Boxes and Diamonds An Open Introduction to Modal Logic F19 Boxes and Diamonds The Open Logic Project Instigator Richard Zach, University of Calgary Editorial Board Aldo Antonelli,† University of California, Davis Andrew Arana, Université Paris I Panthénon–Sorbonne Jeremy Avigad, Carnegie Mellon University Tim Button, University College London Walter Dean, University of Warwick Gillian Russell, University of North Carolina Nicole Wyatt, University of Calgary Audrey Yap, University of Victoria Contributors Samara Burns, University of Calgary Dana Hägg, University of Calgary Zesen Qian, Carnegie Mellon University Boxes and Diamonds An Open Introduction to Modal Logic Remixed by Richard Zach Fall 2019 The Open Logic Project would like to acknowledge the generous support of the Taylor Institute of Teaching and Learning of the University of Calgary, and the Alberta Open Educational Resources (ABOER) Initiative, which is made possible through an investment from the Alberta government. Cover illustrations by Matthew Leadbeater, used under a Creative Commons Attribution-NonCommercial 4.0 International License. Typeset in Baskervald X and Nimbus Sans by LATEX. This version of Boxes and Diamonds is revision 4de392d (2020-0126), with content generated from Open Logic Text revision 6035a83 (2020-01-16). Free download at: https://bd.openlogicproject.org/ Boxes and Diamonds by Richard Zach is licensed under a Creative Commons Attribution 4.0 International License. It is based on The Open Logic Text by the Open Logic Project, used under a Creative Commons Attribution 4.0 International License. Contents Preface xi Introduction xii I Normal Modal Logics 1 1 Syntax and Semantics 2 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . 2 1.2 The Language of Basic Modal Logic . . . . . . . . 4 1.3 Simultaneous Substitution . . . . . . . . . . . . . 5 1.4 Relational Models . . . . . . . . . . . . . . . . . . 7 1.5 Truth at a World . . . . . . . . . . . . . . . . . . . 8 1.6 Truth in a Model . . . . . . . . . . . . . . . . . . 10 1.7 Validity . . . . . . . . . . . . . . . . . . . . . . . . 11 1.8 Tautological Instances . . . . . . . . . . . . . . . . 12 1.9 Schemas and Validity . . . . . . . . . . . . . . . . 14 1.10 Entailment . . . . . . . . . . . . . . . . . . . . . . 17 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2 Frame Definability 22 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . 22 2.2 Properties of Accessibility Relations . . . . . . . . 23 2.3 Frames . . . . . . . . . . . . . . . . . . . . . . . . 26 2.4 Frame Definability . . . . . . . . . . . . . . . . . . 27 v vi CONTENTS 2.5 First-order Definability . . . . . . . . . . . . . . . 30 2.6 Equivalence Relations and S5 . . . . . . . . . . . 31 2.7 Second-order Definability . . . . . . . . . . . . . . 34 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3 Axiomatic Derivations 39 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . 39 3.2 Normal Modal Logics . . . . . . . . . . . . . . . . 41 3.3 Derivations and Modal Systems . . . . . . . . . . 43 3.4 Proofs in K . . . . . . . . . . . . . . . . . . . . . . 45 3.5 Derived Rules . . . . . . . . . . . . . . . . . . . . 48 3.6 More Proofs in K . . . . . . . . . . . . . . . . . . 51 3.7 Dual Formulas . . . . . . . . . . . . . . . . . . . . 52 3.8 Proofs in Modal Systems . . . . . . . . . . . . . . 53 3.9 Soundness . . . . . . . . . . . . . . . . . . . . . . 55 3.10 Showing Systems are Distinct . . . . . . . . . . . . 56 3.11 Derivability from a Set of Formulas . . . . . . . . 58 3.12 Properties of Derivability . . . . . . . . . . . . . . 58 3.13 Consistency . . . . . . . . . . . . . . . . . . . . . 59 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 60 4 Completeness and Canonical Models 62 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . 62 4.2 Complete Σ -Consistent Sets . . . . . . . . . . . . 64 4.3 Lindenbaum's Lemma . . . . . . . . . . . . . . . . 65 4.4 Modalities and Complete Consistent Sets . . . . . 67 4.5 Canonical Models . . . . . . . . . . . . . . . . . . 70 4.6 The Truth Lemma . . . . . . . . . . . . . . . . . . 70 4.7 Determination and Completeness for K . . . . . . 72 4.8 Frame Completeness . . . . . . . . . . . . . . . . 73 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 76 5 Filtrations and Decidability 78 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . 78 5.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . 81 5.3 Filtrations . . . . . . . . . . . . . . . . . . . . . . 82 vii CONTENTS 5.4 Examples of Filtrations . . . . . . . . . . . . . . . 85 5.5 Filtrations are Finite . . . . . . . . . . . . . . . . . 87 5.6 K and S5 have the Finite Model Property . . . . . 88 5.7 S5 is Decidable . . . . . . . . . . . . . . . . . . . 89 5.8 Filtrations and Properties of Accessibility . . . . . 90 5.9 Filtrations of Euclidean Models . . . . . . . . . . 92 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 94 6 Modal Tableaux 96 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . 96 6.2 Rules for K . . . . . . . . . . . . . . . . . . . . . . 97 6.3 Tableaux for K . . . . . . . . . . . . . . . . . . . . 100 6.4 Soundness for K . . . . . . . . . . . . . . . . . . . 101 6.5 Rules for Other Accessibility Relations . . . . . . 105 6.6 Soundness for Additional Rules . . . . . . . . . . 106 6.7 Simple Tableaux for S5 . . . . . . . . . . . . . . . 109 6.8 Completeness for K . . . . . . . . . . . . . . . . . 110 6.9 Countermodels from Tableaux . . . . . . . . . . . 113 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 116 II Intuitionistic Logic 118 7 Introduction 119 7.1 Constructive Reasoning . . . . . . . . . . . . . . . 119 7.2 Syntax of Intuitionistic Logic . . . . . . . . . . . . 121 7.3 The Brouwer-Heyting-Kolmogorov Interpretation . 122 7.4 Natural Deduction . . . . . . . . . . . . . . . . . . 126 7.5 Axiomatic Derivations . . . . . . . . . . . . . . . 129 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 131 8 Semantics 132 8.1 Introduction . . . . . . . . . . . . . . . . . . . . . 132 8.2 Relational models . . . . . . . . . . . . . . . . . . 133 8.3 Semantic Notions . . . . . . . . . . . . . . . . . . 135 8.4 Topological Semantics . . . . . . . . . . . . . . . 135 viii CONTENTS Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 137 9 Soundness and Completeness 138 9.1 Soundness of Axiomatic Derivations . . . . . . . . 138 9.2 Soundness of Natural Deduction . . . . . . . . . . 139 9.3 Lindenbaum's Lemma . . . . . . . . . . . . . . . . 141 9.4 The Canonical Model . . . . . . . . . . . . . . . . 143 9.5 The Truth Lemma . . . . . . . . . . . . . . . . . . 144 9.6 The Completeness Theorem . . . . . . . . . . . . 145 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 145 III Counterfactuals 146 10 Introduction 147 10.1 The Material Conditional . . . . . . . . . . . . . . 147 10.2 Paradoxes of the Material Conditional . . . . . . 149 10.3 The Strict Conditional . . . . . . . . . . . . . . . 150 10.4 Counterfactuals . . . . . . . . . . . . . . . . . . . 152 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 153 11 Minimal Change Semantics 155 11.1 Introduction . . . . . . . . . . . . . . . . . . . . . 155 11.2 Sphere Models . . . . . . . . . . . . . . . . . . . . 157 11.3 Truth and Falsity of Counterfactuals . . . . . . . . 159 11.4 Antecedent Strengthenng . . . . . . . . . . . . . . 160 11.5 Transitivity . . . . . . . . . . . . . . . . . . . . . . 162 11.6 Contraposition . . . . . . . . . . . . . . . . . . . . 164 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 164 IV Appendices 166 A Sets 167 A.1 Extensionality . . . . . . . . . . . . . . . . . . . . 167 A.2 Subsets and Power Sets . . . . . . . . . . . . . . . 169 A.3 Some Important Sets . . . . . . . . . . . . . . . . 171 ix CONTENTS A.4 Unions and Intersections . . . . . . . . . . . . . . 172 A.5 Pairs, Tuples, Cartesian Products . . . . . . . . . 176 A.6 Russell's Paradox . . . . . . . . . . . . . . . . . . 178 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 179 B Relations 181 B.1 Relations as Sets . . . . . . . . . . . . . . . . . . . 181 B.2 Special Properties of Relations . . . . . . . . . . . 183 B.3 Equivalence Relations . . . . . . . . . . . . . . . . 185 B.4 Orders . . . . . . . . . . . . . . . . . . . . . . . . 186 B.5 Graphs . . . . . . . . . . . . . . . . . . . . . . . . 190 B.6 Operations on Relations . . . . . . . . . . . . . . 192 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 193 C Syntax and Semantics 194 C.1 Introduction . . . . . . . . . . . . . . . . . . . . . 194 C.2 Propositional Formulas . . . . . . . . . . . . . . . 196 C.3 Preliminaries . . . . . . . . . . . . . . . . . . . . . 198 C.4 Valuations and Satisfaction . . . . . . . . . . . . . 200 C.5 Semantic Notions . . . . . . . . . . . . . . . . . . 202 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 203 D Axiomatic Derivations 204 D.1 Introduction . . . . . . . . . . . . . . . . . . . . . 204 D.2 Axiomatic Derivations . . . . . . . . . . . . . . . 206 D.3 Rules and Derivations . . . . . . . . . . . . . . . . 208 D.4 Axiom and Rules for the Propositional Connectives210 D.5 Examples of Derivations . . . . . . . . . . . . . . 211 D.6 Proof-Theoretic Notions . . . . . . . . . . . . . . . 213 D.7 The Deduction Theorem . . . . . . . . . . . . . . 215 D.8 Derivability and Consistency . . . . . . . . . . . . 217 D.9 Derivability and the Propositional Connectives . . 218 D.10 Soundness . . . . . . . . . . . . . . . . . . . . . . 219 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 220 E Tableaux 222 x CONTENTS E.1 Tableaux . . . . . . . . . . . . . . . . . . . . . . . 222 E.2 Rules and Tableaux . . . . . . . . . . . . . . . . . 224 E.3 Propositional Rules . . . . . . . . . . . . . . . . . 225 E.4 Tableaux . . . . . . . . . . . . . . . . . . . . . . . 226 E.5 Examples of Tableaux . . . . . . . . . . . . . . . . 227 E.6 Proof-Theoretic Notions . . . . . . . . . . . . . . . 232 E.7 Derivability and Consistency . . . . . . . . . . . . 235 E.8 Derivability and the Propositional Connectives . . 238 E.9 Soundness . . . . . . . . . . . . . . . . . . . . . . 241 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 244 F The Completeness Theorem 245 F.1 Introduction . . . . . . . . . . . . . . . . . . . . . 245 F.2 Outline of the Proof . . . . . . . . . . . . . . . . . 247 F.3 Complete Consistent Sets of Sentences . . . . . . 248 F.4 Lindenbaum's Lemma . . . . . . . . . . . . . . . . 250 F.5 Construction of a Model . . . . . . . . . . . . . . 251 F.6 The Completeness Theorem . . . . . . . . . . . . 252 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 253 About the Open Logic Project 254 Preface This is an introductory textbook on modal logic. I use it as the main text when I teach Philosophy 579.2 (Modal Logic) at the University of Calgary. It is based on material from the Open Logic Project. The main text assumes familiarity with some elementary set theory and the basics of (propositional) logic. This material is part of a prerequisite for my course, Logic II. The textbook for that course, Sets, Logic, Computation, is also based on the OLP, and so is available for free. The required material is included as appendices in this book, however. I assign these appendices for background reading whenever I teach the material. Part I is originally based in part on Aldo Antonelli's lecture notes on "Classical Correspondence Theory for Basic Modal Logic," which he contributed to the OLP before his untimely death in 2015. I heavily revised and expanded these notes, e.g., the material on frame definability and tableaux is new. xi Introduction Modal logics are extensions of classical logic by the operators □ ("box") and ♢ ("diamond"), which attach to formulas. Intuitively, □ may be read as "necessarily" and ♢ as "possibly," so □p is "p is necessarily true" and ♢p is "p is possibly true." As necessity and possibility are fundamental metaphysical notions, modal logic is obviously of great philosophical interest. It allows the formalization of metaphysical principles such as "□p→ p" (if p is necessary, it is true) or "♢p → □♢p" (if p is possible, it is necessarily possible). The operators □ and ♢ are intensional. This means that whether □A or ♢A hold does not just depend on whether A holds or doesn't. An operator which is not intensional is extensional. Negation is extensional: ¬A holds iff A does not; so whether ¬A holds only depends on whether A holds or doesn't. □ and ♢ are not like that: whether □A or ♢A holds depends also on the meaning of A. While ordinary truth-functional semantics is enough to deal with extensional operators, intensional operators like □ and ♢ require a different kind of semantics. One such semantics which takes center stage in this book is relational semantics (also called possible-worlds semantics or Kripke semantics). For the logic which corresponds to the interpretation of □ as "necessarily," this semantics is relatively simple: instead of assigning truth values to propositional variables, an interpretation M assigns a set of "worlds" to them-intuitively, those worlds w at which p is interpreted as true. On the basis of such an interprexii xiii tation, we can define a satisfaction relation. The definition of this satisfaction relation makes □A satisfied at a world w iff A is satisfied at all worlds: M,w ⊩ □A iff M,v ⊩ A for all worlds v . This corresponds to Leibniz's idea that what's necessarily true is what's true in every possible world. "Necessarily" is not the only way to interpret the □ operator, but it is the standard one-"necessarily" and "possibly" are the so-called alethic modalities. Other interpretations read □ as "it is known (by some person A) that," as "some person A believes that," "it ought to be the case that," or "it will always be true that." These are epistemic, doxastic, deontic, and temporal modalities, respectively. Different interpretations of□ will make different formulas logically true, and pronounce different inferences as valid. For instance, everything necessary and everything known is true, so □A→ A is a logical truth on the alethic and epistemic interpretations. By contrast, not everything believed nor everything that ought to be the case actually is the case, so □A→A is not a logical truth on the doxastic or deontic interpretations. In order to deal with different interpretations of the modal operators, the semantics is extended by a relation between worlds, the so-called accessibility relation. Then M,w ⊩ □A if M,v ⊩ A for all worlds v which are accessible from w . The resulting semantics is very versatile and powerful, and the basic idea can be used to provide semantic interpretations for logics based on other intensional operators. One such logic is intuitionistic logic, a constructive logic based on L. E. J. Brouwer's branch of constructive mathematics. Intuitionistic logic is philosophically interesting for this reason-it plays an important role in constructive accounts of mathematics-but was also proposed as a logic superior to classical logic by the influential English philosopher Michael Dummett in the 20th century. Another application of relational models is as a semantics for subjunctive, or counterfactual, conditionals, an approach pioneered by Robert Stalnaker and David K. Lewis. This book is an introduction to the syntax, semantics, and proof theory of intensional logics. It only deals with propositional logics, although future editions will also treat predicate logxiv INTRODUCTION ics. The material is divided into three parts: The first part deals with normal modal logics. These are logics with the operators □ and ♢. We discuss their syntax, relational models and semantic notions based on them (such as validity and consequence) and proof systems (both axiomatic systems and tableaux). We establish some basic results about these logics, such as the soundness and completeness of the proof systems considered, and discuss some model-theoretic constructions such as filtrations. The second part deals with intuitionistic logic. Here we discuss natural deduction and axiomatic derivations, relational and topological semantics, and soundness and completeness of the proof systems. The third part deals with the Lewis-Stalnaker semantics of counterfactual conditionals. The appendices discusses some ideas and results from set theory and the theory of relations that's crucial to the relational semantics, and reviews syntax, semantics, and proof theory of classical propositional logic. PART I Normal Modal Logics 1 CHAPTER 1 Syntax and Semantics 1.1 Introduction Modal Logic deals with modal propositions and the entailment relations among them. Examples of modal propositions are the following: 1. It is necessary that 2 + 2 = 4. 2. It is necessarily possible that it will rain tomorrow. 3. If it is necessarily possible that A then it is possible that A. Possibility and necessity are not the only modalities: other unary connectives are also classified as modalities, for instance, "it ought to be the case that A," "It will be the case that A," "Dana knows that A," or "Dana believes that A." Modal logic makes its first appearance in Aristotle's De Interpretatione: he was the first to notice that necessity implies possibility, but not vice versa; that possibility and necessity are interdefinable; that If A ∧ B is possibly true then A is possibly true and B is possibly true, but not conversely; and that if A → B is necessary, then if A is necessary, so is B . 2 3 1.1. INTRODUCTION The first modern approach to modal logic was the work of C. I. Lewis, culminating with Lewis and Langford, Symbolic Logic (1932). Lewis & Langford were unhappy with the representation of implication by means of the material conditional: A → B is a poor substitute for "A implies B ." Instead, they proposed to characterize implication as "Necessarily, if A then B ," symbolized as A ⥽ B . In trying to sort out the different properties, Lewis indentified five different modal systems, S1, . . . , S4, S5, the last two of which are still in use. The approach of Lewis and Langford was purely syntactical: they identified reasonable axioms and rules and investigated what was provable with those means. A semantic approach remained elusive for a long time, until a first attempt was made by Rudolf Carnap in Meaning and Necessity (1947) using the notion of a state description, i.e., a collection of atomic sentences (those that are "true" in that state description). After lifting the truth definition to arbitrary sentences A, Carnap defines A to be necessarily true if it is true in all state descriptions. Carnap's approach could not handle iterated modalities, in that sentences of the form "Possibly necessarily . . . possibly A" always reduce to the innermost modality. The major breakthrough in modal semantics came with Saul Kripke's article "A Completeness Theorem in Modal Logic" ( JSL 1959). Kripke based his work on Leibniz's idea that a statement is necessarily true if it is true "at all possible worlds." This idea, though, suffers from the same drawbacks as Carnap's, in that the truth of statement at a worldw (or a state description s ) does not depend on w at all. So Kripke assumed that worlds are related by an accessibility relation R, and that a statement of the form "Necessarily A" is true at a world w if and only if A is true at all worlds w ′ accessible from w . Semantics that provide some version of this approach are called Kripke semantics and made possible the tumultuous development of modal logics (in the plural). When interpreted by the Kripke semantics, modal logic shows us what relational structures look like "from the inside." A relational structure is just a set equipped with a binary relation (for 4 CHAPTER 1. SYNTAX AND SEMANTICS instance, the set of students in the class ordered by their social security number is a relational structure). But in fact relational structures come in all sorts of domains: besides relative possibility of states of the world, we can have epistemic states of some agent related by epistemic possibility, or states of a dynamical system with their state transitions, etc. Modal logic can be used to model all of these: the first give us ordinary, alethic, modal logic; the others give us epistemic logic, dynamic logic, etc. We focus on one particular angle, known to modal logicians as "correspondence theory." One of the most significant early discoveries of Kripke's is that many properties of the accessibility relation R (whether it is transitive, symmetric, etc.) can be characterized in the modal language itself by means of appropriate "modal schemas." Modal logicians say, for instance, that the reflexivity of R "corresponds" to the schema "If necessarily A, then A". We explore mainly the correspondence theory of a number of classical systems of modal logic (e.g., S4 and S5) obtained by a combination of the schemas D, T, B, 4, and 5. 1.2 The Language of Basic Modal Logic Definition 1.1. The basic language of modal logic contains 1. The propositional constant for falsity ⊥. 2. A countably infinite set of propositional variables: p0, p1, p2, . . . 3. The propositional connectives: ¬ (negation), ∧ (conjunction), ∨ (disjunction), → (conditional). 4. The modal operator □. 5. The modal operator ♢. 5 1.3. SIMULTANEOUS SUBSTITUTION Definition 1.2. Formulas of the basic modal language are inductively defined as follows: 1. ⊥ is an atomic formula. 2. Every propositional variable pi is an (atomic) formula. 3. If A is a formula, then ¬A is a formula. 4. If A and B are formulas, then (A ∧ B) is a formula. 5. If A and B are formulas, then (A ∨ B) is a formula. 6. If A and B are formulas, then (A→ B) is a formula. 7. If A is a formula, then □A is a formula. 8. If A is a formula, then ♢A is a formula. 9. Nothing else is a formula. Definition 1.3. Formulas constructed using the defined operators are to be understood as follows: 1. ⊤ abbreviates ¬⊥. 2. A↔ B abbreviates (A→ B) ∧ (B → A). If a formula A does not contain □ or ♢, we say it is modal-free. 1.3 Simultaneous Substitution An instance of a formulaA is the result of replacing all occurrences of a propositional variable in A by some other formula. We will refer to instances of formulas often, both when discussing validity and when discussing derivability. It therefore is useful to define the notion precisely. 6 CHAPTER 1. SYNTAX AND SEMANTICS Definition 1.4. Where A is a modal formula all of whose propositional variables are among p1, . . . , pn , and D1, . . . , Dn are also modal formulas, we define A[D1/p1, . . . ,Dn/pn] as the result of simultaneously substituting each Di for pi in A. Formally, this is a definition by induction on A: 1. A ≡ ⊥: A[D1/p1, . . . ,Dn/pn] is ⊥. 2. A ≡ q : A[D1/p1, . . . ,Dn/pn] is q , provided q ≡ pi for i = 1, . . . , n. 3. A ≡ pi : A[D1/p1, . . . ,Dn/pn] is Di . 4. A ≡ ¬B : A[D1/p1, . . . ,Dn/pn] is ¬B[D1/p1, . . . ,Dn/pn]. 5. A ≡ (B ∧C ): A[D1/p1, . . . ,Dn/pn] is (B[D1/p1, . . . ,Dn/pn] ∧C [D1/p1, . . . ,Dn/pn]). 6. A ≡ (B ∨C ): A[D1/p1, . . . ,Dn/pn] is (B[D1/p1, . . . ,Dn/pn] ∨C [D1/p1, . . . ,Dn/pn]). 7. A ≡ (B →C ): A[D1/p1, . . . ,Dn/pn] is (B[D1/p1, . . . ,Dn/pn] →C [D1/p1, . . . ,Dn/pn]). 8. A ≡ (B ↔C ): A[D1/p1, . . . ,Dn/pn] is (B[D1/p1, . . . ,Dn/pn] ↔C [D1/p1, . . . ,Dn/pn]). 9. A ≡ □B : A[D1/p1, . . . ,Dn/pn] is □B[D1/p1, . . . ,Dn/pn]. 10. A ≡ ♢B : A[D1/p1, . . . ,Dn/pn] is ♢B[D1/p1, . . . ,Dn/pn]. The formula A[D1/p1, . . . ,Dn/pn] is called a substitution instance of A. 7 1.4. RELATIONAL MODELS Example 1.5. Suppose A is p1 → □(p1 ∧ p2), D1 is ♢(p2 → p3) and D2 is ¬□p1. Then A[D1/p1,D2/p2] is ♢(p2 → p3) →□(♢(p2 → p3) ∧ ¬□p1) while A[D2/p1,D1/p2] is ¬□p1 →□(¬□p1 ∧ ♢(p2 → p3)) Note that simultaneous substitution is in general not the same as iterated substitution, e.g., compare A[D1/p1,D2/p2] above with (A[D1/p1])[D2/p2], which is: ♢(p2 → p3) →□(♢(p2 → p3) ∧ p2)[¬□p1/p2], i.e., ♢(¬□p1 → p3) →□(♢(¬□p1 → p3) ∧ ¬□p1) and with (A[D2/p2])[D1/p1]: p1 →□(p1 ∧ ¬□p1)[♢(p2 → p3)/p1], i.e., ♢(p2 → p3) →□(♢(p2 → p3) ∧ ¬□♢(p2 → p3)). 1.4 Relational Models The basic concept of semantics for normal modal logics is that of a relational model. It consists of a set of worlds, which are related by a binary "accessibility relation," together with an assignment which determines which propositional variables count as "true" at which worlds. Definition 1.6. A model for the basic modal language is a triple M = ⟨W,R,V ⟩, where 1. W is a nonempty set of "worlds," 2. R is a binary accessibility relation onW , and 3. V is a function assigning to each propositional variable p a set V (p) of possible worlds. 8 CHAPTER 1. SYNTAX AND SEMANTICS w1 p ¬q w2 p q w3 ¬p ¬q Figure 1.1: A simple model. When Rww ′ holds, we say that w ′ is accessible from w . When w ∈ V (p) we say p is true at w . The great advantage of relational semantics is that models can be represented by means of simple diagrams, such as the one in Figure 1.1. Worlds are represented by nodes, and world w ′ is accessible from w precisely when there is an arrow from w to w ′. Moreover, we label a node (world) by p when w ∈ V (p), and otherwise by ¬p . Figure 1.1 represents the model withW = {w1,w2,w3}, R = {⟨w1,w2⟩, ⟨w1,w3⟩}, V (p) = {w1,w2}, and V (q ) = {w2}. 1.5 Truth at a World Every modal model determines which modal formulas count as true at which worlds in it. The relation "model M makes formula A true at world w" is the basic notion of relational semantics. The relation is defined inductively and coincides with the usual characterization using truth tables for the non-modal operators. 9 1.5. TRUTH AT A WORLD Definition 1.7. Truth of a formula A at w in a M, in symbols: M,w ⊩ A, is defined inductively as follows: 1. A ≡ ⊥: Never M,w ⊩ ⊥. 2. M,w ⊩ p iff w ∈ V (p) 3. A ≡ ¬B : M,w ⊩ A iff M,w ⊮ B . 4. A ≡ (B ∧C ): M,w ⊩ A iff M,w ⊩ B and M,w ⊩ C . 5. A ≡ (B ∨ C ): M,w ⊩ A iff M,w ⊩ B or M,w ⊩ C (or both). 6. A ≡ (B →C ): M,w ⊩ A iff M,w ⊮ B or M,w ⊩ C . 7. A ≡ □B : M,w ⊩ A iff M,w ′ ⊩ B for all w ′ ∈ W with Rww ′ 8. A ≡ ♢B : M,w ⊩ A iff M,w ′ ⊩ B for at least one w ′ ∈W with Rww ′ Note that by clause (7), a formula □B is true at w whenever there are no w ′ with wRw ′. In such a case □B is vacuously true at w . Also, □B may be satisfied at w even if B is not. The truth of B at w does not guarantee the truth of ♢B at w . This holds, however, if Rww , e.g., if R is reflexive. If there is no w ′ such that Rww ′, then M,w ⊮ ♢A, for any A. Proposition 1.8. 1. M,w ⊩ □A iff M,w ⊩ ¬♢¬A. 2. M,w ⊩ ♢A iff M,w ⊩ ¬□¬A. Proof. 1. M,w ⊩ ¬♢¬A iff M ⊮ ♢¬A by definition of M,w ⊩. M,w ⊩ ♢¬A iff for some w ′ with Rww ′, M,w ′ ⊩ ¬A. Hence, M,w ⊮ ♢¬A iff for all w ′ with Rww ′, M,w ′ ⊮ ¬A. We also have M,w ′ ⊮ ¬A iff M,w ′ ⊩ A. Together we have M,w ⊩ ¬♢¬A iff for all w ′ with Rww ′, M,w ′ ⊩ A. Again by definition of M,w ⊩, that is the case iff M,w ⊩ □A. 10 CHAPTER 1. SYNTAX AND SEMANTICS 2. Exercise. □ 1.6 Truth in a Model Sometimes we are interested which formulas are true at every world in a given model. Let's introduce a notation for this. Definition 1.9. A formula A is true in a model M = ⟨W,R,V ⟩, written M ⊩ A, if and only if M,w ⊩ A for every w ∈W . Proposition 1.10. 1. If M ⊩ A then M ⊮ ¬A, but not viceversa. 2. If M ⊩ A→ B then M ⊩ A only if M ⊩ B , but not vice-versa. Proof. 1. If M ⊩ A then A is true at all worlds inW , and since W ≠ ∅, it can't be that M ⊩ ¬A, or else A would have to be both true and false at some world. On the other hand, if M ⊮ ¬A then A is true at some world w ∈W . It does not follow that M,w ⊩ A for every w ∈W . For instance, in the model of Figure 1.1, M ⊮ ¬p, and also M ⊮ p . 2. Assume M ⊩ A→B and M ⊩ A; to show M ⊩ B letw ∈W be an arbitrary world. Then M,w ⊩ A→B and M,w ⊩ A, so M,w ⊩ B , and since w was arbitrary, M ⊩ B . To show that the converse fails, we need to find a model M such that M ⊩ A only if M ⊩ B , but M ⊮ A → B . Consider again the model of Figure 1.1: M ⊮ p and hence (vacuously) M ⊩ p only if M ⊩ q . However, M ⊮ p → q , as p is true but q false at w1. □ 11 1.7. VALIDITY 1.7 Validity Formulas that are true in all models, i.e., true at every world in every model, are particularly interesting. They represent those modal propositions which are true regardless of how □ and ♢ are interpreted, as long as the interpretation is "normal" in the sense that it is generated by some accessibility relation on possible worlds. We call such formulas valid. For instance, □(p ∧ q )→□p is valid. Some formulas one might expect to be valid on the basis of the alethic interpretation of □, such as □p→ p, are not valid, however. Part of the interest of relational models is that different interpretations of □ and ♢ can be captured by different kinds of accessibility relations. This suggests that we should define validity not just relative to all models, but relative to all models of a certain kind. It will turn out, e.g., that □p→ p is true in all models where every world is accessible from itself, i.e., R is reflexive. Defining validity relative to classes of models enables us to formulate this succinctly: □p → p is valid in the class of reflexive models. Definition 1.11. A formula A is valid in a class C of models if it is true in every model in C (i.e., true at every world in every model in C). If A is valid in C, we write C ⊨ A, and we write ⊨ A if A is valid in the class of all models. Proposition 1.12. If A is valid in C it is also valid in each class C′ ⊆ C. Proposition 1.13. If A is valid, then so is □A. Proof. Assume ⊨ A. To show ⊨ □A let M = ⟨W,R,V ⟩ be a model and w ∈ W . If Rww ′ then M,w ′ ⊩ A, since A is valid, and so also M,w ⊩ □A. Since M and w were arbitrary, ⊨ □A. □ 12 CHAPTER 1. SYNTAX AND SEMANTICS 1.8 Tautological Instances A modal-free formula is a tautology if it is true under every truthvalue assignment. Clearly, every tautology is true at every world in every model. But for formulas involving □ and ♢, the notion of tautology is not defined. Is it the case, e.g., that □p ∨ ¬□p- an instance of the principle of excluded middle-is valid? The notion of a tautological instance helps: a formula that is a substitution instance of a (non-modal) tautology. It is not surprising, but still requires proof, that every tautological instance is valid. Definition 1.14. A modal formula B is a tautological instance if and only if there is a modal-free tautology A with propositional variables p1, . . . , pn and formulas D1, . . . , Dn such that B ≡ A[D1/p1, . . . ,Dn/pn]. Lemma 1.15. Suppose A is a modal-free formula whose propositional variables are p1, . . . , pn , and let D1, . . . , Dn be modal formulas. Then for any assignment v, any model M = ⟨W,R,V ⟩, and anyw ∈W such that v(pi ) = T if and only if M,w ⊩ Di we have that v ⊨ A if and only if M,w ⊩ A[D1/p1, . . . ,Dn/pn]. Proof. By induction on A. 1. A ≡ ⊥: Both v ⊭ ⊥ and M,w ⊮ ⊥. 2. A ≡ pi : v ⊨ pi ⇔ v(pi ) = T by definition of v ⊨ pi ⇔ M,w ⊩ Di by assumption ⇔ M,w ⊩ pi [D1/p1, . . . ,Dn/pn] since pi [D1/p1, . . . ,Dn/pn] ≡ Di . 13 1.8. TAUTOLOGICAL INSTANCES 3. A ≡ ¬B : v ⊨ ¬B ⇔ v ⊭ B by definition of v ⊨; ⇔ M,w ⊮ B[D1/p1, . . . ,Dn/pn] by induction hypothesis ⇔ M,w ⊩ ¬B[D1/p1, . . . ,Dn/pn] by definition of v ⊨. 4. A ≡ (B ∧C ): v ⊨ B ∧C ⇔ v ⊨ B and v ⊨ C by definition of v ⊨ ⇔ M,w ⊩ B[D1/p1, . . . ,Dn/pn] and M,w ⊩ C [D1/p1, . . . ,Dn/pn] by induction hypothesis ⇔ M,w ⊩ (B ∧C )[D1/p1, . . . ,Dn/pn] by definition of M,w ⊩. 5. A ≡ (B ∨C ): v ⊨ B ∨C ⇔ v ⊨ B or v ⊨ C by definition of v ⊨; ⇔ M,w ⊩ B[D1/p1, . . . ,Dn/pn] or M,w ⊩ C [D1/p1, . . . ,Dn/pn] by induction hypothesis ⇔ M,w ⊩ (B ∨C )[D1/p1, . . . ,Dn/pn] by definition of M,w ⊩. 6. A ≡ (B →C ): v ⊨ B →C ⇔ v ⊭ B or v ⊨ C by definition of v ⊨ 14 CHAPTER 1. SYNTAX AND SEMANTICS ⇔ M,w ⊮ B[D1/p1, . . . ,Dn/pn] or M,w ⊩ C [D1/p1, . . . ,Dn/pn] by induction hypothesis ⇔ M,w ⊩ (B →C )[D1/p1, . . . ,Dn/pn] by definition of M,w ⊩. □ Proposition 1.16. All tautological instances are valid. Proof. Contrapositively, suppose A is such that M,w ⊮ A[D1/p1, . . . ,Dn/pn], for some model M and world w . Define an assignment v such that v(pi ) = T if and only if M,w ⊩ Di (and v assigns arbitrary values to q ∉ {p1, . . . , pn}). Then by Lemma 1.15, v ⊭ A, so A is not a tautology. □ 1.9 Schemas and Validity Definition 1.17. A schema is a set of formulas comprising all and only the substitution instances of some modal formula C , i.e., {B : ∃D1, . . . ,∃Dn (︁ B = C [D1/p1, . . . ,Dn/pn] )︁ }. The formula C is called the characteristic formula of the schema, and it is unique up to a renaming of the propositional variables. A formula A is an instance of a schema if it is a member of the set. It is convenient to denote a schema by the meta-linguistic expression obtained by substituting 'A', 'B ', . . . , for the atomic components ofC . So, for instance, the following denote schemas: 'A', 'A→□A', 'A→(B→A)'. They correspond to the characteristic formulas p, p → □p, p → (q → p). The schema 'A' denotes the set of all formulas. 15 1.9. SCHEMAS AND VALIDITY Definition 1.18. A schema is true in a model if and only if all of its instances are; and a schema is valid if and only if it is true in every model. Proposition 1.19. The following schema K is valid □(A→ B) → (□A→□B). (K) Proof. We need to show that all instances of the schema are true at every world in every model. So let M = ⟨W,R,V ⟩ and w ∈W be arbitrary. To show that a conditional is true at a world we assume the antecedent is true to show that consequent is true as well. In this case, let M,w ⊩ □(A → B) and M,w ⊩ □A. We need to show M ⊩ □B . So let w ′ be arbitrary such that Rww ′. Then by the first assumption M,w ′ ⊩ A→ B and by the second assumption M,w ′ ⊩ A. It follows that M,w ′ ⊩ B . Since w ′ was arbitrary, M,w ⊩ □B . □ Proposition 1.20. The following schema dual is valid ♢A↔¬□¬A. (dual) Proof. Exercise. □ Proposition 1.21. If A and A→ B are true at a world in a model then so is B . Hence, the valid formulas are closed under modus ponens. 16 CHAPTER 1. SYNTAX AND SEMANTICS Valid Schemas Invalid Schemas □(A→ B) → (♢A→ ♢B) □(A ∨ B) → (□A ∨□B) ♢(A→ B) → (□A→ ♢B) (♢A ∧ ♢B) → ♢(A ∧ B) □(A ∧ B) ↔ (□A ∧□B) A→□A □A→□(B → A) □♢A→ B ¬♢A→□(A→ B) □□A→□A ♢(A ∨ B) ↔ (♢A ∨ ♢B) □♢A→ ♢□A. Table 1.1: Valid and (or?) invalid schemas. Proposition 1.22. A formula A is valid iff all its substitution instances are. In other words, a schema is valid iff its characteristic formula is. Proof. The "if" direction is obvious, since A is a substitution instance of itself. To prove the "only if" direction, we show the following: Suppose M = ⟨W,R,V ⟩ is a modal model, and B ≡ A[D1/p1, . . . ,Dn/pn] is a substitution instance of A. Define M′ = ⟨W,R,V ′⟩ by V (pi ) = {w : M,w ⊩ Di }. Then M,w ⊩ B iff M′,w ⊩ A, for any w ∈W . (We leave the proof as an exercise.) Now suppose that A was valid, but some substitution instance B of A was not valid. Then for some M = ⟨W,R,V ⟩ and some w ∈ W , M,w ⊮ B . But then M′,w ⊮ A by the claim, and A is not valid, a contradiction. □ Note, however, that it is not true that a schema is true in a model iff its characteristic formula is. Of course, the "only if" direction holds: if every instance of A is true in M, A itself is true in M. But it may happen that A is true in M but some instance of A is false at some world in M. For a very simple counterexample consider p in a model with only one world w andV (p) = {w}, so that p is true at w . But ⊥ is an instance of p, and not true at w . 17 1.10. ENTAILMENT 1.10 Entailment With the definition of truth at a world, we can define an entailment relation between formulas. A formula B entails A iff, whenever B is true, A is true as well. Here, "whenever" means both "whichever model we consider" as well as "whichever world in that model we consider." Definition 1.23. If Γ is a set of formulas and A a formula, then Γ entails A, in symbols: Γ ⊨ A, if and only if for every model M = ⟨W,R,V ⟩ and world w ∈W , if M,w ⊩ B for every B ∈ Γ , then M,w ⊩ A. If Γ contains a single formula B , then we write B ⊨ A. Example 1.24. To show that a formula entails another, we have to reason about all models, using the definition of M,w ⊩. For instance, to show p → ♢p ⊨ □¬p → ¬p, we might argue as follows: Consider a model M = ⟨W,R,V ⟩ and w ∈W , and suppose M,w ⊩ p → ♢p . We have to show that M,w ⊩ □¬p →¬p . Suppose not. Then M,w ⊩ □¬p and M,w ⊮ ¬p . Since M,w ⊮ ¬p, M,w ⊩ p . By assumption, M,w ⊩ p→♢p, hence M,w ⊩ ♢p . By definition of M,w ⊩ ♢p, there is some w ′ with Rww ′ such that M,w ′ ⊩ p . Since also M,w ⊩ □¬p, M,w ′ ⊩ ¬p, a contradiction. To show that a formula B does not entail another A, we have to give a counterexample, i.e., a model M = ⟨W,R,V ⟩ where we show that at some world w ∈W , M,w ⊩ B but M,w ⊮ A. Let's show that p → ♢p ⊭ □p → p . Consider the model in Figure 1.2. We have M,w1 ⊩ ♢p and hence M,w1 ⊩ p→♢p . However, since M,w1 ⊩ □p but M,w1 ⊮ p, we have M,w1 ⊮ □p → p . Often very simple counterexamples suffice. The model M′ = {W ′,R ′,V ′} with W ′ = {w}, R ′ = ∅, and V ′(p) = ∅ is also a counterexample: Since M′,w ⊮ p, M′,w ⊩ p→♢p . As no worlds are accessible from w , we have M′,w ⊩ □p, and so M′,w ⊮ □p → p . 18 CHAPTER 1. SYNTAX AND SEMANTICS w1 ¬p w2 p w3 p Figure 1.2: Counterexample to p → ♢p ⊨ □p → p . Problems Problem 1.1. Consider the model of Figure 1.1. Which of the following hold? 1. M,w1 ⊩ q ; 2. M,w3 ⊩ ¬q ; 3. M,w1 ⊩ p ∨ q ; 4. M,w1 ⊩ □(p ∨ q ); 5. M,w3 ⊩ □q ; 6. M,w3 ⊩ □⊥; 7. M,w1 ⊩ ♢q ; 8. M,w1 ⊩ □q ; 9. M,w1 ⊩ ¬□□¬q . Problem 1.2. Complete the proof of Proposition 1.8. Problem 1.3. Let M = ⟨W,R,V ⟩ be a model, and suppose w1,w2 ∈W are such that: 1. w1 ∈ V (p) if and only if w2 ∈ V (p); and 2. for all w ∈W : Rw1w if and only if Rw2w . 19 1.10. ENTAILMENT Using induction on formulas, show that for all formulas A: M,w1 ⊩ A if and only if M,w2 ⊩ A. Problem 1.4. Let M = ⟨M ,R,V ⟩. Show that M,w ⊩ ¬♢A if and only if M,w ⊩ □¬A. Problem 1.5. Consider the following model M for the language comprising p1, p2, p3 as the only propositional variables: w1 p1 ¬p2 ¬p3 w2 p1 p2 ¬p3 w3 p1 p2 p3 Are the following formulas and schemas true in the model M, i.e., true at every world in M? Explain. 1. p → ♢p (for p atomic); 2. A→ ♢A (for A arbitrary); 3. □p → p (for p atomic); 4. ¬p → ♢□p (for p atomic); 5. ♢□A (for A arbitrary); 6. □♢p (for p atomic). Problem 1.6. Show that the following are valid: 1. ⊨ □p →□(q → p); 2. ⊨ □¬⊥; 3. ⊨ □p → (□q →□p). 20 CHAPTER 1. SYNTAX AND SEMANTICS Problem 1.7. Show that A→□A is valid in the class Cof models M = ⟨W,R,V ⟩ whereW = {w}. Similarly, show that B→□A and ♢A → B are valid in the class of models M = ⟨W,R,V ⟩ where R = ∅. Problem 1.8. Prove Proposition 1.20. Problem 1.9. Prove the claim in the "only if" part of the proof of Proposition 1.22. (Hint: use induction on A.) Problem 1.10. Show that none of the following formulas are valid: D: □p → ♢p; T: □p → p; B: p →□♢p; 4: □p →□□p; 5: ♢p →□♢p . Problem 1.11. Prove that the schemas in the first column of table 1.1 are valid and those in the second column are not valid. Problem 1.12. Decide whether the following schemas are valid or invalid: 1. (♢A→□B) → (□A→□B); 2. ♢(A→ B) ∨□(B → A). Problem 1.13. For each of the following schemas find a model M such that every instance of the formula is true in M: 1. p → ♢♢p; 2. ♢p →□p . 21 1.10. ENTAILMENT Problem 1.14. Show that □(A ∧ B) ⊨ □A. Problem 1.15. Show that □(p → q ) ⊭ p → □q and p → □q ⊭ □(p → q ). CHAPTER 2 Frame Definability 2.1 Introduction One question that interests modal logicians is the relationship between the accessibility relation and the truth of certain formulas in models with that accessibility relation. For instance, suppose the accessibility relation is reflexive, i.e., for every w ∈W , Rww . In other words, every world is accessible from itself. That means that when□A is true at a worldw ,w itself is among the accessible worlds at which A must therefore be true. So, if the accessibility relation R of M is reflexive, then whatever world w and formula A we take, □A→A will be true there (in other words, the schema □p → p and all its substitution instances are true in M). The converse, however, is false. It's not the case, e.g., that if □p→ p is true in M, then R is reflexive. For we can easily find a non-reflexive model M where □p → p is true at all worlds: take the model with a single world w , not accessible from itself, but with w ∈ V (p). By picking the truth value of p suitably, we can make □A→ A true in a model that is not reflexive. The solution is to remove the variable assignmentV from the equation. If we require that □p → p is true at all worlds in M, regardless of which worlds are in V (p), then it is necessary that 22 23 2.2. PROPERTIES OF ACCESSIBILITY RELATIONS R is reflexive. For in any non-reflexive model, there will be at least one world w such that not Rww . If we setV (p) =W \ {w}, then p will be true at all worlds other than w , and so at all worlds accessible from w (since w is guaranteed not to be accessible from w , and w is the only world where p is false). On the other hand, p is false at w , so □p → p is false at w . This suggests that we should introduce a notation for model structures without a valuation: we call these frames. A frame F is simply a pair ⟨W,R⟩ consisting of a set of worlds with an accessibility relation. Every model ⟨W,R,V ⟩ is then, as we say, based on the frame ⟨W,R⟩. Conversely, a frame determines the class of models based on it; and a class of frames determines the class of models which are based on any frame in the class. And we can define F ⊨ A, the notion of a formula being valid in a frame as: M ⊩ A for all M based on F. With this notation, we can establish correspondence relations between formulas and classes of frames: e.g., F ⊨ □p→ p if, and only if, F is reflexive. 2.2 Properties of Accessibility Relations Many modal formulas turn out to be characteristic of simple, and even familiar, properties of the accessibility relation. In one direction, that means that any model that has a given property makes a corresponding formula (and all its substitution instances) true. We begin with five classical examples of kinds of accessibility relations and the formulas the truth of which they guarantee. Theorem 2.1. Let M = ⟨W,R,V ⟩ be a model. If R has the property on the left side of table 2.1, every instance of the formula on the right side is true in M. Proof. Here is the case for B: to show that the schema is true in a model we need to show that all of its instances are true at all worlds in the model. So let A→ □♢A be a given instance of B, 24 CHAPTER 2. FRAME DEFINABILITY If R is . . . then . . . is true in M: serial: ∀u∃vRuv □p → ♢p (D) reflexive: ∀wRww □p → p (T) symmetric: p →□♢p (B) ∀u∀v (Ruv →Rvu) transitive: □p →□□p (4) ∀u∀v∀w((Ruv ∧Rvw) →Ruw) euclidean: ♢p →□♢p (5) ∀w∀u∀v ((Rwu ∧Rwv ) →Ruv ) Table 2.1: Five correspondence facts. w ⊩ A ⊩ □♢A w ′ ⊩ ♢A Figure 2.1: The argument from symmetry. and let w ∈W be an arbitrary world. Suppose the antecedent A is true atw , in order to show that□♢A is true atw . So we need to show that ♢A is true at all w ′ accessible from w . Now, for any w ′ such that Rww ′ we have, using the hypothesis of symmetry, that also Rw ′w (see Figure 2.1). Since M,w ⊩ A, we have M,w ′ ⊩ ♢A. Since w ′ was an arbitrary world such that Rww ′, we have M,w ⊩ □♢A. We leave the other cases as exercises. □ Notice that the converse implications of Theorem 2.1 do not hold: it's not true that if a model verifies a schema, then the accessibility relation of that model has the corresponding property. In the case of T and reflexive models, it is easy to give an example of a model in which T itself fails: letW = {w} andV (p) = ∅. Then R is not reflexive, but M,w ⊩ □p and M,w ⊮ p . But here we have just a single instance of T that fails in M, other instances, 25 2.2. PROPERTIES OF ACCESSIBILITY RELATIONS e.g., □¬p→¬p are true. It is harder to give examples where every substitution instance of T is true in M and M is not reflexive. But there are such models, too: Proposition 2.2. Let M = ⟨W,R,V ⟩ be a model such that W = {u,v }, where worlds u and v are related by R: i.e., both Ruv and Rvu . Suppose that for all p : u ∈ V (p) ⇔ v ∈ V (p). Then: 1. For all A: M,u ⊩ A if and only if M,v ⊩ A (use induction on A). 2. Every instance of T is true in M. Since M is not reflexive (it is, in fact, irreflexive), the converse of Theorem 2.1 fails in the case of T (similar arguments can be given for some-though not all-the other schemas mentioned in Theorem 2.1). Although we will focus on the five classical formulas D, T, B, 4, and 5, we record in table 2.2 a few more properties of accessibility relations. The accessibility relation R is partially functional, if from every world at most one world is accessible. If it is the case that from every world exactly one world is accessible, we call it functional. (Thus the functional relations are precisely those that are both serial and partially functional). They are called "functional" because the accessibility relation operates like a (partial) function. A relation is weakly dense if whenever Ruv , there is aw "between" u and v . So weakly dense relations are in a sense the opposite of transitive relations: in a transitive relation, whenever you can reach v from u by a detour via w , you can reach v from u directly; in a weakly dense relation, whenever you can reach v from u directly, you can also reach it by a detour via some w . A relation is weakly directed if whenever you can reach worlds u and v from some world w , you can reach a single world t from both u and v-this is sometimes called the "diamond property" or "confluence." 26 CHAPTER 2. FRAME DEFINABILITY If R is . . . then . . . is true in M: partially functional: ♢p →□p ∀w∀u∀v ((Rwu ∧Rwv ) → u = v ) functional: ∀w∃v∀u(Rwu ↔ u = v ) ♢p ↔□p weakly dense: □□p →□p ∀u∀v (Ruv →∃w(Ruw ∧Rwv )) weakly connected : □((p ∧□p) → q ) ∨ □((q ∧□q ) → p) (L)∀w∀u∀v ((Rwu ∧Rwv ) → (Ruv ∨ u = v ∨Rvu)) weakly directed : ♢□p →□♢p (G)∀w∀u∀v ((Rwu ∧Rwv ) → ∃t (Rut ∧Rvt )) Table 2.2: Five more correspondence facts. 2.3 Frames Definition 2.3. A frame is a pair F = ⟨W,R⟩ whereW is a nonempty set of worlds and R a binary relation onW . A model M is based on a frame F = ⟨W,R⟩ if and only if M = ⟨W,R,V ⟩ for some valuation V . Definition 2.4. If F is a frame, we say that A is valid in F, F ⊨ A, if M ⊩ A for every model M based on F. If F is a class of frames, we say A is valid in F, F ⊨ A, iff F ⊨ A for every frame F ∈ F. The reason frames are interesting is that correspondence between schemas and properties of the accessibility relation R is at the level of frames, not of models. For instance, although T is true in all reflexive models, not every model in which T is true is reflexive. However, it is true that not only is T valid on all reflexive frames, also every frame in which T is valid is reflexive. 27 2.4. FRAME DEFINABILITY Remark 1. Validity in a class of frames is a special case of the notion of validity in a class of models: F⊨ A iff C ⊨ A where C is the class of all models based on a frame in F. Obviously, if a formula or a schema is valid, i.e., valid with respect to the class of all models, it is also valid with respect to any class Fof frames. 2.4 Frame Definability Even though the converse implications of Theorem 2.1 fail, they hold if we replace "model" by "frame": for the properties considered in Theorem 2.1, it is true that if a formula is valid in a frame then the accessibility relation of that frame has the corresponding property. So, the formulas considered define the classes of frames that have the corresponding property. Definition 2.5. If C is a class of frames, we say A defines C iff F ⊨ A for all and only frames F ∈ C. We now proceed to establish the full definability results for frames. Theorem 2.6. If the formula on the right side of table 2.1 is valid in a frame F, then F has the property on the left side. Proof. 1. Suppose D is valid in F = ⟨W,R⟩, i.e., F ⊨ □p→♢p . Let M = ⟨W,R,V ⟩ be a model based on F, and w ∈W . We have to show that there is a v such that Rwv . Suppose not: then both M ⊩ □A and M,w ⊮ ♢A for any A, including p . But then M,w ⊮ □p → ♢p, contradicting the assumption that F ⊨ □p → ♢p . 2. Suppose T is valid in F, i.e., F ⊨ □p → p . Let w ∈W be an arbitrary world; we need to show Rww . Let u ∈ V (p) if and only if Rwu (when q is other than p,V (q ) is arbitrary, say V (q ) = ∅). Let M = ⟨W,R,V ⟩. By construction, for all 28 CHAPTER 2. FRAME DEFINABILITY u such that Rwu : M,u ⊩ p, and hence M,w ⊩ □p . But by hypothesis □p → p is true at w , so that M,w ⊩ p, but by definition of V this is possible only if Rww . 3. We prove the contrapositive: Suppose F is not symmetric, we show that B, i.e., p→□♢p is not valid in F = ⟨W,R⟩. If F is not symmetric, there are u, v ∈W such that Ruv but not Rvu . Define V such that w ∈ V (p) if and only if not Rvw (and V is arbitrary otherwise). Let M = ⟨W,R,V ⟩. Now, by definition of V , M,w ⊩ p for all w such that not Rvw , in particular, M,u ⊩ p since not Rvu . Also, since Rvw iff w ∉ V (p), there is no w such that Rvw and M,w ⊩ p, and hence M,v ⊮ ♢p . Since Ruv , also M,u ⊮ □♢p . It follows that M,u ⊮ p →□♢p, and so B is not valid in F. 4. Suppose 4 is valid in F = ⟨W,R⟩, i.e., F ⊨ □p → □□p, and let u, v , w ∈ W be arbitrary worlds such that Ruv and Rvw ; we need to show that Ruw . Define V such that z ∈ V (p) if and only if Ruz (andV is arbitrary otherwise). Let M = ⟨W,R,V ⟩. By definition of V , M, z ⊩ p for all z such that Ruz , and hence M,u ⊩ □p . But by hypothesis 4, □p → □□p, is true at u, so that M,u ⊩ □□p . Since Ruv and Rvw , we have M,w ⊩ p, but by definition of V this is possible only if Ruw , as desired. 5. We proceed contrapositively, assuming that the frame F = ⟨W,R⟩ is not euclidean, and show that it falsifies 5, i.e., F ⊭ ♢p→□♢p . Suppose there are worlds u, v , w ∈W such that Rwu and Rwv but not Ruv . DefineV such that for all worlds z , z ∈ V (p) if and only if it is not the case that Ruz . Let M = ⟨W,R,V ⟩. Then by hypothesis M,v ⊩ p and since Rwv also M,w ⊩ ♢p . However, there is no world y such that Ruy and M, y ⊩ p so M,u ⊮ ♢p . Since Rwu, it follows that M,w ⊮ □♢p, so that 5, ♢p →□♢p, fails at w . □ You'll notice a difference between the proof for D and the other cases: no mention was made of the valuation V . In effect, 29 2.4. FRAME DEFINABILITY we proved that if M ⊩ D then M is serial. So D defines the class of serial models, not just frames. Corollary 2.7. Any model where D is true is serial. Corollary 2.8. Each formula on the right side of table 2.1 defines the class of frames which have the property on the left side. Proof. In Theorem 2.1, we proved that if a model has the property on the left, the formula on the right is true in it. Thus, if a frame F has the property on the left, the formula on the right is valid in F. In Theorem 2.6, we proved the converse implications: if a formula on the right is valid in F, F has the property on the left. □ Theorem 2.6 also shows that the properties can be combined: for instance if both B and 4 are valid in F then the frame is both symmetric and transitive, etc. Many important modal logics are characterized as the set of formulas valid in all frames that combine some frame properties, and so we can characterize them as the set of formulas valid in all frames in which the corresponding defining formulas are valid. For instance, the classical system S4 is the set of all formulas valid in all reflexive and transitive frames, i.e., in all those where both T and 4 are valid. S5 is the set of all formulas valid in all reflexive, symmetric, and euclidean frames, i.e., all those where all of T, B, and 5 are valid. Logical relationships between properties of R in general correspond to relationships between the corresponding defining formulas. For instance, every reflexive relation is serial; hence, whenever T is valid in a frame, so is D. (Note that this relationship is not that of entailment. It is not the case that whenever M,w ⊩ T then M,w ⊩ D.) We record some such relationships. Proposition 2.9. Let R be a binary relation on a setW ; then: 1. If R is reflexive, then it is serial. 30 CHAPTER 2. FRAME DEFINABILITY 2. IfR is symmetric, then it is transitive if and only if it is euclidean. 3. If R is symmetric or euclidean then it is weakly directed (it has the "diamond property"). 4. If R is euclidean then it is weakly connected. 5. If R is functional then it is serial. 2.5 First-order Definability We've seen that a number of properties of accessibility relations of frames can be defined by modal formulas. For instance, symmetry of frames can be defined by the formula B, p → □♢p . The conditions we've encountered so far can all be expressed by first-order formulas in a language involving a single twoplace predicate symbol. For instance, symmetry is defined by ∀x ∀y (Q (x, y)→Q (y,x)) in the sense that a first-order structure M with |M | =W and QM = R satisfies the preceding formula iff R is symmetric. This suggests the following definition: Definition 2.10. A class C of frames is first-order definable if there is a sentence A in the first-order language with a single twoplace predicate symbol Q such that F = ⟨W,R⟩ ∈ C iff M ⊨ A in the first-order structure M with |M | =W and QM = R. It turns out that the properties and modal formulas that define them considered so far are exceptional. Not every formula defines a first-order definable class of frames, and not every first-order definable class of frames is definable by a modal formula. A counterexample to the first is given by the Löb formula: □(□p → p) →□p . (W) W defines the class of transitive and converse well-founded frames. A relation is well-founded if there is no infinite sequence 31 2.6. EQUIVALENCE RELATIONS AND S5 w1, w2, . . . such that Rw2w1, Rw3w2, . . . . For instance, the relation < on N is well-founded, whereas the relation < on Z is not. A relation is converse well-founded iff its converse is well-founded. So converse well-founded relations are those where there is no infinite sequence w1, w2, . . . such that Rw1w2, Rw2w3, . . . . There is, however, no first-order formula defining transitive converse well-founded relations. For suppose M ⊨ F iff R = QM is transitive converse well-founded. Let An be the formula (Q (a1,a2) ∧ * * * ∧Q (an−1,an)) Now consider the set of formulas Γ = {F,A1,A2, . . . }. Every finite subset of Γ is satisfiable: Let k be largest such that Ak is in the subset, |Mk | = {1, . . . ,k }, a Mk i = i , and P Mk =<. Since < on {1, . . . ,k } is transitive and converse well-founded, Mk ⊨ F . Mk ⊨ Ai by construction, for all i ≤ k . By the Compactness Theorem for first-order logic, Γ is satisfiable in some structure M. By hypothesis, since M ⊨ F , the relation QM is converse wellfounded. But clearly, aM1 , a M 2 , . . . would form an infinite sequence of the kind ruled out by converse well-foundedness. A counterexample to the second claim is given by the property of universality: for every u and v , Ruv . Universal frames are first-order definable by the formula ∀x ∀y Q (x, y). However, no modal formula is valid in all and only the universal frames. This is a consequence of a result that is independently interesting: the formulas valid in universal frames are exactly the same as those valid in reflexive, symmetric, and transitive frames. There are reflexive, symmetric, and transitive frames that are not universal, hence every formula valid in all universal frames is also valid in some non-universal frames. 2.6 Equivalence Relations and S5 The modal logic S5 is characterized as the set of formulas valid on all universal frames, i.e., every world is accessible from every 32 CHAPTER 2. FRAME DEFINABILITY world, including itself. In such a scenario, □ corresponds to necessity and ♢ to possibility: □A is true if A is true at every world, and ♢A is true if A is true at some world. It turns out that S5 can also be characterized as the formulas valid on all reflexive, symmetric, and transitive frames, i.e., on all equivalence relations. Definition 2.11. A binary relation R onW is an equivalence relation if and only if it is reflexive, symmetric and transitive. A relation R onW is universal if and only if Ruv for all u,v ∈W . Since T, B, and 4 characterize the reflexive, symmetric, and transitive frames, the frames where the accessibility relation is an equivalence relation are exactly those in which all three formulas are valid. It turns out that the equivalence relations can also be characterized by other combinations of formulas, since the conditions with which we've defined equivalence relations are equivalent to combinations of other familiar conditions on R. Proposition 2.12. The following are equivalent: 1. R is an equivalence relation; 2. R is reflexive and euclidean; 3. R is serial, symmetric, and euclidean; 4. R is serial, symmetric, and transitive. Proof. Exercise. □ Proposition 2.12 is the semantic counterpart to Proposition 3.29, in that it gives an equivalent characterization of the modal logic of frames over which R is an equivalence relation (the logic traditionally referred to as S5). What is the relationship between universal and equivalence relations? Although every universal relation is an equivalence 33 2.6. EQUIVALENCE RELATIONS AND S5 relation, clearly not every equivalence relation is universal. However, the formulas valid on all universal relations are exactly the same as those valid on all equivalence relations. Proposition 2.13. Let R be an equivalence relation, and for each w ∈W define the equivalence class of w as the set [w] = {w ′ ∈W : Rww ′}. Then: 1. w ∈ [w]; 2. R is universal on each equivalence class [w]; 3. The collection of equivalence classes partitionsW into mutually exclusive and jointly exhaustive subsets. Proposition 2.14. A formula A is valid in all frames F = ⟨W,R⟩ where R is an equivalence relation, if and only if it is valid in all frames F = ⟨W,R⟩ where R is universal. Hence, the logic of universal frames is just S5. Proof. It's immediate to verify that a universal relation R onW is an equivalence. Hence, if A is valid in all frames where R is an equivalence it is valid in all universal frames. For the other direction, we argue contrapositively: suppose B is a formula that fails at a world w in a model M = ⟨W,R,V ⟩ based on a frame ⟨W,R⟩, where R is an equivalence onW . So M,w ⊮ B . Define a model M′ = ⟨W ′,R ′,V ′⟩ as follows: 1. W ′ = [w]; 2. R ′ is universal onW ′; 3. V ′(p) =V (p) ∩W ′. (So the setW ′ of worlds in M′ is represented by the shaded area in Figure 2.2.) It is easy to see that R and R ′ agree onW ′. Then one can show by induction on formulas that for all w ′ ∈ W ′: M′,w ′ ⊩ A if and only if M,w ′ ⊩ A for each A (this makes sense 34 CHAPTER 2. FRAME DEFINABILITY [w] [u] [v ] [z ] Figure 2.2: A partition ofW in equivalence classes. sinceW ′ ⊆W ). In particular, M′,w ⊮ B , and B fails in a model based on a universal frame. □ 2.7 Second-order Definability Not every frame property definable by modal formulas is firstorder definable. However, if we allow quantification over oneplace predicates (i.e., monadic second-order quantification), we define all modally definable frame properties. The trick is to exploit a systematic way in which the conditions under which a modal formula is true at a world are related to first-order formulas. This is the so-called standard translation of modal formulas into first-order formulas in a language containing not just a twoplace predicate symbol Q for the accessibility relation, but also a one-place predicate symbol Pi for the propositional variables pi occurring in A. Definition 2.15. The standard translation STx (A) is inductively defined as follows: 1. A ≡ ⊥: STx (A) = ⊥. 2. A ≡ pi : STx (A) = Pi (x). 35 2.7. SECOND-ORDER DEFINABILITY 3. A ≡ ¬B : STx (A) = ¬STx (B). 4. A ≡ (B ∧C ): STx (A) = (STx (B) ∧ STx (C )). 5. A ≡ (B ∨C ): STx (A) = (STx (B) ∨ STx (C )). 6. A ≡ (B →C ): STx (A) = (STx (B) → STx (C )). 7. A ≡ □B : STx (A) = ∀y (Q (x, y) → STy (B)). 8. A ≡ ♢B : STx (A) = ∃y (Q (x, y) ∧ STy (B)). For instance, STx (□p→ p) is ∀y (Q (x, y)→P (y))→P (x). Any structure for the language of STx (A) requires a domain, a twoplace relation assigned to Q , and subsets of the domain assigned to the one-place predicate symbols Pi . In other words, the components of such a structure are exactly those of a model for A: the domain is the set of worlds, the two-place relation assigned to Q is the accessibility relation, and the subsets assigned to Pi are just the assignments V (pi ). It won't surprise that satisfaction of A in a modal model and of STx (A) in the corresponding structure agree: Proposition 2.16. Let M = ⟨W,R,V ⟩, M′ be the first-order structure with |M′ | = W , QM ′ = R, and PM ′ i = V (pi ), and s (x) = w . Then M,w ⊩ A iff M′, s ⊨ STx (A) Proof. By induction on A. □ Proposition 2.17. Suppose A is a modal formula and F = ⟨W,R⟩ is a frame. Let F′ be the first-order structure with |F′ | =W andQ F ′ = R, and let A′ be the second-order formula ∀X1 . . .∀Xn ∀x STx (A)[X1/P1, . . . ,Xn/Pn], 36 CHAPTER 2. FRAME DEFINABILITY where P1, . . . , Pn are all one-place predicate symbols in STx (A). Then F ⊨ A iff F′ ⊨ A′ Proof. F′ ⊨ A′ iff for every structure M′ where PM ′ i ⊆ W for i = 1, . . . , n, and for every s with s (x) ∈W , M′, s ⊨ STx (A). By Proposition 2.16, that is the case iff for all models M based on F and every world w ∈W , M,w ⊩ A, i.e., F ⊨ A. □ Definition 2.18. A class C of frames is second-order definable if there is a sentence A in the second-order language with a single two-place predicate symbol P and quantifiers only over monadic set variables such that F = ⟨W,R⟩ ∈ C iff M ⊨ A in the structure M with |M | =W and PM = R. Corollary 2.19. If a class of frames is definable by a formula A, the corresponding class of accessibility relations is definable by a monadic second-order sentence. Proof. The monadic second-order sentence A′ of the preceding proof has the required property. □ As an example, consider again the formula □p → p . It defines reflexivity. Reflexivity is of course first-order definable by the sentence ∀x Q (x,x). But it is also definable by the monadic second-order sentence ∀X ∀x (∀y (Q (x, y) → X (y)) → X (x)). This means, of course, that the two sentences are equivalent. Here's how you might convince yourself of this directly: First suppose the second-order sentence is true in a structure M. Since x and X are universally quantified, the remainder must hold for any x ∈W and set X ⊆W , e.g., the set {z : Rxz } where R = QM. So, for any s with s (x) ∈ W and s (X ) = {z : Rxz } we have 37 2.7. SECOND-ORDER DEFINABILITY M ⊨ ∀y (Q (x, y) → X (y)) → X (x). But by the way we've picked s (X ) that means M, s ⊨ ∀y (Q (x, y) →Q (x, y)) →Q (x,x), which is equivalent to Q (x,x) since the antecedent is valid. Since s (x) is arbitrary, we have M ⊨ ∀x Q (x,x). Now suppose that M ⊨ ∀x Q (x,x) and show that M ⊨ ∀X ∀x (∀y (Q (x, y) → X (y)) → X (x)). Pick any assignment s , and assume M, s ⊨ ∀y (Q (x, y) → X (y)). Let s ′ be the y -variant of s with s ′(y) = x ; we have M, s ′ ⊨ Q (x, y) → X (y), i.e., M, s ⊨ Q (x,x) → X (x). Since M ⊨ ∀x Q (x,x), the antecedent is true, and we have M, s ⊨ X (x), which is what we needed to show. Since some definable classes of frames are not first-order definable, not every monadic second-order sentence of the form A′ is equivalent to a first-order sentence. There is no effective method to decide which ones are. Problems Problem 2.1. Complete the proof of Theorem 2.1. Problem 2.2. Prove the claims in Proposition 2.2. Problem 2.3. Let M = ⟨W,R,V ⟩ be a model. Show that if R satisfies the left-hand properties of table 2.2, every instance of the corresponding right-hand formula is true in M. Problem 2.4. Show that if the formula on the right side of table 2.2 is valid in a frame F, then F has the property on the left side. To do this, consider a frame that does not satisfy the property on the left, and define a suitableV such that the formula on the right is false at some world. Problem 2.5. Prove Proposition 2.9. Problem 2.6. Prove Proposition 2.12 by showing: 1. If R is symmetric and transitive, it is euclidean. 38 CHAPTER 2. FRAME DEFINABILITY 2. If R is reflexive, it is serial. 3. If R is reflexive and euclidean, it is symmetric. 4. If R is symmetric and euclidean, it is transitive. 5. If R is serial, symmetric, and transitive, it is reflexive. Explain why this suffices for the proof that the conditions are equivalent. CHAPTER 3 Axiomatic Derivations 3.1 Introduction We have a semantics for the basic modal language in terms of modal models, and a notion of a formula being valid-true at all worlds in all models-or valid with respect to some class of models or frames-true at all worlds in all models in the class, or based on the frame. Logic usually connects such semantic characterizations of validity with a proof-theoretic notion of derivability. The aim is to define a notion of derivability in some system such that a formula is derivable iff it is valid. The simplest and historically oldest derivation systems are so-called Hilbert-type or axiomatic derivation systems. Hilberttype derivation systems for many modal logics are relatively easy to construct: they are simple as objects of metatheoretical study (e.g., to prove soundness and completeness). However, they are much harder to use to prove formulas in than, say, natural deduction systems. In Hilbert-type derivation systems, a derivation of a formula is a sequence of formulas leading from certain axioms, via a handful of inference rules, to the formula in question. Since we want the derivation system to match the semantics, we have to guarantee 39 40 CHAPTER 3. AXIOMATIC DERIVATIONS that the set of derivable formulas are true in all models (or true in all models in which all axioms are true). We'll first isolate some properties of modal logics that are necessary for this to work: the "normal" modal logics. For normal modal logics, there are only two inference rules that need to be assumed: modus ponens and necessitation. As axioms we take all (substitution instances) of tautologies, and, depending on the modal logic we deal with, a number of modal axioms. Even if we are just interested in the class of all models, we must also count all substitution instances of K and Dual as axioms. This alone generates the minimal normal modal logic K. Definition 3.1. The rule of modus ponens is the inference schema A A→ B mp B We say a formula B follows from formulas A, C by modus ponens iff C ≡ A→ B . Definition 3.2. The rule of necessitation is the inference schema A nec □A We say the formula B follows from the formulasA by necessitation iff B ≡ □A. Definition 3.3. A derivation from a set of axioms Σ is a sequence of formulas B1, B2, . . . , Bn , where each Bi is either 1. a substitution instance of a tautology, or 2. a substitution instance of a formula in Σ , or 3. follows from two formulas B j , Bk with j , k < i by modus 41 3.2. NORMAL MODAL LOGICS ponens, or 4. follows from a formula B j with j < i by necessitation. If there is such a derivation with Bn ≡ A, we say that A is derivable from Σ , in symbols Σ ⊢ A. With this definition, it will turn out that the set of derivable formulas forms a normal modal logic, and that any derivable formula is true in every model in which every axiom is true. This property of derivations is called soundness. The converse, completeness, is harder to prove. 3.2 Normal Modal Logics Not every set of modal formulas can easily be characterized as those formulas derivable from a set of axioms. We want modal logics to be well-behaved. First of all, everything we can derive in classical propositional logic should still be derivable, of course taking into account that the formulas may now contain also □ and ♢. To this end, we require that a modal logic contain all tautological instances and be closed under modus ponens. Definition 3.4. A modal logic is a set Σ of modal formulas which 1. contains all tautologies, and 2. is closed under substitution, i.e., if A ∈ Σ , and D1, . . . , Dn are formulas, then A[D1/p1, . . . ,Dn/pn] ∈ Σ , 3. is closed under modus ponens, i.e., if A and A→B ∈ Σ , then B ∈ Σ . In order to use the relational semantics for modal logics, we also have to require that all formulas valid in all modal models 42 CHAPTER 3. AXIOMATIC DERIVATIONS are included. It turns out that this requirement is met as soon as all instances of K and dual are derivable, and whenever a formula A is derivable, so is □A. A modal logic that satisfies these conditions is called normal. (Of course, there are also non-normal modal logics, but the usual relational models are not adequate for them.) Definition 3.5. A modal logic Σ is normal if it contains □(p → q ) → (□p →□q ), (K) ♢p ↔¬□¬p (dual) and is closed under necessitation, i.e., if A ∈ Σ , then □A ∈ Σ . Observe that while tautological implication is "fine-grained" enough to preserve truth at a world, the rule nec only preserves truth in a model (and hence also validity in a frame or in a class of frames). Proposition 3.6. Every normal modal logic is closed under rule rk, A1 → (A2 → * * * (An−1 → An) * * * ) rk □A1 → (□A2 → * * * (□An−1 →□An) * * * ). Proof. By induction on n: If n = 1, then the rule is just nec, and every normal modal logic is closed under nec. Now suppose the result holds for n−1; we show it holds for n. Assume A1 → (A2 → * * * (An−1 → An) * * * ) ∈ Σ By the induction hypothesis, we have □A1 → (□A2 → * * *□(An−1 → An) * * * ) ∈ Σ Since Σ is a normal modal logic, it contains all instances of K, in particular □(An−1 → An) → (□An−1 →□An) ∈ Σ 43 3.3. DERIVATIONS AND MODAL SYSTEMS Using modus ponens and suitable tautological instances we get □A1 → (□A2 → * * * (□An−1 →□An) * * * ) ∈ Σ . □ Proposition 3.7. Every normal modal logic Σ contains ¬♢⊥. Proposition 3.8. Let A1, . . . , An be formulas. Then there is a smallest modal logic Σ containing all instances of A1, . . . , An . Proof. Given A1, . . . , An , define Σ as the intersection of all normal modal logics containing all instances of A1, . . . , An . The intersection is non-empty as Frm(L), the set of all formulas, is such a modal logic. □ Definition 3.9. The smallest normal modal logic containing A1, . . . , An is called a modal system and denoted by KA1 . . .An . The smallest normal modal logic is denoted by K. 3.3 Derivations and Modal Systems We first define what a derivation is for normal modal logics. Roughly, a derivation is a sequence of formulas in which every element is either (a substitution instance of) one of a number of axioms, or follows from previous elements by one of a few inference rules. For normal modal logics, all instances of tautologies, K, and dual count as axioms. This results in the modal system K, the smallest normal modal logic. We may wish to add additional axioms to obtain other systems, however. The rules are always modus ponens mp and necessitation nec. 44 CHAPTER 3. AXIOMATIC DERIVATIONS Definition 3.10. Given a modal system KA1 . . .An and a formula B we say that B is derivable in KA1 . . .An , written KA1 . . .An ⊢ B , if and only if there are formulas C1, . . . , Ck such that Ck = B and each Ci is either a tautological instance, or an instance of one ofK, dual, A1, . . . , An , or it follows from previous formulas by means of the rules mp or nec. The following proposition allows us to show that B ∈ Σ by exhibiting a Σ -proof of B . Proposition 3.11. KA1 . . .An = {B : KA1 . . .An ⊢ B }. Proof. We use induction on the length of derivations to show that {B : KA1 . . .An ⊢ B } ⊆ KA1 . . .An . If the derivation of B has length 1, it contains a single formula. That formula cannot follow from previous formulas bymp or nec, so must be a tautological instance, an instance of K, dual, or an instance of one of A1, . . . , An . But KA1 . . .An contains these as well, so B ∈ KA1 . . .An . If the derivation of B has length > 1, then B may in addition be obtained by mp or nec from formulas not occurring as the last line in the derivation. If B follows fromC andC→B (bymp), then C and C → B ∈ KA1 . . .An by induction hypothesis. But every modal logic is closed under modus ponens, so B ∈ KA1 . . .An . If B ≡ □C follows fromC by nec, thenC ∈ KA1 . . .An by induction hypothesis. But every normal modal logic is closed under nec, so B ∈ KA1 . . .An . The converse inclusion follows by showing that Σ = {B : KA1 . . .An ⊢ B } is a normal modal logic containing all the instances of A1, . . . , An , and the observation that KA1 . . .An is, by definition, the smallest such logic. 1. Every tautology B is a tautological instance, so KA1 . . .An ⊢ B , so Σ contains all tautologies. 2. If KA1 . . .An ⊢ C and KA1 . . .An ⊢ C → B , then KA1 . . .An ⊢ B : Combine the derivation of C with that 45 3.4. PROOFS IN K of C → B , and add the line B . The last line is justified by mp. So Σ is closed under modus ponens. 3. If B has a derivation, then every substitution instance of B also has a derivation: apply the substitution to every formula in the derivation. (Exercise: prove by induction on the length of derivations that the result is also a correct derivation). So Σ is closed under uniform substitution. (We have now established that Σ satisfies all conditions of a modal logic.) 4. We have KA1 . . .An ⊢ K, so K ∈ Σ . 5. We have KA1 . . .An ⊢ dual, so dual ∈ Σ . 6. IfKA1 . . .An ⊢ C , the additional line□C is justified by nec. Consequently, Σ is closed under nec. Thus, Σ is normal. □ 3.4 Proofs in K In order to practice proofs in the smallest modal system, we show the valid formulas on the left-hand side of table 1.1 can all be given K-proofs. Proposition 3.12. K ⊢ □A→□(B → A) Proof. 1. A→ (B → A) taut 2. □(A→ (B → A)) nec, 1 3. □(A→ (B → A)) → (□A→□(B → A)) K 4. □A→□(B → A) mp, 2, 3 □ 46 CHAPTER 3. AXIOMATIC DERIVATIONS Proposition 3.13. K ⊢ □(A ∧ B) → (□A ∧□B) Proof. 1. (A ∧ B) → A taut 2. □((A ∧ B) → A) nec 3. □((A ∧ B) → A) → (□(A ∧ B) →□A) K 4. □(A ∧ B) →□A mp, 2, 3 5. (A ∧ B) → B taut 6. □((A ∧ B) → B) nec 7. □((A ∧ B) → B) → (□(A ∧ B) →□B) K 8. □(A ∧ B) →□B mp, 6, 7 9. (□(A ∧ B) →□A) → ((□(A ∧ B) →□B) → (□(A ∧ B) → (□A ∧□B))) taut 10. (□(A ∧ B) →□B) → (□(A ∧ B) → (□A ∧□B)) mp, 4, 9 11. □(A ∧ B) → (□A ∧□B) mp, 8, 10. Note that the formula on line 9 is an instance of the tautology (p → q ) → ((p → r ) → (p → (q ∧ r ))). □ 47 3.4. PROOFS IN K Proposition 3.14. K ⊢ (□A ∧□B) →□(A ∧ B) Proof. 1. A→ (B → (A ∧ B)) taut 2. □(A→ (B → (A ∧ B))) nec, 1 3. □(A→ (B → (A ∧ B))) → (□A→□(B → (A ∧ B))) K 4. □A→□(B → (A ∧ B)) mp, 2, 3 5. □(B → (A ∧ B)) → (□B →□(A ∧ B)) K 6. (□A→□(B → (A ∧ B))) → (□(B → (A ∧ B)) → (□B →□(A ∧ B))) → (□A→ (□B →□(A ∧ B)))) taut 7. (□(B → (A ∧ B)) → (□B →□(A ∧ B))) → (□A→ (□B →□(A ∧ B))) mp, 4, 6 8. □A→ (□B →□(A ∧ B))) mp, 5, 7 9. (□A→ (□B →□(A ∧ B)))) → ((□A ∧□B) →□(A ∧ B)) taut 10. (□A ∧□B) →□(A ∧ B) mp, 8, 9 The formulas on lines 6 and 9 are instances of the tautologies (p → q ) → ((q → r ) → (p → r )) (p → (q → r )) → ((p ∧ q ) → r ) □ 48 CHAPTER 3. AXIOMATIC DERIVATIONS Proposition 3.15. K ⊢ ¬□p → ♢¬p Proof. 1. ♢¬p ↔¬□¬¬p dual 2. (♢¬p ↔¬□¬¬p) → (¬□¬¬p → ♢¬p) taut 3. ¬□¬¬p → ♢¬p mp, 1, 2 4. ¬¬p → p taut 5. □(¬¬p → p) nec, 4 6. □(¬¬p → p) → (□¬¬p →□p) K 7. (□¬¬p →□p) mp, 5, 6 8. (□¬¬p →□p) → (¬□p →¬□¬¬p) taut 9. ¬□p →¬□¬¬p mp, 7, 8 10. (¬□p →¬□¬¬p) → ((¬□¬¬p → ♢¬p) → (¬□p → ♢¬p)) taut 11. (¬□¬¬p → ♢¬p) → (¬□p → ♢¬p) mp, 9, 10 12. ¬□p → ♢¬p mp, 3, 11 The formulas on lines 8 and 10 are instances of the tautologies (p → q ) → (¬q →¬p) (p → q ) → ((q → r ) → (p → r )). □ 3.5 Derived Rules Finding and writing derivations is obviously difficult, cumbersome, and repetitive. For instance, very often we want to pass from A→ B to □A→ □B , i.e., apply rule rk. That requires an application of nec, then recording the proper instance of K, then applying mp. Passing from A→ B and B →C to A→C requires recording the (long) tautological instance (A→ B) → ((B →C ) → (A→C )) and applying mp twice. Often we want to replace a sub-formula by a formula we know to be equivalent, e.g., ♢A by ¬□¬A, or 49 3.5. DERIVED RULES ¬¬A by A. So rather than write out the actual derivation, it is more convenient to simply record why the intermediate steps are derivable. For this purpose, let us collect some facts about derivability. Proposition 3.16. If K ⊢ A1, . . . , K ⊢ An , and B follows from A1, . . . , An by propositional logic, then K ⊢ B . Proof. If B follows from A1, . . . , An by propositional logic, then A1 → (A2 → * * * (An → B) . . . ) is a tautological instance. Applying mp n times gives a derivation of B . □ We will indicate use of this proposition by pl. Proposition 3.17. If K ⊢ A1 → (A2 → * * * (An−1 → An) . . . ) then K ⊢ □A1 → (□A2 → * * * (□An−1 →□An) . . . ). Proof. By induction on n, just as in the proof of Proposition 3.6.□ We will indicate use of this proposition by rk. Let's illustrate how these results help establishing derivability results more easily. Proposition 3.18. K ⊢ (□A ∧□B) →□(A ∧ B) Proof. 1. K ⊢ A→ (B → (A ∧ B)) taut 2. K ⊢ □A→ (□B →□(A ∧ B))) rk, 1 3. K ⊢ (□A ∧□B) →□(A ∧ B) pl, 2 □ 50 CHAPTER 3. AXIOMATIC DERIVATIONS Proposition 3.19. IfK ⊢ A↔B andK ⊢ C [A/q ] thenK ⊢ C [B/q ] Proof. Exercise. □ This proposition comes in handy especially when we want to convert ♢ into □ (or vice versa), or remove double negations inside a formula. In what follows, we will mark applications of Proposition 3.19 by "A for B" whenever we re-write a formula C (B) for C (A). In other words, "A for B" abbreviates: ⊢ C (A) ⊢ A↔ B ⊢ C (B) by Proposition 3.19 For instance: Proposition 3.20. K ⊢ ¬□p → ♢¬p Proof. 1. K ⊢ ♢¬p ↔¬□¬¬p dual 2. K ⊢ ¬□¬¬p → ♢¬p pl, 1 3. K ⊢ ¬□p → ♢¬p p for ¬¬p □ In the above derivation, the final step "p for ¬¬p" is short for K ⊢ ¬□¬¬p → ♢¬p K ⊢ ¬¬p ↔ p taut K ⊢ ¬□p → ♢¬p by Proposition 3.19 The roles of C (q ), A, and B in Proposition 3.19 are played here, respectively, by ¬□q → ♢¬p, ¬¬p, and p . When a formula contains a sub-formula ¬♢A, we can replace it by □¬A using Proposition 3.19, since K ⊢ ¬♢A↔□¬A. We'll indicate this and similar replacements simply by "□¬ for ¬♢." The following proposition justifies that we can establish derivability results schematically. E.g., the previous proposition does not just establish that K ⊢ ¬□p→♢¬p, but K ⊢ ¬□A→♢¬A for arbitrary A. 51 3.6. MORE PROOFS IN K Proposition 3.21. If A is a substitution instance of B and K ⊢ B , then K ⊢ A. Proof. It is tedious but routine to verify (by induction on the length of the derivation of B) that applying a substitution to an entire derivation also results in a correct derivation. Specifically, substitution instances of tautological instances are themselves tautological instances, substitution instances of instances of dual andK are themselves instances of dual andK, and applications of mp and nec remain correct when substituting formulas for propositional variables in both premise(s) and conclusion. □ 3.6 More Proofs in K Let's see some more examples of derivability inK, now using the simplified method introduced in section 3.5. Proposition 3.22. K ⊢ □(A→ B) → (♢A→ ♢B) Proof. 1. K ⊢ (A→ B) → (¬B →¬A) pl 2. K ⊢ □(A→ B) → (□¬B →□¬A) rk, 1 3. K ⊢ (□¬B →□¬A) → (¬□¬A→¬□¬B) taut 4. K ⊢ (□¬B →□¬A) → (¬□¬A→¬□¬B) pl, 2, 3 5. K ⊢ □(A→ B) → (♢A→ ♢B) ♢ for ¬□¬. □ Proposition 3.23. K ⊢ □A→ (♢(A→ B) → ♢B) Proof. 1. K ⊢ A→ (¬B →¬(A→ B)) taut 2. K ⊢ □A→ (□¬B →□¬(A→ B)) rk, 1 3. K ⊢ □A→ (¬□¬(A→ B) → ¬□¬B) pl, 2 4. K ⊢ □A→ (♢(A→ B) → ♢B) ♢ for ¬□¬. □ 52 CHAPTER 3. AXIOMATIC DERIVATIONS Proposition 3.24. K ⊢ (♢A ∨ ♢B) → ♢(A ∨ B) Proof. 1. K ⊢ ¬(A ∨ B) → ¬A taut 2. K ⊢ □¬(A ∨ B) →□¬A rk, 1 3. K ⊢ ¬□¬A→¬□¬(A ∨ B) pl, 2 4. K ⊢ ♢A→ ♢(A ∨ B) ♢ for ¬□¬ 5. K ⊢ ♢B → ♢(A ∨ B) similarly 6. K ⊢ (♢A ∨ ♢B) → ♢(A ∨ B) pl, 4, 5. □ Proposition 3.25. K ⊢ ♢(A ∨ B) → (♢A ∨ ♢B) Proof. 1. K ⊢ ¬A→ (¬B →¬(A ∨ B) taut 2. K ⊢ □¬A→ (□¬B →□¬(A ∨ B) rk 3. K ⊢ □¬A→ (¬□¬(A ∨ B) → ¬□¬B)) pl, 2 4. K ⊢ ¬□¬(A ∨ B) → (□¬A→¬□¬B) pl, 3 5. K ⊢ ¬□¬(A ∨ B) → (¬¬□¬B →¬□¬A) pl, 4 6. K ⊢ ♢(A ∨ B) → (¬♢B → ♢A) ♢ for ¬□¬ 7. K ⊢ ♢(A ∨ B) → (♢B ∨ ♢A) pl, 6. □ 3.7 Dual Formulas Definition 3.26. Each of the formulas T, B, 4, and 5 has a dual, denoted by a subscripted diamond, as follows: p → ♢p (T♢) ♢□p → p (B♢) ♢♢p → ♢p (4♢) ♢□p →□p (5♢) 53 3.8. PROOFS IN MODAL SYSTEMS Each of the above dual formulas is obtained from the corresponding formula by substituting ¬p for p, contraposing, replacing ¬□¬ by ♢, and replacing ¬♢¬ by □. D, i.e., □A→ ♢A is its own dual in that sense. 3.8 Proofs in Modal Systems We now come to proofs in systems of modal logic other than K. Proposition 3.27. The following provability results obtain: 1. KT5 ⊢ B; 2. KT5 ⊢ 4; 3. KDB4 ⊢ T; 4. KB4 ⊢ 5; 5. KB5 ⊢ 4; 6. KT ⊢ D. Proof. We exhibit proofs for each. 1. KT5 ⊢ B: 1. KT5 ⊢ ♢A→□♢A 5 2. KT5 ⊢ A→ ♢A T♢ 3. KT5 ⊢ A→□♢A pl. 2. KT5 ⊢ 4: 1. KT5 ⊢ ♢□A→□♢□A 5 with □A for p 2. KT5 ⊢ □A→ ♢□A T♢ with □A for p 3. KT5 ⊢ □A→□♢□A pl, 1, 2 4. KT5 ⊢ ♢□A→□A 5♢ 5. KT5 ⊢ □♢□A→□□A rk, 4 6. KT5 ⊢ □A→□□A pl, 3, 5. 54 CHAPTER 3. AXIOMATIC DERIVATIONS 3. KDB4 ⊢ T: 1. KDB4 ⊢ ♢□A→ A B♢ 2. KDB4 ⊢ □□A→ ♢□A D with □A for p 3. KDB4 ⊢ □□A→ A pl1, 2 4. KDB4 ⊢ □A→□□A 4 5. KDB4 ⊢ □A→ A pl, 1, 4. 4. KB4 ⊢ 5: 1. KB4 ⊢ ♢A→□♢♢A B with ♢A for p 2. KB4 ⊢ ♢♢A→ ♢A 4♢ 3. KB4 ⊢ □♢♢A→□♢A rk, 2 4. KB4 ⊢ ♢A→□♢A pl, 1, 3. 5. KB5 ⊢ 4: 1. KB5 ⊢ □A→□♢□A B with □A for p 2. KB5 ⊢ ♢□A→□A 5♢ 3. KB5 ⊢ □♢□A→□□A rk, 2 4. KB5 ⊢ □A→□□A pl, 1, 3. 6. KT ⊢ D: 1. KT ⊢ □A→ A T 2. KT ⊢ A→ ♢A T♢ 3. KT ⊢ □A→ ♢A pl, 1, 2 □ Definition 3.28. Following tradition, we define S4 to be the system KT4, and S5 the system KTB4. The following proposition shows that the classical system S5 has several equivalent axiomatizations. This should not surprise, as the various combinations of axioms all characterize equivalence relations (see Proposition 2.12). 55 3.9. SOUNDNESS Proposition 3.29. KTB4 = KT5 = KDB4 = KDB5. Proof. Exercise. □ 3.9 Soundness A derivation system is called sound if everything that can be derived is valid. When considering modal systems, i.e., derivations where in addition to K we can use instances of some formulas A1, . . . , An , we want every derivable formula to be true in any model in which A1, . . . , An are true. Theorem 3.30 (Soundness Theorem). If every instance of A1, . . . , An is valid in the classes of models C1, . . . , Cn , respectively, then KA1 . . .An ⊢ B implies that B is valid in the class of models C1 ∩ * * * ∩ Cn . Proof. By induction on length of proofs. For brevity, put C = Cn ∩ * * * ∩ Cn . 1. Induction Basis: If B has a proof of length 1, then it is either a tautological instance, an instance of K, or of dual, or an instance of one of A1, . . . , An . In the first case, B is valid in C, since tautological instance are valid in any class of models, by Proposition 1.16. Similarly in the second case, by Proposition 1.19 and Proposition 1.20. Finally in the third case, since B is valid in Ci and C ⊆ Ci , we have that B is valid in C as well. 2. Inductive step: Suppose B has a proof of length k > 1. If B is a tautological instance or an instance of one of A1, . . . , An , we proceed as in the previous step. So suppose B is obtained by mp from previous formulasC→B andC . Then C → B and C have proofs of length < k , and by inductive hypothesis they are valid in C. By Proposition 1.21, B is valid in C as well. Finally suppose B is obtained by nec 56 CHAPTER 3. AXIOMATIC DERIVATIONS from C (so that B = □C ). By inductive hypothesis, C is valid in C, and by Proposition 1.13 so is B . □ 3.10 Showing Systems are Distinct In section 3.8 we saw how to prove that two systems of modal logic are in fact the same system. Theorem 3.30 allows us to show that two modal systems Σ and Σ ′ are distinct, by finding a formula A such that Σ ′ ⊢ A that fails in a model of Σ . Proposition 3.31. KD ⊊ KT Proof. This is the syntactic counterpart to the semantic fact that all reflexive relations are serial. To show KD ⊆ KT we need to see that KD ⊢ B implies KT ⊢ B , which follows from KT ⊢ D, as shown in Proposition 3.27(6). To show that the inclusion is proper, by Soundness (Theorem 3.30), it suffices to exhibit a model of KD where T, i.e., □p→ p, fails (an easy task left as an exercise), for then by Soundness KD ⊬ □p → p . □ Proposition 3.32. KB ≠ K4. Proof. We construct a symmetric model where some instance of 4 fails; since obviously the instance is derivable for K4 but not in KB, it will followK4 ⊈ KB. Consider the symmetric model M of Figure 3.1. Since the model is symmetric, K and B are true in M (by Proposition 1.19 and Theorem 2.1, respectively). However, M,w1 ⊮ □p →□□p . □ 57 3.10. SHOWING SYSTEMS ARE DISTINCT w1 ¬p ⊩ □p ⊮ □□p w2 p ⊮ □p Figure 3.1: A symmetric model falsifying an instance of 4. Theorem 3.33. KTB ⊬ 4 and KTB ⊬ 5. Proof. By Theorem 2.1 we know that all instances of T and B are true in every reflexive symmetric model (respectively). So by soundness, it suffices to find a reflexive symmetric model containing a world at which some instance of 4 fails, and similarly for 5. We use the same model for both claims. Consider the symmetric, reflexive model in Figure 3.2. Then M,w1 ⊮ □p → □□p, so 4 fails at w1. Similarly, M,w2 ⊮ ♢¬p→□♢¬p, so the instance of 5 with A = ¬p fails at w2. □ w1 p ⊩ □p ⊮ □□p ⊮ ♢¬p w2 p ⊩ ♢¬p ⊮ □♢¬p w3 ¬p Figure 3.2: The model for Theorem 3.33. Theorem 3.34. KD5 ≠ KT4 = S4. Proof. By Theorem 2.1 we know that all instances of D and 5 are true in all serial euclidean models. So it suffices to find a serial euclidean model containing a world at which some instance of 4 fails. Consider the model of Figure 3.3, and notice that M,w1 ⊮ □p →□□p . □ 58 CHAPTER 3. AXIOMATIC DERIVATIONS w2 p w1 ¬p ⊩ □p, ⊮ □□p w3 p w4 ¬p Figure 3.3: The model for Theorem 3.34. 3.11 Derivability from a Set of Formulas In section 3.8 we defined a notion of provability of a formula in a system Σ . We now extend this notion to provability in Σ from formulas in a set Γ . Definition 3.35. A formula A is derivable in a system Σ from a set of formulas Γ , written Γ ⊢Σ A if and only if there are B1, . . . , Bn ∈ Γ such that Σ ⊢ B1 → (B2 → * * * (Bn → A) * * * ). 3.12 Properties of Derivability Proposition 3.36. Let Σ be a modal system and Γ a set of modal formulas. The following properties hold: 1. Monotony: If Γ ⊢Σ A and Γ ⊆ ∆ then ∆ ⊢Σ A; 2. Reflexivity: If A ∈ Γ then Γ ⊢Σ A; 3. Cut: If Γ ⊢Σ A and ∆ ∪ {A} ⊢Σ B then Γ ∪ ∆ ⊢Σ B ; 59 3.13. CONSISTENCY 4. Deduction theorem: Γ∪{B } ⊢Σ A if and only if Γ ⊢Σ B→A; 5. Γ ⊢Σ A1 and . . . and Γ ⊢Σ An and A1 → (A2 → * * * (An → B) * * * ) is a tautological instance, then Γ ⊢Σ B . The proof is an easy exercise. Part (5) of Proposition 3.36 gives us that, for instance, if Γ ⊢Σ A ∨ B and Γ ⊢Σ ¬A, then Γ ⊢Σ B . Also, in what follows, we write Γ,A ⊢Σ B instead of Γ ∪ {A} ⊢Σ B . Definition 3.37. A set Γ is deductively closed relatively to a system Σ if and only if Γ ⊢Σ A implies A ∈ Γ . 3.13 Consistency Consistency is an important property of sets of formulas. A set of formulas is inconsistent if a contradiction, such as ⊥, is derivable from it; and otherwise consistent. If a set is inconsistent, its formulas cannot all be true in a model at a world. For the completeness theorem we prove the converse: every consistent set is true at a world in a model, namely in the "canonical model." Definition 3.38. A set Γ is consistent relatively to a system Σ or, as we will say, Σ -consistent, if and only if Γ ⊬Σ ⊥. So for instance, the set {□(p→ q ),□p,¬□q } is consistent relatively to propositional logic, but not K-consistent. Similarly, the set {♢p,□♢p → q ,¬q } is not K5-consistent. Proposition 3.39. Let Γ be a set of formulas. Then: 1. A set Γ is Σ -consistent if and only if there is some formula A such that Γ ⊬Σ A. 2. Γ ⊢Σ A if and only if Γ ∪ {¬A} is not Σ -consistent. 60 CHAPTER 3. AXIOMATIC DERIVATIONS 3. If Γ is Σ -consistent, then for any formula A, either Γ ∪ {A} is Σ -consistent or Γ ∪ {¬A} is Σ -consistent. Proof. These facts follow easily using classical propositional logic. We give the argument for (3). Proceed contrapositively and suppose neither Γ ∪ {A} nor Γ ∪ {¬A} is Σ -consistent. Then by (2), both Γ,A ⊢Σ ⊥ and Γ,¬A ⊢Σ ⊥. By the deduction theorem Γ ⊢Σ A → ⊥ and Γ ⊢Σ ¬A→⊥. But (A→⊥)→((¬A→⊥)→⊥) is a tautological instance, hence by Proposition 3.36(5), Γ ⊢Σ ⊥. □ Problems Problem 3.1. Prove Proposition 3.7. Problem 3.2. Find derivations in K for the following formulas: 1. □¬p →□(p → q ) 2. (□p ∨□q ) →□(p ∨ q ) 3. ♢p → ♢(p ∨ q ) Problem 3.3. Prove Proposition 3.19 by proving, by induction on the complexity of C , that if K ⊢ A↔ B then K ⊢ C [A/q ] ↔ C [B/q ]. Problem 3.4. Show that the following derivability claims hold: 1. K ⊢ ♢¬⊥→ (□A→ ♢A); 2. K ⊢ □(A ∨ B) → (♢A ∨□B); 3. K ⊢ (♢A→□B) →□(A→ B). Problem 3.5. Show that for each formula A in Definition 3.26: K ⊢ A↔ A♢. Problem 3.6. Prove Proposition 3.29. 61 3.13. CONSISTENCY Problem 3.7. Give an alternative proof of Theorem 3.34 using a model with 3 worlds. Problem 3.8. Provide a single reflexive transitive model showing that both KT4 ⊬ B and KT4 ⊬ 5. CHAPTER 4 Completeness and Canonical Models 4.1 Introduction If Σ is a modal system, then the soundness theorem establishes that if Σ ⊢ A, then A is valid in any class Cof models in which all instances of all formulas in Σ are valid. In particular that means that if K ⊢ A then A is true in all models; if KT ⊢ A then A is true in all reflexive models; if KD ⊢ A then A is true in all serial models, etc. Completeness is the converse of soundness: that K is complete means that if a formula A is valid, ⊢ A, for instance. Proving completeness is a lot harder to do than proving soundness. It is useful, first, to consider the contrapositive: K is complete iff whenever ⊬ A, there is a countermodel, i.e., a model M such that M ⊮ A. Equivalently (negating A), we could prove that whenever ⊬ ¬A, there is a model of A. In the construction of such a model, we can use information contained in A. When we find models for specific formulas we often do the same: E.g., if we want to 62 63 4.1. INTRODUCTION find a countermodel to p → □q , we know that it has to contain a world where p is true and □q is false. And a world where □q is false means there has to be a world accessible from it where q is false. And that's all we need to know: which worlds make the propositional variables true, and which worlds are accessible from which worlds. In the case of proving completeness, however, we don't have a specific formula A for which we are constructing a model. We want to establish that a model exists for every A such that ⊬Σ ¬A. This is a minimal requirement, since if ⊢Σ ¬A, by soundness, there is no model for A (in which Σ is true). Now note that ⊬Σ ¬A iff A is Σ -consistent. (Recall that Σ ⊬Σ ¬A and A ⊬Σ ⊥ are equivalent.) So our task is to construct a model for every Σ -consistent formula. The trick we'll use is to find a Σ -consistent set of formulas that contains A, but also other formulas which tell us what the world that makes A true has to look like. Such sets are complete Σ consistent sets. It's not enough to construct a model with a single world to make A true, it will have to contain multiple worlds and an accessibility relation. The complete Σ -consistent set containing A will also contain other formulas of the form □B and ♢C . In all accessible worlds, B has to be true; in at least one, C has to be true. In order to accomplish this, we'll simply take all possible complete Σ -consistent sets as the basis for the set of worlds. A tricky part will be to figure out when a complete Σ -consistent set should count as being accessible from another in our model. We'll show that in the model so defined, A is true at a world- which is also a complete Σ -consistent set-iff A is an element of that set. If A is Σ -consistent, it will be an element of at least one complete Σ -consistent set (a fact we'll prove), and so there will be a world where A is true. So we will have a single model where every Σ -consistent formula A is true at some world. This single model is the canonical model for Σ . 64 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS 4.2 Complete Σ -Consistent Sets Suppose Σ is a set of modal formulas-think of them as the axioms or defining principles of a normal modal logic. A set Γ is Σ -consistent iff Γ ⊬Σ ⊥, i.e., if there is no derivation of A1 → (A2 → * * * (An → ⊥) . . . ) from Σ , where each Ai ∈ Γ . We will construct a "canonical" model in which each world is taken to be a special kind of Σ -consistent set: one which is not just Σ -consistent, but maximally so, in the sense that it settles the truth value of every modal formula: for every A, either A ∈ Γ or ¬A ∈ Γ : Definition 4.1. A set Γ is complete Σ -consistent if and only if it is Σ -consistent and for every A, either A ∈ Γ or ¬A ∈ Γ . Complete Σ -consistent sets Γ have a number of useful properties. For one, they are deductively closed, i.e., if Γ ⊢Σ A then A ∈ Γ . This means in particular that every instance of a formula A ∈ Σ is also ∈ Γ . Moreover, membership in Γ mirrors the truth conditions for the propositional connectives. This will be important when we define the "canonical model." Proposition 4.2. Suppose Γ is complete Σ -consistent. Then: 1. Γ is deductively closed in Σ . 2. Σ ⊆ Γ . 3. ⊥ ∉ Γ 4. ¬A ∈ Γ if and only if A ∉ Γ . 5. A ∧ B ∈ Γ iff A ∈ Γ and B ∈ Γ 6. A ∨ B ∈ Γ iff A ∈ Γ or B ∈ Γ 7. A→ B ∈ Γ iff A ∉ Γ or B ∈ Γ 65 4.3. LINDENBAUM'S LEMMA Proof. 1. Suppose Γ ⊢Σ A butA ∉ Γ . Then since Γ is complete Σ -consistent, ¬A ∈ Γ . This would make Γ inconsistent, since A,¬A ⊢Σ ⊥. 2. If A ∈ Σ then Γ ⊢Σ A, and A ∈ Γ by deductive closure, i.e., case (1). 3. If ⊥ ∈ Γ , then Γ ⊢Σ ⊥, so Γ would be Σ -inconsistent. 4. If ¬A ∈ Γ , then by consistency A ∉ Γ ; and if A ∉ Γ then A ∈ Γ since Γ is complete Σ -consistent. 5. Exercise. 6. Suppose A ∨ B ∈ Γ , and A ∉ Γ and B ∉ Γ . Since Γ is complete Σ -consistent, ¬A ∈ Γ and ¬B ∈ Γ . Then ¬(A ∨ B) ∈ Γ since ¬A→(¬B→¬(A∨B)) is a tautological instance. This would mean that Γ is Σ -inconsistent, a contradiction. 7. Exercise. 4.3 Lindenbaum's Lemma Lindenbaum's Lemma establishes that every Σ -consistent set of formulas is contained in at least one complete Σ -consistent set. Our construction of the canonical model will show that for each complete Σ -consistent set ∆, there is a world in the canonical model where all and only the formulas in ∆ are true. So Lindenbaum's Lemma guarantees that every Σ -consistent set is true at some world in the canonical model. 66 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS Theorem 4.3 (Lindenbaum's Lemma). If Γ is Σ -consistent then there is a complete Σ -consistent set ∆ extending Γ . Proof. Let A0, A1, . . . be an exhaustive listing of all formulas of the language (repetitions are allowed). For instance, start by listing p0, and at each stage n ≥ 1 list the finitely many formulas of length n using only variables among p0, . . . , pn . We define sets of formulas ∆n by induction on n, and we then set ∆ = ⋃︁ n ∆n . We first put ∆0 = Γ . Supposing that ∆n has been defined, we define ∆n+1 by: ∆n+1 = {︄ ∆n ∪ {An}, if ∆n ∪ {An} is consistent; ∆n ∪ {¬An}, otherwise. If we now let ∆ = ⋃︁∞ n=0 ∆n . We have to show that this definition actually yields a set ∆ with the required properties, i.e., Γ ⊆ ∆ and ∆ is complete Σ consistent. It's obvious that Γ ⊆ ∆, since ∆0 ⊆ ∆ by construction, and ∆0 = Γ . In fact, ∆n ⊆ ∆ for all n, since ∆ is the union of all ∆n . (Since in each step of the construction, we add a formula to the set already constructed, ∆n ⊆ ∆n+1, so since ⊆ is transitive, ∆n ⊆ ∆m whenever n ≤ m.) At each stage of the construction, we either add An or ¬An , and every formula appears (at least once) in the list of all An . So, for every A either A ∈ ∆ or ¬A ∈ ∆, so ∆ is complete by definition. Finally, we have to show, that ∆ is Σ -consistent. To do this, we show that (a) if ∆ were Σ -inconsistent, then some ∆n would be Σ -inconsistent, and (b) all ∆n are Σ -consistent. So suppose ∆ were Σ -inconsistent. Then ∆ ⊢Σ ⊥, i.e., there are A1, . . . , Ak ∈ ∆ such that Σ ⊢ A1 → (A2 → * * * (Ak →⊥) . . . ). Since ∆ = ⋂︁∞ n=0, each Ai ∈ ∆ni for some ni . Let n be the largest of these. Since ni ≤ n, ∆ni ⊆ ∆n . So, all Ai are in some ∆n . This would mean ∆n ⊢Σ ⊥, i.e., ∆n is Σ -inconsistent. To show that each ∆n is Σ -consistent, we use a simple induction on n. ∆0 = Γ , and we assumed Γ was Σ -consistent. So 67 4.4. MODALITIES AND COMPLETE CONSISTENT SETS the claim holds for n = 0. Now suppose it holds for n, i.e., ∆n is Σ -consistent. ∆n+1 is either ∆n ∪ {An} is that is Σ -consistent, otherwise it is ∆n ∪ {¬An}. In the first case, ∆n+1 is clearly Σ consistent. However, by Proposition 3.39(3), either ∆n ∪ {An} or ∆n ∪ {¬An} is consistent, so ∆n+1 is consistent in the other case as well. □ Corollary 4.4. Γ ⊢Σ A if and only if A ∈ ∆ for each complete Σ consistent set ∆ extending Γ (including when Γ = ∅, in which case we get another characterization of the modal system Σ .) Proof. Suppose Γ ⊢Σ A, and let ∆ be any complete Σ -consistent set extending Γ . If A ∉ ∆ then by maximality ¬A ∈ ∆ and so ∆ ⊢Σ A (by monotony) and ∆ ⊢Σ ¬A (by reflexivity), and so ∆ is inconsistent. Conversely if Γ ⊬Σ A, then Γ∪{¬A} is Σ -consistent, and by Lindenbaum's Lemma there is a complete consistent set ∆ extending Γ ∪ {¬A}. By consistency, A ∉ ∆. □ 4.4 Modalities and Complete Consistent Sets When we construct a model MΣ whose set of worlds is given by the complete Σ -consistent sets ∆ in some normal modal logic Σ , we will also need to define an accessibility relation RΣ between such "worlds." We want it to be the case that the accessibility relation (and the assignment V Σ ) are defined in such a way that MΣ , ∆ ⊩ A iff A ∈ ∆. How should we do this? Once the accessibility relation is defined, the definition of truth at a world ensures that MΣ , ∆ ⊩ □A iff MΣ , ∆′ ⊩ A for all ∆′ such that RΣ ∆∆′. The proof that MΣ , ∆ ⊩ A iff A ∈ ∆ requires that this is true in particular for formulas starting with a modal operator, i.e., MΣ , ∆ ⊩ □A iff □A ∈ ∆. Combining this requirement with the definition of truth at a world for □A yields: □A ∈ ∆ iff A ∈ ∆′ for all ∆′ with RΣ ∆∆′ 68 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS Consider the left-to-right direction: it says that if □A ∈ ∆, then A ∈ ∆′ for any A and any ∆′ with RΣ ∆∆′. If we stipulate that RΣ ∆∆′ iff A ∈ ∆′ for all □A ∈ ∆, then this holds. We can write the condition on the right of the "iff" more compactly as: {A : □A ∈ ∆} ⊆ ∆′. So the question is: does this definition of RΣ in fact guarantee that □A ∈ ∆ iff MΣ , ∆ ⊩ □A? Does it also guarantee that ♢A ∈ ∆ iff MΣ , ∆ ⊩ ♢A? The next few results will establish this. Definition 4.5. If Γ is a set of formulas, let □Γ = {□B : B ∈ Γ} ♢Γ = {♢B : B ∈ Γ} and □−1Γ = {B : □B ∈ Γ} ♢−1Γ = {B : ♢B ∈ Γ} In other words, □Γ is Γ with □ in front of every formula in Γ ; □−1Γ is all the □'ed formulas of Γ with the initial □'s removed. This definition is not terribly important on its own, but will simplify the notation considerably. Note that □□−1Γ ⊆ Γ : □□−1Γ = {□B : □B ∈ Γ} i.e., it's just the set of all those formulas of Γ that start with □. Lemma 4.6. If Γ ⊢Σ A then □Γ ⊢Σ □A. Proof. If Γ ⊢Σ A then there are B1, . . . , Bk ∈ Γ such that Σ ⊢ B1 → (B2 → * * * (Bn → A) * * * ). Since Σ is normal, by rule rk, Σ ⊢ □B1 → (□B2 → * * * (□Bn → □A) * * * ), where obviously □B1, . . . , □Bk ∈ □Γ . Hence, by definition, □Γ ⊢Σ □A. □ 69 4.4. MODALITIES AND COMPLETE CONSISTENT SETS Lemma 4.7. If □−1Γ ⊢Σ A then Γ ⊢Σ □A. Proof. Suppose □−1Γ ⊢Σ A; then by Lemma 4.6, □□−1Γ ⊢ □A. But since □□−1Γ ⊆ Γ , also Γ ⊢Σ □A by Monotony. □ Proposition 4.8. If Γ is complete Σ -consistent, then □A ∈ Γ if and only if for every complete Σ -consistent ∆ such that □−1Γ ⊆ ∆, it holds that A ∈ ∆. Proof. Suppose Γ is complete Σ -consistent. The "only if" direction is easy: Suppose □A ∈ Γ and that □−1Γ ⊆ ∆. Since □A ∈ Γ , A ∈ □−1Γ ⊆ ∆, so A ∈ ∆. For the "if" direction, we prove the contrapositive: Suppose □A ∉ Γ . Since Γ is complete Σ -consistent, it is deductively closed, and hence Γ ⊬Σ □A. By Lemma 4.7, □−1Γ ⊬Σ A. By Proposition 3.39(2), □−1Γ ∪ {¬A} is Σ -consistent. By Lindenbaum's Lemma, there is a complete Σ -consistent set ∆ such that □−1Γ ∪ {¬A} ⊆ ∆. By consistency, A ∉ ∆. □ Lemma 4.9. Suppose Γ and ∆ are complete Σ -consistent. Then: □−1Γ ⊆ ∆ if and only if ♢∆ ⊆ Γ . Proof. "Only if" direction: Assume □−1Γ ⊆ ∆ and suppose ♢A ∈ ♢∆ (i.e., A ∈ ∆). In order to show ♢A ∈ Γ it suffices to show □¬A ∉ Γ for then by maximality ¬□¬A ∈ Γ . Now, if □¬A ∈ Γ then by hypothesis ¬A ∈ ∆, against the consistency of ∆ (since A ∈ ∆). Hence □¬A ∉ Γ , as required. "If" direction: Assume ♢∆ ⊆ Γ . We argue contrapositively: suppose A ∉ ∆ in order to show □A ∉ Γ . If A ∉ ∆ then by maximality ¬A ∈ ∆ and so by hypothesis ♢¬A ∈ Γ . But in a normal modal logic ♢¬A is equivalent to ¬□A, and if the latter is in Γ , by consistency □A ∉ Γ , as required. □ 70 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS Proposition 4.10. If Γ is complete Σ -consistent, then ♢A ∈ Γ if and only if for some complete Σ -consistent ∆ such that ♢∆ ⊆ Γ , it holds that A ∈ ∆. Proof. Suppose Γ is complete Σ -consistent. ♢A ∈ Γ iff ¬□¬A ∈ Γ by dual and closure. ¬□¬A ∈ Γ iff □¬A ∉ Γ by Proposition 4.2(4) since Γ is complete Σ -consistent. By Proposition 4.8, □¬A ∉ Γ iff, for some complete Σ -consistent ∆ with □−1Γ ⊆ ∆, ¬A ∉ ∆. Now consider any such ∆. By Lemma 4.9, □−1Γ ⊆ ∆ iff ♢∆ ⊆ Γ . Also, ¬A ∉ ∆ iff A ∈ ∆ by Proposition 4.2(4). So ♢A ∈ Γ iff, for some complete Σ -consistent ∆ with ♢∆ ⊆ Γ , A ∈ ∆. □ 4.5 Canonical Models The canonical model for a modal system Σ is a specific model MΣ in which the worlds are all complete Σ -consistent sets. Its accessibility relation RΣ and valuation V Σ are defined so as to guarantee that the formulas true at a world ∆ are exactly the formulas making up ∆. Definition 4.11. Let Σ be a normal modal logic. The canonical model for Σ is MΣ = ⟨W Σ ,RΣ ,V Σ ⟩, where: 1. MΣ = {∆ : ∆ is complete Σ -consistent}. 2. RΣ ∆∆′ holds if and only if □−1∆ ⊆ ∆′. 3. V Σ (p) = {∆ : p ∈ ∆}. 4.6 The Truth Lemma The canonical model MΣ is defined in such a way that MΣ , ∆ ⊩ A iff A ∈ ∆. For propositional variables, the definition ofV Σ yields this directly. We have to verify that the equivalence holds for all formulas, however. We do this by induction. The inductive step 71 4.6. THE TRUTH LEMMA involves proving the equivalence for formulas involving propositional operators (where we have to use Proposition 4.2) and the modal operators (where we invoke the results of section 4.4). Proposition 4.12 (Truth Lemma). For every formula A, MΣ , ∆ ⊩ A if and only if A ∈ ∆. Proof. By induction on A. 1. A ≡ ⊥: MΣ , ∆ ⊮ ⊥ by Definition 1.7, and ⊥ ∉ ∆ by Proposition 4.2(3). 2. A ≡ p : MΣ , ∆ ⊩ p iff ∆ ∈ V Σ (p) by Definition 1.7. Also, ∆ ∈ V Σ (p) iff p ∈ ∆ by definition of V Σ . 3. A ≡ ¬B : MΣ , ∆ ⊩ ¬B iff MΣ , ∆ ⊮ B (Definition 1.7) iff B ∉ ∆ (by inductive hypothesis) iff ¬B ∈ ∆ (by Proposition 4.2(4)). 4. A ≡ B ∧C : Exercise. 5. A ≡ B ∨C : MΣ , ∆ ⊩ B ∨C iff MΣ , ∆ ⊩ B or MΣ , ∆ ⊩ C (by Definition 1.7) iff B ∈ ∆ or C ∈ ∆ (by inductive hypothesis) iff B ∨C ∈ ∆ (by Proposition 4.2(6)). 6. A ≡ B →C : Exercise. 7. A ≡ □B : First suppose that MΣ , ∆ ⊩ □B . By Definition 1.7, for every ∆′ such that RΣ ∆∆′, MΣ , ∆′ ⊩ B . By inductive hypothesis, for every ∆′ such that RΣ ∆∆′, B ∈ ∆′. By definition of RΣ , for every ∆′ such that □−1∆ ⊆ ∆′, B ∈ ∆′. By Proposition 4.8, □B ∈ ∆. Now assume □B ∈ ∆. Let ∆′ ∈ W Σ be such that RΣ ∆∆′, i.e., □−1∆ ⊆ ∆′. Since □B ∈ ∆, B ∈ □−1∆. Consequently, B ∈ ∆′. By inductive hypothesis, MΣ , ∆′ ⊩ B . Since ∆′ is arbitrary with RΣ ∆∆′, for all ∆′ ∈ W Σ such that RΣ ∆∆′, MΣ , ∆′ ⊩ B . By Definition 1.7, MΣ , ∆ ⊩ □B . 8. A ≡ ♢B : Exercise. □ 72 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS 4.7 Determination and Completeness for K We are now prepared to use the canonical model to establish completeness. Completeness follows from the fact that the formulas true in the canonical for Σ are exactly the Σ -derivable ones. Models with this property are said to determine Σ . Definition 4.13. A model M determines a normal modal logic Σ precisely when M ⊩ A if and only if Σ ⊢ A, for all formulas A. Theorem 4.14 (Determination). MΣ ⊩ A if and only if Σ ⊢ A. Proof. If MΣ ⊩ A, then for every complete Σ -consistent ∆, we have MΣ , ∆ ⊩ A. Hence, by the Truth Lemma, A ∈ ∆ for every complete Σ -consistent ∆, whence by Corollary 4.4 (with Γ = ∅), Σ ⊢ A. Conversely, if Σ ⊢ A then by Proposition 4.2(1), every complete Σ -consistent ∆ contains A, and hence by the Truth Lemma, MΣ , ∆ ⊩ A for every ∆ ∈W Σ , i.e., MΣ ⊩ A. □ Since the canonical model for K determines K, we immediately have completeness of K as a corollary: Corollary 4.15. The basic modal logic K is complete with respect to the class of all models, i.e., if ⊨ A then K ⊢ A. Proof. Contrapositively, ifK ⊬ A then by Determination MK ⊮ A and hence A is not valid. □ For the general case of completeness of a system Σ with respect to a class of models, e.g., of KTB4 with respect to the class of reflexive, symmetric, transitive models, determination alone is not enough. We must also show that the canonical model for the system Σ is a member of the class, which does not follow obviously from the canonical model construction-nor is it always true! 73 4.8. FRAME COMPLETENESS 4.8 Frame Completeness The completeness theorem forK can be extended to other modal systems, once we show that the canonical model for a given logic has the corresponding frame property. Theorem 4.16. If a normal modal logic Σ contains one of the formulas on the left-hand side of table 4.1, then the canonical model for Σ has the corresponding property on the right-hand side. If Σ contains . . . . . . the canonical model for Σ is: D: □A→ ♢A serial; T: □A→ A reflexive; B: A→□♢A symmetric; 4: □A→□□A transitive; 5: ♢A→□♢A euclidean. Table 4.1: Basic correspondence facts. Proof. We take each of these up in turn. Suppose Σ contains D, and let ∆ ∈W Σ ; we need to show that there is a ∆′ such that RΣ ∆∆′. It suffices to show that □−1∆ is Σ -consistent, for then by Lindenbaum's Lemma, there is a complete Σ -consistent set ∆′ ⊇ □−1∆, and by definition of RΣ we have RΣ ∆∆′. So, suppose for contradiction that □−1∆ is not Σ consistent, i.e., □−1∆ ⊢Σ ⊥. By Lemma 4.7, ∆ ⊢Σ □⊥, and since Σ contains D, also ∆ ⊢Σ ♢⊥. But Σ is normal, so Σ ⊢ ¬♢⊥ (Proposition 3.7), whence also ∆ ⊢Σ ¬♢⊥, against the consistency of ∆. Now suppose Σ contains T, and let ∆ ∈ W Σ . We want to show RΣ ∆∆, i.e., □−1∆ ⊆ ∆. But if □A ∈ ∆ then by T also A ∈ ∆, as desired. Now suppose Σ contains B, and suppose RΣ ∆∆′ for ∆, ∆′ ∈ W Σ . We need to show that RΣ ∆′∆, i.e., □−1∆′ ⊆ ∆. By Lemma 4.9, this is equivalent to ♢∆ ⊆ ∆′. So suppose A ∈ ∆. By B, also □♢A ∈ ∆. By the hypothesis that RΣ ∆∆′, we have that □−1∆ ⊆ ∆′, and hence ♢A ∈ ∆′, as required. 74 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS Now suppose Σ contains 4, and suppose RΣ ∆1∆2 and RΣ ∆2∆3. We need to show RΣ ∆1∆3. From the hypothesis we have both □−1∆1 ⊆ ∆2 and □−1∆2 ⊆ ∆3. In order to show RΣ ∆1∆3 it suffices to show □−1∆1 ⊆ ∆3. So let B ∈ □−1∆1, i.e., □B ∈ ∆1. By 4, also □□B ∈ ∆1 and by hypothesis we get, first, that □B ∈ ∆2 and, second, that B ∈ ∆3, as desired. Now suppose Σ contains 5, suppose RΣ ∆1∆2 and RΣ ∆1∆3. We need to show RΣ ∆2∆3. The first hypothesis gives □−1∆1 ⊆ ∆2, and the second hypothesis is equivalent to ♢∆3 ⊆ ∆2, by Lemma 4.9. To show RΣ ∆2∆3, by Lemma 4.9, it suffices to show ♢∆3 ⊆ ∆2. So let ♢A ∈ ♢∆3, i.e., A ∈ ∆3. By the second hypothesis ♢A ∈ ∆1 and by 5, □♢A ∈ ∆1 as well. But now the first hypothesis gives ♢A ∈ ∆2, as desired. □ As a corollary we obtain completeness results for a number of systems. For instance, we know that S5 = KT5 = KTB4 is complete with respect to the class of all reflexive euclidean models, which is the same as the class of all reflexive, symmetric and transitive models. Theorem 4.17. Let CD, CT, CB, C4, and C5 be the class of all serial, reflexive, symmetric, transitive, and euclidean models (respectively). Then for any schemas A1, . . . , An among D, T, B, 4, and 5, the system KA1 . . .An is determined by the class of models C= CA1 ∩ * * * ∩ CAn . Proposition 4.18. Let Σ be a normal modal logic; then: 1. If Σ contains the schema ♢A → □A then the canonical model for Σ is partially functional. 2. If Σ contains the schema ♢A ↔ □A then the canonical model for Σ is functional. 3. If Σ contains the schema □□A→□A then the canonical model for Σ is weakly dense. 75 4.8. FRAME COMPLETENESS (see table 2.2 for definitions of these frame properties). Proof. 1. Suppose that Σ contains the schema ♢A → □A, to show that RΣ is partially functional we need to prove that for any ∆1, ∆2, ∆3 ∈W Σ , if RΣ ∆1∆2 and RΣ ∆1∆3 then ∆2 = ∆3. Since RΣ ∆1∆2 we have □−1∆1 ⊆ ∆2 and since RΣ ∆1∆3 also □−1∆1 ⊆ ∆3. The identity ∆2 = ∆3 will follow if we can establish the two inclusions ∆2 ⊆ ∆3 and ∆3 ⊆ ∆2. For the first inclusion, let A ∈ ∆2; then ♢A ∈ ∆1, and by the schema and deductive closure of ∆1 also □A ∈ ∆1, whence by the hypothesis that RΣ ∆1∆3, A ∈ ∆3. The second inclusion is similar. 2. This follows immediately from part (1) and the seriality proof in Theorem 4.16. 3. Suppose Σ contains the schema □□A→ □A and to show that RΣ is weakly dense, let RΣ ∆1∆2. We need to show that there is a complete Σ -consistent set ∆3 such that RΣ ∆1∆3 and RΣ ∆3∆2. Let: Γ = □−1∆1 ∪ ♢∆2. It suffices to show that Γ is Σ -consistent, for then by Lindenbaum's Lemma it can be extended to a complete Σ consistent set ∆3 such that □−1∆1 ⊆ ∆3 and ♢∆2 ⊆ ∆3, i.e., RΣ ∆1∆3 and RΣ ∆3∆2 (by Lemma 4.9). Suppose for contradiction that Γ is not consistent. Then there are formulas □A1, . . . , □An ∈ ∆1 and B1, . . . , Bm ∈ ∆2 such that A1, . . . ,An,♢B1, . . . ,♢Bm ⊢Σ ⊥. Since ♢(B1∧* * *∧Bm) → (♢B1∧* * *∧♢Bm) is derivable in every normal modal logic, we argue as follows, contradicting the consistency of ∆2: A1, . . . ,An,♢B1, . . . ,♢Bm ⊢Σ ⊥ 76 CHAPTER 4. COMPLETENESS AND CANONICAL MODELS A1, . . . ,An ⊢Σ (♢B1 ∧ * * * ∧ ♢Bm) → ⊥ by the deduction theorem Proposition 3.36(4), and taut A1, . . . ,An ⊢Σ ♢(B1 ∧ * * * ∧ Bm) → ⊥ since Σ is normal A1, . . . ,An ⊢Σ ¬♢(B1 ∧ * * * ∧ Bm) by pl A1, . . . ,An ⊢Σ □¬(B1 ∧ * * * ∧ Bm) □¬ for ¬♢ □A1, . . . ,□An ⊢Σ □□¬(B1 ∧ * * * ∧ Bm) by Lemma 4.6 □A1, . . . ,□An ⊢Σ □¬(B1 ∧ * * * ∧ Bm) by schema □□A→□A ∆1 ⊢Σ □¬(B1 ∧ * * * ∧ Bm) by monotony, Proposition 3.36(1) □¬(B1 ∧ * * * ∧ Bm) ∈ ∆1 by deductive closure; ¬(B1 ∧ * * * ∧ Bm) ∈ ∆2 since RΣ ∆1∆2. □ On the strength of these examples, one might think that every system Σ of modal logic is complete, in the sense that it proves every formula which is valid in every frame in which every theorem of Σ is valid. Unfortunately, there are many systems that are not complete in this sense. Problems Problem 4.1. Complete the proof of Proposition 4.2. 77 4.8. FRAME COMPLETENESS Problem 4.2. Show that if Γ is complete Σ -consistent, then ♢A ∈ Γ if and only if there is a complete Σ -consistent ∆ such that □−1Γ ⊆ ∆ and A ∈ ∆. Do this without using Lemma 4.9. Problem 4.3. Complete the proof of Proposition 4.12. CHAPTER 5 Filtrations and Decidability 5.1 Introduction One important question about a logic is always whether it is decidable, i.e., if there is an effective procedure which will answer the question "is this formula valid." Propositional logic is decidable: we can effectively test if a formula is a tautology by constructing a truth table, and for a given formula, the truth table is finite. But we can't obviously test if a modal formula is true in all models, for there are infinitely many of them. We can list all the finite models relevant to a given formula, since only the assignment of subsets of worlds to propositional variables which actually occur in the formula are relevant. If the accessibility relation is fixed, the possible different assignmentsV (p) are just all the subsets ofW , and if |W | = n there are 2n of those. If our formula A contains m propositional variables there are then 2nm different models with n worlds. For each one, we can test if A is true at all worlds, simply by computing the truth value of A in each. Of course, we also have to check all possible accessibility relations, but there are only finitely many relations on n worlds as well (specifically, the number of subsets ofW ×W , i.e., 2n 2 . 78 79 5.1. INTRODUCTION If we are not interested in the logic K, but a logic defined by some class of models (e.g., the reflexive transitive models), we also have to be able to test if the accessibility relation is of the right kind. We can do that whenever the frames we are interested in are definable by modal formulas (e.g., by testing if T and 4 valid in the frame). So, the idea would be to run through all the finite frames, test each one if it is a frame in the class we're interested in, then list all the possible models on that frame and test if A is true in each. If not, stop: A is not valid in the class of models of interest. There is a problem with this idea: we don't know when, if ever, we can stop looking. If the formula has a finite countermodel, our procedure will find it. But if it has no finite countermodel, we won't get an answer. The formula may be valid (no countermodels at all), or it have only an infinite countermodel, which we'll never look at. This problem can be overcome if we can show that every formula that has a countermodel has a finite countermodel. If this is the case we say the logic has the finite model property. But how would we show that a logic has the finite model property? One way of doing this would be to find a way to turn an infinite (counter)model of A into a finite one. If that can be done, then whenever there is a model in which A is not true, then the resulting finite model also makes A not true. That finite model will show up on our list of all finite models, and we will eventually determine, for every formula that is not valid, that it isn't. Our procedure won't terminate if the formula is valid. If we can show in addition that there is some maximum size that the finite model our procedure provides can have, and that this maximum size depends only on the formula A, we will have a size up to which we have to test finite models in our search for countermodels. If we haven't found a countermodel by then, there are none. Then our procedure will, in fact, decide the question "is A valid?" for any formula A. A strategy that often works for turning infinite structures into finite structures is that of "identifying" elements of the structure 80 CHAPTER 5. FILTRATIONS AND DECIDABILITY which behave the same way in relevant respects. If there are infinitely many worlds in M that behave the same in relevant respects, then we might hope that there are only finitely many "classes" of such worlds. In other words, we partition the set of worlds in the right way. Each partition contains infinitely many worlds, but there are only finitely many partitions. Then we define a new model M∗ where the worlds are the partitions. Finitely many partitions in the old model give us finitely many worlds in the new model, i.e., a finite model. Let's call the partition a world w is in [w]. We'll want it to be the case that M,w ⊩ A iff M∗, [w] ⊩ A, since we want the new model to be a countermodel to A if the old one was. This requires that we define the partition, as well as the accessibility relation of M∗ in the right way. To see how this would go, first imagine we have no accessibility relation. M,w ⊩ □B iff for some v ∈W , M,v ⊩ □B , and the same for M∗, except with [w] and [v ]. As a first idea, let's say that two worlds u and v are equivalent (belong to the same partition) if they agree on all propositional variables in M, i.e., M,u ⊩ p iff M,v ⊩ p . Let V ∗(p) = {[w] : M,w ⊩ p}. Our aim is to show that M,w ⊩ A iff M∗, [w] ⊩ A. Obviously, we'd prove this by induction: The base case would be A ≡ p . First suppose M,w ⊩ p . Then [w] ∈ V ∗ by definition, so M∗, [w] ⊩ p . Now suppose that M∗, [w] ⊩ p . That means that [w] ∈ V ∗(p), i.e., for some v equivalent to w , M,v ⊩ p . But "w equivalent to v" means "w and v make all the same propositional variables true," so M,w ⊩ p . Now for the inductive step, e.g., A ≡ ¬B . Then M,w ⊩ ¬B iff M,w ⊮ B iff M∗, [w] ⊮ B (by inductive hypothesis) iff M∗, [w] ⊩ ¬B . Similarly for the other non-modal operators. It also works for □: suppose M∗, [w] ⊩ □B . That means that for every [u], M∗, [u] ⊩ B . By inductive hypothesis, for every u, M,u ⊩ B . Consequently, M,w ⊩ □B . In the general case, where we have to also define the accessibility relation for M∗, things are more complicated. We'll call a model M∗ a filtration if its accessibility relation R∗ satisfies the conditions required to make the inductive proof above go through. Then any filtration M∗ will make A true at [w] iff M 81 5.2. PRELIMINARIES makes A true at w . However, now we also have to show that there are filtrations, i.e., we can define R∗ so that it satisfies the required conditions. In order for this to work, however, we have to require that worlds u, v count as equivalent not just when they agree on all propositional variables, but on all sub-formulas of A. Since A has only finitely many sub-formulas, this will still guarantee that the filtration is finite. There is not just one way to define a filtration, and in order to make sure that the accessibility relation of the filtration satisfies the required properties (e.g., reflexive, transitive, etc.) we have to be inventive with the definition of R∗. 5.2 Preliminaries Filtrations allow us to establish the decidability of our systems of modal logic by showing that they have the finite model property, i.e., that any formula that is true (false) in a model is also true (false) in a finite model. Filtrations are defined relative to sets of formulas which are closed under subformulas. Definition 5.1. A set Γ of formulas is closed under subformulas if it contains every subformula of a formula in Γ . Further, Γ is modally closed if it is closed under subformulas and moreover A ∈ Γ implies □A,♢A ∈ Γ . For instance, given a formula A, the set of all its sub-formulas is closed under sub-formulas. When we're defining a filtration of a model through the set of sub-formulas of A, it will have the property we're after: it makes A true (false) iff the original model does. The set of worlds of a filtration of M through Γ is defined as the set of all equivalence classes of the following equivalence relation. 82 CHAPTER 5. FILTRATIONS AND DECIDABILITY Definition 5.2. Let M = ⟨W,R,V ⟩ and suppose Γ is closed under sub-formulas. Define a relation ≡ onW to hold of any two worlds that make the same formulas from Γ true, i.e.: u ≡ v if and only if ∀A ∈ Γ : M,u ⊩ A ⇔ N,v ⊩ A. The equivalence class [w]≡ of a world w , or [w] for short, is the set of all worlds ≡-equivalent to w : [w] = {v : v ≡ w}. Proposition 5.3. Given M and Γ , ≡ as defined above is an equivalence relation, i.e., it is reflexive, symmetric, and transitive. Proof. The relation ≡ is reflexive, sincew makes exactly the same formulas from Γ true as itself. It is symmetric since if u makes the same formulas from Γ true as v , the same holds for v and u . It is also transitive, since if u makes the same formulas from Γ true as v , and v as w , then u makes the same formulas from Γ true as w . □ The relation ≡, like any equivalence relation, dividesW into partitions, i.e., subsets ofW which are pairwise disjoint, and together cover all ofW . Every w ∈W is an element of one of the partitions, namely of [w], since w ≡ w . So the partitions [w] cover all of W . They are pairwise disjoint, for if u ∈ [w] and u ∈ [v ], then u ≡ w and u ≡ v , and by symmetry and transitivity, w ≡ v , and so [w] = [v ]. 5.3 Filtrations Rather than define "the" filtration of M through Γ , we define when a model M∗ counts as a filtration of M. All filtrations have the same set of worldsW ∗ and the same valuation V ∗. But different filtrations may have different accessibility relations R∗. To 83 5.3. FILTRATIONS count as a filtration, R∗ has to satisfy a number of conditions, however. These conditions are exactly what we'll require to prove the main result, namely that M,w ⊩ A iff M∗, [w] ⊩ A, provided A ∈ Γ . Definition 5.4. Let Γ be closed under subformulas and M = ⟨W,R,V ⟩. A filtration of M through Γ is any model M∗ = ⟨W ∗,R∗,V ∗⟩, where: 1. W ∗ = {[w] : w ∈W }; 2. For any u,v ∈W : a) If Ruv then R∗[u][v ]; b) If R∗[u][v ] then for any □A ∈ Γ , if M,u ⊩ □A then M,v ⊩ A; c) If R∗[u][v ] then for any ♢A ∈ Γ , if M,v ⊩ A then M,u ⊩ ♢A. 3. V ∗(p) = {[u] : u ∈ V (p)}. It's worthwhile thinking about what V ∗(p) is: the set consisting of the equivalence classes [w] of all worlds w where p is true in M. On the one hand, ifw ∈ V (p), then [w] ∈ V ∗(p) by that definition. However, it is not necessarily the case that if [w] ∈ V ∗(p), then w ∈ V (p). If [w] ∈ V ∗(p) we are only guaranteed that [w] = [u] for some u ∈ V (p). Of course, [w] = [u] means that w ≡ u . So, when [w] ∈ V ∗(p) we can (only) conclude that w ≡ u for some u ∈ V (p). Theorem 5.5. If M∗ is a filtration of M through Γ , then for every A ∈ Γ and w ∈W , we have M,w ⊩ A if and only if M∗, [w] ⊩ A. Proof. By induction on A, using the fact that Γ is closed under subformulas. Since A ∈ Γ and Γ is closed under sub-formulas, all sub-formulas of A are also ∈ Γ . Hence in each inductive step, the induction hypothesis applies to the sub-formulas of A. 84 CHAPTER 5. FILTRATIONS AND DECIDABILITY 1. A ≡ ⊥: Neither M,w ⊩ A nor M∗,w ⊩ A. 2. A ≡ p : The left-to-right direction is immediate, as M,w ⊩ A only if w ∈ V (p), which implies [w] ∈ V ∗(p), i.e., M∗, [w] ⊩ A. Conversely, suppose M∗, [w] ⊩ A, i.e., [w] ∈ V ∗(p). Then for some v ∈ V (p), w ≡ v . Of course then also M,v ⊩ p . Since w ≡ v , w and v make the same formulas from Γ true. Since by assumption p ∈ Γ and M,v ⊩ p, M,w ⊩ A. 3. A ≡ ¬B : M,w ⊩ A iff M,w ⊮ B . By induction hypothesis, M,w ⊮ B iff M∗, [w] ⊮ B . Finally, M∗, [w] ⊮ B iff M∗, [w] ⊩ A. 4. Exercise. 5. A ≡ (B ∨ C ): M,w ⊩ A iff M,w ⊩ B or M,w ⊩ C . By induction hypothesis, M,w ⊩ B iff M∗, [w] ⊩ B , and M,w ⊩ C iff M∗, [w] ⊩ C . And M∗, [w] ⊩ A iff M∗, [w] ⊩ B or M∗, [w] ⊩ C . 6. Exercise. 7. A ≡ □B : Suppose M,w ⊩ A; to show that M∗, [w] ⊩ A, let v be such that R∗[w][v ]. From Definition 5.4(2b), we have that M,v ⊩ B , and by inductive hypothesis M∗, [v ] ⊩ B . Since v was arbitrary, M∗, [w] ⊩ A follows. Conversely, suppose M∗, [w] ⊩ A and let v be arbitrary such that Rwv . From Definition 5.4(2a), we have R∗[w][v ], so that M∗, [v ] ⊩ B ; by inductive hypothesis M,v ⊩ B , and since v was arbitrary, M,u ⊩ A. 8. Exercise. □ What holds for truth at worlds in a model also holds for truth in a model and validity in a class of models. 85 5.4. EXAMPLES OF FILTRATIONS Corollary 5.6. Let Γ be closed under subformulas. Then: 1. IfM∗ is a filtration ofM through Γ then for any A ∈ Γ : M ⊩ A if and only if M∗ ⊩ A. 2. If C is a class of models and Γ(C) is the class of Γ -filtrations of models in C, then any formula A ∈ Γ is valid in C if and only if it is valid in Γ(C). 5.4 Examples of Filtrations We have not yet shown that there are any filtrations. But indeed, for any model M, there are many filtrations of M through Γ . We identify two, in particular: the finest and coarsest filtrations. Filtrations of the same models will differ in their accessibility relation (as Definition 5.4 stipulates directly what W ∗ and V ∗ should be). The finest filtration will have as few related worlds as possible, whereas the coarsest will have as many as possible. Definition 5.7. Where Γ is closed under subformulas, the finest filtration M∗ of a model M is defined by putting: R∗[u][v ] if and only if ∃u ′ ∈ [u] ∃v ′ ∈ [v ] : Ru ′v ′. Proposition 5.8. The finest filtration M∗ is indeed a filtration. Proof. We need to check that R∗, so defined, satisfies Definition 5.4(2). We check the three conditions in turn. If Ruv then since u ∈ [u] and v ∈ [v ], also R∗[u][v ], so (2a) is satisfied. For (2b), suppose □A ∈ Γ , R∗[u][v ], and M,u ⊩ □A. By definition of R∗, there are u ′ ≡ u and v ′ ≡ v such that Ru ′v ′. Since u and u ′ agree on Γ , also M,u ′ ⊩ □A, so that M,v ′ ⊩ A. By closure of Γ under sub-formulas, v and v ′ agree on A, so M,v ⊩ A, as desired. 86 CHAPTER 5. FILTRATIONS AND DECIDABILITY 1 ¬p 2 p 3 ¬p 4 p [1] ¬p [2] p [1] ¬p [2] p Figure 5.1: An infinite model and its filtrations. We leave the verification of (2c) as an exercise. □ Definition 5.9. Where Γ is closed under subformulas, the coarsest filtration M∗ of a model M is defined by putting R∗[u][v ] if and only if both of the following conditions are met: 1. If □A ∈ Γ and M,u ⊩ □A then M,v ⊩ A; 2. If ♢A ∈ Γ and M,v ⊩ A then M,u ⊩ ♢A. Proposition 5.10. The coarsest filtration M∗ is indeed a filtration. Proof. Given the definition of R∗, the only condition that is left to verify is the implication from Ruv to R∗[u][v ]. So assume Ruv . Suppose □A ∈ Γ and M,u ⊩ □A; then obviously M,v ⊩ A, and (1) is satisfied. Suppose ♢A ∈ Γ and M,v ⊩ A. Then M,u ⊩ ♢A since Ruv , and (2) is satisfied. □ Example 5.11. Let W = Z+, Rnm iff m = n + 1, and V (p) = {2n : n ∈ N}. The model M = ⟨W,R,V ⟩ is depicted in Figure 5.1. The worlds are 1, 2, etc.; each world can access exactly one other world-its successor, and p is true at all and only the even numbers. Now let Γ be the set of sub-formulas of □p → p, i.e., {p,□p,□p → p}. p is true at all and only the even numbers, 87 5.5. FILTRATIONS ARE FINITE □p is true at all and only the odd numbers, so □p→ p is true at all and only the even numbers. In other words, every odd number makes □p true and p and □p → p false; every even number makes p and □p → p true, but □p false. So W ∗ = {[1], [2]}, where [1] = {1,3,5, . . . } and [2] = {2,4,6, . . . }. Since 2 ∈ V (p), [2] ∈ V ∗(p); since 1 ∉V (p), [1] ∉V ∗(p). So V ∗(p) = {[2]}. Any filtration based onW ∗ must have an accessibility relation that includes ⟨[1], [2]⟩, ⟨[2], [1]⟩: since R12, we must have R∗[1][2] by Definition 5.4(2a), and since R23 we must have R∗[2][3], and [3] = [1]. It cannot include ⟨[1], [1]⟩: if it did, we'd have R∗[1][1], M,1 ⊩ □p but M,1 ⊩ p, contradicting (2a). Nothing requires or rules out that R∗[2][2]. So, there are two possible filtrations of M, corresponding to the two accessibility relations {⟨[1], [2]⟩, ⟨[2], [1]⟩} and {⟨[1], [2]⟩, ⟨[2], [1]⟩, ⟨[2], [2]⟩}. In either case, p and □p → p are false and □p is true at [1]; p and □p → p are true and □p is false at [2]. 5.5 Filtrations are Finite We've defined filtrations for any set Γ that is closed under subformulas. Nothing in the definition itself guarantees that filtrations are finite. In fact, when Γ is infinite (e.g., is the set of all formulas), it may well be infinite. However, if Γ is finite (e.g., when it is the set of sub-formulas of a given formula A), so is any filtration through Γ . Proposition 5.12. If Γ is finite then any filtration M∗ of a model M through Γ is also finite. Proof. The size ofW ∗ is the number of different classes [w] under the equivalence relation ≡. Any two worlds u, v in such class- that is, any u and v such that u ≡ v-agree on all formulas A in Γ , A ∈ Γ either A is true at both u and v , or at neither. So each class [w] corresponds to subset of Γ , namely the set of all 88 CHAPTER 5. FILTRATIONS AND DECIDABILITY A ∈ Γ such that A is true at the worlds in [w]. No two different classes [u] and [v ] correspond to the same subset of Γ . For if the set of formulas true at u and that of formulas true at v are the same, then u and v agree on all formulas in Γ , i.e., u ≡ v . But then [u] = [v ]. So, there is an injective function fromW ∗ to ℘(Γ), and hence |W ∗ | ≤ |℘(Γ)|. Hence if Γ contains n sentences, the cardinality ofW ∗ is no greater than 2n . □ 5.6 K and S5 have the Finite Model Property Definition 5.13. A system Σ of modal logic is said to have the finite model property if whenever a formula A is true at a world in a model of Σ then A is true at a world in a finite model of Σ . Proposition 5.14. K has the finite model property. Proof. K is the set of valid formulas, i.e., any model is a model of K. By Theorem 5.5, if M,w ⊩ A, then M∗,w ⊩ A for any filtration of M through the set Γ of sub-formulas of A. Any formula only has finitely many sub-formulas, so Γ is finite. By Proposition 5.12, |W ∗ | ≤ 2n , where n is the number of formulas in Γ . And since K imposes no restriction on models, M∗ is a K-model. □ To show that a logic L has the finite model property via filtrations it is essential that the filtration of an L-model is itself a L-model. Often this requires a fair bit of work, and not any filtration yields a L-model. However, for universal models, this still holds. 89 5.7. S5 IS DECIDABLE Proposition 5.15. Let U be the class of universal models (see Proposition 2.14) and UFin the class of all finite universal models. Then any formula A is valid in U if and only if it is valid in UFin. Proof. Finite universal models are universal models, so the leftto-right direction is trivial. For the right-to left direction, suppose that A is false at some world w in a universal model M. Let Γ contain A as well as all of its subformulas; clearly Γ is finite. Take a filtration M∗ of M; then M∗ is finite by Proposition 5.12, and by Theorem 5.5, A is false at [w] in M∗. It remains to observe that M∗ is also universal: given u and v , by hypothesis Ruv and by Definition 5.4(2), also R∗[u][v ]. □ Corollary 5.16. S5 has the finite model property. Proof. By Proposition 2.14, if A is true at a world in some reflexive and euclidean model then it is true at a world in a universal model. By Proposition 5.15, it is true at a world in a finite universal model (namely the filtration of the model through the set of sub-formulas of A). Every universal model is also reflexive and euclidean; so A is true at a world in a finite reflexive euclidean model. □ 5.7 S5 is Decidable The finite model property gives us an easy way to show that systems of modal logic given by schemas are decidable (i.e., that there is a computable procedure to determine whether a formulas is derivable in the system or not). 90 CHAPTER 5. FILTRATIONS AND DECIDABILITY Theorem 5.17. S5 is decidable. Proof. Let A be given, and suppose the propositional variables occurring in A are among p1, . . . , pk . Since for each n there are only finitely many models with n worlds assigning a value to p1, . . . , pk , we can enumerate, in parallel, all the theorems of S5 by generating proofs in some systematic way; and all the models containing 1, 2, . . . worlds and checking whether A fails at a world in some such model. Eventually one of the two parallel processes will give an answer, as by Theorem 4.17 and Corollary 5.16, either A is derivable or it fails in a finite universal model. □ The above proof works for S5 because filtrations of universal models are automatically universal. The same holds for reflexivity and seriality, but more work is needed for other properties. 5.8 Filtrations and Properties of Accessibility As noted, filtrations of universal, serial, and reflexive models are always also universal, serial, or reflexive. But not every filtration of a symmetric or transitive model is symmetric or transitive, respectively. In some cases, however, it is possible to define filtrations so that this does hold. In order to do so, we proceed as in the definition of the coarsest filtration, but add additional conditions to the definition of R∗. Let Γ be closed under sub-formulas. Consider the relations Ci (u,v ) in table 5.1 between worlds u, v in a model M = ⟨W,R,V ⟩. We can define R∗[u][v ] on the basis of combinations of these conditions. For instance, if we stipulate that R∗[u][v ] iff the condition C1(u,v ) holds, we get exactly the coarsest filtration. If we stipulate R∗[u][v ] iff both C1(u,v ) and C2(u,v ) hold, we get a different filtration. It is "finer" than the coarsest since fewer pairs of worlds satisfy C1(u,v ) and C2(u,v ) than C1(u,v ) alone. 91 5.8. FILTRATIONS AND PROPERTIES OF ACCESSIBILITY C1(u,v ): if □A ∈ Γ and M,u ⊩ □A then M,v ⊩ A; and if ♢A ∈ Γ and M,v ⊩ A then M,u ⊩ ♢A; C2(u,v ): if □A ∈ Γ and M,v ⊩ □A then M,u ⊩ A; and if ♢A ∈ Γ and M,u ⊩ A then M,v ⊩ ♢A; C3(u,v ): if □A ∈ Γ and M,u ⊩ □A then M,v ⊩ □A; and if ♢A ∈ Γ and M,v ⊩ ♢A then M,u ⊩ ♢A; C4(u,v ): if □A ∈ Γ and M,v ⊩ □A then M,u ⊩ □A; and if ♢A ∈ Γ and M,u ⊩ ♢A then M,v ⊩ ♢A; Table 5.1: Conditions on possible worlds for defining filtrations. Theorem 5.18. Let M = ⟨W,R,P ⟩ be a model, Γ closed under subformulas. LetW ∗ andV ∗ be defined as in Definition 5.4. Then: 1. Suppose R∗[u][v ] if and only if C1(u,v ) ∧ C2(u,v ). Then R∗ is symmetric, and M∗ = ⟨W ∗,R∗,V ∗⟩ is a filtration if M is symmetric. 2. Suppose R∗[u][v ] if and only if C1(u,v ) ∧ C3(u,v ). Then R∗ is transitive, and M∗ = ⟨W ∗,R∗,V ∗⟩ is a filtration if M is transitive. 3. Suppose R∗[u][v ] if and only if C1(u,v ) ∧C2(u,v ) ∧C3(u,v ) ∧ C4(u,v ). Then R∗ is symmetric and transitive, and M∗ = ⟨W ∗,R∗,V ∗⟩ is a filtration if M is symmetric and transitive. 4. Suppose R∗ is defined as R∗[u][v ] if and only if C1(u,v ) ∧ C3(u,v ) ∧ C4(u,v ). Then R∗ is transitive and euclidean, and M∗ = ⟨W ∗,R∗,V ∗⟩ is a filtration if M is transitive and euclidean. Proof. 1. It's immediate that R∗ is symmetric, since C1(u,v ) ⇔ C2(v,u) andC2(u,v ) ⇔ C1(v,u). So it's left to show that if M is symmetric then M∗ is a filtration through Γ . Condition C1(u,v ) guarantees that (2b) and (2c) of Definition 5.4 are satisfied. So we just have to verify Definition 5.4(2a), i.e., that Ruv implies R∗[u][v ]. 92 CHAPTER 5. FILTRATIONS AND DECIDABILITY So suppose Ruv . To show R∗[u][v ] we need to establish that C1(u,v ) and C2(u,v ). For C1: if □A ∈ Γ and M,u ⊩ □A then also M,v ⊩ A (since Ruv). Similarly, if ♢A ∈ Γ and M,v ⊩ A then M,u ⊩ ♢A since Ruv . For C2: if □A ∈ Γ and M,v ⊩ □A then Ruv implies Rvu by symmetry, so that M,u ⊩ A. Similarly, if ♢A ∈ Γ and M,u ⊩ A then M,v ⊩ ♢A (since Rvu by symmetry). 2. Exercise. 3. Exercise. 4. Exercise. □ 5.9 Filtrations of Euclidean Models The approach of section 5.8 does not work in the case of models that are euclidean or serial and euclidean. Consider the model at the top of Figure 5.2, which is both euclidean and serial. Let Γ = {p,□p}. When taking a filtration through Γ , then [w1] = [w3] since w1 and w3 are the only worlds that agree on Γ . Any filtration will also have the arrow inherited from M, as depicted in Figure 5.3. That model isn't euclidean. Moreover, we cannot add arrows to that model in order to make it euclidean. We would have to add double arrows between [w2] and [w4], and then also between w2 and w5. But □p is supposed to be true at w2, while p is false at w5. In particular, to obtain a euclidean flitration it is not enough to consider filtrations through arbitrary Γ 's closed under subformulas. Instead we need to consider sets Γ that are modally closed (see Definition 5.1). Such sets of sentences are infinite, and therefore do not immediately yield a finite model property or the decidability of the corresponding system. 93 5.9. FILTRATIONS OF EUCLIDEAN MODELS w1¬p ⊩ □p w2 p ⊩ □p w3¬p ⊩ □p w4 p ⊮ □p w5 ¬p ⊮ □p Figure 5.2: A serial and euclidean model. [w1]¬p [w1] = [w3] ⊩ □p [w2] p ⊩ □p [w4] p ⊮ □p [w5] ¬p ⊮ □p Figure 5.3: The filtration of the model in Figure 5.2. Theorem 5.19. Let Γ be modally closed, M = ⟨W,R,V ⟩, and M∗ = ⟨W ∗,R∗,V ∗⟩ be a coarsest filtration of M. 1. If M is symmetric, so is M∗. 2. If M is transitive, so is M∗. 3. If M is euclidean, so is M∗. Proof. 1. If M∗ is a coarsest filtration, then by definition R∗[u][v ] holds if and only if C1(u,v ). For transitivity, suppose C1(u,v ) and C1(v,w); we have to show C1(u,w). Suppose M,u ⊩ □A; then M,u ⊩ □□A since 4 is valid in 94 CHAPTER 5. FILTRATIONS AND DECIDABILITY all transitive models; since □□A ∈ Γ by closure, also by C1(u,v ), M,v ⊩ □A and by C1(v,w), also M,w ⊩ A. Suppose M,w ⊩ A; then M,v ⊩ ♢A by C1(v,w), since ♢A ∈ Γ by modal closure. By C1(u,v ), we get M,u ⊩ ♢♢A since ♢♢A ∈ Γ by modal closure. Since 4♢ is valid in all transitive models, M,u ⊩ ♢A. 2. Exercise. Use the fact that both 5 and 5♢ are valid in all euclidean models. 3. Exercise. Use the fact that B and B♢ are valid in all symmetric models. □ Problems Problem 5.1. Complete the proof of Theorem 5.5 Problem 5.2. Complete the proof of Proposition 5.8. Problem 5.3. Consider the following model M = ⟨W,R,V ⟩ where W = {0σ : σ ∈ B∗}, the set of sequences of 0s and 1s starting with 0, with Rσσ′ iff σ′ = σ0 or σ′ = σ1, and V (p) = {σ0 : σ ∈ B∗} and V (q ) = {σ1 : σ ∈ B∗ \ {1}}. Here's a picture: 95 5.9. FILTRATIONS OF EUCLIDEAN MODELS 0 p ¬q 00 p ¬q 000 p ¬q 001 ¬p q 01 ¬p q 010 p ¬q 011 ¬p q We have M,w ⊮ □(p ∨ q ) → (□p ∨□q ) for every w . Let Γ be the set of sub-formulas of □(p ∨ q ) → (□p ∨ □q ). What areW ∗ and V ∗? What is the accessibility relation of the finest filtration of M? Of the coarsest? Problem 5.4. Show that any filtration of a serial or reflexive model is also serial or reflexive (respectively). Problem 5.5. Find a non-symmetric (non-transitive, noneuclidean) filtration of a symmetric (transitive, euclidean) model. Problem 5.6. Show that any filtration of a serial or reflexive model is also serial or reflexive (respectively). Problem 5.7. Find a non-symmetric (non-transitive, noneuclidean) filtration of a symmetric (transitive, euclidean) model. Problem 5.8. Complete the proof of Theorem 5.18. Problem 5.9. Complete the proof of Theorem 5.19. CHAPTER 6 Modal Tableaux 6.1 Introduction Tableaux are certain (downward-branching) trees of signed formulas, i.e., pairs consisting of a truth value sign (T or F) and a sentence TA or F A. A tableau begins with a number of assumptions. Each further signed formula is generated by applying one of the inference rules. Some inference rules add one or more signed formulas to a tip of the tree; others add two new tips, resulting in two branches. Rules result in signed formulas where the formula is less complex than that of the signed formula to which it was applied. When a branch contains both TA and F A, we say the branch is closed. If every branch in a tableau is closed, the entire tableau is closed. A closed tableau consititues a derivation that shows that the set of signed formulas which were used to begin the tableau are unsatisfiable. This can be used to define a ⊢ relation: Γ ⊢ A iff there is some finite set Γ0 = {B1, . . . ,Bn} ⊆ Γ such that there is a closed tableau for the assumptions {F A,TB1, . . . ,TBn}. 96 97 6.2. RULES FOR K For modal logics, we have to both extend the notion of signed formula and add rules that cover □ and ♢ In addition to a sign(T or F), formulas in modal tableaux also have prefixes σ. The prefixes are non-empty sequences of positive integers, i.e., σ ∈ (Z+)∗ \ {Λ}. When we write such prefixes without the surrounding ⟨ ⟩, and separate the individual elements by .'s instead of ,'s. If σ is a prefix, then σ.n is σ ⌒ ⟨n⟩; e.g., if σ = 1.2.1, then σ.3 is 1.2.1.3. So for instance, 1.2T□A→ A is a prefixed signed formula (or just a prefixed formula for short). Intuitively, the prefix names a world in a model that might satisfy the formulas on a branch of a tableau, and if σ names some world, then σ.n names a world accessible from (the world named by) σ. 6.2 Rules for K The rules for the regular propositional connectives are the same as for regular propositional signed tableaux, just with prefixes added. In each case, the rule applied to a signed formula σ S A produces new formulas that are also prefixed by σ. This should be intuitively clear: e.g., if A∧B is true at (a world named by) σ, then A and B are true at σ (and not at any other world). We collect the propositional rules in table 6.1. The closure condition is the same as for ordinary tableaux, although we require that not just the formulas but also the prefixes must match. So a branch is closed if it contains both σ TA and σ F A for some prefix σ and formula A. The rules for setting up assumptions is also as for ordinary tableaux, except that for asusmptions we always use the prefix 1. (It does not matter which prefix we use, as long as it's the same 98 CHAPTER 6. MODAL TABLEAUX σ T¬A ¬T σ F A σ F ¬A ¬F σ TA σ TA ∧ B ∧T σ TA σ TB σ F A ∧ B ∧F σ F A | σ F B σ TA ∨ B ∨T σ TA | σ TB σ F A ∨ B ∨F σ F A σ F B σ TA→ B →T σ F A | σ TB σ F A→ B →F σ TA σ F B Table 6.1: Prefixed tableau rules for the propositional connectives for all assumptions.) So, e.g., we say that B1, . . . ,Bn ⊢ A iff there is a closed tableau for the assumptions 1TB1, . . . ,1TBn,1F A. For the modal operators □ and ♢, the prefix of the conclusion of the rule applied to a formula with prefix σ is σ.n. However, which n is allowed depends on whether the sign is T or F. The T□ rule extends a branch containing σ T□A by σ.n TA. Similarly, the F♢ rule extends a branch containing σ F ♢A by σ.n F A. They can only be applied for a prefix σ.n which already occurs on the branch in which it is applied. Let's call such a prefix "used" (on the branch). The F□ rule extends a branch containing σ F □A by σ.n F A. Similarly, the T♢ rule extends a branch containing σ T♢A by 99 6.2. RULES FOR K σ T□A □T σ.n TA σ F □A □F σ.n F A σ.n is used σ.n is new σ T♢A ♢T σ.n TA σ F ♢A ♢F σ.n F A σ.n is new σ.n is used Table 6.2: The modal rules for K. σ.n TA. These rules, however, can only be applied for a prefix σ.n which does not already occur on the branch in which it is applied. We call such prefixes "new" (to the branch). The rules are given in table 6.2. The requirements that the restriction that the prefix for □T must be used is necessary as otherwise we would count the following as a closed tableau: 1. 2. 3. 4. 1T □A 1F ♢A 1.1T A 1.1F A ⊗ Assumption Assumption □T 1 ♢F 2 But □A ⊭ ♢A, so our proof system would be unsound. Likewise, ♢A ⊭ □A, but without the restriction that the prefix for □F must be new, this would be a closed tableau: 100 CHAPTER 6. MODAL TABLEAUX 1. 2. 3. 4. 1T ♢A 1F □A 1.1T A 1.1F A ⊗ Assumption Assumption ♢T 1 □F 2 6.3 Tableaux for K Example 6.1. We give a closed tableau that shows ⊢ (□A ∧ □B) →□(A ∧ B). 1. 2. 3. 4. 5. 6. 7. 8. 1F (□A ∧□B) →□(A ∧ B) 1T □A ∧□B 1F □(A ∧ B) 1T □A 1T □B 1.1F A ∧ B 1.1F A 1.1T A ⊗ 1.1F B 1.1T B ⊗ Assumption →T 1 →T 1 ∧T 2 ∧T 2 □F 3 ∧F 6 □T 4; □T 5 Example 6.2. We give a closed tableau that shows ⊢ ♢(A∨B)→ (♢A ∨ ♢B): 101 6.4. SOUNDNESS FOR K 1. 2. 3. 4. 5. 6. 7. 8. 1F ♢(A ∨ B) → (♢A ∨ ♢B) 1T ♢(A ∨ B) 1F ♢A ∨ ♢B 1F ♢A 1F ♢B 1.1T A ∨ B 1.1T A 1.1F A ⊗ 1.1T B 1.1F B ⊗ Assumption →T 1 →T 1 ∨F 3 ∨F 3 ♢T 2 ∨T 6 ♢F 4; ♢F 5 6.4 Soundness for K In order to show that prefixed tableaux are sound, we have to show that if 1TB1, . . . ,1TBn,1F A has a closed tableau then B1, . . . ,Bn ⊨ A. It is easier to prove the contrapositive: if for some M and world w , M,w ⊩ Bi for all i = 1, . . . , n but M,w ⊩ A, then no tableau can close. Such a countermodel shows that the initial assumptions of the tableau are satisfiable. The strategy of the proof is to show that whenever all the prefixed formulas on a tableau branch are satisfiable, any application of a rule results in at least one extended branch that is also satisfiable. Since closed branches are unsatisfiable, any tableau for a satisfiable set of prefixed formulas must have at least one open branch. In order to apply this strategy in the modal case, we have to extend our definition of "satisfiable" to modal modals and prefixes. With that in hand, however, the proof is straightforward. 102 CHAPTER 6. MODAL TABLEAUX Definition 6.3. Let P be some set of prefixes, i.e., P ⊆ (Z+)∗ \ {Λ} and let M be a model. A function f : P → W is an interpretation of P in M if, whenever σ and σ.n are both in P , then Rf (σ)f (σ.n). Relative to an interpretation of prefixes P we can define: 1. M satisfies σ TA iff M, f (σ) ⊩ A. 2. M satisfies σ F A iff M, f (σ) ⊮ A. Definition 6.4. Let Γ be a set of prefixed formulas, and let P (Γ) be the set of prefixes that occur in it. If f is an interpretation of P (Γ) in M, we say that M satisfies Γ with respect to f , M, f ⊩ Γ , if M satisfies every prefixed formula in Γ with respect to f . Γ is satisfiable iff there is a model M and interpretation f of P (Γ) such that M, f ⊩ Γ . Proposition 6.5. If Γ contains both σ TA and σ F A, for some formula A and prefix σ, then Γ is unsatisfiable. Proof. There cannot be a model M and interpretation f of P (Γ) such that both M, f (σ) ⊩ A and M, f (σ) ⊮ A. □ Theorem 6.6 (Soundness). If Γ has a closed tableau, Γ is unsatisfiable. Proof. We call a branch of a tableau satisfiable iff the set of signed formulas on it is satisfiable, and let's call a tableau satisfiable if it contains at least one satisfiable branch. We show the following: Extending a satisfiable tableau by one of the rules of inference always results in a satisfiable tableau. This will prove the theorem: any closed tableau results by applying rules of inference to the tableau consisting only of assumptions from Γ . So if Γ were satisfiable, any tableau for it would 103 6.4. SOUNDNESS FOR K be satisfiable. A closed tableau, however, is clearly not satisfiable, since all its branches are closed and closed branches are unsatisfiable. Suppose we have a satisfiable tableau, i.e., a tableau with at least one satisfiable branch. Applying a rule of inference either adds signed formulas to a branch, or splits a branch in two. If the tableau has a satisfiable branch which is not extended by the rule application in question, it remains a satisfiable branch in the extended tableau, so the extended tableau is satisfiable. So we only have to consider the case where a rule is applied to a satisfiable branch. Let Γ be the set of signed formulas on that branch, and let σ S A ∈ Γ be the signed formula to which the rule is applied. If the rule does not result in a split branch, we have to show that the extended branch, i.e., Γ together with the conclusions of the rule, is still satisfiable. If the rule results in split branch, we have to show that at least one of the two resulting branches is satisfiable. First, we consider the possible inferences with only one premise. 1. The branch is expanded by applying ¬T to σ T¬B ∈ Γ . Then the extended branch contains the signed formulas Γ ∪ {σ F B }. Suppose M, f ⊩ Γ . In particular, M, f (σ) ⊩ ¬B . Thus, M, f (σ) ⊮ B , i.e., M satisfies σ F B with respect to f . 2. The branch is expanded by applying ¬F to σ F ¬B ∈ Γ : Exercise. 3. The branch is expanded by applying ∧T to σ TB ∧C ∈ Γ , which results in two new signed formulas on the branch: σ TB and σ TC . Suppose M, f ⊩ Γ , in particular M, f (σ) ⊩ B ∧ C . Then M, f (σ) ⊩ B and M, f (σ) ⊩ C . This means that M satisfies both σ TB and σ TC with respect to f . 4. The branch is expanded by applying ∨F to TB ∨ C ∈ Γ : Exercise. 104 CHAPTER 6. MODAL TABLEAUX 5. The branch is expanded by applying→F to σ F B→C ∈ Γ : This results in two new signed formulas on the branch: σ TB and σ F C . Suppose M, f ⊩ Γ , in particular M, f (σ) ⊮ B → C . Then M, f (σ) ⊩ B and M, f (σ) ⊮ C . This means that M, f satisfies both σ TB and σ F C . 6. The branch is expanded by applying □T to σ T□B ∈ Γ : This results in a new signed formula σ.n TB on the branch, for some σ.n ∈ P (Γ) (since σ.n must be used). Suppose M, f ⊩ Γ , in particular, M, f (σ) ⊩ □B . Since f is an interpretation of prefixes and both σ, σ.n ∈ P (Γ), we know that Rf (σ)f (σ.n). Hence, M, f (σ.n) ⊩ B , i.e., M, f satisfies σ.n TB . 7. The branch is expanded by applying □F to σ F □B ∈ Γ : This results in a new signed formula σ.n F A, where σ.n is a new prefix on the branch, i.e., σ.n ∉ P (Γ). Since Γ is satisfiable, there is a M and interpretation f of P (Γ) such that M, f ⊨ Γ , in particular M, f (σ) ⊮ □B . We have to show that Γ ∪ {σ.n F B } is satisfiable. To do this, we define an interpretation of P (Γ) ∪ {σ.n} as follows: Since M, f (σ) ⊮ □B , there is a w ∈W such that Rf (σ)w and M,w ⊮ B . Let f ′ be like f , except that f ′(σ.n) = w . Since f ′(σ) = f (σ) and Rf (σ)w , we have Rf ′(σ)f ′(σ.n), so f ′ is an interpretation of P (Γ) ∪ {σ.n}. Obviously M, f ′(σ.n) ⊮ B . Since f (σ′) = f ′(σ′) for all prefixes σ′ ∈ P (Γ), M, f ′ ⊩ Γ . So, M, f ′ satisfies Γ ∪ {σ.n F B }. Now let's consider the possible inferences with two premises. 1. The branch is expanded by applying ∧F to σ F B ∧C ∈ Γ , which results in two branches, a left one continuing through σ F B and a right one through σ F C . Suppose M, f ⊩ Γ , in particular M, f (σ) ⊮ B ∧ C . Then M, f (σ) ⊮ B or M, f (σ) ⊮ C . In the former case, M, f satisfies σ F B , i.e., the left branch is satisfiable. In the latter, M, f satisfies σ F C , i.e., the right branch is satisfiable. 105 6.5. RULES FOR OTHER ACCESSIBILITY RELATIONS 2. The branch is expanded by applying ∨T to TB ∨ C ∈ Γ : Exercise. 3. The branch is expanded by applying →T to TB →C ∈ Γ : Exercise. □ Corollary 6.7. If Γ ⊢ A then Γ ⊨ A. Proof. If Γ ⊢ A then for some B1, . . . , Bn ∈ Γ , ∆ = {1F A,1TB1, . . . ,1TBn} has a closed tableau. We want to show that Γ ⊨ A. Suppose not, so for some M and w , M,w ⊩ Bi for i = 1, . . . , n, but M,w ⊮ A. Let f (1) = w ; then f is an interpretation of P (∆) into M, and M satisfies ∆ with respect to f . But by Theorem 6.6, ∆ is unsatisfiable since it has a closed tableau, a contradiction. So we must have Γ ⊢ A after all. □ Corollary 6.8. If ⊢ A then A is true in all models. 6.5 Rules for Other Accessibility Relations In order to deal with logics determined by special accessibility relations, we consider the additional rules in table 6.3. Adding these rules results in systems that are sound and complete for the logics given in table 6.4. Example 6.9. We give a closed tableau that shows S5 ⊢ 5, i.e., □A→□♢A. 1. 2. 3. 4. 5. 6. 7. 1F □A→□♢A 1T □A 1F □♢A 1.1F ♢A 1F ♢A 1.1F A 1.1T A ⊗ Assumption →F 1 →F 1 □F 3 4r♢ 4 ♢F 5 □T 2 106 CHAPTER 6. MODAL TABLEAUX σ T□A T□ σ TA σ F ♢A T♢ σ F A σ T□A D□ σ T♢A σ F ♢A D♢ σ F □A σ.n T□A B□ σ TA σ.n F ♢A B♢ σ F A σ T□A 4□ σ.n T□A σ F ♢A 4♢ σ.n F ♢A σ.n is used σ.n is used σ.n T□A 4r□ σ T□A σ.n F ♢A 4r♢ σ F ♢A Table 6.3: More modal rules. 6.6 Soundness for Additional Rules We say a rule is sound for a class of models if, whenever a branch in a tableau is satisfiable in a model from that class, the branch resulting from applying the rule is also satisfiable in a model from that class. Proposition 6.10. T□ and T♢ are sound for reflexive models. Proof. 1. The branch is expanded by applying T□ to σ T□B ∈ Γ : This results in a new signed formula σ TB on the branch. Suppose M, f ⊩ Γ , in particular, M, f (σ) ⊩ 107 6.6. SOUNDNESS FOR ADDITIONAL RULES Logic R is . . . Rules T = KT reflexive T□, T♢ D = KD serial D□, D♢ K4 transitive 4□, 4♢ B = KTB reflexive, T□, T♢ symmetric B□, B♢ S4 = KT4 reflexive, T□, T♢, transitive 4□, 4♢ S5 = KT4B reflexive, T□, T♢, transitive, 4□, 4♢, euclidean 4r□, 4r♢ Table 6.4: Tableau rules for various modal logics. □B . Since R is reflexive, we know that Rf (σ)f (σ). Hence, M, f (σ) ⊩ B , i.e., M, f satisfies σ TB . 2. The branch is expanded by applying T♢ to σ F ♢B ∈ Γ : Exercise. □ Proposition 6.11. D□ and D♢ are sound for serial models. Proof. 1. The branch is expanded by applying D□ to σ T□B ∈ Γ : This results in a new signed formula σ T♢B on the branch. Suppose M, f ⊩ Γ , in particular, M, f (σ) ⊩ □B . Since R is serial, there is a w ∈W such that Rf (σ)w . Then M,w ⊩ B , and hence M, f (σ) ⊩ ♢B . So, M, f satisfies σ T♢B . 2. The branch is expanded by applying D♢ to σ F ♢B ∈ Γ : Exercise. □ 108 CHAPTER 6. MODAL TABLEAUX Proposition 6.12. B□ and B♢ are sound for symmetric models. Proof. 1. The branch is expanded by applying B□ to σ.n T□B ∈ Γ : This results in a new signed formula σ TB on the branch. Suppose M, f ⊩ Γ , in particular, M, f (σ.n) ⊩ □B . Since f is an interpretation of prefixes on the branch into M, we know that Rf (σ)f (σ.n). Since R is symmetric, Rf (σ.n)f (σ). Since M, f (σ.n) ⊩ □B , M, f (σ) ⊩ B . Hence, M, f satisfies σ TB . 2. The branch is expanded by applying B♢ to σ.n F ♢B ∈ Γ : Exercise. □ Proposition 6.13. 4□ and 4♢ are sound for transitive models. Proof. 1. The branch is expanded by applying 4□ to σ T□B ∈ Γ : This results in a new signed formula σ.n T□B on the branch. Suppose M, f ⊩ Γ , in particular, M, f (σ) ⊩ □B . Since f is an interpretation of prefixes on the branch into M and σ.n must be used, we know that Rf (σ)f (σ.n). Now let w be any world such that Rf (σ.n)w . Since R is transitive, Rf (σ)w . Since M, f (σ) ⊩ □B , M,w ⊩ B . Hence, M, f (σ.n) ⊩ □B , and M, f satisfies σ.n T□B . 2. The branch is expanded by applying 4♢ to σ F ♢B ∈ Γ : Exercise. □ Proposition 6.14. 4r□ and 4r♢ are sound for euclidean models. Proof. 1. The branch is expanded by applying 4r□ to σ.n T□B ∈ Γ : This results in a new signed formula σ T□B on the branch. Suppose M, f ⊩ Γ , in particular, M, f (σ.n) ⊩ □B . Since f is an interpretation of prefixes on the branch into M, we know that Rf (σ)f (σ.n). Now let w be any world such that Rf (σ)w . Since R is euclidean, Rf (σ.n)w . Since M, f (σ).n ⊩ □B , M,w ⊩ B . Hence, M, f (σ) ⊩ □B , and M, f satisfies σ T□B . 109 6.7. SIMPLE TABLEAUX FOR S5 2. The branch is expanded by applying 4r♢ to σ.n F ♢B ∈ Γ : Exercise. □ Corollary 6.15. The tableau systems given in table 6.4 are sound for the respective classes of models. 6.7 Simple Tableaux for S5 S5 is sound and complete with respect to the class of universal models, i.e., models where every world is accessible from every world. In universal models the accessibility relation doesn't matter: "there is a world w where M,w ⊩ A" is true if and only if there is such aw that's accessible from u . So in S5, we can define models as simply a set of worlds and a valuationV . This suggests that we should be able to simplify the tableau rules as well. In the general case, we take as prefixes sequences of positive integers, so that we can keep track of which such prefixes name worlds which are accessible from others: σ.n names a world accessible from σ. But in S5 any world is accessible from any world, so there is no need to so keep track. Instead, we can use positive integers as prefixes. The simplified rules are given in table 6.5. Example 6.16. We give a simplified closed tableau that shows S5 ⊢ 5, i.e., ♢A→□♢A. 1. 2. 3. 4. 5. 6. 1F ♢A→□♢A 1T ♢A 1F □♢A 2F ♢A 3T A 3F A ⊗ Assumption →F 1 →F 1 □F 3 ♢T 2 ♢F 4 110 CHAPTER 6. MODAL TABLEAUX n T□A □Tm TA n F □A □Fm F A m is used m is new n T♢A ♢T m TA n F ♢A ♢F m F A m is new m is used Table 6.5: Simplified rules for S5. 6.8 Completeness for K To show that the method of tableaux is complete, we have to show that whenever there is no closed tableau to show Γ ⊢ A, then Γ ⊭ A, i.e., there is a countermodel. But "there is no closed tableau" means that every way we could try to construct one has to fail to close. The trick is to see that if every such way fails to close, then a specific, systematic and exhaustive way also fails to close. And this systematic and exhaustive way would close if a closed tableau exists. The single tableau will contain, among its open branches, all the information required to define a countermodel. The countermodel given by an open branch in this tableau will contain the all the prefixes used on that branch as the worlds, and a propositional variable p is true at σ iff σ T p occurs on the branch. 111 6.8. COMPLETENESS FOR K Definition 6.17. A branch in a tableau is called complete if, whenever it contains a prefixed formula σ S A to which a rule can be applied, it also contains 1. the prefixed formulas that are the corresponding conclusions of the rule, in the case of propositional stacking rules; 2. one of the corresponding conclusion formulas in the case of propositional branching rules; 3. at least one possible conclusion in the case of modal rules that require a new prefix; 4. the corresponding conclusion for every prefix occurring on the branch in the case of modal rules that require a used prefix. For instance, a complete branch contains σ TB and σ TC whenever it contains TB∧C . If it contains σ TB∨C it contains at least one of σ F B and σ TC . If it contains σ F □ it also contains σ.n F □ for at least one n. And whenever it contains σ T□ it also contains σ.n T□ for every n such that σ.n is used on the branch. Proposition 6.18. Every finite Γ has a tableau in which every branch is complete. Proof. Consider an open branch in a tableau for Γ . There are finitely many prefixed formulas in the branch to which a rule could be applied. In some fixed order (say, top to bottom), for each of these prefixed formulas for which the conditions (1)–(4) do not already hold, apply the rules that can be applied to it to extend the branch. In some cases this will result in branching; apply the rule at the tip of each resulting branch for all remaining prefixed formulas. Since the number of prefixed formulas is finite, and the number of used prefixes on the branch is finite, this procedure eventually results in (possibly many) branches ex112 CHAPTER 6. MODAL TABLEAUX tending the original branch. Apply the procedure to each, and repeat. But by construction, every branch is closed. □ Theorem 6.19 (Completeness). If Γ has no closed tableau, Γ is satisfiable. Proof. By the proposition, Γ has a tableau in which every branch is complete. Since it has no closed tableau, it thas has a tableau in which at least one branch is open and complete. Let ∆ be the set of prefixed formulas on the branch, and P (∆) the set of prefixes occurring in it. We define a model M(∆) = ⟨P (∆),R,V ⟩ where the worlds are the prefixes occurring in ∆, the accessibility relation is given by: Rσσ′ iff σ′ = σ.n for some n and V (p) = {σ : σ T p ∈ ∆}. We show by induction on A that if σ TA ∈ ∆ then M(∆), σ ⊩ A, and if σ F A ∈ ∆ then M(∆), σ ⊮ A. 1. A ≡ p : If σ TA ∈ ∆ then σ ∈ V (p) (by definition ofV ) and so M(∆), σ ⊩ A. If σ F A ∈ ∆ then σ TA ∉ ∆, since the branch would otherwise be closed. So σ ∉V (p) and thus M(∆), σ ⊮ A. 2. A ≡ ¬B : If σ TA ∈ ∆, then σ F B ∈ ∆ since the branch is complete. By induction hypothesis, M(∆), σ ⊮ B and thus M(∆), σ ⊩ A. If σ F A ∈ ∆, then σ TB ∈ ∆ since the branch is complete. By induction hypothesis, M(∆), σ ⊩ B and thus M(∆), σ ⊮ A. 3. A ≡ B ∧ A: Exercise. 113 6.9. COUNTERMODELS FROM TABLEAUX 4. A ≡ B ∨ A: If σ TA ∈ ∆, then either σ TB ∈ ∆ or σ TC ∈ ∆ since the branch is complete. By induction hypothesis, either M(∆), σ ⊩ B or M(∆), σ ⊩ C . Thus M(∆), σ ⊩ A. If σ F A ∈ ∆, then both σ F B ∈ ∆ and σ F C ∈ ∆ since the branch is complete. By induction hypothesis, both M(∆), σ ⊮ B and M(∆), σ ⊮ B . Thus M(∆), σ ⊮ A. 5. A ≡ B → A: Exercise. 6. A ≡ □B : If σ TA ∈ ∆, then, since the branch is complete, σ.n TB ∈ ∆ for every σ.n used on the branch, i.e., for every σ′ ∈ P (∆) such that Rσσ′. By induction hypothesis, M(∆), σ′ ⊩ B for every σ′ such that Rσσ′. Therefore, M(∆), σ ⊩ A. If σ F A ∈ ∆, then for some σ.n, σ.n F B ∈ ∆ since the branch is complete. By induction hypothesis, M(∆), σ.n ⊮ B . Since Rσ(σ.n), there is a σ′ such that M(∆), σ′ ⊮ B . Thus M(∆), σ ⊮ A. 7. A ≡ ♢B : Exercise. Since Γ ⊆ ∆, M(∆) ⊩ Γ . □ Corollary 6.20. If Γ ⊨ A then Γ ⊢ A. Corollary 6.21. If A is true in all models, then ⊢ A. 6.9 Countermodels from Tableaux The proof of the completeness theorem doesn't just show that if ⊨ A then ⊢ A, it also gives us a method for constructing countermodels to A if ⊭ A. In the case of K, this method constitutes a decision procedure. For suppose ⊭ A. Then the proof of Proposition 6.18 gives a method for constructing a complete tableau. 114 CHAPTER 6. MODAL TABLEAUX The method in fact always terminates. The propositional rules for K only add prefixed formulas of lower complexity, i.e., each propositional rule need only be applied once on a branch for any signed formula σ S A. New prefixes are only generated by the □F and ♢T rules, and also only have to be applied once (and produce a single new prefix). □T and ♢F have to be applied potentially multiple times, but only once per prefix, and only finitely many new prefixes are generated. So the construction either results in a closed branch or a complete branch after finitely many stages. Once a tableau with an open complete branch is constructed, the proof of Theorem 6.19 gives us an explict model that satisfies the original set of prefixed formulas. So not only is it the case that if Γ ⊨ A, then a closed tableau exists and Γ ⊢ A, if we look for the closed tableau in the right way and end up with a "complete" tableau, we'll not only know that Γ ⊭ A but actually be able to construct a countermodel. Example 6.22. We know that ⊬ □(p ∨ q ) → (□p ∨ □q ). The construction of a tableau begins with: 1. 2. 3. 4. 5. 6. 7. 1F □(p ∨ q ) → (□p ∨□q ) ✓ 1T □(p ∨ q ) 1F □p ∨□q ✓ 1F □p ✓ 1F □q ✓ 1.1F p ✓ 1.2F q ✓ Assumption →F 1 →F 1 ∨F 3 ∨F 3 □F 4 □F 5 The tableau is of course not finished yet. In the next step, we consider the only line without a checkmark: the prefixed formula 1T□(p∨q ) on line 2. The construction of the closed tableau says to apply the □T rule for every prefix used on the branch, i.e., for both 1.1 and 1.2: 115 6.9. COUNTERMODELS FROM TABLEAUX 1. 2. 3. 4. 5. 6. 7. 8. 9. 1F □(p ∨ q ) → (□p ∨□q ) ✓ 1T □(p ∨ q ) 1F □p ∨□q ✓ 1F □p ✓ 1F □q ✓ 1.1F p ✓ 1.2F q ✓ 1.1T p ∨ q 1.2T p ∨ q Assumption →F 1 →F 1 ∨F 3 ∨F 3 □F 4 □F 5 □T 2 □T 2 Now lines 2, 8, and 9, don't have checkmarks. But no new prefix has been added, so we apply ∨T to lines 8 and 9, on all resulting branches (as long as they don't close): 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 1F □(p ∨ q ) → (□p ∨□q ) ✓ 1T □(p ∨ q ) 1F □p ∨□q ✓ 1F □p ✓ 1F □q ✓ 1.1F p ✓ 1.2F q ✓ 1.1T p ∨ q ✓ 1.2T p ∨ q ✓ 1.1T p ✓ ⊗ 1.1T q ✓ 1.2T p ✓ 1.2T q ✓ ⊗ Assumption →F 1 →F 1 ∨F 3 ∨F 3 □F 4 □F 5 □T 2 □T 2 ∨T 8 ∨T 9 There is one remaining open branch, and it is complete. From it we define the model with worlds W = {1,1.1,1.2} (the only prefixes appearing on the open branch), the accessibility relation R = {⟨1,1.1⟩, ⟨1,1.2⟩}, and the assignmentV (p) = {1.2} (because line 11 contains 1.2T p) and V (q ) = {1.1} (because line 10 con116 CHAPTER 6. MODAL TABLEAUX 1 ¬p ¬q 1.1 ¬p q 1.2 p ¬q Figure 6.1: A countermodel to □(p ∨ q ) → (□p ∨□q ). tains 1.1T q ). The model is pictured in Figure 6.1, and you can verify that it is a countermodel to □(p ∨ q ) → (□p ∨□q ). Problems Problem 6.1. Find closed tableaux inK for the following formulas: 1. □¬p →□(p → q ) 2. (□p ∨□q ) →□(p ∨ q ) 3. ♢p → ♢(p ∨ q ) Problem 6.2. Complete the proof of Theorem 6.6. Problem 6.3. Give closed tableaux that show the following: 1. KT5 ⊢ B; 2. KT5 ⊢ 4; 3. KDB4 ⊢ T; 4. KB4 ⊢ 5; 5. KB5 ⊢ 4; 6. KT ⊢ D. 117 6.9. COUNTERMODELS FROM TABLEAUX Problem 6.4. Complete the proof of Proposition 6.10 Problem 6.5. Complete the proof of Proposition 6.11 Problem 6.6. Complete the proof of Proposition 6.12 Problem 6.7. Complete the proof of Proposition 6.13 Problem 6.8. Complete the proof of Proposition 6.14 Problem 6.9. Complete the proof of Theorem 6.19. PART II Intuitionistic Logic 118 CHAPTER 7 Introduction 7.1 Constructive Reasoning In constrast to extensions of classical logic by modal operators or second-order quantifiers, intuitionistic logic is "non-classical" in that it restricts classical logic. Classical logic is non-constructive in various ways. Intuitionistic logic is intended to capture a more "constructive" kind of reasoning characteristic of a kind of constructive mathematics. The following examples may serve to illustrate some of the underlying motivations. Suppose someone claimed that they had determined a natural number n with the property that if n is even, the Riemann hypothesis is true, and if n is odd, the Riemann hypothesis is false. Great news! Whether the Riemann hypothesis is true or not is one of the big open questions of mathematics, and they seem to have reduced the problem to one of calculation, that is, to the determination of whether a specific number is even or not. What is the magic value of n? They describe it as follows: n is the natural number that is equal to 2 if the Riemann hypothesis is true, and 3 otherwise. Angrily, you demand your money back. From a classical point of view, the description above does in fact determine a unique value of n; but what you really want is a value of n that is given explicitly. To take another, perhaps less contrived example, consider 119 120 CHAPTER 7. INTRODUCTION the following question. We know that it is possible to raise an irrational number to a rational power, and get a rational result. For example, √ 2 2 = 2. What is less clear is whether or not it is possible to raise an irrational number to an irrational power, and get a rational result. The following theorem answers this in the affirmative: Theorem 7.1. There are irrational numbers a and b such that ab is rational. Proof. Consider √ 2 √ 2 . If this is rational, we are done: we can let a = b = √ 2. Otherwise, it is irrational. Then we have ( √ 2 √ 2 ) √ 2 = √ 2 √ 2* √ 2 = √ 2 2 = 2, which is rational. So, in this case, let a be √ 2 √ 2 , and let b be √ 2.□ Does this constitute a valid proof? Most mathematicians feel that it does. But again, there is something a little bit unsatisfying here: we have proved the existence of a pair of real numbers with a certain property, without being able to say which pair of numbers it is. It is possible to prove the same result, but in such a way that the pair a, b is given in the proof: take a = √ 3 and b = log3 4. Then ab = √ 3 log3 4 = 31/2*log3 4 = (3log3 4)1/2 = 41/2 = 2, since 3log3 x = x . Intuitionistic logic is designed to capture a kind of reasoning where moves like the one in the first proof are disallowed. Proving the existence of an x satisfying A(x)means that you have to give a specific x , and a proof that it satisfies A, like in the second proof. Proving that A or B holds requires that you can prove one or the other. Formally speaking, intuitionistic logic is what you get if you restrict a proof system for classical logic in a certain way. From 121 7.2. SYNTAX OF INTUITIONISTIC LOGIC the mathematical point of view, these are just formal deductive systems, but, as already noted, they are intended to capture a kind of mathematical reasoning. One can take this to be the kind of reasoning that is justified on a certain philosophical view of mathematics (such as Brouwer's intuitionism); one can take it to be a kind of mathematical reasoning which is more "concrete" and satisfying (along the lines of Bishop's constructivism); and one can argue about whether or not the formal description captures the informal motivation. But whatever philosophical positions we may hold, we can study intuitionistic logic as a formally presented logic; and for whatever reasons, many mathematical logicians find it interesting to do so. 7.2 Syntax of Intuitionistic Logic The syntax of intuitionistic logic is the same as that for propositional logic. In classical propositional logic it is possible to define connectives by others, e.g., one can define A→ B by ¬A ∨ B , or A∨B by ¬(¬A∧¬B). Thus, presentations of classical logic often introduce some connectives as abbreviations for these definitions. This is not so in intuitionistic logic, with two exceptions: ¬A can be-and often is-defined as an abbreviation for A→⊥. Then, of course, ⊥ must not itself be defined! Also, A↔B can be defined, as in classical logic, as (A→ B) ∧ (B → A). Formulas of propositional intuitionistic logic are built up from propositional variables and the propositional constant ⊥ using logical connectives. We have: 1. A countably infinite set At0 of propositional variables p0, p1, . . . 2. The propositional constant for falsity ⊥. 3. The logical connectives: ∧ (conjunction), ∨ (disjunction), → (conditional) 4. Punctuation marks: (, ), and the comma. 122 CHAPTER 7. INTRODUCTION Definition 7.2 (Formula). The set Frm(L0) of formulas of propositional intuitionistic logic is defined inductively as follows: 1. ⊥ is an atomic formula. 2. Every propositional variable pi is an atomic formula. 3. If A and B are formulas, then (A ∧ B) is a formula. 4. If A and B are formulas, then (A ∨ B) is a formula. 5. If A and B are formulas, then (A→ B) is a formula. 6. Nothing else is a formula. In addition to the primitive connectives introduced above, we also use the following defined symbols: ¬ (negation) and ↔ (biconditional). Formulas constructed using the defined operators are to be understood as follows: 1. ¬A abbreviates A→⊥. 2. A↔ B abbreviates (A→ B) ∧ (B → A). Although ¬ is officially treated as an abbreviation, we will sometimes give explicit rules and clauses in definitions for ¬ as if it were primitive. This is mostly so we can state practice problems. 7.3 The Brouwer-Heyting-Kolmogorov Interpretation There is an informal constructive interpretation of the intuitionist connectives, usually known as the Brouwer-Heyting-Kolmogorov interpretation. It uses the notion of a "construction," which you may think of as a constructive proof. (We don't use "proof" in the BHK interpretation so as not to get confused with the notion of a derivation in a formal proof system.) Based on this intuitive 1237.3. THE BROUWER-HEYTING-KOLMOGOROV INTERPRETATION notion, the BHK interpretation explains the meanings of the intuitionistic connectives. 1. We assume that we know what constitutes a construction of an atomic statement. 2. A construction of A1 ∧ A2 is a pair ⟨M1,M2⟩ where M1 is a construction of A1 and M2 is a construction of A2. 3. A construction of A1 ∨ A2 is a pair ⟨s ,M ⟩ where s is 1 and M is a construction of A1, or s is 2 and M is a construction of A2. 4. A construction of A→ B is a function that converts a construction of A into a construction of B . 5. There is no construction for ⊥ (absurdity). 6. ¬A is defined as synonym for A→⊥. That is, a construction of ¬A is a function converting a construction of A into a construction of ⊥. Example 7.3. Take ¬⊥ for example. A construction of it is a function which, given any construction of ⊥ as input, provides a construction of ⊥ as output. Obviously, the identity function Id is such a construction: given a construction M of ⊥, Id(M ) = M yields a construction of ⊥. Generally speaking, ¬A means "A construction of A is impossible". Example 7.4. Let us prove A → ¬¬A for any proposition A, which is A → ((A → ⊥) → ⊥). The construction should be a function f that, given a construction M of A, returns a construction f (M ) of (A → ⊥) → ⊥. Here is how f constructs the construction of (A→⊥)→⊥: We have to define a function g which, when given a construction h of A→ ⊥ as input, outputs a construction of ⊥. We can define g as follows: apply the input h 124 CHAPTER 7. INTRODUCTION to the construction M of A (that we received earlier). Since the output h(M ) of h is a construction of ⊥, f (M )(h) = h(M ) is a construction of ⊥ if M is a construction of A. Example 7.5. Let us give a construction for ¬(A∧¬A), i.e., (A∧ (A → ⊥)) → ⊥. This is a function f which, given as input a construction M of A ∧ (A → ⊥), yields a construction of ⊥. A construction of a conjunction B1 ∧B2 is a pair ⟨N1,N2⟩ where N1 is a construction of B1 and N2 is a construction of B2. We can define functions p1 and p2 which recover from a construction of B1 ∧ B2 the constructions of B1 and B2, respectively: p1(⟨N1,N2⟩) = N1 p2(⟨N1,N2⟩) = N2 Here is what f does: First it applies p1 to its inputM . That yields a construction of A. Then it applies p2 to M , yielding a construction of A→⊥. Such a construction, in turn, is a function p2(M ) which, if given as input a construction of A, yields a construction of ⊥. In other words, if we apply p2(M ) to p1(M ), we get a construction of ⊥. Thus, we can define f (M ) = p2(M )(p1(M )). Example 7.6. Let us give a construction of ((A ∧ B) → C ) → (A→(B→C )), i.e., a function f which turns a construction g of (A∧B)→C into a construction of (A→(B→C )). The construction g is itself a function (from constructions of A∧B to constructions of C ). And the output f (g ) is a function hg from constructions of A to functions from constructions of B to constructions of C . Ok, this is confusing. We have to construct a certain function hg , which will be the output of f for input g . The input of hg is a construction M of A. The output of hg (M ) should be a function kM from constructions N of B to constructions of C . Let kg ,M (N ) = g (⟨M ,N ⟩). Remember that ⟨M ,N ⟩ is a construction of A ∧ B . So kg ,M is a construction of B → C : it maps constructions N of B to constructions of C . Now let hg (M ) = kg ,M . That's a function that maps constructions M of A to constructions kg ,M 1257.3. THE BROUWER-HEYTING-KOLMOGOROV INTERPRETATION of B → C . Now let f (g ) = hg . That's a function that maps constructions g of (A ∧ B) → C to constructions of A → (B → C ). Whew! The statement A ∨ ¬A is called the Law of Excluded Middle. We can prove it for some specific A (e.g., ⊥ ∨ ¬⊥), but not in general. This is because the intuitionistic disjunction requires a construction of one of the disjuncts, but there are statements which currently can neither be proved nor refuted (say, Goldbach's conjecture). However, you can't refute the law of excluded middle either: that is, ¬¬(A ∨ ¬A) holds. Example 7.7. To prove ¬¬(A ∨ ¬A), we need a function f that transforms a construction of ¬(A∨¬A), i.e., of (A∨(A→⊥))→⊥, into a construction of ⊥. In other words, we need a function f such that f (g ) is a construction of ⊥ if g is a construction of ¬(A ∨ ¬A). Suppose g is a construction of ¬(A∨¬A), i.e., a function that transforms a construction of A ∨ ¬A into a construction of ⊥. A construction of A ∨ ¬A is a pair ⟨s ,M ⟩ where either s = 1 and M is a construction of A, or s = 2 and M is a construction of ¬A. Let h1 be the function mapping a construction M1 of A to a construction of A ∨ ¬A: it maps M1 to ⟨1,M2⟩. And let h2 be the function mapping a construction M2 of ¬A to a construction of A ∨ ¬A: it maps M2 to ⟨2,M2⟩. Let k be g ◦ h1: it is a function which, if given a construction of A, returns a construction of ⊥, i.e., it is a construction of A→ ⊥ or ¬A. Now let l be g ◦ h2. It is a function which, given a construction of ¬A, provides a construction of ⊥. Since k is a construction of ¬A, l (k ) is a construction of ⊥. Together, what we've done is describe how we can turn a construction g of ¬(A∨¬A) into a construction of ⊥, i.e., the function f mapping a construction g of ¬(A∨¬A) to the construction l (k ) of ⊥ is a construction of ¬¬(A ∨ ¬A). As you can see, using the BHK interpretation to show the intuitionistic validity of formulas quickly becomes cumbersome 126 CHAPTER 7. INTRODUCTION and confusing. Luckily, there are better derivation systems for intuitionistic logic, and more precise semantic interpretations. 7.4 Natural Deduction Natural deduction without the ⊥C rules is a standard derivation system for intuitionistic logic. We repeat the rules here and indicate the motivation using the BHK interpretation. In each case, we can think of a rule which allows us to conclude that if the premises have constructions, so does the conclusion. Since natural deduction derivations have undischarged assumptions, we should consider such a derivation, say, of A from undischarged assumptions Γ , as a function that turns constructions of all B ∈ Γ into a construction of A. If there is a derivation of A from no undischarged assumptions, then there is a construction of A in the sense of the BHK interpretation. For the purpose of the discussion, however, we'll suppress the Γ when not needed. An assumption A by itself is a derivation of A from the undischarged assumption A. This agrees with the BHK-interpretation: the identity function on constructions turns any construction of A into a construction of A. Conjunction A B ∧IntroA ∧ B A ∧ B ∧ElimA A ∧ B ∧ElimB Suppose we have constructions N1, N2 of A1 and A2, respectively. Then we also have a construction A1∧A2, namely the pair ⟨N1,N2⟩. A construction of A1∧A1 on the BHK interpretation is a pair ⟨N1,N2⟩. So assume we have such a pair. Then we also have a 127 7.4. NATURAL DEDUCTION construction of each conjunct: N1 is a construction of A1 and N2 is a construction of A2. Conditional [A]u Bu →IntroA→ B A→ B A →ElimB If we have a derivation of B from undischarged assumption A, then there is a function f that turns constructions of A into constructions of B . That same function is a construction of A→ B . So, if the premise of →Intro has a construction conditional on a construction of A, the conclusion A→ B has a construction. On the other hand, suppose there are constructions N of A and f of A→B . A construction of A→B is a function that turns constructions of A into constructions of B . So, f (N ) is a construction of B , i.e., the conclusion of →Elim has a construction. Disjunction A ∨IntroA ∨ B B ∨IntroA ∨ B A ∨ B [A]n C [B]n Cn ∨ElimC If we have a construction Ni of Ai we can turn it into a construction ⟨i,Ni ⟩ of A1∨A2. On the other hand, suppose we have a construction of A1 ∨A2, i.e., a pair ⟨i,Ni ⟩ where Ni is a construction of Ai , and also functions f1, f2, which turn constructions of A1, A2, respectively, into constructions of C . Then fi (Ni ) is a construction of C , the conclusion of ∨Elim. 128 CHAPTER 7. INTRODUCTION Absurdity ⊥ ⊥IA If we have a derivation of ⊥ from undischarged assumptions B1, . . . , Bn , then there is a function f (M1, . . . ,Mn) that turns constructions of B1, . . . , Bn into a construction of ⊥. Since ⊥ has no construction, there cannot be any constructions of all of B1, . . . , Bn either. Hence, f also has the property that if M1, . . . , Mn are constructions of B1, . . . , Bn , respectively, then f (M1, . . . ,Mn) is a construction of A. Rules for ¬ Since ¬A is defined as A→⊥, we strictly speaking do not need rules for ¬. But if we did, this is what they'd look like: [A]n ⊥n ¬Intro ¬A ¬A A ¬Elim⊥ Examples of Derivations 1. ⊢ A→ (¬A→⊥), i.e., ⊢ A→ ((A→⊥)→⊥) [A]2 [A→⊥]1 →Elim⊥ 1 →Intro (A→⊥)→⊥ 2 →Intro A→ (A→⊥)→⊥ 2. ⊢ ((A ∧ B) →C ) → (A→ (B →C )) 129 7.5. AXIOMATIC DERIVATIONS [(A ∧ B) →C ]3 [A]2 [B]1 ∧IntroA ∧ B →ElimC 1 →IntroB →C 2 →Intro A→ (B →C ) 3 →Intro ((A ∧ B) →C ) → (A→ (B →C )) 3. ⊢ ¬(A ∧ ¬A), i.e., ⊢ (A ∧ (A→⊥))→ ⊥ [A ∧ (A→⊥)]1 ∧ElimA→⊥ [A ∧ (A→⊥)]1 ∧ElimA →Elim⊥ 1 →Intro (A ∧ (A→⊥))→ ⊥ 4. ⊢ ¬¬(A ∨ ¬A), i.e., ⊢ ((A ∨ (A→⊥))→ ⊥)→⊥ [(A ∨ (A→⊥))→ ⊥]2 [(A ∨ (A→⊥))→ ⊥]2 [A]1 ∨Intro A ∨ (A→⊥) →Elim⊥ 1 →IntroA→⊥ ∨Intro A ∨ (A→⊥) →Elim⊥ 2 →Intro ((A ∨ (A→⊥))→ ⊥)→⊥ Proposition 7.8. If Γ ⊢ A in intuitionistic logic, Γ ⊢ A in classical logic. In particular, ifA is an intuitionistic theorem, it is also a classical theorem. Proof. Every natural deduction rule is also a rule in classical natural deduction, so every derivation in intuitionistic logic is also a derivation in classical logic. □ 7.5 Axiomatic Derivations Axiomatic derivations for intuitionistic propositional logic are the conceptually simplest, and historically first, derivation systems. They work just as in classical propositional logic. 130 CHAPTER 7. INTRODUCTION Definition 7.9 (Derivability). If Γ is a set of formulas of L then a derivation from Γ is a finite sequenceA1, . . . ,An of formulas where for each i ≤ n one of the following holds: 1. Ai ∈ Γ ; or 2. Ai is an axiom; or 3. Ai follows from some A j and Ak with j < i and k < i by modus ponens, i.e., Ak ≡ A j → Ai . Definition 7.10 (Axioms). The set of Ax0 of axioms for the intuitionistic propositional logic are all formulas of the following forms: (A ∧ B) → A (7.1) (A ∧ B) → B (7.2) A→ (B → (A ∧ B)) (7.3) A→ (A ∨ B) (7.4) A→ (B ∨ A) (7.5) (A→C ) → ((B →C ) → ((A ∨ B) →C )) (7.6) A→ (B → A) (7.7) (A→ (B →C )) → ((A→ B) → (A→C )) (7.8) ⊥→ A (7.9) Definition 7.11 (Derivability). A formula A is derivable from Γ , written Γ ⊢ A, if there is a derivation from Γ ending in A. 131 7.5. AXIOMATIC DERIVATIONS Definition 7.12 (Theorems). A formula A is a theorem if there is a derivation of A from the empty set. We write ⊢ A if A is a theorem and ⊬ A if it is not. Proposition 7.13. If Γ ⊢ A in intuitionistic logic, Γ ⊢ A in classical logic. In particular, ifA is an intuitionistic theorem, it is also a classical theorem. Proof. Every intuitionistic axiom is also a classical axiom, so every derivation in intuitionistic logic is also a derivation in classical logic. □ Problems Problem 7.1. Give derivations in intutionistic logic of the following. 1. (¬A ∨ B) → (A→ B) 2. ¬¬¬A→¬A 3. ¬¬(A ∧ B) ↔ (¬¬A ∧ ¬¬B) CHAPTER 8 Semantics 8.1 Introduction No logic is satisfactorily described without a semantics, and intuitionistic logic is no exception. Whereas for classical logic, the semantics based on valuations is canonical, there are several competing semantics for intuitionistic logic. None of them are completely satisfactory in the sense that they give an intuitionistically acceptable account of the meanings of the connectives. The semantics based on relational models, similar to the semantics for modal logics, is perhaps the most popular one. In this semantics, propositional variables are assigned to worlds, and these worlds are related by an accessibility relation. That relation is always a partial order, i.e., it is reflexive, antisymmetric, and transitive. Intuitively, you might think of these worlds as states of knowledge or "evidentiary situations." A state w ′ is accessible from w iff, for all we know, w ′ is a possible (future) state of knowledge, i.e., one that is compatible with what's known atw . Once a proposition is known, it can't become un-known, i.e., whenever A is known at w and Rww ′, A is known at w ′ as well. So "knowledge" is monotonic with respect to the accessibility relation. If we define "A is known" as in epistemic logic as "true in all epistemic alternatives," thenA∧B is known atw if in all epistemic alternatives, both A and B are known. But since knowledge is 132 133 8.2. RELATIONAL MODELS monotonic and R is reflexive, that means that A ∧ B is known at w iff A and B are known at w . For the same reason, A ∨ B is known at w iff at least one of them is known. So for ∧ and ∨, the truth conditions of the connectives coincide with those in classical logic. The truth conditions for the conditional, however, differ from classical logic. A→B is known at w iff at no w ′ with Rww ′, A is known without B also being known. This is not the same as the condition that A is unknown or B is known at w . For if we know neither A nor B at w , there might be a future epistemic state w ′ with Rww ′ such that at w ′, A is known without also coming to know B . We know ¬A only if there is no possible future epistemic state in which we know A. Here the idea is that if A were knowable, then in some possible future epistemic state A becomes known. Since we can't know ⊥, in that future epistemic state, we would know A but not know ⊥. On this interpretation the principle of excluded middle fails. For there are someA which we don't yet know, but which wemight come to know. For such an A, both A and ¬A are unknown, so A ∨ ¬A is not known. But we do know, e.g., that ¬(A ∧ ¬A). For no future state in which we know both A and ¬A is possible, and we know this independently of whether or not we know A or ¬A. Relational models are not the only available semantics for intuitionistic logic. The topological semantics is another: here propositions are interpreted as open sets in a topological space, and the connectives are interpreted as operations on these sets (e.g., ∧ corresponds to intersection). 8.2 Relational models In order to give a precise semantics for intuitionistic propositional logic, we have to give a definition of what counts as a model relative to which we can evaluate formulas. On the basis of such a definition it is then also possible to define semantics notions 134 CHAPTER 8. SEMANTICS such as validity and entailment. One such semantics is given by relational models. Definition 8.1. A relational model for intuitionistic propositional logic is a triple M = ⟨W,R,V ⟩, where 1. W is a non-empty set, 2. R is a partial order (i.e., a reflexive, antisymmetric, and transitive binary relation) onW , and 3. V is a function assigning to each propositional variable p a subset ofW , such that 4. V is monotone with respect to R, i.e., if w ∈ V (p) and Rww ′, then w ′ ∈ V (p). Definition 8.2. We define the notion of A being true at w in M, M,w ⊩ A, inductively as follows: 1. A ≡ p : M,w ⊩ A iff w ∈ V (p). 2. A ≡ ⊥: not M,w ⊩ A. 3. A ≡ ¬B : M,w ⊩ A iff for now ′ such thatRww ′, M,w ′ ⊩ B . 4. A ≡ B ∧C : M,w ⊩ A iff M,w ⊩ B and M,w ⊩ C . 5. A ≡ B ∨C : M,w ⊩ A iff M,w ⊩ B or M,w ⊩ C (or both). 6. A ≡ B→C : M,w ⊩ A iff for every w ′ such that Rww ′, not M,w ′ ⊩ B or M,w ′ ⊩ C (or both). We write M,w ⊮ A if not M,w ⊩ A. If Γ is a set of formulas, M,w ⊩ Γ means M,w ⊩ B for all B ∈ Γ . 135 8.3. SEMANTIC NOTIONS Proposition 8.3. Truth at worlds is monotonic with respect to R, i.e., if M,w ⊩ A and Rww ′, then M,w ′ ⊩ A. Proof. Exercise. □ 8.3 Semantic Notions Definition 8.4. We say A is true in the modelM = ⟨W,R,V ⟩, M ⊩ A, iff M,w ⊩ A for all w ∈W . A is valid, ⊨ A, iff it is true in all models. We say a set of formulas Γ entails A, Γ ⊨ A, iff for every model M and every w such that M,w ⊩ Γ , M,w ⊩ A. Proposition 8.5. 1. If M,w ⊩ Γ and Γ ⊨ A, then M,w ⊩ A. 2. If M ⊩ Γ and Γ ⊨ A, then M ⊩ A. Proof. 1. Suppose M ⊩ Γ . Since Γ ⊨ A, we know that if M,w ⊩ Γ , then M,w ⊩ A. Since M,u ⊩ Γ for all every u ∈W , M,w ⊩ Γ . Hence M,w ⊩ A. 2. Follows immediately from (1). □ 8.4 Topological Semantics Another way to provide a semantics for intuitionistic logic is using the mathematical concept of a topology. Definition 8.6. Let X be a set. A topology on X is a set O ⊆ ℘(X ) that satisfies the properties below. The elements of O are called the open sets of the topology. The set X together with O is called a topological space. 1. The empty set and the entire space open: ∅, X ∈ O. 136 CHAPTER 8. SEMANTICS 2. Open sets are closed under finite intersections: ifU ,V ∈ O then U ∩V ∈ O 3. Open sets are closed under arbitrary unions: if Ui ∈ O for all i ∈ I , then ⋃︁ {Ui : i ∈ I } ∈ O. We may write X for a topology if the collection of open sets can be inferred from the context; note that, still, only after X is endowed with open sets can it be called a topology. Definition 8.7. A topological model of intuitionistic propositional logic is a triple X = ⟨X ,O,V ⟩ where O is a topology on X and V is a function assigning an open set in O to each propositional variable. Given a topological model X, we can define [A]X inductively as follows: 1. V (⊥) = ∅ 2. [p]X =V (p) 3. [A ∧ B]X = [A]X ∩ [B]X 4. [A ∨ B]X = [A]X ∪ [B]X 5. [A→ B]X = Int((X \ [A]X) ∪ [B]X) Here, Int(V ) is the function that maps a setV ⊆ X to its interior, that is, the union of all open sets it contains. In other words, Int(V ) = ⋃︂ {U : U ⊆ V and U ∈ O}. Note that the interior of any set is always open, since it is a union of open sets. Thus, [A]X is always an open set. Although topological semantics is highly abstract, there are ways to think about it that might motivate it. Suppose that the elements, or "points," of X are points at which statements can be evaluated. The set of all points where A is true is the proposition 137 8.4. TOPOLOGICAL SEMANTICS expressed by A. Not every set of points is a potential proposition; only the elements of O are. A ⊨ B iff B is true at every point at which A is true, i.e., [A]X ⊆ [B]X , for all X . The absurd statement ⊥ is never true, so [⊥]X = ∅. How must the propositions expressed by B ∧ C , B ∨ C , and B → C be related to those expressed by B and C for the intuitionistically valid laws to hold, i.e., so that A ⊢ B iff [A]X ⊂ [B]X . ⊥ ⊢ A for any A, and only ∅ ⊆ U for all U . Since B ∧ C ⊢ B , [B ∧ C ]X ⊆ [B]X , and similarly [B ∧ C ]X ⊆ [C ]X . The largest set satisfyingW ⊆ U and W ⊆ V is U ∩V . Conversely, B ⊢ B ∨C and C ⊢ B ∨C , and so [B]X ⊆ [B ∨C ]X and [C ]X ⊆ [B ∨C ]X . The smallest setW such thatU ⊆W andV ⊆W isU ∪V . The definition for → is tricky: A→B expresses the weakest proposition that, combined with A, entails B . That A→ B combined with A entails B is clear from (A→ B) ∧ A ⊢ B . So [A→ B]X should be the greatest open set such that [A→ B]X ∩ [A]X ⊂ [B]X , leading to our definition. Problems Problem 8.1. Show that according to Definition 8.2, M,w ⊩ ¬A iff M,w ⊩ A→⊥. Problem 8.2. Prove Proposition 8.3. CHAPTER 9 Soundness and Completeness 9.1 Soundness of Axiomatic Derivations Theorem 9.1 (Soundness). If Γ ⊢ A, then Γ ⊨ A. Proof. We prove that if Γ ⊢ A, then Γ ⊨ A. The proof is by induction on the number n of formulas in the derivation of A from Γ . We show that if A1, . . . , An = A is a derivation from Γ , then Γ ⊨ An . Note that if A1, . . . , An is a derivation, so is A1, . . . , Ak for any k < n. There are no derivations of length 0, so for n = 0 the claim holds vacuously. So the claim holds for all derivations of length < n. We distinguish cases according to the justification of An . 1. An is an axiom. All axioms are valid, so Γ ⊨ An for any Γ . 2. An ∈ Γ . Then for any M and w , if M,w ⊩ Γ , obviously M ⊩ ΓAn[w], i.e., Γ ⊨ A. 3. An follows by mp from Ai and A j ≡ Ai → An . A1, . . . , Ai and A1, . . . , A j are derivations from Γ , so by inductive hypothesis, Γ ⊨ Ai and Γ ⊨ Ai → An . 138 139 9.2. SOUNDNESS OF NATURAL DEDUCTION Suppose M,w ⊩ Γ . Since M,w ⊩ Γ and Γ ⊨ Ai → An , M,w ⊩ Ai → An . By definition, this means that for all w ′ such that Rww ′, if M,w ′ ⊩ Ai then M,w ′ ⊩ An . Since R is reflexive, w is among the w ′ such that Rww ′, i.e., we have that if M,w ⊩ Ai then M,w ⊩ An . Since Γ ⊨ Ai , M,w ⊩ Ai . So, M,w ⊩ An , as we wanted to show. □ 9.2 Soundness of Natural Deduction Theorem 9.2 (Soundness). If Γ ⊢ A, then Γ ⊨ A. Proof. We prove that if Γ ⊢ A, then Γ ⊨ A. The proof is by induction on the derivation of A from Γ . 1. If the derivation consists of just the assumption A, we have A ⊢ A, and want to show that A ⊨ A. Consider any model M such that M ⊩ A. Then trivially M ⊩ A. 2. The derivation ends in ∧Intro: Exercise. 3. The derivation ends in ∧Elim: Exercise. 4. The derivation ends in ∨Intro: Suppose the premise is B , and the undischarged assumptions of the derivation ending in B are Γ . Then we have Γ ⊢ B and by inductive hypothesis, Γ ⊨ B . We have to show that Γ ⊨ B ∨ C . Suppose M ⊩ Γ . Since Γ ⊨ B , M ⊩ B . But then also M ⊩ B ∨ C . Similarly, if the premise is C , we have that Γ ⊨ C . 5. The derivation ends in ∨Elim: The derivations ending in the premises are of B∨C from undischarged assumptions Γ , of D from undischarged assumptions ∆1 ∪ {B }, and of D from undischarged assumptions ∆2 ∪ {C }. So we have Γ ⊢ B ∨ C , ∆1 ∪ {B } ⊢ D , and ∆2 ∪ {C } ⊢ D . By induction hypothesis, Γ ⊨ B ∨ C , ∆1 ∪ {B } ⊨ D , and ∆2 ∪ {C } ⊨ D . We have to prove that Γ ∪ ∆1 ∪ ∆2 ⊨ D . 140 CHAPTER 9. SOUNDNESS AND COMPLETENESS Suppose M ⊩ Γ∪∆1∪∆2. Then M ⊩ Γ and since Γ ⊨ B∨C , M ⊩ B ∨C . By definition of M ⊩, either M ⊩ B or M ⊩ C . So we distinguish cases: (a) M ⊩ B . Then M ⊩ ∆1 ∪ {B }. Since ∆1 ∪ B ⊨ D , we have M ⊩ D . (b) M ⊩ C . Then M ⊩ ∆2 ∪ {C }. Since ∆2 ∪ C ⊨ D , we have M ⊩ D . So in either case, M ⊩ D , as we wanted to show. 6. The derivation ends with →Intro concluding B→C . Then the premise is C , and the derivation ending in the premise has undischarged assumptions Γ ∪ {B }. So we have that Γ∪{B } ⊢ C , and by induction hypothesis that Γ∪{B } ⊨ C . We have to show that Γ ⊨ B →C . Suppose M,w ⊩ Γ . We want to show that for all w ′ such that Rww ′, if M,w ′ ⊩ B , then M,w ′ ⊩ C . So assume that Rww ′ and M,w ′ ⊩ B . By Proposition 8.3, M,w ′ ⊩ Γ . Since Γ ∪ {B } ⊨ C , M,w ′ ⊩ C , which is what we wanted to show. 7. The derivation ends in →Elim and conclusion C . The premises are B → C and B , with derivations from undischarged assumptions Γ , ∆. So we have Γ ⊢ B → C and ∆ ⊢ B . By inductive hypothesis, Γ ⊨ B→C and ∆ ⊨ B . We have to show that Γ ∪ ∆ ⊨ C . Suppose M,w ⊩ Γ ∪ ∆. Since M,w ⊩ Γ and Γ ⊨ B → C , M,w ⊩ B → C . By definition, this means that for all w ′ such that Rww ′, if M,w ′ ⊩ B then M,w ′ ⊩ C . Since R is reflexive, w is among the w ′ such that Rww ′, i.e., we have that if M,w ⊩ B then M,w ⊩ C . Since M,w ⊩ ∆ and ∆ ⊨ B , M,w ⊩ B . So, M,w ⊩ C , as we wanted to show. 8. The derivation ends in ⊥I , concluding A. The premise is ⊥ and the undischarged assumptions of the derivation of the premise are Γ . Then Γ ⊢ ⊥. By inductive hypothesis, Γ ⊨ ⊥. We have to show Γ ⊨ A. We proceed indirectly. If Γ ⊭ A there is a model M and world w such that M,w ⊩ Γ and M,w ⊮ A. Since Γ ⊨ 141 9.3. LINDENBAUM'S LEMMA ⊥, M,w ⊩ ⊥. But that's impossible, since by definition, M,w ⊮ ⊥. So Γ ⊨ A. 9. The derivation ends in ¬Intro: Exercise. 10. The derivation ends in ¬Elim: Exercise. □ 9.3 Lindenbaum's Lemma Definition 9.3. A set of formulas Γ is prime iff 1. Γ is consistent. 2. If Γ ⊢ A then A ∈ Γ , and 3. If A ∨ B ∈ Γ then A ∈ Γ or B ∈ Γ . Lemma 9.4 (Lindenbaum's Lemma). If Γ ⊬ A, there is a Γ∗ ⊇ Γ such that Γ∗ is prime and Γ∗ ⊬ A. Proof. Let B1∨C1, B2∨C2, . . . , be an enumeration of all formulas of the form B ∨C . We'll define an increasing sequence of sets of formulas Γn , where each Γn+1 is defined as Γn together with one new formula. Γ∗ will be the union of all Γn . The new formulas are selected so as to ensure that Γ∗ is prime and still Γ∗ ⊬ A. This means that at each step we should find the first disjunction Bi ∨Ci such that: 1. Γn ⊢ Bi ∨Ci 2. Bi ∉ Γn and Ci ∉ Γn We add to Γn either Bi if Γn ∪ {Bi } ⊬ A, or Ci otherwise. We'll have to show that this works. For now, let's define i (n) as the least i such that (1) and (2) hold. 142 CHAPTER 9. SOUNDNESS AND COMPLETENESS Define Γ0 = Γ and Γn+1 = {︄ Γn ∪ {Bi (n)} if Γn ∪ {Bi (n)} ⊬ A Γn ∪ {Ci (n)} otherwise If i (n) is undefined, i.e., whenever Γn ⊢ B ∨ C , either B ∈ Γn or C ∈ Γn , we let Γn+1 = Γn . Now let Γ∗ = ⋃︁∞ n=0 Γn First we show that for all n, Γn ⊬ A. We proceed by induction on n. For n = 0 the claim holds by the hypothesis of the theorem, i.e., Γ ⊬ A. If n > 0, we have to show that if Γn ⊬ A then Γn+1 ⊬ A. If i (n) is undefined, Γn+1 = Γn and there is nothing to prove. So suppose i (n) is defined. For simplicity, let i = i (n). We'll prove the contrapositive of the claim. Suppose Γn+1 ⊢ A. By construction, Γn+1 = Γn ∪ {Bi } if Γn ∪ {Bi } ⊬ A, or else Γn+1 = Γn ∪ {Ci }. It clearly can't be the first, since then Γn+1 ⊬ A. Hence, Γn ∪ {Bi } ⊢ A and Γn+1 = Γn ∪ {Ci }. By definition of i (n), we have that Γn ⊢ Bi ∨Ci . We have Γn ∪ {Bi } ⊢ A. We also have Γn+1 = Γn ∪ {Ci } ⊢ A. Hence, Γn ⊢ A, which is what we wanted to show. If Γ∗ ⊢ A, there would be some finite subset Γ ′ ⊆ Γ∗ such that Γ ′ ⊢ A. Each D ∈ Γ ′ must be in Γi for some i . Let n be the largest of these. Since Γi ⊆ Γn if i ≤ n, Γ ′ ⊆ Γn . But then Γn ⊢ A, contrary to our proof above that Γn ⊬ A. Lastly, we show that Γ∗ is prime, i.e., satisfies conditions (1), (2), and (3) of Definition 9.3. First, Γ∗ ⊬ A, so Γ∗ is consistent, so (1) holds. We now show that if Γ∗ ⊢ B ∨ C , then either B ∈ Γ∗ or C ∈ Γ∗. This proves (3), since if B ∈ Γ∗ then also Γ∗ ⊢ B , and similarly for C . So assume Γ∗ ⊢ B ∨ C but B ∉ Γ∗ and C ∉ Γ∗. Since Γ∗ ⊢ B ∨C , Γn ⊢ B ∨C for some n. B ∨C appears on the enumeration of all disjunctions, say as B j∨C j . B j∨C j satisfies the properties in the definition of i (n), namely we have Γn ⊢ B j ∨C j , while B j ∉ Γn and C j ∉ Γn . At each stage, at least one fewer disjunction Bi ∨Ci satisfies the conditions (since at each stage we add either Bi or Ci ), so at some stage m we will have j = i (Γm). But then either B ∈ Γm+1 orC ∈ Γm+1, contrary to the assumption that B ∉ Γ∗ and C ∉ Γ∗. 143 9.4. THE CANONICAL MODEL Now suppose Γ∗ ⊢ A. Then Γ∗ ⊢ A ∨ A. But we've just proved that if Γ∗ ⊢ A ∨ A then A ∈ Γ∗. Hence, Γ∗ satisfies (2) of Definition 9.3. □ 9.4 The Canonical Model The worlds in our model will be finite sequences σ of natural numbers, i.e., σ ∈ N∗. Note that N∗ is inductively defined by: 1. Λ ∈ N∗. 2. If σ ∈ N∗ and n ∈ N, then σ.n ∈ N∗ (where σ.n is σ ⌒ ⟨n⟩ and σ ⌒ σ′ is the concatenation if σ and σ′). 3. Nothing else is in N∗. So we can use N∗ to give inductive definitions. Let ⟨B1,C1⟩, ⟨B2,Cs ⟩, . . . , be an enumeration of all pairs of formulas. Given a set of formulas ∆, define ∆(σ) by induction as follows: 1. ∆(Λ) = ∆ 2. ∆(σ.n) = {︄ (∆(σ) ∪ {Bn})∗ if ∆(σ) ∪ {Bn} ⊬ Cn ∆(σ) otherwise Here by (∆(σ) ∪ {Bn})∗ we mean the prime set of formulas which exists by Lemma 9.4 applied to the set ∆(σ) ∪ {Bn} and the formula Cn . Note that by this definition, if ∆(σ) ∪ {Bn} ⊬ Cn , then ∆(σ.n) ⊢ Bn and ∆(σ.n) ⊬ Cn . Note also that ∆(σ) ⊆ ∆(σ.n) for any n. If ∆ is prime, then ∆(σ) is prime for all σ. 144 CHAPTER 9. SOUNDNESS AND COMPLETENESS Definition 9.5. Suppose ∆ is prime. Then the canonical model M(∆) for ∆ is defined by: 1. W = N∗, the set of finite sequences of natural numbers. 2. R is the partial order according to which Rσσ′ iff σ is an initial segment of σ′ (i.e., σ′ = σ ⌒ σ′′ for some sequence σ′′). 3. V (p) = {σ : p ∈ ∆(σ)}. It is easy to verify that R is indeed a partial order. Also, the monotonicity condition on V is satisfied. Since ∆(σ) ⊆ ∆(σ.n) we get ∆(σ) ⊆ ∆(σ′) whenever Rσσ′ by induction on σ. 9.5 The Truth Lemma Lemma 9.6. If ∆ is prime, then M(∆), σ ⊩ A iff ∆(σ) ⊢ A. Proof. By induction on A. 1. A ≡ ⊥: Since ∆(σ) is prime, it is consistent, so ∆(σ) ⊬ A. By definition, M(∆), σ ⊮ A. 2. A ≡ p : By definition of ⊩, M(∆), σ ⊩ A iff σ ∈ V (p), i.e., ∆(σ) ⊢ A. 3. A ≡ ¬B : exercise. 4. A ≡ B ∧C : M(∆), σ ⊩ A iff M(∆), σ ⊩ B and M(∆), σ ⊩ C . By induction hypothesis, M(∆), σ ⊩ B iff ∆(σ) ⊢ B , and similarly for C . But ∆(σ) ⊢ B and ∆(σ) ⊢ C iff ∆(σ) ⊢ A. 5. A ≡ B ∨C : M(∆), σ ⊩ A iff M(∆), σ ⊩ B or M(∆), σ ⊩ C . By induction hypothesis, this holds iff ∆(σ) ⊢ B of ∆(σ) ⊢ C . We have to show that this in turn holds iff ∆(σ) ⊢ A. The left-to-right direction is clear. The right-to-left direction follows since ∆(σ) is prime. 145 9.6. THE COMPLETENESS THEOREM 6. A ≡ B →C : First the contrapositive of the left-to-right direction: Assume ∆(σ) ⊬ B→C . Then also ∆(σ)∪ {B } ⊬ C . Since ⟨B,C ⟩ is ⟨Bn,Cn⟩ for some n, we have ∆(σ.n) = (∆(σ) ∪ {B })∗, and ∆(σ.n) ⊢ B but ∆(σ.n) ⊬ C . By inductive hypothesis, M(∆), σ.n ⊩ B and M(∆), σ.n ⊮ C . Since Rσ(σ.n), this means that M(∆), σ ⊮ A. Now assume ∆(σ) ⊢ B → C , and let Rσσ′. Since ∆(σ) ⊆ ∆(σ′), we have: if ∆(σ′) ⊢ B , then ∆(σ′) ⊢ C . In other words, for every σ′ such that Rσσ′, either ∆(σ′) ⊬ B or ∆(σ′) ⊢ C . By induction hypothesis, this means that whenever Rσσ′, either M(∆), σ′ ⊮ B or M(∆), σ′ ⊩ C , i.e., M(∆), σ ⊩ A. □ 9.6 The Completeness Theorem Theorem 9.7. If Γ ⊨ A then Γ ⊢ A. Proof. We prove the contrapositive: Suppose Γ ⊬ A. Then by Lemma 9.4, there is a prime set Γ∗ ⊇ Γ such that Γ∗ ⊬ A. Consider the canonical model M(Γ∗) for Γ∗ as defined in Definition 9.5. For any B ∈ Γ , Γ∗ ⊢ B . Note that Γ∗(Λ) = Γ∗. By the Truth Lemma (Lemma 9.6), we have M(Γ∗), Λ ⊩ B for all B ∈ Γ and M(Γ∗), Λ ⊮ A. This shows that Γ ⊭ A. □ Problems Problem 9.1. Complete the proof of Theorem 9.2. For the cases for ¬Intro and ¬Elim, use the definition of M,w ⊩ ¬A in Definition 8.2, i.e., don't treat ¬A as defined by A→⊥. PART III Counterfactuals 146 CHAPTER 10 Introduction 10.1 The Material Conditional In its simplest form in English, a conditional is a sentence of the form "If . . . then . . . ," where the . . . are themselves sentences, such as "If the butler did it, then the gardener is innocent." In introductory logic courses, we earn to symbolize conditionals using the → connective: symbolize the parts indicated by . . . , e.g., by formulas A and B , and the entire conditional is symbolized by A→ B . The connective → is truth-functional, i.e., the truth value-T or F-of A → B is determined by the truth values of A and B : A → B is true iff A is false or B is true, and false otherwise. Relative to a truth value assignment v, we define v ⊨ A→ B iff v ⊭ A or v ⊨ B . The connective → with this semantics is called the material conditional. This definition results in a number of elementary logical facts. First of all, the deduction theorem holds for the material conditional: If Γ,A ⊨ B then Γ ⊨ A→ B (10.1) It is truth-functional: A→ B and ¬A ∨ B are equivalent: A→ B ⊨ ¬A ∨ B (10.2) ¬A ∨ B ⊨ A→ B (10.3) 147 148 CHAPTER 10. INTRODUCTION A material conditional is entailed by its consequent and by the negation of its antecedent: B ⊨ A→ B (10.4) ¬A ⊨ A→ B (10.5) A false material conditional is equivalent to the conjunction of its antecedent and the negation of its consequent: if A→ B is false, A ∧ ¬B is true, and vice versa: ¬(A→ B) ⊨ A ∧ ¬B (10.6) A ∧ ¬B ⊨ ¬(A→ B) (10.7) The material conditional supports modus ponens: A,A→ B ⊨ B (10.8) The material conditional agglomerates: A→ B,A→C ⊨ A→ (B ∧C ) (10.9) We can always strengthen the antecedent, i.e., the conditional is monotonic: A→ B ⊨ (A ∧C ) → B (10.10) The material conditional is transitive, i.e., the chain rule is valid: A→ B,B →C ⊨ A→C (10.11) The material conditional is equivalent to its contrapositive: A→ B ⊨ ¬B →¬A (10.12) ¬B →¬A ⊨ A→ B (10.13) 149 10.2. PARADOXES OF THE MATERIAL CONDITIONAL These are all useful and unproblematic inferences in mathematical reasoning. However, the philosophical and linguistic literature is replete with purported counterexamples to the equivalent inferences in non-mathematical contexts. These suggest that the material conditional → is not-or at least not always-the appropriate connective to use when symbolizing English "if . . . then . . . " statements. 10.2 Paradoxes of the Material Conditional One of the first to criticize the use of A→B as a way to symbolize "if . . . then . . . " statements of English was C. I. Lewis. Lewis was criticizing the use of the material condition in Whitehead and Russell's Principia Mathematica, who pronounced→ as "implies." Lewis rightly complained that if → meant "implies," then any false proposition p implies that p implies q , since p→ (p→ q ) is true if p is false, and that any true proposition q implies that p implies q , since q → (p → q ) is true if q is true. Logicians of course know that implication, i.e., logical entailment, is not a connective but a relation between formulas or statements. So we should just not read → as "implies" to avoid confusion.1 As long as we don't, the particular worry that Lewis had simply does not arise: p does not "imply" q even if we think of p as standing for a false English sentence. To determine if p ⊨ q we must consider all valuations, and p ⊭ q even when we use p to symbolize a sentence which happens to be false. But there is still something odd about "if . . . then. . . " statements such as Lewis's If the moon is made of green cheese, then 2 + 2 = 4. and about the inferences 1Reading "→" as "implies" is still widely practised by mathematicians and computer scientists, although philosophers try to avoid the confusions Lewis highlighted by pronouncing it as "only if." 150 CHAPTER 10. INTRODUCTION The moon is not made of green cheese. Therefore, if the moon is made of green cheese, then 2 + 2 = 4. 2 + 2 = 4. Therefore, if the moon is made of green cheese, then 2 + 2 = 4. Yet, if "if . . . then . . . " were just →, the sentence would be unproblematically true, and the inferences unproblematically valid. Another example of concerns the tautology (A→B)∨(B→A). This would suggest that if you take two indicative sentences S and T from the newspaper at random, the sentence "If S then T , or if T then S " should be true. 10.3 The Strict Conditional Lewis introduced the strict conditional ⥽ and argued that it, not the material conditional, corresponds to implication. In alethic modal logic, A ⥽ B can be defined as □(A → B). A strict conditional is thus true (at a world) iff the corresponding material conditional is necessary. How does the strict conditional fare vis-a-vis the paradoxes of the material conditional? A strict conditional with a false antecedent and one with a true consequent, may be true, or it may be false. Moreover, (A ⥽ B) ∨ (B ⥽ A) is not valid. The strict conditional A ⥽ B is also not equivalent to ¬A ∨ B , so it is not truth functional. We have: A ⥽ B ⊨ ¬A ∨ B but: (10.14) ¬A ∨ B ⊭ A ⥽ B (10.15) B ⊭ A ⥽ B (10.16) ¬A ⊭ A ⥽ B (10.17) ¬(A→ B) ⊭ A ∧ ¬B but: (10.18) A ∧ ¬B ⊨ ¬(A ⥽ B) (10.19) 151 10.3. THE STRICT CONDITIONAL However, the strict conditional still supports modus ponens: A,A ⥽ B ⊨ B (10.20) The strict conditional agglomerates: A ⥽ B,A ⥽ C ⊨ A ⥽ (B ∧C ) (10.21) Antecedent strengthening holds for the strict conditional: A ⥽ B ⊨ (A ∧C ) ⥽ B (10.22) The strict conditional is also transitive: A ⥽ B,B ⥽ C ⊨ A ⥽ C (10.23) Finally, the strict conditional is equivalent to its contrapositive: A ⥽ B ⊨ ¬B ⥽ ¬A (10.24) ¬B ⥽ ¬A ⊨ A ⥽ B (10.25) However, the strict conditional still has its own "paradoxes." Just as a material conditional with a false antecedent or a true consequent is true, a strict conditional with a necessarily false antecedent or a necessarily true consequent is true. Moreover, any true strict conditional is necessarily true, and any false strict conditional is necessarily false. In other words, we have □A ⊨ A ⥽ B (10.26) □¬B ⊨ A ⥽ B (10.27) A ⥽ B ⊨ □(A ⥽ B) (10.28) ¬(A ⥽ B) ⊨ □¬(A ⥽ B) (10.29) These are not problems if you think of ⥽ as "implies." Logical entailment relationships are, after all, mathematical facts and so can't be contingent. But they do raise issues if you want to use ⥽ as a logical connective that is supposed to capture "if . . . then . . . ," especially the last two. For surely there are "if . . . then . . . " statements that are contingently true or contingently false-in fact, they generally are neither necessary nor impossible. 152 CHAPTER 10. INTRODUCTION 10.4 Counterfactuals A very common and important form of "if . . . then . . . " constructions in English are built using the past subjunctive form of to be: "if it were the case that . . . then it would be the case that . . . " Because usually the antecedent of such a conditional is false, i.e., counter to fact, they are called counterfactual conditionals (and because they use the subjunctive form of to be, also subjunctive conditionals. They are distinguished from indicative conditionals which take the form of "if it is the case that . . . then it is the case that . . . " Counterfactual and indicative conditionals differ in truth conditions. Consider Adams's famous example: If Oswald didn't kill Kennedy, someone else did. If Oswald hadn't killed Kennedy, someone else would have. The first is indicative, the second counterfactual. The first is clearly true: we know JFK was killed by someone, and if that someone wasn't (contrary to the Warren Report) Lee Harvey Oswald, then someone else killed JFK. The second one says something different. It claims that if Oswald hadn't killed Kennedy, i.e., if the Dallas shooting had been avoided or had been unsuccessful, history would have subsequently unfolded in such a way that another assassination would have been successful. In order for it to be true, it would have to be the case that powerful forces had conspired to ensure JFK's death (as many JFK conspiracy theorists believe). It is a live debate whether the indicative conditional is correctly captured by the material conditional, in particular, whether the paradoxes of the material conditional can be "explained" in a way that is compatible with it giving the truth conditions for English indicative conditionals. By contrast, it is uncontroversial that counterfactual conditionals cannot be symbolized correctly by the material conditionals. That is clear because, even though generally the antecedents of counterfactuals are false, not 153 10.4. COUNTERFACTUALS all counterfactuals with false antecedents are true-for instance, if you believe the Warren Report, and there was no conspiracy to assassinate JFK, then Adams's counterfactual conditional is an example. Counterfactual conditionals play an important role in causal reasoning: a prime example of the use of counterfactuals is to express causal relationships. E.g., striking a match causes it to light, and you can express this by saying "if this match were struck, it would light." Material, and generally indicative conditionals, cannot be used to express this: "the match is struck → the match lights" is true if the match is never struck, regardless of what would happen if it were. Even worse, "the match is struck → the match turns into a bouquet of flowers" is also true if it is never struck, but the match would certainly not turn into a bouquet of flowers if it were struck. It is still debated What exactly the correct logic of counterfactuals is. An influential analysis of counterfactuals was given by Stalnaker and Lewis. According to them, a counterfactual "if it were the case that S then it would be the case thatT " is true iff T is true in the counterfactual situation ("possible world") that is closest to the way the actual world is and where S is true. This is called an "ontic" analysis, since it makes reference to an ontology of possible worlds. Other analyses make use of conditional probabilities or theories of belief revision. There is a proliferation of different proposed logics of counterfactuals. There isn't even a single Lewis-Stalnaker logic of counterfactuals: even though Stalnaker and Lewis proposed accounts along similar lines with reference to closest possible worlds, the assumptions they made result in different valid inferences. Problems Problem 10.1. Give S5-counterexamples to the entailment relations which do not hold for the strict conditional, i.e., for: 1. ¬p ⊭ □(p → q ) 154 CHAPTER 10. INTRODUCTION 2. q ⊭ □(p → q ) 3. ¬□(p → q ) ⊭ p ∧ ¬q 4. ⊭ □(p → q ) ∨□(q → p) Problem 10.2. Show that the valid entailment relations hold for the strict conditional by giving S5-proofs of: 1. □(A→ B) ⊨ ¬A ∨ B 2. A ∧ ¬B ⊨ ¬□(A→ B) 3. A,□(A→ B) ⊨ B 4. □(A→ B),□(A→C ) ⊨ □(A→ (B ∧C )) 5. □(A→ B) ⊨ □((A ∧C ) → B) 6. □(A→ B),□(B →C ) ⊨ □(A→C ) 7. □(A→ B) ⊨ □(¬B →¬A) 8. □(¬B →¬A) ⊨ □(A→ B) Problem 10.3. Give proofs in S5 of: 1. □¬B ⊨ A ⥽ B 2. A ⥽ B ⊨ □(A ⥽ B) 3. ¬(A ⥽ B) ⊨ □¬(A ⥽ B) Use the definition of ⥽ to do so. CHAPTER 11 Minimal Change Semantics 11.1 Introduction Stalnaker and Lewis proposed accounts of counterfactual conditionals such as "If the match were struck, it would light." Their accounts were proposals for how to properly understand the truth conditions for such sentences. The idea behind both proposals is this: to evaluate whether a counterfactual conditional is true, we have to consider those possible worlds which are minimally different from the way the world actually is to make the antecedent true. If the consequent is true in these possible worlds, then the counterfactual is true. For instance, suppose I hold a match and a matchbook in my hand. In the actual world I only look at them and ponder what would happen if I were to strike the match. The minimal change from the actual world where I strike the match is that where I decide to act and strike the match. It is minimal in that nothing else changes: I don't also jump in the air, striking the match doesn't also light my hair on fire, I don't suddenly lose 155 156 CHAPTER 11. MINIMAL CHANGE SEMANTICS all strength in my fingers, I am not simultaneously doused with water in a SuperSoaker ambush, etc. In that alternative possibility, the match lights. Hence, it's true that if I were to strike the match, it would light. This intuitive account can be paired with formal semantics for logics of counterfactuals. Lewis introduced the symbol "□→" for the counterfactual while Stalnaker used the symbol ">". We'll use□→, and add it as a binary connective to propositional logic. So, we have, in addition to formulas of the form A → B also formulas of the form A□→ B . The formal semantics, like the relational semantics for modal logic, is based on models in which formulas are evaluated at worlds, and the satisfaction condition defining M,w ⊩ A□→ B is given in terms of M,w ′ ⊩ A and M,w ′ ⊩ B for some (other) worlds w ′. Which w ′? Intuitively, the one(s) closest to w for which it holds that M,w ′ ⊩ A. This requires that a relation of "closeness" has to be included in the model as well. Lewis introduced an instructive way of representing counterfactual situations graphically. Each possible world is at the center of a set of nested spheres containing other worlds-we draw these spheres as concentric circles. The worlds between two spheres are equally close to the world at the center as each other, those contained in a nested sphere are closer, and those in a surrounding sphere further away. w B A The closest A-worlds are those worlds w ′ where A is satisfied which lie in the smallest sphere around the center world w (the 157 11.2. SPHERE MODELS gray area). Intuitively, A□→ B is satisfied at w if B is true at all closest A-worlds. 11.2 Sphere Models One way of providing a formal semantics for counterfactuals is to turn Lewis's informal account into a mathematical structure. The spheres around a world w then are sets of worlds. Since the spheres are nested, the sets of worlds aroundw have to be linearly ordered by the subset relation. Definition 11.1. A sphere model is a triple M = ⟨W,O ,V ⟩ where W is a non-empty set of worlds, V : At0 → ℘(W ) is a valuation, and O :W → ℘(℘(W )) assigns to each world w a system of spheres Ow . For each w , Ow is a set of sets of worlds, and must satisfy: 1. Ow is centered on w : {w} ∈ Ow . 2. Ow is nested : whenever S1, S2 ∈ Ow , S1 ⊆ S2 or S2 ⊆ S1, i.e., Ow is linearly ordered by ⊆. 3. Ow is closed under non-empty unions. 4. Ow is closed under non-empty intersections. The intuition behind Ow is that the worlds "around" w are stratified according to how far away they are from w . The innermost sphere is just w by itself, i.e., the set {w}: w is closer to w than the worlds in any other sphere. If S ⊊ S ′, then the worlds in S ′ \S are further way from w than the worlds in S : S ′ \S is the "layer" between the S and the worlds outside of S ′. In particular, we have to think of the spheres as containing all the worlds within their outer surface; they are not just the individual layers. The diagram in Figure 11.1 corresponds to the sphere model withW = {w,w1, . . . ,w7}, V (p) = {w5,w6,w7}. The innermost sphere S1 = {w}. The closest worlds to w are w1,w2,w3, so the 158 CHAPTER 11. MINIMAL CHANGE SEMANTICS w w2w3 w1 w5 w6 w4 w7 p Figure 11.1: Diagram of a sphere model next larger sphere is S2 = {w,w1,w2,w3}. The worlds further out are w4, w5, w6, so the outermost sphere is S3 = {w,w1, . . . ,w6}. The system of spheres around w is Ow = {S1,S2,S3}. The world w7 is not in any sphere around w . The closest worlds in which p is true are w5 and w6, and so the smallest p -admitting sphere is S3. To define satisfaction of a formula A at world w in a sphere model M, M,w ⊩ A, we expand the definition for modal formulas to include a clause for B□→ C : Definition 11.2. M,w ⊩ B□→ C iff either 1. For all u ∈ ⋃︁ Ow , M,u ⊮ C , or 2. For some S ∈ Ow , a) M,u ⊩ B for some u ∈ S , and b) for all v ∈ S , either M,v ⊮ B or M,v ⊩ C . According to this definition, M,w ⊩ B □→ C iff either the antecedent B is false everywhere in the spheres around w , or there is a sphere S where B is true, and the material conditional B → C is true at all worlds in that "B -admitting" sphere. Note 159 11.3. TRUTH AND FALSITY OF COUNTERFACTUALS w B A Figure 11.2: Non-vacuously true counterfactual that we didn't require in the definition that S is the innermost B admitting sphere, contrary to what one might expect from the intuitive explanation. But if the condition in (2) is satisfied for some sphere S , then it is also satisfied for all spheres S contains, and hence in particular for the innermost sphere. Note also that the definition of sphere models does not require that there is an innermost B -admitting sphere: we may have an infinite sequence S1 ⊋ S2 ⊋ * * * ⊋ {w} of B -admitting spheres, and hence no innermost B -admitting spheres. In that case, M,w ⊩ B□→C iff B →C holds throughout the spheres Si , Si+1, . . . , for some i . 11.3 Truth and Falsity of Counterfactuals A counterfactual A□→ B is (non-vacuously) true if the closest A-worlds are all B -worlds, as depicted in Figure 11.2. A counterfactual is also true at w if the system of spheres around w has no A-admitting spheres at all. In that case it is vacuously true (see Figure 11.3). It can be false in two ways. One way is if the closest A-worlds are not all B -worlds, but some of them are. In this case, A□→¬B is also false (see Figure 11.4). If the closest A-worlds do not overlap with the B -worlds at all, then A□→ B . But, in this case 160 CHAPTER 11. MINIMAL CHANGE SEMANTICS w B A Figure 11.3: Vacuously true counterfactual w B A Figure 11.4: False counterfactual, false opposite all the closest A-worlds are ¬B -worlds, and so A□→ ¬B is true (see Figure 11.5). In contrast to the strict conditional, counterfactuals may be contingent. Consider the sphere model in Figure 11.6. The Aworlds closest to u are all B -worlds, so M,u ⊩ A□→ B . But there are A-worlds closest to v which are not B -worlds, so M,v ⊮ A□→ B . 11.4 Antecedent Strengthenng "Strengthening the antecedent" refers to the inference A→ C ⊨ (A ∧ B) →C . It is valid for the material conditional, but invalid 161 11.4. ANTECEDENT STRENGTHENNG w B A Figure 11.5: False counterfactual, true opposite u v A B Figure 11.6: Contingent counterfactual for counterfactuals. Suppose it is true that if I were to strike this match, it would light. (That means, there is nothing wrong with the match or the matchbook surface, I will not break the match, etc.) But it is not true that if I were to light this match in outer space, it would light. So the following inference is invalid: I the match were struck, it would light. Therefore, if the match were struck in outer space, it would light. The Lewis-Stalnaker account of conditionals explains this: 162 CHAPTER 11. MINIMAL CHANGE SEMANTICS w w1 w2 q r p Figure 11.7: Counterexample to antecedent strengthening the closest world where I light the match and I do so in outer space is much further removed from the actual world than the closest world where I light the match is. So although it's true that the match lights in the latter, it is not in the former. And that is as it schould be. Example 11.3. The sphere semantics invalidates the inference, i.e., we have p □→ r ⊭ (p ∧ q ) □→ r . Consider the model M = ⟨W,O ,V ⟩ where W = {w,w1,w2}, Ow = {{w}, {w,w1}, {w,w1,w2}}, V (p) = {w1,w2}, V (q ) = {w2}, and V (r ) = {w1}. There is a p -admitting sphere S = {w,w1} and p→ r is true at all worlds in it, so M,w ⊩ p□→ r . There is also a (p ∧q )-admitting sphere S ′ = {w,w1,w2} but M,w2 ⊮ (p ∧q )→ r , so M,w ⊮ (p ∧ q )□→ r (see Figure 11.7). 11.5 Transitivity For the material conditional, the chain rule holds: A→B,B→C ⊨ A→C . In other words, the material conditional is transitive. Is the same true for counterfactuals? Consider the following example due to Stalnaker. 163 11.5. TRANSITIVITY If J. Edgar Hoover had been born a Russian, he would have been a Communist. If J. Edgar Hoover were a Communist, he would have been be a traitor. Therefore, If J. Edgar Hoover had been born a Russian, he would have been be a traitor. If Hoover had been born (at the same time he actually did), not in the United States, but in Russia, he would have grown up in the Soviet Union and become a Communist (let's assume). So the first premise is true. Likewise, the second premise, considered in isolation is true. The conclusion, however, is false: in all likelihood, Hoover would have been a fervent Communist if he had been born in the USSR, and not been a traitor (to his country). The intuitive assignment of truth values is borne out by the Stalnaker-Lewis account. The closest possible world to ours with the only change being Hoover's place of birth is the one where Hoover grows up to be a good citizen of the USSR. This is the closest possible world where the antecedent of the first premise and of the conclusion is true, and in that world Hoover is a loyal member of the Communist party, and so not a traitor. To evaluate the second premise, we have to look at a different world, however: the closest world where Hoover is a Communist, which is one where he was born in the United States, turned, and thus became a traitor.1 Example 11.4. The sphere semantics invalidates the inference, i.e., we have p □→ q ,q □→ r ⊭ p □→ r . Consider the model M = ⟨W,O ,V ⟩ where W = {w,w1,w2}, Ow = {{w}, {w,w1}, {w,w1,w2}}, V (p) = {w2}, V (q ) = {w1,w2}, and V (r ) = {w1}. There is a p -admitting sphere S = {w,w1,w2} and q → q is true at all worlds in it, so M,w ⊩ p□→ q . There is also 1Of course, to appreciate the force of the example we have to take on board some metaphysical and political assumptions, e.g., that it is possible that Hoover could have been born to Russian parents, or that Communists in the US of the 1950s were traitors to their country. 164 CHAPTER 11. MINIMAL CHANGE SEMANTICS a q -admitting sphere S ′ = {w,w1} and M ⊮ q → r is true at all worlds in it, so M,w ⊩ q□→ r . However, the p -admitting sphere {w,w1,w2} contains a world, namely w2, where M,w2 ⊮ p → r . 11.6 Contraposition Material and strict conditionals are equivalent to their contrapositives. Counterfactuals are not. Here is an example due to Kratzer: If Goethe hadn't died in 1832, he would (still) be dead now. If Goethe weren't dead now, he would have died in 1832. The first sentence is true: humans don't live hundreds of years. The second is clearly false: if Goethe weren't dead now, he would be still alive, and so couldn't have died in 1832. Example 11.5. The sphere semantics invalidates contraposition, i.e., we have p□→ q ⊭ ¬q □→ ¬p . Think of p as "Goethe didn't die in 1832" and q as "Goethe is dead now." We can capture this in a model M1 = ⟨W,O ,V ⟩ withW = {w,w1,w2}, O = {{w}, {w,w1}, {w,w1,w2}}, V (p) = {w1,w2} and V (q ) = {w,w1}. So w is the actual world where Goethe died in 1832 and is still dead; w1 is the (close) world where Goethe died in, say, 1833, and is still dead; and w2 is a (remote) world where Goethe is still alive. There is a p -admitting sphere S = {w,w1} and p→q is true at all worlds in it, so M,w ⊩ p□→ q . However, the ¬q -admitting sphere {w,w1,w2} contains a world, namely w2, where q is false and p is true, so M,w2 ⊮ ¬q →¬p . Problems Problem 11.1. Find a convincing, intuitive example for the failure of transitivity of counterfactuals. 165 11.6. CONTRAPOSITION w w1 w2 q ¬q p ¬p Figure 11.8: Counterexample to contraposition Problem 11.2. Draw the sphere diagram corresponding to the counterexample in Example 11.4. Problem 11.3. In Example 11.4, world w2 is where Hoover is born in Russia, is a communist, and not a traitor, and w1 is the world where Hoover is born in the US, is a communist, and a traitor. In this model, w1 is closer to w than w2 is. Is this necessary? Can you give a counterexample that does not assume that Hoover's being born in Russia is a more remote possibility than him being a Communist? PART IV Appendices 166 APPENDIX A Sets A.1 Extensionality A set is a collection of objects, considered as a single object. The objects making up the set are called elements or members of the set. If x is an element of a set a, we write x ∈ a; if not, we write x ∉ a. The set which has no elements is called the empty set and denoted "∅". It does not matter how we specify the set, or how we order its elements, or indeed how many times we count its elements. All that matters are what its elements are. We codify this in the following principle. 167 168 APPENDIX A. SETS Definition A.1 (Extensionality). If A and B are sets, then A = B iff every element of A is also an element of B , and vice versa. Extensionality licenses some notation. In general, when we have some objects a1, . . . , an , then {a1, . . . ,an} is the set whose elements are a1, . . . ,an . We emphasise the word "the", since extensionality tells us that there can be only one such set. Indeed, extensionality also licenses the following: {a,a,b} = {a,b} = {b,a}. This delivers on the point that, when we consider sets, we don't care about the order of their elements, or how many times they are specified. Example A.2. Whenever you have a bunch of objects, you can collect them together in a set. The set of Richard's siblings, for instance, is a set that contains one person, and we could write it as S = {Ruth}. The set of positive integers less than 4 is {1,2,3}, but it can also be written as {3,2,1} or even as {1,2,1,2,3}. These are all the same set, by extensionality. For every element of {1,2,3} is also an element of {3,2,1} (and of {1,2,1,2,3}), and vice versa. Frequently we'll specify a set by some property that its elements share. We'll use the following shorthand notation for that: {x : φ(x)}, where the φ(x) stands for the property that x has to have in order to be counted among the elements of the set. Example A.3. In our example, we could have specified S also as S = {x : x is a sibling of Richard}. Example A.4. A number is called perfect iff it is equal to the sum of its proper divisors (i.e., numbers that evenly divide it but aren't identical to the number). For instance, 6 is perfect because its proper divisors are 1, 2, and 3, and 6 = 1 + 2 + 3. In fact, 6 169 A.2. SUBSETS AND POWER SETS is the only positive integer less than 10 that is perfect. So, using extensionality, we can say: {6} = {x : x is perfect and 0 ≤ x ≤ 10} We read the notation on the right as "the set of x 's such that x is perfect and 0 ≤ x ≤ 10". The identity here confirms that, when we consider sets, we don't care about how they are specified. And, more generally, extensionality guarantees that there is always only one set of x 's such that φ(x). So, extensionality justifies calling {x : φ(x)} the set of x 's such that φ(x). Extensionality gives us a way for showing that sets are identical: to show that A = B , show that whenever x ∈ A then also x ∈ B , and whenever y ∈ B then also y ∈ A. A.2 Subsets and Power Sets We will often want to compare sets. And one obvious kind of comparison one might make is as follows: everything in one set is in the other too. This situation is sufficiently important for us to introduce some new notation. Definition A.5 (Subset). If every element of a set A is also an element of B , then we say that A is a subset of B , and write A ⊆ B . If A is not a subset of B we write A ⊈ B . If A ⊆ B but A ≠ B , we write A ⊊ B and say that A is a proper subset of B . Example A.6. Every set is a subset of itself, and ∅ is a subset of every set. The set of even numbers is a subset of the set of natural numbers. Also, {a,b} ⊆ {a,b, c }. But {a,b, e } is not a subset of {a,b, c }. Example A.7. The number 2 is an element of the set of integers, whereas the set of even numbers is a subset of the set of integers. However, a set may happen to both be an element and a subset of some other set, e.g., {0} ∈ {0, {0}} and also {0} ⊆ {0, {0}}. 170 APPENDIX A. SETS Extensionality gives a criterion of identity for sets: A = B iff every element of A is also an element of B and vice versa. The definition of "subset" defines A ⊆ B precisely as the first half of this criterion: every element of A is also an element of B . Of course the definition also applies if we switch A and B : that is, B ⊆ A iff every element of B is also an element of A. And that, in turn, is exactly the "vice versa" part of extensionality. In other words, extensionality entails that sets are equal iff they are subsets of one another. Proposition A.8. A = B iff both A ⊆ B and B ⊆ A. Now is also a good opportunity to introduce some further bits of helpful notation. In defining when A is a subset of B we said that "every element of A is . . . ," and filled the ". . . " with "an element of B". But this is such a common shape of expression that it will be helpful to introduce some formal notation for it. Definition A.9. (∀x ∈ A)φ abbreviates ∀x(x ∈ A→φ). Similarly, (∃x ∈ A)φ abbreviates ∃x(x ∈ A ∧ φ). Using this notation, we can say that A ⊆ B iff (∀x ∈ A)x ∈ B . Now we move on to considering a certain kind of set: the set of all subsets of a given set. Definition A.10 (Power Set). The set consisting of all subsets of a set A is called the power set of A, written ℘(A). ℘(A) = {B : B ⊆ A} Example A.11. What are all the possible subsets of {a,b, c }? They are: ∅, {a}, {b}, {c }, {a,b}, {a, c }, {b, c }, {a,b, c }. The set of all these subsets is ℘({a,b, c }): ℘({a,b, c }) = {∅, {a}, {b}, {c }, {a,b}, {b, c }, {a, c }, {a,b, c }} 171 A.3. SOME IMPORTANT SETS A.3 Some Important Sets Example A.12. We will mostly be dealing with sets whose elements are mathematical objects. Four such sets are important enough to have specific names: N = {0,1,2,3, . . .} the set of natural numbers Z = {. . . ,−2,−1,0,1,2, . . .} the set of integers Q = {m/n : m,n ∈ Z and n ≠ 0} the set of rationals R = (−∞,∞) the set of real numbers (the continuum) These are all infinite sets, that is, they each have infinitely many elements. As we move through these sets, we are adding more numbers to our stock. Indeed, it should be clear that N ⊆ Z ⊆ Q ⊆ R: after all, every natural number is an integer; every integer is a rational; and every rational is a real. Equally, it should be clear that N ⊊ Z ⊊ Q, since −1 is an integer but not a natural number, and 1/2 is rational but not integer. It is less obvious that Q ⊊ R, i.e., that there are some real numbers which are not rational. We'll sometimes also use the set of positive integers Z+ = {1,2,3, . . . } and the set containing just the first two natural numbers B = {0,1}. Example A.13 (Strings). Another interesting example is the set A∗ of finite strings over an alphabet A: any finite sequence of elements of A is a string over A. We include the empty string Λ among the strings over A, for every alphabet A. For instance, B∗ = {Λ,0,1,00,01,10,11, 000,001,010,011,100,101,110,111,0000, . . .}. 172 APPENDIX A. SETS Figure A.1: The union A ∪ B of two sets is set of elements of A together with those of B . If x = x1 . . . xn ∈ A∗is a string consisting of n "letters" from A, then we say length of the string is n and write len(x) = n. Example A.14 (Infinite sequences). For any set A we may also consider the set Aω of infinite sequences of elements of A. An infinite sequence a1a2a3a4 . . . consists of a one-way infinite list of objects, each one of which is an element of A. A.4 Unions and Intersections In appendix A.1, we introduced definitions of sets by abstraction, i.e., definitions of the form {x : φ(x)}. Here, we invoke some property φ, and this property can mention sets we've already defined. So for instance, if A and B are sets, the set {x : x ∈ A∨x ∈ B } consists of all those objects which are elements of either A or B , i.e., it's the set that combines the elements of A and B . We can visualize this as in Figure A.1, where the highlighted area indicates the elements of the two sets A and B together. This operation on sets-combining them-is very useful and common, and so we give it a formal name and a symbol. 173 A.4. UNIONS AND INTERSECTIONS Figure A.2: The intersection A ∩ B of two sets is the set of elements they have in common. Definition A.15 (Union). The union of two sets A and B , written A ∪ B , is the set of all things which are elements of A, B , or both. A ∪ B = {x : x ∈ A ∨ x ∈ B } Example A.16. Since the multiplicity of elements doesn't matter, the union of two sets which have an element in common contains that element only once, e.g., {a,b, c }∪{a,0,1} = {a,b, c,0,1}. The union of a set and one of its subsets is just the bigger set: {a,b, c } ∪ {a} = {a,b, c }. The union of a set with the empty set is identical to the set: {a,b, c } ∪ ∅ = {a,b, c }. We can also consider a "dual" operation to union. This is the operation that forms the set of all elements that are elements of A and are also elements of B . This operation is called intersection, and can be depicted as in Figure A.2. Definition A.17 (Intersection). The intersection of two sets A and B , written A ∩ B , is the set of all things which are elements of both A and B . A ∩ B = {x : x ∈ A ∧ x ∈ B } 174 APPENDIX A. SETS Two sets are called disjoint if their intersection is empty. This means they have no elements in common. Example A.18. If two sets have no elements in common, their intersection is empty: {a,b, c } ∩ {0,1} = ∅. If two sets do have elements in common, their intersection is the set of all those: {a,b, c } ∩ {a,b,d } = {a,b}. The intersection of a set with one of its subsets is just the smaller set: {a,b, c } ∩ {a,b} = {a,b}. The intersection of any set with the empty set is empty: {a,b, c } ∩ ∅ = ∅. We can also form the union or intersection of more than two sets. An elegant way of dealing with this in general is the following: suppose you collect all the sets you want to form the union (or intersection) of into a single set. Then we can define the union of all our original sets as the set of all objects which belong to at least one element of the set, and the intersection as the set of all objects which belong to every element of the set. Definition A.19. If A is a set of sets, then ⋃︁ A is the set of elements of elements of A:⋃︂ A = {x : x belongs to an element of A}, i.e., = {x : there is a B ∈ A so that x ∈ B } Definition A.20. If A is a set of sets, then ⋂︁ A is the set of objects which all elements of A have in common:⋂︂ A = {x : x belongs to every element of A}, i.e., = {x : for all B ∈ A,x ∈ B } Example A.21. Suppose A = {{a,b}, {a,d, e }, {a,d }}. Then⋃︁ A = {a,b,d, e } and ⋂︁ A = {a}. 175 A.4. UNIONS AND INTERSECTIONS Figure A.3: The difference A \ B of two sets is the set of those elements of A which are not also elements of B . We could also do the same for a sequence of sets A1, A2, . . .⋃︂ i Ai = {x : x belongs to one of the Ai }⋂︂ i Ai = {x : x belongs to every Ai }. When we have an index of sets, i.e., some set I such that we are considering Ai for each i ∈ I , we may also use these abbreviations: ⋃︂ i ∈I Ai = ⋃︂ {Ai : i ∈ I }⋂︂ i ∈I Ai = ⋂︂ {Ai : i ∈ I } Finally, we may want to think about the set of all elements in A which are not in B . We can depict this as in Figure A.3. Definition A.22 (Difference). The set difference A \B is the set of all elements of A which are not also elements of B , i.e., A \ B = {x : x ∈ A and x ∉ B }. 176 APPENDIX A. SETS A.5 Pairs, Tuples, Cartesian Products It follows from extensionality that sets have no order to their elements. So if we want to represent order, we use ordered pairs ⟨x, y⟩. In an unordered pair {x, y}, the order does not matter: {x, y} = {y,x}. In an ordered pair, it does: if x ≠ y , then ⟨x, y⟩ ≠ ⟨y,x⟩. How should we think about ordered pairs in set theory? Crucially, we want to preserve the idea that ordered pairs are identical iff they share the same first element and share the same second element, i.e.: ⟨a,b⟩ = ⟨c,d ⟩ iff both a = c and b = d . We can define ordered pairs in set theory using the WienerKuratowski definition. Definition A.23 (Ordered pair). ⟨a,b⟩ = {{a}, {a,b}}. Having fixed a definition of an ordered pair, we can use it to define further sets. For example, sometimes we also want ordered sequences of more than two objects, e.g., triples ⟨x, y, z ⟩, quadruples ⟨x, y, z,u⟩, and so on. We can think of triples as special ordered pairs, where the first element is itself an ordered pair: ⟨x, y, z ⟩ is ⟨⟨x, y⟩, z ⟩. The same is true for quadruples: ⟨x, y, z,u⟩ is ⟨⟨⟨x, y⟩, z ⟩,u⟩, and so on. In general, we talk of ordered n-tuples ⟨x1, . . . ,xn⟩. Certain sets of ordered pairs, or other ordered n-tuples, will be useful. 177 A.5. PAIRS, TUPLES, CARTESIAN PRODUCTS Definition A.24 (Cartesian product). Given sets A and B , their Cartesian product A × B is defined by A × B = {⟨x, y⟩ : x ∈ A and y ∈ B }. Example A.25. If A = {0,1}, and B = {1,a,b}, then their product is A × B = {⟨0,1⟩, ⟨0,a⟩, ⟨0,b⟩, ⟨1,1⟩, ⟨1,a⟩, ⟨1,b⟩}. Example A.26. If A is a set, the product of A with itself, A ×A, is also written A2. It is the set of all pairs ⟨x, y⟩ with x, y ∈ A. The set of all triples ⟨x, y, z ⟩ is A3, and so on. We can give a recursive definition: A1 = A Ak+1 = Ak × A Proposition A.27. If A has n elements and B has m elements, then A × B has n * m elements. Proof. For every element x in A, there are m elements of the form ⟨x, y⟩ ∈ A × B . Let Bx = {⟨x, y⟩ : y ∈ B }. Since whenever x1 ≠ x2, ⟨x1, y⟩ ≠ ⟨x2, y⟩, Bx1 ∩ Bx2 = ∅. But if A = {x1, . . . ,xn}, then A × B = Bx1 ∪ * * * ∪ Bxn , and so has n * m elements. To visualize this, arrange the elements of A × B in a grid: Bx1 = {⟨x1, y1⟩ ⟨x1, y2⟩ . . . ⟨x1, ym⟩} Bx2 = {⟨x2, y1⟩ ⟨x2, y2⟩ . . . ⟨x2, ym⟩} ... ... Bxn = {⟨xn, y1⟩ ⟨xn, y2⟩ . . . ⟨xn, ym⟩} Since the xi are all different, and the y j are all different, no two of the pairs in this grid are the same, and there are n *m of them.□ 178 APPENDIX A. SETS Example A.28. If A is a set, a word over A is any sequence of elements of A. A sequence can be thought of as an n-tuple of elements of A. For instance, if A = {a,b, c }, then the sequence "bac" can be thought of as the triple ⟨b,a, c⟩. Words, i.e., sequences of symbols, are of crucial importance in computer science. By convention, we count elements of A as sequences of length 1, and ∅ as the sequence of length 0. The set of all words over A then is A∗ = {∅} ∪ A ∪ A2 ∪ A3 ∪ . . . A.6 Russell's Paradox Extensionality licenses the notation {x : φ(x)}, for the set of x 's such that φ(x). However, all that extensionality really licenses is the following thought. If there is a set whose members are all and only the φ's, then there is only one such set. Otherwise put: having fixed some φ, the set {x : φ(x)} is unique, if it exists. But this conditional is important! Crucially, not every property lends itself to comprehension. That is, some properties do not define sets. If they all did, then we would run into outright contradictions. The most famous example of this is Russell's Paradox. Sets may be elements of other sets-for instance, the power set of a set A is made up of sets. And so it makes sense to ask or investigate whether a set is an element of another set. Can a set be a member of itself? Nothing about the idea of a set seems to rule this out. For instance, if all sets form a collection of objects, one might think that they can be collected into a single set-the set of all sets. And it, being a set, would be an element of the set of all sets. Russell's Paradox arises when we consider the property of not having itself as an element, of being non-self-membered. What if we suppose that there is a set of all sets that do not have themselves as an element? Does R = {x : x ∉ x} exist? It turns out that we can prove that it does not. 179 A.6. RUSSELL'S PARADOX Theorem A.29 (Russell's Paradox). There is no set R = {x : x ∉ x}. Proof. For reductio, suppose that R = {x : x ∉ x} exists. Then R ∈ R iff R ∉ R, since sets are extensional. But this is a contradicion. □ Let's run through the proof that no set R of non-selfmembered sets can exist more slowly. If R exists, it makes sense to ask if R ∈ R or not-it must be either ∈ R or ∉ R. Suppose the former is true, i.e., R ∈ R. R was defined as the set of all sets that are not elements of themselves, and so if R ∈ R, then R does not have this defining property of R. But only sets that have this property are in R, hence, R cannot be an element of R, i.e., R ∉ R. But R can't both be and not be an element of R, so we have a contradiction. Since the assumption that R ∈ R leads to a contradiction, we have R ∉ R. But this also leads to a contradiction! For if R ∉ R, it does have the defining property of R, and so would be an element of R just like all the other non-self-membered sets. And again, it can't both not be and be an element of R. How do we set up a set theory which avoids falling into Russell's Paradox, i.e., which avoids making the inconsistent claim that R = {x : x ∉ x} exists? Well, we would need to lay down axioms which give us very precise conditions for stating when sets exist (and when they don't). The set theory sketched in this chapter doesn't do this. It's genuinely naïve. It tells you only that sets obey extensionality and that, if you have some sets, you can form their union, intersection, etc. It is possible to develop set theory more rigorously than this. Problems Problem A.1. Prove that there is at most one empty set, i.e., show that if A and B are sets without elements, then A = B . 180 APPENDIX A. SETS Problem A.2. List all subsets of {a,b, c,d }. Problem A.3. Show that if A has n elements, then ℘(A) has 2n elements. Problem A.4. Prove that if A ⊆ B , then A ∪ B = B . Problem A.5. Prove rigorously that if A ⊆ B , then A ∩ B = A. Problem A.6. Show that if A is a set and A ∈ B , then A ⊆ ⋃︁ B . Problem A.7. Prove that if A ⊊ B , then B \ A ≠ ∅. Problem A.8. Using Definition A.23, prove that ⟨a,b⟩ = ⟨c,d ⟩ iff both a = c and b = d . Problem A.9. List all elements of {1,2,3}3. Problem A.10. Show, by induction on k , that for all k ≥ 1, if A has n elements, then Ak has nk elements. APPENDIX B Relations B.1 Relations as Sets In appendix A.3, we mentioned some important sets: N, Z, Q, R. You will no doubt remember some interesting relations between the elements of some of these sets. For instance, each of these sets has a completely standard order relation on it. There is also the relation is identical with that every object bears to itself and to no other thing. There are many more interesting relations that we'll encounter, and even more possible relations. Before we review them, though, we will start by pointing out that we can look at relations as a special sort of set. For this, recall two things from appendix A.5. First, recall the notion of a ordered pair : given a and b , we can form ⟨a,b⟩. Importantly, the order of elements does matter here. So if a ≠ b then ⟨a,b⟩ ≠ ⟨b,a⟩. (Contrast this with unordered pairs, i.e., 2element sets, where {a,b} = {b,a}.) Second, recall the notion of a Cartesian product: if A and B are sets, then we can form A × B , the set of all pairs ⟨x, y⟩ with x ∈ A and y ∈ B . In particular, A2 = A × A is the set of all ordered pairs from A. Now we will consider a particular relation on a set: the <relation on the set N of natural numbers. Consider the set of all pairs of numbers ⟨n,m⟩ where n < m, i.e., R = {⟨n,m⟩ : n,m ∈ N and n < m}. 181 182 APPENDIX B. RELATIONS There is a close connection between n being less than m, and the pair ⟨n,m⟩ being a member of R, namely: n < m iff ⟨n,m⟩ ∈ R . Indeed, without any loss of information, we can consider the set R to be the <-relation on N. In the same way we can construct a subset of N2 for any relation between numbers. Conversely, given any set of pairs of numbers S ⊆ N2, there is a corresponding relation between numbers, namely, the relationship n bears to m if and only if ⟨n,m⟩ ∈ S . This justifies the following definition: Definition B.1 (Binary relation). A binary relation on a set A is a subset of A2. If R ⊆ A2 is a binary relation on A and x, y ∈ A, we sometimes write Rxy (or xRy) for ⟨x, y⟩ ∈ R. Example B.2. The set N2 of pairs of natural numbers can be listed in a 2-dimensional matrix like this: ⟨0,0⟩ ⟨0,1⟩ ⟨0,2⟩ ⟨0,3⟩ . . . ⟨1,0⟩ ⟨1,1⟩ ⟨1,2⟩ ⟨1,3⟩ . . . ⟨2,0⟩ ⟨2,1⟩ ⟨2,2⟩ ⟨2,3⟩ . . . ⟨3,0⟩ ⟨3,1⟩ ⟨3,2⟩ ⟨3,3⟩ . . . ... ... ... ... . . . We have put the diagonal, here, in bold, since the subset of N2 consisting of the pairs lying on the diagonal, i.e., {⟨0,0⟩, ⟨1,1⟩, ⟨2,2⟩, . . . }, is the identity relation on N. (Since the identity relation is popular, let's define IdA = {⟨x,x⟩ : x ∈ X } for any set A.) The subset of all pairs lying above the diagonal, i.e., L = {⟨0,1⟩, ⟨0,2⟩, . . . , ⟨1,2⟩, ⟨1,3⟩, . . . , ⟨2,3⟩, ⟨2,4⟩, . . .}, 183 B.2. SPECIAL PROPERTIES OF RELATIONS is the less than relation, i.e., Lnm iff n < m. The subset of pairs below the diagonal, i.e., G = {⟨1,0⟩, ⟨2,0⟩, ⟨2,1⟩, ⟨3,0⟩, ⟨3,1⟩, ⟨3,2⟩, . . . }, is the greater than relation, i.e., Gnm iff n > m. The union of L with I , which we might call K = L ∪ I , is the less than or equal to relation: Knm iff n ≤ m. Similarly, H = G ∪ I is the greater than or equal to relation. These relations L, G , K , and H are special kinds of relations called orders. L and G have the property that no number bears L or G to itself (i.e., for all n, neither Lnn nor Gnn). Relations with this property are called irreflexive, and, if they also happen to be orders, they are called strict orders. Although orders and identity are important and natural relations, it should be emphasized that according to our definition any subset of A2 is a relation on A, regardless of how unnatural or contrived it seems. In particular, ∅ is a relation on any set (the empty relation, which no pair of elements bears), and A2 itself is a relation on A as well (one which every pair bears), called the universal relation. But also something like E = {⟨n,m⟩ : n > 5 or m × n ≥ 34} counts as a relation. B.2 Special Properties of Relations Some kinds of relations turn out to be so common that they have been given special names. For instance, ≤ and ⊆ both relate their respective domains (say, N in the case of ≤ and ℘(A) in the case of ⊆) in similar ways. To get at exactly how these relations are similar, and how they differ, we categorize them according to some special properties that relations can have. It turns out that (combinations of) some of these special properties are especially important: orders and equivalence relations. 184 APPENDIX B. RELATIONS Definition B.3 (Reflexivity). A relation R ⊆ A2 is reflexive iff, for every x ∈ A, Rxx . Definition B.4 (Transitivity). A relation R ⊆ A2 is transitive iff, whenever Rxy and Ryz , then also Rxz . Definition B.5 (Symmetry). A relation R ⊆ A2 is symmetric iff, whenever Rxy , then also Ryx . Definition B.6 (Anti-symmetry). A relation R ⊆ A2 is antisymmetric iff, whenever both Rxy and Ryx , then x = y (or, in other words: if x ≠ y then either ¬Rxy or ¬Ryx). In a symmetric relation, Rxy and Ryx always hold together, or neither holds. In an anti-symmetric relation, the only way for Rxy and Ryx to hold together is if x = y . Note that this does not require that Rxy and Ryx holds when x = y , only that it isn't ruled out. So an anti-symmetric relation can be reflexive, but it is not the case that every anti-symmetric relation is reflexive. Also note that being anti-symmetric and merely not being symmetric are different conditions. In fact, a relation can be both symmetric and anti-symmetric at the same time (e.g., the identity relation is). Definition B.7 (Connectivity). A relation R ⊆ A2 is connected if for all x, y ∈ X , if x ≠ y , then either Rxy or Ryx . 185 B.3. EQUIVALENCE RELATIONS Definition B.8 (Irreflexivity). A relation R ⊆ A2 is called irreflexive if, for all x ∈ A, not Rxx . Definition B.9 (Asymmetry). A relationR ⊆ A2 is called asymmetric if for no pair x, y ∈ A we have both Rxy and Ryx . Note that if A ≠ ∅, then no irreflexive relation on A is reflexive and every asymmetric relation on A is also anti-symmetric. However, there are R ⊆ A2 that are not reflexive and also not irreflexive, and there are anti-symmetric relations that are not asymmetric. B.3 Equivalence Relations The identity relation on a set is reflexive, symmetric, and transitive. Relations R that have all three of these properties are very common. Definition B.10 (Equivalence relation). A relation R ⊆ A2 that is reflexive, symmetric, and transitive is called an equivalence relation. Elements x and y of A are said to be R-equivalent if Rxy . Equivalence relations give rise to the notion of an equivalence class. An equivalence relation "chunks up" the domain into different partitions. Within each partition, all the objects are related to one another; and no objects from different partitions relate to one another. Sometimes, it's helpful just to talk about these partitions directly. To that end, we introduce a definition: Definition B.11. Let R ⊆ A2 be an equivalence relation. For each x ∈ A, the equivalence class of x in A is the set [x]R = {y ∈ A : Rxy}. The quotient of A under R is A/R= {[x]R : x ∈ A}, i.e., 186 APPENDIX B. RELATIONS the set of these equivalence classes. The next result vindicates the definition of an equivalence class, in proving that the equivalence classes are indeed the partitions of A: Proposition B.12. If R ⊆ A2 is an equivalence relation, then Rxy iff [x]R = [y]R . Proof. For the left-to-right direction, suppose Rxy , and let z ∈ [x]R . By definition, then, Rxz . Since R is an equivalence relation, Ryz . (Spelling this out: as Rxy and R is symmetric we have Ryx , and as Rxz and R is transitive we have Ryz .) So z ∈ [y]R . Generalising, [x]R ⊆ [y]R . But exactly similarly, [y]R ⊆ [x]R . So [x]R = [y]R , by extensionality. For the right-to-left direction, suppose [x]R = [y]R . Since R is reflexive, Ryy , so y ∈ [y]R . Thus also y ∈ [x]R by the assumption that [x]R = [y]R . So Rxy . □ Example B.13. A nice example of equivalence relations comes from modular arithmetic. For any a, b , and n ∈ N, say that a ≡n b iff dividing a by n gives remainder b . (Somewhat more symbolically: a ≡n b iff (∃k ∈ N)a − b = kn.) Now, ≡n is an equivalence relation, for any n. And there are exactly n distinct equivalence classes generated by ≡n ; that is, N/≡n has n elements. These are: the set of numbers divisible by n without remainder, i.e., [0]≡n ; the set of numbers divisible by n with remainder 1, i.e., [1]≡n ; . . . ; and the set of numbers divisible by n with remainder n − 1, i.e., [n − 1]≡n . B.4 Orders Many of our comparisons involve describing some objects as being "less than", "equal to", or "greater than" other objects, in a certain respect. These involve order relations. But there are different kinds of order relations. For instance, some require that any 187 B.4. ORDERS two objects be comparable, others don't. Some include identity (like ≤) and some exclude it (like <). It will help us to have a taxonomy here. Definition B.14 (Preorder). A relation which is both reflexive and transitive is called a preorder. Definition B.15 (Partial order). A preorder which is also antisymmetric is called a partial order. Definition B.16 (Linear order). A partial order which is also connected is called a total order or linear order. Every linear order is also a partial order, and every partial order is also a preorder, but the converses don't hold. Example B.17. Every linear order is also a partial order, and every partial order is also a preorder, but the converses don't hold. The universal relation onA is a preorder, since it is reflexive and transitive. But, if A has more than one element, the universal relation is not anti-symmetric, and so not a partial order. Example B.18. Consider the no longer than relation ≼ on B∗: x ≼ y iff len(x) ≤ len(y). This is a preorder (reflexive and transitive), and even connected, but not a partial order, since it is not anti-symmetric. For instance, 01 ≼ 10 and 10 ≼ 01, but 01 ≠ 10. Example B.19. An important partial order is the relation ⊆ on a set of sets. This is not in general a linear order, since if a ≠ b and we consider ℘({a,b}) = {∅, {a}, {b}, {a,b}}, we see that {a} ⊈ {b} and {a} ≠ {b} and {b} ⊈ {a}. Example B.20. The relation of divisibility without remainder gives us a partial order which isn't a linear order. For integers n, 188 APPENDIX B. RELATIONS m, we write n | m to mean n (evenly) divides m, i.e., iff there is some integer k so that m = kn. On N, this is a partial order, but not a linear order: for instance, 2 ∤ 3 and also 3 ∤ 2. Considered as a relation on Z, divisibility is only a preorder since it is not anti-symmetric: 1 | −1 and −1 | 1 but 1 ≠ −1. Definition B.21 (Strict order). A strict order is a relation which is irreflexive, asymmetric, and transitive. Definition B.22 (Strict linear order). A strict order which is also connected is called a strict linear order. Example B.23. ≤ is the linear order corresponding to the strict linear order <. ⊆ is the partial order corresponding to the strict order ⊊. Definition B.24 (Total order). A strict order which is also connected is called a total order. This is also sometimes called a strict linear order. Any strict order R on A can be turned into a partial order by adding the diagonal IdA, i.e., adding all the pairs ⟨x,x⟩. (This is called the reflexive closure of R.) Conversely, starting from a partial order, one can get a strict order by removing IdA. These next two results make this precise. Proposition B.25. If R is a strict order on A, then R+ = R ∪ IdA is a partial order. Moreover, if R is total, then R+ is a linear order. Proof. SupposeR is a strict order, i.e., R ⊆ A2 andR is irreflexive, asymmetric, and transitive. Let R+ = R ∪ IdA. We have to show that R+ is reflexive, antisymmetric, and transitive. R+ is clearly reflexive, since ⟨x,x⟩ ∈ IdA ⊆ R+ for all x ∈ A. 189 B.4. ORDERS To show R+ is antisymmetric, suppose for reductio that R+xy and R+yx but x ≠ y . Since ⟨x, y⟩ ∈ R ∪ IdX , but ⟨x, y⟩ ∉ IdX , we must have ⟨x, y⟩ ∈ R, i.e., Rxy . Similarly, Ryx . But this contradicts the assumption that R is asymmetric. To establish transitivity, suppose that R+xy and R+yz . If both ⟨x, y⟩ ∈ R and ⟨y, z ⟩ ∈ R, then ⟨x, z ⟩ ∈ R since R is transitive. Otherwise, either ⟨x, y⟩ ∈ IdX , i.e., x = y , or ⟨y, z ⟩ ∈ IdX , i.e., y = z . In the first case, we have that R+yz by assumption, x = y , hence R+xz . Similarly in the second case. In either case, R+xz , thus, R+ is also transitive. Concerning the "moreover" clause, supposeR is a total order, i.e., that R is connected. So for all x ≠ y , either Rxy or Ryx , i.e., either ⟨x, y⟩ ∈ R or ⟨y,x⟩ ∈ R. Since R ⊆ R+, this remains true of R+, so R+ is connected as well. □ Proposition B.26. If R is a partial order on X , then R− = R \ IdX is a strict order. Moreover, if R is linear, then R− is total. Proof. This is left as an exercise. □ Example B.27. ≤ is the linear order corresponding to the total order <. ⊆ is the partial order corresponding to the strict order⊊. The following simple result which establishes that total orders satisfy an extensionality-like property: Proposition B.28. If < totally orders A, then: (∀a,b ∈ A)((∀x ∈ A)(x < a↔ x < b) → a = b) Proof. Suppose (∀x ∈ A)(x < a ↔ x < b). If a < b , then a < a, contradicting the fact that < is irreflexive; so a ≮ b . Exactly similarly, b ≮ a. So a = b , as < is connected. □ 190 APPENDIX B. RELATIONS B.5 Graphs A graph is a diagram in which points-called "nodes" or "vertices" (plural of "vertex")-are connected by edges. Graphs are a ubiquitous tool in discrete mathematics and in computer science. They are incredibly useful for representing, and visualizing, relationships and structures, from concrete things like networks of various kinds to abstract structures such as the possible outcomes of decisions. There are many different kinds of graphs in the literature which differ, e.g., according to whether the edges are directed or not, have labels or not, whether there can be edges from a node to the same node, multiple edges between the same nodes, etc. Directed graphs have a special connection to relations. 191 B.5. GRAPHS Definition B.29 (Directed graph). A directed graph G = ⟨V,E⟩ is a set of vertices V and a set of edges E ⊆ V 2. According to our definition, a graph just is a set together with a relation on that set. Of course, when talking about graphs, it's only natural to expect that they are graphically represented: we can draw a graph by connecting two vertices v1 and v2 by an arrow iff ⟨v1,v2⟩ ∈ E . The only difference between a relation by itself and a graph is that a graph specifies the set of vertices, i.e., a graph may have isolated vertices. The important point, however, is that every relation R on a set X can be seen as a directed graph ⟨X ,R⟩, and conversely, a directed graph ⟨V,E⟩ can be seen as a relation E ⊆ V 2 with the set V explicitly specified. Example B.30. The graph ⟨V,E⟩ with V = {1,2,3,4} and E = {⟨1,1⟩, ⟨1,2⟩, ⟨1,3⟩, ⟨2,3⟩} looks like this: 1 2 3 4 This is a different graph than ⟨V ′,E⟩ with V ′ = {1,2,3}, which looks like this: 1 2 3 192 APPENDIX B. RELATIONS B.6 Operations on Relations It is often useful to modify or combine relations. In Proposition B.25, we considered the union of relations, which is just the union of two relations considered as sets of pairs. Similarly, in Proposition B.26, we considered the relative difference of relations. Here are some other operations we can perform on relations. Definition B.31. Let R, S be relations, and A be any set. The inverse of R is R−1 = {⟨y,x⟩ : ⟨x, y⟩ ∈ R}. The relative product of R and S is (R | S ) = {⟨x, z ⟩ : ∃y(Rxy ∧ S yz )}. The restriction of R to A is R↾A = R ∩ A 2. The application of R to A is R[A] = {y : (∃x ∈ A)Rxy} Example B.32. Let S ⊆ Z2 be the successor relation on Z, i.e., S = {⟨x, y⟩ ∈ Z2 : x + 1 = y}, so that Sxy iff x + 1 = y . S −1 is the predecessor relation on Z, i.e., {⟨x, y⟩ ∈ Z2 : x −1 = y}. S | S is {⟨x, y⟩ ∈ Z2 : x + 2 = y} S ↾N is the successor relation on N. S [{1,2,3}] is {2,3,4}. Definition B.33 (Transitive closure). Let R ⊆ A2 be a binary relation. The transitive closure of R is R+ = ⋃︁ 0<n∈NR n , where we recursively define R1 = R and Rn+1 = Rn | R. The reflexive transitive closure of R is R∗ = R+ ∪ IdX . Example B.34. Take the successor relation S ⊆ Z2. S 2xy iff x + 2 = y , S 3xy iff x + 3 = y , etc. So S +xy iff x + n = y for some n > 1. In other words, S +xy iff x < y , and S ∗xy iff x ≤ y . 193 B.6. OPERATIONS ON RELATIONS Problems Problem B.1. List the elements of the relation ⊆ on the set ℘({a,b, c }). Problem B.2. Give examples of relations that are (a) reflexive and symmetric but not transitive, (b) reflexive and antisymmetric, (c) anti-symmetric, transitive, but not reflexive, and (d) reflexive, symmetric, and transitive. Do not use relations on numbers or sets. Problem B.3. Show that ≡n is an equivalence relation, for any n ∈ N, and that N/≡n has exactly n members. Problem B.4. Give a proof of Proposition B.26. Problem B.5. Consider the less-than-or-equal-to relation ≤ on the set {1,2,3,4} as a graph and draw the corresponding diagram. Problem B.6. Show that the transitive closure of R is in fact transitive. APPENDIX C Syntax and Semantics C.1 Introduction Propositional logic deals with formulas that are built from propositional variables using the propositional connectives ¬, ∧, ∨, →, and ↔. Intuitively, a propositional variable p stands for a sentence or proposition that is true or false. Whenever the "truth value" of the propositional variable in a formula is determined, so is the truth value of any formulas formed from them using propositional connectives. We say that propositional logic is truth functional, because its semantics is given by functions of truth values. In particular, in propositional logic we leave out of consideration any further determination of truth and falsity, e.g., whether something is necessarily true rather than just contingently true, or whether something is known to be true, or whether something is true now rather than was true or will be true. We only consider two truth values true (T) and false (F), and so exclude from discussion the possibility that a statement may be neither true nor false, or only half true. We also concentrate only on connectives where the truth value of a formula built from them is completely determined by the truth values of its parts (and not, say, on its meaning). In particular, whether the truth value of conditionals 194 195 C.1. INTRODUCTION in English is truth functional in this sense is contentious. The material conditional → is; other logics deal with conditionals that are not truth functional. In order to develop the theory and metatheory of truthfunctional propositional logic, we must first define the syntax and semantics of its expressions. We will describe one way of constructing formulas from propositional variables using the connectives. Alternative definitions are possible. Other systems will chose different symbols, will select different sets of connectives as primitive, will use parentheses differently (or even not at all, as in the case of so-called Polish notation). What all approaches have in common, though, is that the formation rules define the set of formulas inductively. If done properly, every expression can result essentially in only one way according to the formation rules. The inductive definition resulting in expressions that are uniquely readable means we can give meanings to these expressions using the same method-inductive definition. Giving the meaning of expressions is the domain of semantics. The central concept in semantics for propositonal logic is that of satisfaction in a valuation. A valuation v assigns truth values T, F to the propositional variables. Any valuation determines a truth value v(A) for any formula A. A formula is satisfied in a valuation v iff v(A) = T-we write this as v ⊨ A. This relation can also be defined by induction on the structure of A, using the truth functions for the logical connectives to define, say, satisfaction of A ∧ B in terms of satisfaction (or not) of A and B . On the basis of the satisfaction relation v ⊨ A for sentences we can then define the basic semantic notions of tautology, entailment, and satisfiability. A formula is a tautology, ⊨ A, if every valuation satisfies it, i.e., v(A) = T for any v. It is entailed by a set of formulas, Γ ⊨ A, if every valuation that satisfies all the formulas in Γ also satisfies A. And a set of formulas is satisfiable if some valuation satisfies all formulas in it at the same time. Because formulas are inductively defined, and satisfaction is in turn defined by induction on the structure of formulas, we can use induction to prove properties of our semantics and to relate 196 APPENDIX C. SYNTAX AND SEMANTICS the semantic notions defined. C.2 Propositional Formulas Formulas of propositional logic are built up from propositional variables and the propositional constant⊥ using logical connectives. 1. A countably infinite set At0 of propositional variables p0, p1, . . . 2. The propositional constant for falsity ⊥. 3. The logical connectives: ¬ (negation), ∧ (conjunction), ∨ (disjunction), → (conditional) 4. Punctuation marks: (, ), and the comma. We denote this language of propositional logic by L0. In addition to the primitive connectives introduced above, we also use the following defined symbols: ↔ (biconditional), ⊤ (truth) A defined symbol is not officially part of the language, but is introduced as an informal abbreviation: it allows us to abbreviate formulas which would, if we only used primitive symbols, get quite long. This is obviously an advantage. The bigger advantage, however, is that proofs become shorter. If a symbol is primitive, it has to be treated separately in proofs. The more primitive symbols, therefore, the longer our proofs. You may be familiar with different terminology and symbols than the ones we use above. Logic texts (and teachers) commonly use either ∼, ¬, and ! for "negation", ∧, *, and& for "conjunction". Commonly used symbols for the "conditional" or "implication" are →, ⇒, and ⊃. Symbols for "biconditional," "bi-implication," or "(material) equivalence" are ↔, ⇔, and ≡. The ⊥ symbol is variously called "falsity," "falsum," "absurdity," or "bottom." The ⊤ symbol is variously called "truth," "verum," or "top." 197 C.2. PROPOSITIONAL FORMULAS Definition C.1 (Formula). The set Frm(L0) of formulas of propositional logic is defined inductively as follows: 1. ⊥ is an atomic formula. 2. Every propositional variable pi is an atomic formula. 3. If A is a formula, then ¬A is formula. 4. If A and B are formulas, then (A ∧ B) is a formula. 5. If A and B are formulas, then (A ∨ B) is a formula. 6. If A and B are formulas, then (A→ B) is a formula. 7. Nothing else is a formula. The definition of formulas is an inductive definition. Essentially, we construct the set of formulas in infinitely many stages. In the initial stage, we pronounce all atomic formulas to be formulas; this corresponds to the first few cases of the definition, i.e., the cases for ⊥, pi . "Atomic formula" thus means any formula of this form. The other cases of the definition give rules for constructing new formulas out of formulas already constructed. At the second stage, we can use them to construct formulas out of atomic formulas. At the third stage, we construct new formulas from the atomic formulas and those obtained in the second stage, and so on. A formula is anything that is eventually constructed at such a stage, and nothing else. Definition C.2. Formulas constructed using the defined operators are to be understood as follows: 1. ⊤ abbreviates ¬⊥. 2. A↔ B abbreviates (A→ B) ∧ (B → A). 198 APPENDIX C. SYNTAX AND SEMANTICS Definition C.3 (Syntactic identity). The symbol ≡ expresses syntactic identity between strings of symbols, i.e., A ≡ B iff A and B are strings of symbols of the same length and which contain the same symbol in each place. The ≡ symbol may be flanked by strings obtained by concatenation, e.g., A ≡ (B ∨ C ) means: the string of symbols A is the same string as the one obtained by concatenating an opening parenthesis, the string B , the ∨ symbol, the string C , and a closing parenthesis, in this order. If this is the case, then we know that the first symbol of A is an opening parenthesis, A contains B as a substring (starting at the second symbol), that substring is followed by ∨, etc. C.3 Preliminaries Theorem C.4 (Principle of induction on formulas). If some property P holds for all the atomic formulas and is such that 1. it holds for ¬A whenever it holds for A; 2. it holds for (A ∧ B) whenever it holds for A and B ; 3. it holds for (A ∨ B) whenever it holds for A and B ; 4. it holds for (A→ B) whenever it holds for A and B ; then P holds for all formulas. Proof. Let S be the collection of all formulas with property P . Clearly S ⊆ Frm(L0). S satisfies all the conditions of Definition C.1: it contains all atomic formulas and is closed under the logical operators. Frm(L0) is the smallest such class, so Frm(L0) ⊆ S . So Frm(L0) = S , and every formula has property P . □ 199 C.3. PRELIMINARIES Proposition C.5. Any formula in Frm(L0) is balanced, in that it has as many left parentheses as right ones. Proposition C.6. No proper initial segment of a formula is a formula. Proposition C.7 (Unique Readability). Any formula A in Frm(L0) has exactly one parsing as one of the following 1. ⊥. 2. pn for some pn ∈ At0. 3. ¬B for some formula B . 4. (B ∧C ) for some formulas B and C . 5. (B ∨C ) for some formulas B and C . 6. (B →C ) for some formulas B and C . Moreover, this parsing is unique. Proof. By induction on A. For instance, suppose that A has two distinct readings as (B→C ) and (B ′→C ′). Then B and B ′ must be the same (or else one would be a proper initial segment of the other); so if the two readings of A are distinct it must be because C and C ′ are distinct readings of the same sequence of symbols, which is impossible by the inductive hypothesis. □ Definition C.8 (Uniform Substitution). If A and B are formulas, and pi is a propositional variable, then A[B/pi ] denotes the result of replacing each occurrence of pi by an occurrence of B in A; similarly, the simultaneous substitution of p1, . . . , pn by formulas B1, . . . , Bn is denoted by A[B1/p1, . . . ,Bn/pn]. 200 APPENDIX C. SYNTAX AND SEMANTICS C.4 Valuations and Satisfaction Definition C.9 (Valuations). Let {T,F} be the set of the two truth values, "true" and "false." A valuation for L0 is a function v assigning either T or F to the propositional variables of the language, i.e., v : At0 → {T,F}. Definition C.10. Given a valuation v, define the evaluation function v : Frm(L0) → {T,F} inductively by: v(⊥) = F; v(pn) = v(pn); v(¬A) = {︄ T if v(A) = F; F otherwise. v(A ∧ B) = {︄ T if v(A) = T and v(B) = T; F if v(A) = F or v(B) = F. v(A ∨ B) = {︄ T if v(A) = T or v(B) = T; F if v(A) = F and v(B) = F. v(A→ B) = {︄ T if v(A) = F or v(B) = T; F if v(A) = T and v(B) = F. The clauses correspond to the following truth tables: A ¬A T F F T A B A ∧ B T T T T F F F T F F F F A B A ∨ B T T T T F T F T T F F F 201 C.4. VALUATIONS AND SATISFACTION A B A→ B T T T T F F F T T F F T Theorem C.11 (Local Determination). Suppose that v1 and v2 are valuations that agree on the propositional letters occurring in A, i.e., v1(pn) = v2(pn) whenever pn occurs in some formula A. Then v1 and v2 also agree on A, i.e., v1(A) = v2(A). Proof. By induction on A. □ Definition C.12 (Satisfaction). Using the evaluation function, we can define the notion of satisfaction of a formula A by a valuation v, v ⊨ A, inductively as follows. (We write v ⊭ A to mean "not v ⊨ A.") 1. A ≡ ⊥: v ⊭ A. 2. A ≡ pi : v ⊨ A iff v(pi ) = T. 3. A ≡ ¬B : v ⊨ A iff v ⊭ B . 4. A ≡ (B ∧C ): v ⊨ A iff v ⊨ B and v ⊨ C . 5. A ≡ (B ∨C ): v ⊨ A iff v ⊨ A or v ⊨ B (or both). 6. A ≡ (B →C ): v ⊨ A iff v ⊭ B or v ⊨ C (or both). If Γ is a set of formulas, v ⊨ Γ iff v ⊨ A for every A ∈ Γ . Proposition C.13. v ⊨ A iff v(A) = T. Proof. By induction on A. □ 202 APPENDIX C. SYNTAX AND SEMANTICS C.5 Semantic Notions We define the following semantic notions: Definition C.14. 1. A formula A is satisfiable if for some v, v ⊨ A; it is unsatisfiable if for no v, v ⊨ A; 2. A formula A is a tautology if v ⊨ A for all valuations v ; 3. A formula A is contingent if it is satisfiable but not a tautology; 4. If Γ is a set of formulas, Γ ⊨ A ("Γ entails A") if and only if v ⊨ A for every valuation v for which v ⊨ Γ . 5. If Γ is a set of formulas, Γ is satisfiable if there is a valuation v for which v ⊨ Γ , and Γ is unsatisfiable otherwise. Proposition C.15. 1. A is a tautology if and only if ∅ ⊨ A; 2. If Γ ⊨ A and Γ ⊨ A→ B then Γ ⊨ B ; 3. If Γ is satisfiable then every finite subset of Γ is also satisfiable; 4. Monotony: if Γ ⊆ ∆ and Γ ⊨ A then also ∆ ⊨ A; 5. Transitivity: if Γ ⊨ A and ∆ ∪ {A} ⊨ B then Γ ∪ ∆ ⊨ B ; Proof. Exercise. □ Proposition C.16. Γ ⊨ A if and only if Γ ∪ {¬A} is unsatisfiable; Proof. Exercise. □ Theorem C.17 (Semantic Deduction Theorem). Γ ⊨ A→ B if and only if Γ ∪ {A} ⊨ B . Proof. Exercise. □ 203 C.5. SEMANTIC NOTIONS Problems Problem C.1. Prove Proposition C.5 Problem C.2. Prove Proposition C.6 Problem C.3. Give a mathematically rigorous definition of A[B/p] by induction. Problem C.4. Prove Proposition C.13 Problem C.5. Prove Proposition C.15 Problem C.6. Prove Proposition C.16 Problem C.7. Prove Theorem C.17 APPENDIX D Axiomatic Derivations D.1 Introduction Logics commonly have both a semantics and a derivation system. The semantics concerns concepts such as truth, satisfiability, validity, and entailment. The purpose of derivation systems is to provide a purely syntactic method of establishing entailment and validity. They are purely syntactic in the sense that a derivation in such a system is a finite syntactic object, usually a sequence (or other finite arrangement) of sentences or formulas. Good derivation systems have the property that any given sequence or arrangement of sentences or formulas can be verified mechanically to be "correct." The simplest (and historically first) derivation systems for first-order logic were axiomatic. A sequence of formulas counts as a derivation in such a system if each individual formula in it is either among a fixed set of "axioms" or follows from formulas coming before it in the sequence by one of a fixed number of "inference rules"-and it can be mechanically verified if a formula is an axiom and whether it follows correctly from other formulas by one of the inference rules. Axiomatic proof systems are easy to describe-and also easy to handle meta-theoretically- 204 205 D.1. INTRODUCTION but derivations in them are hard to read and understand, and are also hard to produce. Other derivation systems have been developed with the aim of making it easier to construct derivations or easier to understand derivations once they are complete. Examples are natural deduction, truth trees, also known as tableaux proofs, and the sequent calculus. Some derivation systems are designed especially with mechanization in mind, e.g., the resolution method is easy to implement in software (but its derivations are essentially impossible to understand). Most of these other proof systems represent derivations as trees of formulas rather than sequences. This makes it easier to see which parts of a derivation depend on which other parts. So for a given logic, such as first-order logic, the different derivation systems will give different explications of what it is for a sentence to be a theorem and what it means for a sentence to be derivable from some others. However that is done (via axiomatic derivations, natural deductions, sequent derivations, truth trees, resolution refutations), we want these relations to match the semantic notions of validity and entailment. Let's write ⊢ A for "A is a theorem" and "Γ ⊢ A" for "A is derivable from Γ ." However ⊢ is defined, we want it to match up with ⊨, that is: 1. ⊢ A if and only if ⊨ A 2. Γ ⊢ A if and only if Γ ⊨ A The "only if" direction of the above is called soundness. A derivation system is sound if derivability guarantees entailment (or validity). Every decent derivation system has to be sound; unsound derivation systems are not useful at all. After all, the entire purpose of a derivation is to provide a syntactic guarantee of validity or entailment. We'll prove soundness for the derivation systems we present. The converse "if" direction is also important: it is called completeness. A complete derivation system is strong enough to show 206 APPENDIX D. AXIOMATIC DERIVATIONS that A is a theorem whenever A is valid, and that Γ ⊢ A whenever Γ ⊨ A. Completeness is harder to establish, and some logics have no complete derivation systems. First-order logic does. Kurt Gödel was the first one to prove completeness for a derivation system of first-order logic in his 1929 dissertation. Another concept that is connected to derivation systems is that of consistency. A set of sentences is called inconsistent if anything whatsoever can be derived from it, and consistent otherwise. Inconsistency is the syntactic counterpart to unsatisfiablity: like unsatisfiable sets, inconsistent sets of sentences do not make good theories, they are defective in a fundamental way. Consistent sets of sentences may not be true or useful, but at least they pass that minimal threshold of logical usefulness. For different derivation systems the specific definition of consistency of sets of sentences might differ, but like ⊢, we want consistency to coincide with its semantic counterpart, satisfiability. We want it to always be the case that Γ is consistent if and only if it is satisfiable. Here, the "if" direction amounts to completeness (consistency guarantees satisfiability), and the "only if" direction amounts to soundness (satisfiability guarantees consistency). In fact, for classical first-order logic, the two versions of soundness and completeness are equivalent. D.2 Axiomatic Derivations Axiomatic derivations are the oldest and simplest logical derivation systems. Its derivations are simply sequences of sentences. A sequence of sentences conunts as a correct derivation if every sentence A in it satisfies one of the following conditions: 1. A is an axiom, or 2. A is an element of a given set Γ of sentences, or 3. A is justified by a rule of inference. 207 D.2. AXIOMATIC DERIVATIONS To be an axiom, A has to have the form of on of a number of fixed sentence schemas. There are many sets of axiom schemas that provide a satisfactory (sound and complete) derivation system for first-order logic. Some are organized according to the connectives they govern, e.g., the schemas A→ (B → A) B → (B ∨C ) (B ∧C ) → B are common axioms that govern →, ∨ and ∧. Some axiom systems aim at a minimal number of axioms. Depending on the connectives that are taken as primitives, it is even possible to find axiom systems that consist of a single axiom. A rule of inference is a conditional statement that gives a sufficient condition for a sentence in a derivation to be justified. Modus ponens is one very common such rule: it says that if A and A→ B are already justified, then B is justified. This means that a line in a derivation containing the sentence B is justified, provided that both A and A→ B (for some sentence A) appear in the derivation before B . The ⊢ relation based on axiomatic derivations is defined as follows: Γ ⊢ A iff there is a derivation with the sentence A as its last formula (and Γ is taken as the set of sentences in that derivation which are justified by (2) above). A is a theorem if A has a derivation where Γ is empty, i.e., every sentence in the derivation is justfied either by (1) or (3). For instance, here is a derivation that shows that ⊢ A→ (B → (B ∨ A)): 1. B → (B ∨ A) 2. (B → (B ∨ A)) → (A→ (B → (B ∨ A))) 3. A→ (B → (B ∨ A)) The sentence on line 1 is of the form of the axiom A→ (A ∨ B) (with the roles of A and B reversed). The sentence on line 2 is of the form of the axiom A→(B→A). Thus, both lines are justified. Line 3 is justified by modus ponens: if we abbreviate it as D , then line 2 has the form C →D , where C is B → (B ∨ A), i.e., line 1. 208 APPENDIX D. AXIOMATIC DERIVATIONS A set Γ is inconsistent if Γ ⊢ ⊥. A complete axiom system will also prove that ⊥→ A for any A, and so if Γ is inconsistent, then Γ ⊢ A for any A. Systems of axiomatic derivations for logic were first given by Gottlob Frege in his 1879 Begriffsschrift, which for this reason is often considered the first work of modern logic. They were perfected in Alfred North Whitehead and Bertrand Russell's Principia Mathematica and by David Hilbert and his students in the 1920s. They are thus often called "Frege systems" or "Hilbert systems." They are very versatile in that it is often easy to find an axiomatic system for a logic. Because derivations have a very simple structure and only one or two inference rules, it is also relatively easy to prove things about them. However, they are very hard to use in practice, i.e., it is difficult to find and write proofs. D.3 Rules and Derivations Axiomatic derivations are perhaps the simplest proof system for logic. A derivation is just a sequence of formulas. To count as a derivation, every formula in the sequence must either be an instance of an axiom, or must follow from one or more formulas that precede it in the sequence by a rule of inference. A derivation derives its last formula. Definition D.1 (Derivability). If Γ is a set of formulas of L then a derivation from Γ is a finite sequenceA1, . . . ,An of formulas where for each i ≤ n one of the following holds: 1. Ai ∈ Γ ; or 2. Ai is an axiom; or 3. Ai follows from some A j (and Ak ) with j < i (and k < i) by a rule of inference. What counts as a correct derivation depends on which inference rules we allow (and of course what we take to be axioms). 209 D.3. RULES AND DERIVATIONS And an inference rule is an if-then statement that tells us that, under certain conditions, a step Ai in is a correct inference step. Definition D.2 (Rule of inference). A rule of inference gives a sufficient condition for what counts as a correct inference step in a derivation from Γ . For instance, since any one-element sequence A with A ∈ Γ trivially counts as a derivation, the following might be a very simple rule of inference: If A ∈ Γ , then A is always a correct inference step in any derivation from Γ . Similarly, if A is one of the axioms, then A by itself is a derivation, and so this is also a rule of inference: If A is an axiom, then A is a correct inference step. It gets more interesting if the rule of inference appeals to formulas that appear before the step considered. The following rule is called modus ponens: If B → A and B occur higher up in the derivation, then A is a correct inference step. If this is the only rule of inference, then our definition of derivation above amounts to this: A1, . . . , An is a derivation iff for each i ≤ n one of the following holds: 1. Ai ∈ Γ ; or 2. Ai is an axiom; or 3. for some j < i , A j is B → Ai , and for some k < i , Ak is B . The last clause says that Ai follows from A j (B) and Ak (B→Ai ) by modus ponens. If we can go from 1 to n, and each time we find a formula Ai that is either in Γ , an axiom, or which a rule of inference tells us that it is a correct inference step, then the entire sequence counts as a correct derivation. 210 APPENDIX D. AXIOMATIC DERIVATIONS Definition D.3 (Derivability). A formulaA is derivable from Γ , written Γ ⊢ A, if there is a derivation from Γ ending in A. Definition D.4 (Theorems). A formula A is a theorem if there is a derivation of A from the empty set. We write ⊢ A if A is a theorem and ⊬ A if it is not. D.4 Axiom and Rules for the Propositional Connectives Definition D.5 (Axioms). The set of Ax0 of axioms for the propositional connectives comprises all formulas of the following forms: (A ∧ B) → A (D.1) (A ∧ B) → B (D.2) A→ (B → (A ∧ B)) (D.3) A→ (A ∨ B) (D.4) A→ (B ∨ A) (D.5) (A→C ) → ((B →C ) → ((A ∨ B) →C )) (D.6) A→ (B → A) (D.7) (A→ (B →C )) → ((A→ B) → (A→C )) (D.8) (A→ B) → ((A→¬B) → ¬A) (D.9) ¬A→ (A→ B) (D.10) ⊤ (D.11) ⊥→ A (D.12) (A→⊥)→ ¬A (D.13) ¬¬A→ A (D.14) 211 D.5. EXAMPLES OF DERIVATIONS Definition D.6 (Modus ponens). If B and B→A already occur in a derivation, then A is a correct inference step. We'll abbreviate the rule modus ponens as "mp." D.5 Examples of Derivations Example D.7. Suppose we want to prove (¬D ∨ E) → (D → E). Clearly, this is not an instance of any of our axioms, so we have to use the mp rule to derive it. Our only rule is MP, which given A and A→B allows us to justify B . One strategy would be to use eq. (D.6) with A being ¬D , B being E, and C being D → E, i.e., the instance (¬D → (D → E)) → ((E → (D → E)) → ((¬D ∨ E) → (D → E))). Why? Two applications of MP yield the last part, which is what we want. And we easily see that ¬D→(D→E) is an instance of eq. (D.10), and E → (D → E) is an instance of eq. (D.7). So our derivation is: 1. ¬D → (D → E) eq. (D.7) 2. (¬D → (D → E)) → ((E → (D → E)) → ((¬D ∨ E) → (D → E))) eq. (D.6) 3. ((E → (D → E)) → ((¬D ∨ E) → (D → E)) 1, 2, mp 4. E → (D → E) eq. (D.7) 5. (¬D ∨ E) → (D → E) 3, 4, mp Example D.8. Let's try to find a derivation ofD→D . It is not an instance of an axiom, so we have to use mp to derive it. eq. (D.7) is an axiom of the form A→ B to which we could apply mp. To be useful, of course, the B which mp would justify as a correct step in this case would have to be D → D , since this is what we want to derive. That means A would also have to be D , i.e., we might look at this instance of eq. (D.7): D → (D →D) 212 APPENDIX D. AXIOMATIC DERIVATIONS In order to apply mp, we would also need to justify the corresponding second premise, namely A. But in our case, that would be D , and we won't be able to derive D by itself. So we need a different strategy. The other axiom involving just → is eq. (D.8), i.e., (A→ (B →C )) → ((A→ B) → (A→C )) We could get to the last nested conditional by applying mp twice. Again, that would mean that we want an instance of eq. (D.8) where A → C is D → D , the formula we are aiming for. Then of course, A and C are both D . How should we pick B so that both A→(B→C ) and A→B , i.e., in our case D→(B→D) and D → B , are also derivable? Well, the first of these is already an instance of eq. (D.7), whatever we decide B to be. And D → B would be another instance of eq. (D.7) if B were (D → D). So, our derivation is: 1. D → ((D →D) →D) eq. (D.7) 2. (D → ((D →D) →D)) → ((D → (D →D)) → (D →D)) eq. (D.8) 3. (D → (D →D)) → (D →D) 1, 2, mp 4. D → (D →D) eq. (D.7) 5. D →D 3, 4, mp Example D.9. Sometimes we want to show that there is a derivation of some formula from some other formulas Γ . For instance, let's show that we can derive A→C from Γ = {A→ B,B →C }. 1. A→ B Hyp 2. B →C Hyp 3. (B →C ) → (A→ (B →C )) eq. (D.7) 4. A→ (B →C ) 2, 3, mp 5. (A→ (B →C )) → ((A→ B) → (A→C )) eq. (D.8) 6. ((A→ B) → (A→C )) 4, 5, mp 7. A→C 1, 6, mp 213 D.6. PROOF-THEORETIC NOTIONS The lines labelled "Hyp" (for "hypothesis") indicate that the formula on that line is an element of Γ . Proposition D.10. If Γ ⊢ A→B and Γ ⊢ B→C , then Γ ⊢ A→C Proof. Suppose Γ ⊢ A→B and Γ ⊢ B→C . Then there is a derivation of A→B from Γ ; and a derivation of B→C from Γ as well. Combine these into a single derivation by concatenating them. Now add lines 3–7 of the derivation in the preceding example. This is a derivation of A→ C-which is the last line of the new derivation-from Γ . Note that the justifications of lines 4 and 7 remain valid if the reference to line number 2 is replaced by reference to the last line of the derivation of A→ B , and reference to line number 1 by reference to the last line of the derivation of B →C . □ D.6 Proof-Theoretic Notions Just as we've defined a number of important semantic notions (tautology, entailment, satisfiabilty), we now define corresponding proof-theoretic notions. These are not defined by appeal to satisfaction of sentences in structures, but by appeal to the derivability or non-derivability of certain formulas. It was an important discovery that these notions coincide. That they do is the content of the soundness and completeness theorems. Definition D.11 (Derivability). A formula A is derivable from Γ , written Γ ⊢ A, if there is a derivation from Γ ending in A. Definition D.12 (Theorems). A formula A is a theorem if there is a derivation of A from the empty set. We write ⊢ A if A is a theorem and ⊬ A if it is not. 214 APPENDIX D. AXIOMATIC DERIVATIONS Definition D.13 (Consistency). A set Γ of formulas is consistent if and only if Γ ⊬ ⊥; it is inconsistent otherwise. Proposition D.14 (Reflexivity). If A ∈ Γ , then Γ ⊢ A. Proof. The formula A by itself is a derivation of A from Γ . □ Proposition D.15 (Monotony). If Γ ⊆ ∆ and Γ ⊢ A, then ∆ ⊢ A. Proof. Any derivation of A from Γ is also a derivation of A from ∆. □ Proposition D.16 (Transitivity). If Γ ⊢ A and {A}∪∆ ⊢ B , then Γ ∪ ∆ ⊢ B . Proof. Suppose {A} ∪ ∆ ⊢ B . Then there is a derivation B1, . . . , Bl = B from {A} ∪ ∆. Some of the steps in that derivation will be correct because of a rule which refers to a prior line Bi = A. By hypothesis, there is a derivation of A from Γ , i.e., a derivation A1, . . . , Ak = A where every Ai is an axiom, an element of Γ , or correct by a rule of inference. Now consider the sequence A1, . . . ,Ak = A,B1, . . . ,Bl = B . This is a correct derivation of B from Γ ∪ ∆ since every Bi = A is now justified by the same rule which justifies Ak = A. □ Note that this means that in particular if Γ ⊢ A and A ⊢ B , then Γ ⊢ B . It follows also that if A1, . . . ,An ⊢ B and Γ ⊢ Ai for each i , then Γ ⊢ B . Proposition D.17. Γ is inconsistent iff Γ ⊢ A for every A. Proof. Exercise. □ 215 D.7. THE DEDUCTION THEOREM Proposition D.18 (Compactness). 1. If Γ ⊢ A then there is a finite subset Γ0 ⊆ Γ such that Γ0 ⊢ A. 2. If every finite subset of Γ is consistent, then Γ is consistent. Proof. 1. If Γ ⊢ A, then there is a finite sequence of formulas A1, . . . , An so that A ≡ An and each Ai is either a logical axiom, an element of Γ or follows from previous formulas by modus ponens. Take Γ0 to be those Ai which are in Γ . Then the derivation is likewise a derivation from Γ0, and so Γ0 ⊢ A. 2. This is the contrapositive of (1) for the special case A ≡ ⊥. □ D.7 The Deduction Theorem As we've seen, giving derivations in an axiomatic system is cumbersome, and derivations may be hard to find. Rather than actually write out long lists of formulas, it is generally easier to argue that such derivations exist, by making use of a few simple results. We've already established three such results: Proposition D.14 says we can always assert that Γ ⊢ A when we know that A ∈ Γ . Proposition D.15 says that if Γ ⊢ A then also Γ ∪ {B } ⊢ A. And Proposition D.16 implies that if Γ ⊢ A and A ⊢ B , then Γ ⊢ B . Here's another simple result, a "meta"-version of modus ponens: Proposition D.19. If Γ ⊢ A and Γ ⊢ A→ B , then Γ ⊢ B . Proof. We have that {A,A→ B } ⊢ B : 1. A Hyp. 2. A→ B Hyp. 3. B 1, 2, MP By Proposition D.16, Γ ⊢ B . □ 216 APPENDIX D. AXIOMATIC DERIVATIONS The most important result we'll use in this context is the deduction theorem: Theorem D.20 (Deduction Theorem). Γ∪{A} ⊢ B if and only if Γ ⊢ A→ B . Proof. The "if" direction is immediate. If Γ ⊢ A → B then also Γ ∪ {A} ⊢ A → B by Proposition D.15. Also, Γ ∪ {A} ⊢ A by Proposition D.14. So, by Proposition D.19, Γ ∪ {A} ⊢ B . For the "only if" direction, we proceed by induction on the length of the derivation of B from Γ ∪ {A}. For the induction basis, we prove the claim for every derivation of length 1. A derivation of B from Γ ∪ {A} of length 1 consists of B by itself; and if it is correct B is either ∈ Γ ∪ {A} or is an axiom. If B ∈ Γ or is an axiom, then Γ ⊢ B . We also have that Γ ⊢ B → (A→ B) by eq. (D.7), and Proposition D.19 gives Γ ⊢ A→ B . If B ∈ {A} then Γ ⊢ A→ B because then last sentence A→ B is the same as A→ A, and we have derived that in Example D.8. For the inductive step, suppose a derivation of B from Γ∪{A} ends with a step B which is justified by modus ponens. (If it is not justified by modus ponens, B ∈ Γ , B ≡ A, or B is an axiom, and the same reasoning as in the induction basis applies.) Then some previous steps in the derivation are C→B and C , for some formula C , i.e., Γ ∪ {A} ⊢ C → B and Γ ∪ {A} ⊢ C , and the respective derivations are shorter, so the inductive hypothesis applies to them. We thus have both: Γ ⊢ A→ (C → B); Γ ⊢ A→C . But also Γ ⊢ (A→ (C → B)) → ((A→C ) → (A→ B)), by eq. (D.8), and two applications of Proposition D.19 give Γ ⊢ A→ B , as required. □ 217 D.8. DERIVABILITY AND CONSISTENCY Notice how eq. (D.7) and eq. (D.8) were chosen precisely so that the Deduction Theorem would hold. The following are some useful facts about derivability, which we leave as exercises. Proposition D.21. 1. ⊢ (A→ B) → ((B →C ) → (A→C ); 2. If Γ ∪ {¬A} ⊢ ¬B then Γ ∪ {B } ⊢ A (Contraposition); 3. {A,¬A} ⊢ B (Ex Falso Quodlibet, Explosion); 4. {¬¬A} ⊢ A (Double Negation Elimination); 5. If Γ ⊢ ¬¬A then Γ ⊢ A; D.8 Derivability and Consistency We will now establish a number of properties of the derivability relation. They are independently interesting, but each will play a role in the proof of the completeness theorem. Proposition D.22. If Γ ⊢ A and Γ ∪ {A} is inconsistent, then Γ is inconsistent. Proof. If Γ ∪ {A} is inconsistent, then Γ ∪ {A} ⊢ ⊥. By Proposition D.14, Γ ⊢ B for every B ∈ Γ . Since also Γ ⊢ A by hypothesis, Γ ⊢ B for every B ∈ Γ ∪ {A}. By Proposition D.16, Γ ⊢ ⊥, i.e., Γ is inconsistent. □ Proposition D.23. Γ ⊢ A iff Γ ∪ {¬A} is inconsistent. Proof. First suppose Γ ⊢ A. Then Γ ∪ {¬A} ⊢ A by Proposition D.15. Γ ∪ {¬A} ⊢ ¬A by Proposition D.14. We also have ⊢ ¬A→ (A→⊥) by eq. (D.10). So by two applications of Proposition D.19, we have Γ ∪ {¬A} ⊢ ⊥. Now assume Γ ∪ {¬A} is inconsistent, i.e., Γ ∪ {¬A} ⊢ ⊥. By the deduction theorem, Γ ⊢ ¬A→⊥. Γ ⊢ (¬A→⊥) → ¬¬A by 218 APPENDIX D. AXIOMATIC DERIVATIONS eq. (D.13), so Γ ⊢ ¬¬A by Proposition D.19. Since Γ ⊢ ¬¬A→A (eq. (D.14)), we have Γ ⊢ A by Proposition D.19 again. □ Proposition D.24. If Γ ⊢ A and ¬A ∈ Γ , then Γ is inconsistent. Proof. Γ ⊢ ¬A→(A→⊥) by eq. (D.10). Γ ⊢ ⊥ by two applications of Proposition D.19. □ Proposition D.25. If Γ ∪ {A} and Γ ∪ {¬A} are both inconsistent, then Γ is inconsistent. Proof. Exercise. □ D.9 Derivability and the Propositional Connectives Proposition D.26. 1. Both A ∧ B ⊢ A and A ∧ B ⊢ B 2. A,B ⊢ A ∧ B . Proof. 1. From eq. (D.1) and eq. (D.1) by modus ponens. 2. From eq. (D.3) by two applications of modus ponens. □ Proposition D.27. 1. A ∨ B,¬A,¬B is inconsistent. 2. Both A ⊢ A ∨ B and B ⊢ A ∨ B . Proof. 1. From eq. (D.9) we get ⊢ ¬A→ (A→⊥) and ⊢ ¬A→ (A → ⊥). So by the deduction theorem, we have {¬A} ⊢ A→⊥ and {¬B } ⊢ B→⊥. From eq. (D.6) we get {¬A,¬B } ⊢ (A∨B)→⊥. By the deduction theorem, {A∨B,¬A,¬B } ⊢ ⊥. 2. From eq. (D.4) and eq. (D.5) by modus ponsens. □ 219 D.10. SOUNDNESS Proposition D.28. 1. A,A→ B ⊢ B . 2. Both ¬A ⊢ A→ B and B ⊢ A→ B . Proof. 1. We can derive: 1. A Hyp 2. A→ B Hyp 3. B 1, 2, mp 2. By eq. (D.10) and eq. (D.7) and the deduction theorem, respectively. □ D.10 Soundness A derivation system, such as axiomatic deduction, is sound if it cannot derive things that do not actually hold. Soundness is thus a kind of guaranteed safety property for derivation systems. Depending on which proof theoretic property is in question, we would like to know for instance, that 1. every derivable A is valid; 2. if A is derivable from some others Γ , it is also a consequence of them; 3. if a set of formulas Γ is inconsistent, it is unsatisfiable. These are important properties of a derivation system. If any of them do not hold, the derivation system is deficient-it would derive too much. Consequently, establishing the soundness of a derivation system is of the utmost importance. 220 APPENDIX D. AXIOMATIC DERIVATIONS Proposition D.29. If A is an axiom, then v ⊨ A for each valuation v. Proof. Do truth tables for each axiom to verify that they are tautologies. □ Theorem D.30 (Soundness). If Γ ⊢ A then Γ ⊨ A. Proof. By induction on the length of the derivation of A from Γ . If there are no steps justified by inferences, then all formulas in the derivation are either instances of axioms or are in Γ . By the previous proposition, all the axioms are tautologies, and hence if A is an axiom then Γ ⊨ A. If A ∈ Γ , then trivially Γ ⊨ A. If the last step of the derivation of A is justified by modus ponens, then there are formulas B and B → A in the derivation, and the induction hypothesis applies to the part of the derivation ending in those formulas (since they contain at least one fewer steps justified by an inference). So, by induction hypothesis, Γ ⊨ B and Γ ⊨ B → A. Then Γ ⊨ A by Theorem C.17. Corollary D.31. If ⊢ A, then A is a tautology. Corollary D.32. If Γ is satisfiable, then it is consistent. Proof. We prove the contrapositive. Suppose that Γ is not consistent. Then Γ ⊢ ⊥, i.e., there is a derivation of ⊥ from Γ . By Theorem D.30, any valuation v that satisfies Γ must satisfy ⊥. Since v ⊭ ⊥ for every valuation v, no v can satisfy Γ , i.e., Γ is not satisfiable. □ Problems Problem D.1. Show that the following hold by exhibiting derivations from the axioms: 221 D.10. SOUNDNESS 1. (A ∧ B) → (B ∧ A) 2. ((A ∧ B) →C ) → (A→ (B →C )) 3. ¬(A ∨ B) → ¬A Problem D.2. Prove Proposition D.17. Problem D.3. Prove Proposition D.21 Problem D.4. Prove that Γ ⊢ ¬A iff Γ ∪ {A} is inconsistent. Problem D.5. Prove Proposition D.25 APPENDIX E Tableaux E.1 Tableaux While many derivation systems operate with arrangements of sentences, tableaux operate with signed formulas. A signed formula is a pair consisting of a truth value sign (T or F) and a sentence TA or F A. A tableau consists of signed formulas arranged in a downwardbranching tree. It begins with a number of assumptions and continues with signed formulas which result from one of the signed formulas above it by applying one of the rules of inference. Each rule allows us to add one or more signed formulas to the end of a branch, or two signed formulas side by side-in this case a branch splits into two, with the two added signed formulas forming the ends of the two branches. A rule applied to a complex signed formula results in the addition of signed formulas which are immediate sub-formulas. They come in pairs, one rule for each of the two signs. For instance, the ∧T rule applies to TA ∧ B , and allows the addition of both the two signed formulas TA and TB to the end of any branch containing TA ∧ B , and the rule A ∧ BF allows a branch to be split by adding F A and F B side-by-side. A tableau is closed if every one of its branches contains a matching pair of signed formulas TA and F A. 222 223 E.1. TABLEAUX The ⊢ relation based on tableaux is defined as follows: Γ ⊢ A iff there is some finite set Γ0 = {B1, . . . ,Bn} ⊆ Γ such that there is a closed tableau for the assumptions {F A,TB1, . . . ,TBn} For instance, here is a closed tableau that shows that ⊢ (A∧B)→A: 1. 2. 3. 4. 5. F (A ∧ B) → A TA ∧ B F A TA TB ⊗ Assumption →F 1 →F 1 →T 2 →T 2 A set Γ is inconsistent in the tableau calculus if there is a closed tableau for assumptions {TB1, . . . ,TBn} for some Bi ∈ Γ . Tableaux were invented in the 1950s independently by Evert Beth and Jaakko Hintikka, and simplified and popularized by Raymond Smullyan. They are very easy to use, since constructing a tableau is a very systematic procedure. Because of the systematic nature of tableaux, they also lend themselves to implementation by computer. However, a tableau is often hard to read and their connection to proofs are sometimes not easy to see. The approach is also quite general, and many different logics have tableau systems. Tableaux also help us to find structures that satisfy given (sets of) sentences: if the set is satisfiable, it won't have a closed tableau, i.e., any tableau will have an open branch. The satisfying structure can be "read off" an open branch, provided every rule it is possible to apply has been applied on that branch. There is also a very close connection to the sequent calculus: essentially, a closed tableau is a condensed derivation in the sequent calculus, written upside-down. 224 APPENDIX E. TABLEAUX E.2 Rules and Tableaux A tableau is a systematic survey of the possible ways a sentence can be true or false in a structure. The bulding blocks of a tableau are signed formulas: sentences plus a truth value "sign," either T or F. These signed formulas are arranged in a (downward growing) tree. Definition E.1. A signed formula is a pair consisting of a truth value and a sentence, i.e., either: TA or F A. Intuitively, we might read TA as "A might be true" and F A as "A might be false" (in some structure). Each signed formula in the tree is either an assumption (which are listed at the very top of the tree), or it is obtained from a signed formula above it by one of a number of rules of inference. There are two rules for each possible main operator of the preceding formula, one for the case when the sign is T, and one for the case where the sign is F. Some rules allow the tree to branch, and some only add signed formulas to the branch. A rule may be (and often must be) applied not to the immediately preceding signed formula, but to any signed formula in the branch from the root to the place the rule is applied. A branch is closed when it contains both TA and F A. A closed tableau is one where every branch is closed. Under the intuitive interpretation, any branch describes a joint possibility, but TA and F A are not jointly possible. In other words, if a branch is closed, the possibility it describes has been ruled out. In particular, that means that a closed tableau rules out all possibilities of simultaneously making every assumption of the form TA true and every assumption of the form F A false. A closed tableau for A is a closed tableau with root F A. If such a closed tableau exists, all possibilities for A being false have been ruled out; i.e., A must be true in every structure. 225 E.3. PROPOSITIONAL RULES E.3 Propositional Rules Rules for ¬ T¬A ¬T F A F ¬A ¬F TA Rules for ∧ TA ∧ B ∧T TA TB F A ∧ B ∧F F A | F B Rules for ∨ TA ∨ B ∨T TA | TB F A ∨ B ∨F F A F B Rules for → TA→ B →T F A | TB F A→ B →F TA F B The Cut Rule Cut TA | F A The Cut rule is not applied "to" a previous signed formula; rather, it allows every branch in a tableau to be split in two, one branch containing TA, the other F A. It is not necessary-any set of signed formulas with a closed tableau has one not using Cut-but it allows us to combine tableaux in a convenient way. 226 APPENDIX E. TABLEAUX E.4 Tableaux We've said what an assumption is, and we've given the rules of inference. Tableaux are inductively generated from these: each tableau either is a single branch consisting of one or more assumptions, or it results from a tableau by applying one of the rules of inference on a branch. Definition E.2 (Tableau). A tableau for assumptions S1A1, . . . , SnAn (where each Si is either T or F) is a tree of signed formulas satisfying the following conditions: 1. The n topmost signed formulas of the tree are SiAi , one below the other. 2. Every signed formula in the tree that is not one of the assumptions results from a correct application of an inference rule to a signed formula in the branch above it. A branch of a tableau is closed iff it contains both TA and F A, and open otherwise. A tableau in which every branch is closed is a closed tableau (for its set of assumptions). If a tableau is not closed, i.e., if it contains at least one open branch, it is open. Example E.3. Every set of assumptions on its own is a tableau, but it will generally not be closed. (Obviously, it is closed only if the assumptions already contain a pair of signed formulas TA and F A.) From a tableau (open or closed) we can obtain a new, larger one by applying one of the rules of inference to a signed formulaA in it. The rule will append one or more signed formulas to the end of any branch containing the occurrence of A to which we apply the rule. For instance, consider the assumption TA ∧ ¬A. Here is the (open) tableau consisting of just that assumption: 1. TA ∧ ¬A Assumption 227 E.5. EXAMPLES OF TABLEAUX We obtain a new tableau from it by applying the ∧T rule to the assumption. That rule allows us to add two new lines to the tableau, TA and T¬A: 1. 2. 3. TA ∧ ¬A TA T¬A Assumption ∧T 1 ∧T 1 When we write down tableaux, we record the rules we've applied on the right (e.g., ∧T1 means that the signed formula on that line is the result of applying the ∧T rule to the signed formula on line 1). This new tableau now contains additional signed formulas, but to only one (T¬A) can we apply a rule (in this case, the ¬T rule). This results in the closed tableau 1. 2. 3. 4. TA ∧ ¬A TA T¬A F A ⊗ Assumption ∧T 1 ∧T 1 ¬T 3 E.5 Examples of Tableaux Example E.4. Let's find a closed tableau for the sentence (A ∧ B) → A. We begin by writing the corresponding assumption at the top of the tableau. 1. F (A ∧ B) → A Assumption There is only one assumption, so only one signed formula to which we can apply a rule. (For every signed formula, there is always at most one rule that can be applied: it's the rule for the corresponding sign and main operator of the sentence.) In this case, this means, we must apply →F. 228 APPENDIX E. TABLEAUX 1. 2. 3. F (A ∧ B) → A ✓ TA ∧ B F A Assumption →F 1 →F 1 To keep track of which signed formulas we have applied their corresponding rules to, we write a checkmark next to the sentence. However, only write a checkmark if the rule has been applied to all open branches. Once a signed formula has had the corresponding rule applied in every open branch, we will not have to return to it and apply the rule again. In this case, there is only one branch, so the rule only has to be applied once. (Note that checkmarks are only a convenience for constructing tableaux and are not officially part of the syntax of tableaux.) There is one new signed formula to which we can apply a rule: the TA ∧ B on line 3. Applying the ∧T rule results in: 1. 2. 3. 4. 5. F (A ∧ B) → A ✓ TA ∧ B ✓ F A TA TB ⊗ Assumption →F 1 →F 1 ∧T 2 ∧T 2 Since the branch now contains both TA (on line 4) and F A (on line 3), the branch is closed. Since it is the only branch, the tableau is closed. We have found a closed tableau for (A∧B)→A. Example E.5. Now let's find a closed tableau for (¬A ∨ B) → (A→ B). We begin with the corresponding assumption: 1. F (¬A ∨ B) → (A→ B) Assumption The one signed formula in this tableau has main operator→ and sign F, so we apply the →F rule to it to obtain: 229 E.5. EXAMPLES OF TABLEAUX 1. 2. 3. F (¬A ∨ B) → (A→ B) ✓ T¬A ∨ B F (A→ B) Assumption →F 1 →F 1 We now have a choice as to whether to apply ∨T to line 2 or →F to line 3. It actually doesn't matter which order we pick, as long as each signed formula has its corresponding rule applied in every branch. So let's pick the first one. The ∨T rule allows the tableau to branch, and the two conclusions of the rule will be the new signed formulas added to the two new branches. This results in: 1. 2. 3. 4. F (¬A ∨ B) → (A→ B) ✓ T¬A ∨ B ✓ F (A→ B) T¬A TB Assumption →F 1 →F 1 ∨T 2 We have not applied the →F rule to line 3 yet: let's do that now. To save time, we apply it to both branches. Recall that we write a checkmark next to a signed formula only if we have applied the corresponding rule in every open branch. So it's a good idea to apply a rule at the end of every branch that contains the signed formula the rule applies to. That way we won't have to return to that signed formula lower down in the various branches. 1. 2. 3. 4. 5. 6. F (¬A ∨ B) → (A→ B) ✓ T¬A ∨ B ✓ F (A→ B) ✓ T¬A TA F B TB TA F B ⊗ Assumption →F 1 →F 1 ∨T 2 →F 3 →F 3 230 APPENDIX E. TABLEAUX The right branch is now closed. On the left branch, we can still apply the ¬T rule to line 4. This results in F A and closes the left branch: 1. 2. 3. 4. 5. 6. 7. F (¬A ∨ B) → (A→ B) ✓ T¬A ∨ B ✓ F (A→ B) ✓ T¬A TA F B F A ⊗ TB TA F B ⊗ Assumption →F 1 →F 1 ∨T 2 →F 3 →F 3 ¬T 4 Example E.6. We can give tableaux for any number of signed formulas as assumptions. Often it is also necessary to apply more than one rule that allows branching; and in general a tableau can have any number of branches. For instance, consider a tableau for {TA ∨ (B ∧C ),F (A ∨B) ∧ (A ∨C )}. We start by applying the ∨T to the first assumption: 1. 2. 3. TA ∨ (B ∧C ) ✓ F (A ∨ B) ∧ (A ∨C ) TA TB ∧C Assumption Assumption ∨T 1 Now we can apply the ∧F rule to line 2. We do this on both branches simultaneously, and can therefore check off line 2: 1. 2. 3. 4. TA ∨ (B ∧C ) ✓ F (A ∨ B) ∧ (A ∨C ) ✓ TA F A ∨ B F A ∨C TB ∧C F A ∨ B F A ∨C Assumption Assumption ∨T 1 ∧F 2 231 E.5. EXAMPLES OF TABLEAUX Now we can apply ∨F to all the branches containing A ∨ B : 1. 2. 3. 4. 5. 6. TA ∨ (B ∧C ) ✓ F (A ∨ B) ∧ (A ∨C ) ✓ TA F A ∨ B ✓ F A F B ⊗ F A ∨C TB ∧C F A ∨ B ✓ F A F B F A ∨C Assumption Assumption ∨T 1 ∧F 2 ∨F 4 ∨F 4 The leftmost branch is now closed. Let's now apply ∨F to A ∨C : 1. 2. 3. 4. 5. 6. 7. 8. TA ∨ (B ∧C ) ✓ F (A ∨ B) ∧ (A ∨C ) ✓ TA F A ∨ B ✓ F A F B ⊗ F A ∨C ✓ F A F C ⊗ TB ∧C F A ∨ B ✓ F A F B F A ∨C ✓ F A F C Assumption Assumption ∨T 1 ∧F 2 ∨F 4 ∨F 4 ∨F 4 ∨F 4 Note that we moved the result of applying ∨F a second time below for clarity. In this instance it would not have been needed, since the justifications would have been the same. Two branches remain open, and TB ∧ C on line 3 remains unchecked. We apply ∧T to it to obtain a closed tableau: 232 APPENDIX E. TABLEAUX 1. 2. 3. 4. 5. 6. 7. 8. TA ∨ (B ∧C ) ✓ F (A ∨ B) ∧ (A ∨C ) ✓ TA F A ∨ B ✓ F A F B ⊗ F A ∨C ✓ F A F C ⊗ TB ∧C ✓ F A ∨ B ✓ F A F B TB TC ⊗ F A ∨C ✓ F A F C TB TC ⊗ Assumption Assumption ∨T 1 ∧F 2 ∨F 4 ∨F 4 ∧T 3 ∧T 3 For comparison, here's a closed tableau for the same set of assumptions in which the rules are applied in a different order: 1. 2. 3. 4. 5. 6. 7. 8. TA ∨ (B ∧C ) ✓ F (A ∨ B) ∧ (A ∨C ) ✓ F A ∨ B ✓ F A F B TA ⊗ TB ∧C ✓ TB TC ⊗ F A ∨C ✓ F A F C TA ⊗ TB ∧C ✓ TB TC ⊗ Assumption Assumption ∧F 2 ∨F 3 ∨F 3 ∨T 1 ∧T 3 ∧T 3 E.6 Proof-Theoretic Notions Just as we've defined a number of important semantic notions (validity, entailment, satisfiabilty), we now define corresponding proof-theoretic notions. These are not defined by appeal to satisfaction of sentences in structures, but by appeal to the existence of 233 E.6. PROOF-THEORETIC NOTIONS certain closed tableaux. It was an important discovery that these notions coincide. That they do is the content of the soundness and completeness theorems. Definition E.7 (Theorems). A sentence A is a theorem if there is a closed tableau for F A. We write ⊢ A if A is a theorem and ⊬ A if it is not. Definition E.8 (Derivability). A sentence A is derivable from a set of sentences Γ , Γ ⊢ A, iff there is a finite set {B1, . . . ,Bn} ⊆ Γ and a closed tableau for the set {F A,TB1, . . . ,TBn, } If A is not derivable from Γ we write Γ ⊬ A. Definition E.9 (Consistency). A set of sentences Γ is inconsistent iff there is a finite set {B1, . . . ,Bn} ⊆ Γ and a closed tableau for the set {TB1, . . . ,TBn, }. If Γ is not inconsistent, we say it is consistent. Proposition E.10 (Reflexivity). If A ∈ Γ , then Γ ⊢ A. Proof. If A ∈ Γ , {A} is a finite subset of Γ and the tableau 1. 2. F A TA ⊗ Assumption Assumption is closed. □ 234 APPENDIX E. TABLEAUX Proposition E.11 (Monotony). If Γ ⊆ ∆ and Γ ⊢ A, then ∆ ⊢ A. Proof. Any finite subset of Γ is also a finite subset of ∆. □ Proposition E.12 (Transitivity). If Γ ⊢ A and {A} ∪ ∆ ⊢ B , then Γ ∪ ∆ ⊢ B . Proof. If {A} ∪ ∆ ⊢ B , then there is a finite subset ∆0 = {C1, . . . ,Cn} ⊆ ∆ such that {F B,TA,TC1, . . . ,TCn} has a closed tableau. If Γ ⊢ A then there are D1, . . . , Dm such that {F A,TD1, . . . ,TDm} has a closed tableau. Now consider the tableau with assumptions F B,TC1, . . . ,TCn,TD1, . . . ,TDm . Apply the Cut rule on A. This generates two branches, one has TA in it, the other F A. Thus, on the one branch, all of {F B,TA,TC1, . . . ,TCn} are available. Since there is a closed tableau for these assumptions, we can attach it to that branch; every branch through TA1 closes. On the other branch, all of {F A,TD1, . . . ,TDm} are available, so we can also complete the other side to obtain a closed tableau. This shows Γ ∪ ∆ ⊢ B . □ Note that this means that in particular if Γ ⊢ A and A ⊢ B , then Γ ⊢ B . It follows also that if A1, . . . ,An ⊢ B and Γ ⊢ Ai for each i , then Γ ⊢ B . 235 E.7. DERIVABILITY AND CONSISTENCY Proposition E.13. Γ is inconsistent iff Γ ⊢ A for every sentence A. Proof. Exercise. □ Proposition E.14 (Compactness). 1. If Γ ⊢ A then there is a finite subset Γ0 ⊆ Γ such that Γ0 ⊢ A. 2. If every finite subset of Γ is consistent, then Γ is consistent. Proof. 1. If Γ ⊢ A, then there is a finite subset Γ0 = {B1, . . . ,Bn} and a closed tableau for F A,TB1, * * *TBn This tableau also shows Γ0 ⊢ A. 2. If Γ is inconsistent, then for some finite subset Γ0 = {B1, . . . ,Bn} there is a closed tableau for TB1, * * *TBn This closed tableau shows that Γ0 is inconsistent. □ E.7 Derivability and Consistency We will now establish a number of properties of the derivability relation. They are independently interesting, but each will play a role in the proof of the completeness theorem. 236 APPENDIX E. TABLEAUX Proposition E.15. If Γ ⊢ A and Γ ∪ {A} is inconsistent, then Γ is inconsistent. Proof. There are finite Γ0 = {B1, . . . ,Bn} and Γ1 = {C1, . . . ,Cn} ⊆ Γ such that {F A,TB1, . . . ,TBn} {T¬A,TC1, . . . ,TCm} have closed tableaux. Using the Cut rule on A we can combine these into a single closed tableau that shows Γ0∪Γ1 is inconsistent. Since Γ0 ⊆ Γ and Γ1 ⊆ Γ , Γ0 ∪ Γ1 ⊆ Γ , hence Γ is inconsistent.□ Proposition E.16. Γ ⊢ A iff Γ ∪ {¬A} is inconsistent. Proof. First suppose Γ ⊢ A, i.e., there is a closed tableau for {F A,TB1, . . . ,TBn} Using the ¬T rule, this can be turned into a closed tableau for {T¬A,TB1, . . . ,TBn}. On the other hand, if there is a closed tableau for the latter, we can turn it into a closed tableau of the former by removing every formula that results from ¬T applied to the first assumption T¬A as well as that assumption, and adding the assumption F A. For if a branch was closed before because it contained the conclusion of ¬T applied to T¬A, i.e., F A, the corresponding branch in the new tableau is also closed. If a branch in the old tableau was closed because it contained the assumption T¬A as well as F ¬A we can turn it into a closed branch by applying ¬F to F ¬A to obtain TA. This closes the branch since we added F A as an assumption. □ 237 E.7. DERIVABILITY AND CONSISTENCY Proposition E.17. If Γ ⊢ A and ¬A ∈ Γ , then Γ is inconsistent. Proof. Suppose Γ ⊢ A and ¬A ∈ Γ . Then there are B1, . . . , Bn ∈ Γ such that {F A,TB1, . . . ,TBn} has a closed tableau. Replace the assumption F A by T¬A, and insert the conclusion of ¬T applied to F A after the assumptions. Any sentence in the tableau justified by appeal to line 1 in the old tableau is now justified by appeal to line n + 1. So if the old tableau was closed, the new one is. It shows that Γ is inconsistent, since all assumptions are in Γ . □ Proposition E.18. If Γ ∪ {A} and Γ ∪ {¬A} are both inconsistent, then Γ is inconsistent. Proof. If there are B1, . . . , Bn ∈ Γ and C1, . . . , Cm ∈ Γ such that {TA,TB1, . . . ,TBn} {T¬A,TC1, . . . ,TCm} both have closed tableaux, we can construct a tableau that shows that Γ is inconsistent by using as assumptions TB1, . . . , TBn together with TC1, . . . , TCm , followed by an application of the Cut rule, yielding two branches, one starting with TA, the other with F A. Add on the part below the assumptions of the first tableau on the left side. Here, every rule application is still correct, and every branch closes. On the right side, add the part below the assumptions of the seond tableau, with the results of any applications of ¬T to T¬A removed. For if a branch was closed before because it contained the conclusion of ¬T applied to T¬A, i.e., F A, as well as F A, the corresponding branch in the new tableau is also closed. If a branch in the old tableau was closed because it contained the assumption T¬A as well as F ¬A we can turn it into a closed branch by applying ¬F to F ¬A to obtain TA. □ 238 APPENDIX E. TABLEAUX E.8 Derivability and the Propositional Connectives Proposition E.19. 1. Both A ∧ B ⊢ A and A ∧ B ⊢ B . 2. A,B ⊢ A ∧ B . Proof. 1. Both {F A,TA ∧ B } and {F B,TA ∧ B } have closed tableaux 1. 2. 3. 4. F A TA ∧ B TA TB ⊗ Assumption Assumption ∧T 2 ∧T 2 1. 2. 3. 4. F B TA ∧ B TA TB ⊗ Assumption Assumption ∧T 2 ∧T 2 2. Here is a closed tableau for {TA,TB,F A ∧ B }: 1. 2. 3. 4. F A ∧ B TA TB F A ⊗ F B ⊗ Assumption Assumption Assumption ∧F 1 239 E.8. DERIVABILITY AND THE PROPOSITIONAL CONNECTIVES Proposition E.20. 1. A ∨ B,¬A,¬B is inconsistent. 2. Both A ⊢ A ∨ B and B ⊢ A ∨ B . Proof. 1. We give a closed tableau of {TA ∨ B,T¬A,T¬B }: 1. 2. 3. 4. 5. 6. TA ∨ B T¬A T¬B F A F B TA ⊗ TB ⊗ Assumption Assumption Assumption ¬T 2 ¬T 3 ∨T 1 2. Both {F A∨B,TA} and {F A∨B,TB } have closed tableaux: 1. 2. 3. 4. F A ∨ B TA FA FB ⊗ Assumption Assumption ∨F 1 ∨F 1 1. 2. 3. 4. F A ∨ B TB FA FB ⊗ Assumption Assumption ∨F 1 ∨F 1 240 APPENDIX E. TABLEAUX Proposition E.21. 1. A,A→ B ⊢ B . 2. Both ¬A ⊢ A→ B and B ⊢ A→ B . Proof. 1. {F B,TA→ B,TA} has a closed tableau: 1. 2. 3. 4. F B TA→ B TA F A ⊗ TB ⊗ Assumption Assumption Assumption →T 2 2. Both s{F A → B,T¬A} and {F A → B,T¬B } have closed tableaux: 1. 2. 3. 4. 5. F A→ B T¬A TA F B F A ⊗ Assumption Assumption →F 1 →F 1 ¬T 2 1. 2. 3. 4. 5. F A→ B T¬B TA F B F B ⊗ Assumption Assumption →F 1 →F 1 ¬T 2 241 E.9. SOUNDNESS E.9 Soundness A derivation system, such as tableaux, is sound if it cannot derive things that do not actually hold. Soundness is thus a kind of guaranteed safety property for derivation systems. Depending on which proof theoretic property is in question, we would like to know for instance, that 1. every derivable A is a tautology; 2. if a sentence is derivable from some others, it is also a consequence of them; 3. if a set of sentences is inconsistent, it is unsatisfiable. These are important properties of a derivation system. If any of them do not hold, the derivation system is deficient-it would derive too much. Consequently, establishing the soundness of a derivation system is of the utmost importance. Because all these proof-theoretic properties are defined via closed tableaux of some kind or other, proving (1)–(3) above requires proving something about the semantic properties of closed tableaux. We will first define what it means for a signed formula to be satisfied in a structure, and then show that if a tableau is closed, no structure satisfies all its assumptions. (1)–(3) then follow as corollaries from this result. Definition E.22. A valuation v satisfies a signed formula TA iff v ⊨ A, and it satisfies F A iff v ⊭ A. v satisfies a set of signed formulas Γ iff it satisfies every S A ∈ Γ . Γ is satisfiable if there is a valuation that satisfies it, and unsatisfiable otherwise. 242 APPENDIX E. TABLEAUX Theorem E.23 (Soundness). If Γ has a closed tableau, Γ is unsatisfiable. Proof. Let's call a branch of a tableau satisfiable iff the set of signed formulas on it is satisfiable, and let's call a tableau satisfiable if it contains at least one satisfiable branch. We show the following: Extending a satisfiable tableau by one of the rules of inference always results in a satisfiable tableau. This will prove the theorem: any closed tableau results by applying rules of inference to the tableau consisting only of assumptions from Γ . So if Γ were satisfiable, any tableau for it would be satisfiable. A closed tableau, however, is clearly not satisfiable: every branch contains both TA and F A, and no structure can both satisfy and not satisfy A. Suppose we have a satisfiable tableau, i.e., a tableau with at least one satisfiable branch. Applying a rule of inference either adds signed formulas to a branch, or splits a branch in two. If the tableau has a satisfiable branch which is not extended by the rule application in question, it remains a satisfiable branch in the extended tableau, so the extended tableau is satisfiable. So we only have to consider the case where a rule is applied to a satisfiable branch. Let Γ be the set of signed formulas on that branch, and let S A ∈ Γ be the signed formula to which the rule is applied. If the rule does not result in a split branch, we have to show that the extended branch, i.e., Γ together with the conclusions of the rule, is still satisfiable. If the rule results in split branch, we have to show that at least one of the two resulting branches is satisfiable. First, we consider the possible inferences with only one premise. 1. The branch is expanded by applying ¬T to T¬B ∈ Γ . Then the extended branch contains the signed formulas Γ ∪ {F B }. Suppose v ⊨ Γ . In particular, v ⊨ ¬B . Thus, v ⊭ B , i.e., v satisfies F B . 243 E.9. SOUNDNESS 2. The branch is expanded by applying ¬F to F ¬B ∈ Γ : Exercise. 3. The branch is expanded by applying ∧T to TB ∧ C ∈ Γ , which results in two new signed formulas on the branch: TB and TC . Suppose v ⊨ Γ , in particular v ⊨ B ∧C . Then v ⊨ B and v ⊨ C . This means that v satisfies both TB and TC . 4. The branch is expanded by applying ∨F to TB ∨ C ∈ Γ : Exercise. 5. The branch is expanded by applying →F to TB →C ∈ Γ : This results in two new signed formulas on the branch: TB and F C . Suppose v ⊨ Γ , in particular v ⊭ B → C . Then v ⊨ B and v ⊭ C . This means that v satisfies both TB and F C . Now let's consider the possible inferences with two premises. 1. The branch is expanded by applying ∧F to F B ∧ C ∈ Γ , which results in two branches, a left one continuing through F B and a right one through F C . Suppose v ⊨ Γ , in particular v ⊭ B ∧C . Then v ⊭ B or v ⊭ C . In the former case, v satisfies F B , i.e., v satisfies the formulas on the left branch. In the latter, v satisfies F C , i.e., v satisfies the formulas on the right branch. 2. The branch is expanded by applying ∨T to TB ∨ C ∈ Γ : Exercise. 3. The branch is expanded by applying →T to TB →C ∈ Γ : Exercise. 4. The branch is expanded by Cut: This results in two branches, one containing TB , the other containing F B . Since v ⊨ Γ and either v ⊨ B or v ⊭ B , v satisfies either the left or the right branch. □ 244 APPENDIX E. TABLEAUX Corollary E.24. If ⊢ A then A is a tautology. Corollary E.25. If Γ ⊢ A then Γ ⊨ A. Proof. If Γ ⊢ A then for some B1, . . . , Bn ∈ Γ , {F A,TB1, . . . ,TBn} has a closed tableau. By Theorem E.23, every valuation v either makes some Bi false or makes A true. Hence, if v ⊨ Γ then also v ⊨ A. □ Corollary E.26. If Γ is satisfiable, then it is consistent. Proof. We prove the contrapositive. Suppose that Γ is not consistent. Then there are B1, . . . , Bn ∈ Γ and a closed tableau for {TB, . . . ,TB }. By Theorem E.23, there is no v such that v ⊨ Bi for all i = 1, . . . , n. But then Γ is not satisfiable. □ Problems Problem E.1. Give closed tableaux of the following: 1. F ¬(A→ B) → (A ∧ ¬B) 2. F (A→C ) ∨ (B →C ),T (A ∧ B) →C Problem E.2. Prove Proposition E.13 Problem E.3. Prove that Γ ⊢ ¬A iff Γ ∪ {A} is inconsistent. Problem E.4. Complete the proof of Theorem E.23. APPENDIX F The Completeness Theorem F.1 Introduction The completeness theorem is one of the most fundamental results about logic. It comes in two formulations, the equivalence of which we'll prove. In its first formulation it says something fundamental about the relationship between semantic consequence and our proof system: if a sentence A follows from some sentences Γ , then there is also a derivation that establishes Γ ⊢ A. Thus, the proof system is as strong as it can possibly be without proving things that don't actually follow. In its second formulation, it can be stated as a model existence result: every consistent set of sentences is satisfiable. Consistency is a proof-theoretic notion: it says that our proof system is unable to produce certain derivations. But who's to say that just because there are no derivations of a certain sort from Γ , it's guaranteed that there is valuation v with v ⊨ Γ? Before the completeness theorem was first proved-in fact before we had 245 246 APPENDIX F. THE COMPLETENESS THEOREM the proof systems we now do-the great German mathematician David Hilbert held the view that consistency of mathematical theories guarantees the existence of the objects they are about. He put it as follows in a letter to Gottlob Frege: If the arbitrarily given axioms do not contradict one another with all their consequences, then they are true and the things defined by the axioms exist. This is for me the criterion of truth and existence. Frege vehemently disagreed. The second formulation of the completeness theorem shows that Hilbert was right in at least the sense that if the axioms are consistent, then some valuation exists that makes them all true. These aren't the only reasons the completeness theorem-or rather, its proof-is important. It has a number of important consequences, some of which we'll discuss separately. For instance, since any derivation that shows Γ ⊢ A is finite and so can only use finitely many of the sentences in Γ , it follows by the completeness theorem that if A is a consequence of Γ , it is already a consequence of a finite subset of Γ . This is called compactness. Equivalently, if every finite subset of Γ is consistent, then Γ itself must be consistent. Although the compactness theorem follows from the completeness theorem via the detour through derivations, it is also possible to use the the proof of the completeness theorem to establish it directly. For what the proof does is take a set of sentences with a certain property-consistency-and constructs a structure out of this set that has certain properties (in this case, that it satisfies the set). Almost the very same construction can be used to directly establish compactness, by starting from "finitely satisfiable" sets of sentences instead of consistent ones. 247 F.2. OUTLINE OF THE PROOF F.2 Outline of the Proof The proof of the completeness theorem is a bit complex, and upon first reading it, it is easy to get lost. So let us outline the proof. The first step is a shift of perspective, that allows us to see a route to a proof. When completeness is thought of as "whenever Γ ⊨ A then Γ ⊢ A," it may be hard to even come up with an idea: for to show that Γ ⊢ A we have to find a derivation, and it does not look like the hypothesis that Γ ⊨ A helps us for this in any way. For some proof systems it is possible to directly construct a derivation, but we will take a slightly different approach. The shift in perspective required is this: completeness can also be formulated as: "if Γ is consistent, it is satisfiable." Perhaps we can use the information in Γ together with the hypothesis that it is consistent to construct a valuation that satisfies every formula in Γ . After all, we know what kind of valuation we are looking for: one that is as Γ describes it! If Γ contains only propositional variables, it is easy to construct a model for it. All we have to do is come up with a valuation v such that v ⊨ p for all p ∈ Γ . Well, let v(p) = T iff p ∈ Γ . Now suppose Γ contains some formula ¬B , with B atomic. We might worry that the construction of v interferes with the possibility of making ¬B true. But here's where the consistency of Γ comes in: if ¬B ∈ Γ , then B ∉ Γ , or else Γ would be inconsistent. And if B ∉ Γ , then according to our construction of v, v ⊭ B , so v ⊨ ¬B . So far so good. What if Γ contains complex, non-atomic formulas? Say it contains A ∧ B . To make that true, we should proceed as if both A and B were in Γ . And if A ∨ B ∈ Γ , then we will have to make at least one of them true, i.e., proceed as if one of them was in Γ . This suggests the following idea: we add additional formulas to Γ so as to (a) keep the resulting set consistent and (b) make sure that for every possible atomic sentence A, either A is in the resulting set, or ¬A is, and (c) such that, whenever A ∧ B is in the set, so are both A and B , if A ∨B is in the set, at least one of 248 APPENDIX F. THE COMPLETENESS THEOREM A or B is also, etc. We keep doing this (potentially forever). Call the set of all formulas so added Γ∗. Then our construction above would provide us with a valuation v for which we could prove, by induction, that it satisfies all sentences in Γ∗, and hence also all sentence in Γ since Γ ⊆ Γ∗. It turns out that guaranteeing (a) and (b) is enough. A set of sentences for which (b) holds is called complete. So our task will be to extend the consistent set Γ to a consistent and complete set Γ∗. So here's what we'll do. First we investigate the properties of complete consistent sets, in particular we prove that a complete consistent set contains A ∧ B iff it contains both A and B , A ∨ B iff it contains at least one of them, etc. (Proposition F.2). We'll then take the consistent set Γ and show that it can be extended to a consistent and complete set Γ∗ (Lemma F.3). This set Γ∗ is what we'll use to define our valuation v(Γ∗). The valuation is determined by the propositional variables in Γ∗ (Definition F.4). We'll use the properties of complete consistent sets to show that indeed v(Γ∗) ⊨ A iff A ∈ Γ∗ (Lemma F.5), and thus in particular, v(Γ∗) ⊨ Γ . F.3 Complete Consistent Sets of Sentences Definition F.1 (Complete set). A set Γ of sentences is complete iff for any sentence A, either A ∈ Γ or ¬A ∈ Γ . Complete sets of sentences leave no questions unanswered. For any sentence A, Γ "says" if A is true or false. The importance of complete sets extends beyond the proof of the completeness theorem. A theory which is complete and axiomatizable, for instance, is always decidable. Complete consistent sets are important in the completeness proof since we can guarantee that every consistent set of sentences Γ is contained in a complete consistent set Γ∗. A complete consistent set contains, for each sentence A, either A or its negation ¬A, but not both. This is true in particular for propositional 249 F.3. COMPLETE CONSISTENT SETS OF SENTENCES variables, so from a complete consistent set, we can construct a valuation where the truth value assigned to propositional variables is defined according to which propositional variables are in Γ∗. This valuation can then be shown to make all sentences in Γ∗ (and hence also all those in Γ) true. The proof of this latter fact requires that ¬A ∈ Γ∗ iff A ∉ Γ∗, (A ∨ B) ∈ Γ∗ iff A ∈ Γ∗ or B ∈ Γ∗, etc. In what follows, we will often tacitly use the properties of reflexivity, monotonicity, and transitivity of ⊢ (see appendices D.6 and E.6). Proposition F.2. Suppose Γ is complete and consistent. Then: 1. If Γ ⊢ A, then A ∈ Γ . 2. A ∧ B ∈ Γ iff both A ∈ Γ and B ∈ Γ . 3. A ∨ B ∈ Γ iff either A ∈ Γ or B ∈ Γ . 4. A→ B ∈ Γ iff either A ∉ Γ or B ∈ Γ . Proof. Let us suppose for all of the following that Γ is complete and consistent. 1. If Γ ⊢ A, then A ∈ Γ . Suppose that Γ ⊢ A. Suppose to the contrary that A ∉ Γ . Since Γ is complete, ¬A ∈ Γ . By Propositions E.17 and D.24, Γ is inconsistent. This contradicts the assumption that Γ is consistent. Hence, it cannot be the case that A ∉ Γ , so A ∈ Γ . 2. Exercise. 3. First we show that if A∨B ∈ Γ , then either A ∈ Γ or B ∈ Γ . Suppose A ∨ B ∈ Γ but A ∉ Γ and B ∉ Γ . Since Γ is complete, ¬A ∈ Γ and ¬B ∈ Γ . By Propositions E.20 and D.27, item (1), Γ is inconsistent, a contradiction. Hence, either A ∈ Γ or B ∈ Γ . 250 APPENDIX F. THE COMPLETENESS THEOREM For the reverse direction, suppose that A ∈ Γ or B ∈ Γ . By Propositions E.20 and D.27, item (2), Γ ⊢ A ∨ B . By (1), A ∨ B ∈ Γ , as required. 4. Exercise. □ F.4 Lindenbaum's Lemma We now prove a lemma that shows that any consistent set of sentences is contained in some set of sentences which is not just consistent, but also complete. The proof works by adding one sentence at a time, guaranteeing at each step that the set remains consistent. We do this so that for every A, either A or ¬A gets added at some stage. The union of all stages in that construction then contains either A or its negation ¬A and is thus complete. It is also consistent, since we made sure at each stage not to introduce an inconsistency. Lemma F.3 (Lindenbaum's Lemma). Every consistent set Γ in a language L can be extended to a complete and consistent set Γ∗. Proof. Let Γ be consistent. Let A0, A1, . . . be an enumeration of all the sentences of L. Define Γ0 = Γ , and Γn+1 = {︄ Γn ∪ {An} if Γn ∪ {An} is consistent; Γn ∪ {¬An} otherwise. Let Γ∗ = ⋃︁ n≥0 Γn . Each Γn is consistent: Γ0 is consistent by definition. If Γn+1 = Γn ∪ {An}, this is because the latter is consistent. If it isn't, Γn+1 = Γn ∪ {¬An}. We have to verify that Γn ∪ {¬An} is consistent. Suppose it's not. Then both Γn ∪ {An} and Γn ∪ {¬An} are inconsistent. This means that Γn would be inconsistent by Propositions E.17 and D.24, contrary to the induction hypothesis. 251 F.5. CONSTRUCTION OF A MODEL For every n and every i < n, Γi ⊆ Γn . This follows by a simple induction on n. For n = 0, there are no i < 0, so the claim holds automatically. For the inductive step, suppose it is true for n. We have Γn+1 = Γn ∪ {An} or = Γn ∪ {¬An} by construction. So Γn ⊆ Γn+1. If i < n, then Γi ⊆ Γn by inductive hypothesis, and so ⊆ Γn+1 by transitivity of ⊆. From this it follows that every finite subset of Γ∗ is a subset of Γn for some n, since each B ∈ Γ∗ not already in Γ0 is added at some stage i . If n is the last one of these, then all B in the finite subset are in Γn . So, every finite subset of Γ∗ is consistent. By Propositions E.14 and D.18, Γ∗ is consistent. Every sentence of Frm(L) appears on the list used to define Γ∗. If An ∉ Γ∗, then that is because Γn ∪ {An} was inconsistent. But then ¬An ∈ Γ∗, so Γ∗ is complete. □ F.5 Construction of a Model We are now ready to define a valuation that makes all A ∈ Γ true. To do this, we first apply Lindenbaum's Lemma: we get a complete consistent Γ∗ ⊇ Γ . We let the propositional variables in Γ∗ determine v(Γ∗). Definition F.4. Suppose Γ∗ is a complete consistent set of formulas. Then we let v(Γ∗)(p) = {︄ T if p ∈ Γ∗ F if p ∉ Γ∗ Lemma F.5 (Truth Lemma). v(Γ∗) ⊨ A iff A ∈ Γ∗. Proof. We prove both directions simultaneously, and by induction on A. 1. A ≡ ⊥: v(Γ∗) ⊭ ⊥ by definition of satisfaction. On the other hand, ⊥ ∉ Γ∗ since Γ∗ is consistent. 252 APPENDIX F. THE COMPLETENESS THEOREM 2. A ≡ p : v(Γ∗) ⊨ p iff v(Γ∗)(p) = T (by the definition of satisfaction) iff p ∈ Γ∗ (by the construction of v(Γ∗)). 3. A ≡ ¬B : v(Γ∗) ⊨ A iff v(Γ∗) ⊨ B (by definition of satisfaction). By induction hypothesis, v(Γ∗) ⊨ B iff B ∉ Γ∗. Since Γ∗ is consistent and complete, B ∉ Γ∗ iff ¬B ∈ Γ∗. 4. A ≡ B ∧C : exercise. 5. A ≡ B ∨C : v(Γ∗) ⊨ A iff v(Γ∗) ⊨ B or v(Γ∗) ⊨ C (by definition of satisfaction) iff B ∈ Γ∗ or C ∈ Γ∗ (by induction hypothesis). This is the case iff (B ∨ C ) ∈ Γ∗ (by Proposition F.2(3)). 6. A ≡ B →C : exercise. F.6 The Completeness Theorem Let's combine our results: we arrive at the completeness theorem. Theorem F.6 (Completeness Theorem). Let Γ be a set of sentences. If Γ is consistent, it is satisfiable. Proof. Suppose Γ is consistent. By Lemma F.3, there is a Γ∗ ⊇ Γ which is consistent and complete. By Lemma F.5, v(Γ∗) ⊨ A iff A ∈ Γ∗. From this it follows in particular that for all A ∈ Γ , v(Γ∗) ⊨ A, so Γ is satisfiable. □ 253 F.6. THE COMPLETENESS THEOREM Corollary F.7 (Completeness Theorem, Second Version). For all Γ and sentences A: if Γ ⊨ A then Γ ⊢ A. Proof. Note that the Γ 's in Corollary F.7 and Theorem F.6 are universally quantified. To make sure we do not confuse ourselves, let us restate Theorem F.6 using a different variable: for any set of sentences ∆, if ∆ is consistent, it is satisfiable. By contraposition, if ∆ is not satisfiable, then ∆ is inconsistent. We will use this to prove the corollary. Suppose that Γ ⊨ A. Then Γ∪{¬A} is unsatisfiable by Proposition C.16. Taking Γ ∪ {¬A} as our ∆, the previous version of Theorem F.6 gives us that Γ ∪ {¬A} is inconsistent. By Propositions E.16 and D.23, Γ ⊢ A. □ Problems Problem F.1. Complete the proof of Proposition F.2. Problem F.2. Complete the proof of Lemma F.5. Problem F.3. Use Corollary F.7 to prove Theorem F.6, thus showing that the two formulations of the completeness theorem are equivalent. Problem F.4. In order for a derivation system to be complete, its rules must be strong enough to prove every unsatisfiable set inconsistent. Which of the rules of derivation were necessary to prove completeness? Are any of these rules not used anywhere in the proof? In order to answer these questions, make a list or diagram that shows which of the rules of derivation were used in which results that lead up to the proof of Theorem F.6. Be sure to note any tacit uses of rules in these proofs. About the Open Logic Project The Open Logic Text is an open-source, collaborative textbook of formal meta-logic and formal methods, starting at an intermediate level (i.e., after an introductory formal logic course). Though aimed at a non-mathematical audience (in particular, students of philosophy and computer science), it is rigorous. Coverage of some topics currently included may not yet be complete, and many sections still require substantial revision. We plan to expand the text to cover more topics in the future. We also plan to add features to the text, such as a glossary, a list of further reading, historical notes, pictures, better explanations, sections explaining the relevance of results to philosophy, computer science, and mathematics, and more problems and examples. If you find an error, or have a suggestion, please let the project team know. The project operates in the spirit of open source. Not only is the text freely available, we provide the LaTeX source under the Creative Commons Attribution license, which gives anyone the right to download, use, modify, re-arrange, convert, and re-distribute our work, as long as they give appropriate credit. Please see the Open Logic Project website at openlogicproject.org for additional information.