Formal Semantics of

Programming Languages
Florian Zuleger
SS 2023
 Group Axioms – informal
(G, ¢, e) is a group, if
• ¢ is a binary relation on G,
• e is a special element of G called the neutral
element,
• x ¢ e = x and e ¢ x = x for all x 2 G,
• for all x 2 G there is a y 2 G such that x ¢ y = e and
y ¢ x = e called the inverse element, and
• ¢ is associative, i.e., x ¢ (y ¢ z) = (x ¢ y) ¢ z
for all x,y,z 2 G.

2
Group Axioms – in First Order Logic
Signature ( ¢, e),
• where the function ¢ has arity 2,
• and the function e has arity 0 (i.e., e is a constant).

Axioms:
G1: 8 x. x ¢ e = x Æ e ¢ x = x
G2: 8 x. 9 y. x ¢ y = e Æ y ¢ x = e
G3: 8 x. 8 y. 8 z. x ¢ (y ¢ z) = (x ¢ y) ¢ z

All models M that satisfy G1, G2 and G3

(i.e., M ² G1 Æ G2 Æ G3) are called groups.
3
 Examples
(Z,+,0)
(Z/{0},¢,1)?
(Q/{0},¢,1)
(R/{0},¢,1)
(Z/nZ, +,0) (the so-called cyclic group)
(C unsigned integers,+,0)
(Symn, ±, id) (the permutations of n elements)

4
 Weaker Group Axioms
Signature ( ¢, e),
• where ¢ has arity 2,
• and e has arity 0.

Axioms:
W1: 8 x. x ¢ e = x
W2: 8 x. 9 y. x ¢ y = e
G3: 8 x. 8 y. 8 z. x ¢ (y ¢ z) = (x ¢ y) ¢ z

However, W1, W2 and G3 imply G1 and G2 (see next

slides)! (Recall the definition of “imply”: for every model
M with M ² W1 Æ W2 Æ G3 it holds that M ² G1 Æ G2).
5
 W1, W2 and G3 imply G2 - Informal
Let G be some group.
Let x be some element of G.
By W2 there is a y such that xy = e.
By W1 we have (y(xy))x = (ye)x = yx (*).
By W2 there is a z such that (yx)z = e (#).
Multiply z from the right on both sides of (*):
((y(xy))x)z = (yx)z.
From (#) and associativity (G3) we get: (yx)e = e.
From W1 we get yx = e.
Because x was chosen arbitrary this holds for all
elements of G.
6
W1, G2 and G3 imply G1 - Informal
Let G be some group.
Let x be some element of G.
By G2 there is a y such that xy = e and yx=e.
Thus we have ex = (xy)x = x(yx) = xe using
associativity (G3).
By W1 we have ex = xe = x.
Because x was chosen arbitrary this holds for all
elements of G.

7
 Questions
• Is this proof correct?
• How can we verify the correctness of the proof?
• Can the proof be automated?
• Can proofs always be automated
(i.e., are valid sentences decidable)?

! We define a proof calculus for FOL and prove its

soundness and completeness. The proof calculus
gives rise to a semi-decision procedure for FOL.
! We establish undecidability of FOL.

8
 Refutation Calculus
²:F ²:F ² 8 x. F[x] ² 8 x. F[x]
N1 N2 F1 F2
²F ²F ² F[t/x] term t is ² F(c) c is a
ground, i.e.,
²FÆG ²FÆG ² 9 x. F[x] does not fresh
² 9 x. F[x] constant
A1 A2 E2 E1
contain
²F ² F | ² G ² F[t/x] ² F(c)
variables
²G
²FÇG ²FÇG ² F(t) ²s=t
O1 O2 Id S1
²F ² F |² G ²t=t ² F(s)
²G terms t1,t2,…,tn are ground, ² F(t) ²s=t
i.e., do not contain variables S2
² P(t1,t2,…,tn) ² F(s)
² P(t1,t2,…,tn) Goal: Proof for a valid sentence F
C1 Idea: Assume ² F and find a contradiction
? in every branch of the proof 9
 Examples
• FÇ:F
• (F Ç : F) Æ (G Ç : G)
• 8 x. F(x) Ç 9 x. : F(x)
• F(a) Ç 8 x. : F(x)?
• W1, G2 and G3 imply G1, i.e.,
W1 Æ G2 Æ G3 ! G1

10
 Example Proof
(1) ²FÇ:F
(2) ² F (from (1) by O2)
(3) ² : F (from (1) by O2)
(4) ² F (from (3) by N2)
(5) ? (from (2) and (4) by C)

11
 Example Proof
(1) ² (F Ç : F) Æ (G Ç : G)
(2) ² F Ç : F (from (1) by A2) (7) ² G Ç : G (from (1) by A2)
(3) ² F (from (1) by O2) (8) ² G (from (7) by O2)
(4) ² : F (from (1) by O2) (9) ² : G (from (7) by O2)
(5) ² F (from (3) by N2) (10) ² G (from (9) by N2)
(6) ? (from (2) and (4) by C) (11) ? (from (8) and (10) by C)

12
 Example Proof
(1) ² 8 x. F(x) Ç 9 x. : F(x)
(2) ² 8 x. F(x) (from (1) by O2)
(3) ² 9 x. : F(x) (from (1) by O2)
(4) ² F(c) (from (2) by A2)
(5) ² : F(c) (from (3) by E2)
(6) ² F(c) (from (5) by N2)
(7) ? (from (4) and (6) by C)

13
 Example Proof – Wrong!
(1) ² F(a) Ç 8 x. : F(x)
(2) ² F(a) (from (1) by O2)
(3) ² 8 x. : F(x) (from (1) by O2)
(4) ² : F(a) (from (3) by F2)
(5) ² F(a) (from (4) by N2) a is not a fresh
constant!
(6) ? (from (2) and (5) by C)

Note that F(a) Ç 8 x. : F(x) is not valid!

14
 Example Proof – Correct!
(1) ² F(a) Ç 8 x. : F(x)
(2) ² F(a) (from (1) by O2)
(3) ² 8 x. : F(x) (from (1) by O2)
(4) ² : F(b) (from (3) by F2)
(5) ² F(b) (from (4) by N2) b is a fresh
constant!
No contradiction can be inferred!
No further rule is applicable!
(M = (D,I) with D = {A,B}, aI = A, bI = B, FI = {B} is a
model that falsifies F(a) Ç 8 x. : F(x) )
15
W1, G2 and G3 imply G1 - Informal
Let G be some group.
Let x be some element of G.
By G2 there is a y such that xy = e and yx=e.
Thus we have ex = (xy)x = x(yx) = xe using
associativity (G3).
By W1 we have ex = xe = x.
Because x was chosen arbitrary this holds for all
elements of G.

16
Group Axioms – in First Order Logic
Signature ( ¢, e),
• where the function ¢ has arity 2,
• and the function e has arity 0 (i.e., a constant).

Axioms:
G1: 8 x. x ¢ e = x Æ e ¢ x = x
G2: 8 x. 9 y. x ¢ y = e Æ y ¢ x = e
G3: 8 x. 8 y. 8 z. x ¢ (y ¢ z) = (x ¢ y) ¢ z

All models M that satisfy G1, G2 and G3

(i.e., M ² G1 Æ G2 Æ G3) are called groups.
17
 W1, G2 and G3 imply G1
(1) ² (W1 Æ G2 Æ G3) ! G1
(2) ² : (W1 Æ G2 Æ G3) Ç G1 (Rewrite of !)
(3) ² : (W1 Æ G2 Æ G3) (from (2) by O2)
(4) ² G1 (from (2) by O2)
(5) ² W1 Æ G2 Æ G3 (from (3) by N2)
(6) ² W1 (from (5) by A1)
(7) ² G2 Æ G3 (from (5) by A1)
(8) ² G2 (from (7) by A1)
(9) ² G3 (from (7) by A1)
(10) ² c ¢ e = c Æ e ¢ c = c (from (4) by F2)
(11) ² 9 y. c ¢ y = e Æ y ¢ c = e (from (8) by F1)
(12) ² c ¢ d = e Æ d ¢ c = e (from (11) by E1)
(13) ² c ¢ d = e (from (12) by A1)
(14) ² d ¢ c = e (from (12) by A1)
18
 W1, G2 and G3 imply G1
(15) ² c ¢ e = c (from (6) by F1)
(16) ² c ¢ (d ¢ c) = c (from (14) and (15) by S1)
(17) ² 8 y. 8 z. c ¢ (y ¢ z) = (c ¢ y) ¢ z (from (9) by F1)
(18) ² 8 z. c ¢ (d ¢ z) = (c ¢ d) ¢ z (from (17) by F1)
(19) ² c ¢ (d ¢ c) = (c ¢ d) ¢ c (from (18) by F1)
(20) ² (c ¢ d) ¢ c = c (from (16) and (19) by S1)
(21) ² e ¢ c = c (from (13) and (20) by S1)
(22) ² c ¢ e = c (from (10) by A2) (24) ² e ¢ c = c (from (10) by A2)
(23) ? (from (15) and (22) by C) (25) ? (from (21) and (24) by C)

19
 Refutation Calculus - Simplified
²:F ²:F ² 8 x. F(x) ² 8 x. F(x) c is a fresh
N1 N2 F1 F2
²F ²F ² F(c) ² F(c) constant
²FÆG ²FÆG
A1 A2
²F ² F |² G
²G

constants c1,c2,…,cn
² P(c1,c2,…,cn)
² P(c1,c2,…,cn) Goal: Proof for a valid sentence F
C1 Idea: Assume ² F and find a contradiction
? in every branch of the proof 20
 Simplification
• Ç and 9 can be expressed by :, Æ and 8
• We eliminate function symbols: for every
occurrence of f in a predicate L(f(t1,…t,n)) in a
formula F we replace this predicate by
9x. Pf(t1,…t,n,x) Æ L(x)
• For the resulting formula G we add
functionality axioms Æf If ! G, where If
denotes the formula 8x1, …, xn9y. Pf(x1,…,xn,y)
Æ 8z. Pf(x1,…,xn,z) ! y=z

21
 FOL without Equality
We want to consider FOL without equality.
Thankfully we can describe equality by the following axioms
(up to equivalence classes):
Reflexivity (R): 8x. x = x
Symmetry (S): 8x,y. x = y ! y = x
Transitivity (T): 8x,y,z. x = y Æ y = z ! x = z

For every predicate P we define a consistency axiom EP by

8x1,…,xn,y1,…,yn. (x1=y1Æ…Æxn=yn)!(P(x1,…,xn) ↔P(y1,…,yn)).

For an FOL formulae F with equality we construct the formula

ÆP EP Æ R Æ S Æ T! F in FOL without equality.

22
 Refutation Calculus: Terminology
• Note that the proof has the shape of a tree.
• We call a line in the proof tree a branch.
• We call a branch that contains a contradiction
closed and a branch without a contradiction
open.

23
 Proof Construction Algorithm
The first line in the proof tree is ² F.
For every line in the proof exactly one rule can be applied!
For every line in an open branch of the proof we apply this rule exactly
once (exception: the rule for ² 8 x. F(x) can be applied infinitely often).
We append the results of the rule application at the end of every open
branch to which the line belongs.
Let c1, c2, … be an enumerable sequence of constant symbols that
includes all constant symbols from F.
The application of rules is fair: for every line the corresponding rule is
eventually applied; the rule for ² 8 x. F(x) is applied with the smallest
constant not in the proof; the rule for ² 8 x. F(x) is applied with the
smallest constant for which we did not yet apply the rule.
Either no rule can be applied at some point of time or the algorithm
continues forever.
24
 Soundness
Thm
If all branches are closed, F is a valid.
Proof (by contradiction)
Let M be a model for which F does not hold, i.e., M ² F.
We consider the tree generated by the refutation calculus.
By the Lemma below we have M ² F’ resp. M ² F’ for every line in the tree.
We have that every branch is closed, i.e., contains a contradiction.
Thus for every branch we know that M cannot be a model of this branch.
Contradiction.

Lemma
Using the semantics of FOL, we show for every rule of the refutation calculus:
if the premise of the rule holds for some model M, then the conclusion also
holds for M. (We may need to extend M by a suitable interpretation of a
constant, in case a fresh constant is introduced by an application of F1 or F2).

25
 Completeness
Thm
If at least one branch is open, F is not valid.
Proof
We choose one (possibly infinite) open branch B of the proof tree.
We define a model M as follows: We consider the constants c1, c2, …
appearing on B and set M = {C1, C2, … }, where we define the interpretation
of ci to be Ci. We set M ² P(Ci1,Ci2,…,Cin) iff P(ci1,ci2,…,cin) appears on B.
We show by structural induction for every formula G that if G appears on B
with ² G resp. ² G, we have M ² G resp. M ² G.
Induction start: By definition of M this holds for all atoms.
Induction step: For G exactly one rule is applicable, and this rule is applied
by the algorithm. The conclusions also appear on B and are structurally
smaller so the induction hypothesis can be applied. The semantics of FOL
then allow us to infer that M ² G resp. M ² G (the crucial case is F1).
Because ² F appears on B this establishes M ² F . 26
 Further Results
Semi-Decidability of FOL
The described algorithm provides a semi-
decision procedure for FOL (i.e., the algorithm
will find a proof for all valid FOL sentences after
finitely many steps; the algorithm might not
terminate on FOL sentences that are not valid).

27
 Further Results
Compactness Theorem
A countable set of first-order formulae S is
simultaneously satisfiable iff the conjunction of
every finite subset of S is satisfiable.
Proof
Let F1, F2, … be an enumeration of S. We apply the
above procedure and try to simultaneously prove
the validity of every :Fi, i.e., we construct one joint
proof tree and advance every proof of :Fi in a fair
way. Since each finite subset of S is satisfiable at
least one branch will stay open. The resulting model
will simultaneously satisfy all Fi.
28
 Corollary
Löwenheim-Skolem Theorem
Every simultaneously satisfiable countable set of
FOL sentences has a countable model.

29
 Undecidability of FOL
Thm
The language of valid FOL sentences is undecidable.
Proof Idea
By reduction from the Tiling Problem:
Given a finite set tiles T, there is an FOL sentence ÁT
such that:
ÁT is valid iff there is a tiling of the plane using the
tiles from the set T.

30
 The Tiling Problem
(en.wikipedia.org/wiki/Wang_tile)
Given a finite set of tiles For example,

is there a tiling of the …

plane such that all colors
match (tiles may not be …
rotated)? …
The Tiling Problem is known to be undecidable! 31
Reduction of the Tiling Problem to FOL
Exercise:
• Formal definition of the Tiling Problem
• Construction of a corresponding FOL formula
• Proof of Reduction: There is a tiling of the
plane iff the corresponding FOL formula is
valid.

32