Sujata Ghosh and R. Ramanujam: M4M9 EPTCS 243, 2017, pp. 59–74, doi:10.4204/EPTCS.243.5 c© S. Bucheli, M. Ghari & T. Studer This work is licensed under the Creative Commons Attribution License. Temporal Justification Logic Samuel Bucheli Zhlke Engineering AG, Bogenschtzenstrasse 9A, 3008 Bern, Switzerland samuel.bucheli.cs@gmail.com Meghdad Ghari∗ School of Mathematics, Institute for Research in Fundamental Sciences (IPM), P.O. Box: 19395-5746, Tehran, Iran ghari@ipm.ir Thomas Studer† Institut für Informatik, Universität Bern, Neubrückstrasse 10, 3012 Bern, Switzerland tstuder@inf.unibe.ch Justification logics are modal-like logics with the additional capability of recording the reason, or justification, for modalities in syntactic structures, called justification terms. Justification logics can be seen as explicit counterparts to modal logics. The behavior and interaction of agents in distributed system is often modeled using logics of knowledge and time. In this paper, we sketch some preliminary ideas on how the modal knowledge part of such logics of knowledge and time could be replaced with an appropriate justification logic. 1 Introduction Justification logics are epistemic logics that feature explicit reasons for an agent's knowledge and belief. Originally, Artemov [1] developed the first justification logic, the Logic of Proofs LP, to provide a classical provability semantics for intuitionistic logic. Later, Fitting [11] introduced epistemic models for justification logic. This general reading of justification led to a big variety of epistemic justification logics for many different applications [2, 3, 4, 6, 13, 14, 19, 20]. Instead of an implicit statement Kφ , which stands for the agent knows φ , justification logics include explicit statements of the form [t]φ , which mean t justifies the agent's knowledge of φ . A common approach to model distributed systems of interacting agents is using logics of knowledge and time, with the interplay between these two modalities leading to interesting properties and questions [10, 17, 18, 21, 9]. While knowledge in such systems has typically been modeled using the modal logic S5, it is a natural question to ask what happens when we model knowledge in such logics using a justification logic. This paper offers a first study on combing temporal logic and justification logic. We introduce a system LPLTLCS that combines linear time temporal logic LTL with the justification logic LP. In Sections 2 and 3 we present the language and the axioms of LPLTLCS, respectively. In Section 4 we introduce interpreted systems with Fitting models as semantics for temporal justification logic. In Section 5 we establish soundness and completeness of LPLTLCS. In Section 6 we present an extension LPLTL?CS of LPLTLCS that enjoys the internalization property. In Section 7 we introduce some additional principles concerning interactions of knowledge, justifications, and time. In Section 8 we conclude the paper and discuss some open problems. Acknowledgments. We would like to thank the anonymous referees for many helpful comments, which helped to improve the paper. ∗This research was in part supported by a grant from IPM (No. 95030416). †This work was partially supported by the SNSF project 200021 165549 Justifications and non-classical reasoning. 60 Temporal Justification Logic 2 Language In the following, let h be a fixed number of agents, Const a countable set of justification constants, Var a countable set of justification variables, and Prop a countable set of atomic propositions. The set of justification terms Tm is defined inductively by t ::= c | x | !t | t + t | t * t , where c ∈ Const and x ∈ Var. The set of formulas Fml is inductively defined by φ ::= P | ⊥ | φ → φ | ©φ | φ U φ | [t]iφ , where 1≤ i≤ h, t ∈ Tm, and P ∈ Prop. We use the following usual abbreviations: ¬φ := φ →⊥ > := ¬⊥ φ ∨ψ := ¬φ → ψ φ ∧ψ := ¬(¬φ ∨¬ψ) φ ↔ ψ := (φ → ψ)∧ (ψ → φ) ♦φ :=>U φ φ := ¬♦¬φ. Associativity and precedence of connectives, as well as the corresponding omission of brackets, are handled in the usual manner. Subformulas are defined as usual. The set of subformulas Sub(χ) of a formula χ is inductively given by: Sub(P) := {P} Sub(⊥) := {⊥} Sub(φ → ψ) := {φ → ψ}∪Sub(φ)∪Sub(ψ) Sub(©φ) := {©φ}∪Sub(φ) Sub(φ U ψ) := {φ U ψ}∪Sub(φ)∪Sub(ψ) Sub([t]iφ) := {[t]iφ}∪Sub(φ). 3 Axioms The axiom system for temporal justification logic consists of three parts, namely propositional logic, temporal logic, and justification logic. Propositional Logic For propositional logic, we take 1. all propositional tautologies (Taut) as axioms and the rule modus ponens, as usual: φ φ → ψ ψ (MP) . S. Bucheli, M. Ghari & T. Studer 61 Temporal Logic For the temporal part, we use a system of [12, 15, 16] with axioms 2. ©(φ → ψ)→ (©φ →©ψ) (©-k) 3. (φ → ψ)→ (φ →ψ) (-k) 4. ©¬φ ↔¬©φ (fun) 5. (φ →©φ)→ (φ →φ) (ind) 6. φ U ψ → ♦ψ (U 1) 7. φ U ψ ↔ ψ ∨ (φ ∧©(φ U ψ)) (U 2) and rules φ ©φ (©-nec) , φ φ (-nec) . Justification Logic Finally, for the justification logic part, we use a multi-agent version of the Logic of Proofs [1, 6, 13, 27] with axioms 8. [t]i(φ → ψ)→ ([s]iφ → [t * s]iψ) (application) 9. [t]iφ → [t + s]iφ [s]iφ → [t + s]iφ (sum) 10. [t]iφ → φ (reflexivity) 11. [t]iφ → [!t]i [t]iφ (positive introspection) and rule [c]iφ ∈ CS [c]iφ (ax-nec) , where the constant specification CS is a set of formulas [c]iφ , where c ∈ Const is a justification constant and φ is an axiom of propositional logic, temporal logic, or justification logic. For a given constant specification CS, we use LPLTLCS to denote the Hilbert system given by the axioms and rules for propositional logic, temporal logic, and justification logic as presented above. As usual, we write LPLTLCS `φ or simply `CS φ if a formula φ is derivable in LPLTLCS. Often the constant specification is clear from the context and we will only write ` φ instead of `CS φ . The axiomatization for linear time temporal logic given in [12, 15, 16] includes an axiom φ → (φ ∧©φ). The following lemma shows that we do not need this axiom since in our formalization  is a defined operator. Lemma 1. We have `CS φ → (φ ∧©φ) and (MP) is the only rule that is used in this derivation. 62 Temporal Justification Logic Proof. φ stands for ¬(>U ¬φ). Hence from (U 2) we get `CS ¬φ ∨©(>U ¬φ)→>U ¬φ. Taking the contrapositive yields `CS ¬(>U ¬φ)→¬(¬φ ∨©(>U ¬φ)). By propositional reasoning and (fun) we get `CS ¬(>U ¬φ)→ (φ ∧©¬(>U ¬φ)), which is `CS φ → (φ ∧©φ). Remark. As usual, we find that the following rule is derivable, see [5, Lemma 6] for a detailed derivation, χ →¬ψ ∧©χ χ →¬(φ U ψ) . From this, we get that the following rule is also derivable χ →¬ψ ∧©(χ ∨ (¬φ ∧¬ψ)) χ →¬(φ U ψ) (U -R) . A proof is given in [17, Lemma 4.5]. 4 Semantics In this section we introduce interpreted systems based on Fitting-models as semantics for temporal justification logic. Definition 2. A frame is a tuple (S,R1, . . . ,Rh) where 1. S is a non-empty set of states; 2. each Ri ⊆ S×S is a reflexive and transitive relation. A run r on a frame is a function from N to states, i.e., r : N→ S. A system R is a non-empty set of runs. Definition 3. Given a frame (S,R1, . . . ,Rh), a CS-evidence function for agent i is a function Ei : S×Tm→P(Fml) satisfying the following conditions. For all terms s, t ∈ Tm, all formulas φ,ψ ∈ Fml, and all v,w ∈ S, 1. Ei(v, t)⊆ Ei(w, t), whenever Ri(v,w) (monotonicity) 2. if [c]iφ ∈ CS, then φ ∈ Ei(w,c) (constant specification) 3. if φ → ψ ∈ Ei(w, t) and φ ∈ Ei(w,s), then ψ ∈ Ei(w, t * s) (application) 4. Ei(w,s)∪Ei(w, t)⊆ Ei(w,s+ t) (sum) 5. if φ ∈ Ei(w, t), then [t]iφ ∈ Ei(w, !t) (positive introspection) S. Bucheli, M. Ghari & T. Studer 63 Definition 4. An interpreted system for CS is a tuple I = (R,S,R1, . . . ,Rh,E1 . . . ,Eh,ν) where 1. (S,R1, . . . ,Rh) is a frame; 2. R is a system on that frame; 3. Ei is a CS-evidence function for agent i for 1≤ i≤ h; 4. ν : S→P(Prop) is a valuation. Definition 5. Given an interpreted system I = (R,S,R1, . . . ,Rh,E1, . . . ,Eh,ν), a run r ∈R, and n ∈ N, we define truth of a formula φ in I at state r(n) inductively by (I ,r,n)  P iff P ∈ ν(r(n)) , (I ,r,n) 6⊥ , (I ,r,n)  φ → ψ iff (I ,r,n) 6 φ or (I ,r,n)  ψ , (I ,r,n) ©φ iff (I ,r,n+1)  φ , (I ,r,n)  φ U ψ iff there is some m≥ 0 such that (I ,r,n+m)  ψ and (I ,r,n+ k)  φ for all 0≤ k < m , (I ,r,n)  [t]iφ iff φ ∈ Ei(r(n), t) and (I ,r′,n′)  φ for all r′ ∈R and n′ ∈ N such that Ri(r(n),r′(n′)) . As usual, we write I  φ if for all r ∈R and all n ∈ N, we have (I ,r,n)  φ . Further, we write CS φ if I  φ for all interpreted systems I for CS. Remark. From the definitions of  and ♦ it follows that: (I ,r,n)  ♦φ iff (I ,r,n+ k)  φ for some k ≥ 0 , (I ,r,n)  φ iff (I ,r,n+ k)  φ for all k ≥ 0 . 5 Soundness and Completeness The soundness proof for LPLTLCS is a straightforward combination of the soundness proofs for temporal logic and justification logic by induction on the derivation. Theorem 6. Let CS be an arbitrary constant specification. For each formula φ , `CS φ implies |=CS φ. Our completeness proof for LPLTLCS follows the one given in [17]. First, we define Γ `CS φ iff there exist ψ1, . . . ,ψn ∈ Γ such that `CS (ψ1∧** *∧ψn)→ φ . Following our convention, we will usually write Γ ` φ instead of Γ `CS φ . 64 Temporal Justification Logic Definition 7. Let CS be a constant specification. A set Γ of formulas is called CS-consistent if Γ 6`CS ⊥. That means 6`CS ∧ Σ→⊥, for each finite Σ⊆ Γ. For a formula χ , let Sub+(χ) := Sub(χ)∪{¬ψ | ψ ∈ Sub(χ)}. Let MCSχ denote the set of all maximally CS-consistent subsets of Sub+(χ). We have the following facts for Γ ∈MCSχ : • If Γ `CS φ , then `CS ∧ Γ→ φ . • If φ ∈ Sub(χ) and φ 6∈ Γ, then ¬φ ∈ Γ. • If φ ∈ Sub+(χ) and Γ `CS φ , then φ ∈ Γ. • If ψ ∈ Sub+(χ), φ ∈ Γ and `CS φ → ψ , then ψ ∈ Γ. We define the relation R© on MCSχ as follows: ΓR©∆ iff 0CS ∧ Γ→¬© ∧ ∆. From this definition we immediately get the following lemmas. Lemma 8. Let Γ,∆ ∈MCSχ , ΓR©∆, and φ ∈ Sub(χ). 1. If Γ `CS©φ , then φ ∈ ∆. 2. If Γ `CS ¬©φ , then ¬φ ∈ ∆. Proof. 1. Suppose toward a contradiction that φ 6∈ ∆. Thus ¬φ ∈ ∆. Since Γ `CS ©φ , we have `CS ∧ Γ→©φ. Hence `CS ∧ Γ→©¬¬φ. Therefore `CS ∧ Γ→©¬ ∧ ∆. Thus `CS ∧ Γ→¬© ∧ ∆, which would contradict ΓR©∆. 2. The proof is similar to part 1. Lemma 9. Let Γ ∈MCSχ and let S := {∆ ∈MCSχ | ΓR©∆}. We have ` ∧ Γ→© ∨{∧ ∆ | ∆ ∈ S } . Proof. First observe that for all Γ,∆ ∈MCSχ we have (not ΓR©∆) implies ` ∧ Γ→¬© ∧ ∆. (1) We also have ` ∨{∧ ∆ | ∆ ∈MCSχ } . By necessitation we get `© ∨{∧ ∆ | ∆ ∈MCSχ } and thus ` ∨{ © ∧ ∆ | ∆ ∈MCSχ } . (2) By (1) we infer ` ∧ Γ→ ∨{ © ∧ ∆ | ∆ ∈MCSχ with ΓR©∆ } and thus ` ∧ Γ→© ∨{∧ ∆ | ∆ ∈MCSχ with ΓR©∆ } . S. Bucheli, M. Ghari & T. Studer 65 Lemma 10. The relation R© is serial. That is for each Γ ∈MCSχ , there exists ∆ ∈MCSχ with ΓR©∆. Proof. Suppose towards a contradiction that for Γ∈MCSχ we have (not ΓR©∆) for all ∆∈MCSχ . Then ` ∧ Γ→¬© ∧ ∆, for all ∆ ∈MCSχ . Thus ` ∧ Γ→ ∧ {¬© ∧ ∆ | ∆ ∈MCSχ } , and hence, ` ∧ Γ→¬ ∨ {© ∧ ∆ | ∆ ∈MCSχ } . (3) On the other hand, from (2) we deduce ` ∧ Γ→ ∨{ © ∧ ∆ | ∆ ∈MCSχ } . (4) Since Γ is consistent, (3) and (4) leads to a contradiction. Definition 11. A finite sequence (Γ0,Γ1, . . . ,Γn) of elements of MCSχ is called a φ U ψ-sequence starting with Γ if 1. Γ0 = Γ, 2. Γ jR©Γ j+1, for all j < n, 3. ψ ∈ Γn, 4. φ ∈ Γ j, for all j < n. Lemma 12. For every Γ ∈MCSχ , if φ U ψ ∈ Γ, then there exists a φ U ψ-sequence starting with Γ. Proof. Suppose φ U ψ ∈ Γ and there exists no φ U ψ-sequence starting with Γ. We let T be the smallest set of elements of MCSχ such that 1. Γ ∈ T ; 2. for each ∆′ ∈MCSχ , if ∆ ∈ T , ∆R©∆′, and φ ∈ ∆′, then ∆′ ∈ T . We find that ` ∧ ∆→¬ψ for all ∆ ∈ T . Let ρ := ∨{∧ ∆ | ∆ ∈ T } . We have ` ρ →¬ψ . Moreover, for each ∆ ∈ T and each ∆′ ∈MCSχ with ∆R©∆′ , we have either ∆′ ∈ T or ` ∧ ∆ ′→¬φ ∧¬ψ. Thus, by Lemma 9, we get ` ρ →©(ρ ∨ (¬φ ∧¬ψ)). Using (U -R), we obtain ` ρ → ¬(φ U ψ). Since Γ ∈ T , this implies ` ∧ Γ→¬(φ U ψ), which contradicts the assumption φ U ψ ∈ Γ. Definition 13. An infinite sequence (Γ0,Γ1, . . .) of elements of MCSχ is called acceptable if 1. ΓnR©Γn+1 for all n≥ 0, and 2. for all n, if φ U ψ ∈ Γn, then there exists m ≥ n such that ψ ∈ Γm and φ ∈ Γk for all k with n≤ k < m. Lemma 14. Every finite sequence (Γ0,Γ1, . . . ,Γn) of elements of MCSχ with Γ jR©Γ j+1, for all j < n, can be extended to an acceptable sequence. 66 Temporal Justification Logic Proof. In order to fulfill the requirements of Definition 13, we shall extend the sequence (Γ0,Γ1, . . . ,Γn) by the following algorithm. Suppose φ U ψ ∈ Γ0. Then either ψ ∈ Γ0 or ¬ψ ∈ Γ0. In the former case the requirement is fulfilled for the formula φ U ψ in Γ0, and we go to the next step. In the latter case, using axiom (U 2), Γ0 `CS φ ∧©(φ U ψ). Since Γ0R©Γ1, by Lemma 8, we get φ U ψ ∈ Γ1. We can repeat this argument for Γi for 1 ≤ i ≤ n. We find that the requirement for φ U ψ ∈ Γ0 is either fulfilled in (Γ0,Γ1, . . . ,Γn) or φ U ψ ∈Γn and φ ∈Γi for 1≤ i≤ n. In the latter case, by Lemma 12, there exists a sequence (Γn,Γn+1, . . . ,Γn+m) such that φ ∈ Γi for n≤ i < n+m, ψ ∈ Γn+m, and ΓiR©Γi+1 for n ≤ i < n+m. This gives a finite extension of the original sequence that satisfies the requirement imposed by φ U ψ ∈ Γ0. In the next step we repeat this argument for the remaining obligations at Γ0. Eventually we obtain a finite sequence that satisfies all requirements imposed by formulas at Γ0. We may move on to Γ1 and apply the same procedure. It is clear that by iterating it we obtain in the limit an acceptable sequence that extends (Γ0,Γ1, . . . ,Γn). Corollary 15. For every Γ ∈MCSχ , there is an acceptable sequence that starts with Γ. Definition 16. The χ-canonical interpreted system I = (R,S,R1, . . . ,Rh,E1 . . . ,Eh,ν) for CS is defined as follows: 1. R consists of all mappings r : N→MCSχ such that (r(0),r(1), . . .) is an acceptable sequence; 2. S := MCSχ = {r(n) | r ∈R,n ∈ N}; 3. Ri(Γ,∆) iff {φ | Γ ` [t]iφ for some t} ⊆ {φ | ∆ ` φ}; 4. Ei(Γ, t) := {φ | Γ ` [t]iφ}; 5. ν(Γ) := {P ∈ Prop | P ∈ Γ}. Remark. The χ-canonical interpreted system I for CS is a finite structure in the sense that the set of states S is finite. This is a novelty for completeness proofs of justification logics. Even the completeness proofs for justification logics with common knowledge [2, 6] work with infinite canonical structures. Note that this remark concerns epistemic Fitting-models. Of course, symbolic M-models [22] could be considered as single-world Fitting-models. The fact that states of I are maximally CS-consistent subsets of Sub+(χ)-instead of just maximally CS-consistent sets-matters for the definitions of Ri and Ei. The usual definitions would be Ri(Γ,∆) iff {φ | [t]iφ ∈ Γ for some t} ⊆ {φ | φ ∈ ∆} and Ei(Γ, t) := {φ | [t]iφ ∈ Γ}. This, however, would not work for our finite canonical structure. In particular the next lemma could not be established as, for instance, [t]iφ ∈ Γ does not imply [!t]i [t]iφ ∈ Γ for Γ ∈MCSχ . Lemma 17. The χ-canonical interpreted system I = (R,S,R1, . . . ,Rh,E1 . . . ,Eh,ν) for CS is an interpreted system for CS. S. Bucheli, M. Ghari & T. Studer 67 Proof. The proof is essentially the same as the corresponding proof for single agent Fitting-models in [11]. Let us only show here the monotonicity condition for Ei. Suppose Γ,∆ ∈ S and Ri(Γ,∆). Suppose that φ ∈ Ei(Γ, t). Thus Γ ` [t]iφ . Hence Γ ` [!t]i [t]iφ . Since Ri(Γ,∆), we have ∆ ` [t]iφ . Hence φ ∈ Ei(∆, t) as desired. Lemma 18 (Truth Lemma). Let I = (R,S,R1, . . . ,Rh,E1 . . . ,Eh,ν) be the χ-canonical interpreted system for CS. For every formula ψ ∈ Sub+(χ), every run r in R, and every n ∈ N we have: (I ,r,n) |= ψ iff ψ ∈ r(n). Proof. As usual, the proof is by induction on the structure of ψ . We show only the following cases: • ψ = [t]iφ . (⇒) If (I ,r,n) |= [t]iφ , then φ ∈ Ei(r(n), t). Thus, by definition, r(n) ` [t]iφ . Hence [t]iφ ∈ r(n), since [t]iφ ∈ Sub+(χ). (⇐) If [t]iφ ∈ r(n), then r(n) ` [t]iφ . Hence, by definition, φ ∈ Ei(r(n), t). Now suppose that Ri(r(n),r′(n′)). We find r′(n′) ` φ . Since φ ∈ Sub+(χ), we have φ ∈ r′(n′) and by I.H. we get (I ,r′,n′) |= φ . Since r′ and n′ were arbitrary, we conclude (I ,r,n) |= [t]iφ . • ψ =©φ . (⇒) Suppose that (I ,r,n) |=©φ and©φ 6∈ r(n). Then (I ,r,n+1) |= φ , and hence by the induction hypothesis φ ∈ r(n+1). On the other hand, ¬©φ ∈ r(n). Since r(n)R©r(n+1), by Lemma 8, we get ¬φ ∈ r(n+1), which is a contradiction. (⇐) If©φ ∈ r(n), then φ ∈ r(n+1). By the induction hypothesis, (I ,r,n+1) |= φ , and hence (I ,r,n) |=©φ . • ψ =ψ1 U ψ2. (⇒) If (I ,r,n) |=ψ1 U ψ2, then (I ,r,m) |=ψ2 for some m≥ n, and (I ,r,k) |=ψ1 for all k with n ≤ k < m. By I.H. we get ψ2 ∈ r(m), and ψ1 ∈ r(k) for all k with n ≤ k < m. We have to show ψ1 U ψ2 ∈ r(n), which follows by induction on m as follows: – Base case m = n. Since ψ2 ∈ r(n) and ` ψ2→ (ψ1 U ψ2), we obtain ψ1 U ψ2 ∈ r(n). – Suppose m > n. It follows from the induction hypothesis that ψ1 U ψ2 ∈ r(n+1). From this and r(n)R©r(n+1) we get that r(n)∪{©(ψ1 U ψ2)} is consistent. (5) Assume now ¬(ψ1 U ψ2) ∈ r(n). (6) Then r(n) ` ¬(ψ1 U ψ2) and by axiom (U 2) we find r(n) ` ¬(ψ1 ∧©(ψ1 U ψ2)). From ψ1 ∈ r(n) we get r(n) `ψ1 and thus r(n) ` ¬© (ψ1 U ψ2), which contradicts (5). Hence the assumption (6) must be false and we conclude ψ1 U ψ2 ∈ r(n). (⇐) If ψ1 U ψ2 ∈ r(n), then since (r(n),r(n+1), . . .) is an acceptable sequence there exists m≥ n such that ψ2 ∈ r(m), and ψ1 ∈ r(k) for all k with n ≤ k < m. By I.H. we obtain (I ,r,m) |= ψ2, and (I ,r,k) |= ψ1 for all k with n≤ k < m. Thus (I ,r,n) |= ψ1 U ψ2. Theorem 19 (Completeness). For each formula φ , |=CS φ implies `CS φ. Proof. Suppose that 6`CS φ . Thus, {¬φ} is a CS-consistent set. Therefore, there exists Γ ∈MCSφ with ¬φ ∈ Γ. By Corollary 15, there is an acceptable sequence starting with Γ. Thus there is a run r in the φcanonical interpreted system I for CS with r(0) = Γ. Since ¬φ ∈ Γ, by the Truth Lemma, (I ,r,0) 6|= φ . Therefore, 6|=CS φ . 68 Temporal Justification Logic 6 Internalization It is desirable that a justification logic internalizes its own notion of proof. This is formalized in the following definition. Definition 20. A justification logic L satisfies internalization if for each formula φ with L ` φ and for each agent i, there exists a term t with L ` [t]iφ . Usually, internalization is shown by induction on the derivation of φ . However, for LPLTLCS this seems not possible because it includes rules (©-nec) and (-nec). In this section, we introduce an extension LPLTL?CS of LPLTLCS that satisfies internalization. The language of LPLTL?CS includes a new unary operator ? on justification terms. We define ?0c := c and ?n c := ??n−1 c (for n≥ 1) . The set of terms Tm? of LPLTL?CS is given by t ::= ?nc | x | !t | t + t | t * t , where c ∈ Const, n≥ 0, and x ∈ Var. The set of formulas Fml? of LPLTL?CS is defined like Fml but using Tm? instead of Tm. The axioms of LPLTL?CS are: 1. all axioms of LPLTL 2. φ →©φ (mix) 3. ([t]iφ → φ) (boxed reflexivity) The rules of LPLTL?CS are: φ φ → ψ ψ (MP) and [c]i0φ ∈ CS [?nc]in [?n−1c]in−1 . . . [?c]i1 [c]i0φ (ax-nec)? , where n≥ 0; so (ax-nec)? subsumes (ax-nec). Note that a constant specification for LPLTL? may include formulas of the form [c]i(φ →©φ) and [c]i([t]iφ → φ). Remark. The principles (mix) and (boxed reflexivity) are derivable in LPLTLCS. However, their proofs require applications of the rules (©-nec) and (-nec), respectively. Since these rules are not included in LPLTL?CS, we have to include (mix) and (boxed reflexivity) as axioms. Remark. The ?-operation is very powerful. Its meaning can be explained as follows. If [c]iφ is contained in CS, then [c]iφ is provable and hence [c]iφ is provable, too (see Lemma 22). The evidence ?c justifies this fact, i.e., [?c]i [c]iφ is provable. Looking closely at (ax-nec)? we see that we get even more. Indeed, for any agent j we have that [?c] j [c]iφ is provable. Moreover, even arbitrary iterations of this principle are provable, which implies that the constant specification is common knowledge among the agents, so to speak. We could use a less general version of (ax-nec)? where the ?-operation is indexed. This would be similar to the evidence verification operation of [27], see also Question 2. In that case we would obtain[ ? ji c ] j [c]iφ . However, for the purpose of internalization we do not need these indices and hence we dispense with them. Definition 21. A constant specification CS is axiomatically appropriate if for each axiom φ of LPLTL? and each agent i, there is a constant c with [c]iφ ∈ CS. S. Bucheli, M. Ghari & T. Studer 69 First we show that LPLTL?CS extends LPLTLCS. Lemma 22. Let CS be an axiomatically appropriate constant specification for LPLTL?. The rules (-nec) and (©-nec) are derivable in LPLTL?CS. Proof. We first show that (-nec) is derivable in LPLTL?CS. Suppose φ is provable in LPLTL ? CS. By induction on the proof of φ , we show that φ is provable in LPLTL?CS. In case φ is an axiom, since CS is axiomatically appropriate, there is a constant c such that [c]iφ ∈CS. Using (ax-nec)?, we get [?c]i [c]iφ , and then using axiom (reflexivity) we get  [c]iφ . Finally, using axioms (boxed reflexivity) and (-k) we obtain φ . In case φ is derived by modus ponens, the claim is immediate by (-k). In case φ is [?nc]in [ ?n−1c ] in−1 . . . [?c]i1 [c]i0φ derived using (ax-nec) ?, we can use (ax-nec)? also to obtain [ ?n+1c ] in+1 [? nc]in [ ?n−1c ] in−1 . . . [?c]i1 [c]i0φ. Then using (reflexivity) we get  [?nc]in [ ?n−1c ] in−1 . . . [?c]i1 [c]i0φ, that is φ . Derivability of (©-nec) follows from (-nec) and axiom (mix). Let CS be a constant specification for LPLTL?. We set CSr := {[c]iφ | [c]iφ ∈ CS and φ is an axiom of LPLTL} . Obviously, CSr is a constant specification for LPLTL. We get the following corollary. Corollary 23. Let CS be an axiomatically appropriate constant specification for LPLTL?. For each formula φ of Fml, LPLTLCSr ` φ implies LPLTL?CS ` φ. We will now establish the internalization property. We need the following lemma. Lemma 24. Let CS be an axiomatically appropriate constant specification. For each formula φ and each i, LPLTL?/0 ` φ implies LPLTL?CS ` [t]iφ for some term t. Proof. We proceed by induction on the derivation of φ . In case φ is an axiom, since CS is axiomatically appropriate, there is a constant c with LPLTL?CS ` [c]iφ. In case φ is derived by modus ponens from ψ→φ and ψ , then, by the induction hypothesis, there are term s1 and s2 such that [s1]i(ψ → φ) and [s2]iψ are provable. Using (application) and modus ponens, we obtain [s1 * s2]iφ . Theorem 25. Let CS be an axiomatically appropriate constant specification. LPLTL?CS enjoys internalization. 70 Temporal Justification Logic Proof. We have to show that for each formula φ and each i LPLTL?CS ` φ implies LPLTL?CS ` [t]iφ for some term t. We proceed by induction on the derivation of φ . The cases where φ is an axiom or φ is derived by modus ponens are like the corresponding cases in the previous lemma. In case φ is [?nc]in . . . [?c]i1 [c]i0ψ derived using (ax-nec) ?, we can use (ax-nec)? also to obtain[ ?n+1c ] iφ . By Lemma 1 we find LPLTL?/0 `φ → φ . Hence by Lemma 24 there is a term t such that LPLTL?CS ` [t]i(φ → φ). We finally conclude LPLTL?CS ` [ t *?n+1c ] iφ . It is straightforward to adapt our semantics for LPLTLCS to the extended language of LPLTL?CS. Soundness and completeness of LPLTL?CS can then be shown similar to the case of LPLTLCS. However, for the completeness proof of LPLTL?CS we require CS to be axiomatically appropriate in order to have the necessitation rules available. Definition 26. Let CS be a constant specification for LPLTL?. A CS-evidence function for agent i for LPLTL? is a function Ei : S×Tm?→P(Fml?) satisfying conditions 1–5 of Definition 3 and the following additional condition: • if [c]i0φ ∈ CS, then for all w ∈ S, all n≥ 1, and all agents in−1, . . . , i1:  [ ?n−1c ] in−1 . . . [?c]i1 [c]i0φ ∈ Ei(w,?nc). An LPLTL?CS-interpreted system is an interpreted system where we use evidence functions for LPLTL ?. We write |=?CS φ to mean I  φ for all LPLTL ? CS-interpreted systems I . Theorem 27 (Soundness and completeness). Let CS be an axiomatically appropriate constant specification for LPLTL?. For each formula φ , |=?CS φ iff LPLTL?CS ` φ. We conclude this section by showing the conservativity of LPLTL? over LPLTL. First we need a lemma. Lemma 28. Let CS be a constant specification for LPLTL, and I be an interpreted system of LPLTL for CS. Then we can extend I to an LPLTL?CS-interpreted system I ? such that for every run r, every n ∈ N, and every formula φ ∈ Fml: (I ,r,n) |= φ ⇐⇒ (I ?,r,n) |= φ. Proof. Let I = (R,S,R1, . . . ,Rh,E1, . . . ,Eh,ν) be an arbitrary interpreted system of LPLTL for CS. By a least fixed point construction, we can easily extend the CS-evidence functions Ei, for 1 ≤ i ≤ h, to CS-evidence functions E ?i such that 1. I ? = (R,S,R1, . . . ,Rh,E ?1 , . . . ,E ? h ,ν) is an LPLTL ? CS-interpreted system and 2. for each formula φ ∈ Fml, each run r and each n ∈ N: (I ,r,n) |= φ ⇐⇒ (I ?,r,n) |= φ . S. Bucheli, M. Ghari & T. Studer 71 Theorem 29 (Conservativity). Let CS be a constant specification for LPLTL and φ ∈ Fml a formula. If LPLTL?CS ` φ , then `CS φ . Proof. Suppose that 6`CS φ . Then, by Theorem 19, we have 6|=CS φ . Thus there exists an interpreted system I of LPLTL for CS and a state r(n) such that (I ,r,n) 6|= φ . Now, by Lemma 28, we find an LPLTL?CS-interpreted system I ? such that (I ?,r,n) 6|= φ . Therefore, by Theorem 27, we have LPLTL?CS 6` φ as desired. 7 Additional Principles In LPLTLCS, epistemic and temporal properties do not interact. On the other hand in LPLTL?CS, there are some interactions between time and knowledge, in axiom (boxed reflexivity) and rule (ax-nec)?. Here we propose some principles that create a connection between justifications and temporal modalities. We assume the language for terms to be augmented in the obvious way. [t]iφ → [⇓ t]iφ (-access)  [t]iφ → [⇑ t]iφ (generalize) [t]i©φ →© [V t]iφ (©-access) © [t]iφ → [W t]i©φ (©-left) Some first remarks about these principles: (-access) This is very plausible, if you have evidence that something always is true, then at every point in time you should be able to access this information. The term operator ⇓ makes the evidence accessible in every future point in time. (generalize) Using evidence this seems more plausible than just using knowledge, as one requires the evidence to be the same at every point in time. The term operator ⇑ converts permanent evidence for a formula to evidence for believing that this formula is always true. (©-access) This seems plausible: agents do not forget evidence once they have gathered it and can "take it with them". The term operatorV carries evidence through time. (©-left) This one seems less plausible as it implies some form of premonition. The term operatorW presages future evidence for belief. The principle (generalize) is very strong. In particular, it makes internalization possible even in the presence of necessitation rules. Indeed, let LPLTLGCS be the system LPLTLCS extended by the axioms (generalize) and (mix)-this is also reflected by constant specification-and the iterated constant necessitation rule [c]iφ ∈ CS [?nc]in . . . [?c]i1 [c]iφ for arbitrary agents i1, . . . , in. Here we employ the same term operator ? as in the rule (ax-nec)? although the meaning of ? in these two rules is a bit different. Theorem 30 (Internalization). Let CS be an axiomatically appropriate constant specification. The system LPLTLGCS enjoys internalization. 72 Temporal Justification Logic Proof. We proceed by induction on the derivation of φ . There are two interesting cases: In case φ is ψ , derived using (-nec), then, by the induction hypothesis, there is a term s such that [s]iψ is provable. Now, we can use (-nec) in order to obtain  [s]iψ and then (generalize) and modus ponens to get [⇑ s]iψ . In case φ is©ψ , derived using (©-nec), then, as above, we obtain [⇑ s]iψ . Since CS is axiomatically appropriate, there is a constant c with [c]i(ψ→©ψ). Thus we finally conclude [c* ⇑ s]i©ψ . It is obvious how to formulate conditions on evidence functions that correspond to the additional principles of this section such that soundness results can be obtained, see [5]. However, it is not clear how to show the existence of such models and how to show completeness for these additional principles. 8 Conclusions We introduced the temporal justification logic LPLTLCS and showed that it is sound and complete with respect to interpreted systems that are based on Fitting-models. To achieve this we had to adapt the usual canonical model construction of justification logic such that it yields a finite Fitting-model. Further, we established that a suitable form of axiom necessitation can replace the necessitation rules for  and © and thus make internalization possible. Finally, we briefly discussed some additional principles that concern the interaction of knowledge, justifications, and time. We finish this paper with some questions that show possible directions for future work. Question 1. How does a temporal justification logic based on JT45, i.e. the justification counterpart of the modal logic S5, look like? The problem is that JT45-models must satisfy the strong evidence condition, i.e. for all I ,r,n and each formula [t]iφ φ ∈ Ei(r(n), t) implies (I ,r,n)  [t]iφ , (7) see [3, 23, 25, 26]. In infinite canonical models, the strong evidence property is an easy consequence of the Truth Lemma. In our temporal setting, we have a finite canonical model and the Truth Lemma is restricted to Sub+(χ). Hence it does not entail (7) for all formulas [t]iφ . Question 2. How can the typical examples, e.g., protocols related to message transmission, be formalized in LPLTLCS? Yavorskaya [27] introduces multi-agent justification logics with interaction operations on the justification terms, in particular, she studies two principles: [t]iφ → [ ! ji t ] j [t]iφ (evidence verification) [t]iφ → [ ↑ ji t ] jφ (evidence conversion) where one agent's evidence is converted into another agent's evidence. We believe that principles of this kind will be important in the context of this question. For example, one might consider a temporal justification logic with principles such as [t]iφ →© [ sentij(t) ] jφ or [t]iφ → ♦ [ sentij(t) ] jφ . Here agent i sends evidence t for φ to agent j and the term sentij(t) denotes the evidence that agent j received for believing φ . S. Bucheli, M. Ghari & T. Studer 73 Question 3. What happens if we require operations on justification terms to take time? We could formalize this idea, e.g., by replacing (application), (sum), and (positive introspection) with [t]i(φ → ψ)→ ([s]iφ →© [t * s]iψ) [t]iφ ∨ [s]iφ →© [t + s]iφ [t]iφ →© [!t]i [t]iφ . This might also relate to the logical omniscience problem [4]. Question 4. Can dynamic epistemic justification logics be translated into temporal justification logic akin to [9]? There are several dynamic justification logics available, e.g., [7, 8, 20, 24], which feature not only traditional public announcements but also specific forms of evidence based updates and evidence elimination. It would be interesting to see what the relationship between those dynamic logics and temporal justification logic is. This paper showed a first successful combination of temporal and justification logic. While this initial work shows the feasibility of combining these logics with minimal interaction, the list of questions above shows that various interesting properties may arise from more intricate interactions between justified knowledge and time. References [1] Sergei N. Artemov (2001): Explicit Provability and Constructive Semantics. Bulletin of Symbolic Logic 7(1), pp. 1–36, doi:10.2307/2687821. [2] Sergei [N.] Artemov (2006): Justified common knowledge. Theoretical Computer Science 357(1–3), pp. 4–22, doi:10.1016/j.tcs.2006.03.009. [3] Sergei [N.] Artemov (2008): The Logic of Justification. The Review of Symbolic Logic 1(4), pp. 477–513, doi:10.1017/S1755020308090060. [4] Sergei [N.] Artemov & Roman Kuznets (2014): Logical omniscience as infeasibility. Annals of Pure and Applied Logic 165(1), pp. 6–25, doi:10.1016/j.apal.2013.07.003. Published online August 2013. [5] Samuel Bucheli (2015): Some Notes on Temporal Justification Logic. CoRR abs/1510.07247. Available at http://arxiv.org/abs/1510.07247. [6] Samuel Bucheli, Roman Kuznets & Thomas Studer (2011): Justifications for common knowledge. Journal of Applied Non-Classical Logics 21(1), pp. 35–60, doi:10.3166/JANCL.21.35-60. [7] Samuel Bucheli, Roman Kuznets & Thomas Studer (2011): Partial Realization in Dynamic Justification Logic. In Lev D. Beklemishev & Ruy de Queiroz, editors: WoLLIC 2011, Proceedings, LNAI 6642, Springer, pp. 35–51, doi:10.1007/978-3-642-20920-8 9. [8] Samuel Bucheli, Roman Kuznets & Thomas Studer (2014): Realizing public announcements by justifications. Journal of Computer and System Sciences 80(6), pp. 1046–1066, doi:10.1016/j.jcss.2014.04.001. [9] Hans van Ditmarsch, Wiebe van der Hoek & Ji Ruan (2013): Connecting dynamic epistemic and temporal epistemic logics. Logic Journal of IGPL 21(3), pp. 380–403, doi:10.1093/jigpal/jzr038. [10] Ronald Fagin, Joseph Y. Halpern, Yoram Moses & Moshe Y. Vardi (1995): Reasoning about Knowledge. MIT Press. [11] Melvin Fitting (2005): The logic of proofs, semantically. Annals of Pure and Applied Logic 132(1), pp. 1–25, doi:10.1016/j.apal.2004.04.009. 74 Temporal Justification Logic [12] Dov M. Gabbay, Ian Hodkinson & Mark Reynolds (1994): Temporal Logic (Vol. 1): Mathematical Foundations and Computational Aspects. Oxford University Press, Inc. doi:10.1007/BFb0013976. [13] Meghdad Ghari (2014): Distributed Knowledge Justification Logics. Theory of Computing Systems 55(1), pp. 1–40, doi:10.1007/s00224-013-9492-x. [14] Meghdad Ghari (2016): Pavelka-style fuzzy justification logics. Logic Journal of IGPL 24(5), pp. 743–773, doi:10.1093/jigpal/jzw019. [15] Robert Goldblatt (1992): Logics of Time and Computation, 2nd edition. Center for the Study of Language and Information. [16] Rajeev Goré (1999): Tableau Methods for Modal and Temporal Logics. In Marcello D'Agostino, Dov M. Gabbay, Reiner Hähnle & Joachim Posegga, editors: Handbook of Tableau Methods, Springer Netherlands, pp. 297–396, doi:10.1007/978-94-017-1754-0 6. [17] Joseph Y. Halpern, Ron van der Meyden & Moshe Y. Vardi (2004): Complete Axiomatizations for Reasoning About Knowledge and Time. SIAM J. Comput. 33(3), pp. 674–703, doi:10.1137/S0097539797320906. [18] Joseph Y. Halpern & Lenore D. Zuck (1992): A Little Knowledge Goes a Long Way: Knowledgebased Derivations and Correctness Proofs for a Family of Protocols. J. ACM 39(3), pp. 449–478, doi:10.1145/146637.146638. [19] Ioannis Kokkinis, Petar Maksimović, Zoran Ognjanović & Thomas Studer (2015): First steps towards probabilistic justification logic. Logic Journal of IGPL 23(4), pp. 662–687, doi:10.1093/jigpal/jzv025. [20] Roman Kuznets & Thomas Studer (2013): Update as Evidence: Belief Expansion. In Sergei [N.] Artemov & Anil Nerode, editors: LFCS 2013, Proceedings, LNCS 7734, Springer, pp. 266–279, doi:10.1007/978-3642-35722-0 19. [21] Ron van der Meyden & Ka-shu Wong (2003): Complete Axiomatizations for Reasoning about Knowledge and Branching Time. Studia Logica 75(1), pp. 93–123, doi:10.1023/A:1026181001368. [22] Alexey Mkrtychev (1997): Models for the Logic of Proofs. In Sergei Adian & Anil Nerode, editors: LFCS'97, Proceedings, LNCS 1234, Springer, pp. 266–275, doi:10.1007/3-540-63045-7 27. [23] Eric Pacuit (2005): A Note on Some Explicit Modal Logics. In: Proceedings of the 5th Panhellenic Logic Symposium, University of Athens, Athens, Greece, pp. 117–125. [24] Bryan Renne (2012): Multi-agent Justification Logic: communication and evidence elimination. Synthese 185(S1), pp. 43–82, doi:10.1007/s11229-011-9968-7. Published online July 2011. [25] Natalia [M.] Rubtsova (2006): On Realization of S5-modality by Evidence Terms. Journal of Logic and Computation 16(5), pp. 671–684, doi:10.1093/logcom/exl030. [26] Thomas Studer (2013): Decidability for Some Justification Logics with Negative Introspection. Journal of Symbolic Logic 78(2), pp. 388–402, doi:10.2178/jsl.7802030. [27] Tatiana Yavorskaya (Sidon) (2008): Interacting Explicit Evidence Systems. Theory of Computing Systems 43(2), pp. 272–293, doi:10.1007/s00224-007-9057-y. Published online October 2007.