Logical

Theory

September 22, 2023

Logical Theory is licensed under a Creative Com-

mons Attribution 4.0 International License. It is
based on The Open Logic Text by the Open Logic
Project, used under a Creative Commons Attribu-
tion 4.0 International License, and Metatheory by
Tim Button, also under a Creative Commons Attri-
bution 4.0 International License.
This text is a remix of the Open Logic Text tailor-made for the course Logical theory,
LOG111, at the University of Gothenburg. The original text as well as the present text
are released under a Creative Commons Attribution 4.0 International license. Please
see openlogicproject.org for more information.
Some modified parts from Tim Button’s book Metatheory are also included in this
text. Metatheory is generously released under a Creative Commons license making it
possible to include parts of it here.
This version of the text was compiled on September 22, 2023. Please check the
Canvas activity of the course for the most recent version. If you find typos, errors or
have suggestions for improvement please contact your course instructor.

Contents

I Propositional Logic 1

1 Syntax and Semantics 1

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Propositional Formulas . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.4 Valuations and Satisfaction . . . . . . . . . . . . . . . . . . . . . . . 5
1.5 Semantic Notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.6 Normal forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.7 Expressive adequacy . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.8 Failures of expressive adequacy . . . . . . . . . . . . . . . . . . . . . 13
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2 Natural Deduction 19
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2 Natural Deduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.3 Rules and Derivations . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.4 Propositional Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.5 Derivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.6 Examples of Derivations . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.7 Proof-Theoretic Notions . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.8 Derivability and Consistency . . . . . . . . . . . . . . . . . . . . . . 29
2.9 Derivability and the Propositional Connectives . . . . . . . . . . . . 30
2.10 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3 The Completeness Theorem 37

3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.2 Outline of the Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.3 Complete Consistent Sets of Formulas . . . . . . . . . . . . . . . . . 39

i
Contents

3.4 Lindenbaum’s Lemma . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.5 Construction of a Model . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.6 The Completeness Theorem . . . . . . . . . . . . . . . . . . . . . . . 41
3.7 The Compactness Theorem . . . . . . . . . . . . . . . . . . . . . . . 42
3.8 A Direct Proof of the Compactness Theorem . . . . . . . . . . . . . . 42
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

II First-order Logic 45

4 Syntax and Semantics 45

4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.2 First-Order Languages . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.3 Terms and Formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4.4 Unique Readability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
4.5 Main operator of a Formula . . . . . . . . . . . . . . . . . . . . . . . 52
4.6 Subformulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
4.7 Free Variables and Sentences . . . . . . . . . . . . . . . . . . . . . . 54
4.8 Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.9 Structures for First-order Languages . . . . . . . . . . . . . . . . . . 56
4.10 Covered Structures for First-order Languages . . . . . . . . . . . . . 57
4.11 Satisfaction of a Formula in a Structure . . . . . . . . . . . . . . . . 58
4.12 Variable Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . 62
4.13 Extensionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.14 Semantic Notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

5 Theories and Their Models 69

5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
5.2 Expressing Properties of Structures . . . . . . . . . . . . . . . . . . . 70
5.3 Examples of First-Order Theories . . . . . . . . . . . . . . . . . . . . 71
5.4 Expressing Relations in a Structure . . . . . . . . . . . . . . . . . . . 73
5.5 The Theory of Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
5.6 Expressing the Size of Structures . . . . . . . . . . . . . . . . . . . . 76
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

6 Natural Deduction 79
6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
6.2 Quantifier Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
6.3 Derivations with Quantifiers . . . . . . . . . . . . . . . . . . . . . . 80
6.4 Proof-Theoretic Notions . . . . . . . . . . . . . . . . . . . . . . . . . 83
6.5 Derivability and Consistency . . . . . . . . . . . . . . . . . . . . . . 85
6.6 Derivability and the Propositional Connectives . . . . . . . . . . . . 86
6.7 Derivability and the Quantifiers . . . . . . . . . . . . . . . . . . . . . 87
6.8 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
6.9 Derivations with Identity predicate . . . . . . . . . . . . . . . . . . . 91
6.10 Soundness with Identity predicate . . . . . . . . . . . . . . . . . . . 92
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

7 The Completeness Theorem 95

ii
 Contents

7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
7.2 Outline of the Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
7.3 Complete Consistent Sets of Sentences . . . . . . . . . . . . . . . . . 98
7.4 Henkin Expansion . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
7.5 Lindenbaum’s Lemma . . . . . . . . . . . . . . . . . . . . . . . . . . 101
7.6 Construction of a Model . . . . . . . . . . . . . . . . . . . . . . . . . 101
7.7 Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
7.8 The Completeness Theorem . . . . . . . . . . . . . . . . . . . . . . . 106
7.9 The Compactness Theorem . . . . . . . . . . . . . . . . . . . . . . . 106
7.10 A Direct Proof of the Compactness Theorem . . . . . . . . . . . . . . 108
7.11 The Löwenheim-Skolem Theorem . . . . . . . . . . . . . . . . . . . . 109
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

8 Basics of Model Theory 111

8.1 Reducts and Expansions . . . . . . . . . . . . . . . . . . . . . . . . . 111
8.2 Substructures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
8.3 Overspill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
8.4 Isomorphic Structures . . . . . . . . . . . . . . . . . . . . . . . . . . 112
8.5 The Theory of a Structure . . . . . . . . . . . . . . . . . . . . . . . . 114
8.6 Models of Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
8.7 Standard Models of Arithmetic . . . . . . . . . . . . . . . . . . . . . 115
8.8 Non-Standard Models . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

III Second-order Logic 121

9 Syntax and Semantics 121

9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
9.2 Terms and Formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
9.3 Satisfaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
9.4 Semantic Notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
9.5 Expressive Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
9.6 Describing Infinite and Countable Domains . . . . . . . . . . . . . . 126
9.7 Second-order Logic is not Compact . . . . . . . . . . . . . . . . . . . 127
9.8 The Löwenheim-Skolem Theorem Fails for Second-order Logic . . . 128
9.9 Second-order Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . 128
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

IV Intuitionistic Logic 131

10 Introduction 131
10.1 Constructive Reasoning . . . . . . . . . . . . . . . . . . . . . . . . . 131
10.2 Syntax of Intuitionistic Logic . . . . . . . . . . . . . . . . . . . . . . 132
10.3 The Brouwer-Heyting-Kolmogorov Interpretation . . . . . . . . . . 133
10.4 Natural Deduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

11 Semantics 139

iii
Contents

11.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

11.2 Relational models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
11.3 Semantic Notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

12 Soundness and Completeness 143

12.1 Soundness of Natural Deduction . . . . . . . . . . . . . . . . . . . . 143
12.2 Lindenbaum’s Lemma . . . . . . . . . . . . . . . . . . . . . . . . . . 144
12.3 The Canonical Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
12.4 The Truth Lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
12.5 The Completeness Theorem . . . . . . . . . . . . . . . . . . . . . . . 147
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

V Computability and Incompleteness 149

13 Turing Machine Computations 149

13.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
13.2 Representing Turing Machines . . . . . . . . . . . . . . . . . . . . . 151
13.3 Turing Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
13.4 Configurations and Computations . . . . . . . . . . . . . . . . . . . 155
13.5 Unary Representation of Numbers . . . . . . . . . . . . . . . . . . . 156
13.6 Halting States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
13.7 Disciplined Machines . . . . . . . . . . . . . . . . . . . . . . . . . . 159
13.8 Combining Turing Machines . . . . . . . . . . . . . . . . . . . . . . 160
13.9 Variants of Turing Machines . . . . . . . . . . . . . . . . . . . . . . . 163
13.10 The Church-Turing Thesis . . . . . . . . . . . . . . . . . . . . . . . . 164
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

14 Undecidability 167
14.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
14.2 Enumerating Turing Machines . . . . . . . . . . . . . . . . . . . . . 168
14.3 Universal Turing Machines . . . . . . . . . . . . . . . . . . . . . . . 170
14.4 The Halting Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
14.5 The Decision Problem . . . . . . . . . . . . . . . . . . . . . . . . . . 173
14.6 Representing Turing Machines . . . . . . . . . . . . . . . . . . . . . 174
14.7 Verifying the Representation . . . . . . . . . . . . . . . . . . . . . . 176
14.8 The Decision Problem is Unsolvable . . . . . . . . . . . . . . . . . . 180
14.9 Trakthenbrot’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . 181
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183

15 Recursive Functions 185

15.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
15.2 Primitive Recursion . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
15.3 Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
15.4 Primitive Recursion Functions . . . . . . . . . . . . . . . . . . . . . . 189
15.5 Primitive Recursion Notations . . . . . . . . . . . . . . . . . . . . . . 191
15.6 Primitive Recursive Functions are Computable . . . . . . . . . . . . 191
15.7 Examples of Primitive Recursive Functions . . . . . . . . . . . . . . 192
15.8 Primitive Recursive Relations . . . . . . . . . . . . . . . . . . . . . . 194

iv
 Contents

15.9 Bounded Minimization . . . . . . . . . . . . . . . . . . . . . . . . . . 196

15.10 Primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
15.11 Sequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
15.12 Trees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
15.13 Other Recursions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
15.14 Non-Primitive Recursive Functions . . . . . . . . . . . . . . . . . . . 202
15.15 Partial Recursive Functions . . . . . . . . . . . . . . . . . . . . . . . 203
15.16 General Recursive Functions . . . . . . . . . . . . . . . . . . . . . . 205
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

16 Introduction to Incompleteness 207

16.1 Historical Background . . . . . . . . . . . . . . . . . . . . . . . . . . 207
16.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
16.3 Overview of Incompleteness Results . . . . . . . . . . . . . . . . . . 214
16.4 Undecidability and Incompleteness . . . . . . . . . . . . . . . . . . . 215
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217

17 Arithmetization of Syntax 219

17.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
17.2 Coding Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
17.3 Coding Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
17.4 Coding Formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
17.5 Substitution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
17.6 Derivations in Natural Deduction . . . . . . . . . . . . . . . . . . . . 224
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

18 Representability in Q 229
18.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
18.2 Functions Representable in Q are Computable . . . . . . . . . . . . . 231
18.3 The Beta Function Lemma . . . . . . . . . . . . . . . . . . . . . . . . 232
18.4 Simulating Primitive Recursion . . . . . . . . . . . . . . . . . . . . . 234
18.5 Basic Functions are Representable in Q . . . . . . . . . . . . . . . . . 235
18.6 Composition is Representable in Q . . . . . . . . . . . . . . . . . . . 237
18.7 Regular Minimization is Representable in Q . . . . . . . . . . . . . . 239
18.8 Computable Functions are Representable in Q . . . . . . . . . . . . . 241
18.9 Representing Relations . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

19 Incompleteness and Provability 243

19.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
19.2 The Fixed-Point Lemma . . . . . . . . . . . . . . . . . . . . . . . . . 244
19.3 The First Incompleteness Theorem . . . . . . . . . . . . . . . . . . . 246
19.4 Rosser’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
19.5 Comparison with Gödel’s Original Paper . . . . . . . . . . . . . . . . 248
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

VI Appendices 251

A Proofs 253

v
Contents

A.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

A.2 Starting a Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
A.3 Using Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
A.4 Inference Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
A.5 An Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
A.6 Another Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
A.7 Proof by Contradiction . . . . . . . . . . . . . . . . . . . . . . . . . . 264
A.8 Reading Proofs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
A.9 I Can’t Do It! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
A.10 Other Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

B Induction 271
B.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
B.2 Induction on N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
B.3 Strong Induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
B.4 Inductive Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
B.5 Structural Induction . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
B.6 Relations and Functions . . . . . . . . . . . . . . . . . . . . . . . . . 277
Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

C Biographies 281
C.1 Georg Cantor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
C.2 Alonzo Church . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
C.3 Gerhard Gentzen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
C.4 Kurt Gödel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
C.5 Emmy Noether . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
C.6 Rózsa Péter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
C.7 Julia Robinson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
C.8 Bertrand Russell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
C.9 Alfred Tarski . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
C.10 Alan Turing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
C.11 Ernst Zermelo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Photo Credits 291

Bibliography 293

vi
 Part I

Propositional Logic

Chapter 1

Syntax and Semantics

1.1 Introduction
Propositional logic deals with formulas that are built from propositional variables
using the propositional connectives ¬, ∧, ∨, →, and ↔. Intuitively, a propositional
variable 𝑝 stands for a sentence or proposition that is true or false. Whenever the
“truth value” of the propositional variable in a formula is determined, so is the truth
value of any formulas formed from them using propositional connectives. We say
that propositional logic is truth functional, because its semantics is given by functions
of truth values. In particular, in propositional logic we leave out of consideration
any further determination of truth and falsity, e.g., whether something is necessarily
true rather than just contingently true, or whether something is known to be true, or
whether something is true now rather than was true or will be true. We only consider
two truth values true (T) and false (F), and so exclude from discussion the possibility
that a statement may be neither true nor false, or only half true. We also concentrate
only on connectives where the truth value of a formula built from them is completely
determined by the truth values of its parts (and not, say, on its meaning). In particular,
whether the truth value of conditionals in English is truth functional in this sense is
contentious. The material conditional → is; other logics deal with conditionals that
are not truth functional.
In order to develop the theory and metatheory of truth-functional propositional
logic, we must first define the syntax and semantics of its expressions. We will describe
one way of constructing formulas from propositional variables using the connectives.
Alternative definitions are possible. Other systems will choose different symbols, will
select different sets of connectives as primitive, and will use parentheses differently (or
even not at all, as in the case of so-called Polish notation). What all approaches have
in common, though, is that the formation rules define the set of formulas inductively.
If done properly, every expression can result essentially in only one way according
to the formation rules. The inductive definition resulting in expressions that are

1
1. Syntax and Semantics

uniquely readable means we can give meanings to these expressions using the same
method—inductive definition.
Giving the meaning of expressions is the domain of semantics. The central concept
in semantics for propositional logic is that of satisfaction in a valuation. A valuation 𝑣
assigns truth values T, F to the propositional variables. Any valuation determines a
truth value 𝑣 (𝜑) for any formula 𝜑. A formula is satisfied in a valuation 𝑣 iff 𝑣 (𝜑) = T—
we write this as 𝑣 ⊨ 𝜑. This relation can also be defined by induction on the structure
of 𝜑, using the truth functions for the logical connectives to define, say, satisfaction
of 𝜑 ∧ 𝜓 in terms of satisfaction (or not) of 𝜑 and 𝜓 .
On the basis of the satisfaction relation 𝑣 ⊨ 𝜑 for sentences we can then define
the basic semantic notions of tautology, entailment, and satisfiability. A formula is
a tautology, ⊨ 𝜑, if every valuation satisfies it, i.e., 𝑣 (𝜑) = T for any 𝑣. It is entailed
by a set of formulas, Γ ⊨ 𝜑, if every valuation that satisfies all the formulas in Γ also
satisfies 𝜑. And a set of formulas is satisfiable if some valuation satisfies all formulas
in it at the same time. Because formulas are inductively defined, and satisfaction is in
turn defined by induction on the structure of formulas, we can use induction to prove
properties of our semantics and to relate the semantic notions defined.

1.2 Propositional Formulas

Formulas of propositional logic are built up from propositional variables and the
propositional constant ⊥ using logical connectives.

1. A countably infinite set At0 of propositional variables 𝑝 0 , 𝑝 1 , . . .

2. The propositional constant for falsity ⊥.

3. The logical connectives: ¬ (negation), ∧ (conjunction), ∨ (disjunction), →

(conditional)

4. Punctuation marks: (, ), and the comma.

We denote this language of propositional logic by L0 .

In addition to the primitive connectives introduced above, we also use the follow-
ing defined symbols: ↔ (biconditional), ⊤ (truth)
A defined symbol is not officially part of the language, but is introduced as an
informal abbreviation: it allows us to abbreviate formulas which would, if we only
used primitive symbols, get quite long. This is obviously an advantage. The bigger
advantage, however, is that proofs become shorter. If a symbol is primitive, it has to
be treated separately in proofs. The more primitive symbols, therefore, the longer our
proofs.
You may be familiar with different terminology and symbols than the ones we
use above. Logic texts (and teachers) commonly use either ∼, ¬, and ! for “negation”,
∧, ·, and & for “conjunction”. Commonly used symbols for the “conditional” or
“implication” are →, ⇒, and ⊃. Symbols for “biconditional,” “bi-implication,” or
“(material) equivalence” are ↔, ⇔, and ≡. The ⊥ symbol is variously called “falsity,”
“falsum,” “absurdity,” or “bottom.” The ⊤ symbol is variously called “truth,” “verum,”
or “top.”

Definition 1.1 (Formula). The set Frm(L0 ) of formulas of propositional logic is

defined inductively as follows:

2
 1.3. Preliminaries

1. ⊥ is an atomic formula.

2. Every propositional variable 𝑝𝑖 is an atomic formula.

3. If 𝜑 is a formula, then ¬𝜑 is a formula.

4. If 𝜑 and 𝜓 are formulas, then (𝜑 ∧ 𝜓 ) is a formula.

5. If 𝜑 and 𝜓 are formulas, then (𝜑 ∨ 𝜓 ) is a formula.

6. If 𝜑 and 𝜓 are formulas, then (𝜑 → 𝜓 ) is a formula.

7. Nothing else is a formula.

The definition of formulas is an inductive definition. Essentially, we construct the

set of formulas in infinitely many stages. In the initial stage, we pronounce all atomic
formulas to be formulas; this corresponds to the first few cases of the definition, i.e.,
the cases for ⊥, 𝑝𝑖 . “Atomic formula” thus means any formula of this form.
The other cases of the definition give rules for constructing new formulas out
of formulas already constructed. At the second stage, we can use them to construct
formulas out of atomic formulas. At the third stage, we construct new formulas from
the atomic formulas and those obtained in the second stage, and so on. A formula is
anything that is eventually constructed at such a stage, and nothing else.

Definition 1.2. Formulas constructed using the defined operators are to be under-
stood as follows:

1. ⊤ abbreviates ¬⊥.

2. 𝜑 ↔ 𝜓 abbreviates (𝜑 → 𝜓 ) ∧ (𝜓 → 𝜑).

Definition 1.3 (Syntactic identity). The symbol ≡ expresses syntactic identity be-
tween strings of symbols, i.e., 𝜑 ≡ 𝜓 iff 𝜑 and 𝜓 are strings of symbols of the same
length and which contain the same symbol in each place.

The ≡ symbol may be flanked by strings obtained by concatenation, e.g., 𝜑 ≡

(𝜓 ∨ 𝜒) means: the string of symbols 𝜑 is the same string as the one obtained by
concatenating an opening parenthesis, the string 𝜓 , the ∨ symbol, the string 𝜒, and
a closing parenthesis, in this order. If this is the case, then we know that the first
symbol of 𝜑 is an opening parenthesis, 𝜑 contains 𝜓 as a substring (starting at the
second symbol), that substring is followed by ∨, etc.

1.3 Preliminaries
Theorem 1.4 (Principle of induction on formulas). If some property 𝑃 holds for
all the atomic formulas and is such that

1. it holds for ¬𝜑 whenever it holds for 𝜑;

2. it holds for (𝜑 ∧ 𝜓 ) whenever it holds for 𝜑 and 𝜓 ;

3. it holds for (𝜑 ∨ 𝜓 ) whenever it holds for 𝜑 and 𝜓 ;

4. it holds for (𝜑 → 𝜓 ) whenever it holds for 𝜑 and 𝜓 ;

3
1. Syntax and Semantics

then 𝑃 holds for all formulas.

Proof. Let 𝑆 be the collection of all formulas with property 𝑃. Clearly 𝑆 ⊆ Frm(L0 ).
𝑆 satisfies all the conditions of Definition 1.1: it contains all atomic formulas and is
closed under the logical operators. Frm(L0 ) is the smallest such class, so Frm(L0 ) ⊆ 𝑆.
So Frm(L0 ) = 𝑆, and every formula has property 𝑃. □

Proposition 1.5. Any formula in Frm(L0 ) is balanced, in that it has as many left
parentheses as right ones.

Proposition 1.6. No proper initial segment of a formula is a formula.

Proposition 1.7 (Unique Readability). Any formula 𝜑 in Frm(L0 ) has exactly one
parsing as one of the following
1. ⊥.
2. 𝑝𝑛 for some 𝑝𝑛 ∈ At0 .
3. ¬𝜓 for some formula 𝜓 .
4. (𝜓 ∧ 𝜒) for some formulas 𝜓 and 𝜒.
5. (𝜓 ∨ 𝜒) for some formulas 𝜓 and 𝜒.
6. (𝜓 → 𝜒) for some formulas 𝜓 and 𝜒.
Moreover, this parsing is unique.

Proof. By induction on 𝜑. For instance, suppose that 𝜑 has two distinct readings as
(𝜓 → 𝜒) and (𝜓 ′ → 𝜒 ′ ). Then 𝜓 and 𝜓 ′ must be the same (or else one would be a
proper initial segment of the other and that’s not possible by Proposition 1.6); so if
the two readings of 𝜑 are distinct it must be because 𝜒 and 𝜒 ′ are distinct readings of
the same sequence of symbols, which is impossible by the inductive hypothesis. □

It may be worth pointing out that the unique readability is not something we
get for free for any inductively defined system. For example, if in the definition
of Frm(L0 ) we hadn’t used parantheses the “formula” 𝜑 ∧ 𝜓 ∨ 𝜒 would have two
different parsings corresponding to (𝜑 ∧ 𝜓 ) ∨ 𝜒 and 𝜑 ∧ (𝜓 ∨ 𝜒).
It is often useful to talk about the formulas that “make up” a given formula. We
call these its subformulas. Any formula counts as a subformula of itself; a subformula
of 𝜑 other than 𝜑 itself is a proper subformula.
Definition 1.8 (Immediate Subformula). If 𝜑 is a formula, the immediate subfor-
mulas of 𝜑 are defined inductively as follows:
1. Atomic formulas have no immediate subformulas.
2. 𝜑 ≡ ¬𝜓 : The only immediate subformula of 𝜑 is 𝜓 .
3. 𝜑 ≡ (𝜓 ∗ 𝜒): The immediate subformulas of 𝜑 are 𝜓 and 𝜒 (∗ is any one of the
two-place connectives).

Definition 1.9 (Proper Subformula). If 𝜑 is a formula, the proper subformulas of

𝜑 are recursively as follows:

4
 1.4. Valuations and Satisfaction

1. Atomic formulas have no proper subformulas.

2. 𝜑 ≡ ¬𝜓 : The proper subformulas of 𝜑 are 𝜓 together with all proper subfor-

mulas of 𝜓 .

3. 𝜑 ≡ (𝜓 ∗ 𝜒): The proper subformulas of 𝜑 are 𝜓 , 𝜒, together with all proper

subformulas of 𝜓 and those of 𝜒.

Definition 1.10 (Subformula). The subformulas of 𝜑 are 𝜑 itself together with all
its proper subformulas.

The main connective of a formula is the outermost connective of the formula. We

can now define what the scope of a connective is.

Definition 1.11 (Scope). The scope of a connective in a formula is the subformula

for which the connective is the main connective.

Definition 1.12 (Uniform Substitution). If 𝜑 and 𝜓 are formulas, and 𝑝𝑖 is a propo-

sitional variable, then 𝜑 [𝜓 /𝑝𝑖 ] denotes the result of replacing each occurrence of 𝑝𝑖
by an occurrence of 𝜓 in 𝜑; similarly, the simultaneous substitution of 𝑝 1 , . . . , 𝑝𝑛 by
formulas 𝜓 1 , . . . , 𝜓𝑛 is denoted by 𝜑 [𝜓 1 /𝑝 1, . . . ,𝜓𝑛 /𝑝𝑛 ].

1.4 Valuations and Satisfaction

Definition 1.13 (Valuations). Let {T, F} be the set of the two truth values, “true” and
“false.” A valuation for L0 is a function 𝑣 assigning either T or F to the propositional
variables of the language, i.e., 𝑣 : At0 → {T, F}.

Definition 1.14. Given a valuation 𝑣, define the evaluation function 𝑣 : Frm(L0 ) →

{T, F} inductively by:

𝑣 (⊥) = F;
𝑣 (𝑝𝑛 ) = 𝑣 (𝑝𝑛 );
(
T if 𝑣 (𝜑) = F;
𝑣 (¬𝜑) =
F otherwise.
(
T if 𝑣 (𝜑) = T and 𝑣 (𝜓 ) = T;
𝑣 (𝜑 ∧ 𝜓 ) =
F if 𝑣 (𝜑) = F or 𝑣 (𝜓 ) = F.
(
T if 𝑣 (𝜑) = T or 𝑣 (𝜓 ) = T;
𝑣 (𝜑 ∨ 𝜓 ) =
F if 𝑣 (𝜑) = F and 𝑣 (𝜓 ) = F.
(
T if 𝑣 (𝜑) = F or 𝑣 (𝜓 ) = T;
𝑣 (𝜑 → 𝜓 ) =
F if 𝑣 (𝜑) = T and 𝑣 (𝜓 ) = F.

The clauses correspond to the following truth tables:

5
1. Syntax and Semantics

𝜑 𝜓 𝜑 ∧𝜓 𝜑 𝜓 𝜑 ∨𝜓
𝜑 ¬𝜑 T T T T T T
T F T F F T F T
F T F T F F T T
F F F F F F

𝜑 𝜓 𝜑 →𝜓
T T T
T F F
F T T
F F T
Theorem 1.15 (Local Determination). Suppose that 𝑣 1 and 𝑣 2 are valuations that
agree on the propositional letters occurring in 𝜑, i.e., 𝑣 1 (𝑝𝑛 ) = 𝑣 2 (𝑝𝑛 ) whenever 𝑝𝑛 occurs
in some formula 𝜑. Then 𝑣 1 and 𝑣 2 also agree on 𝜑, i.e., 𝑣 1 (𝜑) = 𝑣 2 (𝜑).

Proof. By induction on 𝜑. □

Definition 1.16 (Satisfaction). We can inductively define the notion of satisfaction

of a formula 𝜑 by a valuation 𝑣, 𝑣 ⊨ 𝜑, as follows. (We write 𝑣 ⊭ 𝜑 to mean “not 𝑣 ⊨ 𝜑.”)
1. 𝜑 ≡ ⊥: 𝑣 ⊭ 𝜑.
2. 𝜑 ≡ 𝑝𝑖 : 𝑣 ⊨ 𝜑 iff 𝑣 (𝑝𝑖 ) = T.
3. 𝜑 ≡ ¬𝜓 : 𝑣 ⊨ 𝜑 iff 𝑣 ⊭ 𝜓 .
4. 𝜑 ≡ (𝜓 ∧ 𝜒): 𝑣 ⊨ 𝜑 iff 𝑣 ⊨ 𝜓 and 𝑣 ⊨ 𝜒.
5. 𝜑 ≡ (𝜓 ∨ 𝜒): 𝑣 ⊨ 𝜑 iff 𝑣 ⊨ 𝜓 or 𝑣 ⊨ 𝜒 (or both).
6. 𝜑 ≡ (𝜓 → 𝜒): 𝑣 ⊨ 𝜑 iff 𝑣 ⊭ 𝜓 or 𝑣 ⊨ 𝜒 (or both).
If Γ is a set of formulas, 𝑣 ⊨ Γ iff 𝑣 ⊨ 𝜑 for every 𝜑 ∈ Γ.

Proposition 1.17. 𝑣 ⊨ 𝜑 iff 𝑣 (𝜑) = T.

Proof. By induction on 𝜑. □

1.5 Semantic Notions

We define the following semantic notions:
Definition 1.18. 1. A formula 𝜑 is satisfiable if for some 𝑣, 𝑣 ⊨ 𝜑; it is unsatisfiable
if for no 𝑣, 𝑣 ⊨ 𝜑;
2. A formula 𝜑 is a tautology if 𝑣 ⊨ 𝜑 for all valuations 𝑣;
3. A formula 𝜑 is contingent if it is satisfiable but not a tautology;
4. If Γ is a set of formulas, Γ ⊨ 𝜑 (“Γ entails 𝜑”) if and only if 𝑣 ⊨ 𝜑 for every
valuation 𝑣 for which 𝑣 ⊨ Γ.
5. If Γ is a set of formulas, Γ is satisfiable if there is a valuation 𝑣 for which 𝑣 ⊨ Γ,
and Γ is unsatisfiable otherwise.

6
 1.5. Semantic Notions

Proposition 1.19. 1. 𝜑 is a tautology if and only if ∅ ⊨ 𝜑;

2. If Γ ⊨ 𝜑 and Γ ⊨ 𝜑 → 𝜓 then Γ ⊨ 𝜓 ;
3. If Γ is satisfiable then every finite subset of Γ is also satisfiable;
4. Monotonicity: if Γ ⊆ Δ and Γ ⊨ 𝜑 then also Δ ⊨ 𝜑;
5. Transitivity: if Γ ⊨ 𝜑 and Δ ∪ {𝜑 } ⊨ 𝜓 then Γ ∪ Δ ⊨ 𝜓 .

Proof. Exercise. □

Proposition 1.20. Γ ⊨ 𝜑 if and only if Γ ∪ {¬𝜑 } is unsatisfiable.

Proof. Exercise. □

Theorem 1.21 (Semantic Deduction Theorem). Γ ⊨ 𝜑 →𝜓 if and only if Γ ∪ {𝜑 } ⊨

𝜓.

Proof. Exercise. □

We write 𝜑 ⊨ 𝜓 for Γ ⊨ 𝜓 when Γ = {𝜑 } is a singleton and say that two formulas

are semantically equivalent, 𝜑 ≈ 𝜓 , when 𝜑 ⊨ 𝜓 and 𝜓 ⊨ 𝜑, i.e., when 𝑣 (𝜑) = 𝑣 (𝜓 ) for
all valuations 𝑣.
Proposition 1.22 (Substitution Lemma). If 𝜑 1 ≈ 𝜓 1 , . . . , 𝜑𝑛 ≈ 𝜓𝑛 , then 𝜑 [𝜑 1 /𝑝 1, . . . , 𝜑𝑛 /𝑝𝑛 ] ≈
𝜑 [𝜓 1 /𝑝 1, . . . ,𝜓𝑛 /𝑝𝑛 ].

Proof. Exercise. □

The following equivalences, known as the De Morgan laws, seem to indicate that
the connectives ∧ and ∨ behave in a similar, dual, way.

(𝜑 ∧ 𝜓 ) ≈ ¬(¬𝜑 ∨ ¬𝜓 )
(𝜑 ∨ 𝜓 ) ≈ ¬(¬𝜑 ∧ ¬𝜓 )

This symmetry, or duality, between conjunction and disjunction can be made precise,
but first we define the dual of a formula.
Definition 1.23. The mapping that maps a formula with no occurrences of ⊥, → nor
↔ to its dual is defined by the following clauses:
• 𝜑 𝑑 ≡ 𝜑 when 𝜑 is atomic,
• (¬𝜑)𝑑 ≡ ¬𝜑 𝑑 ,
• (𝜑 ∧ 𝜓 )𝑑 ≡ 𝜑 𝑑 ∨ 𝜓 𝑑 ,
• (𝜑 ∨ 𝜓 )𝑑 ≡ 𝜑 𝑑 ∧ 𝜓 𝑑 .

Observe that the dual of the dual of a formula is the formula itself, i.e., that
(𝜑 𝑑 )𝑑 ≡ 𝜑.
Proposition 1.24. 𝜑 ≈ 𝜓 iff 𝜑 𝑑 ≈ 𝜓 𝑑 whenever the dual is defined.

Proof. Exercise. □

7
1. Syntax and Semantics

1.6 Normal forms

In this section, we prove two normal form theorems for propositional logic. These
guarantee that, for any formula, there is a semantically equivalent formula in some
canonical normal form. Moreover, we shall give methods for finding these normal-
form equivalents.
Say that a formula is in disjunctive normal form if it meets all of the following
conditions:

• No connectives occur in the formula other than negations, conjunctions and

disjunctions;

• Every occurrence of negation has minimal scope (i.e. any ‘¬’ is immediately
followed by an atomic formula);

• No disjunction occurs within the scope of any conjunction.

Here are are some formulas in disjunctive normal form:

𝑝0
(𝑝 0 ∧ 𝑝 1 ) ∨ (𝑝 0 ∧ ¬𝑝 1 )
(𝑝 0 ∧ 𝑝 1 ) ∨ (𝑝 0 ∧ 𝑝 1 ∧ 𝑝 2 ∧ ¬𝑝 3 ∧ ¬𝛼)
𝑝 0 ∨ (𝑝 2 ∧ ¬𝑝 7 ∧ 𝑝 9 ∧ 𝑝 3 ) ∨ ¬𝑝 1

Note that we have allowed ourselves to employ the relaxed bracketing-conventions

that allow conjunctions and disjunctions to be of arbitrary length. These conventions
make it easier to see when a formula is in disjunctive normal form.
To further illustrate the idea of disjunctive normal form, we shall introduce some
more notation. We write ‘(¬)𝑝𝑖 ’ to indicate that 𝑝𝑖 is an atomic formula which may
or may not be prefaced with an occurrence of negation. Then a formula in disjunctive
normal form has the following shape:




(¬)𝑝𝑖 1 ∧ . . . ∧ (¬)𝑝𝑖 𝑗 ∨ (¬)𝑝𝑖 𝑗 +1 ∧ . . . ∧ (¬)𝑝𝑖𝑘 ∨ . . . ∨ (¬)𝑝𝑖𝑙 ∧ . . . ∧ (¬)𝑝𝑖𝑛

We now know what it is for a formula to be in disjunctive normal form. The result
that we are aiming at is the following.

Proposition 1.25. For any formula, there is a semantically equivalent formula in

disjunctive normal form.

Henceforth, we shall abbreviate ‘Disjunctive Normal Form’ by ‘DNF’.

The proof of the DNF Theorem employs truth tables. We shall first illustrate the
technique for finding an equivalent formula in DNF, and then turn this illustration
into a rigorous proof.
Let’s suppose we have some formula, 𝜑, which contains three atomic formulas,
‘𝑝 0 ’, ‘𝑝 1 ’ and ‘𝑝 2 ’. The very first thing to do is fill out a complete truth table for 𝜑.
Maybe we end up with this:

8
 1.6. Normal forms

𝜑 𝑝0 𝑝1 𝑝2
T T T T
F T T F
T T F T
F T F F
F F T T
F F T F
T F F T
T F F F
As it happens, 𝜑 is true on four lines of its truth table, namely lines 1, 3, 7 and
8. Corresponding to each of those lines, we shall write down four formulas, whose
only connectives are negations and conjunctions, where every negation has minimal
scope:
• 𝑝0 ∧ 𝑝1 ∧ 𝑝2 which is true on line 1 (and only then)
• 𝑝 0 ∧ ¬𝑝 1 ∧ 𝑝 2 which is true on line 3 (and only then)
• ¬𝑝 0 ∧ ¬𝑝 1 ∧ 𝑝 2 which is true on line 7 (and only then)
• ¬𝑝 0 ∧ ¬𝑝 1 ∧ ¬𝑝 2 which is true on line 8 (and only then)
But if we now disjoin all of these conjunctions, like so:

(𝑝 0 ∧ 𝑝 1 ∧ 𝑝 2 ) ∨ (𝑝 0 ∧ ¬𝑝 1 ∧ 𝑝 2 ) ∨ (¬𝑝 0 ∧ ¬𝑝 1 ∧ 𝑝 2 ) ∨ (¬𝑝 0 ∧ ¬𝑝 1 ∧ ¬𝑝 2 )

we have a formula in DNF which is true on exactly those lines where one of the
disjuncts is true, i.e. it is true on (and only on) lines 1, 3, 7, and 8. So this formula has
exactly the same truth table as 𝜑. So we have a formula in DNF that is semantically
equivalent to 𝜑. Which is exactly what we wanted.
Now, this strategy did not depend on the specifics of 𝜑; it is perfectly general.
Consequently, we can use it to obtain a simple proof of the DNF Theorem.
Proof of DNF Theorem. Pick any arbitrary formula, 𝜑, and let 𝑝 0, . . . , 𝑝𝑛 be the atomic
formulas that occur in 𝜑. To obtain a formula in DNF that is semantically equivalent
to 𝜑, we consider 𝜑’s truth table. There are two cases to consider:
1. 𝜑 is false on every line of its truth table. Then, 𝜑 is a contradiction. In that case,
the contradiction (𝑝 0 ∧ ¬𝑝 0 ) ≈ 𝜑, and (𝑝 0 ∧ ¬𝑝 0 ) is in DNF.
2. 𝜑 is true on at least one line of its truth table. For each line 𝑖 of the truth table,
let 𝜓𝑖 be a conjunction of the form

((¬)𝑝 0 ∧ . . . ∧ (¬)𝑝𝑛 )

where the following rules determine whether or not to include a negation in

front of the atomic formulas:

𝑝𝑚 is a conjunct of 𝜓𝑖 iff 𝑝𝑚 is true on line 𝑖

¬𝑝𝑚 is a conjunct of 𝜓𝑖 iff 𝑝𝑚 is false on line 𝑖

Given these rules, a trivial proof by induction shows that 𝜓𝑖 is true on (and only
on) line 𝑖 of the truth table which considers all possible valuations of 𝑝 0, . . . , 𝑝𝑛
(i.e. 𝜑’s truth table).

9
1. Syntax and Semantics

Next, let 𝑖 1, 𝑖 2, . . . , 𝑖𝑚 be the numbers of the lines of the truth table where 𝜑 is
true. Now let 𝜒 be the formula:

𝜓𝑖 1 ∨ 𝜓𝑖 2 ∨ . . . ∨ 𝜓𝑖𝑚

Since 𝜑 is true on at least one line of its truth table, 𝜒 is indeed well-defined;
and in the limiting case where 𝜑 is true on exactly one line of its truth table, 𝜒
is just 𝜓𝑖𝑘 , for some 𝑖𝑘 .
By construction, 𝜒 is in DNF. Moreover, by construction, for each line 𝑖 of the
truth table: 𝜑 is true on line 𝑖 of the truth table iff one of 𝜒’s disjuncts (namely,
𝜓𝑖 ) is true on, and only on, line 𝑖. (Again, this is shown by a trivial proof by
induction.) Hence 𝜑 and 𝜒 have the same truth table, and so are semantically
equivalent.

These two cases are exhaustive and, either way, we have a formula in DNF that is
semantically equivalent to 𝜑. □

So far we have discussed disjunctive normal form. Given the duality of disjunction
and conjunction, it may not come as a surprise to hear that there is also such a thing
as conjunctive normal form (CNF).
The definition of CNF is exactly analogous to the definition of DNF: A formula is
in CNF iff it meets all of the following conditions:

• No connectives occur in the formula other than negations, conjunctions and

disjunctions;

• Every occurrence of negation has minimal scope;

• No conjunction occurs within the scope of any disjunction.

Generally, then, a formula in CNF looks like this:

(¬)𝑝𝑖 1 ∨ . . . ∨ (¬)𝑝𝑖 𝑗 ∧ (¬)𝑝𝑖 𝑗 +1 ∨ . . . ∨ (¬)𝑝𝑖𝑘 ∧ . . . ∧ (¬)𝑝𝑖𝑙 ∨ . . . ∨ (¬)𝑝𝑖𝑛

It should be immediate clear that if a formula is in DNF, then its dual is in CNF;
and vice versa. Armed with this insight, we can immediately prove another normal
form theorem:

Proposition 1.26. For any formula, there is a semantically equivalent formula in

conjunctive normal form.

Proof. Let 𝜑 be any formula. Let 𝜓 be a DNF formula semantically equivalent to

𝜑 𝑑 by using Proposition 1.25. Now, 𝜓 𝑑 is on CNF by the observation above. Using
Proposition 1.24, we have (𝜑 𝑑 )𝑑 ≈ 𝜓 𝑑 , i.e., the CNF formula 𝜓 𝑑 is semantically
equivalent to 𝜑. □

This slick proof is a further illustration of the power of duality. However, it

might suggest that the DNF Theorem enjoys some kind of ‘precedence’ over the CNF
Theorem. That would be misleading. We can easily prove the CNF Theorem directly,
using the same proof techniques that we used to prove the DNF Theorem (whereupon
the DNF Theorem could be proved as a consequence of the CNF Theorem and duality).

10
 1.7. Expressive adequacy

1.7 Expressive adequacy

We shall now demonstrate the expressive power of propositional logic.
The only primitive connectives we have defined are one-place (i.e. ‘¬’) and two-
place (i.e. ‘∧’, ‘∨’, ‘→’ and ‘↔’). But nothing stops us from introducing three-, four-,
or five-place connectives; or, more generally, 𝑛-place connectives, for any number 𝑛
we like. We might, for example, define a three-place connective, ‘♥’, into existence,
by stipulating that it is to have the following characteristic truth table:

𝜑 𝜓 𝜒 ♥(𝜑,𝜓, 𝜒)
T T T F
T T F T
T F T T
T F F F
F T T F
F T F T
F F T F
F F F F

Probably this new connective would not correspond with any natural English ex-
pression (in the way that ‘∧’ corresponds with ‘and’). But a question arises: if we
wanted to employ a connective with this characteristic truth table, must we add a
new connective? Or can we get by with the connectives we already have?
Let us make this question more precise. Say that some connectives are jointly
expressively adequate iff, for any possible truth function, there is a scheme containing
only those connectives which expresses that truth function. Since we can represent
truth functions using characteristic truth tables, we could equivalently say the fol-
lowing: some connectives are jointly expressively adequate iff, for any possible truth
table, there is a scheme containing only those connectives with that truth table.
We say ‘scheme’ rather than ‘formula’, because we are not concerned with some-
thing as specific as a formula. To see why, consider the characteristic truth table for
conjunction; this schematically encodes the information that a conjunction (𝜑 ∧ 𝜓 )
is true iff both 𝜑 and 𝜓 are true (whatever 𝜑 and 𝜓 might be). When we discuss
expressive adequacy, we are considering something at the same level of generality.
The general point is, when we are armed with some jointly expressively adequate
connectives, no truth function lies beyond our grasp.

Theorem 1.27. The following pairs of connectives are jointly expressively adequate:

• ‘¬’ and ‘∨’

• ‘¬’ and ‘∧’

• ‘¬’ and ‘→’

Proof. Given any truth table, we can use the method of proving the DNF Theorem (or
the CNF Theorem) via truth tables, to write down a scheme which has the same truth
table. For example, employing the truth table method for proving the DNF Theorem,
I can tell you that the following scheme has the same characteristic truth table as
♥(𝜑,𝜓, 𝜒), above:

(𝜑 ∧ 𝜓 ∧ ¬𝜒) ∨ (𝜑 ∧ ¬𝜓 ∧ 𝜒) ∨ (¬𝜑 ∧ 𝜓 ∧ ¬𝜒)

11
1. Syntax and Semantics

It follows that the connectives ¬’, ‘∨’ and ‘∧’ are jointly expressively adequate.
We now show that there is an equivalent scheme which contains only ‘¬’ and ‘∨’.
To show do this, we simply consider the following equivalence:

(𝜑 ∧ 𝜓 ) ≈ ¬(¬𝜑 ∨ ¬𝜓 )

(The details are left as an exercise).

For the joint expressive adequacy of ‘¬’ and ‘∧’ we note that:

(𝜑 ∨ 𝜓 ) ≈ ¬(¬𝜑 ∧ ¬𝜓 )

To get the last result we note that:

(𝜑 ∨ 𝜓 ) ≈ (¬𝜑 → 𝜓 )
(𝜑 ∧ 𝜓 ) ≈ ¬(𝜑 → ¬𝜓 ) □

In short, there is never any need to add new connectives. Indeed, there is already
some redundancy among the connectives we have: we could have made do with just
two connectives, if we had been feeling really austere.
In fact, some two-place connectives are individually expressively adequate. These
connectives are not among the standard ones since they are rather cumbersome to
use. But their existence shows that, if we had wanted to, we could have defined a
truth-functional language that was expressively adequate, which contained only a
single primitive connective.
The first such connective we shall consider is ‘↑’, which has the following charac-
teristic truth table.
𝜑 𝜓 𝜑 ↑𝜓
T T F
T F T
F T T
F F T

This is often called ‘the Sheffer stroke’, after Harry Sheffer, who used it to show how
to reduce the number of logical connectives in Russell and Whitehead’s Principia
Mathematica. It is quite common, as well, to call it ‘nand’, since its characteristic truth
table is the negation of the truth table for ‘∧’.

Proposition 1.28. ‘↑’ is expressively adequate all by itself.

Proof. Theorem 1.27 tells us that ‘¬’ and ‘∨’ are jointly expressively adequate. So it
suffices to show that, given any scheme which contains only those two connectives,
we can rewrite it as a semantically equivalent scheme which contains only ‘↑’. As in
the proof of the subsidiary cases of Theorem 1.27, then, we simply apply the following
equivalences:

¬𝜑 ≈ (𝜑 ↑ 𝜑)
(𝜑 ∨ 𝜓 ) ≈ ((𝜑 ↑ 𝜑) ↑ (𝜓 ↑ 𝜓 )) □

Similarly, we can consider the connective ‘↓’:

12
 1.8. Failures of expressive adequacy

𝜑 𝜓 𝜑 ↓𝜓
T T F
T F F
F T F
F F T
This is sometimes called the ‘Peirce arrow’ (Peirce himself called it ‘ampheck’). More
often, though, it is called ‘nor’, since its characteristic truth table is the negation of
‘∨’.
Proposition 1.29. ‘↓’ is expressively adequate all by itself.
Proof. As in Proposition 1.28, although invoking the dual equivalences:
¬𝜑 ≈ (𝜑 ↓ 𝜑)
(𝜑 ∧ 𝜓 ) ≈ ((𝜑 ↓ 𝜑) ↓ (𝜓 ↓ 𝜓 )) □

1.8 Failures of expressive adequacy

In fact, the only two-place connectives which are individually expressively adequate
are ‘↑’ and ‘↓’. But how would we show this? More generally, how can we show that
some connectives are not jointly expressively adequate?
The obvious thing to do is to try to find some truth table which we cannot express,
using just the given connectives. But there is a bit of an art to this. Moreover, in the
end, we shall have to rely upon induction; for we shall need to show that no scheme –
no matter how long – is capable of expressing the target truth table.
To make this concrete, let’s consider the question of whether ‘∨’ is expressively
adequate all by itself. After a little reflection, it should be clear that it is not. In
particular, it should be clear that any scheme which only contains disjunctions cannot
have the same truth table as negation, i.e.:
𝜑 ¬𝜑
T F
F T
The intuitive reason, why this should be so, is simple: the top line of the desired
truth table needs to have the value False; but the top line of any truth table for a
scheme which only contains disjunctions will always be True. But so far, this is just
hand-waving. To make it rigorous, we need to reach for induction. Here, then, is our
rigorous proof.
Proposition 1.30. ‘∨’ is not expressively adequate by itself.
Proof. Let 𝜑 by any scheme containing no connective other than disjunctions. Sup-
pose, for induction on length, that every shorter scheme containing only disjunctions
is true whenever all its atomic constituents are true. There are two cases to consider:
• 𝜑 is atomic. Then there is nothing to prove.
• 𝜑 is (𝜓 ∨ 𝜒), for some schemes 𝜓 and 𝜒 containing only disjunctions. Then,
since 𝜓 and 𝜒 are both shorter than 𝜑, by the induction hypothesis they are both
true when all their atomic constituents are true. Now the atomic constituents
of 𝜑 are just the constituents of both 𝜓 and 𝜒, and 𝜑 is true whenever 𝜓 and 𝜒.
So 𝜑 is true when all of its atomic constituents are true.

13
1. Syntax and Semantics

It now follows, by induction on length, that any scheme containing no connective

other than disjunctions is true whenever all of its atomic constituents are true. Con-
sequently, no scheme containing only disjunctions has the same truth table as that of
negation. Hence ‘∨’ is not expressively adequate by itself. □

In fact, we can generalise Proposition 1.30:

Theorem 1.31. The only two-place connectives that are expressively adequate by them-
selves are ‘↑’ and ‘↓’.

Proof. There are sixteen distinct two-place connectives. We shall run through them
all, considering whether or not they are individually expressively adequate, in four
groups.
Group 1: the top line of the truth table is True. Consider those connectives where
the top line of the truth table is True. There are eight of these, including ‘∧’, ‘∨’, ‘→’
and ‘↔’, but also the following:

𝜑 𝜓 𝜑 ◦1 𝜓 𝜑 ◦2 𝜓 𝜑 ◦3 𝜓 𝜑 ◦4 𝜓
T T T T T T
T F T T T F
F T T F F T
F F T T F F

(obviously the names for these connectives were chosen arbitrarily). But, exactly as
in Proposition Proposition 1.30, none of these connectives can express the truth table
for negation. So there is a connective whose truth table they cannot express. So none
of them is individually expressively adequate.
Group 2: the bottom line of the truth table is False. Having eliminated eight con-
nectives, eight remain. Of these, four are false on the bottom line of their truth table,
namely:

𝜑 𝜓 𝜑 ◦5 𝜓 𝜑 ◦6 𝜓 𝜑 ◦7 𝜓 𝜑 ◦8 𝜓
T T F F F F
T F T T F F
F T T F T F
F F F F F F

As above, though, none of these connectives can express the truth table for negation.
To show this we prove that any scheme whose only connective is one of these (perhaps
several times) is false whenever all of its atomic constituents are false. We can show
this by induction, exactly as in Proposition Proposition 1.30 (I leave the details as an
exercise).
Group 3: connectives with redundant positions. Consider two of the remaining four
connectives:

𝜑 𝜓 𝜑 ◦9 𝜓 𝜑 ◦10 𝜓
T T F F
T F F T
F T T F
F F T T

14
 1.8. Failures of expressive adequacy

These connectives have redundant positions, in the sense that the truth value of
the overarching scheme only depends upon the truth value of one of the atomic
constituents. More precisely:

𝜑 ◦9 𝜓 ≈ ¬𝜑
𝜑 ◦10 𝜓 ≈ ¬𝜓

Consequently, there are many truth functions that they cannot express. In particular,
they cannot express either the tautologous truth function (given by ‘◦1 ’), or the
contradictory truth function (given by ‘◦8 ’). To show this, it suffices to prove that
any scheme whose only connective is either ‘◦9 ’ or ‘◦10 ’ (perhaps several times) is
contingent, i.e. it is true on at least one line and false on at least one other line. We
leave the details of this proof as an exercise.
Group 4. Only two connectives now remain, namely ‘↑’ and ‘↓’, and Propositions
Proposition 1.28 and Proposition 1.29 show that both are individually expressively
adequate. □

Problems
Problem 1.1. Prove Proposition 1.5

Problem 1.2. Prove Proposition 1.6

Problem 1.3. For each of the five formulas below determine whether the formula
can be expressed as a substitution 𝜑 [𝜓 /𝑝𝑖 ] where 𝜑 is (i) 𝑝 0 ; (ii) (¬𝑝 0 ∧ 𝑝 1 ); and (iii)
((¬𝑝 0 → 𝑝 1 ) ∧ 𝑝 2 ). In each case specify the relevant substitution.

1. 𝑝 1

2. (¬𝑝 0 ∧ 𝑝 0 )

3. ((𝑝 0 ∨ 𝑝 1 ) ∧ 𝑝 2 )

4. ¬((𝑝 0 → 𝑝 1 ) ∧ 𝑝 2 )

5. ((¬(𝑝 0 → 𝑝 1 ) → (𝑝 0 ∨ 𝑝 1 )) ∧ ¬(𝑝 0 ∧ 𝑝 1 ))

Problem 1.4. For each of the five formulas below determine whether the formula
can be expressed as a substitution 𝜑 [𝜓 /𝑝𝑖 ] where 𝜑 is (i) 𝑝 0 ; (ii) (¬𝑝 0 ∧ 𝑝 1 ); and (iii)
((¬𝑝 0 → 𝑝 1 ) ∧ 𝑝 2 ). In each case specify the relevant substitution.

1. 𝑝 1

2. (¬𝑝 0 ∧ 𝑝 0 )

3. ((𝑝 0 ∨ 𝑝 1 ) ∧ 𝑝 2 )

4. ¬((𝑝 0 → 𝑝 1 ) ∧ 𝑝 2 )

5. ((¬(𝑝 0 → 𝑝 1 ) → (𝑝 0 ∨ 𝑝 1 )) ∧ ¬(𝑝 0 ∧ 𝑝 1 ))

Problem 1.5. Give a mathematically rigorous definition of 𝜑 [𝜓 /𝑝] by induction.

15
1. Syntax and Semantics

Problem 1.6. Consider adding to L0 a ternary connective ♦ with evaluation given

by
(
𝑣 (𝜓 ) if 𝑣 (𝜑) = T;
𝑣 (♦(𝜑,𝜓, 𝜒)) =
𝑣 ( 𝜒) if 𝑣 (𝜑) = F.

Write down the truth table for this connective.

Problem 1.7. Prove Proposition 1.17

Problem 1.8. For each of the following four formulas determine whether it is (a) sat-
isfiable, (b) tautology, and (c) contingent.
1. (𝑝 0 → (¬𝑝 1 → ¬𝑝 0 )).
2. ((𝑝 0 ∧ ¬𝑝 1 ) → (¬𝑝 0 ∧ 𝑝 2 )) ↔ ((𝑝 2 → 𝑝 0 ) → (𝑝 0 → 𝑝 1 )).
3. (𝑝 0 ↔ 𝑝 1 ) → (𝑝 2 ↔ ¬𝑝 1 ).
4. ((𝑝 0 ↔ (¬𝑝 1 ∧ 𝑝 2 )) ∨ (𝑝 2 → (𝑝 0 ↔ 𝑝 1 ))).

Problem 1.9. Prove Proposition 1.19

Problem 1.10. Prove Proposition 1.20

Problem 1.11. Prove Theorem 1.21

Problem 1.12. Prove Proposition 1.24 by introducing an auxiliary mapping 𝜑 𝑛 just

as 𝜑 𝑑 except for atomic formulas where 𝜑 𝑛 is defined to be ¬𝜑 and proving that
𝜑 𝑛 ≈ ¬𝜑.

Problem 1.13. Consider the following formulas:

• (𝑝 0 → ¬𝑝 1 )
• ¬(𝑝 0 ↔ 𝑝 1 )
• (¬𝑝 0 ∨ ¬(𝑝 0 ∧ 𝑝 1 ))
• (¬(𝑝 0 → 𝑝 1 ) ∧ (𝑝 0 → 𝑝 2 ))
• (¬(𝑝 0 ∨ 𝑝 1 ) ↔ ((¬𝑝 2 ∧ ¬𝑝 0 ) → ¬𝑝 1 ))
• ((¬(𝑝 0 ∧ ¬𝑝 1 ) → 𝑝 2 ) ∧ ¬(𝑝 0 ∧ 𝑝 3 ))
For each formula:
• write down formulas in DNF that are semantically equivalent to these formulas.
• write down formulas in CNF that are semantically equivalent to these formulas.

Problem 1.14. Let ♦ be the ternary connective introduced in an earlier problem.

Prove the connectives ⊥, ⊤ and ♦ are jointly expressively adequate.

Problem 1.15. Where ‘◦7 ’ has the characteristic truth table defined in the proof of
Theorem 1.31, show that the following are jointly expressively adequate:

16
 1.8. Failures of expressive adequacy

1. ‘◦7 ’ and ‘¬’.

2. ‘◦7 ’ and ‘→’.
3. ‘◦7 ’ and ‘↔’.

Problem 1.16. Show that the connectives ‘◦7 ’, ‘∧’ and ‘∨’ are not jointly expressively
adequate.

Problem 1.17. Complete the proof of Theorem 1.27.

17
Chapter 2

Natural Deduction

2.1 Introduction
Logics commonly have both a semantics and a derivation system. The semantics
concerns concepts such as truth, satisfiability, validity, and entailment. The purpose of
derivation systems is to provide a purely syntactic method of establishing entailment
and validity. They are purely syntactic in the sense that a derivation in such a system
is a finite syntactic object, usually a sequence (or other finite arrangement) of formulas
or formulas. Good derivation systems have the property that any given sequence or
arrangement of formulas or formulas can be verified mechanically to be “correct.”
The simplest (and historically first) derivation systems for first-order logic were
axiomatic. A sequence of formulas counts as a derivation in such a system if each
individual formula in it is either among a fixed set of “axioms” or follows from formulas
coming before it in the sequence by one of a fixed number of “inference rules”—and it
can be mechanically verified if a formula is an axiom and whether it follows correctly
from other formulas by one of the inference rules. Axiomatic derivation systems are
easy to describe—and also easy to handle meta-theoretically—but derivations in them
are hard to read and understand, and are also hard to produce.
Other derivation systems have been developed with the aim of making it easier
to construct derivations or easier to understand derivations once they are complete.
Examples are natural deduction, truth trees, also known as tableaux proofs, and the
sequent calculus. Some derivation systems are designed especially with mechaniza-
tion in mind, e.g., the resolution method is easy to implement in software (but its
derivations are essentially impossible to understand). Most of these other derivation
systems represent derivations as trees of formulas rather than sequences. This makes
it easier to see which parts of a derivation depend on which other parts.
So for a given logic, such as first-order logic, the different derivation systems
will give different explications of what it is for a formula to be a theorem and what
it means for a formula to be derivable from some others. However that is done (via
axiomatic derivations, natural deductions, sequent derivations, truth trees, resolution
refutations), we want these relations to match the semantic notions of validity and
entailment. Let’s write ⊢ 𝜑 for “𝜑 is a theorem” and “Γ ⊢ 𝜑” for “𝜑 is derivable from Γ.”
However ⊢ is defined, we want it to match up with ⊨, that is:

1. ⊢ 𝜑 if and only if ⊨ 𝜑

2. Γ ⊢ 𝜑 if and only if Γ ⊨ 𝜑

19
2. Natural Deduction

The “only if” direction of the above is called soundness. A derivation system is sound
if derivability guarantees entailment (or validity). Every decent derivation system
has to be sound; unsound derivation systems are not useful at all. After all, the entire
purpose of a derivation is to provide a syntactic guarantee of validity or entailment.
We’ll prove soundness for the derivation systems we present.
The converse “if” direction is also important: it is called completeness. A complete
derivation system is strong enough to show that 𝜑 is a theorem whenever 𝜑 is valid,
and that Γ ⊢ 𝜑 whenever Γ ⊨ 𝜑. Completeness is harder to establish, and some logics
have no complete derivation systems. First-order logic does. Kurt Gödel was the
first one to prove completeness for a derivation system of first-order logic in his 1929
dissertation.
Another concept that is connected to derivation systems is that of consistency. A
set of formulas is called inconsistent if anything whatsoever can be derived from it,
and consistent otherwise. Inconsistency is the syntactic counterpart to unsatisfiablity:
like unsatisfiable sets, inconsistent sets of formulas do not make good theories, they
are defective in a fundamental way. Consistent sets of formulas may not be true
or useful, but at least they pass that minimal threshold of logical usefulness. For
different derivation systems the specific definition of consistency of sets of formulas
might differ, but like ⊢, we want consistency to coincide with its semantic counterpart,
satisfiability. We want it to always be the case that Γ is consistent if and only if it is
satisfiable. Here, the “if” direction amounts to completeness (consistency guarantees
satisfiability), and the “only if” direction amounts to soundness (satisfiability guaran-
tees consistency). In fact, for classical first-order logic, the two versions of soundness
and completeness are equivalent.

2.2 Natural Deduction

Natural deduction is a derivation system intended to mirror actual reasoning (es-
pecially the kind of regimented reasoning employed by mathematicians). Actual
reasoning proceeds by a number of “natural” patterns. For instance, proof by cases
allows us to establish a conclusion on the basis of a disjunctive premise, by estab-
lishing that the conclusion follows from either of the disjuncts. Indirect proof allows
us to establish a conclusion by showing that its negation leads to a contradiction.
Conditional proof establishes a conditional claim “if . . . then . . . ” by showing that the
consequent follows from the antecedent. Natural deduction is a formalization of some
of these natural inferences. Each of the logical connectives and quantifiers comes
with two rules, an introduction and an elimination rule, and they each correspond
to one such natural inference pattern. For instance, →I corresponds to conditional
proof, and ∨E to proof by cases. A particularly simple rule is ∧E which allows the
inference from 𝜑 ∧ 𝜓 to 𝜑 (or 𝜓 ).
One feature that distinguishes natural deduction from other derivation systems is
its use of assumptions. A derivation in natural deduction is a tree of formulas. A single
formula stands at the root of the tree of formulas, and the “leaves” of the tree are for-
mulas from which the conclusion is derived. In natural deduction, some leaf formulas
play a role inside the derivation but are “used up” by the time the derivation reaches
the conclusion. This corresponds to the practice, in actual reasoning, of introducing
hypotheses which only remain in effect for a short while. For instance, in a proof by
cases, we assume the truth of each of the disjuncts; in conditional proof, we assume
the truth of the antecedent; in indirect proof, we assume the truth of the negation of

20
 2.3. Rules and Derivations

the conclusion. This way of introducing hypothetical assumptions and then doing
away with them in the service of establishing an intermediate step is a hallmark of
natural deduction. The formulas at the leaves of a natural deduction derivation are
called assumptions, and some of the rules of inference may “discharge” them. For
instance, if we have a derivation of 𝜓 from some assumptions which include 𝜑, then
the →I rule allows us to infer 𝜑 → 𝜓 and discharge any assumption of the form 𝜑.
(To keep track of which assumptions are discharged at which inferences, we label the
inference and the assumptions it discharges with a number.) The assumptions that
remain undischarged at the end of the derivation are together sufficient for the truth
of the conclusion, and so a derivation establishes that its undischarged assumptions
entail its conclusion.
The relation Γ ⊢ 𝜑 based on natural deduction holds iff there is a derivation in
which 𝜑 is the last formula in the tree, and every leaf which is undischarged is in Γ.
𝜑 is a theorem in natural deduction iff there is a derivation in which 𝜑 is the last
formula and all assumptions are discharged. For instance, here is a derivation that
shows that ⊢ (𝜑 ∧ 𝜓 ) → 𝜑:

[𝜑 ∧ 𝜓 ] 1
𝜑 ∧E
→I1
(𝜑 ∧ 𝜓 ) → 𝜑

The label 1 indicates that the assumption 𝜑 ∧ 𝜓 is discharged at the →I inference.

A set Γ is inconsistent iff Γ ⊢ ⊥ in natural deduction. The rule ⊥E makes it so that
from an inconsistent set, any formula can be derived.
Natural deduction systems were developed by Gerhard Gentzen and Stanisław
Jaśkowski in the 1930s, and later developed by Dag Prawitz and Frederic Fitch. Because
its inferences mirror natural methods of proof, it is favored by philosophers. The
versions developed by Fitch are often used in introductory logic textbooks. In the
philosophy of logic, the rules of natural deduction have sometimes been taken to give
the meanings of the logical operators (“proof-theoretic semantics”).

2.3 Rules and Derivations

Natural deduction systems are meant to closely parallel the informal reasoning used in
mathematical proof (hence it is somewhat “natural”). Natural deduction proofs begin
with assumptions. Inference rules are then applied. Assumptions are “discharged” by
the ¬I, →I, and ∨E inference rules, and the label of the discharged assumption is
placed beside the inference for clarity.

Definition 2.1 (Assumption). An assumption is any formula in the topmost position

of any branch.

Derivations in natural deduction are certain trees of formulas, where the topmost
formulas are assumptions, and if a formula stands below one, two, or three other
sequents, it must follow correctly by a rule of inference. The formulas at the top
of the inference are called the premises and the formula below the conclusion of
the inference. The rules come in pairs, an introduction and an elimination rule for
each logical operator. They introduce a logical operator in the conclusion or remove
a logical operator from a premise of the rule. Some of the rules allow an assumption
of a certain type to be discharged. To indicate which assumption is discharged by

21
2. Natural Deduction

which inference, we also assign labels to both the assumption and the inference. This
is indicated by writing the assumption as “[𝜑] 𝑛 .”
It is customary to consider rules for all the logical operators ∧, ∨, →, ¬, and ⊥,
even if some of those are defined.

2.4 Propositional Rules

Rules for ∧

𝜑 ∧𝜓
𝜑 ∧E
𝜑 𝜓
∧I
𝜑 ∧𝜓 𝜑 ∧𝜓
∧E
𝜓

Rules for ∨

𝜑 [𝜑] 𝑛 [𝜓 ] 𝑛
∨I
𝜑 ∨𝜓
𝜓
∨I 𝜑 ∨𝜓 𝜒 𝜒
𝜑 ∨𝜓 ∨E𝑛
𝜒

Rules for →

[𝜑] 𝑛

𝜑 →𝜓 𝜑
→E
𝜓
𝜓
→I𝑛
𝜑 →𝜓

Rules for ¬

[𝜑] 𝑛
¬𝜑 𝜑
⊥ ¬E
⊥
¬𝜑 ¬I𝑛

22
 2.5. Derivations

Rules for ⊥

[¬𝜑] 𝑛
⊥
𝜑 ⊥E
⊥ RAA
𝜑 𝑛

Note that ¬I and RAA are very similar: The difference is that ¬I derives a negated
formula ¬𝜑 but RAA a positive formula 𝜑.
Whenever a rule indicates that some assumption may be discharged, we take this
to be a permission, but not a requirement. E.g., in the →I rule, we may discharge any
number of assumptions of the form 𝜑 in the derivation of the premise 𝜓 , including
zero.

2.5 Derivations
We’ve said what an assumption is, and we’ve given the rules of inference. Derivations
in natural deduction are inductively generated from these: each derivation either is
an assumption on its own, or consists of one, two, or three derivations followed by a
correct inference.

Definition 2.2 (Derivation). A derivation of a formula 𝜑 from assumptions Γ is a

finite tree of formulas satisfying the following conditions:

1. The topmost formulas of the tree are either in Γ or are discharged by an inference
in the tree.

2. The bottommost formula of the tree is 𝜑.

3. Every formula in the tree except the sentence 𝜑 at the bottom is a premise of a
correct application of an inference rule whose conclusion stands directly below
that formula in the tree.

We then say that 𝜑 is the conclusion of the derivation and Γ its undischarged assump-
tions.
If a derivation of 𝜑 from Γ exists, we say that 𝜑 is derivable from Γ, or in symbols:
Γ ⊢ 𝜑. If there is a derivation of 𝜑 in which every assumption is discharged, we
write ⊢ 𝜑.

Example 2.3. Every assumption on its own is a derivation. So, e.g., 𝜑 by itself is
a derivation, and so is 𝜓 by itself. We can obtain a new derivation from these by
applying, say, the ∧I rule,

𝜑 𝜓
∧I
𝜑 ∧𝜓

These rules are meant to be general: we can replace the 𝜑 and 𝜓 in it with any formulas,
e.g., by 𝜒 and 𝜃 . Then the conclusion would be 𝜒 ∧ 𝜃 , and so

23
2. Natural Deduction

𝜒 𝜃
∧I
𝜒 ∧𝜃
is a correct derivation. Of course, we can also switch the assumptions, so that 𝜃 plays
the role of 𝜑 and 𝜒 that of 𝜓 . Thus,
𝜃 𝜒
∧I
𝜃∧𝜒
is also a correct derivation.
We can now apply another rule, say, →I, which allows us to conclude a conditional
and allows us to discharge any assumption that is identical to the antecedent of that
conditional. So both of the following would be correct derivations:
[𝜒] 1 𝜃 𝜒 [𝜃 ] 1
∧I ∧I
𝜒 ∧𝜃 𝜒 ∧𝜃
→I1 →I1
𝜒 → (𝜒 ∧ 𝜃) 𝜃 → (𝜒 ∧ 𝜃)
They show, respectively, that 𝜃 ⊢ 𝜒 → ( 𝜒 ∧ 𝜃 ) and 𝜒 ⊢ 𝜃 → ( 𝜒 ∧ 𝜃 ).
Remember that discharging of assumptions is a permission, not a requirement:
we don’t have to discharge the assumptions. In particular, we can apply a rule even if
the assumptions are not present in the derivation. For instance, the following is legal,
even though there is no assumption 𝜑 to be discharged:
𝜓
→I1
𝜑 →𝜓

2.6 Examples of Derivations

Example 2.4. Let’s give a derivation of the formula (𝜑 ∧ 𝜓 ) → 𝜑.
We begin by writing the desired conclusion at the bottom of the derivation.

(𝜑 ∧ 𝜓 ) → 𝜑
Next, we need to figure out what kind of inference could result in a formula of
this form. The main operator of the conclusion is →, so we’ll try to arrive at the
conclusion using the →I rule. It is best to write down the assumptions involved and
label the inference rules as you progress, so it is easy to see whether all assumptions
have been discharged at the end of the proof.
[𝜑 ∧ 𝜓 ] 1

𝜑
→I1
(𝜑 ∧ 𝜓 ) → 𝜑
We now need to fill in the steps from the assumption 𝜑 ∧ 𝜓 to 𝜑. Since we only
have one connective to deal with, ∧, we must use the ∧ elim rule. This gives us the
following proof:
[𝜑 ∧ 𝜓 ] 1
𝜑 ∧E
→I1
(𝜑 ∧ 𝜓 ) → 𝜑

24
 2.6. Examples of Derivations

We now have a correct derivation of (𝜑 ∧ 𝜓 ) → 𝜑.

Example 2.5. Now let’s give a derivation of (¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 ).

We begin by writing the desired conclusion at the bottom of the derivation.

(¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )

To find a logical rule that could give us this conclusion, we look at the logical con-
nectives in the conclusion: ¬, ∨, and →. We only care at the moment about the first
occurrence of → because it is the main operator of the formula in the end-sequent,
while ¬, ∨ and the second occurrence of → are inside the scope of another connective,
so we will take care of those later. We therefore start with the →I rule. A correct
application must look like this:

[¬𝜑 ∨ 𝜓 ] 1

𝜑 →𝜓
→I1
(¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )

This leaves us with two possibilities to continue. Either we can keep working from
the bottom up and look for another application of the →I rule, or we can work from
the top down and apply a ∨E rule. Let us apply the latter. We will use the assumption
¬𝜑 ∨ 𝜓 as the leftmost premise of ∨E. For a valid application of ∨E, the other two
premises must be identical to the conclusion 𝜑 → 𝜓 , but each may be derived in
turn from another assumption, namely one of the two disjuncts of ¬𝜑 ∨ 𝜓 . So our
derivation will look like this:
[¬𝜑] 2 [𝜓 ] 2

[¬𝜑 ∨ 𝜓 ] 1 𝜑 →𝜓 𝜑 →𝜓
∨E2
𝜑 →𝜓
→I1
(¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )

In each of the two branches on the right, we want to derive 𝜑 → 𝜓 , which is best
done using →I.

[¬𝜑] 2, [𝜑] 3 [𝜓 ] 2, [𝜑] 4

𝜓 𝜓
→I3 →I4
[¬𝜑 ∨ 𝜓 ] 1 𝜑 →𝜓 𝜑 →𝜓
∨E2
𝜑 →𝜓
→I1
(¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )

For the two missing parts of the derivation, we need derivations of 𝜓 from ¬𝜑
and 𝜑 in the middle, and from 𝜑 and 𝜓 on the left. Let’s take the former first. ¬𝜑 and
𝜑 are the two premises of ¬E:

25
2. Natural Deduction

[¬𝜑] 2 [𝜑] 3
⊥ ¬E

By using ⊥E, we can obtain 𝜓 as a conclusion and complete the branch.

[𝜓 ] 2, [𝜑] 4
[¬𝜑] 2 [𝜑] 3
⊥ ⊥I
⊥E
𝜓 𝜓
→I3 →I4
[¬𝜑 ∨ 𝜓 ] 1 𝜑 →𝜓 𝜑 →𝜓
∨E2
𝜑 →𝜓
→I1
(¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )

Let’s now look at the rightmost branch. Here it’s important to realize that the
definition of derivation allows assumptions to be discharged but does not require them
to be. In other words, if we can derive 𝜓 from one of the assumptions 𝜑 and 𝜓
without using the other, that’s ok. And to derive 𝜓 from 𝜓 is trivial: 𝜓 by itself is such
a derivation, and no inferences are needed. So we can simply delete the assumption 𝜑.

[¬𝜑] 2 [𝜑] 3
⊥ ¬E
⊥E
𝜓 [𝜓 ] 2
→I3 →I
[¬𝜑 ∨ 𝜓 ] 1 𝜑 →𝜓 𝜑 →𝜓
∨E2
𝜑 →𝜓
→I1
(¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )

Note that in the finished derivation, the rightmost →I inference does not actually
discharge any assumptions.

Example 2.6. So far we have not needed the RAA rule. It is special in that it allows
us to discharge an assumption that isn’t a sub-formula of the conclusion of the rule.
It is closely related to the ⊥E rule. In fact, the ⊥E rule is a special case of the RAA
rule—there is a logic called “intuitionistic logic” in which only ⊥E is allowed. The
RAA rule is a last resort when nothing else works. For instance, suppose we want to
derive 𝜑 ∨ ¬𝜑. Our usual strategy would be to attempt to derive 𝜑 ∨ ¬𝜑 using ∨I. But
this would require us to derive either 𝜑 or ¬𝜑 from no assumptions, and this can’t be
done. RAA to the rescue!

[¬(𝜑 ∨ ¬𝜑)] 1

⊥ RAA1
𝜑 ∨ ¬𝜑

Now we’re looking for a derivation of ⊥ from ¬(𝜑 ∨ ¬𝜑). Since ⊥ is the conclusion
of ¬E we might try that:

26
 2.7. Proof-Theoretic Notions

[¬(𝜑 ∨ ¬𝜑)] 1 [¬(𝜑 ∨ ¬𝜑)] 1

¬𝜑 𝜑
⊥ ¬E
RAA1
𝜑 ∨ ¬𝜑

Our strategy for finding a derivation of ¬𝜑 calls for an application of ¬I:

[¬(𝜑 ∨ ¬𝜑)] 1, [𝜑] 2

[¬(𝜑 ∨ ¬𝜑)] 1

⊥
¬𝜑 ¬I2 𝜑
⊥ ¬E
RAA1
𝜑 ∨ ¬𝜑

Here, we can get ⊥ easily by applying ¬E to the assumption ¬(𝜑 ∨ ¬𝜑) and 𝜑 ∨ ¬𝜑
which follows from our new assumption 𝜑 by ∨I:

[¬(𝜑 ∨ ¬𝜑)] 1
[𝜑] 2
[¬(𝜑 ∨ ¬𝜑)] 1 𝜑 ∨ ¬𝜑 ∨I
⊥ ¬E
¬𝜑 ¬I2 𝜑
⊥ ¬E
RAA1
𝜑 ∨ ¬𝜑

On the right side we use the same strategy, except we get 𝜑 by RAA:

[𝜑] 2 [¬𝜑] 3
[¬(𝜑 ∨ ¬𝜑)] 1 𝜑 ∨ ¬𝜑 ∨I [¬(𝜑 ∨ ¬𝜑)] 1 𝜑 ∨ ¬𝜑 ∨I
⊥ ¬E ⊥ RAA ¬E
¬𝜑 ¬I2 𝜑 3

⊥ ¬E
RAA1
𝜑 ∨ ¬𝜑

2.7 Proof-Theoretic Notions

Just as we’ve defined a number of important semantic notions (validity, entailment,
satisfiability), we now define corresponding proof-theoretic notions. These are not
defined by appeal to satisfaction of formulas in structures, but by appeal to the
derivability or non-derivability of certain formulas from others. It was an important
discovery that these notions coincide. That they do is the content of the soundness
and completeness theorems.

Definition 2.7 (Theorems). A formula 𝜑 is a theorem if there is a derivation of 𝜑

in natural deduction in which all assumptions are discharged. We write ⊢ 𝜑 if 𝜑 is a
theorem and ⊬ 𝜑 if it is not.

Definition 2.8 (Derivability). A formula 𝜑 is derivable from a set of formulas Γ,

Γ ⊢ 𝜑, if there is a derivation with conclusion 𝜑 and in which every assumption is
either discharged or is in Γ. If 𝜑 is not derivable from Γ we write Γ ⊬ 𝜑.

27
2. Natural Deduction

Definition 2.9 (Consistency). A set of formulas Γ is inconsistent iff Γ ⊢ ⊥. If Γ is

not inconsistent, i.e., if Γ ⊬ ⊥, we say it is consistent.

Proposition 2.10 (Reflexivity). If 𝜑 ∈ Γ, then Γ ⊢ 𝜑.

Proof. The assumption 𝜑 by itself is a derivation of 𝜑 where every undischarged

assumption (i.e., 𝜑) is in Γ. □

Proposition 2.11 (Monotonicity). If Γ ⊆ Δ and Γ ⊢ 𝜑, then Δ ⊢ 𝜑.

Proof. Any derivation of 𝜑 from Γ is also a derivation of 𝜑 from Δ. □

Proposition 2.12 (Transitivity). If Γ ⊢ 𝜑 and {𝜑 } ∪ Δ ⊢ 𝜓 , then Γ ∪ Δ ⊢ 𝜓 .

Proof. If Γ ⊢ 𝜑, there is a derivation 𝛿 0 of 𝜑 with all undischarged assumptions in Γ.

If {𝜑 } ∪ Δ ⊢ 𝜓 , then there is a derivation 𝛿 1 of 𝜓 with all undischarged assumptions
in {𝜑 } ∪ Δ. Now consider:
Δ, [𝜑] 1

𝛿1 Γ

𝜓 𝛿0
→I1
𝜑 →𝜓 𝜑
→E
𝜓

The undischarged assumptions are now all among Γ ∪ Δ, so this shows Γ ∪ Δ ⊢ 𝜓 . □

When Γ = {𝜑 1, 𝜑 2, . . . , 𝜑𝑘 } is a finite set we may use the simplified notation

𝜑 1, 𝜑 2, . . . , 𝜑𝑘 ⊢ 𝜓 for Γ ⊢ 𝜓 , in particular 𝜑 ⊢ 𝜓 means that {𝜑 } ⊢ 𝜓 .
Note that if Γ ⊢ 𝜑 and 𝜑 ⊢ 𝜓 , then Γ ⊢ 𝜓 . It follows also that if 𝜑 1, . . . , 𝜑𝑛 ⊢ 𝜓 and
Γ ⊢ 𝜑𝑖 for each 𝑖, then Γ ⊢ 𝜓 .

Proposition 2.13. The following are equivalent.

1. Γ is inconsistent.

2. Γ ⊢ 𝜑 for every formula 𝜑.

3. Γ ⊢ 𝜑 and Γ ⊢ ¬𝜑 for some formula 𝜑.

Proof. Exercise. □

Proposition 2.14 (Compactness). 1. If Γ ⊢ 𝜑 then there is a finite subset Γ0 ⊆ Γ

such that Γ0 ⊢ 𝜑.

2. If every finite subset of Γ is consistent, then Γ is consistent.

Proof. 1. If Γ ⊢ 𝜑, then there is a derivation 𝛿 of 𝜑 from Γ. Let Γ0 be the set

of undischarged assumptions of 𝛿. Since any derivation is finite, Γ0 can only
contain finitely many formulas. So, 𝛿 is a derivation of 𝜑 from a finite Γ0 ⊆ Γ.

2. This is the contrapositive of (1) for the special case 𝜑 ≡ ⊥. □

28
 2.8. Derivability and Consistency

2.8 Derivability and Consistency

We will now establish a number of properties of the derivability relation. They are
independently interesting, but each will play a role in the proof of the completeness
theorem.
Proposition 2.15. If Γ ⊢ 𝜑 and Γ ∪ {𝜑 } is inconsistent, then Γ is inconsistent.

Proof. Let the derivation of 𝜑 from Γ be 𝛿 1 and the derivation of ⊥ from Γ ∪ {𝜑 } be 𝛿 2 .

We can then derive:
Γ, [𝜑] 1
Γ
𝛿2
𝛿1
⊥
¬𝜑 ¬I1 𝜑
⊥ ¬E

In the new derivation, the assumption 𝜑 is discharged, so it is a derivation from Γ.□

Proposition 2.16. Γ ⊢ 𝜑 iff Γ ∪ {¬𝜑 } is inconsistent.

Proof. First suppose Γ ⊢ 𝜑, i.e., there is a derivation 𝛿 0 of 𝜑 from undischarged

assumptions Γ. We obtain a derivation of ⊥ from Γ ∪ {¬𝜑 } as follows:
Γ
𝛿0
¬𝜑 𝜑
⊥ ¬E

Now assume Γ ∪ {¬𝜑 } is inconsistent, and let 𝛿 1 be the corresponding derivation

of ⊥ from undischarged assumptions in Γ ∪ {¬𝜑 }. We obtain a derivation of 𝜑 from Γ
alone by using RAA:
Γ, [¬𝜑] 1

𝛿1
⊥ RAA
𝜑 1 □

Proposition 2.17. If Γ ⊢ 𝜑 and ¬𝜑 ∈ Γ, then Γ is inconsistent.

Proof. Suppose Γ ⊢ 𝜑 and ¬𝜑 ∈ Γ. Then there is a derivation 𝛿 of 𝜑 from Γ. Consider

this simple application of the ¬E rule:
Γ

𝛿
¬𝜑 𝜑
⊥ ¬E

Since ¬𝜑 ∈ Γ, all undischarged assumptions are in Γ, this shows that Γ ⊢ ⊥. □

29
2. Natural Deduction

Proposition 2.18. If Γ ∪ {𝜑 } and Γ ∪ {¬𝜑 } are both inconsistent, then Γ is inconsistent.

Proof. There are derivations 𝛿 1 and 𝛿 2 of ⊥ from Γ ∪ {𝜑 } and ⊥ from Γ ∪ {¬𝜑 },

respectively. We can then derive
Γ, [¬𝜑] 2 Γ, [𝜑] 1

𝛿2 𝛿1
⊥ ⊥
¬¬𝜑 ¬I2 ¬𝜑 ¬I1
⊥ ¬E

Since the assumptions 𝜑 and ¬𝜑 are discharged, this is a derivation of ⊥ from Γ alone.
Hence Γ is inconsistent. □

2.9 Derivability and the Propositional Connectives

We establish that the derivability relation ⊢ of natural deduction is strong enough
to establish some basic facts involving the propositional connectives, such as that
𝜑 ∧ 𝜓 ⊢ 𝜑 and 𝜑, 𝜑 → 𝜓 ⊢ 𝜓 (modus ponens). These facts are needed for the proof of
the completeness theorem.
Proposition 2.19. 1. Both 𝜑 ∧ 𝜓 ⊢ 𝜑 and 𝜑 ∧ 𝜓 ⊢ 𝜓
2. 𝜑,𝜓 ⊢ 𝜑 ∧ 𝜓 .

Proof. 1. We can derive both

𝜑 ∧𝜓 𝜑 ∧𝜓
∧E ∧E
𝜑 𝜓

2. We can derive:
𝜑 𝜓
∧I
𝜑 ∧𝜓 □

Proposition 2.20. 1. 𝜑 ∨ 𝜓, ¬𝜑, ¬𝜓 is inconsistent.

2. Both 𝜑 ⊢ 𝜑 ∨ 𝜓 and 𝜓 ⊢ 𝜑 ∨ 𝜓 .

Proof. 1. Consider the following derivation:

¬𝜑 [𝜑] 1 ¬𝜓 [𝜓 ] 1
𝜑 ∨𝜓 ⊥ ¬E ⊥ ¬E
∨E1
⊥

This is a derivation of ⊥ from undischarged assumptions 𝜑 ∨ 𝜓 , ¬𝜑, and ¬𝜓 .

2. We can derive both
𝜑 𝜓
∨I ∨I
𝜑 ∨𝜓 𝜑 ∨𝜓 □

30
 2.10. Soundness

Proposition 2.21. 1. 𝜑, 𝜑 → 𝜓 ⊢ 𝜓 .
2. Both ¬𝜑 ⊢ 𝜑 → 𝜓 and 𝜓 ⊢ 𝜑 → 𝜓 .

Proof. 1. We can derive:

𝜑 →𝜓 𝜑
→E
𝜓

2. This is shown by the following two derivations:

¬𝜑 [𝜑] 1
⊥ ¬E
⊥E
𝜓 𝜓
→I1 →I
𝜑 →𝜓 𝜑 →𝜓

Note that →I may, but does not have to, discharge the assumption 𝜑. □

2.10 Soundness
A derivation system, such as natural deduction, is sound if it cannot derive things
that do not actually follow. Soundness is thus a kind of guaranteed safety property
for derivation systems. Depending on which proof theoretic property is in question,
we would like to know for instance, that
1. every derivable formula is a tautology;
2. if a formula is derivable from some others, it is also a consequence of them;
3. if a set of formulas is inconsistent, it is unsatisfiable.
These are important properties of a derivation system. If any of them do not hold, the
derivation system is deficient—it would derive too much. Consequently, establishing
the soundness of a derivation system is of the utmost importance.
Theorem 2.22 (Soundness). If 𝜑 is derivable from the undischarged assumptions Γ,
then Γ ⊨ 𝜑.

Proof. Let 𝛿 be a derivation of 𝜑. We proceed by induction on the number of inferences

in 𝛿.
For the induction basis we show the claim if the number of inferences is 0. In this
case, 𝛿 consists only of a single formula 𝜑, i.e., an assumption. That assumption is
undischarged, since assumptions can only be discharged by inferences, and there are
no inferences. So, any valuation 𝑣 that satisfies all of the undischarged assumptions
of the proof also satisfies 𝜑.
Now for the inductive step. Suppose that 𝛿 contains 𝑛 inferences. The premise(s)
of the lowermost inference are derived using sub-derivations, each of which contains
fewer than 𝑛 inferences. We assume the induction hypothesis: The premises of the
lowermost inference follow from the undischarged assumptions of the sub-derivations
ending in those premises. We have to show that the conclusion 𝜑 follows from the
undischarged assumptions of the entire proof.
We distinguish cases according to the type of the lowermost inference. First, we
consider the possible inferences with only one premise.

31
2. Natural Deduction

1. Suppose that the last inference is ¬I: The derivation has the form

Γ, [𝜑] 𝑛

𝛿1
⊥
¬𝜑 ¬I𝑛

By inductive hypothesis, ⊥ follows from the undischarged assumptions Γ ∪ {𝜑 }

of 𝛿 1 . Consider a valuation 𝑣. We need to show that, if 𝑣 ⊨ Γ, then 𝑣 ⊨ ¬𝜑.
Suppose for reductio that 𝑣 ⊨ Γ, but 𝑣 ⊭ ¬𝜑, i.e., 𝑣 ⊨ 𝜑. This would mean that
𝑣 ⊨ Γ ∪ {𝜑 }. This is contrary to our inductive hypothesis. So, 𝑣 ⊨ ¬𝜑.
2. The last inference is ∧E: There are two variants: 𝜑 or 𝜓 may be inferred from
the premise 𝜑 ∧ 𝜓 . Consider the first case. The derivation 𝛿 looks like this:
Γ
𝛿1

𝜑 ∧𝜓
𝜑 ∧E

By inductive hypothesis, 𝜑 ∧ 𝜓 follows from the undischarged assumptions Γ

of 𝛿 1 . Consider a structure 𝑣. We need to show that, if 𝑣 ⊨ Γ, then 𝑣 ⊨ 𝜑. Suppose
𝑣 ⊨ Γ. By our inductive hypothesis (Γ ⊨ 𝜑 ∧ 𝜓 ), we know that 𝑣 ⊨ 𝜑 ∧ 𝜓 . By
definition, 𝑣 ⊨ 𝜑 ∧ 𝜓 iff 𝑣 ⊨ 𝜑 and 𝑣 ⊨ 𝜓 . (The case where 𝜓 is inferred from
𝜑 ∧ 𝜓 is handled similarly.)
3. The last inference is ∨I: There are two variants: 𝜑 ∨ 𝜓 may be inferred from
the premise 𝜑 or the premise 𝜓 . Consider the first case. The derivation has the
form
Γ
𝛿1
𝜑
∨I
𝜑 ∨𝜓

By inductive hypothesis, 𝜑 follows from the undischarged assumptions Γ of 𝛿 1 .

Consider a valuation 𝑣. We need to show that, if 𝑣 ⊨ Γ, then 𝑣 ⊨ 𝜑 ∨ 𝜓 . Suppose
𝑣 ⊨ Γ; then 𝑣 ⊨ 𝜑 since Γ ⊨ 𝜑 (the inductive hypothesis). So it must also be
the case that 𝑣 ⊨ 𝜑 ∨ 𝜓 . (The case where 𝜑 ∨ 𝜓 is inferred from 𝜓 is handled
similarly.)
4. The last inference is →I: 𝜑 → 𝜓 is inferred from a subproof with assumption 𝜑
and conclusion 𝜓 , i.e.,

Γ, [𝜑] 𝑛

𝛿1

𝜓
→I𝑛
𝜑 →𝜓

32
 2.10. Soundness

By inductive hypothesis, 𝜓 follows from the undischarged assumptions of 𝛿 1 ,

i.e., Γ ∪ {𝜑 } ⊨ 𝜓 . Consider a valuation 𝑣. The undischarged assumptions of 𝛿
are just Γ, since 𝜑 is discharged at the last inference. So we need to show that
Γ ⊨ 𝜑 →𝜓 . For reductio, suppose that for some valuation 𝑣, 𝑣 ⊨ Γ but 𝑣 ⊭ 𝜑 →𝜓 .
So, 𝑣 ⊨ 𝜑 and 𝑣 ⊭ 𝜓 . But by hypothesis, 𝜓 is a consequence of Γ ∪ {𝜑 }, i.e., 𝑣 ⊨ 𝜓 ,
which is a contradiction. So, Γ ⊨ 𝜑 → 𝜓 .

5. The last inference is ⊥E: Here, 𝛿 ends in

Γ
𝛿1
⊥
𝜑 ⊥E

By induction hypothesis, Γ ⊨ ⊥. We have to show that Γ ⊨ 𝜑. Suppose not; then

for some 𝑣 we have 𝑣 ⊨ Γ and 𝑣 ⊭ 𝜑. But we always have 𝑣 ⊭ ⊥, so this would
mean that Γ ⊭ ⊥, contrary to the induction hypothesis.

6. The last inference is RAA: Exercise.

Now let’s consider the possible inferences with several premises: ∨E, ∧I, and →E.

1. The last inference is ∧I. 𝜑 ∧ 𝜓 is inferred from the premises 𝜑 and 𝜓 and 𝛿 has
the form

Γ1 Γ2

𝛿1 𝛿2

𝜑 𝜓
∧I
𝜑 ∧𝜓

By induction hypothesis, 𝜑 follows from the undischarged assumptions Γ1 of 𝛿 1

and 𝜓 follows from the undischarged assumptions Γ2 of 𝛿 2 . The undischarged
assumptions of 𝛿 are Γ1 ∪ Γ2 , so we have to show that Γ1 ∪ Γ2 ⊨ 𝜑 ∧ 𝜓 . Consider
a valuation 𝑣 with 𝑣 ⊨ Γ1 ∪ Γ2 . Since 𝑣 ⊨ Γ1 , it must be the case that 𝑣 ⊨ 𝜑 as
Γ1 ⊨ 𝜑, and since 𝑣 ⊨ Γ2 , 𝑣 ⊨ 𝜓 since Γ2 ⊨ 𝜓 . Together, 𝑣 ⊨ 𝜑 ∧ 𝜓 .

2. The last inference is ∨E: Exercise.

3. The last inference is →E. 𝜓 is inferred from the premises 𝜑 → 𝜓 and 𝜑. The
derivation 𝛿 looks like this:

Γ1 Γ2
𝛿1 𝛿2
𝜑 →𝜓 𝜑
→E
𝜓 □

33
2. Natural Deduction

By induction hypothesis, 𝜑 → 𝜓 follows from the undischarged assumptions Γ1

of 𝛿 1 and 𝜑 follows from the undischarged assumptions Γ2 of 𝛿 2 . Consider
a valuation 𝑣. We need to show that, if 𝑣 ⊨ Γ1 ∪ Γ2 , then 𝑣 ⊨ 𝜓 . Suppose 𝑣 ⊨ Γ1 ∪ Γ2 .
Since Γ1 ⊨ 𝜑 →𝜓 , 𝑣 ⊨ 𝜑 →𝜓 . Since Γ2 ⊨ 𝜑, we have 𝑣 ⊨ 𝜑. This means that 𝑣 ⊨ 𝜓
(For if 𝑣 ⊭ 𝜓 , since 𝑣 ⊨ 𝜑, we’d have 𝑣 ⊭ 𝜑 → 𝜓 , contradicting 𝑣 ⊨ 𝜑 → 𝜓 ).
4. The last inference is ¬E: Exercise.

Corollary 2.23. If ⊢ 𝜑, then 𝜑 is a tautology.

Corollary 2.24. If Γ is satisfiable, then it is consistent.

Proof. We prove the contrapositive. Suppose that Γ is not consistent. Then Γ ⊢ ⊥, i.e.,
there is a derivation of ⊥ from undischarged assumptions in Γ. By Theorem 2.22, any
valuation 𝑣 that satisfies Γ must satisfy ⊥. Since 𝑣 ⊭ ⊥ for every valuation 𝑣, no 𝑣 can
satisfy Γ, i.e., Γ is not satisfiable. □

Problems
Problem 2.1. Give derivations that show the following:
1. 𝜑 ∧ (𝜓 ∧ 𝜒) ⊢ (𝜑 ∧ 𝜓 ) ∧ 𝜒.
2. 𝜑 ∨ (𝜓 ∨ 𝜒) ⊢ (𝜑 ∨ 𝜓 ) ∨ 𝜒.
3. 𝜑 → (𝜓 → 𝜒) ⊢ 𝜓 → (𝜑 → 𝜒).
4. 𝜑 ⊢ ¬¬𝜑.

Problem 2.2. Give derivations that show the following:

1. (𝜑 ∨ 𝜓 ) → 𝜒 ⊢ 𝜑 → 𝜒.
2. (𝜑 → 𝜒) ∧ (𝜓 → 𝜒) ⊢ (𝜑 ∨ 𝜓 ) → 𝜒.
3. ⊢ ¬(𝜑 ∧ ¬𝜑).
4. 𝜓 → 𝜑 ⊢ ¬𝜑 → ¬𝜓 .
5. ⊢ (𝜑 → ¬𝜑) → ¬𝜑.
6. ⊢ ¬(𝜑 → 𝜓 ) → ¬𝜓 .
7. 𝜑 → 𝜒 ⊢ ¬(𝜑 ∧ ¬𝜒).
8. 𝜑 ∧ ¬𝜒 ⊢ ¬(𝜑 → 𝜒).
9. 𝜑 ∨ 𝜓, ¬𝜓 ⊢ 𝜑.
10. ¬𝜑 ∨ ¬𝜓 ⊢ ¬(𝜑 ∧ 𝜓 ).
11. ⊢ (¬𝜑 ∧ ¬𝜓 ) → ¬(𝜑 ∨ 𝜓 ).
12. ⊢ ¬(𝜑 ∨ 𝜓 ) → (¬𝜑 ∧ ¬𝜓 ).

Problem 2.3. Give derivations that show the following:

34
 2.10. Soundness

1. ¬(𝜑 → 𝜓 ) ⊢ 𝜑.
2. ¬(𝜑 ∧ 𝜓 ) ⊢ ¬𝜑 ∨ ¬𝜓 .
3. 𝜑 → 𝜓 ⊢ ¬𝜑 ∨ 𝜓 .
4. ⊢ ¬¬𝜑 → 𝜑.
5. 𝜑 → 𝜓, ¬𝜑 → 𝜓 ⊢ 𝜓 .
6. (𝜑 ∧ 𝜓 ) → 𝜒 ⊢ (𝜑 → 𝜒) ∨ (𝜓 → 𝜒).
7. (𝜑 → 𝜓 ) → 𝜑 ⊢ 𝜑.
8. ⊢ (𝜑 → 𝜓 ) ∨ (𝜓 → 𝜒).

(These all require the RAA rule.)

Problem 2.4. Prove Proposition 2.13

Problem 2.5. Prove the following variation of Proposition Proposition 6.13: Γ ⊢ ¬𝜑

iff Γ ∪ {𝜑 } is inconsistent.

Problem 2.6. Complete the proof of Theorem 2.22.

35
Chapter 3

The Completeness Theorem

3.1 Introduction
The completeness theorem is one of the most fundamental results about logic. It comes
in two formulations, the equivalence of which we’ll prove. In its first formulation it
says something fundamental about the relationship between semantic consequence
and our derivation system: if a formula 𝜑 follows from some formulas Γ, then there
is also a derivation that establishes Γ ⊢ 𝜑. Thus, the derivation system is as strong as
it can possibly be without proving things that don’t actually follow.
In its second formulation, it can be stated as a model existence result: every
consistent set of formulas is satisfiable. Consistency is a proof-theoretic notion: it
says that our derivation system is unable to produce certain derivations. But who’s to
say that just because there are no derivations of a certain sort from Γ, it’s guaranteed
that there is valuation 𝑣 with 𝑣 ⊨ Γ? Before the completeness theorem was first
proved—in fact before we had the derivation systems we now do—the great German
mathematician David Hilbert held the view that consistency of mathematical theories
guarantees the existence of the objects they are about. He put it as follows in a letter
to Gottlob Frege:

If the arbitrarily given axioms do not contradict one another with all their
consequences, then they are true and the things defined by the axioms
exist. This is for me the criterion of truth and existence.

Frege vehemently disagreed. Under one reading of the completeness theorem Hilbert
was correct: if the axioms are consistent, then some valuation exists that makes
them all true. But the completeness theorem does not rule out the existence of other
valuations that make the same axioms true.
These aren’t the only reasons the completeness theorem—or rather, its proof—is
important. It has a number of important consequences, some of which we’ll discuss
separately. For instance, since any derivation that shows Γ ⊢ 𝜑 is finite and so can
only use finitely many of the formulas in Γ, it follows by the completeness theorem
that if 𝜑 is a consequence of Γ, it is already a consequence of a finite subset of Γ. This
is called compactness. Equivalently, if every finite subset of Γ is consistent, then Γ
itself must be consistent.
Although the compactness theorem follows from the completeness theorem via the
detour through derivations, it is also possible to use the the proof of the completeness
theorem to establish it directly. For what the proof does is take a set of formulas

37
3. The Completeness Theorem

with a certain property—consistency—and constructs a structure out of this set that

has certain properties (in this case, that it satisfies the set). Almost the very same
construction can be used to directly establish compactness, by starting from “finitely
satisfiable” sets of formulas instead of consistent ones.

3.2 Outline of the Proof

The proof of the completeness theorem is a bit complex, and upon first reading it, it is
easy to get lost. So let us outline the proof. The first step is a shift of perspective, that
allows us to see a route to a proof. When completeness is thought of as “whenever
Γ ⊨ 𝜑 then Γ ⊢ 𝜑,” it may be hard to even come up with an idea: for to show that Γ ⊢ 𝜑
we have to find a derivation, and it does not look like the hypothesis that Γ ⊨ 𝜑 helps
us for this in any way. For some proof systems it is possible to directly construct
a derivation, but we will take a slightly different approach. The shift in perspective
required is this: completeness can also be formulated as: “if Γ is consistent, it is
satisfiable.” Perhaps we can use the information in Γ together with the hypothesis
that it is consistent to construct a valuation that satisfies every formula in Γ. After all,
we know what kind of valuation we are looking for: one that is as Γ describes it!
If Γ contains only propositional variables, it is easy to construct a model for it.
All we have to do is come up with a valuation 𝑣 such that 𝑣 ⊨ 𝑝 for all 𝑝 ∈ Γ. Well, let
𝑣 (𝑝) = T iff 𝑝 ∈ Γ.
Now suppose Γ contains some formula ¬𝜓 , with 𝜓 atomic. We might worry that
the construction of 𝑣 interferes with the possibility of making ¬𝜓 true. But here’s
where the consistency of Γ comes in: if ¬𝜓 ∈ Γ, then 𝜓 ∉ Γ, or else Γ would be
inconsistent. And if 𝜓 ∉ Γ, then according to our construction of 𝑣, 𝑣 ⊭ 𝜓 , so 𝑣 ⊨ ¬𝜓 .
So far so good.
What if Γ contains complex, non-atomic formulas? Say it contains 𝜑 ∧𝜓 . To make
that true, we should proceed as if both 𝜑 and 𝜓 were in Γ. And if 𝜑 ∨ 𝜓 ∈ Γ, then we
will have to make at least one of them true, i.e., proceed as if one of them was in Γ.
This suggests the following idea: we add additional formulas to Γ so as to (a) keep
the resulting set consistent and (b) make sure that for every possible atomic formula 𝜑,
either 𝜑 is in the resulting set, or ¬𝜑 is, and (c) such that, whenever 𝜑 ∧𝜓 is in the set,
so are both 𝜑 and 𝜓 , if 𝜑 ∨ 𝜓 is in the set, at least one of 𝜑 or 𝜓 is also, etc. We keep
doing this (potentially forever). Call the set of all formulas so added Γ ∗ . Then our
construction above would provide us with a valuation 𝑣 for which we could prove, by
induction, that it satisfies all sentences in Γ ∗ , and hence also all sentence in Γ since
Γ ⊆ Γ ∗ . It turns out that guaranteeing (a) and (b) is enough. A set of sentences for
which (b) holds is called complete. So our task will be to extend the consistent set Γ to
a consistent and complete set Γ ∗ .
So here’s what we’ll do. First we investigate the properties of complete consistent
sets, in particular we prove that a complete consistent set contains 𝜑 ∧𝜓 iff it contains
both 𝜑 and 𝜓 , 𝜑 ∨𝜓 iff it contains at least one of them, etc. (Proposition 3.2). We’ll then
take the consistent set Γ and show that it can be extended to a consistent and complete
set Γ ∗ (Lemma 3.3). This set Γ ∗ is what we’ll use to define our valuation 𝑣 (Γ ∗ ). The
valuation is determined by the propositional variables in Γ ∗ (Definition 3.4). We’ll use
the properties of complete consistent sets to show that indeed 𝑣 (Γ ∗ ) ⊨ 𝜑 iff 𝜑 ∈ Γ ∗
(Lemma 3.5), and thus in particular, 𝑣 (Γ ∗ ) ⊨ Γ.

38
 3.3. Complete Consistent Sets of Formulas

3.3 Complete Consistent Sets of Formulas

Definition 3.1 (Complete set). A set Γ of formulas is complete iff for any formula 𝜑,
either 𝜑 ∈ Γ or ¬𝜑 ∈ Γ.

Complete sets of sentences leave no questions unanswered. For any formula 𝜑,

Γ “says” if 𝜑 is true or false. The importance of complete sets extends beyond the
proof of the completeness theorem. A theory which is complete and axiomatizable,
for instance, is always decidable.
Complete consistent sets are important in the completeness proof since we can
guarantee that every consistent set of formulas Γ is contained in a complete consistent
set Γ ∗ . A complete consistent set contains, for each formula 𝜑, either 𝜑 or its negation
¬𝜑, but not both. This is true in particular for propositional variables, so from
a complete consistent set, we can construct a valuation where the truth value assigned
to propositional variables is defined according to which propositional variables are
in Γ ∗ . This valuation can then be shown to make all formulas in Γ ∗ (and hence also
all those in Γ) true. The proof of this latter fact requires that ¬𝜑 ∈ Γ ∗ iff 𝜑 ∉ Γ ∗ ,
(𝜑 ∨ 𝜓 ) ∈ Γ ∗ iff 𝜑 ∈ Γ ∗ or 𝜓 ∈ Γ ∗ , etc.
In what follows, we will often tacitly use the properties of reflexivity, monotonicity,
and transitivity of ⊢ (see section 2.7).

Proposition 3.2. Suppose Γ is complete and consistent. Then:

1. If Γ ⊢ 𝜑, then 𝜑 ∈ Γ.

2. 𝜑 ∧ 𝜓 ∈ Γ iff both 𝜑 ∈ Γ and 𝜓 ∈ Γ.

3. 𝜑 ∨ 𝜓 ∈ Γ iff either 𝜑 ∈ Γ or 𝜓 ∈ Γ.

4. 𝜑 → 𝜓 ∈ Γ iff either 𝜑 ∉ Γ or 𝜓 ∈ Γ.

Proof. Let us suppose for all of the following that Γ is complete and consistent.

1. If Γ ⊢ 𝜑, then 𝜑 ∈ Γ.
Suppose that Γ ⊢ 𝜑. Suppose to the contrary that 𝜑 ∉ Γ. Since Γ is complete,
¬𝜑 ∈ Γ. By Proposition 2.17, Γ is inconsistent. This contradicts the assumption
that Γ is consistent. Hence, it cannot be the case that 𝜑 ∉ Γ, so 𝜑 ∈ Γ.

2. 𝜑 ∧ 𝜓 ∈ Γ iff both 𝜑 ∈ Γ and 𝜓 ∈ Γ:

For the forward direction, suppose 𝜑 ∧𝜓 ∈ Γ. Then by Proposition 2.19, item (1),
Γ ⊢ 𝜑 and Γ ⊢ 𝜓 . By (1), 𝜑 ∈ Γ and 𝜓 ∈ Γ, as required.
For the reverse direction, let 𝜑 ∈ Γ and 𝜓 ∈ Γ. By Proposition 2.19, item (2),
Γ ⊢ 𝜑 ∧ 𝜓 . By (1), 𝜑 ∧ 𝜓 ∈ Γ.

3. First we show that if 𝜑 ∨𝜓 ∈ Γ, then either 𝜑 ∈ Γ or𝜓 ∈ Γ. Suppose 𝜑 ∨𝜓 ∈ Γ but

𝜑 ∉ Γ and 𝜓 ∉ Γ. Since Γ is complete, ¬𝜑 ∈ Γ and ¬𝜓 ∈ Γ. By Proposition 2.20,
item (1), Γ is inconsistent, a contradiction. Hence, either 𝜑 ∈ Γ or 𝜓 ∈ Γ.
For the reverse direction, suppose that 𝜑 ∈ Γ or 𝜓 ∈ Γ. By Proposition 2.20,
item (2), Γ ⊢ 𝜑 ∨ 𝜓 . By (1), 𝜑 ∨ 𝜓 ∈ Γ, as required.

39
3. The Completeness Theorem

4. For the forward direction, suppose 𝜑 → 𝜓 ∈ Γ, and suppose to the contrary

that 𝜑 ∈ Γ and 𝜓 ∉ Γ. On these assumptions, 𝜑 → 𝜓 ∈ Γ and 𝜑 ∈ Γ. By
Proposition 2.21, item (1), Γ ⊢ 𝜓 . But then by (1), 𝜓 ∈ Γ, contradicting the
assumption that 𝜓 ∉ Γ.
For the reverse direction, first consider the case where 𝜑 ∉ Γ. Since Γ is
complete, ¬𝜑 ∈ Γ. By Proposition 2.21, item (2), Γ ⊢ 𝜑 → 𝜓 . Again by (1), we
get that 𝜑 → 𝜓 ∈ Γ, as required.
Now consider the case where 𝜓 ∈ Γ. By Proposition 2.21, item (2) again,
Γ ⊢ 𝜑 → 𝜓 . By (1), 𝜑 → 𝜓 ∈ Γ. □

3.4 Lindenbaum’s Lemma

We now prove a lemma that shows that any consistent set of formulas is contained
in some set of sentences which is not just consistent, but also complete. The proof
works by adding one formula at a time, guaranteeing at each step that the set remains
consistent. We do this so that for every 𝜑, either 𝜑 or ¬𝜑 gets added at some stage.
The union of all stages in that construction then contains either 𝜑 or its negation ¬𝜑
and is thus complete. It is also consistent, since we made sure at each stage not to
introduce an inconsistency.

Lemma 3.3 (Lindenbaum’s Lemma). Every consistent set Γ in a language L can be

extended to a complete and consistent set Γ ∗ .

Proof. Let Γ be consistent. Let 𝜑 0 , 𝜑 1 , . . . be an enumeration of all the formulas of L.

Define Γ0 = Γ, and
(
Γ𝑛 ∪ {𝜑𝑛 } if Γ𝑛 ∪ {𝜑𝑛 } is consistent;
Γ𝑛+1 =
Γ𝑛 ∪ {¬𝜑𝑛 } otherwise.

Let Γ ∗ = 𝑛≥0 Γ𝑛 .
Ð
Each Γ𝑛 is consistent: Γ0 is consistent by definition. If Γ𝑛+1 = Γ𝑛 ∪ {𝜑𝑛 }, this is
because the latter is consistent. If it isn’t, Γ𝑛+1 = Γ𝑛 ∪ {¬𝜑𝑛 }. We have to verify that
Γ𝑛 ∪ {¬𝜑𝑛 } is consistent. Suppose it’s not. Then both Γ𝑛 ∪ {𝜑𝑛 } and Γ𝑛 ∪ {¬𝜑𝑛 } are
inconsistent. This means that Γ𝑛 would be inconsistent by Proposition 2.18, contrary
to the induction hypothesis.
For every 𝑛 and every 𝑖 < 𝑛, Γ𝑖 ⊆ Γ𝑛 . This follows by a simple induction on 𝑛. For
𝑛 = 0, there are no 𝑖 < 0, so the claim holds automatically. For the inductive step,
suppose it is true for 𝑛. We have Γ𝑛+1 = Γ𝑛 ∪ {𝜑𝑛 } or = Γ𝑛 ∪ {¬𝜑𝑛 } by construction. So
Γ𝑛 ⊆ Γ𝑛+1 . If 𝑖 < 𝑛, then Γ𝑖 ⊆ Γ𝑛 by inductive hypothesis, and so ⊆ Γ𝑛+1 by transitivity
of ⊆.
From this it follows that every finite subset of Γ ∗ is a subset of Γ𝑛 for some 𝑛, since
each 𝜓 ∈ Γ ∗ not already in Γ0 is added at some stage 𝑖. If 𝑛 is the last one of these,
then all 𝜓 in the finite subset are in Γ𝑛 . So, every finite subset of Γ ∗ is consistent. By
Proposition 2.14, Γ ∗ is consistent.
Every formula of Frm(L) appears on the list used to define Γ ∗ . If 𝜑𝑛 ∉ Γ ∗ , then
that is because Γ𝑛 ∪ {𝜑𝑛 } was inconsistent. But then ¬𝜑𝑛 ∈ Γ ∗ , so Γ ∗ is complete. □

40
 3.5. Construction of a Model

3.5 Construction of a Model

We are now ready to define a valuation that makes all 𝜑 ∈ Γ true. To do this, we
first apply Lindenbaum’s Lemma: we get a complete consistent Γ ∗ ⊇ Γ. We let the
propositional variables in Γ ∗ determine 𝑣 (Γ ∗ ).

Definition 3.4. Suppose Γ ∗ is a complete consistent set of formulas. Then we let

(
∗ T if 𝑝 ∈ Γ ∗
𝑣 (Γ ) (𝑝) =
F if 𝑝 ∉ Γ ∗

Lemma 3.5 (Truth Lemma). 𝑣 (Γ ∗ ) ⊨ 𝜑 iff 𝜑 ∈ Γ ∗ .

Proof. We prove both directions simultaneously, and by induction on 𝜑.

1. 𝜑 ≡ ⊥: 𝑣 (Γ ∗ ) ⊭ ⊥ by definition of satisfaction. On the other hand, ⊥ ∉ Γ ∗ since

Γ ∗ is consistent.

2. 𝜑 ≡ 𝑝: 𝑣 (Γ ∗ ) ⊨ 𝑝 iff 𝑣 (Γ ∗ ) (𝑝) = T (by the definition of satisfaction) iff 𝑝 ∈ Γ ∗

(by the construction of 𝑣 (Γ ∗ )).

3. 𝜑 ≡ ¬𝜓 : 𝑣 (Γ ∗ ) ⊨ 𝜑 iff 𝑣 (Γ ∗ ) ⊭ 𝜓 (by definition of satisfaction). By induction

hypothesis, 𝑣 (Γ ∗ ) ⊭ 𝜓 iff 𝜓 ∉ Γ ∗ . Since Γ ∗ is consistent and complete, 𝜓 ∉ Γ ∗ iff
¬𝜓 ∈ Γ ∗ .

4. 𝜑 ≡ 𝜓 ∧ 𝜒: 𝑣 (Γ ∗ ) ⊨ 𝜑 iff we have both 𝑣 (Γ ∗ ) ⊨ 𝜓 and 𝑣 (Γ ∗ ) ⊨ 𝜒 (by definition

of satisfaction) iff both 𝜓 ∈ Γ ∗ and 𝜒 ∈ Γ ∗ (by the induction hypothesis). By
Proposition 3.2(2), this is the case iff (𝜓 ∧ 𝜒) ∈ Γ ∗ .

5. 𝜑 ≡ 𝜓 ∨ 𝜒: 𝑣 (Γ ∗ ) ⊨ 𝜑 iff 𝑣 (Γ ∗ ) ⊨ 𝜓 or 𝑣 (Γ ∗ ) ⊨ 𝜒 (by definition of satisfaction)

iff 𝜓 ∈ Γ ∗ or 𝜒 ∈ Γ ∗ (by induction hypothesis). This is the case iff (𝜓 ∨ 𝜒) ∈ Γ ∗
(by Proposition 3.2(3)).

6. 𝜑 ≡ 𝜓 → 𝜒: 𝑣 (Γ ∗ ) ⊨ 𝜑 iff 𝑣 (Γ ∗ ) ⊭ 𝜓 or 𝑣 (Γ ∗ ) ⊨ 𝜒 (by definition of satisfaction)

iff 𝜓 ∉ Γ ∗ or 𝜒 ∈ Γ ∗ (by induction hypothesis). This is the case iff (𝜓 → 𝜒) ∈ Γ ∗
(by Proposition 3.2(4)).

3.6 The Completeness Theorem

Let’s combine our results: we arrive at the completeness theorem.

Theorem 3.6 (Completeness Theorem). Let Γ be a set of formulas. If Γ is consistent,

it is satisfiable.

Proof. Suppose Γ is consistent. By Lemma 3.3, there is a Γ ∗ ⊇ Γ which is consistent

and complete. By Lemma 3.5, 𝑣 (Γ ∗ ) ⊨ 𝜑 iff 𝜑 ∈ Γ ∗ . From this it follows in particular
that for all 𝜑 ∈ Γ, 𝑣 (Γ ∗ ) ⊨ 𝜑, so Γ is satisfiable. □

Corollary 3.7 (Completeness Theorem, Second Version). For all Γ and formu-
las 𝜑: if Γ ⊨ 𝜑 then Γ ⊢ 𝜑.

41
3. The Completeness Theorem

Proof. Note that the Γ’s in Corollary 3.7 and Theorem 3.6 are universally quantified.
To make sure we do not confuse ourselves, let us restate Theorem 3.6 using a different
variable: for any set of formulas Δ, if Δ is consistent, it is satisfiable. By contraposition,
if Δ is not satisfiable, then Δ is inconsistent. We will use this to prove the corollary.
Suppose that Γ ⊨ 𝜑. Then Γ ∪ {¬𝜑 } is unsatisfiable by Proposition 1.20. Taking
Γ ∪ {¬𝜑 } as our Δ, the previous version of Theorem 3.6 gives us that Γ ∪ {¬𝜑 } is
inconsistent. By Proposition 2.16, Γ ⊢ 𝜑. □

3.7 The Compactness Theorem

One important consequence of the completeness theorem is the compactness theorem.
The compactness theorem states that if each finite subset of a set of formulas is
satisfiable, the entire set is satisfiable—even if the set itself is infinite. This is far from
obvious. There is nothing that seems to rule out, at first glance at least, the possibility
of there being infinite sets of formulas which are contradictory, but the contradiction
only arises, so to speak, from the infinite number. The compactness theorem says that
such a scenario can be ruled out: there are no unsatisfiable infinite sets of formulas
each finite subset of which is satisfiable. Like the completeness theorem, it has a
version related to entailment: if an infinite set of formulas entails something, already
a finite subset does.

Definition 3.8. A set Γ of formulas is finitely satisfiable iff every finite Γ0 ⊆ Γ is

satisfiable.

Theorem 3.9 (Compactness Theorem). The following hold for any sentences Γ and
𝜑:

1. Γ ⊨ 𝜑 iff there is a finite Γ0 ⊆ Γ such that Γ0 ⊨ 𝜑.

2. Γ is satisfiable iff it is finitely satisfiable.

Proof. We prove (2). If Γ is satisfiable, then there is a valuation 𝑣 such that 𝑣 ⊨ 𝜑

for all 𝜑 ∈ Γ. Of course, this 𝑣 also satisfies every finite subset of Γ, so Γ is finitely
satisfiable.
Now suppose that Γ is finitely satisfiable. Then every finite subset Γ0 ⊆ Γ is
satisfiable. By soundness (Corollary 2.24), every finite subset is consistent. Then Γ
itself must be consistent by Proposition 2.14. By completeness (Theorem 3.6), since
Γ is consistent, it is satisfiable. □

3.8 A Direct Proof of the Compactness Theorem

We can prove the Compactness Theorem directly, without appealing to the Complete-
ness Theorem, using the same ideas as in the proof of the completeness theorem. In
the proof of the Completeness Theorem we started with a consistent set Γ of formulas,
expanded it to a consistent and complete set Γ ∗ of formulas, and then showed that in
the valuation 𝑣 (Γ ∗ ) constructed from Γ ∗ , all formulas of Γ are true, so Γ is satisfiable.
We can use the same method to show that a finitely satisfiable set of sentences is
satisfiable. We just have to prove the corresponding versions of the results leading to
the truth lemma where we replace “consistent” with “finitely satisfiable.”

Proposition 3.10. Suppose Γ is complete and finitely satisfiable. Then:

42
 3.8. A Direct Proof of the Compactness Theorem

1. (𝜑 ∧ 𝜓 ) ∈ Γ iff both 𝜑 ∈ Γ and 𝜓 ∈ Γ.

2. (𝜑 ∨ 𝜓 ) ∈ Γ iff either 𝜑 ∈ Γ or 𝜓 ∈ Γ.
3. (𝜑 → 𝜓 ) ∈ Γ iff either 𝜑 ∉ Γ or 𝜓 ∈ Γ.

Lemma 3.11. Every finitely satisfiable set Γ can be extended to a complete and finitely
satisfiable set Γ ∗ .

Theorem 3.12 (Compactness). Γ is satisfiable if and only if it is finitely satisfiable.

Proof. If Γ is satisfiable, then there is a valuation 𝑣 such that 𝑣 ⊨ 𝜑 for all 𝜑 ∈ Γ. Of

course, this 𝑣 also satisfies every finite subset of Γ, so Γ is finitely satisfiable.
Now suppose that Γ is finitely satisfiable. By Lemma 3.11, Γ can be extended
to a complete and finitely satisfiable set Γ ∗ . Construct the valuation 𝑣 (Γ ∗ ) as in
Definition 3.4. The proof of the Truth Lemma (Lemma 3.5) goes through if we replace
references to Proposition 3.2. □

Problems
Problem 3.1. Complete the proof of Proposition 3.2.

Problem 3.2. Use Corollary 3.7 to prove Theorem 3.6, thus showing that the two
formulations of the completeness theorem are equivalent.

Problem 3.3. In order for a derivation system to be complete, its rules must be strong
enough to prove every unsatisfiable set inconsistent. Which of the rules of derivation
were necessary to prove completeness? Are any of these rules not used anywhere
in the proof? In order to answer these questions, make a list or diagram that shows
which of the rules of derivation were used in which results that lead up to the proof
of Theorem 3.6. Be sure to note any tacit uses of rules in these proofs.

Problem 3.4. Prove (1) of Theorem 3.9.

Problem 3.5. Prove Proposition 3.10. Avoid the use of ⊢.

Problem 3.6. Prove Lemma 3.11. (Hint: the crucial step is to show that if Γ𝑛 is finitely
satisfiable, then either Γ𝑛 ∪ {𝜑𝑛 } or Γ𝑛 ∪ {¬𝜑𝑛 } is finitely satisfiable.)

Problem 3.7. Write out the complete proof of the Truth Lemma (Lemma 3.5) in the
version required for the proof of Theorem 3.12.

43
 Part II

First-order Logic

Chapter 4

Syntax and Semantics

4.1 Introduction
In order to develop the theory and metatheory of first-order logic, we must first
define the syntax and semantics of its expressions. The expressions of first-order logic
are terms and formulas. Terms are formed from variables, constant symbols, and
function symbols. Formulas, in turn, are formed from predicate symbols together with
terms (these form the smallest, “atomic” formulas), and then from atomic formulas
we can form more complex ones using logical connectives and quantifiers. There are
many different ways to set down the formation rules; we give just one possible one.
Other systems will chose different symbols, will select different sets of connectives
as primitive, will use parentheses differently (or even not at all, as in the case of
so-called Polish notation). What all approaches have in common, though, is that the
formation rules define the set of terms and formulas inductively. If done properly,
every expression can result essentially in only one way according to the formation
rules. The inductive definition resulting in expressions that are uniquely readable
means we can give meanings to these expressions using the same method—inductive
definition.
Giving the meaning of expressions is the domain of semantics. The central concept
in semantics is that of satisfaction in a structure. A structure gives meaning to the
building blocks of the language: a domain is a non-empty set of objects. The quantifiers
are interpreted as ranging over this domain, constant symbols are assigned elements
in the domain, function symbols are assigned functions from the domain to itself, and
predicate symbols are assigned relations on the domain. The domain together with
assignments to the basic vocabulary constitutes a structure. Variables may appear
in formulas, and in order to give a semantics, we also have to assign elements of
the domain to them—this is a variable assignment. The satisfaction relation, finally,
brings these together. A formula may be satisfied in a structure 𝔐 relative to a
variable assignment 𝑠, written as 𝔐, 𝑠 ⊨ 𝜑. This relation is also defined by induction
on the structure of 𝜑, using the truth tables for the logical connectives to define, say,

45
4. Syntax and Semantics

satisfaction of 𝜑 ∧𝜓 in terms of satisfaction (or not) of 𝜑 and 𝜓 . It then turns out that
the variable assignment is irrelevant if the formula 𝜑 is a sentence, i.e., has no free
variables, and so we can talk of sentences being simply satisfied (or not) in structures.
On the basis of the satisfaction relation 𝔐 ⊨ 𝜑 for sentences we can then define the
basic semantic notions of validity, entailment, and satisfiability. A sentence is valid,
⊨ 𝜑, if every structure satisfies it. It is entailed by a set of sentences, Γ ⊨ 𝜑, if every
structure that satisfies all the sentences in Γ also satisfies 𝜑. And a set of sentences
is satisfiable if some structure satisfies all sentences in it at the same time. Because
formulas are inductively defined, and satisfaction is in turn defined by induction on
the structure of formulas, we can use induction to prove properties of our semantics
and to relate the semantic notions defined.

4.2 First-Order Languages

Expressions of first-order logic are built up from a basic vocabulary containing vari-
ables, constant symbols, predicate symbols and sometimes function symbols. From
them, together with logical connectives, quantifiers, and punctuation symbols such
as parentheses and commas, terms and formulas are formed.
Informally, predicate symbols are names for properties and relations, constant
symbols are names for individual objects, and function symbols are names for map-
pings. These, except for the identity predicate =, are the non-logical symbols and
together make up a language. Any first-order language L is determined by its non-
logical symbols. In the most general case, L contains infinitely many symbols of each
kind.
In the general case, we make use of the following symbols in first-order logic:

1. Logical symbols
a) Logical connectives: ¬ (negation), ∧ (conjunction), ∨ (disjunction), →
(conditional), ∀ (universal quantifier), ∃ (existential quantifier).
b) The propositional constant for falsity ⊥.
c) The two-place identity predicate =.
d) A countably infinite set of variables: 𝑣 0 , 𝑣 1 , 𝑣 2 , . . .
2. Non-logical symbols, making up the standard language of first-order logic
a) A countably infinite set of 𝑛-place predicate symbols for each 𝑛 > 0: 𝐴𝑛0 ,
𝐴𝑛1 , 𝐴𝑛2 , . . .
b) A countably infinite set of constant symbols: 𝑐 0 , 𝑐 1 , 𝑐 2 , . . . .
c) A countably infinite set of 𝑛-place function symbols for each 𝑛 > 0: 𝑓0𝑛 ,
𝑓1𝑛 , 𝑓2𝑛 , . . .
3. Punctuation marks: (, ), and the comma.

Most of our definitions and results will be formulated for the full standard language
of first-order logic. However, depending on the application, we may also restrict the
language to only a few predicate symbols, constant symbols, and function symbols.
Example 4.1. The language L𝐴 of arithmetic contains a single two-place predicate
symbol <, a single constant symbol 0, one one-place function symbol ′, and two
two-place function symbols + and ×.

46
 4.3. Terms and Formulas

Example 4.2. The language of set theory L𝑍 contains only the single two-place
predicate symbol ∈.

Example 4.3. The language of orders L ≤ contains only the two-place predicate
symbol ≤.

Again, these are conventions: officially, these are just aliases, e.g., <, ∈, and ≤ are
aliases for 𝐴20 , 0 for 𝑐 0 , ′ for 𝑓01 , + for 𝑓02 , × for 𝑓12 .
In addition to the primitive connectives and quantifiers introduced above, we also
use the following defined symbols: ↔ (biconditional), truth ⊤
A defined symbol is not officially part of the language, but is introduced as an
informal abbreviation: it allows us to abbreviate formulas which would, if we only
used primitive symbols, get quite long. This is obviously an advantage. The bigger
advantage, however, is that proofs become shorter. If a symbol is primitive, it has to
be treated separately in proofs. The more primitive symbols, therefore, the longer our
proofs.
You may be familiar with different terminology and symbols than the ones we use
above. Logic texts (and teachers) commonly use ∼, ¬, or ! for “negation”, ∧, ·, or & for
“conjunction”. Commonly used symbols for the “conditional” or “implication” are →,
⇒, and ⊃. Symbols for “biconditional,” “bi-implication,” or “(material) equivalence”
are ↔, ⇔, and ≡. The ⊥ symbol is variously called “falsity,” “falsum,”, “absurdity,” or
“bottom.” The ⊤ symbol is variously called “truth,” “verum,” or “top.”
It is conventional to use lower case letters (e.g., 𝑎, 𝑏, 𝑐) from the beginning of the
Latin alphabet for constant symbols (sometimes called names), and lower case letters
from the end (e.g., 𝑥, 𝑦, 𝑧) for variables. Quantifiers combine with variables, e.g., 𝑥;
notational variations Ôinclude ∀𝑥, (∀𝑥), (𝑥), Π𝑥, 𝑥 for the universal quantifier and
Ó
∃𝑥, (∃𝑥), (𝐸𝑥), Σ𝑥, 𝑥 for the existential quantifier.
We might treat all the propositional operators and both quantifiers as primitive
symbols of the language. We might instead choose a smaller stock of primitive
symbols and treat the other logical operators as defined. “Truth functionally complete”
sets of Boolean operators include {¬, ∨}, {¬, ∧}, and {¬, →}—these can be combined
with either quantifier for an expressively complete first-order language.
You may be familiar with two other logical operators: the Sheffer stroke | (named
after Henry Sheffer), and Peirce’s arrow ↓, also known as Quine’s dagger. When given
their usual readings of “nand” and “nor” (respectively), these operators are truth
functionally complete by themselves.

4.3 Terms and Formulas

Once a first-order language L is given, we can define expressions built up from the
basic vocabulary of L. These include in particular terms and formulas.
Definition 4.4 (Terms). The set of terms Trm(L) of L is defined inductively by:
1. Every variable is a term.
2. Every constant symbol of L is a term.
3. If 𝑓 is an 𝑛-place function symbol and 𝑡 1 , . . . , 𝑡𝑛 are terms, then 𝑓 (𝑡 1, . . . , 𝑡𝑛 ) is a
term.
4. Nothing else is a term.

47
4. Syntax and Semantics

A term containing no variables is a closed term.

The constant symbols appear in our specification of the language and the terms
as a separate category of symbols, but they could instead have been included as
zero-place function symbols. We could then do without the second clause in the
definition of terms. We just have to understand 𝑓 (𝑡 1, . . . , 𝑡𝑛 ) as just 𝑓 by itself if 𝑛 = 0.
Definition 4.5 (Formulas). The set of formulas Frm(L) of the language L is defined
inductively as follows:
1. ⊥ is an atomic formula.
2. If 𝑅 is an 𝑛-place predicate symbol of L and 𝑡 1 , . . . , 𝑡𝑛 are terms of L, then
𝑅(𝑡 1, . . . , 𝑡𝑛 ) is an atomic formula.
3. If 𝑡 1 and 𝑡 2 are terms of L, then =(𝑡 1, 𝑡 2 ) is an atomic formula.
4. If 𝜑 is a formula, then ¬𝜑 is formula.
5. If 𝜑 and 𝜓 are formulas, then (𝜑 ∧ 𝜓 ) is a formula.
6. If 𝜑 and 𝜓 are formulas, then (𝜑 ∨ 𝜓 ) is a formula.
7. If 𝜑 and 𝜓 are formulas, then (𝜑 → 𝜓 ) is a formula.
8. If 𝜑 is a formula and 𝑥 is a variable, then ∀𝑥 𝜑 is a formula.
9. If 𝜑 is a formula and 𝑥 is a variable, then ∃𝑥 𝜑 is a formula.
10. Nothing else is a formula.

The definitions of the set of terms and that of formulas are inductive definitions.
Essentially, we construct the set of formulas in infinitely many stages. In the initial
stage, we pronounce all atomic formulas to be formulas; this corresponds to the first
few cases of the definition, i.e., the cases for ⊥, 𝑅(𝑡 1, . . . , 𝑡𝑛 ) and =(𝑡 1, 𝑡 2 ). “Atomic
formula” thus means any formula of this form.
The other cases of the definition give rules for constructing new formulas out
of formulas already constructed. At the second stage, we can use them to construct
formulas out of atomic formulas. At the third stage, we construct new formulas from
the atomic formulas and those obtained in the second stage, and so on. A formula is
anything that is eventually constructed at such a stage, and nothing else.
By convention, we write = between its arguments and leave out the parentheses:
𝑡 1 = 𝑡 2 is an abbreviation for =(𝑡 1, 𝑡 2 ). Moreover, ¬=(𝑡 1, 𝑡 2 ) is abbreviated as 𝑡 1 ≠ 𝑡 2 .
When writing a formula (𝜓 ∗ 𝜒) constructed from 𝜓 , 𝜒 using a two-place connective ∗,
we will often leave out the outermost pair of parentheses and write simply 𝜓 ∗ 𝜒.
Some logic texts require that the variable 𝑥 must occur in 𝜑 in order for ∃𝑥 𝜑
and ∀𝑥 𝜑 to count as formulas. Nothing bad happens if you don’t require this, and it
makes things easier.
Definition 4.6. Formulas constructed using the defined operators are to be under-
stood as follows:

1. ⊤ abbreviates ¬⊥.
2. 𝜑 ↔ 𝜓 abbreviates (𝜑 → 𝜓 ) ∧ (𝜓 → 𝜑).

48
 4.3. Terms and Formulas

If we work in a language for a specific application, we will often write two-place

predicate symbols and function symbols between the respective terms, e.g., 𝑡 1 < 𝑡 2
and (𝑡 1 + 𝑡 2 ) in the language of arithmetic and 𝑡 1 ∈ 𝑡 2 in the language of set theory.
The successor function in the language of arithmetic is even written conventionally
after its argument: 𝑡 ′ . Officially, however, these are just conventional abbreviations
for 𝐴20 (𝑡 1, 𝑡 2 ), 𝑓02 (𝑡 1, 𝑡 2 ), 𝐴20 (𝑡 1, 𝑡 2 ) and 𝑓01 (𝑡), respectively.

Definition 4.7 (Syntactic identity). The symbol ≡ expresses syntactic identity be-
tween strings of symbols, i.e., 𝜑 ≡ 𝜓 iff 𝜑 and 𝜓 are strings of symbols of the same
length and which contain the same symbol in each place.

The ≡ symbol may be flanked by strings obtained by concatenation, e.g., 𝜑 ≡

(𝜓 ∨ 𝜒) means: the string of symbols 𝜑 is the same string as the one obtained by
concatenating an opening parenthesis, the string 𝜓 , the ∨ symbol, the string 𝜒, and
a closing parenthesis, in this order. If this is the case, then we know that the first
symbol of 𝜑 is an opening parenthesis, 𝜑 contains 𝜓 as a substring (starting at the
second symbol), that substring is followed by ∨, etc.
As terms and formulas are built up from basic elements via inductive definitions,
we can use the following induction principles to prove things about them.

Lemma 4.8 (Principle of induction on terms). Let L be a first-order language. If

some property 𝑃 holds in all of the following cases, then 𝑃 (𝑡) for every 𝑡 ∈ Trm(L).

1. 𝑃 (𝑣) for every variable 𝑣,

2. 𝑃 (𝑎) for every constant symbol 𝑎 of L,

3. If 𝑡 1, . . . , 𝑡𝑛 ∈ Trm(L), 𝑓 is an 𝑛-place function symbol of L, and 𝑃 (𝑡 1 ), . . . , 𝑃 (𝑡𝑛 ),

then 𝑃 (𝑓 (𝑡 1, . . . , 𝑡𝑛 )).

Lemma 4.9 (Principle of induction on formulas). Let L be a first-order language.

If some property 𝑃 holds for all the atomic formulas and is such that

1. 𝜑 is an atomic formula.

2. it holds for ¬𝜑 whenever it holds for 𝜑;

3. it holds for (𝜑 ∧ 𝜓 ) whenever it holds for 𝜑 and 𝜓 ;

4. it holds for (𝜑 ∨ 𝜓 ) whenever it holds for 𝜑 and 𝜓 ;

5. it holds for (𝜑 → 𝜓 ) whenever it holds for 𝜑 and 𝜓 ;

6. it holds for ∃𝑥𝜑 whenever it holds for 𝜑;

7. it holds for ∀𝑥𝜑 whenever it holds for 𝜑;

then 𝑃 holds for all formulas 𝜑 ∈ Frm(L).

49
4. Syntax and Semantics

4.4 Unique Readability

The way we defined formulas guarantees that every formula has a unique reading,
i.e., there is essentially only one way of constructing it according to our formation
rules for formulas and only one way of “interpreting” it. If this were not so, we
would have ambiguous formulas, i.e., formulas that have more than one reading or
intepretation—and that is clearly something we want to avoid. But more importantly,
without this property, most of the definitions and proofs we are going to give will
not go through.
Perhaps the best way to make this clear is to see what would happen if we had
given bad rules for forming formulas that would not guarantee unique readability.
For instance, we could have forgotten the parentheses in the formation rules for
connectives, e.g., we might have allowed this:
If 𝜑 and 𝜓 are formulas, then so is 𝜑 → 𝜓 .
Starting from an atomic formula 𝜃 , this would allow us to form 𝜃 → 𝜃 . From this,
together with 𝜃 , we would get 𝜃 → 𝜃 → 𝜃 . But there are two ways to do this:
1. We take 𝜃 to be 𝜑 and 𝜃 → 𝜃 to be 𝜓 .
2. We take 𝜑 to be 𝜃 → 𝜃 and 𝜓 is 𝜃 .
Correspondingly, there are two ways to “read” the formula 𝜃 → 𝜃 → 𝜃 . It is of the
form 𝜓 → 𝜒 where 𝜓 is 𝜃 and 𝜒 is 𝜃 → 𝜃 , but it is also of the form 𝜓 → 𝜒 with 𝜓 being
𝜃 → 𝜃 and 𝜒 being 𝜃 .
If this happens, our definitions will not always work. For instance, when we
define the main operator of a formula, we say: in a formula of the form 𝜓 → 𝜒, the
main operator is the indicated occurrence of →. But if we can match the formula
𝜃 → 𝜃 → 𝜃 with 𝜓 → 𝜒 in the two different ways mentioned above, then in one case
we get the first occurrence of → as the main operator, and in the second case the
second occurrence. But we intend the main operator to be a function of the formula,
i.e., every formula must have exactly one main operator occurrence.
Lemma 4.10. The number of left and right parentheses in a formula 𝜑 are equal.

Proof. We prove this by induction on the way 𝜑 is constructed. This requires two
things: (a) We have to prove first that all atomic formulas have the property in
question (the induction basis). (b) Then we have to prove that when we construct
new formulas out of given formulas, the new formulas have the property provided
the old ones do.
Let 𝑙 (𝜑) be the number of left parentheses, and 𝑟 (𝜑) the number of right paren-
theses in 𝜑, and 𝑙 (𝑡) and 𝑟 (𝑡) similarly the number of left and right parentheses in a
term 𝑡.

1. 𝜑 ≡ ⊥: 𝜑 has 0 left and 0 right parentheses.

2. 𝜑 ≡ 𝑅(𝑡 1, . . . , 𝑡𝑛 ): 𝑙 (𝜑) = 1 + 𝑙 (𝑡 1 ) + · · · + 𝑙 (𝑡𝑛 ) = 1 + 𝑟 (𝑡 1 ) + · · · + 𝑟 (𝑡𝑛 ) = 𝑟 (𝜑).
Here we make use of the fact, left as an exercise, that 𝑙 (𝑡) = 𝑟 (𝑡) for any term 𝑡.
3. 𝜑 ≡ 𝑡 1 = 𝑡 2 : 𝑙 (𝜑) = 𝑙 (𝑡 1 ) + 𝑙 (𝑡 2 ) = 𝑟 (𝑡 1 ) + 𝑟 (𝑡 2 ) = 𝑟 (𝜑).
4. 𝜑 ≡ ¬𝜓 : By induction hypothesis, 𝑙 (𝜓 ) = 𝑟 (𝜓 ). Thus 𝑙 (𝜑) = 𝑙 (𝜓 ) = 𝑟 (𝜓 ) =
𝑟 (𝜑).

50
 4.4. Unique Readability

5. 𝜑 ≡ (𝜓 ∗ 𝜒): By induction hypothesis, 𝑙 (𝜓 ) = 𝑟 (𝜓 ) and 𝑙 ( 𝜒) = 𝑟 ( 𝜒). Thus

𝑙 (𝜑) = 1 + 𝑙 (𝜓 ) + 𝑙 ( 𝜒) = 1 + 𝑟 (𝜓 ) + 𝑟 ( 𝜒) = 𝑟 (𝜑).
6. 𝜑 ≡ ∀𝑥 𝜓 : By induction hypothesis, 𝑙 (𝜓 ) = 𝑟 (𝜓 ). Thus, 𝑙 (𝜑) = 𝑙 (𝜓 ) = 𝑟 (𝜓 ) =
𝑟 (𝜑).
7. 𝜑 ≡ ∃𝑥 𝜓 : Similarly. □

Definition 4.11 (Proper prefix). A string of symbols 𝜓 is a proper prefix of a string

of symbols 𝜑 if concatenating 𝜓 and a non-empty string of symbols yields 𝜑.
Lemma 4.12. If 𝜑 is a formula, and 𝜓 is a proper prefix of 𝜑, then 𝜓 is not a formula.
Proof. Exercise. □
Proposition 4.13. If 𝜑 is an atomic formula, then it satisfies one, and only one of the
following conditions.
1. 𝜑 ≡ ⊥.
2. 𝜑 ≡ 𝑅(𝑡 1, . . . , 𝑡𝑛 ) where 𝑅 is an 𝑛-place predicate symbol, 𝑡 1 , . . . , 𝑡𝑛 are terms, and
each of 𝑅, 𝑡 1 , . . . , 𝑡𝑛 is uniquely determined.
3. 𝜑 ≡ 𝑡 1 = 𝑡 2 where 𝑡 1 and 𝑡 2 are uniquely determined terms.
Proof. Exercise. □
Proposition 4.14 (Unique Readability). Every formula satisfies one, and only one
of the following conditions.
1. 𝜑 is atomic.
2. 𝜑 is of the form ¬𝜓 .
3. 𝜑 is of the form (𝜓 ∧ 𝜒).
4. 𝜑 is of the form (𝜓 ∨ 𝜒).
5. 𝜑 is of the form (𝜓 → 𝜒).
6. 𝜑 is of the form ∀𝑥 𝜓 .
7. 𝜑 is of the form ∃𝑥 𝜓 .
Moreover, in each case 𝜓 , or 𝜓 and 𝜒, are uniquely determined. This means that, e.g.,
there are no different pairs 𝜓 , 𝜒 and 𝜓 ′ , 𝜒 ′ so that 𝜑 is both of the form (𝜓 → 𝜒) and
(𝜓 ′ → 𝜒 ′ ).
Proof. The formation rules require that if a formula is not atomic, it must start with an
opening parenthesis (, ¬, or a quantifier. On the other hand, every formula that starts
with one of the following symbols must be atomic: a predicate symbol, a function
symbol, a constant symbol, ⊥.
So we really only have to show that if 𝜑 is of the form (𝜓 ∗ 𝜒) and also of the form
(𝜓 ′ ∗′ 𝜒 ′ ), then 𝜓 ≡ 𝜓 ′ , 𝜒 ≡ 𝜒 ′ , and ∗ = ∗′ .
So suppose both 𝜑 ≡ (𝜓 ∗ 𝜒) and 𝜑 ≡ (𝜓 ′ ∗′ 𝜒 ′ ). Then either 𝜓 ≡ 𝜓 ′ or not. If it is,
clearly ∗ = ∗′ and 𝜒 ≡ 𝜒 ′ , since they then are substrings of 𝜑 that begin in the same
place and are of the same length. The other case is 𝜓 ̸≡ 𝜓 ′ . Since 𝜓 and 𝜓 ′ are both
substrings of 𝜑 that begin at the same place, one must be a proper prefix of the other.
But this is impossible by Lemma 4.12. □

51
4. Syntax and Semantics

4.5 Main operator of a Formula

It is often useful to talk about the last operator used in constructing a formula 𝜑. This
operator is called the main operator of 𝜑. Intuitively, it is the “outermost” operator of
𝜑. For example, the main operator of ¬𝜑 is ¬, the main operator of (𝜑 ∨ 𝜓 ) is ∨, etc.

Definition 4.15 (Main operator). The main operator of a formula 𝜑 is defined as

follows:

1. 𝜑 is atomic: 𝜑 has no main operator.

2. 𝜑 ≡ ¬𝜓 : the main operator of 𝜑 is ¬.

3. 𝜑 ≡ (𝜓 ∧ 𝜒): the main operator of 𝜑 is ∧.

4. 𝜑 ≡ (𝜓 ∨ 𝜒): the main operator of 𝜑 is ∨.

5. 𝜑 ≡ (𝜓 → 𝜒): the main operator of 𝜑 is →.

6. 𝜑 ≡ ∀𝑥 𝜓 : the main operator of 𝜑 is ∀.

7. 𝜑 ≡ ∃𝑥 𝜓 : the main operator of 𝜑 is ∃.

In each case, we intend the specific indicated occurrence of the main operator in
the formula. For instance, since the formula ((𝜃 → 𝛼) → (𝛼 → 𝜃 )) is of the form
(𝜓 → 𝜒) where 𝜓 is (𝜃 → 𝛼) and 𝜒 is (𝛼 → 𝜃 ), the second occurrence of → is the
main operator.
This is a recursive definition of a function which maps all non-atomic formulas to
their main operator occurrence. Because of the way formulas are defined inductively,
every formula 𝜑 satisfies one of the cases in Definition 4.15. This guarantees that for
each non-atomic formula 𝜑 a main operator exists. Because each formula satisfies
only one of these conditions, and because the smaller formulas from which 𝜑 is
constructed are uniquely determined in each case, the main operator occurrence of 𝜑
is unique, and so we have defined a function.
We call formulas by the names in Table 4.1 depending on which symbol their
main operator is.Recall, however, that defined operators do not officially appear in
formulas. They are just abbreviations, so officially they cannot be the main operator
of a formula. In proofs about all formulas they therefore do not have to be treated
separately.
Main operator Type of formula Example
none atomic (formula) ⊥, 𝑅(𝑡 1, . . . , 𝑡𝑛 ), 𝑡 1 = 𝑡 2
¬ negation ¬𝜑
∧ conjunction (𝜑 ∧ 𝜓 )
∨ disjunction (𝜑 ∨ 𝜓 )
→ conditional (𝜑 → 𝜓 )
↔ biconditional (𝜑 ↔ 𝜓 )
∀ universal (formula) ∀𝑥 𝜑
∃ existential (formula) ∃𝑥 𝜑
Table 4.1: Main operator and names of formulas

52
 4.6. Subformulas

4.6 Subformulas
It is often useful to talk about the formulas that “make up” a given formula. We call
these its subformulas. Any formula counts as a subformula of itself; a subformula of
𝜑 other than 𝜑 itself is a proper subformula.

Definition 4.16 (Immediate Subformula). If 𝜑 is a formula, the immediate subfor-

mulas of 𝜑 are defined inductively as follows:

1. Atomic formulas have no immediate subformulas.

2. 𝜑 ≡ ¬𝜓 : The only immediate subformula of 𝜑 is 𝜓 .

3. 𝜑 ≡ (𝜓 ∗ 𝜒): The immediate subformulas of 𝜑 are 𝜓 and 𝜒 (∗ is any one of the

two-place connectives).

4. 𝜑 ≡ ∀𝑥 𝜓 : The only immediate subformula of 𝜑 is 𝜓 .

5. 𝜑 ≡ ∃𝑥 𝜓 : The only immediate subformula of 𝜑 is 𝜓 .

Definition 4.17 (Proper Subformula). If 𝜑 is a formula, the proper subformulas of

𝜑 are defined recursively as follows:

1. Atomic formulas have no proper subformulas.

2. 𝜑 ≡ ¬𝜓 : The proper subformulas of 𝜑 are 𝜓 together with all proper subfor-

mulas of 𝜓 .

3. 𝜑 ≡ (𝜓 ∗ 𝜒): The proper subformulas of 𝜑 are 𝜓 , 𝜒, together with all proper

subformulas of 𝜓 and those of 𝜒.

4. 𝜑 ≡ ∀𝑥 𝜓 : The proper subformulas of 𝜑 are 𝜓 together with all proper subfor-

mulas of 𝜓 .

5. 𝜑 ≡ ∃𝑥 𝜓 : The proper subformulas of 𝜑 are 𝜓 together with all proper subfor-

mulas of 𝜓 .

Definition 4.18 (Subformula). The subformulas of 𝜑 are 𝜑 itself together with all
its proper subformulas.

Note the subtle difference in how we have defined immediate subformulas and
proper subformulas. In the first case, we have directly defined the immediate sub-
formulas of a formula 𝜑 for each possible form of 𝜑. It is an explicit definition by
cases, and the cases mirror the inductive definition of the set of formulas. In the
second case, we have also mirrored the way the set of all formulas is defined, but in
each case we have also included the proper subformulas of the smaller formulas 𝜓 ,
𝜒 in addition to these formulas themselves. This makes the definition recursive. In
general, a definition of a function on an inductively defined set (in our case, formulas)
is recursive if the cases in the definition of the function make use of the function itself.
To be well defined, we must make sure, however, that we only ever use the values of
the function for arguments that come “before” the one we are defining—in our case,
when defining “proper subformula” for (𝜓 ∗ 𝜒) we only use the proper subformulas
of the “earlier” formulas 𝜓 and 𝜒.

53
4. Syntax and Semantics

Proposition 4.19. Suppose 𝜓 is a subformula of 𝜑 and 𝜒 is a subformula of 𝜓 . Then 𝜒

is a subformula of 𝜑. In other words, the subformula relation is transitive.
Proposition 4.20. Suppose 𝜑 is a formula with 𝑛 connectives and quantifiers. Then 𝜑
has at most 2𝑛 + 1 subformulas.

4.7 Free Variables and Sentences

Definition 4.21 (Free occurrences of a variable). The free occurrences of a vari-
able in a formula are defined inductively as follows:
1. 𝜑 is atomic: all variable occurrences in 𝜑 are free.
2. 𝜑 ≡ ¬𝜓 : the free variable occurrences of 𝜑 are exactly those of 𝜓 .
3. 𝜑 ≡ (𝜓 ∗ 𝜒): the free variable occurrences of 𝜑 are those in 𝜓 together with
those in 𝜒.
4. 𝜑 ≡ ∀𝑥 𝜓 : the free variable occurrences in 𝜑 are all of those in 𝜓 except for
occurrences of 𝑥.
5. 𝜑 ≡ ∃𝑥 𝜓 : the free variable occurrences in 𝜑 are all of those in 𝜓 except for
occurrences of 𝑥.
Definition 4.22 (Bound Variables). An occurrence of a variable in a formula 𝜑 is
bound if it is not free.
Definition 4.23 (Scope). If ∀𝑥 𝜓 is an occurrence of a subformula in a formula 𝜑,
then the corresponding occurrence of 𝜓 in 𝜑 is called the scope of the corresponding
occurrence of ∀𝑥. Similarly for ∃𝑥.
If 𝜓 is the scope of a quantifier occurrence ∀𝑥 or ∃𝑥 in 𝜑, then the free occurrences
of 𝑥 in 𝜓 are bound in ∀𝑥 𝜓 and ∃𝑥 𝜓 . We say that these occurrences are bound by
the mentioned quantifier occurrence.
Example 4.24. Consider the following formula:
∃𝑣 0 𝐴20 (𝑣 0, 𝑣 1 )
| {z }
𝜓

𝜓 represents the scope of ∃𝑣 0 . The quantifier binds the occurrence of 𝑣 0 in 𝜓 , but does
not bind the occurrence of 𝑣 1 . So 𝑣 1 is a free variable in this case.
We can now see how this might work in a more complicated formula 𝜑:
𝜃
z }| {
∀𝑣 0 (𝐴10 (𝑣 0 ) → 𝐴20 (𝑣 0, 𝑣 1 )) →∃𝑣 1 (𝐴21 (𝑣 0, 𝑣 1 ) ∨ ∀𝑣 0 ¬𝐴11 (𝑣 0 ))
| {z } | {z }
𝜓 𝜒

𝜓 is the scope of the first ∀𝑣 0 , 𝜒 is the scope of ∃𝑣 1 , and 𝜃 is the scope of the second
∀𝑣 0 . The first ∀𝑣 0 binds the occurrences of 𝑣 0 in 𝜓 , ∃𝑣 1 binds the occurrence of 𝑣 1 in 𝜒,
and the second ∀𝑣 0 binds the occurrence of 𝑣 0 in 𝜃 . The first occurrence of 𝑣 1 and the
fourth occurrence of 𝑣 0 are free in 𝜑. The last occurrence of 𝑣 0 is free in 𝜃 , but bound
in 𝜒 and 𝜑.
Definition 4.25 (Sentence). A formula 𝜑 is a sentence iff it contains no free occur-
rences of variables.

54
 4.8. Substitution

4.8 Substitution
Definition 4.26 (Substitution in a term). We define 𝑠 [𝑡/𝑥], the result of substitut-
ing 𝑡 for every occurrence of 𝑥 in 𝑠, recursively:

1. 𝑠 ≡ 𝑐: 𝑠 [𝑡/𝑥] is just 𝑠.

2. 𝑠 ≡ 𝑦: 𝑠 [𝑡/𝑥] is also just 𝑠, provided 𝑦 is a variable and 𝑦 ̸≡ 𝑥.

3. 𝑠 ≡ 𝑥: 𝑠 [𝑡/𝑥] is 𝑡.

4. 𝑠 ≡ 𝑓 (𝑡 1, . . . , 𝑡𝑛 ): 𝑠 [𝑡/𝑥] is 𝑓 (𝑡 1 [𝑡/𝑥], . . . , 𝑡𝑛 [𝑡/𝑥]).

Definition 4.27. A term 𝑡 is free for 𝑥 in 𝜑 if none of the free occurrences of 𝑥 in 𝜑

occur in the scope of a quantifier that binds a variable in 𝑡.

Example 4.28.

1. 𝑣 8 is free for 𝑣 1 in ∃𝑣 3𝐴24 (𝑣 3, 𝑣 1 )

2. 𝑓12 (𝑣 1, 𝑣 2 ) is not free for 𝑣 0 in ∀𝑣 2𝐴24 (𝑣 0, 𝑣 2 )

Definition 4.29 (Substitution in a formula). If 𝜑 is a formula, 𝑥 is a variable, and

𝑡 is a term free for 𝑥 in 𝜑, then 𝜑 [𝑡/𝑥] is the result of substituting 𝑡 for all free
occurrences of 𝑥 in 𝜑.

1. 𝜑 ≡ ⊥: 𝜑 [𝑡/𝑥] is ⊥.

2. 𝜑 ≡ 𝑃 (𝑡 1, . . . , 𝑡𝑛 ): 𝜑 [𝑡/𝑥] is 𝑃 (𝑡 1 [𝑡/𝑥], . . . , 𝑡𝑛 [𝑡/𝑥]).

3. 𝜑 ≡ 𝑡 1 = 𝑡 2 : 𝜑 [𝑡/𝑥] is 𝑡 1 [𝑡/𝑥] = 𝑡 2 [𝑡/𝑥].

4. 𝜑 ≡ ¬𝜓 : 𝜑 [𝑡/𝑥] is ¬𝜓 [𝑡/𝑥].

5. 𝜑 ≡ (𝜓 ∧ 𝜒): 𝜑 [𝑡/𝑥] is (𝜓 [𝑡/𝑥] ∧ 𝜒 [𝑡/𝑥]).

6. 𝜑 ≡ (𝜓 ∨ 𝜒): 𝜑 [𝑡/𝑥] is (𝜓 [𝑡/𝑥] ∨ 𝜒 [𝑡/𝑥]).

7. 𝜑 ≡ (𝜓 → 𝜒): 𝜑 [𝑡/𝑥] is (𝜓 [𝑡/𝑥] → 𝜒 [𝑡/𝑥]).

8. 𝜑 ≡ ∀𝑦 𝜓 : 𝜑 [𝑡/𝑥] is ∀𝑦 𝜓 [𝑡/𝑥], provided 𝑦 is a variable other than 𝑥; otherwise

𝜑 [𝑡/𝑥] is just 𝜑.

9. 𝜑 ≡ ∃𝑦 𝜓 : 𝜑 [𝑡/𝑥] is ∃𝑦 𝜓 [𝑡/𝑥], provided 𝑦 is a variable other than 𝑥; otherwise

𝜑 [𝑡/𝑥] is just 𝜑.

Note that substitution may be vacuous: If 𝑥 does not occur in 𝜑 at all, then 𝜑 [𝑡/𝑥]
is just 𝜑.
The restriction that 𝑡 must be free for 𝑥 in 𝜑 is necessary to exclude cases like
the following. If 𝜑 ≡ ∃𝑦 𝑥 < 𝑦 and 𝑡 ≡ 𝑦, then 𝜑 [𝑡/𝑥] would be ∃𝑦 𝑦 < 𝑦. In this
case the free variable 𝑦 is “captured” by the quantifier ∃𝑦 upon substitution, and
that is undesirable. For instance, we would like it to be the case that whenever ∀𝑥 𝜓
holds, so does 𝜓 [𝑡/𝑥]. But consider ∀𝑥 ∃𝑦 𝑥 < 𝑦 (here 𝜓 is ∃𝑦 𝑥 < 𝑦). It is a sentence
that is true about, e.g., the natural numbers: for every number 𝑥 there is a number 𝑦
greater than it. If we allowed 𝑦 as a possible substitution for 𝑥, we would end up with

55
4. Syntax and Semantics

𝜓 [𝑦/𝑥] ≡ ∃𝑦 𝑦 < 𝑦, which is false. We prevent this by requiring that none of the free
variables in 𝑡 would end up being bound by a quantifier in 𝜑.
We often use the following convention to avoid cumbersome notation: If 𝜑 is
a formula which may contain the variable 𝑥 free, we also write 𝜑 (𝑥) to indicate this.
When it is clear which 𝜑 and 𝑥 we have in mind, and 𝑡 is a term (assumed to be free
for 𝑥 in 𝜑 (𝑥)), then we write 𝜑 (𝑡) as short for 𝜑 [𝑡/𝑥]. So for instance, we might
say, “we call 𝜑 (𝑡) an instance of ∀𝑥 𝜑 (𝑥).” By this we mean that if 𝜑 is any formula,
𝑥 a variable, and 𝑡 a term that’s free for 𝑥 in 𝜑, then 𝜑 [𝑡/𝑥] is an instance of ∀𝑥 𝜑.

4.9 Structures for First-order Languages

First-order languages are, by themselves, uninterpreted: the constant symbols, function
symbols, and predicate symbols have no specific meaning attached to them. Meanings
are given by specifying a structure. It specifies the domain, i.e., the objects which
the constant symbols pick out, the function symbols operate on, and the quantifiers
range over. In addition, it specifies which constant symbols pick out which objects,
how a function symbol maps objects to objects, and which objects the predicate
symbols apply to. Structures are the basis for semantic notions in logic, e.g., the
notion of consequence, validity, satisfiability. They are variously called “structures,”
“interpretations,” or “models” in the literature.

Definition 4.30 (Structures). A structure 𝔐, for a language L of first-order logic

consists of the following elements:

1. Domain: a non-empty set, |𝔐|

2. Interpretation of constant symbols: for each constant symbol 𝑐 of L, an element

𝑐 𝔐 ∈ |𝔐|

3. Interpretation of predicate symbols: for each 𝑛-place predicate symbol 𝑅 of L

(other than =), an 𝑛-place relation 𝑅 𝔐 ⊆ |𝔐|𝑛

4. Interpretation of function symbols: for each 𝑛-place function symbol 𝑓 of L, an

𝑛-place function 𝑓 𝔐 : |𝔐|𝑛 → |𝔐|

Example 4.31. A structure 𝔐 for the language of arithmetic consists of a set, an

element of |𝔐|, 0𝔐 , as interpretation of the constant symbol 0, a one-place function
′𝔐 : |𝔐| → |𝔐|, two two-place functions +𝔐 and ×𝔐 , both |𝔐| 2 → |𝔐|, and a
two-place relation <𝔐 ⊆ |𝔐| 2 .
An obvious example of such a structure is the following:

1. |𝔑| = N

2. 0𝔑 = 0

3. ′𝔑 (𝑛) = 𝑛 + 1 for all 𝑛 ∈ N

4. +𝔑 (𝑛, 𝑚) = 𝑛 + 𝑚 for all 𝑛, 𝑚 ∈ N

5. ×𝔑 (𝑛, 𝑚) = 𝑛 · 𝑚 for all 𝑛, 𝑚 ∈ N

6. <𝔑 = {⟨𝑛, 𝑚⟩ | 𝑛 ∈ N, 𝑚 ∈ N, 𝑛 < 𝑚}

56
 4.10. Covered Structures for First-order Languages

The structure 𝔑 for L𝐴 so defined is called the standard model of arithmetic, because
it interprets the non-logical constants of L𝐴 exactly how you would expect.
However, there are many other possible structures for L𝐴 . For instance, we might
take as the domain the set Z of integers instead of N, and define the interpretations
of 0, ′, +, ×, < accordingly. But we can also define structures for L𝐴 which have
nothing even remotely to do with numbers.

Example 4.32. A structure 𝔐 for the language L𝑍 of set theory requires just a set
and a single-two place relation. So technically, e.g., the set of people plus the relation
“𝑥 is older than 𝑦” could be used as a structure for L𝑍 , as well as N together with
𝑛 ≥ 𝑚 for 𝑛, 𝑚 ∈ N.
A particularly interesting structure for L𝑍 in which the elements of the domain
are actually sets, and the interpretation of ∈ actually is the relation “𝑥 is an element
of 𝑦” is the structure ℌ𝔉 of hereditarily finite sets:

1. |ℌ𝔉| = ∅ ∪ ℘(∅) ∪ ℘(℘(∅)) ∪ ℘(℘(℘(∅))) ∪ . . . ;

2. ∈ℌ𝔉 = {⟨𝑥, 𝑦⟩ | 𝑥, 𝑦 ∈ |ℌ𝔉| , 𝑥 ∈ 𝑦}.

The stipulations we make as to what counts as a structure impact our logic. For
example, the choice to prevent empty domains ensures, given the usual account of
satisfaction (or truth) for quantified sentences, that ∃𝑥 (𝜑 (𝑥) ∨ ¬𝜑 (𝑥)) is valid—that
is, a logical truth. And the stipulation that all constant symbols must refer to an
object in the domain ensures that the existential generalization is a sound pattern of
inference: 𝜑 (𝑎), therefore ∃𝑥 𝜑 (𝑥). If we allowed names to refer outside the domain,
or to not refer, then we would be on our way to a free logic, in which existential
generalization requires an additional premise: 𝜑 (𝑎) and ∃𝑥 𝑥 = 𝑎, therefore ∃𝑥 𝜑 (𝑥).

4.10 Covered Structures for First-order Languages

Recall that a term is closed if it contains no variables.

Definition 4.33 (Value of closed terms). If 𝑡 is a closed term of the language L

and 𝔐 is a structure for L, the value Val𝔐 (𝑡) is defined as follows:

1. If 𝑡 is just the constant symbol 𝑐, then Val𝔐 (𝑐) = 𝑐 𝔐 .

2. If 𝑡 is of the form 𝑓 (𝑡 1, . . . , 𝑡𝑛 ), then

Val𝔐 (𝑡) = 𝑓 𝔐 (Val𝔐 (𝑡 1 ), . . . , Val𝔐 (𝑡𝑛 )).

Definition 4.34 (Covered structure). A structure is covered if every element of the

domain is the value of some closed term.

Example 4.35. Let L be the language with constant symbols 𝑧𝑒𝑟𝑜, 𝑜𝑛𝑒, 𝑡𝑤𝑜, . . . ,
the binary predicate symbol <, and the binary function symbols + and ×. Then
a structure 𝔐 for L is the one with domain |𝔐| = {0, 1, 2, . . .} and assignments
𝑧𝑒𝑟𝑜 𝔐 = 0, 𝑜𝑛𝑒 𝔐 = 1, 𝑡𝑤𝑜 𝔐 = 2, and so forth. For the binary relation symbol <, the
set <𝔐 is the set of all pairs ⟨𝑐 1, 𝑐 2 ⟩ ∈ |𝔐| 2 such that 𝑐 1 is less than 𝑐 2 : for example,
⟨1, 3⟩ ∈ <𝔐 but ⟨2, 2⟩ ∉ <𝔐 . For the binary function symbol +, define +𝔐 in the usual
way—for example, +𝔐 (2, 3) maps to 5, and similarly for the binary function symbol ×.

57
4. Syntax and Semantics

Hence, the value of 𝑓 𝑜𝑢𝑟 is just 4, and the value of ×(𝑡𝑤𝑜, +(𝑡ℎ𝑟𝑒𝑒, 𝑧𝑒𝑟𝑜)) (or in infix
notation, 𝑡𝑤𝑜 × (𝑡ℎ𝑟𝑒𝑒 + 𝑧𝑒𝑟𝑜)) is

Val𝔐 (×(𝑡𝑤𝑜, +(𝑡ℎ𝑟𝑒𝑒, 𝑧𝑒𝑟𝑜)) =

= ×𝔐 (Val𝔐 (𝑡𝑤𝑜), Val𝔐 (+(𝑡ℎ𝑟𝑒𝑒, 𝑧𝑒𝑟𝑜)))
= ×𝔐 (Val𝔐 (𝑡𝑤𝑜), +𝔐 (Val𝔐 (𝑡ℎ𝑟𝑒𝑒), Val𝔐 (𝑧𝑒𝑟𝑜)))
= ×𝔐 (𝑡𝑤𝑜 𝔐 , +𝔐 (𝑡ℎ𝑟𝑒𝑒 𝔐 , 𝑧𝑒𝑟𝑜 𝔐 ))
= ×𝔐 (2, +𝔐 (3, 0))
= ×𝔐 (2, 3)
=6

4.11 Satisfaction of a Formula in a Structure

The basic notion that relates expressions such as terms and formulas, on the one
hand, and structures on the other, are those of value of a term and satisfaction of
a formula. Informally, the value of a term is an element of a structure—if the term
is just a constant, its value is the object assigned to the constant by the structure,
and if it is built up using function symbols, the value is computed from the values
of constants and the functions assigned to the functions in the term. A formula is
satisfied in a structure if the interpretation given to the predicates makes the formula
true in the domain of the structure. This notion of satisfaction is specified inductively:
the specification of the structure directly states when atomic formulas are satisfied,
and we define when a complex formula is satisfied depending on the main connective
or quantifier and whether or not the immediate subformulas are satisfied.
The case of the quantifiers here is a bit tricky, as the immediate subformula of
a quantified formula has a free variable, and structures don’t specify the values of
variables. In order to deal with this difficulty, we also introduce variable assignments
and define satisfaction not with respect to a structure alone, but with respect to
a structure plus a variable assignment.
Definition 4.36 (Variable Assignment). A variable assignment 𝑠 for a structure 𝔐
is a function which maps each variable to an element of |𝔐|, i.e., 𝑠 : Var → |𝔐|.

A structure assigns a value to each constant symbol, and a variable assignment to

each variable. But we want to use terms built up from them to also name elements of
the domain. For this we define the value of terms inductively. For constant symbols
and variables the value is just as the structure or the variable assignment specifies it;
for more complex terms it is computed recursively using the functions the structure
assigns to the function symbols.
Definition 4.37 (Value of Terms). If 𝑡 is a term of the language L, 𝔐 is a structure
for L, and 𝑠 is a variable assignment for 𝔐, the value Val𝑠𝔐 (𝑡) is defined as follows:
1. 𝑡 ≡ 𝑐: Val𝑠𝔐 (𝑡) = 𝑐 𝔐 .
2. 𝑡 ≡ 𝑥: Val𝑠𝔐 (𝑡) = 𝑠 (𝑥).
3. 𝑡 ≡ 𝑓 (𝑡 1, . . . , 𝑡𝑛 ):

Val𝑠𝔐 (𝑡) = 𝑓 𝔐 (Val𝑠𝔐 (𝑡 1 ), . . . , Val𝑠𝔐 (𝑡𝑛 )).

58
 4.11. Satisfaction of a Formula in a Structure

Definition 4.38 (𝑥-Variant). If 𝑠 is a variable assignment for a structure 𝔐, then

any variable assignment 𝑠 ′ for 𝔐 which differs from 𝑠 at most in what it assigns to 𝑥
is called an 𝑥-variant of 𝑠. If 𝑠 ′ is an 𝑥-variant of 𝑠 we write 𝑠 ′ ∼𝑥 𝑠.

Note that an 𝑥-variant of an assignment 𝑠 does not have to assign something

different to 𝑥. In fact, every assignment counts as an 𝑥-variant of itself.
Definition 4.39. If 𝑠 is a variable assignment for a structure 𝔐 and 𝑚 ∈ |𝔐|, then
the assignment 𝑠 [𝑚/𝑥] is the variable assignment defined by
(
𝑚 if 𝑦 ≡ 𝑥
𝑠 [𝑚/𝑥] (𝑦) =
𝑠 (𝑦) otherwise.

In other words, 𝑠 [𝑚/𝑥] is the particular 𝑥-variant of 𝑠 which assigns the domain
element 𝑚 to 𝑥, and assigns the same things to variables other than 𝑥 that 𝑠 does.
Definition 4.40 (Satisfaction). Satisfaction of a formula 𝜑 in a structure 𝔐 relative
to a variable assignment 𝑠, in symbols: 𝔐, 𝑠 ⊨ 𝜑, is defined recursively as follows. (We
write 𝔐, 𝑠 ⊭ 𝜑 to mean “not 𝔐, 𝑠 ⊨ 𝜑.”)
1. 𝜑 ≡ ⊥: 𝔐, 𝑠 ⊭ 𝜑.
2. 𝜑 ≡ 𝑅(𝑡 1, . . . , 𝑡𝑛 ): 𝔐, 𝑠 ⊨ 𝜑 iff ⟨Val𝑠𝔐 (𝑡 1 ), . . . , Val𝑠𝔐 (𝑡𝑛 )⟩ ∈ 𝑅 𝔐 .
3. 𝜑 ≡ 𝑡 1 = 𝑡 2 : 𝔐, 𝑠 ⊨ 𝜑 iff Val𝑠𝔐 (𝑡 1 ) = Val𝑠𝔐 (𝑡 2 ).
4. 𝜑 ≡ ¬𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff 𝔐, 𝑠 ⊭ 𝜓 .
5. 𝜑 ≡ (𝜓 ∧ 𝜒): 𝔐, 𝑠 ⊨ 𝜑 iff 𝔐, 𝑠 ⊨ 𝜓 and 𝔐, 𝑠 ⊨ 𝜒.
6. 𝜑 ≡ (𝜓 ∨ 𝜒): 𝔐, 𝑠 ⊨ 𝜑 iff 𝔐, 𝑠 ⊨ 𝜓 or 𝔐, 𝑠 ⊨ 𝜒 (or both).
7. 𝜑 ≡ (𝜓 → 𝜒): 𝔐, 𝑠 ⊨ 𝜑 iff 𝔐, 𝑠 ⊭ 𝜓 or 𝔐, 𝑠 ⊨ 𝜒 (or both).
8. 𝜑 ≡ ∀𝑥 𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff for every element 𝑚 ∈ |𝔐|, 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝜓 .
9. 𝜑 ≡ ∃𝑥 𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff for at least one element 𝑚 ∈ |𝔐|, 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝜓 .

The variable assignments are important in the last two clauses. We cannot define
satisfaction of ∀𝑥 𝜓 (𝑥) by “for all 𝑚 ∈ |𝔐|, 𝔐 ⊨ 𝜓 (𝑚).” We cannot define satisfaction
of ∃𝑥 𝜓 (𝑥) by “for at least one 𝑚 ∈ |𝔐|, 𝔐 ⊨ 𝜓 (𝑚).” The reason is that if 𝑚 ∈ |𝔐|,
it is not a symbol of the language, and so 𝜓 (𝑚) is not a formula (that is, 𝜓 [𝑚/𝑥] is
undefined). We also cannot assume that we have constant symbols or terms available
that name every element of 𝔐, since there is nothing in the definition of structures
that requires it. In the standard language, the set of constant symbols is countably
infinite, so if |𝔐| is not countable there aren’t even enough constant symbols to name
every object.
We solve this problem by introducing variable assignments, which allow us to
link variables directly with elements of the domain. Then instead of saying that, e.g.,
∃𝑥 𝜓 (𝑥) is satisfied in 𝔐 iff for at least one 𝑚 ∈ |𝔐|, we say it is satisfied in 𝔐 relative
to 𝑠 iff 𝜓 (𝑥) is satisfied relative to 𝑠 [𝑚/𝑥] for at least one 𝑚 ∈ |𝔐|.
Example 4.41. Let L = {𝑎, 𝑏, 𝑓 , 𝑅} where 𝑎 and 𝑏 are constant symbols, 𝑓 is a
two-place function symbol, and 𝑅 is a two-place predicate symbol. Consider the
structure 𝔐 defined by:

59
4. Syntax and Semantics

1. |𝔐| = {1, 2, 3, 4}
2. 𝑎 𝔐 = 1
3. 𝑏 𝔐 = 2
4. 𝑓 𝔐 (𝑥, 𝑦) = 𝑥 + 𝑦 if 𝑥 + 𝑦 ≤ 3 and = 3 otherwise.
5. 𝑅 𝔐 = {⟨1, 1⟩, ⟨1, 2⟩, ⟨2, 3⟩, ⟨2, 4⟩}
The function 𝑠 (𝑥) = 1 that assigns 1 ∈ |𝔐| to every variable is a variable assignment
for 𝔐.
Then
Val𝑠𝔐 (𝑓 (𝑎, 𝑏)) = 𝑓 𝔐 (Val𝑠𝔐 (𝑎), Val𝑠𝔐 (𝑏)).

Since 𝑎 and 𝑏 are constant symbols, Val𝑠𝔐 (𝑎) = 𝑎 𝔐 = 1 and Val𝑠𝔐 (𝑏) = 𝑏 𝔐 = 2. So

Val𝑠𝔐 (𝑓 (𝑎, 𝑏)) = 𝑓 𝔐 (1, 2) = 1 + 2 = 3.

To compute the value of 𝑓 (𝑓 (𝑎, 𝑏), 𝑎) we have to consider

Val𝑠𝔐 (𝑓 (𝑓 (𝑎, 𝑏), 𝑎)) = 𝑓 𝔐 (Val𝑠𝔐 (𝑓 (𝑎, 𝑏)), Val𝑠𝔐 (𝑎)) = 𝑓 𝔐 (3, 1) = 3,

since 3 + 1 > 3. Since 𝑠 (𝑥) = 1 and Val𝑠𝔐 (𝑥) = 𝑠 (𝑥), we also have

Val𝑠𝔐 (𝑓 (𝑓 (𝑎, 𝑏), 𝑥)) = 𝑓 𝔐 (Val𝑠𝔐 (𝑓 (𝑎, 𝑏)), Val𝑠𝔐 (𝑥)) = 𝑓 𝔐 (3, 1) = 3,
An atomic formula 𝑅(𝑡 1, 𝑡 2 ) is satisfied if the tuple of values of its arguments, i.e.,
⟨Val𝑠𝔐 (𝑡 1 ), Val𝑠𝔐 (𝑡 2 )⟩, is an element of 𝑅 𝔐 . So, e.g., we have 𝔐, 𝑠 ⊨ 𝑅(𝑏, 𝑓 (𝑎, 𝑏)) since
⟨Val𝔐 (𝑏), Val𝔐 (𝑓 (𝑎, 𝑏))⟩ = ⟨2, 3⟩ ∈ 𝑅 𝔐 , but 𝔐, 𝑠 ⊭ 𝑅(𝑥, 𝑓 (𝑎, 𝑏)) since ⟨1, 3⟩ ∉ 𝑅 𝔐 [𝑠].
To determine if a non-atomic formula 𝜑 is satisfied, you apply the clauses in
the inductive definition that applies to the main connective. For instance, the main
connective in 𝑅(𝑎, 𝑎) → (𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏)) is the →, and
𝔐, 𝑠 ⊨ 𝑅(𝑎, 𝑎) → (𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏)) iff
𝔐, 𝑠 ⊭ 𝑅(𝑎, 𝑎) or 𝔐, 𝑠 ⊨ 𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏)

Since 𝔐, 𝑠 ⊨ 𝑅(𝑎, 𝑎) (because ⟨1, 1⟩ ∈ 𝑅 𝔐 ) we can’t yet determine the answer and
must first figure out if 𝔐, 𝑠 ⊨ 𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏):

𝔐, 𝑠 ⊨ 𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏) iff

𝔐, 𝑠 ⊨ 𝑅(𝑏, 𝑥) or 𝔐, 𝑠 ⊨ 𝑅(𝑥, 𝑏)

And this is the case, since 𝔐, 𝑠 ⊨ 𝑅(𝑥, 𝑏) (because ⟨1, 2⟩ ∈ 𝑅 𝔐 ).

Recall that an 𝑥-variant of 𝑠 is a variable assignment that differs from 𝑠 at most in

what it assigns to 𝑥. For every element of |𝔐|, there is an 𝑥-variant of 𝑠:
𝑠 1 = 𝑠 [1/𝑥], 𝑠 2 = 𝑠 [2/𝑥],
𝑠 3 = 𝑠 [3/𝑥], 𝑠 4 = 𝑠 [4/𝑥].

60
 4.11. Satisfaction of a Formula in a Structure

So, e.g., 𝑠 2 (𝑥) = 2 and 𝑠 2 (𝑦) = 𝑠 (𝑦) = 1 for all variables 𝑦 other than 𝑥. These are all
the 𝑥-variants of 𝑠 for the structure 𝔐, since |𝔐| = {1, 2, 3, 4}. Note, in particular,
that 𝑠 1 = 𝑠 (𝑠 is always an 𝑥-variant of itself).
To determine if an existentially quantified formula ∃𝑥 𝜑 (𝑥) is satisfied, we have
to determine if 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝜑 (𝑥) for at least one 𝑚 ∈ |𝔐|. So,

𝔐, 𝑠 ⊨ ∃𝑥 (𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏)),

since 𝔐, 𝑠 [1/𝑥] ⊨ 𝑅(𝑏, 𝑥) ∨ 𝑅(𝑥, 𝑏) (𝑠 [3/𝑥] would also fit the bill). But,

𝔐, 𝑠 ⊭ ∃𝑥 (𝑅(𝑏, 𝑥) ∧ 𝑅(𝑥, 𝑏))

since, whichever 𝑚 ∈ |𝔐| we pick, 𝔐, 𝑠 [𝑚/𝑥] ⊭ 𝑅(𝑏, 𝑥) ∧ 𝑅(𝑥, 𝑏).

To determine if a universally quantified formula ∀𝑥 𝜑 (𝑥) is satisfied, we have to
determine if 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝜑 (𝑥) for all 𝑚 ∈ |𝔐|. So,

𝔐, 𝑠 ⊨ ∀𝑥 (𝑅(𝑥, 𝑎) → 𝑅(𝑎, 𝑥)),

since 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝑅(𝑥, 𝑎) → 𝑅(𝑎, 𝑥) for all 𝑚 ∈ |𝔐|. For 𝑚 = 1, we have 𝔐, 𝑠 [1/𝑥] ⊨
𝑅(𝑎, 𝑥) so the consequent is true; for 𝑚 = 2, 3, and 4, we have 𝔐, 𝑠 [𝑚/𝑥] ⊭ 𝑅(𝑥, 𝑎),
so the antecedent is false. But,

𝔐, 𝑠 ⊭ ∀𝑥 (𝑅(𝑎, 𝑥) → 𝑅(𝑥, 𝑎))

since 𝔐, 𝑠 [2/𝑥] ⊭ 𝑅(𝑎, 𝑥) → 𝑅(𝑥, 𝑎) (because 𝔐, 𝑠 [2/𝑥] ⊨ 𝑅(𝑎, 𝑥) and 𝔐, 𝑠 [2/𝑥] ⊭

𝑅(𝑥, 𝑎)).
For a more complicated case, consider

∀𝑥 (𝑅(𝑎, 𝑥) → ∃𝑦 𝑅(𝑥, 𝑦)).

Since 𝔐, 𝑠 [3/𝑥] ⊭ 𝑅(𝑎, 𝑥) and 𝔐, 𝑠 [4/𝑥] ⊭ 𝑅(𝑎, 𝑥), the interesting cases where we
have to worry about the consequent of the conditional are only 𝑚 = 1 and = 2.
Does 𝔐, 𝑠 [1/𝑥] ⊨ ∃𝑦 𝑅(𝑥, 𝑦) hold? It does if there is at least one 𝑛 ∈ |𝔐| so that
𝔐, 𝑠 [1/𝑥] [𝑛/𝑦] ⊨ 𝑅(𝑥, 𝑦). In fact, if we take 𝑛 = 1, we have 𝑠 [1/𝑥] [𝑛/𝑦] = 𝑠 [1/𝑦] = 𝑠.
Since 𝑠 (𝑥) = 1, 𝑠 (𝑦) = 1, and ⟨1, 1⟩ ∈ 𝑅 𝔐 , the answer is yes.
To determine if 𝔐, 𝑠 [2/𝑥] ⊨ ∃𝑦 𝑅(𝑥, 𝑦), we have to look at the variable assign-
ments 𝑠 [2/𝑥] [𝑛/𝑦]. Here, for 𝑛 = 1, this assignment is 𝑠 2 = 𝑠 [2/𝑥], which does not sat-
isfy 𝑅(𝑥, 𝑦) (𝑠 2 (𝑥) = 2, 𝑠 2 (𝑦) = 1, and ⟨2, 1⟩ ∉ 𝑅 𝔐 ). However, consider 𝑠 [2/𝑥] [3/𝑦] =
𝑠 2 [3/𝑦]. 𝔐, 𝑠 2 [3/𝑦] ⊨ 𝑅(𝑥, 𝑦) since ⟨2, 3⟩ ∈ 𝑅 𝔐 , and so 𝔐, 𝑠 2 ⊨ ∃𝑦 𝑅(𝑥, 𝑦).
So, for all 𝑛 ∈ |𝔐|, either 𝔐, 𝑠 [𝑚/𝑥] ⊭ 𝑅(𝑎, 𝑥) (if 𝑚 = 3, 4) or 𝔐, 𝑠 [𝑚/𝑥] ⊨
∃𝑦 𝑅(𝑥, 𝑦) (if 𝑚 = 1, 2), and so

𝔐, 𝑠 ⊨ ∀𝑥 (𝑅(𝑎, 𝑥) → ∃𝑦 𝑅(𝑥, 𝑦)).

On the other hand,

𝔐, 𝑠 ⊭ ∃𝑥 (𝑅(𝑎, 𝑥) ∧ ∀𝑦 𝑅(𝑥, 𝑦)).
We have 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝑅(𝑎, 𝑥) only for 𝑚 = 1 and 𝑚 = 2. But for both of these values
of 𝑚, there is in turn an 𝑛 ∈ |𝔐|, namely 𝑛 = 4, so that 𝔐, 𝑠 [𝑚/𝑥] [𝑛/𝑦] ⊭ 𝑅(𝑥, 𝑦)
and so 𝔐, 𝑠 [𝑚/𝑥] ⊭ ∀𝑦 𝑅(𝑥, 𝑦) for 𝑚 = 1 and 𝑚 = 2. In sum, there is no 𝑚 ∈ |𝔐| such
that 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝑅(𝑎, 𝑥) ∧ ∀𝑦 𝑅(𝑥, 𝑦).

61
4. Syntax and Semantics

4.12 Variable Assignments

A variable assignment 𝑠 provides a value for every variable—and there are infinitely
many of them. This is of course not necessary. We require variable assignments to
assign values to all variables simply because it makes things a lot easier. The value of
a term 𝑡, and whether or not a formula 𝜑 is satisfied in a structure with respect to 𝑠,
only depend on the assignments 𝑠 makes to the variables in 𝑡 and the free variables
of 𝜑. This is the content of the next two propositions. To make the idea of “depends
on” precise, we show that any two variable assignments that agree on all the variables
in 𝑡 give the same value, and that 𝜑 is satisfied relative to one iff it is satisfied relative
to the other if two variable assignments agree on all free variables of 𝜑.

Proposition 4.42. If the variables in a term 𝑡 are among 𝑥 1 , . . . , 𝑥𝑛 , and 𝑠 1 (𝑥𝑖 ) = 𝑠 2 (𝑥𝑖 )
for 𝑖 = 1, . . . , 𝑛, then Val𝑠𝔐1 (𝑡) = Val𝑠𝔐2 (𝑡).

Proof. By induction on the complexity of 𝑡. For the base case, 𝑡 can be a constant
symbol or one of the variables 𝑥 1 , . . . , 𝑥𝑛 . If 𝑡 = 𝑐, then Val𝑠𝔐1 (𝑡) = 𝑐 𝔐 = Val𝑠𝔐2 (𝑡). If
𝑡 = 𝑥𝑖 , 𝑠 1 (𝑥𝑖 ) = 𝑠 2 (𝑥𝑖 ) by the hypothesis of the proposition, and so Val𝑠𝔐1 (𝑡) = 𝑠 1 (𝑥𝑖 ) =
𝑠 2 (𝑥𝑖 ) = Val𝑠𝔐2 (𝑡).
For the inductive step, assume that 𝑡 = 𝑓 (𝑡 1, . . . , 𝑡𝑘 ) and that the claim holds for
𝑡 1 , . . . , 𝑡𝑘 . Then

Val𝑠𝔐1 (𝑡) = Val𝑠𝔐1 (𝑓 (𝑡 1, . . . , 𝑡𝑘 )) =

= 𝑓 𝔐 (Val𝑠𝔐1 (𝑡 1 ), . . . , Val𝑠𝔐1 (𝑡𝑘 ))

For 𝑗 = 1, . . . , 𝑘, the variables of 𝑡 𝑗 are among 𝑥 1 , . . . , 𝑥𝑛 . By induction hypothesis,

Val𝑠𝔐1 (𝑡 𝑗 ) = Val𝑠𝔐2 (𝑡 𝑗 ). So,

Val𝑠𝔐1 (𝑡) = Val𝑠𝔐1 (𝑓 (𝑡 1, . . . , 𝑡𝑘 )) =

= 𝑓 𝔐 (Val𝑠𝔐1 (𝑡 1 ), . . . , Val𝑠𝔐1 (𝑡𝑘 )) =
= 𝑓 𝔐 (Val𝑠𝔐2 (𝑡 1 ), . . . , Val𝑠𝔐2 (𝑡𝑘 )) =
= Val𝑠𝔐2 (𝑓 (𝑡 1, . . . , 𝑡𝑘 )) = Val𝑠𝔐2 (𝑡). □

Proposition 4.43. If the free variables in 𝜑 are among 𝑥 1 , . . . , 𝑥𝑛 , and 𝑠 1 (𝑥𝑖 ) = 𝑠 2 (𝑥𝑖 )
for 𝑖 = 1, . . . , 𝑛, then 𝔐, 𝑠 1 ⊨ 𝜑 iff 𝔐, 𝑠 2 ⊨ 𝜑.

Proof. We use induction on the complexity of 𝜑. For the base case, where 𝜑 is atomic,
𝜑 can be: ⊥, 𝑅(𝑡 1, . . . , 𝑡𝑘 ) for a 𝑘-place predicate 𝑅 and terms 𝑡 1 , . . . , 𝑡𝑘 , or 𝑡 1 = 𝑡 2 for
terms 𝑡 1 and 𝑡 2 .

1. 𝜑 ≡ ⊥: both 𝔐, 𝑠 1 ⊭ 𝜑 and 𝔐, 𝑠 2 ⊭ 𝜑.

2. 𝜑 ≡ 𝑅(𝑡 1, . . . , 𝑡𝑘 ): let 𝔐, 𝑠 1 ⊨ 𝜑. Then

⟨Val𝑠𝔐1 (𝑡 1 ), . . . , Val𝑠𝔐1 (𝑡𝑘 )⟩ ∈ 𝑅 𝔐 .

For 𝑖 = 1, . . . , 𝑘, Val𝑠𝔐1 (𝑡𝑖 ) = Val𝑠𝔐2 (𝑡𝑖 ) by Proposition 4.42. So we also have

⟨Val𝑠𝔐2 (𝑡𝑖 ), . . . , Val𝑠𝔐2 (𝑡𝑘 )⟩ ∈ 𝑅 𝔐 .

62
 4.12. Variable Assignments

3. 𝜑 ≡ 𝑡 1 = 𝑡 2 : suppose 𝔐, 𝑠 1 ⊨ 𝜑. Then Val𝑠𝔐1 (𝑡 1 ) = Val𝑠𝔐1 (𝑡 2 ). So,

Val𝑠𝔐2 (𝑡 1 ) = Val𝑠𝔐1 (𝑡 1 ) (by Proposition 4.42)

= Val𝑠𝔐1 (𝑡 2 ) (since 𝔐, 𝑠 1 ⊨ 𝑡 1 = 𝑡 2 )
= Val𝑠𝔐2 (𝑡 2 ) (by Proposition 4.42),

so 𝔐, 𝑠 2 ⊨ 𝑡 1 = 𝑡 2 .

Now assume 𝔐, 𝑠 1 ⊨ 𝜓 iff 𝔐, 𝑠 2 ⊨ 𝜓 for all formulas 𝜓 less complex than 𝜑. The
induction step proceeds by cases determined by the main operator of 𝜑. In each
case, we only demonstrate the forward direction of the biconditional; the proof of
the reverse direction is symmetrical. In all cases except those for the quantifiers, we
apply the induction hypothesis to sub-formulas 𝜓 of 𝜑. The free variables of 𝜓 are
among those of 𝜑. Thus, if 𝑠 1 and 𝑠 2 agree on the free variables of 𝜑, they also agree
on those of 𝜓 , and the induction hypothesis applies to 𝜓 .

1. 𝜑 ≡ ¬𝜓 : if 𝔐, 𝑠 1 ⊨ 𝜑, then 𝔐, 𝑠 1 ⊭ 𝜓 , so by the induction hypothesis, 𝔐, 𝑠 2 ⊭ 𝜓 ,

hence 𝔐, 𝑠 2 ⊨ 𝜑.
2. 𝜑 ≡ 𝜓 ∧ 𝜒: if 𝔐, 𝑠 1 ⊨ 𝜑, then 𝔐, 𝑠 1 ⊨ 𝜓 and 𝔐, 𝑠 1 ⊨ 𝜒, so by induction hypothesis,
𝔐, 𝑠 2 ⊨ 𝜓 and 𝔐, 𝑠 2 ⊨ 𝜒. Hence, 𝔐, 𝑠 2 ⊨ 𝜑.
3. 𝜑 ≡ 𝜓 ∨ 𝜒: if 𝔐, 𝑠 1 ⊨ 𝜑, then 𝔐, 𝑠 1 ⊨ 𝜓 or 𝔐, 𝑠 1 ⊨ 𝜒. By induction hypothesis,
𝔐, 𝑠 2 ⊨ 𝜓 or 𝔐, 𝑠 2 ⊨ 𝜒, so 𝔐, 𝑠 2 ⊨ 𝜑.
4. 𝜑 ≡ 𝜓 → 𝜒: if 𝔐, 𝑠 1 ⊨ 𝜑, then 𝔐, 𝑠 1 ⊭ 𝜓 or 𝔐, 𝑠 1 ⊨ 𝜒. By the induction
hypothesis, 𝔐, 𝑠 2 ⊭ 𝜓 or 𝔐, 𝑠 2 ⊨ 𝜒, so 𝔐, 𝑠 2 ⊨ 𝜑.
5. 𝜑 ≡ ∃𝑥 𝜓 : if 𝔐, 𝑠 1 ⊨ 𝜑, there is an 𝑚 ∈ |𝔐| so that 𝔐, 𝑠 1 [𝑚/𝑥] ⊨ 𝜓 . Let
𝑠 1′ = 𝑠 1 [𝑚/𝑥] and 𝑠 2′ = 𝑠 2 [𝑚/𝑥]. The free variables of 𝜓 are among 𝑥 1 , . . . , 𝑥𝑛 ,
and 𝑥. 𝑠 1′ (𝑥𝑖 ) = 𝑠 2′ (𝑥𝑖 ), since 𝑠 1′ and 𝑠 2′ are 𝑥-variants of 𝑠 1 and 𝑠 2 , respectively, and
by hypothesis 𝑠 1 (𝑥𝑖 ) = 𝑠 2 (𝑥𝑖 ). 𝑠 1′ (𝑥) = 𝑠 2′ (𝑥) = 𝑚 by the way we have defined
𝑠 1′ and 𝑠 2′ . Then the induction hypothesis applies to 𝜓 and 𝑠 1′ , 𝑠 2′ , so 𝔐, 𝑠 2′ ⊨ 𝜓 .
Hence, since 𝑠 2′ = 𝑠 2 [𝑚/𝑥], there is an 𝑚 ∈ |𝔐| such that 𝔐, 𝑠 2 [𝑚/𝑥] ⊨ 𝜓 , and
so 𝔐, 𝑠 2 ⊨ 𝜑.
6. 𝜑 ≡ ∀𝑥 𝜓 : if 𝔐, 𝑠 1 ⊨ 𝜑, then for every 𝑚 ∈ |𝔐|, 𝔐, 𝑠 1 [𝑚/𝑥] ⊨ 𝜓 . We want
to show that also, for every 𝑚 ∈ |𝔐|, 𝔐, 𝑠 2 [𝑚/𝑥] ⊨ 𝜓 . So let 𝑚 ∈ |𝔐| be
arbitrary, and consider 𝑠 1′ = 𝑠 [𝑚/𝑥] and 𝑠 2′ = 𝑠 [𝑚/𝑥]. We have that 𝔐, 𝑠 1′ ⊨ 𝜓 .
The free variables of 𝜓 are among 𝑥 1 , . . . , 𝑥𝑛 , and 𝑥. 𝑠 1′ (𝑥𝑖 ) = 𝑠 2′ (𝑥𝑖 ), since 𝑠 1′ and
𝑠 2′ are 𝑥-variants of 𝑠 1 and 𝑠 2 , respectively, and by hypothesis 𝑠 1 (𝑥𝑖 ) = 𝑠 2 (𝑥𝑖 ).
𝑠 1′ (𝑥) = 𝑠 2′ (𝑥) = 𝑚 by the way we have defined 𝑠 1′ and 𝑠 2′ . Then the induction
hypothesis applies to 𝜓 and 𝑠 1′ , 𝑠 2′ , and we have 𝔐, 𝑠 2′ ⊨ 𝜓 . This applies to every
𝑚 ∈ |𝔐|, i.e., 𝔐, 𝑠 2 [𝑚/𝑥] ⊨ 𝜓 for all 𝑚 ∈ |𝔐|, so 𝔐, 𝑠 2 ⊨ 𝜑.

By induction, we get that 𝔐, 𝑠 1 ⊨ 𝜑 iff 𝔐, 𝑠 2 ⊨ 𝜑 whenever the free variables in 𝜑 are

among 𝑥 1 , . . . , 𝑥𝑛 and 𝑠 1 (𝑥𝑖 ) = 𝑠 2 (𝑥𝑖 ) for 𝑖 = 1, . . . , 𝑛. □

Sentences have no free variables, so any two variable assignments assign the same
things to all the (zero) free variables of any sentence. The proposition just proved
then means that whether or not a sentence is satisfied in a structure relative to a
variable assignment is completely independent of the assignment. We’ll record this

63
4. Syntax and Semantics

fact. It justifies the definition of satisfaction of a sentence in a structure (without

mentioning a variable assignment) that follows.

Corollary 4.44. If 𝜑 is a sentence and 𝑠 a variable assignment, then 𝔐, 𝑠 ⊨ 𝜑 iff

𝔐, 𝑠 ′ ⊨ 𝜑 for every variable assignment 𝑠 ′ .

Proof. Let 𝑠 ′ be any variable assignment. Since 𝜑 is a sentence, it has no free variables,
and so every variable assignment 𝑠 ′ trivially assigns the same things to all free
variables of 𝜑 as does 𝑠. So the condition of Proposition 4.43 is satisfied, and we have
𝔐, 𝑠 ⊨ 𝜑 iff 𝔐, 𝑠 ′ ⊨ 𝜑. □

Definition 4.45. If 𝜑 is a sentence, we say that a structure 𝔐 satisfies 𝜑, 𝔐 ⊨ 𝜑, iff

𝔐, 𝑠 ⊨ 𝜑 for all variable assignments 𝑠.

If 𝔐 ⊨ 𝜑, we also simply say that 𝜑 is true in 𝔐.

Proposition 4.46. Let 𝔐 be a structure, 𝜑 be a sentence, and 𝑠 a variable assignment.

𝔐 ⊨ 𝜑 iff 𝔐, 𝑠 ⊨ 𝜑.

Proof. Exercise. □

Proposition 4.47. Suppose 𝜑 (𝑥) only contains 𝑥 free, and 𝔐 is a structure. Then:

1. 𝔐 ⊨ ∃𝑥 𝜑 (𝑥) iff 𝔐, 𝑠 ⊨ 𝜑 (𝑥) for at least one variable assignment 𝑠.

2. 𝔐 ⊨ ∀𝑥 𝜑 (𝑥) iff 𝔐, 𝑠 ⊨ 𝜑 (𝑥) for all variable assignments 𝑠.

Proof. Exercise. □

4.13 Extensionality
Extensionality, sometimes called relevance, can be expressed informally as follows:
the only factors that bear upon the satisfaction of formula 𝜑 in a structure 𝔐 relative
to a variable assignment 𝑠, are the size of the domain and the assignments made by 𝔐
and 𝑠 to the elements of the language that actually appear in 𝜑.
One immediate consequence of extensionality is that where two structures 𝔐
and 𝔐 ′ agree on all the elements of the language appearing in a sentence 𝜑 and have
the same domain, 𝔐 and 𝔐 ′ must also agree on whether or not 𝜑 itself is true.

Proposition 4.48 (Extensionality). Let 𝜑 be a formula, and 𝔐1 and 𝔐2 be structures

with |𝔐1 | = |𝔐2 |, and 𝑠 a variable assignment on |𝔐1 | = |𝔐2 |. If 𝑐 𝔐1 = 𝑐 𝔐2 , 𝑅 𝔐1 =
𝑅 𝔐2 , and 𝑓 𝔐1 = 𝑓 𝔐2 for every constant symbol 𝑐, relation symbol 𝑅, and function
symbol 𝑓 occurring in 𝜑, then 𝔐1, 𝑠 ⊨ 𝜑 iff 𝔐2, 𝑠 ⊨ 𝜑.

Proof. First prove (by induction on 𝑡) that for every term, Val𝑠𝔐1 (𝑡) = Val𝑠𝔐2 (𝑡). Then
prove the proposition by induction on 𝜑, making use of the claim just proved for the
induction basis (where 𝜑 is atomic). □

Corollary 4.49 (Extensionality for Sentences). Let 𝜑 be a sentence and 𝔐1 , 𝔐2

as in Proposition 4.48. Then 𝔐1 ⊨ 𝜑 iff 𝔐2 ⊨ 𝜑.

Proof. Follows from Proposition 4.48 by Corollary 4.44. □

64
 4.14. Semantic Notions

Moreover, the value of a term, and whether or not a structure satisfies a formula,
only depend on the values of its subterms.

Proposition 4.50. Let 𝔐 be a structure, 𝑡 and 𝑡 ′ terms, and 𝑠 a variable assignment.

Then Val𝑠𝔐 (𝑡 [𝑡 ′ /𝑥]) = Val𝔐 𝔐 ′ (𝑡).
𝑠 [Val𝑠 (𝑡 )/𝑥 ]

Proof. By induction on 𝑡.

1. If 𝑡 is a constant, say, 𝑡 ≡ 𝑐, then 𝑡 [𝑡 ′ /𝑥] = 𝑐, and Val𝑠𝔐 (𝑐) = 𝑐 𝔐 = Val𝔐 (𝑐).

𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥 ]

2. If 𝑡 is a variable other than 𝑥, say, 𝑡 ≡ 𝑦, then 𝑡 [𝑡 ′ /𝑥] = 𝑦, and Val𝑠𝔐 (𝑦) =

Val𝔐 𝔐 ′ (𝑦) since 𝑠 ∼𝑥 𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥].
𝑠 [Val𝑠 (𝑡 )/𝑥 ]

3. If 𝑡 ≡ 𝑥, then 𝑡 [𝑡 ′ /𝑥] = 𝑡 ′ . But Val𝔐 (𝑥) = Val𝑠𝔐 (𝑡 ′ ) by definition

𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥 ]
of 𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥].

4. If 𝑡 ≡ 𝑓 (𝑡 1, . . . , 𝑡𝑛 ) then we have:

Val𝑠𝔐 (𝑡 [𝑡 ′ /𝑥]) =
= Val𝑠𝔐 (𝑓 (𝑡 1 [𝑡 ′ /𝑥], . . . , 𝑡𝑛 [𝑡 ′ /𝑥]))
by definition of 𝑡 [𝑡 ′ /𝑥]
= 𝑓 𝔐 (Val𝑠𝔐 (𝑡 1 [𝑡 ′ /𝑥]), . . . , Val𝑠𝔐 (𝑡𝑛 [𝑡 ′ /𝑥]))
by definition of Val𝑠𝔐 (𝑓 (. . . ))
= 𝑓 𝔐 (Val𝔐 (𝑡 1 ), . . . , Val𝔐 (𝑡𝑛 ))
𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥 ] 𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥 ]
by induction hypothesis
= Val𝔐 (𝑡) by definition of Val𝔐 (𝑓 (. . . )) □
𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥 ] 𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥 ]

Proposition 4.51. Let 𝔐 be a structure, 𝜑 a formula, 𝑡 ′ a term, and 𝑠 a variable

assignment. Then 𝔐, 𝑠 ⊨ 𝜑 [𝑡 ′ /𝑥] iff 𝔐, 𝑠 [Val𝑠𝔐 (𝑡 ′ )/𝑥] ⊨ 𝜑.

Proof. Exercise. □

The point of Propositions 4.50 and 4.51 is the following. Suppose we have a term
𝑡 or a formula 𝜑 and some term 𝑡 ′ , and we want to know the value of 𝑡 [𝑡 ′ /𝑥] or
whether or not 𝜑 [𝑡 ′ /𝑥] is satisfied in a structure 𝔐 relative to a variable assignment 𝑠.
Then we can either perform the substitution first and then consider the value or
satisfaction relative to 𝔐 and 𝑠, or we can first determine the value 𝑚 = Val𝑠𝔐 (𝑡 ′ ) of
𝑡 ′ in 𝔐 relative to 𝑠, change the variable assignment to 𝑠 [𝑚/𝑥] and then consider the
value of 𝑡 in 𝔐 and 𝑠 [𝑚/𝑥], or whether 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝜑. Propositions 4.50 and 4.51
guarantee that the answer will be the same, whichever way we do it.

4.14 Semantic Notions

Given the definition of structures for first-order languages, we can define some basic
semantic properties of and relationships between sentences. The simplest of these
is the notion of validity of a sentence. A sentence is valid if it is satisfied in every

65
4. Syntax and Semantics

structure. Valid sentences are those that are satisfied regardless of how the non-
logical symbols in it are interpreted. Valid sentences are therefore also called logical
truths—they are true, i.e., satisfied, in any structure and hence their truth depends
only on the logical symbols occurring in them and their syntactic structure, but not
on the non-logical symbols or their interpretation.

Definition 4.52 (Validity). A sentence 𝜑 is valid, ⊨ 𝜑, iff 𝔐 ⊨ 𝜑 for every struc-

ture 𝔐.

Definition 4.53 (Entailment). A set of sentences Γ entails a sentence 𝜑, Γ ⊨ 𝜑, iff

for every structure 𝔐 with 𝔐 ⊨ Γ, 𝔐 ⊨ 𝜑.

Definition 4.54 (Satisfiability). A set of sentences Γ is satisfiable if 𝔐 ⊨ Γ for some

structure 𝔐. If Γ is not satisfiable it is called unsatisfiable.

Proposition 4.55. A sentence 𝜑 is valid iff Γ ⊨ 𝜑 for every set of sentences Γ.

Proof. For the forward direction, let 𝜑 be valid, and let Γ be a set of sentences. Let 𝔐
be a structure so that 𝔐 ⊨ Γ. Since 𝜑 is valid, 𝔐 ⊨ 𝜑, hence Γ ⊨ 𝜑.
For the contrapositive of the reverse direction, let 𝜑 be invalid, so there is a struc-
ture 𝔐 with 𝔐 ⊭ 𝜑. When Γ = {⊤}, since ⊤ is valid, 𝔐 ⊨ Γ. Hence, there is
a structure 𝔐 so that 𝔐 ⊨ Γ but 𝔐 ⊭ 𝜑, hence Γ does not entail 𝜑. □

Proposition 4.56. Γ ⊨ 𝜑 iff Γ ∪ {¬𝜑 } is unsatisfiable.

Proof. For the forward direction, suppose Γ ⊨ 𝜑 and suppose to the contrary that
there is a structure 𝔐 so that 𝔐 ⊨ Γ ∪ {¬𝜑 }. Since 𝔐 ⊨ Γ and Γ ⊨ 𝜑, 𝔐 ⊨ 𝜑. Also,
since 𝔐 ⊨ Γ ∪ {¬𝜑 }, 𝔐 ⊨ ¬𝜑, so we have both 𝔐 ⊨ 𝜑 and 𝔐 ⊭ 𝜑, a contradiction.
Hence, there can be no such structure 𝔐, so Γ ∪ {¬𝜑 } is unsatisfiable.
For the reverse direction, suppose Γ ∪ {¬𝜑 } is unsatisfiable. So for every struc-
ture 𝔐, either 𝔐 ⊭ Γ or 𝔐 ⊨ 𝜑. Hence, for every structure 𝔐 with 𝔐 ⊨ Γ, 𝔐 ⊨ 𝜑, so
Γ ⊨ 𝜑. □

Proposition 4.57. If Γ ⊆ Γ ′ and Γ ⊨ 𝜑, then Γ ′ ⊨ 𝜑.

Proof. Suppose that Γ ⊆ Γ ′ and Γ ⊨ 𝜑. Let 𝔐 be a structure such that 𝔐 ⊨ Γ ′ ; then

𝔐 ⊨ Γ, and since Γ ⊨ 𝜑, we get that 𝔐 ⊨ 𝜑. Hence, whenever 𝔐 ⊨ Γ ′ , 𝔐 ⊨ 𝜑, so
Γ ′ ⊨ 𝜑. □

Theorem 4.58 (Semantic Deduction Theorem). Γ ∪ {𝜑 } ⊨ 𝜓 iff Γ ⊨ 𝜑 → 𝜓 .

Proof. For the forward direction, let Γ ∪ {𝜑 } ⊨ 𝜓 and let 𝔐 be a structure so that
𝔐 ⊨ Γ. If 𝔐 ⊨ 𝜑, then 𝔐 ⊨ Γ ∪ {𝜑 }, so since Γ ∪ {𝜑 } entails 𝜓 , we get 𝔐 ⊨ 𝜓 .
Therefore, 𝔐 ⊨ 𝜑 → 𝜓 , so Γ ⊨ 𝜑 → 𝜓 .
For the reverse direction, let Γ ⊨ 𝜑 →𝜓 and 𝔐 be a structure so that 𝔐 ⊨ Γ ∪ {𝜑 }.
Then 𝔐 ⊨ Γ, so 𝔐 ⊨ 𝜑 → 𝜓 , and since 𝔐 ⊨ 𝜑, 𝔐 ⊨ 𝜓 . Hence, whenever 𝔐 ⊨ Γ ∪ {𝜑 },
𝔐 ⊨ 𝜓 , so Γ ∪ {𝜑 } ⊨ 𝜓 . □

Proposition 4.59. Let 𝔐 be a structure, and 𝜑 (𝑥) a formula with one free variable 𝑥,
and 𝑡 a closed term. Then:

1. 𝜑 (𝑡) ⊨ ∃𝑥 𝜑 (𝑥)

66
 4.14. Semantic Notions

2. ∀𝑥 𝜑 (𝑥) ⊨ 𝜑 (𝑡)

Proof. 1. Suppose 𝔐 ⊨ 𝜑 (𝑡). Let 𝑠 be a variable assignment with 𝑠 (𝑥) = Val𝔐 (𝑡).
Then 𝔐, 𝑠 ⊨ 𝜑 (𝑡) since 𝜑 (𝑡) is a sentence. By Proposition 4.51, 𝔐, 𝑠 ⊨ 𝜑 (𝑥). By
Proposition 4.47, 𝔐 ⊨ ∃𝑥 𝜑 (𝑥).

2. Suppose 𝔐 ⊨ ∀𝑥 𝜑 (𝑥). Let 𝑠 be a variable assignment with 𝑠 (𝑥) = Val𝔐 (𝑡). By

Proposition 4.47, 𝔐, 𝑠 ⊨ 𝜑 (𝑥). By Proposition 4.51, 𝔐, 𝑠 ⊨ 𝜑 (𝑡). By Proposi-
tion 4.46, 𝔐 ⊨ 𝜑 (𝑡) since 𝜑 (𝑡) is a sentence. □

Problems
Problem 4.1. Prove Lemma 4.8.

Problem 4.2. Prove that for any term 𝑡, 𝑙 (𝑡) = 𝑟 (𝑡).

Problem 4.3. Prove Lemma 4.12.

Problem 4.4. Prove Proposition 4.13 (Hint: Formulate and prove a version of
Lemma 4.12 for terms.)

Problem 4.5. Prove Proposition 4.19.

Problem 4.6. Prove Proposition 4.20.

Problem 4.7. Give an inductive definition of the bound variable occurrences along
the lines of Definition 4.21.

Problem 4.8. Is 𝔑, the standard model of arithmetic, covered? Explain.

Problem 4.9. Let L = {𝑐, 𝑓 , 𝐴} with one constant symbol, one one-place function
symbol and one two-place predicate symbol, and let the structure 𝔐 be given by

1. |𝔐| = {1, 2, 3}

2. 𝑐 𝔐 = 3

3. 𝑓 𝔐 (1) = 2, 𝑓 𝔐 (2) = 3, 𝑓 𝔐 (3) = 2

4. 𝐴𝔐 = {⟨1, 2⟩, ⟨2, 3⟩, ⟨3, 3⟩}

(a) Let 𝑠 (𝑣) = 1 for all variables 𝑣. Find out whether

𝔐, 𝑠 ⊨ ∃𝑥 (𝐴(𝑓 (𝑧), 𝑐) → ∀𝑦 (𝐴(𝑦, 𝑥) ∨ 𝐴(𝑓 (𝑦), 𝑥)))

Explain why or why not.

(b) Give a different structure and variable assignment in which the formula is not
satisfied.

Problem 4.10. Complete the proof of Proposition 4.43.

Problem 4.11. Prove Proposition 4.46

67
4. Syntax and Semantics

Problem 4.12. Prove Proposition 4.47.

Problem 4.13. Suppose L is a language without function symbols. Given a struc-

ture 𝔐, 𝑐 a constant symbol and 𝑎 ∈ |𝔐|, define 𝔐[𝑎/𝑐] to be the structure that is
just like 𝔐, except that 𝑐 𝔐[𝑎/𝑐 ] = 𝑎. Define 𝔐 ||= 𝜑 for sentences 𝜑 by:

1. 𝜑 ≡ ⊥: not 𝔐 ||= 𝜑.
2. 𝜑 ≡ 𝑅(𝑑 1, . . . , 𝑑𝑛 ): 𝔐 ||= 𝜑 iff ⟨𝑑 1𝔐 , . . . , 𝑑𝑛𝔐 ⟩ ∈ 𝑅 𝔐 .

3. 𝜑 ≡ 𝑑 1 = 𝑑 2 : 𝔐 ||= 𝜑 iff 𝑑 1𝔐 = 𝑑 2𝔐 .
4. 𝜑 ≡ ¬𝜓 : 𝔐 ||= 𝜑 iff not 𝔐 ||= 𝜓 .
5. 𝜑 ≡ (𝜓 ∧ 𝜒): 𝔐 ||= 𝜑 iff 𝔐 ||= 𝜓 and 𝔐 ||= 𝜒.
6. 𝜑 ≡ (𝜓 ∨ 𝜒): 𝔐 ||= 𝜑 iff 𝔐 ||= 𝜓 or 𝔐 ||= 𝜒 (or both).
7. 𝜑 ≡ (𝜓 → 𝜒): 𝔐 ||= 𝜑 iff not 𝔐 ||= 𝜓 or 𝔐 ||= 𝜒 (or both).
8. 𝜑 ≡ ∀𝑥 𝜓 : 𝔐 ||= 𝜑 iff for all 𝑎 ∈ |𝔐|, 𝔐[𝑎/𝑐] ||= 𝜓 [𝑐/𝑥], if 𝑐 does not occur
in 𝜓 .
9. 𝜑 ≡ ∃𝑥 𝜓 : 𝔐 ||= 𝜑 iff there is an 𝑎 ∈ |𝔐| such that 𝔐[𝑎/𝑐] ||= 𝜓 [𝑐/𝑥], if 𝑐
does not occur in 𝜓 .

Let 𝑥 1 , . . . , 𝑥𝑛 be all free variables in 𝜑, 𝑐 1 , . . . , 𝑐𝑛 constant symbols not in 𝜑, 𝑎 1 , . . . ,

𝑎𝑛 ∈ |𝔐|, and 𝑠 (𝑥𝑖 ) = 𝑎𝑖 .
Show that 𝔐, 𝑠 ⊨ 𝜑 iff 𝔐[𝑎 1 /𝑐 1, . . . , 𝑎𝑛 /𝑐𝑛 ] ||= 𝜑 [𝑐 1 /𝑥 1 ] . . . [𝑐𝑛 /𝑥𝑛 ].
(This problem shows that it is possible to give a semantics for first-order logic
that makes do without variable assignments.)

Problem 4.14. Suppose that 𝑓 is a function symbol not in 𝜑 (𝑥, 𝑦). Show that there
is a structure 𝔐 such that 𝔐 ⊨ ∀𝑥 ∃𝑦 𝜑 (𝑥, 𝑦) iff there is an 𝔐 ′ such that 𝔐 ′ ⊨
∀𝑥 𝜑 (𝑥, 𝑓 (𝑥)).
(This problem is a special case of what’s known as Skolem’s Theorem; ∀𝑥 𝜑 (𝑥, 𝑓 (𝑥))
is called a Skolem normal form of ∀𝑥 ∃𝑦 𝜑 (𝑥, 𝑦).)

Problem 4.15. Carry out the proof of Proposition 4.48 in detail.

Problem 4.16. Prove Proposition 4.51

Problem 4.17. 1. Show that Γ ⊨ ⊥ iff Γ is unsatisfiable.

2. Show that Γ ∪ {𝜑 } ⊨ ⊥ iff Γ ⊨ ¬𝜑.
3. Suppose 𝑐 does not occur in 𝜑 or Γ. Show that Γ ⊨ ∀𝑥 𝜑 iff Γ ⊨ 𝜑 [𝑐/𝑥].

Problem 4.18. Complete the proof of Proposition 4.59.

68
Chapter 5

Theories and Their Models

5.1 Introduction
The development of the axiomatic method is a significant achievement in the history
of science, and is of special importance in the history of mathematics. An axiomatic
development of a field involves the clarification of many questions: What is the field
about? What are the most fundamental concepts? How are they related? Can all the
concepts of the field be defined in terms of these fundamental concepts? What laws
do, and must, these concepts obey?
The axiomatic method and logic were made for each other. Formal logic provides
the tools for formulating axiomatic theories, for proving theorems from the axioms
of the theory in a precisely specified way, for studying the properties of all systems
satisfying the axioms in a systematic way.

Definition 5.1. A set of sentences Γ is closed iff, whenever Γ ⊨ 𝜑 then 𝜑 ∈ Γ. The

closure of a set of sentences Γ is {𝜑 | Γ ⊨ 𝜑 }.
We say that Γ is axiomatized by a set of sentences Δ if Γ is the closure of Δ.

We can think of an axiomatic theory as the set of sentences that is axiomatized

by its set of axioms Δ. In other words, when we have a first-order language which
contains non-logical symbols for the primitives of the axiomatically developed science
we wish to study, together with a set of sentences that express the fundamental laws
of the science, we can think of the theory as represented by all the sentences in this
language that are entailed by the axioms. This ranges from simple examples with
only a single primitive and simple axioms, such as the theory of partial orders, to
complex theories such as Newtonian mechanics.
The important logical facts that make this formal approach to the axiomatic
method so important are the following. Suppose Γ is an axiom system for a theory,
i.e., a set of sentences.

1. We can state precisely when an axiom system captures an intended class of

structures. That is, if we are interested in a certain class of structures, we
will successfully capture that class by an axiom system Γ iff the structures are
exactly those 𝔐 such that 𝔐 ⊨ Γ.

2. We may fail in this respect because there are 𝔐 such that 𝔐 ⊨ Γ, but 𝔐 is not
one of the structures we intend. This may lead us to add axioms which are not
true in 𝔐.

69
5. Theories and Their Models

3. If we are successful at least in the respect that Γ is true in all the intended
structures, then a sentence 𝜑 is true in all intended structures whenever Γ ⊨
𝜑. Thus we can use logical tools (such as derivation methods) to show that
sentences are true in all intended structures simply by showing that they are
entailed by the axioms.

4. Sometimes we don’t have intended structures in mind, but instead start from
the axioms themselves: we begin with some primitives that we want to satisfy
certain laws which we codify in an axiom system. One thing that we would
like to verify right away is that the axioms do not contradict each other: if they
do, there can be no concepts that obey these laws, and we have tried to set
up an incoherent theory. We can verify that this doesn’t happen by finding a
model of Γ. And if there are models of our theory, we can use logical methods
to investigate them, and we can also use logical methods to construct models.

5. The independence of the axioms is likewise an important question. It may

happen that one of the axioms is actually a consequence of the others, and
so is redundant. We can prove that an axiom 𝜑 in Γ is redundant by proving
Γ \ {𝜑 } ⊨ 𝜑. We can also prove that an axiom is not redundant by showing that
(Γ \ {𝜑 }) ∪ {¬𝜑 } is satisfiable. For instance, this is how it was shown that the
parallel postulate is independent of the other axioms of geometry.

6. Another important question is that of definability of concepts in a theory: The

choice of the language determines what the models of a theory consist of. But
not every aspect of a theory must be represented separately in its models. For
instance, every ordering ≤ determines a corresponding strict ordering <—given
one, we can define the other. So it is not necessary that a model of a theory
involving such an order must also contain the corresponding strict ordering.
When is it the case, in general, that one relation can be defined in terms of
others? When is it impossible to define a relation in terms of others (and hence
must add it to the primitives of the language)?

5.2 Expressing Properties of Structures

It is often useful and important to express conditions on functions and relations, or
more generally, that the functions and relations in a structure satisfy these conditions.
For instance, we would like to have ways of distinguishing those structures for a
language which “capture” what we want the predicate symbols to “mean” from those
that do not. Of course we’re completely free to specify which structures we “intend,”
e.g., we can specify that the interpretation of the predicate symbol ≤ must be an
ordering, or that we are only interested in interpretations of L in which the domain
consists of sets and ∈ is interpreted by the “is an element of” relation. But can
we do this with sentences of the language? In other words, which conditions on
a structure 𝔐 can we express by a sentence (or perhaps a set of sentences) in the
language of 𝔐? There are some conditions that we will not be able to express. For
instance, there is no sentence of L𝐴 which is only true in a structure 𝔐 if |𝔐| = N. We
cannot express “the domain contains only natural numbers.” But there are “structural
properties” of structures that we perhaps can express. Which properties of structures
can we express by sentences? Or, to put it another way, which collections of structures
can we describe as those making a sentence (or set of sentences) true?

70
 5.3. Examples of First-Order Theories

Definition 5.2 (Model of a set). Let Γ be a set of sentences in a language L. We

say that a structure 𝔐 is a model of Γ if 𝔐 ⊨ 𝜑 for all 𝜑 ∈ Γ.

Example 5.3. The sentence ∀𝑥 𝑥 ≤ 𝑥 is true in 𝔐 iff ≤𝔐 is a reflexive relation. The

sentence ∀𝑥 ∀𝑦 ((𝑥 ≤ 𝑦 ∧ 𝑦 ≤ 𝑥) → 𝑥 = 𝑦) is true in 𝔐 iff ≤ 𝔐 is anti-symmetric. The
sentence ∀𝑥 ∀𝑦 ∀𝑧 ((𝑥 ≤ 𝑦 ∧ 𝑦 ≤ 𝑧) → 𝑥 ≤ 𝑧) is true in 𝔐 iff ≤𝔐 is transitive. Thus,
the models of

{ ∀𝑥 𝑥 ≤ 𝑥,
∀𝑥 ∀𝑦 ((𝑥 ≤ 𝑦 ∧ 𝑦 ≤ 𝑥) → 𝑥 = 𝑦),
∀𝑥 ∀𝑦 ∀𝑧 ((𝑥 ≤ 𝑦 ∧ 𝑦 ≤ 𝑧) → 𝑥 ≤ 𝑧) }

are exactly those structures in which ≤𝔐 is reflexive, anti-symmetric, and transitive,

i.e., a partial order. Hence, we can take them as axioms for the first-order theory of
partial orders.

5.3 Examples of First-Order Theories

Example 5.4. The theory of strict linear orders in the language L < is axiomatized
by the set

{ ∀𝑥 ¬𝑥 < 𝑥,
∀𝑥 ∀𝑦 ((𝑥 < 𝑦 ∨ 𝑦 < 𝑥) ∨ 𝑥 = 𝑦),
∀𝑥 ∀𝑦 ∀𝑧 ((𝑥 < 𝑦 ∧ 𝑦 < 𝑧) → 𝑥 < 𝑧) }

It completely captures the intended structures: every strict linear order is a model of
this axiom system, and vice versa, if 𝑅 is a linear order on a set 𝑋 , then the structure
𝔐 with |𝔐| = 𝑋 and <𝔐 = 𝑅 is a model of this theory.

Example 5.5. The theory of groups in the language 1 (constant symbol), · (two-place
function symbol) is axiomatized by

∀𝑥 (𝑥 · 1) = 𝑥
∀𝑥 ∀𝑦 ∀𝑧 (𝑥 · (𝑦 · 𝑧)) = ((𝑥 · 𝑦) · 𝑧)
∀𝑥 ∃𝑦 (𝑥 · 𝑦) = 1

Example 5.6. The theory of Peano arithmetic is axiomatized by the following sen-
tences in the language of arithmetic L𝐴 .

∀𝑥 ∀𝑦 (𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦)
∀𝑥 0 ≠ 𝑥 ′
∀𝑥 (𝑥 + 0) = 𝑥
∀𝑥 ∀𝑦 (𝑥 + 𝑦 ′ ) = (𝑥 + 𝑦) ′
∀𝑥 (𝑥 × 0) = 0
∀𝑥 ∀𝑦 (𝑥 × 𝑦 ′ ) = ((𝑥 × 𝑦) + 𝑥)
∀𝑥 ∀𝑦 (𝑥 < 𝑦 ↔ ∃𝑧 (𝑧 ′ + 𝑥) = 𝑦)

71
5. Theories and Their Models

plus all sentences of the form

(𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥)

Since there are infinitely many sentences of the latter form, this axiom system is
infinite. The latter form is called the induction schema. (Actually, the induction schema
is a bit more complicated than we let on here.)
The last axiom is an explicit definition of <.

Example 5.7. The theory of pure sets plays an important role in the foundations (and
in the philosophy) of mathematics. A set is pure if all its elements are also pure sets.
The empty set counts therefore as pure, but a set that has something as an element
that is not a set would not be pure. So the pure sets are those that are formed just
from the empty set and no “urelements,” i.e., objects that are not themselves sets.
The following might be considered as an axiom system for a theory of pure sets:

∃𝑥 ¬∃𝑦 𝑦 ∈ 𝑥
∀𝑥 ∀𝑦 (∀𝑧 (𝑧 ∈ 𝑥 ↔ 𝑧 ∈ 𝑦) → 𝑥 = 𝑦)
∀𝑥 ∀𝑦 ∃𝑧 ∀𝑢 (𝑢 ∈ 𝑧 ↔ (𝑢 = 𝑥 ∨ 𝑢 = 𝑦))
∀𝑥 ∃𝑦 ∀𝑧 (𝑧 ∈ 𝑦 ↔ ∃𝑢 (𝑧 ∈ 𝑢 ∧ 𝑢 ∈ 𝑥))

plus all sentences of the form

∃𝑥 ∀𝑦 (𝑦 ∈ 𝑥 ↔ 𝜑 (𝑦))

The first axiom says that there is a set with no elements (i.e., ∅ exists); the second says
that sets are extensional; the third that for any sets 𝑋 and 𝑌 , the set {𝑋, 𝑌 } exists; the
fourth that for any set 𝑋 , the set ∪𝑋 exists, where ∪𝑋 is the union of all the elements
of 𝑋 .
The sentences mentioned last are collectively called the naive comprehension
scheme. It essentially says that for every 𝜑 (𝑥), the set {𝑥 | 𝜑 (𝑥)} exists—so at first
glance a true, useful, and perhaps even necessary axiom. It is called “naive” because,
as it turns out, it makes this theory unsatisfiable: if you take 𝜑 (𝑦) to be ¬𝑦 ∈ 𝑦, you
get the sentence
∃𝑥 ∀𝑦 (𝑦 ∈ 𝑥 ↔ ¬𝑦 ∈ 𝑦)
and this sentence is not satisfied in any structure.

Example 5.8. In the area of mereology, the relation of parthood is a fundamental

relation. Just like theories of sets, there are theories of parthood that axiomatize
various conceptions (sometimes conflicting) of this relation.
The language of mereology contains a single two-place predicate symbol 𝑃, and
𝑃 (𝑥, 𝑦) “means” that 𝑥 is a part of 𝑦. When we have this interpretation in mind,
a structure for this language is called a parthood structure. Of course, not every
structure for a single two-place predicate will really deserve this name. To have a
chance of capturing “parthood,” 𝑃 𝔐 must satisfy some conditions, which we can lay
down as axioms for a theory of parthood. For instance, parthood is a partial order
on objects: every object is a part (albeit an improper part) of itself; no two different
objects can be parts of each other; a part of a part of an object is itself part of that

72
 5.4. Expressing Relations in a Structure

object. Note that in this sense “is a part of” resembles “is a subset of,” but does not
resemble “is an element of” which is neither reflexive nor transitive.
∀𝑥 𝑃 (𝑥, 𝑥)
∀𝑥 ∀𝑦 ((𝑃 (𝑥, 𝑦) ∧ 𝑃 (𝑦, 𝑥)) → 𝑥 = 𝑦)
∀𝑥 ∀𝑦 ∀𝑧 ((𝑃 (𝑥, 𝑦) ∧ 𝑃 (𝑦, 𝑧)) → 𝑃 (𝑥, 𝑧))

Moreover, any two objects have a mereological sum (an object that has these two
objects as parts, and is minimal in this respect).

∀𝑥 ∀𝑦 ∃𝑧 ∀𝑢 (𝑃 (𝑧, 𝑢) ↔ (𝑃 (𝑥, 𝑢) ∧ 𝑃 (𝑦, 𝑢)))

These are only some of the basic principles of parthood considered by metaphysicians.
Further principles, however, quickly become hard to formulate or write down without
first introducing some defined relations. For instance, most metaphysicians interested
in mereology also view the following as a valid principle: whenever an object 𝑥 has a
proper part 𝑦, it also has a part 𝑧 that has no parts in common with 𝑦, and so that the
fusion of 𝑦 and 𝑧 is 𝑥.

5.4 Expressing Relations in a Structure

One main use formulas can be put to is to express properties and relations in a struc-
ture 𝔐 in terms of the primitives of the language L of 𝔐. By this we mean the
following: the domain of 𝔐 is a set of objects. The constant symbols, function sym-
bols, and predicate symbols are interpreted in 𝔐 by some objects in|𝔐|, functions
on |𝔐|, and relations on |𝔐|. For instance, if 𝐴20 is in L, then 𝔐 assigns to it a
relation 𝑅 = 𝐴20 . Then the formula 𝐴20 (𝑣 1, 𝑣 2 ) expresses that very relation, in the
𝔐

following sense: if a variable assignment 𝑠 maps 𝑣 1 to 𝑎 ∈ |𝔐| and 𝑣 2 to 𝑏 ∈ |𝔐|, then

𝑅𝑎𝑏 iff 𝔐, 𝑠 ⊨ 𝐴20 (𝑣 1, 𝑣 2 ).
Note that we have to involve variable assignments here: we can’t just say “𝑅𝑎𝑏 iff
𝔐 ⊨ 𝐴20 (𝑎, 𝑏)” because 𝑎 and 𝑏 are not symbols of our language: they are elements
of |𝔐|.
Since we don’t just have atomic formulas, but can combine them using the logical
connectives and the quantifiers, more complex formulas can define other relations
which aren’t directly built into 𝔐. We’re interested in how to do that, and specifically,
which relations we can define in a structure.
Definition 5.9. Let 𝜑 (𝑣 1, . . . , 𝑣𝑛 ) be a formula of L in which only 𝑣 1 ,. . . , 𝑣𝑛 occur free,
and let 𝔐 be a structure for L. 𝜑 (𝑣 1, . . . , 𝑣𝑛 ) expresses the relation 𝑅 ⊆ |𝔐|𝑛 iff
𝑅𝑎 1 . . . 𝑎𝑛 iff 𝔐, 𝑠 ⊨ 𝜑 (𝑣 1, . . . , 𝑣𝑛 )
for any variable assignment 𝑠 with 𝑠 (𝑣𝑖 ) = 𝑎𝑖 (𝑖 = 1, . . . , 𝑛).

Example 5.10. In the standard model of arithmetic 𝔑, the formula 𝑣 1 < 𝑣 2 ∨ 𝑣 1 = 𝑣 2

expresses the ≤ relation on N. The formula 𝑣 2 = 𝑣 1′ expresses the successor relation,
i.e., the relation 𝑅 ⊆ N2 where 𝑅𝑛𝑚 holds if 𝑚 is the successor of 𝑛. The formula
𝑣 1 = 𝑣 2′ expresses the predecessor relation. The formulas ∃𝑣 3 (𝑣 3 ≠ 0 ∧ 𝑣 2 = (𝑣 1 + 𝑣 3 ))
and ∃𝑣 3 (𝑣 1 + 𝑣 3 ′ ) = 𝑣 2 both express the < relation. This means that the predicate
symbol < is actually superfluous in the language of arithmetic; it can be defined.

73
5. Theories and Their Models

This idea is not just interesting in specific structures, but generally whenever
we use a language to describe an intended model or models, i.e., when we consider
theories. These theories often only contain a few predicate symbols as basic symbols,
but in the domain they are used to describe often many other relations play an
important role. If these other relations can be systematically expressed by the relations
that interpret the basic predicate symbols of the language, we say we can define them
in the language.

5.5 The Theory of Sets

Almost all of mathematics can be developed in the theory of sets. Developing mathe-
matics in this theory involves a number of things. First, it requires a set of axioms for
the relation ∈. A number of different axiom systems have been developed, sometimes
with conflicting properties of ∈. The axiom system known as ZFC, Zermelo-Fraenkel
set theory with the axiom of choice stands out: it is by far the most widely used and
studied, because it turns out that its axioms suffice to prove almost all the things
mathematicians expect to be able to prove. But before that can be established, it first
is necessary to make clear how we can even express all the things mathematicians
would like to express. For starters, the language contains no constant symbols or
function symbols, so it seems at first glance unclear that we can talk about particular
sets (such as ∅ or N), can talk about operations on sets (such as 𝑋 ∪ 𝑌 and ℘(𝑋 )), let
alone other constructions which involve things other than sets, such as relations and
functions.
To begin with, “is an element of” is not the only relation we are interested in: “is
a subset of” seems almost as important. But we can define “is a subset of” in terms of
“is an element of.” To do this, we have to find a formula 𝜑 (𝑥, 𝑦) in the language of set
theory which is satisfied by a pair of sets ⟨𝑋, 𝑌 ⟩ iff 𝑋 ⊆ 𝑌 . But 𝑋 is a subset of 𝑌 just
in case all elements of 𝑋 are also elements of 𝑌 . So we can define ⊆ by the formula

∀𝑧 (𝑧 ∈ 𝑥 → 𝑧 ∈ 𝑦)

Now, whenever we want to use the relation ⊆ in a formula, we could instead use
that formula (with 𝑥 and 𝑦 suitably replaced, and the bound variable 𝑧 renamed if
necessary). For instance, extensionality of sets means that if any sets 𝑥 and 𝑦 are
contained in each other, then 𝑥 and 𝑦 must be the same set. This can be expressed by
∀𝑥 ∀𝑦 ((𝑥 ⊆ 𝑦 ∧ 𝑦 ⊆ 𝑥) → 𝑥 = 𝑦), or, if we replace ⊆ by the above definition, by

∀𝑥 ∀𝑦 ((∀𝑧 (𝑧 ∈ 𝑥 → 𝑧 ∈ 𝑦) ∧ ∀𝑧 (𝑧 ∈ 𝑦 → 𝑧 ∈ 𝑥)) → 𝑥 = 𝑦).

This is in fact one of the axioms of ZFC, the “axiom of extensionality.”

There is no constant symbol for ∅, but we can express “𝑥 is empty” by ¬∃𝑦 𝑦 ∈ 𝑥.
Then “∅ exists” becomes the sentence ∃𝑥 ¬∃𝑦 𝑦 ∈ 𝑥. This is another axiom of ZFC.
(Note that the axiom of extensionality implies that there is only one empty set.)
Whenever we want to talk about ∅ in the language of set theory, we would write this
as “there is a set that’s empty and . . . ” As an example, to express the fact that ∅ is a
subset of every set, we could write

∃𝑥 (¬∃𝑦 𝑦 ∈ 𝑥 ∧ ∀𝑧 𝑥 ⊆ 𝑧)

where, of course, 𝑥 ⊆ 𝑧 would in turn have to be replaced by its definition.

74
 5.5. The Theory of Sets

To talk about operations on sets, such as 𝑋 ∪ 𝑌 and ℘(𝑋 ), we have to use a similar
trick. There are no function symbols in the language of set theory, but we can express
the functional relations 𝑋 ∪ 𝑌 = 𝑍 and ℘(𝑋 ) = 𝑌 by
∀𝑢 ((𝑢 ∈ 𝑥 ∨ 𝑢 ∈ 𝑦) ↔ 𝑢 ∈ 𝑧)
∀𝑢 (𝑢 ⊆ 𝑥 ↔ 𝑢 ∈ 𝑦)
since the elements of 𝑋 ∪ 𝑌 are exactly the sets that are either elements of 𝑋 or
elements of 𝑌 , and the elements of ℘(𝑋 ) are exactly the subsets of 𝑋 . However, this
doesn’t allow us to use 𝑥 ∪ 𝑦 or ℘(𝑥) as if they were terms: we can only use the entire
formulas that define the relations 𝑋 ∪ 𝑌 = 𝑍 and ℘(𝑋 ) = 𝑌 . In fact, we do not know
that these relations are ever satisfied, i.e., we do not know that unions and power sets
always exist. For instance, the sentence ∀𝑥 ∃𝑦 ℘(𝑥) = 𝑦 is another axiom of ZFC (the
power set axiom).
Now what about talk of ordered pairs or functions? Here we have to explain how
we can think of ordered pairs and functions as special kinds of sets. One way to define
the ordered pair ⟨𝑥, 𝑦⟩ is as the set {{𝑥 }, {𝑥, 𝑦}}. But like before, we cannot introduce
a function symbol that names this set; we can only define the relation ⟨𝑥, 𝑦⟩ = 𝑧, i.e.,
{{𝑥 }, {𝑥, 𝑦}} = 𝑧:
∀𝑢 (𝑢 ∈ 𝑧 ↔ (∀𝑣 (𝑣 ∈ 𝑢 ↔ 𝑣 = 𝑥) ∨ ∀𝑣 (𝑣 ∈ 𝑢 ↔ (𝑣 = 𝑥 ∨ 𝑣 = 𝑦))))
This says that the elements 𝑢 of 𝑧 are exactly those sets which either have 𝑥 as its
only element or have 𝑥 and 𝑦 as its only elements (in other words, those sets that are
either identical to {𝑥 } or identical to {𝑥, 𝑦}). Once we have this, we can say further
things, e.g., that 𝑋 × 𝑌 = 𝑍 :
∀𝑧 (𝑧 ∈ 𝑍 ↔ ∃𝑥 ∃𝑦 (𝑥 ∈ 𝑋 ∧ 𝑦 ∈ 𝑌 ∧ ⟨𝑥, 𝑦⟩ = 𝑧))
A function 𝑓 : 𝑋 → 𝑌 can be thought of as the relation 𝑓 (𝑥) = 𝑦, i.e., as the set of
pairs {⟨𝑥, 𝑦⟩ | 𝑓 (𝑥) = 𝑦}. We can then say that a set 𝑓 is a function from 𝑋 to 𝑌 if (a)
it is a relation ⊆ 𝑋 × 𝑌 , (b) it is total, i.e., for all 𝑥 ∈ 𝑋 there is some 𝑦 ∈ 𝑌 such that
⟨𝑥, 𝑦⟩ ∈ 𝑓 and (c) it is functional, i.e., whenever ⟨𝑥, 𝑦⟩, ⟨𝑥, 𝑦 ′ ⟩ ∈ 𝑓 , 𝑦 = 𝑦 ′ (because
values of functions must be unique). So “𝑓 is a function from 𝑋 to 𝑌 ” can be written
as:
∀𝑢 (𝑢 ∈ 𝑓 → ∃𝑥 ∃𝑦 (𝑥 ∈ 𝑋 ∧ 𝑦 ∈ 𝑌 ∧ ⟨𝑥, 𝑦⟩ = 𝑢)) ∧
∀𝑥 (𝑥 ∈ 𝑋 → (∃𝑦 (𝑦 ∈ 𝑌 ∧ maps(𝑓 , 𝑥, 𝑦)) ∧
(∀𝑦 ∀𝑦 ′ ((maps(𝑓 , 𝑥, 𝑦) ∧ maps(𝑓 , 𝑥, 𝑦 ′ )) → 𝑦 = 𝑦 ′ )))
where maps(𝑓 , 𝑥, 𝑦) abbreviates ∃𝑣 (𝑣 ∈ 𝑓 ∧ ⟨𝑥, 𝑦⟩ = 𝑣) (this formula expresses
“𝑓 (𝑥) = 𝑦”).
It is now also not hard to express that 𝑓 : 𝑋 → 𝑌 is injective, for instance:

𝑓 : 𝑋 → 𝑌 ∧ ∀𝑥 ∀𝑥 ′ ((𝑥 ∈ 𝑋 ∧ 𝑥 ′ ∈ 𝑋 ∧
∃𝑦 (maps(𝑓 , 𝑥, 𝑦) ∧ maps(𝑓 , 𝑥 ′, 𝑦))) → 𝑥 = 𝑥 ′ )
A function 𝑓 : 𝑋 → 𝑌 is injective iff, whenever 𝑓 maps 𝑥, 𝑥 ′ ∈ 𝑋 to a single 𝑦, 𝑥 = 𝑥 ′ .
If we abbreviate this formula as inj(𝑓 , 𝑋, 𝑌 ), we’re already in a position to state in
the language of set theory something as non-trivial as Cantor’s theorem: there is no
injective function from ℘(𝑋 ) to 𝑋 :
∀𝑋 ∀𝑌 (℘(𝑋 ) = 𝑌 → ¬∃𝑓 inj(𝑓 , 𝑌 , 𝑋 ))

75
5. Theories and Their Models

One might think that set theory requires another axiom that guarantees the
existence of a set for every defining property. If 𝜑 (𝑥) is a formula of set theory with
the variable 𝑥 free, we can consider the sentence
∃𝑦 ∀𝑥 (𝑥 ∈ 𝑦 ↔ 𝜑 (𝑥)).
This sentence states that there is a set 𝑦 whose elements are all and only those 𝑥
that satisfy 𝜑 (𝑥). This schema is called the “comprehension principle.” It looks very
useful; unfortunately it is inconsistent. Take 𝜑 (𝑥) ≡ ¬𝑥 ∈ 𝑥, then the comprehension
principle states
∃𝑦 ∀𝑥 (𝑥 ∈ 𝑦 ↔ 𝑥 ∉ 𝑥),
i.e., it states the existence of a set of all sets that are not elements of themselves. No
such set can exist—this is Russell’s Paradox. ZFC, in fact, contains a restricted—and
consistent—version of this principle, the separation principle:
∀𝑧 ∃𝑦 ∀𝑥 (𝑥 ∈ 𝑦 ↔ (𝑥 ∈ 𝑧 ∧ 𝜑 (𝑥)).

5.6 Expressing the Size of Structures

There are some properties of structures we can express even without using the non-
logical symbols of a language. For instance, there are sentences which are true in
a structure iff the domain of the structure has at least, at most, or exactly a certain
number 𝑛 of elements.
Proposition 5.11. The sentence

𝜑 ≥𝑛 ≡ ∃𝑥 1 ∃𝑥 2 . . . ∃𝑥𝑛
(𝑥 1 ≠ 𝑥 2 ∧ 𝑥 1 ≠ 𝑥 3 ∧ 𝑥 1 ≠ 𝑥 4 ∧ · · · ∧ 𝑥 1 ≠ 𝑥𝑛 ∧
𝑥 2 ≠ 𝑥 3 ∧ 𝑥 2 ≠ 𝑥 4 ∧ · · · ∧ 𝑥 2 ≠ 𝑥𝑛 ∧
..
.
𝑥𝑛−1 ≠ 𝑥𝑛 )
is true in a structure 𝔐 iff |𝔐| contains at least 𝑛 elements. Consequently, 𝔐 ⊨ ¬𝜑 ≥𝑛+1
iff |𝔐| contains at most 𝑛 elements.

Proposition 5.12. The sentence

𝜑 =𝑛 ≡ ∃𝑥 1 ∃𝑥 2 . . . ∃𝑥𝑛
(𝑥 1 ≠ 𝑥 2 ∧ 𝑥 1 ≠ 𝑥 3 ∧ 𝑥 1 ≠ 𝑥 4 ∧ · · · ∧ 𝑥 1 ≠ 𝑥𝑛 ∧
𝑥 2 ≠ 𝑥 3 ∧ 𝑥 2 ≠ 𝑥 4 ∧ · · · ∧ 𝑥 2 ≠ 𝑥𝑛 ∧
..
.
𝑥𝑛−1 ≠ 𝑥𝑛 ∧
∀𝑦 (𝑦 = 𝑥 1 ∨ · · · ∨ 𝑦 = 𝑥𝑛 ))
is true in a structure 𝔐 iff |𝔐| contains exactly 𝑛 elements.

Proposition 5.13. A structure is infinite iff it is a model of

{𝜑 ≥1, 𝜑 ≥2, 𝜑 ≥3, . . . }.

76
 5.6. Expressing the Size of Structures

There is no single purely logical sentence which is true in 𝔐 iff |𝔐| is infinite.
However, one can give sentences with non-logical predicate symbols which only
have infinite models (although not every infinite structure is a model of them). The
property of being a finite structure, and the property of being a uncountable structure
cannot even be expressed with an infinite set of sentences. These facts follow from
the compactness and Löwenheim-Skolem theorems.

Problems
Problem 5.1. Find formulas in L𝐴 which define the following relations:

1. 𝑛 is between 𝑖 and 𝑗;
2. 𝑛 evenly divides 𝑚 (i.e., 𝑚 is a multiple of 𝑛);
3. 𝑛 is a prime number (i.e., no number other than 1 and 𝑛 evenly divides 𝑛).

Problem 5.2. Suppose the formula 𝜑 (𝑣 1, 𝑣 2 ) expresses the relation 𝑅 ⊆ |𝔐| 2 in

a structure 𝔐. Find formulas that express the following relations:

1. the inverse 𝑅 −1 of 𝑅;
2. the relative product 𝑅 | 𝑅;

Can you find a way to express 𝑅 + , the transitive closure of 𝑅?

Problem 5.3. Let L be the language containing a 2-place predicate symbol < only (no
other constant symbols, function symbols or predicate symbols— except of course =).
Let 𝔑 be the structure such that |𝔑| = N, and <𝔑 = {⟨𝑛, 𝑚⟩ | 𝑛 < 𝑚}. Prove the
following:

1. {0} is definable in 𝔑;
2. {1} is definable in 𝔑;
3. {2} is definable in 𝔑;
4. for each 𝑛 ∈ N, the set {𝑛} is definable in 𝔑;
5. every finite subset of |𝔑| is definable in 𝔑;
6. every co-finite subset of |𝔑| is definable in 𝔑 (where 𝑋 ⊆ N is co-finite iff
N \ 𝑋 is finite).

Problem 5.4. Show that the comprehension principle is inconsistent by giving

a derivation that shows

∃𝑦 ∀𝑥 (𝑥 ∈ 𝑦 ↔ 𝑥 ∉ 𝑥) ⊢ ⊥.

It may help to first show (𝐴 → ¬𝐴) ∧ (¬𝐴 → 𝐴) ⊢ ⊥.

77
Chapter 6

Natural Deduction

6.1 Introduction
To define a derivation system for first-order logic we will use what we already have
for propositional logic and add rules for the quantifiers.

6.2 Quantifier Rules

Rules for ∀

𝜑 [𝑎/𝑥] ∀𝑥 𝜑
∀I ∀E
∀𝑥 𝜑 𝜑 [𝑡/𝑥]

In the rules for ∀, 𝑡 is a closed term (a term that does not contain any variables), and
𝑎 is a constant symbol which does not occur in the conclusion ∀𝑥 𝜑 (𝑥), or in any
assumption which is undischarged in the derivation ending with the premise 𝜑 (𝑎).
We call 𝑎 the eigenvariable of the ∀I inference.1

Rules for ∃

[𝜑 [𝑎/𝑥]]𝑛
𝜑 [𝑡/𝑥]
∃I
∃𝑥 𝜑
∃𝑥 𝜑 𝜒
𝜒 ∃E𝑛

Again, 𝑡 is a closed term, and 𝑎 is a constant which does not occur in the premise
∃𝑥 𝜑 (𝑥), in the conclusion 𝜒, or any assumption which is undischarged in the deriva-
tions ending with the two premises (other than the assumptions 𝜑 (𝑎)). We call 𝑎 the
eigenvariable of the ∃E inference.
1We use the term “eigenvariable” even though 𝑎 in the above rule is a constant. This has historical

reasons.

79
6. Natural Deduction

The condition that an eigenvariable neither occur in the premises nor in any
assumption that is undischarged in the derivations leading to the premises for the ∀I
or ∃E inference is called the eigenvariable condition.
Recall the convention that when 𝜑 is a formula with the variable 𝑥 free, we indicate
this by writing 𝜑 (𝑥). In the same context, 𝜑 (𝑡) then is short for 𝜑 [𝑡/𝑥]. So we could
also write the ∃I rule as:
𝜑 (𝑡)
∃I
∃𝑥 𝜑 (𝑥)
Note that 𝑡 may already occur in 𝜑, e.g., 𝜑 might be 𝑃 (𝑡, 𝑥). Thus, inferring ∃𝑥 𝑃 (𝑡, 𝑥)
from 𝑃 (𝑡, 𝑡) is a correct application of ∃I—you may “replace” one or more, and not
necessarily all, occurrences of 𝑡 in the premise by the bound variable 𝑥. However, the
eigenvariable conditions in ∀I and ∃E require that the constant symbol 𝑎 does not
occur in 𝜑. So, you cannot correctly infer ∀𝑥 𝑃 (𝑎, 𝑥) from 𝑃 (𝑎, 𝑎) using ∀I.
In ∃I and ∀E there are no restrictions, and the term 𝑡 can be anything, so we do
not have to worry about any conditions. On the other hand, in the ∃E and ∀I rules, the
eigenvariable condition requires that the constant symbol 𝑎 does not occur anywhere
in the conclusion or in an undischarged assumption. The condition is necessary
to ensure that the system is sound, i.e., only derives sentences from undischarged
assumptions from which they follow. Without this condition, the following would be
allowed:
[𝜑 (𝑎)] 1
*∀I
∃𝑥 𝜑 (𝑥) ∀𝑥 𝜑 (𝑥)
∃E
∀𝑥 𝜑 (𝑥)
However, ∃𝑥 𝜑 (𝑥) ⊭ ∀𝑥 𝜑 (𝑥).
As the elimination rules for quantifiers only allow substituting closed terms for
variables, it follows that any formula that can be derived from a set of sentences is
itself a sentence.

6.3 Derivations with Quantifiers

Example 6.1. When dealing with quantifiers, we have to make sure not to violate
the eigenvariable condition, and sometimes this requires us to play around with the
order of carrying out certain inferences. In general, it helps to try and take care
of rules subject to the eigenvariable condition first (they will be lower down in the
finished proof).
Let’s see how we’d give a derivation of the formula ∃𝑥 ¬𝜑 (𝑥) →¬∀𝑥 𝜑 (𝑥). Starting
as usual, we write

∃𝑥 ¬𝜑 (𝑥) → ¬∀𝑥 𝜑 (𝑥)

We start by writing down what it would take to justify that last step using the →I
rule.
[∃𝑥 ¬𝜑 (𝑥)] 1

¬∀𝑥 𝜑 (𝑥)
→I1
∃𝑥 ¬𝜑 (𝑥) → ¬∀𝑥 𝜑 (𝑥)

80
 6.3. Derivations with Quantifiers

Since there is no obvious rule to apply to ¬∀𝑥 𝜑 (𝑥), we will proceed by setting up the
derivation so we can use the ∃E rule. Here we must pay attention to the eigenvariable
condition, and choose a constant that does not appear in ∃𝑥 𝜑 (𝑥) or any assumptions
that it depends on. (Since no constant symbols appear, however, any choice will do
fine.)
[¬𝜑 (𝑎)] 2

[∃𝑥 ¬𝜑 (𝑥)] 1 ¬∀𝑥 𝜑 (𝑥)

∃E2
¬∀𝑥 𝜑 (𝑥)
→I1
∃𝑥 ¬𝜑 (𝑥) → ¬∀𝑥 𝜑 (𝑥)
In order to derive ¬∀𝑥 𝜑 (𝑥), we will attempt to use the ¬I rule: this requires that we
derive a contradiction, possibly using ∀𝑥 𝜑 (𝑥) as an additional assumption. Of course,
this contradiction may involve the assumption ¬𝜑 (𝑎) which will be discharged by
the ∃E inference. We can set it up as follows:
[¬𝜑 (𝑎)] 2, [∀𝑥 𝜑 (𝑥)] 3

⊥ ¬I3
[∃𝑥 ¬𝜑 (𝑥)] 1 ¬∀𝑥 𝜑 (𝑥)
∃E2
¬∀𝑥 𝜑 (𝑥)
→I1
∃𝑥 ¬𝜑 (𝑥) → ¬∀𝑥 𝜑 (𝑥)
It looks like we are close to getting a contradiction. The easiest rule to apply is the
∀E, which has no eigenvariable conditions. Since we can use any term we want to
replace the universally quantified 𝑥, it makes the most sense to continue using 𝑎 so
we can reach a contradiction.
[∀𝑥 𝜑 (𝑥)] 3
∀E
[¬𝜑 (𝑎)] 2 𝜑 (𝑎)
⊥ ¬E
1 ¬I3
[∃𝑥 ¬𝜑 (𝑥)] ¬∀𝑥 𝜑 (𝑥)
∃E2
¬∀𝑥 𝜑 (𝑥)
→I1
∃𝑥 ¬𝜑 (𝑥) → ¬∀𝑥 𝜑 (𝑥)
It is important, especially when dealing with quantifiers, to double check at this
point that the eigenvariable condition has not been violated. Since the only rule we
applied that is subject to the eigenvariable condition was ∃E, and the eigenvariable 𝑎
does not occur in any assumptions it depends on, this is a correct derivation.

Example 6.2. Sometimes we may derive a formula from other formulas. In these
cases, we may have undischarged assumptions. It is important to keep track of our
assumptions as well as the end goal.
Let’s see how we’d give a derivation of the formula ∃𝑥 𝜒 (𝑥, 𝑏) from the assump-
tions ∃𝑥 (𝜑 (𝑥) ∧ 𝜓 (𝑥)) and ∀𝑥 (𝜓 (𝑥) → 𝜒 (𝑥, 𝑏)). Starting as usual, we write the
conclusion at the bottom.
∃𝑥 𝜒 (𝑥, 𝑏)

81
6. Natural Deduction

We have two premises to work with. To use the first, i.e., try to find a derivation
of ∃𝑥 𝜒 (𝑥, 𝑏) from ∃𝑥 (𝜑 (𝑥) ∧ 𝜓 (𝑥)) we would use the ∃E rule. Since it has an
eigenvariable condition, we will apply that rule first. We get the following:

[𝜑 (𝑎) ∧ 𝜓 (𝑎)] 1

∃𝑥 (𝜑 (𝑥) ∧ 𝜓 (𝑥)) ∃𝑥 𝜒 (𝑥, 𝑏)

∃E1
∃𝑥 𝜒 (𝑥, 𝑏)

The two assumptions we are working with share 𝜓 . It may be useful at this point to
apply ∧E to separate out 𝜓 (𝑎).

[𝜑 (𝑎) ∧ 𝜓 (𝑎)] 1
∧E
𝜓 (𝑎)

∃𝑥 (𝜑 (𝑥) ∧ 𝜓 (𝑥)) ∃𝑥 𝜒 (𝑥, 𝑏)

∃E1
∃𝑥 𝜒 (𝑥, 𝑏)

The second assumption we have to work with is ∀𝑥 (𝜓 (𝑥) → 𝜒 (𝑥, 𝑏)). Since there
is no eigenvariable condition we can instantiate 𝑥 with the constant symbol 𝑎 using
∀E to get 𝜓 (𝑎) → 𝜒 (𝑎, 𝑏). We now have both 𝜓 (𝑎) → 𝜒 (𝑎, 𝑏) and 𝜓 (𝑎). Our next move
should be a straightforward application of the →E rule.

∀𝑥 (𝜓 (𝑥) → 𝜒 (𝑥, 𝑏)) [𝜑 (𝑎) ∧ 𝜓 (𝑎)] 1

∀E ∧E
𝜓 (𝑎) → 𝜒 (𝑎, 𝑏) 𝜓 (𝑎)
→E
𝜒 (𝑎, 𝑏)

∃𝑥 (𝜑 (𝑥) ∧ 𝜓 (𝑥)) ∃𝑥 𝜒 (𝑥, 𝑏)

∃E1
∃𝑥 𝜒 (𝑥, 𝑏)

We are so close! One application of ∃I and we have reached our goal.

∀𝑥 (𝜓 (𝑥) → 𝜒 (𝑥, 𝑏)) [𝜑 (𝑎) ∧ 𝜓 (𝑎)] 1

∀E ∧E
𝜓 (𝑎) → 𝜒 (𝑎, 𝑏) 𝜓 (𝑎)
→E
𝜒 (𝑎, 𝑏)
∃I
∃𝑥 (𝜑 (𝑥) ∧ 𝜓 (𝑥)) ∃𝑥 𝜒 (𝑥, 𝑏)
∃E1
∃𝑥 𝜒 (𝑥, 𝑏)

Since we ensured at each step that the eigenvariable conditions were not violated, we
can be confident that this is a correct derivation.

Example 6.3. Give a derivation of the formula ¬∀𝑥 𝜑 (𝑥) from the assumptions
∀𝑥 𝜑 (𝑥) → ∃𝑦 𝜓 (𝑦) and ¬∃𝑦 𝜓 (𝑦). Starting as usual, we write the target formula
at the bottom.

¬∀𝑥 𝜑 (𝑥)

82
 6.4. Proof-Theoretic Notions

The last line of the derivation is a negation, so let’s try using ¬I. This will require that
we figure out how to derive a contradiction.
[∀𝑥 𝜑 (𝑥)] 1

⊥ ¬I1
¬∀𝑥 𝜑 (𝑥)
So far so good. We can use ∀E but it’s not obvious if that will help us get to our goal.
Instead, let’s use one of our assumptions. ∀𝑥 𝜑 (𝑥) → ∃𝑦 𝜓 (𝑦) together with ∀𝑥 𝜑 (𝑥)
will allow us to use the →E rule.
∀𝑥 𝜑 (𝑥) → ∃𝑦 𝜓 (𝑦) [∀𝑥 𝜑 (𝑥)] 1
→E
∃𝑦 𝜓 (𝑦)

⊥ ¬I1
¬∀𝑥 𝜑 (𝑥)
We now have one final assumption to work with, and it looks like this will help us
reach a contradiction by using ¬E.
∀𝑥 𝜑 (𝑥) → ∃𝑦 𝜓 (𝑦) [∀𝑥 𝜑 (𝑥)] 1
→E
¬∃𝑦 𝜓 (𝑦) ∃𝑦 𝜓 (𝑦)
⊥ ¬E
¬I1
¬∀𝑥 𝜑 (𝑥)

6.4 Proof-Theoretic Notions

Just as we’ve defined a number of important semantic notions (validity, entailment,
satisfiability), we now define corresponding proof-theoretic notions. These are not
defined by appeal to satisfaction of sentences in structures, but by appeal to the
derivability or non-derivability of certain sentences from others. It was an important
discovery that these notions coincide. That they do is the content of the soundness
and completeness theorems.
Definition 6.4 (Theorems). A sentence 𝜑 is a theorem if there is a derivation of 𝜑
in natural deduction in which all assumptions are discharged. We write ⊢ 𝜑 if 𝜑 is a
theorem and ⊬ 𝜑 if it is not.

Definition 6.5 (Derivability). A sentence 𝜑 is derivable from a set of sentences Γ,

Γ ⊢ 𝜑, if there is a derivation with conclusion 𝜑 and in which every assumption is
either discharged or is in Γ. If 𝜑 is not derivable from Γ we write Γ ⊬ 𝜑.

Definition 6.6 (Consistency). A set of sentences Γ is inconsistent iff Γ ⊢ ⊥. If Γ is

not inconsistent, i.e., if Γ ⊬ ⊥, we say it is consistent.

Proposition 6.7 (Reflexivity). If 𝜑 ∈ Γ, then Γ ⊢ 𝜑.

Proof. The assumption 𝜑 by itself is a derivation of 𝜑 where every undischarged

assumption (i.e., 𝜑) is in Γ. □

83
6. Natural Deduction

Proposition 6.8 (Monotonicity). If Γ ⊆ Δ and Γ ⊢ 𝜑, then Δ ⊢ 𝜑.

Proof. Any derivation of 𝜑 from Γ is also a derivation of 𝜑 from Δ. □

Proposition 6.9 (Transitivity). If Γ ⊢ 𝜑 and {𝜑 } ∪ Δ ⊢ 𝜓 , then Γ ∪ Δ ⊢ 𝜓 .

Proof. If Γ ⊢ 𝜑, there is a derivation 𝛿 0 of 𝜑 with all undischarged assumptions in Γ.

If {𝜑 } ∪ Δ ⊢ 𝜓 , then there is a derivation 𝛿 1 of 𝜓 with all undischarged assumptions
in {𝜑 } ∪ Δ. Now consider:

Δ, [𝜑] 1

𝛿1 Γ

𝜓 𝛿0
→I1
𝜑 →𝜓 𝜑
→E
𝜓

The undischarged assumptions are now all among Γ ∪ Δ, so this shows Γ ∪ Δ ⊢ 𝜓 . □

When Γ = {𝜑 1, 𝜑 2, . . . , 𝜑𝑘 } is a finite set we may use the simplified notation

𝜑 1, 𝜑 2, . . . , 𝜑𝑘 ⊢ 𝜓 for Γ ⊢ 𝜓 , in particular 𝜑 ⊢ 𝜓 means that {𝜑 } ⊢ 𝜓 .
Note that if Γ ⊢ 𝜑 and 𝜑 ⊢ 𝜓 , then Γ ⊢ 𝜓 . It follows also that if 𝜑 1, . . . , 𝜑𝑛 ⊢ 𝜓 and
Γ ⊢ 𝜑𝑖 for each 𝑖, then Γ ⊢ 𝜓 .

Proposition 6.10. The following are equivalent.

1. Γ is inconsistent.

2. Γ ⊢ 𝜑 for every sentence 𝜑.

3. Γ ⊢ 𝜑 and Γ ⊢ ¬𝜑 for some sentence 𝜑.

Proof. Exercise. □

Proposition 6.11 (Compactness). 1. If Γ ⊢ 𝜑 then there is a finite subset Γ0 ⊆ Γ

such that Γ0 ⊢ 𝜑.

2. If every finite subset of Γ is consistent, then Γ is consistent.

Proof. 1. If Γ ⊢ 𝜑, then there is a derivation 𝛿 of 𝜑 from Γ. Let Γ0 be the set

of undischarged assumptions of 𝛿. Since any derivation is finite, Γ0 can only
contain finitely many sentences. So, 𝛿 is a derivation of 𝜑 from a finite Γ0 ⊆ Γ.

2. This is the contrapositive of (1) for the special case 𝜑 ≡ ⊥. □

84
 6.5. Derivability and Consistency

6.5 Derivability and Consistency

We will now establish a number of properties of the derivability relation. They are
independently interesting, but each will play a role in the proof of the completeness
theorem.
Proposition 6.12. If Γ ⊢ 𝜑 and Γ ∪ {𝜑 } is inconsistent, then Γ is inconsistent.

Proof. Let the derivation of 𝜑 from Γ be 𝛿 1 and the derivation of ⊥ from Γ ∪ {𝜑 } be 𝛿 2 .

We can then derive:
Γ, [𝜑] 1
Γ
𝛿2
𝛿1
⊥
¬𝜑 ¬I1 𝜑
⊥ ¬E

In the new derivation, the assumption 𝜑 is discharged, so it is a derivation from Γ.□

Proposition 6.13. Γ ⊢ 𝜑 iff Γ ∪ {¬𝜑 } is inconsistent.

Proof. First suppose Γ ⊢ 𝜑, i.e., there is a derivation 𝛿 0 of 𝜑 from undischarged

assumptions Γ. We obtain a derivation of ⊥ from Γ ∪ {¬𝜑 } as follows:
Γ
𝛿0
¬𝜑 𝜑
⊥ ¬E

Now assume Γ ∪ {¬𝜑 } is inconsistent, and let 𝛿 1 be the corresponding derivation

of ⊥ from undischarged assumptions in Γ ∪ {¬𝜑 }. We obtain a derivation of 𝜑 from Γ
alone by using RAA:
Γ, [¬𝜑] 1

𝛿1
⊥ RAA
𝜑 1 □

Proposition 6.14. If Γ ⊢ 𝜑 and ¬𝜑 ∈ Γ, then Γ is inconsistent.

Proof. Suppose Γ ⊢ 𝜑 and ¬𝜑 ∈ Γ. Then there is a derivation 𝛿 of 𝜑 from Γ. Consider

this simple application of the ¬E rule:
Γ

𝛿
¬𝜑 𝜑
⊥ ¬E

Since ¬𝜑 ∈ Γ, all undischarged assumptions are in Γ, this shows that Γ ⊢ ⊥. □

85
6. Natural Deduction

Proposition 6.15. If Γ ∪ {𝜑 } and Γ ∪ {¬𝜑 } are both inconsistent, then Γ is inconsistent.

Proof. There are derivations 𝛿 1 and 𝛿 2 of ⊥ from Γ ∪ {𝜑 } and ⊥ from Γ ∪ {¬𝜑 },

respectively. We can then derive
Γ, [¬𝜑] 2 Γ, [𝜑] 1

𝛿2 𝛿1
⊥ ⊥
¬¬𝜑 ¬I2 ¬𝜑 ¬I1
⊥ ¬E

Since the assumptions 𝜑 and ¬𝜑 are discharged, this is a derivation of ⊥ from Γ alone.
Hence Γ is inconsistent. □

6.6 Derivability and the Propositional Connectives

We establish that the derivability relation ⊢ of natural deduction is strong enough
to establish some basic facts involving the propositional connectives, such as that
𝜑 ∧ 𝜓 ⊢ 𝜑 and 𝜑, 𝜑 → 𝜓 ⊢ 𝜓 (modus ponens). These facts are needed for the proof of
the completeness theorem.
Proposition 6.16. 1. Both 𝜑 ∧ 𝜓 ⊢ 𝜑 and 𝜑 ∧ 𝜓 ⊢ 𝜓
2. 𝜑,𝜓 ⊢ 𝜑 ∧ 𝜓 .

Proof. 1. We can derive both

𝜑 ∧𝜓 𝜑 ∧𝜓
∧E ∧E
𝜑 𝜓

2. We can derive:
𝜑 𝜓
∧I
𝜑 ∧𝜓 □

Proposition 6.17. 1. 𝜑 ∨ 𝜓, ¬𝜑, ¬𝜓 is inconsistent.

2. Both 𝜑 ⊢ 𝜑 ∨ 𝜓 and 𝜓 ⊢ 𝜑 ∨ 𝜓 .

Proof. 1. Consider the following derivation:

¬𝜑 [𝜑] 1 ¬𝜓 [𝜓 ] 1
𝜑 ∨𝜓 ⊥ ¬E ⊥ ¬E
∨E1
⊥

This is a derivation of ⊥ from undischarged assumptions 𝜑 ∨ 𝜓 , ¬𝜑, and ¬𝜓 .

2. We can derive both
𝜑 𝜓
∨I ∨I
𝜑 ∨𝜓 𝜑 ∨𝜓 □

86
 6.7. Derivability and the Quantifiers

Proposition 6.18. 1. 𝜑, 𝜑 → 𝜓 ⊢ 𝜓 .

2. Both ¬𝜑 ⊢ 𝜑 → 𝜓 and 𝜓 ⊢ 𝜑 → 𝜓 .

Proof. 1. We can derive:

𝜑 →𝜓 𝜑
→E
𝜓

2. This is shown by the following two derivations:

¬𝜑 [𝜑] 1
⊥ ¬E
⊥E
𝜓 𝜓
→I1 →I
𝜑 →𝜓 𝜑 →𝜓

Note that →I may, but does not have to, discharge the assumption 𝜑. □

6.7 Derivability and the Quantifiers

The completeness theorem also requires that the natural deduction rules yield the
facts about ⊢ established in this section.

Theorem 6.19. If 𝑐 is a constant not occurring in Γ or 𝜑 (𝑥) and Γ ⊢ 𝜑 (𝑐), then Γ ⊢

∀𝑥 𝜑 (𝑥).

Proof. Let 𝛿 be a derivation of 𝜑 (𝑐) from Γ. By adding a ∀I inference, we obtain

a derivation of ∀𝑥 𝜑 (𝑥). Since 𝑐 does not occur in Γ or 𝜑 (𝑥), the eigenvariable
condition is satisfied. □

Proposition 6.20. 1. 𝜑 (𝑡) ⊢ ∃𝑥 𝜑 (𝑥).

2. ∀𝑥 𝜑 (𝑥) ⊢ 𝜑 (𝑡).

Proof. 1. The following is a derivation of ∃𝑥 𝜑 (𝑥) from 𝜑 (𝑡):

𝜑 (𝑡)
∃I
∃𝑥 𝜑 (𝑥)

2. The following is a derivation of 𝜑 (𝑡) from ∀𝑥 𝜑 (𝑥):

∀𝑥 𝜑 (𝑥)
∀E
𝜑 (𝑡) □

87
6. Natural Deduction

6.8 Soundness
A derivation system, such as natural deduction, is sound if it cannot derive things
that do not actually follow. Soundness is thus a kind of guaranteed safety property
for derivation systems. Depending on which proof theoretic property is in question,
we would like to know for instance, that

1. every derivable sentence is valid;

2. if a sentence is derivable from some others, it is also a consequence of them;

3. if a set of sentences is inconsistent, it is unsatisfiable.

These are important properties of a derivation system. If any of them do not hold, the
derivation system is deficient—it would derive too much. Consequently, establishing
the soundness of a derivation system is of the utmost importance.

Theorem 6.21 (Soundness). If 𝜑 is derivable from the undischarged assumptions Γ,

then Γ ⊨ 𝜑.

Proof. Let 𝛿 be a derivation of 𝜑. We proceed by induction on the number of inferences

in 𝛿.
For the induction basis we show the claim if the number of inferences is 0. In this
case, 𝛿 consists only of a single sentence 𝜑, i.e., an assumption. That assumption is
undischarged, since assumptions can only be discharged by inferences, and there are
no inferences. So, any structure 𝔐 that satisfies all of the undischarged assumptions
of the proof also satisfies 𝜑.
Now for the inductive step. Suppose that 𝛿 contains 𝑛 inferences. The premise(s)
of the lowermost inference are derived using sub-derivations, each of which contains
fewer than 𝑛 inferences. We assume the induction hypothesis: The premises of the
lowermost inference follow from the undischarged assumptions of the sub-derivations
ending in those premises. We have to show that the conclusion 𝜑 follows from the
undischarged assumptions of the entire proof.
We distinguish cases according to the type of the lowermost inference. First, we
consider the possible inferences with only one premise.

1. Suppose that the last inference is ¬I: The derivation has the form

Γ, [𝜑] 𝑛

𝛿1
⊥
¬𝜑 ¬I𝑛

By inductive hypothesis, ⊥ follows from the undischarged assumptions Γ ∪ {𝜑 }

of 𝛿 1 . Consider a structure 𝔐. We need to show that, if 𝔐 ⊨ Γ, then 𝔐 ⊨ ¬𝜑.
Suppose for reductio that 𝔐 ⊨ Γ, but 𝔐 ⊭ ¬𝜑, i.e., 𝔐 ⊨ 𝜑. This would mean
that 𝔐 ⊨ Γ ∪ {𝜑 }. This is contrary to our inductive hypothesis. So, 𝔐 ⊨ ¬𝜑.

2. The last inference is ∧E: There are two variants: 𝜑 or 𝜓 may be inferred from
the premise 𝜑 ∧ 𝜓 . Consider the first case. The derivation 𝛿 looks like this:

88
 6.8. Soundness

Γ
𝛿1

𝜑 ∧𝜓
𝜑 ∧E

By inductive hypothesis, 𝜑 ∧ 𝜓 follows from the undischarged assumptions Γ

of 𝛿 1 . Consider a structure 𝔐. We need to show that, if 𝔐 ⊨ Γ, then 𝔐 ⊨ 𝜑.
Suppose 𝔐 ⊨ Γ. By our inductive hypothesis (Γ ⊨ 𝜑 ∧ 𝜓 ), we know that
𝔐 ⊨ 𝜑 ∧ 𝜓 . By definition, 𝔐 ⊨ 𝜑 ∧ 𝜓 iff 𝔐 ⊨ 𝜑 and 𝔐 ⊨ 𝜓 . (The case where 𝜓
is inferred from 𝜑 ∧ 𝜓 is handled similarly.)
3. The last inference is ∨I: There are two variants: 𝜑 ∨ 𝜓 may be inferred from
the premise 𝜑 or the premise 𝜓 . Consider the first case. The derivation has the
form
Γ
𝛿1
𝜑
∨I
𝜑 ∨𝜓

By inductive hypothesis, 𝜑 follows from the undischarged assumptions Γ of 𝛿 1 .

Consider a structure 𝔐. We need to show that, if 𝔐 ⊨ Γ, then 𝔐 ⊨ 𝜑 ∨ 𝜓 .
Suppose 𝔐 ⊨ Γ; then 𝔐 ⊨ 𝜑 since Γ ⊨ 𝜑 (the inductive hypothesis). So it must
also be the case that 𝔐 ⊨ 𝜑 ∨ 𝜓 . (The case where 𝜑 ∨ 𝜓 is inferred from 𝜓 is
handled similarly.)
4. The last inference is →I: 𝜑 → 𝜓 is inferred from a subproof with assumption 𝜑
and conclusion 𝜓 , i.e.,

Γ, [𝜑] 𝑛

𝛿1

𝜓
→I𝑛
𝜑 →𝜓

By inductive hypothesis, 𝜓 follows from the undischarged assumptions of 𝛿 1 ,

i.e., Γ ∪ {𝜑 } ⊨ 𝜓 . Consider a structure 𝔐. The undischarged assumptions of 𝛿
are just Γ, since 𝜑 is discharged at the last inference. So we need to show
that Γ ⊨ 𝜑 → 𝜓 . For reductio, suppose that for some structure 𝔐, 𝔐 ⊨ Γ but
𝔐 ⊭ 𝜑 → 𝜓 . So, 𝔐 ⊨ 𝜑 and 𝔐 ⊭ 𝜓 . But by hypothesis, 𝜓 is a consequence of
Γ ∪ {𝜑 }, i.e., 𝔐 ⊨ 𝜓 , which is a contradiction. So, Γ ⊨ 𝜑 → 𝜓 .
5. The last inference is ⊥E: Here, 𝛿 ends in

Γ
𝛿1
⊥
𝜑 ⊥E

89
6. Natural Deduction

By induction hypothesis, Γ ⊨ ⊥. We have to show that Γ ⊨ 𝜑. Suppose not; then

for some 𝔐 we have 𝔐 ⊨ Γ and 𝔐 ⊭ 𝜑. But we always have 𝔐 ⊭ ⊥, so this
would mean that Γ ⊭ ⊥, contrary to the induction hypothesis.
6. The last inference is RAA: Exercise.
7. The last inference is ∀I: Then 𝛿 has the form

Γ
𝛿1

𝜑 (𝑎)
∀I
∀𝑥 𝜑 (𝑥)

The premise 𝜑 (𝑎) is a consequence of the undischarged assumptions Γ by

induction hypothesis. Consider some structure, 𝔐, such that 𝔐 ⊨ Γ. We need
to show that 𝔐 ⊨ ∀𝑥 𝜑 (𝑥). Since ∀𝑥 𝜑 (𝑥) is a sentence, this means we have to
show that for every variable assignment 𝑠, 𝔐, 𝑠 ⊨ 𝜑 (𝑥) (Proposition 4.47). Since
Γ consists entirely of sentences, 𝔐, 𝑠 ⊨ 𝜓 for all 𝜓 ∈ Γ by Definition 4.40. Let
′
𝔐 ′ be like 𝔐 except that 𝑎 𝔐 = 𝑠 (𝑥). Since 𝑎 does not occur in Γ, 𝔐 ′ ⊨ Γ by
Corollary 4.49. Since Γ ⊨ 𝜑 (𝑎), 𝔐 ′ ⊨ 𝜑 (𝑎). Since 𝜑 (𝑎) is a sentence, 𝔐 ′, 𝑠 ⊨ 𝜑 (𝑎)
by Proposition 4.46. 𝔐 ′, 𝑠 ⊨ 𝜑 (𝑥) iff 𝔐 ′ ⊨ 𝜑 (𝑎) by Proposition 4.51 (recall that
𝜑 (𝑎) is just 𝜑 (𝑥) [𝑎/𝑥]). So, 𝔐 ′, 𝑠 ⊨ 𝜑 (𝑥). Since 𝑎 does not occur in 𝜑 (𝑥), by
Proposition 4.48, 𝔐, 𝑠 ⊨ 𝜑 (𝑥). But 𝑠 was an arbitrary variable assignment, so
𝔐 ⊨ ∀𝑥 𝜑 (𝑥).
8. The last inference is ∃I: Exercise.
9. The last inference is ∀E: Exercise.

Now let’s consider the possible inferences with several premises: ∨E, ∧I, →E, and
∃E.
1. The last inference is ∧I. 𝜑 ∧ 𝜓 is inferred from the premises 𝜑 and 𝜓 and 𝛿 has
the form

Γ1 Γ2

𝛿1 𝛿2

𝜑 𝜓
∧I
𝜑 ∧𝜓

By induction hypothesis, 𝜑 follows from the undischarged assumptions Γ1 of 𝛿 1

and 𝜓 follows from the undischarged assumptions Γ2 of 𝛿 2 . The undischarged
assumptions of 𝛿 are Γ1 ∪ Γ2 , so we have to show that Γ1 ∪ Γ2 ⊨ 𝜑 ∧ 𝜓 . Consider
a structure 𝔐 with 𝔐 ⊨ Γ1 ∪ Γ2 . Since 𝔐 ⊨ Γ1 , it must be the case that 𝔐 ⊨ 𝜑
as Γ1 ⊨ 𝜑, and since 𝔐 ⊨ Γ2 , 𝔐 ⊨ 𝜓 since Γ2 ⊨ 𝜓 . Together, 𝔐 ⊨ 𝜑 ∧ 𝜓 .
2. The last inference is ∨E: Exercise.
3. The last inference is →E. 𝜓 is inferred from the premises 𝜑 → 𝜓 and 𝜑. The
derivation 𝛿 looks like this:

90
 6.9. Derivations with Identity predicate

Γ1 Γ2
𝛿1 𝛿2
𝜑 →𝜓 𝜑
→E
𝜓

By induction hypothesis, 𝜑 → 𝜓 follows from the undischarged assumptions Γ1

of 𝛿 1 and 𝜑 follows from the undischarged assumptions Γ2 of 𝛿 2 . Consider
a structure 𝔐. We need to show that, if 𝔐 ⊨ Γ1 ∪ Γ2 , then 𝔐 ⊨ 𝜓 . Suppose
𝔐 ⊨ Γ1 ∪ Γ2 . Since Γ1 ⊨ 𝜑 → 𝜓 , 𝔐 ⊨ 𝜑 → 𝜓 . Since Γ2 ⊨ 𝜑, we have 𝔐 ⊨ 𝜑.
This means that 𝔐 ⊨ 𝜓 (For if 𝔐 ⊭ 𝜓 , since 𝔐 ⊨ 𝜑, we’d have 𝔐 ⊭ 𝜑 → 𝜓 ,
contradicting 𝔐 ⊨ 𝜑 → 𝜓 ).

4. The last inference is ¬E: Exercise.

5. The last inference is ∃E: Exercise. □

Corollary 6.22. If ⊢ 𝜑, then 𝜑 is valid.

Corollary 6.23. If Γ is satisfiable, then it is consistent.

Proof. We prove the contrapositive. Suppose that Γ is not consistent. Then Γ ⊢ ⊥, i.e.,
there is a derivation of ⊥ from undischarged assumptions in Γ. By Theorem 6.21, any
structure 𝔐 that satisfies Γ must satisfy ⊥. Since 𝔐 ⊭ ⊥ for every structure 𝔐, no
𝔐 can satisfy Γ, i.e., Γ is not satisfiable. □

6.9 Derivations with Identity predicate

Derivations with identity predicate require additional inference rules.

𝑡1 = 𝑡2 𝜑 (𝑡 1 )
=E
𝜑 (𝑡 2 )
𝑡 = 𝑡 =I
𝑡1 = 𝑡2 𝜑 (𝑡 2 )
=E
𝜑 (𝑡 1 )

In the above rules, 𝑡, 𝑡 1 , and 𝑡 2 are closed terms. The =I rule allows us to derive
any identity statement of the form 𝑡 = 𝑡 outright, from no assumptions.

Example 6.24. If 𝑠 and 𝑡 are closed terms, then 𝜑 (𝑠), 𝑠 = 𝑡 ⊢ 𝜑 (𝑡):

𝑠 =𝑡 𝜑 (𝑠)
=E
𝜑 (𝑡)

This may be familiar as the “principle of substitutability of identicals,” or Leibniz’ Law.

Example 6.25. We derive the sentence

∀𝑥 ∀𝑦 ((𝜑 (𝑥) ∧ 𝜑 (𝑦)) → 𝑥 = 𝑦)

91
6. Natural Deduction

from the sentence

∃𝑥 ∀𝑦 (𝜑 (𝑦) → 𝑦 = 𝑥)
We develop the derivation backwards:
∃𝑥 ∀𝑦 (𝜑 (𝑦) → 𝑦 = 𝑥) [𝜑 (𝑎) ∧ 𝜑 (𝑏)] 1

𝑎 =𝑏 →I1
((𝜑 (𝑎) ∧ 𝜑 (𝑏)) → 𝑎 = 𝑏)
∀I
∀𝑦 ((𝜑 (𝑎) ∧ 𝜑 (𝑦)) → 𝑎 = 𝑦)
∀I
∀𝑥 ∀𝑦 ((𝜑 (𝑥) ∧ 𝜑 (𝑦)) → 𝑥 = 𝑦)
We’ll now have to use the main assumption: since it is an existential formula, we use
∃E to derive the intermediary conclusion 𝑎 = 𝑏.
[∀𝑦 (𝜑 (𝑦) → 𝑦 = 𝑐)] 2
[𝜑 (𝑎) ∧ 𝜑 (𝑏)] 1

∃𝑥 ∀𝑦 (𝜑 (𝑦) → 𝑦 = 𝑥) 𝑎 =𝑏
∃E2
𝑎 =𝑏 →I1
((𝜑 (𝑎) ∧ 𝜑 (𝑏)) → 𝑎 = 𝑏)
∀I
∀𝑦 ((𝜑 (𝑎) ∧ 𝜑 (𝑦)) → 𝑎 = 𝑦)
∀I
∀𝑥 ∀𝑦 ((𝜑 (𝑥) ∧ 𝜑 (𝑦)) → 𝑥 = 𝑦)
The sub-derivation on the top right is completed by using its assumptions to show
that 𝑎 = 𝑐 and 𝑏 = 𝑐. This requires two separate derivations. The derivation for 𝑎 = 𝑐
is as follows:
[∀𝑦 (𝜑 (𝑦) → 𝑦 = 𝑐)] 2 [𝜑 (𝑎) ∧ 𝜑 (𝑏)] 1
∀E ∧E
𝜑 (𝑎) → 𝑎 = 𝑐 𝜑 (𝑎)
𝑎 =𝑐 →E

From 𝑎 = 𝑐 and 𝑏 = 𝑐 we derive 𝑎 = 𝑏 by =E.

6.10 Soundness with Identity predicate

Proposition 6.26. Natural deduction with rules for = is sound.
Proof. Any formula of the form 𝑡 = 𝑡 is valid, since for every structure 𝔐, 𝔐 ⊨ 𝑡 = 𝑡.
(Note that we assume the term 𝑡 to be closed, i.e., it contains no variables, so variable
assignments are irrelevant).
Suppose the last inference in a derivation is =E, i.e., the derivation has the follow-
ing form:
Γ1 Γ2

𝛿1 𝛿2

𝑡1 = 𝑡2 𝜑 (𝑡 1 )
=E
𝜑 (𝑡 2 )

92
 6.10. Soundness with Identity predicate

The premises 𝑡 1 = 𝑡 2 and 𝜑 (𝑡 1 ) are derived from undischarged assumptions Γ1 and Γ2 ,

respectively. We want to show that 𝜑 (𝑡 2 ) follows from Γ1 ∪ Γ2 . Consider a structure 𝔐
with 𝔐 ⊨ Γ1 ∪ Γ2 . By induction hypothesis, 𝔐 ⊨ 𝜑 (𝑡 1 ) and 𝔐 ⊨ 𝑡 1 = 𝑡 2 . Therefore,
Val𝔐 (𝑡 1 ) = Val𝔐 (𝑡 2 ). Let 𝑠 be any variable assignment, and 𝑚 = Val𝔐 (𝑡 1 ) = Val𝔐 (𝑡 2 ).
By Proposition 4.51, 𝔐, 𝑠 ⊨ 𝜑 (𝑡 1 ) iff 𝔐, 𝑠 [𝑚/𝑥] ⊨ 𝜑 (𝑥) iff 𝔐, 𝑠 ⊨ 𝜑 (𝑡 2 ). Since 𝔐 ⊨
𝜑 (𝑡 1 ), we have 𝔐 ⊨ 𝜑 (𝑡 2 ). □

Problems
Problem 6.1. Give derivations that show the following:

1. ⊢ (∀𝑥 𝜑 (𝑥) ∧ ∀𝑦 𝜓 (𝑦)) → ∀𝑧 (𝜑 (𝑧) ∧ 𝜓 (𝑧)).

2. ⊢ (∃𝑥 𝜑 (𝑥) ∨ ∃𝑦 𝜓 (𝑦)) → ∃𝑧 (𝜑 (𝑧) ∨ 𝜓 (𝑧)).
3. ∀𝑥 (𝜑 (𝑥) → 𝜓 ) ⊢ ∃𝑦 𝜑 (𝑦) → 𝜓 .
4. ∀𝑥 ¬𝜑 (𝑥) ⊢ ¬∃𝑥 𝜑 (𝑥).
5. ⊢ ¬∃𝑥 𝜑 (𝑥) → ∀𝑥 ¬𝜑 (𝑥).
6. ⊢ ¬∃𝑥 ∀𝑦 ((𝜑 (𝑥, 𝑦) → ¬𝜑 (𝑦, 𝑦)) ∧ (¬𝜑 (𝑦, 𝑦) → 𝜑 (𝑥, 𝑦))).

Problem 6.2. Give derivations that show the following:

1. ⊢ ¬∀𝑥 𝜑 (𝑥) → ∃𝑥 ¬𝜑 (𝑥).

2. (∀𝑥 𝜑 (𝑥) → 𝜓 ) ⊢ ∃𝑦 (𝜑 (𝑦) → 𝜓 ).
3. ⊢ ∃𝑥 (𝜑 (𝑥) → ∀𝑦 𝜑 (𝑦)).

(These all require the RAA rule.)

Problem 6.3. Prove Proposition 6.10

Problem 6.4. Prove the following variation of Proposition Proposition 6.13: Γ ⊢ ¬𝜑

iff Γ ∪ {𝜑 } is inconsistent.

Problem 6.5. Complete the proof of Theorem 6.21.

Problem 6.6. Prove that = is both symmetric and transitive, i.e., give derivations of
∀𝑥 ∀𝑦 (𝑥 = 𝑦 → 𝑦 = 𝑥) and ∀𝑥 ∀𝑦 ∀𝑧 ((𝑥 = 𝑦 ∧ 𝑦 = 𝑧) → 𝑥 = 𝑧)

Problem 6.7. Give derivations of the following formulas:

1. ∀𝑥 ∀𝑦 ((𝑥 = 𝑦 ∧ 𝜑 (𝑥)) → 𝜑 (𝑦))

2. ∃𝑥 𝜑 (𝑥) ∧ ∀𝑦 ∀𝑧 ((𝜑 (𝑦) ∧ 𝜑 (𝑧)) → 𝑦 = 𝑧) → ∃𝑥 (𝜑 (𝑥) ∧ ∀𝑦 (𝜑 (𝑦) → 𝑦 = 𝑥))

93
Chapter 7

The Completeness Theorem

7.1 Introduction
The completeness theorem is one of the most fundamental results about logic. It comes
in two formulations, the equivalence of which we’ll prove. In its first formulation it
says something fundamental about the relationship between semantic consequence
and our derivation system: if a sentence 𝜑 follows from some sentences Γ, then there
is also a derivation that establishes Γ ⊢ 𝜑. Thus, the derivation system is as strong as
it can possibly be without proving things that don’t actually follow.
In its second formulation, it can be stated as a model existence result: every
consistent set of sentences is satisfiable. Consistency is a proof-theoretic notion: it
says that our derivation system is unable to produce certain derivations. But who’s to
say that just because there are no derivations of a certain sort from Γ, it’s guaranteed
that there is a structure 𝔐? Before the completeness theorem was first proved—in fact
before we had the derivation systems we now do—the great German mathematician
David Hilbert held the view that consistency of mathematical theories guarantees
the existence of the objects they are about. He put it as follows in a letter to Gottlob
Frege:

If the arbitrarily given axioms do not contradict one another with all their
consequences, then they are true and the things defined by the axioms
exist. This is for me the criterion of truth and existence.

Frege vehemently disagreed. Under one reading of the completeness theorem Hilbert
was correct: if the axioms are consistent, then some structure exists that makes
them all true. But the completeness theorem does not rule out the existence of other
structures that make the same axioms true. Ultimately, whether Hilbert was correct
depends on how different models of a set of axioms are related, a topic we return to
in the next chapter.
These aren’t the only reasons the completeness theorem—or rather, its proof—is
important. It has a number of important consequences, some of which we’ll discuss
separately. For instance, since any derivation that shows Γ ⊢ 𝜑 is finite and so can
only use finitely many of the sentences in Γ, it follows by the completeness theorem
that if 𝜑 is a consequence of Γ, it is already a consequence of a finite subset of Γ. This
is called compactness. Equivalently, if every finite subset of Γ is consistent, then Γ
itself must be consistent.

95
7. The Completeness Theorem

Although the compactness theorem follows from the completeness theorem via the
detour through derivations, it is also possible to use the the proof of the completeness
theorem to establish it directly. For what the proof does is take a set of sentences
with a certain property—consistency—and constructs a structure out of this set that
has certain properties (in this case, that it satisfies the set). Almost the very same
construction can be used to directly establish compactness, by starting from “finitely
satisfiable” sets of sentences instead of consistent ones. The construction also yields
other consequences, e.g., that any satisfiable set of sentences has a finite or countably
infinite model. (This result is called the Löwenheim-Skolem theorem.) In general, the
construction of structures from sets of sentences is used often in logic, and sometimes
even in philosophy.

7.2 Outline of the Proof

The proof of the completeness theorem is a bit complex, and upon first reading it, it is
easy to get lost. So let us outline the proof. The first step is a shift of perspective, that
allows us to see a route to a proof. When completeness is thought of as “whenever
Γ ⊨ 𝜑 then Γ ⊢ 𝜑,” it may be hard to even come up with an idea: for to show that Γ ⊢ 𝜑
we have to find a derivation, and it does not look like the hypothesis that Γ ⊨ 𝜑 helps
us for this in any way. For some proof systems it is possible to directly construct
a derivation, but we will take a slightly different approach. The shift in perspective
required is this: completeness can also be formulated as: “if Γ is consistent, it is
satisfiable.” Perhaps we can use the information in Γ together with the hypothesis
that it is consistent to construct a structure that satisfies every sentence in Γ. After
all, we know what kind of structure we are looking for: one that is as Γ describes it!
If Γ contains only atomic sentences, it is easy to construct a model for it. Suppose
the atomic sentences are all of the form 𝑃 (𝑎 1, . . . , 𝑎𝑛 ) where the 𝑎𝑖 are constant
symbols. All we have to do is come up with a domain |𝔐| and an assignment for 𝑃
so that 𝔐 ⊨ 𝑃 (𝑎 1, . . . , 𝑎𝑛 ). But that’s not very hard: put |𝔐| = N, 𝑐𝑖𝔐 = 𝑖, and for
every 𝑃 (𝑎 1, . . . , 𝑎𝑛 ) ∈ Γ, put the tuple ⟨𝑘 1, . . . , 𝑘𝑛 ⟩ into 𝑃 𝔐 , where 𝑘𝑖 is the index of
the constant symbol 𝑎𝑖 (i.e., 𝑎𝑖 ≡ 𝑐𝑘𝑖 ).
Now suppose Γ contains some formula ¬𝜓 , with 𝜓 atomic. We might worry that
the construction of 𝔐 interferes with the possibility of making ¬𝜓 true. But here’s
where the consistency of Γ comes in: if ¬𝜓 ∈ Γ, then 𝜓 ∉ Γ, or else Γ would be
inconsistent. And if 𝜓 ∉ Γ, then according to our construction of 𝔐, 𝔐 ⊭ 𝜓 , so
𝔐 ⊨ ¬𝜓 . So far so good.
What if Γ contains complex, non-atomic formulas? Say it contains 𝜑 ∧𝜓 . To make
that true, we should proceed as if both 𝜑 and 𝜓 were in Γ. And if 𝜑 ∨ 𝜓 ∈ Γ, then we
will have to make at least one of them true, i.e., proceed as if one of them was in Γ.
This suggests the following idea: we add additional formulas to Γ so as to (a) keep
the resulting set consistent and (b) make sure that for every possible atomic sentence 𝜑,
either 𝜑 is in the resulting set, or ¬𝜑 is, and (c) such that, whenever 𝜑 ∧𝜓 is in the set,
so are both 𝜑 and 𝜓 , if 𝜑 ∨ 𝜓 is in the set, at least one of 𝜑 or 𝜓 is also, etc. We keep
doing this (potentially forever). Call the set of all formulas so added Γ ∗ . Then our
construction above would provide us with a structure 𝔐 for which we could prove,
by induction, that it satisfies all sentences in Γ ∗ , and hence also all sentence in Γ since
Γ ⊆ Γ ∗ . It turns out that guaranteeing (a) and (b) is enough. A set of sentences for
which (b) holds is called complete. So our task will be to extend the consistent set Γ to
a consistent and complete set Γ ∗ .

96
 7.2. Outline of the Proof

There is one wrinkle in this plan: if ∃𝑥 𝜑 (𝑥) ∈ Γ we would hope to be able to pick
some constant symbol 𝑐 and add 𝜑 (𝑐) in this process. But how do we know we can
always do that? Perhaps we only have a few constant symbols in our language, and
for each one of them we have ¬𝜑 (𝑐) ∈ Γ. We can’t also add 𝜑 (𝑐), since this would
make the set inconsistent, and we wouldn’t know whether 𝔐 has to make 𝜑 (𝑐) or
¬𝜑 (𝑐) true. Moreover, it might happen that Γ contains only sentences in a language
that has no constant symbols at all (e.g., the language of set theory).
The solution to this problem is to simply add infinitely many constants at the
beginning, plus sentences that connect them with the quantifiers in the right way.
(Of course, we have to verify that this cannot introduce an inconsistency.)
Our original construction works well if we only have constant symbols in the
atomic sentences. But the language might also contain function symbols. In that case,
it might be tricky to find the right functions on N to assign to these function symbols
to make everything work. So here’s another trick: instead of using 𝑖 to interpret 𝑐𝑖 ,
just take the set of constant symbols itself as the domain. Then 𝔐 can assign every
constant symbol to itself: 𝑐𝑖𝔐 = 𝑐𝑖 . But why not go all the way: let |𝔐| be all terms of
the language! If we do this, there is an obvious assignment of functions (that take
terms as arguments and have terms as values) to function symbols: we assign to the
function symbol 𝑓𝑖𝑛 the function which, given 𝑛 terms 𝑡 1 , . . . , 𝑡𝑛 as input, produces
the term 𝑓𝑖𝑛 (𝑡 1, . . . , 𝑡𝑛 ) as value.
The last piece of the puzzle is what to do with =. The predicate symbol = has a
fixed interpretation: 𝔐 ⊨ 𝑡 = 𝑡 ′ iff Val𝔐 (𝑡) = Val𝔐 (𝑡 ′ ). Now if we set things up so
that the value of a term 𝑡 is 𝑡 itself, then this structure will make no sentence of the
form 𝑡 = 𝑡 ′ true unless 𝑡 and 𝑡 ′ are one and the same term. And of course this is a
problem, since basically every interesting theory in a language with function symbols
will have as theorems sentences 𝑡 = 𝑡 ′ where 𝑡 and 𝑡 ′ are not the same term (e.g., in
theories of arithmetic: (0 + 0) = 0). To solve this problem, we change the domain
of 𝔐: instead of using terms as the objects in |𝔐|, we use sets of terms, and each set
is so that it contains all those terms which the sentences in Γ require to be equal. So,
e.g., if Γ is a theory of arithmetic, one of these sets will contain: 0, (0 + 0), (0 × 0), etc.
This will be the set we assign to 0, and it will turn out that this set is also the value of
all the terms in it, e.g., also of (0 + 0). Therefore, the sentence (0 + 0) = 0 will be true
in this revised structure.
So here’s what we’ll do. First we investigate the properties of complete consistent
sets, in particular we prove that a complete consistent set contains 𝜑 ∧𝜓 iff it contains
both 𝜑 and 𝜓 , 𝜑 ∨ 𝜓 iff it contains at least one of them, etc. (Proposition 7.2). Then we
define and investigate “saturated” sets of sentences. A saturated set is one which con-
tains conditionals that link each quantified sentence to instances of it (Definition 7.5).
We show that any consistent set Γ can always be extended to a saturated set Γ ′
(Lemma 7.6). If a set is consistent, saturated, and complete it also has the property
that it contains ∃𝑥 𝜑 (𝑥) iff it contains 𝜑 (𝑡) for some closed term 𝑡 and ∀𝑥 𝜑 (𝑥) iff it
contains 𝜑 (𝑡) for all closed terms 𝑡 (Proposition 7.7). We’ll then take the saturated
consistent set Γ ′ and show that it can be extended to a saturated, consistent, and com-
plete set Γ ∗ (Lemma 7.8). This set Γ ∗ is what we’ll use to define our term model 𝔐(Γ ∗ ).
The term model has the set of closed terms as its domain, and the interpretation of its
predicate symbols is given by the atomic sentences in Γ ∗ (Definition 7.9). We’ll use
the properties of saturated, complete consistent sets to show that indeed 𝔐(Γ ∗ ) ⊨ 𝜑
iff 𝜑 ∈ Γ ∗ (Lemma 7.12), and thus in particular, 𝔐(Γ ∗ ) ⊨ Γ. Finally, we’ll consider
how to define a term model if Γ contains = as well (Definition 7.16) and show that it
satisfies Γ ∗ (Lemma 7.19).

97
7. The Completeness Theorem

7.3 Complete Consistent Sets of Sentences

Definition 7.1 (Complete set). A set Γ of sentences is complete iff for any sen-
tence 𝜑, either 𝜑 ∈ Γ or ¬𝜑 ∈ Γ.

Complete sets of sentences leave no questions unanswered. For any sentence 𝜑,

Γ “says” if 𝜑 is true or false. The importance of complete sets extends beyond the
proof of the completeness theorem. A theory which is complete and axiomatizable,
for instance, is always decidable.
Complete consistent sets are important in the completeness proof since we can
guarantee that every consistent set of sentences Γ is contained in a complete consistent
set Γ ∗ . A complete consistent set contains, for each sentence 𝜑, either 𝜑 or its negation
¬𝜑, but not both. This is true in particular for atomic sentences, so from a complete
consistent set in a language suitably expanded by constant symbols, we can construct
a structure where the interpretation of predicate symbols is defined according to
which atomic sentences are in Γ ∗ . This structure can then be shown to make all
sentences in Γ ∗ (and hence also all those in Γ) true. The proof of this latter fact
requires that ¬𝜑 ∈ Γ ∗ iff 𝜑 ∉ Γ ∗ , (𝜑 ∨ 𝜓 ) ∈ Γ ∗ iff 𝜑 ∈ Γ ∗ or 𝜓 ∈ Γ ∗ , etc.
In what follows, we will often tacitly use the properties of reflexivity, monotonicity,
and transitivity of ⊢ (see section 6.4).

Proposition 7.2. Suppose Γ is complete and consistent. Then:

1. If Γ ⊢ 𝜑, then 𝜑 ∈ Γ.

2. 𝜑 ∧ 𝜓 ∈ Γ iff both 𝜑 ∈ Γ and 𝜓 ∈ Γ.

3. 𝜑 ∨ 𝜓 ∈ Γ iff either 𝜑 ∈ Γ or 𝜓 ∈ Γ.

4. 𝜑 → 𝜓 ∈ Γ iff either 𝜑 ∉ Γ or 𝜓 ∈ Γ.

Proof. Let us suppose for all of the following that Γ is complete and consistent.

1. If Γ ⊢ 𝜑, then 𝜑 ∈ Γ.
Suppose that Γ ⊢ 𝜑. Suppose to the contrary that 𝜑 ∉ Γ. Since Γ is complete,
¬𝜑 ∈ Γ. By Proposition 6.14, Γ is inconsistent. This contradicts the assumption
that Γ is consistent. Hence, it cannot be the case that 𝜑 ∉ Γ, so 𝜑 ∈ Γ.

2. 𝜑 ∧ 𝜓 ∈ Γ iff both 𝜑 ∈ Γ and 𝜓 ∈ Γ:

For the forward direction, suppose 𝜑 ∧𝜓 ∈ Γ. Then by Proposition 6.16, item (1),
Γ ⊢ 𝜑 and Γ ⊢ 𝜓 . By (1), 𝜑 ∈ Γ and 𝜓 ∈ Γ, as required.
For the reverse direction, let 𝜑 ∈ Γ and 𝜓 ∈ Γ. By Proposition 6.16, item (2),
Γ ⊢ 𝜑 ∧ 𝜓 . By (1), 𝜑 ∧ 𝜓 ∈ Γ.

3. First we show that if 𝜑 ∨𝜓 ∈ Γ, then either 𝜑 ∈ Γ or𝜓 ∈ Γ. Suppose 𝜑 ∨𝜓 ∈ Γ but

𝜑 ∉ Γ and 𝜓 ∉ Γ. Since Γ is complete, ¬𝜑 ∈ Γ and ¬𝜓 ∈ Γ. By Proposition 6.17,
item (1), Γ is inconsistent, a contradiction. Hence, either 𝜑 ∈ Γ or 𝜓 ∈ Γ.
For the reverse direction, suppose that 𝜑 ∈ Γ or 𝜓 ∈ Γ. By Proposition 6.17,
item (2), Γ ⊢ 𝜑 ∨ 𝜓 . By (1), 𝜑 ∨ 𝜓 ∈ Γ, as required.

98
 7.4. Henkin Expansion

4. For the forward direction, suppose 𝜑 → 𝜓 ∈ Γ, and suppose to the contrary

that 𝜑 ∈ Γ and 𝜓 ∉ Γ. On these assumptions, 𝜑 → 𝜓 ∈ Γ and 𝜑 ∈ Γ. By
Proposition 6.18, item (1), Γ ⊢ 𝜓 . But then by (1), 𝜓 ∈ Γ, contradicting the
assumption that 𝜓 ∉ Γ.
For the reverse direction, first consider the case where 𝜑 ∉ Γ. Since Γ is
complete, ¬𝜑 ∈ Γ. By Proposition 6.18, item (2), Γ ⊢ 𝜑 → 𝜓 . Again by (1), we
get that 𝜑 → 𝜓 ∈ Γ, as required.
Now consider the case where 𝜓 ∈ Γ. By Proposition 6.18, item (2) again,
Γ ⊢ 𝜑 → 𝜓 . By (1), 𝜑 → 𝜓 ∈ Γ. □

7.4 Henkin Expansion

Part of the challenge in proving the completeness theorem is that the model we
construct from a complete consistent set Γ must make all the quantified formulas
in Γ true. In order to guarantee this, we use a trick due to Leon Henkin. In essence,
the trick consists in expanding the language by infinitely many constant symbols
and adding, for each formula with one free variable 𝜑 (𝑥) a formula of the form
∃𝑥 𝜑 (𝑥) → 𝜑 (𝑐), where 𝑐 is one of the new constant symbols. When we construct the
structure satisfying Γ, this will guarantee that each true existential sentence has a
witness among the new constants.

Proposition 7.3. If Γ is in L and consistent in L and L ′ is obtained from L by adding

a countably infinite set of new constant symbols 𝑑 0 , 𝑑 1 , . . . , then Γ is consistent in L ′ .

Definition 7.4 (Saturated set). A set Γ of formulas of a language L is saturated

iff for each formula 𝜑 (𝑥) ∈ Frm(L) with one free variable 𝑥 there is a constant
symbol 𝑐 ∈ L such that ∃𝑥 𝜑 (𝑥) → 𝜑 (𝑐) ∈ Γ.

The following definition will be used in the proof of the next theorem.

Definition 7.5. Let L ′ be as in Proposition 7.3. Fix an enumeration 𝜑 0 (𝑥 0 ), 𝜑 1 (𝑥 1 ),

. . . of all formulas 𝜑𝑖 (𝑥𝑖 ) of L ′ in which one variable (𝑥𝑖 ) occurs free. We define the
sentences 𝜃 𝑛 by induction on 𝑛.
Let 𝑐 0 be the first constant symbol among the 𝑑𝑖 we added to L which does not
occur in 𝜑 0 (𝑥 0 ). Assuming that 𝜃 0 , . . . , 𝜃 𝑛−1 have already been defined, let 𝑐𝑛 be
the first among the new constant symbols 𝑑𝑖 that occurs neither in 𝜃 0 , . . . , 𝜃 𝑛−1 nor
in 𝜑𝑛 (𝑥𝑛 ).
Now let 𝜃 𝑛 be the formula ∃𝑥𝑛 𝜑𝑛 (𝑥𝑛 ) → 𝜑𝑛 (𝑐𝑛 ).

Lemma 7.6. Every consistent set Γ can be extended to a saturated consistent set Γ ′ .

Proof. Given a consistent set of sentences Γ in a language L, expand the language by

adding a countably infinite set of new constant symbols to form L ′ . By Proposition 7.3,
Γ is still consistent in the richer language. Further, let 𝜃 𝑖 be as in Definition 7.5. Let

Γ0 = Γ
Γ𝑛+1 = Γ𝑛 ∪ {𝜃 𝑛 }

i.e., Γ𝑛+1 = Γ ∪ {𝜃 0, . . . , 𝜃 𝑛 }, and let Γ ′ = 𝑛 Γ𝑛 . Γ ′ is clearly saturated.

Ð

99
7. The Completeness Theorem

If Γ ′ were inconsistent, then for some 𝑛, Γ𝑛 would be inconsistent (Exercise:

explain why). So to show that Γ ′ is consistent it suffices to show, by induction on 𝑛,
that each set Γ𝑛 is consistent.
The induction basis is simply the claim that Γ0 = Γ is consistent, which is the
hypothesis of the theorem. For the induction step, suppose that Γ𝑛 is consistent but
Γ𝑛+1 = Γ𝑛 ∪ {𝜃 𝑛 } is inconsistent. Recall that 𝜃 𝑛 is ∃𝑥𝑛 𝜑𝑛 (𝑥𝑛 ) → 𝜑𝑛 (𝑐𝑛 ), where 𝜑𝑛 (𝑥𝑛 )
is a formula of L ′ with only the variable 𝑥𝑛 free. By the way we’ve chosen the 𝑐𝑛 (see
Definition 7.5), 𝑐𝑛 does not occur in 𝜑𝑛 (𝑥𝑛 ) nor in Γ𝑛 .
If Γ𝑛 ∪ {𝜃 𝑛 } is inconsistent, then Γ𝑛 ⊢ ¬𝜃 𝑛 , and hence both of the following hold:

Γ𝑛 ⊢ ∃𝑥𝑛 𝜑𝑛 (𝑥𝑛 ) Γ𝑛 ⊢ ¬𝜑𝑛 (𝑐𝑛 )

Since 𝑐𝑛 does not occur in Γ𝑛 or in 𝜑𝑛 (𝑥𝑛 ), Theorem 6.19 applies. From Γ𝑛 ⊢ ¬𝜑𝑛 (𝑐𝑛 ),
we obtain Γ𝑛 ⊢ ∀𝑥𝑛 ¬𝜑𝑛 (𝑥𝑛 ). Thus we have that both Γ𝑛 ⊢ ∃𝑥𝑛 𝜑𝑛 (𝑥𝑛 ) and Γ𝑛 ⊢
∀𝑥𝑛 ¬𝜑𝑛 (𝑥𝑛 ), so Γ𝑛 itself is inconsistent. (Note that ∀𝑥𝑛 ¬𝜑𝑛 (𝑥𝑛 ) ⊢ ¬∃𝑥𝑛 𝜑𝑛 (𝑥𝑛 ).)
Contradiction: Γ𝑛 was supposed to be consistent. Hence Γ𝑛 ∪ {𝜃 𝑛 } is consistent. □

We’ll now show that complete, consistent sets which are saturated have the
property that it contains a universally quantified sentence iff it contains all its instances
and it contains an existentially quantified sentence iff it contains at least one instance.
We’ll use this to show that the structure we’ll generate from a complete, consistent,
saturated set makes all its quantified sentences true.

Proposition 7.7. Suppose Γ is complete, consistent, and saturated.

1. ∃𝑥 𝜑 (𝑥) ∈ Γ iff 𝜑 (𝑡) ∈ Γ for at least one closed term 𝑡.

2. ∀𝑥 𝜑 (𝑥) ∈ Γ iff 𝜑 (𝑡) ∈ Γ for all closed terms 𝑡.

Proof. 1. First suppose that ∃𝑥 𝜑 (𝑥) ∈ Γ. Because Γ is saturated, (∃𝑥 𝜑 (𝑥) →

𝜑 (𝑐)) ∈ Γ for some constant symbol 𝑐. By Proposition 6.18, item (1), and
Proposition 7.2(1), 𝜑 (𝑐) ∈ Γ.
For the other direction, saturation is not necessary: Suppose 𝜑 (𝑡) ∈ Γ. Then
Γ ⊢ ∃𝑥 𝜑 (𝑥) by Proposition 6.20, item (1). By Proposition 7.2(1), ∃𝑥 𝜑 (𝑥) ∈ Γ.

2. Suppose that 𝜑 (𝑡) ∈ Γ for all closed terms 𝑡. By way of contradiction, assume
∀𝑥 𝜑 (𝑥) ∉ Γ. Since Γ is complete, ¬∀𝑥 𝜑 (𝑥) ∈ Γ. By saturation, (∃𝑥 ¬𝜑 (𝑥) →
¬𝜑 (𝑐)) ∈ Γ for some constant symbol 𝑐. By assumption, since 𝑐 is a closed term,
𝜑 (𝑐) ∈ Γ. But this would make Γ inconsistent. (Exercise: give the derivation
that shows
¬∀𝑥 𝜑 (𝑥), ∃𝑥 ¬𝜑 (𝑥) → ¬𝜑 (𝑐), 𝜑 (𝑐)

is inconsistent.)
For the reverse direction, we do not need saturation: Suppose ∀𝑥 𝜑 (𝑥) ∈ Γ.
Then Γ ⊢ 𝜑 (𝑡) by Proposition 6.20, item (2). We get 𝜑 (𝑡) ∈ Γ by Proposition 7.2.
□

100
 7.5. Lindenbaum’s Lemma

7.5 Lindenbaum’s Lemma

We now prove a lemma that shows that any consistent set of sentences is contained
in some set of sentences which is not just consistent, but also complete. The proof
works by adding one sentence at a time, guaranteeing at each step that the set remains
consistent. We do this so that for every 𝜑, either 𝜑 or ¬𝜑 gets added at some stage.
The union of all stages in that construction then contains either 𝜑 or its negation ¬𝜑
and is thus complete. It is also consistent, since we made sure at each stage not to
introduce an inconsistency.
Lemma 7.8 (Lindenbaum’s Lemma). Every consistent set Γ in a language L can be
extended to a complete and consistent set Γ ∗ .
Proof. Let Γ be consistent. Let 𝜑 0 , 𝜑 1 , . . . be an enumeration of all the sentences of L.
Define Γ0 = Γ, and
(
Γ𝑛 ∪ {𝜑𝑛 } if Γ𝑛 ∪ {𝜑𝑛 } is consistent;
Γ𝑛+1 =
Γ𝑛 ∪ {¬𝜑𝑛 } otherwise.
Let Γ ∗ = 𝑛≥0 Γ𝑛 .
Ð
Each Γ𝑛 is consistent: Γ0 is consistent by definition. If Γ𝑛+1 = Γ𝑛 ∪ {𝜑𝑛 }, this is
because the latter is consistent. If it isn’t, Γ𝑛+1 = Γ𝑛 ∪ {¬𝜑𝑛 }. We have to verify that
Γ𝑛 ∪ {¬𝜑𝑛 } is consistent. Suppose it’s not. Then both Γ𝑛 ∪ {𝜑𝑛 } and Γ𝑛 ∪ {¬𝜑𝑛 } are
inconsistent. This means that Γ𝑛 would be inconsistent by Proposition 6.15, contrary
to the induction hypothesis.
For every 𝑛 and every 𝑖 < 𝑛, Γ𝑖 ⊆ Γ𝑛 . This follows by a simple induction on 𝑛. For
𝑛 = 0, there are no 𝑖 < 0, so the claim holds automatically. For the inductive step,
suppose it is true for 𝑛. We have Γ𝑛+1 = Γ𝑛 ∪ {𝜑𝑛 } or = Γ𝑛 ∪ {¬𝜑𝑛 } by construction. So
Γ𝑛 ⊆ Γ𝑛+1 . If 𝑖 < 𝑛, then Γ𝑖 ⊆ Γ𝑛 by inductive hypothesis, and so ⊆ Γ𝑛+1 by transitivity
of ⊆.
From this it follows that every finite subset of Γ ∗ is a subset of Γ𝑛 for some 𝑛, since
each 𝜓 ∈ Γ ∗ not already in Γ0 is added at some stage 𝑖. If 𝑛 is the last one of these,
then all 𝜓 in the finite subset are in Γ𝑛 . So, every finite subset of Γ ∗ is consistent. By
Proposition 6.11, Γ ∗ is consistent.
Every sentence of Frm(L) appears on the list used to define Γ ∗ . If 𝜑𝑛 ∉ Γ ∗ , then
that is because Γ𝑛 ∪ {𝜑𝑛 } was inconsistent. But then ¬𝜑𝑛 ∈ Γ ∗ , so Γ ∗ is complete. □

7.6 Construction of a Model

Right now we are not concerned about =, i.e., we only want to show that a consistent
set Γ of sentences not containing = is satisfiable. We first extend Γ to a consistent,
complete, and saturated set Γ ∗ . In this case, the definition of a model 𝔐(Γ ∗ ) is simple:
We take the set of closed terms of L ′ as the domain. We assign every constant symbol
∗
to itself, and make sure that more generally, for every closed term 𝑡, Val𝔐 (Γ ) (𝑡) = 𝑡.
The predicate symbols are assigned extensions in such a way that an atomic sentence
is true in 𝔐(Γ ∗ ) iff it is in Γ ∗ . This will obviously make all the atomic sentences in Γ ∗
true in 𝔐(Γ ∗ ). The rest are true provided the Γ ∗ we start with is consistent, complete,
and saturated.
Definition 7.9 (Term model). Let Γ ∗ be a complete and consistent, saturated set of
sentences in a language L. The term model 𝔐(Γ ∗ ) of Γ ∗ is the structure defined as
follows:

101
7. The Completeness Theorem

1. The domain |𝔐(Γ ∗ )| is the set of all closed terms of L.

∗)
2. The interpretation of a constant symbol 𝑐 is 𝑐 itself: 𝑐 𝔐 (Γ = 𝑐.
3. The function symbol 𝑓 is assigned the function which, given as arguments the
closed terms 𝑡 1 , . . . , 𝑡𝑛 , has as value the closed term 𝑓 (𝑡 1, . . . , 𝑡𝑛 ):
∗
𝑓 𝔐 (Γ ) (𝑡 1, . . . , 𝑡𝑛 ) = 𝑓 (𝑡 1, . . . , 𝑡𝑛 )

4. If 𝑅 is an 𝑛-place predicate symbol, then

∗
⟨𝑡 1, . . . , 𝑡𝑛 ⟩ ∈ 𝑅 𝔐 (Γ ) iff 𝑅(𝑡 1, . . . , 𝑡𝑛 ) ∈ Γ ∗ .
∗
We will now check that we indeed have Val𝔐 (Γ ) (𝑡) = 𝑡.
∗
Lemma 7.10. Let 𝔐(Γ ∗ ) be the term model of Definition 7.9, then Val𝔐 (Γ ) (𝑡) = 𝑡.

Proof. The proof is by induction on 𝑡, where the base case, when 𝑡 is a constant
symbol, follows directly from the definition of the term model. For the induction step
∗
assume 𝑡 1, . . . , 𝑡𝑛 are closed terms such that Val𝔐 (Γ ) (𝑡𝑖 ) = 𝑡𝑖 and that 𝑓 is an 𝑛-ary
function symbol. Then
∗ ∗ ∗ ∗
Val𝔐 (Γ ) (𝑓 (𝑡 1, . . . , 𝑡𝑛 )) = 𝑓 𝔐 (Γ ) (Val𝔐 (Γ ) (𝑡 1 ), . . . , Val𝔐 (Γ ) (𝑡𝑛 ))
∗
= 𝑓 𝔐 (Γ ) (𝑡 1, . . . , 𝑡𝑛 )
= 𝑓 (𝑡 1, . . . , 𝑡𝑛 ),
and so by induction this holds for every closed term 𝑡. □

A structure 𝔐 may make an existentially quantified sentence ∃𝑥 𝜑 (𝑥) true with-

out there being an instance 𝜑 (𝑡) that it makes true. A structure 𝔐 may make
all instances 𝜑 (𝑡) of a universally quantified sentence ∀𝑥 𝜑 (𝑥) true, without mak-
ing ∀𝑥 𝜑 (𝑥) true. This is because in general not every element of |𝔐| is the value of a
closed term (𝔐 may not be covered). This is the reason the satisfaction relation is
defined via variable assignments. However, for our term model 𝔐(Γ ∗ ) this wouldn’t
be necessary—because it is covered. This is the content of the next result.
Proposition 7.11. Let 𝔐(Γ ∗ ) be the term model of Definition 7.9.
1. 𝔐(Γ ∗ ) ⊨ ∃𝑥 𝜑 (𝑥) iff 𝔐(Γ ∗ ) ⊨ 𝜑 (𝑡) for at least one term 𝑡.
2. 𝔐(Γ ∗ ) ⊨ ∀𝑥 𝜑 (𝑥) iff 𝔐(Γ ∗ ) ⊨ 𝜑 (𝑡) for all terms 𝑡.

Proof. 1. By Proposition 4.47, 𝔐(Γ ∗ ) ⊨ ∃𝑥 𝜑 (𝑥) iff for at least one variable as-
signment 𝑠, 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑥). As |𝔐(Γ ∗ )| consists of the closed terms of L,
this is the case iff there is at least one closed term 𝑡 such that 𝑠 (𝑥) = 𝑡 and
𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑥). By Proposition 4.51, 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑥) iff 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑡),
where 𝑠 (𝑥) = 𝑡. By Proposition 4.46, 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑡) iff 𝔐(Γ ∗ ) ⊨ 𝜑 (𝑡), since
𝜑 (𝑡) is a sentence.
2. By Proposition 4.47, 𝔐(Γ ∗ ) ⊨ ∀𝑥 𝜑 (𝑥) iff for every variable assignment 𝑠,
𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑥). Recall that |𝔐(Γ ∗ )| consists of the closed terms of L, so for
every closed term 𝑡, 𝑠 (𝑥) = 𝑡 is such a variable assignment, and for any variable
assignment, 𝑠 (𝑥) is some closed term 𝑡. By Proposition 4.51, 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑥)
iff 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑡), where 𝑠 (𝑥) = 𝑡. By Proposition 4.46, 𝔐(Γ ∗ ), 𝑠 ⊨ 𝜑 (𝑡) iff
𝔐(Γ ∗ ) ⊨ 𝜑 (𝑡), since 𝜑 (𝑡) is a sentence. □

102
 7.7. Identity

Lemma 7.12 (Truth Lemma). Suppose 𝜑 does not contain =. Then 𝔐(Γ ∗ ) ⊨ 𝜑 iff
𝜑 ∈ Γ∗.

Proof. We prove both directions simultaneously, and by induction on 𝜑.

1. 𝜑 ≡ ⊥: 𝔐(Γ ∗ ) ⊭ ⊥ by definition of satisfaction. On the other hand, ⊥ ∉ Γ ∗

since Γ ∗ is consistent.
∗
2. 𝜑 ≡ 𝑅(𝑡 1, . . . , 𝑡𝑛 ): 𝔐(Γ ∗ ) ⊨ 𝑅(𝑡 1, . . . , 𝑡𝑛 ) iff ⟨𝑡 1, . . . , 𝑡𝑛 ⟩ ∈ 𝑅 𝔐 (Γ ) (by the defini-
tion of satisfaction) iff 𝑅(𝑡 1, . . . , 𝑡𝑛 ) ∈ Γ ∗ (by the construction of 𝔐(Γ ∗ )).

3. 𝜑 ≡ ¬𝜓 : 𝔐(Γ ∗ ) ⊨ 𝜑 iff 𝔐(Γ ∗ ) ⊭ 𝜓 (by definition of satisfaction). By induction

hypothesis, 𝔐(Γ ∗ ) ⊭ 𝜓 iff 𝜓 ∉ Γ ∗ . Since Γ ∗ is consistent and complete, 𝜓 ∉ Γ ∗
iff ¬𝜓 ∈ Γ ∗ .

4. 𝜑 ≡ 𝜓 ∧𝜒: 𝔐(Γ ∗ ) ⊨ 𝜑 iff we have both 𝔐(Γ ∗ ) ⊨ 𝜓 and 𝔐(Γ ∗ ) ⊨ 𝜒 (by definition
of satisfaction) iff both 𝜓 ∈ Γ ∗ and 𝜒 ∈ Γ ∗ (by the induction hypothesis). By
Proposition 7.2(2), this is the case iff (𝜓 ∧ 𝜒) ∈ Γ ∗ .

5. 𝜑 ≡ 𝜓 ∨ 𝜒: 𝔐(Γ ∗ ) ⊨ 𝜑 iff 𝔐(Γ ∗ ) ⊨ 𝜓 or 𝔐(Γ ∗ ) ⊨ 𝜒 (by definition of satisfaction)

iff 𝜓 ∈ Γ ∗ or 𝜒 ∈ Γ ∗ (by induction hypothesis). This is the case iff (𝜓 ∨ 𝜒) ∈ Γ ∗
(by Proposition 7.2(3)).

6. 𝜑 ≡ 𝜓 → 𝜒: 𝔐(Γ ∗ ) ⊨ 𝜑 iff 𝔐(Γ ∗ ) ⊭ 𝜓 or 𝔐(Γ ∗ ) ⊨ 𝜒 (by definition of

satisfaction) iff 𝜓 ∉ Γ ∗ or 𝜒 ∈ Γ ∗ (by induction hypothesis). This is the case iff
(𝜓 → 𝜒) ∈ Γ ∗ (by Proposition 7.2(4)).

7. 𝜑 ≡ ∀𝑥 𝜓 (𝑥): 𝔐(Γ ∗ ) ⊨ 𝜑 iff 𝔐(Γ ∗ ) ⊨ 𝜓 (𝑡) for all terms 𝑡 (Proposition 7.11). By
induction hypothesis, this is the case iff 𝜓 (𝑡) ∈ Γ ∗ for all terms 𝑡, by Proposi-
tion 7.7, this in turn is the case iff ∀𝑥 𝜑 (𝑥) ∈ Γ ∗ .

8. 𝜑 ≡ ∃𝑥 𝜓 (𝑥): 𝔐(Γ ∗ ) ⊨ 𝜑 iff 𝔐(Γ ∗ ) ⊨ 𝜓 (𝑡) for at least one term 𝑡 (Proposi-
tion 7.11). By induction hypothesis, this is the case iff 𝜓 (𝑡) ∈ Γ ∗ for at least one
term 𝑡. By Proposition 7.7, this in turn is the case iff ∃𝑥 𝜓 (𝑥) ∈ Γ ∗ . □

7.7 Identity
The construction of the term model given in the preceding section is enough to
establish completeness for first-order logic for sets Γ that do not contain =. The
term model satisfies every 𝜑 ∈ Γ ∗ which does not contain = (and hence all 𝜑 ∈ Γ).
It does not work, however, if = is present. The reason is that Γ ∗ then may contain
a sentence 𝑡 = 𝑡 ′ , but in the term model the value of any term is that term itself.
Hence, if 𝑡 and 𝑡 ′ are different terms, their values in the term model—i.e., 𝑡 and 𝑡 ′ ,
respectively—are different, and so 𝑡 = 𝑡 ′ is false. We can fix this, however, using a
construction known as “factoring.”

Definition 7.13. Let Γ ∗ be a consistent and complete set of sentences in L. We define

the relation ≈ on the set of closed terms of L by

𝑡 ≈ 𝑡′ iff 𝑡 = 𝑡 ′ ∈ Γ∗

Proposition 7.14. The relation ≈ has the following properties:

103
7. The Completeness Theorem

1. ≈ is reflexive.

2. ≈ is symmetric.

3. ≈ is transitive.

4. If 𝑡 ≈ 𝑡 ′ , 𝑓 is a function symbol, and 𝑡 1 , . . . , 𝑡𝑖 −1 , 𝑡𝑖+1 , . . . , 𝑡𝑛 are terms, then

𝑓 (𝑡 1, . . . , 𝑡𝑖 −1, 𝑡, 𝑡𝑖+1, . . . , 𝑡𝑛 ) ≈ 𝑓 (𝑡 1, . . . , 𝑡𝑖 −1, 𝑡 ′, 𝑡𝑖+1, . . . , 𝑡𝑛 ).

5. If 𝑡 ≈ 𝑡 ′ , 𝑅 is a predicate symbol, and 𝑡 1 , . . . , 𝑡𝑖 −1 , 𝑡𝑖+1 , . . . , 𝑡𝑛 are terms, then

𝑅(𝑡 1, . . . , 𝑡𝑖 −1, 𝑡, 𝑡𝑖+1, . . . , 𝑡𝑛 ) ∈ Γ ∗ iff

𝑅(𝑡 1, . . . , 𝑡𝑖 −1, 𝑡 ′, 𝑡𝑖+1, . . . , 𝑡𝑛 ) ∈ Γ ∗ .

Proof. Since Γ ∗ is consistent and complete, 𝑡 = 𝑡 ′ ∈ Γ ∗ iff Γ ∗ ⊢ 𝑡 = 𝑡 ′ . Thus it is enough

to show the following:

1. Γ ∗ ⊢ 𝑡 = 𝑡 for all terms 𝑡.

2. If Γ ∗ ⊢ 𝑡 = 𝑡 ′ then Γ ∗ ⊢ 𝑡 ′ = 𝑡.

3. If Γ ∗ ⊢ 𝑡 = 𝑡 ′ and Γ ∗ ⊢ 𝑡 ′ = 𝑡 ′′ , then Γ ∗ ⊢ 𝑡 = 𝑡 ′′ .

4. If Γ ∗ ⊢ 𝑡 = 𝑡 ′ , then

Γ ∗ ⊢ 𝑓 (𝑡 1, . . . , 𝑡𝑖 −1, 𝑡, 𝑡𝑖+1, , . . . , 𝑡𝑛 ) = 𝑓 (𝑡 1, . . . , 𝑡𝑖 −1, 𝑡 ′, 𝑡𝑖+1, . . . , 𝑡𝑛 )

for every 𝑛-place function symbol 𝑓 and terms 𝑡 1 , . . . , 𝑡𝑖 −1 , 𝑡𝑖+1 , . . . , 𝑡𝑛 .

5. If Γ ∗ ⊢ 𝑡 = 𝑡 ′ and Γ ∗ ⊢ 𝑅(𝑡 1, . . . , 𝑡𝑖 −1, 𝑡, 𝑡𝑖+1, . . . , 𝑡𝑛 ), then Γ ∗ ⊢ 𝑅(𝑡 1, . . . , 𝑡𝑖 −1, 𝑡 ′, 𝑡𝑖+1, . . . , 𝑡𝑛 )

for every 𝑛-place predicate symbol 𝑅 and terms 𝑡 1 , . . . , 𝑡𝑖 −1 , 𝑡𝑖+1 , . . . , 𝑡𝑛 . □

Definition 7.15. Suppose Γ ∗ is a consistent and complete set in a language L, 𝑡 is a

term, and ≈ as in the previous definition. Then:

[𝑡] ≈ = {𝑡 ′ | 𝑡 ′ ∈ Trm(L), 𝑡 ≈ 𝑡 ′ }

and Trm(L)/≈ = {[𝑡] ≈ | 𝑡 ∈ Trm(L)}.

Definition 7.16. Let 𝔐 = 𝔐(Γ ∗ ) be the term model for Γ ∗ from Definition 7.9. Then
𝔐/≈ is the following structure:

1. |𝔐/≈ | = Trm(L)/≈ .

2. 𝑐 𝔐/≈ = [𝑐] ≈

3. 𝑓 𝔐/≈ ( [𝑡 1 ] ≈, . . . , [𝑡𝑛 ] ≈ ) = [𝑓 (𝑡 1, . . . , 𝑡𝑛 )] ≈

4. ⟨[𝑡 1 ] ≈, . . . , [𝑡𝑛 ] ≈ ⟩ ∈ 𝑅 𝔐/≈ iff 𝔐 ⊨ 𝑅(𝑡 1, . . . , 𝑡𝑛 ), i.e., iff 𝑅(𝑡 1, . . . , 𝑡𝑛 ) ∈ Γ ∗ .

104
 7.7. Identity

Note that we have defined 𝑓 𝔐/≈ and 𝑅 𝔐/≈ for elements of Trm(L)/≈ by referring
to them as [𝑡] ≈ , i.e., via representatives 𝑡 ∈ [𝑡] ≈ . We have to make sure that these
definitions do not depend on the choice of these representatives, i.e., that for some
other choices 𝑡 ′ which determine the same equivalence classes ([𝑡] ≈ = [𝑡 ′ ] ≈ ), the
definitions yield the same result. For instance, if 𝑅 is a one-place predicate symbol,
the last clause of the definition says that [𝑡] ≈ ∈ 𝑅 𝔐/≈ iff 𝔐 ⊨ 𝑅(𝑡). If for some other
term 𝑡 ′ with 𝑡 ≈ 𝑡 ′ , 𝔐 ⊭ 𝑅(𝑡), then the definition would require [𝑡 ′ ] ≈ ∉ 𝑅 𝔐/≈ . If 𝑡 ≈ 𝑡 ′ ,
then [𝑡] ≈ = [𝑡 ′ ] ≈ , but we can’t have both [𝑡] ≈ ∈ 𝑅 𝔐/≈ and [𝑡] ≈ ∉ 𝑅 𝔐/≈ . However,
Proposition 7.14 guarantees that this cannot happen.

Proposition 7.17. 𝔐/≈ is well defined, i.e., if 𝑡 1 , . . . , 𝑡𝑛 , 𝑡 1′ , . . . , 𝑡𝑛′ are terms, and 𝑡𝑖 ≈ 𝑡𝑖′
then

1. [𝑓 (𝑡 1, . . . , 𝑡𝑛 )] ≈ = [𝑓 (𝑡 1′, . . . , 𝑡𝑛′ )] ≈ , i.e.,

𝑓 (𝑡 1, . . . , 𝑡𝑛 ) ≈ 𝑓 (𝑡 1′, . . . , 𝑡𝑛′ )

and

2. 𝔐 ⊨ 𝑅(𝑡 1, . . . , 𝑡𝑛 ) iff 𝔐 ⊨ 𝑅(𝑡 1′, . . . , 𝑡𝑛′ ), i.e.,

𝑅(𝑡 1, . . . , 𝑡𝑛 ) ∈ Γ ∗ iff 𝑅(𝑡 1′, . . . , 𝑡𝑛′ ) ∈ Γ ∗ .

Proof. Follows from Proposition 7.14 by induction on 𝑛. □

As in the case of the term model, before proving the truth lemma we need the
following lemma.

Lemma 7.18. Let 𝔐 = 𝔐(Γ ∗ ), then Val𝔐/≈ (𝑡) = [𝑡] ≈ .

Proof. The proof is similar to that of Lemma 7.10. □

Lemma 7.19. 𝔐/≈ ⊨ 𝜑 iff 𝜑 ∈ Γ ∗ for all sentences 𝜑.

Proof. By induction on 𝜑, just as in the proof of Lemma 7.12. The only case that needs
additional attention is when 𝜑 ≡ 𝑡 = 𝑡 ′ .

𝔐/≈ ⊨ 𝑡 = 𝑡 ′ iff [𝑡] ≈ = [𝑡 ′ ] ≈ (by definition of 𝔐/≈ )

iff 𝑡 ≈ 𝑡 ′ (by definition of [𝑡] ≈ )
iff 𝑡 = 𝑡 ′ ∈ Γ ∗ (by definition of ≈). □

Note that while 𝔐(Γ ∗ ) is always countable and infinite, 𝔐/≈ may be finite, since
it may turn out that there are only finitely many classes [𝑡] ≈ . This is to be expected,
since Γ may contain sentences which require any structure in which they are true to
be finite. For instance, ∀𝑥 ∀𝑦 𝑥 = 𝑦 is a consistent sentence, but is satisfied only in
structures with a domain that contains exactly one element.

105
7. The Completeness Theorem

7.8 The Completeness Theorem

Let’s combine our results: we arrive at the completeness theorem.
Theorem 7.20 (Completeness Theorem). Let Γ be a set of sentences. If Γ is consis-
tent, it is satisfiable.

Proof. Suppose Γ is consistent. By Lemma 7.6, there is a saturated consistent set

Γ ′ ⊇ Γ. By Lemma 7.8, there is a Γ ∗ ⊇ Γ ′ which is consistent and complete. Since
Γ ′ ⊆ Γ ∗ , for each formula 𝜑 (𝑥), Γ ∗ contains a sentence of the form ∃𝑥 𝜑 (𝑥) → 𝜑 (𝑐)
and so Γ ∗ is saturated. If Γ does not contain =, then by Lemma 7.12, 𝔐(Γ ∗ ) ⊨ 𝜑 iff
𝜑 ∈ Γ ∗ . From this it follows in particular that for all 𝜑 ∈ Γ, 𝔐(Γ ∗ ) ⊨ 𝜑, so Γ is
satisfiable. If Γ does contain =, then by Lemma 7.19, for all sentences 𝜑, 𝔐/≈ ⊨ 𝜑 iff
𝜑 ∈ Γ ∗ . In particular, 𝔐/≈ ⊨ 𝜑 for all 𝜑 ∈ Γ, so Γ is satisfiable. □

Corollary 7.21 (Completeness Theorem, Second Version). For all Γ and sentences 𝜑:
if Γ ⊨ 𝜑 then Γ ⊢ 𝜑.

Proof. Note that the Γ’s in Corollary 7.21 and Theorem 7.20 are universally quantified.
To make sure we do not confuse ourselves, let us restate Theorem 7.20 using a different
variable: for any set of sentences Δ, if Δ is consistent, it is satisfiable. By contraposition,
if Δ is not satisfiable, then Δ is inconsistent. We will use this to prove the corollary.
Suppose that Γ ⊨ 𝜑. Then Γ ∪ {¬𝜑 } is unsatisfiable by Proposition 4.56. Taking
Γ ∪ {¬𝜑 } as our Δ, the previous version of Theorem 7.20 gives us that Γ ∪ {¬𝜑 } is
inconsistent. By Proposition 6.13, Γ ⊢ 𝜑. □

7.9 The Compactness Theorem

One important consequence of the completeness theorem is the compactness theorem.
The compactness theorem states that if each finite subset of a set of sentences is
satisfiable, the entire set is satisfiable—even if the set itself is infinite. This is far from
obvious. There is nothing that seems to rule out, at first glance at least, the possibility
of there being infinite sets of sentences which are contradictory, but the contradiction
only arises, so to speak, from the infinite number. The compactness theorem says that
such a scenario can be ruled out: there are no unsatisfiable infinite sets of sentences
each finite subset of which is satisfiable. Like the completeness theorem, it has a
version related to entailment: if an infinite set of sentences entails something, already
a finite subset does.
Definition 7.22. A set Γ of formulas is finitely satisfiable iff every finite Γ0 ⊆ Γ is
satisfiable.

Theorem 7.23 (Compactness Theorem). The following hold for any sentences Γ and
𝜑:
1. Γ ⊨ 𝜑 iff there is a finite Γ0 ⊆ Γ such that Γ0 ⊨ 𝜑.
2. Γ is satisfiable iff it is finitely satisfiable.

Proof. We prove (2). If Γ is satisfiable, then there is a structure 𝔐 such that 𝔐 ⊨ 𝜑

for all 𝜑 ∈ Γ. Of course, this 𝔐 also satisfies every finite subset of Γ, so Γ is finitely
satisfiable.

106
 7.9. The Compactness Theorem

Now suppose that Γ is finitely satisfiable. Then every finite subset Γ0 ⊆ Γ is

satisfiable. By soundness (Corollary 6.23), every finite subset is consistent. Then Γ
itself must be consistent by Proposition 6.11. By completeness (Theorem 7.20), since
Γ is consistent, it is satisfiable. □

Example 7.24. In every model 𝔐 of a theory Γ, each term 𝑡 of course picks out
an element of |𝔐|. Can we guarantee that it is also true that every element of |𝔐| is
picked out by some term or other? In other words, are there theories Γ all models of
which are covered? The compactness theorem shows that this is not the case if Γ has
infinite models. Here’s how to see this: Let 𝔐 be an infinite model of Γ, and let 𝑐 be
a constant symbol not in the language of Γ. Let Δ be the set of all sentences 𝑐 ≠ 𝑡 for
𝑡 a term in the language L of Γ, i.e.,

Δ = {𝑐 ≠ 𝑡 | 𝑡 ∈ Trm(L)}.

A finite subset of Γ ∪ Δ can be written as Γ ′ ∪ Δ′ , with Γ ′ ⊆ Γ and Δ′ ⊆ Δ. Since Δ′ is

finite, it can contain only finitely many terms. Let 𝑎 ∈ |𝔐| be an element of |𝔐| not
picked out by any of them, and let 𝔐 ′ be the structure that is just like 𝔐, but also
′
𝑐 𝔐 = 𝑎. Since 𝑎 ≠ Val𝔐 (𝑡) for all 𝑡 occurring in Δ′ , 𝔐 ′ ⊨ Δ′ . Since 𝔐 ⊨ Γ, Γ ′ ⊆ Γ,
and 𝑐 does not occur in Γ, also 𝔐 ′ ⊨ Γ ′ . Together, 𝔐 ′ ⊨ Γ ′ ∪ Δ′ for every finite subset
Γ ′ ∪ Δ′ of Γ ∪ Δ. So every finite subset of Γ ∪ Δ is satisfiable. By compactness, Γ ∪ Δ
itself is satisfiable. So there are models 𝔐 ⊨ Γ ∪ Δ. Every such 𝔐 is a model of Γ, but
is not covered, since Val𝔐 (𝑐) ≠ Val𝔐 (𝑡) for all terms 𝑡 of L.

Example 7.25. Consider a language L containing the predicate symbol <, constant
symbols 0, 1, and function symbols +, ×, −, ÷. Let Γ be the set of all sentences in this
language true in 𝔔 with domain Q and the obvious interpretations. Γ is the set of
all sentences of L true about the rational numbers. Of course, in Q (and even in R),
there are no numbers which are greater than 0 but less than 1/𝑘 for all 𝑘 ∈ Z + . Such
a number, if it existed, would be an infinitesimal: non-zero, but infinitely small. The
compactness theorem shows that there are models of Γ in which infinitesimals exist:
Let Δ be {0 < 𝑐} ∪ {𝑐 < (1 ÷ 𝑘) | 𝑘 ∈ Z + } (where 𝑘 = (1 + (1 + · · · + (1 + 1) . . . )) with
𝑘 1’s). For any finite subset Δ0 of Δ there is a 𝐾 such that all the sentences 𝑐 < (1 ÷ 𝑘)
′
in Δ0 have 𝑘 < 𝐾. If we expand 𝔔 to 𝔔 ′ with 𝑐 𝔔 = 1/𝐾 we have that 𝔔 ′ ⊨ Γ ∪ Δ0 ,
and so Γ ∪ Δ is finitely satisfiable (Exercise: prove this in detail). By compactness,
Γ ∪ Δ is satisfiable. Any model 𝔖 of Γ ∪ Δ contains an infinitesimal, namely 𝑐 𝔖 .

Example 7.26. We know that first-order logic with identity predicate can express
that the size of the domain must have some minimal size: The sentence 𝜑 ≥𝑛 (which
says “there are at least 𝑛 distinct objects”) is true only in structures where |𝔐| has at
least 𝑛 objects. So if we take

Δ = {𝜑 ≥𝑛 | 𝑛 ≥ 1}

then any model of Δ must be infinite. Thus, we can guarantee that a theory only has
infinite models by adding Δ to it: the models of Γ ∪ Δ are all and only the infinite
models of Γ.
So first-order logic can express infinitude. The compactness theorem shows that it
cannot express finitude, however. For suppose some set of sentences Λ were satisfied
in all and only finite structures. Then Δ ∪ Λ is finitely satisfiable. Why? Suppose
Δ′ ∪ Λ′ ⊆ Δ ∪ Λ is finite with Δ′ ⊆ Δ and Λ′ ⊆ Λ. Let 𝑛 be the largest number such

107
7. The Completeness Theorem

that 𝜑 ≥𝑛 ∈ Δ′ . Λ, being satisfied in all finite structures, has a model 𝔐 with finitely
many but ≥ 𝑛 elements. But then 𝔐 ⊨ Δ′ ∪ Λ′ . By compactness, Δ ∪ Λ has an infinite
model, contradicting the assumption that Λ is satisfied only in finite structures.

7.10 A Direct Proof of the Compactness Theorem

We can prove the Compactness Theorem directly, without appealing to the Complete-
ness Theorem, using the same ideas as in the proof of the completeness theorem. In
the proof of the Completeness Theorem we started with a consistent set Γ of sentences,
expanded it to a consistent, saturated, and complete set Γ ∗ of sentences, and then
showed that in the term model 𝔐(Γ ∗ ) constructed from Γ ∗ , all sentences of Γ are
true, so Γ is satisfiable.
We can use the same method to show that a finitely satisfiable set of sentences is
satisfiable. We just have to prove the corresponding versions of the results leading to
the truth lemma where we replace “consistent” with “finitely satisfiable.”

Proposition 7.27. Suppose Γ is complete and finitely satisfiable. Then:

1. (𝜑 ∧ 𝜓 ) ∈ Γ iff both 𝜑 ∈ Γ and 𝜓 ∈ Γ.

2. (𝜑 ∨ 𝜓 ) ∈ Γ iff either 𝜑 ∈ Γ or 𝜓 ∈ Γ.

3. (𝜑 → 𝜓 ) ∈ Γ iff either 𝜑 ∉ Γ or 𝜓 ∈ Γ.

Lemma 7.28. Every finitely satisfiable set Γ can be extended to a saturated finitely
satisfiable set Γ ′ .

Proposition 7.29. Suppose Γ is complete, finitely satisfiable, and saturated.

1. ∃𝑥 𝜑 (𝑥) ∈ Γ iff 𝜑 (𝑡) ∈ Γ for at least one closed term 𝑡.

2. ∀𝑥 𝜑 (𝑥) ∈ Γ iff 𝜑 (𝑡) ∈ Γ for all closed terms 𝑡.

Lemma 7.30. Every finitely satisfiable set Γ can be extended to a complete and finitely
satisfiable set Γ ∗ .

Theorem 7.31 (Compactness). Γ is satisfiable if and only if it is finitely satisfiable.

Proof. If Γ is satisfiable, then there is a structure 𝔐 such that 𝔐 ⊨ 𝜑 for all 𝜑 ∈ Γ. Of

course, this 𝔐 also satisfies every finite subset of Γ, so Γ is finitely satisfiable.
Now suppose that Γ is finitely satisfiable. By Lemma 7.28, there is a finitely
satisfiable, saturated set Γ ′ ⊇ Γ. By Lemma 7.30, Γ ′ can be extended to a complete and
finitely satisfiable set Γ ∗ , and Γ ∗ is still saturated. Construct the term model 𝔐(Γ ∗ )
as in Definition 7.9. Note that Proposition 7.11 did not rely on the fact that Γ ∗ is
consistent (or complete or saturated, for that matter), but just on the fact that 𝔐(Γ ∗ )
is covered. The proof of the Truth Lemma (Lemma 7.12) goes through if we replace
references to Proposition 7.2 and Proposition 7.7 by references to Proposition 7.27
and Proposition 7.29 □

108
 7.11. The Löwenheim-Skolem Theorem

7.11 The Löwenheim-Skolem Theorem

The Löwenheim-Skolem Theorem says that if a theory has an infinite model, then it
also has a model that is at most countably infinite. An immediate consequence of this
fact is that first-order logic cannot express that the size of a structure is uncountable:
any sentence or set of sentences satisfied in all uncountable structures is also satisfied
in some countable structure.
Theorem 7.32. If Γ is consistent then it has a countable model, i.e., it is satisfiable in
a structure whose domain is either finite or countably infinite.

Proof. If Γ is consistent, the structure 𝔐 delivered by the proof of the completeness

theorem has a domain |𝔐| that is no larger than the set of the terms of the language L.
So 𝔐 is at most countably infinite. □

Theorem 7.33. If Γ is a consistent set of sentences in the language of first-order logic

without identity, then it has a countably infinite model, i.e., it is satisfiable in a structure
whose domain is infinite and countable.

Proof. If Γ is consistent and contains no sentences in which identity appears, then

the structure 𝔐 delivered by the proof of the completeness theorem has a domain
|𝔐| identical to the set of terms of the language L ′ . So 𝔐 is countably infinite, since
Trm(L ′ ) is. □

Example 7.34 (Skolem’s Paradox). Zermelo-Fraenkel set theory ZFC is a very

powerful framework in which practically all mathematical statements can be ex-
pressed, including facts about the sizes of sets. So for instance, ZFC can prove that
the set R of real numbers is uncountable, it can prove Cantor’s Theorem that the
power set of any set is larger than the set itself, etc. If ZFC is consistent, its models
are all infinite, and moreover, they all contain elements about which the theory says
that they are uncountable, such as the element that makes true the theorem of ZFC
that the power set of the natural numbers exists. By the Löwenheim-Skolem Theorem,
ZFC also has countable models—models that contain “uncountable” sets but which
themselves are countable.

Problems
Problem 7.1. Complete the proof of Proposition 7.2.

Problem 7.2. Complete the proof of Proposition 7.14.

Problem 7.3. Complete the proof of Lemma 7.18.

Problem 7.4. Use Corollary 7.21 to prove Theorem 7.20, thus showing that the two
formulations of the completeness theorem are equivalent.

Problem 7.5. In order for a derivation system to be complete, its rules must be strong
enough to prove every unsatisfiable set inconsistent. Which of the rules of derivation
were necessary to prove completeness? Are any of these rules not used anywhere
in the proof? In order to answer these questions, make a list or diagram that shows
which of the rules of derivation were used in which results that lead up to the proof
of Theorem 7.20. Be sure to note any tacit uses of rules in these proofs.

109
7. The Completeness Theorem

Problem 7.6. Prove (1) of Theorem 7.23.

Problem 7.7. In the standard model of arithmetic 𝔑, there is no element 𝑘 ∈ |𝔑|

which satisfies every formula 𝑛 < 𝑥 (where 𝑛 is 0′...′ with 𝑛 ′’s). Use the compactness
theorem to show that the set of sentences in the language of arithmetic which are true
in the standard model of arithmetic 𝔑 are also true in a structure 𝔑′ that contains
an element which does satisfy every formula 𝑛 < 𝑥.

Problem 7.8. Prove Proposition 7.27. Avoid the use of ⊢.

Problem 7.9. Prove Lemma 7.28. (Hint: The crucial step is to show that if Γ𝑛 is
finitely satisfiable, so is Γ𝑛 ∪ {𝜃 𝑛 }, without any appeal to derivations or consistency.)

Problem 7.10. Prove Proposition 7.29.

Problem 7.11. Prove Lemma 7.30. (Hint: the crucial step is to show that if Γ𝑛 is
finitely satisfiable, then either Γ𝑛 ∪ {𝜑𝑛 } or Γ𝑛 ∪ {¬𝜑𝑛 } is finitely satisfiable.)

Problem 7.12. Write out the complete proof of the Truth Lemma (Lemma 7.12) in
the version required for the proof of Theorem 7.31.

110
Chapter 8

Basics of Model Theory

8.1 Reducts and Expansions

Often it is useful or necessary to compare languages which have symbols in common,
as well as structures for these languages. The most common case is when all the sym-
bols in a language L are also part of a language L ′ , i.e., L ⊆ L ′ . An L-structure 𝔐
can then always be expanded to an L ′ -structure by adding interpretations of the
additional symbols while leaving the interpretations of the common symbols the
same. On the other hand, from an L ′ -structure 𝔐 ′ we can obtain an L-structure
simply by “forgetting” the interpretations of the symbols that do not occur in L.

Definition 8.1. Suppose L ⊆ L ′ , 𝔐 is an L-structure and 𝔐 ′ is an L ′ -structure.

𝔐 is the reduct of 𝔐 ′ to L, and 𝔐 ′ is an expansion of 𝔐 to L ′ iff

1. |𝔐| = |𝔐 ′ |
′
2. For every constant symbol 𝑐 ∈ L, 𝑐 𝔐 = 𝑐 𝔐 .
′
3. For every function symbol 𝑓 ∈ L, 𝑓 𝔐 = 𝑓 𝔐 .
′
4. For every predicate symbol 𝑃 ∈ L, 𝑃 𝔐 = 𝑃 𝔐 .

Proposition 8.2. If an L-structure 𝔐 is a reduct of an L ′ -structure 𝔐 ′ , then for all

L-sentences 𝜑,
𝔐 ⊨ 𝜑 iff 𝔐 ′ ⊨ 𝜑.

Proof. Exercise. □

Definition 8.3. When we have an L-structure 𝔐, and L ′ = L ∪{𝑃 } is the expansion

of L obtained by adding a single 𝑛-place predicate symbol 𝑃, and 𝑅 ⊆ |𝔐|𝑛 is an
′
𝑛-place relation, then we write (𝔐, 𝑅) for the expansion 𝔐 ′ of 𝔐 with 𝑃 𝔐 = 𝑅.

8.2 Substructures
The domain of a structure 𝔐 may be a subset of another 𝔐 ′ . But we should obviously
only consider 𝔐 a “part” of 𝔐 ′ if not only |𝔐| ⊆ |𝔐 ′ |, but 𝔐 and 𝔐 ′ “agree” in how
they interpret the symbols of the language at least on the shared part |𝔐|.

111
8. Basics of Model Theory

Definition 8.4. Given structures 𝔐 and 𝔐 ′ for the same language L, we say that
𝔐 is a substructure of 𝔐 ′ , and 𝔐 ′ an extension of 𝔐, written 𝔐 ⊆ 𝔐 ′ , iff

1. |𝔐| ⊆ |𝔐 ′ |,
′
2. For each constant 𝑐 ∈ L, 𝑐 𝔐 = 𝑐 𝔐 ;
′
3. For each 𝑛-place function symbol 𝑓 ∈ L 𝑓 𝔐 (𝑎 1, . . . , 𝑎𝑛 ) = 𝑓 𝔐 (𝑎 1, . . . , 𝑎𝑛 ) for
all 𝑎 1 , . . . , 𝑎𝑛 ∈ |𝔐|.

4. For each 𝑛-place predicate symbol 𝑅 ∈ L, ⟨𝑎 1, . . . , 𝑎𝑛 ⟩ ∈ 𝑅 𝔐 iff ⟨𝑎 1, . . . , 𝑎𝑛 ⟩ ∈

′
𝑅 𝔐 for all 𝑎 1 , . . . , 𝑎𝑛 ∈ |𝔐|.

Remark 1. If the language contains no constant or function symbols, then any 𝑁 ⊆

|𝔐| determines a substructure 𝔑 of 𝔐 with domain |𝔑| = 𝑁 by putting 𝑅 𝔑 = 𝑅 𝔐 ∩𝑁 𝑛 .

8.3 Overspill
Theorem 8.5. If a set Γ of sentences has arbitrarily large finite models, then it has an
infinite model.

Proof. Expand the language of Γ by adding countably many new constants 𝑐 0 , 𝑐 1 ,

. . . and consider the set Γ ∪ {𝑐𝑖 ≠ 𝑐 𝑗 : 𝑖 ≠ 𝑗 }. To say that Γ has arbitrarily large
finite models means that for every 𝑚 > 0 there is 𝑛 ≥ 𝑚 such that Γ has a model
of cardinality 𝑛. This implies that Γ ∪ {𝑐𝑖 ≠ 𝑐 𝑗 : 𝑖 ≠ 𝑗 } is finitely satisfiable. By
compactness, Γ ∪ {𝑐𝑖 ≠ 𝑐 𝑗 : 𝑖 ≠ 𝑗 } has a model 𝔐 whose domain must be infinite,
since it satisfies all inequalities 𝑐𝑖 ≠ 𝑐 𝑗 . □

Proposition 8.6. There is no sentence 𝜑 of any first-order language that is true in

a structure 𝔐 if and only if the domain |𝔐| of the structure is infinite.

Proof. If there were such a 𝜑, its negation ¬𝜑 would be true in all and only the finite
structures, and it would therefore have arbitrarily large finite models but it would
lack an infinite model, contradicting Theorem 8.5. □

8.4 Isomorphic Structures

First-order structures can be alike in one of two ways. One way in which the can be
alike is that they make the same sentences true. We call such structures elementarily
equivalent. But structures can be very different and still make the same sentences
true—for instance, one can be countable and the other not. This is because there are
lots of features of a structure that cannot be expressed in first-order languages, either
because the language is not rich enough, or because of fundamental limitations of
first-order logic such as the Löwenheim-Skolem theorem. So another, stricter, aspect
in which structures can be alike is if they are fundamentally the same, in the sense
that they only differ in the objects that make them up, but not in their structural
features. A way of making this precise is by the notion of an isomorphism.

Definition 8.7. Given two structures 𝔐 and 𝔐 ′ for the same language L, we say
that 𝔐 is elementarily equivalent to 𝔐 ′ , written 𝔐 ≡ 𝔐 ′ , if and only if for every
sentence 𝜑 of L, 𝔐 ⊨ 𝜑 iff 𝔐 ′ ⊨ 𝜑.

112
 8.4. Isomorphic Structures

Definition 8.8. Given two structures 𝔐 and 𝔐 ′ for the same language L, we say
that 𝔐 is isomorphic to 𝔐 ′ , written 𝔐 ≃ 𝔐 ′ , if and only if there is a function
ℎ : |𝔐| → |𝔐 ′ | such that:
1. ℎ is injective: if ℎ(𝑥) = ℎ(𝑦) then 𝑥 = 𝑦;
2. ℎ is surjective: for every 𝑦 ∈ |𝔐 ′ | there is 𝑥 ∈ |𝔐| such that ℎ(𝑥) = 𝑦;
′
3. for every constant symbol 𝑐: ℎ(𝑐 𝔐 ) = 𝑐 𝔐 ;
4. for every 𝑛-place predicate symbol 𝑃:
′
⟨𝑎 1, . . . , 𝑎𝑛 ⟩ ∈ 𝑃 𝔐 iff ⟨ℎ(𝑎 1 ), . . . , ℎ(𝑎𝑛 )⟩ ∈ 𝑃 𝔐 ;

5. for every 𝑛-place function symbol 𝑓 :

′
ℎ(𝑓 𝔐 (𝑎 1, . . . , 𝑎𝑛 )) = 𝑓 𝔐 (ℎ(𝑎 1 ), . . . , ℎ(𝑎𝑛 )).

Theorem 8.9. If 𝔐 ≃ 𝔐 ′ then 𝔐 ≡ 𝔐 ′ .

Proof. Let ℎ be an isomorphism of 𝔐 onto 𝔐 ′ . For any assignment 𝑠, ℎ ◦ 𝑠 is the
composition of ℎ and 𝑠, i.e., the assignment in 𝔐 ′ such that (ℎ ◦ 𝑠) (𝑥) = ℎ(𝑠 (𝑥)). By
induction on 𝑡 and 𝜑 one can prove the stronger claims:
′
a. ℎ(Val𝑠𝔐 (𝑡)) = Valℎ◦𝑠
𝔐
(𝑡).
b. 𝔐, 𝑠 ⊨ 𝜑 iff 𝔐 ′, ℎ ◦ 𝑠 ⊨ 𝜑.
The first is proved by induction on the complexity of 𝑡.
′ ′
1. If 𝑡 ≡ 𝑐, then Val𝑠𝔐 (𝑐) = 𝑐 𝔐 and Valℎ◦𝑠
𝔐
(𝑐) = 𝑐 𝔐 . Thus, ℎ(Val𝑠𝔐 (𝑡)) = ℎ(𝑐 𝔐 ) =
′ ′
𝑐 𝔐 (by (3) of Definition 8.8) = Valℎ◦𝑠 (𝑡).
𝔐

′
2. If 𝑡 ≡ 𝑥, then Val𝑠𝔐 (𝑥) = 𝑠 (𝑥) and Valℎ◦𝑠
𝔐
(𝑥) = ℎ(𝑠 (𝑥)). Thus, ℎ(Val𝑠𝔐 (𝑥)) =
′
ℎ(𝑠 (𝑥)) = Valℎ◦𝑠
𝔐
(𝑥).
3. If 𝑡 ≡ 𝑓 (𝑡 1, . . . , 𝑡𝑛 ), then
Val𝑠𝔐 (𝑡) = 𝑓 𝔐 (Val𝑠𝔐 (𝑡 1 ), . . . , Val𝑠𝔐 (𝑡𝑛 )) and
𝔐′ 𝔐′ 𝔐′
Valℎ◦𝑠 (𝑡) =𝑓 𝔐
(Valℎ◦𝑠 (𝑡 1 ), . . . , Valℎ◦𝑠 (𝑡𝑛 )).
′
The induction hypothesis is that for each 𝑖, ℎ(Val𝑠𝔐 (𝑡𝑖 )) = Valℎ◦𝑠
𝔐
(𝑡𝑖 ). So,
ℎ(Val𝑠𝔐 (𝑡)) = ℎ(𝑓 𝔐 (Val𝑠𝔐 (𝑡 1 ), . . . , Val𝑠𝔐 (𝑡𝑛 ))
′ ′
𝔐
= ℎ(𝑓 𝔐 (Valℎ◦𝑠 (𝑡 1 ), . . . , Valℎ◦𝑠
𝔐
(𝑡𝑛 )) (8.1)
𝔐′ 𝔐′ 𝔐′
=𝑓 (Valℎ◦𝑠 (𝑡 1 ), . . . , Valℎ◦𝑠 (𝑡𝑛 )) (8.2)
𝔐′
= Valℎ◦𝑠 (𝑡)
Here, eq. (8.1) follows by induction hypothesis and eq. (8.2) by (5) of Defini-
tion 8.8.
Part (b) is left as an exercise.
If 𝜑 is a sentence, the assignments 𝑠 and ℎ ◦ 𝑠 are irrelevant, and we have 𝔐 ⊨ 𝜑
iff 𝔐 ′ ⊨ 𝜑. □
Definition 8.10. An automorphism of a structure 𝔐 is an isomorphism of 𝔐 onto
itself.

113
8. Basics of Model Theory

8.5 The Theory of a Structure

Every structure 𝔐 makes some sentences true, and some false. The set of all the
sentences it makes true is called its theory. That set is in fact a theory, since anything
it entails must be true in all its models, including 𝔐.

Definition 8.11. Given a structure 𝔐, the theory of 𝔐 is the set Th(𝔐) of sentences
that are true in 𝔐, i.e., Th(𝔐) = {𝜑 | 𝔐 ⊨ 𝜑 }.

We also use the term “theory” informally to refer to sets of sentences having an
intended interpretation, whether deductively closed or not.

Proposition 8.12. For any 𝔐, Th(𝔐) is complete.

Proof. For any sentence 𝜑 either 𝔐 ⊨ 𝜑 or 𝔐 ⊨ ¬𝜑, so either 𝜑 ∈ Th(𝔐) or ¬𝜑 ∈

Th(𝔐). □

Proposition 8.13. If 𝔑 |= 𝜑 for every 𝜑 ∈ Th(𝔐), then 𝔐 ≡ 𝔑.

Proof. Since 𝔑 ⊨ 𝜑 for all 𝜑 ∈ Th(𝔐), Th(𝔐) ⊆ Th(𝔑). If 𝔑 ⊨ 𝜑, then 𝔑 ⊭ ¬𝜑, so

¬𝜑 ∉ Th(𝔐). Since Th(𝔐) is complete, 𝜑 ∈ Th(𝔐). So, Th(𝔑) ⊆ Th(𝔐), and we
have 𝔐 ≡ 𝔑. □

Remark 2. Consider ℜ = ⟨R, <⟩, the structure whose domain is the set R of the real
numbers, in the language comprising only a 2-place predicate symbol interpreted
as the < relation over the reals. Clearly ℜ is uncountable; however, since Th(ℜ) is
obviously consistent, by the Löwenheim-Skolem theorem it has a countable model,
say 𝔖, and by Proposition 8.13, ℜ ≡ 𝔖. Moreover, since ℜ and 𝔖 are not isomorphic,
this shows that the converse of Theorem 8.9 fails in general.

8.6 Models of Arithmetic

The standard model of aritmetic is the structure 𝔑 with |𝔑| = N in which 0, ′, +, ×,
and < are interpreted as you would expect. That is, 0 is 0, ′ is the successor function,
+ is interpeted as addition and × as multiplication of the numbers in N. Specifically,

0𝔑 = 0
′𝔑 (𝑛) = 𝑛 + 1
+𝔑 (𝑛, 𝑚) = 𝑛 + 𝑚
×𝔑 (𝑛, 𝑚) = 𝑛𝑚

Of course, there are structures for L𝐴 that have domains other than N. For instance,
we can take 𝔐 with domain |𝔐| = {𝑎}∗ (the finite sequences of the single symbol 𝑎,
i.e., ∅, 𝑎, 𝑎𝑎, 𝑎𝑎𝑎, . . . ), and interpretations

0𝔐 = ∅
′𝔐 (𝑠) = 𝑠 ⌢ 𝑎
+𝔐 (𝑛, 𝑚) = 𝑎𝑛+𝑚
×𝔐 (𝑛, 𝑚) = 𝑎𝑛𝑚

114
 8.7. Standard Models of Arithmetic

These two structures are “essentially the same” in the sense that the only difference
is the elements of the domains but not how the elements of the domains are related
among each other by the interpretation functions. We say that the two structures are
isomorphic.
It is an easy consequence of the compactness theorem that any theory true in 𝔑
also has models that are not isomorphic to 𝔑. Such structures are called non-standard.
The interesting thing about them is that while the elements of a standard model (i.e.,
𝔑, but also all structures isomorphic to it) are exhausted by the values of the standard
numerals 𝑛, i.e.,
|𝔑| = {Val𝔑 (𝑛) | 𝑛 ∈ N}
that isn’t the case in non-standard models: if 𝔐 is non-standard, then there is at least
one 𝑥 ∈ |𝔐| such that 𝑥 ≠ Val𝔐 (𝑛) for all 𝑛.
Definition 8.14. The theory of true arithmetic is the set of sentences satisfied in the
standard model of arithmetic, i.e.,

TA = {𝜑 | 𝔑 ⊨ 𝜑 }.

Definition 8.15. The theory Q axiomatized by the following sentences is known as

“Robinson’s Q” and is a very simple theory of arithmetic.

∀𝑥 ∀𝑦 (𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦) (𝑄 1 )
∀𝑥 0 ≠ 𝑥 ′
(𝑄 2 )
∀𝑥 (𝑥 ≠ 0 → ∃𝑦 𝑥 = 𝑦 ) ′
(𝑄 3 )
∀𝑥 (𝑥 + 0) = 𝑥 (𝑄 4 )
∀𝑥 ∀𝑦 (𝑥 + 𝑦 ′ ) = (𝑥 + 𝑦) ′ (𝑄 5 )
∀𝑥 (𝑥 × 0) = 0 (𝑄 6 )
′
∀𝑥 ∀𝑦 (𝑥 × 𝑦 ) = ((𝑥 × 𝑦) + 𝑥) (𝑄 7 )
′
∀𝑥 ∀𝑦 (𝑥 < 𝑦 ↔ ∃𝑧 (𝑧 + 𝑥) = 𝑦) (𝑄 8 )

The set of sentences {𝑄 1, . . . , 𝑄 8 } are the axioms of Q, so Q consists of all sentences

entailed by them:
Q = {𝜑 | {𝑄 1, . . . , 𝑄 8 } ⊨ 𝜑 }.

Definition 8.16. Suppose 𝜑 (𝑥) is a formula in L𝐴 with free variables 𝑥 and 𝑦1 , . . . ,

𝑦𝑛 . Then any sentence of the form

∀𝑦1 . . . ∀𝑦𝑛 ((𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥))

is an instance of the induction schema.

Peano arithmetic PA is the theory axiomatized by the axioms of Q together with
all instances of the induction schema.

8.7 Standard Models of Arithmetic

The language of arithmetic L𝐴 is obviously intended to be about numbers, specifically,
about natural numbers. So, “the” standard model 𝔑 is special: it is the model we want
to talk about. But in logic, we are often just interested in structural properties, and
any two structures that are isomorphic share those. So we can be a bit more liberal,
and consider any structure that is isomorphic to 𝔑 “standard.”

115
8. Basics of Model Theory

Definition 8.17. A structure for L𝐴 is standard if it is isomorphic to 𝔑.

Proposition 8.18. If a structure 𝔐 is standard, then its domain is the set of values of
the standard numerals, i.e.,

|𝔐| = {Val𝔐 (𝑛) | 𝑛 ∈ N}

Proof. Clearly, every Val𝔐 (𝑛) ∈ |𝔐|. We just have to show that every 𝑥 ∈ |𝔐| is
equal to Val𝔐 (𝑛) for some 𝑛. Since 𝔐 is standard, it is isomorphic to 𝔑. Suppose
𝑔 : N → |𝔐| is an isomorphism. Then 𝑔(𝑛) = 𝑔(Val𝔑 (𝑛)) = Val𝔐 (𝑛). But for every
𝑥 ∈ |𝔐|, there is an 𝑛 ∈ N such that 𝑔(𝑛) = 𝑥, since 𝑔 is surjective. □

If a structure 𝔐 for L𝐴 is standard, the elements of its domain can all be named
by the standard numerals 0, 1, 2, . . . , i.e., the terms 0, 0′ , 0′′ , etc. Of course, this does
not mean that the elements of |𝔐| are the numbers, just that we can pick them out
the same way we can pick out the numbers in |𝔑|.
Proposition 8.19. If 𝔐 ⊨ Q, and |𝔐| = {Val𝔐 (𝑛) | 𝑛 ∈ N}, then 𝔐 is standard.

Proof. We have to show that 𝔐 is isomorphic to 𝔑. Consider the function 𝑔 : N → |𝔐|

defined by 𝑔(𝑛) = Val𝔐 (𝑛). By the hypothesis, 𝑔 is surjective. It is also injective:
Q ⊢ 𝑛 ≠ 𝑚 whenever 𝑛 ≠ 𝑚. Thus, since 𝔐 ⊨ Q, 𝔐 ⊨ 𝑛 ≠ 𝑚, whenever 𝑛 ≠ 𝑚. Thus,
if 𝑛 ≠ 𝑚, then Val𝔐 (𝑛) ≠ Val𝔐 (𝑚), i.e., 𝑔(𝑛) ≠ 𝑔(𝑚).
We also have to verify that 𝑔 is an isomorphism.
1. We have 𝑔(0𝔑 ) = 𝑔(0) since, 0𝔑 = 0. By definition of 𝑔, 𝑔(0) = Val𝔐 (0). But
0 is just 0, and the value of a term which happens to be a constant symbol is
given by what the structure assigns to that constant symbol, i.e., Val𝔐 (0) = 0𝔐 .
So we have 𝑔(0𝔑 ) = 0𝔐 as required.
2. 𝑔(′𝔑 (𝑛)) = 𝑔(𝑛 + 1), since ′ in 𝔑 is the successor function on N. Then, 𝑔(𝑛 + 1) =
Val𝔐 (𝑛 + 1) by definition of 𝑔. But 𝑛 + 1 is the same term as 𝑛 ′ , so Val𝔐 (𝑛 + 1) =
Val𝔐 (𝑛 ′ ). By the definition of the value function, this is = ′𝔐 (Val𝔐 (𝑛)). Since
Val𝔐 (𝑛) = 𝑔(𝑛) we get 𝑔(′𝔑 (𝑛)) = ′𝔐 (𝑔(𝑛)).
3. 𝑔(+𝔑 (𝑛, 𝑚)) = 𝑔(𝑛 + 𝑚), since + in 𝔑 is the addition function on N. Then,
𝑔(𝑛 + 𝑚) = Val𝔐 (𝑛 + 𝑚) by definition of 𝑔. But Q ⊢ 𝑛 + 𝑚 = (𝑛 + 𝑚), so
Val𝔐 (𝑛 + 𝑚) = Val𝔐 (𝑛 + 𝑚). By the definition of the value function, this is
= +𝔐 (Val𝔐 (𝑛), Val𝔐 (𝑚)). Since Val𝔐 (𝑛) = 𝑔(𝑛) and Val𝔐 (𝑚) = 𝑔(𝑚), we get
𝑔(+𝔑 (𝑛, 𝑚)) = +𝔐 (𝑔(𝑛), 𝑔(𝑚)).
4. 𝑔(×𝔑 (𝑛, 𝑚)) = ×𝔐 (𝑔(𝑛), 𝑔(𝑚)): Exercise.
5. ⟨𝑛, 𝑚⟩ ∈ <𝔑 iff 𝑛 < 𝑚. If 𝑛 < 𝑚, then Q ⊢ 𝑛 < 𝑚, and also 𝔐 ⊨ 𝑛 < 𝑚. Thus
⟨Val𝔐 (𝑛), Val𝔐 (𝑚)⟩ ∈ <𝔐 , i.e., ⟨𝑔(𝑛), 𝑔(𝑚)⟩ ∈ <𝔐 . If 𝑛 ≮ 𝑚, then Q ⊢ ¬𝑛 < 𝑚,
and consequently 𝔐 ⊭ 𝑛 < 𝑚. Thus, as before, ⟨𝑔(𝑛), 𝑔(𝑚)⟩ ∉ <𝔐 . Together,
we get: ⟨𝑛, 𝑚⟩ ∈ <𝔑 iff ⟨𝑔(𝑛), 𝑔(𝑚)⟩ ∈ <𝔐 . □

The function 𝑔 is the most obvious way of defining a mapping from N to the
domain of any other structure 𝔐 for L𝐴 , since every such 𝔐 contains elements named
by 0, 1, 2, etc. So it isn’t surprising that if 𝔐 makes at least some basic statements
about the 𝑛’s true in the same way that 𝔑 does, and 𝑔 is also bijective, then 𝑔 will
turn into an isomorphism. In fact, if |𝔐| contains no elements other than what the
𝑛’s name, it’s the only one.

116
 8.8. Non-Standard Models

Proposition 8.20. If 𝔐 is standard, then 𝑔 from the proof of Proposition 8.19 is the
only isomorphism from 𝔑 to 𝔐.

Proof. Suppose ℎ : N → |𝔐| is an isomorphism between 𝔑 and 𝔐. We show that

𝑔 = ℎ by induction on 𝑛. If 𝑛 = 0, then 𝑔(0) = 0𝔐 by definition of 𝑔. But since ℎ is an
isomorphism, ℎ(0) = ℎ(0𝔑 ) = 0𝔐 , so 𝑔(0) = ℎ(0).
Now consider the case for 𝑛 + 1. We have

𝑔(𝑛 + 1) = Val𝔐 (𝑛 + 1) by definition of 𝑔

= Val𝔐 (𝑛 ′ ) since 𝑛 + 1 ≡ 𝑛 ′
= ′𝔐 (Val𝔐 (𝑛)) by definition of Val𝔐 (𝑡 ′ )
= ′𝔐 (𝑔(𝑛)) by definition of 𝑔
= ′𝔐 (ℎ(𝑛)) by induction hypothesis
= ℎ(′𝔑 (𝑛)) since ℎ is an isomorphism
= ℎ(𝑛 + 1) □

For any countably infinite set 𝑀, there’s a bijection between N and 𝑀, so every
such set 𝑀 is potentially the domain of a standard model 𝔐. In fact, once you pick
an object 𝑧 ∈ 𝑀 and a suitable function 𝑠 as 0𝔐 and ′𝔐 , the interpretations of +, ×,
and < is already fixed. Only functions 𝑠 : 𝑀 → 𝑀 \ {𝑧} that are both injective and
surjective are suitable in a standard model as ′𝔐 . The range of 𝑠 cannot contain 𝑧,
since otherwise ∀𝑥 0 ≠ 𝑥 ′ would be false. That sentence is true in 𝔑, and so 𝔐 also
has to make it true. The function 𝑠 has to be injective, since the successor function ′𝔑
in 𝔑 is, and that ′𝔑 is injective is expressed by a sentence true in 𝔑. It has to be
surjective because otherwise there would be some 𝑥 ∈ 𝑀 \ {𝑧} not in the domain of 𝑠,
i.e., the sentence ∀𝑥 (𝑥 = 0 ∨ ∃𝑦 𝑦 ′ = 𝑥) would be false in 𝔐—but it is true in 𝔑.

8.8 Non-Standard Models

We call a structure for L𝐴 standard if it is isomorphic to 𝔑. If a structure isn’t
isomorphic to 𝔑, it is called non-standard.
Definition 8.21. A structure 𝔐 for L𝐴 is non-standard if it is not isomorphic to 𝔑.
The elements 𝑥 ∈ |𝔐| which are equal to Val𝔐 (𝑛) for some 𝑛 ∈ N are called standard
numbers (of 𝔐), and those not, non-standard numbers.

By Proposition 8.18, any standard structure for L𝐴 contains only standard elements.
Consequently, a non-standard structure must contain at least one non-standard
element. In fact, the existence of a non-standard element guarantees that the structure
is non-standard.
Proposition 8.22. If a structure 𝔐 for L𝐴 contains a non-standard number, 𝔐 is
non-standard.

Proof. Suppose not, i.e., suppose 𝔐 standard but contains a non-standard number 𝑥.
Let 𝑔 : N → |𝔐| be an isomorphism. It is easy to see (by induction on 𝑛) that
𝑔(Val𝔑 (𝑛)) = Val𝔐 (𝑛). In other words, 𝑔 maps standard numbers of 𝔑 to standard
numbers of 𝔐. If 𝔐 contains a non-standard number, 𝑔 cannot be surjective, contrary
to hypothesis. □

117
8. Basics of Model Theory

It is easy enough to specify non-standard structures for L𝐴 . For instance, take the
structure with domain Z and interpret all non-logical symbols as usual. Since negative
numbers are not values of 𝑛 for any 𝑛, this structure is non-standard. Of course, it will
not be a model of arithmetic in the sense that it makes the same sentences true as 𝔑.
For instance, ∀𝑥 𝑥 ′ ≠ 0 is false. However, we can prove that non-standard models of
arithmetic exist easily enough, using the compactness theorem.
Proposition 8.23. Let TA = {𝜑 | 𝔑 ⊨ 𝜑 } be the theory of 𝔑. TA has a countable
non-standard model.

Proof. Expand L𝐴 by a new constant symbol 𝑐 and consider the set of sentences

Γ = TA ∪ {𝑐 ≠ 0, 𝑐 ≠ 1, 𝑐 ≠ 2, . . . }

Any model 𝔐𝑐 of Γ would contain an element 𝑥 = 𝑐 𝔐 which is non-standard, since

𝑥 ≠ Val𝔐 (𝑛) for all 𝑛 ∈ N. Also, obviously, 𝔐𝑐 ⊨ TA, since TA ⊆ Γ. If we turn 𝔐𝑐
into a structure 𝔐 for L𝐴 simply by forgetting about 𝑐, its domain still contains the
non-standard 𝑥, and also 𝔐 ⊨ TA. The latter is guaranteed since 𝑐 does not occur
in TA. So, it suffices to show that Γ has a model.
We use the compactness theorem to show that Γ has a model. If every finite
subset of Γ is satisfiable, so is Γ. Consider any finite subset Γ0 ⊆ Γ. Γ0 includes some
sentences of TA and some of the form 𝑐 ≠ 𝑛, but only finitely many. Suppose 𝑘 is
the largest number so that 𝑐 ≠ 𝑘 ∈ Γ0 . Define 𝔑𝑘 by expanding 𝔑 to include the
interpretation 𝑐 𝔑𝑘 = 𝑘 + 1. 𝔑𝑘 ⊨ Γ0 : if 𝜑 ∈ TA, 𝔑𝑘 ⊨ 𝜑 since 𝔑𝑘 is just like 𝔑 in
all respects except 𝑐, and 𝑐 does not occur in 𝜑. And 𝔑𝑘 ⊨ 𝑐 ≠ 𝑛, since 𝑛 ≤ 𝑘, and
Val𝔑𝑘 (𝑐) = 𝑘 + 1. Thus, every finite subset of Γ is satisfiable. □

Problems
Problem 8.1. Prove Proposition 8.2.

Problem 8.2. Carry out the proof of (b) of Theorem 8.9 in detail. Make sure to note
where each of the five properties characterizing isomorphisms of Definition 8.8 is
used.

Problem 8.3. Show that for any structure 𝔐, if 𝑋 is a definable subset of 𝔐, and ℎ
is an automorphism of 𝔐, then 𝑋 = {ℎ(𝑥) | 𝑥 ∈ 𝑋 } (i.e., 𝑋 is fixed under ℎ).

Problem 8.4. Show that the converse of Proposition 8.18 is false, i.e., give an example
of a structure 𝔐 with |𝔐| = {Val𝔐 (𝑛) | 𝑛 ∈ N} that is not isomorphic to 𝔑.

Problem 8.5. Recall that Q contains the axioms

∀𝑥 ∀𝑦 (𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦) (𝑄 1 )
∀𝑥 0 ≠ 𝑥 ′
(𝑄 2 )
∀𝑥 (𝑥 = 0 ∨ ∃𝑦 𝑥 = 𝑦 ) ′
(𝑄 3 )

Give structures 𝔐1 , 𝔐2 , 𝔐3 such that

1. 𝔐1 ⊨ 𝑄 1 , 𝔐1 ⊨ 𝑄 2 , 𝔐1 ⊭ 𝑄 3 ;
2. 𝔐2 ⊨ 𝑄 1 , 𝔐2 ⊭ 𝑄 2 , 𝔐2 ⊨ 𝑄 3 ; and

118
 8.8. Non-Standard Models

3. 𝔐3 ⊭ 𝑄 1 , 𝔐3 ⊨ 𝑄 2 , 𝔐3 ⊨ 𝑄 3 ;

Obviously, you just have to specify 0𝔐𝑖 and ′𝔐𝑖 for each.

119
 Part III

Second-order Logic

Chapter 9

Syntax and Semantics

9.1 Introduction
In first-order logic, we combine the non-logical symbols of a given language, i.e.,
its constant symbols, function symbols, and predicate symbols, with the logical
symbols to express things about first-order structures. This is done using the notion of
satisfaction, which relates a structure 𝔐, together with a variable assignment 𝑠, and
a formula 𝜑: 𝔐, 𝑠 ⊨ 𝜑 holds iff what 𝜑 expresses when its constant symbols, function
symbols, and predicate symbols are interpreted as 𝔐 says, and its free variables
are interpreted as 𝑠 says, is true. The interpretation of the identity predicate = is
built into the definition of 𝔐, 𝑠 ⊨ 𝜑, as is the interpretation of ∀ and ∃. The former
is always interpreted as the identity relation on the domain |𝔐| of the structure,
and the quantifiers are always interpreted as ranging over the entire domain. But,
crucially, quantification is only allowed over elements of the domain, and so only
object variables are allowed to follow a quantifier.
In second-order logic, both the language and the definition of satisfaction are ex-
tended to include free and bound function and predicate variables, and quantification
over them. These variables are related to function symbols and predicate symbols the
same way that object variables are related to constant symbols. They play the same
role in the formation of terms and formulas of second-order logic, and quantification
over them is handled in a similar way. In the standard semantics, the second-order
quantifiers range over all possible objects of the right type (𝑛-place functions from |𝔐|
to |𝔐| for function variables, 𝑛-place relations for predicate variables). For instance,
while ∀𝑣 0 (𝑃01 (𝑣 0 ) ∨ ¬𝑃01 (𝑣 0 )) is a formula in both first- and second-order logic, in the
latter we can also consider ∀𝑉01 ∀𝑣 0 (𝑉01 (𝑣 0 ) ∨¬𝑉01 (𝑣 0 )) and ∃𝑉01 ∀𝑣 0 (𝑉01 (𝑣 0 ) ∨¬𝑉01 (𝑣 0 )).
Since these contain no free variables, they are sentences of second-order logic. Here,
𝑉01 is a second-order 1-place predicate variable. The allowable interpretations of 𝑉01
are the same that we can assign to a 1-place predicate symbol like 𝑃01 , i.e., subsets
of |𝔐|. Quantification over them then amounts to saying that ∀𝑣 0 (𝑉01 (𝑣 0 ) ∨ ¬𝑉01 (𝑣 0 ))
holds for all ways of assigning a subset of |𝔐| as the value of 𝑉01 , or for at least one.

121
9. Syntax and Semantics

Since every set either contains or fails to contain a given object, both are true in any
structure.

9.2 Terms and Formulas

Like in first-order logic, expressions of second-order logic are built up from a basic
vocabulary containing variables, constant symbols, predicate symbols and sometimes
function symbols. From them, together with logical connectives, quantifiers, and
punctuation symbols such as parentheses and commas, terms and formulas are formed.
The difference is that in addition to variables for objects, second-order logic also
contains variables for relations and functions, and allows quantification over them.
So the logical symbols of second-order logic are those of first-order logic, plus:

1. A countably infinite set of second-order relation variables of every arity 𝑛: 𝑉0𝑛 ,

𝑉1𝑛 , 𝑉2𝑛 , . . .

2. A countably infinite set of second-order function variables: 𝑢 𝑛0 , 𝑢 𝑛1 , 𝑢 𝑛2 , . . .

Just as we use 𝑥, 𝑦, 𝑧 as meta-variables for first-order variables 𝑣𝑖 , we’ll use 𝑋 , 𝑌 ,

𝑍 , etc., as metavariables for 𝑉𝑖𝑛 and 𝑢, 𝑣, etc., as meta-variables for 𝑢𝑖𝑛 .
The non-logical symbols of a second-order language are specified the same way a
first-order language is: by listing its constant symbols, function symbols, and predicate
symbols.
In first-order logic, the identity predicate = is usually included. In first-order logic,
the non-logical symbols of a language L are crucial to allow us to express anything
interesting. There are of course sentences that use no non-logical symbols, but with
only = it is hard to say anything interesting. In second-order logic, since we have an
unlimited supply of relation and function variables, we can say anything we can say
in a first-order language even without a special supply of non-logical symbols.

Definition 9.1 (Second-order Terms). The set of second-order terms of L, Trm2 (L),
is defined by adding to Definition 4.4 the clause

1. If 𝑢 is an 𝑛-place function variable and 𝑡 1 , . . . , 𝑡𝑛 are terms, then 𝑢 (𝑡 1, . . . , 𝑡𝑛 ) is

a term.

So, a second-order term looks just like a first-order term, except that where a
first-order term contains a function symbol 𝑓𝑖𝑛 , a second-order term may contain a
function variable 𝑢𝑖𝑛 in its place.

Definition 9.2 (Second-order formula). The set of second-order formulas Frm2 (L)
of the language L is defined by adding to Definition 4.4 the clauses

1. If 𝑋 is an 𝑛-place predicate variable and 𝑡 1 , . . . , 𝑡𝑛 are second-order terms of L,

then 𝑋 (𝑡 1, . . . , 𝑡𝑛 ) is an atomic formula.

2. If 𝜑 is a formula and 𝑢 is a function variable, then ∀𝑢 𝜑 is a formula.

3. If 𝜑 is a formula and 𝑋 is a predicate variable, then ∀𝑋 𝜑 is a formula.

4. If 𝜑 is a formula and 𝑢 is a function variable, then ∃𝑢 𝜑 is a formula.

5. If 𝜑 is a formula and 𝑋 is a predicate variable, then ∃𝑋 𝜑 is a formula.

122
 9.3. Satisfaction

9.3 Satisfaction
To define the satisfaction relation 𝔐, 𝑠 ⊨ 𝜑 for second-order formulas, we have to
extend the definitions to cover second-order variables. The notion of a structure is
the same for second-order logic as it is for first-order logic. There is only a difference
for variable assignments 𝑠: these now must not just provide values for the first-order
variables, but also for the second-order variables.
Definition 9.3 (Variable Assignment). A variable assignment 𝑠 for a structure 𝔐
is a function which maps each
1. object variable 𝑣𝑖 to an element of |𝔐|, i.e., 𝑠 (𝑣𝑖 ) ∈ |𝔐|
2. 𝑛-place relation variable 𝑉𝑖𝑛 to an 𝑛-place relation on |𝔐|, i.e., 𝑠 (𝑉𝑖𝑛 ) ⊆ |𝔐|𝑛 ;
3. 𝑛-place function variable 𝑢𝑖𝑛 to an 𝑛-place function from |𝔐| to |𝔐|, i.e.,
𝑠 (𝑢𝑖𝑛 ) : |𝔐|𝑛 → |𝔐|;

A structure assigns a value to each constant symbol and function symbol, and a
second-order variable assignment assigns objects and functions to each object and
function variable. Together, they let us assign a value to every term.
Definition 9.4 (Value of a Term). If 𝑡 is a term of the language L, 𝔐 is a structure
for L, and 𝑠 is a variable assignment for 𝔐, the value Val𝑠𝔐 (𝑡) is defined as for
first-order terms, plus the following clause:
𝑡 ≡ 𝑢 (𝑡 1, . . . , 𝑡𝑛 ):

Val𝑠𝔐 (𝑡) = 𝑠 (𝑢) (Val𝑠𝔐 (𝑡 1 ), . . . , Val𝑠𝔐 (𝑡𝑛 )).

Definition 9.5 (𝑥-Variant). If 𝑠 is a variable assignment for a structure 𝔐, then any

variable assignment 𝑠 ′ for 𝔐 which differs from 𝑠 at most in what it assigns to 𝑥
is called an 𝑥-variant of 𝑠. If 𝑠 ′ is an 𝑥-variant of 𝑠 we write 𝑠 ′ ∼𝑥 𝑠. (Similarly for
second-order variables 𝑋 or 𝑢.)

Definition 9.6. If 𝑠 is a variable assignment for a structure 𝔐 and 𝑚 ∈ |𝔐|, then

the assignment 𝑠 [𝑚/𝑥] is the variable assignment defined by
(
𝑚 if 𝑦 ≡ 𝑥
𝑠 [𝑚/𝑦] =
𝑠 (𝑦) otherwise,

If 𝑋 is an 𝑛-place relation variable and 𝑀 ⊆ |𝔐|𝑛 , then 𝑠 [𝑀/𝑋 ] is the variable

assignment defined by
(
𝑀 if 𝑦 ≡ 𝑋
𝑠 [𝑀/𝑦] =
𝑠 (𝑦) otherwise.

If 𝑢 is an 𝑛-place function variable and 𝑓 : |𝔐|𝑛 → |𝔐|, then 𝑠 [𝑓 /𝑢] is the variable
assignment defined by (
𝑓 if 𝑦 ≡ 𝑢
𝑠 [𝑓 /𝑦] =
𝑠 (𝑦) otherwise.
In each case, 𝑦 may be any first- or second-order variable.

123
9. Syntax and Semantics

Definition 9.7 (Satisfaction). For second-order formulas 𝜑, the definition of satis-

faction is like Definition 4.40 with the addition of:
1. 𝜑 ≡ 𝑋 𝑛 (𝑡 1, . . . , 𝑡𝑛 ): 𝔐, 𝑠 ⊨ 𝜑 iff ⟨Val𝑠𝔐 (𝑡 1 ), . . . , Val𝑠𝔐 (𝑡𝑛 )⟩ ∈ 𝑠 (𝑋 𝑛 ).
2. 𝜑 ≡ ∀𝑋 𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff for every 𝑀 ⊆ |𝔐|𝑛 , 𝔐, 𝑠 [𝑀/𝑋 ] ⊨ 𝜓 .
3. 𝜑 ≡ ∃𝑋 𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff for at least one 𝑀 ⊆ |𝔐|𝑛 so that 𝔐, 𝑠 [𝑀/𝑋 ] ⊨ 𝜓 .
4. 𝜑 ≡ ∀𝑢 𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff for every 𝑓 : |𝔐|𝑛 → |𝔐|, 𝔐, 𝑠 [𝑓 /𝑢] ⊨ 𝜓 .
5. 𝜑 ≡ ∃𝑢 𝜓 : 𝔐, 𝑠 ⊨ 𝜑 iff for at least one 𝑓 : |𝔐|𝑛 → |𝔐| so that 𝔐, 𝑠 [𝑓 /𝑢] ⊨ 𝜓 .

Example 9.8. Consider the formula ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧)). It contains no second-order

quantifiers, but does contain the second-order variables 𝑋 and 𝑌 (here understood to
be one-place). The corresponding first-order sentence ∀𝑧 (𝑃 (𝑧) ↔ ¬𝑅(𝑧)) says that
whatever falls under the interpretation of 𝑃 does not fall under the interpretation
of 𝑅 and vice versa. In a structure, the interpretation of a predicate symbol 𝑃 is
given by the interpretation 𝑃 𝔐 . But for second-order variables like 𝑋 and 𝑌 , the
interpretation is provided, not by the structure itself, but by a variable assignment.
Since the second-order formula is not a sentence (it includes free variables 𝑋 and 𝑌 ),
it is only satisfied relative to a structure 𝔐 together with a variable assignment 𝑠.
𝔐, 𝑠 ⊨ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧)) whenever the elements of 𝑠 (𝑋 ) are not elements
of 𝑠 (𝑌 ), and vice versa, i.e., iff 𝑠 (𝑌 ) = |𝔐| \ 𝑠 (𝑋 ). For instance, take |𝔐| = {1, 2, 3}.
Since no predicate symbols, function symbols, or constant symbols are involved, the
domain of 𝔐 is all that is relevant. Now for 𝑠 1 (𝑋 ) = {1, 2} and 𝑠 1 (𝑌 ) = {3}, we have
𝔐, 𝑠 1 ⊨ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧)).
By contrast, if we have 𝑠 2 (𝑋 ) = {1, 2} and 𝑠 2 (𝑌 ) = {2, 3}, 𝔐, 𝑠 2 ⊭ ∀𝑧 (𝑋 (𝑧) ↔
¬𝑌 (𝑧)). That’s because 𝔐, 𝑠 2 [2/𝑧] ⊨ 𝑋 (𝑧) (since 2 ∈ 𝑠 2 [2/𝑧] (𝑋 )) but 𝔐, 𝑠 2 [2/𝑧] ⊭
¬𝑌 (𝑧) (since also 2 ∈ 𝑠 2 [2/𝑧] (𝑌 )).

Example 9.9. 𝔐, 𝑠 ⊨ ∃𝑌 (∃𝑦 𝑌 (𝑦) ∧ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧))) if there is an 𝑁 ⊆ |𝔐| such

that 𝔐, 𝑠 [𝑁 /𝑌 ] ⊨ (∃𝑦 𝑌 (𝑦) ∧ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧))). And that is the case for any 𝑁 ≠ ∅
(so that 𝔐, 𝑠 [𝑁 /𝑌 ] ⊨ ∃𝑦 𝑌 (𝑦)) and, as in the previous example, 𝑀 = |𝔐| \ 𝑠 (𝑋 ). In
other words, 𝔐, 𝑠 ⊨ ∃𝑌 (∃𝑦 𝑌 (𝑦) ∧ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧))) iff |𝔐| \ 𝑠 (𝑋 ) is non-empty,
i.e., 𝑠 (𝑋 ) ≠ |𝔐|. So, the formula is satisfied, e.g., if |𝔐| = {1, 2, 3} and 𝑠 (𝑋 ) = {1, 2},
but not if 𝑠 (𝑋 ) = {1, 2, 3} = |𝔐|.
Since the formula is not satisfied whenever 𝑠 (𝑋 ) = |𝔐|, the sentence
∀𝑋 ∃𝑌 (∃𝑦 𝑌 (𝑦) ∧ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧)))
is never satisfied: For any structure 𝔐, the assignment 𝑠 (𝑋 ) = |𝔐| will make the
sentence false. On the other hand, the sentence
∃𝑋 ∃𝑌 (∃𝑦 𝑌 (𝑦) ∧ ∀𝑧 (𝑋 (𝑧) ↔ ¬𝑌 (𝑧)))
is satisfied relative to any assignment 𝑠, since we can always find 𝑀 ⊆ |𝔐| but
𝑀 ≠ |𝔐| (e.g., 𝑀 = ∅).

Example 9.10. The second-order sentence ∀𝑋 ∀𝑦 𝑋 (𝑦) says that every 1-place rela-
tion, i.e., every property, holds of every object. That is clearly never true, since in
every 𝔐, for a variable assignment 𝑠 with 𝑠 (𝑋 ) = ∅, and 𝑠 (𝑦) = 𝑎 ∈ |𝔐| we have
𝔐, 𝑠 ⊭ 𝑋 (𝑦). This means that 𝜑 → ∀𝑋 ∀𝑦 𝑋 (𝑦) is equivalent in second-order logic to
¬𝜑, that is: 𝔐 ⊨ 𝜑 → ∀𝑋 ∀𝑦 𝑋 (𝑦) iff 𝔐 ⊨ ¬𝜑. In other words, in second-order logic
we can define ¬ using ∀ and →.

124
 9.4. Semantic Notions

9.4 Semantic Notions

The central logical notions of validity, entailment, and satisfiability are defined the
same way for second-order logic as they are for first-order logic, except that the
underlying satisfaction relation is now that for second-order formulas. A second-
order sentence, of course, is a formula in which all variables, including predicate and
function variables, are bound.

Definition 9.11 (Validity). A sentence 𝜑 is valid, ⊨ 𝜑, iff 𝔐 ⊨ 𝜑 for every struc-

ture 𝔐.

Definition 9.12 (Entailment). A set of sentences Γ entails a sentence 𝜑, Γ ⊨ 𝜑, iff

for every structure 𝔐 with 𝔐 ⊨ Γ, 𝔐 ⊨ 𝜑.

Definition 9.13 (Satisfiability). A set of sentences Γ is satisfiable if 𝔐 ⊨ Γ for some

structure 𝔐. If Γ is not satisfiable it is called unsatisfiable.

9.5 Expressive Power

Quantification over second-order variables is responsible for an immense increase
in the expressive power of the language over that of first-order logic. Second-order
existential quantification lets us say that functions or relations with certain properties
exists. In first-order logic, the only way to do that is to specify a non-logical symbol
(i.e., a function symbol or predicate symbol) for this purpose. Second-order universal
quantification lets us say that all subsets of, relations on, or functions from the domain
to the domain have a property. In first-order logic, we can only say that the subsets,
relations, or functions assigned to one of the non-logical symbols of the language
have a property. And when we say that subsets, relations, functions exist that have
a property, or that all of them have it, we can use second-order quantification in
specifying this property as well. This lets us define relations not definable in first-order
logic, and express properties of the domain not expressible in first-order logic.

Definition 9.14. If 𝔐 is a structure for a language L, a relation 𝑅 ⊆ |𝔐| 2 is definable

in L if there is some formula 𝜑𝑅 (𝑥, 𝑦) with only the variables 𝑥 and 𝑦 free, such that
𝑅(𝑎, 𝑏) holds (i.e., ⟨𝑎, 𝑏⟩ ∈ 𝑅) iff 𝔐, 𝑠 ⊨ 𝜑𝑅 (𝑥, 𝑦) for 𝑠 (𝑥) = 𝑎 and 𝑠 (𝑦) = 𝑏.

Example 9.15. In first-order logic we can define the identity relation Id |𝔐 | (i.e.,
{⟨𝑎, 𝑎⟩ | 𝑎 ∈ |𝔐|}) by the formula 𝑥 = 𝑦. In second-order logic, we can define this
relation without =. For if 𝑎 and 𝑏 are the same element of |𝔐|, then they are elements
of the same subsets of |𝔐| (since sets are determined by their elements). Conversely,
if 𝑎 and 𝑏 are different, then they are not elements of the same subsets: e.g., 𝑎 ∈ {𝑎}
but 𝑏 ∉ {𝑎} if 𝑎 ≠ 𝑏. So “being elements of the same subsets of |𝔐|” is a relation that
holds of 𝑎 and 𝑏 iff 𝑎 = 𝑏. It is a relation that can be expressed in second-order logic,
since we can quantify over all subsets of |𝔐|. Hence, the following formula defines
Id |𝔐 | :
∀𝑋 (𝑋 (𝑥) ↔ 𝑋 (𝑦))

Example 9.16. If 𝑅 is a two-place predicate symbol, 𝑅 𝔐 is a two-place relation on |𝔐|.

Perhaps somewhat confusingly, we’ll use 𝑅 as the predicate symbol for 𝑅 and for the
relation 𝑅 𝔐 itself. The transitive closure 𝑅 ∗ of 𝑅 is the relation that holds between 𝑎
and 𝑏 iff for some 𝑐 1 , . . . , 𝑐𝑘 , 𝑅(𝑎, 𝑐 1 ), 𝑅(𝑐 1, 𝑐 2 ), . . . , 𝑅(𝑐𝑘 , 𝑏) holds. This includes the case

125
9. Syntax and Semantics

if 𝑘 = 0, i.e., if 𝑅(𝑎, 𝑏) holds, so does 𝑅 ∗ (𝑎, 𝑏). This means that 𝑅 ⊆ 𝑅 ∗ . In fact, 𝑅 ∗ is
the smallest relation that includes 𝑅 and that is transitive. We can say in second-order
logic that 𝑋 is a transitive relation that includes 𝑅:

𝜓𝑅 (𝑋 ) ≡ ∀𝑥 ∀𝑦 (𝑅(𝑥, 𝑦) → 𝑋 (𝑥, 𝑦)) ∧

∀𝑥 ∀𝑦 ∀𝑧 ((𝑋 (𝑥, 𝑦) ∧ 𝑋 (𝑦, 𝑧)) → 𝑋 (𝑥, 𝑧)).

The first conjunct says that 𝑅 ⊆ 𝑋 and the second that 𝑋 is transitive.
To say that 𝑋 is the smallest such relation is to say that it is itself included in
every relation that includes 𝑅 and is transitive. So we can define the transitive closure
of 𝑅 by the formula

𝑅 ∗ (𝑋 ) ≡ 𝜓𝑅 (𝑋 ) ∧ ∀𝑌 (𝜓𝑅 (𝑌 ) → ∀𝑥 ∀𝑦 (𝑋 (𝑥, 𝑦) → 𝑌 (𝑥, 𝑦))).

We have 𝔐, 𝑠 ⊨ 𝑅 ∗ (𝑋 ) iff 𝑠 (𝑋 ) = 𝑅 ∗ . The transitive closure of 𝑅 cannot be expressed

in first-order logic.

9.6 Describing Infinite and Countable Domains

A set 𝑀 is (Dedekind) infinite iff there is an injective function 𝑓 : 𝑀 → 𝑀 which is
not surjective, i.e., with dom(𝑓 ) ≠ 𝑀. In first-order logic, we can consider a one-place
function symbol 𝑓 and say that the function 𝑓 𝔐 assigned to it in a structure 𝔐 is
injective and ran(𝑓 ) ≠ |𝔐|:

∀𝑥 ∀𝑦 (𝑓 (𝑥) = 𝑓 (𝑦) → 𝑥 = 𝑦) ∧ ∃𝑦 ∀𝑥 𝑦 ≠ 𝑓 (𝑥).

If 𝔐 satisfies this sentence, 𝑓 𝔐 : |𝔐| → |𝔐| is injective, and so |𝔐| must be infinite.
If |𝔐| is infinite, and hence such a function exists, we can let 𝑓 𝔐 be that function and
𝔐 will satisfy the sentence. However, this requires that our language contains the
non-logical symbol 𝑓 we use for this purpose. In second-order logic, we can simply
say that such a function exists. This no-longer requires 𝑓 , and we obtain the sentence
in pure second-order logic

Inf ≡ ∃𝑢 (∀𝑥 ∀𝑦 (𝑢 (𝑥) = 𝑢 (𝑦) → 𝑥 = 𝑦) ∧ ∃𝑦 ∀𝑥 𝑦 ≠ 𝑢 (𝑥)).

𝔐 ⊨ Inf iff |𝔐| is infinite. We can then define Fin ≡ ¬Inf; 𝔐 ⊨ Fin iff |𝔐| is finite.
No single sentence of pure first-order logic can express that the domain is infinite
although an infinite set of them can. There is no set of sentences of pure first-order
logic that is satisfied in a structure iff its domain is finite.
Proposition 9.17. 𝔐 ⊨ Inf iff |𝔐| is infinite.

Proof. 𝔐 ⊨ Inf iff 𝔐, 𝑠 ⊨ ∀𝑥 ∀𝑦 (𝑢 (𝑥) = 𝑢 (𝑦) → 𝑥 = 𝑦) ∧ ∃𝑦 ∀𝑥 𝑦 ≠ 𝑢 (𝑥) for some 𝑠.

If it does, 𝑠 (𝑢) is an injective function, and some 𝑦 ∈ |𝔐| is not in the domain of 𝑠 (𝑢).
Conversely, if there is an injective 𝑓 : |𝔐| → |𝔐| with dom(𝑓 ) ≠ |𝔐|, then 𝑠 (𝑢) = 𝑓
is such a variable assignment. □

A set 𝑀 is countable if there is an enumeration

𝑚 0, 𝑚 1, 𝑚 2, . . .

of its elements (without repetitions but possibly finite). Such an enumeration exists iff
there is an element 𝑧 ∈ 𝑀 and a function 𝑓 : 𝑀 → 𝑀 such that 𝑧, 𝑓 (𝑧), 𝑓 (𝑓 (𝑧)), . . . ,

126
 9.7. Second-order Logic is not Compact

are all the elements of 𝑀. For if the enumeration exists, 𝑧 = 𝑚 0 and 𝑓 (𝑚𝑘 ) = 𝑚𝑘+1 (or
𝑓 (𝑚𝑘 ) = 𝑚𝑘 if 𝑚𝑘 is the last element of the enumeration) are the requisite element
and function. On the other hand, if such a 𝑧 and 𝑓 exist, then 𝑧, 𝑓 (𝑧), 𝑓 (𝑓 (𝑧)), . . . , is
an enumeration of 𝑀, and 𝑀 is countable. We can express the existence of 𝑧 and 𝑓
in second-order logic to produce a sentence true in a structure iff the structure is
countable:

Count ≡ ∃𝑧 ∃𝑢 ∀𝑋 ((𝑋 (𝑧) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑢 (𝑥)))) → ∀𝑥 𝑋 (𝑥))

Proposition 9.18. 𝔐 ⊨ Count iff |𝔐| is countable.

Proof. Suppose |𝔐| is countable, and let 𝑚 0 , 𝑚 1 , . . . , be an enumeration. By removing

repetitions we can guarantee that no 𝑚𝑘 appears twice. Define 𝑓 (𝑚𝑘 ) = 𝑚𝑘+1 and let
𝑠 (𝑧) = 𝑚 0 and 𝑠 (𝑢) = 𝑓 . We show that

𝔐, 𝑠 ⊨ ∀𝑋 ((𝑋 (𝑧) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑢 (𝑥)))) → ∀𝑥 𝑋 (𝑥))

Suppose 𝑀 ⊆ |𝔐| is arbitrary. Suppose further that 𝔐, 𝑠 [𝑀/𝑋 ] ⊨ (𝑋 (𝑧)∧∀𝑥 (𝑋 (𝑥)→

𝑋 (𝑢 (𝑥)))). Then 𝑠 [𝑀/𝑋 ] (𝑧) ∈ 𝑀 and whenever 𝑥 ∈ 𝑀, also (𝑠 [𝑀/𝑋 ] (𝑢)) (𝑥) ∈ 𝑀.
In other words, since 𝑠 [𝑀/𝑋 ] ∼𝑋 𝑠, 𝑚 0 ∈ 𝑀 and if 𝑥 ∈ 𝑀 then 𝑓 (𝑥) ∈ 𝑀, so
𝑚 0 ∈ 𝑀, 𝑚 1 = 𝑓 (𝑚 0 ) ∈ 𝑀, 𝑚 2 = 𝑓 (𝑓 (𝑚 0 )) ∈ 𝑀, etc. Thus, 𝑀 = |𝔐|, and so
𝔐, 𝑠 [𝑀/𝑋 ] ⊨ ∀𝑥 𝑋 (𝑥). Since 𝑀 ⊆ |𝔐| was arbitrary, we are done: 𝔐 ⊨ Count.
Now assume that 𝔐 ⊨ Count, i.e.,

𝔐, 𝑠 ⊨ ∀𝑋 ((𝑋 (𝑧) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑢 (𝑥)))) → ∀𝑥 𝑋 (𝑥))

for some 𝑠. Let 𝑚 = 𝑠 (𝑧) and 𝑓 = 𝑠 (𝑢) and consider 𝑀 = {𝑚, 𝑓 (𝑚), 𝑓 (𝑓 (𝑚)), . . . }. 𝑀
so defined is clearly countable. Then

𝔐, 𝑠 [𝑀/𝑋 ] ⊨ (𝑋 (𝑧) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑢 (𝑥)))) → ∀𝑥 𝑋 (𝑥)

by assumption. Also, 𝔐, 𝑠 [𝑀/𝑋 ] ⊨ 𝑋 (𝑧) since 𝑀 ∋ 𝑚 = 𝑠 [𝑀/𝑋 ] (𝑧), and also

𝔐, 𝑠 [𝑀/𝑋 ] ⊨ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑢 (𝑥))) since whenever 𝑥 ∈ 𝑀 also 𝑓 (𝑥) ∈ 𝑀. So,
since both antecedent and conditional are satisfied, the consequent must also be:
𝔐, 𝑠 [𝑀/𝑋 ] ⊨ ∀𝑥 𝑋 (𝑥). But that means that 𝑀 = |𝔐|, and so |𝔐| is countable since
𝑀 is, by definition. □

9.7 Second-order Logic is not Compact

Call a set of sentences Γ finitely satisfiable if every one of its finite subsets is satisfiable.
First-order logic has the property that if a set of sentences Γ is finitely satisfiable,
it is satisfiable. This property is called compactness. It has an equivalent version
involving entailment: if Γ ⊨ 𝜑, then already Γ0 ⊨ 𝜑 for some finite subset Γ0 ⊆ Γ. In
this version it is an immediate corollary of the completeness theorem: for if Γ ⊨ 𝜑, by
completeness Γ ⊢ 𝜑. But a derivation can only make use of finitely many sentences
of Γ.
Compactness is not true for second-order logic. There are sets of second-order
sentences that are finitely satisfiable but not satisfiable, and that entail some 𝜑 without
a finite subset entailing 𝜑.

Theorem 9.19. Second-order logic is not compact.

127
9. Syntax and Semantics

Proof. Recall that

Inf ≡ ∃𝑢 (∀𝑥 ∀𝑦 (𝑢 (𝑥) = 𝑢 (𝑦) → 𝑥 = 𝑦) ∧ ∃𝑦 ∀𝑥 𝑦 ≠ 𝑢 (𝑥))
is satisfied in a structure iff its domain is infinite. Let 𝜑 ≥𝑛 be a sentence that asserts
that the domain has at least 𝑛 elements, e.g.,
𝜑 ≥𝑛 ≡ ∃𝑥 1 . . . ∃𝑥𝑛 (𝑥 1 ≠ 𝑥 2 ∧ 𝑥 1 ≠ 𝑥 3 ∧ · · · ∧ 𝑥𝑛−1 ≠ 𝑥𝑛 ).
Consider the set of sentences
Γ = {¬Inf, 𝜑 ≥1, 𝜑 ≥2, 𝜑 ≥3, . . . }.
It is finitely satisfiable, since for any finite subset Γ0 ⊆ Γ there is some 𝑘 so that
𝜑 ≥𝑘 ∈ Γ but no 𝜑 ≥𝑛 ∈ Γ for 𝑛 > 𝑘. If |𝔐| has 𝑘 elements, 𝔐 ⊨ Γ0 . But, Γ is not
satisfiable: if 𝔐 ⊨ ¬Inf, |𝔐| must be finite, say, of size 𝑘. Then 𝔐 ⊭ 𝜑 ≥𝑘+1 . □

9.8 The Löwenheim-Skolem Theorem Fails for Second-order

Logic
The (Downward) Löwenheim-Skolem Theorem states that every set of sentences with
an infinite model has a countable model. It, too, is a consequence of the completeness
theorem: the proof of completeness generates a model for any consistent set of
sentences, and that model is countable. There is also an Upward Löwenheim-Skolem
Theorem, which guarantees that if a set of sentences has a countably infinite model it
also has an uncountable model. Both theorems fail in second-order logic.
Theorem 9.20. The Löwenheim-Skolem Theorem fails for second-order logic: There are
sentences with infinite models but no countable models.
Proof. Recall that
Count ≡ ∃𝑧 ∃𝑢 ∀𝑋 ((𝑋 (𝑧) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑢 (𝑥)))) → ∀𝑥 𝑋 (𝑥))
is true in a structure 𝔐 iff |𝔐| is countable, so ¬Count is true in 𝔐 iff |𝔐| is un-
countable. There are such structures—take any uncountable set as the domain, e.g.,
℘(N) or R . So ¬Count has infinite models but no countable models. □
Theorem 9.21. There are sentences with countably infinite but no uncountable models.
Proof. Count ∧ Inf is true in N but not in any structure 𝔐 with |𝔐| uncountable. □

9.9 Second-order Arithmetic

Recall that the theory PA of Peano arithmetic includes the eight axioms of Q,
∀𝑥 𝑥 ′ ≠ 0
∀𝑥 ∀𝑦 (𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦)
∀𝑥 (𝑥 = 0 ∨ ∃𝑦 𝑥 = 𝑦 ′ )
∀𝑥 (𝑥 + 0) = 𝑥
∀𝑥 ∀𝑦 (𝑥 + 𝑦 ′ ) = (𝑥 + 𝑦) ′
∀𝑥 (𝑥 × 0) = 0
∀𝑥 ∀𝑦 (𝑥 × 𝑦 ′ ) = ((𝑥 × 𝑦) + 𝑥)
∀𝑥 ∀𝑦 (𝑥 < 𝑦 ↔ ∃𝑧 (𝑧 ′ + 𝑥) = 𝑦)

128
 9.9. Second-order Arithmetic

plus all sentences of the form

(𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥).

The latter is a “schema,” i.e., a pattern that generates infinitely many sentences of
the language of arithmetic, one for each formula 𝜑 (𝑥). We call this schema the (first-
order) axiom schema of induction. In second-order Peano arithmetic PA2 , induction
can be stated as a single sentence. PA2 consists of the first eight axioms above plus
the (second-order) induction axiom:

∀𝑋 (𝑋 (0) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑥 ′ ))) → ∀𝑥 𝑋 (𝑥).

It says that if a subset 𝑋 of the domain contains 0𝔐 and with any 𝑥 ∈ |𝔐| also
contains ′𝔐 (𝑥) (i.e., it is “closed under successor”) it contains everything in the
domain (i.e., 𝑋 = |𝔐|).
The induction axiom guarantees that any structure satisfying it contains only
those elements of |𝔐| the axioms require to be there, i.e., the values of 𝑛 for 𝑛 ∈ N. A
model of PA2 contains no non-standard numbers.

Theorem 9.22. If 𝔐 ⊨ PA2 then |𝔐| = {Val𝔐 (𝑛) | 𝑛 ∈ N}.

Proof. Let 𝑁 = {Val𝔐 (𝑛) | 𝑛 ∈ N}, and suppose 𝔐 ⊨ PA2 . Of course, for any 𝑛 ∈ N,
Val𝔐 (𝑛) ∈ |𝔐|, so 𝑁 ⊆ |𝔐|.
Now for inclusion in the other direction. Consider a variable assignment 𝑠 with
𝑠 (𝑋 ) = 𝑁 . By assumption,

𝔐 ⊨ ∀𝑋 (𝑋 (0) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑥 ′ ))) → ∀𝑥 𝑋 (𝑥), thus

𝔐, 𝑠 ⊨ (𝑋 (0) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑥 ′ ))) → ∀𝑥 𝑋 (𝑥).

Consider the antecedent of this conditional. Val𝔐 (0) ∈ 𝑁 , and so 𝔐, 𝑠 ⊨ 𝑋 (0). The
second conjunct, ∀𝑥 (𝑋 (𝑥) →𝑋 (𝑥 ′ )) is also satisfied. For suppose 𝑥 ∈ 𝑁 . By definition
of 𝑁 , 𝑥 = Val𝔐 (𝑛) for some 𝑛. That gives ′𝔐 (𝑥) = Val𝔐 (𝑛 + 1) ∈ 𝑁 . So, ′𝔐 (𝑥) ∈ 𝑁 .
We have that 𝔐, 𝑠 ⊨ 𝑋 (0) ∧ ∀𝑥 (𝑋 (𝑥) → 𝑋 (𝑥 ′ )). Consequently, 𝔐, 𝑠 ⊨ ∀𝑥 𝑋 (𝑥).
But that means that for every 𝑥 ∈ |𝔐| we have 𝑥 ∈ 𝑠 (𝑋 ) = 𝑁 . So, |𝔐| ⊆ 𝑁 . □

Corollary 9.23. Any two models of PA2 are isomorphic.

Proof. By Theorem 9.22, the domain of any model of PA2 is exhausted by Val𝔐 (𝑛).
Any such model is also a model of Q. By Proposition 8.19, any such model is standard,
i.e., isomorphic to 𝔑. □

Above we defined PA2 as the theory that contains the first eight arithmetical
axioms plus the second-order induction axiom. In fact, thanks to the expressive power
of second-order logic, only the first two of the arithmetical axioms plus induction are
needed for second-order Peano arithmetic.

Proposition 9.24. Let PA2† be the second-order theory containing the first two arith-
metical axioms (the successor axioms) and the second-order induction axiom. Then ≤, +,
and × are definable in PA2† .

129
9. Syntax and Semantics

Proof. To show that ≤ is definable, we have to find a formula 𝜑 ≤ (𝑥, 𝑦) such that
𝔑 ⊨ 𝜑 ≤ (𝑛, 𝑚) iff 𝑛 ≤ 𝑚. Consider the formula

𝜓 (𝑥, 𝑌 ) ≡ 𝑌 (𝑥) ∧ ∀𝑦 (𝑌 (𝑦) → 𝑌 (𝑦 ′ ))

Clearly, 𝜓 (𝑛, 𝑌 ) is satisfied by a set 𝑌 ⊆ N iff {𝑚 | 𝑛 ≤ 𝑚} ⊆ 𝑌 , so we can take

𝜑 ≤ (𝑥, 𝑦) ≡ ∀𝑌 (𝜓 (𝑥, 𝑌 ) → 𝑌 (𝑦)).
To see that addition is definable observe that 𝑘 + 𝑙 = 𝑚 iff there is a function 𝑢
such that 𝑢 (0) = 𝑘, 𝑢 (𝑛 ′ ) = 𝑢 (𝑛) ′ for all 𝑛, and 𝑚 = 𝑢 (𝑙). We can use this equivalence
to define addition in PA2† by the following formula:

𝜑 + (𝑥, 𝑦, 𝑧) ≡ ∃𝑢 (𝑢 (0) = 𝑥 ∧ ∀𝑤 𝑢 (𝑥 ′ ) = 𝑢 (𝑥) ′ ∧ 𝑢 (𝑦) = 𝑧)

It should be clear that 𝔑 ⊨ 𝜑 + (𝑘, 𝑙, 𝑚) iff 𝑘 + 𝑙 = 𝑚. □

Problems
Problem 9.1. Show that in second-order logic ∀ and → can define the other connec-
tives:
1. Prove that in second-order logic 𝜑 ∧𝜓 is equivalent to ∀𝑋 (𝜑 →(𝜓 →∀𝑥 𝑋 (𝑥))→
∀𝑥 𝑋 (𝑥)).
2. Find a second-order formula using only ∀ and → equivalent to 𝜑 ∨ 𝜓 .

Problem 9.2. Show that ∀𝑋 (𝑋 (𝑥) → 𝑋 (𝑦)) (note: → not ↔!) defines Id |𝔐 | .

Problem 9.3. In second-order logic ∀ and → can express the other connectives:

1. Prove that in second-order logic 𝜑 ∧𝜓 is equivalent to ∀𝑋 (𝜑 → (𝜓 →∀𝑥𝑋 (𝑥)) →

∀𝑥𝑋 (𝑥)).
2. Find a second-order formula using only ∀ and → equivalent to 𝜑 ∨ 𝜓 .

Problem 9.4. The sentence Inf ∧ Count is true in all and only countably infinite
domains. Adjust the definition of Count so that it becomes a different sentence that
directly expresses that the domain is countably infinite, and prove that it does.

Problem 9.5. Give an example of a set Γ and a sentence 𝜑 so that Γ ⊨ 𝜑 but for every
finite subset Γ0 ⊆ Γ, Γ0 ⊭ 𝜑.

Problem 9.6. Complete the proof of Proposition 9.24.

130
 Part IV

Intuitionistic Logic

Chapter 10

Introduction

10.1 Constructive Reasoning

In contrast to extensions of classical logic by modal operators or second-order quanti-
fiers, intuitionistic logic is “non-classical” in that it restricts classical logic. Classical
logic is non-constructive in various ways. Intuitionistic logic is intended to capture a
more “constructive” kind of reasoning characteristic of a kind of constructive math-
ematics. The following examples may serve to illustrate some of the underlying
motivations.
Suppose someone claimed that they had determined a natural number 𝑛 with
the property that if 𝑛 is even, the Riemann hypothesis is true, and if 𝑛 is odd, the
Riemann hypothesis is false. Great news! Whether the Riemann hypothesis is true or
not is one of the big open questions of mathematics, and they seem to have reduced
the problem to one of calculation, that is, to the determination of whether a specific
number is even or not.
What is the magic value of 𝑛? They describe it as follows: 𝑛 is the natural number
that is equal to 2 if the Riemann hypothesis is true, and 3 otherwise.
Angrily, you demand your money back. From a classical point of view, the
description above does in fact determine a unique value of 𝑛; but what you really
want is a value of 𝑛 that is given explicitly.
To take another, perhaps less contrived example, consider the following question.
We know that it is possible to raise an irrational number to a rational power, and
√ 2
get a rational result. For example, 2 = 2. What is less clear is whether or not it is
possible to raise an irrational number to an irrational power, and get a rational result.
The following theorem answers this in the affirmative:
Theorem 10.1. There are irrational numbers 𝑎 and 𝑏 such that 𝑎𝑏 is rational.

131
10. Introduction

√ √2 √
Proof. Consider 2 . If this is rational, we are done: we can let 𝑎 = 𝑏 = 2.
Otherwise, it is irrational. Then we have
√ √2 √ √ √2·√2 √ 2
( 2 ) 2= 2 = 2 = 2,
√ √2 √
which is rational. So, in this case, let 𝑎 be 2 , and let 𝑏 be 2. □

Does this constitute a valid proof? Most mathematicians feel that it does. But
again, there is something a little bit unsatisfying here: we have proved the existence
of a pair of real numbers with a certain property, without being able to say which pair
of numbers it is. It is possible to prove√the same result, but in such a way that the
pair 𝑎, 𝑏 is given in the proof: take 𝑎 = 3 and 𝑏 = log3 4. Then
√ log 4
𝑎𝑏 = 3 3 = 31/2·log3 4 = (3log3 4 ) 1/2 = 41/2 = 2,

since 3log3 𝑥 = 𝑥.
Intuitionistic logic is designed to capture a kind of reasoning where moves like
the one in the first proof are disallowed. Proving the existence of an 𝑥 satisfying 𝜑 (𝑥)
means that you have to give a specific 𝑥, and a proof that it satisfies 𝜑, like in the
second proof. Proving that 𝜑 or 𝜓 holds requires that you can prove one or the other.
Formally speaking, intuitionistic logic is what you get if you restrict a derivation
system for classical logic in a certain way. From the mathematical point of view, these
are just formal deductive systems, but, as already noted, they are intended to capture
a kind of mathematical reasoning. One can take this to be the kind of reasoning
that is justified on a certain philosophical view of mathematics (such as Brouwer’s
intuitionism); one can take it to be a kind of mathematical reasoning which is more
“concrete” and satisfying (along the lines of Bishop’s constructivism); and one can
argue about whether or not the formal description captures the informal motivation.
But whatever philosophical positions we may hold, we can study intuitionistic logic
as a formally presented logic; and for whatever reasons, many mathematical logicians
find it interesting to do so.

10.2 Syntax of Intuitionistic Logic

The syntax of intuitionistic logic is the same as that for propositional logic. In classical
propositional logic it is possible to define connectives by others, e.g., one can define
𝜑 → 𝜓 by ¬𝜑 ∨ 𝜓 , or 𝜑 ∨ 𝜓 by ¬(¬𝜑 ∧ ¬𝜓 ). Thus, presentations of classical logic
often introduce some connectives as abbreviations for these definitions. This is not so
in intuitionistic logic, with two exceptions: ¬𝜑 can be—and often is—defined as an
abbreviation for 𝜑 → ⊥. Then, of course, ⊥ must not itself be defined! Also, 𝜑 ↔ 𝜓
can be defined, as in classical logic, as (𝜑 → 𝜓 ) ∧ (𝜓 → 𝜑).
Formulas of propositional intuitionistic logic are built up from propositional vari-
ables and the propositional constant ⊥ using logical connectives. We have:

1. A countably infinite set At0 of propositional variables 𝑝 0 , 𝑝 1 , . . .

2. The propositional constant for falsity ⊥.
3. The logical connectives: ∧ (conjunction), ∨ (disjunction), → (conditional)
4. Punctuation marks: (, ), and the comma.

132
 10.3. The Brouwer-Heyting-Kolmogorov Interpretation

Definition 10.2 (Formula). The set Frm(L0 ) of formulas of propositional intuition-

istic logic is defined inductively as follows:

1. ⊥ is an atomic formula.

2. Every propositional variable 𝑝𝑖 is an atomic formula.

3. If 𝜑 and 𝜓 are formulas, then (𝜑 ∧ 𝜓 ) is a formula.

4. If 𝜑 and 𝜓 are formulas, then (𝜑 ∨ 𝜓 ) is a formula.

5. If 𝜑 and 𝜓 are formulas, then (𝜑 → 𝜓 ) is a formula.

6. Nothing else is a formula.

In addition to the primitive connectives introduced above, we also use the follow-
ing defined symbols: ¬ (negation) and ↔ (biconditional). Formulas constructed using
the defined operators are to be understood as follows:

1. ¬𝜑 abbreviates 𝜑 → ⊥.

2. 𝜑 ↔ 𝜓 abbreviates (𝜑 → 𝜓 ) ∧ (𝜓 → 𝜑).

Although ¬ is officially treated as an abbreviation, we will sometimes give explicit

rules and clauses in definitions for ¬ as if it were primitive. This is mostly so we can
state practice problems.

10.3 The Brouwer-Heyting-Kolmogorov Interpretation

There is an informal constructive interpretation of the intuitionist connectives, usually
known as the Brouwer-Heyting-Kolmogorov interpretation. It uses the notion of a
“construction,” which you may think of as a constructive proof. (We don’t use “proof”
in the BHK interpretation so as not to get confused with the notion of a derivation in
a formal derivation system.) Based on this intuitive notion, the BHK interpretation
explains the meanings of the intuitionistic connectives.

1. We assume that we know what constitutes a construction of an atomic state-

ment.

2. A construction of 𝜑 1 ∧ 𝜑 2 is a pair ⟨𝑀1, 𝑀2 ⟩ where 𝑀1 is a construction of 𝜑 1

and 𝑀2 is a construction of 𝜑 2 .

3. A construction of 𝜑 1 ∨ 𝜑 2 is a pair ⟨𝑠, 𝑀⟩ where 𝑠 is 1 and 𝑀 is a construction

of 𝜑 1 , or 𝑠 is 2 and 𝑀 is a construction of 𝜑 2 .

4. A construction of 𝜑 → 𝜓 is a function that converts a construction of 𝜑 into a

construction of 𝜓 .

5. There is no construction for ⊥ (absurdity).

6. ¬𝜑 is defined as synonym for 𝜑 → ⊥. That is, a construction of ¬𝜑 is a function

converting a construction of 𝜑 into a construction of ⊥.

133
10. Introduction

Example 10.3. Take ¬⊥ for example. A construction of it is a function which, given

any construction of ⊥ as input, provides a construction of ⊥ as output. Obviously, the
identity function Id is such a construction: given a construction 𝑀 of ⊥, Id(𝑀) = 𝑀
yields a construction of ⊥.

Generally speaking, ¬𝜑 means “A construction of 𝜑 is impossible”.

Example 10.4. Let us prove 𝜑 → ¬¬𝜑 for any proposition 𝜑, which is 𝜑 → ((𝜑 →
⊥) → ⊥). The construction should be a function 𝑓 that, given a construction 𝑀
of 𝜑, returns a construction 𝑓 (𝑀) of (𝜑 → ⊥) → ⊥. Here is how 𝑓 constructs the
construction of (𝜑 → ⊥) → ⊥: We have to define a function 𝑔 which, when given a
construction ℎ of 𝜑 → ⊥ as input, outputs a construction of ⊥. We can define 𝑔 as
follows: apply the input ℎ to the construction 𝑀 of 𝜑 (that we received earlier). Since
the output ℎ(𝑀) of ℎ is a construction of ⊥, 𝑓 (𝑀) (ℎ) = ℎ(𝑀) is a construction of ⊥
if 𝑀 is a construction of 𝜑.

Example 10.5. Let us give a construction for ¬(𝜑 ∧ ¬𝜑), i.e., (𝜑 ∧ (𝜑 → ⊥)) → ⊥.
This is a function 𝑓 which, given as input a construction 𝑀 of 𝜑 ∧ (𝜑 → ⊥), yields a
construction of ⊥. A construction of a conjunction 𝜓 1 ∧ 𝜓 2 is a pair ⟨𝑁 1, 𝑁 2 ⟩ where
𝑁 1 is a construction of 𝜓 1 and 𝑁 2 is a construction of 𝜓 2 . We can define functions 𝑝 1
and 𝑝 2 which recover from a construction of 𝜓 1 ∧ 𝜓 2 the constructions of 𝜓 1 and 𝜓 2 ,
respectively:
𝑝 1 (⟨𝑁 1, 𝑁 2 ⟩) = 𝑁 1
𝑝 2 (⟨𝑁 1, 𝑁 2 ⟩) = 𝑁 2
Here is what 𝑓 does: First it applies 𝑝 1 to its input 𝑀. That yields a construction of 𝜑.
Then it applies 𝑝 2 to 𝑀, yielding a construction of 𝜑 → ⊥. Such a construction, in turn,
is a function 𝑝 2 (𝑀) which, if given as input a construction of 𝜑, yields a construction
of ⊥. In other words, if we apply 𝑝 2 (𝑀) to 𝑝 1 (𝑀), we get a construction of ⊥. Thus,
we can define 𝑓 (𝑀) = 𝑝 2 (𝑀) (𝑝 1 (𝑀)).

Example 10.6. Let us give a construction of ((𝜑 ∧ 𝜓 ) → 𝜒) → (𝜑 → (𝜓 → 𝜒)), i.e.,

a function 𝑓 which turns a construction 𝑔 of (𝜑 ∧ 𝜓 ) → 𝜒 into a construction of
(𝜑 → (𝜓 → 𝜒)). The construction 𝑔 is itself a function (from constructions of 𝜑 ∧ 𝜓
to constructions of 𝐶). And the output 𝑓 (𝑔) is a function ℎ𝑔 from constructions of 𝜑
to functions from constructions of 𝜓 to constructions of 𝜒.
Ok, this is confusing. We have to construct a certain function ℎ𝑔 , which will be
the output of 𝑓 for input 𝑔. The input of ℎ𝑔 is a construction 𝑀 of 𝜑. The output of
ℎ𝑔 (𝑀) should be a function 𝑘𝑀 from constructions 𝑁 of 𝜓 to constructions of 𝜒. Let
𝑘𝑔,𝑀 (𝑁 ) = 𝑔(⟨𝑀, 𝑁 ⟩). Remember that ⟨𝑀, 𝑁 ⟩ is a construction of 𝜑 ∧ 𝜓 . So 𝑘𝑔,𝑀 is
a construction of 𝜓 → 𝜒: it maps constructions 𝑁 of 𝜓 to constructions of 𝜒. Now
let ℎ𝑔 (𝑀) = 𝑘𝑔,𝑀 . That’s a function that maps constructions 𝑀 of 𝜑 to constructions
𝑘𝑔,𝑀 of 𝜓 → 𝜒. Now let 𝑓 (𝑔) = ℎ𝑔 . That’s a function that maps constructions 𝑔 of
(𝜑 ∧ 𝜓 ) → 𝜒 to constructions of 𝜑 → (𝜓 → 𝜒). Whew!

The statement 𝜑 ∨ ¬𝜑 is called the Law of Excluded Middle. We can prove it for
some specific 𝜑 (e.g., ⊥ ∨ ¬⊥), but not in general. This is because the intuitionistic
disjunction requires a construction of one of the disjuncts, but there are statements
which currently can neither be proved nor refuted (say, Goldbach’s conjecture).
However, you can’t refute the law of excluded middle either: that is, ¬¬(𝜑 ∨ ¬𝜑)
holds.

134
 10.4. Natural Deduction

Example 10.7. To prove ¬¬(𝜑 ∨ ¬𝜑), we need a function 𝑓 that transforms a con-
struction of ¬(𝜑 ∨ ¬𝜑), i.e., of (𝜑 ∨ (𝜑 → ⊥)) → ⊥, into a construction of ⊥. In other
words, we need a function 𝑓 such that 𝑓 (𝑔) is a construction of ⊥ if 𝑔 is a construction
of ¬(𝜑 ∨ ¬𝜑).
Suppose 𝑔 is a construction of ¬(𝜑 ∨ ¬𝜑), i.e., a function that transforms a con-
struction of 𝜑 ∨ ¬𝜑 into a construction of ⊥. A construction of 𝜑 ∨ ¬𝜑 is a pair ⟨𝑠, 𝑀⟩
where either 𝑠 = 1 and 𝑀 is a construction of 𝜑, or 𝑠 = 2 and 𝑀 is a construction
of ¬𝜑. Let ℎ 1 be the function mapping a construction 𝑀1 of 𝜑 to a construction of
𝜑 ∨ ¬𝜑: it maps 𝑀1 to ⟨1, 𝑀2 ⟩. And let ℎ 2 be the function mapping a construction 𝑀2
of ¬𝜑 to a construction of 𝜑 ∨ ¬𝜑: it maps 𝑀2 to ⟨2, 𝑀2 ⟩.
Let 𝑘 be 𝑔 ◦ ℎ 1 : it is a function which, if given a construction of 𝜑, returns a
construction of ⊥, i.e., it is a construction of 𝜑 → ⊥ or ¬𝜑. Now let 𝑙 be 𝑔 ◦ ℎ 2 . It is a
function which, given a construction of ¬𝜑, provides a construction of ⊥. Since 𝑘 is a
construction of ¬𝜑, 𝑙 (𝑘) is a construction of ⊥.
Together, what we’ve done is describe how we can turn a construction 𝑔 of
¬(𝜑 ∨ ¬𝜑) into a construction of ⊥, i.e., the function 𝑓 mapping a construction 𝑔 of
¬(𝜑 ∨ ¬𝜑) to the construction 𝑙 (𝑘) of ⊥ is a construction of ¬¬(𝜑 ∨ ¬𝜑).

As you can see, using the BHK interpretation to show the intuitionistic validity
of formulas quickly becomes cumbersome and confusing. Luckily, there are better
derivation systems for intuitionistic logic, and more precise semantic interpreta-
tions.

10.4 Natural Deduction

Natural deduction without the RAA rules is a standard derivation system for intu-
itionistic logic. We repeat the rules here and indicate the motivation using the BHK
interpretation. In each case, we can think of a rule which allows us to conclude that
if the premises have constructions, so does the conclusion.
Since natural deduction derivations have undischarged assumptions, we should
consider such a derivation, say, of 𝜑 from undischarged assumptions Γ, as a function
that turns constructions of all 𝜓 ∈ Γ into a construction of 𝜑. If there is a derivation
of 𝜑 from no undischarged assumptions, then there is a construction of 𝜑 in the sense
of the BHK interpretation. For the purpose of the discussion, however, we’ll suppress
the Γ when not needed.
An assumption 𝜑 by itself is a derivation of 𝜑 from the undischarged assumption 𝜑.
This agrees with the BHK-interpretation: the identity function on constructions turns
any construction of 𝜑 into a construction of 𝜑.

Conjunction

𝜑 ∧𝜓
𝜑 ∧E
𝜑 𝜓
∧I
𝜑 ∧𝜓 𝜑 ∧𝜓
∧E
𝜓

135
10. Introduction

Suppose we have constructions 𝑁 1 , 𝑁 2 of 𝜑 1 and 𝜑 2 , respectively. Then we also have a

construction 𝜑 1 ∧ 𝜑 2 , namely the pair ⟨𝑁 1, 𝑁 2 ⟩.
A construction of 𝜑 1 ∧ 𝜑 1 on the BHK interpretation is a pair ⟨𝑁 1, 𝑁 2 ⟩. So assume
we have such a pair. Then we also have a construction of each conjunct: 𝑁 1 is a
construction of 𝜑 1 and 𝑁 2 is a construction of 𝜑 2 .

Conditional

[𝜑]𝑢

𝜑 →𝜓 𝜑
→E
𝜓
𝜓
→I𝑢
𝜑 →𝜓

If we have a derivation of 𝜓 from undischarged assumption 𝜑, then there is a func-

tion 𝑓 that turns constructions of 𝜑 into constructions of 𝜓 . That same function is a
construction of 𝜑 → 𝜓 . So, if the premise of →I has a construction conditional on a
construction of 𝜑, the conclusion 𝜑 → 𝜓 has a construction.
On the other hand, suppose there are constructions 𝑁 of 𝜑 and 𝑓 of 𝜑 → 𝜓 . A
construction of 𝜑 → 𝜓 is a function that turns constructions of 𝜑 into constructions
of 𝜓 . So, 𝑓 (𝑁 ) is a construction of 𝜓 , i.e., the conclusion of →E has a construction.

Disjunction

𝜑 [𝜑] 𝑛 [𝜓 ] 𝑛
∨I
𝜑 ∨𝜓
𝜓
∨I 𝜑 ∨𝜓 𝜒 𝜒
𝜑 ∨𝜓 ∨E𝑛
𝜒

If we have a construction 𝑁𝑖 of 𝜑𝑖 we can turn it into a construction ⟨𝑖, 𝑁𝑖 ⟩ of 𝜑 1 ∨ 𝜑 2 .

On the other hand, suppose we have a construction of 𝜑 1 ∨ 𝜑 2 , i.e., a pair ⟨𝑖, 𝑁𝑖 ⟩
where 𝑁𝑖 is a construction of 𝜑𝑖 , and also functions 𝑓1 , 𝑓2 , which turn constructions
of 𝜑 1 , 𝜑 2 , respectively, into constructions of 𝜒. Then 𝑓𝑖 (𝑁𝑖 ) is a construction of 𝜒, the
conclusion of ∨E.

Absurdity

⊥
𝜑 ⊥E

If we have a derivation of ⊥ from undischarged assumptions 𝜓 1 , . . . , 𝜓𝑛 , then there

is a function 𝑓 (𝑀1, . . . , 𝑀𝑛 ) that turns constructions of 𝜓 1 , . . . , 𝜓𝑛 into a construction

136
 10.4. Natural Deduction

of ⊥. Since ⊥ has no construction, there cannot be any constructions of all of 𝜓 1 , . . . ,

𝜓𝑛 either. Hence, 𝑓 also has the property that if 𝑀1 , . . . , 𝑀𝑛 are constructions of 𝜓 1 ,
. . . , 𝜓𝑛 , respectively, then 𝑓 (𝑀1, . . . , 𝑀𝑛 ) is a construction of 𝜑.

Rules for ¬
Since ¬𝜑 is defined as 𝜑 → ⊥, we strictly speaking do not need rules for ¬. But if we
did, this is what they’d look like:

[𝜑] 𝑛
¬𝜑 𝜑
⊥ ¬E
⊥
¬𝜑 ¬I𝑛

Examples of Derivations
1. ⊢ 𝜑 → (¬𝜑 → ⊥), i.e., ⊢ 𝜑 → ((𝜑 → ⊥) → ⊥)

[𝜑] 2 [𝜑 → ⊥] 1
⊥ →E
→I1
(𝜑 → ⊥) → ⊥
→I2
𝜑 → (𝜑 → ⊥) → ⊥

2. ⊢ ((𝜑 ∧ 𝜓 ) → 𝜒) → (𝜑 → (𝜓 → 𝜒))

[𝜑] 2 [𝜓 ] 1
∧I
[(𝜑 ∧ 𝜓 ) → 𝜒] 3 𝜑 ∧𝜓
𝜒 →E
→I1
𝜓→𝜒
→I2
𝜑 → (𝜓 → 𝜒)
→I3
((𝜑 ∧ 𝜓 ) → 𝜒) → (𝜑 → (𝜓 → 𝜒))

3. ⊢ ¬(𝜑 ∧ ¬𝜑), i.e., ⊢ (𝜑 ∧ (𝜑 → ⊥)) → ⊥

[𝜑 ∧ (𝜑 → ⊥)] 1 [𝜑 ∧ (𝜑 → ⊥)] 1
𝜑 →⊥ ∧E 𝜑 ∧E
⊥ →E
→I1
(𝜑 ∧ (𝜑 → ⊥)) → ⊥

4. ⊢ ¬¬(𝜑 ∨ ¬𝜑), i.e., ⊢ ((𝜑 ∨ (𝜑 → ⊥)) → ⊥) → ⊥

[𝜑] 1
∨I
[(𝜑 ∨ (𝜑 → ⊥)) → ⊥] 2
𝜑 ∨ (𝜑 → ⊥)
⊥ →E
→I1
𝜑 →⊥
∨I
[(𝜑 ∨ (𝜑 → ⊥)) → ⊥] 2 𝜑 ∨ (𝜑 → ⊥)
⊥ →E
→I2
((𝜑 ∨ (𝜑 → ⊥)) → ⊥) → ⊥

137
10. Introduction

Proposition 10.8. If Γ ⊢ 𝜑 in intuitionistic logic, Γ ⊢ 𝜑 in classical logic. In particular,

if 𝜑 is an intuitionistic theorem, it is also a classical theorem.

Proof. Every natural deduction rule is also a rule in classical natural deduction, so
every derivation in intuitionistic logic is also a derivation in classical logic. □

Problems
Problem 10.1. Give derivations in intuitionistic logic of the following formulas:

1. (¬𝜑 ∨ 𝜓 ) → (𝜑 → 𝜓 )
2. ¬¬¬𝜑 → ¬𝜑
3. ¬¬(𝜑 ∧ 𝜓 ) ↔ (¬¬𝜑 ∧ ¬¬𝜓 )
4. ¬(𝜑 ∨ 𝜓 ) ↔ (¬𝜑 ∧ ¬𝜓 )
5. (¬𝜑 ∨ ¬𝜓 ) → ¬(𝜑 ∧ 𝜓 )
6. ¬¬(𝜑 ∧ 𝜓 ) → (¬¬𝜑 ∨ ¬¬𝜓 )

Problem 10.2. Let 𝜑 ¬¬ be the double negation translation of 𝜑 in which ¬¬ is placed

in front of each subformula of 𝜑. Show that a formula 𝜑 is provable in classical
propositional logic iff the double negation translation of it is provable in intutionistic
propositional logic.

138
Chapter 11

Semantics

11.1 Introduction
No logic is satisfactorily described without a semantics, and intuitionistic logic is no
exception. Whereas for classical logic, the semantics based on valuations is canonical,
there are several competing semantics for intuitionistic logic. None of them are
completely satisfactory in the sense that they give an intuitionistically acceptable
account of the meanings of the connectives.
The semantics based on relational models, similar to the semantics for modal
logics, is perhaps the most popular one. In this semantics, propositional variables
are assigned to worlds, and these worlds are related by an accessibility relation. That
relation is always a partial order, i.e., it is reflexive, antisymmetric, and transitive.
Intuitively, you might think of these worlds as states of knowledge or “evidentiary
situations.” A state 𝑤 ′ is accessible from 𝑤 iff, for all we know, 𝑤 ′ is a possible (future)
state of knowledge, i.e., one that is compatible with what’s known at 𝑤. Once a
proposition is known, it can’t become un-known, i.e., whenever 𝜑 is known at 𝑤
and 𝑅𝑤𝑤 ′ , 𝜑 is known at 𝑤 ′ as well. So “knowledge” is monotonic with respect to
the accessibility relation.
If we define “𝜑 is known” as in epistemic logic as “true in all epistemic alternatives,”
then 𝜑 ∧𝜓 is known at 𝑤 if in all epistemic alternatives, both 𝜑 and 𝜓 are known. But
since knowledge is monotonic and 𝑅 is reflexive, that means that 𝜑 ∧𝜓 is known at 𝑤
iff 𝜑 and 𝜓 are known at 𝑤. For the same reason, 𝜑 ∨ 𝜓 is known at 𝑤 iff at least one
of them is known. So for ∧ and ∨, the truth conditions of the connectives coincide
with those in classical logic.
The truth conditions for the conditional, however, differ from classical logic. 𝜑 →𝜓
is known at 𝑤 iff at no 𝑤 ′ with 𝑅𝑤𝑤 ′ , 𝜑 is known without 𝜓 also being known. This
is not the same as the condition that 𝜑 is unknown or 𝜓 is known at 𝑤. For if we
know neither 𝜑 nor 𝜓 at 𝑤, there might be a future epistemic state 𝑤 ′ with 𝑅𝑤𝑤 ′
such that at 𝑤 ′ , 𝜑 is known without also coming to know 𝜓 .
We know ¬𝜑 only if there is no possible future epistemic state in which we know 𝜑.
Here the idea is that if 𝜑 were knowable, then in some possible future epistemic state 𝜑
becomes known. Since we can’t know ⊥, in that future epistemic state, we would
know 𝜑 but not know ⊥.
On this interpretation the principle of excluded middle fails. For there are some 𝜑
which we don’t yet know, but which we might come to know. For such a formula 𝜑,
both 𝜑 and ¬𝜑 are unknown, so 𝜑 ∨ ¬𝜑 is not known. But we do know, e.g., that

139
11. Semantics

¬(𝜑 ∧ ¬𝜑). For no future state in which we know both 𝜑 and ¬𝜑 is possible, and we
know this independently of whether or not we know 𝜑 or ¬𝜑.
Relational models are not the only available semantics for intuitionistic logic. The
topological semantics is another: here propositions are interpreted as open sets in
a topological space, and the connectives are interpreted as operations on these sets
(e.g., ∧ corresponds to intersection).

11.2 Relational models

In order to give a precise semantics for intuitionistic propositional logic, we have to
give a definition of what counts as a model relative to which we can evaluate formulas.
On the basis of such a definition it is then also possible to define semantics notions
such as validity and entailment. One such semantics is given by relational models.

Definition 11.1. A relational model for intuitionistic propositional logic is a triple

𝔐 = ⟨𝑊 , 𝑅, 𝑉 ⟩, where

1. 𝑊 is a non-empty set,

2. 𝑅 is a partial order (i.e., a reflexive, antisymmetric, and transitive binary relation)

on 𝑊 , and

3. 𝑉 is a function assigning to each propositional variable 𝑝 a subset of 𝑊 , such

that

4. 𝑉 is monotone with respect to 𝑅, i.e., if 𝑤 ∈ 𝑉 (𝑝) and 𝑅𝑤𝑤 ′ , then 𝑤 ′ ∈ 𝑉 (𝑝).

Definition 11.2. We define the notion of 𝜑 being true at 𝑤 in 𝔐, 𝔐, 𝑤 ⊩ 𝜑, induc-

tively as follows:

1. 𝜑 ≡ 𝑝: 𝔐, 𝑤 ⊩ 𝜑 iff 𝑤 ∈ 𝑉 (𝑝).

2. 𝜑 ≡ ⊥: not 𝔐, 𝑤 ⊩ 𝜑.

3. 𝜑 ≡ ¬𝜓 : 𝔐, 𝑤 ⊩ 𝜑 iff for no 𝑤 ′ such that 𝑅𝑤𝑤 ′ , 𝔐, 𝑤 ′ ⊩ 𝜓 .

4. 𝜑 ≡ 𝜓 ∧ 𝜒: 𝔐, 𝑤 ⊩ 𝜑 iff 𝔐, 𝑤 ⊩ 𝜓 and 𝔐, 𝑤 ⊩ 𝜒.

5. 𝜑 ≡ 𝜓 ∨ 𝜒: 𝔐, 𝑤 ⊩ 𝜑 iff 𝔐, 𝑤 ⊩ 𝜓 or 𝔐, 𝑤 ⊩ 𝜒 (or both).

6. 𝜑 ≡ 𝜓 → 𝜒: 𝔐, 𝑤 ⊩ 𝜑 iff for every 𝑤 ′ such that 𝑅𝑤𝑤 ′ , not 𝔐, 𝑤 ′ ⊩ 𝜓 or

𝔐, 𝑤 ′ ⊩ 𝜒 (or both).

We write 𝔐, 𝑤 ⊮ 𝜑 if not 𝔐, 𝑤 ⊩ 𝜑. If Γ is a set of formulas, 𝔐, 𝑤 ⊩ Γ means

𝔐, 𝑤 ⊩ 𝜓 for all 𝜓 ∈ Γ.

Proposition 11.3. Truth at worlds is monotonic with respect to 𝑅, i.e., if 𝔐, 𝑤 ⊩ 𝜑 and

𝑅𝑤𝑤 ′ , then 𝔐, 𝑤 ′ ⊩ 𝜑.

Proof. Exercise. □

140
 11.3. Semantic Notions

11.3 Semantic Notions

Definition 11.4. We say 𝜑 is true in the model 𝔐 = ⟨𝑊 , 𝑅, 𝑉 ⟩, 𝔐 ⊩ 𝜑, iff 𝔐, 𝑤 ⊩ 𝜑
for all 𝑤 ∈ 𝑊 . 𝜑 is valid, ⊨ 𝜑, iff it is true in all models. We say a set of formulas Γ
entails 𝜑, Γ ⊨ 𝜑, iff for every model 𝔐 and every 𝑤 such that 𝔐, 𝑤 ⊩ Γ, 𝔐, 𝑤 ⊩ 𝜑.

Proposition 11.5. 1. If 𝔐, 𝑤 ⊩ Γ and Γ ⊨ 𝜑, then 𝔐, 𝑤 ⊩ 𝜑.

2. If 𝔐 ⊩ Γ and Γ ⊨ 𝜑, then 𝔐 ⊩ 𝜑.

Proof. 1. Suppose 𝔐 ⊩ Γ. Since Γ ⊨ 𝜑, we know that if 𝔐, 𝑤 ⊩ Γ, then 𝔐, 𝑤 ⊩ 𝜑.

Since 𝔐, 𝑢 ⊩ Γ for all every 𝑢 ∈ 𝑊 , 𝔐, 𝑤 ⊩ Γ. Hence 𝔐, 𝑤 ⊩ 𝜑.
2. Follows immediately from (1). □

Definition 11.6. Suppose 𝔐 is a relational model and 𝑤 ∈ 𝑊 . The restriction 𝔐𝑤 =

⟨𝑊𝑤 , 𝑅𝑤 , 𝑉𝑤 ⟩ of 𝔐 to 𝑤 is given by:

𝑊𝑤 = {𝑢 ∈ 𝑊 | 𝑅𝑤𝑢},
𝑅𝑤 = 𝑅 ∩ (𝑊𝑤 ) 2, and
𝑉𝑤 (𝑝) = 𝑉 (𝑝) ∩ 𝑊𝑤 .

Proposition 11.7. 𝔐, 𝑤 ⊩ 𝜑 iff 𝔐𝑤 ⊩ 𝜑.

Proposition 11.8. Suppose for every model 𝔐 such that 𝔐 ⊩ Γ, 𝔐 ⊩ 𝜑. Then Γ ⊨ 𝜑.

Proof. Suppose that 𝔐, 𝑤 ⊩ Γ. By the Proposition 11.7 applied to every 𝜓 ∈ Γ, we

have 𝔐𝑤 ⊩ Γ. By the assumption, we have 𝔐𝑤 ⊩ 𝜑. By Proposition 11.7 again, we
get 𝔐, 𝑤 ⊩ 𝜑. □

Problems
Problem 11.1. Show that according to Definition 11.2, 𝔐, 𝑤 ⊩ ¬𝜑 iff 𝔐, 𝑤 ⊩ 𝜑 → ⊥.

Problem 11.2. Prove Proposition 11.3.

Problem 11.3. Prove Proposition 11.7.

141
Chapter 12

Soundness and Completeness

12.1 Soundness of Natural Deduction

We will now prove soundness of natural deduction with regards to the relational
semantics, that is, showing that if a formula is derivable from a set of assumptions
then the set of assumptions entails the formula.

Theorem 12.1 (Soundness). If Γ ⊢ 𝜑, then Γ ⊨ 𝜑.

Proof. We prove that if Γ ⊢ 𝜑, then Γ ⊨ 𝜑. The proof is by induction on the derivation

of 𝜑 from Γ.

1. If the derivation consists of just the assumption 𝜑, we have 𝜑 ⊢ 𝜑, and want to

show that 𝜑 ⊨ 𝜑. Suppose that 𝔐, 𝑤 ⊩ 𝜑. Then trivially 𝔐, 𝑤 ⊩ 𝜑.

2. The derivation ends in ∧I: The derivations of the premises 𝜓 from undischarged
assumptions Γ and of 𝜒 from undischarged assumptions Δ show that Γ ⊢ 𝜓 and
Δ ⊢ 𝜒. By induction hypothesis we have that Γ ⊨ 𝜓 and Δ ⊨ 𝜒. We have to show
that Γ ∪ Δ ⊨ 𝜑 ∧ 𝜓 , since the undischarged assumptions of the entire derivation
are Γ together with Δ. So suppose 𝔐, 𝑤 ⊩ Γ ∪ Δ. Then also 𝔐, 𝑤 ⊩ Γ. Since
Γ ⊨ 𝜓 , 𝔐, 𝑤 ⊩ 𝜓 . Similarly, 𝔐, 𝑤 ⊩ 𝜒. So 𝔐, 𝑤 ⊩ 𝜓 ∧ 𝜒.

3. The derivation ends in ∧E: The derivation of the premise 𝜓 ∧ 𝜒 from undis-
charged assumptions Γ shows that Γ ⊢ 𝜓 ∧ 𝜒. By induction hypothesis, Γ ⊨ 𝜓 ∧ 𝜒.
We have to show that Γ ⊨ 𝜓 . So suppose 𝔐, 𝑤 ⊩ Γ. Since Γ ⊨ 𝜓 ∧𝜒, 𝔐, 𝑤 ⊩ 𝜓 ∧𝜒.
Then also 𝔐, 𝑤 ⊩ 𝜓 . Similarly if ∧E ends in 𝜒, then Γ ⊨ 𝜒.

4. The derivation ends in ∨I: Suppose the premise is 𝜓 , and the undischarged
assumptions of the derivation ending in 𝜓 are Γ. Then we have Γ ⊢ 𝜓 and
by inductive hypothesis, Γ ⊨ 𝜓 . We have to show that Γ ⊨ 𝜓 ∨ 𝜒. Suppose
𝔐, 𝑤 ⊩ Γ. Since Γ ⊨ 𝜓 , 𝔐, 𝑤 ⊩ 𝜓 . But then also 𝔐, 𝑤 ⊩ 𝜓 ∨ 𝜒. Similarly, if the
premise is 𝜒, we have that Γ ⊨ 𝜒.

5. The derivation ends in ∨E: The derivations ending in the premises are of 𝜓 ∨ 𝜒
from undischarged assumptions Γ, of 𝜃 from undischarged assumptions Δ1 ∪{𝜓 },
and of 𝜃 from undischarged assumptions Δ2 ∪ {𝜒 }. So we have Γ ⊢ 𝜓 ∨ 𝜒,
Δ1 ∪ {𝜓 } ⊢ 𝜃 , and Δ2 ∪ {𝜒 } ⊢ 𝜃 . By induction hypothesis, Γ ⊨ 𝜓 ∨ 𝜒, Δ1 ∪ {𝜓 } ⊨ 𝜃 ,
and Δ2 ∪ {𝜒 } ⊨ 𝜃 . We have to prove that Γ ∪ Δ1 ∪ Δ2 ⊨ 𝜃 .

143
12. Soundness and Completeness

Suppose 𝔐, 𝑤 ⊩ Γ ∪ Δ1 ∪ Δ2 . Then 𝔐, 𝑤 ⊩ Γ and since Γ ⊨ 𝜓 ∨ 𝜒, 𝔐, 𝑤 ⊩ 𝜓 ∨ 𝜒.

By definition of 𝔐 ⊩, either 𝔐, 𝑤 ⊩ 𝜓 or 𝔐, 𝑤 ⊩ 𝜒. So we distinguish cases:
(a) 𝔐 ⊩ 𝜓 [w]. Then 𝔐, 𝑤 ⊩ Δ1 ∪ {𝜓 }. Since Δ1 ∪ 𝜓 ⊨ 𝜃 , we have 𝔐, 𝑤 ⊩ 𝜃 .
(b) 𝔐, 𝑤 ⊩ 𝜒. Then 𝔐, 𝑤 ⊩ Δ2 ∪ {𝜒 }. Since Δ2 ∪ 𝜒 ⊨ 𝜃 , we have 𝔐, 𝑤 ⊩ 𝜃 . So
in either case, 𝔐, 𝑤 ⊩ 𝜃 , as we wanted to show.
6. The derivation ends with →I concluding 𝜓 → 𝜒. Then the premise is 𝜒, and the
derivation ending in the premise has undischarged assumptions Γ ∪ {𝜓 }. So
we have that Γ ∪ {𝜓 } ⊢ 𝜒, and by induction hypothesis that Γ ∪ {𝜓 } ⊨ 𝜒. We
have to show that Γ ⊨ 𝜓 → 𝜒.
Suppose 𝔐, 𝑤 ⊩ Γ. We want to show that for all 𝑤 ′ such that 𝑅𝑤𝑤 ′ , if 𝔐, 𝑤 ′ ⊩
𝜓 , then 𝔐, 𝑤 ′ ⊩ 𝜒. So assume that 𝑅𝑤𝑤 ′ and 𝔐, 𝑤 ′ ⊩ 𝜓 . By Proposition 11.3,
𝔐, 𝑤 ′ ⊩ Γ. Since Γ ∪ {𝜓 } ⊨ 𝜒, 𝔐, 𝑤 ′ ⊩ 𝜒, which is what we wanted to show.
7. The derivation ends in →E and conclusion 𝜒. The premises are 𝜓 → 𝜒 and 𝜓 ,
with derivations from undischarged assumptions Γ, Δ. So we have Γ ⊢ 𝜓 → 𝜒
and Δ ⊢ 𝜓 . By inductive hypothesis, Γ ⊨ 𝜓 → 𝜒 and Δ ⊨ 𝜓 . We have to show
that Γ ∪ Δ ⊨ 𝜒.
Suppose 𝔐, 𝑤 ⊩ Γ ∪ Δ. Since 𝔐, 𝑤 ⊩ Γ and Γ ⊨ 𝜓 → 𝜒, 𝔐, 𝑤 ⊩ 𝜓 → 𝜒.
By definition, this means that for all 𝑤 ′ such that 𝑅𝑤𝑤 ′ , if 𝔐, 𝑤 ′ ⊩ 𝜓 then
𝔐, 𝑤 ′ ⊩ 𝜒. Since 𝑅 is reflexive, 𝑤 is among the 𝑤 ′ such that 𝑅𝑤𝑤 ′ , i.e., we
have that if 𝔐, 𝑤 ⊩ 𝜓 then 𝔐, 𝑤 ⊩ 𝜒. Since 𝔐, 𝑤 ⊩ Δ and Δ ⊨ 𝜓 , 𝔐, 𝑤 ⊩ 𝜓 .
So, 𝔐, 𝑤 ⊩ 𝜒, as we wanted to show.
8. The derivation ends in ⊥E, concluding 𝜑. The premise is ⊥ and the undischarged
assumptions of the derivation of the premise are Γ. Then Γ ⊢ ⊥. By inductive
hypothesis, Γ ⊨ ⊥. We have to show Γ ⊨ 𝜑.
We proceed indirectly. If Γ ⊭ 𝜑 there is a model 𝔐 and world 𝑤 such that
𝔐, 𝑤 ⊩ Γ and 𝔐, 𝑤 ⊮ 𝜑. Since Γ ⊨ ⊥, 𝔐, 𝑤 ⊩ ⊥. But that’s impossible, since
by definition, 𝔐, 𝑤 ⊮ ⊥. So Γ ⊨ 𝜑.
9. The derivation ends in ¬I: Exercise.
10. The derivation ends in ¬E: Exercise. □

12.2 Lindenbaum’s Lemma

The completeness theorem for intuitionistic logic is proved by assuming Γ ⊬ 𝜑 and
constructing a model 𝔐 ⊩ Γ and 𝔐 ⊮ 𝜑.
In classical logic the relation of derivability can be reduced to the notion of
consistency since a formula 𝜑 is derivable from a set of formulas iff the set together
with the negation of 𝜑 is inconsistent. This is not possible in intuitionistic logic. In
intuitionistic logic, if ¬𝜑 is inconsistent, we only get that ⊢ ¬¬𝜑. Since ¬¬𝜑 → 𝜑
does not hold intuitionistically in general, we cannot conclude that ⊢ 𝜑.
Thus, when constructing the model 𝔐, we will need to keep track of the non-
derivability of the formula 𝜑 and thus we will not be able to use a complete set Γ ∗ ⊇ Γ
to build the model 𝔐, as in every complete set Γ ∗ , we have Γ ∗ ⊢ 𝜑 ∨ ¬𝜑.
Instead of using a complete set Γ ∗ , we will us the notion of a prime set of formulas:
Definition 12.2. A set of formulas Γ is prime iff

144
 12.2. Lindenbaum’s Lemma

1. Γ is consistent, i.e., Γ ⊬ ⊥;
2. if Γ ⊢ 𝜑 then 𝜑 ∈ Γ; and
3. if 𝜑 ∨ 𝜓 ∈ Γ then 𝜑 ∈ Γ or 𝜓 ∈ Γ.

Lemma 12.3 (Lindenbaum’s Lemma). If Γ ⊬ 𝜑, there is a Γ ∗ ⊇ Γ such that Γ ∗ is

prime and Γ ∗ ⊬ 𝜑.

Proof. Let 𝜓 1 ∨ 𝜒1 , 𝜓 2 ∨ 𝜒 2 , . . . , be an enumeration of all formulas of the form 𝜓 ∨ 𝜒.

We’ll define an increasing sequence of sets of formulas Γ𝑛 , where each Γ𝑛+1 is defined
as Γ𝑛 together with one new formula. Γ ∗ will be the union of all Γ𝑛 . The new formulas
are selected so as to ensure that Γ ∗ is prime and still Γ ∗ ⊬ 𝜑. This means that at each
step we should find the first disjunction 𝜓𝑖 ∨ 𝜒𝑖 such that:
1. Γ𝑛 ⊢ 𝜓𝑖 ∨ 𝜒𝑖
2. 𝜓𝑖 ∉ Γ𝑛 and 𝜒𝑖 ∉ Γ𝑛
We add to Γ𝑛 either 𝜓𝑖 if Γ𝑛 ∪ {𝜓𝑖 } ⊬ 𝜑, or 𝜒𝑖 otherwise. We’ll have to show that this
works. For now, let’s define 𝑖 (𝑛) as the least 𝑖 such that (1) and (2) hold.
Define Γ0 = Γ and
(
Γ𝑛 ∪ {𝜓𝑖 (𝑛) } if Γ𝑛 ∪ {𝜓𝑖 (𝑛) } ⊬ 𝜑
Γ𝑛+1 =
Γ𝑛 ∪ {𝜒𝑖 (𝑛) } otherwise

If 𝑖 (𝑛) is undefined,
Ð∞ i.e., whenever Γ𝑛 ⊢ 𝜓 ∨ 𝜒, either 𝜓 ∈ Γ𝑛 or 𝜒 ∈ Γ𝑛 , we let Γ𝑛+1 = Γ𝑛 .
Now let Γ ∗ = 𝑛=0 Γ𝑛
First we show that for all 𝑛, Γ𝑛 ⊬ 𝜑. We proceed by induction on 𝑛. For 𝑛 = 0 the
claim holds by the hypothesis of the theorem, i.e., Γ ⊬ 𝜑. If 𝑛 > 0, we have to show
that if Γ𝑛 ⊬ 𝜑 then Γ𝑛+1 ⊬ 𝜑. If 𝑖 (𝑛) is undefined, Γ𝑛+1 = Γ𝑛 and there is nothing to
prove. So suppose 𝑖 (𝑛) is defined. For simplicity, let 𝑖 = 𝑖 (𝑛).
We’ll prove the contrapositive of the claim. Suppose Γ𝑛+1 ⊢ 𝜑. By construction,
Γ𝑛+1 = Γ𝑛 ∪ {𝜓𝑖 } if Γ𝑛 ∪ {𝜓𝑖 } ⊬ 𝜑, or else Γ𝑛+1 = Γ𝑛 ∪ {𝜒𝑖 }. It clearly can’t be the first,
since then Γ𝑛+1 ⊬ 𝜑. Hence, Γ𝑛 ∪ {𝜓𝑖 } ⊢ 𝜑 and Γ𝑛+1 = Γ𝑛 ∪ {𝜒𝑖 }. By definition of 𝑖 (𝑛),
we have that Γ𝑛 ⊢ 𝜓𝑖 ∨ 𝜒𝑖 . We have Γ𝑛 ∪ {𝜓𝑖 } ⊢ 𝜑. We also have Γ𝑛+1 = Γ𝑛 ∪ {𝜒𝑖 } ⊢ 𝜑.
Hence, Γ𝑛 ⊢ 𝜑, which is what we wanted to show.
If Γ ∗ ⊢ 𝜑, there would be some finite subset Γ ′ ⊆ Γ ∗ such that Γ ′ ⊢ 𝜑. Each 𝜃 ∈ Γ ′
must be in Γ𝑖 for some 𝑖. Let 𝑛 be the largest of these. Since Γ𝑖 ⊆ Γ𝑛 if 𝑖 ≤ 𝑛, Γ ′ ⊆ Γ𝑛 .
But then Γ𝑛 ⊢ 𝜑, contrary to our proof above that Γ𝑛 ⊬ 𝜑.
Lastly, we show that Γ ∗ is prime, i.e., satisfies conditions (1), (2), and (3) of Defini-
tion 12.2.
First, Γ ∗ ⊬ 𝜑, so Γ ∗ is consistent, so (1) holds.
We now show that if Γ ∗ ⊢ 𝜓 ∨ 𝜒, then either 𝜓 ∈ Γ ∗ or 𝜒 ∈ Γ ∗ . This proves (3),
since if 𝜓 ∨ 𝜒 ∈ Γ ∗ then also Γ ∗ ⊢ 𝜓 ∨ 𝜒. So assume Γ ∗ ⊢ 𝜓 ∨ 𝜒 but 𝜓 ∉ Γ ∗ and 𝜒 ∉ Γ ∗ .
Since Γ ∗ ⊢ 𝜓 ∨ 𝜒, Γ𝑛 ⊢ 𝜓 ∨ 𝜒 for some 𝑛. 𝜓 ∨ 𝜒 appears on the enumeration of all
disjunctions, say, as 𝜓 𝑗 ∨ 𝜒 𝑗 . 𝜓 𝑗 ∨ 𝜒 𝑗 satisfies the properties in the definition of 𝑖 (𝑛),
namely we have Γ𝑛 ⊢ 𝜓 𝑗 ∨ 𝜒 𝑗 , while 𝜓 𝑗 ∉ Γ𝑛 and 𝜒 𝑗 ∉ Γ𝑛 . At each stage, at least one
fewer disjunction 𝜓𝑖 ∨ 𝜒𝑖 satisfies the conditions (since at each stage we add either 𝜓𝑖
or 𝜒𝑖 ), so at some stage 𝑚 we will have 𝑗 = 𝑖 (𝑚). But then either 𝜓 ∈ Γ𝑚+1 or 𝜒 ∈ Γ𝑚+1 ,
contrary to the assumption that 𝜓 ∉ Γ ∗ and 𝜒 ∉ Γ ∗ .
Now suppose Γ ∗ ⊢ 𝜓 . Then Γ ∗ ⊢ 𝜓 ∨ 𝜓 . But we’ve just proved that if Γ ∗ ⊢ 𝜓 ∨ 𝜓
then 𝜓 ∈ Γ ∗ . Hence, Γ ∗ satisfies (2) of Definition 12.2. □

145
12. Soundness and Completeness

12.3 The Canonical Model

The worlds in our model will be finite sequences 𝜎 of natural numbers, i.e., 𝜎 ∈ N ∗ .
Note that N ∗ is inductively defined by:

1. Λ ∈ N∗ .

2. If 𝜎 ∈ N ∗ and 𝑛 ∈ N, then 𝜎.𝑛 ∈ N ∗ (where 𝜎.𝑛 is 𝜎 ⌢ ⟨𝑛⟩ and 𝜎 ⌢ 𝜎 ′ is the

concatenation if 𝜎 and 𝜎 ′ ).

3. Nothing else is in N ∗ .

So we can use N ∗ to give inductive definitions.

Let ⟨𝜓 1, 𝜒1 ⟩, ⟨𝜓 2, 𝜒2 ⟩, . . . , be an enumeration of all pairs of formulas. Given a set of
formulas Δ, define Δ(𝜎) by induction as follows:

1. Δ(Λ) = Δ

2. Δ(𝜎.𝑛) = (
(Δ(𝜎) ∪ {𝜓𝑛 }) ∗ if Δ(𝜎) ∪ {𝜓𝑛 } ⊬ 𝜒𝑛
Δ(𝜎) otherwise

Here by (Δ(𝜎) ∪{𝜓𝑛 }) ∗ we mean the prime set of formulas which exists by Lemma 12.3
applied to the set Δ(𝜎) ∪ {𝜓𝑛 } and the formula 𝜒𝑛 . Note that by this definition, if
Δ(𝜎) ∪ {𝜓𝑛 } ⊬ 𝜒𝑛 , then Δ(𝜎.𝑛) ⊢ 𝜓𝑛 and Δ(𝜎.𝑛) ⊬ 𝜒𝑛 . Note also that Δ(𝜎) ⊆ Δ(𝜎.𝑛)
for any 𝑛. If Δ is prime, then Δ(𝜎) is prime for all 𝜎.

Definition 12.4. Suppose Δ is prime. Then the canonical model 𝔐(Δ) for Δ is defined
by:

1. 𝑊 = N ∗ , the set of finite sequences of natural numbers.

2. 𝑅 is the partial order according to which 𝑅𝜎𝜎 ′ iff 𝜎 is an initial segment of 𝜎 ′

(i.e., 𝜎 ′ = 𝜎 ⌢ 𝜎 ′′ for some sequence 𝜎 ′′ ).

3. 𝑉 (𝑝) = {𝜎 | 𝑝 ∈ Δ(𝜎)}.

It is easy to verify that 𝑅 is indeed a partial order. Also, the monotonicity condition
on 𝑉 is satisfied. Since Δ(𝜎) ⊆ Δ(𝜎.𝑛) we get Δ(𝜎) ⊆ Δ(𝜎 ′ ) whenever 𝑅𝜎𝜎 ′ by
induction on 𝜎.

12.4 The Truth Lemma

Lemma 12.5. If Δ is prime, then 𝔐(Δ), 𝜎 ⊩ 𝜑 iff Δ(𝜎) ⊢ 𝜑.

Proof. By induction on 𝜑.

1. 𝜑 ≡ ⊥: Since Δ(𝜎) is prime, it is consistent, so Δ(𝜎) ⊬ 𝜑. By definition,

𝔐(Δ), 𝜎 ⊮ 𝜑.

2. 𝜑 ≡ 𝑝: By definition of ⊩, 𝔐(Δ), 𝜎 ⊩ 𝜑 iff 𝜎 ∈ 𝑉 (𝑝), i.e., Δ(𝜎) ⊢ 𝜑.

3. 𝜑 ≡ ¬𝜓 : exercise.

146
 12.5. The Completeness Theorem

4. 𝜑 ≡ 𝜓 ∧ 𝜒: 𝔐(Δ), 𝜎 ⊩ 𝜑 iff 𝔐(Δ), 𝜎 ⊩ 𝜓 and 𝔐(Δ), 𝜎 ⊩ 𝜒. By induction

hypothesis, 𝔐(Δ), 𝜎 ⊩ 𝜓 iff Δ(𝜎) ⊢ 𝜓 , and similarly for 𝜒. But Δ(𝜎) ⊢ 𝜓 and
Δ(𝜎) ⊢ 𝜒 iff Δ(𝜎) ⊢ 𝜑.

5. 𝜑 ≡ 𝜓 ∨ 𝜒: 𝔐(Δ), 𝜎 ⊩ 𝜑 iff 𝔐(Δ), 𝜎 ⊩ 𝜓 or 𝔐(Δ), 𝜎 ⊩ 𝜒. By induction

hypothesis, this holds iff Δ(𝜎) ⊢ 𝜓 or Δ(𝜎) ⊢ 𝜒. We have to show that this in
turn holds iff Δ(𝜎) ⊢ 𝜑. The left-to-right direction is clear. The right-to-left
direction follows since Δ(𝜎) is prime.

6. 𝜑 ≡ 𝜓 → 𝜒: First the contrapositive of the left-to-right direction: Assume

Δ(𝜎) ⊬ 𝜓 → 𝜒. Then also Δ(𝜎) ∪ {𝜓 } ⊬ 𝜒. Since ⟨𝜓, 𝜒⟩ is ⟨𝜓𝑛 , 𝜒𝑛 ⟩ for some 𝑛,
we have Δ(𝜎.𝑛) = (Δ(𝜎) ∪ {𝜓 }) ∗ , and Δ(𝜎.𝑛) ⊢ 𝜓 but Δ(𝜎.𝑛) ⊬ 𝜒. By inductive
hypothesis, 𝔐(Δ), 𝜎.𝑛 ⊩ 𝜓 and 𝔐(Δ), 𝜎.𝑛 ⊮ 𝜒. Since 𝑅𝜎 (𝜎.𝑛), this means that
𝔐(Δ), 𝜎 ⊮ 𝜑.
Now assume Δ(𝜎) ⊢ 𝜓 → 𝜒, and let 𝑅𝜎𝜎 ′ . Since Δ(𝜎) ⊆ Δ(𝜎 ′ ), we have: if
Δ(𝜎 ′ ) ⊢ 𝜓 , then Δ(𝜎 ′ ) ⊢ 𝜒. In other words, for every 𝜎 ′ such that 𝑅𝜎𝜎 ′ , either
Δ(𝜎 ′ ) ⊬ 𝜓 or Δ(𝜎 ′ ) ⊢ 𝜒. By induction hypothesis, this means that whenever
𝑅𝜎𝜎 ′ , either 𝔐(Δ), 𝜎 ′ ⊮ 𝜓 or 𝔐(Δ), 𝜎 ′ ⊩ 𝜒, i.e., 𝔐(Δ), 𝜎 ⊩ 𝜑. □

12.5 The Completeness Theorem

Theorem 12.6. If Γ ⊨ 𝜑 then Γ ⊢ 𝜑.

Proof. We prove the contrapositive: Suppose Γ ⊬ 𝜑. Then by Lemma 12.3, there is a

prime set Γ ∗ ⊇ Γ such that Γ ∗ ⊬ 𝜑. Consider the canonical model 𝔐(Γ ∗ ) for Γ ∗ as
defined in Definition 12.4. For any 𝜓 ∈ Γ, Γ ∗ ⊢ 𝜓 . Note that Γ ∗ (Λ) = Γ ∗ . By the Truth
Lemma (Lemma 12.5), we have 𝔐(Γ ∗ ), Λ ⊩ 𝜓 for all 𝜓 ∈ Γ and 𝔐(Γ ∗ ), Λ ⊮ 𝜑. This
shows that Γ ⊭ 𝜑. □

Problems
Problem 12.1. Complete the proof of Theorem 12.1. For the cases for ¬I and ¬E, use
the definition of 𝔐, 𝑤 ⊩ ¬𝜑 in Definition 11.2, i.e., don’t treat ¬𝜑 as defined by 𝜑 → ⊥.

Problem 12.2. Show that the following formulas are not derivable in intuitionistic
logic:

1. (𝜑 → 𝜓 ) ∨ (𝜓 → 𝜑)

2. (¬¬𝜑 → 𝜑) → (𝜑 ∨ ¬𝜑)

3. (𝜑 → 𝜓 ∨ 𝜒) → (𝜑 → 𝜓 ) ∨ (𝜑 → 𝜒)

Problem 12.3. Show that if Γ ⊬ ⊥ then Γ is consistent in classical logic, i.e., there is
a valuation making all formulas in Γ true.

Problem 12.4. Show that if 𝜑 only contains propositional variables, ∨, and ∧, then
⊭ 𝜑. Use this to conclude that → is not definable in intuitionistic logic from ∨ and ∧.

147
12. Soundness and Completeness

Problem 12.5. By using the completeness theorem prove that if ⊢ 𝜑 ∨ 𝜓 then ⊢ 𝜑

or ⊢ 𝜓 . (Hint: Assume 𝔐1 ⊮ 𝜑 and 𝔐2 ⊮ 𝜓 and construct a new model 𝔐 such that
𝔐 ⊮ 𝜑 ∨ 𝜓 .)

Problem 12.6. Show that if 𝔐 is a relational model using a linear order then 𝔐 ⊩
(𝜑 → 𝜓 ) ∨ (𝜓 → 𝜑).

148
 Part V

Computability and Incompleteness

Chapter 13

Turing Machine Computations

13.1 Introduction
What does it mean for a function, say, from N to N to be computable? Among the
first answers, and the most well known one, is that a function is computable if it
can be computed by a Turing machine. This notion was set out by Alan Turing
in 1936. Turing machines are an example of a model of computation—they are a
mathematically precise way of defining the idea of a “computational procedure.”
What exactly that means is debated, but it is widely agreed that Turing machines
are one way of specifying computational procedures. Even though the term “Turing
machine” evokes the image of a physical machine with moving parts, strictly speaking
a Turing machine is a purely mathematical construct, and as such it idealizes the
idea of a computational procedure. For instance, we place no restriction on either the
time or memory requirements of a Turing machine: Turing machines can compute
something even if the computation would require more storage space or more steps
than there are atoms in the universe.
It is perhaps best to think of a Turing machine as a program for a special kind
of imaginary mechanism. This mechanism consists of a tape and a read-write head.
In our version of Turing machines, the tape is infinite in one direction (to the right),
and it is divided into squares, each of which may contain a symbol from a finite
alphabet. Such alphabets can contain any number of different symbols, but we will
mainly make do with three: ⊲, ⊔, and I. When the mechanism is started, the tape is
empty (i.e., each square contains the symbol ⊔) except for the leftmost square, which
contains ⊲, and a finite number of squares which contain the input. At any time, the
mechanism is in one of a finite number of states. At the outset, the head scans the
leftmost square and in a specified initial state. At each step of the mechanism’s run,
the content of the square currently scanned together with the state the mechanism
is in and the Turing machine program determine what happens next. The Turing
machine program is given by a partial function which takes as input a state 𝑞 and a
symbol 𝜎 and outputs a triple ⟨𝑞 ′, 𝜎 ′, 𝐷⟩. Whenever the mechanism is in state 𝑞 and

149
13. Turing Machine Computations

Figure 13.1: A Turing machine executing its program.

reads symbol 𝜎, it replaces the symbol on the current square with 𝜎 ′ , the head moves
left, right, or stays put according to whether 𝐷 is 𝐿, 𝑅, or 𝑁 , and the mechanism goes
into state 𝑞 ′ .
For instance, consider the situation in Figure 13.1. The visible part of the tape of the
Turing machine contains the end-of-tape symbol ⊲ on the leftmost square, followed
by three 1’s, a 0, and four more 1’s. The head is reading the third square from the left,
which contains a 1, and is in state 𝑞 1 —we say “the machine is reading a 1 in state 𝑞 1 .” If
the program of the Turing machine returns, for input ⟨𝑞 1, 1⟩, the triple ⟨𝑞 2, 0, 𝑁 ⟩, the
machine would now replace the 1 on the third square with a 0, leave the read/write
head where it is, and switch to state 𝑞 2 . If then the program returns ⟨𝑞 3, 0, 𝑅⟩ for input
⟨𝑞 2, 0⟩, the machine would now overwrite the 0 with another 0 (effectively, leaving
the content of the tape under the read/write head unchanged), move one square to
the right, and enter state 𝑞 3 . And so on.
We say that the machine halts when it encounters some state, 𝑞𝑛 , and symbol,
𝜎 such that there is no instruction for ⟨𝑞𝑛 , 𝜎⟩, i.e., the transition function for input
⟨𝑞𝑛 , 𝜎⟩ is undefined. In other words, the machine has no instruction to carry out, and
at that point, it ceases operation. Halting is sometimes represented by a specific halt
state ℎ. This will be demonstrated in more detail later on.
The beauty of Turing’s paper, “On computable numbers,” is that he presents not
only a formal definition, but also an argument that the definition captures the intuitive
notion of computability. From the definition, it should be clear that any function
computable by a Turing machine is computable in the intuitive sense. Turing offers
three types of argument that the converse is true, i.e., that any function that we
would naturally regard as computable is computable by such a machine. They are (in
Turing’s words):

1. A direct appeal to intuition.

2. A proof of the equivalence of two definitions (in case the new definition has a
greater intuitive appeal).

3. Giving examples of large classes of numbers which are computable.

Our goal is to try to define the notion of computability “in principle,” i.e., without
taking into account practical limitations of time and space. Of course, with the broad-
est definition of computability in place, one can then go on to consider computation
with bounded resources; this forms the heart of the subject known as “computational
complexity.”

150
 13.2. Representing Turing Machines

Historical Remarks Alan Turing invented Turing machines in 1936. While his
interest at the time was the decidability of first-order logic, the paper has been de-
scribed as a definitive paper on the foundations of computer design. In the paper,
Turing focuses on computable real numbers, i.e., real numbers whose decimal ex-
pansions are computable; but he notes that it is not hard to adapt his notions to
computable functions on the natural numbers, and so on. Notice that this was a full
five years before the first working general purpose computer was built in 1941 (by
the German Konrad Zuse in his parent’s living room), seven years before Turing
and his colleagues at Bletchley Park built the code-breaking Colossus (1943), nine
years before the American ENIAC (1945), twelve years before the first British general
purpose computer—the Manchester Small-Scale Experimental Machine—was built in
Manchester (1948), and thirteen years before the Americans first tested the BINAC
(1949). The Manchester SSEM has the distinction of being the first stored-program
computer—previous machines had to be rewired by hand for each new task.

13.2 Representing Turing Machines

Turing machines can be represented visually by state diagrams. The diagrams are
composed of state cells connected by arrows. Unsurprisingly, each state cell represents
a state of the machine. Each arrow represents an instruction that can be carried out
from that state, with the specifics of the instruction written above or below the
appropriate arrow. Consider the following machine, which has only two internal
states, 𝑞 0 and 𝑞 1 , and one instruction:

⊔, I, 𝑅
start 𝑞0 𝑞1

Recall that the Turing machine has a read/write head and a tape with the input written
on it. The instruction can be read as if reading a ⊔ in state 𝑞 0 , write a I, move right,
and move to state 𝑞 1 . This is equivalent to the transition function mapping ⟨𝑞 0, ⊔⟩ to
⟨𝑞 1, I, 𝑅⟩.

Example 13.1. Even Machine: The following Turing machine halts if, and only if,
there are an even number of I’s on the tape (under the assumption that all I’s come
before the first ⊔ on the tape).

⊔, ⊔, 𝑅
I, I, 𝑅

start 𝑞0 𝑞1

I, I, 𝑅

The state diagram corresponds to the following transition function:

𝛿 (𝑞 0, I) = ⟨𝑞 1, I, 𝑅⟩,
𝛿 (𝑞 1, I) = ⟨𝑞 0, I, 𝑅⟩,
𝛿 (𝑞 1, ⊔) = ⟨𝑞 1, ⊔, 𝑅⟩

151
13. Turing Machine Computations

The above machine halts only when the input is an even number of strokes.
Otherwise, the machine (theoretically) continues to operate indefinitely. For any
machine and input, it is possible to trace through the configurations of the machine in
order to determine the output. We will give a formal definition of configurations later.
For now, we can intuitively think of configurations as a series of diagrams showing
the state of the machine at any point in time during operation. Configurations show
the content of the tape, the state of the machine and the location of the read/write
head.
Let us trace through the configurations of the even machine if it is started with
an input of four I’s. In this case, we expect that the machine will halt. We will then
run the machine on an input of three I’s, where the machine will run forever.
The machine starts in state 𝑞 0 , scanning the leftmost I. We can represent the
initial state of the machine as follows:

⊲I0 III ⊔ . . .

The above configuration is straightforward. As can be seen, the machine starts in

state one, scanning the leftmost I. This is represented by a subscript of the state name
on the first I. The applicable instruction at this point is 𝛿 (𝑞 0, I) = ⟨𝑞 1, I, 𝑅⟩, and so
the machine moves right on the tape and changes to state 𝑞 1 .

⊲II1 II ⊔ . . .

Since the machine is now in state 𝑞 1 scanning a I, we have to “follow” the instruction
𝛿 (𝑞 1, I) = ⟨𝑞 0, I, 𝑅⟩. This results in the configuration

⊲III0 I ⊔ . . .

As the machine continues, the rules are applied again in the same order, resulting in
the following two configurations:

⊲IIII1 ⊔ . . .

⊲IIII ⊔0 . . .
The machine is now in state 𝑞 0 scanning a ⊔. Based on the transition diagram, we
can easily see that there is no instruction to be carried out, and thus the machine has
halted. This means that the input has been accepted.
Suppose next we start the machine with an input of three I’s. The first few
configurations are similar, as the same instructions are carried out, with only a small
difference of the tape input:
⊲I0 II ⊔ . . .
⊲II1 I ⊔ . . .
⊲III0 ⊔ . . .
⊲III ⊔1 . . .
The machine has now traversed past all the I’s, and is reading a ⊔ in state 𝑞 1 . As
shown in the diagram, there is an instruction of the form 𝛿 (𝑞 1, ⊔) = ⟨𝑞 1, ⊔, 𝑅⟩. Since
the tape is filled with ⊔ indefinitely to the right, the machine will continue to execute
this instruction forever, staying in state 𝑞 1 and moving ever further to the right. The
machine will never halt, and does not accept the input.

152
 13.2. Representing Turing Machines

It is important to note that not all machines will halt. If halting means that the
machine runs out of instructions to execute, then we can create a machine that never
halts simply by ensuring that there is an outgoing arrow for each symbol at each
state. The even machine can be modified to run indefinitely by adding an instruction
for scanning a ⊔ at 𝑞 0 .

Example 13.2.

⊔, ⊔, 𝑅 ⊔, ⊔, 𝑅
I, I, 𝑅

start 𝑞0 𝑞1

I, I, 𝑅

Machine tables are another way of representing Turing machines. Machine tables
have the tape alphabet displayed on the 𝑥-axis, and the set of machine states across
the 𝑦-axis. Inside the table, at the intersection of each state and symbol, is written
the rest of the instruction—the new state, new symbol, and direction of movement.
Machine tables make it easy to determine in what state, and for what symbol, the
machine halts. Whenever there is a gap in the table is a possible point for the machine
to halt. Unlike state diagrams and instruction sets, where the points at which the
machine halts are not always immediately obvious, any halting points are quickly
identified by finding the gaps in the machine table.

Example 13.3. The machine table for the even machine is:

⊔ I ⊲
𝑞0 I, 𝑞 1, 𝑅
𝑞1 ⊔, 𝑞 1, 𝑅 I, 𝑞 0, 𝑅

As we can see, the machine halts when scanning a ⊔ in state 𝑞 0 .

So far we have only considered machines that read and accept input. However,
Turing machines have the capacity to both read and write. An example of such a
machine (although there are many, many examples) is a doubler. A doubler, when
started with a block of 𝑛 I’s on the tape, outputs a block of 2𝑛 I’s.

Example 13.4. Before building a doubler machine, it is important to come up with a

strategy for solving the problem. Since the machine (as we have formulated it) cannot
remember how many I’s it has read, we need to come up with a way to keep track of
all the I’s on the tape. One such way is to separate the output from the input with
a ⊔. The machine can then erase the first I from the input, traverse over the rest of
the input, leave a ⊔, and write two new I’s. The machine will then go back and find
the second I in the input, and double that one as well. For each one I of input, it will
write two I’s of output. By erasing the input as the machine goes, we can guarantee
that no I is missed or doubled twice. When the entire input is erased, there will be
2𝑛 I’s left on the tape. The state diagram of the resulting Turing machine is depicted
in Figure 13.2.

153
13. Turing Machine Computations

I, I, 𝑅 I, I, 𝑅

I, ⊔, 𝑅 ⊔, ⊔, 𝑅
start 𝑞0 𝑞1 𝑞2

⊔, ⊔, 𝑅 ⊔, I, 𝑅

𝑞5 𝑞4 𝑞3
⊔, ⊔, 𝐿 I, I, 𝐿

I, I, 𝐿 I, I, 𝐿 ⊔, I, 𝐿

Figure 13.2: A doubler machine

13.3 Turing Machines

The formal definition of what constitutes a Turing machine looks abstract, but is
actually simple: it merely packs into one mathematical structure all the information
needed to specify the workings of a Turing machine. This includes (1) which states
the machine can be in, (2) which symbols are allowed to be on the tape, (3) which
state the machine should start in, and (4) what the instruction set of the machine is.

Definition 13.5 (Turing machine). A Turing machine 𝑀 is a tuple ⟨𝑄, Σ, 𝑞 0, 𝛿⟩ con-

sisting of

1. a finite set of states 𝑄,

2. a finite alphabet Σ which includes ⊲ and ⊔,

3. an initial state 𝑞 0 ∈ 𝑄,

4. a finite instruction set 𝛿 : 𝑄 × Σ →

↦ 𝑄 × Σ × {𝐿, 𝑅, 𝑁 }.

The partial function 𝛿 is also called the transition function of 𝑀.

We assume that the tape is infinite in one direction only. For this reason it is
useful to designate a special symbol ⊲ as a marker for the left end of the tape. This
makes it easier for Turing machine programs to tell when they’re “in danger” of
running off the tape. We could assume that this symbol is never overwritten, i.e., that
𝛿 (𝑞, ⊲) = ⟨𝑞 ′, ⊲, 𝑥⟩ if 𝛿 (𝑞, ⊲) is defined. Some textbooks do this, we do not. You can
simply be careful when constructing your Turing machine that it never overwrites ⊲.
Moreover, there are cases where allowing such overwriting provides some convenient
flexibility.

154
 13.4. Configurations and Computations

Example 13.6. Even Machine: The even machine is formally the quadruple ⟨𝑄, Σ, 𝑞 0, 𝛿⟩
where

𝑄 = {𝑞 0, 𝑞 1 }
Σ = {⊲, ⊔, I},
𝛿 (𝑞 0, I) = ⟨𝑞 1, I, 𝑅⟩,
𝛿 (𝑞 1, I) = ⟨𝑞 0, I, 𝑅⟩,
𝛿 (𝑞 1, ⊔) = ⟨𝑞 1, ⊔, 𝑅⟩.

13.4 Configurations and Computations

Recall tracing through the configurations of the even machine earlier. The imaginary
mechanism consisting of tape, read/write head, and Turing machine program is really
just an intuitive way of visualizing what a Turing machine computation is. Formally,
we can define the computation of a Turing machine on a given input as a sequence of
configurations—and a configuration in turn is a sequence of symbols (corresponding
to the contents of the tape at a given point in the computation), a number indicating
the position of the read/write head, and a state. Using these, we can define what the
Turing machine 𝑀 computes on a given input.

Definition 13.7 (Configuration). A configuration of Turing machine 𝑀 = ⟨𝑄, Σ, 𝑞 0, 𝛿⟩

is a triple ⟨𝐶, 𝑚, 𝑞⟩ where

1. 𝐶 ∈ Σ∗ is a finite sequence of symbols from Σ,

2. 𝑚 ∈ N is a number < len(𝐶), and

3. 𝑞 ∈ 𝑄

Intuitively, the sequence 𝐶 is the content of the tape (symbols of all squares from the
leftmost square to the last non-blank or previously visited square), 𝑚 is the number
of the square the read/write head is scanning (beginning with 0 being the number of
the leftmost square), and 𝑞 is the current state of the machine.

The potential input for a Turing machine is a sequence of symbols, usually a

sequence that encodes a number in some form. The initial configuration of the Turing
machine is that configuration in which we start the Turing machine to work on
that input: the tape contains the tape end marker immediately followed by the input
written on the squares to the right, the read/write head is scanning the leftmost square
of the input (i.e., the square to the right of the left end marker), and the mechanism is
in the designated start state 𝑞 0 .

Definition 13.8 (Initial configuration). The initial configuration of 𝑀 for input

𝐼 ∈ Σ∗ is
⟨⊲ ⌢ 𝐼, 1, 𝑞 0 ⟩.

The ⌢ symbol is for concatenation—the input string begins immediately to the

left end marker.

Definition 13.9. We say that a configuration ⟨𝐶, 𝑚, 𝑞⟩ yields the configuration ⟨𝐶 ′, 𝑚 ′, 𝑞 ′ ⟩

in one step (according to 𝑀), iff

155
13. Turing Machine Computations

1. the 𝑚-th symbol of 𝐶 is 𝜎,

2. the instruction set of 𝑀 specifies 𝛿 (𝑞, 𝜎) = ⟨𝑞 ′, 𝜎 ′, 𝐷⟩,
3. the 𝑚-th symbol of 𝐶 ′ is 𝜎 ′ , and
4. a) 𝐷 = 𝐿 and 𝑚 ′ = 𝑚 − 1 if 𝑚 > 0, otherwise 𝑚 ′ = 0, or
b) 𝐷 = 𝑅 and 𝑚 ′ = 𝑚 + 1, or
c) 𝐷 = 𝑁 and 𝑚 ′ = 𝑚,
5. if 𝑚 ′ = len(𝐶), then len(𝐶 ′ ) = len(𝐶) + 1 and the 𝑚 ′ -th symbol of 𝐶 ′ is ⊔.
Otherwise len(𝐶 ′ ) = len(𝐶).
6. for all 𝑖 such that 𝑖 < len(𝐶) and 𝑖 ≠ 𝑚, 𝐶 ′ (𝑖) = 𝐶 (𝑖),

Definition 13.10. A run of 𝑀 on input 𝐼 is a sequence 𝐶𝑖 of configurations of 𝑀,

where 𝐶 0 is the initial configuration of 𝑀 for input 𝐼 , and each 𝐶𝑖 yields 𝐶𝑖+1 in one
step.
We say that 𝑀 halts on input 𝐼 after 𝑘 steps if 𝐶𝑘 = ⟨𝐶, 𝑚, 𝑞⟩, the 𝑚th symbol of 𝐶
is 𝜎, and 𝛿 (𝑞, 𝜎) is undefined. In that case, the output of 𝑀 for input 𝐼 is 𝑂, where 𝑂
is a string of symbols not ending in ⊔ such that 𝐶 = ⊲ ⌢ 𝑂 ⌢ ⊔ 𝑗 for some 𝑖, 𝑗 ∈ N.

According to this definition, the output 𝑂 of 𝑀 always ends in a symbol other

than ⊔, or, if at time 𝑘 the entire tape is filled with ⊔ (except for the leftmost ⊲), 𝑂 is
the empty string.

13.5 Unary Representation of Numbers

Turing machines work on sequences of symbols written on their tape. Depending on
the alphabet a Turing machine uses, these sequences of symbols can represent various
inputs and outputs. Of particular interest, of course, are Turing machines which
compute arithmetical functions, i.e., functions of natural numbers. A simple way to
represent positive integers is by coding them as sequences of a single symbol I. If
𝑛 ∈ N, let I𝑛 be the empty sequence if 𝑛 = 0, and otherwise the sequence consisting
of exactly 𝑛 I’s.
Definition 13.11 (Computation). A Turing machine 𝑀 computes the function
𝑓 : N𝑘 → N iff 𝑀 halts on input
I𝑛1 ⊔ I𝑛2 ⊔ . . . ⊔ I𝑛𝑘
with output I 𝑓 (𝑛1,...,𝑛𝑘 ) .

Example 13.12. Addition: Let’s build a machine that computes the function 𝑓 (𝑛, 𝑚) =
𝑛 + 𝑚. This requires a machine that starts with two blocks of I’s of length 𝑛 and 𝑚
on the tape, and halts with one block consisting of 𝑛 + 𝑚 I’s. The two input blocks
of I’s are separated by a ⊔, so one method would be to write a stroke on the square
containing the ⊔, and erase the last I.

In Example 13.4, we gave an example of a Turing machine that takes as input

a sequence of I’s and halts with a sequence of twice as many I’s on the tape—the
doubler machine. However, because the output contains ⊔’s to the left of the doubled
block of I’s, it does not actually compute the function 𝑓 (𝑥) = 2𝑥, as you might have
assumed. We’ll describe two ways of fixing that.

156
 13.5. Unary Representation of Numbers

I, I, 𝑅 I, I, 𝑅 I, ⊔, 𝑁

⊔, I, 𝑁 ⊔, ⊔, 𝐿
start 𝑞0 𝑞1 𝑞2

Figure 13.3: A machine computing 𝑓 (𝑥, 𝑦) = 𝑥 + 𝑦

I, I, 𝑅 I, I, 𝐿

⊔, I, 𝐿
𝑞2 𝑞3

𝑞6
⊔, ⊔, 𝑅 ⊔, ⊔, 𝐿
𝑅
I,
⊔,

⊔, I, 𝑅
I, I, 𝑅 𝑞1 𝑞4

𝑞7 I, I, 𝑅
I, ⊔, 𝑅 I, I, 𝐿

⊔, ⊔, 𝐿
start 𝑞0 𝑞5
⊔, I, 𝑅
𝑞8 I, ⊔, 𝑁
I, I, 𝐿

Figure 13.4: A machine computing 𝑓 (𝑥) = 2𝑥

Example 13.13. The machine in Figure 13.4 computes the function 𝑓 (𝑥) = 2𝑥. Instead
of erasing the input and writing two I’s at the far right for every I in the input as
the machine from Example 13.4 does, this machine adds a single I to the right for
every I in the input. It has to keep track of where the input ends, so it leaves a ⊔
between the input and the added strokes, which it fills with a I at the very end. And
we have to “remember” where we are in the input, so we temporarily replace a I in
the input block by a ⊔.

Example 13.14. A second possibility for computing 𝑓 (𝑥) = 2𝑥 is to keep the original
doubler machine, but add states and instructions at the end which move the doubled
block of strokes to the far left of the tape. The machine in Figure 13.5 does just this
last part: started on a tape consisting of a block of ⊔’s followed by a block of I’s
(and the head positioned anywhere in the block of ⊔’s), it erases the I’s one at a time
and writes them at the beginning of the tape. In order to be able to tell when it is

157
13. Turing Machine Computations

⊔, ⊔, 𝑅 I, I, 𝑅

⊔, ⊔, 𝑅 I, I, 𝑅
start 𝑞6 𝑞7 𝑞8

⊔, ⊔, 𝐿 ⊔, ⊲, 𝐿

I, ⊔, 𝐿
𝑞 11 𝑞 10 𝑞9 I, I, 𝐿
⊔, ⊔, 𝑅
I,

⊲, ⊲, 𝑅
⊔,

I, I, 𝑅
𝐿

⊔, I, 𝑅 ⊲, ⊔, 𝑁
𝑞 12 𝑞 13 𝑞 14

⊔, ⊔, 𝑅

Figure 13.5: Moving a block of I’s to the left

done, it first marks the end of the block of I’s with a ⊲ symbol, which gets deleted
at the end. We’ve started numbering the states at 𝑞 6 , so they can be added to the
doubler machine. All you’ll need is an additional instruction 𝛿 (𝑞 5, ⊔) = ⟨𝑞 6, ⊔, 𝑁 ⟩, i.e.,
an arrow from 𝑞 5 to 𝑞 6 labelled ⊔, ⊔, 𝑁 . (There is one subtle problem: the resulting
machine does not work for input 𝑥 = 0. We’ll leave this as an exercise.)

Definition 13.15. A Turing machine 𝑀 computes the partial function 𝑓 : N𝑘 →

↦ N
iff,

1. 𝑀 halts on input I𝑛1 ⌢ ⊔ ⌢ . . . ⌢ ⊔ ⌢ I𝑛𝑘 with output I𝑚 if 𝑓 (𝑛 1, . . . , 𝑛𝑘 ) =

𝑚.

2. 𝑀 does not halt at all, or with an output that is not a single block of I’s if
𝑓 (𝑛 1, . . . , 𝑛𝑘 ) is undefined.

13.6 Halting States

Although we have defined our machines to halt only when there is no instruction
to carry out, common representations of Turing machines have a dedicated halting
state ℎ, such that ℎ ∈ 𝑄.
The idea behind a halting state is simple: when the machine has finished operation
(it is ready to accept input, or has finished writing the output), it goes into a state ℎ
where it halts. Some machines have two halting states, one that accepts input and
one that rejects input.

158
 13.7. Disciplined Machines

Example 13.16. Halting States. To elucidate this concept, let us begin with an alter-
ation of the even machine. Instead of having the machine halt in state 𝑞 0 if the input
is even, we can add an instruction to send the machine into a halting state.

⊔, ⊔, 𝑅
I, I, 𝑅

start 𝑞0 𝑞1

I, I, 𝑅
⊔, ⊔, 𝑁

Let us further expand the example. When the machine determines that the input
is odd, it never halts. We can alter the machine to include a reject state by replacing
the looping instruction with an instruction to go to a reject state 𝑟 .

I, I, 𝑅

start 𝑞0 𝑞1

I, I, 𝑅
⊔, ⊔, 𝑁 ⊔, ⊔, 𝑁

ℎ 𝑟

Adding a dedicated halting state can be advantageous in cases like this, where
it makes explicit when the machine accepts/rejects certain inputs. However, it is
important to note that no computing power is gained by adding a dedicated halting
state. Similarly, a less formal notion of halting has its own advantages. The definition
of halting used so far in this chapter makes the proof of the Halting Problem intuitive
and easy to demonstrate. For this reason, we continue with our original definition.

13.7 Disciplined Machines

In section section 13.6, we considered Turing machines that have a single, designated
halting state ℎ—such machines are guaranteed to halt, if they halt at all, in state ℎ. In
this way, machines with a single halting state are more “disciplined” than we allow
Turing machines in general to be. There are other restrictions we might impose on
the behavior of Turing machines. For instance, we also have not prohibited Turing
machines from ever erasing the tape-end marker on square 0, or to attempt to move
left from square 0. (Our definition states that the head simply stays on square 0 in
this case; other definitions have the machine halt.) It is likewise sometimes desirable
to be able to assume that a Turing machine, if it halts at all, halts on square 1.

159
13. Turing Machine Computations

⊔, I, 𝑁
start 𝑞0 𝑞1

⊔, ⊔, 𝐿
I, I, 𝑅 I, I, 𝑅
𝑞2

I, I, 𝐿
I, ⊔, 𝐿

ℎ 𝑞3
⊲, ⊲, 𝑅

Figure 13.6: A disciplined addition machine

Definition 13.17. A Turing machine 𝑀 is disciplined iff

1. it has a designated single halting state ℎ,

2. it halts, if it halts at all, while scanning square 1,

3. it never erases the ⊲ symbol on square 0, and

4. it never attempts to move left from square 0.

We have already discussed that any Turing machine can be changed into one with
the same behavior but with a designated halting state. This is done simply by adding
a new state ℎ, and adding an instruction 𝛿 (𝑞, 𝜎) = ⟨ℎ, 𝜎, 𝑁 ⟩ for any pair ⟨𝑞, 𝜎⟩ where
the original 𝛿 is undefined. It is true, although tedious to prove, that any Turing
machine 𝑀 can be turned into a disciplined Turing machine 𝑀 ′ which halts on the
same inputs and produces the same output. For instance, if the Turing machine halts
and is not on square 1, we can add some instructions to make the head move left until
it finds the tape-end marker, then move one square to the right, then halt. We’ll leave
you to think about how the other conditions can be dealt with.

Example 13.18. In Figure 13.6, we turn the addition machine from Example 13.12
into a disciplined machine.

Proposition 13.19. For every Turing machine 𝑀, there is a disciplined Turing ma-
chine 𝑀 ′ which halts with output 𝑂 if 𝑀 halts with output 𝑂, and does not halt if 𝑀 does
not halt. In particular, any function 𝑓 : N𝑛 → N computable by a Turing machine is
also computable by a disciplined Turing machine.

13.8 Combining Turing Machines

The examples of Turing machines we have seen so far have been fairly simple in
nature. But in fact, any problem that can be solved with any modern programming
language can also be solved with Turing machines. To build more complex Turing
machines, it is important to convince ourselves that we can combine them, so we

160
 13.8. Combining Turing Machines

can build machines to solve more complex problems by breaking the procedure into
simpler parts. If we can find a natural way to break a complex problem down into
constituent parts, we can tackle the problem in several stages, creating several simple
Turing machines and combining them into one machine that can solve the problem.
This point is especially important when tackling the Halting Problem in the next
section.
How do we combine Turing machines 𝑀 = ⟨𝑄, Σ, 𝑞 0, 𝛿⟩ and 𝑀 ′ = ⟨𝑄 ′, Σ′, 𝑞 0′ , 𝛿 ′ ⟩?
We now use the configuration of the tape after 𝑀 has halted as the input configuration
of a run of machine 𝑀 ′ . To get a single Turing machine 𝑀 ⌢ 𝑀 ′ that does this, do
the following:

1. Renumber (or relabel) all the states 𝑄 ′ of 𝑀 ′ so that 𝑀 and 𝑀 ′ have no states
in common (𝑄 ∩ 𝑄 ′ = ∅).

2. The states of 𝑀 ⌢ 𝑀 ′ are 𝑄 ∪ 𝑄 ′ .

3. The tape alphabet is Σ ∪ Σ′ .

4. The start state is 𝑞 0 .

5. The transition function is the function 𝛿 ′′ given by:



 𝛿 (𝑞, 𝜎) if 𝑞 ∈ 𝑄
′′


𝛿 (𝑞, 𝜎) = 𝛿 ′ (𝑞, 𝜎) if 𝑞 ∈ 𝑄 ′
if 𝑞 ∈ 𝑄 and 𝛿 (𝑞, 𝜎) is undefined

 ⟨𝑞 ′ , 𝜎, 𝑁 ⟩

 0

The resulting machine uses the instructions of 𝑀 when it is in a state 𝑞 ∈ 𝑄, the

instructions of 𝑀 ′ when it is in a state 𝑞 ∈ 𝑄 ′ . When it is in a state 𝑞 ∈ 𝑄 and is
scanning a symbol 𝜎 for which 𝑀 has no transition (i.e., 𝑀 would have halted), it
enters the start state of 𝑀 ′ (and leaves the tape contents and head position as it is).
Note that unless the machine 𝑀 is disciplined, we don’t know where the tape head
is when 𝑀 halts, so the halting configuration of 𝑀 need not have the head scanning
square 1. When combining machines, it’s important to keep this in mind.

Example 13.20. Combining Machines: We’ll design a machine which, when started
on input consisting of two blocks of I’s of length 𝑛 and 𝑚, halts with a single block
of 2(𝑚 + 𝑛) I’s on the tape. In order to build this machine, we can combine two
machines we are already familiar with: the addition machine, and the doubler. We
begin by drawing a state diagram for the addition machine.

I, I, 𝑅 I, I, 𝑅 I, ⊔, 𝑁

⊔, I, 𝑁 ⊔, ⊔, 𝐿
start 𝑞0 𝑞1 𝑞2

Instead of halting in state 𝑞 2 , we want to continue operation in order to double the

output. Recall that the doubler machine erases the first stroke in the input and writes
two strokes in a separate output. Let’s add an instruction to make sure the tape head

161
13. Turing Machine Computations

I, I, 𝑅 I, I, 𝑅

⊔, I, 𝑁 ⊔, ⊔, 𝐿
start 𝑞0 𝑞1 𝑞2

I, ⊔, 𝐿

I, I, 𝐿 𝑞3

I, I, 𝑅 I, I, 𝑅
⊲, ⊲, 𝑅

I, ⊔, 𝑅 ⊔, ⊔, 𝑅
𝑞4 𝑞5 𝑞6

⊔, ⊔, 𝑅 ⊔, I, 𝑅

𝑞9 𝑞8 𝑞7
⊔, ⊔, 𝐿 I, I, 𝐿

I, I, 𝐿 I, I, 𝐿 ⊔, I, 𝐿

Figure 13.7: Combining adder and doubler machines

is reading the first stroke of the output of the addition machine.

I, I, 𝑅 I, I, 𝑅

⊔, I, 𝑁 ⊔, ⊔, 𝐿
start 𝑞0 𝑞1 𝑞2

I, ⊔, 𝐿

I, I, 𝐿 𝑞3

⊲, ⊲, 𝑅

𝑞4

It is now easy to double the input—all we have to do is connect the doubler machine
onto state 𝑞 4 . This requires renaming the states of the doubler machine so that they
start at 𝑞 4 instead of 𝑞 0 —this way we don’t end up with two starting states. The final
diagram should look as in Figure 13.7.

162
 13.9. Variants of Turing Machines

Proposition 13.21. If 𝑀 and 𝑀 ′ are disciplined and compute the functions 𝑓 : N𝑘 → N

and 𝑓 ′ : N → N, respectively, then 𝑀 ⌢ 𝑀 ′ is disciplined and computes 𝑓 ′ ◦ 𝑓 .

Proof. Since 𝑀 is disciplined, when it halts with output 𝑓 (𝑛 1, . . . , 𝑛𝑘 ) = 𝑚, the head

is scanning square 1. If we now enter the start state of 𝑀 ′ , the machine will halt with
output 𝑓 ′ (𝑚), again scanning square 1. The other conditions of Definition 13.17 are
also satisfied. □

13.9 Variants of Turing Machines

There are in fact many possible ways to define Turing machines, of which ours is
only one. In some ways, our definition is more liberal than others. We allow arbitrary
finite alphabets, a more restricted definition might allow only two tape symbols, I
and ⊔. We allow the machine to write a symbol to the tape and move at the same
time, other definitions allow either writing or moving. We allow the possibility of
writing without moving the tape head, other definitions leave out the 𝑁 “instruction.”
In other ways, our definition is more restrictive. We assumed that the tape is infinite
in one direction only, other definitions allow the tape to be infinite both to the left
and the right. In fact, one can even allow any number of separate tapes, or even an
infinite grid of squares. We represent the instruction set of the Turing machine by a
transition function; other definitions use a transition relation where the machine has
more than one possible instruction in any given situation.
This last relaxation of the definition is particularly interesting. In our definition,
when the machine is in state 𝑞 reading symbol 𝜎, 𝛿 (𝑞, 𝜎) determines what the new
symbol, state, and tape head position is. But if we allow the instruction set to be a
relation between current state-symbol pairs ⟨𝑞, 𝜎⟩ and new state-symbol-direction
triples ⟨𝑞 ′, 𝜎 ′, 𝐷⟩, the action of the Turing machine may not be uniquely determined—
the instruction relation may contain both ⟨𝑞, 𝜎, 𝑞 ′, 𝜎 ′, 𝐷⟩ and ⟨𝑞, 𝜎, 𝑞 ′′, 𝜎 ′′, 𝐷 ′ ⟩. In this
case we have a non-deterministic Turing machine. These play an important role in
computational complexity theory.
There are also different conventions for when a Turing machine halts: we say it
halts when the transition function is undefined, other definitions require the machine
to be in a special designated halting state. We have explained in section 13.6 why
requiring a designated halting state is not a restriction which impacts what Turing
machines can compute. Since the tapes of our Turing machines are infinite in one
direction only, there are cases where a Turing machine can’t properly carry out an
instruction: if it reads the leftmost square and is supposed to move left. According to
our definition, it just stays put instead of “falling off”, but we could have defined it so
that it halts when that happens. This definition is also equivalent: we could simulate
the behavior of a Turing machine that halts when it attempts to move left from
square 0 by deleting every transition 𝛿 (𝑞, ⊲) = ⟨𝑞 ′, 𝜎, 𝐿⟩—then instead of attempting
to move left on ⊲ the machine halts.1
There are also different ways of representing numbers (and hence the input-output
function computed by a Turing machine): we use unary representation, but you can
also use binary representation. This requires two symbols in addition to ⊔ and ⊲.
1 This doesn’t quite work, since nothing prevents us from writing and reading ⊲ on squares other than

square 0 (see Example 13.14). We can get around that by adding a second ⊲′ symbol to use instead for such
a purpose.

163
13. Turing Machine Computations

Now here is an interesting fact: none of these variations matters as to which

functions are Turing computable. If a function is Turing computable according to one
definition, it is Turing computable according to all of them.
We won’t go into the details of verifying this. Here’s just one example: we gain no
additional computing power by allowing a tape that is infinite in both directions, or
multiple tapes. The reason is, roughly, that a Turing machine with a single one-way
infinite tape can simulate multiple or two-way infinite tapes. E.g., using additional
states and instructions, we can “translate” a program for a machine with multiple
tapes or two-way infinite tape into one with a single one-way infinite tape. The
translated machine can use the even squares for the squares of tape 1 (or the “positive”
squares of a two-way infinite tape) and the odd squares for the squares of tape 2 (or
the “negative” squares).

13.10 The Church-Turing Thesis

Turing machines are supposed to be a precise replacement for the concept of an
effective procedure. Turing thought that anyone who grasped both the concept of an
effective procedure and the concept of a Turing machine would have the intuition
that anything that could be done via an effective procedure could be done by Turing
machine. This claim is given support by the fact that all the other proposed precise
replacements for the concept of an effective procedure turn out to be extensionally
equivalent to the concept of a Turing machine —that is, they can compute exactly the
same set of functions. This claim is called the Church-Turing thesis.

Definition 13.22 (Church-Turing thesis). The Church-Turing Thesis states that

anything computable via an effective procedure is Turing computable.

The Church-Turing thesis is appealed to in two ways. The first kind of use of the
Church-Turing thesis is an excuse for laziness. Suppose we have a description of an
effective procedure to compute something, say, in “pseudo-code.” Then we can invoke
the Church-Turing thesis to justify the claim that the same function is computed by
some Turing machine, even if we have not in fact constructed it.
The other use of the Church-Turing thesis is more philosophically interesting.
It can be shown that there are functions which cannot be computed by Turing ma-
chines. From this, using the Church-Turing thesis, one can conclude that it cannot
be effectively computed, using any procedure whatsoever. For if there were such a
procedure, by the Church-Turing thesis, it would follow that there would be a Turing
machine for it. So if we can prove that there is no Turing machine that computes
it, there also can’t be an effective procedure. In particular, the Church-Turing thesis
is invoked to claim that the so-called halting problem not only cannot be solved by
Turing machines, it cannot be effectively solved at all.

Problems
Problem 13.1. Choose an arbitrary input and trace through the configurations of
the doubler machine in Example 13.4.

Problem 13.2. Design a Turing-machine with alphabet {⊲, ⊔, 𝐴, 𝐵} that accepts, i.e.,
halts on, any string of 𝐴’s and 𝐵’s where the number of 𝐴’s is the same as the number
of 𝐵’s and all the 𝐴’s precede all the 𝐵’s, and rejects, i.e., does not halt on, any string

164
 13.10. The Church-Turing Thesis

where the number of 𝐴’s is not equal to the number of 𝐵’s or the 𝐴’s do not precede
all the 𝐵’s. (E.g., the machine should accept 𝐴𝐴𝐵𝐵, and 𝐴𝐴𝐴𝐵𝐵𝐵, but reject both 𝐴𝐴𝐵
and 𝐴𝐴𝐵𝐵𝐴𝐴𝐵𝐵.)
Problem 13.3. Design a Turing-machine with alphabet {⊲, ⊔, 𝐴, 𝐵} that takes as input
any string 𝛼 of 𝐴’s and 𝐵’s and duplicates them to produce an output of the form 𝛼𝛼.
(E.g. input 𝐴𝐵𝐵𝐴 should result in output 𝐴𝐵𝐵𝐴𝐴𝐵𝐵𝐴).
Problem 13.4. Alphabetical?: Design a Turing-machine with alphabet {⊲, ⊔, 𝐴, 𝐵}
that when given as input a finite sequence of 𝐴’s and 𝐵’s checks to see if all the 𝐴’s
appear to the left of all the 𝐵’s or not. The machine should leave the input string on
the tape, and either halt if the string is “alphabetical”, or loop forever if the string is
not.
Problem 13.5. Alphabetizer: Design a Turing-machine with alphabet {⊲, ⊔, 𝐴, 𝐵} that
takes as input a finite sequence of 𝐴’s and 𝐵’s rearranges them so that all the 𝐴’s
are to the left of all the 𝐵’s. (e.g., the sequence 𝐵𝐴𝐵𝐴𝐴 should become the sequence
𝐴𝐴𝐴𝐵𝐵, and the sequence 𝐴𝐵𝐵𝐴𝐵𝐵 should become the sequence 𝐴𝐴𝐵𝐵𝐵𝐵).
Problem 13.6. Give a definition for when a Turing machine 𝑀 computes the function
𝑓 : N𝑘 → N𝑚 .
Problem 13.7. Trace through the configurations of the machine from Example 13.12
for input ⟨3, 2⟩. What happens if the machine computes 0 + 0?
Problem 13.8. In Example 13.14 we described a machine consisting of a combination
of the doubler machine from Figure 13.4 and the mover machine from Figure 13.5.
What happens if you start this combined machine on input 𝑥 = 0, i.e., on an empty
tape? How would you fix the machine so that in this case the machine halts with
output 2𝑥 = 0? (You should be able to do this by adding one state and one transition.)
Problem 13.9. Subtraction: Design a Turing machine that when given an input of
two non-empty strings of strokes of length 𝑛 and 𝑚, where 𝑛 > 𝑚, computes the
function 𝑓 (𝑛, 𝑚) = 𝑛 − 𝑚.
Problem 13.10. Equality: Design a Turing machine to compute the following func-
tion: (
1 if 𝑛 = 𝑚
equality(𝑛, 𝑚) =
0 if 𝑛 ≠ 𝑚
where 𝑛 and 𝑚 ∈ Z + .
Problem 13.11. Design a Turing machine to compute the function min(𝑥, 𝑦) where
𝑥 and 𝑦 are positive integers represented on the tape by strings of I’s separated by a
⊔. You may use additional symbols in the alphabet of the machine.
The function min selects the smallest value from its arguments, so min(3, 5) = 3,
min(20, 16) = 16, and min(4, 4) = 4, and so on.
Problem 13.12. Give a disciplined machine that computes 𝑓 (𝑥) = 𝑥 + 1.
Problem 13.13. Find a disciplined machine which, when started on input I𝑛 pro-
duces output I𝑛 ⌢ ⊔ ⌢ I𝑛 .
Problem 13.14. Give a disciplined Turing machine computing 𝑓 (𝑥) = 𝑥 + 2 by taking
the machine 𝑀 from problem 13.12 and construct 𝑀 ⌢ 𝑀.

165
Chapter 14

Undecidability

14.1 Introduction
It might seem obvious that not every function, even every arithmetical function,
can be computable. There are just too many, whose behavior is too complicated.
Functions defined from the decay of radioactive particles, for instance, or other
chaotic or random behavior. Suppose we start counting 1-second intervals from a
given time, and define the function 𝑓 (𝑛) as the number of particles in the universe
that decay in the 𝑛-th 1-second interval after that initial moment. This seems like a
candidate for a function we cannot ever hope to compute.
But it is one thing to not be able to imagine how one would compute such functions,
and quite another to actually prove that they are uncomputable. In fact, even functions
that seem hopelessly complicated may, in an abstract sense, be computable. For
instance, suppose the universe is finite in time—some day, in the very distant future
the universe will contract into a single point, as some cosmological theories predict.
Then there is only a finite (but incredibly large) number of seconds from that initial
moment for which 𝑓 (𝑛) is defined. And any function which is defined for only finitely
many inputs is computable: we could list the outputs in one big table, or code it in
one very big Turing machine state transition diagram.
We are often interested in special cases of functions whose values give the answers
to yes/no questions. For instance, the question “is 𝑛 a prime number?” is associated
with the function (
1 if 𝑛 is prime
isprime(𝑛) =
0 otherwise.
We say that a yes/no question can be effectively decided, if the associated 1/0-valued
function is effectively computable.
To prove mathematically that there are functions which cannot be effectively
computed, or problems that cannot effectively decided, it is essential to fix a specific
model of computation, and show that there are functions it cannot compute or
problems it cannot decide. We can show, for instance, that not every function can
be computed by Turing machines, and not every problem can be decided by Turing
machines. We can then appeal to the Church-Turing thesis to conclude that not only
are Turing machines not powerful enough to compute every function, but no effective
procedure can.
The key to proving such negative results is the fact that we can assign numbers
to Turing machines themselves. The easiest way to do this is to enumerate them,

167
14. Undecidability

perhaps by fixing a specific way to write down Turing machines and their programs,
and then listing them in a systematic fashion. Once we see that this can be done,
then the existence of Turing-uncomputable functions follows by simple cardinality
considerations: the set of functions from N to N (in fact, even just from N to {0, 1})
are uncountable, but since we can enumerate all the Turing machines, the set of
Turing-computable functions is only countably infinite.
We can also define specific functions and problems which we can prove to be
uncomputable and undecidable, respectively. One such problem is the so-called
Halting Problem. Turing machines can be finitely described by listing their instructions.
Such a description of a Turing machine, i.e., a Turing machine program, can of course
be used as input to another Turing machine. So we can consider Turing machines that
decide questions about other Turing machines. One particularly interesting question
is this: “Does the given Turing machine eventually halt when started on input 𝑛?” It
would be nice if there were a Turing machine that could decide this question: think
of it as a quality-control Turing machine which ensures that Turing machines don’t
get caught in infinite loops and such. The interesting fact, which Turing proved, is
that there cannot be such a Turing machine. There cannot be a single Turing machine
which, when started on input consisting of a description of a Turing machine 𝑀 and
some number 𝑛, will always halt with either output 1 or 0 according to whether 𝑀
machine would have halted when started on input 𝑛 or not.
Once we have examples of specific undecidable problems we can use them to show
that other problems are undecidable, too. For instance, one celebrated undecidable
problem is the question, “Is the first-order formula 𝜑 valid?”. There is no Turing
machine which, given as input a first-order formula 𝜑, is guaranteed to halt with
output 1 or 0 according to whether 𝜑 is valid or not. Historically, the question of
finding a procedure to effectively solve this problem was called simply “the” decision
problem; and so we say that the decision problem is unsolvable. Turing and Church
proved this result independently at around the same time, so it is also called the
Church-Turing Theorem.

14.2 Enumerating Turing Machines

We can show that the set of all Turing machines is countable. This follows from the
fact that each Turing machine can be finitely described. The set of states and the tape
vocabulary are finite sets. The transition function is a partial function from 𝑄 × Σ to
𝑄 × Σ × {𝐿, 𝑅, 𝑁 }, and so likewise can be specified by listing its values for the finitely
many argument pairs for which it is defined.
This is true as far as it goes, but there is a subtle difference. The definition of Turing
machines made no restriction on what elements the set of states and tape alphabet can
have. So, e.g., for every real number, there technically is a Turing machine that uses
that number as a state. However, the behavior of the Turing machine is independent
of which objects serve as states and vocabulary. Consider the two Turing machines
in Figure 14.1. These two diagrams correspond to two machines, 𝑀 with the tape
alphabet Σ = {⊲, ⊔, I} and set of states {𝑞 0, 𝑞 1 }, and 𝑀 ′ with alphabet Σ′ = {⊲, ⊔, 𝐴}
and states {𝑠, ℎ}. But their instructions are otherwise the same: 𝑀 will halt on a
sequence of 𝑛 I’s iff 𝑛 is even, and 𝑀 ′ will halt on a sequence of 𝑛 𝐴’s iff 𝑛 is even.
All we’ve done is rename I to 𝐴, 𝑞 0 to 𝑠, and 𝑞 1 to ℎ. This example generalizes: we
can think of Turing machines as the same as long as one results from the other by
such a renaming of symbols and states. In fact, we can simply think of the symbols

168
 14.2. Enumerating Turing Machines

⊔, ⊔, 𝑅
I, I, 𝑅

start 𝑞0 𝑞1

I, I, 𝑅
⊔, ⊔, 𝑅
𝐴, 𝐴, 𝑅

start 𝑠 ℎ

𝐴, 𝐴, 𝑅

Figure 14.1: Variants of the Even machine

2, 2, 𝑅
3, 3, 𝑅

start 1 2

3, 3, 𝑅

Figure 14.2: A standard Even machine

and states of a Turing machine as positive integers: instead of 𝜎0 think 1, instead of

𝜎1 think 2, etc.; ⊲ is 1, ⊔ is 2, etc. In this way, the Even machine becomes the machine
depicted in Figure 14.2. We might call a Turing machine with states and symbols that
are positive integers a standard machine, and only consider standard machines from
now on.1
We wanted to show that the set of Turing machines is countable, and with the
above considerations in mind, it is enough to show that the set of standard Turing ma-
chines is countable. Suppose we are given a standard Turing machine 𝑀 = ⟨𝑄, Σ, 𝑞 0, 𝛿⟩.
How could we describe it using a finite string of positive integers? We’ll first list
the number of states, the states themselves, the number of symbols, the symbols
themselves, and the starting state. (Remember, all of these are positive integers, since
𝑀 is a standard machine.) What about 𝛿? The set of possible arguments, i.e., pairs
⟨𝑞, 𝜎⟩, is finite, since 𝑄 and Σ are finite. So the information in 𝛿 is simply the finite
list of all 5-tuples ⟨𝑞, 𝜎, 𝑞 ′, 𝜎 ′, 𝑑⟩ where 𝛿 (𝑞, 𝜎) = ⟨𝑞 ′, 𝜎 ′, 𝐷⟩, and 𝑑 is a number that
codes the direction 𝐷 (say, 1 for 𝐿, 2 for 𝑅, and 3 for 𝑁 ).
In this way, every standard Turing machine can be described by a finite list of
positive integers, i.e., as a sequence 𝑠𝑀 ∈ (Z + ) ∗ . For instance, the standard Even

1 The terminology “standard machine” is not standard.

169
14. Undecidability

machine is coded by the sequence

Σ 𝛿 (2,2)=⟨2,2,𝑅⟩
z}|{ z }| {
2, 1, 2 , 3, 1, 2, 3, 1, 1, 3, 2, 3, 2 , 2, 2, 2, 2, 2 , 2, 3, 1, 3, 2 .
|{z} | {z } | {z }
𝑄 𝛿 (1,3)=⟨2,3,𝑅⟩ 𝛿 (2,3)=⟨1,3,𝑅⟩

Theorem 14.1. There are functions from N to N which are not Turing computable.

Proof. We know that the set of finite sequences of positive integers (Z + ) ∗ is countable.
This gives us that the set of descriptions of standard Turing machines, as a subset
of (Z + ) ∗ , is itself enumerable. Every Turing computable function N to N is computed
by some (in fact, many) Turing machines. By renaming its states and symbols to
positive integers (in particular, ⊲ as 1, ⊔ as 2, and I as 3) we can see that every Turing
computable function is computed by a standard Turing machine. This means that the
set of all Turing computable functions from N to N is also enumerable.
On the other hand, the set of all functions from N to N is not countable. If all
functions were computable by some Turing machine, we could enumerate the set of
all functions by listing all the descriptions of Turing machines that compute them. So
there are some functions that are not Turing computable. □

14.3 Universal Turing Machines

In section 14.2 we discussed how every Turing machine can be described by a finite
sequence of integers. This sequence encodes the states, alphabet, start state, and
instructions of the Turing machine. We also pointed out that the set of all of these
descriptions is countable. Since the set of such descriptions is countably infinite,
this means that there is a surjective function from N to these descriptions. Such
a surjective function can be obtained, for instance, using Cantor’s zig-zag method. It
gives us a way of enumerating all (descriptions) of Turing machines. If we fix one
such enumeration, it now makes sense to talk of the 1st, 2nd, . . . , 𝑒th Turing machine.
These numbers are called indices.
Definition 14.2. If 𝑀 is the 𝑒th Turing machine (in our fixed enumeration), we say
that 𝑒 is an index of 𝑀. We write 𝑀𝑒 for the 𝑒th Turing machine.

A machine may have more than one index, e.g., two descriptions of 𝑀 may differ
in the order in which we list its instructions, and these different descriptions will
have different indices.
Importantly, it is possible to give the enumeration of Turing machine descriptions
in such a way that we can effectively compute the description of 𝑀 from its index,
and to effectively compute an index of a machine 𝑀 from its description. By the
Church-Turing thesis, it is then possible to find a Turing machine which recovers
the description of the Turing machine with index 𝑒 and writes the corresponding
description on its tape as output. The description would be a sequence of blocks of I’s
(representing the positive integers in the sequence describing 𝑀𝑒 ).
Given this, it now becomes natural to ask: what functions of Turing machine
indices are themselves computable by Turing machines? What properties of Turing
machine indices can be decided by Turing machines? An example: the function that
maps an index 𝑒 to the number of states the Turing machine with index 𝑒 has, is
computable by a Turing machine. Here’s what such a Turing machine would do:

170
 14.3. Universal Turing Machines

started on a tape containing a single block of 𝑒 I’s, it would first decode 𝑒 into its
description. The description is now represented by a sequence of blocks of I’s on the
tape. Since the first element in this sequence is the number of states. So all that has
to be done now is to erase everything but the first block of I’s and then halt.
A remarkable result is the following:

Theorem 14.3. There is a universal Turing machine 𝑈 which, when started on input
⟨𝑒, 𝑛⟩

1. halts iff 𝑀𝑒 halts on input 𝑛, and

2. if 𝑀𝑒 halts with output 𝑚, so does 𝑈 .

𝑈 thus computes the function 𝑓 : N × N → ↦ N given by 𝑓 (𝑒, 𝑛) = 𝑚 if 𝑀𝑒 started on

input 𝑛 halts with output 𝑚, and undefined otherwise.

Proof. To actually produce 𝑈 is basically impossible, since it is an extremely compli-

cated machine. But we can describe in outline how it works, and then invoke the
Church-Turing thesis. When it starts, 𝑈 ’s tape contains a block of 𝑒 I’s followed by a
block of 𝑛 I’s. It first “decodes” the index 𝑒 to the right of the input 𝑛. This produces a
list of numbers (i.e., blocks of I’s separated by ⊔’s) that describes the instructions of
machine 𝑀𝑒 . 𝑈 then writes the number of the start state of 𝑀𝑒 and the number 1 on
the tape to the right of the description of 𝑀𝑒 . (Again, these are represented in unary,
as blocks of I’s.) Next, it copies the input (block of 𝑛 I’s) to the right—but it replaces
each I by a block of three I’s (remember, the number of the I symbol is 3, 1 being
the number of ⊲ and 2 being the number of ⊔). At the left end of this sequence of
blocks (separated by ⊔ symbols on the tape of 𝑈 ), it writes a single I, the code for ⊲.
𝑈 now has on its tape: the index 𝑒, the number 𝑛, the code number of the start
state (the “current state”), the number of the initial head position 1 (the “current
head position”), and the initial contents of the “tape” (a sequence of blocks of I’s
representing the code numbers of the symbols of 𝑀𝑒 —the “symbols”—separated
by ⊔’s).
It now simulates what 𝑀𝑒 would do if started on input 𝑛, by doing the following:

1. Find the number 𝑘 of the “current head position” (at the beginning, that’s 1),

2. Move to the 𝑘th block in the “tape” to see what the “symbol” there is,

3. Find the instruction matching the current “state” and “symbol,”

4. Move back to the 𝑘th block on the “tape” and replace the “symbol” there with
the code number of the symbol 𝑀𝑒 would write,

5. Move the head to where it records the current “state” and replace the number
there with the number of the new state,

6. Move to the place where it records the “tape position” and erase a I or add a I
(if the instruction says to move left or right, respectively).

7. Repeat.2
2We’re glossing over some subtle difficulties here. E.g., 𝑈 may need some extra space when it increases

the counter where it keeps track of the “current head position”—in that case it will have to move the entire
“tape” to the right.

171
14. Undecidability

If 𝑀𝑒 started on input 𝑛 never halts, then 𝑈 also never halts, so its output is undefined.
If in step (3) it turns out that the description of 𝑀𝑒 contains no instruction for the
current “state”/“symbol” pair, then 𝑀𝑒 would halt. If this happens, 𝑈 erases the part
of its tape to the left of the “tape.” For each block of three I’s (representing a I on
𝑀𝑒 ’s tape), it writes a I on the left end of its own tape, and successively erases the
“tape.” When this is done, 𝑈 ’s tape contains a single block of I’s of length 𝑚.
If 𝑈 encounters something other than a block of three I’s on the “tape,” it imme-
diately halts. Since 𝑈 ’s tape in this case does not contain a single block of I’s, its
output is not a natural number, i.e., 𝑓 (𝑒, 𝑛) is undefined in this case. □

14.4 The Halting Problem

Assume we have fixed some enumeration of Turing machine descriptions. Each
Turing machine thus receives an index: its place in the enumeration 𝑀1 , 𝑀2 , 𝑀3 , . . .
of Turing machine descriptions.
We know that there must be non-Turing-computable functions: the set of Turing
machine descriptions—and hence the set of Turing machines—is countable, but the
set of all functions from N to N is not. But we can find specific examples of non-
computable functions as well. One such function is the halting function.

Definition 14.4 (Halting function). The halting function ℎ is defined as

(
0 if machine 𝑀𝑒 does not halt for input 𝑛
ℎ(𝑒, 𝑛) =
1 if machine 𝑀𝑒 halts for input 𝑛

Definition 14.5 (Halting problem). The Halting Problem is the problem of deter-
mining (for any 𝑒, 𝑛) whether the Turing machine 𝑀𝑒 halts for an input of 𝑛 strokes.

We show that ℎ is not Turing-computable by showing that a related function, 𝑠,

is not Turing-computable. This proof relies on the fact that anything that can be
computed by a Turing machine can be computed by a disciplined Turing machine
(section 13.7), and the fact that two Turing machines can be hooked together to create
a single machine (section 13.8).

Definition 14.6. The function 𝑠 is defined as

(
0 if machine 𝑀𝑒 does not halt for input 𝑒
𝑠 (𝑒) =
1 if machine 𝑀𝑒 halts for input 𝑒

Lemma 14.7. The function 𝑠 is not Turing computable.

Proof. We suppose, for contradiction, that the function 𝑠 is Turing computable. Then
there would be a Turing machine 𝑆 that computes 𝑠. We may assume, without loss of
generality, that when 𝑆 halts, it does so while scanning the first square (i.e., that it is
disciplined). This machine can be “hooked up” to another machine 𝐽 , which halts if it
is started on input 0 (i.e., if it reads ⊔ in the initial state while scanning the square to
the right of the end-of-tape symbol), and otherwise wanders off to the right, never
halting. 𝑆 ⌢ 𝐽 , the machine created by hooking 𝑆 to 𝐽 , is a Turing machine, so it is
𝑀𝑒 for some 𝑒 (i.e., it appears somewhere in the enumeration). Start 𝑀𝑒 on an input
of 𝑒 Is. There are two possibilities: either 𝑀𝑒 halts or it does not halt.

172
 14.5. The Decision Problem

1. Suppose 𝑀𝑒 halts for an input of 𝑒 Is. Then 𝑠 (𝑒) = 1. So 𝑆, when started on 𝑒,

halts with a single I as output on the tape. Then 𝐽 starts with a I on the tape.
In that case 𝐽 does not halt. But 𝑀𝑒 is the machine 𝑆 ⌢ 𝐽 , so it should do
exactly what 𝑆 followed by 𝐽 would do (i.e., in this case, wander off to the right
and never halt). So 𝑀𝑒 cannot halt for an input of 𝑒 I’s.
2. Now suppose 𝑀𝑒 does not halt for an input of 𝑒 Is. Then 𝑠 (𝑒) = 0, and 𝑆, when
started on input 𝑒, halts with a blank tape. 𝐽 , when started on a blank tape,
immediately halts. Again, 𝑀𝑒 does what 𝑆 followed by 𝐽 would do, so 𝑀𝑒 must
halt for an input of 𝑒 I’s.
In each case we arrive at a contradiction with our assumption. This shows there
cannot be a Turing machine 𝑆: 𝑠 is not Turing computable. □

Theorem 14.8 (Unsolvability of the Halting Problem). The halting problem is

unsolvable, i.e., the function ℎ is not Turing computable.

Proof. Suppose ℎ were Turing computable, say, by a Turing machine 𝐻 . We could

use 𝐻 to build a Turing machine that computes 𝑠: First, make a copy of the input
(separated by a ⊔ symbol). Then move back to the beginning, and run 𝐻 . We can
clearly make a machine that does the former (see problem 13.13), and if 𝐻 existed, we
would be able to “hook it up” to such a copier machine to get a new machine which
would determine if 𝑀𝑒 halts on input 𝑒, i.e., computes 𝑠. But we’ve already shown
that no such machine can exist. Hence, ℎ is also not Turing computable. □

14.5 The Decision Problem

We say that first-order logic is decidable iff there is an effective method for determining
whether or not a given sentence is valid. As it turns out, there is no such method: the
problem of deciding validity of first-order sentences is unsolvable.
In order to establish this important negative result, we prove that the decision
problem cannot be solved by a Turing machine. That is, we show that there is no
Turing machine which, whenever it is started on a tape that contains a first-order
sentence, eventually halts and outputs either 1 or 0 depending on whether the sentence
is valid or not. By the Church-Turing thesis, every function which is computable is
Turing computable. So if this “validity function” were effectively computable at all, it
would be Turing computable. If it isn’t Turing computable, then, it also cannot be
effectively computable.
Our strategy for proving that the decision problem is unsolvable is to reduce
the halting problem to it. This means the following: We have proved that the func-
tion ℎ(𝑒, 𝑤) that halts with output 1 if the Turing machine described by 𝑒 halts on
input 𝑤 and outputs 0 otherwise, is not Turing computable. We will show that if
there were a Turing machine that decides validity of first-order sentences, then there
is also Turing machine that computes ℎ. Since ℎ cannot be computed by a Turing
machine, there cannot be a Turing machine that decides validity either.
The first step in this strategy is to show that for every input 𝑤 and a Turing ma-
chine 𝑀, we can effectively describe a sentence 𝜏 (𝑀, 𝑤) representing the instruction
set of 𝑀 and the input 𝑤 and a sentence 𝛼 (𝑀, 𝑤) expressing “𝑀 eventually halts”
such that:
⊨ 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤) iff 𝑀 halts for input 𝑤.

173
14. Undecidability

The bulk of our proof will consist in describing these sentences 𝜏 (𝑀, 𝑤) and 𝛼 (𝑀, 𝑤)
and in verifying that 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤) is valid iff 𝑀 halts on input 𝑤.

14.6 Representing Turing Machines

In order to represent Turing machines and their behavior by a sentence of first-order
logic, we have to define a suitable language. The language consists of two parts:
predicate symbols for describing configurations of the machine, and expressions for
numbering execution steps (“moments”) and positions on the tape.
We introduce two kinds of predicate symbols, both of them 2-place: For each
state 𝑞, a predicate symbol 𝑄𝑞 , and for each tape symbol 𝜎, a predicate symbol 𝑆𝜎 .
The former allow us to describe the state of 𝑀 and the position of its tape head, the
latter allow us to describe the contents of the tape.
In order to express the positions of the tape head and the number of steps executed,
we need a way to express numbers. This is done using a constant symbol 0, and
a 1-place function ′, the successor function. By convention it is written after its
argument (and we leave out the parentheses). So 0 names the leftmost position on
the tape as well as the time before the first execution step (the initial configuration),
0′ names the square to the right of the leftmost square, and the time after the first
execution step, and so on. We also introduce a predicate symbol < to express both
the ordering of tape positions (when it means “to the left of”) and execution steps
(then it means “before”).
Once we have the language in place, we list the “axioms” of 𝜏 (𝑀, 𝑤), i.e., the
sentences which, taken together, describe the behavior of 𝑀 when run on input 𝑤.
There will be sentences which lay down conditions on 0, ′, and <, sentences that
describes the input configuration, and sentences that describe what the configuration
of 𝑀 is after it executes a particular instruction.

Definition 14.9. Given a Turing machine 𝑀 = ⟨𝑄, Σ, 𝑞 0, 𝛿⟩, the language L𝑀 consists
of:

1. A two-place predicate symbol 𝑄𝑞 (𝑥, 𝑦) for every state 𝑞 ∈ 𝑄. Intuitively,

𝑄𝑞 (𝑚, 𝑛) expresses “after 𝑛 steps, 𝑀 is in state 𝑞 scanning the 𝑚th square.”

2. A two-place predicate symbol 𝑆𝜎 (𝑥, 𝑦) for every symbol 𝜎 ∈ Σ. Intuitively,

𝑆𝜎 (𝑚, 𝑛) expresses “after 𝑛 steps, the 𝑚th square contains symbol 𝜎.”

3. A constant symbol 0

4. A one-place function symbol ′

5. A two-place predicate symbol <

For each number 𝑛 there is a canonical term 𝑛, the numeral for 𝑛, which represents
it in L𝑀 . 0 is 0, 1 is 0′ , 2 is 0′′ , and so on. More formally:

0=0
𝑛 + 1 = 𝑛′

The sentences describing the operation of the Turing machine 𝑀 on input 𝑤 =

𝜎𝑖 1 . . . 𝜎𝑖𝑘 are the following:

174
 14.6. Representing Turing Machines

1. Axioms describing numbers and <:

a) A sentence that says that every number is less than its successor:

∀𝑥 𝑥 < 𝑥 ′

b) A sentence that ensures that < is transitive:

∀𝑥 ∀𝑦 ∀𝑧 ((𝑥 < 𝑦 ∧ 𝑦 < 𝑧) → 𝑥 < 𝑧)

2. Axioms describing the input configuration:

a) After 0 steps—before the machine starts—𝑀 is in the initial state 𝑞 0 , scan-

ning square 1:
𝑄𝑞0 (1, 0)

b) The first 𝑘 + 1 squares contain the symbols ⊲, 𝜎𝑖 1 , . . . , 𝜎𝑖𝑘 :

𝑆 ⊲ (0, 0) ∧ 𝑆𝜎𝑖1 (1, 0) ∧ · · · ∧ 𝑆𝜎𝑖𝑘 (𝑘, 0)

c) Otherwise, the tape is empty:

∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 0))

3. Axioms describing the transition from one configuration to the next:

For the following, let 𝜑 (𝑥, 𝑦) be the conjunction of all sentences of the form

∀𝑧 (((𝑧 < 𝑥 ∨ 𝑥 < 𝑧) ∧ 𝑆𝜎 (𝑧, 𝑦)) → 𝑆𝜎 (𝑧, 𝑦 ′ ))

where 𝜎 ∈ Σ. We use 𝜑 (𝑚, 𝑛) to express “other than at square 𝑚, the tape after
𝑛 + 1 steps is the same as after 𝑛 steps.”

a) For every instruction 𝛿 (𝑞𝑖 , 𝜎) = ⟨𝑞 𝑗 , 𝜎 ′, 𝑅⟩, the sentence:

∀𝑥 ∀𝑦 ((𝑄𝑞𝑖 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)) →

(𝑄𝑞 𝑗 (𝑥 ′, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦)))

This says that if, after 𝑦 steps, the machine is in state 𝑞𝑖 scanning square 𝑥
which contains symbol 𝜎, then after 𝑦 + 1 steps it is scanning square 𝑥 + 1,
is in state 𝑞 𝑗 , square 𝑥 now contains 𝜎 ′ , and every square other than 𝑥
contains the same symbol as it did after 𝑦 steps.
b) For every instruction 𝛿 (𝑞𝑖 , 𝜎) = ⟨𝑞 𝑗 , 𝜎 ′, 𝐿⟩, the sentence:

∀𝑥 ∀𝑦 ((𝑄𝑞𝑖 (𝑥 ′, 𝑦) ∧ 𝑆𝜎 (𝑥 ′, 𝑦)) →
(𝑄𝑞 𝑗 (𝑥, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥 ′, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦))) ∧
∀𝑦 ((𝑄𝑞𝑖 (0, 𝑦) ∧ 𝑆𝜎 (0, 𝑦)) →
(𝑄𝑞 𝑗 (0, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (0, 𝑦 ′ ) ∧ 𝜑 (0, 𝑦)))

Take a moment to think about how this works: now we don’t start with
“if scanning square 𝑥 . . . ” but: “if scanning square 𝑥 + 1 . . . ” A move to the
left means that in the next step the machine is scanning square 𝑥. But the

175
14. Undecidability

square that is written on is 𝑥 + 1. We do it this way since we don’t have

subtraction or a predecessor function.
Note that numbers of the form 𝑥 + 1 are 1, 2, . . . , i.e., this doesn’t cover the
case where the machine is scanning square 0 and is supposed to move left
(which of course it can’t—it just stays put). That special case is covered
by the second conjunction: it says that if, after 𝑦 steps, the machine is
scanning square 0 in state 𝑞𝑖 and square 0 contains symbol 𝜎, then after
𝑦 + 1 steps it’s still scanning square 0, is now in state 𝑞 𝑗 , the symbol on
square 0 is 𝜎 ′ , and the squares other than square 0 contain the same
symbols they contained ofter 𝑦 steps.
c) For every instruction 𝛿 (𝑞𝑖 , 𝜎) = ⟨𝑞 𝑗 , 𝜎 ′, 𝑁 ⟩, the sentence:

∀𝑥 ∀𝑦 ((𝑄𝑞𝑖 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)) →

(𝑄𝑞 𝑗 (𝑥, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦)))

Let 𝜏 (𝑀, 𝑤) be the conjunction of all the above sentences for Turing machine 𝑀 and
input 𝑤.
In order to express that 𝑀 eventually halts, we have to find a sentence that says
“after some number of steps, the transition function will be undefined.” Let 𝑋 be the
set of all pairs ⟨𝑞, 𝜎⟩ such that 𝛿 (𝑞, 𝜎) is undefined. Let 𝛼 (𝑀, 𝑤) then be the sentence
Ü
∃𝑥 ∃𝑦 ( (𝑄𝑞 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)))
⟨𝑞,𝜎 ⟩ ∈𝑋

If we use a Turing machine with a designated halting state ℎ, it is even easier:

then the sentence 𝛼 (𝑀, 𝑤)
∃𝑥 ∃𝑦 𝑄ℎ (𝑥, 𝑦)
expresses that the machine eventually halts.

Proposition 14.10. If 𝑚 < 𝑘, then 𝜏 (𝑀, 𝑤) ⊨ 𝑚 < 𝑘

Proof. Exercise. □

14.7 Verifying the Representation

In order to verify that our representation works, we have to prove two things. First,
we have to show that if 𝑀 halts on input 𝑤, then 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤) is valid. Then,
we have to show the converse, i.e., that if 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤) is valid, then 𝑀 does
in fact eventually halt when run on input 𝑤.
The strategy for proving these is very different. For the first result, we have to
show that a sentence of first-order logic (namely, 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤)) is valid. The
easiest way to do this is to give a derivation. Our proof is supposed to work for all
𝑀 and 𝑤, though, so there isn’t really a single sentence for which we have to give a
derivation, but infinitely many. So the best we can do is to prove by induction that,
whatever 𝑀 and 𝑤 look like, and however many steps it takes 𝑀 to halt on input 𝑤,
there will be a derivation of 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤).
Naturally, our induction will proceed on the number of steps 𝑀 takes before it
reaches a halting configuration. In our inductive proof, we’ll establish that for each
step 𝑛 of the run of 𝑀 on input 𝑤, 𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛), where 𝜒 (𝑀, 𝑤, 𝑛) correctly

176
 14.7. Verifying the Representation

describes the configuration of 𝑀 run on 𝑤 after 𝑛 steps. Now if 𝑀 halts on input 𝑤

after, say, 𝑛 steps, 𝜒 (𝑀, 𝑤, 𝑛) will describe a halting configuration. We’ll also show
that 𝜒 (𝑀, 𝑤, 𝑛) ⊨ 𝛼 (𝑀, 𝑤), whenever 𝜒 (𝑀, 𝑤, 𝑛) describes a halting configuration. So,
if 𝑀 halts on input 𝑤, then for some 𝑛, 𝑀 will be in a halting configuration after 𝑛 steps.
Hence, 𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛) where 𝜒 (𝑀, 𝑤, 𝑛) describes a halting configuration, and
since in that case 𝜒 (𝑀, 𝑤, 𝑛) ⊨ 𝛼 (𝑀, 𝑤), we get that 𝑇 (𝑀, 𝑤) ⊨ 𝛼 (𝑀, 𝑤), i.e., that
⊨ 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤).
The strategy for the converse is very different. Here we assume that ⊨ 𝜏 (𝑀, 𝑤) →
𝛼 (𝑀, 𝑤) and have to prove that 𝑀 halts on input 𝑤. From the hypothesis we get that
𝜏 (𝑀, 𝑤) ⊨ 𝛼 (𝑀, 𝑤), i.e., 𝛼 (𝑀, 𝑤) is true in every structure in which 𝜏 (𝑀, 𝑤) is true.
So we’ll describe a structure 𝔐 in which 𝜏 (𝑀, 𝑤) is true: its domain will be N, and
the interpretation of all the 𝑄𝑞 and 𝑆𝜎 will be given by the configurations of 𝑀 during
a run on input 𝑤. So, e.g., 𝔐 ⊨ 𝑄𝑞 (𝑚, 𝑛) iff 𝑇 , when run on input 𝑤 for 𝑛 steps, is
in state 𝑞 and scanning square 𝑚. Now since 𝜏 (𝑀, 𝑤) ⊨ 𝛼 (𝑀, 𝑤) by hypothesis, and
since 𝔐 ⊨ 𝜏 (𝑀, 𝑤) by construction, 𝔐 ⊨ 𝛼 (𝑀, 𝑤). But 𝔐 ⊨ 𝛼 (𝑀, 𝑤) iff there is some
𝑛 ∈ |𝔐| = N so that 𝑀, run on input 𝑤, is in a halting configuration after 𝑛 steps.
Definition 14.11. Let 𝜒 (𝑀, 𝑤, 𝑛) be the sentence

𝑄𝑞 (𝑚, 𝑛) ∧ 𝑆𝜎0 (0, 𝑛) ∧ · · · ∧ 𝑆𝜎𝑘 (𝑘, 𝑛) ∧ ∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛))

where 𝑞 is the state of 𝑀 at time 𝑛, 𝑀 is scanning square 𝑚 at time 𝑛, square 𝑖 contains

symbol 𝜎𝑖 at time 𝑛 for 0 ≤ 𝑖 ≤ 𝑘 and 𝑘 is the right-most non-blank square of the tape
at time 0, or the right-most square the tape head has visited after 𝑛 steps, whichever
is greater.

Lemma 14.12. If 𝑀 run on input 𝑤 is in a halting configuration after 𝑛 steps, then

𝜒 (𝑀, 𝑤, 𝑛) ⊨ 𝛼 (𝑀, 𝑤).

Proof. Suppose that 𝑀 halts for input 𝑤 after 𝑛 steps. There is some state 𝑞, square 𝑚,
and symbol 𝜎 such that:
1. After 𝑛 steps, 𝑀 is in state 𝑞 scanning square 𝑚 on which 𝜎 appears.
2. The transition function 𝛿 (𝑞, 𝜎) is undefined.
𝜒 (𝑀, 𝑤, 𝑛) is the description of this configuration and will include the clauses 𝑄𝑞 (𝑚, 𝑛)
and 𝑆𝜎 (𝑚, 𝑛). These clauses together imply 𝛼 (𝑀, 𝑤):
Ü
∃𝑥 ∃𝑦 ( (𝑄𝑞 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)))
⟨𝑞,𝜎 ⟩ ∈𝑋

since 𝑄𝑞 ′ (𝑚, 𝑛) ∧ 𝑆𝜎 ′ (𝑚, 𝑛) ⊨ ∧ 𝑆𝜎 (𝑚, 𝑛)), as ⟨𝑞 ′, 𝜎 ′ ⟩ ∈ 𝑋 .

Ô
⟨𝑞,𝜎 ⟩ ∈𝑋 (𝑄 𝑞 (𝑚, 𝑛) □

So if 𝑀 halts for input 𝑤, then there is some 𝑛 such that 𝜒 (𝑀, 𝑤, 𝑛) ⊨ 𝛼 (𝑀, 𝑤).
We will now show that for any time 𝑛, 𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛).
Lemma 14.13. For each 𝑛, if 𝑀 has not halted after 𝑛 steps, 𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛).

Proof. Induction basis: If 𝑛 = 0, then the conjuncts of 𝜒 (𝑀, 𝑤, 0) are also conjuncts
of 𝜏 (𝑀, 𝑤), so entailed by it.
Inductive hypothesis: If 𝑀 has not halted before the 𝑛th step, then 𝜏 (𝑀, 𝑤) ⊨
𝜒 (𝑀, 𝑤, 𝑛). We have to show that (unless 𝜒 (𝑀, 𝑤, 𝑛) describes a halting configuration),
𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛 + 1).

177
14. Undecidability

Suppose 𝑛 > 0 and after 𝑛 steps, 𝑀 started on 𝑤 is in state 𝑞 scanning square 𝑚.

Since 𝑀 does not halt after 𝑛 steps, there must be an instruction of one of the following
three forms in the program of 𝑀:

1. 𝛿 (𝑞, 𝜎) = ⟨𝑞 ′, 𝜎 ′, 𝑅⟩

2. 𝛿 (𝑞, 𝜎) = ⟨𝑞 ′, 𝜎 ′, 𝐿⟩

3. 𝛿 (𝑞, 𝜎) = ⟨𝑞 ′, 𝜎 ′, 𝑁 ⟩

We will consider each of these three cases in turn.

1. Suppose there is an instruction of the form (1). By Definition 14.9(3a), this means
that

∀𝑥 ∀𝑦 ((𝑄𝑞 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)) →

(𝑄𝑞 ′ (𝑥 ′, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦)))

is a conjunct of 𝜏 (𝑀, 𝑤). This entails the following sentence (universal instanti-
ation, 𝑚 for 𝑥 and 𝑛 for 𝑦):

(𝑄𝑞 (𝑚, 𝑛) ∧ 𝑆𝜎 (𝑚, 𝑛)) →

(𝑄𝑞 ′ (𝑚 ′, 𝑛 ′ ) ∧ 𝑆𝜎 ′ (𝑚, 𝑛 ′ ) ∧ 𝜑 (𝑚, 𝑛)).

By induction hypothesis, 𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛), i.e.,

𝑄𝑞 (𝑚, 𝑛) ∧ 𝑆𝜎0 (0, 𝑛) ∧ · · · ∧ 𝑆𝜎𝑘 (𝑘, 𝑛)∧

∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛))

Since after 𝑛 steps, tape square 𝑚 contains 𝜎, the corresponding conjunct

is 𝑆𝜎 (𝑚, 𝑛), so this entails:

𝑄𝑞 (𝑚, 𝑛) ∧ 𝑆𝜎 (𝑚, 𝑛)

We now get

𝑄𝑞 ′ (𝑚 ′, 𝑛 ′ ) ∧ 𝑆𝜎 ′ (𝑚, 𝑛 ′ ) ∧
𝑆𝜎0 (0, 𝑛 ′ ) ∧ · · · ∧ 𝑆𝜎𝑘 (𝑘, 𝑛 ′ ) ∧
∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛 ′ ))

as follows: The first line comes directly from the consequent of the preced-
ing conditional, by modus ponens. Each conjunct in the middle line—which
excludes 𝑆𝜎𝑚 (𝑚, 𝑛 ′ )—follows from the corresponding conjunct in 𝜒 (𝑀, 𝑤, 𝑛)
together with 𝜑 (𝑚, 𝑛).
If 𝑚 < 𝑘, 𝜏 (𝑀, 𝑤) ⊢ 𝑚 < 𝑘 (Proposition 14.10) and by transitivity of <, we
have ∀𝑥 (𝑘 < 𝑥 → 𝑚 < 𝑥). If 𝑚 = 𝑘, then ∀𝑥 (𝑘 < 𝑥 → 𝑚 < 𝑥) by logic
alone. The last line then follows from the corresponding conjunct in 𝜒 (𝑀, 𝑤, 𝑛),
∀𝑥 (𝑘 < 𝑥 → 𝑚 < 𝑥), and 𝜑 (𝑚, 𝑛). If 𝑚 < 𝑘, this already is 𝜒 (𝑀, 𝑤, 𝑛 + 1).

178
 14.7. Verifying the Representation

Now suppose 𝑚 = 𝑘. In that case, after 𝑛 + 1 steps, the tape head has also visited
square 𝑘 + 1, which now is the right-most square visited. So 𝜒 (𝑀, 𝑤, 𝑛 + 1) has
′ ′
a new conjunct, 𝑆 ⊔ (𝑘 , 𝑛 ′ ), and the last conjunct is ∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛 ′ )). We
have to verify that these two sentences are also implied.
We already have ∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛 ′ )). In particular, this gives us 𝑘 <
′ ′ ′
𝑘 → 𝑆 ⊔ (𝑘 , 𝑛 ′ ). From the axiom ∀𝑥 𝑥 < 𝑥 ′ we get 𝑘 < 𝑘 . By modus ponens,
′ ′
𝑆 ⊔ (𝑘 , 𝑛 ) follows.
′ ′
Also, since 𝜏 (𝑀, 𝑤) ⊢ 𝑘 < 𝑘 , the axiom for transitivity of < gives us ∀𝑥 (𝑘 <
𝑥 → 𝑆 ⊔ (𝑥, 𝑛 ′ )). (We leave the verification of this as an exercise.)
2. Suppose there is an instruction of the form (2). Then, by Definition 14.9(3b),

∀𝑥 ∀𝑦 ((𝑄𝑞 (𝑥 ′, 𝑦) ∧ 𝑆𝜎 (𝑥 ′, 𝑦)) →
(𝑄𝑞 ′ (𝑥, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥 ′, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦))) ∧
∀𝑦 ((𝑄𝑞𝑖 (0, 𝑦) ∧ 𝑆𝜎 (0, 𝑦)) →
(𝑄𝑞 𝑗 (0, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (0, 𝑦 ′ ) ∧ 𝜑 (0, 𝑦)))

is a conjunct of 𝜏 (𝑀, 𝑤). If 𝑚 > 0, then let 𝑙 = 𝑚 − 1 (i.e., 𝑚 = 𝑙 + 1). The first
conjunct of the above sentence entails the following:
′ ′
(𝑄𝑞 (𝑙 , 𝑛) ∧ 𝑆𝜎 (𝑙 , 𝑛)) →
′
(𝑄𝑞 ′ (𝑙, 𝑛 ′ ) ∧ 𝑆𝜎 ′ (𝑙 , 𝑛 ′ ) ∧ 𝜑 (𝑙, 𝑛))

Otherwise, let 𝑙 = 𝑚 = 0 and consider the following sentence entailed by the

second conjunct:

((𝑄𝑞𝑖 (0, 𝑛) ∧ 𝑆𝜎 (0, 𝑛)) →

(𝑄𝑞 𝑗 (0, 𝑛 ′ ) ∧ 𝑆𝜎 ′ (0, 𝑛 ′ ) ∧ 𝜑 (0, 𝑛)))

Either sentence implies

𝑄𝑞 ′ (𝑙, 𝑛 ′ ) ∧ 𝑆𝜎 ′ (𝑚, 𝑛 ′ ) ∧
𝑆𝜎0 (0, 𝑛 ′ ) ∧ · · · ∧ 𝑆𝜎𝑘 (𝑘, 𝑛 ′ ) ∧
∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛 ′ ))
′
as before. (Note that in the first case, 𝑙 ≡ 𝑙 + 1 ≡ 𝑚 and in the second case
𝑙 ≡ 0.) But this just is 𝜒 (𝑀, 𝑤, 𝑛 + 1).
3. Case (3) is left as an exercise.

We have shown that for any 𝑛, 𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛). □

Lemma 14.14. If 𝑀 halts on input 𝑤, then 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤) is valid.

Proof. By Lemma 14.13, we know that, for any time 𝑛, the description 𝜒 (𝑀, 𝑤, 𝑛) of
the configuration of 𝑀 at time 𝑛 is entailed by 𝜏 (𝑀, 𝑤). Suppose 𝑀 halts after 𝑘 steps.
At that point, it will be scanning square 𝑚, for some 𝑚 ∈ N. Then 𝜒 (𝑀, 𝑤, 𝑘) describes

179
14. Undecidability

a halting configuration of 𝑀, i.e., it contains as conjuncts both 𝑄𝑞 (𝑚, 𝑘) and 𝑆𝜎 (𝑚, 𝑘)

with 𝛿 (𝑞, 𝜎) undefined. Thus, by Lemma 14.12, 𝜒 (𝑀, 𝑤, 𝑘) ⊨ 𝛼 (𝑀, 𝑤). But since
𝜏 (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑘), we have 𝜏 (𝑀, 𝑤) ⊨ 𝛼 (𝑀, 𝑤) and therefore 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤)
is valid. □

To complete the verification of our claim, we also have to establish the reverse
direction: if 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤) is valid, then 𝑀 does in fact halt when started on
input 𝑤.

Lemma 14.15. If ⊨ 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤), then 𝑀 halts on input 𝑤.

Proof. Consider the L𝑀 -structure 𝔐 with domain N which interprets 0 as 0, ′ as the

successor function, and < as the less-than relation, and the predicates 𝑄𝑞 and 𝑆𝜎 as
follows:

started on 𝑤, after 𝑛 steps,

𝑄𝑞𝔐 = {⟨𝑚, 𝑛⟩ | }
𝑀 is in state 𝑞 scanning square 𝑚
started on 𝑤, after 𝑛 steps,
𝑆𝜎𝔐 = {⟨𝑚, 𝑛⟩ | }
square 𝑚 of 𝑀 contains symbol 𝜎

In other words, we construct the structure 𝔐 so that it describes what 𝑀 started on

input 𝑤 actually does, step by step. Clearly, 𝔐 ⊨ 𝜏 (𝑀, 𝑤). If ⊨ 𝜏 (𝑀, 𝑤) → 𝛼 (𝑀, 𝑤),
then also 𝔐 ⊨ 𝛼 (𝑀, 𝑤), i.e.,
Ü
𝔐 ⊨ ∃𝑥 ∃𝑦 ( (𝑄𝑞 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦))).
⟨𝑞,𝜎 ⟩ ∈𝑋

As |𝔐| = N, there must be 𝑚, 𝑛 ∈ N so that 𝔐 ⊨ 𝑄𝑞 (𝑚, 𝑛) ∧ 𝑆𝜎 (𝑚, 𝑛) for some 𝑞

and 𝜎 such that 𝛿 (𝑞, 𝜎) is undefined. By the definition of 𝔐, this means that 𝑀 started
on input 𝑤 after 𝑛 steps is in state 𝑞 and reading symbol 𝜎, and the transition function
is undefined, i.e., 𝑀 has halted. □

14.8 The Decision Problem is Unsolvable

Theorem 14.16. The decision problem is unsolvable: There is no Turing machine 𝐷,
which when started on a tape that contains a sentence 𝜓 of first-order logic as input,
𝐷 eventually halts, and outputs 1 iff 𝜓 is valid and 0 otherwise.

Proof. Suppose the decision problem were solvable, i.e., suppose there were a Turing
machine 𝐷. Then we could solve the halting problem as follows. We construct a
Turing machine 𝐸 that, given as input the number 𝑒 of Turing machine 𝑀𝑒 and input 𝑤,
computes the corresponding sentence 𝜏 (𝑀𝑒 , 𝑤) → 𝛼 (𝑀𝑒 , 𝑤) and halts, scanning the
leftmost square on the tape. The machine 𝐸 ⌢ 𝐷 would then, given input 𝑒 and 𝑤,
first compute 𝜏 (𝑀𝑒 , 𝑤) → 𝛼 (𝑀𝑒 , 𝑤) and then run the decision problem machine 𝐷
on that input. 𝐷 halts with output 1 iff 𝜏 (𝑀𝑒 , 𝑤) → 𝛼 (𝑀𝑒 , 𝑤) is valid and outputs 0
otherwise. By Lemma 14.15 and Lemma 14.14, 𝜏 (𝑀𝑒 , 𝑤) → 𝛼 (𝑀𝑒 , 𝑤) is valid iff 𝑀𝑒
halts on input 𝑤. Thus, 𝐸 ⌢ 𝐷, given input 𝑒 and 𝑤 halts with output 1 iff 𝑀𝑒 halts
on input 𝑤 and halts with output 0 otherwise. In other words, 𝐸 ⌢ 𝐷 would solve
the halting problem. But we know, by Theorem 14.8, that no such Turing machine
can exist. □

180
 14.9. Trakthenbrot’s Theorem

Corollary 14.17. It is undecidable if an arbitrary sentence of first-order logic is satisfi-

able.

Proof. Suppose satisfiability were decidable by a Turing machine 𝑆. Then we could

solve the decision problem as follows: Given a sentence 𝐵 as input, move 𝜓 to the
right one square. Return to square 1 and write the symbol ¬.
Now run the Turing machine 𝑆. It eventually halts with output either 1 (if ¬𝜓 is
satisfiable) or 0 (if ¬𝜓 is unsatisfiable) on the tape. If there is a I on square 1, erase it;
if square 1 is empty, write a I, then halt.
This Turing machine always halts, and its output is 1 iff ¬𝜓 is unsatisfiable and
0 otherwise. Since 𝜓 is valid iff ¬𝜓 is unsatisfiable, the machine outputs 1 iff 𝜓 is valid,
and 0 otherwise, i.e., it would solve the decision problem. □

So there is no Turing machine which always gives a correct “yes” or “no” answer
to the question “Is 𝜓 a valid sentence of first-order logic?” However, there is a
Turing machine that always gives a correct “yes” answer—but simply does not halt if
the answer is “no.” This follows from the soundness and completeness theorem of
first-order logic, and the fact that derivations can be effectively enumerated.

Theorem 14.18. Validity of first-order sentences is semi-decidable: There is a Turing

machine 𝐸, which when started on a tape that contains a sentence 𝜓 of first-order logic
as input, 𝐸 eventually halts and outputs 1 iff 𝜓 is valid, but does not halt otherwise.

Proof. All possible derivations of first-order logic can be generated, one after another,
by an effective algorithm. The machine 𝐸 does this, and when it finds a derivation
that shows that ⊢ 𝜓 , it halts with output 1. By the soundness theorem, if 𝐸 halts with
output 1, it’s because ⊨ 𝜓 . By the completeness theorem, if ⊨ 𝜓 there is a derivation
that shows that ⊢ 𝜓 . Since 𝐸 systematically generates all possible derivations, it will
eventually find one that shows ⊢ 𝜓 , so will eventually halt with output 1. □

14.9 Trakthenbrot’s Theorem

In section 14.6 we defined sentences 𝜏 (𝑀, 𝑤) and 𝛼 (𝑀, 𝑤) for a Turing machine 𝑀
and input string 𝑤. Then we showed in Lemma 14.14 and Lemma 14.15 that 𝜏 (𝑀, 𝑤) →
𝛼 (𝑀, 𝑤) is valid iff 𝑀, started on input 𝑤, eventually halts. Since the Halting Problem
is undecidable, this implies that validity and satisfiability of sentences of first-order
logic is undecidable (Theorem 14.16 and Corollary 14.17).
But validity and satisfiability of sentences is defined for arbitrary structures, finite
or infinite. You might suspect that it is easier to decide if a sentence is satisfiable
in a finite structure (or valid in all finite structures). We can adapt the proof of the
unsolvability of the decision problem so that it shows this is not the case.
First, if you go back to the proof of Lemma 14.15, you’ll see that what we did there
is produce a model 𝔐 of 𝜏 (𝑀, 𝑤) which describes exactly what machine 𝑀 does when
started on input 𝑤. The domain of that model was N, i.e., infinite. But if 𝑀 actually
halts on input 𝑤, we can build a finite model 𝔐 ′ in the same way. Suppose 𝑀 started
on input 𝑤 halts after 𝑘 steps. Take as domain |𝔐 ′ | the set {0, . . . , 𝑛}, where 𝑛 is the
larger of 𝑘 and the length of 𝑤, and let
(
𝔐′ 𝑥 + 1 if 𝑥 < 𝑛
′ (𝑥) =
𝑛 otherwise,

181
14. Undecidability

′
and ⟨𝑥, 𝑦⟩ ∈ <𝔐 iff 𝑥 < 𝑦 or 𝑥 = 𝑦 = 𝑛. Otherwise 𝔐 ′ is defined just like 𝔐.
By the definition of 𝔐 ′ , just like in the proof of Lemma 14.15, 𝔐 ′ ⊨ 𝜏 (𝑀, 𝑤). And
since we assumed that 𝑀 halts on input 𝑤, 𝔐 ′ ⊨ 𝛼 (𝑀, 𝑤). So, 𝔐 ′ is a finite model
of 𝜏 (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤) (note that we’ve replaced → with ∧).
We are halfway to a proof: we’ve shown that if 𝑀 halts on input 𝑤, then 𝜏 (𝑀, 𝑒) ∧
𝛼 (𝑀, 𝑤) has a finite model. Unfortunately, the “only if” direction does not hold. For
instance, if 𝑀 after 𝑛 steps is in state 𝑞 and reads a symbol 𝜎, and 𝛿 (𝑞, 𝜎) = ⟨𝑞, 𝜎, 𝑁 ⟩,
then the configuration after 𝑛 + 1 steps is exactly the same as the configuration after
𝑛 steps (same state, same head position, same tape contents). But the machine never
halts; it’s in an infinite loop. The corresponding structure 𝔐 ′ above satisfies 𝜏 (𝑀, 𝑤)
but not 𝛼 (𝑀, 𝑤). (In it, the values of 𝑛 + 𝑙 are all the same, so it is finite). But by
changing 𝜏 (𝑀, 𝑤) in a suitable way we can rule out structures like this.
Consider the sentences describing the operation of the Turing machine 𝑀 on
input 𝑤 = 𝜎𝑖 1 . . . 𝜎𝑖𝑘 :
1. Axioms describing numbers and < (just like in the definition of 𝜏 (𝑀, 𝑤) in
section 14.6).
2. Axioms describing the input configuration: just like in the definition of 𝜏 (𝑀, 𝑤).
3. Axioms describing the transition from one configuration to the next:
For the following, let 𝜑 (𝑥, 𝑦) be as before, and let

𝜓 (𝑦) ≡ ∀𝑥 (𝑥 < 𝑦 → 𝑥 ≠ 𝑦).

a) For every instruction 𝛿 (𝑞𝑖 , 𝜎) = ⟨𝑞 𝑗 , 𝜎 ′, 𝑅⟩, the sentence:

∀𝑥 ∀𝑦 ((𝑄𝑞𝑖 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)) →

(𝑄𝑞 𝑗 (𝑥 ′, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦) ∧ 𝜓 (𝑦 ′ )))

b) For every instruction 𝛿 (𝑞𝑖 , 𝜎) = ⟨𝑞 𝑗 , 𝜎 ′, 𝐿⟩, the sentence

∀𝑥 ∀𝑦 ((𝑄𝑞𝑖 (𝑥 ′, 𝑦) ∧ 𝑆𝜎 (𝑥 ′, 𝑦)) →
(𝑄𝑞 𝑗 (𝑥, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥 ′, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦))) ∧
∀𝑦 ((𝑄𝑞𝑖 (0, 𝑦) ∧ 𝑆𝜎 (0, 𝑦)) →
(𝑄𝑞 𝑗 (0, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (0, 𝑦 ′ ) ∧ 𝜑 (0, 𝑦) ∧ 𝜓 (𝑦 ′ )))

c) For every instruction 𝛿 (𝑞𝑖 , 𝜎) = ⟨𝑞 𝑗 , 𝜎 ′, 𝑁 ⟩, the sentence:

∀𝑥 ∀𝑦 ((𝑄𝑞𝑖 (𝑥, 𝑦) ∧ 𝑆𝜎 (𝑥, 𝑦)) →

(𝑄𝑞 𝑗 (𝑥, 𝑦 ′ ) ∧ 𝑆𝜎 ′ (𝑥, 𝑦 ′ ) ∧ 𝜑 (𝑥, 𝑦) ∧ 𝜓 (𝑦 ′ )))

As you can see, the sentences describing the transitions of 𝑀 are the same
as the corresponding sentence in 𝜏 (𝑀, 𝑤), except we add 𝜓 (𝑦 ′ ) at the end.
𝜓 (𝑦 ′ ) ensures that the number 𝑦 ′ of the “next” configuration is different from
all previous numbers 0, 0′ , . . . .
Let 𝜏 ′ (𝑀, 𝑤) be the conjunction of all the above sentences for Turing machine 𝑀 and
input 𝑤.
Lemma 14.19. If 𝑀 started on input 𝑤 halts, then 𝜏 ′ (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤) has a finite
model.

182
 14.9. Trakthenbrot’s Theorem

Proof. Let 𝔐 ′ be as in the proof of Lemma 14.15, except

|𝔐 ′ | = {0, . . . , 𝑛},
(
𝔐′ 𝑥 + 1 if 𝑥 < 𝑛
′ (𝑥) =
𝑛 otherwise,
′
⟨𝑥, 𝑦⟩ ∈ <𝔐 iff 𝑥 < 𝑦 or 𝑥 = 𝑦 = 𝑛,

where 𝑛 = max(𝑘, len(𝑤)) and 𝑘 is the least number such that 𝑀 started on input 𝑤
has halted after 𝑘 steps. We leave the verification that 𝔐 ′ ⊨ 𝜏 ′ (𝑀, 𝑤) ∧ 𝐸 (𝑀, 𝑤) as
an exercise. □

Lemma 14.20. If 𝜏 ′ (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤) has a finite model, then 𝑀 started on input 𝑤
halts.

Proof. We show the contrapositive. Suppose that 𝑀 started on 𝑤 does not halt. If
𝜏 ′ (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤) has no model at all, we are done. So assume 𝔐 is a model
of 𝜏 (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤). We have to show that it cannot be finite.
We can prove, just like in Lemma 14.13, that if 𝑀, started on input 𝑤, has not halted
after 𝑛 steps, then 𝜏 ′ (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛) ∧ 𝜓 (𝑛). Since 𝑀 started on input 𝑤 does
not halt, 𝜏 ′ (𝑀, 𝑤) ⊨ 𝜒 (𝑀, 𝑤, 𝑛) ∧ 𝜓 (𝑛) for all 𝑛 ∈ N. Note that by Proposition 14.10,
𝜏 ′ (𝑀, 𝑤) ⊨ 𝑘 < 𝑛 for all 𝑘 < 𝑛. Also 𝜓 (𝑛) ⊨ 𝑘 < 𝑛 → 𝑘 ≠ 𝑛. So, 𝔐 ⊨ 𝑘 ≠ 𝑛 for
all 𝑘 < 𝑛, i.e., the infinitely many terms 𝑘 must all have different values in 𝔐. But this
requires that |𝔐| be infinite, so 𝔐 cannot be a finite model of 𝜏 ′ (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤).□

Theorem 14.21 (Trakthenbrot’s Theorem). It is undecidable if an arbitrary sen-

tence of first-order logic has a finite model (i.e., is finitely satisfiable).

Proof. Suppose there were a Turing machine 𝐹 that decides the finite satisfiability
problem. Then given any Turing machine 𝑀 and input 𝑤, we could compute the
sentence 𝜏 ′ (𝑀, 𝑤) ∧ 𝛼 (𝑀, 𝑤), and use 𝐹 to decide if it has a finite model. By Lem-
mata 14.19 and 14.20, it does iff 𝑀 started on input 𝑤 halts. So we could use 𝐹 to solve
the halting problem, which we know is unsolvable. □

Corollary 14.22. There can be no derivation system that is sound and complete for finite
validity, i.e., a derivation system which has ⊢ 𝜓 iff 𝔐 ⊨ 𝜓 for every finite structure 𝔐.

Proof. Exercise. □

Problems
Problem 14.1. Can you think of a way to describe Turing machines that does not
require that the states and alphabet symbols are explicitly listed? You may define
your own notion of “standard” machine, but say something about why every Turing
machine can be computed by a “standard” machine in your new sense.

Problem 14.2. The Three Halting (3-Halt) problem is the problem of giving a decision
procedure to determine whether or not an arbitrarily chosen Turing Machine halts
for an input of three I’s on an otherwise blank tape. Prove that the 3-Halt problem is
unsolvable.

183
14. Undecidability

Problem 14.3. Show that if the halting problem is solvable for Turing machine and
input pairs 𝑀𝑒 and 𝑛 where 𝑒 ≠ 𝑛, then it is also solvable for the cases where 𝑒 = 𝑛.

Problem 14.4. We proved that the halting problem is unsolvable if the input is a
number 𝑒, which identifies a Turing machine 𝑀𝑒 via an enumeration of all Turing
machines. What if we allow the description of Turing machines from section 14.2
directly as input? Can there be a Turing machine which decides the halting problem
but takes as input descriptions of Turing machines rather than indices? Explain why
or why not.

Problem 14.5. Show that the partial function 𝑠 ′ is defined as

(
′ 1 if machine 𝑀𝑒 halts for input 𝑒
𝑠 (𝑒) =
undefined if machine 𝑀𝑒 does not halt for input 𝑒

is Turing computable.

Problem 14.6. Prove Proposition 14.10. (Hint: use induction on 𝑘 − 𝑚).

Problem 14.7. Complete case (3) of the proof of Lemma 14.13.

Problem 14.8. Give a derivation of 𝑆𝜎𝑖 (𝑖, 𝑛 ′ ) from 𝑆𝜎𝑖 (𝑖, 𝑛) and 𝜑 (𝑚, 𝑛) (assuming
𝑖 ≠ 𝑚, i.e., either 𝑖 < 𝑚 or 𝑚 < 𝑖).
′
Problem 14.9. Give a derivation of ∀𝑥 (𝑘 < 𝑥 → 𝑆 ⊔ (𝑥, 𝑛 ′ )) from ∀𝑥 (𝑘 < 𝑥 →
𝑆 ⊔ (𝑥, 𝑛 ′ )), ∀𝑥 𝑥 < 𝑥 ′ , and ∀𝑥 ∀𝑦 ∀𝑧 ((𝑥 < 𝑦 ∧ 𝑦 < 𝑧) → 𝑥 < 𝑧).)

Problem 14.10. Complete the proof of Lemma 14.19 by proving that 𝔐 ′ ⊨ 𝜏 (𝑀, 𝑤) ∧
𝐸 (𝑀, 𝑤).

Problem 14.11. Complete the proof of Lemma 14.20 by proving that if 𝑀, started on
input 𝑤, has not halted after 𝑛 steps, then 𝜏 ′ (𝑀, 𝑤) ⊨ 𝜓 (𝑛).

Problem 14.12. Prove Corollary 14.22. Observe that 𝜓 is satisfied in every finite
structure iff ¬𝜓 is not finitely satisfiable. Explain why finite satisfiability is semi-
decidable in the sense of Theorem 14.18. Use this to argue that if there were a derivation
system for finite validity, then finite satisfiability would be decidable.

184
Chapter 15

Recursive Functions

15.1 Introduction

In order to develop a mathematical theory of computability, one has to, first of all,
develop a model of computability. We now think of computability as the kind of thing
that computers do, and computers work with symbols. But at the beginning of the de-
velopment of theories of computability, the paradigmatic example of computation was
numerical computation. Mathematicians were always interested in number-theoretic
functions, i.e., functions 𝑓 : N𝑛 → N that can be computed. So it is not surprising
that at the beginning of the theory of computability, it was such functions that were
studied. The most familiar examples of computable numerical functions, such as
addition, multiplication, exponentiation (of natural numbers) share an interesting
feature: they can be defined recursively. It is thus quite natural to attempt a general
definition of computable function on the basis of recursive definitions. Among the
many possible ways to define number-theoretic functions recursively, one particularly
simple pattern of definition here becomes central: so-called primitive recursion.

In addition to computable functions, we might be interested in computable sets

and relations. A set is computable if we can compute the answer to whether or
not a given number is an element of the set, and a relation is computable iff we
can compute whether or not a tuple ⟨𝑛 1, . . . , 𝑛𝑘 ⟩ is an element of the relation. By
considering the characteristic function of a set or relation, discussion of computable
sets and relations can be subsumed under that of computable functions. Thus we can
define primitive recursive relations as well, e.g., the relation “𝑛 evenly divides 𝑚” is a
primitive recursive relation.

Primitive recursive functions—those that can be defined using just primitive

recursion—are not, however, the only computable number-theoretic functions. Many
generalizations of primitive recursion have been considered, but the most powerful
and widely-accepted additional way of computing functions is by unbounded search.
This leads to the definition of partial recursive functions, and a related definition to
general recursive functions. General recursive functions are computable and total, and
the definition characterizes exactly the partial recursive functions that happen to be
total. Recursive functions can simulate every other model of computation (Turing
machines, lambda calculus, etc.) and so represent one of the many accepted models
of computation.

185
15. Recursive Functions

15.2 Primitive Recursion

A characteristic of the natural numbers is that every natural number can be reached
from 0 by applying the successor operation +1 finitely many times—any natural
number is either 0 or the successor of . . . the successor of 0. One way to specify a
function ℎ : N → N that makes use of this fact is this: (a) specify what the value of ℎ
is for argument 0, and (b) also specify how to, given the value of ℎ(𝑥), compute the
value of ℎ(𝑥 + 1). For (a) tells us directly what ℎ(0) is, so ℎ is defined for 0. Now, using
the instruction given by (b) for 𝑥 = 0, we can compute ℎ(1) = ℎ(0 + 1) from ℎ(0).
Using the same instructions for 𝑥 = 1, we compute ℎ(2) = ℎ(1 + 1) from ℎ(1), and so
on. For every natural number 𝑥, we’ll eventually reach the step where we define ℎ(𝑥)
from ℎ(𝑥 + 1), and so ℎ(𝑥) is defined for all 𝑥 ∈ N.
For instance, suppose we specify ℎ : N → N by the following two equations:

ℎ(0) = 1
ℎ(𝑥 + 1) = 2 · ℎ(𝑥)

If we already know how to multiply, then these equations give us the information
required for (a) and (b) above. By successively applying the second equation, we get
that

ℎ(1) = 2 · ℎ(0) = 2,
ℎ(2) = 2 · ℎ(1) = 2 · 2,
ℎ(3) = 2 · ℎ(2) = 2 · 2 · 2,
..
.

We see that the function ℎ we have specified is ℎ(𝑥) = 2𝑥 .

The characteristic feature of the natural numbers guarantees that there is only
one function ℎ that meets these two criteria. A pair of equations like these is called a
definition by primitive recursion of the function ℎ. It is so-called because we define ℎ
“recursively,” i.e., the definition, specifically the second equation, involves ℎ itself on
the right-hand-side. It is “primitive” because in defining ℎ(𝑥 + 1) we only use the
value ℎ(𝑥), i.e., the immediately preceding value. This is the simplest way of defining
a function on N recursively.
We can define even more fundamental functions like addition and multiplication
by primitive recursion. In these cases, however, the functions in question are 2-place.
We fix one of the argument places, and use the other for the recursion. E.g, to define
add(𝑥, 𝑦) we can fix 𝑥 and define the value first for 𝑦 = 0 and then for 𝑦 + 1 in terms
of 𝑦. Since 𝑥 is fixed, it will appear on the left and on the right side of the defining
equations.

add(𝑥, 0) = 𝑥
add(𝑥, 𝑦 + 1) = add(𝑥, 𝑦) + 1

These equations specify the value of add for all 𝑥 and 𝑦. To find add(2, 3), for instance,
we apply the defining equations for 𝑥 = 2, using the first to find add(2, 0) = 2, then
using the second to successively find add(2, 1) = 2 + 1 = 3, add(2, 2) = 3 + 1 = 4,
add(2, 3) = 4 + 1 = 5.
In the definition of add we used + on the right-hand-side of the second equation,
but only to add 1. In other words, we used the successor function succ(𝑧) = 𝑧 + 1 and

186
 15.3. Composition

applied it to the previous value add(𝑥, 𝑦) to define add(𝑥, 𝑦 + 1). So we can think of
the recursive definition as given in terms of a single function which we apply to the
previous value. However, it doesn’t hurt—and sometimes is necessary—to allow the
function to depend not just on the previous value but also on 𝑥 and 𝑦. Consider:

mult(𝑥, 0) = 0
mult(𝑥, 𝑦 + 1) = add(mult(𝑥, 𝑦), 𝑥)

This is a primitive recursive definition of a function mult by applying the function add
to both the preceding value mult(𝑥, 𝑦) and the first argument 𝑥. It also defines the
function mult(𝑥, 𝑦) for all arguments 𝑥 and 𝑦. For instance, mult(2, 3) is determined
by successively computing mult(2, 0), mult(2, 1), mult(2, 2), and mult(2, 3):

mult(2, 0) = 0
mult(2, 1) = mult(2, 0 + 1) = add(mult(2, 0), 2) = add(0, 2) = 2
mult(2, 2) = mult(2, 1 + 1) = add(mult(2, 1), 2) = add(2, 2) = 4
mult(2, 3) = mult(2, 2 + 1) = add(mult(2, 2), 2) = add(4, 2) = 6

The general pattern then is this: to give a primitive recursive definition of a

function ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦), we provide two equations. The first defines the value of
ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 0) without reference to ℎ. The second defines the value of ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦+
1) in terms of ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦), the other arguments 𝑥 0 , . . . , 𝑥𝑘 −1 , and 𝑦. Only the
immediately preceding value of ℎ may be used in that second equation. If we think of
the operations given by the right-hand-sides of these two equations as themselves
being functions 𝑓 and 𝑔, then the general pattern to define a new function ℎ by
primitive recursion is this:

ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 0) = 𝑓 (𝑥 0, . . . , 𝑥𝑘 −1 )
ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦 + 1) = 𝑔(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦, ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦))

In the case of add, we have 𝑘 = 1 and 𝑓 (𝑥 0 ) = 𝑥 0 (the identity function), and

𝑔(𝑥 0, 𝑦, 𝑧) = 𝑧 + 1 (the 3-place function that returns the successor of its third ar-
gument):

add(𝑥 0, 0) = 𝑓 (𝑥 0 ) = 𝑥 0
add(𝑥 0, 𝑦 + 1) = 𝑔(𝑥 0, 𝑦, add(𝑥 0, 𝑦)) = succ(add(𝑥 0, 𝑦))

In the case of mult, we have 𝑓 (𝑥 0 ) = 0 (the constant function always returning 0) and
𝑔(𝑥 0, 𝑦, 𝑧) = add(𝑧, 𝑥 0 ) (the 3-place function that returns the sum of its last and first
argument):

mult(𝑥 0, 0) = 𝑓 (𝑥 0 ) = 0
mult(𝑥 0, 𝑦 + 1) = 𝑔(𝑥 0, 𝑦, mult(𝑥 0, 𝑦)) = add(mult(𝑥 0, 𝑦), 𝑥 0 )

15.3 Composition
If 𝑓 and 𝑔 are two one-place functions of natural numbers, we can compose them:
ℎ(𝑥) = 𝑔(𝑓 (𝑥)). The new function ℎ(𝑥) is then defined by composition from the
functions 𝑓 and 𝑔. We’d like to generalize this to functions of more than one argument.

187
15. Recursive Functions

Here’s one way of doing this: suppose 𝑓 is a 𝑘-place function, and 𝑔0 , . . . , 𝑔𝑘 −1 are
𝑘 functions which are all 𝑛-place. Then we can define a new 𝑛-place function ℎ as
follows:

ℎ(𝑥 0, . . . , 𝑥𝑛−1 ) = 𝑓 (𝑔0 (𝑥 0, . . . , 𝑥𝑛−1 ), . . . , 𝑔𝑘 −1 (𝑥 0, . . . , 𝑥𝑛−1 ))

If 𝑓 and all 𝑔𝑖 are computable, so is ℎ: To compute ℎ(𝑥 0, . . . , 𝑥𝑛−1 ), first compute the
values 𝑦𝑖 = 𝑔𝑖 (𝑥 0, . . . , 𝑥𝑛−1 ) for each 𝑖 = 0, . . . , 𝑘 − 1. Then feed these values into 𝑓 to
compute ℎ(𝑥 0, . . . , 𝑥𝑘 −1 ) = 𝑓 (𝑦0, . . . , 𝑦𝑘 −1 ).
This may seem like an overly restrictive characterization of what happens when
we compute a new function using some existing ones. For one thing, sometimes we
do not use all the arguments of a function, as when we defined 𝑔(𝑥, 𝑦, 𝑧) = succ(𝑧)
for use in the primitive recursive definition of add. Suppose we are allowed use of
the following functions:
𝑃𝑖𝑛 (𝑥 0, . . . , 𝑥𝑛−1 ) = 𝑥𝑖
The functions 𝑃𝑖𝑘 are called projection functions: 𝑃𝑖𝑛 is an 𝑛-place function. Then 𝑔 can
be defined by
𝑔(𝑥, 𝑦, 𝑧) = succ(𝑃23 (𝑥, 𝑦, 𝑧)).
Here the role of 𝑓 is played by the 1-place function succ, so 𝑘 = 1. And we have one
3-place function 𝑃23 which plays the role of 𝑔0 . The result is a 3-place function that
returns the successor of the third argument.
The projection functions also allow us to define new functions by reordering or
identifying arguments. For instance, the function ℎ(𝑥) = add(𝑥, 𝑥) can be defined by

ℎ(𝑥 0 ) = add(𝑃01 (𝑥 0 ), 𝑃01 (𝑥 0 )).

Here 𝑘 = 2, 𝑛 = 1, the role of 𝑓 (𝑦0, 𝑦1 ) is played by add, and the roles of 𝑔0 (𝑥 0 ) and
𝑔1 (𝑥 0 ) are both played by 𝑃01 (𝑥 0 ), the one-place projection function (aka the identity
function).
If 𝑓 (𝑦0, 𝑦1 ) is a function we already have, we can define the function ℎ(𝑥 0, 𝑥 1 ) =
𝑓 (𝑥 1, 𝑥 0 ) by
ℎ(𝑥 0, 𝑥 1 ) = 𝑓 (𝑃12 (𝑥 0, 𝑥 1 ), 𝑃02 (𝑥 0, 𝑥 1 )).
Here 𝑘 = 2, 𝑛 = 2, and the roles of 𝑔0 and 𝑔1 are played by 𝑃12 and 𝑃02 , respectively.
You may also worry that 𝑔0 , . . . , 𝑔𝑘 −1 are all required to have the same arity 𝑛.
(Remember that the arity of a function is the number of arguments; an 𝑛-place function
has arity 𝑛.) But adding the projection functions provides the desired flexibility. For
example, suppose 𝑓 and 𝑔 are 3-place functions and ℎ is the 2-place function defined
by
ℎ(𝑥, 𝑦) = 𝑓 (𝑥, 𝑔(𝑥, 𝑥, 𝑦), 𝑦).
The definition of ℎ can be rewritten with the projection functions, as

ℎ(𝑥, 𝑦) = 𝑓 (𝑃02 (𝑥, 𝑦), 𝑔(𝑃02 (𝑥, 𝑦), 𝑃02 (𝑥, 𝑦), 𝑃12 (𝑥, 𝑦)), 𝑃12 (𝑥, 𝑦)).

Then ℎ is the composition of 𝑓 with 𝑃02 , 𝑙, and 𝑃12 , where

𝑙 (𝑥, 𝑦) = 𝑔(𝑃 02 (𝑥, 𝑦), 𝑃02 (𝑥, 𝑦), 𝑃12 (𝑥, 𝑦)),

i.e., 𝑙 is the composition of 𝑔 with 𝑃02 , 𝑃02 , and 𝑃12 .

188
 15.4. Primitive Recursion Functions

15.4 Primitive Recursion Functions

Let us record again how we can define new functions from existing ones using
primitive recursion and composition.
Definition 15.1. Suppose 𝑓 is a 𝑘-place function (𝑘 ≥ 1) and 𝑔 is a (𝑘 + 2)-place
function. The function defined by primitive recursion from 𝑓 and 𝑔 is the (𝑘 + 1)-place
function ℎ defined by the equations
ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 0) = 𝑓 (𝑥 0, . . . , 𝑥𝑘 −1 )
ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦 + 1) = 𝑔(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦, ℎ(𝑥 0, . . . , 𝑥𝑘 −1, 𝑦))

Definition 15.2. Suppose 𝑓 is a 𝑘-place function, and 𝑔0 , . . . , 𝑔𝑘 −1 are 𝑘 functions

which are all 𝑛-place. The function defined by composition from 𝑓 and 𝑔0 , . . . , 𝑔𝑘 −1 is
the 𝑛-place function ℎ defined by
ℎ(𝑥 0, . . . , 𝑥𝑛−1 ) = 𝑓 (𝑔0 (𝑥 0, . . . , 𝑥𝑛−1 ), . . . , 𝑔𝑘 −1 (𝑥 0, . . . , 𝑥𝑛−1 )).

In addition to succ and the projection functions

𝑃𝑖𝑛 (𝑥 0, . . . , 𝑥𝑛−1 ) = 𝑥𝑖 ,
for each natural number 𝑛 and 𝑖 < 𝑛, we will include among the primitive recursive
functions the function zero(𝑥) = 0.
Definition 15.3. The set of primitive recursive functions is the set of functions from
N𝑛 to N, defined inductively by the following clauses:
1. zero is primitive recursive.
2. succ is primitive recursive.
3. Each projection function 𝑃𝑖𝑛 is primitive recursive.
4. If 𝑓 is a 𝑘-place primitive recursive function and 𝑔0 , . . . , 𝑔𝑘 −1 are 𝑛-place primitive
recursive functions, then the composition of 𝑓 with 𝑔0 , . . . , 𝑔𝑘 −1 is primitive
recursive.
5. If 𝑓 is a 𝑘-place primitive recursive function and 𝑔 is a 𝑘 + 2-place primitive
recursive function, then the function defined by primitive recursion from 𝑓 and
𝑔 is primitive recursive.

Put more concisely, the set of primitive recursive functions is the smallest set
containing zero, succ, and the projection functions 𝑃 𝑛𝑗 , and which is closed under
composition and primitive recursion.
Another way of describing the set of primitive recursive functions is by defining
it in terms of “stages.” Let 𝑆 0 denote the set of starting functions: zero, succ, and the
projections. These are the primitive recursive functions of stage 0. Once a stage 𝑆𝑖 has
been defined, let 𝑆𝑖+1 be the set of all functions you get by applying a single instance
of composition or primitive recursion to functions already in 𝑆𝑖 . Then
Ø
𝑆= 𝑆𝑖
𝑖 ∈N

is the set of all primitive recursive functions

Let us verify that add is a primitive recursive function.

189
15. Recursive Functions

Proposition 15.4. The addition function add(𝑥, 𝑦) = 𝑥 + 𝑦 is primitive recursive.

Proof. We already have a primitive recursive definition of add in terms of two func-
tions 𝑓 and 𝑔 which matches the format of Definition 15.1:
add(𝑥 0, 0) = 𝑓 (𝑥 0 ) = 𝑥 0
add(𝑥 0, 𝑦 + 1) = 𝑔(𝑥 0, 𝑦, add(𝑥 0, 𝑦)) = succ(add(𝑥 0, 𝑦))
So add is primitive recursive provided 𝑓 and 𝑔 are as well. 𝑓 (𝑥 0 ) = 𝑥 0 = 𝑃01 (𝑥 0 ), and
the projection functions count as primitive recursive, so 𝑓 is primitive recursive. The
function 𝑔 is the three-place function 𝑔(𝑥 0, 𝑦, 𝑧) defined by
𝑔(𝑥 0, 𝑦, 𝑧) = succ(𝑧).
This does not yet tell us that 𝑔 is primitive recursive, since 𝑔 and succ are not quite
the same function: succ is one-place, and 𝑔 has to be three-place. But we can define 𝑔
“officially” by composition as
𝑔(𝑥 0, 𝑦, 𝑧) = succ(𝑃23 (𝑥 0, 𝑦, 𝑧))
Since succ and 𝑃23 count as primitive recursive functions, 𝑔 does as well, since it can
be defined by composition from primitive recursive functions. □
Proposition 15.5. The multiplication function mult(𝑥, 𝑦) = 𝑥 · 𝑦 is primitive recursive.
Proof. Exercise. □
Example 15.6. Here’s our very first example of a primitive recursive definition:
ℎ(0) = 1
ℎ(𝑦 + 1) = 2 · ℎ(𝑦).
This function cannot fit into the form required by Definition 15.1, since 𝑘 = 0. The
definition also involves the constants 1 and 2. To get around the first problem, let’s
introduce a dummy argument and define the function ℎ ′ :
ℎ ′ (𝑥 0, 0) = 𝑓 (𝑥 0 ) = 1
ℎ (𝑥 0, 𝑦 + 1) = 𝑔(𝑥 0, 𝑦, ℎ ′ (𝑥 0, 𝑦)) = 2 · ℎ ′ (𝑥 0, 𝑦).
′

The function 𝑓 (𝑥 0 ) = 1 can be defined from succ and zero by composition: 𝑓 (𝑥 0 ) =

succ(zero(𝑥 0 )). The function 𝑔 can be defined by composition from 𝑔′ (𝑧) = 2 · 𝑧 and
projections:
𝑔(𝑥 0, 𝑦, 𝑧) = 𝑔′ (𝑃23 (𝑥 0, 𝑦, 𝑧))

and 𝑔′ in turn can be defined by composition as

𝑔′ (𝑧) = mult(𝑔′′ (𝑧), 𝑃01 (𝑧))

and

𝑔′′ (𝑧) = succ(𝑓 (𝑧)),

where 𝑓 is as above: 𝑓 (𝑧) = succ(zero(𝑧)). Now that we have ℎ ′ , we can use compo-
sition again to let ℎ(𝑦) = ℎ ′ (𝑃01 (𝑦), 𝑃01 (𝑦)). This shows that ℎ can be defined from the
basic functions using a sequence of compositions and primitive recursions, so ℎ is
primitive recursive.

190
 15.5. Primitive Recursion Notations

15.5 Primitive Recursion Notations

One advantage to having the precise inductive description of the primitive recursive
functions is that we can be systematic in describing them. For example, we can assign
a “notation” to each such function, as follows. Use symbols zero, succ, and 𝑃𝑖𝑛 for
zero, successor, and the projections. Now suppose ℎ is defined by composition from a
𝑘-place function 𝑓 and 𝑛-place functions 𝑔0 , . . . , 𝑔𝑘 −1 , and we have assigned notations
𝐹 , 𝐺 0 , . . . , 𝐺𝑘 −1 to the latter functions. Then, using a new symbol Comp𝑘,𝑛 , we can
denote the function ℎ by Comp𝑘,𝑛 [𝐹, 𝐺 0, . . . , 𝐺𝑘 −1 ].
For functions defined by primitive recursion, we can use analogous notations.
Suppose the (𝑘 + 1)-ary function ℎ is defined by primitive recursion from the 𝑘-ary
function 𝑓 and the (𝑘 + 2)-ary function 𝑔, and the notations assigned to 𝑓 and 𝑔 are 𝐹
and 𝐺, respectively. Then the notation assigned to ℎ is Rec𝑘 [𝐹, 𝐺].
Recall that the addition function is defined by primitive recursion as

add(𝑥 0, 0) = 𝑃 01 (𝑥 0 ) = 𝑥 0
add(𝑥 0, 𝑦 + 1) = succ(𝑃23 (𝑥 0, 𝑦, add(𝑥 0, 𝑦))) = add(𝑥 0, 𝑦) + 1

Here the role of 𝑓 is played by 𝑃01 , and the role of 𝑔 is played by succ(𝑃23 (𝑥 0, 𝑦, 𝑧)),
which is assigned the notation Comp1,3 [succ, 𝑃23 ] as it is the result of defining a
function by composition from the 1-ary function succ and the 3-ary function 𝑃23 . With
this setup, we can denote the addition function by

Rec1 [𝑃01 , Comp1,3 [succ, 𝑃23 ]].

Having these notations sometimes proves useful, e.g., when enumerating primitive
recursive functions.

15.6 Primitive Recursive Functions are Computable

Suppose a function ℎ is defined by primitive recursion

® 0)
ℎ(𝑥, = 𝑓 (𝑥)
®
® 𝑦 + 1)
ℎ(𝑥, ® 𝑦, ℎ(𝑥,
= 𝑔(𝑥, ® 𝑦))

and suppose the functions 𝑓 and 𝑔 are computable. (We use 𝑥® to abbreviate 𝑥 0 , . . . ,
𝑥𝑘 −1 .) Then ℎ(𝑥,
® 0) can obviously be computed, since it is just 𝑓 (𝑥)
® which we assume
is computable. ℎ(𝑥,® 1) can then also be computed, since 1 = 0 + 1 and so ℎ(𝑥,
® 1) is just

® 1) = 𝑔(𝑥,
ℎ(𝑥, ® 0, ℎ(𝑥,
® 0)) = 𝑔(𝑥,
® 0, 𝑓 (𝑥)).
®

We can go on in this way and compute

® 2) = 𝑔(𝑥,
ℎ(𝑥, ® 1, ℎ(𝑥,
® 1)) = 𝑔(𝑥,
® 1, 𝑔(𝑥,
® 0, 𝑓 (𝑥)))
®
® 3) = 𝑔(𝑥,
ℎ(𝑥, ® 2, ℎ(𝑥,
® 2)) = 𝑔(𝑥,
® 2, 𝑔(𝑥,
® 1, 𝑔(𝑥,
® 0, 𝑓 (𝑥))))
®
® 4) = 𝑔(𝑥,
ℎ(𝑥, ® 3, ℎ(𝑥,
® 3)) = 𝑔(𝑥,
® 3, 𝑔(𝑥,
® 2, 𝑔(𝑥,
® 1, 𝑔(𝑥,
® 0, 𝑓 (𝑥)))))
®
..
.

Thus, to compute ℎ(𝑥,

® 𝑦) in general, successively compute ℎ(𝑥,
® 0), ℎ(𝑥,
® 1), . . . , until
we reach ℎ(𝑥,
® 𝑦).

191
15. Recursive Functions

Thus, a primitive recursive definition yields a new computable function if the func-
tions 𝑓 and 𝑔 are computable. Composition of functions also results in a computable
function if the functions 𝑓 and 𝑔𝑖 are computable.
Since the basic functions zero, succ, and 𝑃𝑖𝑛 are computable, and composition
and primitive recursion yield computable functions from computable functions, this
means that every primitive recursive function is computable.

15.7 Examples of Primitive Recursive Functions

We already have some examples of primitive recursive functions: the addition and
multiplication functions add and mult. The identity function id(𝑥) = 𝑥 is primitive
recursive, since it is just 𝑃 01 . The constant functions const𝑛 (𝑥) = 𝑛 are primitive
recursive since they can be defined from zero and succ by successive composition.
This is useful when we want to use constants in primitive recursive definitions, e.g.,
if we want to define the function 𝑓 (𝑥) = 2 · 𝑥 can obtain it by composition from
const𝑛 (𝑥) and multiplication as 𝑓 (𝑥) = mult(const2 (𝑥), 𝑃01 (𝑥)). We’ll make use of
this trick from now on.

Proposition 15.7. The exponentiation function exp(𝑥, 𝑦) = 𝑥 𝑦 is primitive recursive.

Proof. We can define exp primitive recursively as

exp(𝑥, 0) = 1
exp(𝑥, 𝑦 + 1) = mult(𝑥, exp(𝑥, 𝑦)).

Strictly speaking, this is not a recursive definition from primitive recursive functions.
Officially, though, we have:

exp(𝑥, 0) = 𝑓 (𝑥)
exp(𝑥, 𝑦 + 1) = 𝑔(𝑥, 𝑦, exp(𝑥, 𝑦)).

where

𝑓 (𝑥) = succ(zero(𝑥)) = 1
𝑔(𝑥, 𝑦, 𝑧) = mult(𝑃03 (𝑥, 𝑦, 𝑧), 𝑃23 (𝑥, 𝑦, 𝑧)) = 𝑥 · 𝑧

and so 𝑓 and 𝑔 are defined from primitive recursive functions by composition. □

Proposition 15.8. The predecessor function pred(𝑦) defined by

(
0 if 𝑦 = 0
pred(𝑦) =
𝑦 − 1 otherwise

is primitive recursive.

Proof. Note that

pred(0) = 0 and
pred(𝑦 + 1) = 𝑦.

192
 15.7. Examples of Primitive Recursive Functions

This is almost a primitive recursive definition. It does not, strictly speaking, fit into
the pattern of definition by primitive recursion, since that pattern requires at least
one extra argument 𝑥. It is also odd in that it does not actually use pred(𝑦) in the
definition of pred(𝑦 + 1). But we can first define pred′ (𝑥, 𝑦) by

pred′ (𝑥, 0) = zero(𝑥) = 0,

pred′ (𝑥, 𝑦 + 1) = 𝑃 13 (𝑥, 𝑦, pred′ (𝑥, 𝑦)) = 𝑦.

and then define pred from it by composition, e.g., as pred(𝑥) = pred′ (zero(𝑥), 𝑃01 (𝑥)).□

Proposition 15.9. The factorial function fac(𝑥) = 𝑥 ! = 1 · 2 · 3 · · · · · 𝑥 is primitive

recursive.

Proof. The obvious primitive recursive definition is

fac(0) = 1
fac(𝑦 + 1) = fac(𝑦) · (𝑦 + 1).

Officially, we have to first define a two-place function ℎ

ℎ(𝑥, 0) = const1 (𝑥)

ℎ(𝑥, 𝑦 + 1) = 𝑔(𝑥, 𝑦, ℎ(𝑥, 𝑦))

where 𝑔(𝑥, 𝑦, 𝑧) = mult(𝑃23 (𝑥, 𝑦, 𝑧), succ(𝑃13 (𝑥, 𝑦, 𝑧))) and then let

fac(𝑦) = ℎ(𝑃01 (𝑦), 𝑃01 (𝑦)) = ℎ(𝑦, 𝑦).

From now on we’ll be a bit more laissez-faire and not give the official definitions by
composition and primitive recursion. □

Proposition 15.10. Truncated subtraction, 𝑥 −¤ 𝑦, defined by

(
0 if 𝑥 < 𝑦
𝑥 −¤ 𝑦 =
𝑥 − 𝑦 otherwise

is primitive recursive.

Proof. We have:

𝑥 −¤ 0 = 𝑥
𝑥 −¤ (𝑦 + 1) = pred(𝑥 −¤ 𝑦) □

Proposition 15.11. The distance between 𝑥 and 𝑦, |𝑥 − 𝑦|, is primitive recursive.

Proof. We have |𝑥 − 𝑦| = (𝑥 −𝑦)+(𝑦

¤ ¤ so the distance can be defined by composition
−𝑥),
from + and −,
¤ which are primitive recursive. □

Proposition 15.12. The maximum of 𝑥 and 𝑦, max(𝑥, 𝑦), is primitive recursive.

193
15. Recursive Functions

Proof. We can define max(𝑥, 𝑦) by composition from + and −¤ by

max(𝑥, 𝑦) = 𝑥 + (𝑦 −¤ 𝑥).

If 𝑥 is the maximum, i.e., 𝑥 ≥ 𝑦, then 𝑦 −¤ 𝑥 = 0, so 𝑥 + (𝑦 −¤ 𝑥) = 𝑥 + 0 = 𝑥. If 𝑦 is the

maximum, then 𝑦 −¤ 𝑥 = 𝑦 − 𝑥, and so 𝑥 + (𝑦 −¤ 𝑥) = 𝑥 + (𝑦 − 𝑥) = 𝑦. □

Proposition 15.13. The minimum of 𝑥 and 𝑦, min(𝑥, 𝑦), is primitive recursive.

Proof. Exercise. □

Proposition 15.14. The set of primitive recursive functions is closed under the following
two operations:
1. Finite sums: if 𝑓 (𝑥,
® 𝑧) is primitive recursive, then so is the function
𝑦
∑︁
® 𝑦) =
𝑔(𝑥, 𝑓 (𝑥,
® 𝑧).
𝑧=0

2. Finite products: if 𝑓 (𝑥,

® 𝑧) is primitive recursive, then so is the function
𝑦
Ö
® 𝑦) =
ℎ(𝑥, 𝑓 (𝑥,
® 𝑧).
𝑧=0

Proof. For example, finite sums are defined recursively by the equations

® 0) = 𝑓 (𝑥,
𝑔(𝑥, ® 0)
® 𝑦 + 1) = 𝑔(𝑥,
𝑔(𝑥, ® 𝑦 + 1).
® 𝑦) + 𝑓 (𝑥, □

15.8 Primitive Recursive Relations

Definition 15.15. A relation 𝑅(𝑥)
® is said to be primitive recursive if its characteristic
function,
1 if 𝑅(𝑥)

®
𝜒𝑅 (𝑥)
® =
0 otherwise
is primitive recursive.

In other words, when one speaks of a primitive recursive relation 𝑅(𝑥), ® one is
referring to a relation of the form 𝜒𝑅 (𝑥)
® = 1, where 𝜒𝑅 is a primitive recursive function
which, on any input, returns either 1 or 0. For example, the relation IsZero(𝑥), which
holds if and only if 𝑥 = 0, corresponds to the function 𝜒IsZero , defined using primitive
recursion by

𝜒 IsZero (0) = 1,
𝜒IsZero (𝑥 + 1) = 0.

It should be clear that one can compose relations with other primitive recursive
functions. So the following are also primitive recursive:
1. The equality relation, 𝑥 = 𝑦, defined by IsZero(|𝑥 − 𝑦|)

194
 15.8. Primitive Recursive Relations

2. The less-than relation, 𝑥 ≤ 𝑦, defined by IsZero(𝑥 −¤ 𝑦)

Proposition 15.16. The set of primitive recursive relations is closed under Boolean
operations, that is, if 𝑃 (𝑥)
® and 𝑄 (𝑥)
® are primitive recursive, so are

1. ¬𝑃 (𝑥)
®

2. 𝑃 (𝑥)
® ∧ 𝑄 (𝑥)
®

3. 𝑃 (𝑥)
® ∨ 𝑄 (𝑥)
®

4. 𝑃 (𝑥)
® → 𝑄 (𝑥)
®

Proof. Suppose 𝑃 (𝑥)

® and 𝑄 (𝑥)® are primitive recursive, i.e., their characteristic func-
tions 𝜒𝑃 and 𝜒𝑄 are. We have to show that the characteristic functions of ¬𝑃 (𝑥), ® etc.,
are also primitive recursive.
(
0 if 𝜒𝑃 (𝑥)
® =1
𝜒¬𝑃 (𝑥)
® =
1 otherwise

We can define 𝜒 ¬𝑃 (𝑥)

® as 1 −¤ 𝜒𝑃 (𝑥).
®
(
1 if 𝜒𝑃 (𝑥) ® =1
® = 𝜒𝑄 (𝑥)
𝜒𝑃 ∧𝑄 (𝑥)
® =
0 otherwise

We can define 𝜒𝑃 ∧𝑄 (𝑥)

® as 𝜒𝑃 (𝑥) ® or as min( 𝜒𝑃 (𝑥),
® · 𝜒𝑄 (𝑥) ® Similarly,
® 𝜒𝑄 (𝑥)).

® = max( 𝜒𝑃 (𝑥),
𝜒𝑃 ∨𝑄 (𝑥) ® and
® 𝜒𝑄 (𝑥)))
® = max(1 −¤ 𝜒𝑃 (𝑥),
𝜒𝑃 →𝑄 (𝑥) ® 𝜒𝑄 (𝑥)).
® □

Proposition 15.17. The set of primitive recursive relations is closed under bounded
quantification, i.e., if 𝑅(𝑥,
® 𝑧) is a primitive recursive relation, then so are the relations

® 𝑧) and
(∀𝑧 < 𝑦) 𝑅(𝑥,
(∃𝑧 < 𝑦) 𝑅(𝑥,
® 𝑧).

(∀𝑧 < 𝑦) 𝑅(𝑥,® 𝑧) holds of 𝑥® and 𝑦 if and only if 𝑅(𝑥,

® 𝑧) holds for every 𝑧 less than 𝑦, and
similarly for (∃𝑧 < 𝑦) 𝑅(𝑥, ® 𝑧).

Proof. By convention, we take (∀𝑧 < 0) 𝑅(𝑥, ® 𝑧) to be true (for the trivial reason that
there are no 𝑧 less than 0) and (∃𝑧 < 0) 𝑅(𝑥, ® 𝑧) to be false. A bounded universal
quantifier functions just like a finite product or iterated minimum, i.e., if 𝑃 (𝑥,
® 𝑦) ⇔
(∀𝑧 < 𝑦) 𝑅(𝑥,® 𝑧) then 𝜒𝑃 (𝑥,
® 𝑦) can be defined by

® 0) = 1
𝜒𝑃 (𝑥,
® 𝑦 + 1) = min( 𝜒𝑃 (𝑥,
𝜒𝑃 (𝑥, ® 𝑦), 𝜒𝑅 (𝑥,
® 𝑦))).

Bounded existential quantification can similarly be defined using max. Alternatively,

it can be defined from bounded universal quantification, using the equivalence (∃𝑧 <
® 𝑧) ↔ ¬(∀𝑧 < 𝑦) ¬𝑅(𝑥,
𝑦) 𝑅(𝑥, ® 𝑧). Note that, for example, a bounded quantifier of the
form (∃𝑥 ≤ 𝑦) . . . 𝑥 . . . is equivalent to (∃𝑥 < 𝑦 + 1) . . . 𝑥 . . . . □

195
15. Recursive Functions

Another useful primitive recursive function is the conditional function, cond(𝑥, 𝑦, 𝑧),
defined by
(
𝑦 if 𝑥 = 0
cond(𝑥, 𝑦, 𝑧) =
𝑧 otherwise.

This is defined recursively by

cond(0, 𝑦, 𝑧) = 𝑦,
cond(𝑥 + 1, 𝑦, 𝑧) = 𝑧.

One can use this to justify definitions of primitive recursive functions by cases from
primitive recursive relations:

Proposition 15.18. If 𝑔0 (𝑥), ® . . . , 𝑔𝑚 (𝑥)

® are primitive recursive functions, and 𝑅0 (𝑥),
®
. . . , 𝑅𝑚−1 (𝑥)
® are primitive recursive relations, then the function 𝑓 defined by



𝑔0 (𝑥)
® if 𝑅0 (𝑥)
®
if 𝑅1 (𝑥)
® and not 𝑅0 (𝑥)

𝑔 (𝑥)


 1 ® ®
.

𝑓 (𝑥)
® = ..

if 𝑅𝑚−1 (𝑥)
® and none of the previous hold

𝑔𝑚−1 (𝑥)

 ®

otherwise

𝑔 (𝑥)
 𝑚 ®

is also primitive recursive.

Proof. When 𝑚 = 1, this is just the function defined by

® = cond( 𝜒¬𝑅0 (𝑥),

𝑓 (𝑥) ® 𝑔0 (𝑥),
® 𝑔1 (𝑥)).
®

For 𝑚 greater than 1, one can just compose definitions of this form. □

15.9 Bounded Minimization

It is often useful to define a function as the least number satisfying some property
or relation 𝑃. If 𝑃 is decidable, we can compute this function simply by trying out
all the possible numbers, 0, 1, 2, . . . , until we find the least one satisfying 𝑃. This
kind of unbounded search takes us out of the realm of primitive recursive functions.
However, if we’re only interested in the least number less than some independently
given bound, we stay primitive recursive. In other words, and a bit more generally,
suppose we have a primitive recursive relation 𝑅(𝑥, 𝑧). Consider the function that
maps 𝑥 and 𝑦 to the least 𝑧 < 𝑦 such that 𝑅(𝑥, 𝑧). It, too, can be computed, by testing
whether 𝑅(𝑥, 0), 𝑅(𝑥, 1), . . . , 𝑅(𝑥, 𝑦 − 1). But why is it primitive recursive?

Proposition 15.19. If 𝑅(𝑥, ® 𝑧) is primitive recursive, so is the function 𝑚𝑅 (𝑥,

® 𝑦) which
returns the least 𝑧 less than 𝑦 such that 𝑅(𝑥,® 𝑧) holds, if there is one, and 𝑦 otherwise.
We will write the function 𝑚𝑅 as

(min 𝑧 < 𝑦) 𝑅(𝑥,

® 𝑧),

196
 15.10. Primes

Proof. Note than there can be no 𝑧 < 0 such that 𝑅(𝑥,

® 𝑧) since there is no 𝑧 < 0 at all.
So 𝑚𝑅 (𝑥,
® 0) = 0.
In case the bound is of the form 𝑦 + 1 we have three cases:

1. There is a 𝑧 < 𝑦 such that 𝑅(𝑥,

® 𝑧), in which case 𝑚𝑅 (𝑥,
® 𝑦 + 1) = 𝑚𝑅 (𝑥,
® 𝑦).

2. There is no such 𝑧 < 𝑦 but 𝑅(𝑥,

® 𝑦) holds, then 𝑚𝑅 (𝑥,
® 𝑦 + 1) = 𝑦.

3. There is no 𝑧 < 𝑦 + 1 such that 𝑅(𝑥,

® 𝑧), then 𝑚𝑅 (®
𝑧, 𝑦 + 1) = 𝑦 + 1.

So we can define 𝑚𝑅 (𝑥,

® 0) by primitive recursion as follows:

® 0) = 0
𝑚𝑅 (𝑥,
 𝑚 (𝑥,
® 𝑦) if 𝑚𝑅 (𝑥,
® 𝑦) ≠ 𝑦
 𝑅


® 𝑦 + 1) = 𝑦

𝑚𝑅 (𝑥, if 𝑚𝑅 (𝑥,
® 𝑦) = 𝑦 and 𝑅(𝑥,
® 𝑦)
𝑦 + 1 otherwise.



Note that there is a 𝑧 < 𝑦 such that 𝑅(𝑥,
® 𝑧) iff 𝑚𝑅 (𝑥,
® 𝑦) ≠ 𝑦. □

15.10 Primes
Bounded quantification and bounded minimization provide us with a good deal of
machinery to show that natural functions and relations are primitive recursive. For
example, consider the relation “𝑥 divides 𝑦”, written 𝑥 | 𝑦. The relation 𝑥 | 𝑦 holds if
division of 𝑦 by 𝑥 is possible without remainder, i.e., if 𝑦 is an integer multiple of 𝑥.
(If it doesn’t hold, i.e., the remainder when dividing 𝑥 by 𝑦 is > 0, we write 𝑥 ∤ 𝑦.) In
other words, 𝑥 | 𝑦 iff for some 𝑧, 𝑥 · 𝑧 = 𝑦. Obviously, any such 𝑧, if it exists, must be
≤ 𝑦. So, we have that 𝑥 | 𝑦 iff for some 𝑧 ≤ 𝑦, 𝑥 · 𝑧 = 𝑦. We can define the relation
𝑥 | 𝑦 by bounded existential quantification from = and multiplication by

𝑥 | 𝑦 ⇔ (∃𝑧 ≤ 𝑦) (𝑥 · 𝑧) = 𝑦.

We’ve thus shown that 𝑥 | 𝑦 is primitive recursive.

A natural number 𝑥 is prime if it is neither 0 nor 1 and is only divisible by 1 and
itself. In other words, prime numbers are such that, whenever 𝑦 | 𝑥, either 𝑦 = 1
or 𝑦 = 𝑥. To test if 𝑥 is prime, we only have to check if 𝑦 | 𝑥 for all 𝑦 ≤ 𝑥, since if
𝑦 > 𝑥, then automatically 𝑦 ∤ 𝑥. So, the relation Prime(𝑥), which holds iff 𝑥 is prime,
can be defined by

Prime(𝑥) ⇔ 𝑥 ≥ 2 ∧ (∀𝑦 ≤ 𝑥) (𝑦 | 𝑥 → 𝑦 = 1 ∨ 𝑦 = 𝑥)

and is thus primitive recursive.

The primes are 2, 3, 5, 7, 11, etc. Consider the function 𝑝 (𝑥) which returns the 𝑥th
prime in that sequence, i.e., 𝑝 (0) = 2, 𝑝 (1) = 3, 𝑝 (2) = 5, etc. (For convenience we
will often write 𝑝 (𝑥) as 𝑝𝑥 (𝑝 0 = 2, 𝑝 1 = 3, etc.)
If we had a function nextPrime(x), which returns the first prime number larger
than 𝑥, 𝑝 can be easily defined using primitive recursion:

𝑝 (0) = 2
𝑝 (𝑥 + 1) = nextPrime(𝑝 (𝑥))

197
15. Recursive Functions

Since nextPrime(𝑥) is the least 𝑦 such that 𝑦 > 𝑥 and 𝑦 is prime, it can be easily
computed by unbounded search. But it can also be defined by bounded minimization,
thanks to a result due to Euclid: there is always a prime number between 𝑥 and 𝑥 ! + 1.

nextPrime(x) = (min 𝑦 ≤ 𝑥 ! + 1) (𝑦 > 𝑥 ∧ Prime(𝑦)).

This shows, that nextPrime(𝑥) and hence 𝑝 (𝑥) are (not just computable but) primitive
recursive.
(If you’re curious, here’s a quick proof of Euclid’s theorem. Suppose 𝑝𝑛 is the
largest prime ≤ 𝑥 and consider the product 𝑝 = 𝑝 0 · 𝑝 1 · · · · · 𝑝𝑛 of all primes ≤ 𝑥.
Either 𝑝 + 1 is prime or there is a prime between 𝑥 and 𝑝 + 1. Why? Suppose 𝑝 + 1 is
not prime. Then some prime number 𝑞 | 𝑝 + 1 where 𝑞 < 𝑝 + 1. None of the primes
≤ 𝑥 divide 𝑝 + 1. (By definition of 𝑝, each of the primes 𝑝𝑖 ≤ 𝑥 divides 𝑝, i.e., with
remainder 0. So, each of the primes 𝑝𝑖 ≤ 𝑥 divides 𝑝 + 1 with remainder 1, and so
𝑝𝑖 ∤ 𝑝 + 1.) Hence, 𝑞 is a prime > 𝑥 and < 𝑝 + 1. And 𝑝 ≤ 𝑥 !, so there is a prime > 𝑥
and ≤ 𝑥 ! + 1.)

15.11 Sequences
The set of primitive recursive functions is remarkably robust. But we will be able
to do even more once we have developed a adequate means of handling sequences.
We will identify finite sequences of natural numbers with natural numbers in the
following way: the sequence ⟨𝑎 0, 𝑎 1, 𝑎 2, . . . , 𝑎𝑘 ⟩ corresponds to the number

𝑝 0𝑎0 +1 · 𝑝 1𝑎1 +1 · 𝑝 2𝑎2 +1 · · · · · 𝑝𝑘𝑎𝑘 +1 .

We add one to the exponents to guarantee that, for example, the sequences ⟨2, 7, 3⟩
and ⟨2, 7, 3, 0, 0⟩ have distinct numeric codes. We can take both 0 and 1 to code the
empty sequence; for concreteness, let Λ denote 0.
The reason that this coding of sequences works is the so-called Fundamental
Theorem of Arithmetic: every natural number 𝑛 ≥ 2 can be written in one and only
one way in the form
𝑛 = 𝑝 0𝑎0 · 𝑝 1𝑎1 · · · · · 𝑝𝑘𝑎𝑘
with 𝑎𝑘 ≥ 1. This guarantees that the mapping ⟨⟩(𝑎 0, . . . , 𝑎𝑘 ) = ⟨𝑎 0, . . . , 𝑎𝑘 ⟩ is injective:
different sequences are mapped to different numbers; to each number only at most
one sequence corresponds.
We’ll now show that the operations of determining the length of a sequence,
determining its 𝑖th element, appending an element to a sequence, and concatenating
two sequences, are all primitive recursive.

Proposition 15.20. The function len(𝑠), which returns the length of the sequence 𝑠, is
primitive recursive.

Proof. Let 𝑅(𝑖, 𝑠) be the relation defined by

𝑅(𝑖, 𝑠) iff 𝑝𝑖 | 𝑠 ∧ 𝑝𝑖+1 ∤ 𝑠.

𝑅 is clearly primitive recursive. Whenever 𝑠 is the code of a non-empty sequence, i.e.,

𝑠 = 𝑝 0𝑎0 +1 · · · · · 𝑝𝑘𝑎𝑘 +1,

198
 15.11. Sequences

𝑅(𝑖, 𝑠) holds if 𝑝𝑖 is the largest prime such that 𝑝𝑖 | 𝑠, i.e., 𝑖 = 𝑘. The length of 𝑠 thus is
𝑖 + 1 iff 𝑝𝑖 is the largest prime that divides 𝑠, so we can let
(
0 if 𝑠 = 0 or 𝑠 = 1
len(𝑠) =
1 + (min 𝑖 < 𝑠) 𝑅(𝑖, 𝑠) otherwise

We can use bounded minimization, since there is only one 𝑖 that satisfies 𝑅(𝑠, 𝑖) when
𝑠 is a code of a sequence, and if 𝑖 exists it is less than 𝑠 itself. □

Proposition 15.21. The function append(𝑠, 𝑎), which returns the result of appending
𝑎 to the sequence 𝑠, is primitive recursive.

Proof. append can be defined by:

(
2𝑎+1 if 𝑠 = 0 or 𝑠 = 1
append(𝑠, 𝑎) =
𝑠 · 𝑝 len(𝑠
𝑎+1
)
otherwise. □

Proposition 15.22. The function element(𝑠, 𝑖), which returns the 𝑖th element of 𝑠
(where the initial element is called the 0th), or 0 if 𝑖 is greater than or equal to the
length of 𝑠, is primitive recursive.

Proof. Note that 𝑎 is the 𝑖th element of 𝑠 iff 𝑝𝑖𝑎+1 is the largest power of 𝑝𝑖 that divides 𝑠,
i.e., 𝑝𝑖𝑎+1 | 𝑠 but 𝑝𝑖𝑎+2 ∤ 𝑠. So:
(
0 if 𝑖 ≥ len(𝑠)
element(𝑠, 𝑖) =
(min 𝑎 < 𝑠) (𝑝𝑖 ∤ 𝑠) otherwise.
𝑎+2
□

Instead of using the official names for the functions defined above, we introduce
a more compact notation. We will use (𝑠)𝑖 instead of element(𝑠, 𝑖), and ⟨𝑠 0, . . . , 𝑠𝑘 ⟩ to
abbreviate
append(append(. . . append(Λ, 𝑠 0 ) . . . ), 𝑠𝑘 ).
Note that if 𝑠 has length 𝑘, the elements of 𝑠 are (𝑠)0 , . . . , (𝑠)𝑘 −1 .
Proposition 15.23. The function concat(𝑠, 𝑡), which concatenates two sequences, is
primitive recursive.

Proof. We want a function concat with the property that

concat(⟨𝑎 0, . . . , 𝑎𝑘 ⟩, ⟨𝑏 0, . . . , 𝑏𝑙 ⟩) = ⟨𝑎 0, . . . , 𝑎𝑘 , 𝑏 0, . . . , 𝑏𝑙 ⟩.

We’ll use a “helper” function hconcat(𝑠, 𝑡, 𝑛) which concatenates the first 𝑛 symbols
of 𝑡 to 𝑠. This function can be defined by primitive recursion as follows:

hconcat(𝑠, 𝑡, 0) = 𝑠
hconcat(𝑠, 𝑡, 𝑛 + 1) = append(hconcat(𝑠, 𝑡, 𝑛), (𝑡)𝑛 )

Then we can define concat by

concat(𝑠, 𝑡) = hconcat(𝑠, 𝑡, len(𝑡)). □

199
15. Recursive Functions

We will write 𝑠 ⌢ 𝑡 instead of concat(𝑠, 𝑡).

It will be useful for us to be able to bound the numeric code of a sequence in terms
of its length and its largest element. Suppose 𝑠 is a sequence of length 𝑘, each element
of which is less than or equal to some number 𝑥. Then 𝑠 has at most 𝑘 prime factors,
each at most 𝑝𝑘 −1 , and each raised to at most 𝑥 + 1 in the prime factorization of 𝑠. In
other words, if we define
· (𝑥+1)
sequenceBound(𝑥, 𝑘) = 𝑝𝑘𝑘 −1 ,

then the numeric code of the sequence 𝑠 described above is at most sequenceBound(𝑥, 𝑘).
Having such a bound on sequences gives us a way of defining new functions
using bounded search. For example, we can define concat using bounded search. All
we need to do is write down a primitive recursive specification of the object (number
of the concatenated sequence) we are looking for, and a bound on how far to look.
The following works:

concat(𝑠, 𝑡) = (min 𝑣 < sequenceBound(𝑠 + 𝑡, len(𝑠) + len(𝑡)))

(len(𝑣) = len(𝑠) + len(𝑡) ∧
(∀𝑖 < len(𝑠)) ((𝑣)𝑖 = (𝑠)𝑖 ) ∧
(∀𝑗 < len(𝑡)) ((𝑣)len(𝑠 )+𝑗 = (𝑡) 𝑗 ))

Proposition 15.24. The function subseq(𝑠, 𝑖, 𝑛) which returns the subsequence of 𝑠 of

length 𝑛 beginning at the 𝑖th element, is primitive recursive.

Proof. Exercise. □

15.12 Trees
Sometimes it is useful to represent trees as natural numbers, just like we can represent
sequences by numbers and properties of and operations on them by primitive recursive
relations and functions on their codes. We’ll use sequences and their codes to do this.
A tree can be either a single node (possibly with a label) or else a node (possibly with
a label) connected to a number of subtrees. The node is called the root of the tree, and
the subtrees it is connected to its immediate subtrees.
We code trees recursively as a sequence ⟨𝑘, 𝑑 1, . . . , 𝑑𝑘 ⟩, where 𝑘 is the number of
immediate subtrees and 𝑑 1 , . . . , 𝑑𝑘 the codes of the immediate subtrees. If the nodes
have labels, they can be included after the immediate subtrees. So a tree consisting
just of a single node with label 𝑙 would be coded by ⟨0, 𝑙⟩, and a tree consisting of
a root (labelled 𝑙 1 ) connected to two single nodes (labelled 𝑙 2 , 𝑙 3 ) would be coded by
⟨2, ⟨0, 𝑙 2 ⟩, ⟨0, 𝑙 3 ⟩, 𝑙 1 ⟩.

Proposition 15.25. The function SubtreeSeq(𝑡), which returns the code of a sequence
the elements of which are the codes of all subtrees of the tree with code 𝑡, is primitive
recursive.

Proof. First note that ISubtrees(𝑡) = subseq(𝑡, 1, (𝑡)0 ) is primitive recursive and re-
turns the codes of the immediate subtrees of a tree 𝑡. Now we can define a helper
function hSubtreeSeq(𝑡, 𝑛) which computes the sequence of all subtrees which are 𝑛
nodes removed from the root. The sequence of subtrees of 𝑡 which is 0 nodes removed
from the root—in other words, begins at the root of 𝑡—is the sequence consisting just

200
 15.13. Other Recursions

of 𝑡. To obtain a sequence of all level 𝑛 + 1 subtrees of 𝑡, we concatenate the level 𝑛

subtrees with a sequence consisting of all immediate subtrees of the level 𝑛 subtrees.
To get a list of all these, note that if 𝑓 (𝑥) is a primitive recursive function return-
ing codes of sequences, then 𝑔 𝑓 (𝑠, 𝑘) = 𝑓 ((𝑠)0 ) ⌢ . . . ⌢ 𝑓 ((𝑠)𝑘 ) is also primitive
recursive:

𝑔(𝑠, 0) = 𝑓 ((𝑠)0 )
𝑔(𝑠, 𝑘 + 1) = 𝑔(𝑠, 𝑘) ⌢ 𝑓 ((𝑠)𝑘+1 )

For instance, if 𝑠 is a sequence of trees, then ℎ(𝑠) = 𝑔ISubtrees (𝑠, len(𝑠)) gives the
sequence of the immediate subtrees of the elements of 𝑠. We can use it to define
hSubtreeSeq by

hSubtreeSeq(𝑡, 0) = ⟨𝑡⟩
hSubtreeSeq(𝑡, 𝑛 + 1) = hSubtreeSeq(𝑡, 𝑛) ⌢ ℎ(hSubtreeSeq(𝑡, 𝑛)).

The maximum level of subtrees in a tree coded by 𝑡, i.e., the maximum distance
between the root and a leaf node, is bounded by the code 𝑡. So a sequence of codes of
all subtrees of the tree coded by 𝑡 is given by hSubtreeSeq(𝑡, 𝑡). □

15.13 Other Recursions

Using pairing and sequencing, we can justify more exotic (and useful) forms of primi-
tive recursion. For example, it is often useful to define two functions simultaneously,
such as in the following definition:

® 0) = 𝑓0 (𝑥)
ℎ 0 (𝑥, ®
® 0) = 𝑓1 (𝑥)
ℎ 1 (𝑥, ®
® 𝑦 + 1) = 𝑔0 (𝑥,
ℎ 0 (𝑥, ® 𝑦, ℎ 0 (𝑥,
® 𝑦), ℎ 1 (𝑥,
® 𝑦))
® 𝑦 + 1) = 𝑔1 (𝑥,
ℎ 1 (𝑥, ® 𝑦, ℎ 0 (𝑥,
® 𝑦), ℎ 1 (𝑥,
® 𝑦))

This is an instance of simultaneous recursion. Another useful way of defining functions

is to give the value of ℎ(𝑥,
® 𝑦 + 1) in terms of all the values ℎ(𝑥,
® 0), . . . , ℎ(𝑥,
® 𝑦), as in
the following definition:

® 0) = 𝑓 (𝑥)
ℎ(𝑥, ®
® 𝑦 + 1) = 𝑔(𝑥,
ℎ(𝑥, ® 0), . . . , ℎ(𝑥,
® 𝑦, ⟨ℎ(𝑥, ® 𝑦)⟩).

The following schema captures this idea more succinctly:

® 𝑦) = 𝑔(𝑥,
ℎ(𝑥, ® 0), . . . , ℎ(𝑥,
® 𝑦, ⟨ℎ(𝑥, ® 𝑦 − 1)⟩)

with the understanding that the last argument to 𝑔 is just the empty sequence when
𝑦 is 0. In either formulation, the idea is that in computing the “successor step,” the
function ℎ can make use of the entire sequence of values computed so far. This is
known as a course-of-values recursion. For a particular example, it can be used to
justify the following type of definition:
(
𝑔(𝑥,® 𝑦, ℎ(𝑥, ® 𝑦))) if 𝑘 (𝑥,
® 𝑘 (𝑥, ® 𝑦) < 𝑦
® 𝑦) =
ℎ(𝑥,
𝑓 (𝑥)
® otherwise

201
15. Recursive Functions

In other words, the value of ℎ at 𝑦 can be computed in terms of the value of ℎ at any
previous value, given by 𝑘.
You should think about how to obtain these functions using ordinary primitive
recursion. One final version of primitive recursion is more flexible in that one is
allowed to change the parameters (side values) along the way:
® 0) = 𝑓 (𝑥)
ℎ(𝑥, ®
® 𝑦 + 1) = 𝑔(𝑥,
ℎ(𝑥, ® 𝑦, ℎ(𝑘 (𝑥),
® 𝑦))
This, too, can be simulated with ordinary primitive recursion. (Doing so is tricky. For
a hint, try unwinding the computation by hand.)

15.14 Non-Primitive Recursive Functions

The primitive recursive functions do not exhaust the intuitively computable functions.
It should be intuitively clear that we can make a list of all the unary primitive recursive
functions, 𝑓0 , 𝑓1 , 𝑓2 , . . . such that we can effectively compute the value of 𝑓𝑥 on input
𝑦; in other words, the function 𝑔(𝑥, 𝑦), defined by
𝑔(𝑥, 𝑦) = 𝑓𝑥 (𝑦)
is computable. But then so is the function
ℎ(𝑥) = 𝑔(𝑥, 𝑥) + 1
= 𝑓𝑥 (𝑥) + 1.
For each primitive recursive function 𝑓𝑖 , the value of ℎ and 𝑓𝑖 differ at 𝑖. So ℎ is
computable, but not primitive recursive; and one can say the same about 𝑔. This is an
“effective” version of Cantor’s diagonalization argument.
One can provide more explicit examples of computable functions that are not
primitive recursive. For example, let the notation 𝑔𝑛 (𝑥) denote 𝑔(𝑔(. . . 𝑔(𝑥))), with 𝑛
𝑔’s in all; and define a sequence 𝑔0, 𝑔1, . . . of functions by
𝑔0 (𝑥) = 𝑥 +1
𝑔𝑛+1 (𝑥) = 𝑔𝑛𝑥 (𝑥)
You can confirm that each function 𝑔𝑛 is primitive recursive. Each successive function
grows much faster than the one before; 𝑔1 (𝑥) is equal to 2𝑥, 𝑔2 (𝑥) is equal to 2𝑥 · 𝑥,
and 𝑔3 (𝑥) grows roughly like an exponential stack of 𝑥 2’s. The Ackermann–Péter
function is essentially the function 𝐺 (𝑥) = 𝑔𝑥 (𝑥), and one can show that this grows
faster than any primitive recursive function.
Let us return to the issue of enumerating the primitive recursive functions. Remem-
ber that we have assigned symbolic notations to each primitive recursive function;
so it suffices to enumerate notations. We can assign a natural number #(𝐹 ) to each
notation 𝐹 , recursively, as follows:
#(0) = ⟨0⟩
#(𝑆) = ⟨1⟩
#(𝑃𝑖𝑛 ) = ⟨2, 𝑛, 𝑖⟩
#(Comp𝑘,𝑙 [𝐻, 𝐺 0, . . . , 𝐺𝑘 −1 ]) = ⟨3, 𝑘, 𝑙, #(𝐻 ), #(𝐺 0 ), . . . , #(𝐺𝑘 −1 )⟩
#(Rec𝑙 [𝐺, 𝐻 ]) = ⟨4, 𝑙, #(𝐺), #(𝐻 )⟩

202
 15.15. Partial Recursive Functions

Here we are using the fact that every sequence of numbers can be viewed as a natural
number, using the codes from the last section. The upshot is that every code is
assigned a natural number. Of course, some sequences (and hence some numbers)
do not correspond to notations; but we can let 𝑓𝑖 be the unary primitive recursive
function with notation coded as 𝑖, if 𝑖 codes such a notation; and the constant 0
function otherwise. The net result is that we have an explicit way of enumerating the
unary primitive recursive functions.
(In fact, some functions, like the constant zero function, will appear more than
once on the list. This is not just an artifact of our coding, but also a result of the fact
that the constant zero function has more than one notation. We will later see that
one can not computably avoid these repetitions; for example, there is no computable
function that decides whether or not a given notation represents the constant zero
function.)
We can now take the function 𝑔(𝑥, 𝑦) to be given by 𝑓𝑥 (𝑦), where 𝑓𝑥 refers to the
enumeration we have just described. How do we know that 𝑔(𝑥, 𝑦) is computable?
Intuitively, this is clear: to compute 𝑔(𝑥, 𝑦), first “unpack” 𝑥, and see if it is a notation
for a unary function. If it is, compute the value of that function on input 𝑦.
You may already be convinced that (with some work!) one can write a program
(say, in Java or C++) that does this; and now we can appeal to the Church-Turing
thesis, which says that anything that, intuitively, is computable can be computed by
a Turing machine.
Of course, a more direct way to show that 𝑔(𝑥, 𝑦) is computable is to describe
a Turing machine that computes it, explicitly. This would, in particular, avoid the
Church-Turing thesis and appeals to intuition. Soon we will have built up enough
machinery to show that 𝑔(𝑥, 𝑦) is computable, appealing to a model of computation
that can be simulated on a Turing machine: namely, the recursive functions.

15.15 Partial Recursive Functions

To motivate the definition of the recursive functions, note that our proof that there are
computable functions that are not primitive recursive actually establishes much more.
The argument was simple: all we used was the fact that it is possible to enumerate
functions 𝑓0, 𝑓1, . . . such that, as a function of 𝑥 and 𝑦, 𝑓𝑥 (𝑦) is computable. So the
argument applies to any class of functions that can be enumerated in such a way. This
puts us in a bind: we would like to describe the computable functions explicitly; but
any explicit description of a collection of computable functions cannot be exhaustive!
The way out is to allow partial functions to come into play. We will see that it
is possible to enumerate the partial computable functions. In fact, we already pretty
much know that this is the case, since it is possible to enumerate Turing machines
in a systematic way. We will come back to our diagonal argument later, and explore
why it does not go through when partial functions are included.
The question is now this: what do we need to add to the primitive recursive
functions to obtain all the partial recursive functions? We need to do two things:
1. Modify our definition of the primitive recursive functions to allow for partial
functions as well.
2. Add something to the definition, so that some new partial functions are included.
The first is easy. As before, we will start with zero, successor, and projections,
and close under composition and primitive recursion. The only difference is that we

203
15. Recursive Functions

have to modify the definitions of composition and primitive recursion to allow for
the possibility that some of the terms in the definition are not defined. If 𝑓 and 𝑔 are
partial functions, we will write 𝑓 (𝑥) ↓ to mean that 𝑓 is defined at 𝑥, i.e., 𝑥 is in the
domain of 𝑓 ; and 𝑓 (𝑥) ↑ to mean the opposite, i.e., that 𝑓 is not defined at 𝑥. We will
use 𝑓 (𝑥) ≃ 𝑔(𝑥) to mean that either 𝑓 (𝑥) and 𝑔(𝑥) are both undefined, or they are
both defined and equal. We will use these notations for more complicated terms as
well. We will adopt the convention that if ℎ and 𝑔0 , . . . , 𝑔𝑘 all are partial functions,
then
ℎ(𝑔0 (𝑥),
® . . . , 𝑔𝑘 (𝑥))
®
is defined if and only if each 𝑔𝑖 is defined at 𝑥,
® and ℎ is defined at 𝑔0 (𝑥), ® . . . , 𝑔𝑘 (𝑥).
®
With this understanding, the definitions of composition and primitive recursion for
partial functions is just as above, except that we have to replace “=” by “≃”.
What we will add to the definition of the primitive recursive functions to obtain
partial functions is the unbounded search operator. If 𝑓 (𝑥, 𝑧®) is any partial function on
the natural numbers, define 𝜇𝑥 𝑓 (𝑥, 𝑧®) to be

the least 𝑥 such that 𝑓 (0, 𝑧®), 𝑓 (1, 𝑧®), . . . , 𝑓 (𝑥, 𝑧®) are all defined, and 𝑓 (𝑥, 𝑧®) =
0, if such an 𝑥 exists

with the understanding that 𝜇𝑥 𝑓 (𝑥, 𝑧®) is undefined otherwise. This defines 𝜇𝑥 𝑓 (𝑥, 𝑧®)
uniquely.
Note that our definition makes no reference to Turing machines, or algorithms, or
any specific computational model. But like composition and primitive recursion, there
is an operational, computational intuition behind unbounded search. When it comes
to the computability of a partial function, arguments where the function is undefined
correspond to inputs for which the computation does not halt. The procedure for
computing 𝜇𝑥 𝑓 (𝑥, 𝑧®) will amount to this: compute 𝑓 (0, 𝑧®), 𝑓 (1, 𝑧®), 𝑓 (2, 𝑧®) until a value
of 0 is returned. If any of the intermediate computations do not halt, however, neither
does the computation of 𝜇𝑥 𝑓 (𝑥, 𝑧®).
If 𝑅(𝑥, 𝑧®) is any relation, 𝜇𝑥 𝑅(𝑥, 𝑧®) is defined to be 𝜇𝑥 (1 −¤ 𝜒𝑅 (𝑥, 𝑧®)). In other
words, 𝜇𝑥 𝑅(𝑥, 𝑧®) returns the least value of 𝑥 such that 𝑅(𝑥, 𝑧®) holds. So, if 𝑓 (𝑥, 𝑧®)
is a total function, 𝜇𝑥 𝑓 (𝑥, 𝑧®) is the same as 𝜇𝑥 (𝑓 (𝑥, 𝑧®) = 0). But note that our
original definition is more general, since it allows for the possibility that 𝑓 (𝑥, 𝑧®) is
not everywhere defined (whereas, in contrast, the characteristic function of a relation
is always total).

Definition 15.26. The set of partial recursive functions is the smallest set of partial
functions from the natural numbers to the natural numbers (of various arities) con-
taining zero, successor, and projections, and closed under composition, primitive
recursion, and unbounded search.

Of course, some of the partial recursive functions will happen to be total, i.e.,
defined for every argument.

Definition 15.27. The set of recursive functions is the set of partial recursive functions
that are total.

A recursive function is sometimes called “total recursive” to emphasize that it is

defined everywhere.

204
 15.16. General Recursive Functions

15.16 General Recursive Functions

There is another way to obtain a set of total functions. Say a total function 𝑓 (𝑥, 𝑧®) is
regular if for every sequence of natural numbers 𝑧®, there is an 𝑥 such that 𝑓 (𝑥, 𝑧®) = 0.
In other words, the regular functions are exactly those functions to which one can
apply unbounded search, and end up with a total function. One can, conservatively,
restrict unbounded search to regular functions:

Definition 15.28. The set of general recursive functions is the smallest set of functions
from the natural numbers to the natural numbers (of various arities) containing zero,
successor, and projections, and closed under composition, primitive recursion, and
unbounded search applied to regular functions.

Clearly every general recursive function is total. The difference between Def-
inition 15.28 and Definition 15.27 is that in the latter one is allowed to use partial
recursive functions along the way; the only requirement is that the function you end
up with at the end is total. So the word “general,” a historic relic, is a misnomer; on
the surface, Definition 15.28 is less general than Definition 15.27. But, fortunately, the
difference is illusory; though the definitions are different, the set of general recursive
functions and the set of recursive functions are one and the same.

Problems
Problem 15.1. Prove Proposition 15.5 by showing that the primitive recursive defini-
tion of mult can be put into the form required by Definition 15.1 and showing that the
corresponding functions 𝑓 and 𝑔 are primitive recursive.

Problem 15.2. Give the complete primitive recursive notation for mult.

Problem 15.3. Prove Proposition 15.13.

Problem 15.4. Show that


.2
𝑥
..
) 𝑦 2’s
𝑓 (𝑥, 𝑦) = 2 (2

is primitive recursive.

Problem 15.5. Show that integer division 𝑑 (𝑥, 𝑦) = ⌊𝑥/𝑦⌋ (i.e., division, where you
disregard everything after the decimal point) is primitive recursive. When 𝑦 = 0, we
stipulate 𝑑 (𝑥, 𝑦) = 0. Give an explicit definition of 𝑑 using primitive recursion and
composition.

Problem 15.6. Show that the three place relation 𝑥 ≡ 𝑦 mod 𝑛 (congruence mod-
ulo 𝑛) is primitive recursive.

Problem 15.7. Suppose 𝑅(𝑥, ® 𝑧) is primitive recursive. Define the function 𝑚𝑅′ (𝑥,
® 𝑦)
which returns the least 𝑧 less than 𝑦 such that 𝑅(𝑥,® 𝑧) holds, if there is one, and 0
otherwise, by primitive recursion from 𝜒𝑅 .

Problem 15.8. Define integer division 𝑑 (𝑥, 𝑦) using bounded minimization.

205
15. Recursive Functions

Problem 15.9. Show that there is a primitive recursive function sconcat(𝑠) with the
property that
sconcat(⟨𝑠 0, . . . , 𝑠𝑘 ⟩) = 𝑠 0 ⌢ . . . ⌢ 𝑠𝑘 .

Problem 15.10. Show that there is a primitive recursive function tail(𝑠) with the
property that

tail(Λ) = 0 and
tail(⟨𝑠 0, . . . , 𝑠𝑘 ⟩) = ⟨𝑠 1, . . . , 𝑠𝑘 ⟩.

Problem 15.11. Prove Proposition 15.24.

Problem 15.12. The definition of hSubtreeSeq in the proof of Proposition 15.25 in

general includes repetitions. Give an alternative definition which guarantees that the
code of a subtree occurs only once in the resulting list.

Problem 15.13. Define the remainder function 𝑟 (𝑥, 𝑦) by course-of-values recursion.

(If 𝑥, 𝑦 are natural numbers and 𝑦 > 0, 𝑟 (𝑥, 𝑦) is the number less than 𝑦 such that
𝑥 = 𝑧 × 𝑦 + 𝑟 (𝑥, 𝑦) for some 𝑧. For definiteness, let’s say that if 𝑦 = 0, 𝑟 (𝑥, 0) = 0.)

206
Chapter 16

Introduction to Incompleteness

16.1 Historical Background

In this section, we will briefly discuss historical developments that will help put
the incompleteness theorems in context. In particular, we will give a very sketchy
overview of the history of mathematical logic; and then say a few words about the
history of the foundations of mathematics.
The phrase “mathematical logic” is ambiguous. One can interpret the word “math-
ematical” as describing the subject matter, as in, “the logic of mathematics,” denoting
the principles of mathematical reasoning; or as describing the methods, as in “the
mathematics of logic,” denoting a mathematical study of the principles of reasoning.
The account that follows involves mathematical logic in both senses, often at the
same time.
The study of logic began, essentially, with Aristotle, who lived approximately
384–322 bce. His Categories, Prior analytics, and Posterior analytics include systematic
studies of the principles of scientific reasoning, including a thorough and systematic
study of the syllogism.
Aristotle’s logic dominated scholastic philosophy through the middle ages; indeed,
as late as the eighteenth century, Kant maintained that Aristotle’s logic was perfect
and in no need of revision. But the theory of the syllogism is far too limited to model
anything but the most superficial aspects of mathematical reasoning. A century earlier,
Leibniz, a contemporary of Newton’s, imagined a complete “calculus” for logical
reasoning, and made some rudimentary steps towards designing such a calculus,
essentially describing a version of propositional logic.
The nineteenth century was a watershed for logic. In 1854 George Boole wrote
The Laws of Thought, with a thorough algebraic study of propositional logic that is
not far from modern presentations. In 1879 Gottlob Frege published his Begriffsschrift
(Concept writing) which extends propositional logic with quantifiers and relations,
and thus includes first-order logic. In fact, Frege’s logical systems included higher-
order logic as well, and more. In his Basic Laws of Arithmetic, Frege set out to
show that all of arithmetic could be derived in his Begriffsschrift from purely logical
assumption. Unfortunately, these assumptions turned out to be inconsistent, as Russell
showed in 1902. But setting aside the inconsistent axiom, Frege more or less invented
modern logic singlehandedly, a startling achievement. Quantificational logic was
also developed independently by algebraically-minded thinkers after Boole, including
Peirce and Schröder.

207
16. Introduction to Incompleteness

Let us now turn to developments in the foundations of mathematics. Of course,

since logic plays an important role in mathematics, there is a good deal of interaction
with the developments just described. For example, Frege developed his logic with
the explicit purpose of showing that all of mathematics could be based solely on his
logical framework; in particular, he wished to show that mathematics consists of a
priori analytic truths instead of, as Kant had maintained, a priori synthetic ones.
Many take the birth of mathematics proper to have occurred with the Greeks.
Euclid’s Elements, written around 300 B.C., is already a mature representative of Greek
mathematics, with its emphasis on rigor and precision. The definitions and proofs in
Euclid’s Elements survive more or less intact in high school geometry textbooks today
(to the extent that geometry is still taught in high schools). This model of mathematical
reasoning has been held to be a paradigm for rigorous argumentation not only in
mathematics but in branches of philosophy as well. (Spinoza even presented moral
and religious arguments in the Euclidean style, which is strange to see!)
Calculus was invented by Newton and Leibniz in the seventeenth century. (A
fierce priority dispute raged for centuries, but most scholars today hold that the two
developments were for the most part independent.) Calculus involves reasoning
about, for example, infinite sums of infinitely small quantities; these features fueled
criticism by Bishop Berkeley, who argued that belief in God was no less rational
than the mathematics of his time. The methods of calculus were widely used in the
eighteenth century, for example by Leonhard Euler, who used calculations involving
infinite sums with dramatic results.
In the nineteenth century, mathematicians tried to address Berkeley’s criticisms by
putting calculus on a firmer foundation. Efforts by Cauchy, Weierstrass, Bolzano, and
others led to our contemporary definitions of limits, continuity, differentiation, and
integration in terms of “epsilons and deltas,” in other words, devoid of any reference
to infinitesimals. Later in the century, mathematicians tried to push further, and
explain all aspects of calculus, including the real numbers themselves, in terms of the
natural numbers. (Kronecker: “God created the whole numbers, all else is the work
of man.”) In 1872, Dedekind wrote “Continuity and the irrational numbers,” where
he showed how to “construct” the real numbers as sets of rational numbers (which,
as you know, can be viewed as pairs of natural numbers); in 1888 he wrote “Was
sind und was sollen die Zahlen” (roughly, “What are the natural numbers, and what
should they be?”) which aimed to explain the natural numbers in purely “logical”
terms. In 1887 Kronecker wrote “Über den Zahlbegriff” (“On the concept of number”)
where he spoke of representing all mathematical object in terms of the integers; in
1889 Giuseppe Peano gave formal, symbolic axioms for the natural numbers.
The end of the nineteenth century also brought a new boldness in dealing with
the infinite. Before then, infinitary objects and structures (like the set of natural
numbers) were treated gingerly; “infinitely many” was understood as “as many as
you want,” and “approaches in the limit” was understood as “gets as close as you
want.” But Georg Cantor showed that it was possible to take the infinite at face value.
Work by Cantor, Dedekind, and others help to introduce the general set-theoretic
understanding of mathematics that is now widely accepted.
This brings us to twentieth century developments in logic and foundations. In
1902 Russell discovered the paradox in Frege’s logical system. In 1904 Zermelo proved
Cantor’s well-ordering principle, using the so-called “axiom of choice”; the legitimacy
of this axiom prompted a good deal of debate. Between 1910 and 1913 the three volumes
of Russell and Whitehead’s Principia Mathematica appeared, extending the Fregean
program of establishing mathematics on logical grounds. Unfortunately, Russell and

208
 16.1. Historical Background

Whitehead were forced to adopt two principles that seemed hard to justify as purely
logical: an axiom of infinity and an axiom of “reducibility.” In the 1900’s Poincaré
criticized the use of “impredicative definitions” in mathematics, and in the 1910’s
Brouwer began proposing to refound all of mathematics in an “intuitionistic” basis,
which avoided the use of the law of the excluded middle (𝜑 ∨ ¬𝜑).
Strange days indeed! The program of reducing all of mathematics to logic is
now referred to as “logicism,” and is commonly viewed as having failed, due to the
difficulties mentioned above. The program of developing mathematics in terms of
intuitionistic mental constructions is called “intuitionism,” and is viewed as posing
overly severe restrictions on everyday mathematics. Around the turn of the century,
David Hilbert, one of the most influential mathematicians of all time, was a strong
supporter of the new, abstract methods introduced by Cantor and Dedekind: “no one
will drive us from the paradise that Cantor has created for us.” At the same time, he
was sensitive to foundational criticisms of these new methods (oddly enough, now
called “classical”). He proposed a way of having one’s cake and eating it too:

1. Represent classical methods with formal axioms and rules; represent mathe-
matical questions as formulas in an axiomatic system.
2. Use safe, “finitary” methods to prove that these formal deductive systems are
consistent.

Hilbert’s work went a long way toward accomplishing the first goal. In 1899,
he had done this for geometry in his celebrated book Foundations of geometry. In
subsequent years, he and a number of his students and collaborators worked on other
areas of mathematics to do what Hilbert had done for geometry. Hilbert himself
gave axiom systems for arithmetic and analysis. Zermelo gave an axiomatization
of set theory, which was expanded on by Fraenkel, Skolem, von Neumann, and
others. By the mid-1920s, there were two approaches that laid claim to the title of
an axiomatization of “all” of mathematics, the Principia mathematica of Russell and
Whitehead, and what came to be known as Zermelo-Fraenkel set theory.
In 1921, Hilbert set out on a research project to establish the goal of proving these
systems to be consistent. He was aided in this project by several of his students, in
particular Bernays, Ackermann, and later Gentzen. The basic idea for accomplishing
this goal was to cast the question of the possibility of a derivation of an inconsistency
in mathematics as a combinatorial problem about possible sequences of symbols,
namely possible sequences of sentences which meet the criterion of being a correct
derivation of, say, 𝜑 ∧ ¬𝜑 from the axioms of an axiom system for arithmetic, analysis,
or set theory. A proof of the impossibility of such a sequence of symbols would—
since it is itself a mathematical proof—be formalizable in these axiomatic systems. In
other words, there would be some sentence Con which states that, say, arithmetic is
consistent. Moreover, this sentence should be provable in the systems in question,
especially if its proof requires only very restricted, “finitary” means.
The second aim, that the axiom systems developed would settle every mathemati-
cal question, can be made precise in two ways. In one way, we can formulate it as
follows: For any sentence 𝜑 in the language of an axiom system for mathematics,
either 𝜑 or ¬𝜑 is provable from the axioms. If this were true, then there would be
no sentences which can neither be proved nor refuted on the basis of the axioms,
no questions which the axioms do not settle. An axiom system with this property
is called complete. Of course, for any given sentence it might still be a difficult task
to determine which of the two alternatives holds. But in principle there should be a

209
16. Introduction to Incompleteness

method to do so. In fact, for the axiom and derivation systems considered by Hilbert,
completeness would imply that such a method exists—although Hilbert did not realize
this. The second way to interpret the question would be this stronger requirement:
that there be a mechanical, computational method which would determine, for a
given sentence 𝜑, whether it is derivable from the axioms or not.
In 1931, Gödel proved the two “incompleteness theorems,” which showed that
this program could not succeed. There is no axiom system for mathematics which is
complete, specifically, the sentence that expresses the consistency of the axioms is a
sentence which can neither be proved nor refuted.
This struck a lethal blow to Hilbert’s original program. However, as is so often
the case in mathematics, it also opened up exciting new avenues for research. If
there is no one, all-encompassing formal system of mathematics, it makes sense to
develop more circumscribed systems and investigate what can be proved in them.
It also makes sense to develop less restricted methods of proof for establishing the
consistency of these systems, and to find ways to measure how hard it is to prove their
consistency. Since Gödel showed that (almost) every formal system has questions it
cannot settle, it makes sense to look for “interesting” questions a given formal system
cannot settle, and to figure out how strong a formal system has to be to settle them. To
the present day, logicians have been pursuing these questions in a new mathematical
discipline, the theory of proofs.

16.2 Definitions
In order to carry out Hilbert’s project of formalizing mathematics and showing that
such a formalization is consistent and complete, the first order of business would
be that of picking a language, logical framework, and a system of axioms. For our
purposes, let us suppose that mathematics can be formalized in a first-order language,
i.e., that there is some set of constant symbols, function symbols, and predicate
symbols which, together with the connectives and quantifiers of first-order logic,
allow us to express the claims of mathematics. Most people agree that such a language
exists: the language of set theory, in which ∈ is the only non-logical symbol. That
such a simple language is so expressive is of course a very implausible claim at first
sight, and it took a lot of work to establish that practically of all mathematics can
be expressed in this very austere vocabulary. To keep things simple, for now, let’s
restrict our discussion to arithmetic, so the part of mathematics that just deals with
the natural numbers N. The natural language in which to express facts of arithmetic
is L𝐴 . L𝐴 contains a single two-place predicate symbol <, a single constant symbol 0,
one one-place function symbol ′, and two two-place function symbols + and ×.

Definition 16.1. A set of sentences Γ is a theory if it is closed under entailment, i.e.,

if Γ = {𝜑 | Γ ⊨ 𝜑 }.

There are two easy ways to specify theories. One is as the set of sentences true in
some structure. For instance, consider the structure for L𝐴 in which the domain is N
and all non-logical symbols are interpreted as you would expect.

Definition 16.2. The standard model of arithmetic is the structure 𝔑 defined as

follows:

1. |𝔑| = N

210
 16.2. Definitions

2. 0𝔑 = 0
3. ′𝔑 (𝑛) = 𝑛 + 1 for all 𝑛 ∈ N
4. +𝔑 (𝑛, 𝑚) = 𝑛 + 𝑚 for all 𝑛, 𝑚 ∈ N
5. ×𝔑 (𝑛, 𝑚) = 𝑛 · 𝑚 for all 𝑛, 𝑚 ∈ N
6. <𝔑 = {⟨𝑛, 𝑚⟩ | 𝑛 ∈ N, 𝑚 ∈ N, 𝑛 < 𝑚}

Note the difference between × and ·: × is a symbol in the language of arithmetic. Of

course, we’ve chosen it to remind us of multiplication, but × is not the multiplication
operation but a two-place function symbol (officially, 𝑓12 ). By contrast, · is the ordinary
multiplication function. When you see something like 𝑛 · 𝑚, we mean the product of
the numbers 𝑛 and 𝑚; when you see something like 𝑥 × 𝑦 we are talking about a term
in the language of arithmetic. In the standard model, the function symbol times is
interpreted as the function · on the natural numbers. For addition, we use + as both
the function symbol of the language of arithmetic, and the addition function on the
natural numbers. Here you have to use the context to determine what is meant.
Definition 16.3. The theory of true arithmetic is the set of sentences satisfied in the
standard model of arithmetic, i.e.,
TA = {𝜑 | 𝔑 ⊨ 𝜑 }.

TA is a theory, for whenever TA ⊨ 𝜑, 𝜑 is satisfied in every structure which

satisfies TA. Since 𝔐 ⊨ TA, 𝔐 ⊨ 𝜑, and so 𝜑 ∈ TA.
The other way to specify a theory Γ is as the set of sentences entailed by some set
of sentences Γ0 . In that case, Γ is the “closure” of Γ0 under entailment. Specifying a
theory this way is only interesting if Γ0 is explicitly specified, e.g., if the elements of Γ0
are listed. At the very least, Γ0 has to be decidable, i.e., there has to be a computable
test for when a sentence counts as an element of Γ0 or not. We call the sentences in Γ0
axioms for Γ, and Γ axiomatized by Γ0 .
Definition 16.4. A theory Γ is axiomatized by Γ0 iff
Γ = {𝜑 | Γ0 ⊨ 𝜑 }

Definition 16.5. The theory Q axiomatized by the following sentences is known as

“Robinson’s Q” and is a very simple theory of arithmetic.
∀𝑥 ∀𝑦 (𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦) (𝑄 1 )
∀𝑥 0 ≠ 𝑥 ′ (𝑄 2 )
∀𝑥 (𝑥 = 0 ∨ ∃𝑦 𝑥 = 𝑦 ′ ) (𝑄 3 )
∀𝑥 (𝑥 + 0) = 𝑥 (𝑄 4 )
′
∀𝑥 ∀𝑦 (𝑥 + 𝑦 ) = (𝑥 + 𝑦) ′
(𝑄 5 )
∀𝑥 (𝑥 × 0) = 0 (𝑄 6 )
∀𝑥 ∀𝑦 (𝑥 × 𝑦 ′ ) = ((𝑥 × 𝑦) + 𝑥) (𝑄 7 )
′
∀𝑥 ∀𝑦 (𝑥 < 𝑦 ↔ ∃𝑧 (𝑧 + 𝑥) = 𝑦) (𝑄 8 )
The set of sentences {𝑄 1, . . . , 𝑄 8 } are the axioms of Q, so Q consists of all sentences
entailed by them:
Q = {𝜑 | {𝑄 1, . . . , 𝑄 8 } ⊨ 𝜑 }.

211
16. Introduction to Incompleteness

Definition 16.6. Suppose 𝜑 (𝑥) is a formula in L𝐴 with free variables 𝑥 and 𝑦1 , . . . ,

𝑦𝑛 . Then any sentence of the form

∀𝑦1 . . . ∀𝑦𝑛 ((𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥))

is an instance of the induction schema.

Peano arithmetic PA is the theory axiomatized by the axioms of Q together with
all instances of the induction schema.

Every instance of the induction schema is true in 𝔑. This is easiest to see if the
formula 𝜑 only has one free variable 𝑥. Then 𝜑 (𝑥) defines a subset 𝑋𝜑 of N in 𝔑.
𝑋𝜑 is the set of all 𝑛 ∈ N such that 𝔑, 𝑠 ⊨ 𝜑 (𝑥) when 𝑠 (𝑥) = 𝑛. The corresponding
instance of the induction schema is

((𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥)).

If its antecedent is true in 𝔑, then 0 ∈ 𝑋𝜑 and, whenever 𝑛 ∈ 𝑋𝜑 , so is 𝑛 + 1. Since

0 ∈ 𝑋𝜑 , we get 1 ∈ 𝑋𝜑 . With 1 ∈ 𝑋𝜑 we get 2 ∈ 𝑋𝜑 . And so on. So for every 𝑛 ∈ N,
𝑛 ∈ 𝑋𝜑 . But this means that ∀𝑥 𝜑 (𝑥) is satisfied in 𝔑.
Both Q and PA are axiomatized theories. The big question is, how strong are
they? For instance, can PA prove all the truths about N that can be expressed in L𝐴 ?
Specifically, do the axioms of PA settle all the questions that can be formulated in L𝐴 ?
Another way to put this is to ask: Is PA = TA? TA obviously does prove (i.e., it
includes) all the truths about N, and it settles all the questions that can be formulated
in L𝐴 , since if 𝜑 is a sentence in L𝐴 , then either 𝔑 ⊨ 𝜑 or 𝔑 ⊨ ¬𝜑, and so either
TA ⊨ 𝜑 or TA ⊨ ¬𝜑. Call such a theory complete.
Definition 16.7. A theory Γ is complete iff for every sentence 𝜑 in its language, either
Γ ⊨ 𝜑 or Γ ⊨ ¬𝜑.

By the Completeness Theorem, Γ ⊨ 𝜑 iff Γ ⊢ 𝜑, so Γ is complete iff for every

sentence 𝜑 in its language, either Γ ⊢ 𝜑 or Γ ⊢ ¬𝜑.
Another question we are led to ask is this: Is there a computational procedure
we can use to test if a sentence is in TA, in PA, or even just in Q? We can make this
more precise by defining when a set (e.g., a set of sentences) is decidable.
Definition 16.8. A set 𝑋 is decidable iff there is a computational procedure which
on input 𝑥 returns 1 if 𝑥 ∈ 𝑋 and 0 otherwise.

So our question becomes: Is TA (PA, Q) decidable?

The answer to all these questions will be: no. None of these theories are decidable.
However, this phenomenon is not specific to these particular theories. In fact, any
theory that satisfies certain conditions is subject to the same results. One of these
conditions, which Q and PA satisfy, is that they are axiomatized by a decidable set of
axioms.
Definition 16.9. A theory is axiomatizable if it is axiomatized by a decidable set of
axioms.

Example 16.10. Any theory axiomatized by a finite set of sentences is axiomatizable,

since any finite set is decidable. Thus, Q, for instance, is axiomatizable.
Schematically axiomatized theories like PA are also axiomatizable. For to test if 𝜓
is among the axioms of PA, i.e., to compute the function 𝜒𝑋 where 𝜒𝑋 (𝜓 ) = 1 if 𝜓 is

212
 16.2. Definitions

an axiom of PA and = 0 otherwise, we can do the following: First, check if 𝜓 is one of

the axioms of Q. If it is, the answer is “yes” and the value of 𝜒𝑋 (𝜓 ) = 1. If not, test if
it is an instance of the induction schema. This can be done systematically; in this case,
perhaps it’s easiest to see that it can be done as follows: Any instance of the induction
schema begins with a number of universal quantifiers, and then a sub-formula that
is a conditional. The consequent of that conditional is ∀𝑥 𝜑 (𝑥, 𝑦1, . . . , 𝑦𝑛 ) where 𝑥
and 𝑦1 , . . . , 𝑦𝑛 are all the free variables of 𝜑 and the initial quantifiers of 𝜓 bind the
variables 𝑦1 , . . . , 𝑦𝑛 . Once we have extracted this 𝜑 and checked that its free variables
match the variables bound by the universal quantifiers at the front and ∀𝑥, we go on
to check that the antecedent of the conditional matches

𝜑 (0, 𝑦1, . . . , 𝑦𝑛 ) ∧ ∀𝑥 (𝜑 (𝑥, 𝑦1, . . . , 𝑦𝑛 ) → 𝜑 (𝑥 ′, 𝑦1, . . . , 𝑦𝑛 ))

Again, if it does, 𝜓 is an instance of the induction schema, and if it doesn’t, 𝜓 isn’t.

In answering this question—and the more general question of which theories are
complete or decidable—it will be useful to consider also the following definition. Recall
that a set 𝑋 is countable iff it is empty or if there is a surjective function 𝑓 : N → 𝑋 .
Such a function is called an enumeration of 𝑋 .

Definition 16.11. A set 𝑋 is called computably enumerable (c.e. for short) iff it is
empty or it has a computable enumeration.

In addition to axiomatizability, another condition on theories to which the in-

completeness theorems apply will be that they are strong enough to prove basic
facts about computable functions and decidable relations. By “basic facts,” we mean
sentences which express what the values of computable functions are for each of their
arguments. And by “strong enough” we mean that the theories in question count
these sentences among its theorems. For instance, consider a prototypical computable
function: addition. The value of + for arguments 2 and 3 is 5, i.e., 2 + 3 = 5. A sentence
in the language of arithmetic that expresses that the value of + for arguments 2 and 3
is 5 is: (2 + 3) = 5. And, e.g., Q proves this sentence. More generally, we would like
there to be, for each computable function 𝑓 (𝑥 1, 𝑥 2 ) a formula 𝜑 𝑓 (𝑥 1, 𝑥 2, 𝑦) in L𝐴 such
that Q ⊢ 𝜑 𝑓 (𝑛 1, 𝑛 2, 𝑚) whenever 𝑓 (𝑛 1, 𝑛 2 ) = 𝑚. In this way, Q proves that the value
of 𝑓 for arguments 𝑛 1 , 𝑛 2 is 𝑚. In fact, we require that it proves a bit more, namely
that no other number is the value of 𝑓 for arguments 𝑛 1 , 𝑛 2 . And the same goes for
decidable relations. This is made precise in the following two definitions.

Definition 16.12. A formula 𝜑 (𝑥 1, . . . , 𝑥𝑘 , 𝑦) represents the function 𝑓 : N𝑘 → N in Γ

iff whenever 𝑓 (𝑛 1, . . . , 𝑛𝑘 ) = 𝑚, then

1. Γ ⊢ 𝜑 (𝑛 1, . . . , 𝑛𝑘 , 𝑚), and

2. Γ ⊢ ∀𝑦 (𝜑 (𝑛 1, . . . , 𝑛𝑘 , 𝑦) → 𝑦 = 𝑚).

Definition 16.13. A formula 𝜑 (𝑥 1, . . . , 𝑥𝑘 ) represents the relation 𝑅 ⊆ N𝑘 iff,

1. whenever 𝑅(𝑛 1, . . . , 𝑛𝑘 ), Γ ⊢ 𝜑 (𝑛 1, . . . , 𝑛𝑘 ), and

2. whenever not 𝑅(𝑛 1, . . . , 𝑛𝑘 ), Γ ⊢ ¬𝜑 (𝑛 1, . . . , 𝑛𝑘 ).

213
16. Introduction to Incompleteness

A theory is “strong enough” for the incompleteness theorems to apply if it rep-

resents all computable functions and all decidable relations. Q and its extensions
satisfy this condition, but it will take us a while to establish this—it’s a non-trivial
fact about the kinds of things Q can prove, and it’s hard to show because Q has only a
few axioms from which we’ll have to prove all these facts. However, Q is a very weak
theory. So although it’s hard to prove that Q represents all computable functions,
most interesting theories are stronger than Q, i.e., prove more than Q does. And if
Q proves something, any stronger theory does; since Q represents all computable
functions, every stronger theory does. This means that many interesting theories meet
this condition of the incompleteness theorems. So our hard work will pay off, since it
shows that the incompleteness theorems apply to a wide range of theories. Certainly,
any theory aiming to formalize “all of mathematics” must prove everything that Q
proves, since it should at the very least be able to capture the results of elementary
computations. So any theory that is a candidate for a theory of “all of mathematics”
will be one to which the incompleteness theorems apply.

16.3 Overview of Incompleteness Results

Hilbert expected that mathematics could be formalized in an axiomatizable theory
which it would be possible to prove complete and decidable. Moreover, he aimed
to prove the consistency of this theory with very weak, “finitary,” means, which
would defend classical mathematics against the challenges of intuitionism. Gödel’s
incompleteness theorems showed that these goals cannot be achieved.
Gödel’s first incompleteness theorem showed that a version of Russell and White-
head’s Principia Mathematica is not complete. But the proof was actually very general
and applies to a wide variety of theories. This means that it wasn’t just that Prin-
cipia Mathematica did not manage to completely capture mathematics, but that no
acceptable theory does. It took a while to isolate the features of theories that suffice
for the incompleteness theorems to apply, and to generalize Gödel’s proof to apply
make it depend only on these features. But we are now in a position to state a very
general version of the first incompleteness theorem for theories in the language L𝐴
of arithmetic.

Theorem 16.14. If Γ is a consistent and axiomatizable theory in L𝐴 which represents

all computable functions and decidable relations, then Γ is not complete.

To say that Γ is not complete is to say that for at least one sentence 𝜑, Γ ⊬ 𝜑
and Γ ⊬ ¬𝜑. Such a sentence is called independent (of Γ). We can in fact relatively
quickly prove that there must be independent sentences. But the power of Gödel’s
proof of the theorem lies in the fact that it exhibits a specific example of such an
independent sentence. The intriguing construction produces a sentence 𝛾 Γ , called a
Gödel sentence for Γ, which is unprovable because in Γ, 𝛾 Γ is equivalent to the claim
that 𝛾 Γ is unprovable in Γ. It does so constructively, i.e., given an axiomatization of Γ
and a description of the derivation system, the proof gives a method for actually
writing down 𝛾 Γ .
The construction in Gödel’s proof requires that we find a way to express in L𝐴
the properties of and operations on terms and formulas of L𝐴 itself. These include
properties such as “𝜑 is a sentence,” “𝛿 is a derivation of 𝜑,” and operations such as
𝜑 [𝑡/𝑥]. This way must (a) express these properties and relations via a “coding” of
symbols and sequences thereof (which is what terms, formulas, derivations, etc. are)

214
 16.4. Undecidability and Incompleteness

as natural numbers (which is what L𝐴 can talk about). It must (b) do this in such a
way that Γ will prove the relevant facts, so we must show that these properties are
coded by decidable properties of natural numbers and the operations correspond to
computable functions on natural numbers. This is called “arithmetization of syntax.”
Before we investigate how syntax can be arithmetized, however, we will consider
the condition that Γ is “strong enough,” i.e., represents all computable functions and
decidable relations. This requires that we give a precise definition of “computable.”
This can be done in a number of ways, e.g., via the model of Turing machines, or
as those functions computable by programs in some general-purpose programming
language. Since our aim is to represent these functions and relations in a theory in the
language L𝐴 , however, it is best to pick a simple definition of computability of just
numerical functions. This is the notion of recursive function. So we will first discuss
the recursive functions. We will then show that Q already represents all recursive
functions and relations. This will allow us to apply the incompleteness theorem to
specific theories such as Q and PA, since we will have established that these are
examples of theories that are “strong enough.”
The end result of the arithmetization of syntax is a formula ProvΓ (𝑥) which,
via the coding of formulas as numbers, expresses provability from the axioms of Γ.
Specifically, if 𝜑 is coded by the number 𝑛, and Γ ⊢ 𝜑, then Γ ⊢ ProvΓ (𝑛). This
“provability predicate” for Γ allows us also to express, in a certain sense, the consistency
of Γ as a sentence of L𝐴 : let the “consistency statement” for Γ be the sentence
¬ProvΓ (𝑛), where we take 𝑛 to be the code of a contradiction, e.g., of ⊥. The second
incompleteness theorem states that consistent axiomatizable theories also do not
prove their own consistency statements. The conditions required for this theorem
to apply are a bit more stringent than just that the theory represents all computable
functions and decidable relations, but we will show that PA satisfies them.

16.4 Undecidability and Incompleteness

Gödel’s proof of the incompleteness theorems require arithmetization of syntax. But
even without that we can obtain some nice results just on the assumption that a
theory represents all decidable relations. The proof is a diagonal argument similar to
the proof of the undecidability of the halting problem.

Theorem 16.15. If Γ is a consistent theory that represents every decidable relation, then
Γ is not decidable.

Proof. Suppose Γ were decidable. We show that if Γ represents every decidable

relation, it must be inconsistent.
Decidable properties (one-place relations) are represented by formulas with one
free variable. Let 𝜑 0 (𝑥), 𝜑 1 (𝑥), . . . , be a computable enumeration of all such formulas.
Now consider the following set 𝐷 ⊆ N:

𝐷 = {𝑛 | Γ ⊢ ¬𝜑𝑛 (𝑛)}

The set 𝐷 is decidable, since we can test if 𝑛 ∈ 𝐷 by first computing 𝜑𝑛 (𝑥), and from
this ¬𝜑𝑛 (𝑛). Obviously, substituting the term 𝑛 for every free occurrence of 𝑥 in
𝜑𝑛 (𝑥) and prefixing 𝜑 (𝑛) by ¬ is a mechanical matter. By assumption, Γ is decidable,
so we can test if ¬𝜑 (𝑛) ∈ Γ. If it is, 𝑛 ∈ 𝐷, and if it isn’t, 𝑛 ∉ 𝐷. So 𝐷 is likewise
decidable.

215
16. Introduction to Incompleteness

Since Γ represents all decidable properties, it represents 𝐷. And the formulas

which represent 𝐷 in Γ are all among 𝜑 0 (𝑥), 𝜑 1 (𝑥), . . . . So let 𝑑 be a number such that
𝜑𝑑 (𝑥) represents 𝐷 in Γ. If 𝑑 ∉ 𝐷, then, since 𝜑𝑑 (𝑥) represents 𝐷, Γ ⊢ ¬𝜑𝑑 (𝑑). But
that means that 𝑑 meets the defining condition of 𝐷, and so 𝑑 ∈ 𝐷. This contradicts
𝑑 ∉ 𝐷. So by indirect proof, 𝑑 ∈ 𝐷.
Since 𝑑 ∈ 𝐷, by the definition of 𝐷, Γ ⊢ ¬𝜑𝑑 (𝑑). On the other hand, since 𝜑𝑑 (𝑥)
represents 𝐷 in Γ, Γ ⊢ 𝜑𝑑 (𝑑). Hence, Γ is inconsistent. □
The preceding theorem shows that no consistent theory that represents all de-
cidable relations can be decidable. We will show that Q does represent all decidable
relations; this means that all theories that include Q, such as PA and TA, also do, and
hence also are not decidable. (Since all these theories are true in the standard model,
they are all consistent.)
We can also use this result to obtain a weak version of the first incompleteness
theorem. Any theory that is axiomatizable and complete is decidable. Consistent
theories that are axiomatizable and represent all decidable properties then cannot be
complete.
Theorem 16.16. If Γ is axiomatizable and complete it is decidable.
Proof. Any inconsistent theory is decidable, since inconsistent theories contain all
sentences, so the answer to the question “is 𝜑 ∈ Γ” is always “yes,” i.e., can be decided.
So suppose Γ is consistent, and furthermore is axiomatizable, and complete. Since
Γ is axiomatizable, it is computably enumerable. For we can enumerate all the correct
derivations from the axioms of Γ by a computable function. From a correct derivation
we can compute the sentence it derives, and so together there is a computable function
that enumerates all theorems of Γ. A sentence is a theorem of Γ iff ¬𝜑 is not a theorem,
since Γ is consistent and complete. We can therefore decide if 𝜑 ∈ Γ as follows.
Enumerate all theorems of Γ. When 𝜑 appears on this list, we know that Γ ⊢ 𝜑. When
¬𝜑 appears on this list, we know that Γ ⊬ 𝜑. Since Γ is complete, one of these cases
eventually obtains, so the procedure eventually produces an answer. □
Corollary 16.17. If Γ is consistent, axiomatizable, and represents every decidable prop-
erty, it is not complete.
Proof. If Γ were complete, it would be decidable by the previous theorem (since it is
axiomatizable and consistent). But since Γ represents every decidable property, it is
not decidable, by the first theorem. □
Once we have established that, e.g., Q, represents all decidable properties, the
corollary tells us that Q must be incomplete. However, its proof does not provide an
example of an independent sentence; it merely shows that such a sentence must exist.
For this, we have to arithmetize syntax and follow Gödel’s original proof idea. And
of course, we still have to show the first claim, namely that Q does, in fact, represent
all decidable properties.
It should be noted that not every interesting theory is incomplete or undecid-
able. There are many theories that are sufficiently strong to describe interesting
mathematical facts that do not satisify the conditions of Gödel’s result. For instance,
Pres = {𝜑 ∈ L𝐴+ | 𝔑 ⊨ 𝜑 }, the set of sentences of the language of arithmetic with-
out × true in the standard model, is both complete and decidable. This theory is called
Presburger arithmetic, and proves all the truths about natural numbers that can be
formulated just with 0, ′, and +.

216
 16.4. Undecidability and Incompleteness

Problems
Problem 16.1. Show that TA = {𝜑 | 𝔑 ⊨ 𝜑 } is not axiomatizable. You may assume
that TA represents all decidable properties.

217
Chapter 17

Arithmetization of Syntax

17.1 Introduction

In order to connect computability and logic, we need a way to talk about the objects of
logic (symbols, terms, formulas, derivations), operations on them, and their properties
and relations, in a way amenable to computational treatment. We can do this directly,
by considering computable functions and relations on symbols, sequences of symbols,
and other objects built from them. Since the objects of logical syntax are all finite and
built from a countable sets of symbols, this is possible for some models of computation.
But other models of computation—such as the recursive functions—-are restricted
to numbers, their relations and functions. Moreover, ultimately we also want to be
able to deal with syntax within certain theories, specifically, in theories formulated
in the language of arithmetic. In these cases it is necessary to arithmetize syntax, i.e.,
to represent syntactic objects, operations on them, and their relations, as numbers,
arithmetical functions, and arithmetical relations, respectively. The idea, which goes
back to Leibniz, is to assign numbers to syntactic objects.
It is relatively straightforward to assign numbers to symbols as their “codes.” Some
symbols pose a bit of a challenge, since, e.g., there are infinitely many variables, and
even infinitely many function symbols of each arity 𝑛. But of course it’s possible
to assign numbers to symbols systematically in such a way that, say, 𝑣 2 and 𝑣 3 are
assigned different codes. Sequences of symbols (such as terms and formulas) are a
bigger challenge. But if we can deal with sequences of numbers purely arithmetically
(e.g., by the powers-of-primes coding of sequences), we can extend the coding of
individual symbols to coding of sequences of symbols, and then further to sequences
or other arrangements of formulas, such as derivations. This extended coding is called
“Gödel numbering.” Every term, formula, and derivation is assigned a Gödel number.
By coding sequences of symbols as sequences of their codes, and by chosing a
system of coding sequences that can be dealt with using computable functions, we
can then also deal with Gödel numbers using computable functions. In practice, all
the relevant functions will be primitive recursive. For instance, computing the length
of a sequence and computing the 𝑖-th element of a sequence from the code of the
sequence are both primitive recursive. If the number coding the sequence is, e.g., the
Gödel number of a formula 𝜑, we immediately see that the length of a formula and the
(code of the) 𝑖-th symbol in a formula can also be computed from the Gödel number
of 𝜑. It is a bit harder to prove that, e.g., the property of being the Gödel number
of a correctly formed term or of a correct derivation is primitive recursive. It is

219
17. Arithmetization of Syntax

nevertheless possible, because the sequences of interest (terms, formulas, derivations)

are inductively defined.
As an example, consider the operation of substitution. If 𝜑 is a formula, 𝑥 a
variable, and 𝑡 a term, then 𝜑 [𝑡/𝑥] is the result of replacing every free occurrence
of 𝑥 in 𝜑 by 𝑡. Now suppose we have assigned Gödel numbers to 𝜑, 𝑥, 𝑡—say, 𝑘, 𝑙,
and 𝑚, respectively. The same scheme assigns a Gödel number to 𝜑 [𝑡/𝑥], say, 𝑛. This
mapping—of 𝑘, 𝑙, and 𝑚 to 𝑛—is the arithmetical analog of the substitution operation.
When the substitution operation maps 𝜑, 𝑥, 𝑡 to 𝜑 [𝑡/𝑥], the arithmetized substitution
functions maps the Gödel numbers 𝑘, 𝑙, 𝑚 to the Gödel number 𝑛. We will see that
this function is primitive recursive.
Arithmetization of syntax is not just of abstract interest, although it was originally
a non-trivial insight that languages like the language of arithmetic, which do not
come with mechanisms for “talking about” languages can, after all, formalize complex
properties of expressions. It is then just a small step to ask what a theory in this
language, such as Peano arithmetic, can prove about its own language (including,
e.g., whether sentences are provable or true). This leads us to the famous limitative
theorems of Gödel (about unprovability) and Tarski (the undefinability of truth). But
the trick of arithmetizing syntax is also important in order to prove some important
results in computability theory, e.g., about the computational power of theories or
the relationship between different models of computability. The arithmetization of
syntax serves as a model for arithmetizing other objects and properties. For instance,
it is similarly possible to arithmetize configurations and computations (say, of Turing
machines). This makes it possible to simulate computations in one model (e.g., Turing
machines) in another (e.g., recursive functions).

17.2 Coding Symbols

The basic language L of first order logic makes use of the symbols

⊥ ¬ ∨ ∧ → ∀ ∃ = ( ) ,

together with countable sets of variables and constant symbols, and countable sets of
function symbols and predicate symbols of arbitrary arity. We can assign codes to
each of these symbols in such a way that every symbol is assigned a unique number
as its code, and no two different symbols are assigned the same number. We know
that this is possible since the set of all symbols is countable and so there is a bijection
between it and the set of natural numbers. But we want to make sure that we can
recover the symbol (as well as some information about it, e.g., the arity of a function
symbol) from its code in a computable way. There are many possible ways of doing
this, of course. Here is one such way, which uses primitive recursive functions. (Recall
that ⟨𝑛 0, . . . , 𝑛𝑘 ⟩ is the number coding the sequence of numbers 𝑛 0 , . . . , 𝑛𝑘 .)

Definition 17.1. If 𝑠 is a symbol of L, let the symbol code c𝑠 be defined as follows:

1. If 𝑠 is among the logical symbols, c𝑠 is given by the following table:

⊥ ¬ ∨ ∧ → ∀
⟨0, 0⟩ ⟨0, 1⟩ ⟨0, 2⟩ ⟨0, 3⟩ ⟨0, 4⟩ ⟨0, 5⟩
∃ = ( ) ,
⟨0, 6⟩ ⟨0, 7⟩ ⟨0, 8⟩ ⟨0, 9⟩ ⟨0, 10⟩

220
 17.3. Coding Terms

2. If 𝑠 is the 𝑖-th variable 𝑣𝑖 , then c𝑠 = ⟨1, 𝑖⟩.

3. If 𝑠 is the 𝑖-th constant symbol 𝑐𝑖 , then c𝑠 = ⟨2, 𝑖⟩.
4. If 𝑠 is the 𝑖-th 𝑛-ary function symbol 𝑓𝑖𝑛 , then c𝑠 = ⟨3, 𝑛, 𝑖⟩.
5. If 𝑠 is the 𝑖-th 𝑛-ary predicate symbol 𝑃𝑖𝑛 , then c𝑠 = ⟨4, 𝑛, 𝑖⟩.
Proposition 17.2. The following relations are primitive recursive:
1. Fn(𝑥, 𝑛) iff 𝑥 is the code of 𝑓𝑖𝑛 for some 𝑖, i.e., 𝑥 is the code of an 𝑛-ary function
symbol.
2. Pred(𝑥, 𝑛) iff 𝑥 is the code of 𝑃𝑖𝑛 for some 𝑖 or 𝑥 is the code of = and 𝑛 = 2, i.e., 𝑥
is the code of an 𝑛-ary predicate symbol.
Definition 17.3. If 𝑠 0, . . . , 𝑠𝑛−1 is a sequence of symbols, its Gödel number is ⟨c𝑠0 , . . . , c𝑠𝑛−1 ⟩.
Note that codes and Gödel numbers are different things. For instance, the variable 𝑣 5
has a code c𝑣5 = ⟨1, 5⟩ = 22 · 36 . But the variable 𝑣 5 considered as a term is also a
sequence of symbols (of length 1). The Gödel number #𝑣 5 # of the term 𝑣 5 is ⟨c𝑣5 ⟩ =
2 6
2c𝑣5 +1 = 22 ·3 +1 .
Example 17.4. Recall that if 𝑘 0 , . . . , 𝑘𝑛−1 is a sequence of numbers, then the code of
the sequence ⟨𝑘 0, . . . , 𝑘𝑛−1 ⟩ in the power-of-primes coding is
2𝑘0 +1 · 3𝑘1 +1 · · · · · 𝑝𝑛−1
𝑘𝑛−1
,
where 𝑝𝑖 is the 𝑖-th prime (starting with 𝑝 0 = 2). So for instance, the formula 𝑣 0 = 0,
or, more explicitly, =(𝑣 0, 𝑐 0 ), has the Gödel number
⟨c=, c ( , c𝑣0 , c,, c𝑐 0 , c ) ⟩.
Here, c= is ⟨0, 7⟩ = 20+1 · 37+1 , c𝑣0 is ⟨1, 0⟩ = 21+1 · 30+1 , etc. So # = (𝑣 0, 𝑐 0 ) # is

2c= +1 · 3c ( +1 · 5c𝑣0 +1 · 7c, +1 · 11c𝑐 0 +1 · 13c) +1 =

1 8 +1 1 9 +1 2 ·31 +1 1 11 +1 3 ·31 +1 1 10 +1
22 ·3 · 32 ·3 · 52 · 72 ·3 · 112 · 132 ·3 =
13 123 39 367 13 354 295
2 ·3 ·5 ·7 · 1125 · 13118 099 .

17.3 Coding Terms

A term is simply a certain kind of sequence of symbols: it is built up inductively from
constants and variables according to the formation rules for terms. Since sequences of
symbols can be coded as numbers—using a coding scheme for the symbols plus a way
to code sequences of numbers—assigning Gödel numbers to terms is not difficult. The
challenge is rather to show that the property a number has if it is the Gödel number
of a correctly formed term is computable, or in fact primitive recursive.
Variables and constant symbols are the simplest terms, and testing whether 𝑥 is
the Gödel number of such a term is easy: Var(𝑥) holds if 𝑥 is #𝑣𝑖 # for some 𝑖. In other
words, 𝑥 is a sequence of length 1 and its single element (𝑥)0 is the code of some
variable 𝑣𝑖 , i.e., 𝑥 is ⟨⟨1, 𝑖⟩⟩ for some 𝑖. Similarly, Const(𝑥) holds if 𝑥 is #𝑐𝑖 # for some 𝑖.
Both of these relations are primitive recursive, since if such an 𝑖 exists, it must be < 𝑥:
Var(𝑥) ⇔ (∃𝑖 < 𝑥) 𝑥 = ⟨⟨1, 𝑖⟩⟩
Const(𝑥) ⇔ (∃𝑖 < 𝑥) 𝑥 = ⟨⟨2, 𝑖⟩⟩

221
17. Arithmetization of Syntax

Proposition 17.5. The relations Term(𝑥) and ClTerm(𝑥) which hold iff 𝑥 is the Gödel
number of a term or a closed term, respectively, are primitive recursive.

Proof. A sequence of symbols 𝑠 is a term iff there is a sequence 𝑠 0 , . . . , 𝑠𝑘 −1 = 𝑠 of

terms which records how the term 𝑠 was formed from constant symbols and variables
according to the formation rules for terms. To express that such a putative formation
sequence follows the formation rules it has to be the case that, for each 𝑖 < 𝑘, either

1. 𝑠𝑖 is a variable 𝑣 𝑗 , or

2. 𝑠𝑖 is a constant symbol 𝑐 𝑗 , or

3. 𝑠𝑖 is built from 𝑛 terms 𝑡 1 , . . . , 𝑡𝑛 occurring prior to place 𝑖 using an 𝑛-place

function symbol 𝑓 𝑗𝑛 .

To show that the corresponding relation on Gödel numbers is primitive recursive, we

have to express this condition primitive recursively, i.e., using primitive recursive
functions, relations, and bounded quantification.
Suppose 𝑦 is the number that codes the sequence 𝑠 0 , . . . , 𝑠𝑘 −1 , i.e., 𝑦 = ⟨#𝑠 0 #, . . . , #𝑠𝑘 −1 # ⟩.
It codes a formation sequence for the term with Gödel number 𝑥 iff for all 𝑖 < 𝑘:

1. Var((𝑦)𝑖 ), or

2. Const((𝑦)𝑖 ), or

3. there is an 𝑛 and a number 𝑧 = ⟨𝑧 1, . . . , 𝑧𝑛 ⟩ such that each 𝑧𝑙 is equal to some

(𝑦)𝑖 ′ for 𝑖 ′ < 𝑖 and

(𝑦)𝑖 = # 𝑓 𝑗𝑛 ( # ⌢ flatten(𝑧) ⌢ # ) #,

and moreover (𝑦)𝑘 −1 = 𝑥. (The function flatten(𝑧) turns the sequence ⟨#𝑡 1 #, . . . , #𝑡𝑛 # ⟩
into #𝑡 1, . . . , 𝑡𝑛 # and is primitive recursive.)
The indices 𝑗, 𝑛, the Gödel numbers 𝑧𝑙 of the terms 𝑡𝑙 , and the code 𝑧 of the
sequence ⟨𝑧 1, . . . , 𝑧𝑛 ⟩, in (3) are all less than 𝑦. We can replace 𝑘 above with len(𝑦).
Hence we can express “𝑦 is the code of a formation sequence of the term with Gödel
number 𝑥” in a way that shows that this relation is primitive recursive.
We now just have to convince ourselves that there is a primitive recursive bound
on 𝑦. But if 𝑥 is the Gödel number of a term, it must have a formation sequence with
at most len(𝑥) terms (since every term in the formation sequence of 𝑠 must start at
some place in 𝑠, and no two subterms can start at the same place). The Gödel number
of each subterm of 𝑠 is of course ≤ 𝑥. Hence, there always is a formation sequence
(𝑥+1)
with code ≤ 𝑝𝑘𝑘 −1 , where 𝑘 = len(𝑥).
For ClTerm, simply leave out the clause for variables. □

Proposition 17.6. The function num(𝑛) = #𝑛 # is primitive recursive.

Proof. We define num(𝑛) by primitive recursion:

num(0) = # 0#
num(𝑛 + 1) = # ′( # ⌢ num(𝑛) ⌢ # ) # . □

222
 17.4. Coding Formulas

17.4 Coding Formulas

Proposition 17.7. The relation Atom(𝑥) which holds iff 𝑥 is the Gödel number of an
atomic formula, is primitive recursive.

Proof. The number 𝑥 is the Gödel number of an atomic formula iff one of the following
holds:
1. There are 𝑛, 𝑗 < 𝑥, and 𝑧 < 𝑥 such that for each 𝑖 < 𝑛, Term((𝑧)𝑖 ) and 𝑥 =
#
𝑃 𝑛𝑗 ( # ⌢ flatten(𝑧) ⌢ # ) # .

2. There are 𝑧 1, 𝑧 2 < 𝑥 such that Term(𝑧 1 ), Term(𝑧 2 ), and 𝑥 =

#
=( # ⌢ 𝑧 1 ⌢ #,# ⌢ 𝑧 2 ⌢ # ) # .

3. 𝑥 = # ⊥# . □

Proposition 17.8. The relation Frm(𝑥) which holds iff 𝑥 is the Gödel number of a for-
mula is primitive recursive.

Proof. A sequence of symbols 𝑠 is a formula iff there is formation sequence 𝑠 0 , . . . ,

𝑠𝑘 −1 = 𝑠 of formula which records how 𝑠 was formed from atomic formulas according
to the formation rules. The code for each 𝑠𝑖 (and indeed of the code of the sequence
⟨𝑠 0, . . . , 𝑠𝑘 −1 ⟩) is less than the code 𝑥 of 𝑠. □

Proposition 17.9. The relation FreeOcc(𝑥, 𝑧, 𝑖), which holds iff the 𝑖-th symbol of the
formula with Gödel number 𝑥 is a free occurrence of the variable with Gödel number 𝑧,
is primitive recursive.

Proof. Exercise. □

Proposition 17.10. The property Sent(𝑥) which holds iff 𝑥 is the Gödel number of
a sentence is primitive recursive.

Proof. A sentence is a formula without free occurrences of variables. So Sent(𝑥) holds

iff

(∀𝑖 < len(𝑥)) (∀𝑧 < 𝑥)

((∃𝑗 < 𝑧) 𝑧 = #𝑣 𝑗 # → ¬FreeOcc(𝑥, 𝑧, 𝑖)). □

17.5 Substitution
Recall that substitution is the operation of replacing all free occurrences of a variable 𝑢
in a formula 𝜑 by a term 𝑡, written 𝜑 [𝑡/𝑢]. This operation, when carried out on Gödel
numbers of variables, formulas, and terms, is primitive recursive.
Proposition 17.11. There is a primitive recursive function Subst(𝑥, 𝑦, 𝑧) with the prop-
erty that
Subst( #𝜑 #, #𝑡 #, #𝑢 # ) = #𝜑 [𝑡/𝑢] # .

223
17. Arithmetization of Syntax

Proof. We can then define a function hSubst by primitive recursion as follows:

hSubst(𝑥, 𝑦, 𝑧, 0) = Λ
hSubst(𝑥, 𝑦, 𝑧, 𝑖 + 1) =
(
hSubst(𝑥, 𝑦, 𝑧, 𝑖) ⌢ 𝑦 if FreeOcc(𝑥, 𝑧, 𝑖)
append(hSubst(𝑥, 𝑦, 𝑧, 𝑖), (𝑥)𝑖 ) otherwise.

Subst(𝑥, 𝑦, 𝑧) can now be defined as hSubst(𝑥, 𝑦, 𝑧, len(𝑥)). □

Proposition 17.12. The relation FreeFor(𝑥, 𝑦, 𝑧), which holds iff the term with Gödel
number 𝑦 is free for the variable with Gödel number 𝑧 in the formula with Gödel
number 𝑥, is primitive recursive.

Proof. Exercise. □

17.6 Derivations in Natural Deduction

In order to arithmetize derivations, we must represent derivations as numbers. Since
derivations are trees of formulas where each inference carries one or two labels, a
recursive representation is the most obvious approach: we represent a derivation as a
tuple, the components of which are the number of immediate sub-derivations leading
to the premises of the last inference, the representations of these sub-derivations, and
the end-formula, the discharge label of the last inference, and a number indicating
the type of the last inference.
Definition 17.13. If 𝛿 is a derivation in natural deduction, then #𝛿 # is defined induc-
tively as follows:
1. If 𝛿 consists only of the assumption 𝜑, then #𝛿 # is ⟨0, #𝜑 #, 𝑛⟩. The number 𝑛 is 0
if it is an undischarged assumption, and the numerical label otherwise.
2. If 𝛿 ends in an inference with one, two, or three premises, then #𝛿 # is
⟨1, #𝛿 1 #, #𝜑 #, 𝑛, 𝑘⟩,
⟨2, #𝛿 1 #, #𝛿 2 #, #𝜑 #, 𝑛, 𝑘⟩, or
⟨3, #𝛿 1 #, #𝛿 2 #, #𝛿 3 #, #𝜑 #, 𝑛, 𝑘⟩,
respectively. Here 𝛿 1 , 𝛿 2 , 𝛿 3 are the sub-derivations ending in the premise(s) of
the last inference in 𝛿, 𝜑 is the conclusion of the last inference in 𝛿, 𝑛 is the
discharge label of the last inference (0 if the inference does not discharge any
assumptions), and 𝑘 is given by the following table according to which rule
was used in the last inference.
Rule: ∧I ∧E ∨I ∨E
𝑘: 1 2 3 4
Rule: →I →E ¬I ¬E
𝑘: 5 6 7 8
Rule: ⊥E RAA ∀I ∀E
𝑘: 9 10 11 12
Rule: ∃I ∃E =I =E
𝑘: 13 14 15 16

224
 17.6. Derivations in Natural Deduction

Example 17.14. Consider the very simple derivation

[𝜑 ∧ 𝜓 ] 1
𝜑 ∧E
→I1
(𝜑 ∧ 𝜓 ) → 𝜑

The Gödel number of the assumption would be 𝑑 0 = ⟨0, #𝜑 ∧ 𝜓 #, 1⟩. The Gödel number
of the derivation ending in the conclusion of ∧E would be 𝑑 1 = ⟨1, 𝑑 0, #𝜑 #, 0, 2⟩ (1 since
∧E has one premise, the Gödel number of conclusion 𝜑, 0 because no assumption
is discharged, and 2 is the number coding ∧E). The Gödel number of the entire
derivation then is ⟨1, 𝑑 1, # ((𝜑 ∧ 𝜓 ) → 𝜑) #, 1, 5⟩, i.e.,

⟨1, ⟨1, ⟨0, # (𝜑 ∧ 𝜓 ) #, 1⟩, #𝜑 #, 0, 2⟩, # ((𝜑 ∧ 𝜓 ) → 𝜑) #, 1, 5⟩.

Having settled on a representation of derivations, we must also show that we can

manipulate Gödel numbers of such derivations primitive recursively, and express
their essential properties and relations. Some operations are simple: e.g., given a
Gödel number 𝑑 of a derivation, EndFmla(𝑑) = (𝑑) (𝑑 )0 +1 gives us the Gödel number
of its end-formula, DischargeLabel(𝑑) = (𝑑) (𝑑 )0 +2 gives us the discharge label and
LastRule(𝑑) = (𝑑) (𝑑 )0 +3 the number indicating the type of the last inference. Some
are much harder. We’ll at least sketch how to do this. The goal is to show that the
relation “𝛿 is a derivation of 𝜑 from Γ” is a primitive recursive relation of the Gödel
numbers of 𝛿 and 𝜑.

Proposition 17.15. The following relations are primitive recursive:

1. 𝜑 occurs as an assumption in 𝛿 with label 𝑛.

2. All assumptions in 𝛿 with label 𝑛 are of the form 𝜑 (i.e., we can discharge the
assumption 𝜑 using label 𝑛 in 𝛿).

Proof. We have to show that the corresponding relations between Gödel numbers of
formulas and Gödel numbers of derivations are primitive recursive.

1. We want to show that Assum(𝑥, 𝑑, 𝑛), which holds if 𝑥 is the Gödel number of
an assumption of the derivation with Gödel number 𝑑 labelled 𝑛, is primitive
recursive. This is the case if the derivation with Gödel number ⟨0, 𝑥, 𝑛⟩ is a sub-
derivation of 𝑑. Note that the way we code derivations is a special case of the
coding of trees introduced in section 15.12, so the primitive recursive function
SubtreeSeq(𝑑) gives a sequence of Gödel numbers of all sub-derivations of 𝑑
(of length a most 𝑑). So we can define

Assum(𝑥, 𝑑, 𝑛) ⇔ (∃𝑖 < 𝑑) (SubtreeSeq(𝑑))𝑖 = ⟨0, 𝑥, 𝑛⟩.

2. We want to show that Discharge(𝑥, 𝑑, 𝑛), which holds if all assumptions with
label 𝑛 in the derivation with Gödel number 𝑑 all are the formula with Gödel
number 𝑥. But this relation holds iff (∀𝑦 < 𝑑) (Assum(𝑦, 𝑑, 𝑛) → 𝑦 = 𝑥). □

Proposition 17.16. The property Correct(𝑑) which holds iff the last inference in the
derivation 𝛿 with Gödel number 𝑑 is correct, is primitive recursive.

225
17. Arithmetization of Syntax

Proof. We have to show that for each rule of inference 𝑅 the relation FollowsBy𝑅 (𝑑)
is primitive recursive, where FollowsBy𝑅 (𝑑) holds iff 𝑑 is the Gödel number of deriva-
tion 𝛿, and the end-formula of 𝛿 follows by a correct application of 𝑅 from the
immediate sub-derivations of 𝛿.
A simple case is that of the ∧I rule. If 𝛿 ends in a correct ∧I inference, it looks like
this:

𝛿1 𝛿2

𝜑 𝜓
∧I
𝜑 ∧𝜓
Then the Gödel number 𝑑 of 𝛿 is ⟨2, 𝑑 1, 𝑑 2, # (𝜑 ∧ 𝜓 ) #, 0, 𝑘⟩ where EndFmla(𝑑 1 ) = #𝜑 # ,
EndFmla(𝑑 2 ) = #𝜓 # , 𝑛 = 0, and 𝑘 = 1. So we can define FollowsBy∧I (𝑑) as

(𝑑)0 = 2 ∧ DischargeLabel(𝑑) = 0 ∧ LastRule(𝑑) = 1 ∧

EndFmla(𝑑) = # ( # ⌢ EndFmla((𝑑)1 ) ⌢ # ∧# ⌢ EndFmla((𝑑)2 ) ⌢ # ) # .

Another simple example if the =I rule. Here the premise is an empty derivation,
i.e., (𝑑)1 = 0, and no discharge label, i.e., 𝑛 = 0. However, 𝜑 must be of the form 𝑡 = 𝑡,
for a closed term 𝑡. Here, a primitive recursive definition is

(𝑑)0 = 1 ∧ (𝑑)1 = 0 ∧ DischargeLabel(𝑑) = 0 ∧

(∃𝑡 < 𝑑) (ClTerm(𝑡) ∧ EndFmla(𝑑) = # =( # ⌢ 𝑡 ⌢ #,# ⌢ 𝑡 ⌢ # ) # )

For a more complicated example, FollowsBy→I (𝑑) holds iff the end-formula of 𝛿
is of the form (𝜑 → 𝜓 ), where the end-formula of 𝛿 1 is 𝜓 , and any assumption in 𝛿
labelled 𝑛 is of the form 𝜑. We can express this primitive recursively by

(𝑑)0 = 1 ∧
(∃𝑎 < 𝑑) (Discharge(𝑎, (𝑑)1, DischargeLabel(𝑑)) ∧
EndFmla(𝑑) = ( # ( # ⌢ 𝑎 ⌢ # →# ⌢ EndFmla((𝑑)1 ) ⌢ # ) # ))

(Think of 𝑎 as the Gödel number of 𝜑).

For another example, consider ∃I. Here, the last inference in 𝛿 is correct iff there
is a formula 𝜑, a closed term 𝑡 and a variable 𝑥 such that 𝜑 [𝑡/𝑥] is the end-formula of
the derivation 𝛿 1 and ∃𝑥 𝜑 is the conclusion of the last inference. So, FollowsBy∃I (𝑑)
holds iff

(𝑑)0 = 1 ∧ DischargeLabel(𝑑) = 0 ∧
(∃𝑎 < 𝑑) (∃𝑥 < 𝑑) (∃𝑡 < 𝑑) (ClTerm(𝑡) ∧ Var(𝑥) ∧
Subst(𝑎, 𝑡, 𝑥) = EndFmla((𝑑)1 ) ∧ EndFmla(𝑑) = ( # ∃# ⌢ 𝑥 ⌢ 𝑎)).

We then define Correct(𝑑) as

Sent(EndFmla(𝑑)) ∧
(LastRule(𝑑) = 1 ∧ FollowsBy∧I (𝑑)) ∨ · · · ∨
(LastRule(𝑑) = 16 ∧ FollowsBy=E (𝑑)) ∨
(∃𝑛 < 𝑑) (∃𝑥 < 𝑑) (𝑑 = ⟨0, 𝑥, 𝑛⟩).

226
 17.6. Derivations in Natural Deduction

The first line ensures that the end-formula of 𝑑 is a sentence. The last line covers the
case where 𝑑 is just an assumption. □

Proposition 17.17. The relation Deriv(𝑑) which holds if 𝑑 is the Gödel number of a
correct derivation 𝛿, is primitive recursive.

Proof. A derivation 𝛿 is correct if every one of its inferences is a correct application of

a rule, i.e., if every one of its sub-derivations ends in a correct inference. So, Deriv(𝑑)
iff
(∀𝑖 < len(SubtreeSeq(𝑑))) Correct((SubtreeSeq(𝑑))𝑖 ) □

Proposition 17.18. The relation OpenAssum(𝑧, 𝑑) that holds if 𝑧 is the Gödel number
of an undischarged assumption 𝜑 of the derivation 𝛿 with Gödel number 𝑑, is primitive
recursive.

Proof. An occurrence of an assumption is discharged if it occurs with label 𝑛 in a

sub-derivation of 𝛿 that ends in a rule with discharge label 𝑛. So 𝜑 is an undischarged
assumption of 𝛿 if at least one of its occurrences is not discharged in 𝛿. We must be
careful: 𝛿 may contain both discharged and undischarged occurrences of 𝜑.
Consider a sequence 𝛿 0 , . . . , 𝛿𝑘 where 𝛿 0 = 𝛿, 𝛿𝑘 is the assumption [𝜑] 𝑛 (for
some 𝑛), and 𝛿𝑖+1 is an immediate sub-derivation of 𝛿𝑖 . If such a sequence exists in
which no 𝛿𝑖 ends in an inference with discharge label 𝑛, then 𝜑 is an undischarged
assumption of 𝛿.
The primitive recursive function SubtreeSeq(𝑑) provides us with a sequence of
Gödel numbers of all sub-derivations of 𝛿. Any sequence of Gödel numbers of sub-
derivations of 𝛿 is a subsequence of it. Being a subsequence of is a primitive recursive
relation: Subseq(𝑠, 𝑠 ′ ) holds iff (∀𝑖 < len(𝑠)) ∃𝑗 < len(𝑠 ′ ) (𝑠)𝑖 = (𝑠) 𝑗 . Being an
immediate sub-derivation is as well: Subderiv(𝑑, 𝑑 ′ ) iff (∃𝑗 < (𝑑 ′ )0 ) 𝑑 = (𝑑 ′ ) 𝑗 . So we
can define OpenAssum(𝑧, 𝑑) by

(∃𝑠 < SubtreeSeq(𝑑)) (Subseq(𝑠, SubtreeSeq(𝑑)) ∧ (𝑠)0 = 𝑑 ∧

(∃𝑛 < 𝑑) ((𝑠)len(𝑠 ) −1
¤ = ⟨0, 𝑧, 𝑛⟩ ∧
(∀𝑖 < (len(𝑠) −¤ 1)) (Subderiv((𝑠)𝑖+1, (𝑠)𝑖 )] ∧
DischargeLabel((𝑠)𝑖+1 ) ≠ 𝑛))). □

Proposition 17.19. Suppose Γ is a primitive recursive set of sentences. Then the relation
Prf Γ (𝑥, 𝑦) expressing “𝑥 is the code of a derivation 𝛿 of 𝜑 from undischarged assumptions
in Γ and 𝑦 is the Gödel number of 𝜑” is primitive recursive.

Proof. Suppose “𝑦 ∈ Γ” is given by the primitive recursive predicate 𝑅 Γ (𝑦). We have

to show that Prf Γ (𝑥, 𝑦) which holds iff 𝑦 is the Gödel number of a sentence 𝜑 and 𝑥 is
the code of a natural deduction derivation with end formula 𝜑 and all undischarged
assumptions in Γ is primitive recursive.
By Proposition 17.17, the property Deriv(𝑥) which holds iff 𝑥 is the Gödel number
of a correct derivation 𝛿 in natural deduction is primitive recursive. Thus we can
define Prf Γ (𝑥, 𝑦) by
Prf Γ (𝑥, 𝑦) ⇔ Deriv(𝑥) ∧ EndFmla(𝑥) = 𝑦 ∧
(∀𝑧 < 𝑥) (OpenAssum(𝑧, 𝑥) → 𝑅 Γ (𝑧)). □

227
17. Arithmetization of Syntax

Problems
Problem 17.1. Show that the function flatten(𝑧), which turns the sequence ⟨#𝑡 1 #, . . . , #𝑡𝑛 # ⟩
into #𝑡 1, . . . , 𝑡𝑛 # , is primitive recursive.

Problem 17.2. Give a detailed proof of Proposition 17.8 along the lines of the first
proof of Proposition 17.5.

Problem 17.3. Prove Proposition 17.9. You may make use of the fact that any sub-
string of a formula which is a formula is a sub-formula of it.

Problem 17.4. Prove Proposition 17.12

Problem 17.5. Define the following properties as in Proposition 17.16:

1. FollowsBy→E (𝑑),
2. FollowsBy=E (𝑑),
3. FollowsBy∨E (𝑑),
4. FollowsBy∀I (𝑑).

For the last one, you will have to also show that you can test primitive recursively if
the last inference of the derivation with Gödel number 𝑑 satisfies the eigenvariable
condition, i.e., the eigenvariable 𝑎 of the ∀I inference occurs neither in the end-formula
of 𝑑 nor in an open assumption of 𝑑. You may use the primitive recursive predicate
OpenAssum from Proposition 17.18 for this.

228
Chapter 18

Representability in Q

18.1 Introduction
The incompleteness theorems apply to theories in which basic facts about computable
functions can be expressed and proved. We will describe a very minimal such theory
called “Q” (or, sometimes, “Robinson’s 𝑄,” after Raphael Robinson). We will say what
it means for a function to be representable in Q, and then we will prove the following:

A function is representable in Q if and only if it is computable.

For one thing, this provides us with another model of computability. But we will
also use it to show that the set {𝜑 | Q ⊢ 𝜑 } is not decidable, by reducing the halting
problem to it. By the time we are done, we will have proved much stronger things
than this.
The language of Q is the language of arithmetic; Q consists of the following
axioms (to be used in conjunction with the other axioms and rules of first-order logic
with identity predicate):

∀𝑥 ∀𝑦 (𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦) (𝑄 1 )
∀𝑥 0 ≠ 𝑥 ′
(𝑄 2 )
∀𝑥 (𝑥 = 0 ∨ ∃𝑦 𝑥 = 𝑦 ′ ) (𝑄 3 )
∀𝑥 (𝑥 + 0) = 𝑥 (𝑄 4 )
′
∀𝑥 ∀𝑦 (𝑥 + 𝑦 ) = (𝑥 + 𝑦) ′
(𝑄 5 )
∀𝑥 (𝑥 × 0) = 0 (𝑄 6 )
∀𝑥 ∀𝑦 (𝑥 × 𝑦 ′ ) = ((𝑥 × 𝑦) + 𝑥) (𝑄 7 )
′
∀𝑥 ∀𝑦 (𝑥 < 𝑦 ↔ ∃𝑧 (𝑧 + 𝑥) = 𝑦) (𝑄 8 )

For each natural number 𝑛, define the numeral 𝑛 to be the term 0′′...′ where there are
𝑛 tick marks in all. So, 0 is the constant symbol 0 by itself, 1 is 0′ , 2 is 0′′ , etc.
As a theory of arithmetic, Q is extremely weak; for example, you can’t even prove
very simple facts like ∀𝑥 𝑥 ≠ 𝑥 ′ or ∀𝑥 ∀𝑦 (𝑥 + 𝑦) = (𝑦 + 𝑥). But we will see that
much of the reason that Q is so interesting is because it is so weak. In fact, it is just
barely strong enough for the incompleteness theorem to hold. Another reason Q is
interesting is because it has a finite set of axioms.

229
18. Representability in Q

A stronger theory than Q (called Peano arithmetic PA) is obtained by adding a

schema of induction to Q:

(𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥)

where 𝜑 (𝑥) is any formula. If 𝜑 (𝑥) contains free variables other than 𝑥, we add
universal quantifiers to the front to bind all of them (so that the corresponding
instance of the induction schema is a sentence). For instance, if 𝜑 (𝑥, 𝑦) also contains
the variable 𝑦 free, the corresponding instance is

∀𝑦 ((𝜑 (0) ∧ ∀𝑥 (𝜑 (𝑥) → 𝜑 (𝑥 ′ ))) → ∀𝑥 𝜑 (𝑥))

Using instances of the induction schema, one can prove much more from the axioms
of PA than from those of Q. In fact, it takes a good deal of work to find “natural”
statements about the natural numbers that can’t be proved in Peano arithmetic!
Definition 18.1. A function 𝑓 (𝑥 0, . . . , 𝑥𝑘 ) from the natural numbers to the natural
numbers is said to be representable in Q if there is a formula 𝜑 𝑓 (𝑥 0, . . . , 𝑥𝑘 , 𝑦) such
that whenever 𝑓 (𝑛 0, . . . , 𝑛𝑘 ) = 𝑚, Q proves
1. 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑚)
2. ∀𝑦 (𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑦) → 𝑚 = 𝑦).

There are other ways of stating the definition; for example, we could equivalently
require that Q proves ∀𝑦 (𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑦) ↔ 𝑦 = 𝑚).
Theorem 18.2. A function is representable in Q if and only if it is computable.

There are two directions to proving the theorem. The left-to-right direction is
fairly straightforward once arithmetization of syntax is in place. The other direction
requires more work. Here is the basic idea: we pick “general recursive” as a way
of making “computable” precise, and show that every general recursive function is
representable in Q. Recall that a function is general recursive if it can be defined
from zero, the successor function succ, and the projection functions 𝑃𝑖𝑛 , using com-
position, primitive recursion, and regular minimization. So one way of showing
that every general recursive function is representable in Q is to show that the basic
functions are representable, and whenever some functions are representable, then
so are the functions defined from them using composition, primitive recursion, and
regular minimization. In other words, we might show that the basic functions are
representable, and that the representable functions are “closed under” composition,
primitive recursion, and regular minimization. This guarantees that every general
recursive function is representable.
It turns out that the step where we would show that representable functions are
closed under primitive recursion is hard. In order to avoid this step, we show first that
in fact we can do without primitive recursion. That is, we show that every general
recursive function can be defined from basic functions using composition and regular
minimization alone. To do this, we show that primitive recursion can actually be done
by a specific regular minimization. However, for this to work, we have to add some
additional basic functions: addition, multiplication, and the characteristic function of
the identity relation 𝜒= . Then, we can prove the theorem by showing that all of these
basic functions are representable in Q, and the representable functions are closed
under composition and regular minimization.

230
 18.2. Functions Representable in Q are Computable

18.2 Functions Representable in Q are Computable

We’ll prove that every function that is representable in Q is computable. We first have
to establish a lemma about functions representable in Q.

Lemma 18.3. If 𝑓 (𝑥 0, . . . , 𝑥𝑘 ) is representable in Q, there is a formula 𝜑 (𝑥 0, . . . , 𝑥𝑘 , 𝑦)

such that
Q ⊢ 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑚) iff 𝑚 = 𝑓 (𝑛 0, . . . , 𝑛𝑘 ).

Proof. The “if” part is Definition 18.1(1). The “only if” part is seen as follows: Sup-
pose Q ⊢ 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑚) but 𝑚 ≠ 𝑓 (𝑛 0, . . . , 𝑛𝑘 ). Let 𝑙 = 𝑓 (𝑛 0, . . . , 𝑛𝑘 ). By Defini-
tion 18.1(1), Q ⊢ 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑙). By Definition 18.1(2), ∀𝑦 (𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑦) → 𝑙 = 𝑦).
Using logic and the assumption that Q ⊢ 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑚), we get that Q ⊢ 𝑙 = 𝑚.
On the other hand, by Lemma 18.14, Q ⊢ 𝑙 ≠ 𝑚. So Q is inconsistent. But that is
impossible, since Q is satisfied by the standard model (see Definition 16.2), 𝔑 ⊨ Q, and
satisfiable theories are always consistent by the Soundness Theorem (Corollary 6.23).□

Lemma 18.4. Every function that is representable in Q is computable.

Proof. Let’s first give the intuitive idea for why this is true. To compute 𝑓 , we do
the following. List all the possible derivations 𝛿 in the language of arithmetic. This
is possible to do mechanically. For each one, check if it is a derivation of a formula
of the form 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑚) (the formula representing 𝑓 in Q from Lemma 18.3). If
it is, 𝑚 = 𝑓 (𝑛 0, . . . , 𝑛𝑘 ) by Lemma 18.3, and we’ve found the value of 𝑓 . The search
terminates because Q ⊢ 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑓 (𝑛 0, . . . , 𝑛𝑘 )), so eventually we find a 𝛿 of the
right sort.
This is not quite precise because our procedure operates on derivations and
formulas instead of just on numbers, and we haven’t explained exactly why “listing
all possible derivations” is mechanically possible. But as we’ve seen, it is possible
to code terms, formulas, and derivations by Gödel numbers. We’ve also introduced
a precise model of computation, the general recursive functions. And we’ve seen
that the relation Prf Q (𝑑, 𝑦), which holds iff 𝑑 is the Gödel number of a derivation
of the formula with Gödel number 𝑦 from the axioms of Q, is (primitive) recursive.
Other primitive recursive functions we’ll need are num (Proposition 17.6) and Subst
(Proposition 17.11). From these, it is possible to define 𝑓 by minimization; thus, 𝑓 is
recursive.
First, define

𝐴(𝑛 0, . . . , 𝑛𝑘 , 𝑚) =
Subst(Subst(. . . Subst( #𝜑 𝑓 #, num(𝑛 0 ), #𝑥 0 # ),
. . . ), num(𝑛𝑘 ), #𝑥𝑘 # ), num(𝑚), #𝑦 # )

This looks complicated, but it’s just the function 𝐴(𝑛 0, . . . , 𝑛𝑘 , 𝑚) = #𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑚) # .

Now, consider the relation 𝑅(𝑛 0, . . . , 𝑛𝑘 , 𝑠) which holds if (𝑠)0 is the Gödel number
of a derivation from Q of 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , (𝑠)1 ):

𝑅(𝑛 0, . . . , 𝑛𝑘 , 𝑠) iff Prf Q ((𝑠)0, 𝐴(𝑛 0, . . . , 𝑛𝑘 , (𝑠)1 ))

If we can find an 𝑠 such that 𝑅(𝑛 0, . . . , 𝑛𝑘 , 𝑠) hold, we have found a pair of numbers—
(𝑠)0 and (𝑠 1 )—such that (𝑠)0 is the Gödel number of a derivation of 𝐴 𝑓 (𝑛 0, . . . , 𝑛𝑘 , (𝑠)1 ).

231
18. Representability in Q

So looking for 𝑠 is like looking for the pair 𝑑 and 𝑚 in the informal proof. And
a computable function that “looks for” such an 𝑠 can be defined by regular min-
imization. Note that 𝑅 is regular: for every 𝑛 0 , . . . , 𝑛𝑘 , there is a derivation 𝛿 of
Q ⊢ 𝜑 𝑓 (𝑛 0, . . . , 𝑛𝑘 , 𝑓 (𝑛 0, . . . , 𝑛𝑘 )), so 𝑅(𝑛 0, . . . , 𝑛𝑘 , 𝑠) holds for 𝑠 = ⟨#𝛿 #, 𝑓 (𝑛 0, . . . , 𝑛𝑘 )⟩.
So, we can write 𝑓 as

𝑓 (𝑛 0, . . . , 𝑛𝑘 ) = (𝜇𝑠 𝑅(𝑛 0, . . . , 𝑛𝑘 , 𝑠))1 . □

18.3 The Beta Function Lemma

In order to show that we can carry out primitive recursion if addition, multiplication,
and 𝜒= are available, we need to develop functions that handle sequences. (If we had
exponentiation as well, our task would be easier.) When we had primitive recursion,
we could define things like the “𝑛-th prime,” and pick a fairly straightforward coding.
But here we do not have primitive recursion—in fact we want to show that we can do
primitive recursion using minimization—so we need to be more clever.
Lemma 18.5. There is a function 𝛽 (𝑑, 𝑖) such that for every sequence 𝑎 0 , . . . , 𝑎𝑛 there is
a number 𝑑, such that for every 𝑖 ≤ 𝑛, 𝛽 (𝑑, 𝑖) = 𝑎𝑖 . Moreover, 𝛽 can be defined from the
basic functions using just composition and regular minimization.

Think of 𝑑 as coding the sequence ⟨𝑎 0, . . . , 𝑎𝑛 ⟩, and 𝛽 (𝑑, 𝑖) returning the 𝑖-th

element. (Note that this “coding” does not use the power-of-primes coding we’re
already familiar with!). The lemma is fairly minimal; it doesn’t say we can concatenate
sequences or append elements, or even that we can compute 𝑑 from 𝑎 0 , . . . , 𝑎𝑛 using
functions definable by composition and regular minimization. All it says is that there
is a “decoding” function such that every sequence is “coded.”
The use of the notation 𝛽 is Gödel’s. To repeat, the hard part of proving the lemma
is defining a suitable 𝛽 using the seemingly restricted resources, i.e., using just com-
position and minimization—however, we’re allowed to use addition, multiplication,
and 𝜒= . There are various ways to prove this lemma, but one of the cleanest is still
Gödel’s original method, which used a number-theoretic fact called Sunzi’s Theorem
(traditionally, the “Chinese Remainder Theorem”).
Definition 18.6. Two natural numbers 𝑎 and 𝑏 are relatively prime iff their greatest
common divisor is 1; in other words, they have no other divisors in common.

Definition 18.7. Natural numbers 𝑎 and 𝑏 are congruent modulo 𝑐, 𝑎 ≡ 𝑏 mod 𝑐, iff
𝑐 | (𝑎 − 𝑏), i.e., 𝑎 and 𝑏 have the same remainder when divided by 𝑐.

Here is Sunzi’s Theorem:

Theorem 18.8. Suppose 𝑥 0 , . . . , 𝑥𝑛 are (pairwise) relatively prime. Let 𝑦0 , . . . , 𝑦𝑛 be any
numbers. Then there is a number 𝑧 such that

𝑧 ≡ 𝑦0 mod 𝑥 0
𝑧 ≡ 𝑦1 mod 𝑥 1
..
.
𝑧 ≡ 𝑦𝑛 mod 𝑥𝑛 .

232
 18.3. The Beta Function Lemma

Here is how we will use Sunzi’s Theorem: if 𝑥 0 , . . . , 𝑥𝑛 are bigger than 𝑦0 , . . . , 𝑦𝑛

respectively, then we can take 𝑧 to code the sequence ⟨𝑦0, . . . , 𝑦𝑛 ⟩. To recover 𝑦𝑖 , we
need only divide 𝑧 by 𝑥𝑖 and take the remainder. To use this coding, we will need to
find suitable values for 𝑥 0 , . . . , 𝑥𝑛 .
A couple of observations will help us in this regard. Given 𝑦0 , . . . , 𝑦𝑛 , let

𝑗 = max(𝑛, 𝑦0, . . . , 𝑦𝑛 ) + 1,

and let

𝑥0 = 1 + 𝑗 !
𝑥1 = 1 + 2 · 𝑗 !
𝑥2 = 1 + 3 · 𝑗 !
..
.
𝑥𝑛 = 1 + (𝑛 + 1) · 𝑗 !

Then two things are true:

1. 𝑥 0 , . . . , 𝑥𝑛 are relatively prime.
2. For each 𝑖, 𝑦𝑖 < 𝑥𝑖 .
To see that (1) is true, note that if 𝑝 is a prime number and 𝑝 | 𝑥𝑖 and 𝑝 | 𝑥𝑘 , then
𝑝 | 1 + (𝑖 + 1) 𝑗 ! and 𝑝 | 1 + (𝑘 + 1) 𝑗 !. But then 𝑝 divides their difference,

(1 + (𝑖 + 1) 𝑗 !) − (1 + (𝑘 + 1) 𝑗 !) = (𝑖 − 𝑘) 𝑗 !.

Since 𝑝 divides 1 + (𝑖 + 1) 𝑗 !, it can’t divide 𝑗 ! as well (otherwise, the first division

would leave a remainder of 1). So 𝑝 divides 𝑖 −𝑘, since 𝑝 divides (𝑖 −𝑘) 𝑗 !. But |𝑖 − 𝑘 | is
at most 𝑛, and we have chosen 𝑗 > 𝑛, so this implies that 𝑝 | 𝑗 !, again a contradiction.
So there is no prime number dividing both 𝑥𝑖 and 𝑥𝑘 . Clause (2) is easy: we have
𝑦𝑖 < 𝑗 < 𝑗 ! < 𝑥𝑖 .
Now let us prove the 𝛽 function lemma. Remember that we can use 0, successor,
plus, times, 𝜒= , projections, and any function defined from them using composition
and minimization applied to regular functions. We can also use a relation if its
characteristic function is so definable. As before we can show that these relations are
closed under Boolean combinations and bounded quantification; for example:

not(𝑥) = 𝜒= (𝑥, 0)
(min 𝑥 ≤ 𝑧) 𝑅(𝑥, 𝑦) = 𝜇𝑥 (𝑅(𝑥, 𝑦) ∨ 𝑥 = 𝑧)
(∃𝑥 ≤ 𝑧) 𝑅(𝑥, 𝑦) ⇔ 𝑅((min 𝑥 ≤ 𝑧) 𝑅(𝑥, 𝑦), 𝑦)

We can then show that all of the following are also definable without primitive
recursion:
1. The pairing function, 𝐽 (𝑥, 𝑦) = 21 [(𝑥 + 𝑦) (𝑥 + 𝑦 + 1)] + 𝑥;
2. the projection functions

𝐾 (𝑧) = (min 𝑥 ≤ 𝑧) (∃𝑦 ≤ 𝑧) 𝑧 = 𝐽 (𝑥, 𝑦),

𝐿(𝑧) = (min 𝑦 ≤ 𝑧) (∃𝑥 ≤ 𝑧) 𝑧 = 𝐽 (𝑥, 𝑦);

233
18. Representability in Q

3. the less-than relation 𝑥 < 𝑦;

4. the divisibility relation 𝑥 | 𝑦;

5. the function rem(𝑥, 𝑦) which returns the remainder when 𝑦 is divided by 𝑥.

Now define

𝛽 ∗ (𝑑 0, 𝑑 1, 𝑖) = rem(1 + (𝑖 + 1)𝑑 1, 𝑑 0 ) and

𝛽 (𝑑, 𝑖) = 𝛽 ∗ (𝐾 (𝑑), 𝐿(𝑑), 𝑖).

This is the function we want. Given 𝑎 0 , . . . , 𝑎𝑛 as above, let

𝑗 = max(𝑛, 𝑎 0, . . . , 𝑎𝑛 ) + 1,

and let 𝑑 1 = 𝑗 !. By (1) above, we know that 1 + 𝑑 1 , 1 + 2𝑑 1 , . . . , 1 + (𝑛 + 1)𝑑 1 are relatively

prime, and by (2) that all are greater than 𝑎 0 , . . . , 𝑎𝑛 . By Sunzi’s Theorem there is a
value 𝑑 0 such that for each 𝑖,

𝑑 0 ≡ 𝑎𝑖 mod (1 + (𝑖 + 1)𝑑 1 )

and so (because 𝑑 1 is greater than 𝑎𝑖 ),

𝑎𝑖 = rem(1 + (𝑖 + 1)𝑑 1, 𝑑 0 ).

Let 𝑑 = 𝐽 (𝑑 0, 𝑑 1 ). Then for each 𝑖 ≤ 𝑛, we have

𝛽 (𝑑, 𝑖) = 𝛽 ∗ (𝑑 0, 𝑑 1, 𝑖)
= rem(1 + (𝑖 + 1)𝑑 1, 𝑑 0 )
= 𝑎𝑖

which is what we need. This completes the proof of the 𝛽-function lemma.

18.4 Simulating Primitive Recursion

Now we can show that definition by primitive recursion can be “simulated” by regular
minimization using the beta function. Suppose we have 𝑓 (𝑥) ® and 𝑔(𝑥,
® 𝑦, 𝑧). Then the
function ℎ(𝑥, 𝑧®) defined from 𝑓 and 𝑔 by primitive recursion is

® 0) = 𝑓 (𝑥)
ℎ(𝑥, ®
® 𝑦 + 1) = 𝑔(𝑥,
ℎ(𝑥, ® 𝑦, ℎ(𝑥,
® 𝑦)).

We need to show that ℎ can be defined from 𝑓 and 𝑔 using just composition and
regular minimization, using the basic functions and functions defined from them
using composition and regular minimization (such as 𝛽).

Lemma 18.9. If ℎ can be defined from 𝑓 and 𝑔 using primitive recursion, it can be
defined from 𝑓 , 𝑔, the functions zero, succ, 𝑃𝑖𝑛 , add, mult, 𝜒 = , using composition and
regular minimization.
ˆ 𝑥,
Proof. First, define an auxiliary function ℎ( ® 𝑦) which returns the least number 𝑑
such that 𝑑 codes a sequence which satisfies

234
 18.5. Basic Functions are Representable in Q

1. (𝑑)0 = 𝑓 (𝑥),
® and

2. for each 𝑖 < 𝑦, (𝑑)𝑖+1 = 𝑔(𝑥,

® 𝑖, (𝑑)𝑖 ),

where now (𝑑)𝑖 is short for 𝛽 (𝑑, 𝑖). In other words, ℎˆ returns the sequence ⟨ℎ(𝑥,
® 0), ℎ(𝑥,
® 1), . . . , ℎ(𝑥,
® 𝑦)⟩.
We can write ℎˆ as
ˆ 𝑥,
ℎ( ® 𝑦) = 𝜇𝑑 (𝛽 (𝑑, 0) = 𝑓 (𝑥)
® ∧ (∀𝑖 < 𝑦) 𝛽 (𝑑, 𝑖 + 1) = 𝑔(𝑥,
® 𝑖, 𝛽 (𝑑, 𝑖)).

Note: no primitive recursion is needed here, just minimization. The function we

minimize is regular because of the beta function lemma Lemma 18.5.
But now we have
ℎ(𝑥, ˆ 𝑥,
® 𝑦) = 𝛽 (ℎ( ® 𝑦), 𝑦),
so ℎ can be defined from the basic functions using just composition and regular
minimization. □

18.5 Basic Functions are Representable in Q

First we have to show that all the basic functions are representable in Q. In the end,
we need to show how to assign to each 𝑘-ary basic function 𝑓 (𝑥 0, . . . , 𝑥𝑘 −1 ) a formula
𝜑 𝑓 (𝑥 0, . . . , 𝑥𝑘 −1, 𝑦) that represents it.
We will be able to represent zero, successor, plus, times, the characteristic function
for equality, and projections. In each case, the appropriate representing function
is entirely straightforward; for example, zero is represented by the formula 𝑦 = 0,
successor is represented by the formula 𝑥 0′ = 𝑦, and addition is represented by the
formula (𝑥 0 + 𝑥 1 ) = 𝑦. The work involves showing that Q can prove the relevant
sentences; for example, saying that addition is represented by the formula above
involves showing that for every pair of natural numbers 𝑚 and 𝑛, Q proves

𝑛 + 𝑚 = 𝑛 + 𝑚 and
∀𝑦 ((𝑛 + 𝑚) = 𝑦 → 𝑦 = 𝑛 + 𝑚).

Proposition 18.10. The zero function zero(𝑥) = 0 is represented in Q by 𝜑 zero (𝑥, 𝑦) ≡

𝑦 = 0.

Proposition 18.11. The successor function succ(𝑥) = 𝑥 + 1 is represented in Q by

𝜑 succ (𝑥, 𝑦) ≡ 𝑦 = 𝑥 ′ .

Proposition 18.12. The projection function 𝑃𝑖𝑛 (𝑥 0, . . . , 𝑥𝑛−1 ) = 𝑥𝑖 is represented in Q

by
𝜑𝑃𝑖𝑛 (𝑥 0, . . . , 𝑥𝑛−1, 𝑦) ≡ 𝑦 = 𝑥𝑖 .

Proposition 18.13. The characteristic function of =,

(
1 if 𝑥 0 = 𝑥 1
𝜒= (𝑥 0, 𝑥 1 ) =
0 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒

is represented in Q by

𝜑 𝜒= (𝑥 0, 𝑥 1, 𝑦) ≡ (𝑥 0 = 𝑥 1 ∧ 𝑦 = 1) ∨ (𝑥 0 ≠ 𝑥 1 ∧ 𝑦 = 0).

235
18. Representability in Q

The proof requires the following lemma.

Lemma 18.14. Given natural numbers 𝑛 and 𝑚, if 𝑛 ≠ 𝑚, then Q ⊢ 𝑛 ≠ 𝑚.

Proof. Use induction on 𝑛 to show that for every 𝑚, if 𝑛 ≠ 𝑚, then 𝑄 ⊢ 𝑛 ≠ 𝑚.

In the base case, 𝑛 = 0. If 𝑚 is not equal to 0, then 𝑚 = 𝑘 + 1 for some natural
number 𝑘. We have an axiom that says ∀𝑥 0 ≠ 𝑥 ′ . By a quantifier axiom, replacing 𝑥
′ ′
by 𝑘, we can conclude 0 ≠ 𝑘 . But 𝑘 is just 𝑚.
In the induction step, we can assume the claim is true for 𝑛, and consider 𝑛 + 1.
Let 𝑚 be any natural number. There are two possibilities: either 𝑚 = 0 or for some 𝑘
we have 𝑚 = 𝑘 + 1. The first case is handled as above. In the second case, suppose
𝑛 + 1 ≠ 𝑘 + 1. Then 𝑛 ≠ 𝑘. By the induction hypothesis for 𝑛 we have Q ⊢ 𝑛 ≠ 𝑘. We
have an axiom that says ∀𝑥 ∀𝑦 𝑥 ′ = 𝑦 ′ → 𝑥 = 𝑦. Using a quantifier axiom, we have
′ ′
𝑛 ′ = 𝑘 → 𝑛 = 𝑘. Using propositional logic, we can conclude, in Q, 𝑛 ≠ 𝑘 → 𝑛 ′ ≠ 𝑘 .
′ ′
Using modus ponens, we can conclude 𝑛 ′ ≠ 𝑘 , which is what we want, since 𝑘 is
𝑚. □

Note that the lemma does not say much: in essence it says that Q can prove that
different numerals denote different objects. For example, Q proves 0′′ ≠ 0′′′ . But
showing that this holds in general requires some care. Note also that although we are
using induction, it is induction outside of Q.

Proof of Proposition 18.13. If 𝑛 = 𝑚, then 𝑛 and 𝑚 are the same term, and 𝜒 = (𝑛, 𝑚) = 1.
But Q ⊢ (𝑛 = 𝑚 ∧ 1 = 1), so it proves 𝜑 = (𝑛, 𝑚, 1). If 𝑛 ≠ 𝑚, then 𝜒= (𝑛, 𝑚) = 0. By
Lemma 18.14, Q ⊢ 𝑛 ≠ 𝑚 and so also (𝑛 ≠ 𝑚 ∧ 0 = 0). Thus Q ⊢ 𝜑 = (𝑛, 𝑚, 0).
For the second part, we also have two cases. If 𝑛 = 𝑚, we have to show that
Q ⊢ ∀𝑦 (𝜑 = (𝑛, 𝑚, 𝑦) → 𝑦 = 1). Arguing informally, suppose 𝜑 = (𝑛, 𝑚, 𝑦), i.e.,

(𝑛 = 𝑛 ∧ 𝑦 = 1) ∨ (𝑛 ≠ 𝑛 ∧ 𝑦 = 0)

The left disjunct implies 𝑦 = 1 by logic; the right contradicts 𝑛 = 𝑛 which is provable
by logic.
Suppose, on the other hand, that 𝑛 ≠ 𝑚. Then 𝜑 = (𝑛, 𝑚, 𝑦) is

(𝑛 = 𝑚 ∧ 𝑦 = 1) ∨ (𝑛 ≠ 𝑚 ∧ 𝑦 = 0)

Here, the left disjunct contradicts 𝑛 ≠ 𝑚, which is provable in Q by Lemma 18.14; the
right disjunct entails 𝑦 = 0. □

Proposition 18.15. The addition function add(𝑥 0, 𝑥 1 ) = 𝑥 0 + 𝑥 1 is represented in Q by

𝜑 add (𝑥 0, 𝑥 1, 𝑦) ≡ 𝑦 = (𝑥 0 + 𝑥 1 ).

Lemma 18.16. Q ⊢ (𝑛 + 𝑚) = 𝑛 + 𝑚

Proof. We prove this by induction on 𝑚. If 𝑚 = 0, the claim is that Q ⊢ (𝑛 + 0) = 𝑛.

This follows by axiom 𝑄 4 . Now suppose the claim for 𝑚; let’s prove the claim for 𝑚 + 1,
i.e., prove that Q ⊢ (𝑛 + 𝑚 + 1) = 𝑛 + 𝑚 + 1. Note that 𝑚 + 1 is just 𝑚 ′ , and 𝑛 + 𝑚 + 1
is just 𝑛 + 𝑚 ′ . By axiom 𝑄 5 , Q ⊢ (𝑛 + 𝑚 ′ ) = (𝑛 + 𝑚) ′ . By induction hypothesis,
Q ⊢ (𝑛 + 𝑚) = 𝑛 + 𝑚. So Q ⊢ (𝑛 + 𝑚 ′ ) = 𝑛 + 𝑚 ′ . □

236
 18.6. Composition is Representable in Q

Proof of Proposition 18.15. The formula 𝜑 add (𝑥 0, 𝑥 1, 𝑦) representing add is 𝑦 = (𝑥 0 + 𝑥 1 ).

First we show that if add(𝑛, 𝑚) = 𝑘, then Q ⊢ 𝜑 add (𝑛, 𝑚, 𝑘), i.e., Q ⊢ 𝑘 = (𝑛 + 𝑚). But
since 𝑘 = 𝑛 + 𝑚, 𝑘 just is 𝑛 + 𝑚, and we’ve shown in Lemma 18.16 that Q ⊢ (𝑛 + 𝑚) =
𝑛 + 𝑚.
We also have to show that if add(𝑛, 𝑚) = 𝑘, then

Q ⊢ ∀𝑦 (𝜑 add (𝑛, 𝑚, 𝑦) → 𝑦 = 𝑘).

Suppose we have (𝑛 + 𝑚) = 𝑦. Since

Q ⊢ (𝑛 + 𝑚) = 𝑛 + 𝑚,

we can replace the left side with 𝑛 + 𝑚 and get 𝑛 + 𝑚 = 𝑦, for arbitrary 𝑦. □

Proposition 18.17. The multiplication function mult(𝑥 0, 𝑥 1 ) = 𝑥 0 · 𝑥 1 is represented

in Q by
𝜑 mult (𝑥 0, 𝑥 1, 𝑦) ≡ 𝑦 = (𝑥 0 × 𝑥 1 ).

Proof. Exercise. □

Lemma 18.18. Q ⊢ (𝑛 × 𝑚) = 𝑛 · 𝑚

Proof. Exercise. □

Recall that we use × for the function symbol of the language of arithmetic, and
· for the ordinary multiplication operation on numbers. So · can appear between
expressions for numbers (such as in 𝑚 · 𝑛) while × appears only between terms of the
language of arithmetic (such as in (𝑚 × 𝑛)). Even more confusingly, + is used for both
the function symbol and the addition operation. When it appears between terms—e.g.,
in (𝑛 + 𝑚)—it is the 2-place function symbol of the language of arithmetic, and when
it appears between numbers—e.g., in 𝑛 + 𝑚—it is the addition operation. This includes
the case 𝑛 + 𝑚: this is the standard numeral corresponding to the number 𝑛 + 𝑚.

18.6 Composition is Representable in Q

Suppose ℎ is defined by

ℎ(𝑥 0, . . . , 𝑥𝑙 −1 ) = 𝑓 (𝑔0 (𝑥 0, . . . , 𝑥𝑙 −1 ), . . . , 𝑔𝑘 −1 (𝑥 0, . . . , 𝑥𝑙 −1 )).

where we have already found formulas 𝜑 𝑓 , 𝜑𝑔0 , . . . , 𝜑𝑔𝑘 −1 representing the functions 𝑓 ,
and 𝑔0 , . . . , 𝑔𝑘 −1 , respectively. We have to find a formula 𝜑ℎ representing ℎ.
Let’s start with a simple case, where all functions are 1-place, i.e., consider ℎ(𝑥) =
𝑓 (𝑔(𝑥)). If 𝜑 𝑓 (𝑦, 𝑧) represents 𝑓 , and 𝜑𝑔 (𝑥, 𝑦) represents 𝑔, we need a formula 𝜑ℎ (𝑥, 𝑧)
that represents ℎ. Note that ℎ(𝑥) = 𝑧 iff there is a 𝑦 such that both 𝑧 = 𝑓 (𝑦) and
𝑦 = 𝑔(𝑥). (If ℎ(𝑥) = 𝑧, then 𝑔(𝑥) is such a 𝑦; if such a 𝑦 exists, then since 𝑦 = 𝑔(𝑥) and
𝑧 = 𝑓 (𝑦), 𝑧 = 𝑓 (𝑔(𝑥)).) This suggests that ∃𝑦 (𝜑𝑔 (𝑥, 𝑦) ∧ 𝜑 𝑓 (𝑦, 𝑧)) is a good candidate
for 𝜑ℎ (𝑥, 𝑧). We just have to verify that Q proves the relevant formulas.

Proposition 18.19. If ℎ(𝑛) = 𝑚, then Q ⊢ 𝜑ℎ (𝑛, 𝑚).

237
18. Representability in Q

Proof. Suppose ℎ(𝑛) = 𝑚, i.e., 𝑓 (𝑔(𝑛)) = 𝑚. Let 𝑘 = 𝑔(𝑛). Then

Q ⊢ 𝜑𝑔 (𝑛, 𝑘)

since 𝜑𝑔 represents 𝑔, and

Q ⊢ 𝜑 𝑓 (𝑘, 𝑚)

since 𝜑 𝑓 represents 𝑓 . Thus,

Q ⊢ 𝜑𝑔 (𝑛, 𝑘) ∧ 𝜑 𝑓 (𝑘, 𝑚)

and consequently also

Q ⊢ ∃𝑦 (𝜑𝑔 (𝑛, 𝑦) ∧ 𝜑 𝑓 (𝑦, 𝑚)),

i.e., Q ⊢ 𝜑ℎ (𝑛, 𝑚). □

Proposition 18.20. If ℎ(𝑛) = 𝑚, then Q ⊢ ∀𝑧 (𝜑ℎ (𝑛, 𝑧) → 𝑧 = 𝑚).

Proof. Suppose ℎ(𝑛) = 𝑚, i.e., 𝑓 (𝑔(𝑛)) = 𝑚. Let 𝑘 = 𝑔(𝑛). Then

Q ⊢ ∀𝑦 (𝜑𝑔 (𝑛, 𝑦) → 𝑦 = 𝑘)

since 𝜑𝑔 represents 𝑔, and

Q ⊢ ∀𝑧 (𝜑 𝑓 (𝑘, 𝑧) → 𝑧 = 𝑚)

since 𝜑 𝑓 represents 𝑓 . Using just a little bit of logic, we can show that also

Q ⊢ ∀𝑧 (∃𝑦 (𝜑𝑔 (𝑛, 𝑦) ∧ 𝜑 𝑓 (𝑦, 𝑧)) → 𝑧 = 𝑚).

i.e., Q ⊢ ∀𝑦 (𝜑ℎ (𝑛, 𝑦) → 𝑦 = 𝑚). □

The same idea works in the more complex case where 𝑓 and 𝑔𝑖 have arity greater
than 1.

Proposition 18.21. If 𝜑 𝑓 (𝑦0, . . . , 𝑦𝑘 −1, 𝑧) represents 𝑓 (𝑦0, . . . , 𝑦𝑘 −1 ) in Q, and 𝜑𝑔𝑖 (𝑥 0, . . . , 𝑥𝑙 −1, 𝑦)

represents 𝑔𝑖 (𝑥 0, . . . , 𝑥𝑙 −1 ) in Q, then

∃𝑦0 . . . ∃𝑦𝑘 −1 (𝜑𝑔0 (𝑥 0, . . . , 𝑥𝑙 −1, 𝑦0 ) ∧ · · · ∧

𝜑𝑔𝑘 −1 (𝑥 0, . . . , 𝑥𝑙 −1, 𝑦𝑘 −1 ) ∧ 𝜑 𝑓 (𝑦0, . . . , 𝑦𝑘 −1, 𝑧))

represents

ℎ(𝑥 0, . . . , 𝑥𝑙 −1 ) = 𝑓 (𝑔0 (𝑥 0, . . . , 𝑥𝑙 −1 ), . . . , 𝑔𝑘 −1 (𝑥 0, . . . , 𝑥𝑙 −1 )).

Proof. Exercise. □

238
 18.7. Regular Minimization is Representable in Q

18.7 Regular Minimization is Representable in Q

Let’s consider unbounded search. Suppose 𝑔(𝑥, 𝑧) is regular and representable in Q,
say by the formula 𝜑𝑔 (𝑥, 𝑧, 𝑦). Let 𝑓 be defined by 𝑓 (𝑧) = 𝜇𝑥 [𝑔(𝑥, 𝑧) = 0]. We would
like to find a formula 𝜑 𝑓 (𝑧, 𝑦) representing 𝑓 . The value of 𝑓 (𝑧) is that number 𝑥
which (a) satisfies 𝑔(𝑥, 𝑧) = 0 and (b) is the least such, i.e., for any 𝑤 < 𝑥, 𝑔(𝑤, 𝑧) ≠ 0.
So the following is a natural choice:

𝜑 𝑓 (𝑧, 𝑦) ≡ 𝜑𝑔 (𝑦, 𝑧, 0) ∧ ∀𝑤 (𝑤 < 𝑦 → ¬𝜑𝑔 (𝑤, 𝑧, 0)).

In the general case, of course, we would have to replace 𝑧 with 𝑧 0 , . . . , 𝑧𝑘 .

The proof, again, will involve some lemmas about things Q is strong enough to
prove.
Lemma 18.22. For every constant symbol 𝑎 and every natural number 𝑛,

Q ⊢ (𝑎 ′ + 𝑛) = (𝑎 + 𝑛) ′ .

Proof. The proof is, as usual, by induction on 𝑛. In the base case, 𝑛 = 0, we need to
show that Q proves (𝑎 ′ + 0) = (𝑎 + 0) ′ . But we have:

Q ⊢ (𝑎 ′ + 0) = 𝑎 ′ by axiom 𝑄 4 (18.1)
Q ⊢ (𝑎 + 0) = 𝑎 by axiom 𝑄 4 (18.2)
Q ⊢ (𝑎 + 0) ′ = 𝑎 ′ by eq. (18.2) (18.3)
Q ⊢ (𝑎 + 0) = (𝑎 + 0)
′ ′
by eq. (18.1) and eq. (18.3)

In the induction step, we can assume that we have shown that Q ⊢ (𝑎 ′ + 𝑛) = (𝑎 + 𝑛) ′ .

Since 𝑛 + 1 is 𝑛 ′ , we need to show that Q proves (𝑎 ′ + 𝑛 ′ ) = (𝑎 + 𝑛 ′ ) ′ . We have:

Q ⊢ (𝑎 ′ + 𝑛 ′ ) = (𝑎 ′ + 𝑛) ′ by axiom 𝑄 5 (18.4)
′ ′ ′
′
Q ⊢ (𝑎 + 𝑛 ) = (𝑎 + 𝑛 ) inductive hypothesis (18.5)
Q ⊢ (𝑎 ′ + 𝑛) ′ = (𝑎 + 𝑛 ′ ) ′ by eq. (18.4) and eq. (18.5). □

It is again worth mentioning that this is weaker than saying that Q proves
∀𝑥 ∀𝑦 (𝑥 ′ + 𝑦) = (𝑥 + 𝑦) ′ . Although this sentence is true in 𝔑, Q does not prove
it.
Lemma 18.23. Q ⊢ ∀𝑥 ¬𝑥 < 0.

Proof. We give the proof informally (i.e., only giving hints as to how to construct the
formal derivation).
We have to prove ¬𝑎 < 0 for an arbitrary 𝑎. By the definition of <, we need to
prove ¬∃𝑦 (𝑦 ′ + 𝑎) = 0 in Q. We’ll assume ∃𝑦 (𝑦 ′ + 𝑎) = 0 and prove a contradiction.
Suppose (𝑏 ′ + 𝑎) = 0. Using 𝑄 3 , we have that 𝑎 = 0 ∨ ∃𝑦 𝑎 = 𝑦 ′ . We distinguish cases.
Case 1: 𝑎 = 0 holds. From (𝑏 ′ + 𝑎) = 0, we have (𝑏 ′ + 0) = 0. By axiom 𝑄 4 of Q,
we have (𝑏 ′ + 0) = 𝑏 ′ , and hence 𝑏 ′ = 0. But by axiom 𝑄 2 we also have 𝑏 ′ ≠ 0, a
contradiction.
Case 2: For some 𝑐, 𝑎 = 𝑐 ′ . But then we have (𝑏 ′ + 𝑐 ′ ) = 0. By axiom 𝑄 5 , we have
(𝑏 ′ + 𝑐) ′ = 0, again contradicting axiom 𝑄 2 . □

Lemma 18.24. For every natural number 𝑛,

Q ⊢ ∀𝑥 (𝑥 < 𝑛 + 1 → (𝑥 = 0 ∨ · · · ∨ 𝑥 = 𝑛)).

239
18. Representability in Q

Proof. We use induction on 𝑛. Let us consider the base case, when 𝑛 = 0. In that case,
we need to show 𝑎 < 1 → 𝑎 = 0, for arbitrary 𝑎. Suppose 𝑎 < 1. Then by the defining
axiom for <, we have ∃𝑦 (𝑦 ′ + 𝑎) = 0′ (since 1 ≡ 0′ ).
Suppose 𝑏 has that property, i.e., we have (𝑏 ′ + 𝑎) = 0′ . We need to show 𝑎 = 0.
By axiom 𝑄 3 , we have either 𝑎 = 0 or that there is a 𝑐 such that 𝑎 = 𝑐 ′ . In the former
case, there is nothing to show. So suppose 𝑎 = 𝑐 ′ . Then we have (𝑏 ′ + 𝑐 ′ ) = 0′ . By
axiom 𝑄 5 of Q, we have (𝑏 ′ + 𝑐) ′ = 0′ . By axiom 𝑄 1 , we have (𝑏 ′ + 𝑐) = 0. But this
means, by axiom 𝑄 8 , that 𝑐 < 0, contradicting Lemma 18.23.
Now for the inductive step. We prove the case for 𝑛 + 1, assuming the case for 𝑛. So
suppose 𝑎 < 𝑛 + 2. Again using 𝑄 3 we can distinguish two cases: 𝑎 = 0 and for some 𝑏,
𝑎 = 𝑐 ′ . In the first case, 𝑎 = 0 ∨ · · · ∨ 𝑎 = 𝑛 + 1 follows trivially. In the second case, we
′ ′
have 𝑐 ′ < 𝑛 + 2, i.e., 𝑐 ′ < 𝑛 + 1 . By axiom 𝑄 8 , for some 𝑑, (𝑑 ′ + 𝑐 ′ ) = 𝑛 + 1 . By axiom
′
𝑄 5 , (𝑑 + 𝑐) = 𝑛 + 1 . By axiom 𝑄 1 , (𝑑 + 𝑐) = 𝑛 + 1, and so 𝑐 < 𝑛 + 1 by axiom 𝑄 8 . By
′ ′ ′

inductive hypothesis, 𝑐 = 0 ∨ · · · ∨ 𝑐 = 𝑛. From this, we get 𝑐 ′ = 0′ ∨ · · · ∨ 𝑐 ′ = 𝑛 ′ by

logic, and so 𝑎 = 1 ∨ · · · ∨ 𝑎 = 𝑛 + 1 since 𝑎 = 𝑐 ′ . □

Lemma 18.25. For every natural number 𝑚,

Q ⊢ ∀𝑦 ((𝑦 < 𝑚 ∨ 𝑚 < 𝑦) ∨ 𝑦 = 𝑚).

Proof. By induction on 𝑚. First, consider the case 𝑚 = 0. Q ⊢ ∀𝑦 (𝑦 = 0 ∨ ∃𝑧 𝑦 = 𝑧 ′ )

by 𝑄 3 . Let 𝑎 be arbitrary. Then either 𝑎 = 0 or for some 𝑏, 𝑎 = 𝑏 ′ . In the former case,
we also have (𝑎 < 0 ∨ 0 < 𝑎) ∨ 𝑎 = 0. But if 𝑎 = 𝑏 ′ , then (𝑏 ′ + 0) = (𝑎 + 0) by the
logic of =. By 𝑄 4 , (𝑎 + 0) = 𝑎, so we have (𝑏 ′ + 0) = 𝑎, and hence ∃𝑧 (𝑧 ′ + 0) = 𝑎. By
the definition of < in 𝑄 8 , 0 < 𝑎. If 0 < 𝑎, then also (0 < 𝑎 ∨ 𝑎 < 0) ∨ 𝑎 = 0.
Now suppose we have
Q ⊢ ∀𝑦 ((𝑦 < 𝑚 ∨ 𝑚 < 𝑦) ∨ 𝑦 = 𝑚)

and we want to show

Q ⊢ ∀𝑦 ((𝑦 < 𝑚 + 1 ∨ 𝑚 + 1 < 𝑦) ∨ 𝑦 = 𝑚 + 1)

Let 𝑎 be arbitrary. By 𝑄 3 , either 𝑎 = 0 or for some 𝑏, 𝑎 = 𝑏 ′ . In the first case, we have
𝑚 ′ + 𝑎 = 𝑚 + 1 by 𝑄 4 , and so 𝑎 < 𝑚 + 1 by 𝑄 8 .
Now consider the second case, 𝑎 = 𝑏 ′ . By the induction hypothesis, (𝑏 < 𝑚 ∨ 𝑚 <
𝑏) ∨ 𝑏 = 𝑚.
The first disjunct 𝑏 < 𝑚 is equivalent (by 𝑄 8 ) to ∃𝑧 (𝑧 ′ +𝑏) = 𝑚. Suppose 𝑐 has this
property. If (𝑐 ′ + 𝑏) = 𝑚, then also (𝑐 ′ + 𝑏) ′ = 𝑚 ′ . By 𝑄 5 , (𝑐 ′ + 𝑏) ′ = (𝑐 ′ + 𝑏 ′ ). Hence,
(𝑐 ′ + 𝑏 ′ ) = 𝑚 ′ . We get ∃𝑢 (𝑢 ′ + 𝑏 ′ ) = 𝑚 + 1 by existentially generalizing on 𝑐 ′ and
keeping in mind that 𝑚 ′ ≡ 𝑚 + 1. Hence, if 𝑏 < 𝑚 then 𝑏 ′ < 𝑚 + 1 and so 𝑎 < 𝑚 + 1.
Now suppose 𝑚 < 𝑏, i.e., ∃𝑧 (𝑧 ′ +𝑚) = 𝑏. Suppose 𝑐 is such a 𝑧, i.e., (𝑐 ′ +𝑚) = 𝑏. By
logic, (𝑐 ′ +𝑚) ′ = 𝑏 ′ . By 𝑄 5 , (𝑐 ′ +𝑚 ′ ) = 𝑏 ′ . Since 𝑎 = 𝑏 ′ and 𝑚 ′ ≡ 𝑚 + 1, (𝑐 ′ +𝑚 + 1) = 𝑎.
By 𝑄 8 , 𝑚 + 1 < 𝑎.
Finally, assume 𝑏 = 𝑚. Then, by logic, 𝑏 ′ = 𝑚 ′ , and so 𝑎 = 𝑚 + 1.
Hence, from each disjunct of the case for 𝑚 and 𝑏, we can obtain the corresponding
disjunct for for 𝑚 + 1 and 𝑎. □

Proposition 18.26. If 𝜑𝑔 (𝑥, 𝑧, 𝑦) represents 𝑔(𝑥, 𝑧) in Q, then

𝜑 𝑓 (𝑧, 𝑦) ≡ 𝜑𝑔 (𝑦, 𝑧, 0) ∧ ∀𝑤 (𝑤 < 𝑦 → ¬𝜑𝑔 (𝑤, 𝑧, 0))
represents 𝑓 (𝑧) = 𝜇𝑥 [𝑔(𝑥, 𝑧) = 0].

240
 18.8. Computable Functions are Representable in Q

Proof. First we show that if 𝑓 (𝑛) = 𝑚, then Q ⊢ 𝜑 𝑓 (𝑛, 𝑚), i.e.,

Q ⊢ 𝜑𝑔 (𝑚, 𝑛, 0) ∧ ∀𝑤 (𝑤 < 𝑚 → ¬𝜑𝑔 (𝑤, 𝑛, 0)).

Since 𝜑𝑔 (𝑥, 𝑧, 𝑦) represents 𝑔(𝑥, 𝑧) and 𝑔(𝑚, 𝑛) = 0 if 𝑓 (𝑛) = 𝑚, we have

Q ⊢ 𝜑𝑔 (𝑚, 𝑛, 0).

If 𝑓 (𝑛) = 𝑚, then for every 𝑘 < 𝑚, 𝑔(𝑘, 𝑛) ≠ 0. So

Q ⊢ ¬𝜑𝑔 (𝑘, 𝑛, 0).

We get that

Q ⊢ ∀𝑤 (𝑤 < 𝑚 → ¬𝜑𝑔 (𝑤, 𝑛, 0)). (18.6)

by Lemma 18.23 in case 𝑚 = 0 and by Lemma 18.24 otherwise.

Now let’s show that if 𝑓 (𝑛) = 𝑚, then Q ⊢ ∀𝑦 (𝜑 𝑓 (𝑛, 𝑦) → 𝑦 = 𝑚). We again
sketch the argument informally, leaving the formalization to the reader.
Suppose 𝜑 𝑓 (𝑛, 𝑏). From this we get (a) 𝜑𝑔 (𝑏, 𝑛, 0) and (b) ∀𝑤 (𝑤 < 𝑏→¬𝜑𝑔 (𝑤, 𝑛, 0)).
By Lemma 18.25, (𝑏 < 𝑚 ∨ 𝑚 < 𝑏) ∨ 𝑏 = 𝑚. We’ll show that both 𝑏 < 𝑚 and 𝑚 < 𝑏
leads to a contradiction.
If 𝑚 < 𝑏, then ¬𝜑𝑔 (𝑚, 𝑛, 0) from (b). But 𝑚 = 𝑓 (𝑛), so 𝑔(𝑚, 𝑛) = 0, and so
Q ⊢ 𝜑𝑔 (𝑚, 𝑛, 0) since 𝜑𝑔 represents 𝑔. So we have a contradiction.
Now suppose 𝑏 < 𝑚. Then since Q ⊢ ∀𝑤 (𝑤 < 𝑚 → ¬𝜑𝑔 (𝑤, 𝑛, 0)) by eq. (18.6), we
get ¬𝜑𝑔 (𝑏, 𝑛, 0). This again contradicts (a). □

18.8 Computable Functions are Representable in Q

Theorem 18.27. Every computable function is representable in Q.

Proof. For definiteness, and using the Church-Turing Thesis, let’s say that a function
is computable iff it is general recursive. The general recursive functions are those
which can be defined from the zero function zero, the successor function succ, and
the projection function 𝑃𝑖𝑛 using composition, primitive recursion, and regular mini-
mization. By Lemma 18.9, any function ℎ that can be defined from 𝑓 and 𝑔 can also
be defined using composition and regular minimization from 𝑓 , 𝑔, and zero, succ, 𝑃𝑖𝑛 ,
add, mult, 𝜒= . Consequently, a function is general recursive iff it can be defined from
zero, succ, 𝑃𝑖𝑛 , add, mult, 𝜒 = using composition and regular minimization.
We’ve furthermore shown that the basic functions in question are representable
in Q (Propositions 18.10 to 18.13, 18.15 and 18.17), and that any function defined from
representable functions by composition or regular minimization (Proposition 18.21,
Proposition 18.26) is also representable. Thus every general recursive function is
representable in Q. □

We have shown that the set of computable functions can be characterized as the
set of functions representable in Q. In fact, the proof is more general. From the
definition of representability, it is not hard to see that any theory extending Q (or in
which one can interpret Q) can represent the computable functions. But, conversely,
in any derivation system in which the notion of derivation is computable, every

241
18. Representability in Q

representable function is computable. So, for example, the set of computable functions
can be characterized as the set of functions representable in Peano arithmetic, or
even Zermelo-Fraenkel set theory. As Gödel noted, this is somewhat surprising. We
will see that when it comes to provability, questions are very sensitive to which
theory you consider; roughly, the stronger the axioms, the more you can prove. But
across a wide range of axiomatic theories, the representable functions are exactly the
computable ones; stronger theories do not represent more functions as long as they
are axiomatizable.

18.9 Representing Relations

Let us say what it means for a relation to be representable.
Definition 18.28. A relation 𝑅(𝑥 0, . . . , 𝑥𝑘 ) on the natural numbers is representable
in Q if there is a formula 𝜑𝑅 (𝑥 0, . . . , 𝑥𝑘 ) such that whenever 𝑅(𝑛 0, . . . , 𝑛𝑘 ) is true, Q
proves 𝜑𝑅 (𝑛 0, . . . , 𝑛𝑘 ), and whenever 𝑅(𝑛 0, . . . , 𝑛𝑘 ) is false, Q proves ¬𝜑𝑅 (𝑛 0, . . . , 𝑛𝑘 ).

Theorem 18.29. A relation is representable in Q if and only if it is computable.

Proof. For the forwards direction, suppose 𝑅(𝑥 0, . . . , 𝑥𝑘 ) is represented by the formula
𝜑𝑅 (𝑥 0, . . . , 𝑥𝑘 ). Here is an algorithm for computing 𝑅: on input 𝑛 0 , . . . , 𝑛𝑘 , simulta-
neously search for a proof of 𝜑𝑅 (𝑛 0, . . . , 𝑛𝑘 ) and a proof of ¬𝜑𝑅 (𝑛 0, . . . , 𝑛𝑘 ). By our
hypothesis, the search is bound to find one or the other; if it is the first, report “yes,”
and otherwise, report “no.”
In the other direction, suppose 𝑅(𝑥 0, . . . , 𝑥𝑘 ) is computable. By definition, this
means that the function 𝜒𝑅 (𝑥 0, . . . , 𝑥𝑘 ) is computable. By Theorem 18.2, 𝜒𝑅 is rep-
resented by a formula, say 𝜑 𝜒𝑅 (𝑥 0, . . . , 𝑥𝑘 , 𝑦). Let 𝜑𝑅 (𝑥 0, . . . , 𝑥𝑘 ) be the formula
𝜑 𝜒𝑅 (𝑥 0, . . . , 𝑥𝑘 , 1). Then for any 𝑛 0 , . . . , 𝑛𝑘 , if 𝑅(𝑛 0, . . . , 𝑛𝑘 ) is true, then 𝜒𝑅 (𝑛 0, . . . , 𝑛𝑘 ) =
1, in which case Q proves 𝜑 𝜒𝑅 (𝑛 0, . . . , 𝑛𝑘 , 1), and so Q proves 𝜑𝑅 (𝑛 0, . . . , 𝑛𝑘 ). On the
other hand, if 𝑅(𝑛 0, . . . , 𝑛𝑘 ) is false, then 𝜒𝑅 (𝑛 0, . . . , 𝑛𝑘 ) = 0. This means that Q proves
∀𝑦 (𝜑 𝜒𝑅 (𝑛 0, . . . , 𝑛𝑘 , 𝑦) → 𝑦 = 0).

Since Q proves 0 ≠ 1, Q proves ¬𝜑 𝜒𝑅 (𝑛 0, . . . , 𝑛𝑘 , 1), and so it proves ¬𝜑𝑅 (𝑛 0, . . . , 𝑛𝑘 ).□

Problems
Problem 18.1. Show that the relations 𝑥 < 𝑦, 𝑥 | 𝑦, and the function rem(𝑥, 𝑦) can
be defined without primitive recursion. You may use 0, successor, plus, times, 𝜒= ,
projections, and bounded minimization and quantification.

Problem 18.2. Prove that 𝑦 = 0, 𝑦 = 𝑥 ′ , and 𝑦 = 𝑥𝑖 represent zero, succ, and 𝑃𝑖𝑛 ,
respectively.

Problem 18.3. Prove Lemma 18.18.

Problem 18.4. Use Lemma 18.18 to prove Proposition 18.17.

Problem 18.5. Using the proofs of Proposition 18.20 and Proposition 18.20 as a guide,
carry out the proof of Proposition 18.21 in detail.

Problem 18.6. Show that if 𝑅 is representable in Q, so is 𝜒𝑅 .

242
Chapter 19

Incompleteness and Provability

19.1 Introduction
Hilbert thought that a system of axioms for a mathematical structure, such as the
natural numbers, is inadequate unless it allows one to derive all true statements
about the structure. Combined with his later interest in formal systems of deduction,
this suggests that he thought that we should guarantee that, say, the formal systems
we are using to reason about the natural numbers is not only consistent, but also
complete, i.e., every statement in its language is either derivable or its negation is.
Gödel’s first incompleteness theorem shows that no such system of axioms exists:
there is no complete, consistent, axiomatizable formal system for arithmetic. In fact,
no “sufficiently strong,” consistent, axiomatizable mathematical theory is complete.
A more important goal of Hilbert’s, the centerpiece of his program for the justifi-
cation of modern (“classical”) mathematics, was to find finitary consistency proofs for
formal systems representing classical reasoning. With regard to Hilbert’s program,
then, Gödel’s second incompleteness theorem was a much bigger blow. The second
incompleteness theorem can be stated in vague terms, like the first incompleteness
theorem. Roughly speaking, it says that no sufficiently strong theory of arithmetic
can prove its own consistency. We will have to take “sufficiently strong” to include a
little bit more than Q.
The idea behind Gödel’s original proof of the incompleteness theorem can be
found in the Epimenides paradox. Epimenides, a Cretan, asserted that all Cretans
are liars; a more direct form of the paradox is the assertion “this sentence is false.”
Essentially, by replacing truth with derivability, Gödel was able to formalize a sentence
which, in a roundabout way, asserts that it itself is not derivable. If that sentence were
derivable, the theory would then be inconsistent. Gödel showed that the negation of
that sentence is also not derivable from the system of axioms he was considering. (For
this second part, Gödel had to assume that the theory T is what’s called “𝜔-consistent.”
𝜔-Consistency is related to consistency, but is a stronger property.1 A few years after
Gödel, Rosser showed that assuming simple consistency of T is enough.)
The first challenge is to understand how one can construct a sentence that refers
to itself. For every formula 𝜑 in the language of Q, let ⌜𝜑⌝ denote the numeral
corresponding to #𝜑 # . Think about what this means: 𝜑 is a formula in the language
of Q, #𝜑 # is a natural number, and ⌜𝜑⌝ is a term in the language of Q. So every
formula 𝜑 in the language of Q has a name, ⌜𝜑⌝, which is a term in the language of Q;
1 That is, any 𝜔-consistent theory is consistent, but not vice versa.

243
19. Incompleteness and Provability

this provides us with a conceptual framework in which formulas in the language

of Q can “say” things about other formulas. The following lemma is known as the
fixed-point lemma.

Lemma 19.1. Let T be any theory extending Q, and let 𝜓 (𝑥) be any formula with only
the variable 𝑥 free. Then there is a sentence 𝜑 such that T ⊢ 𝜑 ↔ 𝜓 (⌜𝜑⌝).

The lemma asserts that given any property 𝜓 (𝑥), there is a sentence 𝜑 that asserts
“𝜓 (𝑥) is true of me,” and T “knows” this.
How can we construct such a sentence? Consider the following version of the
Epimenides paradox, due to Quine:

“Yields falsehood when preceded by its quotation” yields falsehood when

preceded by its quotation.

This sentence is not directly self-referential. It simply makes an assertion about the
syntactic objects between quotes, and, in doing so, it is on par with sentences like

1. “Robert” is a nice name.

2. “I ran.” is a short sentence.

3. “Has three words” has three words.

But what happens when one takes the phrase “yields falsehood when preceded by its
quotation,” and precedes it with a quoted version of itself? Then one has the original
sentence! In short, the sentence asserts that it is false.

19.2 The Fixed-Point Lemma

The fixed-point lemma says that for any formula 𝜓 (𝑥), there is a sentence 𝜑 such that
T ⊢ 𝜑 ↔ 𝜓 (⌜𝜑⌝), provided T extends Q. In the case of the liar sentence, we’d want
𝜑 to be equivalent (provably in T) to “⌜𝜑⌝ is false,” i.e., the statement that #𝜑 # is the
Gödel number of a false sentence. To understand the idea of the proof, it will be useful
to compare it with Quine’s informal gloss of 𝜑 as, “‘yields a falsehood when preceded
by its own quotation’ yields a falsehood when preceded by its own quotation.” The
operation of taking an expression, and then forming a sentence by preceding this
expression by its own quotation may be called diagonalizing the expression, and the
result its diagonalization. So, the diagonalization of ‘yields a falsehood when preceded
by its own quotation’ is “‘yields a falsehood when preceded by its own quotation’
yields a falsehood when preceded by its own quotation.” Now note that Quine’s liar
sentence is not the diagonalization of ‘yields a falsehood’ but of ‘yields a falsehood
when preceded by its own quotation.’ So the property being diagonalized to yield the
liar sentence itself involves diagonalization!
In the language of arithmetic, we form quotations of a formula with one free
variable by computing its Gödel numbers and then substituting the standard numeral
for that Gödel number into the free variable. The diagonalization of 𝛼 (𝑥) is 𝛼 (𝑛),
where 𝑛 = #𝛼 (𝑥) # . (From now on, let’s abbreviate #𝛼 (𝑥) # as ⌜𝛼 (𝑥)⌝.) So if 𝜓 (𝑥) is “is
a falsehood,” then “yields a falsehood if preceded by its own quotation,” would be
“yields a falsehood when applied to the Gödel number of its diagonalization.” If we had
a symbol 𝑑𝑖𝑎𝑔 for the function diag(𝑛) which computes the Gödel number of the diag-
onalization of the formula with Gödel number 𝑛, we could write 𝛼 (𝑥) as 𝜓 (𝑑𝑖𝑎𝑔(𝑥)).

244
 19.2. The Fixed-Point Lemma

And Quine’s version of the liar sentence would then be the diagonalization of it,
i.e., 𝛼 (⌜𝛼 (𝑥)⌝) or 𝜓 (𝑑𝑖𝑎𝑔(⌜𝜓 (𝑑𝑖𝑎𝑔(𝑥))⌝)). Of course, 𝜓 (𝑥) could now be any other
property, and the same construction would work. For the incompleteness theorem,
we’ll take 𝜓 (𝑥) to be “𝑥 is not derivable in T.” Then 𝛼 (𝑥) would be “yields a sentence
not derivable in T when applied to the Gödel number of its diagonalization.”
To formalize this in T, we have to find a way to formalize diag. The function
diag(𝑛) is computable, in fact, it is primitive recursive: if 𝑛 is the Gödel number of
a formula 𝛼 (𝑥), diag(𝑛) returns the Gödel number of 𝛼 (⌜𝛼 (𝑥)⌝). (Recall, ⌜𝛼 (𝑥)⌝
is the standard numeral of the Gödel number of 𝛼 (𝑥), i.e., #𝛼 (𝑥) # ). If 𝑑𝑖𝑎𝑔 were a
function symbol in T representing the function diag, we could take 𝜑 to be the formula
𝜓 (𝑑𝑖𝑎𝑔(⌜𝜓 (𝑑𝑖𝑎𝑔(𝑥))⌝)). Notice that

diag( #𝜓 (𝑑𝑖𝑎𝑔(𝑥)) # ) = #𝜓 (𝑑𝑖𝑎𝑔(⌜𝜓 (𝑑𝑖𝑎𝑔(𝑥))⌝)) #

= #𝜑 # .

Assuming T can derive

𝑑𝑖𝑎𝑔(⌜𝜓 (𝑑𝑖𝑎𝑔(𝑥))⌝) = ⌜𝜑⌝,
it can derive 𝜓 (𝑑𝑖𝑎𝑔(⌜𝜓 (𝑑𝑖𝑎𝑔(𝑥))⌝)) ↔ 𝜓 (⌜𝜑⌝). But the left hand side is, by defini-
tion, 𝜑.
Of course, 𝑑𝑖𝑎𝑔 will in general not be a function symbol of T, and certainly is
not one of Q. But, since diag is computable, it is representable in Q by some formula
𝜃 diag (𝑥, 𝑦). So instead of writing 𝜓 (𝑑𝑖𝑎𝑔(𝑥)) we can write ∃𝑦 (𝜃 diag (𝑥, 𝑦) ∧ 𝜓 (𝑦)).
Otherwise, the proof sketched above goes through, and in fact, it goes through
already in Q.
Lemma 19.2. Let 𝜓 (𝑥) be any formula with one free variable 𝑥. Then there is a sen-
tence 𝜑 such that Q ⊢ 𝜑 ↔ 𝜓 (⌜𝜑⌝).

Proof. Given 𝜓 (𝑥), let 𝛼 (𝑥) be the formula ∃𝑦 (𝜃 diag (𝑥, 𝑦) ∧ 𝜓 (𝑦)) and let 𝜑 be its
diagonalization, i.e., the formula 𝛼 (⌜𝛼 (𝑥)⌝).
Since 𝜃 diag represents diag, and diag( #𝛼 (𝑥) # ) = #𝜑 # , Q can derive

𝜃 diag (⌜𝛼 (𝑥)⌝, ⌜𝜑⌝) (19.1)

∀𝑦 (𝜃 diag (⌜𝛼 (𝑥)⌝, 𝑦) → 𝑦 = ⌜𝜑⌝). (19.2)

Now we show that Q ⊢ 𝜑 ↔ 𝜓 (⌜𝜑⌝). We argue informally, using just logic and facts
derivable in Q.
First, suppose 𝜑, i.e., 𝛼 (⌜𝛼 (𝑥)⌝). Going back to the definition of 𝛼 (𝑥), we see that
𝛼 (⌜𝛼 (𝑥)⌝) just is
∃𝑦 (𝜃 diag (⌜𝛼 (𝑥)⌝, 𝑦) ∧ 𝜓 (𝑦)).
Consider such a 𝑦. Since 𝜃 diag (⌜𝛼 (𝑥)⌝, 𝑦), by eq. (19.2), 𝑦 = ⌜𝜑⌝. So, from 𝜓 (𝑦) we
have 𝜓 (⌜𝜑⌝).
Now suppose 𝜓 (⌜𝜑⌝). By eq. (19.1), we have

𝜃 diag (⌜𝛼 (𝑥)⌝, ⌜𝜑⌝) ∧ 𝜓 (⌜𝜑⌝).

It follows that

∃𝑦 (𝜃 diag (⌜𝛼 (𝑥)⌝, 𝑦) ∧ 𝜓 (𝑦)).

But that’s just 𝛼 (⌜𝛼 (𝑥)⌝), i.e., 𝜑. □

245
19. Incompleteness and Provability

You should compare this to the proof of the fixed-point lemma in computability
theory. The difference is that here we want to define a statement in terms of itself,
whereas there we wanted to define a function in terms of itself; this difference aside,
it is really the same idea.

19.3 The First Incompleteness Theorem

We can now describe Gödel’s original proof of the first incompleteness theorem. Let
T be any computably axiomatized theory in a language extending the language of
arithmetic, such that T includes the axioms of Q. This means that, in particular, T
represents computable functions and relations.
We have argued that, given a reasonable coding of formulas and proofs as numbers,
the relation Prf𝑇 (𝑥, 𝑦) is computable, where Prf𝑇 (𝑥, 𝑦) holds if and only if 𝑥 is the
Gödel number of a derivation of the formula with Gödel number 𝑦 in T. In fact, for the
particular theory that Gödel had in mind, Gödel was able to show that this relation
is primitive recursive, using the list of 45 functions and relations in his paper. The
45th relation, 𝑥𝐵𝑦, is just Prf𝑇 (𝑥, 𝑦) for his particular choice of T. Remember that
where Gödel uses the word “recursive” in his paper, we would now use the phrase
“primitive recursive.”
Since Prf𝑇 (𝑥, 𝑦) is computable, it is representable in T. We will use Prf𝑇 (𝑥, 𝑦)
to refer to the formula that represents it. Let Prov𝑇 (𝑦) be the formula ∃𝑥 Prf𝑇 (𝑥, 𝑦).
This describes the 46th relation, Bew(𝑦), on Gödel’s list. As Gödel notes, this is the
only relation that “cannot be asserted to be recursive.” What he probably meant is
this: from the definition, it is not clear that it is computable; and later developments,
in fact, show that it isn’t.
Let T be an axiomatizable theory containing Q. Then Prf𝑇 (𝑥, 𝑦) is decidable, hence
representable in Q by a formula Prf𝑇 (𝑥, 𝑦). Let Prov𝑇 (𝑦) be the formula we described
above. By the fixed-point lemma, there is a formula 𝛾 T such that Q (and hence T)
derives
𝛾 T ↔ ¬Prov𝑇 (⌜𝛾 T ⌝). (19.3)
Note that 𝛾 T says, in essence, “𝛾 T is not derivable in T.”

Lemma 19.3. If T is a consistent, axiomatizable theory extending Q, then T ⊬ 𝛾 T .

Proof. Suppose T derives 𝛾 T . Then there is a derivation, and so, for some number
𝑚, the relation Prf𝑇 (𝑚, #𝛾 T # ) holds. But then Q derives the sentence Prf𝑇 (𝑚, ⌜𝛾 T ⌝).
So Q derives ∃𝑥 Prf𝑇 (𝑥, ⌜𝛾 T ⌝), which is, by definition, Prov𝑇 (⌜𝛾 T ⌝). By eq. (19.3), Q
derives ¬𝛾 T , and since T extends Q, so does T. We have shown that if T derives 𝛾 T ,
then it also derives ¬𝛾 T , and hence it would be inconsistent. □

Definition 19.4. A theory T is 𝜔-consistent if the following holds: if ∃𝑥 𝜑 (𝑥) is any

sentence and T derives ¬𝜑 (0), ¬𝜑 (1), ¬𝜑 (2), . . . then T does not prove ∃𝑥 𝜑 (𝑥).

Note that every 𝜔-consistent theory is also consistent. This follows simply from the
fact that if T is inconsistent, then T ⊢ 𝜑 for every 𝜑. In particular, if T is inconsistent,
it derives both ¬𝜑 (𝑛) for every 𝑛 and also derives ∃𝑥 𝜑 (𝑥). So, if T is inconsistent, it
is 𝜔-inconsistent. By contraposition, if T is 𝜔-consistent, it must be consistent.

Lemma 19.5. If T is an 𝜔-consistent, axiomatizable theory extending Q, then T ⊬ ¬𝛾 T .

246
 19.4. Rosser’s Theorem

Proof. We show that if T derives ¬𝛾 T , then it is 𝜔-inconsistent. Suppose T derives ¬𝛾 T .

If T is inconsistent, it is 𝜔-inconsistent, and we are done. Otherwise, T is consistent,
so it does not derive 𝛾 T by Lemma 19.3. Since there is no derivation of 𝛾 T in T, Q
derives
¬Prf𝑇 (0, ⌜𝛾 T ⌝), ¬Prf𝑇 (1, ⌜𝛾 T ⌝), ¬Prf𝑇 (2, ⌜𝛾 T ⌝), . . .
and so does T. On the other hand, by eq. (19.3), ¬𝛾 T is equivalent to ∃𝑥 Prf𝑇 (𝑥, ⌜𝛾 T ⌝).
So T is 𝜔-inconsistent. □

Theorem 19.6. Let T be any 𝜔-consistent, axiomatizable theory extending Q. Then T

is not complete.

Proof. If T is 𝜔-consistent, it is consistent, so T ⊬ 𝛾 T by Lemma 19.3. By Lemma 19.5,

T ⊬ ¬𝛾 T . This means that T is incomplete, since it derives neither 𝛾 T nor ¬𝛾 T . □

19.4 Rosser’s Theorem

Can we modify Gödel’s proof to get a stronger result, replacing “𝜔-consistent” with
simply “consistent”? The answer is “yes,” using a trick discovered by Rosser. Rosser’s
trick is to use a “modified” derivability predicate RProv𝑇 (𝑦) instead of Prov𝑇 (𝑦).

Theorem 19.7. Let T be any consistent, axiomatizable theory extending Q. Then T is

not complete.

Proof. Recall that Prov𝑇 (𝑦) is defined as ∃𝑥 Prf𝑇 (𝑥, 𝑦), where Prf𝑇 (𝑥, 𝑦) represents
the decidable relation which holds iff 𝑥 is the Gödel number of a derivation of the
sentence with Gödel number 𝑦. The relation that holds between 𝑥 and 𝑦 if 𝑥 is the
Gödel number of a refutation of the sentence with Gödel number 𝑦 is also decidable.
Let not(𝑥) be the primitive recursive function which does the following: if 𝑥 is the
code of a formula 𝜑, not(𝑥) is a code of ¬𝜑. Then Ref𝑇 (𝑥, 𝑦) holds iff Prf𝑇 (𝑥, not(𝑦)).
Let Ref𝑇 (𝑥, 𝑦) represent it. Then, if T ⊢ ¬𝜑 and 𝛿 is a corresponding derivation,
Q ⊢ Ref𝑇 (⌜𝛿⌝, ⌜𝜑⌝). We define RProv𝑇 (𝑦) as

∃𝑥 (Prf𝑇 (𝑥, 𝑦) ∧ ∀𝑧 (𝑧 < 𝑥 → ¬Ref𝑇 (𝑧, 𝑦))).

Roughly, RProv𝑇 (𝑦) says “there is a proof of 𝑦 in T, and there is no shorter refutation
of 𝑦.” Assuming T is consistent, RProv𝑇 (𝑦) is true of the same numbers as Prov𝑇 (𝑦);
but from the point of view of provability in T (and we now know that there is a
difference between truth and provability!) the two have different properties. If T
is inconsistent, then the two do not hold of the same numbers! (RProv𝑇 (𝑦) is often
read as “𝑦 is Rosser provable.” Since, as just discussed, Rosser provability is not some
special kind of provability—in inconsistent theories, there are sentences that are
provable but not Rosser provable—this may be confusing. To avoid the confusion,
you could instead read it as “𝑦 is shmovable.”)
By the fixed-point lemma, there is a formula 𝜌 T such that

Q ⊢ 𝜌 T ↔ ¬RProv𝑇 (⌜𝜌 T ⌝). (19.4)

In contrast to the proof of Theorem 19.6, here we claim that if T is consistent, T

doesn’t derive 𝜌 T , and T also doesn’t derive ¬𝜌 T . (In other words, we don’t need the
assumption of 𝜔-consistency.)

247
19. Incompleteness and Provability

First, let’s show that T ⊬ 𝜌𝑇 . Suppose it did, so there is a derivation of 𝜌𝑇

from 𝑇 ; let 𝑛 be its Gödel number. Then Q ⊢ Prf𝑇 (𝑛, ⌜𝜌𝑇 ⌝), since Prf𝑇 represents
Prf𝑇 in Q. Also, for each 𝑘 < 𝑛, 𝑘 is not the Gödel number of a derivation of ¬𝜌𝑇 ,
since T is consistent. So for each 𝑘 < 𝑛, Q ⊢ ¬Ref𝑇 (𝑘, ⌜𝜌𝑇 ⌝). By Lemma 18.24,
Q ⊢ ∀𝑧 (𝑧 < 𝑛 → ¬Ref𝑇 (𝑧, ⌜𝜌𝑇 ⌝)). Thus,
Q ⊢ ∃𝑥 (Prf𝑇 (𝑥, ⌜𝜌𝑇 ⌝) ∧ ∀𝑧 (𝑧 < 𝑥 → ¬Ref𝑇 (𝑧, ⌜𝜌𝑇 ⌝))),
but that’s just RProv𝑇 (⌜𝜌𝑇 ⌝). By eq. (19.4), Q ⊢ ¬𝜌𝑇 . Since T extends Q, also T ⊢ ¬𝜌𝑇 .
We’ve assumed that T ⊢ 𝜌𝑇 , so T would be inconsistent, contrary to the assumption
of the theorem.
Now, let’s show that T ⊬ ¬𝜌𝑇 . Again, suppose it did, and suppose 𝑛 is the Gödel
number of a derivation of ¬𝜌𝑇 . Then Ref𝑇 (𝑛, # 𝜌𝑇 # ) holds, and since Ref𝑇 represents
Ref𝑇 in Q, Q ⊢ Ref𝑇 (𝑛, ⌜𝜌𝑇 ⌝). We’ll again show that T would then be inconsistent
because it would also derive 𝜌𝑇 . Since
Q ⊢ 𝜌𝑇 ↔ ¬RProv𝑇 (⌜𝜌𝑇 ⌝),

and since T extends Q, it suffices to show that

Q ⊢ ¬RProv𝑇 (⌜𝜌𝑇 ⌝).

The sentence ¬RProv𝑇 (⌜𝜌𝑇 ⌝), i.e.,
¬∃𝑥 (Prf𝑇 (𝑥, ⌜𝜌𝑇 ⌝) ∧ ∀𝑧 (𝑧 < 𝑥 → ¬Ref𝑇 (𝑧, ⌜𝜌𝑇 ⌝))),

is logically equivalent to

∀𝑥 (Prf𝑇 (𝑥, ⌜𝜌𝑇 ⌝) → ∃𝑧 (𝑧 < 𝑥 ∧ Ref𝑇 (𝑧, ⌜𝜌𝑇 ⌝))).

We argue informally using logic, making use of facts about what Q derives. Suppose
𝑥 is arbitrary and Prf𝑇 (𝑥, ⌜𝜌𝑇 ⌝). We already know that T ⊬ 𝜌𝑇 , and so for every
𝑘, Q ⊢ ¬Prf𝑇 (𝑘, ⌜𝜌𝑇 ⌝). Thus, for every 𝑘 it follows that 𝑥 ≠ 𝑘. In particular, we
have (a) that 𝑥 ≠ 𝑛. We also have ¬(𝑥 = 0 ∨ 𝑥 = 1 ∨ · · · ∨ 𝑥 = 𝑛 − 1) and so by
Lemma 18.24, (b) ¬(𝑥 < 𝑛). By Lemma 18.25, 𝑛 < 𝑥. Since Q ⊢ Ref𝑇 (𝑛, ⌜𝜌𝑇 ⌝), we
have 𝑛 < 𝑥 ∧ Ref𝑇 (𝑛, ⌜𝜌𝑇 ⌝), and from that ∃𝑧 (𝑧 < 𝑥 ∧ Ref𝑇 (𝑧, ⌜𝜌𝑇 ⌝)). Since 𝑥 was
arbitrary we get, as required, that
∀𝑥 (Prf𝑇 (𝑥, ⌜𝜌𝑇 ⌝) → ∃𝑧 (𝑧 < 𝑥 ∧ Ref𝑇 (𝑧, ⌜𝜌𝑇 ⌝))). □

19.5 Comparison with Gödel’s Original Paper

It is worthwhile to spend some time with Gödel’s 1931 paper. The introduction sketches
the ideas we have just discussed. Even if you just skim through the paper, it is easy
to see what is going on at each stage: first Gödel describes the formal system 𝑃
(syntax, axioms, proof rules); then he defines the primitive recursive functions and
relations; then he shows that 𝑥𝐵𝑦 is primitive recursive, and argues that the primitive
recursive functions and relations are represented in P. He then goes on to prove
the incompleteness theorem, as above. In Section 3, he shows that one can take the
unprovable assertion to be a sentence in the language of arithmetic. This is the origin
of the 𝛽-lemma, which is what we also used to handle sequences in showing that
the recursive functions are representable in Q. Gödel doesn’t go so far to isolate a
minimal set of axioms that suffice, but we now know that Q will do the trick. Finally,
in Section 4, he sketches a proof of the second incompleteness theorem.

248
 19.5. Comparison with Gödel’s Original Paper

Problems
Problem 19.1. A formula 𝜑 (𝑥) is a truth definition if Q ⊢ 𝜓 ↔ 𝜑 (⌜𝜓 ⌝) for all sen-
tences 𝜓 . Show that no formula is a truth definition by using the fixed-point lemma.

Problem 19.2. Every 𝜔-consistent theory is consistent. Show that the converse does
not hold, i.e., that there are consistent but 𝜔-inconsistent theories. Do this by showing
that Q ∪ {¬𝛾 Q } is consistent but 𝜔-inconsistent.

Problem 19.3. Two sets 𝐴 and 𝐵 of natural numbers are said to be computably
inseparable if there is no decidable set 𝑋 such that 𝐴 ⊆ 𝑋 and 𝐵 ⊆ 𝑋 (𝑋 is the
complement, N \ 𝑋 , of 𝑋 ). Let T be a consistent axiomatizable extension of Q.
Suppose 𝐴 is the set of Gödel numbers of sentences provable in T and 𝐵 the set
of Gödel numbers of sentences refutable in T. Prove that 𝐴 and 𝐵 are computably
inseparable.

249
 Part VI

Appendices

251
Appendix A

Proofs

A.1 Introduction
Based on your experiences in introductory logic, you might be comfortable with
a derivation system—probably a natural deduction or Fitch style derivation system, or
perhaps a proof-tree system. You probably remember doing proofs in these systems,
either proving a formula or show that a given argument is valid. In order to do this,
you applied the rules of the system until you got the desired end result. In reasoning
about logic, we also prove things, but in most cases we are not using a derivation
system. In fact, most of the proofs we consider are done in English (perhaps, with
some symbolic language thrown in) rather than entirely in the language of first-order
logic. When constructing such proofs, you might at first be at a loss—how do I prove
something without a derivation system? How do I start? How do I know if my proof
is correct?
Before attempting a proof, it’s important to know what a proof is and how to
construct one. As implied by the name, a proof is meant to show that something is
true. You might think of this in terms of a dialogue—someone asks you if something
is true, say, if every prime other than two is an odd number. To answer “yes” is not
enough; they might want to know why. In this case, you’d give them a proof.
In everyday discourse, it might be enough to gesture at an answer, or give an
incomplete answer. In logic and mathematics, however, we want rigorous proof—we
want to show that something is true beyond any doubt. This means that every step in
our proof must be justified, and the justification must be cogent (i.e., the assumption
you’re using is actually assumed in the statement of the theorem you’re proving, the
definitions you apply must be correctly applied, the justifications appealed to must
be correct inferences, etc.).
Usually, we’re proving some statement. We call the statements we’re proving
by various names: propositions, theorems, lemmas, or corollaries. A proposition
is a basic proof-worthy statement: important enough to record, but perhaps not
particularly deep nor applied often. A theorem is a significant, important proposition.
Its proof often is broken into several steps, and sometimes it is named after the person
who first proved it (e.g., Cantor’s Theorem, the Löwenheim-Skolem theorem) or after
the fact it concerns (e.g., the completeness theorem). A lemma is a proposition or
theorem that is used in the proof of a more important result. Confusingly, sometimes
lemmas are important results in themselves, and also named after the person who
introduced them (e.g., Zorn’s Lemma). A corollary is a result that easily follows from

253
A. Proofs

another one.
A statement to be proved often contains assumptions that clarify which kinds of
things we’re proving something about. It might begin with “Let 𝜑 be a formula of the
form 𝜓 → 𝜒” or “Suppose Γ ⊢ 𝜑” or something of the sort. These are hypotheses of the
proposition, theorem, or lemma, and you may assume these to be true in your proof.
They restrict what we’re proving, and also introduce some names for the objects we’re
talking about. For instance, if your proposition begins with “Let 𝜑 be a formula of
the form 𝜓 → 𝜒,” you’re proving something about all formulas of a certain sort only
(namely, conditionals), and it’s understood that 𝜓 → 𝜒 is an arbitrary conditional that
your proof will talk about.

A.2 Starting a Proof

But where do you even start?
You’ve been given something to prove, so this should be the last thing that is
mentioned in the proof (you can, obviously, announce that you’re going to prove it at
the beginning, but you don’t want to use it as an assumption). Write what you are
trying to prove at the bottom of a fresh sheet of paper—this way you don’t lose sight
of your goal.
Next, you may have some assumptions that you are able to use (this will be made
clearer when we talk about the type of proof you are doing in the next section). Write
these at the top of the page and make sure to flag that they are assumptions (i.e., if
you are assuming 𝑝, write “assume that 𝑝,” or “suppose that 𝑝”). Finally, there might
be some definitions in the question that you need to know. You might be told to
use a specific definition, or there might be various definitions in the assumptions
or conclusion that you are working towards. Write these down and ensure that you
understand what they mean.
How you set up your proof will also be dependent upon the form of the question.
The next section provides details on how to set up your proof based on the type of
sentence.

A.3 Using Definitions

We mentioned that you must be familiar with all definitions that may be used in the
proof, and that you can properly apply them. This is a really important point, and it
is worth looking at in a bit more detail. Definitions are used to abbreviate properties
and relations so we can talk about them more succinctly. The introduced abbreviation
is called the definiendum, and what it abbreviates is the definiens. In proofs, we often
have to go back to how the definiendum was introduced, because we have to exploit
the logical structure of the definiens (the long version of which the defined term is
the abbreviation) to get through our proof. By unpacking definitions, you’re ensuring
that you’re getting to the heart of where the logical action is.
We’ll start with an example. Suppose you want to prove the following:
Proposition A.1. For any sets 𝐴 and 𝐵, 𝐴 ∪ 𝐵 = 𝐵 ∪ 𝐴.

In order to even start the proof, we need to know what it means for two sets to
be identical; i.e., we need to know what the “=” in that equation means for sets. Sets
are defined to be identical whenever they have the same elements. So the definition
we have to unpack is:

254
 A.4. Inference Patterns

Definition A.2. Sets 𝐴 and 𝐵 are identical, 𝐴 = 𝐵, iff every element of 𝐴 is an element
of 𝐵, and vice versa.

This definition uses 𝐴 and 𝐵 as placeholders for arbitrary sets. What it defines—the
definiendum—is the expression “𝐴 = 𝐵” by giving the condition under which 𝐴 = 𝐵 is
true. This condition—“every element of 𝐴 is an element of 𝐵, and vice versa”—is the
definiens.1 The definition specifies that 𝐴 = 𝐵 is true if, and only if (we abbreviate this
to “iff”) the condition holds.
When you apply the definition, you have to match the 𝐴 and 𝐵 in the definition to
the case you’re dealing with. In our case, it means that in order for 𝐴 ∪ 𝐵 = 𝐵 ∪ 𝐴 to
be true, each 𝑧 ∈ 𝐴 ∪ 𝐵 must also be in 𝐵 ∪ 𝐴, and vice versa. The expression 𝐴 ∪ 𝐵 in
the proposition plays the role of 𝐴 in the definition, and 𝐵 ∪ 𝐴 that of 𝐵. Since 𝐴 and 𝐵
are used both in the definition and in the statement of the proposition we’re proving,
but in different uses, you have to be careful to make sure you don’t mix up the two.
For instance, it would be a mistake to think that you could prove the proposition by
showing that every element of 𝐴 is an element of 𝐵, and vice versa—that would show
that 𝐴 = 𝐵, not that 𝐴 ∪ 𝐵 = 𝐵 ∪ 𝐴. (Also, since 𝐴 and 𝐵 may be any two sets, you
won’t get very far, because if nothing is assumed about 𝐴 and 𝐵 they may well be
different sets.)
Within the proof we are dealing with set-theoretic notions such as union, and
so we must also know the meanings of the symbol ∪ in order to understand how
the proof should proceed. And sometimes, unpacking the definition gives rise to
further definitions to unpack. For instance, 𝐴 ∪ 𝐵 is defined as {𝑧 | 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵}.
So if you want to prove that 𝑥 ∈ 𝐴 ∪ 𝐵, unpacking the definition of ∪ tells you that
you have to prove 𝑥 ∈ {𝑧 | 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵}. Now you also have to remember that
𝑥 ∈ {𝑧 | . . . 𝑧 . . .} iff . . . 𝑥 . . . . So, further unpacking the definition of the {𝑧 | . . . 𝑧 . . .}
notation, what you have to show is: 𝑥 ∈ 𝐴 or 𝑥 ∈ 𝐵. So, “every element of 𝐴 ∪ 𝐵 is
also an element of 𝐵 ∪ 𝐴” really means: “for every 𝑥, if 𝑥 ∈ 𝐴 or 𝑥 ∈ 𝐵, then 𝑥 ∈ 𝐵
or 𝑥 ∈ 𝐴.” If we fully unpack the definitions in the proposition, we see that what we
have to show is this:

Proposition A.3. For any sets 𝐴 and 𝐵: (a) for every 𝑥, if 𝑥 ∈ 𝐴 or 𝑥 ∈ 𝐵, then 𝑥 ∈ 𝐵
or 𝑥 ∈ 𝐴, and (b) for every 𝑥, if 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐴, then 𝑥 ∈ 𝐴 or 𝑥 ∈ 𝐵.

What’s important is that unpacking definitions is a necessary part of constructing

a proof. Properly doing it is sometimes difficult: you must be careful to distinguish
and match the variables in the definition and the terms in the claim you’re proving.
In order to be successful, you must know what the question is asking and what
all the terms used in the question mean—you will often need to unpack more than
one definition. In simple proofs such as the ones below, the solution follows almost
immediately from the definitions themselves. Of course, it won’t always be this
simple.

A.4 Inference Patterns

Proofs are composed of individual inferences. When we make an inference, we
typically indicate that by using a word like “so,” “thus,” or “therefore.” The inference
1 In this particular case—and very confusingly!—when 𝐴 = 𝐵, the sets 𝐴 and 𝐵 are just one and the

same set, even though we use different letters for it on the left and the right side. But the ways in which
that set is picked out may be different, and that makes the definition non-trivial.

255
A. Proofs

often relies on one or two facts we already have available in our proof—it may be
something we have assumed, or something that we’ve concluded by an inference
already. To be clear, we may label these things, and in the inference we indicate what
other statements we’re using in the inference. An inference will often also contain
an explanation of why our new conclusion follows from the things that come before
it. There are some common patterns of inference that are used very often in proofs;
we’ll go through some below. Some patterns of inference, like proofs by induction,
are more involved (and will be discussed later).
We’ve already discussed one pattern of inference: unpacking, or applying, a
definition. When we unpack a definition, we just restate something that involves
the definiendum by using the definiens. For instance, suppose that we have already
established in the course of a proof that 𝐷 = 𝐸 (a). Then we may apply the definition
of = for sets and infer: “Thus, by definition from (a), every element of 𝐷 is an element
of 𝐸 and vice versa.”
Somewhat confusingly, we often do not write the justification of an inference
when we actually make it, but before. Suppose we haven’t already proved that 𝐷 = 𝐸,
but we want to. If 𝐷 = 𝐸 is the conclusion we aim for, then we can restate this aim
also by applying the definition: to prove 𝐷 = 𝐸 we have to prove that every element
of 𝐷 is an element of 𝐸 and vice versa. So our proof will have the form: (a) prove that
every element of 𝐷 is an element of 𝐸; (b) every element of 𝐸 is an element of 𝐷; (c)
therefore, from (a) and (b) by definition of =, 𝐷 = 𝐸. But we would usually not write
it this way. Instead we might write something like,

We want to show 𝐷 = 𝐸. By definition of =, this amounts to showing

that every element of 𝐷 is an element of 𝐸 and vice versa.
(a) . . . (a proof that every element of 𝐷 is an element of 𝐸) . . .
(b) . . . (a proof that every element of 𝐸 is an element of 𝐷) . . .

Using a Conjunction
Perhaps the simplest inference pattern is that of drawing as conclusion one of the
conjuncts of a conjunction. In other words: if we have assumed or already proved
that 𝑝 and 𝑞, then we’re entitled to infer that 𝑝 (and also that 𝑞). This is such a
basic inference that it is often not mentioned. For instance, once we’ve unpacked the
definition of 𝐷 = 𝐸 we’ve established that every element of 𝐷 is an element of 𝐸 and
vice versa. From this we can conclude that every element of 𝐸 is an element of 𝐷
(that’s the “vice versa” part).

Proving a Conjunction
Sometimes what you’ll be asked to prove will have the form of a conjunction; you
will be asked to “prove 𝑝 and 𝑞.” In this case, you simply have to do two things: prove
𝑝, and then prove 𝑞. You could divide your proof into two sections, and for clarity,
label them. When you’re making your first notes, you might write “(1) Prove 𝑝” at
the top of the page, and “(2) Prove 𝑞” in the middle of the page. (Of course, you might
not be explicitly asked to prove a conjunction but find that your proof requires that
you prove a conjunction. For instance, if you’re asked to prove that 𝐷 = 𝐸 you will
find that, after unpacking the definition of =, you have to prove: every element of 𝐷
is an element of 𝐸 and every element of 𝐸 is an element of 𝐷).

256
 A.4. Inference Patterns

Proving a Disjunction
When what you are proving takes the form of a disjunction (i.e., it is an statement of
the form “𝑝 or 𝑞”), it is enough to show that one of the disjuncts is true. However, it
basically never happens that either disjunct just follows from the assumptions of your
theorem. More often, the assumptions of your theorem are themselves disjunctive, or
you’re showing that all things of a certain kind have one of two properties, but some
of the things have the one and others have the other property. This is where proof by
cases is useful (see below).

Conditional Proof
Many theorems you will encounter are in conditional form (i.e., show that if 𝑝 holds,
then 𝑞 is also true). These cases are nice and easy to set up—simply assume the
antecedent of the conditional (in this case, 𝑝) and prove the conclusion 𝑞 from it. So
if your theorem reads, “If 𝑝 then 𝑞,” you start your proof with “assume 𝑝” and at the
end you should have proved 𝑞.
Conditionals may be stated in different ways. So instead of “If 𝑝 then 𝑞,” a theorem
may state that “𝑝 only if 𝑞,” “𝑞 if 𝑝,” or “𝑞, provided 𝑝.” These all mean the same and
require assuming 𝑝 and proving 𝑞 from that assumption. Recall that a biconditional
(“𝑝 if and only if (iff) 𝑞”) is really two conditionals put together: if 𝑝 then 𝑞, and if 𝑞
then 𝑝. All you have to do, then, is two instances of conditional proof: one for the
first conditional and another one for the second. Sometimes, however, it is possible
to prove an “iff” statement by chaining together a bunch of other “iff” statements so
that you start with “𝑝” an end with “𝑞”—but in that case you have to make sure that
each step really is an “iff.”

Universal Claims
Using a universal claim is simple: if something is true for anything, it’s true for
each particular thing. So if, say, the hypothesis of your proof is 𝐴 ⊆ 𝐵, that means
(unpacking the definition of ⊆), that, for every 𝑥 ∈ 𝐴, 𝑥 ∈ 𝐵. Thus, if you already
know that 𝑧 ∈ 𝐴, you can conclude 𝑧 ∈ 𝐵.
Proving a universal claim may seem a little bit tricky. Usually these statements
take the following form: “If 𝑥 has 𝑃, then it has 𝑄” or “All 𝑃s are 𝑄s.” Of course,
it might not fit this form perfectly, and it takes a bit of practice to figure out what
you’re asked to prove exactly. But: we often have to prove that all objects with some
property have a certain other property.
The way to prove a universal claim is to introduce names or variables, for the
things that have the one property and then show that they also have the other property.
We might put this by saying that to prove something for all 𝑃s you have to prove
it for an arbitrary 𝑃. And the name introduced is a name for an arbitrary 𝑃. We
typically use single letters as these names for arbitrary things, and the letters usually
follow conventions: e.g., we use 𝑛 for natural numbers, 𝜑 for formulas, 𝐴 for sets, 𝑓
for functions, etc.
The trick is to maintain generality throughout the proof. You start by assuming
that an arbitrary object (“𝑥”) has the property 𝑃, and show (based only on definitions
or what you are allowed to assume) that 𝑥 has the property 𝑄. Because you have
not stipulated what 𝑥 is specifically, other that it has the property 𝑃, then you can

257
A. Proofs

assert that all every 𝑃 has the property 𝑄. In short, 𝑥 is a stand-in for all things with
property 𝑃.

Proposition A.4. For all sets 𝐴 and 𝐵, 𝐴 ⊆ 𝐴 ∪ 𝐵.

Proof. Let 𝐴 and 𝐵 be arbitrary sets. We want to show that 𝐴 ⊆ 𝐴 ∪ 𝐵. By definition

of ⊆, this amounts to: for every 𝑥, if 𝑥 ∈ 𝐴 then 𝑥 ∈ 𝐴 ∪ 𝐵. So let 𝑥 ∈ 𝐴 be an arbitrary
element of 𝐴. We have to show that 𝑥 ∈ 𝐴 ∪ 𝐵. Since 𝑥 ∈ 𝐴, 𝑥 ∈ 𝐴 or 𝑥 ∈ 𝐵. Thus,
𝑥 ∈ {𝑥 | 𝑥 ∈ 𝐴 ∨ 𝑥 ∈ 𝐵}. But that, by definition of ∪, means 𝑥 ∈ 𝐴 ∪ 𝐵. □

Proof by Cases
Suppose you have a disjunction as an assumption or as an already established
conclusion—you have assumed or proved that 𝑝 or 𝑞 is true. You want to prove
𝑟 . You do this in two steps: first you assume that 𝑝 is true, and prove 𝑟 , then you
assume that 𝑞 is true and prove 𝑟 again. This works because we assume or know that
one of the two alternatives holds. The two steps establish that either one is sufficient
for the truth of 𝑟 . (If both are true, we have not one but two reasons for why 𝑟 is
true. It is not necessary to separately prove that 𝑟 is true assuming both 𝑝 and 𝑞.) To
indicate what we’re doing, we announce that we “distinguish cases.” For instance,
suppose we know that 𝑥 ∈ 𝐵 ∪ 𝐶. 𝐵 ∪ 𝐶 is defined as {𝑥 | 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐶}. In other
words, by definition, 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐶. We would prove that 𝑥 ∈ 𝐴 from this by first
assuming that 𝑥 ∈ 𝐵, and proving 𝑥 ∈ 𝐴 from this assumption, and then assume 𝑥 ∈ 𝐶,
and again prove 𝑥 ∈ 𝐴 from this. You would write “We distinguish cases” under the
assumption, then “Case (1): 𝑥 ∈ 𝐵” underneath, and “Case (2): 𝑥 ∈ 𝐶 halfway down
the page. Then you’d proceed to fill in the top half and the bottom half of the page.
Proof by cases is especially useful if what you’re proving is itself disjunctive.
Here’s a simple example:

Proposition A.5. Suppose 𝐵 ⊆ 𝐷 and 𝐶 ⊆ 𝐸. Then 𝐵 ∪ 𝐶 ⊆ 𝐷 ∪ 𝐸.

Proof. Assume (a) that 𝐵 ⊆ 𝐷 and (b) 𝐶 ⊆ 𝐸. By definition, any 𝑥 ∈ 𝐵 is also ∈ 𝐷 (c)
and any 𝑥 ∈ 𝐶 is also ∈ 𝐸 (d). To show that 𝐵 ∪ 𝐶 ⊆ 𝐷 ∪ 𝐸, we have to show that
if 𝑥 ∈ 𝐵 ∪ 𝐶 then 𝑥 ∈ 𝐷 ∪ 𝐸 (by definition of ⊆). 𝑥 ∈ 𝐵 ∪ 𝐶 iff 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐶 (by
definition of ∪). Similarly, 𝑥 ∈ 𝐷 ∪ 𝐸 iff 𝑥 ∈ 𝐷 or 𝑥 ∈ 𝐸. So, we have to show: for any
𝑥, if 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐶, then 𝑥 ∈ 𝐷 or 𝑥 ∈ 𝐸.

So far we’ve only unpacked definitions! We’ve reformulated our propo-

sition without ⊆ and ∪ and are left with trying to prove a universal
conditional claim. By what we’ve discussed above, this is done by assum-
ing that 𝑥 is something about which we assume the “if” part is true, and
we’ll go on to show that the “then” part is true as well. In other words,
we’ll assume that 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐶 and show that 𝑥 ∈ 𝐷 or 𝑥 ∈ 𝐸.2

Suppose that 𝑥 ∈ 𝐵 or 𝑥 ∈ 𝐶. We have to show that 𝑥 ∈ 𝐷 or 𝑥 ∈ 𝐸. We distinguish

cases.
Case 1: 𝑥 ∈ 𝐵. By (c), 𝑥 ∈ 𝐷. Thus, 𝑥 ∈ 𝐷 or 𝑥 ∈ 𝐸. (Here we’ve made the inference
discussed in the preceding subsection!)
Case 2: 𝑥 ∈ 𝐶. By (d), 𝑥 ∈ 𝐸. Thus, 𝑥 ∈ 𝐷 or 𝑥 ∈ 𝐸. □
2 This paragraph just explains what we’re doing—it’s not part of the proof, and you don’t have to go

into all this detail when you write down your own proofs.

258
 A.4. Inference Patterns

Proving an Existence Claim

When asked to prove an existence claim, the question will usually be of the form
“prove that there is an 𝑥 such that . . . 𝑥 . . . ”, i.e., that some object that has the property
described by “. . . 𝑥 . . . ”. In this case you’ll have to identify a suitable object show that
is has the required property. This sounds straightforward, but a proof of this kind
can be tricky. Typically it involves constructing or defining an object and proving that
the object so defined has the required property. Finding the right object may be hard,
proving that it has the required property may be hard, and sometimes it’s even tricky
to show that you’ve succeeded in defining an object at all!
Generally, you’d write this out by specifying the object, e.g., “let 𝑥 be . . . ” (where . . .
specifies which object you have in mind), possibly proving that . . . in fact describes
an object that exists, and then go on to show that 𝑥 has the property 𝑄. Here’s a
simple example.

Proposition A.6. Suppose that 𝑥 ∈ 𝐵. Then there is an 𝐴 such that 𝐴 ⊆ 𝐵 and 𝐴 ≠ ∅.

Proof. Assume 𝑥 ∈ 𝐵. Let 𝐴 = {𝑥 }.

Here we’ve defined the set 𝐴 by enumerating its elements. Since we

assume that 𝑥 is an object, and we can always form a set by enumerating
its elements, we don’t have to show that we’ve succeeded in defining
a set 𝐴 here. However, we still have to show that 𝐴 has the properties
required by the proposition. The proof isn’t complete without that!

Since 𝑥 ∈ 𝐴, 𝐴 ≠ ∅.

This relies on the definition of 𝐴 as {𝑥 } and the obvious facts that 𝑥 ∈ {𝑥 }

and 𝑥 ∉ ∅.

Since 𝑥 is the only element of {𝑥 }, and 𝑥 ∈ 𝐵, every element of 𝐴 is also an element

of 𝐵. By definition of ⊆, 𝐴 ⊆ 𝐵. □

Using Existence Claims

Suppose you know that some existence claim is true (you’ve proved it, or it’s a
hypothesis you can use), say, “for some 𝑥, 𝑥 ∈ 𝐴” or “there is an 𝑥 ∈ 𝐴.” If you want to
use it in your proof, you can just pretend that you have a name for one of the things
which your hypothesis says exist. Since 𝐴 contains at least one thing, there are things
to which that name might refer. You might of course not be able to pick one out or
describe it further (other than that it is ∈ 𝐴). But for the purpose of the proof, you
can pretend that you have picked it out and give a name to it. It’s important to pick a
name that you haven’t already used (or that appears in your hypotheses), otherwise
things can go wrong. In your proof, you indicate this by going from “for some 𝑥,
𝑥 ∈ 𝐴” to “Let 𝑎 ∈ 𝐴.” Now you can reason about 𝑎, use some other hypotheses, etc.,
until you come to a conclusion, 𝑝. If 𝑝 no longer mentions 𝑎, 𝑝 is independent of the
asusmption that 𝑎 ∈ 𝐴, and you’ve shown that it follows just from the assumption
“for some 𝑥, 𝑥 ∈ 𝐴.”

Proposition A.7. If 𝐴 ≠ ∅, then 𝐴 ∪ 𝐵 ≠ ∅.

Proof. Suppose 𝐴 ≠ ∅. So for some 𝑥, 𝑥 ∈ 𝐴.

259
A. Proofs

Here we first just restated the hypothesis of the proposition. This hy-
pothesis, i.e., 𝐴 ≠ ∅, hides an existential claim, which you get to only by
unpacking a few definitions. The definition of = tells us that 𝐴 = ∅ iff
every 𝑥 ∈ 𝐴 is also ∈ ∅ and every 𝑥 ∈ ∅ is also ∈ 𝐴. Negating both sides,
we get: 𝐴 ≠ ∅ iff either some 𝑥 ∈ 𝐴 is ∉ ∅ or some 𝑥 ∈ ∅ is ∉ 𝐴. Since
nothing is ∈ ∅, the second disjunct can never be true, and “𝑥 ∈ 𝐴 and
𝑥 ∉ ∅” reduces to just 𝑥 ∈ 𝐴. So 𝑥 ≠ ∅ iff for some 𝑥, 𝑥 ∈ 𝐴. That’s an
existence claim. Now we use that existence claim by introducing a name
for one of the elements of 𝐴:

Let 𝑎 ∈ 𝐴.

Now we’ve introduced a name for one of the things ∈ 𝐴. We’ll continue
to argue about 𝑎, but we’ll be careful to only assume that 𝑎 ∈ 𝐴 and
nothing else:

Since 𝑎 ∈ 𝐴, 𝑎 ∈ 𝐴 ∪ 𝐵, by definition of ∪. So for some 𝑥, 𝑥 ∈ 𝐴 ∪ 𝐵, i.e., 𝐴 ∪ 𝐵 ≠ ∅.

In that last step, we went from “𝑎 ∈ 𝐴 ∪ 𝐵” to “for some 𝑥, 𝑥 ∈ 𝐴 ∪ 𝐵.”

That doesn’t mention 𝑎 anymore, so we know that “for some 𝑥, 𝑥 ∈ 𝐴 ∪ 𝐵”
follows from “for some 𝑥, 𝑥 ∈ 𝐴 alone.” But that means that 𝐴 ∪ 𝐵 ≠ ∅. □

It’s maybe good practice to keep bound variables like “𝑥” separate from hypothet-
ical names like 𝑎, like we did. In practice, however, we often don’t and just use 𝑥, like
so:

Suppose 𝐴 ≠ ∅, i.e., there is an 𝑥 ∈ 𝐴. By definition of ∪, 𝑥 ∈ 𝐴 ∪ 𝐵. So

𝐴 ∪ 𝐵 ≠ ∅.

However, when you do this, you have to be extra careful that you use different 𝑥’s
and 𝑦’s for different existential claims. For instance, the following is not a correct
proof of “If 𝐴 ≠ ∅ and 𝐵 ≠ ∅ then 𝐴 ∩ 𝐵 ≠ ∅” (which is not true).

Suppose 𝐴 ≠ ∅ and 𝐵 ≠ ∅. So for some 𝑥, 𝑥 ∈ 𝐴 and also for some 𝑥,

𝑥 ∈ 𝐵. Since 𝑥 ∈ 𝐴 and 𝑥 ∈ 𝐵, 𝑥 ∈ 𝐴 ∩ 𝐵, by definition of ∩. So 𝐴 ∩ 𝐵 ≠ ∅.

Can you spot where the incorrect step occurs and explain why the result does not
hold?

A.5 An Example
Our first example is the following simple fact about unions and intersections of sets.
It will illustrate unpacking definitions, proofs of conjunctions, of universal claims,
and proof by cases.

Proposition A.8. For any sets 𝐴, 𝐵, and 𝐶, 𝐴 ∪ (𝐵 ∩ 𝐶) = (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶)

Let’s prove it!

Proof. We want to show that for any sets 𝐴, 𝐵, and 𝐶, 𝐴 ∪ (𝐵 ∩𝐶) = (𝐴 ∪ 𝐵) ∩ (𝐴 ∪𝐶)

260
 A.5. An Example

First we unpack the definition of “=” in the statement of the proposition.

Recall that proving sets identical means showing that the sets have the
same elements. That is, all elements of 𝐴 ∪ (𝐵 ∩ 𝐶) are also elements of
(𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶), and vice versa. The “vice versa” means that also every
element of (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶) must be an element of 𝐴 ∪ (𝐵 ∩ 𝐶). So in
unpacking the definition, we see that we have to prove a conjunction.
Let’s record this:

By definition, 𝐴 ∪ (𝐵 ∩ 𝐶) = (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶) iff every element of 𝐴 ∪ (𝐵 ∩ 𝐶) is also

an element of (𝐴 ∪ 𝐵) ∩ (𝐴 ∪𝐶), and every element of (𝐴 ∪ 𝐵) ∩ (𝐴 ∪𝐶) is an element
of 𝐴 ∪ (𝐵 ∩ 𝐶).

Since this is a conjunction, we must prove each conjunct separately. Lets

start with the first: let’s prove that every element of 𝐴 ∪ (𝐵 ∩ 𝐶) is also
an element of (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶).
This is a universal claim, and so we consider an arbitrary element of
𝐴 ∪ (𝐵 ∩𝐶) and show that it must also be an element of (𝐴 ∪ 𝐵) ∩ (𝐴 ∪𝐶).
We’ll pick a variable to call this arbitrary element by, say, 𝑧. Our proof
continues:

First, we prove that every element of 𝐴 ∪ (𝐵 ∩𝐶) is also an element of (𝐴 ∪𝐵) ∩ (𝐴 ∪𝐶).
Let 𝑧 ∈ 𝐴 ∪ (𝐵 ∩ 𝐶). We have to show that 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶).

Now it is time to unpack the definition of ∪ and ∩. For instance, the

definition of ∪ is: 𝐴 ∪ 𝐵 = {𝑧 | 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵}. When we apply the
definition to “𝐴 ∪ (𝐵 ∩ 𝐶),” the role of the “𝐵” in the definition is now
played by “𝐵 ∩ 𝐶,” so 𝐴 ∪ (𝐵 ∩ 𝐶) = {𝑧 | 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵 ∩ 𝐶}. So our
assumption that 𝑧 ∈ 𝐴 ∪ (𝐵 ∩𝐶) amounts to: 𝑧 ∈ {𝑧 | 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵 ∩𝐶}.
And 𝑧 ∈ {𝑧 | . . . 𝑧 . . .} iff . . .𝑧 . . . , i.e., in this case, 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵 ∩ 𝐶.

By the definition of ∪, either 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵 ∩ 𝐶.

Since this is a disjunction, it will be useful to apply proof by cases. We

take the two cases, and show that in each one, the conclusion we’re
aiming for (namely, “𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶)”) obtains.

Case 1: Suppose that 𝑧 ∈ 𝐴.

There’s not much more to work from based on our assumptions. So let’s
look at what we have to work with in the conclusion. We want to show
that 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶). Based on the definition of ∩, if we want to
show that 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪𝐶), we have to show that it’s in both (𝐴 ∪ 𝐵)
and (𝐴 ∪ 𝐶). But 𝑧 ∈ 𝐴 ∪ 𝐵 iff 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵, and we already have (as
the assumption of case 1) that 𝑧 ∈ 𝐴. By the same reasoning—switching
𝐶 for 𝐵—𝑧 ∈ 𝐴 ∪ 𝐶. This argument went in the reverse direction, so let’s
record our reasoning in the direction needed in our proof.

Since 𝑧 ∈ 𝐴, 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵, and hence, by definition of ∪, 𝑧 ∈ 𝐴 ∪ 𝐵. Similarly,

𝑧 ∈ 𝐴 ∪ 𝐶. But this means that 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶), by definition of ∩.

This completes the first case of the proof by cases. Now we want to derive
the conclusion in the second case, where 𝑧 ∈ 𝐵 ∩ 𝐶.

261
A. Proofs

Case 2: Suppose that 𝑧 ∈ 𝐵 ∩ 𝐶.

Again, we are working with the intersection of two sets. Let’s apply the
definition of ∩:

Since 𝑧 ∈ 𝐵 ∩ 𝐶, 𝑧 must be an element of both 𝐵 and 𝐶, by definition of ∩.

It’s time to look at our conclusion again. We have to show that 𝑧 is in

both (𝐴 ∪ 𝐵) and (𝐴 ∪ 𝐶). And again, the solution is immediate.

Since 𝑧 ∈ 𝐵, 𝑧 ∈ (𝐴 ∪ 𝐵). Since 𝑧 ∈ 𝐶, also 𝑧 ∈ (𝐴 ∪ 𝐶). So, 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶).

Here we applied the definitions of ∪ and ∩ again, but since we’ve already
recalled those definitions, and already showed that if 𝑧 is in one of two
sets it is in their union, we don’t have to be as explicit in what we’ve
done.
We’ve completed the second case of the proof by cases, so now we can
assert our first conclusion.

So, if 𝑧 ∈ 𝐴 ∪ (𝐵 ∩ 𝐶) then 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶).

Now we just want to show the other direction, that every element of
(𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶) is an element of 𝐴 ∪ (𝐵 ∩ 𝐶). As before, we prove this
universal claim by assuming we have an arbitrary element of the first set
and show it must be in the second set. Let’s state what we’re about to do.

Now, assume that 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶). We want to show that 𝑧 ∈ 𝐴 ∪ (𝐵 ∩ 𝐶).

We are now working from the hypothesis that 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶). It

hopefully isn’t too confusing that we’re using the same 𝑧 here as in the
first part of the proof. When we finished that part, all the assumptions
we’ve made there are no longer in effect, so now we can make new
assumptions about what 𝑧 is. If that is confusing to you, just replace 𝑧
with a different variable in what follows.
We know that 𝑧 is in both 𝐴 ∪ 𝐵 and 𝐴 ∪𝐶, by definition of ∩. And by the
definition of ∪, we can further unpack this to: either 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵, and
also either 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐶. This looks like a proof by cases again—except
the “and” makes it confusing. You might think that this amounts to there
being three possibilities: 𝑧 is either in 𝐴, 𝐵 or 𝐶. But that would be a
mistake. We have to be careful, so let’s consider each disjunction in turn.

By definition of ∩, 𝑧 ∈ 𝐴 ∪ 𝐵 and 𝑧 ∈ 𝐴 ∪ 𝐶. By definition of ∪, 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵. We

distinguish cases.

Since we’re focusing on the first disjunction, we haven’t gotten our

second disjunction (from unpacking 𝐴 ∪ 𝐶) yet. In fact, we don’t need it
yet. The first case is 𝑧 ∈ 𝐴, and an element of a set is also an element of
the union of that set with any other. So case 1 is easy:

Case 1: Suppose that 𝑧 ∈ 𝐴. It follows that 𝑧 ∈ 𝐴 ∪ (𝐵 ∩ 𝐶).

Now for the second case, 𝑧 ∈ 𝐵. Here we’ll unpack the second ∪ and do
another proof-by-cases:

262
 A.6. Another Example

Case 2: Suppose that 𝑧 ∈ 𝐵. Since 𝑧 ∈ 𝐴 ∪ 𝐶, either 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐶. We distinguish

cases further:
Case 2a: 𝑧 ∈ 𝐴. Then, again, 𝑧 ∈ 𝐴 ∪ (𝐵 ∩ 𝐶).

Ok, this was a bit weird. We didn’t actually need the assumption that 𝑧 ∈
𝐵 for this case, but that’s ok.

Case 2b: 𝑧 ∈ 𝐶. Then 𝑧 ∈ 𝐵 and 𝑧 ∈ 𝐶, so 𝑧 ∈ 𝐵 ∩𝐶, and consequently, 𝑧 ∈ 𝐴 ∪ (𝐵 ∩𝐶).

This concludes both proofs-by-cases and so we’re done with the second
half.

So, if 𝑧 ∈ (𝐴 ∪ 𝐵) ∩ (𝐴 ∪ 𝐶) then 𝑧 ∈ 𝐴 ∪ (𝐵 ∩ 𝐶). □

A.6 Another Example

Proposition A.9. If 𝐴 ⊆ 𝐶, then 𝐴 ∪ (𝐶 \ 𝐴) = 𝐶.

Proof. Suppose that 𝐴 ⊆ 𝐶. We want to show that 𝐴 ∪ (𝐶 \ 𝐴) = 𝐶.

We begin by observing that this is a conditional statement. It is tacitly

universally quantified: the proposition holds for all sets 𝐴 and 𝐶. So 𝐴
and 𝐶 are variables for arbitrary sets. To prove such a statement, we
assume the antecedent and prove the consequent.
We continue by using the assumption that 𝐴 ⊆ 𝐶. Let’s unpack the
definition of ⊆: the assumption means that all elements of 𝐴 are also
elements of 𝐶. Let’s write this down—it’s an important fact that we’ll use
throughout the proof.

By the definition of ⊆, since 𝐴 ⊆ 𝐶, for all 𝑧, if 𝑧 ∈ 𝐴, then 𝑧 ∈ 𝐶.

We’ve unpacked all the definitions that are given to us in the assumption.
Now we can move onto the conclusion. We want to show that 𝐴∪(𝐶\𝐴) =
𝐶, and so we set up a proof similarly to the last example: we show that
every element of 𝐴 ∪ (𝐶 \ 𝐴) is also an element of 𝐶 and, conversely,
every element of 𝐶 is an element of 𝐴 ∪ (𝐶 \ 𝐴). We can shorten this to:
𝐴 ∪ (𝐶 \ 𝐴) ⊆ 𝐶 and 𝐶 ⊆ 𝐴 ∪ (𝐶 \ 𝐴). (Here we’re doing the opposite
of unpacking a definition, but it makes the proof a bit easier to read.)
Since this is a conjunction, we have to prove both parts. To show the
first part, i.e., that every element of 𝐴 ∪ (𝐶 \ 𝐴) is also an element of 𝐶,
we assume that 𝑧 ∈ 𝐴 ∪ (𝐶 \ 𝐴) for an arbitrary 𝑧 and show that 𝑧 ∈ 𝐶.
By the definition of ∪, we can conclude that 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐶 \ 𝐴 from
𝑧 ∈ 𝐴 ∪ (𝐶 \ 𝐴). You should now be getting the hang of this.

𝐴 ∪ (𝐶 \ 𝐴) = 𝐶 iff 𝐴 ∪ (𝐶 \ 𝐴) ⊆ 𝐶 and 𝐶 ⊆ (𝐴 ∪ (𝐶 \ 𝐴). First we prove that

𝐴 ∪ (𝐶 \ 𝐴) ⊆ 𝐶. Let 𝑧 ∈ 𝐴 ∪ (𝐶 \ 𝐴). So, either 𝑧 ∈ 𝐴 or 𝑧 ∈ (𝐶 \ 𝐴).

We’ve arrived at a disjunction, and from it we want to prove that 𝑧 ∈ 𝐶.

We do this using proof by cases.

Case 1: 𝑧 ∈ 𝐴. Since for all 𝑧, if 𝑧 ∈ 𝐴, 𝑧 ∈ 𝐶, we have that 𝑧 ∈ 𝐶.

263
A. Proofs

Here we’ve used the fact recorded earlier which followed from the hy-
pothesis of the proposition that 𝐴 ⊆ 𝐶. The first case is complete, and
we turn to the second case, 𝑧 ∈ (𝐶 \ 𝐴). Recall that 𝐶 \ 𝐴 denotes the
difference of the two sets, i.e., the set of all elements of 𝐶 which are not
elements of 𝐴. But any element of 𝐶 not in 𝐴 is in particular an element
of 𝐶.

Case 2: 𝑧 ∈ (𝐶 \ 𝐴). This means that 𝑧 ∈ 𝐶 and 𝑧 ∉ 𝐴. So, in particular, 𝑧 ∈ 𝐶.

Great, we’ve proved the first direction. Now for the second direction.
Here we prove that 𝐶 ⊆ 𝐴 ∪ (𝐶 \ 𝐴). So we assume that 𝑧 ∈ 𝐶 and prove
that 𝑧 ∈ 𝐴 ∪ (𝐶 \ 𝐴).

Now let 𝑧 ∈ 𝐶. We want to show that 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐶 \ 𝐴.

Since all elements of 𝐴 are also elements of 𝐶, and 𝐶 \ 𝐴 is the set of all
things that are elements of 𝐶 but not 𝐴, it follows that 𝑧 is either in 𝐴 or
in 𝐶 \ 𝐴. This may be a bit unclear if you don’t already know why the
result is true. It would be better to prove it step-by-step. It will help to
use a simple fact which we can state without proof: 𝑧 ∈ 𝐴 or 𝑧 ∉ 𝐴. This
is called the “principle of excluded middle:” for any statement 𝑝, either 𝑝
is true or its negation is true. (Here, 𝑝 is the statement that 𝑧 ∈ 𝐴.) Since
this is a disjunction, we can again use proof-by-cases.

Either 𝑧 ∈ 𝐴 or 𝑧 ∉ 𝐴. In the former case, 𝑧 ∈ 𝐴 ∪ (𝐶 \ 𝐴). In the latter case, 𝑧 ∈ 𝐶

and 𝑧 ∉ 𝐴, so 𝑧 ∈ 𝐶 \ 𝐴. But then 𝑧 ∈ 𝐴 ∪ (𝐶 \ 𝐴).

Our proof is complete: we have shown that 𝐴 ∪ (𝐶 \ 𝐴) = 𝐶. □

A.7 Proof by Contradiction

In the first instance, proof by contradiction is an inference pattern that is used to
prove negative claims. Suppose you want to show that some claim 𝑝 is false, i.e., you
want to show ¬𝑝. The most promising strategy is to (a) suppose that 𝑝 is true, and
(b) show that this assumption leads to something you know to be false. “Something
known to be false” may be a result that conflicts with—contradicts—𝑝 itself, or some
other hypothesis of the overall claim you are considering. For instance, a proof of
“if 𝑞 then ¬𝑝” involves assuming that 𝑞 is true and proving ¬𝑝 from it. If you prove
¬𝑝 by contradiction, that means assuming 𝑝 in addition to 𝑞. If you can prove ¬𝑞
from 𝑝, you have shown that the assumption 𝑝 leads to something that contradicts
your other assumption 𝑞, since 𝑞 and ¬𝑞 cannot both be true. Of course, you have to
use other inference patterns in your proof of the contradiction, as well as unpacking
definitions. Let’s consider an example.

Proposition A.10. If 𝐴 ⊆ 𝐵 and 𝐵 = ∅, then 𝐴 has no elements.

Proof. Suppose 𝐴 ⊆ 𝐵 and 𝐵 = ∅. We want to show that 𝐴 has no elements.

Since this is a conditional claim, we assume the antecedent and want to

prove the consequent. The consequent is: 𝐴 has no elements. We can
make that a bit more explicit: it’s not the case that there is an 𝑥 ∈ 𝐴.

264
 A.7. Proof by Contradiction

𝐴 has no elements iff it’s not the case that there is an 𝑥 such that 𝑥 ∈ 𝐴.
So we’ve determined that what we want to prove is really a negative
claim ¬𝑝, namely: it’s not the case that there is an 𝑥 ∈ 𝐴. To use proof
by contradiction, we have to assume the corresponding positive claim 𝑝,
i.e., there is an 𝑥 ∈ 𝐴, and prove a contradiction from it. We indicate that
we’re doing a proof by contradiction by writing “by way of contradiction,
assume” or even just “suppose not,” and then state the assumption 𝑝.
Suppose not: there is an 𝑥 ∈ 𝐴.
This is now the new assumption we’ll use to obtain a contradiction. We
have two more assumptions: that 𝐴 ⊆ 𝐵 and that 𝐵 = ∅. The first gives
us that 𝑥 ∈ 𝐵:
Since 𝐴 ⊆ 𝐵, 𝑥 ∈ 𝐵.
But since 𝐵 = ∅, every element of 𝐵 (e.g., 𝑥) must also be an element of ∅.
Since 𝐵 = ∅, 𝑥 ∈ ∅. This is a contradiction, since by definition ∅ has no elements.
This already completes the proof: we’ve arrived at what we need (a
contradiction) from the assumptions we’ve set up, and this means that
the assumptions can’t all be true. Since the first two assumptions (𝐴 ⊆ 𝐵
and 𝐵 = ∅) are not contested, it must be the last assumption introduced
(there is an 𝑥 ∈ 𝐴) that must be false. But if we want to be thorough, we
can spell this out.
Thus, our assumption that there is an 𝑥 ∈ 𝐴 must be false, hence, 𝐴 has no elements
by proof by contradiction. □

Every positive claim is trivially equivalent to a negative claim: 𝑝 iff ¬¬𝑝. So proofs
by contradiction can also be used to establish positive claims “indirectly,” as follows:
To prove 𝑝, read it as the negative claim ¬¬𝑝. If we can prove a contradiction from
¬𝑝, we’ve established ¬¬𝑝 by proof by contradiction, and hence 𝑝.
In the last example, we aimed to prove a negative claim, namely that 𝐴 has no
elements, and so the assumption we made for the purpose of proof by contradiction
(i.e., that there is an 𝑥 ∈ 𝐴) was a positive claim. It gave us something to work with,
namely the hypothetical 𝑥 ∈ 𝐴 about which we continued to reason until we got to
𝑥 ∈ ∅.
When proving a positive claim indirectly, the assumption you’d make for the
purpose of proof by contradiction would be negative. But very often you can easily
reformulate a positive claim as a negative claim, and a negative claim as a positive
claim. Our previous proof would have been essentially the same had we proved
“𝐴 = ∅” instead of the negative consequent “𝐴 has no elements.” (By definition of =,
“𝐴 = ∅” is a general claim, since it unpacks to “every element of 𝐴 is an element of ∅
and vice versa”.) But it is easily seen to be equivalent to the negative claim “not: there
is an 𝑥 ∈ 𝐴.”
So it is sometimes easier to work with ¬𝑝 as an assumption than it is to prove 𝑝
directly. Even when a direct proof is just as simple or even simpler (as in the next
examples), some people prefer to proceed indirectly. If the double negation confuses
you, think of a proof by contradiction of some claim as a proof of a contradiction from
the opposite claim. So, a proof by contradiction of ¬𝑝 is a proof of a contradiction

265
A. Proofs

from the assumption 𝑝; and proof by contradiction of 𝑝 is a proof of a contradiction

from ¬𝑝.

Proposition A.11. 𝐴 ⊆ 𝐴 ∪ 𝐵.

Proof. We want to show that 𝐴 ⊆ 𝐴 ∪ 𝐵.

On the face of it, this is a positive claim: every 𝑥 ∈ 𝐴 is also in 𝐴 ∪ 𝐵. The

negation of that is: some 𝑥 ∈ 𝐴 is ∉ 𝐴 ∪ 𝐵. So we can prove the claim
indirectly by assuming this negated claim, and showing that it leads to a
contradiction.

Suppose not, i.e., 𝐴 ⊈ 𝐴 ∪ 𝐵.

We have a definition of 𝐴 ⊆ 𝐴 ∪ 𝐵: every 𝑥 ∈ 𝐴 is also ∈ 𝐴 ∪ 𝐵. To

understand what 𝐴 ⊈ 𝐴 ∪ 𝐵 means, we have to use some elementary
logical manipulation on the unpacked definition: it’s false that every
𝑥 ∈ 𝐴 is also ∈ 𝐴 ∪ 𝐵 iff there is some 𝑥 ∈ 𝐴 that is ∉ 𝐶. (This is a place
where you want to be very careful: many students’ attempted proofs by
contradiction fail because they analyze the negation of a claim like “all
𝐴s are 𝐵s” incorrectly.) In other words, 𝐴 ⊈ 𝐴 ∪ 𝐵 iff there is an 𝑥 such
that 𝑥 ∈ 𝐴 and 𝑥 ∉ 𝐴 ∪ 𝐵. From then on, it’s easy.

So, there is an 𝑥 ∈ 𝐴 such that 𝑥 ∉ 𝐴 ∪ 𝐵. By definition of ∪, 𝑥 ∈ 𝐴 ∪ 𝐵 iff 𝑥 ∈ 𝐴

or 𝑥 ∈ 𝐵. Since 𝑥 ∈ 𝐴, we have 𝑥 ∈ 𝐴 ∪ 𝐵. This contradicts the assumption that
𝑥 ∉ 𝐴 ∪ 𝐵. □

Proposition A.12. If 𝐴 ⊆ 𝐵 and 𝐵 ⊆ 𝐶 then 𝐴 ⊆ 𝐶.

Proof. Suppose 𝐴 ⊆ 𝐵 and 𝐵 ⊆ 𝐶. We want to show 𝐴 ⊆ 𝐶.

Let’s proceed indirectly: we assume the negation of what we want to

etablish.

Suppose not, i.e., 𝐴 ⊈ 𝐶.

As before, we reason that 𝐴 ⊈ 𝐶 iff not every 𝑥 ∈ 𝐴 is also ∈ 𝐶, i.e., some

𝑥 ∈ 𝐴 is ∉ 𝐶. Don’t worry, with practice you won’t have to think hard
anymore to unpack negations like this.

In other words, there is an 𝑥 such that 𝑥 ∈ 𝐴 and 𝑥 ∉ 𝐶.

Now we can use this to get to our contradiction. Of course, we’ll have to
use the other two assumptions to do it.

Since 𝐴 ⊆ 𝐵, 𝑥 ∈ 𝐵. Since 𝐵 ⊆ 𝐶, 𝑥 ∈ 𝐶. But this contradicts 𝑥 ∉ 𝐶. □

Proposition A.13. If 𝐴 ∪ 𝐵 = 𝐴 ∩ 𝐵 then 𝐴 = 𝐵.

Proof. Suppose 𝐴 ∪ 𝐵 = 𝐴 ∩ 𝐵. We want to show that 𝐴 = 𝐵.

The beginning is now routine:

Assume, by way of contradiction, that 𝐴 ≠ 𝐵.

266
 A.8. Reading Proofs

Our assumption for the proof by contradiction is that 𝐴 ≠ 𝐵. Since 𝐴 = 𝐵

iff 𝐴 ⊆ 𝐵 an 𝐵 ⊆ 𝐴, we get that 𝐴 ≠ 𝐵 iff 𝐴 ⊈ 𝐵 or 𝐵 ⊈ 𝐴. (Note how
important it is to be careful when manipulating negations!) To prove a
contradiction from this disjunction, we use a proof by cases and show
that in each case, a contradiction follows.
𝐴 ≠ 𝐵 iff 𝐴 ⊈ 𝐵 or 𝐵 ⊈ 𝐴. We distinguish cases.
In the first case, we assume 𝐴 ⊈ 𝐵, i.e., for some 𝑥, 𝑥 ∈ 𝐴 but ∉ 𝐵. 𝐴 ∩ 𝐵 is
defined as those elements that 𝐴 and 𝐵 have in common, so if something
isn’t in one of them, it’s not in the intersection. 𝐴 ∪ 𝐵 is 𝐴 together with
𝐵, so anything in either is also in the union. This tells us that 𝑥 ∈ 𝐴 ∪ 𝐵
but 𝑥 ∉ 𝐴 ∩ 𝐵, and hence that 𝐴 ∩ 𝐵 ≠ 𝐴 ∪ 𝐵.
Case 1: 𝐴 ⊈ 𝐵. Then for some 𝑥, 𝑥 ∈ 𝐴 but 𝑥 ∉ 𝐵. Since 𝑥 ∉ 𝐵, then 𝑥 ∉ 𝐴 ∩ 𝐵.
Since 𝑥 ∈ 𝐴, 𝑥 ∈ 𝐴 ∪ 𝐵. So, 𝐴 ∩ 𝐵 ≠ 𝐴 ∪ 𝐵, contradicting the assumption that
𝐴 ∩ 𝐵 = 𝐴 ∪ 𝐵.
Case 2: 𝐵 ⊈ 𝐴. Then for some 𝑦, 𝑦 ∈ 𝐵 but 𝑦 ∉ 𝐴. As before, we have 𝑦 ∈ 𝐴 ∪ 𝐵
but 𝑦 ∉ 𝐴 ∩ 𝐵, and so 𝐴 ∩ 𝐵 ≠ 𝐴 ∪ 𝐵, again contradicting 𝐴 ∩ 𝐵 = 𝐴 ∪ 𝐵. □

A.8 Reading Proofs

Proofs you find in textbooks and articles very seldom give all the details we have
so far included in our examples. Authors often do not draw attention to when they
distinguish cases, when they give an indirect proof, or don’t mention that they use a
definition. So when you read a proof in a textbook, you will often have to fill in those
details for yourself in order to understand the proof. Doing this is also good practice
to get the hang of the various moves you have to make in a proof. Let’s look at an
example.
Proposition A.14 (Absorption). For all sets 𝐴, 𝐵,
𝐴 ∩ (𝐴 ∪ 𝐵) = 𝐴

Proof. If 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵), then 𝑧 ∈ 𝐴, so 𝐴 ∩ (𝐴 ∪ 𝐵) ⊆ 𝐴. Now suppose 𝑧 ∈ 𝐴. Then

also 𝑧 ∈ 𝐴 ∪ 𝐵, and therefore also 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵). □

The preceding proof of the absorption law is very condensed. There is no mention
of any definitions used, no “we have to prove that” before we prove it, etc. Let’s
unpack it. The proposition proved is a general claim about any sets 𝐴 and 𝐵, and
when the proof mentions 𝐴 or 𝐵, these are variables for arbitrary sets. The general
claims the proof establishes is what’s required to prove identity of sets, i.e., that every
element of the left side of the identity is an element of the right and vice versa.

“If 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵), then 𝑧 ∈ 𝐴, so 𝐴 ∩ (𝐴 ∪ 𝐵) ⊆ 𝐴.”

This is the first half of the proof of the identity: it establishes that if an arbitrary 𝑧
is an element of the left side, it is also an element of the right, i.e., 𝐴 ∩ (𝐴 ∪ 𝐵) ⊆ 𝐴.
Assume that 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵). Since 𝑧 is an element of the intersection of two sets
iff it is an element of both sets, we can conclude that 𝑧 ∈ 𝐴 and also 𝑧 ∈ 𝐴 ∪ 𝐵. In
particular, 𝑧 ∈ 𝐴, which is what we wanted to show. Since that’s all that has to be
done for the first half, we know that the rest of the proof must be a proof of the second
half, i.e., a proof that 𝐴 ⊆ 𝐴 ∩ (𝐴 ∪ 𝐵).

267
A. Proofs

“Now suppose 𝑧 ∈ 𝐴. Then also 𝑧 ∈ 𝐴 ∪ 𝐵, and therefore also 𝑧 ∈

𝐴 ∩ (𝐴 ∪ 𝐵).”

We start by assuming that 𝑧 ∈ 𝐴, since we are showing that, for any 𝑧, if 𝑧 ∈ 𝐴

then 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵). To show that 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵), we have to show (by definition
of “∩”) that (i) 𝑧 ∈ 𝐴 and also (ii) 𝑧 ∈ 𝐴 ∪ 𝐵. Here (i) is just our assumption, so there
is nothing further to prove, and that’s why the proof does not mention it again. For
(ii), recall that 𝑧 is an element of a union of sets iff it is an element of at least one
of those sets. Since 𝑧 ∈ 𝐴, and 𝐴 ∪ 𝐵 is the union of 𝐴 and 𝐵, this is the case here.
So 𝑧 ∈ 𝐴 ∪ 𝐵. We’ve shown both (i) 𝑧 ∈ 𝐴 and (ii) 𝑧 ∈ 𝐴 ∪ 𝐵, hence, by definition
of “∩,” 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵). The proof doesn’t mention those definitions; it’s assumed
the reader has already internalized them. If you haven’t, you’ll have to go back and
remind yourself what they are. Then you’ll also have to recognize why it follows
from 𝑧 ∈ 𝐴 that 𝑧 ∈ 𝐴 ∪ 𝐵, and from 𝑧 ∈ 𝐴 and 𝑧 ∈ 𝐴 ∪ 𝐵 that 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵).
Here’s another version of the proof above, with everything made explicit:

Proof. [By definition of = for sets, 𝐴∩ (𝐴∪𝐵) = 𝐴 we have to show (a) 𝐴∩ (𝐴∪𝐵) ⊆ 𝐴
and (b) 𝐴 ∩ (𝐴 ∪𝐵) ⊆ 𝐴. (a): By definition of ⊆, we have to show that if 𝑧 ∈ 𝐴 ∩ (𝐴 ∪𝐵),
then 𝑧 ∈ 𝐴.] If 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵), then 𝑧 ∈ 𝐴 [since by definition of ∩, 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵)
iff 𝑧 ∈ 𝐴 and 𝑧 ∈ 𝐴 ∪ 𝐵], so 𝐴 ∩ (𝐴 ∪ 𝐵) ⊆ 𝐴. [(b): By definition of ⊆, we have to
show that if 𝑧 ∈ 𝐴, then 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵).] Now suppose [(1)] 𝑧 ∈ 𝐴. Then also [(2)]
𝑧 ∈ 𝐴 ∪ 𝐵 [since by (1) 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐵, which by definition of ∪ means 𝑧 ∈ 𝐴 ∪ 𝐵],
and therefore also 𝑧 ∈ 𝐴 ∩ (𝐴 ∪ 𝐵) [since the definition of ∩ requires that 𝑧 ∈ 𝐴, i.e.,
(1), and 𝑧 ∈ 𝐴 ∪ 𝐵), i.e., (2)]. □

A.9 I Can’t Do It!

We all get to a point where we feel like giving up. But you can do it. Your instructor
and teaching assistant, as well as your fellow students, can help. Ask them for help!
Here are a few tips to help you avoid a crisis, and what to do if you feel like giving up.
To make sure you can solve problems successfully, do the following:

1. Start as far in advance as possible. We get busy throughout the semester and
many of us struggle with procrastination, one of the best things you can do is
to start your homework assignments early. That way, if you’re stuck, you have
time to look for a solution (that isn’t crying).

2. Talk to your classmates. You are not alone. Others in the class may also struggle—
but they may struggle with different things. Talking it out with your peers
can give you a different perspective on the problem that might lead to a break-
through. Of course, don’t just copy their solution: ask them for a hint, or
explain where you get stuck and ask them for the next step. And when you do
get it, reciprocate. Helping someone else along, and explaining things will help
you understand better, too.

3. Ask for help. You have many resources available to you—your instructor and
teaching assistant are there for you and want you to succeed. They should be
able to help you work out a problem and identify where in the process you’re
struggling.

268
 A.10. Other Resources

4. Take a break. If you’re stuck, it might be because you’ve been staring at the
problem for too long. Take a short break, have a cup of tea, or work on a
different problem for a while, then return to the problem with a fresh mind.
Sleep on it.

Notice how these strategies require that you’ve started to work on the proof well
in advance? If you’ve started the proof at 2am the day before it’s due, these might
not be so helpful.
This might sound like doom and gloom, but solving a proof is a challenge that pays
off in the end. Some people do this as a career—so there must be something to enjoy
about it. Like basically everything, solving problems and doing proofs is something
that requires practice. You might see classmates who find this easy: they’ve probably
just had lots of practice already. Try not to give in too easily.
If you do run out of time (or patience) on a particular problem: that’s ok. It doesn’t
mean you’re stupid or that you will never get it. Find out (from your instructor or
another student) how it is done, and identify where you went wrong or got stuck, so
you can avoid doing that the next time you encounter a similar issue. Then try to do
it without looking at the solution. And next time, start (and ask for help) earlier.

A.10 Other Resources

There are many books on how to do proofs in mathematics which may be useful. Check
out How to Read and do Proofs: An Introduction to Mathematical Thought Processes
(Solow, 2013) and How to Prove It: A Structured Approach (Velleman, 2019) in particular.
The Book of Proof (Hammack, 2013) and Mathematical Reasoning (Sandstrum, 2019)
are books on proof that are freely available online. Philosophers might find More
Precisely: The Math you need to do Philosophy (Steinhart, 2018) to be a good primer on
mathematical reasoning.
There are also various shorter guides to proofs available on the internet; e.g.,
“Introduction to Mathematical Arguments” (Hutchings, 2003) and “How to write
proofs” (Cheng, 2004).

Motivational Videos
Feel like you have no motivation to do your homework? Feeling down? These videos
might help!

• https://www.youtube.com/watch?v=ZXsQAXxao0

• https://www.youtube.com/watch?v=BQ4yd2W50No

• https://www.youtube.com/watch?v=StTqXEQ2l-Y

Problems
Problem A.1. Suppose you are asked to prove that 𝐴 ∩ 𝐵 ≠ ∅. Unpack all the
definitions occurring here, i.e., restate this in a way that does not mention “∩”, “=”, or
“∅”.

Problem A.2. Prove indirectly that 𝐴 ∩ 𝐵 ⊆ 𝐴.

269
A. Proofs

Problem A.3. Expand the following proof of 𝐴 ∪ (𝐴 ∩ 𝐵) = 𝐴, where you mention

all the inference patterns used, why each step follows from assumptions or claims
established before it, and where we have to appeal to which definitions.

Proof. If 𝑧 ∈ 𝐴 ∪ (𝐴 ∩ 𝐵) then 𝑧 ∈ 𝐴 or 𝑧 ∈ 𝐴 ∩ 𝐵. If 𝑧 ∈ 𝐴 ∩ 𝐵, 𝑧 ∈ 𝐴. Any 𝑧 ∈ 𝐴 is

also ∈ 𝐴 ∪ (𝐴 ∩ 𝐵). □

270
Appendix B

Induction

B.1 Introduction
Induction is an important proof technique which is used, in different forms, in almost
all areas of logic, theoretical computer science, and mathematics. It is needed to prove
many of the results in logic.
Induction is often contrasted with deduction, and characterized as the inference
from the particular to the general. For instance, if we observe many green emeralds,
and nothing that we would call an emerald that’s not green, we might conclude that
all emeralds are green. This is an inductive inference, in that it proceeds from many
particular cases (this emerald is green, that emerald is green, etc.) to a general claim
(all emeralds are green). Mathematical induction is also an inference that concludes a
general claim, but it is of a very different kind than this “simple induction.”
Very roughly, an inductive proof in mathematics concludes that all mathematical
objects of a certain sort have a certain property. In the simplest case, the mathematical
objects an inductive proof is concerned with are natural numbers. In that case an
inductive proof is used to establish that all natural numbers have some property, and
it does this by showing that
1. 0 has the property, and
2. whenever a number 𝑘 has the property, so does 𝑘 + 1.
Induction on natural numbers can then also often be used to prove general claims
about mathematical objects that can be assigned numbers. For instance, finite sets
each have a finite number 𝑛 of elements, and if we can use induction to show that
every number 𝑛 has the property “all finite sets of size 𝑛 are . . . ” then we will have
shown something about all finite sets.
Induction can also be generalized to mathematical objects that are inductively
defined. For instance, expressions of a formal language such as those of first-order
logic are defined inductively. Structural induction is a way to prove results about
all such expressions. Structural induction, in particular, is very useful—and widely
used—in logic.

B.2 Induction on N
In its simplest form, induction is a technique used to prove results for all natural
numbers. It uses the fact that by starting from 0 and repeatedly adding 1 we eventually

271
B. Induction

reach every natural number. So to prove that something is true for every number,
we can (1) establish that it is true for 0 and (2) show that whenever it is true for a
number 𝑛, it is also true for the next number 𝑛 + 1. If we abbreviate “number 𝑛 has
property 𝑃” by 𝑃 (𝑛) (and “number 𝑘 has property 𝑃” by 𝑃 (𝑘), etc.), then a proof by
induction that 𝑃 (𝑛) for all 𝑛 ∈ N consists of:
1. a proof of 𝑃 (0), and
2. a proof that, for any 𝑘, if 𝑃 (𝑘) then 𝑃 (𝑘 + 1).
To make this crystal clear, suppose we have both (1) and (2). Then (1) tells us that
𝑃 (0) is true. If we also have (2), we know in particular that if 𝑃 (0) then 𝑃 (0 + 1), i.e.,
𝑃 (1). This follows from the general statement “for any 𝑘, if 𝑃 (𝑘) then 𝑃 (𝑘 + 1)” by
putting 0 for 𝑘. So by modus ponens, we have that 𝑃 (1). From (2) again, now taking 1
for 𝑛, we have: if 𝑃 (1) then 𝑃 (2). Since we’ve just established 𝑃 (1), by modus ponens,
we have 𝑃 (2). And so on. For any number 𝑛, after doing this 𝑛 times, we eventually
arrive at 𝑃 (𝑛). So (1) and (2) together establish 𝑃 (𝑛) for any 𝑛 ∈ N.
Let’s look at an example. Suppose we want to find out how many different sums
we can throw with 𝑛 dice. Although it might seem silly, let’s start with 0 dice. If you
have no dice there’s only one possible sum you can “throw”: no dots at all, which
sums to 0. So the number of different possible throws is 1. If you have only one die,
i.e., 𝑛 = 1, there are six possible values, 1 through 6. With two dice, we can throw
any sum from 2 through 12, that’s 11 possibilities. With three dice, we can throw any
number from 3 to 18, i.e., 16 different possibilities. 1, 6, 11, 16: looks like a pattern:
maybe the answer is 5𝑛 + 1? Of course, 5𝑛 + 1 is the maximum possible, because there
are only 5𝑛 + 1 numbers between 𝑛, the lowest value you can throw with 𝑛 dice (all
1’s) and 6𝑛, the highest you can throw (all 6’s).
Theorem B.1. With 𝑛 dice one can throw all 5𝑛 + 1 possible values between 𝑛 and 6𝑛.

Proof. Let 𝑃 (𝑛) be the claim: “It is possible to throw any number between 𝑛 and 6𝑛
using 𝑛 dice.” To use induction, we prove:
1. The induction basis 𝑃 (1), i.e., with just one die, you can throw any number
between 1 and 6.
2. The induction step, for all 𝑘, if 𝑃 (𝑘) then 𝑃 (𝑘 + 1).
(1) Is proved by inspecting a 6-sided die. It has all 6 sides, and every number
between 1 and 6 shows up one on of the sides. So it is possible to throw any number
between 1 and 6 using a single die.
To prove (2), we assume the antecedent of the conditional, i.e., 𝑃 (𝑘). This assump-
tion is called the inductive hypothesis. We use it to prove 𝑃 (𝑘 + 1). The hard part is to
find a way of thinking about the possible values of a throw of 𝑘 + 1 dice in terms of
the possible values of throws of 𝑘 dice plus of throws of the extra 𝑘 + 1-st die—this is
what we have to do, though, if we want to use the inductive hypothesis.
The inductive hypothesis says we can get any number between 𝑘 and 6𝑘 using
𝑘 dice. If we throw a 1 with our (𝑘 + 1)-st die, this adds 1 to the total. So we can throw
any value between 𝑘 + 1 and 6𝑘 + 1 by throwing 𝑘 dice and then rolling a 1 with the
(𝑘 + 1)-st die. What’s left? The values 6𝑘 + 2 through 6𝑘 + 6. We can get these by
rolling 𝑘 6s and then a number between 2 and 6 with our (𝑘 + 1)-st die. Together, this
means that with 𝑘 + 1 dice we can throw any of the numbers between 𝑘 + 1 and 6(𝑘 + 1),
i.e., we’ve proved 𝑃 (𝑘 + 1) using the assumption 𝑃 (𝑘), the inductive hypothesis. □

272
 B.3. Strong Induction

Very often we use induction when we want to prove something about a series of
objects (numbers, sets, etc.) that is itself defined “inductively,” i.e., by defining the
(𝑛 + 1)-st object in terms of the 𝑛-th. For instance, we can define the sum 𝑠𝑛 of the
natural numbers up to 𝑛 by

𝑠0 = 0
𝑠𝑛+1 = 𝑠𝑛 + (𝑛 + 1)

This definition gives:

𝑠 0 = 0,
𝑠1 = 𝑠0 + 1 = 1,
𝑠2 = 𝑠1 + 2 =1+2=3
𝑠3 = 𝑠2 + 3 = 1 + 2 + 3 = 6, etc.

Now we can prove, by induction, that 𝑠𝑛 = 𝑛(𝑛 + 1)/2.

Proposition B.2. 𝑠𝑛 = 𝑛(𝑛 + 1)/2.

Proof. We have to prove (1) that 𝑠 0 = 0 · (0 + 1)/2 and (2) if 𝑠𝑘 = 𝑘 (𝑘 + 1)/2 then
𝑠𝑘+1 = (𝑘 +1) (𝑘 +2)/2. (1) is obvious. To prove (2), we assume the inductive hypothesis:
𝑠𝑘 = 𝑘 (𝑘 + 1)/2. Using it, we have to show that 𝑠𝑘+1 = (𝑘 + 1) (𝑘 + 2)/2.
What is 𝑠𝑘+1 ? By the definition, 𝑠𝑘+1 = 𝑠𝑘 + (𝑘 + 1). By inductive hypothesis,
𝑠𝑘 = 𝑘 (𝑘 + 1)/2. We can substitute this into the previous equation, and then just need
a bit of arithmetic of fractions:
𝑘 (𝑘 + 1)
𝑠𝑘+1 = + (𝑘 + 1) =
2
𝑘 (𝑘 + 1) 2(𝑘 + 1)
= + =
2 2
𝑘 (𝑘 + 1) + 2(𝑘 + 1)
= =
2
(𝑘 + 2) (𝑘 + 1)
= . □
2
The important lesson here is that if you’re proving something about some induc-
tively defined sequence 𝑎𝑛 , induction is the obvious way to go. And even if it isn’t
(as in the case of the possibilities of dice throws), you can use induction if you can
somehow relate the case for 𝑘 + 1 to the case for 𝑘.

B.3 Strong Induction

In the principle of induction discussed above, we prove 𝑃 (0) and also if 𝑃 (𝑘), then
𝑃 (𝑘 + 1). In the second part, we assume that 𝑃 (𝑘) is true and use this assumption
to prove 𝑃 (𝑘 + 1). Equivalently, of course, we could assume 𝑃 (𝑘 − 1) and use it to
prove 𝑃 (𝑘)—the important part is that we be able to carry out the inference from
any number to its successor; that we can prove the claim in question for any number
under the assumption it holds for its predecessor.
There is a variant of the principle of induction in which we don’t just assume that
the claim holds for the predecessor 𝑘 − 1 of 𝑘, but for all numbers smaller than 𝑘, and

273
B. Induction

use this assumption to establish the claim for 𝑘. This also gives us the claim 𝑃 (𝑛) for
all 𝑛 ∈ N. For once we have established 𝑃 (0), we have thereby established that 𝑃
holds for all numbers less than 1. And if we know that if 𝑃 (𝑙) for all 𝑙 < 𝑘, then 𝑃 (𝑘),
we know this in particular for 𝑘 = 1. So we can conclude 𝑃 (1). With this we have
proved 𝑃 (0) and 𝑃 (1), i.e., 𝑃 (𝑙) for all 𝑙 < 2, and since we have also the conditional, if
𝑃 (𝑙) for all 𝑙 < 2, then 𝑃 (2), we can conclude 𝑃 (2), and so on.
In fact, if we can establish the general conditional “for all 𝑘, if 𝑃 (𝑙) for all 𝑙 < 𝑘,
then 𝑃 (𝑘),” we do not have to establish 𝑃 (0) anymore, since it follows from it. For
remember that a general claim like “for all 𝑙 < 𝑘, 𝑃 (𝑙)” is true if there are no 𝑙 < 𝑘.
This is a case of vacuous quantification: “all 𝐴s are 𝐵s” is true if there are no 𝐴s,
∀𝑥 (𝜑 (𝑥) → 𝜓 (𝑥)) is true if no 𝑥 satisfies 𝜑 (𝑥). In this case, the formalized version
would be “∀𝑙 (𝑙 < 𝑘 → 𝑃 (𝑙))”—and that is true if there are no 𝑙 < 𝑘. And if 𝑘 = 0
that’s exactly the case: no 𝑙 < 0, hence “for all 𝑙 < 0, 𝑃 (0)” is true, whatever 𝑃 is. A
proof of “if 𝑃 (𝑙) for all 𝑙 < 𝑘, then 𝑃 (𝑘)” thus automatically establishes 𝑃 (0).
This variant is useful if establishing the claim for 𝑘 can’t be made to just rely on
the claim for 𝑘 − 1 but may require the assumption that it is true for one or more
𝑙 < 𝑘.

B.4 Inductive Definitions

In logic we very often define kinds of objects inductively, i.e., by specifying rules for
what counts as an object of the kind to be defined which explain how to get new
objects of that kind from old objects of that kind. For instance, we often define special
kinds of sequences of symbols, such as the terms and formulas of a language, by
induction. For a simple example, consider strings of consisting of letters a, b, c, d, the
symbol ◦, and brackets [ and ], such as “[[c ◦ d] [”, “[a[]◦]”, “a” or “[[a ◦ b] ◦ d]”. You
probably feel that there’s something “wrong” with the first two strings: the brackets
don’t “balance” at all in the first, and you might feel that the “◦” should “connect”
expressions that themselves make sense. The third and fourth string look better: for
every “[” there’s a closing “]” (if there are any at all), and for any ◦ we can find “nice”
expressions on either side, surrounded by a pair of parentheses.
We would like to precisely specify what counts as a “nice term.” First of all, every
letter by itself is nice. Anything that’s not just a letter by itself should be of the form
“[𝑡 ◦ 𝑠]” where 𝑠 and 𝑡 are themselves nice. Conversely, if 𝑡 and 𝑠 are nice, then we
can form a new nice term by putting a ◦ between them and surround them by a pair
of brackets. We might use these operations to define the set of nice terms. This is an
inductive definition.

Definition B.3 (Nice terms). The set of nice terms is inductively defined as follows:

1. Any letter a, b, c, d is a nice term.

2. If 𝑠 1 and 𝑠 2 are nice terms, then so is [𝑠 1 ◦ 𝑠 2 ].

3. Nothing else is a nice term.

This definition tells us that something counts as a nice term iff it can be constructed
according to the two conditions (1) and (2) in some finite number of steps. In the first
step, we construct all nice terms just consisting of letters by themselves, i.e.,

a, b, c, d

274
 B.4. Inductive Definitions

In the second step, we apply (2) to the terms we’ve constructed. We’ll get
[a ◦ a], [a ◦ b], [b ◦ a], . . . , [d ◦ d]
for all combinations of two letters. In the third step, we apply (2) again, to any two
nice terms we’ve constructed so far. We get new nice term such as [a ◦ [a ◦ a]]—where
𝑡 is a from step 1 and 𝑠 is [a ◦ a] from step 2—and [[b ◦ c] ◦ [d ◦ b]] constructed out
of the two terms [b ◦ c] and [d ◦ b] from step 2. And so on. Clause (3) rules out that
anything not constructed in this way sneaks into the set of nice terms.
Note that we have not yet proved that every sequence of symbols that “feels” nice
is nice according to this definition. However, it should be clear that everything we
can construct does in fact “feel nice”: brackets are balanced, and ◦ connects parts that
are themselves nice.
The key feature of inductive definitions is that if you want to prove something
about all nice terms, the definition tells you which cases you must consider. For
instance, if you are told that 𝑡 is a nice term, the inductive definition tells you what
𝑡 can look like: 𝑡 can be a letter, or it can be [𝑠 1 ◦ 𝑠 2 ] for some pair of nice terms 𝑠 1
and 𝑠 2 . Because of clause (3), those are the only possibilities.
When proving claims about all of an inductively defined set, the strong form of
induction becomes particularly important. For instance, suppose we want to prove
that for every nice term of length 𝑛, the number of [ in it is < 𝑛/2. This can be seen as
a claim about all 𝑛: for every 𝑛, the number of [ in any nice term of length 𝑛 is < 𝑛/2.
Proposition B.4. For any 𝑛, the number of [ in a nice term of length 𝑛 is < 𝑛/2.

Proof. To prove this result by (strong) induction, we have to show that the following
conditional claim is true:
If for every 𝑙 < 𝑘, any nice term of length 𝑙 has < 𝑙/2 [’s, then any nice
term of length 𝑘 has < 𝑘/2 [’s.
To show this conditional, assume that its antecedent is true, i.e., assume that for any
𝑙 < 𝑘, nice terms of length 𝑙 contain < 𝑙/2 [’s. We call this assumption the inductive
hypothesis. We want to show the same is true for nice terms of length 𝑘.
So suppose 𝑡 is a nice term of length 𝑘. Because nice terms are inductively defined,
we have two cases: (1) 𝑡 is a letter by itself, or (2) 𝑡 is [𝑠 1 ◦ 𝑠 2 ] for some nice terms 𝑠 1
and 𝑠 2 .
1. 𝑡 is a letter. Then 𝑘 = 1, and the number of [ in 𝑡 is 0. Since 0 < 1/2, the claim
holds.
2. 𝑡 is [𝑠 1 ◦ 𝑠 2 ] for some nice terms 𝑠 1 and 𝑠 2 . Let’s let 𝑙 1 be the length of 𝑠 1 and 𝑙 2 be
the length of 𝑠 2 . Then the length 𝑘 of 𝑡 is 𝑙 1 + 𝑙 2 + 3 (the lengths of 𝑠 1 and 𝑠 2 plus
three symbols [, ◦, ]). Since 𝑙 1 + 𝑙 2 + 3 is always greater than 𝑙 1 , 𝑙 1 < 𝑘. Similarly,
𝑙 2 < 𝑘. That means that the induction hypothesis applies to the terms 𝑠 1 and 𝑠 2 :
the number 𝑚 1 of [ in 𝑠 1 is < 𝑙 1 /2, and the number 𝑚 2 of [ in 𝑠 2 is < 𝑙 2 /2.
The number of [ in 𝑡 is the number of [ in 𝑠 1 , plus the number of [ in 𝑠 2 , plus 1,
i.e., it is 𝑚 1 + 𝑚 2 + 1. Since 𝑚 1 < 𝑙 1 /2 and 𝑚 2 < 𝑙 2 /2 we have:
𝑙1 𝑙2 𝑙1 + 𝑙2 + 2 𝑙1 + 𝑙2 + 3
𝑚1 + 𝑚2 + 1 < + +1= < = 𝑘/2.
2 2 2 2
In each case, we’ve shown that the number of [ in 𝑡 is < 𝑘/2 (on the basis of the
inductive hypothesis). By strong induction, the proposition follows. □

275
B. Induction

B.5 Structural Induction

So far we have used induction to establish results about all natural numbers. But a
corresponding principle can be used directly to prove results about all elements of an
inductively defined set. This often called structural induction, because it depends on
the structure of the inductively defined objects.
Generally, an inductive definition is given by (a) a list of “initial” elements of the
set and (b) a list of operations which produce new elements of the set from old ones.
In the case of nice terms, for instance, the initial objects are the letters. We only have
one operation: the operations are

𝑜 (𝑠 1, 𝑠 2 ) =[𝑠 1 ◦ 𝑠 2 ]

You can even think of the natural numbers N themselves as being given by an inductive
definition: the initial object is 0, and the operation is the successor function 𝑥 + 1.
In order to prove something about all elements of an inductively defined set, i.e.,
that every element of the set has a property 𝑃, we must:

1. Prove that the initial objects have 𝑃

2. Prove that for each operation 𝑜, if the arguments have 𝑃, so does the result.

For instance, in order to prove something about all nice terms, we would prove that
it is true about all letters, and that it is true about [𝑠 1 ◦ 𝑠 2 ] provided it is true of 𝑠 1 and
𝑠 2 individually.

Proposition B.5. The number of [ equals the number of ] in any nice term 𝑡.

Proof. We use structural induction. Nice terms are inductively defined, with letters
as initial objects and the operation 𝑜 for constructing new nice terms out of old ones.

1. The claim is true for every letter, since the number of [ in a letter by itself is 0
and the number of ] in it is also 0.

2. Suppose the number of [ in 𝑠 1 equals the number of ], and the same is true for
𝑠 2 . The number of [ in 𝑜 (𝑠 1, 𝑠 2 ), i.e., in [𝑠 1 ◦ 𝑠 2 ], is the sum of the number of [ in
𝑠 1 and 𝑠 2 plus one. The number of ] in 𝑜 (𝑠 1, 𝑠 2 ) is the sum of the number of ] in
𝑠 1 and 𝑠 2 plus one. Thus, the number of [ in 𝑜 (𝑠 1, 𝑠 2 ) equals the number of ] in
𝑜 (𝑠 1, 𝑠 2 ). □

Let’s give another proof by structural induction: a proper initial segment of a

string 𝑡 of symbols is any string 𝑠 that agrees with 𝑡 symbol by symbol, read from the
left, but 𝑡 is longer. So, e.g., [𝑎 ◦ is a proper initial segment of [𝑎 ◦ 𝑏], but neither are
[𝑏 ◦ (they disagree at the second symbol) nor [𝑎 ◦ 𝑏] (they are the same length).

Proposition B.6. Every proper initial segment of a nice term 𝑡 has more [’s than ]’s.

Proof. By induction on 𝑡:

1. 𝑡 is a letter by itself: Then 𝑡 has no proper initial segments.

2. 𝑡 = [𝑠 1 ◦ 𝑠 2 ] for some nice terms 𝑠 1 and 𝑠 2 . If 𝑟 is a proper initial segment of 𝑡,

there are a number of possibilities:

276
 B.6. Relations and Functions

a) 𝑟 is just [: Then 𝑟 has one more [ than it does ].

b) 𝑟 is [𝑟 1 where 𝑟 1 is a proper initial segment of 𝑠 1 : Since 𝑠 1 is a nice term,
by induction hypothesis, 𝑟 1 has more [ than ] and the same is true for [𝑟 1 .
c) 𝑟 is [𝑠 1 or [𝑠 1 ◦ : By the previous result, the number of [ and ] in 𝑠 1 are
equal; so the number of [ in [𝑠 1 or [𝑠 1 ◦ is one more than the number of ].
d) 𝑟 is [𝑠 1 ◦ 𝑟 2 where 𝑟 2 is a proper initial segment of 𝑠 2 : By induction hy-
pothesis, 𝑟 2 contains more [ than ]. By the previous result, the number of
[ and of ] in 𝑠 1 are equal. So the number of [ in [𝑠 1 ◦ 𝑟 2 is greater than the
number of ].
e) 𝑟 is [𝑠 1 ◦ 𝑠 2 : By the previous result, the number of [ and ] in 𝑠 1 are equal,
and the same for 𝑠 2 . So there is one more [ in [𝑠 1 ◦ 𝑠 2 than there are ]. □

B.6 Relations and Functions

When we have defined a set of objects (such as the natural numbers or the nice terms)
inductively, we can also define relations on these objects by induction. For instance,
consider the following idea: a nice term 𝑡 1 is a subterm of a nice term 𝑡 2 if it occurs as
a part of it. Let’s use a symbol for it: 𝑡 1 ⊑ 𝑡 2 . Every nice term is a subterm of itself, of
course: 𝑡 ⊑ 𝑡. We can give an inductive definition of this relation as follows:
Definition B.7. The relation of a nice term 𝑡 1 being a subterm of 𝑡 2 , 𝑡 1 ⊑ 𝑡 2 , is defined
by induction on 𝑡 2 as follows:
1. If 𝑡 2 is a letter, then 𝑡 1 ⊑ 𝑡 2 iff 𝑡 1 = 𝑡 2 .
2. If 𝑡 2 is [𝑠 1 ◦ 𝑠 2 ], then 𝑡 1 ⊑ 𝑡 2 iff 𝑡 1 = 𝑡 2 , 𝑡 1 ⊑ 𝑠 1 , or 𝑡 1 ⊑ 𝑠 2 .

This definition, for instance, will tell us that a ⊑ [b◦a]. For (2) says that a ⊑ [b◦a]
iff a = [b ◦ a], or a ⊑ 𝑏, or a ⊑ a. The first two are false: a clearly isn’t identical to
[b ◦ a], and by (1), a ⊑ b iff a = b, which is also false. However, also by (1), a ⊑ a iff
a = a, which is true.
It’s important to note that the success of this definition depends on a fact that we
haven’t proved yet: every nice term 𝑡 is either a letter by itself, or there are uniquely
determined nice terms 𝑠 1 and 𝑠 2 such that 𝑡 = [𝑠 1 ◦ 𝑠 2 ]. “Uniquely determined” here
means that if 𝑡 = [𝑠 1 ◦ 𝑠 2 ] it isn’t also = [𝑟 1 ◦ 𝑟 2 ] with 𝑠 1 ≠ 𝑟 1 or 𝑠 2 ≠ 𝑟 2 . If this were
the case, then clause (2) may come in conflict with itself: reading 𝑡 2 as [𝑠 1 ◦ 𝑠 2 ] we
might get 𝑡 1 ⊑ 𝑡 2 , but if we read 𝑡 2 as [𝑟 1 ◦ 𝑟 2 ] we might get not 𝑡 1 ⊑ 𝑡 2 . Before we
prove that this can’t happen, let’s look at an example where it can happen.
Definition B.8. Define bracketless terms inductively by
1. Every letter is a bracketless term.
2. If 𝑠 1 and 𝑠 2 are bracketless terms, then 𝑠 1 ◦ 𝑠 2 is a bracketless term.
3. Nothing else is a bracketless term.

Bracketless terms are, e.g., a, b ◦ d, b ◦ a ◦ b. Now if we defined “subterm” for

bracketless terms the way we did above, the second clause would read
If 𝑡 2 = 𝑠 1 ◦ 𝑠 2 , then 𝑡 1 ⊑ 𝑡 2 iff 𝑡 1 = 𝑡 2 , 𝑡 1 ⊑ 𝑠 1 , or 𝑡 1 ⊑ 𝑠 2 .

277
B. Induction

Now b ◦ a ◦ b is of the form 𝑠 1 ◦ 𝑠 2 with

𝑠 1 = b and 𝑠 2 = a ◦ b.

It is also of the form 𝑟 1 ◦ 𝑟 2 with

𝑟 1 = b ◦ a and 𝑟 2 = b.
Now is a ◦ b a subterm of b ◦ a ◦ b? The answer is yes if we go by the first reading,
and no if we go by the second.
The property that the way a nice term is built up from other nice terms is unique is
called unique readability. Since inductive definitions of relations for such inductively
defined objects are important, we have to prove that it holds.
Proposition B.9. Suppose 𝑡 is a nice term. Then either 𝑡 is a letter by itself, or there
are uniquely determined nice terms 𝑠 1 , 𝑠 2 such that 𝑡 = [𝑠 1 ◦ 𝑠 2 ].

Proof. If 𝑡 is a letter by itself, the condition is satisfied. So assume 𝑡 isn’t a letter by

itself. We can tell from the inductive definition that then 𝑡 must be of the form [𝑠 1 ◦𝑠 2 ]
for some nice terms 𝑠 1 and 𝑠 2 . It remains to show that these are uniquely determined,
i.e., if 𝑡 = [𝑟 1 ◦ 𝑟 2 ], then 𝑠 1 = 𝑟 1 and 𝑠 2 = 𝑟 2 .
So suppose 𝑡 = [𝑠 1 ◦ 𝑠 2 ] and also 𝑡 = [𝑟 1 ◦ 𝑟 2 ] for nice terms 𝑠 1 , 𝑠 2 , 𝑟 1 , 𝑟 2 . We have
to show that 𝑠 1 = 𝑟 1 and 𝑠 2 = 𝑟 2 . First, 𝑠 1 and 𝑟 1 must be identical, for otherwise one is
a proper initial segment of the other. But by Proposition B.6, that is impossible if 𝑠 1
and 𝑟 1 are both nice terms. But if 𝑠 1 = 𝑟 1 , then clearly also 𝑠 2 = 𝑟 2 . □

We can also define functions inductively: e.g., we can define the function 𝑓 that
maps any nice term to the maximum depth of nested [. . . ] in it as follows:
Definition B.10. The depth of a nice term, 𝑓 (𝑡), is defined inductively as follows:
(
0 if 𝑡 is a letter
𝑓 (𝑡) =
max(𝑓 (𝑠 1 ), 𝑓 (𝑠 2 )) + 1 if 𝑡 = [𝑠 1 ◦ 𝑠 2 ].

For instance
𝑓 ( [a ◦ b]) = max(𝑓 (a), 𝑓 (b)) + 1 =
= max(0, 0) + 1 = 1, and
𝑓 ( [[a ◦ b] ◦ c]) = max(𝑓 ( [a ◦ b]), 𝑓 (c)) + 1 =
= max(1, 0) + 1 = 2.
Here, of course, we assume that 𝑠 1 an 𝑠 2 are nice terms, and make use of the fact
that every nice term is either a letter or of the form [𝑠 1 ◦ 𝑠 2 ]. It is again important
that it can be of this form in only one way. To see why, consider again the bracketless
terms we defined earlier. The corresponding “definition” would be:
(
0 if 𝑡 is a letter
𝑔(𝑡) =
max(𝑔(𝑠 1 ), 𝑔(𝑠 2 )) + 1 if 𝑡 = 𝑠 1 ◦ 𝑠 2 .

Now consider the bracketless term a ◦ b ◦ c ◦ d. It can be read in more than one way,
e.g., as 𝑠 1 ◦ 𝑠 2 with
𝑠 1 = a and 𝑠 2 = b ◦ c ◦ d,

278
 B.6. Relations and Functions

or as 𝑟 1 ◦ 𝑟 2 with

𝑟 1 = a ◦ 𝑏 and 𝑟 2 = c ◦ d.

Calculating 𝑔 according to the first way of reading it would give

𝑔(𝑠 1 ◦ 𝑠 2 ) = max(𝑔(a), 𝑔(b ◦ c ◦ d)) + 1 =

= max(0, 2) + 1 = 3

while according to the other reading we get

𝑔(𝑟 1 ◦ 𝑟 2 ) = max(𝑔(a ◦ b), 𝑔(c ◦ d)) + 1 =

= max(1, 1) + 1 = 2

But a function must always yield a unique value; so our “definition” of 𝑔 doesn’t
define a function at all.

Problems
Problem B.1. Define the set of supernice terms by

1. Any letter a, b, c, d is a supernice term.

2. If 𝑠 is a supernice term, then so is [𝑠].
3. If 𝑠 1 and 𝑠 2 are supernice terms, then so is [𝑠 1 ◦ 𝑠 2 ].
4. Nothing else is a supernice term.

Show that the number of [ in a supernice term 𝑡 of length 𝑛 is ≤ 𝑛/2 + 1.

Problem B.2. Prove by structural induction that no nice term starts with ].

Problem B.3. Give an inductive definition of the function 𝑙, where 𝑙 (𝑡) is the number
of symbols in the nice term 𝑡.

Problem B.4. Prove by structural induction on nice terms 𝑡 that 𝑓 (𝑡) < 𝑙 (𝑡) (where
𝑙 (𝑡) is the number of symbols in 𝑡 and 𝑓 (𝑡) is the depth of 𝑡 as defined in Defini-
tion B.10).

279
Appendix C

Biographies

C.1 Georg Cantor

An early biography of Georg Cantor (gay-org kahn-tor) claimed that he was born
and found on a ship that was sailing for Saint Petersburg, Russia, and that his parents
were unknown. This, however, is not true; although he was born in Saint Petersburg
in 1845.
Cantor received his doctorate in mathematics at the University of Berlin in 1867.
He is known for his work in set theory, and is credited with founding set theory as a
distinctive research discipline. He was the first to prove that there are infinite sets
of different sizes. His theories, and especially his theory of infinities, caused much
debate among mathematicians at the time, and his work was controversial.
Cantor’s religious beliefs and his mathematical work were inextricably tied; he
even claimed that the theory of transfinite numbers had been communicated to him
directly by God. In later life, Cantor suffered from mental illness. Beginning in
1894, and more frequently towards his later years, Cantor was hospitalized. The
heavy criticism of his work, including a falling out with the mathematician Leopold
Kronecker, led to depression and a lack of interest in mathematics. During depressive
episodes, Cantor would turn to philosophy and literature, and even published a theory
that Francis Bacon was the author of Shakespeare’s plays.
Cantor died on January 6, 1918, in a sanatorium in Halle.

Further Reading For full biographies of Cantor, see Dauben (1990) and Grattan-
Guinness (1971). Cantor’s radical views are also described in the BBC Radio 4 program
A Brief History of Mathematics (du Sautoy, 2014). If you’d like to hear about Cantor’s
theories in rap form, see Rose (2012).

C.2 Alonzo Church

Alonzo Church was born in Washington, DC on June 14, 1903. In early childhood,
an air gun incident left Church blind in one eye. He finished preparatory school in
Connecticut in 1920 and began his university education at Princeton that same year. He
completed his doctoral studies in 1927. After a couple years abroad, Church returned to
Princeton. Church was known exceedingly polite and careful. His blackboard writing
was immaculate, and he would preserve important papers by carefully covering them
in Duco cement (a clear glue). Outside of his academic pursuits, he enjoyed reading

281
C. Biographies

science fiction magazines and was not afraid to write to the editors if he spotted any
inaccuracies in the writing.
Church’s academic achievements were great. Together with his students Stephen
Kleene and Barkley Rosser, he developed a theory of effective calculability, the lambda
calculus, independently of Alan Turing’s development of the Turing machine. The
two definitions of computability are equivalent, and give rise to what is now known
as the Church-Turing Thesis, that a function of the natural numbers is effectively
computable if and only if it is computable via Turing machine (or lambda calculus).
He also proved what is now known as Church’s Theorem: The decision problem for
the validity of first-order formulas is unsolvable.
Church continued his work into old age. In 1967 he left Princeton for UCLA, where
he was professor until his retirement in 1990. Church passed away on August 1, 1995
at the age of 92.

Further Reading For a brief biography of Church, see Enderton (2019). Church’s
original writings on the lambda calculus and the Entscheidungsproblem (Church’s
Thesis) are Church (1936a,b). Aspray (1984) records an interview with Church about
the Princeton mathematics community in the 1930s. Church wrote a series of book
reviews of the Journal of Symbolic Logic from 1936 until 1979. They are all archived
on John MacFarlane’s website (MacFarlane, 2015).

C.3 Gerhard Gentzen

Gerhard Gentzen is known primarily as the creator of structural proof theory, and
specifically the creation of the natural deduction and sequent calculus derivation
systems. He was born on November 24, 1909 in Greifswald, Germany. Gerhard was
homeschooled for three years before attending preparatory school, where he was
behind most of his classmates in terms of education. Despite this, he was a brilliant
student and showed a strong aptitude for mathematics. His interests were varied, and
he, for instance, also write poems for his mother and plays for the school theatre.
Gentzen began his university studies at the University of Greifswald, but moved
around to Göttingen, Munich, and Berlin. He received his doctorate in 1933 from
the University of Göttingen under Hermann Weyl. (Paul Bernays supervised most
of his work, but was dismissed from the university by the Nazis.) In 1934, Gentzen
began work as an assistant to David Hilbert. That same year he developed the sequent
calculus and natural deduction derivation systems, in his papers Untersuchungen über
das logische Schließen I–II [Investigations Into Logical Deduction I–II]. He proved the
consistency of the Peano axioms in 1936.
Gentzen’s relationship with the Nazis is complicated. At the same time his mentor
Bernays was forced to leave Germany, Gentzen joined the university branch of the
SA, the Nazi paramilitary organization. Like many Germans, he was a member of
the Nazi party. During the war, he served as a telecommunications officer for the
air intelligence unit. However, in 1942 he was released from duty due to a nervous
breakdown. It is unclear whether or not Gentzen’s loyalties lay with the Nazi party,
or whether he joined the party in order to ensure academic success.
In 1943, Gentzen was offered an academic position at the Mathematical Institute
of the German University of Prague, which he accepted. However, in 1945 the citizens
of Prague revolted against German occupation. Soviet forces arrived in the city and
arrested all the professors at the university. Because of his membership in Nazi

282
 C.4. Kurt Gödel

organizations, Gentzen was taken to a forced labour camp. He died of malnutrition

while in his cell on August 4, 1945 at the age of 35.

Further Reading For a full biography of Gentzen, see Menzler-Trott (2007). An

interesting read about mathematicians under Nazi rule, which gives a brief note about
Gentzen’s life, is given by Segal (2014). Gentzen’s papers on logical deduction are
available in the original german (Gentzen, 1935a,b). English translations of Gentzen’s
papers have been collected in a single volume by Szabo (1969), which also includes a
biographical sketch.

C.4 Kurt Gödel

Kurt Gödel (ger-dle) was born on April 28, 1906 in Brünn in the Austro-Hungarian
empire (now Brno in the Czech Republic). Due to his inquisitive and bright nature,
young Kurtele was often called “Der kleine Herr Warum” (Little Mr. Why) by his
family. He excelled in academics from primary school onward, where he got less
than the highest grade only in mathematics. Gödel was often absent from school
due to poor health and was exempt from physical education. He was diagnosed
with rheumatic fever during his childhood. Throughout his life, he believed this
permanently affected his heart despite medical assessment saying otherwise.
Gödel began studying at the University of Vienna in 1924 and completed his doc-
toral studies in 1929. He first intended to study physics, but his interests soon moved
to mathematics and especially logic, in part due to the influence of the philosopher
Rudolf Carnap. His dissertation, written under the supervision of Hans Hahn, proved
the completeness theorem of first-order predicate logic with identity (Gödel, 1929).
Only a year later, he obtained his most famous results—the first and second incom-
pleteness theorems (published in Gödel 1931). During his time in Vienna, Gödel was
heavily involved with the Vienna Circle, a group of scientifically-minded philosophers
that included Carnap, whose work was especially influenced by Gödel’s results.
In 1938, Gödel married Adele Nimbursky. His parents were not pleased: not only
was she six years older than him and already divorced, but she worked as a dancer
in a nightclub. Social pressures did not affect Gödel, however, and they remained
happily married until his death.
After Nazi Germany annexed Austria in 1938, Gödel and Adele emigrated to the
United States, where he took up a position at the Institute for Advanced Study in
Princeton, New Jersey. Despite his introversion and eccentric nature, Gödel’s time at
Princeton was collaborative and fruitful. He published essays in set theory, philosophy
and physics. Notably, he struck up a particularly strong friendship with his colleague
at the IAS, Albert Einstein.
In his later years, Gödel’s mental health deteriorated. His wife’s hospitalization in
1977 meant she was no longer able to cook his meals for him. Having suffered from
mental health issues throughout his life, he succumbed to paranoia. Deathly afraid of
being poisoned, Gödel refused to eat. He died of starvation on January 14, 1978, in
Princeton.

Further Reading For a complete biography of Gödel’s life is available, see John Daw-
son (1997). For further biographical pieces, as well as essays about Gödel’s contribu-
tions to logic and philosophy, see Wang (1990), Baaz et al. (2011), Takeuti et al. (2003),
and Sigmund et al. (2007).

283
C. Biographies

Gödel’s PhD thesis is available in the original German (Gödel, 1929). The original
text of the incompleteness theorems is (Gödel, 1931). All of Gödel’s published and
unpublished writings, as well as a selection of correspondence, are available in English
in his Collected Papers Feferman et al. (1986, 1990).
For a detailed treatment of Gödel’s incompleteness theorems, see Smith (2013). For
an informal, philosophical discussion of Gödel’s theorems, see Mark Linsenmayer’s
podcast (Linsenmayer, 2014).

C.5 Emmy Noether

Emmy Noether (ner-ter) was born in Erlangen, Germany, on March 23, 1882, to
an upper-middle class scholarly family. Hailed as the “mother of modern algebra,”
Noether made groundbreaking contributions to both mathematics and physics, despite
significant barriers to women’s education. In Germany at the time, young girls were
meant to be educated in arts and were not allowed to attend college preparatory
schools. However, after auditing classes at the Universities of Göttingen and Erlangen
(where her father was professor of mathematics), Noether was eventually able to
enroll as a student at Erlangen in 1904, when their policy was updated to allow female
students. She received her doctorate in mathematics in 1907.
Despite her qualifications, Noether experienced much resistance during her career.
From 1908–1915, she taught at Erlangen without pay. During this time, she caught
the attention of David Hilbert, one of the world’s foremost mathematicians of the
time, who invited her to Göttingen. However, women were prohibited from obtaining
professorships, and she was only able to lecture under Hilbert’s name, again without
pay. During this time she proved what is now known as Noether’s theorem, which
is still used in theoretical physics today. Noether was finally granted the right to
teach in 1919. Hilbert’s response to continued resistance of his university colleagues
reportedly was: “Gentlemen, the faculty senate is not a bathhouse.”
In the later 1920s, she concentrated on work in abstract algebra, and her contri-
butions revolutionized the field. In her proofs she often made use of the so-called
ascending chain condition, which states that there is no infinite strictly increasing
chain of certain sets. For instance, certain algebraic structures now known as Noethe-
rian rings have the property that there are no infinite sequences of ideals 𝐼 1 ⊊ 𝐼 2 ⊊ . . . .
The condition can be generalized to any partial order (in algebra, it concerns the
special case of ideals ordered by the subset relation), and we can also consider the
dual descending chain condition, where every strictly decreasing sequence in a partial
order eventually ends. If a partial order satisfies the descending chain condition, it
is possible to use induction along this order in a similar way in which we can use
induction along the < order on N. Such orders are called well-founded or Noetherian,
and the corresponding proof principle Noetherian induction.
Noether was Jewish, and when the Nazis came to power in 1933, she was dismissed
from her position. Luckily, Noether was able to emigrate to the United States for
a temporary position at Bryn Mawr, Pennsylvania. During her time there she also
lectured at Princeton, although she found the university to be unwelcoming to women
(Dick, 1981, 81). In 1935, Noether underwent an operation to remove a uterine tumour.
She died from an infection as a result of the surgery, and was buried at Bryn Mawr.

Further Reading For a biography of Noether, see Dick (1981). The Perimeter
Institute for Theoretical Physics has their lectures on Noether’s life and influence

284
 C.6. Rózsa Péter

available online (Institute, 2015). If you’re tired of reading, Stuff You Missed in History
Class has a podcast on Noether’s life and influence (Frey and Wilson, 2015). The
collected works of Noether are available in the original German (Jacobson, 1983).

C.6 Rózsa Péter

Rózsa Péter was born Rósza Politzer, in Budapest, Hungary, on February 17, 1905.
She is best known for her work on recursive functions, which was essential for the
creation of the field of recursion theory.
Péter was raised during harsh political times—WWI raged when she was a
teenager—but was able to attend the affluent Maria Terezia Girls’ School in Budapest,
from where she graduated in 1922. She then studied at Pázmány Péter University (later
renamed Loránd Eötvös University) in Budapest. She began studying chemistry at
the insistence of her father, but later switched to mathematics, and graduated in 1927.
Although she had the credentials to teach high school mathematics, the economic
situation at the time was dire as the Great Depression affected the world economy.
During this time, Péter took odd jobs as a tutor and private teacher of mathematics.
She eventually returned to university to take up graduate studies in mathematics.
She had originally planned to work in number theory, but after finding out that her
results had already been proven, she almost gave up on mathematics altogether. She
was encouraged to work on Gödel’s incompleteness theorems, and unknowingly
proved several of his results in different ways. This restored her confidence, and Péter
went on to write her first papers on recursion theory, inspired by David Hilbert’s
foundational program. She received her PhD in 1935, and in 1937 she became an editor
for the Journal of Symbolic Logic.
Péter’s early papers are widely credited as founding contributions to the field of
recursive function theory. In Péter (1935a), she investigated the relationship between
different kinds of recursion. In Péter (1935b), she showed that a certain recursively
defined function is not primitive recursive. This simplified an earlier result due
to Wilhelm Ackermann. Péter’s simplified function is what’s now often called the
Ackermann function—and sometimes, more properly, the Ackermann–Péter function.
She wrote the first book on recursive function theory (Péter, 1951).
Despite the importance and influence of her work, Péter did not obtain a full-
time teaching position until 1945. During the Nazi occupation of Hungary during
World War II, Péter was not allowed to teach due to anti-Semitic laws. In 1944 the
government created a Jewish ghetto in Budapest; the ghetto was cut off from the
rest of the city and attended by armed guards. Péter was forced to live in the ghetto
until 1945 when it was liberated. She then went on to teach at the Budapest Teachers
Training College, and from 1955 onward at Eötvös Loránd University. She was the first
female Hungarian mathematician to become an Academic Doctor of Mathematics,
and the first woman to be elected to the Hungarian Academy of Sciences.
Péter was known as a passionate teacher of mathematics, who preferred to explore
the nature and beauty of mathematical problems with her students rather than to
merely lecture. As a result, she was affectionately called “Aunt Rosa” by her students.
Péter died in 1977 at the age of 71.

Further Reading For more biographical reading, see (O’Connor and Robertson,
2014) and (Andrásfai, 1986). Tamassy (1994) conducted a brief interview with Péter.
For a fun read about mathematics, see Péter’s book Playing With Infinity (Péter, 2010).

285
C. Biographies

C.7 Julia Robinson

Julia Bowman Robinson was an American mathematician. She is known mainly
for her work on decision problems, and most famously for her contributions to the
solution of Hilbert’s tenth problem. Robinson was born in St. Louis, Missouri, on
December 8, 1919. Robinson recalls being intrigued by numbers already as a child
(Reid, 1986, 4). At age nine she contracted scarlet fever and suffered from several
recurrent bouts of rheumatic fever. This forced her to spend much of her time in bed,
putting her behind in her education. Although she was able to catch up with the help
of private tutors, the physical effects of her illness had a lasting impact on her life.
Despite her childhood struggles, Robinson graduated high school with several
awards in mathematics and the sciences. She started her university career at San
Diego State College, and transferred to the University of California, Berkeley, as a
senior. There she was influenced by the mathematician Raphael Robinson. They
became good friends, and married in 1941. As a spouse of a faculty member, Robinson
was barred from teaching in the mathematics department at Berkeley. Although
she continued to audit mathematics classes, she hoped to leave university and start
a family. Not long after her wedding, however, Robinson contracted pneumonia.
She was told that there was substantial scar tissue build up on her heart due to the
rheumatic fever she suffered as a child. Due to the severity of the scar tissue, the
doctor predicted that she would not live past forty and she was advised not to have
children (Reid, 1986, 13).
Robinson was depressed for a long time, but eventually decided to continue
studying mathematics. She returned to Berkeley and completed her PhD in 1948
under the supervision of Alfred Tarski. The first-order theory of the real numbers
had been shown to be decidable by Tarski, and from Gödel’s work it followed that the
first-order theory of the natural numbers is undecidable. It was a major open problem
whether the first-order theory of the rationals is decidable or not. In her thesis (1949),
Robinson proved that it was not.
Interested in decision problems, Robinson next attempted to find a solution to
Hilbert’s tenth problem. This problem was one of a famous list of 23 mathematical
problems posed by David Hilbert in 1900. The tenth problem asks whether there
is an algorithm that will answer, in a finite amount of time, whether or not a poly-
nomial equation with integer coefficients, such as 3𝑥 2 − 2𝑦 + 3 = 0, has a solution
in the integers. Such questions are known as Diophantine problems. After some
initial successes, Robinson joined forces with Martin Davis and Hilary Putnam, who
were also working on the problem. They succeeded in showing that exponential
Diophantine problems (where the unknowns may also appear as exponents) are unde-
cidable, and showed that a certain conjecture (later called “J.R.”) implies that Hilbert’s
tenth problem is undecidable (Davis et al., 1961). Robinson continued to work on
the problem throughout the 1960s. In 1970, the young Russian mathematician Yuri
Matijasevich finally proved the J.R. hypothesis. The combined result is now called
the Matijasevich–Robinson–Davis–Putnam theorem, or MRDP theorem for short.
Matijasevich and Robinson became friends and collaborated on several papers. In
a letter to Matijasevich, Robinson once wrote that “actually I am very pleased that
working together (thousands of miles apart) we are obviously making more progress
than either one of us could alone” (Matijasevich, 1992, 45).
Robinson was the first female president of the American Mathematical Society,
and the first woman to be elected to the National Academy of Science. She died on
July 30, 1985 at the age of 65 after being diagnosed with leukemia.

286
 C.8. Bertrand Russell

Further Reading Robinson’s mathematical papers are available in her Collected

Works (Robinson, 1996), which also includes a reprint of her National Academy of
Sciences biographical memoir (Feferman, 1994). Robinson’s older sister Constance
Reid published an “Autobiography of Julia,” based on interviews (Reid, 1986), as well
as a full memoir (Reid, 1996). A short documentary about Robinson and Hilbert’s
tenth problem was directed by George Csicsery (Csicsery, 2016). For a brief memoir
about Yuri Matijasevich’s collaborations with Robinson, and her influence on his
work, see (Matijasevich, 1992).

C.8 Bertrand Russell

Bertrand Russell is hailed as one of the founders of modern analytic philosophy. Born
May 18, 1872, Russell was not only known for his work in philosophy and logic, but
wrote many popular books in various subject areas. He was also an ardent political
activist throughout his life.
Russell was born in Trellech, Monmouthshire, Wales. His parents were members
of the British nobility. They were free-thinkers, and even made friends with the
radicals in Boston at the time. Unfortunately, Russell’s parents died when he was
young, and Russell was sent to live with his grandparents. There, he was given a
religious upbringing (something his parents had wanted to avoid at all costs). His
grandmother was very strict in all matters of morality. During adolescence he was
mostly homeschooled by private tutors.
Russell’s influence in analytic philosophy, and especially logic, is tremendous. He
studied mathematics and philosophy at Trinity College, Cambridge, where he was
influenced by the mathematician and philosopher Alfred North Whitehead. In 1910,
Russell and Whitehead published the first volume of Principia Mathematica, where
they championed the view that mathematics is reducible to logic. He went on to
publish hundreds of books, essays and political pamphlets. In 1950, he won the Nobel
Prize for literature.
Russell’s was deeply entrenched in politics and social activism. During World
War I he was arrested and sent to prison for six months due to pacifist activities and
protest. While in prison, he was able to write and read, and claims to have found
the experience “quite agreeable.” He remained a pacifist throughout his life, and
was again incarcerated for attending a nuclear disarmament rally in 1961. He also
survived a plane crash in 1948, where the only survivors were those sitting in the
smoking section. As such, Russell claimed that he owed his life to smoking. Russell
was married four times, but had a reputation for carrying on extra-marital affairs. He
died on February 2, 1970 at the age of 97 in Penrhyndeudraeth, Wales.

Further Reading Russell wrote an autobiography in three parts, spanning his life
from 1872–1967 (Russell, 1967, 1968, 1969). The Bertrand Russell Research Centre at
McMaster University is home of the Bertrand Russell archives. See their website
at Duncan (2015), for information on the volumes of his collected works (including
searchable indexes), and archival projects. Russell’s paper On Denoting (Russell, 1905)
is a classic of 20th century analytic philosophy.
The Stanford Encyclopedia of Philosophy entry on Russell (Irvine, 2015) has sound
clips of Russell speaking on Desire and Political theory. Many video interviews with
Russell are available online. To see him talk about smoking and being involved in a

287
C. Biographies

plane crash, e.g., see Russell (n.d.). Some of Russell’s works, including his Introduction
to Mathematical Philosophy are available as free audiobooks on LibriVox (n.d.).

C.9 Alfred Tarski

Alfred Tarski was born on January 14, 1901 in Warsaw, Poland (then part of the Russian
Empire). Described as “Napoleonic,” Tarski was boisterous, talkative, and intense. His
energy was often reflected in his lectures—he once set fire to a wastebasket while
disposing of a cigarette during a lecture, and was forbidden from lecturing in that
building again.
Tarski had a thirst for knowledge from a young age. Although later in life he
would tell students that he studied logic because it was the only class in which he
got a B, his high school records show that he got A’s across the board—even in logic.
He studied at the University of Warsaw from 1918 to 1924. Tarski first intended to
study biology, but became interested in mathematics, philosophy, and logic, as the
university was the center of the Warsaw School of Logic and Philosophy. Tarski
earned his doctorate in 1924 under the supervision of Stanisław Leśniewski.
Before emigrating to the United States in 1939, Tarski completed some of his most
important work while working as a secondary school teacher in Warsaw. His work
on logical consequence and logical truth were written during this time. In 1939, Tarski
was visiting the United States for a lecture tour. During his visit, Germany invaded
Poland, and because of his Jewish heritage, Tarski could not return. His wife and
children remained in Poland until the end of the war, but were then able to emigrate
to the United States as well. Tarski taught at Harvard, the College of the City of New
York, and the Institute for Advanced Study at Princeton, and finally the University of
California, Berkeley. There he founded the multidisciplinary program in Logic and
the Methodology of Science. Tarski died on October 26, 1983 at the age of 82.

Further Reading For more on Tarski’s life, see the biography Alfred Tarski: Life and
Logic (Feferman and Feferman, 2004). Tarski’s seminal works on logical consequence
and truth are available in English in (Corcoran, 1983). All of Tarski’s original works
have been collected into a four volume series, (Tarski, 1981).

C.10 Alan Turing

Alan Turing was born in Maida Vale, London, on June 23, 1912. He is considered
the father of theoretical computer science. Turing’s interest in the physical sciences
and mathematics started at a young age. However, as a boy his interests were not
represented well in his schools, where emphasis was placed on literature and classics.
Consequently, he did poorly in school and was reprimanded by many of his teachers.
Turing attended King’s College, Cambridge as an undergraduate, where he studied
mathematics. In 1936 Turing developed (what is now called) the Turing machine as
an attempt to precisely define the notion of a computable function and to prove the
undecidability of the decision problem. He was beaten to the result by Alonzo Church,
who proved the result via his own lambda calculus. Turing’s paper was still published
with reference to Church’s result. Church invited Turing to Princeton, where he spent
1936–1938, and obtained a doctorate under Church.
Despite his interest in logic, Turing’s earlier interests in physical sciences remained
prevalent. His practical skills were put to work during his service with the British

288
 C.11. Ernst Zermelo

cryptanalytic department at Bletchley Park during World War II. Turing was a central
figure in cracking the cypher used by German Naval communications—the Enigma
code. Turing’s expertise in statistics and cryptography, together with the introduction
of electronic machinery, gave the team the ability to crack the code by creating a
de-crypting machine called a “bombe.” His ideas also helped in the creation of the
world’s first programmable electronic computer, the Colossus, also used at Bletchley
park to break the German Lorenz cypher.
Turing was gay. Nevertheless, in 1942 he proposed to Joan Clarke, one of his
teammates at Bletchley Park, but later broke off the engagement and confessed to
her that he was homosexual. He had several lovers throughout his lifetime, although
homosexual acts were then criminal offences in the UK. In 1952, Turing’s house
was burgled by a friend of his lover at the time, and when filing a police report,
Turing admitted to having a homosexual relationship, under the impression that the
government was on their way to legalizing homosexual acts. This was not true, and
he was charged with gross indecency. Instead of going to prison, Turing opted for
a hormone treatment that reduced libido. Turing was found dead on June 8, 1954,
of a cyanide overdose—most likely suicide. He was given a royal pardon by Queen
Elizabeth II in 2013.

Further Reading For a comprehensive biography of Alan Turing, see Hodges

(2014). Turing’s life and work inspired a play, Breaking the Code, which was produced
in 1996 for TV starring Derek Jacobi as Turing. The Imitation Game, an Academy
Award nominated film starring Bendict Cumberbatch and Kiera Knightley, is also
loosely based on Alan Turing’s life and time at Bletchley Park (Tyldum, 2014).
Radiolab (2012) has several podcasts on Turing’s life and work. BBC Horizon’s
documentary The Strange Life and Death of Dr. Turing is available to watch online
(Sykes, 1992). (Theelen, 2012) is a short video of a working LEGO Turing Machine—
made to honour Turing’s centenary in 2012.
Turing’s original paper on Turing machines and the decision problem is Turing
(1937).

C.11 Ernst Zermelo

Ernst Zermelo was born on July 27, 1871 in Berlin, Germany. He had five sisters, though
his family suffered from poor health and only three survived to adulthood. His parents
also passed away when he was young, leaving him and his siblings orphans when
he was seventeen. Zermelo had a deep interest in the arts, and especially in poetry.
He was known for being sharp, witty, and critical. His most celebrated mathematical
achievements include the introduction of the axiom of choice (in 1904), and his
axiomatization of set theory (in 1908).
Zermelo’s interests at university were varied. He took courses in physics, math-
ematics, and philosophy. Under the supervision of Hermann Schwarz, Zermelo
completed his dissertation Investigations in the Calculus of Variations in 1894 at the
University of Berlin. In 1897, he decided to pursue more studies at the University of
Göttigen, where he was heavily influenced by the foundational work of David Hilbert.
In 1899 he became eligible for professorship, but did not get one until eleven years
later—possibly due to his strange demeanour and “nervous haste.”
Zermelo finally received a paid professorship at the University of Zurich in 1910,
but was forced to retire in 1916 due to tuberculosis. After his recovery, he was given

289
C. Biographies

an honourary professorship at the University of Freiburg in 1921. During this time he

worked on foundational mathematics. He became irritated with the works of Thoralf
Skolem and Kurt Gödel, and publicly criticized their approaches in his papers. He
was dismissed from his position at Freiburg in 1935, due to his unpopularity and his
opposition to Hitler’s rise to power in Germany.
The later years of Zermelo’s life were marked by isolation. After his dismissal in
1935, he abandoned mathematics. He moved to the country where he lived modestly.
He married in 1944, and became completely dependent on his wife as he was going
blind. Zermelo lost his sight completely by 1951. He passed away in Günterstal,
Germany, on May 21, 1953.

Further Reading For a full biography of Zermelo, see Ebbinghaus (2015). Zermelo’s
seminal 1904 and 1908 papers are available to read in the original German (Zermelo,
1904, 1908). Zermelo’s collected works, including his writing on physics, are available
in English translation in (Ebbinghaus et al., 2010; Ebbinghaus and Kanamori, 2013).

290
Photo Credits

291
Bibliography

Andrásfai, Béla. 1986. Rózsa (Rosa) Péter. Periodica Polytechnica Electrical Engineering
30(2-3): 139–145. URL http://www.pp.bme.hu/ee/article/view/
4651.

Aspray, William. 1984. The Princeton mathematics community in the 1930s: Alonzo
Church. URL http://www.princeton.edu/mudd/findingaids/
mathoral/pmc05.htm. Interview.

Baaz, Matthias, Christos H. Papadimitriou, Hilary W. Putnam, Dana S. Scott, and

Charles L. Harper Jr. 2011. Kurt Gödel and the Foundations of Mathematics: Horizons
of Truth. Cambridge: Cambridge University Press.

Cheng, Eugenia. 2004. How to write proofs: A quick quide. URL

http://http://eugeniacheng.com/wp-content/uploads/
2017/02/cheng-proofguide.pdf.

Church, Alonzo. 1936a. A note on the Entscheidungsproblem. Journal of Symbolic

Logic 1: 40–41.

Church, Alonzo. 1936b. An unsolvable problem of elementary number theory. Ameri-

can Journal of Mathematics 58: 345–363.

Corcoran, John. 1983. Logic, Semantics, Metamathematics. Indianapolis: Hackett, 2nd

ed.

Csicsery, George. 2016. Zala films: Julia Robinson and Hilbert’s tenth problem. URL
http://www.zalafilms.com/films/juliarobinson.html.

Dauben, Joseph. 1990. Georg Cantor: His Mathematics and Philosophy of the Infinite.
Princeton: Princeton University Press.

Davis, Martin, Hilary Putnam, and Julia Robinson. 1961. The decision problem for
exponential Diophantine equations. Annals of Mathematics 74(3): 425–436. URL
http://www.jstor.org/stable/1970289.

Dick, Auguste. 1981. Emmy Noether 1882–1935. Boston: Birkhäuser.

du Sautoy, Marcus. 2014. A brief history of mathematics: Georg Cantor. URL http:
//www.bbc.co.uk/programmes/b00ss1j0. Audio Recording.

Duncan, Arlene. 2015. The Bertrand Russell Research Centre. URL http://
russell.mcmaster.ca/.

293
Bibliography

Ebbinghaus, Heinz-Dieter. 2015. Ernst Zermelo: An Approach to his Life and Work.
Berlin: Springer-Verlag.

Ebbinghaus, Heinz-Dieter, Craig G. Fraser, and Akihiro Kanamori. 2010. Ernst Zermelo.
Collected Works, vol. 1. Berlin: Springer-Verlag.

Ebbinghaus, Heinz-Dieter and Akihiro Kanamori. 2013. Ernst Zermelo: Collected

Works, vol. 2. Berlin: Springer-Verlag.

Enderton, Herbert B. 2019. Alonzo Church: Life and Work. In The Collected Works of
Alonzo Church, eds. Tyler Burge and Herbert B. Enderton. Cambridge, MA: MIT
Press.

Feferman, Anita and Solomon Feferman. 2004. Alfred Tarski: Life and Logic. Cam-
bridge: Cambridge University Press.

Feferman, Solomon. 1994. Julia Bowman Robinson 1919–1985. Biographical Memoirs

of the National Academy of Sciences 63: 1–28. URL http://www.nasonline.
org/publications/biographical-memoirs/memoir-pdfs/
robinson-julia.pdf.

Feferman, Solomon, John W. Dawson Jr., Stephen C. Kleene, Gregory H. Moore,

Robert M. Solovay, and Jean van Heijenoort. 1986. Kurt Gödel: Collected Works. Vol.
1: Publications 1929–1936. Oxford: Oxford University Press.

Feferman, Solomon, John W. Dawson Jr., Stephen C. Kleene, Gregory H. Moore,

Robert M. Solovay, and Jean van Heijenoort. 1990. Kurt Gödel: Collected Works. Vol.
2: Publications 1938–1974. Oxford: Oxford University Press.

Frey, Holly and Tracy V. Wilson. 2015. Stuff you missed in history class: Emmy Noether,
mathematics trailblazer. URL https://www.iheart.com/podcast/
stuff-you-missed-in-history-cl-21124503/episode/
emmy-noether-mathematics-trailblazer-30207491/. Pod-
cast audio.

Gentzen, Gerhard. 1935a. Untersuchungen über das logische Schließen I. Mathemati-

sche Zeitschrift 39: 176–210. English translation in Szabo (1969), pp. 68–131.

Gentzen, Gerhard. 1935b. Untersuchungen über das logische Schließen II. Mathe-
matische Zeitschrift 39: 176–210, 405–431. English translation in Szabo (1969),
pp. 68–131.

Gödel, Kurt. 1929. Über die Vollständigkeit des Logikkalküls [On the completeness of
the calculus of logic]. Dissertation, Universität Wien. Reprinted and translated in
Feferman et al. (1986), pp. 60–101.

Gödel, Kurt. 1931. über formal unentscheidbare Sätze der Principia Mathematica
und verwandter Systeme I [On formally undecidable propositions of Principia
Mathematica and related systems I]. Monatshefte für Mathematik und Physik 38:
173–198. Reprinted and translated in Feferman et al. (1986), pp. 144–195.

Grattan-Guinness, Ivor. 1971. Towards a biography of Georg Cantor. Annals of Science

27(4): 345–391.

294
 Bibliography

Hammack, Richard. 2013. Book of Proof. Richmond, VA: Virginia Common-

wealth University. URL http://www.people.vcu.edu/rhammack/
BookOfProof/BookOfProof.pdf.

Hodges, Andrew. 2014. Alan Turing: The Enigma. London: Vintage.

Hutchings, Michael. 2003. Introduction to mathematical arguments. URL https:

//math.berkeley.edu/hutching/teach/proofs.pdf.

Institute, Perimeter. 2015. Emmy Noether: Her life, work, and influence. URL https:
//www.youtube.com/watch?v=tNNyAyMRsgE. Video Lecture.

Irvine, Andrew David. 2015. Sound clips of Bertrand Russell speak-

ing. URL http://plato.stanford.edu/entries/russell/
russell-soundclips.html.

Jacobson, Nathan. 1983. Emmy Noether: Gesammelte Abhandlungen—Collected Papers.

Berlin: Springer-Verlag.

John Dawson, Jr. 1997. Logical Dilemmas: The Life and Work of Kurt Gödel. Boca Raton:
CRC Press.

LibriVox. n.d. Bertrand Russell. URL https://librivox.org/author/

1508?primarykey=1508&searchcategory=author&search
page=1&searchform=getresults. Collection of public domain
audiobooks.

Linsenmayer, Mark. 2014. The partially examined life: Gödel on math.

URL http://www.partiallyexaminedlife.com/2014/06/16/
ep95-godel/. Podcast audio.

MacFarlane, John. 2015. Alonzo Church’s JSL reviews. URL http://

johnmacfarlane.net/church.html.

Matijasevich, Yuri. 1992. My collaboration with Julia Robinson. The Mathematical

Intelligencer 14(4): 38–45.

Menzler-Trott, Eckart. 2007. Logic’s Lost Genius: The Life of Gerhard Gentzen. Provi-
dence: American Mathematical Society.

O’Connor, John J. and Edmund F. Robertson. 2014. Rózsa Péter. URL http:
//www-groups.dcs.st-and.ac.uk/history/Biographies/
Peter.html.

Péter, Rózsa. 1935a. Über den Zusammenhang der verschiedenen Begriffe der rekur-
siven Funktion. Mathematische Annalen 110: 612–632.

Péter, Rózsa. 1935b. Konstruktion nichtrekursiver Funktionen. Mathematische Annalen

111: 42–60.

Péter, Rózsa. 1951. Rekursive Funktionen. Budapest: Akademiai Kiado. English

translation in (Péter, 1967).

Péter, Rózsa. 1967. Recursive Functions. New York: Academic Press.

295
Bibliography

Péter, Rózsa. 2010. Playing with Infinity. New York: Dover. URL
https://books.google.ca/books?id=6V3wNs4uv4C&lpg=
PP1&ots=BkQZaHcR99&lr&pg=PP1#v=onepage&q&f=false.
Radiolab. 2012. The Turing problem. URL http://www.radiolab.org/
story/193037-turing-problem/. Podcast audio.
Reid, Constance. 1986. The autobiography of Julia Robinson. The College Mathematics
Journal 17: 3–21.
Reid, Constance. 1996. Julia: A Life in Mathematics. Cambridge: Cam-
bridge University Press. URL https://books.google.ca/books?id=
lRtSzQyHf9UC&lpg=PP1&pg=PP1#v=onepage&q&f=false.
Robinson, Julia. 1949. Definability and decision problems in arithmetic. Journal
of Symbolic Logic 14(2): 98–114. URL http://www.jstor.org/stable/
2266510.
Robinson, Julia. 1996. The Collected Works of Julia Robinson. Providence: American
Mathematical Society.
Rose, Daniel. 2012. A song about Georg Cantor. URL https://www.youtube.
com/watch?v=QUP5Z4Fb5k4. Audio Recording.
Russell, Bertrand. 1905. On denoting. Mind 14: 479–493.
Russell, Bertrand. 1967. The Autobiography of Bertrand Russell, vol. 1. London: Allen
and Unwin.
Russell, Bertrand. 1968. The Autobiography of Bertrand Russell, vol. 2. London: Allen
and Unwin.
Russell, Bertrand. 1969. The Autobiography of Bertrand Russell, vol. 3. London: Allen
and Unwin.
Russell, Bertrand. n.d. Bertrand Russell on smoking. URL https://www.
youtube.com/watch?v=80oLTiVWlc. Video Interview.
Sandstrum, Ted. 2019. Mathematical Reasoning: Writing and Proof. Allendale, MI:
Grand Valley State University. URL https://scholarworks.gvsu.edu/
books/7/.
Segal, Sanford L. 2014. Mathematicians under the Nazis. Princeton: Princeton Univer-
sity Press.
Sigmund, Karl, John Dawson, Kurt Mühlberger, Hans Magnus Enzensberger, and
Juliette Kennedy. 2007. Kurt Gödel: Das Album–The Album. The Mathematical
Intelligencer 29(3): 73–76.
Smith, Peter. 2013. An Introduction to Gödel’s Theorems. Cambridge: Cambridge
University Press.
Solow, Daniel. 2013. How to Read and Do Proofs. Hoboken, NJ: Wiley.
Steinhart, Eric. 2018. More Precisely: The Math You Need to Do Philosophy. Peterborough,
ON: Broadview, 2nd ed.

296
 Bibliography

Sykes, Christopher. 1992. BBC Horizon: The strange life and death of Dr. Turing. URL
https://www.youtube.com/watch?v=gyusnGbBSHE.
Szabo, Manfred E. 1969. The Collected Papers of Gerhard Gentzen. Amsterdam: North-
Holland.
Takeuti, Gaisi, Nicholas Passell, and Mariko Yasugi. 2003. Memoirs of a Proof Theorist:
Gödel and Other Logicians. Singapore: World Scientific.
Tamassy, Istvan. 1994. Interview with Róza Péter. Modern Logic 4(3): 277–280.
Tarski, Alfred. 1981. The Collected Works of Alfred Tarski, vol. I–IV. Basel: Birkhäuser.
Theelen, Andre. 2012. Lego turing machine. URL https://www.youtube.
com/watch?v=FTSAiF9AHN4.
Turing, Alan M. 1937. On computable numbers, with an application to the “Entschei-
dungsproblem”. Proceedings of the London Mathematical Society, 2nd Series 42:
230–265.
Tyldum, Morten. 2014. The imitation game. Motion picture.
Velleman, Daniel J. 2019. How to Prove It: A Structured Approach. Cambridge: Cam-
bridge University Press, 3rd ed.
Wang, Hao. 1990. Reflections on Kurt Gödel. Cambridge: MIT Press.
Zermelo, Ernst. 1904. Beweis, daß jede Menge wohlgeordnet werden kann. Mathe-
matische Annalen 59: 514–516. English translation in (Ebbinghaus et al., 2010,
pp. 115–119).
Zermelo, Ernst. 1908. Untersuchungen über die Grundlagen der Mengenlehre I.
Mathematische Annalen 65(2): 261–281. English translation in (Ebbinghaus et al.,
2010, pp. 189-229).

297