Chapter 5: Predicate Calculus: Formulas,

Models, Tableaux

November 3, 2008
 Outline

1 5.1 Relations and Predicates

2 5.2 Predicate Formulas

3 5.3 Interpretations

4 5.4 Equivalence and Substitution

5 5.5 Semantic Tableaux

6 5.7 Finite and Infinite Models

7 5.8 Undecidability of the Predicate Logic

 5.1 Relations and Predicates

• R: an n-ary relation on a set D

R ⊆ Dn = D
| ×D× {z. . . × D}
n times

D: domain of the relation R.

Observation: A unary relation R is simply a subset of D

R⊆D
Examples
(a) Binary relation < on N:

x < y if x is a positive integer less than y

<= {(0, 1), (0, 2), . . . , (1, 2), (1, 3), . . . , (2, 3), . . .}

(b) Unary relation Prime(x) on N:

Prime = {2, 3, 5, 7, 11, . . .}

(c) Given the graph G:

Figure: Graph G

define the binary relation r as:

r (x, y ) ⇐⇒ vertex x is connected by a path to vertex y

r = {(a, a), (b, b), (c, c), (d, d), (e, e),
(a, b), (b, a), (a, c), (c, a), (b, c), (c, b), (d, e), (e, d)}
• We can think of an n-ary function

(x1 , x2 , . . . , xn ) 7→ f (x1 , x2 , . . . , xn )

as an (n + 1)-ary relation Rf containing the (n + 1)-tuples

(x1 , x2 , . . . , xn , f (x1 , x2 , . . . , xn ))

Rf is called the graph of the function f .

• Also, we can think of an n-ary relation R ⊆ D n as a function

f : D n → {T, F}

R(d1 , d2 , . . . , dn ) = T ⇐⇒ (d1 , d2 , . . . , dn ) ∈ R
 5.2 Predicate Formulas

Predicate (relation) symbols P = {p, q, r , . . .}

Constant symbols A = {a, b, c, . . .}
Variables V = {x, y , z, . . .}
 BNF Grammar for Predicate Formulas

argument ::= x, for any x ∈ V

argument ::= a, for any a ∈ A
argumentList ::= argument
argumentList ::= argument, argumentList
atomicFormula ::= p | p(argumentList), for any p ∈ P
formula ::= atomicFormula
formula ::= ¬formula
formula ::= formula ∧ formula
formula ::= formula ∨ formula
formula ::= formula → formula
formula ::= formula ↔ formula
formula ::= ∀x formula, for all x ∈ V
formula ::= ∃x formula, for all x ∈ V
Examples
1 p(x, a) (atomic formula)
2 p(x, a) → q(x)
3 ∃x p(x, a) → ∀y q(y )
4 ∀x (p(x, a) → q(x, y )) → (∀x p(x, a) → ∀x q(x, y ))
 Bound and Free Variables

Definition
Suppose A is a predicate formula. An occurrence of a variable
x in A is a free variable of A if it is not within the scope of any
quantifier ∀x or ∃x.
Examples
(a) ∃y p(x, y )
x-free, y -not free
(b) p(x, y )
x, y -free
(c) ∀x∃yp(x, y )
neither x nor y are free
(d) ∀xp(x) ∨ q(x)
the first occurrence of x is not free while the second
occurrence is
• A variable which is not free is said to be bound.
• If we write
A(x1 , x2 , . . . , xn ),
we mean that the free variables of the formula A are
among x1 , x2 , . . . , xn .
 5.3 Interpretations

• U: a set of formulas
• {p1 , p2 , . . . , pm }: all predicate symbols appearing in U
• {a1 , a2 , . . . , ak }: all constant symbols appearing in U
Definition
An interpretation I of U is a triple

I = (D, {R1 , R2 , . . . , Rm }, {d1 , d2 , . . . , dk })

where
• D is a non-empty set (domain of I)
• Ri are ni -ary relations on D.
• di are some fixed elements of D.

pi 7→ Ri i = 1, 2, . . . , m
aj 7→ dj j = 1, 2, . . . , k
Example
Consider the formula
∀x p(a, x)
Some of its possible interpretations are:

(1) I1 = (N, {≤}, {0})

“For every natural number x, 0 ≤ x.”

(2) I2 = (N, {|}, {1})

“For every natural number x, 1|x.”
(3) I3 = ({0, 1}∗ , { substring relation }, {})
“For every string x over alphabet {0, 1}, empty string is a
substring of x.”

(4) I4 = (G, E, {a})

“For every vertex x of G, (a, x) is an edge in G.”

Definition
Suppose I is an interpretation for a predicate formula A.An
assignment
σI : V → D
is a function which assigns a value in the domain D to any
variable appearing in the formula A.
 Truth Value of a Predicate Formula

Suppose:
• A - formula.
• I - an interpretation for A.
• σI - an assignment
We define vσI (A), the truth value of A under σI , inductively:
(a) If A = p(c1 , c2 , . . . , cn ) is an atomic formula, where each ci
is either a variable xj or a constant symbol aj , then

vσI (A) = T iff (σI (c1 ), σI (c2 ), . . . , σI (cn )) ∈ R

(b) vσI (¬A) = ¬vσI (A).

(c) vσI (A1 ∧ A2 ) = vσI (A1 ) ∧ vσI (A2 ).

(d) vσI (A1 ∨ A2 ) = vσI (A1 ) ∨ vσI (A2 ).

[Similarly for →, ↔.]

(e) vσI (∀x A) = T iff vσI (A) = T for all x ∈ D

(f) vσI (∃x A) = T iff vσI (A) = T for some x ∈ D

Theorem
If A is a closed formula, then vσI (A) does not depend on σI .
In that case, we write
vI (A)
Theorem
Let A0 = A(x1 , x2 , . . . , xn ) be a non-closed formula and let I be
an interpretation. Then:
(a) vσI (A0 ) = T for assignment σI iff

vI (∃x1 ∃x2 . . . ∃xn A0 ) = T

(b) vσI (A0 ) = T for all assignments σI iff

vI (∀x1 ∀x2 . . . ∀xn A0 ) = T

Definition
A closed formula A is true in I, or I is a model for A, if vI (A) = T.

I |= A
Definition
A closed formula A is satisfiable if, for some interpretation I,

I |= A

A is valid if, for all interpretations I,

I |= A

We can also define unsatisfiable and falsifiable formulas in the

usual way.
Examples

(a) ∀x p(a, x) → p(a, a) valid

(b) ∀x∀y (p(x, y ) → p(y , x)) not valid, satisfiable
(c) ∀x∃y p(x, y ) not valid, satisfiable
(d) ∃x∃y (p(x) ∧ ¬p(y )) not valid, satisfiable
(e) ∀x(p(x) ∧ q(x)) ↔ (∀x p(x) ∧ ∀x q(x)) valid
(f) ∃x (¬p(x) ∧ p(x)) unsatisfiable
 5.4 Equivalence and Substitution
• Suppose A1 , A2 are two closed formulas. If, for all
interpretations I
vI (A1 ) = vI (A2 )
we say that A1 and A2 are equivalent, and we write

A1 ≡ A2

• Suppose U is a set of closed formulas, and A a closed

formula
U |= A
means that, in all interpretations I in which all formulas
from U are true, we also have

vI (A) = T.
Examples
(a) ∀x A(x) ≡ ¬∃x ¬A(x)
(b) ∃x A(x) ≡ ¬∀x¬A(x)
(c) ∀x∀y A(x, y ) ≡ ∀y ∀x A(x, y )
(d) ∃x∃y A(x, y ) ≡ ∃y ∃x A(x, y )
(e) ∃x∀yA(x, y ) 6≡ ∀y ∃xA(x, y )
To see that these two formulas are not equivalent, consider

I = (Z, {≤}).

Clearly,

I 6|= ∃x∀y x ≤ y , I |= ∀y ∃x x ≤ y
Theorem
(a) A ≡ B if and only if |= A ↔ B.
(b) Suppose
U = {A1 , A2 , . . . , An }
U |= A if and only if |= A1 ∧ A2 ∧ . . . An → A.
Examples
The following are valid formulas
(a) ∃x(A(x) ∨ B(x)) ↔ ∃x A(x) ∨ ∃x B(x)
(b) ∀x(A(x) ∧ B(x)) ↔ ∀x A(x) ∧ ∀x B(x)
(c) ∃x(A(x) ∧ B) ↔ ∃x A(x) ∧ B, if x is not free in B.
(d) ∀x(A(x) ∨ B) ↔ ∀x A(x) ∨ B, if x is not free in B.
(e) ∃x(A(x) → B(x)) ↔ (∀x A(x) → ∃x B(x))
(f) ∀x(A(x) → B(x)) ↔ (∃x A(x) → ∀x B(x))
[For more pairs of equivalent formulas, see Fig. 5.2 in Section
5.4]
Proof.
(e)

∃x(A(x) → B(x)) ≡ ∃x(¬A(x) ∨ B(x))

≡ ∃x¬A(x) ∨ ∃x B(x)
≡ ¬∀x A(x) ∨ ∃x B(x)
≡ ∀x A(x) → ∃x B(x)
Example
Prove that
∃x∀y A(x, y ) → ∀y ∃x A(x, y )
is a valid formula, yet its converse is not valid.
Solution:
Let I be an interpretation. Suppose

I |= ∃x∀y A(x, y ).

Then, for some a ∈ D

I |= ∀y A(a, y )

So,
I |= ∀y (∃x A(x, y ))
which proves that, for every I,

I |= ∃x∀y A(x, y ) → ∀y ∃x A(x, y )

I = (Z, {≤}) shows that the implication cannot be reversed if we
want the formula to be valid. 
 5.5 Semantic Tableaux

Example
We will try to show that

∀x(p(x) → q(x)) → (∀x p(x) → ∀x q(x))

is a valid formula

We consider its negation

¬[∀x(p(x) → q(x)) → (∀x p(x) → ∀x q(x))]

and try to show that it is unsatisfiable.

¬[∀x(p(x) → q(x)) → (∀x p(x) → ∀x q(x))]

∀x(p(x) → q(x)), ¬(∀x p(x) → ∀x q(x))

∀x(p(x) → q(x)), ∀x p(x), ¬∀x q(x)

∀x(p(x) → q(x)), ∀x p(x), ¬q(a)

∀x(p(x) → q(x)), p(a), ¬q(a)

p(a) → q(a),Mp(a), ¬q(a)

qM
qqq MMMMM
qqq
¬p(a),p(a),¬q(a) q(a),p(a),¬q(a)
× ×
Example
Now, we consider the formula

∀x(p(x) ∨ q(x)) → (∀x p(x) ∨ ∀x q(x))

which is not valid, but is satisfiable.

¬[∀x(p(x) ∨ q(x)) → (∀x p(x) ∨ ∀x q(x))]

∀x(p(x) ∨ q(x)), ¬(∀x p(x) ∨ ∀x q(x))

∀x(p(x) ∨ q(x)), ∃x ¬p(x), ∃x ¬q(x)

∀x(p(x) ∨ q(x)), ¬p(a), ∃x¬q(x)

p(a) ∨ q(a), ¬p(a),

M ∃x¬q(x)
qM
qqq MMMMM
qqq
p(a), ¬p(a), ∃x¬q(x) q(a), ¬p(a), ∃¬q(x)
×
q(a), ¬p(a), ¬q(a)
×
Question: What went wrong?
• We used the same constant a twice to eliminate two
distinct existential quantifiers.
• We were forced to use the same constant since, once we
eliminated the universal quantifier in

∀x(p(x) ∨ q(x))

we replaced it with a and were forced to work with that

constant exclusively from that point on.
Solution: We will not delete universal quantifiers from nodes of
the tableau; instead, we introduce some instance of that
variable but keep writing the universal quantifier. E.g.

∀x p(x)

∀x p(x), p(a)
Using these guidelines, if we construct a correct tableau for he
formula from the previous example (exercise!), we notice that
one branch ends with the open leaf

p(a), ¬q(a), ¬p(b), q(b)

In fact, this leaf gives us a model for this satisfiable formula; the
domain is
D = {a, b}
and the unary relations are subsets

p = {a}, q = {b}

[This is what we will define as an Herbrand model for this

formula in Chapter 7.]
Example
Consider the formulas

A1 = ∀x∃y p(x, y )
A2 = ∀x¬p(x, x)
A3 = ∀x∀y ∀z(p(x, y ) ∧ p(y , z) → p(x, z))

Check whether
A = A1 ∧ A2 ∧ A3
is a satisfiable formula and, if so, find one model for A.
Solution: We will first construct a semantic tableau for the
formula:

∀x∃y p(x, y ), A2 , A3

∀x∃y p(x, y ), ∃y (a1 , y ), A2 , A3

∀x∃y p(x, y ), p(a1 , a2 ), A2 , A3

∀x∃y p(x, y ), ∃y p(a2 , y ), p(a1 , a2 ), A2 , A3

∀x∃y p(x, y ), p(a2 , a3 ), p(a1 , a2 ), A2 , A3

..
.
We see that the tableau does not terminate; namely, every time
we drop the universal or an existential quantifier, we can
introduce a new constant symbol ai , to get an infinite sequence
of constants:
a1 , a2 , . . . , an , . . .

The formula does have an obvious infinite model:

I = (N, {<})

Furthermore, one can prove, using the formulas A2 and A3 (see

the proof of Theorem 5.24 in the textbook) that every model of

A = A1 ∧ A2 ∧ A3

must be infinite. So, the tableau construction effectively

produces a “generic” infinite model for A. 
• One stark difference in comparison with semantic tableaux
for propositional logic is (as seen in the previous example)
that a tableau of a predicate formula may not terminate.
• The reason for this anomaly is that, in propositional logic,
nodes of a tableau simplify in terms of the formula
complexity. In predicate logic, this is not the case, since we
can never eliminate universal quantifiers.
 Algorithm for Semantic Tableaux

• Two new types of rules:

γ γ(a) δ δ(a)
∀x A(x) A(a) ∃x A(x) A(a)
¬∃x A(x) ¬A(a) ¬∀x A(x) ¬A(a)

• Literal: closed atomic formula p(a1 , a2 , . . . , an ) or the

negation of such a formula.
Input: A - a predicate formula

Output: Semantic tableau T for A; all branches are either

infinite, or finite with leaves marked × (closed) or (open).

(1) Initially, T is a single node, labeled {A}.

(2) We build the tableau inductively by choosing an unmarked

leaf l, labeled U(l), and applying one of the following rules:
• If U(l) is a set of literals and γ-formulas containing a pair of
complementary literals
{p(a1 , a, . . . , an ), ¬p(a1 , a2 , . . . , an )}, mark it as closed (×)
• If U(l) is not a set of literals, choose a formula A in U(l)
which is not a literal:
– α- and β-rules are applied just as in propositional logic.
– If A is a γ-formula, add a new node l 0 , a child of l, and label
it
U(l 0 ) = U(l) ∪ {γ(a)}
where a is a constant appearing in U(l). If U(l) consists of
literals and γ-formulas only, mark it × or , depending on
whether there is a set of complementary literals.
– If A is a δ-formula, create a new node l 0 as a child of l and
label it
U(l 0 ) = (U(l) − {A}) ∪ {δ(a)}
where a is some constant that does not appear in U(l).
Definition
A branch in T is closed if it terminates in a leaf marked ×.
Otherwise, it is open.

Theorem
(Soundness) Suppose A is a predicate formula and T its
semantic tableau. If T closes, then A is unsatisfiable.

Theorem
(Completeness) Suppose A is a valid formula. Then, the
systematic semantic tableau for A terminates and is closed.
• Systematic tableau: a tableau in which every node is
labeled
W (l) = (U(l), C(l))
where U(l) is a list of formulas and C(l) is the list of all
constant symbols appearing in U(l).
• In a systematic tableau, if using a γ-rule, we do the
following: suppose {γ1 , . . . , γm } are all γ-formulas in U(l)
and
C(l) = {a1 , . . . , ak }
The new node l 0 will be labeled

(U(l) ∪ {γi (aj )}, C(l))

In other words, we create all possible instances of formulas

γi where the variable is replaced by all possible constants
aj .
 5.7 Finite and Infinite Models

Theorem
(Löwenheim) If a formula is satisfiable, then it is satisfiable in a
countable model.

Theorem
(Löwenheim - Skolem) If a countable set of predicate formulas
is satisfiable, then it is satisfiable in a countable model.

Theorem
(Compactness Theorem) Let U be a countable set of formulas.
If all finite subsets of U are satisfiable, then so is U.
 5.8 Undecidability of the Predicate
Logic
• Turing machines can be viewed as devices which compute
functions on natural numbers; i.e. given a Turing machine
T , we can associate to it a function
fT : N → N
so that fT (n) = m if T halts with the tape consisting of m
1’s when started on the tape with the input of n
consecutive 1’s. If T never halts on the input of n
consecutive 1’s, then fT (n) is undefined.

Theorem
(Church) It is undecidable whether a Turing machine, started on
a blank tape, will halt.
• In other words, it is undecidable, given a Turing machine T ,
whether fT (0) is defined.
 Two-Register Machines

Definition
Two-register machine (or, a Minsky machine) M consists of a
pair of registers (x, y ) which can store natural numbers, and a
program P = {L0 , L1 , . . . , Ln }, which is a sequential list of
instructions. Ln is always the command “halt”, and for
0 ≤ i < n, Li has one of the two forms
1 r := r + 1, for r ∈ {x, y }
2 if r = 0 then go to Lj else r := r − 1, for r ∈ {x, y },
0 ≤ j ≤ n.
• Execution of M: sequence of states

sk = (Li , x, y )

where Li is the current instruction during the execution,

and x,y are current contents of the two registers.
• Initial state:

s0 = (L0 , m, 0), for some m

• If
sk = (Ln , x, y ), for some k
then M halts and
y = f (m)
is computed by M.
Theorem
For every Turing machine T that computes f : N → N, a
two-register machine M can be constructed which computes
the same function.

Corollary
It is undecidable whether, given a two-register machine M,
whether fM (0) exists or not.
Theorem
(Church) Validity in predicate calculus is undecidable.
Sketch of the Proof.
To each two-register machine M, we associate a predicate
formula SM such that

M halts started at (L0 , 0, 0) ⇐⇒ |= SM

We use the language:

• Binary relations: pi (x, y ) (i = 0, 1, . . . , n)
• Unary function: s(x)
• Constant symbol: a
Intended interpretation:
• pi (x, y ): M is at the state (Li , x, y )
• s(x): successor function s(x) = x + 1
• a: a = 0
Li Si
x := x + 1 ∀x∀y (pi (x, y ) → pi+1 (s(x), y ))
y := y + 1 ∀x∀y (pi (x, y ) → pi+1 (x, s(y )))
if x = 0 then goto Lj ∀y (pi (a, y ) → pj (a, y ))
else x := x − 1 ∧∀x∀y (pi (s(x), y ) → pi+1 (x, y ))
if y = 0 then goto Lj ∀x(pi (x, a) → pj (x, a))
else y := y − 1 ∧∀x∀y (pi (x, s(y )) → pi+1 (x, y ))
Finally, define

SM = (S0 ∧ S1 ∧ . . . ∧ Sn ∧ p0 (a, a)) → ∃z1 ∃z2 pn (z1 , z2 )

SM says the following: if a machine with the program

P = {L0 , L1 , . . . , Ln }

is started at the initial state (L0 , 0, 0), then the computation will
halt with the values at the registers being (z1 , z2 ), for some
natural numbers z1 , z2 .

Since the Halting Problem for two-register machines is

undecidable, it is impossible to verify algorithmically whether

|= SM

or not. 
Church’s Theorem is also true for some restricted classes of
predicate logic:
1 Formulas containing only a finite number of binary
predicate symbols, one unary function symbol, and one
constant symbol.
2 Formulas written as Prolog programs.
3 Formulas with no function symbols.

[Skip ’Solvable Cases of the Decision Problem’ in Section 5.8]