A Primer For Logic and Proof

A Primer for Logic and Proof
Holly P. Hirst and Jeffry L. Hirst
Spring 20041
1
°2002
c by Jeffry L. Hirst and Holly P. Hirst. All rights reserved.
ii
Contents
Introduction v
1 Propositional Calculus 1
1.1 Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Tautologies and Contradictions . . . . . . . . . . . . . . . . . . . 8
1.3 Logical Equivalence . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.4 Contrapositives and Converses . . . . . . . . . . . . . . . . . . . 10
1.5 Analysis of Arguments . . . . . . . . . . . . . . . . . . . . . . . . 12
1.6 A Proof System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.7 The Deduction Theorem . . . . . . . . . . . . . . . . . . . . . . . 18
1.8 Generalizing L . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.9 Soundness and Completeness of L . . . . . . . . . . . . . . . . . . 22
1.10 Modifying L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
1.11 Assessing Propositional Calculus . . . . . . . . . . . . . . . . . . 26
2 Predicate Calculus 29
2.1 Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2 Translations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.3 A brief interlude: Truth . . . . . . . . . . . . . . . . . . . . . . . 35
2.4 Free variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.5 Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.6 Truth and Sentences . . . . . . . . . . . . . . . . . . . . . . . . . 40
2.7 Truth and free variables . . . . . . . . . . . . . . . . . . . . . . . 42
2.8 Logical validity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
2.9 Formulas that aren’t logically valid . . . . . . . . . . . . . . . . . 45
2.10 Some logically valid formulas . . . . . . . . . . . . . . . . . . . . 46
2.11 Free for... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.12 A proof system for predicate calculus . . . . . . . . . . . . . . . . 51
2.13 Dealing with ∀ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
2.14 Rule T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
2.15 The Deduction Theorem . . . . . . . . . . . . . . . . . . . . . . . 55
2.16 Adding ∃x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
2.17 Removing ∃x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
2.18 Proof strategies in predicate calculus . . . . . . . . . . . . . . . . 60
iii
iv CONTENTS
3 Transition to Informal Proofs 63

3.1 The Theory of Equality . . . . . . . . . . . . . . . . . . . . . . . 64
3.2 Formal Number Theory . . . . . . . . . . . . . . . . . . . . . . . 66
3.3 More about induction . . . . . . . . . . . . . . . . . . . . . . . . 69
3.4 Inductive Pitfalls . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
3.5 Proofs by Contradiction . . . . . . . . . . . . . . . . . . . . . . . 75
3.6 Other Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
4 Alternation of Quantifiers – Sequences 83

4.1 Sequences, Bounds and Convergence . . . . . . . . . . . . . . . . 84
4.2 More on Convergence and Boundedness . . . . . . . . . . . . . . 89
4.3 A Note on Divergent Sequences . . . . . . . . . . . . . . . . . . . 91
Introduction
There is a significant shift in the emphasis of undergraduate mathematics be-

tween calculus level courses and analysis and algebra courses. The early courses
emphasize the application of mathematical concepts to solve specific problems.
In later courses, students combine and manipulate the concepts themselves, usu-
ally by studying and creating proofs. This book is designed to help students
with the transition from application to proof.
Most students have encountered proofs before entering college. In high
school geometry, proofs often take the form of a two column justification. For
example, suppose we let AB denote the length of the line segment AB. Then
we can prove the statement, If the point P lies on the line segment AB between
points A and B, then P B = AB − AP , using the two column justification:
Statement Justification
1. P lies on AB between A and B Given
2. AP + P B = AB Definition of between using 1
3. P B = AB − AP Subtraction property of = using 2
This very formal type of proof has the advantage of showing plenty of detail,
especially revealing the assumptions and definitions used in the argument. Given
the list of allowable assumptions and definitions, we can verify each line of the
proof in a mechanical fashion and be certain that it is complete and correct. The
drawback of the formal proof is that the wealth of detail can hide the interesting
mathematical content.
The first two chapters of this book present formal proof systems for proposi-
tional calculus and predicate calculus. Propositional calculus will give us a good
sense of the meaning of if. . . then statements and negation. Predicate calculus
adds the expressive power of quantifiers, so we can examine statements like
“for all x, A(x) or not A(x).” Our formal proof systems will provide a precise,
detailed, verifiable method of proof.
Predicate calculus is an excellent scaffold on which to hang additional ax-
ioms. In the remaining chapters of the book, we will present good sets of axioms
for studying number theory, analysis, algebra, set theory, and graph theory. We
will also see how to abbreviate formal proofs and distill clear, correct, and in-
formative informal proofs.
The early emphasis on formal logic proofs distinguishes this book from many
texts written for bridge courses. On the other hand, the approach to logic
v
vi INTRODUCTION
is very mathematical, and sidesteps many philosophical issues that appear in

logic texts. Streamlining the logic presentation leaves time in the semester to
complete the transition to informal proof, and to tie the material firmly to
the study of abstract mathematics. The level and the style of presentation is
directed at beginning undergraduate students.
Chapter 1
Propositional Calculus
The big idea in propositional calculus is to study the structure of simple state-
ments. We will discover connections between the structure and the truth val-
ues of these statements, and devise fast methods for determining truth values.
Eventually, we will write some formal proofs of statements.
1.1 Building Blocks
Propositions
A proposition is a statement, containing a subject and a verb like a sentence in
English. We will eventually work with mathematical statements almost exclu-
sively, but for now any statements can be used.
Example. Here are three examples of propositions.
2 is prime.
4 + 6 = 10.
Today it is raining.
Propositions can be combined with connectives such as and and implies to

create compound propositions.
Example. Here are three examples of compound propositions.
2 is prime, and 4 + 6 = 10.
Today it is raining implies that tomorrow the sun will shine.
Today is Thursday and tomorrow will be sunny implies that yesterday was
rainy.
1
2 CHAPTER 1. PROPOSITIONAL CALCULUS
Be careful with multiple connectives! English can be quite ambiguous. Take

the last combination of propositions for example. Do both of the first statements
together imply yesterday was rainy or is it only the second one? If we are not
careful, this ambiguity can cause problems when writing mathematical proofs.
Writing out the entire text of a compound proposition can be tedious, par-
ticularly if it contains several propositions. As a shorthand, we will use:
• lower case letters (like a, b, c, etc.) for simple propositions, and
• UPPER CASE LETTERS (like A, B, C, etc.) for compound propositions.
Propositions can be true or false. If we know what truth value to assign one
we can utilize this information. Otherwise, we check what happens when the
proposition is assumed to be true and then false by using a truth table. The
following truth tables reveal the meaning of the various connectives.
Connectives
The symbols ¬, ∧, ∨, →, and ↔ are called propositional connectives. Their
properties are best shown via truth tables.
Negation
Symbol: ¬
Interpretation: ¬a means “not a”
a ¬a
T F
F T
Notice that the proposition a has a column containing all possible truth
values, in this case simply T and F. Then the second column contains the truth
value for “not a” for each possible value of a. We can read this table as follows:
If a is true then not a is false. If a is false, then not a is true. Not too bad.
Other books use the symbols ∼ a or !a to denote ¬a. Let’s look at the other
connectives.
Conjunction
Symbol: ∧
Interpretation: a ∧ b means “a and b”
Vocabulary: a and b are the conjuncts in the compound proposition a ∧ b.
a b a∧b
T T T
T F F
F T F
F F F
1.1. BUILDING BLOCKS 3
Notice here that all possible combinations of truth values for a and b are
listed, along with the corresponding value for the connective. The quick story on
the and connective is that both propositions need to be true for the conjunction
to be true.
Disjunction
Symbol: ∨
Interpretation: a ∨ b means “a or b”
Vocabulary: a and b are the disjuncts in the compound proposition a ∨ b.
a b a∨b
T T T
T F T
F T T
F F F
Summarizing, a disjunction is true whenever at least one of the propositions
is true. This connective is sometimes called inclusive or to differentiate it from
exclusive or (which is often denoted by +). The formula a + b is interpreted as
“a or b, but not both.”
Implication
Symbol: →
Interpretation: a → b means “if a then b” (in the mathematical sense.)
Vocabulary: In the formula a → b, the proposition a is referred to as the
hypothesis (or sometimes as the premise). The proposition b is referred to as
the conclusion.
a b a→b
T T T
T F F
F T T
F F T
The truth values for implication seem pretty peculiar at first. Some people
might argue that the interpretation is distinctly different from typical English
usage. They’re probably right. However the truth values do correspond exactly
to the way that mathematicians use this symbol. The only time an implication
is false is when the hypothesis is true and the conclusion is false. False may
imply false and false may imply true, but true cannot imply false.
Mathematical texts use all of the following phrases to represent a → b:
if a then b,
a implies b,
a is a sufficient condition for b,
b is a necessary condition for a.

Biconditional
Symbol: ↔
Interpretation: a ↔ b means “a if and only if b”
a b a↔b
T T T
T F F
F T F
F F T
The biconditional is true exactly when the propositions have the same truth
value. In some texts, the phase “a is a necessary and sufficient condition for b”
is used for a ↔ b.
Truth tables for compound propositions

We can glue statement letters (or propositions) together with connectives to
build compound propositions. Using the truth tables from above, we can build
truth tables for compound propositions. Be sure to include a row for each
possible truth assignment for the statement letters.
Example. Build a truth table for p → (q ∨ r)
p q r q ∨ r p → (q ∨ r)
T T T T T
T T F T T
T F T T T
T F F F F
F T T T T
F T F T T
F F T T T
F F F F T
Note that each simple proposition is listed first, and all possible combinations
of truth values are listed. Each parenthesized subformula is listed, and then the
final column contains the truth values for the entire compound statement.
Example. Build a truth table for ¬(p → q)
p q p → q ¬(p → q)
T T T F
T F F T
F T T F
F F T F
Now, let’s do the same examples using abbreviated truth tables. There
are two important things to remember here. First, an abbreviated truth ta-
ble contains exactly the same information as any other truth table; only the
bookkeeping is different. Second, in any single row of the abbreviated truth
table, every occurrence of a propositional letter receives the same truth value.
We mark the column for the main connective with bold type. This column
corresponds to the last column of a standard truth table.
Example. Build an abbreviated truth table for p → (q ∨ r)
p → (q ∨ r)
T T T T T
T T T T F
T T F T T
T F F F F
F T T T T
F T T T F
F T F T T
F T F F F
In building the preceding abbreviated truth table, we followed the order of
the parentheses. First, we wrote the columns for p, q, and r so that every
possible combination of truth values was represented. Next, we filled in the
column for the ∨ in q∨r, and finally we filled in the column for the → connective.
Example. Build an abbreviated truth table for ¬(p → q)
¬ (p → q)
F T T T
T T F F
F F T T
F F T F
Example. Compare the truth tables for (a ∨ b) ∧ c and a ∨ (b ∧ c).
(a ∨ b) ∧ c a ∨ (b ∧ c)
T T T T T T T T T T
T T T F F T T T F F
T T F T T T T F F T
T T F F F T T F F F
F T T T T F T T T T
F T T F F F F T F F
F F F F T F F F F T
F F F F F F F F F F
Note that in the last example, the two formulas have the same proposition
letters and connectives in the same order. Only the location of the parentheses
is different. However, the truth values for the main connectives do not match
in the second and fourth rows. There is a moral here. Parentheses make a
difference! You can leave out parentheses when the meaning of the statement
is clear. However, if you have any doubt, retain the parentheses.
Sometimes books will leave out more parentheses than you might like. In a
pinch, you can assume that connectives are evaluated in the following order ¬,
∧, ∨, →, ↔, with like connectives evaluated from left to right. For example, the
formula b∧a → b → c∨¬d should be parenthesized as ((b∧a) → b) → (c∨(¬d)).
Translations
Given a key listing the meanings of the propositional symbols, we can translate
symbolized statements into English sentences.
Example. Given the interpretations below, translate each of the following sen-
tences into English.
a means “Fritz likes trout.”

b means “Waldo is tiny.”
c means “Violins don’t melt.”
(a) Translate: (a ∨ b) → c
Solution: If Fritz likes trout or Waldo is tiny, then violins don’t melt.
(b) Translate: a ↔ c
Solution: Fritz likes trout if and only if violins don’t melt.
Alternate solution: Fritz liking trout is a necessary and sufficient
condition for the non-melting of violins.
(c) Translate: ¬(b ∧ c)
Solution: It is not the case that both Waldo is tiny and violins don’t
melt.
Alternate solution: Waldo isn’t tiny or violins melt.
The first translation of ¬(b ∧ c) is a direct substitution of English for formal

symbols. The second translation is a direct substitution for the symbols in the
formula ¬b ∨ ¬c. Because ¬b ∨ ¬c and ¬(b ∧ c) have matching last columns in
their truth tables, we can say that the two translations mean the same thing.
In section 1.3, we’ll learn that these formulas are logically equivalent. The fact
that they are logically equivalent is sometimes called DeMorgan’s law. Each
translation has redeeming merits. The first translation is more literal, while the
second sounds more natural.
We can reverse the process of our previous examples, and translate English
into our symbolic language. Be sure to include a key to explain the translation.
Example. Translate: If Fritz is the king of France, then Bert eats trout.
Solution: Let k denote “Fritz is the king of France.” Let b denote “Bert
eats trout.” The sentence “If Fritz is the king of France, then Bert eats trout”
translates as
k → b.
Common sense and truth

Sometimes we can use common sense to assign a truth value to a proposition.
For example, 2 + 2 = 4 is true, and 2 + 2 = 5 is false. Note that these truth
values are actually assumptions based on prior experience, but they are still
pretty reasonable. In other cases, we lack sufficient information to reasonably
assign truth values. For example, the statement “Waldo has a trout in his hat”
is neither obviously true nor obviously false. In situations where we can assign
truth values to some (or all) of the proposition letters, we can often determine
the truth value of associated compound statements. The process involves look-
ing at appropriate lines in the truth table of the compound statement. Here are
some examples.
Example. Given the information below, and using common sense where appli-
cable, try to assign truth values to the following compound statements.
a means “2 = 5.” (We’ll assume this is F.)
b means “7 is an odd prime.” (We’ll assume this is T.)
c means “Waldo is the milkman’s pet trout.” (We won’t assume any truth
value here.)
(a) a ∧ b
Solution: F ∧ T is F, so a ∧ b is false.
(b) a ∨ b
Solution: F ∨ T is T, so a ∨ b is true.
(c) b ∨ c
b ∨ c
Solution: T T T So b ∨ c is true.
T T F
(d) a ↔ c
a ↔ c
Solution: F T F So a ↔ c depends on truth value of c.
F F T
Exercises.
1. Build the truth table for p ∧ q.
2. Build the truth table for p → (q ∨ r)
3. Build the truth table for ¬(p ∨ ¬p)
4. Build the truth table for p ∧ ¬p
5. Build the truth table for (p ∧ q) → p
6. Build the truth table for p → (p ∨ q)
7. Given the interpretations below, translate each of the following sentences
into English. p means “2 + 2 = 5.” q means “3 is prime.”
(a) Translate: p → q
(b) Translate: (¬p) ∨ q
(c) Translate: ¬(p ∨ q)
8. Given the interpretations below, translate each of the following sentences
into English. d means “Waldo wears a hat.” m means “All milkmen like
trout.” w means “4 + 8 = 32.” z means “2 6= 5.”
(a) Translate: d → (m ∨ w)
(b) Translate: z ↔ w
(c) Translate: z ∧ (w → z)
(d) Translate: ¬(¬d ∧ z)
9. Translate into formal symbols: Either money is green or the sky is blue.
10. Translate into formal symbols: If either 2 6= 5 or 4 + 5 = 9, then 52 6= 25.
11. Translate into formal symbols: Fritz likes chocolate bunnies and Waldo
likes umbrellas.
12. Translate into formal symbols: If 5 is not an odd integer, then 8 is prime.
13. Given the information below, and using common sense where applicable,
try to assign truth values to the following compound statements.
p means “2 6= 5.”
q means “7 is an integer multiple of 2.”
r means “Fritz is a tap-dancing investment banker.”
(a) p ∨ q
(b) p ∧ r
(c) q → r
(d) r → (q → r)
1.2 Tautologies and Contradictions

Some compound propositions are true (or false) just because of their structure.
(See exercises 3, 4, 5, and 6 in section 1.1.) The truth values of these statements
don’t rely on the interpretation of the propositional letters or on any common
sense assignment of truth values to the propositional letters. The semantics of
these formulas depends only on their syntax. Because these are special formulas,
we give them special names.
Definition. A tautology is a compound proposition which is always true. That
is, a formula is a tautology if and only if the last column of its truth table
contains only Ts.
1.2. TAUTOLOGIES AND CONTRADICTIONS 9
Example. Show that p ∨ ¬p is a tautology.

Solution: We’ll check that the main connective column in the truth table for
p ∨ ¬p contains only Ts.
p ∨ (¬ p)
T T F T
F T T F
Definition. A contradiction is a compound proposition which is always false.
That is, a formula is a contradiction if and only if the last column of its truth
table contains only Fs.
Example. Show that p ∧ ¬p is a contradiction.
Solution: We’ll check that the main connective column in the truth table for
p ∧ ¬p contains only Fs.
p ∧ (¬ p)
T F F T
F F T F
Definition. A contingency is a compound proposition which is neither a tau-
tology nor a contradiction. That is, a formula is a contingency if and only if the
last column of its truth table contains both Ts and Fs.
Example. Show that p → q is a contingency.
Solution: We’ll show that the main connective column in the truth table for
p → q contains at least one T and at least one F.
p → q
T T T
T F F
F T T
F T F
The first and second rows will fill the bill. We didn’t even need to write the
last two rows.
Exercises.
1. Show that a → (b → a) is a tautology.
2. Show that (a → (b → c)) → ((a → b) → (a → c)) is a tautology.
3. Show that (¬b → ¬a) → ((¬b → a) → b) is a tautology.
4. Show that p ↔ (p → ¬p) is a contradiction.
5. Show that p ∧ p is a contingency.
6. Classify each of the following formulas as a tautology, a contradiction, or a
contingency. Provide enough of the truth table for the formula to justify
your answer. (For tautologies and contradictions, you need the whole
table. For contingencies you can get by with just two cleverly selected
rows.)
(a) (p ∧ q) → p
(b) p → (p ∨ q)
(c) (p ∨ q) → (p ∧ q)
(d) p ↔ ¬p
(e) p → (¬p → (q ∧ ¬q))
(f) (p → q) ∨ (q → p)
1.3 Logical Equivalence

Think for a minute about formulas involving the proposition letters p and q.
There are lots of formulas of this sort. Each of those formulas has a truth
table with exactly four rows. There are only sixteen possible last columns for
those truth tables. Consequently, a lot of formulas have truth tables whose last
columns match. The following definition extends this notion of matching last
columns to situations where the formulas may not contain exactly the same
statement letters.
Definition. Two formulas, A and B, are logically equivalent if and only if
A ↔ B is a tautology.
Example. Show that p → q is logically equivalent to ¬q → ¬p.
Solution: We’ll verify that the main connective column in the truth table
for the biconditional constructed from these two formulas contains only Ts.
(p → q) ↔ ((¬ q) → (¬ p))
T T T T F T T F T
T F F T T F F F T
F T T T F T T T F
F T F T T F T T F
Exercises.
1. Show that ¬p ∧ ¬q is logically equivalent to ¬(p ∨ q).
2. Show that p ∧ q is logically equivalent to ¬(¬p ∨ ¬q).
3. Show that p is logically equivalent to ¬¬p.
4. Show that p ∨ (q → (s ∧ ¬¬t)) is logically equivalent to
p ∨ (q → (s ∧ t)).
1.4 Contrapositives and Converses

Mathematicians are often concerned with conditional statements. Given an
implication, there are two related formulas which occur so often that they have
special names.
1.4. CONTRAPOSITIVES AND CONVERSES 11
Definition. The contrapositive of the conditional P → Q is ¬Q → ¬P .
Example. The contrapositive of a → (b ∨ c) is ¬(b ∨ c) → ¬a.
Example. We say that a mapping is 1–1 if x 6= y implies that f (x) 6= f (y).

The contrapositive of this implication is: if f (x) = f (y) then x = y. (We’ve
eliminated some double negations here. To be excruciatingly technically correct,
the contrapositive of x 6= y → f (x) 6= f (y) is ¬(f (x) 6= f (y)) → ¬(x 6= y), and
the formula f (x) = f (y) → x = y is logically equivalent to the contrapositive.)
Sometimes the contrapositive of a formula is easier to prove than the original

formula. For example, it is much easier to assume that f (x) = f (y) and deduce
x = y than it is to assume x 6= y and deduce f (x) 6= f (y). This has little to
do with functions and a lot to do with the fact that x 6= y is not usually a
particularly useful piece of information. The thing that makes this important
is the fact that every formula is logically equivalent to its contrapositive. Con-
sequently, if we want to prove that a mapping is 1–1, it’s good enough to prove
that if f (x) = f (y) then x = y. This works for any conditional statement, and
mathematicians spend a lot of time proving conditional statements. The main
point of this discussion is recapped in the following theorem.
Theorem (Contrapositive Theorem). Every conditional formula is logically

equivalent to its contrapositive.
Proof. Any conditional formula will have the form P → Q. We’ll show that
this is logically equivalent to ¬Q → ¬P by checking the truth table for the
biconditional statement built from these formulas. We’re looking for all Ts in
the main connective column.
(P → Q) ↔ (¬ Q → ¬ P )
T T T T F T T F T
T F F T T F F F T
F T T T F T T T F
F T F T T F T T F
The main connective column is all Ts, so the biconditional is a tautology
and the formulas are logically equivalent.
Definition. The converse of the conditional P → Q is Q → P .
Example. The converse of a → (b ∨ c) is (b ∨ c) → a.
Example. We say that a mapping is well-defined if every input has a unique

output. Thus a mapping is well-defined if x = y implies f (x) = f (y). Look at
these formulas:
f (x) is well defined means that x = y → f (x) = f (y).
f (x) is 1–1 means that f (x) = f (y) → x = y.
We can see that “f (x) is well-defined” is the converse of “f (x) is 1–1.”

To prove a biconditional like p ↔ q, a mathematician often proves p → q

and proves the converse, q → p. Neither of these steps can be skipped, because
a conditional and its converse may not be logically equivalent. For example,
you can easily show that a → b is not logically equivalent to its converse.
Some bizarre formulas, like a → a for example, are logically equivalent to their
converses, but that’s just a fluke. To summarize this section, a conditional is
always logically equivalent to its contrapositive. A conditional may or may not
be logically equivalent to its converse.
Exercises.
1. Write the contrapositives of the following.
(a) p → q
(b) (p ∨ r) → q
(c) (a ∧ b) → (c ∨ d)
(d) If Waldo likes trout, then Elmer is a sailor.
(e) If 0 6= 1, then 4 is a prime.
(f) If tap-dancing is foolish, then I want to be a fool.
2. Write the converses of the following.
(a) p → q
(b) (p ∨ r) → q
(c) (a ∧ b) → (c ∨ d)
(d) If Waldo likes trout, then Elmer is a sailor.
(e) If 0 6= 1, then 4 is a prime.
(f) If tap-dancing is foolish, then I want to be a fool.
3. Show that a → b is not logically equivalent to its converse.
4. Show that a → a is logically equivalent to its converse.
5. Find a formula that is logically equivalent to its converse and one that
is not. You could be imaginative and pick examples other than those in
exercises 3 and 4.
1.5 Analysis of Arguments

We see examples of informal arguments every day. In newspaper editorials,
court cases, and advertising, people give lists of reasons and try to convince us
of a conclusion. Here’s a formal version of the process.
An argument is a list of premises which taken all together supposedly imply
a conclusion. For example,
1.5. ANALYSIS OF ARGUMENTS 13
P1
P2
P3
...
Pn
Pn+1
is an argument.
We say that an argument (like the one above) is logically valid if and only if
(P1 ∧ P2 ∧ P3 ∧ ... ∧ Pn ) → Pn+1 is a tautology. Note that the conclusion of
a logically valid argument is not necessarily true. Logical validity ensures only
that if all the premises are true, then the conclusion is true.
Example. Show that the following argument is logically valid.

p
p→q
q
Solution: We build the truth table to check.
(p ∧ ( p → q)) → q
T T T T T T T
T F T F F T F
F F F T T T T
F F F T F T F
Looks good. This argument format is so commonly used, that it has a name:
Modus Ponens. We will see it later in our proof system as a legitimate deduction
rule, i.e., if p and p → q are both lines in a proof, then q can be used alone.
Exercises.
1. Here are some other common argument forms. Show that they are all
logically valid.
a→b
Modus Tollens: ¬b
¬a
p→r
q→r
Constructive Dilemma:
p∨q
r
p→q
Hypothetical Syllogism: q→r
p→r
s∨t
Disjunctive Syllogism: ¬s
t
2. Is the following argument logically valid?
The chancellor knows.
If the chancellor doesn’t know, then the provost knows.
If the provost knows, then we’re in trouble.
We’re in trouble.
When it rains, I wear a hat.
It never rains
I never wear a hat.

4. What statement could be substituted for P to make the following argu-
ment valid?
When it rains, I wear a hat.
P
It never rains.
If today is Sunday, then tomorrow is Monday.
Today is not Sunday.
Tomorrow is not Monday.

You can afford a used Pinto.
If you’ve driven a Ford lately, then you want to buy a Ford.
If you want to buy a Ford, and you can afford a used Pinto, then
you’ll buy a used Pinto.
If you’ve driven a Ford lately, then you’ll buy a used Pinto.

7. Modify one of the premises below to make the argument valid.
1.6. A PROOF SYSTEM 15
It’s cold.
If Fritz wears a parka, then its cold.
Fritz is fond of velcro.
Fritz wears a parka.
1.6 A Proof System

So far, we’ve been primarily concerned with the semantics of propositional cal-
culus. Now, we’ll deal with a syntactic notion. For the next several sections,
there won’t be any truth tables at all. Eventually, we’ll connect our study of
semantics with our study of syntax.
The syntactic topic we’re going to work on is the idea of proof. When a
mathematician writes a proof, he justifies a conclusion with a series of interme-
diate steps. Our proofs will be very formal, so we can specify in advance exactly
which steps are allowable. This will help us get a good handle on exactly what
constitutes a proof.
The proofs we’ll be doing will be fun, provided you keep your cool. Some-
times people get stuck and become frustrated. Ask any practicing mathemati-
cian, and he or she can tell you about being seriously stuck on a proof. It’s
O.K., and (almost) everybody survives. Remember, working on a proof is a
worthy endeavor. Sit back and enjoy the process.
The system L
A proof is a sequence of formulas with justifications. Each line in a proof in the
system L must be one of the following:
• an axiom of L,
• the result of applying Modus Ponens,
• a hypothesis (that is, a given formula), or
• a lemma.
The last formula in a proof is called a theorem. We write `L A if A is a

theorem. We write G1 , G2 , ..., Gn `L A if A can be proved in L from the given
formulas G1 , G2 , ..., Gn .
Axioms
There are three axioms in L:
Axiom 1: A → (B → A)
Axiom 2: (A → (B → C)) → ((A → B) → (A → C))
Axiom 3: (¬B → ¬A) → ((¬B → A) → B)
We can use any instance of an axiom in a proof. That is, A, B, and C can be
uniformly replaced by any formula we like. We’ll use A := p to denote replacing
A by the formula p. Here are three instances of Axiom 1 and the substitutions
used to create them.
p → (q → p) results from A := p and B := q.
B → (A → B) results from B := A and A := B.
A → (A → A) results from A := A and B := A.
(B → C) → (¬Q → (B → C)) results from A := B → C and B := ¬Q.
Modus Ponens
The rule of inference Modus Ponens says that if A and A → B are lines in
a proof, we can write B as a (later) line. Here A and B can represent any
formulas.
Rather than mess with a concocted example, let’s do a proof!
Our first proof

Theorem L 1. `L A → A
1. A → ((A → A) → A) Axiom 1
A := A and B := (A → A)
2. (A → ((A → A) → A)) → ((A → (A → A)) → (A → A)) Axiom 2
A := A, B := (A → A) and C := A
3. ((A → (A → A)) → (A → A)) Modus Ponens
Lines 1 and 2
4. A → (A → A)) Axiom 1
A := A and B := A
5. A → A Modus Ponens
Lines 3 and 4
Technically, the formal proof of A → A in L consists of just the sequence
of five propositions. As a courtesy to the reader, we include the justifications
(which axiom or rule of inference we used) and additional information (substi-
tutions and lines).
1.6. A PROOF SYSTEM 17
Lemmas
We’ve proved `L A → A. Now we can use any instance of A → A in future
proofs. In this case, we say that we’re using this theorem as a lemma. For
example,
Theorem L 2. `L (¬B → B) → B
1. ¬B → ¬B Theorem L1
A := ¬B
2. (¬B → ¬B) → ((¬B → B) → B) Axiom 3
A := B and B := B
3. ((¬B → B) → B) Modus Ponens
Lines 1 and 2
The use of lemmas is actually just a convenient shortcut. Rather than writing
the instance of Theorem L1 as the first line in the preceding proof, we could
write the five lines of the proof of Theorem L1, replacing all the uses of A in
that proof with ¬B. The justification for these lines would be unchanged from
our original proof of Theorem L1. In the resulting proof of L2, every single line
would be an axiom or a use of modus ponens. However, since we have already
written the proof of Theorem L1 once, it seems silly to recopy it. Consequently,
we use lemmas.
Proofs using hypotheses

Hypotheses (also called “given” formulas) must be used exactly as stated.
Here’s an example:
Theorem L 3. A → (B → C), A → B `L A → C
1. A → (B → C) Given
2. A → B Given
3. (A → (B → C)) → ((A → B) → (A → C)) Axiom 2
4. (A → B) → (A → C) Modus Ponens, lines 1 and 3
5. A → C Modus Ponens, lines 2 and 4
Here’s an important distinction. Hypotheses must be used as stated. In-
stances of hypotheses are not allowed. For example, in the preceding proof, we
cannot just write down A → C as an instance of the given formula A → B.
However, instances of lemmas are allowed.
Thus, we can use an instance of this theorem in a new proof. Here’s an
instance: A → ((B → A) → C), A → (B → A) `L A → C. In this instance,
we have used A := A, B := B → A, and C := C. Let’s use this in the following
proof.
Theorem L 4. A → ((B → A) → C) `L A → C
1. A → ((B → A) → C) Given
2. A → (B → A) Axiom 1
3. A → C Theorem L3
A := A, B := B → A, and C := C
Exercises.
Prove the following theorems. Remember, any theorem with a lower number
may be used in the proof. (Using earlier theorems can save a lot of work.)
Theorem L 5. B `L A → B
Theorem L 6. A → (B → C), B `L A → C
Theorem L 7. A → (B → C) `L B → (A → C)
Theorem L 8. A → B, B → C `L A → C
Theorem L 9. P → R `L P → (Q → R)
Theorem L 10. `L (¬B → ¬A) → (A → B)
Theorem L 11. `L ¬¬B → B
Theorem L 12. `L B → ¬¬B
1.7 The Deduction Theorem

In this section, we’ll learn about a wonderful shortcut, which comes in the form
of a theorem.
Theorem (Deduction Theorem, Herbrand 1930). If G1 , ..., Gn , A `L B,

then G1 , ..., Gn `L A → B.
Let’s try one.
Theorem L 13. `L (A → (B → C)) → (B → (A → C))
First we’ll prove A → (B → C), B `L (A → C).
2. B Given
3. A → C Theorem L6, lines 1 and 2

1.7. THE DEDUCTION THEOREM 19
We’ve proved A → (B → C), B `L (A → C). Applying the deduction

theorem, we obtain A → (B → C) `L B → (A → C). A second application
of the deduction theorem yields `L (A → (B → C)) → (B → (A → C)),
completing the proof of Theorem L13.
Let’s summarize. To prove P → Q, we can assume P , deduce Q, and then
apply the deduction theorem. Look at any math text. Any proof that starts
with “Let...” or “Assume that...” is using this technique.
The deduction theorem is not a theorem of the system L, it’s a theorem
about the system L. It says that if we have a proof of P `L Q, then we are
guaranteed that a proof of `L P → Q exists. This has two consequences. First,
since the deduction theorem is not really a rule, an axiom, or a theorem of L,
it is technically incorrect to use it as a justification for a line in a formal proof.
(Some books allow this, and it doesn’t cause frequent difficulties. However, it
can cause some problems and it’s just as easy to write our uses of the deduction
theorem outside the formal proof.) Second, the deduction theorem says we
could live without this shortcut. If we use the deduction theorem to show that
a proof `L P → Q exists, then sure enough, a formal proof in L of P → Q does
exist, and that formal proof doesn’t use the deduction theorem. The deduction
theorem does save time. Proofs that use it are often less than half as long as
those that do not.
How does the deduction theorem work?

The idea behind the proof of the deduction theorem is that we can always
convert a proof of something of the form G1 , . . . , Gn , A `L B into a proof of
G1 , . . . , Gn `L A → B. For example, we should be able to convert our proof
(from page 17) of Theorem L3, namely A → (B → C), A → B `L A → C,
into a proof of A → (B → C) `L (A → B) → (A → C). Furthermore, we
want to achieve this conversion in a systematic fashion that could be adapted
to any proof. We can achieve this by proving (A → B) → M for every line M
in the original proof. This doesn’t result in a short or elegant proof, but it’s
very systematic. Here is a proof of A → (B → C) `L (A → B) → (A → C)
based on our proof of L3 with some additional explanatory commentary.
Theorem. A → (B → C) `L (A → B) → (A → C).
Line 1 of the proof of L3 was A → (B → C), so we will want to prove

(A → B) → (A → (B → C)).
2. (A → B) → (A → (B → C)) L5, line 1
Good. We got what we wanted. Now, line 2 of the proof of L3 was A → B,

so next we want to prove (A → B) → (A → B).
3. (A → B) → (A → B) L1
Got it in one. Line 3 of the proof of L3 was Axiom 2, so we need to prove

(A → B) → [(A → (B → C)) → ((A → B) → (A → C))].
4. (A → (B → C)) → ((A → B) → (A → C)) Axiom 2
5. (A → B) → [(A → (B → C)) → ((A → B) → (A → C))] L5, line 4
Line 4 of the proof of L3 was (A → B) → (A → C), so we need to prove
(A → B) → [(A → B) → (A → C)]. The original justification was modus
ponens applied to line 1 and line 3. The justification for our new line
will be Theorem L3 applied to line 2 (the new version of line 1 from the
previous proof) and line 5 (the new version of line 3 from the previous
proof).
6. (A → B) → [(A → B) → (A → C)] L3, lines 2 and 5
The last line in the proof of L3 is A → C. We need to prove (A → B) →
(A → C). The original justification was modus ponens, so we will use L3
again.
7. (A → B) → (A → C) L3, lines 3 and 6
We’ve proved the line we wanted.
Since every proof in L can be rewritten using just hypotheses, axioms and
modus ponens, the techniques used in the preceding theorem can be adapted
to any proof. This explains why the deduction theorem always works. For
a detailed proof of the deduction theorem, we should really use some form of
induction on proof length. For more on this see [?], [?], and exercise ?? on page
??.
Exercises.
Prove the following theorems. You will enjoy using the deduction theorem.
Theorem L 14. `L A → ((A → B) → B)
Theorem L 15. `L ¬A → (A → B)
Theorem L 16. `L (A → B) → (¬B → ¬A)
Theorem L 17. `L A → (¬B → ¬(A → B))
1.8 Generalizing L
Our proof system, L, is pretty powerful. It works fine on formulas involving
only ¬ and → as connectives. Unfortunately, it doesn’t handle ↔, ∧, and ∨.
We can get around this problem by using the following abbreviations.
A ∧ B abbreviates ¬(A → ¬B)
1.8. GENERALIZING L 21
A ∨ B abbreviates (¬A) → B, and

A ↔ B abbreviates ¬((A → B) → ¬(B → A)).
Here is an example of how these are used in L.
Theorem L 18. A, B `L A ∧ B
The unabbreviated version of the theorem is A, B `L ¬(A → ¬B).
1. A Given
2. B Given
3. A → (¬¬B → ¬(A → ¬B)) L17
4. ¬¬B → ¬(A → ¬B) Modus Ponens, lines 1 and 3
5. B → ¬¬B L12
6. ¬¬B Modus Ponens, lines 2 and 5
7. ¬(A → ¬B) Modus Ponens, lines 6 and 4
Is this a reasonable approach to dealing with other connectives? Yes, but

only because the abbreviations are logically equivalent to their unabbreviated
forms. This can be verified via truth tables, as in the first three exercises below.
It’s also worth noting that the theorems of L proved in this section do a good
job of describing important aspects of mathematical practice. For example, a
mathematician who wants to prove a biconditional proves an implication, then
proves the converse, and then asserts the biconditional. This is exactly the plan
of attack described by Theorem L25.
Exercises.
1. Use a truth table to show that A∧B is logically equivalent to ¬(A → ¬B).
2. Use a truth table to show that A ∨ B is logically equivalent to (¬A) → B.
3. Use a truth table to show that A ↔ B is logically equivalent to ¬((A →
B) → ¬(B → A)).
4. Prove the following theorems.
Theorem L 19. A ∧ B `L A
Theorem L 20. A ∧ B `L B
Theorem L 21. A `L A ∨ B
Theorem L 22. B `L A ∨ B
Theorem L 23. A ↔ B `L A → B
Theorem L 24. A ↔ B `L B → A
Theorem L 25. A → B, B → A `L A ↔ B
5. This exercise shows that the connective ∧ has an associative property.

(a) Compare the unabbreviated forms of A ∧ (B ∧ C) and (A ∧ B) ∧ C.
(b) Prove A ∧ (B ∧ C) `L (A ∧ B) ∧ C. (Using L18, L19, and L20 yields
a much shorter proof.)
(c) Prove (A ∧ B) ∧ C `L A ∧ (B ∧ C). (Using L18, L19, and L20 yields
a much shorter proof.)
1.9 Soundness and Completeness of L

As we’ll see in the next section, L is not the only possible proof system for
propositional calculus. So why have we been working with L? There are two
reasons.
The first reason is pedagogical. L deals very well with conditionals and
negations. These connectives are the ones most used by mathematicians. Thus,
L forces us to concentrate on material with lots of mathematical applications.
The second reason is mathematical. As we’ll see in a minute, the theorems
of L are exactly the tautologies. So L is related in a pretty wonderful way to the
semantics we covered at the beginning of the course. We’ll state this relationship
in the form of two theorems.
Theorem (The Soundness Theorem for L). If `L A, then A is a tautology.
Also, if G1 , G2 , ..., Gn `L A, then (G1 ∧ G2 ∧ ... ∧ Gn ) → A is a tautology.
As a consequence of the Soundness Theorem, every formula we proved in L
is a tautology. Let’s look at at two examples.
Example. Verify that L19 is a tautology: `L (A ∧ B) → A

(A ∧ B) → A
T T T T T
T F F T T
F F T T F
F F F T F
Example. Verify that L11 is a tautology: `L ¬¬B → B
¬ ¬ B → B
T F T T T
F T F T F
Why does the Soundness Theorem always work? Here is a rough sketch of
the proof. Suppose that we have a proof in L of A. If we want, we can eliminate
any uses of the deduction theorem and any uses of lemmas from our proof, so
that the proof consists only of axioms and uses of modus ponens. Start at the
1.9. SOUNDNESS AND COMPLETENESS OF L 23
beginning of the proof. The first two lines have to be axioms, and all the axioms
of L are tautologies. (See exercises 1, 2, and 3 on page 9.) If the next line is
an axiom, then it is a tautology, too. The next line could be an application of
modus ponens to previous lines of the form P and P → Q, yielding Q. Since
the previous lines, namely P and P → Q, are both tautologies, Q must be a
tautology also. Proceeding in this fashion, we can prove that every line in the
proof is a tautology, including the last line, which is A. Thus, if L proves A,
then A must be a tautology.
Our next theorem is actually the converse of the Soundness theorem.
Theorem (The Completeness Theorem for L). If A is a tautology, then
`L A. Also, if (G1 ∧ G2 ∧ ... ∧ Gn ) → A is a tautology, then G1 , G2 , ..., Gn `L A.
We can use the Completeness Theorem for L to show that a formula can be
proved in L, without actually producing the proof! Actually, this happens all
the time in mathematics. Lots of theorems assert the existence of a set, or a
function, or a solution to a problem, or even a proof, without actually provid-
ing the desired object. People call these theorems “non-constructive existence
theorems.” This sort of theorem is surprisingly useful. It’s sort of like saying,
“I know there’s a vacuum cleaner in that closet, and I could find it if I really
needed it.”
Example. Use the Completeness Theorem for L to prove that L can prove
A → A (Theorem L1).
Solution: The truth table for A → A is:
A → A
T T T
F T F
A → A is a tautology, so by the Completeness Theorem, `L A → A.
This is shorter than our proof in L of Theorem L1, but in some ways less
satisfying. Often it is faster (or at least less boring) to produce the proof in L
than to write the truth table. For example, write down an instance of Axiom 1
with 10 letters in it. The truth table would contain 210 lines, but the proof in
L is just one line. In this case, it is easier to produce the proof than to apply
the Completeness Theorem to prove that the proof exists.
One way to prove the Completeness Theorem is to devise an algorithm that
converts truth tables into proofs in L. The proof in [?] which is based on [?]
uses this technique. Since such an algorithm exists, we could write a computer
program that would accept a formula as an input, determine if the formula
is a tautology, and if it is, construct and print a proof in L of the formula.
Unfortunately, the proofs supplied by the algorithm tend to be extremely long
and unintuitive. So far, we are superior to machines at providing short, elegant
proofs in L.
Suppose for a moment that `L A. By the Soundness Theorem, A is a
tautology. Thus, ¬A is a contradiction. In particular, ¬A is not a tautology.
By the contrapositive of the Soundness Theorem, L doesn’t prove ¬A. Thus, if
L proves A, then L doesn’t prove ¬A. Similarly, if L proves ¬A, then L doesn’t
prove A. Summarizing, we have that L can’t ever prove both A and ¬A. This
important property of L is called consistency, and is summarized in the following
theorem.
Theorem (Consistency of L). L is consistent. That is, there is no formula

A such that both `L A and `L ¬A.
Exercises.
1. Use the Completeness Theorem for L to show that L can prove Theorem
L7.
L13.
L15.
4. Is there a proof in L of (A ∨ B) → B?
5. Is there a proof of B `L A ∨ B?
6. Is there a proof of (A ∧ ¬A) `L B?
7. Is there a proof in L of A ∧ ¬A?
1.10 Modifying L
As noted in the previous section, L has some nice properties. How can we
modify L, retaining soundness and completeness? There are three reasonable
approaches: adding an axiom, discarding an axiom, and starting from scratch.
Adding an axiom
Suppose we add a tautology to L as a new axiom. Let’s call the new axiom
N EW . Suppose also that there is some formula A that we can prove in L,
using the new axiom. Then for some instance of N EW (call it N EW ∗ ) we have
N EW ∗ `L A. By the Deduction Theorem, `L N EW ∗ → A. Since N EW ∗
is a tautology, by the Completeness Theorem for L, `L N EW ∗ . We can put
together a short proof of `L A.
1. N EW ∗ Axiom NEW
2. N EW ∗ → A Lemma from preceding paragraph
3. A Modus Ponens, lines 1 and 2

1.10. MODIFYING L 25
So far, anything provable with the new axiom is provable in the original
axiom system. Also, anything provable in L must be provable in the new axiom
system. Thus, the new axiom system has exactly the same theorems as L.
What does this do for us? The new axiom system satisfies the completeness
and soundness theorems. It’s another reasonable axiom system. In reality, it’s
just L with a lemma disguised as an axiom. Big deal.
Suppose now that we add a formula that isn’t a tautology as a new axiom.
Remember that since we want to treat this new formula just like any other
axiom, we have to allow any instance of the new formula to appear as a line in a
proof. This always results in an inconsistent theory. (And inconsistent theories
don’t satisfy the Soundness Theorem.) Let’s look at a particular example.
Consider adding A → B to L as a new axiom. We can show that the resulting
theory is inconsistent: Notice that a particular instance of this new axiom is
A → ¬A (where ¬A is substituted for B. However, A → ¬A is not a tautology,
so this new theory is not sound:
A → ¬A
T F F
F T T
Let’s summarize. If we add a tautology to L, we get L. If we add a non-
tautology to L, we get garbage. It looks like adding axioms is not very profitable.
Discarding an axiom
Axiom 3 is particularly ugly. Can we throw it away? Unfortunately, the re-
sulting theory doesn’t satisfy the Completeness Theorem. Here’s another way
to descibe the situation. Axiom 3 can’t be proved from Axiom 1 and Axiom 2.
Also, since L is consistent, Axiom 1 and Axiom 2 can’t prove the negation of
Axiom 3. Logicians would say, “Axiom 3 is independent of Axiom 1 and Axiom
2.” Independence statements of this sort are often very challenging to prove.
Overall, discarding axioms yields systems that don’t satisfy the Complete-
ness Theorem. This isn’t such a hot way to modify L.
Starting from scratch

So far, we haven’t had much luck. Maybe the best thing is to dump L, and start
with a brand new axiom system. Lots of people have done this. Here are two
examples.
Axiom System. Kleene’s Axiom System for Propositional Calculus [?].
The axioms:
A → (B → A)
(A → (B → C)) → ((A → B) → (A → C))
(A ∧ B) → A
(A ∧ B) → B
A → (B → (A ∧ B))
A → (A ∨ B)
B → (A ∨ B)
(A → C) → ((B → C) → ((A ∨ B) → C))
(A → B) → ((A → ¬B) → ¬A)
¬¬A → A
Use the above axioms with Modus Ponens. The theorems of this system are
exactly the tautologies. In other words, completeness and soundness theorems
hold for this system. By using this system, we could avoid using abbreviations
to deal with conjunction and disjunction. If we wanted, we could add more
axioms to deal with biconditional or any other connectives we might like to
append.
Axiom System. Meredith’s Axiom System for Propositional Calculus [?].
Here’s the (only!) axiom:
((((A → B) → (¬C → ¬D)) → C) → E) → ((E → A) → (D → A))
Using the above axiom with Modus Ponens. The theorems of this system are
exactly the tautologies. Meredith’s system is very elegant with its single axiom
and single rule of inference. Unfortunately, it is not so easy to prove theorems
in this system or even to recognize instances of the axiom. For an exceptionally
challenging exercise, try proving L1 in Meredith’s system.
Exercises.
1. Show that Meredith’s axiom is a tautology
2. Write down two instances of Meredith’s axiom.
3. Prove the following using Kleene’s axiom system:
(a) A → A
(b) A → B, B → C ` A → C
(c) A → B ` ¬B → ¬A
1.11 Assessing Propositional Calculus
Propositional calculus is pretty nice. We’ve managed to talk about a lot of logic
without being terribly technical. Our proof system, L, is slick. It’s consistent,
and has a deduction theorem, a soundness theorem, and a completeness theorem.
Propositional calculus is useful for analyzing lots of different sorts of ar-
guments. In particular, we can use it to understand the structure of lots of
mathematical proofs. For example, we know that mathematicians use the De-
duction Theorem every day to prove implications. Also, mathematicians follow
the format of L25 to prove biconditional statements.
1.11. ASSESSING PROPOSITIONAL CALCULUS 27
The big disadvantage of propositional calculus is that it glosses over any fine
distinctions. It’s just not very expressive. For example, suppose we want to use
propositional calculus to formalize the statement “if n > 0 then n + 1 > 0.” If
we let P denote n > 0 and Q denote n+1 > 0, then our formalization is P → Q.
This certainly shows us that the statement is an implication, but it hides the
fact that the hypothesis and the conclusion are both talking about n. In order
to overcome this limitation, we need a logical system that includes variables.
Exercises.
1. Use propositional calculus to formalize the following argument.
Socrates is a man.
All men have ugly feet.
Socrates has ugly feet.
2. Is the argument in exercise 1 valid? Should it be?
Chapter 2
Predicate Calculus
Propositional calculus can express only the simplest of statements. Predicate

calculus overcomes this difficulty by introducing variables and quantifiers. Vari-
ables will be used to represent an arbitrary object in the set of objects being
studied, called the universe. Quantifiers will allow us to talk about a property
holding for all objects or that there exists an object for which the property holds.
The addition of quantified variables makes the language of predicate calculus
sufficiently rich to express almost any mathematical notion.
We’ll use our study of propositional calculus as a map for our study of
predicate calculus. As before, we need to start by specifying what the formulas
look like. Then we can talk about some semantics, looking for a notion that
parallels the idea of tautologies. We’ll do some formula rewriting, and then turn
to proofs. The proof system we concoct will be consistent and have a deduction
theorem, a soundness theorem, and a completeness theorem. We’ll also cook up
some shortcuts to make proofs easier to write. By then, it will be time to start
a new chapter.
2.1 Building Blocks

What sort of symbols are used in predicate calculus? Roughly, what do the
symbols represent? Here are the answers:
Predicates
We use capital letters, (A, B, C, etc.) to represent predicates. A predicate
letter will usually be associated with a list of at least one variable. For example,
A(x) B(x, y, z) Q(n)
are all acceptable constructions. A predicate is used to represent a property

of its variable(s) or a relationship between its variables. For example, P (x, y)
29
30 CHAPTER 2. PREDICATE CALCULUS
might represent the statement “x < y” or the statement “x and y are kinds of
fish.”
Sometimes, we’ll use special predicate symbols like =, ≤, or >. Rather than
writing the symbol in front of the variables, we’ll put it between the variables.
Thus, we would write x = y rather than = (x, y). Writing the predicate in front
is called prefix notation. Writing it in the middle is called infix notation. No
matter which notation we use or which symbols we use, we should specify any
intended meaning of the predicate symbols.
Terms
The list after a predicate symbol can include more than just variables. Any
term can be used in the list. Terms are either variables, constants, or functions
applied to terms.
• Variables are small letters (like x, y, and z) representing an arbitrary

object from the universe.
• Constants are underlined letters (like a, b, and c) representing a particular

object from the universe.
• Functions are small letters (like f , g, and h); functions take as input a list
of terms and have a unique output.
Despite the fact that functions and variables are both denoted by small
letters, it is easy to keep them straight. Functions have lists associated with
them, just like predicates. For example, f (x, y) is a function f applied to
the variables x and y. Functions can act on other terms, too. For example,
g(x, a, h(z)) is the function g applied to the variable x, the constant a, and the
function h, where h is a function applied to z.
Functions and predicates differ in one very important respect. The value
of a function is an object, while the value of a predicate is a truth value. For
example, if we want to represent “the father of x,” it makes sense to use a
function like f (x). On the other hand, if we want to say “x is a father,” we
would use a predicate symbol, like P (x). If f (Chelsea) is Bill, then P (Bill) is
true.
What sort of objects these terms represents depend upon the context, i.e.,
the universe of objects that we are examining. If we’re talking about numbers,
x would represent a number. If we’re talking about milkmen, x would represent
a milkman. A variable represents a non-specific object, like some milkman.
A constant represents a particular object, like “Waldo the milkman who lives
up the street.” A function represents an object that is somehow related to the
objects in its variable list. For example, if x represents a milkman in the universe
of milkmen, then f (x) could represent the milkman who took over x’s old route.
If w represents Waldo the milkman, then f (w) represents the milkman who took
over Waldo’s old route.
2.2. TRANSLATIONS 31
Connectives
The connectives are ∧, ∨, →, ↔, and ¬. These are the same connectives we
used in propositional calculus, and they mean exactly the same thing.
Quantifiers
We’ll use ∀ and ∃ as our quantifier symbols. Quantifier symbols must be followed
by a single variable (never a constant or a function).
∀x is read as “for all x.”
∃x is read as “there exists an x.”
We’ll build all our formulas from the sorts of symbols listed above, inserting
parentheses where we need them. If we need to represent an entire formula with
a single letter, we’ll just use a capital letter (A, B, C, etc.). If there is any
possibility confusing a whole formula with a predicate, we’ll be sure to include
extra explanation. Usually, we will use A(x, y, z) to represent a formula that
includes the variables x, y, and z.
Rather than being really technical about what constitutes a properly con-
structed formula, let’s look at some examples.
2.2 Translations
We can translate English statements into predicate calculus, and vice versa. In
either case, we must be careful to specify what the symbols represent.
Predicate calculus into English.

Example. Assuming that the universe consists of the real numbers, and that
·, −, 0, 1, and = have their usual meaning, we’ll translate the following into
English.
(a) ∀x(x · 0 = 0)
For all real numbers x, x times 0 equals 0.
(b) ∀x(x · x − x = 0 → (x = 0 ∨ x = 1))

For all real numbers x, if x · x − x = 0 then either x = 0 or x = 1.
(c) ∀x∃y(x · y = 1)
For all real numbers x, there is a real number y such that x · y = 1.
Example. Assuming that the universe consists of the natural numbers N =

{0, 1, 2, ...}, f (x) means x + 1, and B(x) means x = 0, translate the following
into English.
(a) ∀x¬B(f (x))

For all natural numbers x, it is not true that x + 1 = 0.
We can make it sound more natural: For all natural numbers x, x + 1 6= 0.
(b) ∃xB(f (x))

There is a natural number x, such that x + 1 = 0.
(c) ∃x¬B(f (x))

There is a natural number x, such that x + 1 6= 0.
Most of the translations we have done to this point involved one quantifier.
Before proceeding let’s consider the following example, which will clarify the
convention on how to interpret multiple quantifiers:
Example. Let the universe be the set of all people, and the predicate L(x, y)
stand for x loves y (and equivalently, y is loved by x). Here are all of the possible
versions with x and y quantified. Notice the careful treatment of the translation
in each case. “Loves” is not assumed to be reflexive here.
Both variables quantified with ∀:
∀x∀yL(x, y): Everyone loves everyone.
∀y∀xL(x, y): Everyone is loved by everyone.
These sentences mean the same thing, and this will be true for all interpreta-
tions, as we will prove more formally later.
Both variables quantified with ∃:
∃x∃yL(x, y): Someone loves someone.
∃y∃xL(x, y): Someone is loved by someone.
Again, these sentences mean the same thing, and this will be true for all inter-
pretations, as we will prove more formally later.
First variable quantified with ∀:
∀x∃yL(x, y): Everyone loves someone.
∀y∃xL(x, y): Everyone is loved by someone.
These sentences do not mean the same thing. In the first case a more formal
translation would be “Every person has someone that they love.” In the second
case, “Every person has someone who loves them.” The order of the variables
is important here.
First variable quantified with ∃:
∃x∀yL(x, y): Someone loves everyone.
∃y∀xL(x, y): Someone is loved by everyone.
Again, these sentences do not mean the same thing. In the first case we have
“there is someone who loves all people.” In the second case, “there is someone
who is loved by everyone.” Notice also that none of the four alternations of
quantifiers means the same thing. Order is extremely important!
English into predicate calculus

Example. Let’s begin by formalizing: For all natural numbers n, n ≤ n2 .
We have several choices for formalizing this statement. Let the universe be all
2.2. TRANSLATIONS 33
natural numbers. Let s(x) be the function x2 and P (x, y) be the predicate for
x ≤ y. We can formalize the statement as:
∀x P (x, s(x)).
On the other hand, we can use the ≤ and square symbols with their usual
meanings directly and use n as our variable name:
∀n(n ≤ n2 ).
What if we needed the universe to be all real numbers rather than all natural
numbers? How could we adapt the first version to handle this? We would need
to have a new predicate for “x is a natural number.” Let N (x) stand for this:
∀x(N (x) → P (x, s(x))).
Example. Now let’s try a more complex example: Socrates is a man. All men
have ugly feet. Socrates has ugly feet. Again, we can proceed in several ways.
Let the universe be the set of all people. Let U (x) be the predicate x has ugly
feet. Let M (x) be the predicate x is a man. Let s be the constant in the universe
representing the man Socrates. Then the three statements above translate as
follows.
M (s) ∀x(M (x) → U (x)) U (s)
Example. Let’s look at a statement that uses a function in a non-mathematical
universe. Translate: Each man has a father. There are a variety of ways proceed.
Let the universe be all men. Let f (x) be the function “ father of x.” Let S(x, y)
mean is that x same person as y. Then we can formalize the statement as
∀x∃yS(y, f (x)).
Exercises.
1. Assuming that the universe consists of all people, f (x) means “father of
x,” and B(x) means “x is the chancellor,” translate the following into
English.
(a) ∀x¬B(f (x))
(b) ∃xB(x)
(c) ∃x¬B(x)
2. Assuming that the universe consists of all people, f (x) means “father of x,”
D(x) means “x is tiny,” and w represents Waldo, translate the following
into English.
(a) ∀x(D(x))
(b) D(w)
(c) ∀x(D(f (x)) → D(x))
(d) ¬∃x(D(x))
3. Assuming that the universe is the set of natural numbers, E(x) means “x
is even,” O(x) means “x is odd,” and S(x) means “x is a multiple of 3,”
translate the following into English.
(a) ∀x(E(x) ∨ O(x))
(b) ∀x(S(x) → O(x))
(c) ∃x(S(x) ∧ ¬E(x))
(d) ∀x(O(x)) → ∀x(E(x))
4. Assume the universe is all real numbers and L(x, y) means x is less than
y. Match each formula in the first list with a translation in the second
list.
(a) ∀x∀yL(x, y)
(b) ∀y∀xL(x, y)
(c) ∃x∃yL(x, y)
(d) ∃y∃xL(x, y)
(e) ∀x∃yL(x, y)
(f) ∀y∃xL(x, y)
(g) ∃x∀yL(x, y)
(h) ∃y∀xL(x, y)
i. There is a real number that is greater than any real number.
ii. There is a real number that is less than any real number.
iii. Given any real number, we can find a greater real number.
iv. Given any real number, we can find a lesser real number.
v. If x and y are reals, then x is less than y.
vi. There are reals x and y such that x is less than y.
5. Formalize: No elbow is an ankle.
6. Assume that the universe is the set of all fish. Using the information
below, formalize each of the given statements.
• T (x) means “x is a trout”
• S(x) means “x is shiny”
• J(x) means “x jumps”
(a) Formalize: All fish are trout.

(b) Formalize: Some trout are shiny.
(c) Formalize: Not all trout jump.
(d) Formalize: No trout jump.
2.3. A BRIEF INTERLUDE: TRUTH 35
7. Formalize: If x is a non-zero real number, then for some y, x · y = 1.
8. Formalize the four statements below, assuming that the universe is all
men.
(a) All men are giants.

(b) No men are giants.
(c) Some men are giants.
(d) Some men are not giants.
9. Repeat exercise 8 assuming that the universe is all living things.
10. Formalize the following:
(a) Everyone is respected by someone.

(b) Someone is respected by everyone.
(c) No one is respected by everyone.
(d) Someone is respected by no one.
(e) Everyone should help her neighbors or her neighbors will not help
her.
(f) All parents love their children.
(g) No number is divisible by zero.
2.3 A brief interlude: Truth

What is truth? Nice question; let’s ignore it.
When is a formula true? This seems like an easier question. When we were
translating formulas into English, it seemed like it would be easy to assign a
truth value to the translated formulas. This is a good observation. A formula
might be true or false, depending on how we interpret the symbols. Before we
can nail down the notion of truth, we need to talk some more about interpreta-
tions.
Here’s another problem. Suppose our universe is the real numbers and the
symbols = and 2 have their usual meaning. Is the formula ∀x(x = 2) true? It’s
reasonable to say no. We know that 3 6= 2, so it is not the case that for all real
numbers x, x = 2. Now consider the formula ∃x(x = 2). Is this formula true?
It’s reasonable to say yes, this time. There is a real number x, such that x = 2.
What about the formula x = 2? Is x = 2 true or false? It’s reasonable to say
“none of the above.” The truth value of x = 2 depends on what you plug in for
x. So, we had no problems with truth values for ∀x(x = 2) and ∃x(x = 2), but
x = 2 gives us fits. Truth must have something to do with quantifiers. We’d like
a way to tell if a formula is going to cause problems, just by looking at where
the quantifiers are.
So now we have two tasks. First, let’s look at how quantifiers act on for-
mulas. Then we’ll specify exactly what information we need to generate good
translations of formulas. That’s what is in the next two sections. Once we have
the tools we need, we’ll talk about truth.
2.4 Free variables

Usually, when we write quantifiers, we put a pair of parentheses afterwards
indicating the part of the formula that the quantifier affects. The stuff in the
parentheses is called the scope of the quantifier. Let’s look at some examples.
Example. Indicate the scope of ∀x in the formula:
∀x(P (x) → ∀y(R(x) ∨ Q(y))) ∧ B(x)
Because of the parentheses, the scope of ∀x in this example stops just before
the ∧:
∀x(P (x) → ∀y(R(x) ∨ Q(y))) ∧ B(x)
Example. Indicate the scope of ∀y in the formula:
∀x(P (x) → ∀y(R(x) ∨ Q(y))) ∧ B(x)
This time, we can just match the parentheses following the ∀y quantifier.
∀x(P (x) → ∀y(R(x) ∨ Q(y))) ∧ B(x)
Sometimes, if there are several quantifiers, we leave out some parentheses.
If we put the parentheses back in, it’s easy to find the scopes.
Example. Indicate the scope of ∀x in the formula:
∀x∃y(D(x, y)) ∧ B(x)
Again, the B(x) is not within the scope of the ∀x:
∀x∃y(D(x, y)) ∧ B(x)
Whenever a variable occurs in the scope of a quantifier on that variable, we
say that the occurrence of the variable is bound. Any occurrence of a variable
which is not bound is called free. We could also say this as follows. The
quantifier ∀x captures all the xs in its scope. (It ignores any ys or other variables,
and it ignores everything that’s not in its scope.) Any x that is captured is
bound. Any x that isn’t bound is free. The terminology is the same for other
quantifier and variable combinations, like ∀y or ∃z.
Example. Underline the free occurrences of variables in the formula:
∀x(P (x) → ∀y(R(x) ∨ Q(y))) ∧ B(x)
Since P (x) and Q(x) occur in the scope of the first ∀x and Q(y) is within
the scope of ∀y, only the x in B(x) is free. Thus, our answer is:
∀x(P (x) → ∀y(R(x) ∨ Q(y))) ∧ B(x)
2.4. FREE VARIABLES 37
Example. Underline the free occurrences of variables in the formula:
∃x∀yM (x, y, f (x, z)) ∨ G(x, y, z)
The predicate M (x, y, f (x, z)) is included in the scope of quantifiers on the
variables x and y. The predicate G(x, y, z) is not in the scope of any quantifier.
Underlining the free variables gives us:
∃x∀yM (x, y, f (x, z)) ∨ G(x, y, z)
One more piece of terminology. A formula with no free variables is called

closed. (Some people call closed formulas sentences.) Using this terminology,
we can see that ∀x(x = 2) is closed, ∃x(x = 2) is closed, and x = 2 is not closed.
Exercises.
1. Underline the free occurrences of variables in the following formulas.
(a) ∀x(P (x, y) → ∃z(P (x, z)))
(b) ∃x∀y(P (x, y) ∨ P (y, x) ∨ Q(z, z))
(c) ∀y(P (x, y) → ∀x(P (x, y)))
(d) Q(z, 0) → ∃x(Q(z, x))
(e) P (f (x), x) ∨ ∃y(P (f (y), y))
(f) ∃y(P (x, y) → ∃x(P (x, z)))
(g) ∃z∃w(R(x, y, z))
(h) B(x) ∨ ∀x(P (x, y))
(i) ∀z(P (z, f (z)) ∨ P (z, y))
(j) ∀x(P (x, g(0, x, y)) ∨ B(y) ∨ ∃y(B(y)))

2. Which of the following formulas are sentences?
(a) ∃xP (x, y)
(b) ∀y∃xP (x, y)
(c) ∀y∃xP (0, y)
(d) ∀y∃xP (z, y)
(e) ∀yP (0, y)
(f) ∀yP (x, 0)
(g) ∃xP (x, 0)
(h) ∃xP (0, y)
2.5 Models
Back in section 2, we were given information that we used to translate formulas
into English. A list of information used in translations is called a model. Our
models must include:
• a universe,
• interpretations of all predicate symbols,
• interpretations of all function symbols, and
• interpretations of all constant symbols.
There are a few rules. The interpretations of the predicate symbols must make
sense for everything in the universe. The interpretations of the function symbols
must be functions that are defined for everything in the universe and take values
in the universe. Finally, the constants must be specific elements of the universe.
There is a lot of freedom in defining a model. We can make the predicates,
functions, and constants mean pretty much whatever we like. Notice that we
don’t get to redefine the quantifiers or connectives, though. ∀x always means
“for all x”, and ∨ always means “or”. Some things never change.
Example. Construct three different models where the formula
∀x∃y(P (x, y) ∨ B(x))
can be interpreted. Give three corresponding translations of the formula.
1. Let the universe be all real numbers, let P (x, y) represent x is greater than
y, and let B(x) represent x is rational. A translation in this model is:
For all real numbers x, there is a corresponding real number y where either
x is greater than y or x is rational.
2. Let the universe be all people, let P (x, y) represent x is y’s father, and let
B(x) represent x is deceased. A translation in this model is:
For all people x, there is a corresponding person y where either x is y’s
father or x is deceased.
3. Let the universe be cans of soup, let P (x, y) represent x was canned after
y, and let B(x) represent x is too old to eat. A translation in this model
is:
For all cans of soup x, there is a corresponding can y where either x was
canned after y or x is too old to eat.
Example. Construct three different models where the formula
∀x∃yL(f (x, 0), y)

2.5. MODELS 39
1. Let the universe be real numbers, f (x, y) denote x·y (usual multiplication),
0 denote 0, and L(x, y) denote x > y (usual inequality). A translation in
this model is:
For every real number x, we can find a real number y such that x · 0 > y.
(Note that this statement is true in this model.)
2. Let the universe be {0, 1, 2, 3, · · · } (natural numbers), and f (x, y) denote x·

y (usual multiplication). Note that for every pair of natural numbers, this
function gives a natural number value. We couldn’t have picked something
like x−y here. Let 0 denote 0, and L(x, y) denote x > y (usual inequality).
A translation in this model is:
For every natural number x, we can find a natural number y such that
x · 0 > y. (Note that this statement is false in this model.)
3. Let the universe be all people and suppose f (x, y) denotes the youngest
person in the set {y, the father of x}. Note that for any pair of people
chosen, the function yields a person. Let 0 denote Zeno, and let L(x, y)
denote “x was born before y was born.” A translation in this model is:
For every person x, we can find a person y such that the younger of x’s
father and Zeno was born before y was born. (This statement is true in
this model, since if x’s father is younger than Zeno we can set y to be x,
and otherwise we can let y be Einstein.)
Exercises.
1. Construct three different models where the formula
∀x(S(x) → ∃y(C(x, y)))
∀x∃y(x = y ∨ x + 1 > y)
can be interpreted. Be sure to indicate meanings for the predicate =, the

predicate >, the function x + y, and the constant symbol 1. Give three
corresponding translations of the formula.
∀x∃y(x = y ∧ f (x) = y)

2.6 Truth and Sentences

Recall that a sentence is a formula with no free variables. Generally speaking,
it is easy to determine if a sentence is true provided that we are told what the
various symbols represent. We say that a sentence A is true in the model M,
if the translation of A using the information from M is true. Similarly, we say
that a sentence B is false in the model M, if the translation of B using the
information from M is false.
Remember, the definitions above only work for sentences, so any free vari-
ables could throw a serious kink in things. Also, it’s good to note that these
definitions always work, so given any sentence A and any model M , either A is
true in M , or A is false in M .
You may feel that these definitions are too informal. That’s reasonable.
“Tarski’s truth definition” is a much more precise way of presenting the same
concept. Good sources for more information on Tarski’s definition include [?]
and [?].
Here are some examples.
Example. Let M be the model where the universe is the collection of people,
C(x) means x is a chancellor, and L(x) means x lives on a university campus.
Decide if the following sentences are true in M or false in M .
1. ∀xC(x)
“All people are chancellors” is false.
2. ∀xL(x)
“All people live on university campuses” is false.
3. ∃x(C(x) ∧ L(x))
“There is someone who is both a university chancellor and lives on a
campus” is true.
4. ∃x(L(x) ∧ ¬C(x))
“There is someone who both lives on a campus and is not a chancellor” is
true.
5. ∀x(L(x) → C(x))
“Living on a campus implies one is a chancellor” is false.
Alternately, “every person who lives on a campus is a chancellor” is false.
Example. Let M be the model where the universe is the natural numbers,
C(x) means x is a multiple of 10, and L(x) means x is even. Decide if the
following sentences are true in M or false in M .
1. ∀xC(x)
“All natural numbers are multiples of 10” is false, since 9 is not a multiple
of 10.
2.6. TRUTH AND SENTENCES 41
2. ∀xL(x)
“All natural numbers are even” is false, since 3 is not even.
3. ∃x(C(x) ∧ L(x))
“There is a natural number that is both even and a multiple of 10” is true.
For example, 20 is such a number.
4. ∃x(L(x) ∧ ¬C(x))
“There is a natural number that is both even and not a multiple of 10” is
true. For example, 4 is such a number.
5. ∀x(L(x) → C(x))
“For all natural numbers, being even implies being a multiple of 10” is
false, since 4 is even but not a multiple of 10.
Exercises.
1. Let K be the model where the universe is the natural numbers, G(x, y)
means x is greater than y and h(x) represents the function x + 1. Decide if
the following sentences are true in K or false in K. Justify your answers.
(a) ∀x∀yG(x, y)
(b) ∀xG(h(x), x)
(c) ∀x∃yG(x, y)
(d) ∀y∃xG(x, y)
(e) ∀x∀y(G(x, y) → ∃z(G(x, z) ∧ G(z, y)))
2. Let K be the model where the universe is the real numbers, G(x, y) means
x is greater than y and h(x) represents the function x + 1. Decide if the
following sentences are true in K or false in K. Justify your answers.
(a) ∀x∀yG(x, y)
(b) ∀xG(h(x), x)
(c) ∀x∃yG(x, y)
(d) ∀y∃xG(x, y)
(e) ∀x∀y(G(x, y) → ∃z(G(x, z) ∧ G(z, y)))
3. Find a model M where the sentence ∀x∃yA(x, y) is true, and the sentence
∃y∀xA(x, y) is false.
4. Can you find a model M where the sentence ∀x∃yA(x, y) is false, and the
sentence ∃y∀xA(x, y) is true? Explain.
2.7 Truth and free variables

Our definitions of true and false in models only apply to sentences. Now we
want to extend these definitions to formulas with free variables. Suppose that
A(x) is a formula with the free variable x. Suppose that M is a model.
• We say that A(x) is true in M if ∀xA(x) is true in M .
• We say that A(x) is satisfiable in M if ∃xA(x) is true in M .
• We say that A(x) is false in M if ∃xA(x) is false in M .
Note that if A(x) is true in M , then A(x) is satisfiable in M . The con-

verse of this statement is not always true. In cases where our formulas have
more than one free variable, we just tack more quantifiers on the front. For
example, A(x, y, z) is true in M if ∀x∀y∀zA(x, y, z) is true in M , A(x, y, z) is
satisfiable in M if ∃x∃y∃zA(x, y, z) is true in M , and A(x, y, z) is false in M if
∃x∃y∃zA(x, y, z) is false in M .
Example. Let M be the model where the universe is the real numbers, G(x, y)
means x > y, and h(x) represents the function x + 1. Classify the following
formulas as true in M , false in M , or satisfiable in M .
1. G(x, x)
This is false in the model, because there does not exist a real number that
is less than itself.
2. G(x, h(x))
This is false in the model, because there does not exist a real number that
is greater than one plus itself.
3. G(0, x)
This is satisfiable in the model, because 0 is greater than negative two
plus one, so there is a number for which the formula is true. Also, not all
real numbers work, so the formula is satisfiable but not true.
4. G(h(x), 0)
This is satisfiable in the model, because one plus one is greater than zero,
so there is a number for which the formula is true. Also, not all real
numbers work, so this formula is satisfiable but not true.
5. G(x, y)
This is satisfiable in the model, because we can find numbers x and y
where x < y. Also, not all real numbers would work, so the formula is
satisfiable but not true.
2.7. TRUTH AND FREE VARIABLES 43
Example. Let K be the model where the universe is the natural numbers
N = {0, 1, 2, ...}, G(x, y) means x > y, and h(x) represents the function x + 1.
Classify the following formulas as true in K, false in K, or satisfiable in K.
This is the same set of formulas as in the previous example; note how the truth
values are different.
1. G(x, x)
False – same as part 1 above.
2. G(x, h(x))
False – same as part 2 above.
3. G(0, x)
False – not the same as part 3 above because we are now looking at the
natural numbers, which do not include the negative numbers.
4. G(h(x), 0)
True – not the same as part 4 above because we are now looking at the
natural numbers, which do not include the negative numbers.
5. G(x, y)
Satisfiable but not true– same as part 5 above.
Exercises.
1. Consider the formula P (x, 0). Find a model where this formula is true, a
model where it is satisfiable but not true, and a model where it is false.
2. Consider the formula ∀xS(x, y). Find a model where this formula is true,
a model where it is satisfiable but not true, and a model where it is false.
3. Consider the formula ∃yR(x, y). Find a model where this formula is true,
a model where it is satisfiable but not true, and a model where it is false.
4. Consider the formula x = 2. Find a model where this formula is true,

a model where it is satisfiable but not true, and a model where it is
false. (Hint: Every model in which this statement can be interpreted
must contain an element which is represented by the constant symbol 2.
Consequently, in a model where the formula is false, the meaning assigned
to the predicate symbol = must be different from equality. Some logicians
feel that = is such a special symbol that this sort of redefinition should
never be allowed.)
2.8 Logical validity

As we have seen, many formulas are true in some models and false in others.
Here’s a reasonable question: Are some formulas true in every model? The
examples considered in the preceding sections tend to indicate that the answer
is no. We have always been able to contrive models where our formulas are
false. However, the examples that we looked at were not a random sample.
Consider the formula:
∀xA(x) ∨ ¬∀xA(x)
It is true in all models because without specifying the formula interpretations
we can still determine the truth value. The left formula, ∀xA(x), is always going
to be translated as property A is true for all x. The right formula, ¬∀xA(x), is
always going to be translated as property A is not true for all x – which covers
the case that property A is never true as well as the case that property A doesn’t
hold in some cases. It is clear that either the left disjunct or the right disjunct
must be true, regardless of the particular interpretations in a given model.
Formulas like the one above are very important. From just the structure of
the formula (syntax), we can draw conclusions about the truth of the formula
(semantics). It would be nice to have some good vocabulary for talking about
these formulas.
We say that a formula is logically valid (or just valid) if it is true in every
model. We say that a formula is contradictory if it is false in every model. Note
that some formulas are neither logically valid nor contradictory.
The notion of a logically valid formula is particularly important for us. Re-
call that tautologies were formulas of propositional calculus which were true no
matter what truth assignments we made to the statement letters. Similarly, log-
ically valid formulas are true no matter which model we consider. The logically
valid formulas play the same role in predicate calculus that the tautologies play
in propositional calculus. We have found the parallel to tautologies that was
promised at the beginning of the chapter.
In one way, tautologies and logically valid formulas are very different. To
show that a formula is a tautology, all we need to do is construct the truth table.
To show that a formula is logically valid, we must show that it is true in every
possible model, regardless of the choice of the universe or however bizarre the
interpretations of the predicates might be. This sounds like a challenging job.
Here are two more definitions that will help us experiment with logically
valid formulas. We say that a formula A logically implies a formula B if the
formula A → B is logically valid. We say that a formula A is logically equivalent
to a formula B if the formula A ↔ B is logically valid.
Using the preceding definitions, we can show that if A logically implies B
and B logically implies A, then A and B are logically equivalent. Suppose that
A logically implies B and B logically implies A. Then the formulas A → B and
B → A are logically valid. Pick any model M . Because they are logically valid
formulas, both A → B and B → A must be true in M . On the basis of the
truth table for A ↔ B, it follows that A ↔ B is true in M . This reasoning
2.9. FORMULAS THAT AREN’T LOGICALLY VALID 45
holds for any model M we might select, so A ↔ B is true in every model. By

the definition of logical equivalence, this shows that A is logically equivalent to
B.
Exercises.
1. Give an example of a logically valid formula.
2. Give an example of two logically equivalent formulas.
3. Give an example of formulas A and B such that A logically implies B, but
B does not logically imply A.
2.9 Formulas that aren’t logically valid

As noted in the previous section, to show that a formula is logically valid, we
must show that it is true in every possible model. Consequently, to show that
a formula is not logically valid, all we need to do is construct one model where
the formula is not true. We already know how to build models, so this task is
not so difficult.
Before doing some examples, we should compare this to our experience with
propositional logic. Note that constructing a model to show that a formula is
not logically valid corresponds roughly to finding one line in a truth table that
shows that a propositional formula is not a tautology. Thus the model building
in the following examples is like the “line building” we did in Chapter 1.
Example. Show that ∀x(A(x) ∨ B(x)) is not logically valid.
Consider the universe of real numbers, and let A(x) mean x is odd and B(x)
mean x is an integer multiple of 10. “All real numbers are either odd or an
integer multiple of 10” is false. For example, 4 is neither odd nor an integer
multiple of 10. We have found a model in which the sentence is false, so the
sentence is not logically valid.
Example. Show that ∀x∃yC(x, y) does not logically imply ∃y∀xC(x, y).
We will need to construct a model where ∀x∃yA(x, y) is true, but ∃y∀xA(x, y)
is false. Here is an entertaining graphical technique for building finite models.
Let the universe be {0, 1}. Draw an arrow from from 0 to 1 and a second arrow
from 1 to 0. Let A(x, y) mean that there is an arrow from x to y. For every
choice of x, there is an arrow that starts at x, so ∀x∃yA(x, y) is true in this
model. On the other hand, A(0, 0) and A(1, 1) are both false, so ∃y∀xA(x, y) is
false.
0 1
Exercises.
1. Show that ∀x(A(x) ∧ B(x)) is not logically valid.
2. Show that ∀x∃yC(x, y) is not logically valid.
3. Show that ∃x(A(x) → B(x)) does not logically imply (∃xA(x)) → (∃xB(x)).
4. Show that ∀x∃yC(x, y) does not logically imply ∃zC(z, z).
5. Show that (∀xA(x)) ↔ (∀xB(x)) is not logically equivalent to ∀x(A(x) ↔
B(x)).
6. Show that the formula
∃x∀y((C(x, y) ∧ ¬C(y, x)) → (C(x, x) ↔ C(y, y)))
is not logically valid. (Warning: This one is tough.)
2.10 Some logically valid formulas

In the previous section, we found a method for showing that a formula is not
logically valid. Our model theoretic method works on any formula, provided
that it’s not logically valid. This is not very satisfying. What we would really
like is a method for showing that a formula is logically valid. Eventually, we
will develop a technique for doing just that. In the mean time, it would be nice
to have a method for showing that some formulas are logically valid. In this
section, we will list (an infinite number of) logically valid formulas.
We say that a formula is an instance of a tautology if it is the result of
uniformly replacing the statement letters in a propositional tautology with for-
mulas of predicate calculus. Note that determining whether or not a formula is
an instance of a tautology depends only on its structure. We only consider the
shape of the formula, ignoring meaning and models.
The formula p → p is a tautology, so anything with this pattern is. Here are
two instances of tautologies based upon this pattern:
∃x∀yQ(x, y) → ∃x∀yQ(x, y)
A(x) → A(x)
Similarly, A → (B → A) is a tautology, so
∀x∃yC(x, y) → (∀xA(x) → ∀x∃yC(x, y))
is an instance of a tautology.
Here is the fact that makes instances of tautologies interesting. Every in-
stance of a tautology is logically valid. Since we can easily construct instances
of tautologies, we can easily list lots of logically valid formulas. We’ve already
seen three:
∃x∀yQ(x, y) → ∃x∀yQ(x, y)
2.10. SOME LOGICALLY VALID FORMULAS 47
A(x) → A(x)
∀x∃yC(x, y) → (∀xA(x) → ∀x∃yC(x, y))
Note that the formula A(x) → A(x) has a free variable. Since we know it
is logically valid, we know it is true in every model. Now A(x) → A(x) is true
in a model M exactly when ∀x(A(x) → A(x)) is true in M . Formulas that are
true in every model are logically valid, so ∀x(A(x) → A(x)) is logically valid.
The reasoning of the preceding paragraph works for any formula and any
variable. If we know that P is a logically valid formula, then so are the formulas
∀xP , ∀yP , ∀x∀yP , and so on. We can use this rule to build logically valid
formulas that are not instances of tautologies. For example, A(x) → A(x) is an
instance of a tautology, ∀x(A(x) → A(x)) is not an instance of a tautology, but
both are logically valid.
Here’s another way to build more logically valid formulas. If a formula P
is true in a model M , then it is satisfiable in M . Since P is satisfiable in M ,
the formula ∃xP is true in M . Consequently, if P is logically valid, then so is
∃xP . As with adding universal quantifiers, this works for any formula P and
any variable x. We can combine this with our previous work to build more
complicated logically valid formulas. For example, ∀x∃y(C(x, y) → ¬¬C(x, y))
is logically valid, but not an instance of a tautology.
Summarizing, any instance of a tautology is logically valid. Any formula got-
ten by stringing quantifiers in front of a logically valid formula is logically valid.
Not every logically valid formula is an instance of a tautology. Indeed there are
logically valid formulas that simply cannot be built using the techniques of this
section.
Exercises.
1. Each of the following formulas is logically valid. Mark those that are
instances of tautologies.
(a) A(x) → (∀yB(y) → A(x))
(b) ∀x(A(x) → (∀yB(y) → A(x)))
(c) A(x) → (¬B(y) ∨ B(y))
(d) ∃x(A(x) → (¬B(y) ∨ B(y))
(e) ∃x(¬¬A(x) → (¬B(y) ∨ B(y))
(f) ∃y∃x(¬¬A(x) → (¬B(y) ∨ B(y))
2. Each of the following formulas is logically valid. Mark those that are
instances of tautologies.
(a) C(x, y) → C(x, y)
(b) ∀x∃y(C(x, y) → C(x, y))
(c) ∀x∃yC(x, y) → ∀x∃y¬¬C(x, y)
(d) ∀x∃yC(x, y) → ¬¬∀x∃yC(x, y)
(e) A(x) ∨ ¬A(x)

(f) ∀x(A(x) ∨ ¬A(x))
2.11 Free for...

Here is a summary of what we can do so far. If someone says, “Here is a
formula which is not logically valid; show that this is the case,” then we build a
model where the formula isn’t true. If someone says, “Here is a formula which
is logically valid; show that this is the case,” then we check if the formula is an
instance of a tautology. If it isn’t, we try to build the formula by tacking some
quantifiers onto an instance of a tautology. If this works, we’re done. Otherwise,
we’re stuck.
We would like some guaranteed method of showing that a formula is logically
valid. We know that logically valid formulas are predicate calculus analogs of
tautologies. We can show that a formula is a tautology by checking the truth
table or writing a proof in L. If we had a proof system for predicate calculus,
we could show that a formula is logically valid just by writing a proof.
In order for this scheme to work, our proof system for predicate calculus must
have two properties. First, every formula that is provable must be logically valid.
In other words, our proof system must be sound. This ensures that we don’t
get wrong answers. Secondly, every logically valid formula must be provable in
the system. In other words, our proof system must be complete. This ensures
that we can always get an answer.
In order to even state the axioms we need, we will need to elaborate on our
notions of free and bound variables. We need a more sophisticated notion of
when a variable is free. In particular, we need to know when we can substitute
one variable (or term) for another variable.
Recall that in section 2.4, we said that an occurrence of a variable is free if
it is not in the scope of a quantifier on that variable. An occurrence which isn’t
free is called bound. Also, recall that a term is part of a formula which refers
to an object in a model. That is, a term may be a variable, a constant, or the
result of applying a function to terms.
Here’s the question that we want to answer: “When is it O.K. to plug in a
given term for a particular variable in a given formula?” What sort of situations
might cause problems? Consider the formula ∀xP (x, y). Note that y is a free
variable in this formula, while x is not. We cannot substitute something for x,
since the quantifier ∀ indicates that the formula must be true for all x. But,
since y is free, we have flexibility and should be able to substitute a term in for
y.
Here are some examples of substitutions.
∀xP (x, z) – another variable is allowed. As with any mathematical vari-
able, the particular name is unimportant.
∀xP (x, f (c, z, w)) – a function of several constants and variables is also
allowed. Think of it as an analogy to a composition of functions.
2.11. FREE FOR... 49
∀xP (x, x) – This substitution is not as general as the last. Substituting x

in for y changes the meaning of this formula since we now have bound a
variable that was previously free.
∀xP (x, h(x)) – As with the last substitution, this one ”binds” a variable
that was previously free.
When working with formulas in predicate calculus, we will not allow substi-
tutions like the last two. The first two are fine. We can nail this concept down
with a single definition. It’s a little technical, but that’s what makes it precise
and useful.
Definition. A term t is free for a variable x in the formula P if x does not

occur free within the scope of a quantifier on a variable in t.
We can approximate this definition as follows. It’s fine to plug in a term for
a free variable if none of the variables in the term are accidentally captured by
quantifiers.
Example. Consider the terms x, y, f (x, y), and 3. Determine which of these
terms are free for x in each formula below.
1. ∀y(A(x, y) ∨ B(z))
(a) x is free for x in ∀y(A(x, y) ∨ B(z)); x is always free for itself.

(b) y is not free for x in ∀y(A(x, y) ∨ B(z)); it would be in the scope of
the ∀y.
(c) f (x, y) is not free for x in ∀y(A(x, y)∨B(z)); it would be in the scope
of the ∀y.
(d) 3 is free for x in ∀y(A(x, y) ∨ B(z)); constants can never be captured
by quantifiers.
2. A(x) ∨ ∀z(C(z, z) ∧ A(z, y))
Terms:
(a) x is free for x in A(x) ∨ ∀z(C(z, z) ∧ A(z, y)); A(x) is not in the scope
of any quantifiers and x is always free for x in any formula anyway.
(b) y is free for x in A(x) ∨ ∀z(C(z, z) ∧ A(z, y)); A(x) is not in the scope
of any quantifiers.
(c) f (x, y) is free for x in A(x) ∨ ∀z(C(z, z) ∧ A(z, y)); A(x) is not in the
scope of any quantifiers.
(d) 3 is free for x in A(x) ∨ ∀z(C(z, z) ∧ A(z, y)); A(x) is not in the scope
of any quantifiers, and constants can never be captured by quantifiers
anyway.
3. B(y) → ∀y(A(x, z) ∧ ∃xC(x, y))

Terms:
(a) x is free for x in the formula B(y) → ∀y(A(x, z) ∧ ∃xC(x, y)); the
only free occurrence of x is in the A(x, z) predicate, and x is always
free for x.
(b) y is not free for x in the formula B(y) → ∀y(A(x, z) ∧ ∃xC(x, y)); x
occurs free in the A(x, z) predicate, and y will be captured by the ∀y
quantifier.
(c) f (x, y) is not free for x in the formula B(y) → ∀y(A(x, z)∧∃xC(x, y));
x occurs free in the A(x, z) predicate, and the y in f (x, y) will be
captured by the ∀y quantifier.
(d) 3 is free for x in the formula B(y) → ∀y(A(x, z) ∧ ∃xC(x, y)); con-
stants can never be captured
4. d) ∀x∃yD(x, y, z)
Terms: There are no free occurrences of x to plug in for in this formula.
Consequently, every term is free for x in ∀x∃yD(x, y, z). This is a weird
case, but the idea is not too hard. If there is no place to plug in, then you
can plug in anything safely.
(a) x is free for x in ∀x∃yD(x, y, z).

(b) y is free for x in ∀x∃yD(x, y, z).
(c) f (x, y) is free for x in ∀x∃yD(x, y, z).
(d) 3 is free for x in ∀x∃yD(x, y, z).
Here’s a summary of all the work done above. In the table below, an OK appears
if the term is free for x in the formula. If not, then an X appears.
x y f(x,y) 3
∀y(A(x, y) ∨ B(z)) OK X X OK
A(x) ∨ ∀z(C(z, z) ∧ A(z, y)) OK OK OK OK
B(y) → ∀y(A(x, z) ∧ ∃xC(x, y)) OK X X OK
∀x∃yD(x, y, z) OK OK OK OK
Let’s summarize some shortcuts. We can plug x in for x in any formula,
and not worry. We can plug a constant symbol in for x in any formula, and not
worry. Note that we only ever plug terms into free occurrences of variables. We
never plug terms of any sort into bounded occurrences of variables.
Exercises.
1. Use the following lists of formulas and terms to solve the exercises below.
Formulas: Terms
1. ∀y(A(x, y) ∨ B(z)) (a) x
2. A(x) ∨ ∀z(C(z, z) ∧ A(z, y)) (b) y
3. B(y) → ∀z(A(x, z) ∧ ∃xC(x, y)) (c) f (x, y)
4. ∀x∃yD(x, y, z) (d) 3
2.12. A PROOF SYSTEM FOR PREDICATE CALCULUS 51
(a) Determine which of the terms are free for y in each formula.
(b) Determine which of the terms are free for z in each formula.
2. Use the following lists of formulas and terms to solve the exercises below.
Formulas: Terms
1. ∀xA(x, y, z) (a) x
2. ∀yB(x, y) ∨ ∀zC(z, y) (b) y
3. ∀y(B(x, y) ∨ ∀zC(z, y)) (c) h(z, 3)
4. ∀y∀z(B(x, y) ∨ C(z, y)) (d) g(x, y, z)
(a) Determine which of the terms are free for x in each formula.
(b) Determine which of the terms are free for y in each formula.
(c) Determine which of the terms are free for z in each formula.
2.12 A proof system for predicate calculus

Now we’re ready to define our proof system for predicate calculus. Our proofs
will consist of sequences of formulas of the sort we’ve been using, with justifi-
cations for each line. We need to specify the axioms, the rules of inference, and
any abbreviations that we want to use. Since our new axiom system looks a
little like L, we’ll call it K.
Axioms
Any formulas of predicate calculus may be substituted for A, B, and C in the
following schemes. Also, other variables may be substituted for the use of x in
Axiom 4 and Axiom 5.
Axiom 1: A → (B → A)
Axiom 2: (A → (B → C)) → ((A → B) → (A → C))
Axiom 3: (¬B → ¬A) → ((¬B → A) → B)
Axiom 4: (∀xA(x)) → A(t), provided that t is free for x in A(x).
Axiom 5: ∀x(A → B) → (A → ∀xB), provided that x does not occur free

in A.
Rules of inference
Modus Ponens (MP): From A and A → B, deduce B.
Generalization (GEN): From A, deduce ∀xA.

Abbreviations and Notation

We will use ∃xA to abbreviate ¬∀x¬A. The connectives ∧, ∨, and ↔ are
rewritten using the equivalent ¬ and → formulations. We will write ` A if there
is a proof of A in the proof system K.
Before we go any further, we should construct enough instances of axioms
that we get a good feel for what axioms are available.
Axiom 1: A(x) → (∀xA(x) → A(x))
Axiom 1: ∀xA(x) → (∃xA(x) → ∀xA(x))
Axiom 1: (∀xA(x) → ∃yC(y)) → ((∃xB(x) → (∀xA(x) → ∃yC(y)))
Axiom 2:(A(x) → (∃yC(y) → ∀zW (z))) →

((A(x) → ∃yC(y)) → (A(x) → ∀zW (z)))
Axiom 3: (¬∃xC(x) → ¬A(x)) → ((¬∃xC(x) → A(x)) → ∃xC(x))
Axiom 4: ∀x∃yB(x, y, z) → ∃yB(x, y, z)
Axiom 4: ∀x∃yB(x, y, z) → ∃yB(t, y, z)
Axiom 5: ∀x(∀yB(y) → ∃yC(x, y)) → (∀yB(y) → ∀x∃yC(x, y))
Be careful with Axioms 4 and 5. It’s vital to pay attention to the extra
conditions on free occurrences of x. Here are two examples of common mis-
takes. First, the formula ∀x∃yB(x, y, z) → ∃yB(y, y, z) is not a correct instance
of Axiom 4 because the variable y is not free for x in ∃yB(x, y, z). Second,
the formula ∀x(∃yA(x, y) → B(x)) → (∃yA(x, y) → ∀xB(x)) is not a correct
instance of Axiom 5 because x occurs free in ∃yA(x, y).
Proofs in K look a lot like proofs in L. Here is an example of a short proof.
Theorem K 1. ` ∀x(A(x) → (B(x) → A(x))).
1. A(x) → (B(x) → A(x)) Axiom 1
2. ∀x(A(x) → (B(x) → A(x))) GEN, line 1
Before we do any more proofs, lets remember why we were interested in a

proof system. We wanted a good way to show that formulas were logically valid.
The following two very important theorems say that this is the proof system
that we want.
Theorem (Completeness Theorem for Predicate Calculus). (Gödel 1930)

If A is logically valid, then ` A.
Theorem (Soundness Theorem for Predicate Calculus). (Gödel 1930)

If ` A, then A is logically valid.
2.12. A PROOF SYSTEM FOR PREDICATE CALCULUS 53
Summarizing, we can prove a formula A if and only if it is logically valid.

The relationship between K and the logically valid formulas is exactly the same
as the relationship between L and the tautologies.
The proof of the soundness theorem for K is very much like the proof of
the soundness theorem for L. One shows that all the axioms are logically valid
and that applying MP and GEN to logically valid formulas always yields more
logically valid formulas. Then given a proof in K, we can step through line by
line, showing that each line in turn is logically valid. In particular, the last line
is logically valid, so if a formula can be proved in K, then it is logically valid.
The proof of the completeness theorem for K is completely different from the
proof of the completeness theorem for L. Rather than proving the result directly,
it is best to prove the contrapositive. Consequently, we would assume that there
is no proof of A in K, and then show that A is not logically valid by constructing
a model where ¬A is true. Many proofs of the completeness theorem (e.g. [?],
[?], [?], and [?]) differ primarily on the method of this construction. The method
employed by Henkin [?] actually uses a set of terms as the universe for the model.
This is a delightfully twisted idea.
In our discussion of the completeness theorem for L, we noted that it is
possible to write a computer program that accepts formulas of L as input,
determines whether or not they are tautologies, and then outputs either a row
of the truth table showing that the formula is not a tautology or a proof in
L of the formula. This is not the case for K. Indeed, there is no computer
program that can accept formulas of K as input and determine whether or not
they are logically valid. This situation is not due to a lack of talent on the
part of programmers. There is a proof that predicate calculus is undecidable,
that is no decision program can be created [?]. While there is no program for
deciding which formulas are logically valid, we do have a method for supporting
our conclusions. Given a logically valid formula we can find a proof of it in K,
and given a formula that isn’t logically valid we can find a model in which it is
not true.
Exercises.
1. Build two instances for each of the axioms, showing the substitution made
in each case.
2. Are the following instances of one of the axioms? If so, show the substi-
tution made.
(a) ∀x∀yA(x, y) → (∃xB(x) → ∀yA(x, y)).
(b) ∀x∀yA(x, y) → ∀yA(y, y).
(c) ∀x∀yA(x, y) → ∀yA(x, y).
(d) ∃xB(x) → ((∀x∃yC(x, y) → A(x)) → ∃xB(x)).
In order to make efficient use of our new proof system, K, we could use some
shortcuts. When we learned to write proofs in L, progress was painful until
we learned the Deduction Theorem for L. One of the shortcuts we will learn
is a Deduction Theorem for Predicate Calculus. The next four sections consist
entirely of shortcuts and proof strategies for our new proof system.
2.13 Dealing with ∀

Here is a strategy for manipulating universal quantifiers. To add ∀x to the
beginning of a formula, use GEN. To rip ∀x off the front of a formula, use
Axiom 4. Here is an easy proof that illustrates both halves of the strategy.
Theorem K 2. ∀x∀yA(x, y) ` ∀y∀xA(x, y).
1. ∀x∀yA(x, y) Given
2. ∀x∀yA(x, y) → ∀yA(x, y) Axiom 4
3. ∀yA(x, y) MP, lines 1. and 2.
4. ∀yA(x, y) → A(x, y) Axiom 4
5. A(x, y) MP, lines 3. and 4.
6. ∀xA(x, y) GEN, line 5.
7. ∀y∀xA(x, y) GEN, line 6.
Be careful! Our strategy only works on leading quantifiers whose scope is

the whole formula. Other situations require gyrations of a different sort. The
next shortcut will make these gyrations easier.
2.14 Rule T
Since Axiom 1, Axiom 2, Axiom 3 and MP are all included in K, every proof
in L is also a proof in K. The following rule lets us use all the results we could
have proved in L, even if we didn’t actually do the proof.
RULE T: Any instance of a tautology may be inserted as a line in a predicate

calculus proof.
Theorem K 3. A(x) ∧ B(x) ` A(x).
1. A(x) ∧ B(x) Given
2. (A(x) ∧ B(x)) → A(x) Rule T
3. A(x) MP, lines 1. and 2.

2.15. THE DEDUCTION THEOREM 55
Any time we introduce a shortcut rule, we need to consider one question.

Can every proof done using the shortcut be done without using it? If the answer
to the question is no, then proofs done via the shortcut may not be sound. For
Rule T, the answer to the question is yes. Actually, any line invoking Rule T
can be replaced by a proof using only Axiom 1, Axiom 2, Axiom 3, and MP.
This follows immediately from the completeness theorem for L. Roughly, since
every tautology can be proved in L, every formula that looks like a tautology
(i.e. every instance of a tautology) can be proved using axioms that look like
axioms of L (i.e. Axioms 1 through 3.)
The previous paragraph indicates why Rule T is such a powerful shortcut.
When we use Rule T, we are making full use of our understanding of L, including
the Completeness Theorem for L. On the other hand, misapplications of Rule
T are very undesirable. Rule T only allows insertion of instances of tautologies.
It does not allow us to insert other logically valid formulas. This is a very good
time to review section 2.10 and make sure that you understand exactly what
constitutes an instance of a tautology.
2.15 The Deduction Theorem

One of our nicest shortcuts in L was the deduction theorem. We can state (and
use) a deduction theorem for predicate calculus, too. We’ll state the theorem,
give two quick applications, and then discuss its proof a little.
Theorem (Deduction Theorem for K). If there is a proof of A ` B with no
applications of generalization to any variables that occur free in A, then there
is a proof of ` A → B.
Theorem K 4. ` ∀x∀yA(x, y) → ∀y∀xA(x, y)
We have already proved K2: ∀x∀yA(x, y) ` ∀y∀xA(x, y). The proof, which
appears on page 54, contains no applications of GEN to a variable appearing
free in ∀x∀yA(x, y). Actually, you don’t need to look at the proof, since there
are no free variables in ∀x∀yA(x, y). Theorem K4 follows by one application of
the deduction theorem for K.
Theorem K 5. ` ∀x(A(x) ∧ B(x)) → ∀xA(x)
This time, we will formally prove ∀x(A(x) ∧ B(x)) ` ∀xA(x), and then apply
the deduction theorem.
1. ∀x(A(x) ∧ B(x)) Given

2. ∀x(A(x) ∧ B(x)) → (A(x) ∧ B(x)) Axiom 4
3. A(x) ∧ B(x) MP, lines 1 and 2
4. (A(x) ∧ B(x)) → A(x) Rule T
5. A(x) MP, lines 3 and 4
6. ∀xA(x) GEN, line 5
The only use of GEN in this proof is on the variable x, which does not occur
free in the hypothesis. Thus, we can apply the deduction theorem to obtain
` ∀x(A(x) ∧ B(x)) → ∀xA(x), as desired.
In the preceding proof, we actually used the following restricted version of
the deduction theorem:
Corollary. If A ` B and A has no free variables, then ` A → B.
The restriction on applications of generalization to variables not occurring
free in the hypothesis is a vital part of the statement of the deduction theorem.
Without it, our proofs would not be sound. For example, consider the following
correct proof of x = y ` x = 0.
1. x = y Given
2. ∀y(x = y) GEN, line 1
3. ∀y(x = y) → x = 0 Axiom 4
4. x = 0 MP, lines 2 and 3
Note that the application of GEN in line 2 to the variable x, which occurs free
in x = y, precludes us from applying the deduction theorem. This is a good
thing, because if we incorrectly applied the deduction theorem, we could deduce
x = y → x = 0, which could be generalized to ∀x∀y(x = y → x = 0). This
formula is not logically valid, since in the model with the natural numbers as
its universe and the usual interpretation of = and 0, the implication 1 = 1 →
1 = 0 is false. Just one misapplication of the deduction theorem destroys the
soundness of our proof system. Always check for uses of GEN before applying
the deduction theorem.
Can every proof done using the deduction theorem be done without using
the deduction theorem? Sure! That’s essentially what the deduction theorem
says. At this point, we have enough tools to do a lot of proofs without too much
effort.
Exercises.
Prove the following in K. You may use any theorem with a lower number in
your proof.
Theorem K 6. ` (∀xA(x)) → ∀x(A(x) ∨ B(x))
Theorem K 7. ` ∀x(A(x) → B(x)) → (∀xA(x) → ∀xB(x))

2.16. ADDING ∃X 57
Theorem K 8. ` ∀xB(x) → ∀x(A(x) → B(x))
Theorem K 9. ` ∀x∀yA(x, y) → ∀y∀xA(y, x)
Theorem K 10. ` ∀x(A(x) ∨ B(x)) → (∀x¬A(x) → ∀xB(x))
2.16 Adding ∃x
If we have ∀xA(x), we ought to be able to prove ∃xA(x). In order to do this,
we need to be able to add ∃x to a formula. Here’s an example of how to do this
using the shortcuts we have so far.
Theorem K 11. A(x) ` ∃xA(x)
1. A(x) Given
2. ∀x¬A(x) → ¬A(x) Axiom 4
3. (∀x¬A(x) → ¬A(x)) → (A(x) → ¬∀x¬A(x)) Rule T
4. A(x) → ¬∀x¬A(x) MP, lines 2 and 3
5. ¬∀x¬A(x) MP, lines 1 and 4
6. ∃xA(x) Abbreviation of line 5
We can extract the content of the proof of Theorem K11, and create an
Add-∃x Rule that handles even more cases. We need to be careful that the
hidden use of Axiom 4 is acceptable. In the following, the clauses requiring that
A(t) is the result of replacing every free occurrence of x in A(x) with t and t is
free for x in A(x) insure that ∀x¬A(x) → ¬A(t) is a correct instance of Axiom
4. This allows us to modify the proof of K11 to obtain a proof of ∃xA(x) from
A(t). Stating the rule will save us from having to mess with contrapositives
every time we want to tack on an existential quantifier.
Add ∃x Rule: If A(t) is the result of replacing every free occurrence of x in A(x)
with t, and t is free for x in A(x), then from A(t) we may deduce ∃xA(x).
Here is an application of the Add ∃x Rule that makes use of the ability to
substitute for a term. In the following, A(y, y) is the result of replacing every
free occurrence of x in A(x, y) with y, and y is free for x in A(x, y). Thus the
Add ∃x Rule allows us to deduce ∃xA(x, y) from A(y, y).
Theorem K 12. A(y, y) ` ∀y∃xA(x, y)
1. A(y, y) Given
2. ∃xA(x, y) Add ∃x Rule, line 1
3. ∀y∃xA(x, y) GEN, line 2
Exercises.
1. Prove:
Theorem K 13. ` ∀xA(x) → ∃xA(x)
2. Consider the theorem:

Theorem K 14. ` ∀yA(y) → ∃xA(x)
(a) Prove K14 using the deduction theorem, Axiom 4 and K13.
(b) Prove K14 using the Add ∃x Rule.
3. Prove:
Theorem K 15. ` ∀x(A(x) ∨ B(x)) → (∀xA(x) ∨ ∃xB(x))
4. Prove the following theorems. Like the proof of Theorem K11, these re-
sults use the fact that ∃xA(x) is an abbreviation for ¬∀x¬A(x). Math-
ematicians use results like these whenever they “push negations past a
quantifier.”
(a)
Theorem K 16. ¬∃xA(x) ` ∀x¬A(x)
(b)
Theorem K 17. ∀x¬A(x) ` ¬∃xA(x)
(c)
Theorem K 18. ∃x¬A(x) ` ¬∀xA(x)
(d)
Theorem K 19. ¬∀xA(x) ` ∃x¬A(x)
2.17 Removing ∃x
So far, we have strategies for adding and removing ∀x, and a rule for adding
∃x. To complete our survey of techniques for manipulating quantifiers, we need
a rule for removing ∃x.
Informally, if we have ∃xA(x), we should be able to find some element to
plug in for x. If we give that element a temporary name, we could proceed
with our proof. The best thing to use as a name is a constant symbol. If we
use a constant symbol that already appears in the proof (or appears in some
weird axioms that we plan to use later), we will be implicitly making additional
assumptions about the element. Consequently, we want to use a new constant
symbol. Here’s the rule, presented more formally.
Rule C: If ∃xA(x) is a previous line in a proof, we may write A(c) as a line,

provided that the following two conditions hold.
2.17. REMOVING ∃X 59
1. c is a new constant symbol. (That is c doesn’t show up in any earlier

lines of the proof, of in any proper axioms we ever plan to use.)
2. If some variable (say y) appears free in the formula ∃xA(x), then
GEN is never applied to y in the proof.
Here is an example of using Rule C in a proof.

Theorem K 20. ∃x(A(x) ∧ B(x)) ` ∃xA(x)
1. ∃x(A(x) ∧ B(x)) Given

2. A(c) ∧ B(c) Rule C, line 1
3. (A(c) ∧ B(c)) → A(c) Rule T
4. A(c) MP, lines 2 and 3
5. ∃xA(x) Add ∃x Rule, line 4
Why do we need the second condition in Rule C? We need to worry about

GEN and Rule C for the same reason that we worry about GEN and the De-
duction Theorem. If we do a proof with Rule C and break the second condition,
our conclusion may not be sound. For example, consider the following incorrect
proof of ∃x∀y(x = y) from ∀y(y = y).
1. ∀y(y = y) Given
2. ∀y(y = y) → y = y Axiom 4
3. y = y MP, lines 1 and 2
4. ∃x(x = y) Add ∃x Rule, line 3
5. c = y Rule C, line 4
6. ∀y(c = y) Illegal use of GEN
7. ∃x∀y(x = y) Add ∃x Rule, line 6
In line 4, y = y is the result of substituting y for every free occurrence of x
in x = y, and y is free for x in x = y, so this line is a legal application of the
Add ∃x Rule. Indeed, this is just like the second line in the proof of K12 with
x = y substituted for A(x, y). We pull the substitution trick with the Add ∃x
Rule again in line 7. It is legal there, too. The only illegal step is in line 6,
where we apply GEN to a variable that appears free in line 4, the formula to
which we applied Rule C. That violates the second condition of Rule C, and it
is a very bad idea. There is a model where ∀y(y = y) is true, but ∃x∀y(x = y)
is false, so ∀y(y = y) does not logically imply ∃x∀y(x = y). The illegal use of
GEN with Rule C has destroyed the soundness of our proof system.
We’ve seen the bad effects of violating the conditions of Rule C. However,
if we can prove A using Rule C correctly, then we can prove A without using
Rule C. Consequently, correct uses of the shortcut Rule C do not mess up the
completeness and soundness theorems for our proof system. One way to prove
this is to construct an algorithm that converts proofs that use the shortcut
to proofs that do not. This sort of argument closely resembles a proof of the
deduction theorem, and is used in [?].
Exercises.
Use Rule C to prove the following:
Theorem K 21. ` ∃xA(x) → ∃x(A(x) ∨ B(x))
Theorem K 22. ` ∃x∀yA(x, y) → ∀y∃xA(x, y)
Theorem K 23. ` ∃x(A(x) → B(x)) → (∀xA(x) → ∃xB(x))
Theorem K 24. ` ∃xB(x) → ∃x(A(x) → B(x))
Theorem K 25. ` ¬∀xA(x) → ∃x(A(x) → B(x)) (Hint: Use K19)
Theorem K 26. ` (∀xA(x) → ∃xB(x)) → ∃x(A(x) → B(x)) (Hint: Use

K24 and K25, rather than Rule C.)
2.18 Proof strategies in predicate calculus

Predicate calculus looks a lot like propositional calculus, except for the addition
of quantifiers. We have some excellent tools for dealing with quantifiers. To
add ∀x we use GEN, and to add ∃x we use the aptly named Add ∃x Rule. To
remove ∀x we use Axiom 4, and to remove ∃x we use Rule C. A very rough
overall strategy for doing proofs in predicate calculus is:
• Rip off the quantifiers.

• Use Rule T (or whatever) to mess with the guts of the formula.
• Glue the quantifiers back on.
Of course, we also can use techniques from propositional calculus like apply-
ing the deduction theorem or proving the contrapositive as a lemma. Here are
some problems that use a variety of methods.
2.18. PROOF STRATEGIES IN PREDICATE CALCULUS 61
Exercises.
Theorem K 27. ` ∀xA(x, x) → ∀x∃yA(x, y)
Theorem K 28. ` ∀y∃x(¬A(y, x) ∨ A(y, y))
Theorem K 29. ` ∃x(A(x) ∨ B(x)) → (∃xA(x) ∨ ∃xB(x))
Theorem K 30. ` (∃xA(x) ∨ ∃xB(x)) → ∃x(A(x) ∨ B(x)).
Theorem K 31. ` ∃x(A(x) ∧ B(x)) → (∃xA(x) ∧ ∃xB(x))
Theorem K 32. ` (∀xA(x) ∧ ∃xB(x)) → ∃x(A(x) ∧ B(x))
Theorem K 33. ` (∀xA(x) ∨ ∀xB(x)) → ∀x(A(x) ∨ B(x))
Theorem K 34. ` ∀x(A(x) ∧ B(x)) → (∀xA(x) ∧ ∀xB(x))
Theorem K 35. ` (∀xA(x) ∧ ∀xB(x)) → ∀x(A(x) ∧ B(x))
Theorem K 36. ` (∃xA(x) → ∀xB(x)) → ∀x(A(x) → B(x))
Hints: You may find the following strategies useful for the preceding exercises.
K27: Deduction theorem.
K28: Rule T, followed by Add ∃x Rule.
K29: P ∨ Q abbreviates ¬P → Q.
K30: Prove the contrapositive.
K31: Deduction theorem and Rule C.
K32: Deduction theorem and Rule C.



Chapter 3
Transition to Informal
Proofs
We just spent the whole last chapter talking about predicate calculus. Two of
the important theorems we discussed were the Completeness Theorem and the
Soundness Theorem. These two theorems can be summarized as follows: The
formulas that are provable in predicate calculus are exactly the logically valid
formulas.
These results indicate both the main weakness and the main strength of
predicate calculus. On the one hand, the only formulas we can prove are the
logically valid formulas, which will always be true in every model. However, most
of the interesting formulas in mathematics state properties that are peculiar to
the integers, or the reals, or to some other entertaining specific model. For
example,
∀x(P (x) ∨ ¬P (x))
is true in absolutely every model, but
∀x((P (x) ∧ B(x)) → O(x))
is not logically valid. However, consider the following model:
Universe := natural numbers
P(x) := x is prime
B(x) := x is bigger than 2
O(x) := x is odd
In this model (a particular model), the second statement above translates to:
All prime natural numbers bigger than 2 are odd. This is a true statement, but
since it is not logically valid, we need new axioms in order to prove it.
63
64 CHAPTER 3. TRANSITION TO INFORMAL PROOFS
Now we want to address a new question: What additional axioms do math-

ematicians use? In a sense, we are asking about what sort of objects mathe-
maticians work on, and what properties of these objects they use to describe
them. By considering important properties, we are avoiding some pithy philo-
sophical questions, and asking some more pragmatic questions. For example,
rather than asking “What is a natural number?”, we will ask “What important
properties of natural numbers are useful in mathematical proofs?” The philo-
sophical questions are very interesting, but, after all, our goal is to write better
proofs.
If we actually knew all along that predicate calculus could not prove mathe-
matically interesting statements and that we would eventually tack on bunches
of new axioms, why did we spend a whole chapter on predicate calculus? Re-
member that any formula provable in predicate calculus is provable in any theory
with added axioms. Thus, the theorems of predicate calculus are the common
core of first order mathematical theories. Also, the shortcut methods we used
don’t exclude the use of additional axioms, so the proof techniques we learned
in the last chapter will apply to all sorts of interesting mathematical proofs.
Predicate calculus is a sort of scaffold on which we can hang any axiom systems
that interest us.
Any theory that consists of the axioms of K together with additional (often
called non-logical) axioms using predicates and variables from K is called a first
order theory. In the next two sections, we will take a look at first order theories
describing the nature of equality and the natural numbers.
3.1 The Theory of Equality

Here is a simple example of a first order theory. The goal is to describe our
understanding of what equality means. Suppose that we use the symbol x = y
to represent some binary predicate (like A(x, y)). Let E denote the axioms of
predicate calculus (K) together with the following axioms (numbered to avoid
confusion with Axioms 1 through 5 in k):
Axiom 6 (Reflexivity of equality) ∀x(x = x)
Axiom 7 (Substitutivity of equality) For every formula A(x, y), with free vari-
able x, if y is free for x in A(x, x) then
x = y → (A(x, x) → A(x, y)).
If we can prove a formula B in predicate calculus using the additional axioms 6

and 7, we will write È B. In this case, we say that B is a theorem of E, and
that E proves B. It’s interesting to note that these two axioms actually do a
pretty good job of describing the way that equality acts. In particular, Axiom
7 captures the sort of substitution steps that are commonly used in elementary
algebra. In this sense, a lot of elementary algebra has more to do with the
equality predicate than with functions or numbers. Here are several instances
of Axiom 7.
3.1. THE THEORY OF EQUALITY 65
x = y → (P (x, x, z) → P (x, y, z))

y = z → (R(y) → R(z))
y = z → (x = y → x = z)
x = y → (x = x → y = x)
x = 2 → (x · y = 6 → 2 · y = 6
x = y → (x + 2 = x + 2 → x + 2 = y + 2)
Note that Axiom 7 can’t be used on quantified variables, so the following
statement is not an instance of Axiom 7: x = y → (∀xP (x, x, z) → ∀xP (x, y, z)).
Remember that all the axioms of L and K are axioms of E. Consequently, all of
the theorems we proved using L and K are theorems of E. Now it is time to try
our hand at a proof that uses the new axioms.
Theorem E 1. È ∀x∀y(x = y → y = x) (Mathematicians would paraphrase
this by saying equality is symmetric.)
Proof:
1. x = y → (x = x → y = x) Axiom 7
2. x = x → (x = y → y = x) L7, line 1
3. ∀x(x = x) Axiom 6
4. ∀x(x = x) → x = x Axiom 4
5. x = x MP, lines 3 and 4
6. x = y → y = x MP, lines 2 and 5
7. ∀y(x = y → y = x) GEN, line 6
8. ∀x∀y(x = y → y = x) GEN, line 7
Exercises.
Prove the following in E.
Theorem E 2. È x = y → (y = z → x = z) (This is often called the transitive
law of equality.)
Theorem E 3. È (x = y ∧ x = z) → y = z (This is an axiom of Euclid:
things equal to the same thing are equal to each other.)
Theorem E 4. È x = y → ∀z(f (z, x) = f (z, y))
Note that Theorem E4 holds regardless of the choice of f (x, z). For example,
we could replace f (x, z) by x + z, x − z, x · z, xz , z x , or any other two place
function.
3.2 Formal Number Theory

In this section, we will discuss an axiom system for formal number theory.
By formal number theory, we mean a theory that describes arithmetic on the
natural numbers. The mathematical objects we are trying to describe with our
new axioms are the counting numbers {0, 1, 2, ...} and various familiar functions
on them, like addition and multiplication.
Rather than trying to cook up a reasonable set of axioms from scratch, we
can rely on the expertise of some other mathematicians. The following axioms
were used by Kleene [?] and Mendelson [?]. We’ll call our axiom system PA,
short for Peano’s Axioms for Arithmetic. The function x0 is read as successor
and is intended to represent x + 1.
The axiom system PA consists of the axioms of E and the eight following axioms.
Axiom 8: ∀x∀y(x = y → x0 = y 0 )
Axiom 9: ∀x(0 6= x0 )
Axiom 10: ∀x∀y(x0 = y 0 → x = y)
Axiom 11: ∀x(x + 0 = x)
Axiom 12: ∀x∀y(x + (y 0 ) = (x + y)0 )
Axiom 13: ∀x(x · 0 = 0)
Axiom 14: ∀x∀y(x · (y 0 ) = (x · y) + x)
Axiom 15: If A(x) is a formula of PA, then
A(0) → (∀n(A(n) → A(n0 )) → ∀nA(n)).
We can easily paraphrase what these axioms say. Axioms 8, 9 and 10 say
that equality acts the way we expect equality to act related to numbers and
successors. Axiom 9 says that 0 is the least counting number. Axiom 10 says
that 0 is the additive identity. Axioms 11 and 12 outline the behavior of addition,
and Axioms 13 and 14 do the same for multiplication. Axiom 15 says that we
can use induction to prove facts about the counting numbers. All in all, this
seems like a very reasonable list of properties of the natural numbers.
The language of P A is very expressive. That is, lots of properties of the
natural numbers can be written as formulas of P A. Here are some examples.
Example. Each of the following mathematical concepts is presented with its

formalization in PA. Note that these are just formulas representing properties
of natural numbers, not provable statements.
1. x is even: ∃k(x = 2 · k)
(2 is an abbreviation for 000 .)
3.2. FORMAL NUMBER THEORY 67
2. x is odd: ∃k(x = 2 · k + 1)
(1 is an abbreviation for 00 .)
3. y|x (y divides x evenly): ∃k(x = y · k) )
4. x ≤ y (x is less than or equal to y): ∃k(x + k = y)
5. x < y (x is strictly less than y): ∃k(x + k = y ∧ k 6= 0)
(k 6= 0 is an abbreviation for ¬(k = 0.)
6. x is a prime number: 1 < x ∧ ∀y(y|x → (y = 1 ∨ y = x))
(y|x is an abbreviation for ∃k(x = y · k), as shown in part 3.)
Besides being able to express a multitude of number theoretical concepts,
PA can actually prove gobs of facts about the natural numbers. Here are some
additional statements and their formalizations, each of which can be proved in
PA.
Example. Each of the following mathematical statements is presented with its
formalization in PA. Each of these properties of natural numbers can be proved
from the axioms of PA. Since GEN is included in PA, we can also prove closed
versions of these statements with universal quantifiers in the front.
1. Addition is commutative: x + y = y + x
2. Addition is associative: x + (y + z) = (x + y) + z
3. Multiplication is distributive over addition: x · (y + z) = x · y + x · z
4. Strict inequality is transitive: x < y → (y < z → x < z)
5. Inequality is preserved by addition: x ≤ y → x + z ≤ y + z
6. Strict inequality is preserved by addition: x < y → x + z < y + z
7. Inequality is preserved by multiplication: x ≤ y → x · z ≤ y · z
8. Strict inequality is preserved by nonzero multiplication:
z 6= 0 → (x < y → x · z < y · z)
9. Inequalities can be added: (w ≤ x ∧ y ≤ z) → w + y ≤ x + z
10. Inequalities can be multiplied: (w ≤ x ∧ y ≤ z) → w · y ≤ x · z
We keep asserting that statements can be proved in PA without providing the
proof. There is a reason for this. Generally speaking, the proofs are somewhat
long and complicated, though the next two examples aren’t too bad.These first
two results give a formal proof that 0 · n = 0. From Axiom 13, we know that
n · 0 = 0, but since commutativity of multiplication is not one of our axioms, we
have the prove the new statement. Indeed, this can be used as an initial step
in a proof that multiplication is commutative. (See the exercises.) Remember
that in our proofs in PA, we can use axioms of PA, and results from L, K and
E.
Theorem PA 1. `P A ∀n(0 · n = 0 → 0 · (n0 ) = 0).

Proof: We will prove that 0 · n = 0 `P A 0 · (n0 ) = 0, and then apply the
Deduction Theorem and GEN.
1. 0 · n = 0 Given
2. ∀x∀y(x · (y 0 ) = (x · y) + x) Axiom 14
3. ∀x∀y(x · (y 0 ) = (x · y) + x) → ∀y(0 · (y 0 ) = (0 · y) + 0) Axiom 4
4. ∀y(0 · (y 0 ) = (0 · y) + 0) MP, lines 2 and 3
0 0
5. ∀y(0 · (y ) = (0 · y) + 0) → (0 · (n ) = (0 · n) + 0) Axiom 4
6. 0 · (n0 ) = (0 · n) + 0 MP, lines 4 and 5
7. ∀x(x + 0 = x) Axiom 11
8. ∀x(x + 0 = x) → (0 · n) + 0 = 0 · n Axiom 4
9. (0 · n) + 0 = 0 · n MP, lines 7 and 8
0 0
10. (0 · (n ) = (0 · n) + 0) → ((0 · n) + 0 = 0 · n → 0 · (n ) = 0 · n) Theorem E3
12. (0 · n) + 0 = 0 · n → 0 · (n0 ) = 0 · n MP, lines 6 and 10
13. 0 · (n0 ) = 0 · n MP, lines 9 and 12
0 0
14. (0 · (n ) = 0 · n) → (0 · n = 0 → 0 · (n ) = 0) Theorem E3
15. 0 · n = 0 → 0 · (n0 ) = 0 MP, lines 13 and 14
16. 0 · (n0 ) = 0 MP lines 1 and 15
Our proof of 0 · n = 0 `P A 0 · (n0 ) = 0 used no applications of GEN to n, so
by the Deduction Theorem, we have `P A 0 · n = 0 → 0 · (n0 ) = 0. Using this as
a lemma and applying GEN to n, we obtain a proof of Theorem PA1.
Theorem PA 2. `P A ∀n(0 · n = 0).
Proof: Our proof will use Theorem PA1 and the induction axiom from PA.
In informal terms, line 3 of the following proof is the base case and line 4 is the
induction step.
1. ∀x(x · 0 = 0) Axiom 13
2. ∀x(x · 0 = 0) → 0 · 0 = 0 Axiom 4
3. 0 · 0 = 0 MP, lines 1 and 2
4. ∀n(0 · n = 0 → 0 · (n0 ) = 0) Theorem PA1
5. 0 · 0 = 0 → (∀n(0 · n = 0 → 0 · (n0 ) = 0) → ∀n(0 · n = 0)) Axiom 15
0
6. ∀n(0 · n = 0 → 0 · (n ) = 0) → ∀n(0 · n = 0) MP, lines 3 and 5
7. ∀n(0 · n = 0) MP lines 4 and 6
3.3. MORE ABOUT INDUCTION 69
Exercises.
1. Translate the following statements into formulas of P A. (Note that each of
these could actually be proven in P A, but that is not part of this exercise.)
(a) For every x, there is a number y such that x2 = y.

(b) 2 is not a square.
(c) There is a natural number which is not a square.
(d) Multiplication is commutative
(e) Multiplication is associative.
2. Translate the following statements into formulas of P A. (Note that P A

can prove each of these statements, but that is not part of this exercise.)
(a) If x is even, then x + 1 is odd.

(b) If x is odd, then x + 1 is even.
(c) For every x, either x is even, or x is odd.
(d) For every x, there is a y such that x < y.
(e) There are infinitely many primes. (A formal proof of this statement
in PA would be many hundreds of lines long.)
3. Prove:
Theorem PA 3. ∀n(n = 0 + n)
4. Prove:
Theorem PA 4. ∀x∀y(x + y = y + x)
5. Prove:
Theorem PA 5. ∀x∀y(x · y = y · x)
6. Using the formalizations in the examples, formalize the statement “if x is

prime and even, then x = 2.” Prove this statement in PA.
3.3 More about induction

Consider the induction argument we used to prove Theorem PA2. We prove
that 0 · n = 0 for all n via the following three steps:
1. Base case: (n = 0) We proved 0 · 0 = 0.
2. Induction step: Assuming 0 · n = 0, we deduced 0 · n0 = 0. This proof

was actually carried out in Theorem PA1, and then used in the proof of
Theorem PA2.
3. Conclusion: By virtue of the induction axiom (Axiom 15), we concluded

that 0 · n = 0 for all n.
In the induction step, the assumed statement 0 · n = 0 is called the induction
hypothesis. If we rewrite the proof in a less formal fashion, we can include the
main steps of the proof of Theorem PA1 and still give the reader a good idea of
the overall structure of the argument.
Theorem. ∀n(0 · n = 0).
Proof. We will use induction and axioms of PA.
Base case: 0 · 0 = 0 by Axiom 13 of PA.
Induction step: Assume 0 · n = 0. We will prove that 0 · (n0 ) = 0.
0 · (n0 ) = 0 · n + 0 Axiom 14
=0·n Axiom 11
=0 Induction hypothesis
By the transitivity of equality, we have shown 0 · (n0 ) = 0, as desired.

Conclusion: By induction, it follows that ∀n(0 · n = 0).
Note that this proof has significant advantages over the proof in the previous
section. It contains both the proof of Theorem PA1 and Theorem PA2, but
is much shorter. It is much easier to read than the formal proof, but still
highlights the main axioms used in the formal proof. By suppressing some of
the logical machinations of the formal proof, it actually reveals more of the
unalloyed mathematical content of PA.
Clearly, less formal proofs do a better job of serving the interests of math-
ematicians. On the other hand, it is also much more difficult to spot errors in
informal proofs. Whenever we are unsure of a step, it is nice to be able to rely
on the technical precision of formal proof to verify the correctness of details.
The format of an induction argument can be modified in a variety of ways.
For example, the following theorem of PA essentially says that we can shift the
starting point of an induction argument.
Theorem PA 6. If A(x) is a formula of PA, then
A(k) → (∀n(k ≤ n → (A(n) → A(n0 ))) → ∀n(k ≤ n → A(n))).
Note that Theorem PA6 has a formal proof in PA, though we will not bother
to write it up. Also, in the statement of the theorem, we use k ≤ n as an
abbreviation for ∃x(k + x = n), applying our work from part 4 of the example
on page 67.
We can use Theorem PA6 to create informal proofs in exactly the same way
that we used Axiom 15 before. We will call these proofs by induction with a
shifted starting point. If we want to prove that A(n) holds for all n ≥ k, we can
use the following three steps.
1. Base case: (n = k) Prove that A(k) holds.
3.3. MORE ABOUT INDUCTION 71
2. Induction step: Assume the induction hypothesis, namely that both k ≤ n

and A(n) hold. Deduce A(n0 ).
3. Conclusion: By induction, we conclude that ∀n(k ≤ n → A(n)).
This type of induction argument is particularly handy for proving results
about summations. You may have seen the following notation in a calculus
course.
Xk
f (i) = f (0) + f (1) + f (2) + · · · + f (k).
i=0
The starting point of the summation can be a value other than 0. For example,
X
5
1 1 1 1 1
= + + + .
i=2
i 2 3 4 5
Shifting the starting points and endpoints allow us to rewrite sums in various
convenient formats. For example,
X
n X
n X
n X
n−2
i=1+ i=1+2+ i = (n − 1) + n + i.
i=1 i=2 i=3 i=1
Note that for finite summations, and rearrangement of the terms yields the
same final sum.
Using our new notation, we can state a nice theorem which we will then
prove by an informal induction argument with a shifted starting point. Since
this is the first result that we will prove using strictly informal methods, we will
call it Theorem 1.
X
n
n(n + 1)
Theorem 1. For all n ≥ 1, i= .
i=1
2
Before writing the proof, we should do some scratch work. We will need
to use induction with the starting point kP = 1. In the induction step, our
n
induction hypothesis will be that n ≥ 1 and i=1 i = n(n + 1)/2. We will want
P n0 P
to prove that i=1 i = n0 (n0 + 1)/2, that is, i=1 i = (n + 1)(n + 2)/2. Now
n+1
Pn+1 Pn
i=1 i = ( i=1 i) + (n + 1), so after applying the induction hypothesis we just
need to show that n(n + 1)/2 + (n + 1) = (n + 1)(n + 2)/2. We can prove this
by rewriting the second (n + 1) on the left side of the equation as 2(n + 1)/2
to achieve a common denominator, and then adding fractions and simplifying.
Now we have all the elements of the proof. A little reorganization and we will
have a nice informal proof. We are done with the scratch work; here we go with
the proof.
Proof. We will use induction with a shifted starting point.
X1
1(1 + 1)
Base case: Note that i=1= , so the theorem holds for n = 1.
i=1
2
X
n
n(n + 1)
Induction step: Suppose that 1 ≤ n, and i= . Then,
i=1
2
Ã n !
X
n+1 X
i= i +n+1
i=1 i=1
n(n + 1)
= +n+1 (by the induction hypothesis)
2
n(n + 1) 2(n + 1)
= +
2 2
n(n + 1) + 2(n + 1)
=
2
(n + 1)(n + 2)
= .
2
X
n
n(n + 1)
Conclusion: By induction, we have shown i= for all n ≥ 1.
i=1
2
It is possible to formalize and prove Theorem 1 in PA. This would be a

very involved process. First, we would have to find a formula in the language
of PA that asserts that x is the sum of the natural numbers between 1 and n.
this is no trivial feat in itself. Then we would have to decide how to formalize
division by 2. Once we had a proper formalization of the theorem, we would
still need to carry out the shifted induction argument. The induction step uses
some algebra that we would need to backtrack and prove. This could all be
done, but the insight gained by this process is not terribly interesting to the
typical mathematician. Our informal proof does a good job of justifying the
result without drowning us in the details.
Exercises.
1. Prove the following using informal induction arguments. You may use any
previously proved theorems of PA, the algebraic properties in the example
on page 67, and basic high school algebra facts.
P
n
Theorem 2. 2k = 2n+1 − 1
k=0
P
n
Theorem 3. 2k = n2 + n
k=1
Theorem 4. k ≥ 1 → 8|(9k − 1)
Theorem 5. n ≥ 3 → n2 ≤ 5n!

Theorem 6. The sum of the first n odd numbers is n2 .
3.4. INDUCTIVE PITFALLS 73
(a) Rewrite Theorem 6 using summation notation. (Hint: Every odd

number is of the form 2k + 1 for some k.)
(b) Prove Theorem 6 using an informal induction argument.
3. Find a formula in the language of PA with the free variables n and x that
formalizes the statement “x is the sum of the natural numbers less than
or equal to n.”
4. Strong induction consists of the axiom scheme
A(0) → (∀n(∀x(x ≤ n → A(x)) → A(n0 )) → ∀nA(n)).
The only difference from a standard induction argument is that in the

induction step we are allowed to use all the preceding cases as the induction
hypothesis. Thus, in proving A(n0 ), we may make use of A(n), A(n − 1),
A(n − 2), and so on. The strong induction scheme is a theorem of PA. It
can also be proved with a shifted starting point.
The Fibonacci sequence is a sequence of integers defined by the formulas
f1 = 1, f2 = 1, and fn = fn−1 + fn−2 for n ≥ 3. Use strong induction to
prove the following theorems:
Theorem 7. Prove that for all n ≥ 1, fn ≤ 2n .
Theorem 8. Prove that for all n ≥ 5, fn ≥ n.
Theorem 9. Prove that for all n ≥ 9, fn ≥ 3n.
3.4 Inductive Pitfalls

Pnthe last section, we proved Theorem 1 which states that for all n ≥ 1,
In
i=1 i = n(n + 1)/2. It is possible to prove this theorem without using in-
duction. Supposedly Gauss cooked up the following proof in order to solve a
problem in elementary school.
Pk
Alternate Proof. Let Sn = i. This sum can be written from smallest to
i=1
largest or from largest to smallest:
Sn =1+ 2+3 + ...+ n

Sn =n+ (n − 1)+(n − 2) + ...+ 1
Adding these two equations term by term gives:
2Sn = (1 + n) + (2 + (n − 1)) + (3 + (n − 2)) + ... + (n + 1)
which is the same as
2Sn = (n + 1) + (n + 1) + (n + 1) + ... + (n + 1) = n(n + 1).

Dividing both sides by 2, gives our result:

k(k + 1)
Sn = .
2
Very clever boy, that Gauss! His use of dots in the middle of a sum is
acceptable. Using dots as part of the argument can lead to difficulties. Here is
an example of a bad use of dots.
Non-Theorem 1. 3n ≥ n!.
Non-Proof. Consider the following cases:
n=0: 1 = 30 ≥ 0! = 1
n=1: 3 = 31 ≥ 1! = 1
n=2: 9 = 32 ≥ 2! = 2
n=3: 27 = 33 ≥ 3! = 6
..
.
Proceeding in this fashion yields our result.
Not!!! In fact, this statement is also true for n = 4, 5, and 6. At n = 7 it
fails, since 2187 = 37 < 7! = 5040. Indeed, the theorem is false for all numbers
above 6. Beware the abuse of dots. A collection of base cases does not make
a valid argument. On the other hand, leaving out the base case can also cause
difficulties, as shown by the next erroneous example.
P
n
n2 +n+2
Non-Theorem 2. i= 2
i=1
P
k
k2 +k+2
Non-Proof. Assume the statement is true for n = k, so i= 2 , and
i=1
consider
X
k+1 X
k
k2 + k + 2
i = (k + 1) + i = (k + 1) + .
i=1 i=1
2
Expanding out the binomials and combining terms over the common denomi-
nator gives:
X
k+1
2k + 2 + k 2 + k + 2 (k + 1)2 + (k + 1) + 2
i= =
i=1
2 2
We know this is not correct! We proved the correct statement as Theorem

1. What went wrong? No base case. One last non-theorem will show us that
not only must we consider the base case, but we must be sure we have the right
base case.
Non-Theorem 3. All horses are the same color.
3.5. PROOFS BY CONTRADICTION 75
Non-Proof. We prove this theorem by induction on the number of horses.

Base case: One horse is the same color as itself.
Induction step: Assume that any set of k horses contains horses of one color.
Consider a set, S, of k + 1 horses. Choose any two horses x and y from S with
x 6= y. To finish we must show x and y are the same color.
To accomplish this, look at the sets:
A = S 6 {x}
B = S 6 {y}
A and B are sets of k horses, and thus by the induction hypothesis each contains
horses of one color. Now choose any z contained in A ∩ B. z and y are both
in A and are therefore the same color. z and x are both in B and are therefore
the same color as well. Thus x is the same color as y.
What is wrong here? We know that the statement is false! Somehow induc-
tion was not properly done. The error is a subtle one. We chose horses x 6= y
out of our set of horses S – that’s two horses – and then we chose another horse
z from S. That makes three horses in the smallest S possible for the induction
step to make sense. So the base case should have been two horses, which is
false! The moral of this example is: Think very carefully about the base step.
Now that we have mastered induction and seen some errors to avoid, it
is very tempting to use our new hammer on every nail we see. Induction is
not always the most direct approach to proving a theorem. In an induction
proof, if the induction hypothesis is not used in the proof of the induction step,
then induction can be avoided. The direct proof will resemble the proof of
the induction step with the base case omitted. The next exercise illustrates
this situation. Our erroneous proof of Non-theorem 2 looked like an induction
step with the base case omitted, but in that argument we used the induction
hypothesis. In the exercise, we can shorten the proof while avoiding the error.
Exercise.
Theorem 10. n is odd → n2 − 1 is divisible by 4.
(a) Prove this theorem by induction. (Your induction step will not re-
quire the use of the induction hypothesis.)
(b) Prove this theorem without using induction.
3.5 Proofs by Contradiction

Sometimes when we want to prove P → Q, the easiest thing to do is to assume
that P → Q is false, and derive a contradiction. By assuming the negation of
P → Q, we are actually assuming both P and ¬Q, so we have two hypotheses to

get us started. The fact that deducing a contradiction suffices to prove P → Q
is a consequence of the following theorem about proofs in K.
Theorem (Proof by Contradiction). If Γ is a collection of formulas with no

free variables, and for some formula B there is a proof of Γ, ¬A ` B ∧ ¬B, and
if that proof contains no applications of generalization to variables that occur
free in A, then Γ ` A.
Proof. If there is a proof of Γ, ¬A ` B ∧ ¬B with no inappropriate uses of GEN,

then by the deduction theorem Γ ` ¬A → (B ∧ ¬B). Using this as a lemma,
we have the following formal proof of Γ ` A.
1. ¬A → (B ∧ ¬B) Lemma
2. (¬A → (B ∧ ¬B)) → (¬(B ∧ ¬B) → A) Rule T
3. ¬(B ∧ ¬B) → A MP, lines 1 and 2
4. ¬(B ∧ ¬B) Rule T
5. A MP, lines 3 and 4
Thus, given the deduction of the contradiction B ∧ ¬B from the assumption of

¬A, we may deduce that A holds.
The inclusion of Γ in the theorem allows us to apply proof by contradiction

in systems with additional axioms, like E and PA. Note that whenever we do
proofs by contradiction, we must exhibit the same care concerning generalization
that we use in applications of the deduction theorem. To see the importance
of this, consider the following incorrect proof of 00 6= 00 . We begin by giving a
correct formal proof of ¬(x 6= 00 ) `P A 0 = 00 ∧ 0 6= 00 .
1. ¬(x 6= 00 ) Given
2. ¬(x 6= 00 ) → x = 00 Rule T
3. x = 00 MP, lines 1 and 2
4. ∀x(x = 00 ) GEN, line 3
5. ∀x(x = 00 ) → 0 = 00 Axiom 4
6. 0 = 00 MP, lines 4 and 5
7. ∀x(0 6= x0 ) Axiom 9 of PA
8. ∀x(0 6= x0 ) → 0 6= 00 Axiom 4
9. 0 6= 00 MP, lines 7 and 8
10. 0 = 00 ∧ 0 6= 00 L18, lines 6 and 9

Due to the use of generalization on the variable x in line 2, we are blocked

from applying proof by contradiction. If we ignored the restrictions of the
theorem and just charged ahead, we would incorrectly conclude that `P A x 6= 0.
Using this as a lemma, we could apply generalization and Axiom 4 and obtain
the the consequences ∀x(x 6= 00 ) and 00 6= 00 . The only error in this reasoning is
the use of proof by contradiction in a situation with the wrong sort of application
of generalization.
Now that we have a formal justification for proof by contradiction, we should
look at examples of informal arguments based on this principle. Remember that
the negation of P → Q is logically equivalent to P ∧ ¬Q.
Theorem 11. If n2 is even, then n is even.
Proof. We will assume the negation of the theorem, giving us n2 is even and
n is not even. We expect to find a contradiction. Since n is not even, it is not
a multiple of 2, so there is a k such that n = 2 · k + 1. Thus,
n2 = n · n = (2k + 1) · (2k + 1)
= 4k 2 + 4k + 1
= 2(2k 2 + 2k) + 1
Note that 2k 2 + 2k is simply another natural number; call it j. Thus we have

n2 = 2j + 1, and so n2 is odd. This contradicts our assumption that n2 is even,
so we have shown that n2 is even implies n is even.
Theorem 12. At a party of more than two people, there are at least two people
who have the same number of friends at the party.
Proof. We will prove this by contradiction. Assume that there are n people at
the party and that no two people have the same number of friends at the party.
This means that we can match each person to their number of friends and list
them in order:
person 1: 0 friends present
person 2: 1 friend present
person 3: 2 friends present

..
.
person n: n − 1 friends present
Since person n has n − 1 friends present, every person at the party is a friend
of person n. In particular, person 1 is a friend of person n. However, person 1
has 0 friends at the party, so person 1 is no friend of person n. Contradiction!
So there are at least two people with the same number of friends present.
Besides doing party tricks, proof by contradiction can be used to prove the
next interesting theorem about prime numbers. Recall from item 6 in the ex-
ample on page 67 that n is prime if and only if both n > 1 and if k divides n
then k = 1 or k = n.
Theorem 13. There are infinitely many primes.
Proof. We will prove this theorem by contradiction. Assume that there are
finitely many primes, say n of them. We can list them in order:
2 = p1 < p2 < p3 < · · · < pn .
Now consider the natural number q = p1 · p2 · · · pn + 1. Note that pn < pn + 1 ≤

p1 · p2 · · · pn + 1 = q, so pn < q. Because pn is the biggest prime, q is not a
prime.
Since q is not prime and 1 < q, we know q has a prime factorization using
some of the n listed primes, say k of them:
q = p i1 · p i2 · · · p ik .
We have two different expressions for q. Equating them yields
p1 · p2 · · · pn + 1 = pi1 · pi2 · · · pik .
Choose any prime from the prime factorization on the right, say pi1 . Our number
pi1 divides the right side of this equation, so it must also divide the left side.
Because pi1 is a prime, it appears in the list p1 , p2 , . . . pn , and so pi1 divides
p1 · p2 · · · pn . Since pi1 divides the first term of the left side, and it divides the
entire left side, it must divide the second term on the left, so pi1 must divide
1. Thus pi1 = 1, contradicting the assumption that pi1 is a prime! Thus there
must not be a largest prime, and so there are infinitely many.
We used two facts in this proof that deserve further discussion:
If a + b = c, p|a and p|c then p|b.
q is not prime, then it has a prime factorization.
These are both worthy of proofs themselves. They are certainly not obvious
from our basic axioms or from the definitions of divisibility and prime. A math-
ematician would prove these results first, perhaps as lemmas, and then cite them
in the main proof. Let’s prove these lemmas.
Lemma 1. If a + b = c, p|a and p|c then p|b.
Proof. Let a + b = c. Then subtracting a from both sides of this equation gives
b = c − a. Since p|a and p|c, p|(c − a). Because c − a is b, this implies that
p|b.
Lemma 2. Every natural number greater than 1 is either prime or has a prime
factorization.
Proof. We will prove this result by induction.
Base case: n = 2 is prime.
Induction step: Assume all numbers greater than 2 and less than k are prime
or have prime factorizations. We must show that k is either prime or has a prime
factorization. There are two cases: either k is prime or k is not prime. If k is
prime, we’ve attained our conclusion, so we’ll assume k is not prime.
By the definition of prime number, k is not prime implies that we can find
m and d each strictly between 1 and k so that k = m · d. Note that m < k and
d < k, so by the induction hypothesis, m and d are either prime or have prime
factorizations. Since m is a product of one or more primes and d is a product of
one or more primes, k = m · d is a product of two or more primes. Summarizing,
in this case k has a prime factorization, completing the proof of the induction
step, and the entire proof.
Theorem 14. If 2n − 1 is prime, then n is prime.
Proof. We’ll assume that 2n − 1 is prime and that n is not prime, and look
for a contradiction. Since n is not prime, there are factors x and y such that
n = x · y, and 1 < x, y < n.
So
2n − 1 = 2xy − 1 = (2x )y − (1)y
= (2x − 1)((2x )y−1 + (2x )y−2 + ... + 1).
Since we can factor in this way, we have found a factorization of 2n − 1, but
2 − 1 is not equal to either or 2n − 1 because x is not equal to either 1 or n.
x
So 2n − 1 has a factorization different from 1 and itself. Thus 2n − 1 cannot be

prime, contradicting our initial assumption.
Wow! This proof uses a very weighty fact of algebra, which we will leave as
an exercise:
Theorem 15. xn − 1 = (x − 1)(xn−1 + xn−2 + ... + 1)
Every proof by contradiction can be proved directly. In fact, a direct proof
of the contrapositive often is more succinct than a proof by contradiction, but
still allows us to utilize the negation of the conclusion. Consider the following
theorem and proof.
Theorem 16. If n > 2 then there is no m such that n|m and n + m = nm.
Proof. We will prove the contrapositive: If there is an m such that n+m = nm
and n|m then n ≤ 2. Assume that n + m = nm and n|m. Since n|m, we can
find a k such that m = nk. Thus m + n = nk + n = n(k + 1) and nm = n · nk.
Since m + n = nm, we have n(k + 1) = n · nk, so k + 1 = nk. Subtracting k
from both sides and factoring yields 1 = k(n − 1), so k = 1 and n − 1 = 1. Since
m = nk, we have m = 2 as desired.
Exercises.
1. Prove Theorem 15.
2. Prove the following theorems. You may wish to use proofs by contradic-
tion.
Theorem 17. If n2 is odd, then n is odd.
Theorem 18. The sum of the cubes of two consecutive natural numbers
cannot be equal to the cube of the next largest number.
Theorem 19. If m and n are odd then x2 − 2mx + 2n = 0 has no natural
number solution, x.
√
Theorem 20. If for all m, 1 < m < p implies m does not divide p, then
p is prime.
Theorem 21. There are at least two people in the world with exactly
the same number of hairs on their heads.
3.6 Other Strategies

Many strategies for informal proofs follow directly from their formal counter-
parts. Here are a few examples:
Existence: To show something exists, we must either cite it, (i.e., give an
example) or show that it has to occur without actually producing it. This
latter situation is called an indirect proof, and is sometimes accomplished
through a proof by contradiction: Assume that it doesn’t exist and derive
a contradiction.
Uniqueness: To show that something is unique, it is almost always easiest
to assume that there are two with the same properties and then prove
that the two are equal.
If and Only If Statements (iff or ↔ ): From propositional logic, we know
that to accomplish the proof of A ↔ B, we can prove both A → B and
B → A. The two directions might use very different approaches. It is
unusual for such a statement to be proven without dividing it into the two
cases.
Showing that two Expressions are Equal: We have seen direct proofs of
A = B. Sometimes, it is not obvious how to accomplish this. There are
other, equivalent forms of equality that may be easier to prove:
A−B =0
(A ≥ B) ∧ (B ≥ A)
A
B = 1, B 6= 0
3.6. OTHER STRATEGIES 81
Composite Statements: If either the hypothesis or the conclusion is com-

posite, i.e., is a compound statement, we must be careful when deciding
what to assume and what to prove:
1. (A ∧ B) → C. We assume both A and B are true and proceed to

prove C if using a direct method. To use contrapositive methods,
be careful! The conclusion becomes ¬(A ∧ B) which we know from
propositional logic is logically equivalent to ¬A ∨ ¬B.
2. (A ∨ B) → C. This is really two proofs: A → C and B → C.
3. C → (A ∧ B). Assume C and show both C → A and C → B. Again
we need to be careful constructing the contrapositive; the hypothesis
will be ¬A ∨ ¬B.
4. C → (A∨B). This is logically equivalent to C → (¬A → B) and also
logically equivalent to C → (¬B → A). You can pick whichever form
seems best at the moment and start your proof with two hypotheses.
Here are some exercises to sharpen your proof writing skills.
Exercises.
1. Give informal proofs of the following theorems.
Theorem 22. There are natural numbers a, b, and c such that a2 + b2 =

c2 .
Theorem 23. There is a natural number n such that 2n + 7n is prime.
Theorem 24. Every natural number has a unique prime factorization.
Theorem 25. Every pair of natural numbers has a common multiple.
Theorem 26. There is a unique integer n for which 2n2 − 3n − 2 = 0.
Theorem 27. If n is a multiple of 3, then either n is odd or n is a multiple

of 6.
Theorem 28. If n 6= 0 then either n is a multiple of 2 or n = 2k + 1 for

some k.
Theorem 29. No natural number is both even and odd.
Theorem 30. If b is a multiple of 2 and a multiple of 5 then b is a multiple

of 10.
Theorem 31. If a|b, b|c, and c|a, then a = b = c.
Theorem 32. m2 = n2 iff m = n.

(m+n)2
Theorem 33. If m · n = 2 then n = m = 0.
Theorem 34. 3 must divide the sum of any three consecutive numbers.
Theorem 35. If 3|n then 3 divides the sum of the digits of n.

Theorem 36. For any number with at least two trailing zeros, if 4 di-
vides the number obtained by deleting the trailing zeros, the 4 divides the
original number.
Theorem 37. If X is a set with n ≥ 2 elements, then X has 12 n(n − 1)

subsets with exactly 2 elements.
Theorem 38. For n ≥ 1, the equation 1

1·2 + 1
2·3 + ··· + 1
n·(n+1) = n
n+1
holds.
Theorem 39. Every set with n elements has exactly 2n subsets.
Theorem 40. For every n, the number n3 − n is divisible by 3.
¡ ¢
Theorem 41. ∀n > 0 8|(5n + 2 · 3n−1 + 1) .
P
n
Theorem 42. k · k! = (n + 1)! − 1.
k=1
Theorem 43. ∀n ≥ 5 (2n > n2 ).

Theorem 44. If a|b and b|a then a = b.
P
n
n2 (n+1)2
Theorem 45. k3 = 4 .
k=1
2. The greatest common divisor of m and n, denoted by gcd(m, n), is the

largest number that divides both m and n. The least common multiple of
m and n, denoted by lcm(m, n) is the smallest number that both m and
n divide. Prove:
Theorem 46. For all a and b, if a 6= 0 and b 6= 0 then lcm(a, b) = ab
gcd(a,b) .
Chapter 4
Alternation of Quantifiers –
Sequences
In this section we will study sequences and sequence convergence. The state-
ments in this chapter will involve the alternation of quantifiers, so let’s review
some of what we did formally.
Remember that ∀x∃y has a different meaning from ∃y∀x. In the first, we
are required to produce for each x, a corresponding y, and in the second we are
required to produce a single y that works for every x. Let’s review this idea
with an example:
Let the universe be the set of people Tom, Dick and Harry. Consider the
predicate P (x, y) = x likes y. Then all possible alternating quantifiers are:
∀x∃y(P (x, y)) which translates to everyone likes someone.

In particular for our universe we would have to identify someone Tom likes,
someone Dick likes and someone Harry likes. The ”someones” could all be the
same or different - doesn’t matter.
∀y∃x(P (x, y)) which translates to everyone is liked by someone.

In particular for our universe we would have to identify some person Tom,
Dick and Harry all like. Here it has to be the same person for all three.
∃x∀y(P (x, y)) which translates to someone likes everyone.

We have to identify one person who likes everyone of Tom, Dick and Harry.
∃y∀x(P (x, y)) which translates to someone is liked by everyone.

We have to identify one person who is liked by all of Tom, Dick and Harry.
Having this under our belts, notice the occurances of alternating quantifiers
in the basic definitions about sequences below.
83
84 CHAPTER 4. ALTERNATION OF QUANTIFIERS – SEQUENCES
4.1 Sequences, Bounds and Convergence

We start with a definition of sequence.
Definition. A sequence is a mapping from N → R, for which every n in N is

mapped to a unique an in R, i.e., the sequence is a function from N into R.
When an is the n-th term, we write the sequence as
han i
where n takes on every value in N, unless otherwise stated.
Here are some examples to investigate:
hni: 0, 1, 2, 3, 4, . . . , n, . . .
h2−n i: 1, 12 , 14 , 18 , . . . , 21n , . . .
h2−n i∞
1 :
1 1 1 1
2 , 4 , 8 , ..., 2n , . . .
h(−1)n i∞
0 : 1, −1, 1, −1, 1, −1, 1, . . .
hni∞
3 : 3, 4, 5, 6, . . . , n, . . .
Let’s start by investigating convergence of sequences. What does this mean?

We say that a sequence converges if it eventually settles down to some real value,
L. By this we mean that we want the sequence to stay close to L after it settles
down, i.e., it can’t start to drift away again. We don’t care how far out in the
sequence we have to look before we see this trend.
In calculus we used a simple approach for estimating L for a given series.
We looked at the dominating terms:
n n
an = 2n+1 is about the same as 2n when n is really large, so we expect the
1
series to settle down near 2 for large n.
an = n2n+1 is about the same as nn2 when n is really large, so we expect the
series to behave like n1 as n gets really large. Thus this sequence is getting really
close to 0.
an = n grows larger and larger, so it never settles down to a finite number.
In this case, we could say that an doesn’t converge or that an → ∞.
an = sin(n) oscillates back and forth, so it never settles down to any number,
and it doesn’t grow larger and larger. Here we would say that an doesn’t
converge.
How can we say this mathematically and precisely?
Definition. han i converges to L < ∞, written an → L, if and only if
∀² > 0 ∃N ∈ N ∀m > N (|am − L| < ²).

4.1. SEQUENCES, BOUNDS AND CONVERGENCE 85
Notice the alternation of quantifiers ∀∃. We are required for a given ² to

produce an index N after which the terms in the sequence are within ² of L.
We’ll use this idea to build some proofs later in this section.
The last example above doesn’t converge, but it does stay trapped between
1 and -1. This leads to another definition (actually three definitions in one).
Definition. han i is bounded from above if and only if ∃U ∀n (an ≤ U ). The
sequence han i is bounded from below if and only if ∃L ∀n (an ≥ L). The
sequence han i is bounded if and only if ∃U ∃L ∀n (L ≤ an ≤ U ).
Notice the alternation of quantifiers here again, this time ∃∀. So we are
required to produce a bounding number that works for all elements of the se-
quence. Let’s use the definitions to prove some convergence results:
Theorem 1. h 2n+1
n
i converges to 12 .
So how do we get started? Suppose we have the ². Then we need to give an
N so that m > N gives: ¯ ¯
¯ m 1 ¯¯
¯ −
¯ 2m + 1 2 ¯ < ²
Working backwards from here, we see that
¯ ¯
¯ 2m − (2m + 1) ¯
¯ ¯
¯ 2(2m + 1) ¯ < ²
1
<²
2(2m + 1)
Solving this for ² gives
1
< 2m + 1
2²
So it looks like
1
2² −1
m>
2
would give us what we need.
How do we write this up in a proper proof?
2² −1
1
Proof. Fix ² > 0, and consider N = 2 . Let m > N . Then
¯ ¯
¯ m 1¯
|am − L| = ¯¯ − ¯¯
2m + 1 2
¯ ¯
¯ −1 ¯
= ¯¯ ¯
2(2m + 1) ¯
1
=
2(2m + 1)
1
< h ³ 1 −1 ´ i
2 2 2²
2 + 1
1
= 1 = ².
²
Thus, for any given ² > 0, we have shown how to produce an N such that if
m > N then |am − L| < ².
Theorem 2. h 2n+1
n
i is bounded.
This is an easy theorem to prove; we simply have to come up with two

numbers, a lower bound and an upper bound, for the sequence. Looking at the
first few numbers in the sequence gives:
n 1 2 3
h i : 0, , , , ...
2n + 1 3 5 7
Notice that this peaks at 1 and then the numbers are all less than 1 and
greater than 0. So the proof is going to be quite simple:
Proof. Consider the sequence h 2n+1

n
i, and let U = 1 and L = 0. Clearly, for
every n, 0 ≤ 2n+1 ≤ 1, so L ≤ 2n+1
n n
≤ U and thus the sequence is bounded.
(
2−n if n is even
Theorem 3. If an = then han i converges to 0.
3−n if n is odd
This sequence is more complicated. How do we handle this case? First of

all, what does this sequence look like?
1 1 1 1 1
1, , 2 , 3 , 4 , 5 , ...
3 2 3 2 3
So it’s components of the two sequences:
1 1 1 1 1
1, , 2 , 3 , 4 , 5 , ...
2 2 2 2 2
1 1 1 1 1
1, , 2 , 3 , 4 , 5 , ...
3 3 3 3 3
Let’s look at the convergence of these two sequences first. Clearly they both
converge to 0. Starting with 2−n let’s work backwards again to see if we can
write N in terms of ². We’ll come back to theorem 3 afterwards.
Theorem 4. h2−n i converges to 0.
¯ −N ¯
¯2 − 0¯ < ²
2−N < ²
One way to solve for N would be to take the log2 of both sides:
−N < log2 ²
N > − log2 ²
4.1. SEQUENCES, BOUNDS AND CONVERGENCE 87
Ok; so recapping, the proof should work as follows: Fix ², and let N =
− log2 ². Algebra should get us
¯ −N ¯
¯2 − 0¯ < ²
Let’s write this out formally, just to be sure:
Proof. (Theorem 4) Choose an arbitrary ² > 0, and consider N = − log2 ².

For the sequence h2−n i and m > N , we need to show that
¯ −m ¯
¯2 − 0¯ < ².
We have
¯ −m ¯
¯2 − 0¯ = 2−m .
Since m > N and N = − log2 ², we have that m > − log2 ², so:
¯ −m ¯
¯2 − 0¯ < 2log2 ² = ².
The proof for convergence of h3−n i should work the same way using an N
of − log3 ². How do we combine these to prove Theorem 2? We need to find an
N that works regardless of whether the later term is 2−m or 3−m .
So what we really need to do is to choose the larger N given ², i.e., choose
the larger of − log2 ² and − log3 ². This will guarantee that we are far enough
out on the sequence so that the terms are within ² of 0. Which if these two logs
is larger? That depends on ², and since we don’t want to make any assumptions
regarding ², we will simply let N = max{− log2 ², − log3 ²}.
Here is the proof of Theorem 3:
Proof. (Theorem 3) Choose an arbitrary ² > 0, and consider the number N

defined by N = max{− log2 ², − log3 ²}. For the sequence han i and m > N , we
need to show that
|am − 0| < ².
Consider the following cases:
When m is even, we can say that N ≥ − log2 ², so we have that m > N
implies m > log2 ². Thus
¯ ¯
|am − 0| = ¯2−m − 0¯ < 2log2 ² = ².
When m is odd, we can say that N ≥ − log3 ², so we have that m > N
implies m > log3 ². Thus
¯ ¯
|am − 0| = ¯3−m − 0¯ < 3log3 ² = ².
In the proofs above, simple algebra allowed us to solve for N in terms of

². Sometimes bounding the sequence by another, simpler sequence is a better
approach.
2
3 +1 i converges to 0.
Theorem 5. h n2n
2N 2
How should we proceed? We could try to solve N 3 +1 < ² for N in terms of
². This would be very messy:
2N 2
<²
N3 + 1
2N 2 < ² · (N 3 + 1)
2N 2 − ² · (N 3 + 1) < 0
Yuk! It’s cubic in N .
A better approach: Note that
2N 2 2N 2 2
< =
N3 + 1 N3 N
because we have made the denominator smaller by subtracting 1, and hence the
fraction is larger.
This implies that if we find an N that works for the series with general
2
term N2 then it will also work for the series with general term N2N
3 +1 . Why?
2
The inequality tells us that no matter what index we are interested in, N2N
3 +1 is
2 2
below N , so if we find the place on N where all subsequent terms are within ²
2
of L, all subsequent terms of N2N
3 +1 will also be within ² of L.
So we have a new question: What N works for h N2 i? Let’s try the algebraic
way of getting N in terms of ²:
2
−0<²
N
2
<N
²
How do we put this all together in our proof?
2
Proof. Choose an arbitrary ² > 0, and consider N = ². For the sequence
2
3 +1 i and m > N , we need to show that
h n2n
¯ ¯
¯ 2m2 ¯
¯ ¯
¯ m3 + 1 − 0¯ < ².
We have
¯ ¯
¯ 2m2 ¯ 2
¯ − 0 ¯ = 2m < 2 .
¯ m3 + 1 ¯ m3 + 1 m
Since m > N and N = 2² , we have that m > 2² , so:
¯ ¯
¯ 2m2 ¯ 2 2
¯ ¯
¯ m3 + 1 − 0¯ < m < 2 = ².
²
4.2. MORE ON CONVERGENCE AND BOUNDEDNESS 89
Exercise 4.1. Do the following sequences converge? If so, to what? Are they
bounded? If so, by what? Provide proofs for those that converge and/or are
bounded.
1
a. an = 1 + n
1+(−1)n
b. an = 2
1 1 1
c. an = 1 + 2 + 3 + ... + n
2n
d. an = 3n+1
3n+7
e. an = n
n2
f. an = n+1
n2
g. an = 2n2 +1
h. an = (−1)n 2−n
sin(n)
i. an = n
n!
j. an = 2n
k. an = 5n
4−n (where n ≥ 5)
4.2 More on Convergence and Boundedness

Now that you have worked with some specific sequences, we will think about
general properties of sequences. To start, try to find examples for the following
exercises.
Exercise 4.2. Find examples for each, if possible:
a. A sequence that is bounded but does not converge.

b. han i and hbn i do not converge but han + bn i does.
c. han i and hbn i do not converge but han · bn i does.
d. A sequence that is not bounded.
e. h|an |i converges to A but han i does not converge.
f. Is there a sequence that converges to two different numbers?
g. Is there a convergent sequence that is not bounded?
These ideas lead to us to conjecture some theorems:

Theorem 6. Every convergent sequence is bounded.
How shall we start this one? Let the limit be A and note that eventually
(for m’s greater than some N ) |am − A| < 1, or
A − 1 < am < A + 1.
Why? We are using the definition for the specific case of ² = 1. Thus a lower
bound can be found by choosing the smallest number from the set {a1 , a2 , ..., an , A−
1} and an upper bound can be found by choosing the largest number from the
set {a1 , a2 , ..., an , A + 1}.
Proof. Suppose |an | converges to A. Choose ² = 1; then there is an N such
that m > N implies
A − 1 < am < A + 1.
Let L = min{a1 , a2 , ..., an , A − 1} and U = max{a1 , a2 , ..., an , A + 1}. Then for
all n, L < an < U .
Theorem 7. The limit of a convergent sequence is unique.
So how will we prove this? In the standard way: Assume there are 2 limits
and show that they must be equal. This is not so easy as it sounds. Here is a
proof. Notice that we are using a specific ² again.
Proof. We will prove this by contradiction. Assume han i converges to A and
also to B, and assume that A < B. Let ² = 12 (B − A). Since han i converges to
A, we know that there is an N1 such that for all m > N1 we have |am − A| < ²
or
A − ² < am < A + ².
Similarly, since han i converges to B, we know that there is an N2 such that
for all m > N2 we have |am − B| < ² or
B − ² < am < B + ².
As long as we are beyond both N1 and N2 , we have:
1 1
A + ² = A + (B − A) = B − (B − A) = B − ²
2 2
This is a contradiction, since B − ² < am < A + ².
This is not the only way to prove this theorem. Can you develop another
proof?
Theorem 8. If han i converges to A and hbn i converges to B then han + bn i
converges to A + B.
So how do we approach this? We need
|(aN + bN ) − (A + B)| < ²
or
|(aN − A) + (bn − B)| < ².
Can we say that |aN − A| < 2² and |bN − B| < 2² ? Sure! The definition says
that we have the result for all ², so we also have it for any 2² . Here is the proof:
4.3. A NOTE ON DIVERGENT SEQUENCES 91
Proof. Choose ² > 0. Since han i converges to A, we know that there is an N1

such that for all m > N1 we have |am − A| < 2² .
Similarly, since hbn i converges to B, we know that there is an N2 such that
for every m > N2 we have |bm − B| < 2² .
Let N = max{N1 , N2 }. Then for all m > N , we have
|(am + bm ) − (A + B)| ≤ |am − A| + |bm − B| < ².
Here are some more theorems to prove.

Theorem 9. If han i converges to A then hc · an i converges to cA.
Theorem 10. If han i converges to A then hc + an i converges to c + A.
Theorem 11. han i converges to A iff han − Ai converges to 0.
Theorem 12. If han i converges to A, hbn i converges to A and for all n the
inequality an ≤ cn ≤ bn holds, then hcn i converges to A as well.
Theorem 13. If han i converges to A, hbn i converges to B and for all n the
inequality an ≤ bn holds, then A ≤ B.
Theorem 14. han i converges to A inplies that h|an |i converges to |A|.
Theorem 15. If han i converges to 0 and hbn i is bounded, then han ·bn i converges
to 0.
Theorem 16. If han i converges to A and hbn i converges to B then han · bn i
converges to A · B.
Theorem 17. If han i converges to A and hbn i converges to B, with B 6= 0 and
∀n, bn 6= 0, then h abnn i converges to B
A
.
4.3 A Note on Divergent Sequences

Are there sequences that don’t converge? Yes! We already saw that hni diverges
to ∞ and that hsin(n)i doesn’t ever settle down. How can we prove that a
sequence diverges? To understand this, we need to examine the negation of
the definition of convergence. Let’s start with a more formal version of the
definition:
han i converges iff ∃L ∀² > 0 ∃N ∈ N ∀m > N (|am − L| < ²).
The negation is:
han i diverges iff ¬∃L ∀² > 0 ∃N ∈ N ∀m > N (|am − L| < ²).
Now let’s use our knowledge of negation and quantifiers to push the negation
all the way to the interior of the formula:
han i diverges iff ∀L ∃² > 0 ∀N ∈ N ∃m > N (|am − L| ≥ ²).
So we need to show that if we choose an arbitrary L, there is an ² that works

for all N . Let’s try a simple one:
Theorem 18. The sequence hni diverges.
To do this proof, choose an arbitrary L. We need find an ² so that we end
up with
|N − L| ≥ ²,
and it needs to work for some m > N no matter what N is chosen. If we
choose ² = 12 and we pick an arbitrary N we can find a number m > N , namely
m = N + 1 + L so that |m − L| ≥ ², since |am − L| = |m − L| = |N + 1 + L − L| =
N + 1 ≥ 12 .
1
Proof. Choose an arbitrary L, let ² = 2, and choose an arbitrary N . Then
consider m = N + 1 + L:
1
|m − L| = |N + 1 + L − L| = N + 1 ≥ = ².
2
When a bounded sequence diverges, its values tend to oscillate within a
restricted range. It is often easiest to start the proof by selecting a value b and
a quantity ² such the sequence bounces above b + ² infinitely many times and
below b − ² infinitely many times. For any L there are two possible cases. If
L ≥ b (so L is high), then for any N there is an m > N such that b − ² > am
(so am is low) and consequently, |am − L| ≥ b − am > ². On the other hand, if
L < b (so L is low), then for any N there is an m > N such that b + ² < am
(so am is high) and consequently, |am − L| ≥ am − b > ². Of course, the initial
choices of b and ² will depend on the sequence.
Exercise 4.3. Prove that the following sequences diverge.
a. an = n + 5
b. an = n2
c. an = n!
Exercise 4.4. Prove that the following bounded sequences diverge.
a. an = (−1)n
b. an = cos(nπ/2)
c. an = sin(n)
Hint: For any N , obtain m by rounding N · 2π up to the next largest
integer (i.e. m = dN · 2πe). If we view m as an angle in radians it will
correspond to an angle between 0 and 1 radians. Thus m + 1 will be an
angle between 1 and 2 radians, so sin(m + 1) ≥ .8. Also, m + 4 will be
between 4 and 5 radians, so sin(m + 4) ≤ −.75.
Exercise 4.5. Prove that the sequence an = n sin(n) diverges. (Hint: Use the
hint from exercise 4.4c.)

A Primer For Logic and Proof

Uploaded by

Copyright:

Available Formats

A Primer For Logic and Proof

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A Primer For Logic and Proof

Uploaded by

Copyright:

Available Formats

A Primer for Logic and Proof

Holly P. Hirst and Jeffry L. Hirst

3 Transition to Informal Proofs 63

4 Alternation of Quantifiers – Sequences 83

There is a significant shift in the emphasis of undergraduate mathematics be-

is very mathematical, and sidesteps many philosophical issues that appear in

1.1 Building Blocks

Example. Here are three examples of propositions.

Propositions can be combined with connectives such as and and implies to

Example. Here are three examples of compound propositions.

2 is prime, and 4 + 6 = 10.

Today it is raining implies that tomorrow the sun will shine.

Be careful with multiple connectives! English can be quite ambiguous. Take

• lower case letters (like a, b, c, etc.) for simple propositions, and

• UPPER CASE LETTERS (like A, B, C, etc.) for compound propositions.

a is a sufficient condition for b,

b is a necessary condition for a.

Truth tables for compound propositions

Example. Build an abbreviated truth table for p → (q ∨ r)

Example. Build an abbreviated truth table for ¬(p → q)

Example. Compare the truth tables for (a ∨ b) ∧ c and a ∨ (b ∧ c).

a means “Fritz likes trout.”

The first translation of ¬(b ∧ c) is a direct substitution of English for formal

Common sense and truth

1.2 Tautologies and Contradictions

Example. Show that p ∨ ¬p is a tautology.

1.3 Logical Equivalence

1.4 Contrapositives and Converses

Definition. The contrapositive of the conditional P → Q is ¬Q → ¬P .

Example. The contrapositive of a → (b ∨ c) is ¬(b ∨ c) → ¬a.

Example. We say that a mapping is 1–1 if x 6= y implies that f (x) 6= f (y).

Sometimes the contrapositive of a formula is easier to prove than the original

Theorem (Contrapositive Theorem). Every conditional formula is logically

Definition. The converse of the conditional P → Q is Q → P .

Example. The converse of a → (b ∨ c) is (b ∨ c) → a.

Example. We say that a mapping is well-defined if every input has a unique

f (x) is well defined means that x = y → f (x) = f (y).

f (x) is 1–1 means that f (x) = f (y) → x = y.

We can see that “f (x) is well-defined” is the converse of “f (x) is 1–1.”

To prove a biconditional like p ↔ q, a mathematician often proves p → q

2. Write the converses of the following.

3. Show that a → b is not logically equivalent to its converse.

4. Show that a → a is logically equivalent to its converse.

1.5 Analysis of Arguments

Example. Show that the following argument is logically valid.

I never wear a hat.

Tomorrow is not Monday.

If you’ve driven a Ford lately, then you’ll buy a used Pinto.

Fritz wears a parka.

1.6 A Proof System

• the result of applying Modus Ponens,

• a hypothesis (that is, a given formula), or

The last formula in a proof is called a theorem. We write `L A if A is a

Axiom 2: (A → (B → C)) → ((A → B) → (A → C))

Axiom 3: (¬B → ¬A) → ((¬B → A) → B)

Our first proof

Proofs using hypotheses

Theorem L 10. `L (¬B → ¬A) → (A → B)

Theorem L 11. `L ¬¬B → B