![Page 1: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/1.jpg)
A Formally Verified Abstract Account of
Gödel’s Incompleteness Theorems
Andrei Popescu Dmitriy Traytel
λ→
∀=Is
abelle
β
α
HOL
![Page 2: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/2.jpg)
Gödel’s Incompleteness Theorems 1931
![Page 3: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/3.jpg)
Gödel’s Incompleteness Theorems 1931 Fix a consistent logical theory that
- contains enough arithmetic,- can itself be arithmetized.
![Page 4: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/4.jpg)
Gödel’s Incompleteness Theorems 1931
There are sentences that the theory cannot decide (i.e., neither prove nor disprove).
Fix a consistent logical theory that- contains enough arithmetic,- can itself be arithmetized.
![Page 5: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/5.jpg)
Gödel’s Incompleteness Theorems 1931
There are sentences that the theory cannot decide (i.e., neither prove nor disprove).
Fix a consistent logical theory that- contains enough arithmetic,- can itself be arithmetized.
The theory cannot prove (an internal formulation of) its own consistency.
![Page 6: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/6.jpg)
Pen and Paper Proofs of � and �
![Page 7: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/7.jpg)
Pen and Paper Proofs of � and �
… … … …
![Page 8: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/8.jpg)
Pen and Paper Proofs of � and �
The reader who does not like incomplete and (apparently) irremediably messy proofs of syntactic facts may wish to skim over the rest of this chapter and take it for granted that …
… … … …
![Page 9: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/9.jpg)
Formal Verifications of � and �
![Page 10: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/10.jpg)
Formal Verifications of � and �
Paulson
2015
Isabelle
O’Connor
2005
Coq
Harrison
2004
HOL Light
Shankar
1986
NQTHM
1978
TEM
Sieg
![Page 11: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/11.jpg)
End of story
![Page 12: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/12.jpg)
End of story?
![Page 13: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/13.jpg)
End of story?
![Page 14: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/14.jpg)
Formal Verifications of � and �
Shared structure
![Page 15: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/15.jpg)
- Fix a particular logic: Classical FOL
Formal Verifications of � and �
Shared structure
![Page 16: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/16.jpg)
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
Formal Verifications of � and �
Shared structure
![Page 17: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/17.jpg)
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
Formal Verifications of � and �
Shared structure
![Page 18: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/18.jpg)
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
- Tour de force for the particular combination
Formal Verifications of � and �
Shared structure
![Page 19: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/19.jpg)
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
- Tour de force for the particular combination
Formal Verifications of � and �
Shared structure
Scope of and remains largely unexploded
![Page 20: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/20.jpg)
- Fix a particular logic: Classical FOL
- Fix a particular theory (+ finite extensions of it)
- Arithmetic (Harrison, O’Connor)
- Hereditarily finite set theory (Sieg, Shankar, Paulson)
- Tour de force for the particular combination
Formal Verifications of � and �
Shared structure
Scope of and remains largely unexploded
E.g. do they hold for Intuitionistic FOL, HOL, CIC?
![Page 21: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/21.jpg)
Our Motto:
![Page 22: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/22.jpg)
Our Motto:Don’t Fix, Gather!
![Page 23: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/23.jpg)
Our Contributions
![Page 24: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/24.jpg)
Our Contributions- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
λ→
∀=Is
abelle
β
α
HOL
![Page 25: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/25.jpg)
Our Contributions- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
λ→
∀=Is
abelle
β
α
HOL
- Concrete instantiation to hereditarily finite set theory
- Reproduce (for ) and improve (for ) Paulson’s formalization
![Page 26: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/26.jpg)
What must a logic/theory offer?Generic Syntax Connectives Provability
Relation Numerals
![Page 27: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/27.jpg)
What must a logic/theory offer?Generic Syntax Connectives Provability
Relation Numerals
Classical Logic
What may a logic/theory offer?Order-like Relation Proofs Encodings
Represent-ability
Derivability Conditions
Standard Model Soundness
Consistency Omega-Consistency
Completeness of Provability
Proofs vs. Provability
![Page 28: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/28.jpg)
Generic Syntax
![Page 29: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/29.jpg)
• sets: Var, Term, Fmla with Var⊆Term Generic Syntax
![Page 30: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/30.jpg)
• sets: Var, Term, Fmla with Var⊆Term
• operators: FV_Term : Term → 2Var
FV : Fmla → 2Var
subst_Term : Term → Var → Term → Termsubst : Fmla → Var → Term → Fmla
Generic Syntax
![Page 31: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/31.jpg)
• sets: Var, Term, Fmla with Var⊆Term
• operators: FV_Term : Term → 2Var
FV : Fmla → 2Var
subst_Term : Term → Var → Term → Termsubst : Fmla → Var → Term → Fmla
• properties, e.g.:x∈FV(φ) implies FV(subst φ x s) = FV(φ) - {x} ∪ FV_Term(s)
Generic Syntax
![Page 32: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/32.jpg)
• sets: Var, Term, Fmla with Var⊆Term
• operators: FV_Term : Term → 2Var
FV : Fmla → 2Var
subst_Term : Term → Var → Term → Termsubst : Fmla → Var → Term → Fmla
• properties, e.g.:x∈FV(φ) implies FV(subst φ x s) = FV(φ) - {x} ∪ FV_Term(s)
Generic Syntax
We require unary substitution only. We derive parallel substitution from it.
![Page 33: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/33.jpg)
Connectives
![Page 34: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/34.jpg)
• operators: ≡ : Term → Term → Fmla→, ∧, ∨ : Fmla → Fmla → Fmla¬ : Fmla → Fmla⊥, ⊤ : Fmla∃, ∀ : Var → Fmla → Fmla
Connectives
![Page 35: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/35.jpg)
• operators: ≡ : Term → Term → Fmla→, ∧, ∨ : Fmla → Fmla → Fmla¬ : Fmla → Fmla⊥, ⊤ : Fmla∃, ∀ : Var → Fmla → Fmla
Connectives
We require a minimal list w.r.t. intuitionistic deduction and define the rest. Note: operators, not constructors
![Page 36: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/36.jpg)
• unary relation: ⊢ ⊆ Fmlawe write ⊢φ if φ ∈ ⊢
• properties: ⊢ contains the standard (Hilbert-style) intuitionistic FOL axioms about the connectives
Provability Relation
![Page 37: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/37.jpg)
• unary relation: ⊢ ⊆ Fmlawe write ⊢φ if φ ∈ ⊢
• properties: ⊢ contains the standard (Hilbert-style) intuitionistic FOL axioms about the connectives
Provability Relation
• nonempty set: Num ⊆ Fmla0
Numerals
![Page 38: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/38.jpg)
• property: ⊢ ¬ ¬ φ → φ Classical Logic
![Page 39: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/39.jpg)
• property: ⊢ ¬ ¬ φ → φ Classical Logic
Order-like Relation
• formula: ≺ ∈ Fmla2 • properties, e.g.:
for all φ∈Fmla1 and n∈Num,if ⊢φ(m) for all m∈Num, then ⊢∀x. x≺n → φ(x)
![Page 40: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/40.jpg)
• property: ⊢ ¬ ¬ φ → φ Classical Logic
Order-like Relation
• formula: ≺ ∈ Fmla2 • properties, e.g.:
for all φ∈Fmla1 and n∈Num,if ⊢φ(m) for all m∈Num, then ⊢∀x. x≺n → φ(x)
• set: Proof • binary relation: ⊩ ∈ Proof×Fmla
we write p⊩φ if (p,φ)∈⊩
Proofs
![Page 41: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/41.jpg)
• formulas subst, ⊩, ¬ • property:
behave like operators/relations (subst, ⊩, ¬) on encodings
• operators: ⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num
Encodings
Represent-ability
![Page 42: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/42.jpg)
• formulas subst, ⊩, ¬ • property:
behave like operators/relations (subst, ⊩, ¬) on encodings
• operators: ⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num
Encodings
• property: ⊬⊥Consistency
Represent-ability
![Page 43: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/43.jpg)
• formulas subst, ⊩, ¬ • property:
behave like operators/relations (subst, ⊩, ¬) on encodings
• operators: ⟨_⟩ : Fmla → Num and ⟨_⟩ : Proof → Num
Encodings
• property: ⊬⊥Consistency
• property: For all φ∈Fmla1,
if ⊢¬φ(n) for all n∈Num then ⊬¬¬(∃x.φ(x))
Omega-Consistency
Represent-ability
![Page 44: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/44.jpg)
What must a logic/theory offer?Generic Syntax Connectives Provability
Relation Numerals
Classical Logic
What may a logic/theory offer?Order-like Relation Proofs Encodings
Represent-ability
Derivability Conditions
Standard Model Soundness
Consistency Omega-Consistency
Completeness of Provability
Proofs vs. Provability
![Page 45: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/45.jpg)
Proofs
EncodingsRepresent-ability
Derivability Conditions
Omega-Consistency
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
![Page 46: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/46.jpg)
Proofs
EncodingsRepresent-ability
Derivability Conditions
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
ConsistencyRosser’s Trick
a la Rosser
![Page 47: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/47.jpg)
Proofs
EncodingsRepresent-ability
Derivability Conditions
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
ConsistencyRosser’s Trick
¬
a la Rosser
![Page 48: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/48.jpg)
Proofs
EncodingsRepresent-ability
Derivability Conditions
subst, ⊩ ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
ConsistencyRosser’s Trick
Order-like Relation
¬
a la Rosser
![Page 49: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/49.jpg)
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φ
and φ is true in the standard modelsemantic
⊢⊢⟨φ⟩ implies ⊢φ
Standard Model Soundness Completeness
of ProvabilityProofs vs. Provability
![Page 50: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/50.jpg)
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
There exists φ∈Fmla0 such that⊬φ and ⊬¬φclassical
⊢⊢⟨φ⟩ implies ⊢φ
Classical LogicConsistency
![Page 51: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/51.jpg)
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
⊬¬⊢⟨⊥⟩
Consistency
⊢⊢⟨φ⟩∧⊢⟨φ→ψ⟩→⊢⟨ψ⟩
⊢⊢⟨φ⟩→⊢⟨⊢⟨φ⟩⟩
![Page 52: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/52.jpg)
EncodingsRepresent-ability
Derivability Conditions
subst ⊢φ implies ⊢⊢⟨φ⟩
⊬¬⊢⟨⊥⟩
Consistency
⊢⊢⟨φ⟩∧⊢⟨φ→ψ⟩→⊢⟨ψ⟩
⊢⊢⟨φ⟩→⊢⟨⊢⟨φ⟩⟩
In the paper:Jeroslow’s
“improvement"to remove this
condition
results in weaker conclusion
+ mistake in proof
![Page 53: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/53.jpg)
![Page 54: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/54.jpg)
12000 LOCλ
→
∀=Is
abelle
β
α
HOL
![Page 55: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/55.jpg)
From Abstract to ConcreteGeneric Syntax Connectives Provability
Relation Numerals
Verified instances-Robinson’s Arithmetic (Q)-Hereditarily finite set theory
![Page 56: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/56.jpg)
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
![Page 57: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/57.jpg)
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
![Page 58: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/58.jpg)
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
Paulson assumes soundness (and redundantly consistency!)
We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here)
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
![Page 59: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/59.jpg)
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
Paulson assumes soundness (and redundantly consistency!)
We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here)
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
-5000 LOC
![Page 60: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/60.jpg)
From Abstract to Concrete
classical semantic
Instantiations of
with Paulson’s HF set theory.
Paulson assumes soundness (and redundantly consistency!)
We removed the soundness assumption from the instantiation of → strictly stronger result → required us to replace “easy” semantic proofs with tedious x → proofs in the HF calculus (no help from the abstract side here)
12000 LOC
λ→
∀=Is
abelle
β
α
HOL12000 LOC
-5000 LOC +5000 LOC
![Page 61: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/61.jpg)
Conclusion- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
- Concrete instantiation to hereditarily finite set theory
- Reproduce (for ) and improve (for ) Paulson’s formalization
- Still unanswered/future work
- Do and hold for Intuitionistic FOL, HOL, CIC?- Can we do more on the abstract level? (e.g. derivability conditions)
λ→
∀=Is
abelle
β
α
HOL
![Page 62: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/62.jpg)
Conclusion- Abstract formalization of and
- Answer “What must/may a logic/theory offer?”- Understand variants and distill trade-offs from the literature- Correct a mistake in a pen and paper proof
- Concrete instantiation to hereditarily finite set theory
- Reproduce (for ) and improve (for ) Paulson’s formalization
- Still unanswered/future work
- Do and hold for Intuitionistic FOL, HOL, CIC?- Can we do more on the abstract level? (e.g. derivability conditions)
λ→
∀=Is
abelle
β
α
HOL
Thank you! Questions?
![Page 63: of Gödel’s Incompleteness Theoremspeople.inf.ethz.ch/trayteld/slides/cade19.pdfGödel’s Incompleteness Theorems 1931 There are sentences that the theory cannot decide (i.e., neither](https://reader034.vdocuments.pub/reader034/viewer/2022042405/5f1f1996d65fa319fd05c740/html5/thumbnails/63.jpg)
A Formally Verified Abstract Account of
Gödel’s Incompleteness Theorems
Andrei Popescu Dmitriy Traytel
λ→
∀=Is
abelle
β
α
HOL