A primer on provability logic

Benya_Fallenstein

A primer on provability logic

4 min read15th Nov 20143 comments

4

Personal Blog

MIRI's paper on robust cooperation in the one-shot prisoner's dilemma (by Patrick LaVictoire and others) models agents which know their opponents' source code through Gödel-Löb provability logic, a modal logic for reasoning about provability in Peano Arithmetic. This framework of "modal agents" has turned out to be a really useful way of reasoning about these agents. Vladimir Slepnev recently proposed reformulating UDT with a halting oracle in terms of provability logic as well, and I agree that this is the right tool for the job. This post is a primer on provability logic and the results about it that we've been using in our work.

The language

Gödel-Löb provability logic ("GL") is propositional logic plus a modal operator, $□$ , which we interpret as "provable". Formulas may contain variables which denote propositions; for example $p \to □ (q \to q)$ is a formula saying that if the proposition $p$ is true, then it's provable that the proposition $q$ implies itself. We usually write $⊤$ for the proposition "true" and $⊥$ for the proposition "false".

Some conventions that we've been using: Use small letters (e.g. $p$ , $q$ ) to refer to propostional variables; use capital letters (e.g. $A$ , $B$ ) to refer to particular formulas; use $φ$ , $ψ$ as metavariables ranging over formulas. (The line between "concrete formula" and "metavariable standing in for a formula" isn't hard-and-fast.) When a formula contains propositional variables, list them in parantheses when talking about the formula: e.g., $φ (p_{1}, \dots, p_{n})$ .

The meaning of a closed formula (i.e., a formula without propositional variables) is given by a recursive translation to a sentence of Peano arithmetic: If the modal formula $φ$ is translated to the arithmetic formula $~ φ$ , then $□ φ$ is translated to the arithmetic formula stating "the formula $┌ ~ φ ┐$ is provable in PA". (Propositional connectives are translated in the obvious way, e.g. $\neg φ$ is translated to $\neg ~ φ$ .)

In practice, instead of making this translation explicit, we just abbreviate " $┌ φ ┐$ is provable in PA" as $□ φ$ in formulas of arithmetic, and leave it to the context to disambiguate whether we're talking about a modal or an arithmetic formula. Because of this, we may sometimes write $□ ┌ φ ┐$ instead of $□ φ$ to emphasize the Gödel quotations in the arithmetic version of the formula.

Soundness and completeness

The axioms and inference rules of GL can be stated in the usual style of a modal logic, but in practice, two basic results about GL provide a much more convenient way to reason about it:

The soundness theorem states that if a formula $φ (p_{1}, \dots, p_{n})$ is provable in GL, then for any closed formulas $ψ_{1}, \dots, ψ_{n}$ in the language of arithmetic, $φ (ψ_{1}, \dots, ψ_{n})$ is provable in PA.
The completeness theorem is the exact converse: It states that if $φ (p_{1}, \dots, p_{n})$ is a formula of provability logic, and if for any closed formulas $ψ_{1}, \dots, ψ_{n}$ in the language of arithmetic, $φ (ψ_{1}, \dots, ψ_{n})$ is provable in PA, then $φ (p_{1}, \dots, p_{n})$ is provable in GL.

In summary: $G L ⊢ φ (p_{1}, \dots, p_{n}) ⟺ \forall ψ_{1}, \dots, ψ_{n} . P A ⊢ φ (ψ_{1}, \dots, ψ_{n}) .$

This means that we can argue that something is provable in GL by arguing that the analogous thing is provable in PA. For example, Löb's theorem states that if $P A ⊢ □ φ \to φ$ , then $P A ⊢ φ$ . This implies that the analogous statement holds in GL: Suppose that $G L ⊢ □ φ (p_{1}, \dots, p_{n}) \to φ (p_{1}, \dots, p_{n})$ . Then by soundness, $P A ⊢ □ φ (ψ_{1}, \dots, ψ_{n}) \to φ (ψ_{1}, \dots, ψ_{n})$ for all $ψ_{1}, \dots, ψ_{n}$ , and hence by Löb, $P A ⊢ φ (ψ_{1}, \dots, ψ_{n})$ . But by completess, this implies $G L ⊢ φ (p_{1}, \dots, p_{n})$ .

Similarly, $G L ⊢ φ (p_{1}, \dots, p_{n})$ implies $G L ⊢ □ φ (p_{1}, \dots, p_{n})$ , again because the analogous statement holds about PA.

As a matter of fact, both of these happen to be an inference rules of GL. But the point is that you don't need to memorize the axioms and inference rules of GL in order to use it; it's sufficient to know about its soundness and completeness.

Substitution of equivalent formulas

Despite the above, there is one important result about GL that is not obvious from soundness and completeness: If GL proves two formulas $φ (p_{1}, \dots, p_{n})$ and $φ^{'} (p_{1}, \dots, p_{n})$ equivalent, then you can substitute $φ^{'}$ for $φ$ in any other formula, even inside boxes; in other words, in this case, GL will prove that $ψ (p_{1}, \dots, p_{n}, φ (p_{1}, \dots, p_{n}))$ is equivalent to $ψ (p_{1}, \dots, p_{n}, φ^{'} (p_{1}, \dots, p_{n}))$ , for every formula $ψ (p_{1}, \dots, p_{n}, q)$ .

Fixed points

The other really important results about GL are the existence and uniqueness of fixed points.

We say that a formula $φ (p, q_{1}, \dots, q_{n})$ is modalized in $p$ if all occurrences of $p$ in $φ (p, q_{1}, \dots, q_{n})$ are inside boxes. We say that $φ (p_{1}, \dots, p_{n})$ is fully modalized if it is modalized in each $p_{i}$ . (We don't need the latter notion in the rest of this post, but it's frequently used in applications.)

Suppose that $F (p, q)$ is modalized in $p$ . Then there is a formula $A (q)$ which is a fixed point of $F (p, q)$ in the sense that $G L ⊢ A (q) \leftrightarrow F (A (q), q) .$ Moreover, there's a computer program that computes $A (q)$ given $F (p, q)$ ; and if $q$ is modalized in $F (p, q)$ , then it is modalized in $A (q)$ as well.

More generally, this holds for multiple parameters $q_{1}, \dots, q_{n}$ and multiple formulas $F_{i} (p_{1}, \dots, p_{m}, q_{1}, \dots, q_{n})$ , $i = 1, \dots, m$ . In that case, we can find formulas $A_{i} (q_{1}, \dots, q_{n})$ such that for every $i$ , GL proves that $A_{i} (q_{1}, \dots, q_{n})$ is equivalent to $F_{i} (A_{1} (q_{1}, \dots, q_{n}), \dots, A_{m} (q_{1}, \dots, q_{n}), q_{1}, \dots, q_{n}) .$

Moreover, it can be shown that these fixed points are unique---not in the sense that there is only one set of formulas $A_{1}, \dots, A_{m}$ satisfying the above condition, of course (if $A_{i}$ works, so does $A_{i} \land ⊤$ : see the rule about substitution of equivalent formulas), but in the sense that if $A_{1}, \dots, A_{m}$ is a solution and $B_{1}, \dots, B_{m}$ is also a solution, then $G L ⊢ A_{i} (q_{1}, \dots, q_{n}) \leftrightarrow B_{i} (q_{1}, \dots, q_{n})$ , $i = 1, \dots, m$ .

This is true not only about solutions that can be written in the language of provability logic, but for any solution in the language of arithmetic: Suppose that $φ_{1}, \dots, φ_{m}$ , $φ_{1}, \dots, φ_{m}$ , and $ψ_{1}, \dots, ψ_{n}$ are all closed formulas of arithmetic, such that for $i = 1, \dots, m$ , PA proves $φ_{i} \leftrightarrow F_{i} (φ_{1}, \dots, φ_{m}, ψ_{1}, \dots, ψ_{n})$ and $φ_{i}^{'} \leftrightarrow F_{i} (φ_{1}^{'}, \dots, φ_{m}^{'}, ψ_{1}, \dots, ψ_{n})$ . Then $P A ⊢ φ_{i} \leftrightarrow φ_{i}^{'}$ , for $i = 1, \dots, m$ .

Decidability

Provability in GL turns out to be decidable, though it's PSPACE-complete, which sounds pretty bad, but perhaps the formulas we're interested in are mostly so short that it doesn't matter---I don't know. In the case of modal agents, Mihaly and Marcello wrote program which computes what two such agents do against each other, and it was efficient enough that we were able to use it to verify the examples in the paper. I don't know whether the techniques would generalize to the application to UDT.

4

A primer on provability logic

15th Nov 2014

1Benya Fallenstein

4Jaime Sevilla Molina

New Comment

3 comments, sorted by

top scoring

Click to highlight new comments since: Today at 6:35 AM

[-]Benya Fallenstein9y00

Thread for proofs of results claimed above (not limited to stuff not found in Lindström); contributions appreciated. Stuff not in Lindström includes the uniqueness of arithmetic fixed points in PA (found in the modal agents paper), and I think the version of the fixed point theorem with more than one $F_{i}$ (the latter should be provable by iterated application of the fixed point theorem for a single $F$ ).

[-]Jaime Sevilla Molina8y20

Generalized fixed point theorem:

Suppose that $A_{i} (p_{1}, . . ., p_{n})$ are $n$ modal sentences such that $A_{i}$ is modalized in $p_{n}$ (possibly containing sentence letters other than $p_{j} s$ ).

Then there exists $H_{1}, . . ., H_{n}$ in which no $p_{j}$ appears such that $G L ⊢ \land_{i \leq n} {⊡ (p_{i} \leftrightarrow A_{i} (p_{1}, . . ., p_{n})} \leftrightarrow \land_{i \leq n} {⊡ (p_{i} \leftrightarrow H_{i})}$ .

We will prove it by induction.

For the base step, we know by the fixed point theorem that there is $H$ such that $G L ⊢ ⊡ (p_{1} \leftrightarrow A_{i} (p_{1}, . . ., p_{n})) \leftrightarrow ⊡ (p_{1} \leftrightarrow H (p_{2}, . . ., p_{n}))$

Now suppose that for $j$ we have $H_{1}, . . ., H_{j}$ such that $G L ⊢ \land_{i \leq j} {⊡ (p_{i} \leftrightarrow A_{i} (p_{1}, . . ., p_{n})} \leftrightarrow \land_{i \leq j} {⊡ (p_{i} \leftrightarrow H_{i} (p_{j + 1}, . . ., p_{n}))}$ .

By the second substitution theorem, $G L ⊢ ⊡ (A \leftrightarrow B) \to [F (A) \leftrightarrow F (B)]$ . Therefore we have that $G L ⊢ ⊡ (p_{i} \leftrightarrow H_{i} (p_{j + 1}, . . ., p_{n}) \to [⊡ (p_{j + 1} \leftrightarrow A_{j + 1} (p_{1}, . . ., p_{n})) \leftrightarrow ⊡ (p_{j + 1} \leftrightarrow A_{j + 1} (p_{1}, . . ., p_{i - 1}, H_{i} (p_{j + 1}, . . ., p_{n}), p_{i + 1}, . . ., p_{n}))]$ .

If we iterate the replacements, we finally end up with $G L ⊢ \land_{i \leq j} {⊡ (p_{i} \leftrightarrow A_{i} (p_{1}, . . ., p_{n})} \to ⊡ (p_{j + 1} \leftrightarrow A_{j + 1} (H_{1}, . . ., H_{j}, p_{j + 1}, . . ., p_{n}))$ .

Again by the fixed point theorem, there is $H_{j + 1}^{'}$ such that $G L ⊢ ⊡ (p_{j + 1} \leftrightarrow A_{j + 1} (H_{1}, . . ., H_{j}, p_{j + 1}, . . ., p_{n})) \leftrightarrow ⊡ [p_{j + 1} \leftrightarrow H_{j + 1}^{'} (p_{j + 2}, . . ., p_{n})]$ .

But as before, by the second substitution theorem, $G L ⊢ ⊡ [p_{j + 1} \leftrightarrow H_{j + 1}^{'} (p_{j + 2}, . . ., p_{n})] \to [⊡ (p_{i} \leftrightarrow H_{i} (p_{j + 1}, . . ., p_{n})) \leftrightarrow ⊡ (p_{i} \leftrightarrow H_{i} (H_{j + 1}^{'}, . . ., p_{n}))$ .

Let $H_{i}^{'}$ stand for $H_{i} (H_{j + 1}^{'}, . . ., p_{n})$ , and by combining the previous lines we find that $G L ⊢ \land_{i \leq j + 1} {⊡ (p_{i} \leftrightarrow A_{i} (p_{1}, . . ., p_{n})} \to \land_{i \leq j + 1} {⊡ (p_{i} \leftrightarrow H_{i}^{'} (p_{j + 2}, . . ., p_{n}))}$ .

By Goldfarb's lemma, we do not need to check the other direction, so $G L ⊢ \land_{i \leq j + 1} {⊡ (p_{i} \leftrightarrow A_{i} (p_{1}, . . ., p_{n})} \leftrightarrow \land_{i \leq j + 1} {⊡ (p_{i} \leftrightarrow H_{i}^{'} (p_{j + 2}, . . ., p_{n}))}$ and the proof is finished $□$

An immediate consequence of the theorem is that for those fixed points $H_{i}$ and every $A_{i}$ , $G L ⊢ H_{i} \leftrightarrow A_{i} (H_{1}, . . ., H_{n})$ .

Indeed, since $G L$ is closed under substitution, we can make the change $p_{i}$ for $H_{i}$ in the theorem to get that $G L ⊢ \land_{i \leq n} {⊡ (H_{i} \leftrightarrow A_{i} (H_{1}, . . ., H_{n})} \leftrightarrow \land_{i \leq n} {⊡ (H_{i} \leftrightarrow H_{i})}$ .

Since the righthand side is trivially a theorem of $G L$ , we get the desired result.

One remark: the proof is wholly constructive. You can iterate the construction of fixed point following the procedure implied by the construction of the $H_{i}^{'}$ to compute fixed points.

[-]Jaime Sevilla Molina8y20

Uniqueness of arithmetic fixed points:

Notation: $⊡ A = □ A \land A$

Let $H$ be a fixed point on $p$ of $ϕ (p)$ ; that is, $G L ⊢ ⊡ (p \leftrightarrow ϕ (p)) \leftrightarrow (p \leftrightarrow H)$ .

Suppose $I$ is such that $G L ⊢ H \leftrightarrow I$ . Then by the first substitution theorem, $G L ⊢ F (I) \leftrightarrow F (H)$ for every formula $F (q)$ . If $F (q) = ⊡ (p \leftrightarrow q)$ , then $G L ⊢ ⊡ (p \leftrightarrow H) \leftrightarrow ⊡ (p \leftrightarrow I)$ , from which it follows that $G L ⊢ ⊡ (p \leftrightarrow ϕ (p)) \leftrightarrow (p \leftrightarrow I)$ .

Conversely, if $H$ and $I$ are fixed points, then $G L ⊢ ⊡ (p \leftrightarrow H) \leftrightarrow ⊡ (p \leftrightarrow I)$ , so since $G L$ is closed under substitution, $G L ⊢ ⊡ (H \leftrightarrow H) \leftrightarrow ⊡ (H \leftrightarrow I)$ . Since $G L ⊢ ⊡ (H \leftrightarrow H)$ , it follows that $G L ⊢ (H \leftrightarrow I)$ .

(Taken from The Logic of Provability, by G. Boolos.)

Moderation Log

AI ALIGNMENT FORUM
AF

A primer on provability logic

4

The language

Soundness and completeness

Substitution of equivalent formulas

Fixed points

Decidability

Further reading

4