Summary of Logic and Mathematical Inquiry (80-211 ... - Phil Cmu

Summary of Logic and Mathematical Inquiry (80-211), Spring 2011 

Instructor: Jeremy Avigad 

T.A.: Dan Auerbach 

Course goals 

Teach students to read and write mathematical proofs 

Teach students the syntax and (informal) semantics of first-order logic 

Teach students to carry out logical calculations and manipulations 

Teach students to carry out formal proofs (in natural deduction, and in an interactive proofassistant) 

Teach students basic mathematical concepts (sets, functions, relations, ...) 

Teach students about axiomatic foundations 

Textbooks and software 

Velleman, How to Prove It 

Tarski's World 

Notes on natural deduction and Isabelle 

The Isabelle proof assistant 

Excerpts from Enderton, Set Theory 

Topics covered 

Informal mathematical proof 

Propositional logic and truth table semantics 

Proving propositional identities and simple set identities 

Natural deduction for propositional logic 

Natural deduction for first-order logic with equality 

Mathematical induction and recursion (both informal and formal) 

Relations: order relations, equivalence relations, equivalence classes 

Functions: injections, surjections, bijections, etc. 

Axiomatic set theory 

Cardinality and the infinite 

The set-theoretic construction of the real numbers 

Contents of this package 

Syllabus 

Notes on natural deduction and Isabelle 

Homework assignments and solutions 

Exams 

Isabelle scripts (including homework assignments and solutions) 

Isabelle cheat sheet

Logic and Mathematical Inquiry 

Course 80-211 

Spring, 2011 

Course information 

Time: Tuesday and Thursday, 9:00-10:20 

Room: Porter Hall A18C 

Course announcements, assignments, handouts, and grades will be posted 

on Blackboard: http://www.cmu.edu/blackboard/ 

Instructor 

Name: Prof. Jeremy Avigad 

Office: Baker Hall 161D 

Mailbox: Baker Hall 135 

e-mail: avigad@cmu.edu 

Office hours: Wednesdays, 9-10am and 4-5pm 

Teaching Assistant 

Name: Daniel Auerbach 

Office: Dohery Hall 4302E 

Mailbox: Baker Hall 135 

e-mail: dauerbac@andrew.cmu.edu 

Office hours: Tuesday 6-7pm, Wednesday 6-7pm 

Texts 

Velleman, How to Prove It 

Barker-Plummer, Barwise, and Etchemendy, Tarski’s World 

We will also make use of the Isabelle theorem prover, which can be found 

online: 

http://www.cl.cam.ac.uk/research/hvg/Isabelle/.

Additional notes and readings will be posted on Blackboard. 

Requirements 

Problem sets (50%): 

Due every Thursday 

Midterm exam (20%): In class, Thursday, March 3 

Final exam (30%): 

During the final exam period 

Please read the relevant sections of the text before class so that we can 

discuss them during the lecture. 

Description 

Among the range of human pursuits, mathematics is distinguished by the 

use of precise, regimented language and methods of argumentation. In other 

words, there are implicit rules that govern how mathematical assertions are 

made, and how they are proved. One of the great achievements of twentieth 

century logic has been to analyze mathematical language and methods of 

inference in great detail, and represent them with precise formal calculi. 

There are a number of benefits to doing so: 

• Philosophical: logical analysis serves to clarify and sharpen debates 

as to the nature of mathematical objects, assumptions, inference, and 

truth. 

• Mathematical: the modeling provides useful mathematical information 

about mathematical language and inference, including their limitations 

• Computational: it also makes it possible to use computers to help 

carry out and check mathematical reasoning. 

This course is an introduction to the language and methods of mathematics, 

and to the logical study thereof. We will work on your ability to read and 

write clear mathematical proofs; at the same time, we will study the formal 

logical modeling of language and proof in symbolic terms. In addition, you 

will experiment with software that relies on this formal logical modeling. 

Background 

This course has substantial mathematical content, but it does not assume 

any background beyond high school mathematics.

Tentative Outline 

1. Mathematical language and reasoning (Velleman 1–2, Tarski’s world) 

(a) Propositional logic 

(b) Sets 

(c) First-order logic 

2. Formal and informal proof (Velleman 3 and 6, Isabelle) 

(a) Natural deduction for propositional logic 

(b) Interactive theorem proving in Isabelle 

(c) Natural deduction for first-order logic with equality 

(d) The natural numbers and proof by induction 

3. Foundations (Velleman 4, 5, and 7, Isabelle) 

(a) Relations and functions 

(b) Axioms for set theory 

(c) Cardinality and Cantor’s theorem 

(d) Axiomatic structures 

(e) The construction of the real numbers 

Grading and lateness policy 

Homework is due at the beginning of class on Thursday. It can be turned 

in late, until noon on Friday, to Dan Auerbach’s mailbox in Baker Hall 135, 

with a nominal penalty to your grade (roughly a third to a half of a letter 

grade). Note that this is much better than not turning it in at all, which 

counts as a score of 0. For the software component of the course, you will 

be asked to turn in portions of your assignment electronically. Unless asked 

to do so, however, please submit a hardcopy of your solutions. 

The total point score on the homework assignments will vary from week 

to week. But each homework assignment is ultimately scaled to a score from 

0 to 5 (4–5 is an A, 3–4 is a B, etc.) and all count equally towards the final 

grade. This is done to ensure fairness. The course is not curved, in that 

everyone may earn an A, or everyone may fail.

Things invariably crop up during the semester: illness, travel, and so on. 

Taking that into account, I will drop your lowest two homework scores. Since 

you are responsible for all the material on the exams, however, I encourage 

you to do all the assignments. 

Grades are determined based on clarity as well as correctness. You may 

turn in an answer to a question that, arguably, has all the components of a 

correct answer; but if the grader has to struggle to understand what you are 

saying, or read between the lines, or weed out false or irrelevant information, 

you are unlikely to receive full credit. 

You are allowed to work together on the homework assignments, and, 

in fact, this is encouraged. The only restriction is that when you write up 

the actual solution you turn in you must do so alone, so that the answer 

reflects your own understanding. Failure to obey these guidelines constitutes 

cheating. 

The Isabelle interactive theorem prover 

We will experiment with an interactive proof system called Isabelle. This is 

a cutting-edge research-grade proof tool rather than educational software, 

used to check mathematical proofs as well as software and systems design; 

so using it in an introductory course is a bit of a stretch. But it is a powerful 

and remarkable system, and worth getting to know. 

You have three options for using Isabelle: 

• Use it in any of the Linux clusters on campus; see: 

http://www.cmu.edu/computing/clusters/software/linux/index.html 

• Install it on your computer. The instructions are here: 

http://www.cl.cam.ac.uk/research/hvg/isabelle/download.html 

The installations are easy on a Mac or Linux system, but, unfortunately, 

not as easy on Windows. 

• Run it remotely. For example, if you use Windows, go to http://my.cmu.edu, 

go to “computing/ download software” and install “X-Win32.” You 

can then use that to log on to your Andrew account at unix.andrew.cmu.edu 

and run Isabelle from there.

Once you have Isabelle set up, try running it. For example, at a cluster 

machine type 

isabelle emacs Test.thy 

When the editor opens up, copy the following file exactly: 

theory Test 

imports Main 

begin 

lemma "(2::nat) + 2 = 4" 

by auto 

Then press the “process buffer” button (the downwards-pointing triangle). 

If the text background turns light blue, the system is working.

Logic and Mathematical Inquiry 

Lecture notes 

Jeremy Avigad 

Version: Spring 2011

Contents 

1 Natural deduction for propositional logic 1 

1.1 Natural deduction . . . . . . . . . . . . . . . . . . . . . . . . 1 

1.2 Some propositional validities . . . . . . . . . . . . . . . . . . 5 

1.3 Proof by contradiction . . . . . . . . . . . . . . . . . . . . . . 7 

1.4 Excercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 

1.5 Proof short cuts . . . . . . . . . . . . . . . . . . . . . . . . . . 8 

1.6 Sequent notation . . . . . . . . . . . . . . . . . . . . . . . . . 9 

2 Propositional logic in Isabelle 11 

2.1 Using Isabelle . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 

2.2 The propositional rules . . . . . . . . . . . . . . . . . . . . . . 14 

2.3 Additional proof methods . . . . . . . . . . . . . . . . . . . . 17 

2.4 Reasoning with sets . . . . . . . . . . . . . . . . . . . . . . . 17 

2.5 Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 

3 Natural deduction for first-order logic 21 

3.1 Quantifiers in natural deduction . . . . . . . . . . . . . . . . 21 

3.2 Some first-order validities . . . . . . . . . . . . . . . . . . . . 22 

3.3 Equality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 

3.4 First-order theories . . . . . . . . . . . . . . . . . . . . . . . . 24 

3.5 Completeness for first-order logic . . . . . . . . . . . . . . . . 24 

4 First-order logic in Isabelle 27 

4.1 Quantifiers in Isabelle . . . . . . . . . . . . . . . . . . . . . . 27 

4.2 Equality in Isabelle . . . . . . . . . . . . . . . . . . . . . . . . 29 

4.3 Using lemmas and the library . . . . . . . . . . . . . . . . . . 30 

4.4 Using Isabelle’s automated tools . . . . . . . . . . . . . . . . 31

ii 

CONTENTS 

5 The natural numbers 33 

5.1 Induction and recursion on the natural numbers . . . . . . . . 33 

5.2 The natural numbers in Isabelle . . . . . . . . . . . . . . . . . 35

Chapter 1 

Natural deduction for 

propositional logic 

1.1 Natural deduction 

The formulas of propositional logic are obtained by starting with propositional 

variables p, q, r, . . ., and then using propositional connectives (ϕ ∧ ψ), 

(ϕ ∨ ψ), (ϕ → ψ), and (¬ϕ) to build up more complicated formulas. The 

symbols ∧, ∨, →, and ¬ stand for “and,” “or,” “implies,” and “not,” respectively. 

I will also use ⊤ for “true,” ⊥ for “false,” and ↔ for “if and only 

if.” 

Remember that, under truth-table semantics, a propositional formula ϕ 

is said to be valid, or a tautology, if ϕ is true under every assignment. This 

is written |= ϕ. More generally, if Γ is a set of formulas and ϕ is a formula, 

Γ entails ϕ, written Γ |= ϕ, if ϕ is true under every truth assignment that 

makes every formula in Γ true. In other words, Γ entails ϕ if the inference 

“from Γ, conclude ϕ” is valid. For example, computing truth tables shows 

that the following hold: 

• |= p ∧ q → q ∨ r 

• {q, p ∧ r} |= q ∧ r 

The purpose of a proof system is to provide a system of rules which 

is sufficient to verify all valid formulas and entailments. Once we have 

described our proof system, we will write ⊢ ϕ to indicate the ϕ is provable, 

and, more generally, write Γ ⊢ ϕ to mean that ϕ is provable from Γ. A good 

proof system should have the property that it makes provability coincide 

1

2 CHAPTER 1. PROPOSITIONAL LOGIC 

with semantic entailment. That is, if there is a proof of ϕ from Γ, then Γ 

should entail ϕ (this is known as “soundness”). Conversely, if Γ entails ϕ, 

then it should be possible to prove ϕ from Γ. In fact, the system I am about 

to describe is sound and complete. 

We will use a system of natural deduction, due to Gerhard Gentzen. In 

this system, the basic object is a proof of a formula from some hypotheses; 

the rules of the system enable us to construct complex proofs from simpler 

ones. Rules are associated to each connective, characterizing its proper 

usage. In particular, each logical connective has an associated introduction 

rule, which tells us what is needed to justify an assertion involving this 

connective; and an elimination rule, which tell what we may legitimately 

infer from such an assertion. 

To start with, you are allowed to make any assumption. This is just the 

assumption rule: 

The way to read this is as follows: assuming ϕ, you have proved ϕ. 

Here are the rules for conjunction: 

ϕ ψ ∧I 

ϕ ∧ ψ 

ϕ 

ϕ ∧ ψ ∧E1 

ϕ 

ϕ ∧ ψ ∧E2 

ψ 

The first rule says “in order to prove ϕ ∧ ψ from some assumptions, prove 

ϕ from those assumptions, and prove ψ from those assumptions.” In other 

words, whatever assumptions you have make to prove ϕ and ψ are assumptions 

in the resulting proof. The other two rules are elimination rules. They 

say “if you have proved (or assumed) ϕ ∧ ψ, then you can conclude ϕ, and 

you can conclude ψ.” 

Turning to the rules for implication, the elimination rule is easy: 

ϕ → ψ 

ψ 

ϕ →E 

This says, “if you know ϕ → ψ, and you know ϕ, then you can conclude ψ.” 

Once again, all the assumptions you made in the proofs of ϕ → ψ and ϕ 

are in force. The introduction rule for implication is more subtle, because 

in this rule a hypothesis can be cancelled. 

ϕ 

. 

ψ 

ϕ → ψ 

→I

1.1. NATURAL DEDUCTION 3 

This says that in order to prove ϕ → ψ, it suffices to assume ϕ and conclude 

ψ. The three dots suggest a proof of ψ in which the assumption ϕ can be 

used any number of times. In concluding ϕ → ψ, this assumption is made 

explicit. In the resulting proof, then, ϕ is no longer an assumption; it has 

been cancelled. 

Reading a natural deduction proof can be difficult because hypotheses 

are introduced and cancelled at various times. In particular, it is useful to 

know at which points in a proof particular hypotheses have been cancelled. 

This information is conveyed by labelling the hypothesis and the point that 

it is cancelled with a letter x, y, z, . . .. For example, the following is a proof 

of ψ → (ϕ ∧ ψ) from hypothesis ϕ: 

ϕ ψ 

ϕ ∧ ψ 

ψ → ϕ ∧ ψ 

One more instance of →I yields a proof of ϕ → (ψ → ϕ ∧ ψ): 

y 

ϕ ψ 

ϕ ∧ ψ 

ψ → ϕ ∧ ψ 

x 

x 

x 

x 

ϕ → (ψ → ϕ ∧ ψ) 

Returning to the rules, here are the ones for negation: 

ϕ 

. 

⊥ ¬I ¬ϕ 

y 

¬ϕ ϕ ¬E 

⊥ 

To understand this, think of ⊥, or “false,” as being a contradiction. So, if 

you have proved ϕ and ¬ϕ, you have derived a contradiction. On the other 

hand, to prove ¬ϕ, you should assume ϕ and show that a contradiction 

follows. 

It is also the case that anything follows from a contradiction: 

⊥ 

ϕ 

This has the fancy Latin name, “ex falso sequitur quodlibet,” which means 

“anything you want follows from falsity.” Conversely, you can always assert 

⊤ as an axiom. 

Here are the rules for disjunction:


ϕ 

ϕ ∨ ψ 

∨I 1 

ψ 

ϕ ∨ ψ 

∨I 2 

. . 

ϕ ∨ ψ θ 

θ 

θ ∨E 

The introduction rule is straightforward: to prove ϕ ∨ ψ, prove either one. 

The elimination rule is more confusing, but it is supposed to model the 

natural process of proving θ from ϕ ∨ ψ by branching on cases: “Suppose 

ϕ ∨ ψ. Case 1: ϕ holds. . . . and θ follows. Case 2: ψ holds. . . . and θ 

follows. Either way, we have θ.” Notice that in the resulting inference, the 

hypotheses ϕ and ψ are cancelled. 

Finally, these are the rules for ↔: 

ϕ 

ψ 

. . 

ψ ϕ ↔ I 

ϕ ↔ ψ 

ϕ ↔ ψ 

ψ 

ϕ ↔ E1 

ϕ 

ϕ ↔ ψ 

ϕ 

ψ 

ψ ↔ E2 

You should check that if we defined ϕ ↔ ψ to be (ϕ → ψ) ∧ (ψ → ϕ), these 

rules could be justified in terms of the rules for ∧ and →. 

There is one more rule that is needed to ensure that we can derive all 

the valid propositional formulas. It is reductio ad absurdum, or proof by 

contradiction. 

¬ϕ 

. 

⊥ 

ϕ 

Notice that this is different from the negation introduction rule: rather than 

assume ϕ in order to prove ¬ϕ, it works the other way around. 

There is some legalistic fine print associated with the implication introduction 

rule (similar considerations apply to disjunction elimination as 

well). Properly stated, the rule should be read as follows: “Given ψ, you are 

may conclude ϕ → ψ. Furthermore, if ϕ occurs as a hypothesis, you may 

cancel any instances of this hypothesis.” Note that you do not need the 

hypothesis ϕ to conclude ϕ → ψ; if you know ψ outright, you know ϕ → ψ. 

For example, this is a legal proof: 

x 

ψ 

ϕ → ψ 

ψ → (ϕ → ψ) 

x

1.2. SOME PROPOSITIONAL VALIDITIES 5 

1.2 Some propositional validities 

Here are some propositional validities: 

1. Commutativity of ∧: ϕ ∧ ψ ↔ ψ ∧ ϕ 

2. Commutativity of ∨: ϕ ∨ ψ ↔ ψ ∨ ϕ 

3. Associativity of ∧: (ϕ ∧ ψ) ∧ θ ↔ ϕ ∧ (ψ ∧ θ) 

4. Associativity of ∨: (ϕ ∨ ψ) ∨ θ ↔ ϕ ∨ (ψ ∨ θ) 

5. Distributivity of ∧ over ∨: ϕ ∧ (ψ ∨ θ) ↔ (ϕ ∧ ψ) ∨ (ϕ ∧ θ) 

6. Distributivity of ∨ over ∧: ϕ ∨ (ψ ∧ θ) ↔ (ϕ ∨ ψ) ∧ (ϕ ∨ θ) 

7. (ϕ → (ψ → θ)) ↔ (ϕ ∧ ψ → θ). 

8. (ϕ → ψ) → ((ψ → θ) → (ϕ → θ)) 

9. ((ϕ ∨ ψ) → θ) ↔ (ϕ → θ) ∧ (ψ → θ) 

10. ¬(ϕ ∨ ψ) ↔ ¬ϕ ∧ ¬ψ 

11. ¬(ϕ ∧ ψ) ↔ ¬ϕ ∨ ¬ψ 

12. ¬(ϕ ∧ ¬ϕ) 

13. ¬(ϕ → ψ) ↔ ϕ ∧ ¬ψ 

14. ¬ϕ → (ϕ → ψ) 

15. (¬ϕ ∨ ψ) ↔ (ϕ → ψ) 

16. ϕ ∨ ⊥ ↔ ϕ 

17. ϕ ∧ ⊥ ↔ ⊥ 

18. ϕ ∨ ¬ϕ 

19. ¬(ϕ ↔ ¬ϕ) 

20. (ϕ → ψ) ↔ (¬ψ → ¬ϕ) 

21. (ϕ → θ ∨ η) → ((ϕ → θ) ∨ (ϕ → η)) 

22. (((ϕ → ψ) → ϕ) → ϕ)


There is a simple heuristic for searching for proofs: work backwards from 

the goal using introduction rules, and work forwards from the hypothesis 

using elimination rules, until all the pieces come together. For example, 

here is a proof of the forward direction of (5): 

ϕ ∧ (ψ ∨ σ) 

ψ ∨ σ 

y 

y 

ϕ ∧ (ψ ∨ σ) 

x ϕ ∧ (ψ ∨ σ) 

ϕ ψ ϕ σ 

x 

ϕ ∧ ψ 

(ϕ ∧ ψ) ∨ (ϕ ∧ σ) 

(ϕ ∧ ψ) ∨ (ϕ ∧ σ) 

ϕ ∧ σ 

(ϕ ∧ ψ) ∨ (ϕ ∧ σ) 

x 

(ϕ ∧ (ψ ∨ σ)) → ((ϕ ∧ ψ) ∨ (ϕ ∧ σ)) 

y 

y 

Here is a proof of the forward direction of (7): 

ϕ → (ψ → θ) 

ψ → θ 

y 

ϕ ∧ ψ 

ϕ 

x 

θ 

ϕ ∧ ψ → θ 

x 

ϕ ∧ ψ 

ψ 

(ϕ → (ψ → θ)) → (ϕ ∧ ψ → θ) 

x 

y 

Here is a proof of the forward direction of (10): 

z 

¬(ϕ ∨ ψ) 

⊥ 

¬ϕ 

x 

ϕ 

z 

ϕ ∨ ψ 

¬(ϕ ∨ ψ) 

⊥ 

x 

¬ψ 

¬ϕ ∧ ¬ψ 

z 

¬(ϕ ∨ ψ) → ¬ϕ ∧ ¬ψ 

y 

y 

ψ 

ϕ ∨ ψ 

Here is one more example: 

ϕ ¬ϕ 

z 

⊥ 

ϕ ∨ ψ ψ 

ψ 

y 

¬ϕ → ψ 

ϕ ∨ ψ → (¬ϕ → ψ) 

x 

y 

z 

x 

ψ x

1.3. PROOF BY CONTRADICTION 7 

1.3 Proof by contradiction 

Sometimes you follow the heuristic described above, and simply get stuck. 

In that case, there is one more thing to try: proof by contradiction. That 

is, assume the negation of what you are trying to prove, and show that that 

yields a contradiction. 

For example, here is a proof of the law of the excluded middle: 

y 

¬(ϕ ∨ ¬ϕ) 

⊥ 

x 

¬ϕ 

ϕ ∨ ¬ϕ 

x 

ϕ 

ϕ ∨ ¬ϕ 

⊥ 

ϕ ∨ ¬ϕ 

¬(ϕ ∨ ¬ϕ) 

Here is a proof of a principle known as “double-negation elimination”: 

y 

x 

¬¬ϕ 

y 

⊥ x 

¬ϕ 

x 

Here is another example: 

ϕ 

¬¬ϕ → ϕ 

(RAA) 

y 

¬(ϕ ∧ ¬ψ) 

z 

y 

ϕ ¬ψ 

ϕ ∧ ¬ψ 

x 

⊥ x 

(RAA) 

y 

ψ 

ϕ → ψ 

¬(ϕ ∧ ¬ψ) → (ϕ → ψ) 

z 

1.4 Excercises 

To get used to natural deduction, try finding natural deduction proofs of 

any or all of the following. 

1. (ϕ → (ψ → θ)) → (ϕ ∧ ψ → θ). 

2. (ϕ ∨ ψ) ∨ θ → ϕ ∨ (ψ ∨ θ) 

3. ¬(ϕ → ψ) → ¬ψ


4. ¬(ϕ → ψ) → ϕ 

5. (¬ϕ ∨ ψ) ↔ (ϕ → ψ) 

6. (ϕ → ψ) ∨ (ψ → ϕ) 

7. ((ϕ → ψ) → ϕ) → ϕ) 

8. ¬(ϕ ↔ ¬ϕ). 

1.5 Proof short cuts 

The proofs in the last section can be confusing and hard to understand. 

It is also often hard to use negative statements in a hypothesis. In fact, in 

informal mathematical argumentation, one often uses a number of additional 

tricks to make life easier. All of the things I am about to describe can 

be justified on the basis of the rules presented in Section 1.1, but, strictly 

speaking, they are not part of the proof rules. One a homework assignment, 

if I say “give a natural deduction proof of . . . ,” I mean give a proof using the 

rules in Section 1.1. On the other hand, if I say “you may use the additional 

rules and equivalences described in the notes,” you may use the tricks I am 

about to describe. Notice that many of the informal proof strategies in 

Velleman’s book rely on tricks like these. You should try to think about 

Velleman’s strategies in these terms. 

One trick is to use the law of the excluded middle: for any formula, one 

can prove ϕ ∨ ¬ϕ. So, at any point in a proof, you can reason by cases: 

first show that your conclusion follows from ϕ, and then show that it follows 

from ¬ϕ. 

If you have a hypothesis ϕ → ψ, it is sometimes useful to use the following 

equivalence: 

(ϕ → ψ) ≡ (¬ϕ ∨ ψ). 

Once again, this can be proved using the ordinary proof rules, but it isn’t 

easy! If you just assume the equivalence, however, it means that you can use 

the hypothesis ϕ → ψ be reasoning on cases: if you can show you conclusion 

follows from ¬ϕ, and also that it follows from ψ, you are done. 

Similarly, if you know ϕ ↔ ψ, you know that ϕ and ψ are either both 

true of both false. So once again, you can reason by cases, first assuming 

they are both true, then assuming they are both false.

1.6. SEQUENT NOTATION 9 

Finally, the following equivalences involving negation can be used to push 

a negation sign inwards: 

¬¬ϕ ≡ ϕ 

¬(ϕ ∧ ψ) ≡ ¬ϕ ∨ ¬ψ 

¬(ϕ ∨ ψ) ≡ ¬ϕ ∧ ¬ψ 

¬(ϕ → ψ) ≡ ϕ ∧ ¬ψ 

¬(ϕ ↔ ψ) ≡ (ϕ ∧ ¬ψ) ∨ (ψ ∧ ¬ϕ). 

So, for example, if you know ¬(ϕ∧ψ), you can then reason on cases, assuming 

¬ϕ, and then ¬ψ. 

Finally, it is often useful to make use of the fact that an implication is 

equivalent to its contrapositive: 

(ϕ → ψ) ≡ (¬ψ → ¬ϕ). 

So, to prove ϕ → ψ, you can assume ¬ψ and show that ¬ϕ follows. You 

should check that this is as essentially the same as assuming ϕ and ¬ψ and 

deriving a contradiction, which is another common proof strategy. 

The canonical way of proving ϕ ↔ ψ is to show that each proves the 

other. But it is often quicker to prove a chain of equivalences, say ϕ ↔ θ ↔ 

η ↔ π ↔ ψ. In other words, one proves, in turn, that each statement is 

equivalent to the next, relying implicitly on the transitivity of ↔. 

1.6 Sequent notation 

It will be helpful to have a description of natural deduction that keeps 

track of the open hypotheses at each stage of the proof. To do so, let us 

express that ϕ follows from the hypotheses in Γ by writing Γ ⇒ ϕ. Such an 

expression is sometimes called a sequent. 

If Γ is a set of formulas and ψ is a formula, it is convenient to write Γ, ψ 

for Γ ∪ {ψ}; and, more generally, it is convenient to leave off curly braces 

when listing the elements of a finite set. With this new mode of presentation, 

the natural deduction rules are expressed as follows:


Γ, ϕ ⇒ ϕ 

Assumption 

Γ ⇒ ϕ Γ ⇒ ψ ∧I 

Γ ⇒ ϕ ∧ ψ 

Γ ⇒ ϕ 0 ∧ ϕ 1 

Γ ⇒ ϕ i 

∧E i 

Γ ⇒ ϕ i 

Γ ⇒ ϕ ∨ ψ Γ, ϕ ⇒ θ Γ, ψ ⇒ θ 

∨I i 

∨E 

Γ ⇒ ϕ 0 ∨ ϕ 1 Γ ⇒ θ 

Γ, ϕ ⇒ ψ 

Γ ⇒ ϕ → ψ 

→I 

Γ ⇒ ϕ → ψ 

Γ ⇒ ψ 

Γ ⇒ ϕ →E 

Γ, ¬ϕ ⇒ ⊥ RAA 

Γ ⇒ ϕ 

One can show that if it is possible to prove Γ ⇒ ϕ then it is possible 

to prove Γ ∪ ∆ ⇒ ϕ for any set ∆. This is known as “weakening” the 

set of hypotheses. In practice, it is more convenient to fold weakening into 

the rules by allowing any subset of Γ in the hypotheses. For example, the 

following proof tree shows that ϕ → (ψ → ϕ ∧ ψ) is provable: 

ϕ ⇒ ϕ ψ ⇒ ψ ∧I 

ϕ, ψ ⇒ ϕ ∧ ψ 

→I 

ϕ ⇒ ψ → ϕ ∧ ψ 

⇒ ϕ → (ψ → ϕ ∧ ψ) 

→I

Chapter 2 

Propositional logic in Isabelle 

2.1 Using Isabelle 

Now let’s start experimenting with Isabelle. If you are sitting at one of 

the machines in the clusters, you should log on to your Andrew account, 

and start a terminal console within the Xwindows environment. Then type 

isabelle emacs to start the system. 

First, some generalities. Isabelle is a research-grade proof system, used 

by experts to verify computer hardware and software design as well as to 

check complex mathematical proofs. Fortunately, there are a lot of places 

you can turn to for more information. For example, Isabelle’s “documentation” 

web page includes a book-long tutorial introduction. See “course 

information” under Blackboard for links and references. 

Expressions need to be typed into Isabelle following a very precise syntax. 

Pay close attention to the format of your input, including quotation marks, 

parentheses, and so on. Use the examples in the example files for guidance. 

Notice that conjunction, disjunction, implication, and negation are indicates 

with the symbols 

&, |, ->, ~ 

respectively. To indicate provability from hypotheses, one uses the sequent 

arrow ==>, as in 

P & Q ==> Q 

For multiple hypotheses, you would write something like 

[| P & Q; Q --> R; S |] ==> P & S 

11

12 CHAPTER 2. PROPOSITIONAL LOGIC IN ISABELLE 

Text between “(*” and “*)” are comments, as in: 

(* This is a comment.*) 

The following sets up a theory in Isabelle: 

theory Examples1 

imports Main 

begin 

(* your work goes here *) 

end 

The first line gives your theory a name (you can pick any name you want, as 

long as it does not conflict with a theory name in the library that you use. 

The second line imports the main library, meaning that you can use any of 

the facts or concepts defined there. (This is a very large library – see the 

Isabelle documentation pages.) Isabelle “theories” are saved in files with 

the extension “.thy” It is a good idea to use the same name as the theory. 

So, for example, you could save the theory above as “Examples1.thy” Use 

the Proof General arrows (below the editor’s menu bar) to process the first 

three lines. Once a line has been processed, the editor shades it blue, and 

“freezes” it so that you cannot modify it. Pressing the backwards arrow 

“undoes” the commands, so you can go back to editing them. 

Let us work through an intial proof. Start by typing 

lemma "P & Q --> Q & P" 

and use the arrow to process it. You thereby state your intent to prove that 

statement. Isabelle responds: 

proof (prove): step 0 

goal (1 subgoal): 

1. P & Q --> Q & P 

This tells you that you have one goal to fill. Type 

apply (rule impI) 

to apply the “implication introduction” rule, and the goal becomes:

2.1. USING ISABELLE 13 


1. P & Q ==> Q & P 

If you look carefully, you will notice that the implication arrow became a 

sequent arrow. In other words, now you need to prove Q & P from the 

hypothesis P & Q. Type 

apply (erule conjE) 

to use the conjunction elimination rule, and the goal becomes 


1. [| P; Q |] ==> Q & P 

indicating that you have to prove Q&P using the two hypotheses P and Q. 

Type 

apply (rule conjI) 

to use the conjunction introduction rule 

goal (2 subgoals): 

1. [| P; Q |] ==> Q 

2. [| P; Q |] ==> P 

and now you have two subgoals, namely, proving P and Q, each from hypotheses 

P and Q. But this is easy; just type 

apply assumption 

twice, and Isabelle declares 

goal: 

No subgoals! 

Type the word 

done 

to finish the proof. Thus your proof should look like this: 

lemma "P & Q --> Q & P" 






done


Isabelle will let you use the symbol + to repeat a command. For example, the 

last two lines could be abbreviated apply assumption+, which tells Isabelle 

to apply the assumption command until it no longer succeeds. 

You may notice that Isabelle has funny conventions for dropping parentheses. 

For example, in the expression P & Q & R the parentheses associate 

to the right, so the expression is parsed as (P & (Q & R)). If you are ever 

in doubt, you can always select the option “show brackets” from the Isabelle/Settings 

menu, which displays all the parentheses. 

Incidentally, the proof command sorry is a way of cheating: you tell 

the system to accept the lemma or theorem without proof. On homework 

assignments, we will enter some theorems “sorried out” for you to fill in. 

2.2 The propositional rules 

We will start using Isabelle with five basic methods, or “tactics,” for building 

proofs. 

• apply assumption 

• apply (rule ...) 

• apply (erule ...) 

• apply (frule ...) 

• apply (drule ...) 

Roughly, use the “rule” tactic to apply an introduction rule to the conclusion 

of a sequent. For example, suppose your goal is a conjunction: 

1. [| R; S; T |] ==> P & Q 

Typing the command apply (rule conjI) reduces that to two subgoals, 

1. [| R; S; T |] ==> P 

2. [| R; S; T |] ==> Q 

Try typing the command 

thm conjI 

to ask Isabelle to show you the contents of the “theorem” conjI. Generally 

speaking, the “rule” tactic matches the conclusion of the theorem to the 

conclusion of your goal, and asks you to prove the antecedents.

2.2. THE PROPOSITIONAL RULES 15 

In the other direction, the “frule” tactic allows you to work forwards 

from hypotheses. For example, if you type apply (frule conjunct1) with 

the goal 

1. [| P & Q; R; S |] ==> T 

you are left with the goal 

1. [| P & Q; R; S; P |] ==> T 

In other words, the tactic uses P & Q to add P to the list of hypotheses. The 

command apply (drule conjunct1) does almost the same thing, except 

that it throws away the hypothesis after using it, leaving you with 

1. [| R; S; P |] ==> T 

The “erule” tactic is more confusing, because it matches patterns on 

both sides of the conditional. Rather than explain how it works, let me 

just point out the general heuristic that logical rules that end with an “E” 

are intended to be used with this tactic (whereas rules that end with “I” 

are intended to be used with the rule tactic (in both cases, the “e” stands 

for “elimination”. For example, if you type apply (erule conjE) with the 

goal 

1. [| P & Q; R; S |] ==> T 

you are left with the goal 

1. [| R; S; P; Q |] ==> T 

Here is a list of basic commands you can use to build propositional proofs: 




apply (frule conjunct1) 



apply (erule impE) 

apply (rule disjI1) 


apply (erule disjE) 

apply (rule notI) 

apply (erule notE)


apply (rule iffI) 

apply (erule iffE) 

apply (rule classical) 

apply (rule ccontr) 

In class, I will go over this list, and explain what each one does. I will also 

make sure that the file “Examples1.thy” on Blackboard uses all of these, so 

you can see them in action: just use the arrow keys in Proof General to step 

through the proofs and see how the commands change the current goal. 

Here are a few more Isabelle commands you can try. First, typing 

thm conjI 

displays the “theorem” conjI as it appears in Isabelle’s library. Isabelle has 

a number of built in automated reasoners; in particular 

apply auto 

is strong enough to prove any propositional tautology. This is useful for 

debugging a proof; if you have applied some rules and think you have arrived 

at an unprovable goal, calling auto will determine whether or not the goal 

is valid. 

Finally, every once in a while issuing a command may not have the 

desired effect. For example, if you type apply (frule conjunct1) and 

there are two conjunctions on the left side of the sequent arrow, Isabelle 

may expand the wrong one. Typing 

back 

tells Isabelle to try again. 

2.3 Additional proof methods 

You will quickly come to learn that doing proofs by contradiction, or using 

negative hypotheses, is difficult when you are restricted to low-level proof 

rules. Fortunately, Isabelle knows most common equivalences. For example, 

if you type thm de_Morgan_conj, Isabelle will show you one of the de 

Morgan laws: 

(~ (?P & ?Q)) = (~ ?P | ~ ?Q) 

Now you can type:

2.4. REASONING WITH SETS 17 

• subst de_Morgan_conj to replace the left-hand side by the right-hand 

side in the conclusion of a goal 

• subst de_Morgan_conj [symmetric] to replace the right-hand side 

by the left-hand side in the conclusion of a goal 

• subst (asm) de_Morgan_conj to replace the left-hand side by the 

right-hand side in one of the hypotheses in a goal 

• subst (asm) de_Morgan_conj [symmetric] to replace the right-hand 

side by the left-hand side in one of the in a goal 

The command subst is short for “substitute.” We will come back to this 

rule when we talk about equality in Isabelle. In the meanwhile, you can use 

the variants above with any of the following identities: 

de_Morgan_conj 

de_Morgan_disj 

not_not 

not_imp 

imp_conv_disj 

Use the thm command to see what they are. 

2.4 Reasoning with sets 

Isabelle also knows about sets. For example: 

lemma "A - (B Un C) = (A - B) Int (A - C)" 

asserts the identify “A \ (B ∪ C) = (A \ B) ∩ (A \ C).” Notice the symbolic 

notations for set union, intersection, and set difference. 

The command 

apply (rule set_ext) 

yields the goal: 


1. !!x. (x : A - (B Un C)) = (x : (A - B) Int (A - C)) 

Here, the notation x : A, for example, means x ∈ A, and the equality 

symbol is an “iff.” The symbols !!x mean that x is supposed to be arbitrary. 

In other words, the command allows you to prove two sets are identical by


picking an arbitrary x, and showing that x is an element of one side iff it is 

an element of the other. (In the latest release of Isabelle, set_ext has been 

renamed set_eqI.) 

Use the commands 

apply (subst Diff_iff) 

apply (subst Int_iff) 

apply (subst Un_iff) 

to unfold what it means to be an element of a difference, intersection, or 

union. For example, if your goal contains x : A Un B, applying the third 

command rewrites the expression to x : A | x : B. 

2.5 Completeness 

Experimentation may serve to convince you that Isabelle’s rules and commands 

are sufficient to prove any tautology. But how can we be sure that 

this is the case? That is exactly what a completeness proof is supposed to 

establish. 

Here I will briefly sketch a proof that any valid sequent is provable, 

or, equivalently, that if a sequent is not valid, there is a truth assignment 

that makes the hypotheses true but the conclusion false. First, verify that 

Isabelle’s rules are enough to show that any sequent Γ ⇒ ϕ is equivalent 

to Γ, ¬ϕ ⇒ ⊥, and Γ ⇒ ¬ϕ is equivalent to Γ, ϕ ⇒ ⊥. In other words, we 

can use Isabelle’s rules to go back and forth between the sequents in each 

pair. Since Isabelle can also show that ¬¬ϕ is equivalent to ϕ, we never 

have to deal with more than one negation at the top level. And the previous 

observation means that we can always remove a negation by moving it to 

the other side of the sequent. 

The strategy behind the proof of completeness is to show that we can 

unwrap all the other connectives until we are reduced to sequents that have 

only propositional variables, negations of propositional variables, ⊥, and 

⊤. But then it is easy to see that if such a sequent is not provable by the 

“assumption” rule, it is not valid. 

The following rules let us “unwrap” a connective on the right side of a 

sequent: 

Γ ⇒ ϕ Γ ⇒ ψ 

Γ ⇒ ϕ ∧ ψ 

Γ¬ϕ, ¬ψ ⇒ ⊥ 

Γ ⇒ ϕ ∨ ψ

2.5. COMPLETENESS 19 

Γ, ϕ ⇒ ψ 

Γ ⇒ ϕ → ψ 

In other words, in each case Isabelle’s rules allow us to derive the conclusion 

from the hypotheses, and if the conclusion is not valid, then one of the 

hypothesis is necessary invalid as well. The following rules to the same for 

connectives on the left: 

Γ, ϕ, ψ ⇒ θ 

Γ, ϕ ∧ ψ ⇒ θ 

Γ, ϕ ⇒ θ Γ, ψ ⇒ θ 

Γ, ϕ ∨ ψ ⇒ θ 

Γ, ¬ϕ ⇒ θ Γ, ψ ⇒ θ 

Γ, ϕ → ψ ⇒ θ 

We need only iterate this unwrapping, moving formulas from side to side 

of the sequent as necessary, until all the connectives other than negation 

have been eliminated. Some of Isabelle’s automated reasoners follow such a 

strategy.

20 CHAPTER 2. PROPOSITIONAL LOGIC IN ISABELLE

Chapter 3 

Natural deduction for 

first-order logic 

3.1 Quantifiers in natural deduction 

As a model for mathematical reasoning, propositional logic is too limited. 

First-order logic does much better in that respect. Remember that one 

specifies a first-order language by giving a list of function and relation symbols 

of various arities. These determine a set of terms, that is, syntactic 

expressions that name elements in an intended domain interpretation, and 

formulas, that is, expressions that make assertions about that domain. Also, 

keep in mind the distinction between free and bound variables. For example, 

in the formula ∃y (x = 2 ∗ y), y is a bound variable, but x is free. This is 

evidenced that natural-language expressions make it clear that the formula 

is about x, but not y, as in “x is twice some number.” You can always 

rename a bound variable without changing the meaning of a formula, but 

never a free one. 

I will use notation ϕ(x) to indicate that ϕ is a formula in which x is free 

(or, at least, might be free). Then, if t is any term, ϕ(t) denotes the result of 

replacing x by t. For exmaple, if ϕ(x) is the formula in the last paragraph, 

then ϕ(z + 1) is ∃y (z + 1 = 2 ∗ y), and ϕ(17) is ∃y (17 = 2 ∗ y). 

To extend our systems of natural deduction to first-order logic, add the 

following rules: 

ϕ(y) 

∀x ϕ(x) 

∀I 

∀x ϕ(x) ∀E 

ϕ(t) 

where in the introduction rule, we require that y is not free in any open 

hypothesis. Similarly, we have the rules for the existential quantifier: 

21

22 CHAPTER 3. FIRST-ORDER LOGIC 

ϕ(t) 

∃x ϕ(x) 

∃I 

∃x ϕ(x) 

ψ 

ϕ(y) 

. 

ψ ∃E 

where again, in the elimination rule, we assume that y is not free in ψ or 

any hypothesis other than ϕ(y). The elimination rule exhibits a pattern of 

reasoning that is similar to that of disjunction elimination: to show that 

ψ holds on assumption ∃x ϕ(x), let y be an “arbitrary” object satisfying 

ϕ(y), and show that ψ follows. Note that the universal introduction and 

existential elimination rules allow you to rename the quantified variable. 

In sequent form, the natural deduction rules are expressed as follows: 

Γ ⇒ ϕ(y) 

Γ ⇒ ∀x ϕ(x) 

∀I 

Γ ⇒ ∀x ϕ(x) ∀E 

Γ ⇒ ϕ(t) 

Γ ⇒ ϕ(t) 

Γ ⇒ ∃x ϕ(x) Γ, ϕ(y) ⇒ ψ 

∃I 

∃E 

Γ ⇒ ∃x ϕ(x) 

Γ ⇒ ψ 

with the same restrictions above. 

3.2 Some first-order validities 

Once again, let’s consider some valid formulas, and examples of proofs. 

1. ∀x ϕ ↔ ϕ if x is not free in ϕ 

2. ∃x ϕ ↔ ϕ if x is not free in ϕ 

3. ∀x (ϕ ∧ ψ) ↔ ∀x ϕ ∧ ∀x ψ 

4. ∃x (ϕ ∧ ψ) ↔ ∃x ϕ ∧ ψ if x is not free in ψ 

5. ∃x (ϕ ∨ ψ) ↔ ∃x ϕ ∨ ∃x ψ 

6. ∀x (ϕ ∨ ψ) ↔ ∀x ϕ ∨ ψ if x is not free in ψ 

7. ∀x (ϕ → ψ) ↔ (∃x ϕ → ψ) if x is not free in ψ 

8. ∃x (ϕ → ψ) ↔ (∀x ϕ → ψ) if x is not free in ψ 

9. ∀x (ϕ → ψ) ↔ (ϕ → ∀x ψ) if x is not free in ϕ

3.3. EQUALITY 23 

10. ∃x (ϕ → ψ) ↔ (ϕ → ∃x ψ) if x is not free in ψ 

11. ∃x ϕ ↔ ¬∀x ¬ϕ 

12. ∀x ϕ ↔ ¬∃x ¬ϕ 

13. ¬∃x ϕ ↔ ∀x ¬ϕ 

14. ¬∀x ϕ ↔ ∃x ¬ϕ 

For example, assuming x is not free in ψ, here is a proof of the forward 

direction of (4): 

ϕ ∧ ψ 

ϕ ϕ ∧ ψ 

y ∃x ϕ ψ 

∃x (ϕ ∧ ψ) 

∃x ϕ ∧ ψ 

∃x ϕ ∧ ψ 

x 

∃x (ϕ ∧ ψ) → ∃x ϕ ∧ ψ 

Here is proof of the converse direction: 

3.3 Equality 

∃x ϕ ∧ ψ 

∃x ϕ 

y 

ϕ 

x 

y 

∃x ϕ ∧ ψ 

x 

ψ 

ϕ ∧ ψ 

∃x (ϕ ∧ ψ) 

x 

∃x (ϕ ∧ ψ) 

y 

∃x ϕ ∧ ψ → ∃x (ϕ ∧ ψ) 

The nature of the equality relation has traditionally posed a host of philosophical 

and logical puzzles, but at least in the context of first-order logic, 

the appropriate treatment is straightforward. First, we need to express that 

equality is an equivalence relation, namely, it is reflexive, symmetric, and 

transitive; and, second, we need to express the fact that one can substitute 

equal terms in any term or expression. 

t = t 

s = t 

t = s 

¯s = ¯t 

r(¯s) = r(¯t) 

y 

r = s s = t 

r = t 

¯s = ¯t ϕ(¯s) 

ϕ(¯t) 

x


3.4 First-order theories 

There are two ways first-order logic can be used: 

• To reason about a particular structure, like the natural numbers, the 

real numbers, the universe of sets, etc. 

• To reason about a class of structures, like groups, rings, linear orders, 

and so on. 

Note that there is no theoretical difference between the two: in either case, 

one writes down some axioms and reasons about their consequences. Eventually, 

in class, we will discuss first-order axioms for the following: 

• Orderings (partial orders, linear orders, and so on). 

• Algebraic structures, like groups, rings, and fields. 

• The natural numbers. 

• The real numbers. 

3.5 Completeness for first-order logic 

Recall that when it came to propositional logic, we had a notion of what 

it means for a formula to be true under a particular truth assignment to 

its variables; we were then able to say that a formula is valid if and only if 

it is true under all truth assignments. When it comes to first-order logic, 

instead of truth assignments, we speak of models. A first-order sentence is 

then said to be valid if it is true in all models. The notion of entailment 

lifts to first-order logic in a similar way. Just as for propositional logic, one 

can show that Isabelle’s first-order rules are complete. 

In contrast to first-order logic, however, there is no algorithm that will 

decide whether or not a given sentence is valid. There is a “semi-decision 

procedure”: given a sentence, one can search systematically for a proof 

in a first-order deductive calculus. If the sentence is valid, the search will 

terminate; but there is no general method for detecting when one should give 

up, in situations when the sentence turns out to be invalid. This means, in 

particular, that Isabelle’s automated tools can sometimes fall into infinite 

searches, in which case, you need to terminate them by hand.

Chapter 4 

First-order logic in Isabelle 

4.1 Quantifiers in Isabelle 

In addition to propositional logic, Isabelle can handle first-order logic (and 

much, much more — but more on that later). But Isabelle has a very precise 

syntax that may take getting used to. To say that “property P holds of x,” 

you write P x, and do say “relation R holds of x and y,” you write R x y 

without parentheses, both without parentheses. So where, in class, we wrote 

in Isabelle you would write 

∀x (ϕ(x) ∧ ψ(x)) → ∀x ϕ(x) ∧ ∀x ψ(x), 

(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x) 

and where we wrote 

in Isabelle you would write 

∀x ∃y R(x, y) 

ALL x. EX y. R x y 

Isabelle is smart enough to figure out that P and Q are predicates, R is a 

binary relation, and x and y range over some (unspecified) domains. Note 

the following differences, though: 

• In Isabelle, if an expression depends on a variable, you have to make 

it explicit. For example, in class we often wrote ∀x ϕ where ϕ is a 

formula that might have variables other than x free. In the expressions 

above, however, the only variable free in P x is x (and P, but that’s 

another story). 

25


• Isabelle uses a period to separate the quantifier from the expression. 

• In Isabelle, quantifiers are given the widest scope possible, that is, 

they are assumed to extend to the end of the formula, unless they 

are blocked by a parenthesis. In our informal notation, we assumed 

just the opposite. So pay close attention to the placement of the 

parentheses in the example above. 

• Isabelle uses the same parentheses-free notation for function application; 

for example, you would write f x in Isabelle, where we would 

write f(x). 

• You can combine quantifiers and write, for example, ALL x y z. 

x y z instead of ALL x. ALL y. ALL z. R x y z. 

R 

There are four rules you should know regarding the quantifiers: 

apply (rule allI) 

apply (frule spec) (* or drule *) 

apply (rule exI) 

apply (erule exE) 

For the most part, these do what you would expect, but some comments 

are in order. Use rule allI when you are trying to prove something of the 

form ∀xϕ(x). Isabelle picks a variable, typically x in this example, and asks 

you to prove ϕ(x). 

Use frule spec when you have a hypothesis of the form ∀x ϕ(x), and 

you want to use it. In that case, you are allowed to plug in any term you 

want. In that case, Isabelle plugs in a placeholder (which can appear as 

something cryptic, like ?x7), and then will try to figure out the right term 

later. If you want to tell Isabelle explicitly what term you want, type, instead 

apply (frule_tac x = "t" in spec) 

where t is the term you want. Notice that the term appears in quotation 

marks (but if it is a variable, let x or y, you can leave them off), frule 

has become frule_tac, and it is always x on the left side of the equality 

sign (which refers to the variable in the rule spec). (You can also use the 

command apply (erule allE), which has the same effect as drule spec.) 

Similarly, use rule exI to prove something of the form ∃x ϕ(x). If you 

want to specify the particular term, use 

apply (rule_tac x = "t" in exI)

4.2. EQUALITY IN ISABELLE 27 

instead. The command erule exE executes the elimination rule for the 

existential quantifier. 

Remember that sometimes Isabelle will do the wrong thing where there 

is an ambiguity; for example, frule spec might apply to the wrong formula 

if there are two universally quantified formulas in the hypotheses. In that 

case, you can repeatedly write back to make Isabelle consider the other 

possibilities. 

In Isabelle, actually, variables can range over different domains, or “types.” 

If you do not specify types, Isabelle implicitly leaves them generic. But sometimes 

you want to specify that a variable ranges over the natural numbers, 

say. You can do that by writing, for example, 

ALL (x::nat) y. x + y = y + x 

In this case, Isabelle infers that y is supposed to be a natural number, too. 

4.2 Equality in Isabelle 

Suppose you have an equation s = t as a hypothesis, and t occurs in the 

conclusion. Typing 

apply (erule subst) 

replaces t by s. If, instead, you have s in the conclusion, and want to replace 

it by t, type 

apply (erule ssubst) 

But Isabelle has a much more versatile equality “rewriting” command, 

subst. The example, the theorem add_commute says x + y = y + x, and 

holds for many important classes of types, including the natural numbers. 

If you have the expression x + 5 in the conclusion of a sequent, typing 

apply (subst add_commute) 

changes it to 5 + x. Typing 

apply (subst add_commute [symmetric]) 

orients the equation in the other direction, though for add_commute this 

doesn’t change it. Typing 

apply (subst (asm) add_commute)


applies the equation in a hypothesis. You can even specify which instances 

to apply the substitution to. For example, if there are three plusses in the 

goal, typing 

apply (subst (1 3) add_commute) 

applies substitution to the first and the third. (Sometimes you have to 

experiment to figure out what order Isabelle uses for its counting.) 

4.3 Using lemmas and the library 

At this stage, you know enough about Isabelle that you can benefit from 

looking at the documentation 

http://www.cl.cam.ac.uk/research/hvg/isabelle/documentation.html 

on the Isabelle web pages. In particular, the tutorial is very helpful. 

One reason the system is so powerful is that any theorem you prove can 

become part of your own personal “library” that can be used to prove other 

theorems. For example, suppose you prove a theorem such as 

lemma my_theorem: "P --> P & P" 

If you add the phrase [rule_format], as in 

lemma my_theorem [rule_format]: "P --> P & P" 

the system records it as a sequent implication, P ==> P & P. Henceforth it 

becomes a rule you can use: for example, typing 

apply (rule my_theorem) 

at a goal of the form Q & Q reduces the goal to Q. Similarly for identities: 

any equation you prove can be used with subst, to your heart’s desire. 

The question then becomes this: how do you find useful theorems and 

identities? One answer is to browse the documenation on the web. You can 

find the libraries here: 

http://www.cl.cam.ac.uk/research/hvg/isabelle/dist/library/HOL/index.html 

You can also get to this page from the Isabelle documentation page, by 

choosing “Higher-order logic” under “Theory libraries.” Also, Isabelle has 

a flexible “find theorems” command, discussed on page 34 of the tutorial. 

You call it by choosing “Find theorems” under the “Proof general” menu.

4.4. USING ISABELLE’S AUTOMATED TOOLS 29 

4.4 Using Isabelle’s automated tools 

After a while, it becomes tedious to fill in every little step of a proof in 

Isabelle. One thing that makes Isabelle especially powerful is that there are 

a number of automated reasoning methods that are built in to the system. 

For example, a method called auto is a workhorse. You can check that the 

command 

apply auto 

solves all of the homework problems and examples you have seen so far! 

There are other algorithms that work better in different situations. For 

example, apply blast sometimes work where apply auto fails. 

Isabelle also have a very good “simplifier” which uses identities to try 

to rewrite terms and expressions into a simpler form. You an invoke it by 

typing 

apply simp 

You can also give the simplifier extra lists of rules to use when simplifying 

expressions. For example, typing 

apply (simp add: algebra_simps) 

adds some standard algebraic simplifications that are often useful. Typing 

apply (simp only: algebra_simps) 

tells the simplifier to use only these rules. You can also tell auto to use 

additional simplification rules by typing 

apply (auto simp add: algebra_simps) 

and so on. 

There is also a built in arithmetic reasoner, 

apply arith 

that does well on problems involving equalities and inequalities on natural 

numbers, integers, and real numbers. 

All of these are tools discussed at length in the Isabelle tutorial, at the 

end of Chapter 5, and also at the beginning of Chapter 3. In addition, there 

are various other tricks that are often helpful. For example, sometimes you 

find yourself in a situtation where you want to break up a proof into two 

steps. Typing


apply (subgoal_tac "...") 

amounts to temporary asserting the formula “. . . .” You are left with two 

subgoals: first, you are asked to prove your original goal, using the formula 

you have added; then you are asked to prove the formula you have added.

Chapter 5 

The natural numbers 

5.1 Induction and recursion on the natural numbers 

Let N be the set of natural numbers, with least element 0, and let succ(x) = 

x + 1 be the successor function. The structure, (N, 0, succ) is characterized 

uniquely, up to isomorphism, by the following clauses: 

• 0 ≠ succ(x) for any x in N. 

• For every x and y in N, if x ≠ y, then succ(x) ≠ succ(y). In other 

words, s is injective. 

• If A is any subset of N with the property that 0 is in A and whenever 

x is in A then succ(x) is in A, then A = N. 

The last clause can be reformulated as the principle of induction: 

Suppose P (x) is any property of natural numbers, such that P 

holds of 0, and for every x, P (x) implies P (s(x)). Then every P 

holds of every natural number. 

This principle can be used to justify definitions by primitive recursion: 

Let X be any set, a be any element of X, and let g(n, x) be 

any function from N × X to X. Then there is a unique function 

f : N → X satisfying the following two clauses: 

• f(0) = a 

• f(succ(n)) = g(n, f(n)) for every n in N. 

31

32 CHAPTER 5. THE NATURAL NUMBERS 

For example, one can define addition with the following two clauses: 

x + 0 = x 

x + succ(y) = succ(x + y) 

Having done so, one can define multiplication using the following two clauses: 

x · 0 = 0 

x · succ(y) = x · y + x 

If we write 1 = succ(0), 2 = succ(1), and so on, it is easy to prove x + 1 = 

succ(x) from the definition of addition. One can also define a predecessor 

function by 

and “truncated subtraction” by 

p(0) = 0 

p(succ(x)) = x, 

x . − 0 = 0 

x . − (succ(y)) = p(x . − y). 

With these definitions and the induction principle, and can prove all the 

following identities: 

1. x ≠ 0 → succ(p(x)) = x 

2. 0 + x = x 

3. succ(x) + y = succ(x + y), where 1 is defined to be succ(0) 

4. (x + y) + z = x + (y + z) 

5. x + y = y + x 

6. x(y + z) = xy + xz 

7. 0 · x = 0 

8. 1 · x = x 

9. (xy)z = x(yz) 

10. xy = yx

5.2. THE NATURAL NUMBERS IN ISABELLE 33 

I did the first five of these in class; you will be asked to do some of the others 

for homework. 

One can proceed to define

80-211 Logic and Mathematical Inquiry Spring 2011 

Homework #1 

Due Thursday, January 13 

1. Get the books and software required for this course, and log on to the 

course site on Blackboard. 

2. Read the preface and introduction to Velleman. 

3. Get Tarski’s World running and start playing with it. Do exercise 1.1, 

which has you submit a test file. Enter “Dan Auerbach” for the instructor, 

and “dauerbac@andrew.cmu.edu” as the e-mail address. 

Notice that you do not need to turn anything in this week, other than the 

online test.


Homework #2 


Note: you only need to turn in solutions to problems that are starred. The 

other problems are good practice (and fair game) for exams. 

1. Read Chapter 1 of Velleman. 

⋆ 2. 

⋆ 3. 

Do exercise 2.5 on page 12 of Tarski’s World, and submit it to the Grade 

Grinder. 


Grinder. 

4. Do as much of exercises 2.7 and 2.8 of Tarki’s World as you can. 

5. Do as many of the exercises to Section 1.1 of Velleman as you can. 

⋆ 6. 

Do exercises 7 (a) and (b) on page 14 of Velleman, by writing out a 

truth table and determining whether the conclusion of the argument is 

true whenever the premises are true (as in example 1.2.3 in the text). 

Indicate clearly what propositional variables you are using and what 

they represent. For part (a), since one of the premises is that Jane will 

win the math prize, you can leave out all the lines of the truth table 

where that premise is false. For part (b), notice that you only need to 

use one propositional variable to determine whether the main course is 

fish or beef; and similarly for the vegetable. 

7. Do as many of the exercises to Section 1.2 of Velleman as you can. 

⋆ 8. Do exercise 6 on page 24. 


⋆ 10. Do exercise 13 on page 25.


Solutions to Homework #2 

6. For 7(a), let JM stand for “Jane will win the math prize,” P M mean 

“Pete will win the math prize,” and let JC and P C be the corresponding 

statements for the chemistry prize. The premises are ¬(JM ∧ P M), 

P M ∨ P C, and JM, and the conclusion is P C. The truth table, leaving 

out the lines where JM is false, is as follows: 

JM P M JC P C JM ∧ P M ¬(JM ∧ P M) P M ∨ P C 

T T T T T F T 

T T T F T F T 

T T F T T F T 

T T F F T F T 

T F T T F T T 

T F T F F T F 

T F F T F T T 

T F F F F T F 

All three premises are true on the fifth and seventh line, and on those 

lines the conclusion is true as well. So, the inference is valid. 

For 7(b), let MB say that the main course will be beef (so ¬MB says 

that the main course will be fish), and let V P say that the vegetable 

will be peas. The first premise is MB ∨ ¬MB, which is always true, so 

I will leave it out. Similarly for the second premise. The third premise 

is ¬(¬MB ∧ ¬V P ). The conclusion is ¬(MB ∧ V P ). Here is the truth 

table: 

MB V P ¬MB ¬V P ¬MP ∧ ¬V P ¬(¬MB ∧ ¬V P ) MB ∧ V P ¬(MB ∧ V P ) 

T T F F F T T F 

T F F T F T F T 

F T T F F T F T 

F F T T T F F T 

The third premise is true on the first three lines, but on the first line the 

conclusion is false. So the argument is not valid. 

8. a. Here is a truth table for nand: 

P Q P |Q 

T T F 

T F T 

F T T 

F F T

. P |Q ≡ ¬(P ∧ Q) 

c. ¬P ≡ P |P , P ∧Q ≡ ¬(P |Q) ≡ (P |Q)|(P |Q), and P ∨Q ≡ (P |P )|(Q|Q). 

9. a. 

¬(¬P ∨ Q) ∨ (P ∧ ¬R) ≡ (¬¬P ∧ ¬Q) ∨ (P ∧ ¬R) 

≡ (P ∧ ¬Q) ∨ (P ∧ ¬R) 

≡ P ∧ (¬Q ∨ ¬R) 

≡ P ∧ ¬(Q ∧ R) 

b. 

(Either of the last two lines is fine.) 

¬(¬P ∧ Q) ∨ (P ∧ ¬R) ≡ (¬¬P ∨ ¬Q) ∨ (P ∧ ¬R) 

≡ P ∨ ¬Q ∨ (P ∧ ¬R) 

≡ ¬Q ∨ (P ∨ (P ∧ ¬R)) 

≡ ¬Q ∨ P 

c. 

The last step uses the absorption law on page 21. 

(P ∧ R) ∨ (¬R ∧ (P ∨ Q)) ≡ (P ∧ R) ∨ (¬R ∧ P ) ∨ (¬R ∧ Q) 

≡ ((P ∧ R) ∨ (P ∧ ¬R)) ∨ (¬R ∧ Q) 

≡ (P ∧ (R ∨ ¬R)) ∨ (¬R ∧ Q) 

≡ (P ∧ T ) ∨ (¬R ∧ Q) 

≡ P ∨ (¬R ∧ Q) 

10. Assume you know the first DeMorgan law, ¬(P ∧ Q) ≡ ¬P ∨ ¬Q. Then 

¬P ∧ ¬Q ≡ ¬¬(¬P ∧ ¬Q) ≡ ¬(¬¬P ∨ ¬¬Q) ≡ ¬(P ∨ Q), 

which is just the other DeMorgan law turned around.


Homework #3 


1. Read Chapter 2 of Velleman, and start reading Chapter 3. 

⋆ 2. 

⋆ 3. 

Do exercise 2.10 on page 14 of Tarski’s World, and submit it to the 

Grade Grinder. 

Do exercise 2.15 on pages 17–18 of Tarski’s World, and submit it to the 


4. Do as much of exercises 2.11–2.14 and 2.16–2.17 of Tarki’s World as you 

can. 

5. Do as many of the exercises to Section 1.3, 1.4, and 1.5 of Velleman as 

you can. 

⋆ 6. 

Do exercise 4 on page 33. In other words, describe the sets using the 

“set-builder” notation we discussed in class. 



⋆ 9. 

Write ordinary mathematical proofs of the identities in the previous two 

exercises, as best you can. 


⋆ 11. Make sure you are able to run Isabelle, for example, by following the 

instructions on the course information sheet and handout, “Running 

Isabelle in the clusters,” that appear under “Course information” on 

Blackboard. If you are successful at typing and checking the example 

there, simply write “Ran Isabelle” on your homework assignment. If you 

have any problems, please let me and Dan know, either after class, in 

office hours, or by e-mail.



6. Velleman, exercise 4 on page 33. 

a. {x ∈ N | x > 0 and x is a perfect square}, or {x ∈ N | x = y 2 for some y > 0} 

b. {x ∈ N | x = 2 y for some y} 

c. {x ∈ N | 10 ≤ x < 20} 

7. Velleman, exercise 6 on page 42. (Draw Venn diagrams.) 


a. 

b. 

x ∈ (A ∪ B) \ C ≡ (x ∈ A ∪ B) ∧ (x ∉ C) 

≡ (x ∈ A ∨ x ∈ B) ∧ (x ∉ C) 

≡ (x ∈ A ∧ x ∉ C) ∨ (x ∈ B ∧ x ∉ C) 

≡ (x ∈ A \ C) ∨ (x ∈ B \ C) 

≡ x ∈ (A \ C) ∪ (B \ C) 

x ∈ A ∪ (B \ C) ≡ x ∈ A ∨ (x ∈ B \ C) 

≡ x ∈ A ∨ (x ∈ B ∧ x ∉ C) 

≡ (x ∈ A ∨ x ∈ B) ∧ (x ∈ A ∨ x ∉ C) 

≡ (x ∈ A ∪ B) ∧ ¬(x ∉ A ∧ x ∈ C) 

≡ (x ∈ A ∪ B) ∧ (x ∉ C \ A) 

≡ x ∈ (A ∪ B) \ (C \ A) 

9. a. Suppose x is in (A ∪ B) \ C. Then x is in A ∪ B, but x is not in C. 

So x is in A, or x is in B. If x is in A, then x is in A \ C, and hence 

(A \ C) ∪ (B \ C), as required. On the other hand, if x is in B, then 

x is in B \ C, and hence (A \ C) ∪ (B \ C), as required. So, in either 

case, we have the desired conclusion. 

For the reverse inclusion, suppose x is in (A \ C) ∪ (B \ C). Then 

either x is in A \ C, or x is in B \ C. Consider both cases. If x is in 

A \ C, then x is in A but not in C. But then x is in A ∪ B, and so in 

(A ∪ B) \ C. On the other hand, if x is in B \ C, then x is in B but 

not C, and so x is in (A ∪ B) \ C in that case too.

. Suppose x is in A ∪ (B \ C). Then either x is in A, or x is in B but 

not C. Consider both cases. If x is in A, then x is in A ∪ B, but x is 

not in C \ A. So x is in (A ∪ B) \ (C \ A), as desired. On the other 

hand, if x is in B but not C, then again x is in A ∪ B but not C \ A, 

which implies that x is in (A ∪ B) \ (C \ A), as desired. 

For the reverse inclusion, suppose x is in (A ∪ B) \ (C \ A). Then x 

is in A ∪ B, but x is not in C \ A. So x is in A, or x is in B. If x 

is in A, then x is in A ∪ (B \ C), as required. So suppose we are in 

the other case, i.e., x is in B. Since x is not in C \ A, we know that 

either x is not in C, or x is in A. If x is not in C, then x is in B \ C, 

and so x is in A ∪ (B \ C), as required. On the other hand, if x is in 

A, then x is in A ∪ (B \ C), as before. So, either way, we have the 

desired conclusion. 

10. Velleman, exercise 9, page 42. Let A = {1, 2} and let B = {2}. Then 

(A ∪ B) \ B = {1, 2} \ {2} = {1}, which is not equal to A.


Homework #4 

Due Thursday, February 3 

1. Continue reading Chapter 3 of Velleman. Also read the handout on 

natural deduction that I will post early next week. 

⋆ 2. 

⋆ 3. 


Grinder. 

Do exercise 3.9 on pages 27–28 of Tarski’s World, and submit it to the 


4. Do as as many of the other exercises through exercise 3.13 of Tarki’s 

World as you can. 

5. Do as many of the exercises to Section 1.5, 2.1, 2.2, and 2.3 of Velleman 

as you can. 

⋆ 6. 

⋆ 7. 

⋆ 8. 

⋆ 9. 

Do exercise 2 on page 53, explaining the variables that you use. (See 

the solutions to problem 1 on 332 for an example.) 

Do exercise 5 on page 54, both by writing out the truth table and checking 

that the two formulas always have the same truth values, and using 

propositional identities and calculating. 

Do exercise 3 on page 63. In other words, write down first-order expressions 

in a language with all the relevant symbols, assuming the variables 

range over real numbers. Don’t forget to indicate the free variables. 

Do exercise 2 on page 72. For parts (a) and (b), give both a symbolic 

expression and a natural language expression, as in the solution to part 

1 on page 332. 

⋆ 10. Do exercise 6 on page 81.




a. S → P ∧ A, where S is “Mary will sell her house,” P is “Mary can 

get a good price,” and A is “Mary can find a nice apartment.” 

b. M → C ∧ D, where M is “one can get a mortgage,” C is “one has a 

good credit history,” and D is “one has an adequate down payment.” 

c. ¬S → K, where S is “someone stops John” and K is “John will kill 

himself.” 

d. F ∨ S → ¬P where F is “x is divisible by 4,” S is “x is divisible by 

6,” and P is “x is prime.” (The sentence is better represented using 

first-order logic, and it is o.k. if you that is what you did.) 


a. The truth table is straightforward. Here is a calculation: 

(P ↔ Q) ≡ (P → Q) ∧ (Q → P ) 

≡ (¬P ∨ Q) ∧ (¬Q ∨ P ) 

≡ (¬P ∧ (¬Q ∨ P )) ∨ (Q ∧ (¬Q ∨ P )) 

≡ (¬P ∧ ¬Q) ∨ (¬P ∧ P ) ∨ (Q ∧ ¬Q) ∨ (Q ∧ P ) 

≡ (¬P ∧ ¬Q) ∨ (P ∧ Q) 

b. Again, the truth table is straightfoward. Here is a calculation: 

(P → Q) ∨ (P → R) ≡ (¬P ∨ Q) ∨ (¬P ∨ R) 


a. ∀z (z > x → z > y). x and y are free. 

≡ ¬P ∨ (Q ∨ R) 

≡ 

(P → Q ∨ R). 

b. ∀a (∃x (ax 2 + 4x − 2 = 0) ↔ (a ≥ −2)). There are no free variables. 

c. ∀x (x 3 − 3x < 3 → x < 10). There are no free variables. 

d. ∃x (x 2 + 5x = w) ∧ ∃y (4 − y 2 = w) → −10 ≤ w ∧ w ≤ 10. w is free. 

9. Velleman, exercise 2 on page 72.

a. ∀x (F (x) → R(x)), where F (x) is “x is in the Freshman class” and 

R(x) is “x has a roommate.” “Everyone in the Freshman class has a 

roommate.” 

b. ∃x ∀y ¬L(x, y) ∨ ∃x ∀y L(x, y), where L(x, y) is “x likes y.” “Either 

someone doesn’t like anyone, or someone likes everyone.” 

c. ∃a ∈ A ∀b ∈ B ((a ∈ C ∧ b ∉ C) ∨ (b ∈ C ∧ a ∉ C)) (or some variant). 

d. ∃y > 0 ∀x (ax 2 + bx + c ≠ y). 


a. A 2 = {2, 3, 1, 4}, A 3 = {3, 4, 2, 6}, A 4 = {4, 5, 3, 8}, and A 5 = 

{5, 6, 4, 10} 

⋂ 

b. 

i∈I A i = {4}, ⋃ i∈I A i = {1, 2, 3, 4, 5, 6, 8, 10}.


Homework #5 


⋆ 3. 

⋆ 4. 

⋆ 5. 

1. Finish reading Chapter 3 of Velleman. 

2. Read the handout “Natural deduction for propositional logic” that is 

posted on Blackboard, under “Course documents.” 







6. Do as as many of the other exercises through exercise 3.26 of Tarki’s 

World as you can. (This will be the last assignment that uses it.) 

7. Do as many of the exercises to Sections 3.1-3.2 and 3.4-3.5 of Velleman 

as you can. 

⋆ 8. Do exercise 4 on page 106 of Velleman. Give an ordinary, informal 

proof. Note that this means using clear, grammatically correct English 

sentences, and avoiding logical symbols! This is the form in which mathematical 

arguments are written, and you will be graded accordingly. 

⋆ 9. 

Do exercise 19 on page 134 of Velleman. Again, give an ordinary, informal 

proof. (Hints: since saying that two sets are not disjoint means 

that there is an element that is in both of them, it may be easier to 

prove that the first statement is false iff the second statement is false. 

Remember that if F is a family of sets, saying x ∈ ⋃ F means that x is 

in A for some set A ∈ F.) 

⋆ 10. Give a natural deduction proof of ¬(¬p ∧ q) from the hypothesis p. 

⋆ 11. Give a natural deduction proof of p ∨ (q ∧ r) → ((p ∨ q) ∧ (p ∨ r)). 

⋆ 12. Give a natural deduction proof of s from p → s and ¬p → s. (Hint: 

you can derive p ∨ ¬p first, as we did in class, and use that. For a more 

direct proof, try a proof by contradiction.) 

⋆ 13. Give a natural deduction proof of ¬p ∧ ¬s from p → q, ¬(q ∧ r), r, and 

s → p.



8. Velleman, exercise 4 on page 106. Suppose A \ B is disjoint from C and 

x ∈ A. Prove that if x ∈ C then x ∈ B. 

Proof. Suppose A \ B is disjoint from C and x is in A, and suppose x is 

in C. If x is in not in B, then x is in A \ B, which contradicts the fact 

that A \ B is disjoint from C. So x is in B. 

7. Velleman, exercise 19 on page 134. Suppose F and G are families of sets. 

Prove that ⋃ F and ⋃ G are disjoint iff for all A ∈ F and B ∈ G, A and 

B are disjoint. 

10. 

Proof. Suppose the second statement is false. Then for some A ∈ F 

and B ∈ G, A and B are not disjoint. That means that there is some 

element, x, in both A and B. But then x is in ⋃ F and ⋃ G, so the first 

statement is false as well. 

Conversely, suppose the first statement is false. Then there is an element, 

x, in both ⋃ F and ⋃ G. But x ∈ ⋃ F means that x is in A for some A 

in F, and x ∈ ⋃ G means that x is in B for some B in G. This means 

that A and B are not disjoint, so the second statement is false as well. 

11. 

x 

¬p ∧ q 

¬p p 

⊥ 

¬(¬p ∧ q) 

x 

p ∨ (q ∧ r) 

q ∧ r q ∧ r 

x 

x 

p p q r 

p ∨ q p ∨ r (p ∨ q) (p ∨ r) 

y 

(p ∨ q) ∧ (p ∨ r) (p ∨ q) ∧ (p ∨ r) 

x 

(p ∨ q) ∧ (p ∨ r) 

y 

p ∨ (q ∧ r) → (p ∨ q) ∧ (p ∨ r) 

x 

x

12. As suggested by the hints, one solution is to use the proof of p ∨ ¬p 

on page 7 of the notes “Natural deduction for propositional logic,” and 

proceed as follows: 

13. 

p ∨ ¬p 

Here is a more direct proof: 

¬s 

y 

p → s 

s 

s 

¬p → s 

⊥ y 

s 

s 

p 

¬s 

x 

y 

¬p → s 

s x 

p → s 

s 

⊥ 

¬p x 

¬p 

p 

x 

x 

¬(q ∧ r) 

p → q 

q 

⊥ 

¬p 

x 

p 

x 

q ∧ r 

r 

¬p ∧ ¬s 

¬(q ∧ r) 

p → q 

⊥ 

¬s 

x 

q 

s → p s 

p 

q ∧ r 

x 

r


Homework #6 


1. Start reading Chapter 6 of Velleman. (We will come back to Chapter 4 

and 5 afterwards.) 

2. Read the handout “Propositional logic in Isabelle” that is posted on 

Blackboard, under “Course documents.” 

⋆ 3. 

Page 18 in Velleman considers the following argument: 

The butler and the cook are not both innocent. 

Either the butler is lying or the cook is innocent. 

Therefore, the butler is either lying or guilty. 

Using letters B for “the butler is innocent,” C for “the cook is innocent,” 

and L for “the butler is lying,“ formalize this inference and give a natural 

deduction proof to establish its validity. (In the proof, the first two 

lines should be uncancelled hypotheses, and the third line should be the 

conclusion.) 

⋆ 4. 

⋆ 5. 

⋆ 6. 

Give a natural deduction proof of ((ϕ ∨ ψ) → θ) → (ϕ → θ) ∧ (ψ → θ). 

Give a natural deduction proof of ϕ → ψ from ¬(ϕ ∧ ¬ψ). 

For this part of the assignment, you need to verify some propositional 

logic proofs using Isabelle. The instructions below assume you are using 

Isabelle in one of the clusters. If you are using another installation, 

adapt them accordingly. 

• Open a browser window, find “homework6.thy” under “Homework 

assignments” on blackboard, and save it to a directory, e.g. your 

home directory. 

• Open up a terminal window (via Applications -> Accessories -> 

Terminal), and from that directory type 

isabelle emacs homework6.thy 

to open the file. (In Unix, you can type ls to list directories, and 

cd [directory-name] to change directory. Typing cd alone puts 

you in your home directory.)

• Complete the proofs in the file, following the instructions in the 

comments. 

• Save the file and exit Isabelle. 

• Rename the file to homework6_[your-last-name].thy. For example, 

at the terminal window, type 

mv homework6.thy homework6_smith.thy 

• Mail the file to Dan, at dauerbac@andrew.cmu.edu. For example, 

you can open a browser and use gmail or go to my.cmu.edu and 

use web mail. Make sure you put “isabelle homework6 [your-lastname]” 

in the subject line and make sure you attach the renamed 

file. 

⋆ 7. 

⋆ 8. 

Do exercise 13 on page 144 of Velleman, giving an ordinary, informal 

proof. 

Do exercise 19 on page 144 of Velleman. Again, give an ordinary, informal 

proof. Keep in mind that, by definition, A△B = (A \ B) ∪ (B \ A).



3. Use the letters B, C, and L as in the text. 

4. 

5. 

L ∨ C 

B C 

¬(B ∧ C) B ∧ C 

x 

⊥ y 

L 

¬B 

L ∨ ¬B 

L ∨ ¬B x 

L ∨ ¬B 

ϕ 

z 

z 

(ϕ ∨ ψ) → θ ϕ ∨ ψ (ϕ ∨ ψ) → θ 

θ 

x 

θ 

ϕ → θ 

ψ → θ 

(ϕ → θ) ∧ (ψ → θ) 

((ϕ ∨ ψ) → θ) → (ϕ → θ) ∧ (ψ → θ) 

¬(ϕ ∧ ¬ψ) 

x 

y 

ϕ ¬ψ 

ϕ ∧ ¬ψ 

z 

y 

y 

z 

x 

y 

ψ 

ϕ ∨ ψ 

⊥ z 

ψ 

ϕ → ψ 

y 

7. Prove that for every integer x, x 2 + x is even. 

Let x be any integer. If x is even, then x 2 is also even, and x 2 + x is 

even. If x is odd, then x 2 is odd, and again x 2 + x is even. Either way, 

x 2 + x is even. 

(This proof presupposes the fact that if x is even, then x 2 is even, and 

similarly for x odd. If you spelled out the proof in greater detail, e.g. by 

writing x as 2k in the first case and 2k + 1 in the second case, that is 

even better. You could also prove the theorem by factoring x 2 + x as 

x(x + 1) and again splitting on cases.)

8. Suppose A, B, and C are sets. Show that A△B and C are disjoint iff 

A ∩ C = B ∩ C. 

Suppose A△B and C are disjoint. Let x be an element of A ∩ C. Then 

x is in both A and C. If x is not in B, then x is in A△B, contradicting 

the fact that A△B and C are disjoint. So x is in B, and hence in B ∩ C. 

Conversely, if x is in B ∩ C, a similar argument shows that x is in A ∩ C. 

Since x was arbitrary, we have A ∩ C = B ∩ C. 

In the other direction, suppose A ∩ C = B ∩ C, but A△B and C are 

not disjoint. Let x be an element of both A△B and C. Then either x 

is in A \ B, or x is in B \ A. If x is in A \ B, then x is in A but not 

B; but then x is in A ∩ C but not B ∩ C, contradicting the hypothesis. 

Similarly, if x is in B \ A, then x is in B ∩ C but not A ∩ C, again a 

contradiction. So A△B and C are disjoint.


Homework #7 


1. Remember that there is an in-class midterm on Thursday, March 3. 

2. Finish reading Chapter 6 of Velleman. 

3. Read the handout “Natural deduction for first-order logic” that is posted 

on Blackboard, under “Course documents.” 

⋆ 4. 

Using Isabelle, carry out the instructions in “homework7.thy” under 

“Homework assignments” on Blackboard. Follow the same instructions 

as last week: 

• Save the file to a directory, e.g. your home directory. 

• Run Isabelle by typing isabelle emacs homework7.thy 


comments. 

• Save the file and exit Isabelle. 




• E-mail the file to Dan, at dauerbac@andrew.cmu.edu, with “isabelle 

homework7 [your-last-name]” in the subject line. 

⋆ 5. 

Give natural deduction proofs of the following: 

• ∀x ϕ(x) ∨ ∀x ψ(x) → ∀x (ϕ(x) ∨ ψ(x)) 

• ∀x ϕ(x) → ¬∃x ¬ϕ(x) 

⋆ 6. 

Formalize the following statements, and give a natural deduction proof 

in which the first three statements appear as (uncancelled) hypotheses, 

and the last line is the conclusion: 

Every young and healthy person likes baseball. 

Every active person is healthy. 

Someone is young and active. 

Therefore, someone likes baseball.

Use Y (x) for “is young,” H(x) for “is healthy,” A(x) for “is active,” and 

B(x) for “likes baseball. 

⋆ 7. 

⋆ 8. 

Do exercise 4 on page 265 of Velleman, giving an ordinary, informal 

proof. As usual, style counts. 

Do exercise 11 on page 266 of Velleman. (Hint: in the inductive step, 

rewrite 4 n+1 as 4(4 n + 6n − 1) − 24n + 4, in order to use the inductive 

hypothesis.)



5. a. 

b. 

∀x ϕ(x) ∨ ∀x ψ(x) 

a 

∀x ϕ(x) 

ϕ(y) 

ϕ(y) ∨ ψ(y) 

∀x (ϕ(x) ∨ ψ(x)) 

∀x (ϕ(x) ∨ ψ(x)) 

∀x ϕ(x) ∨ ∀x ψ(x) → ∀x (ϕ(x) ∨ ψ(x)) 

b 

b 

∀x ψ(x) 

ψ(y) 

ϕ(y) ∨ ψ(y) 

∀x (ϕ(x) ∨ ψ(x)) 

b 

a 

6. 

¬ϕ(y) 

b 

∃x ¬ϕ(x) 

⊥ 

b 

¬∃x ¬ϕ(x) 

∀x ϕ(x) → ¬∃x ¬ϕ(x) 

c 

⊥ 

c 

a 

∀x ϕ(x) 

ϕ(y) 

a 

∃x (Y (x) ∧ A(x)) 

∀x (Y (x) ∧ H(x) → B(x)) 

Y (z) ∧ H(z) → B(z) 

∃x B(x) 

Y (z) ∧ A(z) 

Y (z) 

B(z) 

∃x B(x) 

a 

∀x (A(x) → H(x)) 

a 

A(z) → H(z) 

H(z) 

Y (z) ∧ H(z) 

Y (z) ∧ A(z) 

A(z) 

a 

7. Claim: For every n ≥ 1, 1 + 3 + 5 + . . . + (2n − 1) = n 2 . 

Proof: by induction on n. In the base case, when n = 1, and both sides 

are equal to 1. Assuming the claim is true of n, we have 

1 + . . . + (2(n + 1) − 1) = (1 + . . . + (2n − 1)) + 2n + 1 

= n 2 + 2n + 1 

= (n + 1) 2 .

8. Claim: for every n ≥ 1, 9|(4 n + 6n − 1). 

Proof: by induction on n. In the base case, when n = 0, 4 n +6n−1 = 0, 

which is divisible by 9. 

In the induction step, suppose the claim is true for n. Then 

4 n+1 + 6(n + 1) − 1 = (4(4 n + 6n − 1) − 24n + 4) + 6n + 5 

= 4(4 n + 6n − 1) − 18n + 9. 

By the inductive hypothesis, the first term is divisible by 9, and 18n and 

9 are clearly both divisible by 9.


Homework #8 

Due Thursday, March 17 

Notice that this assignment is not due until after spring break. 

1. Study for the in-class midterm on Thursday, March 3. It will cover all 

the material we discuss in class through Tuesday, March 1, including 

Chapters 1–3 and 6 of Velleman, as well as natural deduction for propositional 

logic and first-order logic with equality. (Note that we did not 

cover section 6.5 in Velleman.) 

2. Start reading Chapter 4 of Velleman. Also read the handout, “Firstorder 

logic in Isabelle,” that is posted on Blackboard, under “Course 

documents.” 

⋆ 3. 

Remember that both the following express ∃!x ϕ(x), that is, the statment 

that there is a unique x satisfying ϕ(x): 

• ∃x (ϕ(x) ∧ ∀y (ϕ(y) → y = x)) 

• ∃x ϕ(x) ∧ ∀y ∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

Do the following: 

a. Give a natural deduction proof of the second, assuming the first as a 

hypothesis. 

b. Give a natural deduction proof of the first, asssuming the second as 

a hypothesis. 

(Warning: these are long.) 

⋆ 4. 



in previous weeks week: 




comments. 

• Save the file and exit Isabelle.






5. Do as many exercises in Sections 6.1–6.4 of Velleman as you can. 

⋆ 6. 

⋆ 7. 

⋆ 8. 

Do exercise 9 on page 287 of Velleman. 


Do exercise 4 on page 296 of Velleman.



3. a. 

a 

ϕ(z) ∧ ∀y (ϕ(y) → y = z) 

ϕ(z) 

(∗) 

∃x ϕ(x) 

∀y ∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

∃x (ϕ(x) ∧ ∀y (ϕ(y) → y = x)) 

∃x ϕ(x) ∧ ∀y ∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

a 

∃x ϕ(x) ∧ ∀y ∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

where (∗) is the proof 

ϕ(z) ∧ ∀y (ϕ(y) → y = z) 

ϕ(z) ∧ ∀y (ϕ(y) → y = z) 

a 

b 

ϕ(y) ∧ ϕ(y ′ ) 

∀y (ϕ(y) → y = z) 

ϕ(y) ∧ ϕ(y ′ ) 

ϕ(y) 

b 

∀y (ϕ(y) → y = z) 

ϕ(y) → y = z 

y = z 

ϕ(y ′ ) 

ϕ(y ′ ) → y ′ = z 

y ′ = z 

z = y ′ 

y = y ′ 

b 

ϕ(y) ∧ ϕ(y ′ ) → y = y ′ 

∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

∀y ∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

b. Let θ be the formula ∃x ϕ(x) ∧ ∀y ∀y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ). 

a 

θ 

∃x ϕ(x) 

ϕ(x) 

x 

θ 

∀y, y ′ (ϕ(y) ∧ ϕ(y ′ ) → y = y ′ ) 

ϕ(y) ∧ ϕ(x) → y = x 

y = x 

ϕ(x) ∧ ∀y (ϕ(y) → y = x) 

∃x (ϕ(x) ∧ ∀y (ϕ(y) → y = x)) 

∃x (ϕ(x) ∧ ∀y (ϕ(y) → y = x)) 

ϕ(y) → y = x 

∀y (ϕ(y) → y = x) 

x 

ϕ(y) 

y 

y 

ϕ(y) ∧ ϕ(x) 

ϕ(x) 

x 

6. Claim: For every n ≥ 2, ∑ n−1 

k=1 H k = nH n − n. 

Proof. First notice that for every n, H n+1 = H n + 1 

n+1 , so H n = H n+1 − 

1 

n+1 

. Now use induction on n. In the base case, when n = 2, we have 

∑ 2−1 

k=1 H k = H 1 = 1, and 2H 2 − 2 = 2(1 + 1/2) − 2 = 3 − 2 = 1, so the 

identity holds.

In the inductive step, suppose the claim is true for n. Then we have 

as required. 

n∑ 

H k = 

k=1 

n−1 

∑ 

H k + H n 

k=1 

= nH n − n + H n by the IH 

= (n + 1)H n − n 

= (n + 1)(H n+1 − 1 

n + 1 ) − n 

= (n + 1)H n+1 − 1 − n 

= (n + 1)H n+1 − (n + 1), 

7. Claim: For every n ≥ 1, ∑ n 

i=1 

i · i! = (n + 1)! − 1. 

Proof: Use induction on n. When n = 1, both sides are equal to 1. 

In the induction step, suppose the claim is true for n. Then we have 

n+1 

∑ 

i · i! = 

i=1 

n∑ 

i · i! + (n + 1) · (n + 1)! 

i=1 

= (n + 1)! − 1 + (n + 1) · (n + 1)! 

= (1 + n + 1) · (n + 1)! − 1 

= (n + 2)! − 1. 

8. Let us use complete induction to show that for every n ≥ 12, n can be 

obtained by adding multiplies of 3 and 7. 

First, notice that we have 12 = 4·3, 13 = 7·1+2·3, and 14 = 7+7. If n 

is greater than or equal to 15, the inductive hypothesis implies that n−3 

can be obtained by adding multiples of 3 and 7. Since n = (n − 3) + 3, 

can can be obtained that way as well.


Homework #9 


1. Continue reading Chapter 4 of Velleman. Also read the handout, “The 

natural numbers,” which is posted on Blackboard, under “Course documents.” 

⋆ 2. 



as in previous weeks: 



• Complete the proofs in the file, save the file, and exit Isabelle. 






⋆ 3. 

⋆ 4. 

⋆ 5. 

⋆ 6. 

Do problem 7(a) on page 296 of Velleman. 

In class, we gave recursive definitions of operations like addition and 

multiplication on the natural numbers, and then showed how to define 

relations like



3. Remember F 0 = 0 and F 1 = 1. Use complete induction on n. In the 

base case, we have F m−1 F 0 + F m F 1 = F m−1 · 0 + F m · 1 = F m . 

In the induction step, suppose the formula holds for m and all n ′ less 

than n + 1, and let us show that the claim holds of m and n + 1. We 

have 

F m+(n+1) = F m+n + F m+(n−1) 

as required. 

= (F m−1 F n + F m F n+1 ) + (F m−1 F n−1 + F m F n ) by the IH 

= F m−1 (F n + F n−1 ) + F m (F n+1 + F n ) 

= F m−1 F n+1 + F m F n+2 , 

4. a. ∀x (x ≥ 1 → ∃y (Prime(y) ∧ x ≤ y ∧ y ≤ 2 · x)) 

b. ∃w, y, z (Prime(w) ∧ Prime(y) ∧ Prime(z) ∧ w|x ∧ y|x ∧ z|x ∧ w ≠ 

y ∧ w ≠ z ∧ y ≠ z) 

c. ∀y (Prime(y) ∧ y|x → y = 2) 

5. Fix x and y, and use induction on z. In the base case, we have 

x · (y + 0) = x · y 

by the definition of addition 

= x · y + 0 by the definition of addition 

= x · y + x · 0 by the definition of multiplication 

In the inductive step, assume x · (y + z) = x · y + x · z. Then 

x · (y + succ(z)) = x · succ(y + z) def + 

= x · (y + z) + x def · 

= (x · y + x · z) + x IH 

= x · y + (x · z + x) associativity 

= x · y + x · succ(z) def ·

6. Fix x and y and use induction on z. In the base case, we have 

x · (y · 0) = x · 0 

= 0 

= (x · y) · 0. 

In the inductive step, we have 

x · (y · succ(z)) = x · (y · z + y) 

= x · (y · z) + x · y by the previous problem 

= (x · y) · z + x · y by the IH 

= (x · y) · succ(z).


Homework #10 


Note: for the problems on this assignment, other than 3, you should be 

giving ordinary mathematical proofs, not symbolic calculations. That means 

that you should be using words rather than symbols for logical connectives, 

and using clear, readable, mathematical language. 

1. Finish reading Chapter 4 of Velleman, and start reading Chapter 5. 

2. Do as many exercises from Sections 4.1–4.4 as you can. 

⋆ 3. 

⋆ 4. 

⋆ 5. 

⋆ 6. 

⋆ 7. 

⋆ 8. 

Do the following: 

a. Prove 0 · x = 0. 

b. Prove succ(x) · y = x · y + y by induction on y. (This is tricky.) 

c. Prove x · y = y · x. 

Use only the definitions of addition and multiplication and other facts 

proved in class and on the last homework assignment. (In other words, 

you may use the definition and properties 1–6 and 9 on the handout, 

“The natural numbers.”) 

Do problem 9 on page 171 of Velleman. 

Do problem 6(d) on page 179 of Velleman. 



Do problem 6 on page 211 of Velleman.



3. a. Prove 0 · x = 0 by induction on x. When x = 0, we have 0 · 0 = 0 by 

the definition of multiplication. In the successor case, we have 

0 · succ(x) = 0 · x + 0 

= 0 + 0 

= 0. 

b. Prove succ(x) · y = x · y + y by induction on y. When y = 0, both 

sides are equal to 0 by the definition of multiplication and addition. 

In the successor case, we have 

succ(x) · succ(y) = succ(x) · y + succ(x) 

= (x · y + y) + succ(x) 

= x · y + (y + succ(x)) 

= x · y + (succ(y + x)) 

= x · y + (succ(x + y)) 

= x · y + (x + succ(y)) 

= (x · y + x) + succ(y) 

= x · succ(y) + succ(y) 

c. Prove x · y = y · x by induction on x. In the base case, we have 

0 · y = 0 = 0 · y by the first part. In the induction step, we have 

succ(x) · y = x · y + y 

= y · x + y 

= y · succ(x). 

4. Show (A × B) \ (C × D) = (A × (B \ D)) ∪ ((A \ C) × B). 

Let A, B, C, and D be arbitrary sets. Suppose p is in (A×B)\(C ×D). 

Then p is in A × B, but not in C × D. This means that p is a pair, 

(a, b), where a is in A and b is in B, but (a, b) is not in C × D. This last 

assertion means that either a is not in C, or b is not in D. In the first 

case, (a, b) is in (A \ C) × B, and in the second case, it is in A × (B \ D). 

So (a, b) is in (A × (B \ D)) ∪ ((A \ C) × B).

Conversely, suppose p is in (A × (B \ D)) ∪ ((A \ C) × B). Then either 

p is in (A × (B \ D)) or p is in ((A \ C) × B). In the first case, p is a 

pair (a, b), where a is in A and b is in B but not D. In the second case, 

p is a pair (a, b), where a is in A but not C, and b is in B. Either way, 

p is in A × B, but p is not in C × D. Thus p is in (A × B) \ (C × D), as 

required. 

5. Show (S ◦ R) −1 = S −1 ◦ R −1 . 

Suppose (x, y) is in (S ◦ R) −1 . Then (y, x) is in S ◦ R. This means that 

for some z, (y, z) is in S, and (z, x) is in R. But that means that (x, z) 

is in R −1 and (z, y) is in S −1 , so (x, y) is in S −1 ◦ R −1 . 

Conversely, suppose (x, y) is in S −1 ◦ R −1 . Then for some z, (x, z) is in 

S −1 and (z, y) is in R −1 , which means that (y, z) is in R and (z, x) is in 

S. This means that (y, x) is in R ◦ S, and so (x, y) is in (R ◦ S) −1 . 

6. Suppose R 1 and R 2 are relations on A. 

a. If R 1 and R 2 are both reflexive, so is R 1 ∩ R 2 . To prove this, let x 

be any element of A. Then (x, x) is in both R 1 and R 2 , and so in 

R 1 ∩ R 2 . 

b. If R 1 and R 2 are both symmetric, so is R 1 ∩ R 2 . To prove this, 

suppose (x, y) is an element of R 1 ∩ R 2 . Then it is an element of 

both R 1 and R 2 . Since R 1 and R 2 are both symmetric, (y, x) is an 

element of both as well. So (y, x) is an element of R 1 ∩ R 2 . 

c. If R 1 and R 2 are both transitive, so is R 1 ∩R 2 . To prove this, suppose 

(x, y) and (y, z) are in R 1 ∩ R 2 . Then they are in both R 1 and R 2 . 

Since R 1 and R 2 are transitive, (x, z) is an element of both, and 

hence it is an element of R 1 ∩ R 2 . 

7. a. This is a total order (the order that words appear in the dictionary). 

b. This is not a partial order, because anti-symmetry fails: “bat” and 

“big” are related to one another both ways, but are not the same. 

c. This is a total order, assuming no two countries have exactly the same 

population. (If there are two countries with the same population, it 

is not a partial order). 

8. a. pSq means that p is an ancestor of q. 

b. p(S ◦ S −1 )q means that p and q have a common descendent.


Homework #11 

Due Thursday, April 7 

1. Finish reading Chapter 5 of Velleman, and start reading Chapter 7. 

2. Do as many exercises from Chapter 4 and 5 as you can. 

⋆ 3. 



as in previous weeks: 



• Complete the proofs in the file, save the file, and exit Isabelle. 






The additional Isabelle file, “orders.thy,” posted with the homework 

assignment is simply for reference and enjoyment. (It contains formal 

versions of the next two exercises.) 

⋆ 4. 

Suppose ≤ is a partial order on a set A, and define another order,

trans(≤) a ≤ b b ≤ c 

a ≤ c 

Also, to unfold the definition of



4. To show < is transitive, suppose a and b < c. Then a ≤ b, a ≠ b, 

b ≤ c, and b ≠ c. Since ≤ is transitive, we have a ≤ c. Thus it suffices 

to show a ≠ c, since this implies a < c. 

To that end, suppose a = c. Then from the assumptions we have c ≤ b 

and b ≤ c, and antisymmetry implies b = c. But this contradicts the 

fact that b ≠ c. So a ≠ c, as required. 

5. Given a and b, we need to show that either a < b, a = b, or b < a. If 

a = b, then we are done. So we can assume a ≠ b. Since ≤ is a total 

order, we have a ≤ b or b ≤ a. In the first case, since a ≠ b, we have 

a < b. In the second case, similarly, we have b < a. So either way, one 

of a < b, a = b, or b < a holds. 

6. By the usual natural deduction rules, it suffices to prove a < c from 

a and b < c. 

trans(≤) 

a < b 

a ≤ b 

a ≤ c 

b < c 

b ≤ c 

antisym(≤) 

a < c 

7. Suppose R 1 and R 2 are partial orders on a set A. 

b < c 

b ≤ c 

c = b 

b = c 

u 

a = c 

c ≤ b 

⊥ 

a ≠ c 

a < b 

a ≤ b 

a. Let S = R 1 ∩R 2 . Then S is also a partial order. Proof: For every a in 

A, aR 1 a and aR 2 a, so aSa. So S is reflexive. Suppose aSb and bSc. 

Then aR 1 b, aR 2 b, bR 1 c, and bR 2 c. By the transitivity of R 1 and R 2 , 

aR 1 c and aR 2 c, so aSc. So S is transitive. Finally, suppose aSb and 

bSa. Then, in particular, aR 1 b and bR 1 a. Since R 1 is antisymmetric, 

a = b. So S is antisymmetric. 

b. R 1 ∪ R 2 need not be a partial order. For example, suppose R 1 is ≤ 

and R 2 is ≥ on the natural numbers, and let T = R 1 ∪ R 2 . Then 

0T 1 and 1T 0, but 0 ≠ 1. So T is not antisymmetric. 

u 

b < c 

b ≠ c

8. a. Show S is an equivalence relation on B. Let a, b, and c be any 

elements of B. Then aSa, because aRa. So S is reflexive. If aSb then 

aRb, and by the symmetry of R, we have bRa. Since (b, a) ∈ B × B, 

we have bSa. So S is symmetric. Finally, suppose aSb and bSc. The 

transitivity of R implies aRc, and since (a, c) is in B × B, we have 

aSc. So S is symmetric. 

b. Show that if x is in B, [x] S = [x] R ∩ B. Suppose y is in [x] S . Then 

xSy. By definition, xRy, and (x, y) is in B × B. This implies y is in 

B, so y is in [x] R ∩ B. 

Conversely, suppose y is in [x] R ∩ B. Then xRy and y is in B. But 

then (x, y) is in B × B, so xSy.


Homework #12 

Due Tuesday, April 19 

Notice that this assignment is due on a Tuesday, after Carnival. Late assignments 

will be accepted until noon on Wednesday. 

1. We have now completed Chapters 1–6 of Velleman, excluding sections 

5.4 and 6.5. Read the two excerpts from Enderton’s book, Set Theory, 

titled “Axioms” and “The natural numbers.” These are posted under 

“Course documents” on Blackboard. Then read Chapter 7 of Velleman. 

2. Do as many exercises from Chapter 5 of Velleman as you can. 

⋆ 3. 

⋆ 4. 

⋆ 5. 

⋆ 6. 

⋆ 7. 

⋆ 8. 

⋆ 9. 

Do parts (b) and (c) of exercise 16 on page 224 of Velleman. (Part (a) 

is easy and just tedious.) 





Remember that the formal language of set theory contains only the 

symbol ∈, where x ∈ y represents “x is an element of y.” In addition, 

the language has all the symbols of first-order logic, including equality, 

logical connectives, and quantifiers. In class we saw that in this language 

one can define new notions. For example, we can define “x = {y}” to 

mean ∀z (z ∈ x ↔ z = y). In a similar way, write down formulas in the 

language of set theory to represent all of the following notions: 

a. x = y \ z 

b. x = ⋃ y 

c. x is nonempty 

d. x has exactly two elements 

e. x consists of all the nonempty subsets of y 

In class we defined the ordered pair 〈x, y〉 to be the set {{x}, {x, y}}. 

Prove that if 〈x, y〉 = 〈w, z〉 then x = w and y = z. (Hint: you should 

consider two cases, one where x = y, and the other where x ≠ y.)



3. Suppose R is an equivalence relation on A, S is an equivalence relation 

on B, and A and B are disjoint. 

a. (not required) 

b. Suppose x ∈ A. Then for any y if y is in [x] R , then (x, y) ∈ R, and 

so (x, y) ∈ R ∪ S. But this implies y ∈ [x] R∪S . Conversely, if y is in 

[x] R∪S , then (x, y) ∈ R or (x, y) ∈ S. But since S is a relation on B 

and A and B are disjoint, (x, y) can’t be in S, so (x, y) is in R. So 

y ∈ [x] R . The corresponding claim for S is proved in the same way. 

c. Suppose X ∈ (A∪B)/(R∪S). Then for some x in A∪B, X = [x] R∪S . 

But then x ∈ R or x ∈ S, so the previous part implies X = [x] R or 

X = [x] S , so X ∈ A/R or X ∈ A/S. Conversely, if X ∈ A/R, 

then X = [x] R = [x] R∪S for some x in A, and hence in A ∪ B. So 

X ∈ A ∪ B/R ∪ S. If X ∈ B/S, the argument is similar. 

4. Suppose A is a nonempty set, and f : A → A. 

a. Suppose for every x in A, f(x) = a. Then for all x in A, (f ◦ g)(x) = 

f(g(x)) = a = f(x). 

b. Conversely, suppose for every g : A → A, f ◦ g = f. Let a be any 

element of a, and let g be the constant function g(x) = a. Suppose 

f = f ◦ g. Then for every x, f(x) = (f ◦ g)(x) = f(g(x)) = f(a). So 

f is the constant function with value f(a). 

5. With the definitions in this problem, we have fRg is and only if there 

is some a such that for every x ≥ a, f(x) = g(x). 

a. For every x ≥ 0, f(x) = |x| = x = g(x), so fRg. 

b. To see that R is an equivalence relation, first show it is reflexive: for 

any x ≥ 0, f(x) = f(x). (Anything would work in place of 0.) If is 

symmetric: if f(x) = g(x) for every x ≥ a, then g(x) = f(x) for every 

x ≥ a. Finally, let us show it is transitive. Suppose f(x) = g(x) for 

every x ≥ a, and let g(x) = h(x) for every x ≥ b. Let c = max(a, b). 

Then for every x ≥ c, f(x) = g(x) and g(x) = h(x), so for every 

x ≥ c, f(x) = h(x). 

6. Let f(x) = 3x 

x−2 .

a. f(x) can never be 3, since otherwise we would have 3x − 6 = 3x, a 

contradiction. f is injective and surjective as a function from R to 

R \ {3}. To show that it is injective, suppose f(x) = f(x ′ ). Crossmultiplying, 

we have 3xx ′ − 6x = 3x ′ x − 6x ′ , which implies 6x = 6x ′ 

and so x = x ′ . To show that it is surjective, suppose y is not equal 

to 3. Then an easy calculation shows y = f(2y/(y − 3)). 

b. The previous calculation shows f −1 (y) = 2y 

y−3 . 

7. Given f : A → B injective, let B ′ = rangef. Then f : A → B ′ is 

injective and surjective, and so, by Theorem 5.3.4, f −1 : B ′ → A. 

8. 

a. ∀w (w ∈ x ↔ w ∈ y ∧ w ∉ z). 

b. ∀w (w ∈ x ↔ ∃u ∈ y (w ∈ u)). 

c. ∃w (w ∈ x). 

d. ∀y, z (y ≠ z ∧ ∀w (w ∈ x ↔ w = y ∨ w = z). 

e. ∀w (w ∈ x ↔ w ⊆ y ∧ ∃u (u ∈ w)), where w ⊆ y means ∀v (v ∈ w → 

v ∈ y). 

9. Suppose (x, y) = (w, z). I need to show that x = y and w = z. 

Case 1: x = y. Then (x, y) is a set containing a single element, {x}. 

Since (x, y) = (w, z), the right hand side is also a set with a single 

element, {x}. But this can only happen if w = z (because otherwise 

(w, z) contains two elements) and so (w, z) is a set with a single element 

{w}. But if {x} = {w} then x must be equal to w. 

Case 2: x ≠ y. Then (x, y) is a set containing two elements: a oneelement 

set {x} and a two-element set {x, y}. Since (x, y) = (w, z), the 

latter also has two elements, {w} and {w, z}. So w ≠ z, {x} = {w}, and 

{x, y} = {w, z}. But this shows that x = w and y = z.


Homework #13 

Due Tuesday, April 26 

This is the last homework assignment! Note the following: 

• Class is cancelled on Thursday, April 28. 

• This assignment is due Tuesday, April 26, the last day of class. (As 

usual, we’ll accept late assignments until noon the next day.) 

• The final exam will be on Friday, May 6, from 1 to 3 pm. 

• Dan and I will hold extra office hours for review before the exam (we’ll 

announce them on Blackboard). 

1. Finish reading Chapter 7 of Velleman’s book, and read the excerpt, 

“Construction of the Real Numbers,” from Enderton. 

2. Do as many exercises as you can from Sections 7.1 and 7.2 of Velleman. 

⋆ 3. 

⋆ 4. 

⋆ 5. 

Let R be an equivalence relation on A. Explain how the axioms of set 

theory (as listed in class, or in the “Axioms” chapter of Enderton) imply 

the following: 

a. For every a ∈ A, the set [a] R exists. 

b. The set A/R exists. 

Remember that we defined the successor of x, succ(x), to be x ∪ {x}. 

(Enderton writes this as x + .) A set A is said to be inductive if ∅ is in 

A, and whenever a set x is in A, succ(x) is in A. The axiom of infinity 

says that there is an inductive set. We then define the natural numbers, 

N, to be the intersection of all inductive sets. This means that for any 

set x, x is in N if and only if x is in every inductive set. 

a. Show that N is inductive. 

b. Show that if A is inductive and A ⊆ N, then A = N. 

To exercise 5 on page 312 of Velleman. This is tricky. Given that f is a 

bijection from A to B, define an explicit function from P (A) to P (B), 

and prove that it is a bijection.

⋆ 6. 

⋆ 7. 

Do exercise 6(a) on page 312 of Velleman. (You can use the proof in the 

appendix, but then you should also prove that the function g defined 

there is one-to-one and onto. It helps to draw a picture.) 

Do exercise 3 on page 321 of Velleman.



3. a. [a] R = {x ∈ A | (a, x) ∈ R}, so this set exists by the subset axiom. 

b. A/R = {y ∈ P (A) | ∃a ∈ A (y = [a] R )}, so this set exists by the 

power set axiom and the subset axiom. 

4. a. Show N is inductive. 0 is in N, because 0 is in every inductive set. 

To show that N is closed under sucessor, suppose x is in N. Then if 

A is any inductive set, x is in A. Since A is inductive, succ(x) is in 

A. Thus succ(x) is in N as well. 

b. Suppose A is inductive. Then every element of N is in A, so N ⊆ A. 

Since we are assuming A ⊆ N, A = N. 

5. Given a bijection f from A to B, define g : P (A) → P (B) by g(X) = 

{f(x) | x ∈ X}. Let us show that this is a bijection. 

To show g is injective, suppose g(X) = g(Y ). Let x be in X. Then 

f(x) is in g(X), and so f(x) is in g(Y ). This means that f(x) = f(y) 

for some y in Y . But f is injective, so x = y. So x is in Y . The same 

argument shows that every element of Y is in X, so X = Y , as required. 

To show g is surjective, let Y be any subset of B. Let X = {f −1 (y) | y ∈ 

Y }. Then g(X) = {f(f −1 (y)) | y ∈ Y } = {y | y ∈ Y } = Y , as required. 

6. Use the proof on page 365 in the textbook. To see that g is injective, 

let i and i ′ be any elements of I n , and suppose g(i) = g(i ′ ). If neither i 

nor i ′ is equal to j, then f(i) = f(i ′ ), which implies i = i ′ , because f is 

injective. Suppose i = j. Then g(i) = k. Since i ′ is in I n , we can’t have 

f(i ′ ) = k, because f(n + 1) = k and f is injective. So i ′ must be equal 

to j as well. 

To see that g is surjective, let y be any element of I m−1 . Since f is 

surjective, there is an x in I n+1 such that f(x) = y. If y is not equal to 

k, then x is not equal to n + 1, so x is in I n and g(x) = y. If y is equal 

to k, then g(j) = y. Either way, there is an element x of I n such that 

g(x) = y. 

7. Show that the set of finite subsets of Z + is countable. For every n ∈ Z + , 

the set S n of subsets of {0, . . . , n} is finite (with 2 n+1 elements), and 

hence countable. By Theorem 7.2.2, ⋃ S n is countable. Every finite 

subset of Z + is in S n for some n, so we are done.

LOGIC AND MATHEMATICAL INQUIRY 

Midterm Exam 

Name: 

March 3, 2011 

Write your answers in the space provided, using the back of the page if necessary. 

You can use additional scratch paper. Justify your answers, and provide clear, 

readable explanations. 

Problem Points Score 

1 6 

2 10 

3 10 

4 10 

5 8 

6 10 

7 10 

Total 64 

GOOD LUCK

Problem 1. (6 points) 

Use calculations with propositional logic to simplify the expression 

¬(p ∧ ¬q) ∨ (¬p ∧ q).


Consider the following inference: 

• Either John isn’t stupid and he is lazy, or he is stupid. 

• John is stupid. 

• Therefore, John isn’t lazy. 

Part a) (3 points) Represent this inference in propositional logic, using the variables 

S for “John is stupid” and L for “John is lazy.” 

Part b) (4 points) What does it mean to say that a propositional inference is 

valid? (Be clear and precise.) 

Part c) (3 points) Determine whether the inference above is valid, and justify 

your answer.


Part a) (5 points) Write down a first-order sentence expressing: 

Everyone who lives in Pittsburgh knows someone who lives in California. 

Use the predicate symbols C(x) and P (x) for “lives in California,” and “lives in 

Pittsburgh,” respectively, and the relation symbol K(x, y) for “x knows y.” Also, 

assume that quantifiers and variables range over people. 

Part b) (5 points) Using the language of Tarski’s World, write down a first-order 

sentence that is true of a world exactly when there is a large cube between two 

tetrahedra, one of which is small.


Give a clear, readable, proof of the following identity: A\(B∩C) = (A\B)∪(A\C).


Let F and G be families of sets. Show that if F ⊆ G, then ⋂ G ⊆ ⋂ F.

Problem 6. (10 points) For Problems 6 and 7, use only the basic natural deduction 

rules. 

Part a) (5 points) Give a natural deduction proof of ¬q → ¬p from p → q. 

Part b) (5 points) Give a natural deduction proof of p ∧ q from ¬(¬p ∨ ¬q).


Part a) (5 points) Give a natural deduction proof of ∀x B(x) from ∀x A(x) and 

∀x (A(x) → B(x)). 

Part b) (5 points) Give a natural deduction proof of ∃x A(x) ∨ ∃x B(x) from 

∃x (A(x) ∨ B(x)).

Midterm Solutions 

1. We have 

¬(p ∧ ¬q) ∨ (¬p ∧ q) ≡ (¬p ∨ ¬¬q) ∨ (¬p ∧ q) 

≡ 

≡ 

¬p ∨ (q ∨ (¬p ∧ q)) 

¬p ∨ q 

2. a. The hypotheses are (¬S ∧ L) ∨ S and S. The conclusion is ¬L. 

b. An inference in propositional logic is valid if the following holds: for 

every truth assignment to the variables, if the hypotheses come out 

true under that assignment, so does the conclusion. (Less formally: 

for every line of the truth table, if the premises are true, so is the 

conclusion.) 

c. The inference is not valid. If we assign S the value “true” and L the 

value “true,” then both hypotheses are true, but the conclusion is 

false. 

3. a. ∀x (P (x) → ∃y (C(y) ∧ K(x, y)). 

b. ∃x, y, z (Cube(x)∧Large(x)∧Tet(y)∧Tet(z)∧Small(z)∧Between(x, y, z). 

4. Suppose x is in A \ (B ∩ C). Then x is in A, but x is not in both B 

and C. Then either x is not in B, or x is not in C. In the first case, x 

is in A \ B, and in the second case, x is in A \ C. Either way, x is in 

(A \ B) ∪ (A \ C). 

Conversely, suppose x is in (A \ B) ∪ (A \ C). Then either x is in A \ B 

or x is in A \ C. In the first case, x is in A but not B, and hence x is 

not in B ∩ C. So, in that case x is in A \ (B ∩ C). In the second case, x 

is in A but not C, so again x is not in B ∩ C. So, in the ase too, x is in 

A \ (B ∩ C). 

5. Suppose x is in ⋂ G. Then for every set A in G, x is in A. Let B be 

any set in F. Since F ⊆ G, B is in G, and so x is in B. Since B is an 

arbitrary set in F, x is in ⋂ F. 

6. 

a.

. 

p → q 

¬q 

b 

q 

⊥ 

¬p a 

b 

¬q → ¬p 

p 

a 

¬(¬p ∨ ¬q) 

a 

¬p 

¬p ∨ ¬q 

¬(¬p ∨ ¬q) 

b 

¬q 

¬p ∨ ¬q 

⊥ a 

p 

p ∧ q 

⊥ b 

q 

7. 

a. 

b. 

∀x A(x) 

A(y) 

∀x (A(x) → B(x)) 

A(y) → B(y) 

B(y) 

∀x B(x) 

∃x (A(x) ∨ B(x)) 

A(y) 

∃x A(x) 

A(y) ∨ B(y) 

b 

∃x A(x) ∨ ∃x B(x) 

∃x A(x) ∨ ∃x B(x) 

b 

∃x A(x) ∨ ∃x B(x) 

a 

a 

B(y) 

∃x B(x) 

∃x A(x) ∨ ∃x B(x) 

a

LOGIC AND MATHEMATICAL INQUIRY 

Final Exam 

Name: 

May 6, 2011 

Write your answers in the space provided, using the back of the page if necessary. 

You can use additional scratch paper. Justify your answers, and provide clear, 

readable explanations. 

Problem Points Score 

1 12 

2 12 

3 12 

4 12 

5 12 

6 12 

Total 72 

GOOD LUCK


Part a) (2 points) Let A and B be sets, and let f be a function from A to B. 

What does it mean to say that f is injective? 

Part b) (2 points) Let A and B be sets, and let f be a function from A to B. 

What does it mean to say that f is surjective? 

Part c) (4 points) Show that if f : A → B is injective, and g : B → C is injective, 

then g ◦ f is injective. 

Part d) (4 points) Show that if f : A → B is surjective, and g : B → C is 

surjective, then g ◦ f is surjective.

Problem 2. (12 points) Let A be a set and let ≡ be an equivalence relation on A. 

Recall that for any element a in A, the equivalence class of a, written [a], is defined 

by [a] = {b ∈ A | a ≡ b}. Recall also that A/≡ is defined to be {[a] | a ∈ A}, the set 

of equivalence classes. For these problems, do not use any background facts other 

than these definitions and the definition of an equivalence relation. 

Part a) (4 points) Show that for any a and b in A, b ∈ [a] if and only if [a] = [b]. 

Part b) (4 points) Show that if X and Y are elements of A/ ≡, then either X 

and Y are disjoint (that is, X ∩ Y = ∅) or X = Y . 

Part c) (4 points) Show A = ⋃ (A/≡).

Problem 3. (12 points) Let N denote the natural numbers, with initial element 0 

and successor function s(x). Addition is characterized by the following two clauses: 

1. for every x, x + 0 = x 

2. for every x and y, x + s(y) = s(x + y). 

Using induction and nothing beyond the two facts above, prove that for every x and 

y, x + y = y + x. Note that to make the induction work, you will have to prove 

auxilliary facts along the way.

Problem 4. (12 points) Prove the following using natural deduction. 

Part a) (4 points) ∀x P (x) ∨ ∀x Q(x) → ∀x (P (x) ∨ Q(x)) 

Part b) (4 points) (p → q) → ¬(p ∧ ¬q)

Part c) (4 points) ¬(p ∧ ¬q) → (p → q)

Problem 5. (12 points) Express all of the following in the language of set theory, 

using only the relations ∈ and = and first-order logic. (In later parts, you can freely 

use symbols that you define in earlier parts.) 

Part a) (2 points) x ⊆ y 

Part b) (2 points) x = ∅ 

Part c) (2 points) x = y ∩ z 

Part d) (2 points) x = P(y) (the power set of y) 

Part e) (2 points) x = y ∪ {y} 

Part f) (2 points) x has exactly two elements


Part a) (2 points) What does it mean to say that A ∼ B, that is, A and B are 

equinumerous? 

Part b) (2 points) What does it mean to say that A is countably infinite? 

Part c) (4 points) Prove that the set of rational numbers, Q, is countably infinite.

Part d) (4 points) Prove that P(N) is not countably infinite.

05/18/11 Examples1.thy 1 


imports Main 

begin 

(* Here is a list of basic commands for propositional logic: 












apply (erule notE) 





- or "drule" 

- or "drule" 

You can get more information about any of these using "thm", as in 

thm conjI 

*) 

lemma ex1: "P & Q --> Q & P" 






done 

lemma ex2: "(P & Q) & R --> P & (Q & R)" 









done 

lemma ex3: "[| (P --> Q); (Q --> R)|] ==> P --> R" 






file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/Examples1.thy



done 

lemma ex4: "P | Q --> Q | P" 







done 

lemma ex5: "P & P P" 





apply assumption+ 

done 

lemma ex6: "~ (P | Q) --> ~P" 






done 

lemma ex7: "P | ~P" 







done 

lemma ex8: "~(P & Q) --> ~P | ~Q" 













done 

(* some proof shortcuts *) 

thm de_Morgan_conj 



thm de_Morgan_conj [symmetric] 

thm de_Morgan_disj 

thm not_not 

thm not_imp 

thm imp_conv_disj 

lemma ex9: "~(P & Q) --> ~P | ~Q" 


apply (subst (asm) de_Morgan_conj) 


done 

lemma ex10: "~(P & Q) --> ~P | ~Q" 


apply (subst de_Morgan_conj [symmetric]) 


done 

(* examples of reasoning with sets *) 

thm set_ext 

thm subsetI 

thm Int_iff 

thm Un_iff 

thm Diff_iff 

lemma ex11: "A - (B Un C) = (A - B) Int (A - C)" 





apply (subst Diff_iff)+ 
















apply (erule conjE)+ 







apply (erule notE) back 




done 

end 




imports Main 

begin 

(* 

For first-order logic, you can use the following commands: 



apply (erule allE) 



If you want to specify a particular term, like "f y", for a universal 

quantifier in a hypothesis, type 

apply (frule_tac x ="f y" in spec) 

Similarly, if you want to specify "f y" for the existential introduction 

rule, type 

apply (rule_tac x = "f y" in exI) 

If the term is just a variable, you can leave off the quotation marks. 

*) 

lemma ex1: "(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)" 




apply (drule_tac x = x in spec) 







done 

(* note: if you leave out the terms, Isabelle can infer them *) 

lemma ex1b: "(ALL x. P x & Q x) --> (ALL x. P x) & (ALL x. Q x)" 




apply (drule spec) 







done 



lemma ex2: "(EX x. P (f x)) --> (EX x. P x)" 



apply (rule_tac x = "f x" in exI) 


done 

lemma ex3: "(EX x. P x | Q x) --> (EX x. P x) | (EX x. Q x)" 





apply (rule_tac x = "x" in exI) 





done 

lemma ex4: "(ALL x. P x --> Q x) --> ((ALL x. P x) --> (ALL x. Q x))" 




apply (drule_tac x = "x" in spec) 




done 

lemma ex5: "(EX (x::'a). ALL y. R x y) --> (ALL y. EX x. R x y)" 




apply (drule_tac x = "y" in spec) 



done 

lemma "x = y & P x --> P y" 



apply (erule subst) 


done 

lemma "(x :: nat) + (y + z) = z + (x + y)" 

apply (subst add_assoc [symmetric]) 

apply (subst (3) add_commute) 

apply (rule refl) 

done 

lemma "((x :: nat) + 1)^2 = x^2 + 2 * x + 1" 

apply (simp only: power2_eq_square algebra_simps) 

done 



lemma "((x::'a::comm_ring) + y) * (x + y) = x * x + x * y + x * y + y * y" 

apply (simp add: algebra_simps) 

done 

lemma "(-(x::'a::comm_ring) * - y) = x * y" 

apply simp 

done 

end 


05/18/11 homework6.thy 1 

theory homework6 

imports Main 

begin 

(* 

Replace the next four "sorry"'s with proofs, using only the following 

commands: 

















- or "drule" 

- or "drule" 

Remember that you can get more information about any of these using "thm", 

as in 

thm conjI 

Don't forget to type the word "done" at the end of the proof. 

For reference, some examples of proofs appear at the end of this file. 

*) 

lemma exercise1: "P & (Q | R) --> (P & Q) | (P & R)" 

sorry 

lemma exercise2: "(P | Q --> R) --> ((P --> R) & (Q --> R))" 

sorry 

lemma exercise3: "(P --> Q) --> (~Q --> ~P)" 

sorry 

lemma butler: "[| ~(B & C); L | C |] ==> L | ~B" 

sorry 

(* 

These are sample proofs from the file Examples1.thy 

*) 

lemma ex1: "P & Q --> Q & P" 

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/homework6.thy







done 










done 








done 

lemma ex4: "P | Q --> Q | P" 







done 







done 

lemma ex6: "~ (P | Q) --> ~P" 






done 










done 

lemma ex8: "~(P & Q) --> ~P | ~Q" 













done 

end 


05/18/11 solutions6.thy 1 


imports Main 

begin 

(* 



















- or "drule" 

- or "drule" 


as in 

thm conjI 



*) 

lemma exercise1: "P & (Q | R) --> (P & Q) | (P & R)" 










done 

lemma exercise2: "(P | Q --> R) --> ((P --> R) & (Q --> R))" 






file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/solutions6.thy







done 

lemma exercise3: "(P --> Q) --> (~Q --> ~P)" 








done 

lemma butler: "[| ~(B & C); L | C |] ==> L | ~B" 









done 

(* 


*) 

lemma ex1: "P & Q --> Q & P" 






done 










done 










done 

lemma ex4: "P | Q --> Q | P" 







done 







done 

lemma ex6: "~ (P | Q) --> ~P" 






done 








done 

lemma ex8: "~(P & Q) --> ~P | ~Q" 













done 



end 




imports Main 

begin 

(* 

Replace the next three "sorry"'s with proofs, using only the following 


















- or "drule" 

- or "drule" 


as in 

thm conjI 



*) 

(* hint: for this one, you need to use "classical" or "ccontr" *) 

lemma exercise1: "~(P --> Q) --> P & ~Q" 

sorry 

lemma exercise2: "~(P | Q) --> ~P & ~Q" 

sorry 

lemma exercise3: "[| P --> Q; ~(Q & R); R; S --> P|] ==> ~P & ~S" 

sorry 

(* this one is extra credit *) 

lemma extra_credit: "~(P ~P)" 

sorry 

(* 

Now prove the following, keeping in mind that "x : A" means "x is an 

element of A" (see the notes on using propositional logic in Isabelle 

that are posted on Blackboard). 



In addition to the commands above, you will have to use commands like 

apply (rule set_ext) -- renamed set_eqI in the latest version of Isabelle 

apply (rule subsetI) 




to unwrap what it means for two sets to be equal, what it means for 

an element to be in an intersection, and so on. 

You will also need to use 

apply (subst (asm) ...) 

to unwrap a definition that occurs as a hypothesis, that is, on the 

left side of a sequent. 

You can also use any of the shortcuts described in the examples below, 

and in the notes. 

*) 

(* Hint: remember that sometimes, the "=" symbol in Isabelle means "iff" *) 

(* (but not in the statement of this lemma, where it means set equality) *) 

lemma exercise4: "A Int B = B Int A" 

sorry 

(* Note that here " P & (Q & R)" 









done 










done 

lemma ex4: "P | Q --> Q | P" 







done 







done 

lemma ex6: "~ (P | Q) --> ~P" 






done 








done 

lemma ex8: "~(P & Q) --> ~P | ~Q" 















done 





thm not_not 

thm not_imp 


lemma ex9: "~(P & Q) --> ~P | ~Q" 




done 

lemma ex10: "~(P & Q) --> ~P | ~Q" 




done 


thm set_ext 

thm subsetI 

thm Int_iff 

thm Un_iff 

thm Diff_iff 

































done 

end 




imports Main 

begin 

(* 



















- or "drule" 

- or "drule" 


as in 

thm conjI 



*) 

(* hint: for this one, you need to use "classical" or "ccontr" *) 

lemma exercise1: "~(P --> Q) --> P & ~Q" 



apply (rule ccontr) (* or (rule classical) *) 









done 

lemma exercise2: "~(P | Q) --> ~P & ~Q" 













done 

lemma exercise3: "[| P --> Q; ~(Q & R); R; S --> P|] ==> ~P & ~S" 















done 

lemma extra_credit: "~(P ~P)" 











done 

(* 

Now prove the following, keeping in mind that "x : A" means "x is an 

element of A" (see the notes on using propositional logic in Isabelle 

that are posted on Blackboard). 

In addition to the commands above, you will have to use commands like 

apply (rule set_ext) -- renamed set_eqI in the latest version of Isabelle 

apply (rule subsetI) 




as well as 



*) 

apply (subst (asm) ...) 

to unwrap a definition 

to unwrap what it means for two sets to be equal, what it means for 

an element to be in an intersection, and so on. You can also use any of the 

shortcuts described in the examples below, and in the notes. 

(* Hint: remember that sometimes, the "=" symbol in Isabelle means "iff" *) 

(* (but not in the statement of this lemma, where it means set equality) *) 

lemma exercise4: "A Int B = B Int A" 




apply (subst (asm) Int_iff) 





apply (subst (asm) Int_iff) 




done 

(* Note that here "










done 

(* 


*) 

lemma ex1: "P & Q --> Q & P" 






done 










done 








done 

lemma ex4: "P | Q --> Q | P" 







done 









done 

lemma ex6: "~ (P | Q) --> ~P" 






done 








done 

lemma ex8: "~(P & Q) --> ~P | ~Q" 













done 





thm not_not 

thm not_imp 


lemma ex9: "~(P & Q) --> ~P | ~Q" 




done 

lemma ex10: "~(P & Q) --> ~P | ~Q" 






done 


thm set_ext 

thm subsetI 

thm Int_iff 

thm Un_iff 

thm Diff_iff 































done 

end 




imports Main 

begin 

(* 



















- or "drule" 

- or "drule" 



apply (frule_tac x ="f y" in spec) (* or any other term *) 



apply (rule_tac x = "f y" in exI) (* or any other term *) 


Some examples from Examples2.thy are appended below. If you are in 

doubt about how Isabelle is interpreting implicit parentheses, choose 

Settings / Show Brackets 

from the "Isabelle" menu. 

*) 

lemma exercise1: "[| (ALL x. A x --> B x); (ALL x. B x --> C x) |] ==> 

ALL x. A x --> C x" 

sorry 

lemma exercise2: "(ALL x. P x) | (ALL x. Q x) --> (ALL x. P x | Q x)" 

sorry 

lemma exercise3: "(ALL x. P x) --> ~ (EX x. ~P x)" 

sorry 

lemma exercise4: "[| ALL x. Y(x) & H(x) --> B(x); ALL x. A(x) --> H(x); 

EX x. Y(x) & A(x)|] ==> EX x. B(x)" 



sorry 

(* Here are the examples *) 












done 













done 






done 











done 











done 








done 

end 




imports Main 

begin 

(* 



















- or "drule" 

- or "drule" 



apply (frule_tac x ="f y" in spec) (* or any other term *) 



apply (rule_tac x = "f y" in exI) (* or any other term *) 


Some examples from Examples2.thy are appended below. If you are in 

doubt about how Isabelle is interpreting implicit parentheses, choose 

Settings / Show Brackets 

from the "Isabelle" menu. 

*) 

lemma exercise1: "[| (ALL x. A x --> B x); (ALL x. B x --> C x) |] ==> 

ALL x. A x --> C x" 



apply (drule_tac x = x in spec)+ 





done 

lemma exercise2: "(ALL x. P x) | (ALL x. Q x) --> (ALL x. P x | Q x)" 












done 

lemma exercise3: "(ALL x. P x) --> ~ (EX x. ~P x)" 







done 

lemma exercise4: "[| ALL x. Y(x) & H(x) --> B(x); ALL x. A(x) --> H(x); 

EX x. Y(x) & A(x)|] ==> EX x. B(x)" 


apply (rule_tac x = x in exI) 

apply (drule_tac x = x in spec)+ 



apply (erule conjI) 



done 

(* Here are the examples *) 












done 















done 






done 











done 









done 








done 

end 



theory Homework9 

imports Main 

begin 

(* 

Remember that for first-order logic, you can use the following commands: 










rule, type 



*) 

lemma ex1: "(ALL x. P x) & (ALL x. Q x) --> (ALL x. P x & Q x)" 

sorry 

lemma ex2: "(EX x. P x) | (EX x. Q x) --> (EX x. P x | Q x)" 

sorry 

lemma ex3: "(EX x. P x) & (ALL x. P x --> Q x) --> (EX x. Q x)" 

sorry 

end 




imports Main 

begin 

(* 

Remember that for first-order logic, you can use the following commands: 










rule, type 



*) 

lemma ex1: "(ALL x. P x) & (ALL x. Q x) --> (ALL x. P x & Q x)" 








back 


done 

lemma ex2: "(EX x. P x) | (EX x. Q x) --> (EX x. P x | Q x)" 











done 

lemma ex3: "(EX x. P x) & (ALL x. P x --> Q x) --> (EX x. Q x)" 











done 

end 




imports Main 

begin 

(* 

These are axioms for the natural numbers -- the recursive definitions of 

addition and multiplication, and the definition of 1. 

*) 

lemma pl_0: "x + (0::nat) = x" 

by auto 

lemma pl_Suc: "x + Suc y = Suc (x + y)" 

by auto 

lemma ti_0: "x * (0::nat) = 0" 

by auto 

lemma ti_Suc: "x * (Suc y) = x * y + x" 

by auto 

lemma one_def: "1 = Suc 0" 

by auto 

(* 

This file contains formal proofs of all the properties on the handout 

"The natural numbers," except for two, which have only a "sorry." 

Replace these "sorry"'s by proofs. 

You should only need the following commands: 

apply (induct x) - do induction on x 

apply (subst blah) - do a substitution in the goal using equality "blah" 

apply (subst blah [symmetric]) - do a substitution in the goal using equality 

in the other direction 

apply (erule ssubst) - do a substitution in the goal using an equality in 

the hypotheses 

apply (erule subst) - do a substitution in the other direction 

back - try a different substitution (if there is more than one) 

apply (rule refl) - apply reflexivity (x = x) 

apply (rule sym) - apply symmetry 

For "blah," you can use any of the axioms above, or any of the previous 

lemmas. 

*) 

lemma pl_x_one : "x + 1 = Suc x" 

apply (subst one_def) 

apply (subst pl_Suc) 

apply (subst pl_0) 


done 



lemma pl_0_x : "(0::nat) + x = x" 

apply (induct x) 






done 

lemma pl_Suc_x : "(Suc x) + y = Suc (x + y)" 

apply (induct y) 

apply (subst pl_0)+ 


apply (subst pl_Suc)+ 



done 

lemma pl_assoc : "((x::nat) + y) + z = x + (y + z)" 

apply (induct z) 






done 

lemma pl_commute : "(x::nat) + y = y + x" 



apply (subst pl_0_x) 




apply (subst pl_Suc_x) 


done 

lemma ti_pl_dist : "(x::nat) * (y + z) = (x * y) + (x * z)" 

sorry 

lemma ti_assoc : "((x::nat) * y) * z = x * (y * z)" 

sorry 

lemma ti_0_x : "(0::nat) * x = 0" 


apply (subst ti_0) 


apply (subst ti_Suc) 


apply (rule pl_0) 

done 

lemma ti_Suc_x : "(Suc x) * y = (x * y) + y" 




apply (subst ti_0)+ 



apply (subst ti_Suc)+ 



apply (subst pl_assoc)+ 

apply (subst pl_commute) back 


done 

lemma ti_commute: "(x::nat) * y = y * x" 



apply (subst ti_0_x) 



apply (subst ti_Suc_x) 



done 

end 




imports Main 

begin 

(* 

These are axioms for the natural numbers -- the recursive definitions of 

addition and multiplication, and the definition of 1. 

*) 

lemma pl_0: "x + (0::nat) = x" 

by auto 


by auto 

lemma ti_0: "x * (0::nat) = 0" 

by auto 


by auto 


by auto 

(* 

This file contains formal proofs of all the properties on the handout 

"The natural numbers," except for two, which have only a "sorry." 

Replace these "sorry"'s by proofs. 

You should only need the following commands: 

apply (induct x) - do induction on x 

apply (subst blah) - do a substitution in the goal using equality "blah" 

apply (subst blah [symmetric]) - do a substitution in the goal using equality 

in the other direction 

apply (erule ssubst) - do a substitution in the goal using an equality in 

the hypotheses 

apply (erule subst) - do a substitution in the other direction 

back - try a different substitution (if there is more than one) 

apply (rule refl) - apply reflexivity (x = x) 

apply (rule sym) - apply symmetry 

For "blah," you can use any of the axioms above, or any of the previous 

lemmas. 

*) 






done 










done 








done 








done 










done 









apply (subst pl_assoc) 


done 









apply (subst ti_pl_dist) 


done 

lemma ti_0_x : "(0::nat) * x = 0" 







done 












done 










done 

end 


05/18/11 arith.thy 1 

theory arith 

imports Main 

begin 

lemma pl_0: "x + (0::nat) = x" 

by auto 


by auto 

lemma ti_0: "x * (0::nat) = 0" 

by auto 


by auto 


by auto 






done 








done 








done 








done 

file:///home/jeremy/Documents/Teaching/Spring 11/L&MI 2011/Isabelle/arith.thy

05/18/11 arith.thy 2 










done 









apply (subst pl_assoc) 


done 







apply (subst ti_pl_dist) 


done 

lemma ti_0_x : "(0::nat) * x = 0" 







done 












done 


05/18/11 arith.thy 3 










done 

end 


05/18/11 orders.thy 1 

theory Orders 

imports Main 

begin 

locale order = 

fixes 

R :: "'a => 'a => bool" (infix "

05/18/11 orders.thy 2 

(* apply (auto intro: trans asym) *) 



apply (erule trans) 




apply (erule asym) 



done 

lemma "total ==> a

Isabelle / Proof General Cheat Sheet 

Applying rules and theorems 

apply (rule theorem): use when the conclusion of theorem matches the conclusion 

of the current goal 

apply (erule theorem): use when the conclusion of theorem matches the conclusion 

of the current goal and the first premise of theorem matches a premise 


apply (frule theorem): use when the first premise of theorem matches a premise 


apply (drule theorem): like frule except it deletes the matching premise 

back: useful if erule/drule/frule are choosing the wrong premise 

apply assumption: when the conclusion of the current goal is also a premise 

Automated methods 

apply auto: applies automated tools to look for solution 

apply force: like auto, but “do or die” (and only applies to the first goal) 

apply clarify: like auto, but less aggressive 

apply simp: simplifies current goal using term rewriting 

apply (simp add:theorems): like the simplifier, but tells the simplifier to use additional 

theorems as well (useful groups of theorems for calculation are ring simps 

and field simps) 

apply clarsimp: a combination of clarify and simp 

apply blast: a powerful first-order prover 

apply arith: automatically solves linear arithmetic problems 

Other methods 

apply (insert theorem): adds theorem as an additional premise 

1

apply (subgoal tac formula): adds formula as an additional premise, and also 

as a new goal to be proven later 

apply (induct tac variable): splits into the appropriate cases to do induction 

on variable (when variable has a natural notion of induction, for instance, it is 

a natural number) 

apply (rule tac v 1 = t 1 and . . . and v n = t n in theorem): like rule, but 

allows the certain variables to be chosen manually (also erule tac,drule tac, and 

frule tac are analagous) 

apply (case tac . . . ): splits on cases 

Handling equality 

apply (subst theorem): applies a substitution (theorem should be an equality) 

apply (subst (asm) theorem): applies a substitution to one of the hypotheses 

apply (subst (i. . . j) theorem): applies a substitution at the positions indicated 

apply (subst (asm) (i. . . j) theorem): applies a substitution at the positions 

indicated in the hypotheses 

apply (erule ssubst): applies a substitution from the hypotheses (useful in 

conjunction with insert). 

apply (erule subst): applies a substitution from the hypotheses (in the rightto-left 

direction of the equality). 

Logical rules 

Propositional Logic: 

notI : (A ⇒ F alse) ⇒ ¬A 

notE: [|¬A; A|] ⇒ B 

conjI : [|A; B|] ⇒ A ∧ B 

conjE: [|A ∧ B; [|A; B|] ⇒ C|] ⇒ C 

conjunct1 : P ∧ Q ⇒ P 

conjunct2 : P ∧ Q ⇒ Q 

context conjI : [|P ; P ⇒ Q|] ⇒ P ∧ Q 

disjI1 : A ⇒ A ∨ B 

disjI2 : A ⇒ B ∨ A 

disjCI : (¬Q ⇒ P ) ⇒ P ∨ Q 

excluded middle: ¬P ∨ P 

disjE: [|A ∨ B; A ⇒ C; B ⇒ C|] ⇒ C 

impI : (A ⇒ B) ⇒ (A → B) 

2

impE: [|A → B; A; B ⇒ C|] ⇒ C 

impCE: [|P → Q; ¬P ⇒ R; Q ⇒ R|] ⇒ R 

mp: [|A → B; A|] ⇒ B 

iffI : [|A ⇒ B; B ⇒ A|] ⇒ A = B 

iffE: [|A = B; [|A → B; B → A|] ⇒ C|] ⇒ C 

classical: (¬A ⇒ A) ⇒ A 

notnotD: ¬¬P ⇒ P 

de Morgan disj : (¬(P ∨ Q)) = (¬P ∧ ¬Q) 

de Morgan conj : (¬(P ∧ Q)) = (¬P ∨ ¬Q) 

disj not1 : (¬P ∨ Q) = (P → Q) 

disj not2 : (P ∨ ¬Q) = (Q → P ) 

First Order Logic: 

exI : P a ⇒ ∃x.P x 

exE: [|∃x.P x; !!x.P x ⇒ C|] ⇒ C 

allI : (!!x.P x) ⇒ ∀x.P x 

spec: ∀x.P x ⇒ P x 

allE: [|∀x.P x; P x ⇒ R|] ⇒ R 

Equality: 

sym: x = y ⇒ y = x 

trans: [|x = y; y = z|] ⇒ x = z 

Emacs/Proof General 

“C” stands for the control key, and “C-key” means holding down the control 

key together with key. 

C-k: delete the rest of the line 

C-a: jump to the beginning of the current line 

C-e: jump to the end of the current line 

C-c C-n: process the next line in Isabelle (the next button) 

C-c C-u: push back the processed part of the text by one line (the undo button) 

C-c C-return: evaluate up to where the cursor is 

C-c C-p: show the current state of a proof (for instance, in place of an error 

message currently being shown) 

Other tips 

Use the browser pages to find theorems. 

3

You can derive your own theorems, and use them as rules. 

Use the “find theorems” command in Proof General. 

Under the Proof General menu, if you choose options/electric-terminator, the 

next line of the proof is sent to Isabelle automatically whenever you end a line 

with a semicolon. 

4

Summary of Logic and Mathematical Inquiry (80-211 ... - Phil Cmu

Create successful ePaper yourself

Delete template?

Save as template?