On the Soundness and Completeness of Equational Predicate Logics

George Tourlakis

Technical Report CS-1998-08

November 2, 1998

Department of Computer Science

4700 Keele Street North York, Ontario M3J 1P3 Canada
On the soundness and completeness of Equational Predicate Logics

George Tourlakis, York University

[email protected]

Abstract

We present two different formalizations of Equational Predicate Logic, that is, first order logic
that uses Leibniz’s substitution of “equals for equals” as a primary rule of inference.
We prove that both versions are sound and complete. A by-product of this study is an
alternative proof to that contained in [GS3], that the “full” Leibniz rule is strictly stronger
than the “no-capture” Leibniz rule, this result obtained here for a complete Logic.
We also show that under some reasonable conditions, propositional Leibniz, no-capture
Leibniz, and a full-capture version are all equivalent, provided that the latter is restricted to
act on universally valid premises whenever capture is allowed.

Introduction.

Equational Logic, as proposed by Dijkstra and Scholten [DSc], and propounded

in the recent text and papers by Gries and Schneider [GS1, GS2, GS3], is finding
its way in Computer Science curricula towards satisfying the “Discrete Math”
requirements therein.
It is argued by its proponents that Equational Logic is the pedagogically
proper setting to do proofs—i.e., work within the theory. It is also a fair ob-
servation that Equational Logic may be more cumbersome than “standard”
approaches (e.g., [Sh, En, Man, Men]) when it becomes the object of study,
in the metatheory—although this phenomenon depends on what semantics we
wish to implement.†
The department of Computer Science at York University is currently us-
ing the equational approach to teaching logic to its first year undergraduates.
Understandably, as [GS1] is addressed to undergraduates—and therefore it em-
phasizes the theory at the expense of the metatheory—it does not address the
question of either soundness or completeness of its Equational Predicate Cal-
culus.‡ Indeed [GS1] leaves most of the syntax (and semantics) of the first
order language where this Calculus is to be “spoken” up to the discretion of the
instructor. The set of axioms in [GS1] has a high degree of redundancy, and
the pivotal rule, Leibniz, is given under many guises which may be somewhat
confusing. Moreover it is very hard to ascertain which rules of inference the
authors of [GS1] wanted to be applicable to “universally valid” formulas only,
and which ones to be applicable on any premises without restriction. (This
uncertainty has triggered many spirited, but productive, e-mail exchanges with
† If “A logically implies B” means that every model of A is a model of B, then we have

a more cumbersome metatheory (e.g., a cumbersome Deduction Theorem, [Sh, Men]). If on

the other hand it means “every instantiation of the object variables that makes A true also
makes B true”, then the metatheory is easier. In particular, a surprisingly easy to prove—and
apply—Deduction Theorem becomes available ([Bou, En]).
‡ [GS2] cover these questions for the Propositional fragment of the Calculus.
2

colleagues at York University who, like the author, are teaching “Discrete Math”
using the [GS1] text).
We aim in this paper to provide a precise syntax and semantics of a first
order language and classical logic, as faithfully as possible to the spirit of the
Equational Logic outlined in [GS1], and then to carefully develop the metatheory
to the point that soundness can be derived in a self contained manner. We
also address (and prove) completeness by showing that the Equational Logic
of [GS1]—as it is systematically reincarnated here—is an extension of some
standard first order logic (our “standard” yardstick is the approach taken in
Shoenfield [Sh]).
As a by-product, we have reduced the very large number of Predicate Logic-
specific axiom schemata offered in [GS1] (Chapters 8 and 9) to just two, and
have reduced the additional “Leibniz” rule that is proposed in [GS1]—(8.12)
in Chapter 8—to a derived rule status (with a correction). Naturally, these
reductions will make Equational Calculus even more attractive, as they will
reduce the burden placed on memory of both students and instructors—not to
mention that it makes the metamathematics much easier.
Formalizing an informal logic is not easy. One has to try to understand what
the “intentions” of the informal version were, and implement them faithfully
through the syntactic apparatus. Unfortunately, it is in the nature of “informal
intentions” to be vague.
In this instance we inferred, partly from the practices in [GS1] and partly
from those in [GS3] the following two important points, which shaped our for-
malization (sections 1 and 2):

(1) Every rule is supposed to be applicable to arbitrary formulas, not just to

“universally valid” formulas. We draw this “inference” especially from [GS3]
([GS1] give short shrift to the concept of proofs from a set of “nonlogical”
axioms).
Indeed, all the rules of inference in [GS3] are given in the format (for exam-
ple) “(Equanimity) ` P, ` P ≡ Q −→ ` Q” where −→ is metalogical.
In [GS3], since all the rules are given in exactly this format—even the propo-
sitional rules—we had to conclude that the “unary” ` must mean “deducible
from some (unspecified) nonlogical axioms”, otherwise this logic would not
be usable as a tool for reasoning in any mathematical theory!†
This usage of “`-notation” is widespread—e.g., [Sh] writes “` A” meaning
that A is provable from some (unspecified) nonlogical axioms, but on occa-
sion writes `T and `T 0 if deductive power of two sets of nonlogical axioms,
T, T 0 is being compared.

(2) Should we, or should we not, restrict the rule “Leibniz” so that no “capture”
of object variables occurs during its application?
† Obviously, one cannot, e.g., “prove p ∨ q from p”, if every rule is undefined except when

it applies to universally valid premises. With such rules, all theorems have to be universally
valid—and p ∨ q is not.
 1. Syntax 3

The definitive answer was furnished by the proof-sketch of (9.16) (Meta-

theorem “generalization”) in [GS1]. A pivotal step in the proof is that,
once A ≡ true is deduced, then, (∀x)A ≡ (∀x)true follows by Leibniz.
Since A is expected to have x free in the “interesting case”, clearly, variable
capture during an application of Leibniz is allowed in [GS1].†

The layout of the paper is as follows: Section 1 introduces the formal lan-
guage. Section 2 builds a theory on top of this language (we refer to any such
theory as an E-theory or E-logic). Section 3 introduces a host of metatheorems—
that we will use towards the metatheoretical results of sections 4, 5 (on sound-
ness and completeness, respectively) and 6—including the Deduction Theorem.
The latter is heavily used in section 6, where the equivalence between our version
of E-logic and the “original” version of [GS1] is proved. Most of the technical
apparatus developed in this paper was aimed at making the proofs in section 6
“accessible”. The “main lemma” in sections 4–5 is lemma 5.3 that shows the
eliminability of propositional variables. In section 7 we look at an alternative
formalization, based on a weaker form of the Leibniz rule that avoids object
variable “capture”. In the course of the discussion it emerges that “no-capture
Leibniz” is equivalent to a “propositional” version of Leibniz and to a full cap-
ture version—which restricts its premises to be provable with no nonlogical
axioms in those cases that capture occurs. It is also seen that either of these
formulations is strictly weaker than “full” Leibniz (Inf2 of section 2) providing
a simple alternative proof to a result of [GS3].
A word on the proof of the Deduction Theorem is pertinent here. We opted to
do it the “hard way”, that is, do it within the Equational Calculus setting rather
than in an equivalent “standard” calculus.‡ Handling the “Leibniz” rule in the
present setting required a few lemmata and a second induction (on formulas)
within the proof, making it uncharacteristically long (compare with the proof
in [Sh]). This anecdote fortifies our belief that the Equational Calculus is best
suited to do proofs, rather than study them.

1. Syntax
We think of a first order language, L, as triple L = (V, Term, Wff), where V
is the alphabet, i.e., the set of basic syntactic objects (symbols) that we use to
built “terms” and “formulas”. We start with a description of V , and then we
describe the set of terms (Term) and the set of formulas (Wff).

Alphabet
† One cannot gloss over this by “dummy renaming”. Interestingly, in [GS3] it is stated that

the Leibniz in [GS1] avoids capture. This must be a typo in [GS3], given the “evidence” to
the contrary.
‡ This would necessitate a metaproof of that equivalence, and in view of the presence of

propositional variables and the rule of substitution in [GS1]—none of which are present in, say,
[Sh, En, Men, Man, Ba]—would lengthen our exposition in a different, unnecessary, direction.
 4

1. Object variables. An enumerable set x1 , x2 , . . . . We normally use the meta-

symbols x, y, z, u, v, w with or without primes to stand for (object) variables.

2. Boolean (or Sentential, or Propositional) variables. An enumerable set v1 , v2 , . . . .

We normally use the metasymbols p, q, r with or without primes to stand for
Boolean variables.

 These variables will be place-holders for well-formed formulas. This is a

necessary contraption to allow the Substitution rule of inference, to simulate
axiom schemata, since the latter are not allowed in the “propositional part”
of [GS1].† 
3. Equality (between “objects”—see below for its syntactic role), “=”.

4. Brackets, ( and ).

5. The Boolean or propositional connectives, ≡, ⇒, ∨, ∧, ¬.

6. The quantifier, ∀ (the existential quantifier, ∃, will be taken to be a meta-

symbol, introduced definitionally).

7. The special Boolean (propositional) constants true and false.

8. A set of symbols (possibly empty) for constants. We normally use the meta-
symbols a, b, c, d, e, with or without subscripts, to stand for constants unless
we have in mind some alternative “standard” notation in selected areas of
application of the 1st order logic (e.g., ∅, 0, ω, etc.).

9. A set of symbols for predicates or relations (possibly empty) for each possible
“arity” n > 0. We normally use P, Q, R with or without primes to stand for
predicate symbols.

10. Finally, a set of symbols for functions (possibly empty) for each possible
“arity” n > 0. We normally use f, g, h with or without primes to stand for
function symbols.

 1.1 Remark. Any two symbols mentioned in items 1–10 are distinct. More-
over (if they are built from simpler “sub-symbols”, e.g., x1 , x2 , x3 , . . . might
really be x|x, x||x, x|||x, . . . ), none is a substring (or subexpression) of any other. 
Terms and Formulas
† In [GS3], while substitution is dropped in favour of adopting axiom schemata throughout,

propositional variables are retained, presumably to facilitate statement and application of the
Leibniz rule.
 1. Syntax 5

1.2 Definition. (Terms) The set of terms, Term, is the ⊆-smallest set of
strings or “expressions” over the alphabet 1–10 with the following two proper-
ties:
Any of the items in 1 or 8 (a, b, c, x, y, z, etc.) are in Term.
If f is a function‡ of arity n and t1 , t2 , . . . , tn are in Term, then so is the
string f t1 t2 . . . tn . 

1.3 Definition. (Atomic Formulas) The set of atomic formulas, Af, contains
precisely:
1) The symbols true, false, and every Boolean variable (that is, p, q, . . . ).
2) The strings t = s for every possible choice of terms t, s.
3) The strings P t1 t2 . . . tn for every possible choices of n-ary predicates P (for
all choices of n > 0) and all possible choices of terms t1 , t2 , . . . , tn .

1.4 Definition. (Well-Formed Formulas) The set of well-formed formulas, Wff,

is the ⊆-smallest set of strings or “expressions” over the alphabet 1–10 with the
following properties:

a) Af ⊆ Wff.
b) If A, B are in Wff, then so are (A ≡ B), (A ⇒ B), (A ∧ B), (A ∨ B).
c) If A is in Wff, then so is (¬A).
d) If A is in Wff and x is any object variable (which may or may not occur (as
a substring) in the formula A), then the string ((∀x)A) is also in Wff.
We say that A is the scope of (∀x).

 1.5 Remark. (1) A, B in the definition are so-called syntactic or meta-variables,

used as names for (arbitrary) formulas. In general, we will let the letters
A, B, C, D, E (with or without primes) be names for well-formed formulas, or
just formulas as we often say.
(2) We introduce a meta-symbol (∃) solely in the metalanguage via the def-
inition “((∃x)A) stands for, or abbreviates, (¬((∀x)(¬A))).”
(3) We often write more explicitly, ((∀x)A[x]) and ((∃x)A[x]) for ((∀x)A)
and ((∃x)A). This is intended to draw attention to the variable x of A, which
‡ We will omit the qualification “symbol” from terminology such as “function symbol”,

“constant symbol”, “predicate symbol”.

6

has now become “bound”. Of course, notwithstanding the notation A[x] (which
only says that x may occur in A), x might actually not be a substring of A.
In that case, intuitively, ((∀x)A), ((∃x)A) and A “mean” the same thing. This
intuition is actually captured by the axioms and rules of inference, as we show
in section 3 (3.7).
(4) In [GS1] the preferred metanotation for ((∀x)A) and ((∃x)A) is (∀x| :
A) and (∃x| : A), respectively. They also have special (meta) notation for
“bounded” quantification, that is (∀x|B : A) and (∃x|B : A) stand for ((∀x)(B ⇒
A)) and ((∃x)(B ∧ A)) respectively. In [GS1] the “B” part is called the “range”
of the quantification.
(5) To minimize the use of brackets in the metanotation we adopt standard
priorities, that is, ∀, ∃, and ¬ have the highest, and then we have (in decreasing
order of priority) ∧, ∨, ⇒, ≡. All associativities are right (this is in variance with
[GS1], but is just another acceptable—and common—convention of how to be
sloppy in the metalanguage, and get away with it).
(6) The language just defined, Wff, is one-sorted, that is, it has a single sort
or type of object variable. If one wants to admit several sorts, e.g., i1 , i2 , . . . for
variables intended to take integer values upon interpretation, r1 , r2 , . . . intended
to take real values, b1 , b2 , . . . intended to take Boolean values (true or false),
etc., then we need a more elaborate definition of syntax.
We will need a different quantifier symbol for each sort, say, ∀i , ∀r , ∀b , etc.,
and for each sort a dedicated “equality” predicate (=i , =r , =b , etc.). Moreover,
function symbols will have a sort or type associated with them (which will be
the type of their right field in the intended interpretation). This will induce
sorts (types) to all terms.
In the end of the day, we will turn around and use metanotation, suppressing
the sort-subscripts (exactly as [GS1] do) and will let the context fend for the
various (intended) sorts in the applications.
For this reason we do not burden the formal definition with many sorts. This
deliberate omission will not restrict the applicability (to the multi-sorted case)
of the few proof-theoretic and model-theoretic results included here.
It should be stated at once that should we feel the need to employ a Boolean
object variable type explicitly, b1 , b2 , . . . , we would not allow the bi to be the
same as the v1 , v2 , . . . . The former are terms, the latter are (atomic) well formed
formulas. 
2. Axioms and Rules of Inference
The axioms and rules of inference will be chosen from [GS1]. We will not allow
schemata in the so-called propositional (or Boolean) axioms, in order to agree
with the present [GS1] edition. This decision will necessitate the presence of a
substitution rule among the rules of inference. We will deviate somewhat in the
choice of axioms outside the propositional domain, to maximize convenience. In
particular, we will only adopt one among the proposed axioms in [GS1] (Ax2
 2. Axioms and Rules of Inference 7

below), and one easy to memorize theorem that occurs in [GS1] (namely, the
“standard” axiom-schema of instantiation or specialization) as our axiom Ax3.
This apparatus will be sufficient to ensure completeness as we will show.

2.1 Definition. (Axioms and Axiom schemata)

Ax1. Include all propositional calculus axioms from [GS1] (there is no harm to
actually include all tautologies, as, e.g., Enderton [En] and Manin [Man]
do).†
Ax2. (Schema) For every formulas A and B such that the variable x does not
occur free in A, add
A ∨ (∀x)B ≡ (∀x)(A ∨ B)

NB. The above is (9.5) in [GS1]. It is not necessary to introduce the

“range” part.
Ax3. (Schema) For every formula A, add
(∀x)A ⇒ A[x := t], for any term t
with a condition on t. The condition is that during substitution no vari-
able of t (all such are free, of course) was “captured” by a quantifier. We
say that “t must be substitutable in x”.
NB. We often see the above written as
(∀x)A[x] ⇒ A[t]
or even
(∀x)A ⇒ A[t]
where the presence of A[x] (or (∀x)A, or (∃x)A) and A[t] in the same
context means that t replaces all x occurrences in A.
Ax4. (Schema) For each object variable x, add x = x.
Ax5. (Leibniz’s characterization of equality—1st order version. Schema) For
any formula A, any object variable x and any term t that is substitutable
in x (in A), add
x = t ⇒ A ≡ A[x := t]
NB. The above is written usually as
x = t ⇒ A[x] ≡ A[t]
or even
x = t ⇒ A ≡ A[t]

† Every propositional calculus formula is in Wff, of course, by definitions 1.2–1.4.

 8

 2.2 Remark. (1) In any formal setting that introduces many-sorts explicitly
in the syntax, one will need as many versions of Ax2–Ax5 as there are sorts.
An alternative formal approach is to have only one sort of object variable but
introduce one-place predicates Di , Dr , Db , etc., in the alphabet—one for each
sort—with the intended meanings: Di (x) “says” that x is an integer, Db (x)
“says” that x is boolean, etc.
Thus, instead of, say, (∀b x)A one would write (∀x)Db A—which is a short
form of (∀x)(Db (x) ⇒ A)—etc.
(2) Axioms Ax4–Ax5 characterize equality between “objects”. [GS1], while
they employ this type of “Leibniz” in their exposition, they do not seem to
actually formally adopt the point of view of Predicate Calculus with equality.
In any case, adding these two axioms makes this system (explicitly) applicable
to mathematical theories such as number theory and set theory, and does not
in any way burden what we would like to outline here. Indeed, we will only use
these axioms in section 6.
(3) In Ax3 and Ax5 we imposed the condition that t must to be “substi-
tutable” in x. I.e., it should not contain free variables that can be “captured”
by quantification, as this would distort and invalidate the formula.
The following example is often given in the literature in order to illustrate
what might happen after a mindless substitution:
Take A to stand for (∃y)¬x = y. Then (∀x)A[x] ⇒ A[y] is

(∀x)(∃y)¬x = y ⇒ (∃y)¬y = y

and x = y ⇒ A ≡ A[y] is

x = y ⇒ (∃y)¬x = y ≡ (∃y)¬y = y

neither of which, obviously, is universally valid.

The meta-remedy (advocated by many, for example, Shoenfield [Sh]) is to
move the quantified variable(s) out of harm’s way, i.e., rename them so that no
quantified variable in A has the same name as any (free, of course) variable in
t.
This renaming is formally correct (i.e., it does not change the meaning of
the formula) as we will see in the “variant” (meta)theorem in section 3. Of
course, it is always possible to effect this renaming since we have countably
many variables, and only finitely many appear free in t and A.
This trivial remedy allows us to render the conditions in Ax3 and Ax5
harmless. Essentially, a t is always “substitutable” after renaming. 
2.3 Definition. (Rules of Inference) The following four are the rules of infer-
ence. These rules are relations on the set Wff and are written traditionally as
“fractions”. We call the “numerator” the premise(s) and the “denominator”
the conclusion.
 2. Axioms and Rules of Inference 9

We say that a rule of inference is applied to the formula(s) in the numerator,

and that it yields (or results in) the formula in the denominator.
Any set S ⊆ Wff is closed under some rule of inference iff whenever the rule
is applied to formulas in S, it also yields formulas in S.
Inf1. (Substitution) For any formulas A, B and any propositional variable p
that may or may not occur in A (as a substring)
A
A[p := B]
with a condition. Namely, if p is in the scope of a quantifier (∀x), then x
must not be free in B.
Inf2. (Leibniz for formulas) For any formulas A, B, C and any propositional
variable p (which may or may not occur in C)
A≡B
C[p := A] ≡ C[p := B]

Inf3. (Equanimity) For any formulas A, B

A, A ≡ B
B
Inf4. (Transitivity of ≡) For any formulas A, B, C
A ≡ B, B ≡ C
A≡C


 2.4 Remark. (1) Let P be any 1-ary (“unary”) predicate and a any constant.
Clearly, (∀x)(P x ⇒ P x) ⇒ P a ⇒ P x is not universally valid, as an interpreta-
tion over N with P x translated to say “x is even” and a to be “the” 0 shows.
Indeed a falsifying instance would be (∀x)(P N x ⇒ P N x) ⇒ P N 0 ⇒ P N 1, where
P N denotes the “concrete” interpretation of P over N that we have just sug-
gested.
Yet, (∀x)(P x ⇒ p) ⇒ P a ⇒ p is universally valid. This explains the
“condition” for the substitution rule.
(2) Leibniz for formulas is the primary rule in [GS1] that supports “equa-
tional reasoning”. In standard approaches to logic it is not a primary rule, rather
it appears as the well known “derived rule” (metatheorem) that if Γ ` A ≡ B †
and if we replace one or more occurrences of the subformula A of a formula D
(here D is C[p := A]) by B, to obtain D0 (that is C[p := B]), then Γ ` D ≡ D0 .
Shoenfield [Sh] calls this derived rule “the equivalence theorem”.
(3) [GS1] use “=” for “≡” in contexts where they want the symbol to act con-
junctionally, rather than associatively, e.g., in successive steps of an equational-
style proof.
† The

meaning of the symbol ` is defined in 2.5.
 10

We next define Γ-theorems, that is, formulas we can prove from the set of
formulas Γ (this may be empty).

2.5 Definition. (Γ-theorems) The set of Γ-theorems, ThmΓ , is the ⊆-smallest

subset of Wff that satisfies the following:

Th1. ThmΓ contains as a subset the closure under Inf1† of: All the axioms in
the group Ax1 and all the instances of axiom schemata Ax2–Ax5.

 We call the members of this closure the logical axioms. 

Th2. Γ ⊆ ThmΓ . We call every member of Γ a nonlogical axiom.

Th3. ThmΓ is closed under each rule Inf2–Inf4.

The (meta)statement A ∈ ThmΓ is traditionally written as Γ ` A, and we say

that A is proved from Γ or that it is a Γ-theorem.
If Γ = ∅, then rather than ∅ ` A we write ` A. We often say in this case
that A is absolutely provable (or provable with no nonlogical axioms). 

 2.6 Remark. The restriction in the application of Inf1 means that we use it
simply to eliminate propositional variables, in particular to turn the axioms of
group Ax1 to axiom-schemata. We also, in effect, eliminate its anachronistic
presence from our logic, by “applying it up in front” in the course of a deduction.
See also 3.24. 
2.7 Definition. (Γ-proofs) A finite sequence A1 , . . . , An of members of Wff is
a Γ-proof iff every Ai , for i = 1, . . . , n is one of

Pr1. A logical axiom (as in Th1 above).

Pr2. A member of Γ.

Pr3. The result of a rule Inf2–Inf4 applied to (an) appropriate formula(s) Aj

with j < i.

† “The closure of a set S under an operation O” is the ⊆-smallest set containing the members

of S and closed under O.

 3. Some Metatheorems (and the occasional theorem) 11

 2.8 Remark. (1) It is a well known result on inductive definitions that Γ `

A is equivalent to “A appears in some Γ-proof”—in the sense of the above
definition—and also equivalent to “A is at the end of some Γ-proof”.
(2) It follows from 2.7 that if each of A1 , . . . , An has a Γ-proof and B has
an {A1 , . . . , An }-proof, then B has a Γ-proof. Indeed, simply concatenate each
of the given Γ-proofs (in any sequence). Append to the right of that sequence
the given {A1 , . . . , An }-proof (that ends with B). Clearly, the entire sequence
is a Γ-proof, and ends with B.
We refer to this phenomenon as the transitivity of `.
(3) If Γ ⊆ ∆ and Γ ` A, then also ∆ ` A as it follows from 2.5 or 2.7. In
particular, ` A implies Γ ` A for any Γ.
(4) The inductive definition of theorems (2.5) allows one to prove properties
of ThmΓ by induction on theorems. The equivalent iterative definition, via the
concept of proof, allows us a different kind of induction, on the length of proofs. 

3. Some Metatheorems (and the occasional the-

orem)
3.1 Metatheorem. For any formula A and any set of formulas Γ, Γ ` A iff
Γ ` A ≡ true.

Proof. (→) In [GS1]

p ≡ p ≡ true (1)

is an axiom (from group Ax1—we are using liberties granted to us by the

symmetry and associativity of ≡).
Thus, using Inf1 and [p := A] on (1), we get

` A ≡ A ≡ true (2)

that is, A ≡ A ≡ true is a logical axiom. Now, 2.8(3) yields

Γ ` A ≡ A ≡ true (3)

The assumption Γ ` A, (3) above, and equanimity, yield

Γ ` A ≡ true.

(←) From [GS1], ` true, and hence, for any Γ, Γ ` true.

Thus, the assumption Γ ` A ≡ true, and equanimity, yield Γ ` A. 
 12

3.2 Theorem. ` (∀x)true ≡ true.

Proof.
(∀x)true
= h“Leibniz-rule” and ` true ∨ true ≡ truei
(∀x)(true ∨ true)
= hAx2i
true ∨ (∀x)true
= hby ` true ∨ A ≡ truei
true

3.3 Metatheorem. For any Γ, any formula A and any choice of object vari-
able x, Γ ` A iff Γ ` (∀x)A.

Proof.
(→) We assume that Γ ` A. Thus,
(∀x)A
= h“Leibniz-rule” and Metatheorem 3.1i
(∀x)true
= hTheorem 3.2i
true
(←) We assume that Γ ` (∀x)A. By Ax3, ` (∀x)Ax ⇒ A[x := x], that is,

 
` (∀x)A ⇒ A, hence Γ ` (∀x)A ⇒ A.
x is substitutable in x always.
By the hypothesis and modus ponens (a valid derived rule), we obtain Γ `
A. 
3.4 Corollary. (“Strong” Generalization) For any formula A, A ` (∀x)A.

Proof. Take Γ = {A} above. 

 “Strong” implies that there is a weak generalization rule as well. In approaches
to first order logic that contain only propositional rules of inference (e.g., [Bou],
[En], where the only rule is modus ponens† ), metatheorem 3.3 requires the
constraint—in the only-if direction—that x is not free in any formula of Γ that
is used in the deduction of A. In particular, A ` (∀x)A does not hold (see
also 3.23(2)).
One then has the weak form “` A iff ` (∀x)A”.
Clearly then, the Leibniz rule does not hold in this approach to first order
logic. 
† We have here two non-propositional rules, Inf1 and Inf2.
 3. Some Metatheorems (and the occasional theorem) 13

3.5 Corollary. (Substitution) A[x1 , . . . , xn ] ` A[t1 , . . . , tn ], for any terms

t1 , . . . , tn .

Proof. Of course, the ti must be “substitutable” in the respective variables.

One can comfortably be silent about this in view of the variant theorem (3.10,
below).
We illustrate the proof for n = 2. What makes it interesting is the require-
ment to have “simultaneous substitution”. To that end we first substitute into
x1 and x2 new variables z, w—i.e., not occurring in either A or in the ti . The
proof is the following sequence.

A[x1 , x2 ]
hgeneralizationi
(∀x1 )A[x1 , x2 ]
hspecialization; x1 := zi
A[z, x2 ]
hgeneralizationi
(∀x2 )A[z, x2 ]
hspecialization; x2 := wi
A[z, w]
hNow z := t1 , w := t2 , in any order,
is the same as “simultaneous substitution”i
hgeneralizationi
(∀z)A[z, w]
hspecialization; z := t1 i
A[t1 , w]
hgeneralizationi
(∀w)A[t1 , w]
hspecialization; w := t2 i
A[t1 , t2 ]

3.6 Theorem. For any formulas A, B such that the object variable x is not
free in A, ` A ⇒ (∀x)B ≡ (∀x)(A ⇒ B).

Proof. This is so by Ax2, ` A ⇒ B ≡ ¬A ∨ B, and Leibniz for formulas

(Inf2). 

3.7 Corollary. For any formulas A in which the object variable x is not free,
` A ≡ (∀x)A.
 14

Proof. We have ` (∀x)A ⇒ A anyway.

In the equational style we write

A ⇒ (∀x)A
= hby 3.6i
(∀x)(A ⇒ A)
= h` A ⇒ A ≡ true and Leibnizi
(∀x)true
= hby 3.2i
true

 The above Corollary fulfils the promise included in remark 1.5(3). The case for
the metasymbol ∃ follows trivially by a sequence of equivalences:

(∃x)A
hformalizing the “text” (∃x)Ai
¬(∀x)¬A
= hby 3.7 and Leibniz applied to ¬pi
¬(¬A)
=
A

In particular, ` (∀x)false ≡ false and ` (∃x)false ≡ false 

3.8 Metatheorem. For any formulas A, B such that the object variable x is
not free in A, Γ ` A ⇒ B iff Γ ` A ⇒ (∀x)B.

Proof. (→) Assume Γ ` A ⇒ B.

Then Γ ` (∀x)(A ⇒ B) by 3.3, hence Γ ` A ⇒ (∀x)B by 3.6 (and equanim-
ity).
(←) Assume Γ ` A ⇒ (∀x)B.
Then Γ ` (∀x)(A ⇒ B) by 3.6 (and equanimity), hence Γ ` A ⇒ B by 3.3.


3.9 Corollary. For any formulas A, B such that the object variable x is not
free in A, Γ ` B ⇒ A iff Γ ` (∃x)B ⇒ A.
 3. Some Metatheorems (and the occasional theorem) 15

3.10 Metatheorem. (The variant [or, dummy renaming] metatheorem) For

any formula (∀x)A, if z does not occur in it (i.e., is neither free nor bound),
then ` (∀x)A ≡ (∀z)A[x := z].

NB. We often write this (under the stated conditions) as ` (∀x)A[x] ≡ (∀z)A[z].
Proof. We know that ` (∀x)A ⇒ A[x := z] (Ax3), since z is substitutable in x
under the stated conditions. Thus, by 3.3,


(∀z) (∀x)A ⇒ A[x := z]
= hby 3.6, since z is not free in (∀x)A)i
(∀x)A ⇒ (∀z)A[x := z]

Noting that x is not free in (∀z)A[x := z] and is substitutable in z (in A[x := z]),
we can repeat the above argument to get ⇐. 

At this point we will be well advised to increase our metatheoretical conve-

nience† by introducing two important results, namely, Post’s tautology Theo-
rem, and (Herbrand’s) Deduction Theorem, in that order.
We first offer a careful definition of “tautologies” in Predicate Calculus.

3.11 Definition. (Prime formulas in Wff) A formula A ∈ Wff is a prime

formula iff it is any of

Pri1. Atomic

Pri2. A formula of the form (∀x)A.

Let P denote the set of all prime formulas in our language. Clearly, P contains
each propositional variable v1 , v2 , . . . . 

 That is, a prime formula has no “explicit” propositional connectives (in the case
Pri2 any connectives are hidden inside the scope of (∀x)).
Clearly, A ∈ Wff iff A is a Propositional Calculus formula over P (i.e,
propositional variables will be all the strings in P − {true, false}). 
3.12 Definition. (Tautologies in Wff) A formula A ∈ Wff is a tautology iff it
is so when viewed as a Propositional Calculus formula over P.
We call the set of all tautologies, as defined here, Taut. The symbol |=Taut A
says A ∈ Taut. 

The following generalizes 3.12 and will also be needed.

† The emphasis here is meant to draw a distinction between convenience and “power”.

Whatever power we have got stems directly from the axioms and the rules of inference, and
the definition of Γ-theorem or Γ-proof. All else that we add is just “convenience”.
 16

3.13 Definition. (Tautologically Implies, for formulas in Wff) Given formulas

B ∈ Wff and Ai ∈ Wff, for i = 1, . . . , m. We say that A1 , . . . , Am tautolog-
ically implies B, in symbols A1 , . . . , Am |=Taut B, iff (viewing the formulas as
Propositional Calculus formulas over P) every truth assignment to the prime
formulas that makes each of the Ai true, also makes B true. 

 While a definition for an infinite set of premises is possible, we will not need it
here. 
3.14 Metatheorem. (Post’s Tautology Theorem) If A ∈ Wff is a tautology in
the sense of 3.12, then ` A with a proof that uses only (substitution instances—
under Inf1—of ) axioms in the list Ax1.

Proof. First, we note the following equivalences. (In the course of this proof,
p, q, r stand for any member of P − {true, false}, not just for propositional
variables of our language.)
|=Taut true ≡ ¬p ∨ p, and also ` true ≡ ¬p ∨ p
|=Taut false ≡ ¬p ∧ p, and also ` false ≡ ¬p ∧ p
|=Taut p ⇒ q ≡ ¬p ∨ q, and also ` p ⇒ q ≡ ¬p ∨ q
|=Taut p ∧ q ≡ ¬(¬p ∨ ¬q), and also ` p ∧ q ≡ ¬(¬p ∨ ¬q)
|=Taut (p ≡ q) ≡ ((p ⇒ q) ∧ (q ⇒ p)), and also ` (p ≡ q) ≡ ((p ⇒ q) ∧ (q ⇒ p))
where `, everywhere above, is achieved by staying within the axiom group Ax1.
Thus, if we transform A into A0 by applying any sequence of the above
equivalences to eliminate all occurrences of true and false and all the connectives
except ¬ and ∨, then we have, on the one hand, that |=Taut A0 and on the other
hand (by the Leibniz rule) that ` A ≡ A0 .
Thus, by equanimity, it suffices to prove ` A0 .
 A better way to say all this is that, without loss of generality, we assume that
the only connectives in A are among ∨ and ¬ and that the constants true and
false do not occur.
Moreover, since ` A ∨ A ≡ A, we may assume without loss of generality that
A is a string A1 ∨ · · · ∨ An with n ≥ 2, so that none of the Ai is a formula C ∨ D.
We are assuming metanotational abbreviations when it comes to bracketing. 
Let us call an Ai reducible iff it has the form ¬(C ∨ D) or ¬(¬C). Otherwise
it is irreducible. Thus, the only possible irreducible Ai have the form p or ¬p
(where p ∈ P − {true, false}). We say that A is irreducible iff all the Ai are.
We define the reducibility degree of Ai to be the number of ¬ or ∨ connectives
in it, not counting a possible leftmost ¬. The reducibility degree of A is the sum
of the reducibility degrees of all its Ai .
So let |=Taut A, where A is the string A1 ∨ · · · ∨ An , n ≥ 2, where none of
the Ai is a formula C ∨ D, and prove (following Shoenfield) by induction on the
reducibility degree of A that ` A.
 3. Some Metatheorems (and the occasional theorem) 17

For the basis, let A be an irreducible tautology. It must be that A is a string

of the form “· · · ∨ p ∨ · · · ¬p ∨ · · · ” for some p, otherwise (if no p appears both
“positively” and “negatively”) we can find a truth-assignment that makes A
false—a contradiction (assign false to p’s that occur positively only, and true to
those that occur negatively only).
Since we have both semantic and syntactic commutativity, let us simplify
notation and assume that A is p ∨ ¬p ∨ B. We know enough from [GS1] to
conclude that ` p ∨ ¬p ∨ B.
Let then Ai be reducible. Again, since we have both semantic and syntactic
commutativity, let us assume without restricting generality that i = 1.
We have two cases:
(1) A has the form ¬(¬C) ∨ D (i.e., A1 is the string ¬(¬C)). Clearly C ∨ D
is also a tautology, of a lower reducibility degree, hence provable (by Induction
Hypothesis—in short, I.H.). Thus,
true
= hby I.H.i
C ∨D
= hLeibnizi
¬(¬C) ∨ D
(2) A has the form ¬(C ∨ D) ∨ E, that is (C ∨ D) ⇒ E (i.e., A1 is the string
¬(C ∨ D)). Clearly C ⇒ E and D ⇒ E are both tautologies of lower (each)
reducibility degree than the original.
By I.H., we have ` C ⇒ E and ` D ⇒ E. By material in [GS1] (“definition
by cases”), we have ` (C ∨ D) ⇒ E. 

3.15 Corollary. If A1 , . . . , An |=Taut B, then A1 , . . . , An ` B.

Proof. It is an easy semantic exercise to see that

|=Taut A1 ⇒ . . . ⇒ An ⇒ B.
By 3.14,
` A1 ⇒ . . . ⇒ An ⇒ B
hence
A1 , . . . , An ` A1 ⇒ . . . ⇒ An ⇒ B (1)
Applying modus ponens n times to (1) we get
A1 , . . . , An ` B

 The above corollary is very convenient. We normally apply it as follows (com-
pare with remark 2.8(2)): If each of A1 , . . . , An has a Γ-proof (equivalently, is
a Γ-theorem) then so does (equivalently, is) B, if A1 , . . . , An |=Taut B. 
 18

3.16 Corollary. The set of Γ-theorems, ThmΓ , is the ⊆-smallest subset of

Wff that satisfies the following:
(i) ThmΓ contains as elements all logical axioms
(ii) Γ ⊆ ThmΓ
(iii) ThmΓ is closed under any rule
A1 , . . . , An
B
such that A1 , . . . , An |=Taut B
(iv) ThmΓ is closed under rule Inf2 (Leibniz).

Proof. NB. This statement is the same as that in definition 2.5, with a difference
only in the third clause (compare (iii) here with Th3 in 2.5).
\Γ the set inductively defined here, and show
For a proof, let us call Thm
\ Γ = ThmΓ .
that Thm
(⊆) We do induction on Thm \ Γ . We note that ThmΓ satisfies
\ Γ (compare Th1–Th2 with
(1) it contains the same initial objects as Thm
(i)–(ii)),
(2) it is closed under Inf2,
(3) it is closed under rules (iii), by 3.15 and transitivity of `.
\ Γ being the ⊆-smallest with properties (1)–(3), we are done.
The set Thm
(⊇) We do induction on ThmΓ . We note that Thm \Γ satisfies
(4) it contains the same initial objects as ThmΓ (compare (i)–(ii) with
Th1–Th2),
(5) it is closed under Inf2,
(6) it is closed under rules Inf3–Inf4 since each of them has its conclusion
tautologically implied by the premises(s), so, it is a rule of type (iii).
The set ThmΓ being the ⊆-smallest with properties (4)–(6), we are done
once more. 

 Neither of Inf1, Inf2 has the form of a tautological implication. 

3.17 Corollary. Γ ` A iff there is a sequence of formulas A1 , . . . , An such that
An is B (identical strings), and each Ai satisfies one of the following conditions:

(a) Ai is a logical axiom,

(b) Ai ∈ Γ,
(c) For some Ajm with jm < i (m = 1, . . . , r), Aj1 , . . . , Ajr |=Taut Ai ,
(d) Ai is the result of Inf2 on some Aj (< i).
 3. Some Metatheorems (and the occasional theorem) 19

3.18 Lemma. For any formulas A and B, ` (∀x)(A ⇒ B) ⇒ (∀x)A ⇒

(∀x)B.

Proof. We write an annotated proof (omitting redundant brackets):

(1) (∀x)(A ⇒ B) ⇒ A ⇒ B hAx3i

(2) (∀x)A ⇒ A hAx3i
(3) (∀x)(A ⇒ B) ⇒ (∀x)A ⇒ A h(2) and 3.15i
(4) (∀x)(A ⇒ B) ⇒ (∀x)A ⇒ B h(1), (3), and 3.15i


(5) (∀x) (∀x)(A ⇒ B) ⇒ (∀x)A ⇒ B h(4), and 3.4i
(6) (∀x)(A ⇒ B) ⇒ (∀x)A ⇒ (∀x)B h(5), 3.6, and equanimityi

3.19 Lemma. For any A, B, C such that x is not free in A,

A ⇒ (B ≡ C) ` A ⇒ ((∀x)B ≡ (∀x)C).

Proof. We write an annotated proof:

(1) A ⇒ (B ≡ C) hhypothesisi
(2) A ⇒ (B ⇒ C) h(1) and 3.15i
(3) A ⇒ (∀x)(B ⇒ C) hx not free in A. (2) and 3.8 usedi
(4) (∀x)(B ⇒ C) ⇒ (∀x)B ⇒ (∀x)C h3.18i
(5) A ⇒ (∀x)B ⇒ (∀x)C h(3), (4), and 3.15i

A similar proof establishes that A ⇒ (B ≡ C) ` A ⇒ (∀x)C ⇒ (∀x)B.

Since

A ⇒ (∀x)B ⇒ (∀x)C, A ⇒ (∀x)C ⇒ (∀x)B |=Taut A ⇒ ((∀x)B ≡ (∀x)C)

we are done by 3.15. 

3.20 Metatheorem. (The Deduction Theorem) If A is closed and Γ, A ` B,

then Γ ` A ⇒ B.

 NB. Γ, A means Γ ∪ {A}. A converse of the metatheorem is also true, without

any restriction on A: That is, Γ ` A ⇒ B implies Γ, A ` B. This follows by
modus ponens. We only use the Deduction theorem in section 6. 
20

Proof. The proof is by induction on Γ, A-theorems, as these are characterized

in corollary 3.16.
Basis. Let B be logical. Then, ` B, and hence Γ ` B.
Trivially, B |=Taut A ⇒ B, hence, by 3.15 and the transitivity of `, Γ `
A ⇒ B.
The same reasoning applies if B ∈ Γ, since then Γ ` B as well.
Finally, if B is the same string as A, then ` A ⇒ B, hence Γ ` A ⇒ B.
There are only two induction steps, by 3.16.
1. (Leibniz) Let Γ, A ` C ≡ D, and B be the string E[p := C] ≡ E[p := D] for
some formula E and propositional variable p.
By I.H., Γ ` A ⇒ (C ≡ D).
By induction on the formula E, we show that


Γ ` A ⇒ E[p := C] ≡ E[p := D] (1)

Basis. If E is any of true, false, q, P t1 . . . tn , or t1 = t2 , then the right hand

side of ⇒ in (1) reads E ≡ E and the result is trivial (from ` E ≡ E, and
3.15).
If E is p, then the right hand side of ⇒ in (1) reads C ≡ D, and the sought
result is identical to the I.H.
Let then E be ¬G (in least parenthesized metanotation). By I.H.,


Γ ` A ⇒ G[p := C] ≡ G[p := D]

thus (1) follows from 3.15 and

A ⇒ G[p := C] ≡ G[p := D] |=Taut A ⇒ ¬G[p := C] ≡ ¬G[p := D] .

Let next E be G ◦ H (in least parenthesized metanotation, where ◦ is any of

≡, ∨, ∧, ⇒). By I.H.,


Γ ` A ⇒ G[p := C] ≡ G[p := D]

and

Γ ` A ⇒ H[p := C] ≡ H[p := D]
thus (1) follows from 3.15 and



A ⇒ G[p := C] ≡ G[p := D] , A ⇒ H[p := C] ≡ H[p := D]


|=Taut A ⇒ (G ◦ H)[p := C] ≡ (G ◦ H)[p := D]


Finally, let E be (∀x)G. By I.H., Γ ` A ⇒ G[p := C] ≡ G[p := D] .
Since A is closed, x is not free in A. Thus, by 3.19,


Γ ` A ⇒ ((∀x)G)[p := C] ≡ ((∀x)G)[p := D]

that is, (1) holds.

 3. Some Metatheorems (and the occasional theorem) 21

2. (Tautological implication rules) Let Γ, A ` Ai (for i = 1, . . . , r) and

A1 , . . . , Ar |=Taut B. (2)

By I.H., Γ ` A ⇒ Ai (for i = 1, . . . , r). On the other hand, (2) yields†

A ⇒ A1 , . . . , A ⇒ Ar |=Taut A ⇒ B

Thus (3.15 and transitivity of `), Γ ` A ⇒ B.



For easy applicability of 3.20 we need some additional results.

3.21 Metatheorem. (Metatheorem on constants) Let e be a new constant

symbol, added to the alphabet V of the language L resulting to the language L0 .
Let Γ0 denote the theory over L0 that has precisely the same nonlogical axioms
as Γ.‡
Then, Γ0 ` A[e] implies Γ ` A[x], for any variable x that appears nowhere
in the Γ0 -proof, as either a free or a bound variable.

Proof. We do induction on Γ0 -theorems, using 3.16.

Basis. If A[e] is logical, then so is A[x]. A[e] cannot be nonlogical in Γ0 .
Tautological implication. If Γ0 ` Bi [e], for i = 1, . . . , n, and B1 [e], . . . ,
Bn [e] |=Taut A[e], then also B1 [x], . . . , Bn [x] |=Taut A[x]. By the I.H. (i.e.,
Γ ` Bi [x], for i = 1, . . . , n), we are done in this case.
Leibniz. Let Γ0 ` B[e] ≡ C[e] and A[e] be D[e][p := B[e]] ≡ D[e][p := C[e]].
Clearly, A[x] is D[x][p := B[x]] ≡ D[x][p := C[x]], and we are done by I.H., for
one last time. 

3.22 Corollary. Let e be a new constant symbol, added to the alphabet V of

the language L resulting to the language L0 . Let Γ0 denote the theory over L0
that has precisely the same nonlogical axioms as Γ.
Then, for any variable y, Γ0 ` A[e] iff Γ ` A[y].

Proof. (if) Trivially, Γ0 ` A[y], hence Γ0 ` A[e] by 3.5.

(only-if) Choose a variable x at first with the same restrictions as in 3.21,
to obtain Γ ` A[x].
Now apply 3.5 (and 3.10, to avoid substitutability concerns) to get Γ `
A[y]. 

 3.23 Remark. (1) 3.22 adds flexibility to 3.20.

Γ ` (A ⇒ B)[x1 , . . . , xn ] (1)
† Let a truth assignment make the left of |=
Taut true. The “hard case” is when it makes
A true at the same time. This forces all the Ai to be true, and by (2), B to be true.
‡ Thus, in particular, Γ0 is “aware” of some additional facts. For example, Γ0 ` e = e,

whereas “e = e” is meaningless in (the language of) Γ.

22

where [x1 , . . . , xn ] is the list of all free variables in A, is equivalent (by 3.22) to

Γ0 ` (A ⇒ B)[e1 , . . . , en ] (2)

where e1 , . . . , en are “new” constants.

Since A[e1 , . . . , en ] is closed, by 3.20, proving

Γ0 , A[e1 , . . . , en ] ` B[e1 , . . . , en ]

establishes (2), hence (1).

In practice, one does not perform this step explicitly, but ensures that
throughout the Γ, A-proof, whatever free variables were present in A “behave
like constants”.
(2) In some expositions the Deduction Theorem is not constrained by re-
quiring that A be closed (e.g., [Bou], and more recently [En]).
Which version is right? They both are. If all the rules of inference are
“propositional” (e.g., as in [Bou, En], who only employ modus ponens), then
the Deduction theorem is unconstrained. If, on the other hand, the rules of
inference manipulate object variables via quantification, then one cannot avoid
constraining the application of the deduction Theorem, lest one wants to derive
(the invalid) ` A ⇒ (∀x)A from the valid A ` (∀x)A.
How do [Bou, En] cope with this issue? Well, in their approach they do not
have A ` (∀x)A. They have instead the weaker Γ ` A iff Γ ` (∀x)A, with the
condition (in the only-if direction) that x not be free in any formula of Γ used
in the deduction of A.
(3) This divergence of approach in choosing rules of inference has some ad-
ditional repercussions.
One has to be careful in defining the semantic counterpart of `, namely, |=
(see next section). One wants the two symbols to “track each other” faithfully
(Gödel’s completeness theorem).† 
We state a metatheorem that allows some additional flexibility in substitu-
tions. It shows that we can apply substitution (to a known absolute theorem)
post facto.

3.24 Metatheorem. (Substitution in absolute theorems) If ` A, then ` A[p :=

W ] for any formula W and variable p.

Proof. Induction on theorems.

Basis. A is a (logical) axiom. Then A[p := W ] is as well (by 2.5), thus ` A[p :=
W ].
There are only two induction steps, by 3.16.
† In [Men] |= is defined inconsistently with `.
 4. Soundness 23

1. (Leibniz) A is C[s := D] ≡ C[s := E] and ` D ≡ E (we may view s as a new

variable, in particular, different from p).
By I.H., ` D[p := W ] ≡ E[p := W ], hence ` R[s := D[p := W ]] ≡ R[s :=
E[p := W ]] by Leibniz, where R is C[p := W ].
2. A1 , . . . , Am |=Taut A and ` Ai (i = 1, . . . , m). By I.H., ` Ai [p := W ]
(i = 1, . . . , m), but also A1 [p := W ], . . . , Am [p := W ] |=Taut A[p := W ].


4. Soundness
The easiest way to introduce Tarski semantics is to follow Shoenfield.

4.1 Definition. Given a language L = (V, Term, Wff), a structure M =

(M, I) appropriate for L is such that M 6= ∅ is a set (the “domain”) and I
is a mapping that assigns
(1) to each constant a of V a unique member aI ∈ M
(2) to each function f of V —of arity n—a unique (total) function f I : M n → M
(3) to each predicate P of V —of arity n—a unique set P I ⊆ M n
(4) to each propositional variable p of V a unique member pI of the two element
set {t, f} (we understand t as “true” and f as “false”)
(5) moreover we set trueI = t and falseI = f, where the use of “=” here is
metamathematical (equality on {t, f}).


We would now like to take a formula A, transform each one of its syntactic
ingredients—except free variables—S into its “concrete” counterpart S I to fi-
nally obtain AI . We could then say that A is valid in M, and write |=M A to
mean that AI is true for all values (from M ) “plugged into” its free variables.
This can be done as follows (among other ways).

4.2 Definition. Given L and a structure M = (M, I) appropriate for L. L(M)

denotes the language obtained from L by adding in V a unique name î for each
object i ∈ M . This amends both sets Term, Wff into Term(M), Wff(M).
Members of the latter sets are called M-terms and M-formulas respectively.
We extend I to the new constants: îI = i for all i ∈ M (where the meta-
mathematical “=” is that on M ). 

 All we have done here is to allow ourselves to do substitutions like [x := i]

formally. We do instead, [x := î]. 
One next gives “meaning” to all closed terms in L(M).
 24

4.3 Definition. For closed terms t in Term(M) we define the symbol tI ∈ M

inductively:
(1) If t is any of a (original constant) or î (imported constant), then tI has
already been defined.
(2) If t is the string f t1 . . . tn , where f is n-ary, and t1 , . . . , tn are closed M-
terms, we define tI to be the object (of M ) f I (tI1 , . . . , tIn ).

Finally, we give meaning to all closed M-formulas (that is, M-sentences).

4.4 Definition. For closed formulas A in Wff(M) we define the symbol AI

inductively. In all cases, AI ∈ {t, f}.
(1) If A is any of p or true or false, then AI has already been defined.
(2) If A is the string t = s, where t and s are closed M-terms, then AI = t iff
tI = sI (again, the last two occurrences of = refer to equality on {t, f} and
M respectively).
(3) If A is the string P t1 . . . tn , where P is an n-ary predicate and the ti are
closed M-terms, then AI = t iff (tI1 , . . . , tIn ) ∈ P I .
(4) If A is any of ¬B, B ∧ C, B ∨ C, B ⇒ C, B ≡ C, then AI is determined by
the usual truth tables using the values B I and C I .
(5) If A is (∀x)B, then AI = t iff (B[x := î])I = t for all i ∈ M .


4.5 Definition. Let A ∈ Wff and M be a structure as above. An M-instance

of A is a sentence A ∈ Wff(M) obtained from A by substituting various con-
stants î, ĵ, . . . into all the free variables of A.
We say that A is valid in M, or that M is a model of A—in symbols |=M A—
I
iff for all possible M-instances A of A we have A = t.
For any set of formulas Γ from Wff, |=M Γ denotes the sentence “M is a
model of Γ”, and means that for all A ∈ Γ, |=M A.
A formula A is universally valid (we often say just valid) iff every structure
appropriate for the language is a model of A. We then simply write |= A. 

4.6 Definition. We say that Γ logically implies A, in symbols Γ |= A, to mean

that every model of Γ is also a model of A. 

 This is the correct definition for “logically implies” in those approaches that
allow “strong generalization” (3.4). In particular, this definition allows that
A |= (∀x)A—as we indeed require in order to “match” the syntactic A ` (∀x)A.
The flip side of this is that |= A ⇒ B and A |= B are not equivalent. 
 4. Soundness 25

4.7 Definition. (First order theories) Given a first order language L = (V, Term,
Wff), a (first order) theory Γ over L consists of all the formulas in Γ taken as
nonlogical axioms, along with the logical axioms (see 2.5), and the rules of in-
ference Inf2–Inf4. ThmΓ are the theorems of the theory.
A pure theory is one with Γ = ∅. 

 4.8 Remark. In the next section we will consider two different ways to “do
logic”, and therefore will have two kinds of first order theories. One will be as in
the definition above. We will call it an “E-theory”, to indicate that the logical
axioms and especially the rules of inference support equational reasoning. The
other will be as developed in [Sh]. We will call such a theory an “S-theory”. 
4.9 Definition. (Soundness) A pure theory is sound, iff ` A implies |= A, that
is, iff all the theorems of the theory are universally valid. 

4.10 Metatheorem. The pure E-theory of definition 4.7 is sound.

Proof. Let ` A. Pick an arbitrary structure M = (M, I) and do induction on

∅-theorems to show that |=M A.
Basis. A is a logical axiom (see 2.5). Now the closure of axioms in group
Ax1 under Inf1 is a set of tautologies, hence, by 4.4, if A belongs there, AI = t.
Note that the form of schemata Ax2–Ax5 is invariant under an application
of Inf1.
I
If A is an instance of Ax3, then a proof that A = t for any M-instance A
of A is easily accessible in the literature (e.g., [En], [Men]; [Sh] handles the dual
axiom B[x := t] ⇒ (∃x)B, where t is substitutable in x).
The literature also takes care of the equality axioms (Ax4 and Ax5). Let
us here look into Ax2.
Say A is
B ∨ (∀x)C ≡ (∀x)(B ∨ C) (1)
where x is not free in B. Let

B ∨ (∀x)C ≡ (∀x)(B ∨ C)

be an M-instance of (1). We need to show that

I
(B ∨ (∀x)C)I = f iff (∀x)(B ∨ C) = f (2)

I
Assume the left side of iff. Then (B)I = f and (∀x)C = f. The latter entails
(C[x := î])I = f, for some i ∈ M . Since x is not free in B, (B)I ∨ (C[x := î])I †
† The ∨ here is the metamathematical truth function on {t, f}.
 26

is the meaning of an M-instance of B ∨ C, and is, of course, f. Thus, the right

side of iff is f (by 4.4).
The other direction is similar.
We next show that if A is the conclusion of a rule, then it is universally valid
if the premises are so. By 3.16, we only look at Leibniz.
Leibniz. Let A be B[p := C] ≡ B[p := D] and

|=M C ≡ D (4)

By induction on the formula B, one proves

|=M B[p := C] ≡ B[p := D] (5)

The interesting induction step is when B is (∀x)E, and p occurs in E—but

without loss of generality in neither C nor D.
Pick an arbitrary M-instance of E[p := C] ≡ E[p := D].
I I
Compare (E[p := C])I with (E[p := D])I . Since, by (4), C = D , I.H. (on
formulas) gives
(E[p := C])I = (E[p := D])I
where the “=” above is on {t, f}. By 4.4, we get

((∀x)(E[p := C]))I = ((∀x)(E[p := D]))I

and we are done with both inductions. 

 A by-product of soundness is consistency. A theory Γ is consistent iff ThmΓ ⊂

Wff (proper subset).
Thus, the pure E-theory is consistent, since, by soundness, false is not prov-
able. 
5. Completeness
5.1 Definition. A theory Γ is complete iff Γ |= A implies Γ ` A for any formula
A. 

One way to show completeness of the pure E-theory is to offer a proof in the
style of Henkin. A much easier way is to show that the pure E-theory is at least
as powerful as the pure S-theory.
Shoenfield allows no propositional variables, and admits therefore axiom
schemata throughout.
The axioms in Shoenfield are
S-Ax1 The schema A ∨ ¬A
S-Ax2 The dual of Ax3, namely, A[x := t] ⇒ (∃x)A, where t is substitutable
in x
 5. Completeness 27

S-Ax3 The E-schemata Ax4 and Ax5.

The rules of inference (after the tautology theorem) boil down to

S-Inf1 Any rule

A1 , . . . , An
B
is permissible as long as A1 , . . . , An |=Taut B

S-Inf2
A⇒B
(∃x)A ⇒ B
provided x is not free in B.

Let us write `theory A (where “theory” is “E” or “S”) to indicate what axioms
and what rules were responsible for the proof of A. We have at once,

5.2 Metatheorem. For any A that contains no propositional variables, `S A

implies `E A.

Proof. The trivial proof on theorems (of S) is omitted. We only note that
`E A ∨ ¬A by 3.14. 

In order to prove next that |= A implies `E A, via S, we need a simple

technical Lemma.

5.3 Lemma. Let A be a formula over the language L of section 1, and let p
be a propositional variable that occurs in A.
Extend the language L by adding P , a new 1-ary predicate symbol.
Then, |= A iff |= A[p := (∀x)P x] and `E A iff `E A[p := (∀x)P x].

Proof. (|=) The only-if is by soundness (substitution 3.24 was used).

For the if-part pick any structure M = (M, I) and let A be an M-instance
of A. Expand M to M0 = (V, I 0 ) where I 0 is the same as I, except that it also
0 0
gives meaning to P as follows: If pI = t, set P I = M , else set P I = ∅. Clearly,
0 0
pI = ((∀x)P x)I .
0 I I0
By assumption, A[p := (∀x)P x]I = t, hence, A = A = t as well.
(`) The only-if is the result of 3.24.
For the if part, let `E A[p := (∀x)P x]. By induction on ∅-theorems we show
that `E A as well.
Basis. A[p := (∀x)P x] is a logical axiom (see 2.5). If it is a substitution
(Inf1) instance of a formula in group Ax1, then it is a tautology. But then so is
A, hence (by 3.14) `E A. Ax4 is not applicable (it cannot contain (∀x)P x). It
is clear that if A[p := (∀x)P x] is an instance of one of the schemata Ax2–Ax3
or Ax5, then replacing all occurrences of (∀x)P x in A[p := (∀x)P x] by the
 28

propositional variable p results to a formula of the same form, so A is still an

axiom, hence `E A.
Leibniz. Let `E B ≡ C and A[p := (∀x)P x] be D[q := B] ≡ D[q := C]. Let
B 0 , C 0 , D0 be obtained from B, C, D by replacing every occurrence of (∀x)P x by
p.
By I.H., `E B 0 ≡ C 0 , hence (Leibniz) `E D0 [q := B 0 ] ≡ D0 [q := C 0 ], i.e.,
`E A.
|=Taut . Let
B1 , . . . , Br |=Taut A[p := (∀x)P x] (1)
and `E Bi (i = 1, . . . , r). Clearly (1) is only dependent on the configuration of
the propositional connectives, hence B10 , . . . , Br0 |=Taut A, where Bi0 is obtained
from Bi by replacing all occurrences of (∀x)P x by p.
Hence `E A. 

5.4 Corollary. The pure E-theory of definition 4.7 is complete.

Proof. Let |= A. Let A0 be obtained from A by replacing each occurrence of true

(respectively false) by p ∨ ¬p (respectively p ∧ ¬p) where p is a propositional
variable not occurring in A. Let A00 be obtained from A0 by replacing each
propositional variable p, q, . . . in it by (∀x)P x, (∀x)Qx, . . . respectively, where
P, Q, . . . are new predicate symbols.
Clearly, by 5.3, |= A00 . This formula is in the language of S. Thus, by
completeness of S, `S A00 .
By 5.2, `E A00 , hence `E A0 , by 5.3.
Finally, by Leibniz, `E A. 

 Completeness and soundness were proved for a pure “E-theory” that has a
different (much smaller) axiom set than the one given in [GS1]. The next section
shows the equivalence of the present pure theory with the one offered in [GS1]. 
6. Comparison with the Equational Logic of [GS1]
We prove that each rule or axiom on quantification that is offered in [GS1],
chapters 8 and 9, is “derived” (hence redundant or dependent) in the E-logic
that we have presented here (definitions 2.1, 2.3 and 2.5). We write ` meaning
`E throughout.
Nomenclature and numbers given in brackets are those in [GS1].

A.1 “Leibniz (8.12)” The following two rules are meant to supplement the
“propositional” version given in [GS1], towards predicate calculus duty
([GS1], p.148).

A≡B
(∀x)(C[p := A] ⇒ D) ≡ (∀x)(C[p := B] ⇒ D)
 6. Comparison with the Equational Logic of [GS1] 29

and
D ⇒ (A ≡ B)
(1)
(∀x)(D ⇒ C[p := A]) ≡ (∀x)(D ⇒ C[p := B])

The first is a direct application of Inf2, where, without loss of generality,

p occurs only in C. (If not, apply Inf2 to C 0 ⇒ D instead, where C 0 is
C[p := q]—q a propositional variable not in C ⇒ D. Be sure to use q := A
and q := B in the application of Inf2).
(1) is not valid, unless we drop “D ⇒” on the premise side (should read
just A ≡ B), in which case it follows from Inf2 exactly like the first of the
two (8.12)-rules.
Indeed, take D to be x = 0, C to be (∀x)p, A to be x = 0 and B to be
true. Then,
|= D ⇒ (A ≡ B)

that is
|= x = 0 ⇒ (x = 0 ≡ true)

but
6|= (∀x)(D ⇒ C[p := A]) ≡ (∀x)(D ⇒ C[p := B])

that is

6|= (∀x)(x = 0 ⇒ (∀x)x = 0) ≡ (∀x)(x = 0 ⇒ (∀x)true)

A.2 “Empty range (8.13)”. ` (∀x)(false ⇒ A) ≡ true. It follows from 3.2,

` false ⇒ A ≡ true, and Inf2.

A.3 “One-point rule (8.14)”. Provided that x is not free in t, and t is substi-
tutable in x in A,† ` (∀x)(x = t ⇒ A) ≡ A[x := t].
(⇒) By Ax3, ` (∀x)(x = t ⇒ A) ⇒ t = t ⇒ A[t]. By 3.5 and Ax4,
` t = t, hence ` (∀x)(x = t ⇒ A) ⇒ A[t] by 3.15.
(⇐) A standard result (from Ax4, Ax5) is that ` x = y ⇒ y = x (e.g.,
[Sh]). By 3.5, ` x = t ⇒ t = x, thus (3.15 and Ax5) ` A[t] ⇒ x = t ⇒ A.
As x is not free in A[t], 3.8 yields ` A[t] ⇒ (∀x)(x = t ⇒ A).

A.4 “Distributivity (8.15)”.

` (∀x)(A ⇒ B) ∧ (∀x)(A ⇒ C) ≡ (∀x)(A ⇒ B ∧ C).

† The substitutability condition is necessary, but not mentioned in [GS1]—see 2.2(3).

30

(⇒) Add (∀x)(A ⇒ B) ∧ (∀x)(A ⇒ C) as a (nonlogical) axiom. Then,

1. (∀x)(A ⇒ B) ∧ (∀x)(A ⇒ C)
2. (∀x)(A ⇒ B) h1. and 3.15i
3. (∀x)(A ⇒ C) h1. and 3.15i
4. A ⇒ B h2. and specializationi
5. A ⇒ C h3. and specializationi
6. A ⇒ B ∧ C h4., 5. and 3.15i
7. (∀x)(A ⇒ B ∧ C) h6. and 3.4i

By the Deduction Theorem, we are done.

(⇐) With amended “hints”, the above proof can be reversed (7.–1.)
A.5 (8.16)–(8.18) in [GS1] boil down to (8.18) if “∗” is “∀”.
“Range split (8.18)”. (∀x)(A ∨ B ⇒ C) ≡ (∀x)(A ⇒ C) ∧ (∀x)(B ⇒ C).
(⇒) Add (∀x)(A ∨ B ⇒ C). Then,
1. (∀x)(A ∨ B ⇒ C)
2. A ∨ B ⇒ C h1. and specializationi
3. A ⇒ C h2. and 3.15i
4. B ⇒ C h2. and 3.15i
5. (∀x)(A ⇒ C) h3. and 3.4i
6. (∀x)(B ⇒ C) h4. and 3.4i
7. (∀x)(A ⇒ C) ∧ (∀x)(B ⇒ C) h5., 6. and 3.15i

By the Deduction Theorem, we are done.

(⇐) Reverse the above proof.
A.6 “Interchange of dummies (8.19)”.
(∀x)(A ⇒ (∀y)(B ⇒ C)) ≡ (∀y)(B ⇒ (∀x)(A ⇒ C)), on the condition
that y is not free in A and x is not free in B.
(⇒) Add (∀x)(A ⇒ (∀y)(B ⇒ C)). Then,
1. (∀x)(A ⇒ (∀y)(B ⇒ C))
2. A ⇒ (∀y)(B ⇒ C) h1. and specializationi
3. A ⇒ B ⇒ C h2. and 3.8; y not free in Ai
4. B ⇒ A ⇒ C h3. and 3.15i
5. B ⇒ (∀x)(A ⇒ C) h4. and 3.8; x not free in Bi
6. (∀y)(B ⇒ (∀x)(A ⇒ C)) h5. and 3.4i
 7. Concluding remarks; an alternative formalism for Equational Logic 31

By the Deduction Theorem, we are done.

(⇐) Reverse the above proof.

A.7 “Nesting (8.20)”. (∀x)(∀y)(A ∧ B ⇒ C) ≡ (∀x)(A ⇒ (∀y)(B ⇒ C)), on

the condition that y is not free in A.
(⇒) Add (∀x)(∀y)(A ∧ B ⇒ C). Then,

1. (∀x)(∀y)(A ∧ B ⇒ C)
2. A ∧ B ⇒ C h1. and specializationi
3. A ⇒ B ⇒ C h2. and 3.15i
4. A ⇒ (∀y)(B ⇒ C) h3. and 3.8; y not free in Ai
5. (∀x)(A ⇒ (∀y)(B ⇒ C)) h4. and 3.4i

By the Deduction Theorem, we are done.

(⇐) Reverse the above steps.

A.8 “Dummy renaming (8.21)”. This is 3.10.

A.9 “Trading (9.2)”. This is an abbreviation in the metalanguage. (∀x)B is

not a “new quantifier”. Thus, ((∀x)B A) abbreviates ((∀x)(B ⇒ A)).

A.10 “Distributivity of ∨ over ∀ (9.5)”. Included as Ax2.

This concludes that for every formula A, `GS1 A implies `E A, where `GS1
indicates provability in the system outlined in [GS1].
Conversely, the set of axioms in [GS1]—along with the (corrected) “aug-
mented Leibniz” (8.12)—subsume our version of pure E-theory (our Ax3 is a
theorem in [GS1]). Thus,

6.1 Metatheorem. For every formula A, `GS1 A iff `E A.

6.2 Corollary. The pure first order theory outlined in [GS1] is sound and
complete.

7. Concluding remarks; an alternative formal-

ism for Equational Logic
We have offered a careful formalization of the Equational Predicate Logic out-
lined in [GS1] and we have proved that this formalization is sound and complete.
We want to briefly investigate here an alternative formalization of Equational
Logic, based on a weaker form of the Leibniz rule. We have already observed
32

(see the remark following 3.4) that since Inf2 yields “strong generalization”,
first order Logics such as [Bou, En] do not support it.
We show how such Logics can be recast in the Equational Logic paradigm.
We base our discussion here, for the sake of concreteness, to the version of
first order Logic as it is defined in [En]. We start by describing this logic.
We allow propositional variables in formulas only for the purpose of making
the statement of “Leibniz”, below, easy. The only connectives are ¬, ⇒, ∀. The
remaining connectives— ≡, ∨, ∧, ∃ —are introduced as abbreviations, and the
same holds for the constants (0-ary propositional connectives in reality) true
and false (for example, in view of the theorem ` (A ≡ A) ≡ (B ≡ B), we
abbreviate any occurrence of A ≡ A by true).
There is only one rule of inference, modus ponens.
The axioms (schemata) are all the possible “partial” generalizations† of the
following

En1. All tautologies (in the sense of 3.12),

En2. All formulas of the form (∀x)A ⇒ A[t], provided t is substitutable in x,

En3. All formulas of the form (∀x)(A ⇒ B) ⇒ (∀x)A ⇒ (∀x)B (see 3.18),

En4. All formulas of the form A ⇒ (∀x)A, provided x is not free in A (see 3.7).

En5. Ax4 and Ax5.

In this logic the following weaker version of Inf2, let us call it no-capture Leibniz,
is a derived rule:
A≡B
C[p := A] ≡ C[p := B]
provided neither A nor B contain free variables that are captured by quantifiers
during the above substitutions.
For a proof, we note that the following Metatheorem (“restricted general-
ization”) holds in [En]:
Γ ` G iff Γ ` (∀x)G, provided no formula in Γ has x free. Here then is the
proof of no-capture Leibniz, A ≡ B ` C[p := A] ≡ C[p := B], by induction on
the formula C.
Basis. C is atomic. If C is the string p, then C[p := A] is A and C[p := B]
is B, so our conclusion is our hypothesis.
In all other cases C[p := A] ≡ C[p := B] is the tautology C ≡ C.
Induction Step(s) (I.S.).

I.S.1. C is ¬D. By I.H., A ≡ B ` D[p := A] ≡ D[p := B].

Since D[p := A] ≡ D[p := B] |=Taut ¬D[p := A] ≡ ¬D[p := B], we are
done in this case.†
† A generalization B of A is partial iff B is A, prefixed with zero or more strings (∀x)—x

may or may not occur in A. The well known “universal closure of A” is a special case.
† The tautology theorem holds in [En].
 7. Concluding remarks; an alternative formalism for Equational Logic 33

I.S.2. C is D ⇒ G. By I.H., A ≡ B ` D[p := A] ≡ D[p := B] and A ≡ B `

G[p := A] ≡ G[p := B]. Since D[p := A] ≡ D[p := B], G[p := A] ≡
G[p := B] |=Taut (D ⇒ G)[p := A] ≡ (D ⇒ G)[p := B], we are done
once more.
I.S.3. C is (∀x)D. By I.H., A ≡ B ` D[p := A] ≡ D[p := B], hence (Tautology
Theorem) A ≡ B ` D[p := A] ⇒ D[p := B].
By restricted generalization, since x is not free in A ≡ B, A ≡ B `
(∀x)(D[p := A] ⇒ D[p := B]), hence by modus ponens and En3, A ≡
B ` (∀x)D[p := A] ⇒ (∀x)D[p := B].
Similarly (from A ≡ B ` D[p := A] ⇐ D[p := B]), A ≡ B ` (∀x)D[p :=
A] ⇐ (∀x)D[p := B], hence, one more application of the Tautology
Theorem gives A ≡ B ` (∀x)D[p := A] ≡ (∀x)D[p := B]. This concludes
the proof.
Assume now that we want to do Equational Logic, based on no-capture
Leibniz.
We adopt En1–En5 above, but our rules—instead of modus ponens—are
Inf3, Inf4 and no-capture Leibniz.
Trivially, modus ponens is a derived rule, and thus [En]-logic and this ver-
sion of Equational Logic are equivalent. In particular, the latter is sound and
complete.
This study also demonstrates, via an entirely different avenue than the one
taken in [GS3], that “full Leibniz” (Inf2) is strictly more powerful than the
“no-capture” version even in a complete logic. The similar result in [GS3] is
shown for an incomplete logic, one in which Ax3 is not deducible.
There are many ways to “massage” the rule Leibniz. We wish to cite here
two more versions and gauge their relative power.
First, let us restrict the rule on universally valid formulas only, whenever
“capture” occurs in its application. Syntactically, this is rule L2 below.

Γ ` A ≡ B implies Γ ` C[p := A] ≡ C[p := B] provided Γ = ∅ if capture occurs

(L2)
The same proof we presented above for the no-capture version (in the logic of
[En]) can be re-traced with trivial modifications to yield L2 as a derived rule
(restricted generalization with Γ = ∅ is used).
Conversely, adopting En1–En5 above, and the rules—instead of modus
ponens—Inf3, Inf4 and L2, we can derive modus ponens:

1. A h giveni
2. A ⇒ B h giveni
3. true ⇒ B h1., 2., 3.1, L2 and Inf3i
4. B h3. and 3.15i

Thus, in the presence of En1–En5, and Inf3, Inf4, L2 and no-capture Leibniz
are equivalent, and the system so founded is equivalent to that in [En].
34

Indeed, the proof of modus ponens above makes it clear that all we really
need is a propositional Leibniz, P L, that is
A≡B
, where p is not in the scope of a quantifier (P L)
C[p := A] ≡ C[p := B]

In an application of P L, we do not require that ` A ≡ B.

We can summarize this discussion thus:

7.1 Metatheorem. In the presence of the axioms En1–En5 and the rules
Inf3, Inf4, all the following versions of the Leibniz rule are equivalent: P L,
“no-capture”, and L2. Adopting any of them yields a sound and complete first
order logic (equivalent to that in [En]).
In this logic, “full” Leibniz (Inf2) is not derivable.

An instructor teaching Equational Logic to first year students will probably

be tempted to “interpret” [GS1] logic in this simpler framework—using P L and
demonstrating that both L2 and no-capture Leibniz are derived rules.
This alternative version may well prove more palatable in the classroom, if
for no other reason, because of the simplicity of its rules of inference and its
support for an unconstrained Deduction Theorem.
Acknowledgements. I warmly thank my colleague Steve Watson who care-
fully read a previous version of the paper and offered valuable advice. In par-
ticular he pointed to a problematic use of Inf1 in my original definition 2.5,
which I have now fixed. I am also indebted to my colleague Jonathan Ostroff
who encouraged me to simplify the formalism. Heeding his request I came up
with the simpler formalism ([En]-based) of section 7.

8. Bibliography
[Ba] Barwise, J. “An introduction to first-order logic”, in Handbook of Math-
ematical Logic (J. Barwise, Ed.), 5–46, Amsterdam: North-Holland Pub-
lishing Company, 1978.

[Bou] Bourbaki, N. Élémens de Mathématique; Théorie des Ensembles, Ch. 1,

Paris: Hermann, 1966.

[DSc] Dijkstra, E. W., and Scholten, C. S. B. Predicate Calculus and Program

Semantics, New York: Springer-Verlag, 1990.

[En] Enderton, H. B. A mathematical introduction to logic, New York: Aca-

demic Press, 1972.

[GS1] Gries, D. and Schneider, F. B. A Logical Approach to Discrete Math,

New York: Springer-Verlag, 1994.
 8. Bibliography 35

[GS2] Gries, D. and Schneider, F. B. Equational propositional logic, Informa-

tion Processing Letters, 53, 145–152, 1995.

[GS3] Gries, D. and Schneider, F. B. Formalizations of substitution of equals

for equals, Pre-print, Sept. 1998 (personal communication).

[Man] Manin, Yu. I. A Course in Mathematical Logic, New York: Springer-

Verlag, 1977.

[Men] Mendelson, E. Introduction to mathematical logic, 3rd Edition, Mon-

terey, Calif: Wadsworth & Brooks, 1987.

[Sh] Shoenfield, J. R. Mathematical Logic, Reading, Mass.: Addison-Wesley,

1967.