Saturday, December 11, 2010

Generalising Gödel's Theorem with Multiple Worlds. Part I.

Introduction
In his first incompleteness theorem, Gödel showed us that we can construct a sentence that denies its own provability. In his second incompleteness theorem he showed that an example of such a sentence is the one that asserts the inconsistency of arithmetic. If arithmetic is consistent then it can't prove its own consistency. On the other hand, if arithmetic is inconsistent then we can prove anything, and hence we can prove its consistency.

Can we generalise what Gödel did? For example, can we construct sentences that we can prove assert their own provability? What about sentences that deny that their provability is provable? Or what about sentences that assert that if they're provable then it's not provable that it's inconsistent that they imply that they're inconsistent with the rest of arithmetic?

Not only can we do these things, we can also write a computer program that generates such theorems for us. We can do so by working with the idea that a consistent set of axioms describes a world, and that a set of axioms able to talk about sets of axioms describes a world within a world, and a set of axioms that...well you can guess how it goes. A bit like Inception really.

Gödel's Theorem
Briefly, Gödel's first incompleteness theorem goes like this: we work with PA, the logical system built from Peano's Axioms. Within PA we can state and prove theorems about arithmetic like the fact that 1+2=3 or that for any prime there is always another greater prime. But even though PA is about numbers, we can talk about other things if we can encode them as numbers. In particular, Gödel came up with a scheme to encode propositions of PA as numbers. We use [P] to represent the number for the proposition P in Gödel's scheme. A proof is essentially just a list of propositions where each one is connected to some earlier ones by simple mechanical rules. These rules can be turned into arithmetical statements about the Gödel numbers for the propositions. So in the language of PA it is possible to assert that a particular number is the Gödel number of a provable proposition. Let Prov(n) denote the proposition of PA that says that n is the Gödel number of a provable proposition. Prov(n) is a proposition of PA and so is ¬Prov(n). Imagine we could find a proposition G with the property that G↔¬Prov([G]). It would assert its own unprovability. But it also appears to involve stuffing a representation of the Gödel number of G within G as well as all the rules for determining provability. Amazingly Gödel figured out how to do this (using tricks not unlike those used for quining). If G were false, G would be provable. So if we trust PA as a means of reasoning about proofs in PA, then G is true, though it can't be proved using the axioms of PA.

Provability Logic
We're going to be interested specifically in provability, so we don't need all of the power of PA. So we're going to work with a simplified domain specific logic called GL (for Gödel-Löb), otherwise known as Provability Logic. The idea is that sentences of GL will be shorthand for classes of statement in PA. GL will contain propositional calculus. So here's an example statement in GL: p∧q. The unknowns p and q represent propositions of PA and statements of GL are considered valid if they're provable whatever statements of PA they represent. For example, we could assign p="there are at least 10 primes" and q="7>2", in which case p∧q holds. But we could assign p="there are just 10 primes" in which case it's false. So p∧q isn't a valid proposition of GL as it doesn't hold for all p and q. On the other hand p→p∨q is valid because no matter what crazy propositions we assign to p and q, p→p∨q is true. (Of course, when I say "there are at least 10 primes", I mean a long and complicated sentence of PA that amounts to the same thing.)

But there's more to GL than propositional calculus. It also has the one-argument predicate ◻ which asserts that its argument is provable. More precisely, ◻p says that whatever proposition of PA p represents, let's say it's P, we have Prov([P]). It's just shorthand. Here's another example: ◻(q→◻p) says that whatever P we assign to p, and whatever Q we assign to q, Prov([Q →Prov([P])]). Or in English it says "for any propositions P and Q, it is provable that Q implies that P is provable".

We'll use ⊤ and ⊥ from propositional calculus as the always true and always false propositions in the usual way. ◻⊥ is the assertion that we can prove ⊥. In other words it's the assertion that PA is inconsistent. So now we can state Gödel's second incompleteness theorem: ¬◻⊥→¬◻¬◻⊥. If PA is consistent, we can't prove it.

We can also introduce the symbol ◊. This is just shorthand for ¬◻¬. ◊p says that it's not provable that p is false. In other words, it says that p is consistent with the rest of PA. So ◻ is provability and ◊ is consistency.

A set of assignments of propositions of PA to a bunch of letters in GL can be thought of as a world. For example, we can imagine a world in which p="2>1" and q="2<1". In this world, we have p and ¬q. The GL proposition ◻p says that we have a proof of p so it must be true in all worlds. Conversely, ◊p says that it's not true there is no world where p holds. In other words, it asserts the existence of a world where p holds. So worlds can talk about other worlds. If we have ◊◊p in some world, then it's asserting that there's another world in which ◊p holds. In other words, ◊◊p asserts there is a world in which it is asserted that there is another world where p holds. We can draw pictures to represent this. If a world has propositions that talk about another world then we draw the talked about world as a kind of subworld. Here's how we can picture ◊◊p:



Worlds are assignments of propositions of PA to letters of GL. But most of the time we won't particularly care about specific propositions themselves like "2>1". We'll be more interested in what truth assignments we can make to the propositions represented by the letters. So we can think of a world as a place where the letters of GL have been assigned truth values, true or false. And we can think of each world as containing subworlds consisting of propositions that can be proved or disproved by their parent worlds.

I'm going to spend most of my time looking at how we can explore and unfold all of the implications contained in a world.

The Rules of the Game
We can give some rules. If a world contains p∧q like this:


then it must contain both p and q as well:


I crossed out the p∧q as it became redundant. It's important to note that when I wrote p∧q we could have any propositions of GL standing in for p and q. So a world containing (p∨q)∧r must also contain p∨q and r. Other rules may apply too. If we had p∧q and r∧s we can unfold both to get p, q, r and s. This rule also kicks in if it applies to negated propositions that become conjunctions if we "push down" the negation using de Morgan's laws. For example if a world contains ¬(p→q) then it also contains p and ¬q.

If a world contains p∨q then we don't know exactly what it looks like.


There are two possibilities. We can draw both together like this:


The line in the middle means that the world either looks like what's on the left or it looks like what's on the right. Once we've indicated there are two alternatives then the original proposition became redundant again. When we have a vertical line like this then everything above the vertical line applies in both the left and right possibilities. This saves us having to split our world into two and copy all of our formulae to both sides. Like in the case of conjunctions this rule also kicks in for other kinds of disjunctions. So a world containing p→q splits into two separate worlds headed by ¬p and q.

If a world contains ⊥, or a contradiction, in means that it wasn't really a valid world after all. If we meet a world like this, we know that our starting point must have been been self-contradictory. If a world implies the existence of a subworld that isn't valid, then it must itself be invalid:



On the other hand, if we've split a world into two possibilities because we found p∨q then even if one branch is invalid the world might still be valid if the other branch is valid.

If we have a world containing ◻p:


then we know that p must be in every subworld. Actually, we know it must also hold in any subsubworld too, all the way down. This is because if we can prove something we can then use that proof directly to form a constructive proof that we can prove it. So that means ◻p holds in every subworld too:


We treat negation as above. So if we see ¬◻p we treat it like ◊¬p.

As we have also said, if we have a world with a ◊p in it then it must contain a subworld with p in it. Note that ◊ implies the existence of subworlds, but ◻ doesn't. It just tells us what must be in them if they exist.

But there's one last rule we'll need. It's Lob's theorem. This is the big theorem on which everything else I say depends. It states that ◻(◻p →p) →◻p. If we can prove that proving something implies its truth then we can prove it. I could sketch a proof here, but I highly recommend the cartoon proof here. In a way, Löb's theorem is a bit sad. The raison d'etre of mathematics is that we can use proofs to be sure of things. In other words, we take for granted that ◻p→p. But if we could prove this then we could prove ◻p, even if p were false! ◻p→p is not valid!

(Philosophical digression: Mathematicians assume ◻p→p. They don't assume ◻p→p because there's a proof. They assume it because experience has shown it to work. So I claim that ◻p→p is an empirical fact that we learn by scientific induction. That's controversial because I'm basically saying that much of mathematics is empirical - at least it is if you talk about truth rather than proof. If you disagree, don't worry about it. The rest of what I say here is independent of this digression.)

Anyway, we can flip Löb's theorem around to get ◊p →◊(p ∧¬◊p). So if we have a world in which ◊p holds:


then we have a subworld in which both p and ¬◊p hold:



And that's all we'll need apart from the obvious rule that we can remove double negation. Suppose we have a proposition of GL. We can use the rules above to extract as many implications as we can. Eventually there will come a point where there is nothing more we can do. If we can do this without hitting a contradiction then we've found a bunch of possible worlds for the proposition. If we can't find a valid world, however, the the original proposition must have been false. You might ask whether or not there any other rules we need in addition to the ones above. Maybe there are other theorems like Löb's theorem that we need to use. Amazingly it can be shown that no other rules are needed. This is a sure-fire terminating algorithm for determining whether or not a proposition of GL is valid! This is a powerful tool. We can now start constructing wild propositions like those I started with and find out whether they are valid. (Note that I've not in any way proved this procedure always works. You'll need to look at Boolos's book to see why.)

Some Proofs
Let's work through some examples. First I'll prove something from propositional calculus: (p∧q)∨(p∧r)→p. We start by drawing a world with the negation:


Now ¬(a→b) is the same as a∧¬b. So we get:


Now the only way to proceed is to consider the disjunction and consider two alternatives:


On both sides of the vertical line we find p. But that contradicts the ¬p we discovered earlier. So there is no way the negation of our original proposition can hold in any world. And therefore the original proposition must be valid.

How about showing Gödel's second incompleteness theorem this way. ◊⊤ says that ⊤ is consistent with the rest of arithmetic. Ie. it expresses the consistency of arithmetic. The theorem is then ◊⊤→¬◻◊⊤, ie. if PA is consistent, then PA can't prove it is consistent. We'll start with this:


We can deal with the negated implication like before. We can also deal straightforwardly with the double negation:


There's now no way to proceed except to use the ◊⊤ to open up a new world. Remember that when we use this we must use Löb's theorem as well as inheriting p and ◻p from the parent world's ◻p:


And we get a contradiction because we have both ◊⊤ and ¬◊⊤. So Gödel's second incompleteness theorem is indeed valid. Note that this isn't a demonstration from scratch. We've shown its validity from Löb's theorem. So this isn't really a useful way to show it's valid. But it *is* a useful way to show the validity of generalisations of Gödel's theorem. Unfortunately, I have to stop for now.

In the coming posts I'll implement all of the above as a computer program. If there's any ambiguity in what I've said I hope the source code to the program will resolve those ambiguities. What's more, our program won't just test the validity of a proposition but it will draw out a nice picture of our world with its subworlds. So you'll be able to trace through every step to make sure you understand!

But that's not all. We'll also see how to write a program to illustrate a bunch more theorems like Craig's Interpolation Lemma and Beth's Definability Theorem and then we'll finish with a program that is designed to construct self-referential propositions. In particular, given any self-referential description like "p is a proposition that is equivalent to the proposition that denies that it's provable that p's provability is consistent with p itself" it will solve to find p, even though GL doesn't allow us to directly construct self-referential propositions.

So let me recap: a world is an assignment of consistent truth values to the letters (and consequently propositions) of GL. Some of these propositions imply the existence of other subworlds with different truth values for these propositions. We draw these worlds as subworlds of the original world. For a world to be valid it mustn't contain any contradictions (unless the world contains a bunch of alternatives in which case just one alternative needs to be valid.) A proposition of GL is valid if unfolding its negation doesn't result in an invalid world.

Exercises
Which are the following are valid? If you report back any difficulties you have I can incorporate any needed revisions into the description above.
1. p→◻p
2. ◻p→◻◻p
3. ◊p→◊◻◻p
4. ◊(p→◻q) →◊(◻(◊(p∧q)))
5. ◻(p∧q∧r∧s) →◻p∧◻q∧◻r∧◻s

References
Most of this stuff is based on Chapter 10 of The Logic of Provability by Boolos. The idea of using multiple worlds to prove theorems is due to Kripke. I believe the procedure of unfolding the implications of a proposition in the tree-like way I describe above is due to Smullyan.

Update
Solutions to problems:
1. Not valid. Diagram:
2. Valid
3. Valid.
4. Valid.
5. Valid. Diagram:

18 comments:

Xamuel said...

The unicode symbol you've used for "box" appears as a weird glitch throughout for me. Might I suggest replacing "box" throughout by K (which has the great bonus of standing for "know")?

To me, a fatal flaw with this multiple worlds system is that if K(p)->p is valid, then so is K(K(p)->p). In words, "every infallible knower knows his infallibility". I've actually got not one but two preprints right now exploring epistemology when it's possible for an infallible knower NOT to know his infallibility... of course this requires a totally different approach than the multiple worlds one. You can see the obvious connection to Godel's Incompleteness Theorem, though.

Of course that's peanuts considering Lob's Theorem... which is why K works so much better as a new modal operator rather than a predicate symbol :P

sigfpe said...

I had a hunch that box might be an issue. It's frustrating because in some browsers every other logical symbol is incorrectly displayed as a box! I'll see what I can do...

lukepalmer said...

This sounds like a fascinating series! Right up my alley.

My head is spinning around the second phrasing of Lob's theorem: ◊p →◊(p ∧¬◊p). If p is consistent then it's consistent that (p is true and there is a proof of ¬p)? That seems to violate the soundness theorem. I would like a bit more exploration of the meaning of this sentence.

sigfpe said...

Luke,

It's no worse than Godel's second incompleteness theorem. If, in PA, we can prove ◊⊤ then we conclude that ◊⊤ is false!

Brian Slesinsky said...

This is great stuff but I'm having a bit of trouble interpreting this world:

p
¬◊p

This expands to:
p
¬¬◻¬p

Which simplifies to:
p
◻¬p

Which seems to meant the p is both true and we can prove that it's false? Is this part of a proof by contradiction?

sigfpe said...

Brian,

It would be a contradiction if we had ◻¬p→¬p, but as I mentioned, this can't be proved.

sigfpe said...

Brian,

Let me expand on that. The worlds I've been talking about are the worlds of what is *provable* rather than worlds of what is *true*.

So it may seem weird that it's possible to have a world in which we have p and ◻¬p. But what this means is that we can't *prove* that there is a contradiction between them even though it seems obviously *true* that they can't both hold.

Doesn't help that at one point I said *true* instead of *provable* in the article. I've fixed that now.

mjdominus said...

Wikipedia doesn't give a cite, but it attributes the method of analytic tableaux to Beth, who predates Smullyan.

sigfpe said...

@mjd And I read elsewhere that Smullyan made explicit something implicit in Beth. I've no idea as I've not seen Beth's work.

BTW These tableau are not analytic because of the Lob rule.

greenlyblue said...

Great post. Looking forward to the implementation.

Anonymous said...

I think ex1 is invalid since it would break Godel's theorem with p=◊⊤. Then I prooved that ex2,ex3 and ex4 are valid with your "subworlds" method but I'm suspicious because I can also proove this way that
◊p →◊(◻(◊q))
for any p and q (I found ¬◻(◊q) and ◻(◊q) in the same subworld thus the contradiction).
What to think about that ?

sigfpe said...

@anonymous,

The first thing to note is that ◊p says that p is consistent with arithmetic which implicitly implies arithmetic is consistent. So ◊p implies the consistency of arithmetic. So it's a pretty strong claim.

Tom Crockett said...

Great post! I don't understand how you infer "◊p →◊(p ∧¬◊p)" from "◻(◻p →p) →◻p". The closest I seem to be able to get is "¬◻p → ◊(◻p ∧ ¬p)". Are there some rules I'm missing?

sigfpe said...

◻(◻p →p) →◻p

Flip the direction of the arrow:

¬◻p→¬◻(◻p →p)

Definition of ◊:
◊¬p→◊¬(◻p →p)

◊¬p→◊(◻p∧ ¬p)

◊p→◊(◻¬p∧ p)

Löb's theorem holds for any p. So it also holds for ¬p. Giving:

◊p→◊(¬◊p∧ p)

Robustness said...

You might be interested in

Common sense for concurrency and inconsistency robustness using Direct Logic(TM) and the Actor Model
on how to do this in a more powerful way without modal operators.

byorgey said...

It took me a long time to understand the solution to exercise 1. Finally it dawned on me that it is NOT a contradiction to have p in one world and not(p) in one of its subworlds! It makes sense in retrospect but wasn't obvious to me at first.

sigfpe said...

byorgey,

A good example of this is the fact that if arithmetic is consistent then we can't prove the consistency of arithmetic. In other words, if a world contains ◊⊤ then the subworlds must contain the negation. I gave the rules for what propositions are inherited from a parent world but maybe I should also have pointed out that nothing else is inherited, so the child can contradict the parent.

Anonymous said...

Godel's theorems are based on a correspondence between the meta mathematical act of proving in a theory (the actual manipulation of symbols ) and the behavior of some objects within the theory itself . Only without a clear distinction between those two can P(P(x)-> x) ->P(x) seem weird .

Blog Archive