of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s...
63
A Formally Verified Abstract Account of Gödel’s Incompleteness Theorems Andrei Popescu Dmitriy Traytel λ → ∀ = Isabelle β α HOL
Transcript of of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s...
A Formally Verified Abstract Account of
Gödel’s Incompleteness Theorems
Andrei Popescu Dmitriy Traytel
λ→
∀=Is
abelle
β
α
HOL
Gödel’s Incompleteness Theorems 1931
Gödel’s Incompleteness Theorems 1931 Fix a consistent logical theory that
- contains enough arithmetic,- can itself be arithmetized.
Gödel’s Incompleteness Theorems 1931
There are sentences that the theory cannot decide (i.e., neither prove nor disprove).
Fix a consistent logical theory that- contains enough arithmetic,- can itself be arithmetized.
Gödel’s Incompleteness Theorems 1931
There are sentences that the theory cannot decide (i.e., neither prove nor disprove).
Fix a consistent logical theory that- contains enough arithmetic,- can itself be arithmetized.
The theory cannot prove (an internal formulation of) its own consistency.
Pen and Paper Proofs of � and �
Pen and Paper Proofs of � and �
… … … …
Pen and Paper Proofs of � and �
The reader who does not like incomplete and (apparently) irremediably messy proofs of syntactic facts may wish to skim over the rest of this chapter and take it for granted that …
… … … …
Formal Verifications of � and �
Formal Verifications of � and �
Paulson
2015
Isabelle
O’Connor
2005
Coq
Harrison
2004
HOL Light
Shankar
1986
NQTHM
1978
TEM
Sieg
End of story
End of story?
End of story?
Formal Verifications of � and �
Shared structure
- Fix a particular logic: Classical FOL
Formal Verifications of � and �
Shared structure
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
Formal Verifications of � and �
Shared structure
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
Formal Verifications of � and �
Shared structure
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
- Tour de force for the particular combination
Formal Verifications of � and �
Shared structure
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
- Tour de force for the particular combination
Formal Verifications of � and �
Shared structure
Scope of and remains largely unexploded
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
- Tour de force for the particular combination
Formal Verifications of � and �
Shared structure
Scope of and remains largely unexploded
E.g. do they hold for Intuitionistic FOL, HOL, CIC?
Our Motto:
Our Motto:Don’t Fix, Gather!
Our Contributions
Our Contributions- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
λ→
∀=Is
abelle
β
α
HOL
Our Contributions- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
λ→
∀=Is
abelle
β
α
HOL
- Concrete instantiation to hereditarily finite set theory
- Reproduce (for ) and improve (for ) Paulson’s formalization
What must a logic/theory offer?Generic Syntax Connectives Provability
Relation Numerals
What must a logic/theory offer?Generic Syntax Connectives Provability
Relation Numerals
Classical Logic
What may a logic/theory offer?Order-like Relation Proofs Encodings
Represent-ability
Derivability Conditions
Standard Model Soundness
Consistency Omega-Consistency
Completeness of Provability
Proofs vs. Provability
Generic Syntax
• sets: Var, Term, Fmla with Var⊆Term Generic Syntax
• sets: Var, Term, Fmla with Var⊆Term
• operators: FV_Term : Term → 2Var
FV : Fmla → 2Var
subst_Term : Term → Var → Term → Termsubst : Fmla → Var → Term → Fmla
Generic Syntax
• sets: Var, Term, Fmla with Var⊆Term
• operators: FV_Term : Term → 2Var
FV : Fmla → 2Var
subst_Term : Term → Var → Term → Termsubst : Fmla → Var → Term → Fmla
• properties, e.g.:x∈FV(φ) implies FV(subst φ x s) = FV(φ) - {x} ∪ FV_Term(s)
Generic Syntax
• sets: Var, Term, Fmla with Var⊆Term
• operators: FV_Term : Term → 2Var
FV : Fmla → 2Var
subst_Term : Term → Var → Term → Termsubst : Fmla → Var → Term → Fmla
• properties, e.g.:x∈FV(φ) implies FV(subst φ x s) = FV(φ) - {x} ∪ FV_Term(s)
Generic Syntax
We require unary substitution only. We derive parallel substitution from it.
Connectives
• operators: ≡ : Term → Term → Fmla→, ∧, ∨ : Fmla → Fmla → Fmla¬ : Fmla → Fmla⊥, ⊤ : Fmla∃, ∀ : Var → Fmla → Fmla
Connectives
• operators: ≡ : Term → Term → Fmla→, ∧, ∨ : Fmla → Fmla → Fmla¬ : Fmla → Fmla⊥, ⊤ : Fmla∃, ∀ : Var → Fmla → Fmla
Connectives
We require a minimal list w.r.t. intuitionistic deduction and define the rest. Note: operators, not constructors
• unary relation: ⊢ ⊆ Fmlawe write ⊢φ if φ ∈ ⊢
• properties: ⊢ contains the standard (Hilbert-style) intuitionistic FOL axioms about the connectives
Provability Relation
• unary relation: ⊢ ⊆ Fmlawe write ⊢φ if φ ∈ ⊢
• properties: ⊢ contains the standard (Hilbert-style) intuitionistic FOL axioms about the connectives
Provability Relation
• nonempty set: Num ⊆ Fmla0
Numerals
• property: ⊢ ¬ ¬ φ → φ Classical Logic
• property: ⊢ ¬ ¬ φ → φ Classical Logic
Order-like Relation
• formula: ≺ ∈ Fmla2 • properties, e.g.:
for all φ∈Fmla1 and n∈Num,if ⊢φ(m) for all m∈Num, then ⊢∀x. x≺n → φ(x)
• property: ⊢ ¬ ¬ φ → φ Classical Logic
Order-like Relation
• formula: ≺ ∈ Fmla2 • properties, e.g.:
for all φ∈Fmla1 and n∈Num,if ⊢φ(m) for all m∈Num, then ⊢∀x. x≺n → φ(x)
• set: Proof • binary relation: ⊩ ∈ Proof×Fmla
we write p⊩φ if (p,φ)∈⊩
Proofs
• formulas subst, ⊩, ¬ • property:
behave like operators/relations (subst, ⊩, ¬) on encodings
• operators: ⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num
Encodings
Represent-ability
• formulas subst, ⊩, ¬ • property:
behave like operators/relations (subst, ⊩, ¬) on encodings
• operators: ⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num
Encodings
• property: ⊬⊥Consistency
Represent-ability
• formulas subst, ⊩, ¬ • property:
behave like operators/relations (subst, ⊩, ¬) on encodings
• operators: ⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num
Encodings
• property: ⊬⊥Consistency
• property: For all φ∈Fmla1,
if ⊢¬φ(n) for all n∈Num then ⊬¬¬(∃x.φ(x))
Omega-Consistency
Represent-ability
What must a logic/theory offer?Generic Syntax Connectives Provability
Relation Numerals
Classical Logic
What may a logic/theory offer?Order-like Relation Proofs Encodings
Represent-ability
Derivability Conditions
Standard Model Soundness
Consistency Omega-Consistency
Completeness of Provability
Proofs vs. Provability
Proofs
EncodingsRepresent-ability
Derivability Conditions
Omega-Consistency
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
Proofs
EncodingsRepresent-ability
Derivability Conditions
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
ConsistencyRosser’s Trick
a la Rosser
Proofs
EncodingsRepresent-ability
Derivability Conditions
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
ConsistencyRosser’s Trick
¬
a la Rosser
Proofs
EncodingsRepresent-ability
Derivability Conditions
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
ConsistencyRosser’s Trick
Order-like Relation
¬
a la Rosser
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
and φ is true in the standard modelsemantic
⊢⊢⟨φ⟩ implies ⊢φ
Standard Model Soundness Completeness
of ProvabilityProofs vs. Provability
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φclassical
⊢⊢⟨φ⟩ implies ⊢φ
Classical LogicConsistency
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
⊬¬⊢⟨⊥⟩
Consistency
⊢⊢⟨φ⟩∧⊢⟨φ→ψ⟩→⊢⟨ψ⟩
⊢⊢⟨φ⟩→⊢⟨⊢⟨φ⟩⟩
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
⊬¬⊢⟨⊥⟩
Consistency
⊢⊢⟨φ⟩∧⊢⟨φ→ψ⟩→⊢⟨ψ⟩
⊢⊢⟨φ⟩→⊢⟨⊢⟨φ⟩⟩
In the paper:Jeroslow’s
“improvement"to remove this
condition
results in weaker conclusion
+ mistake in proof
12000 LOCλ
→
∀=Is
abelle
β
α
HOL
From Abstract to ConcreteGeneric Syntax Connectives Provability
Relation Numerals
Verified instances-Robinson’s Arithmetic (Q)-Hereditarily finite set theory
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
Paulson assumes soundness (and redundantly consistency!)
We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here)
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
Paulson assumes soundness (and redundantly consistency!)
We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here)
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
-5000 LOC
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
Paulson assumes soundness (and redundantly consistency!)
We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here)
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
-5000 LOC +5000 LOC
Conclusion- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
- Concrete instantiation to hereditarily finite set theory
- Reproduce (for ) and improve (for ) Paulson’s formalization
- Still unanswered/future work
- Do and hold for Intuitionistic FOL, HOL, CIC?- Can we do more on the abstract level? (e.g. derivability conditions)
λ→
∀=Is
abelle
β
α
HOL
Conclusion- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
- Concrete instantiation to hereditarily finite set theory
- Reproduce (for ) and improve (for ) Paulson’s formalization
- Still unanswered/future work
- Do and hold for Intuitionistic FOL, HOL, CIC?- Can we do more on the abstract level? (e.g. derivability conditions)
λ→
∀=Is
abelle
β
α
HOL
Thank you! Questions?
A Formally Verified Abstract Account of
Gödel’s Incompleteness Theorems
Andrei Popescu Dmitriy Traytel
λ→
∀=Is
abelle
β
α
HOL
![Inner-Model Reflection Principles · 2020. 5. 6. · Inner-Model Reflection Principles 575 Friedman [4]. These meta-principles assert that certain sentences obtainable in outer models](https://static.fdocument.org/doc/165x107/60ca44a8ba91f907cd6b2d43/inner-model-reflection-principles-2020-5-6-inner-model-reiection-principles.jpg)
