Mathematics for Computing
Abridged Lecture Notes
Based on “A Logical Approach to Discrete Math”

We advocate calculational proofs in which reasoning is goal directed and justified by simple axiomatic laws that can be checked syntactically rather than semantically. ---Program Construction by Roland Backhouse

Example 1: Let us calculate the length of a train, that is travelling at a speed of 60 km/hr and, on its way, it crosses a pole in 9 seconds.

Example 2: Below are two arguments showing that \(\sqrt[n]{k}\) is a rational number precisely when integer \(k\) is a so-called perfect n-th root —consequently, since 2 is not a perfect square, \(\sqrt{2}\) is not rational.

This is an example of an informal proof, which is a mixture of natural language, English, and mathematical calculations. The English text outline the main steps of the proof, and the mathematical calculations fill in some of the details.

Since they only communicate the key ideas, such proofs are preferred by writers but they place a large semantic burden on readers who are expected to have such a good understanding of the problem domain that the details of the outline proofs can be filled in, and so the writer leaves these as an implicit exercise to the reader.

However, even worse, such informal outline proofs may skip over important details and thus can be wrong!

Below is a calculational proof. It introduces notation and recalls theorems as needed, thereby making each step of the argument easy to verify and follow. As such, the following argument is more accessible to readers unfamiliar with the problem domain.

\[\def\BEGINstep{ \left\langle } \def\ENDstep{ \right\rangle } \]

Observe that the calculational form is more general. The use of a formal approach let us keep track of when our statements are equivalent (“=”) rather than being weakened (“⇒”). That is, the use of English to express the connection between steps is usually presented naturally using “if this, then that” statements —i.e., implication— rather than stronger notion of equality.

• In contrast, the conventional proof is a ‘proof by contradiction’; a method that is over-used.

• Other features of conventional proofs are the dot dot dot notations, “⋯”, to indicate “and so on, of the same idea/form” —leaving readers the burden to guess the generic shape of the ‘idea/form’ that should be repeated.

  Calculational proofs use quantifiers —and loops— instead.

• Finally, conventional proofs tend to use prefix notation and thereby implicitly forcing a syntactic distinction between equivalent expressions; e.g., \(\gcd(m, \gcd(n, p))\) and \(\gcd(\gcd(m, n), p)\).

The above proof is a generalisation of a proof in Backhouse's text for square roots, which may be viewed as a Youtube video which makes use of CalcCheck ⇭: A proof checker for the logic of “A Logical Approach to Discrete Math” (‘LADM’).

• It checks your arguments in a notation similar to that of the book.
• You can check your work before handing it in.
• You can formalise your own theorems from other books and check them —unlimited exercises!

Going forward, instead of defining expressions by how they are evaluated, we define expressions in terms of how they can be manipulated.

A calculus is a method or process of reasoning by calculation with symbols. A Boolean variable that can denote a proposition is sometimes called a propositional variable. A propositional calculus is so named beacuse it is a method of calculating with expressions that involve propositional variables.

1. Discrete Mathematics includes logic (calculational reasoning), (data) sets, functions, relations, graphs, inductive types, and more.

   Conscious and fluent use of the language of (discrete) mathematics is the foundation for precise specification and rigorous reasoning in Computer Science and Software Engineering

2. Goal: Understand the mechanics of mathematical expressions and proof.

3. Propositional: Statements that can be either true or false; not numbers.

   Predicate: Propositional statement about some subjects.

4. Calculus: Formalised reasoning through calculation.

   ‘Hand wavy’ English arguments tend to favour case analysis —considering what could happen in each possible scenario— which increases exponentially with each variable; in contrast, equality-based calculation is much simpler since it delegates intricate case analysis into codifed algebraic laws.

   E.g., Portia's Suitor's Dilemma has 4 unknowns, each being either true or false, and so has \(2^4\) many possible scenarios to consider. Whereas a calculation solving the problem can be formed in less than 10 super simple lines.

 Declaration: G, S : 𝔹

Explanation: G ≔ “The inscription on the gold casket is true”
Explanation: S ≔ “The inscription on the silver casket is true”
 

 Declaration: gc : 𝔹
Explanation: gc ≔ “The portrait is in the gold casket”
 

 Axiom “Inscription on gold casket”: G ≡ ¬ gc
Axiom “Inscription on silver casket”: S ≡ (S ≡ ¬ G)
 

 Calculation:
    S ≡ (S ≡ ¬ G)    — This is “Inscription on silver casket”
  ≡⟨ “Reflexivity of ≡” ⟩
    S ≡ S ≡ ¬ G
  ≡⟨ “Symmetry of ≡” ⟩
    ¬ G
  ≡⟨ “Inscription on gold casket” ⟩
    ¬ ¬ gc
  ≡⟨ “Double negation” ⟩
    gc
 

Knowledge is software for your brain: The more you know, the more problems you can solve!

In the previous section, we showed how a calculational argument is more structured and may be more accessible. Before getting to using such a style, we first pause to discuss the foundations that legitimatise it as a tool of reasoning.

In general, proofs are evidence of truth of a claim; by demonstrating that the claim follows from some obvious truth using rules of reasoning that obviously preserve truth. Here are some examples of clearly obviously true things.

That's a lot of hand-waving; and a few examples don't scale. In order to discuss proof, we need to discuss inference rules, which are ways to derive new claims from old claims, and so we need to discuss how claims —expressions or formulae— are written. So let's start at expressions.

It can be generated from its parts in two different ways:

1. Both \(6\) and \(x + 7\) are expressions, so \(6 - x + 7\) is an expression.

1. and also both \(6 - x\) and \(7\) are expressions, so \(6 - x + 7\) is an expression.

A convention on how a string should be parsed as a tree is known as a precedence rule.

Expressions are defined by the following grammar, but in practice one does not write \(+(1, 2)\) and instead writes \(1 + 2\). However, the phrase \(+(1, ·(2, 3))\) is unambiguous, whereas the phrase \(1 + 2 · 3\) could be read as \((1 + 2) · 3\) or as \(1 + (2 · 3)\).

The grammar defines expressions as abstract syntax (trees) whereas strings with mixfix notation gives a concrete syntax where ambiguity is resolved by parentheses, precedence, or association rules.

 Expr ::= Constant    -- E.g., 1 or “apple”
      |  Variable    -- E.g., x or apple (no quotes!)
      |  Application -- E.g., f(x₁, x₂, …, xₙ)
 

( One reads := as becomes and so the addition of an extra colon results in a ‘stutter’: One reads ::= as be-becomes. The symbol | is read or. )

The (simultaneous textual) Substitution operation \(E[\vec x ≔ \vec F]\) replaces all variables \(\vec x\) with parenthesised expressions \(\vec F\) in an expression \(E\). In particular, \(E[x ≔ F]\) is just \(E\) but with all occurrences of \(x\) replaced by \(“(F)”\). This is the “find-and-replace” utility you use on your computers.

Since expressions are either variables of functions applications, substitution can be defined by the following two clauses —we will get to recursion and induction more formally later on.

Python, for example, has simultaneous assignment; e.g., x, y = y, x is used to swap the value of two variables.

Within CalcCheck, to simplify and actually perform the substitution, one uses the hint Substitution ; e.g.,

   (x + 2 · y)[x, y ≔ 3 · y, x + 5]
=⟨ Substitution ⟩
   3 · y + 2 · (x + 5)
 

When we write phrases like “Let E be an expression”, then the name \(E\) varies and so is a variable, but it is an expression and so may consist of a function application or a variable. That is, \(E\) is a variable that may stand for variables. This layered inception is resolved by referring to \(E\) as not just any normal variable, but instead as a meta-variable: A variable capable of referring to other (simpler) variables.

Aside: A variable of type τ is a name denoting a yet unknown value of type τ; i.e., “it is a pronoun (nickname) referring to a person in the collection of people τ”. E.g., to say \(x\) is an integer variable means that we may treat it as if it were a number whose precise value is unknown. Then, if we let Expr τ refer to the expressions denoting values of type τ; then a meta-variable is simply a normal variable of type Expr τ.

Likewise, a theorem is a Boolean expression that is proved equal to an axiom; whereas a meta-theorem is a general statement about our logic that we prove to be true. That is, if 𝑬 is collection of rules that allows us to find truths, then a theorem is a truth found using those rules; whereas a meta-theorem is property of 𝑬 itself, such as what theorems it can have. That is, theorems are in 𝑬 and meta-theorems are about 𝑬. For example, here is a meta-theorem that the equational logic 𝑬 has (as do many other theories, such as lattices): An equational theorem is true precisely when its ‘dual’ is true. Such metatheorems can be helpful to discover new theorems.

Syntax refers to the structure of expressions, or the rules for putting symbols together to form an expression. Semantics refers to the meaning of expressions or how they are evaluated.

An expression can contain variables, and evaluating such an expression requires knowing what values to use for these variables; i.e., a state: A list of variables with associated values. E.g., evaluation of \(x - y + 2\) in the state consisting of \((x, 5)\) and \((y, 6)\) is performed by replacing \(x\) and \(y\) by their values to yield \(5 - 6 + 2\) and then evaluating that to yield \(1\).

A Boolean expression \(P\) is satisfied in a state if its value is true in that state; \(P\) is satisfiable if there is a state in which it is satisfied; and \(P\) is valid (or is a tautology) if it is satisfied in every state.

All theorems of the propositional calculus 𝑬 are valid. This can be checked by checking that each axiom with a truth table and arguing for each inference rule that if its premises are valid then so is its conclusion.

For example, let's show that the Substitution rule preserves validity. Let us write \(s(E)\) to denote the value of expression \(E\) in state \(s\). If \(E\) is valid, then it is true in any state, let's argue that \(E[x ≔ F]\) is also true in any state. So, given a state \(s\), let \(s′\) be the ‘updated’ state that assigns the same values to all the variables as does \(s\) except that the variable \(x\) is assigned the value \(s(F)\). Then, since \(E\) is valid, \(s′(E)\) is true but \(s′(E)\) is just \(s\big(E[x ≔ F]\big)\) and so the resulting substitution is also valid.

In programming, if we want the assignment \(x ≔ F\) to ensure a property \(R\) holds, then we need \(R[x ≔ F]\) to hold before the assignment. That is, if the state \(s\) of our program variables satisfies \(R[x ≔ F]\) then the updated state \(s′\) —having s′(x) = s(F)— will satisfy \(R\).

Not only are all theorems valid, but all valid expressions are theorems of our calculus (although we do not prove this fact). Theoremhood and validity are one and the same.

Evaluation of the expression \(X = Y\) in a state yields the value true if expressions \(X\) and \(Y\) have the same value and yields false if they have different values.

This characterisation of equality is in terms of expression evaluation.

For reasoning about expressions, a more useful characterisation would be a set of laws that can be used to show that two expressions are equal, without calculating their values.

For example, you know that \(x = y\) equals \(y = x\), regardless of the values of \(x\) and \(y\).

A collection of such laws can be regarded as a definition of equality, provided two expressions have the same value in all states precisely when one expression can be translated into the other according to the laws.

Later we see that theorems correspond to expressions that are true in all states.

Formally, a “proof” is obtained by applying a number of “rules” to known results to obtain new results; a “theorem” is the conclusion of a “proof”. An “axiom” is a rule that does not need to be applied to any existing results: It's just a known result.

That is, a rule \(R\) is a tuple \(P₁, …, Pₙ, C\) that is thought of as ‘taking premises (instances of known results) \(Pᵢ\)’ and acting as a ‘natural, reasonable justification’ to obtain conclusion \(C\). A proof system is a collection of rules. At first sight, this all sounds very abstract and rather useless, however it is a game: Starting from rules, what can you obtain? Some games can be very fun! Another way to see these ideas is from the view of programming:

For example, recall from elementary school that the addition ‘+’ of a number 12 and a number 7 to obtain a number 19 is written as

This familiar notation is also used for proof rules as well: A rule \(R = (P₁, …, Pₙ, C)\) is traditionally presented in the shape \[{P₁ \; P₂ \; … \; Pₙ \over C}R\]

Just as there are meta-variables and meta-theorems, there is ‘meta-syntax’:

• The use of a fraction to delimit premises from conclusion is a form of ‘implication’.
• The use of a comma, or white space, to separate premises is a form of ‘conjunction’.

If our expressions actually have an implication and conjunction operation, then inference rules \(\Rule[R]{P₁ \And ⋯ \And Pₙ}{C}\) can be presented as axioms \(P₁ \,∧\, ⋯ \,∧\, Pₙ \,⇒\, C\).

The inference rule says “if the \(Pᵢ\) are all valid, i.e., true in all states, then so is \(C\)”; the axiom, on the other hand, says “if the \(Pᵢ\) are true in a state, then \(C\) is true in that state.” Thus the rule and the axiom are not quite the same.

Moreover, the rule is not a Boolean expression. Rules are thus more general, allowing us to construct systems of reasoning that have no concrete notions of ‘truth’ —see the logic 𝑾𝑩 below.

Finally, the rule asserts that \(C\) follows from \(P₁, …, Pₙ\). The formula \(P₁ \,∧\, ⋯ \,∧\, Pₙ \,⇒\, C\), on the other hand, is a Boolean expression (but it need not be a theorem).

An example of this relationship between rules and operators may be observed by comparing the logics 𝑾𝑩 and 𝑴𝑺𝑯, below. One could read “◇” as “and”, and “⟶” as “implies”.

A “theorem” is a syntactic concept: Can we play the game of moving symbols to get this? Not “is the meaning of this true”! ‘Semantic concepts’ rely on ‘states’, assignments of values to variables so that we can ‘evaluate, simplify’ statements to deduce if they are true.

Syntax is like static analysis; semantics is like actually running the program (on some, or all possible inputs).

Here is an example logic, call it 𝑾𝑩:

• The symbols are the usual numbers, along with + and - and , (comma).
• A formula is term of the shape x, y, where \(x\) and \(y\) are terms formed from numbers, +, and -.
  • Notice that comma is a binary operator.
  • Notice that there are no variables (as terms).
• There are 7 inference rules —including one axiom.

\[\Rule[Empty]{}{0,0}\] \[ \Rule[ZeroLeft]{x,y}{0, y} \quad \Rule[ZeroRight]{x,y}{x, 0} \]\[ \Rule[RefreshLeft]{x, y}{3, y} \quad \Rule[RefreshRight]{x, y}{x, 5} \] \[ \Rule[ShiftLeft_d \quad\text{(provided $y - d = 0$ or $x + d = 3$)}]{x, y}{x + d, y - d} \] \[ \Rule[ShiftRight_d \quad\text{(provided $x - d = 0$ or $y + d = 5$)}]{x, y}{x - d, y + d} \]

Exercise 3.3.1: Using this logic, prove the theorem 0, 4.

• Notice that the theorem has nothing to do with ‘truth’! —At least not explicitly, or intuitively.

Exercise 3.3.2: A logic models reasoning, can you interpret the terms x, y in such a way that makes the inference rules true?

Here is another example logic, call it 𝑴𝑺𝑯:

• The symbols are the usual numbers, along with +, -, ◇, ⟶.
• A formula is of the form \(x ◇ y ⟶ x′ ◇ y′\) where ◇ binds tightest and \(x, y, x′, y′\) are terms formed from numbers, +, and -.

• In contrast to 𝑾𝑩, this logic has only 1 non-axiom inference rule!

  \[\Rule[Reflexivity]{}{x ◇ y ⟶ x ◇ y}\] \[\Rule[Transitivity]{x ◇ y ⟶ x′ ◇ y′ \And x′ ◇ y′ ⟶ x″ ◇ y″}{x ◇ y ⟶ x″ ◇ y″}\]

  \[\Rule[ZeroLeft]{}{x ◇ y ⟶ 0 ◇ y} \quad \Rule[ZeroRight]{}{x ◇ y ⟶ x ◇ 0}\] \[\Rule[RefreshLeft]{}{x ◇ y ⟶ 3 ◇ y} \quad \Rule[RefreshRight]{}{x ◇ y ⟶ x ◇ 5} \] \[\Rule[ShiftLeft_d]{\text{(provided $y - d = 0$ or $x + d = 3$)}}{x ◇ y ⟶ (x+d) ◇ (y-d)} \] \[\Rule[ShiftRight_d]{\text{(provided $x - d = 0$ or $y + d = 5$)}}{x ◇ y ⟶ (x - d) ◇ (y + d)}\]

Exercise 3.3.3: Finish reading this section, then come back and prove the theorem 0 ◇ 0 ⟶ 0 ◇ 4 using a calculational proof.

Exercise 3.3.4: Provide an interpretation of this logic.

Before we can showcase an example of a proof tree —let alone compare them with calculational proofs— we need a few example inference rules that can be used in the construction of the proofs.

The following rules define equality by how it can be used, manipulated.

1. Equality is:
   • reflexive: \(X = Y\);
   • symmetric: \(X = Y\) implies \(Y = X\); and
   • transitive: \(X = Z\) follows from having both \(X = Y\) and \(Y = Z\), for any \(Y\)

2. The Substitution inference rule says that a substitution \(E[\vec x ≔ \vec F]\) is a theorem whenever \(E\) is a theorem.

   Within CalcCheck, this rule is realised as the with clause: The phrase E with `x₁, x₂, …, xₙ ≔ F₁, F₂, …, Fₙ` is tantamount to invoking the theorem \(E[\vec x ≔ \vec F]\). The rule is applied implicitly, unless rigid matching is activated —e.g., to get students thinking correctly about applying theorems instead of just putting random theorems that look similar and hoping the system sees a justification from a mixture of them.

3. The Leibniz inference rule says that \(E[z ≔ X] = E[z ≔ Y]\) whenever \(X = Y\); i.e., it justifies substituting “equals for equals”.

   Leibniz allows us to use an equation to rewrite a part of an expression; and so, it justifies the use of ‘calculation hints’.

   Leibniz says: Two expressions are equal (in all states) precisely when replacing one by the other in any expression \(E\) does not change the value of \(E\) (in any state).

   A function \(f\) is a rule for computing a value from another value.

   If we define \(f\, x = E\) using an expression, then function application can be defined using textual substitution: \(f \, X = E[x ≔ X]\). That is, expressions can be considered functions of their variables —but it is still expressions that are the primitive idea, the building blocks.

   Using functions, Leibniz says if X = Y then f X = f Y, for any function f. That is, if two things are actually the same, then any (f-)value extracted from one must be the same when extracted from the other.

   Again: Unlike the Substitution rule, which allows us to instantiate any theorem, the Leibniz rule is meant for applying equational theorems deeper within expressions. Later on, we will look at ‘monotonicity rules’ which will let us apply inclusion (≤, ⇒, ⊑) theorems deep within expressions.

   The with syntax is overloaded for this rule as well.

In addition to these rules, suppose that we have \(2 · a = a + a\) (“Twice”) and \(-1 · a = - a\) (15.20) as axioms; then we can form the following proof.

\[ \Rule[Transitivity\; of\; =] {\large \Rule[\small Substitution] {\Large \Rule{✓}{-1 · a \,=\, - a} } { (- 1) · 2 · (x + y) \,=\, - (2 · (x + y)) } \And \Rule[\small Leibniz] {\Large \Rule{✓}{2 · a = a + a} } { - (2 · (x + y)) \,=\, -((x + y) + (x + y)) } }{(- 1) · 2 · (x + y) \,=\, -((x + y) + (x + y))} \]

This is known as a natural deduction proof tree; one begins ‘reading’ such a proof from the very bottom: Each line is an application of a rule of reasoning, whose assumptions are above the line; so read upward. The benefit of this approach is that rules guide proof construction; i.e., it is goal-directed.

However the downsides are numerous:

• So much horizontal space for such a simple proof!
• One has to repeat common subexpressions, such as the \(-(2 · (x + y))\).
• For comparison with other proof notations, such as Hilbert style, see “Equational Propositional Logic” or LADM-§6.

Instead, we may use a more ‘linear’ proof format:

In this equational style, instead of a tree (on the left) we use a sequential chain of equalities (on the right):

In this way, we may use the Substitution rule to create theorems that can be used with the Leibniz rule and then use the Transitivity rule to conclude that the first expression of an equational proof is equivalent to the last one.

• Transitivity allows us to conclude the first expression in a calculation is equal to the last expression in the calculation.
• Reflexivity allows us to have ‘empty’ calculations and “no (expression) change” calculation steps
• Symmetry allows us to use an equation \(LHS = RHS\) “in the other direction” to replace an instance of \(RHS\) by \(LHS\).

Equational proofs thus have this shape:

Which is far easier to read and write than: \[ \Rule[Transitivity]{ P = Q[z ≔ X] \And \Rule[Transitivity]{ \Rule[\large Transitivity]{ \LARGE \Rule[Reflexivity]{}{Q[z ≔ X] \eq Q[z ≔ X]} \And \Rule[Leibniz]{X \eq Y}{Q[z ≔ X] \eq Q[z ≔ Y]} }{\LARGE Q[z ≔ X] \eq Q[z ≔ Y]} \And {\LARGE \Rule[\large Symmetry]{R \eq Q[z ≔ Y]}{Q[z ≔ Y] \eq R} }} {\large \text{$Q[z ≔ X] \eq R$}}} {P = R} \]

The structure of equational proofs allows implicit use of infernece rules Leibniz, Transitvitity & Symmetry & Reflexivity of equality, and Substitution. In contrast, the structure of proof trees is no help in this regard, and so all uses of inference rules must be mentioned explicitly.

Leibniz is often used with Substitution, as follows —supposing we know the theorem “Half” \(2 · x / 2 = x\):

We are using Leibniz with the premise \(2 · j / 2 = j\). We can use this premise only if it is a theorem. It is, because \(2 · x / 2 = x\) is a theorem and, therefore, by Substitution, \((2 · x / 2 = x)[x ≔ j]\) is a theorem.

If a use of Substitution is simple enough, as in this case, we may leave off the indication “with \(x ≔ j\)”.

The type of propositions is known as the Booleans and denoted 𝔹.

 𝔹 ::= true | false
 

The symmetry of equivalence could be read as \((p ≡ p) ≡ (q ≡ q)\) and so ‘self-applications of ≡’ are indistinguishable. That is, the value of \(p ≡ p\) does not depend on the value of \(q\) and so we introduce the constant symbol true is an abbreviation for \(p ≡ p\).

\[\Law[(3.4)]{Axiom, Identity of ≡}{\true ≡ p ≡ p}\]

When this definition is read as \((\true ≡ p) = p\), and by symmetry of ≡ as \((p ≡ \true) = p\), we see that this new constant is an Identity of ≡.

Since ≡ is associative, a formula can be read in multiple ways.

• \(p ≡ p ≡ true\) can be read as the reflexitivty of ≡ or the definition of true —both being \((p ≡ p) ≡ true\) — or as an identity law — \(p ≡ (p ≡ true)\).
• The Golden Rule can also be read a way to define ∧ in-terms of ≡ and ∨, or to define ∨ in terms of ≡ and ∨, or to phrase ≡ in terms of ≡, ∧, and ∨; or to absorb an expression containing ≡,∨, ∧ down to a single subexpression: \(p ≡ (q ≡ p ∨ q ≡ p ∧ q)\).

Using its definition, we can quickly show that \(\true = \big(\true ≡ q ≡ q\big)\) and so by equanimity, since the right side is a theorem, then the left side is also a theorem. Hence,

\[\Law[3.4]{True is a theorem}{\true}\]

What is the benefit of this theorem?

By equanimity, this means that to prove \(P\) is a theorem, it is enough to show that \(P ≡ \true\)! This is an ‘expected’ result :-)

( We can phrase this observation as a theorem itself as \((P ≡ \true) ≡ P\), but this is essentially the definition of true, above! )

Here is an impressive benefit of this theorem. Suppose we want to prove an equation \(L = R\) is true; if our proof only alters \(L\) to make it the same as \(R\) so that we obtain \(R = R\), then we may the definition of \(\true\) to obtain, well, \(\true\), but since this is a theorem then so too is \(L = R\). That is,

Since the right side of the equation “= R” is not altered, we can abbreviate such calculations, by omitting the final step and avoiding the repetitious “= R” on each line, as follows.

That is, (3.4) gives us a new proof method —which is always a bonus result from a theorem.

Finally, (3.4) gives us the following Metatheorem.

\[\Law[(3.7)]{Metatheorem}{\text{Any two theorems are equivalent}}\]

Indeed, if \(P\) is a theorem and \(Q\) is a theorem, then by (3.4) we have \(P ≡ \true\) and \(\true = Q\) and so by transitivity of ≡, we have \(P ≡ Q\).

With true in-hand, one can now define false: \[\Law[3.10]{Definition of false}{\false ≡ ¬ true}\]

Since ‘≡’ = ‘=’ on the Booleans, we can phrase this as \(false ≠ true\), which is a useful thing to know.

Moreover, we can then show that a Boolean expression not equal to true is equal to false: (p ≢ true) ≡ (p ≡ false).

\[\Law[(3.12)]{Double negation}{¬ ¬ p ≡ p}\]

Double negation asserts that negation is its own inverse.

Double negation is used in English occasionally. For example, one might say “That was not done unintentionally” instead of “That was done intentionally”.

\[\Law[(3.9)]{Commutativity of ¬ with ≡}{ ¬ (p ≡ q) ≡ (¬ p ≡ q)}\]

The left side says that p and q are different; but there are only two Boolean values and so for p and q to be different, one must be the ‘flip’ (negation) of the other.

Moreover, this rule says “differs from” (≠) on the Booleans can be expressed directly in terms of equality (=) instead of a negation of an equality —which is the case in general.

The following laws uniquely define negation.

\[\Law[(3.8)]{Axiom, Definition of false}{\false ≡ ¬ \true}\] \[\Law[(3.9)]{Axiom, Commutativity of ¬ with ≡}{¬ (p ≡ q) ≡ ¬ p ≡ q}\]

Indeed, suppose \(f : 𝔹 → 𝔹\) also satisfies these laws, then we can show \(f(p) ≡ ¬ p\) —in particular, \(f(\true) = \false\) and \(f(\false) = \true\).

That is, of the 4 possibly unary functions on the Booleans, only negation satisfies these two properties.

The following theorems are sometimes used to define ≡ and ≢. The first theorem indicates that \(p ≡ q\) holds exactly when \(p\) and \(q\) are both true or both false. The second theorem indicates that \(p ≢ q\) holds exactly when one of them is true and the other is false.

\[\Law[(3.52)]{Definition of ≡}{p ≡ q ≡ (p ∧ q) ∨ (¬ p ∧ ¬ q)}\] \[\Law[(3.53)]{Exclusive or}{p ≢ q ≡ (¬ p ∧ q) ∨ (p ∧ ¬ q)}\]

 Theorem “xor” “≢ is one or the other, but not both”: (p ≢ q) ≡ (p ∨ q) ∧ ¬ (p ∧ q)
Proof:
    (p ∨ q) ∧ ¬ (p ∧ q)
  =⟨ “De Morgan” ⟩
    (p ∨ q) ∧ (¬ p ∨ ¬ q)
  =⟨ “Distributivity of ∧ over ∨” ⟩
     ((p ∨ q) ∧ ¬ p) ∨ ((p ∨ q) ∧ ¬ q)
  =⟨ “Absorption” ⟩
     (¬ p ∧ q) ∨ (¬ q ∧ p)
  =⟨ “Alternative definition of ≢” ⟩
     p ≢ q
 

In most propositional calculi equivalence is the last operator to be defined and is defined as “mutual implication”. Thus, (3.80) below typically is made an axiom. We down-play implication in our calculus because, as an unsymmetric operator (by 3.72 and 3.73), it is harder to manipulate. Sometimes (3.80) would be read as “(strong) antisymmetry of ⇒”.

\[\Law[(3.72)]{Right Zero of ⇒}{p ⇒ \true ≡ \true}\] \[\Law[(3.73)]{Left Identity of ⇒}{\true ⇒ p ≡ p}\]

\[\Law[((3.80))]{(Mutual Implication)}{(p ⇒ q) ∧ (q ⇒ p) ≡ p ≡ q}\]

With the implication operator available, the Leibniz inference rule can be re-cast as an axiom.

\[\Law{Abbreviation}{E^z_F \;=\; E[z ≔ F]}\] \[\Law[(3.83)]{Axiom, Leibniz}{(e = f) ⇒ E_e^z = E_f^z}\] \[\Law[(3.84a)]{Substitution}{(e = f) ∧ E_e^z \quad≡\quad (e = f) ∧ E_f^z}\] \[\Law[(4.84c)]{Substitution}{q ∧ (e = f) ⇒ E_e^z \quad≡\quad q ∧ (e = f) ⇒ E_f^z}\]

Replacing variables by Boolean constants.

\[\Law[(3.85)]{Replace by true}{q ∧ p ⇒ E^z_p \quad≡\quad q ∧ p ⇒ E^z_\true}\] \[\Law[(3.86)]{Replace by false}{E^z_p ⇒ p ∨ q \quad≡\quad E^z_\false ⇒ p ∨ q}\] \[\Law[(3.87)]{Replace by true}{p ∧ E_p^z \quad≡\quad p ∧ E_\true^z}\] \[\Law[(3.88)]{Replace by false}{p ∨ E_p^z \quad≡\quad p ∨ E_\false^z}\] \[\Law[(3.89)]{Shannon, Case analysis}{E_p^z \quad≡\quad (p ∧ E_\true^z) ∨ (¬ p ∧ E_\false^z)}\]

The axioms (3.24)-(3.28) uniquely determine disjunction.

That is, of the 16 possibly binary functions on the Booleans, only disjunction satisfies these properties.

This section follows Logics of Programs by Dexter Kozen and Jerzy Tiuryn.

Logics for programming differ from classical logics in that truth is dynamic rather than static.

In classical predicate logic, the truth value of a formula φ is determined by a valuation of its free variables over some structure. The valuation and the truth value of Φ it induces are regarded as immutable; there is no formalism relating to any other valuations or truth values.

In program logics, there are explicit syntactic constructs called programs to change the values of variables, thereby changing the truth values of formulas. For example, the program x ≔ x + 1 changes the truth value of the formula “x is even”. Such changes occur on a metalogical level in classical predicate logic, for example in the Tarski definition of truth of a formula: If \(u : Vars → ℕ\) is a valuation of variables over the natural numbers ℕ, then the formula “∃ x • x² = y” is defined to be true under the valuation \(u\) iff there exists a natural number n : ℕ such that the formula x² = y is true under the valuation \(u[x ≔ n]\) —where \(u[x ≔ n]\) agrees with \(u\) everywhere except \(x\), on which it takes the value n. This definition involves a metalogical operation which produces \(u[x ≔ n]\) from \(u\) for all possible values \(n : ℕ\). This operation becomes explicit in Dynamic Logic (DL).

The following DL formula is true and reads if x = X and y = Y then whenever the program x,y ≔ y, x terminates, then we are ensured x = Y and y = Y. \[x = X \;∧\; y = Y \;\Then{x,y := y, x}\; x = Y \;∧\; y = X\]

In contrast, the classical formula \(x = X \;∧\; y = Y \;⇒\; x = Y \;∧\; y = Y\) is not always true.

In DL, one has the constructs

• ⟨P⟩Φ : It is possible to execute program P and terminate in a state satisfying Φ. (“Total correctness”)
• [P]Φ : Whenever program P terminates, it must do so in a state satisfying Φ. (“Partial correctness”)

Since one is usually interested in pre- and post-conditions of programs, one defines

• “the total correctness Hoare triple” \(\{Ψ\} P \{Φ\} \;≡\; Ψ ⇒ ⟨P⟩φ\)

• “the partial correctness Hoare triple” \(Ψ \{P\} Φ \;≡\; Ψ ⇒ [P]φ\)

  We will mostly be using this form in this class and to avoid actually discussing DL, we will instead define a relation \(\_{}⇒\!\!\![\_{}]\_{} : \mathsf{Formula} → \mathsf{Program} → \mathsf{Formula} → 𝔹\) inductively over the shape of possible programs.

The comments we write state formal properties of the program variables at a particular point in the execution of the program.

Sometimes comments are written within braces, as in { 0 < i } i := i - 1 { 0 ≤ i } which documents that before the assignment we know \(0 < i\) and after the assignment we know \(0 ≤ i\). Such machine checkable comments are also known as assertions and many languages have assert commands —e.g., Python has them.

An assertion is a claim that a particular property about the program variables is true at that point in the program's execution.

An expression of the form { R } C { G }, where \(R, G\) are properties of the program variables and \(C\) is a program command, is called a Hoare triple.

Such expressions are commented programs, but they are also Boolean expressions: Triples { R } C { G } denote the claim that, if the program variables satisfy property \(R\) before execution of command C, then execution of C is guaranteed to terminate and, afterwards, the program variables will satisfy property \(G\). ( Specifications are theorems! )

What can be said of the following very interesting triples?

Consider the swap program x, y := y, x, it swaps the values of the program variables. To formalise such a claim, we introduce variables \(X\) and \(Y\) to denote the values of the program variables x, y. Then, we can formalise the claim as \[ x = X \;∧\; y = Y \;\Then{x,y := y, x}\; x = Y \;∧\; y = X \] We refer to variables that never appear in program text as ghost variables; their function is to relate the final values of the program variables to their initial values.

So the claim about swapping variables above is that, for all values of \(X\) and \(Y\), if \(x = X \;∧\; y = Y\), before executing the simultaneous assignment x, y := y, x, then, afterwards, \(x = Y \;∧\; y = X\).

States may be represented by predicates on variables and so imperative commands are relations on predicates: Given two propositions \(G, R\) making use of program variables, we write \(R \Then{C} G\) to mean “starting in a state \(R\), whenever execution of command \(C\) terminates, it must do so in state \(G\)”.

For example,

In practice, one begins with the goal G (also known as the ‘postcondition’) and forms a suitable command C that ensures \(G\) but may require some provisos to be given, which are conjuctively known the required R (also known as the ‘precondition’).

This is only reasonable: We have some desired goal \(G\) and we wish to form an imperative program C whose execution will ensure the goal \(G\), but the construction of C may require some necessary provisos \(R\).

A specification is an equation of a certain shape. /Programming is the activity of solving a specification for its unknown. Its unknown is called a program. One says “program C is specified by precondition \(R\) and postcondition \(G\)” whenever \(R \Then{C} G\). One also says this is a specification of C.

Programming is solving the equation \(R \Then{C} G\) in the unknown \(C\); i.e., it is the activity of finding a ‘recipe’ that satisfies a given specification. Sometimes we may write \(R \Then{?} G\) and solve for ‘?’. Programming is a goal-directed activity: From a specification, a program is found by examining the shape of its postcondition.

The notation \(x : E\) is intended to communicate that we are looking at the expression \(E\) with unknown \(x\) —i.e., \(x\) is the variable we are focusing on. For instance, is \(x² + b · x = 0\) a linear equation? Yes, if \(b\) is the variable and \(x\) is considered constant! In such a case, we are speaking of the equation \(b : x² + b · x = 0\). With this convention, the notation \(R \Then{C} \vec{x} : G\) means that only the names \(\vec{x}\) should be considered ‘program variables’ and all other variables should be treated as ‘fixed’ or ‘constant’ and so cannot appear in the program command \(C\).

However, this convention only reduces ambiguity about what variables can be meddled with; and so ghost variables are still required. For instance, consider the example specification “set \(z\) to its own absolute value”, it is formalised with the help of a ghost variable: \(z = Z \Then{?} z = |Z|\).

It is defined by the shape of the possible commands C.

For example, the sequential command C₁ ⍮ C₂ is executed by first executing C₁ then by executing C₂. As such, to obtain a goal state \(G\), we may construct a partial program \(C₂\) which in-turn requires an intermediary state \(I\); then to establish state \(I\), we may construct a program C₁ which requires a state \(R\). This is divide and conquer.

\[ \Rule[Sequencing]{R \;⇒[C₁]\;\; I \And I \;⇒[C₂]\;\; G}{R \;⇒[C₁⍮C₂]\;\; G} \]

Notice that this is similar to \(\Rule{x ≤ y \And y ≤ z}{x ≤ z}\) but unlike inclusions ‘≤’ which are either true or false, the relationships ‘\(⇒[C]\)’ are parameterised by commands \(C\) and so it's important to remember which commands witnessed the relationship. To see the similarity even closely, let us write \(m ≤ₖ\, n \;≡\; m + k = n\), so that we have “a witness to the inclusion”; then the ≤-transitivity becomes suspiciously similar to the sequencing rule … \[ \Rule[Addition]{x ≤_a y \And y ≤_b z}{x ≤_{a+b} z} \] The reason that we usually use ‘≤’ instead of ‘≤ₖ’, because if \(x ≤ₖ\, y\) then there can only be one such \(k\), namely \(k = y - x\), and so the simpler ‘≤’ simply marks whether such a (unique) \(k\) exists or not. In contrast, infinitely many programs C can be used to establish relationships \(R ⇒[C] G\) and this is what makes programming interesting!

The assignment statement x := E evaluates expression E (which we assume “never crashes”) and stores the result in variable x. The statement is read “ x becomes E ”.

When your goal \(G\) mentions a variable \(x\), then your goal state \(G\) could be established by using the command x := E for some choice of expression \(E\) provided you know that \(G[x ≔ E]\) is true to begin with.

For example, suppose we want to get the goal \(i < 10\) after executing i := 2 · i. Then, this could only happen if beforehand we had \((i < 10)[i ≔ 2 · i]\); i.e., \(2 · i < 10\); i.e., \(i < 5\). Hence, starting in a state in which \(i < 5\), the execution of i := 2 · i is guaranteed to terminate in a state with \(i < 10\).

This is summarised as follows. \[ \mathsf{Definition\, of\, Assignment:}\quad G[x:= E] \Then{x:= E} G \]

The ‘backwards’ nature of this rule —working backward from the postcondition— is most easily understood via examples of the video lectures that start with the goal and work back to the precondition. See the first 5 minutes of this this video lecture for a taste of ‘working backwards’. The examples below also aim to demonstrate this idea.

This definition is also used when we allow multiple assignments x₁, x₂, …, xₙ := E₁, E₂, …, Eₙ —which, for distinct variables \(xᵢ\), is executed by first evlauating all the expressions \(Eᵢ\) to yield values, say, \(vᵢ\); then assigning \(v₁\) to \(x₁\), …, \(vₙ\) to \(xₙ\).

• Note that all expressions are evaluated before any assignments are performed. E.g., x, y := y, x is a program that swaps the values of two variables, x and y:

  x = X ∧ y = Y   ⇒[x, y := y, x]  x = Y ∧ y = X

• Python, for example, allows multiple assignments.

First, since programming is a goal-directed activity, let us begin with the goal and use that to arrive at a required precondition. How? Just as \(y ≥ x \;≡\; x ≤ y\), we define \[G \If{C} R \quad≡\quad R \Then{C} G \] Using this ‘turned around’ (converse) notation, we may begin with the goal.

Let's use the assignment rule to find a necessary precondition: When will the assignment x := x - 1 ensure the goal state \(x² + 2 · x = 3\)?

Hence, if \(x\) is positive or negative 2, then the assignment x := x - 1 will ensure that \(x\) satisfies the predicate state \(x² + 2 · x = 3\) —incidentally, after the assignment \(x\) will have its value being positive 1 or negative 3, which are both solutions to the equation \(x² + 2 · x = 3\).

See the first 5 minutes of this this video lecture for a taste of ‘working backwards’.

When \(I \;⇒[C]\;\; I\), one says that “state \(I\) is invariant for command \(C\)” or that “\(C\) maintains \(I\)”.

It is often possible to calculate an assignment statement that satisfies a given precondition-postcondition specification. Many examples involve a property that is to be maintained invariant whilst progress is made by incrementing (or decrementing) a counter.

E.g., suppose we want to increment k while maintain the value of the sum j + k. How should we alter j? Rather than guess and check, we can calculate! Let S be the value of the sum (whatever it may) and let 𝒳 be the unknown assignment to j; then our goal is to “solve for 𝒳” in \[j + k = S \Then{j,k := 𝒳, k+1} j+k = S\] Let's begin calculating!

Hence, we have found a solution for the unknown assignment 𝒳, and so have calculated: \[ j + k = S \Then{j,k := j - 1, k+1} j+k = S \]

Within the above calculation, we have silently used the following law: \[ \Rule[Strengthening]{R′ ⇒ R \And R \Then{C} G}{R′ \Then{C} G} \]

Here is a more complicated example: Suppose we are computing the square \(s\) of a number \(n\) without using multiplication or squaring —only using addition!—, and we have just incremented \(n\), how should we alter \(s\) so as to maintain its relationship to \(n\)? Exercise: Solve for the unknown assignment 𝒳 in \[ s = n² \Then{s,n := 𝒳, n + 1} s = n² \]

The activity of programming is the activity of solving a specification for its unknown, where this unknown is called a program. Programs are formulae of a certain shape.

The simplest program is called skip, then we may ‘sequentially compose’ two programs C₁ and C₂ to obtain the program C₁⍮ C₂, and finally we have the (multiple) assignment program x := E consisting of a list of distinct variables x and a corresponding list of expressions E. There are other shapes of programs and we will get to those in due time.

 Program ::=  skip
         |   C₁ ⍮ C₂
         |   x := E
 

The skip rule tells us that the skip command is executed by doing nothing: When \(R ⇒ G\), and we are in state \(R\), then we get to state \(G\) by doing nothing.

Note: One then defines the equivalence of programs “up to specification”: \[C = C′ \qquad≡\qquad \big(R \Then{C} G \quad≡\quad R \Then{C′} G\big) \text{ for all } R, G \] Using this, one can show that skip is the unit of sequencing, and that it can be defined in terms of assignments.

1. The sum of the first n integers is \(1 + 2 + 3 + ⋯ + (n - 1) + n\).

   The “⋯” tells us to complete the pattern established by the surrounding terms —a burden on the reader.

   Sometimes such patterns are not clear, as in \(1 + 2 + ⋯ + 16\): Is this the sum of the first 16 integers or the sum of the first five powers of 2 —i.e., \(2⁰ + 2¹ + ⋯ + 2⁴\)? To make the pattern clear, the latter requires us to communicate the general shape (“\(2^i\)”) in a number instances.

2. The three-dots notation has many uses, but it can be ambiguous and a bit long-winded.

   Quantifier notation is compact, impressive to family and friends, and often suggestive of manipulations that are not obvious in three-dots form.

3. The notation \((Σ i\;❙\;1 ≤ i ≤ n • aₖ)\) is used to communicate sums \(a₁ + a₂ + ⋯ + aₙ\).

   The index variable i is said to be bound to the Σ because any i in aᵢ is unrelated to appearances of i outside the Σ-notation. Any other letter could be substituted for i here without changing the meaning of the quantification. ( The letter i is often used perhaps because it stands for “index”. )

4. It turns out that a generalised quantification-notation is even more useful than the delimited form: We simply write one or more conditions in the range position to specify the set of indices over which summation should take place.

   For example, the general form allows us to take sums over index sets that aren't restricted to consecutive integers. For example, we can express the sum of the squares of all odd positive integers below 100 as follows: \[(Σ i \;❙\;1 ≤ k < 100 ∧ k \,\mathsf{odd} • k²)\] Below is the delimited equivalent of this sum; it is more cumbersome and less clear. \[Σ k\;❙\;0 ≤ k ≤ 49 • (2 · k + 1)² \]

   Sometimes no delimited form is possible; e.g., the sum of the first n primes is \((Σ p\;❙\;0 ≤ p ≤ n ∧ p \,\mathsf{prime} • p)\) —yet there is no explicit formula for primes and so we need to pick a notation for primes before a delimited form could be phrased; e.g., \(pₖ\) to denote the k-th prime.

5. The biggest advantage of general quantification notation is that we can manipulate it more easily than the delimited form —since the range of the index variable is allowed to be arbitrary propositions, and so, for example, it is easy to manipulate the index variables since we don't have to worry about boundary conditions.

6. People are often tempted to write \((Σ i ❙ 2 ≤ i ≤ n - 1 • i · (i - 1))\) instead of \((Σ i ❙ 0 ≤ i < n • i · (i - 1) · (i - 2))\) because the terms for \(i = 0, 1\) are 0 and the former insists on inclusive bounds.

   Somehow it seems more efficient to add up \(n - 2\) terms instead of \(n\) terms. But such temptations should be resisted; efficiency of computation is not the same as efficiency of understanding!

   We will find it advantageous to keep the range —and, in turn, the bounds on the index variable— as simple as possible, because quantifications can be manipulated much more easily when the bounds are simple.

   (In Σs) Zero-valued terms cause no harm, and they often save a lot of trouble.

7. Kenneth Iverson introduced a wonderful idea in his programming language APL. The idea is simply to enclose a true-or-false statement in brackets, and to say that the result is 1 if the statement is true, 0 if the statement is false. ( E.g., the Kronecker delta is then δᵢⱼ = [i = j]. )

   Iverson brackets let one express sums with no constraints whatever on the index of summation: \(Σ_{R\, i} aᵢ \;=\; Σᵢ aᵢ · [R\, i]\). If \(R\, i\) is false, the term \(aᵢ · [R\, i]\) is zero, so we can safely include it among the terms being summed.

1. The notation \(∑_{i = 1}^n f(i)\) is used to abbreviate \(f(1) + f(2) + ⋯ + f(n)\).
2. Instead, we use the linear notation \((Σ i \;❙\; 1 ≤ i ≤ n • f\, i)\) or \((+ i \;❙\; 1 ≤ i ≤ n • f\, i)\) for several reasons.

3. The parentheses make explicit the scope of the dummy or quantified variable i: The places where i can be referenced. The scope comprises the expressions within the parentheses.

   The “\(Σ\,i\)” (or “\(+\, i\)”) acts as a declaration, introducing dummy i.

   • This dummy is not a variable in the usual sense, for it does not obtain a value from the state in which the expression is evaluated.

4. The linear notation makes it easier to write more general ranges for \(i\).

   We can write any Boolean expression to describe the values of \(i\) for which \(f\, i\) should be summed. For example, to sum the evens between 1 and 7: \[ (Σ i \;❙\; 1 ≤ i ≤ 7 ∧ \mathsf{even}\, i • i) \;=\; 2 + 4 + 6\]

5. The linear notation extends easily to allow more than one dummy, as shown in the following example. \[ (Σ i,j \;❙\; 1 ≤ i ≤ 2 ∧ 3 ≤ j ≤ 4 • i^j) \;=\; 1^3 + 1^4 + 2^3 + 2^4\] In determining which values \(i^j\) are being summed, we choose all combinations of \(i\) and \(j\) that satisfy the range \(1 ≤ i ≤ 2 ∧ 3 ≤ j ≤ 4\).
6. In the summations about, our intent is that dummy \(i\) ranges over integer values, rather than real values (say). To make the type explicit, we can write \((Σ i : ℤ \;❙\; 1 ≤ i ≤ 2 • f\, i)\).

7. What has been said about summation generalises to other operators.

   The general shape of a quantification over monoidal operation \(\_{}⊕\_{}\) is exemplified by: \[ (⊕ x : τ₁, y : τ₂ \;❙\; R • P) \]

   • Distinct variables \(x\) and \(y\) are the bound variables or dummies of the quantification. There may be one or more dummies.

   • Boolean expression \(R\) may depend on \(x\) and \(y\); it is the range of the quantification —values assumed by \(x\) and \(y\) satisfy \(R\).

     When there are no constraints —i.e., the range is as large as possible, \(R\) is true— we may omit it: \[ (⊕ x • P) \;=\; (⊕ x \;❙\; true • P)\]

   • Expression \(P\) is the body of the quantification; it may refer to dummies \(x\) and \(y\).
   • The type of the result of the quantification is the type of \(P\); i.e., if \(\_{}⊕\_{} : τ → τ → τ\) then \(P : τ\) –whenever x : τ₁, y : τ₁— and \((⊕ x : τ₁, y : τ₂ \;❙\; R • P) : τ\).

8. Expression \((⊕ x : τ \;❙\; R • P)\) denotes the application of operator ⊕ to the values \(P\) for all x in τ for which range \(R\) is true.

   Next, we will define the notation axiomatically instead of relying on a particular evaluation model, implementation.

9. By convention quantifications for +, ·, ∨, ∧ are denoted by Σ, Π, ∃, ∀.

Proviso: For (8.14), we need x not to occur in E.

The first two rules governing manipulation of the range part; they govern the case that the range part defines an empty collection, and the case that the range defined a collection with exactly one element.

The Zero Body rule applies when ⊕ has a zero element \(𝟘_⊕\); i.e., “a black-hole value that sucks-up everything”: \(x ⊕ 𝟘_⊕ = 𝟘_⊕ ⊕ x = 𝟘_⊕\).

Other extremely useful rules to get rid of a quantifier, or at least get one term out of it, are the “split off term” rules below.

Ignoring the proviso/antecedent of the Zero Body rule quickly leads to trouble:

The second step is invalid since it is not enough to show some term is zero, but rather that some term —i.e., dummy variable— satisfying the range is zero. Indeed, in the second step above we need to show \((∃ x \;❙\; false • 𝟘_⊕ = 𝟘_⊕) ≡ true\), which by Empty Range for ∃ is the same as \(false ≡ true\) —and this is impossibly difficult to show, since it's just not true.

The first rule expresses the fact that a ‘dummy’ is just a place holder, the particular name chosen for the dummy is not relevant provided it does not clash with the names of other variables in the quantified expression. Renaming is often used when performing other algebraic manipulations in order to avoid capture of free variables or release of bound variables.

Recall that \(E[x ≔ F]\) denotes the expression obtained by replacing every free occurrence of x in E by F. Then,

(Axiom 8.21) Dummy Renaming

Provided y does not occur in R nor in P, \[ (⊕ x \;❙\; R • P) \quad=\quad (⊕ y \;❙\; R[x ≔ y] • P[x ≔ y]] \]

Remember: The ‘occurs’ restrictions on these laws ensure that an expression that contains an occurrence of a dummy is not moved outside (or inside) the scope of the dummy.

This rule is also known as “alpha renaming”.

The terms of a sum might be specified by two or more indices, not just by one. Only one quantification is needed, although there is more than one index of summation, and so the quantification denotes a sum over all combinations of indices that apply.

That is, the second rule for dummies state, essentially, that the use of more than one dummy is a convenient abbreviation for a collection of quantifications.

(Axiom 8.20) Nesting

Provided y does not occur in R, \[ (⊕ x, y \;❙\; R ∧ S • P) \quad=\quad (⊕ x \;❙\; R • (⊕ y \;❙\; S • P)) \]

A sum that depends on more than one index can be summed first on any one of its indices. The rule says we can choose whichever is more convenient.

This is also known as interchanging the order of summation and it generalises the associative/distributive law for quantifications.

See the “general distribute law” below for a useful result involving nesting.

• When used left to right, this rule is known as nesting and the proviso ensures that bound variables are not released.

  • Were \(R\) to depend on y, that variable would be bound in the LHS but it would be

  free in the RHS. The right side would, thus, be an expression that depends on the value of this variable, whereas the left side does not.

  It is always possible to avoid such complications by suitably renaming bound variables before using this rule.

• When used right to left, this rule is known as unnesting —since quantifications become unnested.
  • Notice that the range of y could depend on the value of x; i.e., S may mention x.

Sometimes the range of an inner sum depends on the index variable of the outer sum … !

Then what ;-)

Frequently in applications the dependent ranges are inclusions and then we have particularly useful factorisations:

• \(1 ≤ i ≤ j ≤ n \quad≡\quad 1 ≤ j ≤ n \,∧\, 1 ≤ i ≤ j\)
• \(1 ≤ i ≤ j ≤ n \quad≡\quad 1 ≤ i ≤ n \,∧\, i ≤ j ≤ n\)

Then, nesting allows us to write \[(⊕ i, j\;❙\;1 ≤ i ≤ j ≤ n • P) \quad=\quad (⊕ j\;❙\;1 ≤ j ≤ n • (⊕ i\;❙\;1 ≤ i ≤ j • P))\] \[(⊕ i, j\;❙\;1 ≤ i ≤ j ≤ n • P) \quad=\quad (⊕ i\;❙\;1 ≤ i ≤ n • (⊕ j\;❙\;i ≤ j ≤ n • P))\]

One of these two sums is usually easier to evaluate than the other; we can use these factorisations to switch from the hard one to the easy one.

• If the body involves a phrase “\(j - i\)”, it may be helpful to replace j by j - i —using the permutative law below— then apply the second factorisation above.

The third rule is very powerful because, in combination with the nesting rule, it allows us to rearrange the order in which the values in a summation are added together. It simply states that the order in which the dummies are listed in a summation is irrelevant.

Rearranging, Dummy List Permutation

\[ (⊕ x, y \;❙\; R • P) \quad=\quad (⊕ y, x \;❙\; R • P) \]

Here is an example of how the nesting and rearrangement rules are combined to change the order of the values being summed. Nesting and rearrangement depend critically on the associativity and symmetry of the operation ⊕. The parenthesisation corresponds to the nesting of summands.

The change of inclusions may not be familiar, so here is its proof.

We may capture the unnesting-rearrangement-nesting pattern in the above example as a theorem.

(8.19) Interchange of dummies

Provided each quantification is defined, y does not occur in R, and x does not occur in S, \[ (⊕ x \;❙\; R • (⊕ y \;❙\; S • P)) \quad=\quad (⊕ y \;❙\; S • (⊕ x \;❙\; R • P)) \]

The next axiom is called range split, because the range R ∨ S in its LHS is split into two ranges \(R\) and \(S\) in its LHS.

(8.16) Axiom, Range Split: Provided \(R ∧ S ≡ false\), and each quantification is defined, \[ (⊕ x \;❙\; R ∨ S • P) \quad=\quad (⊕ x \;❙\; R • P) ⊕ (⊕ x \;❙\; S • P) \]

For instance, suppose we have a bag of ‘R’ed numbers and ‘S’ilver numbers. The LHS says we can sum them in any order we like, whereas the RHS says we sum the ‘R’ed ones, sum the ‘S’ilver ones, then add the two sums.

The restriction that \(R ∧ S ≡ false\) ensures that an operand is not accumulated twice in the RHS —once because a value \(x\) satisfies \(R\) and once because the same value \(x\) satisfies \(S\). The next axiom eliminates this restriction by adding to the LHS the accumulation \((⊕ s \;❙\; R ∧ S • P)\); thus, the values of \(P\) are accumulated twice because values for the dummies satisfy both \(R\) and \(S\) are accumulated twice on both sides of the equation.

(8.17) Axiom, Range Split: Provided each quantification is defined, \[ (⊕ x \;❙\; R ∨ S • P) ⊕ (⊕ x \;❙\; R ∧ S • P) \quad=\quad (⊕ x \;❙\; R • P) ⊕ (⊕ x \;❙\; S • P) \]

• Range split can be used to combine adjacent disjoint intervals: For \(a ≤ b ≤ c\), \[ (⊕ x ❙ a ≤ x < b • P) ⊕ (⊕ x ❙ b ≤ x < c) \;=\; (⊕ x ❙ a ≤ x < c • P) \]

  Notice the familiarity with \(\int_a^b f(x) dx + \int_b^c f(x) dx = \int_a^c f(x)dx\).

• It can also be used to split off a single term from a sum: For \(0 ≤ n\), \[ (⊕ x ❙ 0 ≤ i < n + 1 • P) \;=\; (⊕ x ❙ 0 ≤ i < n • P) ⊕ P[i ≔ n] \]

On the other hand, if operator ⊕ is idempotent —so that \(e ⊕ e = e\) for all \(e\), then it does not matter how many times \(e\) is accumulated. Hence, we have

(8.18) Axiom, Range Split for Idempotent ⊕: Provided each quantification is defined, \[ (⊕ x \;❙\; R ∨ S • P) \quad=\quad (⊕ x \;❙\; R • P) ⊕ (⊕ x \;❙\; S • P) \]

Since ⊕ is symmetric and associative, the order in which the operands are accumulated has no bearing on the result. Below is an example of how range-split can be used alongside the nesting and rearrangement rules to change the order of the values being summed. Nesting and rearrangement depend critically on the associativity and symmetry of the operation ⊕.

We may capture the nesting-rearranging pattern in the above example as a theorem.

(8.15) Distributivity, “Body Rearrangment”

Provided each quantification is defined, \[ (⊕ x \;❙\; R • P ⊕ Q) \quad=\quad (⊕ x \;❙\; R • P) \,⊕\, (⊕ x \;❙\; R • Q) \]

This law allows us to break a quantification into two parts, or to combine two quantifications into one.

• The dummies and ranges are all the same in each quantification in (8.15).
• Ignoring the proviso, we could write \((Σ i • 0) = (Σ i • i - i) = (Σ i • i) + (Σ i • -i)\) where the left-most is 0 but the rightmost is undefined since it is an unbounded sum.
• Quantifications with finite ranges are always defined, and quantifications using operator ∧ or ∨ are always defined.

The following axiom shows how distributivity laws generalise to quantifiers.

(8.d) Axiom, Distributivity of f: Provided x does not occur in P, and “f is ⊕-⊗-distributive” —i.e., f (x ⊕ y) = f x ⊗ f y and \(f\, \Id_⊕ = \Id_⊗\). \[ f\, (⊕ x \;❙\; R • P) \quad=\quad (⊗ x \;❙\; R • f\, P) \]

For instance,

• \(\even (∑ x \;❙\; R • Q) \quad=\quad (≡ x \;❙\; R • \even Q)\)
• \(P ∨ (≡ x \;❙\; R • Q) \quad=\quad (≡ x \;❙\; R • P ∨ Q)\)
• \(\log (Π x\;❙\;R • P) \;=\; (Σ x\;❙\;R • \log P)\)
• “Power of sums”: \(a ^{ (Σ x\;❙\;R • P)} \;=\; (Π x\;❙\;R • a^P)\)
• Generalised De Morgan (9.18): \(¬ (∀ x\;❙\;R • P) \;≡\; (∃ x\;❙\;R • ¬ P)\)
• Numeric De Morgan (LADM Ch15): \(- (↓ x\;❙\;R • P) \;=\; (↑ x\;❙\;R • - P)\)

(8.d′) Theorem, Distributivity of ⊗ over ⊕: Provided x does not occur in P, and “⊗ distributes over ⊕” ---a ⊗ (b ⊕ c) = (a ⊗ b) ⊕ (a ⊗ c) and \(a ⊗ \Id_⊕ = \Id_⊕\). \[ P ⊗ (⊕ x \;❙\; R • Q) \quad=\quad (⊕ x \;❙\; R • P ⊗ Q) \]

( Proof: Use 8.d with \(f(x) = a ⊗ x\). )

This form of the distributive law allows us to move constants in and out of a quantification.

The expression \(P\) that is being moved out of the scope (or into it, depending on your point of view) cannot contain \(x\) as a free variable. This restriction ensures that the LHS and the RHS of the axiom refer to the same free variables —otherwise, the LHS and RHS would, in general, not be equivalent.

For instance,

• \(P · (Σ x \;❙\; R • Q) \quad=\quad (Σ x \;❙\; R • P · Q)\)
• \((Π x \;❙\; R • Q)^P \quad=\quad (Π x \;❙\; R • Q^P)\)
• \(P + (↓ x \;❙\; R • Q) \quad=\quad (↓ x \;❙\; R • P + Q)\); likewise for ↑ (see Ch15 LADM).
• (9.5) Distributivity of ∨ over ∀: \(\quad P ∨ (∀ x \;❙\; R • Q) \quad≡\quad (∀ x \;❙\; R • P ∨ Q)\).
• (9.21) Distributivity of ∧ over ∃: \(\quad P ∧ (∃ x \;❙\; R • Q) \quad≡\quad (∃ x \;❙\; R • P ∧ Q)\).

Moreover, since ∧ and ∨ are idempotent, they are also self-distributive and so we have:

• \(P ∧ (∀ x \;❙\; R • Q) \quad≡\quad (∀ x \;❙\; R • P ∧ Q)\).
• \(P ∨ (∃ x \;❙\; R • Q) \quad≡\quad (∃ x \;❙\; R • P ∨ Q)\).

Likewise for maxima ↑ and minima ↓.

(8.d′) Theorem, General Distributive Law of ⊗ over ⊕: Provided x does not occur in S nor Q; y does not occur in R nor P; and “⊗ distributes over ⊕” ---a ⊗ (b ⊕ c) = (a ⊗ b) ⊕ (a ⊗ c) and \(a ⊗ \Id_⊕ = \Id_⊕\). \[ (⊕ x, y ❙ R ∧ S • P ⊗ Q) = (⊕ x ❙ R • P) ⊗ (⊕ y \;❙\; S • Q) \]

A sum of independent products is the product of sums.

(8.d″) Distributivity of ⊗ over non-empty ⊕: Provided x does not occur in P, and “⊗ distributes over non-empty ⊕” ---a ⊗ (b ⊕ c) = (a ⊗ b) ⊕ (a ⊗ c) (but maybe not \(a ⊗ \Id_⊕ = \Id_⊕\). \[ (∃ x • R) \quad⇒\quad P ⊗ (⊕ x \;❙\; R • Q) \quad=\quad (⊕ x \;❙\; R • P ⊗ Q) \]

Be careful using this theorem. A term can be moved outside the scope of the quantification only if the range \(R\) is not empty —i.e., not everywhere false.

For instance,

• (9.7) Distributivity of ∧ over ∀: \((∃ x • R) \quad⇒\quad P ∧ (∀ x \;❙\; R • Q) \quad≡\quad (∀ x \;❙\; R • P ∧ Q)\)
• (9.23) Distributivity of ∨ over ∃: \((∃ x • R) \quad⇒\quad P ∨ (∃ x \;❙\; R • Q) \quad≡\quad (∃ x \;❙\; R • P ∨ Q)\)

Multiple quantification has an interesting connection with the general operation of changing the index of quantification in single sums.

If we try to replace x by \(f\, y\) using an arbitrary function f —not necessarily an invertible function— then the general formula for index replacement is: \[ (⊕ x \;❙\; R • (⊕ y ❙ f\, y = x • P)) \quad=\quad (⊕ y \;❙\; R[x ≔ f\, y] • P[x ≔ f\, y]) \]

The inner sum of the LHS accounts for the number of values y such that f y = x. When f is a one-to-one correspondence, the number of such values is 1 and so the inner sum disappears —we use f's invertible to “solve for y” then use the one-point rule to get rid of the sum— to give us the permutative law (8.22).

The poof of the general index replacement rule is easy (once you've seen it!)

• ( We omit the ranges for brevity, since they can always be traded into the body. )

   (⊕ y • P[x ≔ f y])
={- One-point rule -}
  ⊕ y • (⊕ x ❙ x = f y • P)
={- Quantifier interchange -}
  ⊕ x • ⊕ y ❙ x = f y • P
 

• Trick: If we have a double sum on index variables i, j whose terms involve j + f i, where f is an arbitrary function, it's a good idea to try replacing j by j - f i and sum on i.

The next rule let's us “shuffle around the possible values being summed over”. It says that we can reorder the terms in any way we please; here \(f\) is any permutation.

(8.22) Theorem, Permutative Law, Commutative Law, Change of Dummy: Provided y does not occur in R nor in P, and f is a permutation (i.e., is invertible), \[ (⊕ x \;❙\; R • P) \quad=\quad (⊕ y \;❙\; R[x ≔ f\, y] • P[x ≔ f\, y]) \]

A function f is a permutation, or is invertible, if there is a function \(f⁻¹\) such that \[x = f\, y \quad≡\quad f⁻¹ x = y\]

• Transformations like \(f\, y = y + c\) or \(f\, y = y - c\) are always permutations, so they always work.
• To see if f is a permutation, start with the equation \(x = f\, y\), then “ solve for y ” to get \(g\, x = y\), then the found g is the inverse of f.

The proof in LADM, p151, is very nice.

• This rule can be used to simplify the range or to “eliminate a repeated (permutation) expression \(f\) from the quantification”.

We can relax the permutation restriction a little bit: We need to require only that there be exactly one value j with f j = i when i satisfies R. If i does not satisfy R, it doesn't matter how often f j = i occurs, because such j don't take part in the sum.

That is, we need “ f to be an invertible only for values satisfying R ”; i.e., there is a function \(f⁻¹\) such that \[R\, x ∧ R\, y ⇒ \big( x = f\, y \quad≡\quad f⁻¹ x = y \big) \]

For example, doubling is not invertible, but it is when we are only considering even integers: \[ \even x ∧ \even y ⇒ \big(x = 2 · y \quad≡\quad x / 2 = y \big) \]

As such, \((⊕ x\;❙\;R ∧ \even x • P) = (⊕ y\;❙\;R[x ≔ 2 · y] • P[x ≔ 2 · y])\).

Trading rules let us move a range into the body.

(8.t) Axiom, Trading: \((⊕ x \;❙\; R • P) \;=\; (⊕ x • \mathsf{if}\, R \,\mathsf{then}\, P \,\mathsf{else}\, \Id_⊕ \mathsf{fi})\)

(8.t′) Theorem, Trading: \((⊕ x \;❙\; Q ∧ R • P) \;=\; (⊕ x \;❙\; Q • \mathsf{if}\, R \,\mathsf{then}\, P \,\mathsf{else}\, \Id_⊕ \mathsf{fi})\)

Define the Iverson brackets, as follows.

 [_] : 𝔹 → ℕ
[ true  ] = 0
[ false ] = 1
 

For instance:

• (8.t.Σ) Theorem, Trading: \((Σ x \;❙\; Q ∧ R • P) = (Σ x \;❙\; Q • P · [R] )\)
• (8.t.Π) Theorem, Trading: \((Π x \;❙\; Q ∧ R • P) = (Π x \;❙\; Q • P^{[R]})\)
• (8.t.∀) (9.4) Theorem, Trading: \((∀ x \;❙\; Q ∧ R • P) ≡ (∀ x \;❙\; Q • R ⇒ P)\)
• (8.t.∃) (9.20) Theorem, Trading: \((∃ x \;❙\; Q ∧ R • P) ≡ (∃ x \;❙\; Q • R ∧ P)\)

By contextual rules, and conditional rules,

(8.c) Theorem, Context: \((⊕ x \;❙\; R ∧ e = f • P[z ≔ e]) = (⊕ x \;❙\; R • P[z ≔ f])\)

(8.c′) Theorem, Context: \((⊕ x \;❙\; R • P[z ≔ R]) = (⊕ x \;❙\; R • P[z ≔ true])\)

Suppose we have an order \(\_{}⊑\_{}\).

(8.m) Axiom, (Generalised) Monotonicity; Body Weakening/Strengthening: Provided ⊕ is monotonic ---a ⊑ a′ ∧ b ⊑ b′ ⇒ a ⊕ b ⊑ a′ ⊕ b′— \[ (⊕ x\;❙\;R • P) ⊑ (⊕ x\;❙\;R • P′) \quad⇐\quad (∀ x\;❙\;R • P ⊑ P′) \]

For example, this covers both of (9.12) and (9.27); consequently giving us (9.11) and (9.26) —by weakening \(p ∧ q ⇒ p\) and \(p ⇒ p ∨ q\).

Two quantifications are equal when “each of their parts are equal”.

   (⊕ x\;❙\;R • P) = (⊕′ x\;❙\;R′ • P′)
⇐     ⊕ = ⊕′             -- same operation
  ∧  (∀ x • R ≡ R′)      -- same range
  ∧  (∀ x\;❙\;R • P = P′)  -- same body
 

See, for example, (9.9).

1. Predicate logic is an extension of propositional logic that allows the use of variables of types other than 𝔹.
2. This extension leafs to a logic with enhanced expressive and deductive power.
3. A predicate-calculus formula is a Boolean expression in which some Boolean variables may have been replaced by:
   • Predicates, which are applications of Boolean functions whose arguments may be of types other than 𝔹; e.g., \(x < y\) is formed using the predicate symbol ‘<’.
   • Universal and existential quantification, as discussed in this section.

The general axioms of quantification hold for ∧/∀ and ∨/∃. along with an additional one below.

(9.29) Theorem, Interchange of quantifications: \((∃ x\;❙\;R • (∀ y\;❙\;Q • P)) \quad⇒\quad (∀ x\;❙\;Q • (∃ x\;❙\;R • P))\).

( See LADM p166 for the proof. )

\(\def\suc{\mathsf{suc}\,}\)

The following can be proven by induction on \(n : ℕ\), where \(\suc x = x + 1\) —many can be proven directly by using ⊕-distributivity laws.

• Constant Sum: \((∑ i \;❙\; i < n • a) = a · n\)
  • “Multiplication is iterated sum”
    • An index variable that doesn't appear in the body (here i) can simply be eliminated if we multiply what's left by the size of that variable's index set (here n).
  • Sum of 1: \((∑ i \;❙\; i < n • 1) = n\)
    • “All numbers are obtained by adding 1”
  • Sum of evens: \((∑ i : ℕ \;❙\; i ≤ n • 2 · i) = n · \suc n\)
    • i.e., + \(2 · (Σ i\;❙\;0 ≤ i < n • i) = n · (n + 1)\).
    • “The sum of the first n integers is \({n · (n + 1) \over 2}\).”
    • “The sum of the first n even integers is \(n · (n + 1)\).”
  • Sum of odds: \((∑ i : ℕ \;❙\; i < n • \suc i + i) = n · n\)
    • The sum of the first n odd natural numbers is n².
• Sum powers of two: \(\suc (∑ i \;❙\; i < n • 2^i) = 2^n\)
• Constant Product: \((Π i \;❙\; i < n • a) = a ^ n\)
  • “Exponentiation is iterated sum”
• Product of integers: \((Π i \;❙\; 0 ≤ i < n • i) = n!\)
  • The product of the first \(n\) integers is \(n !\) (“n factorial”)

• “Superfluous quantification for idempotent ⊕”: For ⊕ idempotent, \((⊕ i\;❙\;0 ≤ i < n • P) = P\) provided i does not occur in P and \(0 < n\) (i.e., the LHS is non-empty!)

  • “When you can choose from P, or P, or P, or … n-many times, then really there is only P to pick.” (E.g., this works for ↑, ↓, ∀, ∃.)

  ( The 0 ≤ n proviso is to ensure that the LHS's range is not empty and so the LHS is not just \(\Id_⊕\), which may differ from the RHS. )

• \((↓ i \;❙\; 0 ≤ i < n • i) = 0\), the smallest number among the first n non-negative integers is 0.
• \((↑ i \;❙\; 0 ≤ i ≤ n • i) = n\), the largest number among the first n (inclusive) non-negative integers is n.

1. Everybody knows what a finite sum is: Add up a bunch of terms, one by one, until they've all been added.

   But what's an infinite sum?

2. In an completely ordered domain, define \((⊕ x ❙ R • P)\) to be the least upper bound on all finite sub-quantifications; i.e., it is the least 𝒬 such that \((⊕ x ❙ F • P) ⊑ 𝒬\) for all finite ranges F with ∀ x • F ⇒ R.

   ( Completeness implies that the set of all such values 𝒬 always has a least element. )

   If there is no bounding constant 𝒬, we define \((⊕ x ❙ R • P) = ⊤\) —the “∞” of the ordered domain. This means that if 𝒬 is an value, there's a set of finitely many terms P whose sum exceeds 𝒬.

   ---

   Formally, \((⊕ x \;❙\; R • P) \quad=\quad (⊔ F \;❙\; F \,\text{finite-sub-range-of}\, R • (⊕ x \;❙\; F • P))\)

   The completeness criterion means that the join in the RHS always converges.

   In-particular, a sum indexed by all the natural numbers is the result of looking at partial sums. \[ (⊕ i : ℕ • P) \quad=\quad (⊔ n : ℕ • (⊕ i : ℕ \;❙\; i ≤ n • P)) \]

3. Notice the definition for possibly infinite ranges R has been formulated to that it doesn't depend on any ordering of the terms —after all, we want to preserve the symmetry and associativity of ⊕ even for infinite ranges.

An r-permutation is an ordered r-sequence of distinct numbers from \(1..n\).

Essentially, an r-permutation of a set \(X\) is an injection \(f : 1 .. r ↣ X\).

An r-subset of \(1..n\) is called an r-combination of \(n\); let \(\binom{n}{r} :=\) the number of r-combinations of \(n\).

Since there are \(\binom{n}{r}\) many r-subsets of \(n\) and for each such subset there are \(r!\) possible arrangements, we have \(P(n,r) = r! \binom{n}{r}\).

Hence, \(\binom{n}{r} = \frac{n!}{(n-r)! r!}\).

Note that it’s easier to prove binomial properties by the subset-defn than the factorial defn!

• \(0! = 1\), since there is only one possible such combination.
• \(n < r \implies \binom{n}{r} = 0\), since there are no such possible combinations.
• \(\sum_{r=0}^n \binom{n}{r} = 2^n\), since LHS counts all subsets of a set of size \(n\), the RHS also counts all subsets of a set of size \(n\).
• \(\binom{n}{r} = \binom{n}{n-r}\), since LHS is the number of r-element subsets of \(1..n\) which also counts the complements which are sets of size \(n-r\), which is the RHS.
• \(2^n = ∑ r : 0..n • C(n,r)\)

         ∑ r : 0..n • C(n,r)
      =⟨ un-formalise ⟩
       the sum of the number of ways to choose r items from n distinct, for r in 0..n ⟩
      =⟨ rephrase ⟩
        the number of combinations possible from n distinct elements
      =⟨ rewrite ⟩
        for each of the n elements, we can either pick it in our collection or not
      =⟨ product rule ⟩
        2ⁿ
 

Note that \(\binom{n}{r}\) is also the number of ways we can label \(r\) of \(n\) elements red and the remaining \(n-r\) elements blue. In-particular, colouring an element red if it belongs to an r-element set and colouring it blue otherwise leads us to conclude that \(\binom{n}{r}\) is the number of r-element subsets of n-elements.

The binomial coefficients \(\binom{n}{k}\) count the number of k-subsets of a set of \(n\) elements.

I personally write \(\binom{X}{k}\) for the collection of k-sized subsets of a set finite \(X\), and so I may write: \(\left|\binom{X}{k}\right| = \binom{|X|}{k}\).

• \(\binom{n}{k}=0 \equiv k \notin 0..n\)
  • \(\binom{n}{k}=\frac{n!}{k!(n-k)!} \equiv k \in 0..n\)
• \(\binom{n}{0}=1\)
  • \(\binom{n}{n}=1\)
• \(\binom{n}{k} = \binom{n}{n-k}\)
  • \(\sum_{k=0}^n \binom{k}{m} = \binom{n+1}{m+1}\)
• Absorption / Extraction: \(\binom{n}{k} = \frac{n}{k} \binom{n-1}{k-1}\)

• Upper Negation: \(\binom{n}{k} = (-1)^k\binom{k-n-1}{k}\)

  “To negate the upper index, write \((-1)^k\) where \(k\) is the lower index. Then immediately write \(k\) again twice, in both lower and upper index positions. Then we negate the original upper index by subtracting it from the new upper index. And we finish by subtracting 1 more; always subtracting, not adding, because this is a negation process.”

  Double Negation: the negation of the negation is the original.

  Case \(n = -1\) yields, \(\binom{-1}{k} = (-1)^k\) ♥‿♥

• Pascal’s Formula: \(\binom{n}{k} = \binom{n-1}{k} + \binom{n-1}{k-1}\).

  Many combinatorial identities can be discovered by careful examination of Pascal’s triangle.

  Iterating Pascal’s Formula yields, \(\binom{n+1}{k+1} = \sum_{i=0}^n \binom{n-i}{k}\).

• The Binomial Theorem: \(n \in ℕ \implies (x+y)^n = \sum_{k=0}^n \binom{n}{k}x^{n-k}y^k\)

  A direct proof by induction suffices; also case \(y=1\) occurs rather often.

  Alternatively the proof is simple after we prove the auxiliary result \(\prod_{i=1}^n (x_i + y_i) = \sum_{S \subseteq 1..n} (\prod_{j \in S} x_j)(\prod_{k \in \bar{S}}y_k)\) —which in-turn can be proven by induction on \(n\).

  Multiplying by \(x\) and/or performing successive differentiations on the binomial theorem is a simple way to obtain some identities.

  For example, taking the derivative of \((1+x)^n=\cdots\) wrt to \(x\) then setting \(x=1\) yields, \(n2^{n-1} = \sum_{k=1}^n k\binom{n}{k}\).

• Vandermonde convolution: \(\sum_{k=0}^n\binom{m_1}{k}\binom{m_2}{n-k}=\binom{m_1+m_2}{n}\).

  Combinatorial proof: Fix an \(m_1+m_2\) sized subset of \(X\) and write \(X = A \cup B\) where \(|A|=m_1, |B|=m_2\).

  The RHS counts the n-element subsets of \(X\). Let \(S\) be such a subset then \(S \cap A\) has some size \(k\) and \(S \cap B\) has size \(n-k\).

  The LHS counts the ways of picking a k-element subset of \(A\) and an $(n-k)$-element subset of \(B\) and sums overall possible \(k\)’s.

  Corollary: \(\binom{2n}{n} = \sum_{k=0}^n \binom{n}{k}^2\).

• The number of subsets of an n-element set is 2ⁿ.

  Algebraic Proof: Letting \(x=y=1\) in the binomial theorem, yields \(\sum_{k=1}^n \binom{n}{k}=2^n\).

  Combinatorial proof: Consider an n-element set. For each element we can decide either to put it in a subset, that we are constructing, or to leave it out. So we have two decisions per element and so a total of \(2^n\) subsets for all possible decisions.

• For every set, the number of even-sized subsets is the same as the number of odd-sized subsets, which is \(2^{n-1}\).

  Combinatorial proof: Suppose we want to select a subset with an even number of elements. Then as before we have two choices for the first \(n-1\) elements. But when we get to the last element, we have only one choice. For if we have chosen an even number of the elements then we must leave this last element out; if we have chosen an odd number of elements then we must put this last element in. Hence, the number of subsets with an even number of elements in \(2^{n-1}\).

  Likewise, for odd-sized subsets.

  • Alternatively: Let \(A \subseteq 0..n-1\) be a subset of even size, then adding \(n\) makes it odd, leaving \(n\) out keeps it even. Vice-versa if \(|A|\) is odd. Thus, we have a bijection between all subsets of \(1..n-1\) and either the even or odd subsets of \(1..n\). Comparing cardinalites yields the result. \(\>\>\)

    Indeed, since the two sums are equal and sum to \(2^n\), we find \(\sum_{k \in 1..n, k \text{ odd }} \binom{n}{k} = \sum_{k \in 1..n, k \text{ even }} \binom{n}{k} = 2^{n-1}\) ♥‿♥

• This principle says, roughly, that if a lot of pigeons fly into not too many pigeonholes, then at least one pigeonhole will be occupied by two or more pigeons.

  • By contraposition, if we know that each hole has at-most one pigeon then the number of pigeons is at-most the number of holes.

    With objects distributed into compartments such that each compartments contains at most one object, the number of objects is at most the number of compartments.

  • PHP asserts that no matter how one distributes \(n+1\) objects among \(n\) boxes, one cannot avoid putting two objects in the same box.
  • Instead of putting objects into boxes, we may think of colouring each object with one of \(n\) colours. The pigeonhole principle asserts that if \(n+1\) objects are coloured with \(n\) colours, then two objects have the same colour.
  • Married Couples Application:

  If \(n\) married couples are together then choosing \(n+1\) of the \(2n\) people guarantees that a couple is chosen.

In A Logical Approach to Discrete Math and in EWD1094, there are alternative formulations…

(0) For a non-empty, finite bad of numbers, the maximum value is at least the average value (and the minimum is at most the average).

(1) If more than \(n · k\) objects are distributed into a set of \(n\) compartments, some compartment receives more than \(k\) of the objects.

It is argued that since (0) does not explicitly mention \(n\) and \(k\) explicitly, this eases application of th theorem since a user would not need to hunt them down explicitly. Moreover, (1) is ‘operational’: It requires users identity objects, compartments, and a distribution process —but (0) is valid when no process of distribution is involved. Perhaps the worst offence of (1) is that it forces us to treat numbers not as independent entities but rather as a tool that serve to count objects —which is not a useful interpretation to always have; e.g., when dividing numbers. Besides being overspecific, (1) hides the principle's arithmetic nature. As EWD might say, (0) is good mathematics and (1) is public relations.

Example: On the ranch, each cowboy is the exclusive owner of at least one horse. Show that on the ranch ♯cowboys ≤ ♯horses.

Solution using (1): For the sake of a contradiction, suppose the conclusion is not true and so we have ♯horses < ♯cowboys. Distribute the cowboys among the horses they own; then since there are more cowboys than horses, the PHP (1) tells us that there is a horse owned by at least two cowboys, which contradicts the exclusive ownership. Hence, the conclusion must be true.

Solution using (0): Since the minimum (number of horses per cowboy) is at most the average (number of horses per cowboy), we have 1 ≤ ♯horses / ♯cowboy, whence the result follows.

For (1), the key choices are the pigeons, holes, and their counts; for (0), the only choice is the bag of numbers.

(0) can be tersely summarised as “minimum ≤ average ≤ maximum”; a nifty arithmetical result. Some number in a collection is at least the average value and another is at most the average value.

Here is another form of the principle, the first one below obscures the underlying arithmetical results of (0′).

(1′) (Yet another form of PHP): For non-negative integers qᵢ, distributing more than (∑ i : 1..n • qᵢ) objects into n boxes necessitates some box i : 1..n contains more than qᵢ objects.

(0′) For any integers bᵢ and qᵢ, if the sum of the bᵢ is more than the sum of the qᵢ, then for some i, bᵢ > qᵢ; i.e., (∑ i • bᵢ) > (∑ i • qᵢ) ⇒ (∃ i • b ᵢ > qᵢ).

(0′) is better recognised as the contrapositive of Σ's body-monotonicity —which is an immensely useful algebraic identity! (Note: \(¬ x ≤ y \;≡\; x > y\).)

Σ body monotonicity: (∀ i • bᵢ ≤ qᵢ) ⇒ (∑ ᵢ • bᵢ) ≤ (∑ i • qᵢ).

In (0′), taking bᵢ = qᵢ = 1 for all i, give us: Distributing more than n objects into n boxes necessitates some box contains more than 1 object.

In (0′), taking bᵢ = qᵢ = k for all i, gives us (1) above.

Anyhow, (0′) is a familiar property of summation.

• Theorem: If \(n+1\) objects are distributed into \(n\) boxes, then at least one box contains two or more of the objects.

  Suppose not, then necessarily each of the \(n\) boxes contains at-most 1 of the objects and so the total number of objects is at-most \(n\); which contradicts the fact that we distributes \(n+1\) objects! Hence, the supposition that every box contains at most 1 object is false and so we must have that some box contains more than 1 object, i.e., contains 2 objects.

In general, if \(f : X \to Y\) is a function between finite sets and \(X\) has more elements than \(Y\), then \(f\) is not one-to-one.

\[\def\mod{\,\mathsf{mod}\,} \def..{..} \]

\[\newcommand{\len}{\mathsf{len}\,}\]

Data Compression Application: Is it possible to do ‘loosyless’ compression? I.e., to compress data without losing any information?

Suppose we had such a compression algorithm. Any file looks like a string of 0s and 1s.

Given a file, a string, \(F\), our algorithm produces another file \(C(F)\) —the compressed file. We want the length of \(C(F)\) to be at-most the length of \(F\) for every file \(F\), and we want there to be at-least one-file \(F\) to have \(\len \ C(F) < \len \ F\) —since this is a compression algorithm after all.

We’ll show that no such \(C\) exists.

Choose \(F\) to be the shortest file that actually gets compressed; i.e., with \(\len C(F) < \len F\). Let \(N = \len \, C(F)\) be the length of the resulting compressed file. Hence, for any other file \(G\),

   len G = N
⇒⟨ Properties of N ⟩
  len G = N = len C(F) < len F
⇒⟨ Transitivity ⟩
  len G < len F
⇒⟨ Defining Property of F ⟩
  len C(G) < len G is false -- since F is the shortest with such a property
=⟨ negation ⟩
  len G ≤ len C(G)
=⟨ Compressions: len C(X) ≤ len X ⟩
  len C(G) = len G
=⟨ un-formalise ⟩
  G does not get compressed
 

That is, all files of length \(N\) don’t get compressed —ie \(\len \ G = N \implies \len \ C(G) = N\).

Since there are \(2^N\) files of length \(N\) and every length \(N\) file has compressed length \(N\), but so does \(F\) (but it's length is more than N), and so we have \(2^N+1\) pigeons/files that get compressed to \(2^N\) many possible compression's. So, at-least 2-files have the same compressed form.

So, \(C\) is “loss”.

Note ∷ Many of the \(2^N\) files are garbage and so in-practice we need not be so general.

When A and B are finite, we can represent a relation as a drawing: We draw A as a bunch of dots on the left side of a paper, and draw B as a bunch of dots on the right side of the paper, then whenever ‘a’ is related to ‘b’ we draw an arrow from the left side dot labelled ‘a’ to the right side dot labelled ‘b’. Such drawings are known as simple bipartitie graphs, the dots are known as vertices, nodes, and the arrows are known as directed edges.

When A = B, we just draw a bunch of dots on a paper and an arrow from ‘x’ to ‘y’ whenever ‘x’ is related to ‘y’. This pictorial representation of the relation is known as a simple graph. It then has ♯R-many edges and ♯A-many dots.

Relations are a theory of simple graphs!

• A graph is said to be empty or complete, if its associated relation is the empty relation or the universal relation, respectively.
• Concerning the graph on the empty set, there is a paper by F. Harary and
  1. C. Read entitled "Is the null-graph a pointless concept?" .
  2. springer link ; reddit

Viewed as a simple bipartite graph, a relation “naturally comes with two interesting sets”: A relation is a bunch of arrows from dots on the left to dots on the right, but some dots may not have an arrow going out of them and some dots may not have an arrow coming into them.

The domain of R is the collection of dots that have an arrow going out of them; i.e., \(\Dom R \;=\; \{a : A \;❙\; (∃ b : B • a 〔R〕b)\} \;=\; \{a :A; b : B \;❙\; a 〔R〕 b • a\}\). That is, the domain of \(R : A ↔ B\) is the set of elements in \(A\) related to something in \(B\).

The range of R is the collection of dots that have an arrow going into them; i.e., \(\Ran R \;=\; \{b : B \;❙\; (∃ a : A • a 〔R〕b)\} \;=\; \{a :A; b : B \;❙\; a 〔R〕 b • b\}\). That is, the range of \(R : A ↔ B\) is the set of elements of \(B\) to which some element of \(A\) is related.

Interestingly, \(\Id_{\Dom R} = R ⨾ ⊤ ∩ \Id\).

Viewed as a simple bipartite graph, a relation “naturally comes with an interesting operation”: A relation is a bunch of arrows from dots on the left to dots on the right, what if we change perspective and see the arrows “going the other way around”?

The converse of a relation R : A ↔ B is the relation \(R˘ : B ↔ A\) consisting of the converse of the relationships of R; i.e., \(b 〔 R˘〕 a \;≡\; a 〔R〕 b\).

For example, if Jim 〔 parentOf 〕 Kalthum then Kalthum 〔 parentOf˘ 〕 Jim and we may as well define childOf = parentOf˘. That is, “Jim is the parent of Kalthum” ≡ “Kalthum is a child of Jim”. Converse means to change the order of the related items.

Intuitively,

• \(R ˘ ˘ = R\)
• \(\Dom (R ˘) = \Ran R\)
• \(\Ran (R ˘) = \Dom R\).
• (CCC) Converse commutes with complementation: \((\sim R)˘ \;=\; \sim (R ˘)\)
• \(R ⊆ S \;≡\; R ˘ ⊆ S˘\)
• Converse commutes with joins and meets: \((R ∩ S)˘ \;=\; R ˘ ∩ S˘\) and \((R ∪ S)˘ \;=\; R ˘ ∪ S˘\)
• Identity, empty, and universal relations stay the same when transposed: \(\Id ˘ = \Id, \; ⊥˘ = ⊥,\; ⊤ ˘ = ⊤\).

Since relations are sets of pairs, the usual set theory operations —intersection, union, complement, inclusion— can be used to construct new relations from existing ones.

In particular, if we “place side-by-side two relations, sharing a common type” \(R : A ↔ B\) and \(S : B ↔ C\), then, as graphs, we need to only draw \(B\) once and let the graphs of \(R\) and \(S\) share it. One then immediately realises that an element of \(A\) may be R-related to an element of \(B\) which is itself S-related to an element of \(C\); i.e., we have a new relation between \(A\) and \(C\). This is the composition of R and S, it is denoted \(R ⨾ S\) —and may be read “R and then S”.

The composition is defined by \(a 〔R ⨾ S〕c \;≡\; (∃ b : B • a 〔R〕b 〔S〕 c)\).

Intuitively,

• For \(R : A ↔ B\), the elements of \(A\) affected by \(R\) are captured by the relation \(R ⨾ ⊤\), whereas \(R˘ ⨾ ⊤\) refers to the elements of \(B\) affected by \(R\).
  • Later we will see relations of the form \(Q ⨾ ⊤\) as “vectors”; i.e., sets disguised as relations.
• Composition is an associative operation: \(Q ⨾ (R ⨾ S) = (Q ⨾ R) ⨾ S\).
• It has the identity relation (loops only) as unit element and the empty relation (no edges at all) as the zero element: \(\Id ⨾ R = R ⨾ \Id = R\) and \(⊥ ⨾ R = R ⨾ ⊥ = ⊥\).
• Composition preserves containment: \(R ⊆ R′ ∧ S ⊆ S′ ⇒ R ⨾ S ⊆ R′ ⨾ S′\)

• Composition distributes over unions, but only sub-distributes over intersections: \(Q ⨾ (R ∩ S) \quad⊆\quad Q ⨾ R ∩ Q ⨾ S\).

  We have sub-distributivity since otherwise the following little calculation would give \(⊥ = ⊤\): \(⊥ = ⊤ ⨾ ⊥ = ⊤ ⨾ (\Id ∩ \sim\Id) ⊆ ⊤⨾\Id ∩ ⊤⨾\sim\Id = ⊤ ∩ ⊤ = ⊤\).

• Tarski rule: Non-empty relations actually relate things; i.e., \(R ≠ ⊥ \;≡\; ⊤ ⨾ R ⨾ ⊤ = ⊤\) —equivalently, every relation relates any source element to some target element or does not relate a target element to any source: \(R ⨾ ⊤ = ⊤ ∨ ⊤ ⨾ \sim R = ⊤\) (i.e., every relation is total or its negation is surjective).

  ( There are implementations of these operations that do not satisfy this rule since the elements cannot be conceived as sets of pairs. See here for more. )

  Consequently, the universal relation is annihilated by the empty relation only: \(R ⨾ ⊤ = ⊥ \quad≡\quad R = ⊥\).

  ( Likewise, \(R ≠ ⊥ \;≡\; R ˘ ⨾ R ≠ ⊥\). )

  Moreover, since \(⊤ ⨾ ⊤ ⨾ ⊤ = ⊤\) (in a homogenous setting) Tarski's rule shows that \(⊤ ≠ ⊥\). ( Tarski's rule assumes a non-empty universe. Indeed, in the extreme case that the universe is empty, then, and only then, do we have the degenerate case with \(⊤ = ⊥\). )

When \(R\) is homogeneous, then we define \(R¹ = R\) and \(Rⁿ⁺¹ = R ⨾ Rⁿ\). Then, \(x 〔 Rⁿ 〕 y\) precisely when the simple graph \(R\) has a path of length n from x to y; i.e., there is a sequence of n-many nodes p such that p₀ = x and ∀ i : 0..n-1 • pᵢ 〔R〕 pᵢ₊₁ and pₙ₋₁ = y. The type of paths of length n in simple graph R is denotes Rⁿ; this is an inductive data type.

• For more on this idea, see Graphs are to categories as lists are to monoids.

Reflexive

Elements are related to themselves

Everything is related to itself.

	\(R\) is reflexive
=	∀ x • x 〔R〕 x
=	\(\Id ⊆ R\)

Transitive

Things related to things that are related, are themselves related.

That is, whenever x is relate to y and y is related to z, then also x will be related to z.

	\(R\) is transitive
=	∀ x, y, z • x 〔 R 〕 y 〔R 〕 z ⇒ x 〔R〕 z
=	\(R ⨾ R ⊆ R\)

A transitive relation is irreflexive precisely when it is asymmetric.

Symmetric

The relationship is mutual; if one thing is related to the other, then the other is also related to the first.

( A relation is symmetric if it includes its converse: If x is related to y, then y is also related to x. )

	\(R\) is symmetric
=	∀ x, y • x 〔R〕 y ⇒ y 〔 R〕 x
=	\(R ˘ ⊆ R\)
=	\(R ∩ R˘ ⊆ R\)
=	\(R ˘ = R\)

As graphs, symmetric relations contains either exactly two arrows —in opposite directions— between any two elements or none at all. As such, for clarity, one prefers “squeezing any two arrows in opposite directions” into one ‘undirected’ line and so obtains undirected graphs.

• Undirected edges represent pairs of arrows pointing in opposite directions.

  Coreflexives are symmetric: \(R ⊆ \Id ⇒ R ˘ = R\).

Antisymmetric

Different elements cannot be mutually related.

Such relations allow us to prove equality between two elements; we have only to show that the relationship holds in both directions.

• E.g, one often shows two sets are equal by using the antisymmetry of ‘⊆’.

	\(R\) is antisymmetric
=	∀ x, y • x 〔R〕 y ∧ y 〔 R〕 x ⇒ x = y
=	∀ x, y • x ≠ y ⇒ ¬ (x 〔R〕 y ∧ y 〔 R〕 x)
=	∀ x, y • x ≠ y ⇒ x 〔R̸〕 y ∨ y 〔 R̸〕 x
=	\(R ∩ R ˘ ⊆ \Id\)
=	\(R ˘ ⊆ \sim R ∪ \Id\)
=	R ╳ R = Id —‘╳’ is introduced below after ‘╲’

( As a simple graph, an antisymmetric relation has at most one arrow between any two different nodes. )

Asymmetric

The relationship is mutually exclusive.

( That is, \(x 〔 R〕 y\) and \(y 〔R〕 x\) cannot both be true.

Reflexive relations —when x = y— are thus not asymmetric. )

	\(R\) is asymmetric
=	∀ x, y • x 〔R〕 y ⇒ ¬ y 〔 R〕 x
=	\(R ∩ R ˘ ⊆ ⊥\)
=	\(R ˘ ⊆ \sim R\)

Asymmetrics are irreflexive —just pick x = y in the above ∀-formulation ;-)

Notice that a relation need not be any of Symmetric, Antisymmetric, nor Asymmetric (i.e., \(R ∩ R˘\) need not be included in \(R\), \(\Id\), nor in \(\bot\); equivalently: \(R˘\) need not be included in $R, ∼ R ∪ \Id,$ nor in \(\sim R\)); e.g., the relationship likes = { ⟨Louise, Martin⟩, ⟨Martin, Louise⟩, ⟨Martin, Natalie⟩ } is not symmetric —Martin likes Matalie but Natalie does not like Martin—. is not antisymmetric —Martin and Louise like each other, but they are not the same person—, and it is not asymmetric —since Martin and Louise like each other.

Interestingly, every homogeneous relation R may be partitioned into an asymmetric part \(A = R ∩ ∼R˘\) and a symmetric part \(S = R ∩ R˘\) —i.e., \(R = A ∪ S\) and \(A ∩ S = ⊥\).

Preorder

Models the notion of ‘inclusion’ or ‘at most’ or ‘before’ or ‘predecessor of’; and so requires: Everything is included in itself and inclusion is transitive.

	\(R\) is a preorder
=	\(R\) is transitive and reflexive
=	\(R ⨾ R ⊆ R \;∧\; \Id ⊆ R\)
=	\(R ⨾ R = R \;∧\; \Id ⊆ R\)
=	\(R ╱ R = R\) —“indirect inclusion from above”
=	\(R ╲ R = R\) —“indirect inclusion from below”

If it is additionally antisymmetric, one says we have an order.

• The relation \(R ∩ R˘\) is the greatest equivalence contained in a preorder \(R\).

Instead of reflexivity, if we have irreflexivity we get strict order:

	\(R\) is a strict order
=	\(R\) is transitive and irreflexive
=	\(R ⨾ R ⊆ R ⊆ \sim\Id\)
=	\(R ⨾ R ⊆ R \;∧\; R˘ ⊆ \sim R\)
=	\(R ⨾ R ⊆ R \;∧\; R ∩ R˘ ⊆ ⊥\)
=	\(R\) is transitive and asymmetric

( /Warning! A “strict order” is not an order that is somehow strict. )

To prove these, use Schröder's rule to obtain \(R ⨾ R ⊆ \sim\Id \;≡\; R˘⨾\Id ⊆ \sim R\).

• Orders and strict orders come in pairs: Every order \(R\) induces a strict order \(R ∩ \sim\Id\); conversely, every strict order \(R\) gives rise to an order \(R ∪ \Id\). As such, it is customary to denote order relations by symbols such as ≤, ⊆. ≼, ⊑ and their associated strict orders by related symbols <, ⊂, ≺, ⊏, respectively, with *lack the horizontal line ‘─’ below the symbol to indicate irreflexivity —i.e., the line is a suggestive reminder of equality.
• When letters are used to denote orders, one may see E for an order since it is reminiscent of ≤ and ⊆, and may see C for a strict order since it is reminiscent of < and ⊂.

Equivalence

Models the notion of ‘similarity’; Everything is similar to itself, being similar is a mutual relationship, and it is transitive.

	\(R\) is an equivalence
=	\(R\) is a symmetric preorder
=	\(R\) is transitive and reflexive and symmetric
=	\(R ⨾ R ⊆ R \;∧\; \Id ⊆ R ⊆ R˘\)
=	\(R ⨾ R = R = R˘ \;∧\; \Id ⊆ R\)
=	\(R ⨾ R ˘ ⊆ R \;∧\; \Id ⊆ R\)

Its Boolean matrix has block diagonal form if suitably arranged.

Linear

Any two (possibly identical) members are related; (the associated graph can be drawn similar to a line; i.e., the nodes can be arranged in a sequence).

( In graph terminology, linear is also referred to as strongly complete. )

( Sometimes a linear order is called a complete order. )

	\(R\) is linear
=	∀ x, y • x 〔R〕 y ∨ y 〔R〕 x
=	\(⊤ ⊆ R ∪ R ˘\)
=	\(\sim R ⊆ R ˘\)
=	\(\sim R\) is asymmetric

A linear order corresponds to a full upper triangular matrix, after suitably arranging rows and columns. A linear (pre)-order has no (distinct) incomparable elements.

Any linear ordering E, with associated strict order C, satisfies \(C˘ = \sim E\); i.e., any linear order ‘⊑’ satisfies \[ ∀ x, y •\quad ¬ (x ⊑ y) \;≡\; y ⊏ x \]

Likewise, for liner order, we have transitivity E⨾C⨾E = C and weakening C ⊆ E; i.e., \[ a ⊑ b ⊏ c ⊑ d \;⇒\; a ⊏ d \quad\text{ and }\quad x ⊏ y \;⇒\; x ⊑ y \]

Every order E can be extended to a linear order E′; i.e., E ⊆ E′. For the finite case this is known as topological sort, covered later on, and for the infinite case this is known as the Szpilrajn extension.

• For the finite case, the idea is as follows: If E is not linear, then there are two incomparable elements x, y (i.e., outside E ∪ E˘), so we may define an ordering E₁ ≔ E ∪ {(x, y)}. We iterate this process and Eₙ will eventually become linear.

  This process maintains “the order E, less the incomparable elements, is linear” invariant throughout. Since each step reduces the number of incomparable elements, it must terminate, and the invariant then ensures the resulting order is linear. (•̀ᴗ•́)و

Semilinear

Any two different members are related; (the associated graph can be drawn similar to a line).

( In graph terminology, semilinear is also referred to as complete; e.g., “the complete graph on n nodes” refers to \(⊤ ∩ ∼\Id : 1..n ↔ 1..n\). )

	\(R\) is semilinear
=	∀ x, y • x ≠ y ⇒ x 〔R〕 y ∨ y 〔R〕 x
=	\(\sim\Id ⊆ R ∪ R ˘\)
=	\(\sim R ⊆ R ˘ ∪ \Id\)
=	\(\sim R\) is antisymmetric

A relation without incomparable elements is semilinear.

A semilinear and asymmetric relation \(R\) is known as a tournament since it models the win-loss situation of a typical sports tournament: Semilinearity and asymmetry ensure teams do not play against themselves and that there is no draw —i.e., there must be a winner. A tournament R is characterised by R ∪ R˘ = ∼Id.

• Univalent (partially defined function): Equal elements are related to equal elements; i.e., an element cannot be related to two different elements.

  That is, every source value x is associated at most one target value y.

  As a simple graph: Any arcs from the same source actually coincide.

  	\(R\) is univalent
  =	∀ x, y, y′ • x 〔 R 〕 y ∧ x 〔R〕 y′ ⇒ y = y′
  =	\(R ˘ ⨾ R ⊆ \Id\)
  =	\(R ⨾ \sim \Id \;⊆\; \sim R\)
  =	\(∀ S • R ⨾ \sim S \;⊆\; \sim (R ⨾ S)\)
  =	∀ S • R ⨾ ∼ S = R ⨾ ⊤ ∩ ∼(R ⨾ S)
  =	∀ Q, S • R ⨾ (Q ∩ S) = R ⨾ Q ∩ R ⨾ S —c.f., ⨾ sub-distributes over ∩
  =	∀ Q, S • Q⨾R ∩ S = (Q ∩ S ⨾ R˘)⨾R —c.f., the Dedekind rule

  The formula \(R ⨾ \sim \Id \;⊆ \sim R\) reads “If x is R-related to a value different from y, then it is not R-related to y.” It continues to hold when we replace the identity by an arbitrary relation.

  The 5th row reads, the preimage of the complement is the same as the complement of the preimage intersected with the domain. In fact, for univalent \(R\), we also have \(\sim(R ⨾ S) = R ⨾ \sim S ∪ \sim(R ⨾ ⊤)\); e.g., the people who do “not (own an Audi car)” are exactly the people who “(own a non-Audi car) or do not(own any car)” —assuming a person can own at most one car.

  For a map \(f\), the 6th row becomes: \(f(A ∩ B) \;=\; f(A) ∩ f(B)\), using conventional direct image notation; i.e., for a function, the preimage of an intersection is the intersection of preimages.

  Likewise, for a map \(f\), we have the intersection of \(B\) with a function's image is the same as the image of an intersection involving the preimage of \(B\); i.e., \(f(A) ∩ B = f(A ∩ f^{-1}(B))\).

• Total: Every source value x is associated at least one target value y.

  	\(R\) is total
  =	∀ x • ∃ y • x 〔 R 〕 y
  =	\(⊤ = R ⨾ ⊤\) (“defined everywhere”)
  =	\(⊥ = \sim (R ⨾ ⊤)\)
  =	\(\Id ⊆ R ⨾ R ˘\)
  =	\(\sim R \;⊆\; R ⨾ \sim \Id\)
  =	\(∀ S • \sim (R ⨾ S) \;⊆\; R ⨾ \sim S\)
  =	\(∀ Q • Q ⨾ R = ⊥ ≡ Q = ⊥\)

  The formula \(\sim R \;⊆\; R ⨾ \sim \Id\) reads “If x is not R-related to y, then x is R/related to some element different from /y.” It continues to hold when we replace the identity by an arbitrary relation.

  The final formula says that \(R\) is post-annihilated by the empty relation only.

  • Note: \(\sim(R ⨾ ⊤) = ⊤ \;≡\; R = ⊥\), for any \(R\).

    The complement of a relation's domain is everything precisely when the relation is empty.

• Map (totally defined function): Every source value x is associated exactly one target value y.

  	\(F\) is a map
  =	\(F\) is total and univalent
  =	\(F ⨾ \sim \Id \;=\; \sim F\)
  =	\(∀ S • F ⨾ \sim S \;=\; \sim (F ⨾ S)\)

  The final rule says the preimage of the complement is the complement of the preimage; or, using conventional direct image notation, \(f⁻¹(\sim A) \;=\; \sim f⁻¹(A)\).

  In conventional direct image notation, this amount to a Galois connection: \(A ⊆ f⁻¹(B) \quad≡\quad f(A) ⊆ B\).

  A mapping is so very close to being invertible since mappings \(F\) always satisfy: \(F ˘ ⨾ F ⊆ \Id\) and \(\Id ⊆ F ⨾ F˘\).

  Shunting rule: If \(F\) is a map, then \[R ⊆ S ⨾ F ˘ \quad≡\quad R ⨾ F ⊆ S \]

  More generally, given an equivalence Ξ, if relation F is total and Ξ-univalent —i.e., F˘ ⨾ F ⊆ Ξ— and if S is Ξ-target-saturated —i.e., S ⨾ Ξ = S— then \(R ⊆ S ⨾ F ˘ \quad≡\quad R ⨾ F ⊆ S\).

• Surjective: Every source value y is associated at least one source value x.

  	\(R\) is surjective
  =	\(R˘\) is total
  =	\(⊤ ⨾ R = ⊤\)
  =	\(\Id ⊆ R ˘ ⨾ R\)
  =	\(\sim R \;⊆\; \sim \Id ⨾ R\)
  =	∀ S • R ⨾ S = ⊥ ≡ S = ⊥

• Injective: Every source value y is associated at most one source value x.

  	\(R\) is injective
  =	\(R˘\) is univalent
  =	\(R ⨾ R ˘ ⊆ \Id\)
  =	\(\sim \Id ⨾ R \;⊆\; \sim R\)

• Bijective: Every source value y is associated exactly one source value x.

  	\(R\) is bijective
  =	\(R\) is injective and surjective

• An iso is a bijective mapping, also known as a permutation.

• If \(R\) is finite, then \[ R ⨾ R ˘ = \Id \quad≡\quad (∃ m • Rᵐ = \Id ∧ Rᵐ⁻¹ = R ˘) \]

  For the nontrivial direction “⇒”, since \(X\) and \(Y\) are finite that means \(X ↔ Y\) is finite and so among all powers of \(R\), at least two coincide —by the pigeon-hole principle. Say, \(Rⁱ = Rʲ\) for some \(i > j\). Then

Hence, \(Rᵐ = \Id\) where \(m = i - j\).

Then, \(Rᵐ⁻¹ = Rᵐ⁻¹ ⨾ \Id = Rᵐ⁻¹ ⨾ R ⨾ R ˘ = Rᵐ ⨾ R˘ = \Id ⨾ R˘ = R˘\) ♥‿♥

Difunctional

This property generalises injectivity, univalence, and equivalence…

Recall,

• Univalent: Every source value x is associated at most one target value y.
  • I.e., if x goes to y and y′ then y = y′.
  • I.e., \(∀ x, y′, y •\quad x 〔R〕 y 〔R˘〕 x 〔R〕 y′ \;⇒\; y 〔\Id〕 y′\)
• Injective: Every source value y is associated at most one source value x.
  • I.e., if y comes from x and x′ then x = x′.
  • I.e., \(∀ x, x′, y •\quad x 〔R〕 y 〔R˘〕 x′ 〔R〕 y \;⇒\; x 〔\Id〕 x′\)
• Equivalence: Any given equivalence classes are either identical or disjoint.
  • Moreover, it is a homogenous relation.

Now, a possibly heterogenous relation R is difunctional exactly when \[ ∀ x, x′, y′, y •\quad x 〔R〕 y 〔R˘〕 x′ 〔R〕 y′ \;⇒\; x 〔R〕 y′ \] That is, \(R ⨾ R ˘ ⨾ R ⊆ R\); in-fact we have equality \(R ⨾ R ˘ ⨾ R = R\). Using Schröder, this amounts to \(R ⨾ ∼R ˘ ⨾ R \;⊆\; ∼R\).

Clearly, converse preserves difunctionality.

For difunctional R,

1. R ⨾ (Q ∩ R˘ ⨾ S) = R ⨾ Q ∩ R ⨾ R˘ ⨾ S
2. \(R ⨾ ∼(R ˘ ⨾ Q) \;=\; R ⨾ ⊤ ∩ ∼(R ⨾ R˘ Q)\)
3. \(∼(R ⨾ R ˘ ⨾ Q) \;=\; R ⨾ ∼(R˘ ⨾ Q) ∪ ∼(R ⨾ ⊤)\)
4. \(R ⨾ ∼(R ˘ ⨾ Q) \;=\; ∼(R ⨾ R˘ Q)\), if R is also total.

The equivalence target-saturation of a univalent relation is difunctional; i.e., if R is univalent and Ξ is an equivalence, then \(R ⨾ Ξ\) is difunctional.

Relations \(R\) that model ‘equality, similarity, indistinguishability’ are known as equivalence relations and they must satisfy the following properties which we expect of the notion of ‘similarity’:

• Reflexive: Everything is similar to itself

  \[∀ x •\; x 〔 R〕 x \]

• Symmetric: Being similar is a mutual relationship; if one thing is similar to the other, then the other should be similar to the first.

  \[∀ x, y •\; x 〔 R 〕 y ⇒ y 〔 R〕 x\]

• Transitive: Things similar to things that are similar, are themselves similar.

  \[∀ x, y, z • \; x 〔 R 〕 y 〔R 〕 z \,⇒\, x 〔R〕 z\]

For example, “2 + 3” and “5” are clearly *not the same*”: The first is a string of 3 symbols, whereas the latter is a string of a single symbol. However, they are equivalent when we evaluate them and so we want to pretend they are the same, not by using equality, but by using an equivalence relation. ( This example is continued when we discuss transitive closures. )

These kinds of relations occur all the time in real life. E.g., the relation “same zodiac sign” is an equivalence relation. As such, “I'm looking for a Leo” means anyone who has the Leo zodiac sign is “good enough” —all such people are essentially ‘indefatigable’ since their distinguishing feature, at the moment, is their zodiac sing.

Generalising the previous two examples, “sharing the same feature 𝒇” is an equivalence relation. That is, if \(f : A → B\) is a function, then \(\sim_f\) is an equivalence relation defined by \(a₁ \sim_f a₂ \;≡\; f(a₁) = f(a₂)\). In databases, one uses essentially this idea: “Two tables are the same if the have the same primary keys.”

\[\def\ker{\mathsf{ker}\,} \]

Modulo Arithmetic captures the idea that numbers “are equal” if we consider not a ‘number line’ but instead a ‘number circle’ —e.g., on a usual clock, 24 O'clock is the same as 12 PM, and 13 O'clock is the same as 1PM; likewise, 48 O'clock lands on the same spot on the clock face as does 24 and 12 and 0.

Modulo equivalence: \(a =_m b \;≡\; (∃ k : ℤ • a - b = m · k)\).

( Notice that \(a =_m b \;≡\; m ∣ (a - b)\); one says “\(a\) is the same as \(b\) modulo \(m\)”. )

The required properties of an equivalence relation are independent: None imply any other. E.g., define \(R : ℤ ↔ ℤ\) by a 〔 R 〕b ≡ a · b >= 0, then this is a reflexive and symmetric relation, but is not transitive: \(-2 〔R〕 0 〔R〕 7\) but we do not have \(-2 〔R〕 7\).

Likewise, many orders are reflexive and transitive, but not symmetric. E.g., divisibility ‘∣’.

Likewise, “being 4 units apart” is reflexive and symmetric, but not transitive. —where \(a 〔 R〕 b \;≡\; |a - b| ≤ 4\).

Let \(Ξ : A ↔ A\) be an equivalence relation, given any value \(x\), let \[ [x]_Ξ \;=\; \{ y \;❙\; x 〔 Ξ 〕 y \} \] This set is known as an equivalence class (Ξ-class) of the equivalence relation Ξ determined by \(x\).

That is, \([x]_Ξ\) is the set of all things that are ‘Ξ-indistinguishable’ from \(x\).

By Ξ-reflexivity, the Ξ-classes are never empty — \([x]_Ξ ≠ ∅\) — and, by Ξ-symmetry and Ξ-transitivity, we have that “class membership and class equality coincide” — \(a ∈ [b]_Ξ ≡ [a]_Ξ = [b]_Ξ\) — and this property shows that equivalence relations really do capture equality “up to a perspective by Ξ”. The previous two properties show that the classes are disjoint — \([a]_Ξ = [b]_Ξ \;≢\; [a]_Ξ ∩ [b]_Ξ = ∅\) — and the domain of discourse is covered by all of the equivalence classes — \(A = (∪ a : A \;❙\; [a]_Ξ)\). The last two properties together says that the equivalence classes partition the entire universe: Every member of the universe belongs to exactly one class.

( Indeed, each member \(x\) belongs only to class \([x]_Ξ\) and indistinguishable members belong to the same class! )

Formally, a partition of a non-empty set S is a division of S into non-intersecting non-empty subsets; i.e., \(P : ℙ S\) partitions \(S\) iff \(S = (∪ X \;❙\; X ∈ P • X)\) and \(∀ X, Y \;❙\; X ∈ P ∧ Y ∈ P • X = Y ≢ X ∩ Y = ∅\) —whence \((∀ X \;❙\; X ∈ P • X ≠ ∅)\).

E.g., the sets of even and odd integers partition all of the integers ℤ; likewise the negatives and the non-negatives partition ℤ; finally the singletons \(P = \{n : ℤ \;❙\; \{n\} \}\) also partition all of ℤ. ( The last example is an instance of equivalence classes partitioning a universe, where \([x]_Ξ = \{x\}\) … Ξ is the identity (equality) relation! )

An interesting example is the modular arithmetic equivalence relation. E.g., \(ℤ = [0]_{=₃} ∪ [1]_{=₃} ∪ [2]_{=₃}\). More generally, \(ℤ = (∪ i \;❙\; i < m • [i]_{=ₘ})\).

Surprisingly, equivalence relations in fact coincide with partitions! Indeed, given a way —a ‘class system’— to split up the universe, we can declare two members to be ‘indistinguishable’ precisely when they belong to the same class. That is, if \(P\) partitions \(A\), then \(Ξ_P\) is an equivalence relation which is defined by \(x 〔Ξ_P〕 y \;≡\; (∃ C \;❙\; C ∈ P • x ∈ C \,∧\, y ∈ C)\); moreover, the equivalence classes of \(Ξ_P\) are \(P\)!

Hence, we can model ‘indistinguishability’ by either equivalence relations or by partitions —same thing, but different representations.

Practically, this means that to determine all the equivalence relations on a set it suffices to determine the partitions only, which is far more straightforward to do! E.g., to determine the equivalence relations on 1..3, we find that there are exactly five partitions: The singletons, the entire universe, and {{1}, {2, 3}}, {{2}, {1, 3}}, and {{3}, {1, 2}}. From these we compute the associated relations.

Notice:

• If \(P = \{x \;❙\; \{x\}\}\) is the singletons partition, then \(Ξ_P = \Id\).
• If \(P = \{ A \}\) is the partition consisting of the entire universe, then \(Ξ_P = ⊤\).

Since transitivity is not preserved by intersections, neither are equivalence relations. However, equivalence relations are preserved by union.

Given an ordered set (τ, ⊑), let φ be any property; i.e., a predicate τ → 𝔹.

Sometimes a member does not have the property φ, but we can “add to it just enough” so that φ will then hold.

Definition: Say \(\bar{q}\) is the φ-closure of \(q\) precisely when \(\bar{q}\) is the smallest member that includes \(q\) and satisfies φ. Clearly, if \(q\) satisfies φ then its closure is just itself: \(\bar{q}= q\).

• Formally, \(φ(\bar{q}) \;∧\; q ⊑ \bar{q} \;∧\; ∀ p • φ(p) \,∧\, q ⊑ p ⇒ \bar{q} ⊑ p\)

  Equivalently, we have the following characterisation:

  \[φ(\bar{q}) \;∧\; ∀ p \;❙\; φ(p) • \bar{q} ⊑ p ≡ q ⊑ p\]

• \(\bar{q} \;=\; (⊓ p \;❙\; q ⊑ p \,∧\, φ(p))\), provided both sides exist.

  This reads like the definition:

  The closure of q is the minimal element containing q and satisfying φ!

  Notice that this meet/infimum has a descriptive character as it is the meet of all members in question, but it does not offer a constructive formulation and indeed sometimes closures simply do not exist.

• The φ-closure of a value is the result of ‘making it increasingly more Φ’.

For example, the reflexive closure of a relation \(R\) is obtained “by adding in just enough elements to make the result reflexive”; i.e., the closure is \(\Id ∪ R\).

• Indeed, a relation is reflexive precisely when \(\Id ⊆ R\), but inclusions can be expressed as unions and so this is the same as \(\Id ∪ R = R\)! Super simple fun stuff!

For example, the symmetric closure of a relation \(R\) is obtained “by adding in just enough elements to make the result symmetric”; i.e., the closure is \(R˘ ∪ R\).

• Same reasoning as reflexive closure.

Now, most interestingly, the transitive closure. A relation \(S\) is transitive whenever a path can be shortened (but non-empty), \(S ⨾ S ⊆ S\). As such, for a relation \(S\) to be the transitive closure of \(R\), we need \(R ⊆ S\) and \(S ⨾ S ⊆ S\), but combining these two means we need to have \(R ⨾ R ⊆ S\), hence we need to have \(R^1 ⊆ S\) and \(R² ⊆ S\), but this means we have \(R³ = R ⨾ R² ⊆ S ⨾ S ⊆ S\), and in general, (by induction), \(Rⁿ⁺¹ ⊆ S\) for all \(n : ℕ\). Indeed, the transitive closure of \(R\) is the relation \[R⁺ \;=\; (∪ n : ℕ \;❙\; Rⁿ⁺¹) \]

Likewise, the reflexive transitive closure of \(R\) is the relation \[R^* \;=\; Id ∪ R⁺ \;=\; (∪ n : ℕ \;❙\; Rⁿ) \]

( This union, suprema, exists since relations form a complete Boolean lattice. )

When \(a 〔Rⁿ〕 b\), one says there is a path of length n from ‘a’ to ‘b’.

Even though \(R^*\) is defined by an infinite union, when the relation is over a finite set, then a finite union suffices. Intuitively, if there are only \(m = ♯A\) nodes, then any path of greater length must visit one of the nodes at least twice, that is the path looks like \(a 〔Rⁱ〕 c 〔Rʲ〕 c 〔Rᵏ〕 b\), but we can just ‘cut out’ the redundant circling around ‘c’ to obtain the path \(a 〔Rⁱ〕 c 〔Rᵏ〕 b\). Now if this path is still greater than \(m\), then there is a further circle to cut out and we repeat the process; otherwise, we are done. That is, \[ R^* \;=\; (∪ n : ℕ \;❙\; n ≤ ♯A • Rⁿ) \text{ provided } R : A ↔ A \text { and $A$ is finite }\]

The same pigeon-hole reasoning lets us conclude: If R is a finite relation on n elements, then Rⁿ ⊆ (Id ∪ R)ⁿ⁻¹.

Finally, we may get an equivalence relation from an arbitrary relation! The equivalence closure of a relation \(R\) is the smallest equivalence that contains \(R\), and this happens to be the symmetric reflexive transitive closure \((R ∪ R)^*\) —i.e., we throw in all the closures of the properties required of an equivalence relation.

That is, only one of them needs to be proven using quantifiers and dummy variables, and then it can be used to prove the rest using only relation-algebraic reasoning —i.e., without resorting to “unfolding ‘⊆’ or ‘⨾’ into quantifiers.”

Proofs not involving quantifiers are usually shorter and more transparent, hence also easier to check and more capable of being performed by a machine.

Just as contraposition and shunting give us \(p ∧ q ⇒ r \quad≡\quad p ∧ ¬ r ⇒ ¬ q\), we have for relations:

The Schröder Equivalences speak about containing a composition; in contrast, by Dedekind, we have the following technique for showing when a composition contains another relation. \[Q ⊆ R ⨾ S \quad⇐\quad ∃ X • X ⊆ S ∧ Q ⊆ ⊤ ⨾ X ∧ Q ⨾ X˘ ⊆ R \]

In the presence of complements, we can replace converse by residuals since \(\sim R ╱ \sim \Id = \sim(\sim \sim \Id ⨾ \sim R ˘) = \sim \sim R ˘ = R ˘\).

The residual \(R ╲ S\) is the greatest of all relations \(X\) with \(R ⨾ X ⊆ S\):

\[R ⨾ X ⊆ S \quad≡\quad X ⊆ R ╲ S \]

In particular, this means we have a Galois Connection and so we have numerous properties, including the ‘absorption theorem’ \(R ⨾ (R ╲ (R ⨾ X)) = R ⨾ X\).

Equivalently, \[ a〔R ╲ S〕 c \quad≡\quad (∀ x • x 〔R〕 a ⇒ x 〔S〕 c) \]

As matrices, this says the a-th column of \(R\) is pointwise contained in the c-th column of \(S\).

Reading “╲” as an implication, then \(a 〔R ╲ S〕 c\) can be read as “whenever R-gets us to a then S-gets us to c.” Indeed, \(a 〔R ╲ S〕 c \quad≡\quad R˘⦇\{a\}⦈ ⊆ S˘⦇\{c\}⦈\).

As graphs, suppose we draw R in red and draw S in purple, then we draw, say, a blue arrow \(a ⟶ c\) precisely when every red predecessor of \(a\) is also a purple predecessor of \(c\).

• a 〔R ╲ S〕 c   ≡   (∀ x • x 〔R〕 a  ⇒ x 〔S〕 c )

  ★ Every R-path to ‘a’, if any, has a corresponding S-path to ‘c’ ★

• We get the red, by dividing-out the blue from the purple.

    digraph{
   label="(Completing the triangle by)\n Dividing the purple by the red to get the blue\n(  red ⨾ blue  ⊆  purple  )"
   ⋯ [style=filled];
   ⋯ -> {c} [color=purple, style=dashed, label=S]
   ⋯ -> {c} [color=purple, style=dashed]
   ⋯ -> {c} [color=purple, style=dashed]
   ⋯ -> {a} [color=red, style=dotted]
   ⋯ -> {a} [color=red, style=dotted, label="R"]
   a -> c [color = blue, label = R╲S]
   }
 

There has to be “more purple than red in order to get blue”; in particular, when there is no red, we can still get blue.

That is, when every purple path could instead take a red detour , then we complete the detour with a blue road so as to end at the purple path ; when there is no possible detour, we

If we can ever get to a pit-stop along a path , then we can complete the journey from the pit-stop to the intended destination.

    digraph{
   1; 2; 3; 4; A; C; F; D; E; B;

   {B, A} -> 1 [color = blue]
   C -> {1, 2} [color = blue]
   F -> 4 [color = blue]

{D} -> {1, 2, 3, 4} [color=blue]

α, β, γ, δ [style=filled];

α -> {1, 4} [color=purple, style=dashed]
α -> {A, B} [color=red, style=dotted]

γ -> {1, 2} [color=purple, style=dashed]
γ -> {C, E,B} [color=red, style=dotted]

β -> {1, 2} [color=purple, style=dashed]
β -> {A, C, B} [color=red, style=dotted]

δ -> {4} [color=purple, style=dashed]
δ -> {F, E} [color=red, style=dotted]
;
label="“Red R” ⨾ “Blue R╲S”  ⊆  “Purple S”
       Walking red then blue, can always be done in one go as purple (•̀ᴗ•́)و
       Moreover, this is the most possible (letters-to-numbers) blue with this property!"
}
 

Notice that we do not have E ⟶ 4 since there are some ways to get to E but not to get to 4.

( Moreover, notice that we have D ⟶ 3 even though D is not reachable via any red or purple; which is fine since we want the most blue with the stated property. However, if our relations are finite, with infinite point sets, then their residuals would become infinite relations; to avoid this (e.g., for computer implementations), one can insist on drawing blue only from reachable elements thereby obtaining \(\mathsf{ran}\, R ⨾ (R ╲ S)\), for a relational definition of ‘range’ —the resulting operation is known as a restricted residual. See here for more. )

Notice that division internalises inclusion: \(R ⊆ S \quad≡\quad \Id ⊆ R ╲ S\).

    digraph{
   1; 2; 3; 4;
α, β, γ, δ [style=filled];

// 3 [pos="9,9!"];

// 45 [style=invisible]
// 45 -> 4, 1, 2, 3 [color = cyan, style=invisible]
// δ -> α [style = invisible]

α -> {1, 4} [color=purple, style=dashed]
β -> {1, 2} [color=purple, style=dashed]
γ -> {1, 2} [color=purple, style=dashed]
δ -> {4} [color=purple, style=dashed]

1 -> 1 [color = cyan]
2 -> 2, 1 [color = cyan]
3 -> 1,2,3,4 [color = cyan]
4 -> 4 [color = cyan]


;
label="“Purple S” ⨾ “Cyan S╲S”  ⊆  “Purple S”
               Walking purple then cyan, can always be done in one go as purple (•̀ᴗ•́)و
               Moreover, this is the most possible cyan (among numbers) with this property!
               ( Self-division cyan is always a preorder. )"
}
 

As mentioned in the example, it can be proven that \(S ╲ S\) is always a preorder; moreover, \(P\) is preorder precisely when \(P ╲ P = P\) and this is known as “inclusion from below”.

• \(≤ ╲ ≤ \;=\; ≤\)
• \(Ξ ╲ Ξ \;=\; Ξ\) for any equivalence Ξ —including equality ‘=’.
• \(∈ ╲ ∈ \;=\; ⊆\)
• \(∈ ╲ S : ℙ X ↔ Y\) relates a set \(A : ℙ X\) to all of its \(S : X ↔ Y\) shared successors; it is related to what is called a “polar”.
  • E.g., \(∈ ╲ ≤\) relates sets to their upper bounds.

For \(f, g\) functions, \(a (f ╲ g) c \;≡\; ∀ x • f(x) = a ⇒ g(x) = c\); i.e., the inputs f-yielding \(a\) are g-yield \(c\). That is, things with f-feature ‘a’ also have g-feature ‘c’ —if we think of functions as projecting, exposing, features (which they do!).

Suppose \(R\) is a relation between objects and their properties. Then two particularly common questions arise whenever has a subset \(A\) of objects —or a subset \(B\) of properties:

Each is formulated as A〔∈╲R〕? and B〔∈╲R˘〕? with unknowns ? .

The operations \(Λ(∈╲R)\) and \(Λ(∈╲R˘)\) are then known as the upper (resp. lower) bound cone functionals or polars.

• For a relation \(R : X ↔Y\), its power transpose is the function \(ΛR : X → ℙ Y\) that sends each source value to the set of its associated target values: \(ΛR(x) = \{y ❙ x 〔R〕 y\}\).

In case it's not clear, since S╲S is a preorder for any S, we can (pre)order things according to _any_ relation we want morever, S╲S ∩ (S╲S)˘ is then the largest equivalence contained in that (pre)order .

In-fact, since it is such a commonly occurring event, it has its own name, the symmetric quotient of R and S is \[ R ╳ S \quad=\quad R╲S ∩ (R ╲ S)˘ \] Symmetric quotients give us a form of extensionality: \[x 〔R ╳ S〕 y \quad≡\quad (∀ z • z 〔R〕 x \;≡\; z 〔S〕 y)\]

Examples:

• Relations, in contrast to functions, are mainly introduced in order to assign not precisely one result but a —possibly empty— set of results, so that they are often conceived as set-valued functions.

  • \(ΛS \;=\; S ˘ ╳ ∈\) relates an element to its set of S-successors; this is known as “the power transpose” mapping. Note that \(Λ : (X ↔ Y) → X → ℙ Y\).

    This is just set comprehension concerning the set assigned to an argument: \(ΛS(x) \;=\; \{ y \,❙\, x 〔S〕 y\}\).

    Λ is uniquely characterised by: For any mapping f, and any relation R, \(\quad f = ΛR \quad≡\quad f⨾∈˘ = R\).

    Due to typing reasons, the power transpose cannot preserve composition. However, we do have \(Λ(R) ⨾ \mathsf{E}(S) \;=\; Λ(R ⨾ S)\) where E is the existential image mapping.

  • \(\mathsf{E}\, S \;=\; (S˘⨾∈) × ∈\) relates a set of elements to their set of images; it is known as “the existential image” mapping. Note that \(\mathsf{E} : (X ↔ Y) → ℙ X → ℙ Y\).

    As the name suggests, for every constituent of the result, there exists an argument for which it is the image. Or, using unions: \(\mathsf{E}S(A) \;=\; (∪ x \,❙\, x ∈ A • ΛS(x)) \;=\; \{ y \,❙\, (∃ x \,❙\, x ∈ A • x〔S〕 y) \}\). ( In Z notation, this is known as the relational image and denoted S⦇A⦈ = E S A. )

    \(\mathsf{E}\) preserves composition and identity, and it ‘represents’ its argument: \(∈˘ ⨾ R \;=\; \mathsf{E}\,R ⨾ ∈ ˘\).

• \(∈ ╳ ∼∈\) relates a set to its complement
• \(\Id ╳ ∈\) wraps a value as a singleton set

• \(∈ ╳ ∈ = \Id\) —this is set extensionality

  The relation ∈ ╳ S is always surjective, and S = ∈ ⨾ (∈ ╳ S) whereas ∼S = ∉ ⨾ (∈ ╳ S).

Then, \(P\) is an order precisely when \(P ╲ P = P\) and \(\Id \;=\; P ╳ P\) —this is known as “indirect equality”.

• More generally, \(\Id \;⊆\; S ╳ S\) and, S is antisymmetric ≡ \(S ╳ S \;⊆\; \Id\).

  Moreover, Ξ is an equivalence exactly when Ξ = Ξ ╳ Ξ.

• R injective ≡ R ⊆ R ╳ Id; i.e., if R associates x with y, then the R preimage of y are exactly x.
  • R injective ⇔ R ⨾ R ˘ ⊆ Id ⇔ R ˘ ⊆ R ╲ Id; i.e., “if y is the image of x, then every preimage of y must coincide with x”.

Finally, with residuals we can lift De Morgan's rule to the pure relational language —since the negation flips the ∃ of ⨾ with the ∀ of ╲— \[ \sim(R ⨾ S) \quad=\quad R ˘ ╲ \sim S \] \[ \sim(R ╲ S) \quad=\quad R ˘ ⨾ \sim S \]

For example, we can use these rules to rephrase what it means to be total.

Residuals are the tool to translate universal quantifications into (complement-free) relation-algebraic formulae.

To solve many problems dealing with directed graphs efficiently we need to visit the vertices and arcs of a directed graph in a systematic fashion. Depth-first search, a generalisation of the preorder traversal of a tree, is one important technique for doing so. Depth-first search can serve as a skeleton around which many other efficient graph algorithms can be built.

 {- An array ‘mark’, to determine whether a vertex has been previously visited,
   needs to be in scope, and we update that array. -}
procedure dfs (vertex x):
  mark[x] := visited
  for each vertex y adjacent to x:
     if mark[y] = unvisited then dfs(y)
 

 for each vertex x: mark[x] := unvisited
for each vertex x: if mark[x] = unvisited
                   then dfs(x)
                   {- Do an action on ‘x’ before/after the search -}
 

Below is an implementation and use of DFS in Lisp. Notice that we visit the deeper nodes first –i.e., we go leftmost, in this particular case, and so very reminiscent of in-order tree traversal from Ex12.

Above obtained from folowing snippet without "shuffle".

Note that if we coloured the visited nodes after doing dfs at each vertex, then the colouring would be “backwards”: I.e., we colour the very final visted node, then the one before it, then the one before that, etc.

Above obtained from folowing snippet without "shuffle" and with :post instead of :pre.

The DFS began at any node, so we could start at, say, G.

Moreover, the way we draw a graph does not really matter: We can move the nodes up or down and make the arrows longer or shorter —that is, the topology of a graph does not matter much except for giving possibly nicer visitations. So, let's draw the above graph differently and, again the DFS may begin at any node, so we could start at, say, D.

Below is a 7-line implementation of DFS and an example usage in Lisp.

 (defun shuffle (xs) (sort xs (lambda (x y) (= 0 (random 2)))))

;; Super simple DFS graph traversal WITH an pre- and post- actions.
(cl-defun dfs (G xx &key (pre #'identity) (post #'identity))
  (set-vertex-data G xx :visited? t)
  (funcall pre xx)
  (loop for y in (successors G xx)
        do (when  (not (get-vertex-data G y :visited?))
             (dfs G y :pre pre :post post)))
  (funcall post xx))

;; Actually using DFS
(let ((G (shuffle '( (E :to (F G)) (F :to (B)) (B :to (D C)) (C :to (A)) (A :to (B)) (D :to (A C)) (G :to (F D)))))
      step-by-step)
  ;; Not needed since absent keys have default value ‘nil’
  ;; (loop for (node . nbrs) in G do (set-vertex-data G node  :visited? nil))
  (loop for (node . data) in G
        when (not (get-vertex-data G node :visited?))
        do
        (dfs G node :pre (lambda (n) (set-vertex-data G n :node-color 'red)
                      (set-vertex-data G n :edge-color 'red)
                      (push (show-graph G :file (format "images/DFS-generalises-inorder-shuffle-3-%s.png" n)) step-by-step))))
  (reverse step-by-step))
 

A directed cyclic graph, or dag for short, is a directed graph with no cycles. Measured in terms of the relationships they can represent, dags are more general than trees but less general than arbitrary directed graphs.

Among other things, dags can be useful in representing the syntactic structure of arithmetic expressions with common subexpressions. For example, the dag below shows how a subexpression can be shared —which is represented as a vertex with more than one incoming arc.

 ;; DAG, but not a tree due the diamond.
(show-graph '((* + /) (+ a b) (/ + c))
            :file "images/dags-allow-sharing.png"
            :text "(a + b) * ( (a + b) / c) \n ⟅ The subexpression “a + b” is shared! ⟆")
 

Dags are also useful in representing partial orders –or to portray them graphically. That is, if \(R\) is an order on a set \(N\), then \((S, R - \Id)\) is a dag; conversely, if \((S, R)\) is a dag then \(R^*\) is an order on \(S\) —where \(a 〔R^*〕b\) precisely when there is a path from \(a\) to \(b\). Below is a dag whose reflexive-transitive closure gives the properer containment on the power set \(ℙ(1..3)\).

 (show-graph '( ("{1, 2, 3}" "{1, 2}" "{1, 3}" "{2, 3}")
               ("{1, 2}"  "{1}" "{2}")
               ("{2, 3}"  "{2}" "{3}")
               ("{1, 3}"  "{1}" "{3}")
               ("{1}" "∅")
               ("{2}" "∅")
               ("{3}" "∅"))
            :file "images/power-fin3-order.png")
 

A large project is often divided into a collection of smaller tasks, some of which have to be performed in certain specified orders so that we may complete the entire project. for example, a university curriculum may have courses that require other courses as prerequisites. Dags can be used to model such situations naturally. For example, we would have an arc from course \(C\) to course \(D\) if \(C\) is a prerequiste for \(D\).

Below, for instance, is a dag giving a preresuiste structure on five courses. Course C3, for example, requires courses C1 and C2 as prerequisites.

Topological sort is a process of assigning a linear ordering to the vertices of a dag so that if there is an arc from vertex \(i\) to vertex \(j\), then \(i\) appears before \(j\) in the linear ordering. The following example sequences are all topological sorts of the above dag since taking courses in any of those sequences would satisfy the prerequiste structure of the dag.

If we write ‘⟶’ for the directed adjacency relation of the graph, then topological sort produces a sequence \(xs\) such that \[ i ⟶^* j \quad⇒\quad “\; i\text{'s position in } xs \;” \;≤\; “\;j\text{'s position in } xs\;”\]

That is, the partial order ‘\(⟶^*\)’ is extended to a linear order ‘≤’.

Notice that topological sort is easily accomplished by adding a statement to keep track of the nodes after each stage of the dfs, thereby accumulating in reverse topological order all vertices of a dag accessible from ‘whatever starting node is used’ by a path in the dag.

 (let ((G (shuffle '( (C1 :to (C3)) (C3 :to (C5)) (C2 :to (C3 C4)) (C4 :to (C5)) (C5 :to (nil)))))
      step-by-step)
  ;; Not needed since absent keys have default value ‘nil’
  ;; (loop for (node . nbrs) in G do (set-vertex-data G x :visited? nil))
  (loop for (node . data) in G
        if (not (get-vertex-data G node :visited?))
        do (dfs G node :post (lambda (n) (push n step-by-step))))
   (cons (show-graph G :file "images/top-sort.png") step-by-step))
 

That is, topological sort is a constructive proof of the following theorem…

Theorem: Every partial order can be extended to a linear order.

 (cl-defun rndm-graph (N &key (no-isolated-nodes t))
  (-let [G (mapcar #'list (number-sequence 1 N))]
    (loop for x from 1 to N
          do (if (= 0 (random 2))
                 nil ;; 0 = forever alone
             (loop for y from 1 to N
                   do (case (random 3)
                        (0 nil) ;; not related to y
                        ;; The unless checks are to avoid multirelations, non-simple graphs
                        (1 (push y (cdr (assoc x G))))
                        (2 (push x (cdr (assoc y G))))))))
    ;; Ensure there's no isolated nodes, thereby more likely to be connected
    (when no-isolated-nodes
      (loop for x from 1 to N
            for y = (elt (remove x (number-sequence 1 N)) (random (1- N)))
            do (unless (remove x (-concat (predecessors G x) (successors G x)))
                 (case (random 2)
                   (0  (push x (cdr (assoc y G))))
                   (1  (push y (cdr (assoc x G))))))))
      G))

; (show-graph (rndm-graph 7))
 

 (defun prop (R n)
  "Check if R : 1..n ↔ 1..n has certain properties.
Returns an alist, not a plist, of properties."
  (let (tot uni inj surj conn)
    (map-apply ;; yields alists!
     (lambda (key val) (cons key (if val "Yes" "No")))
     (list
      ;; total: Every x is related to at least 1 y.
      :total      (-all? (lambda (i) (>= (length (successors R i)) 1)) (number-sequence 1 n))
      ;; univalent: Every x is related to at most 1 y.
      :univalent  (-all? (lambda (i) (<= (length (successors R i)) 1)) (number-sequence 1 n))
      ;; injective: Every y is related to at most 1 x.
      :injective  (-all? (lambda (i) (<= (length (predecessors R i)) 1)) (number-sequence 1 n))
      ;; surjective: Every y is related to at least 1 x.
      :surjective (-all? (lambda (i) (>= (length (predecessors R i)) 1)) (number-sequence 1 n))))))
 

 (loop for c from 0 to 200
      for N = (+ 3 (random 4))
      for G = (rndm-graph N)
      concat
      (-let [(&alist :total :univalent :injective :surjective)
             (prop G N)]
        (concat (format "\n@@html: 
@@ link-here:practice-graph-%s @@html: Practice Graph ♯ %s @@\n\n" c c)
                (show-graph G :file (format "images/practice_graph_%s.png" c))
                "\n#+begin_spoiler \n"
                (format (s-collapse-whitespace
                         "total: ((%s)); univalent: ((%s));
                         injective: ((%s)); surjective: ((%s))")
                         total univalent injective surjective)
                "\n#+end_spoiler \n")))
 

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: Yes ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: Yes ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: Yes ; Injective: Yes ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: Yes ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: Yes ; Injective: Yes ; Surjective: No

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: Yes ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: Yes ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: Yes ; Surjective: No

Total: Yes ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: Yes ; Surjective: Yes

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: Yes

Total: Yes ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: Yes ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: Yes ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No

Total: No ; Univalent: No ; Injective: No ; Surjective: No