You are on page 1of 101

E L E M E N T S

Edward Nelson
Department of Mathematics
Princeton University
Copyright c _ 2011 by Edward Nelson. All rights reserved.
This book may be reproduced in whole or in part for any noncommercial purpose.
All numbers in this book are ctitious, and any resemblance to actual numbers, even or odd, is
entirely coincidental.
This is a work in progress, version of September 26, 2011.
The latest version is posted at http://www.math.princeton.edu/nelson/books.html

0

2
10 9 8 7 6 5 4 3 2 1 0
To Sarah
because you are overowing with fun and faith
Glory be to God for dappled things
For skies of couple-color as a brinded cow;
For rose-moles all in stipple upon trout that swim;
Fresh-recoal chestnut-falls; nches wings;
Landscape plotted and piecedfold, fallow, and plough;
And all trades, their gear and tackle and trim.
All things counter, original, spare, strange;
Whatever is ckle, freckl`ed (who knows how?)
With swft, slow; sweet, sour; adazzle, dm;
He fathers-forth whose beauty is past change:
Praise hm.
GERARD MANLEY HOPKINS
PART I
INCONSISTENCY
CHAPTER 1
Thesis
The aim of this work is to show that contemporary mathematics, including Peano
arithmetic, is inconsistent, to construct rm foundations for mathematics, and to begin
building on those foundations.
1. Potential versus actual innity
Let us distinguish between the concrete (i.e., the genetic in the sense of pertaining to
origins, the given, what is present) on the one hand, and on the other the formal (i.e., the
abstract, the hypothetical). All of mathematical activity is concrete, though the subject
matter is formal.
A numeral is a variable-free term of the language whose nonlogical symbols are the
constant 0 (zero) and the unary function symbol S (successor). Thus the numerals are
0, S0, SS0, SSS0, . . . .
Numerals constitute a potential innity. Given any numeral, we can construct a
new numeral by prexing it with S. Now imagine this potential innity to be completed.
Imagine the inexhaustible process of constructing numerals somehow to have been nished,
and call the result the set of all numbers, denoted by or N. Thus is thought to be an
actual innity or a completed innity. This is curious terminology, since the etymology of
innite is not nished.
As a concrete concept, the notion of numeral is clear. The attempt to formalize the
concept usually proceeds as follows:
(1) zero is a number
(2) the successor of a number is a number
(3) zero is not the successor of any number
(4) dierent numbers have dierent successors
(5) something is a number only if it is so by virtue of (1) and (2)
We shall refer to this as the usual denition. Sometimes (3) and (4) are not stated
explicitly, but it is the extremal clause (5) that is unclear. What is the meaning of by
virtue of? It is obviously circular to dene a number as something constructible by
applying (1) and (2) any number of times. We cannot characterize numbers from below,
so we attempt to characterize them from above.
7
8 CHAPTER 1. THESIS
The study of the foundations of arithmetic began in earnest with Dedekind
1
and
Peano.
2
Both of these authors gave what today would be called set-theoretic foundations
for arithmetic. In ZFC (Zermelo-Fraenkel set theory with the axiom of choice), let us write
0 for the empty set and dene the successor by
Sx = x x
where the unary function symbol (singleton) and the binary function symbol (union)
have been dened in the usual way. We dene
X is inductive 0 X & x[x X Sx X]
Then the axiom of innity of ZFC is
X[X is inductive]
and one easily proves in ZFC that there exists a unique smallest inductive set; i.e.,
!XX is inductive & Y [Y is inductive X Y ]
where the binary predicate symbol has been dened as usual. We dene the constant
to be this smallest inductive set:
= X X is inductive & Y [Y is inductive X Y ]
and we dene
x is a number x
Then the following are theorems:
(6) 0 is a number
(7) x is a number Sx is a number
(8) x is a number Sx ,= 0
(9) x is a number & y is a number & x ,= y Sx ,= Sy
These theorems are a direct expression of (1)(4) of the usual denition. But can we
express the extremal clause (5)? The induction theorem
x is a number & Y is inductive x Y
merely asserts that for any property that can be expressed in ZFC, if 0 has the property,
and if the successor of every element that has the property also has the property, then
every number has the property.
1
Richard Dedekind, Was sind und was sollen die Zahlen?, Vieweg, Braunschweig, (1888). English
translation as The nature and meaning of numbers by W. W. Beman in Richard Dedekind, Essays on the
Theory of Numbers, Open Court Publishing Company, LaSalle, Illinois. Reprinted by Dover, New York,
1963.
2
Giuseppe Peano, Arithmetices principia, nova methodo exposita, Bocca, Turin, (1889). English trans-
lation in From Frege to G odel: A source book in mathematical logic, 18791931, ed. J. van Heijenoort,
Harvard University Press, Cambridge, Massachusetts, 1967.
1. POTENTIAL VERSUS ACTUAL INFINITY 9
We cannot say, For all numbers x there exists a numeral d such that x = d since
this is a category mistake conating the formal with the concrete.
Using all the power of modern mathematics, let us try to formalize the concept of
number. Let T be any theory whose language contains the constant 0, the unary function
symbol S, and the unary predicate symbol is a number, such that (6)(9) are theorems
of T. For example, T could be the extension by denitions of ZFC described above or it
could be P (Peano arithmetic; see below) with the denition: x is a number x = x.
Have we captured the intended meaning of the extremal clause (5)? To study this
question, construct T

by adjoining a new unary predicate symbol and the axioms


(10) (0)
(11) (x) (Sx)
Notice that is an undened symbol. If T is ZFC, we cannot form the set x : (x)
because the subset axioms of ZFC refer only to formulas of ZFC and (x) is not such a
formula. Sets are not concrete objects, and to ask whether a set with a certain property
exists is to ask whether a certain formula beginning with can be proved in the theory.
Similarly, if T is P we cannot apply induction to (x) since this is not a formula of P.
Induction is not a truth; it is an axiom schema of a formal theory.
If T is consistent then so is T

, because we can interpret (x) by x = x. (And


conversely, of course, if T is inconsistent then so is T

.) For any concretely given numeral


S. . . S0 we can prove (S . . . S0) in as many steps as there are occurrences of S in S. . . S0,
using these two axioms and detachment.
Proving (d) in T

perfectly expresses the notion that d is a number by virtue of


(1) and (2) of the usual denition. We can read (x) as x is a number by virtue of (1)
and (2). Therefore we ask: can
(12) x is a number (x)
be proved in T

? (That is, can we prove that our formalization x is a number captures


the intended meaning of the extremal clause?) Trivially yes if T is inconsistent, so assume
that T is consistent. Then the answer is no. Here is a semantic argument for this assertion.
By (6)(9), none of the formulas
x is a number x = 0 x = S0 x = S . . . S0
is a theorem of T. Hence the theory T
1
obtained from T by adjoining a new constant e
and the axioms
e is a number, e ,= 0, e ,= S0, . . . , e ,= S . . . S0, . . .
is consistent. By the Godel completeness theorem [Go29]
3
[Sh 4.2],
4
T
1
has a model
[Sh 2.6]. Let I be the smallest subset of the universe U of the model containing (0) and
3
Kurt Godel,

Uber die Vollst andigkeit des Logikkalk uls, doctoral dissertation, University of Vienna,
(1929).
4
Joseph R. Shoeneld, Mathematical Logic, Association for Symbolic Logic, A K Peters, Ltd., Natick,
Massachusetts, 1967.
10 CHAPTER 1. THESIS
closed under the function (S). Then (e) is not in I. Expand to be a model

of T

by letting

() be I. Then (12) is not valid in this model, and so is not a theorem of T

.
The conclusion to be drawn from this argument is that it is impossible to formalize
the notion of number in such a way that the extremal clause holds.
5
Most uses of innity in mainstream mathematics involve innity as a limit of nite
objects. The situation is qualitatively dierent when it comes to the notion of truth in
arithmetic. Those who believe that Peano arithmetic must be consistent because it has
a model with universe are placing their faith in a notion of truth in that model that is
utterly beyond any nite computation.
Despite all the accumulated evidence to the contrary, mathematicians persist in be-
lieving in as a real object existing independently of any formal human construction. In a
way this is not surprising. Mathematics as a deductive discipline was invented by Pythago-
ras, possibly with some inuence from Thales. The Pythagorean religion held that all is
number, that the numbers are pre-existing and independent of human thought. Plato was
strongly inuenced by Pythagoras and has been called the greatest of the Pythagoreans.
Over two and a half millennia after Pythagoras, most mathematicians continue to hold a
religious belief in as an object existing independently of formal human construction.
Innite totalities do not exist in any sense of the word
(i.e., either really or ideally). More precisely, any mention,
or purported mention, of innite totalities is, literally,
meaningless.
ABRAHAM ROBINSON
2. Against nitism
There is obviously something inelegant about making arithmetic depend on set theory.
What today is called Peano arithmetic (P) is the theory whose nonlogical symbols are the
constant 0, the unary function symbol S, and the binary function symbols + and , and
whose nonlogical axioms are
(13) Sx ,= 0
(14) Sx = Sy x = y
(15) x + 0 = x
(16) x + Sy = S(x + y)
(17) x 0 = 0
(18) x Sy = (x y) + x
and all induction formulas
(19) A
x
(0) & x[A A
x
(Sx)] A
where A is any formula in the language of P.
5
http://frankandernest.com/cgi/view/display.pl?104-12-15
2. AGAINST FINITISM 11
The induction axiom schema (19) is usually justied as follows. Assume the basis
A
x
(0) and the induction step x[A A
x
(Sx)]. For any numeral d, a special case of the
induction step is A
x
(d) A
x
(Sd). Then we can prove A
x
(SSS0), starting with the basis
and using detachment (modus ponens) three times, and similarly we can prove A
x
(d) for
any numeral d in as many steps as there are occurrences of S in d.
This justication leaves much to be desired. The argument applies only to numerals,
and shows that there is no need at all to postulate induction for numerals. By an unspoken
conation of the genetic concept of numeral with the formal concept of number, induction
is postulated for numbers.
Induction is justied by appeal to the nitary credo: for every number x there exists
a numeral d such that x is d. It is necessary to make this precise; as someone once said, it
depends on what you mean by is. We cannot express it as a formula of arithmetic because
there exists in there exists a numeral d is a metamathematical existence assertion, not
an arithmetical formula beginning with .
Let A be a formula of P with just one free variable x such that
P
xA. By the least
number principle (which is a form of induction), there is a least number x satisfying A.
One might, thinking that every number is a numeral, assert that there exists a numeral d
such that
P
A
x
(d). But, as I learned from Simon Kochen, this does not work. The
rank of a formula is the number of occurrences of in it. Let B be the formula asserting
that there is no arithmetized proof of a contradiction all of whose formulas are of rank at
most x. Then each B
x
(d) can be proved in P by introducing a truth denition for formulas
of rank at most d. But if P is consistent then xB is not a theorem of P, by Godels second
theorem. Now let A be B xB. Then xA is a theorem of P since it is equivalent to the
tautology xB xB, but (if P is consistent) there is no numeral d such that
P
A
x
(d).
The nitary credo can be formulated precisely using the concept of the standard model
of arithmetic: for every element of N there exists a numeral d such that it can be proved
that d is equal to the name of ; but this brings us back to set theory. The nitary credo
has an innitary foundation.
The use of induction goes far beyond the application to numerals. It is used to create
new kinds of numbers (exponential, superexponential, and so forth) in the belief that they
already exist in a completed innity. If there were a completed innity N consisting of all
numbers, then the axioms of P would be true assertions about numbers and P would be
consistent.
It is not a priori obvious that P can express combinatorics, but this is well known
thanks to Godels great paper [Go31]
6
on incompleteness. As a consequence, exponentia-
tion and superexponentiation can be dened in P so that we have
(20) x 0 = S0
(21) x Sy = x (x y)
(22) x 0 = S0
(23) x Sy = x (x y)
6
Kurt G odel,

Uber formal unentscheidbare S atze der Principia Mathematica und verwanter Systeme,
Monatshefte f ur Math. und Physik, 38 (1931) 173-198. English translation in From Frege to G odel: A source
book in mathematical logic, 18791931, 596-616, ed. Jean van Heijenoort, Harvard University Press, 1967.
12 CHAPTER 1. THESIS
and similarly for primitive-recursive functions in general. For the schema of primitive
recursion to be coherent, it is necessary that the values of the functions always reduce to
a numeral, since they are dened only for 0 and iterated successors of numbers for which
they have been previously dened.
Finitists believe that primitive recursions always terminate; for example, that applying
(15)(18) and (20)(23) a sucient number of times,
SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0 SS0
reduces to a numeral. But the putative number of times these rules must be applied can
only be expressed by means of a superexponential expressionthe argument is circular.
The problem is not simply that some primitive recursions are too long. The problem is
structural: there is a sharp division between two classes of primitive recursions. This results
from work of Bellantoni and Cook [BeCo];
7
see also Bellantonis thesis [Be].
8
They indicate
that their work was strongly inuenced by previous work of Leivant, who subsequently [Le]
9
gave a more elegant form to the characterization, and it is appropriate to call the result
the BCL theorem.
While a number is being constructed by recursion, it is only potential, and when the
recursion is complete, it is actual. What Bellantoni and Cook, and Leivant, do is restrict
recursions so that they occur only on actual numbers. Then the theorem is that the class
of functions computable in this way is precisely the class of polynomial-time functions.
This is an astonishing result, since the characterization is qualitative and conceptually
motivated, saying nothing whatever about polynomials,
Bellantoni, Cook, and Leivant have revealed a profound dierence between polyno-
mial-time recursions and all other recursions. The recursions constructed by the BCL
schema enjoy a dierent ontological status from recursions in general. In the former,
recursions are performed only on objects that have already been constructed. In the
latter, for example in a superexponential recursion, one counts chickens before they are
hatched (and the chicks that they produce as well), all in the fond hope that this will
eventually take place in the completed innity by and by.
Not only is induction as a general axiom schema lacking any justication other than an
appeal to N as a completed innity, but its application to specic variable-free primitive-
recursive terms lacks a cogent justication.
We shall exhibit a superexponential recursion and prove that it does not terminate,
thus disproving Churchs Thesis from below and demonstrating that nitism is untenable.
The most extreme view, held by at least one mathematician
at a respectable university, is that eventually a contradiction
will be found even in elementary number theory.
PAUL J. COHEN
7
S. Bellantoni and S. A. Cook, A new recursion-theoretic characterization of poly-time functions,
Computational Complexity 2 (1992), 97-110, http://www.cs.toronto.edu/sacook/homepage/ptime.pdf
8
S. Bellantoni, Predicative Recursion and Computational Complexity,
ftp://ftp.cs.toronto.edu/pub/reports/theory/cs-92-264.ps.Z
9
Daniel Leivant, Ramied recurrence and computational complexity I: Word recurrence and poly-time,
in P. Cole and J. Remmel, eds., Feasible Mathematics II, Perspectives in Computer Science, Birkhauser-
Boston, (1994) 320-343.
CHAPTER 2
Logic
This chapter explains the kind of proof we shall use, but the main purpose is to discuss
informally and qualitatively some of the devices that later will be established formally in
a theory. The exposition is based on [Sh] but with greater use of special constants.
3. Languages
We use language to mean what is also called a rst-order language. The symbols
of a language are variables, logical operators, function symbols, and predicate symbols. We
use s as a syntactical variable [Sh 1.3] for symbols. Each symbol s has a number I(s),
called its index. Symbols of index 0, 1, 2, 3, and so forth, are called 0-ary, unary, binary,
ternary, and so forth. (For this reason, many writers use the neologism arity for the
index.) A concatenation s
1
s
2
. . . s

of symbols is an expression, and is the length of the


expression. The case = 0, the empty expression, is allowed. We use u v as syntactical
variables for expressions.
The logical operators are (not), (or), and (there exists), with I() = 1, I() = 2,
and I() = 2. We use x y z w as syntactical variables for variables, with I(x) = 0.
The symbol = (equality) is a binary predicate symbol. It is important to distinguish
the use of = as a symbol from its usual use in mathematics.
The symbols already described are common to all languages. A language is specied
by giving in addition some function symbols (other than special constants, which will be
discussed later) and some predicate symbols other than =, each with its index. We formally
dene a language to be a concatenation of such symbols, called nonlogical symbols, and
use L as a syntactical variable for languages. We say that u is an expression of L in case
each nonlogical symbol occurring in u occurs in L. We use f g as syntactical variables
for function symbols, and p q for predicate symbols. A constant is a function symbol of
index 0 and a proposition letter (also called a Boolean variable) is a predicate symbol of
index 0. We use e as a syntactical variable for constants.
Terms are dened recursively as follows:
x is a term;
if I(f) = and u
1
, . . . , u

are terms, so is fu
1
. . . u

.
Note that constants are terms. We use a b c d as syntactical variables for terms.
An atomic formula is
pa
1
. . . a

where I(p) = . Formulas are dened recursively as follows:


13
14 CHAPTER 2. LOGIC
an atomic formula is a formula;
if u and v are formulas, so are u, uv, and xu.
We use A B C D as syntactical variables for formulas.
Here is a summary of our syntactical variables to date:
s for symbols
u v for expressions
x y z w for variables
f g for function symbols
e for constants
a b c d for terms
p q for predicate symbols
A B C D for formulas
We have been using prex (or Polish) notation, which makes general discussions
easier. But for readability we often use inx notation for binary symbols, as in A B
for AB and a = b for =ab. When we do this, groupers are necessary in general. We
use parentheses to group terms, brackets and braces to group formulas. Inx symbols are
associated from right to left. We use a ,= b to abbreviate a = b. We call A the negation
of A and A B the disjunction of A and B.
The logical operators & (and), (implies), (if and only if ), and (for all ) are
dened symbols as in [Sh 1.2]; we use the abbreviations
A & B for [A B]
A B for A B
A B for [A B] & [A B]
xA for xA
To avoid writing too many brackets, we make the convention that and x bind
tightly and that and & bind more tightly than and . For example,
xA B C
is parsed as
[xA] [B] C
A quantier (existential or universal respectively) is x or x.
We say that B is a subformula of A in case B occurs in A; this terminology diers
from that of some writers.
An occurrence of x in A is bound [Sh 2.4] in case it is in a subformula xB of A.
Otherwise, an occurrence of x in A is free. We say that b is substitutable for x in A in case
no variable y occurring in b becomes bound when each free occurrence of x in A is replaced
by b. An expression is variable free in case no variable occurs in it. If b is variable free
then it it substitutable for x in A. We use
b
x
1
...x

(a
1
. . . a

)
for the term obtained by replacing, for all with 1 , each occurrence of x

in b
by a

. We use
4. STRUCTURES 15
A
x
1
...x

(a
1
. . . a

)
for the formula, called an instance of A, obtained by replacing, for all with 1 ,
each free occurrence of x

in A by a

; when we do this, we always assume that a

is
substitutable for x

in A. As an example of what can go wrong if this is not observed,


suppose that we replace y by x in x[x ,= y]; then we obtain x[x ,= x].
A formula is open in case does not occur in it; it is closed in case no variable occurs
free in it. Note that a formula is both open and closed if and only if it is variable free.
The closure of A, denoted by

A, is
x
1
. . . x

A
where x
1
, . . . , x

are the variables occurring free in A in the order of free occurrence.


The index of a formula A, denoted by I(A), is the number of distinct free variables
occurring in it. If I(A) = , A is called -ary (closed, unary, binary, etc.). We use as a
syntactical variable for unary formulas with free variable x, and we write (a) for
x
(a).
(Requiring them all to have the same free variable ensures that
1
&
2
is unary.) We
also use as a syntactical variable for unary predicate symbols; context will make it clear
which is intended.
For convenience, we require every language to contain the constant 0.
Die Mathematiker sind eine Art Franzosen:
Redet man zu ihnen, so ubersetzen sie es in ihre Sprache,
und dann ist es alsobald ganz etwas anders.
JOHANN WOLFGANG VON GOETHE
4. Structures
Before exploring a strange city, it is useful to look at a map. The map can give some
idea of where to go and what one might expect to nd. But the city is alive and growing,
full of unpredictable events, while the map is dead and static. The wise tourist does not
identify the map with the city.
Semantics aids understanding if it is not taken literally: a structure gives metaphoric
meaning to a language. Let L be a language. Then a structure for L [Sh 2.5] consists
of a non-empty set U, the universe of , and for each -ary f in L a function
(f): U

U
and for each -ary p in L a subset
(p) U

Thus the meaning, in a structure, of a function symbol is a function, and the meaning, in a
structure, of a predicate symbol is a predicate (i.e., a set). The elements of the universe U
are called individuals.
The functions and predicates of a structure corresponding to the function symbols
and predicate symbols of L are completely arbitrary. Recall that = does not occur in L.
The predicate assigned to it is not arbitrary; it is the diagonal of U
2
. We dene
(=) = (
1
,
2
) U
2
:
1
=
2

16 CHAPTER 2. LOGIC
Note that the rst occurrence of = here is the equality symbol and the other occurrences
are the mathematical use of =.
The meaning, in a structure, of a variable is that it denotes some individual; which
individual is arbitrary, depending on which individual is assigned to it. Let X be the set
of all variables. An assignment is a mapping : X U. The set of all assignments is U
X
.
The meaning, in a structure, of a term will depend on the individuals assigned to the
variables in it. We dene (b) as a mapping from assignments to individuals; it is the
individual denoted by b in the structure when the variables in b take the values assigned
to them by . The denition is recursive:

(x)

() = (x)

(fa
1
. . . a

() =

(f)

(a
1
)

(), . . . ,

(a

()

where I(f) = .
The meaning, in a structure, of a formula is that it is true or false, but the truth value
will depend on the individuals assigned to the variables occurring free in it. We dene
(A) to be the set of assignments satisfying it, beginning with atomic formulas:
(pa
1
. . . a

) =

U
X
:

(a
1
)

(), . . . ,

(a

()

(p)

where I(p) = .
If is an assignment and is an individual, we let
x,
(x) = and
x,
(y) = (y)
whenever y in a variable other than x. This alters so that its value at x is and leaves
the assignment of other variables unaltered. Now let W be a set of assignments. We dene
its projection by

x
W = U
X
: there exists in U such that
x,
W
This consists of all assignments that become elements of W just by changing the assignment
on x. Also, the complement of W is
W
c
= U
X
W
consisting of all assignments that are not in W.
Now we can recursively complete the denition of (A):
(A) = (A)
c
(A B) = (A) (B)
(xA) =
x
(A)
We say that an assignment satises A in case (A). This depends only on the
values that assigns to the free variables of A. Similarly, if and

are two assignments


that agree on all the variables occurring in b, then

(b)

() =

(b)

).
Let x
1
, . . . , x

be, in some order, the variables occurring free in A. Then we dene

x
1
,...,x

(A) to be the set of all (


1
, . . . ,

) in U

such that for all assignments for which


(x
1
) =
1
, . . . , (x

) =

we have (A).
Let T be the set of all assignments (for a given universe U) and let F be the empty set
of assignments. If A is closed, either (A) = T, in which case we say that A is true in ,
5. TAUTOLOGIES 17
or (A) = F, in which case we say that A is false in . We say that A is valid in in case
(A) = T; this is equivalent to saying that the closure of A is true in . Two formulas
A and B are equivalent in in case A B is valid in , which is to say that they are
satised by the same assignments; i.e., (A) = (B).
We say that L

is an extension of L in case every symbol of L is a symbol of L

. Let
L

be an extension of L and let be a structure for L. Then a structure

for L

is an
expansion of in case it has the same universe and

(s) = (s) for all s in L.


Needless to say, structures will be used only as illustrations, not as part of the formal
development. Semantics is a topic in ZFC, not an independent body of truths.
He had bought a large map representing the sea
Without the least vestige of land:
And the crew were much pleased when they found it to be
A map they could all understand.
Whats the good of Mercators North Poles and Equators,
Tropics, Zones, and Meridian Lines?
So the Bellman would cry: and the crew would reply
They are merely conventional signs!
Other maps are such shapes, with their islands and capes!
But weve got our brave Captain to thank
(So the crew would protest) that hes bought us the best
A perfect and absolute blank!
LEWIS CARROLL
5. Tautologies
Now we study the propositional calculuswhich ignores variables, equality, function
symbols, predicates symbols, and quantiersinvolving only and . A formula is ele-
mentary in case it is atomic or begins with . Every formula is built up from elementary
formulas by repeatedly forming negations and disjunctions. A truth valuation V [Sh 3.1]
is a function from the elementary formulas to T, F. We extend it to all formulas, still
taking values either T or F and retaining the notation V, recursively as follows:
V(A) = T if and only if V(A) = F
V(A B) = T if and only if V(A) = T or V(B) = T
Then A is a tautology in case V(A) = T for all truth valuations, and A is a tautological
consequence of A
1
, . . . , A

in case A
1
& & A

A is a tautology, which is equivalent


to saying that for all truth valuations V, if V(A

) = T for all with 1 , then


V(A) = T. This is a purely syntactical notion, not involving the semantics of structures.
But note that if A
1
, . . . , A

are true in a structure and A is a tautological consequence


of them, then A is true in , for on closed formulas A (A) is a truth valuation.
The formulas A and B are tautologically equivalent in case A B is a tautology.
To check whether A is a tautology it suces to consider truth valuations dened just
on the subformulas of A. And one might as well replace all the elementary formulas in it by
Boolean variables, with dierent elementary formulas being replaced by dierent Boolean
18 CHAPTER 2. LOGIC
variables. If there are Boolean variables then there are 2

relevant truth valuations,


since each Boolean variable independently may be assigned the truth value T or F. For
each truth valuation V one quickly evaluates it on the formula by using the two rules above;
this is called the method of truth tables. If is large, 2

is enormous and the method is


infeasible.
6. Equality
The next level up from the propositional calculus is what may be called the functional
calculus, in which variables, equality, predicate symbols, and function symbols play a role
but is still ignored.
An identity axiom is
x = x
and an equality axiom is
x
1
= y
1
& & x

= y

& px
1
. . . x

py
1
. . . y

or
x
1
= y
1
& & x

= y

fx
1
. . . x

= fy
1
. . . y

where p and f have index . Identity and equality axioms are valid in every structure.
A formula is a quasitautology in case it is a tautological consequence of instances of
identity and equality axioms, and A is a quasitautological consequence of A
1
, . . . , A

in
case A
1
& & A

A is a quasitautology.
THEOREM 1. The formulas
a = a
a = b b = a
a = b & b = c a = c
are quasitautologies.
Proof. The rst is an instance of an identity axiom, and the others are tautological
consequence of the instances
a = b & a = a & a = a b = a
a = a & b = c & a = b a = c
of the following equality axiom for equality
x
1
= y
1
& x
2
= y
2
& x
1
= x
2
y
1
= y
2
and of instances of identity axioms.
8. PROOFS 19
7. Special constants
Now we come to the full predicate calculus, quantiers and all. A formula of the form
xA is an instantiation, and xA is a generalization.
To each closed instantiation xA we associate a constant c
xA
, called the special
constant for xA, and xA is its subscript. We use r as a syntactical variable for special
constants. If r is the special constant for xA, its special axiom is
xA A
x
(r)
We say that u is plain in case no special constant occurs in it.
The level [Sh 4.2] of a special constant is dened recursively as follows. If A is plain,
the level of c
xA
is 1; otherwise its level is 1 plus the maximal level of the special constants
occurring in A.
Mathematicians use special constants all the time with no special mention. For exam-
ple, someone studying odd perfect numbers in the hope of showing that they do not exist
may call such a number n and proceed to derive properties of n. Then n is a special
constant. The alternative would be to enclose the entire discussion in a huge formula of
the form n[n is an odd perfect number ]. The practice is to use the same notation
for special constants as for variables, bearing in mind that the special constants are xed
throughout the discussion.
We regard special constants as logical symbols; they are a device to facilitate the
handling of quantied formulas in proofs. The nonlogical symbols are the function symbols
other than special constants and the predicate symbols other than equality; the other sym-
bols (variables, logical operators, equality, and special constants) are the logical symbols.
Semantically, let be a structure for L. Well-order the universe U of . We expand
to be a structure for the language schema obtained by adjoining all special constants,
for formulas all of whose nonlogical symbols are in L, by recursion on the level, as follows.
Let r be the special constant for xA and suppose that (r

) has been dened for all r

of
strictly lower level. If there exists an individual and an assignment with (x) = such
that (A), let (r) be the least such individual; otherwise, let (r) be (0). Then the
special axioms are true in .
We dene the notion that v appears in u recursively as follows: if v occurs in u, then
v appears in u; if v occurs in the subscript of a special constant that appears in u, then
v appears in u. (That is, v appears in u if and only if it is there when all subscripts of
special constants are written out; appears in is the transitive closure of occurs in or
occurs in the subscript of a special constant occurring in.)
Generalizations are seldom or ever true,
and are usually utterly inaccurate.
AGATHA CHRISTIE
8. Proofs
Lemma 1 of [Sh 4.3] is the key to a notion of proof that is fully formal and yet close
to rigorous arguments in mathematical practice. This section is devoted to an explication
of this notion.
20 CHAPTER 2. LOGIC
We shall say that a theory is a concatenation of formulas, and use T as a syntactical
variable for theories. The formulas occurring in T are the nonlogical axioms of T. (One of
the virtues of prex notation is that an expression can be a concatenation of formulas in
only one way, so we can dene a theory to be an expression rather than a nite sequence
of formulas.) In other words, all our theories are nitely axiomatized. If innitely many
nonlogical axioms are specied in some way, we call this a theory schema. The language
of T, denoted by L(T), is the concatenation of the nonlogical symbols occurring in T,
together with 0. A theory is open in case all its nonlogical axioms are open and plain. By
T[A] is meant the theory obtained from T by adjoining A as a new nonlogical axiom.
A substitution axiom is A
x
(a) xA. (Substitution axioms are valid in every struc-
ture.) By a substitution formula, identity formula, or equality formula we mean respectively
a closed instance of a substitution axiom, identity axiom, or equality axiom.
Given a theory T, we say that a formula is in (T) in case it is a formula of one of
the following ve forms:
(24) special axiom: xA A
x
(r), r the special constant for xA
(25) substitution formula: A
x
(a) xA
(26) identity formula
(27) equality formula
(28) closed instance of a nonlogical axiom of T
We call (24)(27) logical axioms.
Shoenelds Lemma 1 asserts that if there is a proof of A in T and A

is a closed
instance of A, then A

is a tautological consequence of formulas in (T) (and conversely).


In this lemma, proof refers to the notion as formulated in [Sh 2.6], but we shall take
this result as a denition.
A proof in T is a concatenation of formulas each of which is a tautological consequence
of formulas in (T), such that for any special constant appearing in it, its special axiom
is one of the formulas. We use as a syntactical variable for proofs. Every formula in a
proof is closed. A proof is a proof of A, denoted by
T
A, in case the closure of A is
a formula of the proof, in which case A is a theorem of T, denoted by
T
A.
There is no requirement that a theorem of T be plain or a formula of L(T). But
extraneous symbols can be eliminated from proofs. We call a mapping A A
+
dened
on formulas of L a homomorphism on L in case [A]
+
is A
+
and [A B]
+
is A
+
B
+
and [xA]
+
is xA
+
. Thus it suces to give the values of a homomorphism on atomic
formulas. Notice that homomorphisms preserve tautological consequence.
THEOREM 2. If
T
A, then there is an expression
+
of L(T[A]) such that

T
A.
Proof. Let u
+
be obtained by replacing, everywhere it appears, each atomic formula
beginning with a predicate symbol not in L(T[A]) by 0 = 0 and then replacing each term
beginning with a function symbol that is not in L(T[A]) by 0. Then u
+
is an expression
of L(T[A]) and B B
+
is a homomorphism. If B is a special axiom, substitution axiom,
identity formula, or closed instance of a nonlogical axiom of T, so is B
+
. If B is an equality
9. SOME LOGICAL THEOREMS 21
formula for a symbol of L(T[A]), so is B
+
, and otherwise it is a tautological consequence
of the identity formula 0 = 0.
This is a pattern of proof that will often be employed. We construct u u
+
such that
B B
+
is a homomorphism, and so preserves tautological consequence. Then we need
only examine formulas (24)-(28) and verify whatever properties are stated in the theorem
under consideration.
A theory T
1
is an extension of the theory T in case every nonlogical axiom of T
1
is a
theorem of T. It is a conservative extension in case every formula of L(T) that is a theorem
of T
1
is a theorem of T. A theory T is consistent in case 0 ,= 0 is not a theorem of T.
Clearly, if T
1
is a conservative extension of T and T is consistent, so is T
1
.
THEOREM 3. If
T
A then T[A] is a conservative extension of T.
Proof. Let the closure of A be x
1
. . . x

A. By hypothesis, this is a formula of a proof


in T. Since the only new formulas in (T[A]) are closed instances of A, we need to show
that such a closed instance B is a formula of a proof in T. Now a closed formula of the form
xC C
x
(a) is a tautological consequence of the substitution formula C
x
(a) xC,
and so is a logical theorem. Apply this remark times.
The rather trivial extension of T of the form T[A], where A is a plain formula and a
theorem of T, is called a t-extension of T.
Theres nothing you cant prove
if your outlook is only suciently limited.
DOROTHY L. SAYERS
9. Some logical theorems
We say that A is a logical theorem, denoted by A, in case it is a theorem of the
theory with no nonlogical axioms, and A and B are logically equivalent in case A B.
Let r be the special constant for xA. Then xA A
x
(r) is a special axiom and the
formula A
x
(r) xA is a substitution formula, so xA and A
x
(r) are logically equivalent.
By repeated use of this, we see that any closed formula is logically equivalent to a variable-
free formula (but one that may contain special constants). The use of special constants
reduces reasoning in the predicate calculus to reasoning in the functional calculus.
The following is the equality theorem [Sh 3.4].
THEOREM 4. A closed formula of the form
(29) a
1
= b
1
& & a

= b

& A
x
1
...x

(a
1
. . . a

) A
x
1
...x

(b
1
. . . b

)
is a logical theorem.
Proof. The proof is by induction on the height of A (the number of occurrences of
logical operators in A). If A is atomic, (29) is an equality formula. If A is B, the result
holds by the induction hypothesis, using Theorem 1 to reverse the role of the as and bs.
If A is B C, the result holds by the induction hypothesis. If A is xB, let r be the special
constant for xB
x
1
...x

(a
1
. . . a

). By the induction hypothesis we have


22 CHAPTER 2. LOGIC
a
1
= b
1
& & a

= b

& B
xx
1
...x

(ra
1
. . . a

) B
xx
1
...x

(rb
1
. . . b

).
But (29) is a tautological consequence of this, the special axiom for r, and the substitution
formula B
xx
1
...x

(rb
1
. . . b

) xB
x
1
...x

(b
1
. . . b

).
Let the closure

A of A be x
1
. . . x

A. Let A
1
be

A and, recursively for 1 < let
A
+1
be A

(r

) where r

is the special constant for x

. Denote A

by A

, and call
this A with frozen variables.
THEOREM 5.

A A

is a logical theorem. In any theory T,


T
A if and only if

T
A

.
Proof. x

(r

) since the forward direction is a special axiom and the


backward direction is a substitution formula, but x

A
+1
is a tautological conse-
quence of this. The second statement holds since, by denition, A is a theorem of T if and
only if

A is.
The following is the equivalence theorem [Sh 3.4].
THEOREM 6. Let A

be obtained from A by replacing an occurrence of a subformula B


of A by B

. If
T
B B

then
T
A A

.
Proof. By induction on the height of A, it suces to consider the cases that A is B,
B C, C B, or xB. Freezing variables, we assume that these formulas are closed. The
rst three cases hold by tautological equivalence, so suppose that A is xB, A

is xB

,
and
T
B B

. From A we have B
x
(r), where r is the special constant for xB, and so
B

x
(r) and hence xB

; that is,
T
A A

. The other direction is the same.


Next is the deduction theorem [Sh 3.3].
THEOREM 7. Let C be closed. If
T[C]
A then
T
C A.
Proof. If B is a special axiom, substitution formula, identity formula, equality formula,
or nonlogical axiom of T[C], then
T
C B. If B is a tautological consequence of
B
1
, . . . , B

, then C B is a tautological consequence of C B


1
, . . . , C B

.
The negation form of a formula is obtained by pushing each repeatedly to the right
using the rules of the predicate calculus. The precise denition is complicated by the fact
that we chose, following [Sh 2.4], to regard and & as dened symbols. This is convenient
in many other contexts but a nuisance here. Recall that xA abbreviates xA and that
A & B abbreviates AB. Call an occurrence of proper in case it is not displayed
in one of these two forms. Now repeatedly make the following replacements, where the
displayed occurrences of are proper.
replace: by:
xA xA
xA xA
[A B] A & B
[A & B] A B
A A
9. SOME LOGICAL THEOREMS 23
The result of making all these replacements in the subformulas of a formula is the nega-
tion form of the formula. If A is in negation form, then every proper occurrence of
immediately precedes an atomic formula.
THEOREM 8. Let A

be the negation form of A. Then A A

.
Proof. We have A A, so xA xA by the equivalence theorem, but
xA is xA. This proves the equivalence of the rst replacement in the denition
of negation form. The others are tautological equivalences, so the result holds by the
equivalence theorem.
THEOREM 9. The following are logical theorems provided that x is not free in C.
(30) xB C x[B C]
(31) C xB x[C B]
(32) xB & C x[B & C]
(33) C & xB x[C & B]
(34) xB C x[B C]
(35) C xB x[C B]
(36) xB & C x[B & C]
(37) C & xB x[C & B]
Proof. Freeze the variables in (30). For the forward direction, let r be the special
constant for xB. Then B
x
(r) C is a tautological consequence of xB C and the
special axiom for xB, and B
x
(r) C x[B C] is a substitution formula (since x is
not free in C). For the backward direction, let r

be the special constant for x[B C].


Then B
x
(r

) C is a tautological consequence of x[B C] and its special axiom (again


since x is not free in C), and B
x
(r

) C xB C is a tautological consequence of the


substitution formula B
x
(r

) xB. The other seven cases are similar (for xB, use the
special constant for xB).
A variant of A [Sh 3.4] is a formula obtained from A by replacing a subformula xB
by yB
x
(y), where y is not free in B, zero or more times. Variants are useful for avoiding
colliding variables. We can nd a variant of A such that no variable in u occurs bound
in A; then each term occurring in u is substitutable for each free variable of A.
Call a formula adjusted in case dierent occurrences of quantiers have dierent bound
variables and no variable occurs both free and bound. Every formula has an adjusted
variant.
The relation variant of is an equivalence relation. Semantically, variants are equiv-
alent to each other in any structure. The following is the variant theorem [Sh 3.4].
24 CHAPTER 2. LOGIC
THEOREM 10. Let A

be a variant of A. Then A A

is a logical theorem.
Proof. Freezing variables, we assume that A and A

are closed. The proof is by


induction on the height of A.
If A is atomic, then A

is A, and A A is a tautology.
If A is B, so that A

is B

where B is a variant of B

, then we have B

B by the
induction hypothesis (since if B is a variant of B

, then B

is a variant of B), and A A

is a tautological consequence of this.


If A is B C, so that A

is B

where B

is a variant of B and C

is a variant of
C, then A A

is a tautological consequence of B B

and C C

, which are logical


theorems by the induction hypothesis.
If A is xB, so that A

is x

where B

is a variant of B, let r be the special constant


for A. Then A B
x
(r) is a special axiom, the formula B
x
(r) B

x
(r) is a logical theorem
by the induction hypothesis, and B

x
(r) A

is a substitution formula. But A A

is a
tautological consequence of these formulas.
A formula is in prenex form in case it consists of a concatenation of quantiers (the
prex) followed by an open formula (the matrix). Every formula is logically equivalent to
one in prenex form: take the negation form of an adjusted variant and replace the left hand
side of one (30)(37) by the right hand side, as often as possible. The resulting formula is
a prenex form of the formula.
The following are tautologies:
A [B & C] [A B] & [A C]
[B & C] A [B A] & [C A]
A formula is in conjunctive form in case it contains no subformula that is the left hand
side of one of these equivalences. Unlike the previous procedures, repeatedly replacing the
left hand side by the right hand side may lead to an exponentially longer formula.
A formula is in normal form in case it is closed and in prenex, negation, and conjunc-
tive form.
10. Predicate extensions
Mathematics would not get very far without the freedom to dene new concepts. Let
D be a plain formula of T and let the free variables of D, in the order of free occurrence,
be x
1
, . . . , x

. Call p
D
the predicate symbol for D; it is a predicate symbol of index I(D).
Then
(38) px
1
. . . x

D
where p is the predicate symbol for D, is the dening axiom of a predicate symbol [Sh 4.6].
The formula D is the deniens. Let T
1
be the theory obtained from T by adjoining (38)
as a new nonlogical axiom; we call T
1
a p-extension of T.
Semantically, we can expand a model [Sh 2.6] of T to a model
1
of T
1
by letting

1
(p) be
x
1
...x

(D).
10. PREDICATE EXTENSIONS 25
Dene u
+
recursively, working from right to left, by replacing each variable-free
pa
1
. . . a

everywhere it appears in u by D
x
1
...x

(a
+
1
. . . a
+

). Then A A
+
is a homo-
morphism.
THEOREM 11. Let T
1
be a p-extension of T. If
T
1
A, then
+

T
A
+
. The
theory T
1
is a conservative extension of T.
Proof. If B is a special axiom, substitution formula, identity formula, or closed instance
of a nonlogical axiom of T, so is B
+
.
If B is a closed instance of the new axiom (38), then B
+
is a tautology of the form
C C.
If B is an equality formula for a function symbol or for a predicate symbol other than
the new symbol p, so is B
+
. If B is the equality formula
a
1
= b
1
& & a

= b

& pa
1
. . . a

pb
1
. . . b

then B
+
is
a
+
1
= b
+
1
& & a
+

= b
+

& D
x
1
...x

(a
+
1
. . . a
+

) D
x
1
...x

(b
+
1
. . . b
+

)
which is a logical theorem by the equality theorem.
The last statement of the theorem holds since for a formula A of L(T), the formula A
+
is A itself.
Let L

extend L. A translation from L

into L is a homomorphism A A

on L

such
that each A

is a formula of L and the mapping is the identity on formulas of L.


Note that A
+
may not be a formula of L(T), even if A is plain: it may contain
non-closed atomic formulas beginning with p, and p may appear in subscripts of special
constants. Dene a translation, unique up to variants, as follows [Sh 4.6]. If A is the
formula pa
1
. . . a

, choose a variant D

of D in which no variable of A occurs bound and


let A

be D

x
1
...x

(a
1
. . . a

); for other atomic formulas A, let A

be A.
THEOREM 12. Let T
1
be a p-extension of T. If A is a formula of L(T
1
), its trans-
lation A

is a formula of L(T), and


T
1
A A

. We have
T
1
A if and only if
T
A

.
Proof. The translation A is by denition a formula of L(T). To prove that

T
1
A A

it suces by the equivalence theorem to prove that


(39)
T
1
pa
1
. . . a

x
1
...x

(a
1
. . . a

)
Freeze the variables. Then
(40)
T
1
D
x
1
...x

(a
1
. . . a

) D

x
1
...x

(a
1
. . . a

)
by the variant theorem, and (39) is a tautological consequence of (40) and a closed instance
of the dening axiom (30).
The last statement holds since T
1
is a conservative extension of T.
26 CHAPTER 2. LOGIC
11. Function extensions
Let x
1
, . . . , x

be the free variables, in the order of free occurrence, of yD, where


D is a plain formula of T. Call f
D
the function symbol for yD; it is a function symbol of
index I(yD). The existence condition is
(EC) yD
and the uniqueness condition is
(UC) D & D
y
(y

) y = y

where y

does not occur in D. If EC and UC are theorems of T, then


(41) fx
1
. . . x

= y D
where f is the function symbol for yD, is the dening axiom of a function symbol [Sh 4.6],
with deniens D. Let T
1
be the theory obtained from T by adjoining (41) as a new
nonlogical axiom; we call T
1
an f-extension of T.
Semantically, we can expand a model of T to a model
1
of T
1
by letting
1
(f)
be
x
1
...x

y
(D). This is a function since EC and UC are valid in .
Dene u
+
recursively, working from right to left, by replacing each variable-free
fa
1
. . . a

everywhere it appears in u by the special constant for yD


x
1
...x

(a
+
1
. . . a
+

). Then
A A
+
is a homomorphism.
THEOREM 13. Let T
1
be an f-extension of T. If
T
1
A, then
+

T
A
+
. The
theory T
1
is a conservative extension of T.
Proof. If B is a special axiom, substitution formula, identity formula, or a closed
instance of a nonlogical axiom of T, so is B
+
.
If B is a closed instance of the new axiom (41), and so of the form
fa
1
. . . a

= b D
x
1
...x

y
(a
1
. . . a

b)
then B
+
is
(42) r = b
+
D
x
1
...x

y
(a
+
1
. . . a
+

b
+
)
where r is the special constant for yD
x
1
...x

(a
+
1
. . . a
+

). By EC and the special axiom for r,

T
D
x
1
...x

y
(a
+
1
. . . a
+

r)
Hence the forward direction of (42) holds by the equality theorem, and the backward
direction by UC.
If B is an equality formula for a predicate symbol or for a function symbol other than
the new f, so is B
+
. If B is the equality formula
a
1
= b
1
& & a

= b

fa
1
. . . a

= fb
1
. . . b

then B
+
is
(43) a
+
1
= b
+
1
& & a
+

= b
+

r = r

where r is the special constant for yD


x
1
...x

(a
+
1
. . . a
+

) and r

is the special constant for


yD
x
1
...x

(b
+
1
. . . b
+

). By EC and the special axiom for r,


11. FUNCTION EXTENSIONS 27

T
D
x
1
...x

y
(a
+
1
. . . a
+

r)
Hence, by the equality theorem,
(44)
T
a
+
1
= b
+
1
& & a
+

= b
+

D
x
1
...x

y
(b
+
1
. . . b
+

r)
By a closed instance of EC and the special axiom for r

,
(45)
T
D
x
1
...x

y
(b
+
1
. . . b
+

)
But (43) is a tautological consequence of (44), (45), and the closed instance
D
x
1
...x

y
(b
+
1
. . . b
+

r) & D
x
1
...x

y
(b
+
1
. . . b
+

) r = r

of UC.
The last statement of the theorem holds since for a formula A of L(T), the formula A
+
is A itself.
Now dene a translation A A

as in [Sh 4.6]. Let A be an atomic formula of L(T


1
);
we dene A

by recursion on the number of occurrences of f in A. If there are none, let


A

be A. Otherwise, let B be the atomic formula obtained by replacing the rightmost


occurrence of a term beginning with f by z, where z does not occur in A, so that
(46) A is B
z
(fa
1
. . . a

)
Then f does not occur in a
1
. . . a

and B has one less occurrence of f than A, so B

is already
dened by recursion. Let
(47) A

be z[D

x
1
...x

y
(a
1
. . . a

z) & B

]
If A is a formula of L(T
1
), we call A

the translation of A.
THEOREM 14. Let T
1
be an f-extension of T. If A is a formula of L(T
1
), its
translation A

is a formula of L(T), and


T
1
A A

. We have
T
1
A if and only if

T
A

.
Proof. That A

is a formula of L(T) follows from its denition, by induction on the


number of occurrences of f in A. By the equivalence theorem, it suces to prove that

T
1
A A

for A an atomic formula of L(T


1
). Again, the proof is by induction on the
number of occurrences of f in A. If there are none, A A

is a tautology. Using the


notation introduced above, the induction hypothesis (46), and the equivalence theorem to
replace B

by B in (47), we need to prove


(48) B
z
(fa
1
. . . a

) z[D

x
1
...x

y
(a
1
. . . a

z) & B]
Freeze the variables in (48). By the variant theorem, we can then replace D

by D, so
we need to prove a closed formula of the form
(49) B
z
(fa
1
. . . a

) z[D
x
1
...x

y
(a
1
. . . a

z) & B]
(now with variable-free terms a
1
, . . . , a

). Then
(50) D
x
1
...x

z
(a
1
. . . a

fa
1
. . . a

) & B
z
(fa
1
. . . a

) z[D
x
1
...x

y
(a
1
. . . a

z) & B]
28 CHAPTER 2. LOGIC
is a substitution formula, but the rst conjunct holds by the dening axiom and an identity
formula, so we have the forward direction of (49). For the the backward direction, let r be
the special constant for z[D
x
1
...x

y
(a
1
. . . a

z)]. By the special axiom for r and a closed


instance of EC, we then have
(51) D
x
1
...x

y
(a
1
. . . a

r) & B
z
(r)
and we have
(52) r = fa
1
. . . a

by a closed instance of UC, and thus we have the left hand side of (49).
The last statement holds since T
1
is a conservative extension of T.
For a dening axiom of the form
fx
1
. . . x

= y y = b
UC and EC are trivial, and we write the dening axiom simply as
fx
1
. . . x

= b
and call it an explicit denition.
An extension by denitions of T is a theory T
1
obtained by a nite sequence of
p-extensions and f-extensions. It is possible to join all extensions by denitions of T into
a single theory schema. Let

T be T with all dening axioms adjoined. Then we can write

T
A to avoid the cumbersome phrase A is a theorem of an extension by denitions of T.
This is one advantage of the p
D
and f
yD
notation: it makes it impossible to introduce
the same symbol with two dierent dening axioms. Another is that in the arithmetization
it will suce to arithmetize just the symbols of T; then those of

T can be arithmetized in
one benign swoop simply by recursively replacing the symbols of T in the subscripts by
their arithmetizations.
12. Default formulas
A default formula is xB r = 0, where r is the special constant for xB. They are
true in the structure of 7, and now we show that they can be used in proofs of plain
formulas.
THEOREM 15. If A is a plain formula and its closure is a tautological consequence of
formulas in (T) and of default formulas, then
T
A.
Proof. Let u u
+
be dened by replacing, everywhere it appears in u, each special
constant r for xB by the special constant r for
(53) xB [x

B
x
(x

) & x = 0]
Then (53) is a logical theorem, so
(54) xB B(r)
(55) xB r = 0
are logical theorems. The map C C
+
is a homomorphism. If C is is a special axiom,
C
+
is of the form (54), and if C is a default formula, it is of the form (55). If C is a
substitution, identity, or equality formula, so is C
+
. Finally,

A
+
is

A since A is plain.
13. RELATIVIZATION 29
13. Relativization
Let A

be the formula obtained from A by replacing each xB occurring in it by


x[(x) & B].
We use (free A) as an abbreviation for
(x
1
) & & (x

)
where x
1
, . . . , x

are the free variables of A. Write


(56) A

for (free A) A

(We adopt the convention that if A is closed, so that free A is the empty expression, then
(free A) A

is A

.) We call A

the relativization of A by .
Let T be a theory. We say respects f in T in case

T
(x
1
) & & (x

) (fx
1
. . . x

)
where I(f) = , and respects b in T in case

T
(x
1
) & & (x

) (b)
where x
1
, . . . , x

are the variables occurring in b, and that respects A in T in case

T
A

THEOREM 16. If for each f occurring in b, respects f in T, then respects b in T.


Proof. By induction on the formation of terms.
We say that is a relativizer of T in case respects in T each function symbol of
L(T) and each nonlogical axiom of T. If T is open, the latter condition holds automatically.
THEOREM 17. Let be a relativizer of T. Let A be a plain formula of L(T) such
that
T
A

, and let T

be T[A]. If
T
B then
T
B

.
Proof. Let
T
B. Replace each C in by C

. If C is a nonlogical axiom of T

,
then C

is a theorem of T by hypothesis. The mapping C C

preserves tautological
consequence. If C is a special axiom, identity formula, or an equality formula, then C

is
a tautological consequence of C. Hence we need only consider substitution formulas.
We use default formulas, which can be eliminated by Theorem 15. Also, by Theorem 2
we assume that is an expression of L(T). Let C be a substitution formula, of the form
D
x
(b) xD. Then C

is
(57) D
x
(b) x[(x) & D

].
Every constant occurring in the variable-free term b is either a constant e of L(T), in which
case
T
(e) by hypothesis, or it is the special constant r for a closed instantiation yD

,
in which case we have (r) by the special axiom if yD

holds and by the default formula


otherwise. Hence
T
(b) by Theorem 14, and consequently (57) is a theorem of T.
Such a theory T[A], where for some relativizer of T the formula A

is a plain theorem
of T, is an r-extension of T. An r-extension T

of T is not in general a conservative extension


30 CHAPTER 2. LOGIC
(if it is, then there is no point in performing the relativization). But if T is consistent,
then so is T

by Theorem 17, since [0 ,= 0]

is 0 ,= 0.
A relativization is the particular case of an interpretation [Sh 4.7] in which a the-
ory is interpreted in itself with the interpretation of each nonlogical symbol being the
symbol itself. In our proof of the inconsistency of P, relativizations are the only kind of
interpretation that will be used.
An extension by denitions and relativizations, or R-extension for short, of T is a
theory T

for which there is a sequence T


0
, . . . , T

where T
0
is T and each T

for
1 is a t-, p-, f-, or r-extension of T
1
. If A is a formula of T

, its image A
is dened recursively as follows. If T

is a t-extension, A is A; if it is a p-extension or
f-extension, A is A

where A

is the translation of A into T


1
; if it is an r-extension,
A is A

where is the relativizer of T


1
. If
T

A, then
T
A. If T is consistent,
so is T

since [0 ,= 0] is 0 ,= 0. If is a proof over T of A, then the reduction ' is the


corresponding proof in T of A. A proof in an R-extension of T is called a proof over T.
An R-extension T

of T is said to be relativizable in T. A theory schema T

is locally
relativizable in T in case each theory in T

is relativizable in T.
Blind unbelief is sure to err
And scan His works in vain;
God is His own interpreter
And He will make it plain.
WILLIAM COWPER
14. Bounded formulas
Let L be a language containing a binary predicate symbol which we denote by ,
though it can be arbitrary. If x does not occur in b, we use the abbreviation
xb A for x[x b & A]
(If we unabbreviate x[x b & A] we obtain xxbA, so xb abbreviates
xxb.) We call xb a bounded quantier (for ). A formula is bounded (for )
in case every occurrence in it of x is subformula of some xb where x does not occur
in b. If x does not occur in b, we also use the abbreviation xb A for xbA. This is
bounded and is logically equivalent to x[x b A].
THEOREM 18. Let respect T and let A be a bounded formula of L(

T). Then
(58)
T
(free A) [A A

]
Consequently,
(59)
T
[(free A) A] A

Proof. The proof of (58) is by induction on the construction of bounded formulas. If


A is atomic, A

is A. Since (free B) is (free B) and [B]

is [B

], the result holds


by the induction hypothesis if A is B. Similarly, since
(free [B C]) (free B) & (free C)
15. THE CONSISTENCY THEOREM 31
is a tautology and since [B C]

is B

, the result holds by the induction hypothesis


if A is B C. Now suppose that A is the formula x[x b & B] where x does not
occur in b. Then every variable in b occurs free in A, so by hypothesis and Theorem 14,
respects b. Hence

T
(free A) x[x b & B] x[(x) & x b & B]
from which the result follows by the induction hypothesis. This proves (58), and (59) is a
tautological consequence of it by the denition (56) of A

.
Call a p-extension of T bounded in case the deniens is bounded, and an f-extension
bounded in case EC is bounded. A bounded extension by denitions of T is a theory
obtained from T by a nite sequence of bounded p-extensions and f-extensions.
THEOREM 19. Let T

be a bounded extension by denitions of T, and let A A

be
the translation from L(T

) to L(T). Then for every bounded formula A of L(T

), A

is a
bounded formula of L(T).
Proof. The proof is by induction on the number of p-extensions and f-extensions. For
each p-extension, the result is immediate from the denition of A

in 10. Consider an
f-extension as in 11. Since EC is bounded, the deniens D is of the form y _ b & C
where y does not occur in b and C is bounded. Then the result holds by (47).
15. The consistency theorem
The Hilbert-Ackermann consistency theorem is an algorithm for eliminating quanti-
ers. We follow the account in [Sh 4.3] with some modications.
We say that A
1
, . . . , A

is a special sequence in case


A
1
A

is a tautology; that is, in case for every truth valuation V we have V(A

) = F for some
with 1 .
THEOREM 20. Let T be an inconsistent theory. Then there is a special sequence of
formulas in (T).
Proof. Since T is inconsistent,
T
0 ,= 0. Hence 0 ,= 0 is a tautological consequence
of formulas in (T). Since 0 = 0 is in (T), the result follows.
A formula belongs to r in case it is the special axiom for r or is a substitution formula
A
x
(a) xA where r is the special constant for xA. The rank of a special constant is
the rank of its subscript, so it is at least 1. A formula is in

(T) in case it is in (T)


and does not belong to some special constant of rank strictly greater than . Then every
closed theorem of T is a tautological consequence of formulas in (T), and so of formulas
in

(T) for some .


A theory is quasitautologically consistent in case it is open and 0 ,= 0 is not a qua-
sitautological consequence of closed instances of nonlogical axioms.
THEOREM 21. An open theory T is quasitautologically consistent if and only if there
is no special sequence of formulas in
0
(T).
32 CHAPTER 2. LOGIC
Proof. Suppose that there is a special sequence of formula in
0
(T). Then none of
them belongs to any special constant, so all of them are quasitautological consequences of
closed instances of nonlogical axioms. Since it is a special sequence, 0 ,= 0 is a tautological
consequence of them. The other direction is trivial.
A special sequence is a (, , )-special sequence in case the maximal rank of special
constants occurring in its formulas is at most , their maximal level is at most , and the
maximal level of any special constant for a formula of rank in the special sequence is of
level at most (so ). It is a (, )special sequence in case it is a (, , )-special
sequence for some . Note that a (, , 0)-special sequence is the same as a ( 1, , )-
special sequence.
THEOREM 22. Let T be an open theory and suppose that there is a (, , )-special
sequence of formulas in (T) with > 0. Then there exists a (, 2 , 1)-special
sequence of at most
2
formulas in (T).
Proof. Let A
1
, . . . , A

be such a special sequence. Let R be the set of special constants


of rank for which there is a formula in the special sequence belonging to it; let M be the
elements of R of level , and let S = RM. Then our special sequence consists of formulas
of the form
(60) A, xB B
x
(r), B
x
(a) xB
where each A is in
1
(T) or belongs to an element of S, and each xB is the subscript of
an element of M. Note that there may be many variable-free terms a such that B
x
(a) xB
belongs to r and is in (60), where r in M is the special constant for xB.
I claim that xB, where its special constant r is in M, does not occur in any formula
C of (60) other than those belonging to r. This is immediate if C is an identity or equality
formula or a closed instance of a nonlogical axiom, for then it is open, so suppose that C is
either the special axiom yD D
y
(r

) or is D
y
(b) yD. Since the rank of r is and
the rank of r

is at most , xB does not occur in D


y
(r

) or D
y
(b). For the same reason,
it cannot occur in yD unless they are the same formula, which is impossible since r

is
not r. This proves the claim.
In the special sequence (60), replace each occurrence of each xB by B
x
(r). Since this
mapping preserves tautological consequence, the new sequence is a special sequence. The
formulas A are unaected, by the claim. Each special axiom xB B
x
(r) becomes the
tautology B
x
(r) B
x
(r), so it may be deleted. We obtain the special sequence consisting
of formulas of the form
(61) A, B
x
(a) B
x
(r)
Call (r, a) a special pair for the given special sequence in case r is in M and the
formula B
x
(a) B
x
(r) is in (61). Let u
(r,a)
be obtained from u by replacing r everywhere
it appears in u by a. Note that B
x
(r)
(r,a)
is B
x
(a) since r does not appear in B. Applying
this mapping, which preserves tautological consequence, to the special sequence (61), for
each special pair (r, a) we obtain the special sequence of formulas of the form
(62) A
(r,a)
, B
x
(a

)
(r,a)
B
x
(a)
15. THE CONSISTENCY THEOREM 33
I claim that the
(63) A, A
(r,a)
are a special sequence. For if not, there is a truth valuation V assigning T to all these
formulas. Since (62) is a special sequence, for each (r, a) there exists a

such that
V

B
x
(a

)
(r,a)
B
x
(a)

= F
Therefore for all (r, a) we have V

B
x
(a)

= F. Hence for all (r, a), V

B
x
(a) B
x
(r)

= T,
so V assigns T to every formula in (61), which is impossible. This proves the claim. Note
that there are at most
2
formulas in (63).
We must show that each A
(r,a)
either is in
1
(T) or belongs to some r

in S. If
A is an identity or equality formula or is a closed instance of a nonlogical axiom, then it
is open, and so is A
(r,a)
; that is, A
(r,a)
is in
0
(T).
Now suppose that A belongs to r

, where r

S or the rank of r

is at most 1.
Then A
(r,a)
is
yC
(r,a)
C
(r,a)
y

r
(r,a)

or
C
(r,a)
y

b
(r,a)

yC
(r,a)
Now r

is not r, so r
(r,a)
is the special constant for yC
(r,a)
. Hence A
(r,a)
belongs to r
(r,a)
.
Since r

and r
(r,a)
have the same rank, if A is in
1
(T) then so is A
(r,a)
. Finally, if r

S
then r does not appear in yC, and hence not in r

, since its level is at least the level of r

.
Consequently, r
(r,a)
is r

, and A
(r,a)
belongs to the element r

of S.
The maximal level of special constants belonging to a formula of rank in (63) is at
most 1. Now r, of level , has been replaced by a in the A
(r,a)
, and the level of special
constants appearing in a is a most , so the maximal level of special constants appearing
in (63) is at most + ( ).
Since
2
iterated times, if it can be done, is
2

, we can attempt to apply the


theorem times, and if the exponential recursion terminates we have a special sequence
of at most
2

formulas in
1
(T). Then we can attempt to iterate this times, and if
the superexponential algorithm terminates there is a special sequence of at most
(64)

.
.
.
(
2

)
formulas in
0
(T), where there are occurrences of
2

in (64). Under the nitary


assumption that this algorithm always terminates, the consistency theorem takes the form
that a quasitautologically consistent open theory is consistent.
Do I contradict myself?
Very well, then, I contradict myself,
(I am largeI contain multitudes.)
WALT WHITMAN
34 CHAPTER 2. LOGIC
16. Simple proofs
The notion of proof is just what is needed for theoretical purposes, in particular for
the consistency theorem. But how do we recognize that a proof is in fact a proof? People
often refer dismissively to something as being a mere tautology, but this can be akin to
calling the Milky Way a mere galaxy. It is widely conjectured that NP,=co-NP, implying
that proofs of tautologies may in general be infeasibly long. We need another notion of
proof, such that a mathematician looking at one can see by inspection that it is a proof,
and we need assurance that the task of arithmetizing proofs, and proving that they are
proofs, is a purely mechanical feasible procedure.
Let A be in normal form. A special case of A is a formula obtained by applying the
following steps zero or more times. If the leftmost occurrence of a quantier is in xB,
replace xB by B
x
(r) where r is its special constant; if it is in xB, replace xB by B
x
(b)
where b is some variable-free term. If A

is a special case of A, then A A

is a logical
theorem.
An equality substitution is
a = b & A
x
(a) A
x
(b)
It is a logical theorem by Theorem 4.
A literal is a variable-free atomic formula or the negation of a variable-free atomic
formula; the opposite of a literal A is A if A is atomic or is B if A is B.
The conjuncts of A are dened recursively as follows: if A is not a conjunction, the
conjuncts of A consists of A alone; the conjuncts of B & C are the conjuncts of B together
with the conjuncts of C. The disjuncts of A are dened similarly. Call C a proper disjunct
of A in case it is a disjunct of A but is not A.
Say that D

follows by one-resolution from C and D in case C is a literal, its opposite


is a proper disjunct of D, and D

is the result of deleting this disjunct from D.


Suppose that we want to prove the implication A B. In a direct proof, we assume
the hypothesis A, perform a chain of reasoning, and deduce B. In an indirect proof, we
assume A and B, perform a chain of reasoning, and derive a contradiction. Indirect
proofs are twice as ecient, since we have two starting points rather than one, and we
shall always use indirect proofs.
Now we describe the notion of a very simple proof of A in the theory T. It consists of
a list of formulas A
0
, . . . , A

with the following properties. A


0
is the normal form of

A.
Each A

for 1 is a conjunct of a special case of a nonlogical axiom, is an equality


substitution, or follows by one-resolution from A

and A

for some and strictly less


than . Finally, either a literal and its opposite occur in the list or a formula a ,= a occurs
in the list. Then
A
0
A
1
, . . . , A
0
A

,

A
preceded by the proofs of the equality substitutions and special cases, is a proof of A.
A simple proof of A in T consists of a nite sequence C
1
, . . . , C

of variable-free
formulas, called claims, and very simple proofs of
C
1
, C
1
C
2
, . . . , C
1
& & C
1
C

, C
1
& & C

A
17. INCOMPLETENESS WITHOUT DIAGONALIZATION 35
Here is a convenient way to organize a simple proof. String all the very simple proofs
together, introduce each claim by assuming its negation, and when the claim is established
delete (or never use again) the negation of the claim and all the subsequent steps before
the establishment of the claim.
You are at liberty to make any possible Supposition:
And you may destroy one Supposition by another:
But then you may not retain the Consequences,
or any part of the Consequences of the Supposition so destroyed.
GEORGE BERKELEY
17. Incompleteness without diagonalization
The Kolmogorov complexity of a number , denoted by /(), is the length (number of
bits in the program) of the shortest Turing machine that halts and outputs . The notion
was introduced by Solomono
10
and then independently by Kolmogorov.
11
The most important theorem in the subject was proved by Chaitin.
12
Let T be a
theory capable of arithmetizing itself and expressing combinatorics, such as P or, as we shall
see, Q
0
. Let

be the numeral S. . . S0 with occurrences of S. Let K be the arithmetization
of /. Choose a number and construct a machine as follows. It systematically searches
through strings, ordered rst by length and then lexicographically. If it nds one that is a
proof in T of K(

) >

, it outputs and halts. Now can be referred to by a term of T of
length logarithmic in , so for large enough the machine is itself of length less than .
Fix such a and denote it by . Call the corresponding machine the Chaitin machine
for T.
We have
(65) if /() , there is a such that
T
K(

simply by verifying that the steps of the Turing machine in question are followed. Chaitins
theorem is
(66) if T is consistent, there do not exist and such that
T
K(

) >

for otherwise the Chaitin machine would nd a proof in T of some K( ) >



(where
may or may not be the same as ) and output . Then we would have /() by the
denition of Kolmogorov complexity, giving a contradiction in T by (65). Godels rst
incompleteness theorem is a consequence. There is no diagonalization or self-reference in
this proof; Chaitin remarks that it is a version of the Berry paradox.
Kritchman and Raz [KrRa]
13
have given a stunning proof without self-reference or
diagonalization of Godels second incompleteness theorem.
10
R. J. Solomono, A preliminary report on a general theory of inductive inference, Report V-131,
Zator Co., Cambridge, Massachusetts, Feb. 1960, revised Nov. 1960. world.std.com/rjs/z138.pdf
11
A. N. Kolmogorov, Three approaches to the quantitative denition of information, Problems of
Information Transmission, 1, 1-7, 1965.
12
G. J. Chaitin, Computational complexity and Godels incompleteness theorem, ACM SIGACT
News, 9, pp. 11-12, 1971.
13
Shira Kritchman and Ran Raz, The surprise examination and the second incompleteness theorem,
Notices of the AMS, 57, 1454-1458, 2010. www.ams.org/notices/201011/rtx101101454p.pdf
36 CHAPTER 2. LOGIC
There are strictly fewer than 2
+1
Turing machines with at most bits, so by the
pigeonhole principle there is at least one with < 2
+1
such that /() > . Let be the
number of such , so
(67) > 0
There are 2
+1
days left in the course and the teacher announces that there will be an
examination on one of those days, but it will come as a surprise. Think of as being the
number of days remaining after the surprise examination. The examination is not given
on the last day, by (67). Now suppose that = 1 (the surprise examination occurs on the
penultimate day of classes). Then there is a unique with < 2
+1
such that /() > ,
and T proves K( )

for every other with < 2
+1
, by (65). Hence if = 1, T proves
K(

) >

, which is impossible if T is consistent, by Chaitins theorem. Consequently, if T
proves the consistency of its arithmetization then T proves 2. Now suppose that = 2
and argue in the same way, and continue up to = 2
+1
. In this way, if T proves the
consistency of its arithmetization, it proves a contradiction, since 2
+1
. This yields
Godels second incompleteness theorem.
This proof is radically dierent from Godels self-referential proof. The latter derives
a contradiction from the consideration of proofs of an entirely unrestricted kind, whereas
the former derives a contradiction from the consideration of proofs of quite specic kinds,
of bounded complexity. We shall exploit this dierence.
18. The plan
Robinsons theory Q [Ro]
14
is the theory whose nonlogical axioms are those of P with-
out the induction axiom schema but with Robinsons axiom
x ,= 0 y[x = Sy]
It may be reformulated as an open theory Q
0
(Robinson arithmetic) by introducing a unary
function symbol P (predecessor) and replacing Robinsons axiom by
P0 = 0
x ,= 0 x = SPx
The theory Q
0
is quite weak, but by relativization schemata of Solovay [So]
15
[Ne]
it can be greatly strengthened by relativization. We construct a theory schema Q

0
that
is locally relativizable in Q
0
and is such that we can use induction on bounded formulas,
where bounded means that there is a polynomial bound on the length.
Robinson arithmetic has two remarkable properties. First, it proves the quasitauto-
logical consistency of its arithmetization. That is,
(68)
Q

0
Q
0
is quasitautologically consistent
14
R. M. Robinson, An essentially undecidable system, Proceedings of the International Congress of
Mathematicians, vol. 1, Cambridge, Massachusetts, (1950) 729-730.
15
Letter to P. Hajek, August 1976. Cited by Samuel R. Buss in Diusion, Quantum Theory, and
Radically Elementary Mathematics, William G. Faris, ed., Mathematical Notes 47, Princeton University
Press, Princeton, New Jersey, 2006.
18. THE PLAN 37
which is equivalent to
(69)
Q

0
s[s encodes a special sequence in
0
(Q
0
)]
Second, it proves the arithmetization of the main lemma, Theorem 22, for the Hilbert-
Ackermann consistency theorem, with the number of formulas replaced by the number
of bits in the encoded special sequence. These results will be proved in complete detail.
They were established in [Ne] without fully formal proofs, except that the second result
was in a weaker form, with only one special constant eliminated rather than all those
in M. The advantage of the present formulation is that in Theorem 22, , , and are
independent of .
Let us see what consequences follow by nitary reasoning from these two properties.
It must be emphasized that we are not adjoining any nitary assumptions to Q

0
; we are
only seeing what nitary reasoning says about what can be proved in Q

0
.
According to nitism, for any and
(70)
Q

0
p[p encodes a ( ,

)-proof of 0 ,= 0]
i.e.,
(71)
Q

0
s[s encodes a ( ,

)-special sequence in Q
0
]
For if there is such an encoded special sequence, it is an encoded ( ,

, )-special sequence
for some with , so by the arithmetization of Theorem 22, it is a theorem of Q

0
that
there is an encoded (

, 2

, 1)-special sequence. Applying this theorem times,
conclude that Q

0
proves that there is an encoded ( 1,

1
,

1
)-special sequence, where

1
=
2

. Now apply this result times, and conclude (by nitary reasoning) that Q

0
proves that there is an encoded special sequence in
0
(Q
0
), contradicting (69).
Continuing in this vein, let us examine what nitism says about what Q

0
can prove
concerning the Kritchman-Raz proof. Consider the proofs of (65). The formulas are
all of rank at most
0
for a specic
0
, and even though the may be immensely long,
there is a xed bound
0
on the level. This is because each proof operates on the given
record of the working of the Turing machine, repeatedly citing the same theorems to verify
that each step of the computation accords with the machines program. The proofs of the
arithmetizations of (66) and (67) are of a certain specic rank and level, so for certain
specic
1
and
1

0
= 1 p[p encodes a (
1
,

1
)-proof of 0 ,= 0]
By nitary reasoning from (70), we have

0
2
The proofs of 3, . . . ,

1
, where
1
= 2
+1
+ 1, increase in rank and level, but
in a manner that can be bounded explicitly. The upshot is that nitism proves that Q

0
,
and hence Q
0
, is inconsistent. But there is a well-known nitary argument, based on the
Hilbert-Ackermann consistency theorem, showing that Q
0
is consistent. Hence nitary
reasoning leads to a contradiction.
38 CHAPTER 2. LOGIC
Peano arithmetic expresses nitary reasoning and so it is inconsistent. In fact, we have
a contradiction in a small fragment of P; later we shall study how small such a fragment
can be.
In Part II we shall see that Q

0
is in fact consistent, and in Part III that sophisticated
modern mathematics can be done in it.
The entire proof that P is inconsistent is far less intricate than many proofs in contem-
porary mathematics. The inordinate length of the sequel is in deference to the well-known
dictum:
Extraordinary claims require extraordinary evidence.
CARL SAGAN
CHAPTER 4
Arithmetic
Now the formal development begins. Let us record a logical theorem.
t0. x[x = y]
This is sometimes useful for typographical reasons: if d is a long term occurring several
times in a proof, then we can use a special case of t0 such as 0;d:X to give a short name X
to the long term d.
19. Robinson arithmetic
Robinson arithmetic is the theory Q
0
whose nonlogical symbols are the constant 0,
the unary function symbols S and P (successor and predecessor), and the binary function
symbols + and , and whose eight nonlogical axioms follow.
a1. Sx ,= 0
a2. Sx = Sy x = y
a3. x + 0 = x
a4. x + Sy = S(x + y)
a5. x 0 = 0
a6. x Sy = x y + x
a7. P0 = 0
a8. x ,= 0 x = SPx
We also call this theory Q
8
. In general, we shall denote by Q

the theory whose


nonlogical axioms are all formulas with a numerical label

with 1

.
This is a very weak theory, but here is one theorem we can prove.
t9. x + y = 0 x = 0 & y = 0
Proof. H:x:y 3;x 8;y 4;x;Py 1;x+Py
This a condensed version, the text proof, of a simple proof (16) of the theorem. The
hypothesis H is the normal form of the negation of the closure of the theorem, namely
xy[[x + y = 0] & [x ,= 0 y ,= 0]]
This is assumed for a proof by contradiction. Then H:x:y is the special case of H where
special constants x and y are introduced. Then 3;x is the special case of a3 where the
39
40 CHAPTER 4. ARITHMETIC
special constant x is substituted for the variable, and so forth. There are also four equality
substitutions, not indicated in the text proof. For the full proof, including the eleven
inferences, click on the blue Proof hyperlink if you are reading this online, or open a
browser to http://www.math.princeton.edu/nelson/proof/and click on 9.pdf.
A text proof sometimes contains a superscript, such as
A
. This indicates that a special
case still has a quantier in it, and the superscript labels the formula so that a further
special case can be taken later.
The simple proof was automatically generated from the text proof by a program called
qea. Proofs generated by qea are simple proofs consisting of ve parts. First the theorem
as given in the text is stated. Then the normal form of the negation of the closure of the
theorem is given. This is the hypothesis H, which is assumed.
Proofs in qea are always proofs by contradiction, whence the name of the program,
for quod est absurdum. The remainder of the proof consists of steps numbered in sequence
starting with 0. Every step is a disjunction of literals containing only terms built up
from special constants. Conjuncts of the special cases of the hypothesis and of previous
results as listed in the text proof are stated. There are hyperlinks to the previous results
used. If labels a denition of the form A B, then
>
labels the forward direction
A B (which is A B) and
<
labels the backward direction A B (which is logically
equivalent to B A). Claims in simple proofs are indicated in the text proof by ? followed
by the claim.
Then (and this part is sometimes absent) there are equality substitutions. These are
always disjunctions of three literals. The rst is the negation of an equation, and the third
is obtained from the opposite of the second by replacing all occurrences of the left hand
side of the equation, shown in red, by the right hand side of the equation, also shown in red.
These are logical theorems. Qea nds the relevant equality substitutions automatically.
(This is the only sign of intelligence the present version of qea exhibits; it does not search
for relevant previously proved theorems.)
Finally come the inferences. Each of these steps is obtained from a previous step that
is a literal by removing its opposite from a previous step that is a disjunction. Qea takes
each step that is a literal and looks at all the other steps in turn to see if its opposite
occurs. If two steps are found that are literals with one being the opposite of the other,
or if a literal of the form a ,= a is found, the proof is complete. This procedure is not
guaranteed to produce the shortest or the most natural proof. Qea is fast and accurate,
but somewhat lacking in expository air.
Most proof checkers require the user to trust that the program is correct, and the
verication of such a matter is notoriously dicult. But qea prints out simple proofs that
can be checked just by inspection.
The use of qea serves two purposes, rst to ensure that the theorem is correctly proved
and second to construct a simple proof as a mathematical object in its own right that can
then be arithmetized automatically.
We cannot directly establish the associative and commutative laws for addition and
multiplication, or the distributive law, but in this section we shall interpret them by means
of a relativizing predicate. In Peano arithmetic these laws are established by successively
proving the following theorems by induction on the indicated variable, using the axioms
19. ROBINSON ARITHMETIC 41
and the previously established theorems.
x + (y + z) = (x + y) + z z
x (y + z) = (x y) + (x z) z
x (y z) = (x y) z z
0 + x = x x
x + y = y + x y
0 x = 0 x
Sx y = x y + y y
x y = y x x
These are open inductions and it is easy to relativize them, and to include the prede-
cessor P. The details follow.
d10.
10
(z) xy[(x + y) + z = x + (y + z)]
We may read
10
(z) as z associates additively.
t11.
10
(0)
Proof. H 10
<
;0:x:y 3;x+y 3;y
t12.
10
(z)
10
(Sz)
Proof. H:z 10
<
;Sz:x:y 10
>
;z;x;y 4;x+y;z 4;y;z 4;x;y+z
t13.
10
(z)
10
(Pz)
Proof. H:z 10
<
;Pz:x:y 10
>
;z;x;y 7 8;z 4;x+y;Pz 4;y;Pz 4;x;y+(Pz) 2;(x+y)+Pz;x+(y+(Pz))
t14.
10
(z
1
) &
10
(z
2
)
10
(z
1
+ z
2
)
Proof. H:z
1
:z
2
10
<
;z
1
+z
2
:x:y 10
>
;z
2
;y;z
1
10
>
;z
2
;x;y+z
1
10
>
;z
1
;x;y 10
>
;z
2
;x+y;z
1
We have proved that
10
respects 0, S, P, and + but not that it respects , so we
cannot use it as a relativizing predicate. Let us introduce stronger predicates. The idea is
to include various inductive properties in the relativizing predicate.
The distributive property:
d15.
15
(z)
10
(z) & xy[
10
(x) x (y + z) = (x y) + (x z)]
t16.
15
(0)
Proof. H 11 15
<
;0:x:y 3;y 5;x 3;xy
t17.
15
(z)
15
(Sz)
Proof. H:z 15
<
;Sz:x:y 15
>
;z;x;y 12;z 4;y;z 6;x;y+z 10
>
;x;xy;xz 6;x;z
Associativity of multiplication:
d18.
18
(z)
15
(z) & xy[
10
(x) &
15
(y) (x y) z = x (y z)]
t19.
18
(0)
Proof. H 16 18
<
;0:x:y 5;xy 5;y 5;x
42 CHAPTER 4. ARITHMETIC
t20.
18
(z)
18
(Sz)
Proof. H:z 18
<
;Sz:x:y 18
>
;z;x;y 17;z 6;xy;z 15
>
;y;x;yz 6;y;z
d21.
21
(z)
18
(z) & y[0 + y = z y = z]
t22.
21
(0)
Proof. H 19 21
<
;0:y 9;0;y
t23.
21
(z)
21
(Sz)
Proof. H:z 21
<
;Sz:y 20;z 21
>
;z;Py 3;0 8;y 4;0;Py 2;0+(Py);z
t24.
21
(0 + z) 0 + z = z
Proof. H:z 21
>
;0+z;z
To treat the commutative law for addition we rst study the commutativity of addition
by 0.
d25.
25
(z)
21
(z) & 0 + z = z
t26.
25
(0)
Proof. H 22 25
<
;0 3;0
t27.
25
(z)
25
(Sz)
Proof. H:z 25
<
;Sz 4;0;z 25
>
;z 23;z
d28.
28
(z)
25
(z) & y[(Sy) + z = S(y + z)]
t29.
28
(0)
Proof. H 26 28
<
;0:y 3;Sy 3;y
t30.
28
(z)
28
(Sz)
Proof. H:z 28
<
;Sz:y 28
>
;z;y 27;z 4;Sy;z 4;y;z
The commutative law for addition:
d31.
31
(z)
28
(z) & y[
28
(y) y + z = z + y]
t32.
31
(0)
Proof. H 29 31
<
;0:y 28
>
;y 25
>
;y 3;y
t33.
31
(z)
31
(Sz)
Proof. H:z 31
<
;Sz:y 28
>
;y;z 30;z 4;y;z 31
>
;z;y
To treat the commutative law for multiplication we rst study the commutativity of
multiplication by 0 and a variation on a6.
d34.
34
(z)
31
(z) & 0 z = 0
t35.
34
(0)
Proof. H 32 34
<
;0 5;0
19. ROBINSON ARITHMETIC 43
t36.
34
(z)
34
(Sz)
Proof. H:z 34
<
;Sz 34
>
;z 6;0;z 3;0 33;z
d37.
37
(z)
34
(z) & y[
31
(y) (Sy) z = (y z) + z]
t38.
37
(0)
Proof. H 35 37
<
;0:y 5;Sy 5;y 3;0
t39.
37
(z)
37
(Sz)
Proof. H:z 37
<
;Sz:y 37
>
;z;y 36;z 31
>
;y 28
>
;y 25
>
;y 21
>
;y 18
>
;y 15
>
;y 34
>
;z
31
>
;z 28
>
;z 25
>
;z 21
>
;z 18
>
;z 15
>
;z 12;z 6;Sy;z 12;y 10
>
;Sy;yz;z 4;z;y 31
>
;y;z
4;y;z 10
>
;Sz;yz;y 6;y;z
The commutative law for multiplication:
d40.
40
(z)
37
(z) & y[
37
(y) y z = z y]
t41.
40
(0)
Proof. H 40
<
;0:y 38 5;y 37
>
;y 34
>
;y
t42.
40
(z)
40
(Sz)
Proof. H:z 40
<
;Sz:y 40
>
;z;y 39;z 37
>
;z 34
>
;z 37
>
;y;z 6;y;z
Now we strengthen the predicate so that smaller numbers inherit the property.
d43.
43
(x) yz[y + z = x &
10
(z)
40
(y)]
t44.
43
(x)
40
(x)
Proof. H:x 43
>
;x;x;0 3;x 11
t45.
43
(0)
Proof. H 43
<
;0:y:z 9;y;z 41
t46.
43
(x)
43
(Sx)
Proof. H:x 43
<
;Sx:y:z 43
>
;x;y;Pz 42;x 44;x 3;y 8;z 4;y;Pz 2;y+Pz;x 13;z
t47.
43
(x) & u + v = x &
10
(v)
43
(u)
Proof. H:x:u:v 43
<
;u:y:z 10
>
;v;y;z 14;z;v 43
>
;x;y;z+v
Additive numbers:
d48.
48
(x) y[
43
(y)
43
(y + x)]
t49.
48
(x)
43
(x)
This is where t24 is used.
Proof. H:x 45 48
>
;x;0 44;0 44;0+x 40
>
;0+x 37
>
;0+x 34
>
;0+x 31
>
;0+x 28
>
;0+x
25
>
;0+x 24;x
t50.
48
(0)
Proof. H 48
<
;0:y 3;y
44 CHAPTER 4. ARITHMETIC
t51.
48
(x)
48
(Sx)
Proof. H:x 48
<
;Sx:y 48
>
;x;y 46;y+x 4;y;x
t52.
48
(x) & u + v = x &
10
(v)
48
(u)
Proof. H:x:u:v 48
<
;u:y 10
>
;v;y;u 48
>
;x;y 43
>
;u;v;x 47;y+x;y+u;v
t53.
48
(x)
43
(x) &
40
(x) &
37
(x) &
34
(x) &
31
(x) &
28
(x)
&
25
(x) &
21
(x) &
18
(x) &
15
(x) &
10
(x)
Proof. H:x 49;x 44;x 40
>
;x 37
>
;x 34
>
;x 31
>
;x 28
>
;x 25
>
;x 21
>
;x 18
>
;x 15
>
;x
t54.
48
(x
1
) &
48
(x
2
)
48
(x
1
+ x
2
)
Proof. H:x
1
:x
2
48
<
;x
1
+x
2
:y 53;x
2
10
>
;x
2
;y;x
1
48
>
;x
1
;y 48
>
;x
2
;y+x
1
Multiplicative numbers:
d55.
55
(x)
48
(x) & y[
48
(y)
48
(y x)]
This is it;
55
is the sought-for relativizing predicate.
t56.
55
(x)
48
(x) &
43
(x) &
40
(x) &
37
(x) &
34
(x) &
31
(x)
&
28
(x) &
25
(x) &
21
(x) &
18
(x) &
15
(x) &
10
(x)
Proof. H:x 55
>
;x 53;x
Now let us verify that
55
respects every function symbol of Q.
t57.
55
(0)
Proof. H 50 55
<
;0:y 5;y
t58.
55
(x)
55
(Sx)
Proof. H:x 55
<
;Sx:y 56;x 51;x 6;y;x 55
>
;x;y 54;yx;y
t59. x ,= 0 &
55
(x)
55
(Px)
Proof. H:x 55
<
;Px:y 8;x 4;Px;0 3;Px 11 12;0 56;x 52;x;Px;S0 6;y;Px 53;y 55
>
;x;y
52;yx;yPx;y
t60.
55
(x)
55
(Px)
Proof. H:x 59;x 7
t61.
55
(x
1
) &
55
(x
2
)
55
(x
1
+ x
2
)
Proof. H:x
1
:x
2
55
<
;x
1
+x
2
:y 56;x
1
56;x
2
54;x
1
;x
2
53;y 53;x
2
15
>
;x
2
;y;x
1
55
>
;x
1
;y
55
>
;x
2
;y 54;yx
1
;yx
2
t62.
55
(x
1
) &
55
(x
2
)
55
(x
1
x
2
)
Proof. H:x
1
:x
2
55
<
;x
1
x
2
:y 55
>
;x
2
;x
1
56;x
2
56;x
1
53;y 18
>
;x
2
;y;x
1
55
>
;x
1
;y 55
>
;x
2
;yx
1
Now let us prove the relativization of the associative and distributive laws.
t63.
55
(x) &
55
(y) &
55
(z) (x + y) + z = x + (y + z)
Proof. H:x:y:z 56;z 10
>
;z;x;y
20. ORDER 45
t64.
55
(x) &
55
(y) &
55
(z) x (y + z) = (x y) + (x z)
Proof. H:x:y:z 56;z 56;x 15
>
;z;x;y
t65.
55
(x) &
55
(y) &
55
(z) (x y) z = x (y z)
Proof. H:x:y:z 56;z 56;y 56;x 18
>
;z;x;y
Next we establish the relativizations of the commutative laws.
t66.
55
(x) &
55
(y) x + y = y + x
Proof. H:x:y 56;x 56;y 31
>
;x;y
t67.
55
(x) &
55
(y) x y = y x
Proof. H:x:y 56;x 56;y 40
>
;y;x
Adjoin the following ve axioms to Q
67
.
a68. (x + y) + z = x + (y + z)
a69. x (y + z) = (x y) + (x z)
a70. (x y) z = x (y z)
a71. x + y = y + x
a72. x y = y x
Then Q
72
is relativizable in Q
67
by the relativizing predicate symbol
55
, and hence
it is relativizable in Q
0
.
Axioms, denitions, and theorems containing the letter are auxiliary, and will not
be referred to again once the relativization they serve has been accomplished.
20. Order
We introduce (less than) and prove some properties of it.
d73. x y z[x + z = y]
t74. x x + y
Proof. H:x:y 73
<
;x;x+y;y
t75. y x + y
Proof. H:y:x 74;y;x 71;x;y
t76. Sx Sy x y
Proof. H:x:y 73
>
;Sx;Sy:z 71;Sx;z 4;z;x 2;z+x;y 71;x;z 73
<
;x;y;z
t77. Sx + y = x + Sy
Proof. H:x:y 71;Sx;y 4;y;x 71;y;x 4;x;y
t78. x y Sx Sy
Proof. H:x:y 73
>
;x;y:z 4;x;z 77;x;z 73
<
;Sx;Sy;z
46 CHAPTER 4. ARITHMETIC
t79. 0 x
Proof. H:x 73
<
;0;x;x 71;0;x 3;x
t80. x x
Proof. H:x 73
<
;x;x;0 3;x
t81. x Sx
Proof. H:x 4;x;0 3;x 73
<
;x;Sx;S0
t82. x 0 x = 0
Proof. H:x 73
>
;x;0:u 9;x;u
t83. y Sx y x y = Sx
Proof. H:y:x 73
>
;y;Sx:z 3;y 8;z 4;y;Pz 2;x;y+Pz 73
<
;y;x;Pz
t84. x y & y z x z
Proof. H:x:y:z 73
>
;x;y:u 73
>
;y;z:v 68;x;u;v 73
<
;x;z;u+v
t85. Px x
Proof. H:x 8;x 80;0 81;Px 7
Monotonicity of addition and multiplication.:
t86. x y z + x z + y
Proof. H:x:y:z 73
>
;x;y:u 68;z;x;u 73
<
;z+x;z+y;u
t87. x y x + z y + z
Proof. H:x:y:z 86;x;y;z 71;x;z 71;y;z
t88. x y z x z y
Proof. H:x:y:z 73
>
;x;y:u 69;z;x;u 73
<
;zx;zy;zu
t89. x y x z y z
Proof. H:x:y:z 88;x;y;z 72;x;z 72;y;z
t90. x x

& y y

x y x

Proof. H:x:x

:y:y

88;y;y

;x 89;x;x

;y

84;xy;xy

;x

21. The rst relativization schema


Axioms, denitions, and theorems with a label that begins with an uppercase letter
are schemata. The following is a denition schema. For any unary predicate symbol ,
ind

is a predicate symbol of index 0. It may be read as is inductive.


dBI1. ind

(0) & x[(x) (Sx)]


Dene
dBI2.
0
(x) y[y x (y)]
Under the hypothesis that is inductive (stated even when it is not necessary) we
show that
0
is stronger than , and is not only inductive but hereditary.
21. THE FIRST RELATIVIZATION SCHEMA 47
tBI3. ind

[
0
(x) (x)]
Let y = x in dBI2.
Proof. H:x BI2
>
;x;x 80;x
tBI4. ind


0
(0)
If y 0 then y = 0, and we have (0) since is inductive.
Proof. H BI1
>
BI2
<
;0:y 82;y
tBI5. ind

[
0
(x)
0
(S(x))]
Suppose
0
(x) and y Sx. We need to show that (y). Then y x or y = Sx. In
the rst case we have the result since
0
(x), and in the second case it holds by tBI3 and
the inductivity of .
Proof. H:x BI2
<
;Sx:y BI2
>
;x;Py 83;y;x BI2
>
;x;y BI1
>
;x BI3;x
tBI6. ind

[
0
(x) & u x
0
(u)]
Suppose
0
(x) and u x and y u. We need to show that (y). But y x, so this
holds since
0
(x).
Proof. H:x:u BI2
<
;u:y 84;y;u;x BI2
>
;x;y
Dene
dBI7.
1
(x) y[
0
(y)
0
(y + x)]
We show that
1
is stronger than
0
(and consequently stronger than ), is inductive
and hereditary, and respects +. The proof makes essential use of t68, the associativity of
addition.
tBI8. ind

[
1
(x)
0
(x)]
Let y = 0 in dBI7.
Proof. H:x BI7
>
;x;0 3;x 71;x;0 BI4
tBI9.
1
(0)
This is merely the statement that
0
(y)
0
(y + 0).
Proof. H BI7
<
;0:y 3;y
tBI10. ind

[
1
(x)
1
(Sx)]
Suppose
1
(x) and
0
(y). We need to show that
0
(y + Sx); i.e., that
0

S(y + x)

.
We have
0
(y + x) since
1
(x), so the result holds by tBI5.
Proof. H:x BI7
<
;Sx:y BI5;y+x 4;y;x BI7
>
;x;y
tBI11. ind

[
1
(x) & u x
1
(u)]
Suppose
1
(x) and u x and
0
(y). We need to show that
0
(y+u). But y+u y+x
and we have
0
(y + x) since
1
(x), so the result holds by tBI6.
Proof. H:x:u BI7
<
;u:y 86;u;x;y BI6;y+x;y+u BI7
>
;x;y
48 CHAPTER 4. ARITHMETIC
tBI12. ind

[
1
(x
1
) &
1
(x
2
)
1
(x
1
+ x
2
)]
Suppose
1
(x
1
) and
1
(x
2
) and
0
(y). We need to show that
0

y + (x
1
+ x
2
)

. We
have
0
(y +x
1
) since
1
(x
1
), and so
0

(y +x
1
) +x
2

since
1
(x
2
). Thus the result holds
by the associativity of addition.
Proof. H:x
1
:x
2
BI7
<
;x
1
+x
2
:y 68;y;x
1
;x
2
BI7
>
;x
1
;y BI7
>
;x
2
;y+x
1
Dene
dBI13.
2
(x) y[
1
(y)
1
(y x)]
We show that
2
is stronger than
1
(and consequently stronger than ), is hereditary,
and is not only inductive but respects every function symbol of Q. The proof makes
essential use of t70, the associativity of multiplication.
tBI14. ind

[
2
(x)
1
(x)]
Let y = 1 in dBI13. (We have
1
(1) by tBI9 and tBI10.)
Proof. H:x BI13
>
;x;S0 BI10;0 BI9 72;S0;x 6;x;0 5;x 71;0;x 3;x
tBI15. ind


2
(0)
Since y 0 = 0, this holds by tBI9.
Proof. H BI13
<
;0:y 5;y BI9
tBI16. ind

[
2
(x)
2
(Sx)]
Suppose
2
(x) and
1
(y). We need to show that
1
(y Sx); i.e., that
1
(y x + y).
We have
1
(y x) since
2
(x), so the result holds by tBI12.
Proof. H:x BI13
<
;Sx:y BI12;yx;y 6;y;x BI13
>
;x;y
tBI17. ind

[
2
(x) & u x
2
(u)]
Suppose
2
(x) and u x and
1
(y). We need to show that
1
(y u). But y u y x,
and we have
1
(y x) since
2
(x). Thus the result holds by tBI11.
Proof. H:x:u BI13
<
;u:y 88;u;x;y BI11;yx;yu BI13
>
;x;y
tBI18. ind

[
2
(x
1
) &
2
(x
2
)
2
(x
1
+ x
2
)]
Suppose
2
(x
1
) and
2
(x
2
) and
1
(y). We need to show that
1

y (x
1
+ x
2
)

; i.e.,
that
1
(y x
1
+y x
2
). We have
1
(y x
1
) since
2
(x
1
) and
1
(y x
2
) since
2
(x
2
), so the
result holds by tBI12.
Proof. H:x
1
:x
2
BI13
<
;x
1
+x
2
:y 69;y;x
1
;x
2
BI13
>
;x
1
;y BI13
>
;x
2
;y BI12;yx
1
;yx
2
tBI19. ind

[
2
(x
1
) &
2
(x
2
)
2
(x
1
x
2
)]
Suppose
2
(x
1
) and
2
(x
2
) and
1
(y). We need to show that
1

y (x
1
x
2
)

. We
have
1
(y x
1
) since
2
(x
1
), and so
1

(y x
1
) x
2

. The result follows by the associativity


of multiplication.
Proof. H:x
1
:x
2
BI13
<
;x
1
x
2
:y 70;y;x
1
;x
2
BI13
>
;x
1
;y BI13
>
;x
2
;yx
1
22. EVEN OR ODD 49
tBI20. ind

[
2
(x) (x)]
This holds since
2
(x)
1
(x) and
1
(x)
0
(x) and
0
(x) (x).
Proof. H:x BI14;x BI8;x BI3;x
tBI21. ind

[
2
(x)
2
(Px)]
This holds by tBI17 since Px x.
Proof. H:x 85;x BI17;x;Px
This is the rst relativization schema. If is inductive and essentially bounded for ,
then
2
is a relativizer over Q.
Next we prove that an induction formula (0) & x

[(x

) (Sx

)] (x) is itself
inductive.
tBI22. (0) & x

[(x

) (Sx

)] (0)
Proof. H
tBI23. (0) & x

[(x

) (Sx

)] (x) (0) & x

[(x

)
(Sx

)] (Sx)
Proof. H:x:x
A A
;x
A
;x

In this text superscript


A
labels the formula H after the substitution of the special
constants x and x

is made. This formula, called a remnant, is not open, and further


substitutions are made in ti.
Let (x) be of the form x
1
. . . x

B where B is bounded for and x


1
, . . . , x

are
the free variables of B other than x; call such a essentially bounded for . Then is
a relativizer over Q. The same holds for a unary predicate symbol with dening axiom
(x) x
1
. . . x

B where B is as above.
Adjoin the axiom schema of bounded induction (BI):
aBI. (0) & x

[(x

) (Sx

)] (x)
where is essentially bounded for . This induction formula is inductive by tBI22
and tBI23, and its prenex form is essentially bounded. This theory schema is bounded
number theory. It is locally relativizable in Q
0
, meaning that any nite portion of it is
relativizable in Q
0
. We shall adjoin particular cases of BI one by one.
22. Even or odd
We shall prove that every number is even or odd. Here is a semantic indication
that induction is necessary to prove this. Take a nonstandard model of P and let be a
nonstandard number. Take the external set U of all standard numbers together with all
numbers obtained by repeatedly applying the functions symbols of Q
90
to . Then U is
the universe of a model of Q
90
, but there is no individual in U such that either 2 =
or 2 + 1 = .
d91. 1 = S0
d92. 2 = SS0
50 CHAPTER 4. ARITHMETIC
t93. 1 ,= 0 & 2 ,= 0 & 1 ,= 2
Proof. H 91 92 1;0 1;1 2;0;1
t94. Sx = x + 1
Proof. H:x 91 4;x;0 3;x
t95. 1 + 1 = 2
Proof. H 91 92 4;S0;0 3;S0
t96. x 1 = x
Proof. H:x 91 6;x;0 5;x 3;x 71;x;0
t97. 1 x = x
Proof. H:x 96;x 72;x;1
t98. x + x = 2 x
Proof. H:x 92 6;x;S0 6;x;0 5;x 3;x 71;x;0 72;2;x
t99. 2 x Sy x y
Proof. H:x:y 98;x 8;x 4;x;Px 76;x+Px;y 74;x;Px 84;x;x+Px;y 79;y
d100. x is even yx[x = 2 y]
d101. x is odd yx[x = 2 y + 1]
t102. 2 y is even
Proof. H:y 100
<
;2y;y 98;y 73
<
;y;2y;y
t103. y 2 is even
Proof. H:y 102;y 72;2;y
t104. 2 y + 1 is odd
Proof. H:y 98;y 73
<
;y;y+y;y 73
<
;2y;2y+1;1 84;y;2y;2y+1 101
<
;2y+1;y
t105. 0 is even
Proof. H 5;2 102;0;0
t106. 1 is odd
Proof. H 104;0 5;2 3;1 71;0;1
t107. x is even Sx is odd
Proof. H:x 100
>
;x:y 94;2y 81;x 84;y;x;Sx 104;y
t108. x is odd Sx is even
Proof. H:x 101
>
;x:y 94;2y+1 68;2y;1;1 95 94;x 87;y;x;1 96;2 69;2;y;1 102;y+1
Whenever we perform a bounded induction, we introduce an auxiliary predicate sym-
bol of the form

. This enables us to keep track of the relativizer needed to relativize


the current theory. The auxiliary predicate symbol also permits other forms of bounded
induction, such as innite descent, as we shall see.
22. EVEN OR ODD 51
d109.
109
(x) [x is even x is odd]
t110.
109
(0)
Proof. H 109
<
;0 105
t111.
109
(x)
109
(Sx)
Proof. H:x 109
>
;x 107;x 108;x 109
<
;Sx
t112.
109
(x)
Proof. H:x BI,109;x;x

110 111;x

t113. x is even x is odd


Proof. H:x 112;x 109
>
;x
Now the relativizer of the current theory is
55
&
2
109
.
t114. 0 is odd
Proof. H 101
>
;0:y 94;2y 1;2y
t115. Sx is odd x is even
Proof. H:x 101
>
;Sx:y 94;2y 2;x;2y 102;y
t116. Sx is even x is odd
Proof. H:x 100
>
;Sx:y 1;x 5;2 8;y 6;2;Py 95 68;2Py;1;1 94;2Py+1 2;x;2Py+1 104;Py
d117.
117
(x) [x is even & x is odd]
t118.
117
(0)
Proof. H 114 117
<
;0
t119.
117
(x)
117
(Sx)
Proof. H:x 117
>
;x 117
<
;Sx 115;x 116;x
t120.
117
(x)
Proof. H:x BI,117;x:x

118 119;x

t121. [x is even & x is odd]


Proof. H:x 120;x 117
>
;x
Arithmetic mod 2:
t122. x + y is even & x is even y is even
Proof. H:x:y 113;y 100
>
;x:x

101
>
;y:y

68;2x

;2y

;1 69;2;x

;y

104;x

+y

121;x+y
t123. x is even & y is odd x + y is odd
Proof. H:x:y 100
>
;x:x

101
>
;y:y

68;2x

;2y

;1 69;2;x

;y

104;x

+y

t124. x is even x y is even


Proof. H:x:y 100
>
;x:x

70;2;x

;y 102;x

y
52 CHAPTER 4. ARITHMETIC
t125. y is even x y is even
Proof. H:y:x 72;y;x 124;y;x
t126. x is odd & y is odd x y is odd
Proof. H:x:y 101
>
;x:x

101
>
;y:y

69;2x

+1;2y

;1 96;2x

+1 102;y

125;2y

;2x

+1 104;x

123;(2x

+1)(2y

);2x

+1
t127. x is odd & x y is even y is even
Proof. H:x:y 113;y 121;y 113;xy 121;xy 126;x;y
23. Miscellaneous arithmetic
We prove some theorems, in no particular order, for later use.
t128. (x + y) z = x z + y z
Proof. H:x:y:z 72;x+y;z 69;z;x;y 72;x;z 72;y;z
t129. x ,= 0 1 x
Proof. H:x 8;x 94;Px 71;Px;1 73
<
;1;x;Px
t130. x y & x ,= y Sx y
Proof. H:x:y 73
>
;x;y:z 3;x 8;z 4;x;Pz 71;x;Pz 4;Pz;x 71;Pz;Sx 73
<
;Sx;y;Pz
t131. x 1 x = 0 x = 1
Proof. H:x 73
>
;x;1:y 8;x 71;SPx;y 4;y;Px 91 2;0;y+Px 9;y;Px 3;x
t132. x y = z & z ,= 0 x z
Proof. H:x:y:z 5;x 8;y 6;x;Py 71;xPy;x 73
<
;x;z;xPy
t133. x y = 0 x = 0 y = 0
Proof. H:x:y 8;y 6;x;Py 71;xPy;x 73
<
;x;0;xPy 82;x
t134. x y = 1 x = 1 & y = 1
Proof. H:x:y 91 1;0 132;x;y;1 131;x 72;x;y 5;y 132;y;x;1 131;y 5;x
The cancellation law for addition:
d135.
135
(x) yz[y + x = z + x y = z]
The deniens is not a bounded formula, but it is essentially bounded.
t136.
135
(0)
Proof. H 135
<
;0:y:z 3;y 3;z
t137.
135
(x)
135
(Sx)
Proof. H:x 135
<
;Sx:y:z 135
>
;x;y;z 4;y;x 4;z;x 2;y+x;z+x
t138.
135
(x)
Proof. H:x BI,135;x:x

136 137;x

23. MISCELLANEOUS ARITHMETIC 53


t139. y + x = z + x y = z
Proof. H:y:x:z 138;x 135
>
;x;y;z
t140. x + y = x + z y = z
Proof. H:x:y:z 139;y;x;z 71;x;y 71;x;z
t141. y + x = y x = 0
Proof. H:y:x 3;y 71;x;y 71;y;0 139;0;y;x
t142. y + x y x = 0
Proof. H:y:x 73
>
;y+x;y:z 68;y;x;z 141;y;x+z;y 9;x;z
t143. Sx x
Proof. H:x 73
>
;Sx;x:y 77;x;y 141;x;Sy; 1;y
t144. Sx y = x y + y
Proof. H:x:y 72;Sx;y 6;y;x 72;y;x
t145. S(x y) Sx Sy
Proof. H:x:y 6;Sx;y 144;x;y 68;xy;y;Sx 4;y;x 77;xy;y+x 73
<
;S(xy);SxSy;y+x
The cancellation law for multiplication:
d146.
146
(y) xz[x ,= 0 & y x = z x y = z]
t147.
146
(0)
Proof. H 146
<
;0;x;z 5;x 72;0;x 133;z;x
t148.
146
(y)
146
(Sy)
Proof. H:y 146
<
;Sy:x:z 1;y 133;Sy;x 5;x 72;x;0 8;z 144;y;x 144;Pz;x 139;yx;x;Pzx
146
>
;y;x;Pz
t149.
146
(y)
Proof. H:x BI,146;x:x

147 148;x

t150. x ,= 0 & y x = z x y = z
Proof. H:x:y:z 149;y 146
>
;y;x;z 80;z
t151. x ,= 0 & x y = x z y = z
Proof. H:x:y:z 72;x;y 72;x;z 150;x;y;z
t152. x y + x = z y + z x = z
Proof. H:x:y:z 96;x 96;z 69;x;y;1 69;z;y;1 9;y;1 93 150;y+1;x;z
t153. x ,= 0 & x = x y y = 1
Proof. H:x:y 96;x 151;x;1;y
t154. x ,= 0 & x = z x y z = 1 & y = 1
Proof. H:x:z:y 72;z;xy 70;x;y;z 153;x;yz 134;y;z
54 CHAPTER 4. ARITHMETIC
t155. x is odd & x y = 2 z y

[x y

= z]
Proof. H:x:y:z
A
102;z 127;x;y 100
>
;y:y
A
;y

70;x;2;y

72;x;2 70;2;x;y

92 1;S0 151;2;xy

;z
Now we introduce < (strictly less than).
d156. x < y x y & x ,= y
t157. 0 < 1
Proof. H 79;1 91 1;0 156
<
;0;1
t158. x < Sx
Proof. H:x 156
<
;x;Sx 81;x 143;x
t159. 2 x < 2 y x < y
Proof. H:x:y 156
>
;2x;2y 73
>
;2x;2y:z 102;x 102;y 122;2x;z 100
>
;z:z

69;2;x;z

92
1;S0 151;2;x+z

;y 73
<
;x;y;z

156
<
;x;y
t160. x 2 y 2 x y
Proof. H:x:y 72;x;2 72;y;2 93 150;2;x;y 80;x 156
<
;2x;2y 159;x;y 156
>
;x;y
t161. x < y z[x + z = y & z ,= 0]
Proof. H:x:y
A
156
>
;x;y 73
>
;x;y:z
A
;z 3;x
t162. x < Sy x y
Proof. H:x:y 161;x;Sy:z 8;z 4;x;Pz 2;x+Pz;y 73
<
;x;y;Pz
t163. x < y Sx y
Proof. H:x:y 161;x;y:z 8;z 4;x;Pz 77;x;Pz 73
<
;Sx;y;Pz
t164. x < 0
Proof. H:x 156
>
;x;0 82;x
t165. [1 < x & x < 2]
Proof. H:x 156
>
;1;x 156
>
;x;2 92 91 162;x;S0 131;x 164;1
t166. y < z x + y < x + z
Proof. H:y:z:x 86;y;z;x 156
>
;y;z 156
<
;x+y;x+z 139;y;x;z 71;x;y 71;x;z
d167.
167
(x) y[x y y x]
t168.
167
(0)
Proof. H 167
<
;0:y 79;y
t169.
167
(x)
167
(Sx)
Proof. H:x 167
<
;Sx:y 167
>
;x;y 81;x 84;y;x;Sx 130;x;y
t170.
167
(x)
Proof. H:x BI,167;x:x

168 169;x

t171. x y y x
Proof. H:x:y 170;x 167
>
;x;y
23. MISCELLANEOUS ARITHMETIC 55
t172. x y y < x
Proof. H:x:y 171;x;y 156
<
;y;x 7;x
t173. x y & y x x = y
Proof. H:x:y 73
>
;x;y:u 73
>
;y;x:v 68;x;u;v 141;x;u+v 9;u;v 3;x
t174. x ,= 0 & x y x z y z
Proof. H:x:y:z 171;y;z 88;z;y;x 173;xy;xz 151;x;y;z 80;y
t175. x ,= 0 & x y = x

& x x

y
Proof. H:x:y:x

:y

73
>
;x;x

:z 128;x;z;y

73
<
;xy

;xy;zy

174;x;y

;y
t176. x ,= 0 & x y = x

& x < x

& y ,= 0 y

< y
Proof. H:x:y:x

:y

156
>
;x;x

175;x;y;x

;y

156
<
;y

;y 150;y;x;x

t177. x y & y < z x < z


Proof. H:x:y:z 156
>
;y;z 156
<
;x;z 84;x;y;z 173;x;y
t178. x < y & y z x < z
Proof. H:x:y:z 156
>
;x;y 156
<
;x;z 84;x;y;z 173;x;y
t179. x < y & y < z x < z
Proof. H:x:y:z 178;x;y;z 156
>
;y;z
t180. x ,= 0 & y < z y < x z
Proof. H:x:y:z 8;x 144;Px;z 75;z;Pxz 178;y;z;xz
t181. (y + z) (y + z) y y z = 0
Proof. H:y:z 128;y;z;y+z 69;y;y;z 69;z;y;z 68;yy;yz;zy+zz 142;yy;yz+zy+zz 9;yz;zy+z
z 9;zy;zz 133;z;z
t182. x x y y x y
Proof. H:x:y 172;x;y 161;y;x:z 181;y;z
t183. x x = y y x = y
Proof. H:x:y 80;xx 182;x;y 182;y;x 173;x;y
Mathematicians prove that a = b.
Algebraists do it by showing that a and b are the same thing in dierent notations.
But analysts do some work: they prove that a b and b a.
SALOMON BOCHNER
56 CHAPTER 4. ARITHMETIC
24. Powers of two
A number is a power of two if and only if all its divisors other than 1 are even.
d184. q is a power of two q ,= 0 & xqyq[x y = q & x ,= 1 x is
even]
t185. 1 is a power of two
Proof. H 184
<
;1:x:y 91 1;0 134;x;y
t186. q is a power of two 2 q is a power of two
Proof. H:q 184
<
;2q:x:y 92 1;S0 133;2;q 113;x 121;x 155;x;y;q:y

184
>
;q;x;y

132;x;y

;q
72;x;y

132;y

;x;q
t187. q is a power of two & q ,= 1 q is even
Proof. H:q 184
>
;q;q;1 96;q 80;q 129;q
The bounded quantiers in d184 were necessary for is a power of two to be a bounded
predicate symbol, but now we show that the bounds hold automatically.
t188. q is a power of two & x y = q & x ,= 1 x is even
Proof. H:q:x:y 184
>
;q;x;y 132;x;y;q 72;x;y 132;y;x;q
t189. q is a power of two & q ,= 1 q

[q

is a power of two & 2 q

= q]
Proof. H:q
A
187;q 100
>
;q:q
A
;q

184
<
;q

:x:y 72;2;xy 70;x;y;2 184


>
;q;x;y2 188;q;x;y2
133;2;q

92 1;S0 5;2
d190.
190
(b) q
2
q
1
b[q
1
is a power of two & q
2
is a power of two q
1
q
2
is a power of two]
t191.
190
(0)
Proof. H 190
<
;0:q
2
:q
1
82;q
1
184
>
;q
1
t192.
190
(b)
190
(Sb)
Proof. H:b 190
<
;Sb:q
2
:q
1
97;q
2
189;q
1
:q

1
99;q

1
;b 190
>
;b;q
2
;q

1
186;q

1
q
2
70;2;q

1
;q
2
t193.
190
(b)
Proof. H:x BI,190;x:x

191 192;x

t194. q
1
is a power of two & q
2
is a power of two q
1
q
2
is a power of two
Proof. H:q
1
:q
2
193;q
1
190
>
;q
1
;q
2
;q
1
80;q
1
t195. q is a power of two & q < z z ,= 1
Proof. H:q:z 184
>
;q 156
>
;q;1 131;q
We shall prove that if q is a power of two then there is no power of two z such that
q < z < 2 q. The proof is by innite descent (applied to a bounded formula), the oldest
form of induction: if there are such q and z, divide them by 2 and obtain smaller ones.
d196.
196
(b) qbzb[q is a power of two & z is a power of two & q < z
& z < 2 q]
24. POWERS OF TWO 57
t197.
196
(0)
Proof. H 196
<
;0:q:z 82;q 82;z 184
>
;q 184
>
;z
t198.
196
(b)
196
(Sb)
It is surprising that so far proofs by cases have not been necessary, but now we need to
consider the case q = 1 and show that it leads to a contradiction. Whenever we introduce
a claim in a proof (indicated by ? followed by a formula), we assume that the claim does
not hold and derive a contradiction; then the steps based on the assumption are never
used again.
Proof. H:b 196
<
;Sb:q:z 165;z 96;2 189;q:q

189;z:z

196
>
;b;q

;z

99;q

;b 99;z

;b 195;q;z
159;q

;z

159;z

;2q

?q=1
t199.
196
(b)
Proof. H:x BI,196;x:x

197 198;x

t200. q is a power of two z[z is a power of two & q < z & z < 2 q]
Proof. H:q:z 199;q+z 74;q;z 71;q;z 74;z;q 196
>
;q+z;q;z
t201. q is a power of two & q

is a power of two & q

< 2 q q

q
Proof. H:q:q

200;q;q

172;q

;q
t202. q
1
is a power of two & q
2
is a power of two & q
1
< q
2
2 q
1
q
2
Proof. H:q
1
:q
2
172;2q
1
;q
2
200;q
1
;q
2
We shall prove that every non-zero number Sx can be written uniquely as Sx = q +r
where q is a power of two and r < q. We begin with uniqueness.
t203. q is a power of two & r < q & q

is a power of two & r

< q

& q+r = q

+r

q = q

& r = r

Proof. H:q:r:q

:r

74;q

;r

166;r;q;q 98;q 177;q

;q+r;2q 201;q;q

74;q;r 166;r

;q

;q

98;q

177;q;q

+r

;2q

201;q

;q 173;q;q

139;r;q;r

71;q;r 71;q;r

d204.
204
(x) qSxrSx[q is a power of two & r < q & Sx = q + r]
t205.
204
(0)
Proof. H 204
<
;0;1;0 91 185 157 3;1 80;1 79;1
t206.
204
(x)
204
(Sx)
Proof. H:x 204
>
;x:q:r 78;r;Sx 81;Sx 163;r;q 204
<
;Sx;q;Sr 4;q;r 98;q 186;q 3;2q 156
<
;0;2q 184
>
;2q
156
<
;Sr;q 84;q;Sx;SSx 79;SSx 204
<
;Sx;2q;0 80;2q
t207.
204
(x)
Proof. H:x BI,204;x:x

205 206;x

t208. qSxrSx[q is a power of two & r < q & Sx = q + r]


Proof. H:x
A
207;x 204
>
;x:q:r
A
;q;r
Whenever we dene a function symbol (other than by an explicit denition) we rst
prove the uniqueness condition (UC) and the existence condition (EC).
58 CHAPTER 4. ARITHMETIC
t209. (UC) q Sx & q is a power of two & rSx[r < q & Sx = q+r] & q

Sx
& q

is a power of two & r

Sx[r

< q

& Sx = q

+ r

] q = q

Proof. H:q:x:q

:r:r

203;q;r;q

;r

t210. (EC) qq Sx & q is a power of two & rSx[r < q & Sx = q + r]


Proof. H:x
A
208;x:q:r
A
;q;r
d211. Qx = q q Sx & q is a power of two & rSx[r < q & Sx = q + r]
t212. Qx ,= 0
Proof. H:x 211
>
;x;Qx 184
>
;Qx
t213. (UC) r Sx & qSx[q is a power of two & r < q & Sx = q+r] & r

Sx
& q

Sx[q

is a power of two & r

< q

& Sx = q

+ r

] r = r

Proof. H:r:x:r

:q:q

203;q;r;q

;r

t214. (EC) rr Sx & qSx[q is a power of two & r < q & Sx = q + r]


Proof. H:x
A
208;x:q:r
A
;r;q
d215. Rx = r r Sx & qSx[q is a power of two & r < q & Sx = q + r]
t216. Sx = Qx + Rx & Qx is a power of two & Rx < Qx
Proof. H:x 211
>
;x;Qx:r 215
<
;x;r;Qx
t217. Qx = Qy & Rx = Ry x = y
Proof. H:x:y 216;x 216;y 2;x;y
t218. Qx Sx & Sx < 2 Qx & Sx Qx 2
Proof. H:x 216;x 74;Qx;Rx 166;Rx;Qx;Qx 98;Qx 156
>
;Sx;2Qx 72;2;Qx
t219. Qx = Qy & Rx = Ry x = y
Proof. H:x:y 216;x 216;y 2;x;y
t220. Sx = q + r & q is a power of two & r < q q = Qx & r = Rx
Proof. H:x:q:r 74;q;r 75;r;q 211
<
;x;q;r 215
<
;x;r;q
25. Concatenation
A bit is 0 or 1, and a string is a concatenation of bits. There is a natural bijection
from numbers to strings, as follows. For each number x, let the corresponding string be the
bits following the initial 1 in the binary representation of Sx. Using this bijection identify
numbers with strings. The number 0 corresponds to the empty string, the number 1 to
the zero bit, and the number 2 to the one bit. The concatenation of two strings is the
string consisting of the bits of the rst followed by the bits of the second, and it is dened
as follows.
25. CONCATENATION 59
d221. x y = P(Sx Qy + Ry)
Logically, but not psychologically, numbers and strings are the same thing. We have
dened concatenation, the basic operation on strings, by means of the arithmetic of num-
bers. Now we need to establish the fundamental properties of the arithmetic of strings so
that they can be used without reference to their origin in the arithmetic of numbers. The
theorems that follow and contain Q or R are lemmas from the numerical infrastructure;
the results that do not contain them are the ones that will be used later.
t222. S(x y) = Sx Qy + Ry
Proof. H:x:y 221;x;y 8;SxQy+Ry 9;SxQy;Ry 1;x 216;y 184
>
;Qy 133;Sx;Qy
As an example in binary notation, if Sx is 1 1011 and Sy is 1 0010 then Qy is 10000
and Ry is 10, so S(x y) is 1 1011 0010.
t223. r < q & r

< q

r q

+ r

< q q

Proof. H:r:q:r

:q

161;r;q:u 161;r

;q

:u

69;r;r

;u

128;r;u;r

+u

69;r;r

;u

180;u;r

;q

166;r

;uq

;rr

+ru

t224. Rx Qy + Ry < Qx Qy
Proof. H:x:y 216;x 216;y 223;Rx;Qx;Ry;Qy
t225. Q(x y) = Qx Qy & R(x y) = Rx Qy + Ry
Proof. H:x:y 222;x;y 216;x 216;y 128;Qx;Rx;Qy 68;QxQy;RxQy;Ry 194;Qx;Qy 224;x;y
220;xy;QxQy;RxQy+Ry
t226. x (y z) = (x y) z
Proof. H:x:y:z 225;y;z 225;x;y 225;x;yz 225;xy;z 70;Qx;Qy;Qz 128;RxQy;Ry;Qz 70;Rx;Qy;Qz
68;Rx(QyQz);RyQz;Rz 216;x(yz) 216;(xy)z 2;(xy)z;x(yz)
t227. (a b c) (d e) = (a b) (c d e)
Proof. H:a:b:c:d:e 226;a;b;c 226;ab;c;de
We introduce stringier notation for the empty string and the bits.
d228. = 0
d229.

0 = 1
d230.

1 = 2
The arithmetic of strings has one zero element, , and two successor functions, namely
x x

0 and x x

1. Concatenation is the string analogue of addition. We do not
yet have a string analogue of multiplication, but that will come.
t231.

0 ,= &

1 ,= &

0 ,=

1
Proof. H 228 229 230 93
t232. Q = 1 & R = 0
Proof. H 228 91 3;1 157 185 220;0;1;0
t233. Qx = 1 x =
Proof. H:x 228 91 3;1 216;x 131;Rx 156
>
;Rx;1 2;x;0
60 CHAPTER 4. ARITHMETIC
t234. x y = x = & y =
Proof. H:x:y 225;x;y 232 134;Qx;Qy 233;x 233;y
t235. Q

0 = 2 & R

0 = 0
Proof. H 229 92 220;1;2;0 3;2 185 186;1 96;2 91 156
<
;0;2 79;2 1;1
t236. Q

1 = 2 & R

1 = 1
Proof. H 230 94;2 185 96;2 220;2;2;1 186;1 91 92 156
<
;1;2 158;1
t237. x

0 ,= & x

1 ,=
Proof. H:x 225;x;

0 232 103;Qx 225;x;

1 104;0 5;2 121;1 3;1 71;1;0 235 236


t238. x

0 ,= y

1
Proof. H:x:y 225;x;

0 225;y;

1 235 236 103;Rx 103;Ry 105 106 3;Rx2 123;Ry2;1 121;Rx2


t239. x = x & x = x
Proof. H:x 225;x; 225;;x 232 96;Qx 96;Rx 97;Qx 97;Rx 3;Rx 219;x;x 219;x;x
5;Qx 72;0;Qx 71;0;Rx
t240. c = c x = x & x c = x
Proof. H:c:x 239;x
The cancellation laws for concatenation:
t241. y x = z x y = z
Proof. H:y:x:z 225;y;x 225;z;x 216;x 184
>
;Qx 150;Qx;Qy;Qz 139;RyQx;Rx;RzQx 150;Qx;Ry;Rz
219;y;z
t242. x y = x z y = z
Proof. H:x:y:z 225;x;y 225;x;z 216;x 184
>
;Qx 151;Qx;Qy;Qz 140;RxQy;Ry;Rz 219;y;z
t243.

0 ,= &

1 ,= &

0 ,=

1
Proof. H 232 235 236 93
26. String inequalities
Dene _ (shorter than) and (strictly shorter than) as follows.
d244. x _ y Qx Qy
d245. x y Qx < Qy
t246. x a = y b & x _ y b _ a
Proof. H:x:a:y:b 225;x;a 225;y;b 212;x 244
>
;x;y 175;Qx;Qa;Qy;Qb 244
<
;b;a
t247. x a = y b & x y b a
Proof. H:x:a:y:b 225;x;a 225;y;b 212;x 212;a 245
>
;x;y 176;Qx;Qa;Qy;Qb 245
<
;b;a
t248. x _ y y _ x
Proof. H:x:y 244
<
;x;y 244
<
;y;x 171;Qx;Qy
26. STRING INEQUALITIES 61
t249. x _ y y x
Proof. H:x:y 244
<
;x;y 245
<
;y;x 172;Qx;Qy
t250. x y z x z y
Proof. H:x:y:z 245
>
;x;yz 245
<
;x;zy 225;y;z 225;z;y 72;Qy;Qz
t251. _ x
Proof. H:x 244
<
;;x 232 216;x 184
>
;Qx 129;Qx
t252. x _ x =
Proof. H:x 244
>
;x; 232 216;x 184
>
;Qx 131;Qx 233;x
t253. x _ x
Proof. H:x 244
<
;x;x 80;Qx
t254. x _ y & y _ z x _ z
Proof. H:x:y:z 244
>
;x;y 244
>
;y;z 244
<
:x;z 84;Qx;Qy;Qz
t255.

0 _

1 &

1 _

0
Proof. H 244
<
;

0;

1 244
<
;

1;

0 235 236 80;2


t256. x _ y x z _ y z
Proof. H:x:y:z 244
>
;x;y 244
<
;xz;yz 225;x;z 225;y;z 89;Qx;Qy;Qz
t257. x y _ y x
Proof. H:x:y 244
<
;xy;yx 72;Qx;Qy 80;QxQy 225;x;y 225;y;x
t258. x _ y z x _ z y
Proof. H:x:y:z 256;x;y;z 257;z;x 257;y;z 254;zx;xz;yz 254;zx;yz;zy
t259. x y _ x z y _ z
Proof. H:x:y:z 244
>
;xy;xz 225;x;y 225;x;z 212;x 174;Qx;Qy;Qz 244
<
;y;z
t260. x z _ y z x _ y
Proof. H:x:z:y 257;z;x 254;zx;xz;yz 257;y;z 254;zx;yz;zy 259;z;x;y
t261. x _ x y
Proof. H:x:y 251;y 258;;y;x 239;x
t262. x _ y x
Proof. H:x:y 261;x;y 257;x;y 254;x;xy;yx
t263. x _ x

& y _ y

x y _ x

Proof. H:x:x

:y:y

256;x;x

;y 258;y;y

;x

254;xy;x

y;x

t264. x _ y x _ y z
Proof. H:x:y:z 261;y;z 254;x;y;yz
62 CHAPTER 4. ARITHMETIC
t265. x _ y x _ z y
Proof. H:x:y:z 262;y;z 254;x;y;zy
t266. x _ y x 2 Sy
Proof. H:x:y 81;x 216;x 156
>
;Rx;Qx 86;Rx;Qx;Qx 98;Qx 84;x;Sx;2Qx 244
>
;x;y 88;Qx;Qy;2
84;x;2Qx;2Qy 216;y 81;y 74;Qy;Ry 88;Qy;Sy;2 84;x;2Qy;2Sy
t267. x y x _ y
Proof. H:x:y 244
<
;x;y 216;x 216;y 172;Qx;Qy 202;Qy;Qx 166;Ry;Qy;Qy 98;Qy 178;Sy;2Qy;Qx
74;Qx;Rx 178;Sy;Qx;Sx 78;x;y 156
>
;Sy;Sx 173;Sx;Sy
t268. 0 _
Proof. H 228 80;0 253;0
t269. Px _ x
Proof. H:x 85;x 267;Px;x
t270. Sx _ x

0
Proof. H:x 216;x 216;Sx 225;x;

0 235 163;Rx;Qx 4;Qx;Rx 84;QSx;SSx;Qx2 86;SRx;Qx;Qx


98;Qx 72;Qx;2 74;QSx;RSx 244
<
;Sx;x

0
t271. x y _ (x

0) (y

0)
Proof. H:x:y 218;xy 145;x;y 84;Q(xy);S(xy);SxSy 218;x 218;y 90;Sx;Qx2;Sy;Qy2 84;Q(x
y);SxSy;(Qx2)(Qy2) 225;x;

0 225;y;

0 235 225;x

0;y

0 244
<
;xy;(x

0)(y

0)
t272. x y x + y _ (

1

0) (y

0)
Proof. H:x:y 87;x;y;y 98;y 267;x+y;2y 271;2;y 230 254;x+y;2y;(

0)(y

0)
t273. x + y _

1

0) (x

0)

1

0) (y

0)

Now we make use of t0.


Proof. H:x:y 272;x;y 272;y;x 71;x;y 171;x;y 0;(

0)(x

0):X 0;(

0)(y

0):Y 256;xy;Y ;X
258;xy;X;Y 254;x+y;X;XY 261;X;Y 265;x+y;Y ;X
27. The string predecessor
We construct a bounded function symbol Half for division by two without remainder.
d274.
274
(x) yx[x = 2 y x = S(2 y)]
t275.
274
(0)
Proof. H 274
<
;0;0 79;0 5;2
t276.
274
(x)
274
(Sx)
Proof. H:x 274
>
;x:y 274
<
;Sx;y 274
<
;Sx;Sy 78;y;x 6;2;y 92 81;x 84;y;x;Sx 94;2y 4;2y;1
91
t277.
274
(x)
Proof. H:x BI,274;x:x

275 276;x

27. THE STRING PREDECESSOR 63


t278. (UC) y x & [x = 2 y x = S(2 y)] & y

x & [x = 2 y

x = S(2 y

)] y = y

Proof. H:y:x:y

102;y 102;y

107;2y 107;2y

121;x 93 151;2;y;y

2;2y;2y

?x is even
t279. (EC) yx[x = 2 y x = S(2 y)]
Proof. H:x
A
277;x 274
>
;x:y
A
;y
d280. Half x = y y x & [x = 2 y x = S(2 y)]
t281. x is even x = 2 Half x & x = Half x 2
Proof. H:x 280
>
;x;Half x 72;Half x;2 104;Half x 121;x 94;2Half x
t282. x is odd x = 2 Half x + 1 & x = Half x 2 + 1
Proof. H:x 280
>
;x;Half x 72;Half x;2 103;Half x 121;x 94;2Half x 100
<
;x;Half x
t283. Half (2 x) = x & Half (x 2) = x
Proof. H:x 102;x 281;2x 93 72;2;x 151;2;x;Half (2x)
t284. Half (2 x + 1) = x & Half (x 2 + 1) = x
Proof. H:x 104;x 282;2x+1 72;2;x 94;2x 94;2Half (2x+1) 2;2x;2Half (2x+1) 93 151;2;x;Half
(2x+1)
t285. q is even & r < q Half r < Half q
Proof. H:q:r 281;q 280
>
;r;Half r 159;Half r;Half q 158;2Half r 179;2Half r;r;q
t286. q is a power of two & q ,= 1 Half q is a power of two & q = 2 Half q
Proof. H:q 187;q 281;q 189;q:q

93 151;2;Half q;q

We dene the string predecessor Chop, which deletes the last bit (if any).
d287. Chop x = P(Half Qx + Half Rx)
t288. Chop =
Proof. H 228 287; 232 280
<
;1;0 79;1 5;2 91 280
<
;0;0 79;0 3;0 7
t289. x ,= S Chop x = Half Qx + Half Rx
Proof. H:x 287;x 0;Half Qx:q 0;Half Rx:r 8;q+r 9;q;r 5;2 91 233;x 280
>
;Qx;0 216;x
184
>
;Qx
t290. x ,= QChop x = Half Qx & RChop x = Half Rx
Proof. H:x 289;x 216;x 233;x 286;Qx 187;Qx 285;Qx;Rx 220;Chop x;Half Qx;Half Rx
t291. Chop (x

0) = x
Proof. H:x 237;x 290;x

0 225;x;

0 235 283;Qx 283;Rx 3;Rx2 217;x;Chop (x

0)
t292. Chop (x

1) = x
Proof. H:x 237;x 290;x

1 225;x;

1 236 283;Qx 284;Rx 217;x;Chop (x

1)
t293. Chop

0 = & Chop

1 =
Proof. H 291; 292; 239;

0 239;

1
64 CHAPTER 4. ARITHMETIC
t294. x ,= x = Chop x

0 x = Chop x

1
Proof. H:x 290;x 225;Chop x;

0 225;Chop x;

1 235 236 3;Half Rx2 281;Rx 282;Rx 113;Rx


281;Qx 216;x 233;x 187;Qx 217;x;Chop x

0 217;x;Chop x

1
t295. x ,=

0 _ x &

1 _ x
Proof. H:x 294;x 262;

0;Chop x 262;

1;Chop x 255 254;

0;

1;x 254;

1;

0;x ?

0x
t296. y ,= Chop (x y) = x Chop y
Proof. H:y:x 294;y 226;x;Chop y;

0 226;x;Chop y;

1 291;xChop y 292;xChop y
t297. x ,= & y ,= & x _ y Chop x _ Chop y
Proof. H:x:y 244
>
;x;y 294;x 294;y 225;Chop x;

0 225;Chop x;

1 225;Chop y;

0 225;Chop y;

1
235 236 160;QChop x;QChop y 244
<
;Chop x;Chop y ?x=Chop x

1
t298. x _ y Chop x _ Chop y
Proof. H:x:y 297;x;y 288 251;Chop y 252;x ?x=
28. The second relativization schema
Introduce the denition schema
dBSI1. sind

() & x[(x) (x

0) & (x

1)]
We say that is string inductive in a theory T in case
T
sind

.
dBSI2.
(0)
(x) y[y _ x (y)]
Under the hypothesis that is string inductive (stated even when not necessary) we
show that
(0)
is stronger than and is not only string inductive but hereditary for _.
tBSI3. sind

[
(0)
(x) (x)]
Let y = x in dBSI2.
Proof. H:x BSI2
>
;x;x 253;x
tBSI4. sind


(0)
()
If y _ then y = , and we have () since is string inductive.
Proof. H BSI1
>
BSI2
<
;:y 252;y
tBSI5. sind

[
(0)
(x)
(0)
(x

0)]
Suppose
(0)
(x) and y _ x

0. We need to show that (y). But Chop y _ x, so
(Chop y) since
(0)
(x). If y = the result holds since is string inductive. Otherwise,
y = Chop y

0 or y = Chop y

1. In either case we have the result since is string
inductive.
Proof. H:x BSI2
<
;x

0:y BSI2
>
;x;Chop y 298;y;x

0 291;x BSI1
>
;Chop y 294;y
tBSI6. sind

[
(0)
(x)
(0)
(x

1)]
The proof is entirely similar.
Proof. H:x BSI2
<
;x

1:y BSI2
>
;x;Chop y 298;y;x

1 292;x BSI1
>
;Chop y 294;y
28. THE SECOND RELATIVIZATION SCHEMA 65
tBSI7. sind

[
(0)
(x) & u _ x
(0)
(u)]
Suppose
(0)
(x) and u _ x and y _ u. We need to show that (y). But y _ x, so the
result holds since
(0)
(x).
Proof. H:x:u BSI2
<
;u:y 254;y;u;x BSI2
>
;x;y
Dene
dBSI8.
(1)
(x) y[
(0)
(y)
(0)
(y x)]
Under the hypothesis that is string inductive, we show that
(1)
is stronger than
(0)
(and consequently stronger than ), is string inductive and hereditary for _, and re-
spects . The proof makes essential use of t226, the associativity of .
tBSI9. sind

[
(1)
(x)
(0)
(x)]
Let y = in dBSI8. (We have
(0)
() by tBSI4.)
Proof. H:x BSI8
>
;x; BSI4 239;x
tBSI10. sind


(1)
()
This is just the statement that
(0)
(y)
(0)
(y ).
Proof. H BSI8
<
;:y 239;y
tBSI11. sind

[
(1)
(x)
(1)
(x

0)]
Suppose
(1)
(x) and
(0)
(y). We need to show that
(0)

y (x

0)

; i.e.,
(0)

(y
x)

0

. We have
(0)
(y x) since
(1)
(x), so the result holds by tBSI5.
Proof. H:x BSI8
<
;x

0:y 226;y;x;

0 BSI8
>
;x;y BSI5;yx
tBSI12. sind

[
(1)
(x)
(1)
(x

1)]
The proof is entirely similar.
Proof. H:x BSI8
<
;x

1:y 226;y;x;

1 BSI8
>
;x;y BSI6;yx
tBSI13. sind

[
(1)
(x) & u _ x
(1)
(u)]
Suppose
(1)
(x) and u _ x and
(0)
(y). We need to show that
(0)
(y + u). But
y + u y + x and we have
(0)
(y + x) since
(1)
(x), so the result holds by tBSI7.
Proof. H:x:u BSI8
<
;u:y BSI8
>
;x;y 258;u;x;y BSI7;yx;yu
tBSI14. sind

[
(1)
(x
1
) &
(1)
(x
2
)
(1)
(x
1
x
2
)]
Suppose
(1)
(x
1
) and
(1)
(x
2
) and
(0)
(y). We need to show that
(0)

y (x
1
x
2
)

.
We have
(0)
(y x
1
) since
(1)
(x
1
), and so
(0)

(y x
1
) x
2

since
(1)
(x
2
). Thus the
result holds by the associativity of concatenation.
Proof. H:x
1
:x
2
BSI8
<
;x
1
x
2
:y 226;y;x
1
;x
2
BSI8
>
;x
1
;y BSI8
>
;x
2
;yx
1
Now we prove that () & x

[(x

) (x



0) & (x



1)] (x) is itself string
inductive.
66 CHAPTER 4. ARITHMETIC
tBSI23. () & x

[(x

) (x



0) & (x



1)] ()
Proof. H
tBSI24. () & y[(y) (y

0) & (y

1)] (x) ()
& z[(z) (z

0) & (z

1)] (x

0)
Proof. H:x:y
A A
;x
A
;y
tBSI25. () & x

[(x

) (x



0) & (x



1)] (x) ()
& x

[(x

) (x



0) & (x



1)] (x

1)
Proof. H:x:x
A A
;x
A
;x

Let (x) be of the form x


1
. . . x

B where B is bounded for _ and x


1
, . . . , x

are
the free variables of B other than x; call such a essentially bounded for _. Note that by
t266 and t267, being bounded for is the same as being bounded for _, and by t268t271
and t273, the function symbols of Q are bounded for _. Therefore is a relativizer over Q.
The same holds for a unary predicate symbol with dening axiom (x) x
1
. . . x

B
where B is as above.
Adjoin the axiom schema of linearly bounded string induction (LBSI):
aBSI. () & x

[(x

) (x



0) & (x



1)] (x)
where is essentially bounded for _. We call this LBSI because we do not yet have a
string multiplication; later it will be extended to polynomially bounded string induction
(PBSI). This theory schema is locally relativizable in Q
0
. Let Q

0
be this theory schema;
it is string theory.
29. Comparing strings
Now we discuss the notion of a string ending with another string.
d299. x ends with c ax[x = a c]
t300. x ends with
Proof. H:x 299
<
;x;;x 253;x 239;x
t301. ends with c c =
Proof. H:c 299
>
;;c:a 252;a 239;c
t302. x ends with c Chop x ends with Chop c
Proof. H:x:c 299
>
;x;c:a 296;c;a 299
<
;Chop x;Chop c;a 288 300;Chop x 261;a;Chop c ?c=
t303. x y ends with y
Proof. H:x:y 299
<
;xy;y;x 261;x;y
t304. x ends with c x y ends with c y
Proof. H:x:c:y 299
>
;x;c:a 299
<
;xy;cy;a 226;a;c;y 264;a;x;y
t305. x ends with y & y ends with z x ends with z
Proof. H:x:y:z 299
>
;x;y:a 299
>
;y;z:b 226;a;b;z 303;ab;z
29. COMPARING STRINGS 67
t306. [x ends with

0 c & x ends with

1 c]
Proof. H:x:c 299
>
;x;

0c:a 299
>
;x;

1c:a

226;a;

0;c 226;a

1;c 241;a

0;c;a

1 238;a;a

Next we discuss strings of equal length.


d307. x y x _ y & y _ x
This is an equivalence relation.
t308. x x
Proof. H:x 307
<
;x;x 253;x
t309. x y y x
Proof. H:x:y 307
>
;x;y 307
<
;y;x
t310. x y & y z x z
Proof. H:x:y:z 307
>
;x;y 307
>
;y;z 307
<
;x;z 254;x;y;z 254;z;y;x
t311. x y Qx = Qy
Proof. H:x:y ? xy 307
>
;x;y 244
>
;x;y 244
>
;y;x 173;Qx;Qy 80;Qx 244
<
;x;y 244
<
;y;x 307
<
;x;y
t312. x y x _ y & x y
Proof. H:x:y ? xy 245
>
;x;y 311;x;y 244
<
;x;y 156
>
;Qx;Qy 156
<
;Qx;Qy 244
>
;x;y 245
<
;x;y
t313. x x =
Proof. H:x 307
>
;x; 252;x
t314. x y x z y z
Proof. H:x:y:z 307
>
;x;y 307
<
;xz;yz 256;x;y;z 256;y;x;z
t315. x y z x z y
Proof. H:x:y:z 307
>
;x;y 307
<
;zx;zy 258;x;y;z 258;y;x;z
t316. x x

& y y

x y x

Proof. H:x:x

:y:y

307
>
;x;x

307
>
;y;y

307
<
;xy;x

263;x;x

;y;y

263;x

;x;y

;y
t317. x y y x
Proof. H:x:y 307
<
;xy;yx 257;x;y 257;y;x
t318. x
1
x
2
& x
1
y x
2
z y z
Proof. H:x
1
:x
2
:y:z 311;x
1
;x
2
311;x
1
y;x
2
z 311;y;z 225;x
1
;y 225;x
2
;z 211
>
;x
1
;Qx
1
184
>
;Qx
1
151;Qx
1
;Qy;Qz
t319. x = a y c & x y a = & c =
Proof. H:x:a:y:c 225;y;c 225;a;yc 212;x 311;x;y 154;Qx;Qa;Qc 233;a 233;c
t320. x y & y _ z x _ z
Proof. H:x:y:z 311;x;y 244
>
;y;z 244
<
;x;z
t321. x _ y & y z x _ z
Proof. H:x:y:z 244
>
;x;y 311;y;z 244
<
;x;z
68 CHAPTER 4. ARITHMETIC
t322. x y Chop x Chop y
Proof. H:x:y 307
>
;x;y 298;x;y 298;y;x 307
<
;Chop x;Chop y
t323. x y

0 x y

1 x ,=
Proof. H:x:y 309;;y

0 309;;y

1 313;y

0 313;y

1 234;y;

0 234;y;

1 243
t324.

0

1 &

1

0
Proof. H 307
<
;

0;

1 307
<
;

1;

0 255
t325. x ,= Chop x

0 x & Chop x

1 x
Proof. H:x 294;x 308;x 324 308;Chop x 316;Chop x;Chop x;

1;

0 316;Chop x;Chop x;

0;

1 ?x=Chop
x

0
Concatenation is associative by t226, respects equivalence classes by t316, and is
commutative on equivalence classes by t317. Thus there is no conceptual diculty in
proving that a concatenation of strings is equivalent to the concatenation of any re-ordering
of the strings, with any association. There are 24 ways of ordering 4 distinct variables,
and each concatenation can be associated in 4 dierent ways. Hence there are 9576 trivial
theorems asserting that each pair is equivalent under . Here is one that will be needed.
t326. (x y) (a b) (x a) (y b)
Proof. H:x:y:a:b 226;y;a;b 317;y;a 314;ya;ay;b 315;(ya)b;(ay)b;x 226;x;ay;b 226;x;a;y
226;xa;y;b 226;x;y;ab
d327.
327
(x) aby[a x = b y & x y a = b & x = y]
t328.
327
()
Proof. H 327
<
;:a:b:y 239;a 309;;y 313;y 239;b
t329.
327
(x)
327
(x

0)
Proof. H:x 327
<
;x

0:a:b:y 327
>
;x;a;b;Chop y 237;x 313;x

0 296;y;b 291;x 291;ax 294;y 322;x

0;y 226;a;x;

0 226;b;Chop y;

1 238;ax;bChop y
t330.
327
(x)
327
(x

1)
Proof. H:x 327
<
;x

1:a:b:y 327
>
;x;a;b;Chop y 237;x 313;x

1 296;y;b 292;x 292;ax 294;y 322;x

1;y 226;a;x;

1 226;b;Chop y;

0 238;bChop y;ax
t331.
327
(x)
Proof. H:x BSI,327;x:x

328 329;x

330;x

t332. a x = b y & x y a = b & x = y


Proof. H:a:x:b:y 331;x 327
>
;x;a;b;y
t333. a x = b y & a b a = b & x = y
Proof. H:a:x:b:y 311;a;b 212;a 225;a;x 225;b;y 151;Qa;Qx;Qy 311;x;y 332;a;x;b;y
The construction of strings via numbers gave easy access to the rightmost bit, enabling
the denition of the string predecessor Chop. This is a predecessor from the right, but
now we can construct a string predecessor Chip from the left, which deletes the leftmost
bit, if any.
29. COMPARING STRINGS 69
t334.

0 x ,=

1 y
Proof. H:x:y 324 333;

0;x;

1;y 243
d335.
335
(x) x ,= yx[x =

0 y x =

1 y]
t336.
335
()
Proof. H 335
<
;
t337.
335
(x)
335
(x

0)
Proof. H:x 335
<
;x

0
A
335
>
;x:y ?x=
A
; 251;

0 239;

0
A
;y

0 256;y;x;

0 226;

0;y;

0 226;

1;y;

0
t338.
335
(x)
335
(x

1)
Proof. H:x 335
<
;x

1
A
335
>
;x:y ?x=
A
; 251;

1 239;

1
A
;y

1 256;y;x;

1 226;

0;y;

1 226;

1;y;

1
t339.
335
(x)
Proof. H:x BSI,335;x:x

336 337;x

338;x

t340. x ,= yx[x =

0 y x =

1 y]
Proof. H:x
A
339;x 335
>
;x:y
A
;y
t341. (UC) y
1
_ x & [x = y
1
= ] & [x ,= x =

0 y
1
x =

1 y
1
]
& y
2
_ x & [x = y
2
= ] & [x ,= x =

0 y
2
x =

1 y
2
]
y
1
= y
2
Proof. H:y
1
:x:y
2
334;y
1
;y
2
334;y
2
;y
1
?x= 242;

0;y
1
;y
2
242;

1;y
1
;y
2
?x=

0y
1
t342. (EC) yx[x = y = ] & [x ,= x =

0 y x =

1 y]
Proof. H:x
A
?x=
A
; 251; 340;x:y
A
;y
d343. Chip x = y y _ x & [x = y = ] & [x ,= x =

0 y
x =

1 y]
t344. x ,= x =

0 Chip x x =

1 Chip x
Proof. H:x 343
>
;x;Chip x
t345. Chip =
Proof. H 343
>
;;Chip
t346. Chip (

0 x) = x & Chip (

1 x) = x
Proof. H:x 343
<
;

0x;x 343
<
;

1x;x 262;x;

0 234;

0;x 262;x;

1 234;

1;x 243
t347. x ,= Chip (x y) = Chip x y
Proof. H:x:y 344;x 226;

0;Chip x;y 226;

1;Chip x;y 346;Chip xy


t348. y Chip Chip y
Proof. H:y 345 309;;y 313;y
t349.

0 x

y x

Chip y
Proof. H:x

:y 313;

0x

234;

0;x

243 344;y 318;

0;

0;x

;Chip y 318;

0;

1;x

;Chip y 308;

0 324
70 CHAPTER 4. ARITHMETIC
t350.

1 x

y x

Chip y
Proof. H:x

:y 313;

1x

234;

1;x

243 344;y 318;

1;

1;x

;Chip y 318;

1;

0;x

;Chip y 308;

1 324
t351. x y Chip x Chip y
Proof. H:x:y 348;y 344;x 349;Chip x;y 350;Chip x;y
We shall construct bounded binary function symbols Tail and Head so that we have
x = Head(x, y) Tail(x, y) and if y _ x then Tail(x, y) y.
d352. tail(x, y, z) y z & x ends with z
t353. tail(x, y, z) & tail(x, y, w) z = w
Proof. H:x:y:z:w 352
>
;x;y;z 352
>
;x;y;w 299
>
;x;z:a 299
>
;x;w:b 309;y;z 310;z;y;w 332;a;z;b;w
d354.
354
(x) yxzx[tail(x, y, z)]
t355.
354
()
Proof. H 354
<
;:y; 252;y 308; 300; 352
<
;;y;
t356.
354
(x)
354
(x

0)
Proof. H:x 354
<
;x

0:y
A
291;x 298;y;x

0 354
>
;x;Chop y:z
A
;z

0 352
>
;x;Chop y;z
253;

0 263;z;x;

0;

0 304;x;z;

0 352
<
;x

0;y;z

0 314;Chop y;z;

0 325;y
A
; 308; 251;x

0 300;x

0
352
<
;x

0;; 309;Chop y

0;y 310;y;Chop y

0;z

0
t357.
354
(x)
354
(x

1)
Proof. H:x 354
<
;x

1:y
A
292;x 298;y;x

1 354
>
;x;Chop y:z
A
;z

1 352
>
;x;Chop y;z
253;

1 263;z;x;

1;

1 304;x;z;

1 352
<
;x

1;y;z

1 314;Chop y;z;

1 325;y
A
; 308; 251;x

1 300;x

1
352
<
;x

1;; 309;Chop y

1;y 310;y;Chop y

1;z

1
t358.
354
(x)
Proof. H:x BSI,354;x:x

355; 356;x

357;x

t359. yxzx[tail(x, y, z)]


Proof. H:x:y
A
358;x 354
>
;x;y:z
A
;z
t360. (UC) z _ x & [y _ x tail(x, y, z)] & [ y _ x z = x] & z

_ x
& [y _ x tail(x, y, z

)] & [ y _ x z

= x] z = z

Proof. H:z:x:y:z

?yx 353;x;y;z;z

t361. (EC) zz _ x & [y _ x tail(x, y, z)] & [ y _ x z = x]


Proof. H:x:y
A A
;x 253;x 359;x;y:z
A
;z
d362. Tail(x, y) = z z _ x & [y _ x tail(x, y, z)] & [ y _ x z = x]
t363. (UC) a _ x & x = aTail(x, y) & a

_ x & x = a

Tail(x, y) a = a

Proof. H:a:x:y:a

241;a;Tail(x,y);a

t364. (EC) a[a _ x & x = a Tail(x, y)]


Proof. H:x:y
A
362
>
;x;y;Tail(x,y) 299
>
;x;Tail(x,y):a 352
>
;x;y;Tail(x,y)
A
;a
A
; 239;x 251;x
d365. Head(x, y) = a a _ x & x = a Tail(x, y)
30. SUBSTRINGS 71
t366. x = Head(x, y) Tail(x, y) & [y _ x y Tail(x, y)] & [ y _ x
x = Tail(x, y) & Head(x, y) = ]
Proof. H:x:y 365
>
;x;y;Head(x,y) 362
>
;x;y;Tail(x,y) 352
>
;x;y;Tail(x,y) 239;Tail(x,y) 241;;Tail(x,y)
;Head(x,y) ?yx
t367. y _ x jk[x = j k & k y]
Proof. H:y:x
A
359;x;y:k 352
>
;x;y;k 309;y;k 299
>
;x;k:j
A
;j;k
t368. x _ y a[a x y]
Proof. H:x:y;Head(y,x) 366;y;x 315;x;Tail(y,x);Head(y,x)
t369. x y a[a x y & a ,= ]
Proof. H:x:y
A
312;x;y 368;x;y:a
A
;a 239;x
Suppose that a string is partitioned in two dierent ways, say as x a and as y b.
Then one of the two ending strings, say b, will be shorter than the other. Then there is a
common renement of the two partitions: there exists j such that the string can be written
as x j b.
t370. x a = y b & b _ a j[y = x j & a = j b]
Proof. H:x:a:y:b
A
367;b;a:j:k
A
;j 226;x;j;k 332;xj;k;y;b
t371. x a = y b & b a j[y = x j & a = j b & j ,= ]
Proof. H:x:a:y:b
A
312;b;a 370;x;a;y;b:j
A
;j 239;b 308;b
t372. x x _ y y x _ y
Proof. H:x:y 225;x;x 225;y;y 244
>
;xx;yy 182;Qx;Qy 244
<
;x;y
In informal discussions and examples we frequently omit the dots over the bits and
the concatenation sign . For example, we write 011 for

0

1

1, and since inx symbols
are associated from right to left, the latter is parsed as

0 (

1

1).
30. Substrings
We shall study various questions related to substrings.
d373. x is a substring of y aycy[a x c = y]
t374. x is a substring of a x c
Proof. H:x:a:c 373
<
;x;axc;a;c 261;a;xc 226;a;x;c 262;c;ax
t375. x is a substring of y z x is a substring of y & x is a substring of z
Proof. H:x:y:z 373
>
;x;y:a:c 374;x;a;cz 226;a;xc;z 226;x;c;z 373
>
;x;z:a

:c

374;x;ya

;c

226;y;a

;xc

t376. x is a substring of x =
Proof. H:x 373
>
;x;:a:c 234;a;xc 234;x;c
t377. x is a substring of Chop y x is a substring of y
Proof. H:x:y 294;y 375;x;Chop y;

0 375;x;Chop y;

1 288
72 CHAPTER 4. ARITHMETIC
t378. x is a substring of x
Proof. H:x 374;x;; 239;x 239;x
d379.
379
(x) y[

1 is a substring of x &

1 is a substring of y & x y
x = y]
t380.
379
()
Proof. H 379
<
;:y 309;;y 313;y
t381.
379
(x)
379
(x

0)
Proof. H:x 379
<
;x

0:y 322;x

0;y 291;x 379


>
;x;Chop y 375;

1;x;

0 377;

1;y 294;y 378;

1 375;

1;Chop
y;

1 313;x

0 237;x
t382.
379
(x)
379
(x

1)
Proof. H:x 379
<
;x

1 378;

1 375;

1;x;

1
t383.
379
(x)
Proof. H:x BSI,379;x:x

380 381;x

382;x

d384.
384
(x) yx[x y &

1 is a substring of y]
t385.
384
()
Proof. H 384
<
;; 251; 308; 376;

1 231
31. Quoting strings
The ability to quote strings is basic to combinatorics. We shall quote a string by
doubling all its bits. Thus 001111 quotes 011.
We want to say that X doubles x in case it is obtained from x by replacing each 0
by 00 and each 1 by 11. We do not yet have the means to express this directly in our
theory, so we characterize the notion indirectly.
d386. X doubles x X x x & cxCXC c c & [x ends with

0 c
X ends with

0

0 C] & [x ends with

1 c X ends with

1

1 C]
[ x [
[ [0[ c [
[ X [
[ [00[ C [
If x ends with 0c, we know the position of this bit in x, and since C is twice as long
as c it marks the corresponding position for doubling 0 in X, and similarly for 1c. We need
to prove that the X doubling x exists and is unique, and both of these will be accomplished
by bounded string induction.
31. QUOTING STRINGS 73
t387. doubles
Proof. H 239; 251; 308; 386
<
;;:c; 252;c 239;

0 239;

1 301;

0 301;

1 231
t388. X doubles X =
Proof. H:X 386
>
;X; 239; 313;X
t389. doubles x x =
Proof. H:x 386
>
;;x 309;;xx 313;xx 234;x;x
t390. X x x X b b (x b) (x b)
Proof. H:X:x:b 314;X;xx;bb 326;x;x;b;b 310;Xbb;(xx)(bb);(xb)(xb)
t391. c ,= Chop c

0 c
Proof. H:c 294;c 308;c 324 315;

1;

0;Chop c 309;c;Chop c

0
t392. c ,= Chop c

1 c
Proof. H:c 294;c 308;c 324 315;

0;

1;Chop c 309;c;Chop c

1
t393. c ,= & C Chop c Chop c C

0

0 c c
Proof. H:c:C 390;C;Chop c;

0 391;c 316;Chop c

0;c;Chop c

0;c 310;C

0;(Chop c

0)(Chop
c

0);cc
t394. c ,= & C Chop c Chop c C

1

1 c c
Proof. H:c:C 390;C;Chop c;

1 392;c 316;Chop c

1;c;Chop c

1;c 310;C

1;(Chop c

1)(Chop
c

1);cc
t395. X doubles x X

0

0 doubles x

0
Suppose not; then there is a c that gives a counterexample. Since X doubles x, there
is a C that works for X and Chop c. If c = , let the C for X00 be , and otherwise let it
be C00. Treat the case that x0 ends with 0c separately.
Proof. H:X:x 386
<
;X

0;x

0:c
A
386
>
;X;x;Chop c:C 390;X;x;

0
A
;
A
;C

0 261;X;

0
254;C;X;X

0 288 239; 307


>
;C; 252;C 239;

0 313;C 256;C;X;

0 303;x;

0 303;X;

0 306;x

0;
306;x

0;c 393;c;C 302;x

0;

0c 291;x 296;c;

0 304;X;

0C;

0 226;

0;

0;C

0 302;x

0;

1c
296;c;

1 304;X;

1C;

0 226;

1;

1;C 226;

1;C;

0 226;

1;

1;C

0 227;

0;

0;C;

0;

0 298;c;x

0 ?c=
? x

0 ends with

0c
t396. X doubles x X

1

1 doubles x

1
Proof. H:X:x 386
<
;X

1;x

1:c
A
386
>
;X;x;Chop c:C 390;X;x;

1
A
;
A
;C

1 261;X;

1
254;C;X;X

1 288 239; 307


>
;C; 252;C 239;

1 313;C 256;C;X;

1 303;x;

1 303;X;

1 306;x

1;
306;x

1;c 394;c;C 302;x

1;

1c 292;x 296;c;

1 304;X;

1C;

1 226;

1;

1;C

1 302;x

1;

0c
296;c;

0 304;X;

0C;

1 226;

0;

0;C 226;

0;C;

1 226;

0;

0;C

1 227;

1;

1;C;

1;

1 298;c;x

1 ?c=
? x

1 ends with

1c
t397. X (x

0) (x

0) Chop Chop X x x
Proof. H:X:x 326;x;x;

0;

0 309;(xx)(

0);(x

0)(x

0) 310;X;(x

0)(x

0);(xx)(

0) 226;x
x;

0;

0 322;X;((xx)

0)

0 291;((xx)

0) 322;Chop X;(xx)

0 291;(xx)
t398. X (x

1) (x

1) Chop Chop X x x
Proof. H:X:x 326;x;x;

1;

1 309;(xx)(

1);(x

1)(x

1) 310;X;(x

1)(x

1);(xx)(

1) 226;x
x;

1;

1 322;X;((xx)

1)

1 292;((xx)

1) 322;Chop X;(xx)

1 292;(xx)
74 CHAPTER 4. ARITHMETIC
t399. X doubles x

0 Chop Chop X doubles x
Proof. H:X:x 386
<
;Chop Chop X;x:c
A
386
>
;X;x

0;c

0:C
A
;Chop Chop C 253;

0 263;c;x;

0;

0 298;C;X
298;Chop C;Chop X 397;X;x 326;c;

0;c;

0 226;cc;

0;

0 291;(cc)

0 322;C;((cc)

0)

0 291;cc 322;Chop
C;(cc)

0 310;C;(c

0)(c

0);((cc)

0)

0 323;C;(cc)

0 323;Chop C;cc ? x ends with



0c 304;x;

0
c;

0 226;

0;c;

0 226;

0;

0;C 302;X;(

0)C 296;C;

0 296;Chop C;

0 306;x;c 302;Chop X;(

0)Chop
C 226;

0;

0;Chop Chop C 304;x;

1c;

0 226;

1;c;

0 226;

1;

1;C 302;X;(

1)C 296;C;

1 296;Chop
C;

1 302;Chop X;(

1)Chop C 226;

1;

1;Chop Chop C
t400. X doubles x

1 Chop Chop X doubles x
Proof. H:X:x 386
<
;Chop Chop X;x:c
A
386
>
;X;x

1;c

1:C
A
;Chop Chop C 253;

1 263;c;x;

1;

1 298;C;X
298;Chop C;Chop X 398;X;x 326;c;

1;c;

1 226;cc;

1;

1 292;(cc)

1 322;C;((cc)

1)

1 292;cc 322;Chop
C;(cc)

1 310;C;(c

1)(c

1);((cc)

1)

1 323;C;(cc)

1 323;Chop C;cc ? x ends with



1c 304;x;

1
c;

1 226;

1;c;

1 226;

1;

1;C 302;X;(

1)C 296;C;

1 296;Chop C;

1 306;x;c 302;Chop X;(

1)Chop
C 226;

1;

1;Chop Chop C 304;x;

0c;

1 226;

0;c;

1 226;

0;

0;C 302;X;(

0)C 296;C;

0 296;Chop
C;

0 302;Chop X;(

0)Chop C 226;

0;

0;Chop Chop C
t401. X doubles x

0 X = Chop Chop X

0

0
Proof. H:X:x 386
>
;X;x

0;:C 251;x

0 239; 313;C 239;

0 303;x;

0 299
>
;X;

0:a 226;a;

0;

0 291;a

0 291;a
t402. X doubles x

1 X = Chop Chop X

1

1
Proof. H:X:x 386
>
;X;x

1;:C 251;x

1 239; 313;C 239;

1 303;x;

1 299
>
;X;

1:a 226;a;

1;

1 292;a

1 292;a
t403. X doubles x Chop Chop X doubles Chop x
Proof. H:X:x 388;X 288 294;x 399;X;Chop x 400;X;Chop x
d404.
404
(x) Xy[X doubles x & X doubles y x = y]
t405.
404
()
Proof. H 404
<
;:X:y 388;X 389;y
t406.
404
(x)
404
(x

0)
Proof. H:x 404
<
;x

0:X:y 291;x 403;X;x

0 403;X;y 404
>
;x;Chop Chop X;Chop y 294;y 388;X 389;x

0 401;X;x 402;X;Chop y 226;Chop Chop X;

0;

0 226;Chop Chop X;

1;

1 238;Chop Chop X

0;Chop
Chop X

1
t407.
404
(x)
404
(x

1)
Proof. H:x 404
<
;x

1:X:y 292;x 403;X;x

1 403;X;y 404
>
;x;Chop Chop X;Chop y 294;y 388;X 389;x

1 402;X;x 401;X;Chop y 226;Chop Chop X;

1;

1 226;Chop Chop X;

0;

0 238;Chop Chop X

0;Chop
Chop X

1
t408.
404
(x)
Proof. H:x BSI,404;x:x

405; 406;x

407;x

t409. X doubles x & X doubles y x = y


Proof. H:X:x:y 408;x 404
>
;x;X;y
d410.
410
(x) Xx x[X doubles x]
t411.
410
(x)
Proof. H:x BSI,410;x:x

410
<
;; 239; 387 251; 410
>
;x

:X

395;X

;x

410
<
;x

0;X

0 386
>
;X

0;x

0 307
>
;X

0;(x

0)(x

0) 396;X

;x

410
<
;x

1;X

1 386
>
;X

1;x

1 307
>
;X

1;(x

1)(x

1)
31. QUOTING STRINGS 75
d412.
412
(x) XY [X doubles x & Y doubles x X = Y ]
t413.
412
(x)
Proof. H:x BSI,412;x:x

?
412
() 412
<
;:X:Y 388;X 388;Y ?
412
(x

0) 412
<
;x

0:X

:Y

399;X

;x

399;Y

;x

412
>
;x

;Chop Chop X

;Chop Chop Y

401;X

;x

401;Y

;x

412
<
;x

1:X

:Y

400;X

;x

400;Y

;x

412
>
;x

;Chop Chop X

;Chop Chop Y

402;X

;x

402;Y

;x

t414. (UC) X _ x x & X doubles x & Y _ x & Y doubles x X = Y


Proof. H:X:x:Y 413;x 412
>
;x;X;Y
t415. (EC) Xx x[X doubles x]
Proof. H:x
A
411;x 410
>
;x:X
A
;X
d416. Double x = X X _ x x & X doubles x
t417. X doubles x X = Double x
Proof. H:X:x 386
>
;X;x 307
>
;X;xx 416
<
;x;X
t418. x _ y Double x _ Double y
Proof. H:x:y 416
>
;x;Double x 416
>
;y;Double y 386
>
;Double y;y 263;x;y;x;y 307
>
;Double
y;yy 254;Double x;xx;yy 254;Double x;yy;Double y
t419. x _ Double x
Proof. H:x 416
>
;x;Double x 386
>
;Double x;x 261;x;x 309;Double x;xx 321;x;xx;Double x
We introduce notation for the strings of length two. This gives us an expanded
alphabet of four characters.
d420. o =

0

0
d421. =

1

1
d422. , =

0

1
d423. : =

1

0
t424. o ,= & o ,= , & o ,= : & ,= , & ,= : & , ,= :
Proof. H 420 421 422 423 238;

0;

0 238;

0;

1 238;

1;

0 238;

1;

1 291;

0 291;

1 292;

0 292;

1 231
t425. Double = & Double (x

0) = Double x o & Double (x

1) = Double
x
Proof. H:x 387 417;; 416
>
;x;Double x 395;Double x;x 420 417;Double xo;x

0 396;Double
x;x 421 417;Double x;x

1
t426. Double x = Double y x = y
Proof. H:x:y 416
>
;x;Double x 416
>
;y;Double y 409;Double x;x;y
76 CHAPTER 4. ARITHMETIC
32. Strings of even length
Strings of even length are concatenations of the characters o , :.
d427. x has even length ax[x a a]
The bound holds automatically.
t428. x a a x has even length
Proof. H;x;a 427
<
;x;a 261;a;a 307
>
;x;aa 254;a;aa;x
t429. Double x has even length
Proof. H:x 416
>
;x;Double x 386
>
;Double x;x 428;Double x;x
t430. has even length
Proof. H 428;; 239; 308;
t431. x has even length & y x y has even length
Proof. H:x:y 427
>
;x:a 310;y;x;aa 428;y;a
t432. x has even length & y has even length x y has even length
Proof. H:x:y 427
>
;x:a 427
>
;y:b 326;a;a;b;b 427
<
;xy;ab 263;a;x;b;y 316;x;aa;y;bb 310;x
y;(aa)(bb);(ab)(ab)
d433. m has length two m = o m = m = , m = :
t434. m has length two m o
Proof. H:m 433
>
;m 420 421 422 423 324 308;

0 316;

0;

0;

0;

0 316;

0;

0;

1;

0 316;

1;

0;

0;

0 316;

1;

0;

1;

0
t435. has length two
Proof. H: 420 309;;o 313;o 434; 231 234;

0;

0
t436. m has length two & n has length two m n
Proof. H:m:n 434;m 434;n 309;n;o 310;m;o;n
t437. m has length two m has even length
Proof. H:m 434;m 420 428;m;

0
t438.

0 has even length
Proof. H 427
>
;

0:a 239; 313;

0 243 296;a;a 322;

0;aa 293 313;aChop a 309;;aChop


a 234;a;Chop a
t439.

1 has even length
Proof. H 427
>
;

1:a 239; 313;

1 243 296;a;a 322;

1;aa 293 313;aChop a 309;;aChop


a 234;a;Chop a
t440. x has even length & x ,= Chop x ,=
Proof. H:x 294;x 239;

0 239;

1 438 439
32. STRINGS OF EVEN LENGTH 77
t441. x has even length & x ,= m[m has length two & x = Chop Chop
x m]
Proof. H:x
A
420 421 422 423 433
<
;o 433
<
; 433
<
;, 433
<
;: 440;x 294;x 294;Chop x 226;Chop
Chop x;

0;

0 226;Chop Chop x;

0;

1 226;Chop Chop x;

1;

0 226;Chop Chop x;

1;

1
A
;o
A
;
A
;,
A
;: ?x=Chop
x

0
t442. x has even length & x ,= & m has length two m _ x
Proof. H:x:m 441;x:n 262;n;Chop Chop x 436;m;n 320;m;n;x
t443. x has even length Chop Chop x has even length
Proof. H:x 427
>
;x:a ?a= 239; 313;x 288 428;; 322;x;aa 296;a;a 309;a;Chop a 310;Chop
x;aChop a;Chop aa 322;Chop x;Chop aa 296;a;Chop a 428;Chop Chop x;Chop a 317;a;Chop a
t444. x has even length Chip Chip x has even length
Proof. H:x 427
>
;x:a ?a= 239; 313;x 345 351;x;aa 347;a;a 310;Chip x;Chip aa;aChip
a 351;Chip x;aChip a 347;a;Chip a 428;Chip Chip x;Chip a 317;Chip a;a
t445. m has length two m ,= & Chop m ,= & Chop Chop m =
Proof. H:m 433
>
;m 420 421 422 423 ?m= 237;

0 237;

1 437;m 440;m 291;

0 291;

1 292;

0 292;

1 293
t446. x has even length & x ,= Chip x ,=
Proof. H:x 344;x 239;

0 239;

1 438 439
t447. m has length two m ,= & Chip m ,= & Chip Chip m =
Proof. H:m 433
>
;m 420 421 422 423 445;m 437;m 446;m 346;

0 346;

1 346; 239;

0 239;

1
t448. x has even length & x y has even length y has even length
There exist a and b such that x a a and x y b b. Hence a a _ b b,
so a _ b by t372. By t368 there exists c such that a c = b. Therefore (a a) y
(a c) (a c) (a a) (c c). Cancel a a by t318 to conclude that y c c.
Proof. H:x:y 427
>
;x:a 427
>
;xy:b 309;x;aa 261;x;y 320;aa;x;xy 321;aa;xy;bb 372;a;b
368;a;b:c 317;a;c 310;ac;ca;b 310;xy;bb;(aa)(cc) 314;x;aa;y 309;xy;(aa)y 310;(aa)
y;xy;(aa)(cc) 309;ac;b 316;b;ac;b;ac 326;a;c;a;c 310;bb;(ac)(ac);(aa)(cc) 308;a
a 318;aa;aa;y;cc 428;y;c
t449. y has even length & x y has even length x has even length
Proof. H:y:x 317;x;y 431;xy;yx 309;xy;yx 448;y;x
t450. x has even length & y has even length & m has length two & x y
mx _ y
Proof. H:x:y:m 369;x;y:a 431;y;ax 449;x;a 442;a;m 256;m;a;x 307
>
;ax;y 254;mx;ax;y
t451. x has even length & a has even length & y has even length & b has even
length & xa = yb & b a j[j has even length & y = xj & a = j b
& j ,= & Chop j ,= & Chip j ,= ]
Note that by t247 the hypothesis b a can be replaced by x y.
Proof. H:x:a:y:b
A
371;x;a;y;b:j
A
;j 448;x;j 440;j 446;j
78 CHAPTER 4. ARITHMETIC
d452. even-appearance(a, x, c, y) a has even length & x has even length & c
has even length & y = a x c
d453. x appears evenly in y aycy[even-appearance(a, x, c, y)]
In the expanded alphabet of the four characters o , : a concatenation of them appears
evenly in another if and only if it is visible there when one forgets the denition of these
characters as concatenations of two bits. For example, , which is 11, appears evenly in
oo, which is 001100, but ,, which is 01, does not.
t454. even-appearance(a, x, c, y) x appears evenly in y & y has even length
Proof. H:a:x:c:y 453
<
;x;y;a;c 452
>
;a;x;c;y 261;a;xc 226;a;x;c 262;c;ax 432;x;c 432;a;xc
t455. x appears evenly in y x _ y & x has even length
Proof. H:x:y 453
>
;x;y:a:c 452
>
;a;x;c;y 261;x;c 262;xc;a 254;x;xc;y
t456. x appears evenly in y & z has even length x appears evenly in y z
Proof. H:x:y:z 453
>
;x;y:a:c 452
>
;a;x;c;y 261;y;z 254;a;y;yz 256;c;y;z 453
<
;x;yz;a;c
z 432;c;z 452
<
;a;x;cz;yz 226;x;c;z 226;a;xc;z
t457. x appears evenly in y & z has even length x appears evenly in z y
Proof. H:x:y:z 453
>
;x;y:a:c 452
>
;a;x;c;y 262;y;z 258;a;y;z 254;c;y;zy 453
<
;x;zy;za;c 432;z;a452
<
;z
a;x;c;zy 226;z;a;xc
Suppose that x has even length and z appears evenly in x y (so that z and y also
have even length). Then there are three cases: z appears evenly in x, or z appears evenly
in y, or z straddles x and y, meaning that it has non-empty even length overlap with the
end of x and with the beginning of y. The last case is impossible if z has length two.
t458. x has even length & even-appearance(a, z, c, x y) & y _ c z appears
evenly in x
[ x [ y [
[ a [ z [ c [
[ j [
Proof. H:x:a:z:c:y 452
>
;a;z;c;xy 454;a;z;c;xy 226;a;z;c 370;az;c;x;y:j 449;y;j 454;a;z;j;x 226;a;z;j
452
<
;a;z;j;x 448;x;y
t459. x has even length & even-appearance(a, z, c, x y) & x _ a z appears
evenly in y
[ x [ y [
[ a [ z [ c [
[ j [
Proof. H:x:a:z:c:y 452
>
;a;z;c;xy 432;z;c 432;a;zc 448;x;y 308;xy 246;x;y;a;zc 370;x;y;a;z
c:j 449;zc;j 452
<
;j;z;c;y 454;j;z;c;y
32. STRINGS OF EVEN LENGTH 79
t460. x has even length & even-appearance(a, z, c, x y) & c y & a x
jk[z = j k & j has even length & j ,= & k has even length & k ,=
& x = a j & y = k c]
[ x [ y [
[ a [ z [ c [
[ j [ k [
Proof. H:x:a:z:c:y
A
452
>
;a;z;c;xy 226;a;z;c 371;x;y;az;c:k 247;a;z;x;k 371;a;z;x;k:j
A
;j;k 448;a;j
432;a;z 448;x;k
t461. x has even length & z appears evenly in xy z appears evenly in x z
appears evenly in y jkac[even-appearance(a, z, c, xy) & z = j k & j has
even length & j ,= & k has even length & k ,= & x = a j & y = k c]
Proof. H:x:z:y
A
453
>
;z;xy:a:c 458;x;a;z;c;y 459;x;a;z;c;y 460;x;a;z;c;y:j:k
A
;j;k;a;c 249;y;c 249;x;a
t462. x has even length & m has length two & m appears evenly in x y m
appears evenly in x m appears evenly in y
Proof. H:x:m:y 461:x;m;y:j:k 440;k 445;m 296;k;j 296;Chop k;j 234;j;Chop Chop k
t463. m has length two & n has length two & m appears evenly in n m = n
Proof. H:m:n 453
>
:m;n:a:c 452
>
;a;m;c;n 436;n;m 319;n;a;m;c 239;m
t464. m has length two & n has length two & m appears evenly in x n m
appears evenly in x m = n
Proof. H:m:n:x 453
>
;m;xn:a:c 452
>
;a;m;c;xn 437;n 432;m;c 432;a;mc 449;n;x 462;x;m;n 463;m;n
d465.
465
(x) m[m has length two & m appears evenly in Double x m = o
m = ]
t466.
465
()
Proof. H 465
<
;:m 425 455;m; 252;m 435
t467.
465
(x)
465
(x

0)
Proof. H:x 465
<
;x

0:m 425;x 464;m;o;Double x 433


<
;o 465
>
;x;m
t468.
465
(x)
465
(x

1)
Proof. H:x 465
<
;x

1:m 425;x 464;m;;Double x 433


<
; 465
>
;x;m
t469.
465
(x)
Proof. H:x BSI,465;x:x

466; 467;x

468;x

t470. m has length two & m appears evenly in Double x m = o m =


Proof. H:m:x 469;x 465
>
;x;m 435;m
t471. , appears evenly in Double x & : appears evenly in Double x
Proof. H:x 433
<
;, 433
<
;: 470;,;x 470;:;x 424
80 CHAPTER 4. ARITHMETIC
33. Lists
A list is similar to a non-empty nite sequence, but without the indexing by numbers.
d472. L is a list L has even length & L ends with ,
t473. L is a list L ,=
Proof. H:L 472
>
;L 301;, 447;, 433
<
;,
t474. L
1
is a list & L
2
is a list L
1
L
2
is a list
Proof. H:L
1
:L
2
472
>
;L
1
472
>
;L
2
239;L
1
239;L
2
432;L
1
;L
2
303;L
1
;L
2
305;L
1
L
2
;L
2
;, 472
<
;L
1
L
2
d475. x is listed in L L is a list & x has even length & , appears evenly in
x & , x , appears evenly in , L
For example, oo: and and , and only these, are listed in oo:,,,oo:,.
We shall prove that if x is listed in L
1
L
2
, where L
1
and L
2
are lists, then x is listed
in L
1
or in L
2
.
t476. L
1
is a list & L
2
is a list & , appears evenly in x & even-appearance(a, ,
x ,, c, , L
1
L
2
) & L
2
_ c x is listed in L
1
Proof. H:L
1
:L
2
:x:a:c 472
>
;L
1
433
<
;, 437;, 432;,;L
1
452
>
;a;,x,;c;,L
1
L
2
226;,;L
1
;L
2
448;,;x
, 449;,;x 458;,L
1
;a;,x,;c;L
2
475
<
;x;L
1
t477. L ends with , L = Chop Chop L ,
Proof. H:L 422 299
>
;L;

1:a 226;a;

0;

1 292;a

0 291;a
t478. L
1
is a list & L
2
is a list & , appears evenly in x & even-appearance(a, ,
x ,, c, , L
1
L
2
) & L
1
_ a x is listed in L
2
Proof. H:L
1
:L
2
:x:a:c 472
>
;L
1
477;L
1
226;Chop Chop L
1
;,;L
2
226;,;Chop Chop L
1
;,L
2
317;,;Chop Chop L
1
431;L
1
;,Chop Chop L
1
320;,Chop Chop L
1
;L
1
;a 459;,Chop Chop L
1
;a;,
x,;c;,L
2
452
>
;a;,x,;c;,L
1
L
2
448;,;x, 449;,;x 433
<
;, 437;, 475
<
;x;L
2
t479. k has even length & k ,= Chop Chop (x k) = x Chop Chop k
Proof. H:k:x 440;k 296;k;x 296;Chop k;x
t480. j has even length & j ,= Chip Chip (j x) = Chip Chip j x
Proof. H:j:x 446;j 347;j;x 347;Chip j;x
t481. j has even length & j ,= & k has even length & k ,= Chip Chip
Chop Chop (j x k) = Chip Chip j x Chop Chop k
Proof. H:j:k:x 226;j;x;k 479;k;jx 226;j;x;Chop Chop k 480;j;xChop Chop k
t482. Chop Chop (x ,) = x
Proof. H:x 433
<
;, 445;, 296;,;x 296;Chop ,;x 239;x
t483. Chip Chip (, x) = x
Proof. H:x 433
<
;, 447;, 347;,;x 347;Chip ,;x 239;x
t484. Chip Chip Chop Chop (, x ,) = x
Proof. H:x 226;,;x;, 482;,x 483;x
33. LISTS 81
t485. j has even length & j ,= & k has even length & k ,= & j,k = ,x,
, appears evenly in x
Proof. H:j:k:x 481;j;k;, 484;x 443;k 444;j 433
<
;, 437;, 452
<
;Chip Chip j;,;Chop Chop
k;x 454;Chip Chip j;,;Chop Chop k;x
t486. L
1
is a list & L
2
is a list & even-appearance(a, , x ,, c, , L
1
L
2
)
& c L
2
k[k has even length & k ,= & L
2
= k c]
Proof. H:L
1
:L
2
:a:x:c
A
452
>
;a;,x,;c;,L
1
L
2
472
>
;L
1
433
<
;, 437;, 432;,;L
1
226;,;L
1
;L
2
226;a;,
x,;c 472
>
;L
2
432;a;,x, 451;,L
1
;L
2
;a,x,;c:k
A
;k
t487. L
1
is a list & L
2
is a list & even-appearance(a, , x ,, c, , L
1
L
2
)
& a L
1
j[j has even length & j ,= & , Chop Chop L
1
= a j]
Proof. H:L
1
:L
2
:a:x:c
A
451;a;(,x,)c;,Chop Chop L
1
;,L
2
:j
A
;j 452
>
;a;,x,;c;,L
1
L
2
432;,
x,;c 433
<
;, 437;, 472
>
;L
1
472
>
;L
2
432;,;L
2
477;L
1
443;L
1
432;,;Chop Chop L
1
226;Chop Chop
L
1
;,;L
2
226;,;Chop Chop L
1
;,L
2
250;a;Chop Chop L
1
;, 247;a;(,x,)c;,Chop Chop L
1
;,L
2
If , does not appears evenly in x, then x cannot straddle two lists.
t488. L
1
is a list & L
2
is a list & even-appearance(a, ,x,, c, ,L
1
L
2
) & ,
appears evenly in x L
1
_ a L
2
_ c
If not, we would have an impossible situation:
[ a [, x ,[ c [
[,[ Chop Chop L
1
[,[ L
2
[
[ j [,[ k [
Proof. H:L
1
:L
2
:a:x:c 249;L
1
;a 249;L
2
;c 452
>
;a;,x,;c;,L
1
L
2
486;L
1
;L
2
;a;x;c:k 487;L
1
;L
2
;a;x;c:j
472
>
;L
1
477;L
1
226;Chop Chop L
1
;,;L
2
226;,;Chop Chop L
1
;,L
2
226;,Chop Chop L
1
;,;L
2
226;(a
j),;k;c 226;a;,x,;c 241;a,x,;c;((aj),)k 226;a;j;, 226;a;j,;k 242;a;,x,;(j,)k
226;j;,;k 485;j;k;x
t489. L
1
is a list & L
2
is a list & x is listed in L
1
L
2
x is listed in L
1
x
is listed in L
2
Proof. H:L
1
:L
2
:x 475
>
;x;L
1
L
2
453
>
;,x,;,L
1
L
2
:a:c 452
>
;a;,x,;c;,L
1
L
2
488;L
1
;L
2
;a;x;c
476;L
1
;L
2
;x;a;c 478;L
1
;L
2
;x;a;c
t490. x is listed in L
1
& L
2
is a list x is listed in L
1
L
2
Proof. H:x:L
1
:L
2
474;L
1
;L
2
475
>
;x;L
1
472
>
;L
2
456;,x,;,L
1
;L
2
226;,;L
1
;L
2
475
<
;x;L
1
L
2
t491. L
1
is a list & x is listed in L
2
x is listed in L
1
L
2
Proof. H:L
1
;x;L
2
475
<
;x;L
1
L
2
475
>
;x;L
2
472
>
;L
1
474;L
1
;L
2
477;L
1
443;L
1
433
<
;, 437;, 0;Chop
Chop L
1
:C 432;,;C 457;,x,;,L
2
;,C 226;,;C;,L
2
226;C;,;L
2
t492. x is listed in L x _ L
Proof. H:x:L 475
>
;x;L 455;,x,;,L 259;,;x,;L 261;x;, 254;x;x,;L
Lists of a single element:
82 CHAPTER 4. ARITHMETIC
t493. x has even length & , appears evenly in x x is listed in x ,
Proof. H:x 475
<
;x;x, 432;x;, 433
<
;, 437;, 303;x;, 472
<
;x, 432;,;x, 430 452
<
;;,
x,;;,x, 454;;,x,;;,x, 239;,x,
t494. y has even length & x has even length & , y , appears evenly in , x
, appears evenly in x
Proof. H:y:x 453
>
;,y,;,x:a:c 452
>
;a;,y,;c;,x 433
<
;, 437;, 480;a;(,y,)c 226;,;y
,;c 454;Chip Chip a;,;(y,)c;x 452
<
;Chip Chip a;,;(y,)c;x 444;a 432;y;, 432;y,;c 239;(,
y,)c 483;x 242;,;x;(y,)c 226;y;,;c 452
<
;y;,;c;x 454;y;,;c;x
t495. x has even length & , appears evenly in x & y is listed in x, y = x
Proof. H:x:y 475
>
;y;x, 453
>
;,y,;,x,:a:c 452
>
;a;,y,;c;,x, 226;,;x;, 226;a;,
y,;c 479;c;a,y, 482;,x 443;c 226;a;,y,;Chop Chop c 452
<
;a;,y,;Chop Chop c;,
x 433
<
;, 437;, 454;a;,y,;Chop Chop c;,x 494;y;x 226;,;y;, 226;a;,y;, 241;,x;,;a,
y 480;a;,y 483;x 444;a 452
<
;Chip Chip a;,;y;x 454;Chip Chip a;,;y;x 239;,x, 242;,;x,;y
, 241;x;,;y 240;c;,y, 240;a;,y,
34. Functions
First we introduce ordered pairs.
d496. Pair(x, y) = Double x : Double y
t497. Pair(x, y) _ (x x) : (y y)
Proof. H:x:y 496;x;y 416
>
;x;Double x 416
>
;y;Double y 258;Double y;yy;: 258;:Double
y;:yy;Double x 254;Pair(x,y);Double x:yy;(xx):yy 256;Double x;xx;:yy
t498. Pair(x, y) = Pair(x

, y

) Double y

_ Double y
Proof. H:x:y:x

:y

496;x;y 496;x

;y

429;x 429;y 429;x

429;y

433
<
;: 437;: 452
<
;Double
x

;:;Double y

;Pair(x,y) 249;Double y

;Double y 450;Double y;Double y

;: 458;Double x;Double x

;:;Double
y

;:Double y 471;x
t499. Pair(x, y) = Pair(x

, y

) x = x

& y = y

Proof. H:x:y:x

:y

498;x;y;x

;y

498;x

;y

;x;y 307
<
;Double y;Double y

496;x;y 496;x

;y

226;Double
x;:;Double y 226;Double x

;:;Double y

332;Double x:;Double y;Double x

:;Double y

426;y;y

308;:
332;Double x;:;Double x

;: 426;x;x

t500. x _ Pair(x, y) & y _ Pair(x, y)


Proof. H:x:y 496;x;y 419;x 261;Double x;:Double y 254;x;Double x;Pair(x,y) 419;y 226;Double
x;:;Double y 262;Double y;Double x: 254;y;Double y;Pair(x,y)
t501. x _ x

& y _ y

Pair(x, y) _ Pair(x

, y

)
Proof. H:x:x

:y:y

496;x;y 496;x

;y

418;x;x

418;y;y

256;Double x;Double x

;: 263;Double
x:;Double x

:;Double y;Double y

226;Double x;:;Double y 226;Double x

;:;Double y

d502. z is an ordered pair xzyz[z = Pair(x, y)]


t503. Pair(x, y) is an ordered pair
Proof. H:x:y 502
<
;Pair(x,y);x;y 500;x;y
We shall dene
1
z to be the projection onto the rst component of the ordered pair z.
Function symbols must be everywhere dened. If z is not an ordered pair, we choose z as
default value. Note that if z is an ordered pair,
1
z ,= z. In general it seems good, when
the argument does not meet the condition in which we are interested, to assign as default
value one that cannot be obtained legitimately.
34. FUNCTIONS 83
t504. (UC) x _ z & z is an ordered pair yz[z = Pair(x, y)] & z is an
ordered pair x = z & x

_ z & z is an ordered pair y

z[z = Pair(x

, y

)]
& z is an ordered pair x

= z x = x

Proof. H:x:z:x

:y:y

499;x;y;x

;y

?z is an ordered pair
t505. (EC) x

x _ z & z is an ordered pair yz[z = Pair(x, y)] & z is


an ordered pair x = z

Proof. H:z
A A
;z 253;z 502
>
;z:x:y
A
;x;y
d506.
1
z = x x _ z & z is an ordered pair yz[z = Pair(x, y)]
& z is an ordered pair x = z
The construction of
2
is entirely similar.
t507. (UC) y _ z & z is an ordered pair xz[z = Pair(x, y)] & z is an
ordered pair y = z & y

_ z & z is an ordered pair x

z[z = Pair(x

, y

)]
& z is an ordered pair y

= z y = y

Proof. H:y:z:y

:x:x

499;x;y;x

;y

?z is an ordered pair
t508. (EC) y

y _ z & z is an ordered pair xz[z = Pair(x, y)] & z is


an ordered pair y = z

Proof. H:z
A A
;z 253;z 502
>
;z:x:y
A
;y;x
d509.
2
z = y y _ z & z is an ordered pair xz[z = Pair(x, y)]
& z is an ordered pair y = z
t510.
1
Pair(x, y) = x &
2
Pair(x, y) = y
Proof. H:x:y 506
<
;Pair(x,y);x;y 500;x;y 509
<
;Pair(x,y);y;x
d511. L is a list of ordered pairs L is a list & zL[z is listed in L z is
an ordered pair]
t512. L is a list of ordered pairs & z is listed in L z is an ordered pair
Proof. H:L:z 511
>
;L;z 492;z;L
t513. L
1
is a list of ordered pairs & L
2
is a list of ordered pairs L
1
L
2
is a list
of ordered pairs
Proof. H:L
1
:L
2
511
<
;L
1
L
2
:z 511
>
;L
1
511
>
;L
2
474;L
1
;L
2
489;L
1
;L
2
;z 512;L
1
;z 512;L
2
;z
d514. f is a function list f is a list of ordered pairs & zfz

f[z is listed in
f & z

is listed in f &
1
z =
1
z

z = z

]
t515. f is a function list & z is listed in f & z

is listed in f &
1
z =
1
z

z = z

Proof. H:f:z:z

514
>
;f;z;z

492;z;f 492;z

;f
We call f a function list, rather than a function, since two function lists may have the
same ordered pairs listed, in a dierent order, without being equal. But function lists will
play the role of functions quite adequately.
84 CHAPTER 4. ARITHMETIC
d516. x is in the domain of f f is a function list & yf[Pair(x, y) is listed in f]
t517. x is in the domain of f x _ f
Proof. H:x:f 516
>
;x;f;y 492;Pair(x,y);f 496;x;y 419;x 261;Double x;:Double y 254;x;Double
x;Pair(x,y) 254;x;Pair(x,y);f
t518. x is in the domain of f & Pair(x, y) is listed in f & Pair(x, y

) is listed in f
y = y

Proof. H:x:f:y:y

516
>
;x;f 514
>
;f;Pair(x,y);Pair(x,y

) 510;x;y 510;x;y

492;Pair(x,y);f 492;Pair(x,y

);f
499;x;y;x;y

t519. (UC) y _ f & [x is in the domain of f Pair(x, y) is listed in f] & [ x is


in the domain of f y = f] & y

_ f & [x is in the domain of f Pair(x, y

)
is listed in f] & [ x is in the domain of f y

= f] y = y

Proof. H:y:f:x:y

499;x;y;x;y

518;x;f;y;y

?x is in the domain of f
t520. (EC) yy _ f & [x is in the domain of f Pair(x, y) is listed in f] & [ x
is in the domain of f y = f]
Proof. H:f:x
A A
;f 253;f 516
>
;x;f:y
A
;y
d521. f x = y y _ f & [x is in the domain of f Pair(x, y) is listed in f]
& [ x is in the domain of f y = f]
The inx symbol is very tightly binding, so for example 2 f x 2 is parsed as
2

(f x) 2

.
t522. , appears evenly in Pair(x, y)
Proof. H:x:y 496;x;y 429;x 433
<
;, 462;Double x;,;:Double y 471;x 433
<
;: 437;: 462;:;,;Double
y 471;y 463;,;: 424
t523. Pair(x, y) has even length
Proof. H:x:y 496;x;y 429;x 429;y 433
<
;: 437;: 432;:;Double y 432;Double x;:Double y
t524. z is listed in Pair(x, y) , z = Pair(x, y)
Proof. H:z:x:y 523;x;y 522;x;y 495;Pair(x,y);z
t525. Pair(x, y) , is a list of ordered pairs
Proof. H:x:y 523;x;y 511
<
;Pair(x,y),:z 524;z;x;y 503;x;y 472
<
;Pair(x,y), 432;Pair(x,y);,
303;Pair(x,y);, 433
<
;, 437;,
t526. Pair(x, y) , is a function list
Proof. H:x:y 514
<
;Pair(x,y),:z:w 524;z;x;y 524;w;x;y 525;x;y
t527. x is in the domain of Pair(x, y) , & y _ Pair(x, y) , & Pair(x, y) is listed
in Pair(x, y) ,
Proof. H:x:y 526;x;y 516
<
;x;Pair(x,y),;y 523;x;y 493;Pair(x,y) 522;x;y 500;x;y 261;Pair(x,y);,
254;y;Pair(x,y);Pair(x,y),
t528.

Pair(x, y) ,

x = y
Proof. H:x:y 527;x;y 521
<
;Pair(x,y),;x;y
35. STRINGS OF ZEROS 85
t529. u is in the domain of Pair(x, y) , u = x
Proof. H:u:x:y 516
>
;u;Pair(x,y),:v 522;x;y 523;x;y 495;Pair(x,y);Pair(u,v) 510;x;y 510;u;v
t530. f is a function list & z is listed in f
1
z is in the domain of f
Proof. H:f:z 514
>
;f 512;f;z 502
>
;z:x:y 510;x;y 516
<
;x;f;y 492;z;f 254;y;z;f
Extensions of functions by one ordered pair:
t531. f is a function list & x is in the domain of f f Pair(x, y) , is a
function list
Proof. H:f:x:y 0;Pair(x,y),:g 514
<
;fg:z:z

514
>
;f;z;z

514
>
;g;z;z

526;x;y 513;f;g 511


>
;f 511
>
;g
489;f;g;z 489;f;g;z

? z is listed in f 515;f;z;z

524;z

;x;y 510;x;y 530;f;z 524;z;x;y 530;f;z

t532. f is a function list & x is in the domain of f & u is in the domain of


f Pair(x, y) , u is in the domain of f u = x
Proof. H:f:x:u:y 0;Pair(x,y),:g 516
>
;u;fg:v 514
>
;f 514
>
;g 511
>
;f 511
>
;g 526;x;y
489;f;g;Pair(u,v) 524;Pair(u,v);x;y 499;u;v;x;y 516
<
;u;f;v 492;Pair(u,v);f 500;u;v 254;v;Pair(u,v);f
t533. u is in the domain of f & x is in the domain of f u is in the domain of
f Pair(x, y) ,
Proof. H:u:f:x:y 0;Pair(x,y),:g 531;f;x;y 516
>
;u;f:v 525;x;y 511
>
;g 490;Pair(u,v);f;g 516
<
;u;f
g;v 492;Pair(u,v);fg 500;u;v 254;v;Pair(u,v);fg
t534. u is in the domain of f & x is in the domain of f

f Pair(x, y),

u =
f u
Proof. H:u:f:x:y 0;Pair(x,y),:g 526;x;y 514
>
;g 511
>
;g 533;u;f;x;y 521
>
;f;u;f u 261;f;g 254;f u;f;f
g 490;Pair(u,f u);f;g 521
<
;fg;u;f u
t535. f is a function list & x is in the domain of f x is in the domain of
f Pair(x, y) ,
Proof. H:f:x:y 0;Pair(x,y),:g 531;f;x;y 527;x;y 514
>
;f 511
>
;f 491;f;Pair(x,y);g 516
<
;x;f
g;y 262;g;f 254;y;g;fg
t536. f is a function list & x is in the domain of f

f Pair(x, y) ,

x = y
Proof. H:f:x:y 0;Pair(x,y),:g 535;f;x;y 262;g;f 254;y;g;fg 521
<
;fg;x;y 527;x;y 514
>
;f
511
>
;f 491;f;Pair(x,y);g
35. Strings of zeros
Let x and y be strings all of whose bits are zero. Then so is x y, and x y = y x.
t537.

1 is a substring of x

1 is a substring of x

0
Proof. H:x 373
>
;

1;x

0:a:c 226;a;

1;c 239;a

1 238;x;a 296;c;a

1 291;x 226;a;

1;Chop c 374;

1;a;Chop
c
t538.

1 is a substring of

0
Proof. H 537; 376;

1 231 239;

0
d539.
539
(y) x[

1 is a substring of x &

1 is a substring of y

1 is a
substring of x y]
86 CHAPTER 4. ARITHMETIC
t540.
539
()
Proof. H 539
<
;:x 239;x
t541.
539
(y)
539
(y

0)
Proof. H:y 539
<
;y

0:x 226;x;y;

0 375;

1;y;

0 539
>
;y;x 537;xy
t542.
539
(y)
539
(y

1)
Proof. H:y 539
<
;y

1:x 374;

1;y; 239;

1
t543.
539
(y)
Proof. H:y BSI,539;y:y

540; 541;y

542;y

t544.

1 is a substring of x &

1 is a substring of y

1 is a substring of x y
Proof. H:x:y 543;y 539
>
;y;x
d545.
545
(x)

1 is a substring of x

0 x = x

0
t546.
545
()
Proof. H 545
<
; 239;

0
t547.
545
(x)
545
(x

0)
Proof. H:x 545
<
;x

0 375;

1;x;

0 545
>
;x 226;

0;x;

0
t548.
545
(x)
545
(x

1)
Proof. H:x 545
<
;x

1 374;

1;x; 239;

1
t549.
545
(x)
Proof. H:x BSI,545;x:x

546; 547;x

548;x

t550.

1 is a substring of x

0 x = x

0
Proof. H:x 549;x 545
>
;x
d551.
551
(x) y[

1 is a substring of x &

1 is a substring of y xy = yx]
t552.
551
()
Proof. H 551
<
;:y 239;y
t553.
551
(x)
551
(x

0)
Proof. H:x 551
<
;x

0:y 375;

1;x;

0 551
>
;x;y 226;y;x;

0 550;xy 226;

0;x;y 550;x 544;x;y


t554.
551
(x)
551
(x

1)
Proof. H:x 551
<
;x

1 374;

1;x; 239;

1
t555.
551
(x)
Proof. H:x BSI,551;x:x

552 553;x

554;x

t556.

1 is a substring of x &

1 is a substring of y x y = y x
Proof. H:x:y 555;x 551
>
;x;y
35. STRINGS OF ZEROS 87
d557.
557
(x)

1 is a substring of x y

1 is a substring of y & x _ y
zy[

1 is a substring of z & x z = y]
t558.
557
()
Proof. H 557
<
;:y;y 253;y 239;y 376;

1 231
t559.
557
(x)
557
(x

0)
Proof. H:x 557
<
;x

0:y
A
291;x 298;x

0;y 377;

1;y 557
>
;x;Chop y:w
A
;w 252;x

0 234;x;

0 231 294;y
378;

1 375;

1;Chop y;

1 226;x;w;

0 538 556;w;

0 226;x;

0;w 375;

1;x;

0 262;w;x

0
t560.
557
(x)
557
(x

1)
Proof. H:x 557
<
;x

1 378;

1 375;

1;x;

1
t561.
557
(x)
Proof. H:x BSI,557;x:x

558 559;x

560;x

t562.

1 is a substring of x &

1 is a substring of y & x _ y zy[

1 is a
substring of z & x z = y]
Proof. H:x:y
A
561;x 557
>
;x;y;z
A
;z
Splitting strings of zeros:
If x is a string of zeros, there is a unique y such that x = yy or x = yy0, and we say
that x splits evenly or oddly accordingly.
d563.
563
(x)

1 is a substring of x yx[x = y y x = y y

0]
t564.
563
()
Proof. H 563
<
;; 239; 251;
t565.
563
(x)
563
(x

0)
Proof. H:x 563
<
;x

0
A
375;

1;x;

0 563
>
;x:y
A
;y 226;y;y;

0 261;x;

0 254;y;x;x

0
A
;y

0 256;y;x;

0 538 556;y;

0 226;y;

0;y 226;y

0;y;

0 375;

1;y;y

0
t566.
563
(x)
563
(x

1)
Proof. H:x 563
<
;x

1 374;

1;x; 239;

1
t567.
563
(x)
Proof. H:x BSI,563;x:x

564 565;x

566;x

t568.

1 is a substring of x yx[x = y y x = y y

0]
Proof. H:x
A
567;x 563
>
;x:y
A
;y
t569. x x is even x is even
Proof. H:x 113;x 126;x;x 121;xx
t570. x x 2 = y y y is even
Proof. H:x:y 70;x;x;2 103;xx 569;y
t571. x x 2 = y y x is even
Proof. H:x:y 570;x;y 100
>
;y:z 70;x;x;2 72;2;z 70;z2;z;2 93 150;2;xx;zz2 70;z;2;z 570;z;x
88 CHAPTER 4. ARITHMETIC
t572. z Sx & z ,= 0 & z = 2 w w x & w ,= 0
Proof. H:z:x:w 97;z 91 92 93 158;S0 176;1;z;2;w 178;w;z;Sx 162;w;x 5;2
d573.
573
(x) zy [z x & z ,= 0 & z z 2 = y y]
t574.
573
(0)
Proof. H 573
<
;0:z:y 82;z
t575.
573
(x)
573
(Sx)
Proof. H:x 573
<
;Sx:z:y 571;z;y 100
>
;z:w 570;z;y 100
>
;y:t 572;z;x;w 72;2;t 70;t2;t;2 70;2w;2
w;2 93 150;2;(2w)(2w);(t2)t 72;2;w 70;w2;w;2 70;t;2;t 70;t;t;2 150;2;(w2)w;tt 70;w;2;w 573
>
;x;w;t
t576.
573
(x)
Proof. H:x BI,573;x:x

574 575;x

t577. x ,= 0 x x 2 ,= y y
Proof. H:x:y 576;x 573
>
;x;x;y 80;x
We have just given the classical proof that

2 is irrational. This has the consequence
that a string of zeros cannot split both oddly and evenly.
t578. y y

0 ,= z z
Proof. H:y:z 225;y;y

0 225;y;

0 225;z;z 212;y 235 577;Qy;Qz


t579. y y = z z y = z
Proof. H:y:z 225;y;y 225;z;z 183;Qy;Qz 152;Ry;Qy;Rz 217;y;z
t580. [x = y y x = y y

0] & [x = z z x = z z

0] y = z
Proof. H:x:y:z ?x=yy 578;z;y 578;y;z 226;y;y;

0 226;z;z;

0 241;yy;

0;zz 579;y;z
t581. (UC) y _ x &

1 is a substring of x [x = yy x = yy

0] &

1
is a substring of x y = & y

_ x &

1 is a substring of x [x = y

x = y



0] &

1 is a substring of x y

= y = y

Proof. H:y:x:y

580;x;y;y

?

1 is a substring of x ?x=yy
t582. (EC) y

y _ x &

1 is a substring of x [x = y y x = y y

0]
&

1 is a substring of x y =

Proof. H:x
A
568;x:y
A
;y
A
; 251;x
d583. Hx = y y _ x &

1 is a substring of x [x = yy x = yy

0]
&

1 is a substring of x y =
The notation H is for half, not to be confused with the Half of d280.
t584.

1 is a substring of x

1 is a substring of Hx
Proof. H:x 583
>
;x;Hx 375;

1;Hx;Hx 375;

1;Hx;Hx

0
t585. H =
Proof. H 583
<
;; 251; 239;
35. STRINGS OF ZEROS 89
t586. Hx _ x &

1 is a substring of Hx
Proof. H:x 583
>
;x;Hx 376;

1 231 375;

1;Hx;Hx 375;

1;Hx;Hx

0
t587. Hx Hx _ x
Proof. H:x 583
>
;x;Hx 239; 251;x 253;x 253;Hx 261;Hx;

0 263;Hx;Hx;Hx;Hx

0
t588. x ,= Hx

0 _ x
Proof. H:x 295;x 239;

0 295;Hx 258;

0;Hx;Hx 587;x 254;Hx

0;HxHx;x
t589. Hx _ x &

1 is a substring of Hx
Proof. H:x 583
>
;x;Hx 376;

1 231 375;

1;Hx;Hx 375;

1;Hx;Hx

0
t590. z _ x

0 Hz _ x
Proof. H:z:x 587;z 254;HzHz;z;x

0 295;Hz 258;

0;Hz;x 254;HzHz;x

0;xHz 260;Hz;Hz;x 251;x


t591. z _ x

1 Hz _ x
Proof. H:z:x 590;z;x 255 258;

1;

0;x 254;z;x

1;x

0
t592.

1 is a substring of x & x = Hx Hx H(x

0) = Hx & x

0 =
H(x

0) H(x

0)

0
Proof. H:x 537;x 583
>
;x

0;H(x

0) 226;Hx;Hx;

0 580;x

0;Hx;H(x

0) ?H(x

0)=Hx
In this proof we wrote x

0 = (HxHx)

0 = HxHx

0 and used the uniqueness
theorem t580 to obtain the result.
In the next proof, we write x

0 = (Hx Hx

0)

0 and then use t556, the
commutativity of concatenation on strings of zeros, to rewrite this as (Hx

0 Hx)

0.
After two re-associations we use t580 again to obtain the result.
t593.

1 is a substring of x & x = Hx Hx

0 H(x

0) = Hx

0
& x

0 = H(x

0) H(x

0)
Proof. H:x 537;x 583
>
;x

0;H(x

0) 586;x 538 556;Hx;

0 226;Hx;

0;Hx 226;Hx

0;Hx;

0 580;x

0;Hx

0;H(x

0) ?H(x

0)=Hx

0
Changing all bits to zero:
For every string x there is a unique string of zeros z = Zx such that x z.
t594.

1 is a substring of z &

1 is a substring of z

& z z

z = z

Proof. H:z:z

383;z 379
>
;z;z

d595.
595
(x) zx[

1 is a substring of z & x z]
t596.
595
()
Proof. H 595
<
;; 251; 376;

1 231 308;
t597.
595
(x)
595
(x

0)
Proof. H:x 595
>
;x:z 595
<
;x

0;z

0 256;z;x;

0 537;z 314;x;z;

0
t598.
595
(x)
595
(x

1)
Proof. H:x 595
>
;x:z 595
<
;x

1;z

0 255 263;z;x;

0;

1 537;z 324 316;x;z;

1;

0
90 CHAPTER 4. ARITHMETIC
t599.
595
(x)
Proof. H:x BSI,595;x:x

596 597;x

598;x

t600. (UC) z _ x &



1 is a substring of z & x z & z

_ x &

1 is a
substring of z

& x z

z = z

Proof. H:z:x:z

309;x;z 310;z;x;z

594;z;z

t601. (EC) z[z _ x &



1 is a substring of z & x z]
Proof. H:x
A
599;x 595
>
;x:z
A
;z
d602. Zx = z z _ x &

1 is a substring of z & x z
t603. x y Zx = Zy
Proof. H:x:y 602
>
;x;Zx 602
>
;y;Zy 309;x;Zx 310;Zx;x;y 310;Zx;y;Zy 594;Zx;Zy
t604. x _ y Zx _ Zy
Proof. H:x:y 602
>
;x;Zx 602
>
;y;Zy 309;x;Zx 321;x;y;Zy 320;Zx;x;Zy
t605. Z =
Proof. H 602
<
;; 251; 376;

1 231 308;
t606.

1 is a substring of x Zx = x
Proof. H:x 602
<
;x;x 253;x 308;x
t607. H

0 =
Proof. H 538 583
<
;

0; 251;

0 239;

0
t608. Z

0 =

0
Proof. H 538 606;

0
t609. Z(x

0) = Zx

0
Proof. H:x 602
<
;x

0;Zx

0 602
>
;x;Zx 256;Zx;x;

0 537;Zx 314;x;Zx;

0
t610. ZHx = Hx
Proof. H:x 605 584;x 606;Hx 583
>
;x;Hx
36. Length
How should one count a heap of pebbles? By the following calculus. Split it as evenly
as possible; if it splits unevenly, write 1, and otherwise write 0. Repeat the process on the
smaller heap, writing the resulting bit to the left of the previous bit. Continue in this way.
When done, the result is the number of bits in binary. This method of counting has the
advantage over the usual way that the entire record of the procedure is linearly bounded,
whereas for the usual procedure it is only polynomially bounded. We do not yet have a
formalism allowing induction on polynomially bounded formulas. In fact, the chief goal of
this chapter is to develop such a formalism.
d611. length-step(u, f) u is in the domain of f & Hu is in the domain of f
& [u = HuHu f u = 2 f Hu] & [u = HuHu

0 f u = 2 f Hu+1]
36. LENGTH 91
d612. f is a length function for x

1 is a substring of x & x is in the domain
of f & f = 0 & uf[u is in the domain of f length-step(u, f)]
t613. f is a length function for x f is a function list & is in the domain of f
Proof. H:f:x 612
>
;f;x 516
>
;x;f 521
>
;f;;0 514
>
;f 511
>
;f 228 473;f
t614. f is a length function for x f is a length function for Hx
Proof. H:f:x 612
<
;f;Hx:u 612
>
;f;x;u 612
>
;f;x;x 611
>
;x;f 517;x;f 586;x
d615.
615
(x) zfg[z _ x & f is a length function for z & g is a length
function for z f z = g z]
t616.
615
()
Proof. H 615
<
;:z:f:g 252;z 612
>
;f; 612
>
;g;
t617.
615
(x)
615
(x

0)
Proof. H:x 615
<
;x

0:z:f:g 590;z;x 615


>
;x;Hz;f;g 614;f;z 614;g;z 612
>
;f;z;Hz 612
>
;g;z;Hz
612
>
;f;z;z 612
>
;g;z;z 517;z;f 517;z;g 583
>
;z;Hz 611
>
;z;f 611
>
;z;g 578;Hz;Hz ? z=HzHz
t618.
615
(x)
615
(x

1)
Proof. H:x 615
<
;x

1:z:f:g 591;z;x 615


>
;x;Hz;f;g 614;f;z 614;g;z 612
>
;f;z;Hz 612
>
;g;z;Hz
612
>
;f;z;z 612
>
;g;z;z 517;z;f 517;z;g 583
>
;z;Hz 611
>
;z;f 611
>
;z;g 578;Hz;Hz ? z=HzHz
t619.
615
(x)
Proof. H:x BSI,615;x:x

616; 617;x

618;x

t620. f is a length function for x & g is a length function for x f x = g x


Proof. H:f:x:g 619;x 615
>
;x;x;f;g 253;x
Now we turn to existence of length functions.
t621. Pair(, 0) , is a length function for
Proof. H 612
<
;Pair(,0),;:u 376;

1 231 239; 578;; 527;;0 528;;0 529;u;;0 585 611


<
;;Pair(,0), 5;2
t622. f is a length function for f = 0
Proof. H:f 621 528;;0 620;f;;Pair(,0),
t623. f is a length function for Hx & x is in the domain of f &

1 is a substring
of x f is a length function for x
Proof. H:f:x 612
<
;f;x:u 612
>
;f;Hx;u
t624. f is a length function for Hx & x is in the domain of f & length-step(u, f)
length-step

u, f Pair(x, y) ,

Proof. H:f:x:u:y 611


<
;u;fPair(x,y), 533;u;f;x;y 611
>
;u;f 533;Hu;f;x;y 534;u;f;x;y 534;Hu;f;x;y
578;Hu;Hu ? u=HuHu
t625. f is a length function for Hx & x is in the domain of f & x = Hx Hx
f Pair(x, 2 f Hx) , is a length function for x
Proof. H:f:x 612
<
;fPair(x,2f Hx),;x:u 613;f;Hx 535;f;x;2f Hx 612
>
;f;Hx;u 534;;f;x;2f Hx
532;f;x;u;2f Hx 517;u;f 624;f;x;u;2f Hx 533;Hx;f;x;2f Hx 611
<
;x;fPair(x,2f Hx), 536;f;x;2
f Hx 534;Hx;f;x;2f Hx 578;Hx;Hx 544;Hx;Hx
92 CHAPTER 4. ARITHMETIC
t626. f is a length function for Hx & x is in the domain of f & x = Hx Hx

0
f Pair(x, 2 f Hx + 1) , is a length function for x
Proof. H:f:x 612
<
;fPair(x,2f Hx+1),;x:u 613;f;Hx 535;f;x;2f Hx+1 612
>
;f;Hx;u 534;;f;x;2
f Hx+1 532;f;x;u;2f Hx+1 517;u;f 624;f;x;u;2f Hx+1 533;Hx;f;x;2f Hx+1 611
<
;x;fPair(x,2
f Hx+1), 536;f;x;2f Hx+1 534;Hx;f;x;2f Hx+1 578;Hx;Hx 537;Hx 544;Hx;Hx

0
We need to establish the existence of a length function g for x satisfying a linear bound
(72) [g[ + [x[
(which will be expressed by g _ bx x with occurrences of x and a variable-free
term b). Take = [Pair(, 0) ,[, so (72) holds when x = by t621. Let f be a length
function for Hx. Then there is a length function g for x satisfying
(73) [g[ [f[ +[Pair(x, 2 f Hx + 1) ,[
If f is a length function for t then the value f t will be exponentially shorter than t, but
it suces for our purposes to establish the crude bound
(74) [f t[ [t[
Applying this to t = Hx in (73) and using the fact that 2 t + 1 _ t

0, we nd
[g[ [f[ +[Pair(x, Hx

0) ,[
Since [Hx[
1
2
[x[, we obtain
[g[ [f[ + 3[x[ + 6
The 6 comes from 2 from the : in Pair, plus 2 more because the length of

0 gets doubled
in Pair, plus 2 from the nal ,. This gives
(75) [g[ [f[ + 9[x[
(which holds even when x = , for then we can choose g = f).
Now we prove (72) by linearly bounded string induction. As remarked, it holds when
x = . Again since [Hx[
1
2
[x[, by (75) and the induction hypothesis we have
[g[ +

2
[x[ + 9[x[
We want this to be + [x[, which holds provided we choose 18. The details
follow.
d627. Bd
627
(x, f) = Pair(x, 2 f Hx + 1) ,
t628. Pair(x, 2 f Hx) , _ Bd
627
(x, f)
Proof. H:x:f 627;x;f 74;2f Hx;1 267;2f Hx;2f Hx+1 253;x 501;x;x;2f Hx;2f Hx+1 256;Pair(x,2
f Hx);Pair(x,2f Hx+1);,
t629. f is a length function for Hx &

1 is a substring of x gf Bd
627
(x, f)[g
is a length function for x]
Proof. H:f:x
A A
;f
A
;fPair(x,2f Hx),
A
;fPair(x,2f Hx+1), 261;f;Bd
627
(x,f) 628;x;f
258;Pair(x,2f Hx),;Bd
627
(x,f);f 627;x;f 253;fBd
627
(x,f) 623;f;x 625;f;x 626;f;x 583
>
;x;Hx
This expresses (73).
36. LENGTH 93
The next theorem looks a bit strange, since t 2 t + 1 in binary appends a one
bit, not a zero bit. But a number n does not correspond to the string given by its binary
representation, but rather to the string following the initial 1 in the binary representation
of Sn.
t630. 2 t + 1 = t

0
Proof. H:t 221;t;

0 235 3;St2 72;St;2 6;2;t 9;2t;2 91 92 93 8;2t+2 4;2t;1 2;t

0;2t+1
d631.
631
(t) ft

[t

_ t & f is a length function for t

f t

_ t

]
t632.
631
()
Proof. H 631
<
;:f:t

252;t

622;f 268
t633.
631
(t)
631
(t

0)
Proof. H:t 631
<
;t

0:f:t

614;f;t

631
>
;t;f;Ht

612
>
;f;t

;t

517;t

;f 268 611
>
;t

;f 630;f Ht

256;f Ht

;Ht

0 254;Ht

0;t

;t

0 588;t

254;f t

;Ht

0;t

260;Ht

0;t ?t

= 583
>
;t

;Ht

74;2f Ht

;1
267;f t

;2f Ht

+1 254;f t

;f Ht

0;Ht

0
Reading this proof one will notice that the claim t

,= does not occur. But stak-


ing this claim plays an indirect role: it enables qea to nd the equality substitution
t

,= f t

_ t

f _ , which is used in the proof. The same comment applies


to the next proof.
t634.
631
(t)
631
(t

1)
Proof. H:t 631
<
;t

1:f:t

614;f;t

631
>
;t;f;Ht

612
>
;f;t

;t

517;t

;f 268 611
>
;t

;f 630;f Ht

256;f Ht

;Ht

0 254;Ht

0;t

;t

0 588;t

254;f t

;Ht

0;t

260;Ht

0;t 255 258;

1;

0;t 254;t

;t

1;t

0
?t

= 583
>
;t

;Ht

74;2f Ht

;1 267;f t

;2f Ht

+1 254;f t

;f Ht

0;Ht

0
t635.
631
(t)
Proof. H:t BSI,631;t:t

632; 633;t

634;t

t636. f is a length function for t f t _ t


Proof. H:f:t 635;t 631
>
;t;f;t 253;t
This establishes (74).
t637. f is a length function for Hx 2 f Hx + 1 _ Hx

0
Proof. H:f:x 630;f Hx 636;f;Hx 256;f Hx;Hx;

0
t638. (Hx

0) (Hx

0) _ x o
Proof. H:x 0;(Hx

0)(Hx

0):T 326;Hx;

0;Hx;

0 307
>
;T;(HxHx)(

0) 420 587;x 256;Hx


Hx;x;o 254;T;(HxHx)o;xo
t639. f is a length function for Hx Pair(x, 2 f Hx + 1) _ (x x) : x o
Proof. H:f:x 0;Pair(x,2f Hx+1):P 0;(Hx

0)(Hx

0):Q 637;f;x 253;x 501;x;x;2f Hx+1;Hx

0
497;x;Hx

0 254;P;Pair(x,Hx

0);(xx):Q 638;x 258;Q;xo;: 258;:Q;:xo;xx 254;P;(xx)


:Q;(xx):xo
t640. (x x) : x o _ (x x x) o o
Proof. H:x 257;:;x 256;:x;x:;o 433
<
;: 434;: 307
>
;:;o 256;:;o;o 258;:o;oo;x 254;:
xo;x:o;xoo 258;:xo;xoo;xx 226;xx;x;oo 226;x;x;x 226;:;x;o 226;x;:;o
94 CHAPTER 4. ARITHMETIC
t641. f is a length function for Hx Bd
627
(x, f) _ (x x x) (o o o)
Proof. H:f:x 0;Pair(x,2f Hx+1):P 0;(xxx)oo:Q 627;x;f 639;f;x 640;x 254;P;(xx):x
o;Q 256;P;Q;, 433
<
;, 434;, 307
>
;,;o 258;,;o;Q 226;xxx;oo;o 226;o;o;o 254;Bd
627
(x,f);Q,;Qo
We can dene a linearly bounded function symbol M

such that M

t is the con-
catenation of copies of t. Then M

is increasing (with respect to _), and we have


M

= M

and M

= M
+
. Here are the cases we need.
d642. M
2
t = t t
d643. M
3
t = t t t
d644. M
6
t = M
3
M
2
t
d645. M
9
t = M
3
M
3
t
d646. M
18
t = M
2
M
9
t
t647. u _ v M
3
u _ M
3
v
Proof. H:u:v 643;u 643;v 263;u;v;u;v 263;u;v;uu;vv
t648. u _ v M
9
u _ M
9
v
Proof. H:u:v 645;u 645;v 647;u;v 647;M
3
u;M
3
v
t649. M
6
t = M
2
M
3
t
Proof. H:t 642;t 643;t 643;M
2
t 642;M
3
t 644;t 226;t;t;t 226;tt;t;ttt 226;t;t;tt
t650. M
3
t M
6
t = M
9
t
Proof. H:t 645;t 649;t 643;M
3
t 642;M
3
t
t651. M
9
t M
9
t = M
18
t
Proof. H:t 646;t 642;M
9
t
t652. M
18
t = M
9
M
2
t
Proof. H:t 646;t 645;t 649;M
3
t 644;M
3
t 649;t 644;t 645;M
2
t
t653. M
18
Hx _ M
9
x
Proof. H:x 652;Hx 642;Hx 587;x 648;HxHx;x
t654. M
18
Hx M
9
x _ M
18
x
Proof. H:x 653;x 256;M
18
Hx;M
9
x;M
9
x 651;x
t655. x ,= M
3
o _ M
6
x
Proof. H:x 295;x 420 263;

0;x;

0;x 644;x 642;x 647;o;M


2
x
t656. x ,= M
3
x M
3
o _ M
9
x
Proof. H:x 655;x 258;M
3
o;M
6
x;M
3
x 650;x
36. LENGTH 95
t657. f is a length function for Hx &

1 is a substring of x gf M
9
x[g is a
length function for x]
Proof. H:f:x
A
629;f;x:g
A
;g 641;f;x 643;x 643;o 656;x 254;Bd
627
(x,f);M
3
xM
3
o;M
9
x 258;Bd
627
(x,f);
M
9
x;f 254;g;fBd
627
(x,f);fM
9
x
A
;f 585 261;f;M
9
x
This expresses (75), and now we are ready for the inductive proof of (72).
d658.
658
(x) x

x

1 is a substring of x

g(Pair(, 0) ,) M
18
x

[g
is a length function for x

]
t659.
658
()
Proof. H 658
<
;:x

;Pair(,0), 252;x

621 261;Pair(,0),;M
18

t660.
658
(x)
658
(x

0)
Proof. H:x 0;Pair(,0),:P 658
<
;x

0:x
A
658
>
;x;Hx

:f 590;x

;x 657;f;x

:g
A
;g 226;P;M
18
Hx

;M
9
x

654;x

256;f;PM
18
Hx

;M
9
x

254;g;fM
9
x

;(PM
18
Hx

)M
9
x

258;M
18
Hx

M
9
x

;M
18
x

;P 254;g;(P
M
18
Hx

)M
9
x

;PM
18
x

589;x

t661.
658
(x)
658
(x

1)
Proof. H:x 0;Pair(,0),:P 658
<
;x

1:x
A
658
>
;x;Hx

:f 591;x

;x 657;f;x

:g
A
;g 226;P;M
18
Hx

;M
9
x

654;x

256;f;PM
18
Hx

;M
9
x

254;g;fM
9
x

;(PM
18
Hx

)M
9
x

258;M
18
Hx

M
9
x

;M
18
x

;P 254;g;(P
M
18
Hx

)M
9
x

;PM
18
x

589;x

t662.
658
(x)
Proof. H:x BSI,658;x:x

659; 660;x

661;x

d663. Bd
663
x = (Pair(, 0) ,) M
18
x
t664.

1 is a substring of x fBd
663
x[f is a length function for x]
Proof. H:x
A
662;x 658
>
;x;x:f 253;x 663;x
A
;f
This establishes (72).
t665. (UC) l _ x & fBd
663
Zx[f is a length function for Zx & f Zx = l] & l
1
_ x
& f
1
Bd
663
Zx[f
1
is a length function for Zx & f
1
Zx = l
1
] l = l
1
Proof. H:l:x:l
1
:f:f
1
620;f;Zx;f
1
t666. (EC) ll _ x & fBd
663
Zx[f is a length function for Zx & f Zx = l]
Proof. H:x
A
602
>
;x;Zx 664;Zx:f
A
;f Zx;f 636;f;Zx 307
>
;x;Zx 254;f Zx;Zx;x
d667. Length x = l l _ x & fBd
663
Zx[f is a length function for Zx
& f Zx = l]
Let us verify that Length has the characteristic properties of length: Length = 0 and
Length (x

0) = Length (x

1) = Length x+1 and Length (xy) = Length x+Length y.


t668. Length = 0
Proof. H 667
<
;;0
A
228 253; 605 376;

1 231 664;:f
A
;f 622;f
t669. f is a length function for Zx f Zx = Length x
Proof. H:f:x 667
>
;x;Length x:g 620;f;Zx;g
96 CHAPTER 4. ARITHMETIC
t670. x y Length x = Length y
Proof. H:x:y 603;x;y 667
>
;x;Length x:f 669;f;y
t671. Zx = HZx HZx Length x = 2 Length HZx
Proof. H:x 667
>
;x;Length x:f 612
>
;f;Zx;Zx 517;Zx;f 611
>
;Zx;f 614;f;Zx 669;f;HZx 610;Zx
t672. Zx = HZx HZx

0 Length x = 2 Length HZx + 1
Proof. H:x 667
>
;x;Length x:f 612
>
;f;Zx;Zx 517;Zx;f 611
>
;Zx;f 614;f;Zx 669;f;HZx 610;Zx
t673. Length

0 = 1
Proof. H 607 608 672;

0; 239;

0 668 5;2 71;0;1 3;1


d674.
674
(x) u[u _ x Length (u

0) = Length u + 1]
t675.
674
()
Proof. H 674
<
;:u 252;u 239;

0 668 673 71;0;1 3;1


t676.
674
(x)
674
(x

0)
Proof. H:x 674
<
;x

0:u 671;u 672;u 609;u 671;u

0 672;u

0 602
>
;u;Zu 592;Zu 593;Zu ?Zu=
HZuHZu 583
>
;Zu;HZu 590;Zu;x 254;Zu;u;x

0 674
>
;x;HZu 95 68;2Length HZu;1;1 69;2;Length
HZu;1 96;2
t677.
674
(x)
674
(x

1)
Proof. H:x 674
<
;x

1:u 255 258;

1;

0;x 254;u;x

1;x

0 676;x 674
>
;x

0;u
t678.
674
(x)
Proof. H:x BSI,674;x:x

675; 676;x

677;x

t679. Length (x

0) = Length x + 1
Proof. H:x 678;x 674
>
;x;x 253;x
t680. Length (x

1) = Length x + 1
Proof. H:x 324 315;

1;

0;x 670;x

1;x

0 679;x
d681.
681
(y) x[Length (x y) = Length x + Length y]
t682.
681
()
Proof. H 681
<
;:x 239;x 668 3;Length x
t683.
681
(y)
681
(y

0)
Proof. H:y 681
<
;y

0:x 679;y 68;Length x;Length y;1 681


>
;y;x 226;x;y;

0 679;xy
t684.
681
(y)
681
(y

1)
Proof. H:y 681
<
;y

1:x 680;y 68;Length x;Length y;1 681


>
;y;x 226;x;y;

1 680;xy
t685.
681
(y)
Proof. H:y BSI,681;y:y

682; 683;y

684;y

t686. Length (x y) = Length x + Length y


Proof. H:x:y 685;y 681
>
;y;x
37. STRING MULTIPLICATION 97
t687. Length x = Length Zx
Proof. H:x 602
>
;x;Zx 670;x;Zx
t688. x _ y Length x Length y
Proof. H:x:y 602
>
;x;Zx 602
>
;y;Zy 604;x;y 562;Zx;Zy:z 686;Zx;z 687;x 687;y 73
<
;Length
x;Length y;Length z
t689. Length x = 0 x =
Proof. H:x 294;x 679;Chop x 680;Chop x 9;Length Chop x;1 93
t690. Length x Length y x _ y
Proof. H:x:y 248;x;y 602
>
;x;Zx 602
>
;y;Zy 604;y;x 562;Zy;Zx:z 686;Zy;z;Zx 687;y 687;x 142;Length
y;Length z 689;z 239;Zy 309;y;Zy 310;x;Zx;y 307
>
;x;y
t691. Length x = Length y x y
Proof. H:x:y 80;Length x 690;x;y 690;y;x 307
<
;x;y
t692.

1 is a substring of x &

1 is a substring of y & Length x = Length y
x = y
Proof. H:x:y 691;x;y 603;x;y 602
<
;x;x 602
<
;y;y 253;x 253;y 308;x 308;y
t693. Length

1 = 1
Proof. H 255 688;

0;

1 688;

1;

0 173;Length

0;Length

1 673
37. String multiplication
The zero product of two strings x and y, denoted by xy, is the string of length [x[ [y[
all of whose bits are zero. This clearly cannot be expressed by a linearly bounded function
symbol, but we shall express it by means of a relativization. First we establish a lemma.
d694.
694
(l) zl Length z wz[Length w = l]
t695.
694
(0)
Proof. H 694
<
;0:z; 668 251;z
t696.
694
(l)
694
(Sl)
Proof. H:l 694
<
;Sl:z
A
694
>
;l;z:w
A
;w

0 673 686;w;

0 690;w

0;z 81;l 84;l;Sl;Length z 94;l


t697.
694
(l)
Proof. H:l BI,694;l:l

695 696;l

t698. l Length z wz[Length w = l]


Proof. H:l:z
A
697;l 694
>
;l;z:w
A
;w
Note that without the bound on l this lemma would assert the existence of a string
exponentially larger than l, and there is no way this could be established.
d699.
699
(x) yz[Length z = Length x Length y]
We cannot use BSI to establish
699
(x) because of the linearly unbounded existential
quantier z. Nevertheless, we establish it by a relativization.
98 CHAPTER 4. ARITHMETIC
t700.
699
()
Proof. H 699
<
;:y; 668 72;Length y;0 5;Length y
t701.
699
(x)
699
(x

0)
Proof. H:x 699
<
;x

0:y
A
699
>
;x;y:z
A
;zy 673 128;Length x;1;Length y 97;Length y 686;x;

0 686;z;y
t702.
699
(x)
699
(x

1)
Proof. H:x 699
<
;x

1:y
A
699
>
;x;y:z
A
;zy 693 128;Length x;1;Length y 97;Length y 686;x;

1 686;z;y
t703.
699
(x) & u _ x
699
(u)
Proof. H:x:u 699
<
;u:y
A
699
>
;x;y:z 688;u;x 89;Length u;Length x;Length y 698;Length uLength
y;z:w
A
;w
In other words,
699
(x) is equivalent to
(0)
699
(x).
t704.
699
(x
1
) &
699
(x
2
)
699
(x
1
x
2
)
Proof. H:x
1
:x
2
699
<
;x
1
x
2
:y
A
699
>
;x
1
;y:z
1
699
>
;x
2
;y:z
2
A
;z
1
z
2
686;x
1
;x
2
686;z
1
;z
2
128;Length
x
1
;Length x
2
;Length y
In other words,
699
(x) is equivalent to
(1)
699
and can be used as a relativizing predicate.
Next we prove that its relativization by itself is a theorem, so we can adjoin it as a
relativized axiom.
t705.
699
(x) &
699
(y) z[
699
(z) & Length z = Length x Length y]
Proof. H:x:y
A
699
>
;x;y:z
A
;z 699
<
;z:u
B
699
>
;y;u:v 699
>
;x;v:w
B
;w 70;Length x;Length
y;Length u
a706. z[Length z = Length x Length y]
t707. (UC) Length x Length y = Length z &

1 is a substring of z & Length
x Length y = Length z

&

1 is a substring of z

z = z

Proof. H:x:y:z:z

692;z;z

t708. (EC) z[Length x Length y = Length z &



1 is a substring of z]
Proof. H:x:y
A
706;x;y:z
A
;Zz 687;z 602
>
;z;Zz
d709. x y = z Length x Length y = Length z &

1 is a substring of z
t710. x =
Proof. H:x 709
<
;x;; 376;

1 231 668 5;Length x


t711. x (y z) = (x y) (x z)
Proof. H:x:y:z 709
<
;x;yz;(xy)(xz) 709
>
;x;y;xy 709
>
;x;z;xz 686;xy;xz 686;y;z 544;x
y;xz 69;Length x;Length y;Length z
t712. (x y) z = x (y z)
Proof. H:x:y:z 709
>
;x;y;xy 709
>
;y;z;yz 709
>
;x;yz;x(yz) 70;Length x;Length y;Length
z 709
<
;xy;z;x(yz)
t713. x y = y x
Proof. H:x:y 709
>
;x;y;xy 709
>
;y;x;yx 72;Length x;Length y 709
<
;x;y;yx
38. THE THIRD RELATIVIZATION SCHEMA 99
t714.

0 x = Zx
Proof. H:x 673 97;Length x 687;x 602
>
;x;Zx 709
<
;

0;x;Zx
t715.

1 x = Zx
Proof. H:x 693 97;Length x 687;x 602
>
;x;Zx 709
<
;

1;x;Zx
t716. x _ y z x _ z y
Proof. H:x:y:z 690;zx;zy 688;x;y 709
>
;z;x;zx 709
>
;z;y;zy 88;Length x;Length y;Length z
38. The third relativization schema
We shall extend the relativization schema of 28 to include , allowing in bounds.
For convenience of reference, the theorem schemata for
(1)
are repeated here.
tBSI9. sind

[
(1)
(x)
(0)
(x)]
tBSI10. sind


(1)
()
tBSI11. sind

[
(1)
(x)
(1)
(x

0)]
tBSI12. sind

[
(1)
(x)
(1)
(x

1)]
tBSI13. sind

[
(1)
(x) & u _ x
(1)
(u)]
tBSI14. sind

[
(1)
(x
1
) &
(1)
(x
2
)
(1)
(x
1
x
2
)]
dBSI15.
(2)
(x) y[
(1)
(y)
(1)
(y x)]
tBSI16. sind

[
(2)
(x)
(1)
(x)]
Suppose
(2)
(x) and let y = . We have
(1)
() by tBSI10 and so
(1)
(

0) by tBSI11.
Hence
(1)
(

0 x) holds; i.e.,
(1)
(Zx). But x _ Zx, so
(1)
(x) follows from tBSI13.
Proof. H:x BSI15
>
;x;

0 BSI10 BSI11; 239;

0 714;x 602
>
;x;Zx BSI13;Zx;x 307
>
;x;Zx
tBSI17. sind


(2)
()
Suppose
(1)
(y). We need to show that
(1)
(y ). But y = , so this holds
by tBSI10.
Proof. H BSI15
<
;:y 710;y BSI10
tBSI18. sind

[
(2)
(x)
(2)
(x

0)]
Suppose
(2)
(x) and
(1)
(y). We need to show that
(1)

y (x

0)

; i.e., that

(1)

(y x) (y

0)

. Since
(2)
(x) we have
(1)
(y x). Now y

0 = Zy and Zy _ y,
so
(1)
(y

0) holds by tBSI13. Thus the result holds by tBSI14.
Proof. H:x BSI15
<
;x

0:y 711;y;x;

0 BSI15
>
;x;y 713;y;

0 714;y 602
>
;y;Zy BSI13;y;Zy BSI14;yx;y

0
tBSI19. sind

[
(2)
(x)
(2)
(x

1)]
Since y

1 is also equal to Zy, the proof is entirely similar.
Proof. H:x BSI15
<
;x

1:y 711;y;x;

1 BSI15
>
;x;y 713;y;

1 715;y 602
>
;y;Zy BSI13;y;Zy BSI14;yx;y

1
tBSI20. sind

[
(2)
(x) & u _ x
(2)
(u)]
Now construct a theory schema Q

0
, superstring theory, by adjoining BSI in which
is allowed in bounds. Q

0
is locally relativizable in Q
0
.
CHAPTER 5
Syntax
In this chapter we arithmetize syntactical notions.
39. Symbols
Symbols will be arithmetized as ordered triples followed by , (so they are lists of
a single element), where the rst component is the type (0 for variables, 1 for function
symbols, 2 for predicate symbols, 3 for logical operators), the second is the index, and the
third is a label.
d717. Triple(x, y, z) = Pair

x, Pair(y, z)

t718. Triple(x, y, z) = Triple(x

, y

, z

) x = x

& y = y

& z = z

Proof. H:x:y:z:x

:y

:z

717;x;y;z 717;x

;y

;z

499;x;Pair(y,z);x

;Pair(y

,z

) 499;y;z;y

;z

t719. x _ Triple(x, y, z) & y _ Triple(x, y, z) & z _ Triple(x, y, z)


Proof. H:x:y:z 717;x;y;z 500;x;Pair(y,z) 500;y;z 254;y;Pair(y,z);Triple(x,y,z) 254;z;Pair(y,z);Triple(x,y,z)
d720. w is an ordered triple xwywzw[w = Triple(x, y, z)]
t721. Triple(x, y, z) is an ordered triple
Proof. H:x:y:z 720
<
;Triple(x,y,z);x;y;z 719;x;y;z
t722.
1
Triple(x, y, z) = x &
1

2
Triple(x, y, z) = y &
2

2
Triple(x, y, z) = z
Proof. H:x:y:z 717;x;y;z 510;x;Pair(y,z) 510;y;z
d723. x encodes a variable x
0
x[x = x
0
, & x
0
is an ordered triple &
1
x
0
= 0
&
1

2
x
0
= 0]
d724. f encodes a function symbol f
0
_ f[f = f
0
, & f
0
is an ordered triple
&
1
f
0
= 1]
d725. p encodes a predicate symbol p
0
_ p[p = p
0
, & p
0
is an ordered triple
&
1
p
0
= 2]
d726. = Triple(S2, 1, 0) ,
d727.

= Triple(S2, 2, 0) ,
d728.

= Triple(S2, 2, 1) ,
d729. s encodes a symbol s encodes a variable s encodes a function symbol
s encodes a predicate symbol s = s =

s =

100
40. EXPRESSIONS 101
t730. s encodes a symbol t[t is an ordered triple & s = t ,]
Proof. H:s
A
729
>
;s ? s encodes a variable 723
>
;s:x
0
A
;x
0
? s encodes a function symbol
724
>
;s:f
0
A
;f
0
725
>
;s:p
0
A
;p
0
726 721;S2;1;0
A
;Triple(S2,1,0) 727 721;S2;2;0
A
;Triple(S2,2,0) 728
721;S2;2;1
A
;Triple(S2,2,1)
d731.

0 = Triple(1, 0, 0) ,
d732. = = Triple(2, 2, 0) ,
40. Expressions
An expression is a concatenation of symbols, so it either empty or a list of symbols
shorn of the concluding ,.
d733. u encodes an expression u = u is a list & tu[t is listed in u
t , encodes a symbol]
to be continued
expression is the need of my soul
i was once a vers libre bard
but i died and my soul went into the body of a cockroach
it has given me a new outlook upon life
DON MARQUIS