Cut-free Calculi and Relational Semantics for Temporal STIT Logics? Kees van Berkel1 and Tim Lyon1 1Institut für Logic and Computation, Technische Universität Wien, Austria {kees,lyon}@logic.at Abstract. We present cut-free labelled sequent calculi for a central formalism in logics of agency: STIT logics with temporal operators. These include sequent systems for Ldm, Tstit and Xstit. All calculi presented possess essential structural properties such as contractionand cut-admissibility. The labelled calculi G3Ldm and G3Tstit are shown sound and complete relative to irreflexive temporal frames. Additionally, we extend current results by showing that also Xstit can be characterized through relational frames, omitting the use of BT+AC frames. Keywords: Labelled sequent calculi * Cut-free completeness * Temporal logic * Multi-agent STIT logic * Relational semantics 1 Introduction Various autonomous machines are developed with the aim of performing particular human tasks. Human acting, however, is inevitably connected to legal and moral decision making–sometimes more than we think. Hence, such machines will eventually be found in difficult scenarios in which normatively acceptable actions must be generated [12]. What is more, these decisions can quickly turn into complex (technical) problems [13]. The above stresses the need for formal tools that allow for reasoning about agents, the choices they have, and the actions they are able and allowed to perform. Implementable logics of agency can play an important role in the development of such automated systems: they can provide explicit proofs that can be checked and which, more importantly, can be understood by humans (e.g. [1]). The present work takes a first step in this direction by providing cut-free sequent calculi for one of the central formalisms of agency: STIT logic with temporal operators. The logic of STIT, which is an acronym for 'Seeing To It That', is a prominent modal framework for the formal analysis of multi-agent interaction and reasoning about choices.1 In short, STIT logics contain modal formulae of the form [i]φ, capturing the notion that "the agent i sees to it that the state of affairs ? This is a pre-print of an article published in Logics in Artificial Intelligence. The final authenticated version is available online at: https://doi.org/10.1007/ 978-3-030-19570-0_52. 1 For an introduction to STIT logic and a historical overview we refer to [3,4,16]. 2 K. van Berkel and T. Lyon φ is brought about". STIT logic knows many fruitful extensions and its recent application to legal theory, deontic reasoning, and epistemics shows that issues of agency are essentially tied to temporal aspects of choice: for example, consider issues in legal responsibility [18]; social commitment [17]; knowledge-based obligations [7]; agent-bound instrumentality [5]; and actions as events [28]. Unfortunately, nearly all available proof systems for STIT logics are Hilbertstyle systems, which are known to be cumbersome for proof search and not suitable for proving metalogical properties of the intended formalisms. To this purpose, a renowned alternative proof framework is Gentzen's sequent calculus [11]. It allows one to construct proofs that decompose the formulae to be proven in a stepwise manner; making it an effective tool for proof search and a good candidate for automated deduction procedures. However, this framework is not strong enough to design cut-free analytic calculi for many modal logics of interest [20]; including STIT logic. In this work, we will treat several STIT logics through a more expressive extension of this formalism: Labelled Sequent Calculi [20,26]. The aim of the present paper is to provide labelled calculi for several central temporal STIT logics: Ldm, Tstit and Xstit. To our knowledge, there have only been three attempts to capture STIT logics in alternative proof systems: in [1] a natural deduction system for a deontic STIT logic is proposed and in [24,27] tableaux systems for multi-agent deliberative STIT logics are presented. On the one hand, the novelty of the present contribution compared to previous works, is that all presented calculi (i) possess useful proof-theoretic properties such as contractionand cut-admissibility and (ii) are modular and extend to several temporal STIT-logics, including both temporal operators and inherently temporal STIT-operators (in a multi-agent, as well as a group setting). In doing so, we answer an open question in [27] regarding the construction of a rule-based proof system for temporal extensions of Ldm. On the other hand, the investigation of STIT has been with an essential focus on its intuitive semantics: branching time structures, extended with histories as paths and agential choice-functions (BT+AC-frames). Recent work [2,14,17], however, shows that the basic atemporal STIT logic Ldm and its temporal extension Tstit are characterizable through simpler relational frames. The current work extends these results by showing that also the logic Xstit can be semantically characterized without using BT+AC structures. In section 2 we will introduce the base logic Ldm and its corresponding labelled calculus. Thereafter, in section 3, we provide a cut-free calculus for the temporal STIT logic Tstit, introduced in [17], which exploits a temporal irreflexivity rule based on [10]. Last, in section 4, we provide a labelled calculus for the inherently temporal STIT logic Xstit from [7,8]. Here we show that the independence of agents principle of STIT logic can be captured using systems of rules from [22]. We conclude and highlight some envisaged future work in section 5. Cut-free Calculi for Temporal STIT Logics 3 2 The Logic Ldm 2.1 Axioms and Relational Semantics for Ldm The basic STIT logic Ldm offers a framework for reasoning about individual agents realizing propositions via the choices available to them at particular moments in time. In the semantics of Ldm, each moment can be formalized as an equivalence class of worlds, where each world sits in a linear chain (referred to as a history) extending to the future and (possibly to) the past. Therefore, each world contained in a particular moment can be thought of as an alternative state of affairs that evolves along a different timeline. Moreover, for each agent, moments are further partitioned into equivalence classes, where each class represents a possible choice available to the agent for realizing a set of potential outcomes. Hence, if a proposition φ holds true in every world of a particular choice for an agent i, then we claim that "i sees to it that φ" (written formally as [i]φ) at each world of that choice; i.e. i's committal to the choice ensures φ regardless of which world in the choice set is actual. The above STIT operator [i] is referred to as the Chellas-STIT (i.e. cstit) [4]. It is often distinguished from the deliberative STIT (i.e. dstit) which consists of cstit together with a negative condition: we say that "agent i deliberatively sees to it that φ" (written formally as [i]d) when (i) "i sees to it that φ" and (ii) "φ is currently not settled true" [15,16]. The second condition ensures that the realization of φ depends on the choice made by the agent; i.e. φ might not have been case had the agent chosen to act differently. By making use of the settledness operator , which is prefixed to a formula when the formula holds true at every world in a moment, cstit and dstit become inter-definable: namely, [i]dφ iff [i]φ∧¬φ. As an example of a STIT formula, the formula ♦[i]dφ must be interpreted as follows: at the current moment, agent i has a possible choice available that allows i to see to it that φ is guaranteed, and there is an alternative choice present to i that does not guarantee φ. In this paper, we introduce  and [i] as primitive and take [i]d as defined. In this section, we make all of the aforementioned notions formally precise and provide a relational semantics for Ldm along with a corresponding cut-free labelled calculus. In section 3, we will extend Ldm with temporal operators, obtaining the logic Tstit. Since both logics rely on the same semantics, we introduce their languages and semantics simultaneously, avoiding unnecessary repetition. Lastly, in what follows we give all formulae of the associated logics in negation normal form. This reduces the number of rules in the associated calculi and offers a simpler presentation of the proof theory. The languages for Ldm and Tstit are given below: Definition 1 (The Languages LLdm and LTstit). Let Ag = {1, 2, ..., n} be a finite set of agent labels and let V ar = {p1, p2, p3...} be a countable set of propositional variables. The language LLdm is given by the following BNF grammar: φ ::= p | p | φ ∧ φ | φ ∨ φ | φ | ♦φ | [i]φ | 〈i〉φ 4 K. van Berkel and T. Lyon The language LTstit is defined accordingly: φ ::= p | p | φ ∧ φ | φ ∨ φ | φ | ♦φ | [i]φ | 〈i〉φ | [Ag]φ | 〈Ag〉φ | Gφ | Fφ | Hφ | Pφ where i ∈ Ag and p ∈ V ar. The language LTstit extends LLdm through the incorporation of the tense modalities G, F, H, and P and the modalities [Ag] and 〈Ag〉 for the grand coalition Ag of agents. G and F are duals and read, respectively, as 'always will be in the future' and 'somewhere in the future'. H are P are also dual and are interpreted, respectively, as 'always has been in the past' and 'somewhere in the past' (cf. [17,25]). The operator [Ag] captures the notion that 'the grand coalition of agents sees to it that'. Note that the negation of a formula φ, written φ, is obtained in the usual way by replacing each operator with its dual, each positive propositional atom p with its negation p, and each negative propositional atom p with its positive version p. We may therefore define φ→ ψ as φ∨ψ, φ↔ ψ as φ→ ψ∧ψ → φ, > as p ∨ p, and ⊥ as p ∧ p. We will use these abbreviations throughout the paper. At present, we are principally interested in Ldm and temporal frames: in particular, since Tstit will be introduced as the temporal extension of Ldm and, more generally, because the logic of STIT has an implicit temporal intuition underlying choice-making (cf. original branching-time frames employed for Ldm [4,15,16]). We will prove that Ldm is strongly complete with respect to these more elaborate irreflexive Temporal Kripke STIT frames. Definition 2 (Relational Tstit Frames and Models [17]). Let Rα(w) := {v ∈ W |(w, v) ∈ Rα} for α ∈ {, Ag,G,H} ∪ Ag. A relational Temporal STIT frame (Tstit-frame) is defined as a tuple F = (W,R, {Ri|i ∈ Ag},RAg,RG,RH) where W is a non-empty set of worlds w, v, u... and: – For all i ∈ Ag, R, Ri, RAg ⊆W ×W are equivalence relations where: (C1) For each i, Ri ⊆ R; (C2) For all u1, ..., un ∈W , if Ruiuj for all 1 ≤ i, j ≤ n, then ⋂ iRi(ui) 6= ∅; (C3) For all w ∈W , RAg(w) = ⋂ i∈AgRi(w); – RG ⊆W×W is a transitive and serial binary relation and RH is the converse of RG, and the following conditions hold: (C4) For all w, u, v ∈W , if RGwu and RGwv, then RGuv, u = v, or RGvu; (C5) For all w, u, v ∈W , if RHwu and RHwv, then RHuv, u = v, or RHvu; (C6) RG ◦ R ⊆ RAg ◦ RG; (Relation composition ◦ is defined as usual.) (C7) For all w, u ∈W , if u ∈ R(w), then u 6∈ RG(w); A Tstit-model is defined as a tuple M = (F, V ) where F is a Tstit-frame and V is a valuation function assigning propositional variables to subsets of W ; that is, V : V ar 7→ P(W ). The property expressed in C2 corresponds to the familiar independence of agents principle of STIT logic, which states that if it is currently possible for each distinct agent to make a certain choice, then it is possible for all such choices to be made simultaneously. Condition C6 captures the STIT principle Cut-free Calculi for Temporal STIT Logics 5 of no choice between undivided histories, which ensures that if two time-lines remain undivided at some future moment, then no agent can currently make a choice realizing one time-line without the other. (This principle is inexpressible in the atemporal language of the base logic Ldm.) For a philosophical discussion of these principles see [4]. Last, condition C7 ensures that the temporal frames under consideration are irreflexive, which means that the future is a strict future (excluding the present). For a discussion of the other frame properties we refer to [17]. Definition 3 (Semantics for LLdm and LTstit). Let M be a Tstit-model and let w be a world in its domain W . The satisfaction of a formula φ on M at w is inductively defined as follows (in clauses 1-14 we omit explicit mention of M): 1. w |= p iff w ∈ V (p) 2. w |= p iff w 6∈ V (p) 3. w |= φ ∧ ψ iff w |= φ and w |= ψ 4. w |= φ ∨ ψ iff w |= φ or w |= ψ 5. w |= φ iff ∀u ∈ R(w), u |= φ 6. w |= ♦φ iff ∃u ∈ R(w), u |= φ 7. w |= [i]φ iff ∀u ∈ Ri(w), u |= φ 8. w |= 〈i〉φ iff ∃u ∈ Ri(w), u |= φ 9. w |= [Ag]φ iff ∀u ∈ RAg(w), u |= φ 10. w |= 〈Ag〉φ iff ∃u ∈ RAg(w), u |= φ 11. w |= Gφ iff ∀u ∈ RG(w), u |= φ 12. w |= Fφ iff ∃u ∈ RG(w), u |= φ 13. w |= Hφ iff ∀u ∈ RH(w), u |= φ 14. w |= Pφ iff ∃u ∈ RH(w), u |= φ A formula φ is globally true on M (i.e. M |=φ) iff it is satisfied at every world w in the domain W of M . A formula φ is valid (i.e. |=φ) iff it is globally true on every Tstit-model. Definition 4 (The Logic Ldm [4]). The Hilbert system of Ldm consists of the following axioms and inference rules: φ→ (ψ → φ) (ψ → φ)→ (φ→ ψ) (φ→ (ψ → χ))→ ((φ→ ψ)→ (φ→ χ)) φ→ φ ♦φ→ ♦φ (φ→ ψ)→ (φ→ ψ) [i]φ→ φ 〈i〉φ→ [i]〈i〉φ φ ∨ ♦φ [i]φ ∨ 〈i〉φ ∧ i∈Ag ♦[i]φi → ♦( ∧ i∈Ag[i]φi) [i](φ→ ψ)→ ([i]φ→ [i]ψ) φ→ [i]φ φ φ φ φ→ ψ ψ A derivation of φ in Ldm from a set of premises Θ, is written as Θ `Ldm φ. When Θ is the empty set, we refer to φ as a theorem and write `Ldm φ. The axiomatization contains duality-axioms φ∨♦φ and [i]φ∨〈i〉φ which ensure the usual interaction between the box and diamond modalities. Furthermore, the axiom ∧ i∈Ag ♦[i]φi → ♦( ∧ i∈Ag[i]φi) is the independence of agents (IOA) axiom. Theorem 1 (Soundness [17]). For any formula φ, if `Ldm φ, then |=φ. Observe that all axioms of Ldm are within the Sahlqvist class. Therefore, we know that Ldm is already strongly complete relative to the simpler class of frames defined by the first-order properties corresponding to its axioms [6] (cf. [2,14] for alternative completeness proofs of Ldm relative to this class of relational frames). 6 K. van Berkel and T. Lyon As mentioned previously, we are interested in Ldm relative to the more involved temporal frames. The usual canonical model construction from [6] cannot be applied to obtain completeness of Ldm in relation to Tstit-frames. This follows from the fact that the axioms of Ldm do not impose any temporal structure on the canonical model of Ldm, and hence, we are not ensured that the resulting model qualifies as a Tstit-model. Theorem 2 is therefore proved via an alternative canonical model construction, which can be found in appendix A. Theorem 2 (Completeness). Any consistent set Σ ⊂ LLdm is satisfiable. 2.2 A Cut-free Labelled Calculus for Ldm We now provide a cut-free labelled calculus for Ldm, which can be seen as a simplification of the tableaux calculus in [27]. Labelled sequents Γ are defined through the following BNF grammar: Γ ::= x : φ | Γ, Γ | Rαxy, Γ where x is from a countable set of labels L = {x, y, z, ...}, α ∈ {} ∪ Ag, and φ ∈ LLdm. Note that commas are used equivocally in the interpretation of a labelled sequent: representing (i) a conjunction when occurring between relational atoms, (ii) a disjunction when occurring between labelled formulae, and (iii) an implication when binding the multiset of relational atoms to the multiset of labelled formulae, which comprise a sequent. Last, we use the notation `G3X x : φ (for X ∈ {Ldm,Tstit,Xstit}) to denote here and later that the labelled formula x : φ is derivable in the calculus G3X. The first order correspondents of all Ldm axioms are geometric axioms: that is, axioms of the form ∀x1...xn((φ1 ∧ ... ∧ φm) → ∃y1...yk(ψ1 ∨ ... ∨ ψl)) where each φi is atomic and does not contain free occurrences of yj (for 1 ≤ j ≤ k), and each ψi is a conjunction χ1 ∧ ...∧ χr of atomic formulae. The calculus G3Ldm is obtained by transforming all such correspondents into rules; i.e. geometric rules. (For further discussion on extracting rules from axioms, we refer to [20,22].) Last, since our formulae are in negation normal form, we provide a one-sided version of the calculi introduced in [20]. This allows for a simpler formalism with fewer rules, but which is equivalent in expressivity. Definition 5 (The Calculus G3Ldm). (id) Γ,w : p, w : p Γ,w : φ Γ,w : ψ (∧) Γ,w : φ ∧ ψ Γ,w : φ,w : ψ (∨) Γ,w : φ ∨ ψ Γ,Rwv, v : φ ()∗ Γ,w : φ Γ,Rwu,w : ♦φ, u : φ (♦) Γ,Rwu,w : ♦φ Γ,Riwv, v : φ ([i])∗ Γ,w : [i]φ Γ,Riwu,w : 〈i〉φ, u : φ (〈i〉) Γ,Riwu,w : 〈i〉φ Rww, Γ (refl) Γ Riww, Γ (refl[i]) Γ Rwu1, ...,Rwun,R1u1v, ...,Rnunv, Γ (IOA)∗Rwu1, ...,Rwun, Γ Cut-free Calculi for Temporal STIT Logics 7 Rwu,Rwv,Ruv, Γ (eucl)Rwu,Rwv, Γ Rwu,Riwu, Γ (br[i])Riwu, Γ Riwu,Riwv,Riuv, Γ (eucl[i])Riwu,Riwv, Γ The '∗' on the labels (), ([i]), and (IOA) indicates an eigenvariable condition for this rule: i.e. the label v occurring in the premise of the rule cannot occur in the conclusion. The rule (id) is an initial sequent and the rules (∧), (∨), (), (♦), ([i]) and (〈i〉) allow us to decompose connectives. Furthermore, as indicated by the relational atoms, the rules (refl), (refl[i]), (eucl), (eucl[i]), (br[i]) capture the behavior of the corresponding modal operators, and the rule (IOA) secures independence of agents in G3Ldm. In order to establish the intended soundness and completeness results, we need to formally interpret a labelled sequent relative to a given model. For the sake of brevity, we provide the semantics uniformly for all labelled sequent languages appearing in this paper: Definition 6 (Interpretation, Satisfiability, Validity). Let X ∈ {Ldm,Tstit, Xstit}. Let M be a model for X with domain W , L the set of labels used in the labelled sequent language of G3X, Γ a sequent in G3X and let Rα be a relation of M . (We have Rα ∈ {R,Ri} for X = Ldm, Rα ∈ {R,Ri,RAg,RG, RG,RH} for X = Tstit, and Rα ∈ {R,RX ,RA}, for all A ⊆ Ag, when X = Xstit. We take RG as the complement of the relation RG.) Last, let I be an interpretation function of L on M that maps labels to worlds; i.e. I: L 7→W . We say that, a sequent Γ is satisfied in M with I iff for all relational atoms Rαxy and equalities x=y in Γ , if RαxIyI holds in M , then there must exist some z : φ in Γ such that M, zI |=φ. A sequent Γ is valid iff it is satisfiable in any model M with any I of L on M . Theorem 3 (Soundness). Every sequent derivable in G3Ldm is valid. Proof. By induction on the height of the given G3Ldm derivation. For initial sequents of the form Γ,w:p, w:p the claim is clear. The inductive step is argued by showing that each inference rule preserves validity (cf. theorem 5.3 in [21]). Lemma 1. For all φ ∈ LLdm, if `Ldm φ, then `G3Ldm x : φ. Proof. The derivation of each axiom and inference rule of Ldm, except for the IOA-axiom, is straightforward (See [20,23]). For readability, we only present the derivation of the IOA-axiom for two agents; the general case is similar: 8 K. van Berkel and T. Lyon R1vu,R1yv,R1yu, ..., y : 〈1〉φ1, u : φ1, u : φ1 R1vu,R1yv,Riyu, ..., y : 〈1〉φ1, u : φ1 R1vu,R1yv, ..., y : 〈1〉φ1, u : φ1 R1yv, ..., y : 〈1〉φ1, v : [1]φ1 R2vu,R2zv,Rizw, ..., z : 〈2〉φ2, w : φ2, w : φ2 R2vw,R2zv,R2zw, ..., z : 〈2〉φ2, w : φ2 R2vw,R2zv, ..., z : 〈2〉φ2, w : φ2 R2zv, ..., z : 〈2〉φ2, v : [2]φ2 R1yv,R2zv,Rxy,Ryv,Rxv,Rxz, y : 〈1〉φ1, z : 〈2〉φ2, x : ♦([1]φ1 ∧ [2]φ2), v : [1]φ1 ∧ [2]φ2 R1yv,R2zv,Rxy,Ryv,Rxv,Rxz, y : 〈1〉φ1, z : 〈2〉φ2, x : ♦([1]φ1 ∧ [2]φ2) R1yv,R2zv,Rxy,Ryv,Rxz, y : 〈1〉φ1, z : 〈2〉φ2, x : ♦([1]φ1 ∧ [2]φ2) R1yv,R2zv,Rxy,Rxz, y : 〈1〉φ1, z : 〈2〉φ2, x : ♦([1]φ1 ∧ [2]φ2) Rxy,Rxz, y : 〈1〉φ1, z : 〈2〉φ2, x : ♦([1]φ1 ∧ [2]φ2) x : 〈1〉φ1, x : 〈2〉φ2, x : ♦([1]φ1 ∧ [2]φ2) x : 〈1〉φ1 ∨〈2〉φ2 ∨ ♦([1]φ1 ∧ [2]φ2) The dashed lines in the above proof indicate the use of transitivity rules, which are derivable from the (refl[i]), (eucl[i]), (refl), and (eucl) rules (see [20]). Theorem 4 (Completeness). For all φ ∈ LLdm, if |= φ, then `G3Ldm x : φ. Proof. Follows from theorem 2 and lemma 1. Due to the fact that all labelled sequent calculi given in this paper fit within the scheme presented in [20,22], we obtain the subsequent theorem specifying their proof-theoretic properties: Theorem 5. Each calculus G3X with X ∈ {Ldm,Tstit,Xstit} has the following properties: 1. All sequents of the form Γ, x : φ, x : φ are derivable in G3X with φ in the language LX; 2. All inference rules of G3X are height-preserving invertible; 3. Weakening, contraction, and variable-substitution are height-preserving admissible; 4. Cut is admissible. Proof. See [20] and [22] for details. In order to maintain the admissibility of contraction, our calculi must satisfy the closure condition [20,22]. That is, the calculi G3Ldm,G3Tstit and G3Xstit adhere to the following condition: For any generalized geometric rule in which a substitution of variables produces a duplication of relational atoms or equalities active in the rule, the instance of the rule with such duplicates contracted is added to the calculus. Since variable substitutions can only bring about a finite number of rule instances possessing duplications, the closure condition adds at most finitely many rules and is hence unproblematic. (Generalized geometric rules extend the class of geometric rules and can be extracted from generalized geometric axioms. In short, these are formulae of the form Cut-free Calculi for Temporal STIT Logics 9 GAn = ∀x1...xn((φ1∧ ...∧φm)→ (∃y1 ∧ GAk1 ∨ ...∨∃ym ∧ GAkm)), where each∧ GAkj (for 0≤k1, * * *, km<n) stands for a conjunction of generalized geometric axioms, inductively constructed up to kj-depth with the base case GA0 being a geometric axiom. For a formal treatment of these axioms and rules see [22].) 3 The Logic Tstit 3.1 Axiomatization for Tstit The logic Tstit extends the logic Ldm through the incorporation of tense modalities and the modality for the grand coalition of agents (see definition 1). This additional expressivity allows for the application of Tstit in settings where one wishes to reason about the joint action of all agents, or the consequences of choices over time. The logic was originally proposed in [17] as a Hilbert system, in this section we provide a corresponding cut-free calculus. Definition 7 (The Logic Tstit [17]). The Hilbert system for the logic Tstit is defined as the logic Ldm extended with the following axioms and inference rules: [Ag]φ→ φ 〈Ag〉φ→ [Ag]〈Ag〉φ ∧ 1≤i≤n[i]φi → [Ag] ∧ 1≤i≤n φi φ→ GPφ φ→ HFφ Gφ→ Fφ FFφ→ Fφ FPφ→ Pφ ∨ φ ∨ Fφ PFφ→ Pφ ∨ φ ∨ Fφ Gφ ∨ Fφ Hφ ∨ Pφ [Ag]φ ∨ 〈Ag〉φ α(φ→ ψ)→ (αφ→ αψ) for α ∈ {G,H, [Ag]} F♦φ→ 〈Ag〉Fφ φ Gφ φ Hφ (¬p ∧(Gp ∧ Hp))→ φ with p 6∈ φ φ A derivation of φ in Tstit from a set of premises Θ, is written as Θ `Tstit φ. When Θ is the empty set, we refer to φ as a theorem and write `Tstit φ. Note that the axiom F♦φ → 〈Ag〉Fφ characterizes the no choice between undivided histories property (definition 2, C6). Furthermore, the last inference rule, a variation of Gabbay's irreflexivity rule [10], characterizes the property of RGirreflexivity (definition 2, C7). For a discussion of all axioms and rules see [17]. Theorem 6 (Soundness and Completeness [17]). For any formula φ ∈ LTstit, `Tstit φ iff |= φ. 3.2 A Cut-free Labelled Calculus for Tstit Let L = {x, y, z, ...} be a countable set of labels. The language of G3Tstit is defined as follows: Γ ::= x : φ | Γ, Γ | Rαxy, Γ where x ∈ L, φ ∈ LTstit, and Rα ∈ {R,Ri,RAg,RG, RG,RH}. On the basis of this language, we construct the calculus G3Tstit as an extension of G3Ldm. Definition 8 (The Calculus G3Tstit). The labelled calculus G3Tstit consists of all the rules of G3Ldm extended with the following set of rules: 10 K. van Berkel and T. Lyon RHwu,RGuw, Γ (convH)RHwu, Γ Γ,RHwu,w : Pφ, u : φ (P) Γ,RHwu,w : Pφ (compG1) RGwu, RGwu, Γ Γ,RGwv, v : φ (G)∗ Γ,w : Gφ Γ,RGwu,w : Fφ, u : φ (F) Γ,RGwu,w : Fφ RGwu,RHuw, Γ (convG)RGwu, Γ Γ,RAgwu,w : 〈Ag〉φ, u : φ (〈Ag〉) Γ,RAgwu,w : 〈Ag〉φ RAgww, Γ (reflAg) Γ w = w, Γ (refl=) Γ RGuv,RGwu,RGwv, Γ u = v,RGwu,RGwv, Γ RGvu,RGwu,RGwv, Γ (connG)RGwu,RGwv, Γ RHuv,RHwu,RHwv, Γ u = v,RHwu,RHwv, Γ RHvu,RHwu,RHwv, Γ (connH)RHwu,RHwv, Γ RGwu,Ruz,RAgwv,RGvz, Γ (ncuh)∗RGwu,Ruz, Γ RGwu, Γ RGwu, Γ (compG2)Γ RGwu,RGuv,RGwv, Γ (transG)RGwu,RGuv, Γ RAgwu,Riwu, Γ (agd)RAgwu, Γ Γ,RHwv, v : φ (H)∗ Γ,w : Hφ RGwv, Γ (serG) ∗ Γ RAgwu,RAgwv,RAguv, Γ (euclAg)RAgwu,RAgwv, Γ Rwu, RGwu, Γ (irrG)Rwu, Γ w = u,∆[w],∆[u], Γ (sub=) w = u,∆[w], Γ w = u,w = v, u = v, Γ (eucl=) w = u,w = v, Γ Γ,RAgwv, v : A ([Ag])∗ Γ,w : [Ag]A For (H), ([Ag]), (G), (ncuh), and (serG) the '∗' states that v must be an eigenvariable. We note that the rules (convG) and (convH) express the converse relation between RG and RH, and the rules (agd), (connG), (connH), (ncuh) and {(irrG), (compG1), (compG2)} correspond to conditions (C3)-(C7) of definition 2, respectively. Furthermore, the notation ∆[u] in the substitution rule (sub=) is used to express a collection of relational atoms and labelled formulae where all occurrences of the label w in ∆[w] have been replaced by occurrences of u. This notation uniformly captures all of the substitution rules given in [20]. Theorem 7 (Soundness). Every sequent derivable in G3Tstit is valid. Proof. Similar to theorem 3. Unfortunately, with respect G3Tstit completeness, we cannot use the relatively simple strategy applied in proving G3Ldm completeness. This is because the irreflexivity rule (def. 7) does not readily lend itself to derivation in G3Tstit. Here we prove G3Tstit completeness relative to irreflexive Tstit-frames by leveraging the methods presented in [21]. (NB. For this reason, we introduced RG–the complement of RG–directly into the language of the proof system.) Lemma 2. Let Γ be a G3Tstit-sequent. Either, Γ is G3Tstit-derivable, or it has a Tstit-countermodel. Cut-free Calculi for Temporal STIT Logics 11 Proof. We construct the Reduction Tree (RT) of a given sequent Γ , following the method of [21]. If RT is finite, all leaves are initial sequents that are conclusions of (id) or (compG1). If RT is infinite, by König's lemma, there exists an infinite branch: Γ0, Γ1, ..., Γn,... (with Γ0=Γ ). Let Γ = ⋃ Γi. We define a Tstit-model M∗=(W,R, {Ri|i ∈ Ag},RAg,RG,RH, V ) as follows: Let x ∼Γ y iff x=y ∈ Γ. (Usage of the rules (ref=) and (eucl=) in the infinite branch ensure ∼Γ is an equivalence relation.) Define W to consist of all equivalence classes [x] of labels in Γ under ∼Γ. For each Rαxy ∈ Γ let ([x]∼Γ , [y]∼Γ) ∈ Rα (withRα∈{R,Ri,RAg,RG, RG,RH}), and for each labelled propositional atom x : p ∈ Γ, let [x]∼Γ 6∈ V (p). It is a routine task to show that all relations and the valuation are well-defined. Last, let the interpretation I:L7→W map each label x to the class of labels [x]∼Γ containing x, and suppose I maps all other labels not in Γ arbitrarily. We show that: (i) M∗ is a Tstit model, and (ii) M∗ is a counter-model for Γ . (i) First, we assume w.l.o.g. that Γ 6=∅ because the empty sequent is not satisfied on any model. Thus, there must exist at least one label in Γ ; i.e. W 6=∅. We argue that R is an equivalence relation and omit the analogues proofs showing that Ri and RAg are equivalence relations. Suppose, for some Γn in the infinite branch there occurs a label x but Rxx 6∈ Γn. By definition of RT, at some later stage Γn+k the rule (refl) will be applied; hence, Rxx ∈ Γ. The argument is similar for the (eucl) rule. Properties (C1) and (C2) follow from the rules (br[i]) and (IOA), respectively. Regarding (C3), we only obtain RAg ⊆ ⋂ i∈AgRi in M∗ via the (agd) rule. Using lemma 9 of [17], we can transform M∗ into a model where (i) RAg= ⋂ i∈AgRi and where (ii) the model satisfies the same formulae. We obtain that RG is transitive and serial due to the (transG) and (serG) rules. RH is the converse of RG by (convG) and (convH). The properties (C4), (C5) and (C6) follow from the rules (connG), (connH) and (ncuh), respectively. (C7) follows from (irrG), (compG1), and the equality rules: these rules ensure that (∗) if [u]∼Γ ∈ R([w]∼Γ), then [u]∼Γ 6∈ RG([w]∼Γ). In what follows, we abuse notation and use [w] to denote equivocally the label w, as well as any other label v for which a chain of equalities between w and v occurs in the sequent. The claim (∗) is obtained accordingly: if both R[w][u] and RG[w][u] appear together in some sequent Γi, then higher up in the infinite branch, the equality rules will introduce relational atoms of the form Rw′u′ and RGw′u′. Eventually, the rule (irrG) will also be applied and, subsequently, the rule (compG1) will ensure that the reduction tree procedure halts for the given branch. Moreover, if RG[w][w] occurs in a sequent Γi of RT, then higher up in the branch the equality rules will introduce a relational atom of the form RGw′w′. Eventually, (refl) will be applied which adds Rw′w′ to the branch containing Γi. Lastly, (irrG) will be applied even higher up this branch, adding RGw′w′, which by (compG1) will halt the RT-procedure for that branch. Thus we may conclude: for any infinite branch of RT RGww will not occur for any label w; meaning that not only will M∗ satisfy (C7), its relation RG will be irreflexive. Additionally, note that (compG2) will ensure that RG is the complement of RG. 12 K. van Berkel and T. Lyon Lastly, as long as [x]∼Γ 6∈ V (p) when x : p ∈ Γ, all other labels can be mapped by V in any arbitrary manner. Thus, V is a valid valuation function. (ii) By construction, M∗ satisfies each relational atom in Γ, and therefore, satisfies each relational atom in Γ . By induction on the complexity of φ it is shown that for any formula x : φ ∈ Γ we have M∗, [x]∼Γ 6|= φ (See [21] for details). Hence, Γ is falsified on M∗ with I. Theorem 8 (Completeness). Every valid sequent is derivable in G3Tstit. Proof. Follows from lemma 2. 4 The Logic Xstit 4.1 Axioms and Relational Semantics for Xstit A common feature of the cstitand dstit-operator is that they do not internally employ temporal structures. In this section, we consider the logic of Xstit which contains a non-instantaneous STIT-operator explicitly affecting next states. This logic, introduced in [7,8], has been motivated by the observation that affecting next states is a central aspect of agency in computer science. Moreover, extensions of the logic Xstit have been employed to investigate the concepts of purposeful and voluntary acts and their relation to different levels of legal culpability [7]. The logic was originally proposed for a two-dimensional semantics making reference to both states and histories; the latter defined as maximally linear ordered paths on a frame. In this section, we provide a semantics for Xstit that relies on relational frames, avoiding the use of complex two-dimensional indices (the possibility of which was already noted in [7]). We provide a labelled calculus G3Xstit for this logic and prove that it is sound and complete with respect to its relational characterization. Furthermore, by showing a correspondence between the original Hilbert system Xstit and the calculus G3Xstit we show that the language of Xstit does not allow us to distinguish between the two available semantics. Definition 9 (The Language LXstit). Let Ag={1, 2, ..., n} be a finite set of agent labels and let V ar={p1, p2, p3...} be a countable set of propositional variables. LXstit is defined as follows: φ ::= p | p | φ ∧ φ | φ ∨ φ | φ | ♦φ | [A]xφ | 〈A〉xφ | [X]φ | 〈X〉φ where p ∈ V ar; and A ⊆ Ag (with special cases ∅ and Ag). The language uses the settledness operator , a group-stit operator [A]x, and the operator [X] referring to the next state. Formulae of the form [A]xφ must be read as 'group A effectively sees to it that in the next state φ holds'. As mentioned previously, we provide a semantics for the logic Xstit based on relational frames. The conditions on these frames are obtained through a simple transformation of the two-dimensional frame properties presented in [7]. Cut-free Calculi for Temporal STIT Logics 13 Definition 10 (Relational Xstit Frames and Models). An Xstit-frame is defined to be a tuple F = (W,R,RX , {RA|A ⊆ Ag}) such that W 6= ∅ and: (D1) R ⊆W×W is an equivalence relation; (D2) RX ⊆W×W is serial and deterministic; (D3) RA ⊆W×W such that, (i) R∅ = R ◦ RX ; (ii) RAg = RX ◦ R; (iii) RA ⊆ RB for ∅ ⊆ B ⊆ A ⊆ Ag; (iv) For any B,A ⊆ Ag (s.t. B ∩ A = ∅) and ∀w1, w2, w3, w5, w6 ∈ W we have: (Rw1w2 ∧Rw1w3)→ ∃w4(Rw1w4 ∧ (RAw4w5 → RAw2w5)∧ (RBw4w6 → RBw3w6)) A relational Xstit-model is a tuple M = (F, V ) where F is an Xstit-frame and V a valuation function mapping propositional variables pi ∈ V ar to subsets of W ; i.e. V : V ar 7→ P(W ). Condition (D3)-(iv) expresses the independence of agents principle for Xstit. From condition (D3)-(ii) we obtain that RAg ⊆ RX ◦ R, which ensures the principle of no choice between undivided histories (cf. definition 2, C6). Furthermore, we stress that, following [7], the relation RX is not explicitly defined as a strict next-relation; that is, the frame construction allows for reflexive worlds. For a discussion of all the frame properties we refer the reader to [7]. Definition 11 (Semantics of LXstit). To define the satisfaction of a formula φ ∈ LXstit on M at w, we make use of clauses (1)-(6) from definition 3, taking M to be an Xstit-model (but omitting explicit mention of M in the clauses), along with the following clauses (global truth and validity are defined as usual): 7. w |= [A]xφ iff ∀u ∈ RA(w), u |= φ; 8. w |= 〈A〉xφ iff ∃u ∈ RA(w), u |= φ; 9. w |= [X]φ iff ∀u ∈ RX(w), u |= φ; 10. w |= 〈X〉φ iff ∃u ∈ RX(w), u |= φ. Definition 12 (The Logic Xstit [7]). The Hilbert system for Xstit consists of the axioms and rules below, where φ, ψ ∈ LXstit, A ⊆ Ag and α ∈ {, [A]x, [X]}: φ→ (ψ → φ) (ψ → φ)→ (φ→ ψ) (φ→ (ψ → χ))→ ((φ→ ψ)→ (φ→ χ)) α(φ→ ψ)→ (αφ→ αψ) φ→ φ ♦φ→ ♦φ [A]xφ→ 〈A〉xφ 〈X〉φ→ [X]φ [X]φ↔ [∅]xφ [Ag]xφ↔ [X]φ [A]xφ→ [B]xφ(†) φ ∨ ♦φ [A]xφ ∨ 〈A〉xφ ♦[A]xφ ∧ ♦[B]xψ → ♦([A]xφ ∧ [B]xψ)(††) [X]φ ∨ 〈X〉φ φ φ→ ψ ψ φ αφ where (†)A ⊆ B ⊆ Ag; and (††)A ∩B = ∅. A derivation of φ in Xstit from Θ is written as Θ `Xstit φ. When Θ is the empty set, we refer to φ as a theorem and write `Xstit φ. 14 K. van Berkel and T. Lyon We refer to ♦[A]xφ∧♦[B]xψ → ♦([A]xφ∧ [B]xψ) as the IOAx-axiom. In contrast with the standard IOA-axiom, observe that IOAx-axiom refers to the independence of isolated groups of agents with respect to successor states. For a natural language interpretation of the other axioms of Xstit we refer to [7]. Instead of proving completeness for the intended sequent calculus directly, we prove it first for the Hilbert calculus. This enables us to eventually conclude the equivalence of these two calculi with respect to the logic Xstit. Theorem 9 (Completeness of Xstit). For all φ ∈ LXstit, if |= φ, then `Xstit φ. Proof. As observed in [7], all axioms of Xstit are Sahlqvist formulae. Furthermore, the first-order correspondents of the Xstit axioms taken together define the class of frames from definition 10. Applying Theorem 4.42 of [6], we obtain that the logic Xstit is complete relative to this class of frames. 4.2 A Cut-free Labelled Calculus for Xstit We provide a labelled calculus G3Xstit that is sound and complete relative to the relational frames of definition 10. In order to convert the Xstit axiomatization into rules for the intended calculus, we first observe that every axiom of Xstit is a geometric formula with the exception of the IOAx axiom. For the geometric formulae we can find corresponding geometric rules, following [20]. The first-order frame condition (D3)(iv) for IOAx (def. 10) is not a geometric formula; however, we observe that its components RAw4w5→RAw2w5 and RBw4w6→RBw3w6 in fact are. The IOAx-condition is, thus, a generalized geometric axiom of type GA1 and we may therefore find an equivalent system of rules, following [22]. We refer to the following system of rules 〈(IOA−E), {(IOA−U1), (IOA−U2)}〉 as the 'independence of agents' rule (IOAX). We may use the rule (IOA−E) wherever throughout the course of a derivation, but if we use either (IOA−U1) or (IOA−U2), then we must (i) use the other (IOA−Ui) rule (for i ∈ {1, 2}) in a separate branch of the derivation and (ii) use the (IOA−E) rule below both instances of (IOA−Ui); i.e. the derivation is of the form represented below: RAw4w5, RAw2w5, Γ (IOA− U1) RAw4w5, Γ ... RBw4w6, RBw3w6, Γ ′ (IOA− U2) RBw4w6, Γ ′ ... Rw1w2, Rw1w3, Rw1w4, Γ ′′ (IOA− E)∗ Rw1w2, Rw1w3, Γ ′′ where (*) w4 is an eigenvariable in the (IOA− E) rule. Definition 13 (The Calculus G3Xstit). The labeled calculus G3Xstit consists of the rules (id), (∧), (∨), (refl=), (eucl=), (sub=), (), (♦), (refl), and (eucl) from definitions 5 and 8 extended with the (IOAX)-rule and the following: Γ,RAwv, v : φ ([A]x)∗ Γ,w : [A]xφ Γ,RAwu,w : 〈A〉xφ, u : φ (〈A〉x) Γ,RAwu,w : 〈A〉xφ Cut-free Calculi for Temporal STIT Logics 15 Γ,RXwv,w : 〈X〉φ, v : φ (〈X〉) Γ,RXwvw : 〈X〉φ Rwv,RXvu,R∅wu, Γ (Eff∅)Rwv,RXvu, Γ RAwv,RBwv, Γ (C−Mon)†RAwv, Γ RXwv, Γ (serX) ∗ Γ v = u,RXwv,RXwu, Γ (detX)RXwv,RXwu, Γ Γ,RXwv, v : φ ([X])∗ Γ,w : [X]φ Rwv,RXvu,R∅wu, Γ (∅Eff)∗R∅wu, Γ RAgwu,RXwv,Rvu, Γ (EffAg)RXwv,Rvu, Γ RAgwu,RXwv,Rvu, Γ (AgEff)∗RAgwu, Γ where (∗) v is an eigenvariable; and (†) B ⊆ A ⊆ Ag. Observe that the rules {(∅Eff), (Eff∅)}, {(AgEff), (EffAg)}, (C−Mon) and (IOAX) of the labelled calculus G3Xstit capture the frame conditions (D3)(i)−(iv) of definition 10, respectively.2 Theorem 10 (Soundness). Every sequent derivable in G3Xstit is valid. Proof. Similar to theorem 3. Since all rules of G3Xstit are generalized geometric rules, we can apply the general soundness results of Theorem 6.3 of [22]. In order to prove completeness of G3Xstit relative to the logic Xstit, we employ the same strategy as for G3Ldm, by first proving that every formula derivable in Xstit is derivable in G3Xstit. Lemma 3. For all φ ∈ LXstit, if `Xstit φ, then `G3Xstit x : φ. Proof. The derivation of each axiom and inference rule is straightforward (See [20]). The G3Xstit-derivation of the IOAx-axiom can be obtained by applying the rule system (IOAX) (see appendix B). Corollary 1 (Completeness). For all φ ∈ LXstit, if |= φ, then `G3Xstit x : φ Proof. Follows from theorem 9 and lemma 3. As another consequence, we obtain that the logic Xstit can be characterized without using two-dimensional frames employing histories, as applied in [7]. 2 In [22] it is shown that every generalized geometric formula can be captured through (a system of) rules, allowing for the construction of analytic calculi for the minimal modal logic K extended with any axioms from the Sahlqvist class. Since all axioms of Ldm and Xstit are Sahlqvist formulae, the results also apply to these logics. 16 K. van Berkel and T. Lyon 5 Conclusion and Future Work In this paper, we laid the proof-theoretic foundations for implementable logics of agency by providing calculi for one of its central formalisms: STIT logic. In particular, we developed cut-free labelled sequent calculi for three STIT logics: Ldm, Tstit and Xstit. Furthermore, by providing the cut-free calculus G3Tstit for temporal STIT logic we answered the open question from [27]. All labelled calculi presented in this work, are sound and cut-free complete relative to their classes of temporal relational frames. As a corollary to the latter, we extended prior results from [2,14,17] and provided a characterization of Xstit through relational frames. We see two possible future extensions of the calculi provided in this paper: First, we aim to use these calculi to solve the decidability problems for Tstit and Xstit, which are currently open questions. Our approach will be proof-theoretic in nature and will consist of showing decidability via proof-search. To realize our goal, we plan on harnessing refinement (i.e. internalization) procedures, such as those in [9], to obtain variants of our labelled calculi that are more suitable for proof-search. Second, we aim to extend the current calculi to incorporate formal concepts that enable reasoning about normative choice-making, for example, those found in utilitarian deontic STIT [16,19] and legal theory [18]. Acknowledgments. Work funded by the projects WWTF MA16-028, FWF I2982 and FWF W1255-N23. The authors would like to thank their supervisor Agata Ciabattoni for her helpful comments. References 1. Arkoudas, K., Bringsjord S., Bello, P.: Toward ethical robots via mechanized deontic logic. In: AAAI Fall Symposium on Machine Ethics, pp.17–23 (2005) 2. Balbiani, P., Herzig, A., Troquard, N.: Alternative axiomatics and complexity of deliberative STIT theories. Journal of Philosophical Logic, 37(4), pp.387–406. Springer (2008) 3. Belnap, N., Perloff, M.: Seeing to it that: A canonical form for agentives. In Knowledge Representation and Defeasible Reasoning, pp.167–190. Springer (1990) 4. Belnap, N, Perloff, M., Xu, M.: Facing the future: Agents and choices in our indeterminist world. Oxford University Press on Demand, Oxford (2001) 5. Berkel, K. van, Pascucci, M.: Notions of instrumentality in agency logic. In: PRIMA 2018: Principles and Practice of Multi-Agent Systems, pp.403–419. Springer International Publishing, Cham (2018) 6. Blackburn, P., de Rijke, M., Venema, Y.: Modal logic. Cambridge University Press, Cambridge (2001) 7. Broersen, J.: Deontic epistemic stit logic distinguishing modes of mens rea. Journal of Applied Logic 9(2), pp.137–152. Elsevier (2011) 8. Broersen, J.: Making a start with the stit logic analysis of intentional action. Journal of philosophical logic, 40(4), pp.499–530. Springer, Dordrecht (2011) 9. Ciabattoni, A., Lyon, T., Ramanayake, R., Tiu, A.: Mutual translations between nested and labelled calculi for tense logics. Unpublished (2019) Cut-free Calculi for Temporal STIT Logics 17 10. Gabbay, D. M., Hodkinson, I., Reynolds, M.: Temporal logic: Mathematical foundations and computational aspects. Oxford University Press, Oxford (1994) 11. Gentzen, G.: Untersuchungen über das logische Schliessen. Mathematische Zeitschrift 39 (3), pp.405–431. Springer-Verlag (1935) 12. Gerdes, J.C., Thornton, S.M.: Implementable ethics for autonomous vehicles. In: Autonomes fahren, pp.87–102. Springer Vieweg, Berlin, Heidelberg (2015) 13. Goodall, N.J.: Machine ethics and automated vehicles. In: Road vehicle automation, pp.93–102 . Springer, Cham (2014) 14. Herzig, A., Schwarzentruber, F.: Properties of logics of individual and group agency. In: Advances in Modal Logic (7), pp. 133–149. College Publications (2008) 15. Horty, J. F., Belnap, N.: The deliberative stit: A study of action, omission, ability, and obligation. Journal of philosophical logic, 24(6), pp.583–644. Kluwer Academic Publishers (1995) 16. Horty, J.: Agency and Deontic Logic. Oxford University Press (2001) 17. Lorini, E.: Temporal STIT logic and its application to normative reasoning. Journal of Applied Non-Classical Logics 23 (4), pp. 372–399 (2013) 18. Lorini, E., Sartor, G.: Influence and responsibility: A logical analysis. In: Legal Knowledge and Information Systems, pp. 51–60. IOS Press (2015) 19. Murakami, Y.: Utilitarian deontic logic. In: Advances in Modal Logic (5), pp. 211– 230. King's College Publications (2005) 20. Negri, S.: Proof analysis in modal logic. Journal of Philosophical Logic 34(5-6), pp. 507–544. Kluwer Academic Publishers (2005) 21. Negri, S.: Kripke completeness revisited. Acts of Knowledge-History, Philosophy and Logic, pp. 247–282 (2009) 22. Negri, S.: Proof analysis beyond geometric theories: From rule systems to systems of rules. Journal of Logic and Computation 26(2), pp. 513–537 (2016) 23. Negri, S., von Plato, J.: Structural proof theory. Cambridge University Press (2001) 24. Olkhovikov, G., Wansing, H.: An axiomatic system and a tableau calculus for STIT imagination logic. Journal of Philosophical Logic 47(2), pp.259–279. Springer Netherlands (2018) 25. Prior, A. N.: Past, present and future. Clarendon Press, Oxford (1967) 26. Viganò, L.: Labelled non-classical logics. Kluwer Academic Publishers (2000) 27. Wansing, H.: Tableaux for multi-agent deliberative-stit logic. In: Advances in Modal Logic (6), pp.503–520. College Publications (2006) 28. Xu, M.: Actions as events. Journal of Philosophical Logic 41(4), pp.765–809. Springer Netherlands (2012) A Completeness of Ldm We give the definitions and lemmas sufficient to prove the completeness of Ldm relative to Tstit frames [17,?]. We make use of the canonical model of Ldm (obtained by standard means [6,2]) to construct a Tstit model. A truth-lemma is then given relative to this model, from which, completeness follows as a corollary. Definition 14 (Ldm-CS, Ldm-MCS). A set Θ ⊂ LLdm is a Ldm consistent set (Ldm-CS) iff Θ 6`Ldm ⊥. We call a set Θ ⊂ LLdm a Ldm maximally consistent set (Ldm-MCS) iff Θ is a Ldm-CS and for any set Θ′ such that Θ ⊂ Θ′, Θ′ `Ldm ⊥. Lemma 4 (Lindenbaum's Lemma [6]). Every Ldm-CS can be extended to a Ldm-MCS. 18 K. van Berkel and T. Lyon Definition 15 (Present and Future Pre-Canonical Tstit Model). The present pre-canonical Tstit model is the tuple Mpres = (W pres,Rpres , {R pres i |i ∈ Ag}, V pres) defined below left, and the future pre-canonical Tstit model is the tuple M fut = (W fut,Rfut , {Rfuti |i ∈ Ag}, V fut) defined below right: – W pres is the set of all Ldm-MCSs; – Rpres wu iff for all φ ∈ w, φ ∈ u; – Rpresi wu iff for all [i]φ ∈ w, φ ∈ u; – V pres(p) = {w ∈W |p ∈ w}. – W fut = W pres; – Rfut (w) = ⋂ i∈AgR pres i (w); – Rfuti (w) = ⋂ i∈AgR pres i (w); – V fut(p) = V pres(p). Definition 16 (Canonical Temporal Kripke STIT Model). We define the canonical temporal Kripke STIT model to be the tuple MLdm = (W Ldm,RLdm , {RLdmi |i ∈ Ag},RLdmAg ,RLdmG ,RLdmH , V Ldm) such that: – W Ldm = W pres × N3; – RLdm wjuj iff (i) R pres  wu and j = 0, or (ii) R fut  wu and j > 0; – RLdmi wjuj iff (i) R pres i wu and j = 0, or (ii) Rfuti wu and j > 0; – RLdmAg (wj) = ⋂ 1≤i≤nRLdmi (wj); – RLdmG = {(wj , wk)|wj , wk ∈W Ldm and j < k}; – RLdmH = {(ui, wi)|(wi, ui) ∈ RLdmG }; – V Ldm(p) = {wj ∈W Ldm|w ∈ V pres(p)}. Lemma 5. For all α ∈ {, Ag} ∪Ag, if RLdmα wjuk for j, k ∈ N, then j = k. Proof. Follows by definition of the canonical Tstit model. Lemma 6. For all j ∈ N with k ≥ 1, (wj , uj) ∈ RLdmAg iff (wj+k, uj+k) ∈ RLdmAg . Proof. This follows from the fact that u0 ∈ RLdmAg (w0) iff u ∈ ⋂ i∈AgR pres i (w) iff u ∈ Rfuti (w) for each i ∈ Ag iff u ∈ ⋂ i∈AgRfuti (w) iff uk ∈ ⋂ i∈AgRLdmi (wk) for any k > 0. Lemma 7 ([6]). (i) For all x ∈ {pres, fut, Ldm}, Rxwu iff for all φ, if φ ∈ u, then ♦φ ∈ w. (ii) For all x ∈ {pres, fut, Ldm}, Rxiwu iff for all φ, if φ ∈ u, then 〈i〉φ ∈ w. Lemma 8 (Existence Lemma [6]). (i) For any world wj ∈W Ldm, if ♦φ ∈ wj, then there exists a world uj ∈ W Ldm such that RLdm wjuj and φ ∈ uj. (ii) For any world wj ∈ W Ldm, if 〈i〉φ ∈ wj, then there exists a world uj ∈ W Ldm such that RLdmi wjuj and φ ∈ uj. Lemma 9. The Canonical Model is a temporal Kripke STIT model. Proof. We prove that MLdm has all the properties of a Tstit model: 3 Note that we choose to write each world (w, j) ∈ W Ldm as wj to simplify notation. Moreover, we write φ ∈ wj to mean that the formula φ is in the Ldm-MCS w associated with j. Cut-free Calculi for Temporal STIT Logics 19 – By lemma 4, the Ldm consistent set {p} can be extended to a Ldm-MCS, and thereforeW pres is non-empty. Since N is non-empty as well,W pres×N = W Ldm is a non-empty set of worlds. – We argue that RLdm is an equivalence relation between worlds of W Ldm, and omit the arguments for RLdmi and RLdmAg , which are similar. Suppose that wj ∈ W Ldm. We have two cases to consider: (i) j = 0, and (ii) j > 0. (i) Standard canonical model arguments apply and RLdm is an equivalence relation between all worlds of the form w0 ∈W Ldm (See [6] for details). (ii) If we fix a j > 0, then RLdm will be an equivalence relation for all worlds of the form wj ∈W Ldm since the intersection of equivalence relations produces another equivalence relation. Last, since RLdm is an equivalence relation for each fixed j ∈ N, and because each W pres×{j} ⊂W Ldm is disjoint from each W pres×{j′} ⊂W Ldm for j 6= j′, we know that the union all such equivalence relations will be an equivalence relation. (C1) Let i be in Ag and assume that (wj , uj) ∈ RLdmi . We split the proof into two cases: (i) j = 0, or (ii) j > 0. (i) Assume that φ ∈ w0. Since w is a Ldm-MCS, it contains the axiom φ → [i]φ, and so, [i]φ ∈ w as well. Since (w, u) ∈ Rpresi (because j = 0), we know that φ ∈ u by the definition of the relation; therefore, (w, u) ∈ Rpres , which implies that (w 0, u0) ∈ RLdm by definition. (ii) The assumption that j > 0 implies that u ∈ Rfuti (w) =⋂ i∈AgR pres i (w) = Rfut (w) by definition, which implies that (wj , uj) ∈ RLdm . (C2) Let uj1, ..., u j n ∈ W Ldm and assume that RLdm u j iu j k for all i, k ∈ {1, ..., n}. We split the proof into two cases: (i) j = 0, or (ii) j > 0. (i) We want to show that there exists a world wj ∈W Ldm such that wj ∈ ⋂ 1≤i≤nRLdmi (u j i ). Let ŵj = ⋃ 1≤i≤n{φ|[i]φ ∈ u j i}. Suppose that ŵj is inconsistent to derive a contradiction. Then, there are ψ1,...,ψk such that `Ldm ∧ 1≤l≤k ψi → ⊥. For each i ∈ Ag, we define Φi = {ψl|[i]ψl ∈ uji} ⊆ {ψ1, ..., ψk}. Observe that for each i ∈ Ag, [i] ∧ Φi ∈ uji because ∧ [i]Φi ∈ uji and `Ldm ∧ [i]Φi → [i] ∧ Φi. Since by assumption RLdm u j iu j k for all i, k ∈ {1, ..., n}, this means that for any ujm we pick (with 1 ≤ m ≤ n), ♦[i] ∧ Φi ∈ ujm for each i ∈ Ag by lemma 7; hence, ∧ i∈Ag ♦[i] ∧ Φi ∈ ujm. By the (IOA) axiom, this implies that ♦ ∧ i∈Ag[i]( ∧ Φi) ∈ ujm. By lemma 8, there must exist a world vj such that RLdm ujmvj and ∧ i∈Ag[i]( ∧ Φi) ∈ vj . But then, since `Ldm [i]( ∧ Φi) → ∧ Φi by reflexivity, `Ldm ∧ i∈Ag( ∧ Φi)↔ ∧ 1≤i≤k ψi, and `Ldm ∧ 1≤i≤k ψi → ⊥, it follows that ⊥ ∈ vj , which is a contradiction since vj is a Ldm-MCS. Therefore, ŵj must be consistent and by lemma 4, it may be extended to a LdmMCS wj . Since for each [i]φ ∈ uji , φ ∈ wj , we have that w ∈ R pres i (ui) for each i ∈ Ag. Hence, w ∈ ⋂ 1≤i≤nR pres i (ui), and so, w j ∈ ⋂ 1≤i≤nRLdmi (u j i ). (ii) Suppose that j > 0, so that tj ∈ RLdm (sj) iff t ∈ Rfut (s) = ⋂ i∈AgR pres i (s). By assumption then, ujm ∈ ⋂ i∈AgR pres i (u j k) = Rfuti (u j k) for all k,m ∈ {1, ..., n} and each i ∈ Ag. Hence, ujm ∈ ⋂ i∈AgRfuti (u j k) for all k,m ∈ {1, ..., n}. If we therefore pick any ujk, it follows that u j k ∈ ⋂ i∈AgRfuti (u j i ), meaning that the intersection ⋂ 1≤i≤nRLdmi (u j i ) is non-empty. 20 K. van Berkel and T. Lyon (C3) Follows by definition. – RLdmG is a transitive and serial by definition, and RLdmH is the converse of RLdmG by definition as well. (C4) For all uj , uk, ul ∈W Ldm, suppose thatRLdmG ujuk andRLdmG ujul. Then, j < k and j < l, and since N is linearly ordered, we have that k < l, k = l, or k > l, implying that RLdmG ukul, uk = ul, or RLdmG uluk. (C5) Similar to previous case. (C6) Suppose that (uj , vj+k) ∈ RLdmG ◦ RLdm with k ≥ 1. By definition of RLdmG , uj+k is the only element inRLdmG (uj) associated with j+k, and so, (uj+k, vj+k) ∈ RLdm (By lemma 5 no other uj+k ′ with k′ 6= k can relate to vj+k in RLdm .). Since k ≥ 1, vj+k ∈ RLdm (uj+k) iff v ∈ Rfut (u) = ⋂ i∈AgR pres i (u) iff v0 ∈ RLdmAg (u0). By lemma 6, (uj , vj) ∈ RLdmAg . This implies that, and since (vj , vj+k) ∈ RLdmG by definition, we have that (uj , vj+k) ∈ RLdmAg ◦ RLdmG . (C7) Follows from the definition of the RLdmG relation. – Last, it is easy to see that the valuation function V Ldm is indeed a valuation function. Lemma 10 (Truth-Lemma). For any formula φ, MLdm, w0 |= φ iff φ ∈ w0. Proof. Shown by induction on the complexity of φ (See [6]). B G3Xstit Derivation of IOAx Axiom We make use of the system of rules (IOAX), to derive the Xstit IOA axiom in G3Xstit. Rw1w2, Rw1w3, Rw1w4, RAw4w5, RAw2w5, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w5 : φ,w5 : φ Rw1w2, Rw1w3, Rw1w4, RAw4w5, RAw2w5, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w5 : φ (IOA− U1) Rw1w2, Rw1w3, Rw1w4, RAw4w5, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w5 : φ Rw1w2, Rw1w3, Rw1w4, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w4 : [A]xφ D1 Rw1w2, Rw1w3, Rw1w4, RBw4w6, RBw3w6, w2 : 〈A〉xφ,w3 : 〈B〉xψ, .... w6 : ψ,w6 : ψ Rw1w2, Rw1w3, Rw1w4, RBw4w6, RBw3w6, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w6 : ψ (IOA− U2) Rw1w2, Rw1w3, Rw1w4, RBw4w6, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w6 : ψ Rw1w2, Rw1w3, Rw1w4, w2 : 〈A〉xφ,w3 : 〈B〉xψ, ... w4 : [B]xψ D2 D1 D2 Rw1w2, Rw1w3, Rw1w4, w2 : 〈A〉xφ,w3 : 〈B〉xψ,w1 : ♦([A]xφ ∧ [B]xψ), w4 : [A]xφ ∧ [B]xψ Rw1w2, Rw1w3, Rw1w4, w2 : 〈A〉xφ,w3 : 〈B〉xψ,w1 : ♦([A]xφ ∧ [B]xψ) (IOA− E) Rw1w2, Rw1w3, w2 : 〈A〉xφ,w3 : 〈B〉xψ,w1 : ♦([A]xφ ∧ [B]xψ) w1 : 〈A〉xφ,w1 : 〈B〉xψ,w1 : ♦([A]xφ ∧ [B]xψ) w1 : 〈A〉xφ ∨〈B〉xψ ∨ ♦([A]xφ ∧ [B]xψ)