First-order logic with quantifiability

We start with Interface:Classical propositional calculus and Interface:First-order logic.

 import (CLASSICAL Interface:Classical_propositional_calculus ) import (WITHOUT_QUANTIFIABILITY Interface:First-order_logic (CLASSICAL) ) 

As usual, φ and ψ are formulas, x, y, and z are variables, and s, t, and u are objects:

 var (formula φ ψ φx φy φs) var (object s t u s0 s1 t0 t1) var (variable x y z x0 x1 y0 y1) 

Term equality
Here we prove that equality between terms (not just variables) is reflexive, symmetric, and transitive, and prove some related convenience theorems.

Axiom of quantifiability
We define term equality in Interface:Axiom of quantifiability, so we need to import that interface now, even though for now we are just using it for term equality, rather than for using the axiom of quantifiability in other contexts.

 import (QUANTIFIABILITY_AXIOM Interface:Axiom_of_quantifiability (CLASSICAL WITHOUT_QUANTIFIABILITY) ) 

Reflexivity
We start with reflexivity. The proof is just as in First-order logic except we are using a term rather than a variable, and  and   are replaced by   and.

 thm (EqualityReflexivity-1   (((value x) = s) → (s = s)) ( ((value x) = s) ConjunctionIdempotence eliminateBiconditionalReverse

(value x) s s TermEqualityAxiom import

applySyllogism ))

thm (EqualityReflexivity-2   ((∀ x (¬ (s = s))) → (∀ x (¬ ((value x) = s)))) ( x s EqualityReflexivity-1 introduceTransposition

x addForAll ))

thm (EqualityReflexivity ( (x s)) (s = s) ( x s Quantifiability

(¬ (s = s)) x Generalization x s EqualityReflexivity-2 applySyllogism

x ((value x) = s) NotThereExists eliminateBiconditionalForward applySyllogism

eliminateTransposition

applyModusPonens )) 

Symmetry
Symmetry start with  from the equality axiom, and then detach   because we have already proved reflexivity.  thm (EqualitySymmetryImplication   ((s = t) → (t = s)) ( s EqualityReflexivity s t s TermEqualityAxiom detachImplicationImplication ))

thm (EqualitySymmetry  ((s = t) ↔ (t = s)) ( s t EqualitySymmetryImplication t s EqualitySymmetryImplication introduceBiconditionalFromImplications )) 

Transitivity
Transitivity is now just a rearangement of our equality axiom:  thm (EqualityTransitivity   (((s = t) ∧ (t = u)) → (s = u)) ( s t EqualitySymmetryImplication t s u TermEqualityAxiom applySyllogism import )) 

Rules
Here are some rules for equality of terms.

 thm (swapEquality ((H (s = t))) (t = s) ( H       s t EqualitySymmetry eliminateBiconditionalReverse applyModusPonens ))

thm (swapEqualityInConsequent ((H (φ → (s = t)))) (φ → (t = s)) ( H       s t EqualitySymmetry eliminateBiconditionalReverse applySyllogism ))

thm (applyEqualityTransitivity ((H1 (s = t)) (H2 (t = u))) (s = u) ( H1       H2        introduceConjunction s t u EqualityTransitivity applyModusPonens ))

thm (applyEqualityTransitivityInConsequent ((H1 (φ → (s = t))) (H2 (φ → (t = u)))) (φ → (s = u)) ( H1       H2        composeConjunction s t u EqualityTransitivity applySyllogism )) 

Builder
can be derived from transitivity. We start with a special case:

 thm (EqualityBuilderRR  ((s0 = s1) → ((s0 = t) ↔ (s1 = t))) (  The proof has two halves, each of which is proved by transitivity and an export. The forward implication,, also involves switching the order of the opening equality.  s0 s1 EqualitySymmetry eliminateBiconditionalReverse

s1 s0 t EqualityTransitivity export

applySyllogism

</jh> The reverse implication,, is even simpler:  s0 s1 t EqualityTransitivity export

</jh> We then combine the two directions:  composeConjunction

(s0 = t) (s1 = t) BiconditionalImplication eliminateBiconditionalForward applySyllogism )) </jh>

We provide an analogous result with the order of the equalities changed,.  thm (commute2  (((s0 = t0) ↔ (s1 = t1)) → ((t0 = s0) ↔ (t1 = s1))) ( s0 t0 EqualitySymmetry s1 t1 EqualitySymmetry buildBiconditional eliminateBiconditionalReverse ))

thm (EqualityBuilderLL  ((s0 = s1) → ((t = s0) ↔ (t = s1))) ( s0 s1 t EqualityBuilderRR s0 t s1 t commute2 applySyllogism )) </jh>

Combining  and   gives us the full builder.

 thm (EqualityBuilder  (((s0 = s1) ∧ (t0 = t1)) → ((s0 = t0) ↔ (s1 = t1))) ( (s0 = s1) (t0 = t1) ConjunctionRightElimination s0 s1 t0 EqualityBuilderRR applySyllogism

(s0 = s1) (t0 = t1) ConjunctionLeftElimination t0 t1 s1 EqualityBuilderLL applySyllogism

composeConjunction

(s0 = t0) (s1 = t0) (s1 = t1) BiconditionalTransitivity applySyllogism ))

thm (buildEquality ((HX (s0 = s1)) (HY (t0 = t1))) ((s0 = t0) ↔ (s1 = t1)) ( HX       HY        introduceConjunction s0 s1 t0 t1 EqualityBuilder applyModusPonens ))

thm (buildEqualityRR ((H (s0 = s1))) ((s0 = t) ↔ (s1 = t)) ( H       t EqualityReflexivity introduceConjunction

s0 s1 t t EqualityBuilder

applyModusPonens ))

thm (buildEqualityLL ((H (t0 = t1))) ((s = t0) ↔ (s = t1)) ( s EqualityReflexivity H       introduceConjunction

s s t0 t1 EqualityBuilder

applyModusPonens )) </jh>

For convenience, we also supply builders in the consequent:

 thm (buildEqualityInConsequent  ((HN (φ → (s0 = s1))) (HM (φ → (t0 = t1)))) (φ → ((s0 = t0) ↔ (s1 = t1))) ( HN HM composeConjunction s0 s1 t0 t1 EqualityBuilder applySyllogism ))

thm (buildEqualityRRInConsequent  ((H (φ → (s0 = s1))))  (φ → ((s0 = t) ↔ (s1 = t))) ( H       t EqualityReflexivity φ introduceAntecedent buildEqualityInConsequent ))

thm (buildEqualityLLInConsequent  ((H (φ → (t0 = t1))))  (φ → ((s = t0) ↔ (s = t1))) ( s EqualityReflexivity φ introduceAntecedent H       buildEqualityInConsequent )) </jh>

Substitution of terms
We now turn to substitution of a term for a variable.

In some formulations of predicate logic, this kind of substitution (known as proper substitution as there are some rules about what kinds of substitution are valid) is performed syntactically and the rules governing it are expressed in English or a meta-theory. JHilbert does not have a feature to do syntactic proper substitution, but we are able to build up equivalent mechanisms from equality. The theorems in Interface:First-order logic with quantifiability could be proven from either the syntactic definition or ours.

We define a formula  which means, roughly, that   is true if ocurrences of   are replaced by   ("roughly" because we have not tried to define proper substitution precisely). In dicussion, we also use the notation  (which is not legal JHilbert syntax) for the same thing. The definition is. The definition contains a dummy variable  to give the expected results if   and   are not distinct.  def ((subst s x φ) (∃ y (((value y) = s) ∧ (∃ x (((value x) = (value y)) ∧ φ))))) </jh>

This section contains a few of the preliminary results, which mostly don't need the axiom of quantifiability (but which do rely on some term equality theorems which rely on Interface:Axiom of quantifiability).

Definition as theorem
We first prove a theorem form of the definition.  thm (Subst ((x y) (y s) (y φ) (z x) (y z) (z s) (z φ))  ( (subst s x φ) ↔ (∃ y (((value y) = s) ∧ (∃ x (((value x) = (value y)) ∧ φ)) )) ) ( </jh> What we need to prove is. The first step is  (value z) (value y) s EqualityBuilderRR

(value z) (value y) (value x) EqualityBuilderLL φ buildConjunctionRRInConsequent x buildThereExistsInConsequent

buildConjunctionInConsequent </jh> Then we just apply our change-variable theorem and we are done.  ChangeVariableThereExists )) </jh>

Builders
We can build up formulas based on equivalences or equalities of the the substituted proposition or the replacement (that is,  or   in , respectively).

Based on replacement
In this section we will prove. This is like dfsbcq in set.mm. The set.mm analogue for substituting a  (rather than an  ) is sbequ.

 thm (SubstBuilderReplacement ((s y) (t y) (φ y) (x y))  ((s = t) → ((subst s x φ) ↔ (subst t x φ))) ( s t (value y) EqualityBuilderLL (∃ x (((value x) = (value y)) ∧ φ)) buildConjunctionRRInConsequent y buildThereExistsInConsequent

</jh> Now we just need to apply the definition of  and we are done:  s x φ y Subst t x φ y Subst buildBiconditional

eliminateBiconditionalForward applySyllogism ))

thm (buildSubstReplacement ((H (s = t)))   ((subst s x φ) ↔ (subst t x φ)) ( H       s t x φ SubstBuilderReplacement applyModusPonens )) </jh>

Implication builder
Analogous to our other implication builders, this theorem takes an implication and lets us add  to both sides. The proof is just a straightforward application of the existing builders for conjunction and ∃.  thm (SubstAddition ((y s) (y x) (y ψ) (y φ)) ((∀ x (φ → ψ)) → ((subst s x φ) → (subst s x ψ))) ( φ ψ ((value x) = (value y)) ConjunctionMultiplicationLL x addForAll

x (((value x) = (value y)) ∧ φ) (((value x) = (value y)) ∧ ψ) ForAllImplicationThereExists applySyllogism

(∃ x (((value x) = (value y)) ∧ φ)) (∃ x (((value x) = (value y)) ∧ ψ)) ((value y) = s) ConjunctionMultiplicationLL applySyllogism

y addForAllToConsequent y         (((value y) = s) ∧ (∃ x (((value x) = (value y)) ∧ φ))) (((value y) = s) ∧ (∃ x (((value x) = (value y)) ∧ ψ))) ForAllImplicationThereExists applySyllogism </jh> Now we just need to apply the definition of  and we are done:  s x φ y Subst swapBiconditional

s x ψ y Subst swapBiconditional

buildImplication eliminateBiconditionalReverse applySyllogism ))

thm (addSubst ((H (φ → ψ))) ((subst s x φ) → (subst s x ψ)) ( H       x generalize x φ ψ s SubstAddition applyModusPonens )) </jh>

Biconditional builder
The builder for the biconditional is very similar to the implication builder. It could be proved much the way we proved the implication builder, but we derive it from the implication builder.

 thm (SubstBuilder  ((∀ x (φ ↔ ψ)) → ((subst s x φ) ↔ (subst s x ψ))) ( φ ψ BiconditionalReverseElimination x addForAll x φ ψ s SubstAddition applySyllogism

φ ψ BiconditionalForwardElimination x addForAll x ψ φ s SubstAddition applySyllogism

introduceBiconditionalFromImplicationsInConsequent )) </jh>

Here is a rule form.  thm (buildSubst ((H (φ ↔ ψ))) ((subst s x φ) ↔ (subst s x ψ)) ( H eliminateBiconditionalReverse s x addSubst H eliminateBiconditionalForward s x addSubst introduceBiconditionalFromImplications )) </jh>

Proving there-exists
One way to prove a formula of the form  is to demonstrate a particular   for which   holds. In constructive logic any theorem  can be proved this way (because of the existence property), but even in classical (non-constructive) logic this is one of the most common ways of proving.

In our notation, this idea is expressed via : <jh> thm (ThereExistsIntroductionFromObject ( (y φ) (y x) (y s))  ((subst s x φ) → (∃ x φ)) ( </jh> The proof takes the definition of,   and pares it down by eliminating the parts we don't need. We start by expanding the definition. <jh> s x φ y Subst eliminateBiconditionalReverse </jh> Then we trim out , <jh> ((value y) = s) (∃ x (((value x) = (value y)) ∧ φ)) ConjunctionLeftElimination y addThereExists applySyllogism </jh> and. <jh> ((value x) = (value y)) φ ConjunctionLeftElimination x addThereExists y addThereExists applySyllogism </jh> The only thing remaining is to simplify  to. <jh> removeThereExistsInConsequent ))

thm (introduceThereExistsFromObject ((H (subst s x φ))) (∃ x φ) ( H       s x φ ThereExistsIntroductionFromObject applyModusPonens )) </jh>

Free variables and substitution
A substitution acts like a quantifier in the sense that it binds the variable being substituted. So this variable is not free in the substituted formula (provided it is not free in the object being substituted for the variable). <jh> thm (SubstNotFree ((x s) (y x) (y s) (y φ))  (x is-not-free-in (subst s x φ)) ( </jh> The proof consists of just applying our not-free theorems to each piece of the definition of <jh> x ((value y) = s) DistinctNotFree x (((value x) = (value y)) ∧ φ) BoundThereExistsNotFree conjunctionNotFree y addThereExistsNotFree

s x φ y Subst x buildNotFree eliminateBiconditionalForward

applyModusPonens )) </jh>

Axiom of quantifiability
At this point we start using the axiom of quantifiability without reservation, not just as a way of defining term equality.

Specialization with substitution
The version of  from Interface:First-order logic is not the one most often presented as a theorem (or axiom) of predicate logic. The standard version also contains a substitution, and is often worded something like "if a formula holds for all values of a variable, it also holds when a particular term is properly substituted for that variable" or in symbols. <jh> thm (SpecializationToObject ((y s) (y x) (y φ)) ((∀ x φ) → (subst s x φ)) ( </jh> We start with  and eliminate the second antecedent (because it is an instance of  ). <jh> x (value y) Quantifiability x φ ((value x) = (value y)) ThereExistsConjunctionCombining detach2of2 </jh> Commuting the conjunction in the consequent gives <jh> φ ((value x) = (value y)) ConjunctionCommutativity x buildThereExists eliminateBiconditionalReverse applySyllogism </jh> We are heading towards the definition of, which has two quantifiers: an outer one on   and an inner one on. So far we have the quantifier for  and a similar set of steps to the ones we just took will give us a similar expression with a quantifier for. <jh> y addForAllToConsequent </jh> We add  (a theorem) to the consequent: <jh> y s Quantifiability (∀ x φ) introduceAntecedent composeConjunction </jh> The consequent is, which we first turn into  , <jh> y (∃ x (((value x) = (value y)) ∧ φ)) ((value y) = s) ThereExistsConjunctionCombining applySyllogism </jh> And then into. <jh> (∃ x (((value x) = (value y)) ∧ φ)) ((value y) = s) ConjunctionCommutativity y buildThereExists eliminateBiconditionalReverse applySyllogism </jh> Now we just need to apply the definition of  and we are done: <jh> s x φ y Subst eliminateBiconditionalForward applySyllogism)) </jh>

A rule
<jh> var (formula antecedent) thm (specializeToObjectInConsequent ((H (antecedent → (∀ x φ)))) (antecedent → (subst s x φ)) ( H       x φ s SpecializationToObject applySyllogism )) </jh>

Quantifiers and equality
Here we prove a number of results involving equality and quantifiers. Many of them will pave the way for results involving explicit (subst) substitution.

Implicit substitution and ∀
A statement of the form, where   is not free in  , can be thought of as an implicit substitution, as it can be used to relate a formula about   to a formula about. Here we relate such a statement to  (which is one of the formulas we'll be using in manipulating substitutions). The proof is based on one from Raph Levien. <jh> thm (ImplicitSubstitutionForAllNotFree ((x s)) ((HFREE (x is-not-free-in ψ))) ((∀ x (((value x) = s) → (φ ↔ ψ))) → ((∀ x (((value x) = s) → φ)) ↔ ψ)) ( </jh> First we turn  into. <jh> ((value x) = s) φ ψ ImplicationDistributionOverBiconditional </jh> Then we distribute the quantifier to give. <jh> x buildForAll eliminateBiconditionalReverse

x (((value x) = s) → φ) (((value x) = s) → ψ) ForAllBiconditional applySyllogism </jh> Since  is not free in , we can rewrite. <jh> HFREE ((value x) = s) ForAllImplicationConsequentMovement transformImplicationBiconditionalRight </jh> But  is a theorem, so we can detach it. We do so by first proving. <jh> x s Quantifiability (∃ x ((value x) = s)) ψ ModusPonens detach1of2

ψ (∃ x ((value x) = s)) AntecedentIntroduction

introduceBiconditionalFromImplications

transformImplicationBiconditionalRight )) </jh>

A rule form with a distinct variable constraint instead of a freeness hypothesis is: <jh> thm (ImplicitForAll ((x s) (x ψ)) ((HEQ (((value x) = s) → (φ ↔ ψ)))) ((∀ x (((value x) = s) → φ)) ↔ ψ) ( HEQ x generalize

x ψ DistinctNotFree s φ ImplicitSubstitutionForAllNotFree

applyModusPonens )) </jh>

Implicit substitution and ∃
There is a similar result with ∃.

Our implicit substitution theorem is: <jh> thm (ImplicitSubstitutionThereExists ((x s)) ((HFREE (x is-not-free-in ψ)))  ((∀ x (((value x) = s) → (φ ↔ ψ))) → ((∃ x (((value x) = s) ∧ φ)) ↔ ψ)) ( </jh> The proof basically consists of massaging negations to derive this result from the corresponding one for ∀. We start by showing that  implies that   is equivalent to. <jh> φ ψ NegationFunction eliminateBiconditionalReverse ((value x) = s) addCommonAntecedent x addForAll

HFREE negateNotFree s (¬ φ) ImplicitSubstitutionForAllNotFree

applySyllogism </jh> Now we need to show that  implies. We first turn the former into : <jh> (∀ x (((value x) = s) → (¬ φ))) ψ BiconditionalTranspositionWithNegatedRight </jh> We stick  on the proof stack for later use, <jh> ψ BiconditionalReflexivity </jh> and work just with  for now. We move the negation past the quantifier to get : <jh> x (((value x) = s) → (¬ φ)) NotForAll </jh> Now we turn the negations and implication into a conjunction: <jh> ((value x) = s) φ ConjunctionImplication swapBiconditional x buildThereExists applyBiconditionalTransitivity </jh> Bringing back two statements we left on the proof stack, we assemble the formula that  is equivalent to  , <jh> buildBiconditional applyBiconditionalTransitivity </jh> flip the order to get , <jh> eliminateBiconditionalReverse ψ (∃ x (((value x) = s) ∧ φ)) BiconditionalSymmetry eliminateBiconditionalReverse applySyllogism </jh> and combine this with the first part of the proof. <jh> applySyllogism )) </jh>

The rule form is: <jh> thm (ImplicitThereExistsNotFree ((x s)) ((HFREE (x is-not-free-in ψ)) (HEQ (((value x) = s) → (φ ↔ ψ)))) ((∃ x (((value x) = s) ∧ φ)) ↔ ψ) ( HEQ x generalize

HFREE s φ ImplicitSubstitutionThereExists

applyModusPonens )) </jh>

and a version with distinct variable constraint instead of a freeness hypothesis is: <jh> thm (ImplicitThereExists ((x s) (x ψ)) ((HEQ (((value x) = s) → (φ ↔ ψ)))) ((∃ x (((value x) = s) ∧ φ)) ↔ ψ) ( x ψ DistinctNotFree HEQ ImplicitThereExistsNotFree )) </jh>

Implicit substitution of an object for a variable
Suppose that we have a formula  and a formula   which is much the same, but with   in place of. Then if  is a theorem, we can conclude.

Before we state this more formally, we prove a lemma.

<jh> thm (VariableToObjectLemma ((x s) (x φ)) ((H (((value x) = s) → φ)))  φ ( x s Quantifiability H       x addThereExistsToAntecedent applyModusPonens )) </jh>

Our main result can be restated as that  and   enable us to conclude.

<jh> thm (VariableToObject ((x s) (x φs)) ((HSUB (((value x) = s) → (φx ↔ φs))) (Hφx φx) ) φs ( Hφx HSUB detachImplicationBiconditional VariableToObjectLemma )) </jh>

Object version of VariableSubstitution axiom
The  axiom is stated in terms of substitution of one variable for another. The analogue in which an object is substituted for a variable also holds. <jh> thm (ObjectSubstitution ((x s) (x y) (φ y) (s y))   (((value x) = s) → (φ → (∀ x (((value x) = s) → φ)))) ( </jh> The general idea of the proof is to "substitute"  for   using a formula of the form.

We start with our substitution, <jh> (value y) s (value x) EqualityBuilderLL

(value y) s (value x) EqualityBuilderLL φ buildCommonConsequentInConsequent x buildForAllInConsequent φ buildCommonAntecedentInConsequent

buildImplicationInConsequent </jh> Now we apply  to convert the axiom to our desired result. <jh> x y φ VariableSubstitution VariableToObject )) </jh>

Two ways to express substitution when variables are distinct
In previous sections, we have seen that  and   behave similarly. In fact, as long as  and   are distinct, they are completely equivalent. <jh> thm (ThereExistsForAll ((x s)) ((∃ x (((value x) = s) ∧ φ)) ↔ (∀ x (((value x) = s) → φ))) ( </jh> First we stick something on the proof stack for later use: <jh> x (((value x) = s) → φ) BoundForAllNotFree </jh> The proof consists of first proving , <jh> x s φ ObjectSubstitution

x (((value x) = s) → φ) Specialization applyComm

introduceBiconditionalFromImplicationsInConsequent </jh> and then turning this implicit substitution into its ∃ form. <jh> ImplicitThereExistsNotFree )) </jh>

Substitution and ∃
We've already seen that  is closely related to substitution. Here we show that it is equivalent to, as long as   does not appear in. <jh> thm (SubstitutionThereExists ((x s) (s y) (x y) (φ y)) ( (subst s x φ) ↔ (∃ x (((value x) = s) ∧ φ))) ( </jh> We start with applying some builders to get. <jh> (value y) s (value x) EqualityBuilderLL φ buildConjunctionRRInConsequent x buildThereExistsInConsequent </jh> then gives us, which is our desired result by the definition of. <jh> ImplicitThereExists </jh> Now we just need to apply the definition of  and we are done: <jh> swapBiconditional s x φ y Subst swapBiconditional applyBiconditionalTransitivity swapBiconditional )) </jh>

Substitution of a variable which is not free
Substituting a formula with a variable which is not free in that formula has no effect.

<jh> thm (NullSubstitution ((x φ)) ((subst s x φ) ↔ φ) ( </jh> The forward direction is. <jh> s x φ ThereExistsIntroductionFromObject removeThereExistsInConsequent </jh> The reverse direction starts with  to give , and then   turns that into <jh> φ x Generalization x φ s SpecializationToObject applySyllogism </jh> Combining the forward and reverse directions finishes the proof. <jh> introduceBiconditionalFromImplications )) </jh>

Substitution can be moved across connectives and quantifiers
Substituting a formula consisting of a logical connective is equivalent to substituting each of the operands of that connective.

Negation
For negation, this is.

The proof consists of just moving negation around (via the following lemma) and applying.

<jh> thm (SubstNegationLemma    ((∀ x (((value x) = s) → (¬ φ))) ↔ (¬ (∃ x (((value x) = s) ∧ φ)))) ( x s φ equs3 transposeBiconditionalWithNegatedRight ))

thm (SubstNegation ((y x) (y s) (y φ)) ((subst s x (¬ φ)) ↔ (¬ (subst s x φ))) ( s x (¬ φ) y Subst

y s (∃ x (((value x) = (value y)) ∧ (¬ φ))) ThereExistsForAll applyBiconditionalTransitivity

x (value y) (¬ φ) ThereExistsForAll ((value y) = s) buildImplicationAntecedent y buildForAll applyBiconditionalTransitivity

x (value y) φ SubstNegationLemma ((value y) = s) buildImplicationAntecedent y buildForAll applyBiconditionalTransitivity

y s (∃ x (((value x) = (value y)) ∧ φ)) SubstNegationLemma applyBiconditionalTransitivity

s x φ y Subst swapBiconditional addNegation applyBiconditionalTransitivity )) </jh>

Disjunction
We can prove the ability to move substitution across a disjunction by expanding the definition and applying theorems which let us move ∃ and ∧ across disjunctions. <jh> thm (SubstDisjunction ( (y s) (y x) (y φ) (y ψ)) ((subst s x (φ ∨ ψ)) ↔ ((subst s x φ) ∨ (subst s x ψ))) ( s x (φ ∨ ψ) y Subst

((value x) = (value y)) φ ψ ConjunctionLeftDistribution x buildThereExists ((value y) = s) buildConjunctionLL y buildThereExists applyBiconditionalTransitivity

x (((value x) = (value y)) ∧ φ) (((value x) = (value y)) ∧ ψ) ThereExistsDisjunction ((value y) = s) buildConjunctionLL y buildThereExists applyBiconditionalTransitivity

((value y) = s) (∃ x (((value x) = (value y)) ∧ φ)) (∃ x (((value x) = (value y)) ∧ ψ)) ConjunctionLeftDistribution y buildThereExists applyBiconditionalTransitivity

y (((value y) = s) ∧ (∃ x (((value x) = (value y)) ∧ φ))) (((value y) = s) ∧ (∃ x (((value x) = (value y)) ∧ ψ))) ThereExistsDisjunction applyBiconditionalTransitivity

s x φ y Subst s x ψ y Subst buildDisjunction swapBiconditional applyBiconditionalTransitivity )) </jh>

Other connectives
The corresponding theorems for the other three connectives follow from those for negation and disjunction. <jh> thm (SubstConjunction  ((subst s x (φ ∧ ψ)) ↔ ((subst s x φ) ∧ (subst s x ψ))) ( φ ψ DeMorganNDN swapBiconditional s x buildSubst

s x ((¬ φ) ∨ (¬ ψ)) SubstNegation applyBiconditionalTransitivity

s x (¬ φ) (¬ ψ) SubstDisjunction addNegation applyBiconditionalTransitivity

s x φ SubstNegation s x ψ SubstNegation buildDisjunction addNegation applyBiconditionalTransitivity

(subst s x φ) (subst s x ψ) DeMorganNDN applyBiconditionalTransitivity ))

thm (SubstImplication  ((subst s x (φ → ψ)) ↔ ((subst s x φ) → (subst s x ψ))) ( φ ψ ImplicationDisjunction s x buildSubst

s x (¬ φ) ψ SubstDisjunction applyBiconditionalTransitivity

s x φ SubstNegation (subst s x ψ) buildDisjunctionRR applyBiconditionalTransitivity

(subst s x φ) (subst s x ψ) ImplicationDisjunction swapBiconditional applyBiconditionalTransitivity ))

thm (SubstBiconditional  ((subst s x (φ ↔ ψ)) ↔ ((subst s x φ) ↔ (subst s x ψ))) ( φ ψ BiconditionalImplication s x buildSubst

s x (φ → ψ) (ψ → φ) SubstConjunction applyBiconditionalTransitivity

s x φ ψ SubstImplication s x ψ φ SubstImplication buildConjunction applyBiconditionalTransitivity

(subst s x φ) (subst s x ψ) BiconditionalImplication swapBiconditional applyBiconditionalTransitivity )) </jh>

Quantifiers
We can move substitution across a quantifier to a distinct variable:. <jh> thm (SubstThereExists ((x y s z) (z φ)) ((subst s x (∃ y φ)) ↔ (∃ y (subst s x φ))) ( </jh> To prove this, we simply expand the definition of  and move   across each piece of it. The expansion is <jh> s x (∃ y φ) z Subst

y ((value x) = (value z)) φ ThereExistsConjunctionMovement x buildThereExists ((value z) = s) buildConjunctionLL z buildThereExists swapBiconditional applyBiconditionalTransitivity

x y (((value x) = (value z)) ∧ φ) ThereExistsCommutation ((value z) = s) buildConjunctionLL z buildThereExists applyBiconditionalTransitivity

y ((value z) = s) (∃ x (((value x) = (value z)) ∧ φ)) ThereExistsConjunctionMovement z buildThereExists swapBiconditional applyBiconditionalTransitivity

z y (((value z) = s) ∧ (∃ x (((value x) = (value z)) ∧ φ))) ThereExistsCommutation applyBiconditionalTransitivity

s x φ z Subst y buildThereExists swapBiconditional applyBiconditionalTransitivity )) </jh>

Composition
+If we first substitute  for , and then substitute   for  , the whole process is equivalent to substituting   for   (subject to some distinct variable constraints). <jh> thm (SubstitutionComposition ((φ y) (s y) (x y))  ((subst s y (subst (value y) x φ)) ↔ (subst s x φ)) ( </jh> The proof consists of rewriting both of the substitutions on the left hand side via. First we show. <jh> s y (subst (value y) x φ) SubstitutionThereExists </jh> The second invocation of  shows that the right hand side of that expression is equivalent to  <jh> (value y) x φ SubstitutionThereExists ((value y) = s) buildConjunctionLL y buildThereExists applyBiconditionalTransitivity </jh> But  is , by definition. <jh> s x φ y Subst swapBiconditional applyBiconditionalTransitivity )) </jh>

Substitution of objects, with axiom of quantifiability
The axiom of quantifiability allows us to prove more substitution results because we can assume that a variable can take on a value corresponding to any object.

Substitution of a theorem remains a theorem
If we have a theorem, we can add a variable substitution onto it.

<jh> thm (introduceSubst ((H φ)) (subst s x φ) ( H       x generalize x φ s SpecializationToObject applyModusPonens )) </jh>

Convert from implicit substitution
A statement of the form, where   is not free in  , can be thought of as an implicit substitution, as it can be used to relate a formula about   to a formula about.

Although the distinct variable constraint between  and   should not be necessary (if we wanted to require that   and   are distinct we could have a simpler definition of  ), even the version with the constraint can be useful.

<jh> thm (makeSubstExplicitNotFree ((x s) (y ψ) (x y) (y s) (y φ))  ((HFREE (x is-not-free-in ψ)) (HEQ (((value x) = s) → (φ ↔ ψ))) ) ((subst s x φ) ↔ ψ) ( </jh> The proof will basically consist of two applications of.

First we rewrite  as  <jh> ((value y) = s) ((value x) = (value y)) ConjunctionCommutativity eliminateBiconditionalReverse (value x) (value y) s EqualityTransitivity applySyllogism

HEQ applySyllogism

export </jh> Now we add  to the consequent: <jh> x addForAllToConsequent </jh> The first application of  turns   into  : <jh> HFREE (value y) φ ImplicitSubstitutionThereExists </jh> Combining these results gets : <jh> applySyllogism </jh> We then apply  again to get , which is our desired result. <jh> y generalize y ψ DistinctNotFree s (∃ x (((value x) = (value y)) ∧ φ)) ImplicitSubstitutionThereExists applyModusPonens </jh> Now we just need to apply the definition of  and we are done: <jh> swapBiconditional s x φ y Subst swapBiconditional applyBiconditionalTransitivity swapBiconditional ))

thm (makeSubstExplicit ((x s) (x ψ)) ((H (((value x) = s) → (φ ↔ ψ))))  ((subst s x φ) ↔ ψ) ( x ψ DistinctNotFree H       makeSubstExplicitNotFree )) </jh>

Substituting one quantified variable for another
If we have a quantified formula, and we substitute the quantified variable for another (using ), the formula holds with the substituted variable in the quantifier. In symbols, this is  and , where   is not free in.

A theorem relating a substituted formula to equality
Here we prove. One way of understanding this theorem is to compare it with the following instance of :. The similarity should be obvious (although we actually will prove  as a consequence of this result rather than the other way around).

First we prove the case where  and   are distinct (later we will be able to remove this limitation). We start with the forward direction. <jh> thm (EqualitySubstForward ((x s) (z x) (z s) (z φ))  (((value x) = s) → (φ → (subst s x φ))) ( </jh> The proof consists of gradually building up the definition of. It is somewhat similar to the proof in metamath although the details are different because we have a different definition of.

We're going to start with, and then we want to change the innermost   to   (under the condition that  ). We do this by using  as an antecedent in both cases. <jh> (((value x) = s) ∧ φ) ((value z) = s) ConjunctionRightElimination (((value x) = s) ∧ φ) x ThereExistsIntroduction applySyllogism </jh> The next bit is centered around the substitution. When combined with conjunction elimination and getting rid of half of the biconditional, it becomes. <jh> (((value x) = s) ∧ φ) ((value z) = s) ConjunctionLeftElimination

(value z) s (value x) EqualityBuilderLL φ buildConjunctionRRInConsequent x buildThereExistsInConsequent

applySyllogism

eliminateBiconditionalForwardInConsequent </jh> Combining those two formulas and exporting gives. <jh> applyModusPonensInConsequent export </jh> It is easy to add  because   is distinct from everything else. This gives us. <jh> z addForAllToConsequent </jh> Again,  being distinct makes life easy as we turn the consequent into the definition of subst and apply the definition. <jh> z s (∃ x (((value x) = (value z)) ∧ φ)) ThereExistsForAll eliminateBiconditionalForward applySyllogism

s x φ z Subst eliminateBiconditionalForward applySyllogism </jh> That gives us  which is just an export from our desired theorem. <jh> export )) </jh>

The reverse direction is basically a transposition away. <jh> thm (EqualitySubstReverse ((x s)) (((value x) = s) → ((subst s x φ) → φ)) ( x s (¬ φ) EqualitySubstForward

s x φ SubstNegation transformImplicationImplicationConsequent

(subst s x φ) φ Transposition eliminateBiconditionalForward applySyllogism ))

thm (EqualitySubstDistinct ((x s)) (((value x) = s) → (φ ↔ (subst s x φ))) ( x s φ EqualitySubstForward x s φ EqualitySubstReverse introduceBiconditionalFromImplicationsInConsequent )) </jh>

Substituting a variable for itself
Here we prove. Our proof is slightly more involved than metamath's, because we have a distinct variable constraint on  which is missing from the metamath equivalent thereof. <jh> thm (SubstItself ( (y x) (y φ) (y z) (z x) (z φ)) ((subst (value x) x φ) ↔ φ) ( </jh> Before we get started, we leave a statement on the proof stack for later. <jh> y (value x) Quantifiability </jh> The first step is. <jh> (value y) (value x) EqualitySymmetry eliminateBiconditionalReverse

x (value y) φ EqualitySubstDistinct applySyllogism </jh> The second step is. <jh> (value y) (value x) x φ SubstBuilderReplacement </jh> The rest of the proof is just combining those two. <jh> applyBiconditionalTransitivityInConsequent </jh> That gives us. Because  is no longer found in the consequent, its value is arbitrary and we can remove it using   (actually, the weaker   from Interface:Axioms of first-order logic would suffice, but we didn't bother to export that). <jh> y addThereExists applyModusPonens

</jh> Because definitions in JHilbert are currently automatically expanded, we cannot just leave  as itself, but must expand it (so that we can give the variable   a name and declare the distinct variable constraint between   and  ). <jh> (value x) x φ z Subst φ buildBiconditionalLL y buildThereExists eliminateBiconditionalReverse applyModusPonens </jh> Now we can proceed to remove the quantifier. <jh> removeThereExists

swapBiconditional )) </jh>

A version of EqualitySubst without the distinct variable requirement
Now that we have proved that, we can use it to remove the distinct variable constraint from. <jh> thm (EqualitySubst  (((value x) = s) → (φ ↔ (subst s x φ))) ( </jh> The first step is <jh> (value x) s x φ SubstBuilderReplacement </jh> Now we turn  into. <jh> x φ SubstItself transformImplicationBiconditionalLeft )) </jh>

Change variable with explicit substitution
We can now prove the version of the change variable theorem with explicit substitutions. <jh> thm (ChangeVariableExplicitThereExists ((y φ) (x y)) ((∃ x φ) ↔ (∃ y (subst (value y) x φ))) ( x (value y) φ SubstNotFree y φ DistinctNotFree x (value y) φ EqualitySubst ChangeVariableThereExistsNotFree ))

thm (ChangeVariableExplicitForAll ((y φ) (x y)) ((∀ x φ) ↔ (∀ y (subst (value y) x φ))) ( x (value y) φ SubstNotFree y φ DistinctNotFree x (value y) φ EqualitySubst ChangeVariableForAllNotFree )) </jh>

Changing the variable in a substitution
The variable in a substitution is bound like a quantified variable, and can be substituted in a similar way. <jh> thm (ChangeVariableSubstitution ((y φx) (x φy) (x y) (s x) (s y))  ((H (((value x) = (value y)) → (φx ↔ φy))))  ((subst s x φx) ↔ (subst s y φy)) ( </jh> We rewrite  as. <jh> s y x φx SubstitutionComposition swapBiconditional </jh> Our hypothesis implies that, so we use this to change   into. <jh> H       makeSubstExplicit

s y buildSubst

applyBiconditionalTransitivity )) </jh>

Export
That gives us Interface:First-order logic with quantifiability, which we now export. <jh> export (WITH_QUANTIFIABILITY Interface:First-order_logic_with_quantifiability (CLASSICAL) ) </jh>

Exporting to the axioms of first-order logic in terms of substitution based on equality
We also export Interface:Axioms of first-order logic in terms of substitution built on equality, to show that those axioms are no stronger than the ones we worked from here.

For, we need a slight rearrangement of theorems we have, but other than that we've already proved everything.

<jh> thm (GeneralizationNotFree ((H (x is-not-free-in φ))) (φ → (∀ x φ)) ( H       ForAllAddRemoveNotFree eliminateBiconditionalForward ))

export (SUBSTITUTION Interface:Axioms_of_first-order_logic_in_terms_of_substitution_built_on_equality (CLASSICAL) ) </jh>

Cited works
Hirst, Holly P. and Hirst, Jeffry L. (2008-2009 Edition), A Primer for Logic and Proof, self-published on the web by Jeff Hirst