[isabelle] Some remarks on natural deduction and axiomatic set theory
Dear Gottfried Barrow and List Members,
Thank you for your comment at
concerning my note available at
Let me respond to the last three paragraphs of your comment quoted below which
summarize the most important questions.
1. There is no relation between a simple minimum core logic and the
expressiveness of the formal language. A modular software design guarantees a
clear separation of functionality such that the logic is concentrated in the
logical core and no enhancements of other software layers (i.e., user
interface, proof tactics) will have an effect on the correctness of the logic.
This concept is, according to Andrei Popescu, shared by all implementations in
discussion here: "A small logic kernel is an implementation-independent virtue
of Isabelle/HOL as well as of all the Gordon-HOL systems."
"It is the logical reliability due to reduction that builds the core of the
LCF-approach to theorem proving (or LCF-style full expansiveness [cf. Gordon,
2000, p. 178]): 'All proofs are ultimately performed in terms of a small set of
primitive inferences, so provided this small logical kernel is correct the
results should be reliable.' [Harrison, 2009, p. 60]" [Kubota, 2015a, pp. 12 f.]
The idea behind the LCF-approach appealing also to those who do not share
metatheoretical concepts such as the semantic approach (model theory) is to
reduce the set of rules and elements, such that the logical core is minimized
without loss of expressiveness. I called it the "The Principle of Reductionism"
[Kubota, 2015a, p. 11].
In Peter B. Andrews' logic Q0 this principle is - by the use of syntactical
means only - consequently carried out, such that the basic means of the
language are reduced without loss of expressiveness to
- a single rule of inference,
- a single variable binder,
- only two constants and
- only two types,
obtaining "definability of all of the propositional connectives, as well as all
of the quantifiers (universal, existential and uniqueness quantifier)" and
derivability of all other rules including the rule of modus ponens as mentioned
In other words, with this simple minimum core logic of Q0 all of formal logic
and large parts of mathematics, and with type variables (polymorphic type
theory) and the binding of type variables with lambda (dependent type theory),
presumably all of mathematics can be construed, expressed and proved purely
syntactically. Due to its simplicity, the logical kernel becomes extremely
small and logically robust, i.e., mathematically safe.
In the R0 implementation, the propositional connectives therefore are not part
of the logical core, but their definitions are "outsourced" into a file and,
for example, the rule of modus ponens into a separate proof template file. In
fact, the expressiveness of R0 as a logistic system is stronger than that of
Isabelle/HOL. Isabelle/HOL allows for type variables and therefore has the
expressiveness of polymorphic type theory, but only R0 allows, in addition to
that, the binding of type variables with lambda as abstraction operator and
therefore enables the construction of types required for dependent type theory.
2. Any axiom schema requires a meta-level for instantiation. Since my
philosophical background rejects any sort of metatheories (I prefer to speak of
arithmetization of mathematics instead of metamathematics, refuting any
foundational or legitimating role of metatheories), an axiom schema - like any
other meta-construction - always reveals a deficit. Whereas Andrews' logic Q0
requires an "Axiom Schema 3" [Andrews, 2002, p. 213] (with "syntactical
variables ranging over type symbols" [Andrews, 2002, p. 210]) for the Axiom of
Extensionality, R0 uses regular type variables for this axiom [cf. Kubota,
2015a, pp. 39, 351], which were not available in Q0 being a simple type theory,
i.e., without type variables.
Moreover, axiomatic set theory as a whole is subject to critique: "Axiomatic
set theory uses axioms to justify the existence of certain sets. Unless the
proof of existence from these axioms is provided, any construction cannot be
introduced into the domain of discourse. This approach, however, is not
systematic and subject to arbitrary conditions. For example, the most common
formulation, the Zermelo-Fraenkel set theory with the Axiom of Choice (ZFC),
comprises axioms for the empty set, union, one-element sets, power sets etc.,
trying to cover the standard sets used in mathematics. But there always remain
legitimate sets not contained by these axioms; for example it is well known
that large cardinal numbers and certain universes cannot be treated within ZFC
(without assuming additional axioms), although from a purely logical point of
view there is no difference between the mathematical objects covered by ZFC and
those not covered.
This problem has its origin in the approach itself, as axiomatic set theory
makes use of non-logical axioms to establish sets, thus trying to avoid
paradoxes via content restrictions instead of the proper specification of the
formal language. Opting this method, axiomatic set theory including ZFC is
bound to remain a preliminary and auxiliary approach, but not the foundation of
mathematics." [Kubota, 2015a, p. 18].
3. Russell's paradox ("the set of all sets that are not members of themselves",
or originally: "Let w be the predicate: to be a predicate that cannot be
predicated of itself. [...] Likewise there is no class (as a totality) of those
classes which, each taken as a totality, do not belong to themselves."
[Russell, 1902, p. 125]) with the two constitutive properties of antinomies,
self-reference and negativity (negation), ruled out Cantor's naive set theory
as a foundation of mathematics. If Goedel's construction of a proposition
involving self-referencing negativity ("I am not provable", or originally: "We
therefore have before us a proposition that says about itself that it is not
provable" [GÃdel, 1931, p. 598]) has to be considered as an antinomy, further
research will have to find out whether it rules out natural deduction
(including sequent calculus) for the foundation of mathematics as a whole or
whether a clear distinction of the object language and the meta-language can be
introduced into natural deduction.
The strict distinction of the object language and the meta-language was so
important to Church that he emphasized it a second time in his article: "We
must, of course, distinguish between formal theorems, or theorems of the
system, and syntactical theorems, or theorems about the system, this and
related distinctions being a necessary part of the process of using a known
language (English) to set up another (more exact) language." [Church, 1940, p.
In natural deduction, as for example in Isabelle, metatheorems (in terms of
Hilbert-style systems) become part of the formal language (the object language)
itself. So from the point of view of axiomatic (Hilbert-style) deductive
systems, the expressiveness in natural deduction is shifted towards the
meta-level, possibly at the cost of expressiveness at the object level. This
caused me to introduce an own terminology with the notions of "object logic"
and "meta-logic" in my second publication on Goedel [cf. Kubota, 2015] until
realizing that the definitional line between "object logic" and "meta-logic" is
identical with that between axiomatic (Hilbert-style) deductive systems and
natural deduction, having found the number of allowed occurrences of the
deduction symbol (turnstile) in a theorem as a formal criterion. The
translation mechanism from a theorem to the existence of its proof (or vice
versa) in Goedel's First Incompleteness Theorem is in Paulson's presentation
his theorem 'proved_iff_proved_PfP' - called (P) in my article -, in Andrews'
presentation the implicit rule used for step 7101.4. Whereas in Andrews' system
this implicit rule immediately results in inconsistency [cf. Kubota, 2015, pp.
10 f.], I am not sure whether this applies to natural deduction, too. Because
of a limited expressiveness at the object level, the antinomy might be
construed without causing an openly visible inconsistency in the formal
language, since "the two occurrences of the deduction symbol [...] remain an
obstacle for obtaining a paradox [i.e., an inconsistency] in the metalogic
[i.e., in natural deduction]" [Kubota, 2015, p. 14]. Then, "GÃdel's first
incompleteness theorem: If consistent, our theory is incomplete." (Paulson) is
rendered from a hypothetical judgement to a trivial tautology in the form of a
conclusio ex falso, since the theory under consideration is actually
inconsistent. However, an antinomy (paradox) should not be expressible at all
(in formal logic and mathematics).
If natural deduction is ruled out for the foundation of mathematics, there
would be no other "fix" for Isabelle than switching to an axiomatic
(Hilbert-style) deductive system. Then, if one does not want to downgrade from
higher-order logic (which would artificially limit the expressiveness of the
language) and prefers to remain in the realm of Russell's invention, namely
type theory [cf. Russell, 1908], basically three options would be left:
a) Church's Hilbert-style system of 1940 [cf. Church, 1940] (simple type
theory, i.e., without type variables)
b) Andrews' logic Q0 [cf. Andrews, 2002, pp. 210-215], an improved formulation
with identity (equality) as the main notion (also simple type theory, i.e.,
without type variables), first published in 1963 as a simplification of
Henkin's variant of Church's formulation [cf. Andrews, 1963, pp. 345 f., 350]
and described at
c) my own logic R0 [cf. Kubota, 2015a] (polymorphic and dependent type theory,
i.e., with type variables and types depending on arguments due to type
variables bound with lambda), a further development of Q0, described at
In his Ph.D. thesis, Andrews developed a transfinite type theory with type
variables Q [cf. Andrews, 1965, pp. 3-8], which is already some sort of
polymorphic type theory. But instead of consequently reducing the variable
binders to a single one as in Q0 (with the abstraction operator and single
variable binder lambda, obtaining definability of the universal, existential
and uniqueness quantifier) at the type level of Q also, which would have built
the foundation of a dependent type theory, the universal quantifier becomes a
true variable binder (an improper symbol) in the case of types (for details
[cf. Kubota, 2015a, p. 31]).
Concerning Isabelle, I do not believe that "30 years" and "millions of dollars"
are simply lost. Both Goedel's First Incompleteness Theorem and natural
deduction have been publicly available for about 80 years now, in relation to
which shorter periods and any economic quantities appear relatively small. I
highly value Paulson's presentation of Goedel's First Incompleteness Theorem,
which, unlike all other presentations I studied (Andrews and Rautenberg), does
not use a shortcut for (P), but a proven theorem, leaving only the (rather
methodological) implicit assumptions of
- natural deduction (or at least the lack of a clear distinction of the object
language and the meta-language) and
- the semantic approach (model theory invented by Tarski),
assuming otherwise correctness of the syntactical inference in Isabelle. Maybe
this fully formalized presentation of Goedel's First Incompleteness Theorem by
Professor Paulson as the climax in the development and application of the
Isabelle proof assistant software was even a necessary step for evaluating the
implications (and potential deficits) of natural deduction.
Following the arguments given above, the path to the natural and ideal
formulation of formal logic and mathematics is narrowed down to higher-order
logic in the form of a Hilbert-style type theory, unless natural deduction is
reformulated in a way that preserves the distinction of the object language and
the meta-language, and the possibility of offering clarification here seems to
me to be one of the most important tasks at present.
In order to do so, I suggest the careful examination of Paulson's presentation
of Goedel's First Incompleteness Theorem under consideration of the critique of
James R. Meyer [cf. Meyer, 2015] and myself both printed [cf. Kubota, 2013;
Kubota, 2015] and online at
This seems even more important, as with the critique of natural deduction or
certain modes of its implementation, all current major theorem provers, such as
- Lawrence C. Paulson's Isabelle (proof claimed by Lawrence C. Paulson),
- Coq by INRIA et al. (proof claimed by Russell O'Connor), and
- Mike Gordon's original HOL system and its variants, including
- John Harrison's HOL Light (proof claimed by John Harrison),
might be affected, as they all rely - either as the single form of inference or
as one of several components - on natural deduction (considering sequent
calculus as a subcase here, defining natural deduction as opposed to
The only older theorem prover, in which Goedel's First Incompleteness Theorem
was claimed to be proven,
- Robert S. Boyer's and J. Strother Moore's Nqthm (proof claimed by Natarajan
obviously allows the instantiation of metatheorems, which might violate the
object language ("Proved meta-theorems can be installed as simplifiers",
http://www-formal.stanford.edu/clt/ARS/Entries/nqthm, December 13, 2015).
Andrews, Peter B. (1963), "A reduction of the axioms for the theory of
propositional types". In: Fundamenta Mathematicae 52, pp. 345-350.
Andrews, Peter B. (1965), A Transfinite Type Theory with Type Variables.
Amsterdam: North-Holland Publishing Company.
Andrews, Peter B. (2002), An Introduction to Mathematical Logic and Type
Theory: To Truth Through Proof. Second edition. Dordrecht / Boston / London:
Kluwer Academic Publishers. ISBN 1-4020-0763-9. DOI: 10.1007/978-94-015-9934-4.
Church, Alonzo (1940), "A Formulation of the Simple Theory of Types". In:
Journal of Symbolic Logic 5, pp. 56-68.
GÃdel, Kurt (1931), "On formally undecidable propositions of Principia
mathematica and related systems I". In: Heijenoort, Jean van, ed. (1967), From
Frege to GÃdel: A Source Book in Mathematical Logic, 1879-1931. Cambridge,
Massachusetts: Harvard University Press, pp. 596-616.
Kubota, Ken (2013), On Some Doubts Concerning the Formal Correctness of GÃdel's
Incompleteness Theorem. Berlin: Owl of Minerva Press. ISBN 978-3-943334-04-3.
DOI: 10.4444/100.101. See: http://dx.doi.org/10.4444/100.101
Kubota, Ken (2015), GÃdel Revisited. Some More Doubts Concerning the Formal
Correctness of GÃdel's Incompleteness Theorem. Berlin: Owl of Minerva Press.
ISBN 978-3-943334-06-7. DOI: 10.4444/100.102. See:
Kubota, Ken (2015a), On the Theory of Mathematical Forms (Draft of May 18,
2015). Unpublished manuscript. SHA-512: a0dfe205eb1a2cb29efaa579d68fa2e5
011d8303fd59f2c8a4e6f64125867dc4. DOI: 10.4444/100.10. See:
Meyer, James R. (2015), "A Fundamental Flaw in An Incompleteness Proof by
StanisÅaw Åwierczkowski" (v2 30 Apr 2015). SHA-512:
696f5e265d911799ecf7416b9c0cf3c0 fbdb2a10bab58532f9a117ddee2b3866. Available
online at http://www.jamesrmeyer.com/pdfs/ff_swierczkowski.pdf (November 28,
Russell, Bertrand (1902), "Letter to Frege". In: Heijenoort, Jean van, ed.
(1967), From Frege to GÃdel: A Source Book in Mathematical Logic, 1879-1931.
Cambridge, Massachusetts: Harvard University Press, pp. 124 f.
Russell, Bertrand (1908), "Mathematical Logic as based on the Theory of Types".
In: American Journal of Mathematics 30, pp. 222-262.
Am 09.12.2015 um 19:10 schrieb Gottfried Barrow <igbi at gmx.com>:
Really, what would be of more value? A generalized logic that stands the test
of time, such as Isabelle/Pure and Isabelle/HOL, or a very narrow logic, such
as what you advise?
How are people supposed to test the generalized logic, over many years, if the
safer route is taken. And an inconsistent logic is not a crisis anyway. An
inconsistent logic that can't be fixed with "don't do that" is a crisis. A loss
of 30 years, that's a crisis.
ZFC is an inconsistent logic that was fixed with "don't do that". It's called
the Axiom Schema of Separation. It's ugly, because it demands a new axiom for
every subset of a set. Or is "ugly" just a matter of perception?
This archive was generated by a fusion of
Pipermail (Mailman edition) and