-.
3
CONTENTS 3. Dynamic logic 1. Nfadal logic
/
1.1. 1.1.1. 1.1.2. 1.1.3. 1.1.4. 1.1.5.
1.2. 1.2.1. 1.2.2. 1.23. 1...
49 downloads
1791 Views
2MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
-.
3
CONTENTS 3. Dynamic logic 1. Nfadal logic
/
1.1. 1.1.1. 1.1.2. 1.1.3. 1.1.4. 1.1.5.
1.2. 1.2.1. 1.2.2. 1.23. 1.2.4. 1.2.5. 1.2.6 1.2.7.
Syntax Language Axiom svstems Logics' Maximal consistent sets Theories Semantics Model theoretical semantics Algebraic semantics Soundness and completeness Canonical models The finite model property Filtrations Decidability
3.1. . 3.1.2. 3.1.3. 3.2. 3.2.1. 3.2.2. 3.3. 3.3.1. 3.3.2. 3.3.3. 3.4. 3.4.1. 3.4.2. 3.4.3.
Frames Language Models ~)ntax
Axiom systems Fischer/Ladner closure Completeness Canonical models Filtrations Completeness ofPDL Limitations of PDL Path semantics A waming regarding IF - TIIEN - ELSE and WHU,f] The delta operator
4. Background 2. Ancestral logic
(
,
2.1. 2.1.1. 2.1.2 2.2. 2.2.1.
2.2.2. 2.3.
2.3.1. 2.3.2 .
...
Semantics Model theory Compactness and noncompactness Syntax Axiom systems for ancestral logic Comparison with tense-logic Completeness Canonical models Filtrations
4.1. 4.1.1. 4.1.2. 4.2.
Historical remarks Modal logic Dynamic logic Selective hibliography
5
1. Modallogic
example writing DA::J (B II C) rather than ::J(DA, II(B, C». We will also omit parentheses in unsystematic ways when we think it can be done without causing confusion.
1.1. Syntax 1. Language
If someone wants a brief description of modal logic, perhaps one might reply that it is ordinary logic with one or two extra so-called modal. operators 0 and 0, each taking a formula as an argument and yielding a formula as a result. One might also add that people who do modal logic usually have in mind an informal understanding, however abstract, of those operators, associating with them readings such as "it is necessary (in a certain sense) that" and "it is possible (in a certain sense) that", respecti v ely. As it turns out, in classical modal logic the two modal operators are interdefinable, so it is customary to posit one of them as primitive (nowadays usually D) and construct the other with the help of definition. Thus in modal propositional logic we haveari alphabet consisting of certain primitive symbols: I I I
, i
: I
, i
:!
(i) (ii) (iii) (iv)
a denumerable supply of propositional letters, a finite truth-functionally complete set of Boolean operators, the modal operator D, grouping devices (for example, parentheses and commas).
From these we build formulre in the usual way. Every finite string of primitive symbols in an expression, and formulre are expressions of a certain sort. This is by no means problematic, and so it may seem like an act of supererogation to offer a definition. However, in order later to be able'to give rigorous proofs by induction on the structure of formulre we need a precise inductive definition of formula. 1. 2.
3. 4.
Every propositional letter is afoTnUtla. If 0 is an n-ary Boolean operator and AQ, ... , An-I are formulre, then o(AO, ... , An-I) is also aformula. If A is aformula, then DA is also
Strict adherence to this definition will produce formulre in a form related to what is known as Polish notation. However, we will feel free to use customary ways of writing formulre without further explanation, for
Enumeration lemma. There is an effective enumeration (without repetitions) of the set cP of all formulre. Proof. The proof will depend on the precise nature of the alphabet, something we have left vague here. Rather than making our theory comprehensive (and losing some comprehension in the process), let us discuss an example. Suppose that T, .1, II, V, ::J, =, ..., are our Boolean operators. The ~et of our propositional letters is denumerable, hence there is an enumeration of them, say PO, PI, ... , Pn, ., .. To make it absolutely clear what is going on we will now introduce a new auxiliary alphabet. Let P and' be two new symbols. Our propositional letters will be complex symbols pen), where (n) stands for a string of n occurrences of '. Our Boolean operators, corresponding to T, .1, II, V, ::J, =, and ..." respectively, will be T, F, K, A, C, E, and N. Our only modal operator, corresponding to D, is L. There are no grouping devices. Thus the formulre of our auxiliary language are in true Polish nota~ion. Moreover, there is a one-one correspondence between formulre written in the new language and formulre written in the old one (the "real" formulre). For example, corresponding to DP2::J (PO II P3) we have CLP"KPP'". Define the following correspondence between the numbers less than 10 and the symbols of our auxiliary alphabet: 0.1
1:P,
2:T,
3:F,
4:K,
5:A,
6:C,
7:E,
8:N,
9:L.
Evidently this definition induces a one-one correspondence between expressions in our auxiliary language and natural numbers: given any number written in decimal notation, we can at once read off the corresponding expression in the auxiliary language. Conversely, any expression in that language can be read as a numeral written on base 10. In order to produce an enumeration of all formulre of the old language we go through the natural numbers one by one, starting with O. For each number, we reconstruct the corresponding expression in the auxiliary language. Is it a formula of that langage? That is a question that can be decided in a finite number of steps. If the answer is no, then we proceed to the next number. If the answer is yes, then we add the corresponding old formula to our enumeration. Thus the first ten
7
entries in our enumeration will be PO. ..1. Pl. --.PO, DPO. PZ. Po 1\ PO, Po 1\ T. and Po fI.1. All entries in the enumeration are formula:; of the original language, and sooner or later e,'ery such formula will appear ill it -hut only once. •
Examples of rules arc modus ponens (MP) and the rule of congruence (RC):
'
(MP)
{A A:J B} {A 5B}
• (RC)
By assumption, in our language Boolean negatiotl, --'. is available. Hence the following defini~ion makes sense: for every formula A,
At this stage. all that this means is that OA is a certain strin~ ?f pri~itive symbols. Only later will we be able to prove that the ,defimlton SUlts our informal understanding of the modal operators. 2. Axiom systems
Other schemata and rules of interest are: D(A :J B) :J (DA :J DB),
• (K) (D) (B)
--.(OA 1\
A v D--.DA,
, (RN) • (RE)
{A} {DA}, . {A", B, C} 1-----* {C' is like C except that one' occurrence of A in C has been replaced by an occurrence of B}. . {A"" B} 1-----* {C", C' : C' is like C except that one occurrence of A in C has been replaced by an occurrence of B}. {(AO 1\ ... 1\ An-i) :J B} f----> {(DAO 1\ ... A DAn-I}:J DB} (for all n ;;>: 0),
, (RPE) "
An axiom system Ii is a pair (8, R) where 8 is a set of formulre and R is a set of functions from sets of formulre to sets of formulre. In other words, if is the set of all formulre, then 8 ~ ell and. for every pER, p ~ $t!l X $ is a formal proof in Ii and An = A We write Ali for the set of theorems of e. A (formula) schema is the set of all the substitution instances of some particular formula. Following what is nowadays common practice we will specify the axioms of our axiom systems with the help of axiom schemata. Here are some important examples of such schemata: (0) • (1) .(2) ,
I,
(T) (4) (~)
I
,; J
T,' DT,
D(A 1\ B) "" (DA fI DB), DA:J A DA::> DDA ·--.DA:J D--.DA.
{B}.
{DA "" DB}.
, (RS)
To aid memory: K for "Kripke", D for "deontic". B for "Brouwer", RN for the Rule of Necessitation, RPE for the Replacement of Provable (Material) Equivalents. and RS for Scott's Rule. Yet another important rule is that of uniform .substitution. (US). Bya substitution jUnction we shall mean any function ~ from the set o~ propositional letters to the set of all formulre. GIven a substItution function we extend it ("lift it") to a function s* from the set of all formulre; the range is still the set of all formula'!: s*(P) sP. for every propositional letter. . . s*(o(AO, .... An-I» = o(s* AO, ... , s* An-i), If 0 IS any n-ary operator and Ao .... , An-I are any n formula:;. We sav that s"'(A) is a substitution iNstance of A. Indeed, if po.... , Pm-i are aU"the propositional letters occurring in A, then s* A is the result of substituting sPo for po•... , SPm-l for Pm-i. The rule (US) can IlOW be stated as follows: (US)
{A}
~
{A': A' is a substitution instance of A}.
j
9
s
closed under uniform substitution, then so is the set A( Gi};). In other words, the set A( 6l:) is a nonnallogic. Notice that the theorems of Gil: are the theses of A(5I:). and conversely.
3. Logics A set}; provides a schema if it contains every fonnula in the schema. Moreover, }; provides a rule p (equivalently, ); is closed under p) if BE l: whenever AO, ... , An-l E l: and B follows from {AO, ... , Atl-l} by p. A logic is a set of fonnulre that contains all tautologies and is closed under (MP) and (US). The formulre in a logic L are called the theses of L. It is convenient to write I-L A (or just 1-, if it is clear what L is) to indicate that A is a thesis of L (even though historically the turnstile was originally used to indicate that a formula was a theorem provable in an axiom system).
This means that there is a close conne:<.ion between axiom systems of this kind and normal logics. EveI)' alliom system of t~e .kind mention~d generates a normal logic. Conversely. given a lOgiC It may be pOSSIble to axiomatize it. and in more ways than one. Again, if l: is a set of formulre, then by Al: we shall understand the smallest normal logic that includes L. Notice that ifl: is closed under substitution. then so is Al:.
Proposition. If l: is closed under uniform substitution. then A(QiI) Al:.
Proposition. The following conditions are equivalent, for any logic L: (i) L provides (1), (2), and (RC). (ii) L provides (1), (2). and (RE). (iii) L provides 0). (2), and (RPE). (iv) L provides (K) and (RN). (v) L provides (RS). A logic is lIonnal if it provides anyone of the five conditions of the lemma.
Let us define LI Y Lz = n{L : L;,] Ll & L;;2 Lz}. -YiaLi n{L: 'o'i ElL d Li}.
In general, define
PropOSition. If {Li : i E I} is a family of [normal] logics. then so are niaLi and 64aLi. In particular. if Ll and Lz are [normal] logics, then so are Ll n LZ and LI Id- Lz. Let Gi be an axiom system which contains as axioms "sufficiently many" tautologies and has (MP) among its rules and which also satisfies one of the following conditions: (i) (1) and (2) are axiom schemata and (RC) is a rule, (ii) (1) and (2) are axiom schemata and (RE) is a rule, (iii) (1) and (2) are axiom schemata and (RPE) is a rule, (Iv) (K) is an axiom schema and (RN) is a rule. (v) (RS) is a rule. If l: is a set of fonnulre. then by CiU we shall understand the axiom system obtained by adding to the axioms of (jJ all fonnulre in l: as new axioms. Notice that if}; is
......
-~--
This means that there are two ways of describing a normal logic that is axiomatizable by an axiom system of the kind we have indicated. One is to say that it is the smallest logic to provide certaill ~chem~ta. The other is to exhibit an axiom system whose set of theorems IS preCisely that logic. In the examples that now follow we prefer. U:e fo~er way .. However. the reader will have no difficulty of provldmg SUItable a'l:lOm systems. Let us now review some modal logics in the literature. First of all there is the smallest normal logic, usually called K (in honour of Kripke). The three most famous modal logics are C. 1. Lewis's S4.and 85 and the GodeliFeys/vonWright logic T. They may be descnbed as the smallest normal logics to provide. respectively, in the case of T: the schema (1'). in the case of S4: the schemata (T) and (4), in the case of S5: the schemata (T). (4) and (5). A shorter way-of describing such logics is by providing their Lemmon. code. If L is a llormal logic and So..... Sn are schemata, then L80... Sn IS the smallest nonnallogic including L and providing SO, ... , Su. Thus T=KT, S4:::.KT4, 85 KT45.
II
10
There are of course indefinitely many other ways of describing the same logic. For example, S5 = KT5 = KT4B == KD4B, etc. Other wellknown logics are the basic deontic logic D = KD, deontic S4 = K04, deontic S5 = K045, the Brouwer logic :=0 KTB.
1.
2.
It should be noticed that the labels given here to the various schemata
3.
differ in a few places from what one sees in the literature. Thus (D) usually names the schema DA ~ OA and (8) the schema A ~ OOA. Lemmon's name for (5) was (E) (for Euclidean).
4.
The relationship of the normal logics definable in terms of the schemata (T). (4). and (5) is set out in the chart below ("Picasso's chair"). Notice that in the chart deontic S4 and deontic S5 are renamed dS4 and dS5, respectively, while KD5 and K45 are not named at alL A logic is included in another if connected to it by a line going up. The eleven logics are all distinct (something we shall be able to prove later).
dSS
K5
,
(tautology) (from 1 by Scott's Rule) (from 2 by TF) (from 3 by dfO)
This establishes the desired result. It is important to notice that the informal argument just given is not itself a formal proof, even though a proper formal proof can be found with its help. By the same token, line 4 is not a formal theorem, even though it establishes that (OA 1\ DB) ~ O(A 1\ B) is a formal theorem of any axiom system whose set of theorems is a normal logic.
A logic L isfinitary if there exists some axiom system e, all of whose rules are fin italY, such that L = Ala. With finitary logics the following bit of symbolism is useful. We have already introduced the turnstile I(or 1-0 to symbolize thesishood in L. We now extend its use by allowing ourselves to writel: ... B if there are m and Ao, ... , Am-t E l: such that (Ao 1\ ... 1\ Am-I) ~ B is a thesis of L. If m = 0, this means that T ~ B ELand hence 13 E L. Notice that this wider use of the turnstile is in agreement with our previous usage: 0 I-L A (in the new sense) if and only if I-L A (in the old sense).
34
K
I-(-,(A 1\ B) 1\ B) ~ -,A ... (D--.(A 1\ B) 1\ DB) ~ o--.A I- (-,O-,A" DB) ~ --.O ..... (A " B) I-(OA 1\ DB) ~ O(A 1\ B)
4. Maximal consistent sets
SS
; i
One reason for preferring to deal with logics rather than axiom systems of Hilbert type-which is what ours are-is that formal proofs in such systems are so cumbersome. Suppose for example that we want to prove that (OA 1\ DB) ~ O(A 1\ B) is a thesis of K. A natural, informal argument might go like this (where TF stands for truth-functional reasoning and ... refers to K):
A logic L is (absolutely) inconsistent if every formula is a thesis of L, (absohaely) consistellt otherwise. A set I of formula: is IAnconsistent if I 1-1- in L, otherwise L-COllsistent. Thus if L is a finitary logic. ~ is Linconsistent if and only if for some m there are some formulre Ao, ... , Am-I E ~ such that -'(Ao 1\ ... 1\ Am-I) E L. (Our policy on empty conjunctions and disjunction is that the former collapse to T, the latter to 1-. Thus when m = 0 the condition that .(Ao 11 ... 11 Am-I) E L reduces Notice that to the condition that -,TEL; in other words, that 1- E L.) if L is inconsistent, then evelY set of formula: is L-incol1sistent. .
13
I::'
Lemma. Let L be any finitary logic. Then a set if L-COllsistent if and only if each of its finite subsets is L-CollsistenL
(i) (ii)
(iii) (iv) (v) (vi) (vii)
The following is a list of some useful properties of I- which hold in any logic (as defined here). Let us agree to write }";, Ao, .... Am-lIB if}"; U {Ao, ... , Am-d I- B.
if}"; I- A then A E }";, L ~}";. A ABE}"; if and only if A E }"; and BE}";, A v BE}"; if and only if A E }"; or BE}";, A ::> BE}"; if and only if, if A E }"; then BE}";, A == BE}"; if and only if. A E }"; if and only if BE}";, ....,A E}"; if and only if A fI. }";.
Proof. Suppose A fl.}";. Then, because of maximality, }";, A 1-.1 in L. If}"; I- A, then}"; 1-.1 by cut, which is impossible if}"; is L-consistent. This proves (i). Clauses (ii)-(vi) are easy consequences of this result. As for (vii), if....,A E }"; and A E }"; then}"; would obviously be L-inconsistent. On the other hand, if -.A fI. }"; and A fI. }";, then by maximality both }"; . ....,A I- .1 and }";, A I- .1. Hence }";, A v -,A I- .1. But I- A v ....,A, so by cllt }"; I.1, contradicting the assumption that}"; is L-consistent. •
}";I- A if A E}"; (reflexivity), }"; I- A implies }";' I- A if}"; ~}";' (monotonicity), }"; I- A if}"; I- C and C I- A (cut). A A B I- A and A A B I- B, A, B I- A A B; }"; I- A v B implies}"; I- C if}";, A I- C and }";, B I- C, AI-AvBandBI-AvB;
Do maximal, l..-consistent sets exist? Yes, in great abundance, as shown by the following classic result (which proves more than that):
A::> B, A I- B, }";, A I- B implies}"; I- A::> B;
Lindenbaum's Lemma. Let L be any finitary logic, not necessarily normal. Let}"; be any L-consistent set for which it is not the case that}"; I- A. Then there is a maximal L-consistent set}";* such that ~ ~ ~,., and A fI. }";*.
A "" B, A I- B and A B, B I- A, }";, A I- Band }";, B I- A implies}"; I- A == B; -'A, A I- B, }";, A I- -.A implies}"; I- ....,A;
Proof. Let}"; be a given L-consistent set such that}"; I- A does not hold. Let Ao, Ai, ... , An, ... be an exhaustive enumeration of the formula: in our language (by the Enumeration Lemma, such an enumeration can be found). Define a family of sets}";n as follows:
I-A v ....,A. Furthermore, in any normal logic we also have }"; I- A implies O}"; I- OA, where
O}";
}";n U {An}, if this set is L-consistent,
== {DC: C E }";}. ~n+l
A set}"; of formulre is maximal L-consistent if}"; is L-consistent and, for every L-consistent set}";" if}"; .;;; }";' then}"; Equivalently. an L- consistent set}"; is maximal L-consistent if, for every A fl.}";, the set }"; U {A} is L-inconsistent.
=}";'.
}";11,
As an inductive argument shows, }";n is L-consistent, for every n. Finally define }";*
Lemma on Maximal L-Conslstent Sets. If L is any logic and maximal L-consistent set, then the following conditions obtain:
~
is a
otherwise.
Um::~n.
If}";* were L-inconsistent then. since L is finitary, some finite subset e ~ }";* would also be L-inconsistent. By the way we have
15
1'-1 constructed ~* there must then be some m such that e ~~m. But sets including L-inconsistent subsets are themselves L-inconsist~nt, and ~rn. we said, is L-consistent. Therefore};* must be L-consistent.
(
Suppose that r is any L-consistent set such that ~* ~ r. Take any formula B E r. Our enumeration is exhaustive, so there is some m such that B = Am. It follows from our assumption that ~m .;;; r. hence we may conclude that 4Il U {B} .;;; r. Subsets of L-consistent sets are themselves L-consistent, so ~m U {B} is L-consistent. Consequently B E};m and therefore B E};*. This shows that r ~ ~*. Hence ~* is maximal L-consistent.
.
The proof of the theorem is now complete, for by construction
~ ~ ~*.
Corollary. For any consistent finitary logic L there are 2 N 0 maximal L-consistent sets. Proof. Since any set of formulre is a subset of ell, which is known to be denumerable. it is clear that there are at most 2 N0 sets of formulre and a fortiori at most 2ND sets that are maximal L-consistent. To see that this upper bound is in fact attained we reason as follows. If A is any set of propositional letters, let us write ITA for the set A U N, where N = {...,p : P is a propositional letter not in A}. Suppose, for any particular A, that ITA is L-inconsistent. Then there are some finite subsets Ao ~ A and No ~ N such that Ao U NO 1-1. in L. Now L is closed under uniform substitution. This means that if we substitute T for all the propositional letters in Ao and 1. for all those in No, then we get T I- 1. in L. In other words, L in absolutely inconsistent, contrary to assumption. Hence ITA is L-consistent. By Lindenbaum's Lemma it can be extended to a maximal L-consistent set. It is clear that if A ;t B, then I1A and lIB give rise to incompatible extensions. Since there are 2 NO sets of propositional letters, the theorem is proved. ..
5. Theories A theory is a set of fonnulre that contains all tautologies and is closed under (W). If L is a logic, then an L-theory is a logic including L. If L is a normal logic, then an L-theory is nonnal if it includes L and is closed under (RC) (or, equivalently, under (RN) or (RS) or (RE) or (RPE)). Notice that logics are theories closed under uniform
substitution. Moreover, in finitary logics L, the maximal L-consistent sets are L-theories, in fact maximal in the same sense as the sets. Thus sets and theories and logics are increasingly specific entities of the same kind. Note that the intersection of any set of [normal] L-theories is a [normal] L-theory. Let L be a finitary logic and ~ a set of formulre. Then we define CnL ~ = {A : ~ I-L A} (Cn after "consequence", A being seen as a consequence in L if~ I-L A). It is clear that CnL ~ is a theory; . in fact, CnL ~ is a logic (normal if L is normal) if~is closed under uniform substitution. Note the following facts: ~ ~ CnL~.
CnL}; .;;; CnL ~', if ~ CnL CnL}; .;;; CnL };.
~ ~',
n
Proposition. Let L be a finitary logic. Then CnL ~ = {T : T is an L-theory & ~ ~ T}. In other words, CnL ~ is the smallest L-theory to include ~. Proof. First suppose that A E CnL~. Then ~ I-L A, and hence there are some formulre C{), ...• Cn-l E~ such that (Co f\ ... f\ Cn-I) ::J A is a thesis of L. Let T be any L-theory including~. Since L ~ T we have «Co f\ ... f\ Cn-I) ::J A) E T. Hence A E T. Next suppose A $. CnL ~. Then it is not the case that ~ Ii... A, so by Lindenbaum's Lemma there js some L-theory including ~ such that A T. ..
f/.
We are now able to articulate an important distinction conceming inference rules. If r is a set of formulre and p is a rule, let us write rp for the closure of L U r under p; hence CnL r = rIviP. Then we say that p is tmth-preserving in L if, for every set~, ~p .;;; CnL~, and thalp is validity-preserving in L if 0p ~ CnL 0. It is clear that (1vfP) is truthpreserving and that the other rules discussed in section L 1:2. are validity. preserving. Truth-preserving rules are of course also vahdltypreserving but, as we shall see in section 1.2.3 below, the converse IS not true in general.
17
16
1.2. Semantics 1. Model theoretical semantics
A frame is a pair (U, R) where U is any set and R is any binary relation on U (that is, R ~ U X U). The set U is the rmi\'erse, while R is the accessibility relation or alternativeness relation of the frame, A valuation in U is a function from the set of propositional letters to ~U, the power set of U. A model on a frame (U, R) is a triple (U, R V) where V is a valuation in U. The central concept in semantics is that of a formula being true at a point in a model, a concept we now define inductively. Let lJIl =(U, R, V) be a modeL Read "A is true at x in lJIl" if it is the case that lJIl FX A and "A is false at x in !JI1" if it is not tHe case that!Jl1 FX A, where A is assumed to be a fonnula and x an element .of U. The basic part of the inductive definition consist of a clause for propositional letters P: 1.
sm I=x P iff x E V(P).
The inductive part contains one clause for every Boolean operator that is primitive in our ianguage. We have not specified what they are, but the idea is to articulate the ordinary truth-tables in the present idiom. For example, if conjunction and negation are primitive, then we stipulate 2. 3.
sm FX A A B iff sm Fx A and!Jl1 Fx B, sm FX -,A iff it is not the case that lJIl Fx A.
In addition the inductive part contains a clause for the only primitive modal operator. necessity: 4.
'lit I=x OA iff, for all y, if (x,y) E R then sm Fy A.
This ends the definition. If it is not the case that lJIl Fx A, we may say that A isfalse at x in 5JJl Notice that appropriate truth-conditions can be derived for any nonprimitive Boolean operator. for example, sm I=x A v B iff sm I=x A or!Jl1 I=x B, !JI1 FX A :J B iff, if sm Fx A then!Jl1 FX B, 'Dl FX A '" B iff, iff sm I=x A then sm I=x B, !JI1 ~ T, !JI1 / x 1..
Given that we have defined CIA as -,o-,A we can also derive the truthcondition for that other modal operator, possibility: lJIl
I=x CIA iff, for some y, (x,y)
E Rand sm
Fy A.
We say A is true in a model lJII, in symbols lJII F A, if A is true at every point in the universe of the model; that A is valid at a point x in a frame '3', in symbols '3' Fx A, if A is true at x in every model on '3'; that A is valid in a frame '>t, in symbols W F A, if it is valid at every point in the universe of the frame. If every thesis of a logic L is true in a model 'lit we say that sm is a model for L. If every thesis of L is valid in a frame W, then we say that '>t is a/rame for L. A countennodel for L of A is a model for L in which A is not true. A counterframe for L of A is a frame for L in which A fails to be valid. We also say that a set I is satisfied at x in a model lJII if every formula in I is true at x in IJJl; that I is satisfiable in a frame 'tt if I is satisfied at some point in some model on lJ'; and that I is satisfiable in a class C of frames if I is satisfiable in some frame in C. Note the following facts: 8(lJIl, x) = {A : lJII Fx A} is a theory, 8(sm) == {A : !JI1 .F A} is a normal theory, A('>t. x) == {A : '3' Fx A} is a logic. A('3') = {A : 'J' F A} is a normal logic.
Suppose that ~1 is any class of models, F any class of frames. also have 9(1"1) = n'lltEM8()ID) is a normal theory. ACC) = n'J'EFA('3') is a normal logic.
~i.".
Then we
II CF)
The only difficulty in establishing these claims is to show that the sets claimed to be logics are closed under uniform substitution. By way of example, let us show that A('3', x) is closed under (US). Suppose that W = (U, R) is a frame and that x E U. Assume that A E A('3', x). Let s be any substitution function. If V is any valuation in U, then we shall write VS for the valuation assigning V(sP) to each propositional letter P, and 'liP for the model defined on'>t by VS. It is straightforward to prove, by induction on A, that 'lIl FX sA iff lJIlS Fx A.
19
I:",
From the assumption that A is valid at x in 'If it follows that 1JJlS I=x A. Hence, by the result just cited, 'Dl 1=-.; sA. Therefore sA E A('lf, x), as we wanted to show. In this connexion we might explain our choice of tenninology when, in section 1.1.5, we defined some rules as "truth-preserving" or "vaIiditypreserving".
Proposition.
(i) Let P be any truth-preserving rule. Suppose that every formula in some set l: is true at an element x in a model 1JJl. Then every formula in l:P is also true at x in 5JJl. (ii) Let p be any validitypreserving rule. Suppose that every fonnula in a set l: is valid in a frame 1'. Then every fOlmula in l:P is also valid in 1'.
The following result, though simple. is occasionally usefuL Let us say that 1JJlt (U t, Rt, Vl) is the submodel of 5JJl = (U. R V) generated by some element t E U if .
=
ut = {x E U : (t,x) E
V*(P) = Yep), for every propositional letter p, V*(A 1\ B) := V*(A) n V*(B), V*(A v B) ;= V*(A) U V*(B), V*( -,A) = -V*(A), V*(OA) =!Q]V*(A). We say that A is valid in 21 if. for every assignment in the universe of 21. V*(A) := 1. Let us write A(U) for the set of fonnulre valid in 21. It is clear that A(21) is a normal logic. Define a dual operator ~ by the condition that ~o = -I!.iI-a, for all a. b E R. Then . ~(a U b) '"
h U
~b.
~O=O.
Notice that, for any valuation V. V*(OA)
=~V*(A).
R*},
Rt;;:;:; R n (ut X ut), vt(P) Yep) n (It, for every propositional letter P. (Here R* denotes the ancestral of R. that is, the smaJlest reflexive, transitive relation to include R.)
Generation Theorem.
Boolean operators are primitive in our language, but assume for the purposes of this definition that conjunction, disjunction and negation are.)
For all fomlUlre A and all elements x E
ut,
IJJtt I"x A if and only if'1R I=x A.
*2. Algebraic semantics We say that 21 ; :;:; (n, n, U, -, 0, 1, fQJ) is a normal modal algebra if n, U, -, 0, 1) is a Boolean algebra and!Q] is an extra operator from R to n such that, for all a, bEn,
It is worth noting that for every frame i' = (U. R) there is an algebra 21(i') with the same associated normal logic: define U('i) (~U, n, U, -. 0, U. i). where ~U is the power set of U, .and n, U and are the set theoretical intersection, ullion and complement with respect to U, respectively, and j (a kind of "interior operation") is defined by the condition that, for every X !,;; U, iX :: {x E U : 'dy «x.y) E R ~ Y EX)}.
That A'if = A2I(i') is obvious, but it may be instructive to spell out the For each model IJJt and formula A. let us call IfAIIIJJt {x: proof. 1JJl I=x A} the troth set of A in 1JJl. The following is a way. of rewriting the model theoretical truth-conditions listed in se~tion 1.2.1 above:
(n,
!!.'il(a n b) =!!.'ila I9.lI = 1.
n !!.'ilb,
Let V ~. an assignment in H, that is, a function that assigns to each proposlbonalletter an element of n. We lift V to a function v* defined on the set of all formula:: as follows. (We have not specified which
iPU IJJt
Yep), for every propositional letter P. n IIB1I 1JJl, JI-,AII'1R :::;: U - IIAII1JJl, IIDAIIIJJt :::;: illAllfIt.
IIA 1\ BIJIJJt ::;;; IIAIIIJJt
Notice that V is a valuation in U if and only if V is an assignment in ~u. It follows, by an obvious inductive argument, that IIAlIlJII := P:(A), for all
21
;i
':
'
A Hence A is valid in tt iff 1\i\l\lJIl V*(A) = U iff A is valid in ~(tt).
= U,
for all models
l))l
on tt iff
3. Soundness and completeness We ~a~e seen h~o different ways of identifying a normal logic: by provldmg an aXIOm system and by providing a class of frames (a third way, that of providing a modal algebra, we shall not touch upon). The relationship between these ways is Of great interest to mOdal logicians. Let us say that a normal logic L is sound with respect to a class [ of frames if L ~ A(C), and complete with respect to C if L ~ A(C). If L is both sound and complete with respect to [, and thus L = A(e), then we say that L is determined by C. Sometimes one says that L is complete (with no qualification) if L is determined by some class of frames. It is easy to derive soundness results for all the logics mentioned in section 1.1.3. To begin with, it follows from our discussion in section 1.2.1 that K is sound with respect to the class of all frames. For the others, we can obtain soundness results by imposing conditions on the accessibility relation. We use the following terminology with respect to . a frame (U, R), where the quantifiers range oyer U:
is serial iff 'r/x 3y (x,y) E R, is reflexive iff 'r/x (x,x) E R, is symmetric iff "Ix 'r/y ((x,y) E R => (y,x) E R), is transitive iff 'r/x Vy 'r/z (((x,y) E R & (y,z) E R)) => (x,z) E R). R is i!.uciidean iff'r/x Vy 'r/z (((x,y) E R & (x,z) E R)) => (y,z) E R). R R R R
.
. t f ,
It IS readily shown that KD, KT, KB, KY, K5 are sound with respect to the class of frames that are serial, reflexive, symmetric, transitive, Euclidean, respectively. One consequence of this resultis the following:
Proposition. If Ll and L2 are normal logics sound with respect to some classes [1 and [2 of frames, then L1l.:}- L2 is sound with respect to [1 n [2. In general, if {LihEI is a class of logics, for some nonempty index set I, such that each 1-4 is sound with respect to some class Ci, then YiEILi is sound with respect to niEICi. Corollary. distinct
The eleven logics in the chart in section 1.1.3 are all
Proof. As an example we show that S4:t. S5. We already know that S4 is sound with respect to the class of reflexive transitive frames. We also know that P V o--.oP is a thesis ofS5, for every propositional' letter. It is easy to find a reflexive transitive frame in which this formula is false at some point. For example, if U ::; {O, I} and R = {(O,O), (0,1), (l,I)}, then this formula is false at 0 under any valuation V such that Yep) ={I}; and this frame is certainly reflexive and • transitive. Hence P V o--.oP is not a thesis of S4. Notice that if a logic L is sou~d with respect to a class [of frames, then it is sound with respect to any subclass of [; for it is a general fact that, if A and 6 are any classes of frames, then A ~ 6 implies that A(A) d A(6). Thus a soundness result is more interesting the stronger the determining class is. Consequently, the most interesting soundness result is one in which the class in question is maximal. This would the case when [ = {'a' : 'r/A E L W FA} {'a': L 0;;;; A('a')}. In other words, a normal logic L is complete if and only if it is determined by the class of its frames.
=
The completeness problem we have been discussing so far consists in proving or disproving, of a certain normal logic L and a certain set [of frames, the following claim: for all A, A E L if and only if A is valid in C.
Proposition. The rules (RC), (RE), (RPE), (RS) and (US) are not truth-preserving in any of the eleven logics in the chait in section 1.1.3. It is also easy to show that each of the soundness results mentioned is maximal in the sense that no larger dass of frames yields soundness. Furthermore, the results are additive in a sense made clear by the following general remark:
An equivalent way of formulating this problem is to ask whether it is true that for every finite set I, I is consistent in L if and only if I is satisfiable in C.
Z
Plaut/!'I
25
The kind of completeness we have here is sometimes called weak completeness in order to distinguish it from strong completeness. The latter we define as follows: L is strongly complete with respect to C if every L-consistent set is satisfiable in C. Say that L is strongly detennilled by C if L is sound and strongly complete with respect to C. \! , Obviously. strong coml?leteness impli~s weak compl~teness. The strollg (i\jD completeness problem IS to prove or dIsprove the chum that , ;. y' ~ for every set l:. l: is consistent in L if and only if I is satisfiable in C.
/
Every part of the inductive step repeats these appeals to the appropriate truth-condition, the induction hypothesis and the Lemma on Maximal LConsistent Sets. This is true also of the step for the necessity, even though that step is more complicated. This is how it begins: lJJlL FX DA iff (by the truth-condition for D) 'tIy ((x,y) E RL lJJlL Fy A) iff (by the induction hypothesis) 'tIy ((x,y) E RL A E y).
=-
=
11 ;
f\
IJ
4. Canonical models
One of the most powerful techniques for proving completeness is with the help of canonical models. If L is any nonnallogic. then we define the canonical model for L as the triplelJRL = (UL. RL. VL). where UL = the set of all maximal L-consistent sets. RL = {(x,y) : x, y E UL & 'tiC (DC E x ~ C E y)}, VdP) = {x : x E UL & P E x}, for every propositional letter P. In this remarkable model. truth-at-a-point coincides with membership:
Thus the last bit that needs to be proved is that (t)
DA E x if and only if A E Y for all y such that (x,Y) E RL.
First suppose that DA Ex. If (x,y) E RL. then it follows from th~ definition of RL that A E y. Thus the bit that really needs proving-the only nontrivial part of the entire proof -is the converse. Suppose that DA f/. x. Consider the set I = {C : DC E x} U {...,A}. If this set is L-inconsistent then l: I-L.L. Therefore since L is finitary there is some number nand fonnula: CO, ... , Cn-I such that Co 1\ ... 1\ Cn-I E x and (C{) 1\ ... 1\ Cn-I 1\ ...,A) :J .1 is a thesis of L. By truth-functional reasoning, I-L (Co
1\ ... 1\
Cn-I) :J A.
Since L is nonnal. L is closed under Scott's Rule. Hence Canonical Model Theorem. Let L be any finitary nonnal logic. For all fonnula: A it holds that for all elements x E UL, lJRLFx A if and only if A Ex.
(
Proof. By induction on A. The basic step is a direct consequence of the definition of VL- For the inductive step. assume that the result holds for A and B. The Boolean parts of this step are easy. but it is instructive to go through one of them, for conjunction, say, to see exactly how it works: )JJ1L FX A 1\ B iff (by the truth-condition for 1\) !JIlL FX A and !JIlL F x B iff (by the induction hypothesis) A E x and B E x iff (by the Lemma on Maximal L-Consistent Sets) AI\BEx.
I-L (DCo
1\ ... 1\
Den-I) :J DA.
Applying twice the Lemma on Maximal L-Consistent Sets we conclude, first, that DC'.{) 1\ ... 1\ DCn-l E x and, second, that DA E x. This contradicts the assumption that DA f/:. x. The conclusion is that the set I is L-consistent. Hence, by Lindenbaum's Lemma, there is some maximal L-consistent set y such that l: ~ y. Evidently, A f/:. y and y E UL and " (x,y) E RL as we wanted. Notice that the canonical model deserves its name: every thesis of L is true at every point in l))1L. so 'DlL really is a model for L. However, the canonical frame 'itL = (UL RL) need not be a frame for L. If it is, then let us call L canonical. (Here we assume that L is finitary and normaL) Theorem. Every canonical logic is strongly complete.
7 l
25
Proof. Suppose that ~ is L-consistent. By Lindenbaum's Lemma there is some wE LTL such that l: <;;; w. By the Canonical Model Theorem, if A E w then A is true at w in lJRL. Hence ~ is satisfiable in ~L In other words, L is strongly dctennined by its canonical frame. ..
Define fx = x", for every x E U. proved by induction on A ..
The assertion of the theorem is then
We say that a set V .; U is definable by afannula in a model lJD = (U, {x E U : lJR "'x C}. In this case we say that C is a characteristic fonnula for V.
R. V) if there is some formula C such that V == Thus for evely canonical logic we have two completeness results: it is dctermined by the canonical frame. but of course also by the class of alI frames for the logic. In general, there may be any number of classes of frames detennining a logic. The preceding work makes it easy to derive completeness results for all the cleven logics discussed above. ,For example, to show that the , GOdel!Fcys/von Wright logic T is detennined by the class of refleXive frames, it is enough to show (i) every reflexive frame is a frame for T, (Ii) thc canonical frame for T is reflexive. The fonner we already know. To prove the latter, take any x E UT. By definitioll of RI'. (x,x) E Ref if 'riC (DC E x ~ C E x». Thanks to the a.xiom schema (T). which is provided by the logic T, t11is is certainly the case. S.
The finite model property
This section contains an account of some technical concepts. the importance of which will become clear from the following two sections. A model is separable if for any two points in the model there is some' fonnula that is true at one of the poillts but. false at the other. Note that canonical models are always separable. Lemma. Let lJD = (LT, R, V) be any model. Then there is a separable modeIIJ)l" = (U", R", V") and a surjection f: U -----<> U" such that, for aJl A. !In 1=1. A if and only if!Jn" I-fx A. Proof. Define a relation S! by the condition x S! y if and only if. for all A, j}Jl I=x A if and only if lJl I=y A This relation is an equivalence relation. Let x" be the equivalcnce class {u E U : x", ul Write U/ ... for the set of equivalence classes. Define IJD:" (U". R", V"), where
U"= R" '" {(x",y") : 3u Ex" 3v E y" (u,v) E R}, v "(P) {x" ; 3u E x" u E V(P)}, for every propositional letter P.
Lemma. formula.
In a finite separable model every subset is definable by a
Proof. Let lJR = (U. R. V) be separable and finite. For each x, y E U such that x ':f. y let Cx,y be a fonnula true at x and false at y (this is. possible since ll» is separable). For each x ~ U define Cx as the . conjunction (iIi some order) of the formulre m {C,..,y : x ~ y}. Fmally. if V .; U, then define Cy as the disjunction (in some order) of the formula:; in {Cx : x E V}. (The conjunctions and disjunctions are welldefined since lJD is finite.) It is clear thatCy is true at every point in V and at no other point. .. A nOlmal logic is said to have the finite model prop~rty (fmp) if every nonthesis of the logic has a finite countermodel that IS a model for the logic. It has the fmp in the strong sense if, for every nonthesis ~, th~re is a number n(A) such that A is false in some model for L With a~ most n(A) elements. Similarly, it has the fin~te frame property (jfp) IS every nonthesis has a finite counterframe that IS a frame ~or the logl?, and it has the ffp in the strong sense if, for every nonthesls A, there IS a number n(A) such that A is false in some model on some frame for L with at most n(A) elements. Theorem. A nonnallogic has the fmp if and only if it has the ffp. Proof. It is at Ollce clear that having the ffp implies having the fmp. For the converse. suppose that L is a normal logic for which !In = (U. R, V) is a finite modeL There is no loss of generality if we assume that !In is separable. We wish to show t.hat (U. R) is a frame. for L. Sll:ppose that V* is any valuation in U and write lJR* = (U, R, V*). It Will be enough to show that lJR* is a model for L. This we do by showing how we can simulate lJIl* within 'lit Since ll» is fillite and separable we can find, for each propositional letter P, a fonnula Cp that is characteristic of
27
IIPIIJj)}*, the truth-set of P in 'ID*. Let s be the substitution function that assigns, to each propositional letter P, the formula Cpo Then it is easy to prove by induction that for every formula A and evelY point x E LT,
Filtration Theorem. Let ml° be a filtration of mI through lI'. Then, for all formula: A E 'I' and all elements x in mI,
mI I=x sA if and only if mI* I=x A. Suppose now that A E L. Let x be any element of U. Then sA E L since L is closed under uniform substitution. The assumption that lJJl is a model.for L implies that sA is true at x in mi. Hence by the result just proved, A is true at x in mI*. "
( 6. Filtrations We say that a set 'I' of formula: is closed under subJormulre if. for a11narv operators 0 and all fommlre Ao, ... , An-I, if o(Ao .... , An-I) E'I' th~n AO, ... , AII-1 E'I'. FurthelIDore, A is asulJJorrmda of B if A E 'I' where 'I' is the smallest set that contains B and is closed under subformulre. Note that the set of subformula: of any given formula is finite. Let mI = (U, R, V) be a given model. Then any set 'I' of formula: closed under subfonllula: induces a relation == (mod '1') on Uby the condition x == y (mod '1') if and only if, for all A E'If , lJIl I=x A iff 'lU Fy A. It is readily seen that this relation is an equivalence relation. Let us write XO for the equivalence class of x, that is, the set {u E U : x '" u (mod 'II)}. (We may drop'the reference to 'I' when it is clear what set 'I' is.) Let us write U/'I' for the class {XC : xE U} of equivalence classes.
Lemma.
t
I
I
I
If 'I' is finite, then U/W is finite.
Proof. If lI' contains exactly n elements, then Uf\P cannot contain more than 211 elements. • By afiltration of mI through 'I' we mean a model mI" satisfying the following conditions:
0) (iiA) (iiB) (iii)
=(UO, RO, VO)
UO = UflP, if (x,y) E R then (xQ,yO) E RO. if (XD,yO) E RO then. for all A such that OA E'I', if mI I=x OA then mI I=y A, if P is a propositional letter such that P Ell', then X O E VO(P) if and only if x E V(P).
ml° I=xo A if and only if mI I=x A.
Proof. By induction on A. Condition (iii) is tail.o~ed to ~uit the basic step. In the inductive step the Boolean cases are trlVlal, while conditions (iiA) and (iiB) guarantee that the modal case goes through.
'* Note that filtrations always exist. In particular. the following definitions yield filtrations: (xD,yO) ERmin iff 3x' .. x 3y' == y (x',y') E R,
The former we call a minimal, the latter a maximal filtration (over U/'I'). This terminology is npt gratuitous, for if R is any filtration relation over U/'I', then Rmin <; RO <; Rmax. The following result shows that in one important case all filtration relations coincide: O
Theorem. Suppose IlJlL is the canonical model for some normal logic L. Let ml° = (U/lP, RO, VO) be a filtration of miL through 'V. Then, if 'm:" is a model for L, then Rmin =R" =Rmax· Proof, In view of previous remarks it will be enough to show that Rmax <; Rruin· Suppose that (XO,yO) E Rmax. Consider the sets r.:::: {A: ml° I=x" A} and I!;:= {A : mI" I=yo A}. Note the obvious fact that r ~ x and I! == Y (mod '1'). Since, by assumption, mI" is a model for L, r and I! are L-consistent, indeed maximal L-consistent, so r, A E UL. It is easy to verify that (r.I!) E RL. Hence (XO,yO) ERmin. • In the important applications of the filtration theorem it is the canonical model (or a generated submodel thereoO that gets filtered through the set of subformula: of some formula. The minimal normal logic K provides an example. Suppose that A is any nonthesis of K. Then we know that A is false at some element x in the canonical model for K. Let 'I' be the set of 8ubfOlIDulre of A. Then A is false at XOin any
29 i
i
, ! I
I
{
filtration of the canonical model through lV. Moreover, as 'P is finite in this case, the filtration is finite and in fact of cardinality at most '2n , where n is the cardinality of '1'. Finally, the filtration is surely a model for K (every model is a model for K!). Hence K has the finitc model property in the strong sense.
Lemma B.
The argument just given can be adapted to show that not only K but in fact all eleven of the logics discussed in section 1.1.3 has the fmp in the strong sense. We end the section by presenting anothcr example, that of S4.
The proof is by induction on n. If n==:O the contention is clearly true. Assume that it is true for n (the inductive hypothesis) and also that (XO,yO) E (Rmin)n+l. Then there is some w such that (XO,WO) E (Rmin)ll and (WO,yO) ERmin. Suppose that oA E x. By the inductive hypothesis, oA E w. Since (WO,yO) ERmin there will be elements w' and y' such that w '" w' and y '" y' (mod "III) and (w',y') E RS4· By assumption DA E'I', so OA E w'. The fact that w' E US 4 and that OA::::) DOA is a thesis of S4. Hence DOA E w'. Therefore DA E y'. Appealing again to the fact that DA E 'P, we conclude that DA E y. This ends the proof of the contention (:j:).
Let!JJis4 be the canonical model for S4. We want to show that S4 has the strong fmp. Lemmon and Scott, who were the first to do this, did it by defining 5.111#:::: (Us4l''V, R#, YO), where 'P is any fixed, finite set of formula:, Us4iW and yo are as above, and R# is defined by the condition R#==:{(xO,yO):'ilA(DAEXn'P ~ AEy&OAEy)}. Then it is immediately clear that 1JJl# is a filtration, and since it is finite, reflexive and transitive the desired result has been achieved. However, for pedagogical reasons we shall now consider a longer proof of the same result, which shows in a simple form a line. of reasoning we shall encounter twice below. first in conncxion with ancestral and then with dynamic logic Define lIllt = (Us4/''P, Rto YO) where Us4/'lJI and yo are as before but Rt is the ancestral of Rmin: Rt = (RnlliJ*· Thus defined, jjJ}t is a finite, reflexive and transitive model and therefore a model for S4. He.nce if we can show that smt is a filtration, then we have shown that S4 possesses the strong fmp. What needs to be done is to show that conditions (iiA) and (iiB) in the definition of filtration are satisfied. This we do in two steps, Lemma A and Lemma B. Lemma A.
Proof.
If (x,y) E RS4, then (XO,yO) E Rt.
Immediate.
III
When we go to the next step we make use of the fact that in the canonical model truth-at-a-point and membership are co-extensive properties.
Proof. (t-)
If (XO,yO) E Rt and DA Ex n'l', then A E y.
We begin by proving the following auxiliary contention: if (XO ,yO) E (Rmin)I1, then DA E x implies OA E y.
After this preliminary, assumc, for any x, y E US4, that (XO,yO) E Rt and that oA E x n w. Then oA E y by (:j:). Furthermore, OA => A is a thesis of S4. Hence A E y, as we wanted. .. By a theorem proved earlier we see that our relation Rt is in fact identical with Lemmon and Scott's relation R#. Their proof is of course much shorter than ours, hut it is ad hoc in a way that ours is not. For we know that if we are to succeed in our enterprise-to prove that there exists a filtration of the canonical model for S4 through the given finite set lJ1 that is a model for S4-then 1)J1t must be that filtration. The reason is that Rt has to be reflexive and transitive, and it has to inelude the minimal filtration relation Rmin. Consequently, Rt has to include (RmirJ"'. Since there seems to be no fUlther condition to add, Rt defined as (Rmin)'" is the natural candidate for a filtration relation. This is in fact the recipe we shall follow when we are faced with similar problems in chapters 2 and 3: to stalt with the minimal filtration and then add whatever conditions the situation requires. The finite model we define will therefore always be a model for the relevant logic, and the only difficulty will he to prove that it is a filtration.
31
'7.
Deddability
Let us &'ly that a concept is (effectively) decidable in a celiain domain if for every entity in that domain one can decide, in a finite number of steps, whether the concept applies to that entity. Thus a logic is deci?able if for every fOimula in the language it is possible to decide. in a filll~e num~r of steps, whether the formula is a thesis. The concept of bcmg a filllte frame for a logic is decidable if, for every finite frame one can decide, in a finite number of steps. whether that frame is a frame for the logic. In modal logic the main usefulness of the filtration method has been in proving the deeidability of logics.
/ Theorem. Let L be a normal logic for which the notion 'finite fmme for L' is decidable. Then L is decidable if L has the fmp in the strong scnse.
know that A is a thesis. If the answer is No, then we turn to the enumeration of frames for L. This time we ask whether A is false at any point in any model on the frame. As with checking the axiom schemata, this task can be accomplished in a finite number of steps. If the answer is Yes, we know that A is not a thesis. If the answer is No, we go back to the enumeration of formal proofs and begin a new round of investigation. (The flow-chart below should make the procedure quite clear.) The way we have set up the two projects guarantees that, sooner or later, our quest will terminate. For if A is a thesis, then the assumption thut L is axiomatized by e implies that there is a formal proof of A, and that proof must then occur in our enumeration of formal proofs. On the other hand, if A is not a thesis, then the assumption that L has the fmp implies that A has a finite counterframe for L, and so that frame occurs • ' in our enumeration of frames.
It follows that the eleven logics mentioned in section 1.1.3 are all decidable.
IBETH! I
Theorem. Suppose that L is a normal logic that can be axiomatized with only finitely .many axiom schemata and with (RC) or (RN) or (RS) or{RPE) as only lllference rule other than (MP). Then L is decidable if L has the f mp. Proof. C?n the given hypothesis you can devise a method for deciding L by defi~lllg the following two projects. One is to provide an enu~eratlO~ of all formal proofs in the axiom system that generates L. call It 6. Smce there are only finitely many axiom schemata in 6 and only the t.w0 rules, thi.s is a possible task. The other is to provide an enumeratIon.o.f all fimte f~ame~ f~r L: This c~n be done by going through all fimte models (ldentIfymg IsomorphIC models), first those with one element, then those with two elements, then those with three elements, and so on. For each frame one has to check whether the axiom schem~ta of e are true; this is possible since the model is finite and only has fimtely many propositions. The inference rules mentioned need not be checked since we already know they are validated. With both projects defined, we can proceed to decide whether a given formula A is a thesis of L or not: "all we have to do" (in fact a Gargantuan task) is simultaneously to go through the two enumerations. In the enumeration of formal proofs we look at the last formula of thc fOimal proof: is that the formula A? If the answer is Yes, then we
I
J
r
__~J Cousider :!lISt 'I,llLCh~hed pnlOl! !_y_i:l_s....---'jr-----------. ~ i"'1'OPI. the· I 113 the lMt formula A?
I
',. ,
.'"
A'
lj
a
SIS.
1 I
No
I Cousider the first unchecked model!
l Does it reject A?
No
Ye$r=~--~------~ STOP! A j;:< nol a Uresis,
I
If we introduce <"'> as another modal operator by the definition <*>A ". -{,d-,A, for all A, we can derive the following truth-condition:
2. Ancestral logic
!))l I=x <*>A iff for some y, (x,y)
2.1. Semantics 1.
e
Sand 'Dl I=y A.
Concepts of truth and validity, etc., can now be taken over from modal logic. However, this will not gi ve the desired result: our notion of frame is too general. To overcome this problem let us define a frame (U, R, S) or model (U, R, S, V) as standard if S = R*. It is clear that every frame, standard or not, determines a logic. The logic of paramount interest to us is that determined by the class of all standard frames; let us call it the basic ancestral logic. To axiomatize that logic and prove the axiomatization sound and complete is the task of this chapter. '
Model t.heory
In ancestral logic is seems natural to begin with semantics, for that is where. the g?nera,Iization over modal logic takes place. Having defined a more InclUSive kInd of model we may then ask ourselves what the object language would be appropriate to deal with this new kind of model. Having settled on an object language we may then tum to the question of how to axiomatize various logics defined by the semantics.
For allY one-place propositional operator 0, define aDA as the formula consisting of A preceded by n occurrences of o. formally, define aDA = A and on+lA = oonA, for all n. Define Rn as the relative product of R by itself n times. Formally. let Au be the diagonal relation {(x,x) : x e U}. Then, if R is a binary relation in U, define RO = Au and Rn+l = R I RH, (Hence R* = U~ORn.) Note the following truth-condition for [.]n:
In ordinary modal logic frames are pairs (U, R) where U is a set and R is a binary relation in U. One other binary relation definable in terms of R is R*, th~ ancestral ?f R. Why not introduce a new modal operator, perhaps wntten [*], with the following truth-condition relative to a model lJJl: and a point x in the universe of the model: .
lJIl I=x [·]I1A iff for all y, if (x,Y) E Rll then lJIl Fy 1\.
!JIl I=x [* JA iff for all y, if (x,Y) E R* then 'lll I=y A.
Lemma. A frame ~ is standard if and only if all instances of the following schemata are valid in 'it:
This ~s. wha~ is dO,ne in ancestral logic, except that we will put our de~llltlOns In a slIghtly different way. By ajrame (for ancestral logic) we shall mean a triple (U, R, S) where U is a set, and Rand S are binary relations in U. As in modal logic. a model is a frame with a supplementary valuation; hence a model (for ancestral logic) is a strueturc (U, R, S, V) where (U, R, S) is a frame and V is a valuation inU. We now officially add [*] as a new modal operator to the language of chapter 1. For the sake of typographical consistency we write [.] instead of D. To the truth-conditions for propositional letters and Boolean operators listed in chapter 1 we add the following two, where we assume that !))l = (U, R, S, V) and x e U: !))l
I=x [']A iff for all y, if (x,y) E R then lJJl 1=)' A
:om Fx ["'JA iff for all y, if (x,y) E S then :om I=y A
(*E) (*1)
[*]A:l['JnA, foralln, (A 1\ [*](A:l [·JA)):l [*]A.
Proof. It is easy to show that they are valid if W is standard. for the converse, suppose that W = (U, R, S) provides (*E), for allll, and also (:1'1).
4
First suppose that there is some pair (x,y) E R* - S. Let V be a valuation in U assigning {u : (x,u) E S} to a celtain propositionallctter Y. Then the situation is that (X,Y) $; S but there is some n such that (x,Y) ERn. Consequently in the model defined by this valuation [*]A is true at x while ['lnA is false, contradicting the validity of (*E). Hence R* ~ S.
34
Next suppose that there is some pair (x,y) E S - R*. Let V be a valuation assigning {u: (x,u) E R*} to a certain propositional letter P. Then, since R* is reflexive, (1)
[* ](A::J [']A) is true at x.
But (x.y) E S and. since (x.y) (3)
f/:. R*, P is false at y.
Therefore
[*]Aisfalseatx.
This is in contradiction with the assumption that (*1) is valid on '3'. Hence So;;; R*.
2.
By contrast we have the following result:
Theorem. The basic ancestral logic is not compact
P is true at x.
Moreover, suppose that (x,v) E S. Say that P is true at v. Then (x, v) E R*. Moreover, for any w such that (v,w) E R we have (x,w) E R*, and so P is true at w. This means that [']A is true at v, and so (2)
3'::)
"
Proof. Consider the set I = {[. ]np : n 2 O} U {-,[ * ]P}. where P is some propositional letter. Let 'It = CD. R. S) be the frame where lJ is the set of natural numbers, R is the successor relation {en, n + 1) : n 20} and S = R*. Then 'It is a standard frame. For any n let Vn be any ,'aluation assigning {i . i :<;:; n} to P. Let ~I be any finite subset of}:. Then there is some m such that, for all i> m, [.]ip f/:. II. Consider the model defined on ',f by Vm. In that model [.]ip is true at 0 for all i :<;:; m. Moreover, -,[*]p is true at 0 .. Hence II is satisfied at O. This argument shows that every finife subset of~ is satifiable in a standard frame. However, it is easy to see that ~ itself is not satisfiable in any standard frame. Iii
Compactness and noncompactuess
A logic L is compact over a class C of frames if any set ~ of fmmulo:e is satisfiable in C whenever every finite subset on:: is satisfiable in C. Let us say that L is compact (without qualification) ifL is compact over.the class of its frames. This is a geneml concept and certainly meaningful for modal logics.
2.2. Syntax 1.
Axi oma tics
Let 1I{ be the following axiom system: the axioms of U( are
Theorem. Let L be a finitary normal modal logic. complete, then L is compact.
If L is strongly
Proof. Let L be finitary and strongly determined bv C, where C is the class of its frames. Suppose that ~ is a set of formul~, every finite subset of which is satisfiable in C. Then every finite subset of}: is satisfied at some point in some model on some frame in C, and therefore is Lconsistent. Hence by finitariness, }: is L-consistent. Hence by strong • completeness, I is satisfiable in C.
Corollary.
Every finitary normal canonical logic is compact
(i) (i i)
all instances of any thesis of the modal logic K for [.] and [* J, all instances of the schemata (*T) (*El) (*4) (*ind)
[*]A::J A, [*]A::J ['JA, [*lA::J [*][*]A. (A 1\ [* J(A::J ['lA» ::J [* ]A,
and the inference rules of U are (MP) and (RN) for [*]. (Explanation of the labels: (*El) is a kind of elimination schema, (*ind) a kind of "induction" schema. The other two-(*T) and (*4)-are straightforward generalizations of the modal schemata (T) and (4).)
We know from considerations in section 1.1. 2 that instead of (RN) we might equally well have adopted as a primitive rule (RC), (RS), (RE) for [>I<] or (RPE). There are two other popular modifications of 21 that likewise do not affect the sct of theorems.
HA
A
[>I< ](A ::J [']A)) ::J ['](A
A
[* ](A::J [·]A)).
Hence by the new rule (R*ind),
llroposition.> Let U' be the axiom system obtained from m: by replacing the schemata (* T), (*El) and (*4) by the single schema
Then Am' = AU. Proof. That (*M) implies (*1') and (rEI) is clear. To see that it also implies (*4), notice that (*M) implies that I-[*]A::J rJ[*]A. AppJying (RN), we conclude that I-[*]([*JA::J rH*]A). But the following is illl iJl.stance of (*ind):
Ii
Hence by truth-functional re.1soning" [*]A ::J [*] [>I<]A
Proposition. Let ~J" be the axiom system obtain from U by deleting the schema (*ind) and instead adding the inference rule
Then A2I"
I- [*](A::J [']A)::J ['][*](A::J [·]A).
Using (*T) and truth-functional reasoning we observe that C~)
Soundness 111eorem. of standard frames.
The system U is sound with respect to the class
By an ancestral logic we mean a logic containing as theses all theorems of 21. An ancestral logic is normal if it is closed under (RC), (RN), (RS), (RE) for ["') or under (RPE) (if it closed under one it is closed under all). Thus in a normal ancestral logic, [.] is at least a K-modality and [*] at le.'lst an S4-modality.
2. Comparison with tense-logic
=AQ(.
Proof. From proposition just proved, wc know that, for every C, .. [*]C::J ['][*Jc. In paIticular, then, (1)
The choice between these many different possibilities will depend on thc purpose of the analysis and perhaps personal taste. Here there is no need to choose. (Question: How does the schema [*]A ::J (A A [.][ *]A) compare to (:1:.I\'1)?)
HA
A
[*](A::J [']A))::J [·1A.
Putting (1) and (2) together we conclude. with a bit of modal rea~;onil!g. that ~ >
Basic tense-logic with both future and past time also employs frames (U, R, S), but there the requirement of standardness is that Rand S be the inverses of one another; that is, that S = {(x,y) : (y,x) E R}, whence of course R = {(x,y) : (y,x) E S}. Comparison with this kind of tense-logic is not particularly enlightening, at least not at this point. More relevant is tense-logic for discrete future time. One naturally thinks of time as linear, but in their abstract analyses tense-logicians like to allow future time to "branch". Thus their frames are triples (U, R. S) where S = R:4:, as in our standard ancestral frames. In their language they have two non-Boolean operators, often written 0 and D. An informal reading of OA is "at the next moment, A" or "tomorrow, A", while DA is read "at every future moment, A" or "always, A".
38
39
The characteristic a"dom schemata for tense-logics relating to this conception are similar to those of !I. For example, we have K for 0, and paraIlelIillg (*T), (*EI), (*4), and (*ind) we have either (if time is reflexive so that the future is regarded as including the present) DA:JA, DA:J OA DA :JDDA, (A 1\ D(A :J OA» :J DA,
or else (if time is irrefiexive so that the future is regarded as beginning tomorrow) DA:J OA, DA:JDDii.. (OA 1\ D(A :J OA» :J DA.
Usually tense-logicians cast time as being endless. When they do, the followillg schema becomes valid: -{OA
1\
O-'A).
The casc when time is Iillear is another special case. The following extra axiom schema then becomes appropriate: OA v O'A.
That addition makes 0 a particularly pleasant operator to work with as it now commutes with every other operator: O-.A '" -'OA, oCA 1\ B) .. (OA 1\ OB), DCA .. ODA, etc., all become theorems.
2.3. Completeness 1.
Canonical models
Let L be a finitary normal logic. We can define the canonical model for L along the lines of section 1.2.4, namely, by putting l))}L (UL, lq" SL, VD where
UL = the set of all maximal L-consistent sets, RL'" {(x,Y) . "i/C ([']C E x C E y)}, SL:::: {(x,y) : "i/c ([*]C Ex=:> C E y)}, VL(P) {x: P E x}, for all propositional letters P. It is now possible to prove a Canonical Model Theorem to tJ:e effect t~at fJJ1L i'=x A if and only if A E x, for all formulre A and all pOints ~ E liL However in contrast with the cases we examined in chapter 1, thiS canonicai model is not immediately useful to us, for although it is a model for the logic, it is not a standard. model. It is ~ fa~t ~hat (~L)* k SL: bu\ it is also a fact -except when L IS one of certam triVial logIcs-that lRrJ ;t. SL For let l: be the set {[.]nl>: n;;:: O} U {..,r*1P}. In section 2.1.2 we saw that l: is consistent in any ancestral logic for which the natUJ:al numbers frame ll' defined there is a frame. In such logics, oy Lindenbaum's Lemma. there exists a maximal L-complete set u extending l:. Note that u E UL Since ['" JP $. u there exists some w such that (u, w) E SL and P r;. w. Sincce [.]np E u, for every n, (u, w) f/i (RL)*.
What this means is that the canonical frame (UL RL, SL) is not a frame for L in any interesting case. In other words, no interesting nor~nal ancestral logic is canonical. This in turn means that extra wor~ IS needed before completeness can be established. Our strategy will be to proceed via filtrations: filtering ~he canonical mod~l throu~h a judiciously chosen formula set WIll produce a filtratIOn that IS a standard model suited to our purpose.
2.
Filtrations
Filtrations are defined in the same way as in chapter 1. Since Lis normal and finitary. the canonical model for L exists with the usual properties. Here we are only going to filter the canonical ~odel of L, so we phrase the definition of filtration with an eye to that particular application. Let W be a set of formulre that is closed under subformulre. The equivalence relation", (mod lP) is defined as before. Let us say that l))}" (U", R", S", VO) is ajiltra.tion of the canonical model ~ through W if the following conditions are satisfied: (i)
(iiA) (iiB)
(iiiA)
U" is the class UIlIl of equivalence classes XCI where x E UL if (x,y) E RL, then (XO,yO) E R O , if (XO,yO) E RO , then [-JA E x n Wonly if A E y, if (x,y) E SL, then (XO,y") E So,
40 (iiiB ) (iv)
if (XO,yO) E So, then [",]A Ex n 'If only if A E y, if P is a propositional letter in 'If, then VO(P) = {XO : x E VL(P)}.
Filtration Theorem (first version), for all x E UL.
Now let us compare this passage with the corresponding 'passage in the proof of the second version. Here there are the followmg cOiTesponding four conditions:
For all fonnulre A E'lf and
(1') (2')
lJRO Fxo A if and only if 5JllL !=x A.
Filtration Theorem (second version). for all x E UL,
For all fonnulre A E'lf and
Proof. The difference between the two versions is that in the fonner we proceed via the canonical model for L, whereas in the latter we prove the theorem from scratch. The difference is not great, but it is WOI1h comparing the two altematives. The former version is proved as in the case of modallogie. The induction is on the complexity of A. Let us scrutinize the subcase when A is of the form [']B, where the result to be proved is assumed to hold for B (the case when A is of the form [",]B is similar). Here one has to argue that the following conditions are logically equivalent: 1JIl" !=X0 [. ]B,
(2)
Vy «XO,yO) E W
~
lJRo Fy0 B),
(3)
Vy «XO,yO) E RO
~
'lIlL Fy B),
(4)
5JllL !=x [. ]B.
( 4')
[']B Ex.
The equivalence of (1') and (2') and of (2') and (3') foll0'Y~ as ~~fore. Going from (4') to (3') is strai ghtforward, thanks to condItIon (liB). But going from (3') to (4') involves a cel1ain subtlety.
1JI1o !=X0 A if and only if A E x.
(l)
:11
Assume that (3') holds. With the help if condition (iiA), we see that BEy for all y such that (x,y) E RL. Using the definition of RL. we note that {C : [']C E x} I-L E. Appealing to the finitariness of Land to Scott's Rule, we conclude that {[']C : [']C E x} ~L [']B; in other words, x I-L [']E. Hence (4'). [']B E x, as we wanted. The argument just given holds a certain familiarity: we met it in the proof of the Canonical Model Theorem, in the modal part of the inductive step. The point we wish to make here i~ that i~ we p,?ve t~e Filtration Theorem from scratch-the second versIOn-dIspensIng WIth any appeal to the Canonical Model Theorem, the~ we still have to go over what is the crucial part of the proof of the Canolllcal Model Theorem. , Thus the work to be done is pretty much the same in the two cases. • The analysis that now follows may be viewcd as a generalization of the analysis of S4 in section 1.2.6. Keeping Land 'IJ as specified we define lJIlt =: (U", Rt, st, VO) as follows:
The equivalence of (1) and (2) follows from the truth-condition for [-]. that of (2) and (3) from the induction hypothesis. To go from (3) to (4), assume that (x,y) E RL, for any y E UL. Then by condition (iiA), ( (XO,yO) E RO, and hence lJllL Fy B, by (3). Consequently, 5JllL FX [·]B. Conversely, to go from (4) to (3), assumc that lJIlL FX [·]B. Then by the Canonical Model Theorem, [']B Ex. Suppose that (XO,yO) E RO. Then, since [·]B E'If, condition (iiB) yields BEy. Hence by the Canonical Model Theorem 5JllL Fy B, as we wanted.
n
Rt = {(x,y) : 3x' '" x 3y' '" y (x',Y') E RL},
st = (Rt)"'.
c~T~ it is clear-f~~-th~-o~~~~~-~~~';;'t is a finite standard mod>~')
We will now·-ShoWlhatitis--a-tiltration.. . That.eemiititlrrfiiAtis-saflsfied is clear. To see that (iiB) is satisfied, suppose that (XO,yO) E R" and that [']A E x n 'P. By definition there are some x' !5 x and y' .. y such that (x,y) E RL. Since [']A Ex n 'If, also [']A E x', Hence A E y', and
42 since lJI is closed under subfonnulre and thus A E lJI, A E y. Thus the difficulty in proving that lJJl:t is a filtration consists in showing that conditions (iiiA) and (iiiB) hold.
Proof. Falling back on an argument in section 1.2.5, we make the following observation: for every set V ~ VO there is a Boolean combination Cv of fonnulre in lJI-a disjunction of conjunctions of fonnulre, each of which is either a fonnula in lJI or else is the negation of a fonnula in lJI-such that, for all wE VL, WO E V if and only if Cy E w. (This is a notion of separability subtly different from that in section 1.2.5. However, the proof of the new claim is analogous to that of the old result.) Suppose now that (x,y) E SL. Let W be the set {(ZO : (XO,ZO) E St}. By the observation just made there exists a Boolean combination Cw = C of fonnulre in lJI such that, for all t E VL, (0)
to E W if and only if C E t.
4} Proof. We begin by proving the following claim, for all elements u, v E UL and for allll:
The claim is proved by induction on n. If (UO,VO) E (Rt)O then UO = va, and so u '" v. Thus in this case it is trivial that [*]A E v if [*]A E un lJI. Assume therefore that the claim (:lJ) holds for n. Suppose that (UO,VO) E (Rt)n+l and that [*]A E u n lJI. Then there is some w E UL such that (1)
(UO,WO) E Rt,
(2)
(WO,VO) E (Rt)n.
Condition (1) implies the existence of u and v such that u' '" u and w' '" w and (u',w') E RL. Evidently, [*]A.E u'. Above we have seen that [*]A => ['][*]A is a thesis ofL. Hence ['][*]A E u' and so [*]A Ew'. Since lJI is closed under subfonnulre, [*]A E w. This result places us in a position to apply the induction hypothesis to wand v; the conclusion is that [* ]AE v. This ends the proof of (:lJ).
Since st is defined as the ancestral of Rt, we certainly have XO E W, so (1)
:!
i
I
C Ex.
Let u be any element in VL such that (x,u) E SL. Suppose that C E u. Then by (0) we have UO E W. Hence if v is an element of VL such that (u,v) E RL it follows by the definition of Rt that (UO,VO) E Rt;. therefore also VO E Wand so, by (0), C E v. This goes to show that [']C E u. In other words, we have shown that
But L is a normal ancestral logic, so every instance of the schema (*ind) is in x. Hence, by (1) and (2), [*]CE x. But (x,y) E SL by assumption, so C E y. Hence, by a final application of (0), yO E W, which is the same as saying that (XO,yO) ESt. •
Lemma B.
If (XO,yO) E St. then [*]A E x n lJI only if A E y,
Returning to the main proof, suppose that (XO,yO) ESt and [*]A E x n lJI. As lJJl:t is standard there is some n such that (XO,yO) E (Rt)n. By the observation (:IJ), therefore, [*]A E y. But [*]A => A is a thesis of Land so is an element of y. Hence A E y. •
Corollary.
lJRt is a filtration.
Theorem The axiom system '2l is sound and complete with respect to the class of all ancestral frames. In other words, the basic ancestral logic is axiomatized by '2l.
Proof. Let ~ be a finite set of fonnulre consistent in A('2l), the logic generated by the axiom system'2l. By Lindenbaum's Lemma there is some maximal consistent set x extending~. Let lJI be the set of all subfonnulre of fonnulre in ~. Then lJI is a finite set, and we can construct the modellJRt as described above. By the corollary, jj)lt is a filtration of the canonical model lJRt for A('2l) through lJI. By the filtration theorem, therefore, ~ is satisfied at XO in lJRt. And the frame of lJRt is a frame for A(U). •
44
45
3. Dynamic logic
The basic ancestral logic is thus an example of a logic that is finitary without being compact. Corollary.
The basic ancestral logic has the finite model property.
Notice that even though what we have proved is a weak: completeness result-noncompactness precludes strong completeneness-deddability still follows.
Theorem. The basic ancestral logic is decidable, It is always a good idea to review a long proof and try to pinpoint the roles of the various assumptions that have been made. In the case of 21 the following remarks apply.
A(21) is a finitary logic normal in both [.] and [*]. There is a crucial point in the proof of the Canonical Model Theorem that depends on these features. As we saw, if one prefers to sidestep canonical models, the Filtration Theorem takes a form that requires the same crucial point to be proved.
3. L Semantics 1.
Frames
Semantically speaking, in modal logic we have one accessibility relation, in ancestral logic two. In dynamic logic we go the whole way: ~he~e,are indefinitely many accessibility relations" Thi~ tim~, thou~h, the l?tUlbon is somewhat different. In modal (deontlc, eplstemlc) lOgiC th~re IS a , static universe; from a point one roilY have access to other pomts, but no change is envisage~, Ancestrallo,gic. is c?mpletel~ abstract and thus as static as modal logic. In tense-logiC time IS sOI?ethl~g that.hap~ens to you, not anything that is up to you. I~ dynamiC logiC th~ Idea I~ tha~ the accessibility relations are actions. ~hl~ way of rep~sentJ?g.actlOn~ IS certainty rudimentary, but it is a begmnmg. DynamiC logiC IS a logiC of action of a primitive kind. '
J
Let U be any set. By an action in U we understand any binary relation in U. Then by aframe we may und~fStand ~ pair (U~ R) where U is a. set (the universe of the frame) and R IS a famtiy of actions (the repertmre of
Without finitariness lindenbaum's Lemma could not be invoked in the completeness proof.
the frame),
A(2l) provides (",ind). Without it we would not have been able to
Such a general concept of frame is.not veo/ interesting, ~ough. ~~ us say that a frame (U, R) is standard if R satisfies the foIlowmg conditions:
llrove Lemma A. l'..,,'lt) tliovides \.*\1\. -:J I\. and \.*\1\. -:J \:\\'*\A, Witncro.ttnem we
would not have been able to prove \..emma \3.
if a, b E R then a U b E R and a I b E R, if a E R then a* E R. if X ~ lJ then fest X E R. Here U stands [or set theoretical union, 1[or relative product, and"' [or the ancestral. Furthermore, test X = AU 1 X, where AU is the diagonal relation in U, that is, {(x.x) : x E U}, and 1 indicates restriction to X. A more general description of a frame would be as a structure (U, R, P), where U is a set, R = {IRI, U, I, "', test} is an algebra of relations in U ("actions") and P {IPI, n, U, -, 0, 1, after} is an algebra of subsets of U ("propositions"). Here IRI and IPI are the carriers .o~ the respective algebras, and the operator after is defined by the condition alter(a,x)
=
46 {x: 'ltu «X,u) E a => u E X}. The latter is obviously related to the "interior" operators discussed in the section on algebraic semantics in chapter 1. Then standard frames would be those where R is a regular algebra (meaning that the condition on the operations of R listed above are satisfied) and P is a normal modal algebra such that P =~u. However, we shall not pursue this line in the present notes.
i
,I
(
Central among the indefinitely many operations in a frame are the members of a family which we will now describe. There are two basic semantic categories in our theory, that of propositions and that of actions. If U is a universe, then let P be the set of propositions, R the set of actions. (In our theory, P is simply the power set ~U of U.) The family we have in mind is the class of all operations belonging to one of the following two types: pm X Rn------> P, pm X Rn -----+ R.
In. the .former case. ~e s~y that. the operation is proposition-fonning (Yleldl11g a proposition If appbed to m propositions and n actions) in the latter t~~t it is action-fonning (yielding an action when applied to'm propositions and n actIOns). We should like to find the logic determined by the new concept of frame. To do so we must first decide on an object language suited to this kind of frame.
2. Language What would be a fruitful object language for reasoning about standard frame~? The answer to this question depends on what model theoretical operations that are thought to be interesting. To parallel the structure of our semantical machinery, let us postulate two syntactic categories F (formula:) and T (terms). In each category there are denumerably many primitive symbols, all distinct (propositional letters and action letters). Every other primitive symbol belongs in either of the following categories: FIll X Tn ------> F, FIll X Tn ------> T. The former are formula makers, the latter term makers. The formula makers are (i) Boolean operators, of type pIl-----+ F, for some m, (ii)
47 the higher order operator [ ] ("after") of type F X T ------> F. The term makers are + ("sum") and; ("composition") of type T2 -----+ T, * ("the Kleene star") of type T ~ T, and? ("test") of type F -----+ T. A more traditional definition of the language would be the following inductive definition; which defines 'formula' and 'term' atthe same time: 1. 2. 3.
4. 5. 6. 7. 8. 9.
Every propositonalletter is aformula. Every action letter is a term. If 0 is an n-ary Boolean operator and Ao, ... , An-I are fonnulce, then o(Ao, ... , An-I) is afonnula. If A is aformula and a is a term, then [alA is aformula. If a and ~ are terms, then a + ~ is a tenn. If a and 13 are terms, then a;13 is a tenn. If a is a tenn, then a* is a tenn. If A is aformula, then?A is a tenn. Nothing is aformula or a term except by virtue of I -
8:
We say that an expression is we1l1onned if and only if it is either a formula or a term. This object language was first defined by Vaughan Pratt who wanted to use it in order to discuss, in a formalized way, the effect of programs. Informally, a command to do a + ~ is carried out by doing either a or ~ (it does not matter which); a command to do a;~ is carried out by first doing a, then doing 13; a command to do a* is carried out by doing a some finite number of times (0 or I or 2 or... -it does not matter which). The command? A is carried out by verifying that A obtains. If A does not obtain, then it is obviously impossible to verify that A obtains. For this reason, calling? A a test program, which is often done, is slightly misleading: the label "test" may suggest that one is expecting a yes-or-no answer, but that is not the case. 3. Models
Only now can we define the notion of a model. Let us say that V is a valuation in a frame (U. R) if it is a function assigning a subset of U to each propositional letter and an action in R to each action letter. A model is a structure (U, R, V) where (U, R) is a frame and V is a valuation in (U. R). We define the meaning or intension IIElljjR of wellformed expressions E in a given model jjR =: (U, R, V) as follows (although for convenience we shall omit the superscript).
:1
45 1.
2. 3.
4. 5. 6.
7. 8.
For every propositional letter IIPII = VCP). For every action letter n, Ilnll = VCn). For Boolean operators the conditions are obvious. For example, if 1\ is primitive, then flA 1\ Btl = IIAB n IIBU' if -, is primitive, then lhAD U - !lAII; etc. ) lI[a]AU = after (Dall,flAlI).
In the light of the discussion in chapter 2 olle realizes that this is onlV one of a number of axiom systems, all of which lead to the same class of fonnal theorems.
=
fla + 1311 = lIan U 11131L lIa;!3D = Dalll 1I!31L
lIa*H= !lall*. II?AU = test 1IAlI.
(Here after is ~.in section 1.) Notice that this definition parallels, step by step. the defimtIon of well-fanned expressions. Notice also: the intension of a formula is a proposition. the intension of a term is an action. We say that A is true at x (in 00) if x E IIAII. Other scmanticaJ notions including those involving truth and validity, are taken over from modai lo~ic. !n particular we can now pose a completeness problem: how to aXlomatlze t~e ~a.sic propositional dynamic logic (PDL). that is, the set of formula: valid In every-standard frame?
3.2. Syntax 1.
49
Axiom systems
Let'!l be the axiom system whose inference rules are eMP) and (RS) for every operator [al, and whose axioms are the instances of the following schemata:
C+) (;)
[a + (3]C '" ([alC 1\ [(3]C). [a;!3JC= [u][J3]C,
(*4)
[a*]C=> C. [u*]C=> [a]C" [a*]C:J [a*][a*]C.
(",ind) (1)
(C 1\ [a*l(C => [a]C» => [UIl<]C, [1 A]C '" (A => C).
(*T) (*Ell
Soundness Theorem. All theorems of'E are valid in every standard frame. A dynamic logic is defined as a logic containing as theses all theorems of ~. A dynamic logic is normal if it is closed under (RC), for every [a]. (or equivalently under (RN) or (RS) or (RE) or (RPE». Thus in a normal dynamic logic every operator [a] is at least a K-operator, and every operator [a*] is at least an S4-operator.
2. Fischer/Ladner closure By the Fischer/Ladner conditions we mean the following: (FLO)
(FL+) (FL;) (FI.ft) (FL?)
If 0 is any n-ary formula making operator, then o(AO.... , An-I> e W only if An, ''', An-l E qf. I[ [a + !31CeWthen [a]CEW and [13]C EW. I[ [a;!3]C E W then [a] [!J]C E W. If [a*]CEWthen [a] [WF]C ew. If[1A]CeWthenA EW.
The Fischer/Ladner closure of a set W is the smallest set closed under the Fischer/Ladner conditions that includes W.
The FischerfLadner Lemma. set is finite.
The Fischer/Ladner closure of a finite
Proof. It seems difficult to give a rigorous proof of this result that is also reasonably intelligible. Here we shall sacrifice rigour in the hope of maintaining intelligibility. (Readers dissatisfied with the lack of rigour are invited to work out a rigcrous proof based on the outline we present here.) We show how to construct, for each formula in the language, a certain tree. Every node is of the form (n, A), where n is a label and A the associated formula. We make an ad hoc distinction between formula: that are "underlined" and formula: that are "not underlined", a distinction
51
not made in the statement of the Fischer/Ladner conditions. Assume, for the sake of example, that conjunction and negation are our primitive Boolean operators. The following inductive definition contains instructions for how to grow our trees. Unlike trees you see in nature ours grow downwards.
..,B
.A
2. If (n, A) is a node where the associated formula A is completely underlined, then nothing is to be added under that node. (
."
3. If (n. A) is a node where the associated formula A is not completely underlined, then proceed as follows. Let Band C stand for formula: that mayor may not be underlined, completely or partially. (i) If A is B 1\ C then find new labels n' and n" and add (n', B) and (n", C) as new nodes directly under(n, A). (ii) If A is -,B, then find a new label n' and add (n', B) as a new node directly under (n, A). (iii) If A is [nJB, then find a new label n' and add (n', B) as a new node directly under (n, A). (iv) If A is [a + ~]C, then find new labels n' and n" and add (n', [a]C) and (n W]c) as new nodes directly under (n, A). (v) If A is [a;I3]C, then find new labels n' and n" and add (n', [a]ffi]Q) and (n", [I3]C) as new nodes directly under (n, A). Notice that part of the formula associated with n' is underlined . (vi) If A is [a* ]C, then find new labels n' and n" and add (n', [aJIm:.JQ and (n", C) as new nodes directly under (n, A). Notice that part of the formula associated with n' is underlined. (vii) If A is [?B]C then find new labels n' and n" and add (n', B) and (n", C) as new nodes directly under (n, A). d
,
One 'gets a better WastJ of these instructions b')' 'E,lll.'\lhica1\')', as \n \he chart on the next \la'ge.
I
c
B
B
[~]C
[C(J[~]C
[~]C
B
1. If (n, P) is a node in the tree, where P is a propositional letter, then nothing is to be added under that node.
[:n;]B
[?B]C
/~c
B
[ct+ ~JC
A
[a]C
It is clear that every branch in \T terminates. This is so because any formula that is added is simpler than the preceding fonnula in every case except when [aJ1IiK:. is added under [a;131C, or [a][a*]C is added under [a* ]C. But underlined formula: will not influence later growth of the tree: the only part of [alE or [a]£a*lC that will give rise to growth is the initial raJ-operator. For our purposes the complexity of [a]1IiK:.and [a][a*lC is therefore the same as [aJQ, where Q is a propositional letter. Hence also in these two cases are the successor formulre simpler than the predecessors. Thus ~ is a finitely-branching tree, evelY branch of which is finite. By Konig's Lemma, such trees contain at most finitely many nodes. Hence '11(~) is finite. This proves the lemma, for the Fischer/Ladner closure of any set I is the union of the Fischer/Ladner closures of the sets {A} with A EI. •
~kpi.ctin'g them
Le\ U' be, the tree geneIated b')' an')' formula A, and let 'lJ(U') be the set of fOffim\a':, (disIegaIding, an')' undeI\i:ning,) that are associated Vli\h a\ least %orne node i.n "S. No\i.ce, \ha\ eveT\' unde.\ined lUffim\a OI %\l'olmroula of an associated formula in the tree "appears somewhere else without underlining. Hence every formula of the Fischer/Ladner closure of the set {A} is an element of 'V(U'). Also the converse holds, so 'V('J') is ill fact exactly the Fischer/Ladner closure of {A}.
3.3. Completeness 1.
Canonical models
Let L be finitary normal dynamic logic. Also in this case can we define = (UL, RL, VO for L. To do so, just generalize the modal concept in the obvious way: define the canonical model SJRL
52 VL = the set of maximal L-consistent sets, RL = the family of ail relations RL(a) where a is a term in the language and RL(a) = {(x,y): 'lfe ([a]e E x ~ eE y}, YL(P) = {x : P E x}, for every propositional letter P, YL(n) = RL(n), for every action letter n.
Proof. See the proof of the filtration theorem for ancestral logic, the .. second version.
1
The Canonical Model Theorem can be proved. so lJJlL is indeed a model
~L
However, IID:I. is not a standard model (the main "defect" is that (R(a))* In order to achieve a is in general only a proper subset of R( a* completeness result we would have to transform lJJlL into a standard model without changing whatever truth-conditions are dear to us. One technique for doing this is by way of filtration. This is the way we went when faced with the corresponding problem in ancestral logic. However, as we remarked there, the detour via the canonical model is not really necessary. Here we shall go directly for the filtration.
n.
2.
Let W be a finite set of formula: closed under subformula:. We write a. 'YJ W if a is a term occurring in some formula in W. As before we designate by '" (mod lJI) the equivalence relation induced by W in VL writing X Ofor the equivalence class {x' E UL : x'" x' (mod 'II)}. Let us write Vo for the set UIW of equivalence classes in VL We say that a: modellJllo = (Va, W, YO) is afiltration thr9ugh W if
(B) (e)
Let 'If be a given finite set of formulre but this time closed under the FischerlLadner conditions. We shall construct a particular model with universe Va, where as before VO is the class V!\¥ of equivalence classes in VL of .. (mod 'II). We define a family of binary relations lalt in UI'I' as follows.
1,J
Inlt ==
if (x,y) E RL(a) then (XO,yO) E RO(a), if (XO,yO) E RO(a) then [alA E x n W only if A E y, YO(P) == {Xo : P E x} for every propositional letter PEW.
We mark intensions in 1Jl1.0 by the little ring. For each formula A E \1' let us write IAlo ={Xo : A E x}. The fonowing is an immediate generalization of the filtration theorem of modal logic: 'l'l\eorem. For every formula A E \1', IIAllo = lAID. for every formula A E Wand every point x E lJL, SD\Q Fxc A if and only if A E x.
In other words,
f;>
{(XO,yO): 3x' .. x 3y' .. y (x,y) E RL(n)}, for evelY action letter n 'YJ W. 1c~lt
la + j3lt = 1a.;j3lt = lo.*lt = I?Alt =
u
1~lt,
lo.lt I 1(31 t, (Ialt)*, lesllAlo.
Now define SJllt = (UIW, Rt, Yt), Rt
Filtrations
(A)
53
'=
{hit: a 11 \P},
= IP[O, for every propositional letter PEW,
YtCP)[ == 0, for every other propositional letter P. = [nit, for every action letter n 11 w, Yt(n) { = 0, for every other action letter n.
-
.
Notice that SJIlt is a standard model. We shall now prove that, given that L is a finitary normal dynamic logic, SJIlt is a filtration.
Lemma A. If (x,Y) E RL(Y) , then (XO,yO) E Iylt, for all y 'YJ W. Proof. By induction on y. Suppose that (x,y) E RL(Y). If Yis an action letter n in W, then the claimed result follows by the way /nIt was defined.
If y == ?C for some formula C then suppose that A E x. Then C:=J A Ex, so by the "right-to-left" half of the axiom schema called (7) [?C]A Ex. Hence A E y. This shows that x ~ y and hence that x == y. Since C E W, IClo is well-defined. Consequently, (XO,yO) E AO 1lClo, which is to say that (xOf) E I?eft.
rL,
54
Suppose now that the result holds for some terms a and must check the cases when y is a + f3 or 0.;13 or 0.*.
fl in 1J1.
We
First suppose that y =:: a + 13. We contend that (x,y) E RL(a) or (x,y) E RL(f3). For suppose not. Then there are formulre A and B such that [alA E x and [~]B E x while A f/: Y and B f/: y. By modal logic, [a](A v B) E x and [~](A v B) E x. Hence by axiom schema (+) ("right-to-Ieft"), [a + f..](A v B) E x. Then A vB E y, a contradiction; which ends the proof of our contention. By the induction hypothesis, (XO,yO) E lalt or (XO,yO) E 1~lt. In either case, (XO ,yO) E 10. + [311" by definition of IJIl:t. Next suppose that y =:: 0.;13. We contend that there is an element w such that (x,w) E RL(a) and (w,y) E RL(j3). Consider the set I = {A: [alA Ex} U {<j3>B : BEy}. If I were L-inconsistent, then there would be some Ao, ... , Am-l and Bo, ... , Bo-I such that [a]AO, ... , [a]Am-1 E x and Bo, ... , Bn-I E y and I-L (AO" ... " Am-I" <j3>BO " ... " <~>Bn-I)
=> .1
By modal logic, therefore, (AO" ... " Am-I " <~>(BO" ... " Bn-I)) :J .1 is a thesis of L, and hence
By Scott's Rule, I-L ([a]Ao " ... " Ia]Am--l) => [a]Ij3]-{Bo " .;. "Bn-I), and so finally, by the schema (;) (,'right-to-left"),
Lemma A for ancestral logic, so we omit the details. Suffice it to say that it is in this palt that the "induction schema" (*ind) is needed, and that " it matters that 'If is finite. Lemma B. If (XO ,yO) E Iylt then [y]C Ex n'lf only if C E y.
Proof. By induction on y. Assume that (XO,yO) E Iylt and [y]C E x n w. First suppose that y is an action letter n. Then there are elements x' ". x and y' '" y such that (X',y') E RLCn). The fact that [n]C E x n W implies that [n]C E x', hence that C E y'. But 'If is closed under subfonnulre (among many other conditions), sO'C E 'P. Hence C E y. Next suppose that y = ? A, for some formula A; note that by (FLO) . and (FL?) both A E 'If and C E W. Then X O= yO and A E x. By axiom schema (?) ("left-to-right"), A :J C E x, hence C E x. Since x"'y, C Ey. . Suppose now that the result holds for some tenns a and B in W. must check the cases when y is a + fl or a;f3 or Wi-.
In
First suppose that y = a + 13. this ease our assumption is that [a + P]C Ex n'lf. By axiom schema (+) ("left-to-right"), [a]C E x and [P]C E x. By (FL+), both [a]C E 'If and [j3]C E W. Moreover, either (XO,yO) E lalt or (XO,yO) E If3lt. The induction hypothesis, applied to whichever case obtains, gives us C E y. Next suppose that y = a;j3. In this case our assumption is that x n w. By axiom schema (;) ("left-to-right") and (FL;), (1)
[a] [/i]CEx
I-L([a]Ao" ... " [a]Am-l):J [a;/3]...,(BO" ... " Bn-I). Evidently then [a;~]""(Bo " ... " Bn-I) E x, therefore ...,(BO " ... " Bn-I) E y, a contradiction. This argument shows that I is indeed L-consistent. Hence, by Lindenbaum's Lemma, there is some maximal L-consistent extension w of I. It is clear that w has the right properties, so our contention has now been proved. By the induction hypothesis, (XO,W O) E lalt and (WO,yO) E 1r1lt. Hence (XO,yO) E la;Blt by the definition of
'IDt. Finally suppose that y = U*. This is the most intricate link in proof of the lemma. However, it is completely analogous to the proof of
We
[a;~]C
n'p.
By construction of R'j' there is some w such that
(3)
(WO,yO) E
1~lt.
The induction hypothesis used on (1) and (2) gives us [j3]C E w. (f'LO) , [PJC E W. Hence
(4)
[/3JC E w
n 1J1.
By
E
-------------_._----------
56
The induction hypothesis used on (3) and (4) gives us C E y. Finally suppose that y = a*. This case goes through in very much the same way as the proof of Lemma B for ancestral logic, so we omit the details. Note, however, that for this step we need axiom schemata (*T), (*El), and (*4) as well as the condition (FL*). •
Being able to answer these questions is a sign that you have understood the long proof.
3.4. Limitations of PDL Corollary.
!JIlt is a filtration. 1.
3.
Completeness of PDL
Suppose that ~ is a finite ,»-consistent set of fonnulre. Then, by Lindenbaum's Lemma, there is some maximal ,»-consistent set x such that ~ ~ x. Let 111 be the Fischer/Ladner closure of~; as we saw, 111 will be finite. Construct smt as in the preceding section. Then ~ is satisfied at XO in !JIlt. As we remarked before. !JIlt is a standard model. Hence every finite <.»-consistent set is satisfiable in a standard frame.
* Readers who have fonowed the exposition ~lP to this point may now go back over the last completeness proof and ask how the different pieces fit together, just as we did after the completeness proof for ancestral logic. III particular there are the fonowing questions: Where does it matter that ~ is finitary?
Whe~'e does the syntactic strength of '1) come into play- the cla~slCal Boole~n P3l1, the modal part (every operator [aJ is 1l00mal), the aXIOm schemata (*T), (",El), (*4) and (*ind)? Why Was it imJX:lrtant that 111 was closed under subformulre? Under the full Fischer/Ladner conditions?
Path semantics
The semantics studied in these chapters may be called relational semantics. In the present chapter we have represented actions (programs) semantically as relations.. Is this a good representatio~? The question is obviously incomplete: good for What'? For some purposes the terse representation of PDL is adequate, for others it may not be. Instead of hying to be more specific, let us consider an alternative. Dynamic logic rests on the observation that an antomaton is always in one total state or other and that it makes sense to associate witb the automaton a space of all tbose total states.in which it could possibly be. A particnlar run (computation, execution) by the automaton of a program can tben be represented in tllis sp.:lce by a path, namely, tbe sequence of total states that tbe automaton goes througll during the run (in the order in wbich it goes through them). Paths evidently divide into three categories: tbose tbat balt (the computation completed). tbose tbat fail without baiting (tbe computation not completed), and tbose tbat never stop. If we assume tbe automaton to work in a discrete fasbion, we can associate a signature (R(a), F(a), lea»~ with a program a, where H(a) is the set of halt paths (each halt path being finite), F(u) is the set of fail paths (each fail path also being finite), and lea) is the set of infinite paths. Here we have another way of representing a prog~. It goes .\Vitho~t saying that the representation in p::th sema~tics-If we may call It ~-.IS mnch richer, contains much more mformatlOn than the representatIOn III relational semantics. Given a signature (H(a), F(a), lea»~ we can define a relational representation R(a) as the set of all ?airs (x,y) for which there is some halt path from x to y. More preCisely. define p as a path in U if P is a function from some initial J <:f the set of natural numbers into U. Obviously, J is finite if and only If p E H(a) U F(a), an~ J equals the set of natural numbers if and only if p E lea). There IS no. harm in treating the function pas a sequence of el~ments. Th~s p(O) IS the first element of p, and if p is finite we shall wnte pel) for It last element. We may now define
55
R(a) = {(x,y) : 3p E H(a.) (p(O) = x & P(H) = y)}.
From this point of view, R(a.) gives an exceedingly schematic representation of the program a, ignoring all fail or infinite paths and also all intermediate states in the halt paths. Thus given only a relation R there is no possibility of reconstructing the signature of a..
I
The fact that path semantics is much richer than relational semantics of course does not mean that is "better". Analysts always have to strike a reasonable balance between expressiveness and simplicity: the more powerful (detailed, sensitive, sophisticated) the modelling is, the less tractable the analysis tends to be. The poverty of the relational semantics is a viitue in some contexts. However, one must be clear about what it can do and what it cannot do. In a following section we shall illustrate this remark.
2. A warni.ng regarding
IF - THEN - ELSE
and
WHILE
One of the attractions of dynamic logic is that, in a certain sense, by its means. one can formalhe the important operatOTs 1F A THEN a. ELSE ~ and (J.. W\\\L'C A. The sense in which it can be done is this'. there are terms t~at can simulate the effect of these operators. More precisely, the followmg formul~ are valid in PDL, for all c: {1F
A THEl'l
(J..
ELSE ~lC
'" {(? A;a.)
+ (.A;~)lC,
la. WHILE AlC '" W A;a.)*;(?A·)lC.
However, this does not mean it is desirable let alon identify IF A THEN a ELSE 13 with (?ka.) +(' A.R)· e necessmy, t? ' --. ,I-' or a WHILE A WIth the}: ar~'di~e;~llt ~~i~he .c~ntraIYth' intuiti~ely one probably feels that < ns, In pa semantIcs they celtai I T h' . t IS, J~st no~e that ill any model the action I/(? A;u) + (--,l.~)~r~iIl .1° see contam a fml path at everv point (th t . ,I-' a ways II" "J a IS, <X> E F«? ku) + (--,kl.l)) ~ a pOInts x In the universe) but OIF A . , ,p , or fail path. Similarly. II(? A;~)*;(?--'A)~I~~:a~E 13!1 need .not c?ntain auy but 110. WHILEAJI need not do so. ays contams fall paths, (? kct)*.(? A
There are of course many other exam les f h is, of actions that cannot be disting~ished i~ ~;LS:~e p~el1om~no~;. that and path semantics distinouish th t' n tough IlltUltion offered by Ilnll an~lll?T .111. em-he sImplest example is perhaps
:?
",9
\Ve shall now give the promised example of a case when the relational semmltics does not suffice but requires some enrichment.
3_ The delta operator Some actions can be characterized as resulting in a certain state-of-affairs. Thus opening a door results in the door being open (at the moment the action has been completed); killing a mosquito results in the mosquito being dead. It might not be easy to give a full analysis of such actions, but as a first approximation one might introduce an operator b with the idea that bA is the action consisting in bringing it about that A. Suppose we want to pursue this idea within the context of dynamic 10Ctic. \Vhat semantic conditions would be. appropriate for 1'17 Several decisions must be made. First there is the distinction between reliable and unreliable doings. If a mediocre darts player hits the bull's eye, then one of many descriptions of the action he just perfonned is that it consisted in hitting the bull's eye. But (under normal circumstances) his success was by no means assured. If he tries to repeat his action (by running "the same program" a second time) he may well fail. This is an e~ample of unreliable doing. The analysis of such doing seems more difficult than that of reliable doing. Hence our decision to restrict tJ to reliable doing. Next we must face the fact that often there are several ways of bringing about one and the same state-of-affairs. Rather than choosing between them or trying to impose some kind of ordering on them (with a view to designating some of them as "normal" ways of performing the action) we go for maximality and recognize them all: given a frame we define the intension of CiA as the set of pairs (x,y) such that for some action il in the repertoire, iJ is a reliable way of seeing to it that A is true at y, and (x,y) E iJ. Formally, if (U, R) is a given frame, JlMIl
= {(x,y) : 3iJ E R «x,y) E iJ & 'dz «x,z) E iJ ~ z E IIAII)}.
This, then, defmes the delta of maximal, reliable doing. There are other ways of defining delta, perhaps more interesting. Still, this is one possibility, and it has some claim to interest. However (this is the point of the example!), the definition just given is not in accord with our intuitions as described. To see this, suppose that u names an action that, at a particular point x in a model, is an unreliable
60 way of seeing to it that A. In other words, there arc points y and w such that (x,y) E nAil and (x,w) f/:.IIAII, Then lIa;?AII ~ IlbAIi. That is to say, on our definition, a reliable way of doing A is to do anything and then ask whether A obtains; if it does, we have achieved A, if not the run has failed and so does not count. Thus (x,y) Ella;? All sillce (x,y) E 110.11 and (y,y) E II?AII, but (x,w) I$.lla;:AiI since, even though (x,w) E !Iall, still (w, w) f/:. II? AIL Our formal result is of course informally absurd: no-one would wish to claim that, in general, a;? A is a reliable way of seeing to it that A. The mistake in the formal analysis sketched above was to try to carry out within the relational semantics of PDL a project that evidently requires greater resources. In particular, for the delta operator it is not enough to consider just runs that terminate: if we do not wish to adopt path semantics in all its rich complexity, at least we must find some other way to register the possibility that paths may fail or be infinite. [Readers interested in a further discussion of these matters are referred to the author's article "Action incompletencss" in Studia logic:a, vol. 51 (1992).]
4. Background 4.1. Historical remarks 1. Modal logic. Philosophers have been interested in modal notions-necessity, possibility, contingency-since Aristotle, and some, for example Aristotle himself, have tried to study their logic. Modern modal logic may be said to have begun round 1912 when C. L Lewis, upon reading Russell and '''hitehead's Prillcipia mathematical, ~eeame interested in trying to find a connective more suited than matenal implication to express our informal concept of entailment. Thanks to Lewis and others a formalism for "a1ethic" modal logic was developped, With time, logicians noted that this formalism was capable of other interpretations. Already in the 19308 KUlt GMel had observed that the box operator of modal logic can be read as "it is provable in the system S that", oiven that S is a suitable formal system, In the 1950s Georg Henrik von Wright championed several other interpretations: "epistemic", "doxastic", "deo!ltic" (some te.n ~ears later the forme~ two would be extensively explored by Iaakko Hmtlkka), and Arthur Pnor developped "tense-logic" in close analogy with modal logic.
However. it was only with Saul Kripke that modal logic really t.ook off. Bemnning 1959 he published several papers in which he introduced what we"'now refer to as I(ripke semantics or possible-worlds-semantics. Historians interested in the development of modal logic will have to assess the relative importance of Carnap's and Prior's work as we,ll as the work of Stig Kanger and laakko Hintikka. who published, related Ideas . independently of Kripke and in fact somewhat earlier than he; there IS also the famous Jonson & Tarski paper from 1951. Neveltheless, there is no doubt that it was Kripke 's papers that triggered the explosive growth of modal logic of the following two decades. The exposition in the present notes is in the tradition of John Lemmon and Dana Scott as set out in the Lemmon Notes. One feature that makes their theory so elegant is the concept of the canonical model. The idea of using Henkin's method in modal logic occurred, independently, to a number of other authors as well, for example, David Makinson, Max Cresswell and Kurt Schtltte, but those authors restricted themselves to case studies and did not see and did not seek the generality that Lemmon and Scott achieved. The concept of filtration, which they also employed, was modelled on an algebraic construction of J. C C. McKinsey.
L
62
In the bibliography four textbooks have been listed. Lemmon's book, the published version of a draft completed three days before Lemmon's death, is of great historical interest. Written as a monograph rather than as a textbook perhaps it makes greater demands on readers that the other three, but it is still a favourite with this author. The books by Chellas and Hughes & Cresswell are standard texts in modal logic. Goldblatt's book, unlike the other three, deals with dynamic logic as well as modal logic. Therefore it is probably the best choice for those whose interest in modal logic is secondary to their interest in dynamic logic.
{
Lemmon's book contains a valuable historical introduction. Some historical remarks are also made in the survey article by Robert Bull and the author. In section 2.2.2 we touched on tense logic. For further discussion, see the survey paper by Burgess listed in the bibliography. The author's paper "On von Wright's tense-logic", also listed in the bibliography, was to ~ave b~en the ~rst publication of a completeness proof for the tenselogIC of dIscrete linear future time with operators for both 'next' and' at all times'. 2. DJnamic l?gic. There are ~horter completeness proofs for PDL than the ~me gIven .h.ere. The vIrtue of our proof is that it so clearly bel~ng~ m t~e ~radltlon of .mo~llogic: from a theoretical point of view, dym\l~llC logIC IS a genera~l~ation of modal logic. Consequently the tec~mques that mo~alloglclans have built up are almost immediately aVaIlable for studYlllg dYl1ronic logic.
called the modal logic of programs) seems to have been due to .tv1ichael Fischer and Richard Ladner, who were able to prove in 1976 that PDLthe set of formulre valid in all standard frames-has the stron" fmp and so is decidable. '" In modal logic it is unsual for an fmp result to be proved before completeness has been settled, but in this case completeness turned out to be hard. By the summer of 1977 the author of these notes had worked out the completeness of ancestral logic (essentially the proof presented in ch~pter 2). He had also developped a completeness proof for PDL, which he presented in Blian Chellas's seminar at the University of Calgary in July 1977 and then announced in the Notices o/the .4. AI. S. Independently of this and of one another, several other researchers were tryi?g to produce their own completeness proofs. In particular, Rohit Pankh, then at Boston University, had his own proof by November 1977. In early January 1978 the author, to his everlasting chagrin, discovered that one of his inductions did not get off the ground. In other woids. his proof contained a gap and therefore was no proof. The author's . co~pleteness proof for ancestral logic was still correct, but the honour of hav.lllg produced the first con'ect proof for dynamic logic belongs to Pankh. Later he and Dexter Kozen published a shorter proof, which is now regarded as the classic ref~rence for the completeness of PDL. The author's mended proof, essentially the proof given here, was presented in March 1978 at the Banach Center in Warsaw. The ~urvey alticle by David Harel,an informative if difficult paper, proVides an account of the intense period of work following the initial petiod described above.
~~tt~: ;~:~d~~g~~~~gdit:~isp~~~~~!~~~~~hp~~~all~;it~:::i~~;~b~~s
en aS~lstan~ professor of computer science at MIT was t h' ' ,eac. mg a iradltJ~11 of cfomputer ~cientists who have tried to d~vel~:e::e~u~ long .orma Isms or reasonmg about what programs do Pr . Improve on previous efforts develo . . att, t.rymg to olle well-read student to co~e up aft~~ed hIsI own tdheory. whIch prompted Pr it d' one c ass an sucrgest that what a w~s ol.ng was ~ust modal logic. Incredulously ~att checked out o ~~",he:s & C:lesswell s bltrod'!ction tv nwdallogic from the libra
4.2. Selective bibliography
cou~s~ m Which program verification was one Issu'
wase~ de::"d~~~:e;:~:~;~~ :~a~~~~~SSic, Pratt was convinced?'ihen;
~~f:~~~~t~~~~~:~s}~c s~~~I~ic~ w~s lw~rked out; it w~ not clear how to .
rs resu t In dynamiC logiC (at that time still
1. Textbooks
CHELLAs, BRIAN F. Modallogic: an introduction. Cambridge and New York, NY: Cambridge Universiy Press, 1980. GOlDBLATT, ROB. Logics o/time and computation. CSLI Lecture Notes, vol. 7. Stanford University, 1987. (Third edition to be published soon.) HUGHES, G. E. and CREsSWElL, M. J. ,4 companion to modal logic.
London: Methuen, 1984.
64
l1~fv[MON,
E. J. (In collaboration with Dana Scott) An introduction to moda.llogic. (fhe "Lemmon Notes") American Philosophical Quarterly, monograph series, vol. 11. Oxford: Basil Blackwell, 1977. (Written in 1966.)
2. Survey articles BULL, ROBERT and SEGERBERG, KRISTER. "Basic modal logic." In Dov Gabbay and Franz Guenthner (eds), Handbook of philosophical logic, vol 2, pp. 1-88. Dordrecht, Holland: Reidel, 1984. DLI1<,\.JrrA>;:).
JOHN. "Basic tense logic." Ibid., pp. 89-133.
HAREL, DAVID. "Dynamic logic." Ibid., pp.497-604.
3. Original articles FISCHER, MICHAEL J. and LADNER, RICHARD E.
"Propositional dynamic logic of regular programs." Journal of computer and system sciences, vol. 18 (1979), pp. 194-21 L
KaZEN, DEXTER and PARIKH. Romr. "An elementary proof of the completeness of PDL." l1teoretical computer science, vol. 14 (1981), pp. 113-118. PARIKH, ROIDT. "ihe completeness of propositional dynamic logic."
In Mathematical foundations of computer science 197B, pp. 403415. Lecture Notes in Computer Science, voL 64. SpringerVerlag. 1978. "V Oil Wright's tense-logic." In L E. Hahn and P. P (cds), The philosophy of Georg llenrik von Wright, pp. 603-63 . The Library of Living Philosophers, vol. 19. La Salle, IL: Open Court, 1989. (Written ill 1974)
SEGERBERG, lOOSTER.
A.
KRISTER. "A completeness theorem in the modalloQic of prog~m~". In T. Traczyk (ed), Universal algebra and ~ appizcatlOllS, pp. 31-46. Banach Cellter Publicatiolls vol 9 Warsaw: PWN,1982. ' "