-.
3
CONTENTS 3. Dynamic logic 1. Nfadal logic
/
1.1. 1.1.1. 1.1.2. 1.1.3. 1.1.4. 1.1.5.
1.2. 1.2.1. 1.2.2. 1.23. 1...
49 downloads
1783 Views
2MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
-.
3
CONTENTS 3. Dynamic logic 1. Nfadal logic
/
1.1. 1.1.1. 1.1.2. 1.1.3. 1.1.4. 1.1.5.
1.2. 1.2.1. 1.2.2. 1.23. 1.2.4. 1.2.5. 1.2.6 1.2.7.
Syntax Language Axiom svstems Logics' Maximal consistent sets Theories Semantics Model theoretical semantics Algebraic semantics Soundness and completeness Canonical models The finite model property Filtrations Decidability
3.1. . 3.1.2. 3.1.3. 3.2. 3.2.1. 3.2.2. 3.3. 3.3.1. 3.3.2. 3.3.3. 3.4. 3.4.1. 3.4.2. 3.4.3.
Frames Language Models ~)ntax
Axiom systems Fischer/Ladner closure Completeness Canonical models Filtrations Completeness ofPDL Limitations of PDL Path semantics A waming regarding IF - TIIEN - ELSE and WHU,f] The delta operator
4. Background 2. Ancestral logic
(
,
2.1. 2.1.1. 2.1.2 2.2. 2.2.1.
2.2.2. 2.3.
2.3.1. 2.3.2 .
...
Semantics Model theory Compactness and noncompactness Syntax Axiom systems for ancestral logic Comparison with tense-logic Completeness Canonical models Filtrations
4.1. 4.1.1. 4.1.2. 4.2.
Historical remarks Modal logic Dynamic logic Selective hibliography
5
1. Modallogic
example writing DA::J (B II C) rather than ::J(DA, II(B, C». We will also omit parentheses in unsystematic ways when we think it can be done without causing confusion.
1.1. Syntax 1. Language
If someone wants a brief description of modal logic, perhaps one might reply that it is ordinary logic with one or two extra so-called modal. operators 0 and 0, each taking a formula as an argument and yielding a formula as a result. One might also add that people who do modal logic usually have in mind an informal understanding, however abstract, of those operators, associating with them readings such as "it is necessary (in a certain sense) that" and "it is possible (in a certain sense) that", respecti v ely. As it turns out, in classical modal logic the two modal operators are interdefinable, so it is customary to posit one of them as primitive (nowadays usually D) and construct the other with the help of definition. Thus in modal propositional logic we haveari alphabet consisting of certain primitive symbols: I I I
, i
: I
, i
:!
(i) (ii) (iii) (iv)
a denumerable supply of propositional letters, a finite truth-functionally complete set of Boolean operators, the modal operator D, grouping devices (for example, parentheses and commas).
From these we build formulre in the usual way. Every finite string of primitive symbols in an expression, and formulre are expressions of a certain sort. This is by no means problematic, and so it may seem like an act of supererogation to offer a definition. However, in order later to be able'to give rigorous proofs by induction on the structure of formulre we need a precise inductive definition of formula. 1. 2.
3. 4.
Every propositional letter is afoTnUtla. If 0 is an n-ary Boolean operator and AQ, ... , An-I are formulre, then o(AO, ... , An-I) is also aformula. If A is aformula, then DA is also {(DAO 1\ ... A DAn-I}:J DB} (for all n ;;>: 0),
, (RPE) "
An axiom system Ii is a pair (8, R) where 8 is a set of formulre and R is a set of functions from sets of formulre to sets of formulre. In other words, if is the set of all formulre, then 8 ~ ell and. for every pER, p ~ $t!l X $ B, A I- B, }";, A I- B implies}"; I- A::> B;
Lindenbaum's Lemma. Let L be any finitary logic, not necessarily normal. Let}"; be any L-consistent set for which it is not the case that}"; I- A. Then there is a maximal L-consistent set}";* such that ~ ~ ~,., and A fI. }";*.
A "" B, A I- B and A B, B I- A, }";, A I- Band }";, B I- A implies}"; I- A == B; -'A, A I- B, }";, A I- -.A implies}"; I- ....,A;
Proof. Let}"; be a given L-consistent set such that}"; I- A does not hold. Let Ao, Ai, ... , An, ... be an exhaustive enumeration of the formula: in our language (by the Enumeration Lemma, such an enumeration can be found). Define a family of sets}";n as follows:
I-A v ....,A. Furthermore, in any normal logic we also have }"; I- A implies O}"; I- OA, where
O}";
}";n U {An}, if this set is L-consistent,
== {DC: C E }";}. ~n+l
A set}"; of formulre is maximal L-consistent if}"; is L-consistent and, for every L-consistent set}";" if}"; .;;; }";' then}"; Equivalently. an L- consistent set}"; is maximal L-consistent if, for every A fl.}";, the set }"; U {A} is L-inconsistent.
=}";'.
}";11,
As an inductive argument shows, }";n is L-consistent, for every n. Finally define }";*
Lemma on Maximal L-Conslstent Sets. If L is any logic and maximal L-consistent set, then the following conditions obtain:
~
is a
otherwise.
Um::~n.
If}";* were L-inconsistent then. since L is finitary, some finite subset e ~ }";* would also be L-inconsistent. By the way we have
15
1'-1 constructed ~* there must then be some m such that e ~~m. But sets including L-inconsistent subsets are themselves L-inconsist~nt, and ~rn. we said, is L-consistent. Therefore};* must be L-consistent.
(
Suppose that r is any L-consistent set such that ~* ~ r. Take any formula B E r. Our enumeration is exhaustive, so there is some m such that B = Am. It follows from our assumption that ~m .;;; r. hence we may conclude that 4Il U {B} .;;; r. Subsets of L-consistent sets are themselves L-consistent, so ~m U {B} is L-consistent. Consequently B E};m and therefore B E};*. This shows that r ~ ~*. Hence ~* is maximal L-consistent.
.
The proof of the theorem is now complete, for by construction
~ ~ ~*.
Corollary. For any consistent finitary logic L there are 2 N 0 maximal L-consistent sets. Proof. Since any set of formulre is a subset of ell, which is known to be denumerable. it is clear that there are at most 2 N0 sets of formulre and a fortiori at most 2ND sets that are maximal L-consistent. To see that this upper bound is in fact attained we reason as follows. If A is any set of propositional letters, let us write ITA for the set A U N, where N = {...,p : P is a propositional letter not in A}. Suppose, for any particular A, that ITA is L-inconsistent. Then there are some finite subsets Ao ~ A and No ~ N such that Ao U NO 1-1. in L. Now L is closed under uniform substitution. This means that if we substitute T for all the propositional letters in Ao and 1. for all those in No, then we get T I- 1. in L. In other words, L in absolutely inconsistent, contrary to assumption. Hence ITA is L-consistent. By Lindenbaum's Lemma it can be extended to a maximal L-consistent set. It is clear that if A ;t B, then I1A and lIB give rise to incompatible extensions. Since there are 2 NO sets of propositional letters, the theorem is proved. ..
5. Theories A theory is a set of fonnulre that contains all tautologies and is closed under (W). If L is a logic, then an L-theory is a logic including L. If L is a normal logic, then an L-theory is nonnal if it includes L and is closed under (RC) (or, equivalently, under (RN) or (RS) or (RE) or (RPE)). Notice that logics are theories closed under uniform
substitution. Moreover, in finitary logics L, the maximal L-consistent sets are L-theories, in fact maximal in the same sense as the sets. Thus sets and theories and logics are increasingly specific entities of the same kind. Note that the intersection of any set of [normal] L-theories is a [normal] L-theory. Let L be a finitary logic and ~ a set of formulre. Then we define CnL ~ = {A : ~ I-L A} (Cn after "consequence", A being seen as a consequence in L if~ I-L A). It is clear that CnL ~ is a theory; . in fact, CnL ~ is a logic (normal if L is normal) if~is closed under uniform substitution. Note the following facts: ~ ~ CnL~.
CnL}; .;;; CnL ~', if ~ CnL CnL}; .;;; CnL };.
~ ~',
n
Proposition. Let L be a finitary logic. Then CnL ~ = {T : T is an L-theory & ~ ~ T}. In other words, CnL ~ is the smallest L-theory to include ~. Proof. First suppose that A E CnL~. Then ~ I-L A, and hence there are some formulre C{), ...• Cn-l E~ such that (Co f\ ... f\ Cn-I) ::J A is a thesis of L. Let T be any L-theory including~. Since L ~ T we have «Co f\ ... f\ Cn-I) ::J A) E T. Hence A E T. Next suppose A $. CnL ~. Then it is not the case that ~ Ii... A, so by Lindenbaum's Lemma there js some L-theory including ~ such that A T. ..
f/.
We are now able to articulate an important distinction conceming inference rules. If r is a set of formulre and p is a rule, let us write rp for the closure of L U r under p; hence CnL r = rIviP. Then we say that p is tmth-preserving in L if, for every set~, ~p .;;; CnL~, and thalp is validity-preserving in L if 0p ~ CnL 0. It is clear that (1vfP) is truthpreserving and that the other rules discussed in section L 1:2. are validity. preserving. Truth-preserving rules are of course also vahdltypreserving but, as we shall see in section 1.2.3 below, the converse IS not true in general.
17
16
1.2. Semantics 1. Model theoretical semantics
A frame is a pair (U, R) where U is any set and R is any binary relation on U (that is, R ~ U X U). The set U is the rmi\'erse, while R is the accessibility relation or alternativeness relation of the frame, A valuation in U is a function from the set of propositional letters to ~U, the power set of U. A model on a frame (U, R) is a triple (U, R V) where V is a valuation in U. The central concept in semantics is that of a formula being true at a point in a model, a concept we now define inductively. Let lJIl =(U, R, V) be a modeL Read "A is true at x in lJIl" if it is the case that lJIl FX A and "A is false at x in !JI1" if it is not tHe case that!Jl1 FX A, where A is assumed to be a fonnula and x an element .of U. The basic part of the inductive definition consist of a clause for propositional letters P: 1.
sm I=x P iff x E V(P).
The inductive part contains one clause for every Boolean operator that is primitive in our ianguage. We have not specified what they are, but the idea is to articulate the ordinary truth-tables in the present idiom. For example, if conjunction and negation are primitive, then we stipulate 2. 3.
sm FX A A B iff sm Fx A and!Jl1 Fx B, sm FX -,A iff it is not the case that lJIl Fx A.
In addition the inductive part contains a clause for the only primitive modal operator. necessity: 4.
'lit I=x OA iff, for all y, if (x,y) E R then sm Fy A.
This ends the definition. If it is not the case that lJIl Fx A, we may say that A isfalse at x in 5JJl Notice that appropriate truth-conditions can be derived for any nonprimitive Boolean operator. for example, sm I=x A v B iff sm I=x A or!Jl1 I=x B, !JI1 FX A :J B iff, if sm Fx A then!Jl1 FX B, 'Dl FX A '" B iff, iff sm I=x A then sm I=x B, !JI1 ~ T, !JI1 / x 1..
Given that we have defined CIA as -,o-,A we can also derive the truthcondition for that other modal operator, possibility: lJIl
I=x CIA iff, for some y, (x,y)
E Rand sm
Fy A.
We say A is true in a model lJII, in symbols lJII F A, if A is true at every point in the universe of the model; that A is valid at a point x in a frame '3', in symbols '3' Fx A, if A is true at x in every model on '3'; that A is valid in a frame '>t, in symbols W F A, if it is valid at every point in the universe of the frame. If every thesis of a logic L is true in a model 'lit we say that sm is a model for L. If every thesis of L is valid in a frame W, then we say that '>t is a/rame for L. A countennodel for L of A is a model for L in which A is not true. A counterframe for L of A is a frame for L in which A fails to be valid. We also say that a set I is satisfied at x in a model lJII if every formula in I is true at x in IJJl; that I is satisfiable in a frame 'tt if I is satisfied at some point in some model on lJ'; and that I is satisfiable in a class C of frames if I is satisfiable in some frame in C. Note the following facts: 8(lJIl, x) = {A : lJII Fx A} is a theory, 8(sm) == {A : !JI1 .F A} is a normal theory, A('>t. x) == {A : '3' Fx A} is a logic. A('3') = {A : 'J' F A} is a normal logic.
Suppose that ~1 is any class of models, F any class of frames. also have 9(1"1) = n'lltEM8()ID) is a normal theory. ACC) = n'J'EFA('3') is a normal logic.
~i.".
Then we
II CF)
The only difficulty in establishing these claims is to show that the sets claimed to be logics are closed under uniform substitution. By way of example, let us show that A('3', x) is closed under (US). Suppose that W = (U, R) is a frame and that x E U. Assume that A E A('3', x). Let s be any substitution function. If V is any valuation in U, then we shall write VS for the valuation assigning V(sP) to each propositional letter P, and 'liP for the model defined on'>t by VS. It is straightforward to prove, by induction on A, that 'lIl FX sA iff lJIlS Fx A.
19
I:",
From the assumption that A is valid at x in 'If it follows that 1JJlS I=x A. Hence, by the result just cited, 'Dl 1=-.; sA. Therefore sA E A('lf, x), as we wanted to show. In this connexion we might explain our choice of tenninology when, in section 1.1.5, we defined some rules as "truth-preserving" or "vaIiditypreserving".
Proposition.
(i) Let P be any truth-preserving rule. Suppose that every formula in some set l: is true at an element x in a model 1JJl. Then every formula in l:P is also true at x in 5JJl. (ii) Let p be any validitypreserving rule. Suppose that every fonnula in a set l: is valid in a frame 1'. Then every fOlmula in l:P is also valid in 1'.
The following result, though simple. is occasionally usefuL Let us say that 1JJlt (U t, Rt, Vl) is the submodel of 5JJl = (U. R V) generated by some element t E U if .
=
ut = {x E U : (t,x) E
V*(P) = Yep), for every propositional letter p, V*(A 1\ B) := V*(A) n V*(B), V*(A v B) ;= V*(A) U V*(B), V*( -,A) = -V*(A), V*(OA) =!Q]V*(A). We say that A is valid in 21 if. for every assignment in the universe of 21. V*(A) := 1. Let us write A(U) for the set of fonnulre valid in 21. It is clear that A(21) is a normal logic. Define a dual operator ~ by the condition that ~o = -I!.iI-a, for all a. b E R. Then . ~(a U b) '"
h U
~b.
~O=O.
Notice that, for any valuation V. V*(OA)
=~V*(A).
R*},
Rt;;:;:; R n (ut X ut), vt(P) Yep) n (It, for every propositional letter P. (Here R* denotes the ancestral of R. that is, the smaJlest reflexive, transitive relation to include R.)
Generation Theorem.
Boolean operators are primitive in our language, but assume for the purposes of this definition that conjunction, disjunction and negation are.)
For all fomlUlre A and all elements x E
ut,
IJJtt I"x A if and only if'1R I=x A.
*2. Algebraic semantics We say that 21 ; :;:; (n, n, U, -, 0, 1, fQJ) is a normal modal algebra if n, U, -, 0, 1) is a Boolean algebra and!Q] is an extra operator from R to n such that, for all a, bEn,
It is worth noting that for every frame i' = (U. R) there is an algebra 21(i') with the same associated normal logic: define U('i) (~U, n, U, -. 0, U. i). where ~U is the power set of U, .and n, U and are the set theoretical intersection, ullion and complement with respect to U, respectively, and j (a kind of "interior operation") is defined by the condition that, for every X !,;; U, iX :: {x E U : 'dy «x.y) E R ~ Y EX)}.
That A'if = A2I(i') is obvious, but it may be instructive to spell out the For each model IJJt and formula A. let us call IfAIIIJJt {x: proof. 1JJl I=x A} the troth set of A in 1JJl. The following is a way. of rewriting the model theoretical truth-conditions listed in se~tion 1.2.1 above:
(n,
!!.'il(a n b) =!!.'ila I9.lI = 1.
n !!.'ilb,
Let V ~. an assignment in H, that is, a function that assigns to each proposlbonalletter an element of n. We lift V to a function v* defined on the set of all formula:: as follows. (We have not specified which
iPU IJJt
Yep), for every propositional letter P. n IIB1I 1JJl, JI-,AII'1R :::;: U - IIAII1JJl, IIDAIIIJJt :::;: illAllfIt.
IIA 1\ BIJIJJt ::;;; IIAIIIJJt
Notice that V is a valuation in U if and only if V is an assignment in ~u. It follows, by an obvious inductive argument, that IIAlIlJII := P:(A), for all
21
;i
':
'
A Hence A is valid in tt iff 1\i\l\lJIl V*(A) = U iff A is valid in ~(tt).
= U,
for all models
l))l
on tt iff
3. Soundness and completeness We ~a~e seen h~o different ways of identifying a normal logic: by provldmg an aXIOm system and by providing a class of frames (a third way, that of providing a modal algebra, we shall not touch upon). The relationship between these ways is Of great interest to mOdal logicians. Let us say that a normal logic L is sound with respect to a class [ of frames if L ~ A(C), and complete with respect to C if L ~ A(C). If L is both sound and complete with respect to [, and thus L = A(e), then we say that L is determined by C. Sometimes one says that L is complete (with no qualification) if L is determined by some class of frames. It is easy to derive soundness results for all the logics mentioned in section 1.1.3. To begin with, it follows from our discussion in section 1.2.1 that K is sound with respect to the class of all frames. For the others, we can obtain soundness results by imposing conditions on the accessibility relation. We use the following terminology with respect to . a frame (U, R), where the quantifiers range oyer U:
is serial iff 'r/x 3y (x,y) E R, is reflexive iff 'r/x (x,x) E R, is symmetric iff "Ix 'r/y ((x,y) E R => (y,x) E R), is transitive iff 'r/x Vy 'r/z (((x,y) E R & (y,z) E R)) => (x,z) E R). R is i!.uciidean iff'r/x Vy 'r/z (((x,y) E R & (x,z) E R)) => (y,z) E R). R R R R
.
. t f ,
It IS readily shown that KD, KT, KB, KY, K5 are sound with respect to the class of frames that are serial, reflexive, symmetric, transitive, Euclidean, respectively. One consequence of this resultis the following:
Proposition. If Ll and L2 are normal logics sound with respect to some classes [1 and [2 of frames, then L1l.:}- L2 is sound with respect to [1 n [2. In general, if {LihEI is a class of logics, for some nonempty index set I, such that each 1-4 is sound with respect to some class Ci, then YiEILi is sound with respect to niEICi. Corollary. distinct
The eleven logics in the chart in section 1.1.3 are all
Proof. As an example we show that S4:t. S5. We already know that S4 is sound with respect to the class of reflexive transitive frames. We also know that P V o--.oP is a thesis ofS5, for every propositional' letter. It is easy to find a reflexive transitive frame in which this formula is false at some point. For example, if U ::; {O, I} and R = {(O,O), (0,1), (l,I)}, then this formula is false at 0 under any valuation V such that Yep) ={I}; and this frame is certainly reflexive and • transitive. Hence P V o--.oP is not a thesis of S4. Notice that if a logic L is sou~d with respect to a class [of frames, then it is sound with respect to any subclass of [; for it is a general fact that, if A and 6 are any classes of frames, then A ~ 6 implies that A(A) d A(6). Thus a soundness result is more interesting the stronger the determining class is. Consequently, the most interesting soundness result is one in which the class in question is maximal. This would the case when [ = {'a' : 'r/A E L W FA} {'a': L 0;;;; A('a')}. In other words, a normal logic L is complete if and only if it is determined by the class of its frames.
=
The completeness problem we have been discussing so far consists in proving or disproving, of a certain normal logic L and a certain set [of frames, the following claim: for all A, A E L if and only if A is valid in C.
Proposition. The rules (RC), (RE), (RPE), (RS) and (US) are not truth-preserving in any of the eleven logics in the chait in section 1.1.3. It is also easy to show that each of the soundness results mentioned is maximal in the sense that no larger dass of frames yields soundness. Furthermore, the results are additive in a sense made clear by the following general remark:
An equivalent way of formulating this problem is to ask whether it is true that for every finite set I, I is consistent in L if and only if I is satisfiable in C.
Z
Plaut/!'I
25
The kind of completeness we have here is sometimes called weak completeness in order to distinguish it from strong completeness. The latter we define as follows: L is strongly complete with respect to C if every L-consistent set is satisfiable in C. Say that L is strongly detennilled by C if L is sound and strongly complete with respect to C. \! , Obviously. strong coml?leteness impli~s weak compl~teness. The strollg (i\jD completeness problem IS to prove or dIsprove the chum that , ;. y' ~ for every set l:. l: is consistent in L if and only if I is satisfiable in C.
/
Every part of the inductive step repeats these appeals to the appropriate truth-condition, the induction hypothesis and the Lemma on Maximal LConsistent Sets. This is true also of the step for the necessity, even though that step is more complicated. This is how it begins: lJJlL FX DA iff (by the truth-condition for D) 'tIy ((x,y) E RL lJJlL Fy A) iff (by the induction hypothesis) 'tIy ((x,y) E RL A E y).
=-
=
11 ;
f\
IJ
4. Canonical models
One of the most powerful techniques for proving completeness is with the help of canonical models. If L is any nonnallogic. then we define the canonical model for L as the triplelJRL = (UL. RL. VL). where UL = the set of all maximal L-consistent sets. RL = {(x,y) : x, y E UL & 'tiC (DC E x ~ C E y)}, VdP) = {x : x E UL & P E x}, for every propositional letter P. In this remarkable model. truth-at-a-point coincides with membership:
Thus the last bit that needs to be proved is that (t)
DA E x if and only if A E Y for all y such that (x,Y) E RL.
First suppose that DA Ex. If (x,y) E RL. then it follows from th~ definition of RL that A E y. Thus the bit that really needs proving-the only nontrivial part of the entire proof -is the converse. Suppose that DA f/. x. Consider the set I = {C : DC E x} U {...,A}. If this set is L-inconsistent then l: I-L.L. Therefore since L is finitary there is some number nand fonnula: CO, ... , Cn-I such that Co 1\ ... 1\ Cn-I E x and (C{) 1\ ... 1\ Cn-I 1\ ...,A) :J .1 is a thesis of L. By truth-functional reasoning, I-L (Co
1\ ... 1\
Cn-I) :J A.
Since L is nonnal. L is closed under Scott's Rule. Hence Canonical Model Theorem. Let L be any finitary nonnal logic. For all fonnula: A it holds that for all elements x E UL, lJRLFx A if and only if A Ex.
(
Proof. By induction on A. The basic step is a direct consequence of the definition of VL- For the inductive step. assume that the result holds for A and B. The Boolean parts of this step are easy. but it is instructive to go through one of them, for conjunction, say, to see exactly how it works: )JJ1L FX A 1\ B iff (by the truth-condition for 1\) !JIlL FX A and !JIlL F x B iff (by the induction hypothesis) A E x and B E x iff (by the Lemma on Maximal L-Consistent Sets) AI\BEx.
I-L (DCo
1\ ... 1\
Den-I) :J DA.
Applying twice the Lemma on Maximal L-Consistent Sets we conclude, first, that DC'.{) 1\ ... 1\ DCn-l E x and, second, that DA E x. This contradicts the assumption that DA f/:. x. The conclusion is that the set I is L-consistent. Hence, by Lindenbaum's Lemma, there is some maximal L-consistent set y such that l: ~ y. Evidently, A f/:. y and y E UL and " (x,y) E RL as we wanted. Notice that the canonical model deserves its name: every thesis of L is true at every point in l))1L. so 'DlL really is a model for L. However, the canonical frame 'itL = (UL RL) need not be a frame for L. If it is, then let us call L canonical. (Here we assume that L is finitary and normaL) Theorem. Every canonical logic is strongly complete.
7 l
25
Proof. Suppose that ~ is L-consistent. By Lindenbaum's Lemma there is some wE LTL such that l: Let U' be the axiom system obtained from m: by replacing the schemata (* T), (*El) and (*4) by the single schema
Then Am' = AU. Proof. That (*M) implies (*1') and (rEI) is clear. To see that it also implies (*4), notice that (*M) implies that I-[*]A::J rJ[*]A. AppJying (RN), we conclude that I-[*]([*JA::J rH*]A). But the following is illl iJl.stance of (*ind):
Ii
Hence by truth-functional re.1soning" [*]A ::J [*] [>I C E y)}, VL(P) {x: P E x}, for all propositional letters P. It is now possible to prove a Canonical Model Theorem to tJ:e effect t~at fJJ1L i'=x A if and only if A E x, for all formulre A and all pOints ~ E liL However in contrast with the cases we examined in chapter 1, thiS canonicai model is not immediately useful to us, for although it is a model for the logic, it is not a standard. model. It is ~ fa~t ~hat (~L)* k SL: bu\ it is also a fact -except when L IS one of certam triVial logIcs-that lRrJ ;t. SL For let l: be the set {[.]nl>: n;;:: O} U {..,r*1P}. In section 2.1.2 we saw that l: is consistent in any ancestral logic for which the natUJ:al numbers frame ll' defined there is a frame. In such logics, oy Lindenbaum's Lemma. there exists a maximal L-complete set u extending l:. Note that u E UL Since ['" JP $. u there exists some w such that (u, w) E SL and P r;. w. Sincce [.]np E u, for every n, (u, w) f/i (RL)*.
What this means is that the canonical frame (UL RL, SL) is not a frame for L in any interesting case. In other words, no interesting nor~nal ancestral logic is canonical. This in turn means that extra wor~ IS needed before completeness can be established. Our strategy will be to proceed via filtrations: filtering ~he canonical mod~l throu~h a judiciously chosen formula set WIll produce a filtratIOn that IS a standard model suited to our purpose.
2.
Filtrations
Filtrations are defined in the same way as in chapter 1. Since Lis normal and finitary. the canonical model for L exists with the usual properties. Here we are only going to filter the canonical ~odel of L, so we phrase the definition of filtration with an eye to that particular application. Let W be a set of formulre that is closed under subformulre. The equivalence relation", (mod lP) is defined as before. Let us say that l))}" (U", R", S", VO) is ajiltra.tion of the canonical model ~ through W if the following conditions are satisfied: (i)
(iiA) (iiB)
(iiiA)
U" is the class UIlIl of equivalence classes XCI where x E UL if (x,y) E RL, then (XO,yO) E R O , if (XO,yO) E RO , then [-JA E x n Wonly if A E y, if (x,y) E SL, then (XO,y") E So,
40 (iiiB ) (iv)
if (XO,yO) E So, then [",]A Ex n 'If only if A E y, if P is a propositional letter in 'If, then VO(P) = {XO : x E VL(P)}.
Filtration Theorem (first version), for all x E UL.
Now let us compare this passage with the corresponding 'passage in the proof of the second version. Here there are the followmg cOiTesponding four conditions:
For all fonnulre A E'lf and
(1') (2')
lJRO Fxo A if and only if 5JllL !=x A.
Filtration Theorem (second version). for all x E UL,
For all fonnulre A E'lf and
Proof. The difference between the two versions is that in the fonner we proceed via the canonical model for L, whereas in the latter we prove the theorem from scratch. The difference is not great, but it is WOI1h comparing the two altematives. The former version is proved as in the case of modallogie. The induction is on the complexity of A. Let us scrutinize the subcase when A is of the form [']B, where the result to be proved is assumed to hold for B (the case when A is of the form [",]B is similar). Here one has to argue that the following conditions are logically equivalent: 1JIl" !=X0 [. ]B,
(2)
Vy «XO,yO) E W
~
lJRo Fy0 B),
(3)
Vy «XO,yO) E RO
~
'lIlL Fy B),
(4)
5JllL !=x [. ]B.
( 4')
[']B Ex.
The equivalence of (1') and (2') and of (2') and (3') foll0'Y~ as ~~fore. Going from (4') to (3') is strai ghtforward, thanks to condItIon (liB). But going from (3') to (4') involves a cel1ain subtlety.
1JI1o !=X0 A if and only if A E x.
(l)
:11
Assume that (3') holds. With the help if condition (iiA), we see that BEy for all y such that (x,y) E RL. Using the definition of RL. we note that {C : [']C E x} I-L E. Appealing to the finitariness of Land to Scott's Rule, we conclude that {[']C : [']C E x} ~L [']B; in other words, x I-L [']E. Hence (4'). [']B E x, as we wanted. The argument just given holds a certain familiarity: we met it in the proof of the Canonical Model Theorem, in the modal part of the inductive step. The point we wish to make here i~ that i~ we p,?ve t~e Filtration Theorem from scratch-the second versIOn-dIspensIng WIth any appeal to the Canonical Model Theorem, the~ we still have to go over what is the crucial part of the proof of the Canolllcal Model Theorem. , Thus the work to be done is pretty much the same in the two cases. • The analysis that now follows may be viewcd as a generalization of the analysis of S4 in section 1.2.6. Keeping Land 'IJ as specified we define lJIlt =: (U", Rt, st, VO) as follows:
The equivalence of (1) and (2) follows from the truth-condition for [-]. that of (2) and (3) from the induction hypothesis. To go from (3) to (4), assume that (x,y) E RL, for any y E UL. Then by condition (iiA), ( (XO,yO) E RO, and hence lJllL Fy B, by (3). Consequently, 5JllL FX [·]B. Conversely, to go from (4) to (3), assumc that lJIlL FX [·]B. Then by the Canonical Model Theorem, [']B Ex. Suppose that (XO,yO) E RO. Then, since [·]B E'If, condition (iiB) yields BEy. Hence by the Canonical Model Theorem 5JllL Fy B, as we wanted.
n
Rt = {(x,y) : 3x' '" x 3y' '" y (x',Y') E RL},
st = (Rt)"'.
c~T~ it is clear-f~~-th~-o~~~~~-~~~';;'t is a finite standard mod>~')
We will now·-ShoWlhatitis--a-tiltration.. . That.eemiititlrrfiiAtis-saflsfied is clear. To see that (iiB) is satisfied, suppose that (XO,yO) E R" and that [']A E x n 'P. By definition there are some x' !5 x and y' .. y such that (x,y) E RL. Since [']A Ex n 'If, also [']A E x', Hence A E y', and
42 since lJI is closed under subfonnulre and thus A E lJI, A E y. Thus the difficulty in proving that lJJl:t is a filtration consists in showing that conditions (iiiA) and (iiiB) hold.
Proof. Falling back on an argument in section 1.2.5, we make the following observation: for every set V ~ VO there is a Boolean combination Cv of fonnulre in lJI-a disjunction of conjunctions of fonnulre, each of which is either a fonnula in lJI or else is the negation of a fonnula in lJI-such that, for all wE VL, WO E V if and only if Cy E w. (This is a notion of separability subtly different from that in section 1.2.5. However, the proof of the new claim is analogous to that of the old result.) Suppose now that (x,y) E SL. Let W be the set {(ZO : (XO,ZO) E St}. By the observation just made there exists a Boolean combination Cw = C of fonnulre in lJI such that, for all t E VL, (0)
to E W if and only if C E t.
4} Proof. We begin by proving the following claim, for all elements u, v E UL and for allll:
The claim is proved by induction on n. If (UO,VO) E (Rt)O then UO = va, and so u '" v. Thus in this case it is trivial that [*]A E v if [*]A E un lJI. Assume therefore that the claim (:lJ) holds for n. Suppose that (UO,VO) E (Rt)n+l and that [*]A E u n lJI. Then there is some w E UL such that (1)
(UO,WO) E Rt,
(2)
(WO,VO) E (Rt)n.
Condition (1) implies the existence of u and v such that u' '" u and w' '" w and (u',w') E RL. Evidently, [*]A.E u'. Above we have seen that [*]A => ['][*]A is a thesis ofL. Hence ['][*]A E u' and so [*]A Ew'. Since lJI is closed under subfonnulre, [*]A E w. This result places us in a position to apply the induction hypothesis to wand v; the conclusion is that [* ]AE v. This ends the proof of (:lJ).
Since st is defined as the ancestral of Rt, we certainly have XO E W, so (1)
:!
i
I
C Ex.
Let u be any element in VL such that (x,u) E SL. Suppose that C E u. Then by (0) we have UO E W. Hence if v is an element of VL such that (u,v) E RL it follows by the definition of Rt that (UO,VO) E Rt;. therefore also VO E Wand so, by (0), C E v. This goes to show that [']C E u. In other words, we have shown that
But L is a normal ancestral logic, so every instance of the schema (*ind) is in x. Hence, by (1) and (2), [*]CE x. But (x,y) E SL by assumption, so C E y. Hence, by a final application of (0), yO E W, which is the same as saying that (XO,yO) ESt. •
Lemma B.
If (XO,yO) E St. then [*]A E x n lJI only if A E y,
Returning to the main proof, suppose that (XO,yO) ESt and [*]A E x n lJI. As lJJl:t is standard there is some n such that (XO,yO) E (Rt)n. By the observation (:IJ), therefore, [*]A E y. But [*]A => A is a thesis of Land so is an element of y. Hence A E y. •
Corollary.
lJRt is a filtration.
Theorem The axiom system '2l is sound and complete with respect to the class of all ancestral frames. In other words, the basic ancestral logic is axiomatized by '2l.
Proof. Let ~ be a finite set of fonnulre consistent in A('2l), the logic generated by the axiom system'2l. By Lindenbaum's Lemma there is some maximal consistent set x extending~. Let lJI be the set of all subfonnulre of fonnulre in ~. Then lJI is a finite set, and we can construct the modellJRt as described above. By the corollary, jj)lt is a filtration of the canonical model lJRt for A('2l) through lJI. By the filtration theorem, therefore, ~ is satisfied at XO in lJRt. And the frame of lJRt is a frame for A(U). •
44
45
3. Dynamic logic
The basic ancestral logic is thus an example of a logic that is finitary without being compact. Corollary.
The basic ancestral logic has the finite model property.
Notice that even though what we have proved is a weak: completeness result-noncompactness precludes strong completeneness-deddability still follows.
Theorem. The basic ancestral logic is decidable, It is always a good idea to review a long proof and try to pinpoint the roles of the various assumptions that have been made. In the case of 21 the following remarks apply.
A(21) is a finitary logic normal in both [.] and [*]. There is a crucial point in the proof of the Canonical Model Theorem that depends on these features. As we saw, if one prefers to sidestep canonical models, the Filtration Theorem takes a form that requires the same crucial point to be proved.
3. L Semantics 1.
Frames
Semantically speaking, in modal logic we have one accessibility relation, in ancestral logic two. In dynamic logic we go the whole way: ~he~e,are indefinitely many accessibility relations" Thi~ tim~, thou~h, the l?tUlbon is somewhat different. In modal (deontlc, eplstemlc) lOgiC th~re IS a , static universe; from a point one roilY have access to other pomts, but no change is envisage~, Ancestrallo,gic. is c?mpletel~ abstract and thus as static as modal logic. In tense-logiC time IS sOI?ethl~g that.hap~ens to you, not anything that is up to you. I~ dynamiC logiC th~ Idea I~ tha~ the accessibility relations are actions. ~hl~ way of rep~sentJ?g.actlOn~ IS certainty rudimentary, but it is a begmnmg. DynamiC logiC IS a logiC of action of a primitive kind. '
J
Let U be any set. By an action in U we understand any binary relation in U. Then by aframe we may und~fStand ~ pair (U~ R) where U is a. set (the universe of the frame) and R IS a famtiy of actions (the repertmre of
Without finitariness lindenbaum's Lemma could not be invoked in the completeness proof.
the frame),
A(2l) provides (",ind). Without it we would not have been able to
Such a general concept of frame is.not veo/ interesting, ~ough. ~~ us say that a frame (U, R) is standard if R satisfies the foIlowmg conditions:
llrove Lemma A. l'..,,'lt) tliovides \.*\1\. -:J I\. and \.*\1\. -:J \:\\'*\A, Witncro.ttnem we
would not have been able to prove \..emma \3.
if a, b E R then a U b E R and a I b E R, if a E R then a* E R. if X ~ lJ then fest X E R. Here U stands [or set theoretical union, 1[or relative product, and"' [or the ancestral. Furthermore, test X = AU 1 X, where AU is the diagonal relation in U, that is, {(x.x) : x E U}, and 1 indicates restriction to X. A more general description of a frame would be as a structure (U, R, P), where U is a set, R = {IRI, U, I, "', test} is an algebra of relations in U ("actions") and P {IPI, n, U, -, 0, 1, after} is an algebra of subsets of U ("propositions"). Here IRI and IPI are the carriers .o~ the respective algebras, and the operator after is defined by the condition alter(a,x)
=
46 {x: 'ltu «X,u) E a => u E X}. The latter is obviously related to the "interior" operators discussed in the section on algebraic semantics in chapter 1. Then standard frames would be those where R is a regular algebra (meaning that the condition on the operations of R listed above are satisfied) and P is a normal modal algebra such that P =~u. However, we shall not pursue this line in the present notes.
i
,I
(
Central among the indefinitely many operations in a frame are the members of a family which we will now describe. There are two basic semantic categories in our theory, that of propositions and that of actions. If U is a universe, then let P be the set of propositions, R the set of actions. (In our theory, P is simply the power set ~U of U.) The family we have in mind is the class of all operations belonging to one of the following two types: pm X Rn------> P, pm X Rn -----+ R.
In. the .former case. ~e s~y that. the operation is proposition-fonning (Yleldl11g a proposition If appbed to m propositions and n actions) in the latter t~~t it is action-fonning (yielding an action when applied to'm propositions and n actIOns). We should like to find the logic determined by the new concept of frame. To do so we must first decide on an object language suited to this kind of frame.
2. Language What would be a fruitful object language for reasoning about standard frame~? The answer to this question depends on what model theoretical operations that are thought to be interesting. To parallel the structure of our semantical machinery, let us postulate two syntactic categories F (formula:) and T (terms). In each category there are denumerably many primitive symbols, all distinct (propositional letters and action letters). Every other primitive symbol belongs in either of the following categories: FIll X Tn ------> F, FIll X Tn ------> T. The former are formula makers, the latter term makers. The formula makers are (i) Boolean operators, of type pIl-----+ F, for some m, (ii)
47 the higher order operator [ ] ("after") of type F X T ------> F. The term makers are + ("sum") and; ("composition") of type T2 -----+ T, * ("the Kleene star") of type T ~ T, and? ("test") of type F -----+ T. A more traditional definition of the language would be the following inductive definition; which defines 'formula' and 'term' atthe same time: 1. 2. 3.
4. 5. 6. 7. 8. 9.
Every propositonalletter is aformula. Every action letter is a term. If 0 is an n-ary Boolean operator and Ao, ... , An-I are fonnulce, then o(Ao, ... , An-I) is afonnula. If A is aformula and a is a term, then [alA is aformula. If a and ~ are terms, then a + ~ is a tenn. If a and 13 are terms, then a;13 is a tenn. If a is a tenn, then a* is a tenn. If A is aformula, then?A is a tenn. Nothing is aformula or a term except by virtue of I -
8:
We say that an expression is we1l1onned if and only if it is either a formula or a term. This object language was first defined by Vaughan Pratt who wanted to use it in order to discuss, in a formalized way, the effect of programs. Informally, a command to do a + ~ is carried out by doing either a or ~ (it does not matter which); a command to do a;~ is carried out by first doing a, then doing 13; a command to do a* is carried out by doing a some finite number of times (0 or I or 2 or... -it does not matter which). The command? A is carried out by verifying that A obtains. If A does not obtain, then it is obviously impossible to verify that A obtains. For this reason, calling? A a test program, which is often done, is slightly misleading: the label "test" may suggest that one is expecting a yes-or-no answer, but that is not the case. 3. Models
Only now can we define the notion of a model. Let us say that V is a valuation in a frame (U. R) if it is a function assigning a subset of U to each propositional letter and an action in R to each action letter. A model is a structure (U, R, V) where (U, R) is a frame and V is a valuation in (U. R). We define the meaning or intension IIElljjR of wellformed expressions E in a given model jjR =: (U, R, V) as follows (although for convenience we shall omit the superscript).
:1
45 1.
2. 3.
4. 5. 6.
7. 8.
For every propositional letter IIPII = VCP). For every action letter n, Ilnll = VCn). For Boolean operators the conditions are obvious. For example, if 1\ is primitive, then flA 1\ Btl = IIAB n IIBU' if -, is primitive, then lhAD U - !lAII; etc. ) lI[a]AU = after (Dall,flAlI).
In the light of the discussion in chapter 2 olle realizes that this is onlV one of a number of axiom systems, all of which lead to the same class of fonnal theorems.
=
fla + 1311 = lIan U 11131L lIa;!3D = Dalll 1I!31L
lIa*H= !lall*. II?AU = test 1IAlI.
(Here after is ~.in section 1.) Notice that this definition parallels, step by step. the defimtIon of well-fanned expressions. Notice also: the intension of a formula is a proposition. the intension of a term is an action. We say that A is true at x (in 00) if x E IIAII. Other scmanticaJ notions including those involving truth and validity, are taken over from modai lo~ic. !n particular we can now pose a completeness problem: how to aXlomatlze t~e ~a.sic propositional dynamic logic (PDL). that is, the set of formula: valid In every-standard frame?
3.2. Syntax 1.
49
Axiom systems
Let'!l be the axiom system whose inference rules are eMP) and (RS) for every operator [al, and whose axioms are the instances of the following schemata:
C+) (;)
[a + (3]C '" ([alC 1\ [(3]C). [a;!3JC= [u][J3]C,
(*4)
[a*]C=> C. [u*]C=> [a]C" [a*]C:J [a*][a*]C.
(",ind) (1)
(C 1\ [a*l(C => [a]C» => [UIl e W only if An, ''', An-l E qf. I[ [a + !31CeWthen [a]CEW and [13]C EW. I[ [a;!3]C E W then [a] [!J]C E W. If [a*]CEWthen [a] [WF]C ew. If[1A]CeWthenA EW.
The Fischer/Ladner closure of a set W is the smallest set closed under the Fischer/Ladner conditions that includes W.
The FischerfLadner Lemma. set is finite.
The Fischer/Ladner closure of a finite
Proof. It seems difficult to give a rigorous proof of this result that is also reasonably intelligible. Here we shall sacrifice rigour in the hope of maintaining intelligibility. (Readers dissatisfied with the lack of rigour are invited to work out a rigcrous proof based on the outline we present here.) We show how to construct, for each formula in the language, a certain tree. Every node is of the form (n, A), where n is a label and A the associated formula. We make an ad hoc distinction between formula: that are "underlined" and formula: that are "not underlined", a distinction
51
not made in the statement of the Fischer/Ladner conditions. Assume, for the sake of example, that conjunction and negation are our primitive Boolean operators. The following inductive definition contains instructions for how to grow our trees. Unlike trees you see in nature ours grow downwards.
..,B
.A
2. If (n, A) is a node where the associated formula A is completely underlined, then nothing is to be added under that node. (
."
3. If (n. A) is a node where the associated formula A is not completely underlined, then proceed as follows. Let Band C stand for formula: that mayor may not be underlined, completely or partially. (i) If A is B 1\ C then find new labels n' and n" and add (n', B) and (n", C) as new nodes directly under(n, A). (ii) If A is -,B, then find a new label n' and add (n', B) as a new node directly under (n, A). (iii) If A is [nJB, then find a new label n' and add (n', B) as a new node directly under (n, A). (iv) If A is [a + ~]C, then find new labels n' and n" and add (n', [a]C) and (n W]c) as new nodes directly under (n, A). (v) If A is [a;I3]C, then find new labels n' and n" and add (n', [a]ffi]Q) and (n", [I3]C) as new nodes directly under (n, A). Notice that part of the formula associated with n' is underlined . (vi) If A is [a* ]C, then find new labels n' and n" and add (n', [aJIm:.JQ and (n", C) as new nodes directly under (n, A). Notice that part of the formula associated with n' is underlined. (vii) If A is [?B]C then find new labels n' and n" and add (n', B) and (n", C) as new nodes directly under (n, A). d
,
One 'gets a better WastJ of these instructions b')' 'E,lll.'\lhica1\')', as \n \he chart on the next \la'ge.
I
c
B
B
[~]C
[C(J[~]C
[~]C
B
1. If (n, P) is a node in the tree, where P is a propositional letter, then nothing is to be added under that node.
[:n;]B
[?B]C
/~c
B
[ct+ ~JC
A
[a]C
It is clear that every branch in \T terminates. This is so because any formula that is added is simpler than the preceding fonnula in every case except when [aJ1IiK:. is added under [a;131C, or [a][a*]C is added under [a* ]C. But underlined formula: will not influence later growth of the tree: the only part of [alE or [a]£a*lC that will give rise to growth is the initial raJ-operator. For our purposes the complexity of [a]1IiK:.and [a][a*lC is therefore the same as [aJQ, where Q is a propositional letter. Hence also in these two cases are the successor formulre simpler than the predecessors. Thus ~ is a finitely-branching tree, evelY branch of which is finite. By Konig's Lemma, such trees contain at most finitely many nodes. Hence '11(~) is finite. This proves the lemma, for the Fischer/Ladner closure of any set I is the union of the Fischer/Ladner closures of the sets {A} with A EI. •
~kpi.ctin'g them
Le\ U' be, the tree geneIated b')' an')' formula A, and let 'lJ(U') be the set of fOffim\a':, (disIegaIding, an')' undeI\i:ning,) that are associated Vli\h a\ least %orne node i.n "S. No\i.ce, \ha\ eveT\' unde.\ined lUffim\a OI %\l'olmroula of an associated formula in the tree "appears somewhere else without underlining. Hence every formula of the Fischer/Ladner closure of the set {A} is an element of 'V(U'). Also the converse holds, so 'V('J') is ill fact exactly the Fischer/Ladner closure of {A}.
3.3. Completeness 1.
Canonical models
Let L be finitary normal dynamic logic. Also in this case can we define = (UL, RL, VO for L. To do so, just generalize the modal concept in the obvious way: define the canonical model SJRL
52 VL = the set of maximal L-consistent sets, RL = the family of ail relations RL(a) where a is a term in the language and RL(a) = {(x,y): 'lfe ([a]e E x ~ eE y}, YL(P) = {x : P E x}, for every propositional letter P, YL(n) = RL(n), for every action letter n.
Proof. See the proof of the filtration theorem for ancestral logic, the .. second version.
1
The Canonical Model Theorem can be proved. so lJJlL is indeed a model
~L
However, IID:I. is not a standard model (the main "defect" is that (R(a))* In order to achieve a is in general only a proper subset of R( a* completeness result we would have to transform lJJlL into a standard model without changing whatever truth-conditions are dear to us. One technique for doing this is by way of filtration. This is the way we went when faced with the corresponding problem in ancestral logic. However, as we remarked there, the detour via the canonical model is not really necessary. Here we shall go directly for the filtration.
n.
2.
Let W be a finite set of formula: closed under subformula:. We write a. 'YJ W if a is a term occurring in some formula in W. As before we designate by '" (mod lJI) the equivalence relation induced by W in VL writing X Ofor the equivalence class {x' E UL : x'" x' (mod 'II)}. Let us write Vo for the set UIW of equivalence classes in VL We say that a: modellJllo = (Va, W, YO) is afiltration thr9ugh W if
(B) (e)
Let 'If be a given finite set of formulre but this time closed under the FischerlLadner conditions. We shall construct a particular model with universe Va, where as before VO is the class V!\¥ of equivalence classes in VL of .. (mod 'II). We define a family of binary relations lalt in UI'I' as follows.
1,J
{(XO,yO): 3x' .. x 3y' .. y (x,y) E RL(n)}, for evelY action letter n 'YJ W. 1c~lt
la + j3lt = 1a.;j3lt = lo.*lt = I?Alt =
u
1~lt,
lo.lt I 1(31 t, (Ialt)*, lesllAlo.
Now define SJllt = (UIW, Rt, Yt), Rt
Filtrations
(A)
53
'=
{hit: a 11 \P},
= IP[O, for every propositional letter PEW,
YtCP)[ == 0, for every other propositional letter P. = [nit, for every action letter n 11 w, Yt(n) { = 0, for every other action letter n.
-
.
Notice that SJIlt is a standard model. We shall now prove that, given that L is a finitary normal dynamic logic, SJIlt is a filtration.
Lemma A. If (x,Y) E RL(Y) , then (XO,yO) E Iylt, for all y 'YJ W. Proof. By induction on y. Suppose that (x,y) E RL(Y). If Yis an action letter n in W, then the claimed result follows by the way /nIt was defined.
If y == ?C for some formula C then suppose that A E x. Then C:=J A Ex, so by the "right-to-left" half of the axiom schema called (7) [?C]A Ex. Hence A E y. This shows that x ~ y and hence that x == y. Since C E W, IClo is well-defined. Consequently, (XO,yO) E AO 1lClo, which is to say that (xOf) E I?eft.
rL,
54
Suppose now that the result holds for some terms a and must check the cases when y is a + f3 or 0.;13 or 0.*.
fl in 1J1.
We
First suppose that y =:: a + 13. We contend that (x,y) E RL(a) or (x,y) E RL(f3). For suppose not. Then there are formulre A and B such that [alA E x and [~]B E x while A f/: Y and B f/: y. By modal logic, [a](A v B) E x and [~](A v B) E x. Hence by axiom schema (+) ("right-to-Ieft"), [a + f..](A v B) E x. Then A vB E y, a contradiction; which ends the proof of our contention. By the induction hypothesis, (XO,yO) E lalt or (XO,yO) E 1~lt. In either case, (XO ,yO) E 10. + [311" by definition of IJIl:t. Next suppose that y =:: 0.;13. We contend that there is an element w such that (x,w) E RL(a) and (w,y) E RL(j3). Consider the set I = {A: [alA Ex} U {<j3>B : BEy}. If I were L-inconsistent, then there would be some Ao, ... , Am-l and Bo, ... , Bo-I such that [a]AO, ... , [a]Am-1 E x and Bo, ... , Bn-I E y and I-L (AO" ... " Am-I" <j3>BO " ... " Bn-I)
=> .1
By modal logic, therefore, (AO" ... " Am-I " (BO" ... " Bn-I)) :J .1 is a thesis of L, and hence
By Scott's Rule, I-L ([a]Ao " ... " Ia]Am--l) => [a]Ij3]-{Bo " .;. "Bn-I), and so finally, by the schema (;) (,'right-to-left"),
Lemma A for ancestral logic, so we omit the details. Suffice it to say that it is in this palt that the "induction schema" (*ind) is needed, and that " it matters that 'If is finite. Lemma B. If (XO ,yO) E Iylt then [y]C Ex n'lf only if C E y.
Proof. By induction on y. Assume that (XO,yO) E Iylt and [y]C E x n w. First suppose that y is an action letter n. Then there are elements x' ". x and y' '" y such that (X',y') E RLCn). The fact that [n]C E x n W implies that [n]C E x', hence that C E y'. But 'If is closed under subfonnulre (among many other conditions), sO'C E 'P. Hence C E y. Next suppose that y = ? A, for some formula A; note that by (FLO) . and (FL?) both A E 'If and C E W. Then X O= yO and A E x. By axiom schema (?) ("left-to-right"), A :J C E x, hence C E x. Since x"'y, C Ey. . Suppose now that the result holds for some tenns a and B in W. must check the cases when y is a + fl or a;f3 or Wi-.
In
First suppose that y = a + 13. this ease our assumption is that [a + P]C Ex n'lf. By axiom schema (+) ("left-to-right"), [a]C E x and [P]C E x. By (FL+), both [a]C E 'If and [j3]C E W. Moreover, either (XO,yO) E lalt or (XO,yO) E If3lt. The induction hypothesis, applied to whichever case obtains, gives us C E y. Next suppose that y = a;j3. In this case our assumption is that x n w. By axiom schema (;) ("left-to-right") and (FL;), (1)
[a] [/i]CEx
I-L([a]Ao" ... " [a]Am-l):J [a;/3]...,(BO" ... " Bn-I). Evidently then [a;~]""(Bo " ... " Bn-I) E x, therefore ...,(BO " ... " Bn-I) E y, a contradiction. This argument shows that I is indeed L-consistent. Hence, by Lindenbaum's Lemma, there is some maximal L-consistent extension w of I. It is clear that w has the right properties, so our contention has now been proved. By the induction hypothesis, (XO,W O) E lalt and (WO,yO) E 1r1lt. Hence (XO,yO) E la;Blt by the definition of
'IDt. Finally suppose that y = U*. This is the most intricate link in proof of the lemma. However, it is completely analogous to the proof of
We
[a;~]C
n'p.
By construction of R'j' there is some w such that
(3)
(WO,yO) E
1~lt.
The induction hypothesis used on (1) and (2) gives us [j3]C E w. (f'LO) , [PJC E W. Hence
(4)
[/3JC E w
n 1J1.
By
E
-------------_._----------
56
The induction hypothesis used on (3) and (4) gives us C E y. Finally suppose that y = a*. This case goes through in very much the same way as the proof of Lemma B for ancestral logic, so we omit the details. Note, however, that for this step we need axiom schemata (*T), (*El), and (*4) as well as the condition (FL*). •
Being able to answer these questions is a sign that you have understood the long proof.
3.4. Limitations of PDL Corollary.
!JIlt is a filtration. 1.
3.
Completeness of PDL
Suppose that ~ is a finite ,»-consistent set of fonnulre. Then, by Lindenbaum's Lemma, there is some maximal ,»-consistent set x such that ~ ~ x. Let 111 be the Fischer/Ladner closure of~; as we saw, 111 will be finite. Construct smt as in the preceding section. Then ~ is satisfied at XO in !JIlt. As we remarked before. !JIlt is a standard model. Hence every finite E F«? ku) + (--,kl.l)) ~ a pOInts x In the universe) but OIF A . , ,p , or fail path. Similarly. II(? A;~)*;(?--'A)~I~~:a~E 13!1 need .not c?ntain auy but 110. WHILEAJI need not do so. ays contams fall paths, (? kct)*.(? A
There are of course many other exam les f h is, of actions that cannot be disting~ished i~ ~;LS:~e p~el1om~no~;. that and path semantics distinouish th t' n tough IlltUltion offered by Ilnll an~lll?T .111. em-he sImplest example is perhaps
:?
",9
\Ve shall now give the promised example of a case when the relational semmltics does not suffice but requires some enrichment.
3_ The delta operator Some actions can be characterized as resulting in a certain state-of-affairs. Thus opening a door results in the door being open (at the moment the action has been completed); killing a mosquito results in the mosquito being dead. It might not be easy to give a full analysis of such actions, but as a first approximation one might introduce an operator b with the idea that bA is the action consisting in bringing it about that A. Suppose we want to pursue this idea within the context of dynamic 10Ctic. \Vhat semantic conditions would be. appropriate for 1'17 Several decisions must be made. First there is the distinction between reliable and unreliable doings. If a mediocre darts player hits the bull's eye, then one of many descriptions of the action he just perfonned is that it consisted in hitting the bull's eye. But (under normal circumstances) his success was by no means assured. If he tries to repeat his action (by running "the same program" a second time) he may well fail. This is an e~ample of unreliable doing. The analysis of such doing seems more difficult than that of reliable doing. Hence our decision to restrict tJ to reliable doing. Next we must face the fact that often there are several ways of bringing about one and the same state-of-affairs. Rather than choosing between them or trying to impose some kind of ordering on them (with a view to designating some of them as "normal" ways of performing the action) we go for maximality and recognize them all: given a frame we define the intension of CiA as the set of pairs (x,y) such that for some action il in the repertoire, iJ is a reliable way of seeing to it that A is true at y, and (x,y) E iJ. Formally, if (U, R) is a given frame, JlMIl
= {(x,y) : 3iJ E R «x,y) E iJ & 'dz «x,z) E iJ ~ z E IIAII)}.
This, then, defmes the delta of maximal, reliable doing. There are other ways of defining delta, perhaps more interesting. Still, this is one possibility, and it has some claim to interest. However (this is the point of the example!), the definition just given is not in accord with our intuitions as described. To see this, suppose that u names an action that, at a particular point x in a model, is an unreliable
60 way of seeing to it that A. In other words, there arc points y and w such that (x,y) E nAil and (x,w) f/:.IIAII, Then lIa;?AII ~ IlbAIi. That is to say, on our definition, a reliable way of doing A is to do anything and then ask whether A obtains; if it does, we have achieved A, if not the run has failed and so does not count. Thus (x,y) Ella;? All sillce (x,y) E 110.11 and (y,y) E II?AII, but (x,w) I$.lla;:AiI since, even though (x,w) E !Iall, still (w, w) f/:. II? AIL Our formal result is of course informally absurd: no-one would wish to claim that, in general, a;? A is a reliable way of seeing to it that A. The mistake in the formal analysis sketched above was to try to carry out within the relational semantics of PDL a project that evidently requires greater resources. In particular, for the delta operator it is not enough to consider just runs that terminate: if we do not wish to adopt path semantics in all its rich complexity, at least we must find some other way to register the possibility that paths may fail or be infinite. [Readers interested in a further discussion of these matters are referred to the author's article "Action incompletencss" in Studia logic:a, vol. 51 (1992).]
4. Background 4.1. Historical remarks 1. Modal logic. Philosophers have been interested in modal notions-necessity, possibility, contingency-since Aristotle, and some, for example Aristotle himself, have tried to study their logic. Modern modal logic may be said to have begun round 1912 when C. L Lewis, upon reading Russell and '''hitehead's Prillcipia mathematical, ~eeame interested in trying to find a connective more suited than matenal implication to express our informal concept of entailment. Thanks to Lewis and others a formalism for "a1ethic" modal logic was developped, With time, logicians noted that this formalism was capable of other interpretations. Already in the 19308 KUlt GMel had observed that the box operator of modal logic can be read as "it is provable in the system S that", oiven that S is a suitable formal system, In the 1950s Georg Henrik von Wright championed several other interpretations: "epistemic", "doxastic", "deo!ltic" (some te.n ~ears later the forme~ two would be extensively explored by Iaakko Hmtlkka), and Arthur Pnor developped "tense-logic" in close analogy with modal logic.
However. it was only with Saul Kripke that modal logic really t.ook off. Bemnning 1959 he published several papers in which he introduced what we"'now refer to as I(ripke semantics or possible-worlds-semantics. Historians interested in the development of modal logic will have to assess the relative importance of Carnap's and Prior's work as we,ll as the work of Stig Kanger and laakko Hintikka. who published, related Ideas . independently of Kripke and in fact somewhat earlier than he; there IS also the famous Jonson & Tarski paper from 1951. Neveltheless, there is no doubt that it was Kripke 's papers that triggered the explosive growth of modal logic of the following two decades. The exposition in the present notes is in the tradition of John Lemmon and Dana Scott as set out in the Lemmon Notes. One feature that makes their theory so elegant is the concept of the canonical model. The idea of using Henkin's method in modal logic occurred, independently, to a number of other authors as well, for example, David Makinson, Max Cresswell and Kurt Schtltte, but those authors restricted themselves to case studies and did not see and did not seek the generality that Lemmon and Scott achieved. The concept of filtration, which they also employed, was modelled on an algebraic construction of J. C C. McKinsey.
L
62
In the bibliography four textbooks have been listed. Lemmon's book, the published version of a draft completed three days before Lemmon's death, is of great historical interest. Written as a monograph rather than as a textbook perhaps it makes greater demands on readers that the other three, but it is still a favourite with this author. The books by Chellas and Hughes & Cresswell are standard texts in modal logic. Goldblatt's book, unlike the other three, deals with dynamic logic as well as modal logic. Therefore it is probably the best choice for those whose interest in modal logic is secondary to their interest in dynamic logic.
{
Lemmon's book contains a valuable historical introduction. Some historical remarks are also made in the survey article by Robert Bull and the author. In section 2.2.2 we touched on tense logic. For further discussion, see the survey paper by Burgess listed in the bibliography. The author's paper "On von Wright's tense-logic", also listed in the bibliography, was to ~ave b~en the ~rst publication of a completeness proof for the tenselogIC of dIscrete linear future time with operators for both 'next' and' at all times'. 2. DJnamic l?gic. There are ~horter completeness proofs for PDL than the ~me gIven .h.ere. The vIrtue of our proof is that it so clearly bel~ng~ m t~e ~radltlon of .mo~llogic: from a theoretical point of view, dym\l~llC logIC IS a genera~l~ation of modal logic. Consequently the tec~mques that mo~alloglclans have built up are almost immediately aVaIlable for studYlllg dYl1ronic logic.
called the modal logic of programs) seems to have been due to .tv1ichael Fischer and Richard Ladner, who were able to prove in 1976 that PDLthe set of formulre valid in all standard frames-has the stron" fmp and so is decidable. '" In modal logic it is unsual for an fmp result to be proved before completeness has been settled, but in this case completeness turned out to be hard. By the summer of 1977 the author of these notes had worked out the completeness of ancestral logic (essentially the proof presented in ch~pter 2). He had also developped a completeness proof for PDL, which he presented in Blian Chellas's seminar at the University of Calgary in July 1977 and then announced in the Notices o/the .4. AI. S. Independently of this and of one another, several other researchers were tryi?g to produce their own completeness proofs. In particular, Rohit Pankh, then at Boston University, had his own proof by November 1977. In early January 1978 the author, to his everlasting chagrin, discovered that one of his inductions did not get off the ground. In other woids. his proof contained a gap and therefore was no proof. The author's . co~pleteness proof for ancestral logic was still correct, but the honour of hav.lllg produced the first con'ect proof for dynamic logic belongs to Pankh. Later he and Dexter Kozen published a shorter proof, which is now regarded as the classic ref~rence for the completeness of PDL. The author's mended proof, essentially the proof given here, was presented in March 1978 at the Banach Center in Warsaw. The ~urvey alticle by David Harel,an informative if difficult paper, proVides an account of the intense period of work following the initial petiod described above.
~~tt~: ;~:~d~~g~~~~gdit:~isp~~~~~!~~~~~hp~~~all~;it~:::i~~;~b~~s
en aS~lstan~ professor of computer science at MIT was t h' ' ,eac. mg a iradltJ~11 of cfomputer ~cientists who have tried to d~vel~:e::e~u~ long .orma Isms or reasonmg about what programs do Pr . Improve on previous efforts develo . . att, t.rymg to olle well-read student to co~e up aft~~ed hIsI own tdheory. whIch prompted Pr it d' one c ass an sucrgest that what a w~s ol.ng was ~ust modal logic. Incredulously ~att checked out o ~~",he:s & C:lesswell s bltrod'!ction tv nwdallogic from the libra
4.2. Selective bibliography
cou~s~ m Which program verification was one Issu'
wase~ de::"d~~~:e;:~:~;~~ :~a~~~~~SSic, Pratt was convinced?'ihen;
~~f:~~~~t~~~~~:~s}~c s~~~I~ic~ w~s lw~rked out; it w~ not clear how to .
rs resu t In dynamiC logiC (at that time still
1. Textbooks
CHELLAs, BRIAN F. Modallogic: an introduction. Cambridge and New York, NY: Cambridge Universiy Press, 1980. GOlDBLATT, ROB. Logics o/time and computation. CSLI Lecture Notes, vol. 7. Stanford University, 1987. (Third edition to be published soon.) HUGHES, G. E. and CREsSWElL, M. J. ,4 companion to modal logic.
London: Methuen, 1984.
64
l1~fv[MON,
E. J. (In collaboration with Dana Scott) An introduction to moda.llogic. (fhe "Lemmon Notes") American Philosophical Quarterly, monograph series, vol. 11. Oxford: Basil Blackwell, 1977. (Written in 1966.)
2. Survey articles BULL, ROBERT and SEGERBERG, KRISTER. "Basic modal logic." In Dov Gabbay and Franz Guenthner (eds), Handbook of philosophical logic, vol 2, pp. 1-88. Dordrecht, Holland: Reidel, 1984. DLI1;:).
JOHN. "Basic tense logic." Ibid., pp. 89-133.
HAREL, DAVID. "Dynamic logic." Ibid., pp.497-604.
3. Original articles FISCHER, MICHAEL J. and LADNER, RICHARD E.
"Propositional dynamic logic of regular programs." Journal of computer and system sciences, vol. 18 (1979), pp. 194-21 L
KaZEN, DEXTER and PARIKH. Romr. "An elementary proof of the completeness of PDL." l1teoretical computer science, vol. 14 (1981), pp. 113-118. PARIKH, ROIDT. "ihe completeness of propositional dynamic logic."
In Mathematical foundations of computer science 197B, pp. 403415. Lecture Notes in Computer Science, voL 64. SpringerVerlag. 1978. "V Oil Wright's tense-logic." In L E. Hahn and P. P (cds), The philosophy of Georg llenrik von Wright, pp. 603-63 . The Library of Living Philosophers, vol. 19. La Salle, IL: Open Court, 1989. (Written ill 1974)
SEGERBERG, lOOSTER.
A.
KRISTER. "A completeness theorem in the modalloQic of prog~m~". In T. Traczyk (ed), Universal algebra and ~ appizcatlOllS, pp. 31-46. Banach Cellter Publicatiolls vol 9 Warsaw: PWN,1982. ' "