CS 641 Lecture -*- Outline -*- * An algebraic presentation of the quantifiers, following Cohen This follows chapter 3 of Cohen's book "Programming in the 1990s", Springer-Verlag, 1990. The ideas are originally due to Dijkstra, van Gastern, and Backhouse. Cohen abstracts to generalized expressions, and then specializes to universal and existential quantification. This is similar to Back and von Wright's use of the theory of complete lattices. But we skip all of that. ------------------------------------------ ASCII NOTATION ``(\forall i :: U.i)'' means (\forall i * U.i ) ``(\exists v :: U.i)'' means (\exists v * U.i) Note: always use parentheses around quantified expressions. CONVENTIONS We write U.i, to show that U depends on i (i.e., that U.i has free occurrences of i) Thus (U.i)[i := t] == U.t. We assume that Z has no free occurrences of i. ------------------------------------------ Note: all the theorems are here from Cohen's book, but it's not useful to just list them. Refer the students to the book or this file, and just work a few of their proofs. ** Universal quantification (3.2) This is generalized conjunction... Cohen, like Dijkstra, uses the notation (\forall if : R.i : U.i) for Back and von Wright's (\forall i | R.i * U.i). I think Cohen's notation works better in ASCII, so I'll use that below. ------------------------------------------ BOUNDED UNIVERSAL QUANTIFICATION Definition: bounded universal quantifier ^ (\forall i : R.i : U.i) = (\forall i :: R.i ==> U.i) Omitted range convention (\forall i :: U.i) <==> { T ==> rule } (\forall i :: "T ==> U.i") <==> { definition of bounded quantifier } (\forall i : T : U.i) ------------------------------------------ You can get a feel for this definition by proving the following simple lemmas. Lemma (trading). |- (\forall i : R.i : U.i) <==> (\forall i :: !(R.i) \/ U.i) Lemma (trading). |- (\forall i : R.i /\ S.i : U.i) <==> (\forall i : R.i : S.i ==> U.i) By the notation for quantifiers, alpha conversion also works for bounded quantifiers. Lemma (alpha conversion). If j is free for i in R.i and U.i, then |- (\forall i : R.i : U.i) <==> (\forall j : R.j : U.j) Proof. Assume j is free for i in R.i and U.i. We calculate as follows. |- (\forall i : R.i : U.i) <==> { definition of bounded quantifier } (\forall i :: R.i ==> U.i) <==> { definition of quantifier notation } \forall.(\ i . R.i ==> U.i) <==> { alpha conversion, j is free for i in R.i and U.i } \forall.(\ j . R.j ==> U.j) <==> { definition of quantifier notation } (\forall j :: R.j ==> U.j) <==> { definition of bounded quantifier } (\forall j : R.j : U.j) QED A corollary is the following. Corollary (dummy transformation rule). If j does not appear in R.i or U.i, and if f is invertible (i.e., not(i = j) <==> not(f.i = f.j)), then |- (\forall i : R.i : U.i) == (\forall j : R.(f.j) : U.(f.j)) Cohen calls the Back and von Wright's distribute /\ rule the "term rule" (for the universal quantifier, there is another for existentials). In hints, he refers to left to right use of the term rule as "splitting the term" and right to left use as "joining the term". Q: Dijkstra calls this rule "\forall distributes over /\"). Why is this correct? Lemma (term rule) |- (\forall i : R.i : P.i /\ Q.i) <==> (\forall i : R.i : P.i) /\ (\forall i : R.i : Q.i) Proof. Let z be a fresh variable. |- (\forall i : R.i : P.i) /\ (\forall i : R.i : Q.i) <==> { ==> antisymmetric } * (\forall i : R.i : P.i) /\ (\forall i : R.i : Q.i) ==> { \forall introduction, z is fresh } * (\forall i : R.i : P.i) /\ (\forall i : R.i : Q.i) <==> { definition of bounded quantifier, twice } "(\forall i :: R.i ==> P.i)" /\ "(\forall i :: R.i ==> Q.i)" ==> { \forall elimination, twice, z is fresh } ("R.z ==> P.z") /\ ("R.z ==> Q.z") <==> { lemma: ==> distributes over /\ (below) } R.z ==> (P.z /\ Q.z) . (\forall z :: R.z ==> (P.z /\ Q.z)) <==> { alpha conversion, i is free for z in the term } (\forall i :: R.i ==> (P.i /\ Q.i)) <==> { definition of bounded quantifiers } (\forall i : R.i : (P.i /\ Q.i)) * (\forall i : R.i : (P.i /\ Q.i)) <==> { definition of bounded quantifier } (\forall i :: "R.i ==> (P.i /\ Q.i)") <==> { lemma: ==> distributes over /\ (below) } (\forall i :: (R.i ==> P.i) /\ (R.i ==> Q.i)) ==> { /\ introduction } * (\forall i :: (R.i ==> P.i) /\ (R.i ==> Q.i)) ==> { \forall introduction, z is fresh } * (\forall i :: (R.i ==> P.i) /\ (R.i ==> Q.i)) ==> { \forall elimination, z is fresh } (R.z ==> P.z) /\ (R.z ==> Q.z) ==> { /\ elimination } (R.z ==> P.z) . (\forall z :: R.z ==> P.z) <==> { definition of bounded quantifier } (\forall z : R.z : P.z) <==> { alpha conversion, i is free for z in the term } (\forall i : R.i : P.i) * (\forall i :: (R.i ==> P.i) /\ (R.i ==> Q.i)) ==> { \forall introduction, z is fresh } * (\forall i :: (R.i ==> P.i) /\ (R.i ==> Q.i)) ==> { \forall elimination, z is fresh } (R.z ==> P.z) /\ (R.z ==> Q.z) ==> { /\ elimination } (R.z ==> Q.z) . (\forall z :: R.z ==> Q.z) <==> { definition of bounded quantifier } (\forall z : R.z : Q.z) <==> { alpha conversion, i is free for z in the term } (\forall i : R.i : Q.i) . (\forall i : R.i : P.i) /\ (\forall i : R.i : Q.i) . (\forall i : R.i : P.i /\ Q.i) QED Lemma (==> distributes over /\). For all R, P, Q: |- R ==> (P /\ Q) <==> (R ==> P) /\ (R ==> Q) Proof. Let R, P, and Q be given. Then we calculate as follows. |- ("R ==> P") /\ ("R ==> Q") <==> { lemma, X ==> Y <==> !X \/ Y, twice } (!R \/ P) /\ (!R \/ Q) <==> { \/ distributivity } !R \/ (P /\ Q) <==> { lemma, X ==> Y <==> !X \/ Y } R ==> (P /\ Q) QED Another useful rule is what Cohen calls the "range rule". In hints, left to right use of this is called is "splitting the range", and right to left is "joining the range". Lemma (range rule). |- (\forall i : P.i \/ Q.i : U.i) <==> (\forall i : P.i : U.i) /\ (\forall i : Q.i : U.i) Proof. |- "(\forall i : P.i : U.i)" /\ "(\forall i : Q.i : U.i)" <==> { definition of bounded quantifiers, twice } (\forall i :: P.i ==> U.i) /\ (\forall i : Q.i ==> U.i) <==> { joining the term } (\forall i :: "(P.i ==> U.i)" /\ "(Q.i ==> U.i)") <==> { lemma X ==> Y <==> !X \/ Y, twice } (\forall i :: (!(P.i) \/ U.i) /\ (!(Q.i) \/ U.i)) <==> { \/ distributivity } (\forall i :: (!(P.i) /\ !(Q.i)) \/ U.i) <==> { de Morgan } (\forall i :: (!(P.i \/ Q.i)) \/ U.i) <==> { lemma X ==> Y <==> !X \/ Y, twice } (\forall i :: (P.i \/ Q.i) ==> U.i) <==> { definition of bounded quantifiers } (\forall i : (P.i \/ Q.i) : U.i) QED Back and von Wright use the following rule for vacuous quantifiers, which follows directly from the side conditions and the introduction and elimination rules. Lemma (\forall vacuous). If v is not free in t, then |- (\forall v :: t) <==> t Proof. (This is Back and von Wright's exercise 6.8a) The following corresponds to the \forall-vacuous rule for bounded quantifiers. Note the extra side condition, and how it is found in the proof of the second case below. (The formal definition of this side condition was determined from the proof, since it's a bit unclear in Cohen's treatment.) Lemma (constant term rule). If (\forall i :: !(R.i)) <==> F and if i is not free in Z, then |- (\forall i : R.i : Z) <==> Z Proof. Suppose (\forall i :: R.i <=!=> F) and if i is not free in Z. Let z be a fresh variable. |- (\forall i : R.i : Z) <==> { definition of bounded quantifier } (\forall i :: R.i ==> Z) <==> { case analysis } * [ Z ] (\forall i :: R.i ==> "Z") <==> { by assumption, Z <==> T } (\forall i :: R.i ==> T) <==> { T greatest } (\forall i :: T) <==> { \forall vacuous } T <==> { by assumption, T <==> Z } Z * [ !Z ] (\forall i :: R.i ==> "Z") <==> { by assumption, Z <==> F } (\forall i :: "R.i ==> F") <==> { ==> F rule } (\forall i :: !(R.i)) <==> { by assumption (\forall i :: !(R.i)) <==> F } F <==> { by assumption F <==> Z } Z . Z QED A corollary is the following. Lemma (conjunction distributes over universal quantifier with non-empty range): If (\forall i :: !(R.i)) <==> F and if i is not free in Z, then |- (\forall i : R.i : Z /\ U.i) <==> Z /\ (\forall i : R.i : U.i) Proof. Assume (\forall i :: !(R.i)) <==> F and i is not free in Z. |- (\forall i : R.i : Z /\ U.i) <==> { splitting the term } "(\forall i : R.i : Z)" /\ (\forall i : R.i : U.i) <==> { constant term rule, assumption } Z /\ (\forall i : R.i : U.i) QED However, disjunction distributes over bounded universal quantifiers with no side condition. Lemma (disjunction distributes over universal quantifier) If i is not free in Z, then |- (\forall i : R.i : Z \/ U.i) <==> Z \/ (\forall i : R.i : U.i) Proof. Suppose i is not free in Z. The we calculate as follows. |- (\forall i : R.i : Z \/ U.i) <==> { case analysis * [ Z ] (\forall i : R.i : "Z" \/ U.i) <==> { by assumption, Z <==> T } (\forall i : R.i : "T \/ U.i") <==> { T \/ rule } (\forall i : R.i : T) <==> { definition of bounded quantifier } (\forall i :: "R.i ==> T") <==> { T greatest } (\forall i :: T) <==> { \forall vacuous } T <==> { T \/ rule } "T" \/ (\forall i : R.i : U.i) <==> { by assumption, T <==> Z } . Z \/ (\forall i : R.i : U.i) * [ !Z] (\forall i : R.i : "Z" \/ U.i) <==> { by assumption, Z <==> F } (\forall i : R.i : "F \/ U.i") <==> { F \/ rule } (\forall i : R.i : U.i) <==> { F \/ rule } "F" \/ (\forall i : R.i : U.i) <==> { by assumption, F <==> Z } . Z \/ (\forall i : R.i : U.i) . Z \/ (\forall i : R.i : U.i) QED Lemma (empty range rule): |- (\forall i : F : U.i) <==> T Proof. |- (\forall i : F : U.i) <==> { definition of bounded quantifier } (\forall i :: F ==> U.i) <==> { F ==> rule } (\forall i :: T) <==> { \forall vacuous } T QED Here are some other lemmas you may enjoy proving. Lemma (nesting rule): If j does not occur free in P.i, then |- (\forall i : P.i : (\forall j : Q.i.j : U.i.j)) <==> (\forall i :: (\forall j : P.i /\ Q.i.j : U.i.j)) Note: used from left to right this is called "nesting", and from right to left this is called "unnesting". Lemma (\forall one-point). If i is not free in Z, then |- (\forall i : i == Z : U.i) == U.Z Proof (this is Back and von Wright's exercise 6.9). Lemma (implication distributes over universal quantification). If i is not free in Z, then |- (\forall i : R.i : Z ==> U.i) <==> Z ==> (\forall i : R.i : U.i) Proof. (see p. 53 in Cohen's book) Back and von Wright also have the following rule: Lemma (distribute \forall over ==>). If i is not free in Z, then |- (\forall i :: U.i ==> Z) <==> (\exists i :: U.i) ==> Z Can you generalize the above to a rule with ranges included? ** existential quantification (3.3) This is generalized disjunction. Cohen takes the following as a postulate for defining existential quantifiers. Lemma (generalized de Morgan). |- (\exists i : R.i : U.i) <==> !(\forall i : R.i : !(U.i)) We also have the dual. Lemma (generalized de Morgan). |- (\forall i : R.i : U.i) <==> !(\exists i : R.i : !(U.i)) From these the meaning of the bounded quantifier notation for existentials emerges. Lemma (trading). |- (\exists i : R.i : U.i) <==> (\exists i :: R.i /\ U.i) We have duals of all of the lemmas above as well. Lemma (term rule). |- (\exists i : R.i : P.i \/ Q.i) <==> (\exists i : R.i : P.i) \/ (\exists i : R.i : Q.i) Lemma (range rule). |- (\exists i : P.i \/ Q.i : U.i) <==> (\exists i : P.i : U.i) \/ (\exists i : Q.i : U.i) Lemma (disjunction distributes over existentials with non-empty range). If (\exists i :: R.i), and if i is not free in Z, then |- (\exists i : R.i : Z \/ U.i) <==> Z \/ (\exists i : R.i : U.i) Lemma (conjunction distributes over existentials). If i is not free in Z, then |- (\exists i : R.i : Z /\ U.i) <==> Z /\ (\exists i : R.i : U.i) Lemma (empty range rule). |- (\exists i : F : U.i) <==> F Lemma (constant term rule). If (\exists i :: R.i), and if i is not free in Z, then |- (\exists i: R.i : Z) <==> Z Lemma (dummy transformation rule). If f is invertible (i.e., i != j <==> f.i != f.j), then |- (\exists i : R.i : U.i) <==> (\exists j : R.(f.j) : U.(f.j)) Lemma (nesting rule). |- (\exists i : P.i : (\exists j : Q.i.j : U.i.j)) <==> (\exists i,j : P.i /\ Q.i.j : U.i.j) Lemma (one-point rule). If i is not free in Z, then |- (\exists i : i == Z : U.i) <==> U.Z (See p. 122 for half of the proof.) Back and von Wright also have: Lemma (\exists vacuous). If i is not free in Z, then |- (\exists i :: Z) <==> Z (Proof is exercise 6.8b) Lemma (distribute \exists over ==>). If i is not free in Z, then |- (\exists i :: U.i ==> Z) <==> (\forall i :: U.i) ==> Z Lemma (distribute \exists over ==>). If i is not free in Z, then |- (\exists i :: Z ==> U.i) <==> Z ==> (\exists i :: U.i) Q: Can you generalize the rules for distribution over ==> to include the ranges? Q: Can you generalize the rules for introduction and elimination to include the ranges?