I Logic and Proof 101 I Logic and Proof 102

Logic and Proof Introduction to Logic Statements

Computer Science Tripos Part IB Logic concerns statements in some language. Statements are declarative assertions:
Michaelmas Term
The language can be natural (English, Latin, . . . ) or formal. Black is the colour of my true love’s hair.

Lawrence C Paulson Some statements are true, others false or meaningless. They are not greetings, questions or commands:
Computer Laboratory Logic concerns relationships between statements: consistency, What is the colour of my true love’s hair?
University of Cambridge
entailment, . . . I wish my true love had hair.
lp15@cam.ac.uk Logical proofs model human reasoning (supposedly). Get a haircut!
Copyright
c 2011 by Lawrence C. Paulson

I Logic and Proof 103 I Logic and Proof 104 I Logic and Proof 105

Consistency, or Satisfiability
Schematic Statements
Interpretations and Validity
A set S of statements is consistent if some interpretation

Now let the variables X, Y , Z, . . . range over ‘real’ objects satisfies all elements of S at the same time. Otherwise S is
An interpretation maps meta-variables to real objects: inconsistent.
Black is the colour of X’s hair.
The interpretation Y 7→ coal satisfies the statement Examples of inconsistent sets:
Black is the colour of Y .
Black is the colour of Y . {X part of Y, Y part of Z, X NOT part of Z}
Z is the colour of Y .
but the interpretation Y 7→ strawberries does not!
Schematic statements can even express questions: {n is a positive integer, n 6= 1, n 6= 2, . . .}
A statement A is valid if all interpretations satisfy A.
What things are black? Satisfiable means the same as consistent.

Unsatisfiable means the same as inconsistent.

I Logic and Proof 106 I Logic and Proof 107 I Logic and Proof 108

Inference
Entailment, or Logical Consequence Schematic Inference Rules

We want to check A is valid. X part of Y Y part of Z

A set S of statements entails A if every interpretation that X part of Z
Checking all interpretations can be effective — but what if there
satisfies all elements of S, also satisfies A. We write S |= A.
are infinitely many? A valid inference:
{X part of Y, Y part of Z} |= X part of Z Let {A1 , . . . , An } |= B. If A1 , . . ., An are true then B must spoke part of wheel wheel part of bike
be true. Write this as the inference rule spoke part of bike
{n 6= 1, n 6= 2, . . .} |= n is NOT a positive integer
A1 ... An An inference may be valid even if the premises are false!
S |= A if and only if {¬A} ∪ S is inconsistent B
cow part of chair chair part of ant
|= A if and only if A is valid, if and only if {¬A} is inconsistent. cow part of ant
We can use inference rules to construct finite proofs!

I Logic and Proof 109 I Logic and Proof 110 II Logic and Proof 201

Survey of Formal Logics Syntax of Propositional Logic

Why Should the Language be Formal?
P, Q, R, . . . propositional letter
propositional logic is traditional boolean algebra.
Consider this ‘definition’: (Berry’s paradox) t true
first-order logic can say for all and there exists.
The smallest positive integer not definable using nine f false
higher-order logic reasons about sets and functions. words ¬A not A
modal/temporal logics reason about what must, or may, Greater than The number of atoms in the Milky Way galaxy A∧B A and B
happen.
This number is so large, it is greater than itself ! A∨B A or B
type theories support constructive mathematics. A→B if A then B
• A formal language prevents AMBIGUITY.
All have been used to prove correctness of computer systems. A↔B A if and only if B
II Logic and Proof 202 II Logic and Proof 203 II Logic and Proof 204

Semantics of Propositional Logic Interpretations of Propositional Logic

Implication, Entailment, Equivalence

An interpretation is a function from the propositional letters to

¬, ∧, ∨, → and ↔ are truth-functional: functions of their
{t, f}. A → B means simply ¬A ∨ B.
operands.
Interpretation I satisfies a formula A if the formula evaluates to A |= B means if |=I A then |=I B for every interpretation I.
A B ¬A A∧B A∨B A→B A↔B
t. A |= B if and only if |= A → B.
t t f t t t t Write |=I A
t f f f t f f Equivalence
A is valid (a tautology ) if every interpretation satisfies A.
f t t f t t f Write |= A A ≃ B means A |= B and B |= A.
f f t f f t t S is satisfiable if some interpretation satisfies every formula in A ≃ B if and only if |= A ↔ B.
S.

II Logic and Proof 205 II Logic and Proof 206 II Logic and Proof 207

Equivalences From NNF to Conjunctive Normal Form

Negation Normal Form

A∧A≃A 3. Push disjunctions in, using distributive laws:

1. Get rid of ↔ and →, leaving just ∧, ∨, ¬:
A∧B≃B∧A
A ∨ (B ∧ C) ≃ (A ∨ B) ∧ (A ∨ C)
(A ∧ B) ∧ C ≃ A ∧ (B ∧ C) A ↔ B ≃ (A → B) ∧ (B → A)
(B ∧ C) ∨ A ≃ (B ∨ A) ∧ (C ∨ A)
A ∨ (B ∧ C) ≃ (A ∨ B) ∧ (A ∨ C) A → B ≃ ¬A ∨ B
A∧f≃f 4. Simplify:
2. Push negations in, using de Morgan’s laws:
A∧t≃A • Delete any disjunction containing P and ¬P
¬¬A ≃ A
A ∧ ¬A ≃ f • Delete any disjunction that includes another: for example,
¬(A ∧ B) ≃ ¬A ∨ ¬B
Dual versions: exchange ∧ with ∨ and t with f in any in (P ∨ Q) ∧ P , delete P ∨ Q.
¬(A ∨ B) ≃ ¬A ∧ ¬B
equivalence • Replace (P ∨ A) ∧ (¬P ∨ A) by A
II Logic and Proof 208 II Logic and Proof 209 III Logic and Proof 301

Tautology checking using CNF

Converting a Non-Tautology to CNF A Simple Proof System

((P → Q) → P) → P Axiom Schemes

P∨Q→Q∨R
1. Elim →: ¬[¬(¬P ∨ Q) ∨ P] ∨ P K A → (B → A)
1. Elim →: ¬(P ∨ Q) ∨ (Q ∨ R)
2. Push ¬ in: [¬¬(¬P ∨ Q) ∧ ¬P] ∨ P S (A → (B → C)) → ((A → B) → (A → C))
2. Push ¬ in: (¬P ∧ ¬Q) ∨ (Q ∨ R)
[(¬P ∨ Q) ∧ ¬P] ∨ P DN ¬¬A → A
3. Push ∨ in: (¬P ∨ Q ∨ R) ∧ (¬Q ∨ Q ∨ R)
3. Push ∨ in: (¬P ∨ Q ∨ P) ∧ (¬P ∨ P) Inference Rule: Modus Ponens
4. Simplify: ¬P ∨ Q ∨ R
4. Simplify: t∧t A→B A
Not a tautology: try P 7→ t, Q 7→ f, R 7→ f t It’s a tautology!
B

III Logic and Proof 302 III Logic and Proof 303 III Logic and Proof 304

Gentzen’s Natural Deduction Systems

A Simple (?) Proof of A →A
Some Facts about Deducibility
The context of assumptions may vary.
(A → ((D → A) → A)) → (1) A is deducible from the set S if there is a finite proof of A Each logical connective is defined independently.
((A → (D → A)) → (A → A)) by S starting from elements of S. Write S ⊢ A.
The introduction rule for ∧ shows how to deduce A ∧ B:
A → ((D → A) → A) by K (2) Soundness Theorem. If S ⊢ A then S |= A. A B
(A → (D → A)) → (A → A) by MP, (1), (2) (3)
A∧B
Completeness Theorem. If S |= A then S ⊢ A.
A → (D → A) by K (4) The elimination rules for ∧ shows what to deduce from A ∧ B:
A → A by MP, (3), (4) (5) Deduction Theorem. If S ∪ {A} ⊢ B then S ⊢ A → B. A∧B A∧B
A B
III Logic and Proof 305 III Logic and Proof 306 III Logic and Proof 307

Sequent Calculus Rules

The Sequent Calculus
More Sequent Calculus Rules
Γ ⇒ ∆, A A, Γ ⇒ ∆
(cut)
Sequent A1 , . . . , Am ⇒ B1 , . . . , Bn means, Γ ⇒∆
A, Γ ⇒ ∆ B, Γ ⇒ ∆ Γ ⇒ ∆, A, B
(∨l) (∨r)
if A1 ∧ . . . ∧ Am then B1 ∨ . . . ∨ Bn Γ ⇒ ∆, A A, Γ ⇒ ∆ A ∨ B, Γ ⇒ ∆ Γ ⇒ ∆, A ∨ B
(¬l) (¬r)
A1 , . . ., Am are assumptions; B1 , . . ., Bn are goals ¬A, Γ ⇒ ∆ Γ ⇒ ∆, ¬A
Γ ⇒ ∆, A B, Γ ⇒ ∆ A, Γ ⇒ ∆, B
Γ and ∆ are sets in Γ ⇒ ∆ (→l) (→r)
A, B, Γ ⇒ ∆ Γ ⇒ ∆, A Γ ⇒ ∆, B A → B, Γ ⇒ ∆ Γ ⇒ ∆, A → B
(∧l) (∧r)
The sequent A, Γ ⇒ A, ∆ is trivially true (basic sequent). A ∧ B, Γ ⇒ ∆ Γ ⇒ ∆, A ∧ B

III Logic and Proof 308 III Logic and Proof 309 III Logic and Proof 310

Easy Sequent Calculus Proofs

Part of a Distributive Law
A, B ⇒ A A Failed Proof
(∧l)
A ∧ B⇒A
(→r) B, C ⇒ A, B
⇒ (A ∧ B) → A (∧l) A ⇒ B, C B ⇒ B, C
A ⇒ A, B B ∧ C ⇒ A, B (∨l)
(∨l) A ∨ B ⇒ B, C
A ∨ (B ∧ C) ⇒ A, B (∨r)
(∨r) A ∨ B⇒B ∨ C
A, B ⇒ B, A A ∨ (B ∧ C) ⇒ A ∨ B similar (→r)
(→r) (∧r) ⇒ (A ∨ B) → (B ∨ C)
A ⇒ B, B → A A ∨ (B ∧ C) ⇒ (A ∨ B) ∧ (A ∨ C)
(→r)
⇒ A → B, B → A A 7→ t, B 7→ f, C 7→ f falsifies unproved sequent!
(∨r) Second subtree proves A ∨ (B ∧ C) ⇒ A ∨ C similarly
⇒ (A → B) ∨ (B → A)
IV Logic and Proof 401 IV Logic and Proof 402 IV Logic and Proof 403

Function Symbols; Terms

Outline of First-Order Logic Relation Symbols; Formulae
Each function symbol stands for an n-place function.
Reasons about functions and relations over a set of individuals: A constant symbol is a 0-place function symbol. Each relation symbol stands for an n-place relation.
father(father(x)) = father(father(y)) A variable ranges over all individuals. Equality is the 2-place relation symbol =
cousin(x, y)
A term is a variable, constant or a function application
An atomic formula has the form R(t1 , . . . , tn ) where R is an

Reasons about all and some individuals: f(t1 , . . . , tn ) n-place relation symbol and t1 , . . ., tn are terms.
All men are mortal Socrates is a man where f is an n-place function symbol and t1 , . . ., tn are A formula is built up from atomic formulæ using ¬, ∧, ∨, and
Socrates is mortal so forth.
terms.

Cannot reason about all functions or all relations, etc. We choose the language, adopting any desired function Later, we can add quantifiers.
symbols.

IV Logic and Proof 404 IV Logic and Proof 405 IV Logic and Proof 406

The Power of Quantifier-Free FOL Universal and Existential Quantifiers The Expressiveness of Quantifiers

It is surprisingly expressive, if we include strong induction rules. All men are mortal:
∀x A for all x, the formula A holds
We can easily prove the equivalence of mathematical ∃x A there exists x such that A holds ∀x (man(x) → mortal(x))
functions:
All mothers are female:
Syntactic variations:
p(z, 0) = 1 q(z, 1) = z
∀x female(mother(x))
p(z, n + 1) = p(z, n) × z q(z, 2 × n) = q(z × z, n) ∀xyz A abbreviates ∀x ∀y ∀z A
There exists a unique x such that A, sometimes written ∃!x A
q(z, 2 × n + 1) = q(z × z, n) × z ∀z . A ∧ B is an alternative to ∀z (A ∧ B)
R ∃x [A(x) ∧ ∀y (A(y) → y = x)]
The prover ACL2 uses this logic to do major hardware proofs. The variable x is bound in ∀x A; compare with f(x)dx
IV Logic and Proof 407 IV Logic and Proof 408 IV Logic and Proof 409

Constants: Interpreting mortal(Socrates) Variables: Interpreting cousin(Charles, y)

The Point of Semantics
A valuation V : variables → D supplies the values of free
We have to attach meanings to symbols like 1, +, <, etc. An interpretation I = (D, I) defines the semantics of a variables.
first-order language.
Why is this necessary? Why can’t 1 just mean 1?? An interpretation I and valuation function V jointly specify the
D is a non-empty set, called the domain or universe. value of any term t by the obvious recursion.
The point is that mathematics derives its flexibility from
allowing different interpretations of symbols. I maps symbols to ‘real’ elements, functions and relations: This value is written IV [t], and here are the recursion rules:
def
• A group has a unit 1, a product x · y and inverse x−1 . c a constant symbol I[c] ∈ D IV [x] = V(x) if x is a variable
n
• In the most important uses of groups, 1 isn’t a number but f an n-place function symbol I[f] ∈ D → D def
IV [c] = I[c]
n
a ‘unit permutation’, ‘unit rotation’, etc. P an n-place relation symbol I[P] ∈ D → {t, f} def
IV [f(t1 , . . . , tn )] = I[f](IV [t1 ], . . . , IV [tn ])

IV Logic and Proof 410 IV Logic and Proof 411 V Logic and Proof 501

The Meaning of Truth—In FOL!

Free vs Bound Variables
Tarski’s Truth-Definition
For interpretation I and valuation V , define |=I,V by
recursion. All occurrences of x in ∀x A and ∃x A are bound
An interpretation I and valuation function V similarly specify
the truth value (t or f) of any formula A. An occurrence of x is free if it is not bound:
|=I,V P(t) if IV [t] ∈ I[P] holds
Quantifiers are the only problem, as they bind variables. ∀y ∃z R(y, z, f(y, x))
|=I,V t = u if IV [t] equals IV [u]
V{a/x} is the valuation that maps x to a and is otherwise In this formula, y and z are bound while x is free.
like V . |=I,V A ∧ B if |=I,V A and |=I,V B
|=I,V ∃x A if |=I,V{m/x} A holds for some m ∈ D We may rename bound variables without affecting the
With the help of V{a/x}, we now formally define |=I,V A, the meaning:
truth value of A. Finally, we define ∀w ∃z ′ R(w, z ′ , f(w, x))
|=I A if |=I,V A holds for all V .
A closed formula A is satisfiable if |=I A for some I .
V Logic and Proof 502 V Logic and Proof 503 V Logic and Proof 504

Substitution for Free Variables

Some Equivalences for Quantifiers Further Quantifier Equivalences

A[t/x] means substitute t for x in A:

(B ∧ C)[t/x] is B[t/x] ∧ C[t/x]

¬(∀x A) ≃ ∃x ¬A These hold only if x is not free in B.
(∀x B)[t/x] is ∀x B
∀x A ≃ ∀x A ∧ A[t/x] (∀x A) ∧ B ≃ ∀x (A ∧ B)
(∀y B)[t/x] is ∀y B[t/x] (x 6= y)
(∀x A) ∧ (∀x B) ≃ ∀x (A ∧ B) (∀x A) ∨ B ≃ ∀x (A ∨ B)
(P(u))[t/x] is P(u[t/x])
B UT WE DO NOT HAVE (∀x A) ∨ (∀x B) ≃ ∀x (A ∨ B). (∀x A) → B ≃ ∃x (A → B)
When substituting A[t/x], no variable of t may be bound in A!
Dual versions: exchange ∀ with ∃ and ∧ with ∨ These let us expand or contract a quantifier’s scope.
Example:(∀y (x = y)) [y/x] IS NOT EQUIVALENT TO

∀y (y = y)

V Logic and Proof 505 V Logic and Proof 506 V Logic and Proof 507

Reasoning by Equivalences Sequent Calculus Rules for ∀

∃x (x = a ∧ P(x)) ≃ ∃x (x = a ∧ P(a)) A[t/x], Γ ⇒ ∆ Γ ⇒ ∆, A A Simple Example of the ∀ Rules

(∀l) (∀r)
≃ ∃x (x = a) ∧ P(a) ∀x A, Γ ⇒ ∆ Γ ⇒ ∆, ∀x A
≃ P(a) Rule (∀l) can create many instances of ∀x A
P(f(y)) ⇒ P(f(y))
Rule (∀r) holds provided x is not free in the conclusion! (∀l)
∀x P(x) ⇒ P(f(y))
∃z (P(z) → P(a) ∧ P(b)) N OT allowed to prove
(∀r)
∀x P(x) ⇒ ∀y P(f(y))
≃ ∀z P(z) → P(a) ∧ P(b)
P(y) ⇒ P(y)
≃ ∀z P(z) ∧ P(a) ∧ P(b) → P(a) ∧ P(b) (∀r)
P(y) ⇒ ∀y P(y) T HIS IS NONSENSE !
≃t
V Logic and Proof 508 V Logic and Proof 509 V Logic and Proof 510

Part of the ∃ Distributive Law

Sequent Calculus Rules for ∃
A Not-So-Simple Example of the ∀ Rules

A, Γ ⇒ ∆ Γ ⇒ ∆, A[t/x] P(x) ⇒ P(x), Q(x)

(∃l) (∃r) (∨r)
∃x A, Γ ⇒ ∆ Γ ⇒ ∆, ∃x A P(x) ⇒ P(x) ∨ Q(x)
P ⇒ Q(y), P P, Q(y) ⇒ Q(y) (∃r)
(→l) P(x) ⇒ ∃y (P(y) ∨ Q(y)) similar
P, P → Q(y) ⇒ Q(y) Rule (∃l) holds provided x is not free in the conclusion!
(∃l) (∃l)
(∀l) ∃x P(x) ⇒ ∃y (P(y) ∨ Q(y)) ∃x Q(x) ⇒ ∃y . . .
P, ∀x (P → Q(x)) ⇒ Q(y) (∨l)
(∀r) Rule (∃r) can create many instances of ∃x A ∃x P(x) ∨ ∃x Q(x) ⇒ ∃y (P(y) ∨ Q(y))
P, ∀x (P → Q(x)) ⇒ ∀y Q(y)
(→r)
∀x (P → Q(x)) ⇒ P → ∀y Q(y) For example, to prove this counter-intuitive formula: Second subtree proves ∃x Q(x) ⇒ ∃y (P(y) ∨ Q(y))
similarly
In (∀l), we must replace x by y. ∃z (P(z) → P(a) ∧ P(b))
In (∃r), we must replace y by x.

V Logic and Proof 511 VI Logic and Proof 601 VI Logic and Proof 602

Clause Form Outline of Clause Form Methods

A Failed Proof
Clause: a disjunction of literals To prove A, obtain a contradiction from ¬A:
P(x), Q(y) ⇒ P(x) ∧ Q(x)
(∃r)
¬K1 ∨ · · · ∨ ¬Km ∨ L1 ∨ · · · ∨ Ln 1. Translate ¬A into CNF as A1 ∧ · · · ∧ Am
P(x), Q(y) ⇒ ∃z (P(z) ∧ Q(z))
(∃l)
P(x), ∃x Q(x) ⇒ ∃z (P(z) ∧ Q(z)) 2. This is the set of clauses A1 , . . ., Am
(∃l) Set notation: {¬K1 , . . . , ¬Km , L1 , . . . , Ln }
∃x P(x), ∃x Q(x) ⇒ ∃z (P(z) ∧ Q(z)) 3. Transform the clause set, preserving consistency
(∧l)
∃x P(x) ∧ ∃x Q(x) ⇒ ∃z (P(z) ∧ Q(z)) Kowalski notation: K1 , · · · , Km → L1 , · · · , Ln
Deducing the empty clause refutes ¬A.
We cannot use (∃l) twice with the same variable
L1 , · · · , Ln ← K1 , · · · , Km
An empty clause set (all clauses deleted) means ¬A is
This attempt renames the x in ∃x Q(x), to get ∃y Q(y) Empty clause: {} or  satisfiable.
Empty clause is equivalent to f, meaning CONTRADICTION ! The basis for SAT SOLVERS and RESOLUTION PROVERS.
VI Logic and Proof 603 VI Logic and Proof 604 VI Logic and Proof 605

The Davis-Putnam-Logeman-Loveland Method Davis-Putnam on a Non-Tautology Example of a Case Split on P

1. Delete tautological clauses: {P, ¬P, . . .} Consider P ∨Q→Q∨R {¬Q, R} {¬R, P} {¬R, Q} {¬P, Q, R} {P, Q} {¬P, ¬Q}
2. For each unit clause {L}, Clauses are {P, Q} {¬Q} {¬R} {¬Q, R} {¬R, Q} {Q, R} {¬Q} if P is true
• delete all clauses containing L {¬R} {R} unit ¬Q
• delete ¬L from all clauses {P, Q} {¬Q} {¬R} initial clauses
{} unit R
3. Delete all clauses containing pure literals {P} {¬R} unit ¬Q
{¬Q, R} {¬R} {¬R, Q} {Q} if P is false
4. Perform a case split on some literal; STOP if a model is {¬R} unit P (also pure)
{¬Q} {Q} unit ¬R
found unit ¬R (also pure)
{} unit ¬Q
DPLL is a decision procedure: it finds a contradiction or a A LL CLAUSES DELETED ! Clauses satisfiable by
Both cases yield contradictions: the clauses are
model. P 7→ t, Q 7→ f, R 7→ f INCONSISTENT !

VI Logic and Proof 606 VI Logic and Proof 607 VI Logic and Proof 608

SAT solvers in the Real World The Resolution Rule Simple Example: Proving P ∧Q→Q∧P

Hint: use ¬(A → B) ≃ A ∧ ¬B

• Progressed from joke to killer technology in 10 years. From B ∨ A and ¬B ∨ C infer A ∨ C

In set notation, 1. Negate! ¬[P ∧ Q → Q ∧ P]

• Princeton’s zChaff has solved problems with more than
one million variables and 10 million clauses. {B, A1 , . . . , Am } {¬B, C1 , . . . , Cn } 2. Push ¬ in: (P ∧ Q) ∧ ¬(Q ∧ P)
{A1 , . . . , Am , C1 , . . . , Cn } (P ∧ Q) ∧ (¬Q ∨ ¬P)
• Applications include finding bugs in device drivers
(Microsoft’s SLAM project). Some special cases: (remember that  is just {}) Clauses: {P} {Q} {¬Q, ¬P}
• Typical approach: approximate the problem with a finite {B} {¬B, C1 , . . . , Cn } Resolve {P} and {¬Q, ¬P} getting {¬Q}.
{B} {¬B}
model; encode it using Boolean logic; supply to a SAT
{C1 , . . . , Cn }  Resolve {Q} and {¬Q} getting : we have refuted the
solver.
negation.
VI Logic and Proof 609 VI Logic and Proof 610 VI Logic and Proof 611

Another Example
The Saturation Algorithm
Heuristics and Hacks for Resolution
Refute ¬[(P ∨ Q) ∧ (P ∨ R) → P ∨ (Q ∧ R)]
At start, all clauses are passive. None are active.
From (P ∨ Q) ∧ (P ∨ R), get clauses {P, Q} and {P, R}. Orderings to focus the search on specific literals
1. Transfer a clause (current) from passive to active.
From ¬ [P ∨ (Q ∧ R)] get clauses {¬P} and {¬Q, ¬R}. Subsumption, or deleting redundant clauses

2. Form all resolvents between current and an active clause. Indexing: elaborate data structures for speed
Resolve {¬P} and {P, Q} getting {Q}.
3. Use new clauses to simplify both passive and active. Preprocessing: removing tautologies, symmetries . . .
Resolve {¬P} and {P, R} getting {R}.
4. Put the new clauses into passive. Weighting: giving priority to “good” clauses over those
Resolve {Q} and {¬Q, ¬R} getting {¬R}. containing unwanted constants
Repeat until CONTRADICTION found or passive becomes empty.
Resolve {R} and {¬R} getting , contradiction.

VII Logic and Proof 701 VII Logic and Proof 702 VII Logic and Proof 703

Prenex Normal Form Skolemization, or Getting Rid of ∃

Reducing FOL to Propositional Logic
Convert to Negation Normal Form using additionally
Start with a formula of the form (Can have k = 0).
Prenex: Move quantifiers to the front ( JUST FOR NOW !)
¬(∀x A) ≃ ∃x ¬A ∀x1 ∀x2 · · · ∀xk ∃y A
Skolemize: Remove quantifiers, preserving consistency
¬(∃x A) ≃ ∀x ¬A
Herbrand models: Reduce the class of interpretations Choose a fresh k-place function symbol, say f
Move quantifiers to the front using (provided x is not free in B)
Herbrand’s Thm: Contradictions have finite, ground proofs
Delete ∃y and replace y by f(x1 , x2 , . . . , xk ). We get
Unification: Automatically find the right instantiations (∀x A) ∧ B ≃ ∀x (A ∧ B)
∀x1 ∀x2 · · · ∀xk A[f(x1 , x2 , . . . , xk )/y]
(∀x A) ∨ B ≃ ∀x (A ∨ B)
Finally, combine unification with resolution
and the similar rules for ∃ Repeat until no ∃ quantifiers remain
VII Logic and Proof 704 VII Logic and Proof 705 VII Logic and Proof 706

Example of Conversion to Clauses Correctness of Skolemization Simplifying the Search for Models

For proving ∃x [P(x) → ∀y P(y)] The formula ∀x ∃y A is consistent S is satisfiable if even one model makes all of its clauses true.
⇐⇒ it holds in some interpretation I = (D, I) There are infinitely many models to consider!
¬ [∃x [P(x) → ∀y P(y)]] negated goal ⇐⇒ for all x ∈ D there is some y ∈ D such that A holds Also many duplicates: “states of the USA” and “the integers 1
∀x [P(x) ∧ ∃y ¬P(y)] conversion to NNF ⇐⇒ some function f^ in D → D yields suitable values of y to 50”

∀x ∃y [P(x) ∧ ¬P(y)] pulling ∃ out ⇐⇒ A[f(x)/y] holds in some I ′ extending I so that f Fortunately, nice models exist.

denotes f^ • They have a uniform structure based on the language’s

∀x [P(x) ∧ ¬P(f(x))] Skolem term f(x)
⇐⇒ the formula ∀x A[f(x)/y] is consistent. syntax.
{P(x)} {¬P(f(x))} Final clauses
Don’t panic if you can’t follow this reasoning! • They satisfy the clauses if any model does.

VII Logic and Proof 707 VII Logic and Proof 708 VII Logic and Proof 709

The Herbrand Universe for a Set of Clauses S The Herbrand Semantics of Terms
The Herbrand Semantics of Predicates
def
H0 = the set of constants in S (must be non-empty) In an Herbrand model, every constant stands for itself.
def
Every function symbol stands for a term-forming operation: An Herbrand interpretation defines an n-place predicate P to
Hi+1 = Hi ∪ {f(t1 , . . . , tn ) | t1 , . . . , tn ∈ Hi
denote a truth-valued function in Hn → {t, f}, making
and f is an n-place function symbol in S}
f denotes the function that puts ‘f’ in front of the given
P(t1 , . . . , tn ) true . . .
[ arguments.
def
H= Hi Herbrand Universe • if and only if the formula P(t1 , . . . , tn ) holds in our
In an Herbrand model, X + 0 can never equal X.
i≥0 desired “real” interpretation I of the clauses.
Hi contains just the terms with at most i nested function
• Thus, an Herbrand interpretation can imitate any other
applications.
Every ground term denotes itself. interpretation.
H consists of the terms in S that contain no variables (ground
This is the promised uniform structure!
terms).
VII Logic and Proof 710 VII Logic and Proof 711 VII Logic and Proof 712

Example of an Herbrand Model Herbrand’s Theorem

A Key Fact about Herbrand Interpretations

 Let S be a set of clauses.

¬even(1) 
 Let S be a set of clauses.
 S is unsatisfiable ⇐⇒ there is a finite unsatisfiable set S ′ of
even(2) clauses S is unsatisfiable ⇐⇒ no Herbrand interpretation satisfies S

 ground instances of clauses of S.
even(X · Y) ← even(X), even(Y) 
• Holds because some Herbrand model mimics every ‘real’ • Finite: we can compute it
model
H = {1, 2, 1 · 1, 1 · 2, 2 · 1, 2 · 2, 1 · (1 · 1), . . .} • Instance: result of substituting for variables
HB = {even(1), even(2), even(1 · 1), even(1 · 2), . . .} • We must consider only a small class of models
• Ground: no variables remain—it’s propositional!
I[even] = {even(2), even(1 · 2), even(2 · 1), even(2 · 2), . . .} • Herbrand models are syntactic, easily processed by
Example: S could be {P(x)} {¬P(f(y))},
computer
(for model where · means product; could instead use sum!) and S ′ could be {P(f(a))} {¬P(f(a))}.

VIII Logic and Proof 801 VIII Logic and Proof 802 VIII Logic and Proof 803

Unification
Substitutions: A Mathematical Treatment Composing Substitutions

Finding a common instance of two terms. Lots of applications:

Composition of φ and θ, written φ ◦ θ, satisfies for all terms t
A substitution is a finite set of replacements
• Prolog and other logic programming languages
θ = [t1 /x1 , . . . , tk /xk ] t(φ ◦ θ) = (tφ)θ
• Theorem proving: resolution and other procedures
It is defined by (for all relevant x)
where x1 , . . ., xk are distinct variables and ti 6= xi .
• Tools for reasoning with equations or satisfying def
constraints f(t, u)θ = f(tθ, uθ) (substitution in terms)
φ ◦ θ = [ (xφ)θ / x, . . . ]

• Polymorphic type-checking (ML and other functional P(t, u)θ = P(tθ, uθ) (in literals) Consequences include θ ◦ [] = θ, and associativity :
languages) {L1 , . . . , Lm }θ = {L1 θ, . . . , Lm θ} (in clauses)
(φ ◦ θ) ◦ σ = φ ◦ (θ ◦ σ)
It is an intuitive generalization of pattern-matching.
VIII Logic and Proof 804 VIII Logic and Proof 805 VIII Logic and Proof 806

Most General Unifiers The Unification Algorithm

The Unification Algorithm: The Case of Two Pairs
θ is a unifier of terms t and u if tθ = uθ. Represent terms by binary trees.

θ is more general than φ if φ = θ ◦ σ for some substitution σ. Each term is a Variable x, y . . ., Constant a, b . . ., or Pair θ ◦ θ ′ unifies (t, t ′ ) with (u, u ′ )

θ is most general if it is more general than every other unifier. (t, t ′ ) if θ unifies t with u and θ ′ unifies t ′ θ with u ′ θ.
We unify the left sides, then the right sides.
If θ unifies t and u then so does θ ◦ σ: S KETCH OF THE A LGORITHM .
In an implementation, substitutions are formed by updating
Constants do not unify with different Constants or with Pairs.
t(θ ◦ σ) = tθσ = uθσ = u(θ ◦ σ) pointers.
Variable x and term t: if x occurs in t, FAIL. Otherwise, unifier
Composition happens automatically as more pointers are
A most general unifier of f(a, x) and f(y, g(z)) is [a/y, g(z)/x]. is [t/x].
updated.
The common instance is f(a, g(z)). Cannot unify f(· · · x · · · ) with x!

VIII Logic and Proof 807 VIII Logic and Proof 808 VIII Logic and Proof 809

Mathematical Justification
Four Unification Examples
Theorem-Proving Example 1
It’s easy to check that θ ◦ θ ′ unifies (t, t ′ ) with (u, u ′ ):
f(x, b) f(x, x) f(x, x) j(x, x, z)
(t, t ′ )(θ ◦ θ ′ ) = (t, t ′ )θθ ′ definition of substitution (∃y ∀x R(x, y)) → (∀x ∃y R(x, y))
f(a, y) f(a, b) f(y, g(y)) j(w, a, h(w))
′ ′ ′ After negation, the clauses are {R(x, a)} and {¬R(b, y)}.
= (tθθ , t θθ ) substituting into the pair
f(a, b) None None j(a, a, h(a))
′ ′ ′
= (uθθ , t θθ ) tθ = uθ The literals R(x, a) and R(b, y) have unifier [b/x, a/y].
[a/x, b/y] Fail Fail [a/w, a/x, h(a)/z]
′ ′ ′ ′ ′ ′ ′
= (uθθ , u θθ ) t θθ = u θθ We have the contradiction R(b, a) and ¬R(b, a).
Remember, the output is a substitution.
= (u, u ′ )(θ ◦ θ ′ ) definition of substitution T HE THEOREM IS PROVED BY CONTRADICTION !
The algorithm naturally yields a most general unifier.
′ ′
In fact θ ◦ θ is even a most general unifier, if θ and θ are!
VIII Logic and Proof 810 VIII Logic and Proof 811 IX Logic and Proof 901

Variations on Unification
The Binary Resolution Rule
Theorem-Proving Example 2 Efficient unification algorithms: near-linear time

Indexing & Discrimination networks: fast retrieval of a unifiable

{B, A1 , . . . , Am } {¬D, C1 , . . . , Cn }
provided Bσ = Dσ
(∀x ∃y R(x, y)) → (∃y ∀x R(x, y)) {A1 , . . . , Am , C1 , . . . , Cn }σ
term
After negation, the clauses are {R(x, f(x))} and (σ is a most general unifier of B and D.)
Associative/commutative unification
{¬R(g(y), y)}.
• Example: unify a + (y + c) with (c + x) + b, get First, rename variables apart in the clauses! For example,
The literals R(x, f(x)) and R(g(y), y) are not unifiable. given
[a/x, b/y]
(They fail the occurs check.) {P(x)} and {¬P(g(x))},
• Algorithm is very complicated
We can’t get a contradiction. F ORMULA IS NOT A THEOREM ! rename x in one of the clauses. (Otherwise, unification would
• The number of unifiers can be exponential
fail.)
Unification in many other theories (often undecidable!)

IX Logic and Proof 902 IX Logic and Proof 903 IX Logic and Proof 904

A Non-Trivial Proof What About Equality?

The Factoring Rule

∃x [P → Q(x)] ∧ ∃x [Q(x) → P] → ∃x [P ↔ Q(x)] In theory, it’s enough to add the equality axioms:
This inference collapses unifiable literals in one clause:
Clauses are • The reflexive, symmetric and transitive laws.
{B1 , . . . , Bk , A1 , . . . , Am }
provided B1 σ = · · · = Bk σ {P, ¬Q(b)} {P, Q(x)} {¬P, ¬Q(x)} {¬P, Q(a)} • Substitution laws like {x 6= y, f(x) = f(y)} for each f.
{B1 , A1 , . . . , Am }σ
Resolve {P, ¬Q(b)} with {P, Q(x)} getting {P, P} • Substitution laws like {x 6= y, ¬P(x), P(y)} for each P.
Example: Prove ∀x ∃y ¬(P(y, x) ↔ ¬P(y, y))
Factor {P, P} getting {P} In practice, we need something special: the paramodulation
The clauses are {¬P(y, a), ¬P(y, y)} {P(y, y), P(y, a)} Resolve {¬P, ¬Q(x)} with {¬P, Q(a)} getting {¬P, ¬P} rule
Factoring yields {¬P(a, a)} {P(a, a)} Factor {¬P, ¬P} getting {¬P} {B[t ′ ], A1 , . . . , Am } {t = u, C1 , . . . , Cn }
Resolution yields the empty clause!
Resolve {P} with {¬P} getting  {B[u], A1 , . . . , Am , C1 , . . . , Cn }σ (if tσ = t ′ σ)
IX Logic and Proof 905 IX Logic and Proof 906 IX Logic and Proof 907

Prolog Clauses Prolog Execution

A (Pure) Prolog Program

Prolog clauses have a restricted form, with at most one positive Linear resolution:
literal. • Always resolve some program clause with the goal clause. parent(elizabeth,charles).
parent(elizabeth,andrew).
The definite clauses form the program. Procedure B with body • The result becomes the new goal clause.
“commands” A1 , . . . , Am is parent(charles,william).
Try the program clauses in left-to-right order.
parent(charles,henry).
B ← A1 , . . . , Am Solve the goal clause’s literals in left-to-right order.
parent(andrew,beatrice).
The single goal clause is like the “execution stack”, with say m Use depth-first search. (Performs backtracking, using little
parent(andrew,eugenia).
tasks left to be done. space.)

Do unification without occurs check. (U NSOUND, but needed grand(X,Z) :- parent(X,Y), parent(Y,Z).
← A1 , . . . , Am cousin(X,Y) :- grand(Z,X), grand(Z,Y).
for speed)

IX Logic and Proof 908 IX Logic and Proof 909 IX Logic and Proof 910

Prolog Execution Another FOL Proof Procedure: Model Elimination

A Survey of Automatic Theorem Provers
:- cousin(X,Y). A Prolog-like method to run on fast Prolog architectures.
:- grand(Z1,X), grand(Z1,Y).
:- parent(Z1,Y2), parent(Y2,X), grand(Z1,Y). Contrapositives: treat clause {A1 , . . . , Am } like the m Saturation (that is, resolution): E, Gandalf, SPASS, Vampire,
* :- parent(charles,X), grand(elizabeth,Y). clauses ...
X=william :- grand(elizabeth,Y).
:- parent(elizabeth,Y5), parent(Y5,Y). A1 ← ¬A2 , . . . , ¬Am Higher-Order Logic: TPS, LEO, LEO-II
* :- parent(andrew,Y). A2 ← ¬A3 , . . . , ¬Am , ¬A1 Model Elimination: Prolog Technology Theorem Prover,
Y=beatrice :- .
.. SETHEO
* = backtracking choice point .
Parallel ME: PARTHENON, PARTHEO
16 solutions including cousin(william,william) Am ← ¬A1 , . . . , ¬Am−1
Tableau (sequent) based: LeanTAP, 3TAP, . . .
and cousin(william,henry) Extension rule: when proving goal P , assume ¬P .
X Logic and Proof 1001 X Logic and Proof 1002 X Logic and Proof 1003

BDDs: Binary Decision Diagrams Decision Diagram for (P ∨ Q) ∧ R Converting a Decision Diagram to a BDD

A canonical form for boolean expressions: decision trees with

sharing. P P
P
• ordered propositional symbols (the variables)
Q Q Q
• sharing of identical subtrees
Q Q
• hashing and other optimisations R R R
Detects if a formula is tautologous (=1) or inconsistent (=0).
R R R R
Exhibits models (paths to 1) if the formula is satisfiable. 0 1 0 1
Excellent for verifying digital circuits, with many other 0 0 0 1 0 1 0 1
No duplicates No redundant tests
applications.

X Logic and Proof 1004 X Logic and Proof 1005 X Logic and Proof 1006

Canonical Forms of Other Connectives

Canonical Form Algorithm
Building BDDs Efficiently
Z ∨ Z ′ , Z → Z ′ and Z ↔ Z ′ are converted to BDDs
To convert Z ∧ Z ′ , where Z and Z ′ are already BDDs: similarly.
Do not construct the full binary tree!
Trivial if either operand is 1 or 0. Some cases, like Z → 0 and Z ↔ 0, reduce to negation.
Do not expand →, ↔, ⊕ (exclusive OR) to other connectives!!
Let Z ′
= if(P, X, Y) and Z = if(P , X , Y ) ′ ′ ′ Here is how to convert ¬Z, where Z is a BDD:
• Recursively convert operands to BDDs.
• If P = P ′ then recursively convert if(P, X ∧ X ′ , Y ∧ Y ′ ). • If Z = if(P, X, Y) then recursively convert
• Combine operand BDDs, respecting the ordering and if(P, ¬X, ¬Y).
sharing.
• If P < P ′ then recursively convert if(P, X ∧ Z ′ , Y ∧ Z ′ ).
• if Z = 1 then return 0, and if Z = 0 then return 1.
• Delete redundant variable tests. • If P > P ′ then recursively convert
(In effect we copy the BDD but exchange the 1 and 0 at the
if(P ′ , Z ∧ X ′ , Z ∧ Y ′ ).
bottom.)
X Logic and Proof 1007 X Logic and Proof 1008 X Logic and Proof 1009

Canonical Form (that is, BDD) of P ∨Q Canonical Form of P ∨Q→Q∨R

Optimisations

Never build the same BDD twice, but share pointers.

P
P Advantages:

→ • If X ≃ Y , then the addresses of X and Y are equal.

∨
P Q is Q
P Q • Can see if if(P, X, Y) is redundant by checking if X = Y .
Q R R
• Can quickly simplify special cases like X ∧ X.

0 1 0 1 0 1 0 1 0 1
Never convert X ∧ Y twice, but keep a hash table of known
canonical forms. This prevents redundant computations.

X Logic and Proof 1010 XI Logic and Proof 1101 XI Logic and Proof 1102

Final Observations Modal Operators Semantics of Propositional Modal Logic

The variable ordering is crucial. Consider this formula:

W : set of possible worlds (machine states, future times, . . .) For a particular frame (W, R)
(P1 ∧ Q1 ) ∨ · · · ∨ (Pn ∧ Qn ) An interpretation I maps the propositional letters to subsets of
R: accessibility relation between worlds
A good ordering is P1 < Q1 < · · · < Pn < Qn : the BDD is W
(W, R) is called a modal frame
linear. w A means A is true in world w
With P1 < · · · < Pn < Q1 < · · · < Qn , the BDD is w P ⇐⇒ w ∈ I(P)
✷A means A is necessarily true
EXPONENTIAL. in all worlds accessible
✸A means A is possibly true w A ∧ B ⇐⇒ w A and w B
Many digital circuits have small BDDs: adders, but not
from here w ✷A ⇐⇒ v A for all v such that R(w, v)
multipliers.
w ✸A ⇐⇒ v A for some v such that R(w, v)
BDDs can solve problems in hundreds of variables.
¬✸A ≃ ✷¬A A cannot be true ⇐⇒ A must be false
The general case remains hard (it is NP-complete).
XI Logic and Proof 1103 XI Logic and Proof 1104 XI Logic and Proof 1105

Truth and Validity in Modal Logic A Hilbert-Style Proof System for K

Variant Modal Logics

Extend your favourite propositional proof system with

For a particular frame (W, R), and interpretation I
Start with pure modal logic, which is called K

w A means A is true in world w Dist ✷(A → B) → (✷A → ✷B) Add axioms to constrain the accessibility relation:
|=W,R,I A means w A for all w in W Inference Rule: Necessitation T ✷A → A (reflexive) logic T
|=W,R A means w A for all w and all I A 4 ✷A → ✷✷A (transitive) logic S4
✷A
|= A means |=W,R A for all frames; A is universally valid B A → ✷✸A (symmetric) logic S5

. . . but typically we constrain R to be, say, transitive. Treat ✸ as a definition And countless others!
def
✸A = ¬✷¬A We mainly look at S4, which resembles a logic of time.
All propositional tautologies are universally valid!

XI Logic and Proof 1106 XI Logic and Proof 1107 XI Logic and Proof 1108

Extra Sequent Calculus Rules for S4 Part of an “Operator String Equivalence”

A Proof of the Distribution Axiom
✸A ⇒ ✸A
A, Γ ⇒ ∆ Γ ∗ ⇒ ∆∗ , A (✷l)
(✷l) (✷r) A ⇒ B, A B, A ⇒ B ✷✸A ⇒ ✸A
✷A, Γ ⇒ ∆ Γ ⇒ ∆, ✷A (→l) (✸l)
A → B, A ⇒ B ✸✷✸A ⇒ ✸A
(✷l) (✷l)
A → B, ✷A ⇒ B ✷✸✷✸A ⇒ ✸A
A, Γ ∗ ⇒ ∆∗ Γ ⇒ ∆, A (✷l) (✷r)
(✸l) (✸r) ✷(A → B), ✷A ⇒ B ✷✸✷✸A ⇒ ✷✸A
✸A, Γ ⇒ ∆ Γ ⇒ ∆, ✸A (✷r)
✷(A → B), ✷A ⇒ ✷B
In fact, ✷✸✷✸A ≃ ✷✸A also ✷✷A ≃ ✷A
def
Γ ∗ = {✷B | ✷B ∈ Γ } Erase non-✷ assumptions. And thus ✷(A → B) → (✷A → ✷B)
def
∆∗ = {✸B | ✸B ∈ ∆} Erase non-✸ goals! Must apply (✷r) first! The S4 operator strings are
✷ ✸ ✷✸ ✸✷ ✷✸✷ ✸✷✸
XI Logic and Proof 1109 XII Logic and Proof 1201 XII Logic and Proof 1202

Simplifying the Sequent Calculus Tableau Calculus: Left-Only

Two Failed Proofs

7 connectives (or 9 for modal logic):

⇒A ¬A, Γ ⇒ A, Γ ⇒
(✸r) (basic)
¬A, A, Γ ⇒ (cut)
⇒ ✸A ¬ ∧ ∨ → ↔ ∀ ∃ (✷ ✸) Γ⇒
(✷r)
A ⇒ ✷✸A
Left and right: so 14 rules (or 18) plus basic sequent, cut
A, B, Γ ⇒ A, Γ ⇒ B, Γ ⇒
(∧l) (∨l)
B⇒A ∧ B A ∧ B, Γ ⇒ A ∨ B, Γ ⇒
(✸r)
B ⇒ ✸(A ∧ B) Idea! Work in Negation Normal Form
(✸l)
✸A, ✸B ⇒ ✸(A ∧ B) A[t/x], Γ ⇒ A, Γ ⇒
(∀l) (∃l)
Fewer connectives: ∧ ∨ ∀ ∃ (✷ ✸) ∀x A, Γ ⇒ ∃x A, Γ ⇒
Can extract a countermodel from the proof attempt
Sequents need one side only!
Rule (∃l) holds provided x is not free in the conclusion!

XII Logic and Proof 1203 XII Logic and Proof 1204 XII Logic and Proof 1205

Tableau Proof of ∀x (P → Q(x)) ⇒ P → ∀y Q(y) The Free-Variable Tableau Calculus

Tableau Rules for S4

Move the right-side formula to the left and convert to NNF: Rule (∀l) now inserts a new free variable:
A, Γ ⇒ A, Γ ∗ ⇒
(✷l) (✸l)
P ∧ ∃y ¬Q(y), ∀x (¬P ∨ Q(x)) ⇒ A[z/x], Γ ⇒
✷A, Γ ⇒ ✸A, Γ ⇒ (∀l)
∀x A, Γ ⇒
def
Γ ∗ = {✷B | ✷B ∈ Γ } Erase non-✷ assumptions
P, ¬Q(y), ¬P ⇒ P, ¬Q(y), Q(y) ⇒ Let unification instantiate any free variable
(∨l)
From 14 (or 18) rules to 4 (or 6) P, ¬Q(y), ¬P ∨ Q(y) ⇒
(∀l) In ¬A, B, Γ ⇒ try unifying A with B to make a basic sequent
P, ¬Q(y), ∀x (¬P ∨ Q(x)) ⇒
Left-side only system uses proof by contradiction (∃l)
P, ∃y ¬Q(y), ∀x (¬P ∨ Q(x)) ⇒ Updating a variable affects entire proof tree
Right-side only system is an exact dual (∧l)
P ∧ ∃y ¬Q(y), ∀x (¬P ∨ Q(x)) ⇒ What about rule (∃l)? D O NOT USE IT ! Instead, Skolemize!
XII Logic and Proof 1206 XII Logic and Proof 1207 XII Logic and Proof 1208

Skolemization from NNF A Failed Proof

Free-Variable Tableau Proof of ∃x ∀y [P(x) → P(y)]
Don’t pull quantifiers out! Skolemize Try to prove ∀x [P(x) ∨ Q(x)] ⇒ ∀x P(x) ∨ ∀x Q(x)

[∀y ∃z Q(y, z)] ∧ ∃x P(x) to [∀y Q(y, f(y))] ∧ P(a) NNF : ∃x ¬P(x) ∧ ∃x ¬Q(x), ∀x [P(x) ∨ Q(x)] ⇒
y 7→ f(z) Skolemize: ¬P(a) ∧ ¬Q(b), ∀x [P(x) ∨ Q(x)] ⇒
(basic)
It’s better to push quantifiers in (called miniscoping) P(y), ¬P(f(y)), P(z), ¬P(f(z)) ⇒
(∧l)
Example: proving ∃x ∀y [P(x) → P(y)]: P(y), ¬P(f(y)), P(z) ∧ ¬P(f(z)) ⇒
(∀l) y 7→ a y 7→ b???
Negate; convert to NNF : ∀x ∃y [P(x) ∧ ¬P(y)] P(y), ¬P(f(y)), ∀x [P(x) ∧ ¬P(f(x))] ⇒
(∧l) ¬P(a), ¬Q(b), P(y) ⇒ ¬P(a), ¬Q(b), Q(y) ⇒
P(y) ∧ ¬P(f(y)), ∀x [P(x) ∧ ¬P(f(x))] ⇒ (∨l)
Push in the ∃y : ∀x [P(x) ∧ ∃y ¬P(y)] (∀l) ¬P(a), ¬Q(b), P(y) ∨ Q(y) ⇒
∀x [P(x) ∧ ¬P(f(x))] ⇒ (∀l)
Push in the ∀x : (∀x P(x)) ∧ (∃y ¬P(y)) ¬P(a), ¬Q(b), ∀x [P(x) ∨ Q(x)] ⇒
(∧l)
Skolemize: ∀x P(x) ∧ ¬P(a) Unification chooses the term for (∀l) ¬P(a) ∧ ¬Q(b), ∀x [P(x) ∨ Q(x)] ⇒

XII Logic and Proof 1209

The World’s Smallest Theorem Prover?

prove((A,B),UnExp,Lits,FreeV,VarLim) :- !, and
prove(A,[B|UnExp],Lits,FreeV,VarLim).
prove((A;B),UnExp,Lits,FreeV,VarLim) :- !, or
prove(A,UnExp,Lits,FreeV,VarLim),
prove(B,UnExp,Lits,FreeV,VarLim).
prove(all(X,Fml),UnExp,Lits,FreeV,VarLim) :- !, forall
\+ length(FreeV,VarLim),
copy_term((X,Fml,FreeV),(X1,Fml1,FreeV)),
append(UnExp,[all(X,Fml)],UnExp1),
prove(Fml1,UnExp1,Lits,[X1|FreeV],VarLim).
prove(Lit,_,[L|Lits],_,_) :- literals; negation
(Lit = -Neg; -Lit = Neg) ->
(unify(Neg,L); prove(Lit,[],Lits,_,_)).
prove(Lit,[Next|UnExp],Lits,FreeV,VarLim) :-
next formula
prove(Next,UnExp,[Lit|Lits],FreeV,VarLim).