Intuitively, you should affirm. But what would happen if you denied?

Since L is deterministic, L & P either logically entails that you affirm, or it logically entails that you don't affirm. Let's consider both possibilities.

If L & P entails that you don't affirm, then it is logically guaranteed that you speak falsely if you affirm, while you might speak truly if you deny (since you are not 100% sure of L & P).

If, on the other hand, L & P entails that you do affirm, then it is logically guaranteed that you speak truly if you deny, while you might speak falsely if you affirm.

So even though you have strong evidence that L & P is true, and your only goal is to speak the truth, it looks like you should deny L & P.

2. You are giving testimony. You intend to answer all questions truthfully, to the best of your knowledge. One of the questions is whether you intend to answer all questions truthfully, to the best of your knowledge. Should you say yes, given your goal of answering all questions truthfully?

Intuitively, you should. Since you intend to answer all questions truthfully, the correct answer to the current question is yes. And you know that it is.

But what would happen if you said no?

One might think that you would then knowingly give a false answer. But if that's right, then it would no longer be true (if you answered no) that you intend to answer all questions truthfully. And that would make your answer correct! So, on the assumption that by answering no you would knowingly giving a false answer, you would also give a true answer. Contradiction. So you wouldn't knowingly give a false answer by answering no.

Would you knowingly give a true answer? That also seems wrong. You do intend to answer all the other questions truthfully. And if you knowingly give a true answer to the current question, then you intend to answer all questions truthfully. And then the correct answer to the current question is yes, not no. So you can't knowingly give a true answer by saying no.

Could you *unknowingly* give a true answer by saying no? That is, could you give a
true answer (because you really don't intend to answer all questions truthfully)
even though you believe the answer is false (because you believe you do intend
to answer all questions truthfully)? No. If you believe you are giving a false
answer, you can hardly intend to answer all questions truthfully.

The only remaining option is that you would unknowingly give a false answer by saying no. That is, you would give a false answer (because you really do intend to answer all questions truthfully) even though you believe the answer is true (because you believe you don't intend to answer all questions truthfully). That looks consistent. But wait. Now that you realize that you would give a false answer by saying no, you can hardly believe that you would thereby give a true answer.

]]>Show: ∀y∃z∀x(Fxz ↔ x=y) → ¬∃w∀x(Fxw ↔ ∀u(Fxu → ∃y(Fyu ∧ ¬∃z(Fzu ∧ Fzy))))

This is problem 54 in "Pelletier 1986. It is a pure first-order adaptation of a little theorem proved in "Montague 1955. Montague gives a fairly simple proof. His proof uses the Cut rule, which the tableau method doesn't have. I've tried to construct a tableau proof by hand, but failed.

This might be a nice example of a relatively straightforward fact that can be proved easily with Cut, but not without.

]]>This is something I've wanted to do for a long time. Every five years or so I look into it, but give up because it's too hard. Here I'll explain the challenges, and the approach I chose.

Logic textbooks usually introduce two rules for handling identity: "Leibniz' Law" (in both directions) and a rule that allows closing branches on which there is a node of the form ¬t=t. These rules go back to "Jeffrey 1967.

In automated tableaux, Jeffrey's rules have two drawbacks. One is that they can often be applied in many ways, and trying all possible applications is inefficient. This is especially problematic in the presence of function terms. For example, if a branch contains f(a)=a and Pa, Leibniz' Law allows adding Pf(a), Pf(f(a)), and so on, forever.

To help with this problem, one can impose some restrictions on applications of Leibniz' Law, without affecting completeness. First, one can restrict the rule to literals. (This restriction is even imposed in some intro textbooks, such as "Priest 2008.) Second, one can require that any application of the rule must replace a "larger" term by a "smaller" term, so that 'a' can't be replaced by 'f(a)'. Third, one may require that if Leibniz' Law is applied to an identity statement, then it can only replace the larger side of the identity. Even with these restrictions, however, the search space for automated rule applications is often huge.

The second problem with Jeffrey's rules is that they are not complete for free-variable tableaux.

When automating tableaux, it is common to instantiate universal formulas not with closed terms but with free variables, and only replace the variables with closed terms if that allows closing a branch. (See the "Wikipedia page for the tableaux method.) Now consider a branch with the following nodes:

- Pg(a)
- ¬Pg(f(x))
- f(g(b)) = y

We can't apply Leibniz' Law, nor can we close the branch by unification (i.e., by replacing free variables with closed terms). But if we replace 'x' with 'g(b)', we can apply Leibniz' Law to nodes 2 and 3 to get ¬Pg(y). If we further replace 'y' with 'a', we can close the branch.

So we need a new rule that combines Leibniz' Law with a substitution of free variables: If a branch contains s=t as well as a node A[r], and there is a substitution that renders the terms t and r identical, then one may append A[s] to the branch and apply the substitution (to the whole tableau). We also need a new closure rule: If a branch contains ¬(s=t) and there is a substitution that renders the terms s and t identical, then one may apply the substitution and close the branch. These rules were introduced in "Fitting 1990.

(Notice that the resulting tableaux, after the substitutions have been applied, look like tableaux that are expanded with Jeffrey's rules.)

We still have to deal with the first problem. In fact, that problem gets worse in free-variable tableaux. For one thing, when we have free variables, we almost always have function terms, due to the skolemisation required when expanding existential nodes. Moreover, it is hard to implement the above-mentioned limitations on the "size" of terms, because we often don't know which of two terms (say, f(x) and y) eventually ends up being smaller once the free variables are replaced by terms.

Another completeness-preserving restriction proves convenient. Instead of cluttering a tree with pointless applications of identity rules, one can delay their application until some sequence of them allows closing a branch. This means that when we expand a branch on a tableau, we can occasionally check if the branch could be closed with the identity rules. If the answer is negative, we continue with the ordinary expansion rules on the unchanged branch.

Let's have a closer look at what we need to do to check if a branch can be closed with Fitting's rules.

We can usually ignore most of the branch. We only need to look at all the identity statements on the branch as well as candidates for a complementary pair. Fa and ¬Fb, for example, are a candidate for a complementary pair: if we can derive a=b, the branch can be closed. In effect, then, our task is to check if the identity statements on a branch allow deriving another identity statement (here, a=b), or a set of such statements. (If the branch contains Rab and ¬Rcd, we need to derive both a=b and c=d.)

This kind of problem is called a "rigid E-unification problem" (see "Beckert 1998). It is a hard problem. In general, deciding whether a rigid E-unification problem has a solution is NP-complete.

To illustrate, return to the example from above. Nodes 1 and 2 are a candidate complementary pair. We could turn them into an actual complementary pair (by Leibniz' Law) if we could show that g(a) = g(f(x)). So that's our goal. We want to derive this equality from the equalities on the branch -- i.e., from node 3: f(g(b)) = y -- with the help of Leibniz' Law, in Fitting's version. Equivalently: We are looking for a substitution (of terms for free variables) under which we can derive g(a) = g(f(x)) from f(g(b)) = y by Leibniz' original Law. There's no simple and efficient algorithm for this kind of task.

There is another complication. A substitution that allows closing the current branch might prevent closure of another open branch. For example, suppose we've expanded a branch to the following nodes. (I forgot where I found this example.)

- z=a v z=b
- ¬g(x)=g(y) v x=y
- g(a)=b
- ¬g(g(a)=a

Expanding node 1 introduces two branches, one with ¬z=a, the other with z=b. We can close the first branch if we replace z by g(g(a)). On the remaining branch, we can expand 2, which yields two more branches, one with ¬g(x)=g(y) and one with x=y. We can close the first of these if we replace both x and y with a. But that turns x=y into a=a, preventing closure of the remaining branch (except by starting over with expansion of 1 and 2 and choosing different substitutions on the next round).

To get around this, it looks like we need to search for a substitution that allows closing all open branches at the same time. This requires solving a "simultaneous rigid E-unification problem". And that task isn't just NP-complete, but altogether undecidable (as shown in "Degtyarev and Voronkov 1995).

So we need a different approach. What we can do is *tentatively* close a branch if
we found a solution to one of its E-unification problems, but be prepared to
backtrack and re-open the branch if we can't close the whole tree without
exceeding a certain level of complexity (say, a certain total number of nodes).

That's the approach I use in my prover.

To tackle the E-unification problems on individual branches, I use a version of the "BSE" calculus presented in "Degtyarev and Voronkov 1998.

Remember that in order to reduce the search space, we would like to restrict applications of Leibniz' Law so that they always replace larger terms by smaller terms (among other things). But we often don't know whether a term will eventually be larger or smaller than another, because that depends on the substitution of free variables. In the BSE calculus, each application of Leibniz' Law therefore imposes a constraint on any substitution that may eventually be used to solve the problem.

Formally, the calculus operates on pairs of a rigid E-unification problem and a constraint. (The problems in Degtyarev and Voronkov all have a single equality as goal, but this is easy to generalise.)

There are three rules. One is called 'rrbs' and looks as follows:

[... l=r ... ⊢ s[p]=t], [C] ------------------------------------------- [... l=r ... ⊢ s[r]=t], [C, l=p, l>r, s[p]>t]

Above the line, we have a rigid E-unification problem with goal s[p]=t. ('s[p]' denotes a term s that contains p.) The equations that can be used to solve the goal are to the left of the turnstile and include some equation l=r. Above the line, we also have some constraint C. After application of the rrbs rule, the goal of the unification problem has changed to s[r]=t and the constraint has been extended by the following three conditions.

First, any allowable substitution must render the terms l and p syntactically identical, so that the inference from s[p]=t to s[r]=t based on l=r is a genuine application of Leibniz's Law.

Second, any allowable substitution must render the term l (and therefore p) larger than r, because we want to respect the constraint that larger terms are always replaced by smaller ones.

Similarly for the third condition, which reflects the constraint that we only want to replace the larger side of an equality.

The rule can only be applied if the resulting constraint is satisfiable.

There's a similar rule ('lrbs') for applying Leibniz' Law to the equalities on the left-hand side of the turnstile.

The third rule ('er') says that a problem is solved if the current constraint is compatible with the syntactic identity of the goal terms.

The BSE rules can be added to the ordinary tableau rules. Degtyarev and Voronkov show that the resulting rules are sound and complete. (The completeness proof is surprisingly difficult and doesn't look like ordinary completeness proofs for tableaux.)

The BSE calculus doesn't settle the order in which the rules should be applied, and to which equations. An algorithm based on the BSE calculus is helpfully outlined in "Franssen 2008. I have loosely followed Franssen's approach. One difference is that I've replaced his depth-first search with a less efficient breadth-first search. This is partly because the breadth-first search often finds simpler solutions. More importantly, it makes it easier to give the browser a rest during difficult computations. I also haven't implemented any check for satisfiability of ordering conditions in what Franssen calls "solved forms" (mainly out of laziness). This means that I allow replacing smaller terms by larger terms under certain (rare) conditions. In the context of my general proof search strategy this shouldn't affect completeness.

I have added one improvement that I haven't seen in the literature: The BSE rules (effectively, Fitting's rules) are restricted so that they never replace terms inside skolem terms. This sometimes allows for a dramatic reduction of the search space, and it is intuitively clear that it doesn't affect completeness. (I say "intuitively" because I don't have a completeness proof for my approach, since I don't want to face the task of adapting the proof in Degtyarev and Voronkov.)

A nice feature of this general approach to handling identity is that once a branch is closed, it can easily be converted into a branch that looks like it has been solved with Jeffrey's rules. This is important for me because I want the output of my prover to look like a familiar textbook tableau.

I've tried the new prover on a few dozen examples and it generally does what it should, unless you challenge it with something really mean, like "this problem from "Beckert 1997.

I'm sure there are still bugs. Let me know if you find one!

]]>The basic puzzle is simple and probably familiar. On the one hand, *being 2m high*
or *having a mass of 2kg* appear to be paradigm examples of simple, intrinsic
properties. On the other hand, these properties seem to stand in mysterious
relationships to other properties of the same kind. First, there's an exclusion
relationship: nothing can have a mass of both 2kg and 3kg. Second, there are
non-arbitrary orderings and numerical comparisons: one thing may be four times
as massive as another; the mass difference between x and y may be twice that
between z and w. If *2kg* and *8kg* are primitive properties, why couldn't an object
have both, and where does their quasi-numerical order and structure come from?

It's tempting to think that the answer is connected to procedures or conventions of measurement. To simplify, let's imagine that we've chosen a particular chunk of iron as our "standard kilogram", and that we determine the mass of other objects with the help of a pan balance, so that something has a mass of 2kg iff it balances against two objects each of which balances against the standard kilogram, etc. If that's how '1kg', '2kg', etc. are defined, then it is conceptually impossible that something has multiple masses. It is also clear what we mean when we say that x is four times as massive as y: it means that four copies of y balance against x.

OK. But we should distinguish our concept of mass from mass itself. Intuitively, there's a difference between having a mass of 2kg and being disposed to balance against two copies of the standard kilogram in a pan balance. The former explains the latter. More generally, if two objects are disposed to balance on a scale, then that's because they have the same mass. So mass shouldn't be identified with a certain (brute?) measurement disposition.

Or so it seems to me. Neo-Aristotelian dispositionalists might hold that having a mass of 2kg really is nothing but a bundle of brute dispositions, including measurement dispositions. This might help with our initial puzzle, at the cost of raising other issues. Let's set it aside. (Interestingly, the dispositionalist option is never mentioned in Jo's book. It doesn't seem to be popular among quantities people.)

Here's another, more promising option. On this view, the measurement
dispositions are explained not in terms of intrinsic mass properties, but in
terms of non-dispositional relations such as *being more massive than*, which are
taken to be revealed by our measurement process. These relations are
metaphysically fundamental; monadic properties like *having a mass of 2kg* are
somehow derived.

We know from mathematical measurement theory that if certain relations satisfy
certain structural conditions ("axioms"), then they can be represented by a
non-trivial assignment of numerical values to the relata. Maybe that's how
*having a mass of 2kg* is grounded in fundamental mass relations.

This would also solve the puzzle with which I began. But it has some downsides.

One is that a sufficiently determinate numerical representation requires
infinitely many relata that cover the entire range of the relevant quantities.
To get around this, "Field 1980 uses spacetime points as his relata. This is
obviously a hack. According to Jo, others construe the relata as Platonic
universals or as points in more general quality spaces. *Being more massive than*
is then a kind of second-order relation, linking first-order properties.

On the resulting view, we can't really reduce individual mass properties to mass
relations, because the properties are needed as the relata. Rather, we have
fundamental monadic properties as well as fundamental (higher-order) relations.
But then it is unclear to me whether we can still solve the exclusion puzzle: if
*2kg* and *4kg* are fundamental properties, why can't something have both? "Because
they are related by an asymmetric fundamental relation" isn't much of an answer.
Why couldn't they not be related in this way? And what makes the relation
asymmetric to begin with?

Jo herself defends a version of this view. On her account, we also have
fundamental relations and fundamental properties that serve as relata. However,
the properties aren't traditional quiddities that account for intrinsic
similarities and differences. Instead, they are mere "hooks" for the relations.
Informally, if you wanted to give a complete description of fundamental reality,
you wouldn't have to say *which* of the mass properties are instantiated by which
objects; you could existentially quantify over them: 'there are properties
p1,p2... such that this thing has p1 and p1 stands in R to p2, etc.' As a
consequence, we don't have to allow for distinct possibilities in which the mass
properties have traded places, so that, for example, the property we know as *2kg*
stands in the *more massive than* relation to the property we know as *4kg*.

I find it hard to wrap my head around this view: what it takes for an object to have a mass of 2kg is that the object has some fundamental property p that stands in certain fundamental relations to other fundamental properties p1,p2,..., and there is no further fact about which property this p is. Hmm.

Another possible solution to the problem of missing relata might be to let the
relations hold between merely possible objects. Jo doesn't mention this option,
so perhaps it has serious problems that I don't see. I don't think cross-world
quantity comparisons are generally problematic. We can easily make sense of
statements like: 'there could have been a sphere of gold more massive than any
actual sphere of gold.' It would be odd to assume fundamental facts involving
merely possible spheres of gold. But that's not the idea. Rather, the idea would
be that the character of the relevant relations (*more massive than*, etc.) is not
fully revealed by their this-worldly extensions. And that seems independently
plausible.

Anyway, the problem of missing relata is not the only problem for reducing quantity properties to relations. Another problem is the choice of relations. Length, for example, can be characterised in terms of ordering and concatenation, but also in terms of betweenness and congruence, and in countless other ways. It's implausible that all of these relations are fundamental. And if they are, some of our initial puzzles return. For example, why does the instantiation of ordering fix the instantiation of betweenness? (Jo mentions this problem, but she doesn't explain how her own account gets around it. Or maybe she does, and I missed it.)

I also worry that the familiar laws of physics involve particular masses, not
relations like *more massive than*. Since these laws relate, say, masses to
velocities, it is not obvious to me that they could be rewritten in terms of
mass relations and independently specified velocity relations. Wouldn't we also
need relations linking different types of quantities?

Finally, and most simply, it just seems counter-intuitive that properties like
mass and length are grounded in relations like *more massive than* and *longer
than*. Intuitively, these are "internal" relations: they hold in virtue of the
properties of their relata.

All in all, I'm not convinced that this is the way to go. I'm more inclined to
return to the original view on which individual mass properties are fundamental,
and relations like *more massive than* derivative.

We're then still left with the two puzzles from the beginning. Why can't an object have several mass properties, and how do these properties get their numerical structure?

One hypothesis is that these are metaphysically contingent facts about our world. In this world, you need to put four objects with property p1 on one side of a pan balance in order to balance out one object with property p2. Not so in other worlds. It's not guaranteed by the intrinsic nature of p1 and p2. On this view, it is contingent a priori that objects with a mass of 4kg are twice as massive as objects with a mass of 2kg. Perhaps it is similarly contingent a priori that nothing can have both a mass of 2kg and a mass of 4kg.

The main downside of this view might be that it sees an astounding regularity where intuitively there's nothing astoundingly regular at all. In our world, the continuum many properties we know as masses or lengths just happen to be related in a simple and systematic fashion, so that we can conceptualise them as values of a single quantity.

It would be nice if we could avoid this assumption. On some days, I think it's a
prejudice to think that fundamental properties are always binary, simply
applying or not applying to objects. Why not allow for properties that
fundamentally apply to an object *to a certain degree*? More generally, why not
allow for properties (or predicables) with "values" that form a certain
structure? These values would, of course, not be numbers, but their structure
would sometimes be homomorphic to the structure of certain numbers. The
structural relations between the derived binary properties (like having a mass
of 2kg) would then be genuinely internal.

I'm not sure if this view is coherent. As I said, some days I think it is, some days I don't.

Overall, I'm still puzzled.

]]>