2.3.4. Sound and safe rules

The necessary and sufficient conditions for the validity of proximate arguments that were developed in the last section were based on connections between the presence of lurking counterexamples at successive stages. In this section, we will look more closely at the rules and consider not merely how the fact that counterexamples lurk in gaps is preserved as we develop a derivation but indeed how any lurking counterexamples are themselves preserved. This closer look at the effect of rules will enable us to give an account of a wider range of possible rules, including the extended use of QED that was not covered in our discussion in the last section.

We begin by considering two properties a rule R might have:

R is strict when any interpretation of the derivation that is a counterexample lurking in a gap to which the rule R is applied also lurks in some child of the gap
R is safe when any interpretation of the derivation that is a counterexample lurking in a child of a gap to which the rule R has been applied also lurks in the parent gap

When a rule is strict we never lose any lurking counterexamples as we apply the rule. When it is safe, we never gain any lurkers. Both definitions are stated for interpretations of the whole derivation because an interpretation that lurks in a child gap need not assign truth values to enough sentences to count as a lurking counterexample of the parent. However, every way of the interpreting the vocabulary of the proximate argument of a gap can be found in some interpretation of the derivation as a whole, so the restriction to interpretations of the whole derivation does not really limit the scope of the generalizations.

Although their association with the necessity and sufficiency of the same condition suggests a kind of parallel between them, these two properties do not have the same importance. Although we will see that strictness is a little more than we need to ask, any serious departure from strictness would undermine the central function of proofs: to establish validity. For then all gaps of a derivation might close even though the original argument was invalid. An unsafe rule would analogously undermine the use of derivations to establish invalidity because it would introduce the possibility that a derivation for a valid argument could lead us to a dead end. But the role of derivations in establishing invalidity is less central, and their full use in that way depends also on a property (discussed in 2.3.7) that will fail for rules to be considered in the last two chapters. This means that safety is dispensible, but no viable system of proof could completely dispense with strictness.

Moreover, moves corresponding to unsafe rules are an important part of explicit deductive reasoning. For example, a natural approach when we seek a way to prove a mathematical result is to introduce a lemma (in the sense is discussed in 1.4.7) as a stepping stone to a final result. If the lemma represents a significant step beyond the premises, it may be no more obviously a valid conclusion from the premises than is the final conclusion we hope to establish. The introduction of such a lemma can be described as a conjecture, and this conjecture may be wrong: the lemma may not be a valid conclusion from our premises even when the final conclusion is valid. In short, by seeking to reach our conclusion by way of this lemma, we may be entering a blind alley. This is just the sort of thing that would appear in the context of derivations as a dead-end open gap in a derivation whose initial argument is valid. So conjecturing a lemma can be thought of as a step in discovering a proof that is valuable but unsafe.

Another step in a proof that can be valuable but is unsafe is a decision to focus on only some of the information in one’s premises. This might seem quite different from a conjecture; but, combined with rules we will consider in the next chapter, a rule allowing us to conjecture a conclusion could lead us into a situation in which the active resources entailed less than did the resources at an earlier stage with the same goal. Intuitively, to focus on only part of one’s premises is to guess that this part will be as useful for reaching the conclusion as the whole would be, and this guess amounts to a conjecture.

Our interest in deductive reasoning is somewhat different from a mathematician’s. We are aiming not at new and surprising conclusions but instead at fuller understanding of the steps by which deductive conclusions are reached. Consequently, we will not be considering the large deductive steps for which conjecturing lemmas is the only practical approach. We will make use of lemmas—and we will look at rules for doing so in 2.4—but the chief value of lemmas for us lies in a restricted range of cases where we can be sure that they are safe.

Earlier, we set aside uses of QED in which the goal of the gap we close is among its available resources but not among the active ones. To discuss such uses of QED, we need to consider a requirement that is less unyielding than strictness. The following property of a rule R is the one we will employ:

R is sound when any interpretation that it is a counterexample lurking both in a gap to which the rule R is applied and in all ancestors of this gap also lurks in some child of the gap

The difference lies in the added phrase and all ancestors of this gap. The addition makes soundness apparently weaker than strictness because, for soundness, we do not require that an interpretation lurk in a child gap whenever it lurks the parent but instead only when it also lurks in all ancestors of the parent. However, when all rules are safe, a rule that is sound is also strict. For, when all rules are safe, an interpretation that is a lurking counterexample for a gap will also lurk in all ancestors of the gap. Thus, when there is a difference between soundness and strictness, it lies in their handling of the spurious lurking counterexamples introduced by unsafe rules: with a strict rule, such an interpretation will continue to lurk in descendants while, with a sound rule, it might not. In particular, a strict rule would force us to bear the burden of proving an unsafe conjecture while a sound rule might allow us to substitute a different way of reaching our initial goal.

And even when not all rules are safe, soundness is enough to insure that the ultimate argument of a derivation is valid whenever all gaps close. For, if all rules are sound, we can be sure that any counterexample lurking in a gap and in all its ancestors will lurk also in some child and in all ancestors of this child (since these are just the parent and its ancestors). But any counterexample to the ultimate argument of a derivation also lurks in any ancestor to the initial gap (since it has none), so if all rules are sound, this interpretation will also lurk in some child and all its ancestors—and so on. That is, as with strictness, when all rules are sound, any counterexample to the ultimate argument must lurk in some descendant at each stage; therefore, if all gaps close, there can be no counterexample to the ultimate argument. In short, if a sound rule ignores any lurking counterexample, this counterexample is an interpretation which shows that some risky conjecture does not follow from the initial premises, not one that shows that the initial conclusion was invalid.

Now, for a gap-closing rule to be sound, it is enough that there be no interpretation that makes the goal of the gap it closes false while making true all active resources of the gap and all active resources of the gap’s ancestors. This means that it is enough for us to soundly close a gap that its goal be entailed by its active resources together the active resources of its ancestors. With the rules we have so far, all available resources are included if we take the active resources of a gap together with the active resources of its ancestors. So it is sound to close a gap when the goal is among the available resources, and our extended use of QED is sound.

But we can be even more generous since, by the law for lemmas, adding to a collection of resources something that is entailed by them will not change what they entail. In short, we can state rules for closing gaps and have them be sound if the conclusion of the gap is among its active resources, is among the active resources of its ancestors, or is something entailed by these resources. The available resources of a gap always include its active resources and the active resources of its ancestors, but in 2.4.4 we will consider rules which add to the available resources certain conclusions entailed by these resources. And we have just seen that this sort of addition will not undermine the soundness of the extended use of QED.

Although we will sometimes need to distinguish soundness and safety (or even consider strictness) in later discussions, most often we will not. We will say that a system is conservative when its rules are all safe and sound (which, remember, comes to the same thing as being all safe and strict). So in a conservative system, lurking counterexamples are neither added nor lost as we develop a derivation, though they may be spread out among an increasing number of descendant gaps, something we will see illustrated in the next section’s example.

Glen Helman 11 Jul 2012