2.3.2. Sound and safe rules

We have rules to close gaps only in cases where the argument associated with the gap is valid, and we have seen that the argument associated with a dead-end open gap is not (formally) valid. But what does this imply concerning the ultimate argument of a derivation, the one for which it was initially constructed? Ideally, the ultimate argument should be valid if all gaps eventually close and invalid if at least one gap reaches a dead end without closing. And, indeed, this is the case because of the connections between the rules for developing a derivations and the principles of entailment.

We will look in a little more detail at this connection and its consequences. In doing so, it will help to have some ways of talking about the relations between gaps at various stages of the development of a derivation. We can think of gaps as forming a tree that grows to the right and branches when a rule like Cnj leads us to develop a gap by dividing it into two or more new gaps. We will use the metaphor of a family tree and say that any gap that results from applying a rule is a child of the gap to which the rule is applied and that the latter gap is its parent. It will be convenient to apply the same terminology to gaps that continue unchanged while others develop: a gap at one stage that is open but unchanged at the next stage is understood to have a single child. Looking farther up or down a line of descent, we will say that some gaps are ancestors or descendants of others. In this terminology, the initial gap of a derivation is an ancestor of all gaps of all gaps at each later stage in its development; and they are all its descendants. Only open gaps will be part of these genealogies, so a gap that is closed at the next stage of its development has no children. Dead-end open gaps continue to have children if the derivation is continued at later stages (remember it need not be); they have reached a dead end in the sense that these children are always identical to their parents.

If we look at the relation between a gap to which the rule Cnj is applied and the children that result from applying it, we see that the law for conjunction as a conclusion tells that the proximate argument of the parent is valid if and only if the proximate arguments of both children are valid. And something analogous holds for the rule Ext and the law for conjunction as a premise. We can say something similar about rules that close gaps provided we understand a claim about each child of a gap that has no children to be true simply because there are no child to serve as a counterexample. That is, a gap to which ENV or EFQ applies has a valid proximate argument if and only if each of its children does because the gap to which the rule is applied has a valid proximate argument and it has no children. The same is true for QED when it is used to close a gap whose goal is among its active resources. We allow QED to be used also to close gaps whose goals are among their available but inactive resources, so a little more argument is needed in its case; but we will consider that later. For now, we will assume that QED is applied only in cases where the goal is among the active resources; and, in these cases, the law for premises tells us the proximate argument is valid. Finally, in the case of open gaps that remain unchanged as rules are applied elsewhere the proximate argument of the parent is the same as the proximate argument of the child so certainly one of these arguments is valid if and only if the other is.

Putting this all together, we see that the ultimate argument of a derivation is valid if and only if, at every stage of its development, every one of its descendants has a valid proximate argument. And two things follow from this. If there is any stage when an argument has no descendants—that is, any stage when all gaps have closed—we can say for sure that each of its descendants has a valid argument—because there is none that does not. So, if all gaps of a derivation close, we can be sure that the ultimate argument of the derivation is valid. On the other hand, if a dead-end open gap appears, the initial gap has a descendant whose proximate argument is not valid, and its own proximate argument is therefore invalid. So, if a dead-end open gap appears, the ultimate argument of a derivation is invalid. That is, we have shown both that the ultimate argument of a derivation is valid if all gaps close and that it is invalid if there is at least one open gap.

Now, an argument is valid (and formal validity is what is in question here) if and only if there is no extensional interpretation that divides its premises from its conclusion. So principles that tie the validity of proximate arguments at some stages in the development of a derivation to the validity of proximate arguments at other stages at the same time tie the existence of dividing interpretations at different stages. In fact, we can state stronger principles that say not merely that the existence and non-existence of dividing interpretations is preserved as we develop a derivation but indeed that any dividing interpretations are themselves preserved.

R is (utterly) sound when an (extensional) interpretation divides a gap to which the rule R is applied only if it divides some child of the gap
R is safe when an (extensional) interpretation divides a gap to which the rule R is applied if it divides some child of the gap

When a rule is utterly sound we never lose any open-gap-dividing interpretations as we apply the rule and, when it is safe, we never gain any. The reason for the qualification utterly will be discussed later, and we will suppress its use in the meantime.

These two properties do not have the same significance. If any rule were unsound, all gaps of a derivation might close even though the original argument was invalid. This would undermine the central function of proofs: to establish validity. An unsafe rule would analogously undermine the use of derivations to establish invalidity because it would introduce the possibility that a derivation for a valid argument could produce a dead-end open gap. But the role of derivations in establishing invalidity is less central, and its full use depends also on a property (discussed in 2.3.4) that will fail for the systems of the last two chapters. So soundness is more fundamental than safety.

Moreover, moves corresponding to unsafe rules are an important part of explicit deductive reasoning. For example, a natural approach when we seek a way to prove a mathematical result is to introduce a lemma (in the sense is discussed in 1.4.7) as a stepping stone to a final result. If the lemma represents a significant step beyond the premises, it may be no more obviously a valid conclusion from the premises than is the final conclusion we hope to establish. The introduction of such a lemma can be described as a conjecture, and this conjecture may be wrong: the lemma may not be a valid conclusion from our premises even when the final conclusion is valid. In short, by seeking to reach our conclusion by way of this lemma, we may be entering a blind alley. This is just the sort of thing that would appear in the context of derivations as a dead-end open gap in a derivation whose initial argument is valid. Conjecturing a lemma can be thought of as a step in discovering a proof that is valuable but unsafe.

Our interest in deductive reasoning is somewhat different from a mathematicians’. We are not aiming not at new and surprising conclusions but instead at fuller understanding of the steps by which deductive conclusions are reached. Consequently, we will not be considering the large deductive steps for which conjecturing lemmas is the only practical approach. We will make use of lemmas—and we will look at rules for doing so in 2.4—but the chief value of lemmas for us lies in a restricted range of cases where we can be sure that they are safe.

Earlier, we set aside uses of QED in which the goal of the gap we close is among the available resources of the gap but not among the active ones. To discuss such uses of QED, we need to consider the property of soundness more closely. The reason for the qualification utter used earlier lies in the difference between the property stated above and the following property:

R is (minimally) sound when an (extensional) interpretation divides a gap to which the rule R is applied and all ancestors of this gap only if it divides some child of the gap

The difference lies in the added phrase and all ancestors of this gap. The addition makes minimal soundness apparently weaker than utter soundness because, for minimal soundness, we do not ask that an interpretation divide a child gap unless it divides not only the parent gap but also all ancestors. One reason for parenthesizing the qualifications utterly and minimally in the names of the two properties is that, when all rules are safe, a rule that is minimally sound is also utterly sound. For, when all rules are safe, an interpretation that divides a gap will also divide all its ancestors. When there is a difference between the two sorts of soundness, it lies in their handling of the spurious dividing interpretations introduced by unsafe rules: with an utterly sound rule, such interpretations will continue to divide descendants while, with a minimally sound rule, they might not.

And the reason for calling the second property minimal soundness is that, even when not all rules are safe, minimal soundness is enough to insure that the ultimate argument of a derivation is valid whenever all gaps close. For if all rules are minimally sound, we can be sure that any interpretation that divides a gap and all its ancestors will divide some child and all ancestors of this child (since these are just the parent and its ancestors). But any interpretation that divides the ultimate argument of a derivation also divides any ancestor (since it has none), so, if all rules are minimally sound, this interpretation will also divide some child and all its ancestors—and so on. That is, as with utter soundness, when all rules are minimally sound, an interpretation that divides the ultimate argument must divide some descendant at each stage; therefore, if all gaps close, there can be no interpretation dividing the ultimate argument.

Now, for a rule that closes gaps to be minimally sound, it is enough that is closes a gap only when there is no extensional interpretation that makes the goal of the gap false while making its active resources and the active resources of all its ancestors true. That is, for a gap-closing rule to be minimally sound, it is enough that there be no interpretation that makes the goal of the gap false while making all active resources of the gap and all active resources of its ancestors true. This means that it is enough that goal of the gap being closed to be entailed by its active resources together the active resources of its ancestors. With the rules we have so far, all available resources are included among the active resources of a gap and its ancestors, so it is enough goal is among its available resources. But we can be even more generous since, by the law for lemmas, adding to a collection of resources something that is entailed by them will not change what they entail. In short, we can state rules for closing gaps and have them minimally sound if the conclusion of the gap is among its active resources, is among the active resources of its ancestors, or is a further resource entailed by these resources. The available resources of a gap always include its active resources and the active resources of its ancestors, but in 2.4.3 we will consider rules which add to the available resources conclusions that they entail. We have just seen that this sort of addition will not undermine the minimal soundness of QED.

Although we will sometimes need to distinguish soundness and safety (or even utter and minimal soundness) in later discussions, most often we will not. We will say that a system is conservative when its rules are all safe and minimally sound (which comes to the same thing as being all safe and utterly sound). As we develop a derivation in a conservative system, open-gap-dividing interpretations are neither gained nor lost though they may be spread out among an increasing number of descendant gaps.

Glen Helman 15 Aug 2006