2.3.4. Sound and safe rules
The necessary and sufficient conditions for divisibility and indivisibility developed in the last section were based on connections between the divisibility of gaps at successive stages. In this section, we will look more closely at the rules and consider not merely how the existence and non-existence of dividing interpretations is preserved as we develop a derivation but indeed how any dividing interpretations are themselves preserved. This closer look at the effect of rules will enable us to give an account of a wider range of possible rules, including the extended use of QED that was not covered in our discussion in the last section.
We begin by considering two properties a rule R might have:
| R is strict | when | any interpretation of the derivation that divides a gap to which the rule R is applied also divides some child of the gap |
| R is safe | when | any interpretation of the derivation that divides a child of a gap to which the rule R is applied also divides the parent gap |
When a rule is strict we never lose any gap-dividing interpretations as we apply the rule. When it is safe, we never gain any interpretations. It is the safety of our rules that implied that the condition for divisibility discussed in the last was sufficient while their strictness is the source of its necessity. In both cases, we generalize about interpretations of the whole derivation because an interpretation that divides a child gap need not assign truth values to enough sentences to count as an interpretation of the parent. However, every way of the interpreting the vocabulary of the proximate argument of a gap can be found in some interpretation of the derivation as a whole, so the restriction to interpretations of the whole derivation does not really limit the scope of the generalizations.
Although their association with the necessity and sufficiency of the same condition suggests a kind of parallel between them, these two properties do not have the same importance. Although we will see that strictness is a little more than we need to ask, any serious departure from strictness would undermine the central function of proofs: to establish validity. For then all gaps of a derivation might close even though the original argument was invalid. An unsafe rule would analogously undermine the use of derivations to establish invalidity because it would introduce the possibility that a derivation for a valid argument could lead us to a dead-end. But the role of derivations in establishing invalidity is less central, and their full use in that way depends also on a property (discussed in 2.3.7) that will fail for rules to be considered in the last two chapters. This means that safety is dispensible, but no viable system of proof could completely dispense with strictness.
Moreover, moves corresponding to unsafe rules are an important part of explicit deductive reasoning. For example, a natural approach when we seek a way to prove a mathematical result is to introduce a lemma (in the sense is discussed in 1.4.6) as a stepping stone to a final result. If the lemma represents a significant step beyond the premises, it may be no more obviously a valid conclusion from the premises than is the final conclusion we hope to establish. The introduction of such a lemma can be described as a conjecture, and this conjecture may be wrong: the lemma may not be a valid conclusion from our premises even when the final conclusion is valid. In short, by seeking to reach our conclusion by way of this lemma, we may be entering a blind alley. This is just the sort of thing that would appear in the context of derivations as a dead-end open gap in a derivation whose initial argument is valid. So conjecturing a lemma can be thought of as a step in discovering a proof that is valuable but unsafe.
Another step in a proof that can be valuable but is unsafe is a decision to focus on only some of the information in one’s premises. This might seem quite different from a conjecture; but, combined with rules we will consider in the next chapter, a rule allowing us to conjecture a conclusion could lead us into a situation in which the active resources entailed less than did the resources at an earlier stage with the same goal.
Our interest in deductive reasoning is somewhat different from a mathematician’s. We are aiming not at new and surprising conclusions but instead at fuller understanding of the steps by which deductive conclusions are reached. Consequently, we will not be considering the large deductive steps for which conjecturing lemmas is the only practical approach. We will make use of lemmas—and we will look at rules for doing so in 2.4—but the chief value of lemmas for us lies in a restricted range of cases where we can be sure that they are safe.
Earlier, we set aside uses of QED in which the goal of the gap we close is among its available resources but not among the active ones. To discuss such uses of QED, we need to consider a requirement that is less unyielding than strictness. The following property of a rule R is the one we will employ:
| R is sound | when | any interpretation that divides both a gap to which the rule R is applied and all ancestors of this gap also divides some child of the gap |
The difference lies in the added phrase and all ancestors of this gap. The addition makes soundness apparently weaker than strictness because, for soundness, we do not require that an interpretation divide a child gap simply because it divides the parent but only when it also divides all ancestors of the parent. However, when all rules are safe, a rule that is sound is also strict. For, when all rules are safe, an interpretation that divides a gap will also divide all ancestors of the gap. Thus, when there is a difference between soundness and strictness, it lies in their handling of the spurious dividing interpretations introduced by unsafe rules: with strict rule, such interpretations will continue to divide descendants while, with a sound rule, they might not. So a strict rule would force us to bear the burden of proving an unsafe conjecture while a sound rule might allow us to substitute a different way of reaching our initial goal.
And even when not all rules are safe, soundness is enough to insure that the ultimate argument of a derivation is valid whenever all gaps close. For, if all rules are sound, we can be sure that any interpretation that divides a gap and all its ancestors will divide some child and all ancestors of this child (since these are just the parent and its ancestors). But any interpretation that divides the ultimate argument of a derivation also divides any ancestor (since it has none), so if all rules are sound, this interpretation will also divide some child and all its ancestors—and so on. That is, as with strictness, when all rules are sound, an interpretation that divides the ultimate argument must divide some descendant at each stage; therefore, if all gaps close, there can be no interpretation dividing the ultimate argument. In short, if a sound rule ignores any gap-dividing interpretation, it is an interpretation that shows some risky conjecture does not follow from the initial premises, not one that shows that the initial conclusion was invalid.
Now, for a gap-closing rule to be sound, it is enough that there be no interpretation that makes the goal of the gap it closes false while making true all active resources of the gap and all active resources of the gap’s ancestors. This means that it is enough for us to soundly close a gap that its goal be entailed by its active resources together the active resources of its ancestors. With the rules we have so far, all available resources are included if we take the active resources of a gap together with the active resources of its ancestors. So it is sound to close a gap when the goal is among the available resources, and our extended use of QED is sound.
But we can be even more generous since, by the law for lemmas, adding to a collection of resources something that is entailed by them will not change what they entail. In short, we can state rules for closing gaps and have them be sound if the conclusion of the gap is among its active resources, is among the active resources of its ancestors, or is something entailed by these resources. The available resources of a gap always include its active resources and the active resources of its ancestors, but in 2.4.3 we will consider rules which add to the available resources certain conclusions entailed by these resources. And we have just seen that this sort of addition will not undermine the soundness of the extended use of QED.
Although we will sometimes need to distinguish soundness and safety (or even consider strictness) in later discussions, most often we will not. We will say that a system is conservative when its rules are all safe and sound (which, remember, comes to the same thing as being all safe and strict). So in a conservative system, gap-dividing interpretations are neither gained nor lost as we develop a derivation though they may be spread out among an increasing number of descendant gaps, something we will see illustrated in the next section’s example.