Theory Thesis
theory Thesis
imports TAO_9_PLM TAO_98_ArtificialTheorems TAO_99_SanityTests TAO_99_Paradox TAO_10_PossibleWorlds
"HOL-Library.LaTeXsugar"
"HOL-Library.OptionalSugar"
begin
notation (latex output)
validity_in ("[\<^latex>‹\\embeddedstyle{›_\<^latex>‹}› in _]")
notation (latex output)
actual_validity ("[\<^latex>‹\\embeddedstyle{›_\<^latex>‹}›]")
notation (latex output)
Axioms.axiom ("[[ \<^latex>‹\\embeddedstyle{›_\<^latex>‹}› ]]")
definition embedded_style where "embedded_style ≡ id"
lemma embedded_meta_def: "(A ≡ B) ⟹ (embedded_style A) = B" unfolding embedded_style_def by auto
lemma embedded_meta_eq: "(A = B) ⟹ (embedded_style A) = B" unfolding embedded_style_def by auto
lemma embedded_def: "(A ≡ B) ⟹ (embedded_style A) = (embedded_style B)"
unfolding embedded_style_def by auto
lemma embedded_eq: "(A = B) ⟹ (embedded_style A) = (embedded_style B)"
unfolding embedded_style_def by auto
notation (latex output)
embedded_style ("\<^latex>‹\\embeddedstyle{›_\<^latex>‹}›")
translations
"x" <= "CONST makeκ x"
translations
"p" <= "CONST make𝗈 p"
translations
"p" <= "CONST makeΠ⇩1 p"
translations
"p" <= "CONST makeΠ⇩2 p"
translations
"p" <= "CONST makeΠ⇩3 p"
translations
"x" <= "CONST evalκ x"
translations
"p" <= "CONST eval𝗈 p"
translations
"p" <= "CONST evalΠ⇩1 p"
translations
"p" <= "CONST evalΠ⇩2 p"
translations
"p" <= "CONST evalΠ⇩3 p"
notation (latex output)
that ("❙ιx . _ x")
notation (latex output)
forall⇩ν ("❙∀⇩ν x . _ x")
notation (latex output)
forall⇩0 ("❙∀⇩0 p . _ p")
notation (latex output)
forall⇩1 ("❙∀⇩1 F . _ F")
notation (latex output)
forall⇩2 ("❙∀⇩2 F . _ F")
notation (latex output)
forall⇩3 ("❙∀⇩3 F . _ F")
notation (latex output)
forall ("❙∀ α . _ α")
notation (latex output)
exists ("❙∃ α . _ α")
notation (latex output)
exists_unique ("❙∃! α . _ α")
notation (latex output)
lambdabinder1 ("❙λx. _ x")
translations
(type) "α" <= (type) "Π⇩1 set"
lemma expand_def1: "p ≡ q ⟹ (⋀x . p x = q x)" by simp
lemma expand_def2: "p ≡ q ⟹ (⋀x y . p x y = q x y)" by simp
lemma expand_def3: "p ≡ q ⟹ (⋀x y z . p x y z = q x y z)" by simp
attribute_setup expand1 = ‹
Scan.succeed (Thm.rule_attribute []
(fn _ => fn thm => thm RS @{thm expand_def1}))
›
attribute_setup expand2 = ‹
Scan.succeed (Thm.rule_attribute []
(fn _ => fn thm => thm RS @{thm expand_def2}))
›
attribute_setup expand3 = ‹
Scan.succeed (Thm.rule_attribute []
(fn _ => fn thm => thm RS @{thm expand_def3}))
›
no_syntax "_list" :: "args ⇒ 'a list" ("[(_)]")
no_syntax "__listcompr" :: "args ⇒ 'a list" ("[(_)]")
chapter‹Introduction›
text‹
\epigraph{Calculemus!}{\textit{Leibniz}}
›
section‹Universal Logical Reasoning\footnote{This introductory section is based on the description of the topic in \<^cite>‹UniversalReasoning›.}›
text‹
The concept of understanding rational argumentation and reasoning using formal logical systems
has a long tradition and can already be found in the study of syllogistic arguments by
Aristotle. Since then a large variety of formal systems has evolved, each using different syntactical
and semantical structures to capture specific aspects of logical reasoning (e.g. propositional logic,
first-order/higher-order logic, modal logic, free logic, etc.). This diversity of formal systems
gives rise to the question, whether a \emph{universal} logic can be devised, that would be capable
of expressing statements of all existing specialized logical systems and provide a basis for
meta-logical considerations like the equivalence of or relations between those systems.
The idea of a universal logical framework is very prominent in the works of Gottfried Wilhelm Leibniz
(1646-1716) with his concept of a \emph{characteristica universalis}, i.e. a universal formal language
able to express metaphysical, scientific and mathematical concepts. Based thereupon he envisioned
the \emph{calculus ratiocinator}, a universal logical calculus with which the truth of statements
formulated in the characteristica universalis could be decided purely by formal calculation and thereby
in an automated fashion, an idea that became famous under the slogan: \emph{Calculemus!}
Nowadays with the rise of powerful computer systems such a universal logical framework could have
repercussions throughout the sciences and may be a vital part of human-machine interaction in the
future. Leibniz' ideas have inspired recent efforts to use functional higher-order logic (HOL) as
such a universal logical language and to represent various logical systems by the use of
\emph{shallow semantical embeddings}\<^cite>‹UniversalReasoning›.
Notably this approach received attention due to the formalization, validation and analysis
of G\"odel's ontological proof of the existence of God by Christoph Benzm\"uller\<^cite>‹GoedelGod›,
for which higher-order modal logic was embedded in the computerized logic framework Isabelle/HOL.
›
section‹Shallow Semantical Embeddings in HOL›
text‹
A semantic embedding of a target logical system defines the syntactic elements of the target language
in a background logic (e.g. in a framework like Isabelle/HOL) based on their semantics.
This way the background logic can be used as meta-logic to argue about the semantic truth of syntactic statements
in the embedded logic.
A \emph{deep} embedding represents the complete syntactic structure of the target language
separately from the background logic, i.e. every term, variable symbol, connective, etc. of the
target language is represented as a syntactic object and then the background logic is used to
evaluate a syntactic expression by quantifying over all models that can be associated with the
syntax. Variable symbols of the target logic for instance would be represented as constants in
the background logic and a proposition would be considered semantically valid if it holds for
all possible denotations an interpretation function can assign to them.
While this approach will work for most target logics, it has several drawbacks. It is likely that there are
principles that are shared between the target logic and the background logic, such as ‹α›-conversion
for ‹λ›-expressions or the equivalence of terms with renamed variables in general. In a deep
embedding these principles usually have to be explicitly shown to hold for the syntactic representation
of the target logic, which is usually connected with significant complexity. Furthermore if the
framework used for the background logic allows automated reasoning, the degree of automation that
can be achieved in the embedded logic is limited, as any reasoning in the target logic will have
to consider the meta-logical evaluation process in the background logic which will usually be complex.
A \emph{shallow} embedding uses a different approach based on the idea that most contemporary
logical systems are semantically characterized by the means of set theory. A shallow embedding
defines primitive syntactic objects of the target language such as variables or propositions
using a set theoretic representation. For example propositions in a modal logic can be represented
as functions from possible worlds to truth values in a non-modal logic.
The shallow embedding aims to equationally define only the syntactic elements of the target logic
that are not already present in the background logic or whose semantics behaves differently than in
the background logic, while preserving as much of the logical structure of the background logic
as possible. The modal box operator for example can be represented as a quantification over all
possible worlds, satisfying an accessibility relation, while negation and quantification can be
directly represented using the negation and quantification of the background logic (preserving
the dependency on possible worlds).
This way basic principles of the background logic (such as alpha conversion) can often be directly
applied to the embedded logic and the equational, definitional nature of the representation preserves
a larger degree of automation. Furthermore, axioms in the embedded logic can often be equivalently
stated in the background logic, which makes the construction of models for the system easier and again increases
the degree of automation that can be retained.
The shallow semantical embedding of modal logic was the basis for the analysis of
G\"odel's ontological argument\<^cite>‹GoedelGod› and the general concept has shown great potential as a universal
tool for logical embeddings while retaining the existing infrastructure for automation as for
example present in a framework like Isabelle/HOL\footnote{See \<^cite>‹UniversalReasoning› for an
overview and an description of the ambitions of the approach.}.
›
section‹Relational Type Theory vs. Functional Type Theory›
text‹
The universality of this approach has since been challenged by Paul Oppenheimer and Edward Zalta
who argue in the paper \emph{Relations Versus Functions at the Foundations of Logic: Type-Theoretic
Considerations}\<^cite>‹rtt› that relational type theory is more general than functional type theory.
In particular they argue that the Theory of Abstract Objects, which is founded in relational type
theory, cannot be properly characterized in functional type theory.
This has led to the question whether a shallow semantical embedding of the Theory of Abstract Objects
in a functional logic framework like Isabelle/HOL is at all possible, which is the core question
the work presented here attempts to examine and partially answer.
One of their main arguments is that unrestricted ‹λ›-expressions as present in functional type
theory lead to an inconsistency when combined with one of the axioms of the theory and indeed it
has been shown for early attempts on embedding the theory that despite significant efforts
to avoid the aforementioned inconsistency by excluding problematic ‹λ›-expressions in the embedded
logic, it could still be reproduced using an appropriate construction in the background logic\footnote{
Early attempts of an embedding by Christoph Benzm\"uller (see \url{https://github.com/cbenzmueller/PrincipiaMetaphysica})
were discussed in his university lecture \emph{Computational Metaphysics} (FU Berlin, SS2016) and the proof of
their inconsistency in the author's final project for the course inspired the continued research
in this master's thesis.}.
The solution presented here circumvents this problem by identifying ‹λ›-expressions as one element of the
target language that behaves differently than their counterparts in the background logic and
consequently by representing ‹λ›-expressions of the target logic using a new \emph{defined}
kind of ‹λ›-expressions. This forces ‹λ›-expressions in the embedded logic to have a particular
semantics that is inspired by the \emph{Aczel-model} of the target theory (see \ref{aczel-model})
and avoids prior inconsistencies. The mentioned issue and the employed solution is discussed in
more detail in sections~\ref{russell-paradox} and~\ref{lambda-expressions}.
\pagebreak
›
section‹Overview of the following Chapters›
text‹
The following chapters are structured as follows:
\begin{itemize}
\item The second chapter gives an overview of the motivation and structure of
the target theory of the embedding, the Theory of Abstract Objects. It also
introduces the \emph{Aczel-model} of the theory, that was adapted as the basis
for the embedding.
\item The third chapter is a detailed documentation of the concepts and
technical structure of the embedding. This chapter references the
Isabelle theory that can be found in the appendix.
\item The fourth chapter consists of a technical discussion about some of the issues encountered
during the construction of the embedding due to limitations of the logic framework
Isabelle/HOL and the solutions that were employed.
\item The last chapter discusses the relation between the embedding and the target theory
of PLM and describes some of the results achieved using the embedding. Furthermore it
states some open questions for future research.
\end{itemize}
This entire document is generated from an Isabelle theory file and thereby in particular
all formal statements in the third chapter are well-formed terms, resp. verified valid theorems
in the constructed embedding unless the contrary is stated explicitly.
›
chapter‹The Theory of Abstract Objects›
text‹
\epigraph{
It is widely supposed that every entity falls into one of two categories:
Some are concrete; the rest abstract. The distinction is supposed to be
of fundamental significance for metaphysics and epistemology.
}{\textit{Stanford Encyclopedia of Philosophy\<^cite>‹"sep-abstract-objects"›}}
›
section‹Motivation›
text‹
As the name suggests the Theory of Abstract Objects revolves around \emph{abstract objects} and
is thereby a metaphysical theory.
As Zalta puts it: \textquote{Whereas physics attempts a systematic description of fundamental
and complex concrete objects, metaphysics attempts a systematic description of fundamental
and complex abstract objects. \textelp{} The theory of abstract objects attempts to organize
these objects within a systematic and axiomatic framework. \textelp{We can} think of abstract
objects as possible and actual property-patterns. \textelp{} Our theory of abstract
objects will \emph{objectify} or \emph{reify} the group of properties satisfying \textins{such a}
pattern.}\<^cite>‹"MallyTheory"›\footnote{The introduction to the theory
in this and the next section is based on the documentation of the theory in \<^cite>‹MallyTheory› and \<^cite>‹MallyDistinction›, which
is paraphrased and summarized throughout the sections. Further references about the topic include \<^cite>‹PM›,
\<^cite>‹zalta1988intensional›, \<^cite>‹zalta1983abstract›.}
So what is the fundamental distinction between abstract and concrete objects? The analysis
in the Theory of Abstract Objects is based on a distinction between two fundamental modes of
predication that is based on the ideas of Ernst Mally.
Whereas objects that are concrete (the Theory of Abstract Objects calls them \emph{ordinary objects})
are characterized by the classical mode of predication, i.e. \emph{exemplification},
a second mode of predication is introduced that is reserved for abstract objects. This new mode of
predication is called \emph{encoding} and formally written as ‹xF› (‹x›
\emph{encodes} ‹F›) in contrast to ‹Fx› (‹x› \emph{exemplifies} ‹F›).
Mally informally introduces this second mode of predication in order to represent sentences about
fictional objects. In his thinking, concrete objects, that for example have a fixed spatiotemporal
location, a body and shape, etc., only \emph{exemplify} their properties and are characterized
by the properties they exemplify. Sentences about fictional objects such as \textquote{Sherlock Holmes
is a detective} have a different meaning. Stating that \textquote{Sherlock Holmes is a detective}
does not imply that there is some concrete object that is Sherlock Holmes and this object exemplifies
the property of being a detective - it rather states that the concept we have of the fictional
character Sherlock Holmes includes the property of being a detective. Sherlock Holmes is not concrete,
but an abstract object that is \emph{determined} by the properties Sherlock Holmes is given by the
fictional works involving him as character. This is expressed using the second mode of predication
\emph{Sherlock Holmes encodes the property of being a detective}.
To clarify the difference between the two concepts note that any object either exemplifies a property
or its negation. The same is not true for encoding. For example it is not determinate whether
Sherlock Holmes has a mole on his left foot. Therefore the abstract object Sherlock Holmes neither
encodes the property of having a mole on his left foot, nor the property of not having a mole on
his left foot\footnote{see \<^cite>‹MallyDistinction›}.
The theory even allows for an abstract object to encode properties that no object
could possibly exemplify and reason about them, for example the quadratic circle. In classical logic
meaningful reasoning about a quadratic circle is impossible - as soon as I suppose that an object
\emph{exemplifies} the properties of being a circle and of being quadratic, this will lead to a
contradiction and every statement becomes derivable.
In the Theory of Abstract Objects on the other hand
there is an abstract object that encodes exactly these two properties and it is possible to reason
about it. For example we can state that this object \emph{exemplifies} the property of \emph{being
thought about by the reader of this paragraph}. This shows that the Theory of Abstract Objects provides
the means to reason about processes of human thought in a much broader sense than classical logic
would allow.
It turns out that by the means of abstract objects and encoding the Theory of Abstract Objects
can be used to represent and reason about a large variety of concepts that
regularly occur in philosophy, mathematics or linguistics.
In \<^cite>‹"MallyTheory"› the principal objectives of the theory are summarized as follows:
\begin{itemize}
\item To describe the logic underlying (scientific) thought and reasoning by extending
classical propositional, predicate, and modal logic.
\item To describe the laws governing universal entities such as properties, relations,
and propositions (i.e., states of affairs).
\item To identify \emph{theoretical} mathematical objects and relations as well as
the \emph{natural} mathematical objects such as natural numbers and natural sets.
\item To analyze the distinction between fact and fiction and systematize the various
relationships between stories, characters, and other fictional objects.
\item To systematize our modal thoughts about possible (actual, necessary) objects,
states of affairs, situations and worlds.
\item To account for the deviant logic of propositional attitude reports, explain the
informativeness of identity statements, and give a general account of the objective
and cognitive content of natural language.
\item To axiomatize philosophical objects postulated by other philosophers, such as Forms (Plato),
concepts (Leibniz), monads (Leibniz), possible worlds (Leibniz), nonexistent objects (Meinong),
senses (Frege), extensions of concepts (Frege), noematic senses (Husserl), the world as a
state of affairs (early Wittgenstein), moments of time, etc.
\end{itemize}
The Theory of Abstract Objects has therefore the ambition and the potential to serve as a foundational
theory of metaphysics as well as mathematics and can provide a simple unified axiomatic framework that
allows reasoning about a huge variety of concepts throughout the sciences. This makes the attempt to represent the
theory using the universal reasoning approach of shallow semantical embeddings outlined in the previous
chapter particularly challenging and at the same time rewarding, if successful.
A successful implementation of
the theory which allows to utilize the existing sophisticated infrastructure for automated reasoning
present in a framework like Isabelle/HOL would not only strongly support the applicability of shallow
semantical embeddings as a universal reasoning tool, but could also aid in spreading
the utilization of the theory itself as a foundational theory for various scientific fields by
enabling convenient interactive and automated reasoning in a verified framework.
›
section‹Basic Principles›
text‹
Although the formal language of the theory is introduced in the next section,
some of the basic concepts of the theory are presented in advance to provide
further motivation for the formalism.
The following are the two most important principles of the theory (see~\<^cite>‹MallyTheory›):
\begin{itemize}
\item ‹∃x(A!x & ∀F(xF ≡ φ))›
\item ‹x = y ≡ □∀F(xF ≡ yF)›
\end{itemize}
The first statement asserts that for every condition on properties ‹φ› there exists
an abstract object that encodes exactly those properties satisfying ‹φ›, whereas the
second statement holds for two abstract objects ‹x› and ‹y› and states that
they are equal, if and only if they necessarily encode the same properties.
Together these two principles clarify the notion of abstract objects as the reification
of property patterns: Any set of properties is objectified as a distinct abstract object.
Using these principles it is already possible to postulate interesting abstract objects.
For example the Leibnizian concept of an (ordinary) individual ‹u› can be
defined as \emph{the (unique) abstract object that encodes all properties that ‹u› exemplifies},
formally: \mbox{‹ιx A!x & ∀F (xF ≡ Fu)›}
Other interesting examples include possible worlds, Platonic Forms or even basic logical objects
like truth values. The theory allows to formulate purely \emph{syntactic} definitions of
objects like possible worlds and truth values and
from these definitions it can be \emph{derived} that there are two truth values
or that the application of the modal box operator to a proposition is equivalent to the proposition
being true in all possible worlds (where \emph{being true in a possible world} is again defined
syntactically).
This is an impressive property of the Theory of Abstract Objects: it can \emph{syntactically}
define objects that are usually only considered semantically.
›
section‹The Language of PLM›
text‹
The target of the embedding is the second-order fragment of object theory as described
in chapter 7 of Edward Zalta's upcoming \emph{Principia Logico-Metaphysica} (PLM)\<^cite>‹PM›.
The logical foundation of the theory uses a second-order modal logic (without primitive identity)
formulated using relational type theory that is modified to admit \emph{encoding} as a second mode
of predication besides the traditional \emph{exemplification}.
In the following an informal description of the important aspects of the language is provided;
for a detailed and fully formal description and the type-theoretic background refer to the respective
chapters of PLM\<^cite>‹PM›.
A compact description of the language can be given in Backus-Naur Form (BNF)\mbox{\<^cite>‹‹Definition (6)› in PM›},
as shown in figure~\ref{BNF}, in which the following grammatical categories are used:
\begin{tabular}[h]{ll}
‹δ› & individual constants \\
‹ν› & individual variables \\
‹Σ⇧n› & $n$-place relation constants ($n \geq 0$) \\
‹Ω⇧n› & $n$-place relation variables ($n \geq 0$) \\
‹α› & variables \\
‹κ› & individual terms \\
‹Π⇧n› & $n$-place relation terms ($n \geq 0$) \\
‹Φ⇧*› & propositional formulas \\
‹Φ› & formulas \\
‹τ› & terms
\end{tabular}
\begin{figure}[!h]
\caption{BNF grammar of the language of PLM\<^cite>‹‹p. 170› in "PM"›}
\centering
\includegraphics{BNF.pdf}
\label{BNF}
\end{figure}
The language distinguishes between two types of basic formulas,
namely (non-propositional) \emph{formulas} that \emph{may} contain encoding subformulas and
\emph{propositional formulas} that \emph{may not} contain encoding subformulas. Only propositional
formulas may be used in ‹λ›-expressions. The main reason for this distinction will be explained
in section~\ref{russell-paradox}.
Note that there is a case in which propositional formulas \emph{can} contain encoding
expressions. This is due to the fact that \emph{subformula} is defined in such a
way that ‹xQ› is \emph{not} a subformula of ‹ιx(xQ)›\footnote{For
a formal definition of subformula refer to definition (\ref{PM-df-subformula}) in \<^cite>‹PM›.}.
Thereby ‹Fιx(xQ)› is a propositional formula and ‹[λy Fιx(xQ)]› a well-formed
‹λ›-expression. On the other hand ‹xF› is not a propositional formula and therefore
‹[λx xF]› not a well-formed ‹λ›-expression. This fact will become relevant in
the discussion in section~\ref{paradox}, that describes a paradox in the formulation of
the theory in the draft of PLM at the time of writing\footnote{At the time of writing several
options are being considered that can restore the consistency of the theory while retaining all
theorems of PLM.}.
Furthermore the theory contains a designated relation constant ‹E!› to be read as
\emph{being concrete}. Using this constant the distinction between ordinary and abstract objects
is defined as follows:
\begin{itemize}
\item ‹O! =⇩d⇩f [λx ❙◇E!x]›
\item ‹A! =⇩d⇩f [λx ❙¬❙◇E!x]›
\end{itemize}
So ordinary objects are possibly concrete, whereas abstract objects cannot possibly be concrete.
The language does not contain a primitive identity, but
\emph{defines} an identity for each type of term as follows:
\begin{tabular}{lc}
ordinary objects & ‹x =⇩E y =⇩d⇩f O!x & O!y & □(∀F Fx ≡ Fy)›\\
individuals & ‹x = y =⇩d⇩f x =⇩E y ∨ (A!x & A!y & □(∀F xF ≡ yF))›\\
one-place relations & ‹F⇧1 = G⇧1 =⇩d⇩f □(∀x xF⇧1 ≡ xG⇧1)›\\
zero-place relations & ‹F⇧0 = G⇧0 =⇩d⇩f [λy F⇧0] = [λy G⇧0]›
\end{tabular}
The identity for ‹n›-place relations for ‹n ≥ 2› is defined in terms of the
identity of one-place relations, see (\ref{PM-p-identity})\<^cite>‹PM› for the full details.
The identity for ordinary objects follows Leibniz' law of the identity of indiscernibles:
Two ordinary objects that necessarily exemplify the same properties are identical.
Abstract objects, however, are only identical if they necessarily \emph{encode} the same
properties. As mentioned in the previous section this goes along with the concept of
abstract objects as the reification of property patterns.
Notably the identity for properties has a different definition than one would expect from
classical logic. Classically two properties are considered identical if and only if they
necessarily are \emph{exemplified} by the same objects. The Theory of Abstract Objects, however,
defines two properties to be identical if and only if they are necessarily \emph{encoded} by
the same (abstract) objects. This has some interesting consequences that will be described
in more detail in section \ref{hyperintensionality} which describes the \emph{hyperintensionality}
of relations in the theory.
›
section‹The Axioms›
text‹
Based on the language above, an axiom system is defined that constructs a S5 modal logic with
an actuality operator, axioms for definite descriptions that go along with Russell's analysis
of descriptions, the substitution of identicals as per the defined identity, ‹α›-,
‹β›-, ‹η›- and a special ‹ι›-conversion for ‹λ›-expressions, as well
as dedicated axioms for encoding. A full accounting of the axioms in their representation in the
embedding is found in section~\ref{axioms}. For the original axioms refer to \<^cite>‹‹Chap. 8› in PM›.
At this point the axioms of encoding are the most relevant, namely:
\begin{itemize}
\item ‹xF → □xF›
\item ‹O!x → ¬∃F xF›
\item ‹∃x (A!x & ∀F (xF ≡ φ))›,\\ provided x doesn't occur free in ‹φ›
\end{itemize}
So encoding is modally rigid, ordinary objects do not encode properties and
most importantly the comprehension axiom for abstract objects that was already mentioned above:
For every condition on properties ‹φ› there exists an abstract object, that encodes exactly
those properties, that satisfy ‹φ›.
›
section‹Hyperintensionality of Relations›
text‹
\label{hyperintensionality}
An interesting property of the Theory of Abstract Objects results from the definition
of identity for one-place relations. Recall that two properties are defined to be identical
if and only if they are \emph{encoded} by the same (abstract) objects. The theory imposes no
restrictions whatsoever on which properties an abstract object encodes.
Let for example ‹F› be the property \emph{being the morning star} and ‹G› be the
property \emph{being the evening star}. Since the morning star and the evening star are
actually both the planet Venus, every object that \emph{exemplifies} ‹F› will also
\emph{exemplify} ‹G› and vice-versa: ‹□∀x Fx ≡ Gx›. However the concept of being
the morning star is different from the concept of being the evening star. The Theory of Abstract
Objects therefore does not prohibit the existence of an abstract object that \emph{encodes} ‹F›,
but does \emph{not} encode ‹G›. Therefore by the definition of identity for properties
it does \emph{not} hold that ‹F = G›. As a matter of fact the Theory of Abstract Objects
does not force ‹F = G› for any ‹F› and ‹G›. It rather stipulates what needs
to be proven, if ‹F = G› is to be established, namely that they are necessarily encoded by
the same objects. Therefore if two properties \emph{should} be equal in some context an axiom has to be added
to the theory that allows to prove that both properties are encoded by the same abstract objects.
The fact that the following relation terms do \emph{not} necessarily denote the same relations illustrates
the extent of this \emph{hyperintensionality}:
\begin{center}
‹[λy p ∨ ¬p]› and ‹[λy q ∨ ¬q]›\\
‹[λy p & q]› and ‹[λy q & p]›
\end{center}
Of course the theory can be extended in such a way that these properties are equal.
However, without additional axioms their equality is not derivable.
Although the relations of object theory are hyperintensional entities,
propositional reasoning is still governed by classical
extensionality. For example properties that are necessarily exemplified by the same objects can be
substituted for each other in an exemplification formula, the law of the excluded middle can be
used in propositional reasoning, etc.
The Theory of Abstract Objects is an \emph{extensional} theory of \emph{intensional}
entities\mbox{\<^cite>‹‹(\ref{PM-prop-equiv})› in PM›}.
›
section‹The Aczel-Model›
text‹
\label{aczel-model}
When thinking about a model for the theory one will quickly notice the following problem:
The comprehension axiom for abstract objects implies that for each set of properties there exists
an abstract object encoding exactly those properties. Considering the definition of identity there therefore
exists an injective map from the power set of properties to the set of abstract objects.
On the other hand for an object ‹y› the term \mbox{‹[λx Rxy]›} constitutes a property.
If for distinct abstract objects these properties were distinct, this would result in a violation of
Cantor's theorem, since this would mean that there is an injective map from the power set of properties
to the set of properties. So does the Theory of Abstract Objects as constructed above have a model?
An answer to this question was provided by Peter Aczel\footnote{In fact to our knowledge Dana Scott
proposed a first model for the theory before Peter Aczel that we believe is a special case of an
Aczel-model with only one \emph{special urelement}.} who proposed the model structure illustrated
in figure~\ref{aczel-model-graphic}.
\begin{figure}[!h]
\caption{Illustration of the Aczel-Model, courtesy of Edward Zalta}
\includegraphics[width=\textwidth]{aczel-model.pdf}
\label{aczel-model-graphic}
\end{figure}
In the Aczel-model abstract objects are represented by sets of properties. This of course validates
the comprehension axiom of abstract objects. Properties on the other hand are not naively represented
by sets of objects, which would lead to a violation of Cantor's theorem, but rather as the sets of
\emph{urelements}. Urelements are partitioned into two groups, ordinary urelements
(‹C› in the illustration) and special urelements (‹S› in the illustration).
Ordinary urelements can serve as the denotations of ordinary objects. Every abstract object on
the other hand has a special urelement as its proxy. Which properties an abstract object exemplifies
depends solely on its proxy. However, the map from abstract objects to special urelements is
not injective; more than one abstract object can share the same proxy. This way a violation of
Cantor's theorem is avoided. As a consequence there are abstract objects, that
cannot be distinguished by the properties they exemplify. Interestingly the existence of abstract objects
that are exemplification-indistinguishable is a theorem of PLM, see (\ref{PM-aclassical2})\<^cite>‹PM›.
Although the Aczel-model illustrated in figure~\ref{aczel-model-graphic} is non-modal,
the extension to a modal version is straightforward by introducing primitive possible worlds
as in the Kripke semantics of modal logic.
Further note that relations in the Aczel-model are \emph{extensional}. Since properties are represented as the
power set of urelements, two properties are in fact equal if they are exemplified by the same objects.
Consequently statements like ‹[λ p ∨ ¬p] = [λ q ∨ ¬q]› are true in the model,
although they are not derivable from the axioms of object theory as explained in the previous section.
For this reason an \emph{intensional} variant of the Aczel-model is developed and used as the
basis of the embedding. The technicalities of this model are described in the next chapter
(see~\ref{hyper-aczel-model}).
›
chapter‹The Embedding›
text‹
\label{embedding}
›
section‹The Framework Isabelle/HOL›
text‹
The embedding is implemented in Isabelle/HOL, that provides a functional higher-order logic
that serves as meta-logic. An introduction to Isabelle/HOL can be found in \<^cite>‹Isabelle›\footnote{
An updated version is available at \url{http://isabelle.in.tum.de/doc/tutorial.pdf} or in the
documentation of the current Isabelle release, see \url{http://isabelle.in.tum.de/}.}. For a general
introduction to HOL and its automation refer to \<^cite>‹B5›.
The Isabelle theory containing the embedding is included in the appendix and documented in this chapter.
Throughout the chapter references to the various sections of the appendix can be found.
This document itself is generated from a separate Isabelle theory that imports the complete
embedding. The terms and theorems discussed throughout this chapter (starting from~\ref{representation-layer})
are well-formed terms or valid theorems in the embedding, unless the contrary is stated explicitly. Furthermore
the \emph{pretty printing} facility of Isabelle's document generation has been utilized to
make it easier to distinguish between the embedded logic and the meta-logic: all expressions
that belong to the embedded logic are printed in blue color throughout the chapter.
For technical reasons this color coding could not be used for the raw Isabelle theory in the
appendix. Still note the use of bold print for the quantifiers and connectives of the embedded
logic.
›
section‹A Russell-style Paradox›
text‹
\label{russell-paradox}
One of the major challenges of an implementation of the Theory of Abstract Objects in functional
logic is the fact that a naive representation of the ‹λ›-expressions of the theory using the
unrestricted, ‹β›-convertible ‹λ›-expressions of functional logic results in the following
paradox (see \<^cite>‹‹pp. 24-25› in rtt›):
Assume ‹[λx ∃F (xF & ¬Fx)]› were a valid ‹λ›-expression denoting a relation.
Now the comprehension axiom of abstract objects requires the following:
\begin{center}
‹∃x (A!x & ∀F (xF ≡ F = [λx ∃F (xF & ¬Fx)]))›
\end{center}
So there is an abstract object that encodes only the property ‹[λx ∃F (xF & ¬Fx)]›.
Let ‹b› be such an object. Now first assume ‹b› exemplifies
‹[λx ∃F (xF & ¬Fx)]›. By ‹β›-reduction this implies that there exists a property, that
‹b› encodes, but does not exemplify. Since ‹b› only encodes ‹[λx ∃F (xF & ¬Fx)]›,
but does also exemplify it by assumption this is a contradiction.
Now assume ‹b› does not exemplify ‹[λx ∃F (xF & ¬Fx)]›. By ‹β›-reduction it
follows that there does not exist a property that ‹b› encodes, but does not exemplify.
Since ‹b› encodes ‹[λx ∃F (xF & ¬Fx)]› by construction and does not exemplify
it by assumption this is again a contradiction.
This paradox is prevented in the formulation of object theory by disallowing encoding
subformulas in ‹λ›-expressions, so in particular ‹[λx ∃F (xF & ¬Fx)]› is not
part of the language. However during the construction of the embedding it was discovered
that this restriction is not sufficient to prevent paradoxes in general. This is discussed
in section~\ref{paradox}. The solution used in the embedding is described in
section~\ref{lambda-expressions}.
›
section‹Basic Concepts›
text‹
The introduction mentioned that shallow semantical embeddings were used to successfully represent
different varieties of modal logic by implementing them using Kripke semantics. The advantage here
is that Kripke semantics is well understood and there are extensive results about its soundness and
completeness that can be utilized in the analysis of semantical embeddings (see~\<^cite>‹ModalLogics›).
For the Theory of Abstract Objects the situation is different. Section~\ref{aczel-model} already
established that even a modal version of the traditional Aczel-model is extensional and therefore
theorems are true in it, that are not derivable from the axioms of object theory.
On the other hand the last section showed that care has to be taken to ensure the consistency of
an embedding of the theory in functional logic.
For this reason the embedding first constructs a hyperintensional version of the Aczel-model
that serves as a provably consistent basis for the theory. Then several abstraction layers
are implemented on top of the model structure in order to enable reasoning that is independent
of the particular representation. These concepts are described in more
detail in the following sections.
›
subsection‹Hyperintensional Aczel-model›
text‹
\label{hyper-aczel-model}
As mentioned in section~\ref{aczel-model} it is straightforward to extend
the traditional (non-modal) Aczel-model to a modal version by introducing
primitive possible worlds following the Kripke semantics for a modal S5 logic.
Relations in the resulting Aczel-model are, however, still \emph{extensional}.
Two relations that are necessarily exemplified by the same objects are equal.
The Aczel-model that is used as the basis for the embedding therefore introduces
\emph{states} as another primitive besides possible worlds. Truth values are
represented as ternary functions from states and possible worlds to booleans;
relations as functions from urelements, states and possible worlds to booleans.
Abstract objects are still defined as sets of one-place relations and the division
of urelements into ordinary urelements and special urelements, that serve as proxies
for abstract objects, is retained as well. Consequently encoding can still be defined
as set membership of a relation in an abstract object. Exemplification is defined
as function application of a relation to the urelement corresponding to an individual,
a state and a possible world.
The semantic truth evaluation of a proposition in a given possible world is defined
as its evaluation for a designated \emph{actual state} and the possible world.
Logical connectives are defined to behave classically in the \emph{actual state}, but
have undefined behavior in other states.
The reason for this construction becomes apparent if one considers the definition of
the identity of relations: relations are considered identical if they are \emph{encoded}
by the same abstract objects. In the constructed model encoding depends on the behavior of
a relation in all states. Two relations can necessarily be \emph{exemplified} by the
same objects in the actual state, but still not be identical, since they can differ
in other states. Therefore hyperintensionality of relations is achieved.
The dependency on states is not limited to relations, but introduced to propositions,
connectives and quantifiers as well, although the semantic truth conditions of formulas
only depend on the evaluation for the actual state. The reason for this is to be able to define
‹λ›-expressions (see section~\ref{lambda-expressions}) and to extend the
hyperintensionality of relations to them. Since the behavior of logical connectives is undefined
in states other than the actual state, the behavior of ‹λ›-expressions - although classical
in the actual state - remains undefined for different states.
In summary, since the semantic truth of a proposition solely depends on its evaluation for the designated
actual state, in which the logical connectives are defined to behave classically, the reasoning about
propositions remains classical, as desired. On the other hand the additional dependency on states allows
a representation of the hyperintensionality of relations.
The technical details of the implementation are described in section~\ref{representation-layer}.
›
subsection‹Layered Structure›
text‹
Although the constructed variant of the Aczel-model preserves the hyperintensionality of relations
in the theory, it is still known that there are true theorems in this model
that are not derivable from the axioms of object theory (see~\ref{artificial-theorems}).
Given this lack of a model with a well-understood degree of soundness and completeness, the embedding uses
a different approach than other semantical embeddings, namely the embedding is divided into
several \emph{layers} as follows:
\begin{itemize}
\item The first layer represents the primitives of PLM using the described hyperintensional
and modal variant of the Aczel-model.
\item In a second layer the objects of the embedded logic constructed in the first layer are
considered as primitives and some of their semantic properties are derived using the
background logic as meta-logic.
\item The third layer derives the axiom system of PLM mostly using the semantics of the second
layer and partly using the model structure directly.
\item Based on the third layer the deductive system PLM as described in \<^cite>‹‹Chap. 9› in PM›
is derived solely using the axiom system of the third layer and the fundamental meta-rules
stated in PLM. The model structure and the constructed semantics are explicitly
not used in any proofs. Thereby the reasoning in this last layer is independent of the
first two layers.
\end{itemize}
The rationale behind this approach is the following:
The first layer provides a representation of the embedded logic that is provably consistent.
Only minimal axiomatization is necessary, whereas the main construction is purely definitional.
Since the subsequent layers don't contain any additional axiomatization (the axiom system in the third layer
is \emph{derived}) their consistency is thereby guaranteed as well.
The second layer tries to abstract away from the details of the representation by implementing an
approximation of the formal semantics of PLM\footnote{Our thanks to Edward Zalta for supplying
us with a preliminary version of the corresponding unpublished chapter of PLM.}. The long time goal
would be to arrive at the representation of a complete semantics in this layer, that would be sufficient
to derive the axiom system in the next layer and which any specific model structure would have to satisfy.
Unfortunately this could not be achieved so far, but it was possible to lay some foundations for future work.
At the moment full abstraction from the representation layer is only achieved after deriving the axiom
system in the third layer. Still it can be reasoned that in any model of object theory the axiom system
has to be derivable and therefore by disallowing all further proofs to rely on the representation
layer and model structure directly the derivation of the deductive system PLM is universal. The only
exceptions are the primitive meta-rules of PLM: modus ponens, RN (necessitation) and
GEN (universal generalization), as well as the deduction rule. These rules do not follow from the axiom system
itself, but are derived from the semantics in the second layer (see~\ref{PLM-metarules}).
Still as the corresponding semantical rules will again have to be derivable for \emph{any} model,
this does not have an impact on the universality of the subsequent reasoning.
The technical details of the constructed embedding are described in the following sections.
\pagebreak
›
section‹The Representation Layer›
text‹
\label{representation-layer}
The first layer of the embedding (see \ref{TAO_Embedding}) implements the variant
of the Aczel-model described in section~\ref{hyper-aczel-model} and builds a representation
of the language of PLM in the logic of Isabelle/HOL. This process is outlined step by step
throughout this section.
›
subsection‹Primitives›
text‹
The following primitive types are the basis of the embedding (see \ref{TAO_Embedding_Primitives}):
\begin{itemize}
\item Type @{type i} represents possible worlds in the Kripke semantics.
\item Type @{type j} represents \emph{states} as described in section~\ref{hyper-aczel-model}.
\item Type @{type bool} represents meta-logical truth values (‹True› or ‹False›)
and is inherited from Isabelle/HOL.
\item Type @{type ω} represents ordinary urelements.
\item Type @{type σ} represents special urelements.
\end{itemize}
Two constants are introduced:
\begin{itemize}
\item The constant @{term dw} of type @{typeof dw} represents the designated actual world.
\item The constant @{term dj} of type @{typeof dj} represents the designated actual state.
\end{itemize}
Based on the primitive types above the following types are defined (see \ref{TAO_Embedding_Derived_Types}):
\begin{itemize}
\item Type @{type 𝗈} is defined as the set of all functions of type @{typ "j⇒i⇒bool"} and
represents propositions in the embedded logic.
\item Type @{type υ} is defined as @{datatype υ}. This type represents urelements and an object
of this type can be either an ordinary or a special urelement (with the respective type
constructors @{term ωυ} and @{term συ}).
\item Type @{type Π⇩0} is defined as a synonym for type @{type 𝗈} and represents zero-place
relations.
\item Type @{type Π⇩1} is defined as the set of all functions of type \mbox{@{typ "υ⇒j⇒i⇒bool"}}
and represents one-place relations (for an urelement a one-place relation evaluates
to a truth value in the embedded logic; for an urelement, a state and a possible world
it evaluates to a meta-logical truth value).
\item Type @{type Π⇩2} is defined as the set of all functions of type \mbox{@{typ "υ⇒υ⇒j⇒i⇒bool"}}
and represents two-place relations.
\item Type @{type Π⇩3} is defined as the set of all functions of type \mbox{@{typ "υ⇒υ⇒υ⇒j⇒i⇒bool"}}
and represents three-place relations.
\item Type @{type α} is defined as a synonym of the type of sets of one-place relations ‹Π⇩1 set›,
i.e. every set of one-place relations constitutes an object of type @{type α}. This type
represents abstract objects.
\item Type @{type ν} is defined as @{datatype ν}. This type represents individuals and can
be either an ordinary urelement of type @{type ω} or an abstract object of type @{type α} (with the
respective type constructors @{term ων} and @{term αν}).
\item Type @{type κ} is defined as the set of all objects of type @{typ "ν option"} and
represents individual terms. The type @{typ "'a option"} is part of Isabelle/HOL and
consists of a type constructor @{term "Some x"} for an object @{term "x"} of type @{typ 'a}
(in this case type @{type ν}) and an additional special element called @{term "None"}.
@{term "None"} is used to represent individual terms that are definite descriptions
that are not logically proper (i.e. they do not denote an individual).
\end{itemize}
\begin{remark}
The Isabelle syntax @{theory_text "typedef 𝗈 = UNIV::(j⇒i⇒bool) set morphisms eval𝗈 make𝗈 .."}
found in the theory source in the appendix introduces a new abstract type @{type 𝗈} that is represented
by the full set (@{term UNIV}) of objects of type @{typ "j⇒i⇒bool"}. The morphism ‹eval𝗈› maps
an object of abstract type @{type 𝗈} to its representative of type @{typ "j⇒i⇒bool"}, whereas
the morphism ‹make𝗈› maps an object of type @{typ "j⇒i⇒bool"} to the object
of type @{type 𝗈} that is represented by it. Defining these abstract types makes it
possible to consider the defined types as primitives in later stages of the embedding,
once their meta-logical properties are derived from the underlying representation.
For a theoretical analysis of the representation layer the type @{type 𝗈} can be considered
a synonym of @{typ "j⇒i⇒bool"}.
The Isabelle syntax @{theory_text "setup_lifting type_definition_𝗈"} allows definitions for the
abstract type @{type 𝗈} to be stated directly for its representation type @{typ "j⇒i⇒bool"}
using the syntax @{theory_text "lift_definition"}.
For the sake of readability in the documentation of the embedding the morphisms are omitted
and definitions are stated directly for the representation types\footnote{The omission of the
morphisms is achieved using custom \emph{pretty printing} rules for the document generation
facility of Isabelle. The full technical details without these minor omissions can be found in the
raw Isabelle theory in the appendix.}.
\end{remark}
›
subsection‹Individual Terms and Definite Descriptions›
text‹
\label{individual-terms-and-descriptions}
There are two basic types of individual terms in PLM: definite descriptions and individual variables
(and constants). Every logically proper definite description denotes an individual. A definite
description is logically proper if its matrix is (actually) true for a unique individual.
In the embedding the type @{type κ} encompasses all individual terms, i.e. individual variables,
constants \emph{and} definite descriptions. An individual (i.e. a variable or constant
of type @{type ν}) can be used in place of an individual term of type @{type κ} via the decoration
@{term "embedded_style (DUMMY⇧P)"} (see~\ref{TAO_Embedding_IndividualTerms}):
\begin{center}
@{thm νκ.rep_eq[where x=x, THEN embedded_meta_eq]}
\end{center}
The expression @{term "embedded_style (x⇧P)"} (of type @{typeof "x⇧P"}) is marked to be
logically proper (it can only be substituted by objects that are internally of the form @{term "Some x"})
and to denote the individual @{term "x"}.
Definite descriptions are defined as follows:
\begin{center}
@{thm that.rep_eq[where x=φ, THEN embedded_meta_eq]}
\end{center}
If the propriety condition of a definite description @{prop "∃!x. φ x dj dw"} holds,
i.e. \emph{there exists a unique @{term "x"}, such that @{term "φ x"} holds for the actual state and
the actual world}, the term \mbox{@{term "embedded_style (❙ιx . φ x)"}} evaluates to @{term "Some (THE x . φ x dj dw)"}.
Isabelle's @{theory_text THE} operator evaluates to the unique object, for which the given condition holds,
if there is such a unique object, and is undefined otherwise. If the propriety condition does not hold,
the term evaluates to @{term "None"}.
The following meta-logical functions are defined to aid in handling individual terms:
\begin{itemize}
\item @{thm[display] proper.rep_eq}
\item @{thm[display] rep.rep_eq}
\end{itemize}
@{term "the"} maps an object of type @{typ "'a option"} that is of the form @{term "Some x"} to
@{term "x"} and is undefined for @{term "None"}. For an object of type @{type κ} the expression
@{term "proper x"} is true, if the term is logically proper, and if this is the case,
the expression @{term "rep x"} evaluates to the individual of type @{type ν} that the term denotes.
›
subsection‹Mapping from Individuals to Urelements›
text‹
\label{individuals-to-urelements}
To map abstract objects to urelements (for which relations can be evaluated), a constant
@{term ασ} of type @{typeof ασ} is introduced, which maps abstract objects (of type @{type α})
to special urelements (of type @{type σ}), see \ref{TAO_Embedding_AbstractObjectsToSpecialUrelements}.
To assure that every object in the full domain of urelements actually is an urelement for (one or more)
individual objects, the constant @{term ασ} is axiomatized to be surjective.
Now the mapping @{term "νυ"} of type @{typeof "νυ"} can be defined as follows:
\begin{center}
@{thm νυ_def[atomize]}
\end{center}
To clarify the syntax note that this is equivalent to the following:
\begin{center}
@{lemma "(∀ x . νυ (ων x) = ωυ x) ∧ (∀ x . νυ (αν x) = συ (ασ x))" by (simp add: νυ_def)}
\end{center}
So ordinary objects are simply converted to an urelements by the type constructor
@{term "ωυ"}, whereas for abstract objects the corresponding
special urelement under ‹ασ› is converted to an urelement using the type constructor
@{term "συ"}.
\begin{remark}
Future versions of the embedding may introduce a dependency of the mapping from individuals
to urelements on states (see~\ref{artificial-theorems}).
\end{remark}
›
subsection‹Exemplification of n-place relations›
text‹
Exemplification of n-place relations can now be defined. Exemplification of zero-place
relations is simply defined as the identity, whereas exemplification of n-place relations
for ‹n ≥ 1› is defined to be true, if all individual terms are logically proper and
the function application of the relation to the urelements corresponding to the individuals
yields true for a given possible world and state (see \ref{TAO_Embedding_Exemplification}):
\pagebreak
\begin{itemize}
\item @{thm[display] exe0.rep_eq[where x=p, THEN embedded_meta_eq]}
\item @{thm[display] exe1.rep_eq[where x=F and xa=x, THEN embedded_meta_eq]}
\item @{thm[display] exe2.rep_eq[where x=F and xa=x and xb=y, THEN embedded_meta_eq]}
\item @{thm[display] exe3.rep_eq[where x=F and xa=x and xb=y and xc=z, THEN embedded_meta_eq]}
\end{itemize}
›
subsection‹Encoding›
text‹
Encoding is defined as follows (see \ref{TAO_Embedding_Encoding}):
\begin{center}
@{thm enc.rep_eq[of x F, THEN embedded_meta_eq]}
\end{center}
For a given state @{term s} and a given possible world @{term w} it holds that
an individual term @{term x} encodes @{term F}, if @{term x} is logically proper,
the denoted individual @{term "rep x"} is of the form @{term "αν α"} for
some object @{term α} (i.e. it is an abstract object) and @{term F} is contained in @{term α}
(recall that abstract objects are defined to be sets of one-place relations).
Encoding is represented as a function of states and possible worlds to ensure type-correctness,
but its evaluation does not depend on either. On the other hand whether @{term F} is contained
in @{term α} does depend on the behavior of @{term F} in \emph{all} states.
›
subsection‹Connectives and Quantifiers›
text‹
\label{connectives}
Following the model described in section~\ref{hyper-aczel-model} the connectives and quantifiers
are defined in such a way that they behave classically if evaluated for the designated actual state @{term "dj"},
whereas their behavior is governed by uninterpreted constants in any other state\footnote{Early attempts
in using an intuitionistic version of connectives and quantifiers based on \<^cite>‹"DOttaviano2012"› were
found to be insufficient to capture the full hyperintensionality of PLM, but served as inspiration
for the current construction.}.
For this purpose the following uninterpreted constants are introduced (see \ref{TAO_Embedding_Connectives}):
\begin{itemize}
\item @{const I_NOT} of type @{typeof I_NOT}
\item @{const I_IMPL} of type @{typeof I_IMPL}
\end{itemize}
Modality is represented using the dependency on primitive possible worlds using
a standard Kripke semantics for a S5 modal logic.
The basic connectives and quantifiers are defined as follows
(see \ref{TAO_Embedding_Connectives}):
\begin{itemize}
\item @{thm[display] not.rep_eq[of p, THEN embedded_meta_eq]}
\item @{thm[display] impl.rep_eq[of p q, THEN embedded_meta_eq]}
\item @{thm[display] forall⇩ν.rep_eq[of φ, rename_abs s w x, THEN embedded_meta_eq]}
\item @{thm[display] forall⇩0.rep_eq[of φ, rename_abs s w p, THEN embedded_meta_eq]}
\item @{thm[display] forall⇩1.rep_eq[of φ, rename_abs s w F, THEN embedded_meta_eq]}
\item @{thm[display] forall⇩2.rep_eq[of φ, rename_abs s w F, THEN embedded_meta_eq]}
\item @{thm[display] forall⇩3.rep_eq[of φ, rename_abs s w F, THEN embedded_meta_eq]}
\item @{thm[display] box.rep_eq[of p, THEN embedded_meta_eq]}
\item @{thm[display] actual.rep_eq[of p, THEN embedded_meta_eq]}
\end{itemize}
Note in particular that negation and implication behave
classically if evaluated for the actual state @{term "s = dj"}, but
are governed by the uninterpreted constants @{term I_NOT} and @{term I_IMPL} for
@{term "s ≠ dj"}:
\begin{itemize}
\item @{lemma[display] "s = dj ⟹ eval𝗈 (embedded_style (❙¬p)) s w = (¬eval𝗈 (embedded_style (p)) s w)"
by (unfold embedded_style_def, transfer, auto)}
\item @{lemma "s ≠ dj ⟹ eval𝗈 (embedded_style (❙¬p)) s w = (I_NOT s (eval𝗈 (embedded_style (p)) s) w)"
by (unfold embedded_style_def, transfer, auto)}
\item @{lemma[display] "s = dj ⟹ eval𝗈 (embedded_style (p ❙→ q)) s w = (eval𝗈 (embedded_style p) s w ⟶ eval𝗈 (embedded_style q) s w)"
by (unfold embedded_style_def, transfer, auto)}
\item @{lemma "s ≠ dj ⟹ eval𝗈 (embedded_style (p ❙→ q)) s w = (I_IMPL s (eval𝗈 (embedded_style p) s) (eval𝗈 (embedded_style q) s) w)"
by (unfold embedded_style_def, transfer, auto)}
\end{itemize}
\begin{remark}
Future research may conclude that non-classical behavior in states @{term "s ≠ dj"}
for negation and implication is not sufficient for achieving the desired level of
hyperintensionality for ‹λ›-expressions. It would be trivial to introduce additional
uninterpreted constants to govern the behavior of the remaining connectives and quantifiers
in such states as well, though. The remainder of the embedding would not be affected, i.e.
no assumption about the behavior of connectives and quantifiers in states other than @{term "dj"}
is made in the subsequent reasoning. At the time of writing non-classical behavior for
negation and implication is considered sufficient.
\end{remark}
›
subsection‹$\lambda$-Expressions›
text‹
\label{lambda-expressions}
The bound variables of the ‹λ›-expressions of the embedded logic are individual
variables, whereas relations are represented as functions acting on urelements.
Therefore the definition of the ‹λ›-expressions of the embedded logic is non-trivial.
The embedding defines them as follows (see \ref{TAO_Embedding_Lambda}):
\begin{itemize}
\item @{thm[display] lambdabinder0.rep_eq[of p, THEN embedded_meta_eq]}
\item @{thm[display] lambdabinder1.rep_eq[of φ, THEN embedded_meta_eq]}
\item @{thm[display, eta_contract=false] lambdabinder2.rep_eq[of "λ x y . φ x y", THEN embedded_meta_eq]}
\item @{thm[display, eta_contract=false] lambdabinder3.rep_eq[of "λ x y z . φ x y z", THEN embedded_meta_eq]}
\end{itemize}
\begin{remark}
For technical reasons Isabelle only allows ‹λ›-expressions for one-place relations
to use a nice binder notation. Although better workarounds may be possible, for now the
issue is avoided by the use of the primitive ‹λ›-expressions of the background
logic in combination with the constants @{term "❙λ⇧2"} and @{term "❙λ⇧3"} as shown above.
\end{remark}
The representation of zero-place ‹λ›-expressions as the identity is straight-forward;
the representation of n-place ‹λ›-expressions for \mbox{‹n ≥ 1›}
is illustrated for the case \mbox{‹n = 1›}:
The matrix of the ‹λ›-expression @{term "embedded_style φ"} is a function from individuals
(of type @{type ν}) to truth values (of type @{type 𝗈}, resp. @{typ "j⇒i⇒bool"}).
One-place relations are represented as functions of type @{typ "υ⇒j⇒i⇒bool"} though,
where @{type υ} is the type of urelements.
The ‹λ›-expression @{term "embedded_style (❙λx. φ x)"} evaluates to @{term "True"} for an urelement @{term u},
a state @{term s} and a world @{term w}, if there is an individual @{term "embedded_style x"} in the preimage
of @{term "u"} under @{term "νυ"} and it holds that \mbox{@{term "eval𝗈 (embedded_style (φ x)) s w"}}.
\begin{center}
@{lemma "evalΠ⇩1 (embedded_style (❙λx . φ x)) u s w = (∃ x . νυ x = u ∧ eval𝗈 (embedded_style (φ x)) s w)"
by (simp add: embedded_style_def meta_defs meta_aux)}
\end{center}
If restricted to ordinary objects, the definition can be simplified, since @{term "νυ"} is bijective
on the set of ordinary objects:
\begin{center}
@{lemma "evalΠ⇩1 (embedded_style (❙λx . φ x)) (ωυ u) s w = eval𝗈 (embedded_style (φ) (ων u)) s w"
by (simp add: embedded_style_def meta_defs meta_aux, metis ν.exhaust νυ_ων_is_ωυ υ.inject(1) no_αω)}
\end{center}
However in general @{term "νυ"} can map several abstract objects to the same special urelement,
so an analog statement for abstract objects does not hold for arbitrary @{term "φ"}. As described
in section~\ref{russell-paradox} such a statement would in fact not be desirable, since it would
lead to inconsistencies.
Instead the embedding introduces the concept of \emph{proper maps}.
A map from individuals to propositions is defined to be proper if its truth evaluation for the actual state only
depends on the urelements corresponding to the individuals (see \ref{TAO_Embedding_Proper}):
\begin{itemize}
\item @{thm[display] IsProperInX.rep_eq[of φ]}
\item @{thm[display] IsProperInXY.rep_eq[of φ]}
\item @{thm[display] IsProperInXYZ.rep_eq[of φ]}
\end{itemize}
Now by the definition of proper maps the evaluation of ‹λ›-expressions behaves as expected
for proper @{term "embedded_style φ"}:
\begin{center}
@{lemma "IsProperInX (embedded_style φ) ⟷ (∀ w x . evalΠ⇩1 (embedded_style (❙λx . φ (x⇧P))) (νυ x) dj w = eval𝗈 (embedded_style (φ (x⇧P))) dj w)"
by (auto simp: embedded_style_def meta_defs meta_aux IsProperInX_def)}
\end{center}
\begin{remark}
The right-hand side of the equation above does not quantify over all states,
but is restricted to the actual state @{term "dj"}.
This is sufficient given that truth evaluation only depends on the actual state
and goes along with the desired semantics of ‹λ›-expressions (see~\ref{semantics-lambda}).
\end{remark}
Maps that contain encoding formulas in their arguments are in general
not proper and thereby the paradox mentioned in section~\ref{russell-paradox} is prevented.
In fact proper maps are the most general kind of functions that may appear in a lambda-expression,
such that ‹β›-conversion holds. In what way proper maps correspond to the formulas that PLM
allows as the matrix of a ‹λ›-expression is a complex question and discussed separately in
section~\ref{differences-lambda}.
›
subsection‹Validity›
text‹
Semantic validity is defined as follows (see \ref{TAO_Embedding_Validity}):
\begin{center}
@{thm valid_in.rep_eq[of v "embedded_style φ"]}
\end{center}
A formula is considered semantically valid for a possible world @{term v} if it evaluates
to @{term True} for the actual state @{term dj} and the given possible world @{term v}.
\begin{remark}
The Isabelle Theory in the appendix defines the syntax \mbox{‹v ⊨ p›} in the representation
layer, following the syntax used in the formal semantics of PLM.
The syntax \mbox{@{term "[p in v]"}} that is easier to use in Isabelle due to bracketing the expression
is only introduced after the semantics is derived in \ref{TAO_Semantics_Validity}.
For simplicity only the latter syntax is used in this documentation.
\end{remark}
›
subsection‹Concreteness›
text‹
\label{concreteness}
PLM defines concreteness as a one-place relation constant. For the embedding care has to
be taken that concreteness actually matches the primitive distinction between ordinary and
abstract objects. The following requirements have to be satisfied by the introduced notion of
concreteness:
\begin{itemize}
\item Ordinary objects are possibly concrete. In the meta-logic this means that for every
ordinary object there exists at least one possible world, in which the object is concrete.
\item Abstract objects are not possibly concrete.
\end{itemize}
An additional requirement is enforced by axiom (\ref{PM-qml}.4)\<^cite>‹"PM"›, see~\ref{axioms-necessity}.
To satisfy this axiom the following has to be assured:
\begin{itemize}
\item Possibly contingent objects exist. In the meta-logic this means that there exists
an ordinary object and two possible worlds, such that the ordinary object is
concrete in one of the worlds, but not concrete in the other.
\item Possibly no contingent objects exist. In the meta-logic this means that there exists
a possible world, such that all objects that are concrete in this world, are concrete
in all possible worlds.
\end{itemize}
In order to satisfy these requirements a constant @{const ConcreteInWorld} is introduced,
that maps ordinary objects (of type @{type ω}) and possible worlds (of type @{type i})
to meta-logical truth values (of type @{type bool}). This constant is axiomatized in the
following way (see~\ref{TAO_Embedding_Concreteness}):
\begin{itemize}
\item @{thm OrdinaryObjectsPossiblyConcreteAxiom}
\item @{thm PossiblyContingentObjectExistsAxiom}
\item @{thm PossiblyNoContingentObjectExistsAxiom}
\end{itemize}
Concreteness can now be defined as a one-place relation:
\begin{center}
@{thm Concrete.rep_eq[THEN embedded_meta_eq]}
\end{center}
Whether an ordinary object is concrete is governed by the introduced constant, whereas
abstract objects are never concrete.
›
subsection‹The Syntax of the Embedded Logic›
text‹
The embedding aims to provide a readable syntax for the embedded logic that is as close as possible
to the syntax of PLM and clearly distinguishes between the embedded
logic and the meta-logic. Some concessions have to be made due to the limitations of definable syntax
in Isabelle, though. Moreover exemplification and encoding have to use a dedicated syntax in order
to be distinguishable from function application.
The syntax for the basic formulas of PLM used in the embedding is summarized in the
following table:
\begin{center}
\begin{tabular}{l|l|l|c}
PLM & syntax in words & embedded logic & type \\
\hline
‹φ› & it holds that ‹φ› & @{term "embedded_style (φ)"} & @{type 𝗈} \\
‹¬φ› & not ‹φ› & @{term "embedded_style (❙¬φ)"} & @{type 𝗈} \\
‹φ → ψ› & ‹φ› implies ‹ψ› & @{term "embedded_style (φ ❙→ ψ)"} & @{type 𝗈} \\
‹□φ› & necessarily ‹φ› & @{term "embedded_style (❙□φ)"} & @{type 𝗈} \\
‹𝒜φ› & actually ‹φ› & @{term "embedded_style (❙𝒜φ)"} & @{type 𝗈} \\
‹Πυ› & ‹υ› (an individual term) exemplifies ‹Π› & @{term "embedded_style ⦇Π,υ⦈"} & @{type 𝗈} \\
‹Πx› & ‹x› (an individual variable) exemplifies ‹Π› & @{term "embedded_style ⦇Π,x⇧P⦈"} & @{type 𝗈} \\
‹Πυ⇩1υ⇩2› & ‹υ⇩1› and ‹υ⇩2› exemplify ‹Π› & @{term "embedded_style ⦇Π,υ⇩1,υ⇩2⦈"} & @{type 𝗈} \\
‹Πxy› & ‹x› and ‹y› exemplify ‹Π› & @{term "embedded_style ⦇Π,x⇧P,y⇧P⦈"} & @{type 𝗈} \\
‹Πυ⇩1υ⇩2υ⇩3› & ‹υ⇩1›, ‹υ⇩2› and ‹υ⇩3› exemplify ‹Π› & @{term "embedded_style ⦇Π,υ⇩1,υ⇩2,υ⇩3⦈"} & @{type 𝗈} \\
‹Πxyz› & ‹x›, ‹y› and ‹z› exemplify ‹Π› & @{term "embedded_style ⦇Π,x⇧P,y⇧P,z⇧P⦈"} & @{type 𝗈} \\
‹υΠ› & ‹υ› encodes ‹Π› & @{term "embedded_style ⦃υ,Π⦄"} & @{type 𝗈} \\
‹ιxφ› & \emph{the} ‹x›, such that ‹φ› & @{term "embedded_style (❙ιx . φ x)"} & @{type κ} \\
‹∀x(φ)› & for all individuals ‹x› it holds that ‹φ› & @{term "embedded_style (❙∀⇩ν x . φ x)"} & @{type 𝗈} \\
‹∀p(φ)› & for all propositions ‹p› it holds that ‹φ› & @{term "embedded_style (❙∀⇩0 p . φ p)"} & @{type 𝗈} \\
‹∀F(φ)› & for all relations ‹F› it holds that ‹φ› & @{term "embedded_style (❙∀⇩1 F . φ F)"} & @{type 𝗈} \\
& & @{term "embedded_style (❙∀⇩2 F . φ F)"} & \\
& & @{term "embedded_style (❙∀⇩3 F . φ F)"} & \\
‹[λ p]› & being such that ‹p› & @{term "embedded_style (❙λ⇧0 p)"} & @{typ Π⇩0} \\
‹[λx φ]› & being ‹x› such that ‹φ› & @{term "embedded_style (❙λ x . φ x)"} & @{type Π⇩1} \\
‹[λxy φ]› & being ‹x› and ‹y› such that ‹φ› & @{term[eta_contract=false] "embedded_style (❙λ⇧2 (λ x y . φ x y))"} & @{type Π⇩2} \\
‹[λxyz φ]› & being ‹x›, ‹y› and ‹z› such that ‹φ› & @{term[eta_contract=false] "embedded_style (❙λ⇧3 (λ x y z . φ x y z))"} & @{type Π⇩3}
\end{tabular}
\end{center}
\pagebreak
Several subtleties have to be considered:
\begin{itemize}
\item @{term "n"}-place relations are only represented for \mbox{‹n ≤ 3›}.
As the resulting language is already expressive enough to represent the most interesting
parts of the theory and it would be trivial to add analog implementations for
\mbox{‹n > 3›}, this is considered to be sufficient. Future work may attempt to construct a general
representation for ‹n›-place relations for arbitrary ‹n›.
\item Individual terms (that can be descriptions) and individual variables, resp. constants have
different types. Exemplification and encoding is defined for individual terms of type @{type κ}.
Individual variables (i.e. variables of type @{type ν}) or individual constants
(i.e. constants of type @{type ν}) can be converted to type @{type κ} using the
decoration~@{term "embedded_style (DUMMY⇧P)"}.
\item In PLM a general term @{term "φ"}, as it occurs in definite descriptions,
quantification formulas and ‹λ›-expressions above, can contain \emph{free} variables. If
such a term occurs within the scope of a variable binding operator, free occurrences of
the variable are considered to be \emph{bound} by the operator. In the embedding this concept
is replaced by representing @{term "embedded_style φ"} as a \emph{function} acting on the bound variables
and using the native concept of binding operators in Isabelle.
\item The representation layer of the embedding defines a separate quantifier for every type of
variable in PLM. This is done to assure that only quantification ranging over these types
is part of the embedded language. The definition of a general quantifier in the representation layer
could for example be used to quantify over individual \emph{terms} (of type @{type κ}), whereas
only quantification ranging over individuals (of type @{type ν}) is part of the language of PLM.
After the semantics is introduced in section~\ref{semantics}, a \emph{type class} is constructed
that is characterized by the semantics of quantification and instantiated for all variable types.
This way a general binder that can be used for all variable types can be defined. The details
of this approach are explained in section~\ref{general-quantifier}.
\end{itemize}
The syntax used for stating that a proposition is semantically valid is the following:
\begin{center}
@{term "[φ in v]"}
\end{center}
Here @{term "embedded_style φ"} and @{term "v"} are free variables (in the meta-logic).
Therefore, stating the expression above as a lemma will implicitly be a quantified statement over all
propositions @{term "embedded_style φ"} and all possible worlds @{term "v"} (unless
@{term "embedded_style φ"} or @{term "v"} are explicitly restricted in the current scope
or globally declared as constants).
\vfill
\pagebreak
›
context Semantics
begin
section‹Semantic Abstraction›
text‹
\label{semantics}
The second layer of the embedding (see~\ref{TAO_Semantics}) abstracts away from the technicalities
of the representation layer and states the truth conditions for formulas of the embedded logic
in a similar way as the (at the time of writing unpublished) semantics of object theory.
›
subsection‹Domains and Denotation Functions›
text‹
In order to do so the abstract types introduced in the representation layer
@{typ κ}, @{typ 𝗈} resp. @{typ Π⇩0}, @{typ Π⇩1}, @{typ Π⇩2} and @{typ Π⇩3} are considered
as primitive types and assigned semantic domains: @{type R⇩κ}, @{typ R⇩0}, @{typ R⇩1},
@{typ R⇩2} and @{typ R⇩3} (see~\ref{TAO_Semantics_Semantics_Domains}).
For the embedding the definition of these semantic domains is trivial, since the abstract types of
the representation layer are already modeled using representation sets. Therefore the semantic domain
for each type can simply be defined as the type of its representatives.
As a next step denotation functions are defined that assign semantic denotations to the objects of each
abstract type (see~\ref{TAO_Semantics_Semantics_Denotations}).
The formal semantics of PLM does not a priori assume that every term has a denotation. Therefore,
the denotation functions are represented as functions that map to the ‹option› type of the
respective domain. This way they can either map a term to @{term "Some x"}, if the term denotes
@{term "x"}, or to @{term "None"}, if the term does not denote.
In the embedding all relation terms always denote, therefore the denotation functions @{term "d⇩0"},
‹…›, @{term "d⇩3"} for relations can simply be defined as the type constructor @{term "Some"}.
Individual terms on the other hand are already represented by an ‹option› type,
so the denotation function @{term "d⇩κ"} can be defined as the identity.
Moreover the primitive type of possible worlds @{type i} is used as the semantic domain of possible
worlds @{typ W} and the primitive actual world @{term "dw"} as the semantic actual world
@{term "w⇩0"} (see~\ref{TAO_Semantics_Semantics_Actual_World}).
\begin{remark}
Although the definitions for semantic domains and denotations may seem redundant, conceptually
the abstract types of the representation layer now have the role of primitive types. Although for
simplicity the last section regarded the type @{type 𝗈} as synonym of \mbox{@{typ "j⇒i⇒bool"}}, it was
introduced as a distinct type for which the set of all functions of type \mbox{@{typ "j⇒i⇒bool"}} merely
serves as the underlying set of representatives. An object of type @{type 𝗈} cannot directly be
substituted for a variable of type \mbox{@{typ "j⇒i⇒bool"}}. To do so it first has to be mapped to its
representative of type \mbox{@{typ "j⇒i⇒bool"}} by the use of the morphism @{term "eval𝗈"} that was introduced
in the type definition and omitted in the last section for the sake of readability. Therefore although
the definitions of the semantic domains and denotation functions may seem superfluous, the domains are
different types than the corresponding abstract type and the denotation functions are functions between
distinct types (note the use of @{theory_text "lift_definition"} rather than @{theory_text "definition"}
for the denotation functions in~\ref{TAO_Semantics_Semantics_Denotations} that allows to define
functions on abstract types in the terms of the underlying representation types).
\end{remark}
›
subsection‹Exemplification and Encoding Extensions›
text‹
Semantic truth conditions for exemplification formulas are defined using \emph{exemplification extensions}.
Exemplification extensions are functions relative to
semantic possible worlds that map objects in the domain of ‹n›-place relations to meta-logical truth
values in the case \mbox{‹n = 0›} and sets of ‹n›-tuples of objects in the domain
of individuals in the case \mbox{‹n ≥ 1›}. Formally they are defined as follows
(see~\ref{TAO_Semantics_Semantics_Exemplification_Extensions}):
\begin{itemize}
\item @{thm[display] ex0_def[expand2, of p w]}
\item @{thm[display] ex1_def[expand2, of F w]}
\item @{thm[display] ex2_def[expand2, of R w]}
\item @{thm[display] ex3_def[expand2, of R w]}
\end{itemize}
The exemplification extension of a ‹0›-place relation is its evaluation for the actual state and the
given possible world. The exemplification extension of ‹n›-place relations \mbox{(‹n ≥ 1›)}
in a possible world is the set of all (tuples of) \emph{individuals} that are mapped to
\emph{urelements} for which the relation evaluates to true for the given possible world and the
actual state. This is in accordance with the constructed Aczel-model (see~\ref{hyper-aczel-model}).
Conceptually, exemplification extensions as maps to sets of \emph{individuals} are independent of the underlying
model and in particular do not require the concept of \emph{urelements} as they are present in an
Aczel-model. Their use in the definition of truth conditions for exemplification formulas below
is therefore an abstraction away from the technicalities of the representation layer.
Similarly to the exemplification extension for one-place relations an \emph{encoding extension}
is defined as follows (see~\ref{TAO_Semantics_Semantics_Encoding_Extension}):
\begin{center}
@{thm en_def[expand1, of F]}
\end{center}
The encoding extension of a relation is defined as the set of all abstract objects that contain
the relation. Since encoding is modally rigid the encoding extension does not need to be relativized
for possible worlds.
›
subsection‹Truth Conditions of Formulas›
text‹
Based on the definitions above it is now possible to define truth conditions
for the atomic formulas of the language.
For exemplification formulas of ‹n›-place relations
it suffices to consider the case of one-place relations, for which the truth condition is defined
as follows (see~\ref{TAO_Semantics_Semantics_Exemplification}):
\begin{center}
@{thm T1_1[of w "embedded_style Π" "embedded_style κ"]}
\end{center}
The relation term @{term "embedded_style Π"} is exemplified by an individual term @{term "embedded_style κ"} in a possible world
@{term "w"} if both terms have a denotation and the denoted individual is contained in the exemplification
extension of the denoted relation in @{term "w"}. The definitions for ‹n›-place relations
\mbox{(‹n > 1›)} and ‹0›-place relations are analog.
The truth condition for encoding formulas is defined in a similar manner
(see~\ref{TAO_Semantics_Semantics_Encoding}):
\begin{center}
@{thm T2[of w "embedded_style κ" "embedded_style Π"]}
\end{center}
The only difference to exemplification formulas is that the encoding extension does not depend
on the possible world @{term "w"}.
The truth conditions for complex formulas are straightforward
(see~\ref{TAO_Semantics_Semantics_Complex_Formulas}):
\begin{itemize}
\item @{thm[display] T4[of w ψ]}
\item @{thm[display] T5[of w ψ χ]}
\item @{thm[display] T6[of w ψ]}
\item @{thm[display] T7[of w ψ]}
\item @{thm[display] T8_ν[of w ψ]}
\item @{thm[display] T8_0[of w ψ]}
\item @{thm[display] T8_1[of w ψ]}
\item @{thm[display] T8_2[of w ψ]}
\item @{thm[display] T8_3[of w ψ]}
\end{itemize}
A negation formula @{term "embedded_style (❙¬ψ)"} is semantically true in a possible world, if and only if
@{term "embedded_style ψ"} is not semantically true in the given possible world. Similarly truth conditions for
implication formulas and quantification formulas are defined canonically.
The truth condition of the modal box operator @{term "embedded_style (❙□ψ)"} as @{term "embedded_style ψ"} being true in all
possible worlds, shows that modality follows a S5 logic. A formula involving the actuality operator @{term "embedded_style (❙𝒜ψ)"}
is defined to be semantically true, if and only if @{term "embedded_style ψ"} is true in the designated actual world.
›
subsection‹Denotation of Definite Descriptions›
text‹
The definition of the denotation of description terms (see~\ref{TAO_Semantics_Semantics_Descriptions})
can be presented in a more readable form by splitting it into its two cases and by using the meta-logical
quantifier for unique existence:
\begin{itemize}
\item @{lemma[display] "(∃!x. [ψ x in w⇩0])
⟹ d⇩κ (embedded_style (❙ιx. ψ x)) = Some (THE x. [ψ x in w⇩0])"
by (auto simp: embedded_style_def D3)}
\item @{lemma[display] "¬(∃!x. [ψ x in w⇩0])
⟹ d⇩κ (embedded_style (❙ιx. ψ x)) = None"
by (auto simp: embedded_style_def D3)}
\end{itemize}
If there exists a unique @{term "x"}, such that @{term "embedded_style (ψ x)"} is true in the actual world,
the definite description denotes and its denotation is this unique @{term "x"}. Otherwise
the definite description fails to denote.
It is important to consider what happens if a non-denoting definite description occurs in a formula:
The only positions in which such a term could occur in a complex formula is in an exemplification expression
or in an encoding expression. Given the above truth conditions it becomes clear, that
the presence of non-denoting terms does \emph{not} mean that there are formulas without
truth conditions: Since exemplification and encoding formulas are defined to be true \emph{only if}
the contained individual terms have denotations, such formulas are @{term "False"} for non-denoting
individual terms.
›
subsection‹Denotation of $\lambda$-Expressions›
text‹
\label{semantics-lambda}
The most complex part of the semantic abstraction is the definition of denotations for ‹λ›-expressions.
The formal semantics of PLM is split into several cases and uses a special class of
\emph{Hilbert-Ackermann ‹ε›-terms} that are challenging to represent. Therefore a simplified
formulation of the denotation criteria is used. Moreover the denotations of ‹λ›-expressions are
coupled to syntactical conditions. This fact is represented using the notion of \emph{proper maps}
as a restriction for the matrix of a ‹λ›-expression that was introduced in section~\ref{lambda-expressions}.
The definitions are implemented as follows (see~\ref{TAO_Semantics_Semantics_Lambda_Expressions}):
\begin{itemize}
\item @{lemma[display] "d⇩1 (embedded_style (❙λx. ⦇Π, x⇧P⦈)) = d⇩1 (embedded_style Π)"
by (simp add: embedded_style_def D4_1)}
\item @{lemma[display] "IsProperInX (embedded_style φ) ⟹ Some r = d⇩1 (embedded_style (❙λx. φ (x⇧P)))
∧ Some o⇩1 = d⇩κ (embedded_style x) ⟶ (o⇩1 ∈ ex1 r w) = [φ x in w]"
by (simp add: embedded_style_def D5_1)}
\item @{lemma[display] "Some r = d⇩0 (embedded_style (❙λ⇧0 φ)) ⟶ ex0 r w = [φ in w]"
by (simp add: embedded_style_def D6)}
\end{itemize}
The first condition for \emph{elementary} ‹λ›-expressions is straightforward.
The general case in the second condition is more complex: Given that the matrix @{term "embedded_style φ"}
is a proper map, the relation denoted by the ‹λ›-expression has the property, that for a
denoting individual term @{term "embedded_style x"}, the denoted individual is contained in
its exemplification extension for a possible world @{term "w"}, if and only if @{term "embedded_style (φ x)"}
holds in @{term "w"}.
At a closer look this is the statement of ‹β›-conversion restricted to denoting individuals:
the truth condition of the ‹λ›-expression being exemplified by some denoting individual term,
is the same as the truth condition of the matrix of the term for the denoted individual.
Therefore it is clear that the precondition that @{term "embedded_style φ"} is a proper map
is necessary and sufficient.
Given this consideration the case for ‹0›-place relations is straightforward and
the cases for \mbox{‹n ≥ 2›} are analog to the case \mbox{‹n = 1›}.
›
subsection‹Properties of the Semantics›
text‹
The formal semantics of PLM imposes several further restrictions some of which are derived as
auxiliary lemmas. Furthermore some auxiliary statements that are specific to the underlying
representation layer are proven.
The following auxiliary statements are derived (see~\ref{TAO_Semantics_Semantics_Auxiliary_Lemmata}):
\begin{enumerate}
\item All relations denote, e.g. @{thm[display] propex⇩1[of "embedded_style F"]}
\item An individual term of the form @{term "embedded_style (x⇧P)"} denotes @{term "x"}:
@{lemma[display] "d⇩κ (embedded_style (x⇧P)) = Some x"
by (simp add: embedded_style_def d⇩κ_proper)}
\item Every ordinary object is contained in the extension of the concreteness property for some
possible world:
@{lemma[display] "Some r = d⇩1 (embedded_style (E!)) ⟹ (∀ x . ∃ w . ων x ∈ ex1 r w)"
by (simp add: embedded_style_def ConcretenessSemantics1)}
\item An object that is contained in the extension of the concreteness property in any world is
an ordinary object:
@{lemma[display] "Some r = d⇩1 (embedded_style (E!)) ⟹ (∀ x . x ∈ ex1 r w ⟶ (∃ y . x = ων y))"
by (simp add: embedded_style_def ConcretenessSemantics2)}
\item The denotation functions for relation terms are injective, e.g.
@{thm[display] d⇩1_inject[of "embedded_style F" "embedded_style G"]}
\item The denotation function for individual terms is injective for denoting terms:
@{thm[display] d⇩κ_inject[of "o⇩1" "embedded_style x" "embedded_style y"]}
\end{enumerate}
Especially statements 5 and 6 are only derivable due to the specific construction of
the representation layer: since the semantic domains were defined as the representation sets
of the respective abstract types and denotations were defined canonically, objects that have the
same denotation are identical as objects of the abstract type. 3 and 4 are necessary to connect
concreteness with the underlying distinction between ordinary and abstract objects in the model.
›
subsection‹Proper Maps›
text‹
The definition of \emph{proper maps} as described in section~\ref{lambda-expressions} is
formulated in terms of the meta-logic. Since denotation conditions in the semantics and
later some of the axioms have to be restricted to proper maps, a method has to be devised
by which the propriety of a map can easily be shown without using meta-logical concepts.
Therefore introduction rules for @{term "IsProperInX"}, @{term "IsProperInXY"} and
@{term "IsProperInXYZ"} are derived and a proving method @{method[names_short = true] "show_proper"}
is defined that can be used to proof the propriety of a map using these introduction rules
(see~\ref{TAO_Semantics_Proper}).
The rules themselves rely on the power of the \emph{unifier} of Isabelle/HOL: Any map acting
on individuals that can be expressed by another map that solely acts on exemplification expressions
involving the individuals, is shown to be proper. This effectively means that all maps whose arguments
only appear in exemplification expressions are proper. Using the provided introduction rules
Isabelle's unifier can derive the propriety of such maps automatically.
For a discussion about the relation between
this concept and admissible ‹λ›-expressions in PLM see section~\ref{differences-lambda}.
›
end
section‹General All-Quantifier›
text‹
\label{general-quantifier}
Since the last section established the semantic truth conditions of the specific versions of the
all-quantifier for all variable types of PLM, it is now possible to define a binding symbol for general
all-quantification.
This is done using the concept of \emph{type classes} in Isabelle/HOL. Type classes define
constants that depend on a \emph{type variable} and state assumptions about this constant.
In subsequent reasoning the type of an object can be restricted to a type of the introduced
type class. Thereby the reasoning can make use of all assumptions that have been stated about
the constants of the type class. A priori it is not assumed that any type actually satisfies
the requirements of the type class, so initially statements involving types restricted
to a type class can not be applied to any specific type.
To allow that the type class has to be \emph{instantiated} for the desired type. This is done
by first providing definitions for the constants of the type class specific to the
respective type. Then each assumption made by the type class has to be proven given the
particular type and the provided definitions. After that any statement that was proven for
the type class can be applied to the instantiated type.
In the case of general all-quantification for the embedding this concept can be utilized by
introducing the type class @{class quantifiable} that is equipped with a constant that is used
as the general all-quantification binder (see~\ref{TAO_Quantifiable_Class}).
For this constant it can now be assumed that it satisfies the semantic property of all
quantification: \mbox{@{thm quantifiable_T8[of w ψ]}}.
Since it was already shown in the last section that the specific all-quantifier for each
variable type satisfies this property, the type class can immediately be instantiated for the
types @{type ν}, @{type Π⇩0}, @{type Π⇩1}, @{type Π⇩2} and @{type Π⇩3} (see~\ref{TAO_Quantifiable_Instantiations}).
The instantiation proofs only need to refer to the statements derived in the semantics section for the respective version
of the quantifier and are thereby independent of the representation layer.
From this point onward the general all-quantifier can completely replace the type specific
quantifiers. This is true even if a quantification is meant to only range over objects of a
particular type: In this case the desired type (if it can not implicitly be deduced from the
context) can be stated explicitly while still using the general quantifier.
\begin{remark}
Technically it would be possible to instantiate the type class @{class quantifiable} for
any other type that satisfies the semantic criterion, thereby compromising the restriction
of the all-quantifier to the primitive types of PLM. However, this is not done in the
embedding and therefore the introduction of a general quantifier using a type class is
considered a reasonable compromise.
\end{remark}
›
section‹Derived Language Elements›
text‹
The language of the embedded logic constructed so far is limited to a minimal set of
primitive elements. This section introduces further derived language elements that are
defined directly in the embedded logic.
Notably identity is not part of the primitive language, but introduced as a \emph{defined}
concept.
›
subsection‹Connectives›
text‹
The remaining classical connectives and the modal diamond operator are defined in the traditional manner
(see~\ref{TAO_BasicDefinitions_DerivedConnectives}):
\begin{itemize}
\item @{thm[display] conj_def[expand2, THEN embedded_eq, of φ ψ]}
\item @{thm[display] disj_def[expand2, THEN embedded_eq, of φ ψ]}
\item @{thm[display] equiv_def[expand2, THEN embedded_eq, of φ ψ]}
\item @{thm[display] diamond_def[expand1, THEN embedded_eq, of φ]}
\end{itemize}
Furthermore, the general all-quantifier is supplemented by an existential quantifier as follows:
\begin{itemize}
\item @{thm[display] exists_def[expand1, of φ, THEN embedded_eq, rename_abs α]}
\end{itemize}
›
subsection‹Identity›
text‹
The definitions for identity are stated separately for each type of term
(see~\ref{TAO_BasicDefinitions_Identity}):
\begin{itemize}
\item @{thm[display] basic_identity⇩E_infix_def[unfolded basic_identity⇩E_def, THEN embedded_def, of x y]}
\item @{thm[display] basic_identity⇩1_def[expand2, of F G, rename_abs x, THEN embedded_eq]}
\item @{thm[display] basic_identity⇩2_def[expand2, of F G, rename_abs x, THEN embedded_eq]}
\item @{thm basic_identity⇩3_def[expand2, of F G, rename_abs x y, THEN embedded_eq]}
\item @{thm basic_identity⇩0_def[expand2, of p q, rename_abs x x, THEN embedded_eq]}
\end{itemize}
Similarly to the general all-quantifier it makes sense to introduce a general identity
relation for all types of terms (@{type κ}, @{type 𝗈} resp. @{typ Π⇩0}, @{typ Π⇩1}, @{typ Π⇩2}, @{typ Π⇩3}).
However, whereas all-quantification is characterized by a semantic criterion that can
be generalized in a type class, identity is defined independently for each type. Therefore a general
identity symbol will only be introduced in section~\ref{general-identity},
since it will then be possible to formulate and prove a reasonable property shared
by the identity of all types of terms.
›
context MetaSolver
begin
section‹The Proving Method meta\_solver›
text‹\label{meta_solver}›
subsection‹General Concept›
text‹
Since the semantics in section~\ref{semantics} constructed a first abstraction on top of the
representation layer, it makes sense to revisit the general concept of the layered structure
of the embedding.
The idea behind this structure is that reasoning in subsequent layers should - as far as possible - only
rely on the previous layer. However, the restriction of proofs to a specific subset of the facts
that are valid in the global context can be cumbersome for automated reasoning. While it is possible
to restrict automated reasoning tools to only consider specific sets of facts, it is still an
interesting question whether the process of automated reasoning in the layered approach can be made easier.
To that end the embedding utilizes the Isabelle package \emph{Eisbach}. This package allows to conveniently
define new proving methods that are based on the systematic application of existing methods.
\begin{remark}
The Eisbach package even allows the construction of more complex proving methods that involve
pattern matching. This functionality is utilized in the construction of a substitution method as
described in section~\ref{substitution-method}.
\end{remark}
The idea is to construct a simple resolution prover that can deconstruct complex
formulas of the embedded logic to simpler formulas that are connected by a relation in the meta-logic
as required by the semantics.
For example an implication formula can be deconstructed as follows:
\begin{center}
@{thm ImplS[of v φ ψ]}
\end{center}
Whereas the basic proving methods available in Isabelle cannot immediately prove
\mbox{@{lemma "[φ ❙→ φ in v]" by (simp add: ImplS)}} without any facts about the definitions of
validity and implication, they \emph{can} prove \mbox{@{lemma "[φ in v] ⟶ [φ in v]" by simp}}
directly as an instance of \mbox{@{lemma "p ⟶ p" by simp}}.
›
subsection‹Implementation›
text‹
Following this idea the method @{method meta_solver} is introduced (see~\ref{TAO_MetaSolver})
that repeatedly applies rules like the above in order to translate complex formulas of the embedded logic
to meta-logical statements involving simpler formulas.
The formulation of appropriate introduction, elimination and substitution rules for the logical
connectives and quantifiers is straightforward. Beyond that the concept can be used to
resolve exemplification and encoding formulas to their semantic truth conditions as well,
e.g. (see~\ref{TAO_MetaSolver_Encoding}):
\begin{center}
@{thm Exe1S[of v F x]}
\end{center}
This way a large set of formulas can be decomposed to semantic expressions that can be automatically
proven without having to rely on the meta-logical definitions directly.
Additionally the @{method meta_solver} is equipped with rules for
being abstract and ordinary and for the defined identity.
Notably the representation layer has the property that the defined identities are equivalent to
the identity in the meta-logic. Formally the following statements are true and derived as rules
for the @{method meta_solver}:
\begin{itemize}
\item @{thm[display] Eq⇩ES[of v "embedded_style x" "embedded_style y"]}
\item @{thm[display] EqκS[of v "embedded_style x" "embedded_style y"]}
\item @{thm[display] Eq⇩1S[of v "embedded_style F" "embedded_style G"]}
\item @{thm[display] Eq⇩2S[of v "embedded_style F" "embedded_style G"]}
\item @{thm[display] Eq⇩3S[of v "embedded_style F" "embedded_style G"]}
\item @{thm[display] Eq⇩0S[of v "embedded_style F" "embedded_style G"]}
\end{itemize}
The proofs for these facts (see~\ref{TAO_MetaSolver_Identity}) are complex and do not
solely rely on the properties of the formal semantics of PLM.
The fact that they are derivable has a distinct advantage: since identical terms
in the sense of PLM are identical in the meta-logic, proving the axiom of
substitution (see~\ref{axioms-identity}) is trivial.
A derivation that is solely based on the semantics on the other hand, would require a complex
induction proof. For this reason it is considered a reasonable compromise to include these statements
as admissible rules for the @{method meta_solver}. However, future work may attempt to enforce
the separation of layers more strictly and consequently abstain from these rules.
\begin{remark}
Instead of introducing a custom proving method using the Eisbach package, a similar
effect could be achieved by instead supplying the derived introduction, elimination and substitution
rules directly to one of the existing proving methods like @{method auto} or @{method clarsimp}.
In practice, however, we found that the custom @{method meta_solver} produces more reliable
results, especially in the case that a proving objective cannot be solved completely by the supplied rules.
Moreover the constructed custom proving method serves as a proof of concept
and may inspire the development of further more complex proving methods that go beyond a simple
resolution prover in the future.
\end{remark}
›
subsection‹Applicability›
context
begin
interpretation PLM .
text‹
Given the discussion above and keeping the layered structure of the embedding in mind, it is
important to precisely determine for which purposes it is valid to use the constructed
@{method meta_solver}.
The main application of the method in the embedding is to support the derivation of the axiom
system as described in section~\ref{axioms}. Furthermore the @{method meta_solver} can aid in examining the
meta-logical properties of the embedding. The @{method meta_solver} is only supplied with rules that
are \emph{reversible}. Thereby it is justified to use it to simplify a statement
before employing a tool like @{theory_text "nitpick"} in order to look for models or
counter-models for a statement.
However it is \emph{not} justified to assume that a theorem that can be proven with the aid of the
@{method meta_solver} method is derivable in the formal system of PLM, since
the result still depends on the specific structure of the representation layer. However,
based on the concept of the @{method meta_solver} another proving method is
introduced in section~\ref{PLM-solver}, namely the @{method PLM_solver}. This proving method
only employs rules that are derivable from the formal system of PLM itself. Thereby this method
\emph{can} be used in proofs without sacrificing the universality of the result.
›
end
end
section‹General Identity Relation›
text‹
\label{general-identity}
As already mentioned in section~\ref{general-quantifier} similarly to the general quantification
binder it is desirable to introduce a general identity relation.
Since the identity of PLM is not directly characterized by semantic truth conditions, but instead
\emph{defined} using specific complex formulas in the embedded logic for each type of term,
some other property has to be found that is shared by the respective definitions and can reasonably
be used as the condition of a type class.
A natural choice for such a condition is the axiom of the substitution of identicals
(see~\ref{axioms-identity}). The axiom states that if two objects are identical (in the sense of the defined
identity of PLM), then a formula involving the first object implies the formula resulting from
substituting the second object for the first object. This inspires the following condition for
the type class @{class identifiable} (see~\ref{TAO_Identifiable_Class}):
\begin{center}
@{thm identifiable_class.l_identity[of v α β φ]}
\end{center}
Using the fact that in the last section it was already derived, that the defined identity
in the embedded-logic for each term implies the primitive identity of the meta-logical objects,
this type class can be instantiated for all types of terms: @{type κ}, @{typ Π⇩0} resp. @{type 𝗈},
@{type Π⇩1}, @{type Π⇩2}, @{type Π⇩3} (see~\ref{TAO_Identifiable_Instantiation}).
Since now general quantification and general identity are available, an additional quantifier
for unique existence can be introduced (such a quantifier involves both quantification and identity).
To that end a derived type class is introduced that is the combination of the @{class quantifiable}
and the @{class identifiable} classes. Although this is straightforward for the relation types,
this reveals a subtlety involving the distinction between individuals of type @{type ν} and
individual terms of type @{type κ}: The type @{type ν} belongs to the class @{class quantifiable},
the type @{type κ} on the other hand does not: no quantification over individual \emph{terms}
(that may not denote) was defined. On the other hand the class @{class identifiable} was only
instantiated for the type @{type κ}, but not for the type @{type ν}.
This issue can be solved by noticing that it is straightforward and
justified to define an identity for @{type ν} as follows:
\begin{center}
@{thm identity_ν_def[expand2, of x y, THEN embedded_eq]}
\end{center}
This way type @{type ν} is equipped with both the general all-quantifier and the general identity
relation and unique existence can be defined for all variable types as expected:
\begin{center}
@{thm exists_unique_def[expand1, of φ, THEN embedded_eq]}
\end{center}
Another subtlety has to be considered: at times it is necessary to expand the definitions
of identity for a specific type to derive statements in PLM. Since the defined identities were
introduced prior to the general identity symbol, such an expansion is therefore so far not possible
for a statement that uses the general identity, even if the types are fixed in the context.
To allow such an expansion the definitions of identity are equivalently restated for the general
identity symbol and each specific type (see~\ref{TAO_Identifiable_Definitions}). This way
the general identity can from this point onward completely replace the type-specific identity
symbols.
\pagebreak
›
context Axioms
begin
section‹The Axiom System of PLM›
text‹
\label{axioms}
The last step in abstracting away from the representation layer is the derivation of the
axiom system of PLM. Conceptionally the
derivation of the axioms is the last moment in which it is deemed admissible to rely
on the meta-logical properties of the underlying model structure. Future work may even
restrict this further to only allow the use of the properties of the semantics in the
proofs (if this is found to be possible).
To be able to distinguish between the axioms and other statements and theorems in the
embedded logic they are stated using a dedicated syntax (see~\ref{TAO_Axioms}):
\begin{center}
@{thm axiom_def[expand1, of φ]}
\end{center}
Axioms are unconditionally true in all possible worlds. The only exceptions are
\emph{necessitation-averse}, resp. \emph{modally-fragile} axioms\footnote{Currently PLM uses
only one such axiom, see~\ref{axioms-actuality}.}. Such axioms are stated using the following syntax:
\begin{center}
@{thm actual_validity_def[expand1, of φ]}
\end{center}
›
subsection‹Axioms as Schemata›
text‹
\label{axiom-schemata}
Most of the axioms in PLM are stated as \emph{axiom schemata}. They use variables that range over
and can therefore be instantiated for any formula and term.
Furthermore PLM introduces the notion of \emph{closures} (see~\<^cite>‹‹(\ref{PM-closures})› in PM›). Effectively this means
that the statement of an axiom schema implies that the universal generalization of the schema,
the actualization of the schema and (except for modally-fragile axioms) the necessitation of the
schema is also an axiom.
Since in Isabelle/HOL free variables in a theorem already range over all terms of the same type
no special measures have to be taken to allow instantiations for arbitrary terms. The concept of
closures is introduced using the following rules (see~\ref{TAO_Axioms_Closures}):
\begin{itemize}
\item @{thm[display] axiom_instance[of φ v]}
\item @{thm[display] closures_universal[of φ]}
\item @{thm[display] closures_actualization[of φ]}
\item @{thm[display] closures_necessitation[of φ]}
\end{itemize}
For modally-fragile axioms only the following rules are introduced:
\begin{itemize}
\item @{thm[display] necessitation_averse_axiom_instance[of φ]}
\item @{thm[display] necessitation_averse_closures_universal[of φ]}
\end{itemize}
\begin{remark}
To simplify the instantiation of the axioms in subsequent proofs,
a set of \emph{attributes} is defined that can be used to transform
the statement of the axioms using the rules defined above.
This way for example the axiom \mbox{@{thm qml_2}} can be directly transformed
to \mbox{@{thm qml_2[axiom_universal, axiom_instance, of v φ]}} by not referencing
it directly as @{theory_text qml_2}, but by applying the defined attributes
to it: @{theory_text "qml_2[axiom_universal, axiom_instance]"}
\end{remark}
›
subsection‹Derivation of the Axioms›
text‹
To simplify the derivation of the axioms a proving method @{method axiom_meta_solver} is introduced, that
unfolds the dedicated syntax, then applies the meta-solver and if possible resolves
the proof objective automatically.
Most of the axioms can be derived by the @{method axiom_meta_solver} directly.
Some axioms, however, require more verbose proofs or their representation in the functional
setting of Isabelle/HOL requires special attention.
Therefore in the following the complete axiom system is listed and discussed in
detail where necessary. Additionally each axiom is associated with the numbering in
the current draft of PLM\<^cite>‹PM›.
›
subsection‹Axioms for Negations and Conditionals›
text‹
The axioms for negations and conditionals can be derived automatically and
present no further issues (see~\ref{TAO_Axioms_NegationsAndConditionals}):
\begin{itemize}
\item @{thm pl_1} \hfill{(\ref{PM-pl}.1)}
\item @{thm pl_2} \hfill{(\ref{PM-pl}.2)}
\item @{thm pl_3} \hfill{(\ref{PM-pl}.3)}
\end{itemize}
›
subsection‹Axioms of Identity›
text‹
\label{axioms-identity}
The axiom of the substitution of identicals can be proven automatically,
if additionally supplied with the defining assumption of the type class
@{class identifiable}. The statement is the following (see~\ref{TAO_Axioms_Identity}):
\begin{itemize}
\item @{thm l_identity} \hfill{(\ref{PM-l-identity})}
\end{itemize}
›
subsection‹Axioms of Quantification›
text‹
\label{quantification-axioms}
The axioms of quantification are formulated in a way that differs from the statements in
PLM, as follows (see~\ref{TAO_Axioms_Quantification}):
\begin{itemize}
\item @{thm cqt_1[of φ τ]} \hfill{(\ref{PM-cqt}.1a)}
\item @{thm cqt_1_κ[of φ τ]} \hfill{(\ref{PM-cqt}.1b)}
\item @{thm cqt_3} \hfill{(\ref{PM-cqt}.3)}
\item @{thm cqt_4} \hfill{(\ref{PM-cqt}.4)}
\item @{thm cqt_5[of ψ φ, rename_abs x ν x]} \hfill{(\ref{PM-cqt}.5a)}
\item @{thm cqt_5_mod[of ψ τ, rename_abs ν]} \hfill{(\ref{PM-cqt}.5b)}
\end{itemize}
The original axioms in PLM\footnote{Note that the axioms
will in all likelihood be adjusted in future versions of PLM in order to prevent the paradox
described in section~\ref{paradox}.} are the following:
\begin{itemize}
\item ‹∀αφ → (∃β(β = τ) → φ⇧τ⇩α)› \hfill{(\ref{PM-cqt}.1)}
\item ‹∃β(β = τ)›, provided ‹τ› is not a description and ‹β› doesn't occur free in ‹τ›.\hfill{(\ref{PM-cqt}.2)}
\item ‹∀α(φ → ψ) → (∀α φ → ∀α ψ)› \hfill{(\ref{PM-cqt}.3)}
\item ‹φ → (∀α φ)›, provided ‹α› doesn't occur free in ‹φ› \hfill{(\ref{PM-cqt}.4)}
\item ‹ψ⇧ι⇧x⇧φ⇩μ → ∃ν (ν = ιxφ)›, provided (a) ‹ψ› is either an exemplification formula ‹Π⇧nκ⇩1…κ⇩n› (‹n ≥ 1›)
or an encoding formula ‹κ⇩1Π⇧1›, (b) ‹μ› is an individual variable that occurs in ‹ψ›
and only as one or more of the ‹κ⇩i› (‹1 ≤ i ≤ n›), and (c) ‹ν› is any individual variable
that doesn't occur free in ‹φ›.\hfill{(\ref{PM-cqt}.5)}
\end{itemize}
In the embedding definite descriptions have the type @{type κ} that is different from the
type for individuals @{type ν}. Quantification is only defined for @{type ν}, not for @{type κ}.
Therefore, the restriction of (\ref{PM-cqt}.2) does not apply, since the type restriction of
quantification ensures that @{term "τ"} cannot be a definite description.
Consequently the inner precondition of (\ref{PM-cqt}.1)
can be dropped in (\ref{PM-cqt}.1a) - since a quantifier is used in the
formulation, the problematic case of definite descriptions is excluded and the dropped
precondition would always hold.
The second formulation (\ref{PM-cqt}.1b) for definite descriptions involves the type
conversion @{term "embedded_style (DUMMY⇧P)"} and keeps the inner precondition (since descriptions
may not denote).
(\ref{PM-cqt}.5b) can be stated as a generalization of (\ref{PM-cqt}.5a) to general individual
terms, since (\ref{PM-cqt}.2) already implies its right hand side for every term except descriptions.
Consequently (\ref{PM-cqt}.1b) and (\ref{PM-cqt}.5b) can replace the original axioms
(\ref{PM-cqt}.1) and (\ref{PM-cqt}.5) for individual terms.
For individual variables and constants as well as relations the simplified formulation
(\ref{PM-cqt}.1a) can be used instead.
Future work may want to reconsider the reformulation of the axioms, especially considering the most
recent developments described in section~\ref{paradox}. At the time of writing the reformulation is
considered a reasonable compromise, since due to the type restrictions of the embedding the reformulated
version of the axioms is an equivalent representation of the original axioms.
The predicate @{term "SimpleExOrEnc"} used as the precondition for (\ref{PM-cqt}.5)
is defined as an inductive predicate with the following introduction rules:
\begin{itemize}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦇F,x⦈)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦇F,x,DUMMY⦈)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦇F,DUMMY,x⦈)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦇F,x,DUMMY,DUMMY⦈)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦇F,DUMMY,x,DUMMY⦈)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦇F,DUMMY,DUMMY,x⦈)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\item @{lemma[eta_contract=false] "SimpleExOrEnc (λx. embedded_style ⦃x,F⦄)"
by (simp add: SimpleExOrEnc.intros embedded_style_def)}
\end{itemize}
This corresponds exactly to the restriction of @{term "embedded_style ψ"} to an exemplification
or encoding formula in PLM.
›
subsection‹Axioms of Actuality›
text‹
\label{axioms-actuality}
As mentioned in the beginning of the section the modally-fragile axiom of actuality
is stated using a different syntax (see~\ref{TAO_Axioms_Actuality}):
\begin{itemize}
\item @{thm logic_actual} \hfill{(\ref{PM-logic-actual})}
\end{itemize}
Note that the model finding tool @{theory_text nitpick} can find a counter-model for the
formulation as a regular axiom, as expected.
The remaining axioms of actuality are not modally-fragile and therefore stated as regular
axioms:
\begin{itemize}
\item @{thm logic_actual_nec_1} \hfill{(\ref{PM-logic-actual-nec}.1)}
\item @{thm logic_actual_nec_2} \hfill{(\ref{PM-logic-actual-nec}.2)}
\item @{thm logic_actual_nec_3} \hfill{(\ref{PM-logic-actual-nec}.3)}
\item @{thm logic_actual_nec_4} \hfill{(\ref{PM-logic-actual-nec}.4)}
\end{itemize}
All of the above can be proven automatically by the @{method axiom_meta_solver} method.
›
subsection‹Axioms of Necessity›
text‹
\label{axioms-necessity}
The axioms of necessity are the following (see~\ref{TAO_Axioms_Necessity}):
\begin{itemize}
\item @{thm qml_1} \hfill{(\ref{PM-qml}.1)}
\item @{thm qml_2} \hfill{(\ref{PM-qml}.2)}
\item @{thm qml_3} \hfill{(\ref{PM-qml}.3)}
\item @{thm qml_4} \hfill{(\ref{PM-qml}.4)}
\end{itemize}
While the first three axioms can be derived automatically, the last axiom requires
special attention. On a closer look the formulation may be familiar. The axiom
was already mentioned in section~\ref{concreteness} while constructing the representation
of the constant @{term "embedded_style E!"}. To be able to derive this axiom here the
constant was specifically axiomatized. Consequently the derivation requires
the use of these meta-logical axioms stated in the representation layer.
›
subsection‹Axioms of Necessity and Actuality›
text‹
The axioms of necessity and actuality can be derived automatically
and require no further attention (see~\ref{TAO_Axioms_NecessityAndActuality}):
\begin{itemize}
\item @{thm qml_act_1} \hfill{(\ref{PM-qml-act}.1)}
\item @{thm qml_act_2} \hfill{(\ref{PM-qml-act}.2)}
\end{itemize}
›
subsection‹Axioms of Descriptions›
text‹
There is only one axiom dedicated to descriptions (note, however, that descriptions play
a role in the axioms of quantification). The statement is the following (see~\ref{TAO_Axioms_Descriptions}):
\begin{itemize}
\item @{thm descriptions} \hfill{(\ref{PM-descriptions})}
\end{itemize}
Given the technicalities of descriptions already discussed in section~\ref{quantification-axioms}
it comes at no surprise that this statement requires a verbose proof.
›
subsection‹Axioms of Complex Relation Terms›
context
begin
interpretation MetaSolver .
text‹
The axioms of complex relation terms deal with the properties of ‹λ›-expressions.
Since the @{method meta_solver} was not equipped with explicit rules for ‹λ›-expressions,
the statements rely on their semantic properties as described in section~\ref{semantics} directly.
›
end
text‹
The statements are the following (see~\ref{TAO_Axioms_ComplexRelationTerms}):
\begin{itemize}
\item @{thm lambda_predicates_1[THEN embedded_eq, of φ]} \hfill{(\ref{PM-lambda-predicates}.1)}
\item @{thm lambda_predicates_2_1} \hfill{(\ref{PM-lambda-predicates}.2)}
\item @{thm lambda_predicates_2_2} \hfill{(\ref{PM-lambda-predicates}.2)}
\item @{thm[break=true] lambda_predicates_2_3} \hfill{(\ref{PM-lambda-predicates}.2)}
\item @{thm lambda_predicates_3_0} \hfill{(\ref{PM-lambda-predicates}.3)}
\item @{thm lambda_predicates_3_1} \hfill{(\ref{PM-lambda-predicates}.3)}
\item @{thm lambda_predicates_3_2} \hfill{(\ref{PM-lambda-predicates}.3)}
\item @{thm lambda_predicates_3_3} \hfill{(\ref{PM-lambda-predicates}.3)}
\item @{thm lambda_predicates_4_0} \hfill{(\ref{PM-lambda-predicates}.4)}
\item @{thm lambda_predicates_4_1} \hfill{(\ref{PM-lambda-predicates}.4)}
\item @{thm lambda_predicates_4_2} \hfill{(\ref{PM-lambda-predicates}.4)}
\item @{thm lambda_predicates_4_3} \hfill{(\ref{PM-lambda-predicates}.4)}
\end{itemize}
The first axiom, ‹α›-conversion, could be omitted entirely. Since
lambda-expressions are modeled using functions with bound variables and ‹α›-conversion
is part of the logic of Isabelle/HOL, it already holds implicitly.
As explained in section~\ref{lambda-expressions} ‹β›-conversion has to be restricted
to \emph{proper maps}. In PLM this restriction is implicit due to the fact that
‹λ›-expressions are only well-formed if their matrix is a propositional formula.
The formulation of the last class of axioms
((\ref{PM-lambda-predicates}.4), @{term "ι"}-conversion)
has to be adjusted to be representable in the functional setting. The original axiom is stated as follows in PLM:
\begin{center}
‹𝒜(φ ≡ ψ) → ([λx⇩1⋯x⇩n χ⇧*] = [λx⇩1⋯x⇩n χ⇧*']›
\end{center}
‹χ⇧*'› is required to be the result of substituting ‹ιxψ› for zero or more occurrences of ‹ιxφ›
in ‹χ⇧*›. In the functional setting @{term "embedded_style χ"} can be represented
as function from individual terms of type @{type κ} to propositions of type @{type 𝗈}.
Thereby substituting ‹ιxψ› for occurrences of ‹ιxφ› can be expressed by
comparing the function application of @{term "embedded_style χ"} to @{term "embedded_style (❙ιx. φ x)"}
with the function application of @{term "embedded_style χ"} to @{term "embedded_style (❙ιx. ψ x)"}.
Since in this representation @{term "embedded_style φ"} and @{term "embedded_style ψ"} are functions as well
(from type @{type ν} to type @{type 𝗈}) the precondition has to be reformulated
to hold for the application of @{term "embedded_style φ"} and @{term "embedded_style ψ"} to
an arbitrary individual @{term "embedded_style x"} to capture the concept of ‹𝒜(φ ≡ ψ)› in PLM, where ‹φ›
and ‹ψ› may contain ‹x› as a free variable.
›
subsection‹Axioms of Encoding›
text‹
The last class of axioms deals with encoding (see~\ref{TAO_Axioms_Encoding}):
\begin{itemize}
\item @{thm encoding} \hfill{(\ref{PM-encoding})}
\item @{thm nocoder} \hfill{(\ref{PM-nocoder})}
\item @{thm A_objects} \hfill{(\ref{PM-A-objects})}
\end{itemize}
Whereas the first statement, \emph{encoding is modally rigid}, is a direct consequence of the semantics
(recall that the encoding extension of a property was not relativized to possible worlds; see
section~\ref{semantics}), the second axiom, \emph{ordinary objects do not encode}, is only derivable
by expanding the definition of the encoding extension and the meta-logical distinction
between ordinary and abstract objects.
Similarly the comprehension axiom for abstract objects
depends on the model structure and follows from the representation of abstract objects as sets
of one-place relations and the definition of encoding as set membership.
Furthermore in the functional setting @{term "embedded_style φ"} has to be represented as a function
and the condition it imposes on @{term "embedded_style F"} is expressed as its application to @{term "embedded_style F"}.
The formulation in PLM on the other hand has to explicitly exclude a free occurrence of ‹x›
in ‹φ›. In the functional setting this is not necessary. Since @{term "embedded_style x"}
is bound by the existential quantifier and not explicitly given to @{term "embedded_style φ"}
as an argument, the condition @{term "embedded_style φ"} imposes on @{term "embedded_style F"}
cannot depend on @{term "embedded_style x"} by construction.
›
subsection‹Summary›
text‹
Although some of the axioms have to be adjusted to be representable in the functional environment,
the resulting formulation faithfully represents the original axiom system of PLM.
Furthermore a large part of the axioms can be derived independently of the technicalities of
the representation layer with proofs that only depend on the representation of the semantics described in
section~\ref{semantics}. Future work may explore available options to further minimize the dependency
on the underlying model structure.
To verify that the axiom system faithfully represents the reference system, the
deductive system PLM as described in \<^cite>‹‹Chap. 9› in PM› is derived solely based on the
formulation of the axioms without falling back to the model structure or the semantics (see~\ref{TAO_PLM}).
\pagebreak
›
end
context PLM
begin
section‹The Deductive System PLM›
text‹
The derivation of the deductive system PLM (\<^cite>‹‹Chap. 9› in PM›) from the axiom system constitutes
a major part of the Isabelle theory in the appendix (see~\ref{TAO_PLM}). Its extent of
over one hundred pages makes it infeasible to discuss every aspect in full detail.
Nevertheless it is worthwhile to have a look at the mechanics of the derivation and to
highlight some interesting concepts.
›
subsection‹Modally Strict Proofs›
text‹
\label{PLM-modally-strict}
PLM distinguishes between two sets of theorems: the theorems, that are derivable from
the complete axiom system including the modally-fragile axiom,
and the set of theorems, that have \emph{modally-strict} proofs (see~\<^cite>‹‹(\ref{PM-theoremhood})› in PM›).
A proof is modally-strict, if it does not depend on any modally-fragile axioms.
In the embedding modally-strict theorems are stated to be true for an arbitrary semantic
possible world: \mbox{@{term "[φ in v]"}}
Here the variable @{term "v"} implicitly ranges over all semantic possible worlds of
type @{type i}, including the designated actual world @{term "dw"}. Since modally-fragile axioms
only hold in @{term "dw"}, they therefore cannot be used to prove a statement formulated
this way, as desired.
Modally-fragile theorems on the other hand are stated to be true only for the designated
actual world: \mbox{@{term "[φ in dw]"}}
This way necessary axioms, as well as modally-fragile axioms can be used in their proofs. However
it is not possible to infer from a modally-fragile theorem that the same statement holds as a
modally-strict theorem.
This representation of modally-strict and modally-fragile theorems is discussed in more detail
in section~\ref{differences-modally-strict}.
›
subsection‹Fundamental Metarules of PLM›
text‹
\label{PLM-metarules}
The primitive rule of PLM is the modus ponens rule (see~\ref{TAO_PLM_ModusPonens}):
\begin{itemize}
\item @{thm modus_ponens[of v φ ψ]} \hfill{(\ref{PM-modus-ponens})}
\end{itemize}
This rule is a direct consequence of the semantics of the implication.
Additionally two fundamental Metarules are derived in PLM, \emph{GEN} and \emph{RN} (see~\ref{TAO_PLM_GEN_RN}):
\begin{itemize}
\item @{thm rule_gen[of v φ]} \hfill{(\ref{PM-rule-gen})}
\item @{thm RN_2[rename_abs w, of φ ψ v]} \hfill{(\ref{PM-RN})}
\end{itemize}
Although in PLM these rules can be derived by structural induction on the length of
a derivation, this proving mechanism cannot be reproduced in Isabelle. However,
the rules are direct consequences of the semantics described in section~\ref{semantics}.
The same is true for the deduction rule (see~\ref{TAO_PLM_NegationsAndConditionals}):
\begin{itemize}
\item @{thm deduction_theorem[of v φ ψ]} \hfill{(\ref{PM-deduction-theorem})}
\end{itemize}
Consequently this rule is derived from the semantics as well.
These rules are the \emph{only} exceptions to the concept that the deductive system of
PLM is derived solely from the axiom system without relying on the previous layers of the
embedding.
›
subsection‹PLM Solver›
context
begin
interpretation MetaSolver .
text‹
\label{PLM-solver}
Similarly to the @{method meta_solver} described in section~\ref{meta_solver} another proving
method is introduced, namely the @{method PLM_solver} (see~\ref{TAO_PLM_Solver}).
This proving method is initially not equipped with any rules. Throughout the derivation of the
deductive system, whenever an appropriate rule is derived as part of PLM directly or becomes
trivially derivable from the proven theorems, it is added to the @{method PLM_solver}.
Additionally the @{method PLM_solver} can instantiate any theorem of the deductive system PLM
as well as any axiom, if doing so resolves the current proving goal.
By its construction the @{method PLM_solver} has the property, that it can \emph{only} prove
statements that are derivable from the deductive system PLM. Thereby it is safe to use to aid
in any proof throughout the section. In practice it can automatically prove a variety of simple
statements and aid in more complex proofs throughout the derivation of the deductive system.
›
end
subsection‹Additional Type Classes›
text‹
\label{PLM-type-classes}
In PLM it is possible to derive statements involving the general identity symbol by case
distinction: if such a statement is derivable for all types of terms in the language separately,
it can be concluded that it is derivable for the identity symbol in general. Such a case distinction
cannot be directly reproduced in the embedding, since it cannot be assumed that every instantiation of the
type class @{class identifiable} is in fact one of the types of terms of PLM.
However, there is a simple way to still formulate such general statements. This is done by
the introduction of additional type classes. A simple example is the type class @{class id_eq}
(see~\ref{TAO_PLM_Identity}). This new type class assumes the following statements to be true:
\begin{itemize}
\item @{thm id_eq_1[of v α]} \hfill{(\ref{PM-id-eq}.1)}
\item @{thm id_eq_2[of v α β]} \hfill{(\ref{PM-id-eq}.2)}
\item @{thm id_eq_3[of v α β γ]} \hfill{(\ref{PM-id-eq}.3)}
\end{itemize}
Since these statements can be derived \emph{separately} for the types @{type ν}, @{type Π⇩0},
@{type Π⇩1}, @{type Π⇩2} and @{type Π⇩3}, the type class @{class id_eq} can be instantiated
for each of these types.
›
subsection‹The Rule of Substitution›
text‹
A challenge in the derivation of the deductive system that is worth to examine in
detail is the \emph{rule of substitution}. The rule is stated in PLM as follows
(see~(\ref{PM-rule-sub-nec})\<^cite>‹PM›):
\begin{addmargin}{1cm}
If ‹⊢⇩□ ψ ≡ χ› and ‹φ'› is the result of substituting the formula ‹χ›
for zero or more occurrences of ‹ψ› where the latter is a subformula of ‹φ›,
then if ‹Γ ⊢ φ›, then ‹Γ ⊢ φ'›. [Variant: If ‹⊢⇩□ ψ ≡ χ›, then ‹φ ⊢ φ'›]
\end{addmargin}
A naive representation of the rule would be the following:
\begin{center}
@{term "(⋀v. [ψ ❙≡ χ in v]) ⟹ [φ ψ in v] ⟷ [φ χ in v]"}
\end{center}
However this statement is \emph{not} derivable. The issue is connected to the restriction
of @{term "ψ"} to be a \emph{subformula} of ‹φ› in PLM. The formulation above would allow
the rule to be instantiated for \emph{any function} @{term "embedded_style φ"} from formulas to formulas.
Formulas in the embedding have type @{type 𝗈} which is internally represented by functions of the
type @{typ "j⇒i⇒bool"}. Therefore the formulation above could be instantiated with a function
@{term "embedded_style φ"} that has the following internal representation:
\mbox{@{term "λ ψ . make𝗈(λ s w . ∀ s . eval𝗈 (embedded_style ψ) s w)"}}
So nothing prevents @{term "embedded_style φ"} from evaluating its argument for a state
different from the designated actual state @{term "dj"}. The condition @{term "(⋀v. [ψ ❙≡ χ in v])"}
on the other hand only requires @{term "embedded_style ψ"} and @{term "embedded_style χ"} to be
(necessarily) equivalent in the \emph{actual state} - no statement about other states is implied.
Another issue arises if one considers one of the example cases of legitimate uses of the rule
of substitution in PLM (see~\<^cite>‹‹(\ref{PM-rule-sub-nec})› in PM›):
\begin{addmargin}{1cm}
If ‹⊢ ∃x A!x› and ‹⊢⇩□ A!x ≡ ¬◇E!x›, then ‹⊢ ∃x ¬◇E!x›.
\end{addmargin}
This would not follow from the naive formulation above, even if it were derivable.
Since ‹x› is \emph{bound} by
the existential quantifier, in the functional representation @{term "embedded_style φ"}
has to have a different type. In the example @{term "embedded_style φ"}
has to be \mbox{@{term[eta_contract=false] "(λ ψ . embedded_style (❙∃ x :: ν . ψ x))"}} which is of
type @{typeof "(λ ψ . embedded_style (❙∃ x :: ν . ψ x))"}. @{term "embedded_style ψ"} and
@{term "embedded_style χ"} have to be functions as well:
\mbox{@{term[eta_contract=false] "(embedded_style ψ) = (λ x . embedded_style ⦇A!,x⦈)"}} and
\mbox{@{term[eta_contract=false] "(embedded_style χ) = (λ x . embedded_style (❙¬❙◇⦇E!,x⦈))"}}.
Consequently the equivalence condition for this case has to be reformulated to
\mbox{@{term "⋀ x v. [ψ x ❙≡ χ x in v]"}}\footnote{This is analog to the fact that ‹x›
is a free variable in the condition ‹⊢⇩□ A!x ≡ ¬◇E!x› in PLM.}.
›
subsubsection‹Solution›
text‹
The embedding employs a solution that is complex, but can successfully address the described
issues.
The following definition is introduced (see~\ref{TAO_PLM_Necessity}):
\begin{center}
@{thm Substable_def[expand2, of cond φ]}
\end{center}
Given a condition @{term "cond"} a function @{term "embedded_style φ"}
is considered @{term "Substable"}, if and only if for all @{term "embedded_style ψ"}
and @{term "embedded_style χ"} that satisfy @{term "cond"} it follows in each
possible world @{term "v"} that \mbox{@{term "[φ ψ ❙≡ φ χ in v]"}}\footnote{@{term "embedded_style ψ"}
and @{term "embedded_style χ"} can have an arbitrary type. @{term "embedded_style φ"} is a function
from this type to formulas.}.
Now several introduction rules for this property are derived. The idea is to capture the
notion of \emph{subformula} in PLM. A few examples are:
\begin{itemize}
\item @{lemma "Substable cond (λφ. embedded_style Θ)"
by (simp add: embedded_style_def Substable_intro_const)}
\item @{lemma "Substable cond ψ ⟹ Substable cond (λφ. embedded_style ( ❙¬ψ φ))"
by (simp add: embedded_style_def Substable_intro_not)}
\item @{lemma "Substable cond ψ ∧ Substable cond χ ⟹ Substable cond (λφ. embedded_style (ψ φ ❙→ χ φ))"
by (simp add: embedded_style_def Substable_intro_impl)}
\end{itemize}
These rules can be derived using theorems of PLM.
As illustrated above in the functional setting substitution has to be allowed not only for formulas,
but also for \emph{functions} to formulas. To that end the type class @{class Substable} is introduced
that fixes a condition @{term "Substable_Cond"} to be used as @{term "cond"} in the definition above
and assumes the following:
\begin{center}
@{thm Substable_class.rule_sub_nec[of φ ψ χ Θ v]}
\end{center}
If @{term "embedded_style φ"} is @{term "Substable"} (as per the definition above) under the
condition @{term "Substable_Cond"} that was fixed in the type class, and @{term "embedded_style ψ"}
and @{term "embedded_style χ"} satisfy the fixed condition @{term "Substable_Cond"}, then everything
that is true for @{term "[φ ψ in v]"} is also true for @{term "[φ χ in v]"}.
As a base case this type class is \emph{instantiated} for the type of formulas @{type 𝗈} with
the following definition of @{term "Substable_Cond"}:
\begin{center}
@{thm Substable_Cond_𝗈_def[expand2, of ψ χ]}
\end{center}
Furthermore the type class is instantiated for \emph{functions} from an arbitrary type to
a type of the class @{class Substable} with the following definition of @{term "Substable_Cond"}:
\begin{center}
@{thm Substable_Cond_fun_def[expand2, of ψ χ]}
\end{center}
›
subsubsection‹Proving Methods›
text‹
\label{substitution-method}
Although the construction above covers exactly the cases in which PLM allows substitutions, it does
not yet have a form that allows to conveniently \emph{apply} the rule of substitution. In order
to apply the rule, it first has to be established that a formula can be decomposed into a
function with the substituents as arguments and it further has to be shown that this function
satisfies the appropriate @{term "Substable"} condition. This complexity prevents any reasonable
use cases. This problem is mitigated by the introduction of proving methods.
The main method is called @{method PLM_subst_method}.
This method uses a combination of pattern matching and automatic rule application to provide
a convenient way to apply the rule of substitution in practice.
For example assume the current proof objective is @{term "[❙¬❙¬❙◇⦇E!,x⦈ in v]"}. Now it is possible to
apply @{method PLM_subst_method} as follows:
\begin{center}
@{theory_text "apply (PLM_subst_method \"⦇A!,x⦈\" \"(❙¬(❙◇⦇E!,x⦈))\""}
\end{center}
The method automatically analyzes the current proving goal, uses pattern matching to find an
appropriate choice for a function @{term "embedded_style φ"}, applies the substitution rule and
resolves the substitutability claim about @{term "embedded_style φ"}.
Consequently it can resolve the current proof objective
by producing two new proving goals: @{term "∀v. [⦇A!,x⦈ ❙≡ ❙¬❙◇⦇E!,x⦈ in v]"} and @{term "[❙¬⦇A!,x⦈ in v]"},
as expected. The complexity of the construction above is hidden away entirely.
Similarly assume the proof objective is @{term "[❙∃ x . (❙¬(❙◇⦇E!,x⇧P⦈)) in v]"}. Now the method
@{method PLM_subst_method} can be invoked as follows:
\begin{center}
@{theory_text "apply (PLM_subst_method \"λx . ⦇A!,x⇧P⦈\" \"λx . (❙¬(❙◇⦇E!,x⇧P⦈))\""}
\end{center}
This will result in the new proving goals:
\mbox{@{term "∀x v. [⦇A!,x⇧P⦈ ❙≡ ❙¬❙◇⦇E!,x⇧P⦈ in v]"}} and \mbox{@{term "[❙∃x. ⦇A!,x⇧P⦈ in v]"}}, as
desired.
›
subsubsection‹Conclusion›
text‹
Although an adequate representation of the rule of substitution in the functional setting
is challenging, the above construction allows a convenient use of the rule. Moreover it is
important to note that despite the complexity of the representation no assumptions about
the underlying model structure were made. The construction is completely
derivable from the rules of PLM itself, so the devised rule is safe to use without
compromising the provability claim of the layered structure of the embedding.
All statements that are proven using the constructed substitution methods, remain derivable
from the deductive system of PLM.
›
subsection‹An Example Proof›
text‹
To illustrate how the derivation of theorems in the embedding works in practice,
consider the following example\footnote{Since the whole proof is stated as raw Isabelle code,
unfortunately no color-coding can be applied.}:
›
lemma "[❙□(φ ❙→ ❙□φ) ❙→ ((❙¬❙□φ) ❙≡ (❙□(❙¬φ))) in v]"
proof (rule CP)
assume "[❙□(φ ❙→ ❙□φ) in v]"
hence "[(❙¬❙□(❙¬φ)) ❙≡ ❙□φ in v]"
by (metis sc_eq_box_box_1 diamond_def vdash_properties_10)
thus "[((❙¬❙□φ) ❙≡ (❙□(❙¬φ))) in v]"
by (meson CP "❙≡I" "❙≡E" "❙¬❙¬I" "❙¬❙¬E")
qed
text‹
Since the statement is an implication it is derived using a \emph{conditional proof}.
To that end the proof statement already applies the initial rule @{theory_text CP}.
The proof objective inside the proof body is now \mbox{@{term "[❙□(φ ❙→ ❙□φ) in v] ⟹ [❙¬❙□φ ❙≡ ❙□❙¬φ in v]"}},
so \mbox{@{term "[❙¬❙□φ ❙≡ ❙□❙¬φ in v]"}} has to be shown under the assumption \mbox{@{term "[❙□(φ ❙→ ❙□φ) in v]"}}.
Therefore the first step is to assume \mbox{@{term "[❙□(φ ❙→ ❙□φ) in v]"}}.
The second statement can now be automatically derived using the previously proven theorem
@{theory_text sc_eq_box_box_1}, the definition of the diamond operator and a deduction
rule. The final proof objective follows from a combination of introduction and elimination
rules.
The automated reasoning tool @{theory_text sledgehammer} can find proofs for
the second and final statement automatically. It can even automatically find a proof
for the entire theorem resulting in the following one-line proof:
›
lemma "[❙□(φ ❙→ ❙□φ) ❙→ ((❙¬❙□φ) ❙≡ (❙□(❙¬φ))) in v]"
by (metis "❙≡I" CP "❙≡E"(1) "❙≡E"(2) raa_cor_1 sc_eq_box_box_1 diamond_def)
text‹
So it can be seen that the embedding can be used to interactively prove statements
with the support of automated reasoning tools and often even complete proofs
for complex statements can be found automatically.
›
subsection‹Summary›
text‹
A full representation of the deductive system PLM, as described in \<^cite>‹‹Chap. 9› in PM›, could
be derived without violating the layered structure of the embedding.
Although compromises affecting the degree of automation had to be made, the resulting
representation can conveniently be used for the interactive construction of complex proofs
while retaining the support of the automation facilities of Isabelle/HOL.
›
end
section‹Artificial Theorems›
context ArtificialTheorems
begin
text‹
\label{artificial-theorems}
The layered approach of the embedding provides the means to derive theorems
independently of the representation layer and model structure. It is still interesting to consider
some examples of theorems that are \emph{not} part of PLM, but can be derived in the
embedding using its meta-logical properties.
›
subsection‹Non-Standard $\lambda$-Expressions›
text‹
\label{artificial-theorems-lambda}
The following statement involves a ‹λ›-expressions that contains encoding subformulas
and is consequently not part of PLM (see~\ref{TAO_ArtificialTheorems}):
\begin{center}
@{thm lambda_enc_2[of v F y x]}
\end{center}
In this case traditional ‹β›-conversion still holds, since the ‹λ›-expression
does not contain encoding expressions involving its bound variable\footnote{Consequently the
matrix is a \emph{proper map}.}. On the other hand the following is \emph{not} a theorem in
the embedding (the tool @{theory_text nitpick} can find a counter-model):
\begin{center}
@{term "[(⦇❙λ x . ⦃x⇧P, F⦄, x⇧P⦈ ❙→ ⦃x⇧P, F⦄) in v]"}
\end{center}
Instead the following generalized versions of ‹β›-conversion are theorems:
\begin{itemize}
\item @{thm lambda_enc_4[of v F z]}
\item @{thm lambda_ex[of v φ z]}
\end{itemize}
These theorems can be equivalently stated purely in the embedded logic:
\begin{itemize}
\item @{thm lambda_enc_emb[of v F z]}
\item @{thm lambda_ex_emb[of v φ z]}
\end{itemize}
The second statement shows that in general ‹λ›-expressions
in the embedding have a \emph{non-standard} semantics. As a special case, however,
the behavior of ‹λ›-expressions is classical if restricted to
proper maps, which is due to the following theorem\footnote{Note that for propositional formulas
an equivalent statement is derivable in PLM as well.}:
\begin{center}
@{thm proper_beta[of φ v x]}
\end{center}
As a consequence of the generalized ‹β›-conversion
there are theorems in the embedding involving ‹λ›-expressions
that \emph{do} contain encoding subformulas in the bound variable, e.g.:
\begin{center}
@{thm lambda_enc_1[of v F y]}
\end{center}
This topic is discussed in more detail in section~\ref{differences-lambda}.
›
subsection‹Consequences of the Aczel-model›
text‹
Independently the following theorem is a consequence of the constructed Aczel-model:
\begin{center}
@{thm lambda_rel_extensional[of v a b R, THEN embedded_eq]}
\end{center}
The reason for this theorem to hold is that the condition on @{term "a"} and @{term "b"}
forces the embedding to map both objects to the same urelement. By the definition of
exemplification the presented ‹λ›-expressions only depend on this urelement,
therefore they are forced to be equal. Neither the deductive system of PLM nor its formal
semantics require this equality.
Initial research suggests that this artificial theorem can be avoided by extending the
embedding in the following way: the mapping from abstract objects to special urelements
constructed in section~\ref{individuals-to-urelements} can be modified to depend on states.
This way the condition used in the theorem only implies that @{term "a"}
and @{term "b"} are mapped to the same urelement in the \emph{actual state}. Since
they can still be mapped to different urelements in different states, the derived equality
no longer follows.
This extension of the embedding increases the complexity of the representation
layer slightly, but its preliminary analysis suggests that it presents no further issues, so
future versions of the embedding will in all likelihood include such a modification.
›
end
section‹Sanity Tests›
text‹
The consistency of the constructed embedding can be verified by
the model-finding tool @{theory_text nitpick} (see~\ref{TAO_SanityTests_Consistency}).
Since the main construction of the embedding is definitional and only a minimal set of meta-logical
axioms is used, this is expected.
The hyperintensionality of the constructed model can be verified for some simple
example cases. The following statements have counter-models (see~\ref{TAO_SanityTests_Intensionality}):
\begin{itemize}
\item @{term "[(❙λy. (q ❙∨ ❙¬q)) ❙= (❙λy. (p ❙∨ ❙¬p)) in v]"}
\item @{term "[(❙λy. (p ❙∨ q)) ❙= (❙λy. (q ❙∨ p)) in v]"}
\end{itemize}
Furthermore the meta-logical axioms stated in section~\ref{concreteness} can be justified
(see~\ref{TAO_SanityTests_MetaAxioms}):
\begin{itemize}
\item @{thm[display] SanityTests.OrdAxiomCheck[rename_abs x v y u z z]}
\item @{thm[display] SanityTests.AbsAxiomCheck[rename_abs x v y u z z]}
\item @{thm[display] SanityTests.PossiblyContingentObjectExistsCheck}
\item @{thm[display] SanityTests.PossiblyNoContingentObjectExistsCheck}
\end{itemize}
The first axiom is equivalent to the fact that concreteness matches the domains of ordinary, resp.
abstract objects, whereas the second and third axiom correspond to the conjuncts of
axiom~(\ref{PM-qml}.4)\<^cite>‹PM›.
\begin{remark}
Additionally some further desirable meta-logical properties of the embedding are verified
in~\ref{TAO_SanityTests_MetaRelations} and~\ref{TAO_SanityTests_MetaLambda}.
\end{remark}
›
chapter‹Technical Limitations of Isabelle/HOL›
text‹
Although the presented embedding shows that the generic proof assistant Isabelle/HOL
offers a lot of flexibility in expressing even a very complex and challenging theory
as the Theory of Abstract Objects, it has some limitations that required compromises
in the formulation of the theory.
In this chapter some of these limitations and their consequences for the embedding
are discussed. Future versions of Isabelle may allow a clearer implementation especially
of the layered approach of the embedding.
›
section‹Limitations of Type Classes and Locales›
text‹
Isabelle provides a powerful tool for abstract reasoning called @{theory_text locale}.
Locales are used for \emph{parametric} reasoning. Type classes, as already described
briefly in section~\ref{general-quantifier} and further mentioned in sections~\ref{general-identity}
and~\ref{PLM-type-classes}, are in fact special cases of locales that are additionally
connected to Isabelle's internal type system.
The definition of a locale defines a set of constants that can use arbitrary type variables\footnote{Type
classes on the other hand are restricted to only one type variable.}. Assumptions about
these constants can be postulated that can be used in the reasoning within the context of
the locale. Similarly to the instantiation of a type class, a locale can be \emph{interpreted}
for specific definitions of the introduced constants, if it can be proven that the postulated assumptions
are satisfied for the interpretation.
Thereby it is possible to reason about abstract structures that are solely characterized by a specific
set of assumptions. Given that it can be shown that these assumptions are satisfied for a concrete
case, an interpretation of the locale allows the use of all theorems shown
for the abstract case in the concrete application.
Therefore in principle locales would be a perfect fit for the layered structure of the embedding:
If the representation of the formal semantics and the axiom system could both be formulated
as locales, it could first be shown that the axiom system is a \emph{sublocale} of the formal
semantics, i.e. every set of constants that satisfies the requirements of the formal semantics
also satisfies the requirements of the axiom system, and further the formal semantics could
be interpreted for a concrete model structure.
Since the reasoning within a locale cannot use further assumptions that are only satisfied
by a specific interpretation, this way the universality of the reasoning based on the axiom
system could be formally guaranteed - no proof that is solely based on the axiom locale
could use any meta-logical statement tied to the underlying representation layer and
model structure\footnote{Although the construction of chapter~\ref{embedding} provides the means
for universal reasoning that is independent of a model as well, it depends on \emph{fair use} of
the provided layer structure.}.
However, a major issue arises when trying to formulate the axiom system as a locale.
Constants in a locale have to be introduced with a fixed type.
Although this type can use type variables, e.g. @{typ "'a⇒'a⇒'𝗈"},
the type variable @{typ "'a"} is fixed throughout the locale. This makes it impossible
to introduce a general binder for all-quantification or a general identity symbol in a single axiom
locale that could be used for the statement of the axioms of quantification and the substitution
of identicals.
Several solutions to this problem could be considered: the identity relation could be
introduced as a polymorphic constant \emph{outside the locale} and the locale could assume some
properties for this constant for specific type variables. Before interpreting the
locale the polymorphic constant could then be \emph{overloaded} for concrete types
in order to be able to satisfy the assumptions. However, it would still be
impossible to prove a general statement about identity: every statement would have
to be restricted to a specific type, because in general no assumptions about the
properties of identity could be made.
Another solution would be to refrain from using general quantifiers and identity relations
altogether, but to introduce separate binders and identity symbols for the type of individuals and
each relation type. However, this would add a significant amount of notational complexity
and would require to duplicate all statements that hold for quantification
and identity in general for every specific type. Statements ranging over multiple types
would even have to be stated for every possible combination of types separately.
It could also be considered to introduce the axioms of quantification and identity separately
from the axiom locale in a type class. An interpretation of the complete axiom system would
then have to interpret the axiom locale, as well as instantiate the respective type classes.
Since type classes can only use one type variable, this would make it impossible to use a type
variable for truth values in the definition of the respective type classes, though. Consequently
it is unclear how appropriate assumptions for such type classes could be formulated.
Using separate locales instead of type classes would be connected with different issues.
Several other concepts were considered during the construction of the embedding,
but no solution was found that would both accurately represent the axiom system and
still be notationally convenient.
The most natural extension of Isabelle's locale system that would solve the described
issues, would be the ability to introduce polymorphic constants in a locale that
can be restricted to a type class (resp. a \emph{sort}). The type class could potentially even
be introduced simultaneously with the locale. However, such a construction is currently not possible
in Isabelle and as of yet it is unknown whether the internal type system of Isabelle
would allow such an extension in general.
›
section‹Case Distinctions by Type›
text‹
Although a general identity relation can be represented using type classes
as described in sections~\ref{general-quantifier} and~\ref{general-identity}, this
construction differs from the concept used in PLM. The identity relation of PLM is
not determined by some set of properties, but by its definition for the specific concrete types.
Isabelle does not allow the restriction of a type variable in a statement
to a specific set of types. Type variables can only be restricted to specific \emph{sorts},
so effectively to type classes. As mentioned in section~\ref{PLM-type-classes}, this means
that statements about the general identity relation, that depend on the specific
definitions for the concrete types, cannot be proven as in PLM by case distinction
on types. Instead additional type classes have to be introduced that \emph{assume} the statements
and then have to be instantiated for the concrete types.
Although this construction involves some technical overhead, the solution is elegant and provides
a flexible representation for such general statements.
›
section‹Structural Induction and Proof-Theoretic Reasoning›
text‹
As mentioned in section~\ref{PLM-metarules}, some of the meta-rules that PLM can derive
by induction on the length of a derivation, have to be proven using the semantics instead
in the embedding, e.g. the deduction theorem
\mbox{@{thm PLM.deduction_theorem[of v φ ψ]}}.
While the derivation of these fundamental rules using the semantics is justified,
it would be interesting to investigate whether the proof-theoretic reasoning
PLM uses in these cases can be reproduced in Isabelle/HOL. A related topic is
the representation of the concept of \emph{modally-strict proofs} as described
in sections~\ref{PLM-modally-strict} and~\ref{differences-modally-strict}.
›
chapter‹Discussion and Results›
section‹Differences between the Embedding and PLM›
text‹
Although the embedding attempts to represent the language and logic of PLM as precisely
as possible, there remain some differences between PLM and its representation in Isabelle/HOL.
Some of the known differences are discussed in the following sections.
A complete analysis of the precise relation between PLM and the embedding unfortunately
goes beyond the scope of this thesis and will only be possible after PLM has recovered
from the discovered paradox (see~\ref{paradox}). Such an analysis will be a highly
interesting and relevant topic for future research.
›
subsection‹Propositional Formulas and $\lambda$-Expressions›
text‹
\label{differences-lambda}
The main difference between the embedding and PLM is the fact that the embedding does
not distinguish between propositional and non-propositional formulas.
This purely syntactic distinction is challenging to reproduce in a shallow embedding that
does not introduce the complete term structure of the embedded language directly.
Instead the embedding attempts to analyze the semantic reason for the
syntactic distinction and to devise a semantic criterion that can be used as a replacement
for the syntactic restriction.
The identified issue, that is addressed by the distinction in PLM, is described
in section~\ref{russell-paradox}: Allowing non-propositional formulas in ‹β›-convertible
‹λ›-expressions without restriction leads to paradoxes.
Since the embedding is known to be consistent, the issue presents itself in a slightly
different fashion: the paradox is constructed under the assumption that ‹β›-conversion
holds unconditionally for all ‹λ›-expressions. In the embedding on the other hand in
general ‹λ›-expressions have a \emph{non-standard} semantics and ‹β›-conversion
only follows as a special case (see~\ref{artificial-theorems-lambda}).
Thereby the consistency of the system is preserved.
With the definition of \emph{proper maps} (see~\ref{lambda-expressions}), the embedding
constructs a necessary and sufficient condition on functions that may serve as matrix of
a ‹λ›-expression while allowing ‹β›-conversion.
The idea is that every ‹λ›-expression that is syntactically well-formed
in PLM should have a proper map as its matrix. Two subtleties have to be considered, though:
It was discovered that there are ‹λ›-expressions which are part of PLM, whose matrix
does not correspond to a proper map in the embedding. The analysis of this issue led to the
discovery of a paradox in the formulation of PLM and is discussed in more detail in
section~\ref{paradox}. As a consequence these cases will not constitute proper
‹λ›-expressions in future versions of PLM.
The remaining subtlety is the fact that there are proper maps, that do not correspond to
propositional formulas. Some examples have already been mentioned in section~\ref{artificial-theorems-lambda}.
Therefore the embedding suggests that the theory of PLM can be consistently extended to include
a larger set of proper, ‹β›-convertible ‹λ›-expressions. Since the set of
relations of PLM already has to be adjusted to prevent the discovered paradox, such an extension presents
a viable option.
Once PLM has recovered from the paradox, future research can consider available
options to align the set of relations present in the embedding with the resulting set of
relations of the new version of PLM.
›
subsection‹Terms and Variables›
text‹
In PLM an individual term can be an individual variable, an individual constant or a definite
description. A large number of statements is formulated using specific object-language variables instead
of metavariables ranging over arbitrary terms. From such a statement its universal generalization
can be derived using the rule GEN, which then can be instantiated for any individual term,
given that it denotes (\mbox{‹∃β β = τ›}).
As already mentioned in sections~\ref{individual-terms-and-descriptions} and~\ref{quantification-axioms}
the embedding uses a slightly different approach: In the embedding individuals and
individual terms have different \emph{types}.
The technicalities of this approach and a discussion about the accuracy of this representation
were already given in the referenced sections, so at this point it suffices to summarize the
resulting differences between the embedding and PLM:
\begin{itemize}
\item The individual variables of PLM are represented as variables of type @{type ν} in the embedding.
\item Individual constants can be represented by declaring constants of type @{type ν}.
\item Meta-level variables (like ‹τ›) ranging over all individual terms
in PLM can be represented as variables of type @{type κ}.
\item Objects of type @{type ν} have to be explicitly converted to objects of type @{type κ}
using the decoration @{term "embedded_style (DUMMY⇧P)"}, if they are to be used in a context
that allows general individual terms.
\item The axioms of quantification are adjusted to go along with this representation
(see~\ref{quantification-axioms}).
\end{itemize}
In PLM the situation for relation variables, constants and terms is analog. However, the
embedding uses the following simplification in order to avoid the additional complexity
introduced for individuals:
Since at the time of writing PLM unconditionally asserts \mbox{‹∃β β = τ›}
for any relation term by an axiom, the embedding uses only one type ‹Π⇩n› for each
arity of relations. Therefore no special type conversion between variables and terms is necessary
and every relation term can immediately be instantiated for a variable of type ‹Π⇩n›.
This hides the additional steps PLM employs for such instantiations (the generalization by GEN
followed by an instantiation using quantification theory). Since \mbox{‹∃β β = τ›} holds
unconditionally for relation terms, this simplification is justified.
However, the recent developments described in section~\ref{paradox} suggest that \mbox{‹∃β β = τ›}
will in all likelihood no longer hold unconditionally for every relation term in future versions of PLM.
Therefore, future versions of the embedding will have to include a distinction between relation
terms and relation variables in a similar way as is already done for individuals. An alternative
approach that could result in a more elegant representation would be to implement concepts of free
logic based on the research in \<^cite>‹FreeLogic› for both individuals and relations.
›
subsection‹Modally-strict Proofs and the Converse of RN›
context PLM
begin
text‹
\label{differences-modally-strict}
As described in section~\ref{PLM-modally-strict} modally-strict theorems
in the embedding are stated in the form \mbox{@{term "[φ in v]"}}, so they are stated
to be semantically true for an arbitrary possible world @{term "v"}.
Modally-strict theorems in PLM are defined using a proof-theoretic concept:
modally-strict proofs are not allowed to use modally-fragile axioms. They are solely derived
from axioms whose necessitations are axioms as well (see~\ref{axiom-schemata}).
The metarule RN states in essence that if there is a modally-strict proof for ‹φ›,
then ‹□φ› is derivable as a theorem. PLM proves this fact by induction on the length
of the derivation. Remark (\ref{PM-abstraction-contingent})\<^cite>‹PM›
gives an example of a case in which the converse is false: if ‹□φ› is derivable as a
theorem, this does not imply that there is a modally-strict proof for ‹φ›.
However, in the embedding the following is derivable from the semantics of
the box operator:
\begin{center}
@{lemma "[❙□φ in dw] ⟹ (∀ v . [φ in v])" by (simp add: Semantics.T6) }
\end{center}
So although the converse of RN is not true in PLM, an equivalent statement for theorems of
the form \mbox{@{term "[φ in v]"}} in the embedding can be derived from the semantics.
The modally-strict theorems of PLM are a subset of a larger class of theorems, namely the theorems
that are \emph{necessarily true}. Semantically a statement of the form \mbox{@{term "[φ in v]"}}
in the embedding is derivable, whenever @{term "embedded_style φ"} is a \emph{necessary theorem}.
Unfortunately there is no semantic criterion that allows to decide whether a statement is a necessary
theorem or a modally-strict theorem. Therefore, the embedding has to express modally-strict theorems
as necessary theorems, for which the converse of RN is in fact true.
This still does not compromise the claim that any statement that is derived in \ref{TAO_PLM}
is also derivable in PLM: the basis for this claim is that no proofs in this layer may rely on the
meta-logical properties of the embedding, but only the fundamental meta-rules of PLM are allowed
to derive theorems from the axioms.
Since the converse of RN is neither a fundamental meta-rule of PLM, nor derivable without using
the semantics, it is not stated as an admissible rule for these proofs. Thereby it is guaranteed
that no statement of the form \mbox{@{term "[φ in v]"}} is derived that is not a modally-strict
theorem of PLM.
Unfortunately this has the consequence that the proving method @{method PLM_solver} cannot be
equipped with a reversible elimination rule for the box operator, which reduces its power
as a proving method. However, preserving the claim that theorems derived in the embedding
are also theorems of PLM even when restricting to modally-strict theorems was given preference
over an increased level of automation.
›
section‹A Paradox in PLM›
text‹
\label{paradox}
During the analysis of the constructed embedding it was discovered
that the formulation of the theory in PLM at the time of writing
allowed paradoxical constructions.
This section first describes the process that led to the discovery of the paradox and
the role the embedding played in it, after which the construction of the paradox is
outlined in the language of PLM.
The paradox has since been confirmed by Edward Zalta and a vivid discussion
about its repercussions and possible solutions has developed. At the time of writing
it has become clear that there are several options to recover from the paradox while
in essence retaining the full set of theorems of PLM. So far no final decision has been
reached about which option will be implemented in future versions of PLM.
›
subsection‹Discovery of the Paradox›
text‹
The discovery of the paradox originates in the analysis of the concept of \emph{proper maps}
in the embedding and its relation to propositional formulas in PLM, which are the only formulas
PLM allows as the matrix of ‹λ›-expressions (see~\ref{differences-lambda}).
While trying to verify the conjecture, that the matrix of every ‹λ›-expression allowed in PLM
corresponds to a proper map in the embedding, it was discovered, that ‹λ›-expressions of
the form \mbox{‹[λy Fιx(y[λz Rxz])]›} in which the bound variable ‹y› occurs in
an encoding formula inside the matrix of a definite description, were part of PLM, but their
matrix was \emph{not} a proper map in the embedding and therefore ‹β›-conversion
was not derivable for these terms.
Further analysis showed that a modification of the embedding which would allow ‹β›-conversion
for such expressions, would have to involve a restriction of the Aczel-model (in particular of the map
from abstract objects to urelements).
In order to understand how the Aczel-model could be adequately restricted, the
consequences of allowing ‹β›-conversion in the mentioned cases \emph{by assumption}
were studied in the embedding. This led to the first proof of inconsistency
(see~\ref{TAO_Paradox_original-paradox}):
\begin{center}
@{lemma "(⋀G φ. IsProperInX (λx. embedded_style ⦇G,❙ιy. φ y x⦈)) ⟹ False"
by (unfold embedded_style_def, simp, insert Paradox.original_paradox, simp)}
\end{center}
Under the assumption that @{term "(λx. embedded_style ⦇G,❙ιy. φ y x⦈)"} is a proper map for
arbitrary @{term "embedded_style G"} and @{term "embedded_style φ"},
@{term "False"} is derivable in the embedding. However ‹λ›-expressions with the
equivalent of such maps as matrix were in fact part of PLM.
Since the inconsistency can be derived without relying on the meta-logical properties of
the embedding, it was immediately possible to translate the proof back to the language of PLM.
The resulting formulation then served as the basis for further
discussions with Edward Zalta.
Since then the issue leading to the paradox was identified as the \emph{description backdoor}
(see~\ref{TAO_Paradox_description_backdoor}) that can be used to construct a variety of
paradoxical cases, e.g. the paradox described in section~\ref{russell-paradox} can be reconstructed.
This refined version of the paradox is used in the inconsistency proof in \ref{TAO_Paradox_russell-paradox}
and is outlined in the language of PLM in the next section. The general situation
leading to the paradox is repeated without referring to the particularities of the embedding.
›
subsection‹Construction using the Language of PLM›
text‹
Object theory distinguishes between propositional and
non-propositional formulas. Propositional formulas are not allowed to
contain encoding subformulas, so for example \mbox{‹∃F xF›} is not
propositional. Only propositional formulas can be the matrix of a
‹λ›-expression, so \mbox{‹[λx ∃F xF]›} is not a valid term of
the theory - it is excluded syntactically.
The reason for this is that considering \mbox{‹[λx ∃F xF & ¬Fx]›} a valid, denoting
‹λ›-expression for which ‹β›-conversion holds would result in a
paradox as described in section~\ref{russell-paradox}.
Excluding non-propositional formulas in
‹λ›-expressions was believed to be sufficient to prevent such
inconsistencies. This was shown to be incorrect, though.
The problem is the \emph{description backdoor}. The term \mbox{‹[λy Fιxψ]›}
is well-formed, even if ‹ψ› is \emph{not} propositional. This is due to the definition
of \emph{subformula}: ‹ψ› is \emph{not} a subformula of ‹Fιxψ›, so ‹ψ› \emph{may} contain
encoding subformulas itself and ‹Fιxψ› is still a propositional formula.
This was deemed to be no problem and for cases like \mbox{‹[λy Fιx(xG)]›} as
they are mentioned and used in PLM this is indeed true.
It had not been considered that ‹y› may appear within the matrix of
such a description and more so, it may appear in an encoding expression, for example
\mbox{‹[λy Fιx(xG & yG)]›} is still a propositional formula.
Therefore, the following construction is possible:
\begin{equation}\tag{1}
‹[λy [λz ∀p(p→p)]ιx(x = y & ψ)]›
\end{equation}
Here ‹ψ› can be an arbitrary non-propositional formula in which ‹x› and ‹y›
may be free and (1) is still a valid, denoting ‹λ›-expression for which
‹β›-conversion holds.
By ‹β›-conversion and description theory the following is derivable:
\begin{equation}\tag{2}
‹[λy [λz ∀p(p→p)]ιx(x = y & ψ)]x ≡ ψ⇧x⇩y›
\end{equation}
\begin{remark}
Using a modally-strict proof only the following is derivable:\\
\mbox{‹[λy [λz ∀p(p→p)]ιx(x = y & ψ)]x ≡ 𝒜ψ⇧x⇩y›}\\
For the construction of the paradox, the modally-fragile statement
is sufficient. However, it is possible to construct similar paradoxical cases
without appealing to any modally-fragile axioms or theorems as well.
\end{remark}
This effectively undermines the intention of restricting ‹λ›-expressions
to only propositional formulas:
Although \mbox{‹[λx ∃F xF & ¬Fx]›} is not part of the language, it is possible to
formulate the following instead:
\begin{equation}\tag{3}
‹[λy [λz ∀p(p→p)]ιx(x = y & (∃F yF & ¬Fy))]›
\end{equation}
If one considers (2) now, one can see that this ‹λ›-expressions behaves
exactly the way that \mbox{‹[λx ∃F xF & ¬Fx]›} would, if it were part of the
language, i.e. the result of ‹β›-reduction for \mbox{‹[λx ∃F xF & ¬Fx]›} would be
the same as the right hand side of (2) when applied to (3). Therefore, the ‹λ›-expression
in (3) can be used to reproduce the paradox described in section~\ref{russell-paradox}.
›
subsection‹Possible Solutions›
text‹
Fortunately no theorems were derived in PLM, that actually use problematic
‹λ›-expressions as described above. Therefore, it is possible to recover from the
paradox without losing any theorems. At the time of writing, it seems likely that
a concept of \emph{proper} ‹λ›-expressions will be introduced to the theory and only
\emph{proper} ‹λ›-expressions will be forced to have denotations and allow ‹β›-conversion.
Problematic ‹λ›-expressions that would lead to paradoxes, will not be considered \emph{proper}.
Several options are available to define the propriety of \emph{‹λ›-expressions}
and to adjust PLM in detail.
As a consequence the purely syntactical distinction between propositional
and non-propositional formulas is no longer sufficient to guarantee
that every relation term has a denotation. The embedding of the theory shows
that an adequate definition of \emph{proper ‹λ›-expressions}
can consistently replace this distinction entirely yielding a broader set of relations.
The philosophical implications of such a radical modification of the theory
have not yet been analyzed entirely though, and at the time of writing
it is an open question whether such a modification may be implemented in
future versions of PLM.
›
end
section‹A Meta-Conjecture about Possible Worlds›
context PossibleWorlds
begin
text‹
A conversation between Bruno Woltzenlogel Paleo and Edward Zalta about the Theory
of Abstract Objects led to the following meta-conjecture:
\textquote{
For every syntactic possible world \emph{w}, there exists a semantic
point \emph{p} which is the denotation of \emph{w}.
}\footnote{This formulation originates in the resulting e-mail correspondence between
Bruno Woltzenlogel Paleo and Christoph Benzm\"uller.}
Since the embedding constructs a representation of the semantics of PLM, it was
possible to formally analyze the relationship between syntactic and semantic possible worlds
and arrive at the following theorems (see~\ref{TAO_PossibleWorlds}):
\begin{itemize}
\item @{thm SemanticPossibleWorldForSyntacticPossibleWorlds[of w]}
\item @{thm SyntacticPossibleWorldForSemanticPossibleWorlds[of w]}
\end{itemize}
The first statement shows that for every \emph{syntactic} possible world @{term "embedded_style x"}
there is a \emph{semantic} possible world @{term "v"}, such that a proposition is syntactically
true in @{term "embedded_style x"}, if and only if it is semantically true in @{term "v"}.
The second statement shows that for every \emph{semantic} possible world @{term "v"} there
is a \emph{syntactic} possible world @{term "embedded_style x"}, such that a proposition is semantically
true in @{term "v"}, if and only if it is \emph{syntactically} true in @{term "embedded_style x"}.
This result extends the following theorems already derived syntactically in PLM (‹w› is restricted
to only range over syntactic possible worlds):
\begin{itemize}
\item ‹◇p ≡ ∃w(w ⊨ p)› \hfill{(\ref{PM-fund}.1)}
\item ‹□p ≡ ∀w(w ⊨ p)› \hfill{(\ref{PM-fund}.2)}
\end{itemize}
Whereas the syntactic statements of PLM already show the relation between the modal operators
and syntactic possible worlds, the semantic statements derived in the embedding show that
there is in fact a natural bijection between syntactic and semantic possible worlds.
This example shows that a semantical embedding allows a detailed analysis of the semantical
properties of a theory and to arrive at interesting meta-logical results.
›
end
section‹Functional Object Theory›
text‹
The first and foremost goal of the presented work was to show that the second-order fragment of
the Theory of Abstract Objects as described in PLM can be represented in functional
higher-order logic using a shallow semantical embedding.
As a result a theory was constructed in Isabelle/HOL that - although its faithfulness
is yet to be formally verified - is most likely able to represent and verify all reasoning
in the target theory. A formal analysis of the faithfulness of the embedding
is unfortunately not possible at this time, since the theory of PLM first has to be adjusted
to prevent the discovered paradox. Depending on the precise modifications of PLM the embedding
will have to be adjusted accordingly, after which the question can be revisited.
The embedding goes to great lengths to construct a restricted environment, in which it is possible
to derive new theorems that can easily be translated back to the reference system of PLM.
The fact that the construction of the paradox described in section~\ref{paradox} could be reproduced
in the target logic, strongly indicates the merits and success of this approach.
Independently of the relation between the embedding and the target system, a byproduct
of the embedding is a working functional variant of object theory that deserves to be studied in
its own right. To that end future research may want to drop the layered structure of the embedding and
dismiss all constructions that solely serve to restrict reasoning in the embedding in order to
more closely reproduce the language of PLM. Automated reasoning in the resulting theory will be
significantly more powerful and the interesting properties of the original theory, that result
from the introduction of abstract objects and encoding, can still be preserved.
›
section‹Relations vs. Functions›
text‹
As mentioned in the introduction, Oppenheimer and Zalta argue that relational type theory is more
fundamental than functional type theory (see \<^cite>‹rtt›). One of their main arguments is that the
Theory of Abstract Objects is not representable in functional type theory.
The success of the presented embedding, however, suggests that the topic has to be
examined more closely.
Their result is supported by the presented work in the following sense: it is impossible to
represent the Theory of Abstract Objects by representing its ‹λ›-expressions directly as
primitive ‹λ›-expressions in functional logic. Furthermore, exemplification cannot
be represented classically as function application, while at the same time introducing encoding
as a second mode of predication.
This already establishes that the traditional approach of translating relational type theory
to functional type theory in fact fails for the Theory of Abstract Objects. A simple version of
functional type theory, that only involves two primitive types (for individuals and propositions),
is insufficient for a representation of the theory.
The embedding does not share several of the properties of
the representative functional type theory constructed in \<^cite>‹‹pp. 9-12› in rtt›:
\begin{itemize}
\item Relations are \emph{not} represented as functions from individuals to propositions.
\item Exemplification is \emph{not} represented as simple function application.
\item The ‹λ›-expressions of object theory are \emph{not} represented as
primitive ‹λ›-expressions.
\end{itemize}
To illustrate the general schema that the embedding uses instead assume
that there is a primitive type for each arity of relations ‹R⇩n›.
Let further ‹ι› be the type of individuals and ‹𝗈› be the type of propositions.
The general construct is now the following:
\begin{itemize}
\item Exemplification (of an ‹n›-place relation) is a function of type \mbox{‹R⇩n⇒ι⇒…⇒ι⇒𝗈›}.
\item Encoding is a function of type \mbox{‹ι⇒R⇩1⇒𝗈›}.
\item To represent ‹λ›-expressions functions ‹Λ⇩n› of type \mbox{‹(ι⇒…⇒ι⇒𝗈)⇒R⇩n›} are introduced.
The ‹λ›-expression \mbox{‹[λx⇩1…x⇩n φ]›} of object theory is represented as
\mbox{‹Λ⇩n[λx⇩1…x⇩n φ]›}.
\end{itemize}
The Theory of Abstract Objects restricts the matrix of ‹λ›-expressions to propositional
formulas, so not all functions of type \mbox{‹ι⇒…⇒ι⇒𝗈›} are supposed to denote relations.
However, since in classical functional type theory functions are total, ‹Λ⇩n› has to map
all these functions to some object of type ‹R⇩n›. To solve this problem concepts used in
the embedding of free logic can help\footnote{See the embedding of free logic constructed in \<^cite>‹FreeLogic›.}.
The function ‹Λ⇩n› can map functions of type \mbox{‹ι⇒…⇒ι⇒𝗈›} that do not
correspond to propositional formulas to objects of type ‹R⇩n› that
represent invalid (resp. non-existing) relations. For invalid relations the functions used
to represent encoding and exemplification can be defined to map to an object of type ‹𝗈›
that represents invalid propositions.
Oppenheimer and Zalta argue that using a free logic and letting non-propositional
formulas fail to denote is not an option, since it prevents classical reasoning for non-propositional
formulas\footnote{See \<^cite>‹‹pp. 30-31› in rtt›.}. Although this is true for the case of a simple
functional type theory, it does not apply to the constructed theory: since only objects of
type ‹R⇩n› may fail to denote, non-propositional reasoning is unaffected.
\begin{remark}
Although the constructed functional type theory is based on the general structure of the
presented embedding, instead of introducing concepts of free logic, ‹λ›-expressions
involving non-propositional formulas are assigned \emph{non-standard} denotations,
i.e. they do denote, but ‹β›-conversion only holds under certain conditions
(see~\ref{differences-lambda}). Although this concept has merits as well, future versions of the embedding
may instead utilize the concepts described in \<^cite>‹FreeLogic› to replace this construction
by a free logic implementation that will more closely reflect the concepts of propositional formulas
and ‹λ›-expressions in object theory.
\end{remark}
The constructed theory can represent the relations and ‹λ›-expressions of object theory,
as well as exemplification and encoding. Furthermore, the embedding shows that it has a model and
that an adequate intensional interpretation of propositions can be used to
preserve the desired hyperintensionality of relations in ‹λ›-expressions.
In summary it can be concluded that a representation of object theory in functional type theory
is feasible, although it is connected with a fair amount of complexity (i.e. the introduction of
additional primitive types and the usage of concepts of intensional and free logic).
On the other hand, whether this result contradicts the philosophical claim that relations are
more fundamental than functions, is still debatable considering the fact that the proposed
construction has to introduce new primitive types for relations\footnote{Note, however,
that the embedding can represent relations as functions acting on urelements following the
Aczel-model.} and the construction is complex in general. Further it has to be noted that so
far only the second-order fragment of object theory has been considered and the full
type-theoretic version of the theory may present further challenges.
\pagebreak
›
section‹Conclusion›
text‹
The presented work shows that shallow semantical embeddings in HOL have the potential to represent
even highly complex theories that originate in a fundamentally different tradition of logical
reasoning (e.g. relational instead of functional type theory). The presented embedding represents
the most ambitious project in this area so far and its success clearly shows the merits of the approach.
Not only could the embedding uncover a previously unknown paradox in the formulation of its target
theory, but it could contribute to the understanding of the relation between functional and
relational type theory and provide further insights into the general structure of the target theory,
its semantics and possible models. It can even show that a consistent extension of the theory
is possible that can increase its expressibility.
For the field of mathematics an analysis of chapters 14 and 15 of PLM, that construct
natural numbers and theoretical mathematical objects and relations in object theory,
is of particular interest. The embedding can be a significant aid in the study of these chapters, since the
properties of the derived objects and relations can immediately be analyzed and verified using the extensive library for abstract
mathematical reasoning already present in Isabelle/HOL as a reference.
The presented work introduces novel concepts that can benefit future endeavors of semantical
embeddings in general: a layered structure allows the representation of a target theory without
extensive prior results about its model structure and provides the means to comprehensively
study potential models. Custom proving methods can benefit automated reasoning in an embedded
logic and provide the means to reproduce even complex deductive rules of a target system
in a user-friendly manner.
The fact that the embedding can construct a verified environment which allows to conveniently
prove and verify theorems in the complex target system while retaining the support of automated
reasoning tools, shows the great potential of semantical embeddings in providing the means
for a productive interaction between humans and computer systems.
›
end