, and so on) necessary for an adequate conceptual analysis of the kind of reasoning in question. Now the third option says, in effect, that not even the weak inference should be drawn, but rather that the task of determining whether to draw it (or some other) should be sent over to the research programme of cognitive psychology. Thus the logician’s contribution or the decision theorist’s contribution is to construct the requisite structure, MS and LS. A further contribution is whenever possible to provide reasons (such as complexity-overload) that count against at least the strong inference. The psychologist’s contribution is, whether by experiment or abduction, to get inside the reasoner’s black box to search out further details of the fit or lack of it with MS and LS.
4.2
Fallacies
Before leaving the issue of an individual agent’s cognitive economics, we touch briefly on some objections that might be brought. On the account sketched here, the individual is an inveterate fallacy-monger, whether by way of hasty generalization, ad verecundiam or ad ignorantiam. In fuller accounts of the cognitive economy of individuals, the appearance of extensive fallaciousness is even more widely evident [Gabbay et al., 2002; Gabbay and Woods, 2001]. It is not impossible that the human agent is an intrinsic a fallacy-monger, but we ourselves are disinclined to say so. The charge may be answered in one of two ways. (1) The practice in question would be a fallacy if interpreted in a certain way. But under realistic construal, the practice in question doesn’t fit with the fallacy in question. (2) The practice in question even under realistic interpretation qualifies as a fallacy by the lights of a certain standard, but does not qualify as a fallacy under a lesser standard, and it is the lesser standard that has the more justified application in the context in question. If we go back to the example of hasty generalization, if the generalization is inference held to the standard of inductive strength, then it is a standard that in our haste is lost. But if the generalizer’s cognitive goal is such as to make the standard of inductive strength more than its attainment requires, the generalization can hardly be faulted for failing a standard it omitted to set for itself, for failing to hit what it did not aim at. The individual agent also economizes by unreflective acceptance of anything an interlocuter says or argues for, short of particular reasons to do otherwise. This outrages the usual ban on the ad verecundiam, according to which the reasoner accepts his source’s assurances because he is justified in thinking that the source has good reasons for them. (The fallacy, then, would be the failure to note that the
THE PRACTICAL TURN IN LOGIC
55
source is not suitably situated to have good reasons for his assurances.) Empirical findings indicate that this is not the standard which real-life individuals aim at. They conform their responses to a weaker constraint: If you have reason to believe that your source lacks good reasons for his assurances, then do not accept his assurances. The default position of ad verecundiam reasoners is that what people tell one another is such that incorporating it into one’s own database or acting on it then and there is not in the general case going to badly damage one’s cognitive agendas, to say nothing of wrecking one’s life. We see in this a (virtual) strategy of cooperative acceptance, tentative though it is and must be, rather than a strategy for error-avoidance or error-minimization. Judged by the requisite standard, such trust is in general neither misplaced nor fallacious. A fallacy is always a fallacy in relation to a contextually appropriate standard. Ad ignorantiam is our final example. In its most basic form it is an inference in the form 1. It is not known that P 2. So, not-P .21 In that form there is not much to be said for it. But no one argues just by way of argument forms. In requisitely incarnate arrangements we sometimes get rather good arguments, such as negation-as-failure arguments. In their turn, negation-asfailure arguments are variations of autoepistemic arguments, such as: 1. If there were a Department meeting today, Harry would know about it. 2. But He doesn’t, 3. So there isn’t. Or, as in the departure announcement example, 1. If there were a direct flight from Vancouver to London early Saturday afternoon, the schedule would make that known to Harry. 2. But it doesn’t. 3. So there isn’t. Autoepistemic inferences are inferences to a default. Harry’s default position is that there is no such meeting and is no such flight. Such inferences are nonmonotonic. New information might override these defaults. Here, too, there are fallacious cases of the ad ignorantiam depending on what the relevant standard is. Nobody thinks that the ad ignorantiam is truth-preserving.22 For agents who are 21 We are discussing the modern form of the ad ignorantiam, not Locke’s conception, which in turn is a variant of Aristotle’s ignoratio elenchi [Woods et al., 2004]. 22 An exception:
1. If I had a throbbing headache I would know it.
56
DOV M. GABBAY AND JOHN WOODS
constitutionally and circumstantially bound to transact their cognitive agendas on the cheap (fast and frugal), who will say that the standards of default reasoning are inappropriate? Let us say in passing that the variabilities that inhere in the hierarchy of agencytypes suggest a general policy for the fallacy-attribution. It is roughly this. A fallacy is a mistake made by an agent. It is a mistake that seem not to be a mistake. Correspondingly, it is a mistake that is naturally made, commonly made, and not easy to repair (i.e., to avoid repeating). [Woods, 2004, ch. 1] An inference is a fallacy relative to the type of agent in question and the resources available to agents of that type, and to the performance standards appropriate thereto. Given that individuals operate with scant resources, given the economic imperatives that these paucities impose, and given the comparative modesty of their cognitive goals, what may have the look of fallacious practice lacks the cognitive targets and the performance standards against which fairly to judge such inferences as fallacious. On the other hand, for agencies of a type that occurs higher up in H — NASA, for example — cognitive targets are different resources are abundant, and standards for the assessment of performance are correspondingly higher. Relative to those targets and those standards, cognitive practices having this appearance of fallaciousness are much more likely to be fallacious. This helps motivate the traditional idea of a mistake that seems not to be a mistake. At the appropriate level, a cognitive practice is a mistake and may not appear to be a mistake, because at lower levels of the hierarchy it is not a mistake. Similarly, at least at the level of individual agency, we have an unforced explanation of why practices, which higher up would be fallacies, are lower down natural common and hard to change. It is because they are evolutionarily and experientially the best ways for individuals to manage their resource-strapped cognitive economies.23 PROPOSITION 19 (Fallacies). As standardly conceived of, fallacies are in the main wrongly attributed to practical agents. Either they are not patterns of reasoning that practical agents implement, or, when they are, they are directed to goals whose comparative modesty calls for standards that the instantiated cognitive behaviour in question manages to meet. In some cases, the so-called fallacies are successful SRASs—i.e., they are scant-resource adjustment strategies.
4.3
Practical Logic
Is there really such a thing as a practical logic? Is a practical logic even possible? One standard philosophical view is that these questions should be answered 2. But I don’t, 3. So I haven’t. 23 This
resource-based approach to fallacies can only be lightly sketched here. The fuller story may be found in [Gabbay and Woods, 2006].
THE PRACTICAL TURN IN LOGIC
57
negatively, since practical inference is about actions, whereas a would-be logic of practical inference is actually a theory of belief modification, and hence is theoretical. (We note in passing, the oddity of supposing that a theory of belief-dynamics is intrinsically a theoretical enterprise. But since we ourselves use the term “theoretical” in a somewhat nonstandard way, we can hardly complain of this other usage on grounds of nonstandardness, different as it is in other respects from our own.) Joseph Raz has an interesting answer to this objection. He argues as follows: 1. Practical reasoning is reasoning about what actions to perform. 2. A logic of reasoning of any kind is, as such, a theory of theoretical inference. 3. So, a practical logic is a logic of theoretical reasoning when performed in ordinary ways, i.e., by beings like us in everyday circumstance [Raz, 1978, p. 8] As it stands, Raz’s argument is a non sequitur. Its repair is possible by addition of the premiss, “Practical logics are possible”. But this freedom from non sequitur is bought at the cost of begging the question against the very critic for whose benefit Raz constructed his argument in the first place. It is possible that Raz has misstated what he intended his answer to be. Perhaps what he had in mind is this: 1. Suppose we agree that any logic worthy of the name is, or subsumes, a theory of belief-modification. 2. Suppose also that we agree that theories of belief-modification are theories of theoretical reasoning. 3. Let it be a point of additional agreement that practical reasoning is always reasoning about what to do. 4. If a logic of practical reasoning is possible, it is necessary and sufficient that in reasoning about what to do, reasoners modify (delete, add, intensify, etc.) their beliefs about what to do. 5. Since it is obviously possible for people, in reasoning about what to, to modify their beliefs about what to do, a practical logic is possible. It is a logic of belief-modification (hence a logic of theoretical reasoning) concerning beliefs about what to do (hence a logic of practical reasoning). 6. What is more, it is not necessary for a conclusion of practical reasoning to be an updated belief about what to do, or that the premisses always be beliefs. If it is possible to reason directly from a desire rather from a the belief that the desire exists, then the present claim is well-justified.
58
DOV M. GABBAY AND JOHN WOODS
We have drawn the reader’s attention to Raz’s interesting, though bungled, answer to a common objection to practical logic, not because we think that Raz’s mistake is all that important. We have already said (and will say more about it just below) why we think the identification of practical reasoning with reasoning about what to do seems to us less than well-advised, for it leaves the other side of the implied contrast strikingly bereft of members. And we have explained why we think that we get a robust and principled distinction between the practical and the theoretical by relativizing its relata to different degrees of command of the requisite cognitive resources in pursuit of targets of differing conditions of strictness. Even so — and apart from our reservations about the case he makes for practical logic — we are rather taken with Raz’s observation that “practical reasoning is but ordinary theoretical reasoning” [Raz, 1978, p. 8]. As we saw, Raz probably means by this that a logic of belief-modification is capable of dealing with beliefs about what to do, hence can be at once a theory of theoretical and practical reasoning. But Raz’s words also fit our conception of this distinction. Seen this way, theoretical reasoning is reasoning done with comparatively abundant resources aimed at comparatively tough targets, and practical reasoning is reasoning done with comparatively scant resources aimed at comparatively modest targets. So conceived of, it is unnecessary (and undesirable) to see the difference between theoretical and practical reasoning as ontologically stark. It is not that there is a sharp and deep difference in kind between the two, but rather a difference in cognitive reach and enabling wherewithal. What is more, if we were to take Raz’s unexplained reference to “ordinary” reasoning as reasoning done by practical agents, i.e., agents with comparatively scant resources, then the words “practical reasoning is but ordinary theoretical reasoning” say something true about our conception of these things, in which practical reasoners use the same resources as theoretical reasoners, but fewer of them and in lesser quantities. Accordingly, we find it justified to persist with the view that PROPOSITION 20 (Practical logic revised). A practical logic is a principled description of the belief and decision dynamics of a practical agent, that is, of an agent ranking comparatively low in the hierarchy H of agency-types. Whatever the details of an ideal models approach to logic, it is necessary that we not lose sight of the fact that PROPOSITION 21 (Approximation). If an ideal model of a certain kind K of human performance is to have elucidatory value, it is necessary that an appropriate approximation relation be definable in principle between actual behaviourial K-competence and the model’s idealized behaviour. The ideal models that we consider, for example, in [Gabbay and Woods, 2005] arise in the context of a logic of abduction, which latter is developed as part of a more general practical logic. The heart and soul of any theoretical approach to practical reasoning is that it takes due note of resource-limitations and cognitive target-modesty. It would be illuminating if there were a coherent connection be-
THE PRACTICAL TURN IN LOGIC
59
tween the methodological factor of approximation and the logical factors of practicality. It may be that such a connection exists and that it takes the following form: PROPOSITION 22 (Approximation and practicality). There exist systems of socalled approximate reasoning which are themselves approximations of classical logic. This suggests (a) that the factor of practicality in practical reasoning might be modelled as approximation to classical reasoning, and (b) that as the approximation converges on classical limits, the factors of practicality recede from the model. (See, for example, [Finger and Wasserman, 2004; Schaerf and Cadoli, 1995].) The distinction between what to do and what to believe threatens the “standard” distinction between theoretical and practical reasoning with vacuity. It is a distinction, says one prominent commentator, which “centers on the contrast between the rationality of cognitions, such as beliefs, in virtue of which we are theorizing beings seeking a true picture of our world and, on the other hand, the rationality of elements, such as actions, in virtue of which we are practical beings seeking to do things, in particular to satisfy our needs and desires” [Audi, 2004, p. 17]. Consider, to the same end: “Practical reasoning . . . leads to (or modifies) beliefs and expectations” [Harman, 2004, p. 45]. There is some protection afforded this standard way of drawing the contrast by Harman’s concession that the characterizations of “theoretical” and “practical” hold only in a technical sense. Even so, the standard distinction is a vexed one. One of its difficulties is that since believing a proposition is also something that one does, the contrast between believing and doing is spurious. True, “belief” itself harbours an ambiguity between what is assented to (which is a linguistic act) and what one is confident about (which is a psychological state). Some may think that here is a difference that will rescue the theoretical-practical distinction, for while it may be agreed that accepting something is indeed something that we can elect to do, beliefs are sometimes psychological states into which, so to speak, we pass. Assents are our doing; beliefs (sometimes) just present themselves, like the measles. In light of this, would we want to say that, while the reasoning that leads to assent is practical, whereas the reasoning that leads to psychological quiescence is theoretical? This is not an issue that we see much advantage in pressing. Suffice it to say that, in our view, it redrafts the theoretical-practical distinction in a way that no one has yet to propose; and we are not going to be the first to do so. All the same, it is clear enough that beliefs are one thing and decisions another. It is also clear that beliefs are sometimes occasioned by reasoning and that decisions are sometimes occasioned by reasoning. We are free, if we like, to try to make something of this. We might insist, in particular, that the connection between reasoning and the decision to which it gives rise cannot be the same as the connection between some reasoning and the beliefs to which it gives rise. In a rough and ready way, we might say that reasoning in the latter instance is good when the connection between it and the beliefs it induces is evidential, and that, in the former case, the reasoning is good when
60
DOV M. GABBAY AND JOHN WOODS
the connection between it and the decision to which it gives rise is prudential. But now we have a new distinction in the contrast between the evidential and the prudential. The trouble is that here, too, it seems not to carve out a seriously plausible principium divisionis for the theoretical-practical pair. The principal problem is that, just as with believing and doing, so too here, there is too little contrariety between the contrasting pairs to support a distinction of major importance. What this comes down to is this: As standardly drawn, the theoretical-practical dichotomy is embarrassed by the sheer latitude it provides for the co-occurrence of its putative contrasts. So the objection is not that there is nothing in the difference between beliefs and decisions for a logician to take note of. (Why would we want to ignore the fact of, and the difference between, alethic, and doxastic logics, for example?). What we are saying is that there are ways of marking the distinction between the theoretical and the practical that are both deeper and more robustly contrastive.
4.4
Cognitive systems
In both the ideal reasoner and the consequence-attenuation models, insufficient attention is given to the fact that reasoning has an intrinsically cognitive orientation. Reasoning is a way of getting to the bottom of things and of coming to appreciate what’s what. Accordingly, reasoning serves an inherently instrumental purpose. It is (part of) an agent’s wherewithal for the attainment of her (or its) cognitive goals. With this in mind, we have introduced the notion of a cognitive system. A cognitive system is a 3-tuple of a cognitive agent, cognitive resources, and cognitive tasks performed dynamically in real time. A cognitive agent is a being capable of perception, memory, belief, desire, reflection, deliberation, decision and inference. A practical cognitive system is a cognitive system whose cognitive agent is a practical agent. A cognitive system is a being or a device endowed with a substantial psychological make-up. It is a make-up in which cognition is moored. On the face of it, therefore our conception of a practical logic echoes a conviction of Bacon, who took logic to be a part of rational psychology. Although we stop well short of Bacon, ours is avowedly an approach to logic that could be called psychologistic. This will offend purists who, entirely correctly, have been quick to appreciate that model theory, proof theory, set theory and recursion theory have nothing to do with psychology [Barwise, 1977]. But there is more to our conception than is to be found in the four central fiefdoms of mathematical logic. In as much as we want our logic to give an account of certain aspects of the cognitive behaviour of practical agents, it is essential that psychological parameters not be overlooked entirely. In consequence, we find ourselves in agreement with those for whom the distinction between logic and psychology is neither exact nor exhaustive (see, e.g. Thagard [1982]). In a word, then, we are committed to psychologism, are we not?
THE PRACTICAL TURN IN LOGIC
5
61
PSYCHOLOGISM
In our conception of a practical, agent-oriented, resource-target logic, we have not honoured every stricture against psychologism. Critics of, for example, the logic of discovery, those who think it a misbegotten enterprise as such, are drawn to the idea that accounts of how people entertain and select hypotheses, form and deploy conjectures, and more generally how they think things up, are a matter for psychology. Underlying this view is something like the following argument. Let K be a class of cognitive actions. Then if K possesses an etiology (i.e., a causal ancestry), this precludes the question of the performing or disperforming the Kaction for good or bad reasons. If there were a logic of K-action it would be an enquiry into when K-actions are performed rationally, that is, for the right reasons. Hence there can be no logic of K. Against this Donald Davidson is widely taken as having shown that far from reasons for actions precluding their having causes, reasons are causes, or more carefully, having a reason for an action is construable as a cause of it. ([Davidson, 1963]. See also [Pietroski, 2000] to the same effect.)24 We ourselves are inclined to emphasize a substantial body of work in reliabilist and other forms of causal epistemology. In its most basic form, a subject performs a cognitive action rationally when his performance of it was brought about by causal mechanisms that are functioning reliably, that are functioning as they should. We would do well, even so, to take brief note of a looming, and obvious, objection. If the aspects of cognition in which a logician could be expected to take an interest are often a matter of being in the right psychological state, and if such states are sometimes the output of causal mechanisms unattended by either attention or effort on the agent’s part, how can this be squared with our view of logic as a disciplined description of (aspects of) what a logical agent does? Our answer is that just as we deny that there is an inherent incompatibility between reasons and causes, neither do we find any essential incompatibility between being in a causally induced mental state in whose attainment the agent played no intentional role and being the subject of admissible answers to questions such as ‘What is X doing?’ (answer: ‘He is thinking that P ’.), and ‘What was X doing that he came to be in state S?’ (answer: ‘He was looking at Harry’s shoe.’). In a quite general way, whenever there is something that an agent is doing, there are constituent happenings, not all of which qualify to be described as what X is doing, which might nevertheless enter into the description of what does qualify for the designation ‘what X is doing’. The idea of logic as a theory of rational performance runs into a different, though related, objection. Of course, the “looming objection” to press here is that such a logic does indeed lead to psychologism, and psychologism is false. 24 Another approach to the reasons–causes issue is that of agent causation, skillfully developed in [O’Connor, 2001]. While we do not adopt this view here, we recognize it as an attractive alternative.
62
DOV M. GABBAY AND JOHN WOODS
Anti-psychologism is not a single, stable thesis. It is at least three pairwise inequivalent propositions. 1. In one sense, it is the case made by the reasons-versus-causesargument we have just re-examined and rejected. 2. In another sense, it is the view that although logic deals with the canons of right reasoning, no law of logic is contradicted by any psychological law or psychological fact. 3. In a third and more emphatic sense, it is the view that logic has nothing whatever to do with how people do reason or should.25 Having dealt with anti-psychologism in the first sense, it remains to say something about the other two. Sense number two need not detain us long. It is a view of antipsychologism which is accepted by logicians who take a traditionally normative view of logic. On this view, psychology is purely descriptive, and logic is purely prescriptive. Hence the laws of logic remain true even in the face of massive misperformance on the ground. On the other hand, those who opt for reliabilist theories of rational performance will reject anti-psychologism in its present sense, just as they reject it in sense number one. This leaves the third conception, the idea that logic has nothing to do, normatively or descriptively, with how human beings — or other kinds of cognitive agents — think and reason. It is a view with an oddly old-fashioned ring to it, suggesting a position which simply has been over-taken by events of the past quarter century, referred to collectively by the then editor of the Journal of Logic and Computation as “the new logic”. He writes: Let me conclude by explaining our perception of the meaning of the word ‘Logic’ in the title of this Journal. We do not mean ‘Logic’ as it is now. We mean ‘Logic’, as it will be, as a result of the interaction with computing. It covers the new stage of the evolution in logic. It is [Gabbay, 1990] the new logic we are thinking of. Fourteen years on, this editor’s prediction has been met with considerable confirmation, and then some. The buds of the early 1980s have in numerous instances 25 It is interesting that the case which Frege actually pressed against psychological methods in logic are not transparently present in the trio of interpretations currently in review. In Frege [1884] and subsequent works, Frege’s resistance was twofold. First, if psychological methods were engaged in such a way as to make mathematics an experimental science, then those methods should be eschewed or anyhow not deployed in such ways. Second, if psychological methods were engaged in such a way that mathematics lost its intersubjective character, then psychological methods should be either abandoned or not employed in such ways. It bears on the present point that whereas Boole was a psychologicist about logic, and whereas Frege was a critic of Boole, Frege never criticized Boole for his psychologism. Logic for Boole is not a matter of how people actually think but rather is a normative account of the correct use of reasoning [Boole, 1854, pp. 4 and 32], concerning which, see the discussion above on normative models.
THE PRACTICAL TURN IN LOGIC
63
achieved full flower. Non-monotonic logics, default logics, labelled deductive systems, fibring logics, multi-dimensional, multimodal and substructural logics are now better established and methodologically more self-aware than they were even a decade ago. Intensive re-examinations of fragments of classical logic have produced fresh insights, including at times, decision procedures for and equivalency with non-classical systems. Perhaps the most impressive achievement of the new logic as arising in the past decade or so has the effective negotiation of research partnerships with fallacy theory, the logic of natural language reasoning and argumentation theory.26 The new logic, the logic born of the application of the procedural sophistication of mathematical logic to the project of informal logic, has triggered the very rapprochement that mathematical logic was not structured to deliver or to seek. The new logic, whatever its multifarious differences of mission and detail, has sought for precisely describable models of what human agents actually do in reallife situations when they cogitated, reflected, calculated and decided. Here was an approach that would in an essential way take what mathematical logic would see as inert context into the theory itself, where it would be directly engaged by the ensuing formalisms. If psychologism is the view that logic has something to do with how beings like us think and reason, then we are psychologicists. But we are psychologicists of an ecumenical bent which counsels the theoretical rapprochement of logic more narrowly conceived with cognitive science and computer science. In so saying, we do not place ourselves squarely in or squarely out of the embrace of these interpretations of psychologism, save the first.
5.1 Issues in Cognitive Science The psychologism of our approach to logic places us in a nettle of contentious and unresolved issues in the philosophy of psychology and cognitive science. Exposure to these issues would be nothing if not tactically ill-advised except for the various psychological indispensabilities to the laws of thought approach to logic. We do not have the wherewithal to settle the contentions that such a conception lands us in. But we would do well, even so, to try to situate ourselves in the midst of these entanglements. Like it or not, psychology, especially cognitive psychology, is a part of our project, and we meet with psychology as we find it, warts and all. Cognitive science has taken on two principal tasks. One is to give a mentalistic description of the laws under which cognition occurs (and is largely successful). The other is to give an account of the mechanisms by which these laws function without drawing upon the lexicon of mental terms and expressions. 26 Attested to, for example, by the Netherlands Royal Academy Conference in Logic and Argumentation in 1995, and the two Bonn Conferences in Practical Reasoning in 1996 and 1997, and the De Morgan Conference on Logic, held in London annually since 1999.
64
DOV M. GABBAY AND JOHN WOODS
For the better part of a generation, it has been widely assumed by cognitive scientists that this latter account will prove to be a computational one. The still dominant view is that the cognizer’s mind operates as a linear symbol processor, by which mental symbols are transformed by virtue of the syntactic character of those symbols. Against this, is the view that the practical agent is a parallel distributed processor, many whose operations are parallel rather these linearly connected, and nonsymbolic or pre-linguistic. Their difference of opinion has yet to be resolved. We ourselves lean to a PDP approach if only because of its clear affinity to our fast and frugal conception of individual agency. Either way, however, further assumptions are granted and further problems are met with. Whether on the standard computational or the PDP approach there is general agreement about the modularity of mind (see, e.g., Fodor [1975]) and disagreement or to whether the mind is comprehensively modular or whether central cognition (hypothesis formation, belief revision and the various other routines of practical reasoning) can be satisfactorily modelled in computationally symbolprocessing terms. We see in this a natural relationship between the modular and standard computational approaches. Part of the promise of PDP theories is that it disrupts this rough equivalence and frees up the question of the modularity of central cognition from strictly symbolic assumptions. Another matter on which virtually all are agreed is the importance of a distinction between automaticity and control in matters of cognitive attention. Here, too, there are disagreements. There are those who hold that automatic processing does not require attention, whereas central processing is effortful and subject to voluntary control (Schneider et al. [1984]). Others (e.g., Kahneman and Treisman [1984]) distinguish between early-selection (or filtering) models of attention and late-selective models, both of which appear to be automatic and yet the second of which requires attention. Bearing on this question is the further issue of at what stage does information processing take on a semantic character. A good many cognitive scientists are of the view that semantic processing and control go hard in hand, leaving no room for automatic-belief revision. But here too the evidence of semantic processing of information lodged in unattended channels. (See Treisman [1960] for the classic paper; also Treisman [1964], Corteen and Wood [1972] and von Wright et al. [1975]. For doubts see Dawson and Schell [1982] and Treisman et al. [1974].) Among philosphers of mind, Fodor is perhaps best known for his insistence on a limitedly modular analysis of cognitive systems (Fodor [1975] and [1983]). Central cognition, he says, is holistic in design and operation, and, as such, slips entirely out of the ambit of cognitive psychology (see also Fodor [2002]). Fodor argues for the holism of central processing from the holism of science. Since holism requires comprehensive surveys of knowledge-bases (or belief-sets), and such surveys are computationally intractable, Fodor infers the computational intractability of central cognition if it had a requisitely computational structure. But central cognition actually occurs, so it cannot, he concludes, be computationally structured.
THE PRACTICAL TURN IN LOGIC
65
Our own view is that the holism of central cognition does not follow from the fact (if it is a fact) that science is holistic. There is room therefore for a non-holistic orientation in investigations of central cognition. Two such enquiries stand out. In the one, an attempt is made to link central cognition to local problem-solving heuristics that are cued automatically. In the other, evolutionary psychologists are drawn to modularist explanations on the basis of the highly structured complexity of the cognitive agent’s brain. Since an entirely holistic central cognitive system, while highly complex, couldn’t have anything like this same degree of structure, evolutionists conclude that it is more plausible to model the actual complexity of central cognition on the structured complexity of the cognizer’s brain. We find ourselves floating on the choppy seas of these interesting and interconnected disagreements. (These are nicely reviewed in Botterill and Carruthers [1999].) If they have not yet been brought to successful resolution by psychologists, how much less the imperative of definitive pronouncement by logicians. Still, the practical logic of cognitive systems carries some expressly psychological assumptions, which are caught in the cross-hairs of these rivalries. To some extent, therefore, we find ourselves pitched on one or other side of these issues. Like any psychologically real account of cognition, the computational aspects must be made compatible with the plain fact of computational tractability (indeed of low-time, high pay-off set-ups quite generally). Both PDP and comprehensively modular approaches show promise here. A psychologically realistic account of cognition must also leave room for subconscious (and possibly pre-linguistic) and largely automatic cognitive operations. Here, too, the psychological literature on attention (e.g., Parasuraman and Davies [1984]) is, even though equivocal, helpful in setting the relevant parameters. If, for example, automatic processing is not always completely non-attentional, and yet if some even non-attentional processing can be said to have a semantic character, there is room for the idea that the avoidance of irrelevance is a centrally important component of cognitive success which is achieved automatically. Consciousness is tied to a family of cognitively significant issues. This is reflected in the less than perfect concurrence among the following pairs of contrasts. 1. conscious vs. unconscious processing 2. controlled vs. automatic processing 3. attentive vs. inattentive processing 4. voluntary vs. involuntary processing 5. linguistic vs. nonlinguistic processing 6. semantic vs. nonsemantic processing 7. surface vs. depth processing What is striking about this septet of contrasts is not that, one by one, they admit of large intersections on each side, but rather that their concurrence is approximate at best. For one thing, “tasks are never wholly automatic or attentive, and are
66
DOV M. GABBAY AND JOHN WOODS
always accomplished by mixtures of automatic and attentive processes” [Shiffrin, 1997, p. 50]. For another, “depth of processing does not provide a promising vehicle for distinguishing consciousness from unconsciousness (just as depth of processing should not be used as a criterial attribute for distinguishing automatic processes . . . ” [Shiffrin, 1997, p. 58]. Indeed “[s]ometimes parallel processing produces an advantage for automatic processing, but not always . . . . Thoughts high in consciousness often seem serial, probably because they are associated with language, but at other times consciousness seems parallel . . . ” [Shiffrin, 1997, p. 62]. There is an important sense in which the logic of practical cognitive systems is not psychology. There are two ways in which to mark the boundary between a psychologically imbued logic and a logically imbued psychology. One is operational. The other is methodological. Consider first the operational approach. Recall here Quine’s quip: ‘Logic is linguistics on purpose’. This should trigger an obvious question. Why isn’t logic linguistics? Although some logicians have attempted to meet this question head-on (e.g. Quine [1960]), the answer for the most part is to be found by examining the different things that logicians and linguists actually do with the common matters that bind them. In each case the boundary between logic and linguistics is operationally discernible in the different things that logicians and linguists are interested in and good at. It is the same way with the distinction between logic and psychology. Here, too, the difference is partly an operational thing. Even when, as in the present case, the logician and the psychologist share a good many interests, our respective methodologies (what we are respectively good at) will serve to preserve the distinction non-trivially. If a logician has been mathematically trained, or has imbibed something of what goes on in computer science, he will bring to the table a competency in formal modelling. If the logician has been philosophically trained, he will bring to the table competency in conceptual analysis. In our approach, the two are systematically linked. Conceptual analyses are inputs to formal models (see below). A second way of demarcating logic from psychology takes us straight back to Quine’s remark. Logic, he says, is linguistics on purpose. What this means is that every property of reasoning in which a logician might be interested is precisely definable for linguistic structures (or for linguistic structures in relation to abstract set theoretic structures). There are two components to this: First, to select languages must be capable of instantiating the logician’s target concepts; and, second, target concepts must admit of linguistic instantiation. Accordingly, there is nothing in what we are proposing with which to reprove, still less ignore, the extraordinary success of the modern logic of linguistic structures. What it may lack in psychological reality or applicability, it more than compensates for in results that are both indispensable in describing a cognitive agent’s resources (for example, his ability to draw consequences or his partiality for consistency), and of obvious help to the theorist who describes such behaviour. So, notwithstanding the challenges that attend the formalization thesis, we disavow entirely the anti-formalist apostasy
THE PRACTICAL TURN IN LOGIC
67
indulged in by some members of the informal logic community. We have sought to recover the position that the laws of logic are laws of thought. We are not alone in this: This is a doctrine which was popular in the last [=19th] century, but is now [=1979] very much out of favour. Nevertheless, I think it is true . . . My thesis is that laws of logic are like [. . . scientific laws]. They are laws governing the structure of ideally rational belief systems . . . They can be used to explain at least some of the features of ordinary belief systems, and the theory of rational belief systems in which they are embedded provides a framework for determining what remains to be explained about of belief systems. It thus defines [Ellis, 1979, v] a research programme.
5.2
Pragmatics
A logic that is practical in our sense falls within the ambit of the pragmatic. Historically, pragmatics is that branch of the theory of signs in which there is irreducible reference to agents, to entities that receive and interpret messages. By an easy extension, a pragmatic theory of reasoning is a theory in which there is express irreducible and non-trivial reference to cognitive agents. If in turn a cognitive agent is conceived of as a certain kind of information-processor, then a pragmatic theory of cognitive agency will take this into account. Given that a logic is a principled account of certain aspects of practical reasoning, logic too is a pragmatic affair. If we ask, ‘which aspects of practical reasoning are the proper province of logic?’, we say again that the answer lies in operational arrangements. Practical logic is that part of pragmatics that investigates practical agency from the point of view of properties the logician finds interesting and is adept at analysing and modelling: properties such as consequence, deducibility, generalization, relevance, analogy, plausibility and hypothesis. As understood by a number of theorists, pragmatics is always a branch of the investigation of language. In the approach we take here, the importance of language can hardly be gainsaid. But since our emphasis is on cognitive systems, and since there are aspects of cognition that occur sublinguistically (or anyhow, subdoxastically) we are faced with a decision. One option is to reserve the logic of cognitive systems for those aspects of cognition that are linguistically manifest and to leave all else to the other branches of cognitive science. The alternative is to include the pre- or sublinguistic in logic’s reach. We do not suppose that this is a knockdown argument that decisively dismisses either of these two possibilities. Even so, the choice need not be arbitrary. Counting for the first option is the comparative manifestness of language, and the efficiencies engendered by this fact. Counting for the second option is the fact (or apparent fact) that the logician’s target properties are also definable for structures that are not in the requisite ways linguistic. So, for example, it appears that some of our inferences are sublinguistic
68
DOV M. GABBAY AND JOHN WOODS
(or subdoxastic) and that, for beings like us, evasions of irrelevant information are largely automatic. Our own inclination, therefore, is to embrace (with appropriate caution) the more generous option. Accordingly, a practical logic is that part of a pragmatic theory that deals with the requisite aspects of practical cognitive agency at both linguistic and sublinguistic levels, and for which a suitably flexible notion of information will prove necessary. It is well to emphasize that, in taking logic into a practical turn, we are not alone. Our approach, although developed independently, also shows a certain affinity to work done under the rubric of ‘the dynamic turn’, an approach to logic that emphasizes the ‘interfaces with cognitive science, and the experimental study of how information and cognition works in humans once we set ourselves to study the psychological and neurological realities underneath . . . ’ [van Benthem, 2001, p. 5].
6
PLAUSIBILITY
Practical reasoners tend to satisfice rather than maximize. So positioned, they are disposed to settle for the plausible over the demonstrably true. Equally, in much that they reason about, practical reasoners tend to settle for the presumptive rather than the certified. The practical, the plausible and the presumptive form a natural trinity which no serious logic of practical reasoning can fail to examine. In this section, we begin with plausibility. Plausibility trisects reasoning in characteristic ways. We can conceive of the plausible as that which is reasoned from and as that which is reasoned to. We can also see it as characterizing the inference link between what is reasoned from and what is reasoned to. Seen this way, a piece of reasoning may have premisses that are plausible; it may have a plausible proposition as its conclusion; and its conclusion may be plausibly inferred from its premisses. It is also notable that plausibility is ambiguous as between propositions and what we might call the “engagement of propositions”. The two are logically independent. Planck famously thought that his quantum hypothesis was radically implausible, but he conjectured it all the same, illustrating that it can sometimes be reasonable to accept (if only tentatively) the unreasonable. Given the linguistic tie between the reasonable and the plausible, a like concurrence affects the plausible. Accordingly we shall distinguish propositional plausibility from strategic plausibility. Except where otherwise indicated, our remarks here are reserved for propositional plausibility. Given its ubiquity in human reasoning, it is something of a scandal that logic has paid so little attention to the plausible. An exception is Nicholas Rescher’s pioneering work — now a generation old — on the logic of plausible reasoning [Rescher, 1976], to which, after a brief etymological aside, we now turn. In common usage, plausibility is equated with reasonableness. The equivalence originates in the concept of the reasonable (to eulogon). It comprehends Aristotle’s notion of endoxa, or opinions held by all or by most or by the wise. These are
THE PRACTICAL TURN IN LOGIC
69
opinions endorsed by, as we would say, common knowledge, or by a received view or by the experts. To eulogon is discussed by the Skeptic Carneades in the last century B.C., in the context of the evidence of the senses and the testimony of experts (See here [Stough, 1969]). A related notion is the Greek eikos which means “to be expected with some assurance”, and it may be translated as “plausibleor-probable”. Rescher claims (and we agree) that the one meaning of eikos is captured in the idea of approximate truth or verisimilitude, which “ultimately gave rise to the calculus of probability”, though this was not to be a Greek development [Rescher, 1976, p. 38 n. 1]. Aristotle contrasts eikos with apithanon, which means “far-fetched” (Poetics 1460a 27); he also distinguishes it from what is true. In criticizing his rivals, Aristotle says, “While they speak plausibly(eikatos) they do not speak what is true (aleth ¯ e¯ )” (Metaphysics, 1010a 4). Rescher suggests that the Greek identification of eikos with the probable anticipates the Latin probabilis, which means “worthy of approbation”, and he approvingly quotes Edmund Byrne. [Probability] refers to the authority of those who accept the given opinion; and from this point of view ‘probability’ suggests approbation with regard to the proposition accepted and probity with regard [Byrne, 1968, p.188]: to the authorities who accept it. For a discussion of the emergence and development of the mathematical conception of probability see, in order, [Hacking, 1975; Daston, 1988; Franklin, 2001]. It is well to note a present-day use of “plausible” in the Bayesian analysis of prior probabilities. This may or may not be a usage foreshadowed by Peirce’s understanding of the plausible. By plausibility, I mean the degree to which a theory ought to recommend itself to our belief independently of any kind of evidence other [Peirce, 1958, than our instinct urging us to regard it favorable. 8.223]. Rescher suggests that Peirce’s notion “seems closer to the idea of an a` priori probability” than to the idea of being worthy of approbation [Rescher, 1976, p. 39, n. 1]. In this we disagree.
6.1
Axioms for Plausibility
A central idea in Rescher’s approach is plausibility indexing. The integer 1 denotes total reliability and gives effective certainty. Rescher rates disciplines such as logic and mathematics as having reliability-value 1. In all other cases, 1-n/n, n-1/n, n-2/n, . . . , 1/n denote diminishing degrees of positive reliability. Thus even the least reliable of sources is reliable to some extent. 1/n denotes minimal positive reliability.
70
DOV M. GABBAY AND JOHN WOODS
Corresponding to a reliability index for sources is that of a plausibility index for sets of propositions. Such sets Rescher calls p-sets; they are sets of propositions endorsed by sources of positive reliability. Indexing of p-sets S is subject to the following axioms. By Axiom 1 (metrization) every proposition in S has a logical value k (0 ≤ k ≤ 1). Axiom 2 (L-truth maximization) provides that every truth has plausibility values 1. By Axiom 3 (compatibility), all propositions of plausibility 1 are mutually co-tenable. Axiom 5 (consequence) provides that for any consistent sets Σ of proposition in S and any proposition in S and any proposition in S entailed by it, the entailed proposition cannot have a lower plausibility value than any proposition in Σ. Axiom 5 permits that a proposition and its negation can have plausibility values as high as they come, short of 1. By Axiom 6, differentially plausible rival propositions are to be adjusted in favour of the higher (highest) plausibility value. (But see the section to follow). Rescher’s aximatization of an elementary propositional language for plausibility is attractive in a number of respects. But it also exemplifies the distorting tug of a theorist’s formalism. All formal models occasion distortions. When the model is good, the distortion is tolerable, or even better; for it might correct a prior belief naively held. In the present case, we find some of the distortions to be regrettable. By the doctrine of plausibility indexing, Rescher is able to say that the truths of logic and mathematics have the highest plausibility. This is contradicted by the long history of logic and mathematics, in which a pivotal role of proof is to demonstrate the truth of (even the wildest) implausibilities. The concurrence in Rescher’s account with the most true and the most plausible is occasioned in part by the need to engage the machinery of a smooth formalism. It is also explained in part that Rescher’s main purpose is not to produce a conceptually wholesome account of plausibility, but rather to construct an elementarily useful model of belief revision in inconsistent contexts (concerning which, see below). But unless Rescher’s plausibility bears some affinity to the real thing, the model of belief revision will do its work blindly. So we think it necessary to point out the actual tension between the most plausible and the most true. Accordingly, PROPOSITION 23 (L-truth maximization). Rescher’s Axiom 2 substantially misstates the relationship between the most true and the most plausible.27 We see in this a conflation between plausibility and reliability. Suppose that it could be said that logic and mathematics are the most reliable disciplines. Then, perhaps it wouldn’t be too much of a stretch also to say that propositions determined to be true by the methods of logic or mathematics are, in this same sense, the most reliable of propositions. If we did agree to say these things, they would not give us the slightest reason also to say that the propositions of logic and mathematics are the most plausible propositions. Accordingly, a metrization that ranked disciplines (and their claims) according to their reliability could not in general be 27 Similar
reservations extend to Hailperin’s account of plausibility measures. [Hailperin, 2004, p. 50–55:esp.51]
THE PRACTICAL TURN IN LOGIC
71
supposed to constitute an acceptable ranking of their plausibility. This bears on Rescher’s entire enterprise. PROPOSITION 24 (The plausible and the reliable). Rescher’s formalization of plausibility exhibits a systematic confusion between the reliable and the plausible. We close this subsection with a brief word about Rescherian plausibility-consequences. Axiom 5 honours the basic structure of standard consequence relations in logic: In a true statement of consequence, the antecedent cannot have a higher value than the consequent. It might be natural to think that plausibility is closed in this way under consequence. But it isn’t. Consider a case. Harry is under investigation for the murder of Lou. At present, the case against him is inconclusive. A proof of motive is not required for a criminal conviction, but often police and prosecutors seek such a proof for the reassurance it appears to give to juries. The investigating officer ruminates as follows. 1. It is quite plausible that Harry bore Lou ill-will. 2. It is fairly plausible that Harry would operationalize his ill-will in some way. 3. So there is some slight plausibility that Lou’s death came about for these reasons. Not only is the stronger plausibility of the premisses not preserved in the (wholly reasonable) inference, but the reasoner himself marks this fact by the placement of qualifications on the imputed plausibilities: quite plausible in (1), fairly plausible in (2), but only slightly plausible in the conclusion. PROPOSITION 25 (Plausibility and consequence). plausibility.
Rescher’s Axiom 5 fails for
C OROLLARY 25( A ) Axiom 5 is more reasonably construed as a reliability axiom. A number of theorems are provable from the Rescher axioms. Here are some of the more important ones. Proofs are easily reconstructed and are here omitted. Theorem 1 If Q follows from P , then P ’s plausibility value cannot be greater than Q’s. Theorem 2 Interdeducible propositions have the same plausibility values. Theorem 3 For any P , Q and P ∧ Q S, the plausibility value of P ∧ Q = the lesser of those of P and Q. In symbols | P ∧ Q |= min[| P |, | Q |] Theorem 4 For any P , Q, and P ∨Q S, max[| P |, | Q |] ≤| P ∨Q | Theorem 5 For any P , Q, P ∧ Q, P ∨ Q S, if | P |=| Q |, then | P ∧ Q |=| P |=| Q |≤| P ∨ Q | Theorem 6 For all a, | ∀x(F x) |≤| F a |; and | F a |≤| ∃x(F x) |.
72
DOV M. GABBAY AND JOHN WOODS
P-sets are not subject to deductive closure. However, when a p-set is consistent it is possible to extend the plausibility index of S to cover S’s deductive closure. Let P be a consequence of S (which may or may not occur in S). Then the sequences P11 , P21 , . . . , Pn11 P12 , P22 , . . . , Pn22 P1i , P2i , . . . , Pni i are the propositions in S that imply P in the various rows of a plausibility matrix. Then to determine the plausibility index of the deductive closure of P , select the maximum of the minima minj Pji for each such sequence. Thus | P |= maxi minj Pji The inconsistency of S is another matter. In the case of an inconsistent p-set S, “the automatic addition of logical consequences must be avoided.” Plausibility screening (see below) is Rescher’s most general method for handling inconsistent p-sets, although other possibilities are also discussed [Rescher, 1976, ch. 5 and 6]. Since our main interest in this section is the explication of plausibility, we shall not expound these alternative possibilities. Central to Rescher’s conception, as with some of the ancients, is that the reasonable is not to be equated with the probable in its Bayesian sense. The difference between plausibility and probability is attested to in a number of ways, some of the more significant of which are their respective treatments of the logical operators. The calculus of plausibility (as Rescher calls it) is not closed under negation. If | P | is known, this is not generally sufficient for the determination of | ¬P |. But the probability of ¬P = 1− the probability of P . The negation operator always raises or lowers the probability of the proposition negated; and probability always degrades conjunctive probability. Thus, where P and Q are independent, P r(P ∧ Q) = P r(P ) × P r(Q). But negation does not in general raise or depress plausibility nor does conjunction degrade plausibility. Nor is P r(P |Q) definable when Q is inconsistent, whereas inconsistent sets are freely open to plausibility indexing. 7
CONFLICTING PLAUSIBILITIES
A fundamental fact about plausibility is: PROPOSITION 26 (Plausibility negation). The negation of a plausible proposition is not necessarily implausible. C OROLLARY 26( A ) The negation of a plausible proposition might be as plausible as it.
THE PRACTICAL TURN IN LOGIC
73
These things being so, PROPOSITION 27 (Plausibility adjudication). The adjudication of rival plausibilities frequently, if not typically, cannot be achieved merely by picking the most plausible of them. (Cf. axiom 6 just above). There are further respects (as we have seen) in which plausibility logics differ from standard probability logics. Since both are theories of ampliative inference, it is not unnatural to assume that they are rivals. But this is not the spirit in which Rescher develops his account of plausibility. Its motivation is considerably more circumscribed. Classical logic tells us that inconsistency is a disaster. Standard probability can no more handle inconsistency than a number can be divided by zero. Rescher seeks a principled answer to the question of how best to select consistent subsets of beliefs from inconsistent sets. Accordingly, Rescher wants a paraconsistent theory of belief-revision. Rescher sees plausibility as essentially tied to authoritative sources, of which expertise is an important instance. One of the more dramatic things about experts is that they disagree. How might these disagreements be resolved? Rescher assumes that experts on a given subject form a poset under the partial order “has greater expertise than”. Plausibility in turn can be construed in ways to be detailed below. Suppose that an authority or group of authorities has made a number of pronouncements, and that the set of propositions vouched for by these authorities is collectively inconsistent. Suppose further that we can rate the plausibility or reliability of these authorities in some comparative way. Is there a rational way to deal with such a situation? One such procedure, developed by [Rescher, 1976], is called plausibility screening. Rescher’s method is to scan the maximally consistent subsets of the inconsistent totality and give preference to those that include the maximum number of highly plausible elements. This general process can also function in other ways. For example, for some purposes we might want to give preference to those sets that include as few low-plausiblity elements as possible. It depends on whether our goal is to maximize overall plausibility or minimize overall implausibility. The two policies are not identical. Suppose that we are given a fragment of what appears to be a thirteenth-century manuscript on logic. It has been examined by three experts on historical manuscripts on the logic of this period, Professors, X, Y , and Z. Let us say that we can rate their respective pronouncements on a scale of one to ten as follows: X has a comparative reliability of 8, Y has a rating of 5 and Z a rating of 2. (Even though Z’s rating is low, it must be emphasized that Z is a bona fide expert, and that is low rating is a comparative matter.) Professor Y ventures the opinion that the manuscript was authored by William of Sherwood, the thirteenth-century Oxford logician, or by William of Ockam, his near contemporary. Professor X asserts that if the document were authored by William of Sherwood then it would definitely make reference to Aristotle’s doctrines on logic. But, he adds, no such reference to Aristotle is made. Professor Z points out that if the document was authored
74
DOV M. GABBAY AND JOHN WOODS
by William of Ockam, then from what we know of William of Ockam, it would include references to Aristotle’s doctrines. We are supposing, then, that these authorities vouch for the following propositions: Authority X (who has a reliability value of 8): A ⊃ B, ¬B Authority Y (who has a reliability value of 5): A ∧ C Authority Z(who has a reliability value of 2): C ⊃ B, here A = The manuscript was authored by William of Sherwood. B = The manuscript makes reference to Aristotle’s doctrines on logic. C = the manuscript was authored by William of Ockam. We now put it that the reliability rating of a proposition is the same as the reliability rating of the expert who vouches for it. The sets of given propositions, {A ⊃ B, ¬B, A ∨ C, C ⊃ B}, is inconsistent, as a truth table will show, but it has four maximally consistent subsets as follows: 1. {A ∨ C, A ⊃ B, C ⊃ B}, rejecting ¬B 2. {A ∨ C, A ⊃ B, ¬B}, rejecting C ⊃ B 3. {A ∨ C, C ⊃ B, ¬B}, rejecting A ⊃ B 4. {A ⊃ B, C ⊃ B, ¬B}, rejecting A ∨ C. Notice that (1) and (3) both reject one of the highly rated pronouncements of X. Therefore, given that we want to maximize plausibility, we can eliminate both (1) and (3) as candidate subsets. Looking at the remaining two subsets, we see that we have a choice between rejecting C ⊃ B (which has reliability (2)) and A ∨ C (which has reliability (5)). Again, since our policy is to maximize plausibility, we will want to reject any alternative that excludes propositions of relatively high reliability. So the choice here is straightforward as well. We reject (4) because it excludes A ∨ C, a proposition that is more reliable than C ⊃ B, the proposition excluded by (2). All told, then, the most plausible maximally consistent subset is (2). Thus, on this model, the rational way to react to inconsistency in this instance is to accept the pronouncements of X and Y and reject the opinion of Z. Note that the plausibility of (2) suggests that the manuscript was indeed authored by William of Ockam, since (2) logically implies C. In our example, we selected the most plausible subset by pruning the original, inconsistent set of data. We identified the most plausible maximal consistent subset of S as that which excludes propositions of least reliability. The method of plausibility screening tells us even more, however. If we look at (2) and (4), the preferred subsets of our example, we see that the two propositions A ⊃ B and ¬B each appear in both (2) and (4). In other words, no matter which of (2) or (4) we decide to accept, we are going to accept A ⊃ B and ¬B. These two propositions
THE PRACTICAL TURN IN LOGIC
75
therefore constitute something akin to a “common denominator.” We also see that in this case the pronouncements of X have a certain preferred status: no matter whether we reject the opinions of Z by rejecting (2), or reject the opinions of X. Plausibility screening also tells us that (2) is not consistent with (4), as a truth table will show, and thus that we must choose between (2) and (4). As we say, in this case it is preferable to select (2); but in choosing either (2) or (4) we will still be accepting the common subset {A ⊃ B, ¬B}. We could bend our example to form an illustration of a tie: suppose that Z is assigned a reliability value of 5. The (2) and (4) would be tied. Whichever set we rejected, we would be rejecting a proposition of value 5. Both (2) and (4) are preferable to (1) and (3), but we cannot narrow the field down to one proposition. In this context, the best we can say is that we will want to accept {A ⊃ B, ¬B} because it is common to both (2) and (4). Here is a second example, which we develop in a little more detail. Suppose we have the following pronouncements of three authorities, X, Y , and Z: Authority X (who has a reliability value of 9): A ⊃ B, ¬C Authority Y (who has a reliability value of 7): B ⊃ C, ¬A Authority Z (who has a reliability value of 2): A ∨ B, ¬(A ∧ B). First, we construct a truth table with a column representing the truth values for each proposition in the set of propositions stated by the experts:
(1) (2) (3) (4) (5) (6) (7) (8)
A T T T T F F F F
B T T F F T T F F
C T F T F T F T F
A⊃B T T F F T T T T
¬C F T F T F T F T
B⊃C T F T T T F T T
¬A F F F F T T T T
A∨B T T T T T T F F
¬(A ∨ B) F F T T T T T T
Second, we can scan the truth table and highlight all combinations of true propositions, omitting only those that are proper subsets of others. Some rows, like (1), (2), (3), and (7), will have true propositions in them, but these patterns of true propositions will already be included in one or more of the other rows. For example, the true propositions in (1) form a subset of those in (5); the true propositions in (2) form a subset of those in (6); the true propositions in (3) form a subset of those in (4); and the true propositions in (7) form a subset of those in (8):
76
DOV M. GABBAY AND JOHN WOODS
(1) (2) (3) (4) (5) (6) (7) (8)
A T T T T F F F F
B T T F F T T F F
C T F T F T F T F
A⊃B T T F F T T T T
¬C F T F T F T F T
B⊃C T F T T T F T T
¬A F F F F T T T T
A∨B T T T T T T F F
¬(A ∨ B) F F T T T T T T
Third, we look at the truth table, one row at a time, and list those propositions that are true in each highlighted row. For example, in (8) we see that the following propositions are true: A ⊃ B, ¬C, B ⊃ C, ¬A, and ¬(A ∧ B). Reading off the true propositions for the remaining rows that contain highlighted propositions, we find that we have a total of four maximally consistent subsets: (4) {¬C, B ⊃ C, A ∨ B, ¬(A ∧ B)} (5) {A ⊃ B, B ⊃ C, ¬A, A ∨ B, ¬(A ∧ B)} (6) {A ⊃ B, ¬C, ¬A, A ∨ B, ¬(A ∧ B)} (8) {A ⊃ B, ¬C, B ⊃ C, ¬A, ¬(A ∧ B)} Fourth, for each such maximally consistent subset, we list at the right those propositions of the original set that are not included. (4) {¬C, B ⊃ C, A ∨ B, ¬(A ∧ B)}, rejecting A ⊃ B, ¬A (5) {A ⊃ B, B ⊃ C, ¬A, A ∨ B, ¬(A ∧ B)}, rejecting ¬C (6) {A ⊃ B, ¬C, ¬A, A ∨ B, ¬(A ∧ B)}, rejecting B ⊃ C (8) {A ⊃ B, ¬C, B ⊃ C, ¬A, ¬(A ∧ B)}, rejecting A ∨ B. Fifth, we scan the maximally consistent subsets in order to construct a preference ordering. The general rule here is that any set that rejects a highly reliable proposition should be eliminated. Clearly we can eliminate (4) because it rejects A ⊃ B, which has a value of 9. Likewise (5) must be eliminated because it rejects ¬C, which also has value 9. That leaves (6) and (8). Here the choice is also clear. Row (6) rejects B ⊃ C (which has a value of 7), whereas (8) rejects only A ∨ B (which has a value of 2). On the policy that plausibility is to be maximized, we therefore eliminate (6) and accept (8). Sixth, in the event of a tie, we look to see if there is a “common denominator” subset that should be accepted even if it is necessary to reject all of the maximally consistent subsets. Looking over the maximally consistent subsets, we see that the subset {A ⊃ B, ¬C, ¬A, ¬(A ∧ B)} is common to both (6) and (8). Furthermore, we see that {¬(A∧B)} is common to all four maximally consistent subsets. These common components could serve as tiebreakers, although in this case this is not necessary — (8) stands out as the clear winner. Nonetheless, it is interesting to note that despite its low individual plausibility, ¬(A ∧ B) is highly acceptable because it is “carried along” in (8) and in every other maximally consistent subset.
THE PRACTICAL TURN IN LOGIC
77
Finally, there may exist undecidable cases. If authority X says P and authority Y says ¬P , and if both authorities are equally reliable and this is all the information we are given, then plausibility screening will not tell us which proposition to accept. It is simply a stalemate, and we have to wait for more information before making our decision about whether to accept or reject P . The first thing to notice about this approach to the adjudication of rival plausibilities is that the reliability values used in our examples are not intrinsic to the account. As formulated, the logic of plausibility screening may appear to allow for cases in which the reliability values of the experts are all so low as to making the winning maximal consistent set one of very low plausibility, intuitively speaking. But this is a misconception. By the construction of the screen, all the participants are genuine experts and each of their pronouncements is plausible to a degree that could warrant acceptance, however provisionally. Critics of Bayesianism will no doubt be quick to see a similar weakness in the theory of plausibility screening. Just as there appears to be no general and direct way to assign prior probabilities, the same would appear to be the case for prior plausibilities, or what Rescher calls plausibility-indices. It is true, of course, that in real-life we make these assignments when we are confident that they give approximate expression to our intuitive judgements or our commonsense estimates of which is the greater expert. But, it remains the case that there is no general method for plausibility indexing even for classes of human claimants to expertise. Beyond that, it matters that what we take as plausible ranges far beyond the reach of any human expert — a point to which we shall briefly return. Perhaps the greatest difficulty with setting prior plausibilities lies in the claim that, in the absence of a general method, we do this intuitively or under the guidance of commonsense. What can “intuitively” mean here, if not “in ways that we find plausible”? And what can the guidance of commonsense be here, if not the counsel afforded by our judgements of characteristicness? Either way, we import the notion of plausibility into our account of how to set prior plausibilities. The ensuing circularity requires that we cannot embed these plain truths in our account of plausibility. This is significant. It leaves plausibility theory impotent to lay down principled conditions on plausibility indexing. On the positive side, the theory of plausibility adjudicates conflicting expert testimony eucumenically and realistically. Instead of an all-or-nothing favouritism for the total testimony of the most qualified expert, the theory seeks to accept the biggest part of the combined testimony of all the experts that it consistently can at the lowest cost (i.e., rejecting claims of least plausibility). Even so, while the idea of saving as much of the joint testimony of all the experts that consistency and plausibility-cost will allow may be a good one, Rescher’s specification of how this is achieved is problematic. Consider two cases. Experts X and Y have been sworn in a criminal trial. Each gives psychiatric testimony concerning the question of diminished responsibility. X has an expert ranking of 8, and Y has a ranking of 7. In the first case, X and Y agree on everything each other says save for one proposition (e.g., that the
78
DOV M. GABBAY AND JOHN WOODS
defendant had at most diminished responsibility for his action). In that case, the nod goes to X’s testimony. In a second case, everything is as before except that X and Y disagree on everything each other testifies to. Here the nod also goes to X. More generally, in all such cases, the nod goes to the most highly ranked expert except when one of them introduces testimony which is neither repeated nor denied by the other. Doubtless there are lots of real-life cases in which this is so. But as our examples show there are other cases in which the method of amalgamation is just the all-or-nothing strategy in favour the most highly ranked expert’s total evidence. 8
ABDUCTION
A common problem for a cognitive agent is one in which a cognitive target cannot be hit with what that agent presently knows. Let us call this the ignorance problem. This is sometimes supposed, falsely, that the agent in question has but two options when confronted with an ignorance problem. In the first, he acquires some new knowledge and thereupon achieves his goal; in other words, he overcomes his ignorance. In the second, he fails to solve his problem with such new knowledge as comes to him or which might be forseen by him; whereupon the problem is set aside, subject to possible revival if he gets lucky. In such a case, his ignorance overcomes him. There is a third option. It yields the first half of option two, but demurs from the second half. It involves engaging an hypothesis on the grounds that were it to be true (and were it to be an object of knowledge for him) his cognitive target would be attained. In other words, the agent makes some progress towards attaining his target, but does so without removing his ignorance. This he is able to do because he attains his target presumptively. Deduction is truth preserving. Induction is probability/enhancing. Abduction is ignorance preserving. Accordingly, an ignorance problem is an abductive problem when there is an abductive solution for it. In its most rudimentary form, abductive reasoning can be schematized as follows. Let T be a cognitive target of agent X and let K be X’s concurrent knowledgeset. Then X has an ignorance problem in regard to T if T cannot be attained from any subset of K. In all known treatments of abduction, it is taken as sufficient for this last condition that for some proposition Q and some consequence relation and and subset k of K, k Q The ignorance problem is abductively resolvable only if, for some proposition H ∈ K, there is a k H such that kH Q where k H is any subset of K that both contains H and is adjusted in whatever further ways may be appropriate to that addition. In short, K H is the H-version of
THE PRACTICAL TURN IN LOGIC
79
K, and k H is any subset of K H that retains H as member. A further requirement is that the fact that k H Q is taken as prima facie grounds for detaching H presumptively. In most accounts of abduction, there are additional constraints that H must negotiate, one of the more important of which is that H be sufficiently plausible, whether propositionally or strategically. We reflect H’s presumptive and provisional character in representing it by the eighth letter of the alphabet. (Think of ‘H’ as abbreviating ‘hypothesis’.) With H now detached, it is eligible for use as a hypothesis in subsequent reasoning. But since H has been detached presumptively, the reasonings in which it serves as a hypothesis must itself be presumptive. In the example at hand, we have it then that (1) K (2) H (3) K H Q Given that H revises K, we also have it that (4) K H Accordingly, we also have it from (3) that (5) k H Q and from (4) that (6) k H Whereupon, Q. Our elementary notation considerably under-reflects the presumptive character of the inference to Q. It fails to capture the important sense in which consequence is presumption preserving. PROPOSITION 28 (Preservation of presumption). If proposition A is a consequence of an irredundant set of priors containing at least one H then A is deducible from that set only as a presumption. In the interests of space, we won’t here adjust the notation to better reflect Proposition 28. We can now see why abduction is ignorance preserving. It is a response to a problem that is triggered by ignorance. The problem is solved not by the agent’s knowledge of Q but rather his (reasoned) presumption of it. In the beginning, the agent wanted to find a Q whose knowledge would enable him to attain his cognitive target T . But in the absence of that knowledge, he makes do with Q presumptively, because he can get from what he knows together with what he presumes. In the end, he attains his target, but he attains it not with the certainty of knowledge, but rather with the tentativeness of presumption. We now are in a position to reveal an important connection between abduction and practical reasoning.
80
DOV M. GABBAY AND JOHN WOODS
PROPOSITION 29 (Abduction as practical). In as much as abduction is ignorancepreserving, it is a form of reasoning that reflects practical reasonings suboptimal orientation. The fuller story of abduction is a complex one (see [Gabbay and Woods, 2005]), but in what we expose here we hope to make clear the central roles of the plausible and the presumptive. In this connection, consider the following case. We call it the case of The Open Door. It is late afternoon on an overcast November Thursday. Harry arrives home at his usual time, and parks his car in the garage at the end of the back garden. Sarah, his school-teacher wife, always comes home about an hour later. Harry’s practice is to enter and leave the house through the back door. But since the garage is only big enough for a single car, Sarah parks in the street in front of the house, and enters and leaves the house through the front door. Dora helps with the cleaning every Tuesday morning. Apart from her, no one but Sarah and Harry have occasion to be in the house or the means to gain entry; the couple’s children are adults and have left the family home long since. Having parked his car, Harry leaves the garage and makes his way along the path to the back door. He hasn’t taken many steps before he sees that the back door is wide open.
8.1
The Element of Surprise
The open door is the trigger of an abduction problem. We stipulate that the trigger was counterexpected for Harry. It is not just that ‘the door is [or will be] open’ was not in Harry’s K-set before the trigger presented itself; rather the K-set contained at that time the fact that the back door is never open under these conditions (weekday, end of the day, before Harry arrives home, when Dora’s not there, etc.).28 The case, therefore, incorporates the Peircean element of surprise. The immediate significance of the counterexpectedness of the trigger is that it gets Harry’s attention and constitutes a problem for him. It is far from universally the case that the presence of counterexpected situations is a problem for those who discover them. So we must provide that Harry’s K-set at the moment of discovery contains not only, ‘The door is never open’, but also, ‘The door is not supposed to be open’. We now have the means to motivate the open door as problematic for Harry. An abductive trigger is not just an occurrence of which an agent is conscious. It is often an occurrence of a type that rises to a second grade of statistical abnor28 Formally, let ∆ be the non-monotonic database available to Harry at the moment of observation. We have ∆ ∼ | door closed. Harry observed ∼ door closed. A revision is needed. Compare this case where ∆ |∼ A and ∆ |∼∼ A and A is observed. Then an explanation is needed. The ‘story’ will not admit as ‘acceptable’ taking A itself as explanation.
THE PRACTICAL TURN IN LOGIC
81
mality. It is an event whose occurrence is not only noticed and attended to by the agent; its occurrence is uncharacteristic in some sense. Accordingly, DEFINITION 30 (Surprise, first pass). Something is a surprise for an agent, in Peirce’s sense of “surprise”, if it is both unexpected and uncharacteristic. We should not over-blow the element of surprise. A surprising event may astonish us, bowl us over or mystify us, but none of this is essential to Peirce’s notion. A surprise in his sense is something unexpected and out of the ordinary. Unexpectedness here is an epistemic notion. Something is unexpected when its occurrence is something that one would not have known about; it is something that could not have been forecast solely on the basis of what one knew at the time. This leaves it open that an event that is unexpected in this epistemic sense might have been expected in some other sense. (Perhaps the agent in question had a hunch that this event would occur). Similarly, a good many more things are uncharacteristic than any agent will actually find to be so. We must amend the definition of surprise to take this fact into account. So DEFINITION 31 (Surprise refined). An event or state of affairs is a surprise for an agent X when its occurrence is not something that X would have known and whose occurrence X finds to be uncharacteristic in some way. The factor of uncharacteristicness is necessary if any notion of surprise is to lay claim to a pivotal place in the logic of abduction. Surprising events are those whose occurrence puts an agent at an epistemic disadvantage. Unexpectedness is not in general a marker for this. Most of the things whose occurrence an agent comes to recognize as something he wouldn’t have known about are met with a certain passivity. Most of what happens is unknown to everyone. When they become known, most retain the feature that although known now, they wouldn’t have been known earlier. The epistemic disadvantage that a surprising phenomenon creates for an agent is not that it is not known. (Now it is known, and that, we should think, represents a change from what wasn’t known to what is. How can there be any epistemic disadvantage in this?) The proposed factor of uncharacteristicness is supposed to help answer this question. It is meant to indicate that the occurrence in question places the agent at a disadvantage in respects other than what he presently knows of it. For this to be true, there must be something an agent would desire to become aware of over and above his now present knowledge that the event in question has occurred. Accordingly, the occurrence of an event or the presentation of a state of affairs will count as a Peircean surprise if, in spite of the fact that its occurrence is now known, it presents the agent with an additional cognitive target which cannot be hit with what is now known. But how does it come to be the case that uncharacteristicness is a marker for this? There is both a general and a particular answer. The general answer is that the acquisition of new knowledge is not typically the generator of this kind of collateral cognitive effort. Consider some cases. Sarah, reading from the paper, tells Harry that the Berlin Philharmonic will play next
82
DOV M. GABBAY AND JOHN WOODS
month. “Good”, says Harry. “I’ll get tickets”. Or, you look out the window and see that it’s snowing. “More snow”, you mutter (it is January). The absorption of new knowledge is dominantly passive in this sense. The reason is partly economic. No one has time to launch a supplementary enquiry every time something new chances to be known. Collateral cognitive effort is therefore uncharacteristic. What is characteristic in the general case is the passivity of cognitive agents towards the new. In particular cases — this is our second point — the uncharacteristicness pertains more directly to the event itself. Thus Sarah would not be home to-day, it would not be snowing in January in Honolulu; and so on. It suffices for the requirements of the Peirceian notion of abductive surprise that uncharacteristicness in either sense be in play. Harry wants to figure out ‘what’s going on here!’. To this end, he determines a space of candidates (though his determination, let us note, might well be virtual). The candidates are candidates for the role of what explains or might explain the trigger-event. Since the trigger presents Harry with a problem, we can say equivalently that the space of candidates contains alternative resolutions of Harry’s abduction problem. It is an empirically pressing question as to how big, and how varied, candidate spaces actually are or could be. One fact about Harry’s present situation is that his active candidate space is very small. Yet the number of states of affairs which, if they obtained, would explain Harry’s trigger-datum is very large. Harry’s actual candidate space is a meagre proper subset. This the model must take into account. To this end, we put it that Harry has intermingled his interest in explanation with a relevance logic. A relevance logic in the sense required here has little directly in common with what relevant logicians occupy themselves with — viz. the consequence and consistency relations (e.g., Anderson and Belnap [1975], [Read, 1988; Dunn, 1994; Woods, 1989]), but rather is a logic in the sense of a set of algorithms which enable the human agent to discount, for the most part automatically and with considerable alacrity, information unhelpful to a task at hand. (See [Gabbay and Woods, 2003]). Setting a candidate space for an abduction problem involves performing a reduction from sets of potential explainers to sets of candidates for the status of actual explainer. It is an abductively sensitive instantiation of the more comprehensive operation of cutting down from irrelevant although theoretically applicable information to information relevant to whatever the task at hand happens to be. Again, we emphasize that there is little known empirically about how these processes work. Relevance in our sense is not a dyadic relation on sentences. It is a set of triples I, X, A, informally interpreted to mean: Information I is relevant for agent X to the extent that it advances or closes X’s agenda A [Gabbay and Woods, 2003]. Because these processes occur with great speed and mainly automatically, and because they produce such selectively scant outputs, we think of the human reasoner in such circumstances as activating instrumental (and perhaps causal) al-
THE PRACTICAL TURN IN LOGIC
83
gorithms. Accordingly, the model posits an explanation program and a logic of relevance, a primary function of which is to fix candidate spaces in appropriately economical ways. We return to our case. Harry is perplexed. The door is open when it shouldn’t be. What’s happened? Perhaps Sarah has come home early. Maybe Dora couldn’t do her chores on Tuesday, and has decided to make things up today. Or perhaps Harry, who is the regular user of the back door, forgot to close it when he left the house this morning. On the other hand, it could be a burglar! We identify these four alternatives by the obvious names. Harry’s candidate space is the set {Sarah, Dora, Harry, Burglar}.
8.2 Plausibility Again The description continues: Harry entertains the candidate Sarah. No, he thinks, Sarah is at school. She never comes home before 5.30 and it’s only about 4.40 now. Harry also rejects Dora. Dora hasn’t missed a Tuesday in years and years, and, in any case, she would have mentioned it if she were planning to come today. As for Harry, Harry recognizes that he is sometimes forgetful, but he’s never been forgetful about shutting he door when he leaves for his office. This leaves Burglar. ‘Oh, oh’, says Harry ‘I think this might be a break-in!’. Harry has riffled through the candidate space and has rejected Sarah, Dora and Harry. The rejections are judgements of implausibility, each rooted in what appears to be a belief about what is generally the case. It is not impossible that Sarah is in the house, but it is implausible because she never is in the house at this time on a weekday. We note that generality claims are not restricted to classes, but can apply with equal effect to individuals. Of course, like all such claims, these are generalizations that license defaults for Harry; each is made in at least implicit recognition that they needn’t be disturbed by true negative instances. That being the case, the imputed generality is not one of universally quantified conditionality but something slighter. There are two candidates to consider. One is that the utterance in question expresses a generic claim. The other that it expresses a claim about what is usual. (We take up their difference below.) The inference that it isn’t Sarah since Sarah never is at home at such times, is made in recognition of its requisite defeasibility. This suffices to make the rejection of Dora a rejection founded on implausibility. Accordingly, we might posit for Harry a plausibility logic. It suggests that Harry possesses an inference schema to the effect that
84
DOV M. GABBAY AND JOHN WOODS
PROPOSITION 32 (Implausibility). If S is in an agent’s candidate space with regard to an abduction problem A, and the agent holds a generic claim G concerning the subject matter of S, and G is incompatible with S, then X infers that the (propositional) implausibility of S’s occurrence defeasibly disqualifies it at a solution of A.29 Having reasoned in the same way with regard to Sarah and Harry and provided that Harry’s candidate space has taken in no additional members, Harry opts for Burglar (see just below). Speaking more realistically, he finds himself in the grip of Burglar. He not only “thinks” that it may be so; he is seized with apprehension that it may be so. (This is reminiscent of Peirce’s “insistence of an idea”). We may now say that Harry’s plausibility logic contains an Eliminative Induction Rule in the manner of Bacon, which he applies at his problem’s resolution point: Elim Induction Either Sarah or Dora or Harry or Burglar. Not Sarah and not Dora and not Harry. Therefore Burglar. At a certain level of abstraction there is no harm in assuming an application of Elim Induction. Something like it, though different, is actually in play, since ‘not X’ here means ‘X is not a plausible solution of . . .’, and so does not strictly negate X. We note in passing, however, that Harry’s problem does not have the more complex structure of a Rescher adjudication problem. In Rescher’s account, the resolution conflicts among rival testimonies is rarely a matter of picking one to the exclusion of all that conflicts with it. But here the resolution does tend to be one-against-all. Candidate spaces have the potential for looping. If Burglar is the only candidate not yet eliminated from Harry’s space, then if Harry sufficiently dislikes Burglar, he may find that the candidate space has taken in a new member, e.g., ‘The Sears man has come’. We put it that the structure of explanation will tolerate only low finite looping at most. Another possibility is retraction. Harry might dislike Burglar and find that he has revisited, e.g., Sarah. Here, too, an explanation will permit only low finite oscillation. In general it is realistic to allow for options in addition to the one-option or no-option approach. By and large, the failure to find an option which the abducer likes is a trigger of (cautious) investigative actions.
8.3
A Resolution Point
Harry’s solution of his abduction problem involved the elimination of all candidates but one. Sarah was eliminated by the generalization, ‘Sarah is never ever home early’, (GS let’s call it), Dora by its corresponding GD , and Harry by GH . 29 It
is well to bear in mind the inhibitory force of Proposition 26 above. since a given proposition might be as implausible as its negation, the defeasibility of Proposition 32 is a seemly caution.
THE PRACTICAL TURN IN LOGIC
85
This leaves Burglar, or B for short. Harry plumped for B. But why? B too is attended by its own GB , ‘Burglaries don’t occur in this neighbourhood’. Why didn’t GB cancel B, just as GC cancelled C, GD cancelled D, and GH cancelled H? It is evident that Harry’s eliminations have left him with the following termination options: T O1
GB cancels B, and there is neither retraction nor looping. The abduction problem crashes.
T O2
GB cancels B and either retraction or looping occurs. The abduction problem is renewed short of resolution.
T O3
Although B is a negative instance of GB , it does not cancel it (recall that GB is a generic claim), and there is neither retraction nor looping. B solves the abduction problem.
8.4 How to get Determinacy out of Indeterminacy It is necessary that the plausibility logic give abducers the means of selecting from multiples such as {T O1 , T O2 , T O3 }. How does an abducer know when to bet his confidence in the exhaustiveness of his candidate space against the fact that the solving candidate is a negative instance of generic claim in which the abducer also has confidence? Or how does he know when to bet in reverse; that is, when to bet his confidence that the last surviving member of the original candidate space is indeed cancelled by the generic claim of which it is a negative instance? Similarly, how does the abducer know when and when not to retract a prior decision of candidate cancellation in order to evade selection of a T Oi that involves a candidate which is not only a negative instance, but which he now thinks is cancelled by it? It is useful to repeat that our present purpose is to model Harry’s actual case. In real-life abductive situations, such as that of Harry, it is rarely helpful for Harry to ask himself why he went the T Oi -route rather then the T Oj -route. There is ample evidence that the routines of actual abductive practice are not much accessible to human introspection. So the question before us constitutes an abduction problem all of its own for the theorist who is trying to figure out Harry’s abductive situation. We put it that the plausibility logic favours the following inference schema which, we emphasize, can only have defeasible legitimacy. The Auto Rule To the extent the option that has an element of autoepistemic backing. For example, in the case we are investigating, the generality claims about Sarah’s never coming home early, is likely to be underwritten by two factors of autoepistemic significance. One is that if it were indeed true that Sarah never comes home early, this is something that Harry would know. And if today were to be an exception to that rule, this too is something that Harry may well have knowledge of.
86
DOV M. GABBAY AND JOHN WOODS
Autoepistemic inferences are presumptive in character. Given that a candidate hypothesis is not known to be true, it is presumed to be untrue. As long as the degree of epistemic value of the presumption is less than the levels attained by Harry’s K-set, the Auto Rule preserves the abductive character of Harry’s problem. The Auto Rule bids Harry to favour Burglar since, Sarah, Dora and Harry are subject to the requisite autoepistemic factors. So is Burglar. Had there been previous burglaries, Harry would have heard of them. But he hasn’t. Why then do we say that Burglar is the best hypothesis to select if they all pass the autoepistemic test? The answer is that the autoepistemic test is supplementary to the characteristicness test, and it is the characteristicness test that Burglar doesn’t do very well with. Rightly; for, short of locked gates and streets filled with security guards, how could it be in the nature of what constitutes Harry’s neighbourhood that burglaries not happen there? Human reasoners are natural conservatives. They lean towards explanations that deviate from the normal as little as is consistent with getting an explanation. It is the sort of favouritism that Quine had in mind in proposing his maxim of minimal mutilation as a principle guiding scientific theories in handling observationally recalcitrant data. It is a maxim which favours adjustments to a theory as modest as get the the problem solved. We assume such a principle to be in play in Harry’s plausibility logic. We assume it is in the form of least possible deviation from the norm. Having it in play seems to count against Harry’s selection of Burglar. For if there were indeed a burglary, this would be quite a deviation from the normal, whereas if Sarah had come home unexpectedly, or Dora had switched her day without telling anyone, or Harry for the first time in his life had forgotten to shut the door, these would be lesser deviations from the norm. It falls to Harry’s plausibility logic to hazard an answer to the following question. Given that one of S, D, H and B does obtain, is there a way of selecting one as the most plausible? Whether the logic is capable of furnishing an answer in every case, it would appear that if there is a least plausible of the present lot it is B. If so, isn’t it the wrong answer for Harry? We note that in finding thus for B, the logic equates least plausiblity with greatest deviation from a contextually indicated norm. But this is not an answer to Harry’s abduction problem. Harry’s abduction problem is to determine what best explains the open door, which was Harry’s trigger. The abductive task was not to determine who most plausibly was in the house. The door is wide open in late afternoon of an overcast day. Given that Sarah had come home early or that Dora had switched her day, how plausible is it that the door is left wide open on either of these accounts, when a burglar would have had no particular motivation to close the back door of the empty house that he had burgled without incident earlier in the day?
THE PRACTICAL TURN IN LOGIC
87
This leaves Harry with the task of deciding between Burglar and Harry. In opting for Burglar he was certainly not making a canonical choice. A different person in exactly the same situation except for this difference might well have opted for the explanation in which he did indeed forget for the first time in his life to close the door. But in Harry’s actual situation, the autoepistemic factor is clinching: If I had left the door open, I would have remembered. But I don’t, so I didn’t.
9 CHARACTERISTICNESS A natural source of presumptive reasoning is what a reasoner takes as characteristic about the matter at hand or the context in which he finds it embedded. On the face of it characteristicness is a certain kind of generality. The generality in question is either a generic notion or what can be called a normalcy notion. Normalcy claims are claims about what is usually the case. Generic claims are stronger versions of normalcy claims. They are claims about what is always the case. ”Always” is apt to mislead. Readers of this Handbook will associate it with universal quantification. For the rest of humanity, a helpful looseness is intended. When Harry observes that ocelots are four-legged he is not minded either to abandon or qualify the claim upon discovery of just any exception. Generic claims are generalizations that tolerate exceptions. Normalcy claims are weaker; so they too tolerate exceptions. But there are differences. An exception to a generic truth can without stretch be considered a negative instance of it. An exception to a normalcy claim is not a negative instance of it; it is already catered for by the qualifier ”usually”. In greater strictness, exceptions to normalcy claims aren’t even exceptions. That Harry hates ice-cream leaves it wholly undisturbed that people usually like ice-cream. It is different with generic claims. It is true that ocelots have four legs. It is also true that Ozzie, the ocelot, has only three legs. This is a true negative instance, and is in that very sense an exception. Exceptions to generic claims are true negative instances of them, whereas exceptions to normalcy claims are in no sense negations of them. The idea of what is characteristic cuts loosely across the grain of the distinction between genericity and normalcy. This, as we will see, complicates the story we tell about characteristicness, but not by much. In our discussion of previous cases, we entertained a loose connection between propositional plausibility and characteristicness. The analysis of The Open Door found it natural to take judgements of characteristicness as a species of generic reasoning. This in turn suggests a tie between plausibility and genericity. It would be well to examine these connections more closely. Consider a candidate space R for an abduction target T . When discussing The Burglary, we proposed that propositions are excluded from R where they are contra-indicated by what is characteristic. Thus although “Sarah has come home
88
DOV M. GABBAY AND JOHN WOODS
early” was a member of Harry’s R, it was excluded by the fact that it is characteristic of Sarah not to come home early on weekdays. This was the basis on which we then said that the Sarah conjecture was implausible. Generic claims are also claims about what is characteristic. So it is natural to think of characteristicness as intrinsically generic. A little reflection may appear to call the claim into doubt. Penguins don’t fly. This is a generic fact about penguins, and saying so attributes what is characteristic of them. What, then do we say about Harry’s pet penguin, Hortense? Of course, Hortense doesn’t fly either, and that would seem to be characteristic of her insofar as she is a penguin. Sarah is unlike this. It is characteristic of her not to come home early on weekdays; and Sarah is a woman, mother, teacher, and lots of other things. But it is certainly not characteristic of women or mothers, or even teachers, not to be home at 4:30 on weekdays. Sarah does not imbibe this characteristic from what is characteristic of any class or natural kind of which she is a member. If genericity is intrinsically a certain kind of generality, then it might be thought that what is characteristic of Sarah in The Open Door case is not generic to Sarah. On the other hand, even in cases of particular characteristicness, the factor of generality is not lost entirely. If it is characteristic of Sarah not to be home early, then it is true to say that Sarah doesn’t generally come home early on weekdays. But the generality imputed by the use of the adverb “generally” is not the generality of all Sarah’s, so to speak, but rather is all weekdays between September and June. All weekdays at 4:30 are such that Sarah is not home from school then. Alternatively, it is characteristic of Sarah’s late-afternoon weekday doings that they not include her being home at 4:30. But characteristicness does not strictly imply genericity. Sometimes what’s usual suffices for what is or is not in character. So we need not impute genericity to Sarah’s not being home at 4:30 to plausibly claim characteristicness for it. What is characteristic of Sarah is what Sarah would or would not do. Something that Sarah would do is often what Sarah has a standing desire to do or preference for doing. What Sarah is like is often just a matter of what she likes. Sarah likes to do her chores after school lets out at 3:30. Sarah prefers to shop each day rather than weekly. Sarah likes to drop into Macabee’s Books for coffee and to browse. She doesn’t like to go home too early; it is less interesting to be home schmoozing with Harry than drinking the excellent coffee at Macabee’s. Dora’s situation presents a different fix on characteristicness. Dora is never at Sarah’s house on Thursday, whether at 4:30 in the afternoon or any other time. It is not just that Dora wouldn’t like to be there then (although in her actual circumstances this is certainly true). The point rather is that Dora can’t be there on Thursdays. She has other clients to whom she is committed on Thursdays. Dora is a good professional. She knows that clients much prefer to have an assigned stable time at which Dora appears in their households. Except where strictly necessary (and always with appropriate notice). Dora never changes these commitments (a further characteristic which turns on what Dora is like, and in turn, in this instance, on what she likes). But the basic fact is that Dora never comes to Sarah’s house on Thursdays because she cannot. So externalities, as economists call them, can
THE PRACTICAL TURN IN LOGIC
89
determine what is characteristic for an agent to do. What is characteristic of Dora is not characteristic of various of the classes of which she is a member. It may be characteristic of professional cleaners that they don’t deviate from fixed commitments, week in and week out. But this flows not from what it is to be a cleaner, but rather from what it is to have a good feel for customer relations. So it would appear that what is characteristic of Dora is something generic or normalic to some of the things she is, but not to others. It is widely supposed that “Birds fly” is a generic claim. For this to be true, it would have to be characteristic of birds to fly. That is, flying would be tied up with what it is to be a bird. Of course, this is not so. Penguins are birds, and penguins don’t fly. Penguins never fly. Similarly for turkeys, and ostriches, and lots of other birds. What this suggests is that sentences such as “Birds fly” do not express a generic proposition, but rather are under-expressed instances of the quantified sentence “Most species of bird fly”. (We note, in passing that “Most birds fly”, while true, is not what “Birds fly” asserts.) Thus ”Birds fly” is a normalcy-claim. Generic sentences, on the other hand, are not quantificational. “Crows fly” is a generic claim and true. It suggests, but does not assert, that most crows fly; but there are cases in which “F sG” is a true generic claim even though most F s do not G. [Carlson and Pelletier, 1995]. The sense in which generic claims are generalizations cannot be even the weak sense in which they imply inequivalent quantifications. One of the attractions of this approach to genericity and normalcy is the light it throws on the concept of default. Sometimes a default is understood as any claim which might in fact be mistaken. This is an unwisely liberal use of the term. More soberly considered a default, is the propositional content of an inference from a generic or normalic claim. If we infer from “Ocelots are four-legged” that Ozzie the ocelot is four-legged, that is a default. Saying so is saying more than that it might be untrue. It is saying (or implying) that it might be untrue in a certain way. If Ozzie is not four-legged, then given that its negation is a default, it is essential that although Ozzie is not four-legged it remains true that ocelots are fourlegged. Those that aren’t are so in ways that does not damage this truth. They are non-four-legged adventitiously (a leg-trap casualty, for example) or congenitally (a birth-defect). This is not to say that propositions such as “Ocelots are four-legged” can’t be false, that they can’t have genuine counterexamples. We might come upon a heretofore unknown species of five-legged ocelots. This would falsify “Ocelots are four-legged”, but not “Most species of ocelot are four-legged”. It would no longer be characteristic of ocelots that they are four-legged. We now have the resources to define defaults. DEFINITION 33 (Defaults). S is a default iff there is a generic or normalic claim G of which S is an instance; and S is such that if G is true, S’s falsity does not necessitate the falsity of G. The proposition that Sarah is not now home at 4:30 is a default. It is an instance
90
DOV M. GABBAY AND JOHN WOODS
of the generic claim that Sarah doesn’t come home early on weekdays. Of course, upon entering the house, Harry might see that Sarah has come home early. This might be explained in either of two ways. Sarah might be sick. Or she might tell Harry that she’s grown weary of getting home so late, and has decided to come home straight from school from now on. Each of these gives a different way for the default to be false. The first way, it remains true that it is characteristic of Sarah not to come home early. The reach of the generic (or normalic) claim is undamaged. The other way is different. Sarah’s early home-coming instantiates a new policy that retires the old habit. There is a third possibility. Sarah’s early homecoming is inexplicable. “I don’t know”, she says, “I just felt like it”. Let us briefly regroup. Our point of departure is The Open Door. Our present task is to say something useful about the property of characteristicness. We see that characteristicness is bound up with the concept of genericity, normalcy and default. So, instead of our earlier decision to attribute defaultness to generic and normalic claims, we now propose that its more fruitful application is to instantiations of such claims. Thus, the generic claim (1) Ocelots are four-legged is fallible (though not a default), and its instance (2) Ozzie is four-legged is both fallible and a default. Why? What is the difference between the fallible non-defaultness of (1) and the fallible defaultness of (2)? The answer is that (2) derives its plausibility from (1), and is subject to downfall in the face of a single true counter-instance. But (1) is not withdrawn for just any reason for which (2) is withdrawn. (1) remains true even though (2) is false. (1) and (2) have different logics, as we might say. They are both fallible, but in different ways. One could be mistaken about the four-leggedness of ocelots, but not every way of being mistaken about the four-leggedness of Ozzie is a way of being mistaken about the four-leggedness of ocelots. We require that there be away of marking this distinction. There is such a way: (1) is generic, and (2) is a default. How does this play upon the abductively important notion of characteristicness? It appears that the generic-default distinction partitions the characteristicness property in the following way. If (1) is true, then it is characteristic of ocelots to be four-legged; but it isn’t characteristic of Ozzie to be four-legged. Another way of saying this is that the truth of (1) confers characteristic four-leggedness on ocelots, and yet characteristicness is not closed under instantiation. This makes The Open Door problematic. We said that (2) is not a statement of characteristicness. Yet (2) is a singular statement. This might lead us to suppose that singular statements can’t be statements of characteristicness. This is belied by (3) Sarah is characteristically not at home early on weekdays.
THE PRACTICAL TURN IN LOGIC
91
(3)is a singular statement, and a statement not obviously an instance of from any generic statement. So, it would appear that it can’t be true that even where a singular statement is a statement of characteristicness, it is not so because it is a default, as we are presently defining it. But, on the contrary, (3) is a statement of characteristicness and is a default, and yet does not qualify as a default by instantiation of a generic statement that attributes the same characteristicness that (3) itself plainly attribute. Of course, we tried earlier to find a generic or normalic statement of which (3) can be an instantiation. This required a certain regimentation (which, as Quine has taught us, is tendentiousness in a good cause). We proposed that (3) be re-issued as (5) It is characteristic of this day that Sarah not be home early Which could then be taken to as derived from (4) Weekdays are such that Sarah is not home early on them. It won’t work. Compare (1) and (2) with (4) and (5). In the case of the first pair, (1) does all the work on behalf of characteristicness. Even if we held our noses and allowed that (2) also attributes characteristicness, it would be clear that its functioning thus is wholly parasitic on the characteristicness attribution embedded in (1). With (4) and (5) it is the other way around. With (1) and (2) it is consistent to say (6) Even though (2) is not a statement of characteristicness. (1) nevertheless is a statement of characteristicness But we can’t say (7) Even though (5) is not a statement of characteristicness. (4) nevertheless is a statement of characteristicness. From this we may infer that: (8) That (4) is a statement of characteristicness does not derive from any generic or normalic claim of which it is an instantiation. (9) Whether a statement is a default depends on its relation to attributions of characteristicness. In particular, (2) is a default because it instantiates a statement of characteristicness; and (4) is a default not because it instantiates a statement of characteristicness, but rather because it is itself a statement of characteristicness. What now of plausibility? The Open Door suggests that (10) Defeasibly, possibilities that contradict (statements of) characteristicness are not plausible abductive candidates.
92
DOV M. GABBAY AND JOHN WOODS
We have postulated a connection between the plausible and the characteristic. Beyond observing that sometimes a judgement of implausibility is based on contrary characteristicness, we haven’t done much to elucidate this connection and to plumb its degree of reach. Neither have we reflected on whether the tie, such as it is, is affected by the distinction between propositional and strategic plausibility. We briefly turn to these matters now, in reverse order. Planck conjectured quanta for their contribution to the unification of the laws of black body radiation. He did so notwithstanding the extreme indexpropositional implausibilitypropositional implausibility of the existence of quanta. Even so, Planck thought it reasonable to proceed against the grain of this implausibility. Quanta were nothing like anything then known to physics; so they were uncharacteristic of what physics quantified over in 1900. Planck’s was a conjecture grounded in its instrumental yield. It was, we say, a strategically plausible conjecture to make. Why would this be so? It would be so, as we saw earlier, because it is characteristic of the laws of physics to admit of unification under the appropriate conditions. Planck reasoned that black body radiation is such that it should be expected that it is subject to unified laws, and because such unifications are characteristic of physics, he made a conjecture that would achieve it. This suggests that in cases such as this the tie with characteristicness holds for both propositional and strategic plausibility. However, for other cases, the reverse would appear to be true. Peirce holds that a tie between or among rival hypotheses is often broken by economic considerations. The theorist opts for H over H because testing H is comparatively affordable and testing H is not, never mind that H might possess greater propositional plausibility than H. So we ask, is it characteristic of experimental testing that hypotheses pass the tests to which they are submitted? Of course, the answer is “No”; and with it a further question arises: How does this comport with Peirce’s claim that selected hypotheses are the outputs of our innate flair for guessing right? The question embeds an undeniable tension between Peirce’s views, but it is a tension that is moderated by his fallibilism. Fallibilism allows that the frequency of erroneous guesses might outrun the frequency of correct guesses even while it remains the case that we have the flair for guessing right. It is allowable provided, as we have said, that guessing right is guessing right enough of the time and about enough of the right things, enough, that is, to secure our survival and our prosperity. It might be supposed that in those cases in which strategic plausibility retains its tie with characteristicness, the requisite instrumental factors themselves display another characteristic attachment. It might be supposed that factors such as unifiability, simplicity and coherence are markers for cognitive success, and that there is an abductive explanation of this, to wit: that such factors are defeasibly probative. This will appeal to philosophical and scientific realists, needless to say; but it is also the view of common sense to which all of us naturally lean. If true, care needs to be taken. The purported link between what is simple (etc.) and what is true cannot be so tight as to make the selections of hypotheses that turn upon these instrumental virtues run foul of the requirements that abduction is ignorance-
THE PRACTICAL TURN IN LOGIC
93
preserving. Even so, it can hardly be doubted that when judgements of strategic plausibility turn or factors such as the affordability of scientific testing, the link with characteristicness will be at its most tenuous.
10
COMMON KNOWLEDGE
In the broadest strokes, what a cognitive agent finds to be plausible is something he sees it as reasonable to hold or to consider holding in the absence of confirming evidence. Reasonable assent in the absence of evidence is the hallmark of abductive reasoning. Plausibility is an integral feature of abduction, and plausibility evinces this same feature — reasoning without evidence. We will suggest that the natural habitat of the plausible is common knowledge. Whether or not common knowledge is knowledge strictly speaking, it has a rather striking feature. When an agent X assents to P on grounds that it is common knowledge that P , it cannot be the case that, then and there, P is knowledge for X. This contrasts with the case in which an agent X ∗ assents to P , P is a matter of common knowledge, but X’s assent to P is independent of that fact. A further feature of the first case — i.e., of inferring P because and only because it is common knowledge — is that rarely does the agent in question have inductively strong grounds even for the claim of common knowledge. Common knowledge loops recursively. Often something is taken by X as common knowledge when X takes it as common knowledge that P itself is a matter of common knowledge. It is something of a relief therefore that rarely when X draws common knowledge does he expressly say so. Saying so is usually reserved as an answer to a challenge; and in that context it is often not much of an answer. It is preferable that we view the contributions of common sense from the third person point of view, the view from which we try to discern what the other party is doing when it seems clear to us that he is exploiting what he takes to be common knowledge. In taking that view, recurring features come to light. What counts as common knowledge for X is a set CK of beliefs, or propositions to which he is disposed to assent, which he believes are widely shared – in effect that they satisfy the Aristotelian conditions on endoxa: they are beliefs held by all or by the many or by the wise. These propositions divide fairly naturally into two main groups. (1) They are instantiations of generic or normalic claims in CK. (2) They are propositions, including those generic or normalic claims, that come to X by hearsay. In both cases, the factor of characteristicness is robustly present. The link between the general and the characteristic we have already discussed. The link between hearsay and characteristicness has yet to be made. Hearsay is like guessing. With guessing, we wanted to know how it could be that guessing is a cognitively virtuous endeavour, when it might be the case that incorrect guesses out-number the correct. The answer was that it is characteristic of guessing that it serves us well even when it frequently goes wrong, instance by instance. Another way of saying this is that “Guessing is reliable” is a true generic or normalic claim even though
94
DOV M. GABBAY AND JOHN WOODS
the quantified sentence “Most guesses are right” is false. This gives us some idea of the truth conditions for generic sentences of this particular type. “Guessing is reliable” is true if it is true that guessing is often enough right enough about the right things. Hearsay has something of this same character. Hearsay gets many things wrong, but it gets the right things right sufficiently often to have become a wholly entrenched and indispensable instrument of our largely successful negotiations with a hostile world. With embeddedness goes characteristicness. We may take it, then, that the elements of characteristicness are embedded in common knowledge. If, as we suggest, common knowledge is the principal source of what an agent takes to be plausible, the tie with characteristicness is reconfirmed. Apart from this, common knowledge passes the other tests for plausibility. The instantiation of a generic or normalic claim is a default, as is a proposition accepted on hearsay (given the generic or normalic truth that hearsay is reliable). In each case, the default is allowable on sufferance. In neither case are we talking about evidence. Before bringing this section to a close, this would be a good place to return to the point that cases such as The Open Door invoke implausibility as a reason to exclude a candidate hypotheses. It is not intended that survival of this exclusion test confers plausibility on the hypotheses left standing. “P is not implausible” does not imply “P is plausible”. This suggests a two-tiered structure for plausibility filters. In the first tier, the reasoner excludes candidate hypotheses on grounds of implausibility. In tier two (mindful of the possibility of countervailing considerations), the reasoner seeks the most plausible of the survivors and excludes the rest.
11
PRESUMPTION
It is time to turn to a further element of the triad of the practical, the plausible and the presumptive. In the present section we examine presumption, beginning with its proposed link with plausibility. As it is developed in Walton [1992], plausibility is subject to two restrictions, both of which we regard as inessential. One is that plausibility is a property instantiated only (or paradigmatically) in dialogues. The other is that such dialogues involve only (or paradigmatically) everyday matters. If plausible reasoning were intrinsically dialogical and instrinsically quotidian, then Walton’s account would be of little value in the explication of abduction, which is neither. But as we say, we see nothing in Walton [1992] that shows these constraints to be essential; consequently we shall decline to impose them. However, we agree that, just as abduction is a certain kind of enquiry, presumption too can usefully be relativized to an agent’s cognitive agenda. Thus whether something is reasonably presumed or not will in general be influenced by the kind of task the reasoning agent is trying to perform. Walton’s central idea is that plausible reasoning “needs to be understood as being based on and intimately connected to presumptive reasoning” [Walton, 1992,
THE PRACTICAL TURN IN LOGIC
95
p. 4]. Presumptive reasoning, in turn, is held to contrast with both deductive and inductive reasoning. “Presumptive reasoning”, says Walton, “is inherently subject to exceptions, and is based on a defeasible general premise of the form ‘Typically (subject to exceptions), we can expect that if something has property F, it also has property G’” [Walton, 1992, p. 4]. If it appears unclear as to why presumptive reasoning can be neither deductive nor inductive, Walton says that “deductive reasoning is based on a universal general premise of the form ‘All F are G’, and inductive reasoning is based on a probabilistic or statistical general premiss to the effect that most, or a certain percent [sic] of things that have properly F also have property G” [Walton, 1992, p. 4]. We won’t take the time to subject these caricatures to the derision that they so richly deserve. Let it suffice that, properly understood, the contrast class for presumption is neither deduction nor induction, and that, even as characterized by Walton, presumptive reasoning cuts across the grain of these distinctions. What makes this so is the role of presumptive premisses in arguments of all kinds. What Walton misses is that presumptive inference is two different things: (1) inference to a presumption, and (2) inference from a presumption. Walton distinguishes among three kinds of presumption — required, reasonable and permissible. A proposition A is a required presumption in an inquiry if and only if, (i) whether or not A is true is open to further argument or inquiry, and (ii) A may be inferred from what is presently known in the inquiry, and (iii) A must be inferred from what is presently known in every inquiry of this type, in the absence of special circumstances [Walton, 1992, p. 53]. A proposition A is a reasonable presumption in an inquiry if and only if the first two conditions are met and “A may reasonably be inferred from what is usually expected in relation to what normally can be expected to be found in this type of enquiry, in the absence of exceptional circumstances” [Walton, 1992, p. 53]. A is a permissible presumption in an inquiry when A “may be inferred from what is known, but does not have to be” [Walton, 1992, p. 53]. We note in passing two unattractive features of these definitions. One is their imprecision. There is, for example, no discussion of the difference between “may be inferred” (condition (ii)) and “may reasonably be inferred . . .” (condition (iii) on reasonable presumption). Also unexplained is the meaning of “must be inferred . . . ” (condition (iii) on required presumption.) Apart from this inexactitude there is also at least a hint of circularity. Thus something is a reasonable presumption when it is reasonable to infer it. Perhaps the greatest difficulty with this account is making sense of the tie between presumptive reasoning and plausible reasoning. Though the connection is asserted, it is not explicated.30 Even so, it may be possible to reconstruct the 30 The great oddity of [Walton, 1992] is that, notwithstanding its title, Plausible Argument in Everyday Conversation, it is a book with almost nothing to offer in the way of a positive account of plausibility.
96
DOV M. GABBAY AND JOHN WOODS
tie on the basis of what Walton says about presumption. Two points are particularly important. One is that the inquirer be undecided as to the truth or falsity of any proposition that he holds presumptively. The other is that the proposition “may be inferred” from what is known of situation in which the presumption arises. Jointly, presumptions are legitimate to hold even when they chance to be untrue. This legitimacy is off-set by the tentativeness with which a presumption is held or forwarded. This goes some way toward capturing Rescher’s idea that “plausibility is a weaker counterpart to truth” [Rescher, 1995, p. 688]. Nowhere, however, does Walton speculate on the conditions under which our present state of knowledge makes it reasonable to hold defeasibly a proposition that might be false. This leaves his account of plausibility significantly underdescribed. A proposition is plausible when it is an epistemically respectable possible falsehood. So is a probability statement in the unit interval [0, 1]; but Walton insists (rightly) that statements of probability are not statements of plausibility. Plausibility, says Rescher, turns on a claim’s credibility via the acceptance justifying backing that a duly weighted source (human, instrumental, or methodological) can provide. Thus if we think of informative sources as being graded by reliability, then the plausibility of a contention is determined by the best authority that speaks for it. A proposition’s plausibility accordingly depends on its probative status rather than on its specific content in relation to alternatives [Rescher, 1995, p. 688]. Walton, too, acknowledges a role for expertise in presumptive reasoning (see, e.g., [Walton, 1992, pp. 259–262]). The difference is that Rescher makes the factor of authoritative reliability intrinsic to plausibility; whereas for Walton (rightly, in our view) is is a contingent matter, only occasionally sufficient for plausibility. Rescher’s notion of plausibility makes authoritative reliability the pivot. In his conception, plausibility is also an inherently economic matter. It is cheaper to make do with the plausible than to hold out for the true. It is, as we have noted, a conception tailor-made for our notion of the practical agent, who must prosecute his cognitive agendas under press of scant resources. The practical agent, we said, is someone who often is obliged to discharge his cognitive tasks on the cheap. If it is part and parcel of those cognitive economies to satisfice with regard to the plausible, it is reasonable to suppose that recognizing the plausible is something that beings like us are reasonably adept at. Certainly one of the economies practised by practical agents is reliance on the say so of others. Rescher recognizes three classes of such reliance: human (“Is this the way to Central Station?”, “Modern science has discredited the idea that intelligence is accurately measured by IQtests); instrumental (“The thermometer registers 40 degrees C, so I’ve got a very bad fever”); and methodological (“Strings are the simpler hypothesis”). Rescher also sees a link between plausibility and presumption. He cites The Fundamental Rule of Presumption A positive presumption always favors the most plausible contentions among the available alternatives. It must stand until set aside by something yet more plausible or by
THE PRACTICAL TURN IN LOGIC
97
direct counter-evidence ([Rescher, 1976, p. 55]; cf [Rescher, 1977, p. 38]). Although the leanness of his exposition makes it difficult to determine with confidence, Walton appears to lodge his notion of plausibility in the conceptually prior idea of presumption. Thus a proposition is plausible to the extent that it has the appropriate presumptive bona fides. For Rescher, it is the other way round. For plausibility can serve as the crucial determinant of where presumption resides [Rescher, 1977, p. 37]. The Fundamental Rule of Presumption is a rule about propositional plausibility, which is at least a close approximation of the basic tie between presumption and plausibility. Yet its range is restricted to presumptions in the form C(H). It does not hold for conclusions in the form “H is a good bet for testing”. Even so, the rule can be adaptated for strategic plausibility. If H leads to the conclusion that C(H) for strategic reasons, the presumption rule holds by virtue of the structure of conjecture. Accordingly, PROPOSITION 34 (Extending the Fundamental Rule). A positive presumption always favours the most plausible contentions among the available alternatives. It must stand until set aside by something yet more plausible or by direct counterevidence. This rule is indifferent to the distinction between propositional and strategic plausibility. There is much to approve in Rescher’s account of plausibility, especially in the contrast he draws between plausibilities and probabilities. There is less to be said for how prior plausibilities are handled. Rescher is quite right to have accorded epistemic significance to authoritative sources. You turn on the radio and hear that Kabul has been bombed. So, you know that Kabul has been bombed, albeit defeasibly. You ask whether this is the way to Central Station, and you are told that it is. So now you know, albeit defeasibly. You consult the bruised horizontal slash in a prairie sky, and you know, albeit defeasibly, that both and wind and temperature will soon rise. You see the spots on your child, and report chicken pox to your pediatrician. Harry sees the open door, and assures himself that it wouldn’t have been Sarah’s doing; Harry’s knowledge of Sarah’s habits is authoritative. You hear the drumming on the roof and, looking out, you see that it is raining hard. But now your source is impersonal; it is the evidence of your senses. You want to know what your bank balance is. So you balance your chequebook. Here, too, your source is impersonal. It is the evidence produced by your calculations. This is problematic. Impersonal epistemic sources are patches of evidence or arithmetical rules, or some such thing. It is widely agreed that evidence is good as opposed to bad, or better rather than worse, when it affects conditional probabilities in requisite ways. But Rescher wants his plausibilities to be different from probabilities. He owes us a nonprobabilitistic account of how such evidence gets to be authoritative. This has yet to materialize. In its absence, we can only conclude
98
DOV M. GABBAY AND JOHN WOODS
that the concept of authoritative source has too short a leash to tie down the more far-ranging concept of plausibility. Whether or not this is so on account of the indetermenency of the doctrine of evidential sources, it is certainly so in virtue of the limited goal Rescher has set for his plausibility logic. Probability logics cannot handle inconsistent inputs. The goal of Rescher’s deployment of plausibility is to repair this omission. There is no other goal, hence no other standard against which to judge the success of Rescher’s enterprise. Even so, there are some welcome byproducts of Rescher’s logic. It would be unreasonable to hold the description of plausibility to no condition other than providing a method for determining what is reasonable to accept among a number of jointly inconsistent propositions. It lies in the nature of Rescher’s task to get certain things right about plausibility itself, independently of the limited goal of his theory. Indirectly, he is contributing something to the logic of abduction. Rescher’s understanding of propositional plausibility overlaps with our own. Like him, we see a close connection between the assurances of hearsay and the plausible. In our account the principal source of hearsay is that which forms the relevant parts of common knowledge. In Rescher’s hands, the idea of epistemically authoritative sources is raised to a not inconsiderable level of abstraction, with the result that whatever gives one reason to hold something provisionally (or conjecturally) is to be counted as an epistemically authoritative source. This requires Rescher to subject the notion of epistemic authority (or source-evidence) to strikingly wide attributions of degree. We demur from this approach because it cuts across the grain of a distinction we take to be important. It is the distinction between having reasons to accept or (provisionally accept) a proposition and having evidence that it is true. Another difference between Rescher and ourselves is worth repeating. Rescher defines plausibility-consequence in such a way that whatever follows from a set of plausible propositions must have a plausibility value at least as high as the least plausible of those propositions. In the approach we favour, there are non-trivial cases in which the opposite is true. To take another example, we might imagine that the common sense generic that ocelots are four-legged has a quite high plausibility ranking (by Rescher’s lights, not ours), whereas the default inference from that same proposition that, since Ozzie is an ocelot, Ozzie is fourlegged is (as it should be) of a lesser grade of plausibility. Not only is the inference reasonable, it is characteristic of a very large class of plausibility reckonings that are deeply embedded in actual cognitive practice.31 We have said something about the linkages between presumption and plausibility. Rescher’s Fundamental Rule has it that presumptive reasoning will always (typically?) defer to the most plausible of the available alternatives. We have also had occasion to remark that a natural habitat for presumptive inference is common knowledge, and we directed particular attention to the instantiation of non31 Rescher adapts his consequence-relation from Theophrastus’ rule that “the modality of the conclusion [of a valid argument without redundant premisses] must follow that of the weakest premiss”. [Rescher, 1976, 13 and 23-25]. There is a difficulty with this. Theophrastus’ rule is a satisfactory modal rule only on the assumption of logical omniscience.
THE PRACTICAL TURN IN LOGIC
99
universal generalities, i.e., those propositions, such as the generic or the normalic, that don’t embed universal quantifications. This gives us a way of preserving the Rule’s principal insight. Consider a case. What is common knowledge for Harry includes the normalic claim that birds fly and the generic claim that crows fly. On becoming aware that Jasper is a crow, he infers the default that Jasper flies from the generic proposition that crows fly, rather than the normalic proposition that birds fly. We can see that the inference that Jasper flies is safer when made from the generic claim rather than the normalic. This might lead us to suppose that “Crows fly”is more plausible than “Birds fly”. But there is reason to doubt it. For one thing, both these non-universal generalizations are known to be true, and in our scheme of things, knowing that P is true precludes a finding of plausibility for it. A further consideration is that differences between these two claims lies in the structure of the generalities that they attribute. “Birds fly” expresses the truth that for the most part, or usually, birds are flyers. “Crows fly” asserts that it is characteristic of crows that they are fliers. It is not tied up with what it is to be a bird to be a flier; rather, birds usually are the sorts of thing that fly. Crows are different. Crows fly. It is tied up with what it is to be a crow to be a flier. Of course, sometimes birds don’t fly. Penguins don’t fly — any of them. Sometimes crows won’t be able to fly either. This happens when it is characteristic of crows to fly, but this crow is contingently disabled by accident, illness or genetic defect. It bears repeating that, in being known to be true, these respectively different non-universal generalities possess an epistemic standing incompatible with plausibility. (Reliability, however, is another matter). So if plausibility is indeed a factor here, we must find a different place for it to operate. Could this be the default that is inferrable from each of the generalities at hand? No. It is the same proposition in each case. Why would it be the case that “Jasper flies” has a greater degree of propositional plausibility when inferred from “Crows fly” than when inferred from “Birds fly”? That Jasper flies is not itself the natural home of these intuitive differences in plausibility value. Better that we repose the difference in the inference itself, i.e., in the interpretation we give to the ∴-operator. It is the inference of “Jasper flies” that is more plausible when drawn from a generic truth rather than a normalic truth. This echoes a point we made in passing against Walton’s account of plausibility. We said that it overlooks the intuitive difference between inferring from something plausible and inferring to something possible. As we remarked earlier, there is a third way in which plausibility enters the structure of ampliative reasoning. Plausibility is also a marker of conclusional force. We now find ourselves at a juncture at which it would be advisable to try to determine whether we have been following our own advice. We have said quite a bit about what might be called instantial defaulting, in which one draws an instance of a non-universal generality. This very large class can easily be said to capture two parts of our threefold distinction about presumption. In inferring “Jasper flies” from “Crows fly” (or “Birds fly”) one presumes that Jasper flies precisely because of the organization of the inference’s plausibility-structure. Although the premisses in each case are true, the
100
DOV M. GABBAY AND JOHN WOODS
strongest inference they will support is a plausible inference. It is easy to see why such an inference would also be called presumptive. Equally, a plausible inference from a true generality confers nothing but propositional plausibility upon the inferred default, in the absence of knowing better. This confirms the point that, in plausible inference, conclusions quite routinely have lower epistemic values than premisses. We also see that when an instantial default is presumptively inferred from a true non-universal generality, a judgment of presumptiveness may also be made of the conclusion itself. We presume that Jasper is a bird (in the absence of knowing better). This covers two cases — inferring plausibly and inferring to a plausibility. There is more to inference to a plausibility than instantial defaulting. The inferential flow goes in the other direction as well. It is typified by hasty generalization. Suffice here to say that, prior to confirmation, hasty generalization is an inference from a sample to a generalization of one or other of our three types: universally quantified conditionals, generic propositions, and normalic propositions. The plausibility of the generalization varies inversely with the strength of the general premiss. Equally, the propositional plausibility that such inferences confer varies inversely with the strength of the generality inferred. This leaves our third case to consider. It need not detain us long to get the basic picture. Again, consider a case. On the basis of a sample, Harry hastily generalizes to, say, the generic proposition that F s are G. His sample is that Hortense is an F . His grasp on “F s are G” is presumptive, giving it a certain degree of propositional plausibility. His other premiss — that Hortense is an F we may assume he knows to be true. Harry infers from these premisses that Hortense is also a G. Harry’s inference has a plausibility compounded, and depressed, by the fact that it is no better than a plausible inferences from premisses one of which is itself only plausible. This is the situation for as long as it remains the case that the best that Harry can say for “Fs are G” is that these Fs are all G. The diminished plausibility is passed on. That Hortense is G, in the absence of knowing better, can have no greater propositional plausibility that attaches to “F s are G or to the inference from it to “Hortense is G. What this reprise clearly confirms is Rescher’s insight that the plausible and the presumptive are intimately connected. It also shows us that PROPOSITION 35 (Undetermination of the presumption rule). Whether in its original form or in the extension of it provided by Proposition 34, Rescher’s Fundamental Rule of Presumption significantly understates the tie between the plausible and the presumptive. 12
LEGAL PRESUMPTION
A logic of practical reasoning is one that pays particular attention to the limitations on what beings like us can reasonably aspire to and the wherewithal available for its realization. In this respect, perhaps abductive reasoning is an especially apt case, in as much as it is reasoning faute de mieux, transacted in the absence
THE PRACTICAL TURN IN LOGIC
101
of knowledge. It may strike the ear oddly to say so, but one of the places in which abduction plays a central role is in the conduct of a criminal trial. The oddness lies in this. On the one hand, the standard of proof in criminal trials is proof beyond a reasonable doubt. On the other, abductive reasoning is ignorancepreserving. This alone is ample reason for the practical logician to examine further the epistemics of criminal jurisprudence. Another is that legal reasoning is replete with considerations of the plausible and the presumptive. In the Anglo-American tradition, there are two main loci of the idea of presumption. [Uglow, 1977, p. 686–702] and [Dennis, 1999, p. 387–391] One is the doctrine of legal presumption. The other is the doctrine of the reasonable man (or as is now more commonly said, the reasonable person). In the latter, important as it is, the factors of presumption are rarely expounded, never mind given theoretical articulation.32 It will be enough for our purposes here to schematize the reasonable person theory in the following way. The finders of fact in a trial are required to form their beliefs and draw their inferences on the basis of what in the same circumstances a randomly selected ordinary person would believe and infer, using only those cognitive resources intrinsic to such rationality as he possesses as an ordinary person. The ordinary person here is someone who is previously untutored both in the law and in the technicalities of the issue he is required to judge. (Think, for example, of the highly complex cases of fraud that attracted such attention tn the early 2000s.) It is generally assumed that the best way to determine how the ordinary person would operate is to be such a person oneself. It is for this reason that person’s with expert knowledge about the issues before the court are disqualified from jury duty. Thus it is anticipated that a juror will derive some reassurance in what he believes and infers from the fact that he is — for the purposes of the trial — an ordinary person, together with the fact (when it is one) that this is what he is disposed to infer. We may take it as given that the doctrine of the reasonable man is deeply presumptive and plausibilistic. This is so notwithstanding high standard of proof that that is said to attend a juror’s ultimate determination. In reaching a verdict, jurors must, on the face of it, do their best to minimize the element of presumptiveness and to aim higher than even quite high propositional plausibility. But when they are concerned with the business of interpreting evidence and sizing up the credibility of witnesses, and the like, they are not held to this high standard. This anyhow is the received view. The place in Anglo-American law in which the conception of presumption is given detailed express consideration is in the doctrine of legal presumption, the paradigmatic case of which is the presumption of innocence. It is appropriate that we pause to say a few words about this doctrine. The value in doing so lies in the fact that legal presumptions have virtually nothing to do with what the factors 32 The reasonable person doctrine itself — not just how it links to presumption — is little developed in standard legal texts. See, for example, [MacCormick, 1993] and [Hannibal, 2002] whose indexes contain no mention of it. In other places, the concept of the ordinary person is considered in connection with the extent to which it can be inferred that an accuser has appreciated the consequences of his actions. but such references tend to be brief and informal [Roach, 2000].
102
DOV M. GABBAY AND JOHN WOODS
discussed in earlier parts of the present chapter. It is important enough to discover that legal presumptions are quite different from the general range of presumptions. It is even more telling that informal logicians and argumentation theorists are so drawn to this wholly inappropriate paradigm in attempts at crafting what they regard as general theories of the presumptive. (See here[Hansen and Kauffeld, 2005] and [Walton, 1992]). To investigate this further, we need a distinction between the legally presumptive and the standardly presumptive. The presumption of guilt is a position mandated by the requirement of justice. Anyone familiar with the operation of the legal system will know that the police don’t bring weak cases to prosecutors, that prosecutors don’t bring weak cases to trial, and that often judges won’t permit weak cases to proceed. In the absence of evidence that the criminal justice system is massively corrupt and incompetent, the reasonable standard presumption is that the accused is guilty. The inference to this effect from generalities such as these carries a positive degree of conclusional plausibility, and the proposition that he is guilty carries a positive degree of propositional plausibility. Given the linkages we have charted between the plausible and the (standardly) presumptive, it is also necessary to say that the presumption of innocence violates the general conditions on (standardly) presumptive adequacy. Given those general standards, the proposition that the accused is innocent is a bad presumptive bet. That is, it is to some degree or other epistemically disreputable. Another embedded misconception is that presumptions distribute the burden of proof.33 In fact, however, this is not true in criminal law, and it is not true outside it. The common law places the burden of proof wholly upon the prosecution. The common law mandates the presumption of innocence. It may be said that these two requirements are the cornerstone of Anglo-American justice. But even there, they bear no intrinsic link. Had the law evolved in such a way that the person protected by the presumption of innocence was himself obliged to prove the presumption on pain of losing its protection, it would still have been true that the accused entered the proceedings with that protection, and that he retained it throughout until proof had been adduced inadequate for its further retention. In the system that has actually come down to us, everything remains the same, except the proof that is designed to cancel the protection must be wrought by the accuser. Accordingly, PROPOSITION 36 (Presumption and the burden of proof). The legal presumption of innocence carries no intrinsic favoritism as to where the burden of proof should fall — whether on the accused or the accusor. It is quite reasonable to say that a system of criminal law better protects against unsafe convictions if it is undergirded by these two protections, rather than by the protection afforded by the presumption of innocence alone. But this does nothing 33 “The discussion of presumptions is directly bound up with questions of the burden of proof”. [Uglow, 1977, p. 686]. “Thus the ‘presumption of innocence’ is another way of stating the rule that the legal burden of proving guilt rests on the prosecution in criminal proceedings . . .. ”[Dennis, 1999, p. 387].
THE PRACTICAL TURN IN LOGIC
103
to change the fact that they are independent provisions. The same is true of the standardly presumptive, even in those contexts in which a presumption is shared by two parties. It is frequently noted (and rightly) that if someone (Harry, say) challenges a presumption held by another party (Sarah, say), that it falls to Harry to make the case against that presumption. There are two reasons in particular for doubting this claim. 1. Suppose that Harry’s move against Sarah’s presumption is indeed attended by the requirement that Harry make good his case. Even so, to the extent to which this is true, Harry’s burden inheres not in Sarah’s presumption but rather than in Harry’s challenge. Harry would have the same burden had Sarah asserted what she now presumes. 2. Even so, the burden of proof does not always lie with the challenger. “Presumably, Freddie was a Soviet spy”, says Harry. “Why would you say a thing like that?” Sarah replies. How likely is it that we would accept as Harry’s next move: “Oh, no, it’s up to you to show that he wasn’t”? The common law acknowledges kinds of presumption other than that of innocence. Provisional assumptions — sometimes also called presumptions of fact — are conclusions a juror may draw but need not, and once drawn may use as a fact unless successfully challenged by opposing counsel. The stock example is the presumption of intendedness that attends an act which a party has been shown to have, or admits to having, committed. It is commonly said that the presumption of innocence creates a contrary proof burden for the defence. [Dennis, 1999, p. 389]. The claim rests upon a confusion. The link is there, rightly enough, but it inheres not in the presumptiveness of the presumed intendedness but rather in the person to whom the intendedness is ascribed. Certainly the Crown has no interest in showing that the accused lacked the intention required to make his act a crime; it would serve only the interest of the defence to show this. But this would be so irrespective of whether the claim of intendedness were anchored in direct evidence led by the prosecution or in a provisional presumption. Evidential presumptions — also called rebuttable presumptions of law — are conclusions a jury must draw upon proof of the basic fact in which the presumption is rooted, in the absence of contrary indications. If, for example, it can be established that a testator has executed an apparently rational will, it must be presumed, in the absence of evidence to the contrary, that he was sane when he executed it. Here, too, the burden of proving contrary indications falls to the party that invokes them. But, again, the burden inheres not in the fact that sanity was presumed, rather than established on directly led evidence, but in the fact that doing so is required by the prover’s theory of the case. Persuasive presumptions — also classified as rebuttable presumptions of law — are conclusions a juror must, in the absence of contrary indication, draw once
104
DOV M. GABBAY AND JOHN WOODS
the basic fact is proved. If, for example, a child appears during its parents’ fertile years, it must be taken that the child is legitimate, except when the opposite can be established. Similarly, if it is established as a basic fact that no evidence that a person is alive has been forthcoming for a seven year period, it must be taken that the person is in fact dead. Being a rebuttable fact, the onus rests with the would-be rebuttor, and has nothing intrinsic to do with its presumptive character. Finally, conclusive presumptions — also known as irrebutable presumptions of law — are conclusions that must be drawn upon the establishment of the basic fact. For example, it used to be the case in English law that a boy under fourteen years required the presumption that he was incapable of sexual intercourse. Until the rule was abolished by the Sexual Offences Act 1993,s. 1, this was an irrebuttable presumption. The gap between juridical relevance and all the going conceptions of it save one (including the law’s own definition of relevance) represents a nontrivial deviation, as we note in [Gabbay and Woods, 2003]. The gap between juridical presumption and standard presumption is even wider, and may without exaggeration be said to represent the law’s epistemic distortion at its most intense. The exception lies with agenda relevance, which allows for the prosecution of epistemically compromised agendas with cognitively commonplace resources. Wide as these gaps may be, and important as they surely are for any theory of practical reasoning, the distortions they give rise to are considerably mitigated in actual practice. Take the particular case of the juror, although much the same can also be said for the three other main protagonists in a criminal proceeding — the investigating officers, those who give sworn testimony, and the judge himself. Jurors have a twofold task. They must determine whether the prosection’s theory of the case meets the standard of proof imposed by the criminal law. They must also interpret the evidence, weigh the credibility of whose who testify, reconcile testimonial conflicts, and so on. In performing these tasks the jury is not bound by the standard of proof borne by the prosecution in regard to the matter of the accused’s guilt (nor is any other of the parties). The jury is free to reason in the ordinary way about these things and to reach decisions about the sundry details they throw up for consideration, also in the ordinary way. In vigorously contested cases, especially those based upon circumstantial evidence, it is commonplace for the prosecution’s theory of the case to be a purported solution to an abduction problem, in which it is argued that the accused’s guilt is the best explanation of the known facts. In like manner, the job of the jury is to try to piece together its own theory of the case, and here, too, it often happens that the theory will be an exercise in abduction. What shows this to be so is the standard definition of circumstantiality: “Direct evidence proves a fact without inference . . . Circumstantial evidence is evidence from which a fact is reasonably inferred but not directly proven.” [Klotter, 1992, p 67–68]. It is not foreclosed that, by standard epistemic standards, a jury can be wholly justified in its view of the case as the correct one. Nothing in the remit of a juror requires that he be an agnostic about the events in question until the point at which he enters his verdict. What is required is only that the juror not decide the case until he has heard it all. This implies a clear distinction between a juror’s
THE PRACTICAL TURN IN LOGIC
105
duties. On the one hand, he must form an understanding of the matter before him. On the other, he must judge it by the standard of guilt beyond a reasonable doubt. The two tasks are logically and procedurally disjoint. It is open to a juror to solve his abduction problem in favour of the prosecution, but to vote to acquit in recognition that his abductive solution doesn’t rise to the required juridical standard. But neither may it be thought that a solution of an abduction problem can never meet the required standard of proof, owing to the intrinsically subpar epistemic factors that inhere in abductive reasoning. What shows this to be so is the sheer fact of criminal convictions based wholly upon circumstantial evidence.34 It is here, perhaps more than in any other context, that the requirement of ignorance-presentation is called into question. For how can it be countenanced that a solution to a criminal abduction problem could meet the high standard of proof imposed by law, if abductive solutions are epistemically subpar?
12.1
Reasonable Doubt
It bears on this question that the meaning of the reasonable doubt provision is not well-explained either in case law or in legal textbooks. As a prominent American textbook points out, “Reasonable doubt is a term in common use as familiar to jurors as to lawyers. As one judge has said it needs a skillful definer to make it plainer by multiplication of words . . .”. [Strong, 1999, p. 517]. It is sometimes supposed that it is the legal counterpart of the high standard of proof that one finds in science and mathematics, where, in all three cases, the standard is at the top of the epistemic scale. Whatever may be the case with science and mathematics, it cannot be so with convictions won on circumstantial evidence. The meaning of “beyond reasonable doubt” must preserve this fact. Cases in which a verdict of guilty is secured by circumstantial evidence are often those in which the link between evidence and verdict is understood probabilistically. There have been efforts of late to capture the structure of such reasoning in more or less stock models of Bayesian inference ([SOMEONE year]). We ourselves are doubtful of the overall adequacy of this approach, even in civil cases in which the standard is “proven on a balance of provabilities”. Inspection of the actual empirical record of such cases reveals the more dominant presence of abductive considerations. On the face of it, however, this cannot be right. For if it were right, we would have it that when a conviction is won on circumstantial evidence, the verdict is mired in nothing stronger than a conjecture. But surely not even the most confident conjecture of guilt meets the standard of proof beyond a reasonable doubt. Accordingly PROPOSITION 37 (The circumstantial conviction dilemma). At first appearance, either circumstantial conviction cannot meet the required standard of proof, or it is not abductively grounded. 34 “History
is replete with examples of convictions based exclusively on circumstantial evidence.”[Klotter, 1992, p. 69]
106
DOV M. GABBAY AND JOHN WOODS
We ourselves are minded to challenge the first horn of the dilemma of Proposition 37. Great weight is placed against it by the doctrine of the reasonable person. In its most general sense, it requires that jurors perform as ordinary persons in the course of their reflections on the matters before them. They are then required to use this ordinary thinking to reach a verdict. Verdicts are not only produced by ordinary thinking, but are required to be so produced, with one proviso: except when juridically constrained in some or other particular way. If this is right, a solution to the dilemma of Proposition 37 drops out. In the context of realistically constructed cases based on circumstantial evidence, ordinary thinking is frequently, if not typically, abductive. Since abductive thinking is inherently conjectural, not only is it left open that a verdict of guilty might be conjecturally based, but it is inevitable that this frequently, if not typically, be so. What remains is to show how conjecturally structured theories of a case manage to hit the required proof standard. The core idea embedded in the standard makes a twofold claim on reasonability. First, the theory of the case for conviction must be such as to draw the favour of a randomly selected reasonable person. Secondly, that self-same reasonable person must also be disposed to the view that the facts of the case do not answer to a rival theory of them that could reasonably be accepted. Interpreted abductively, this requires that an abductively secured conjecture of guilt must be strongly secured, and that there is no rival conjecture that is strongly enough secured. However, as the Indiana Court of Appeals has made clear in a case from 1978, “Convictions should not be overturned simply because this court determined that the circumstances do not exclude every reasonable hypothesis of evidence.”[Klotter, 1992, p. 69] Accordingly, PROPOSITION 38 (Guilt and reasonable alternatives). If a verdict of guilt is arrived at circumstantially it is not required that there not be other abductively reasonable theories of the evidence. For the present suggestion to pass muster, the idea of abductive strength requires clarification. To do so, it is important to emphasize that typically a conviction based on circumstantial evidence is a conviction faute de mieux, epistemically speaking. The qualification “typically” is necessitated by the fact that the law allows that on occasion circumstantial evidence may be as strong or stronger than direct evidence. Also significant is that, in an American case from 1969, “the trial court properly instructed the jury that ‘the law makes no distinction between direct and circumstantial evidence but simply requires that the reasonable doubt, from all of the evidence in the case,’ including ‘such reasonable inferences as seem justified, in the light of your own experiences’.”[Klotter, 1992, p. 68] The betterness that circumstantially based verdicts fail to achieve is the grade of epistemic attainment, whatever that is in fine, that attends conviction by direct evidence. Thus we assume as a matter of epistemology, rather than of juridical pronouncement, that unrebutted direct evidence, possesses an epistemic strength not usually possessed by circumstantial evidence in the face of competing and not unreason-
THE PRACTICAL TURN IN LOGIC
107
able rival theories. In structural terms, let K be what the court knows of the matter before it by direct evidence. Since, by hypothesis, a conviction cannot be got from K alone, it must be sought for by some supplementation of K short of additional direct evidence. This constitutes an abduction problem for the prosecution. The prosecution must attempt to supplement K in ways that the contents of K itself make reasonable and without further direct evidence. The task of the juror is to determine whether the prosecutor’s case is, in effect, a strong enough abduction without strong enough rivals. To achieve this standard, he must overcome the epistemic disadvantage implicit in the fact that sufficiently strong abductions won’t hit the epistemic standard hit by K. Accordingly we shall say PROPOSITION 39 (Discounting epistemic disadvantage). A successful abduction for conviction is one that is strong enough to minimize the epistemic disadvantage that inheres in abductive solutions. Correspondingly, a rival abduction is insufficiently strong when it does not minimize the inherent epistemic advantage to a sufficient degree. C OROLLARY 39( A ) Implicit in the doctrine of the reasonable person is the proposition that sometimes an abduction is such that it would be unreasonable not to accept it, or to accept it weakly, just because it failed to hit the epistemic standards reached by K. What we are here proposing is an epistemic commonplace. It is the idea that epistemic satisfaction is not only not typically achieved by epistemic optimization, but, for large classes of cases, that postponing epistemic satisfaction until greater strides toward optimization are achieved would be decidedly unreasonable. In the absence of contrary indications, you know that you are your parents’ child if you arrived during the child-bearing years of their union. In the absence of contrary indications or some contextually required standard of proof, resort to DNA testing would be quite mad. The criminal law requires that those of its obligations that fall to jurors be discharged by persons who operate as ordinary thinkers. The criminal law requires that the epistemic endeavours of jurors rise to the standards of the epistemically ordinary person. The requirement of determinacy whether, in its turn, the prosecution’s theory of the case achieves law’s standard of proof is thus a requirement that a reasonable person can be expected to attain when operating as an ordinary thinker. What the criminal law clearly settles for is not optimization, but satisfization set against sufficiently high standards. In the case of circumstantially based conviction, what the criminal law clearly settles for as well is an abductive solution which an epistemic satisficer who knows the relevant standard of proof would confidently accept and whose acceptance would not be in any way troubled by the express recognition that this judgement did not rise to the epistemic standard of K. The juror has discharged his ultimate obligation if he finds himself in the role of the epistemic satisficer whose standards do not in this particular way rise to K’s level.
108
DOV M. GABBAY AND JOHN WOODS
13
HYPOTHESIS-DISCHARGE
It is widely assumed in the literature that discharging an hypothesis is intimately bound up with its subsequent experimental confirmation or other forms of validation. So understood, hypothesis-discharge is post-abductive. It lies in the confirmatory aftermath of a decision to send a proposition to trial. We have noted elsewhere [Gabbay and Woods, 2005], that a decision to send a proposition to trial is neither necessary nor sufficient for hypothesis-engagement; hence is not intrinsically an abductive determination. As we shall now show, neither are favourable trial-outcomes necessary nor sufficient to that part of hypothesis-discharge that does remain fully within the ambit of abduction. This not to overlook the relative frequency with which, in non-legal settings, an abductive conjecture is sent straight to trial; nor is it overlook that one way of shearing off a proposition’s hypothetical character is by demonstrating its truth experimentally or in some other way. Let us be clear in saying that, while confirmation of a proposition is sufficient for the cancellation of its hypothetical mode of presentation, it is not part of the process of abduction. Accordingly, when a conjecture is sent straight to experimental trial, abduction ends at that point. We remarked in [Gabbay and Woods, 2005] that an abducer might reflect in his selection of a hypothesis his optimism that it would do well at trial, but, as we noted, thinking that one’s hypothesis will do well at trial is not intrinsically tied to its selection. But, even if it were, the trial itself would still be post-abductive. This leaves the question of whether hypothesis-discharge is possible within abductive contexts and, if so, what its structure would be. The answer lies in what we have already discovered about the operation of the provisions of the beyondreasonable-doubt standard for circumstantial criminal conviction. We summarize the main points of that finding. 1. A verdict in a criminal trial is not a conjecture. It is a finding; hence something that is forwarded assertively. 2. Even so, especially in cases built upon circumstantial evidence, verdicts are reached abductively. They are solutions of abduction problems. 3. The standard of proof beyond a reasonable doubt in effect requires a jury to discharge its theory of the case, that is, to forward it non-conjecturally. 4. Since, in such cases, there is no independent means of demonstrating directly the truth of a jury’s finding, the jury’s discharge of the hypothesis cannot have been post-abductive. 5. Accordingly, in reaching its finding in such cases, hypothesis-discharge is part of the jury’s solution of its abduction problem.35 35 The
point generalises to abduction as such, as we show in [Gabbay and Woods, 2005].
THE PRACTICAL TURN IN LOGIC
109
This allows us to say that PROPOSITION 40 (Discharge). Conditions on intra-abductive hypothesisdischarge approximate to those governing circumstantial conviction in a criminal trial. In our discussions so far, we have plotted the fortunes in legal settings of a pair of concepts of central importance to a logic of abduction — plausibility, presumption. When compared with how they fare in standard or non-legal contexts, an important methodological lesson presses for a hearing. PROPOSITION 41 (The distortions of law). Given epistemic intrusions required by justice, it may be taken as a rule of thumb that cognitive concepts are not wellelucidated by the treatments they receive in legal contexts. C OROLLARY 41( A ). Theorists who seek for satisfactory general explanations of cognitively oriented concepts, such as plausibility and presumption, should not expect to find them in theoretical jurisprudence. An exception to Proposition 41 and its Corollary would appear to be the matter of intra-abductive hypothesis-discharge. It is a welcome exception. It helps correct a considerable misconception about the standard of proof in criminal cases. This is the idea that the standard is artificially high. In fact, it is not artificial, and it is not especially high — certainly it is no kin of mathematical proof or experimental confirmation of the sort required in drug trials. It is perfectly true that, in the name of justice, the law artificially constrains what evidence a jury can hear and, at times, the weight that a jury can give it; but this same artificiality is not intruded into the standard of proof itself. What shows this to be so is the commonplaceness of the constraints under which the standard is honoured in actual judicial practice. Key to a proper understanding of them is the idea of satisfaction. What the law requires is that jurors attain a certain level of doxastic satisfaction. They must be satisfied that the picture that the evidence suggests to them is undisturbed by the fact that it is not an epistemically optimal theory of the case. The other is that the failure of a rival theory of the case to satisfy them is not something that counts against it in an epistemically optimal way. But this is the condition in which the epistemic satisficer finds himself quite routinely. It is the hallmark of the reasoning of an ordinary reasoner when reasoning in the way of ordinary reasoners about just about anything. What counts, both in the general case and in the case of proof beyond a reasonable doubt, is that these occasions of possible error do not disturb the reasoner’s doxastic repose. (The language of the law is replete with the idioms satisfaction and repose. Judges tell juries that, to convict, they must be satisfied that such-and-such and so-and-so. When counsel have presented their case, they rest.) In this model of juridical determination, it is difficult to over-estimate the pivotal importance of satisfaction. Satisfaction is the dual of cognitive irritation, which is what occasions the need for abductive reasoning in the first place. Accordingly, PROPOSITION 42 (Doubt and satisfaction). A jury’s verdict meets the standard
110
DOV M. GABBAY AND JOHN WOODS
of proof beyond a reasonable doubt when its members are in a state of doxastic satisfaction achieved by the procedures of ordinary reasoning in response to the evidence led at trial. PROPOSITION 43 (Competence). The present model of cognitive satisfaction presuppose the competence of individual jurors; in particular that the satisfaction required by the standard would not be achieved by a competent reasoner unless he were untroubled by the fact that his theory of the case did not attain standards of epistemic optimality and by the fact that his exclusion of rival theories did not attain it either. We may take it that, in the general case, a juror’s theory of the case is something that arises piecemeal, and that frequently it is held conjecturally before the condition of doxastic satisfaction has been attained. To the extent that this is so, juries may be said to perform the operations of both hypothesis-engagement and hypothesis-discharge in the course of reaching their verdicts. But no doubt there will be cases in which, notwithstanding the admonitions of caution voiced by judges, juries will like the rest of us be cut-to-the-chase dischargers. The key to hypothesis-discharge lies in the structure of the abducer’s doxastic satisfaction. When a proposition is held conjecturally, what the reasoning agent is satisfied about is that it is a proposition that merits conjecture. When a proposition is abductively discharged, what the reasoning agent is satisfied with is it. He is satisfied with its propositional content. A reasoner moves from conjecture to discharge when he moves from the first kind of satisfaction to the second. We note in passing that in this distinction between the satisfactions that underly conjecture and discharge we have the wherewithal to capture the difference between proof standards in criminal and civil proceedings. Accordingly, PROPOSITION 44 (Criminal and civil standards). The criminal standard is met by a state of satisfaction achieved in a certain way about the content of the proposition of the verdict. The civil standard of proof as the balance of probabilities is met by a state of satisfaction achieved in a certain way about which theory of the case merits conjecture. C OROLLARY 44( A ) It is a virtue of a theory of abduction that it helps clear up entrenched confusions in the law of evidence in other sectors of legal reasoning. We have seen that jurisprudential contexts occasion significant distortions of most concepts of relevance and all standard conceptions of presumptiveness. This is a reflection of the epistemic compromise that justice negotiates with truth. It arises from the law’s fundamental operating principle that epistemically wrongful convictions should be minimized even at the cost of epistemically wrongful acquittals. These, we say, are significant distortions, but they are significantly redressed by the circumstance that in achieving even the standard of proof required for a
THE PRACTICAL TURN IN LOGIC
111
criminal conviction, the juror’s reasoning, step by step, need not — and should not — aim at or attain a standard higher than the standard achieved by a reasonable person when reasoning as an ordinary being; i.e., including the drawing of “such inferences as seem justified, in the light of [his] own experience.” [Klotter, 1992, p. 68]. This places the phenomena of circumstantial conviction in the spotlight, and gives us a point worth repeating. It gives us occasion to provide an interpretation of proof beyond a reasonable doubt according to which the juror is an abductive satisficer concerning the verdict he proposes, whose confidence in it is not shaken by his recognition that his own solution does not optimize to the level of K or higher, and for whom there is no rival abduction that could appeal to his obligations as a satisficer. We have it, then, that PROPOSITION 45 (Beyond reasonable doubt). The judicial question of proof beyond a reasonable doubt has a solution in the logic of abduction. 14
FORMAL MODELS OF PRACTICAL REASONING
In section 1 we set ourselves three subtasks. One was to elucidate a conception of the practical that would play a load-bearing role in a logic of practical reasoning. Another was to pay some attention to the extent to which an enquiry into practical reasoning (for this conception of the practical) is defensible part of the logician’s enterprise. The third objective was to examine the extent, if any, to which a logic of practical reasoning is intrinsically hostile to the claims or methods of modern formal logic. The first task seeks to answer the question, “What makes it practical?” The second seeks to answer the question, “What makes it logic?” The third suggests an answer to “Can it be formal?” In the preceding sections, we have attempted to make some headway with the first two of these questions. In the present section, we turn to the third. In our examination of the formalization thesis, we identified two related difficulties. 1. While validity is a decidable property in PC, it is not a decidable property of those parts of English governed by the —em PCformalization rules. 2. In the absence of some degree of headway with a logic of natural languages, application of the formalization rules of PC must rely over-much on the linguistic intuitions of English speakers. As we have said, this is far from catastrophic news (although it fundamentally belies what is said about formalization in virtually all the standard elementary textbooks). The formalization thesis makes an ambitious claim about the backwards reflection of certain properties of PC-structures. This is an ambitious and comparatively narrow claim about how the formal theory PC applies to subsets of structures in natural language. But PC is also a formal model of properties
112
DOV M. GABBAY AND JOHN WOODS
of English in further respects, concerning which validity again is a good example. Intuitively, an argument is valid in English if and only if it is in no sense jointly possible that its priors are all true and its conclusion false. PC is, in part, a formal model of this fundamental insight. It offers both a precisification and an elucidation of the intuitive notion of validity. On the score of precisification it represents “no possibility” as “no valuation”. On the elucidatory side, it shows that how extensively the intuitive notion can be captured by the interplay of uninterpreted sentences and noticably weak logical particles. This allows a PC-modellist to claim that the intension of the intuition is well-captured in PC, even though PC can’t gather in all its extension. But the intensional accomplishment is a significant development. It reveals that validity has a more parsimonious semantic-structure than is presupposed by the intuitive notion of it. As readers will have been aware, our discussion to date has been an informal one. We could say that what the preceding sections have offered up is a kind of conceptual analysis of the logic of practical reasoning. A conceptual analysis of a concept K is a regimentation of our K-intuitions. Such regimentations generate conceptual models of the intuitive data. A conceptual model of K is both a prescification and elucidation of K-intuitions. Conceptual models are, as earlier noted, inputs to formal models which expose the K-phenomenon to a further wave of precisification and elucidation, one that emphasizes systematicity, simplicity and conceptual priority. In the space available to us here, we are unable to construct the formal models that a theory of practical logic requires.36 But, before bringing the chapter to an end, we should give some indication of how we think it appropriate to proceed with the construction of these models. Our conceptual model of practical logic is what our formal model seeks to model. Accordingly, the modelling process is subject to two conditions, never mind that they pull in different directions. On the one hand, once the formal model is produced the conceptual account must be recognisably preserved in it. The other is that the formal model should refine or augment — and even in some cases correct — features of the conceptual account. The first condition speaks for itself. If the conceptual account is not recognizably preserved in the formal model, then the formal model will not have modelled its intended target. In that case, instead of a unified account of practical logic, we would have two possibly disjoint accounts, the conceptual theory of the preceding sections, and the formal theory of some other set of intuitions. Clearly the second condition bears on this issue, since among other things, it allows for exceptions. Beyond that it reflects the fact that when we formalize a conceptual theory, in addition to the things in the conceptual theory that we must include in the formal account, there are also things not in the conceptual account that we should put in the formal account. Thus formalizing a more or less unified body of conceptual data is not just giving a formal re-expression of it. It is also a way of producing a theory for those conceptually organized data. As such, the formal model should try to systematize those con36 But
see [Gabbay and Woods, 2003] and [Gabbay and Woods, 2005]
THE PRACTICAL TURN IN LOGIC
113
ceptual inputs, to generalize upon them where possible, and to unify them with existing theories not dealt with at the conceptual level. Given that there is a gap between data and theory, it is important to note that a datum does not have the automatic right of veto over what the theory may propose. So it is to be expected that to some extent the formal account will change the story told by the conceptual account. Accordingly, PROPOSITION 46 (Formalizing practical logic). Formal models of practical logic should preserve at least the central propositions and definitions of the conceptual account. Where they do not, they should try to determine whether this represents a weakness of the formal model or a deficiency in the conceptual model. A formal model is an idealized description of a thinking agent. A formal model of practical logic is an idealized description of the behaviour of reasoners whose cognitive targets are comparatively modest and whose wherewithal for their attainment are comparatively slight. All idealized descriptions take liberties. They are in various ways empirically untrue. Provided that the gap is not too large between how formal models represent what an agent does and what the agent actually does, the formal models methodology is widely recognized to have virtues difficult to come by in more descriptively dense accounts. Idealizations are abstractions. They subdue the number of parameters that enter the formal model’s descriptions and they reduce contextual complexity. Abstraction is a kind of liberation. It frees the theorist to weave a tightly connected account around formal representations of the main features of the conceptual account. When the formal model is already itself a well-understood structure, there is value in squeezing into it any other theory that will reasonably fit. For in so doing, the squeezed-in theory adapts to, and amplifies, the interpretation of a structure that is antecedently well-understood. What the ensuingly formalized account gains by way of systemacity and precision, it may lose by way of literal accuracy. But it is a winning cost–benefit strategy if the formal model in turn elucidates connections that were not initially apparent in the conceptual account. A further benefit that sometimes accrues to formalization is an appreciation that it brings of systematic connections between and among rival theories. It also sometimes happens that at certain levels of abstraction apparent rivalry gives way to integration. Part of what the mathematically oriented logician is interested in and adept at is the construction of formal models. The degree of latitude the logician has in producing his models bears directly on the nature of his contribution to a theoretical description of the behaviour of a practical cognitive agent. The psychologism to which we have committed ourselves suggests a general kind of answer. It suggests that our formal models should not idealize beyond the reach of the theoretical models of psychology itself, especially those models that stand a good chance of handling approximation to real-life performance in a realistic way. Since the time of its founding, logicians have been sensitive to such constraints, especially as regards deductive reasoning. Aristotle was the first to adjust a logical
114
DOV M. GABBAY AND JOHN WOODS
theory to the fact that in making deductions from a body of data, or a set of premisses, real-life reasoners neither infer nor ought to infer everything that chances to be a consequence of those data. Underlying this constraint, as we said at the beginning, is the distinction between what the consequences of a body of data are and what consequences of those data are to be drawn. Aristotle’s view was that what the consequences are, are fixed by what we would call a classical consequence relation (nearly enough, it is classical entailment); whereas the consequences that are (to be) drawn are fixed by what he calls syllogistic consequence. Syllogistic consequence is classical consequence (or ‘necessitation’, as Aristotle has it) constrained in certain ways. Accordingly, a syllogism is a classically valid argument meeting those constraints, two of the most prominent of which are premiss-irredundancy and non-circularity. Two others are the consistency of premiss-sets and a ban on multiple conclusions. Taken together, syllogistic is the first non-monotonic, paraconsistent and intuitionist (-like) system in the history of logic. (Woods [2001, Chapter 6] and Woods and Irvine [2004].) It is quite clear that Aristotle has in mind the distinction between what the consequences are and what consequences are (to be) drawn. Equivalently, he was aware of the difference between what follows from a database or premiss-set, and what is (or should be) inferred from it. It was a fateful recognition, since it led the founder of logic to the insight that deductive reasoning (or inference) is both a lesser and at the same time more complex thing than what unfettered logical consequence allows. The syllogistic reflects this awareness. It is Aristotle’s attempt to inferentialize the consequence relation. Aristotle thought that he could come close to getting a psychologically realistic set of rules for deductive thinking by beginning with truth conditions on unfettered consequences and adjusting them to the task of reasoning by imposing syllogistic constraints. There are two parts to this task. The syllogistic logician requires a theory of consequence, and he requires a theory of inference which will be spelled out in the constraints he imposes. It is noteworthy that Aristotle left the first of these tasks unperformed, concentrating his efforts upon the second. But this is far from showing that the first is not also essential. How does this tie in with our discussion of the degree of latitude the logician has in constructing formal models? If we stay with our present example for a moment, one clear task of the logician is to model consequence formally. Another, if we follow the lead of Aristotle himself, is to inferentialize the consequence relation by constraining the model in appropriate ways. It falls to the cognitive scientist to determine whether the inference model solves the approximation problem. If so, some would say that the logician’s task is at an end. But if psychological experimentation shows respects in which the formal model’s inferences are not plausible approximations of the real thing, the logician has the remedial task of refining his model further. Much the same can be said for the formal modelling of practical logic. Here, too, it is open to the theorist to begin at a certain level of abstraction, prior to the imposition of more realistic constraints. What is important is that he not ascend to
THE PRACTICAL TURN IN LOGIC
115
over-high levels of abstraction. In judging the success of a formalization F of a conceptual model C of a notion n, efforts should be made to answer two main questions. One is the question of bidirectional coverage and the other is the question of fit. A formal model F of a conceptual model C does well or badly on the score of bidirectional coverage to the extent that provisions originating in C have counterparts in F and provisions originating in F can be accommodated in unforced extensions of C. F does well or badly with respect to its fit with C to the extent that F’s counterparts in C (or an unforced extension of C) solve the approximation problem. It is also worth repeating that a failure of coverage, whether by F or C, or an extension of C of F, is not necessarily fatal. The fact that a provision of C (a C-fact, so to speak) is unmatched in F (has no corresponding F-fact) could be reason to adjust C rather than to fault F. Similarly, that an F-fact has no counterpart in an unforced extension of C might show only that F has a conceptual or mathematical richness that C need not have. It is not desirable that the question of how well F fits C be restricted to how well F-counterparts of C-facts solve the approximation problem. Formalisation is at its best when there is genuine reciprocity between F and C. It is possible, therefore, that the F-fact that is counterpart to some C-fact will deepen the analysis of the subject of the enquiry beyond what the C-fact, and others like it, are able to do. So it must not be automatically supposed, just because an F-fact ‘says more’ than its corresponding C-fact, that the fit of C to F is inadequate or defective (alternatively, that F does poorly with the approximation problem). By far the most successful formal models currently available to science and logic are those that can be called broadly mathematical. We began this chapter by observing the various inadequacies of mathematical logic when considered as theories of reasoning. The practical logic whose conceptual model we have sketched here is clearly a theory (or part of a theory) of reasoning. Yet we have also insisted that a full treatment of the logic of practical reasoning calls out for formal models. But if formal models are mathematics, and mathematics is inadequate for practical reasoning, why would he submit our conceptual model to the rigors of a form of modelling that can’t work for it? Let us see. Given its extensive absorption by mathematics, it was hardly surprising that modern mainstream logic looked to mathematics for its working notion of model. Such in turn was the choice of the natural sciences, certainly of those of them for the expression of whose laws mathematics is indispensable. The more complex of the natural sciences fared less well in capturing its essential insights in mathematical formalisms. This, too, is not surprising, given the comparative messiness and lack of generality of, say, the life sciences. Biology is an interesting test case for the would-be practical logician. There is a use of the word “theory” in which a scientific accounts theoretical component is that which falls beyond the ambit of observation. In many cases, a theory is little more than a mechanical device that computes or predicts output from a system’s inputs. In biology, perhaps the classic example is theoretical population genetics and evolutionary genetics. Here all the
116
DOV M. GABBAY AND JOHN WOODS
basic processes are quite well known. These include the operations of inheritance, the facts of mutation, migration, and the mechanisms of natural selection under varying conditions of survival and fertility. Thus Theoretical evolutionary genetics assembles all these phenomena into a formal mathematical structure that predicts changes in the genetic composition of populations and species over time as a function of the numerical values of these elementary processes [Lewontin, 2003, p. 40]. Here the formalization works. It works because the underlying mechanisms are known. There are lots of cases in which this is not so. Here the formal modelist has, apart from desistance, no option but to fly high. For here, in its pure form, the mechanical formalities are posited without any direct connection to underlying material data. This makes the theorist’s formal model an empirically unsupported place-holder for the actual dynamical details once they become known. An especially extreme, and failed, example of this theoretical high-flying was the Rashevsky school of mathematical biophysics, which operated in the late 1930s at the University of Chicago. Within three decades the movement was dead, made so by the extreme over-idealization of its physical models, so radical as to make them empirically inert. The Rashevsky collapse teaches an important lesson. It is that certain biological processes may not admit of accurate mathematical expression. There are still other cases in which postulated mathematical expressions of biological processes turn out to be right, but a good deal less than optimal even so. This we see in the case of Turing’s conjecture that early embryonic development could be understood as the result of different concentrations of (observationally undetermined) molecules, distributed differentially within the embryo. This is right as far as it goes. But developmental genetics owes nothing to Turing’s model. What it achieved in accuracy it paid for in over-simplification. These are lessons for the practical logician to take to heart. For one thing, the behaviour of human animals exceeds in complexity any grasp we have of the fruit fly, no matter how exhaustive. Apart from that, there is the engaging problem of down below, which is where much of a practical agent’s cognitive agenda is transacted. The republic of down below is ringed by unwelcoming borders. Not only is much of what goes on there inaccessible to introspection, but experimental probes are heavily constrained by the ethical requirement to do no harm. More generally, it is important to emphasize that not everything a theorist is interested in has much tat admits of mathematical expression in any literal sense. This leaves the theorist to let loose some mathematics in his formal model, but he must do so with requisite diffidence lest the model mangle the target data. To some extent any successful formal model of practical reasoning will permit a degree of mathematical expression. To qualify the model as mathematical on this account alone is somewhat honorific. But the fact remains that, in so far as modelling of any kind is a distortion of its inputs, the supreme requirement is not to be cavalier with the data.
THE PRACTICAL TURN IN LOGIC
117
ACKNOWLEDGEMENTS Parts of this chapter have been adapted with permission from Gabbay and Woods, Agenda Relevance: A Study in Formal Pragmatics, North-Holland 2003, and Woods, The Death of Argument: Fallacies in Agent-based Reasoning, Kluwer 2004. For support of the research underwriting the chapter, we gratefully record our indebtedness to the Engineering and Physical Sciences Research Council of the United Kingdom, the Social Sciences and Humanities Research Council of Canada, Professor Nancy Gallini, Dean of Arts, University of British Columbia, and Professor Christopher Nicol, Dean of Arts and Science, University of Lethbridge. In matters of technical support, Carol Woods, in Vancouver, and Jane Spurr, in London, have been invaluable. Dov Gabbay King’s College London, UK. John Woods University of British Columbia, Canada. BIBLIOGRAPHY [Aizawa, 1994] K. Aizawa. Representations without rules, connectionism and the syntactic argument. Synthese, 101:464–492, 1994. [Aizawa, 2000] K. Aizawa. Connectionist rules: A rejoinder to horgan and tienson’s connectionism and the philosophy of psychology. Acta Analytica, 22:59–85, 2000. [Anderson and N.D.Belnap, 1975] A.R. Anderson and Jr. N.D.Belnap. Entailment: The Logic of Relevance and Necessity, volume 1. Princeton, NJ, Princeton University Press, 1975. [Audi, 2004] Robert Audi. Theoretical rationality. In Alfred R. Mele and Piers Rawling, editors, The Oxford Handbook of Rationality, pages 14–17. Oxford, Oxford University Press, 2004. [Axsom et al., 1987] D.S. Axsom, S. Yates, and S. Chaiken. Audience response as heuristic case in persuasion. Journal of Personality and Social Psychology, 53:30–40, 1987. [Barwise, 1977] Jon Barwise. Handbook of Mathematical Logic. Amsterdam, New York and Oxford: North Holland, 1977. [Beer, 1995] R.D. Beer. Computational and dynamical languages for autonomous agents. In R. Port and T. van Gelder, editors, Mind as Motion: Explorations in the Dynamics of Cognition, pages 121–147. Cambridge, MA, MIT Press/Bradford Books, 1995. [Boole, 1854] G. Boole. An Investigation of the Laws of Thought on which are Founded the Mathematical Theories of Logic and Probvabilities. Cambridge, Macmillan and London, Walton and Maberly, 1854. Reprinted by LaSalle, Ill, Open Court in 1952. [Botterill and Carruthers, 1999] G. Botterill and P. Carruthers. The Philosophy of Psychology. Cambridge, U.K. and New York, Cambridge University Press, 1999. [Bratman, 1999] M. Bratman. Faces of Intention: Selected Essays on Intention and Agency. Cambridge, Cambridge University Press, 1999. [Brooks, 1991] R.A. Brooks. Intelligence without representation. Artificial Intelligence, 47:139–159, 1991. [Burton, 1999] R.G. Burton. A neurocomputational approach to abduction. Mind, 9:257–265, 1999. [Byrne, 1968] Edmund F. Byrne. Probability and Opinion: A stufy in the medieval presuppositions of post-medieval theories of probability. The Hague, Martinus Nijhoff, 1968. [Carlson and Pelletier, 1995] G.N. Carlson and F.J. Pelletier. The Generic Book. Chicago, Chicago University Press, 1995. [Cherry, 1966] Colin Cherry. On Human Communication. Cambridge, MA, MIT Press, 1966.
118
DOV M. GABBAY AND JOHN WOODS
[Churchland, 1989] P.M. Churchland. A Neurocomputational Perspective: The Nature of Mind and the Structure of Science. Cambridge, MA, MIT Press, 1989. [Churchland, 1995] P.M. Churchland. The Engine of Reason, The Seat of the Soul. Cambridge, MA, The MIT Press, 1995. [Clark, 1997] A. Clark. Being There: Putting Brain, Body and World Together Again. Cambridge, MA: MIT Press/Bradford Books, 1997. [Cooper, 2001] W.S. Cooper. The Evolution of Reason: Logic as a Branch of Bioloty. Cambridge, Cambridge University Press, 2001. [Corteen and Wood, 1972] R.S. Corteen and B. Wood. Autonomic responses for shock-associated words in an unattended channel. Journal of Exoperimental Psychology, 94:308–313, 1972. [Daston, 1988] Lorraine Daston. l l b bl h l h Princeton University Press, Princeton, 1988. [Davidson, 1963] D. Davidson. Actions, reasons and causes. Journal of Philosophy, pages 685–700, 1963. [Dawson and Schell, 1982] M.E. Dawson and A.M. Schell. Electrodermal responses to attended and nonattended significant stimuli during dichotic listening. Journal of Experimental Psychology: Human Perception and Performance, 8:315–324, 1982. [Dennis, 1999] I.H. Dennis. The Law of Evidence. Wheat and Maxwell, 1999. [Dunn, 1994] J. M. Dunn. Relevant logic and entailment, 1994. [Ellis, 1979] Brian Ellis. Rational Belief Systems. Oxford: Oxford University Press 1979. [Eagly and Chaiken, 1993] A.H. Eagly and S. Chaiken. The Psychology of Attitudes. Fort Worth, Harcourt Brace Jovanovich, 1993. [Finger and Wasserman, 2004] M. Finger and R. Wasserman. Approximate limited reasoning: semantics, proof theory expressivity and control. Journal of Logic and Computation. 14, 179–204, 2004. [Fodor, 1975] J.A. Fodor. The Language of Thought. New York, Thomas Y. Crowell, 1975. [Fodor, 1983] J. Fodor. The Modularity of Mind. Cambridge, MA, MIT Press, 1983. [Fodor, 2002] J. Fodor. The Mind Doesn’t Work That Way. Cambridge, MA, MIT, 2002. [Frankfurt, 1988] H. Frankfurt. The Importance of What We Care About. Cambridge, Cambridge University Press, 1988. [Franklin, 2001] James Franklin. The Science of Conjecture: Evidence and Probability before Pascal. The Johns Hopkins University Press, Baltimore, 2001. [Frege, 1879] Gottlob Frege. In Jean van Heijenoort, editor, Begriffsschrift, A Formula Language, Modeled upon that of Arithmetic, for Pure Thought. Cambridge, MA, Harvard University Press. [Frege, 1884] G. Frege. The Foundations of Arithmetic: A logico-mathematical Enquiry in to the Concept of Number. Oxford, Blackwell, 1884. Originally published in Breslau by Koebner. Translated by J.L. Austin. [Gabbay and Woods, 2001] Dov M. Gabbay and John Woods. Non-cooperation in dialogue logic. Synthese, 127:161–186, 2001. [Gabbay and Woods, 2003] Dov M. Gabbay and John Woods. Agenda Relevance A Study in Formal Pragmatics. Amsterdam, Elsevier/North Holland, 2003. [Gabbay and Woods, 2005] Dov M. Gabbay and John Woods. The Reach of Abduction: Insight and Trial. Amsterdam, Elsevier/North-Holland, 2005. [Gabbay and Woods, 2006] Dov M. Gabbay and John Woods. Seductions and Shortcuts: Fallacies in the Cognitive Economy. Amsterdam, Elsevier/North-Holland, 2006. [Gabbay et al., 2002] D.M. Gabbay, R.H. Johnson, H. Jurgen Ohlbach, and J. Woods. Standard logics as theories of argument and inference: Deduction. In D.M. Gabbay, R.H. Johnson, H. Jurgen Ohlbach, and J. Woods, editors, Handbook of the Logic of Argument and Inference: The Turn Toward the Practical. Amsterdam, North-Holland, 2002. [Gabbay, 1990] D.M. Gabbay. editorial. Journal of Logic and Computation, 10:1–2, 1990. [Geffner, 1992] H. Geffner. Default Reasoning: Causal and Conditional Theories. Cambridge, MA, MIT Press, 1992. [Gigerenzer and Selten, 2001] G. Gigerenzer and R. Selten, editors. Bounded Rationality: The Adaptive Toolbox. Cambridge, MA, MIT Press, 2001. [Globus, 1992] G. Globus. Towards a non-computational cognitive neuroscience. Journal of Cognitive Neuroscience, 4:299–310, 1992.
THE PRACTICAL TURN IN LOGIC
119
[Grattan-Guinness, 2004] Ivor Grattan-Guinness. The mathematical turn in logic. In Dov M. Gabbay and John Woods, editors, Handbook of the History of Logic, volume three of The Rise of Modern Logic: From Leibniz to Frege, pages 545–556. Amsterdam, Elsevier/North Holland, 2004. [Gray, 2002] John Gray. Straw Dogs. Granta Books, 2002. [Guarini, 2001] M. Guarini. A defence of connectionism against the syntactic argument. Synthese, 128:287–317, 2001. [Hacking, 1975] Ian Hacking. The Emergence of Probability. London, Cambridge University Press, 1975. [Hailperin, 2004] Theodore Hailperin. Algebraical logic 1685–1900. In Dov M. Gabbey and John Woods, editors, Handbook of the History of Logic, volume three of The Rise of Modern Logic: From Leibniz to Frege, pages 323–388. Amsterdam, Elsevier/North Holland, 2004. [Hamlyn, 1990] D.W. Hamlyn. In and Out of the Black Box. Oxford, Basil Blackwell, 1990. [Hannibal, 2002] Martin Hannibal. The Law of Criminal and Civil Evidence. Longman, London, 2002. [Hansen and Kauffeld, 2005] H.V. Hansen and F. Kauffeld, eds. Presumptions and Burdens of Proof: An Anthology. University of Alabama: Tuscaloosa, 2005. [Harman, 2002] Gilbert Harman. A logic is not a theory of reasoning and a theory of reasoning is not a logic. In Dov M.Gabbay, Ralph H. Johnson, Hans Juergen Ohlbach, and John Woods, editors, Handbook of the Logic of Argument and Inference, pages 171–186. Amsterdam, North-Holland, 2002. [Harman, 2004] Gilbert Harman. Practical aspects of theoretical reasoning. In Alfred R. Mele and Piers Rawling, editors, The Oxford Handbook of Rationality, pages 45–56. Oxford, Oxford University Press, 2004. [Hendriks-Jansen, 1996] H. Hendriks-Jansen. Catching Ourselves in the Act: Situated Activity, Interactive Emergence, Evolution and Human Thought. Cambridge, MA, MIT Press/Bradford Books, 1996. [Horgan and Tienson, 1988] T. Horgan and J. Tienson. Settling into a new paradigm. In Connectionism and the Philosophy of Mind: Proceedings of the 1987 Spindel Conference, special supplement, 1988. [Horgan and Tienson, 1989] T. Horgan and J. Tienson. Representations without rules. Philosophical Topics, 17:147–174, 1989. [Horgan and Tienson, 1990] T. Horgan and J. Tienson. Soft laws. Midwest Stueies in Philosophy: The Philosophy of the Human sciences, 15:256–279, 1990. [Horgan and Tienson, 1992] T. Horgan and J. Tienson. Cognitive systems as dynamical systems. Topoi, 11:27–43, 1992. [Horgan and Tienson, 1996] T. Horgan and J. Tienson. Connectionism and the Philosophy of Psychology. Cambridge, MA, MIT Press, 1996. [Horgan and Tienson, 1999a] T. Horgan and J. Tienson. Authors’ replies. Acta Analytica, 22:275– 287, 1999. [Horgan and Tienson, 1999b] T. Horgan and J. Tienson. Short preecis ´ of connectionism and the philosophy of psychology. Acta Analytica, 22:9–21, 1999. [Husbands and Meyer, 1998] P. Husbands and J.A. Meyer, editors. Proceedings of the First European Workshop. Berlin, Springer, 1998. [Jackson, 1996] S. Jackson. Fallacies and heuristics. In R. Grootendorst, J. van Benthem, F.H. van Eemeren, and F. Veltman, editors, Logic and Argumentation, pages 101–114. Amsterdam, NorthHolland, 1996. [Jacobs and Jackson, 1983] S. Jacobs and S. Jackson. Speech act structure in conversation: Rational aspects of pragmatic coherence. In Robert Craig and Karen Tracy, editors, Conversational Coherence: Form, Structure, and Strategy, pages 47–66. Newbury Park, CA, Sage, 1983. [Jacobs et al., 1985] S. Jacobs, M. Allen, S. Jackson, and D. Petrel. Can ordinary arguers recognize a valid conclusion if it walks up and bites them in the butt? In J.R. Cox, M.O. Sillars, and G.B. Walker, editors, Argument and Social Practice: Proceedings of the Fourth SCA/FA Conference on Argumentation, Annandale VA, Speech Communication Association, 1985. [Kahneman and Treisman, 1984] D. Kahneman and A. Treisman. Changing views of attention and automaticity. In R. Parasuraman and D. R. Davies, editors, Varieties of Attention, pages 29–61. New York, Academic Press, 1984. [Klotter, 1992] J.C. Klotter. Criminal Evidence. Andersen Publishing Co, 1992.
120
DOV M. GABBAY AND JOHN WOODS
[Lewontin, 2003] Richard Lewontin. Science and simplicity. The New York Review of Books, 59, 2003. [MacCormick, 1993] N. MacCormick. Argumentation and interpretation in law. Ratio Juris, 16–29, 1993. [Massey, 1975a] Gerald J. Massey. Are there any good arguments that bad arguments are bad? Philosophy in Context, 4:61–77, 1975. [Massey, 1975b] Gerald J. Massey. In defense of the asymmetry. Philosophy in Context, 4:44–45, 1975. supplementary volume. [Massey, 1981] Gerald J. Massey. The fallacy behind fallacies. Midwest Studies in Philosophy, six:489–500, 1981. [Minsky, 1975] M. Minsky. Frame-system theory. In R.C. Schank and B.L. Nash-Webber, editors, Interdisciplinary Workshop on Theoretical Issues in Natural Language Processing. New Haven, Yale University Press, 1975. [O’Connor, 2001] T. O’Connor. Persons and Causes. Oxford, Oxford University Press, 2001. [O’Keefe, 1990] D.J. O’Keefe. Persuasion: Theory and Research. Thousand Oaks,CA, Sage, 1990. [Parasuraman and Davies, 1984] R. Parasuraman and D.R. Davies. Varieties of Attention. New York, Academic Press, 1984. [Peirce, 1958] C.S. Peirce. Collected Works. Cambridge, MA, Harvard University Press, 1958. a series of volumes, the first appearing in 1931. [Peirce, 1992] C.S. Peirce. In Kenneth Laine Ketner, editor, Reasoning and the Logic of things: The 1898 Cambridge Conferences Lectures by Charles Sanders Peirce. Cambridge, MA, Harvard University Press, 1992. [Petty and Cacioppo, 1986] R.E. Petty and J.T. Cacioppo. Communication and Persuasion. New York, Springer-Verlag, 1986. [Pietroski, 2000] P.M. Pietroski. Causing Actions. Oxford, Oxford University Press, 2000. [Quine, 1953] W.V. Quine. Two dogmas of empiricism. Cambridge, MA, Harvard University Press, 1953. Originally published Philosophical Review 60(1951). [Quine, 1960] W.V. Quine. Word and Object. Cambridge, MA and New York: MIT Press and John Wiley, 1960. [Quine, 1969] W.V.O. Quine. Natural kinds. In Nicholas Rescher, editor, Essays in Honor of Carl G. Hempel, pages 5–23. Dordrecht, Reidel, 1969. [Raiffa, 1968] H. Raiffa. Decision Analysis. Reading, MA, Addison-Wesley, 1968. [Raz, 1978] Joseph Raz. Practical Reasoning. Oxford, Oxford University Press, 1978. [Read, 1988] Stephen Read. Relevant Logic: A Philosophical Examination of Inference. Oxford, Blackwell, 1988. [Reiter, 1980] R. Reiter. A logic for default reasoning. Artificial Intelligence, 12:81–132, 1980. [Rensink, 2000] Ronald Rensink. Seeing, sensing and scrutinizing. Vision Research, 40:1469–1487, 2000. [Rescher, 1976] Nicholas Rescher. Plausible Reasoning: An Introduction to the Theory and Practice of Plausible Inference. Assen and Amsterdam, Van Gorcum, 1976. [Rescher, 1977] Nicholas Rescher. Methodological Pragmatism: A systems-theoretic approach to the theory of knowledge. Oxford, Blackwell, 1977. [Rescher, 1995] Nicholas Rescher. Plausibility. In Ted Honderich, editor, The Oxford Companion to Philosophy. Oxford, Oxford University Press, 1995. [Roach, 2000] K. Roach. Criminal Law, 2nd edition. Irwin Law, Toronto, 2000. [Rosch, 1978] E. Rosch. Principles of categorization. In E. Rosch and B.B. Lloyd, editors, Cognition and Categorization. Hillsdale, NJ, Erlbaum, 1978. [Schaerf and Cadoli, 1995] M. Schaerf and M. Cadoli. Tractable reasoning via approximation. Artificial Intelligence, 74:249–310, 1995. [Schank and Abelson, 1977] Roger Schank and Robert Abelson. Scripts, Plans, Goals and Understanding: An Inquiry into Human Knowledge Structures. Hillsdale, NJ, Lawrence Erlbaum Associates, 1977. [Schneider et al., 1984] W. Schneider, S.T. Dumais, and R.M. Shiffrin. Automatic and controlled processing and attention. In R. Parasuraman and D.R. Davies, editors, Varieties of Attention, pages 1–27. New York, Academic Press, 1984. [Shannon, 1993] B. Shannon. The Representation and the Presentational: An Essay on Cognition and the Study of Mind. New York and London, Harvester Wheatsheaf, 1993.
THE PRACTICAL TURN IN LOGIC
121
[Shiffrin, 1997] R.M. Shiffrin. Attention, automatism and consciousness. In Jonathan D. Cohen and Jonathan W. Schooler, editors, Scientific Approaches to Consciousness, pages 49–64. Mahwah, NJ, Erlbaum, 1997. [Simon, 1957] H.A. Simon. Models of Man. New York, John Wiley, 1957. [Smith and Medin, 1981] E.E. Smith and D.L. Medin. Categories and Concepts. Cambridge, MA, Harvard University Press, 1981. [Sperber and Wilson, 1987] D. Sperber and D. Wilson. Precis of relevance: communication and cognition. Behavioral and Brain Sciences, 19:697–754, 1987. [Stanovich, 1999] K.A. Stanovich. Who is Rational? Studies of Individual Differences in Reasoning. Mahawah, NJ, Erlbaum, 1999. [Sterelny, 1990] K. Sterelny. The Representation Theory of Mind. Oxford, Blackwell, 1990. [Stigler, 1961] George J. Stigler. The economics of information. The Journal of Political Economy, LXIX(three):213–224, 1961. [Stough, 1969] Charlotte L. Stough. Greek Skepticism. Berkeley and Los Angeles, University of California Press, 1969. [Strong, 1999] John W. Strong, editor. McCormick on Evidence, fifth edition. St. Paul, Minn., 1999. [Tallis, 1999] Raymond Tallis. The Explicit Animal: A Defence of Human Consciousness, volume 2nd edition. London, Macmillan and New York, Martin’s Press, 1999. [Thagard, 1982] P. Thagard. From the descriptive to the normative in psychology and logic. Philosophy of Science, 49:24–42, 1982. [Thagard, 1988] P. Thagard. Computational Philosophy of Science. Princeton, NJ, Princeton University Press, 1988. [Thelen and Smith, 1993] E. Thelen and I.B. Smith. A Dynamic Systems Approach to the Development of Cognition and Action. Cambridge, MA, MIT Press, 1993. [Treisman et al., 1974] A.M. Treisman, R. Squire, and J. Green. Semantic processing in dichotic listening? A replication. Memory and Cognition, 2:641–646, 1974. [Treisman, 1960] A.M. Treisman. Contextual cues in selective listening. Quarterly Journal of Experimental Psychology, 12:242–248, 1960. [Treisman, 1964] Anne M. Treisman. Selective attention in man. British medical Bulletin, 20:12–16, 1964. [Uglow, 1977] S. Uglow. Evidence. Wheat and Maxwell, 1977. [Valencia, 2004] Victor Sanchez Valencia. The algebra of logic. In Dov M. Gabbay and John Woods, editors, Handbook of the History of Logic, volume three of The Rise of Modern Logic: From Leibniz to Frege, pages 389–544. Amsterdam, Elsevier/North Holland, 2004. [van Benthem, 2001] Johan van Benthem. Introduction. In Johan van Benthem, Paul Dekker, Jan van Eijck, Maarten de Rijke, and Yde Venema, editors, Logic in Action, pages 1–6. Institute for Logic, Language and Computation, Amsterdam, 2001. [Velleman, 2000] J. D. Velleman. The Possibility of Practical Reason. Oxford, Clarendon Press, 2000. [von Wright et al., 1975] J.M. von Wright, K. Anderson, and U. Stenman. Generalization of conditioned gsrs in dichotic listening. In P.M.A. Rabbitt and S. Dornic, editors, Attention and Performance V, pages 194–204. London, Academic Press, 1975. [Walton, 1992] Douglas Walton. Plausible Argument in Everyday Conversation. Albany, NY, SUNY Press, 1992. [Walton, 2002] Douglas Walton. The sunk costs fallacy or argument from waste. Argumentation, 16:472–503, 2002. [Webb, 1994] B. Webb. Robotic experiments in cricket phonotaxis. In D. Cliff, P. Husbands, J.A. Meyer, and S. Wilson, editors, From Animals to Animals 3: Proceedings of the Third International Conference on Simulation of Adaptive Behavior, pages 45–54. Cambridge MA, MIT Press/Bradford Books, 1994. [Weiner, 2004] Joan Weiner. Frege Explained. La Salle, IL, Open Court, 2004. [Wheeler and Clark, 1999] M. Wheeler and A. Clark. Genie representation: Reconciling content and causal complexity. British Journal for the Philosophy of Science, 50:103–135, 1999. [Wheeler, 1994] M. Wheeler. From activation to activity: Representation, computation and the dynamics of neural network control systems. Artificial Intelligence and Simulation of Behaviour Quarterly, 87:36–42, 1994. [Wheeler, 2001] M. Wheeler. Two threats to representation. Synthese, 129:211–231, 2001. [Wimsatt, 1986] W. Wimsatt. Forms of aggregativity. In A. Donagan, N. Perovich, and M. Wedin, editors, Human Nature and Natural Knowledge, pages 259–293. Dordrecht, Reidel, 1986.
122
DOV M. GABBAY AND JOHN WOODS
[Wolfram, 1984] Stephen Wolfram. Computer softwear in science and mathematics. Scientific American, 251:188, September 1984. [Woods and Irvine, 2004] John Woods and Andrew Irvine. Aristotle’s early logic. In Dov M. Gabbay and John Woods, editors, Greek, Indian and Arabic Logic, volume 1, Handbook of the History of Logic, pages 27–99. Amsterdam, Elsevier/North-Holland, 2004. [Woods et al., 2004] John Woods, Andrew Irvine, and Douglas Walton. Argument: Critical Thinking Logic and the Fallacies. Toronto, Prentice-Hall/Pearson, 2004. 2nd revised edition. [Woods, 1989] John Woods. The relevance of relevant logic. In J. Norman and R. Sylvan, editors, Directions in Relevant Logics, pages 77–86. Dordrecht, Kluwer Academic Publishers, 1989. [Woods, 1998] John Woods. A captious nicety of argument: The Philosophy of W.V. Quine. In Lewis Edwin Hahn and Paul Arthur Schilpp, editors, The Philosophy of W.V. Quine, Expanded Edition, volume The Library of Living Philosophers Volume XVIII, pages 687–727. Chicago and LaSalle, IL, Open Court, 1998. [Woods, 2001] John Woods. Aristotle’s Earlier Logic. Oxford, Hermes Science Publications, 2001. [Woods, 2003] John Woods. Paradox and Paraconsistency: Conflict Resolution in the Abstract Sciences. Cambridge, Cambridge University Press, 2003. [Woods, 2004] John Woods. The Death of Argument: Fallacies in Agent-Based Reasoning. Dordrecht, Boston, Kluwer, 2004. [Woodworth and Sells, 1935] R.S. Woodworth and S.B. Sells. An atmosphere effect in formal syllogistic-reasoning. Journal of Experimental Psychology, 18, 1935. [Zimmermann, 1989] M. Zimmermann. The nervous system and the context of information theory. In Human Physiology, volume 2nd edition, pages 166–175. Berlin, Springer-Verlag, 1989. translated by Marguerite A. Biederman-Thorson.
˜ RASGA CARLOS CALEIRO, WALTER CARNIELLI, JOAO AND CRISTINA SERNADAS
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION 1
PROLEGOMENON TO FIBRING
It is a task of philosophy to explain the sense in which contemporary science uses the label “logics”, specially through “logics in” (natural language, program verification, machine learning, knowledge representation, abductive and inductive reasoning, etc.) as well as “logics for” (hybrid reasoning systems, ontology, engineering, reasoning about cryptographic construction, defeasible argumentation, reasoning with uncertainty, reasoning under contradiction, reasoning about action, agents with bounded rationality, and so on) and even “logics that” (that characterize classes of finite structures as in finite model theory, that characterize formal grammars, that characterize processes, etc.) The Greek term logos (and ratio in Latin) from which “logic” and “reason” derive, with its original meaning of “to put together”, and later “to speak about” is suggestive: it may be relevant for such domains to start by collecting peculiar concepts and thoughts, and then recompiling them in an orderly way using logical tools so that talking and reasoning about the resulting concepts becomes something practical and effective. Whether or not such usage favours logical pluralism (in the sense that there is more than one “real logic”’) or just reflects isolated parts of the conception of reason as cosmic ordering, is also a matter for philosophy, as it is also to reconcile this practice with logic regarded as an epistemological enterprise or to Kant’s transcendental deduction. But what is more: the contemporary usage of the term logic specializes from the formal logic (in the sense of abiding to the criteria of concept, judgment, and inference) not only towards using symbolic logic (i.e., a development of formal logic by means of mathematical concepts), but also by means of mechanized, computer-based concepts, or in other words, by means of the algorithmic side of logic. It is natural to think that the intense use of “logics in”, “logics that” and even “logics” with no specifications can be combined again by mathematical methods, realizing a certain philosophers and logicians dream to building mechanisms where several different logics could interact and cooperate, instead of clashing. In this sense the project of reducing reasoning to symbolic computation is an old one. The philosopher and mathematician Bernard Bolzano born in Prague, Bohemia was not far from proposing the D. Gabbay and F. Guenthner (eds.), Handbook of Philosophical Logic, Volume 13, 123–187. c 2005, Springer. Printed in the Netherlands.
124
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
general idea of combining notions of consequence in his monumental Wissenschaftslehre already in 1837. Some ideas of Bolzano are considered by some authors to be philosophically related to the thought and conceptions of Gottfried Wilhelm Leibniz, well known in his concerns about the possibilities of a universal language and an all-purposes calculus ratiocinator. The pragmatical significance of the problem of combining logics is widely recognized, and its philosophical interpretations are just emerging. The uses we mentioned can now be categorized in the main areas of knowledge representation (within artificial intelligence), formal grammars and structures (within formal linguistics) and in formal specification and verification of algorithms and protocols (within software engineering and security). In these fields, the need for working simultaneously with several calculi is the rule rather than the exception. For instance, in a knowledge representation problem it may be necessary to deal with temporal, spatial, deontic, linguistic and probabilistic aspects (e.g., for reasoning with mixed assertions like “with probability greater than 0.99, in the near future smoking will be forbidden almost everywhere”). As another important example, in a security protocol specification it may be necessary to combine temporal, equational, epistemic and dynamic logic features. We thus need to study general methods for combining different logic systems and to gain control on the complex resulting theories, understanding their expressive power and their mathematical and computational aspects in general. In other words, we need a kind of ars combinatoria, as already proposed by Leibniz, and much before by Raimundus Lullus (Ramon Lull, the doctor illuminatus, in the 13th century) to express the several deduction formalisms. Not only the interest in the pragmatical side of combination of logic systems has recently been growing (as reflected in the series [de Rijke and Blackburn, 1996; Gabbay and Pirri, 1997; Baader and Schulz, 1996; Gabbay and de Rijke, 2000; Kirchner and Ringeissen, 2000; Armando, 2002]), but the topic is also interesting on purely theoretical grounds. It might be illuminating, for instance, to look at predicate temporal logic as resulting from the combination of first-order logic and propositional temporal logic. However, this approach will be significant as much as general results can be obtained about the preservation properties of the combination mechanism at hand. For example, suppose that it has been established that completeness is preserved by a certain combination mechanism •, and it is known that a logic system L can be obtained by L • L ; in this case, if we had preservation of completeness, the completeness of L would follow from the completeness of L and L . A similar phenomenon would occur if we could establish that the combination mechanism • preserves meta-logical features as interpolation, cut-elimination, decidability and so on. It is then understandable that theoretical impetus has been directed to establishing preservation results in general, and in finding limits for the preservation in
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
125
the different combination mechanisms. For an early overview of the practical and theoretical issues see [Blackburn and de Rijke, 1997]. Several forms of combination have been studied, like product [Marx, 1999; Gabbay and Shehtman, 1998; Gabbay and Shehtman, 2000; Gabbay and Shehtman, 2002], fusion [Thomason, 1984; Kracht and Wolter, 1991; Kracht and Wolter, 1997; Wolter, 1998; Gabbay et al., 2003], temporalization [Finger and Gabbay, 1992; Finger and Gabbay, 1996; Wolter and Zakharyaschev, 2000; Finger and Weiss, 2002], parameterization [Caleiro et al., 1999], synchronization [Sernadas et al., 1997] and fibring [Gabbay, 1996a; Gabbay, 1996b; Beckert and Gabbay, 1998; Gabbay, 1999; Sernadas et al., 1999; Zanardo et al., 2001]. Fusion is the simplest, and the best understood combination mechanism. In short, the fusion of two modal systems leads to a bimodal system including the two original modal operators and common propositional connectives. Several interesting properties of logic systems (like soundness, weak completeness, Craig interpolation property and decidability) were shown to be preserved when fusing modal systems (see [Kracht and Wolter, 1991; Kracht, 1999]). Among such diverse possibilities of procedures for combining logics, fibring occupies a central place. Fibring has to do with joining two or more inference mechanisms by careful genetic manipulation of their formulas and their inferences rules. The resulting fibred system has the capability of express reasoning not only in both ways but also in combined ways. An essential ingredient is to use meta-variables for allowing the instantiation of rules of one logic with formulas from the other logic. Fibring is in a certain sense a metamathematical construction that can be manipulated at the object level. This permits to distinguish between constrained fibring by sharing (when the logics are allowed to share constructors in their languages), and unconstrained otherwise. The theoretical significance of fibring results from the fact that it is more easily accessible to results of meta-theoretical preservation in the sense that, in many cases, a certain property of a fibred logic can be obtained by preserving that property from the fibring components. For example preserving completeness is a recurrent issue in fibring logics. The fact that preservation results have been obtained in the scope of higher-order, modal, relevance and non-truth-functional logics, and that refinements on the notion of fibring as the modulated fibring have proved to be keen tools to solve some collapsing problems within the combination of logics justify the interest on fibring. A broader research scope has been devoted to integrating, comparing and fostering other forms of composing and decomposing logics (see [Carnielli et al., 2004]), such as fusion, splicing, splitting, synchronization and temporalization. Applications of the amply ideal of combining rationalities deeply influences the area of software specification, knowledge representation, architectures for intelligent computing
126
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
and applications to security protocols and authentication, secure computation and zero-knowledge proof protocols and even quantum computation. The dominant Kantian tradition deeply influenced the 20th Century logicians, and it is still not clear if we are talking about the same thing when referring to logic as formal (in the sense of being topic neutral) and to logic as symbolic (in the sense of providing norms of calculation). It is not an easy task to offer a prefatory introduction on how logics can be combined, if we do not have a universal agreement about what logic is, and even less whether logic and rationality coincide. Kant’s Prolegomena to any Future Metaphysics was published in Latvia in 1783, two years after the Critique of Pure Reason, a book to which it was meant to serve as an introduction.1 Apart any discussion whether it was really helpful for understanding the difficult parts of the Critique, the illustrious example of an introduction appearing after what it should have introduced encourages us to postpone, any value judgment about the real meaning of combination of logics for the whole discipline of logic, and about the role of fibring therein. Our more unpretentious aims are to guide the reader on what has been done, and to motivate what could have been done. Our aim in this paper is to bring together the rich variety of results, problems and perspectives involving fibring, making clear the role of the underlying constructions as universal arguments in the categorial sense. We depart from a basic universe of logic systems encompassing only propositionalbased systems endowed with Hilbert calculi and ordered algebraic semantics. We shall see that this universe is already rich enough to illustrate interesting features of fibring and to provide the basis for understanding the trade of combining systems varying from intuitionistic to many-valued logics (including modal systems as special cases). We also explain fibring in a bolder perspective namely encompassing non truth-functional semantics and first-order quantification. Those interested in additional topics like, fibring non Hilbert calculi and higher-order based logics should consult [Coniglio et al., 2003; Caleiro et al., 2003a; Governatori et al., 2002; Rasga et al., 2002]. With this in mind, in Section 2 we offer a general description of propositional fibring, its scope and methods; Section 3 treats a sharp variant called modulated fibring, which was tailored to solve certain problems of collapsing: when two logics are combined, in some cases one of them eclipses the other, and the combination mechanisms must be redefined to keep a finer control on the procedure. Modulated fibring is able to do this, and we shall see how this sharper version of fibring can be very naturally described in categorial terms. Section 4 shows how to extend fibring to non-truth-functional logics, a quite important improvement since several of the new logics subject 1 Immanuel Kant, Prolegomena zu einer jeden k¨ u ¨nftigen Metaphysik die als Wissenschaft wird auftreten k¨nnen, Riga, 1783, and Kritik der reinen Vernunft, Riga, 1781; revised edition in 1787. Several English translations are available.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
127
to fibring operations are not truth-functional; Section 5 is devoted to firstorder fibring, and to discussing the expected complications and problems it poses. Section 6 discusses trends, missing links and tendencies. Finally we include an Appendix which is structured as such, not for being marginal to the subject of fibring logics, neither too technical in its content, but rather because of its historical nature. It focused on bridging the gap that separates the initial intuitions and ideas on fibring of logics (cf. [Gabbay, 1996a; Gabbay, 1996b; Gabbay, 1999]), to the abstract, point free, perspective whose most relevant aspects are told in this Chapter. In all sections we try, as much as possible, to offer an implicit or explicit categorial perspective to the constructions we are dealing with. The motivation for using tools of category theory is to make clear which are the minimal assumptions behind such constructions and the common way of reasoning with them. The reader not so fond with category theory can almost always skip such details. 2
PROPOSITIONAL FIBRING
For the sake of simplicity, we start by adopting a basic universe of logic systems encompassing propositional-based systems endowed with Hilbert calculi and ordered algebraic semantics (based on [Sernadas and Sernadas, 2003]). We show with all details how to define fibring in this basic universe. This allows us to introduce many of the definitions, concepts and notations that shall be needed throughout the chapter. Fibring is first defined in a proof-theoretical level. Afterwards, we concentrate on model-theoretic fibring. To what concerns preservation results, we concentrate on illustrating preservation of (global) completeness.
2.1
Deductive systems
When defining deductive systems the first thing to consider is how to present them. We adopt the homogeneous scenario, that is, assume that all the deductive systems are presented in the same way. We use Hilbert-style (familiar method of axioms and rules), due to its simplicity, allowing to concentrate on fibring instead of dispersing the reader’s attention in other details. DEFINITION 1. A signature C is a family of countable sets Ck where k ∈ N. The elements of each Ck are called constructors or connectives of arity k. As usual, a C-algebra B consists of a non-empty carrier set B together with a denotation function νk (c) : B k → B for each c ∈ Ck and k ∈ N. A free algebra B over C, or a free C-algebra, where C is a signature, is a C-algebra whose carrier B is inductively defined as follows: c ∈ B whenever c ∈ C0 and, for every k ∈ N, c(b1 , . . . , bk ) ∈ B whenever c ∈ Ck and b1 , . . . , bk ∈ B.
128
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
A free algebra over C generated by a set A is the free algebra over C where C0 = C0 ∪ A and Ck = Ck for k greater than 0. The language L(C) induced by a signature C is the carrier of the free C-algebra. The elements of L(C) are called C-formulas, or simply formulas when the signature C is in the context. We consider different signatures and in order to express schematic inference rules we assume fixed once and for all a denumerable set Ξ = {ξn : n ∈ N} of schema variables. The schema language sL(C) induced by C is the carrier of the free C-algebra generated by Ξ. The elements of sL(C) are called C-schema formulas, or simply schema formulas. Of course, L(C) is contained in sL(C) since formulas are precisely the schema formulas where schema variables do not occur. EXAMPLE 2. Taking a denumerable set Π of propositional symbols, we can consider the following signatures: • Propositional logic: C0p = Π ∪ {t}, C1p = {¬}, C2p = {⇒}, Cnp = ∅ for n > 2; • Intuitionistic logic: C0i = Π ∪ {t}, C1i = {¬}, C2i = {⇒, ∧, ∨}, Cni = ∅ for n > 2; • Modal logic: C0m = Π ∪ {t}, C1m = {¬, }, C2m = {⇒}, Cnm = ∅ for n > 2; • Paraconsistent logic: C0C1 = Π ∪ {t, f }, C1C1 = {¬}, C2C1 = {⇒, ∧, ∨}, CnC1 = ∅ for n > 2. In the context of the modal signature introduced in the example above a schema formula is for instance ¬(ξ1 ∧ p) and a formula is ¬(p ∧ q), where p and q are in Π and ξ1 is in Ξ. A substitution on sL(C) is a map σ : Ξ → sL(C). The instance of a schema formula γ by a substitution σ, denoted by γσ, is the schema formula obtained from γ by simultaneously replacing each occurrence of ξ in γ by σ(ξ) for every ξ ∈ Ξ. Instantiation by σ thus corresponds to the free extension of σ to schema formulas. We also extend the notion of instantiation to sets of schema formulas: Γσ denotes the set {γσ : γ ∈ Γ}. We now introduce the notion of Hilbert-style deductive system as an abstraction capturing the proof-theoretic aspects of a logic at the level of detail that we need: language constructors plus inference rules. Inference rules are seen as schemas that can be instantiated by replacing the occurring schema variables with concrete formulas, this is the whole idea of introducing the schema language. DEFINITION 3. An inference rule over C is a pair r = Γ, δ where Γ ∪ {δ} ⊆ sL(C) and Γ is finite. We use P rem(r) to denote the set of premises Γ of r, and Conc(r) to denote the conclusion δ. We denote by R(C) the set of all inference rules
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
129
over C. A rule with an empty set of premises is called axiomatic, and its conclusion an axiom schema. It is convenient to distinguish among local rules for deriving consequences from a given set of hypotheses, and global rules used for proving theorems. DEFINITION 4. A deductive system is a triple D = C, R , Rg where C is a signature and R ⊆ Rg ⊆ R(C). The distinct roles played by the sets R and Rg of local and global rules is made clear in the last of the following deductive systems. The distinction between local and global deduction appeared in the context of modal logic: local means carried out at a single world and global refers to reasoning about all worlds, and thus any correct local deduction is also global but not necessarily vice-versa. This distinction can also be useful in other contexts.2 EXAMPLE 5. Taking into account the corresponding signatures as introduced in Example 2 the following deductive systems can be characterized: Propositional logic Dp = C p , R , Rg , where R = Rg contains the axiom schemas: • (ξ1 ⇒ (ξ2 ⇒ ξ1 )) • ((ξ1 ⇒ (ξ2 ⇒ ξ3 )) ⇒ ((ξ1 ⇒ ξ2 ) ⇒ (ξ1 ⇒ ξ3 ))) • (((¬ ξ1 ) ⇒ (¬ ξ2 )) ⇒ (ξ2 ⇒ ξ1 )) • (t ⇔ (ξ1 ⇒ ξ1 )) plus one inference rule: • {ξ1 , (ξ1 ⇒ ξ2 )}, ξ2 , where (γ1 ⇔ γ2 ) is an abbreviation of ((γ1 ⇒ γ2 ) ∧ (γ2 ⇒ γ1 )). We will re-use this abbreviation in the other examples. Intuitionistic logic Di = C i , R , Rg , where R = Rg contains the axiom schemas: • (ξ1 ⇒ (ξ2 ⇒ ξ1 )) • ((ξ1 ⇒ ξ2 ) ⇒ ((ξ1 ⇒ (ξ2 ⇒ ξ3 )) ⇒ (ξ1 ⇒ ξ3 ))) • (ξ1 ⇒ (ξ2 ⇒ (ξ1 ∧ ξ2 ))) • ((ξ1 ∧ ξ2 ) ⇒ ξ1 ) • ((ξ1 ∧ ξ2 ) ⇒ ξ2 ) • (ξ1 ⇒ (ξ1 ∨ ξ2 )) 2 This
distinction can be sharpened towards the notions of local and global reasoning, as explained in [Carnielli and Sernadas, 2004].
130
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
• (ξ2 ⇒ (ξ1 ∨ ξ2 )) • ((ξ1 ⇒ ξ3 ) ⇒ ((ξ2 ⇒ ξ3 ) ⇒ ((ξ1 ∨ ξ2 ) ⇒ ξ3 ))) • ((ξ1 ⇒ ξ2 ) ⇒ ((ξ1 ⇒ (¬ξ2 )) ⇒ (¬ξ1 ))) • (ξ1 ⇒ ((¬ξ1 ) ⇒ ξ2 )) • (t ⇔ (ξ1 ⇒ ξ1 )) plus one inference rule: • {ξ1 , (ξ1 ⇒ ξ2 )}, ξ2 . Modal logic K DK = C m , R , Rg where R contains the axiom schemas: • (ξ1 ⇒ (ξ2 ⇒ ξ1 )) • ((ξ1 ⇒ (ξ2 ⇒ ξ3 )) ⇒ ((ξ1 ⇒ ξ2 ) ⇒ (ξ1 ⇒ ξ3 ))) • (((¬ ξ1 ) ⇒ (¬ ξ2 )) ⇒ (ξ2 ⇒ ξ1 )) • (t ⇔ (ξ1 ⇒ ξ1 )) • (((ξ1 ⇒ ξ2 )) ⇒ ((ξ1 ) ⇒ (ξ2 ))) plus one inference rule: • {ξ1 , (ξ1 ⇒ ξ2 )}, ξ2 , and Rg further contains the inference rule: • {ξ1 }, (ξ1 ). Modal logic S4 DS4 = C m , R , Rg where R is obtained from the local rules for modal logic K by adding the axiom schemas: • ((ξ1 ) ⇒ ξ1 ) • ((ξ1 ) ⇒ ((ξ1 ))). Modal logic D DD = C m , R , Rg where R is obtained from the local rules for modal logic K by adding the axiom schema: • ((ξ1 ) ⇒ (♦ξ1 )), where (♦γ) is the usual abbreviation of (¬((¬ γ))). Paraconsistent logic C1 DC1 = C C1 , R , Rg , where R = Rg contains the axiom schemas:
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
• • • • • • • • • • • • • • • •
131
(ξ1 ⇒ (ξ2 ⇒ ξ1 )) ((ξ1 ⇒ ξ2 ) ⇒ ((ξ1 ⇒ (ξ2 ⇒ ξ3 )) ⇒ (ξ1 ⇒ ξ3 ))) (ξ1 ⇒ (ξ2 ⇒ (ξ1 ∧ ξ2 ))) ((ξ1 ∧ ξ2 ) ⇒ ξ1 ) ((ξ1 ∧ ξ2 ) ⇒ ξ2 ) (ξ1 ⇒ (ξ1 ∨ ξ2 )) (ξ2 ⇒ (ξ1 ∨ ξ2 )) ((ξ1 ⇒ ξ3 ) ⇒ ((ξ2 ⇒ ξ3 ) ⇒ ((ξ1 ∨ ξ2 ) ⇒ ξ3 ))) ((¬(¬ ξ1 )) ⇒ ξ1 ) (ξ1 ∨ (¬ ξ1 )) (ξ1◦ ⇒ (ξ1 ⇒ ((¬ ξ1 ) ⇒ ξ2 ))) ((ξ1◦ ∧ ξ2◦ ) ⇒ (ξ1 ∧ ξ2 )◦ ) ((ξ1◦ ∧ ξ2◦ ) ⇒ (ξ1 ∨ ξ2 )◦ ) ((ξ1◦ ∧ ξ2◦ ) ⇒ (ξ1 ⇒ ξ2 )◦ ) (t ⇔ (ξ1 ⇒ ξ1 )) (f ⇔ (ξ1◦ ∧ (ξ1 ∧ (¬ ξ1 ))))
plus one inference rule: • {ξ1 , (ξ1 ⇒ ξ2 )}, ξ2 , where γ ◦ is an abbreviation of (¬(γ ∧ (¬ γ))).
To build deductions in a given deductive system, we can obviously freely instantiate the schema variables appearing in the rules. In the sequel, unless otherwise stated, we assume fixed a deductive system C, R , Rg denoted by D. DEFINITION 6. We say that δ is a global deduction of Γ in D, and write Γ gD δ if there is a sequence γ1 . . . γm ∈ sL(C)+ such that: • γm is δ; • each γi is either an element of Γ, or there exist r ∈ Rg and a substitution σi such that γi = Conc(r)σi and P rem(r)σi ⊆ {γ1 , . . . , γi−1 }. When Γ = ∅ we say that δ is a theorem schema and just write gD δ. Note that we do not allow substitutions on hypotheses (the elements of Γ). Indeed, such substitutions do not make sense. For instance, from {ξ1 , (ξ1 ⇒ ξ2 )} we want to be able to prove ξ2 , but not every formula as it would be possible by substitution on ξ1 . DEFINITION 7. We say that δ is a local deduction of Γ in D, and write Γ D δ if there is a sequence γ1 . . . γm ∈ sL(C)+ such that:
132
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
• γm is δ; • each γi is either an element of Γ, or a theorem schema, or there exist r ∈ R and a substitution σi with γi = Conc(r)σi and P rem(r)σi ⊆ {γ1 , . . . , γi−1 }. If Γ = ∅, again we just write D δ. If D is clear from the context, we simplify the notation and simply write g and . EXAMPLE 8. Observe that in the deductive system presented in Example 5 for modal logic K we have {(ξ1 ⇒ ξ2 )} gDK ((ξ1 ) ⇒ (ξ2 )) but {(ξ1 ⇒ ξ2 )} DK ((ξ1 ) ⇒ (ξ2 )).
Note that our definition of deduction immediately implies compactness (that is, if Γ dD δ then there is a finite set ∆ ⊆ Γ such that ∆ dD δ, for any d equal to g or ). REMARK 9. Our presentation could be situated at the level of a general theory of consequence relations, within what is known as general abstract logics, if we were not concerned with fibring. Usual consequence systems are not concerned with the structure of formulas, and so are not adequate as a starting point for fibring. In order to understand why, we now briefly introduce the theory of consequence relations. Let ℘(X) be the powerset of a set X. As usual, given a set L of formulas, we say that ⊆ ℘(L) × L defines a (Tarskian) consequence relation on L if the following clauses hold, for any formulas α and β, and subsets Γ and ∆ of L (formulas and commas at the left-hand side of denote, as usual, sets and unions of sets of formulas): • α ∈ Γ implies Γ α • (∆ α and ∆ ⊆ Γ) implies Γ α • (∆ α and Γ, α β) implies Γ, ∆ β • (∆ α and ρ is a substitution) implies ρ(∆) ρ(α)
(reflexivity); (monotonicity); (transitivity); (structurality).
So, a logic could be seen as a structure of the form L, , containing a set of formulas and a consequence relation defined on this set. This structure will be called a consequence system. A consequence system morphism h : L, → L , is a map h : L → L such that if Γ ϕ then h(Γ) h(ϕ)3 . Then union of consequence systems 3 Consequence
system morphisms are also called translations, see e.g. [Coniglio and Carnielli, 2002] and references therein.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
133
L , and L , is the consequence system L, where L = L ∪ L and = ∪ . Consequence systems are too poor for fibring, and not adequate, as mentioned before, since the key point in fibring is to be able to write formulas where connectives can be intertwined. For instance if we have two modal logics with and we want to be able in the fibring to write formulas like (( ( δ)) ⇒ γ) which does not belong to the union of the consequence systems associated with both logics. It is straightforward to verify that both local and global deduction fulfill Tarski’s axioms, and so that both the global and the local deduction relations are structural, in the sense that Γ d δ implies Γσ d δσ for every substitution σ and any d equal to g or . PROPOSITION 10. Every deductive system D induces two consequence systems sL(C) gD and sL(C), D , and gI extends I . Nevertheless, note that if g δ then also δ. Although both deduction relations are defined over schema formulas, they restrict to just formulas in a natural way. We can finally define the fibring of deductive systems in formal terms. DEFINITION 11. The fibring of deductive systems D and D denoted by D + D is the deductive system C, R , Rg where Ck = Ck ∪ Ck for each k ∈ N, and R = R ∪ R and Rg = Rg ∪ Rg . Clearly, it makes sense to combine the signatures C and C into a larger signature C ∪ C , where all shared constructors appear in their common subsignature C ∩ C . Indeed, we say that the fibring is constrained precisely if there are shared constructors. Otherwise, we say that the fibring is unconstrained. Then, by also putting together the rules of both systems we obtain the deductive system over the combined language. Note that the richness of the combination lies on the schematicity of the rules of each of the calculi. In the fibred system the rules are considered in the context of a richer language, and so their schema variables can now be instantiated with mixed formulas built using constructors from both signatures. EXAMPLE 12. Consider the deductive systems for modal logics D and S4 of Example 5 where the connective was renamed to and respectively. Then the deductive system resulting from the fibring DD + DS4 is a deductive system for a modal logic with two modalities: a deontic modality and an S4 modality .
134
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Categorial perspective Fibring of deductive systems corresponds to a universal construction in the category of deductive systems. The categorial approach is important because it requires that the objects of study and their interrelationships are made completely precise. Moreover, in category theory, a universal construction plays the role of an abstract definition, large enough to accommodate common constructions and at the same time restricted enough so as to guarantee certain uniqueness conditions. The notion of fibring can be recast as a coproduct or a pushout (universal constructions) in the category of deductive systems or other appropriate categories. We refer to the introductory chapters of [Mac Lane, 1998] for the few basic notions involved in the categorial presentation of fibring. In order to present that construction we need to define the category of signatures. DEFINITION 13. A signature morphism h : C → C is a family of functions hk : Ck → Ck where k ∈ N. Naturally, each signature morphism h : C → C freely extends to a language translation map h∗ : sL(C) → sL(C ), by defining h∗ (ξ) = ξ for every ξ ∈ Ξ. For ease of notation we use h for this extension. Signatures and their morphisms constitute a category Sig, with identity and composition of functions defined on each arity. Clearly Sig is (small) cocomplete, that is, it is closed under coproducts and pushouts. We are now ready to define the notion of deductive system morphism. DEFINITION 14. A deductive system morphism h : D → D is a signature morphism h : C → C such that h(Γ)D h(δ) for every rule Γ, δ ∈ R , and h(Γ)gD h(δ) for every rule Γ, δ ∈ Rg . A morphism of deductive systems is thus a signature morphism that preserves the inference rules. Note that for every rule r in R , it is sufficient to prove that h(Conc(r))D h(P rem(r)) since this also implies that h(Conc(r))gD h(P rem(r)). It is straightforward to show that deductive system morphisms preserve consequence. Deductive systems and their morphisms constitute a category Ded, with identity and composition borrowed from Sig. Indeed, Ded is concrete over Sig via the obvious forgetful functor. Using this fact it is easy to show that also Ded is (small) cocomplete. PROPOSITION 15. Given a deductive system morphism h : D → D if d Γ dD δ then h(Γ) D h(δ), that is, h induces a consequence system morphism from sL(C), dD to sL(C ), dD , for d equal to g or .
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
135
We are now ready to characterize fibring as a universal construction. DEFINITION 16. Let D and D be deductive systems. Their unconstrained fibring is a coproduct D in the category Ded. That means that there are deductive system morphisms i : D → D and i : D → D such that whenever there are morphisms h : D → D and h : D → D there is a unique morphism h : D → D such that h ◦ i = h and h ◦ i = h .
DEFINITION 17. Let f : D0 → D and f : D0 → D be deductive system morphisms, where D0 is C ∩ C , ∅, ∅. The constrained fibring of D and D sharing D0 is a pushout in the category Ded. That means that there is a triple D, i , i where D is a deductive system, i : D → D and i : D → D are deductive system morphisms such that i ◦ f = i ◦ f and moreover for every triple D , h , h where D is a deductive system, h : D → D and h : D → D are deductive system morphisms such that h ◦ f = h ◦ f , there is a unique h : D → D such that h ◦ i = h and h ◦ i = h .
2.2
Interpretation systems
We adopt as the basic semantic unit a simple algebraic structure. This departs from the point basic semantics of fibring as originally proposed in [Gabbay, 1996a]. We have nevertheless some good reasons to use a more abstract approach based on ordered algebras instead of the rather narrow Kripke-style interpretation semantics; this is explained in detail in the Appendix. So, according to the perspective used here, it is required that a given logic can be semantically presented using models endowed with an ordered algebra. DEFINITION 18. An interpretation structure B over the signature C is a tuple B, ≤, ν, where B, ≤, is a partial order with a top, and B, ν is a C-algebra. The set B is the set of truth values and is the designated value whose intended purpose is to state when a formula is true in a structure. The relation ≤ allows the comparison between truth values. We denote by Str(C) the class of all interpretation structures over C. Formulas are to be evaluated over interpretation structures. We will use assignments over an interpretation structure B, that is, maps α : Ξ → B. DEFINITION 19. The denotation of a schema formula over B and α is inductively defined as follows: • [[ξ]]α B = α(ξ); α α • [[c(γ1 , . . . , γk )]]α B = νk (c)([[γ1 ]]B , . . . , [[γk ]]B ).
136
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Now we can introduce the concept of interpretation system. DEFINITION 20. An interpretation system I is a pair C, A where C is a signature and A ⊆ Str(C). We present some examples of interpretation systems in the sequel. EXAMPLE 21. Taking into account the signatures introduced in Example 2, we can consider the following interpretation systems: Propositional logic I p = C p , A, where A is the class of all interpretation structures B = B, ≤, ν, built from a Boolean algebra A, , , −, , ⊥ and a valuation v : Π → A, as follows: • x ≤ y if and only if x y = x; • ν0 (p) = v(p) for p ∈ Π; • ν0 (t) = ; • ν1 (¬)(x) = −x; • ν2 (⇒)(x, y) = (−x) y. Intuitionistic logic I i = C i , A, where A is the class of all interpretation structures B = B, ≤, ν, built from an Heyting algebra A, , , →, , ⊥ and a valuation v : Π → A, as follows: • x ≤ y if and only if x → y = ; • ν0 (p) = v(p) for p ∈ Π; • ν0 (t) = ; • ν1 (¬)(x) = x → ⊥; • ν2 (∧) = ; • ν2 (∨) = ; • ν2 (⇒)(x, y) = x → y. Modal logic K I K = C m , A, where A is the class of all interpretation structures B = ℘(W ), ⊆, ν, W built from a Kripke frame W, R and a valuation v : Π → ℘(W ), as follows: • ν0 (p) = v(p) for p ∈ Π; • ν0 (t) = W ; • ν1 (¬)(X) = W \ X;
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
137
• ν1 ()(X) = {w ∈ W : wRw implies w ∈ X}; • ν2 (⇒)(X, Y ) = (W \ X) ∪ Y . Modal logic S4 I S4 = C m , A, where A is the class of all interpretation structures built from a Kripke frame W, R where R is reflexive and transitive, and from a valuation v : Π → ℘(W ), as for modal logic K. Modal logic D I D = C m , A, where A is the class of all interpretation structures built from a Kripke frame W, R where R is serial, and from a valuation v : Π → ℘(W ), as for modal logic K. Paraconsistent logic C1 As shown in [Mortensen, 1980; Lewin et al., 1991], there is no way of presenting C1 as an interpretation system with a meaningful algebraic truth-functional semantics. To treat this case, we shall have to enlarge the scope of our definitions and methods to non-truth-functional logics, as explained in Section 4. Given an interpretation system I we define the notions of global and local semantic consequences. DEFINITION 22. We say that δ is globally entailed from Γ with respect to an interpretation system I, written Γ gI δ if, for every B in I and assignment α over B, if [[γ]]α B = for each γ ∈ Γ = . then [[δ]]α B DEFINITION 23. We say that δ is locally entailed from Γ with respect to an interpretation system I, written Γ I δ if, for every B in I, assignment α over B and b ∈ B, if b ≤ [[γ]]α B for each γ ∈ Γ then b ≤ [[δ]]α B. As is evident from the definition, global entailment requires less structure at the semantic level than local entailment. So, if we were only interested in global entailment it would not be necessary to consider structures with a partial order. As in the deductive setting, both local and global entailment relations fulfill Tarski’s axioms, and so they are structural.
138
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
PROPOSITION 24. Given an interpretation system I, the pair sL(C), gI and the pair sL(C), I are consequence systems, and gI extends I . We now introduce the concept of reduct of an ordered algebra over a signature that will be used in the definition of interpretation system morphism and in the definition of fibring. DEFINITION 25. Given signatures C and C and an interpretation structure B over C such that C ⊆ C , the reduct of B to C is the interpretation structure over C B |C = B , ≤ , ν|C , where ν|C k (c) = νk (c) for every c ∈ Ck . We can now define the fibring of interpretation systems. DEFINITION 26. The fibring of interpretation systems I and I denoted by I + I is the interpretation system C ∪ C , A where A is the class of all interpretation structures B over C ∪ C such that B|C ∈ A and B|C ∈ A . As in the case of deductive systems, the fibring of interpretation systems is constrained or unconstrained depending on whether the shared subsignature C ∩ C is non-empty. As should be clear from the definition, shared constructors are forced to have the same interpretation in fibred models. Then, by considering in I + I all possible interpretation structures over the combined signature C ∪ C that simultaneously extend some interpretation structure of each of the given interpretation systems, we achieve the desired degree of generality. Still, it should be clear that each pair of interpretation structures can only be combined if there is a full agreement on the ordered set of truth values and on the interpretation of shared constructors. EXAMPLE 27. Consider the interpretation systems of Example 21 for classical and intuitionistic logics with connectives for negation and implication respectively denoted as ¬c and ¬i , and ⇒c and ⇒i . Let I be the interpretation system resulting from their fibring. So B|C p and B|C i are respectively a Boolean algebra and a Heyting algebra, for each semantic structure B in I. As the carrier set of both reducts coincide, B|C i will also be a Boolean algebra and so we obtain the phenomenon of fibring collapsing described in [del Cerro and Herzig, 1996] and [Gabbay, 1996b]. Section 3 introduces the modulated fibring as a solution to this collapsing phenomenon. Categorial perspective We start by defining the notion of reduct in a categorial perspective.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
139
DEFINITION 28. Given a signature morphism h : C → C and an interpretation structure B over C , the h-reduct of B is the interpretation structure B |C = B , ≤ , ν ◦ h, over C. This construction induces a map ·|h : Str(C ) → Str(C) that is reminiscent of the corresponding operation on the underlying algebras. We are now ready to set-up the category of interpretation systems. DEFINITION 29. An interpretation system morphism h : C, A → C , A is a signature morphism h : C → C such that: • B |h ∈ A for every B ∈ A . A morphism of interpretation systems is simply a signature morphism that additionally reduces models to models in the opposite direction. It α is well known from reducts of algebras that [[γ]]α B|h = [[h(γ)]]B for every assignment α and every γ ∈ sL(C). Using this fact, it is straightforward to show that morphisms of interpretation systems preserve entailment. PROPOSITION 30. Given an interpretation system morphism h : I → I , if Γ dI δ then h(Γ) dI h(δ), that is, h induces a consequence system morphism from sL(C), dI to sL(C ), dI , for d equal to g or . Interpretation systems and their morphisms constitute a category Int, with identity and composition borrowed from Sig. Indeed, Int is concrete over Sig via the obvious forgetful functor. Using this fact it is easy to show that also Int is (small) cocomplete. We are now ready to characterize semantic fibring as a universal construction, as done for deductive systems at part 2.1 of this section. DEFINITION 31. Let I and I be interpretation systems. Their unconstrained fibring is a coproduct I in the category Int. That means that there are interpretation system morphisms i : I → I and i : I → I such that whenever there are morphisms h : I → I and h : I → I there is a unique morphism h : I → I such that h ◦ i = h and h ◦ i = h . DEFINITION 32. Let f : I 0 → I and f : I 0 → I be interpretation system morphisms, where I 0 is C ∩ C , Str(C ∩ C ). The constrained fibring of I and I sharing I 0 is a pushout in the category Int. That means that there is a triple I, i , i where I is an interpretation system, i : I → I and i : I → I are interpretation system morphisms such that i ◦ f = i ◦ f and moreover for every triple I , h , h where I is an interpretation system, h : I → I and h : I → I are interpretation system morphisms such that h ◦ f = h ◦ f there is a unique h : I → I such that h ◦ i = h and h ◦ i = h .
140
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
2.3 Preservation results One of the important aspects of fibring is the possibility of obtaining transference results from the logics to be fibred to the logic resulting from the fibring. In this subsection we study the preservation by fibring of soundness and of strong global completeness. For preservation of strong local completeness we recommend [Zanardo et al., 2001]. We start by introducing logic systems as systems obtained by putting together deduction and semantics and so offering the right context to speak about soundness and completeness. A logic system L is a tuple C, A, R, Rg where C, A is an interpretation system, denoted by I(L), and C, R , Rg is a deductive system, denoted by D(L). In the following when there is no ambiguity we assume that a logic system L is C, A, R , Rg and we denote its deductive part by D and its interpretation part by I. Moreover given L we may denote the consequence relation dD by dL or simply by d , and similarly for the entailment relations, for d equal to g or . DEFINITION 33. A logic system L is said to be globally sound if Γ gL δ whenever Γ gL δ, for every Γ and ϕ in sL(C). And it is said to be globally complete if Γ g δ whenever Γ g δ, for every Γ and δ in sL(C). If we consider Γ = ∅ we get the corresponding weak notions. The local versions are defined mutatis mutandis. Preservation of soundness Preservation of soundness follows straightforwardly by exploiting the fact that interpretation system morphisms preserve entailment. THEOREM 34. Soundness is preserved by fibring. It is straightforward to prove that (strong and weak, global and local) soundness is unconditionally preserved by fibring in the basic universe of logic systems considered here. However, in larger universes things can be more complicated. As it is shown in Section 5, when fibring logic systems with quantifiers and using rules with side provisos (such as “provided that term θ is free for variable x in formula ξ”), soundness is not always preserved. See also [Sernadas et al., 2002a; Coniglio et al., 2003]. Preservation of completeness We now turn our attention to the preservation by fibring of strong global completeness. To this end we establish sufficient properties for a logic system to be strongly global complete and then show that fibring preserves these properties. We start by defining important concepts needed along this subsection. Given an inference rule Γ, δ, denoted by r, an interpretation structure B over C locally satisfies r whenever for every assignment α over B and b ∈ B,
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
141
α if b ≤ [[γ]]α B for each γ ∈ Γ then b ≤ [[δ]]B , and globally satisfies r whenever α for every assignment α over B, if [[γ]]B = for each γ ∈ Γ then [[δ]]α B = .
DEFINITION 35. A logic system C, A, R , Rg is said to be full when C, A contains all interpretation structures over C that locally satisfy the rules in R and that globally satisfy the rules in Rg . DEFINITION 36. A logic system L is said to be congruent when for every Γ closed under global deduction, c ∈ Ck and γ1 , . . . , γk , δ1 , . . . , δk ∈ sL(C): Γ, γi δi i = 1, . . . , k Γ, δi γi , Γ, c(γ1 , . . . , γk ) c(δ1 , . . . , δk ) and L has verum if its language contains a theorem that denotes in every interpretation structure. We are now ready to state a completeness theorem for global reasoning, which can be proved using a common Lindenbaum–Tarski construction. THEOREM 37. Every full and congruent logic system with verum is globally complete. Observe that the requirements of congruence and verum are quite weak and usually fulfilled by commonly used logic systems (including those mentioned above as examples). Furthermore, any complete logic system can be made full without changing its entailment. And if verum is not present, it can be conservatively added in congruent logic systems. But if the system at hand is not congruent, there is nothing we can do within the scope of the basic theory of fibring outlined here. Note also that through a mild strengthening of the requirements of the theorem we can ensure finitary strong local completeness (see for instance [Sernadas et al., 2002b]). A similar strong (local and global) completeness theorem is obtained in [Zanardo et al., 2001] without extra requirements for local reasoning but assuming a more complex semantics and using a Henkin construction. Herein we examine in detail the question of preserving strong global completeness when fibring basic logic systems (as defined above). Note that weak completeness is not always preserved as shown in [Zanardo et al., 2001]. Preservation of strong global completeness follows by adapting the technique originally proposed in [Zanardo et al., 2001], and capitalizing on the completeness theorem stated above about such logic systems. That is, when fibring two given logic systems that are full, congruent and with verum (and, therefore, strongly globally complete) we shall try to obtain the strong global completeness of the result by identifying the conditions under which fullness, congruence and verum are preserved by fibring. LEMMA 38. Fullness is preserved by fibring.
142
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
LEMMA 39. The logic system resulting from fibring has verum provided that at least one of the given logic systems has verum. However, congruence is not always preserved by fibring. Consider the fibring of two logic systems L , L with the following signatures and rules: C0 = {π0 , π1 , π2 } C1 = {c} Ck = ∅ for k > 1 R = ∅ Rg = {{ξ}, c(ξ)} C0 = {π0 , π1 , π2 } Ck = ∅ for k > 0 R = Rg = {{π0 , π1 }, π2 , {π0 , π2 }, π1 } Clearly, both L and L are congruent,g but their fibring L = L + L is not congruent. Indeed, consider Γ = {π0 }L = {cn (π0 ) : n ≥ 0}. So, from Γ, π1 and π2 are locally interderivable in L but, c(π1 ) and c(π2 ) are not. Fortunately, it is possible to establish a useful sufficient condition for the preservation of congruence by fibring. In order to define that condition we need first to say when a deductive system has implication and equivalence. A logic system L has implication if there is a binary connective ⇒ fulfilling the following Metatheorem of Modus Ponens (MTMP) Γ L (δ1 ⇒ δ2 ) Γ, δ1 L δ2 where Γ is a set of schema formulas, and the following Metatheorem of Deduction (MTD) Γ, δ1 L δ2 Γ L (δ1 ⇒ δ2 ) where Γ is a globally closed set of schema formulas. Moreover a logic system is said to have equivalence if it has implication and its signature contains a binary connective ⇔ fulfilling the two Metatheorems of Biconditionality (relating implication with equivalence) Γ (δ1 ⇒ δ2 )
Γ (δ1 ⇔ δ2 )
Γ (δ2 ⇒ δ1 )
Γ (δ1 ⇔ δ2 )
Γ (δ1 ⇒ δ2 )
Γ (δ2 ⇒ δ1 )
for every globally closed set Γ contained in sL(C) and δ1 and δ2 in sL(C), and the Metatheorem of Substitution of Equivalents (MTSE) Γ (δ1 ⇔ δ2 ) Γ ( ⇔ ) where is obtained from by replacing one or more occurrences of δ1 by δ2 . In order to show that a logic system with equivalence is congruent we
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
143
state first that the MTD holds in a logic system iff a couple of deductions hold. LEMMA 40. The MTD holds in a logic system L iff: • L (ξ ⇒ ξ); g
• {ξ1 }L L (ξ2 ⇒ ξ1 ); and g
• {(ξ⇒γ1 ), . . . , (ξ⇒γk )}L L (ξ⇒γ) for each local rule {γ1 , . . . , γk }, γ where ξ does not occur in the rule. The proof of this lemma and of the next proposition can be found in [Zanardo et al., 2001] so we omit them. We can now establish that equivalence is a sufficient condition for congruence. PROPOSITION 41. Any logic system with equivalence is congruent. Note that the fibring of logic systems with implication while sharing the implication symbol, also has implication. PROPOSITION 42. The logic system resulting from the fibring has MTMP provided that at least one of the given logic systems has MTMP and the implication symbol is shared. PROPOSITION 43. The logic system resulting from the fibring has MTD provided that both given logic systems have MTD and the implication symbol is shared. Moreover the fibring of two logic systems with equivalence while sharing the implication symbol as well as the equivalence symbol is a logic system with equivalence. So we can establish sufficient conditions for fibring to preserve strong global completeness. THEOREM 44. The fibring while sharing implication and equivalence of full logic systems with equivalence and verum is strongly globally complete. This preservation result is quite useful because many widely used logic systems, as modal logic, classical propositional logic, intuitionistic logic, do have equivalence in the sense above. 3 MODULATED FIBRING Albeit the great significance of fibring as a conceptual tool, it simply collapses into one of the components when applied to certain logics, even when no symbols are shared. Recall on this issue the case of the collapsing of fibring propositional and intuitionistic logics, as explained in Example 27. To solve this problem we have defined a variation of fibring called modulated fibring (for a detailed exposition see [Sernadas et al., 2002b]). The main goal of modulated fibring is to achieve a mechanism for combining logics
144
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
both at the semantic and at the deductive levels but avoiding the collapsing phenomenon. By its own nature, modulated fibring is more akin to categorial presentation ab initio, so this section has an underlying categorial perspective of its own.
3.1 Deductive systems The notion of signature must be enriched. In order to do that it is necessary to define what is a pre-modulated signature. DEFINITION 45. A pre-modulated signature is a triple C, &, Ξ where C is a signature, & is a symbol, and Ξ is a set. The role of the symbol & will become clear when giving the semantics. DEFINITION 46. A pre-modulated signature morphism h : C, &, Ξ → C , & , Ξ is a pair h1 , h2 such that h1 : C → C is a signature morphism and h2 : Ξ → Ξ is a map. Pre-modulated signatures and their morphisms constitute the category pSig. This category has finite colimits. DEFINITION 47. A modulated signature Σ is a co-cone in pSig, that is C, &, Ξ, S, where S is a set of pSig morphisms with codomain in the pre-modulated signature C, &, Ξ. The set S contains the “safe-relevant” pre-modulated signature morphisms whose destination is C, &, Ξ. Safety will play an important role in the definition of the entailments by constraining the admissible assignments to meta-variables in the range of safe-relevant pre-modulated signature morphisms. This is also the reason why the meta-variables are local to signatures which was not true in the case of fibring. DEFINITION 48. A modulated signature morphism h : Σ → Σ is a co-cone pre-modulated signature morphism, that is, h is a pre-modulated signature morphism such that h ◦ f ∈ S whenever f ∈ S. Modulated signatures and their modulated signature morphisms constitute the category mSig. Again this category has finite colimits, in particular pushouts. The set sL(Σ) of Σ-formulas is the free algebra over C and Ξ. We denote by L(C, &) the subset of sL(Σ) composed by ground formulas, that is ˘ → Σ we denote by sL(Σ, s) formulas without meta-variables. Given s : Σ ˘ and by the set of formulas in sL(Σ) whose main constructor is from s(C) L(C, &, s) the subset of sL(Σ, s) composed by ground formulas whose main ˘ A substitution over Σ is defined as in the previous constructor is from s(C). section. DEFINITION 49. A substitution σ is safe for a set of formulas Γ ⊆ sL(Σ) ˘ ∈ sL(Σ, s) for every s : Σ ˘ ∈ Γ. ˘ → Σ in S and s(ξ) if σ(s(ξ))
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
145
Therefore we should be careful whenever we have in a set of schema formulas images by safe-relevant signature morphisms of meta-variables that come from another signature. They have to be substituted by schema formulas whose main constructor belongs to that signature. Inference rules are defined as in the previous section so we omit its definition. DEFINITION 50. A pre-modulated deductive system over Σ is a triple Σ, R , Rg where Σ is a modulated signature and R and Rg are sets of inference rules with R ⊆ Rg . The notion of local and global deduction in the context of a pre-modulated deductive system is the same as in Section 2 so we omit its explicit definition. DEFINITION 51. A modulated deductive system D over Σ is a pre-modulated deductive system where 1. {δ1 &δ2 } δi with i equal to 1 or 2 (& elimination), and 2. {δ1 , δ2 } δ1 &δ2 (& introduction) for every formulas δ1 and δ2 . We denote by γ1 ∼ =Γ γ2 the fact that Γ, γ1 γ2 and Γ, γ2 γ1 . When Γ = ∅ then we will omit the reference to the set. To illustrate modulated deductive systems we present a modulated de¨ logics. G¨odel ¨ logics were introduced as approxiductive system for Godel mations to intuitionistic logic, and extended the propositional intuitionistic calculus. EXAMPLE 52. (3-valued) G¨del ¨ modulated deductive system. We adapt from the axiomatic system in [Hahnle, ¨ 2001]. The signature C, &, Ξ, S is such that: t, f ∈ C0 , C1 = {¬}, C2 = {∧, ∨, ⇒}, Ck = ∅ for all k ≥ 3, & is ∧, and Ξ = {ξi : i ∈ N}, • R = {{ξ1 , (ξ1 ⇒ ξ2 )}, ξ2 }; • Rg includes R plus: – the axiom schemas of propositional intuitionistic logic, see Example 5; – the axiom schema (((¬ ξ1 ) ⇒ ξ2 ) ⇒ (((ξ2 ⇒ ξ1 ) ⇒ ξ2 ) ⇒ ξ2 )).
We now introduce the notion of modulated deductive system morphism as a pair. The first component of the pair is a modulated signature morphism. DEFINITION 53. A modulated deductive system morphism from D to D ˆ h ˇ such that h ˆ : Σ → Σ is a modulated signature morphism is a pair h, ˇ and h : L(C ) → L(C) is a monotonic map with: ˆ 1. h(r) ∈ Rg for every r ∈ Rg ;
146
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
ˆ 2. h(r) ∈ R for every r ∈ R ; ˇ is left adjoint of h; ˆ 3. h ˆ h( ˇ ϕ ˆ ϕ ). 4. h(c( ))) h(c)( The more complex notion of modulated deductive system morphism is the adequate one for fulfilling the requirements that are necessary for preˇ can be serving congruence by modulated fibring. The contravariant map h seen as a map relating truth values (formulas) in the Lindendaum–Tarski algebras. Differently from Section 2 where preservation of congruence was obtained by sharing implication and equivalence, here this may not be the best solution because sharing of implication and equivalence leads in some cases to collapse. ˇ ) h(ϕ ˇ ) whenever Φ g ϕ and h(Φ ˇ ) ˇ ) g h(ϕ Observe that h(Φ whenever Φ ϕ for every Φ and ϕ in L(C , & ). PROPOSITION 54. Modulated deductive systems and their morphisms constitute a category named mDed. Modulated deductive system morphisms do preserve global and local deduction. PROPOSITION 55. Let h : D → D be a modulated deductive system ˆ is injective for Ξ and h(C) ˆ morphism such that h ⊆ sˆ (Csˆ ) whenever g ˆ ˆ ˆ h(Ξ) ∩ sˆ (Ξsˆ ) = ∅ for every sˆ ∈ S . Thus h(Γ) h(ϕ) whenever Γ g ϕ. A similar result holds for local deduction. We now define what is a bridge for modulated deductive systems. The bridge allows a mild relationship between the formulas in the modulated deductive systems that we want to combine as well as between their consequence relations. Again modulated fibring appears as a pushout in the category of modulated deductive systems. DEFINITION 56. A bridge between modulated deductive systems D and ˘ → D , f : D ˘ → D in mDed such that fˆ , D is a diagram β = f : D ˇ ˇ ˆ f are injective and f and f are surjective. DEFINITION 57. The modulated fibring of deductive systems D and D by a bridge β is a pushout of β in mDed. We now give an example of modulated fibring illustrating non-collapsing situations. EXAMPLE 58. Modulated fibring of propositional and G¨del ¨ logics. Let D be the modulated deductive system for propositional logic, D the modulated deductive system for 3-valued G¨ o¨del logic and β a bridge such that ˘ = ∅, S˘ = ∅, R ˘g = R ˘ include {∅, ˘t} C˘0 = {˘t}, C˘k = ∅ for all k = 0, Ξ ˘ and the rules for & elimination and introduction, idΣ ∈ S , idΣ ∈ S ,
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
147
fˆ (˘t) = t , fˆ (˘t) = t , fˇ (ϕ ) = ˘t for every ϕ and fˇ (ϕ ) = ˘t for every ϕ . Then the modulated fibring of D and D by β does not collapse. We now analyze an example of modulated fibring of deductive systems sharing the negation constructor. ¨ logics sharing EXAMPLE 59. Modulated fibring of propositional and G¨del o¨del logic negation. Let D be the modulated deductive system for 3-valued G¨ (see Example 52) and D be the modulated deductive system for propositional logic. Consider a bridge β such that: ˘ = ∅, S˘ = ∅; ¬}, C˘k = ∅ for k ≥ 2, Ξ • C˘0 = {˘f , ˘t}, C˘1 = {˘ • S = {idΣ } and S = {idΣ }; • fˆ (˘f ) = f , fˆ (˘t) = t and fˆ (˘ ¬) = ¬ ; ⎧ ˘ ⎨ ϕ˘ p.t. ϕ is fˆ (ϕ) ˘f p.t. ϕ f • fˇ (ϕ ) = ; ⎩ ˘ t otherwise • fˆ and fˇ defined in a similar way; ˘ g and R ˘ are the translations of the ground instances of Rg , R , R , • R ˘ elimination and introduction. R by fˇ and fˇ plus the rules & Note that the pair fˆ , fˇ is a morphism. In the modulated fibring Ck = gˆ (Ck ) ∪ gˆ (Ck ) and Ξ = gˆ (Ξ ) ∪ gˆ (Ξ ), Rg = gˆ (Rg ) ∪ gˆ (Rg ) ∪ R and R includes gˆ (R ) ∪ gˆ (R ), the rules for & elimination and introduction, and the rules for the modulated fibring.
3.2
Interpretation systems
In this section we investigate modulated fibring from a semantic point of view. The basic semantic unit is the structure for a modulated signature. DEFINITION 60. A modulated structure B = B, ≤, ν over Σ is a preordered algebra over C and & with finite meets4 such that 1. ν2 (&)(b1 , b2 ) = b1 b2 ; 2. νk (c)(b1 , . . . , bk ) ∼ = νk (c)(d1 , . . . , dk ) whenever bi ∼ = di for i = 1, . . . , k. The symbol & is the syntactical counterpart of 2-ary meets. Note that constraint 2 is a congruence requirement: denotations of a constructor on “equivalent” truth values should be “equivalent”. We omit the reference to the arity of the constructors and the subscripts in signature morphisms in 4 In
a pre-order, by b1 ∼ = b2 it is meant b1 ≤ b2 and b2 ≤ b1 .
148
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
order to make the notation lighter. Sometimes we also use b as a short hand for b1 , . . . , bk . Moreover, as is more convenient, we will refer to a structure over a signature Σ as a Σ-structure. DEFINITION 61. A modulated interpretation system is a tuple I = Σ, M, A where Σ is a modulated signature, M is a class (of models), A is a map associating to each m in M a modulated structure Bm over Σ. The modulated interpretation system could be a pair Σ, B where B is a class of modulated structures. We include M because one can take the models of the logic at hand and use A to extract the underlying algebras. In this sense, A(M ) can be understood as the class of interpretation structures. Some of the examples we consider are many-valued logics. For more details about these logics see [Gottwald, 2001; Carnielli, 1987; Carnielli and Marcos, 1999; Carnielli and Marcos, 2001; H¨ a¨hnle, 2001; Carnielli and Marcos, 2002]. EXAMPLE 62. Taking into account the modulated signature for intuitionistic logic based on the signature presented in Example 2 and the modulated signature for (3-valued) G¨ o¨del logic in Example 52, we define the following modulated interpretation systems: Intuitionistic interpretation system • M is the class of all pairs m = H, v where H = B, , , , ⊥, is a Heyting algebra and v : C0 → B such that v(t) = ; • A(m) = B, ≤, ν where – – – –
b1 ≤ b2 iff b1 b2 = b1 ; ν0 (c) = v(c), ν2 (∧) = and ν2 (∨) = ; ν2 (⇒) =; ν1 (¬) = λb.b ⊥.
(3-valued) G¨ o¨del interpretation system • M is the class of all pairs m = G, v where G = B, , , , , ⊥, is a 3-valued G¨ o¨del algebra5 and v : C0 → B such that v(t) = ; • A(m) = B, ≤, ν where – b1 ≤ b2 iff b1 b2 = b1 ; – ν0 (c) = v(c), ν2 (∧) = , ν2 (∨) = and ν1 (¬) = ; – ν(⇒) =.
5 Recall that the typical 3-valued G¨ ¨ odel algebra has B = {⊥, 1/2, } and operations and are defined as follows: b = 1 whenever b = 0 and 0 otherwise, and b1 b2 is if b1 ≤ b2 and b2 otherwise.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
149
The objective now is to introduce the notion of entailment. As in section 2 we have two entailments: global entailment and local entailment. We need the notion of assignment for defining the denotation of formulas and entailments. Assignments that give values to schema variables that come from safe-relevant morphisms are referred to as safe. ˘ → Σ be a modulated signature morphism and B a modulated Let s : Σ structure over Σ. Then, B(s) is the smallest subalgebra of B for signature ˘ s(Σ). DEFINITION 63. Given a modulated interpretation system we say that an assignment is over a model m if α : Ξ → Bm . The assignment α is said to ˘ ∈ B(s) for every s : Σ ˘ →Σ be safe for a set of formulas Γ ⊆ sL(Σ) if α(s(ξ)) ˘ ∈ Γ. in S and s(ξ) Safe assignments show the relevance of having the component S in signatures and will be necessary when defining the entailment. Interpretation of formulas in an algebra is defined as usual. DEFINITION 64. Given a Σ-structure B and an assignment α, a formula γ is globally satisfied by B and a safe assignment α for γ, written Bα γ, ∼ if [[γ]]α B = . A formula γ is locally satisfied by B, a safe assignment α for γ and b ∈ B, written Bαb γ, if b ≤ [[γ]]α B. In the context of a modulated interpretation system, we may use [[γ]]α m instead of [[γ]]α . Moreover, we write mα γ and mαb γ whenever A(m) ( Bm α γ and Bm αb γ, respectively. Observe that local satisfaction of a formula at a truth value b indicates that a formula is at least as true as b. DEFINITION 65. A formula δ is globally entailed from a finite set of formulas Γ, written Γ g δ, if, for every model m and safe assignment α for Γ ∪ {δ}, mα δ whenever mα γ for every γ ∈ Γ. A formula δ is globally entailed from a set of formulas ∆, written ∆ g δ, if there is a finite set Γ contained in ∆ such that Γ g δ. DEFINITION 66. A formula δ is a locally entailed from a finite set of formulas Γ, written Γ δ, if mαb δ whenever mαb γ for every γ ∈ Γ, m ∈ M , safe assignment α over m for Γ ∪ {δ} and b ∈ Bm . A formula δ is a locally entailed from a set of formulas ∆, written ∆ δ, if there is a finite set Γ contained in ∆ such that Γ δ. DEFINITION 67. A modulated interpretation system morphism h : I → I ˆ h, h, ˙ h ¨ where: is a tuple h, ˆ : Σ → Σ is a morphism in mSig; • h • h : M → M is a map; • h˙ = {h˙ m }m ∈M where h˙ m : Bh(m ) , ≤h(m ) → Bm , ≤m is a monotonic map;
150
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
¨ = {h ¨ m }m ∈M where h ¨ m : B , ≤ → Bh(m ) , ≤h(m ) is a • h m m monotonic map preserving preserving finite meets; k k such that for every m ∈ M , b ∈ Bh(m ) and b ∈ Bm :
¨ m is left adjoint of h˙ m ; 1. h ˆ ∼ ˙ ¨ 2. νm (h(c))(b ) =m hm (νh(m ) (c)(hm (b ))) for every c ∈ Ck .
The map h is contravariant as expected. The family of maps h˙ m and ¨ hm indicate that we need to represent the truth values of Bh(m ) in the truth values of Bm and vice versa. Clause 1. establishes constraints that the maps should fulfill. Clause 2. indicates that denotations of constructors from C in a model m can be given for any truth values in Bm by using the two maps. The morphism between interpretation systems presented in Section 2 is a ¨ m = idB particular case of the one in Definition 67 with h˙ m = idBm , h h (m ) and hence, Bh(m ) = Bm , etc. PROPOSITION 68. Modulated interpretation systems and their morphisms constitute a category, named mInt. ˆ can be extended to a map h ˆ ∗ between forA signature morphism h ∗ ∗ ∗ ˆ ˆ (ξ) = h(ξ), ˆ ˆ (c(γ1 , . . . , γk )) = ˆ (c) = h(c) for c ∈ C0 , h and h mulas: h ˆ ∗ (γk )) for a k-ary connective c. Below, h ˆ is used for the ˆ ˆ ∗ (γ1 ), . . . , h h(c)( h ∗ ˆ map h . We show below that global and local semantic entailments are preserved by some kind of morphisms. PROPOSITION 69. Let h : I → I be an interpretation system morˆ ∈ S whenever ¨ m is surjective for every m in M and h phism such that h g ˆ ˆ Γ ∪ {δ} has meta-variables. Then (1) h(Γ) h(δ) whenever Γ g δ and ˆ ˆ (2) h(Γ) h(δ) whenever Γ δ. As we shall see in the modulated fibring the morphisms that relate interpretation systems do have the required properties. The underlying intuition is that each model in the modulated fibring of I and I will be a pair m , m where m is a model of I and m is a model of I . Moreover the truth values in the algebra of m , m should be the union of the truth values in the algebras of m and m . However, for denotations of formulas we need some relationship between the truth values of m and m for every m and m . Such a relationship is established by the notion of bridge. DEFINITION 70. A bridge between modulated interpretation systems I and I is a diagram β = f : I˘ → I , f : I˘ → I in mInt such that fˆ , ˙ ¨ ¨ fˆ , f˙m and fm are injective maps and fm and fm are surjective maps for every m ∈ M and m ∈ M , respectively.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
151
The category mInt has pushouts. The proof of this result is intricate and we invite the reader to follow the steps of the proof in [Sernadas et al., 2002b]. DEFINITION 71. The modulated fibring of interpretation systems I and I by a bridge β is a pushout of β in mInt. Examples and the collapsing problem We give some examples of modulated fibring showing how the collapse can be avoided. To see a description of the most common collapse we refer the reader to [Sernadas et al., 2002b]. We now define a specific bridge that leads to a non-collapsing situation whenever there is no sharing of constructors. EXAMPLE 72. Modulated fibring of propositional and intuitionistic logics. Let I be a propositional modulated interpretation system, I an intuitionistic modulated interpretation system and β a bridge such that C˘0 = {˘t}, ˘ ˘ = ∅, S˘ = ∅ M ˘ = {m}, C˘k = ∅ for all k = 0, Ξ ˘ Bm ˘ = {}, idΣ ∈ S , ˘ for every ˘ and f¨m (b ) = f¨m (b ) = idΣ ∈ S , f (m ) = f (m ) = m m ∈ M , m ∈ M , b ∈ Bm ∈ Bm and b . Then the modulated fibring of I and I does not collapse. Intuitionistic logic collapses into propositional logic when the formula ((¬(¬ ϕ)) ⇔ ϕ) becomes valid which is not the case. Observe that in the modulated fibring, g˙ (Bm ) is a Boolean algebra “equivalent” to Bm and g˙ (Bm ) is a Heyting algebra “equivalent” to Bm .
Similarly to Farinas ˜ del Cerro and Herzig’s C+J logic as presented in [del Cerro and Herzig, 1996], in the modulated fibring of propositional logic I and intuitionistic logic I considered above, we have also no problems with the validity of the formula gˆ (ϕ ⇒ (ψ ⇒ ϕ )) since, according to our semantics, the formula is only valid for “intuitionistic values”. Propositional values are converted to the intuitionistic value “t”. The following example illustrates several possible combinations of propositional logic and G¨ o¨del logic through different bridges. EXAMPLE 73. Modulated fibring of propositional and G¨del ¨ logics. Let I and I be the modulated interpretation systems for 3-valued G¨ o¨del logic and propositional logic (see Example 62). For propositional logic only 2-valued algebras are included. Consider the fibring of propositional and G¨ o¨del logics modulated by three different bridges β = f : I˘ → I , f : I˘ → I as follows: Bridge 1: • I˘ is such that ˘ = {m}; – M ˘ ˘ {, ˘ }, ˘ ν˘; ˘ – A(m) ˘ = {},
152
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
• f and f are such that – f (m ) = f (m ) = m; ˘ ˘ ˙ ˘ = ; ˙ – f () = and f () m
m
m
m
˘ ¨ ˘ – f¨m ∈ Bm (b ) = and fm (b ) = for every b ∈ Bm , b ;
Bridge 2: • I˘ is such that ˘ = {m}; – M ˘ ˘ }, ˘ {⊥, ˘ ⊥, ˘ ⊥, ˘ , ˘ , ˘ }, ˘ ν˘; ˘ m) – A( ˘ = {⊥, • f and f are such that – f (m ) = f (m ) = m; ˘ ˘ ˙ ˘ ˘ ) = ; ˙ – fm (⊥m ˘ ) = ⊥m , fm (m m ˘m ˙ ˘ ˘ ) = ; – f˙ (⊥ ˘ ) = ⊥ and f (m m
m
m
m
˘ ˘ and f¨ (b ) = ˘m – f¨m (⊥m ) = ⊥m ˘ for every b = ⊥m ; m ˘m ¨ ˘ ˘ for every b = ⊥ ; – f¨ (⊥ ) = ⊥ ˘ and f (b ) = m m
m
m
m
Bridge 3: • I˘ is such that ˘ = A (M )| ˘ ∪ A (M )| ˘ ; – M C C – A˘ is the identity map; • f and f are such that – f (m ) = A (m )|C˘ and f (m ) = A (m )|C˘ ; – f˙ = idB and f˙ = idB ; m
– f¨m = idB ˘
m
f (m )
m
m
and f¨m = idB ˘
f (m )
.
Bridges 1, 2 and 3 can be used to modulate the fibring when C˘0 = {˘t} and ˘ = ∅ and S˘ = ∅. Then ν˘ is a family of empty maps except for ν˘0 C˘k = ∅, Ξ ˆ and f and fˆ are also empty maps except for k = 0. Bridges 2 and 3 can ¬}, C˘k = ∅ for be used to modulate the fibring when C˘0 = {˘f , ˘t}, C˘1 = {˘ ˘ = , ˘ ν˘(˘ ˘ =⊥ ˘ and fˆ and fˆ are ˘ = ∅, S˘ = ∅, ν˘(˘ ¬)(⊥) ¬)() every k ≥ 2, Ξ ¬) = ¬ and fˆ (˘ ¬) = ¬ . Bridge 3 can be used to modulate such that fˆ (˘ ˘ ˘ the fibring when C = C = C , Ξ = ∅, S˘ = ∅ and fˆ and fˆ are such that ˘ ) = ∧ , fˆ (˘ ˘ ) = ∧ (corresponding to the ¬) = ¬ , fˆ (∧ ¬) = ¬ and fˆ (∧ fˆ (˘ collapse of Godel ¨ logics into propositional logics since in the fibring we will only have Boolean algebras).
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
153
3.3 Preservation results We start by putting together interpretation systems and deductive systems in modulated logic systems. Then we define modulated fibring as a pushout in the category of modulated logic systems. Finally we give new examples of modulated fibring and investigate preservation of soundness and completeness. DEFINITION 74. A modulated logic system L is a tuple Σ, M, A, Rg , R such that Σ, M, A is a modulated interpretation system and Σ, Rg , R is a modulated deductive system. To simplify we follow the conventions for presenting modulated logic systems introduced in Section 2. So given a modulated logic system L we denote its deductive part by D(L) and its interpretation part by I(L). Moreover we assume that L is Σ, M, A, Rg , R and we omit its reference in the consequence relations when there is no ambiguity. DEFINITION 75. A modulated logic system is globally sound if Γ g δ whenever Γ g δ for every Γ and δ in L(C). A logic system is globally complete if Γ g δ whenever Γ g δ, for every Γ and δ in L(C). Analogously for the local notions. When Γ is ∅ we obtain weak completeness and weak soundness. Note that for modulated fibring we define soundness and completeness over non-schematic formulas. Preservation of soundness We now concentrate our attention on soundness. The main objective is to obtain a result stating that if we start with sound modulated logic systems then the logic system obtained by modulated fibring is again sound. DEFINITION 76. Given a modulated logic system L, a model m in M is a model for D(L) if for every rule Γ, δ ∈ Rg , mα δ whenever mα γ for every γ ∈ Γ and safe assignment α for Γ ∪ {δ} and for every rule Γ, δ ∈ R , mαb δ whenever mαb γ for every γ ∈ Γ, safe assignment α for Γ ∪ {δ} and b ∈ Bm . The next result establishes sufficient conditions for a modulated logic system to be sound. PROPOSITION 77. Let L be a logic system such that each m in M is a model for D(L). Then L is globally and locally sound. We conclude with the main result on preservation of soundness. THEOREM 78. The modulated fibring g : L → L, g : L → L of L and L by a bridge β is sound, provided that L and L are sound, idΣ ∈ S and idΣ ∈ S .
154
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Preservation of completeness Herein we revisit completeness with the objective of obtaining preservation results. We restrict our results to strong global completeness. For local completeness see [Sernadas et al., 2002b]. The first main result is Theorem 80 which establishes a sufficient condition for global completeness of a modulated logic system. The second main result is Theorem 83 that provides sufficient conditions for preservation of global completeness. Observe that & is congruent: assume that Γ, γi d δi , for i equal to 1 or 2. Note that Γ, (γ1 &γ2 ) γi with i equal to 1 or 2. Hence Γ, (γ1 &γ2 ) δi for i equal to 1 or 2 and so Γ, (γ1 &γ2 ) (δ1 &δ2 ). Another restriction is to be assumed: we will work with modulated logic systems that have a special verum constructor t of 0-arity. Completeness is obtained based on the fact that for each globally closed set of formulas Γ, we have a model whose underlying structure is the Lindenbaum–Tarski algebra for Γ. See [Sernadas et al., 2002b] to check the details of the definition of Lindenbaum–Tarski algebra for a set over a modulated deductive system. As shown in that work the Lindenbaum– Tarski algebra validates the rules in the modulated deductive system at hand. Recall the notions of congruence and with verum in Definition 36. In the context of modulated logic systems, fullness has a slightly different formulation. DEFINITION 79. A modulated logic system L with congruence and verum is full if, for every set of formulas Γ globally closed, there is a model mΓ such that A(mΓ ) is isomorphic to the Lindenbaum–Tarski algebra for Γ. It is possible to enrich the class of models of a modulated interpretation system with one extra model corresponding to the Lindenbaum–Tarski algebra for Γ for each globally closed set Γ. Now we can state the main result of this section. THEOREM 80. Every full logic system L with congruence and verum is global strong complete. The main goal is to establish preservation of strong global completeness by modulated fibring under reasonable conditions. According to Theorem 80 we can conclude that a modulated logic system is complete provided that it is full and with congruence and verum. Therefore we prove that congruence and verum are preserved by modulated fibring. Moreover we also prove that fullness is preserved by modulated fibring provided that the bridge has additional properties. THEOREM 81. The modulated fibring g : L → L, g : L → L of logic systems L and L with congruence and verum by a bridge β is with congruence and verum.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
155
Observe that the more complex notion of modulated deductive system morphism was essential for the preservation of congruence without the requirement of sharing implication and equivalence (as in Section 2 leading to the unwanted collapse). For the preservation of fullness by modulated fibring we need further constraints on the bridge. DEFINITION 82. A bridge f : L˘ → L , f : L˘ → L is adequate whenever L , L , L˘ are full, with congruence and verum and f (mΓ ) = mfˇ(Γ ) and f (mΓ ) = mfˇ(Γ ) for every globally closed sets of ground formulas Γ and Γ . So by using Theorem 80 we can conclude that the modulated fibring of full logic systems with congruence and verum by an adequate bridge is strong global complete. The proof of this result and of the preservation of fullness can be checked in [Sernadas et al., 2002b]. THEOREM 83. The modulated fibring g : L → L, g : L → L of logic systems L and L by an adequate bridge β is strong global complete. EXAMPLE 84. The following modulated fibrings are strong global complete: • Unconstrained modulated fibring of full logic systems with congruence and verum by an adequate bridge. In particular, the unconstrained modulated fibring of full propositional and intuitionistic logics is strong global complete. The same holds for the unconstrained modulated fibring of full propositional and L ukasiewicz logics. • The modulated fibring of full propositional logic and G¨ o¨del logic sharing negation is strong global complete. • The modulated fibring of full G¨ o¨del logic and Lukasiewicz logic sharing conjunction and disjunction is strong global complete.
4
FIBRING OF NON-TRUTH FUNCTIONAL LOGICS
We now present an extension of fibring towards non-truth-functional logics (based on [Caleiro et al., 2003a]). In fact, the question is primarily related to the kind of structure that we have used to present the semantics of a logic. Although quite general, there are very interesting logics that fail to have a meaningful semantics presented as in Section 2. Paradigmatic examples of this phenomenon are, for instance, the paraconsistent systems Cn of da Costa [da Costa, 1963], subsystems of propositional classical logic in which the principle of Pseudo Scotus γ, (¬ γ) δ does not hold. It is well known that, in all the Cn systems, negation cannot be given a truth-functional semantics [Mortensen, 1980; Lewin et al., 1991]. That is, homomorphic
156
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
interpretation of formulas on a truth-value algebra over the syntactical signature of the logic simply does not work. In order to be able to also deal with such logics, we need to consider a more general notion of semantic interpretation structure and to redefine fibring in a way that is consistent with the previous characterization. The main ingredient will be the use of a suitable auxiliary logic, that we call the meta-logic, where the (possibly) non-truth-functional valuations are specified.
4.1 Deductive systems Deductively, we adopt without any changes the basic setting introduced in Section 2. We shall just present our running example for this section. In [da Costa and Carnielli, 1988], a paraconsistent deontic logic called C1D is introduced including the paraconsistent system C1 and the modal system D (interpreting the modal operator as “obligatory”). Our aim will be to analyze C1D at the light of fibring the paraconsistent logic C1 of da Costa [da Costa, 1963] with the deontic modal logic D. EXAMPLE 85. (Deontic paraconsistent logic) We consider the deductive systems DD and DC1 of modal logic D and of paraconsistent logic, respectively, as defined in Example 5. We shall consider their fibring by sharing the propositional symbols, conjunction, disjunction and implication. For that purpose we shall rename their negation connectives to ¬D and ¬C1 , respectively. The fibred deductive system DD +DC1 puts together all the local and global rules of each of the calculi, with their corresponding negations now indexed as explained above. In order to get the deontic paraconsistent system C1D of [da Costa and Carnielli, 1988], at the proof-theoretic level, we need to introduce the following axiom schema: • ξ1◦ ⇒ (ξ1 )◦ . This interaction axiom could never be obtained using the basic fibring operation since it makes full use of the mixed language. Just note that γ ◦ is now an abbreviation of (¬C1 (γ ∧ (¬C1 γ))).
4.2 Interpretation system presentations As hinted above, the big difference with respect to Section 2 concerns the semantic aspects of logic. Observe that, when setting-up an algebraic semantics for a truth-functional logic, we endow it with models that are algebras (of truth-values) over the signature of the logic and evaluate formulas homomorphically. This approach fails when the logic is not truth-functional. But yet within the spirit of “algebraic semantics”, there is a solution: work instead with two-sorted algebras of formulas and truth-values and include the valuation map as an operation between the
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
157
two sorts. This approach, stemming from [Caleiro et al., 2003a], captures, as a special case, truth-functional logics by imposing the homomorphism conditions on the valuation map, which can be done with equations. Looking at examples of non-truth-functional logics we find that the envisaged requirements on the valuation map could also be imposed by, albeit conditional, equations. Therefore, we are led to the following algebraic notion of possibly non-truth-functional semantics: each model is a two-sorted algebra (of formulas and truth-values) including a valuation operation that satisfies some requirements written in a suitable conditional equational meta-logic. Since it is enough for the present purposes, we choose conditional equational logic (CEQ, [Goguen and Meseguer, 1985; Meseguer, 1998]) as the meta-logic. DEFINITION 86. Given a signature C, the induced two-sorted meta-signature Σ(C, Ξ), with sort φ (for formulas) and sort τ (for truth-values), has the following operations: • O φ = C0 ∪ Ξ; • Oφk φ = Ck for k > 0; • Oφ τ = {v}; • O τ = {, ⊥}; • Oτ τ = {−}; • Oτ τ τ = {, , }; and • Oω s = ∅ in the other cases. We shall use Σ(C) to denote the subsignature Σ(C, ∅), that is, where O φ = C0 . The operations , ⊥, −, , , are used as generators of truthvalues. The symbol v is interpreted as a valuation map. We consider the following sets of variables for Σ(C, Ξ) and Σ(C): Xφ = {y1 , y2 , . . . } and Xτ = {x1 , x2 , . . . }. For ease of notation we simply use X to denote the two-sorted family {Xφ , Xτ }. Recall that a term t is called a ground term if it does not contain variables, and that a substitution θ is said to be ground if it replaces every variable by a ground term. We want to write valuation specifications (within the adopted meta-logic CEQ) over Σ(C) and X. Recall that a CEQ-specification is composed of conditional equations of the general form: (eq1 & . . . & eqn → eq) with n ≥ 0. Each equation is of the form t = t where t, t are terms of the same sort built over Σ(C) and X. The sort of each equation is defined to be
158
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
the sort of its terms. A conditional equation that only involves equations of a given sort is said to be a conditional equation of that sort. Conditional equations are universally quantified, although, for the sake of simplicity, we omit the quantifier, contrarily to the notation used in [Meseguer, 1998]. For example, ( → v(y1 ∧ y2 ) = v(y1 ) v(y2 )) is a conditional equation of sort τ , supposing that ∧ ∈ C2φ . In the sequel we shall only need to consider specifications containing exclusively conditional equations (or meta-axioms) of sort τ . Such specifications are called τ -specifications in the sequel. The deductive system of CEQ [Meseguer, 1998] is a system for deriving equations from a given specification of conditional equations. It consists of the usual rules for reflexivity, symmetry, transitivity and congruence of equality, plus a form of Modus Ponens that allows us to obtain an equation eq θ from already obtained equations eq1 θ, . . . , eqn θ, given a conditional equation (eq1 & . . . & eqn → eq) in the specification and a substitution θ. In the sequel, we use CEQ Σ(C,Ξ) to denote the corresponding consequence relation. DEFINITION 87. An interpretation system presentation is a pair S = C, S where C is a signature and S is a τ -specification over Σ(C). As a minimal requirement regarding the compatibility with our previous notion of interpretation structure, we shall assume that the truth-values constitute a Heyting algebra. We denote by S • the specification composed of the meta-axioms in S plus equations specifying precisely the class of Heyting algebras. DEFINITION 88. Given an interpretation system presentation S, the class Str(S) of interpretation structures presented by S is the class of all algebras over Σ(C, Ξ) satisfying S • . Note that, being a two-sorted algebra over Σ(C, Ξ), an interpretation structure B can be seen as a tuple Bφ , Bτ , ν, vB , B , ⊥B , −B , B , B , B such that Bφ , ν is a C-algebra, vB : Bφ → Bτ is a function, and moreover Bτ , B , ⊥B , −B , B , B , B is a Heyting algebra. In the sequel, we need to refer to the denotation [[t]]ρB of a meta-term t given an assignment ρ over an interpretation structure B. As expected, an assignment maps each variable to an element in the carrier set of the sort of the variable. In the case of a ground term t, as usual, we just write [[t]]B for its denotation in B. For the sake of economy of presentation, we introduce the following abbreviations: x1 ≤ x2 for x1 x2 = x1 , and x1 ≡ x2 for (x1 x2 )(x2 x1 ). The relation symbol ≤B denotes the partial order on truth-values in a given interpretation structure B. Of course Bτ is also a bounded lattice with meet B , join B , top B and bottom ⊥B (cf. [Birkhoff, 1967]). As expected, b1 ≤B b2 and b1 ≡B b2 are abbreviations of b1 B b2 = b1 and (b1 B b2 ) B (b2 B b1 ), respectively. It is also well known that the Heyting algebra axioms further imply that [[t1 ]]ρB ≤B [[t2 ]]ρB if and only if [[t1 t2 ]]ρB = B , and [[t1 ]]ρB = [[t2 ]]ρB if and only if [[t1 ≡ t2 ]]ρB = B .
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
159
EXAMPLE 89. Taking into account the signatures introduced in Example 2, we can consider the following interpretation system presentations: Paraconsistent logic C1 S C1 = C C1 , S, where S contains one further meta-axiom in order to obtain a specification of the class of all Boolean algebras; e.g. • ( → −(−x1 ) = x1 ). plus the valuation axioms • • • • • • • • • • •
( ( ( ( ( ( ( ( ( ( (
→ v(t) = ); → v(f ) = ⊥); → v(y1 ∧ y2 ) = v(y1 ) v(y2 )); → v(y1 ∨ y2 ) = v(y1 ) v(y2 )); → v(y1 ⇒ y2 ) = v(y1 ) v(y2 )); → −v(y1 ) ≤ v(¬ y1 )); → v(¬(¬ y1 )) ≤ v(y1 )); → v(y1◦ ) v(y1 ) v(¬ y1 ) = ⊥); → v(y1◦ ) v(y2◦ ) ≤ v((y1 ∧ y2 )◦ )); → v(y1◦ ) v(y2◦ ) ≤ v((y1 ∨ y2 )◦ )); → v(y1◦ ) v(y2◦ ) ≤ v((y1 ⇒ y2 )◦ )).
The reader should be warned that we are using Boolean algebras here as a metamathematical environment sufficient to carry out the computations of truth-values for the formulas in C1 . Specifically we are not introducing any unary operator in the Boolean algebras corresponding to paraconsistent negation, but we are computing the values of formulas of the form (¬ γ) by means of conditional equations in the algebras. In other words, ¬ does not correspond to the Boolean algebra complement −. It is straightforward to verify that every paraconsistent bivaluation introduced in [da Costa and Alves, 1977] has a counterpart in Str(S C1 ). Furthermore, the additional interpretation structures do not change the semantic entailment (as defined below). Note that it is easy to adapt this example in order to set up the interpretation system presentations for the whole hierarchy Cn by specifying the paraconsistent n-valuations introduced in [Lopari´ ´c and Alves, 1980]. Modal logic D S D = C D , S, where S contains a meta-axiom in order to obtain a specification of the class of all Boolean algebras, as above, plus the valuation axioms
160
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
• ( → v(t) = ); • ( → v(¬ y1 ) = −v(y1 )); • ( → v(y1 ∧ y2 ) = v(y1 ) v(y2 )); • ( → v(y1 ∨ y2 ) = v(y1 ) v(y2 )); • ( → v(y1 ⇒ y2 ) = v(y1 ) v(y2 )); • ( → v(t) = ); • ( → v((y1 ∧ y2 )) = v(y1 ) v(y2 )); • ( → v(y1 ) v(♦y1 ) = v(y1 )); • (v(y1 ) = v(y2 ) → v(y1 ) = v(y2 )). It is straightforward to verify that every Kripke model has a counterpart in Str(S D ): consider the algebra of truth-values given by the power set of the set of worlds. Furthermore, every general model in [Zanardo et al., 2001] also has a counterpart in Str(S D ): take B, ν as the algebra of the truth-values. Again, the extra interpretation structures do not change the semantic entailment. After this example, we can now clarify the meaning of non-truth-functional semantics. To be as general as possible we shall not only consider primitive connectives (as given by the object signature) but also derived ones. As usual, a derived connective of arity k is a λ-term λy1 . . . yk . δ, where the variables occurring in the schema formula δ are taken from y1 , . . . , yk . Of course, if c ∈ Ck is a primitive connective it can also be considered as the derived connective λy1 . . . yk . c(y1 , . . . , yk ). DEFINITION 90. A derived connective λy1 . . . yk . δ is said to be truthfunctional in a given interpretation system presentation S if v(y) S • CEQ Σ(C,Ξ) v(δ) = t θ x v(y)
for some τ -term t written only on the variables x1 , ..., xk , where θ x is the v(y) substitution such that θ x (xn ) = v(yn ) for every n ≥ 1. If it is not possible to fulfill the above requirement, the connective is said to be non-truth-functional in S. Showing that a certain connective is non-truth-functional can be a very hard task. In C1 , classical negation ∼ := λy1 . ((¬ y1 ) ∧ y1◦ ) (take t as −x1 ) and equivalence ⇔ := λy1 y2 . (y1 ⇔ y2 ) (take t as x1 ≡ x2 ) are both truthfunctional. And, of course, so are the primitive conjunction λy1 y2 . (y1 ∧ y2 ), disjunction λy1 y2 . (y1 ∨ y2 ), and implication λy1 y2 . (y1 ⇒ y2 ). On the other hand, paraconsistent negation λy1 . (¬ y1 ) is known to be non-truthfunctional. We refer the reader to [Mortensen, 1980] for a proof of this fact.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
161
In the modal interpretation system presentation D above, all derived connectives are truth-functional, but the modality λy1 . ( y1 ) would require in Σ(C) the extra generator D in Oτ τ satisfying: • ( → D() = ); • ( → D(x1 x2 ) = D(x1 ) D(x2 )); • ( → D(x1 ) −D(−x1 ) = D(x1 )); • ( → v( y1 ) = D(v(y1 ))). Note that these axioms on D are very closely related to the last four valuation axioms of S D , which allowed us to specify the intended modal algebras and still avoid the use of D. Although such an operation D could be easily defined over the set of truth-values according to the axioms above, our definition does not comply with its inclusion in the signature Σ(C). We are now ready to define the (global and local) semantic entailments. DEFINITION 91. We say that δ is globally entailed from Γ in an interpretation system presentation S, written Γ gS δ when, for every B ∈ Str(S), if vB ([[γ]]B ) = B for each γ ∈ Γ then vB ([[δ]]B ) = B . DEFINITION 92. We say that δ is locally entailed from Γ in an interpretation system presentation S, written Γ S δ when, for every B ∈ Str(S) and every b ∈ Bφ , if vB (b) ≤B vB ([[γ]]B ) for each γ ∈ Γ then vB (b) ≤B vB ([[δ]]B ). We now need to define the fibring of interpretation system presentations in a way that is consistent with the previous characterization. Here we face the novel problem of defining fibring as an operation on logics endowed with non-truth-functional semantics as defined above. In the fibring, like in the truth-functional case, we still expect to find two-sorted algebras over the new signature whose reducts are models of the logics being fibred. Therefore, when fibring two interpretation system presentations, we expect to put together the signatures and the requirements on the valuation map. DEFINITION 93. The fibring of interpretation system presentations S and S denoted by S + S is the interpretation system presentation C ∪ C , S ∪ S .
162
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Given signatures C and C such that C ⊆ C and an interpretation structure B = Bφ , Bτ , ν , vB , B , ⊥B , −B , B , B , B over Σ(C , Ξ), the reduct of B to Σ(C, Ξ) is B |C = Bφ , Bτ , ν |C , vB , B , ⊥B , −B , B , B , B . The following result confirms the intuitions that guided the definition: PROPOSITION 94. Given S and S as above, B ∈ Str(S + S ) if and only if: • B|C ∈ Str(S ); • B|C ∈ Str(S ). For illustration, consider the following example of constrained fibring. EXAMPLE 95. (Deontic paraconsistent logic) Let us see if we can recover C1D as a fibring, as in Example 85, but now at the semantic level. As before, we want to share the propositional symbols, conjunction, disjunction and implication, and so we rename the negation connectives of D and C1 to ¬D and ¬C1 , respectively. The fibred interpretation system presentation ends up having two negations: a paraconsistent negation and a classical negation inherited from D. Clearly, the derived (classical) strong negation λy1 . ((¬C1 y1 ) ∧ y1◦ ) inherited from C1 collapses into ¬D . In order to recover C1D , we have to add one additional meta-axiom on valuations to the previously obtained fibred interpretation system presentation: • ( → v(y1◦ ) ≤ v(( y1 )◦ )). Using the terminology introduced in [Carnielli and Coniglio, 1999], this procedure can be seen as a splitting of C1D in the components D and C1 . This idea is also in the spirit of the broad meaning of fibring, as described in [Gabbay, 1999], Chapter 1. Categorial perspective We first define the category of interpretation system presentations. Just note that any signature morphism h : C → C freely extends to a map from the meta-language over C to the meta-language over C that we also denote by h. DEFINITION 96. An interpretation system presentation morphism h : C, S → C , S is a signature morphism h : C → C such that h(S) ⊆ S • . Due to this definition, it is straightforward to verify that interpretation system presentation morphisms preserve both local and global entailment. Interpretation system presentations and their morphisms constitute a category Isp. As in previous situations, we can now characterize the fibring of interpretation system presentations as colimits in Isp. PROPOSITION 97. Let S and S be interpretation system presentations. Their unconstrained fibring S + S is a coproduct in the category Isp.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
163
PROPOSITION 98. Let f : S 0 → S and f : S 0 → S be interpretation system presentation morphisms, where S 0 = C ∩ C , ∅. The constrained fibring of S and S sharing S 0 is a pushout in the category Isp.
4.3
Preservation results
Besides recovering fibring in this wider context we can also prove that this extended notion of fibring preserves soundness and completeness under reasonable conditions. The completeness transfer result generalizes the ones established before and is obtained using a new adequacy preservation technique exploiting the properties of the meta-logic, in this case CEQ. We should stress that the present approach is not just an adaptation of previous work but it involves the conceptual breakthrough of dropping the widely accepted principle of truth-functionality. We start by introducing logic system presentations with both a deductive component and a (possibly) non-truth-functional semantic component. DEFINITION 99. A logic system presentation is a tuple L = C, S, R , Rg where the pair C, S constitutes an interpretation system presentation and the triple C, R , Rg constitutes a deductive system. EXAMPLE 100. The logic systems for C1 and D will be denoted by LC1 and LD , respectively, and their fibring while sharing the propositional symbols, conjunction, disjunction and implication, as in 95, will be denoted by LC1 +D .
Soundness and completeness are also defined as expected. For simplicity, given L = C, S, R , Rg, we use dL and dL to denote dS and dD , respectively, where S = C, S and D = C, R , Rg , for d equal to g or . EXAMPLE 101. The logic system presentations LC1 and LD are sound and complete. Can we say the same about their fibring? The answer to this question can be checked at the very end of this section, after we establish the meaningful preservation results. In order to deal with local reasoning at the meta-level, in the sequel, we shall take advantage of the following two schema variable substitutions: • σ +1 such that σ +1 (ξi ) = ξi+1 for every i ≥ 1; • σ −1 such that σ −1 (ξ1 ) = ξ1 and σ −1 (ξi ) = ξi−1 for every i ≥ 2. Note that if γ is a schema formula then γσ +1 is a variant of γ where ξ1 does not occur. Furthermore, easily, γσ +1 σ −1 = γ.
164
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Preservation of soundness First we analyze what can be obtained proof-theoretically within CEQ. Given an interpretation system presentation S = C, S, we adopt the following abbreviations, where Γ ∪ {δ} ⊆ sL(C): • Γ gS δ for S • ∪ {( → v(γ) = ) : γ ∈ Γ} CEQ Σ(C,Ξ) v(δ) = ; • Γ S δ for S • ∪ {( → v(ξ1 ) ≤ v(γσ +1 )) : γ ∈ Γ} CEQ Σ(C,Ξ) v(ξ1 ) ≤ v(δσ +1 ). PROPOSITION 102. Given an interpretation system presentation S = C, S and Γ ∪ {δ} ⊆ sL(C), we have: • Γ g Sδ iff Γ gS δ; • Γ S δ iff Γ S δ. This is an immediate consequence of the completeness of CEQ. In the local case it is essential to note that, since schema variables cannot occur in S • , we can freely change the denotation of schema variables given by an interpretation structure B ∈ Str(S) (namely according to σ +1 or σ −1 ) and still obtain an algebra in Str(S). The fact that ξ1 cannot occur in schema formulas instantiated by σ +1 does the rest. Soundness preservation follows easily from this result. THEOREM 103. Soundness is preserved by fibring. Preservation of completeness To achieve completeness preservation results, we again take advantage of the completeness of the meta-logic CEQ, as proved for instance in [Goguen and Meseguer, 1985; Meseguer, 1998], by encoding the relevant part of the deductive system of CEQ in the deductive system of the object logic. For the envisaged encoding we need to assume that the logic system at hand is sufficiently expressive. DEFINITION 104. A logic system presentation L = C, S, R , Rg is said to be rich if: 1. there exist derivable constants t, f and binary connectives ∧, ∨, ⇒ in C; 2. S • CEQ Σ(C,Ξ) v(t) = ; 3. S • CEQ Σ(C,Ξ) v(f ) = ⊥; 4. S • CEQ Σ(C,Ξ) v(y1 ∧ y2 ) = v(y1 ) v(y2 );
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
165
5. S • CEQ Σ(C,Ξ) v(y1 ∨ y2 ) = v(y1 ) v(y2 ); 6. S • CEQ Σ(C,Ξ) v(y1 ⇒ y2 ) = v(y1 ) v(y2 ); 7. {ξ1 , ξ1 ⇒ ξ2 }, ξ2 ∈ R . EXAMPLE 105. Both logic systems LC1 and LD , as well as many other common logics, are rich. In D, f can be defined as (¬ t). Within a rich logic system it is possible to translate from the meta-logic level to the object logic level. A ground term of sort τ over Σ(C, Ξ) is mapped to a schema formula in sL(C) according to the following rules: v(γ)∗ is γ; ∗ is t; ⊥∗ is f ; (−t)∗ is (t∗ ⇒ f ); (t1 t2 )∗ is (t∗1 ∧ t∗2 ); (t1 t2 )∗ is (t∗1 ∨ t∗2 ); (t1 t2 )∗ is (t∗1 ⇒ t∗2 ). Moreover, a ground τ -equation eq of the form (t1 = t2 ) is translated to t∗1 ≡ t∗2 . Finally, if E is a set of ground τ -equations, then E ∗ denotes the set {eq∗ : eq ∈ E}. LEMMA 106. Let L be a rich logic system presentation and t a ground τ -term over Σ(C, Ξ). Then: ∗ S • CEQ Σ(C,Ξ) v(t ) = t.
In a rich logic system it is also easy to show that if t1 and t2 are ground τ -terms and B is an interpretation structure, then [[t1 ]]B ≤B [[t2 ]]B if and only if vB ([[t∗1 ⇒t∗2 ]]B ) = B , and [[t1 ]]B = [[t2 ]]B if and only if vB ([[t∗1 ⇔t∗2 ]]B ) = B . Under certain conditions, described below, one can encode the relevant part of the meta-reasoning into the object calculus. DEFINITION 107. A rich logic system presentation L is said to be equationally appropriate if for every conditional equation (eq1 & . . . & eqn → eq) in S • and every ground substitution θ: {(eq1 θ)∗ , . . . , (eqn θ)∗ } gL (eq θ)∗ .
166
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Now, the following result follows: PROPOSITION 108. Let L be a rich logic system presentation. Then, L is complete if and only if it is equationally appropriate. The proof of this fact can be found in [Caleiro et al., 2003a]. The equivalence between completeness and equational appropriateness for rich systems will be used below for showing that completeness is preserved by fibring rich systems, but this equivalence may also be useful for establishing the completeness of logics endowed with a semantics presented by conditional equations. Indeed, it is a much easier task to verify equational appropriateness than to establish completeness directly. Finally, we consider the problem of preservation of completeness by fibring, taking advantage of the technical machinery presented before on the encoding of the meta-logic in the object calculus. The result capitalizes on the following two lemmas. LEMMA 109. Richness is preserved by fibring provided that conjunction, disjunction, implication, verum and falsum are shared. LEMMA 110. Equational appropriateness is preserved by fibring provided that conjunction, disjunction, implication, verum and falsum are shared. THEOREM 111. Given two rich, sound and complete logic system presentations, their fibring while sharing conjunction, disjunction, implication, verum and falsum is also sound and complete. EXAMPLE 112. By fibring while sharing conjunction, disjunction, implication, verum, and consequently falsum, the logic system presentations LC1 and LD we obtain a new modal paraconsistent logic system presentation LC1 +D that is sound and complete. Observe that if we add to LC1 +D : • ( → v(y1◦ ) ≤ v(( y1 )◦ )) as a valuation axiom; and • (ξ1◦ ⇒ ( ξ1 )◦ ) as a local axiom schema; we still obtain a sound and complete logic system presentation that is equivalent to the system C1D of [da Costa and Carnielli, 1988] both at the proof theoretic and the semantic levels. This example illustrates the range of applicability of our soundness and completeness preservation results, shown to hold even in the wider context of non-truth functional logics.
5
FIBRING FIRST-ORDER BASED LOGICS
Extending the definition of fibring to first-order based logics raises new technical problems at both the semantic and the deductive levels. In this
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
167
section, based on [Sernadas et al., 2002a], we avoid the categorial machinery to simplify the exposition, which even so is a bit complex. We remark however that categorial intuitions have always been behind all the constructions, and that all the definitions and results can be recast perhaps with a little effort in full-fledged categorial terms. At the semantic level, the problem is to find a suitable notion of semantic structure encompassing a wide class of logics having as special cases logics as distinct as modal propositional logic and classical quantifier logic. To this end, quantifiers are dealt with as special modalities for which assignments play the role of worlds. As will be seen later on, they are distinguished by the concepts of vertically and horizontally persistent first-order based deductive systems. From the point of view of fibring, it is very natural to look at quantifiers as modalities. At the deductive level, the new problem faced by fibring, with respect to propositional fibring described in Section 2, is the need to deal with side constraints in inference rules.
5.1 Deductive systems We start by describing the language of first-order based logics. That is, what we accept as being a first-order based signature and how the language is generated by a signature. We assume given once and for all three denumerable sets: X (the set of (quantification) variables), Θ (the set of term schema variables) and Ξ (the set of formula schema variables). We also assume as fixed the equality symbol = and the inequality symbol =. The schema variables (or metavariables) will be used for writing for example schematic inference rules, following the approach in the previous chapters. DEFINITION 113. A first-order based signature Σ is a tuple I, F, P, C, Q, Pk }k∈N , O where I is a set (of individual symbols), and F = {F Fk }k∈N , P = {P C = {Ck }k∈N , Q = {Qk }k∈N+ and O = {Ok }k∈N+ are families of sets (of function symbols, predicate symbols, connectives, quantifiers and modalities, respectively). In order to avoid ambiguities, it is assumed that the sets P0 , C0 and Ξ are pairwise disjoint, as well as the sets I, F0 , X and Θ. For the same reason, it is assumed that, for each k in N+ , the sets Ck and Ok are disjoint. Let S denote the set {τ, φ}, where τ and φ are the (meta) sorts of terms and formulas, respectively. Given a first-order based signature Σ, define the family G = {Gs s }s∈S ∗ ,s∈S of sets of generators based on the signature and on the meta-variables. Consider the S-sorted free algebra induced by G. Then we denote by sT(Σ, X, Θ) the carrier of sort τ and refer to its elements as Σ-terms (or, simply, terms), and by sL(Σ, X, Θ, Ξ) the carrier of sort φ and refer to its elements as Σ-formulas (or, simply, formulas).
168
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Furthermore, we denote by T (Σ, X) and L(Σ, X), respectively, the sets of terms and formulas written without schema variables. A substitution ρ over the fob signature Σ maps each term schema variable θ to a term θρ in T (Σ, X) and each formula schema variable ξ to a formula ξρ in L(Σ, X). A schema substitution σ over the first-order based signature Σ maps each term schema variable θ to a schema term θσ in sT(Σ, X, Θ) and each formula schema variable ξ to a schema formula ξσ in sL(Σ, X, Θ, Ξ). Similarly to the previous sections we present the deductive component as a Hilbert-style system. However, the problem is now much more complex because rules in first-order based logics frequently have side constraints like “provided that a term is free for a variable in a formula”. Such constraints correspond to the following abstractions (adapted from [Sernadas et al., 2000]): DEFINITION 114. A proviso over a first-order based signature Σ is a map from the set of substitutions to {0, 1}. A proviso π is a family {πΣ }Σ∈fobSig , where fobSig is the class of all first-order based signatures and each πΣ is a proviso over the first-order based signature Σ, such that πΣ (ρ) = πΣ (ρ) for every substitution ρ over Σ whenever Σ ⊇ Σ. Intuitively, we have πΣ (ρ) = 1 iff the substitution ρ over Σ is allowed. The unit proviso 1 maps at each signature Σ every substitution over Σ to 1. And the zero proviso 0 maps at each signature Σ every substitution over Σ to 0. Given a proviso π we say that πΣ is the Σ-instance of π. When no confusion arises we write π(ρ) for πΣ (ρ). DEFINITION 115. A rule over the first-order based signature Σ is a triple Ψ, η, π where Ψ is a finite set of formulas (the set of premises), η is a formula (the conclusion) and π ∈ Prov (the constraint). One can reasonably find strange that, in the previous definition, the last component of a rule over the signature Σ is not a proviso over Σ, but a whole family π. This fact has technical reasons; namely, we want to be able to consider a rule over Σ also as a rule over Σ , where Σ is a richer signature. In this case, we need to know how the proviso works on substitutions over Σ . It is worth observing that we loose no generality by endowing a rule with just one proviso. DEFINITION 116. A first-order based deductive system D is a tuple Σ, R , RQg , ROg , Rg where Σ is a first-order based signature, R is a set of rules over Σ (the local rules), RQg ⊇ R is a set of rules over Σ (the quantifier global rules), ROg ⊇ R is a set of rules over Σ (the modal global rules) and Rg ⊇ RQg ∪ ROg is a set of rules over Σ (the global rules). The distinction between global and local rules (as already discussed in Section 2) is understood in terms of two semantic entailments introduced in Definition 126. The distinction between quantifier and modal global rules will be used only at the proof-theoretic level. We delay its justification
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
169
until we address later on in this subsection the problem of defining precisely what we mean by a vertically and a horizontally persistent logic. But to this end we need first to introduce the notion of Q-proof and O-proof. In the following, when there is no ambiguity, we will assume that the components of a first-order based deductive system D are Σ, R , RQg , ROg and Rg . Logics are often endowed with uniform deductive calculi in the sense that their rules do not depend on the signature at hand. More precisely: DEFINITION 117. A first-order based deductive system Σ, R , RQg , ROg , Rg is said to be uniform if for every first-order based signature Σ and proof rule Ψ, η, π, πΣ (ρ) = πΣ (ρ ), where, for each θ ∈ Θ and ξ ∈ Ξ, ρ (θ) and ρ (ξ) are respectively obtained from ρ(θ) and ρ(ξ) by replacing some occurrences of i by x, provided that x is fresh in Ψρ ∪ {ηρ}. The uniform condition above is expected in a signature-independent framework since individual symbols belong to the signature. However, it may happen that a logic has some individual symbols that are present in all signatures. Even in this case, the uniform condition imposes that provisos should be blind to them. Before defining precisely the four notions of inference within the context of a first-order based deductive system, we need to say what we mean by applying a schema substitution to an instance of a proviso. Given a proviso π and a schema substitution σ over a first-order based signature Σ, we denote by πΣ σ the map such that (πΣ σ)(ρ) = πΣ (σρ). Obviously, 1Σ σ = 1Σ and 0Σ σ = 0Σ . Furthermore, for every substitution ρ over a first-order based signature Σ we have that either πΣ ρ = 1Σ or πΣ ρ = 0Σ , depending on whether πΣ (ρ) = 1 or πΣ (ρ) = 0, respectively. DEFINITION 118. Within the context of a first-order based deductive system D: (i) A global deduction of ϕ from Γ constrained by a proviso π over Σ, written Γ gD ϕ : π, is a sequence ϕ1 , π1 , . . . , ϕn , πn of pairs such that: π = 0Σ , ϕ is ϕn and π is πn , and for each i = 1, . . . , n either ϕi ∈ Γ and πi = 1Σ or there is a rule Ψ, η, π ∈ Rg and a schema substitution σ over Σ such that σ. ϕi is ησ, Ψσ = {ϕj1 , . . . , ϕjk } ⊆ {ϕ1 , . . . , ϕi−1 } and πi = πj1 ∗· · ·∗πjk ∗πΣ (ii) A quantifier global deduction of ϕ from Γ constrained by a proviso π over Σ, written Γ Qg D ϕ : π, is a sequence ϕ1 , π1 , . . . , ϕn , πn of pairs such that: π = 0Σ , ϕ is ϕn and π is πn , and for each i = 1, . . . , n either ϕi ∈ Γ and πi = 1Σ or ϕi is globally derived from the empty set constrained by π and πi = π or there is a rule Ψ, η, π ∈ RQg and a schema substitution σ such that ϕi is ησ, Ψσ = {ϕj1 , . . . , ϕjk } ⊆ {ϕ1 , . . . , ϕi−1 } and πi = πj1 ∗ · · · ∗ πjk ∗ πΣ σ. Analogously we define modal global deduction and local deduction. We now proceed to identify interesting classes of first-order based deductive systems. When proving the completeness theorem as shown in [Sernadas et al., 2002a] we need to assume that we are working with systems in
170
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
these classes. This assumption is not too restrictive since first-order based logics tend to be endowed with such systems. We start by defining vertically and horizontally persistent first-order based deductive systems. These notions show the need for the distinction between quantifier and modal global rules. First we introduce some useful provisos over Σ. Given a set Ψ of schema formulas over Σ, cfoΣ (Ψ) = λρ. ∧ψ∈Ψ cfoΣ (ξ)[ξ/ψ](ρ) and rigΣ (Ψ) = λρ. ∧ψ∈Ψ rigΣ (ξ)[ξ/ψ](ρ), where [ξ/ψ] denotes the schema substitution Σ that replaces ξ by ψ. DEFINITION 119. A first-order based deductive system D is vertically perg g sistent, VP, if Γ , Ψ Qg D ϕ : π∗cfoΣ (Ψ) whenever Γ , Ψ D ϕ : π∗cfoΣ (Ψ), g Og and horizontally persistent, HP, if Γ , Ψ D ϕ : π ∗ rigΣ (Ψ) whenever g Γ , Ψ D ϕ : π ∗ rigΣ (Ψ). We say that D is persistent if it is both vertically and horizontally persistent. Intuitively, in a persistent deductive system, whatever we can Qg-prove from a set of closed first-order formulas, we can also locally prove from the same set; and whatever we can Og-prove from a set of rigid formulas we can locally prove from the same set. That is, quantifier proof rules do not bring anything new from a set of closed first-order formulas and modal proof rules do not bring anything new from a set of rigid formulas. DEFINITION 120. A first-order based deductive system D is said to be congruent if (i) for every Qg-deductively closed set Γ and Og-deductively closed set Γ holds Γ , Γ , c(ϕ1 , . . . , ϕk ) D c(ϕ1 , . . . , ϕk ) : π whenever Γ , Γ , ϕi D ϕi : π and Γ , Γ , ϕi D ϕi : π for i = 1, . . . , k; (ii) for every Qg-deductively closed set Γ holds Γ, qx (ϕ1 , . . . , ϕk ) D qx (ϕ1 , . . . , ϕk ) : π if Γ, ϕi D ϕi : π and Γ, ϕi D ϕi : π for i = 1, . . . , k; and (iii) for every Og-deductively closed set Γ holds Γ, o(ϕ1 , . . . , ϕk ) D o (ϕ1 , . . . , ϕk ) : π whenever Γ, ϕi D ϕi : π and Γ, ϕi D ϕi : π for i = 1, . . . , k. It is easy to understand why the set is required to be Qg-deductively closed or Og-deductively closed. Observe that, in first-order logic, for Γ = {ϕ, ψ} we have Γ, ϕ ψ and Γ, ψ ϕ, but in general we do not have Γ, ∀x ϕ ∀x ψ. And, in modal logic, for Γ = {ϕ, ψ} we have Γ, ϕ ψ and Γ, ψ ϕ, but in general we do not have Γ, ϕ ψ. DEFINITION 121. A first-order based deductive system D is said to be for equality if for every set Γ of formulas, formula ϕ and terms t, t1 , t1 , . . . , tk , tk : 1. D t = t; 2. t1 = t2 D t2 = t1 ; 3. t1 = t2 , t2 = t3 D t1 = t3 ; 4.(i) Γ D f (t1 , . . . , tk ) = f (t1 , . . . , tk ) : π whenever Γ D ti = ti : π for i = 1, . . . , k; 4.(ii) Γ, p(t1 , . . . , tk ) D p(t1 , . . . , tk ) : π whenever Γ D ti = ti : π for i = 1, . . . , k; 5. Γ D ϕ : π whenever Γ, t = i D ϕ : π, where i does not occur in the rules of D and π(ρ) = 0 whenever i occurs in Γρ or in ϕρ. Clauses 1-4 impose that equality is a congruence relation. Clause 5 expresses a well known derived rule in ordinary first-order logic with equality
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
171
that is reasonable to assume of any first-order based logic for equality. DEFINITION 122. A first-order based deductive system D for equality is said to be for inequality if for every formula ϕ, terms t1 and t2 , and set Γ of formulas, 1. Γ D ϕ : π whenever Γ D t1 = t2 : π and Γ D t1 = t2 : π; and 2. Γ D ϕ : π whenever Γ, t1 = t2 D ϕ : π and Γ, t1 = t2 D ϕ : π. Clauses 1 and 2 relate inequality with equality as expected when nothing is assumed about the available connectives.
5.2
Interpretation systems
In this case, instead of working with abstract algebras of truth values we only work with algebras of sets. This seems to be the right abstraction for dealing with the quantifiers and modalities. We also look at quantifiers as modal operators where assignments play the role of worlds. Thus the semantics of quantification is established by looking at different points sharing the same world (by varying the assignment). Vice-versa, the semantics of modalities is obtained by looking at different points sharing the same assignment (by varying the world). The value of a variable should depend only on the choice of the assignment. Thus we must have a fixed universe of individuals across the different worlds. But, we may still vary the scope of quantification from one world to another, since we do not assume that the set of assignments at a given world is composed of all functions from variables to individuals. Connectives can be expected to be independent of both assignments and worlds. However, we choose to be more general here for technical reasons related to the proof of the completeness theorem (all the details in [Sernadas et al., 2002a]). Finally, function and predicate symbols are by default flexible (they may depend on the world at end). Of course, as usual they are constant (they do not depend on the assignment at hand). It is also convenient to have individual symbols that are both constant (independent of the assignment) and rigid (independent of the world). DEFINITION 123. A first-order based structure over Σ is a tuple U, ∆, W, α, ω, D, E, B, [ · ] with the following components: • U is a nonempty set (of points); • ∆ is a nonempty set (of assignments) and W is a nonempty set (of worlds); • α : U → ∆ and ω : U → W ; • D is a nonempty set (of individuals); • E ⊆ DU is a set (of individual concepts) and B ⊆ ℘(U ) is a set (of truth values), such that U ∈ B;
172
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
• the interpretation map [ · ] is a function defined by means of the following clauses 1) to 9), where Uδ = {u ∈ U : α(u) = δ},
Bδ = {b ∩ Uδ : b ∈ B},
Uw = {u ∈ U : ω(u) = w}, Bw = {b ∩ Uw : b ∈ B}, Uwδ = Uw ∩ Uδ ,
Bwδ = {b ∩ Uwδ : b ∈ B},
1) [x] = {[x]δ }δ∈∆ where [x]δ ∈ D for x ∈ X; 2) [i] = {[i]δ }δ∈∆ where [i]δ ∈ D for i ∈ I, and [i]α(u) = [i]α(u ) whenever u, u ∈ Uw for some w ∈ W ; 3) [f ] = {[f ]w }w∈W where [f ]w : Dk → D for f ∈ Fk ; 4) [=] : D2 → 2 is the diagonal relation; 5) [=] : D2 → 2 is the complement of the diagonal relation; 6) [p [ ] = {[p [ ]w }w∈W where [[p]w : Dk → 2 for p ∈ Pk ; 7) [c] = {[c]wδ }w∈W, δ∈∆ where [c]wδ : (Bwδ )k → Bwδ for c ∈ Ck ; 8) [qx] = {[qx]w }w∈W where [qx]w : (Bw )k → Bw for q ∈ Qk and x ∈ X; 9) [o] = {[o]δ }δ∈∆ where [o]δ : (Bδ )k → Bδ for o ∈ Ok . Finally, the sets E and B considered above are assumed to be such that the following derived functions are well defined: i) x : → E by x (u) = [x]α(u) ;
i : → E by i(u) = [i]α(u) ;
ii) f : E k → E by f(e1 , . . . , ek )(u) = [f ]ω(u) (e1 (u), . . . , ek (u)); iii) = : E 2 → B by =( e1 , e2 )(u) = [=](e1 (u), e2 (u)); : E 2 → B by =( e1 , e2 )(u) = [=]( e1 (u), e2 (u)); iv) = v) p : E k → B by p(e1 , . . . , ek )(u) = [[p]ω(u) (e1 (u), . . . , ek (u)); vi) c : B k → B by c(b1 , . . . , bk )(u) = [c]ω(u)α(u) (b1 ∩ Uω(u)α(u) , . . . , bk ∩ Uω(u)α(u) )(u); vii) q x : B k → B by q x(b1 , . . . , bk )(u) = [qx]ω(u) (b1 ∩ Uω(u) , . . . , bk ∩ Uω(u) )(u); viii) o : B k → B by o(b1 , . . . , bk )(u) = [o]α(u) (b1 ∩ Uα(u) , . . . , bk ∩ Uα(u) )(u).
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
173
Terms are interpreted in E: the denotation of a term may vary with the assignment and the world at hand. Formulas are interpreted in B: the denotation of a formula may also vary with the point at hand. The standard choices for the sets E and B are DU and ℘U , respectively. The interpretation [x] depends only on the assignment at hand. The interpretation [i] also depends only on the assignment, but, furthermore, it must be constant within a given world. Naturally, [f ] and [[p] depend only on the world at hand. Equality and inequality are given their standard interpretations. On the other hand, one might expect [c] to be invariant since that is the case in the most usual first-order based logic (modal first-order logic). However, we make it dependent on the pair world-assignment for technical reasons. Concerning the interpretation of quantifiers, we made [qx] dependent only on the world at hand having in mind the possibility of different ranges of quantification on different worlds. Finally, the interpretation [o] of a modality o depends only on the assignment at hand. It is worthwhile to extend these comments to the algebraic operations ˆ· induced by the interpretation of the symbols. The definition of the functions f and p imply that the truth of formulas depends on the world at hand already at the atomic level (and not only as a consequence of the semantics for the modal operators). Given a first-order based structure, it is straightforward to define two global and local satisfaction relations. DEFINITION 124. Given a first-order based structure s = U, ∆, W, α, ω, D, E, B, [ · ] over a signature Σ: 1. [[·]]sτ : T (Σ, X) → E is inductively defined by [[t]]sτ = t, for t ∈ X ∪ I and [[f (t1 , . . . , tk )]]sτ = f([[t1 ]]sτ , . . . , [[tk ]]sτ ), for f ∈ Fk , k ≥ 0, 2. [[·]]sφ : L(Σ, X) → B is inductively defined in the same way c’s, q x’s and o’s as well as taking into account [[·]]sτ , as [[·]]sτ , using the p’s, g s 3. s γ iff [[γ]]φ = U , and 4. for every u ∈ U , su γ iff u ∈ [[γ]]sφ . We might look directly at Σ-structures as models of the first-order based language over Σ. But we prefer to allow the possibility of working with other kinds of models, as long as a mechanism for extracting a structure from a model is available. The methodological advantage is obvious: we may then use the original models of an already known logic and just show how to get a structure from each of those models. DEFINITION 125. A first-order based interpretation system is a triple Σ, M, A where M is a class (of models) and A maps each m in M to a structure over Σ. Within the context of an interpretation system, we freely replace A(m) by A(m) m, writing for instance [[·]]m and mu d γ for A(m)u d γ, τ instead of [[·]]τ for d equal to g or . DEFINITION 126. Given an interpretation system I, we define Γ gI ϕ if for every m ∈ M if m g γ for every γ ∈ Γ then m g ϕ, and we define
174
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
Γ I ϕ if for every m ∈ M and u ∈ U at A(m) if mu γ for every γ ∈ Γ then mu ϕ.
5.3 Preservation results Herein we sketch how to achieve the preservation of soundness and strong global completeness by fibring. The complete exposition can be consulted in [Sernadas et al., 2002a]. A first-order based logic system is a tuple Σ, M, A, R , RQg , ROg , Rg where Σ, R , RQg , ROg , Rg is a first-order based deductive system and Σ, M, A is a first-order based interpretation system. The notions of global completeness and soundness are defined as before but only for non-schematic formulas. In this way, we avoid to deal with provisos at the semantic level. We now define when a structure is appropriate for a first-order based deductive system over the same signature. Based on this notion, we establish when a deductive system is sound for an interpretation system. DEFINITION 127. Let s be a first-order based structure over Σ and D be a first-order based deductive system such that, for every substitution ρ and for every Ψ, η, π ∈ Rg , s gΣ ηρ whenever s gΣ ψρ for every ψ ∈ Ψ and π(ρ) = 1, and for every Ψ, η, π ∈ R and u ∈ U , su Σ ηρ whenever su Σ ψρ for every ψ ∈ Ψ and π(ρ) = 1. Then, s is said to be appropriate for, or simply for, the deductive system D. A structure s is said to be appropriate for, or simply for, the logic system L when it is appropriate for the deductive system of L. If A(m) is appropriate for the first-order based deductive system D for every model m in the first-order based interpretation system I then the deductive system D is said to be sound for I. Before defining the fibring of two logic systems, we adapt the concept of reduct of a structure under an inclusion of signatures introduced in the previous sections to the first-order based case. DEFINITION 128. Given first-order based signatures Σ ⊆ Σ and a firstorder based structure s over Σ , the reduct of s to Σ is the first-order based structure s |Σ over Σ equal to U , ∆ , W , α , ω , D , E , B , [·] |Σ . We are now in condition to define the fibring of first-order based logic systems. DEFINITION 129. The fibring of first-order based logic systems L and L denoted by L + L is the logic system Σ, M, A, R , RQg , ROg , Rg where Σ is Σ ∪ Σ , M is the class of all first-order based structures s over Σ such that s|Σ ∈ A (M ) and s|Σ ∈ A (M ), s is appropriate for Σ, R , RQg , ROg , Rg , A(s) = s ∪ RQg , ROg is ROg ∪ ROg , for each s in M , and R is R ∪ R , RQg is RQg and Rg is Rg ∪ Rg .
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
175
The logic system for first-order modal logic K described in [Sernadas et al., 2002a] is an example of a logic system that can be obtained via fibring. It is the result of fibring pure first-order logic and modal logic enriched with variables, individual symbols, equality and inequality. Preservation of soundness Note that first-order based fibring should be defined in the context of logic systems, due to the fact that each structure in the logic system resulting from the fibring should be appropriate for the deductive system. This is a necessary requirement for the preservation of appropriateness and so to the preservation of soundness, as showed in [Sernadas et al., 2002a]. It may happen, in fact, that s|Σ is appropriate for a rule r in D, but s is not appropriate for r in the rules of D or of D : in the richer language there can be new instances of r . An example is the first-order logic axiom ξ ⇒ ∀xξ (x is not free in ξ), which can be falsified if the language contains modalities. Preservation of completeness Strong global completeness is preserved by fibring under some natural assumptions that are fulfilled in a wide class of logics encompassing the most common first-order based logics. The idea is to show that the logic system resulting from the fibring of two other logic systems L1 and L2 is full, congruent, persistent, uniform, and for equality and inequality, whenever L1 and L2 satisfy those properties. Fibring two full logic systems is still a full logic system, and the fibring of two uniform logic systems is still a uniform logic system. But in general, however, the same does not happen with congruence, as shown in Section 2. Recall that the fibring of logic systems with implication is a logic system with implication, provided that implication is shared, and the fibring of logic systems with equivalence is a logic system with equivalence, provided that both implication and equivalence are shared. Moreover it is proved that a logic system with equivalence is congruent. The preservation of persistence is obtained by the same process as well as the properties of a logic system be with equality and inequality.
6
LOOKING TOWARDS THE FUTURE
In this guided tour, we presented the topic of combining logics and the issues raised by fibring in a simple yet stimulating context. We gave emphasis to the underlying categorial structures, and established several basic properties of this very rich combination mechanism, stressing the importance of soundness and completeness preservation results.
176
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
As already mentioned, fibring can and has been defined and investigated in much more complex situations. Fibring was investigated in the context of labelled natural deduction type deductive systems for propositional based logics [Rasga et al., 2002] and for first-order based logics [Rasga, 2003], in higher-order based logics [Coniglio et al., 2003], and in connection with the theory of institutions with applications to software engineering, cf. [Caleiro et al., 2001; Caleiro et al., 2003b]. In all such areas one can find challenging problems where new and perhaps unexpected techniques can be applied. Current research is directed at widening the universe where fibring can be defined and at establishing other preservation results, like sufficient conditions for the preservation of interpolation properties [Carnielli and Sernadas, 2004], and a new way of solving the collapsing problem in the global context using a variant called cryptofibring [Caleiro and Ramos, 2004]. In [Caleiro, 2000] the issue of combining logics was also addressed at a more abstract level as an operation on structural consequence systems with structured syntax, from which the relative hardness of the problem of completeness preservation by fibring, when compared to soundness preservation, could be justified. In this setting, cryptofibring identifies collapsing situations as particular cases of non-conservativeness, adding to the abstract characterization put forward in [Sernadas et al., 2002b] in the context of modulated fibring, thus endorsing the initial desideratum of characterizing the fibring of two logics as the smallest logic over the combined language that conservatively extends both of them (cf. [Gabbay, 1999]). New topics still to be addressed would include fibring of logics endowed with proof-theoretical components of different nature, as for example fibring logics presented through tableau system and sequent calculus. This would require facing the problem of defining convenient meta-theoretical environments able to encompass all of them. It is also envisaged, in the proof-theoretical front, to study the preservation of cut elimination properties by fibring logics endowed with sequent calculi. On the other hand, from the model-theoretical viewpoint, the preservation of other meta-theoretical properties like weak completeness, decidability, or the finite model property are also worth being investigated. The reverse operation of fibring, in the direction of splitting a logic in terms of less complex components, can also be incorporated in the research domain of combining logics (cf. [Carnielli and Coniglio, 1999]). Fibring can also be useful in areas like security and authentication logics [Caleiro et al., in print], or spatial logics; for example, capitalizing on its preservation results, fibring promises a new look at probabilistic logics [Mateus et al., 2001] and also at quantum logics as in [Mateus and Sernadas, 2004; Mateus and Sernadas, in print].
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
177
ACKNOWLEDGEMENTS We are deeply grateful to Am´lcar ´ Sernadas for his essential contributions in many topics that we cover here. We also acknowledge the work of Alberto Zanardo and Marcelo Coniglio that led to joint papers on this subject, namely [Sernadas et al., 2002a; Caleiro et al., 2003a]. This work was partially supported by Funda¸c¸ao ˜ para a Ciˆ ˆncia e a Tecnologia and EU FEDER, via the Project FibLog POCTI/MAT/37239/2001 at CLC (Center for Logic and Computation). Walter Carnielli acknowledges financial support from Conselho Nacional de Desenvolvimento Cient´ ´ıfico e Tecnologico–CNPq ´ (Brazil) and from the Center for Logic and Computation (IST, Portugal) for a senior scientist research grant. C. Caleiro, J. Rasga, C. Sernadas Center for Logic and Computation and Department of Mathematics, IST, Lisbon, Portugal. W. Carnielli Centre for Logic, Epistemology and the History of Science and Department of Philosophy, IFCH, UNICAMP, Campinas, Brazil.
BIBLIOGRAPHY [Armando, 2002] A. Armando, editor. Frontiers of combining systems, volume 2309 of Lecture Notes in Computer Science, Berlin, 2002. Springer-Verlag. Lecture Notes in Artificial Intelligence. [Baader and Schulz, 1996] F. Baader and K. U. Schulz, editors. Frontiers of combining systems, volume 3 of Applied Logic Series. Kluwer Academic Publishers, Dordrecht, 1996. Papers from the First International Workshop (FroCoS’96) held in Munich, March 26-29, 1996. [Beckert and Gabbay, 1998] B. Beckert and D. Gabbay. Fibring semantic tableaux. In Automated reasoning with analytic tableaux and related methods, volume 1397 of Lecture Notes in Computer Science, pages 77–92. Springer Verlag, 1998. [Birkhoff, 1967] G. Birkhoff. Lattice Theory. AMS Colloquium Publications, 1967. [Blackburn and de Rijke, 1997] P. Blackburn and M. de Rijke. Why combine logics? Studia Logica, 59(1):5–27, 1997. [Caleiro and Ramos, 2004] C. Caleiro and J. Ramos. Cryptofibring. In Carnielli et al. [2004], pages 87–92. [Caleiro et al., 1999] C. Caleiro, C. Sernadas, and A. Sernadas. Parameterisation of logics. In J. Fiadeiro, editor, Recent trends in algebraic development techniques Selected papers, volume 1589 of Lecture Notes in Computer Science, pages 48–62. Springer-Verlag, 1999. [Caleiro et al., 2001] C. Caleiro, P. Mateus, J. Ramos, and A. Sernadas. Combining logics: Parchments revisited. In M. Cerioli and G. Reggio, editors, Recent Trends in Algebraic Development Techniques - Selected Papers, volume 2267 of Lecture Notes in Computer Science, pages 48–70. Springer-Verlag, 2001. [Caleiro et al., 2003a] C. Caleiro, W. A. Carnielli, M. E. Coniglio, A. Sernadas, and C. Sernadas. Fibring non-truth-functional logics: Completeness preservation. Journal of Logic, Language and Information, 12(2):183–211, 2003.
178
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
[Caleiro et al., 2003b] C. Caleiro, P. Gouveia, and J. Ramos. Completeness results for fibred parchments: Beyond the propositional base. In M. Wirsing, D. Pattinson, and R. Hennicker, editors, Recent Trends in Algebraic Development Techniques - Selected Papers, volume 2755 of Lecture Notes in Computer Science, pages 185–200. SpringerVerlag, 2003. [Caleiro et al., in print] C. Caleiro, L. Vigan` ` o, and D. Basin. Metareasoning about security protocols using distributed temporal logic. Electronic Notes in Theoretical Computer Science, in print. Presented at IJCAR’04 ARSPA Workshop. [Caleiro, 2000] C. Caleiro. Combining Logics. PhD thesis, IST, Universidade T´ ´ecnica de Lisboa, 2000. [Carnielli and Coniglio, 1999] W.A. Carnielli and M.E. Coniglio. A categorial approach to the combination of logics. Manuscrito, 22(2):69–94, 1999. [Carnielli and Marcos, 1999] W. A. Carnielli and J. Marcos. Limits for paraconsistency calculi. Notre Dame Journal of Formal Logic, 40(3):375–390, 1999. [Carnielli and Marcos, 2001] W. A. Carnielli and J. Marcos. Tableau systems for logics of formal inconsistency. In H. R. Arabnia, editor, Proceedings of the International Conference on Artificial Intelligence (IC-AI’2001), pages 848–852. CSREA Press, Athens, GA, USA, 2001. [Carnielli and Marcos, 2002] W. A. Carnielli and J. Marcos. A taxonomy of C-systems. In W. A. Carnielli, M. E. Coniglio, and I. M. L. D’ Ottaviano, editors, Proceedings of the 2nd World Congress on Paraconsistency 2000, pages 1–94. Marcel Dekker, 2002. [Carnielli and Sernadas, 2004] W. A. Carnielli and C. Sernadas. Preservation of interpolation features by fibring. Technical report, Center for Logic and Computation, DM, Instituto Superior T´ ´ecnico, 2004. [Carnielli et al., 2004] W. A. Carnielli, F. M. Dion´sio, ´ and P. Mateus, editors. Proceedings of CombLog’04 - Workshop on Combination of Logics: Theory and Applications. IST Press, Lisbon, 2004. [Carnielli, 1987] W. A. Carnielli. Systematization of finite many-valued logics through the method of tableaux. Journal of Symbolic Logic, 52(2):473–493, 1987. [Coniglio and Carnielli, 2002] M. E. Coniglio and W. A. Carnielli. Transfers between logics and their applications. Studia Logica, 72(3):367–400, 2002. [Coniglio et al., 2003] M. E. Coniglio, A. Sernadas, and C. Sernadas. Fibring logics with topos semantics. Journal of Logic and Computation, 13(4):595–624, 2003. [da Costa and Alves, 1977] N.C.A. da Costa and E. Alves. A semantical analysis of the calculi Cn . Notre Dame Journal of Formal Logic, 18(4):621–630, 1977. [da Costa and Carnielli, 1988] N.C.A. da Costa and W. Carnielli. Paraconsistent deontic logic. Philosophia - The Philosophical Quarterly of Israel, 16(3/4):293–305, 1988. [da Costa, 1963] N.C.A. da Costa. Sistemas Formais Inconsistentes. Cathedra Thesis, UFPR. Published by Editora UFPR in 1993, Brazil, 1963. [de Rijke and Blackburn, 1996] M. de Rijke and P. Blackburn, editors. Special issue on combining logics, volume 37(2) of Notre Dame Journal of Formal Logic. University of Notre Dame, 1996. [del Cerro and Herzig, 1996] L. Farinas ˜ del Cerro and A. Herzig. Combining classical and intuitionistic logic. In Baader and Schulz [1996], pages 93–102. [Finger and Gabbay, 1992] M. Finger and D. Gabbay. Adding a temporal dimension to a logic system. Journal of Logic, Language and Information, 1(3):203–233, 1992. [Finger and Gabbay, 1996] M. Finger and D. Gabbay. Combining temporal logic systems. Notre Dame Journal of Formal Logic, 37(2):204–232, 1996. [Finger and Weiss, 2002] M. Finger and M. A. Weiss. The unrestricted combination of temporal logic systems. Logic Journal of the IGPL, 10(2):165–189, 2002. [Gabbay and de Rijke, 2000] D. Gabbay and M. de Rijke, editors. Frontiers of combining systems. 2, volume 7 of Studies in Logic and Computation. Research Studies Press Ltd., Baldock, 2000. Papers from the 2nd International Workshop (FroCoS’98) held at the University of Amsterdam, Amsterdam, October 2-4, 1998. [Gabbay and Pirri, 1997] D. Gabbay and F. Pirri, editors. Special issue on combining logics, volume 59(1,2) of Studia Logica. Kluwer Academic Publishers, 1997. [Gabbay and Shehtman, 1998] D. Gabbay and V. Shehtman. Products of modal logics. I. Logic Journal of the IGPL, 6(1):73–146, 1998.
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
179
[Gabbay and Shehtman, 2000] D. Gabbay and V. Shehtman. Products of modal logics. II. Relativised quantifiers in classical logic. Logic Journal of the IGPL, 8(2):165–210, 2000. [Gabbay and Shehtman, 2002] D. Gabbay and V. Shehtman. Products of modal logics. III. Products of modal and temporal logics. Studia Logica, 72(2):157–183, 2002. [Gabbay et al., 2003] D. Gabbay, A. Kurucz, F. Wolter, and M. Zakharyaschev. Manydimensional modal logics: Theory and applications. Studies in Logic and the Foundations of Mathematics, 148. Elsevier, 2003. [Gabbay, 1996a] D. Gabbay. Fibred semantics and the weaving of logics: part 1. Journal of Symbolic Logic, 61(4):1057–1120, 1996. [Gabbay, 1996b] D. Gabbay. An overview of fibred semantics and the combination of logics. In Baader and Schulz [1996], pages 1–55. [Gabbay, 1999] D. Gabbay. Fibring logics. Oxford University Press, 1999. [Goguen and Meseguer, 1985] J. Goguen and J. Meseguer. Completeness of many-sorted equational logic. Houston Journal of Mathematics, 11(3):307–334, 1985. [Gottwald, 2001] S. Gottwald. A treatise on many-valued logics. Research Studies Press, 2001. [Governatori et al., 2002] G. Governatori, V. Padmanabhan, and A. Sattar. On fibring semantics for BDI logics. In S. Flesca and G. Ianni, editors, Logics in computer science - JELIA, volume 2424 of Lecture Notes in Artificial Intelligence, pages 198– 210. Springer Verlag, 2002. [Hahnle, ¨ 2001] Reiner Hahnle. ¨ Advanced many-valued logics. In Handbook of philosophical logic, Vol. 2, pages 297–395. Kluwer Academic Publishers, Dordrecht, 2001. [Hughes and Cresswell, 1996] G. Hughes and M. Cresswell. A New Introduction to Modal Logic. Routledge, London, 1996. [Kirchner and Ringeissen, 2000] H. Kirchner and C. Ringeissen, editors. Frontiers of combining systems, volume 1794 of Lecture Notes in Computer Science, Berlin, 2000. Springer-Verlag. Lecture Notes in Artificial Intelligence. [Kracht and Wolter, 1991] M. Kracht and F. Wolter. Properties of independently axiomatizable bimodal logics. Journal of Symbolic Logic, 56(4):1469–1485, 1991. [Kracht and Wolter, 1997] M. Kracht and F. Wolter. Simulation and transfer results in modal logic – a survey. Studia Logica, 59(2):149–177, 1997. [Kracht, 1999] M. Kracht. Tools and techniques in modal logic, volume 142 of Studies in Logic and the Foundations of Mathematics. North-Holland Publishing Co., Amsterdam, 1999. [Lewin et al., 1991] R. Lewin, I. Mikenberg, and M. Schwarze. C1 is not algebraizable. Notre Dame Journal of Formal Logic, 32(4):609–611, 1991. [Lopari´ ´ c and Alves, 1980] A. Loparic ´ and E. Alves. The semantics of the systems Cn of da Costa. In A. Arruda, N.C.A. da Costa, and A. Sette, editors, Proceedings of the 3rd Brazilian Conference on Mathematical Logic, pages 161–172. Sociedade Brasileira de L´ ´ ogica, 1980. [Mac Lane, 1998] S. Mac Lane. Categories for the Working Mathematician. SpringerVerlag, 1998. [Marx, 1999] M. Marx. Complexity of products of modal logics. Journal of Logic and Computation, 9(2):197–214, 1999. [Mateus and Sernadas, 2004] P. Mateus and A. Sernadas. Exogenous quantum logic. In Carnielli et al. [2004], pages 141–150. [Mateus and Sernadas, in print] P. Mateus and A. Sernadas. Reasoning about quantum systems. In J. Alferes and J. Leite, editors, Logics in Artificial Intelligence, Ninth European Conference, JELIA’04, Lecture Notes in Artificial Intelligence. SpringerVerlag, in print. [Mateus et al., 2001] P. Mateus, A. Pacheco, J. Pinto, A. Sernadas, and C. Sernadas. Probabilistic situation calculus. Annals of Mathematics and Artificial Intelligence, 32(1/4):393–431, 2001. [Meseguer, 1998] J. Meseguer. Membership algebra as a logical framework for equational specification. In F. Parisi-Presicce, editor, Recent Developments in Algebraic Development Techniques - Selected Papers, volume 1376 of Lecture Notes in Computer Science, pages 18–61. Springer-Verlag, 1998.
180
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
[Mortensen, 1980] C. Mortensen. Every quotient algebra for C1 is trivial. Notre Dame Journal of Formal Logic, 21:694–700, 1980. [Rasga et al., 2002] J. Rasga, A. Sernadas, C. Sernadas, and L. Vigan` ` o. Fibring labelled deduction systems. Journal of Logic and Computation, 12(3):443–473, 2002. [Rasga, 2003] J. Rasga. Fibring Labelled First-order Based Logics. PhD thesis, IST, Universidade T´ ´ecnica de Lisboa, 2003. [Sernadas and Sernadas, 2003] A. Sernadas and C. Sernadas. Combining logic systems: Why, how, what for? CIM Bulletin, 15:9–14, December 2003. [Sernadas et al., 1997] A. Sernadas, C. Sernadas, and C. Caleiro. Synchronization of logics. Studia Logica, 59(2):217–247, 1997. [Sernadas et al., 1999] A. Sernadas, C. Sernadas, and C. Caleiro. Fibring of logics as a categorial construction. Journal of Logic and Computation, 9(2):149–179, 1999. [Sernadas et al., 2000] A. Sernadas, C. Sernadas, C. Caleiro, and T. Mossakowski. Categorial fibring of logics with terms and binding operators. In Gabbay and de M. Rijke [2000], pages 295–316. [Sernadas et al., 2002a] A. Sernadas, C. Sernadas, and A. Zanardo. Fibring modal firstorder logics: Completeness preservation. Logic Journal of the IGPL, 10(4):413–451, 2002. [Sernadas et al., 2002b] C. Sernadas, J. Rasga, and W. A. Carnielli. Modulated fibring and the collapsing problem. Journal of Symbolic Logic, 67(4):1541–1569, 2002. [Thomason, 1984] R. H. Thomason. Combinations of tense and modality. In Handbook of philosophical logic, Vol. II, I volume 165 of Synthese Library, pages 135–165. Reidel, Dordrecht, 1984. [van Danlen, 1986] D. van Danlen. Intuitionistic logic. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, Vol. III, I pages 225–339. D. Reidel Publishing Company, 1986. [Wolter and Zakharyaschev, 2000] F. Wolter and M. Zakharyaschev. Temporalizing description logics. In Gabbay and de M. Rijke [2000], pages 379–401. [Wolter, 1998] F. Wolter. Fusions of modal logics revisited. In Advances in modal logic, Vol. 1, volume 87 of CSLI Lecture Notes, pages 361–379. CSLI Publ., 1998. [Zanardo et al., 2001] A. Zanardo, A. Sernadas, and C. Sernadas. Fibring: Completeness preservation. Journal of Symbolic Logic, 66(1):414–439, 2001.
APPENDIX A
CONNECTION WITH POINT BASED SEMANTICS
There is a deep conceptual gap between the point based semantics of fibring and the semantics we proposed. We now briefly review this process. Rather than just putting forth the definitions, we chose to give a panoramic view of the difficulties involved and the way they can be solved, building on the intuitions behind D. Gabbay’s original idea, and going from the first very concrete definition, based on Kripke-style interpretation structures, to the current much more abstract and general approach, based on ordered algebras. The relationship between the notion of fibring previously defined and the original idea in [Gabbay, 1996a] certainly deserves a careful analysis. Of course, such a study will have the purpose of providing a historical account to the development of fibring as a methodology for combining logics. But beyond that, we hope that by the end of this explanation the reader will
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
181
have acquired a much better overall understanding of the problem of combining logics and the technical difficulties involved. To get into the level of abstraction considered in [Gabbay, 1996a], we need to restrict ourselves to interpretation systems based on Kripke-like structures (K-structures, for short). DEFINITION 130. A K-interpretation structure over C is a pair W = W, ν where W is a non-empty set and ℘(W ), ν is a C-algebra. We denote by KStr(C) the class of all K-interpretation structures over C. The set W of worlds induces the space of truth values ℘(W ), ordered by inclusion, whose top element is precisely W . In this way, we can identify a Kinterpretation structure W as a special way of presenting the interpretation structure W = ℘(W ), ⊆, ν, W in the sense of Section 2. To disambiguate, we sometimes denote ν by νW . DEFINITION 131. A K-interpretation system is a pair KI = C, K where C is a signature and K ⊆ KStr(C). Of course, a K-interpretation system KI = C, K can also be seen as a special way of presenting the interpretation system KI = C, K. Under this assumption, it is interesting to note that we can recover the usual Kripkelike notions of local and global reasoning for each KI, if we adopt the corresponding general definitions for KI (cf. definitions 23 and 22). Given W ∈ K, define the local satisfaction relation at w ∈ W by W, w KI ϕ if w ∈ [[ϕ]]W . Analogously, define the global satisfaction by W KI ϕ if W, w KI ϕ for every w ∈ W . As usual we simply write instead of KI when KI is clear from the context. Then: • globally: Ψ gKI ϕ if and only if for every W ∈ K, if W ψ for each ψ ∈ Ψ then W ϕ; • locally: Ψ KI ϕ if and only if for every W ∈ K and w ∈ W , if W, w ψ for each ψ ∈ Ψ then W, w ϕ. In the sequel, we also use gKI and KI to denote gKI and KI , respectively. Gabbay’s original idea for the semantics of fibring [Gabbay, 1996a; Gabbay, 1996b; Gabbay, 1999] was based on the notion of fibring function, and assumed that both logics had a Kripke-like semantics. In this case, the fibring function F would provide, at any moment, a way to map models and worlds from one logic to the other, and back again. Suppose that ϕ is a formula and c a unary constructor of the first logic system, given by KI , and c a unary constructor of the second logic, given by KI . To evaluate c (c (ϕ )) in the combined logic we should proceed as follows. 1. Take a model W of the first logic.
182
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
2. Typically, the satisfaction of c (c (ϕ )) at W will depend on some condition involving the unknown satisfaction of c (ϕ ) at W . 3. For each world w ∈ W , instead of W , w c (ϕ ), apply the fibring function F to obtain F (W , w ) = W , w where W is a model of the second logic and w ∈ W , and use W , w c (ϕ ). 4. Again, the satisfaction of c (ϕ ) at W will depend on some condition involving the unknown satisfaction of ϕ at W . 5. For each world u ∈ W , instead of W , u ϕ , apply the fibring function F to obtain F (W , u ) = U , u where U is a model of the first logic and u ∈ U , and use U , u ϕ . This idea is intuitively appealing. However, it is not obvious how to accommodate this operational view based on the fibring function into a meaningful definition of fibred model. Things get even harder if, as we advocate, we further require fibring to be a universal construction between K-interpretation systems. In that case, how to characterize the resulting system KI + KI ? And what is the relevant notion of K-interpretation system morphism? The first solution to all these questions, proposed in [Sernadas et al., 1999], was based on considering fibred models that could be partitioned, simultaneously, into clouds of disjoint models from each of the logics. The relevant notion of morphism, described below, captures precisely these requirements and is essentially equivalent to the one presented in [Sernadas et al., 1999]. Its apparent simplicity when compared in the technical detail with the notion introduced in [Sernadas et al., 1999] is the result of the maturation of the essential abstract ideas underlying fibring over the time elapsed thus far. DEFINITION 132. Assume that KI = C , K and KI = C, K are two K-interpretation systems. A K-interpretation system morphism h, g : KI → KI consists of a signature morphism h : C → C and a map g that associates to each W ∈ K a set g(W) ⊆ K , such that the following conditions are satisfied, assuming that g(W) = {W Wi : i ∈ I}: • W = i∈I Wi ; • Wi1 ∩ Wi2 = ∅ if i1 = i2 ; • for each i ∈ I, c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ), νW (h(c ))(X1 , . . . , Xk ) ∩ Wi = νWi (c )(X1 ∩ Wi , . . . , Xk ∩ Wi ).
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
183
Note that such a notion a morphism indeed forces each model of KI to be seen as a union of disjoint models of KI where the interpretation of each constructor from C is also preserved. K-interpretation systems and their morphisms constitute the category KInt, with identity and composition as defined in [Sernadas et al., 1999]. As explained before, each K-interpretation system KI can be seen as a way of presenting the interpretation system KI. Yet, it is not so clear at this stage how to understand a K-interpretation system morphism h, g : KI → KI as a presentation of some morphism from KI to KI. The fibring of K-interpretation systems can now be characterized. DEFINITION 133. The fibring of K-interpretation systems KI = C , K and KI = C , K is the interpretation system KI +KI = C ∪ C , K where K is the class of all K-interpretation structures W over C ∪ C that Wj : j ∈ J} ⊆ can be built from sets of structures {W Wi : i ∈ I} ⊆ K and {W K satisfying: • W = i∈I Wi = j∈J Wj ; • Wi1 ∩ Wi2 = ∅ if i1 = i2 , and Wj1 ∩ Wj2 = ∅ if j1 = j2 ; • no proper subsets I0 ⊂ I and J0 ⊂ J fulfill i∈I0 Wi = j∈J0 Wj ; • if w ∈ Wi ∩ Wj , c ∈ Ck ∪ Ck and X1 , . . . , Xk ∈ ℘(W ) then w ∈ νWi (c)(X1 ∩ Wi , . . . , Xk ∩ Wi ) if and only if w ∈ νWj (c)(X1 ∩ Wj , . . . , Xk ∩ Wj ), by defining W = W, ν as follows: • for each i ∈ I, c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ), νW (c )(X1 , . . . , Xk ) ∩ Wi = νWi (c )(X1 ∩ Wi , . . . , Xk ∩ Wi ); • for each j ∈ J, c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ), νW (c )(X1 , . . . , Xk ) ∩ Wj = νWj (c )(X1 ∩ Wj , . . . , Xk ∩ Wj ). As before, the fibring of interpretation systems is defined under the assumption that the common subsignature is shared. In fact, for every shared constructor c ∈ C ∩ C , the definition above implies that the two clouds Wj : j ∈ J} agree on their interpretation. of models {W Wi : i ∈ I} and {W Note that, according to the previously mentioned operational description, we can recognize the fibring function F associated to the fibred model W
184
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
as mapping each pair W Wi , w such that w ∈ Wi to the pair W Wj , w where j is the unique element of J such that w ∈ Wj , and vice-versa. To make fibring robust with respect to the particular “names” of the worlds in each structure, it is useful to work under the assumption that the K-interpretation systems being combined are closed under isomorphisms. Rigorously, given a signature C, a K-structure W ∈ KStr(C) and a bijection b : W → U , we define the isomorphic copy b(W) of W to be the K-structure U over C such that U = U, νU with νU (c)(X1 , . . . , Xk ) = b(νW (c)(b−1 (X1 ), . . . , b−1 (Xk ))) for each c ∈ Ck and X1 , . . . , Xk ∈ ℘(U ). We say that KI = C, K is closed for isomorphisms if for every W ∈ K and bijection b from W it is also the case that b(W) ∈ K. It is a trivial fact that closing a given K-interpretation system under isomorphisms has no effect on its entailment operators. Moreover, it is clear that if KI and KI are closed under isomorphisms then so is KI + KI . Once again, given a signature morphism h : C → C and a K-interpretation structure W over C, we denote by W|h the h-reduct of W, that is, the K-interpretation structure over C given by W, νW ◦ h. This construction induces a map ·|h : KStr(C) → KStr(C ) that goes along well with our previous definitions. Indeed, one can easily show that W|h = W|h . As before, in the particular case when C ⊆ C and we consider the inclusion morphism i : C → C, we shall also use W|C instead of W|i . Now, let KI = C , K and KI = C , K be two K-interpretation systems, and consider the trivial injections i , f : KI 0 → KI and i , f : KI 0 → KI of the canonical K-interpretation system KI 0 = C, KStr(C) over their common subsignature, where f (W ) = {W |C } and f (W ) = {W |C }. The fibred K-interpretation system KI + KI together with the inclusions j , g : KI → KI + KI and j , g : KI → KI + KI is a pushout in KInt of i , f and i , f , where for each W built as Wi : i ∈ I} and g (W) = {W Wj : j ∈ J}. As above we have g (W) = {W before, KI + KI is a coproduct of KI and KI whenever their common subsignature C is empty (∅, KStr(∅) is the initial object of KInt). Note that the minimality of the partitions required by the condition that no proper subsets I0 ⊂ I and J0 ⊂ J fulfill i∈I0 Wi = j∈J0 Wj is essential to guarantee the universal property of the construction. Indeed, a fibred model cannot be decomposable into two fibred models. This first successful universal characterization of Kripke-like fibred semantics can actually be made much simpler if we just assume that the models of the logics being combined are already closed for unions. This simplification was first proposed in [Zanardo et al., 2001], where it was also noted that closing a given K-interpretation system for unions simply does not change its entailment operators. Rigorously, given a signature C
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
185
and a set {W Wi : i ∈ I} ⊆ KStr(C) of pairwise disjoint K-structures, that is, Wi1∩ Wi2 = ∅ if i1 = i2 , we define their union to be theK-structure W = i∈I Wi over C such that W = W, νW with W = i∈I Wi , and νW (c)(X1 , . . . , Xk ) ∩ Wi = νWi (c)(X1 ∩ Wi , . . . , Xk ∩ Wi ) for each c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ). We say that KI = C, K is closed for unions if for every disjoint set {W Wi : i ∈ I} ⊆ K it is also the case that i∈I Wi ∈ K. DEFINITION 134. Let KI = C , cK and KI = C, K be two Kinterpretation systems. A simple K-interpretation system morphism h, g : KI → KI consists of a signature morphism h : C → C and a map g : K → K , such that the following conditions are satisfied for every W ∈ K, assuming that g(W) = W : • W = W ; • for each c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ), νW (h(c ))(X1 , . . . , Xk ) = νW (c )(X1 , . . . , Xk ). Note that such a notion a morphism indeed forces each model of KI to correspond to a model of KI where the interpretation of each constructor from C is preserved. At the light of simple morphisms and closure for unions it is now easier to understand the difficulty in understanding a K-interpretation system morphism h, g : KI → KI as a presentation of some morphism from KI to KI. What we would need would be an operation on interpretation systems that would mimic the closure for unions of K-interpretation systems. More precisely, what we need is to work with interpretation systems that are closed for products. Rigorously, given a signature C and a structures, we define their prodset {Bi : i ∈ I} ⊆ Str(C) of interpretation B over C such that B = B, ≤, , ν uct to be the structure B = i∈I i with B = i∈I Bi , xi i∈I ≤ yi i∈I if each xi ≤i yi , = i i∈I , and ν(c)(x1,i i∈I , . . . , xk,i i∈I) = νi (c)(x1,i , . . . , xk,i )i∈I for each c ∈ Ck and x1,i i∈I , . . . , xk,i i∈I ∈ i∈I Bi . We say that an interpretation system I = C, A is closed for products if for every set {Bi : i ∈ I} ⊆ A it is also the case that i∈I Bi ∈ A. Once again, note also that closing a given interpretation system for products does not change its entailment operators. ∈ I} ⊆ KStr(C), it is not difficult to conclude given a set {W Wi : i Notably, that i∈I Wi is isomorphic to i∈I W i . Thus, if KI is closed for unions then it immediately follows that KI is closed for products. Therefore, we can now understand a simple K-interpretation system morphism h, g : KI → KI as a presentation of the morphism h, g = h : KI → KI. Note that the conditions on a simple morphism require precisely that g(W) = W|g for each model W of KI. Now, it is a small step to ckeck that KI + KI and
186
C. CALEIRO, W. CARNIELLI, J. RASGA AND C. SERNADAS
KI + KI coincide, which justifies our general definition of fibring in the wider setting of interpretation systems. REMARK 135. K-interpretation systems and their simple morphisms constitute a large subcategory sKInt of KInt. Furthermore, the functor · : sKInt → Int transforms simple fibrings into fibrings. The fibring of K-interpretation systems can now be given a much simpler characterization. DEFINITION 136. The simple fibring of K-interpretation systems KI = C , K and KI = C , K is the interpretation system KI ⊕ KI = C ∪ C , K where K is the class of all K-interpretation structures W over C ∪ C that can be built from interpretations structures W ∈ K and W ∈ K satisfying: • W = W = W ; • if c ∈ Ck ∪ Ck and X1 , . . . , Xk ∈ ℘(W ) then νW (c)(X1 , . . . , Xk ) = νW (c)(X1 , . . . , Xk ), by defining W = W, νW as follows: • for each c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ), νW (c )(X1 , . . . , Xk ) = νW (c )(X1 , . . . , Xk ); • for each c ∈ Ck and X1 , . . . , Xk ∈ ℘(W ), νW (c )(X1 , . . . , Xk ) = νW (c )(X1 , . . . , Xk ). Given two K-interpretation systems KI and KI both closed for unions, it can easily be proved that their simple fibring KI ⊕ KI coincides with their fibring KI + KI . In any case, as explained above, the corresponding entailment operators coincide. Now, let KI = C , K and KI = C , K be two K-interpretation systems, and consider the trivial injections i , ·|C : KI 0 → KI and i , ·|C : KI 0 → KI of the canonical Krike-like interpretation system KI 0 = C, KStr(C) over their common subsignature. The simply fibred K-interpretation system KI ⊕ KI together with the inclusions j , g : KI → KI ⊕ KI and j , g : KI → KI ⊕ KI is a pushout in sKInt of i , ·|C and i , ·|C , where for each W built as above we have g (W) = W and g (W) = W . As before, KI ⊕ KI is a coproduct of KI and KI whenever their common subsignature C is empty (∅, KStr(∅) is the initial object of sKInt). This Kripke-like semantic view is still a bit restrictive. In general, there is no reason to suppose that interesting logics should be endowed with Kinterpretation structures. Moreover, general completeness results for modal
FIBRING OF LOGICS AS A UNIVERSAL CONSTRUCTION
187
logics are only possible if we consider general Kripke structures, or alternatively, modal algebras. Still, by now, it should be easy to bridge the intuitive gap to the broader algebraic setting initially proposed. A final word is due, however, concerning the fibring function. In the Kripke-like setting developed above, namely now in the simple case, the fibring function F associated to each fibred structure W built from W and W is now mapping each pair W , w to W , w and back. Indeed, if we take into account that the corresponding space of truth values is ℘(W ) in the three cases, the fibring function is also providing a way of identifying the truthvalue in W of a given formula ϕ of the second logic with a truth-value in W . This is precisely the game played, in the general setting, by the fibred interpretation structures.
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
PROVABILITY LOGIC 1
INTRODUCTION
The idea of provability logic seems to originate in a short paper [G¨ o¨del, 1933]. K. Godel ¨ was motivated by the question of providing Brouwer’s intuitionistic logic, as formalized by Heyting, with an adequate semantics. According to Brouwer, intuitionistic truth means provability. Here is a summary from Constructivism in Mathematics [Troelstra and van Dalen, 1988, p. 4]: “A statement is true if we have a proof of it, and false if we can show that the assumption that there is a proof for the statement leads to a contradiction.” An axiom system for intuitionistic logic was introduced by Heyting in 1930; its full description may be found in fundamental monographs [Kleene, 1952; Troelstra and van Dalen, 1988]. In 1931–34 A. Heyting and A.N. Kolmogorov made Brouwer’s definition of intuitionistic truth explicit, though informal, by introducing what is now known as the Brouwer–Heyting–Kolmogorov (BHK) semantics [Heyting, 1931; Heyting, 1934; Kolmogoroff, 1932]. BHK semantics suggests that a formula is called true if it has a proof. Further, a proof of a compound statement is described in terms of proofs of its components: • a proof of A ∧ B • a proof of A ∨ B of B; • a proof of A → proofs of B; • falsehood ⊥ is a for A → ⊥.
consists of a proof of A and a proof of B; is given by presenting either a proof of A or a proof B is a construction transforming proofs of A into proposition which has no proof, ¬A is a shorthand
The BHK semantics is widely recognized as the intended semantics for intuitionistic logic. In [G¨ o¨del, 1933] an attempt was made to formalize the BHK semantics. K. Godel ¨ introduced a modal calculus of classical provability (essentially equivalent to the Lewis modal system S4) and defined the intuitionistic propositional logic IPC in this logic. G¨ o¨del’s provability calculus is based on the classical propositional logic and has the modal axioms and rules 2F → F , D. Gabbay and F. Guenthner (eds.), Handbook of Philosophical Logic, Volume 13, 189–360. c 2005, Springer. Printed in the Netherlands.
190
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
2(F → G) → (2F → 2G), 2F → 22F , F ⇒ 2F (necessitation rule). G¨ o¨del considered a translation t(F ) of an intuitionistic formula F into the classical modal language: “box each subformula of F ” apparently regarding such a translation to be a fair formalization1 of the Brouwer thesis intuitionistic truth = provability. G¨ o¨del established that IPC F
⇒
S4 t(F ),
thus providing a reading of IPC-formulas as statements about classical provability. He conjectured that the converse (⇐) also held and concluded in 1938 (see [G¨ o¨del, 1995], p. 100–101): Intuitionismus ist daraus ableitbarr2 . The (⇐) conjecture was proved in [McKinsey and Tarski, 1948]. The ultimate goal, however, of defining IPC via classical proofs had not been achieved because S4 was left without an exact intended semantics of the provability operator 2: IPC → S4 → ... ?
. . . → CLASSICAL PROOFS.
Here, CLASSICAL PROOFS refers to systems based on a proof predicate Proof(x, y) denoting “x is the code of a proof of the formula having a code y” for a classical first order theory containing Peano arithmetic PA. G¨ o¨del in [G¨ o¨del, 1933] identified a problem there and pointed out that a natural reading of 2F as the formal provability predicate Provable(F ) = ∃x Proof(x, F ) did not work. Let ⊥ be the boolean constant false and 2F be Provable(F ). Then 2⊥ → ⊥ corresponds to the statement Con(PA) expressing consistency of PA. An S4-theorem 2(2⊥ → ⊥) expresses the assertion that Con(PA) is provable in PA, which is false according to the second G¨¨odel incompleteness theorem. Thus, [G¨ o¨del, 1933] showed that S4 was a provability calculus without an exact provability semantics, whereas the interpretation of 2F = Provable(F ) was an exact provability semantics for modality without axiom system known. Godel’s ¨ paper left open two natural problems: 1. Find the modal logic of the formal provability predicate Provable(F ). 1 This translation appeared earlier in a paper by I.E. Orlov [Orlov, 1928], who applied it to a system different from S4. 2 Intuitionism is derivable from this.
PROVABILITY LOGIC
191
2. Find an exact provability semantics of S4 and thereby of IPC. It was already clear that solutions to 1 and 2 led to essentially different models of Provability, each targeting its own set of applications. The two parts of the present paper — “Part I, Logic of Provability” (Sections 2–10) and “Part II, Logic of Proofs” (Sections 11–16) — roughly correspond to the developments around these two questions. Here in the Introduction we briefly review main achievements in both directions.
Logic of Provability The first significant step towards a solution of Problem 1 was made by M.H. Lob ¨ [Lob, ¨ 1955] who formulated, on the basis of the previous work by D. Hilbert and P. Bernays from 1939 (see [Hilbert and Bernays, 1968]), a number of natural conditions3 on the formal provability predicate (nowadays known as Bernays–L¨ o ¨b derivability conditions ) and observed that these conditions were sufficient for the proof of G¨ o¨del’s second incompleteness theorem. Moreover, under the same conditions he found an important strengthening of the G¨ o¨del theorem. He proved that the following is a valid principle of the logic of the formal provability predicate: 2(2F → F ) → 2F. This powerful principle, taken together with the axioms and rules of the modal logic K4 turned out later to provide a complete axiomatization of the logic of formal provability. This system currenly bears the name GL for G¨ o¨del and L¨ ob ¨ 4. M.H. Lob’s ¨ work, followed by significant advances in general understanding of formalization of metamathematics particularly in the hands of S. Feferman [Feferman, 1960], inspired S. Kripke, G. Boolos, D. de Jongh and others to look into the problem of exact axiomatization of the logic of provability. Independently, the same notion appeared in an algebraic context in the work of R. Magari and his school in Italy (see [Magari, 1975b]). A dramatic account of these early developments can be found in [Boolos and Sambin, 1991]. As an important early result on provability logic stands out a theorem by D. de Jongh, found independently by G. Sambin, who established n ´ski, 1977b; that the system GL has the fixed point property (see [Smory´ Smory´ n ´ski, 1985] and some details below). 3 These conditions were essentially expressed by the last two axioms and the necessitation rule of the above mentioned system S4, in other words, by the modal logic K4. So, their validity must have been known to G¨ ¨ odel. 4 This logic was alternatively denoted by G, L, K4.W, PrL. Neither G¨ ¨ odel nor L¨ ¨ ob formulated the logic explicitly, though undeniably they established the validity of the underlying arithmetical principles. Presumably, it was T. Smiley in whose work on the foundations of ethics [Smiley, 1963] the axioms of GL appeared for the first time.
192
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
H. Friedman formulated the problem of decidability of the letterless fragment of provability logic as his Problem 35 in [Friedman, 1975a]. This question, which happened to be much easier than the general case, was immediately answered by a number of people including G. Boolos [Boolos, 1976], J. van Benthem, C. Bernardi and F. Montagna. A breakthrough came in 1976 when R. Solovay published a solution of the general problem showing that the system GL axiomatizes the provability logic for any sufficiently strong and sound formal theory [Solovay, 1976]. He also showed that the set of modal formulas expressing universally true principles of provability was axiomatized by a decidable extension of GL, which is usually denoted by S and is called the truth provability logic. Solovay’s results and his novel methods opened a new stage in the development of provability logic, with several groups of researchers, most notably in the USA (R. Solovay, G. Boolos, C. Smory´ n ´ski), the Netherlands (D. de Jongh, A. Visser), Italy (R. Magari, F. Montagna, G. Sambin, L. Valentini), and USSR (S. Art¨ ¨emov and his students), starting to work intensively in this area. Textbooks by G. Boolos [Boolos, 1979b] and C. Smory´ n ´ski [Smory´ n ´ski, 1985], the first of which appeared very early, played an important educational role. The main thrust of the research effort went into the direction of generalizing Solovay’s results to more expressive languages. Here we briefly mention some of the probems that received prominent attention. Most of them (though not all) are covered in greater detail below and roughly correspond to the sections in this paper. First order provability logics. It was soon discovered that the first order version of GL is not arithmetically complete. G. Boolos formulated in his book the problem of axiomatizing the full first order provability logic. Improtant partial results in this direction were obtained by F. Montagna [Montagna, 1987a]. A final negative solution was given in the papers by S. Art¨emov [Artemov, 1985a] and V. Vardanyan [Vardanyan, 1986]. In particular, V. Vardanyan showed that this logic is Π02 -complete, thus not effectively axiomatizable. Earlier S. Art¨ ¨emov showed that the first order truth provability logic is not even arithmetical. Independently but somewhat later similar results were obtained by V. McGee in his Ph.D. Thesis, they were never published.5 The later joint publication with G. Boolos [Boolos and McGee, 1987] contained a certain strengthening of Art¨¨emov’s theorem. Even more dramatically, [Artemov, 1986] showed that the first order provability logics are sensible to a particular formalization of the provability predicate and, thus, are not very robustly defined. The material on first order provability logic is extensively covered in a 5 We
are grateful to A. Visser for providing us with this information and with a copy of V. McGee Thesis.
PROVABILITY LOGIC
193
later textbook by G. Boolos [Boolos, 1993] and in survey [de Jongh and Japaridze, 1998], therefore we chose not to include any further details in the present survey. Intuitionistic provability logic. The question of generalizing Solovay’s results from classical theories to intuitionistic ones, such as Heyting arithmetic HA, proved to be remarkably difficult. This problem was taken up by A. Visser, D. de Jongh and their students. In [Visser, 1981] a number of nontrivial principles of the provability logic of HA were found. In [Visser, 1985] a characterization and a decision algorithm for the letterless fragment of the provability logic of HA were obtained, thus solving an intuitionistic analog of the Friedman’s 35-th problem. Some significant further results were obtained in [Visser, 1985; Visser, 1994; Visser, 1999; Visser, 2002b; de Jongh and Visser, 1996; Iemhoff, 2001a; Iemhoff, 2001b; Iemhoff, 2001c] but the general problem of axiomatizing the provability logic of HA remains a major open question. It is consistent with our present knowledge, though in our opinion not very likely, that this logic is Π02 complete. See below for an overview of related results. Classification of provability logics. Solovay’s theorems naturally led to the notion of provability logic for a given theory T relative to a metatheory U , which was suggested by S. Art¨emov [Artemov, 1979; Artemov, 1980] and A. Visser [Visser, 1981]. This logic, denoted PLT (U ), is defined as the set of all propositional principles of provability in T that can be established by means of U . (Thus, the provability logic of T corresponds to U = T and the truth provability logic corresponds to U being the set of all true sentences of arithmetic.) The problem of describing all possible modal logics of the form PLT (U ), where T and U range over extensions of Peano arithmetic, has become known as the Classification problem for provability logics. Partial results were obtained in [Artemov, 1980; Visser, 1984; Artemov, 1985b; Japaridze, 1986] who, in particular, discovered four main families of provability logics. The classification was completed by L. Beklemishev in [Beklemishev, 1989a] who showed that all relative provability logics occur in one of these four families. The Classification can be extended to a broader class of theories. In fact, the same result holds for extensions of rather weak elementary arithmetic EA (see below). However, it remains an intriguing open question whether Solovay’s theorems can be extended to bounded arithmetic theories, such as S12 or S2 . Partial results were obtained in [Berarducci and Verbrugge, 1993]. Provability logics with additional operators. Theorems by Solovay have been generalized to various extensions of the propositional language by additional operators having arithmetical interpretation.
194
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
The most straightforward generalization is obtained by simultaneously considering several provability operators corresponding to different theories. Already in the simplest case of bimodal provability logic, the axiomatization of such logics turns out to be very difficult. The bimodal logics for n ´ski, 1985; many natural pairs of theories have been characterized in [Smory´ Japaridze, 1986; Carlson, 1986; Beklemishev, 1994; Beklemishev, 1996]. However, the general classification problem for bimodal provability logics for pairs of r.e. extensions of PA remains a major open question. There were also interesting bimodal logic studies of provability related concepts different from the standard provability predicates, such as Mostowski operator, Rosser, Feferman and Parikh provability (see [Smory´ n ´ski, 1985; Visser, 1989; Shavrukov, 1991; Shavrukov, 1994; Lindstr¨ o¨m, 1996]). In a number of cases arithmetical completeness theorems `a la Solovay have been obtained. These results have their origin in an important paper [Guaspari and Solovay, 1979] (see also [Smory´ n ´ski, 1985]). They considered an extension of the propositional modal language by witness comparison operator allowing to formalize Rosser-style arguments. Similar logics have later been used in [de Jongh and Montagna, 1989; Carbone and Montagna, 1989; Carbone and Montagna, 1990] for, e.g., the study of the speed-up of proofs. Interpretability and conservativity logics. A. Visser, following V. ˇ Svejdar, formulated another important extension of the language of provability logic. He introduced a binary modality ϕ ψ to stand for the arithmetization of the statement “the theory T + ϕ interprets T + ψ”. Interpretations here are understood in the standard sense of Tarski. This new modality allows (in a classical logic context) to express provability 2ϕ by ¬ϕ ⊥, and thus is more expressive than the ordinary 2. It turns out that the resulting interpretability logic substantially depends on the basis theory T . For two important classes of theories T this logic has been characterized. For finitely axiomatizable6 theories such as IΣ1 or ACA0 this was done by A. Visser [Visser, 1990]. For essentially reflexive theories, such as Peano arithmetic PA, this was done independently by V. Shavrukov and A. Berarducci [Shavrukov, 1988; Berarducci, 1990]. These results substantially relied on a previous work of A. Visser, D. de Jongh and F. Veltman who, in particular, developed a suitable Kripke-style semantics for the interpretability logics. These results remain, so far, the main successes in this area. A number of principal questions are still open. For example, interestingly enough, an axiomatization of the minimal interpretability logic, that is, of the set of interpretability principles that hold over all reasonable arithmetical theories is not known. A excellent survey of interpretability logic is given in [Visser, 6 To
be more precise, one also requires here that the theories are sufficiently strong and sequential.
PROVABILITY LOGIC
195
1998], see also [de Jongh and Japaridze, 1998]. The modality has a related conservativity interpretation, which leads ´ and Montagna, 1990; H´ ajek ´ and to conservativity logics studied in [Hajek Montagna, 1992; Ignatiev, 1991]. Logics of interpolability and of tolerance introduced by K. Ignatiev and G. Japaridze [Ignatiev, 1993b; Dzhaparidze, 1992; Dzhaparidze, 1993] have a related arithmetical interpretation, but a format different form that of interpretability logics. These developments fall outside the scope of the present paper, see [de Jongh and Japaridze, 1998] for an overview. Magari algebras and propositional second order provability logic. An algebraic approach to provability logic was initiated by R. Magari and his students [Magari, 1975a; Magari, 1975b; Montagna, 1979; Montagna, 1980]. The provability algebra of a theory T , also called the Magari algebra of T , is defined as the set of T -sentences factorized modulo provable equivalence in T . This set is equipped with the usual boolean operations and the provability operator mapping a sentence F to ProvableT (F ). Magari algebras in general are all the structures satisfying the identities of the provability algebra of PA. Studying Magari algebras revealed many interesting properties of provability. Some of them can also be reformulated in purely logical terms, but for many other questions an algebraic context is the most natural one. An early refinement of Solovay’s theorem is its so-called uniform version that was discovered independently in [Montagna, 1979; Artemov, 1979; Visser, 1980; Boolos, 1982; Avron, 1984]. In algebraic terms this result means that the free Magari algebra on countably many generators is embeddable into the provability algebra of any sound theory T . [Shavrukov, 1993b] proved a far-reaching generalization by characterizing all r.e. subalgebras of the provability algebra of T . Using the notion of provability algebra one can give a provability semantics to a considerable subclass of propositional second order modal formulas, that is, modal formulas with quantifiers over arithmetical sentences. These are just the first order formulas over the provability algebra. For several years the questions of decidability of the propositional second-order indexpropositional second order provability logicprovability logic, and of the first order theory of the provability algebra of PA, remained open. [Shavrukov, 1997a] gave a negative solution to these questions. His result was proved by one of the most ingenious extensions of Solovay’s techniques. We note that the difficult question of decidability of the ∀∃-theory of this algebra remains open. Applications in proof theory. The logic of formal provability was designed with a hope for applications in proof theory. It considerably deep-
196
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
ened our understanding of the behavior of formalized provability predicates. However, memorable applications of these methods to the study of concrete formal theories were lacking for a long time. The challenge here was to find applications to existing problems that were not a priori formulated in terms of formalized provability. The situation changed in the recent years. It turned out that methods of modal logic can be useful in the study of fragments of Peano arithmetic, where the model theoretic methods were the most successful, so far. It was an open question what kind of computable functions could be proved to be total in the fragment of PA where induction was restricted to Π2 formulas without parameters. Using provability logic methods [Beklemishev, 1999a] showed that these functions coincide with the primitive recursive ones. In general, provability logic analysis substantially clarified the behavior of parameter-free induction schemata. Later results [Beklemishev, 2004; Beklemishev, 2003b] revealed a deeper connection between provability logic and traditional proof-theoretic questions, such as consistency proofs, ordinal analysis, and independent combinatorial principles. [Beklemishev, 2004] gives an alternative proof of the famous theorem by G. Gentzen on the proof of consistency of PA by transfinite induction up to the ordinal 0 . In [Beklemishev, 2003b] and in this paper we present a simple combinatorial principle, called the Worm principle, which is derived from the provability logic analysis of PA and is independent from PA. At the moment this area seems to be a promising direction for future research. The provability logic techniques used here combine several of the above mentioned concepts such as provability algebras and polymodal logics a la Japaridze [Japaridze, 1986; Boolos, 1993]. `
Logic of Proofs The problem of formalizing BHK semantics even for propositional language was not solved until the middle of 1990s (cf. surveys [Weinstein, 1983; van Dalen, 1986; Artemov, 2001] and Section 11 of this article). The source of difficulties in provability interpretation of modality lies in the implicit nature of existential quantifier ∃. This phenomenon is sometimes called the ∃-sickness of the first-order logic: an assumption of ∃xF (x) in a given formal theory does not necessarily yield F (t) for some term t. Consider, for instance, the reflection principle in PA, i.e. all formulas of type ∃xProof(x, F ) → F . By the second G¨ o¨del incompleteness theorem, this principle is not provable in PA, since, the consistency formula Con(PA) coincides with a special case of the reflection principle ∃xProof(x, ⊥) → ⊥. Formula ∃xProof(x, F ) does not yield any specific proof of F , since this x may be a nonstandard natural number which is not a code of any actual derivation in PA. For proofs represented by explicit terms the picture is
PROVABILITY LOGIC
197
entirely different, e.g. the principle of explicit reflection Proof(p, F ) → F is provable in PA for each specific derivation p. Indeed, if Proof(p, F ) holds, then F is evidently provable in PA, and so is formula Proof(p, F ) → F . Otherwise, if Proof(p, F ) is false, then ¬Proof(p, F ) is true and provable, therefore Proof(p, F ) → F is also provable. This observation suggests a remedy for the ∃-sickness here: representing proofs by a system of terms t in the proof formula Proof(t, F ) instead of implicit representation of proofs by existential quantifiers in the provability formula ∃xProof(x, F ). In particular, it means a return to the original format of BHK after failed attempts to find a constructive provability semantics for IPC directly via a simpler language of modal logic. G¨ o¨del suggested using the format of explicit proofs for the interpretation of S4 as early as 1938, but that paper remained unpublished until 1995 [G¨ o¨del, 1995]. In a modern terminology the format of explicit proof terms is an instance of Gabbay’s Labelled Deductive Systems (cf. [Gabbay, 1996]). The logic of proofs. In [Artemov and Strassen, 1992a; Artemov and Strassen, 1992b; Artemov and Strassen, 1993] the first systems of logics of proofs in format t : F denoting t is a proof of F were introduced. These first logics had no operations on proofs and were too weak for representing the modality in full. Even before the publication of G¨ o¨del’s paper of 1938 [G¨ o¨del, 1995], S. Artemov came up with a system of logic of proofs capturing the whole of S4. In the fall of 1994 during his visit to the University of Amsterdam S.A. found the logic of proofs (which later got the name LP) and proved a theorem about realizability of S4 by proof terms of LP called proof polynomials. These results were reported at the end of 1994 in Amsterdam and Munster. ¨ The first paper with complete proofs was issued as a technical report of the Mathematical Sciences Institute, Cornell University, [Artemov, 1995]. A follow up paper [Artemov, 2001] contained simplified proofs and a comprehensive survey. Since proof polynomials enjoy a natural semantics in classical proofs, this gave a desired provability semantics to G¨ o¨del’ provability calculus S4. Combined with the above mentioned results by G¨ o¨del, MacKinsey and Tarski, the logic of proofs LP can be viewed as a formalization of the BHK semantics for intuitionistic propositional logic IPC completing a project initiated by Kolmogorov and G¨ o¨del. These developments resulted in the following picture of the foundations of intuitionistic logic: S4 → LP → CLASSICAL PROOFS , IPC → where all embeddings are exact. Models of the logic of proofs and complexity issues. The logic of proofs LP is sound and complete with respect to the natural provability
198
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
semantics [Artemov, 1995; Artemov, 2001]. Still, having convenient artificial models could be very important for a successful study of LP and its applications. The first abstract models for LP (called here M -models) were introduced in [Mkrtychev, 1997] where LP was shown to be sound and complete with respect to M -models. Mkrtychev models proved to be a convenient tool for studying the logic of proofs. In particular, they helped to establish in [Mkrtychev, 1997] the decidability of LP. [Kuznets, 2000] obtained an upper bound Σp2 on the satisfiability problem for LP-formulas in M -models. This bound was lower than known upper bound PSpace on the satisfiability problem in S4. One of the possible explanations, why LP wins in complexity over closely related to it S4, is that the satisfiability test for LP is somewhat similar to the type checking, i.e. checking the correctness of assigning types (formulas) to terms (proofs), which is known to be relatively easy in classical cases. M -models were further explored in [Krupski (jr.), 2003], where the minimal model of LP was constructed, which completely describes derivability in LP of “modalized” formulas (i.e. formulas of type t : F ). This yielded a better upper bound (NP) for the “modalized” fragment of LP. The minimal model is also used in [Krupski (jr.), 2003] to answer a well-known question about the disjunctive property of the logic of proofs: LP s : F ∨ t : G
⇔
LP s : F or LP t : G.
[Fitting, 2003b] gave a description of the canonical model for LP as a Kripkestyle model. An interesting and unexpected application of the canonical model was suggested in [Fitting, 2003a], where an alternative “semantical” proof was given for the realizability theorem of S4 in LP, whereby clarifying the role of operation “+” in this realization. [Fitting, 2003b] gave a general definition of Kripke-style models for LP (we call them F -models here) and established soundness and completeness of the logic of proofs with respect to F -models. As it was noted by V. Krupski, completeness with respect to F -models can be attained on one-element F -models, which are M -models with the so-called fully explanatory property (cf. Section 12). It is reasonable to expect to find applications of F models in epistemic logics containing both proof polynomials and the usual S4-modality, since Kripke models do not degenerate to singletons for such logics. A tableau system for the logic of proofs was developed in [Renne, 2004] where completeness with respect to M -models and cut-elimination for the whole of LP was proved, though cut-elimination in LP with empty constant specifications was demonstrated in [Artemov, 2001]. Joint logics of proofs and provability. The problem of finding a joint logic of proofs and provability has been a natural next step in this direction since there are important principles formulated in a mixed language
PROVABILITY LOGIC
199
of formal provability and explicit proofs. For example, the modal principle of negative introspection ¬2F → 2¬2F is not valid in the provability semantics. Neither does a purely explicit version of negative introspection ¬(x : F ) → t(x) : ¬(x : F ) hold in the logic of proofs LP. However, a mixed explicit-implicit principle ¬(t : F ) → 2¬(t : F ) is valid in the standard provability semantics. Finding a complete axiomatization of such principles in a joint language of GL and LP has also been important for building an epistemic logic with justifications based on provability semantics. The first joint system of provability and explicit proofs without operations on proof terms, system B, was found in [Artemov, 1994]. Arithmetically complete system BGrz of strong provability operator F = F ∧ 2F and proofs without operations was found in [Nogina, 1994; Nogina, 1996]. In [Sidon, 1997; Yavorskaya (Sidon), 2002] the first arithmetically complete system of provability and explicit proofs, LPP, containing both LP and GL was found. Along with natural extensions of principles and operations from LP and GL, LPP contains some additional operations. The arithmetically complete logic, LPGL, in the joint language of LP and GL was found in [Artemov and Nogina, 2004], where it was also used for building basic systems of logic of knowledge with justifications (cf. Applications below and Section 13). Logic of single-conclusion proofs. The primary use of LP is to realize modalities by proof terms (proof polynomials) thus providing a semantics of explicit proofs for modal logic S4 and for intuitionistic logic IPC. It turned out that with respect to realizability semantics, modal logic corresponds to multi-conclusion proofs, i.e. proofs each of which can prove several different theorems (cf. Section 11). One could see easily that the set of modal principles realizable by single-conclusion proofs (so called functional proofs), is not compatible with any normal modal logic. For example, x : → ¬x : ( ∧ ) is valid for functional proofs, and its forgetful projection 2 → ¬2( ∧ ) contradicts even the basic modal logic K. However, the problem of finding the logic of functional proofs presented a significant interest since many proof-like objects (e.g. typed λ-terms and combinatory terms or references in databases) correspond to single-conclusion proofs. The first step in the development of the logic of functional proofs was made in [Artemov and Strassen, 1992b] where the operation-free logic of functional proofs was axiomatized. The full scale logic of functional proofs FLP was built in [Krupski, 1997; Krupski, 2002] and then enhanced by new operations in [Krupski, 2005], system FLPref . The logic of the standard proof predicate. The logic of proofs LP axiomatizes all properties of propositions and proofs expressible in the propositional language and invariant with respect to the choice of a proof system
200
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Artemov, 2000; Artemov, 2001]. For a specific proof system some additional identities may hold. For instance, the standard “textbook” proof predicate ¨ numbering of syntax, which is monotone. In particular, is based on Godel’s the code of a given proof (a finite sequence of formulas) is greater than the code of any formula in that sequence (including the codes of theorems proven by that sequence). This property of coding prohibits self-referential assertions of sort t : A(t) and in general yields the following monotonicity axiom introduced in [Artemov and Strassen, 1993]: ¬(t1 : A2 (t2 ) ∧ t2 : A3 (t3 ) ∧ . . . ∧ tn : A1 (t1 )), where ti has to occur in Ai (ti ). This axiom is valid for the standard proof predicate7 but is not derivable in LP. It was shown in [Artemov and Strassen, 1993] that the basic logic of proofs supplied with the monotonicity axiom (system M) is complete with respect to the standard proof predicate. In [Artemov, 1994] this result is extended to a system in a richer language containing both M and the provability logic GL. A full axiomatization of the propositional logic of the standard proof predicate in the language of LP was found in [Yavorsky, 2000]. Proof polynomials for other modal logics. Systems of proof polynomials for other classical modal logics K, K4, D, D4, T were described in [Brezhnev, 2000; Brezhnev, 2001]. The paper [Brezhnev, 2001] should also be mentioned for its introduction of proof polynomials for Gentzenstyle proof systems. The case of S5 = S4 + (¬2F → 2¬2F ) was special because of the presence of negative information about proofs. The paper by Artemov, Kazakov and Shapiro [Artemov et al., 1999] introduced a possible system of proof terms for S5, established realizability of the logic S5 by these terms, decidability, and completeness of the resulting logic of proofs. However, the existence of alternative natural systems of proof terms for S5 suggests that the problem of describing negative knowledge by operations on witnesses is far from solved. Quantified Logics of Proofs. The arithmetical provability semantics for the logic of proofs may be naturally generalized to the first-order language and to the language of LP with quantifiers over proofs. Both possibilities of enhancing the expressive power of LP were investigated. In [Artemov and Sidon-Yavorskaya, 2001], techniques originating from [Artemov, 1985b; Vardanyan, 1986] were used to establish that the set of tautologies in the language of the first-order logic of proofs was not recursively enumerable. It was shown that a complete axiomatization of the first-order logic of proofs 7 This holds for the usual “call-by-value” provability semantics for LP presented in this article. However, this does not necessarily hold for the “call-by-name” semantics from [Artemov, 1995] (cf. also [Artemov, 2001], Comment 6.8).
PROVABILITY LOGIC
201
is impossible. An interesting decidable fragment of the first-order logic of the standard proof predicate was found in [Yavorsky, 2000]. Propositional logic with quantifiers over proofs was studied in [Yavorsky, 2002]. It was established that the corresponding set of formulas valid under the natural provability interpretation is not recursively enumerable, therefore propositional logic with quantifiers over proofs is not axiomatizable. Applications. 1. We start with a discussion of a contribution to semantics of modal logic in general made by the provability logic and logic of proofs. Initially G¨ o¨del regarded the modality 2F from a provability point of view as there exists a proof (witness, justification) for F According to this interpretation, modality contains an informal built-in existential quantifier over proofs. Existential understanding of modality is also typical of “naive” semantics for a wide range of epistemic logics. Nonetheless, before the logic of proofs LP was discovered, major modal logics lacked an exact semantics of existential character. The first exact existential semantics of modality is given by the arithmetical provability model for system GL, which, however, does not extend to other major modal logics. Proof polynomials and the logic of proofs provide existential semantics for S4, S5 and other systems [Artemov et al., 1999; Brezhnev, 2000; Brezhnev, 2001]. Decades after the above mentioned works by G¨¨odel a semantics of a different nature was formalized for modalities, namely Kripke semantics. Modality there is similar to a universal quantifier: 2F is read as in all possible situations F holds. Semantics of this sort will be called here a universal semantics. Such a reading of modality naturally appears in dynamic and temporal logics aimed at describing computational processes, states of which usually form a (possibly branching) Kripke structure. To some extend, Tarski’s topological semantics for S4 can be regarded as a universal semantics as well [McKinsey and Tarski, 1946; Rasiowa and Sikorski, 1963]. Universal semantics has been playing a prominent role in modal logic. However, it is not the only possible tool for approaching specific problems involving modal languages. In particular, universal semantics alone did not lead to a solution of the Godel ¨ provability calculus problem because of an existential nature of the latter. 2. As we have already discussed above, a perspective area of applications of the logic of proofs is the area of logics of knowledge. A need for a logic of knowledge with justifications has been discussed in [van Benthem, 1991]. Such a logic along with the usual knowledge operators 2F (F is
202
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
known) should contain assertions t : F (t is an evidence of F ), thus bringing explicit and quantitative components to the logic of knowledge. The explicit character of judgments significantly expands the expressive power of epistemic logics. Because of the logical omniscience effect (cf. below), the original epistemic modality 2F should be regarded as “potential knowledge”, or “knowability” rather than actual knowledge, cf. [Fitting, 2003b; Fitting, 2005]. An evidence operator t : F provides a justification that F is true in all situations and hence represents a real knowledge of the agent. [Artemov and Nogina, 2004] used the provability logic with justification LPGL for building logics of knowledge with justifications. Provability logic GL itself is not compatible with the epistemic logic, mainly because arithmetical provability is not reflexive. However, S4 can be modelled in GL by using the strong provability operator. S4 is sound with respect to the strong provability semantics, the extension S4Grz of S4 by Grzegorczyk schema 2(2(F → 2F ) → F ) → F provides a complete propositional axiomatization of strong provability [Kuznetsov and Muravitsky, 1977; Goldblatt, 1978; Boolos, 1979b; Kuznetsov and Muravitsky, 1986]. Kripke models corresponding to S4Grz have S4-frames which do not distinguish possible worlds mutually accessible from each other. [Artemov and Nogina, 2004] constructed basic logics of knowledge with justifications: LPS4, consisting of S4 combined with LP and t : F → 2F , and LPS4− , which is LPS4 augmented by the principle of negative introspection ¬(t : F ) → 2¬(t : F ). 3. The language of proof carrying formulas of the logic of proofs also suggests an approach to the logical omniscience problem [Parikh, 1987; Moses, 1988; Parikh, 1995; Fagin et al., 1995]). Logical omniscience means the unrealistical assumption of epistemic logic that an intellectual agent knows all logical consequences of her data. According to this assumption each person who knows the rules of chess should also know whether or not White has a winning strategy (an example from [Fagin et al., 1995]). The logical omniscience problem is to develop a mechanism in the logic of knowledge for distinguishing facts that are “easy to establish” from those which are “hard to establish.” The size of a proof polynomial (possibly in a richer basis tailored to specifics of the problem) gives information about the amount of work needed to establish the given fact. 4. Another promising area of applications for the logic of proofs is the area of typed theories and programming languages. The usual typed λ-calculus and the typed combinatory logic equivalent to it served as a theoretical prototype for a certain class of programming languages (cf. a survey [Constable, 1998]). The logic of proofs along with the reflexive λ-calculus and the reflexive combinatory logic based on it (cf. [Alt and Artemov, 2001; Artemov, 2004] and Chapter 15) have more expressive power, including a richer system of types and self-referential methods of constructing and using them. It is natural to expect these new capabilities to find their applications in programming languages like did previous major theoretical developments
PROVABILITY LOGIC
203
in λ-calculi. 5. Yet another area of applications of methods raising from the logic of proofs is reflection in artificial intelligence, automated deduction and verification. Reflection is a general term describing an ability of a formal deduction system to formalize its own meta-reasoning. This normally includes internal representation of formulas, axioms, rules and derivations, semantics, etc., and ability to represent properties of those objects by formulas of the system. The problem of building reflection in automated deduction has been discussed, e.g. in [Allen et al., 1990; Constable, 1994; Constable, 1998; Harrison, 1995]. The explicit representation of proofs by proof polynomials rather than their implicit specification by quantifiers offers a new promising approach to building reflection. In particular, since explicit reflection is internally provable, this new approach allows us to avoid undesirable “reflection towers” of extensions of a theory of an increasing metamathematical strength [Artemov, 1999], which are unavoidable in the traditional theory of verification [Davis and Schwartz, 1979]. According to [McCarthy, 2004], self-awareness is the principle advantage of human intelligence over artificial intelligence. Logical reflection apparatus and the logic of proofs in particular could contribute to building self-aware artificial intelligence systems. In programming languages reflection can be used to naturally formalize Run Time Code Generating, RTCD. About logic analysis of RTCD cf. [Wickline et al., 1998]. 6. Among applications one should mention a joint paper [Artemov and Krupski, 1996] introducing a logical system for the description and the design of reference databases based on the logic of proofs. This line of research has been further pursued in [Krupski, 2005].
Part I: Logic of Provability 2
¨ ¨ PROVABILITY LOGIC: THE MODAL LOGICAL GODEL–L OB TRADITION
When formulating a new (modal) logic a number of standard questions immediately present themselves. For example, one would want to know how the logic behaves w.r.t. the following properties: (i) Adequate semantics (completeness, finite model property); (ii) Decidability, complexity; (iii) Gentzen-style formulation, cut-elimination, subformula property; (iv) Craig interpolation, Beth definability; (v) Normal forms of (some classes of) formulas.
204
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Now that so many systems of nonclassical and modal logic have been studied, such questions have become commonplace and are perhaps lacking certain amount of appeal. Rather, one is more interested in the other, more specific, features of the logics in question. However, the answers to these traditional questions help us to understand the system we are dealing with and provide some useful standard techniques. For the case of basic G¨o¨del– Lob ¨ provability logic GL the answers to these standard questions constitute early work in this area. Most of them are discussed at length in the article by C. Smory´ n ´ski in this Handbook [Smory´ n ´ski, 2004]. We quickly recapitulate them in this section, mostly to fix the terminology.
2.1 Hilbert-style (Frege) proof system The language of GL has propositional variables p0 , p1 , . . . ; boolean connectives →, ⊥, , and unary modality 2. A Hilbert-style proof system for GL is given by the following axiom schemes and rules of inference. Axiom schemes: 1. Boolean tautologies 2. 2(ϕ → ψ) → (2ϕ → 2ψ) (normality) 3. 2(2ϕ → ϕ) → 2ϕ (Lob’s ¨ axiom ) Rules of inference: ϕ, ϕ → ψ/ψ (modus ponens); ϕ/2ϕ (necessitation). It is well-known that GL proves the transitivity axiom 2ϕ → 22ϕ and therefore extends the system K4 (see [Smory´ n ´ski, 1985]). On the other hand, GL is incompatible with the reflexivity axiom 2ϕ → ϕ and therefore with the system S4.
2.2 Kripke models A Kripke model for GL (or simply a model ) is a triple K := (K, ≺, ), where • ≺ is a converse well-founded strict partial ordering on K. The poset (K, ≺) is called the frame of K. Elements of K are called nodes. We assume, unless explicitly mentioned otherwise, that every model has the minimal node, which is called the root of K. • is a forcing relation on K, that is, a binary relation between the nodes of K and modal formulas, which satisfies the following conditions for any x ∈ K and any formulas ϕ, ψ: 1. x ⊥, x ; 2. x ϕ → ψ ⇐⇒ (x ϕ or x ψ);
PROVABILITY LOGIC
205
3. x 2ϕ ⇐⇒ ∀y ∈ K(x ≺ y ⇒ y ϕ). By Conditions 1–3 the forcing relation on K is uniquely determined by its restriction to propositional variables. We say that a formula ϕ holds or is valid in a model K (denoted K ϕ) if it is forced at the root of K. K, x ϕ means x ϕ in K. K ϕ means x ϕ, for all x ∈ K. A model K is treelike, if so is the ordering (K, ≺), that is, if a, b ≺ c implies a ≺ b or b ≺ a or a = b.
2.3
Gentzen-style proof system
We consider sequents of the form Γ ⇒ ∆, where Γ and ∆ are finite sets of formulas. (Thus, contraction and permutation rules are built in the definition of a sequent.) Γ means the formula ϕ1 ∨ · · · ∨ ϕn , if Γ = {ϕ1 , . . . , ϕn }, and ⊥, if Γ = ∅. Γ is defined dually. 2Γ is the set {2ϕ : ϕ ∈ Γ}. As usual, we also write Γ, ϕ for Γ ∪ {ϕ} and ⇒ ϕ for ∅ ⇒ ϕ. A Gentzen-style proof system GLG is given by the following axioms and rules of inference. Axioms:
⊥ ⇒;
⇒ ;
p ⇒ p,
for any variable p;
Rules of inference: Γ, ψ ⇒ ∆ Γ ⇒ ∆, ϕ (→ l) Γ, ϕ → ψ ⇒ ∆ Γ⇒∆ (weak) Γ, Σ ⇒ ∆, Π
Γ, ϕ ⇒ ψ, ∆ (→ r) Γ ⇒ ∆, ϕ → ψ 2Γ, Γ, 2ϕ ⇒ ϕ (L¨ o¨b) 2Γ ⇒ 2ϕ
As usual, the weakening rule (weak) can be eliminated at the cost of adding side formulas Σ, Π to all the axioms and the conclusion of the rule (L¨ o¨b). First, we observe the obvious subformula property of the Gentzenstyle proof system. PROPOSITION 1. Any formula occurring in a GLG -derivation of a sequent Γ ⇒ ∆ is a subformula of a formula from Γ ∪ ∆. Theorem 2 below implies that the rule of cut Γ, ϕ ⇒ ∆ Γ ⇒ ϕ, ∆ (cut) Γ⇒∆ is admissible in the system GLG .
2.4
Joint completeness and cut-elimination theorem
K. Segerberg [Segerberg, 1971] gave the first Kripke completeness proof for GL. A correct Gentzen-style cut-free system for GL has been suggested
206
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
in [Leivant, 1981], but his (syntactic) proof of cut-elimination contained a gap. Later a correct syntactic proof has been found in [Sambin and Valentini, 1982; Sambin and Valentini, 1983]. Below we present a different (semantic) proof following [Avron, 1984]. A corresponding system of natural deduction for GL was given in [Bellin, 1985]. THEOREM 2. For any formula ϕ the following statements are equivalent: (i) GL ϕ; (ii) K ϕ, for all models K; (iii) K ϕ, for all finite treelike models K; (iv) GLG ⇒ ϕ; (v) GLG + (cut) ⇒ ϕ. Proof. The implication (i)⇒(ii) is the soundness of GL w.r.t. converse wellfounded Kripke models cf. [Smory´ n ´ski, 2004; Smory´ nski, ´ 1985]. The implications (ii)⇒(iii) and (iv)⇒(v) are obvious. The implication (v)⇒(i) is the adequacy of the Gentzen-style formulation of GL. We have to show that all inference rules of GLG are admissible in GL under the standard translation of sequents Γ ⇒ ∆ as the formulas Γ → ∆. This is easy for the propositional rules and the cut-rule (the latter corresponds, in a sense, to modus ponens). We derive (L¨ o¨b) by the following reasoning in GL: 1. Γ ∧ 2Γ ∧ 2ϕ → ϕ (assumption) 2. Γ ∧ 2Γ → (2ϕ → ϕ) 3. 2( Γ ∧ 2Γ) → 2(2ϕ → ϕ) (by normality from 2) 4. 2( Γ ∧ 2Γ) → 2ϕ (by L¨ o¨b’s axiom from 3) 5. 2Γ → 2( Γ ∧ 2Γ) (a theorem of K4) 6. 2Γ → 2ϕ (from 4,5) The central part of the proof of the theorem is (iii)⇒(iv); here is a sketch. Assume a sequent Γ ⇒ ∆ is not provable in GLG . Then it can be extended to an unprovable saturated sequent, that is, a sequent Γ1 ⇒ ∆1 satisfying: (i) (ϕ → ψ) ∈ Γ1 implies ϕ ∈ ∆1 or ψ ∈ Γ1 ; (ii) (ϕ → ψ) ∈ ∆1 implies ϕ ∈ Γ1 and ψ ∈ ∆1 ; (iii) Γ ⊆ Γ1 , ∆ ⊆ ∆1 and any formula in Γ1 ∪ ∆1 is a subformula of a formula from Γ ∪ ∆;
PROVABILITY LOGIC
207
(iv) GLG Γ1 ⇒ ∆1 . Consider the (finite) set of all such unprovable saturated sequents. Supply it with a partial ordering ≺ as follows: (Σ1 ⇒ Π1 ) ≺ (Σ2 ⇒ Π2 ) iff (i) 2ϕ ∈ Σ1 implies ϕ, 2ϕ ∈ Σ2 ; (ii) There is a 2ϕ ∈ Σ2 such that 2ϕ ∈ Σ1 . Let (K, ≺) be the restriction of this ordering to the set of all sequents above Γ1 ⇒ ∆1 . Define an assignment of propositional variables p on K by setting (Σ ⇒ Π) p ⇐⇒ p ∈ Σ. This gives us a Kripke model K = (K, ≺, ) with the root Γ1 ⇒ ∆1 . Now it is a matter of routine checking, for any sequent (Σ ⇒ Π) ∈ K and formula ϕ ∈ Σ ∪ Π, that (i) ϕ ∈ Σ implies (Σ ⇒ Π) ϕ; (ii) ϕ ∈ Π implies (Σ ⇒ Π) ϕ.
Therefore, we conclude: (Γ1 ⇒ ∆1 ) Γ → ∆. Notice that (K, ≺) is a finite strict partial ordering, which may not yet be treelike. However, K can be transformed into an equivalent treelike model by the standard unravelling procedure (see [Bull and Segerberg, 2001]). COROLLARY 3. GLG is closed under the cut-rule. COROLLARY 4. GL is decidable and enjoys the finite model property. We also mention without proof that by a result of A.V. Chagrov [Chagrov, 1985] the set of theorems of GL is PSpace-complete. See [Chagrov et al., ˇ 2001; Svejdar, 2003] for more details.
2.5
Interpolation and definability
As an expected corollary of cut-elimination we obtain the Craig interpolation theorem for GL. THEOREM 5 (Craig interpolation). If GL ϕ → ψ, then there is a θ such that Var(θ) ⊆ Var(ϕ) ∩ Var(ψ) and GL ϕ → θ and GL θ → ψ. Proof. Using the so-called Sch¨ u ¨tte–Maehara method we prove the following statement by induction on the depth of the GLG -derivation: If GLG Γ1 , Γ2 ⇒ ∆1 , ∆2 ,
208
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
then there is a formula θ such that Var(θ) ⊆ Var(Γ1 ∪ ∆1 ) ∩ Var(Γ2 ∪ ∆2 ) and GLG Γ1 ⇒ ∆1 , θ and GLG θ, Γ2 ⇒ ∆2 . For the axioms and each of the rules the construction of θ is straightforward. Now put Γ1 = {ϕ}, ∆2 = {ψ}, Γ2 = ∆1 = ∅. This theorem has been proved independently by C. Smory´ n ´ski [Smory´ n ´ski, 1978] and G. Boolos [Boolos, 1979b] by semantical arguments. The reader can find this proof in [Chagrov et al., 2001]. As a standard corollary we obtain COROLLARY 6 (Beth definability). Assume GL ϕ(p) ∧ ϕ(q) → (p ↔ q), where q does not occur in ϕ(p) and the formula ϕ(q) is obtained from ϕ(p) by replacing all occurrences of p by q. Then there is a formula ψ such that Var(ψ) ⊆ Var(ϕ(p)) \ {p} and GL ϕ(p) → (p ↔ ψ). Proof. We are given a formula ϕ satisfying GL ϕ(p) ∧ p → (ϕ(q) → q). Let ψ be an interpolant for this formula. An interesting corollary of this general result is the Fixed Point Theorem for GL, which was thoroughly discussed in [Smory´ n ´ski, 2004]. We sketch a short alternative proof due to C. Smory´ n ´ski. THEOREM 7 (Fixed points). Let ϕ(p) be a formula in which p only occurs within the scope of a 2. Then there is a formula ψ such that Var(ψ) ⊆ Var(ϕ) \ {p} and GL (p ↔ ϕ(p)) ↔ (p ↔ ψ). Here θ is an abbreviation for θ ∧ 2θ. The reader is invited to convince him/herself that this formulation implies both the existence and the uniqueness of fixed points, as stated in [Smory´ n ´ski, 2004]. Proof. Let ϕ(p) be given. First we obtain the following lemma [Bernardi, 1976]: GL (p ↔ ϕ(p)) ∧ (q ↔ ϕ(q)) → (p ↔ q), where q is a fresh variable not contained in ϕ(p). For a proof of this lemma see [Smory´ n ´ski, 2004] or a simple Kripke-model argument in [Boolos, 1993]. Then apply Beth’s definability theorem to the formula (p ↔ ϕ(p)). The Craig interpolation theorem has various extensions and strengthenings. The most well-known ones are the so-called Lindon interpolation and the uniform interpolation. Whether the Lindon interpolation holds for GL still seems to be an open question. THEOREM 8 (Uniform interpolation). Let a formula ϕ and a subset S ⊆ Var(ϕ) be given. Then there is a formula θ such that GL ϕ → θ, Var(θ) ⊆
PROVABILITY LOGIC
209
S and for every formula ψ such that Var(ψ) ∩ Var(ϕ) ⊆ S and GL ϕ → ψ, we have GL θ → ψ. This theorem was discovered by V. Shavrukov [Shavrukov, 1993b] independently from (and essentially simultaneously with) a similar result by A. Pitts [Pitts, 1992] on intuitionistic propositional logic. Shavrukov’s proof was semantical rather than syntactical and relied upon the techniques of characters. Later A. Visser [Visser, 1996], building on the work [Ghilardi and Zawadowski, 1995], gave a more transparent semantical proof. No syntactical proof of this theorem for GL is known.
2.6
Admissible rules
A propositional inference rule ϕ1 , . . . , ϕn (R) ψ is admissible in a logic L, if whenever L σ(ϕi ), for i = 1, . . . , n, there holds L σ(ψ), where σ is any substitution of formulas for propositional variables. Typical examples of admissible rules in GL are 2p 2q (R1 ) 2(p ∧ q)
and
2p (R2 ). p
Admissible rules must not be confused with the derivable rules in a concrete proof system P for L. A rule R as above is called derivable in P, if there is a derivation in P of the formula ψ from the assumptions ϕ1 , . . . , ϕn . This notion depends not just on the set of theorems of L, but also on the choice of specific basic inference rules. Typically, all the basic rules of P, and hence all the derivable rules, are admissible. The converse need not be the case, and is not the case for GL. For the standard Hilbert-style proof system for GL given in Section 2.1, which we temporarily denote GLH , the derivable rules can be easily characterized by means of the following version of Deduction theorem (see [Smory´ n ´ski, 2004] or [Boolos, 1993]). PROPOSITION 9 (Deduction theorem). A rule (R) is derivable in GLH iff GL ϕ1 ∧ · · · ∧ ϕn → ψ. Thus, we see that the rule (R1 ) is derivable and admissible, whereas the rule (R2 ) is admissible but not derivable. (If it were, GL would prove
2p → p and hence 2p → p, which is not the case.) The reader can also ¨ rule easily check that, in contrast with (R2 ), Lob’s 2p → p p
210
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
is derivable in GLH . V. Rybakov [Rybakov, 1989] obtained the following important results. THEOREM 10 (Rybakov). The property of a rule being admissible in GL is decidable. THEOREM 11 (Rybakov). The admissible rules in GL do not have a finite basis, that is, they cannot be described as derivable rules in a proof system given by finitely many axiom schemes and inference rules. Similar results hold for the propositional intuitionistic logic and many other modal logics. See [Chagrov et al., 2001] for more details on the topic of admissibility of rules and a sketch of a proof of Rybakov’s theorem. See also [Rybakov, 1997] for an in-depth monograph on admissible rules. An alternative proof of Rybakov’s theorem was obtained by methods of S. Ghilardi [Ghilardi, 1999]. Ghilardi’s techniques proved to be especially useful in the study of intuitionistic provability logic (see [Ghilardi, 1999; Iemhoff, 2001b; Iemhoff, 2001c] and Section 9).
2.7 Letterless formulas and traces A modal formula is letterless, if it contains no propositional variables and is thus built up from , ⊥ using → and 2. Letterless formulas have nice normal forms in GL. This fact was discovered by G. Boolos [Boolos, 1976] and independently by J. van Benthem, C. Bernardi and F. Montagna. We obtain these normal forms using the techniques of traces of modal formulas developed in [Artemov, 1980]. Let K be a (possibly infinite) model. The depth function on K is a mapping d from K to the ordinals uniquely defined by the following condition: ∀x ∈ K d(x) = sup{d(y) + 1 | x ≺ y}, where we assume sup ∅ = 0. Recall that all models are converse wellfounded, so d is a well-defined function. The height h(K) of K is the depth of its root. Let ϕ be a (not necessarily letterless) formula. Trace tr(ϕ) of ϕ is the set of all numbers n ∈ ω such that there is a (finite) model K of height n such that K ϕ. Clearly, theorems of GL and only them leave no trace. We define: Fn = (2n+1 ⊥ → 2n ⊥). It is easy to see that tr(F Fn ) = {n}. LEMMA 12. For any formula ϕ, tr(ϕ) is either a finite or a cofinite subset of ω. Proof. Assume tr(ϕ) is infinite and let 2ϕ1 , . . . , 2ϕm enumerate all subformulas of ϕ of the form 2ψ. There is a model K such that K ϕ and h(K) > m. By Lemma 26 below there is a node r ∈ K such that r 2ϕi → ϕi for each i. Using this property we can ‘insert’ in our model a
PROVABILITY LOGIC
211
linear chain of elements at the node r without changing the forcing at nodes of K. Formally, for each n a new model Kn is defined such that is the disjoint union of K and the set {0, . . . , n}. The ordering ≺n on is the transitive closure of the orderings ≺ on K, < on {0, . . . , n}, and following relations:
the Kn Kn the
(i) x ≺n y, for all y ≤ n and x ≺ r; (ii) y ≺n x, for all y ≤ n and r # x. The forcing relation for propositional variables on {0, . . . , n} coincides with that at r and is the same as in K everywhere else. It is then not difficult to show that this property extends from atomic to all subformulas of ϕ and hence Kn ϕ. This holds for any n, so tr(ϕ) is cofinite. LEMMA 13. If F and ϕ are modal formulas such that tr(ϕ) ⊆ tr(F ) and F is letterless, then GL F → ϕ. Proof. Consider the structure N = (ω, >) as a converse well-founded (rootless, infinite) Kripke frame. The depth function d maps any finite model K to N . Moreover, for any x ∈ K and any letterless formula ψ we have K, x ψ ⇐⇒ N , d(x) ψ, as can be easily seen by induction on ψ. Hence, n ∈ tr(ψ) iff N , n ψ for letterless ψ. Assuming GL F → ϕ take any finite model K such that K F and K ϕ and let n = h(K). Obviously n ∈ tr(ϕ), but we have N , n F by the previous observation. Hence, n ∈ tr(F ), contradicting our assumption. As a corollary we obtain that any letterless formula is determined by its trace up to provable equivalence: COROLLARY 14. Let ϕ, ψ be letterless. Then tr(ϕ) = tr(ψ) ⇐⇒ GL ϕ ↔ ψ. The following corollary provides normal forms for letterless formulas. THEOREM 15 (Normal forms). Let ϕ be a letterless formula and S = tr(ϕ). (i) If S is finite, then GL ϕ ↔ n∈S Fn ; (ii) If S is cofinite, then GL ϕ ↔ n∈ Fn . S ¬F
212
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. By the previous corollary we must only notice that tr( n∈S Fn ) = S, if S is finite, and tr( n∈ Fn ) = S, if S is cofinite. S ¬F We also remark that by the proof of Lemma 12 one can effectively determine whether tr(ϕ) is finite or cofinite, as well as find an upper bound to the elements in tr(ϕ) (respectively, ω \ tr(ϕ)). Testing n ∈ tr(ϕ) is effective because, by Lemma 13, n ∈ tr(ϕ) ⇐⇒ GL ϕ → Fn . This means that the trace of a formula ϕ, together with the normal form of ϕ if ϕ is letterless, can be determined effectively. 3
THE INTENDED PROVABILITY SEMANTICS
R. Solovay originally formulated his completeness theorems for Peano arithmetic PA. It was immediately clear that his results applied to a wider range of theories. Applications of provability logic also required working with different systems some of which are much weaker and some much stronger than Peano arithmetic. Therefore, we will have to extend the approach taken in [Smory´ n ´ski, 2004]. It will be important for us not to fix one particular theory but rather keep the possibility of different interpretations of 2 open. We shall deal with formal theories T “sufficiently strong to be able to reason about themselves.” This is usually achieved by specifying a G¨del ¨ numbering, that is, an assignment of a numerical code τ to every syntactic object τ in the language of T — variable, term, formula, proof, etc. (We shall freely identify these codes with numerals, that is, the terms representing numbers in T .) Then, if T knows enough about numbers and has the power of coding and decoding, T will be able to reason about its own syntax. Thus, one usually restricts the attention to theories T containing (a sufficiently strong fragment of) Peano arithmetic. The standard choice of such a fragment is primitive recursive arithmetic PRA. Its formulation can be obtained from that of PA in [Smory´ n ´ski, 2004] by restricting the induction schema to quantifier-free formulas. A somewhat more economical choice is elementary arithmetic EA, which is also the weakest theory to date for which Solovay’s theorems have been verified8 . There are, however, yet weaker theories for which an adequate formalization of syntax has been developed. The most important among them is Buss’ feasible arithmetic S12 (see [Buss, 1986]). It is open, if Solovay’s theorems hold for S21 . Therefore, we choose EA as our basic system. Readers who feel insecure about reasoning in weak arithmetics may freely read PA instead of EA for most of this chapter. 8 In various modifications this theory is also known under the names EFA (H. Friedman), ERA (W. Sieg), I∆0 + exp (A. Wilkie, J. Paris), I∆exp ´ ajek and P. 0 (exp) (P. H´ Pudlak). ´
PROVABILITY LOGIC
213
3.1 Elementary arithmetic The language of arithmetic is a first order language containing binary predicate symbols = and ≤; binary function symbols + and ·; unary function symbols S and exp; and a constant 0. The standard model of arithmetic is a model with the universe N = {0, 1, 2, . . . } such that all the symbols have their usual interpretation: = is the equality relation; ≤ is the ordering relation; + and · are the addition and multiplication operations; S is the successor function S(x) = x + 1; exp is the base 2 exponentiation function exp(x) = 2x . Formulas in the above language are called arithmetical. The expressions ∀x ≤ t ϕ(x) and ∃x ≤ t ϕ(x) abbreviate the formulas ∀x (x ≤ t → ϕ(x)) and ∃x (x ≤ t ∧ ϕ(x)), respectively, where t is any term (not containing the variable x). Occurrences of quantifiers of this kind are called bounded, and ∆0 or elementary formulas are those, all of whose quantifiers are bounded. Notice that, by definition, quantifier-free formulas are elementary. Obviously, predicates definable by ∆0 -formulas in N are decidable. A rough estimate of the complexity of the evaluation procedure shows that such predicates are decidable in multi-exponential number of steps. The converse is also true (see [Cutland, 1980; Rose, 1984]). Arithmetical formulas are classified according to their logical complexity into the arithmetical hierarchy. For n ≥ 0 the classes of Σn - and Πn -formulas are inductively defined as follows. Σ0 - and Π0 -formulas are elementary formulas. Σn+1 -formulas are those of the form ∃x1 . . . ∃xm A(x1 , . . . , xm ), where A is a Πn -formula. Πn+1 -formulas are ∀x1 . . . ∀xm A(x1 , . . . , xm ), where A is a Σn -formula. From the prenex normal form theorem we know that every arithmetical formula is logically equivalent to a Σn -formula, for some n. By extension of terminology, we shall often call Σn any formula logically equivalent to a Σn -formula in the sense of our official definition. Modulo logical equivalence: 1. The classes Σn and Πn are closed under ∨, ∧. 2. A ∈ Σn ⇐⇒ ¬A ∈ Πn , and dually. 3. The class Πn is closed under the universal quantification, the class Σn is closed under the existential quantification. From the computational point of view, the most interesting class of foro¨del and Kleene that a relation mulas is Σ1 . It follows from the work of G¨ on N is definable by a Σ1 -formula iff it is recursively enumerable (r.e.). Elementary Arithmetic EA is a first order theory with equality formulated in the arithmetical language and having the following mathematical axioms: P1. ¬S(a) = 0 P2. S(a) = S(b) → a = b
214
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
P3. a + 0 = a P4. a + S(b) = S(a + b) P5. a · 0 = 0 P6. a · S(b) = a · b + a P7. exp(0) = S(0) P8. exp(S(a)) = exp(a) + exp(a) P9. a ≤ 0 ↔ a = 0 P10. a ≤ S(b) ↔ (a ≤ b ∨ a = S(b)) and the induction axiom schema for bounded formulas ϕ(x, ): (Ind)
ϕ(0, ) ∧ ∀x (ϕ(x, ) → ϕ(S(x), )) → ∀xϕ(x, ).
Peano arithmetic PA can be axiomatized over P1–P10 by the induction schema for arbitrary formulas ϕ(x, ). One also often considers intermediate fragments of arithmetic. The restriction of the induction schema to Σn formulas ϕ(x, ) over P1–P10 is denoted IΣn . See Section 10.1 for a more detailed picture of the fragments of PA. In many respects EA is as good as PA. For example, the usual coding machinery works in EA, and EA is capable to adequately formalize syntax. On the other hand, one can show that, unlike Peano arithmetic, EA is a finitely axiomatizable theory. Moreover, the arithmetical complexity of all axioms of EA is Π1 : all occurrences of universal quantifiers in the induction axioms, except for the outer ones, can be bounded. This property puts severe constraints on the strength of EA. E.g., by a version of a theorem of [Parikh, 1971], EA cannot prove the totality of any computable function ´ and Pudl´ ak, ´ that grows faster than exp(n) (x), for a fixed n (see also [Hajek 1993]). The situation is best explained in terms of the notion of provably total computable function introduced in Section 10.2. The provably total computable functions of EA are precisely those definable from the basic functions and predicates of our language and projection functions by composition and bounded recursion. Another name for this class of functions is Kalmar elementary functions (see [Rose, 1984]). These functions can be conservatively introduced as new function symbols into the language of EA, which parallels the usual process of defining primitive recursive functions in PA. Such a definitional extension respects the arithmetical hierarchy, that is, bounded formulas in the extended language can be equivalently translated into bounded formulas in the original language of EA. Thus, the classes Σn and Πn for n ≥ 0 are also preserved.
PROVABILITY LOGIC
215
3.2 Formalizing syntax By a theory we shall mean a first order theory with equality formulated in the language of EA and containing the axioms of EA. A theory T is sound if all theorems of T are true (hold in the standard model N). T is Σn -sound if all its theorems of logical complexity Σn are true. Most important for us is the formalization of the notions of proof and provability. Following G¨ o¨del and Feferman [Feferman, 1960] this is done in two stages. First, a theory is called elementary presented, if a ∆0 -formula AxT (x) is specified that is true if and only if x codes a (non-logical) axiom of T . All the usual theories such as EA or PA are elementary presented; moreover, by the so-called Craig’s trick one can show that any r.e. theory has an equivalent elementary presentation (see [Feferman, 1960]). From AxT (x) one constructs in a standard way a ∆0 proof predicate Prf T (y, x) expressing “y codes a T -proof of the formula coded by x.” The corresponding provability predicate and consistency assertion are then defined by ProvT (x) := ∃y Prf T (y, x) and Con(T ) := ¬ProvT (⊥). The formula ProvT (x) satisfies the three derivability conditions of Bernays and L¨ o¨b [Hilbert and Bernays, 1968; L¨ o¨b, 1955]: L1. T ϕ ⇐⇒ EA ProvT (ϕ) L2. EA ProvT (ϕ → ψ) → (ProvT (ϕ) → ProvT (ψ)) L3. EA ProvT (ϕ) → ProvT (ProvT (ϕ)) Property L3 is a corollary of a more general fact known as provable Σ1 completeness: PROPOSITION 16. (i) For any Σ1 -sentence σ, EA σ → ProvT (σ). (ii) For any Σ1 -formula σ(x1 , . . . , xn ) with all the free variables shown, EA σ(x1 , . . . , xn ) → ProvT (σ(x˙ 1 , . . . , x˙ n )). Here σ(x˙ 1 , . . . , x˙ k ) denotes a (Kalmar elementary) definable term for the n1 , . . . , n ¯ k ) of function that, given a tuple n1 , . . . , nk , outputs the code σ(¯ nk for variables x1 , . . . , xk the result of substitution of the numerals n ¯ 1 ,. . . ,¯ in σ. We will also refer to the following formalized version of the Deduction theorem [Feferman, 1960]. PROPOSITION 17. For any sentences ϕ and ψ, EA ProvT +ϕ (ψ) ↔ ProvT (ϕ → ψ).
216
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Here we assume that T + ϕ is elementary presented by the formula AxT +ϕ (x) := AxT (x) ∨ x = ϕ. Formalized Deduction theorem can also be formulated and proved with ϕ and ψ being free variables ranging over sentences. As a corollary of the derivability conditions one obtains the important Lob ¨ theorem [Lob, ¨ 1955]. THEOREM 18. T ProvT (ϕ) → ϕ ⇐⇒ T ϕ. In view of the formalized Deduction theorem, this statement can be viewed as a version of Godel’s ¨ second incompleteness theorem for the theory T + ¬ϕ. Vice versa, G¨¨odel’s theorem can be obtained from L¨ ob’s ¨ theorem by setting ϕ = ⊥. It does not hurt to repeat the most celebrated theorem in mathematical logic, so here it comes. THEOREM 19 (G¨ o¨del). Let T be an elementary presented theory containing EA. (i) If T is consistent, then T Con(T ). (ii) If T is Σ1 -sound, then also T ¬Con(T ).
3.3 Arithmetical interpretation and its soundness A mapping from the set of propositional letters to the set of arithmetical sentences is called an (arithmetical) realization. Let T be an elementary presented theory. A T -interpretation fT (ϕ) of a modal formula ϕ under a realization f is defined inductively as follows: 1. fT (⊥) = ⊥; fT () = ; 2. fT (p) = f (p), for any propositional letter p; 3. fT (θ → ψ) = fT (θ) → fT (ψ), 4. fT (2ψ) = ProvT (ffT (ψ)). The set of formulas {ffT (ϕ) : f a realization} will be denoted ϕT . We write U ϕT if U proves every formula from the set ϕT . If ϕ is letterless, ϕT consists of a single formula that will also be denoted ϕT . Similarly, for any set X of modal formulas, X T will denote the set of all T -interpretations of formulas from X. The three derivability conditions together with L¨ o¨b’s theorem essentially mean that GL is sound with respect to the arithmetical interpretation. PROPOSITION 20. If GL ϕ, then EA ϕT .
PROVABILITY LOGIC
217
A fundamental theorem of R. Solovay tells us that GL is also complete with respect to the arithmetical interpretation, that is, the converse implication also holds, provided theory T is Σ1 -sound. (In fact, the Solovay theorem holds under some yet weaker assumptions on soundness that will be introduced later.) Before stating this theorem we would like to discuss some applications of provability logic in arithmetic that only rely on its soundness part. The soundness of GL expressed by Proposition 20 does not seem to be a very deep result. How can it be useful at all? Modal logic provides a convenient language which, together with Kripke semantics, allows to efficiently calculate with certain kinds of arithmetical statements. This could in some sense be compared with what mathematicians do by applying a few simple rules — but sometimes in a very ingenious way — to symbolically compute, say, integrals. Our ‘numbers’ here are arithmetical sentences, and Lob’s ¨ theorem is an ‘equation’ that yields sometimes remarkable unexpected consequences. We do not pursue this line too far right now, but give a few basic examples concerning reflection principles. Deeper applications and further uses of such results will be discussed in Section 10.
4 A MODAL VIEW OF REFLECTION PRINCIPLES First we introduce a useful notion of characteristic of a theory. In some sense, this characteristic measures how close the theory is to being inconsistent. In the literature several other names have been used for it, including rank, credibility extent, and height of a theory. We stick to the present terminology because from the algebraic point of view this notion is a direct analog of the notion of characteristic of a field. The connection will be explained in Section 7.
4.1
Iterated consistency and characteristic
Let T be an elementary presented theory. Extensions of T by iterated consistency assertions are defined as follows. T0 = T,
Tn+1 = Tn + Con(T Tn ),
Tω =
n≥0
Tn .
Notice that all these theories are naturally elementary presented, too. LEMMA 21. EA Con(T Tn ) ↔ (¬2n+1 ⊥)T . Proof. By induction on n using L¨ o¨b’s derivability conditions and formalization of Deduction theorem.
218
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Con(T Tn ) is called n times iterated consistency assertion for T . Whenever the initial theory T is Σ1 -sound, the theories Tn form a strictly increasing sequence of Σ1 -sound extensions of T . However, if T is not Σ1 -sound, then it is possible that Tω is inconsistent. The characteristic ch(T ) of T is the least n ∈ ω such that Tn is inconsistent, if such an n exists, and ∞, otherwise. All Σ1 -sound theories have infinite characteristic. It is not difficult to see that the theory T + (2n ⊥)T has characteristic n + 1, if T has characteristic ∞. Inconsistent theories and only them have characteristic 0.
4.2 Local and uniform reflection Some early applications of provability logic in arithmetic concerned the study of reflection principles. Reflection principles were introduced in the 30’s as unprovable statements generalizing G¨ o¨del’s consistency assertions [Rosser, 1936; Turing, 1939]. They have later been used in proof theory for estimating the complexity of axiomatizations of formal theories [Feferman, 1960; Feferman, 1962; Kreisel and L´´evy, 1968] and for obtaining conservation results and other kinds of proof-theoretic information [Schmerl, 1979; Beklemishev, 1998b; Beklemishev, 2003a]. Mostly the uniform reflection principles have been used. Provability logic was instrumental in deepening our understanding and finding applications of the local reflection principles. The local reflection principle for T is the schema Rfn(T ) :
ProvT (ϕ) → ϕ,
for all arithmetical sentences ϕ. The uniform reflection principle is the schema RFN(T ) :
∀x1 . . . ∀xn (ProvT (ϕ(x˙ 1 , . . . , x˙ n )) → ϕ(x1 , . . . , xn )),
for all formulas ϕ(x1 , . . . , xn ). Both schemata represent different ways of expressing the soundness of T . One cannot formulate the soundness of T as a single arithmetical formula because there is no definition of truth for the whole arithmetical language in the language itself. Σn -soundness of T is expressed by restricting of these principles to formulas ϕ of complexity Σn . These restricted schemata are denoted RfnΣn (T ) and RFNΣn (T ), respectively. The corresponding schemata for the classes Πn are similarly defined. LEMMA 22. Over EA, (i) RFNΠ1 (T ) ≡ Con(T ); (ii) RFNΠn +1 (T ) ≡ RFNΣn (T ), if n ≥ 1.
PROVABILITY LOGIC
219
Proof. The inclusions from right to left in each case are clear. For the opposite inclusions reason in EA. ˙ and ¬ϕ(x), then ProvT (¬ϕ(x)), ˙ (i) Let ϕ(x) ∈ Π1 . If ProvT (ϕ(x)) ˙ ∧ ϕ(x)) ˙ and ProvT (⊥). by Σ1 -completeness. Hence, ProvT (¬ϕ(x) ˙ y)). Then, ∀y ProvT (ϕ(x, ˙ y)) ˙ (ii) Let ϕ(x, y) ∈ Σn and ProvT (∀yϕ(x, and using Σn -reflection we obtain ∀y ϕ(x, y). Restricted uniform schemata RFNΣn (T ) are finitely axiomatizable over EA, which follows immediately from the existence of partial truth-definitions. We also have the following theorem [Kreisel and L´´evy, 1968]. THEOREM 23 (Unboundedness). RfnΣn (T ) is not contained in any consistent r.e. extension of T by Πn -sentences. Proof. We only prove it for extensions of T by finitely many Πn -sentences. The general case can be reduced to the finite case by a trick, akin to Rosser’s, which we omit. Let π be a Πn -sentence such that T + π is consistent and T + π RfnΣn (T ). We have T + π ProvT (¬π) → ¬π, whence T ProvT (¬π) → ¬π, and, by L¨ o¨b’s theorem, T + π is inconsistent.
REMARK 24. A dual statement holds for RfnΠn (T ) with a similar proof. COROLLARY 25. RFNΣn (T ) is not contained in any consistent extension of T by Σn+1 -sentences. Proof. This follows from finite axiomatizability of RFNΣn (T ) and the fact that it contains RfnΠn +1 (T ), by Lemma 22.
4.3
Axiomatization results
Proofs of the results in this section are based on the following lemma from [Beklemishev, 1989a]. m LEMMA 26. GL ¬ i=1 (2pi → pi ) → 2m ⊥. Proof. Rather than exhibiting a proof of the formula above we shall argue semantically using the Kripke model characterization of GL. Consider any model K such that K 2m ⊥. Then there is a sequence of nodes in K such that r = xm+1 ≺ xm ≺ . . . ≺ x1 ,
220
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
where r is the root of K. We notice that each formula 2pi → pi can be false at no more than one node of the chain xm+1 , . . . , x1 . Therefore, by the pigeonhole principle, there must exist a node z among the m + 1 nodes xi such that m z i=1 (2pi → pi ). In case z coincides with r = xm+1 we have m K ¬ i=1 (2pi → pi ). In case z = xi for some i ≤ m, we have r ≺ z by transitivity of ≺ and thus m K 2(¬ i=1 (2pi → pi )).
This proves the claim.
As our first application we derive the following result found in [Boolos, 1979a] and [Artemov, 1979; Artemov, 1982]. For the sake of readability we write 2T ϕ instead of ProvT (ϕ). THEOREM 27. Con(T Tn ) is not derivable from any n instances of the local reflection schema for T , provided ch(T ) > n. Proof. Assume T
n
i=1 (2T ϕi
→ ϕi ) → Con(T Tn ).
Then, by Lemma 21 and contraposition n T 2n+1 ⊥ → ¬ i=1 (2T ϕi → ϕi ), T and by the derivability conditions EA 2Tn+2 ⊥ → 2T ¬
n
i=1 (2T ϕi
→ ϕi ).
By the arithmetical soundness of GL, from Lemma 26 we obtain T 2Tn+1 ⊥ → 2nT ⊥. By L¨¨ob’s theorem, T 2nT ⊥ and Tn is inconsistent.
We remark that it is not difficult to find particular n + 1 instances of the local reflection schema that imply Con(T Tn ): one can take all formulas (F Fi )T for i ≤ n. As a corollary we obtain THEOREM 28. Neither Rfn(T ), nor any of the schemas RfnΣn (T ) for n ≥ 1 is finitely axiomatizable over T , provided ch(T ) = ∞. Proof. By the previous theorem, any m instances of these schemata are Tm ) is provable in insufficient to prove the formula Con(T Tm ). However, Con(T Tω , which is already contained in T + RfnΣ1 (T ).
PROVABILITY LOGIC
4.4
221
Conservation results
Another striking property of local reflection principles is the following theorem. THEOREM 29. T together with any n instances of local reflection principle for T is Π1 -conservative over Tn . Proof. Let π ∈ Π1 and T
n
i=1 (2T ϕi
→ ϕi ) → π.
Then, by the derivability conditions, T T ¬π → T ¬
n
i=1 (2T ϕi
→ ϕi ).
From Lemma 26 we obtain T T ¬π → 2nT ⊥, whence T ¬π → 2nT ⊥, by provable Σ1 -completeness. Thus T ¬2nT ⊥ → π and Tn π. The following immediate corollary is known as Goryachev’s Theorem [Goryachev, 1986]. THEOREM 30 (Goryachev). T + Rfn(T ) and Tω prove the same Π1 -sentences. By Goryachev’s theorem all schemata RfnΣn (T ), in contrast with the uniform reflection principles, prove the same Π1 -sentences. By [Beklemishev, 1997b] an even stronger conservation result holds. THEOREM 31. Over any elementary presented theory T , (i) Rfn(T ) and RfnΣ1 (T ) prove the same boolean combinations of Σ1 sentences. (ii) For n > 1, Rfn(T ) and RfnΣn (T ) prove the same Σn -sentences. Proof. This requires a generalization of Lemma 26. Let modal formulas Qi be defined as follows: Q1 = p,
Qi+1 = Qi ∨ 2Qi ,
where p is a propositional variable. m m LEMMA 32. GL ( i=1 (2pi → pi ) → p) → ( i=1 (2Qi → Qi ) → p). A proof is rather similar to the proof of Lemma 26, so we omit it. Also notice that Lemma 26 follows from Lemma 32, if one substitutes ⊥ for p. Theorem 31 is now proved as follows. Assume m T i=1 (2T ϕi → ϕi ) → π.
222
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
By derivability conditions, m T T ( i=1 (2T ϕi → ϕi ) → π). Considering an arithmetical realization f that maps the variable p to the sentence π and pi to ϕi , by Lemma 32 we conclude that m T i=1 (2T ψi → ψi ) → π, where ψi denotes fT (Qi ). Now we observe that if π ∈ Σn for n > 1, then ψi ∈ Σn , for all i. Hence, T + RfnΣn (T ) π, which proves (ii). Let B(Σ1 ) be the set of boolean combinations of Σ1 -sentences. By a similar argument, B(Σ1 ) consequences of Rfn(T ) are contained in RfnB(Σ1 ) (T ). It is not difficult to verify using provable Σ1 -completeness that RfnB(Σ1 ) (T ) is equivalent to RfnΣ1 (T ). These conservation results have been used in [Beklemishev, 1999b] to characterize the classes of provably total computable functions of fragments of Peano arithmetic with parameter-free induction and to solve some other problems in this area. See Section 10 for more details. 5
SOLOVAY THEOREMS
A central result in provability logic is the following theorem. THEOREM 33 (Solovay). Assume ch(T ) = ∞. Then GL ϕ iff T ϕT . For the proof of this theorem R. Solovay [Solovay, 1976] invented the techniques of “embedding” Kripke models into arithmetic, which is currently known under the name Solovay construction. Variants and generalizations of this construction have been applied to obtain arithmetical completeness results for various logics with provability and interpretability semantics. We are going to describe this important construction below. Let T be an elementary presented theory and K = (K, ≺, ) a finite Kripke model. We assume without loss of generality that K = {0, . . . , n} and 0 is the root of K. An elementary function h(x) can be defined with the aid of the arithmetical fixed point theorem to satisfy the following equations provably in EA: h(0)
=
h(m + 1)
=
0;
z, h(m),
¯ if z ∈ K, h(m) ≺ z and Prf T (m, = z); otherwise.
PROVABILITY LOGIC
223
Here = z denotes the arithmetical formula ∃m ∀n > m h(n) = z and = z is ¬( = z). Formally speaking, a ∆0 -formula expressing the relation h(x) = y is defined in terms of its own Godel ¨ number (from which the G¨ odel ¨ number of = z is obtained in an elementary way). Informally, the behavior of the function h can be illustrated by the following story.9 Imagine a refugee who is admitted from one country to another only if he/she provides a proof not to stay there forever. If the refugee is also never allowed to go to one of the previously visited countries, he/she must eventually stop somewhere. So, an honest refugee will never be able to leave his/her country of origin. . . Think about h(m) = z as the statement that the refugee is in country z at the moment m. Some basic facts about the moves of the refugee are expressed by the following lemma. LEMMA 34. The following statements are provable in EA: (i) z∈K = z¯; (ii) ∀u, v ( = u ∧ = v → u = v); (iii) = z¯ → ProvT ( wz = w), ¯ if z ∈ K and z % 0; (iv) = z¯ → ¬ProvT ( = u), ¯ if z, u ∈ K and u % z. Proof. Statements (i) and (ii) follow from the fact that (provably in EA) values of h belong to K and h is weakly increasing in the sense of the ordering #. To prove (iii) we reason within EA as follows: If = z, then for some m, h(m) = z. By Σ1 -completeness, T ∃m h(m) = ¯. Since h is provably monotone, we have T ∃m∀n > ¯ m h(n) z¯ and hence T wz = w. On the other hand, if = z and z 0, then there is the least m such that h(m + 1) = z, and by the definition of h this implies T = z. ¯ ¯ Thus, we obtain T wz = w.
To prove (iv) we formalize the following argument in EA: If = z and T = u, ¯ where u z, then for a sufficiently large m ¯ But then, by the there holds ∀k ≥ m h(k) = z and Prf T (m, = u). definition of h, one has h(m + 1) = u. Since h is weakly increasing this implies = z, a contradiction.
This completes the proof of Lemma 34. 9 We
were not able to trace the origins of this story, which seems to belong to the lore of provability logic.
224
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
We call Solovay realization the following function: f (p) = = z¯. z∈K, zp
LEMMA 35. For all formulas ϕ and for all z ∈ K, z % 0, (i) If z ϕ, then EA = z¯ → fT (ϕ); (ii) If z ϕ, then EA = z¯ → ¬ffT (ϕ). Proof. Statements (i) and (ii) are proved simultaneously by induction on ϕ. We consider the most important case when ϕ has the form 2ψ. (i) If z 2ψ, then ∀u % z u ψ. Hence, by the induction hypothesis, ¯ → fT (ψ). EA uz = u Using Lemma 34 (iii) we then obtain ¯) EA = z¯ → ProvT ( uz = u → ProvT (ffT (ψ)) →
fT (2ψ).
(ii) If z 2ψ, then ∃u % z u ψ. By the induction hypothesis EA = u ¯ → ¬ffT (ψ), whence ¯ → ¬ProvT (ffT (ψ)). EA ¬ProvT ( = u) Using Lemma 34 (iv) we obtain EA = z¯ →
¬ProvT ( = u) ¯
→ ¬ProvT (ffT (ψ)) → ¬ffT (2ψ). Proof of Theorem 33. If GL ϕ, then there is a finite Kripke model K0 such that K0 ϕ. We may assume that K0 = {1, . . . , n} and 1 is the root of K0 . We extend K0 by a new node 0 stipulating K = K0 ∪ {0} and 0 ≺ z, for all z ∈ K0 . The forcing of propositional variables is defined at 0 arbitrarily. Applying Solovay construction to K yields an arithmetical realization f for which EA = 1 → ¬ffT (ϕ). If T fT (ϕ) we then would have T = 1. By Lemma 34 (iv) this implies = 0, so = z¯ is true, for some z ∈ K0 . For n = d(z) we have z 2n+1 ⊥ and therefore EA = z¯ → (2n+1 ⊥)T . Hence, (2n+1 ⊥)T is true, that is ch(T ) ≤ n, a contradiction.
PROVABILITY LOGIC
225
Solovay’s theorem characterizes modal schemata provable in a theory T . What about the modal schemata true in the standard model of arithmetic? The answer is provided by so-called second Solovay theorem and the logic S. The system S is defined as the closure of GL together with the (modal) reflection axiom 2ϕ → ϕ under modus ponens. Necessitation rule is not admissible in S because one can easily derive a contradiction from L¨o¨b’s axiom and the necessitated reflection axiom: 2⊥ → ⊥, 2(2⊥ → ⊥), 2⊥, ⊥. Let S(ϕ) denote the following modal formula: n i=1 (2ϕi → ϕi ), where 2ϕ1 , . . . , 2ϕn enumerate all subformulas of ϕ of the form 2ψ. A node x in a model K is called ϕ-reflexive, if x S(ϕ). THEOREM 36 (Solovay, II). Let T be a sound theory. The following statements are equivalent: (i) S ϕ; (ii) GL S(ϕ) → ϕ; (iii) N ϕT . Proof. Implication (ii)⇒(i) is obvious. (i)⇒(iii) follows at once from the soundness of T . We prove (iii)⇒(ii) by contraposition. Assume GL S(ϕ) → ϕ. Then there is a finite model K with K = {0, . . . , n} and the root 0 such that K S(ϕ) and K ϕ. Apply the Solovay construction to K. Lemmas 34, 35 obviously carry through. In addition we have LEMMA 37. For any subformula ψ of the formula ϕ there holds: (i) If 0 ψ, then EA = 0 → fT (ψ); (ii) If 0 ψ, then EA = 0 → ¬ffT (ψ). Proof. We argue by induction on ψ. Statement (ii) is proved similarly to Lemma 35 (ii). For the proof of (i) notice that if ψ has the form 2θ and 0 ψ, then ∀x ∈ K x θ, by the ϕ-reflexivity of the node 0. Hence, by the induction hypothesis and Lemma 35 (i),
¯ → fT (θ). EA u∈K = u By Lemma 34 (i), EA fT (θ) and therefore EA = 0 → ProvT (ffT (θ)).
226
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
From this lemma we conclude that EA = 0 → ¬ffT (ϕ). Since T is sound, = 0 holds in the standard model (an honest refugee does not leave the country of origin). Therefore fT (ϕ) is false, a contradiction. COROLLARY 38. S is decidable. 6
CLASSIFICATION OF PROVABILITY LOGICS
6.1 Provability logics relative to a theory Provability logic aims at describing valid laws of provability in a given system T . However, Godel’s ¨ incompleteness theorems put a significant constraint: the answer to such a question is not unique. In general, one should distinguish between the theory T under study and the metatheory U , in which one reasons about the properties of T . Different metatheories verify different properties of T . Perhaps, the most natural choice of U is the true arithmetic TA, which is axiomatized by the set of all sentences true in the standard model N. Other possible choices are: T itself, EA, PA, etc. This naturally leads to the notion of provability logic of a theory T relative to a metatheory U that was suggested independently by S.N. Art¨emov [Artemov, 1980] and A. Visser [Visser, 1981]. Let U be an arbitrary theory containing EA (not necessarily elementary presented or even r.e.) and let T be an elementary presented theory. The provability logic of T relative to U is the set PLT (U ) of all modal formulas ϕ such that U ϕT . Intuitively, PLT (U ) axiomatizes those principles of provability in T that can be verified by means of U . PLT (T ) is sometimes called the provability logic of T , and PLT (TA) is called the truth provability logic of T . Solovay’s theorems can be restated as saying that, if T is a sound theory, then PLT (T ) = GL and PLT (TA) = S. In general, PLT (U ) is a (not necessarily normal) modal logic extending GL, for it is closed under modus ponens and substitution rules. A modal logic L is called a provability logic if L = PLT (U ) for some T and U . A somewhat older term for the same notion, introduced by S.N. Art¨emov [Artemov, 1980], is arithmetically complete modal logic. We explain this terminology in the following paragraph.
6.2 Inference by arithmetical interpretation Arithmetical interpretation w.r.t. a theory T induces a natural consequence relation on the set of modal formulas. Let Γ be a set of modal formulas.
PROVABILITY LOGIC
227
Write Γ ∗T ϕ if EA + ΓT ϕT , that is, if every T -interpretation of ϕ follows from T -interpretations of formulas from Γ. Notice that Γ ∗T is closed under modus ponens and substitution, but, in general, not under the necessitation rule. By Solovay’s first theorem, ∅ ∗T ϕ iff GL ϕ, and by Solovay’s second theorem {2p → p} ∗T ϕ ⇐⇒ S ϕ ⇐⇒ {2p → p} GL,sub ϕ. Here the relation Γ GL,sub ϕ means that ϕ follows from Γ and axioms of GL by modus ponens and substitution rules. Later we will see that the arithmetical consequence relation ∗T is, in general, much stronger than GL,sub . A logic L is called T -complete, if it is closed under ∗T : L ∗T ϕ ⇐⇒ L ϕ, for all formulas ϕ. The T -completion [L]T of L is the minimal T -complete logic containing L. The following proposition shows that T -complete logics are precisely the provability logics for T . PROPOSITION 39. L is T -complete iff L = PLT (U ) for some U . Proof. It is easy to see that logics of the form PLT (U ) are T -complete. Conversely, if L is T -complete, then L = PLT (EA + LT ).
6.3 Classification theorem One of the early questions in the field of provability logic was the so-called classification problem, that is, the problem of characterizing all possible provability logics within the lattice of extensions of GL. By Proposition 39 this problem is equivalent to the question of characterizing the arithmetical consequence relation ∗T . The solution to this problem is the outcome of the work of several authors: S.N. Art¨emov [Artemov, 1980; Artemov, 1985b], A. Visser [Visser, 1981; Visser, 1984], G. Japaridze [Japaridze, 1986], L.D. Beklemishev [Beklemishev, 1989a]. For a set of modal formulas X, let LX denote the closure of X and all theorems of a logic L under modus ponens and substitution rules. S.N. Art¨emov [Artemov, 1980] showed that any logic of the form GLX, where X is a set of letterless formulas, is a provability logic. In [Artemov, 1985b] he showed that such extensions are exhausted by the following two specific families of logics: Fn : n ∈ α}, GL− Fn }, GLα = GL{F β = GL{ n∈ β ¬F where α, β ⊆ ω and β is cofinite.
228
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
The families GLα and GL− β are ordered by inclusion precisely as their − indices, and GLα is included in GL− α for cofinite α. The logics GLβ are not contained in S and therefore correspond to unsound metatheories U , if T is sound. A. Visser [Visser, 1984] showed that GL− β are the only provability logics not contained in S. S.N. Art¨emov [Artemov, 1985b] reduced the classification problem to the interval between GLω and S. G. Japaridze [Japaridze, 1986; Japaridze, 1988] found a new provability logic D within this interval: D = GL{¬2⊥, 2(2ϕ ∨ 2ψ) → (2ϕ ∨ 2ψ)}. He showed that D = PLPA (PA + ω-Con(PA)), where ω-Con(PA) denotes a formalization of ω-consistency of Peano arithmetic. As the final step, L.D. Beklemishev [Beklemishev, 1989a] showed that D is the only provability logic within the interval between GLω and S. This completed the classification of provability logics. We denote Sβ = S ∩ GL− β, [ Dβ = D ∩ GL− and formulate the resulting Classification theorem Beklemβ ishev, 1989a]. THEOREM 40 (Classification theorem). The provability logics are exhausted by the four families: GLα , GL− β , Sβ and Dβ , for α, β ⊆ ω, β cofinite. Each of these logics is T -complete for any elementary presented theory T of infinite characteristic. L.D. Beklemishev [Beklemishev, 1989a] also characterized all possible truth provability logics. COROLLARY 41. The truth provability logics are precisely the following ones: Fn }, n ∈ ω. S, D, GLω , and GL{¬F Moreover, for any elementary presented theory T , (i) PLT (TA) = S iff T is sound; (ii) PLT (TA) = D iff T is Σ1 -sound but not sound; (iii) PLT (TA) = GLω iff T is not Σ1 -sound but ch(T ) = ∞; Fn } iff ch(T ) = n (for n < ∞). (iv) PLT (TA) = GL{¬F Proof. If ch(T ) = n < ω, then formula (¬F Fn )T is true, hence PLT (TA) ⊇ Fn } is a maximal logic among consistent provability GL{¬F Fn }. But GL{¬F Fn }. If ch(T ) = ∞, then all formulas FnT logics, so PLT (TA) = GL{¬F are true, therefore PLT (TA) ⊇ GLω . By Classification theorem, there are only three consistent provability logics containing GLω : GLω , D or S. If T is Σ1 -sound, clearly PLT (TA) ⊇ D. Corollary 52 (i) below implies that EA + DT RfnΣ1 (T ), hence PLT (TA) ⊇ D if and only if T is Σ1 -sound. Together with the obvious (i) this proves (ii) and (iii).
PROVABILITY LOGIC
229
For the sake of completeness we also formulate a rudimentary variant of the Classification theorem for theories T of finite characteristic. This incorporates a result of A. Visser [Visser, 1981; Visser, 1984] describing the set of provability logics of the form PLT (T ), for such theories T . COROLLARY 42. Let ch(T ) = n < ∞. Then PLT (EA) PLT (T )
= GL{2n+1 ⊥}, = GL{2n ⊥},
and T -complete logics are precisely the logics GL− α for ω \ α ⊆ {0, . . . , n}. This statement easily follows from the Classification theorem and Statement (iv) of the previous corollary. Finally, we mention an important corollary of the proof of the Classification theorem that will be discussed below. COROLLARY 43. The consequence relation Γ ∗T ϕ, as a relation between a finite set of formulas Γ and a formula ϕ, is decidable. Moreover, for any such Γ one can effectively find a formula Γ∗ such that for any ϕ, Γ ∗T ϕ ⇐⇒ Γ∗ GL,sub ϕ.
As such a formula Γ∗ one can take the axiom of the logic [Γ]T that happens to be finitely axiomatizable for finite Γ. REMARK 44. The relation Γ GL,sub ϕ is undecidable. This follows from the existence of a finitely axiomatizable undecidable logic extending GL (see [Chagrov et al., 2001]). From the Classification theorem we conclude that all finitely axiomatizable provability logics are decidable.
6.4 Proof of the Classification theorem A full proof of the Classification theorem would exceed the limits of this survey, so we shall skip some more technical parts. The missing details can be found in the dissertation of the second author translated by AMS in [Beklemishev et al., 1999]. The proof roughly falls into three main steps, which use different techniques and ideas. Step 1 is the techniques of traces developed by S.N. Art¨emov, which allows to reduce the Classification problem to the interval of logics between GLω and S. Step 2 is the result that there are no provability logics between D and S, which is mostly based on Kripke models for D and their characteristic formulas. Finally, Step 3 is the fact that there are no provability logics between GLω and D, which is based on a modification of the Solovay construction.
230
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Classification by traces Recall the definition of trace of a formula from Section 2.7. The trace tr(L) of a modal logic L extending GL is the union of traces of all theorems of L. It is not difficult to see that tr(GLα ) = tr(GL− α ) = α and tr(S) = tr(D) = ω. LEMMA 45. If α is coinfinite, then GLα is the strongest logic with trace α. If α is cofinite, then the strongest logic with trace α is GL− α. Proof. Let L be a logic, tr(L) = α, and α coinfinite. If L ϕ, then tr(ϕ) ⊆ α, and therefore, by Lemma 12, tr(ϕ) is finite. By Lemma 13, → ϕ, GL F n n∈tr(ϕ) whence GLα ϕ. So we have proved that L ⊆ GLα . − Now assume that α is cofinite. Then L ⊆ GLα because by Lemma 13 the Fn , whose trace is α, implies all theorems of L. letterless formula n∈ α ¬F Now we show that, if α ⊆ ω is coinfinite, then the only provability logic with trace α is GLα . If, on the other hand, α is cofinite, then any provability logic with trace α either coincides with GL− α , or is contained in the interval between GLα and Sα . These results are based on the following lemma. LEMMA 46. Let T be an elementary presented theory and ϕ a modal formula. If n ∈ tr(ϕ), then there exists a realization f such that EA fT (ϕ) → (F Fn )T . Proof. This lemma is a direct application of the Solovay construction. Let n ∈ tr(ϕ) and K0 be a model of height n falsifying ϕ, where K0 = {1, . . . , m} and 1 is the root of K0 . As in the proof of Solovay’s theorem, attach a new root 0 to K0 . Obviously, in the new model K the node 1 is the only node of depth n, d(0) = n + 1, and 1 ϕ. Apply the Solovay construction to K and let f be the corresponding realization. By Lemma 35, EA = 1 → ¬ffT (ϕ). Since 1 is the only node of depth n, it is not difficult to see that EA (¬F Fn )T → = 1, which proves the lemma.
From this lemma we obtain the following corollaries. COROLLARY 47. If L is a provability logic and n ∈ tr(L), then L Fn . COROLLARY 48. If L is a provability logic, tr(L) = α, and α is coinfinite, then L = GLα .
PROVABILITY LOGIC
231
Proof. L ⊆ GLα , by Lemma 45; GLα ⊆ L, by Corollary 47.
In a similar manner the following result is obtained. LEMMA 49. Let L be a provability logic such that L ⊆ S. Then tr(L) = α is cofinite and L = GL− α. Proof. Let α = tr(L). If α is coinfinite, then GLα is the strongest logic with trace α. But GLα ⊆ S, therefore L ⊆ S. Hence, α is cofinite and L ⊆ GL− α. Let us prove that L ⊇ GL− α . Since L ⊆ S, there is a formula ϕ such that L ϕ, but S ϕ. Clearly, in this case GL S(ϕ) → ϕ, hence there is a model K with a root 0 such that 0 ϕ and the node 0 is ϕ-reflexive. Set Fn . ψ =ϕ∧ n
By Corollary 47, L ψ. Apply Solovay’s construction to the model K and let f be the corresponding realization. From the properties of the Solovay realization it is possible to conclude that T ¬F F . (1) EA fT (ψ) → k k∈ α Now assume that L = PLT (U ), for some theories T and U . Since L ψ, for any realization f we have U fT (ψ). In particular, this holds for the Solovay realization. Then, by (1), we obtain T ¬F F , U k k∈ α whence L
k∈ α
¬F Fk .
COROLLARY 50. Any consistent provability logic L of trace ω satisfies GLω ⊆ L ⊆ S. Finally, we reduce the classification problem to the interval between GLω and S. Notice that the intersection of any two T -complete logics L1 ∩ L2 is T -complete. Moreover, if tr(L) = ω, then tr(L ∩ GL− α ) = α. So, the function ηα : L &−→ L ∩ GL− α maps provability logics of trace ω to those of (cofinite) trace α. It turns out that ηα is a bijection. The inverse mapping is given by the formula Fn : n ∈ α}. ξα : L &−→ L{F The fact that ηα and ξα are mutually inverse can be inferred from Corollary 47 and Lemma 45. Together with Corollary 50 this implies that we only have to describe the provability logics in the interval between GLω and S.
232
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Logics between GLω and D We formulate the main lemma and its corollary right away. LEMMA 51. Let T be an elementary presented theory and GLω ϕ. Then for any arithmetical Σ1 -sentence σ there is a realization f such that EA + {¬2n ⊥ : n ∈ ω}T + fT (ϕ) ProvT (σ) → σ. COROLLARY 52. If GLω ϕ, then (i) EA + {¬2n ⊥ : n ∈ ω}T + ϕT RfnΣ1 (T ); (ii) GLω {ϕ} ∗T D. Proof. Statement (i) is just a weakening of Lemma 51; (ii) follows from (i) because arithmetical interpretations of the axioms of D are instances of local Σ1 -reflection principle. Proof of Lemma 51. We apply a modification of the Solovay construction. Assume GLω ϕ. Then, by Lemma 26, GL 3S(ϕ) → ϕ. Hence, there is a model K0 with K0 = {1, . . . , k} and the root 1 such that there is a ϕ-reflexive node r % 1 and K0 ϕ. As usual, consider a model K obtained by adding to K0 a new root 0. Let σ be an arbitrary Σ1 -sentence. We may assume that σ has the form ∃xσ0 (x), where σ0 is a ∆0 -formula. Define an elementary function h as follows: h(0) h(m + 1)
= =
0; ⎧ ⎪ ⎨z, ⎪ ⎩otherwise
¯ z % h(m) and z = r; if Prf T (m, = z), r, if h(m) = 1 and ∃x ≤ m σ0 (x); h(m), otherwise.
Here = z denotes, as usual, the formula expressing limm→∞ h(m) = z. Informally speaking, among various countries visited by the refugee there is now a dangerous one, designated by node 1 and a friendly one, designated by node r. If the alarm rings (∃x ≤ m σ0 (x) is true) while the refugee resides the dangerous country, he/she has to leave immediately. In this case the refugee goes directly to the friendly country r. In all other cases he/she behaves as in the original Solovay construction. We define a realization f as before: = z¯. f (p) = z∈K, zp
PROVABILITY LOGIC
233
LEMMA 53. For all z ∈ K, z % 0, and all subformulas ψ of the formula ϕ there holds: (i) If z ψ, then EA = z¯ → fT (ψ); (ii) If z ψ, then EA = z¯ → ¬ffT (ψ). Proof. This lemma is proved very similarly to Lemma 35 by induction on ψ. We essentially rely on the fact that in the case of emergency the refugee jumps to a ϕ-reflexive node. Let ψ = 2θ. (i) If z 2θ and z = r, reason as in Lemma 35. If z = r, we have ∀u % z u θ, but also z θ by ϕ-reflexivity of r. Hence, by induction hypothesis, ¯) → fT (θ) EA ( ur = u and
¯) → ProvT (ffT (θ)). EA ProvT ( ur = u
Therefore, by the provable monotonicity of h, ¯) EA = r¯ → ProvT ( ur = u → fT (2θ). (ii) If z 2θ, then there is a node u % z such that u θ. Pick a maximal such node. We claim that u = r. Indeed, by maximality, u θ and ∀w % u w θ. Hence u 2θ, and thus u cannot be a ϕ-reflexive node, whereas the node r is ϕ-reflexive. By the induction hypothesis, we have EA = u ¯ → ¬ffT (θ), whence EA = z¯ →
¬Prov( = u) ¯
→ ¬ProvT (ffT (θ)) → ¬ffT (2θ), as in the proof of Lemma 35. LEMMA 54. EA + {¬2n ⊥ : n ∈ ω}T proves the following statements: (i) ∈ {0, 1, r}; (ii) ProvT (σ) ∧ ¬σ → = 1.
234
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. (i) On the set of nodes K \ {0, 1, r} the function h behaves exactly as the Solovay function. In particular, for any z ∈ {0, 1, r} we have EA = z¯ → (2d(z)+1 ⊥)T , which can be proved by induction on the depth of z. It follows that for n > h(K) EA (¬2n ⊥)T → = z¯ z∈{ 0,1,r}
→
∈ {0, 1, r}.
(ii) First of all, we notice that EA σ → = 1, because if the alarm rings while the refugee resides in 1, he/she is forced to leave. This yields EA ProvT (σ)
→ ProvT ( = 1) → = 0.
It is also obvious that EA ¬σ → = r, because the only way for a refugee to get to the node r is by jumping from 1 when the alarm rings. Summing this up with Statement (i) we obtain EA + {¬2n ⊥ : n ∈ ω}T ProvT (σ) ∧ ¬σ → = 1,
as required. We finish the proof of Lemma 51 as follows. By Lemma 53, EA = 1 → ¬ffT (ϕ), and combining this with Lemma 54 (ii) we obtain EA + {¬2n ⊥ : n ∈ ω}T ProvT (σ) ∧ ¬σ → ¬ffT (ϕ). So, by propositional logic, EA + {¬2n ⊥ : n ∈ ω}T + fT (ϕ) ProvT (σ) → σ, as required.
COROLLARY 55. There are no provability logics strictly between GLω and D.
PROVABILITY LOGIC
235
Logics between D and S The weight of the arithmetical component in this part of the proof is relatively low. Analysis of Kripke models for the logics D [Beklemishev, 1989b] and S [Visser, 1984] and their characteristic formulas yields the following property whose proof can be found in [Beklemishev et al., 1999]. LEMMA 56. Let ϕ be a modal formula such that D ϕ. Then there is a formula ψ such that Var(ψ) = Var(ϕ), S ψ and D{ϕ} ψ ∨ (2p → p), where p ∈ Var(ϕ). From this lemma we infer LEMMA 57. Let T be an elementary presented theory and ϕ a modal formula such that D ϕ. Then D{ϕ} ∗T 2p → p. Proof. For a given ϕ apply Lemma 56 and obtain a formula ψ. Consider the T -completion L = [D{ψ}]T of the logic D{ψ}. By Lemma 49, since S ψ, Lcoincides with GL− β for some cofinite β ⊆ ω. Let F denote the ¬F F . Obviously, L F and therefore D{ψ} ∗T F . But we formula n∈ n β also have D ¬F because D contains GLω , hence D{ψ} ∗T ⊥. Now using the fact that p ∈ Var(ψ) we conclude that D{ψ ∨ (2p → p)} ∗T 2p → p. Thus, D{ϕ} ∗T 2p → p, as required.
COROLLARY 58. There are no provability logics strictly between D and S.
6.5 Examples and discussion So far we have excluded all non-provability logics, but we have not yet shown that the remaining ones — GLα , GL− β , Sβ , and Dβ — are arithmetically complete. However, having done all the technical work in the previous section, this is now easy. The fact that logics of the form GLα and GL− β (α coinfinite, β cofinite) are T -complete for any T of infinite characteristic follows from Lemma 45. Indeed, any of these logics L is maximal among consistent provability logics, therefore [L]T = L. We need two more examples. Tω ) = GLω , if T has infinite characteristic. EXAMPLE 59. PLT (T Proof. The containment (⊇) is clear. If PLT (T Tω ) = GLω , then PLT (T Tω ) ⊇ D and hence Tω DT RfnΣ1 (T ), by Corollary 52. However, by Theorem 23, RfnΣ1 (T ) is not contained in any consistent r.e. extension of T by Π1 -sentences, in particular, in Tω if ch(T ) = ∞.
236
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
EXAMPLE 60. PLT (T + RfnΣ1 (T )) = D, if T has infinite characteristic. Proof. (⊇) is easy. Inequality would imply PLT (T + RfnΣ1 (T )) ⊇ S and hence T + RfnΣ1 (T ) Rfn(T ). If ch(T ) = ∞, then T + RfnΣ1 (T ) is a consistent (by Corollary 30) r.e. extension of T of complexity Π2 . Hence, by Theorem 23, it cannot contain Rfn(T ). Since the class of T -complete logics is closed under intersection, we conclude that all logics GLα , GL− β , Sβ , and Dβ are T -complete, for any T of infinite characteristic. The Classification theorem shows that the provability logic PLT (U ) is essentially determined by the amount of reflection for T that is provable in U . To find out, given T and U , how much reflection for T is provable in U can be rather difficult. However, this question for many natural pairs of theories has already been investigated using traditional proof-theoretic methods (see Section 10 for more examples and applications of such results). EXAMPLE 61. PLEA (PA) = PLIΣn (PA) = S. Proof. By a well-known theorem of G. Kreisel and A. L´evy [Kreisel and L´´evy, 1968], PA RFN(IΣn ). Classification theorem then leaves only one possibility. EXAMPLE 62. PLIΣm (IΣn ) = D, for m < n. Proof. A theorem of D. Leivant [Leivant, 1983; Hajek ´ and Pudl´ ak, ´ 1993] states that for all n ≥ 1, IΣn+1 RFNΣn +2 (IΣn ). On the other hand, IΣn+1 Rfn(IΣn ), because IΣn+1 is a finitely axiomatizable extension of IΣn .
EXAMPLE 63. PLPA (PA + Con(ZF )) = PLIΣ1 (IΣ1 + Con(PA)) = GLω . Proof. Obviously, if an elementary presented theory U contains the local Σ1 -reflection schema for T , then T + Con(U ) ⊇ Tω . Yet, a consistent theory T + Con(U ) cannot prove RfnΣ1 (T ) because Con(U ) is Π1 . So, PLT (T + Con(U )) = D and has to coincide with GLω .
PROVABILITY LOGIC
237
7 PROVABILITY ALGEBRAS Provability algebras were introduced by R. Magari [Magari, 1975a; Magari, 1975b] as an alternative way of looking at provability logic.10 Some (though not all) of the results in provability logic can be translated from the logical language to the algebraic language and vice versa. Very often the choice of language is more or less a matter of taste. However, there are some advantages to the algebraic point of view: firstly, it is closer to the way of looking at things in mathematics, it emphasizes the underlying structures and thus helps to formulate proper analogies and questions to be answered. Secondly, this approach is very flexible. It allows to naturally incorporate certain additional features of arithmetical theories that are, in particular, necessary for further applications in proof theory. This section is mostly written for logically and proof-theoretically, rather than algebraically, minded readers. So, we do not presume much knowledge of universal algebra and try to be somewhat economical with the use of algebraic terminology.
7.1 Lindenbaum algebras Let an elementary presented theory T containing EA be given. The Lindenbaum boolean algebra of T , denoted BT , has as its universe the set of all T -sentences modulo the equivalence relation ϕ ∼T ψ ⇐⇒ T ϕ ↔ ψ. Officially we denote by [ϕ]T the equivalence class {ψ : ψ ∼T ϕ} of ϕ, but in practice we shall often identify the equivalence classes and formulas. The implication → induces an operation on the set of equivalence classes: [ϕ]T → [ψ]T = [ϕ → ψ]T . Together with obviously defined constants ⊥ and it gives the set BT a structure of a boolean algebra (BT , →, ⊥, ). As before, we regard ∧, ∨, ¬, ↔ as defined operations. The relation [ϕ]T ≤ [ψ]T ⇐⇒ [ϕ]T → [ψ]T = ⇐⇒ T ϕ → ψ is the standard partial ordering on BT . The structure BT provides an algebraic view of some proof-theoretic objects: schemata over T correspond to subsets of BT ; extra-logical inference 10 R. Magari used the term ‘diagonalizable algebras’. Later the term ‘Magari algebras’ has been used on a par with the original one. This latter was officialised at a gathering of provability logicians at the Magari memorial conference in Siena in 1994. In this paper we have a need in two terms: the one for the Lindenbaum algebra associated with a formal theory T equipped with the operator of provability, which we call the provability algebra of T , and another for the more general algebras satisfying the same identities, which we call Magari algebras. Thus, provability algebras are a particular kind of Magari algebras naturally associated with arithmetical theories.
238
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
rules correspond to operators acting on BT ; deductively closed sets of formulas, usually called extensions of T , correspond to filters of BT , that is, subsets of BT upwards closed w.r.t. ≤ and closed under ∧. If U is an extension of T , then BU can be identified with the corresponding quotient algebra of BT .11 The notion of Lindenbaum algebra makes sense for any formal system containing propositional logic. If T is a consistent elementary presented extension of EA, the boolean algebra BT turns out to be uniquely defined and well understood. PROPOSITION 64. If T is consistent and contains EA, BT is a countable dense boolean algebra. Proof. Countability of BT is clear, since we assume that the language of T is countable. Density means that if ϕ < ψ in BT , then there is a θ such that ϕ < θ < ψ. Consider a theory T1 = T + ψ + ¬ϕ. Since T ψ → ϕ, T1 is consistent. So, by Rosser’s theorem, there is a sentence ρ such that both T1 + ρ and T1 + ¬ρ are consistent. Take θ = (ρ ∧ ψ) ∨ ϕ. Obviously, ϕ ≤ θ ≤ ψ. On the other hand, if T θ → ϕ, then T1 ¬ρ. If T ψ → θ, then T1 ρ. Both statements contradict the choice of ρ. We mention without proof the following simple fact from basic boolean algebra theory (see also [Goncharov, 1997] for an in-depth monograph on countable boolean algebras). PROPOSITION 65. Any two countable dense boolean algebras are isomorphic. So, the Lindenbaum algebras of all interesting theories, such as PA, EA, ZF, etc., are isomorphic. Moreover, by [Pour-El and Kripke, 1967] they are even recursively isomorphic, considered as numerated structures. This indicates that the structure of the Lindenbaum boolean algebra is too poor to capture essential proof-theoretic information on any particular system. We want to enrich this structure.
7.2 Provability algebras The provability predicate ProvT (x), by L¨ o¨b’s derivability conditions, correctly defines an operator 2T : [ϕ]T &−→ [ProvT (ϕ)]T acting on the Lindenbaum algebra BT . Indeed, if T ϕ ↔ ψ, then T ProvT (ϕ) ↔ ProvT (ψ). The enriched structure MT = (BT , 2T ) is called the provability algebra of T . 11 See
Section 7.4 below for a definition of a quotient algebra.
PROVABILITY LOGIC
239
One of the first questions one usually asks about a newly defined algebra A is: what identities does it satisfy? Recall that an identity of A is a valid in A formula of the form ∀x (t1 (x) = t2 (x)), where t1 , t2 are terms in the language of A. Terms in the language of provability algebras are built up from variables and , ⊥ by the operations →, 2 and can be identified with propositional modal formulas. From now on we shall denote provability algebra terms and propositional formulas by the same letters ϕ, ψ, etc. Any equation in a boolean algebra can be written in a simplified form, where the second term is just a constant: A ϕ1 = ϕ2 ⇐⇒ A (ϕ1 ↔ ϕ2 ) = . The following proposition shows that such simplified identities of MT are described by the provability logic of T . PROPOSITION 66. For any modal formula/term ϕ( p ), ∀ p (ϕ( p ) = ) ⇐⇒ ϕ ∈ PLT (T ). MT ∀ Proof. Obviously, MT ∀ ∀ p (ϕ( p ) = ) iff fT (ϕ) is provable in T , for every arithmetical realization f . Solovay’s first completeness theorem now translates to the following COROLLARY 67. If ch(T ) = ∞, then for any modal formula/term ϕ( p ), ∀ p (ϕ( p ) = ). GL ϕ( p ) ⇐⇒ MT ∀
7.3 Magari algebras and duality R. Magari introduced a general notion of algebra satisfying all the identities of provability algebras. A Magari algebra M is a boolean algebra equipped with an additional operator 2 satisfying the identities: (i) 2(ϕ → ψ) → (2ϕ → 2ψ) = ; (ii) 2(2ϕ → ϕ) → 2ϕ = ; (iii) 2 = . It is easy to verify that any theorem ϕ( p ) of GL represents an identity ϕ( p ) = that holds in all Magari algebras. Identity (iii) ensures the p ) = holds in all closure under the necessitation rule. Vice versa, if ϕ( Magari algebras, in particular, it must hold in MPA , therefore GL ϕ.
240
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Natural Magari algebras can be constructed from Kripke frames for GL. Consider a frame K = (K, ≺) and let M be the algebra of all subsets of K with the standard boolean operations and the following operation 2: for any X ⊆ K, 2X := {x ∈ K : ∀y ∈ K (x ≺ y ⇒ y ∈ X)}. Then it is easy to verify that M is a Magari algebra satisfying those identities ϕ( p ) = such that K ϕ( p ). This method is especially useful for constructing finite Magari algebras. For example, from the finite model property for GL (Corollary 4) we obtain the corresponding finite model property for Magari algebras. PROPOSITION 68. If an identity holds in every finite Magari algebra, then it holds in all Magari algebras. A natural generalization of the above construction and its inverse lead to the Stone duality theory for Magari algebras. It is not our intention here to go into this topic. See [Magari, 1975b] and [Bull and Segerberg, 2001; van Benthem, 2001] for the details.
7.4 Subalgebras, filters, free algebras Here we describe the method of constructing Magari algebras as quotient algebras of free algebras. First, we recall some standard terminology applicable to Magari algebras. A homomorphism between Magari algebras A and B is a mapping f : A → B preserving all the operations, that is, • f () = , f (⊥) = ⊥; • f (ϕ → ψ) = (f (ϕ) → f (ψ)); • f (2ϕ) = 2(f (ϕ)). An embedding is a one-to-one homomorphism; an epimorphism is an onto homomorphism. An isomorphism is both an embedding and an epimorphism. Let a subset X of a Magari algebra A be given. X generates a subalgebra X of A, that is, the smallest subset of A containing X ∪ {, ⊥} and closed under all functions of A. It can also be described as the set of values of all terms in the language of A on arguments coming from X. We say that X generates A if X = A. Among various subalgebras of A there always is the minimal one, ∅, which is called the prime subalgebra of A. A filter P of (the boolean part of) a Magari algebra A is called a 2filter, if x ∈ P implies 2x ∈ P , for all x ∈ A. If P is a 2-filter, then the corresponding quotient algebra A/P is defined as the set of equivalence
PROVABILITY LOGIC
241
classes of A modulo the relation x ∼P y ⇐⇒ (x ↔ y) ∈ P , with the inherited operations , ⊥, → and 2. Clearly, A/P will also be a Magari algebra. The mapping πP : x &→ [x]P is called the canonical epimorphism from A to A/P . Every Magari algebra generated by X is isomorphic to a suitable quotient algebra of a free algebra on X. The latter is defined as follows. Let X be a set of propositional variables, and let L(X) be the language of GL with the variables from X. Provable equivalence in GL induces an equivalence relation on the set of L(X)-formulas, and the resulting Lindenbaum algebra obviously bears the structure of a Magari algebra: 2([ϕ]GL ) := [2ϕ]GL . We call this algebra free and denote it by Fr(X). Fr(n) and Fr(ω) denote, respectively, free Magari algebras Fr(X) for X = {p0 , . . . , pn−1 } and X = {pi : i ∈ ω}. Fr(0) is the Lindenbaum algebra of the letterless fragment of GL. Notice that 2-filters on Fr(X) can be identified with propositional modal theories containing GL, that is, with sets of modal formulas containing all theorems of GL and closed under the modus ponens and necessitation rules. The rule of substitution is generally not admissible (otherwise a logician would speak about a propositional logic, not a theory). In other words, in this situation the elements of X are treated as propositional constants, not as variables. Thus, the quotient algebra of Fr(X) w.r.t. a 2-filter P is just the Lindenbaum Magari algebra of the propositional theory axiomatized by formulas from P over GL. If A is generated by X, then there is a natural epimorphism π : Fr(X) → A which maps every formula from Fr(X) to the value of the corresponding term in A. Then A will be isomorphic to the quotient algebra Fr(X)/P Pπ , where Pπ = {ϕ : A π(ϕ) = }. We formulate this simple but important fact as a separate proposition. PROPOSITION 69. Every Magari algebra A generated by X is isomorphic to the quotient algebra Fr(X)/P for a suitable 2-filter P . Equivalently, it is isomorphic to the Lindenbaum Magari algebra of a propositional modal theory P in L(X). In this sense, speaking about Magari algebras is equivalent to speaking about propositional theories. It is important to realize, however, that provability algebras coming from arithmetic lack natural systems of generators. The only such system we can think of is just the set of all arithmetical sentences. Thus, a transparent description of provability algebras as the quotient algebras of free algebras is missing.
242
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
7.5 Subalgebras of free algebras It is well known that any subgroup of a free group is free. Does the same fact hold for Magari algebras? The answer is a definite NO. How can we characterize such structures? Here we consider finitely generated subalgebras of free Magari algebras. Let A be a subalgebra of Fr(ω) generated by elements B1 (q ), . . . , Bn (q ), where we assume that q1 , q2 , . . . are free generators of Fr(ω). We can look at these formulas as defining a substitution σ : F m( p) → F m(q ) so that σ(pi ) = Bi , for i = 1, . . . , n. Vice versa, any substitution of this kind defines a subalgebra of Fr(ω). The following theorem comes from [de Jongh and Visser, 1996] where the corresponding fact was stated for subalgebras of free Heyting algebras. The argument is based on the uniform interpolation theorem for GL [Shavrukov, 1993b]. p) THEOREM 70. For every σ we can effectively find a formula Tσ ∈ F m( such that A is isomorphic to Fr( p)/T Tσ , that is, the quotient algebra of the free algebra by the principal filter generated by Tσ . n Proof. Let Cσ (p, ) denote the formula i=1 (pi ↔ Bi (q )). By the substitution theorem, we have ) → (ϕ(B1 , . . . , Bn ) ↔ ϕ(p1 , . . . , pn )). GL Cσ (p, Therefore, we obtain ) → ϕ( p). GL ϕ(B1 , . . . , Bn ) ⇐⇒ GL Cσ (p, By the uniform interpolation theorem, from Cσ we can effectively construct p) such that GL Cσ (p, ) → Tσ ( p) and for any ϕ ∈ F m( p), a formula Tσ ( GL Cσ (p, ) → ϕ( p) ⇒ GL Tσ → ϕ( p). Hence, p), GL ϕ(B1 , . . . , Bn ) ⇐⇒ GL Tσ → ϕ( as required.
COROLLARY 71. The propositional theory of any finitely generated subalgebra of a free Magari algebra is finitely axiomatizable. Notice that for each σ the formula Tσ is defined uniquely modulo provable equivalence in GL. Formulas of the form Tσ are called exact in [de Jongh and Visser, 1996]. This notion turns out to be equivalent to the notion of projectivity introduced by [Ghilardi, 2000]. The following characterization can be inferred from Ghilardi’s results (A. Visser, unpublished). THEOREM 72. The following statements are equivalent, for any formula ϕ:
PROVABILITY LOGIC
243
(i) ϕ is exact; (ii) ϕ has the extension property, that is, for every (non-rooted) model K such that K ϕ, there is a model of ϕ obtained by just attaching a new root to K; (iii) ϕ satisfies the extension property for finite models. S. Ghilardi also established that the exactness/projectivity property is decidable. Our next goal is the study of subalgebras of provability algebras. For this we need yet another important general notion.
7.6 Numerated and positive algebras Provability algebras, consisting of (equivalence classes of) arithmetical formulas, bear a natural G¨ o¨del numbering that allows to speak about their computational properties. This numbering is not one-to-one because every element of MT corresponds to an infinite r.e. set of sentences. Yet, we can call a subalgebra of MT r.e. if so is the set of all G¨¨odel numbers of its elements. The notion of numerated algebra expresses on a more abstract level the idea of an algebra endowed with a G¨ o¨del numbering. Numerated Magari algebras can be defined as follows. Assume A = X and |X| ≤ ω. Then Fr(X) is isomorphic to Fr(α) for some α ≤ ω. An epimorphism π : Fr(α) → A is called a numeration of A. We look at the elements of Fr(α) as the codes of the elements of A. Magari algebras equipped with a numeration are called numerated. A numerated algebra A is positive, if the associated theory Pπ = {ϕ : π(ϕ) = } is r.e.. Notice that any provability algebra MT is a numerated Magari algebra in the sense of the above definition: one considers all sentences as generators ¨odel number of MT and maps pn to the arithmetical sentence with the G¨ n. Since we assume T to be r.e., MT is a positive algebra. Any finitely generated subalgebra of a positive algebra is also positive. Any r.e. set of sentences generates a positive subalgebra of MT .
7.7 Subalgebras of provability algebras Shortly after the Solovay theorems were published several authors independently found an improvement, which has become known as the uniform Solovay theorem [Montagna, 1979; Artemov, 1979; Visser, 1980; Boolos, 1982; Avron, 1984]. THEOREM 73. Suppose T has infinite characteristic. Then there is an arithmetical realization f such that, for any modal formula ϕ, GL ϕ ⇐⇒ T fT (ϕ).
244
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. The usual proof of this theorem applies the Solovay construction to the Kripke model obtained by a disjoint union of all finite treelike models and adding a new root 0 below them all. This model is infinite but converse well-founded and can be elementarily represented in arithmetic. Any modal formula not provable in GL is refuted at some node of this model. Therefore, the associated Solovay function provides the required uniform realization f . There is only one detail to be taken care of: T must prove that the Solovay function has a limit. Since our model is infinite, this only works for T containing IΣ1 . D. Zambella [Zambella, 1994] found (even in a more general situation) a modification of the Solovay construction which shows that the theorem also holds for any T containing EA. Theorem 73 appears to be very natural from the algebraic point of view. It is essentially equivalent to the following fact. COROLLARY 74. If T has infinite characteristic, then Fr(ω) is embeddable into MT , the provability algebra of T . This leads one to a more general question, what kind of Magari algebras are embeddable into MT . In view of Proposition 69 this problem is equivalent to the one about propositional theories P realizable in T . We say that P is realizable in T , if for some arithmetical realization f , ϕ ∈ P ⇐⇒ T fT (ϕ). An almost complete characterization of subalgebras of provability algebras was obtained by V. Shavrukov [Shavrukov, 1993b]. D. Zambella (unpublished) later filled in the last remaining gap. He also extended Shavrukov’s results to arbitrary extensions of EA [Zambella, 1994]. The most important part of the above problem concerns positive Magari algebras or, equivalently, r.e. propositional theories P . A Magari algebra A has characteristic n, where 0 ≤ n < ∞, if n is the minimal natural number such that A 2n ⊥ = . If such an n does not exist, we say that the characteristic of A is infinite. Notice that the characteristic of a provability algebra MT equals ch(T ). Also, all subalgebras of any algebra have the same characteristic. A has the strong disjunction property (s.d.p.), if = ⊥ and A 2ϕ ∨ 2ψ =
⇒
A ϕ = or A ψ = .
If T is Σ1 -sound, MT and all of its subalgebras obviously satisfy s.d.p. The same terminology applies to propositional theories, that is, we say that a theory P has one of the above properties if the corresponding algebra Fr(X)/P does. V. Shavrukov [Shavrukov, 1993b] proved the following two theorems, which together characterize r.e. subalgebras of any provability algebra.
PROVABILITY LOGIC
245
THEOREM 75. Suppose T is Σ1 -sound. A is isomorphic to an r.e. subalgebra of MT iff A is positive and satisfies s.d.p. THEOREM 76. Suppose T is not Σ1 -sound. A is isomorphic to an r.e. subalgebra of MT iff A is positive and the characteristic of A equals ch(T ). We sketch some ideas of the proofs of these theorems in the following subsections. So far, only the “only if” parts of both theorems are clear. First, we develop some understanding of the strong disjunction property.
7.8
Strong disjunction property
Let P be a set of modal formulas. We write P ϕ if a formula ϕ is provable from P and axioms of GL using modus ponens and necessitation rules. This is another form of saying that ϕ belongs to the 2-filter generated by P in Fr(ω). We say that K is a model of P if K ϕ for all ϕ ∈ P . Let C be a finite set of formulas. A propositional theory P satisfies s.d.p. for C if P ⊥ and P 2ϕ ∨ 2ψ ⇒ (P ϕ or P ψ), for all formulas 2ϕ, 2ψ ∈ C. THEOREM 77. Let P be a finite propositional theory. The following statements are equivalent: (i) P has s.d.p.; (ii) P has s.d.p. for the set of subformulas of P ; (iii) any two finite Kripke models of P are embeddable into a model of P as proper submodels. Proof. The implications (i)⇒(ii) and (iii)⇒(i) are easy. We prove (ii)⇒(iii). Let a pair of models K1 , K2 be given, and let C be the set of all subformulas of formulas in P . Consider the set Q := {¬2ψ : K1 ψ or K2 ψ; 2ψ ∈ C}. By s.d.p. of P , P Q → ⊥. Hence, by Theorem 2, there is a finite Kripke model W such that W P and W Q. Let W be obtained by adding to W the models K1 and K2 immediately above the root. By induction on ϕ one easily verifies that W ϕ ⇐⇒ W ϕ, for any formula ϕ ∈ C.
246
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Consider the case ϕ = 2ψ. If W 2ψ, then clearly W 2ψ. If W 2ψ, then ¬2ψ ∈ Q because W Q. Hence, by definition of Q, we have K1 , K2 ψ. This implies W 2ψ. Thus, W P and W P .
COROLLARY 78. The s.d.p. of a finitely axiomatized propositional theory is decidable. For infinite theories P we have the following characterization. THEOREM 79. P satisfies s.d.p. iff for every ϕ such that P ϕ there is a finite subtheory A of P such that A has s.d.p. and A ϕ. Proof. (⇐) Assume P 2ϕ ∨ 2ψ. Then for a suitable A we have A 2ϕ ∨ 2ψ. Hence, A ϕ or A ψ and the same holds for P , since P A. (⇒) Assume P enjoys s.d.p. and P ϕ. Let C be the set of all subformulas of ϕ. Consider the set PC := {ψ ∈ C : P ψ}. We claim that PC has s.d.p. for C. Indeed, if 2ψ1 and 2ψ2 are in C and PC 2ψ1 ∨ 2ψ2 , then P 2ψ1 ∨ 2ψ2 , hence P ψ1 or P ψ2 . Since ψ1 , ψ2 ∈ C, we obtain ψ1 ∈ PC or ψ2 ∈ PC , respectively. From the previous theorem we conclude that PC has s.d.p. and satisfies all the requirements. As an illustration we give an interesting example from [Shavrukov, 1993b]. Consider a set of propositional letters X = {pα : α ∈ Q}, where Q is the linearly ordered set of rational numbers. Let a propositional theory Q be given by the axioms {3pα → 33pβ : α, β ∈ Q, α > β}. One can show by a simple Kripke model argument that Q has s.d.p., in fact, every fragment of Q in finitely many variables does. It follows that Fr(X)/Q is embeddable into MT for any Σ1 -sound T . This means that there is a family of Π1 -sentences — the interpretations of the formulas 3pα — ordered as Q by the relation ‘ϕ proves the consistency of ψ over T ’, a nontrivial fact earlier proved in [Simmons, 1988] by purely arithmetical means. This example shows that Shavrukov’s theorems are essentially about simultaneous arithmetical realization of infinite families of modal formulas. In a sense, these results provide a generalization of Solovay’s theorems from finite to infinite r.e. sets of formulas.
7.9 Proofs of Shavrukov’s theorems Here we sketch main ideas of the proofs of Theorems 75 and 76. These proofs have been greatly simplified by D. Zambella and we follow his presentation
PROVABILITY LOGIC
247
very closely [Zambella, 1994]. To simplify things yet further and concentrate on the essentials, we shall assume throughout this section that ch(T ) = ∞ and T contains IΣ1 . We fix some natural Godel ¨ numbering of modal formulas. To simplify the notation, we shall essentially identify modal formulas and their codes and incorporate the variables ϕ, ψ ranging over modal formulas into the language of arithmetic. We shall also adopt the convention that these variables, unless explicitly said otherwise or bound by quantifiers, denote the standard formulas, that is, the numerals of their codes. Let P be an r.e. set of formulas. We call an elementary presentation of P a ∆0 -formula “ϕ ∈ Pn ”, with the free variables n and ϕ, satisfying the following conditions: • ϕ ∈ P ⇐⇒ N ∃n “ϕ ∈ Pn ”; • T ∀ϕ, n (“ϕ ∈ Pn ” → ϕ < n).
Thus, Pn denotes a finite part of P such that P = n≥0 Pn . Formalizing in T the notion of derivability in GL we construct from an Pn ϕ” naturally expressing elementary presentation of P a ∆0 -formula “P Px ϕ” within T . the statement Pn ϕ. “P ϕ” then stands for ∃x “P Once an elementary presentation of P is fixed, we say that P satisfies s.d.p. provably in T if T proves ¬“P ⊥” ∧ ∀ϕ, ψ (“P 2ϕ ∨ 2ψ” → “P ϕ” ∨ “P ψ”). The central part of the proof of both theorems is the following lemma. LEMMA 80. Assume that ch(T ) = ∞. If P is elementary presented and satisfies s.d.p. provably in T , then P is realizable in T . From this lemma one obtains Theorems 75, 76 (for the case ch(T ) = ∞) by modifying any given elementary presentation of an r.e. set P in such a way that it becomes provably strongly disjunctive. LEMMA 81. Assume that ch(T ) = ∞. Assume further that either P has s.d.p., or T is not Σ1 -sound. Then there is an elementary presentation of P for which P satisfies s.d.p. provably in T . Notice that, if T is Σ1 -unsound, T can be made to think that P has s.d.p., whereas in reality P need not satisfy this property. For the case of P satisfying s.d.p. one can easily define such an elementary presentation using an effective (elementary) version of Theorem 79: just enumerate P in such an order that the finite subtheories Pn at all stages have s.d.p. We shall omit a formal proof of Lemma 81, which is mainly technical, and concentrate our attention on Lemma 80. Proof. Assume a propositional theory P provably satisfying s.d.p. is given. We shall define a Solovay-like function whose value h(n) is either 0 or the
248
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
code of a finite treelike model of Pm , for some m ≤ n. We identify now the models and their codes and assume that submodels of a model have smaller codes than the model itself. We write k1 ≺ k2 if k2 is a proper submodel of the model k1 . Fix a natural ∆0 -formula “k ϕ”, with the free variables k and ϕ, expressing the validity of ϕ in a model (coded by) k. Assume that 0 is not a code of a model and that “0 ϕ” never holds. For each ϕ define an arithmetical sentence Sϕ as follows: Sϕ = ∃k, m∀n ≥ m (h(n) = k ∧ “k ϕ”). Thus, the sentence Sϕ asserts that ϕ holds at the limit of h, essentially as for the standard Solovay realization of ϕ. We also let S0 = (∀n h(n) = 0). The elementary function h will be defined self-referentially by formalizing the following definition. Let h(0) = 0. If n codes a proof of S0 ∨ Sϕ for some formula ϕ, then h(n + 1) is defined by the clauses: (a) If h(n) = 0 and Pn ϕ, then choose the minimal model k such that k Pn and k ϕ and put h(n + 1) = k. (b) If h(n) = k = 0 and the root of some submodel of k forces ¬ϕ, then let k1 be the minimal such submodel and put h(n + 1) = k1 . (c) In all other cases let h(n + 1) = h(n). One way of looking at the above function is to have in mind the Kripke model consisting of all finite treelike models ordered by ≺ (and an attached root 0). Notice that h is now defined in terms of the sentences Sϕ for arbitrary formulas ϕ, not just for those corresponding to isolated nodes of the model. Also, unlike in the original Solovay construction, h always tries to jump to the highest possible node of the model falsifying a certain modal formula. With this in mind one observes that the behavior of h is similar to that of the usual Solovay function above the root. LEMMA 82. The following statements are provable in T : (i) ∃z, m∀n > m h(n) = z; (ii) ∀n, k (h(n) = k = 0 → ProvT (∃m k˙ ≺ h(m))). Proof. For (i) reason in IΣ1 as follows: either h stays in 0 for all n, or it jumps. Using the Σ1 -least element principle pick the smallest model in the range of h. By the upwards monotonicity, this model can only be its limit. For (ii) notice that h jumps to a node k above 0 only in the case there is a T -proof of S0 ∨Sϕ , for some formula ϕ that is false at k. By Σ1 -completeness,
PROVABILITY LOGIC
249
h(n) = 0 implies ¬S0 and ProvT (¬S0 ). Hence, ProvT (Sϕ ). But Sϕ means that the limit of h forces ϕ, so it cannot be the same node as k and is therefore a proper submodel of k. COROLLARY 83. S0 holds in the standard model. Proof. We note that for any k = 0 there is an m (the height of k) such that T ∃n h(n) = k¯ → (2m+1 ⊥)T . This is easy to see from Lemma 82(ii) by a subsidiary induction on m. So, if h(n) = k = 0, then T h(¯ n) = k¯ and T (2m+1 ⊥)T contradicting the assumption that ch(T ) = ∞. Although from the point of view of the standard model h never leaves 0, T needs not see it. T only knows that the longer h stays at 0, the less possible worlds of the model remain where it can jump to because such nodes must validate ever larger fragments of P . So, in a sense, our model shrinks with time as long as h(n) = 0. LEMMA 84. T ∀n (h(n) = 0 ∧ “P “Pn ϕ” → Sϕ ). Proof. By (a) of the definition of h, if h(n) = 0 and Pn ϕ, then h jumps at stage n + 1 and h(m) will be a model of Pn for all m ≥ n + 1. Therefore, for all such m, h(m) ϕ. To define the required realization f we first have to specify the validity of modal formulas at the root 0 of the model in a suitable way. This will be achieved by constructing an arithmetical formula Φ(x) satisfying the requirements of the following lemma. LEMMA 85. There is an arithmetical formula Φ such that for any (standard) modal formulas ϕ, ψ the following conditions hold provably in T : (i) ¬Φ(⊥), Φ(); (ii) Φ(ϕ → ψ) ↔ (Φ(ϕ) → Φ(ψ)); (iii) “P ϕ” → Φ(ϕ); (iv) Φ(2ϕ) → “P ϕ”. For a moment we postpone the proof of this lemma. Having such a formula Φ, we define the required arithmetical realization f as follows: f (ϕ) := Sϕ ∨ (S0 ∧ Φ(ϕ)). Here ϕ is any modal formula, in particular, a variable. To show that f behaves like an arithmetical interpretation we prove LEMMA 86. For all formulas ϕ, ψ the theory T proves:
250
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
(i) f (⊥) ↔ ⊥, f () ↔ ; (ii) f (ϕ → ψ) ↔ (f (ϕ) → f (ψ)); (iii) f (2ϕ) ↔ ProvT (f (ϕ)). Proof. The cases (i) and (ii) are easy. We prove (iii). (→) Reasoning in T assume f (2ϕ). We shall consider two subcases depending on whether S0 or ¬S0 holds. Assume S0 . Then f (2ϕ) is equivalent to Φ(2ϕ). By (iv) of the previous lemma, we obtain P ϕ, therefore for some n, Pn ϕ. Since we assumed S0 , h(n) = 0 and, by the provable Σ1 -completeness, ˙ = 0 ∧ “P Pn˙ ϕ”). ProvT (h(n) From Lemma 82 we conclude that ProvT (Sϕ ) and ProvT (f (ϕ)). Assume ¬S0 . Then f (2ϕ) implies S2ϕ , hence for some n, h(n) 2ϕ. By our agreement on this means, in particular, that h(n) = 0. By the ˙ 2ϕ). Since h(n) = provable Σ1 -completeness, we obtain ProvT (h(n) 0, by Lemma 82, T proves that the limit of h is a proper submodel of h(n). This implies that ϕ holds in the limit of h, that is, ProvT (Sϕ ) and ProvT (f (ϕ)). (←) Assume ProvT (f (ϕ)) and S0 . We have ProvT (S0 ∨ Sϕ ). Let n be the code of a T -proof of S0 ∨ Sϕ . Since we assumed S0 , there holds h(n) = 0. Then Pn ϕ, otherwise h would make a jump at stage n + 1 contradicting S0 . Thus, P ϕ and, by Lemma 85(iii), Φ(ϕ), which implies f (2ϕ), as required. Assume now ¬S0 . Again, let n be the code of a T -proof of S0 ∨ Sϕ large enough to have h(n) = 0. If h(n) 2ϕ, then h(n + 1) = h(n), otherwise h(n + 1) will be the least submodel of h(n) forcing ¬ϕ. In both cases we have h(n + 1) 2ϕ. By monotonicity, this also implies that h(m) 2ϕ, for all m ≥ n + 1, that is, S2ϕ . Hence, f (2ϕ) holds. COROLLARY 87. For any modal formula ϕ, T f (ϕ) ↔ fT (ϕ). Now we can easily prove that f realizes the propositional theory P . LEMMA 88. For any modal formula ϕ, T fT (ϕ) iff P ϕ. Proof. Assume P ϕ, then for some n, Pn ϕ. By Σ1 -completeness, we obtain T h(¯ n) = 0 ∧ “P Pn¯ ϕ”. By Lemma 84, conclude that T Sϕ and hence T f (ϕ). Vice versa, assume that T f (ϕ) and P ϕ. Let n be the code of a T -proof of S0 ∨ Sϕ . We obviously have Pn ϕ, hence h(n + 1) = 0, which is impossible in the standard model.
PROVABILITY LOGIC
251
Proof of Lemma 85. The proof is essentially a construction within T of a maximal consistent set containing P ∪ {¬2ϕ : P ϕ}. It is easy to see by the s.d.p. of P that such a set exists (externally). We shall deal with finite binary strings σ, τ , etc.; |σ| denotes the length of σ; σ(i) is the i-the element of σ; σ
(2)
Indeed, since n is standard, the least element principle up to n reduces to a tautology and is provable in T . The minimal string is obviously unique. Now we check the properties (i)–(iv) of Φ. (i) Assume Φ(⊥), then for some σ such that ⊥ < |σ| we have σ(⊥) = 1 and V (σ). But if σ(⊥) = 1, then Φσ ↔ ⊥, therefore P Φσ → 2⊥, so V (σ) implies P ⊥, which is impossible by the s.d.p. The case Φ() is treated similarly. (ii) Assume Φ(ϕ) and Φ(ϕ → ψ). Let σ be a string longer than all of ϕ, ψ and ϕ → ψ such that U (σ) holds. By the uniqueness of σ in (2), we must have σ(ϕ) = σ(ϕ → ψ) = 1. But then necessarily σ(ψ) = 1, for otherwise Φσ ↔ ⊥ and we get a contradiction in P as in (i). Conversely, assume either ¬Φ(ϕ) or Φ(ψ). Again, let σ be long enough so that σ(ϕ) = 0 or σ(ψ) = 1. In each case σ(ϕ → ψ) = 1, lest P should be inconsistent. (iii) Assume P ϕ. Let σ be longer than ϕ and U (σ). We show that σ(ϕ) = 1. Suppose the contrary, then P Φσ → ¬ϕ and hence P Φσ → ⊥. From V (σ) it follows that P ⊥, which is impossible. Therefore, Φ(ϕ). (iv) Assume Φ(ϕ) and let σ be a sufficiently long string such that U (σ) and σ(2ϕ) = 1. Then tautologically P Φσ → 2ϕ. By the definition of V (σ), P ϕ.
252
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
This completes the proof of Lemma 80 and thereby the proof of Shavrukov’s theorems.
7.10 Arbitrary subalgebras Shavrukov’s theorems characterize r.e. subalgebras of provability algebras. Here we briefly consider the case of arbitrary subalgebras. A countable algebra is called locally positive if it is numerated and each one of its finitely generated subalgebras, with the induced numeration, is positive. Dually speaking, a propositional theory P is called locally r.e. if the fragment of P in the first n variables is r.e., for any n. Obviously, any subalgebra of a positive algebra and thus, any subalgebra of a provability algebra, is locally positive. V. Shavrukov [Shavrukov, 1993b] gave an example of a locally positive Magari algebra that is not positive. For Σ1 unsound theories local positivity, together with the obvious consideration of the characteristic, turns out to be sufficient for the embeddability. THEOREM 89. Suppose T is not Σ1 -sound. A countable Magari algebra A is embeddable into MT iff A is locally positive and the characteristic of A equals ch(T ). A more important characterization of arbitrary subalgebras of Σ1 -sound theories was given by D. Zambella (unpublished), but it is slightly less elegant. We call a propositional theory P (and the corresponding quotient algebra Fr(ω)/P ) uniformly s.d., if for every n ∈ ω there is a recursive sequence of formulas Pn (m), m = 0, 1, . . . in the variables p0 , . . . , pn such that • {P Pn (m) : n, m ∈ ω} axiomatize P ; • Pn (m) has s.d.p.; • Pn (m + 1) Pn (m); • Pn+1 (m) Pn (m). THEOREM 90 (Zambella). Let T be a Σ1 -sound theory. A is embeddable into MT iff A is locally positive and uniformly s.d.
7.11 Isomorphisms of provability algebras Having isolated an interesting class of algebraic structures mathematicians often initiate the program of classifying all such structures modulo isomorphism: from a purely algebraic point of view isomorphic structures are the same. Even when this task in its full extent happens to be too difficult, the study can provide partial answers and useful insights into the structure of individual algebras. In the case of provability algebras there is really not
PROVABILITY LOGIC
253
much hope for any such classification. In this section we review what little we know. To get some feeling of the matter we first discuss the relationships between provability algebras and free Magari algebras. EXAMPLE 91. Let A be the free algebra on 0 generators, Fr(0), and let B be the Magari algebra of all finite and cofinite subsets of natural numbers ω with the standard boolean operations and the operation 2 defined as follows: 2X = {x ∈ ω : ∀y ∈ ω (y < x ⇒ y ∈ X)}. Recall that A is the Lindenbaum algebra of the letterless fragment of GL. The notion of trace of a modal formula introduced in Section 2.7 defines an isomorphism between A and B: f : ϕ &−→ ω \ tr(ϕ). Indeed, the normal form theorem for letterless formulas (Theorem 15) shows that f is a one-to-one and onto homomorphism. From this example we can conclude that Fr(0) is not isomorphic to any provability algebra MT , for T containing EA. One reason is that Fr(0) is not dense (the formulas ¬F Fn are the minimal elements above 0), whereas, by Proposition 64, MT is. Of course, Fr(0) is naturally embeddable into MT , for any T of infinite characteristic, as its prime subalgebra. Free algebras on more than 0 generators do not have such a clear representation as in Example 91. There is a representation based on a universal Kripke model as described, e.g., in [Rybakov, 1989; Artemov and Beklemishev, 1993; Grigolia, 1987]. However, this model is not as nice as the one for Fr(0). It is well-known (see e.g. [Artemov and Beklemishev, 1993]) that Fr(α) are not dense for α < ω, but Fr(ω) is. PROPOSITION 92. None of the provability algebras MT is embeddable into (let alone isomorphic to) a free algebra. Proof. If ch(T ) < ∞, the algebra MT is clearly not embeddable into a free one. If ch(T ) = ∞, we use the following observation: in MT there is an element ϕ such that ϕ = ⊥ and ϕ ≤ 3n , for all n. If T is Σ1 -sound, one can simply take RFNΣ1 (T ) for ϕ. A little arithmetical fixed point argument works more generally. However, we would like to apply the recently acquired heavy weaponry. Consider the propositional theory P axiomatized by the formulas {p → 3n : n < ω}. It is easy to verify by a Kripke model argument that P (provably) satisfies s.d.p.. Hence, by Shavrukov’s theorems, it is realizable in T . Let ϕ be the realization of p. Now we observe that in a free algebra such a ϕ cannot exist by the following Claim: if GL ϕ → 3n , for each n, then GL ¬ϕ.
254
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Indeed, if GL ¬ϕ, then there is a finite model K such that K ϕ. Let n be the height of K. Then K ϕ ∧ ¬3n+1 , which contradicts our assumption. In contrast with the previous proposition, recall that by the uniform Solovay theorem the free algebra Fr(ω) is embeddable into MT , if ch(T ) = ∞. The following interesting statement is a direct corollary of Shavrukov’s theorems. COROLLARY 93. If T and U are Σ1 -sound extensions of EA, then MT is embeddable into MU . Proof. Both algebras are positive and satisfy s.d.p..
Thus, for example, MZF is isomorphic to a subalgebra of MPA , which may seem rather puzzling at first sight. All provability algebras of Σ1 -sound theories have the same subalgebras (modulo isomorphism). V. Shavrukov [Shavrukov, 1993a] obtained the following beautiful result that we regretfully must leave without a proof. THEOREM 94. Let T and U be Σ1 -sound theories containing EA such that U RFNΣ1 (T ). Then MT and MU are not isomorphic. It follows, for example, that the provability algebras of EA, IΣ1 , PA, ZF, etc., are all pairwise nonisomorphic. This theorem shows, once again, that the notion of provability algebra is much richer than that of the Lindenbaum boolean algebra. Its proof relies on the difference in the rate of growth of provably total computable functions of the theories T and U and borrows some ideas from the Blum complexity theory. As a complement to Theorem 94, V. Shavrukov [Shavrukov, 1997a] also obtained a positive result on the existence of isomorphisms between certain provability algebras. We formulate it in a somewhat simplified form. THEOREM 95. Assume that T and U contain IΣ1 and prove the same boolean combinations of Σ1 -sentences. Assume further that this fact is provable both in T and in U . Then MT is (recursively) isomorphic to MU . From this result one infers that the provability algebras for the following pairs of theories are isomorphic: (PA, ACA0 ), (ZF, GB). The result also holds, e.g., for the pair (PRA, IΣ1 ), although it is not covered by Theorem 95 as we formulated it. De facto, Theorem 95 holds for all extensions of EA closed under the so-called Σ1 -collection rule, which includes all the ‘usual’ extensions of EA. Finally, here is another relevant result of V. Shavrukov [Shavrukov, 1997a] that will be useful in the next section. THEOREM 96. Assume that T contains EA and ϕ is a sentence not equivalent to any boolean combination of Σ1 -sentences in T . Then there is an isomorphism f : MT → MT such that f (ϕ) = ϕ.
PROVABILITY LOGIC
7.12
255
First order theories of provability algebras
Universal theory Recall that the identities of provability algebras are described by the provability logics PLT (T ). More generally, we also have a nice characterization of the set of universal formulas valid in MT , denoted Th∀ (MT ). Any such formula has the form ∀ ∀ p χ( p ), where χ( p ) is a boolean combip ) = ψj ( p ). Given a realization f nation of term equalities of the form ϕi ( of the variables p, MT ϕi ( p ) = ψj ( p ) ⇐⇒ N fT (2(ϕi ( p ) ↔ ψj ( p ))). Therefore, MT ∀ ∀ p χ( p ) iff N fT (χ( ˜ p )), for all realizations f , where p ) = ψj ( p ) by χ ˜ denotes the result of replacing in χ every equality ϕi ( p ) ↔ ψj ( p )). Hence, we obtain the following result. 2(ϕi ( ∀ p χ( p ) iff χ ˜ ∈ PLT (TA). THEOREM 97. MT ∀ Since all the truth provability logics are decidable, we obtain the following corollary. COROLLARY 98. If T is an elementary presented extension of EA, then Th∀ (MT ) is decidable. An example: admissible rules in PA In perfect analogy with the definition of admissible rules in a propositional logic L we now define propositional admissible rules in an arithmetical theory T . A inference rule ϕ1 , . . . , ϕn (R) ψ is admissible in a T , if whenever T fT (ϕi ), for i = 1, . . . , n, there holds T fT (ψ), for any realization f . It is easy to see that any admissible rule in PA is also admissible in GL. The converse is actually not true. We have the following straightforward characterization. PROPOSITION 99. A rule (R) is admissible in T iff ∀ p (ϕ1 ( p) ∧ . . . ∧ ϕn ( p) = → ψ( p) = ). MT ∀ Thus, admissibility of a rule in T is expressible by a particular universal formula in MT . From the previous corollary we conclude that the admissibility of propositional inference rules in T is decidable and reducible to the derivability in S, if T is sound. COROLLARY 100. (R) is admissible in PA iff S 2ϕ1 ∧ . . . ∧ 2ϕn → 2ψ.
256
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Consider the following example (suggested by J. Joosten): 2p → 2⊥
2¬p → 2⊥ ⊥ .
This rule is admissible in GL because the two-element linear Kripke frame shows that for no formula ϕ do we have GL 3 → (3ϕ ∧ 3¬ϕ). On the other hand, this rule is not admissible in PA. Substitution of the well-known Rosser sentence for p makes both premises of the rule provable. Alternatively, one can just check by a Kripke model argument that S [2(2p → 2⊥) ∧ 2(2¬p → 2⊥)] → 2⊥. Full first order theory For several years one of the major questions in the area was the problem of the decidability of the full first order theory of the provability algebra of PA. This theory can be perceived in two, obviously equivalent, ways. First of all, it is the set of all first order formulas in the language of Magari algebras that are valid in MPA . We can also look at it as at the set of all valid second order propositional modal formulas with the following restrictions on the occurrences of propositional quantifiers and modalities: • no quantifier occurs within the scope of 2; • no variable occurs outside the scope of 2. Of course, the quantifiers range over arbitrary arithmetical sentences. For example, the formula ∀ 1 , p2 ∃q 2(2q ↔ (2p1 ∨ 2p2 )) ∀p is valid in MT , for any T containing EA (this follows from the so-called FGH-principle [Smory´ n ´ski, 1981; Visser, 2002a]). Similarly, formula ∀ (3p → ∃q (¬2(p → q) ∧ ¬2(¬p → q))) ∀p represents Rosser’s theorem for the theory T + p. We denote the first order theory of MT by Th(MT ). V. Shavrukov answered the main problem by the following remarkable result [Shavrukov, 1997b] that also yielded solutions to a number of related questions. THEOREM 101. If ch(T ) = ∞ and T contains EA, then neither Th(MT ), nor any of its subtheories is decidable.
PROVABILITY LOGIC
257
For Σ1 -sound theories T one has a considerable strengthening. THEOREM 102. If T is a Σ1 -sound theory containing EA, then Th(MT ) is mutually interpretable with TA. Since the interpretation constructed by Shavrukov does not actually depend on T , this yields the following corollary. COROLLARY 103. For T a Σ1 -sound theory, Th(MT ) is not arithmetic. The same holds for the first order theory of any collection of provability algebras of such theories. In particular, it would be hopeless to look for an r.e. axiomatization of Th(MPA ). The proofs of these results are ingenious and technically complicated. We will not go into them, but remark that the main idea and difficulty in the proof was to find a first order definition of the set of elements in MT that would allow to model the structure of natural numbers (recall that the ordering of MT is dense!). This has been achieved by the following lemma, which is interesting in its own right. LEMMA 104. Suppose T is Σ1 -sound. There is a first order formula N (x) in the language of Magari algebras such that, for any x ∈ MT , MT N (x) ⇐⇒ x ∈ {3nT : n ∈ ω}. With this lemma at hand, it is then relatively easy to show the undecidability of Th(MT ), e.g., by interpreting the theory of finite partial orderings in it (see [Artemov and Beklemishev, 1993]). To interpret the full true arithmetic in Th(MT ), however, some more powerful machinery seems to be necessary. Here, Shavrukov’s theorems on the subalgebras of MT provided a useful tool that allowed to give a short construction. The proof of Theorem 101 in full generality bears on the same technical ideas, but is more involved. V. Shavrukov showed how to directly simulate Minsky’s monogenic normal canonical systems within MT . One important corollary of Lemma 104 is a strengthening of Theorem 94 stating that certain provability algebras are not elementary equivalent. THEOREM 105. Let T and U be Σ1 -sound theories containing EA such that U RFNΣ1 (T ). Then there is a formula ϕ such that ϕ ∈ Th(MT ) and ϕ ∈ Th(MU ). For the record we also mention some results on first order theories of Magari algebras that have been obtained prior to Shavrukov’s. [Montagna, 1980] and [Smory´ n ´ski, 1982] showed that the first order theory of the class of all Magari algebras (and any subtheory of this theory) is undecidable. [Artemov and Beklemishev, 1993] investigated first order theories of free algebras. It turns out that Th(Fr(0)) is decidable and, in fact, is mutually
258
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
interpretable with the weak monadic second order theory of the linear ordering of ω. The interpretation is essentially provided by the isomorphism of Fr(0) and the algebra of finite and cofinite subsets of ω. It is known by A. Meyer [Meyer, 1975] that the decision procedure for the theory in question cannot be elementary. The theories Th(Fr(α)) for α > 0 are all undecidable. There are many questions about first order theories of provability algebras that are still open. For example, we do not know if the ∀∃- and ∀∃∀-fragments of Th(MPA ) are decidable. From Shavrukov’s proof of Theorem 101 it only follows that the ∀∃∀∃-fragment is undecidable. We also know very little about definable elements of MPA . Of course, the elements of its prime subalgebra are definable. Since definable elements cannot be moved by automorphisms, from Theorem 96 we immediately conclude that sentences not equivalent to boolean combinations of Σ1 -sentences cannot be definable. The situation with the rest of the elements of MPA is unknown. It is also open, whether the provability algebras of PA and PA + Con(PA) are isomorphic.
8
BIMODAL AND POLYMODAL PROVABILITY LOGIC
An obvious way to increase the expressive power of modal language is to consider several interacting provability operators, which naturally leads to bi- and polymodal provability logic. In this section we overview this large and non-uniform area. Perhaps, the most natural provability interpretation of polymodal language is the understanding of modalities as provability predicates in some elementary presented theories containing EA. A modal description of two such provability predicates is, in general, already a considerably more difficult task than a characterization of each one’s provability logic. There is no single system that can be justifiably called the bimodal provability logic — rather, we know particular systems for different natural pairs of theories, and none of those systems occupies any privileged place among the others. Numerous isolated results accumulated in this area, so far, give us little information as to a possible general classification of bimodal provability logics for pairs of (sound) r.e. theories. This problem is one of the major remaining open problems in provability logic. On a par with the interpretation of modalities as the usual provability predicates we consider some interpretations, where modalities correspond to more general provability-like concepts of essentially semantical nature. For example, we consider the predicates of n-provability expressing the provability from the set of all true Πn -sentences. The corresponding polymodal logic, formulated by G. Japaridze, appears to be particularly useful for the applications in proof theory (see Section 10). It seems at present that further
PROVABILITY LOGIC
259
applications will require more work to be done on the polymodal analysis of the other strong, that is, not r.e. provability concepts, such as ω-provability in the second-order arithmetic and validity in particular classes of models of set theory. In addition to the studies of the usual and strong provability predicates, a considerable amount of work has been done on studying interaction of the provability operator with some exotic provability concepts, such as Rosser’s provability predicate, Feferman’s provability predicate, and some others. These results can also be coached in terms of bimodal logic. Below we overview some of these developments as well.
8.1 Bimodal logics for pairs of r.e. theories The language L(2, () of bimodal provability logic is obtained from that of propositional calculus by adding two unary modal operators 2 and (. Let (T, U ) be a pair of elementary presented theories and let f be an arithmetical realization (cf. Section 3.3). An arithmetical interpretation fT,U (ϕ) of a formula ϕ w.r.t. (T, U ) translates 2 as provability in T and ( as that in U : fT,U (2ϕ) = ProvT (ffT,U (ϕ)),
fT,U ((ϕ) = ProvU (ffT,U (ϕ)).
The provability logic for (T, U ) is the collection of all L(2, ()-formulas ϕ such that T ∩ U fT,U (ϕ), for every arithmetical realization f . It is denoted PLT,U . In general, similarly to the unimodal case, one can consider bimodal provability logics for (T, U ) relative to an arbitrary metatheory V . PLT,U (V ) is the set of all formulas ϕ such that V fT,U (ϕ), for every arithmetical realization f . Thus, PLT,U corresponds to V = T ∩ U . Basic bimodal logic Basic work on bimodal provability logic has been done by C. Smory´ n ´ski and T. Carlson [Smory´ n ´ski, 1985; Carlson, 1986]. Not too much can a priori be said about PLT,U , for arbitrary T and U . Firstly, PLT,U is closed under modus ponens, substitution, 2- and (-necessitation rules.12 Secondly, PLT,U has to be an extension of the following bimodal logic CS: Axioms:
(i) schemes of GL for 2 and for (;
(ii) 2ϕ → (2ϕ; (iii) (ϕ → 2(ϕ. Rules: modus ponens, ϕ/2ϕ, ϕ/(ϕ. 12 Notice
that neither PLT ,U (T ) nor PLT ,U (U ) will in general be closed under both necessitation rules.
260
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Arithmetical soundness of CS is expressed by PROPOSITION 106. For any theories T , U one has CS ⊆ PLT,U (EA). Proof. The validity of (ii) and (iii) is just a consequence of provable Σ1 completeness and the fact that both provability predicates are Σ1 . Carlson models Suitable Kripke-style models for CS are introduced by the following definition. DEFINITION 107. A Carlson model K = (K, M0 , M1 , ≺, ) is a usual Kripke model (K, ≺, ) for GL equipped with two distinguished subsets M0 , M1 ⊆ K. The forcing of bimodal formulas on K is defined according to the following clauses: 1. x ⊥, x ; 2. x ϕ → ψ ⇐⇒ (x ϕ or x ψ); 3. x 2ϕ ⇐⇒ ∀y ∈ M0 (x ≺ y ⇒ y ϕ); 4. x (ϕ ⇐⇒ ∀y ∈ M1 (x ≺ y ⇒ y ϕ). As usual, we write K ϕ, if x ϕ, for each x ∈ K. Obviously, CS is sound with respect to Carlson models. The standard canonical model construction followed by a filtration and unravelling argument yields the following completeness result (see [Smory´ n ´ski, 1985]). THEOREM 108. The following statements are equivalent: (i) CS ϕ; (ii) K ϕ, for each Carlson model K; (iii) K ϕ, for each finite Carlson model K. COROLLARY 109. CS is decidable. Arithmetical completeness of CS [Smory´ n ´ski, 1985] showed that CS is, indeed, the minimal bimodal provability logic, that is, coincides with PLT,U for a certain pair of finite extensions T, U of Peano arithmetic. [Beklemishev, 1992] proved that there is a pair of provability predicates for Peano arithmetic itself such that the corresponding bimodal provability logic coincides with CS. Such predicates can be called independent in the sense that they ‘know’ as little about each other
PROVABILITY LOGIC
261
as is possible in principle. However, neither the theories in Smory´ n ´ski’s example, nor the independent provability predicates are natural — they are constructed by tricky diagonalization. Thus, we are in the curious situation where the bimodal logic CS, which structurally occupies a privileged place among the provability logics, does not correspond to any (known) natural pair of theories. THEOREM 110 (Smory´ n ´ski). Let V be a Σ1 -sound theory. There is a pair (T, U ) of finite extensions of V such that PLT,U = PLT,U (V ) = CS. Proof. Consider a translation (·)∗ of the language L(2, () into L(2, c0 , c1 ) that preserves variables and boolean connectives and satisfies (2ϕ)∗ = 2(c0 → ϕ∗ );
((ϕ)∗ = 2(c1 → ϕ∗ ).
Here c0 and c1 are propositional variables that do not occur in the language L(2, (). We claim: CS ϕ ⇐⇒ GL ϕ∗ , for any formula ϕ ∈ L(2, (). Indeed, the implication (⇒) is easy to check by induction on the length of a derivation in CS. For a proof of (⇐) one argues by contraposition. If CS ϕ then there is a Carlson model K such that K ϕ. Define x c0 ⇔ x ∈ M0 and x c1 ⇔ x ∈ M1 . This makes K a Kripke model for L(2, c0 , c1 ) falsifying ϕ∗ (2 corresponds to the accessibility relation on K) and proves our claim. By the uniform arithmetical completeness theorem (Theorem 73) we obtain a realization f such that for any formula ϕ ∈ L(2, c0 , c1 ), GL ϕ ⇐⇒ V fV (ϕ). Let T := V + fV (c0 ) and U := V + fV (c1 ). This agrees with the translation (·)∗ , that is, V fT,U (ϕ) ↔ fV (ϕ∗ ), so we obtain CS ϕ ⇒ GL ϕ∗ ⇒ V fV (ϕ∗ ) ⇒ V fT,U (ϕ). This proves PLT,U (V ) = CS. For the same theories (T, U ) we also have PLT,U = CS because ϕ ∈ PLT,U
⇐⇒ ⇐⇒
(2ϕ ∧ (ϕ) ∈ PLT,U (V ) CS 2ϕ ∧ (ϕ
⇐⇒
CS ϕ.
262
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Types of bimodal provability logics Deeper structural information on bimodal provability logics is provided by the Classification theorem for arithmetically complete unimodal logics. With every (normal) bimodal logic L containing CS we can associate its type: (L)2 := {ϕ ∈ L(2) : L (ϕ}. It is obvious that (L)2 contains GL and is closed under modus ponens and substitution rules. Under the assumption of Σ1 -soundness of V we obviously have: PLT (U ) = (PLT,U (V ))2 . The Classification theorem shows that not every extension of GL is materialized as the type of a bimodal provability logic and gives us a description of all such possible types: GLα , GL− β , Sβ , Dβ , α, β ⊆ ω, ω \ β finite. The set α also has to be r.e. because we assume U to be an r.e. theory. Indeed, the set of all formulas Fn such that U FnT is r.e. and therefore so is α. Natural bimodal provability logics Apart from the above general observations, a number of particular bimodal provability logics for natural pairs of theories is known. These logics cover most of the examples of pairs of arithmetical theories that come to mind, but, unfortunately, are far from being an exhaustive list of all bimodal provability logics. The best known system is the logic PLPA,ZF characterized by [Carlson, 1986] and independently (with a different interpretation in mind) by [Montagna, 1987b].13 This logic can be axiomatized over CS by the principle of essential reflexivity ER : ((2ϕ → ϕ). A pair (T, U ) is called an essentially reflexive extension, if U proves the local reflection principle for T . (In this case U also necessarily contains T .) Further examples of essentially reflexive extensions are: (IΣ1 , PA), (ACA0 , ACA), etc. Here ACA denotes the second order arithmetic with arithmetical comprehension and full induction and ACA0 is ACA with the induction formulated as a single axiom. In the following we shall denote by L⊕A the closure of a normal (bimodal) logic L and an axiom schema A by modus ponens, substitution and both necessitation rules. THEOREM 111 (Carlson). PLT,U = CS ⊕ ER, whenever the theories T, U are sound and (T, U ) is an essentially reflexive extension. 13 It
does not really matter here that PA and ZF are officially formulated in different languages. We may just assume that PA is interpreted into the language of ZF.
PROVABILITY LOGIC
263
Thus, CS ⊕ ER is the only bimodal provability logic of type S and a maximal among the bimodal logics for pairs of sound elementary presented theories. n ´ski, 1985]. Suitable An extended treatment of PLPA,ZF is given in [Smory´ Kripke models for this logic are developed in [Visser, 1995]. Below we deal with more general extensions, that is, pairs of theories (T, U ) such that U provably contains T . If (T, U ) is an extension, then PLT,U (EA) satisfies the additional monotonicity principle M:
2ϕ → (ϕ.
CS together with the monotonicity axiom will be denoted CSM.14 Notice that M follows from ER over CS. CSM is sound and complete with respect to (finite) Carlson models K for which M0 = K. Now we describe two natural bimodal provability logics of type D, introduced in [Beklemishev, 1996]. The first one corresponds to pairs of theories (T, U ) such that U is a finite extension of T and proves the local Σ1 -reflection principle for T . Typical examples are the pairs (EA, EA+ ), (IΣm , IΣn ), for n > m ≥ 1, (PA, PA + RFNΣ1 (PA)), etc. The logic can be axiomatized over CSM by the schema ECΣ :
((2σ → σ),
σ ∈ Σ,
where Σ denotes the set of all (possibly empty) disjunctions of formulas of the form 2ψ and (ψ. THEOREM 112. If U RfnΣ1 (T ) and U is a sound finite extension of T , then PLT,U = CSM ⊕ ECΣ . CSM ⊕ ECΣ is the minimal bimodal provability logic of type D containing M. Indeed, if PLT (U ) = D, then U proves the local Σ1 -reflection principle for T , by Corollary 52. Hence, PLT,U (EA) must also satisfy ECΣ . Another bimodal logic of type D corresponds to Π1 -essentially reflexive extensions of theories of bounded arithmetical complexity. An extension (T, U ) is called Π1 -essentially reflexive, if U RfnΣ1 (T +ϕ) whenever U ϕ. Thus, a Π1 -essentially reflexive extension is never finite. Examples of such extensions among fragments of PA are: (EA, PRA), − (IΣn , IΣR n+1 ), for n ≥ 1, (EA, IΣ1 ), etc. The logic can be axiomatized over CSM by the schema ERΣ :
(ϕ → ((2(ϕ → σ) → σ),
σ ∈ Σ.
THEOREM 113. If U is a sound and (provably) Π1 -essentially reflexive extension of T of bounded arithmetical complexity, then PLT,U = CSM ⊕ ERΣ . 14 CSM
also stands for Carlson–Smorynski–Montagna ´ as suggested by A. Visser.
264
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Obviously, ERΣ implies ECΣ . We do not know whether CSM ⊕ ERΣ is the maximal among all bimodal provability logics of type D containing CSM. Nor do we have examples of provability logics strictly between CSM ⊕ ECΣ and CSM ⊕ ERΣ . Let us now turn to the provability logics of type GLω . Two such logics for natural pairs of theories were described in [Beklemishev, 1994]. They both concern Π1 -axiomatized extensions of theories, that is, when U is obtained from T by adding Π1 -axioms only (and this fact is verifiable). Then PLT,U contains an additional principle P:
(ϕ → 2((⊥ ∨ ϕ)
which follows from provable Σ1 -completeness. Similarly to the proof of Smory´ n ´ski’s theorem one can establish that CSM ⊕ P is the bimodal provability logic for a suitably general Π1 -axiomatized extension. CSM ⊕ P is complete with respect to Carlson models satisfying additional requirements that M0 = K and M1 is downwards closed [Beklemishev, 1994]. Let us call an extension (T, U ) infinitely confident, if U proves k-times iterated consistency for T , for each k ≥ 0. This essentially means that U believes that T has infinite characteristic. For such extensions PLT (U ) contains GLω and PLT,U (EA) satisfies the additional principle IC :
(¬2n ⊥,
for all n ≥ 1.
THEOREM 114. If U is sound, infinitely confident, Π1 -axiomatized and finite extension of T , then PLT,U = CSM ⊕ P ⊕ IC. Here are some typical examples of such pairs of theories: (PA, PA + Con(ZF)), (IΣ1 , IΣ1 + Con(IΣ2 )), etc. The second system corresponds to (provably) reflexive Π1 -axiomatizable extensions, such as (PA, PAω ) or (IΣ1 , IΣ1 + {Con(IΣn ) : n ≥ 1}). An extension (T, U ) is called reflexive, if U Con(T + ϕ) whenever U ϕ. Notice that every reflexive extension is infinitely confident and cannot be finite. This logic can be axiomatized over CSM ⊕ P by the reflexivity axiom R:
(ϕ → (3ϕ.
THEOREM 115. If U is a sound, Π1 -axiomatized and provably reflexive extension of T , then PLT,U = CSM ⊕ P ⊕ R. A remarkable property of the last logic is that it is the supremum of all provability logics for infinitely confident Π1 -axiomatized extensions of theories. Thus, all such logics lie between CSM ⊕ P ⊕ IC and CSM ⊕ P ⊕ R.
PROVABILITY LOGIC
Name M ER ECΣ ERΣ P IC R ConsB
Axiom 2ϕ → (ϕ ((2ϕ → ϕ) ((2σ → σ), where σ ∈ Σ (ϕ → ((2(ϕ → σ) → σ), where σ ∈ Σ (ϕ → 2((⊥ ∨ ϕ) {(¬2k ⊥ : k < ω} (ϕ → (3ϕ (β → 2β, where β ∈ B
265
Examples general extensions (PA, ZF); (IΣn , PA) (IΣn , IΣn+1 ) (EA, PRA); (IΣn , IΣR n+1 ) Π1 -axiomatized extensions (EA, EA + Con(IΣ1 )) (IΣ1 , IΣ1 + {Con(IΣn ) : n < ω}) (PRA, IΣ1 ), (IΣR n , IΣn )
Table 1. Bimodal provability logic axioms We also know that there really are some provability logics between these two [Beklemishev, 1994]. Finally, we describe yet another natural system of type GL formulated in [Beklemishev, 1996] that corresponds to finite extensions of theories of the form (T, T + ϕ), where both T + ϕ and T + ¬ϕ are (provably) conservative over T w.r.t. boolean combinations of Σ1 -sentences. Examples of such pairs 15 are (PRA, IΣ1 ), (IΣR n , IΣn ), for n ≥ 1, and many others. This logic is axiomatized over CSM by the schema ConsB :
(β → 2β,
β ∈ B,
where B denotes the set of boolean combinations of formulas of the form 2ψ and (ψ. THEOREM 116. Assume both T + ϕ and T + ¬ϕ are provably conservative over T for boolean combinations of Σ1 -sentences and U = T + ϕ is sound. Then PLT,U = CSM ⊕ ConsB . The six bimodal logics described above essentially exhaust all nontrivial cases, currently known, for which natural provability logics are explicitly characterized. Remarks 1. It is worth mentioning that all these systems are decidable, and a suitable Kripke-style semantics is known for each of them. The logics CS, CSM and CSM ⊕ P are complete w.r.t. simple classes of Carlson frames and enjoy the finite model property. All the other considered logics do not behave as nicely. 15 These conservation results are known to be provable in EA+ but not in EA (see Section 10.1). However, EA+ is much weaker than T for most of such examples.
266
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
CSM ⊕ P ⊕ IC is complete for a natural class of infinite Carlson frames (satisfying the condition that M1 is downward closed and every point in M1 has infinite depth). All such frames are infinite and the logic, obviously, does not satisfy the finite model property. The other logics, such as CSM ⊕ ER and CSM ⊕ ECΣ , are not complete for any class of standard Kripke frames. This might have been a serious obstacle. Nonetheless, there are translations of these logics to CSM similar to those of the systems S and D to GL. This provides for all such systems a decision procedure and allows for an arithmetical completeness proof in the style of Solovay. On the other hand, [Visser, 1995] devised a nice generalized Kripke semantics for CSM ⊕ ER which is sufficiently well-behaved though the models are infinite. [Wolter, 1998] studied extensions of CSM using the notion of subframe logic. In particular, he showed that every finitely axiomatizable subframe logic containing CSM is decidable (see also [Chagrov et al., 2001]). These methods may become useful for a solution of the general Classification problem for bimodal provability logics. 2. The arithmetical completeness proofs in each case are obtained by suitable modifications of the Solovay construction. Essentially, every theorem of this kind requires a new modification. In such constructions the techniques of D. Guaspari and P. Lindstrom ¨ of constructing partially conservative sentences are very useful [Guaspari, 1979; Lindstr¨ o¨m, 1984]. 3. In all the considered cases of natural bimodal logics we also know the truth provability logic PLT,U (TA). It is axiomatized by closing PLT,U and the soundness schema (ϕ → ϕ under modus ponens and substitution. This relationship cannot, however, hold in general. Consider, e.g., a Π1 axiomatized extension of theories that is reflexive but not provably so. Then the reflexivity axiom belongs to PLT,U (TA) but not to PLT,U . 4. In general, the picture of bimodal provability logics for pairs of r.e. theories still has many white spots. For example, we do not know the axiomatizations of the logics for natural Π1 -conservative extensions such as (EAω , EA+ ) or (IΣ1 + {Con(IΣn ) : n < ω}, PA). The logics of pairs of − R incomparable fragments of PA such as (IΣ1 , IΠ− 2 ) or (IΣ2 , IΠ2 ) have never been investigated. An important subproblem of the general classification problem for bimodal provability logics is to characterize all such logics for the most common types, such as D and GLω . Polymodal provability logic Most of the results in bimodal provability logic can be generalized to polymodal logic. Such a generalization is particularly natural in the modallogical study of progressions of theories — a topic in proof theory that goes
PROVABILITY LOGIC
267
as far back as the work [Turing, 1939]. From the modal logical point of view, however, such a generalization, in all known cases, does not lead to essentially new phenomena compared to the bimodal logics, therefore we shall not go into any details here. Polymodal analogues are known for natural provability logics due to Carlson and Beklemishev. Here, the modal operators correspond to theories of the original Turing–Feferman progressions of transfinitely iterated reflection principles and, thus, are indexed by ordinals of some constructive system of ordinal notation, say, the natural one up to 0 . Iterating full reflection leads to the polymodal analogue of PLPA,ZF , and transfinitely iterated consistency leads to a natural polymodal analogue of provability logics of type GLω . Successor ordinals correspond to finitely axiomatized extensions and limit ordinals to reflexive extensions (see [Beklemishev, 1991; Beklemishev, 1994]).
8.2 Logics with propositional constants Some of the results on bimodal logics described in the previous section can be extended to the so-called provability logics with propositional constants. Let L(2, ) be the language of GL equipped with a tuple c = (c0 , . . . , cn ) of new propositional constants. Fix an interpretation of c by choosing a = (A0 , . . . , An ). Given a realization f , tuple of arithmetical sentences A the arithmetical interpretation fT (ϕ) of a formula ϕ ∈ L(2, ) is defined as usual, except that we stipulate that fT (ci ) = Ai for each i ≤ n. The provability logic PLT,A (U ) is defined as the set of all L(2, )-formulas that are provable in U under every realization f . We let PLT,A be PLT,A (T ). Obviously, the propositions c in PLT,A (U ) really behave as constants: the logic is, in general, not closed under the rule of substitution of formulas for c. However, it is closed under the substitution rule for the other propositional variables of the language. Provability algebraic view Describing propositional logics with constants is very close to describing universal types in the provability algebras. PLT,A represents the set of terms ϕ(c, p ) such that, in the provability algebra of T , there holds p ) = . MT ∀ ∀ p ϕ(A, in the provability algebra MT is the set The universal type of a tuple A of all universal formulas, in the language of MT enriched by the constants In particular, this set c, that are true under the interpretation of c as A. contains PLT,A . The universal types can be exactly characterized in terms of provability logics as follows (compare with Theorem 97).
268
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Let χ(c, p ) be a quantifier-free formula in the language of MT with distinguished parameters c. Let χ ˜ be defined as in Theorem 97. p ) iff χ PROPOSITION 117. MT ∀ ∀ p χ(A, ˜ ∈ PL (TA). T,A
We say that a universal formula ∀ ∀ p χ(c, p ) is realizable in MT , if MT ∃c ∀ ∀ p χ(c, p ). Hence, effectively describing realizable universal formulas is equivalent to deciding the ∃∀-fragment of MT . If one obtains a sufficiently effective classification of provability logics with constants, that would presumably imply a decision procedure for Th∃∀ (MT ). Natural logics with constants We know the characterizations of several natural provability logics with constants. These cases mainly correspond to finite extensions for which we already know the bimodal provability logics. Thus, we know the axiomatizations (and decision procedures), in particular, for the following logics: the logic of IΣn with a constant for IΣn+1 , the logic of IΣ1 with a constant for Con(PA), the logic of PRA with a constant for IΣ1 . These are representative examples of the broader classes of pairs (theory, constant) with the same logics, corresponding to Theorems 112, 114, and 116. We refrain from presenting the axiomatizations here, but refer the reader to [Beklemishev, 1994; Beklemishev, 1996]. Another interesting case has been considered by [Visser, 1992], who characterized the letterless (or, rather, the variable-free) fragment of PLS2 ,exp , where S2 is Buss’ bounded arithmetic [Buss, 1986; Buss, 1998] and exp is the axiom stating the totality of the exponentiation function. This example is interesting because we do not know whether the usual provability logic PLS2 (S2 ) coincides with GL. Translating polymodal logics The bimodal logics PLT,U and PLT,U (V ), where T and U are finite extensions of a given theory V , can be considered as fragments of PLV,A0 ,A1 formulated in the language with two additional constants c0 , c1 for the axioms A0 of T and A1 of U . As in the proof of Theorem 110 one can define a translation (·)∗ by specifying (2ϕ)∗ := 2(c0 → ϕ∗ ) and ((ϕ)∗ := 2(c1 → ϕ∗ ). PROPOSITION 118. ϕ ∈ PLT,U (V ) iff ϕ∗ ∈ PLV,A0 ,A1 . A strong similarity between Kripke models for GL(c0 , c1 ) and Carlson models suggests that, in fact, not too much information is being lost by going from a provability logic with constants to its bimodal fragment. Thus, the problem of classifying polymodal logics and the one of classifying provability logics with constants are very close to each other. However, technically speaking, they seem to be incomparable questions. Polymodal logic allows to speak about non-finitely axiomatizable extensions of theories, whereas
PROVABILITY LOGIC
269
the language with constants is more expressive in the finitely axiomatizable case. Variable-free fragments More information on bimodal provability logics can be extracted from the description of subalgebras of provability algebras. Assume for simplicity that T is a Σ1 -sound theory. Shavrukov’s theorem characterizes all possible variable-free fragments of the logics PLT,A as those propositional theories in the language with constants c that are r.e. and satisfy the strong disjunction property. Thus, any propositional theory satisfying these broad conditions (Notice that in this case we only corresponds to some choice of sentences A. deal with finitely generated subalgebras.) The variable-free fragments of bimodal provability logics are, therefore, the fragments of such propositional theories obtained via the translation (·)∗ . THEOREM 119. Let P be a variable-free theory in the language L(2, (). P is the variable-free fragment of PLT,U (V ) for some (finite) extensions (T, U ) of a Σ1 -sound theory V iff P is r.e. and satisfies the following disjunction property: for any finite set S of formulas of the form 2ϕ or (ψ, P
S
⇒
∃σ ∈ S P σ.
This observation is due to the second author jointly with A. Visser and has not been published.
8.3
Strong provability predicates
Apart from describing the joint behavior of two ‘usual’ provability predicates, each of which alone being well enough understood, bimodal logic has been successfully used for the analysis of some strong, that is, non-r.e. concepts of provability. The notion of n-provability will be especially useful for us in Section 10, where we discuss applications in proof theory. Therefore, we shall slow down and present a few more details on it here. n-Provability and n-Consistency Let T hΠn (N) denote the set of all true arithmetical Πn -sentences. A theory T is called n-consistent if T + T hΠn (N) is consistent. If T is elementary presented, the theory U ≡ T + T hΠn (N) will generally not be r.e., but it can be presented by the Πn -formula AxU (x) := (AxT (x) ∨ TrueΠn (x)),
270
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
where TrueΠn (x) is a truth-definition for Πn -sentences in EA. The corresponding n-provability predicate and n-consistency assertion, n-ProvT (x) := ProvU (x)
and
n-Con(T ) := Con(U ),
will have arithmetical complexity Σn+1 and Πn+1 , respectively. For n = 0 these concepts coincide with the usual ones for T . For brevity, we write [n]T ϕ for n-ProvT (ϕ) and nT ϕ for ¬[n]T ¬ϕ or, equivalently, n-Con(T + ϕ). Thus, [n]T ϕ asserts that ϕ is provable from the axioms of T and some true Πn -sentences. Many properties of n-provability and n-consistency are very similar to those of the usual provability predicate. PROPOSITION 120 (provable Σn+1 -completeness). For any Σn+1 -formula σ(x1 , . . . , xn ) with exactly the variables x1 , . . . , xn free EA σ(x1 , . . . , xn ) → [n]T σ(x˙ 1 , . . . , x˙ n ). PROPOSITION 121. The n-provability predicate [n]T satisfies Bernays– Lob ¨ derivability conditions: L1. T + T hΠn (N) ϕ ⇐⇒ EA + T hΠn (N) [n]T ϕ; L2. EA [n]T (ϕ → ψ) → ([n]T ϕ → [n]T ψ); L3. EA [n]T ϕ → [n]T [n]T ϕ. The following useful lemma shows that n-consistency assertions are equivalent to uniform reflection principles for T (see Section 4.2). PROPOSITION 122 (Reflection). Over EA, n-Con(T ) ≡ RFNΠn +1 (T ). Proof. Recall that RFNΠn +1 (T ) is the schema {∀x(2T ϕ(x) ˙ → ϕ(x)) : ϕ ∈ Πn+1 }. (⇒) If ϕ(x) ∈ Πn+1 , then ¬ϕ(x) implies [n]T ¬ϕ(x), ˙ by Σn+1 -complete˙ implies [n]T (ϕ(x) ˙ ∧ ¬ϕ(x)), ˙ that is, [n]T ⊥. ness. Therefore, 2T ϕ(x) (⇐) If [n]T ⊥, then for some true π ∈ Πn , 2T ¬π, by formalized Deduction theorem. Take ϕ(x) := ¬TrueΠn (x) so that EA π ↔ TrueΠn (π). We have 2T ϕ(π) but ¬ϕ(π).
PROVABILITY LOGIC
271
Japaridze logic [Smory´ n ´ski, 1985] observed that the logic of the n-provability predicate coincides with GL. The proof literally follows the one of Solovay’s theorem. Japaridze logic is the polymodal logic of n-provability predicates for all n’s taken together. Consider the propositional language with the modalities [0], [1], [2], etc. Let f be an arithmetical realization. The arithmetical interpretation fT (ϕ) of a formula ϕ in this language under the realization f is defined as usual, except that now we require, for each n ∈ ω, that fT ([n]ψ) = n-ProvT (ϕ). The system GLP introduced in [Japaridze, 1988; Japaridze, 1986] is given by the following axioms and rules of inference. Axioms:
(i) Axioms of GL for each operator [n];
(ii) [m]ϕ → [n]ϕ, for m ≤ n; (iii) mϕ → [n]mϕ, for m < n. Rules: modus ponens, ϕ [n]ϕ. THEOREM 123 (Japaridze). any polymodal formula ϕ,
For any sound theory T containing EA and
GLP ϕ ⇐⇒ T fT (ϕ),
for any realization f .
Originally, G. Japaridze formulated this result for a somewhat different interpretation of modalities [n]. The history is as follows. [Boolos, 1980] undertook a modal investigation of the concept of ωprovability, the notion dual to the G¨ o¨del’s notion of ω-consistency, and observed that its logic coincides with GL. ω-provability can be described as the provability in arithmetic by one application of ω-rule, that is, provability in the theory n)}. T := T + {∀xϕ(x) : ∀n T ϕ(¯ [Japaridze, 1986] made a great step forward by characterizing the bimodal logic of provability and ω-provability for PA. In fact, he formulated the polymodal logic GLP with the interpretation of [1], [2], etc., as provability in PA closed under 1, 2, etc. nested applications of the ω-rule, that is, provability in PA , PA , etc. Although provability in T is rather similar to 1-provability, it is not the same notion. [Smory´ n ´ski, 1977a] showed that ω-consistency of T is equivalent to the statement RFNΠ3 (T + RFN(T )), which is much stronger than 1-consistency of T . In fact, by Proposition 122, 1-Con(T ) is equivalent to RFNΠ2 (T ). The quantifier complexity of the ω-provability predicate is Σ3 .
272
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Later [Ignatiev, 1993a] simplified Japaridze’s work and thoroughly investigated modal logical properties of GLP. He observed that Japaridze’s theorem holds under more general assumptions than originally stated. In particular, GLP was proved to be arithmetically complete for the n-provability interpretation and, more generally, for the interpretation of [n] as arithmetical predicates satisfying some sufficiently broad assumptions. (We refer the reader to [Ignatiev, 1993a] for an accurate formulation of these assumptions.) Yet another interpretation of GLP was considered in [Boolos, 1993], who proved that the bimodal fragment of GLP is complete with respect to the interpretation of [1] as the Π11 -complete predicate of provability under the ω-rule in second-order arithmetic. The proof essentially followed Ignatiev’s one. Japaridze’s logic is decidable and enjoys a reasonable Kripke semantics. The situation here is similar to that with the other bimodal provability logics such as CSM ⊕ ER. GLP is not, per se, Kripke complete. However, it has a simple translation into a weaker logic GLP− , obtained from GLP by replacing axioms (ii) by the weaker principle [m]ϕ → [n][m]ϕ,
for m ≤ n.
GLP− is already sound and complete with respect to a nice class of (finite) Kripke frames. GLP enjoys the Craig interpolation property and the fixed point property [Ignatiev, 1993a]. More importantly, Ignatiev also found normal forms for letterless formulas in GLP which play a significant role in our Section 10. A very readable treatment of Japaridze’s logic is given in [Boolos, 1993], so we omit any further details here. For the mentioned applications in proof theory only the soundness part of Theorem 123 will be essential. The soundness of GLP directly follows from Σn+1 -completeness of [n]T (Axiom (iii)) and the derivability conditions (Axioms (i) and (ii)). Other strong provability concepts The extension of methods introduced in Section 10 to the proof-theoretic analysis of theories stronger than PA may require the study of yet stronger provability-like concepts. Provability of ϕ in T can also be understood as the statement that ϕ is valid in all models of T . If T is expressive enough to formalize the notion of a model within its own language, we can look at 2 in this modeltheoretic way. This approach is especially useful in set theory, where one also considers various specific classes of models and the corresponding reflection principles. Set-theoretic reflection principles also play a significant role in modern proof-theoretic ordinal analysis, see [Pohlers, 1998; Rathjen, 1994; Rathjen, 1999].
PROVABILITY LOGIC
273
By and large, this area of potential interest is still unexplored from the viewpoint of provability logic. A few first steps, however, have been taken as early as in 1975 by (guess whom?) R. Solovay. He has characterized the logics resulting from the interpretation of 2ϕ as ϕ is valid in all transitive models of ZF and ϕ is valid in all universes Vα , for α inaccessible. The proofs have appeared for the first time in [Boolos, 1993]. Both logics happen to be normal extensions of GL. The first one is axiomatized over GL by the principle I:
2(2ϕ → 2ψ) ∨ 2(2ψ → ϕ).
This logic is characterized by the (finite) Kripke frames (K, ≺) for GL that are converse prewellorders in the sense that ∀x, y, z ∈ K (z ≺ x ⇒ z ≺ y or y ≺ x). The second logic is axiomatized over GL by the linearity principle J:
2(2ϕ → ψ) ∨ 2( ψ → ϕ),
which is characterized by Kripke frames (K, ≺) that are finite strict linear orders (or, more generally, converse well-orders). We refer the reader to [Boolos, 1993] for further details.
8.4 Unusual provability concepts Along with the bimodal study of the natural provability predicates, several researchers undertook a bimodal analysis of some unusual, or even pathological, provability concepts. Rosser and Feferman provability predicates are well-known technical tools in the study of incompleteness in arithmetic. Studies of these and similar notions by means of bimodal logic were mainly motivated by their curious, somewhat human-like, self-correcting behavior. There were also some modest technical uses, related to the properties of interpretability, which were later essentially overshadowed by the interpretability logic. [Visser, 1989] was an influential paper that brought to life a host of these ‘smart children of Peano’ and stimulated further work [Shavrukov, 1991; Shavrukov, 1994]. There were some precursors to that paper, though, most notably [Montagna, 1978; Guaspari and Solovay, 1979; Montagna, 1987b]. Genuine arithmetical completeness results in this area are rare, mostly because nearly all of the unusual provability concepts suffer from the lack of robustness. In other words, the modal properties of these concepts are ¨ numbering or ordering of proofs. dependent on minor details of the Godel (Some examples to that effect are given below.) Therefore, the authors mainly concentrated on partial systems and purely syntactic uses of modality [Visser, 1989; Smory´ n ´ski, 1985]. Yet, there are a few successes that are described below.
274
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Rosser’s provability predicate Using the work [Guaspari and Solovay, 1979], V. Shavrukov [Shavrukov, 1991] found a complete axiomatization of the bimodal logic of the usual and Rosser’s provability predicate for Peano arithmetic. We say that a sentence ϕ is Rosser provable if there is a proof of ϕ such that there is no proof of ¬ϕ with a smaller G¨ o¨del number. Formally, 2R ϕ := ∃y (Prf PA (y, ϕ) ∧ ∀z < y ¬Prf PA (z, ¬ϕ)). Rosser provability has been invented in a classical paper [Rosser, 1936] in order to strengthen G¨ o¨del’s first incompleteness theorem to arbitrary consistent theories containing PA. Externally, since PA is consistent, a sentence is provable in PA iff it is Rosser provable. However, provable properties of the Rosser provability predicate are very much different from those of the natural provability predicate. For example, Rosser’s consistency of PA is a provable fact and Rosser’s provability predicate is not, in general, provably closed under modus ponens. The following principles axiomatize the joint logic of the usual 2 and Rosser’s 2R provability predicates, which is called GR by V. Shavrukov. Axioms:
(i) axiom schemes of GL for 2;
(ii) 2R ϕ → 2ϕ; (iii) 2ϕ → 22R ϕ; (iv) 2ϕ → (2⊥ ∨ 2R ϕ); (v) 32R ϕ → 3ϕ. Rules: modus ponens, ϕ/2ϕ, 2ϕ/ϕ. It was already mentioned above that nonstandard concepts of provability are, as a rule, very unstable. Slight variations of, say, the G¨ o¨del numbering of proofs may result in great changes of the Rosser provability logic principles. For example, one can construct a provability predicate for PA, provably equivalent to the usual one, such that the corresponding Rosser’s provability satisfies the GR-unprovable principle 2R (ϕ → ψ) → (2R ϕ → 2R ψ). Thus, GR actually axiomatizes the minimal set of principles shared by all Rosser’s provability predicates satisfying some reasonable assumptions. V. Shavrukov proves an analog of the uniform arithmetical completeness theorem for GR showing that there is a particular Rosser’s provability predicate whose logic is GR.
PROVABILITY LOGIC
275
Guaspari–Solovay logic The logic of Rosser provability can be seen as a fragment of the provability logic with witness comparison earlier introduced in [Guaspari and Solovay, 1979]. In their very insightful paper, Guaspari and Solovay enriched the language of GL by new connectives ≺ and # to allow formulas of the form 2ϕ ≺ 2ψ and 2ϕ # 2ψ. The intended arithmetical interpretation of these formulas are statements there is a proof of ϕ such that no proof of ψ has a smaller or equal (resp., smaller) G¨del ¨ number. Thus, 2R ϕ can be expressed by 2ϕ # 2¬ϕ. [Guaspari and Solovay, 1979] characterized the minimal set R of principles of 2, ≺, # shared by all reasonable provability predicates. The system R is extensively treated in [Smory´ n ´ski, 1985], therefore we do not present any further details here. One remark, however, is in order. The conditions on the class of provability predicates considered in [Guaspari and Solovay, 1979] are less restrictive than those from [Shavrukov, 1991]. Indeed, any proof predicate satisfies either 2( ∧ ) # 2( ∨ ) or 2( ∨ ) # 2( ∧ ). Neither principle, of course, belongs to R. Therefore R, unlike GR, cannot be the logic of any single proof predicate. Moreover, the arithmetical completeness proof of [Guaspari and Solovay, 1979] requires the use of multi-conclusion proof predicates, a property that is not shared by the usual proof predicate. In this sense, the arithmetical completeness result for GR is stronger than the one we have for the richer language of R. On the other hand, if one is mainly interested in purely syntactical uses, R appears to be more convenient. It allows to formalize a number of standard arithmetical arguments involving fixed points (see [Smory´ n ´ski, 1985]). Feferman’s provability predicate In order to examine conditions necessary for the validity of G¨ o¨del’s second incompleteness theorem, [Feferman, 1960] introduced another pathological provability predicate for PA. It also turned out to be a very useful technical tool in the study of interpretability. Let PA n denote a sequence of finite subtheories of PA such that PA ≡ n≥0 PA n. We say that a sentence ϕ is Feferman provable, if for some n such that PA n is consistent, PA n ϕ. Feferman’s provability predicate 2F is just a formalization of this statement. It is obvious that, externally, a sentence is Feferman provable iff it is provable in PA. This is not obvious from the point of view of PA, though, because PA easily proves its own Feferman consistency. For most of the known technical applications of the Feferman provability the choice of a specific sequence of finite subtheories PA n is immaterial. However, the logic and certain results on the number of fixed points heavily
276
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
depend on such a choice [Smory´ n ´ski, 1989]. [Shavrukov, 1994] considered the sequence PA n := IΣn and showed that this sequence allows for a nice axiomatization of the bimodal logic of the natural and the Feferman provability predicates. The logic turns out to be decidable. The arithmetical completeness proof in this case is based on a modification of the Solovay construction similar to the one used in interpretability logic [Berarducci, 1990; Visser, 1991; Japaridze, 1994]. Some other neglected children Shavrukov’s work on Feferman predicate was preceded by [Visser, 1995], a paper that appeared in 1987 in the form of a preprint. Apart from the development of Kripke semantics for bimodal logics, in that paper the concept of provability in PA from ‘non-standardly finitely many’ axioms was bimodally characterized. The resulting system can be obtained from CSM by adding the axiom schema (ψ ∧ ¬2ψ → ((2ϕ → ϕ) and, thus, is akin to CSM ⊕ ER. Another interesting proof predicate was considered by [Lindstr¨ o¨m, 1994]. Say that a sentence ϕ is Parikh provable, if it is provable in PA together with the inference rule 2ψ/ψ, where 2 is the usual provability in PA. Clearly, the Parikh rule is conservative over PA, so externally Parikh provability coincides with the usual one. Moreover, it is r.e. and satisfies Bernays– Lob ¨ derivability conditions. However, [Parikh, 1971] showed that this rule shortens some proofs in a non-provably recursive manner. Therefore, Parikh o¨m, 1994] provability is not provably equivalent to the usual one. [Lindstr¨ showed that the bimodal logic of the usual 2 and Parikh provability ( is axiomatized over CSM by (ϕ ↔ (2ϕ. Additional early results in bimodal logic, e.g., a bimodal analysis of the so-called Mostowski operator, can be found in [Smory´ n ´ski, 1985]. 9
PROVABILITY LOGIC IN INTUITIONISTIC ARITHMETIC
A challenging remaining problem in provability logic is the characterization of the propositional provability logic for Heyting arithmetic, HA. This problem is one of the main concerns for the Dutch school of provability logic from the end of the 70’s (see, e.g., [Visser, 1981]). Indeed, the provability logic properties of intuitionistic and constructive provability turn out to be more complicated than those of the classical provability. Although a solution of this problem, so far, has proved to be rather elusive, a significant amount of effort has been invested to this area and
PROVABILITY LOGIC
277
interesting partial results have been found there, in particular, in the recent years. Here we quickly review main developments in this fascinating field. We presuppose some familiarity with the intuitionistic logic and its Kripke models.
9.1 Intuitionistic arithmetic: background Heyting arithmetic HA is the intuitionistic counterpart of PA. In other words, it can be axiomatized exactly as PA over the intuitionistic predicate calculus IQC. Intuitionistic versions of the other arithmetical theories can be formulated similarly. The axiomatization should, however, be chosen carefully: e.g., the least element principle intuitionistically implies the law of excluded middle. Also, we do not have prenex normal form theorem for IQC. The prenex formula classes Πn and Σn , in general, are intuitionistically too restrictive. See [Burr, 2000] for an attempt to define proper intuitionistic analogues of these classes. Yet, the theories such as iEA and iIΣ1 are wellbehaved and roughly relate to their classical counterparts as HA to PA. Here, ‘i’ indicates that the underlying logic is the intuitionistic one, whereas the nonlogical axioms of these systems are the same as those in the classical case. See [Troelstra, 1973; Troelstra and van Dalen, 1988] for standard sources on intuitionistic metamathematics. The usual process of arithmetization of syntax is constructive and therefore can be carried out in iEA. In particular, the provability predicate for HA or, for that matter, for any other elementary presented theory T , can be formulated as a Σ1 -formula. Moreover, this formula satisfies the usual Lob’s ¨ derivability conditions within iEA. The definitions of provability interpretation and of provability logic of a theory w.r.t. a metatheory carry over without any change. PLHA (HA) will denote the provability logic of Heyting arithmetic that we are particularly interested in.
9.2
Some valid principles
It is not difficult to convince oneself that, once we have the derivability conditions, the proof of the fixed-point lemma, and therefore that of L¨ o¨b’s theorem, can be carried out in iEA. Consequently, the logic PLT (iEA), and hence also PLT (HA), contains the axioms and rules of GL formulated over the intuitionistic propositional logic IPC. We denote this basic system by iGL. It was immediately clear that PLHA (HA) satisfies some additional principles. A number of such independent principles were found by [Visser, 1981].
278
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
EXAMPLE 124. HA is closed under the so-called Markov’s rule (see [Troelstra, 1973]): HA ¬¬π ⇒ HA π, where π is a Π2 -formula. This can be proved constructively using the socalled Friedman–Dragalin translation. Thus, a proof of this fact can be formalized in HA itself, therefore PLHA (HA) contains the principle 2¬¬2ϕ → 22ϕ. A more general provable form of the same principle is as follows: n n Ma : 2¬¬(2ψ → i=1 2ϕi ) → 2(2ψ → i=1 2ϕi ). EXAMPLE 125. The disjunction property for HA is the statement that, whenever HA ϕ ∨ ψ, one has HA ϕ or HA ψ. This can be written down as DP : 2(ϕ ∨ ψ) → 2ϕ ∨ 2ψ. However, [Friedman, 1975b] has shown that the proof of disjunction property cannot be formalized in HA itself. In fact, this property is equivalent over iEA, assuming Con(HA), to RFNΣ1 (HA). Even if one restricts the attention to the local (or sentential) disjunction property, it is not formalizable in HA. Let ρ be the Rosser sentence for HA, that is,
iEA ρ ↔ ∃x (Prf HA (x, ρ) ∧ ∀y ≤ x ¬Prf HA (x, ¬ρ)). We also let ρ⊥ denote ∃x (Prf HA (x, ¬ρ) ∧ ∀y < x ¬Prf HA (x, ρ)). Then HA 2HA 2HA ⊥
→
2HA (ρ ∨ ρ⊥ )
→
2HA ρ ∨ 2HA ρ⊥ ,
→
2HA ⊥,
assuming DP
which contradicts L¨ ¨ ob’s Theorem.
Hence, the formula DP does not belong to PLHA (HA), but it does belong to PLHA (HA + RFNΣ1 (HA)). EXAMPLE 126. The previous example has been repaired by D. Leivant who found a weakening of the disjunction property that was already provable in HA: Le : 2(ϕ ∨ ψ) → 2(2ϕ ∨ ψ). This principle was formulated by D. Leivant in his Ph.D. thesis, for a proof of this fact see [Visser, 2002b].
PROVABILITY LOGIC
279
9.3 Partial completeness results As it was mentioned above, the analog of Solovay’s theorem for HA is unknown. For all we know, the logic PLHA (HA) may even be Π2 -complete. However, partial arithmetical completeness results for some, rather weak, fragments of the modal logic language are known. Basically, there are three meaningful fragments of PLHA (HA) that have been characterized: the boxfree fragment, the ‘admissible rules’ fragment and the letterless fragment. De Jongh theorem In contrast with the classical provability, already the characterization of the 2-free fragment of PLHA (HA) constitutes an important nontrivial result known as de Jongh’s theorem [de Jongh, 1970; Smory´ n ´ski, 1973]. THEOREM 127 (de Jongh). For any formula ϕ of IPC, IPC ϕ ⇐⇒ ϕ ∈ PLHA (HA). In fact, D. de Jongh proved a much stronger result for the predicate intuitionistic logic IQC, not just for IPC. A number of different proofs and strengthenings of this theorem have been found since, for an overview see [Visser, 1999]. In particular, [Friedman, 1975c] obtained a result analogous to the uniform Solovay theorem. He showed that the free Heyting algebra on countably many generators is embeddable into the Lindenbaum Heyting algebra of HA. Later A. Visser [Visser, 1985; de Jongh and Visser, 1996] optimized the logical complexity of the embedding by showing that the generators can be chosen to be Σ1 -sentences. We call an arithmetical realization f a Σ1 -realization if f (p) ∈ Σ1 for each propositional letter p. THEOREM 128 (Friedman, Visser). There is a Σ1 -realization f such that IPC ϕ ⇐⇒ HA f (ϕ), for any formula ϕ of IPC. Analogs of de Jongh’s theorem also hold for the provability logics of HA plus the extended Church thesis ECT0 and some other systems [Gavrilenko, 1981; Visser, 1981]. Admissible rules Recall that a propositional inference rule ϕ/ψ is admissible in a logic L, if for every substitution σ of formulas of L for propositional variables, we have L σ(ϕ) ⇒ L σ(ψ).
280
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Similarly, the rule is admissible in an arithmetical theory T if, for every realization f , T f (ϕ) ⇒ T f (ψ). The simplest example of a (nontrivial) admissible rule in IPC is the independence of premise rule: IP: IPC ¬ϕ → ψ ∨ θ ⇒ IPC (¬ϕ → ψ) ∨ (¬ϕ → θ). A well-known result obtained in [Rybakov, 1984; Rybakov, 1997] is that the property of a rule being admissible in IPC is decidable. [Visser, 1999] showed that the propositional admissible rules for HA are the same as those for IPC. (In contrast, recall that in Section 7.12 we showed that the modal admissible rules of PA are not the same as those of GL.) It is clear that any admissible propositional inference rule ϕ/ψ in HA (equivalently, IPC) delivers a principle of the provability logic PLHA (TA) of the form 2ϕ → 2ψ. (∗) The question is whether such principles also belong to PLHA (HA). Recently this question has been answered affirmatively; here is the story. Although V. Rybakov proved that the set of admissible rules for IPC does not have a finite basis, A. Visser and D. de Jongh suggested an infinite (elementary) set of specific provably admissible rules and conjectured that it essentially constitutes an axiomatization of the set of all admissible rules. Building on the work [Ghilardi, 1999], R. Iemhoff [Iemhoff, 2001b] proved the conjecture of A. Visser and D. de Jongh, thus characterizing the set of all admissible rules of IPC. From the characterization by R. Iemhoff and the results by A. Visser it also follows that all admissible rules in IPC are HAprovably admissible in HA. Therefore, any principle of the form (∗), where the rule ϕ/ψ is admissible in IPC, belongs to PLHA (HA) and vice versa, if a formula of the form 2ϕ → 2ψ where ϕ and ψ are box-free belongs to PLHA (HA), then the rule ϕ/ψ is (provably) admissible in IPC. Letterless fragment A. Visser [Visser, 1985; Visser, 2002b] proved that the letterless fragment of PLHA (HA) is decidable. Essentially, he proved a (weak) normal form result for letterless formulas in PLHA (HA). Define 2∞ ⊥ := . THEOREM 129 (Visser). For any letterless formula ϕ, one can effectively find an α ∈ ω ∪ {∞} such that HA 2HA ϕHA ↔ 2α HA ⊥. For any letterless formula ϕ we have HA ϕHA ⇐⇒ HA 2HA ϕHA .
PROVABILITY LOGIC
281
Therefore, we can decide if ϕ ∈ PLHA (HA) by bringing 2ϕ to the form 2α ⊥ and checking if α = ∞ (the formulas 2n ⊥ for n < ∞ are never provable because they are false). COROLLARY 130. The letterless fragment of PLHA (HA) is decidable. The proof of Visser’s theorem contains two essential ingredients. The first one is an algorithm of bringing ϕ to a formula in a special no-nestedimplications-on-the-left (NNIL) form. The role of such formulas is best to be understood in terms of admissible rules for Σ1 -realizations, as explained below. The second ingredient is a special G¨ o¨del-style translation that we call Beeson–Visser translation. It will be dealt with in the section devoted to the proof of Visser’s theorem. Further, we survey the results on general admissible rules for HA and IPC and the corresponding fragment of PLHA (HA) in Section 9.8.
9.4
Admissible rules for Σ1 -realizations
[Visser, 1985; Visser, 2002b] studied the provability logic of HA under the arithmetical realizations f such that f (p) is a Σ1 -formula, for any propositional variable p. We call such realizations Σ1 -realizations. This restriction is sufficiently natural because Σ1 -sentences are ‘constructive’. It also turned out to be technically useful, in particular, in the study of the letterless fragment of PLHA (HA). The notion of Σ1 -realization is intrinsically linked with the notion of a NNIL-formula. NNIL-formulas are those formulas of IPC that have no nestings of implications on the left. Formally, NNIL is the minimal class of formulas containing propositional letters, ⊥, , and closed under ∧, ∨ and the following formation rule: ϕ is implication-free and ψ ∈ NNIL ⇒ (ϕ → ψ) ∈ NNIL. As usual, ¬ϕ is understood as an abbreviation for ϕ → ⊥. It is not difficult to verify that there are at most finitely many nonequivalent NNIL-formulas in n variables. A natural semantic characterization of NNIL-formulas was obtained by A. Visser and with a different proof by J. van Benthem (see [Visser, 1994; Visser, 2002b; Visser et al., 1995]). THEOREM 131. Let ϕ be an IPC-formula. The following statements are equivalent: (i) ϕ is equivalent to a NNIL-formula. (ii) For every Kripke model K ϕ and every subset M ⊆ K, if M is the restriction of K to M , then M ϕ. The next theorem is a central result on NNIL that has several applications in arithmetic. In particular, it gives a description of propositional admissible
282
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
rules in HA for Σ1 -realizations. The theorem was proved by A. Visser as early as in 1985, but the journal publication has only recently appeared in [Visser, 2002b]. A proof consists of an algorithm of bringing a given formula ϕ to a NNIL-form, eventually decreasing the number of nested implications on the left, while preserving the admissible consequence relation. THEOREM 132. For every IPC-formula ϕ we can effectively find a NNILformula ϕ such that ϕ ψ ⇐⇒ ϕ/ψ is an admissible rule in HA for Σ1 -realizations, in other words, ϕ ψ iff for every Σ1 -realization f , HA f (ϕ) ⇒ HA f (ψ). Notice that the rule ϕ/ϕ is admissible for Σ1 -realizations and ϕ is uniquely defined up to logical equivalence. COROLLARY 133. Admissibility of a rule under Σ1 -realizations in HA is decidable. From the proof of Theorem 132 one can conclude that any admissible rule for Σ1 -realizations is also provably admissible. (See also Section 9.8 below.) So, one can infer some additional principles for the provability logic of HA. Indeed, if ϕ is any formula of IPC and ϕ◦ denotes the result of replacing all variables pi occurring in ϕ by 2pi , then the formula 2ϕ◦ → 2(ϕ )◦ belongs to PLHA (HA). EXAMPLE 134 ([Visser, 1981]). Using the algorithm from the proof of Theorem 132 one observes that (¬¬p → p) is p ∨ ¬p. (One could also independently conclude this using the Friedman–Dragalin translation.) Therefore, we have within HA: 2(¬¬2ϕ → 2ϕ)
→ →
2(¬2ϕ ∨ 2ϕ) 2(2¬2ϕ ∨ 2ϕ)
by Leivant’s principle
→ 2(2⊥ ∨ 2ϕ) → 22ϕ. So, the following is a principle of PLHA (HA): 2(¬¬2ϕ → 2ϕ) → 22ϕ. Now we turn to the Beeson–Visser translation.
PROVABILITY LOGIC
9.5
283
HA∗ and Beeson–Visser translation
In many results on the provability logic of HA another intuitionistic theory, called HA∗ , plays a role. HA∗ is simpler than HA in many respects. On the other hand, it is sufficiently conservative over HA, so the results obtained for HA∗ can sometimes be transferred to HA. o¨del’s, that was Behind HA∗ hides a rather natural translation, akin to G¨ suggested in [Beeson, 1975] and further simplified in [Visser, 1982]. For any formula ϕ of HA, let ϕ2 be defined as follows. (i) ϕ2 = ϕ, if ϕ is an atomic formula of HA; (ii) (·)2 commutes with ∧, ∨, ∃; (iii) (ϕ → ψ)2 = 2HA (ϕ2 → ψ 2 ) ∧ (ϕ2 → ψ 2 ); (iv) (∀x ϕ(x))2 = 2HA (∀x ϕ2 (x)) ∧ ∀x ϕ2 (x). To have some feeling about working of this translation we note the following property. LEMMA 135. For any HA-formula ϕ, HA ϕ2 → 2HA ϕ2 . Proof. This is an easy induction on the build-up of ϕ. For atomic formulas the claim is obvious. If ϕ is an implication or begins with a universal quantifier, the statement follows from the clauses (iii) and (iv). In all other cases, an application of the induction hypothesis is sufficient. For example, (ϕ ∨ ψ)2 implies ϕ2 ∨ ψ 2 , hence 2ϕ2 ∨ 2ψ 2 and 2(ϕ2 ∨ ψ 2 ). LEMMA 136. For any formula σ ∈ Σ1 , HA σ ↔ σ 2 . Proof. It is clearly sufficient to prove the claim for ∆0 -formulas σ. The nontrivial cases are when σ is an implication or begins with a (bounded) universal quantifier. Let σ = (ϕ → ψ). Then σ 2 is equivalent to HA (ϕ2 → ψ 2 ), and hence it implies ϕ → ψ, by the induction hypothesis. Vice versa, ϕ → ψ implies HA (ϕ → ψ), by provable Σ1 -completeness of HA, therefore also
HA (ϕ2 → ψ 2 ), by the induction hypothesis. Bounded universal quantifiers are treated similarly. LEMMA 137. For any formula ϕ, if HA ϕ then HA ϕ2 . Proof. This is straightforward for all the logical axioms and inference rules. The quantifier-free axioms of HA are preserved, by the previous lemma. The translation of the induction schema looks essentially as follows: ϕ2 (0) ∧ HA ∀x HA (ϕ2 (x) → ϕ2 (x + 1)) → HA ∀xϕ2 (x),
284
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
where we omitted some outer boxes. Now, the conclusion ∀xϕ2 (x) follows from the usual induction schema in HA. The formula 2HA ∀xϕ2 (x) can be inferred from 2HA ∀x (ϕ2 (x) → ϕ2 (x + 1)) and 2HA ϕ2 (0), where one uses Lemma 135 to obtain 2HA ϕ2 (0) from ϕ2 (0). We let HA∗ be the set of all ϕ such that HA ϕ2 . HA∗ is obviously deductively closed and, by the previous lemma, contains HA. The corresponding provability predicate can be defined by 2HA∗ ϕ := 2HA ϕ2 . LEMMA 138. HA∗ proves its own completeness principle: HA∗ ϕ → 2HA∗ ϕ. Proof. We prove that the translation of the completeness principle is provable in HA. By Lemma 135, ϕ2 implies 2HA ϕ2 . This formula is Σ1 , so by Lemma 136, it implies (2HA ϕ2 )2 . [Visser, 1982] showed that, under some natural assumptions, HA∗ can be axiomatized over HA by its own completeness principle. The role of the completeness principle is similar to that of Church thesis w.r.t. Kleene realizability translation. The completeness principle is classically false, therefore HA∗ is not sound, but this does not make HA∗ inconsistent. In fact, it is sufficiently conservative over HA. We will need the following conservation result, which is not optimal but will do for a proof of Visser’s theorem. LEMMA 139. Let ϕ ∈ NNIL, and let f be a Σ1 -realization. Then HA f (ϕ)2 → f (ϕ). Proof. Induction on the build-up of ϕ. The only nontrivial case is when ϕ = (ψ → θ). Since ψ is implication-free, f (ψ) is HA-equivalent to a Σ1 formula. Then f (ψ → θ)2 is equivalent to HA (f (ψ)2 → f (θ)2 ). We show that HA f (ψ) → f (θ). Assume f (ψ). By Lemma 136, we obtain f (ψ)2 , hence f (θ)2 . By the induction hypothesis f (θ)2 implies f (θ), as required. The previous lemma is formalizable in HA. Together with Lemma 137 this yields the following corollary. COROLLARY 140. Let ϕ ∈ NNIL, and let f be a Σ1 -realization. Then HA 2HA∗ f (ϕ) ↔ 2HA f (ϕ)2 ↔ 2HA f (ϕ).
PROVABILITY LOGIC
285
9.6 Proof of Visser’s theorem Here we prove Theorem 129. Let ϕ be a given letterless modal formula. We show by induction on ϕ that 2ϕ is equivalent to 2α ⊥, for a suitable α. Note that ϕ can be seen as a boolean combination of formulas of the form 2ψi . So, by induction hypothesis, it is sufficient to show the statement of the theorem for any boolean combination of formulas of the form 2αi ⊥. So, let ϕ = ψ(2α1 ⊥, . . . , 2αn ⊥), where ψ(p1 , . . . , pn ) is box-free. Notice that the arithmetical interpretations of formulas 2αi ⊥ are Σ1 . Let f be the i realization f mapping pi to 2α HA ⊥. Applying Theorem 132 to f , we obtain HA 2HA ϕHA
↔ →
2HA f (ψ ) 2HA f (ψ )2 ,
by Corollary 140.
(3)
Now we prove by induction on the length of an IPC-formula θ the following lemma. LEMMA 141. For any IPC-formula θ there is an α such that HA f (θ)2 ↔ 2α HA ⊥. Proof. The basis of induction is clear. Further, notice that for any α, β, β HA 2α HA ⊥ → 2HA ⊥ ⇐⇒ α ≤ β.
This implies that formulas of the form 2α HA ⊥ are closed under conjunction and disjunction modulo equivalence in HA, so we only have to treat the case θ = (A → B). By the induction hypothesis, we may assume that f (A)2 is equivalent to β 2 a formula 2α HA ⊥ for some α, and HA f (B) ↔ 2HA ⊥, for some β. We have HA f (A → B)2
↔
HA (f (A)2 → f (B)2 )
↔
β
HA (2α HA ⊥ → 2HA ⊥).
The latter formula is equivalent, by L¨ o¨b’s theorem, to 2βHA ⊥ if β < α, and to , otherwise. Visser’s theorem now follows from this lemma and (3).
9.7
Subalgebras of the Lindenbaum Heyting algebras
Another important application of HA∗ is the Visser–de Jongh characterization of its subalgebras that bears consequences on the subalgebras of HA. [de Jongh and Visser, 1996] proved that positive Heyting algebras satisfying
286
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
the disjunction property are precisely the algebras embeddable in the Lindenbaum algebra of HA∗ . We formulate their result in terms of intuitionistic propositional theories. A propositional theory P in the language of IPC satisfies the disjunction property, if P ϕ ∨ ψ implies P ϕ or P ψ, for any formulas ϕ, ψ. As before, we say that P is realizable in a theory T , if there is an arithmetical realization f such that P ϕ ⇐⇒ T f (ϕ). P is Σ1 -realizable, if f can be chosen to be a Σ1 -realization. Obviously, any propositional theory realizable in HA∗ satisfies the disjunction property because HA∗ does so: HA (ϕ ∨ ψ)2 ⇒ HA ϕ2 ∨ ψ 2 ⇒ HA ϕ2 or HA ψ 2 . The disjunction property turns out to be sufficient for the realizability of r.e. propositional theories in HA∗ . THEOREM 142 (de Jongh, Visser). Any r.e. propositional theory P satisfying the disjunction property is Σ1 -realizable in HA∗ . This theorem is analogous to Shavrukov’s characterization of r.e. subalgebras of the provability algebra of PA. In fact, it is proved by an adaptation of a corresponding method of V. Shavrukov and D. Zambella, which in this situation even becomes technically simpler. However, a suitable characterization of subalgebras of the Lindenbaum Heyting algebra of HA itself, and of realizable propositional theories in HA, remains an open problem. A. Visser proved the following corollary about Σ1 -realizable theories. COROLLARY 143. Let P be a propositional theory in the language of IPC. Then P is Σ1 -realizable in HA iff P can be axiomatized by NNIL-formulas and has the disjunction property. Proof. Assume that P is Σ1 -realizable by f . It is sufficient to show that P is closed under the operation (·) . If P ϕ, then HA f (ϕ). However, by Theorem 132, we have, for any Σ1 -realization g, HA g(ϕ) ⇒ HA g(ϕ ). It follows that HA f (ϕ ) and P ϕ . Suppose P is axiomatized by NNIL-formulas and has the disjunction property. Then P is realizable in HA∗ by a Σ1 -realization f , that is, P ϕ ⇐⇒ HA∗ f (ϕ). In particular, HA∗ f (A), for every A ∈ P . By Corollary 140, we have HA∗ f (A) ⇐⇒ HA f (A),
PROVABILITY LOGIC
287
therefore, HA f (A). Hence, P ϕ implies HA f (ϕ), for any formula ϕ. On the other hand, P ϕ implies HA∗ f (ϕ), and hence HA f (ϕ) because HA∗ contains HA. Hence, f is a Σ1 -realization of P in HA. We also remark that a Σ1 -realizable propositional theory in finitely many variables is axiomatizable by a single NNIL-formula because there are no more than finitely many non-equivalent NNIL-formulas in those variables. Another corollary of the previous result is the above mentioned uniform version of de Jongh’s theorem (Theorem 128) stating that the empty propositional theory is Σ1 -realizable in HA.
9.8
Admissible rules
Here we give a number of characterizations of admissible rules in IPC due to S. Ghilardi and R. Iemhoff. Visser–Iemhoff calculus A. Visser and D. de Jongh (unpublished) suggested an infinite series of admissible rules in IPC and conjectured that they form a basis of admissible rules. [Iemhoff, 2001b] later proved their conjecture. The form of the rules is sufficiently intricate. First, we introduce an abbreviation. Define (A)(B1 , . . . , Bn ) := (A → B1 ) ∨ . . . ∨ (A → Bn ). Visser’s rule (V Vn ) is as follows: (A → (B ∨ C)) ∨ D (A)(E1 , . . . , En , B, C) ∨ D, n where A = i=1 (Ei → Fi ). A formula D is hanging around for purely technical reasons of generality: by the disjunction property, the rule with D is admissible iff the one without D is. Yet, since the disjunction property is not an inference rule, we have to keep D around to include these trivial variants as derived rules. PROPOSITION 144 (de Jongh, Visser). For each n, the rule (V Vn ) is admissible in IPC. Proof. Assume the premise is derivable and the conclusion is not. Then none of the formulas (A → Ei ), (A → B) and (A → C) is derivable. Take the disjoint union of the countermodels for these formulas and attach a new root b to it. Since the premise is derivable, it is true at b, but none of the formulas B, C and Ei can be true at b. Hence, A is false at b. But then,
288
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
since A is true everywhere except for b, one of the formulas Ei must be true at b. A contradiction.16 We will write ϕ ψ, if IPC ϕ → ψ, and ϕ VI ψ, if ψ is provable from ϕ using intuitionistic logic and the rules (V Vn ). (VI stands for Visser and Iemhoff.) For obvious reasons we obtain COROLLARY 145. ϕ VI ψ implies that the rule ϕ/ψ is admissible in IPC. Iemhoff models R. Iemhoff introduced an appropriate notion of Kripke model for the consequence relation VI . We call a Kripke model K for IPC an Iemhoff model, if every finite set of nodes {u1 , . . . , un } in K has a tight predecessor, that is, a node u such that u # u1 , . . . , un ∧ ∀y % u ∃i ≤ n (ui # y). An Iemhoff model is locally finite if every of its generated submodels is finite. The following important theorem [Iemhoff, 2001b] is a combination of the results by S. Ghilardi and R. Iemhoff. THEOREM 146. The following statements are equivalent: (i) A rule ϕ/ψ is admissible in IPC; (ii) ϕ VI ψ; (iii) ψ is valid in all (locally finite) Iemhoff-models, where ϕ is valid. We omit the proof, but note that the implication (ii)⇒(i) is Corollary 145. The implication (iii)⇒(ii) was proved by R. Iemhoff using a canonical model construction. The implication (iii)⇒(i) is, essentially, a reformulation of a result of [Ghilardi, 1999]. We also mention without proof the following result from [Ghilardi, 1999] that parallels Theorem 132. THEOREM 147 (Ghilardi). For every formula ϕ of IPC one can effectively construct a formula ϕ∗ such that a rule ϕ/ψ is admissible in IPC iff ϕ∗ ψ. S. Ghilardi calls such a formula ϕ∗ projective approximation of ϕ. As a corollary one obtains another proof of Rybakov’s theorem. COROLLARY 148 (Rybakov). Admissibility of an inference rule in IPC is decidable. 16 Essentially the same argument, but now with Kripke models for HA, shows that the rules (V Vn ) are admissible in HA. This proof is not, as it stands, formalizable in HA, though.
PROVABILITY LOGIC
289
Σ1 -preservativity A. Visser noted that the rules (V Vn ) are also valid for a certain arithmetical interpretation. Say that an arithmetical formula ϕ Σ1 -preserves ψ if for every Σ1 -sentence C, C HA ϕ implies C HA ψ. A propositional (modal) formula ϕ Σ1 -preserves ψ, if fHA (ϕ) Σ1 -preserves fHA (ψ), for every arithmetical realization f . We say that ϕ Σ1 -preserves ψ provably in HA if for every realization f , HA “fHA (ϕ) Σ1 -preserves fHA (ψ)”. [Visser, 2002b] obtained the following result. THEOREM 149. For any IPC-formulas ϕ, ψ the following statements are equivalent: (i) ϕ VI ψ; (ii) ϕ Σ1 -preserves ψ provably in HA; (iii) ϕ Σ1 -preserves ψ; (iv) ϕ/ψ is (provably) admissible in HA; (v) ϕ/ψ is admissible in IPC. Proof. The implication (i)⇒(ii) is proved by the so-called de Jongh translation, we omit the proof. The implications (ii)⇒(iii), (iii)⇒(iv) and (iv)⇒(v) are easy. The implication (v)⇒(i) follows from Theorem 146. The following corollary was earlier obtained with a different proof in [Visser, 1999]. COROLLARY 150. Admissible rules for HA and IPC are the same. By virtue of (ii) this theorem, in particular, characterizes the ‘admissible rules’ fragment of PLHA (HA). COROLLARY 151. For any box-free formulas ϕ, ψ, (2ϕ → 2ψ) ∈ PLHA (HA) ⇐⇒ ϕ VI ψ. Σ1 -preservativity can be understood as a modality that is similar (and classically equivalent) to the dual Π1 -conservativity modality of interpretability logic. The provability logic of HA can then be viewed as a fragment of the preservativity logic. Despite the more complicated language, using preservativity logic is technically advantageous in the study of the provability logic of HA, for the system allows to more naturally express certain principles that are built into PLHA (HA). Here we formulate the axioms
290
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
of the preservativity logic of HA and formulate a current conjecture about PLHA (HA). The language of the preservativity logic is obtained from that of IPC by adding a binary modality . 2ϕ goes as an abbreviation for ϕ. Preservativity logic is given by the following axioms and inference rules: Axioms: 1. Tautologies of IPC 2. ϕ ψ ∧ ψ θ → ϕ θ 3. θ ϕ ∧ θ ψ → θ (ϕ ∧ ψ) 4. ϕ θ ∧ ψ θ → (ϕ ∨ ψ) θ 5. ϕ 2ϕ 6. (2ϕ → ϕ) ϕ 7. ϕ ψ → (2θ → ϕ) (2θ → ψ) 8. (Visser’s n scheme) (α → (β ∨ γ)) (α)(ϕ1 , . . . , ϕn , β, γ), where α = i=1 (ϕi → ψi ) and the operation (·)(· · · ) is defined as follows: (α)(β1 , . . . , βn ) =
n
(α)(βi )
i=1
(α)(⊥) (α)(γ1 ∧ γ2 ) (α)(2γ) (α)(β)
= ⊥ = (α)(γ1 ) ∧ (α)(γ2 ) = 2γ = (α → β), if β is not of the form ⊥, 2γ or γ1 ∧ γ2 .
Rules of inference: modus ponens; ϕ → ψ/ϕ ψ (preservation rule). The arithmetical interpretation of the language of preservativity logic is defined as usual except that now fHA (ϕ ψ) denotes the arithmetical formula expressing that fHA (ϕ) Σ1 -preserves fHA (ψ). Notice that Visser’s scheme is now more general than the one considered before because of the richer language we are working in. It has been shown by A. Visser that all the axioms and rules of preservativity logic are sound w.r.t. the intended preservativity interpretation. In particular, the validity of Axiom 4 follows from the disjunction property. However, unlike the disjunction property, this schema is also verifiable in HA. From Axiom 2 one concludes ϕ ψ → (2ϕ → 2ψ).
PROVABILITY LOGIC
291
It follows that Axioms 5 and 6 strengthen the transitivity axiom and L¨ o¨b’s axiom of provability logic, respectively. It is open, whether the above preservativity logic is arithmetically complete. R. Iemhoff and A. Visser conjecture that it is. For one thing, we know that this system derives all the principles of PLHA (HA) known so far. In particular, Leivant’s principle follows from Axioms 4 and 5, and Markov’s principle is derivable from Visser’s principle. Thus, the current conjecture is that PLHA (HA) is the 2-fragment of the preservativity logic given by the above principles. [Iemhoff, 2001a; Iemhoff, 2001c] developed suitable Kripke semantics for the preservativity logic. We refrain from formulating it here, but refer the interested reader to the original publications.
10
APPLICATIONS IN PROOF THEORY
The aim of this section is to present some applications of provability logic in proof theory and arithmetic. Provability logic was designed as a system to reason about formal provability. Yet, there is an obstacle: the properties of provability operators expressed by the logic PLT (T ) happen to be the same for all reasonable theories T . How can provability logic then say anything useful about a concrete formal system T ? However, recently several genuine applications of provability logic in proof theory have been found. The idea is to use the provability logic for T not to investigate T itself, but rather to study some specific extensions of T . The universality of the provability logic then turns to an advantage: it allows to apply the same argument to various theories and languages of completely different power. The plan of this section is as follows. First, we get some more background in proof theory and formal arithmetic. Necessarily, our exposition of this area is very fragmentary. We emphasize the notions of provably total computable function and program. Secondly, we present additional material on reflection principles that was instrumental in recent applications of provability logic. Finally, we present three applications [Beklemishev, 1999b; Beklemishev, 2003b; Beklemishev, 2004]. The first one is the result that the class of provably total computable functions of the fragment of PA with the induction schema restricted to Π2 formulas without parameters coincides with the class of primitive recursive functions. We also obtain some other related results on parameter-free induction schemata. The second application we give here is a new proof of the famous result by G. Gentzen [Gentzen, 1936]: the consistency of Peano arithmetic is provable (over EA) by transfinite induction up to the ordinal 0 . Finally, we present a simple combinatorial independent principle with a provability logic interpretation,“the Worm principle”. These results are
292
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
obtained using the notion of graded provability algebra generalizing the ordinary provability algebras studied in Chapter 7 and the polymodal provability logic introduced by G. Japaridze [Japaridze, 1986].
10.1 Fragments of arithmetic We consider main fragments of arithmetic obtained by restricting, in one way or another, the axiom schema of induction axiomatizing PA. A common restriction is that of the arithmetical complexity of the induction formulas. Secondly, one can restrict or disallow the use of parameters in the induction schema. Thirdly, induction is sometimes applied in the form of an inference rule rather than a schema. (Those working in a Gentzen-style proof system would speak in this case about restricting the complexity of the side formulas of the induction rule.) For the very weak systems further kinds of restrictions of induction make sense, but we shall not consider them here. There are alternative schemata axiomatizing PA, such as the collection schema or the pigeon-hole principle, that can also be restricted in similar ways and give rise to different families of fragments of PA. Thus, in the theory of fragments, rather than investigating the whole continuum of possible subtheories of PA, one concentrates on the study of reasonably few “canonical” fragments. This allows, for example, for a rough analysis of proofs of mathematical statements in PA: in every such proof only specific instances of induction are used. Their quantifier complexity, as well as the presence of parameters and whether the induction is applied as a rule, can usually be easily checked. This allows, for example, to roughly estimate the rate of growth of functions involved in the proof. Figure 1 shows the relationships between fragments of PA defined by restricted induction over EA. Here, IΣn is axiomatized over EA by the induction schema for Σn -formulas with parameters. IΣn is equivalent to − IΠn by [Parsons, 1972]. IΣ− n and IΠn denote the corresponding parameterR free schemata. IΣn is the closure of EA under the Σn -induction rule: ϕ(0),
∀x (ϕ(x) → ϕ(x + 1)) . ∀xϕ(x)
R IΣR n is known to be equivalent to IΠn+1 and to their parameter-free versions [Parsons, 1972; Beklemishev, 1998a]. IΣR 1 is equivalent to the primitive recursive arithmetic PRA, which will be discussed later. Among the fragments between EA and IΣR 1 the most interesting for us will be the extension of EA by an axiom stating the totality of the iterated exponentiation function exp(x) (y). (It is easy to see that the graph of this function is naturally ∆0 -definable.) We shall denote this extension by EA+ . EA+ is strong enough to prove the Cut-elimination theorem for predicate logic and therefore some of its important consequences such as the
PROVABILITY LOGIC
IΠ− 3 r IΠ− 2 IΠ− 1
EA
r
r
IΣ− 1
r
IΣ1 + IΠ− 2 r
r IΣ1
IΣ− 2
293
IΣ2 + IΠ− 3 r
r
r
IΣ− 3
r IΣ2
r
r IΣR 3
r IΣR 2
r IΣR ≡ PRA 1
Figure 1. Restricted induction in PA Herbrand theorem (see [Hajek ´ and Pudl´ ak, ´ 1993; Wilkie and Paris, 1987]). In fact, EA+ is equivalent to a formalized statement of the Cut-elimination theorem over EA. This is essentially due to the well-known upper and lower bounds on the length of cut-free proofs by R. Statman [Statman, 1978] and V.P. Orevkov [Orevkov, 1979]. From the proof-theoretic point of view the standard fragments of PA are interesting because their properties may differ very much from those of PA itself. The standard questions that one asks about a given fragment are, for example: • Finite axiomatizability of the fragment; • The optimal arithmetical complexity of its axiomatization; • How much reflection is provable in it over a weaker fragment; • Whether the fragment is conservative over a weaker fragment for sentences of a particular arithmetical complexity. Later in this section we shall prove some such relationships between the fragments defined by restricted induction. Now we shall introduce one of the central notions in proof theory and formal arithmetic.
10.2
Provably total computable functions
With a system T extending EA we can associate the class F(T ) of all functions f : Nk → N such that for some Σ1 -formula ϕ(x, y) there holds:
294
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
(i) f (x) = y ⇐⇒ N ϕ(x, y); (ii) T ∀x ∃y ϕ(x, y). Thus, the mapping T &→ F (T ) sends sound theories T to classes of numbertheoretic functions. The minimal class F(EA) is known to coincide with (Kalmar) elementary functions E. The class E is defined as the closure of 0, 1, +, ·, 2x , projection functions and the characteristic function of ≤ by composition and bounded recursion, that is, primitive recursion with the restriction that the resulting function is bounded by some previously generated function. Thus, it is easy to see that any elementary function is bounded by some fixed iterate of 2x . For T containing EA, the class F(T ) contains E and is closed under composition, but generally not under the bounded recursion. Also notice that F(T ) only depends on the set of Π2 -consequences of T . Hence, if T is Π2 -conservative over U , then F(T ) ⊆ F(U ). For many natural theories T the classes F(T ) have been characterized recursion-theoretically. For example, by a well-known result by C. Parsons [Parsons, 1970] and independently by G. Mints [Mints, 1971], F(IΣ1 ) coincides with the class of primitive recursive functions. On the other hand, already W. Ackermann [Ackermann, 1940] and G. Kreisel [Kreisel, 1952] established that F(PA) coincides with the class of <0 -recursive functions. Characterization of the classes F(T ) for strong systems T is one of the main tasks of proof-theoretic ordinal analysis. See [Pohlers, 1998] for a survey of modern developments in this important area of proof theory.
10.3 Reflection principles and restricted induction Recall (Section 8.3) that [n]T ϕ denotes n-provability of the formula ϕ, that is, the provability of ϕ from T and some true Πn -formulas. The dual statement of n-consistency of ϕ over T is denoted nT ϕ. Our applications are based on some fundamental relationships of this notion with the notion of restricted induction, on the one hand, and with that of provably total computable function, on the other. First, we discuss induction. The following basic result was obtained in [Kreisel and L´´evy, 1968]. This was preceded by a somewhat weaker result of [Mostowski, 1953] showing that PA proves consistency of any of its finite subtheories. THEOREM 152. Over EA, PA ≡ RFN(EA) ≡ {nEA : n < ω}. Proof. The second equivalence follows from Proposition 122. We prove the first one.
PROVABILITY LOGIC
295
(⊆) Let ψ := ϕ(0) ∧ ∀x (ϕ(x) → ϕ(x + 1)). Obviously, by induction on n, we have ∀n EA ψ → ϕ(¯ n). This argument is formalizable in EA, so ˙ EA ∀x 2EA (ψ → ϕ(x)). Hence, RFN(EA) implies ∀x (ψ → ϕ(x)). ¯ There is a cut-free proof of ϕ(k) ¯ (⊇) Reason in PA. Assume EA ϕ(k). from the axioms of EA, which are all Π1 . By the subformula property all formulas occurring in the proof belong to some class Πn , for a standard n. Using a truth-definition for Πn -formulas prove within PA by induction on depth of a cut-free proof that all sequents in the proof are true. Conclude ¯ must be true. that ϕ(k) From the Unboundedness theorem (Corollary 25) following [Kreisel and L´´evy, 1968] we obtain a theorem by M. Rabin [Rabin, 1961]. COROLLARY 153. PA is not contained in any consistent theory axiomatized by a set of formulas of bounded arithmetical complexity. This also implies the important earlier results by C. Ryll-Nardzewski [Ryll-Nardzewski, 1953] and A. Mostowski [Mostowski, 1953] on finite nonaxiomatizability of PA. A more careful account of the complexity of formulas in the proof of Theorem 152 yields the following sharp characterization due to [Leivant, 1983] in the main direction (⊇). The (⊆) inclusion seems to have been first stated in [Ono, 1987]. THEOREM 154. For n ≥ 1, over EA, IΣn ≡ RFNΠn +2 (EA) ≡ n + 1EA . COROLLARY 155. IΣn is not contained in any consistent theory axiomatized by Σn+2 -formulas.
10.4
1-Consistency and provably total programs
In order to explain the relationships between the notion of n-consistency and that of provably total computable function we consider the corresponding programs, or indices of such functions. Fix some natural coding of Turing machines and a Σ1 -formula ϕe (x) = y expressing the statement that the Turing machine coded by e on input x halts and outputs y. DEFINITION 156. Let T be an elementary presented theory. A number e is a T -index, if e = e1 , e2 where • e1 codes a Turing machine; • e2 codes a T -proof of ∀x∃y ϕe1 (x) = y.
296
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
With this indexing of provably total computable functions a universal function ψ T is associated: ϕe1 (x), if e = e1 , e2 is a T -index; ψeT (x) := 0, otherwise. The usual diagonalization argument shows that ψ T , as a function of arguments e and x, does not belong to F(T ). Therefore, the statement of its totality delivers an independent principle for T . LEMMA 157. EA ∀e, x∃y ψe (x) = y ↔ RFNΠ2 (T ). Proof. The totality of ψ is expressed by the formula: ∀e1 , e2 , x (Prf T (e2 , ∀x∃yϕe˙ 1 (x) = y) → ∃yϕe1 (x) = y).
(4)
Any Π2 -sentence is equivalent to the one of the form ∀x∃yϕe¯1 (x) = y for a suitable index e1 , so it is not difficult to conclude that (4) is equivalent to RFNΠ2 (T ). If f (x) is a function whose graph is definable, let f ↓ denote the formula ∀x ∃yf (x) = y. The following basic result almost immediately follows from the Herbrand theorem (cf. [Beklemishev, 1997a] for details). PROPOSITION 158. Suppose the graph of f is elementary. Then g ∈ F(EA + f ↓) iff g can be obtained from elementary functions and f by composition. We denote by C(f ) the closure of E ∪ {f } under composition. We can define the jump F(T ) of the class of provably total computable functions of T as C(ψ T ). Applying Proposition 158 to f = ψ T and using Lemma 157 we obtain17 COROLLARY 159. If T is a Σ1 -sound theory, then F(EA + 1T ) = F(T ) . Proposition 158 leads to an alternative ‘proofs-free’ indexing of functions o¨del numberin F(T ) for T = EA + f ↓. Terms in C(f ) have a natural G¨ ing. These numbers can be considered as codes of provably total programs. So, with this Godel ¨ numbering we can associate another universal function θeT (x) that computes the value of the term with index e on x . It has to be noted, however, that the two kinds of indexing are equivalent provably in EA+ because the Herbrand theorem is verifiable in EA+ and allows to extract an explicit term from a proof of totality of a computable function. 17 Strictly speaking, the graph of ψ T is not elementary. Instead, one considers the function ψ˜T such that ψ˜eT (x) encodes the full protocol of the computation of ψe (x). It is then routine to check that ψ˜T has an elementary graph and C(ψ T ) = C(ψ˜T ).
PROVABILITY LOGIC
297
LEMMA 160. Suppose f has an elementary graph, is EA-provably nondecreasing and satisfies f (x) > 2x . Then EA λx.f (x) (x)↓ ↔ 1EA f ↓. Proof (sketch). Let T := EA+f ↓. By Lemma 157, 1EA f ↓ is EA-equivalent to ψ T ↓. The formula ψ T ↓ implies EA+ and hence θT ↓. The argument is reversible, so it is sufficient to show that λx.f (x) (x)↓ is equivalent to the totality of θT . Clearly, if θ is total, then for every k the function f (k) is also total. o¨del number of f (k) is obtained elementarily Indeed, f (k) ∈ C(f ) and the G¨ (x) from k. Hence, λx.f (x) is total. For the converse implication, we use the monotonicity of f . Under the given assumptions, every term g ∈ C(f ) can be majorized by a fixed iterate of the function f . A similar bound also holds for the function g˜(x) computing the full protocol of the computation of g(x): EA ∀x (g(x) ≤ f (k) (x)). The number k can be computed elementarily from the G¨ ¨odel number of g, say, by a function j(e). Assume λx.f (x) (x) is total. To show that, for any e and x, the value θeT (x) is defined, consider the value f (j(e)) (x). This value is smaller than f (z) (z), where z := max(j(e), x), hence it is defined. Therefore, the computation of θeT (x) converges below this value. The classes E ⊆ E ⊆ E ⊆ . . . form the so-called Grzegorczyk hierarchy [Grzegorczyk, 1953]. It is well-known that the union of this hierarchy coincides with the class of primitive recursive functions (see also [Rose, 1984]). Theorem 161 below gives a stronger version of this fact. From the previous proposition we conclude that the class E (n) coincides with C(F Fn ), where F0 (x) := 2x + 1;
Fn+1 (x) := Fn(x) (x).
The functions Fn are all primitive recursive and their graphs are elementary definable. The extension of EA by axioms Fn ↓ for all n ≥ 1 is an alternative axiomatization of the primitive recursive arithmetic PRA. We define Tωn := T + {nkT : k < ω}. Lemma 160 yields the following THEOREM 161. (i) EA1ω ≡ IΣR 1 ≡ PRA; (ii) F(EA1ω ) is the class of primitive recursive functions.
298
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. (i) The totality of all Fn is immediately proved by the Σ1 -induction rule. It is also easy to see by Kreisel’s trick (as in the proof of Theorem 152). Once the premise of an application of Σ1 -induction rule is proved from 1 R 1kEA , then the conclusion follows from 1k+1 EA . Therefore, IΣ1 ⊆ EAω . 1 Finally, the inclusion PRA ⊆ EAω follows from Lemma 160. (ii) Every function in F(PRA) is primitive recursive, since so are all Fn . In the converse direction, it is immediately seen that the totality of any primitive recursive function is provable in IΣR 1.
10.5 Parameter-free induction The parameter-free induction has been studied in [Kaye et al., 1988; Ratajczyk, 1989; Adamovicz and Bigorajska, 1989; Beklemishev, 1997c; Beklemishev, 1999b] and other papers. IΣ− n is the theory axiomatized over EA by the schema of induction ϕ(0) ∧ ∀x (ϕ(x) → ϕ(x + 1)) → ∀xϕ(x), where ϕ(x) is a Σn -formula with the only free variable x. IΠ− n is defined similarly. − It is known that the schemata IΣ− n and IΠn show a very different behavior from their counterparts IΣn and IΠn . In particular, for n ≥ 1, − − IΣ− n and IΠn are not finitely axiomatizable and IΣn is strictly stronger − than IΠn . Here we shall obtain these results, as well as some conservation results, using graded provability algebras. The following characterization of parameter-free induction schemata via reflection principles is found in [Beklemishev, 1997c; Beklemishev, 1999b]. THEOREM 162. For n ≥ 1, over EA, (i) IΣ− n ≡ {π → nEA π : π ∈ Πn+1 }; (ii) IΠ− n+1 ≡ {π → nEA π : π ∈ Πn+2 }. Proof. The inclusion (⊆) in both cases is proved by a trick similar to the one in the proof of Theorem 152. To prove (ii) we have to derive ϕ(0) ∧ ∀x (ϕ(x) → ϕ(x + 1)) → ∀xϕ(x), for each Πn+1 formula ϕ(x) with the only free variable x. Let ψ denote the Πn+2 -sentence (logically equivalent to) ϕ(0) ∧ ∀x (ϕ(x) → ϕ(x + 1)). ¯ This fact is By induction on k, we obtain that for each k, EA + ψ ϕ(k). formalizable in EA, therefore EA ∀x ProvEA+ψ (ϕ(x)). ˙
(5)
PROVABILITY LOGIC
299
Let T denote the theory EA + {π → nEA π : π ∈ Πn+2 }. Then we have T +ψ
RFNΠn +1 (EA + ψ) ∀x (ProvEA+ψ (ϕ(x)) ˙ → ϕ(x)) ∀xϕ(x), by (5).
It follows that T ψ → ∀xϕ(x), as required. The proof of the converse inclusion is more complicated and we shall omit it (see [Beklemishev, 1997c]). Notably, we will not need this part for the proof of our main conservation result (Theorem 164 below and its corollary). REMARK 163. Statement (ii) of the above theorem also holds for n = 0, but only if [0] is understood as a cut-free provability predicate. Over EA+ there is no difference between the ordinary and the cut-free provability predicates. Thus, we may conclude that over EA+ the schema IΠ− 1 is equivalent to {π → 0EA π : π ∈ Π2 } which is the same as RfnΣ2 (EA). Now we derive some corollaries using methods of Section 4.2 (see [Beklemishev, 1997c; Beklemishev, 1999b]). THEOREM 164. IΠ− 2 is a Π2 -conservative extension of PRA. Proof. This is, essentially, a relativized version of Theorem 30. Assume IΠ− 2 π with π a Π2 -sentence. By Theorem 162 (ii) we have n EA i=1 (ϕi → 1EA ϕi ) → π, where ϕi are Π3 -sentences. Reading in the proof of Theorem 29 everywhere [1]EA instead of 2T we conclude that, for some k, EA + 1kEA π. However, PRA 1kEA , for any k.
Since the provably total computable functions of PRA coincide with the primitive recursive functions, we obtain the following corollary. COROLLARY 165. F(IΠ− 2 ) coincides with the class of all primitive recursive functions. Relativization of the proof of Theorem 31 yields the following stronger conservation result. − THEOREM 166. For n ≥ 1, IΠ− n+1 is conservative over IΣn for boolean combinations of Σn+1 -sentences.
From Theorem 162 and the proof of Theorem 28 we also derive − THEOREM 167. Neither IΣ− n nor IΠn for n ≥ 1 are finitely axiomatizable.
This statement was proved by Kaye, Paris and Dimitracopoulos [Kaye et al., 1988] by model-theoretic methods.
300
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
10.6 Graded provability algebras Our next goal is, essentially, a proof-theoretic (ordinal) analysis of Peano arithmetic. Whereas at the bottom of the proof of Theorem 164 and other statements in the previous section are, essentially, the arguments formalizable in GL, this will not be enough for our further applications. Rather, we have to adopt an algebraic point of view and formulate an additional reduction property which is not expressible in GL, nor, for that matter, in expressively stronger Japaridze’s logic GLP. The necessary algebraic structures essentially constitute the algebraic counterpart of a sorted variant of GLP. Let us first generalize the construction of provability algebras (Section 7) to n-provability algebras. Let T be an elementary presented theory cono¨b derivabiltaining EA. Since the formulas [0]T , [1]T , . . . satisfy Bernays–L¨ ity conditions, all of them correctly define operators acting on the Lindenbaum boolean algebra of T . Consider the enriched structure M∞ T = (BT , [0]T , [1]T , . . .). Terms of this algebra correspond to propositional polymodal formulas of the Japaridze logic. By Japaridze’s theorem, the identities of M∞ T are exactly characterized by the system GLP. PROPOSITION 168. For any sound theory T containing EA, x (ϕ(x) = ). GLP ϕ(x) ⇐⇒ M∞ T ∀ Now we enrich M∞ T by an additional stratification structure. Stratifica∞ tion is a family of distinguished subsets P0 ⊂ P1 ⊂ . . . ⊆ M T , which correspond to the degrees of Π1 , Π2 , . . . sentences. Obviously, i≥0 Pi = M∞ T . to P and P is closed under Also notice that the operator n maps M∞ n n T ∧ and ∨. We refer to the elements of Pn as those of sort n. Thus, M∞ T together with the natural stratification is a many-sorted algebra. We call this algebra the graded provability algebra of T and abusing notations also denote it by M∞ T . The logic of the many-sorted algebra M∞ T is naturally formulated in the language with sorted propositional variables pni , where the upper index n indicates that the variable ranges over sort n, that is, over Πn+1 -sentences. The assignment of sorts can be extended to arbitrary polymodal formulas in a natural way (all formulas of the form nϕ have sort n). In addition to the identities of GLP, we have an identity expressing the principle of Σn+1 -completeness: ¬pin → [n]¬pin . We should also keep in mind that the rule of substitution of the logic in question is restricted to respect the sorts. Then the above principle in particular allows to derive the axiom nϕ → [n + 1]nϕ of GLP.
PROVABILITY LOGIC
301
We shall call a graded provability algebra any many-sorted algebra M whose identities satisfy the logic described above. Alternatively, it can be defined as an algebra satisfying all the identities of M∞ EA in the many-sorted language.
10.7
Reduction property
The graded provability algebra of T provides a kind of big, universal structure where all the extensions of T formulated in the arithmetical language ‘live in’. Any arithmetical theory extending T is embeddable as a filter into the Lindenbaum algebra BT . In particular, fragments of PA above EA can be viewed as particular filters in M∞ EA . However, in order that the machinery of provability algebras could be applicable to these theories, the structure M∞ EA has to ‘see’ these filters, in other words, they have to be, in some sense, nicely definable in the structure M∞ EA . For the standard fragments of PA obtained by restricting the induction schema this was essentially observed in Section 10.3. By Theorem 154, in M∞ EA the fragments IΣn correspond to the principal filters generated by the elements n + 1EA . By Theorem 152, PA corresponds to the filter generated by {n : n < ω}. We also know from Theorem 162 that IΠ− n+1 is the filter generated by {π → nEA π : π ∈ Pn+1 } and similarly for IΣ− n. By Theorem 161, PRA corresponds to {1n : n < ω}. Stratification also allows us to express the notion of Πn+1 -conservative extension of theories. Let U and V be filters in M. We write U ⊆n V iff every π ∈ Pn such that π ∈ U also satisfies π ∈ V . U ≡n V means U ⊆n V and V ⊆n U . The same notation is also applied to arbitrary sets of elements of M and means the corresponding relation between filters generated by those sets. The following proposition proved in [Beklemishev, 2003a; Beklemishev, 2001] is related to the so-called ‘Fine Structure Theorem’ of [Schmerl, 1979] and generalizes a result of [Parsons, 1972] on the conservativity of IΣn over IΣR n. PROPOSITION 169 (Reduction). Assume T is a Πn+2 -axiomatized theory ∞ containing EA. Then for all ϕ ∈ M∞ T , the following holds in MT : n + 1T ϕ ≡n {Qnk (ϕ) : k < ω}, where Qn0 (ϕ) Qnk+1 (ϕ)
= nT ϕ, = nT (Qnk (ϕ) ∧ ϕ).
Thus, the filter generated by all Πn+1 -consequences of an element of the form n + 1T ϕ ∈ M∞ T of complexity Πn+2 can be generated by specific
302
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Πn+1 -elements Qnk (ϕ). It is important that these elements are definable by terms in the language of M∞ T . Thus, Proposition 169 expresses a specific kind of definitional completeness of M∞ T . The strength of this proposition can be illustrated by the following example. Consider n = 1 and ϕ = in M∞ EA . Then 2EA ≡1 {1kEA : k < ω}. But 2EA is equivalent to IΣ1 , by Theorem 154, and EA+{1kEA : k < ω} is equivalent to PRA, so we obtain the following theorem due to C. Parsons [Parsons, 1970; Parsons, 1972] and G. Mints [Mints, 1971]. COROLLARY 170. (i) IΣ1 is Π2 -conservative over PRA. (ii) F(IΣ1 ) coincides with primitive recursive functions. A proof of Proposition 169 can be obtained rather directly by cut-elimination in predicate logic (see [Beklemishev, 2003a]). Hence, it is formalizable in EA+ . In fact, the proposition can be viewed as an algebraic analog of the cut-elimination theorem in the sense that it reduces the formula n + 1T ϕ to formulas of lower arithmetical complexity. We call this property of M∞ T the reduction property.18 We conclude with a corollary of the reduction property concerning nconsistency orderings on M∞ T . The n-consistency ordering
PROVABILITY LOGIC
303
In the remaining part of the section we show how the notions involved can be used to give a proof-theoretic analysis of Peano arithmetic.
10.8
An algebraic view of 0
Work in the letterless fragment of GLP. Let S be the set of formulas generated from by 0, 1, . . . . An element of S typically has the form α = n1 n2 . . . nk . We identify such elements with words in the alphabet of natural numbers α = n1 n2 . . . nk . The empty word ∅ is identified with . Let Sn be the restriction of S to the alphabet {n, n + 1, . . .}. THEOREM 172. (Sn ,
−
o(α) = ω o(αn ) + · · · + ω o(α1 ) , where β − is obtained from β ∈ S1 by replacing every letter m + 1 by m. We have: for all α, β ∈ S, GLP α ↔ β
iff o(α) = o(β);
GLP β → 3α
iff o(α) < o(β). 0
1
EXAMPLE 173. o(2101) = ω o(0) +ω o(10) = ω +ω ω +ω = ω ω . Accordingly, we have GLP 2101 ↔ (21 ∧ 01) ↔ 21 ↔ 2. Theorem 172 derives from the paper [Ignatiev, 1993a] by K. Ignatiev, who obtained normal forms for arbitrary letterless formulas of GLP. Letterless formulas constitute the prime subalgebra P ⊂ M∞ T . THEOREM 174 (Ignatiev). Suppose T is sound. On P \ {⊥} the ordering <0 is well-founded of height 0 . Technically, we do not need this stronger result, but it shows that 0 is an intrinsic characteristic of the algebra M∞ T .
304
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Before giving a consistency proof of PA we have to establish that modulo GLP the set S is closed under the operation α &→ α[[n]]. LEMMA 175. Some derivations in GLP: (i) If m < n, then nϕ ∧ mψ ↔ n(ϕ ∧ mψ); (ii) If α ∈ Sn+1 , then α ∧ nβ ↔ αnβ. (iii) If m ≤ n, then nmα → mα. Proof. Statement (i): GLP nϕ ∧ mψ
→ →
[n]mψ by Axiom (iii) n(ϕ ∧ mψ).
Statement (ii) follows by repeated application of (i). Statement (iii) is axiom [m]ϕ → [m][m]ϕ of GLP. LEMMA 176. If α = n + 1ϕ ∈ S, then ∃β ∈ S GLP β ↔ α[[k]]. Proof. We argue by induction on k. For k = 0 we have α[[0]] = nϕ ∈ S. Write α[[k]] ∈ S in the form nγmβ, where γ ∈ Sn+1 and m ≤ n. GLP α[[k + 1]] ↔ n(γmβ ∧ nγmβ) ↔ n(γ(mβ ∧ nγmβ)) by Lemma 175(i) ↔ n(γnγmβ) by Lemma 175(iii). COROLLARY 177. For any k, GLP α[[k]] ↔ (nγ)k+1 mβ.
10.9 A consistency proof for PA ∗ Work in M∞ EA . We shall denote by α the arithmetical interpretation of a formula (or a word) α ∈ S. All the modalities will refer to the operators of ∗ o¨del numbers is elementary M∞ EA . The function (·) as a mapping between G¨ and thus is also representable in EA. First of all, recall that PA is embeddable into M∞ EA as a filter generated by {n : n < ω}, by Theorem 152. Moreover, this fact is formalizable in EA, so we obtain
EA ∀n3(n)∗
↔
Con(EA + {n : n < ω})
↔
Con(PA).
PROVABILITY LOGIC
305
We are going to prove ∀α ∈ S 3α∗ by transfinite induction over EA+ . We claim: EA+ ∀α ∈ S (∀β <0 α 3β ∗ → 3α∗ ). Assume ∀β <0 α 3β ∗ . If α = 0β, then 3β ∗ , hence 33β ∗ using 1 in EA+ . If α = n + 1β, then ∀k 3α[[k]]∗ because α[[k]] <0 α. By Proposition 169, (provably in EA+ ) α∗ ≡n {α[[k]]∗ : k < ω}. Therefore, ∀k 3α[[k]]∗ yields 3α∗ . So, EA+ + (S, <0 )-induction
∀α ∈ S 3α∗ Con(PA), by (6).
A simple inspection of the above argument shows that transfinite induction is applied once in the form of a rule for the Π1 -formula ϕ(α) := 3α∗ : ∀β <0 α ϕ(β) → ϕ(α) . ∀αϕ(α) We therefore can state a more formal version of Gentzen’s famous consistency proof for PA [Gentzen, 1936; Gentzen, 1938]. THEOREM 178. EA+ + (S, <0 )-induction rule for Π1 -formulas is equivalent to EA+ + Con(PA) + Con(PA + Con(PA)) + . . . We have shown that one application of the rule derives the consistency of PA. It is proved in a similar manner that nested applications of transfinite induction for (S, <0 ) derive iterated consistency assertions. A full proof of the above theorem, including the one of the converse direction that we omit here, is given in [Beklemishev, 2001].
10.10
The Worm Principle
Here we present a simple statement of combinatorial nature that is independent of Peano Arithmetic and is motivated by graded provability algebras. It asserts the termination of a certain combinatorial game reminiscent of the well-known Hydra battle of L. Kirby and J. Paris [Kirby and Paris, 1982]. The game deals with objects called worms. A worm is a finite function f : [0, n] → N. Worms can be specified as lists of natural numbers w = (f (0), f (1), . . . , f (n)). For example, w = 2102031 is a worm (where we omit commas assuming all elements are <10). f (n) is called the head of the worm. The empty worm is denoted by ∅. Now we describe the rules of the game. Informally, the game starts with an arbitrary worm and at each step we hit the head of the worm so that
306
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
6 q q @ A A @q @ A @ q Aq
q A A
A Aq Head -
Figure 2. A Worm
it decreases by 1. In response the worm grows according to the two simple rules below. Unlike the original Hydra battle, the Worm game is fully deterministic. We specify a function next(w, m), where w = (f (0), f (1), . . . , f (n)) is a worm and m is a step of the game: 1. If f (n) = 0 then next(w, m) := (f (0), . . . , f (n − 1)). In this case the head of the worm is cut away. 2. If f (n) > 0 let k := maxi
Now let w0 := w and wn+1 := next(wn , n + 1).
As an example consider the worm w = 2102031 depicted in Figure 2. At the first step we obtain k = 4; r = 21020; s = 30; next(w, 1) = 210203030. Then the game proceeds as follows: 19 This
part can also be empty.
PROVABILITY LOGIC
307
w0 = 2102031 w1 = 210203030 w2 = 21020303 w3 = 21020302222 w4 = 210203022212221222122212221 w5 = 2102030(22212221222122212220)6 ... Notice that wn is defined by primitive recursion. In fact, wn is an elementary function of n and (the code of) w. This can be seen from the estimate |wn | ≤ (n + 2)! · |w0 | showing that the length of a worm grows only elementarily in the course of the game. Also notice that the maximal size of the elements of the worm can only decrease. This allows to write out a ∆0 -formula in three variables stating wn = u. The intended true PA-unprovable principle asserts that any initial worm is eventually reduced to nothing: Every Worm Dies ⇔ ∀w∃n wn = ∅. THEOREM 179. EWD is true but unprovable in PA. In fact, EWD is equivalent to 1-Con(PA) in EA. Proof. First we prove EA + 1-Con(PA) EWD. For methodological reasons we would like to give a termination proof of the Worm game that does not refer to any ordinal assignments. Instead, we interpret worms as elements of a graded provability algebra. We work in M∞ EA . Let α ∈ S be the converse of w, that is, the word w written in the reverse order. Then we define w := (α+ )∗ , where α+ means increasing every element of α by 1. Thus, for example, (103) = 412. LEMMA 180. For any w, PA w . Proof. We argue by induction on |w|. If w = vn and m is greater than any letter in w, then EA v ∧ m + 1
→ m + 1v , → n + 1v .
by Lemma 175
By Theorem 152 and the induction hypothesis, PA v ∧ m + 1, so PA n + 1v , which yields the induction step.
308
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
LEMMA 181. For any w, )). EA ∀n (wn = ∅ → 2(wn → 1wn+1
Proof. It is sufficient to prove ∀w = ∅ ∀n EA w → 1next(w, n) by an argument formalizable in EA. Let α be the converse of w. If α begins with 0, the claim is obvious. If α begins with k + 1, the function next(w, n) is defined in such a way as to exactly agree with the function α[[n]]. Thus, by Corollary 177, α[[n]] is the converse of next(w, n). Corollary 171 yields GLP α → 3α[[n]]. GLP is stable under (·)+ , so GLP α+ → 1α[[n]]+ . This proves the claim, by the arithmetical soundness of GLP. LEMMA 182. For any w, EA
1w0
→ ∃n wn = ∅.
o¨b’s principle. Proof. We prove ∀n wn = ∅ → ∀n [1]¬wn essentially using L¨ EA ∀n wn = ∅ ∧ [1]∀n[1]¬wn
→ → →
[1]∀n[1]¬wn+1 ∀n[1][1]¬wn+1 ∀n[1]¬wn , by Lemma 181.
EA [1]∀n wn = ∅ → [1]([1]∀n[1]¬wn → ∀n[1]¬wn ) → [1]∀n[1]¬wn , by L¨ o¨b. EA ∀n wn = ∅ →
[1]∀n wn = ∅, by Σ2 -completeness
→ →
[1]∀n[1]¬wn ∀n[1]¬wn
→
[1]¬w0 ,
as required.
We conclude the first part of the proof of Theorem 179. From Lemmas 180 and 182 we obtain PA 1w , EA
1w → ∃n wn = ∅.
Hence, provably in EA, ∀w PA ∃n wn = ∅. This proof is formalizable in EA, so 1-Con(PA) implies ∀w∃n wn = ∅.
PROVABILITY LOGIC
10.11
309
Independence of EWD
Let w[[n]] := next(w, n) and w[[n . . . n + k]] := w[[n]][[n + 1]] . . . [[n + k]]. We introduce an analogue of Hardy functions as follows. Let hw (n) be the smallest k such that w[[n . . . n + k]] = ∅. We need some nice properties of h established by elementary reasoning formalizable in EA. The following notion will be used to establish the monotonicity of h functions. Let v u iff v = u[[0]][[0]] . . . [[0]]. This essentially means that v is an initial segment of u except possibly for the last letter, which should be not larger than the corresponding letter in u. LEMMA 183. If hw (m) is defined and u w, then ∃k w[[m . . . m + k]] = u. Proof. The n-th letter in w can only change if all letters to the right of it are deleted. So, if w rewrites to ∅, it cannot possibly miss the u state. COROLLARY 184. If hw (n) is defined, then ∀m ≤ n ∃k w[[n . . . n + k]] = w[[m]]. LEMMA 185. If v u and x ≤ y, then hv (x) ≤ hu (y). Proof. Repeating Corollary 184, obtain s0 , s1 , . . . such that u[[y . . . y + s0 ]] u[[y . . . y + s0 + s1 ]]
= v[[x]] = v[[x]][[x + 1]] ...
Therefore, all steps of the rewrite sequence for v occur in the rewrite sequence for u. LEMMA 186. hu0v (n) = hu (n + hv (n) + 2) + hv (n) + 1 > hu (hv (n)). Proof. Nothing can happen to a 0 between u and v until the v part is eliminated. So, the worm u0v first rewrites to u0 and then to ∅. (n)
COROLLARY 187. If w ∈ S1 , then hw1 (n) > hw (n). Proof. Observe that w1[[n]] = w0w0 . . . w0.
310
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Now we can formulate the main lemma. As usual, hw ↓ denotes the formula ∀x∃y hw (x) = y. Let w∗ := α∗ , where α is the converse of w. LEMMA 188. EA ∀w ∈ S1 (h1111w ↓ → 1w∗ ). Using this lemma we can easily give Proof of the independence of EWD: EA ∀w∃n wn = ∅ → ∀w ∈ S1 hw ↓ → ∀n 1n → 1-Con(PA). Here, the first implication holds because for every worm w and a number x we can find another worm w := w0x such that w [[0 . . . x − 1]] = w. So, w dies iff hw (x) is defined. The proof relies on the reduction property of M∞ EA . More precisely, we shall use the following corollary. COROLLARY 189. Suppose α ∈ S1 begins with m > 1. Then EA+ 1α∗ ↔ ∀n1α[[n]]∗ . ∗ ∗ Proof. In M∞ EA , by the reduction property, α ≡1 {α[[n]] : n < ω}. There+ ∗ fore, formalizably in EA , α proves a false Σ1 -sentence iff α[[n]]∗ does, for some n, q.e.d.
We shall also essentially use Proposition 160. Notice that by Corollary 187 we have h111 (x) > 2x , therefore the same inequality holds for the function h111w (x), where w is any worm. Proof of Lemma 188. Reason in EA. By L¨¨ob, we can use as an additional assumption ∀w ∈ S1 [1](h1111w ↓ → 1w∗ ). (x)
If 1111w = v1, then hv1 ↓ → λx.hv (x)↓. The function hv is increasing, has an elementary graph and grows at least exponentially. So, if w = ∅, the claim is obvious: h1111 ↓ implies the totality of superexponentiation and hence 1. If w is nonempty, we reason as follows: λx.h(x) v (x)↓
→ → →
1hv ↓ 11v ∗ ,
by the assumption
∗
1w .
If 1111w = v ends with m > 1, then hv ↓
→ →
λx.hv[[x]] (x + 1)↓ ∀n hv[[n]] ↓.
PROVABILITY LOGIC
311
Argument: Fix n. If x ≤ n, then hv[[n]] (x) ≤ hv[[n]] (n + 1). If x ≥ n, then hv[[n]] (x) ≤ hv[[x]] (x + 1). ∀n hv[[n+1]] ↓ → ∀n hv[[n]]1 ↓,
as v[[n]]1 v[[n + 1]]
→ ∀n 1hv[[n]] ↓, as before → ∀n 11w[[n]]∗ → 1w∗ , by Corollary 189. This ends the proofs of Lemma 188 and Theorem 179.
Part II: Logic of Proofs 11 THE ORIGIN OF THE LOGIC OF PROOFS Around BHK semantics. The general BHK idea of understanding logical connectives as operations on truth justifications proved very fruitful. [Kleene, 1945] introduced a computational interpretation of intuitionistic logic by considering computable functions rather than proofs to be truth justifications. It showed that a constructive (intuitionistic) logical derivation may be regarded as both a computational program and a proof of its correctness. This approach gave rise to the whole class of realizability semantics for constructive mathematical theories, as well as impressive array of applications, cf. [Troelstra, 1998]. However, neither Kleene’s realizability nor its variants can be considered a BHK -semantics. Computational programs behave quite differently from mathematical proofs. Ordinary proofs allow for a verification, i.e. an algorithmic test of their correctness, whereas computational programs cannot have general verification algorithms. Thus, predicate p is a proof of F is decidable, whereas predicate r realizes F is not decidable. [Plisko, 1977] proved that the set of realizable first order formulas was not recursively axiomatizable. It is still an open problem whether the set of realizable propositional formulas is axiomatizable (recursively enumerable). Kleene himself protested against attempts to identify realizability with BHK. K Another paradigmatic example of computational semantics for intuitionistic logic is the Curry-Howard isomorphism between intuitionistic derivations and typed λ-terms (see for example [Girard et al., 1989; Troelstra
312
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
and Schwichtenberg, 1996]). From the foundational point of view, the significance of the Curry-Howard isomorphism is limited to the framework of computational semantics. It does not present a BHK -semantics because λ-terms are elementary prototypes of computational programs rather then proofs. If considered as proofs, they are nothing else but natural deduction derivations in the very Heyting’s calculus that BHK is called to lay ground for. Thus, provability reading of the Curry-Howard isomorphism reduces to a trivial observation “formula F is provable in IPC iff formula F is provable in the natural deduction version of IPC,” and therefore it does not give a semantics independent from the original Heyting’s calculus. Surveys [Uspensky and Plisko, 1985; van Dalen, 1986; Troelstra and van Dalen, 1988] serve as good sources on the computational semantics of intuitionistic logic. There were several BHK -like semantics where a role of proofs was played by abstract objects unrelated to generally accepted mathematical models of proofs (cf. monograph [Beeson, 1980] and surveys [Avigad and Feferman, 1998; Troelstra, 1998]). In particular, in [Medvedev, 1962] a “problem” is defined as an abstract nonempty finite set whose elements are called “solutions” and its subset of “actual solutions”. The propositional logic of finite problems is different from IPC. It is even unknown whether the former is decidable (cf. [Uspensky and Plisko, 1985; Uspensky, 1992] for a more detailed analysis of this approach). In [Lauchli, ¨ 1970] a realizability of intuitionistic logic by abstract, not necessarily computable functionals was considered. [Kreisel, 1962a; Kreisel, 1962b; Kreisel, 1965] made an attempt to formalize the BHK -semantics in his theory of constructions, the original variant of which was inconsistent. The subsequent patch due to [Goodman, 1970] resulted in a loss of a BHK character of this interpretation since a “proof” of implication A → B was no longer applicable to all “proofs” of A (a comprehensive analysis of Kreisel-Goodman theory may be found in [Weinstein, 1983]). The Kuznetsov-Muravitsky-Goldblatt-Boolos semantics [Kuznetsov and Muravitsky, 1976; Goldblatt, 1978; Boolos, 1979b; Boolos, 1993] for IPC was already related to a real mathematical model of provability, that of G¨ o¨del’s arithmetical provability predicate. Still that semantics involved neither individual proofs nor operations on them. It is highly non-constructive since realizability in that model has a hyperarithmetical complexity, which is far from the BHK -semantics. A certain summary of attempts to build a BHK -semantics was presented in [Weinstein, 1983]: “The interpretation of intuitionistic theories in terms of the notions of proof and construction ... has yet, however, failed to receive a definitive formulation.” A survey [van Dalen, 1986] says:
PROVABILITY LOGIC
313
“The intended interpretation of intuitionistic logic as presented by Heyting [i.e. the BHK -semantics, A.& B.]... so far has proved to be rather elusive. ” Kolmogorov and G¨ o ¨del’s approach. Kolmogorov’s idea of 1932 was to develop a joint logic of propositions and “problem solutions” in the usual classical mathematics and then to interpret in this framework the intuitionistic logic without references to specific intuitionistic foundations. A short note [Kolmogorov, 1985] said: “The paper [Kolmogoroff, 1932] was written with the hope that the logic of solutions of problems would later become a regular part of courses on logic. It was intended to construct a unified logical apparatus dealing with objects of two types— propositions and problems.” [Kolmogoroff, 1932] operated with an informal notion of problem solution which left a possibility of considering different mathematical models of it. However, since 1980s the provability reading of Kolmogorov’s “problem solution” has become widely accepted (cf. [Troelstra and van Dalen, 1988; van Dalen, 1994; Troelstra, 1998; Troelstra and Schwichtenberg, 1996]). There was a good reason for that. In mathematical logic there is one canonical model of the notions of problem and problem solution: a formula in an appropriate formal mathematical theory (for example, Peano arithmetic, or Zermelo-Frenkel set theory, etc.) and its formal proof in the given theory. An approach to explain intuitionistic logic from the point of view of classical provability may be found in G¨ o¨del’s works. As it was mentioned earlier, formalizing Brouwer’s understanding of logical truth as provability, G¨ o¨del defines translation tr (F ) of propositional formula F in the intuitionistic language into the language of classical logic with modality 2, namely (in an equivalent formulation) tr (F ) is obtained by 2’ing every subformula of formula F . Informally speaking, the usual procedure of determining the classical truth by parsing the syntactic tree of a formula, when applied to tr (F ) will, for each new subformula of F , test its provability rather than o¨del, 1933; truth, in agreement with Brouwer’s ideas. It was established in [G¨ McKinsey and Tarski, 1948] that such a translation provides a proper embedding of intuitionistic logic IPC into S4, i.e. into classical logic extended by the provability operator. Therefore the initial problem of defining IPC in terms of classical provability was reduced to finding an exact provability model for S4. Godel ¨ noticed that the straightforward reading of 2F as “F is provable in a given formal theory” is inconsistent with S4 because formal provability is not reflexive. In a lecture in Vienna in 1938 Goedel revisited this problem and pointed out
314
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
“. . . I supplemented the usual propositional calculus with B (“is provable in the absolute sence”), and axioms [S4 axioms are listed]. Intuitionism is derivable from this. A curious result, although these axioms are all extraordinary plausible: nevertheless propositions about B are derivable from them which are surely false for every defined B . . . ” In the same lecture Godel ¨ suggested using the format of explicit proofs t is a proof of F for interpreting his provability calculus S4, thus turning to BHKK style semantics of IPC. The definitive solution of this problem in [Artemov, 1995] was found along this way. A compact survey of studies on provability semantics for S4 may be found in [Artemov, 2001]. Here is a partial list of books and papers that discussed this matter: [Lemmon, 1957; Myhill, 1960; Kripke, 1963; Montague, 1963; Mints, 1974; Kuznetsov and Muravitsky, 1977; Goldblatt, 1978; Boolos, 1979b; Myhill, 1985; Shapiro, 1985b; Shapiro, 1985a; Kuznetsov and Muravitsky, 1986; Artemov, 1990; Buss, 1990; Boolos, 1993].
11.1
The logic of proofs: formal system
The results presented is Section 11 all came from [Artemov, 1995; Artemov, 2001], unless stated otherwise. DEFINITION 190. The language of logic of proofs LP contains • the language of classical propositional logic which includes propositional variables, truth constants , ⊥, and boolean connectives • proof variables x0 , . . . , xn , . . ., proof constants a0 , . . . , an , . . . • function symbols: monadic !, binary · and + • operator symbol of the type “term : formula”. We will use a, b, c, . . . possibly with indices for proof constants, x, y, z, . . . for proof variables, i, j, k, l, m, n for natural numbers. Terms are defined by the grammar t ::= x | a | !t | t1 · t2 | t1 + t2 We call these terms proof polynomials and denote them by p,r,s. . .. Constants correspond to proofs of a finite fixed set of axiom schemas. We will omit “·” whenever it is safe. We also assume that p·r·s . . . should be read as (. . . ((p · r) · s) . . .), and p + r + s . . . as (. . . ((p + r) + s) . . .). Using t to stand for any term and S for any propositional letter, or ⊥, formulas are defined by the grammar F2 | F1 ∨F F2 | ¬F | t : F F ::= S | F1 → F2 | F1 ∧F
PROVABILITY LOGIC
315
We will use A, B, C, F, G, H for the formulas in this language, and Γ, ∆, . . . for the finite sets of formulas unless otherwise explicitly stated. We will also use x, y, , . . . and p, r, , . . . for vectors of proof variables and proof = (F F1 , . . . , Fn ), then s : Γ polynomials respectively. If s = (s1 , . . . , sn ) and Γ denotes (s1 : F1 , . . . , sn : Fn ), Γ = F1 ∨ . . . ∨ Fn , Γ = F1 ∧ . . . ∧ Fn . We assume the following precedences from highest to lowest: !, ·, +, :, ¬, ∧, ∨, →. We will use the symbol = in different situations, both formal and informal. Symbol ≡ denotes syntactical identity, E is the G¨ o¨del number of E, |s| is the length of s, i.e. the total number of symbols in s. We will skip the G¨ o¨del number symbol “” inside proof formulas and provability formulas (such as Prf, Proof, etc.) when it is safe. The intended semantics for p : F is “p is a proof of F ”, which will be formalized in the next section. Note that proof systems which provide a semantics for p : F are multi-conclusion ones, i.e. p may be a proof of several different F ’s. We define the system LP P0 in the language of LP. Axiom schemes: A0. Finite set of axiom schemes of classical propositional logic A1. t : F → F (reflection) A2. t : (F → G) → (s : F → (t·s) : G) (application) A3. t : F → !t : (t : F ) (proof checker ) A4. s : F → (s+t) : F ,
t : F → (s+t) : F (union)
Rule of inference: R1. ϕ, ϕ → ψ/ψ (modus ponens). The system LP is LP P0 plus the rule R2. A c : A, if A is an axiom A0–A4, and c a proof constant (axiom necessitation) A Constant Specification (CS) is a finite set of formulas c1 : A1 , . . . , cn : An such that ci is a constant, and Ai an axiom A0–A4. CS is injective if for each constant c there is at most one formula c : A ∈ CS (each constant denotes a proof of not more than one axiom). Each derivation in LP naturally generates the CS consisting of all formulas introduced in this derivation by the axiom necessitation rule. For a constant specification CS, by LP(CS) we mean LP P0 plus formulas from CS as additional axioms. Atomic constant terms (combinators) of typed combinatory logic (cf. [Troelstra and Schwichtenberg, 1996]) may be regarded as proof constants. The combinator kA,B of the type A → (B → A) can be identified with a constant a specified as a : (A → (B → A)). The combinator sA,B,C of the
316
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
type (A → (B → C)) → ((A → B) → (A → C)) corresponds to a constant b such that b : [(A → (B → C)) → ((A → B) → (A → C))]. Term variables of combinatory logic may be regarded as proof variables in LP, application as operation “·”. A combinatory term t of the type F is represented in LP by an formula t : F . Typed combinatory logic CL→ corresponds to a fragment of LP consisting of formulas of the sort t : F where t contains no operations other than “·” and F is a formula built from the propositional letters by “→” only. “→ There is no restriction on the choice of a constant c in R2 within a given derivation. In particular, R2 allows us to introduce a formula c : A(c), or to specify a constant several times as a proof of different axioms from A0– A4. One might restrict LP to injective constant specifications only without changing the ability of LP to emulate modal logic, or the functional and arithmetical completeness theorems for LP (below). On the other hand, LP allows us to choose the same constant in R2 all the time. Both LP P0 and LP enjoy the deduction theorem Γ, A B
⇒
Γ A → B,
and the substitution lemma: If Γ(x, P ) B(x, P ), then for any t, F Γ(x/t, P/F ) B(x/t, P/F ). Obviously, F is derivable in LP with a constant specification CS LEMMA 191 (Lifting lemma). polynomial t(x, y) such that
iff
LP(CS) F
iff
LP P0
CS → F .
If s : Γ, ∆ LP F , then there is a proof
s : Γ, y : ∆ LP t(s, y) : F. Moreover, if the constant specification CS in the original derivation is injective then the resulting constant specification is also injective and extends CS. Proof. By induction on the derivation s : Γ, ∆ F . If F = s : G ∈ s : Γ, then put t :=!s and use A3. If F = Dj ∈ ∆, then put t := yj . If F is an axiom A0–A4, then pick a fresh proof constant c and put t := c; by R2, c : F . Let F be derived by modus ponens from G → F and G. Then, by the induction hypothesis, there are proof polynomials u(s, y) and v(s, y) such that u : (G → F ) and v : G are both derivable from s : Γ, y : ∆. By A2, s : Γ, y : ∆ (u · v) : F , and we put t := u · v. If F is derived by R2, then F = c : A for some axiom A. Use the same R2 followed by A3: c : A → !c : c : A and modus ponens to get !c : F , and put t :=!c.
PROVABILITY LOGIC
317
It is easy to see from the proof that the lifting polynomial t is nothing but a blueprint of a given derivation of F . Thus, LP internalizes its own proofs as proof terms. COROLLARY 192 (Internalization property for LP). If A1 , . . . , An B , then it is possible to construct a proof polynomial t(x1 , . . . , xn ) depending on fresh variables x1 , . . . , xn , such that x1 : A1 , . . . , xn : An t(x1 , . . . , xn ) : B . One might notice that the Curry-Howard isomorphism covers only a simple instance of the internalization property when all of A1 , . . . , An , B are purely propositional formulas without proof terms. COROLLARY 193 (Necessitation rule for LP). F
⇒ p : F for some ground proof polynomial p .
Example below shows how to derive in LP vs. S4. Note, that LP suffices to emulate all S4-derivations, as it will be shown in Theorem 198. EXAMPLE 194. We first derive 2A∨2B → 2(2A∨2B) in S4. 1. 2. 3. 4. 5. 6.
2A → 2A ∨ 2B, 2B → 2A ∨ 2B, axioms; 2(2A → 2A ∨ 2B), 2(2B → 2A ∨ 2B), by necessitation, from 1; 2A → 22A, 2B → 22B, axioms; 22A → 2(2A∨2B), 22B → 2(2A∨2B), from 2; 2A → 2(2A∨2B), 2B → 2(2A∨2B), from 3, 4; 2A∨2B → 2(2A∨2B), from 5.
And here is the corresponding derivation in LP: 1. x : A → x : A∨y : B, y : B → x : A∨y : B, axioms; 2. a : (x : A → x : A∨y : B), b : (y : B → x : A∨y : B), constant specification; 3. x : A → !x : x : A, y : B → !y : y : B, axioms; 4. !x : x : A → (a·!x) : (x : A∨y : B), !y : y : B → (b·!y) : (x : A∨y : B), from 2; 5. x : A → (a·!x) : (x : A∨y : B), y : B → (b·!y) : (x : A∨y : B), from 3, 4; 5 . (a·!x) : (x : A∨y : B) → (a·!x +b·!y) : (x : A∨y : B), an axiom; 5 . (b·!y) : (x : A∨y : B) → (a·!x +b·!y) : (x : A∨y : B), an axiom; 6. x : A → (a·!x +b·!y) : (x : A∨y : B), from 5, 5 6 . y : B → (a·!x +b·!y) : (x : A∨y : B), from 5, 5 ; 6 . x : A∨y : B → (a·!x+b·!y) : (x : A∨y : B), from 6, 6 . The operations “·” and “!” are present in single-conclusion as well as in multi-conclusion proof systems. On the other hand, “+” is an operation for
318
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
multi-conclusion proof systems only. Indeed, by A4 we have s : F ∧ t : G → (s+t) : F ∧ (s+t) : G, thus s + t proves both F and G. Proof theoretical differences between single-conclusion and multi-conclusion proof systems are mostly cosmetic. Usual proof systems (Hilbert or Gentzen -style) may be considered as single-conclusion if one assumes that a proof derives only the end formula (sequent) of a proof tree. On the other hand, the same systems may be regarded as multi-conclusion by assuming that a proof derives all formulas assigned to the nodes of the proof tree. As we have seen from the introduction, logical identities of single-conclusion proofs alone are not compatible with normal modal logics. Hence, provability considered from the modal point of view corresponds to possibly multi-conclusion proofs. Note, that individual operators “t : ( )” in LP are not normal modalities since they do not satisfy the property t : (P → Q) → (t : P → t : Q). This makes LP essentially different from polymodal logics, e.g. the dynamic logic of programs [Kozen and Tiuryn, 1990], where the modality is upgraded by some additional features. Rather the modality in the logic of proofs has been decomposed into a family of proof polynomials.
11.2 Realization of modal and intuitionistic logics by proof polynomials The formulation of LP and above Example 194 left an impression that LP was something like an explicit version of S4. The main idea of the logic of proofs project was based on the observation that proof polynomials apparently denoted classical proof objects (cf. Subsection 11.3) and a hope that LP indeed was capable of realizing derivations in S4 by recovering proof polynomials for every occurrence of modality. It would immediately deliver a realizability-style provability semantics for G¨ o¨del’s provability calculus S4 and hence a BHK-style K semantics of proofs for intuitionistic propositional calculus IPC. Both facts have been first established in [Artemov, 1995]. The inverse operation to realization of modalities of proof polynomials is the forgetful projection of LP-formulas to the usual modal formulas obtained by replacing all t : X’s by 2X’s. It is easy to see that the forgetful projection of LP is S4-compliant. Let F o be the forgetful projection of F . By a straightforward induction on a derivation in LP one could show that LEMMA 195. If LP F , then S4 F o . The goal of the current subsection is to establish the converse, namely that LP suffices to realize any theorem of S4. DEFINITION 196. By an LP-realization of a modal formula F we mean an assignment of proof polynomials to all occurrences of the modality in F along with a constant specification of all constants occurring in those proof polynomials. By F r we understand the image of F under a realization r.
PROVABILITY LOGIC
319
Positive and negative occurrences of modality in a formula and a sequent are defined in the conventional way. Since we will be using sequent calculus language in the realization algorithm below, we recall the polarity definition for a modal formula F within a given sequent. Namely, (1) the indicated occurrence of 2 in 2F is positive; (2) any occurrence of 2 from F in G→F , G∧F , F ∧G, G∨F , F ∨G, 2F and Γ ⇒ ∆, F has the same polarity as the corresponding occurrence of 2 in F ; (3) any occurrence of 2 from F in ¬F , F →G and F, Γ ⇒ ∆ has a polarity opposite to that of the corresponding occurrence of 2 in F . In a provability context 2F is intuitively understood as “there exists a proof x of F F”. After an informal skolemization, i.e. replacing quantifiers by functions, all negative occurrences of 2 produce arguments of Skolem functions, whereas positive ones give functions of those arguments. For example, 2A → 2B should be read informally as ∃x“x is a proof of A” → ∃y “y is a proof of B”, with the Skolem form “x is a proof of A” → “f(x) is a proof of B”. The following definition captures this feature. DEFINITION 197. A realization r is called normal if all negative occurrences of 2 are realized by proof variables and the corresponding constant specification is injective. THEOREM 198. Given a derivation S4 F one could recover a normal realization r such that LP F r Proof. Consider a cut-free sequent formulation of S4 (cf. [Avron, 1984], [Mints, 1974]), with sequents Γ ⇒ ∆, where Γ and ∆ are finite multisets of modal formulas. Without loss of generality we may assume that axioms are sequents of the form S ⇒ S, where S is a propositional letter, and the sequent ⊥ ⇒ . Along with the usual structural rules (weakening, contraction, cut) and rules introducing boolean connectives there are also two proper modal rules: A, Γ ⇒ ∆ 2A, Γ ⇒ ∆
2Γ ⇒ A
(2 ⇒) and
2Γ ⇒ 2A
(⇒ 2)
(2{A1 , . . . , An } = {2A1 , . . . , 2An }). Given S4 F one could find a cut-free derivation T of a sequent ⇒ F . It suffices now to construct a normal realization r with an injective constant specification CS such that LP(CS) Γr → ∆r for any sequent Γ ⇒ ∆ occurring in T . We will also speak about a sequent Γ ⇒ ∆ being derivable
320
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
in LP meaning LP Γ → ∆, or, equivalently, LPG Γ ⇒ ∆. Note that all 2’s introduced by (⇒ 2) are positive, and all negative 2’s are introduced by (2 ⇒) or by weakening. In each rule in T every occurrence of 2 in the conclusion sequent of the rule has one, two or none predecessors in premise sequents: two, if this occurrence is in a contraction formula; none, if this 2 was just introduced by a modal rule or a weakening; one in all other cases. We call these occurrences of 2 related and extend this relationship by transitivity. Hence, all occurrences of 2 in T are naturally split into disjoint families of related ones. Since cut-free derivations in S4 respect polarities, in any given family either all 2’s are negative or all are positive. We call a family essential if it contains at least one instance of the (⇒ 2) rule. Clearly, essential families are all positive. Now the desired r will be constructed by stages 1–3 described below. We reserve a large enough set of proof variables as provisional variables. Stage 1. For each negative family 2B or nonessential positive family we pick a fresh proof variable x and replace all occurrences of 2B by “x : B”. Stage 2. Pick an essential family f , enumerate all the occurrences of rules (⇒ 2) which introduce boxes of this family. Let nf be the total number of such rules for f . Replace all boxes of f by the polynomial v1 + . . . + vnf , where vi ’s are fresh provisional variables. The resulting tree T is labelled by LP-formulas, since all 2’s have been replaced by proof polynomials. Stage 3. Run a process going from the leaves of the tree to its root which will update a constant specification CS and replace the provisional variables by proof polynomials of the usual variables from stage (1) and constants from CS as follows. By induction on the depth of a node in T we establish that after the process passes a node the sequent assigned to this node becomes derivable in LP(CS) for a current CS. At the initial moment CS is empty. The axioms S ⇒ S and ⊥ ⇒ are derivable in LP P0 . For every rule other than (⇒ 2) we change neither the realization of formulas nor CS, and just notice that the concluding sequent is provable in LP(CS) given that the premises are. It is easy to see that every move down in the tree other than (⇒ 2) is provable in LP(CS). Consider a rule (⇒ 2) of a family f , and let this rule have number i in the numbering of all rules (⇒ 2) from a given family f . The corresponding node in T is labelled by y1 : B1 , . . . , yk : Bk ⇒ B y1 : B1 , . . . , yk : Bk ⇒ (u1 + . . . + unf ) : B ,
PROVABILITY LOGIC
321
where y1 , . . . , yk are proof variables introduced in (1), u1 , . . . , unf are proof polynomials, and ui is a provisional variable. By the induction hypothesis, the premise sequent y1 : B1 , . . . , yk : Bk ⇒ B is derivable in LP(CS). By Lemma 191, construct a proof polynomial t(y1 , . . . , yn ) and extend the constant specification to get a new injective CS such that LP(CS) y1 : B1 , . . . , yk : Bk ⇒ t(y1 , . . . , yn ) : B. Since LP P0 t : B → (u1 +. . .+ui−1 +t+ui+1 +. . .+unf ) : B , LP(CS) y1 : B1 , . . ., yk : Bk ⇒ (u1 +. . .+ui−1 +t+ui+1 +. . .+unf ) : B. Now substitute t(y1 , . . . , yn ) for ui everywhere in the derivation tree and in the current CS. The latter remains injective after such a substitution, though this operation may lead to constant specifications of the sort c : A(c) where A(c) contains c. Note that t(y1 , . . . , yn ) has no provisional variables, hence such a substitution is always possible. Moreover, after the substitution there is one less provisional variable (namely ui ) left, which guarantees termination. The conclusion of the rule (⇒ 2) under consideration becomes derivable in LP(CS), and the induction step is complete. Eventually, we substitute polynomials of non-provisional variables for all provisional variables and build a realization of the root sequent of the proof tree derivable in LP(CS). Obviously, the realization r built by this procedure is normal. COROLLARY 199 (Realization of S4). S4 F
⇔ LP F r for some realization r.
The realization algorithm above is in fact exponential in the length of a given cut-free derivation of S4 mostly because of a repeating use of the Lifting Lemma. A polynomial time realization algorithm was recently offered by V. Brezhnev and R. Kuznets (not yet published). Some S4-theorems admit essentially different realizations in LP. For example, among possible realizations of 2F ∨ 2F → 2F there are x : F ∨y : F → (x + y) : F and x : F ∨x : F → x : F. The former of these formulas is a meaningful specification of the operation “+”, the latter one is a trivial tautology. Modal formulas can be realized by some restricted classes of proof polynomials. For example, the standard realization of the S4-theorem (2A∨ A 2B) → 2(A∨B) gives (x : A∨y : B) → (a·x + b·y) : (A∨B) with the injective constant specification a : (A → A∨B), b : (B → A∨B). The same modal formula can be
322
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
realized in LP as (c : A ∨ c : B) → (c·c) : (A∨B) with the constant specification c : (A → A ∨ B), c : (B → A ∨ B). However, the idea behind LP design has been to keep its language reasonably general, since realization of S4 is not the only job the logic of proofs has been created for.
11.3 Standard provability semantics of LP We shall work in PA. By ∆1 and Σ1 we mean the corresponding classes of arithmetical predicates. We will use x, y, z to denote individual variables in arithmetic and hope that the reader is able to distinguish them from the proof variables. DEFINITION 200. We assume here that PA contains terms for all primitive n ´ski, 1985], [Takeuti, 1975]), called primitive recursive functions (cf. [Smory´ recursive terms. Formulas f (x) = 0 where f (x) is a primitive recursive term are standard primitive recursive formulas. A standard Σ1 -formula is a formula ∃xϕ(x, y ) where ϕ(x, y ) is a standard primitive recursive formula. An arithmetical formula ϕ is provably Σ1 if it is provably equivalent in PA to a standard Σ1 -formula; ϕ is provably ∆1 iff both ϕ and ¬ϕ are provably o¨del number symbol and write ϕ instead Σ1 . Sometimes, we will omit a G¨ of ϕ when safe. DEFINITION 201. A proof predicate is a provably ∆1 -formula Prf(x, y) such that for every arithmetical sentence ϕ PA ϕ iff for some n ∈ ω, Prf(n, ϕ) holds. Prf(x, y) is normal if it satisfies the following two conditions: 1) (finiteness of proofs) For any k, the set T (k) = {l | Prf(k, l)} is finite. The function from k to the code of T (k) is computable. 2) (conjoinability of proofs) For any k and l, there is n such that T (k) ∪ T (l) ⊆ T (n). The conjoinability property yields that normal proof predicates are multiconclusion ones. EXAMPLE 202. The natural arithmetical proof predicate Proof(x, y) “x is the code of a derivation containing a formula with the code y”. is the standard example of a normal proof predicate. Note, that every normal proof predicate can be transformed into a singleconclusion one by straightforwardly changing from “p proves F1 , . . . , Fn ”
to
“(p, i) proves Fi , i = 1, . . . , n”.
PROVABILITY LOGIC
323
Moreover, every single-conclusion proof predicate may be regarded as normal multi-conclusion, e.g. by reading Fn ” “p proves F1 ∧ . . . ∧F
as
“p proves each of Fi , i = 1, . . . , n”.
PROPOSITION 203. For every normal proof predicate Prf there are computable functions m(x, y), a(x, y) and c(x) such that for all arithmetical formulas ϕ, ψ and all natural numbers k, n the following formulas are valid: Prf(k, ϕ → ψ) ∧ Prf(n, ϕ) → Prf(m(k, n), ψ) Prf(k, ϕ) → Prf(a(k, n), ϕ),
Prf(n, ϕ) → Prf(a(k, n), ϕ)
Prf(k, ϕ) → Prf(c(k), Prf(k, ϕ)). Proof. For example, the following function can be taken as m: m(k, n) = µz.“Prf(z, ψ) holds for all ψ such that there are ϕ → ψ ∈ T (k) and ϕ ∈ T (n)” . Likewise, for a one could take a(k, n) = µz.T (k) ∪ T (n) ⊆ T (z). Finally, c may be given by c(k) = µz.“Prf(z, Prf(k, ϕ)) for all ϕ ∈ T (k)”. Such a z always exists. Indeed, Prf(k, ϕ) is a true ∆1 -sentence for every ϕ ∈ T (k), therefore they are all provable in PA. Use conjoinability to find a uniform proof of all of them. DEFINITION 204. An arithmetical interpretation ∗ of the LP-language has the following parameters: • a normal proof predicate Prf with the functions m(x, y), a(x, y) and c(x) as in Proposition 203, • an evaluation of propositional letters by sentences of arithmetic, • an evaluation of proof variables and constants by natural numbers. Let ∗ commute with boolean connectives, (t·s)∗ = m(t∗ , s∗ ),
(t + s)∗ = a(t∗ , s∗ ),
(t : F )∗ = Prf(t∗ , F ∗ ).
(!t)∗ = c(t∗ ),
324
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Under an interpretation ∗ a proof polynomial t becomes the natural number t∗ , an LP-formula F becomes the arithmetical sentence F ∗ . A formula (t : F )∗ is always provably ∆1 . For a set X of LP-formulas by X ∗ we mean the set of all F ∗ ’s such that F ∈ X. Given a constant specification CS, an arithmetical interpretation ∗ is a CS-interpretation, if all formulas from CS S∗ are true (equivalently, are provable in PA). An LP-formula F is valid (with respect to the arithmetical semantics), if F ∗ is true under all interpretations ∗. F is provably valid if PA F ∗ for any interpretation ∗. F is valid under constant specification CS, if F ∗ is true under all CS -interpretations ∗. F is provably valid under constant specification CS, if PA F ∗ for any CS -interpretation ∗. It is obvious that provably valid yields valid. PROPOSITION 205 (Arithmetical soundness of LP P0 ). If LP P0 F then F is provably valid (hence, valid). P0 . Let us check Proof. A straightforward induction on the derivation in LP the axiom t : F → F . Under an interpretation ∗ (t : F → F )∗ ≡ Prf(t∗ , F ∗ ) → F ∗ . Consider two possibilities. Either Prf(t∗ , F ∗ ) is true, in which case t∗ is indeed a proof of F ∗ , thus, PA F ∗ and PA (t : F → F )∗ . Otherwise Prf(t∗ , F ∗ ) is false, in which case being a false ∆1 -formula it is refutable in PA. Hence, PA ¬Prf(t∗ , F ∗ ) and again PA (t : F → F )∗ . COROLLARY 206 (Arithmetical soundness of LP). LP(CS) F ⇒ F is provably valid under the constant specification CS. The above provability semantics for LP may be characterized as a call-byvalue semantics, since the evaluation F ∗ of a given LP-formula F depends upon the value of participating functions. A different call-by-name provability semantics for LP was introduced in [Artemov, 1995] and then used in [Krupski, 1997], [Sidon, 1997]. In the latter semantics, F ∗ depends upon the particular programs for the functions participating in ∗. Following [Artemov, 2001], we proceed with establishing an arithmetical completeness of the logic of proofs by building a decidable version of the canonical model for LP and then embedding this model into PA. As a side product we will get normalization theorem for a Gentzen-style formulation of LP.
11.4 A sequent formulation of logic of proofs As before, by a sequent we mean a pair Γ ⇒ ∆, where Γ and ∆ are finite multisets of LP-formulas. For Γ, F we mean Γ ∪ {F }. Without loss of
PROVABILITY LOGIC
325
generality we assume a boolean basis → , ⊥ and treat the remaining boolean connectives as definable ones. Axioms of LPG 0 are sequents of the form Γ, F ⇒ F, ∆ and Γ, ⊥ ⇒ ∆. Along with the usual Gentzen sequent rules of classical propositional logic, including the cut and contraction rules (e.g. like G2c from [Troelstra and Schwichtenberg, 1996]), the system LPG 0 contains the rules A, Γ ⇒ ∆ t : A, Γ ⇒ ∆
Γ ⇒ ∆, t : A
(: ⇒ )
Γ ⇒ ∆, !t : t : A
Γ ⇒ ∆, t : A
( ⇒ !)
Γ ⇒ ∆, t : A
( ⇒ +) Γ ⇒ ∆, (t + s) : A
( ⇒ +) Γ ⇒ ∆, (s + t) : A
Γ ⇒ ∆, s : (A → B)
Γ ⇒ ∆, t : A
Γ ⇒ ∆, (s · t) : B
( ⇒ ·)
The system LPG is LPG 0 plus the rule Γ ⇒ A, ∆ Γ ⇒ c : A, ∆
( ⇒ c),
where A is an axiom A0–A4 of LP, and c is a proof constant. LPG− and LPG− are the corresponding systems without the rule Cut. 0 By a straightforward induction both ways it is easy to establish Γ⇒ ∆ iff LP P0 Γ → ∆, PROPOSITION 207. LPG 0 LPG Γ ⇒ ∆ iff LP Γ → ∆. COROLLARY 208. LP(CS) F
iff
LPG 0 CS ⇒ F .
DEFINITION 209. The sequent Γ ⇒ ∆ is saturated if 1. A → B ∈ Γ implies B ∈ Γ or A ∈ ∆, 2. A → B ∈ ∆ implies A ∈ Γ and B ∈ ∆, 3. t : A ∈ Γ implies A ∈ Γ, 4. !t : t : A ∈ ∆ implies t : A ∈ ∆, 5. (s + t) : A ∈ ∆ implies s : A ∈ ∆ and t : A ∈ ∆ 6. (s · t) : B ∈ ∆ implies for each X → B occurring as a subformula in Γ, ∆ either s : (X → B) ∈ ∆ or t : X ∈ ∆. Γ ⇒ ∆. Then there LEMMA 210 (Saturation lemma). Suppose LPG− 0 exists a saturated sequent Γ ⇒ ∆ such that 1. Γ ⊆ Γ , ∆ ⊆ ∆ , 2. Γ ⇒ ∆ is not derivable in LPG− 0 .
326
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. Run a straightforward saturation algorithm, prove its termination [Artemov, 2001]. Note that in a saturated sequent Γ ⇒ ∆ which is not LPG− 0 -derivable the set Γ is closed under the rules t : X/X and X → Y, X/Y . LEMMA 211 (Completion Lemma). For each saturated sequent Γ ⇒ ∆ not (a completion of Γ ⇒ ∆) there is a set of LP-formulas Γ derivable in LPG− 0 such that is decidable, for each t the set I(t) = {X | t : X ∈ Γ} is finite and a 1. Γ 20 21 function from a code of t to a code of I(t) is computable, ∆∩Γ = ∅, 2. Γ ⊆ Γ, then X ∈ Γ, 3. if t : X ∈ Γ, and t : X ∈ Γ, then (s · t) : Y ∈ Γ, 4. if s : (X → Y ) ∈ Γ then !t : t : X ∈ Γ, 5. if t : X ∈ Γ, then (t + s) : X ∈ Γ and (s + t) : X ∈ Γ. 6. if t : X ∈ Γ, Proof. By a straightforward completion algorithm [Artemov, 2001].
11.5 Completeness theorems In this section we establish completeness and cut-elimination theorems for the logic of proofs. THEOREM 212. The following are equivalent 1. 2. 3. 4. 5.
Γ ⇒ ∆, LPG− 0 LPG 0 Γ ⇒ ∆, LP P 0 Γ → ∆, Γ → ∆ is provably valid in arithmetic, Γ → ∆ is valid in arithmetic.
Proof. The steps from 1 to 2 and from 4 to 5 are trivial. The step from 2 to 3 follows from Proposition 207 and the step from 3 to 4 follows from Proposition 205. It suffices now to prove that 1 follows from 5. We assume Γ ⇒ ∆. Our now will “not 1” and establish “not 5”. Suppose LPG− 0 aim be to construct an arithmetical interpretation ∗ such that ( Γ → ∆)∗ is false in the standard arithmetical sense. From Lemma 210 get a saturated sequent Γ ⇒ ∆ , and then perform a completion (Lemma 211) to get a set of formulas Γ . We define the desired interpretation ∗ on propositional letters Si , proof ¨odel numbering variables xj and proof constants aj first. We assume that G¨ of the joint language of LP and PA is injective, i.e. E1 = E2 20 For
21 For
↔
E1 ≡ E2
example, the G¨ ¨ odel number of t. example, the code of the finite set of G¨ ¨ odel numbers of formulas from I(t).
PROVABILITY LOGIC
327
for any expressions E1 , E2 , and that 0 is not a Godel ¨ number of any expression. For a propositional letter S, proof variable x and proof constant a let S = S, if S ∈ Γ ∗ a∗ = a. S = x∗ = x, S = 0, if S ∈ Γ , The remaining parts of ∗ are constructed by an arithmetical fixed point equation below. For any arithmetical formula Prf(x, y) define an auxiliary translation † of proof polynomials to numerals and LP-formulas to PA-formulas such that S † = S ∗ for any propositional letter S, t† = t for any proof polynomial t, † (t : F ) = Prf(t† , F † ), and † commutes with the propositional connectives. It is clear that if Prf(x, y) contains quantifiers, then † is injective, i.e. F † ≡ G† yields F ≡ G. Indeed, from F † ≡ G† it follows that the principal † † connectives in F and G coincide. We consider one case: (F F1 → F2 ) ≡ (s : G) † is impossible. Since (s : G) ≡ Prf(k, n) for the corresponding k and n, this † formula contains quantifiers. Therefore, the formula (F F1 → F2 ) ≡ F1 † → † F2 also contains quantifiers and thus contains a subformula of the form † Prf(k1 , n1 ). However, (s : G) ≡ F1 † → F2 † is impossible, since the numbers of logical connectives and quantifiers in both parts of ≡ are different. Now the injectivity of † can be shown by an easy induction on the construction of an LP-formula. Moreover, one can construct primitive recursive functions f and g such that f (B, Prf) = B † ,
g(B † , Prf) = B.
Let (Proof, ⊗, ⊕, ⇑ ⇑) be the standard multi-conclusion proof predicate from Example 202, with ⊗ standing for “application”, ⊕ for “union” and ⇑ for “proof checker” operations associated with Proof. In particular, for any arithmetical formulas ϕ, ψ and any natural numbers k, n the following arithmetical formulas are true: Proof(k, ϕ → ψ) ∧ Proof(n, ϕ) → Proof(k ⊗ n, ψ) Proof(k, ϕ) → Proof(k ⊕ n, ϕ) Proof(n, ϕ) → Proof(k ⊕ n, ϕ) Proof(k, ϕ) → Proof(⇑k, Proof(k, ϕ)). Without loss of generality we assume that Proof(t, k) is false for any proof polynomial t and any k ∈ ω. Let ϕ(y , z) be a provably Σ1 arithmetical formula. Without loss of generality we assume that ϕ(y , z) is provably equivalent to ∃xψ(x, y, z), for some provably ∆1 -formula ψ(x, y, z). By µz.ϕ(y , z) we mean a function z = f (y) that, given y ,
328
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
1. Calculates the first pair of natural numbers (k, l) such that ψ(k, y , l) holds; 2. Puts z = l. It is clear that µz.ϕ(y , z) is computable (though not necessarily total). By the fixed point argument we construct a formula Prf(x, y) such that PA proves the following fixed point equation (FPE): Prf(x, y) ↔
Proof(x, y) ∨ (“x = t for some t and y = B † for some B ∈ I(t)”)
The arithmetical formula “. . .” above describes a primitive recursive procedure: given x and y recover t and B such that x = t and y = B † , then verify B ∈ I(t). From FPE it is immediate that Prf is a provably ∆1 -formula, since Proof(x, y) is provably ∆1 . It also follows from FPE that PA ψ yields Prf(k, ψ), for some k ∈ ω. We define the arithmetical formulas M (x, y, z), A(x, y, z), C(x, z) as follows. Here s, t denote proof polynomials. M (x, y, z) ↔ (“x “ = s and y = t for some s and t” ∧ z = s · t) ∨ (“x “ = s for some s and y = t for any t” ∧ ∃v[“v “ = µw.( {Proof(w, B † ) | B ∈ I(s)})” ∧ z = v ⊗ y]) ∨ (“x “ = s for any s and y = t for some t” ∧ ∃v[“v = µw.( {Proof(w, B † ) | B ∈ I(t)})” ∧ z = x ⊗ v]) ∨ (“x “ = s and y = t for any s and t” ∧ z = x ⊗ y) A(x, y, z) ↔ (“x “ = s and y = t for some s and t” ∧ z = s + t) ∨ (“x “ = s for some s and y = t for any t” ∧ ∃v[“v “ = µw.( {Proof(w, B † ) | B ∈ I(s)})” ∧ z = v ⊕ y]) ∨ (“x “ = s for any s and y = t for some t” ∧ ∃v[“v = µw.( {Proof(w, B † ) | B ∈ I(t)})” ∧ z = x ⊕ v]) ∨ (“x “ = s and y = t for any s and t” ∧ z = x ⊕ y) C(x, z) ↔ ( “x “ = t for some t”∧z = !t) ∨ (“x “ = t for any t” ∧ ∃v[“v = µw.( {Proof(w, Proof(t, ϕ) → Prf(t, ϕ)) | ϕ ∈ T (t)})” ∧ z = v⊗ ⇑x])
PROVABILITY LOGIC
329
Here each of “. . .” denotes a natural arithmetical formula representing in PA the corresponding condition. Note that in the definitions of M (x, y, z), A(x, y, z) and C(x, z) above, all the functions of sort µw.ϕ are computable, since all the corresponding ϕ’s are ∆1 . Therefore, M (x, y, z), A(x, y, z) and C(x, z) are provably Σ1 . Let m(x, y) := µz.M (x, y, z), a(x, y) := µz.A(x, y, z), c(x) := µz.C(x, z). As follows from the above, the functions m(x, y), a(x, y) and c(x) are computable. Moreover, Lemma 217 below yields that these functions are total. We continue defining the interpretation ∗. Let Prf for ∗ be the one from FPE, and the functions m(x, y), a(x, y) and c(x) are as above. LEMMA 213. a) t∗ = t† for any proof polynomial t, b) B ∗ ≡ B † for any LP-formula B. Proof. a) Induction on the construction of a proof polynomial. Base cases are covered by the definition of the interpretation ∗. For the induction step note that according to the definitions, the following equalities are provable in PA: † (s · t)∗ = m(s∗ , t∗ ) = m(s, t) = s · t = (s · t) , †
(s + t)∗ = a(s∗ , t∗ ) = a(s, t) = s + t = (s + t) , †
(!t)∗ = c(t∗ ) = c(t) = !t = (!t) . b) By induction on B. The atomic case when B is a propositional letter holds by the definitions. If B is t : F , then (t : F )∗ ≡ Prf(t∗ , F ∗ ). By a), t∗ = t† . By the induction hypothesis, F ∗ ≡ F † which yields F ∗ = † F † . Therefore Prf(t∗ , F ∗ ) ≡ Prf(t† , F † ) ≡ (t : F ) . The inductive steps are trivial. COROLLARY 214. The mapping ∗ is injective on terms and formulas of LP. In particular, for all expressions E1 and E2 , E1 ∗ = E 2 ∗
⇒
E1 ≡ E2 .
∗
COROLLARY 215. X is provably ∆1 , for any LP-formula X . Indeed, if X is atomic, then X ∗ is provably ∆1 by the definition of ∗. If X is t : Y , then (t : Y )∗ is Prf(t∗ , Y ∗ ). By Lemma 213, PA Prf(t∗ , Y ∗ ) ↔ Prf(t, Y ∗ ). The latter formula is provably ∆1 , therefore (t : Y )∗ is provably ∆1 . Since the set of provably ∆1 -formulas is closed under boolean connectives, X ∗ is provably ∆1 for each X. LEMMA 216. If X ∈ Γ , then PA X ∗ . If X ∈ ∆ , then PA ¬X ∗ .
330
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. By induction on the length of X. Base case, i.e. X is atomic or X = t : Y . Let X be atomic. By the definition of ∗, X ∗ is true iff X ∈ Γ . Let X = t : Y and t : Y ∈ Γ . Then PA “Y ∈ I(t)”. By FPE, PA Prf(t, Y † ). By Lemma 213, PA Prf(t∗ , Y ∗ ). Therefore PA (t : Y )∗ . If t : Y ∈ ∆ , then t : Y ∈ Γ and “Y ∈ I(t)” is false. The formula Proof(t∗ , Y ∗ ) is also false, since t∗ is t (by Lemma 213) and Proof(t, k) is false for any k by assumption. By FPE, (t : Y )∗ is false. Since (t : Y )∗ is provably ∆1 (Lemma 215), PA ¬(t : Y )∗ . The induction steps corresponding to boolean connectives are standard and based on the saturation properties of Γ ⇒ ∆ . For example, let X = Y → Z ∈ Γ . Then Y → Z ∈ Γ , and, by Definition 209, Y ∈ Γ or Z ∈ ∆ . By the induction hypothesis, Y ∗ is true or Z ∗ is false, thus, (Y → Z)∗ is true, etc. LEMMA 217. PA ϕ ⇔ Prf(n, ϕ) for some n ∈ ω. Proof. It remains to establish (⇐). Let Prf(n, ϕ) hold, for some n ∈ ω. By FPE, either Proof(n, ϕ) holds or ϕ = B † , for some B such that t : B ∈ Γ . In the latter case by the saturation property of Γ , B ∈ Γ . By o¨del numbering, ϕ ≡ B † . Lemma 216, PA B ∗ . By the injectivity of the G¨ ∗ By Lemma 213, ϕ ≡ B . Therefore PA ϕ. LEMMA 218. For all arithmetical formulas ϕ, ψ and natural numbers k, n, the following is true a) Prf(k, ϕ → ψ) ∧ Prf(n, ϕ) → Prf(m(k, n), ψ); b) Prf(k, ϕ) → Prf(a(k, n), ϕ),
Prf(n, ϕ) → Prf(a(k, n), ϕ);
c) Prf(k, ϕ) → Prf(c(k), Prf(k, ϕ)). Proof. a) Assume Prf(k, ϕ → ψ) and Prf(n, ϕ) . There are four possibilities. i) Neither of k, n is a Godel ¨ number of a proof polynomial. By FPE, both Proof(n, ϕ) and Proof(k, ϕ → ψ) hold, so Proof(k ⊗ n, ψ) also does. ii) Both k and n are equal to Godel ¨ numbers of some proof polynomials, say k = s and n = t. By FPE, ϕ is F ∗ and ψ is G∗ for some LP-formulas F, G such that F → G ∈ I(s) and F ∈ I(t). By the closure property of Γ (Lemma 211(4)), G ∈ I(s · t). By FPE, Prf(s · t, G∗ ). By Lemma 213 and by definitions, PA proves that s · t = (s · t)∗ = m(s∗ , t∗ ) = m(s, t)m(k, n). Thus, m(k, n) = s · t and Prf(m(k, n), ψ) is true. iii) k is not equal to the Godel ¨ number of a proof polynomial, n = t for some proof polynomial t. By FPE, Proof(k, ϕ → ψ) and ϕ ≡ F † for some LP-formula F such that F ∈ I(t). Compute the number l = µw.( {Proof(w, B † ) | B ∈ I(t)})
PROVABILITY LOGIC
331
by the following method. Take I(t) = {B1 , . . . , Bl }. By definition, Bi ∈ Γ , i = 1, . . . , l. By Lemma 216, PA Bi ∗ for all i = 1, . . . , l. By Lemma 213, PA Bi † for all i = 1, . . . , l. By the conjoinability property of Proof there exists w such that Proof(w, Bi † ) for all i = 1, . . . , l. Let j be the least such w. In particular, Proof(j, F † ). By the definition of ⊗, Proof(k ⊗ j, ψ). By the definition of M , PA m(k, n) = k ⊗ j, therefore Proof(m(k, n), ψ) holds. ¨ number of a proof polynomial, but t is not a Case iv): “s is a Godel Godel ¨ number of any proof polynomial” is similar to (iii). Part (b) can be checked in the same way as (a). c) Given Prf(k, ϕ) there are two possibilities. i) k = t for some proof polynomial t. By FPE, ϕ ≡ F † for some F such that F ∈ I(t). By the closure property from Lemma 211(5) of Γ , !t : t : F ∈ Γ . By Lemma 216, (!t : t : F )∗ holds. By definitions, (!t : t : F )∗ ≡ Prf(c(t∗ ), Prf(t∗ , F ∗ )). By Lemma 213, t∗ = t and F ∗ ≡ F † . Therefore t∗ = k, F ∗ ≡ ϕ and Prf(c(k), Prf(k, ϕ)). ii) k = t for any proof polynomial t. By FPE, Proof(k, ϕ) holds. By definition of the proof checking operation ⇑ for Proof, Proof(⇑k, Proof(k, ϕ)). By the definition of C, in this case PA c(k) = l ⊗ ⇑k where l equals µw. {Proof(w, Proof(k, ψ) → Prf(k, ψ)) | Proof(k, ψ)}. By the definition of l, Proof(l, Proof(k, ϕ) → Prf(k, ϕ)). Therefore Proof(l ⊗ ⇑k, Prf(k, ϕ)). By FPE, Prf(l ⊗ ⇑k, Prf(k, ϕ)), therefore Prf(c(k), Prf(k, ϕ)). LEMMA 219. The normality conditions for Prf are fulfilled.
332
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
Proof. By FPE, Prf is provably ∆1 . It follows from FPE and Lemma 217 that for any arithmetical sentence ϕ PA ϕ if and only if Prf(n, ϕ) holds for some n. Finiteness of proofs. For each k, the set T (k) = {l | Prf(k, l)} is finite. Indeed, if k is a Godel ¨ number of a proof polynomial, we can use the finiteness of I(t); otherwise we use the normality of Proof. An algorithm for the function from k to the code of T (k) for Prf can be easily constructed from those for Proof, and from the decision algorithm for I(t), Lemma 211(1). Conjoinability of proofs for Prf is realized by the function a(x, y), since by Lemma 218, T (k) ∪ T (n) ⊆ T (a(k, n)). Let us finish the proof of the final “not 1 implies not 5” part of Theorem 212. we have constructed an Given a sequent Γ ⇒ ∆ not provable in LPG− 0 false in the standard interpretation ∗ such that Γ∗ are all true, and ∆∗ are all model of arithmetic (Lemma 216). Therefore, ( Γ → ∆)∗ is false. COROLLARY 220 (Completeness of LP). LP(CS) F iff F is (provably) valid under constant specification CS . COROLLARY 221. LP F iff F is (provably) valid under some constant specification . COROLLARY 222. LP P0 is decidable. Given an LP-formula F run the saturation algorithm A on a sequent ⇒ F . P0 F . If A fails, then LP P0 F . Otherwise, LP COROLLARY 223 (Cut-elimination in LP P0 ). Every sequent derivable in LPG 0 can be derived without the cut rule. Proof. By Theorem 212, LPG− Γ ⇒ ∆ iff LPG 0 Γ ⇒ ∆. 0
Cut-elimination in the intuitionistic version of LP was established by a syntactical method in [Artemov, 1998; Artemov, 2002]. An idea of a semantical proof of cut-elimination for the whole LP was presented in [Artemov, 2001], a detailed proof was given in [Renne, 2004].
PROVABILITY LOGIC
333
Decidability of LP follows from the results of [Mkrtychev, 1997]. This fact can also be easily obtained from the cut-elimination property of LP. COROLLARY 224 (Non-emptiness of provability semantics for LP). For any constant specification CS there exists a CS-interpretation ∗. Proof. An easy inspection of the rules in LPG 0 shows that the sequent CS ⇒ G G− c:A ⇒ , is not derivable in LPG− 0 , thus, LP0 CS ⇒ . Indeed, if LP0 then c : A is introduced by the rule (: ⇒ ) from a previously derived sequent A ⇒ . This is impossible, since A is an axiom of LP P0 , thus, LPG 0 ⇒ A: G G should LP0 A ⇒ , we would have LP0 ⇒ , which is impossible, e.g. ⇒ . because LPG− 0 G From LPG 0 CS ⇒ it follows that LP0 ⇒ ¬CS. By Theorem 212, there exists an interpretation ∗ such that (¬CS) S ∗ is false, i.e. CS ∗ is true. COROLLARY 225 (Arithmetical completeness of S4). S4 F
⇔ F r is (provably) valid for some realization r.
DEFINITION 226. A propositional formula F is proof realizable if (t(F ))r is valid under some realization r. THEOREM 227 (Provability completeness of IPC). For any formula F IPC F
⇔ F is proof realizable.
Proof. A straightforward combination of G¨ o¨del-McKinsey-Tarksi reduction of IPC to S4: IPC F ⇔ S4 t(F ) ([G¨ o¨del, 1933; McKinsey and Tarski, 1948], cf. also [Chagrov and Zakharyaschev, 1997] Section 3.9, [Troelstra and Schwichtenberg, 1996] Sections 10.2 and 10.6), and the arithmetical completeness of S4, (Corollary 225). Theorem 227 provides an exact specification of IPC by means of classical notion of proof consistent with BHK semantics. Why, despite a steady interest in the subject, did the problem of finding the intended provability semantics for intuitionistic and modal logic S4 evade the solution for so long? Here are some challenges that were to be met. 1. The search for the right provability format for modal logic S4 proved long and difficult. G¨ o¨del’s work of 1938 where he suggested such a format was not published until the actual solution to the problem, so it did not help the process. Solving the problem in a purely modal language could not be achieved, as was noticed in [Montague, 1963].
334
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
2. The technical part turned out not to be easy either. Many approaches coming from the related areas, such as λ-calculus or combinatory logic, had to be reconsidered. Turning from quantifiers over proofs to functions representing proofs “´ a´ la Skolem” gives rise to the phenomenon of selfreferentiality. A question had to be answered, how to handle expressions of type t : F (t), where a proof term t may occur in the very formula it proves. The necessary experience in dealing with self-referentiality in a similar context was gathered during more than 20 years of research in provability logic, where modality 2F was interpreted as Prov(F ) (cf. the first part of this article). 12
MODELS FOR THE LOGIC OF PROOFS
The logic of proofs LP is complete with respect to the natural provability semantics. Still, having a family of convenient artificial models for LP could be very important for a successful study of LP and its applications. The first artificial models for LP were introduced in [Mkrtychev, 1997]. Let us fix a constant specification CS = {c1 : A1 , c2 : A2 , . . . }, where each ci is a proof constant and each Ai is an axiom of LP. A Mkrtychev model (M model; in [Mkrtychev, 1997] these structures are called pre-models) for LP, corresponding to the constant specification CS, is a pair of mappings (∗, ). Here a witness function ∗ maps every proof polynomial t into a set ∗(t) of formulas, which admit t as an “acceptable witness.” , in turn, is a truth assignment on formulas. The witness function is consistent with the constant specification CS, i.e. if c : A ∈ CS then A ∈ ∗(c). In addition, ∗ is consistent with the operations of LP, i.e. if (F → G) ∈ ∗(s) and F ∈ ∗(t) then G ∈ ∗(s · t) if F ∈ ∗(t) then t : F ∈ ∗(! t) ∗(s) ∪ ∗(t) ⊆ ∗(s + t) The truth assignment is defined by an (arbitrarily) assignment of truth values to propositional letters; it is then inductively distributed over all LP-formulas according to the usual laws for Boolean connectives and the following condition for modalized formulas: t:F
⇔ F ∈ ∗(t) and F
In other words, “t : F is true” means that “t is an acceptable witness for F and that F is true”. In principle for any given M -model, it is possible to construct another model equivalent to M by restricting the witness function ∗ in a certain way so that the truth value of formulas t : F would depend solely upon the witness function: t:F
⇔ F ∈ ∗(t)
PROVABILITY LOGIC
335
In [Mkrtychev, 1997], soundness and completeness of LP with respect to M -models established. This result was obtained via the classical method of maximal consistent sets of formulas. M -models proved to be a convenient tool for studying the logic of proofs. For instance, they helped to establish in [Mkrtychev, 1997] the decidability of LP. [Kuznets, 2000] obtained an upper bound Σp2 on the satisfiability problem for LP-formulas in M -models. This bound was lower than the known upper bound PSpace on the satisfiability problem in S4. One of the possible explanations, why LP wins in complexity over closely related to it S4, is that the satisfiability test for LP is somewhat similar to the type checking, i.e. checking the correctness of assigning types (formulas) to terms (proofs), which is known to be relatively easy in classical cases. M -models were further explored in N. Krupski’s paper [Krupski (jr.), 2003], where he constructs the minimal model of LP, which completely describes derivability in LP of “modalized” formulas (i.e. formulas of type t : F ), namely t : F ⇔ LP t : F This yielded a better upper bound (NP) for the “modalized” fragment of the logic of proofs [Krupski (jr.), 2003]. The minimal model is also used in [Krupski (jr.), 2003] to answer a well-known question about the disjunctive property of the logic of proofs: LP s : F ∨ t : G
⇔
LP s : F or LP t : G
M. Fitting in [Fitting, 2003a; Fitting, 2003b] gave a description of the canonical model for LP as a Kripke style model and established the fundamental fully explanatory property of the model: if F is true in all the worlds reachable from Γ, then t : F must be true in Γ for some polynomial t. Fitting gives an application of the canonical model by providing an alternative “semantical” proof for the realizability theorem of S4 in LP, whereby clarifying the role of operation “+” in this realization. In [Fitting, 2003b; Fitting, 2005] a general definition of Kripke-style models for LP was also developed. A frame is a structure (G, R), where G is a non-empty set of states or possible worlds, and R is a binary relation on G, called accessibility. Given a frame (G, R), a possible evidence function E is a mapping from states and proof polynomials to sets of formulas. We can read X ∈ E(Γ, t) as “X is one of the formulas that t serves as possible evidence for in state Γ.” An evidence function must obey conditions that respect the intended meanings of the operations on proof polynomials. Except for monotonicity, the following have their origins in [Mkrtychev, 1997]. DEFINITION 228. E is an evidence function on (G, R) if, for all proof polynomials s and t, for all formulas X and Y , and for all Γ, ∆ ∈ G: 1. Application X → Y ∈ E(Γ, s) and X ∈ E(Γ, t) implies Y ∈ E(Γ, s · t).
336
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
2. Monotonicity ΓR∆ implies E(Γ, t) ⊆ E(∆, t). 3. Proof Checker X ∈ E(Γ, t) implies t : X ∈ E(Γ, !t). 4. Sum E(Γ, s) ∪ E(Γ, t) ⊆ E(Γ, s + t). As usual in Kripke semantics, truth of atomic formulas at possible worlds is specified arbitrarily. A structure M = (G, R, E, V) is a weak LP-model provided (G, R) is a frame with R reflexive and transitive, E is an evidence function on (G, R), and V is a mapping from propositional variables to subsets of G. Given a weak model M = (G, R, E, V), a forcing relation is defined by the following rules. For each Γ ∈ G: 1. Γ S for a propositional variable S provided Γ ∈ V(S). 2. Γ ⊥ never holds—written Γ ⊥. 3. Γ X → Y if and only if Γ X or Γ Y . 4. Γ t : X if and only if X ∈ E(Γ, t) and, for every ∆ ∈ G with ΓR∆, ∆ X. We say X is true at world Γ if Γ X, and otherwise X is false at Γ. A weak LP-model M is Fully Explanatory provided that, whenever ∆ X for every ∆ ∈ G such that ΓR∆, then for some proof polynomial t we have Γ t : X. If M is a weak LP-model, and if the Fully Explanatory condition is also met, then M is a strong LP-model. The following completeness theorems have been established in [Fitting, 2003b; Fitting, 2005]. THEOREM 229. LP is complete with respect to weak LP-models and with respect to strong LP-models. As it was noted by V. Krupski, LP is complete with respect to the class of Mkrtychev models with the fully explanatory property. Thus, completeness of LP with respect to strong Fitting models is reached on one-element models (i.e. on Mkrtychev models which are fully explanatory). The power of Fitting models became apparent in epistemic logics containing both proof polynomials and the usual S4-modality, since the accessibility relation does not degenerate in these logics (cf. Section 13). A tableau system for the logic of proofs was developed in [Renne, 2004]. B. Renne also established a completeness theorem with respect to M -models and cut-elimination in the entirely of LP, though cut-elimination in LP with empty constant specifications was shown in [Artemov, 2001]. The interpolation property of the Logics of Proofs was studied by Tatiana Sidon (who later became Tatiana Yavorskaya) in [Sidon, 1998]. The standard formulation of the Craig interpolation property for given logic I
PROVABILITY LOGIC
337
is that, if I A → B, then there exists a formula C (an interpolant of A and B) in the intersection of languages of formulas A and B such that I A → C and I C → B. For LP, one can consider two types of interpolation: a weak interpolation, where only propositional variables of C need be common to A and B, and a strong interpolation, where both propositional and proof variables of C have to be common to A and B. As was shown in [Sidon, 1998], the fragment of LP without functional symbols (also known as P or BLP) enjoys the strong interpolation property. Derivations in LP with an empty constant specification enjoy the weak (but not the strong) interpolation property. If CS is not empty, then even the weak interpolation property in LP(CS) may be violated. 13
FROM LOGICS OF PROOFS AND PROVABILITY TO EPISTEMIC LOGIC WITH JUSTIFICATIONS
The results of this subsection were taken from [Artemov and Nogina, 2004], unless stated otherwise. We describe a joint logic LPGL of provability and proofs, which is the arithmetically complete closure of the logic of provability GL and the logic of proofs LP. LPGL is a refinement of an earlier system LPP from [Sidon, 1997; Yavorskaya (Sidon), 2002]. We then describe systems LPS4 and LPS4− , which may be regarded as basic epistemic logics with justifications. DEFINITION 230. Proof polynomials for LPGL are the same as for the logic of proofs LP (cf. Definition 190). Note, that there are more axioms and hence more choices to specify proof constants in LPGL, which makes LPGL-polynomials more expressive than the standard LP-polynomials. DEFINITION 231. Using t to stand for any proof polynomial and S for any sentence variable, the formulas are defined by the grammar A = S | A1 → A2 | A1 ∧ A2 | A1 ∨ A2 | ¬A | 2A | t : A. We assume also that “t : ”, “2” and “¬” bind stronger than “∧, ∨”, which bind stronger than “→”. The logic of proofs and provability LPGL has axioms and rules as follows. I. Classical propositional logic A standard set of classical propositional axioms; R1. Modus Ponens. II. Provability Logic GL GL1. 2(F → G) → (2F → 2G); GL2. 2F → 22F ;
338
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
GL3. 2(2F → F ) → 2F ; R2. F ⇒ 2F ; R3. 2F ⇒ F (reflexivity rule). III. Logic of Proofs LP LP1. s : (F → G) → (t : F → (s·t) : G); LP2. t : F → !t : (t : F ); LP3. s : F → (s+t) : F , t : F → (s+t) : F ; LP4. t : F → F ; R4. c : A, where A is an axiom and c is a proof constant. IV. New principles connecting explicit and formal provability C1. t : F → 2F (explicit-implicit connection); C2. ¬(t : F ) → 2¬(t : F ) (negative introspection); C3. t : 2F → F (weak reflexivity). As in Subsection 11.1, a constant specification CS is a finite set {c1 : A1 , . . . , cn : An } of formulas, where each Ai is an axiom from I-IV and each ci is a proof constant. By LPGL(CS) we mean a subsystem of LPGL where R4 is restricted to producing formulas from a given CS only. In particular, LPGL(∅) is a subsystem of LPGL without R4. The reflexivity rule R3 is usually omitted in the standard formulation of GL, since it is an admissible rule of the latter (cf. [Boolos, 1979b; Boolos, 1993]). The same holds here: the rule R3 is derivable from the rest of LPGL (below). However, we need R3 as a postulated rule of the system to guarantee a good behavior of LPGL(CS)’s. Another curious feature is the fact that the axiom C3 is derivable from the rest of LPGL(∅). LEMMA 232. LPGL(∅) t : 2F → F . Proof. 1. ¬2F → ¬t : 2F (contrapositive of LP4); 2. ¬t : 2F → 2(¬t : 2F ) axiom C2; 3. 2(¬t : 2F ) → 2(t : 2F → F ), by reasoning in GL; 4. ¬2F → 2(t : 2F → F ), from 1, 2 and 3; 5. 2F → 2(t : 2F → F ), by reasoning in GL; 6. 2(t : 2F → F ), from 4 and 5, by propositional reasoning; 7. t : 2F → F , by R3.
However, proof constants corresponding to C3 are needed to guarantee the internalization property of LPGL. There are other innocent redundancies in the above formulation of LPGL, for example, GL2 is derivable from the rest of the system (cf. [Boolos, 1979b]). LEMMA 233. The following are provable in LPGL(∅) (hence in LPGL and in LPGL(CS) for any constant specification CS).
PROVABILITY LOGIC
1. 2.
x : F → 2x : F 2x : F ∨ 2¬x : F
339
(positive introspection) (decidability of proof assertions)
Proof. 1.
x : F → !x : x : F , !x : x : F → 2x : F , x : F → 2x : F ,
2.
x : F → 2x : F , ¬(x : F ) → 2¬(x : F ), 2x : F ∨ 2¬x : F ,
by LP2; by C1; by propositional logic . by the previous item of this lemma; by C2; by propositional logic.
LEMMA 234. LPGL(CS) F
⇔ LPGL(∅)
CS → F .
Proof. Similar to Lemma 2.1 from [Yavorskaya (Sidon), 2002], by induction on a derivation of F in LPGL(CS). The only nontrivial cases are the rules of necessitation and reflection. If F is obtained by the necessitation rule, i.e. F is 2G and LPGL(CS) G, then, by the induction hypothesis, LPGL(∅) CS → G. By GL reasoning, LPGL(∅) 2 CS → 2G. By positive introspection (Lemma 233.1) and some trivial GL reasoning, LPGL(∅)
CS → 2 CS,
hence, LPGL(∅) CS → F. If F is obtained by the reflection rule, then LPGL(CS) 2F and, by the induction hypothesis, LPGL(∅) CS → 2F , hence LPGL(∅) ¬ CS ∨ 2F . By the negative introspection (axiom C2) and some GL reasoning, LPGL(∅) ¬ CS → 2¬ CS. Therefore, LPGL(∅) 2¬ CS ∨ 2F and LPGL(∅) 2(¬ CS ∨ F ). By the reflection rule, LPGL(∅) ¬ CS ∨ F , hence, LPGL(∅) CS → F . Note, that both positive and negative introspection are needed to reduce the whole of LPGL to its fragment with unspecified constants LPGL(∅). LEMMA 235. For any formula F there are proof polynomials upF (x) and
downF (x) such that LPGL proves
1. 2.
x : F → upF (x) : 2F ; x : 2F → downF (x) : F .
Proof.
340
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
x : F → 2F , a : (x : F → 2F ), !x : x : F → (a·!x) : 2F , x : F → !x : x : F , x : F → (a·!x) : 2F , It suffices now to put upF (x) 1.
by C1; specifying constant a, by R4; by LP1 and propositional logic; by LP2; by propositional logic . equal to a·!x such that a : (x : F → 2F ).
x : 2F → F , by C3; b : (x : 2F → F ), specifying constant b, by R4; !x : x : 2F → (b·!x) : F , by LP1 and propositional logic; x : 2F → !x : x : 2F , by LP2; x : 2F → (b·!x) : F , by propositional logic . It suffices now to put downF (x) equal to b·!x such that b : (x : 2F → F ) 2.
PROPOSITION 236 (Constructive necessitation in LPGL). If LPGL F then LPGL p : F for some proof polynomial p. Proof. Induction on a derivation of F . The only interesting cases are rules R2 and R3. If F is obtained by R2, then F = 2G and G. By the induction hypothesis, t : G for some proof polynomial t. Use lemma 235.1 to conclude that upG (t) : 2G and put p = upG (t). If F is obtained by R3, then 2F . By the induction hypothesis, t : 2F for some proof polynomial t. Use lemma 235.2 to conclude that downF (t) : F and put p = downF (t). Note that the presented derivation of p : F does not use R2. An easy modification of the above argument shows that LPGL enjoys the internalization property. COROLLARY 237. The necessitation rule R2 is derivable from the rest of LPGL. Indeed, if F then, by proposition 236, p : F for some proof polynomial p. By C1, 2F . Note that R2 is not redundant in LPGL(CS) for any specific CS. Indeed, to emulate R2 one needs to apply constructive necessitation to the unbounded set of theorems, which requires an unbounded set of constant specifications.
13.1 Kripke models for LPGL DEFINITION 238. An LPGL-model is a triple (K, ≺, ) where (K, ≺) is a finite irreflexive tree with a unique root node, is a forcing relation between nodes of K and LPGL-formulas satisfying the following forcing conditions: 1. usual modal conditions for 2, i.e. respects boolean connectives at each node, a 2F iff b F , for all b % a;
PROVABILITY LOGIC
341
2. stability for every formula t : F either all nodes of K force t : F or all nodes of K force ¬t : F ; 3. LP1-LP4 hold at each node. A formula F holds in a model M if F is forced at each node of M . The root node of a model is called root. Put S(F ) = {2G → G | 2G is a subformula of F }. We call a model F -sound, if root S(F ). Similar conditions on a Kripke model could be found in [Artemov, 1994; Yavorskaya (Sidon), 2002]. Moreover, each LPP-model is also a LPGL-model. A model M is a CS-model, for a given constant specification CS = {c1 : A1 , c2 : A2 . . . cn : An }, if M is X-sound and X holds in M for each X = ci : Ai from this CS. A formula F is CS-valid if it holds in each F -sound CS -model. THEOREM 239 (Completeness). LPGL(CS) F iff F is CS-valid.
13.2
Provability semantics for LPGL
The provability semantics for LPGL in Peano Arithmetic PA is the natural blend of those for the provability logic GL and the logic of proofs LP. DEFINITION 240. Let ∗ be an interpretation from Definition 204. We define an arithmetical translation of proof terms and LPGL-formulas by induction as in Definition 204 with one extra clause: (2F )∗ = ∃xPrf(x, F ∗ ). THEOREM 241 (Arithmetical completeness). For any given constant specification CS, LPGL(CS) F iff PA F ∗ for all CS-interpretations ∗.
13.3
Basic logics of knowledge with justifications
As we have already mentioned in Introduction, there is a well developed approach due to [Kuznetsov and Muravitsky, 1977; Goldblatt, 1978; Boolos, 1979b] of emulating S4 in GL via strong provability modality F = F ∧ 2F . This translation could be applied to derive basic epistemic logics with justifications, LPS4 and LPS4− , from LPGL. DEFINITION 242. Polynomials and formulas in LPS4 and LPS4− are the same as in LPGL. The system LPS4 has the following axioms and rules I. Classical propositional logic. II. Basic Epistemic Logic S4 (as in Introduction). III. Logic of Proofs LP (as in LPGL).
342
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
IV. Principle connecting explicit and implicit knowledge C1. t : F → 2F . LPS4 contains both LP and S4, enjoys the deduction theorem, analogues of the lifting lemma, internalization, constructive necessitation. The principle of weak reflexivity t : 2F → F is derivable in LPS4, explicit reflexivity t : F → F is redundant but we keep it listed for convenience. DEFINITION 243. LPS4− = LPS4 together with the negative introspection C2. ¬(t : F ) → 2¬(t : F ). For an alternative formulation of LPS4− one could replace C1 and C2 by one principle of decidability of evidences. As usual, by LPS4(CS) and LPS4− (CS) we understand the corresponding systems where specifications of constants are taken from a given set CS.
13.4
Models for LPS4 and LPS4−
The logics of proofs and provability gave us a clear idea how to build Kripke models for LPS4 and LPS4− . We will consider here the case of LPS4− . DEFINITION 244. An LPS4− -model is a triple (K, #, ) where (K, #) is a connected S4-frame (transitive and reflexive), is a forcing relation between nodes of K and LPS4− -formulas satisfying the forcing conditions. 1. usual modal conditions for 2, i.e. respects boolean connectives at each node, a 2F iff b F for all b , a; 2. stability of explicit knowledge every formula t : F either holds at all nodes of K or does not hold at all nodes of K; 3. LP1-LP4 hold at each node. A formula F holds in a model M if F holds at each node of M . M is an CS -model, for a given constant specification CS = {c1 : A1 , c2 : A2 . . . cn : An } if all ci : Ai ∈CS hold in M . A formula F is CS-valid if it holds in each CS -model. From this definition it follows that whereas x 2F is understood in the conventional manner as F holds in all worlds accessible from a given x, an assertion x t : F says that F holds in all worlds of the model. THEOREM 245 (Completeness). LPS4− (CS) F iff A is CS-valid. It follows from the proof of the above theorem that LPS4− (CS) is decidable for each constant specification CS. The logic LPS4 is, perhaps, the minimal epistemic logic with justifications when no specific assumptions were made concerning the character of the explicit knowledge operators. As a formal system LPS4 behaves normally: it
PROVABILITY LOGIC
343
is closed under substitutions, enjoys the deduction theorem, internalization, has Kripke-style models, is sound with respect to the arithmetical semantics of the strong provability. Furthermore, LPS4 has some interesting features not present in LPS4. In particular, LPS4 enjoyed the Fitting semantics (Definition 228) with the standard understanding of x 2F [Artemov and Nogina, 2004]. Furthermore, [Fitting, 2004] established the completeness of LPS4 with respect to weak LP-models, Definition 228. THEOREM 246. LPS4 is complete with respect to weak LP-models. [Fitting, 2004] also built a natural cut-free tableaux system for LPS4.
13.5
Arithmetical semantics for LPS4 and LPS4−
Arithmetical semantics for LPS4 and LPS4− is provided by the strong provability operator defined in the provability logic as F := F ∧ 2F . DEFINITION 247. Define a translation + of LPS4 formulas into the language of LPGL: S + = S, (A → B)+ = (A → B), (¬A)+ = ¬A, (t : A)+ = t : A, (2A)+ = A ∧ 2A. LEMMA 248. If LPS4, LPS4− F , then LPGL F + . An arithmetical provability semantics of LPS4 and LPS4− is inherited from the one of LPGL: in Definition 240 the item corresponding to the modality should be altered to the strong provability reading: (2F )∗ = F ∗ ∧ ∃xPrf(x, F ∗ ). THEOREM 249 (Arithmetical soundness of LPS4 and LPS4− ). If LPS4, LPS4− F , then PA F ∗ for any arithmetical interpretation ∗. An arithmetically complete system LPS4Grz− of the strong provability with proofs can be axiomatized by adding to LPS4− the modal axiom by Grzegorczyk 2(2(F → 2F ) → F ) → F . Kripke models for LPS4Grz− are the special sort of LPS4− -models when the frame is a reflexive partial order. 14 THE LOGIC OF SINGLE-CONCLUSION PROOFS By definition, each single-conclusion proof, also known as functional proof, f proves a unique formula. As it was noticed earlier, the modality of provability corresponds to multi-conclusion proofs, whereas single-conclusion proofs lead to modal identities inconsistent with any normal modal logic. In the functional logic of proofs, a formula t : F still has the meaning “t is a proof of formula F ,” but the class of its possible interpretations is limited to functional proof systems only. The mathematical problem here was to give a full axiomatization of all resulting tautologies in the language of LP (without the operation “+” that is inconsistent with functional proofs).
344
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
The first step in finding such a complete system was to give a propositional description of the functionality property of proofs, which states that if p : F ∧p : G then F and G must coincide syntactically. The adequate description of this property was found in [Artemov and Strassen, 1992b] using a so-called conditional unification. It was then generalized in [Krupski, 1997; Krupski, 2002] to the full language of the logic of proofs. Each formula C of type t1 : F1 ∧ . . . ∧ tn : Fn generates a set of quasiequations of type SC :={ ti = tj ⇒ Fi = Fj | 1 ≤ i, j ≤ n }. A unifier σ of a system SC is a substitution σ such that either ti σ ≡ tj σ or Fi σ ≡ Fj σ holds for any i, j. Here and below “X ≡ Y ” denotes the syntactic equality of X and Y . DEFINITION 250. (Conditional unification.) A = B (mod S) means that for each unifier σ of system S the property Aσ ≡ Bσ holds. LEMMA 251 (Decidability of conditional unification). A = B (mod S) is a decidable relation over A, B, S. DEFINITION 252. (Unification axiom). t1 : F1 ∧ . . . ∧ tn : Fn → (A ↔ B), for each condition C of type t1 : F1 ∧ . . . ∧ tn : Fn and each A, B such that A = B (mod SC ). Logic FLP of functional proofs was introduced in [Krupski, 1997]. The language of FLP is the language of LP without the operation “+” and without proof constants. The axioms and rules of FLP are Axiom schemes: A0. Finite set of axiom schemes of classical propositional logic; A1. t : F → F ; A2. t : (F → G) → (s : F → (t·s) : G); A3. t : F → !t : (t : F ); A4. Unification axiom. Rule of inference: R1. modus ponens. The following result was obtained in [Krupski, 1997; Krupski, 2002]. THEOREM 253. FLP is decidable, sound, and complete with respect to the arithmetical provability interpretation based on single-conclusion proof predicates. The logic of functional proofs was further developed in [Krupski, 2005], where a logic of proofs with references FLPref was introduced. System FLPref extends FLP with second-order variables which denote the operation of reconstructing an object from its reference, e.g., determining a formula proven by a given derivation. FLPref may also be viewed as a natural formal system for admissible propositional rules in arithmetic.
PROVABILITY LOGIC
345
15 REFLECTION IN TYPED λ-CALCULUS AND COMBINATORY LOGIC The logic of proofs naturally bridges two domains: the epistemic one, represented by modal logic and the computational one, represented by typed λ-calculi and combinatory logic. LP may be considered both as a realized modal logic S4 and as a typed combinatory logic with added expressive power. There is a natural analogy with the Curry–Howard isomorphism which states the identity of intuitionistic proofs and typed λ-terms understood as computational programs. I this section we will discuss what kind of new principles in λ-calculi and combinatory logic are prompted by this new development in the logic of proofs. The original formulation of the logic of proofs LP was close to the typed combinatory logic format (cf. commentary in section 11) rather than in a more common format of λ-calculus. LP can emulate the λ-abstraction operator, e.g. in Curry-style as is standard in combinatory logic CL → (see, for example, [Troelstra and Schwichtenberg, 1996, p. 17]). LP has many features not typical of λ-calculi, such as polymorphism, self-referentiality, capability to internalize its own derivations, etc. Polymorphism is not compatible with normalization property, and we have to give it up along with self-referentiality, which cannot be formulated in a language where each term has its own fixed type. On the other hand, the internalization property has had a prototype in λ-calculi, namely, the Curry-Howard isomorphism stated in form: if A1 , . . . , An B in intuitionistic logic, then x1 : A1 , . . . , xn : An t(x1 , . . . , xn ) : B in λ-calculus for some λ-term t. In [Alt and Artemov, 2001], some version λ∞ of a reflexive λ-calculus was suggested that has an unrestricted internalization property. λ∞ has the implicative intuitionistic (minimal) logic as a type system, a role of atoms is played by both usual propositional variables (atomic types) and statements of form t : F , where t is a term and F is a type. The “term:type” correspondence is a rigid typing “´ a´ la Church”, i.e. each term has a unique type. λ∞ has several countable series of term-building operations. Admissibility of the internalization rule for λ∞ is proven as a metatheorem. The existence and the uniqueness of normal forms in λ∞ all appear to be connected with the depth of type preservation during reductions, which is a new phenomenon compared to ordinary λ-calculus. This theory is currently under development.
15.1
Reflexive Combinatory Logic
Systems of combinatory logic are usually more compact than their corresponding λ-calculi. Reflexive combinatory logic RCL introduced in [Artemov, 2004] is no exception. RCL has the implicative intuitionistic (minimal) logic as a type system, a rigid typing. Reflexive combinatory terms are built
346
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
from variables, “old” combinators k and s, and new combinators d, o, and c. The principles of RCL are A1. t : A → A; A2. k : (A → (B → A)); A3. s : [(A → (B → C)) → ((A → B) → (A → C))]; A4. d : (t : A → A); A5. o : [u : (A → B) → (v : A → (u · v) : B)]; A6. c : (t : A → !t : t : A); Modus Ponens rule. RCL has a natural provability semantics inherited from LP. Combinatory terms stand for proofs in PA or in intuitionistic arithmetic HA. Formulas t : F are interpreted as arithmetical statements about provability, Proof(t, F ), combinators k, s, d, o, and c denote terms corresponding to proofs of arithmetical translations of axioms A2–A6. RCL evidently contains implicative intuitionistic logic, ordinary combinatory logic CL→ and is closed under the combinatory application rule u : (A → B) v : A . (u·v) : B The next theorem was established in [Artemov, 2004]. THEOREM 254. RCL enjoys the internalization property: if A1 , . . . , An B, then for any set of fresh variables x1 , . . . , xn of respective types it is possible to construct a term t(x1 , . . . , xn ) such that x1 : A1 , . . . , xn : An t(x1 , . . . , xn ) : B . One of the goals of RCL was to introduce a more expressive system of types and terms intended for programming language applications. Thus, it is interesting to consider the following natural (though informal) computational semantics for combinators of RCL. This semantics is based on the standard set-theoretic semantics of types, i.e. a type is a set and the implication type U → V is a set of functions from U to V . Some elements of a given type may be constructive objects which have names, i.e. computational programs. Terms of RCL are names of constructive objects, which are either specific (e.g. combinators k, s, d, o, or c) or variable. The type t : F is interpreted as a set, consisting of the object corresponding to term t. Basic combinators of RCL are understood as follows: Combinators k and s are borrowed from the combinatory logic CL → along with their standard functional semantics. For example, k maps an element x ∈ A into the constant function λy.x with y ranging over B. The denotate combinator d : [t : F → F ] realizes the fundamental denotate function which maps a name (program) into the object with the given name. A primary example is the correspondence between indexes of computable functions and functions themselves.
PROVABILITY LOGIC
347
The interpreter combinator o : [u : (F → G) → (v : F → (u·v) : G)] realizes the interpreter program which maps program u and input v into the result of applying u to v. The coding combinator c : [t : F → !t : (t : F )] maps program t into its code !t (alias, specific key in a database, etc.). 16
NEW APPROACH TO THE FOUNDATIONS OF VERIFICATION
In the following example the provable principle of explicit reflection t : F → F from LP is applied to the verification theory. This example shows how the main idea of the logic of proofs, i.e., replacing quantifiers over proofs by explicit functions that realize actual proofs, may result in a more adequate mathematical model. A metatheory for formal (possibly computerized) proof-checking systems, called here verification systems, was developed by Davis and Schwartz in [Davis and Schwartz, 1979]. They consider the following common scheme of building a formal verification system V . First the kernel V0 of the system is chosen so that this kernel is elementary enough to declare its consistency evident and thus postulate it; V0 is assumed to be expressive enough to be able to formalize proofs and check their correctness. The system is then extended with verified inference rules, e.g., with proven facts. Unlike what is typical in the foundations of mathematics where a theory is extended with new axioms to enhance the theory, here the extension of V is aimed at increasing effectiveness of the deductive apparatus of V , thereby maintaining the metamathematical power of V at the same level as that of V0 if possible. The inference rule Γ/F is considered to be verified in V , if V 2Γ → 2F , where 2Γ, 2F are formal statements about provability in V of all formulas from Γ and of F , respectively. Adding the rule Γ/F to V yields V = V + Γ/F . An extension V of the system V is called stable, if V is conservative over V . The main metamathematical question concerning this extension scheme is the following: is the theory V always capable of proving its own stability? In [Davis and Schwartz, 1979], this question was answered negatively. The reason can be explained by the following argument. Suppose one wishes to prove that V F implies V F by an induction on the derivation in V . The essential case of the induction step corresponds to the transition from V Γ to V F for an arbitrary instance of the inference rule under consideration, Γ/F . Internalization of V Γ yields V 2Γ; evidently, this step may be formalized in V . Using the fact that V 2Γ → 2F one gets V 2F , whence it follows that V F . The last transition, from V 2F to V F , cannot (in general) be justified by means
348
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
of V because reflection 2A → A is not provable in V (L¨ o¨b’s theorem). The conclusion in [Davis and Schwartz, 1979] is that the considered process of building verification systems cannot be justified by initial assumptions of a system’s consistency. The paper [Artemov, 1999] analyzes the growth of metamathematical assumptions about a theory in a process of its extension according to the described scheme and suggests a new extension scheme free from the limitations of Davis and Schwartz’s. According to this new scheme, a verification of inference rule Γ/F is done in an explicit manner by constructing a computable term t(x) and a proof of V x : Γ → t(x) : F . The advantage is that the stability of the resulting extensions is provable inside the system itself, which allows us to get rid of additional metamathematical assumptions about the given verification system. Here is the general argument showing the provable stability of the explicit verification. As before, the aim is to show that V F implies V F . The essential step of the induction on the derivation in V is again the transition from V Γ to V F for the rule Γ/F . Internalizing a given derivation of V Γ in the form of a term s yields V s : Γ. Using the fact that V x : Γ → t(x) : F one gets V s : Γ → t(s) : F and therefore V t(s) : F . The provability of explicit reflection V t(s) : F → F leads to a conclusion that V F . An analysis of examples of implicit verification a´ la Davis-Schwartz shows that to prove “there exists a proof of Γ” implies in V that “there exists a proof of F ,” one usually first shows that V x : Γ → t(x) : F and then explicit terms x, t(x) are replaced by existential quantifiers to satisfy the format of implicit verification. Thereby a knowledge of the term t(x) was not used at all because of a lack of a theoretically justified mechanism for its utilization. Thus, in spite of the more restrictive format of explicit verification, it is reasonable to assume that in practice explicit verification is applicable if and only if implicit verification is.
ACKNOWLEDGEMENTS We are deeply grateful to all our colleagues whose scientific contributions have shaped this wonderful field. Selecting the topics and papers to be represented in this Chapter was the hardest part of the job. There are plenty of first class results left outside the scope of the article. We refer the reader to excellent monographs [Boolos, 1979b; Smory´ n ´ski, 1985; Boolos, 1993] and articles [Smory´ n ´ski, 1981; Smory´ nski, ´ 2004; de Jongh and Japaridze, 1998; Visser, 1998] which cover those results. We would like to thank A. Visser for substantial help with Section 9 on the provability logic of HA and inspiring discussions. We are indebted to T. Yavorskaya (Sidon) who made valuable suggestions concerning Section 13 on logics of proofs and provability. Special thanks to J. Joosten, V. Krupski,
PROVABILITY LOGIC
349
R. Kuznets, E. Nogina, V. Shavrukov, B. Renne for numerous constructive comments and proofreading. BIBLIOGRAPHY [Ackermann, 1940] W. Ackermann. Zur Wiederspruchsfreiheit der reinen Zahlentheorie. Math. Ann., 117:162–194, 1940. [Adamovicz and Bigorajska, 1989] Z. Adamovicz and T. Bigorajska. Functions provably total in I − Σ1 . Fundamenta mathematicae, 132:189–194, 1989. [Allen et al., 1990] S. Allen, R. Constable, D. Howe, and W. Aitken. The semantics of reflected proofs. In Proceedings of the Fifth Annual IEEE Symposium on Logic in Computer Science, pages 95–107, Los Alamitos, CA, USA, 1990. IEEE Computer Society Press. [Alt and Artemov, 2001] J. Alt and S. Artemov. Reflective λ-calculus. In Proceedings of the Dagstuhl-Seminar on Proof Theory in Computer Science, volume 2183 of Lecture Notes in Computer Science, pages 22–37. Springer, 2001. [Artemov and Beklemishev, 1993] S.N. Artemov and L.D. Beklemishev. On propositional quantifiers in provability logic. Notre Dame Journal of Formal Logic, 34:401– 419, 1993. [Artemov and Krupski, 1996] S. Artemov and V. Krupski. Data storage interpretation of labeled modal logic. Annals of Pure and Applied Logic, 78(1):57–71, 1996. [Artemov and Nogina, 2004] S. Artemov and E. Nogina. Logic of knowledge with justifications from the provability perspective. Technical Report TR-2004011, CUNY Ph.D. Program in Computer Science, 2004. [Artemov and Sidon-Yavorskaya, 2001] S. Artemov and T. Sidon-Yavorskaya. On the first order logic of proofs. Moscow Mathematical Journal, 1:475–490, 2001. [Artemov and Strassen, 1992a] S. Artemov and T. Strassen. The basic logic of proofs. In E. Borger, ¨ G. J¨ ¨ ager, H. Kleine B¨ uning, ¨ S. Martini, and M.M. Richter, editors, Computer Science Logic. 6th Workshop, CSL’92. San Miniato, Italy, September/October 1992. Selected Papers, volume 702 of Lecture Notes in Computer Science, pages 14–28. Springer, 1992. [Artemov and Strassen, 1992b] S. Artemov and T. Strassen. Functionality in the basic logic of proofs. Technical Report IAM 92-004, Department of Computer Science, University of Bern, Switzerland, 1992. [Artemov and Strassen, 1993] S. Artemov and T. Strassen. The logic of the G¨ ¨ odel proof predicate. In G. Gottlob, A. Leitsch, and D. Mundici, editors, Computational Logic and Proof Theory. Third Kurt G¨ o ¨del Colloquium, KGC’93. Brno, Chech Republic, August 1993. Proceedings, volume 713 of Lecture Notes in Computer Science, pages 71–82. Springer, 1993. [Artemov et al., 1999] S. Artemov, E. Kazakov, and D. Shapiro. Epistemic logic with justifications. Technical Report CFIS 99-12, Cornell University, 1999. [Artemov, 1979] S.N. Artemov. Extensions of arithmetic and modal logics. PhD thesis, Steklov Mathematical Insitute, Moscow, 1979. In Russian. [Artemov, 1980] S.N. Artemov. Arithmetically complete modal theories. In Semiotika i Informatika, 14, pages 115–133. VINITI, Moscow, 1980. In Russian. English translation in: Amer. Math. Soc. Transl. (2), 135: 39–54, 1987. [Artemov, 1982] S.N. Artemov. Applications of modal logic in proof theory. In Problems of Cybernetics: Nonclassical logics and their applications, pages 3–20. Nauka, Moscow, 1982. In Russian. [Artemov, 1985a] S.N. Artemov. Nonarithmeticity of truth predicate logics of provability. Doklady Akad. Nauk SSSR, 284(2):270–271, 1985. In Russian. English translation in Soviet Mathematics Doklady 33:403–405, 1985. [Artemov, 1985b] S.N. Artemov. On modal logics axiomatizing provability. Izvestiya Akad. Nauk SSSR, ser. mat., 49(6):1123–1154, 1985. In Russian. English translation in: Math. USSR Izvestiya 27(3).
350
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Artemov, 1986] S.N. Artemov. Numerically correct provability logics. Doklady Akad. Nauk SSSR, 290(6):1289–1292, 1986. In Russian. English translation in Soviet Mathematics Doklady 34:384-387, 1987. [Artemov, 1990] S. Artemov. Kolmogorov logic of problems and a provability interpretation of intuitionistic logic. In Theoretical Aspects of Reasoning about Knowledge III Proceedings, pages 257–272. Morgan Kaufman Pbl., 1990. [Artemov, 1994] S. Artemov. Logic of proofs. Annals of Pure and Applied Logic, 67(1):29–59, 1994. [Artemov, 1995] S. Artemov. Operational modal logic. Technical Report MSI 95-29, Cornell University, 1995. [Artemov, 1998] S. Artemov. Logic of proofs: a unified semantics for modality and λ-terms. Technical Report CFIS 98-06, Cornell University, 1998. [Artemov, 1999] S. Artemov. On explicit reflection in theorem proving and formal verification. In Automated Deduction - CADE-16. Proceedings of the 16th International Conference on Automated Deduction, Trento, Italy, July 1999, volume 1632 of Lecture Notes in Artificial Intelligence, pages 267–281. Springer, 1999. [Artemov, 2000] S. Artemov. Operations on proofs that can be specified by means of modal logic. In Advances in Modal Logic. Volume 2. CSLI Publications, Stanford University, 2000. [Artemov, 2001] S. Artemov. Explicit provability and constructive semantics. Bulletin of Symbolic Logic, 7(1):1–36, 2001. [Artemov, 2002] S. Artemov. Unified semantics for modality and λ-terms via proof polynomials. In K. Vermeulen and A. Copestake, editors, Algebras, Diagrams and Decisions in Language, Logic and Computation, pages 89–119. CSLI Publications, Stanford University, 2002. [Artemov, 2004] S. Artemov. Kolmogorov and G¨ ¨ odel’s approach to intuitionistic logic: current developments. Russian Mathematical Surveys, 59(2):203–229, 2004. [Avigad and Feferman, 1998] J. Avigad and S. Feferman. Godel’s ¨ functional (“Dialectica”) interpretation. In S. Buss, editor, Handbook of Proof Theory, pages 337–406. Elsevier, 1998. [Avron, 1984] A. Avron. On modal systems having arithmetical interpretations. The Journal of Symbolic Logic, 49:935–942, 1984. [Beeson, 1975] M. Beeson. The nonderivability in intuitionistic formal systems of theorems on the continuity of effective operations. The Journal of Symbolic Logic, 40:321– 346, 1975. [Beeson, 1980] M. Beeson. Foundations of Constructive Mathematics. Springer-Verlag, 1980. [Beklemishev et al., 1999] L.D. Beklemishev, M. Pentus, and N. Vereshchagin. Provability, complexity, grammars. American Mathematical Society Translations, Series 2, 192, 1999. [Beklemishev, 1989a] L.D. Beklemishev. On the classification of propositional provability logics. Izvestiya Akademii Nauk SSSR, ser. mat., 53(5):915–943, 1989. In Russian. English translation in Math.USSR Izvestiya 35 (1990) 247–275. [Beklemishev, 1989b] L.D. Beklemishev. A provability logic without Craig’s interpolation property. Matematicheskie Zametki, 45(6):12–22, 1989. In Russian. English translation in Math. Notes 45 (1989). [Beklemishev, 1991] L.D. Beklemishev. Provability logics for natural Turing progressions of arithmetical theories. Studia Logica, 50(1):107–128, 1991. [Beklemishev, 1992] L.D. Beklemishev. Independent numerations of theories and recursive progressions. Sibirskii Matematichskii Zhurnal, 33(5):22–46, 1992. In Russian. English translation in Siberian Math. Journal, 33 (1992).). [Beklemishev, 1994] L.D. Beklemishev. On bimodal logics of provability. Annals of Pure and Applied Logic, 68(2):115–160, 1994. [Beklemishev, 1996] L.D. Beklemishev. Bimodal logics for extensions of arithmetical theories. The Journal of Symbolic Logic, 61(1):91–124, 1996. [Beklemishev, 1997a] L.D. Beklemishev. Induction rules, reflection principles, and provably recursive functions. Annals of Pure and Applied Logic, 85:193–242, 1997.
PROVABILITY LOGIC
351
[Beklemishev, 1997b] L.D. Beklemishev. Notes on local reflection principles. Theoria, 63(3):139–146, 1997. [Beklemishev, 1997c] L.D. Beklemishev. Parameter free induction and reflection. In G. Gottlob, A. Leitsch, and D. Mundici, editors, Lecture Notes in Computer Science 1289. Computational Logic and Proof Theory, 5-th K.G¨ o ¨del Colloquium KGC’97, Proceedings, pages 103–113. Springer-Verlag, Berlin, 1997. [Beklemishev, 1998a] L.D. Beklemishev. A proof-theoretic analysis of collection. Archive for Mathematical Logic, 37:275–296, 1998. [Beklemishev, 1998b] L.D. Beklemishev. Reflection principles in formal arithmetic. Doctor of Sciences Dissertation, Steklov Math. Institute, Moscow. In Russian, 1998. [Beklemishev, 1999a] L.D. Beklemishev. Open least element principle and bounded query computation. In J. Flum and M. Rodrigues-Artalejo, editors, Lecture Notes in Computer Science 1683. Computer Science Logic, 13-th international workshop, CSL’99. Madrid, Spain, September 20–25, 1999. Proceedings, pages 389–404. Springer-Verlag, Berlin, 1999. [Beklemishev, 1999b] L.D. Beklemishev. Parameter free induction and provably total computable functions. Theoretical Computer Science, 224(1–2):13–33, 1999. [Beklemishev, 2001] L.D. Beklemishev. Provability algebras and proof-theoretic ordinals, I. Logic Group Preprint Series 208, University of Utrecht, 2001. http://preprints.phil.uu.nl/lgps/. [Beklemishev, 2003a] L.D. Beklemishev. Proof-theoretic analysis by iterated reflection. Archive for Mathematical Logic, 42:515–552, 2003. DOI: 10.1007/s00153-002-0158-7. [Beklemishev, 2003b] L.D. Beklemishev. The Worm principle. Logic Group Preprint Series 219, University of Utrecht, 2003. http://preprints.phil.uu.nl/lgps/. [Beklemishev, 2004] L.D. Beklemishev. Provability algebras and proof-theoretic ordinals, I. Annals of Pure and Applied Logic, 128:103–123, 2004. [Bellin, 1985] G. Bellin. A system of natural deduction for GL. Theoria, 51:89–114, 1985. [Berarducci and Verbrugge, 1993] A. Berarducci and R. Verbrugge. On the provability logic of bounded arithmetic. Annals of Pure and Applied Logic, 61:75–93, 1993. [Berarducci, 1990] A. Berarducci. The interpretability logic of Peano Arithmetic. The Journal of Symbolic Logic, 55:1059–1089, 1990. [Bernardi, 1976] C. Bernardi. The uniqueness of the fixed point in every diagonalizable algebra. Studia Logica, 35:335–343, 1976. [Boolos and McGee, 1987] G. Boolos and V. McGee. The degree of the set of sentences of predicate provability logic that are true under every interpretation. The Journal of Symbolic Logic, 52(1):165–171, 1987. [Boolos and Sambin, 1991] G. Boolos and G. Sambin. Provability: the emergence of a mathematical modality. Studia Logica, 50(1):1–23, 1991. [Boolos, 1976] G. Boolos. On deciding the truth of certain statements involving the notion of consistency. Journal of Symbolic Logic, 41:779–781, 1976. [Boolos, 1979a] G. Boolos. Reflection principles and iterated consistency assertions. The Journal of Symbolic Logic, 44:33–35, 1979. [Boolos, 1979b] G. Boolos. The Unprovability of Consistency: An Essay in Modal Logic. Cambridge University Press, Cambridge, 1979. [Boolos, 1980] G. Boolos. Omega-consistency and the diamond. Studia Logica, 39:237– 243, 1980. [Boolos, 1982] G. Boolos. Extremely undecidable sentences. The Journal of Symbolic Logic, 47:191–196, 1982. [Boolos, 1993] G. Boolos. The Logic of Provability. Cambridge University Press, Cambridge, 1993. [Brezhnev, 2000] V. Brezhnev. On explicit counterparts of modal logics. Technical Report CFIS 2000-05, Cornell University, 2000. [Brezhnev, 2001] V. Brezhnev. On the logic of proofs. In Proceedings of the Sixth ESSLLI Student Session, Helsinki, pages 35–46, 2001. http://www.helsinki.fi/esslli/. [Bull and Segerberg, 2001] R. Bull and K. Segerberg. Basic modal logic. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, 2nd ed., volume 3, pages 1–83. Kluwer, Dordrecht, 2001.
352
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Burr, 2000] W. Burr. Fragments of Heyting arithmetic. The Journal of Symbolic Logic, 65(3):1223–1240, 2000. [Buss, 1986] S. Buss. Bounded arithmetic. Bibliopolis, Napoli, 1986. [Buss, 1990] S. Buss. The modal logic of pure provability. Notre Dame Journal of Formal Logic, 31(2):225–231, 1990. [Buss, 1998] S.R. Buss. Introduction to Proof Theory. In S.R. Buss, editor, Handbook of Proof Theory, pages 1–78, Amsterdam, 1998. Elsevier, North-Holland. [Carbone and Montagna, 1989] A. Carbone and F. Montagna. Rosser orderings in bimodal logics. Zeitschrift f. math. Logik und Grundlagen d. Math., 35:343–358, 1989. [Carbone and Montagna, 1990] A. Carbone and F. Montagna. Much shorter proofs: A bimodal investigation. Zeitschrift f. math. Logik und Grundlagen d. Math., 36:47–66, 1990. [Carlson, 1986] T. Carlson. Modal logics with several operators and provability interpretations. Israel Journal of Mathematics, 54:14–24, 1986. [Chagrov and Zakharyaschev, 1997] A. Chagrov and M. Zakharyaschev. Modal Logic. Oxford Science Publications, 1997. [Chagrov et al., 2001] A.V. Chagrov, F. Wolter, and M. Zakhariashchev. Advanced modal logic. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, 2nd ed., volume 3, pages 83–266. Kluwer, Dordrecht, 2001. [Chagrov, 1985] A.V. Chagrov. On the complexity of propositional logics. In Complexity problems in Mathematical Logic, pages 80–90. Kalinin State University, Kalinin, 1985. In Russian. [Constable, 1994] Robert L. Constable. Using reflection to explain and enhance type theory. In Helmut Schwichtenberg, editor, Proof and Computation, volume 139 of NATO Advanced Study Institute, International Summer School held in Marktoberdorf, Germany, July 20-August 1, NATO Series F, pages 65–100. Springer, Berlin, 1994. [Constable, 1998] R. Constable. Types in logic, mathematics and programming. In S. Buss, editor, Handbook of Proof Theory, pages 683–786. Elsevier, 1998. [Cutland, 1980] N. Cutland. Computability. An introduction to recursive function theory. Cambridge University Press, Cambridge, etc., 1980. [Davis and Schwartz, 1979] M. Davis and J. Schwartz. Metamathematical extensibility for theorem verifiers and proof checkers. Computers and Mathematics with Applications, 5:217–230, 1979. [de Jongh and Japaridze, 1998] D. de Jongh and G. Japaridze. The Logic of Provability. In S.R. Buss, editor, Handbook of Proof Theory. Studies in Logic and the Foundations of Mathematics, Vol.137., pages 475–546. Elsevier, Amsterdam, 1998. [de Jongh and Montagna, 1989] D. de Jongh and F. Montagna. Much shorter proofs. Z. Math. Logik Grundlagen Math., 35(3):247–260, 1989. [de Jongh and Visser, 1996] D. de Jongh and A. Visser. Embeddings of Heyting algebras. In W. et al. Hodges, editor, Logic: from foundations to applications. European Logic Colloquium, Keele, UK, July 20–29, 1993, pages 187–213. Clarendon Press, Oxford, 1996. [de Jongh, 1970] D. de Jongh. The maximality of the intuitionistic predicate calculus with respect to Heyting’s Arithmetic. The Journal of Symbolic Logic, 36:606, 1970. [Dzhaparidze, 1992] G. Dzhaparidze. The logic of linear tolerance. Studia Logica, 51(2):249–277, 1992. [Dzhaparidze, 1993] G. Dzhaparidze. A generalized notion of weak interpretability and the corresponding modal logic. Annals of Pure and Applied Logic, 61(1-2):113–160, 1993. [Fagin et al., 1995] R. Fagin, J. Halpern, Y. Moses, and M. Vardi. Reasoning About Knowledge. MIT Press, 1995. [Feferman, 1960] S. Feferman. Arithmetization of metamathematics in a general setting. Fundamenta Mathematicae, 49:35–92, 1960. [Feferman, 1962] S. Feferman. Transfinite recursive progressions of axiomatic theories. The Journal of Symbolic Logic, 27:259–316, 1962.
PROVABILITY LOGIC
353
[Fitting, 2003a] M. Fitting. A semantic proof of the realizability of modal logic in the logic of proofs. Technical Report TR-2003010, CUNY Ph.D. Program in Computer Science, 2003. [Fitting, 2003b] M. Fitting. A semantics for the logic of proofs. Technical Report TR2003012, CUNY Ph.D. Program in Computer Science, 2003. [Fitting, 2004] M. Fitting. Semantics and tableaus for LPS4. Technical Report TR2004016, CUNY Ph.D. Program in Computer Science, 2004. [Fitting, 2005] M. Fitting. The logic of proofs, semantically. To appear in Annals of Pure and Applied Logic. Available on http://comet.lehman.cuny.edu/fitting., 2005. [Friedman, 1975a] H. Friedman. 102 problems in mathematical logic. The Journal of Symbolic Logic, 40:113–129, 1975. [Friedman, 1975b] H. Friedman. The disjunction property implies the numerical existence property. Proc. Nat. Acad. USA, 72:2877–2878, 1975. [Friedman, 1975c] H. Friedman. Some applications of Kleene’s methods for intuitionistic systems. In A.R.D. Mathias and H. Rogers, editors, Cambridge Summerschool in Mathematical Logic, pages 113–170. Springer-Verlag, Berlin, 1975. [Gabbay, 1996] D.M. Gabbay. Labelled Deductive Systems. Oxford University Press, 1996. [Gavrilenko, 1981] Yu.V. Gavrilenko. Recursive realizability from the intuitionistic point of view. Soviet Math. Doklady, 23:9–14, 1981. [Gentzen, 1936] G. Gentzen. Die Wiederspruchsfreiheit der reinen Zahlentheorie. Math. Ann., 112:493–565, 1936. [Gentzen, 1938] G. Gentzen. Neue Fassung des Wiederspruchsfreiheitsbeweises f¨ u ¨ r die reine Zahlentheorie. Forschungen zur Logik ung Grundlegung der exakten Wissenschaften, 4:19–44, 1938. [Ghilardi and Zawadowski, 1995] S. Ghilardi and M. Zawadowski. A sheaf representation and duality for finitely presented Heyting algebras. The Journal of Symbolic Logic, 60:911–939, 1995. [Ghilardi, 1999] S. Ghilardi. Unification in intuitionistic logic. The Journal of Symbolic Logic, 64:859–880, 1999. [Ghilardi, 2000] S. Ghilardi. Best solving modal equations. Annals of Pure and Applied Logic, 102:183–198, 2000. [Girard et al., 1989] J.-Y. Girard, Y. Lafont, and P. Taylor. Proofs and Types. Cambridge University Press, 1989. [G¨ o ¨del, 1933] K. Godel. ¨ Eine Interpretation des intuitionistischen Aussagenkalkuls. Ergebnisse Math. Kolloq., 4:39–40, 1933. English translation in: S. Feferman et al., editors, Kurt Godel ¨ Collected Works, Vol. 1, pages 301–303. Oxford University Press, Oxford, Clarendon Press, New York, 1986. [G¨ o ¨del, 1995] K. Godel. ¨ Vortrag bei Zilsel, 1938. In S. Feferman, editor, Kurt G¨del ¨ Collected Works. Volume III, I pages 86–113. Oxford University Press, 1995. [Goldblatt, 1978] R. Goldblatt. Arithmetical necessity, provability and intuitionistic logic. Theoria, 44:38–46, 1978. [Goncharov, 1997] S.S. Goncharov. Countable Boolean algebras and decidability, Siberian School of Algebra and Logic. Plenum Press, New York, 1997. Russian original: Schetnye bulevy algebry i razreshimost’. Sibirskaya Shkola Algebry i Logiki. Novosibirsk: Nauchnaya Kniga. xii, 362 p. (1996). [Goodman, 1970] N.D. Goodman. A theory of constructions is equivalent to arithmetic. In J. Myhill, A. Kino, and R.E. Vesley, editors, Intuitionism and Proof Theory, pages 101–120. North-Holland, 1970. [Goryachev, 1986] S. Goryachev. On interpretability of some extensions of arithmetic. Mat. Zametki, 40:561–572, 1986. In Russian. English translation in Math. Notes, 40. [Grigolia, 1987] R.Sh. Grigolia. Free algebras of non-classical logics. Metzniereba, Tbilissi, 1987. In Russian. [Grzegorczyk, 1953] A. Grzegorczyk. Some classes of recursive functions. In Rozprawy Matematiczne, IV. V Warszawa, 1953. [Guaspari and Solovay, 1979] D. Guaspari and R. Solovay. Rosser sentences. Annals of Math. Logic, 16:81–99, 1979.
354
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Guaspari, 1979] D. Guaspari. Partially conservative sentences and interpretability. Transactions of AMS, 254:47–68, 1979. [H´ a ´jek and Montagna, 1990] P. Hajek ´ and F. Montagna. The logic of Π1 -conservativity. Archive for Mathematical Logic, 30(2):113–123, 1990. [H´ a ´jek and Montagna, 1992] P. Hajek ´ and F. Montagna. The logic of Π1 -conservativity continued. Archive for Mathematical Logic, 32:57–63, 1992. [Hajek ´ and Pudl´ ´ ak, 1993] P. Hajek ´ and P. Pudl´ ´ ak. Metamathematics of First Order Arithmetic. Springer-Verlag, Berlin, Heidelberg, New York, 1993. [Harrison, 1995] J. Harrison. Methatheory and reflection in theorem proving: A survey and critique. Technical report, University of Cambridge, 1995. URL http://www.dcs.glasgow.ac.uk/ tfm/hol-bib.html#H. [Heyting, 1931] A. Heyting. Die intuitionistische grundlegung der mathematik. Erkenntnis, 2:106–115, 1931. [Heyting, 1934] A. Heyting. Mathematische Grundlagenforschung. Intuitionismus. Beweistheorie. Springer, Berlin, 1934. [Hilbert and Bernays, 1968] D. Hilbert and P. Bernays. Grundlagen der Mathematik, Vols. I and II, 2d ed. Springer-Verlag, Berlin, 1968. [Iemhoff, 2001a] R. Iemhoff. A modal analysis of some principles of the provability logic of Heyting arithmetic. In Advances in modal logic. Vol. 2. Selected papers from the 2nd international workshop (AiML’98), Uppsala, Sweden, October 16-18, 1998. CSLI Lecture Notes 119, pages 301–336. CSLI Publications, Stanford, 2001. [Iemhoff, 2001b] R. Iemhoff. On the admissible rules of intuitionistic propositional logic. The Journal of Symbolic Logic, 66(1):281–294, 2001. [Iemhoff, 2001c] R. Iemhoff. Provability logic and admissible rules. PhD thesis, University of Amsterdam, Amsterdam, 2001. [Ignatiev, 1991] K.N. Ignatiev. Partial conservativity and modal logics. ITLI Prepublication Series X–91–04, University of Amsterdam, 1991. [Ignatiev, 1993a] K.N. Ignatiev. On strong provability predicates and the associated modal logics. The Journal of Symbolic Logic, 58:249–290, 1993. [Ignatiev, 1993b] K.N. Ignatiev. The provability logic for Σ1 -interpolability. Annals of Pure and Applied Logic, 64:1–25, 1993. [Japaridze, 1986] G.K. Japaridze. The modal logical means of investigation of provability. Thesis in Philosophy, in Russian, Moscow, 1986. [Japaridze, 1988] G.K. Japaridze. The polymodal logic of provability. In Intensional Logics and Logical Structure of Theories: Material from the fourth Soviet–Finnish Symposium on Logic, Telavi, May 20–24, 1985, pages 16–48. Metsniereba, Tbilisi, 1988. In Russian. [Japaridze, 1994] G. Japaridze. A simple proof of arithmetical completeness for Π1 conservativity logic. Notre Dame Journal of Formal Logic, 35:346–354, 1994. [Kaye et al., 1988] R. Kaye, J. Paris, and C. Dimitracopoulos. On parameter free induction schemas. The Journal of Symbolic Logic, 53(4):1082–1097, 1988. [Kirby and Paris, 1982] L.A.S. Kirby and J.B. Paris. Accessible independence results for Peano arithmetic. Bull. London Math. Soc., 14:285–293, 1982. [Kleene, 1945] S. Kleene. On the interpretation of intuitionistic number theory. The Journal of Symbolic Logic, 10(4):109–124, 1945. [Kleene, 1952] S. Kleene. Introduction to Metamathematics. Van Norstrand, 1952. [Kolmogoroff, 1932] A. Kolmogoroff. Zur Deutung der intuitionistischen logik. Mathematische Zeitschrift, 35:58–65, 1932. In German. English translation in V.M. Tikhomirov, editor, Selected works of A.N. Kolmogorov. Volume I: Mathematics and Mechanics, pages 151–158. Kluwer, Dordrecht 1991. [Kolmogorov, 1985] A.N. Kolmogorov. About my papers on intuitionistic logic. In V.M. Tikhomirov, editor, Selected works of A.N. Kolmogorov. Volume I: Mathematics and Mechanics, page 393. Nauka, Moscow, 1985. In Russian, English translation in V.M. Tikhomirov, editor, Selected works of A.N. Kolmogorov. Volume I: Mathematics and Mechanics, pages 451–452. Kluwer, Dordrecht 1991. [Kozen and Tiuryn, 1990] D. Kozen and J. Tiuryn. Logic of programs. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science. Volume B, Formal Models and Semantics, pages 789–840. Elsevier, 1990.
PROVABILITY LOGIC
355
[Kreisel and L´ ´evy, 1968] G. Kreisel and A. L´ ´evy. Reflection principles and their use for establishing the complexity of axiomatic systems. Zeitschrift f. math. Logik und Grundlagen d. Math., 14:97–142, 1968. [Kreisel, 1952] G. Kreisel. On the interpretation of non-finitist proofs, II. The Journal of Symbolic Logic, 17:43–58, 1952. [Kreisel, 1962a] G. Kreisel. Foundations of intuitionistic logic. In E. Nagel, P. Suppes, and A. Tarski, editors, Logic, Methodology and Philosophy of Science. Proceedings of the 1960 International Congress, pages 198–210. Stanford University Press, 1962. [Kreisel, 1962b] G. Kreisel. On weak completeness of intuitionistic predicate logic. The Journal of Symbolic Logic, 27:139–158, 1962. [Kreisel, 1965] G. Kreisel. Mathematical logic. In T.L. Saaty, editor, Lectures in Modern Mathematics III, I pages 95–195. Wiley and Sons, New York, 1965. [Kripke, 1963] S. Kripke. Semantical considerations on modal logic. Acta Philosophica Fennica, 16:83–94, 1963. [Krupski, 1997] V. Krupski. Operational logic of proofs with functionality condition on proof predicate. In S. Adian and A. Nerode, editors, Logical Foundations of Computer Science’ 97, Yaroslavl’, volume 1234 of Lecture Notes in Computer Science, pages 167–177. Springer, 1997. [Krupski, 2002] V. Krupski. The single-conclusion proof logic and inference rules specification. Annals of Pure and Applied Logic, 113(1-3):181–201, 2002. [Krupski, 2005] V. Krupski. Referential logic of proofs. Theoretical Computer Science, (accepted), 2005. [Krupski (jr.), 2003] N.V. Krupski (jr.). On the complexity of the reflected logic of proofs. Technical Report TR-2003007, CUNY Ph.D. Program in Computer Science, 2003. [Kuznets, 2000] R. Kuznets. On the complexity of explicit modal logics. In Computer Science Logic 2000, volume 1862 of Lecture Notes in Computer Science, pages 371– 383. Springer-Verlag, 2000. [Kuznetsov and Muravitsky, 1976] A. Kuznetsov and A. Muravitsky. The logic of provability. In Abstracts of the 4-th All-Union Conference on Mathematical Logic, page 73, Kishinev, 1976. In Russian. [Kuznetsov and Muravitsky, 1977] A.V. Kuznetsov and A.Yu. Muravitsky. Magari algebras. In Fourteenth All-Union Algebra Conf., Abstract part 2: Rings, Algebraic Structures, pages 105–106, 1977. In Russian. [Kuznetsov and Muravitsky, 1986] A.V. Kuznetsov and A.Yu. Muravitsky. On superintuitionistic logics as fragments of proof logic. Studia Logica, XLV:76–99, 1986. [Lauchli, ¨ 1970] H. Lauchli. ¨ An abstract notion of realizability for which intuitionistic predicate logic is complete. In J. Myhill, A. Kino, and R.E. Vesley, editors, Intuitionism and Proof Theory, pages 227–234. North-Holland, 1970. [Leivant, 1981] D. Leivant. On the proof theory of the modal logic for arithmetic provability. The Journal of Symbolic Logic, 46:531–538, 1981. [Leivant, 1983] D. Leivant. The optimality of induction as an axiomatization of arithmetic. The Journal of Symbolic Logic, 48:182–184, 1983. [Lemmon, 1957] E. Lemmon. New foundations for Lewis’s modal systems. The Journal of Symbolic Logic, 22:176–186, 1957. [Lindstr¨ ¨ om, 1984] P. Lindstrom. ¨ On partially conservative sentences and interpretability. Proceedings of the AMS, 91(3):436–443, 1984. [Lindstr¨ ¨ om, 1994] P. Lindstr¨ om. The modal logic of Parikh provability. Tech. Rep. Filosofiska Meddelanden, Gr¨ ¨ ona Serien 5, Univ. G¨ ¨ oteborg, 1994. [Lindstr¨ ¨ om, 1996] P. Lindstrom. ¨ Provability logic – a short introduction. Theoria, 62(12):19–61, 1996. [Lob, ¨ 1955] M.H. Lob. ¨ Solution of a problem of Leon Henkin. The Journal of Symbolic Logic, 20:115–118, 1955. [Magari, 1975a] R. Magari. The diagonalizable algebras (the algebraization of the theories which express Theor.:II). Bollettino della Unione Matematica Italiana, Serie 4, 12, 1975. Suppl. fasc. 3, 117–125.
356
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Magari, 1975b] R. Magari. Representation and duality theory for diagonalizable algebras (the algebraization of theories which express Theor.:IV). Studia Logica, 34:305– 313, 1975. [McCarthy, 2004] J. McCarthy. Notes on self-awareness. Internet posting by URL http://www-formal.stanford.edu/jmc/selfaware/selfaware.html, April 2004. [McKinsey and Tarski, 1946] J.C.C. McKinsey and A. Tarski. On closed elements of closure algebras. Annals of Mathematics, 47:122–162, 1946. [McKinsey and Tarski, 1948] J.C.C. McKinsey and A. Tarski. Some theorems about the sentential calculi of Lewis and Heyting. The Journal of Symbolic Logic, 13:1–15, 1948. [Medvedev, 1962] Yu. Medvedev. Finite problems. Soviet Mathematics Doklady, 3:227– 230, 1962. [Meyer, 1975] A.R. Meyer. The inherent complexity of theories of ordered sets. In Proceedings of the international congress of math., Vancouver, 1974, pages 477–482. Canadian Math. Congress, 1975. [Mints, 1971] G.E. Mints. Quantifier free and one quantifier systems. Zapiski nauchnyh seminarov LOMI, I 20:115–133, 1971. In Russian. [Mints, 1974] G. Mints. Lewis’ systems and system T (a survey 1965-1973). In Feys. Modal Logic (Russian translation), pages 422–509. Nauka, Moscow, 1974. In Russian, English translation in G. Mints, Selected papers in proof theory, Bibliopolis, Napoli, 1992. [Mkrtychev, 1997] A. Mkrtychev. Models for the logic of proofs. In S. Adian and A. Nerode, editors, Logical Foundations of Computer Science’ 97, Yaroslavl’, volume 1234 of Lecture Notes in Computer Science, pages 266–275. Springer, 1997. [Montagna, 1978] F. Montagna. On the algebraization of a Feferman’s predicate (the algebraiztion of theories which express Theor; X). Studia Logica, 37:221–236, 1978. [Montagna, 1979] F. Montagna. On the diagonalizable algebra of Peano arithmetic. Bollettino della Unione Matematica Italiana, B (5), 16:795–812, 1979. [Montagna, 1980] F. Montagna. Undecidability of the first order theory of diagonalizable algebras. Studia Logica, 39:347–354, 1980. [Montagna, 1987a] F. Montagna. The predicate modal logic of provability. Notre Dame Journal of Formal Logic, 25:179–189, 1987. [Montagna, 1987b] F. Montagna. Provability in finite subtheories of PA. The Journal of Symbolic Logic, 52(2):494–511, 1987. [Montague, 1963] R. Montague. Syntactical treatments of modality with corollaries on reflection principles and finite axiomatizability. Acta Philosophica Fennica, 16:153– 168, 1963. [Moses, 1988] Y. Moses. Resource-bounded knowledge. In M. Vardi, editor, Theoretical Aspects of Reasoning about Knowledge, pages 261–276. Morgan Kaufman Pbl., 1988. [Mostowski, 1953] A. Mostowski. On models of axiomatic systems. Fundamenta Mathematicae, 39:133–158, 1953. [Myhill, 1960] J. Myhill. Some remarks on the notion of proof. Journal of Philosophy, 57:461–471, 1960. [Myhill, 1985] J. Myhill. Intensional set theory. In S. Shapiro, editor, Intensional Mathematics, pages 47–61. North-Holland, 1985. [Nogina, 1994] E. Nogina. Logic of proofs with the strong provability operator. Technical Report ILLC Prepublication Series ML-94-10, Institute for Logic, Language and Computation, University of Amsterdam, 1994. [Nogina, 1996] E. Nogina. Grzegorczyk logic with arithmetical proof operators. Fundamental and Applied Mathematics, 2(2):483–499, 1996. In Russian, URL http://mech.math.msu.su/∼fpm/eng/96/962/96206.htm. [Ono, 1987] H. Ono. Reflection principles in fragments of Peano Arithmetic. Zeitschrift f. math. Logik und Grundlagen d. Math., 33(4):317–333, 1987. [Orevkov, 1979] V.P. Orevkov. Lower bounds for lengthening of proofs after cutelimination. Zapiski Nauchn. Semin. Leningr. Otd. Mat. Inst. Steklova, 88:137–162, 1979. In Russian. English translation in: Journal of Soviet Mathematics 20, 2337-2350 (1982). [Orlov, 1928] I.E. Orlov. The calculus of compatibility of propositions. Matematicheskii Sbornik, 35:263–286, 1928. In Russian.
PROVABILITY LOGIC
357
[Parikh, 1971] R. Parikh. Existence and feasibility in arithmetic. The Journal of Symbolic Logic, 36:494–508, 1971. [Parikh, 1987] R. Parikh. Knowledge and the problem of logical omniscience. In Z. Ras and M. Zemankova, editors, ISMIS-87 (International Symposium on Methodolody for Intellectual Systems), pages 432–439. North-Holland, 1987. [Parikh, 1995] R. Parikh. Logical omniscience. In D. Leivant, editor, Logic and Computational Complexity, pages 22–29. Springer Springer Lecture Notes in Computer Science No. 960, 1995. [Parsons, 1970] C. Parsons. On a number-theoretic choice schema and its relation to induction. In A. Kino, J. Myhill, and R.E. Vessley, editors, Intuitionism and Proof Theory, pages 459–473. North Holland, Amsterdam, 1970. [Parsons, 1972] C. Parsons. On n-quantifier induction. The Journal of Symbolic Logic, 37(3):466–482, 1972. [Pitts, 1992] A. Pitts. On an interpretation of second-order quantification in first order intuitionistic propositional logic. The Journal of Symbolic Logic, 57:33–52, 1992. [Plisko, 1977] V. Plisko. The nonarithmeticity of the class of realizable predicate formulas. Soviet Mathematics Izvestia, 11:453–471, 1977. [Pohlers, 1998] W. Pohlers. Subsystems of set theory and second order number theory. In S.R. Buss, editor, Handbook of Proof Theory, pages 210–335. Elsevier, North-Holland, Amsterdam, 1998. [Pour-El and Kripke, 1967] M.B. Pour-El and S. Kripke. Deduction-preserving “recursive isomorphisms” between theories. Fundamenta Mathematicae, 61:141–163, 1967. [Rabin, 1961] M.O. Rabin. Non-standard models and independence of the induction axiom. In Essays on the Foundations of Mathematics: Dedicated to A. Fraenkel on his 70th anniversary, pages 287–299. North-Holland, Amsterdam, 1961. [Rasiowa and Sikorski, 1963] H. Rasiowa and R. Sikorski. The Mathematics of Metamathematics. Polish Scientific Publishers, 1963. [Ratajczyk, 1989] Z. Ratajczyk. Functions provably total in I − Σn . Fundamenta Mathematicae, 133:81–95, 1989. [Rathjen, 1994] M. Rathjen. Proof theory of reflection. Annals of Pure and Applied Logic, 68(2):181–224, 1994. [Rathjen, 1999] M. Rathjen. The realm of ordinal analysis. In S.B. Cooper and J.K. Truss, editors, Sets and proofs. London Math. Soc. Lect. Note Series 258, pages 219– 279. Cambridge University Press, Cambridge, 1999. [Renne, 2004] B. Renne. Tableaux for the logic of proofs. Technical Report TR-2004001, CUNY Ph.D. Program in Computer Science, 2004. [Rose, 1984] H.E. Rose. Subrecursion: Functions and Hierarchies. Clarendon Press, Oxford, 1984. [Rosser, 1936] J.B. Rosser. Extensions of some theorems of G¨ ¨ odel and Church. The Journal of Symbolic Logic, 1:87–91, 1936. [Rybakov, 1984] V.V. Rybakov. A criterion for admissibility of rules in the modal system S4 and intuitionistic logic. Algebra and Logic, 23:369–384, 1984. [Rybakov, 1989] V.V. Rybakov. On admissibility of the inference rules in the modal system G. In Yu.L. Ershov, editor, Trudy instituta matematiki, volume 12, pages 120–138. Nauka, Novosibirsk, 1989. In Russian. [Rybakov, 1997] V.V. Rybakov. Admissibility of logical inference rules. Elsevier, Amsterdam, 1997. [Ryll-Nardzewski, 1953] C. Ryll-Nardzewski. The role of the axiom of induction in elementary arithmetic. Fundamenta Mathematicae, 39:239–263, 1953. [Sambin and Valentini, 1982] G. Sambin and S. Valentini. The modal logic of provability, the sequential approach. Journal of Philosophic Logic, 11:311–342, 1982. [Sambin and Valentini, 1983] G. Sambin and S. Valentini. The modal logic of provability: cut-elimination. Journal of Philosophic Logic, 12:471–476, 1983. [Schmerl, 1979] U.R. Schmerl. A fine structure generated by reflection formulas over Primitive Recursive Arithmetic. In M. Boffa, D. van Dalen, and K. McAloon, editors, Logic Colloquium’78, pages 335–350. North Holland, Amsterdam, 1979. [Segerberg, 1971] K. Segerberg. An essay in classical modal logic. Filosofiska F¨ ¨ oreningen och Filosofiska Institutionen vid Uppsala Universitet, Uppsala, 1971.
358
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Shapiro, 1985a] S. Shapiro. Epistemic and intuitionistic arithmetic. In S. Shapiro, editor, Intensional Mathematics, pages 11–46. North-Holland, 1985. [Shapiro, 1985b] S. Shapiro. Intensional mathematics and constructive mathematics. In S. Shapiro, editor, Intensional Mathematics, pages 1–10. North-Holland, 1985. [Shavrukov, 1988] V.Yu. Shavrukov. The logic of relative interpretability over Peano arithmetic. Preprint, Steklov Mathematical Institute, Moscow, 1988. In Russian. [Shavrukov, 1991] V.Yu. Shavrukov. On Rosser’s provability predicate. Zeitschrift f. math. Logik und Grundlagen d. Math., 37:317–330, 1991. [Shavrukov, 1993a] V.Yu. Shavrukov. A note on the diagonalizable algebras of PA and ZF. Annals of Pure and Applied Logic, 61:161–173, 1993. [Shavrukov, 1993b] V.Yu. Shavrukov. Subalgebras of diagonalizable algebras of theories containing arithmetic. Dissertationes Mathematicae, 323, 1993. [Shavrukov, 1994] V.Yu. Shavrukov. A smart child of Peano’s. Notre Dame Journal of Formal Logic, 35:161–185, 1994. [Shavrukov, 1997a] V.Yu. Shavrukov. Isomorphisms of diagonalizable algebras. Theoria, 63(3):210–221, 1997. [Shavrukov, 1997b] V.Yu. Shavrukov. Undecidability in diagonalizable algebras. The Journal of Symbolic Logic, 62(1):79–116, 1997. [Sidon, 1997] T. Sidon. Provability logic with operations on proofs. In S. Adian and A. Nerode, editors, Logical Foundations of Computer Science’ 97, Yaroslavl’, volume 1234 of Lecture Notes in Computer Science, pages 342–353. Springer, 1997. [Sidon, 1998] T.L. Sidon. Craig interpolation property for operational logics of proofs. Vestnik Moskovskogo Universiteta. Ser. 1 Mat., Mech., (2):34–38, 1998. In Russian. English translation in: Moscow University Mathematics Bulletin, v.53, n.2, pp.37–41, 1999. [Simmons, 1988] H. Simmons. Large discrete parts of the E-tree. The Journal of Symbolic Logic, 53:980–984, 1988. [Smiley, 1963] T. Smiley. The logical basis of ethics. Acta Philosophica Fennica, 16:237– 246, 1963. [Smory´ n ´ ski, 1973] C. Smory´ n ´ ski. Applications of Kripke models. In A. Troelstra, editor, Metamathematical investigations of intuitionistic arithmetic and analysis. Springer Lecture Notes 344, pages 324–391. Springer, Berlin, 1973. [Smory´ n ´ ski, 1977a] C. Smory´ n ´ ski. ω-consistency and reflection. In Colloque International de Logique (Colloq. Int. CNRS), pages 167–181. CNRS Inst. B. Pascal, Paris, 1977. [Smory´ n ´ ski, 1977b] C. Smory´ n ´ ski. The incompleteness theorems. In J. Barwise, editor, Handbook of Mathematical Logic, pages 821–865. North Holland, Amsterdam, 1977. [Smory´ n ´ ski, 1978] C. Smory´ n ´ ski. Beth’s theorem and self-referential sentences. In A. Macintyre et al., editor, Logic Colloquium’77. 7 North Holland, Amsterdam, 1978. [Smory´ n ´ ski, 1981] C. Smory´ n ´ ski. Fifty years of self-reference. Notre Dame Journal of Formal Logic, 22:357–374, 1981. [Smory´ n ´ ski, 1982] C. Smory´ n ´ ski. The finite inseparability of the first order theory of diagonalizable algebras. Studia Logica, 41:347–349, 1982. [Smory´ n ´ ski, 1985] C. Smory´ n ´ ski. Self-Reference and Modal Logic. Springer-Verlag, Berlin, 1985. [Smory´ n ´ ski, 1989] C. Smorynski. ´ Arithmetical analogues of McAloon’s unique Rosser sentences. Archive for Mathematical Logic, 28:1–21, 1989. [Smory´ n ´ ski, 2004] C. Smorynski. ´ Modal logic and self-reference. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, 2nd ed., volume 11, pages 1– 53. Springer, Berlin, 2004. [Solovay, 1976] R.M. Solovay. Provability interpretations of modal logic. Israel Journal of Mathematics, 28:33–71, 1976. [Statman, 1978] R. Statman. Bounds for proof-search and speed-up in the predicate calculus. Annals of Mathematical Logic, 15:225–287, 1978. [Takeuti, 1975] G. Takeuti. Proof Theory. North-Holland, 1975. [Troelstra and Schwichtenberg, 1996] A. Troelstra and H. Schwichtenberg. Basic Proof Theory. Cambridge University Press, Amsterdam, 1996.
PROVABILITY LOGIC
359
[Troelstra and van Dalen, 1988] A. Troelstra and D. van Dalen. Constructivism in Mathematics, vols 1, 2. North–Holland, Amsterdam, 1988. [Troelstra, 1973] A. Troelstra. Metamathematical investigations of intuitionistic arithmetic and analysis. Springer Lecture Notes 344. Springer-Verlag, Berlin, 1973. [Troelstra, 1998] A.S. Troelstra. Realizability. In S. Buss, editor, Handbook of Proof Theory, pages 407–474. Elsevier, 1998. [Turing, 1939] A.M. Turing. System of logics based on ordinals. Proc. London Math. Soc., ser. 2, 45:161–228, 1939. [Uspensky and Plisko, 1985] V. Uspensky and V. Plisko. Intuitionistic Logic. Commentary on [Kolmogoroff, 1932] and [Kolmogorov, 1985]. In V.M. Tikhomirov, editor, Selected works of A.N. Kolmogorov. Volume I: Mathematics and Mechanics, pages 394–404. Nauka, Moscow, 1985. In Russian, English translation in V.M. Tikhomirov, editor, Selected works of A.N. Kolmogorov. Volume I: Mathematics and Mechanics, pages 452–466. Kluwer, Dordrecht 1991. [Uspensky, 1992] V.A. Uspensky. Kolmogorov and mathematical logic. Journal of Symbolic Logic, 57(2):385–412, 1992. [van Benthem, 1991] J. van Benthem. Reflections on epistemic logic. Logique & Analyse, 133-134:5–14, 1991. [van Benthem, 2001] J. van Benthem. Correspondence theory. In D. Gabbay and F. Guenthner, editors, Handbook of Philosophical Logic, 2nd ed., volume 3, pages 325–408. Kluwer, Dordrecht, 2001. [van Dalen, 1986] D. van Dalen. Intuitionistic logic. In D. Gabbay and F. Guenther, editors, Handbook of Philosophical Logic. Volume 3, pages 225–340. Reidel, 1986. [van Dalen, 1994] D. van Dalen. Logic and Structure. Springer-Verlag, 1994. [Vardanyan, 1986] V.A. Vardanyan. Arithmetic comlexity of predicate logics of provability and their fragments. Doklady Akad. Nauk SSSR, 288(1):11–14, 1986. In Russian. English translation in Soviet Mathematics Doklady 33:569–572, 1986. [Visser et al., 1995] A. Visser, J. van Benthem, D. de Jongh, and G. Renardel de Lavalette. NNIL, a study in intuitionistic propositional logic. In A. Ponse, M. de Rijke, and Y. Venema, editors, Modal Logic and Process Algebra, a bisimulation perspective. CSLI Lecture Notes, 53, pages 289–326. CSLI Publications, Stanford, 1995. [Visser, 1980] A. Visser. Numerations, λ-calculus and arithmetic. In J.P. Seldin and J.R. Hindley, editors, To H.B. Curry. Essays on combinatory logic, lambda-calculus and formalism, pages 259–284. Academic Press, London, 1980. [Visser, 1981] A. Visser. Aspects of Diagonalization and Provability. PhD thesis, University of Utrecht, Utrecht, The Netherlands, 1981. [Visser, 1982] A. Visser. On the completeness principle. Annals of Mathematical Logic, 22:263–295, 1982. [Visser, 1984] A. Visser. The provability logics of recursively enumerable theories extending Peano Arithmetic at arbitrary theories extending Peano Arithmetic. Journal of Philosophic Logic, 13:97–113, 1984. [Visser, 1985] A. Visser. Evaluation, provably deductive equivalence in Heyting arithmetic of substitution instances of propositional formulas. Logic Group Preprint Series 4, Department of Philosophy, University of Utrecht, 1985. [Visser, 1989] A. Visser. Peano’s smart children. A provability logical study of systems with built-in consistency. Notre Dame Journal of Formal Logic, 30:161–196, 1989. [Visser, 1990] A. Visser. Interpretability logic. In P.P. Petkov, editor, Mathematical Logic, pages 175–208. Plenum Press, New York, 1990. [Visser, 1991] A. Visser. The formalization of interpretability. Studia Logica, 50(1):81– 106, 1991. [Visser, 1992] A. Visser. An inside view of EXP. the closed fragment of the provability logic of I∆0 + Ω1 with a propositional constant for EXP. The Journal of Symbolic Logic, 57(1):131–165, 1992. [Visser, 1994] A. Visser. Propositional combinations of Σ1 -sentences in Heyting’s arithmetic. Logic Group Preprint Series 117, Department of Philosophy, University of Utrecht, 1994. [Visser, 1995] A. Visser. A course in bimodal provability logic. Annals of Pure and Applied Logic, 73:109–142, 1995.
360
SERGEI N. ARTEMOV & LEV D. BEKLEMISHEV
[Visser, 1996] A. Visser. Uniform interpolation and layered bisimulation. In P. H´ ´ ajek, editor, Lecture Notes in Logic 6. Logical foundations of Mathematics, Computer Science and Physics – Kurt G¨ o ¨del’s Legacy, G¨ odel ¨ ’96, Brno, Chech Republic, Proceedings, pages 139–164. Springer-Verlag, Berlin, 1996. [Visser, 1998] A. Visser. An overview of interpretability logic. In M. Kracht, M. de Rijke, H. Wansing, and M. Zakhariaschev, editors, Advances in Modal Logic, v.1, CSLI Lecture Notes, No. 87, 7 pages 307–359. CSLI Publications, Stanford, 1998. [Visser, 1999] A. Visser. Rules and arithmetics. Notre Dame Journal of Formal Logic, 40(1):116–140, 1999. [Visser, 2002a] A. Visser. Faith and falsity. Logic Group Preprint Series 216, Department of Philosophy, University of Utrecht, 2002. [Visser, 2002b] A. Visser. Substitutions of Σ01 -sentences: Explorations between intuitionistic propositional logic and intuitionistic arithmetic. Annals of Pure and Applied Logic, 114(1–3):227–271, 2002. ˇ ˇ [Svejdar, 2003] V. Svejdar. The decision problem of provability logic with only one atom. Archive for Mathematical Logic, 42(8):763–768, 2003. [Weinstein, 1983] S. Weinstein. The intended interpretation of intuitionistic logic. Journal of Philosophical Logic, 12:261–270, 1983. [Wickline et al., 1998] P. Wickline, P. Lee, F. Pfenning, and R. Davies. Modal types as staging specifications for run-time code generation. ACM Computing Surveys, 30(3es), 1998. [Wilkie and Paris, 1987] A. Wilkie and J. Paris. On the scheme of induction for bounded arithmetic formulas. Annals of Pure and Applied Logic, 35:261–302, 1987. [Wolter, 1998] F. Wolter. All finitely axiomatizable subframe logics containing CSM are decidable. Archive for Mathematical Logic, 37:167–182, 1998. [Yavorskaya (Sidon), 2002] T. Yavorskaya (Sidon). Logic of proofs and provability. Annals of Pure and Applied Logic, 113(1-3):345–372, 2002. [Yavorsky, 2000] R. Yavorsky. On the logic of the standard proof predicate. In Computer Science Logic 2000, volume 1862 of Lecture Notes in Computer Science, pages 527– 541. Springer, 2000. [Yavorsky, 2002] R. Yavorsky. Provability logics with quantifiers on proofs. Annals of Pure and Applied Logic, 113(1-3):373–387, 2002. [Zambella, 1994] D. Zambella. Shavrukov’s theorem on the subalgebras of diagonalizable algebras for theories containing I∆0 + exp. Notre Dame Journal of Formal Logic, 35:147–157, 1994.
INDEX
IΠ− n , 292 IΣ− n , 292 IΣR n , 292 IΣn , 292 X T , 216 Γ ∗T ϕ, 227 Γ GL,sub ϕ, 227 Π1 -axiomatized extensions, 264 Π1 -essentially reflexive, 263 Σ1 -preservativity, 289 Σ1 -realization, 279 0 , 303 F(T ), 293 ϕT , 216 n-consistency ordering
admissible propositional rules in arithmetic, 344 agency, 33 agency-type, 33, 58 agenda, 33 agent causation, 61 aggregate system, 51, 52 AI, 16, 18, 50 Aizawa, K., 48 aletheic, 32 Allen, M., 45 ambiguity, 22 ampliative reasoning, 38 ampliative reliability, 21 analogy, 67 analyticity rationale, 39 Anderson, K., 64 Anglo-American law, 101 anti-psychologism, 62 application, 315 approximation, 16, 58 approximation problem, 115 argumentation theory, 16, 18, 63 Aristotle, 15, 16, 21, 68, 69 (arithmetical) realization, 216 arithmetical hierarchy, 213 arithmetical interpretation, 323 arithmetical semantics, 343 arithmetically complete modal logic, 226 artificial intelligence, 203 artificial language, 16, 17, 22, 24, 25 assent, 59 asset enhancement, 46 atomic sentences of PC, 24, 28 attention, 64, 65
362 authoritative source, 45, 98 Auto rule, 85 autoepistemic arguments, 55 autoepistemic inference, 86 automated deduction, 203 automaticity, 64 axiom necessitation, 315 Axsom, D. S., 45 backwards reflection, 27–29 Bacon, 84 bandwith, 45 Barwise, J., 60 Bayes’ decision rule, 52 Bayesian inference, 105 Bayesianism, 77 Beer, R. D., 49 Beeson–Visser translation, 281 Begriffsschrift, 16, 23 behaviour-based robotics, 50 belief, 59 belief modification, 57 belief revision, 73 belief-sets, 64 Bernays–L¨¨ob derivability conditions, 191 BHK semantics, 189, 196 bidirectional coverage, 115 bimodal provability logic, 194 biology, 115 bits, 45 black body radiation, 92 bodily behaviour, 31 Boole, G., 62 bootstrapping problem, 30 Botterill, G., 65 bridge, 146 Brooks, R. A., 49, 50 Brouwer–Heyting–Kolmogorov (BHK) semantics, 189 burden of proof, 102 Burton, R., 48 bushy problems, 52, 53 Byrne, E., 69
Cacioppo, J. T., 45 Cadoli, M., 59 calculus of plausibility, 72 calculus of probability, 69 candidate space, 82, 84 canonical model fo rLP, 198 Carlson model, 260 Carlson, G. N., 42 Carneades, 69 Carruthers, P., 65 Categories, 22 causes, 61 causal epistemology, 61 causal spread, 50 central cognition, 65 central nervous system, 49 Chaiken, S., 45 chaos, 46 characteisti ch(T ) of T , 218 characteristic formula, 26 characteristicness, 77, 87, 88, 90– 94 Cherry, C., 46 choices, 53 Churchland, P. M., 47 Circumstantial Conviction Dilemma, 105 circumstantial evidence, 104, 106, 108 civil standards, 110 Clark, A., 50, 51 classical consequence, 20, 114 classical entailment, 114 classical logic, 63, 73 classification of provability logics, 193 classification theorem, 228 coding combinator, 347 cognitive agency, 37 cognitive agenda, 96 cognitive agent, 32, 33, 60, 67 cognitive ambition, 47 cognitive economics, 54 cognitive economies, 34, 43, 45
363 cognitive cognitive cognitive cognitive cognitive
goal, 33, 35, 37, 46, 54 psychology, 64 resources, 18, 32, 35, 60 science, 37, 63 systems, 17, 32, 60, 64– 66 cognitive target, 18, 21, 32 cognitive tasks, 33, 60 collapsing phenomenon, 138 combinators, 315, 346 combinatory logic, 345 combinatory terms, 199 common knowledge, 44, 93 common sense, 93 competence, 33, 110 complete logic LPGL, 199 completeness, 341 completeness of LP, 332 completeness principle, 284 completeness theorems, 326 complexity-overload, 54 computational capacity, 18, 33 computational interpretation, 311 computational intractability, 64 computational tractability, 65 computationally realizable optimal rationality, 38 computer science, 18 conceptual account, 113 conceptual analysis, 66, 112 conceptual data, 112 conceptual model, 112, 115 conclusion determination, 21 conclusional plausibility, 102 conclusive presumption, 104 conditional probability, 21 conditional unification, 344 congruent, 141 conjecture, 97, 108 conjoinability, 322 conjunction, 26 connectionist logic, 47, 48 connectionist nets, 48 Connective Rule, 27
connectives, 22, 25 consciousness, 45, 46, 48, 65 consequence, 24, 26, 30, 54, 67, 70, 71 consequence system, 132 consequence-attenuation, 19–21 consequences, 53, 66, 114 consequentialism, 21 consequentialist reasoning, 21 conservatism, 39 conservativity interpretation, 195 conservativity logic, 194 conservativity logics, 195 consisency assertion, 215 consistency, 24, 30, 54, 66 consistency formula, 196 consistency proof, 196 constant specification, 315, 338 constrained fibring, 135, 163 constructive necessitation, 340 content, 18, 22 continuous reciprocal causation, 51 contraction, 319 contradictoriness, 24 control, 64 Convention T, 25 conversation, 44 Cooper, W. S., 52, 53 cooperative acceptance, 55 copula, 22 Corteen, R. S., 64 Craig interpolation theorem for GL, 207 credibility, 96 criminal law, 102, 104, 107 criminal standards, 110 Curry–Howard isomorphism, 311, 345 cut, 205, 319 cut elimination in LP, 198 cut-elimination theorem, 205 cut-free derivation, 319 D, 228
364 Dβ , 228 Daston, L., 69 Davidson, D., 61 Davies, D. R., 65 Dawson, M. E., 64 de Jongh’s theorem, 279 decidability, 31 decision dyanmics, 58 decision theory, 52 decision theory of ‘down below’, 53 decision trees, 52 decisional agent, 52 deducibility, 67 deduction rules, 38 deduction theorem, 209 deductive closure, 72 deductive logic, 21 deductive reasoning, 38 deductive system, 129 default, 43, 44, 89, 90 default logic, 63 default reasoning, 44 Dennis, I. H., 101–103 denotate combinator, 346 deontic logic, 17 deontic paraconsistent logic, 156 depth function, 210 derivability conditions, 215 derivable, 209 descriptive adequacy, 15 descriptive model, 37, 38 determinacy, 85 developmental genetics, 116 dialetheic logic, 17 dialogue logic, 17, 21 direct evidence, 104, 106 Disambiguation Rule, 28–30 discourse economies, 44 discrimination, 50 disjunction property, 278 disjunctive proeprty of hte logic of proofs, 198 disjunctive property, 335
doubt, 109 down below, 46, 48, 116 doxastic satisfaction, 109 doxastic satsifaction, 110 DP, 278 drawability, 20 Dumais, S. T., 64 dynamic feedback loops, 51 dynamic logic, 17 dynamic logics, 318 dynamic turn, 68 Eagly, A. H., 45 effective recognizability, 31 elementary arithmetic EA, 193, 213 elementary formulas, 213 elementary presented, 215 eliminative induction rule, 84 Ellis, B., 67 energy-to-energy transductions, 46 energy-to-information transformations, 46 enquiry, 21 entropy, 45 epistemic disadvantage, 81, 107 epistemic logic, 17 epistemic logic with justification, 337 epistemic logic with justifications, 199 epistemic logics with justifications, 341 epsitemically wrongful acquittal, 110 epsitemically wrongful conviction, 110 equationally appropriate, 165 equivalence, 142 error-avoidance, 40, 55 error-minimization, 55 esoteric logic, 32 Esperanto, 24 essential reflexivity, 262 essentially reflexive theories, 194
365 estimation, 50 evidence, 97 evidential presumption, 103 evidential sources, 98 evolutionary genetics, 115 evolutionary psychology, 65 exceptions, 87 exemplar, 43 existential quantifier, 22 existential semantics, 201 ∃-sickness, 196 experimental confirmation, 108 expertise, 45 explicit reflection, 197 explicit verification, 348 extension, 264 extensions, 263 F -models, 198 Fn , 210 factual, 32 fallacy, 16, 54, 56 fallacy theory, 63 fallibilism, 92 fast and frugal, 34, 56 Feferman’s provability predicate, 275 fertility, 116 fibring logics, 63 fibring of deductive systems, 133 fibring of first-order based logic systems, 174 fibring of interpretation system presentations, 161 fibring of interpretation systems, 138 fibring to preserve strong global completeness, 143 finding, 108 Finger, M., 59 finitely axiomatizable theories, 194 first order provability logics, 192 first-order based deductive system, 168
first-order based interpretation system, 173 first-order based signature, 167 first-order based structure, 171 first-order logic of proofs, 200 fit, 115 fixed point equation, 327 fixed point property, 191 Fodor, J. A., 64 for equality, 170 forcig conditions, 340 forcing conditions, 342 forcing relation, 204 formal logic, 18, 24, 25, 30 formal model, 66, 70, 111–113 formal representation, 113 formalization, 27–30, 113, 115 formalization thesis, 21, 23, 31 formation rules, 24 foundations of verification, 347 four-colour problem, 36 fragments of Peano arithmetic, 196 frame, 43, 204 Franklin, J., 69 Frege, G., 16, 22–24, 26, 62 full, 141 fully explanatory property, 335 fullyfully explanatory property, 198 functional completeness of PC, 26 functional proof, 343 functional proofs, 199 fuzzy logic, 32 Gabbay, D. M., 62 Geffner, H., 44 generality, 87, 100 generalization, 67, 87, 100 generic claim, 43, 85, 87–93 generic inference, 42–43 genericity, 44, 89–90 Gentzen-style proof system GLG , 205 Gigerenzer, G., 33, 34 GL− β , 227
366 GLα , 227 global deduction, 131 global rules, 129 globally entailed, 137, 161 Globus, G., 49 goal-directed logic, 32 goals, 35 G¨ o¨del modulated deductive system, 145 G¨ o¨del provability calculus problem, 201 G¨ o¨del’s second incompleteness theorem, 216 Goryachev’s theorem, 221 Green, J., 64 Grice, H. P., 45 Guarini, M., 49 guessing, 93, 94 guilt, 106 G¨ o¨del’s second incompleteness theorem, 191 Hacking, I., 69 Hailperin, T., 70 Hamlyn, D. W., 46 Hansen, H., 102 Harman, G., 59 hasty generalization, 42, 43, 54 hat trick, 32 height h(K), 210 Hendriks-Jansen, H., 49 heresay, 93 heuristics, 41 heuristic fallacy, 40 heuristics, 65 Heyting arithmetic, 193 Heyting arithmetic HA, 277 hierarchy, 33, 58 hierarchy of agency types, 35 holism, 64 homogeneous scenario, 127 homuncularity, 51–52 Horgan, T., 48 horizontally persistent, 170
human agent, 34 human language, 26 Husbands, P., 50 hypothesis formation, 64 hypothesis-discharge, 108–110 ideal conditions, 15 ideal model, 58 ideal reasoner, 19, 20 idealized behaviour, 58 idealized description, 113 ideography, 24 ignorance, 79 ignorance preservation, 78, 92, 101, 105 ignorance problem, 78 implausibility, 83 implication, 142 implicative intuitionistic logic, 346 inconsistency, 24, 30, 72, 73 independent combinatorial principles, 196 indeterminacy, 85 individual agent, 18, 34, 45 individuals, 36 induction axiom scheme, 214 inductive logic, 21 inductive strength, 43, 54 inequality, 171 inference, 21, 50 inference rule, 128 infinitely confident, 264 informal logic, 16, 63 informal logicians, 16 informality, 28, 31 information, 18, 33, 45 informational relevance, 45 inheritance, 116 injective constant specifications, 316 innovation, 39 instantial defaulting, 99 institutional agent, 18, 35–37, 45 institutional entities, 34, 36 intelligent behaviour, 49, 51
367 internalization property, 317, 345 interpolation property, 336 interpretability logic, 194 interpretation structure, 135 interpretation system, 136 interpretation system presentation, 158 interpreter combinator, 347 interrogative logic, 17, 21 interrogative sentences, 28 intra-abductive hypothesis-discharge, 109 intuitionistic logic, 114, 189 intuitionistic propositional logic IPC, 189 intuitionistic provability logic, 193 invalidity, 29 irrebutable presumptions of law, 104 iterated consistency assesrtions, 217 Jackson, S., 44, 45 Jacobs, S., 44, 45 Japaridze logic, 271 Japaridze theorem, 271 juridicial pronouncement, 106 juridicial relevance, 104 Kahneman, D., 64 Kalmar elementary functions, 214 Kalmar elementary functions E, 294 Klotter, J. C., 104, 111 knowledge operators, 201 knowledge-base, 64 knowledge-set, 78 Kripke model for GL, 204 Kripke models, 340 Kripke semantics, 201 L-truth maximization, 70 labelled deductive system, 63 labelled deductive systems, 197 Lakoff, I., 30 law of evidence, 110
laws of logic, 62 Laws of Thought, 32, 67 Le, 278 legal presumption, 100, 101 Leibniz, G, 22 letterless, 210 Lewis modal system S4, 189 Lewontin, R., 116 lifting lemma, 316 linear logic, 17 linear symbol processor, 64 linguistic structures, 66 linguistics, 66 Lob ¨ theorem, 216 local deduction, 131 local reflection principle, 218 local rules, 129 locally entailed, 137, 161 Locke, J, 55 logic of abduction, 58, 81, 98 logic of action, 17 logic of discovery, 21 logic of down below, 47–49 logic of functional proofs, 344 logic of functional proofs FLP, 199 logic of knowledge with justifications, 201 logic of labelled deduction, 17 logic of natural langauges, 111 logic of proofs, 196, 197, 311 logic of provability, 191 logic of reasoning, 57 logic of single-conclusion proofs, 199 logic of the standard proof predicate, 199 logic with quantifiers over proofs, 201 logical form, 16, 28, 29 logical form in PC, 27 logical inertia, 29 Logical Inertia Rule, 29, 30 logical omniscience, 98, 202 logical omniscience problem, 202
368 logical particle, 22 logical system, 23 logicism, 15 logics of interpolability, 195 logics of knowledge, 201 logics of knowledge with justifications, 341 logics of proof and provability, 198 logics of tolerance, 195 loigcs of proofs and provability, 337 looping, 84 M -model, 334 M -models, 198 Ma, 278 Magari algebraof T , 195 Markov’s rule, 278 Massey, G., 30 mathematical biophysics, 116 mathematical certainty, 35 mathematical formalisms, 115 mathematical logic, 15–17, 63 mathematical reasoning, 15 mathematical structure, 116 mathematical turn in logic, 15, 17 mathematics, 115 maxim of minimal mutilation, 86 maximal consistency, 76 maximal draws, 20 maximality assumption, 20 Medin, D. L., 43 meta-reasoning, 203 meta-signature, 157 Metatehorem of Biconditionality, 142 Metatheorem of Deduction, 142 Metatheorem of Modus Ponens, 142 Metatheorem of Substitutionof Equivalents, 142 metrization, 70 Meyer, J. A., 50 migration, 116 Mill, J. S., 42 minimal model of LP, 198, 335
Minsky, M., 43 mistake, 56 Mkrtychev model, 334 Mkrytychev models, 198 modal logic, 17 modal logic K, 136 model theory, 60 modularity, 52, 64 modulated deductive system, 145 modulated fibring of deductive systems, 146 modulated fibring of interpretation systems, 151 modulated interpretation system, 148 modulated signature, 144 modulated signature morphism, 144 modulated structure, 147 molecular sentences of PC, 24 monotonicity axiom, 200 multi-conclusion, 315 multi-conclusion proof, 343 multi-conclusion proofs, 199 multi-conclusoin proof systmes, 318 multi-dimensinal logic, 63 multi-dimensional logics, 63 multi-modal logic, 63 multiple simultaneous interactions, 51 mutation, 116 n-consistency assertion, 270 n-consistent, 269 n-provability predicate, 270 natural kinds, 43 natural language, 22, 23, 30 natural logic, 30 natural sciences, 115 natural selection, 116 necessitation rule, 190, 317 negation, 22, 72 negation-as-failure, 44, 55 negation-inconsistency, 41 negative entropy, 46
369 negative introspection, 199, 342 neural modularity, 51 new logic, 62 Newton, I., 22 NNIL-formulas, 281 nodes, 204 non-circularity, 114 non-monotonic logic, 63 non-monotonic system, 114 non-truth-functional logics, 155 non-universal generality, 99 nonsymbolic cognition, 47 normal ecological backdrop, 50 normal proof predicate, 322 normal realization, 319 normalcy, 87, 89, 90 normalic claim, 91, 93 normative legitimacy, 15 normative model, 37, 38 normativity, 38, 40 O’Connor, T., 61 O’Keefe, D. J., 45 On Sophistical Refutations, 21 on-line intelligent behaviour, 49 Open Door Case, 80, 87, 90, 91, 94 optimal rationality, 38 optimization, 107 optimization under constraint, 38 ordinal analysis, 196 ordinary reasoning, 58 over-idealization, 116 over-simplification, 116 p-sets, 70, 72 paraconsistent logic, 137 paraconsistent system, 114 parallel distributed processor, 64 parameter-free induction, 298 parameter=free induction schemata, 196 Parasuraman, R., 65 paucity of resource, 33, 34, 45
PDP, 64, 65 PDP theory, 64 Peano arithmetic PA, 190, 214 Peirce, C. S., 22–24, 26, 69, 81, 84, 92 Pelletier, F.J., 42 persuasive presumption, 103 Petrel, D., 45 Petty, R. E., 45 PI, 48 Pietroski, P. M., 61 PLT (U ), 226 Planck, M., 48, 68, 92 plausibility, 37, 54, 67, 68, 70–72, 77, 83, 86, 91, 93, 94, 96, 98 plausibility adjudication, 73 plausibility consequences, 71 plausibility filter, 94 plausibility index, 72 plausibility indexing, 69, 70, 72, 77 plausibility logic, 85 plausibility measures, 70 plausibility negation, 72 plausibility screening, 73, 74, 77 plausibility value, 70, 99 plausibility-indices, 77 plausible belief, 35 plausible reasoning, 94, 95 plausible-or-probable, 69 pluralsim, 17 point based semantics of fibring, 180 polymodal logics, 196, 318 polymodal provability logic, 258 polymorphism, 345 positive introspection, 339 possible evidence function, 335 practical agent, 18, 32, 35, 36, 60 practical logic, 21, 32, 33, 56–58, 65, 67, 113, 115 practical reasoning, 17, 18, 21, 31, 32, 35, 58, 64, 68, 79,
370 111 practical turn in logic, 17, 18, 68 practicality, 59 pragmatics, 67 premiss search, 21 premiss-irredundancy, 114 prescriptive model, 37–38 preservation of completeness, 140 preservation of soundness, 140 preservation results, 140 preservationist logic, 17 presumption, 79, 94–98 presumption of guilt, 102 presumption of innocence, 101 presumption rule, 100 presumptive reasoning, 44, 94, 95 primitive recursive arithmetic PRA, 297 primitive recursive terms, 322 prior probabilities, 69, 77 probability, 23, 53, 69, 72 probability enhancment, 78 process, 15 processing attentive, 65 automatic, 65 conscious, 65 controlled, 65 depth, 65 inattentive, 65 involuntary, 65 linguistic, 65 non-linguistic, 65 non-semantic, 65 semantic, 65 surface, 65 unconscious, 65 voluntary, 65 product, 15 programming languages, 202 proof, 24 proof beyond a reasonable doubt, 111 proof checker, 315
proof constants, 314 proof polynomials, 197, 314, 337 proof polynomials fo rGentzen-style proof systems, 200 proof predicate, 322 proof predicate PrffT (y, x), 215 proof theory, 60 proof variables, 314 propositional calculus, see PC propositional plausibility, 92, 100, 102 prototype, 43 prototype activation, 47 prototype-library, 48 provability algebra, 195 provability calculus, 190 provability logic, 189, 226 provability of a theory T relative to a metatheory U , 226 provability predicate, 215 provability semantics, 190, 191, 197, 318, 346 provable Σ1 -completeness, 215 provable Σn+1 -completeness, 270 provably total computable functions, 293 provisional assumption, 103 proviso, 168 psychologism, 60–63, 113 psychology, 17, 46, 60, 62, 66 pure logic, 18 purpose, 32 quanta, 48 quantification theory, 23 quantified logics of proofs, 200 Quine, W. V., 16, 23, 39, 43, 66, 86 Raifa, H., 52 Rashevsky school, 116 Raz, J., 57, 58 realizability semantics, 311 realization algorithm, 321
371 Reason Rule, 44 reasonable alternative, 106 reasonable doubt, 105, 106 reasonable person, 68, 101, 107, 111 reasoning abstract, 32 applied, 32 common, 32 concrete, 32 context-free, 32 esoteric, 32 factual, 32 formal, 32 fuzzy, 32 goal-directed, 32 informal, 32 moral, 32 ordinary, 32 practical, 32 precise, 32 purposive, 32 specialized, 32 strict, 32 theoretical, 32 reasoning down below, 47 rebuttable presumptions of law, 103 reduction property, 301 reflection, 203, 315 reflection in typed λ-calculus, 345 reflection principle in PA, 196 reflective equilibrium, 39 reflective equilibrium rationale, 39 reflexive combinatory logic, 202 reflexive cominatory logic, 345 reflexivity axiom, 264 reflexivity rule, 338 Reiter, R., 44 relevance, 67 relevant logic, 17 reliability, 70, 71, 99 reliability value, 74 Rensink, R., 46 representation without rules, 48
representation-level rules, 48, 49 representational system, 16 representationalism, 49, 51 Rescher, N., 68, 69, 71–73, 96, 97, 100 resolution point, 84 resource limitations, 58 RT logic, 18, 61 resource-target logic, 18, 61 resources, 33, 35 revision, 54 RFN(T ), 218 RFNΣn (T ), 218 Rfn(T ), 218 RfnΣn (T ), 218 rich, 164 robot, 50 robot’s body, 50 robot’s environment, 50 robotic cleverness, 50 Rosch, E., 43 Rosser’s provability predicate, 274 route-planning, 50 Run Time Code Generating, RTCD, 203 Russell paradox, 39 Russell, B., 30 RWR model, 48 Σn and Πn -formulas, 213 Σn -sound, 215 Sβ , 228 satisfaction, 109 satisfiability probelm in S4, 198 satisfization, 36, 107 SRAS, 34, 36, 56 scant-resource adjustment strategies, 34, 36, 56 scarcity, 33 Schaerf, M., 59 Schank, R., 43 Schell, A. M., 64 Schneider, W., 64 scientific certainty, 35
372 script, 43 second G¨ o¨del incompleteness theorem, 190 second Solovay theorem, 225 self-awareness, 203 self-referential, 202 self-referentiality, 334, 345 Sells, S. B., 45 Selten, R., 33, 34 semantic processing, 64 semi-interpreted language, 21, 22 sequent, 324 sequents, 205 set theory, 60 sets of priors, 20 Shannon, B., 49 Shiffrin, R. M., 64, 66 signature, 127 Simon, H. A., 33, 34, 37 simple sentences, 29 single-conclusion proof systems, 318 single-conclusion proofs, 199, 343 Smith, E. E., 43 Smith, I. B., 49 Solovay construction, 222 Solovay realization, 224 Solovay’s theorem, 222 sound, 215 source-evidence, 98 specialization, 32 Squire, R., 64 SRAS, 42 srong interpolation, 337 stability, 341 stability of explicit knowledge, 342 standard of proof, 104, 109, 110 standard picture, 16 standard presumption, 102 standard proof predicate, 200 standards of rigour, 18, 21 Stanovich, K. A., 37 Stenman, U., 64 Sterelny, K., 49 Stganovich, K. A., 33
Stigler, G. J., 38 Stough, C. L., 69 strategic plausibility, 92, 97 strictness, 32 strong probability operator, 343 strong provability operator, 202 strong provability semantics, 202 strong LP-model, 336 subconscious abductive processes, 47 subconscious cognition, 47 subformula property, 205 subjective expected utility, 52 substructural logic, 63 supervenience, 51 surprise, 80, 81 survival, 116 syllogism, 15, 21, 114 syllogistic consequence, 20, 114 symbol manipulation, 16 symbolic logic, 15 system of provability and explicit proofs LPP, 199 system GL, 192 T -complete, 227 T -completion [L]T , 227 T -interpretation fT (ϕ), 216 tableau, 198 tableau system, 336 Tallis, R., 46 target concepts, 66 target properties, 27 target-modesty, 58 Tarskian consequence relation, 132 tautologousness, 24 temporal logic, 17 testimony of experts, 69 Thagard, P. M., 48, 60 The Standard Picture, 16 the worm principle, 305 Thelen, E., 49 Theophrastus’ rule, 98 theoretical agent, 18, 35, 36
373 theoretical poulation genetics, 115 theoretical reasoning, 35, 59 theoretical-practical distinction, 59 theory, 215 Tienson, J., 48 time, 18, 33 topological semantics, 201 Trace tr(ϕ), 210 trace tr(L) of a modal logic L, 230 Treisman, A., 64 Treisman, A. M., 64 trigger, 82 truth, 23 truth conditional semantics, 25, 27 truth functionality, 25 truth provability logic, 192 truth provability logic of T , 226 truth value, 135 truth-preservation, 21, 40, 41, 78 Turing’s conjecture, 116 type checking, 198 typed λ-calculus, 202 typed λ-terms, 199 typed combinatory logic, 202, 315 typed theories, 202 types of bimodal provability logics, 262 Uglow, S., 101, 102 Unboundedness theorem, 219 unconstrained fibring, 135, 162 unexpectedness, 81 unification axiom, 344 uniform, 169 uniform interpolation, 208 uniform reflection principle, 218 union, 315 universal construction, 134 universal quantification, 87 universal quantifier, 22 universal semantics, 201 universal types, 267 universally quantified conditional, 43, 100
utilities, 53 validity, 21, 24, 26, 28–30, 40, 41, 43 valuation, 26, 40 vector-to-vector transformation, 47 Velleman, J. D., 31 verification, 203 verification systems, 347 verified inference rules, 347 vertically persistent, 170 Visser’s rule (V Vn ), 287 Visser’s theorem, 280 Walton, D., 37, 94, 96, 99, 102 Wasserman, R., 59 weak interpolation, 337 weak reflexivity, 342 weak LP-model, 336 weakening, 319 Webb, B., 49 Weiner, J., 22 Wheeler, M., 49–51 Wimsatt, W., 51 witness comparison, 194 witness function, 334 Wolfram, S., 46 Wood, B., 64 Woodworth, R. S., 45 Worm principle, 196 Wright, J. M. von, 64 Yates, S., 45