Gdels Incompleteness Theorems Andrei Popescu Dmitriy Traytel e - - PowerPoint PPT Presentation

A Formally Verified Abstract Account

• f

Gödel’s Incompleteness Theorems

Andrei Popescu Dmitriy Traytel

λ → ∀

=

I s a b e l l e

β α

HOL

Gödel’s Incompleteness Theorems 1931

Gödel’s Incompleteness Theorems 1931 Fix a consistent logical theory that

• contains enough arithmetic,
• can itself be arithmetized.

Gödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither prove nor disprove).

Fix a consistent logical theory that

• contains enough arithmetic,
• can itself be arithmetized.

Gödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither prove nor disprove).

Fix a consistent logical theory that

• contains enough arithmetic,
• can itself be arithmetized.

The theory cannot prove (an internal formulation of) its own consistency.

Pen and Paper Proofs of and

Pen and Paper Proofs of and

… … … …

Pen and Paper Proofs of and

The reader who does not like incomplete and (apparently) irremediably messy proofs of syntactic facts may wish to skim over the rest of this chapter and take it for granted that …

… … … …

Formal Verifications of and

Formal Verifications of and

Paulson 2015 Isabelle O’Connor 2005 Coq Harrison 2004 HOL Light Shankar 1986 NQTHM 1978 TEM Sieg

End of story

End of story?

End of story?

Formal Verifications of and

Shared structure

• Fix a particular logic: Classical FOL

Formal Verifications of and

Shared structure

• Fix a particular logic: Classical FOL
• Fix a particular theory (+ finite extensions of it)
• Arithmetic (Harrison, O’Connor)
• Hereditarily finite set theory (Sieg, Shankar, Paulson)

Formal Verifications of and

Shared structure

• Fix a particular logic: Classical FOL
• Fix a particular theory (+ finite extensions of it)
• Arithmetic (Harrison, O’Connor)
• Hereditarily finite set theory (Sieg, Shankar, Paulson)

Formal Verifications of and

Shared structure

• Fix a particular logic: Classical FOL
• Fix a particular theory (+ finite extensions of it)
• Arithmetic (Harrison, O’Connor)
• Hereditarily finite set theory (Sieg, Shankar, Paulson)
• Tour de force for the particular combination

Formal Verifications of and

Shared structure

• Fix a particular logic: Classical FOL
• Fix a particular theory (+ finite extensions of it)
• Arithmetic (Harrison, O’Connor)
• Hereditarily finite set theory (Sieg, Shankar, Paulson)
• Tour de force for the particular combination

Formal Verifications of and

Shared structure Scope of and remains largely unexploded

• Fix a particular logic: Classical FOL
• Fix a particular theory (+ finite extensions of it)
• Arithmetic (Harrison, O’Connor)
• Hereditarily finite set theory (Sieg, Shankar, Paulson)
• Tour de force for the particular combination

Formal Verifications of and

Shared structure Scope of and remains largely unexploded E.g. do they hold for Intuitionistic FOL, HOL, CIC?

Our Motto:

Our Motto: Don’t Fix, Gather!

Our Contributions

Our Contributions

• Abstract

formalization of and

• Answer “What must/may a logic/theory offer?”
• Understand variants and distill trade-offs from the literature
• Correct a mistake in a pen and paper proof

I s a b e l l e

Our Contributions

• Abstract

formalization of and

• Answer “What must/may a logic/theory offer?”
• Understand variants and distill trade-offs from the literature
• Correct a mistake in a pen and paper proof

I s a b e l l e

• Concrete instantiation to hereditarily finite set theory
• Reproduce (for

) and improve (for ) Paulson’s formalization

What must a logic/theory offer?

Generic Syntax Connectives Provability Relation Numerals

What must a logic/theory offer?

Generic Syntax Connectives Provability Relation Numerals Classical Logic

What may a logic/theory offer?

Order-like Relation Proofs Encodings Represent- ability Derivability Conditions Standard Model Soundness Consistency Omega- Consistency Completeness

• f Provability

Proofs vs. Provability

Generic Syntax

• sets: Var, Term, Fmla with Var⊆Term

Generic Syntax

• sets: Var, Term, Fmla with Var⊆Term
• operators:

FV_Term : Term → 2Var FV : Fmla → 2Var subst_Term : Term → Var → Term → Term subst : Fmla → Var → Term → Fmla Generic Syntax

• sets: Var, Term, Fmla with Var⊆Term
• operators:

FV_Term : Term → 2Var FV : Fmla → 2Var subst_Term : Term → Var → Term → Term subst : Fmla → Var → Term → Fmla

• properties, e.g.:

x∈FV(φ) implies FV(subst φ x s) = FV(φ) - {x} ∪ FV_Term(s) Generic Syntax

• sets: Var, Term, Fmla with Var⊆Term
• operators:

FV_Term : Term → 2Var FV : Fmla → 2Var subst_Term : Term → Var → Term → Term subst : Fmla → Var → Term → Fmla

• properties, e.g.:

x∈FV(φ) implies FV(subst φ x s) = FV(φ) - {x} ∪ FV_Term(s) Generic Syntax

We require unary substitution only. We derive parallel substitution from it.

Connectives

• operators:

≡ : Term → Term → Fmla →, ∧, ∨ : Fmla → Fmla → Fmla ¬ : Fmla → Fmla ⊥, ⊤ : Fmla ∃, ∀ : Var → Fmla → Fmla Connectives

• operators:

≡ : Term → Term → Fmla →, ∧, ∨ : Fmla → Fmla → Fmla ¬ : Fmla → Fmla ⊥, ⊤ : Fmla ∃, ∀ : Var → Fmla → Fmla Connectives

We require a minimal list w.r.t. intuitionistic deduction and define the rest.

Note: operators, not constructors

• unary relation:

⊢ ⊆ Fmla we write ⊢φ if φ ∈ ⊢

• properties:

⊢ contains the standard (Hilbert-style) intuitionistic FOL axioms about the connectives Provability Relation

• unary relation:

⊢ ⊆ Fmla we write ⊢φ if φ ∈ ⊢

• properties:

⊢ contains the standard (Hilbert-style) intuitionistic FOL axioms about the connectives Provability Relation

• nonempty set:

Num ⊆ Fmla0 Numerals

• property: ⊢ ¬ ¬ φ → φ

Classical Logic

• property: ⊢ ¬ ¬ φ → φ

Classical Logic Order-like Relation

• formula: ≺ ∈ Fmla2
• properties, e.g.:

for all φ∈Fmla1 and n∈Num, if ⊢φ(m) for all m∈Num, then ⊢∀x. x≺n → φ(x)

• property: ⊢ ¬ ¬ φ → φ

Classical Logic Order-like Relation

• formula: ≺ ∈ Fmla2
• properties, e.g.:

for all φ∈Fmla1 and n∈Num, if ⊢φ(m) for all m∈Num, then ⊢∀x. x≺n → φ(x)

• set: Proof
• binary relation: ⊩ ∈ Proof×Fmla

we write p⊩φ if (p,φ)∈⊩ Proofs

• formulas subst, ⊩, ¬
• property:

behave like operators/relations (subst, ⊩, ¬) on encodings

• operators:

⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num Encodings Represent- ability

• formulas subst, ⊩, ¬
• property:

behave like operators/relations (subst, ⊩, ¬) on encodings

• operators:

⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num Encodings

• property: ⊬⊥

Consistency Represent- ability

• formulas subst, ⊩, ¬
• property:

behave like operators/relations (subst, ⊩, ¬) on encodings

• operators:

⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num Encodings

• property: ⊬⊥

Consistency

• property: For all φ∈Fmla1,

if ⊢¬φ(n) for all n∈Num then ⊬¬¬(∃x.φ(x)) Omega- Consistency Represent- ability

What must a logic/theory offer?

Generic Syntax Connectives Provability Relation Numerals Classical Logic

What may a logic/theory offer?

Order-like Relation Proofs Encodings Represent- ability Derivability Conditions Standard Model Soundness Consistency Omega- Consistency Completeness

• f Provability

Proofs vs. Provability

Proofs Encodings Represent- ability Derivability Conditions Omega- Consistency subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩

There exists φ∈Fmla0 such that ⊬φ and ⊬¬φ

Proofs Encodings Represent- ability Derivability Conditions subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩

There exists φ∈Fmla0 such that ⊬φ and ⊬¬φ

Consistency

Rosser’s Trick a la Rosser

Proofs Encodings Represent- ability Derivability Conditions subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩

There exists φ∈Fmla0 such that ⊬φ and ⊬¬φ

Consistency

Rosser’s Trick

¬

a la Rosser

Proofs Encodings Represent- ability Derivability Conditions subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩

There exists φ∈Fmla0 such that ⊬φ and ⊬¬φ

Consistency

Rosser’s Trick

Order-like Relation ¬

a la Rosser

Encodings Represent- ability Derivability Conditions subst ⊢φ implies ⊢⊢⟨φ⟩

There exists φ∈Fmla0 such that ⊬φ and ⊬¬φ and φ is true in the standard model

semantic

⊢⊢⟨φ⟩ implies ⊢φ Standard Model Soundness Completeness

• f Provability

Proofs vs. Provability

Encodings Represent- ability Derivability Conditions subst ⊢φ implies ⊢⊢⟨φ⟩

There exists φ∈Fmla0 such that ⊬φ and ⊬¬φ

classical

⊢⊢⟨φ⟩ implies ⊢φ Classical Logic Consistency

Encodings Represent- ability Derivability Conditions subst ⊢φ implies ⊢⊢⟨φ⟩

⊬¬⊢⟨⊥⟩

Consistency ⊢⊢⟨φ⟩∧⊢⟨φ→ψ⟩→⊢⟨ψ⟩ ⊢⊢⟨φ⟩→⊢⟨⊢⟨φ⟩⟩

Encodings Represent- ability Derivability Conditions subst ⊢φ implies ⊢⊢⟨φ⟩

⊬¬⊢⟨⊥⟩

Consistency ⊢⊢⟨φ⟩∧⊢⟨φ→ψ⟩→⊢⟨ψ⟩ ⊢⊢⟨φ⟩→⊢⟨⊢⟨φ⟩⟩

In the paper: Jeroslow’s “improvement" to remove this condition results in weaker conclusion + mistake in proof

12000 LOC

λ → ∀

=

I s a b e l l e

β α

H O L

From Abstract to Concrete

Generic Syntax Connectives Provability Relation Numerals

Verified instances

• Robinson’s Arithmetic (Q)
• Hereditarily finite set theory

From Abstract to Concrete

classical semantic

Instantiations of with Paulson’s HF set theory.

From Abstract to Concrete

classical semantic

Instantiations of with Paulson’s HF set theory.

12000 LOC

λ → ∀

=

I s a b e l l e

β α

H O L

12000 LOC

From Abstract to Concrete

classical semantic

Instantiations of with Paulson’s HF set theory.

Paulson assumes soundness (and redundantly consistency!) We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here) 12000 LOC

λ → ∀

=

I s a b e l l e

β α

H O L

12000 LOC

From Abstract to Concrete

classical semantic

Instantiations of with Paulson’s HF set theory.

Paulson assumes soundness (and redundantly consistency!) We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here) 12000 LOC

λ → ∀

=

I s a b e l l e

β α

H O L

12000 LOC

• 5000 LOC

From Abstract to Concrete

classical semantic

Instantiations of with Paulson’s HF set theory.

Paulson assumes soundness (and redundantly consistency!) We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here) 12000 LOC

λ → ∀

=

I s a b e l l e

β α

H O L

12000 LOC

• 5000 LOC

+5000 LOC

Conclusion

• Abstract

formalization of and

• Answer “What must/may a logic/theory offer?”
• Understand variants and distill trade-offs from the literature
• Correct a mistake in a pen and paper proof
• Concrete instantiation to hereditarily finite set theory
• Reproduce (for

) and improve (for ) Paulson’s formalization

• Still unanswered/future work
• Do

and hold for Intuitionistic FOL, HOL, CIC?

• Can we do more on the abstract level? (e.g. derivability conditions)

I s a b e l l e

Conclusion

• Abstract

formalization of and

• Answer “What must/may a logic/theory offer?”
• Understand variants and distill trade-offs from the literature
• Correct a mistake in a pen and paper proof
• Concrete instantiation to hereditarily finite set theory
• Reproduce (for

) and improve (for ) Paulson’s formalization

• Still unanswered/future work
• Do

and hold for Intuitionistic FOL, HOL, CIC?

• Can we do more on the abstract level? (e.g. derivability conditions)

I s a b e l l e

Thank you! Questions?

A Formally Verified Abstract Account

• f

Gödel’s Incompleteness Theorems

Andrei Popescu Dmitriy Traytel

λ → ∀

=

I s a b e l l e

β α

HOL