CSE 311 Lecture 09: Proof Strategies
Topics
- Predicate logic proofs
- A review and continuation of Lecture 08.
- Natural language proofs
- From formal proofs to natural language proofs.
- Proof strategies
- Proof by contrapositive, counterexamples, and proof by contradiction.
Predicate logic proofs
A review and continuation of Lecture 08.
Inference rules for quantifiers
Elim $\forall$ $\rule{\forall x. P(x)}{P(a) \text{ for any } a}$
Intro $\forall$ $\rule{P(a); a \text{ is } \color{MediumVioletRed}{\text{arbitrary}}}{\forall x. P(x)}$
The name $a$ stands for an arbitrary value in the domain. No other name in $P$ depends on $a$.
Intro $\exists$ $\rule{P(c) \text{ for some } c}{\exists x. P(x)}$
Elim $\exists$ $\rule{\exists x. P(x)}{P(c) \text{ for a } \color{MediumVioletRed}{\text{specific }} c }$
The name $c$ is fresh and stands for a value in the domain where $P(c)$ is true. List all dependencies for $c$.
Predicate logic proofs can use …
- Predicate logic inference rules
- Applied to whole formulas only.
- Predicate logic equivalences
- Even on subformulas.
- Propositional logic inference rules
- Applied to whole formulas only.
- Propositional logic equivalences
- Even on subformulas.
Key takeaways from last lecture: domain properties
Proofs for a specific domain can use the properties of the domain.
- If a predicate is defined with a logical formula, use that formula in your proof.
- Otherwise, use domain properties to establish that a predicate is true.
| 1. | $\specific{2} = \specific{2}\cdot \hilite{SteelBlue}{1}$ | Arithmetic |
| 2. | $\exists \hilite{SteelBlue}{y}. \specific{2} = \specific{2}\cdot \hilite{SteelBlue}{y}$ | Intro $\exists$: 1 |
| 3. | $\text{Even}(\specific{2})$ | Definition of Even: 2 |
| 4. | $\text{Prime}(\specific{2})$ | Property of integer 2 |
| 5. | $\text{Even}(\specific{2}) \wedge \text{Prime}(\specific{2})$ | Intro $\wedge$: 3, 4 |
| 6. | $\exists \specific{x}. \text{Even}(\specific{x}) \wedge \text{Prime}(\specific{x})$ | Intro $\exists$: 5 |
- Domain of discourse
- Integers
- Predicate definitions
- $\text{Even}(x) ::= \exists y. x = 2\cdot y$
- $\text{Prime}(x) ::=$ “$x$ is prime”
We are using the logic definition of Even to establish that 2 is Even, and we are using domain property to establish that 2 is Prime.
Key takeaways from last lecture: Elim $\forall$ & Intro $\exists$
Elim $\forall$ $\rule{\forall x. P(x)}{P(a) \text{ for any } a}$
Intro $\exists$ $\rule{P(c) \text{ for some } c}{\exists x. P(x)}$
When applying Elim $\forall$ to $\forall x. P(x)$, you have to replace all occurrences of the universal variable $x$ in $P(x)$ with the arbitrary name $a$.
But when applying Intro $\exists$ to $P(c)$, you don’t have to replace all occurrences of $c$ in $P(c)$ with the existential variable $x$.
| 1. | $\forall x. x = x$ | Given |
| 2. | $\arbitrary{a}=\arbitrary{a}$ | Elim $\forall$: 1, $\arbitrary{a}$ is arbitrary |
| 3. | $\exists z. \arbitrary{a}=z$ | Intro $\exists$: 2 |
| 4. | $\forall y. \exists z. y=z$ | Intro $\forall$: 3 |
- Domain of discourse
- Integers
Elim $\forall$ at 2 replaces all occurrences of $x$ at 1, but Intro $\exists$ at 3 replaces only one occurrence of $a$ at 2.
A square example
Prove that the square of every even number is even: $\forall x. \text{Even}(x) \rightarrow \text{Even}(x^2)$.
| 1. | Let $\arbitrary{a}$ be an arbitrary integer. |
| 2.1. | $\text{Even}(\arbitrary{a})$ | Assumption |
| 2.2. | $\exists \specific{y}. \arbitrary{a} = 2\specific{y}$ | Definition of Even: 2.1 |
| 2.3. | $\arbitrary{a} = 2\specific{b}$ | Elim $\exists$: 2.2, $\specific{b}$ depends on $\arbitrary{a}$ |
| 2.4. | $\arbitrary{a}^2 = 4\specific{b}^2 = 2(2\specific{b}^2)$ | Algebra |
| 2.5. | $\exists y. \arbitrary{a}^2 = 2y$ | Intro $\exists$: 2.4 |
| 2.6. | $\text{Even}(\arbitrary{a}^2)$ | Definition of Even: 2.5 |
| 3. | $\text{Even}(\arbitrary{a}) \rightarrow \text{Even}(\arbitrary{a}^2)$ | Direct Proof Rule |
| 4. | $\forall x. \text{Even}(x) \rightarrow \text{Even}(x^2)$ | Intro $\forall$: 1, 3 |
- Use Intro $\forall$ on 1 and 2.
- $\rightarrow$ so use DRP to get 3.
- Use definition of Even to break down 2.1 and 2.6.
- Use Elim $\exists$ on 2.2.
- Use algebra on 2.3 to match the body of 2.5.
- Use Intro $\exists$ on 2.4 to get 2.5.
- Domain of discourse
- Integers
- Predicate definitions
- $\text{Even}(x) ::= \exists y. x = 2\cdot y$
Elim $\forall$ $\rule{\forall x. P(x)}{P(a) \text{ for any } a}$
Intro $\forall$ $\rule{P(a); a \text{ is } \color{MediumVioletRed}{\text{arbitrary}}}{\forall x. P(x)}$
Intro $\exists$ $\rule{P(c) \text{ for some } c}{\exists x. P(x)}$
Elim $\exists$ $\rule{\exists x. P(x)}{P(c) \text{ for a } \color{MediumVioletRed}{\text{specific }} c }$
Why list dependencies? To avoid incorrect proofs.
Over the integer domain: $\forall x. \exists y. y\geq x$ is True but $\exists y. \forall x. y\geq x$ is False.
| 1. | $\forall x. \exists y. y\geq x$ | Given |
| 2. | Let $\arbitrary{a}$ be an arbitrary integer. | |
| 3. | $\exists \specific{y}. \specific{y}\geq \arbitrary{a}$ | Elim $\forall$: 1 |
| 4. | $\specific{b}\geq \arbitrary{a}$ | Elim $\exists$: 3, $\specific{b}$ depends on $\arbitrary{a}$ |
| 5. | $\forall x. \specific{b}\geq x$ | Intro $\forall$: 2, 4 |
| 6. | $\exists y. \forall x. y\geq x$ | Intro $\exists$: 5 |
Example: an incorrect proof.
Can’t get rid of $\arbitrary{a}$ since another name, $\specific{b}$, in the same formula depends on it!
Elim $\forall$ $\rule{\forall x. P(x)}{P(a) \text{ for any } a}$
Intro $\forall$ $\rule{P(a); a \text{ is } \color{MediumVioletRed}{\text{arbitrary}}}{\forall x. P(x)}$
The name $a$ stands for an arbitrary value in the domain. No other name in $P$ depends on $a$.
Intro $\exists$ $\rule{P(c) \text{ for some } c}{\exists x. P(x)}$
Elim $\exists$ $\rule{\exists x. P(x)}{P(c) \text{ for a } \color{MediumVioletRed}{\text{specific }} c }$
The name $c$ is fresh and stands for a value in the domain where $P(c)$ is true. List all dependencies for $c$.
Natural language proofs
From formal proofs to natural language proofs.
Natural language versus (predicate) logic proofs
- We often write proofs in English rather than as fully formal proofs.
- They are easier for people to read.
- (But theorem provers prefer fully formal proofs. :)
- English proofs follow the structure of the corresponding formal proofs.
- Formal proof methods help to understand how proofs work in English.
- And they give clues for how to produce the proofs in English.
A not so odd example in English
Prove that there is an even integer.
| $\specific{2} = \specific{2}\cdot \hilite{SteelBlue}{1}$ | |
| so $\specific{2}$ equals $\specific{2}$ times an integer. | |
| Therefore $\specific{2}$ is even. | |
| Therefore there is an even integer. $\qed$ |
| 1. | $\specific{2} = \specific{2}\cdot \hilite{SteelBlue}{1}$ | Arithmetic |
| 2. | $\exists \hilite{SteelBlue}{y}. \specific{2} = \specific{2}\cdot \hilite{SteelBlue}{y}$ | Intro $\exists$: 1 |
| 3. | $\text{Even}(\specific{2})$ | Definition of Even: 2 |
| 4. | $\exists \specific{x}. \text{Even}(\specific{x})$ | Intro $\exists$: 3 |
- Domain of discourse
- Integers
- Predicate definitions
- $\text{Even}(x) ::= \exists y. x = 2\cdot y$
A square example in English
Prove that the square of every even number is even.
| Let $\arbitrary{a}$ be an arbitrary even integer. |
| Then, by definition, $\arbitrary{a} = 2\specific{b}$ | |
| for some integer $\specific{b}$, depending on $\arbitrary{a}$. | |
| Squaring both sides, we get $\arbitrary{a}^2 = 4\specific{b}^2 = 2(2\specific{b}^2)$. | |
| Since $2\specific{b}^2$ is an integer, by definition, | |
| $\arbitrary{a}^2$ is even. |
| Since $\arbitrary{a}$ was arbitrary, it follows that | |
| the square of every even number is even. $\qed$ |
| 1. | Let $\arbitrary{a}$ be an arbitrary integer. |
| 2.1. | $\text{Even}(\arbitrary{a})$ | Assumption |
| 2.2. | $\exists \specific{y}. \arbitrary{a} = 2\specific{y}$ | Definition of Even: 2.1 |
| 2.3. | $\arbitrary{a} = 2\specific{b}$ | Elim $\exists$: 2.2, $\specific{b}$ depends on $\arbitrary{a}$ |
| 2.4. | $\arbitrary{a}^2 = 4\specific{b}^2 = 2(2\specific{b}^2)$ | Algebra |
| 2.5. | $\exists y. \arbitrary{a}^2 = 2y$ | Intro $\exists$: 2.4 |
| 2.6. | $\text{Even}(\arbitrary{a}^2)$ | Definition of Even: 2.5 |
| 3. | $\text{Even}(\arbitrary{a}) \rightarrow \text{Even}(\arbitrary{a}^2)$ | Direct Proof Rule |
| 4. | $\forall x. \text{Even}(x) \rightarrow \text{Even}(x^2)$ | Intro $\forall$: 1, 3 |
- Domain of discourse
- Integers
- Predicate definitions
- $\text{Even}(x) ::= \exists y. x = 2\cdot y$
An odd square example in English
Prove that the square of every odd number is odd.
- Proof
- Let $b$ be an arbitrary odd number.
- Then, $b = 2c + 1$ for some integer $c$ (depending on $b$).
- Therefore, $b^2 = (2c + 1)^2 = 4c^2 + 4c + 1 = 2(2c^2+2c) + 1$.
- Since $2c^2+2c$ is an integer, $b^2$ is odd.
- The statement follows since $b$ was arbitrary. $\qed$
- Domain of discourse
- Integers
- Predicate definitions
- $\text{Odd}(x) ::= \exists y. x = 2\cdot y + 1$
A rational example in English
A real number $x$ is rational iff there exist integers $p$ and $q$ with $q\neq0$ such that $x=p/q$.
Prove: “If $x$ and $y$ are arbitrary rational numbers then $xy$ is rational.”
- Proof
- By the definition of rational, $x = a/b$ for some integers $a$, $b$, where $b\neq0$, and $y = c/d$ for some integers $c$, $d$, where $d\neq0$.
- Multiplying, we get that $xy = (ac)/(bd)$.
- Since $b$ and $d$ are both non-zero, so is $bd$; furthermore, $ac$ and $bd$ are integers.
- It follows that $xy$ is rational, by definition of rational.
- Domain of discourse
- Reals
- Predicate definitions
- $\text{Rational}(x) \equiv \exists p. \exists q. x=\frac{p}{q} \wedge \text{Integer}(p) \wedge \text{Integer}(q) \wedge q\neq0$
Benefits of English proofs
This is more work to write
%a = add %i, 1
%b = mod %a, %n
%c = add %arr, %b
%d = load %c
%e = add %arr, %i
store %e, %d
than this
arr[i] = arr[(i+1) % n];
Higher level language is easier because it skips details.
Formal proofs are the low level language: each part must be spelled out in precise detail.
English proofs are the high level language.
An English proof is correct if the reader is convinced they can “compile” it to a formal proof if necessary.
Proof strategies
Proof by contrapositive, counterexamples, and proof by contradiction.
Proof by contrapositive
If we assume $\neg q$ and derive $\neg p$, then we have proven that $\neg q \rightarrow \neg p$, which is equivalent to proving $p \rightarrow q$.
| 1.1. | $\neg q$ | Assumption |
| $\ldots$ | ||
| 1.3. | $\neg p$ |
| 2. | $\neg q \rightarrow \neg p$ | Direct Proof Rule |
| 3. | $p \rightarrow q$ | Contrapositive: 2 |
Counterexamples
- To disprove $\forall x. P(x)$, prove $\exists x. \neg P(x)$.
- Works by DeMorgan’s Law: $\neg \forall x. P(x)\equiv \exists x.\neg P(x)$.
- All we need to do is find an $x$ for which $P(x)$ is false.
- This $x$ is called a counterexample.
- Example: disprove that “Every prime number is odd”.
- 2 is a prime number that is not odd.
Proof by contradiction
If we assume $p$ and derive $\mathsf{F}$ (a contradiction), then we have proven $\neg p$.
| 1.1. | $p$ | Assumption |
| $\ldots$ | ||
| 1.3. | $\mathsf{F}$ |
| 2. | $p \rightarrow \mathsf{F}$ | Direct Proof Rule |
| 3. | $\neg p \vee \mathsf{F}$ | Law of Implication: 2 |
| 4. | $\neg p$ | Identity: 3 |
An example proof by contradiction
- Prove that “No integer is both even and odd.”
- English proof: $\neg\exists x. \text{Even}(x)\wedge\text{Odd}(x) \equiv \forall x. \neg (\text{Even}(x)\wedge\text{Odd}(x))$.
- Proof by contradiction
- Let $x$ be an arbitrary integer and suppose that it is both even and odd.
- Then $x=2a$ for some integer $a$ and $x=2b+1$ for some integer $b$.
- Therefore $2a=2b+1$ and hence $a=b+\frac{1}{2}$.
- But two integers cannot differ by $\frac{1}{2}$ so this is a contradiction.
- Therefore no integer is both even and odd. $\qed$
Fun strategy: proof by computer
Use an automated theorem prover:
; No integer is both even and odd.
(define-fun even ((x Int)) Bool
(exists ((y Int)) (= x (* 2 y))))
(define-fun odd ((x Int)) Bool
(exists ((y Int)) (= x (+ (* 2 y) 1))))
(define-fun claim () Bool
(not (exists ((x Int)) (and (even x) (odd x)))))
(assert (not claim)) ; proof by contradiction
(check-sat)
While this example works, proofs of arbitrary formulas in predicate logic cannot be automated. But interactive theorem provers can still help by checking your formal proof and filling in some low-level details for you.
Fun fact: counterexamples & contradiction in verification
- Automated verifiers work by counterexample and contradiction proofs.
- Recall that program verification involves proving that a program $P$ satisfies a specification $S$ on all inputs $x$: $\forall x. p(x) \rightarrow s(x)$, where $p$ and $s$ are formulas encoding the semantics of $P$ and $S$.
- The program verifier sends the formula $\exists x. p(x) \wedge \neg s(x)$ to the prover.
- $\neg \forall x. p(x) \rightarrow s(x) \equiv \exists x. \neg (p(x) \rightarrow s(x)) \equiv \exists x. \neg (\neg p(x) \vee s(x))\equiv \exists x. p(x) \wedge \neg s(x)$.
- If the prover finds a counterexample, we know the program is incorrect.
- The counterexample is a concrete input (test case) on which the program violates the spec.
- If no counterexample exists, we know the program is correct.
- Because this is proof by contradiction! The prover assumed $\exists x. p(x) \wedge \neg s(x)$ and arrived at false (“unsat”).
Summary
- Formal (logic) proofs follow well-defined rules and are easy to check.
- They can be checked mechanically.
- And are used in the construction of critical software.
- English proofs correspond to those rules but are easier for people to read.
- Easily checkable in principle.
- Simple proof strategies already do a lot.
- Later we will cover a specific strategy that applies to loops and recursion (mathematical induction).