View
1
Download
0
Category
Preview:
Citation preview
Modal Logics with Existential Modality,
Finite-iteration Modality, and Intuitionistic
Base: Decidability and Completeness
by Dmitry Shkatov, BSc
Thesis submitted to The University of Nottingham
for the degree of Doctor of Philosophy, September 2005
ii
Contents
1 Introduction 1
2 Background in modal logic and guarded fragments 62.1 Modal logic and first-order logic 62.2 Modal logic vs. first-order logic 162.3 First-order guarded logics 232.4 Higher-order guarded logics 38
3 Intuitionistic modal logic 423.1 Introduction 423.2 Two-variable monadic guarded fragment 443.3 Closure conditions 443.4 Intuitionistic modal logics 503.5 Embedding into two-variable monadic fragment 533.6 Decidability 543.7 Examples 55
4 Logics with Segerberg operator 584.1 Language 604.2 Normal logics 614.3 Logic Seg 724.4 Extensions of Seg 77
5 Logics with existential modality 825.1 Logics K#and DK# 835.2 Logic PDLpath 97
6 Conclusion 115
References 119
Abstract
This thesis investigates some modal logics that have been found to be useful in mod-
elling computational phenomena and, therefore, of interest to theoretical computer
science—namely, modal intuitionistic logics, logics with finite-iteration modality, and
logics with existential modality. We prove a number of new general results concern-
ing these logics. In particular, in chapter 3, we prove a general decidability result for
intuitionistic modal logics through embedding them into the two-variable monadic
second-order guarded fragment GF 2mon with certain conditions imposed on relations
occurring in GF 2mon-formulas. In chapter 4, we prove the analogue of Makinson theo-
rem for logics with finite-iteration modality, that is that every consistent logic in this
language is either a sublogic of the logic of a Kripke frame containing a single reflexive
point or a sublogic of the logic of a Kripke frame containing a single irreflexive point;
the by-product of the theorem is the decidability of the problem of consistency for ef-
fectively finitely axiomatizable logics with finite-iteration modality. In chapter 5, we
prove completeness of Hilbert-style axiomatizations of three logics whose language
contains an existential modality 〈#〉: the minimal normal logic with 〈#〉, K#; its
deterministic extension DK#; and the logic that is CPDL (converse PDL) with a
single nominal and 〈#〉 (this logic is known from the literature as PDLpath). Apart
from the presentation of the above-mentioned results, the thesis contains, in chapter
2, an overview of background material on modal logics and guarded fragments; this
overview can also be read as a concise survey of the field of guarded fragments.
iii
Acknowledgments
First and foremost, I am deeply indebted and profoundly grateful to my supervisor,
Natasha Alechina. Without her valuable help and support this thesis would not have
been written.
I am also grateful to my teachers at the Moscow State University Vyacheslav
Bocharov, Vladimir Markin, and Dmitry Zaitsev, who introduced me to logic and
kindled my interest in the subject.
I am profoundly grateful to Thorsten Altenkirch, Alexander Chagrov, Oleg Grig-
oriev, Roman Kontchakov, Andrei Sobolev, and Vladimir Litvinchook, who helped
me to retain my sanity over the time it took to write this thesis.
My debt and gratitude are also due to EPSRC for their financial support (grant
GR/M98050/01).
Last, but by no means least, I am deeply grateful to my parents for their support
and patience. This thesis dedicated to them.
Thank you!
iv
To my parents
v
1
Chapter 1
Introduction
This thesis is devoted to some modal logics of interest to theoretical computer science.
Although modal logic is a very well established and developed area and “standard”
modal logics have been thoroughly investigated, as can be seen from a comprehensive
monograph on the subject by A. Chagrov and M. Zakharyaschev [CZ97], the needs
of computer science often force us to consider logics with modalities that have not
yet been in the limelight of modal logicians, who have been primarily motivated
by philosophical or mathematical considerations. Quite often, computer scientists
come across computational phenomena that can be usefully modelled using modal
languages, but require modalities or structures that have not been previously studied.
In the present thesis, we consider, from different perspectives, some of the modal
logics that has arisen in various (sometimes, more than one) areas of theoretical
computer science and that has not yet been comprehensively studied: various flavours
of intuitionistic modal logics, logics with a finite iteration modality ♦∗ , and logics with
a wildcard modality 〈#〉 .
The first class of logics that we consider in this thesis is intuitionistic modal
logics— modal logics whose “underlying” logic, that is the logic of non-modal con-
nectives, is intuitionistic. Intuitionistic modal logic has recently come to the attention
of computer scientists because it can be used to model various computational phe-
nomena. In particular, a considerable interest in intuitionistic modal logic has been
generated by the work of Moggi [Mog91] on typed λ-calculus with monads. The
correspondence between typed λ-calculus and basic intuitionistic logic through the
1. introduction 2
so-called Curry-Howard isomorphism mapping λ-terms into formulas of intuitionistic
logic is very well-known. This makes intuitionistic logic a useful reasoning tool in
the field of formal semantics for functional programming languages, which is usually
constructed in terms of typed λ-calculus. Moggi augmented typed λ-calculus with
an additional construct, a monad, to model various effects in functional program-
ming languages (such as the raising of exceptions). It turned out that monads can be
logically modelled as S4-type modalities, which created a considerable interest in intu-
itionistic S4 modal logic, its proof theory, as well as its categorical and Kripke-style se-
mantics (see, for example, [BdP00], [BBdP98], [GL96], [Kob97], [Pit90], [AMdPR01],
[DP96], [DP01], [PD01]). Other applications of intuitionistic modal logic to mod-
elling computational phenomena include modelling incomplete information [Wij90],
communicating systems [Sti87], and hardware verification [Men91, FM97].
Considerations arising in different application areas led to a variety of strains
of intuitionistic modal logics, with different definitions of modalities, which stands in
sharp contrast to classical modal logic, where everybody agrees on how the modalities
should be defined. This makes it problematic to prove sufficiently general results
about intuitionistic modal logics. In particular, it makes it difficult to come up with
a sufficiently general method of proving decidability of intuitionistic modal logics.
So far, the only general method offered is that by F. Wolter and M. Zakharyaschev
(see [WZ99a], [WZ97], [WZ99b]) of embedding an intuitionistic modal logic with n
modalities into a classical modal logic with n+ 1 modalities. Their method, although
extremely powerful, has its limitations: it can be used to prove decidability of only
those intuitionistic modal logics for which the corresponding classical logic is known
to be decidable. In the third chapter of the thesis, which is based on a joint paper
with N. Alechina [AS05], we describe a general method for proving decidability of
intuitionistic modal logics based on embedding them into a monadic two-variable
fragment of first-order logic. We then obtain decidability results by generalising
the result of [GMV99] that a monadic two-variable fragment of first order logic,
where guard relations satisfy conditions that can be expressed as monadic second-
order definable closure constraints, is decidable and by showing that many of the
conditions imposed on accessibility relations in modal intuitionistic Kripke models
1. introduction 3
can be expressed as monadic second-order definable closure constraints. Our method,
needless to say, also has its limitations. In particular, it does not give a very good
decision procedure for intuitionistic modal logics, since it proceeds by reduction to
satisfiability of formulas of SkS (monadic second-order theory of trees with constant
branching factor k, [Rab69]), which is non-elementary. It does, however, provide a
rather simple way to establish decidability, before looking for a decision procedure
tailored for a particular logic.
The second class of modal logics that we consider in this thesis is logics with a
finite iteration modality ♦∗ . Our approach to logics with ♦∗ is different from that
adopted in our consideration of intuitionistic modal logics. While in the third chapter
of the thesis we consider intuitionistic modal logics defined semantically, in the fourth
chapter, we study logics with ♦∗ as a class of syntactically defined (normal modal)
logics and prove some results applicable to all members of this class, the minimal
member of which we call Seg.
The study of the extensions of Seg is of interest to theoretical computer science
because the modality ♦∗ can be used to model a wide variety of computational phe-
nomena. First, it can be used to model iteration in logics of programs (see [Pra76]).
The most well-known logic of programs, PDL (Propositional Dynamic Logic), uses
it in this way. The language of PDL has two kinds of primitive symbols: proposi-
tional parameters and atomic transitions. Atomic transitions are used to label edges
in transition systems, which usually serve as formal models of program execution.
Compound transitions of PDL are built out of the atomic ones using binary operators
◦ (composition), ∪ (union) and a unary operator ∗ (finite iteration). Although PDL
and its variants are well studied, there is no systematic study of what happens when
we add PDL-style modalities to arbitrary monomodal logics.
The en masse approach to program logics—that is the study of classes of pro-
gram logics, rather than individual logics, in the way monomodal logics are stud-
ied in [CZ97] and temporal logics are studied in a series of papers by F. Wolter
(see [Wol97b], [Wol97a], [Wol96a], [Wol96b], [Wol95])—would broaden our under-
standing of logical properties of program execution in settings where we want to
stipulate some additional properties for execution of programs. As the task of study-
1. introduction 4
ing program logics en masse sounds formidable, a useful attempt in that direction
would be an en masse study of logics with at least some of the modalities of the
language of PDL. We single out ♦∗ for such a study because it is, undoubtedly, the
most interesting of the modalities of the language of PDL.
Formal modelling of program execution is not the only area where logics with
a finite iteration modality crop up. Another area where it features prominently is
formal modelling of knowledge in multi-agent systems, where it is used to model the
so-called common knowledge (see, for example, [FHV95]).
The third group of logics we consider in the present thesis is logics with a wild-
card, or existential, modality 〈#〉 . This modality has been introduced in [AdRD03]
to reason about path constrains in query languages for semistructured data. The idea
of semistructured data has emerged out of the attempt to extend the well-developed
techniques of database theory to deal with data that is not completely unstructured
but is not as rigidly structured as databases, the prime example and the primary moti-
vation for the study of semistructured data being the world-wide-web (see [ABS00]).
Various query languages have been devised for querying semistructured data. A
prominent feature of these languages is the ability to formulate path constraints, that
is conditions on paths in an edge-labelled graphs that usually serve as formal models
of semistructured data. In [AdRD03] logic PDLpath has been proposed whose language
is rich enough for the usual path constrains of query languages for semistructured data
to be embedded into the language of PDLpath. The modality 〈#〉 has arisen since
quite often the path constrains state that a node in an edge-labelled graph should be
reachable by some edge (thinking about the application to the word-wide web, one
may want to state that there should be a link from a researcher’s page to their publi-
cations, but it may be irrelevant how this link is labelled: “Publications,” “Research,”
“Papers,” or something else). In [AdRD03], PDLpath has been presented semantically.
In the final chapter of the thesis we provide a Hilbert-style axiomatisation of PDLpath
and prove its completeness. As a warm-up to the completeness proof for PDLpath,
we prove completeness of logic K#, which is a basic multimodal logic extended with
modality 〈#〉 , and of logic DK#, which is obtained from K# by adding the axiom
of determinism.
1. introduction 5
In parts of the thesis, notably in the chapter on intuitionistic modal logics, we
prove decidability results by embedding various modal logics into (decidable) guarded
fragments of first-order or higher-order logics. Guarded fragments emerged out of
the realisation that modal and first-order languages can be viewed as alternative
languages for talking about relational structures and that, therefore, modal logic
can be viewed as a fragment of first-order logic, not as an alternative extension of
propositional logic, as it had been traditionally conceived. That, in turn, led to the
desire to extend as far as possible the “modal fragment” of first-order logic to obtain
a bigger fragment that would retain all the nice properties of the modal one, most
notably decidability. This resulted into the discovery of the guarded fragment of
the first-order logic ( [AvBN98]), which extends the what might be called the basic
modal fragment of first-order logic, that is the fragment equivalent to modal logics
with ♦-type modalities. The consideration of modal languages not embeddable into
the guarded fragment (such as logics with “until” modality) resulted in discovery of
richer guarded fragments, including guarded fragments of logics that are richer than
first-order logic, notably the guarded fragment with the least fixed point operator.
Guarded fragments are, thus, generalisations of various modal logics and can be
viewed as “the biggest modal logics.” Among other things, the embeddability of a
logic into a guarded fragment can be used as a test of whether the logic in question
can be viewed as a modal logic, or a logic with modal flavour.
The present thesis is structured as follows. In chapter 2, we present background
on modal logics and guarded fragment of first-order and some higher-order logics. In
chapter 3, which is based on the paper [AS05], we present a general decidability result
for intuitionistic modal logics. In chapter 4, we consider logics with a finite-iteration
modality and prove some general results concerning these logics. Finally, in chapter
5, we present complete Hilbert-style axiomatisations of logic PDLpath as well as two
closely related logics, K# and DK#.
6
Chapter 2
Background in modal logic and guarded
fragments
The purpose of this chapter is two-fold. First, it is intended to provide background
information on propositional modal logic and guarded fragments of first-order and
some higher-order logics that we will rely on in the subsequent chapters of the thesis.
Secondly, the current chapter attempts to provide an accessible presentation of the
ideas that led to the emergence of the field of guarded logics and a concise overview of
its main results. Whenever, in this chapter, we do not attribute a result to anybody,
it means that it is a standard modal logic result.
The chapter is structured as follows. In section 2.1, we introduce propositional
modal and classical first-order logic. Then, in section 2.2, we describe the outlook
on the relationship between the two logics that led to the ideas that gave birth to
guarded logics. Finally, section 2.3 contains the overview of the field of guarded logics.
2.1 Modal logic and first-order logic
2.1.1 Propositional modal logic
Although nowadays propositional modal logic is most extensively investigated by com-
puter scientists, it was devised by traditional logicians, scholars concerned with the
rules of correct reasoning. At its conception, propositional modal logic was thought
of as an extension of classical propositional logic, or simply the propositional logic
2. background in modal logic and guarded fragments 7
(PL for short), with the capability to reason about possibility and necessity.
From the traditional logician’s vantage point, PL is a logic for reasoning about
facts, and its machinery can justify inferences like this:
If John loves Mary but does not love Gill, then Mary loves him. Marydoes not love John. Hence, either John does not love Mary or he lovesGill.
The language of PL, the propositional language, contains an infinite stock of propo-
sitional parameters (denoted as p1, p2, . . .), which stand for atomic propositions ex-
pressing simple facts, like “John loves Mary” or “John loves Gill”, and connectives,
used to combine atomic propositions into compound ones, like “Either John does
not love Mary or he loves Gill”. The sufficient supply of connectives consists of ¬
(“not”) and ∨ (“or”). Thus, formulas of the propositional language are defined by
the following BNF expression:
ϕ := p | ¬ϕ | ϕ1 ∨ ϕ2
where p ranges over propositional parameters. For convenience, one also usually takes
aboard connectives ∧ (“and”) and → (“if . . . , then . . . ”), defining ϕ∧ψ as ¬(¬ϕ∨¬ψ)
and ϕ→ ψ as ¬ϕ ∨ ψ.
It is at times inconvenient to drag along an infinite stock of propositional param-
eters. It is, therefore, expedient to dispense with the idea of a single language for
PL, fit for all intents and purposes, and think instead of a multiplicity of proposi-
tional languages differing in their supplies of propositional parameters. This may be
likened to different dialects coexisting within the English language: “the language of
mathematicians” is similar to “the language of linguists” in its grammatical structure,
but different in the vocabulary used. Likewise, all propositional languages have the
same “grammatical structure” (connectives ¬ and ∨) in common, but differ in their
“vocabulary,” their supply of propositional parameters. Drawing on this analogy, we
call the set of propositional parameters of a propositional language its vocabulary ;
this set is usually denoted by Φ = {p1, p2, . . .}. Formulas of a propositional language
over vocabulary Φ are defined by the above BNF expression with the added proviso
that p ranges over propositional parameters in Φ.
2. background in modal logic and guarded fragments 8
Propositional modal logic was intended by it creators to expand the capability
of PL by providing the means for reasoning not just about facts that either are or
not are the case, but also about facts that might be (“possibility”), or have to be
(“necessity”), so. Thus, modal logic should be able to justify inferences like this:
The loss in the war may imply the separation of the country. This countrymight lose the war; hence, its separation is not impossible.
The very least that is required to achieve this end is to enrich propositional languages
with a unary connective ♦ (“it is possible that . . . ”). We could also introduce a
connective for “it is necessary that . . . ”, though this is not needed: as we will shortly
see, we can express the idea of necessity using ♦. The modal logic with connectives
¬, ∨, and ♦ is a basic modal logic (ML for short). A language of basic modal logic
over vocabulary Φ will be denoted by MLΦ.
Definition 2.1 Formulas of the modal language MLΦ over vocabulary Φ are defined
by the following BNF expression:
ϕ := p | ¬ϕ | ϕ1 ∨ ϕ2 | ♦ϕ
where p ranges over members of Φ. a
Thus, ¬p1 ∨ p2, ♦p1 ∨ ♦♦p1, and ¬(♦¬p3 ∨ ¬♦p4) are formulas of MLΦ provided
p1, p2, p3, p4 ∈ Φ. We will use lowercase Greek letters from near the end of the
alphabet, like ϕ and ψ, to stand for formulas.
To enhance readability of formulas, we adopt the above mentioned conventions
concerning ∧ and →, and also define �ϕ as ¬♦¬ϕ. Upon these conventions, �p1 → p1
and �(p1 ∧ p2) are shorthands for ¬(¬♦¬p1 ∨ p1) and ¬♦¬¬(¬p1 ∨¬p2), respectively.
To avoid tedium, we will sometimes say that �p1 → p1 and �(p1 ∧ p2) are formulas,
though in formal definitions only eligible formulas count as such.
To further enhance readability, we will use letters p, q, r, . . . to refer to arbitrary
(“particular, but unspecified,” as is usually said) members of Φ.
The semantics of MLΦ, due to Saul Kripke (and so frequently referred to as
Kripke, or Kripke-style, semantics), hinges on the idea of possibility as truth in a
2. background in modal logic and guarded fragments 9
possible world: ♦ϕ is true in world w if there exists world v that is possible with
respect to w where ϕ is true. Thus, to evaluate formulas of MLΦ, we need a non-
empty set of possible words W , a binary “relative possibility”, or “accessibility”,
relation R on W , and a valuation V telling which propositional parameters are true
at which possible worlds1.
Definition 2.2 A model for MLΦ, or an MLΦ-model, is a tuple M
= (W,R, V ) such that
1. W 6= ∅;
2. R ⊆ W ×W ;
3. V is a function from Φ into 2W . a
Intuitively, V (p) is a set of worlds where p is true (2W denotes the power-set of
W )2. The truth of MLΦ-formulas in a model is defined with respect to a possible
world (we will write M, w ϕ to mean that ϕ is true in model M at world w).
Definition 2.3 Let M = (W,R, V ) be an MLΦ-model, w ∈ W , and ϕ and ψ be
arbitrary MLΦ-formulas. Then,
M, w p iff w ∈ V (p);
M, w ¬ϕ iff M, w 1 ϕ;
M, w ϕ ∨ ψ iff M, w ϕ or M, w ψ;
M, w ♦ϕ iff ∃v ∈ W (wRv and M, v ϕ). a
Thus, the value of a propositional parameter at a world is entirely determined
by V ; connectives ¬ and ∨ have the same meaning as in PL; and the meaning of ♦
follows the above-explicated idea of possibility as truth is a possible world.
We also define the truth of a formula in a model (irrespective of a world) as truth
in all worlds of the model.1In applications, in particular in different areas of computer science, where Kripke structures are
treated as formal models of different phenomena of interest in those particular areas, worlds areusually abstractly referred to as “points.” We will use this terminology in the subsequent parts ofthe thesis
2Alternatively, V can be defined as a function with two arguments, p ∈ Φ and w ∈ W , and theset of values {true, false}.
2. background in modal logic and guarded fragments 10
Definition 2.4 Let M = (W,R, V ) be an MLΦ-model. An MLΦ-formula ϕ is true
in M (in symbols, M ϕ), if M, w ϕ for all w ∈ W . a
The basic propositional modal logic described thus far is usually referred to as
monomodal since it has only one independent (that is, not definable in terms of
the other modalities) modality. It can be slightly extended by considering several
♦-like modalities instead of one. Indeed, we might think of several distinct possi-
bilities, for example, physical (“it is physically viable that...”), epistemological (“it
does not contradict our knowledge that...”), and logical (“it is doesn’t contradict
logic that...”) possibilities. Such extension is easy to accommodate within the modal
logic framework. Instead of just one modality, ♦, we introduce into the language a
stock of modalities indexed by, say, natural numbers: 〈1〉 , . . . , 〈n〉 , . . .. Languages
with several ♦-like modalities are called multimodal. As with propositional parame-
ters, different languages may have varying repertoire of modalities; therefore, in the
context of multimodal languages, the vocabulary of a language consists of a stock of
propositional parameters Φ and a non-empty (otherwise, we simply get PL) set of
modality indices I. A multimodal language over vocabulary Φ and I is denoted by
MMLIΦ.
Definition 2.5 Formulas of the multimodal language MMLΦ over vocabulary Φ are
defined by the following BNF expression:
ϕ := p | ¬ϕ | ϕ1 ∨ ϕ2 | 〈i〉ϕ
where p ranges over propositional parameters of Φ, and i ranges over modality indices
of I. a
Thus, 〈1〉 p1∨〈2〉 〈3〉 p1 and 〈2〉 (〈1〉 ¬p3∨¬〈1〉 p4) are formulas of MMLΦ provided
p1, p2, p3, p4 ∈ Φ and 1, 2, 3 ∈ I.
As in the basic modal case, we define [ i ]ϕ as ¬〈i〉 ¬ϕ. Thus, we use [ 1 ] p1 → p1
and [ 2 ] (p1 ∧ [ 3 ] p2) as shorthands for ¬(¬〈1〉 ¬p1 ∨ p1) and ¬♦¬¬(¬p1 ∨¬¬〈3〉 ¬p2),
respectively.
2. background in modal logic and guarded fragments 11
As before, we will use p, q, r, . . . to denote arbitrary propositional parameters.
Moreover, we will use letters a, b, c, . . . to refer to arbitrary modality indices. Thus,
we can write 〈a〉 p ∨ 〈b〉 〈c〉 p and [ a ] p→ p.
To provide a multimodal language MMLIΦ with semantics, we need, instead of a
single relation R on W , a family of “accessibility relations” corresponding to indices
in I.
Definition 2.6 A model for MMLIΦ, or an MMLIΦ-model, is a tuple M
= (W, {Ri}i∈I , V ) such that
1. W 6= ∅;
2. Ri ⊆ W ×W ;
3. V is a function from Φ into 2W . a
Relation Ri is used to evaluate formulas of the form 〈i〉ϕ. Thus, the evaluation
of multimodal formulas differs from the evaluation of monomodal formulas only in
that, instead of the clause
M, w ♦ϕ iff ∃v ∈ W (wRv and M, v ϕ),
we stipulate the clause
M, w 〈i〉ϕ iff ∃v ∈ W (wRiv and M, v ϕ).
It is easy to notice that monomodal logic can be viewed as a multimodal logic
with a single modal index. To make monomodal logic a special case of multimodal,
we can adopt a convention that if the only modal index of a multimodal language is
1, we write ♦ instead of 〈1〉 .
2.1.2 First-order logic
Like propositional modal logic, first-order logic (FO)—yet another child of traditional
logicians—can be conceived of as an extension of the propositional logic with the
capability to reason not only about facts, but also about individuals that participate
in the situations giving rise to facts. The typical example of first-order reasoning is:
2. background in modal logic and guarded fragments 12
Some New-Yorkers love this film. New-Yorkers are Americans; hence,some Americans love this film.
To refer to arbitrary, unspecified individuals, first-order languages contain an in-
finite stock of individual variables, denoted as v1, v2, . . .. Thus, a variable vi may be
read as “an individual number i”.
The crucial idea behind first-order logic is that for individuals “to participate in
situations” means to stand in some relation to other individuals; thus, the way the
individuals v1 and v2 partake in the situation expressed by the utterance “v1 loves
v2” is that they stand in the two-place relation “loves”. A special case of a relation
is a property (a one-place relation): v1 partakes in the situation “v1 is a crook” by
possessing property “is a crook”. To name relations (sometimes also referred to as
predicates), first-order languages contain predicate parameters. Relations, and hence
predicate parameters, are of different arities, an arity of a relation being a number
of individuals that can stand in the relation (thus, the arity of relation “loves” is 2).
Predicate parameters of arity n are denoted by P n1 , P n
2 , P n3 , . . . . To indicate that v1
and v2 stand in relation whose name is P 21 , we write P 2
1 (v1, v2), or even P1(v1, v2),
since the arity of P1 is clear from the number of variables enclosed in parentheses.
It is also convenient to include into first-order languages the binary predicate
constant =, equality. By custom, we write v1 = v2 instead of = (v1, v2).
Expressions such as P1(v1, v2) are not sentences since their truth value can not
be determined without supplying the value of variables. Variables are akin to such
English expressions as “this” and “that”. The truth or otherwise of the utterance “He
loves her” can not be determined without specifying what “he’ and “her” refer to.
Likewise, the truth value of P1(v1, v2) is indeterminate; however, on the assumption
that P1 stands for “loves”, once we know that v1 refers to, say John, and v2 refers to,
say, Mary, we are able to tell whether or not P1(v1, v2) is true.
As in the propositional logic, we can combine expressions like P1(v1, v2) and P3(v1)
with propositional connectives, building more complex expressions like ¬P1(v1, v2) ∨
P3(v1). Furthermore, first-order languages contain an existential quantifier, ∃ (“there
exists”), so that we can build such expressions as ∃v1P3(v1), “there exists an individ-
ual that possesses property P3”. We can, of course, use both propositional connectives
2. background in modal logic and guarded fragments 13
and an existential quantifier to build expressions such as ∃v1¬∃v2P1(v1, v2); assum-
ing that P1 stands for “loves”, the last expression means “somebody does not love
anybody”.
It is important to notice that the role of v1 and v2 in ∃v1¬∃v2P1(v1, v2) is dif-
ferent from their role in P1(v1, v2). In P1(v1, v2) they stand for arbitrary individuals
and are, thus, genuine variables. In ∃v1¬∃v2P1(v1, v2), on the other hand, they do
not stand for an unspecified object—they just indicate the scope of the quantifiers.
Namely, they ensure that we understand that the first quantifier refers to the first
component in the relation “loves” and the second quantifier to the second component
of the relation, thus preventing us from reading ∃v1¬∃v2P1(v1, v2) as “somebody is
not loved by anybody”. Therefore, from the point of view meaning, v1 and v2 in
∃v1¬∃v2P1(v1, v2) are not variables at all. It would be conceptually clearer to use
different kind of symbols while using quantification, but that would lead to many
technical inconveniences. Instead, we say that v1 and v2 in ∃v1¬∃v2P1(v1, v2) are
bound variables; in contrast, we say that v1 and v2 in P1(v1, v2) are free variables3.
Now we turn to the formal definition of first-order languages. While propositional
languages differ in their stocks of propositional parameters, first-order languages differ
in theirs collections of predicate parameters. Thus, in the first-order case vocabulary
will refer to the set Ψ of predicate parameters. First-order language over vocabulary
Ψ will be denoted by FOΨ.
Definition 2.7 Formulas of first-order language FOΨ over vocabulary Ψ are defined
by the following BNF expression:
ϕ := P (x1, . . . , xn) | x1 = x2 | ¬ϕ | ϕ1 ∨ ϕ2 | ∃xϕ
where P ranges over predicate parameters from Ψ of arity n, and x1, . . . , xn and x
range over individual variables. a
The superscripts of predicate parameters are always dropped in formulas, where
their arity is clear from the context. Thus, P1(v1) ∨ P2(v1), ∃v1∃v2P4(v1, v2, v4), and
3In fact, having two kinds of variables, bound and free, is like having two kinds of bachelors,married and single. Like the idea of a married bachelor, the idea of a bound variable may seemsomewhat odd. The reason for this apparent oddity is technical convenience
2. background in modal logic and guarded fragments 14
¬∃v1¬(¬P1(v1, v2) ∨ P2(v3)) are formulas of FOΨ provided that all predicate letters
mentioned are in Ψ.
To enhance readability of formulas, we adopt the previously used conventions
concerning ∧ and → and also define ∀viϕ as ¬∃vi¬ϕ. Thus, ∀v1(P1(v1, v2)
→ P2(v3)) is a shorthand for ¬∃v1¬(¬P1(v1, v2) ∨ P2(v3)).
To further enhance readability of formulas, we will use letters x, y, z, . . . (possibly
with subscripts) to denote arbitrary individual variables, and letters P , Q, R, . . . to
denote arbitrary predicate parameters. Thus, we can write ¬∃x¬(¬R(x, y) ∨ P (z)).
Every substring of a formula ϕ that is a formula in its own right is called a subfor-
mula of ϕ. Thus, subformulas of ∃y(P (x) ∨ ∃xR(x, y)) are P (x), R(x, y), ∃xR(x, y),
P (x) ∨ ∃xR(x, y), and ∃y(P (x) ∨ ∃xR(x, y)).
An appearance of an individual variable in a formula is referred to as its occurrence.
For example, x has three occurrences into ∃y(P (x) ∨ ∃xR(x, y)), while y has two.
Every occurrence of a variable in a formula is either bound or free. An occurrence
of variable x in formula ϕ is bound if this occurrence appears in a subformula of ϕ of
the form ∃xψ; otherwise, it is free. Thus, the second and the third occurrences of x
into ∃y(P (x)∨ ∃xR(x, y)) are bound, while the first is free. Both occurrences of y in
∃y(P (x)∨∃xR(x, y)) are bound. To cut back on verbiage, we will, somewhat sloppily,
talk about bound and free variables, not occurrences of variables. (Thus, speaking
of formula ∃y(P (x) ∨ ∃xR(x, y)), we might say that variable x is free in subformula
P (x), but bound in subformula ∃xR(x, y).)
To evaluate formulas of FOΨ, we need a set of individuals and an interpretation
of predicate parameters, telling what relation is referenced by what parameter.
Definition 2.8 A model for FOΨ, or a FOΨ-model is a tuple M = (W, I), where
1. W 6= ∅;
2. I is a function on Ψ such that I(P ni ) ⊆ W n, where W n is the n-th Cartesian
degree of W . a
Moreover, we need to know the value of variables. This job is done by assignments.
2. background in modal logic and guarded fragments 15
Definition 2.9 Let M = (W, I) be a FOΨ-model. Let Var be the set of individual
variables of FOΨ. An M-assignment is a function from Var into W . a
We will denote assignments with lowercase Greek letters from near the beginning of
the alphabet, like α and β.
Now we can evaluate FOΨ-formulas.
Definition 2.10 Let M = (W, I) be a FOΨ-model, let α be an M-assignment, and
let ϕ and ψ be arbitrary FOΨ-formulas. Then,
M, α P (x1, . . . , xn) iff (α(x1), . . . , α(xn)) ∈ I(P );
M, α x = y iff α(x) = α(y);
M, α ¬ϕ iff M, α 6 ϕ;
M, α ϕ ∨ ψ iff M, α ϕ or M, α ψ;
M, α ∃xϕ iff for some β 'x α, M, β ϕ.
In the last clause, β 'x α means that β is different form α no more than in the value
it assigns to x. a
Definition 2.11 Let M = (W, I) be a FOΨ-model and ϕ be a FOΨ-formula. ϕ is
satisfiable in M if, for some M-assignment α, M, α ϕ. ϕ is true in M if, for
every M-assignment α, M, α ϕ. a
Definition 2.12 A FOΨ-formula ϕ is satisfiable if it is true in some FOΨ-model.
A FOΨ-formula ϕ is valid if it is true in every FOΨ-model. a
Remark 2.13 Sometimes first-order languages are equipped, in addition to pred-
icate parameters, with individual and functional parameters, intended to stand for
designated individuals and functions, respectively. In the following parts of the thesis,
we will make a proviso whenever the first-order languages under consideration are not
meant to have any functional or individual symbols and, also, whenever we specifi-
cally need them. If neither of the above provisos is made, the presence or otherwise
of individual and functional parameters is immaterial.
2. background in modal logic and guarded fragments 16
2.2 Modal logic vs. first-order logic
From the traditional logician’s standpoint, ML and FO extend the propositional logic
in quite different directions. It is hardly surprising, then, that propositional modal
logic and first-order logic were for a long time considered distinct and unrelated
enterprises. All that changed when the relationship between ML and FO has been
looked at from the model-theoretic point of view.
Model-theoretic point of view is different from the traditional logician’s in the way
the relationship between the language and the structures interpreting the language
is perceived from them. For the traditional logician, the language comes first: the
primary subject matter of the traditional logic is correct reasoning, and, to make
the study of correct reasoning precise, structures are brought in to provide precise
semantics for the language in which the reasoning is conducted. For the model-
theoretician, on the other hand, structures come first: the properties of structures is
model theory’s primary subject matter, and the language is used only as a tool. Thus,
while the traditional logician asks “How I can use structures to clarify the meaning of
the language and thus to verify the correctness of reasoning?”, the model theoretician
asks “How I can use the language to better understand properties of structures?”.
If we look at the relationship between FO and ML model-theoretically, that is
from the point of view of the structures they are capable of describing, we notice that
the languages of both logics are interpreted on exactly the same kind of structures:
every Kripke model M = (W,R, V ) over Φ = {p1, . . . , pn, . . .} can be viewed as
a relational structure M = (W,R, V (p1), . . . , V (pn), . . .) with a single binary and a
collection of unary relations, and the same applies to first-order models (for languages
with the appropriate vocabulary), which can be viewed as structures M = (W, I(R),
I(P1), . . . , I(Pn), . . .).
Thus, both modal and first-order logic describe relational structures with unary
and binary relations, but they do so in different ways. FO uses unary predicate letters
to denote unary relations, and binary predicate letters to denote binary relations. ML
uses propositional parameters to denote unary relations, and modalities to talk about
binary relations.
2. background in modal logic and guarded fragments 17
2.2.1 Standard translation
When two languages are able to talk about the same kind of structures, it is natural
to ask which of the two languages is more powerful, that is which of the two can say
more things about the structures concerned. In this section, we will see that first-
order languages are at least as powerful as modal languages, since the formulas of the
latter can be translated into the formulas of the former using the so-called standard
translation, defined in [Ben83].
Under the standard translation, formulas of a modal language are translated into
formulas of a first-order language with one free variable, which intuitively stands for
the point at which a modal formula is evaluated in the Kripke model. All our defini-
tions pertain to monomodal, but can be easily extended to multimodal, languages.
Definition 2.14 A monomodal language MLΦ and a first-order language FOΨ are
counterparts if
• pi ∈ Φ iff Pi ∈ Ψ;
• Ψ contains a single binary predicate parameter R.
A Kripke model M = (W,R, V ) and a first-order model M′ = (W ′, I ′) for counter-
part languages MLΦ and FOΨ are counterparts if
• W ′ = W ;
• for every Pi ∈ Ψ, I ′(Pi) = V (pi);
• I ′(R) = R. a
Definition 2.15 Let MLΦ and FOΨ be counterpart languages. Define, by mutual
recursion, two functions, τx and τy, mapping formulas of MLΦ into formulas of FOΨ,
as follows. τx is defined by
• τx(pi) := Pi(x) for every pi ∈ Φ;
• τx(¬ϕ) := ¬τx(ϕ));
2. background in modal logic and guarded fragments 18
• τx(ϕ ∨ ψ) := τx(ϕ) ∨ τx(ψ);
• τx(♦ϕ) := ∃y(R(x, y) ∧ τy(ϕ))
τy is defined analogously, switching the roles of x and y. Finally, define the standard
translation of ϕ ∈ MLΦ to be τx(ϕ). a
In the above definition, two functions are used to keep the number of individual
variables used to the minimum.
It is clear that the standard translation clauses for the defined connectives should
look as follows:
• τx(ϕ ∧ ψ) := τx(ϕ) ∧ τx(ψ);
• τx(ϕ→ ψ) := τx(ϕ) → τx(ψ);
• τx(�ϕ) := ∀y(R(x, y) → τy(ϕ))
It is easy to prove the following theorem.
Theorem 2.16 Let ϕ be a formula of MLΦ, M = (W,R, V ), be a MLΦ-model,
and MFO be its counterpart first-order model. Then, for every w ∈ W , we have
M, w ϕ iff MFO, α τx(ϕ), where α(x) = w.
2.2.2 Bisimulations and bisimulation equivalence
Now that we know that first-order languages are at least as expressive as modal lan-
guages, it is time to ask: what about the other direction? Can everything that can be
said in a modal language be expressed in the counterpart first-order language? This
seems unlikely, but to prove this formally, we have to exactly pinpoint the source of
expressive power weakness of modal languages. To that end, we consider a number of
well-known model-theoretic constructions that preserve the truth of modal formulas,
that is the constructions that modal formulas “can not see.” We start with the most
intuitive, disjoint unions, and then, generalising the intuition underlying the forma-
tion of disjoint unions, proceed to the most general, bisimulations. Bisimulations
2. background in modal logic and guarded fragments 19
stretch the intuition at the base of disjoint unions as far as possible and thus tell
exactly what modal formulas can and can not see and, therefore, say.
Modal formulas are evaluated at a point in a model M, and in the process of
evaluation they can “see” only those other points of M that are accessible from them
by the relation R. Thus, if we added new points to M without connecting the points
that were previously in M to these new points , modal formulas could not detect the
addition of new points. This consideration gives rise to the following definition and
theorem.
Definition 2.17 (Disjoint unions) Let {Mi = (Wi,Ri, Vi)}i∈I be a set of MLΦ-
models such that, for every j, k ∈ I with j 6= k, Wj ∩ Wk = ∅. The disjoint union of
this set is a Φ-model⊎i∈I Mi = (W,R, V ), where (1) W =
⋃iWi; (2) R =
⋃iRi;
and (3) V (p) =⋃i Vi(p), for every p ∈ Φ. a
Theorem 2.18 Let⊎i∈I Mi = (W,R, V ) be a disjoint union of MLΦ-models {Mi =
(Wi,Ri, Vi)}i∈I and ϕ be an MLΦ formula. Then, for every Mi and every w ∈ Wi,
Mi, w ϕ iff⊎i∈I Mi, w ϕ.
Proof Straightforward induction on the complexity of ϕ. q.e.d.
Now, we can slightly generalise the intuition underlying the formation of disjoint
unions. Because modal formulas can see only “forward” along the relation R, they
fail to see not only the completely unconnected by R points that are being added to
(or removed from) the model, but also the points that can see them without being
themselves visible. This intuition gives rise to the construction known as generated
submodels.
Definition 2.19 (Submodels) Let M′ = (W ′,R′, V ′) be an MLΦ-model. A model
M = (W,R, V ) is said to be a submodel of M′, if (1) W ⊆ W ′; (2) R = W ∩ R′;
and (3) for every p ∈ Φ, V (p) = V ′(p) ∩ W . a
Definition 2.20 (Generated submodels) Let M′ = (W ′,R′, V ′) be an MLΦ-
model. A model M = (W,R, V ) is said to be a generated submodel of M′, if (1)
M is a submodel of M′; and (2) if w ∈ W and wRv, then v ∈ W . a
2. background in modal logic and guarded fragments 20
Theorem 2.21 Let M = (W,R, V ) be a generated submodel of an MLΦ-model
M′ = (W ′,R′, V ′) and ϕ be an MLΦ formula. Then, for every w ∈ W , we have
M, w ϕ iff M′, w ϕ.
Proof Straightforward induction on the complexity of ϕ. q.e.d.
We can generalise still further. A generated submodel M is part of its “super-
model” M′. We can generalise the intuition underlying the formation of generated
submodels to two distinct models, M and M′, one of which, M, “looks like” a gen-
erated submodel of M′. As usual in mathematics, this “looks like” relation can be
formalised as a function f mapping points of M to points of M′. Intuitively, f(w)
is the point of M′, a look-alike of w ∈ M, that belongs to a “virtual generated sub-
model” of M′ that looks like M . What conditions should such a function satisfy?
First, since f(w) is a look-alike of w, they should satisfy the same propositional pa-
rameters. Secondly, in generated submodels R ⊆ R′, that is whenever we can take
a step along the accessibility relation of the first model, we can match it with a step
along the accessibility relation of the second; thus, we should stipulate that if wRv,
then f(w)R′f(v). Lastly, in generated submodels, if w belongs to the submodel and
wR′v, then v also belongs to the submodel; thus, we should stipulate that if w′ is
within the range of f , that is w′ = f(w), and w′R′v′, then v′ is within the range
of f , too, that is v′ = f(v), for some v. These considerations give us the following
definition.
Definition 2.22 (Bounded morphisms) Let M = (W,R, V ) and M′ = (W ′,R′, V ′)
be MLΦ-models. A function f : W →W ′ is said to be a bounded morphism from M
into M′ if the following holds:
1. w ∈ V (p) iff f(w) ∈ V ′(p), for every p ∈ Φ;
2. if wRv, then f(w)R′f(v)
3. if f(w)R′v′, then there exists v ∈ W such that wRv and f(v) = v ′. a
2. background in modal logic and guarded fragments 21
Theorem 2.23 Let f be a bounded morphism between MLPhi-models M = (W,R, V )
and M′ = (W ′,R′, V ′). Then, for every MLΦ-formula ϕ, M, w ϕ iff M′, f(w)
ϕ.
Proof Straightforward induction on the complexity of ϕ. q.e.d.
We can generalise yet still further. We said earlier that in mathematics the rela-
tion between structures is usually formalised as a function. This is because mostly
mathematicians study the structures that are algebras. Since Kripke models are re-
lational, not algebraic, structures, we can lift the requirement that the connection
between M and M′ in the definition of bounded morphisms should be a function.
This gives the following definition.
Definition 2.24 (Bisimulations) Let M = (W,R, V ) and M′ = (W ′,R′, V ′) be
MLΦ-models. A non-empty binary relation Z ⊆ W ×W ′ is said to be a bisimulation
between M and M′ if the following holds:
1. if wZw′, then w ∈ V (p) iff f(w) ∈ V ′(p), for every p ∈ Φ;
2. if wZw′ and wRv, then there exists v′ ∈ W ′ such that w′R′v′ and vZv′;
3. if wZw′ and w′Rv′, then there exists v ∈ W such that w′R′v′ and vZv′.
M and M′ are said to be bisimilar (in symbols, M � M′) if there exists a bisim-
ulation between them. w ∈ W and w′ ∈ W ′ are said to be bisimilar (in symbols,
M, w � M′, w′) if there exists a bisimulation between M and M′ such that wZw′.a
Conditions 2 and 3 of definition 2.24 are usually collectively referred to as the back-
and-forth conditions.
Theorem 2.25 Let M = (W,R, V ) and M′ = (W ′,R′, V ′) be two MLΦ-models
such that M, w � M′, w′. Then, for every MLΦ-formula ϕ, we have M, w ϕ iff
M′, w′ ϕ.
Proof Straightforward induction on the complexity of ϕ. q.e.d.
2. background in modal logic and guarded fragments 22
Remark 2.26 Theorem 2.25 is widely used in modal logic since many useful model
theoretic constructions turn out to be instances of bisimulation. In virtue of the-
orem 2.25, when we want to prove that a particular model-theoretic construction
preserves the truth of modal formulas, we can show that it is an instance of bisimula-
tion. Probably the best-known example of the use of this proof-technique is the proof
that every satisfiable modal formula is satisfiable in a tree-like Kripke model (see,
for example [BdRV01], Proposition 2.15). This proof involves the use of unravelling,
which happens to be an instance of bisimulations. Later on in the thesis, we will use
a modification of unravelling in one of our completeness proofs.
Theorem 2.25 reveals the expressive-power weakness of modal formulas: they do
not distinguish between bisimilar models. It is obvious, on the other hand, that
first-order formulas can tell apart models that are bisimilar.
Example 2.27 Consider the modal language with a single propositional parameter
p and its counterpart first-order language. Let M = ({w, v, u},R = {(w, u), (w, v)},
V (p) = {w}) and M′ = ({w′, v′},R′ = {(w′, v′)}, V ′(p) = {w′}). It is obvious that
M, w � M′, w and that M, α 6 ∀y∀z(R(x, y) ∧ R(x, z) → y = z) but M′, α′
∀y∀z(R(x, y) ∧R(x, z) → y = z), where α(x) = w and α′(x) = w′. ¶
The following theorem, due to van Benthem, shows that bisimulations exactly pin-
point the expressive-power weakness of modal languages: not only modal languages
can not distinguish bisimilar models, but first-order formulas that can not either, are
equivalent to modal formulas.
Theorem 2.28 (van Benthem’s theorem) A first order formula is preserved un-
der bisimulation if, and only if, it is equivalent to the standard translation of a modal
formula.
The original proof of theorem 2.28 can be found in [Ben83]. Another proof, which
does not appeal to compactness and, thus, also applies to the case where we only
consider finite models, can be found in [Ros97].
Thus, due to theorem 2.28, if we want to show that a first order formula ϕ(x)
is not equivalent to (a translation of) any modal formula, all we have to do is find
2. background in modal logic and guarded fragments 23
two structures M and M′ such that M, w � M′, w′, and M, α ϕ but M, α 6 ϕ,
where α(x) = w, as has been done in example 2.27.
Theorem 2.28 draws a line under our consideration of the relationship between
propositional modal and first-order logics. This relationship underlies the idea of the
guarded fragment of first-order logic, which we consider in the next section.
2.3 First-order guarded logics
It is well-known that first order logic FO is undecidable. This motivates search for
decidable fragments of FO. One can obtain decidable fragments of FO by imposing
various syntactic restrictions on the way formulas of the first-order language are built.
Among well-known examples are the fragment of FO with only unary predicate let-
ters, the fragment with only two individual variables, and numerous fragments with
various restrictions on quantifier prefixes (see [BGG97] for a comprehensive overview
of decidable fragments of FO). These fragments vary as to their expressive power
and the complexity of their decidability problem. Some fragments also have finite
model property (if a formula is satisfiable, it is satisfiable in a finite model). Some
fragments possess useful properties of the full first order logic, such as interpolation,
Beth definability, and Los-Tarski property.
The considerations of the previous section suggest that modal perspective on first-
order logic gives us a new well-behaved fragment of FO, namely the modal fragment
containing all the translations of modal formulas under the standard translation. This
fragment naturally inherits all the good properties of modal logics, such as decidability
and finite model property. The guarded fragment can be viewed as an improvement
on this result. This improvement is two-fold. First, the guarded fragment extends
the modal fragment. Secondly, unlike the modal fragment, the guarded fragment can
be defined by imposing purely syntactic restrictions on the first-order formulas rather
than through a reference to a translation from a different language.
2. background in modal logic and guarded fragments 24
2.3.1 Guarded fragment of FO
Definition 2.29 Let FOΨ be a first-order language. A FOΨ-atoms are defined by
the following BNF expression:
ρ := R(x1, . . . , xn) | x = y
where R ranges over predicate parameters from Ψ of arity n, and x1, . . . , xn and x
range over individual variables. a
Henceforth in this chapter, we reserve the letter ρ to stand for atoms. We also use
x to stand for finite sequences of variables and FV (ϕ) for the set of free variables of
a first-order formula ϕ.
Definition 2.30 (Guarded fragment) The guarded fragment of first-order language
FOΨ is the smallest set GFΨ such that
1. Every FOΨ-atom belongs to GFΨ.
2. If ϕ ∈ GFΨ, then ¬ϕ ∈ GFΨ.
3. If ϕ ∈ GFΨ and ψ ∈ GFΨ, then ϕ ∨ ψ ∈ GFΨ.
4. If ρ is an FOΨ-atom, ϕ ∈ GFΨ, and x ⊆ FV (ϕ) ⊆ FV (ρ), then ∃x(ρ ∧ ϕ) ∈
GFΨ. a
It is easy to see that, if ρ is an FOΨ-atom, ϕ ∈ GFΨ, and x ⊆ FV (ϕ) ⊆ FV (ρ), then
∀x(ρ→ ϕ) is also in GFΨ. In formulas ∃x(ρ∧ϕ) and ∀x(ρ→ ϕ), ρ is called a guard,
which gives the name to the fragment.
Example 2.31 The following formulas are in GF:
• P (x, y, z) ∨ (x = y),
• ∃x∃yP (x, y, z),
• ∃x∃y, (P (x, y, z) ∧ ∀u(R(u, z) → S(u, z))),
while the following formulas are not:
2. background in modal logic and guarded fragments 25
• ∀xP (x, y, z),
• ∀x∀y∀z(P (x, y, z) ∧ x = y)),
• ∀x∀y∀z(R(x, y) ∧R(y, z) → R(x, z)),
• ∀x∀y∀z(R(x, y) ∧R(x, z) → y = z).
Moreover, the last two formulas (transitivity and functionality) are also not equivalent
to any guarded formula. ¶
2.3.2 Semantics
The guarded fragment can be seen as either just that — a fragment of first order logic,
— or as a new way of looking at first order logic, with its own semantics (and then we
can talk about first-order guarded logic rather than guarded fragment of first-order
logic). In this section, we give relativised first order semantics for the guarded logic,
which is akin to relativised cylindric algebras, and give a proof of decidability of the
guarded fragment (without equality) based on this semantics (the proof is based on
an unpublished proof by Andreka, van Benthem and Nemeti).
Standard vs. alternative semantics
To give the semantic account of the guarded fragment, we can either stick to the
standard first-order semantics (after all, guarded formulas are just a special kind
of first-order formulas) or to devise some kind of alternative semantics. The former
approach has the advantage of relying on the already well-developed first-order model
theory; it suffers, however, from two shortcomings. First, following it, we do not
reap benefits of not having to worry about non-guarded formulas; indeed, having
abandoned the standard first-order semantics, we could come up with, in a some
sense, more manageable class of models for guarded formulas (say, such a class M
that it is decidable, given a guarded formula ϕ, whether ϕ is true in every model in
M). Second, sticking to the standard first-order semantics does not shed any semantic
light on guarded formulas. Thus, an alternative semantics for guarded fragment
2. background in modal logic and guarded fragments 26
promises more benefits. While devising such semantics, we should, however, respect
the meaning of guarded formulas under the standard first-order semantics; in other
words, our alternative semantics should, as far as guarded formulas are concerned,
be faithful to the standard first-order semantics. To give the formal definition of
faithfulness, we remark that the formal analogue of “semantics” is a class of models.
Definition 2.32 Let L be a language and M and M’ be classes of models appropriate
for L. M’ is said to be faithful to M if, for all ϕ ∈ L, ϕ is true in every model in M’
if and only if ϕ is true in every model in M. a
In the context of guarded fragment, faithfulness is a desirable property since otherwise
we would be faced with an awkward question what does it mean for a guarded formula
to be valid—to be true in every standard first-order model or to be true in every
alternative model.
Guarded semantics informally
What might alternative semantics for a guarded fragment look like? Intuitively,
guarded formulas—unlike arbitrary first-order formulas that can, because of the un-
restricted quantification, speak about any object in the domain of the model—can
speak only about those individuals that are bound by some relation (including iden-
tity). This particularity of guarded formulas can be illuminated with the help of the
linguistic concepts of subject and predicate of the sentence. By the subject of the
sentence linguists mean the word or group of words that answers the question formed
by putting “what” or “who” before the verb, such as the word “New-Yorkers” in the
sentence “Some New-Yorkers love abstract art”. By the predicate of the sentence lin-
guists mean the word of group of words that says something about subject’s action,
experience, or state of being, such as “love abstract art” in “Some New-Yorkers love
abstract art”.
Guarded formulas are allowed to talk only about objects whose names are part
of their subject part. This subject part is always an atomic formula. Thus, the
alternative semantics for guarded formulas might be based on the idea of forbidding
the models to name the objects that are not connected by an atomic relation of the
2. background in modal logic and guarded fragments 27
model. This idea can be implemented by restricting the set of assignments available
to the model. This kind of semantics is known as relativised first-order semantics. In
the next section, we present relativised semantics, and then we use it to provide the
alternative semantics for the guarded fragment.
Relativised first-order semantics
Relativised first-order semantics is based on the idea that, given a first-order model
M = (W, I), we may consider some of M-assignments inadmissible. Thus, a, pos-
sibly proper, subset of the set of all M-assignments, is used in relativised semantics
to evaluate formulas. This set is a set of admissible assignments. When defining
relativised models, we have to explicitly specify which assignments are admissible.
(By contrast, we left the mention of assignments out of the definition of standard
first-order models since, given such a model M, the set of M-assignments can be
uniquely deduced.)
Definition 2.33 A relativised FOΨ-model is a tuple R = (W, I, A), where
1. M = (W, I) is a first-order model;
2. A is an arbitrary set of M-assignments. a
To get truth conditions for first-order formulas in relativised models, it seems
natural to simply adjust truth clauses for standard models in such a way that they
refer only to admissible assignments. Thus, clauses (1)-(4) of definition 2.10 would be
adjusted so that to be meaningful only for admissible assignments, and the existential
quantifier clause would look thus:
R, α ∃xϕ iff for some β ∈ A such that β 'x α, R, β ϕ. (2.1)
This naive approach leads, however, to unpleasant consequences. It is natural,
hence desirable, for the truth value of formula ϕ in a model R under assignment α to
depend on the values under α of only those variables that occur freely in ϕ. (Thus,
it is counterintuitive if the truth or otherwise of ∃xP (x, y) depends on the value of
2. background in modal logic and guarded fragments 28
variables z or x under α.) Standard first-order semantics conforms to this desirable
property that is usually referred to as locality.
Theorem 2.34 Let ϕ be a FOΨ-formula and M be a standard FOΨ-model. Let
α and β be M-assignments such that α(x) = β(x) for every x ∈ FV (ϕ). Then
M, α ϕ iff M, β ϕ.
Proof Straightforward induction on the complexity of ϕ. q.e.d.
As the following example shows, the stipulation of clause (2.1) would lead to
violation of locality for relativised models.
Example 2.35 Consider a relativised model R = (W, I, A), for the language with
a single binary predicate parameter R, with W = {a, b, c}, I(R) = {(a, b)} and
A = {α, β, γ}, where
(1) α(y) = c, α(z) = b, and α(x) = a otherwise4;
(2) β(y) = b, β(z) = b, and β(x) = b otherwise;
(3) γ(y) = a, γ(z) = b, and β(x) = a otherwise.
Then, α and β agree on all free variables of ∃yR(y, z), and under clause (2.1), R, α
∃yR(y, z) but R, β 6 ∃yR(y, z), which contravenes locality. ¶
The problem with condition (2.1) is that it takes for granted that, if there exists
an assignment α′ that agrees with α on all free variables of ∃xϕ, then there exists
assignment α′′ that disagrees with α not more than in the value of x. This assumption
is appropriate when we deal with standard first-order models—such models admit all
possible assignments, which allows us to fiddle with the values of variables other than
x and those in FV (∃xϕ). Once, however, we do away with standard models, this
assumption is unwarranted, and hence should be discarded.
We are almost ready to formally define the truth closes for relativised models.
First, though, a piece of notation.
4That is, α(x) = a for all x such that x 6= y and x 6= z.
2. background in modal logic and guarded fragments 29
Notational convention 2.1 Let X be a set of individual variables. β ≡X α means
that, for all x ∈ X, α(x) = β(x).
Definition 2.36 Let R = (W, I, A) be a relativised FOΨ-model, let α ∈ A, and let
ϕ and ψ be FOΨ-formulas. Then,
R, α P (x1, . . . , xn) iff (α(x1), . . . , α(xn)) ∈ I(P );
R, α x = y iff α(x) = α(y);
R, α ¬ϕ iff R, α 6 ϕ;
R, α ϕ ∧ ψ iff R, α ϕ and R, α ψ;
R, α ∃xϕ iff for some β ∈ A such that β ≡FV (∃xϕ) α, R, β ϕ.
a
Definition 2.37 Let R = (W, I, A) be a relativised FOΨ-model and ϕ be a FOΨ-
formula. ϕ is satisfiable in R if, for some α ∈ A, R, α ϕ. ϕ is true in R if, for
every α ∈ A, M, α ϕ. a
Guarded semantics formally
Equipped with the concept of relativised first-order semantics, we can formalise our
considerations of the guarded semantics. The basic idea is to allow only those first-
order assignments whose range is bound by a predicate letter, a parameter (such as
R) or a constant (that is, “=”). We call such assignments guarded.
Definition 2.38 Let M = (W, I) be a first-order model. A set X ⊆ W is said to
be guarded if (1) either X = {a} or (2) X = {a1, . . . , an} and for some predicate
parameter R, (a1, . . . , an) ∈ I(R). a
Intuitively, a subset of the domain of a model M is guarded if all its members are
connected by a relation in M. The first clause of definition 2.38 is meant to account
for the relation of equality, which connect every element of the domain to itself.
Definition 2.39 Let M be a first-order model. An M-assignment α is said to be
guarded if its range, rng(α), is a guarded set. a
2. background in modal logic and guarded fragments 30
Definition 2.40 A guarded model is a tuple G = (W, I, A), where
1. M = (W, I) is a first-order model;
2. A is the set of all guarded M-assignments. a
We say that a first-order model M = (W, I) is a base of a guarded model G =
(W, I, A). If we want to underscore that M is a base of G , we say that the later is a
guarded model over M and write GM rather than G .
Definition 2.41 Let G = (W, I, A) be a guarded model and ϕ be a guarded formula.
ϕ is satisfiable in G if, for some α ∈ A, G, α ϕ. ϕ is true in G if G, α ϕ
holds for every α ∈ A. ϕ is guarded-valid if it is true in every guarded model. ϕ is
guarded-satisfiable if it is true in some guarded model. a
We will next show that the semantics we presented is faithful, in the sense of
definition 2.32, to the standard first-order semantics, that is every guarded formula
ϕ is true in every guarded model if and only if it is true in every standard first-order
model. The following theorem is the cornerstone of the proof.
Theorem 2.42 A guarded formula ϕ has a guarded model if and only if it has a
standard first-order model.
Proof First, we prove the statement of the theorem right to left. Assume that there
exists a standard first-order model M = (W, I) and M-assignment α such that
M, α ϕ. Consider the guarded model GM = (W, I, A) over M. We show that
there exists α′ ∈ A such that GM, α′ ϕ. To this end, we prove, by induction on
the complexity of ϕ, that there exists α′ ∈ A such that GM, α′ ϕ if and only if
M, α ϕ.
Let ϕ be P (x1, . . . , xn). Let M, α P (x1, . . . , xn); that is, (α(x1), . . . , α(xn)) ∈
I(P ). Consider assignment α′ such that α′(x) = α(x) if x ∈ {x1, . . . , xn} and α′(x) =
α(x1) otherwise. It is clear that α′ ∈ A. Obviously, (α(x1), . . . , α(xn)) ∈ I(P )
iff (α′(x1), . . . , α′(xn)) ∈ I(P ) iff GM, α′ P (x1, . . . , xn). Case “ϕ is x = y” is
analogous.
2. background in modal logic and guarded fragments 31
Cases “ϕ is ¬ψ” and “ϕ is ψ ∨ χ” are straightforward.
Let ϕ be ∃x(ρ ∧ ψ), where ρ is an atom and FV (ψ) ⊆ FV (ρ). Let M, α
∃x(ρ∧ψ). Then, for some α′′ ∼=x α, M, α′′ ρ∧ψ, and so M, α′′ ρ and M, α′′ ψ.
Consider assignment α′ such that α′(z) = α′′(z) if z ∈ FV (ρ) and α′(z) = α′′(x) for
some x ∈ x otherwise. It is clear that α′ ∈ A. Obviously, M, α′ ρ, and since
FV (ψ) ⊆ FV (ρ), M, α′ ψ. Then, M, α′ ρ ∧ ψ, and in virtue of , M, α′
∃x(ρ ∧ ψ).
The left to right direction is straightforward. q.e.d.
Theorem 2.42 gives us the following corollary.
Corollary 2.43 A guarded formula ϕ is true in every guarded model if and only if
it is true in every standard first-order model.
Proof Follows from theorem 2.42 and closure of guarded formulas under negation.q.e.d.
2.3.3 Guarded bisimulations
The above consideration of the alternative semantics for guarded formulas in terms
of guarded sets naturally suggests the way to generalise bisimulations for modal lan-
guages to bisimulations for guarded formulas, or guarded bisimulations. Intuitively—
instead of a relation Z, that is a set of pairs (w, v) connecting points in Kripke
models—we need a set of functions F connecting guarded subsets of the domain of
first-order models. In the modal case, the points connected by Z have to satisfy the
same propositional parameters. If we require the functions in F to be partial iso-
morphisms between guarded subsets X and X ′, then X and X ′ will satisfy the same
predicate parameters. What would be the analogue of the back-and-forth conditions
for modal bisimulations? Instead of the accessibility relation between points we now
have to worry about any relation that may connect two guarded sets. Therefore,
if in one model we can move from a guarded set X along a connecting relation to
another guarded set Y , then in the other model we should be able to match this
move, maintaining partial isomorphism. These considerations give us the following
definition.
2. background in modal logic and guarded fragments 32
Definition 2.44 Let M and M′ be two first-order models with domains W and W ′,
respectively. A guarded bisimulation between M and M′ is a non-empty set F of
finite partial isomorphisms between M and M′ which satisfies, for every f ∈ F :
• for any guarded X ⊆ W there is a g ∈ F with dom(g) = X such that g and f
agree on dom(f) ∩X;
• for any guarded X ′ ⊆ W ′ there is a g ∈ F with rng(g) = X ′ such that g−1 and
f−1 agree on rng(f) ∩X ′. a
Not surprisingly, we can prove the analogue of van Benthem’s theorem for guarded
bisimulations, which gives another characterisation of the guarded fragment.
Theorem 2.45 (Andreka, van Benthem, Nemeti) A first order formula is pre-
served under guarded bisimulation iff it is equivalent to a guarded formula.
The proof of theorem 2.45 can be found in [AvBN98], [AvBN95], or [AvBN96].
2.3.4 Decidability via mosaics
Since for our purposes in this thesis the most important property of the guarded frag-
ment is its decidability, we present, in this section, the full proof of the decidability of
GF. The proof we give is essentially an unpublished proof by van Benthem, Andreka,
and Nemeti.
Definition 2.46 (Mosaics) Let ϕ(x1, . . . , xn) be a guarded formula. A ϕ-mosaic is
a tuple M = (D, I, A, M), where
1. D is a set, the domain of M , with |D| = n;
2. for each k-place predicate letter P, I(P ) ⊆ Dk;
3. A is the set of all functions s, M-assignments, from {x1, . . . , xn} to D such that
rng(s) is a guarded subset of D (that is, either rng(s) = {a} for some a ∈ D
or rng(s) = {a1, . . . , an} and (a1, . . . , an) ∈ I(P ), for some P ).
2. background in modal logic and guarded fragments 33
4. M is a (satisfaction) relation between M-assignments and subformulas of ϕ,
obeying the following conditions:
(V2) s M P (xi1, . . . , xik) iff (s(xi1), . . . , s(xik)) ∈ I(P ).
(V3) s M xi1 = xi2 iff s(xi1) = s(xi2).
(V4) s M ¬ψ iff M, s 6 ψ.
(V5) s M ψ ∧ χ iff s M ψ and s M χ.
(V6) s M ∃xiψ if, for some r ≡FV (∃xiψ) s, r M ψ. a
Definition 2.47 (Faults) Let M = (D, I, A, M) be a ϕ-mosaic, s ∈ A, and ∃xiψ ∈
Sub(ϕ). A pair (s, ∃xiψ) is said to be a fault in M , if s M ∃xiψ and there is no
r ≡FV (∃xiψ) s such that r M ψ. a
Definition 2.48 Let M = (D, I, A, M) and M ′ = (D′, I ′, A′, ′M) be ϕ-mosaics. M
and M ′ are said to be isomorphic, if there exists a bijection f : D → D′ such that
1. for every predicate letter P , (a1, . . . , ak) ∈ I(P ) iff (f(a1), . . . , f(ak)) ∈ I ′(P );
2. s M ψ iff (f ◦ s) M ′ ψ.
Bijection f is said to be an isomorphism between M and M ′. a
Unlike the definition of isomorphism for standard first-order models, definition 2.48
explicitly mentions relations M and ′M , since, as noted above, they are not uniquely
determined by other components of M and M ′. We write M ∼= M ′ to mean that M
and M ′ are isomorphic. If we also want to indicate that the isomorphism between M
and M ′ is f , we write f : M ∼= M ′. Obviously, if f : M ∼= M ′, then f−1 : M ′ ∼= M .
It can be checked that isomorphism is a transitive relation between mosaics:
Lemma 2.49 Let M , M ′, M ′′ be ϕ-mosaics. If f : M ∼= M ′ and g : M ′ ∼= M ′′, then
(f ◦ g) : M ∼= M ′′.
Since “isomorphic” means “structurally the same”, it comes as no surprise that
an isomorphic copy of a mosaic with a fault has a similar fault:
2. background in modal logic and guarded fragments 34
Lemma 2.50 Let M = (D, I, A, M) and M ′ = (D′, V ′, A′, ′M) be ϕ-mosaics, and
let f : M ∼= M ′. Then, (s, ∃xiψ) is a fault in M if and only if (f ◦ s, ∃xiψ) is a fault
in M ′.
Definition 2.51 (Compatible mosaics) ϕ-mosaics M = (D, I, A, M) and M ′ =
(D′, I ′, A′, M ′) are said to be compatible if (1) for each predicate letter P , I(P ) �
D ∩ D′ = I ′(P ) � D ∩ D′; (2) for every s : {x1, . . . , xn) → D ∩ D′ and every
ψ ∈ Sub(ϕ), s M ψ iff s M ′ ψ. a
Definition 2.52 (Correction of faults) Let M = (D, I, A, M) and M ′ = (D′, I ′,
A′, ′M) be ϕ-mosaics and let (s, ∃xiψ) be a fault in M . M ′ is said to correct (s, ∃xiψ),
if (1) M and M ′ are compatible; (2) rng(s) ⊆ D ∩ D′; and (3) (s, ∃xiψ) is not a
fault in M ′. a
Definition 2.53 (Complete sets of ϕ-mosaics) Let S be a set of ϕ(x1, . . . , xn)-
mosaics. S is said to be complete if for every M ∈ S and every fault (s, ∃xiψ) in
M such that (sic!) rng(s) < n, there exists a ϕ-mosaic M ′ such that (1) M ′ is
isomorphic to some M ′′ ∈ S; and (2) M ′ corrects (s, ∃xiψ). a
Definition 2.54 (Satisfiability in complete sets of mosaics) Let S be a com-
plete set of ϕ-mosaics and let ψ be a subformula of ϕ. ψ is said to be satisfied in S
if, for some M = (D, I, A) ∈ S and some s ∈ A, s M ψ. a
Theorem 2.55 Let ϕ be a guarded formula. It’s decidable whether there exists a
complete set of ϕ-mosaics satisfying ϕ.
Theorem 2.56 (From models to mosaics) Let ϕ(x1, . . . , xn) be a guarded for-
mula. If ϕ is guarded-satisfiable, then there exists a finite complete set of ϕ-mosaics
satisfying ϕ.
Proof Let G = (W, I, A) be a guarded model and let α ∈ A be such an assignment
that G , α ϕ. We show how to build a finite complete set S of ϕ-mosaics out of G .
Consider the set D = {D : D ⊆ W and |D| = n }. Its elements will serve as
domains for mosaics that will make up a first approximation of S. For each D ∈ D,
2. background in modal logic and guarded fragments 35
define a mosaic M as a tuple (D, I, A, M), where (1) for each predicate letter P ∈ ϕ,
I(P ) = I(P ) ∩ D; (2) A is the set of all functions from {x1, . . . , xn} to D whose
ranges are guarded subsets of D; (3) and M is defined by the following rule: s M ψ
iff G , β ψ, where β is any member of A that agrees with s on {x1, . . . , xn} (the
choice of a specific assignment is irrelevant since, as we know, any two sequences
agreeing on free variables of ϕ will induce the same value for any subformula of ϕ).
We claim that every M so defined is a ϕ-mosaic. To prove this we have to show that
M obeys conditions imposed on the satisfaction relation by definition 2.46. This is
a tedious but easy exercise, and we leave the details out. Let’s denote the set of all
so defined M ’s by SG .
Thus constructed SM is a complete set of mosaics satisfying ϕ. To see complete-
ness, assume that M ∈ SM and that (s, ∃xiψ) is a fault in M such that rng(s) < n.
This implies that s M ∃xiψ and, consequently, for some β with s(xi) = β(xi),
M, β ∃xiψ. Hence, for some a ∈ W − rng(s), M, βxia ψ. Since, according
to the assumption, rng(s) < n and SM contains mosaics based on every n-element
subset of W , there should be a mosaic in SM, say M ′ = (D′, V ′, A′, ′M), such that
rng(s) ∪ {a} ⊆ D′. We claim that M ′ corrects (s, ∃xiψ). First, it is obvious that
(s, ∃xiψ) is not a fault in M ′. Secondly, it is easy to see that M and M ′ are com-
patible: the definition of valuation functions for mosaics in SM implies that both
V (P ) � D ∩ D′ and V ′(P ) � D ∩ D′ are equal to I(P )(P ) � D ∩ D′, and the defini-
tion of satisfaction relation for members of SM guarantees that s M ψ iff s M ′ ψ
for every s : {x1, . . . , xn) → D ∩ D′ and every ψ ∈ Sub(ϕ). Thirdly, it is obvious
that rng(s) ⊆ D ∩ D′. Thus, SM is complete. Furthermore, SM contains a mosaic
satisfying ϕ. Indeed, consider an arbitrary mosaic, say M , in SM whose domain con-
tains {α(x1), . . . , α(xn)} and its assignment defined by s(xi) = α(xi). It is clear from
the way we defined for mosaics in SM that s M ϕ.
But what happened to our promise to come up with a finite complete set of mosaics
for ϕ? If our starting model M was infinite, then SM is infinite, too. Thus, SM is
not a felicitous choice for S. But S is within our reach. We just have to “rename”
elements of the domains of mosaics in SM so that all those domains become the same
n-element set. Formally, let’s consider the set {M = (D, V,A, M) : for some M ′ ∈
2. background in modal logic and guarded fragments 36
SM,M ∼= M ′ and D = {1, . . . , n} }. This set is, obviously, finite, and it will be our
sought-for S. Let’s show that it is a right choice.
Assume that M ∈ S and that (s, ∃xiψ) is a fault in M . By the construction
of S, there exists M ′ ∈ SM such that f : M ∼= M ′. According to lemma 2.50,
((f−1 ◦ s), ∃xiψ) is a fault in M ′. Now, SM is complete, and even more than that:
there exists a mosaic M ′′ that is not simply isomorphic to some member of SM, but
belongs to SM, such that ((f−1 ◦ s), ∃xiψ) is a not fault in M ′′. By its construction,
S contains an isomorphic copy of M ′′, say M∗. Thus, if we find an isomorphic copy
of M ′′ that corrects (s, ∃xiψ), we, due to lemma 2.49, will have proved that S is
complete.
Consider the isomorphic image, M ∗∗, of M ′′ under the bijection g. It is obvious
that rng(s) ⊆ D ∩ D∗∗. Furthermore, M∗∗ is compatible with M and (s, ∃xiψ), due
to lemma 2.50, is not a fault in M ∗∗. Hence, M∗∗ corrects (s, ∃xiψ) in M . Thus, S is
complete.
Finally, S satisfies ϕ. To see that, pick up a mosaic, say M , in SM and its
assignment s such that s M ϕ (such M and s exist, as we have shown earlier), and
consider their counterparts in S. They will do the job. q.e.d.
The above proof establishes the decidability of a guarded fragment of the first-
order logic whose language does not contain individual parameters. In [Gra99], the
following theorem was proved.
Theorem 2.57 (Gradel, 1999) The guarded fragment of first-order logic with in-
dividual parameters is decidable.
2.3.5 Other properties of GF
In this section, we mention some other nice properties enjoyed by GF.
Finite model property
The decidability proof above does not constitute a proof that GF has the finite model
property since the model we constructed may be infinite. In fact, the question whether
2. background in modal logic and guarded fragments 37
GF has the finite model property remained open for a while until solved positively
by Gradel in [Gra99].
Interpolation
A fragment F of first order logic has strong interpolation property if, for any pair of
formulas ϕ, ψ ∈ F such that ϕ → ψ is valid, there exists a formula χ ∈ F such that
both ϕ→ χ and χ→ ψ are valid and χ is built from the predicate symbols occurring
both in ϕ and ψ. A fragment F has a weak interpolation property if the above holds
only for sentences. The two variable guarded fragment GF 2 does enjoy a strong
interpolation property; however, the full guarded fragment does not ([HM02]). (For
any two ϕ, ψ ∈ GF such that ϕ→ ψ is valid a first order interpolant obviously exists,
but sometimes it is not equivalent to a guarded formula). However, if the guards in
the interpolant are not required to be in the common vocabulary, the property holds.
This interpolation property is similar to the interpolation property for multimodal
propositional logics, where the interpolant may contain modalities not in the common
vocabulary.
Beth definability
In [HM02], Hoogland and Marx showed that the above “modal” interpolation property
is sufficient to prove that Beth definability property holds for GF.
2.3.6 Loosely guarded fragment, packed fragment and clique fragment
There exist several generalisations of the first-order guarded quantification. Loosely
guarded fragment of the first-order logic was introduced by van Benthem and moti-
vated by the need to account for decidable modal logics with modalities whose truth
definitions do not have guarded form, for example, the so-called until modality U :
M, w U(ϕ, ψ) iff ∃v(wRv ∧M, v ϕ ∧ ∀u(wRu ∧ uRv → M, u ψ))
A generalisation of the loosely guarded fragment is the packed fragment introduced
by Marx in [Mar01]. Let’s say that a formula ψ packs a set of variables {x1, .., xn}
2. background in modal logic and guarded fragments 38
if FV (ψ) = {x1, .., xn} and ψ is a conjunction of formulas of the form yi = yj,
R(y1, ..., yk), or ∃yR(y1, ..., yk) such that for every xi 6= xj there is a conjunct in
ψ in which both xi and xj occur free. Now, the packed fragment is the smallest
set of first-order formulas containing all atomic formulas, closed off under boolean
connectives and under the following quantification: if ϕ is in the packed fragment,
then ∃x(ψ ∧ ϕ) and ∀x(ψ → ϕ) are, provided ψ packs FV (ψ) and FV (ϕ) ⊆ FV (ψ).
This considerably generalises the original guarded fragment, but still gives a decidable
fragment of FO since we have the following.
Theorem 2.58 (Marx, 2001) The packed fragment is decidable.
Other decidable generalisations of the guarded fragment are the clique fragment,
which is essentially the same as the packed fragment, introduced by Gradel in [Gra99],
and the action guarded fragment introduced in [GG00].
2.4 Higher-order guarded logics
Guarded quantification turned out to be a useful tool for obtaining decidable logics
other than first order, for example guarded fixed point logic.
2.4.1 Guarded Fixed Point Logic
Syntax and Semantics of FO(LFP)
First order logic with least fixed point operator FO(LFP) is obtained by adding to
FO a countable set of predicate variables and a least fixed point operator LFP .
Formulas of FO(LFP) are defined inductively. The clause for atomic formulas
allows to use predicate variables as well as predicate parameters to form atomic
formulas. The clauses for propositional connectives and quantifiers are the same as
in FO. The clause for the fixed point operator looks as follows. Let X be a k-ary
predicate variable, x be a tuple of k distinct variables, and ψ(X, x) be an FO(LFP)
formula where X occurs positively (that is, under an even number of negations) and
the only individual variables are x. Then [LFP Xx.ψ] is a formula of FO(LFP).
2. background in modal logic and guarded fragments 39
Given a model M with domain W , ψ(X, x) defines an operator ψM on k-ary
relations in W (so that we take a k-ary relation, substitute it for X in ψ and get a
new k-ary relation). Then, M, α [LFP Xx.ψ] if α(x) is in the least fixed point of
ψM.
Guarded least fixed point logic: µGF
The guarded fragment of FO(LFP), µGF , is defined analogously to the definition of
GF, with the addition of the following clause:
• If [LFP Xx.ψ] is a formula of FO(LFP), ψ(X, x) is a guarded formula, and X
is not used in guards, then [LFP Xx.ψ] is in µGF .
It turns out that µGF can express properties not expressible in FO. For example,
we can define “a node satisfying P is reachable by a reflexive, transitive closure of
R”:
[LFP Xx.(P (x) ∨ ∃y(R(x, y) ∧ P (y)))](x)
Nevertheless, µGF is decidable.
Theorem 2.59 (Gradel and Walukiewicz, 1999) µGF is decidable.
A proof that uses the tree model property of the guarded fixed point logic can be
found in [GW99]. A proof using automata can be found in [BB02].
Characterisation of µGF
Semantic characterisation of µGF as the set of guarded second order formulas invari-
ant under guarded bisimulation was established in [GHO00]. Gradel, Hirsch and Otto
extended the result of Janin and Walukiewicz which characterised modal µ-calculus
to µGF .
2. background in modal logic and guarded fragments 40
Other guarded fixed point logics
A guarded least fixed point logic with a more relaxed version of guarded quantification
was introduced in [McCar], motivated by game logic and database considerations.
McColm’s guarded least fixed point logic has the same expressive power as unguarded
FO(LFP) and is undecidable.
2.4.2 Transitive relations
Guarded fixed point logic does not allow fixed points in the guards. In particular,
a guard cannot be a transitive closure of a binary relation. However, there exist
decidable modal logics—for example, PDL (propositional dynamic logic)—which are
decidable and have modalities with truth conditions where transitive closure of a re-
lation occurs in a guard. For example, a PDL-formula 〈a∗〉 p has the following truth
condition: ∃y(R∗a(x, y) ∧ P (y)), where Ra is an accessibility relation correspond-
ing to the label a and R∗a is its reflexive, transitive closure. However, as we have
seen, this formula can be rewritten as a formula of the guarded fixed point logic
[LFP Xx.(P (x) ∨ ∃y(Ra(x, y) ∧ P (y)))](x).
Transitivity axioms make the guarded fragment of first order logic undecidable:
Theorem 2.60 (Gradel 1999) GF with transitivity is undecidable.
For a proof, see [Gra99].
Even restricting the fragment to just two variables does not help:
Theorem 2.61 (Ganzinger, Meyer and Veanes, 1999 [GMV99])
Two-variable guarded fragment without equality GF 2 with transitive relations is
undecidable.
In [GMV99], Ganzinger, Meyer and Veanes proved that when non-unary relations
in GF 2 are only allowed as guards, then transitive guards can be allowed without
loss of decidability. Essentially, the resulting logics corresponds to modal logics with
transitive accessibility relations.
However, if transitive relations only occur in guards, guarded fragment is decid-
able.
2. background in modal logic and guarded fragments 41
Theorem 2.62 (Szwast and Tendera 2003) Guarded fragment with transitive guards
is decidable.
For a proof, see [ST01].
42
Chapter 3
Intuitionistic modal logic
3.1 Introduction
In this chapter, we apply some of the ideas described in chapter 2 in a new setting,
that of intuitionistic, rather than classical, propositional modal logics. In chapter 2,
we have seen that the guarded fragment GF of the first-order logic is decidable.
This may be used to prove that all modal logics that can be embedded into GF are
decidable. This proof technique is rarely used in the classical setting since, in the
case of classical modal logics, there exists a powerful array of proof-techniques for
establishing decidability. However, decidability proofs via embedding into guarded
fragments can come in useful in the field of intuitionistic modal logics, which has not
been studied as extensively as that of classical modal logics. In this chapter, which is
largely based on paper [AS05], we present a new general way of proving decidability
of intuitionistic modal logics. This method relies on the result of Ganzinger, Meyer
and Veanes [GMV99] that a monadic two-variable guarded fragment GF 2mon of clas-
sical first-order logic, where guard relations satisfy conditions that can be expressed
as monadic second-order definable closure constraints, is decidable. Our contribution
is a generalisation of their result to account for conditions that involve more than
one guard relation, which we need to handle the conditions imposed on accessibility
relations in intuitionistic Kripke models, and a demonstration that many conditions
imposed on accessibility relations in Kripke models for intuitionistic modal logics can
be expressed as monadic second-order logic definable constrains. It looks likely that
3. intuitionistic modal logic 43
this method may turn out to be useful for intuitionistic modal logic, where there
exists a wide variety of systems, most of them defined semantically in terms of the
conditions imposed on accessibility relations in Kripke models, with various condi-
tions connecting intuitionistic and modal accessibility relations. General results on
decidability and finite model property of intuitionistic modal logic have been proved
by F. Wolter and M. Zakharyaschev in [WZ99a, WZ97, WZ99b] using an embedding
of intuitionistic modal logics with n modalities into classical modal logics with n+ 1
modalities. Their method, although extremely powerful, has its limitations: it can
be used to prove decidability of only those intuitionistic modal logics for which the
corresponding classical logic is known to be decidable.
Our method, needless to say, also has its limitations. In particular, the decidabil-
ity proof presented in this chapter does not give a very good decision procedure, since
it proceeds by reduction to satisfiability of formulas of SkS (monadic second-order
theory of trees with constant branching factor k, [Rab69]), which is non-elementary.
Better complexity bounds for the guarded fragment with transitive guards were ob-
tained in [Kie03] and [ST01]; however, their results apply only to transitivity, and it
is not clear whether they could be extended to arbitrary closure conditions, which
we need for intuitionistic modal logics. Our method does, however, provide a rather
simple way to establish decidability, before looking for a decision procedure tailored
for a particular logic.
The chapter is structured as follows. First, in section 3.2, we define two-variable
monadic guarded fragment. Next, in section 3.3, we introduce monadic second-order
definable (or, simply, mso-definable) closure conditions and prove (theorem 3.12) a
generalisation of the decidability result of [GMV99]. In section 3.4, we introduce
intuitionistic modal logics and show that many of the conditions used to semantically
define intuitionistic modal logics are mso-definable, as defined in section 3.3. In
section 3.5, we show that all intuitionistic modal logics considered in section 3.4 can
be embedded into two-variable monadic guarded fragment introduced in section 3.2.
In section 3.6, we prove our main result in this chapter (theorem 3.15), namely that
all intuitionistic logics defined by the sets of mso-definable conditions on accessibility
relations in Kripke models are decidable. Finally, in section 3.7, we give examples
3. intuitionistic modal logic 44
of how our decidability result can be put to work to prove decidability of particular
systems.
3.2 Two-variable monadic guarded fragment
Two-variable monadic guarded fragment GF 2mon of first-order logic was introduced in
[GMV99]. It restricts the (full) guarded fragment GF of first-order logic in two ways.
First, only formulas with no more than two variables (free or bound) are allowed in
GF 2mon. Secondly, all predicate parameters whose arity is more than 1 are allowed to
occur only in guards. It is further assumed that the language of first-order logic does
not contain any individual or functional parameters (see remark 2.13), but it may
contain equality.
Definition 3.1 (GF 2mon
) The monadic two-variable guarded fragment GF 2mon of first-
order logic is the subset of the guarded fragment of first-order logic GF containing
formulas ϕ such that (i) ϕ has no more than two variables (free or bound), and (ii)
all non-unary predicate parameters of ϕ occur in guards. a
3.3 Closure conditions
In this section, we define the form of conditions on guards in GF 2mon that yield de-
cidable fragments. We generalise the notion of mso-definable closure conditions from
[GMV99] so that they can apply to more than one relation.
First, we define simple and parametrised closure operators on relations.
Definition 3.2 (Closure operators) Let W be a non-empty set. A unary function
C on 2W is a simple closure operator if, for all P,P ′ ⊆ W ,
1. P ⊆ C(P) (C is increasing),
2. P ⊆ P ′ implies C(P) ⊆ C(P ′) (C is monotone)
3. C(P) = C(C(P)) (C is idempotent).
3. intuitionistic modal logic 45
An n + 1-ary function C on the powerset of W is a parametrised closure operator
if C(P1, . . . ,Pn,−) for any P1, . . . ,Pn ⊆ W is a simple closure operator. We use
notation CP1,...,Pn for a closure operator parametrised by P1, . . . ,Pn. a
Example 3.3 A reflexive, transitive closure operator for binary relations TC(P),
which assigns to a binary relation P its reflexive, transitive closure P ∗, is a simple
closure operator. ¶
Example 3.4 A function InclP′
(P) = P ′ ∪ P is a closure operator parametrised by
P ′. ¶
Next, we define simple and parametrised closure conditions.
Definition 3.5 (Closure conditions) A condition on relation P is a simple closure
condition if it can be expressed in the form C(P) = P, where C is a simple closure
operator.
A condition on relation P is a parametrised closure condition if it can be expressed
in the form CP1,...,Pn(P) = P, where CP1,...,Pn is a parametrised closure operator. a
Example 3.6 Reflexivity-and-transitivity is a simple closure condition, since it can
be expressed in the form TC(P) = P and we have seen in example 3.3 that TC is a
simple closure operator. ¶
Example 3.7 Condition P ′ ⊆ P is a closure condition on P parametrised by P ′,
since it can be stated as InclP′
(P) = P and we have seen in example 3.4 that InclP′
is a parametrised closure operator. ¶
Given a set of closure conditions on a set of relations S, we want to preclude
circularity while closing off relations in S.
Definition 3.8 (Acyclic sets of conditions) Let S be a finite set of relations, C
a set of closure conditions on those relations, and C(P) be all the closure conditions
on the relation P from C. C is acyclic if there is an ordering P1, . . . ,Pn of S such
that all parameters in C(Pi+1) come from P1, . . . ,Pi. a
3. intuitionistic modal logic 46
Furthermore, we are not interested in arbitrary closure operators, but only in
those definable in monadic second-order logic. Monadic second-order logic is, es-
sentially, a first-order logic where quantification over unary predicate parameters is
allowed. Technically, this is achieved by introducing into the language of first-order
logic, among predicate parameters and predicate constants (such as equality), unary
predicate variables that can be quantified over. Thus, in the formula
∀X(X(z1) ∧ ∀x, y(X(x) ∧ P (x, y) → X(y)) → X(z2))
P is a predicate parameter and X is a predicate variable. All first-order formulas
are, by default, monadic second-order (mso, for short) formulas. So, whenever in this
chapter we talk about mso formulas, we count first-order formulas as such. Second-
order models are exactly like first-order ones; to evaluate mso formulas, all we need is
an assignment mapping predicate variables into subsets of the domain of the model.
Let M be an mso model and ϕ(x1, . . . , xn) be an mso formula. We say that an
n-tuple (w1, . . . , wn) satisfies ϕ if M, α ϕ, where α(x1) = w1, . . . , α(xn) = wn. We
use ‖ϕ(x1, . . . , xn)‖M to denote the set of n-tuples satisfying an mso formula ϕ in
model M.
Definition 3.9 (mso-definable operators) A closure operator CP1,...,Pm on n-ary
relations is mso-definable, or simply mso, if there exists a monadic second-order for-
mula CP1,...,Pm
P with predicate parameters P1, . . . , Pm and P , such that, for any model
M and any n-ary formula ϕ,
CP1,...,Pm(‖ϕ‖M) = ‖CP1,...,Pm
P (ϕ/P ))‖M.
Example 3.10 The closure operator TC is definable by the mso formula
TCP (z1, z2) = ∀X(X(z1) ∧ ∀x, y(X(x) ∧ P (x, y) → X(y)) → X(z2))
To see that TCP defines the reflexive, transitive closure of P, assume that there is a P-
chain w1Pw2 . . . wn−1Pwn, connecting w1 and wn, and that X (w1) and ∀x, y(X(x) ∧
P (x, y) → X(y)) hold. Then X (w1) implies X (w2) . . . implies X (wn); therefore,
TCP (z1, zn) is true under such α that α(z1) = w1 and α(z2) = w2. Conversely,
3. intuitionistic modal logic 47
suppose there is no P-chain connecting w1 and wn. We can assign to X the set X
containing w1 and all the elements P-reachable from w1. Then X (wn) does not hold,
and therefore, TCP (w1, wn) false under such α that α(z1) = w1 and α(z2) = w2. ¶
Example 3.11 The closure operator InclP′
is definable by the mso (in fact, even
first-order) formula InclP′
P (z1, z2) = P ′(z1, z2) ∨ P (z1, z2). ¶
Next, we generalise the result of [GMV99] so that it applies not only to GF 2mon
with a single mso-definable closure condition imposed on relations, but also to sets
of mso-definable closure conditions.
Theorem 3.12 Let ϕ ∈ GF 2mon and C be an acyclic set of mso closure conditions on
relations in ϕ so that at most one closure condition is associated with each relation.
It is decidable whether ϕ is satisfiable in a model satisfying C.
Proof The proof is similar to the proof given in [GMV99] for non-parametrised clo-
sure conditions. In fact, it is even simpler, since in [GMV99] all relations are assumed
to be closed under equivalence (which is used to handle equality). However, closure
under equivalence is a special case of a parametrised closure condition, so we do not
need to treat it separately.
Let ϕ ∈ GF 2mon and let C be an acyclic set of mso closure conditions on relations in
ϕ. We know that ϕ is satisfiable in a model satisfying C if and only if the Skolemised
form of ϕ, say N , is satisfiable in a Herbrand model in which all conditions from C
hold. The idea of the decidability proof is to reduce the latter problem to satisfiability
of formulas of SkS (mso theory of trees with constant branching factor k), where
k is the number of Skolem function symbols in N . We construct an mso formula
MSON , in the vocabulary of SkS (an mso formula containing only unary predicate
variables, unary functional parameters and equality), such that MSON is satisfiable
in a tree model iff N has a Herbrand model satisfying closure conditions from C. The
construction proceeds in three stages: defining counterparts for predicate letters, for
clauses in N and finally for N itself.
Stage 1. For each predicate letter P in N , construct a formula ϕP in the vocab-
ulary of SkS.
3. intuitionistic modal logic 48
Let P (t1), . . . , P (tm) be all positive literals of N containing P . Note that since
ϕ ∈ GF 2mon, each P is either a unary or a binary predicate letter; so, each positive
literal will contain at most one free variable. For each P (ti) above, a new unary
second-order variable XP (ti) is introduced. Let t[z] be the result of substituting a
variable z for the free variable of t. Then, if P is a unary predicate letter,
ϕP (z1) =
m∨
i=1
∃z(XP (ti)(z) ∧ z1 = ti[z])
and if P is a binary predicate letter,
ϕP (z1, z2) =
m∨
i=1
∃z(XP (ti1 ,ti2)(z) ∧ z1 = ti1[z] ∧ z2 = ti2[z])
Intuitively, the relation defined by ϕP is the minimal extension of P .
Next, for each predicate letter that has a closure condition imposed on it, we
define the closure ψP of ϕP with respect to the closure condition on P . For each
such P we have a single closure condition CP , which may be parametrised by other
predicates. For simplicity, assume that CP is parametrised by a single predicate P ′
that, in its own turn, has a simple closure condition CP ′. We know, then, that CP ′
is definable by an MSO formula CP ′(z1, z2) containing P ′, and CP is definable by an
MSO formula CP ′
P (z1, z2), containing P ′ and P . First, we define the closure of P ′
with respect to its simple closure condition:
ψP ′(z1, z2) = CP ′(z1, z2)[ϕP ′/P ′]
that is, we replace every occurrence of P ′ in CP ′(z1, z2) with ϕP ′.
Next, we define the closure of P with respect to its parametrised condition:
ψP (z1, z2) = CP ′
P (z1, z2)[ψP ′/P ′, ϕP/P ]
In general, for any acyclic set C of conditions on the collection of relations S,
we first define the simple closures, then the closures parametrised by relations with
simple closure conditions, etc. The acyclicity of C ensures that this procedure can
be carried out.
3. intuitionistic modal logic 49
Stage 2. For each clause χ = {ρ1, . . . , ρl} in N , construct a formula MSOχ in
the vocabulary of SkS.
For every literal ρ in χ, a formula MSOρ is defined according to the following
rule:
MSOρ =
Xρ(x), if ρ is a non-ground atom containing x
∃zXρ(z), if ρ is a ground atom
¬ψP (t), if ρ is ¬P (t)
where ψP is the formula constructed at stage 1. Now MSOχ is defined as MSOχ =∨ρ∈χMSOρ.
Stage 3. Finally, MSON = ∃X∀x∧χ∈NMSOχ, where X are all the free second
order variables and x are all the first order variables in∧χ∈NMSOχ.
It remains to show that N has a Herbrand model satisfying the closure conditions
in C iff MSON is satisfiable in a tree. Let T be the tree corresponding to the term
algebra of the Herbrand universe of N .
First, left to right. Assume that N has a Herbrand model A satisfying closure
conditions in C. We want to show that T satisfies MSON . Fix witnesses for second-
order variables Xρ of MSON as follows:
(i) If ti is non-ground, then XP (ti) = {w : A |= P (ti[w])}.
(ii) If ti is ground, then XP (ti) is a non-empty set.
We know that for each clause χ of N , and each tuple w, A |= χ(w). This means
that for each w, there is a literal ρ in χ such that A |= ρ(w). We show that for any w
and ρ, if A |= ρ(w), then T |= MSOρ(w). Hence A |= χ(w) implies T |= MSOχ(w).
There are three cases to consider, depending on the form of ρ. The first two
(non-ground atom P (ti) and ground atom) are exactly the same as in [GMV99]. If ρ
is a negative literal ¬P (ti), we need to show that T |= ¬ψP (t)(w). It suffices to show
that ‖ψP‖A ⊆ PA. Indeed, this, together with our assumption that A |= ¬P (t)[w],
implies T |= ¬ψP (w). First, the definition of T guarantees that ‖ϕP‖A ⊆ PA. Hence,
by monotonicity of closure operators, CPA
1
P (‖ϕP‖A) ⊆ C
PA1
P (PA). By definition of ψP ,
CPA
1
P (‖ϕP‖A) = ‖ψP‖
A; furthermore, since A satisfies conditions in C, CPA
1
P (PA) =
PA; hence, ‖ψP‖A ⊆ PA.
Secondly, right to left. Assume that MSON is true in T . Define a Herbrand
3. intuitionistic modal logic 50
model A as follows. The universe of A is the set of nodes of T , and PA = ‖ψP‖.
First, we prove that A satisfies closure conditions C. To this end, we have to show
that CP1
P (PA) = PA. Indeed, CPA
1
P (PA) = CPA
1
P (‖ψP‖) = C‖ψP1
‖
P (C‖ψP1
‖
P (‖ ϕP‖)) =
C‖ψP1
‖
P (‖ϕP‖) = ‖ψP‖ = PA.
Finally, we need to show that A satisfies all clauses in N . This part of the proof
is exactly the same as in [GMV99], so we omit it here.
3.4 Intuitionistic modal logics
One of the most interesting applications of theorem 3.12 proved in the previous sec-
tion is propositional intuitionistic modal logic. Intuitionistic modal logic is simply a
modal logic with intuitionistic, rather than classical, base. The work on intuitionistic
modal logic has several motivations: mathematical interest; preference for intuition-
istic rather than classical logic; desire to give intuitionistic account of the notions
studied in modal logic; and suitability of intuitionistic modal logic for modelling cer-
tain computational phenomena. There exists an extensive literature on intuitionistic
modal logics, for example [Fit48, Bul65a, Bul65b, Bul66, Pra65, Min68, Ono77, OS88,
Gol76, FS86, PS86, Dos85, Wij90, WZ99a, WZ97, WZ99b]. A comprehensive survey
can be found in [Sim94]; for later references, see [ZWC01] and [PD01].
The primary motivation for the study of intuitionistic modal logic by theoretical
computer scientists is that it can be used to model various computational phenomena.
A considerable strand of work in this area is based on the work by Moggi [Mog91]
who extended a typed λ-calculus style semantics for functional programming lan-
guages with an additional construct, a monad, to model effects in functional program-
ming languages (such as the raising of exceptions etc.). The correspondence between
simply-typed λ-calculus and intuitionistic propositional logic is well known; it turns
out that monads correspond to S4-type modalities. This created a considerable inter-
est in intuitionistic S4 modal logic, its proof theory and categorical and Kripke seman-
tics [BdP00, BBdP98, GL96, Kob97, Pit90, AMdPR01, DP96, DP01, PD01]. Other
applications of intuitionistic modal logic to modelling computational phenomena in-
3. intuitionistic modal logic 51
cluded modelling incomplete information [Wij90], communicating systems [Sti87], and
hardware verification [Men91, FM97].
Intuitionistic modal languages are obtained by adding either or both of the unary
connectives ♦ (possibility) and � (necessity) to the language of propositional intu-
itionistic logic, which contains a set of propositional parameters Φ = {p1, p2, . . .}, a
unary connective ∼ (negation, “not”), and binary connectives ∧ (conjunction, “and”),
∨ (disjunction, “or”), and ⇒ (implication, “if . . . then”). For intuitionistic negation
and implication, we use different symbols from the ones used for classical negation and
implication, first, because these connectives have different meaning in intuitionistic
and classical logics and, second, because we will need to distinguish between two sets
of connectives later on in this chapter. Analogously to ∀ and ∃, in intuitionistic logic
� and ♦ are not required to be dual; thus, unlike in classical modal logic, they should
be treated as independent modalities. It comes as no surprise that in intuitionistic
modal logic some of the classically valid formulas are not valid, an obvious example
being �(ϕ∨ ∼ ϕ). More surprisingly, perhaps, in some intuitionistic modal logics,
♦(ϕ ∨ ψ) ≡ (♦ϕ ∨ ♦ψ) is not valid, either (see, for example, [Wij90]).
Kripke semantics of intuitionistic modal logics extends Kripke semantics for in-
tuitionistic propositional logic. An intuitionistic Kripke model is a structure M =
(W,R, V ) such that (i) W 6= ∅, (ii) R is a reflexive and transitive binary relation on
W , and (iii) V is a function from the set of propositional parametersΦ into the pow-
erset of W such that, for all w ∈ W and p ∈ Φ, if w ∈ V (p) and wRv, then v ∈ V (p)
(this condition is usually referred to as upward persistence for propositional vari-
ables). Elements of W are referred to as points. Truth at a point is defined as follows
(→ and ¬, as before, stand for classical implication and negation, respectively):
M, w p iff w ∈ V (p);
M, w ∼ ϕ iff ∀v(R(w, v) → ¬(M, v ϕ));
M, w ϕ ∧ ψ iff M, w ϕ and M, w ψ;
M, w ϕ ∨ ψ iff M, w ϕ or M, w ψ;
M, w ϕ⇒ ψ iff ∀v(R(w, v) → (¬(M, v ϕ) or M, v ψ);
To accommodate formulas of the form �ϕ and ♦ϕ, intuitionistic Kripke models
3. intuitionistic modal logic 52
are augmented with binary relations R� and R♦. There is no single accepted way
of defining the meaning of � and ♦ in intuitionistic logic. The following clauses are
encountered in the literature (see chapter 3 of [Sim94] for a comprehensive survey):
(�1) M, w �ϕ iff ∀v(wR�v → M, v ϕ)
(�2) M, w �ϕ iff ∀v(wRv → ∀u(vR�u→ M, u ϕ))
(♦1) M, w ♦ϕ iff ∃v(wR♦v ∧M, v ϕ)
(♦2) M, w ♦ϕ iff ∀v(wRv → ∃u(vR♦u ∧M, u ϕ))
Observe that definition (♦2) gives rise to a modality which does not distribute
over disjunction. Accordingly, logics whose possibility operator is defined in this way
are usually referred to as non-normal intuitionistic modal logics.
On top of the requirement that R is reflexive and transitive, some additional
conditions are usually imposed on R, R�, and R♦. As a rule, these conditions
specify the way R, R�, and R♦ interact. For example, the following conditions
usually accompany truth clauses (�1) and (♦1) (see [WZ99a]):
R ◦R� ◦ R = R� (3.1)
R ◦R♦ ◦ R = R♦ (3.2)
In the conditions above, ◦ stands for relational composition, defined as follows:
R ◦R′ = { (x, y) : ∃z ((x, z) ∈ R ∧ (z, y) ∈ R′) }
and R stands for the converse relation, defined as follows:
R = { (y, x) : (x, y) ∈ R}.
Another condition occurring in the literature (see, for example, [FM97]) stipulates
that
R♦ ⊆ R (3.3)
3. intuitionistic modal logic 53
It turns out that many of the conditions on R, R� and R♦, including conditions
(1) - (3) above, are mso-definable closure conditions as introduced in section 3.3. For
condition (3), see examples 3.4 and 3.7. The following theorem shows that (1) and
(2) are also mso-definable closure conditions.
Theorem 3.13 Any condition of the form P = P ′◦P◦P ′ is an mso-definable closure
condition, provided that P ′ is reflexive and transitive.
Proof Consider a function CompP′
(P) = P ′ ◦P ◦P ′. If P ′ is reflexive and transitive,
then P ⊆ P ′ ◦ P ◦ P ′ by the reflexivity of P ′. P ′ ◦ P ◦ P ′ is obviously monotone
in P; and CompP′
is idempotent because of the transitivity of P ′. This proves that
CompP′
is a closure operator provided that P ′ is reflexive and transitive. Conditions
of the form P ′ ◦P ◦P ′ = P can be expressed as closure conditions: CompP′
(P) = P.
This condition is mso-definable; in fact, it is definable by a first order formula:
CompP′
P (z1, z2) = ∃x∃y(P ′(z1, x) ∧ P (x, y) ∧ P ′(y, z2))
3.5 Embedding into two-variable monadic fragment
In this section, we show that every intuitionistic modal logic Λ defined semantically
with any of the truth clauses (�1) − (♦2) can be translated into GF 2mon.
As in the case of classical modal logic, we define, by mutual recursion, two trans-
lations, τx and τy, so that a first-order formula τv(ϕ) (v ∈ {x, y}) contains a sole free
variable v. The translation τx is defined by
• τx(p) := P (x);
• τx(∼ ϕ) := ∀y(R(x, y) → ¬τy(ϕ));
• τx(ϕ ∧ ψ) := τx(ϕ) ∧ τx(ψ);
• τx(ϕ ∨ ψ) := τx(ϕ) ∨ τx(ψ);
• τx(ϕ⇒ ψ) := ∀y(R(x, y) → (¬τy(ϕ) ∨ τy(ψ)));
3. intuitionistic modal logic 54
• τx(�ϕ) := ∀y(R(x, y) → ∀x(R�(y, x) → τx(ϕ)));
• τx(♦ϕ) := ∀y(R(x, y) → ∃x(R♦(y, x) ∧ τx(ϕ)))
The translation τy is defined analogously, switching the roles of x and y. Then we say
that we consider τx(ϕ) to be the standard translation τ(ϕ) of a modal intuitionistic
formula ϕ. This translation assumes modal truth clauses (�2) and (♦2). Clauses for
(�1) and (♦1) are even simpler (and familiar from classical modal logic):
• τ ′x(�ϕ) := ∀y(R�(x, y) → τ ′y(ϕ))
• τ ′x(♦ϕ) := ∃y(R♦(x, y) ∧ τ ′y(ϕ))
Not surprisingly, since τx is a natural generalisation of the standard translation of
modal logic into classical predicate logic, the following theorem holds:
Theorem 3.14 Let ϕ be an intuitionistic modal formula and M be a class of models of
intuitionistic modal logic. Let M ∈ M. Then, M, w ϕ iff M, α τ(ϕ) with α(x) =
w (where M is taken as a model of first order logic with R,R�,R♦ interpreting
R,R�, R♦).
3.6 Decidability
From theorem 3.14 it follows that if satisfiability problem of GF 2mon over M is de-
cidable, then satisfiability problem of intuitionistic modal logic over M is decidable,
too.
We already know (see section 2.3.4) that the guarded fragment is decidable over
the class of all first order models. Decidability of GF 2mon over models with reflexive,
transitive guards is proved in [GMV99]. From this and the fact that upward per-
sistence for propositional variables occurring in ϕ is expressible in GF 2mon it follows
immediately that basic intuitionistic modal logic (with no conditions connecting R,
R�, and R♦) is decidable. The main result of this chapter is the generalisation of
this result to include classes of models defined using conditions involving interaction
between R, R� and R♦. The following is the main theorem of the chapter.
3. intuitionistic modal logic 55
Theorem 3.15 Let M be a class of intuitionistic modal models defined by an acyclic
set of mso closure conditions on R, R�, and R♦ so that at most one closure condition
is associated with each relation, and let ϕ be an intuitionistic modal formula. Then,
it is decidable whether ϕ is satisfiable in M.
Proof Immediately follows from theorems 3.14 and 3.12. q.e.d.
3.7 Examples
In this section, we state several decidability results to illustrate the approach to
obtaining decidability for intuitionistic modal logics presented in this chapter.
Our first example is, essentially, a decidability result for several flavours of basic
intuitionistic modal logic, that is intuitionistic modal logic with no conditions imposed
on modal accessibility relations R♦ and R�, apart from the conditions stipulating
how they interact with the intuitionistic accessibility relation R. This result is by
no means a surprise, even though it may well be that it has not been proved for all
possible combinations of truth definitions for modalities, like we do below.
Theorem 3.16 An intuitionistic modal logic Λ with two modalities � and ♦, defined
by a class of models where
• R ◦ R♦ ◦ R = R♦
• R ◦ R� ◦ R = R�
and employing any of the truth definitions for modalities (�1), (�2), (♦1), (♦2) (in
any combination, e.g. (�1) with (♦2); possibly with more modalities, provided that all
truth definitions can be translated into GF 2mon), is decidable.
Proof The class of models of Λ is defined by the following closure conditions on R�,
R♦ and R:
1. R is reflexive and transitive;
2. R ◦R♦ ◦ R = R♦;
3. intuitionistic modal logic 56
3. R ◦R� ◦ R = R�.
There is clearly at most one condition for each of the relations R, R♦ and R�, and
the set of conditions is acyclic. We have shown, in Examples 3.3 and 3.6, that the
condition on R is a closure condition and, in Example 3.10, that it is mso-definable.
By theorem 3.13, conditions on R� and R♦ are also mso-definable closure conditions.
We have shown that the class of models of Λ conforms to the conditions of theo-
rem 3.15, which proves that Λ is decidable. q.e.d.
The next example is related to a known result (decidability of PLL [FM97]), but
for a different logic (without fallible worlds):
Theorem 3.17 An intuitionistic modal logic Λ with one modality ♦, defined by a
class of models where
R♦ is reflexive and transitive;
R♦ ⊆ R
and employing the truth definition (♦2) for the modality, is decidable.
Proof The class of models of Λ is defined by the following closure conditions:
1. TC(R♦) = R♦;
2. TC(R) = R;
3. InclR♦(R) = R (see Examples 3.4 and 3.7).
This set of conditions is acyclic and each condition is mso definable. However there
are two constraints associated with R: it is required to be closed both with respect
to TC and to InclR♦ . To satisfy the conditions of Theorem 3.15, we need to combine
them into one mso definable closure condition. Observe that TC ◦ InclP′
is a closure
operator with the property that for any relation P,
TC(InclP′
(P)) = P ⇔ TC(P) = P and InclP′
(P) = P.
3. intuitionistic modal logic 57
First of all, TC ◦ InclP′
is monotone and increasing, since both TC and InclP′
are. It
is also idempotent, because the result of applying TC ◦ InclP′
to any relation P is a
transitive relation containing P ′, and any subsequent applications of TC ◦ InclP′
are
not going to change it. So, TC ◦ InclP′
is a closure operator. To prove that closure
with respect to this operator is equivalent to closure with respect to TC and InclP′
separately, observe that one direction is immediate: if P is closed with respect to TC
and InclP′
, then it is closed with respect to TC ◦ InclP′
. For the other direction,
assume first that
TC(InclP′
(P)) = P
but P is not closed with respect to InclP′
, that is, it is a proper subset of InclP′
(P).
But since TC is increasing, P is then a proper subset of TC(InclP′
(P)), which con-
tradicts the assumption. Now assume that P is not closed with respect to TC, so
that it is a proper subset of TC(P). However, since P ⊆ InclP′
(P ), we have
TC(P) ⊆ TC(InclP′
(P ))
so P is a proper subset of TC(InclP′
(P )), which again contradicts the assumption.
This means that the conditions can be reformulated as
1. TC(R♦) = R♦;
2. TC(InclR♦(R)) = R;
and it is straightforward to show that the second condition is mso definable. q.e.d.
We wrap up by giving two non-examples. We failed to reformulate the condition
R� ◦ R ⊆ R ◦ R� defining an intuitionistic modal logic in [AMdPR01] as a closure
condition. We also could not apply our method to the logic IS4 defined in [Sim94],
since the truth conditions for IS4 formulas are defined on pairs (w, d) (where w is
a possible world and d an element from its domain), so the image of IS4 under the
standard translation is not in GF 2mon.
58
Chapter 4
Logics with Segerberg operator
In this chapter, we consider logics with the finite iteration modality ♦∗ , which we
also call Segerberg operator1. More specifically, we consider normal modal logics (in
this, and the following, chapter, the meaning of “logic” is different from how we have
used the term up until now; in the previous parts of the thesis, “logic” has meant a
logical language provided with semantics; in this and the following chapter, “logic”
has a more precise meaning; see definition 4.3 below) with Segerberg operator as a
class and prove some results applicable to all members of this class.
The minimal logic of this class we call Seg. The study of extensions of Seg is
of interest on two distinct counts: historical and application-related. Historically,
a general study of the logics with Segerberg operator is a natural outgrowth of the
previous research in modal logics. The mathematical study of modal logics dates
back to the 1910s. The father of mathematical modal logic, C.I. Lewis, investigated
(see [LL32]) what we now call monomodal logics, logics in the language containing
a single modality, such as “it is necessary that . . . ,” on a system–by–system basis
(Lewis created five systems of monomodal logic, which he called, accordingly, S1–S5).
In the ensuing decades, the project initiated by Lewis had developed in two primary
directions.
First, modal logics in more complicated languages were introduced and studied.
In the 1950s, A. Prior investigated what he called temporal logics (see, for example,
1This name for ♦∗ was suggested to us by Alexander Chagrov; it comes from Krister Segerberg,who first axiomatically described ♦∗ .
4. logics with segerberg operator 59
[Pri57]), modal logics with two independent—that is, not definable in terms of each
other, like ¬ and ∧ in the classical propositional logic—“temporal” modalities (“it
has always been the case that . . . ” and “it will always be the case that . . . ”). In the
1970s, with the emergence of theoretical computer science, V. Pratt began studying
what he called logics of programs (see [Pra76])—logics with modalities describing
“actions,” which may be thought of as computations, that can result in truth or
falsity of certain propositions, these actions being constructed out of atomic actions
with operators borrowed from the algebra of regular expressions. As it turned out,
that was only the beginning of the proliferation of modalities which the 1980s and
1990s stood to witness: almost each new application area for modal logics brought
into existence new, previously unstudied, modalities (for a comprehensive survey,
see [GKWZ03]).
Secondly, in the 1960s, the attention shifted from single modal systems to classes
of modal logics. This change in perspective, like the emergence of new modalities,
was driven by the proliferation of applications. Since different applications require
different logics, it is infeasible to confine our attention to a few modal systems; rather,
we should be able to describe properties of a logic brought about by a particular
application on the basis of what class the logic belongs to. Thus, what comes to
the fore is study of classes of modal logics. This en masse approach is, to the date,
best developed in the simplest case, as it were—in the study of monomodal logics
(see [CZ97]). Logics with more complicated modalities have been, until quite recently,
been only studied on a system–by-system basis. In the mid-1990s, Frank Wolter has
adopted an en masse approach to the study of temporal logics ([Wol97b], [Wol97a],
[Wol96a], [Wol96b], [Wol95]). The next logical step in pursuing an en masse approach
would be to apply it to the modalities of logics of programs. In this chapter, we
attempt to make a step in that direction. We single our the most interesting and
difficult to handle modality of programming logics, the finite iteration modality, or
Segerberg operator, first introduced by V. Pratt in [Pra76]. Thus, we will be studying
classes of propositional logics with two modalities—the “usual” modality ♦ and the
Segerberg operator ♦∗ .
Application-wise, the study of ♦∗ is motivated by the ubiquity of the concept of
4. logics with segerberg operator 60
finite iteration in various applications. Below we mention two of the most obvious
examples.
First, in the logics of programs, the Segerberg operator captures recurrent exe-
cution of programs. The most well-known programming logic, PDL (Propositional
Dynamic Logic), uses it in this way. Although PDL and its variants are well studied,
there is no systematic study of what happens when we add PDL-style modalities to ar-
bitrary monomodal logics. The en masse approach to program logics would broaden
our understanding of logical properties of program execution in settings where we
want to stipulate some additional properties for execution of programs.
Another area where the concept of finite iteration features prominently and is
studied in the framework of modal logics is formal modelling of knowledge in multi-
agent systems, where it is used to model the so-called common knowledge (see, for
example, [FHV95]).
The present chapter is structured as follows. In section 4.1, we introduce the
language and models of the logics we will be studying in this chapter. In section 4.2, we
present background material on normal modal logics we will rely on in sections 4.3 and
4.4 of the present chapter and also in chapter 5. Lastly, in section 4.3, we introduce
the minimal logic we will be interested in in this chapter and, in section 4.4, we prove
a number of results pertaining to logics with ♦∗ , the most important of which is the
analogue of Makinson’s theorem for logics with ♦∗ .
4.1 Language
4.1.1 Syntax
Language L∗Φ is a monomodal language augmented with a single modality ♦∗ , which we
call “Segerberg operator”; formulas of L∗Φ are defined by the following BNF expression:
ϕ := p |⊥| ¬ϕ | ϕ1 ∨ ϕ2 | ♦ϕ | ♦∗ ϕ,
where p ranges over the set Φ of propositional parameters, whose arbitrary members
we denote as p, q, r, . . .. For this language, we adopt all the usual conventions en-
hancing the readability of propositional formulas, and in the usual manner, define �∗ϕ
4. logics with segerberg operator 61
as ¬♦∗ ¬ϕ. ⊥ is a propositional constant “false”; we need it in this chapter since we
will be considering languages with empty vocabularies. Its dual, “true,” is defined as
> ↔ ¬ ⊥.
4.1.2 Semantics
The formulas of L∗Φ are interpreted on Kripke models with two accessibility relations.
Definition 4.1 An L∗Φ model M is a tuple (W,R,R∗, V ), where
1. W 6= ∅;
2. R and R∗ are binary relations on W ;
3. V is a function from Φ into 2W . a
Since in this chapter our primary interest is in logics (as sets of formulas satisfying
certain closure conditions; see definition 4.3 below) rather than in models, we do
not at this point specify what the relationship between R and R∗ should be. The
appropriate condition will emerge from the consideration of the axiomatic definition
of ♦∗ .
The truth conditions for the connectives of L∗Φ are as for any other propositional
modal language; in particular,
M, w ♦∗ ϕ iff ∃v(wR∗v and M, v ϕ).
⊥ is not true at any point in the model. It is easy to see that, for any formula ϕ,
⊥↔ ϕ ∧ ¬ϕ.
4.2 Normal logics
This section contains background material on normal modal logics (along with their
representation as Hilbert calculi) that we will need in the rest of this and in the
following chapter. We also discuss canonical models of normal modal logics and
Kripke frames as a semantic framework more suitable to the study of normal modal
logics than Kripke models.
4. logics with segerberg operator 62
Normal modal logics
In what follows, we will need the operation on formulas that is usually referred to as
uniform substitution, which we define below for an arbitrary modal language L. We
use FmaL to refer to the set of formulas of language L and PropL to refer to the set
of propositional symbols of L. Another convention we will be using throughout this
chapter is that, given a modal language L, ∇ stands for an arbitrary ♦-like modality
of L and 4 stands for the dual of ∇. (Thus, in L∗, ∇ can stand either for ♦ or for
♦∗ , while 4 can stand either for � or for �∗ .)
Definition 4.2 (Uniform substitutions) Let L be a modal language. A (uniform)
substitution in L is a map ·σ : FmaL 7→ FmaL such that:
• for every p ∈ PropL, pσ ∈ FmaL;
• (¬ϕ)σ = ¬ϕσ,
• (ϕ ∧ ψ)σ = ϕσ ∧ ψσ,
• (∇ϕ)σ = ∇ϕσ, for every modal operator ∇ of L.
A formula ϕ′ is a substitution instance of formula ϕ if there exist a substitution ·σ
such that ϕσ = ϕ′. a
Since some definitions and facts that follow hold not only for normal modal—but
for a wider class of—logics, we first define a general notion of a logic (for our purposes
in the rest of the thesis, “a logic” is an extension of the classical propositional logic
PL).
Definition 4.3 (Logics) Let L be a (not necessarily modal) language. A logic in L
is a set Λ of formulas of L such that:
• Every classical propositional tautology belongs to Λ.
• Λ is closed under modus ponens; that is, if ϕ→ ψ ∈ Λ and ϕ ∈ Λ, then ψ ∈ Λ.
• Λ is closed under uniform substitution; that is, if ϕ ∈ Λ and ϕ′ is a substitution
instance of ϕ, then ϕ′ ∈ Λ. a
4. logics with segerberg operator 63
Definition 4.4 (Extensions and sublogics) Let Λ and Λ′ are logics. Λ′ is an ex-
tension of Λ, and Λ is a sublogic of Λ′, if Λ ⊆ Λ′. a
If Λ is a logic in L, we often talk of “formulas of Λ” meaning, strictly speaking,
formulas of L.
Definition 4.5 (Normal modal logics) Let L be a modal language. A normal
modal logic in L is a set Λ of formulas of L such that:
• Λ is a logic.
• For every dual modal operator 4 of L, 4(ϕ→ ψ) → (4ϕ→ 4ψ) ∈ Λ.
• Λ is closed under under generalisation; that is, for every 4 of L, if ϕ ∈ Λ, then
4ϕ ∈ Λ. a
Example 4.6 The minimal normal logic in the monomodal language ML is the
smallest set of formulas of ML containing all classical tautologies and formula �(ϕ→
ψ) → (�ϕ → �ψ), and closed under modus ponens, uniform substitution, and �-
generalisation. This logic is usually referred to as K (for Kripke).
The minimal normal logic in language L∗ is the smallest set of formulas of L∗
containing all classical tautologies as well as formulas �(ϕ→ ψ) → (�ϕ→ �ψ) and
�∗(ϕ → ψ) → (�∗ϕ → �∗ψ), and closed under modus ponens, uniform substitution,
and generalisation for both � and �∗ . We call this logic K∗. ¶
We call the least normal modal logic containing a set of formulas Γ the logical
closure of Γ, in symbols Cl`(Γ); we also denote the logical closure of Γ ∪ ∆ by Γ⊕∆.
We usually write Γ ⊕ ϕ instead of Γ ⊕ {ϕ}.
Example 4.7 Some of the better-known logics in ML are the following (in paren-
theses, we give names of the formulas mentioned for future reference):
• T = K ⊕ �ϕ→ ϕ (T );
• S4 = T ⊕ ��ϕ → �ϕ (4 );
4. logics with segerberg operator 64
• S5 = S4 ⊕ T . ¶
Since logics are closured under closure conditions, it makes sense to consider sets
of formulas that generate the whole logic.
Definition 4.8 (Generators) Let Λ be a logic in language L. A set Γ ⊆ FmaL is
a set of generators of Λ, and Λ is generated by Γ, if Cl`(Γ) = Λ. a
The following two pieces of terminology make talking about logics easier.
Definition 4.9 (Theorems) Let L be a language, Λ be a logic in L, and ϕ ∈ FmaL.
Then, ϕ is a theorem of Λ if ϕ ∈ Λ. If ϕ is a theorem of Λ, we write `Λ ϕ. a
Definition 4.10 (Deducibility) Let L be a language, Λ be a logic in L, Γ ⊆ FmaL,
and ϕ ∈ FmaL. Then, ϕ is deducible from Γ in Λ, symbolically Γ `Λ ϕ, if either
(1) `Λ ϕ, or (2) there exist ψ1, . . . , ψn ∈ Γ such that ψ1 ∧ . . . ∧ ψn `Λ ϕ. a
Not all logics are interesting; those containing falsehood among their theorems
are not.
Definition 4.11 (Consistent logics) Logic Λ is consistent if 0Λ⊥. a
Hilbert calculi
The foregoing description of normal modal logics as sets of formulas is rather abstract.
Sometimes, it is convenient to have a more suggestive representation of a logic. The
representation tool we will be using is Hilbert calculi.
Let Λ be a logic in a language L. A Hilbert calculus for Λ designates a subset of
FmaL, axioms of the calculus, and a number of inference rules that can be applied to
infer formulas from axioms. A calculus can designate axioms in two ways: either by
explicitly picking out formulas of L that are axioms (“Hilbert calculi with axioms”)
or by specifying formula schemata whose instances are axioms (“Hilbert calculi with
axiom schemata”). In the context of normal modal logics, it is not important which
flavour of Hilbert calculi to use, so we will use more convenient calculi with axiom
schemata.
4. logics with segerberg operator 65
As an example, below is a Hilbert calculus with axiom schemata HK∗ for logic
K∗.
Axiom schemata of HK∗
(A0) All tautologies of the classical propositional logic PL.
(K) �(ϕ→ ψ) → (�ϕ→ �ψ)
(K∗) �∗(ϕ→ ψ) → (�∗ϕ→ �∗ψ)
Inference rules of HK∗:
(MP ) From ϕ→ ψ and ϕ infer ψ.
(Gen�) From ϕ infer �ϕ.
(Gen�∗
) From ϕ infer �∗ϕ.
Definition 4.12 (Proofs and provable formulas) Let H be a Hilbert calculus in
language L. A proof in H is a finite, non-empty sequence ϕ1, . . . , ϕn of formulas of
L such that each ϕi either (1) is an axiom of H or (2) is obtained from the previous
members of the sequence using of the inference rules of H. A proof ϕ1, . . . , ϕn in H
is a proof of formula ϕ if ϕn is ϕ. Formula ϕ is a provable formula of H if there
exists an H-proof of ϕ. a
Definition 4.13 (Derivations) Let H be a Hilbert calculus in language L and Γ ⊆
FmaL. A derivation from Γ in H is a finite, non-empty sequence ϕ1, . . . , ϕn of for-
mulas of L such that each ϕi either (1) is an axiom of H, or (2) is a member of Γ,
or (3) is obtained from the previous members of the sequence using of the inference
rules of H. A derivation ϕ1, . . . , ϕn from Γ in H is a derivation of formula ϕ from Γ
if ϕn is ϕ. Formula ϕ is a derivable from Γin H if there exists an H-derivation of ϕ
from Γ. a
Definition 4.14 (Admissible rules) Let H be a Hilbert calculi. A rule “form
ϕ1, . . . , ϕn infer ψ” is admissible in H if ψ is a provable formula of H whenever
ψ is. a
4. logics with segerberg operator 66
Definition 4.15 (Normal calculi) Let L be a modal language and H be a Hilbert
calculus in L. H is normal if (1) all propositional classical tautologies are H-provable,
(2) for each 4 of L, 4(ϕ→ ψ) → (4ϕ→ 4ψ) is H-provable, (3) uniform substitu-
tion, modus ponens, and generalisation for each 4 of L are admissible in H. a
Thus, the above mentioned Hilbert calculus for K∗ is normal.
The following definition foreshadows the discussion of the next subsection.
Definition 4.16 (Calculus for a logic) Let Λ be a logic and H be a Hilbert calcu-
lus. H is a calculus for Λ if the set of provable formulas of H is Λ. a
Logics and calculi
There is transparent correspondence between normal modal logics and normal Hilbert
calculi. First, it is easy to see that provable formulas of a normal calculus H form
a normal modal logic, ΛH ; trivially, H is a calculus for ΛH . Secondly, it is easy to
check that every normal modal logic Λ induces a normal calculus, whose axioms are
generators of Λ and whose rules are closure rules for normal modal logics (as set
out in definition 4.5); since a normal modal logic may have many different sets of
generators, it can be presented with different calculi; clearly, each such calculus is a
calculus for Λ.
If Λ is a normal modal logic and HΛ is a Hilbert calculus for Λ, the notions of
a theorem of Λ and a provable formula of HΛ coincide, as coincide the notions of
deducibility and derivability from a set of formulas. Therefore, from now on, we may,
and will, use notation `Λ ϕ and Γ `Λ ϕ ambiguously—in the former case, to refer
both to theoremhood and provability; in the latter, to deducibility and derivability.
Logics can be classified according to the type of Hilbert calculi that can be asso-
ciated with them. In particular, we will find the following definition useful further on
in this chapter.
Definition 4.17 (Effectively finitely axiomatizable logics) Logic Λ is finitely
axiomatisable if there exists a Hilbert calculus for Λ with a finite number of axioms.
Λ is effectively finitely axiomatisable if there exists an algorithm that can produce a
Hilbert calculus for Λ with a finite number of axioms. a
4. logics with segerberg operator 67
4.2.1 Canonical models
For every consistent normal modal logic Λ, there exists a very special Kripke model,
the so-called canonical model of Λ. Canonical models are used in many proofs, in-
cluding completeness proofs.
Canonical models are built out of maximally consistent sets of formulas. The
concepts of consistent and maximally consistent set of formulas are common to all
(not necessarily modal) logics.
Definition 4.18 (Consistent sets) Let Λ be a logic and Γ be a set of formulas of
Λ. Γ is consistent in Λ (or Λ-consistent) if Γ 0Λ⊥. a
Definition 4.19 (Maximally consistent sets) Let Λ be a logic and ∆ be a set of
formulas of Λ. ∆ is maximally consistent in Λ (or maximally Λ-consistent) if ∆ is
Λ-consistent, and there is no Γ such that ∆ ⊂ Γ and Γ is Λ-consistent. a
Before going on to define canonical models, we prove a number of facts about
consistent and maximally consistent sets that we will rely on further on.
Lemma 4.20 Let Λ be a logic and Γ be a set of formulas. Γ is Λ-consistent iff every
finite subset of Γ is Λ-consistent.
Proof Straightforward, given definition 4.13. q.e.d.
Lemma 4.21 Let Λ be a logic, Γ be a Λ-consistent set, and ϕ be a formula of Λ.
Then, either Γ ∪ {ϕ} or Γ ∪ {¬ϕ} is consistent.
Proof Suppose that both Γ ∪ {ϕ} and Γ ∪ {¬ϕ} are Λ-inconsistent, that is, Γ ∪
{ϕ} `Λ⊥ and Γ ∪ {¬ϕ} `Λ⊥. Then, Γ `Λ ¬ϕ and Γ `Λ ϕ. Therefore, Γ `Λ ϕ ∧ ¬ϕ,
that is Γ `Λ⊥, and Γ is Λ-inconsistent, contrary to the assumption. q.e.d.
Lemma 4.22 Let Λ be a logic, ∆ be a maximally Λ-consistent set, and ϕ be a formula
of Λ. Then, either ϕ ∈ ∆, or ¬ϕ ∈ ∆.
4. logics with segerberg operator 68
Proof Suppose that ϕ /∈ ∆ and ¬ϕ /∈ ∆. Since ∆ is maximally Λ-consistent, both
∆ ∪ {ϕ} and ∆ ∪ {¬ϕ} are Λ-inconsistent. Then, by lemma 4.21, ∆ is Λ-inconsistent,
contrary to the assumption. q.e.d.
Lemma 4.23 Let Λ be a logic and ∆ be a maximally Λ-consistent set. If Γ ⊆ ∆ and
Γ `Λ ϕ, then ϕ ∈ ∆.
Proof Suppose that Γ ⊆ ∆ and Γ `Λ ϕ, but ϕ /∈ ∆. Then, by lemma 4.22, ¬ϕ ∈ ∆.
Therefore, ∆ `Λ ϕ ∧ ¬ϕ, and ∆ is Λ-inconsistent, contrary to the assumption.q.e.d.
By taking Γ to be ∅, we get the following corollary.
Corollary 4.24 Let Λ be a logic and `Λ ϕ. Then, for every maximally Λ-consistent
set ∆, ϕ ∈ ∆.
Lemma 4.25 Let Λ be a logic in language L and ∆ be a maximally Λ-consistent set.
Then, for every ϕ, ψ ∈ FmaL,
• Exactly one of ϕ and ¬ϕ is in ∆;
• ϕ ∨ ψ ∈ ∆ iff ϕ ∈ ∆ or ψ ∈ ∆.
Proof Easily follows from lemmas 4.22 and 4.23. q.e.d.
Lemma 4.26 (Lindenbaum Lemma) Let Λ be a logic and Γ be an Λ-consistent
set. Then, there exists a maximally Λ-consistent set ∆ such that Γ ⊆ ∆.
Proof Let ϕ1, ϕ2, . . . , ϕn, . . . be an enumeration of all formulas of Λ. First, we recur-
sively define the sequence ∆0,∆1, . . . ,∆n, . . . of sets of formulas of Λ:
• ∆0 = Γ;
• ∆n+1 =
{∆n ∪ ϕn if ∆n ∪ ϕn is Λ-consistent
∆n ∪ ¬ϕn otherwise
It easily follows from lemma 4.21 that each thus defined ∆i is consistent. Now, define
• ∆ =⋃i ∆i.
4. logics with segerberg operator 69
It follows form lemma 4.20 that ∆ is consistent. Moreover, ∆ is maximal. For suppose
that it is not; that is, there exists an Λ-consistent set Γ such that ∆ ⊂ Γ. Then, for
some formula α, α ∈ Γ, but α /∈ ∆. Now, α occupies some position in the enumeration
of formulas of Λ, hence α is ϕm for some m. Since α /∈ ∆, it follows that α /∈ ∆m+1;
hence, ¬α ∈ ∆m+1. But then, Γ `Λ α ∧ ¬α; hence, Γ is Λ-inconsistent, contrary to
the assumption. q.e.d.
The canonical model for logic Λ is built out of maximally Λ-consistent sets.
Definition 4.27 (Canonical models) Let Λ be a normal modal logic in a language
L with modalities {∇}. The canonical model for Λ is a tuple MΛ = (WΛ, {RΛ}∇,VΛ),
where
• WΛ is the set of all maximally Λ-consistent sets;
• For each ∇ of Λ, RΛ∇ is a binary relation on WΛ such that ∆RΛ
∇∆′ if, whenever
ϕ ∈ ∆′, ∇ϕ ∈ ∆;
• VΛ is a mapping from PropL into 2WΛ
such that, for every p ∈ PropL, VΛ(p) =
{∆ ∈ WΛ : p ∈ ∆ }. a
The following assertion is self-evident.
Fact 4.28 A logic is consistent iff it has a canonical model.
Canonical models are useful because of the following property: given a normal
modal logic Λ, ϕ ∈ Λ ⇐⇒ MΛ ϕ. We are now going to prove it.
Lemma 4.29 Let MΛ = (WΛ, {RΛ}∇,VΛ) be a canonical model of Λ in language L
and ϕ ∈ FmaL. Then, for every 4 of L, ∆RΛ∇∆′ iff, whenever 4ϕ ∈ ∆, ϕ ∈ ∆′.
Proof Straightforward. q.e.d.
Lemma 4.30 (Existence Lemma) Let Λ be a normal modal logic and ∆ be a max-
imally Λ-consistent set. If ∇α ∈ ∆, then there exists a maximally Λ-consistent set
∆′ such that (1) ∆RΛ∇∆′; and (2) α ∈ ∆′.
4. logics with segerberg operator 70
Proof Let ∆ be a maximally Λ-consistent set and ∇α ∈ ∆. Take the set Γ = {ϕ :
4ϕ ∈ ∆ } ∪ α. Γ is Λ-consistent. For if not, then {ϕ : 4ϕ ∈ ∆ } ∪ α `Λ⊥.
By lemma 4.20, for some ϕ1, . . . , ϕn ∈ {ϕ : 4ϕ ∈ ∆ }, ϕ1, . . . , ϕn, α `Λ⊥; hence,
`Λ ϕ1 ∧ . . . ∧ ϕn → ¬α. Therefore, since Λ is a normal modal logic, `Λ 4(ϕ1 ∧
. . . ∧ ϕn) → 4¬α and hence `Λ (4ϕ1 ∧ . . . ∧ 4ϕn) → 4¬α. By lemma 4.25,
4ϕ1 ∧ . . . ∧4ϕn ∈ ∆; by corollary 4.24, (4ϕ1 ∧ . . . ∧4ϕn) → 4¬α ∈ ∆; therefore,
by lemma 4.23, 4¬α ∈ ∆. But ∆ contains ∇α, that is ¬4¬α; hence, ∆ is Λ-
inconsistent, contrary to the assumption. Since Γ is consistent, by lemma 4.26, Γ ⊆ ∆′
for some maximally consistent ∆′. By lemma 4.29, ∆RΛ∇∆′, and clearly, α ∈ ∆′.q.e.d.
Lemma 4.31 (Truth Lemma) Let Λ be a consistent normal modal logic in lan-
guage L and MΛ = (WΛ, {RΛ∇},V
Λ) be its canonical model. Then, for every ∆ ∈ WΛ
and ϕ ∈ FmaL, MΛ,∆ ϕ iff ϕ ∈ ∆.
Proof Straightforward induction using lemmas 4.25 and 4.30. q.e.d.
Theorem 4.32 Let Λ be a consistent normal modal logic in language L and MΛ =
(WΛ, {RΛ}∇,VΛ) be its canonical model. Then, for every ϕ ∈ FmaL, `Λ ϕ iff MΛ
ϕ.
Proof Immediately follows from corollary 4.24 and lemma 4.31. q.e.d.
4.2.2 Kripke frames
As far as semantic analysis of normal modal logics is concerned, we can not stop at
Kripke models since not every class of Kripke models corresponds to a logic; that is,
given a class of Kripke models M, the set {ϕ : M ϕ } may not be a logic. The
cause is straightforward: models are not closed under substitution while logics are.
Since substitutions are closely related to valuations, the structures suitable for the
semantic analysis of normal modal logics can be obtained by abstracting valuations
away from models. Such valuation-less structured are called Kripke frames.
Definition 4.33 (Kripke frames) Let L be a modal language with modalities {∇}.
A Kripke frame for L is a tuple F = (W, {R}∇), where
4. logics with segerberg operator 71
• W is a non-empty set;
• Each R∇ is a binary relation on W ; a
For any modal language L, we denote the class of all frames for L by FL.
Definition 4.34 (Valuations) Let L be a modal language and F = (W, {R}∇) be a
Kripke frame for L. A valuation on F is a mapping V : PropL 7→ 2W . a
A Kripke frame together with a valuation is nothing but a Kripke model; thus,
every Kripke model M = (W, {R}∇, V ) can be viewed as a pair (F, V ), where F =
(W, {R}∇).
Definition 4.35 (Truth and satisfiability in frames) Let L be a modal language,
F = (W, {R}∇) be a Kripke frame for L, ϕ ∈ FmaL, and Γ ⊆ FmaL.
• ϕ is true in F, symbolically F ϕ, if for every valuation V on F, (F, V ) ϕ;
• Γ is true in F, symbolically F Γ, if for every ϕ ∈ Γ, F ϕ;
• ϕ is satisfiable in F, if for some valuation V on F and some w ∈ W , F, V, w ϕ;
• Γ is satisfiable in F, if for some valuation V on F and some w ∈ W , for every
ϕ ∈ Γ, F, V, w ϕ.
If F is a class of Kripke frames, then
• ϕ is true in F, symbolically F ϕ, if for every F ∈ F,F ϕ; the same for Γ.
• ϕ is satisfiable in F, if for some F ∈ F, ϕ is satisfiable in F; the same for Γ. a
The following lemma shows that frames are appropriate for semantic analysis of
logics.
Lemma 4.36 Let F be a class of Kripke frames. Then, the set {ϕ : F ϕ } is a
normal modal logic.
Proof Straightforward. q.e.d.
4. logics with segerberg operator 72
Through the concept of truth in a class of frames, a normal modal logic Λ in
language L can pick out of all frames for L exactly those in which every theorem of
Λ is true.
Definition 4.37 (Frame definability) Let L be a modal language, F be a class of
Kripke frames for L, Γ ⊆ FmaL, and ϕ ∈ FmaL. ϕ defines F within FL if, for every
Kripke frame F, F ∈ F iff F ϕ. Γ defines F within FL if, for every Kripke frame F,
F ∈ F iff F Γ. a
Example 4.38 It is easy to check that formula �ϕ→ ��ϕ defines within FML the
class of frames in which accessibility relation R is transitive. Analogously, formula
�ϕ → ϕ defines within FML the class of frames in which R is reflexive. Set {�ϕ →
��ϕ, �ϕ→ ϕ} defines within FML the class of frames in which R is both transitive
and reflexive. ¶
Now, it is well-known that K is the logic of all Kripke frames with a single binary
relation. Therefore, if a set Γ of formulas of monomodal language ML defines a class
of frames F then K⊕Γ is the logic of F. Analogously for K∗, frames with two binary
relations, and formulas of L∗.
4.3 Logic Seg
In this section, we introduce the minimal logic in L∗, logic Seg, that we will be
interested in. We also consider the class of frames definable by Seg and its non-
standard models, that is models that are not based on the frames definable by Seg.
4.3.1 Seg and Hilbert calculus for Seg
As in example 4.7 above, we could augment K∗ with arbitrary formulas of L∗ (and
then take their logical closure) to obtain normal logics in L∗. We are not, however,
interested in just any extension of K∗; we will only be considering extensions of the
following logic.
4. logics with segerberg operator 73
Definition 4.39 (Logic Seg) Seg = K∗ ⊕ {�∗ϕ ↔ ϕ ∧ ��∗ϕ, ϕ ∧ �∗(ϕ → �ϕ) →
�∗ϕ}. a
Formulas �∗ϕ↔ ϕ∧��∗ϕ and ϕ∧�∗(ϕ→ �ϕ) → �∗ϕ we will refer to as Segerberg
formulas2. For brevity, we will write Seg (not to be confused with Seg, the name of
a logic) instead of {�∗ϕ↔ ϕ ∧ ��∗ϕ, ϕ ∧ �∗(ϕ→ �ϕ) → �∗ϕ}.
It is easy to see that the following is a Hilbert calculus for Seg, which we refer to
as HSeg:
Axiom schemata of HSeg:
(A0) all tautologies of classical propositional logic PL.
(K) �(ϕ→ ψ) → (�ϕ→ �ψ)
(K∗) �∗(ϕ→ ψ) → (�∗ϕ→ �∗ψ)
(Seg1) �∗ϕ↔ ϕ ∧ ��∗ϕ
(Seg2) ϕ ∧ �∗(ϕ→ �ϕ) → �∗ϕ
Inference rules of HSeg:
(MP ) From ϕ→ ψ and ϕ infer ψ.
(Gen�) From ϕ infer �ϕ.
(Gen�∗
) From ϕ infer �∗ϕ.
Example 4.40 Here is a sample proof in HSeg (written in a self-evident contracted
style):
1. �∗ϕ→ ϕ – by PL from Seg1
2. ��∗ϕ→ �ϕ – by PL from 1 and K
3. �∗ϕ→ ��∗ϕ – by PL from Seg1
4. �∗ϕ→ �ϕ – from 3, 2.
Thus, �∗ϕ→ �ϕ is a provable formula of the Hilbert calculus for Seg. ¶
2For Krister Segerberg, who first introduced them.
4. logics with segerberg operator 74
4.3.2 Frames for Seg
It is no surprise that Seg is the logic of the class of frames where the relation inter-
preting ♦∗ is the reflexive, transitive closure of the relation interpreting ♦.
Definition 4.41 (Reflexive-transitive closure) Let R be a binary relation. A
binary relation R∗ is the reflexive-transitive closure of R if R∗ = { (x, y) : xRny, n ≥
0 }. a
In words, (a, b) is in R∗ if either (1) a = b and a is in the domain of R; or (2) b
can be reached from a alongside R in 1 or more steps. It is easy to check that thus
defined R∗ is the smallest reflexive and transitive relation containing R.
Definition 4.42 (RTC frames) An RTC frame is a Kripke frame F = (W,R,R∗),
where R∗ is the reflexive-transitive closure of R. a
Lemma 4.43 (RTC-definability) The set Seg defines within FL∗ the class of frames
in which R∗ is the reflexive-transitive closure of R.
Proof First, we have to show that each frame in FL∗ where R∗ is the reflexive-
transitive closure of R validates �∗ϕ↔ ϕ ∧ ��∗ϕ and ϕ ∧ �∗(ϕ→ �ϕ) → �∗ϕ. This is
straightforward.
Secondly, we have to prove that every frame where R∗ is not the reflexive-transitive
closure of R refutes either �∗ϕ ↔ ϕ ∧ ��∗ϕ or ϕ ∧ �∗(ϕ → �ϕ) → �∗ϕ. Suppose that
F is such a frame. There may be two causes for R∗ not being the reflexive-transitive
closure of R: either, for some points w and v, and some n ≥ 0, wRnv, but not wR∗v;
or, conversely, for some w and v, wR∗v, but for no n, wRnv.
Let’s first assume that, for some w, v, and n ≥ 0, wRnv, but not wR∗v. Take a
valuation on F such that V (p) = W \ {v}. Consider an R-chain leading from w to
v: w = x1Rx2R . . .RxnRxn+1 = v. There are two cases to consider: either (1) at
least one xi refutes �∗ϕ ↔ ϕ ∧ ��∗ϕ, or (2) every xi validates �∗ϕ ↔ ϕ ∧ ��∗ϕ. In
case (1), we are immediately done. So, let’s consider case (2). Since (F, V ), v 1 p and
F, V, v �∗ϕ↔ ϕ ∧ ��∗ϕ, then F, V, v 1 �∗p. Since xnRv, then F, V, xn 1 ��∗p. As
F, V, xn �∗ϕ↔ ϕ ∧ ��∗ϕ, we have F, V, xn−1 1 ��∗p. Going, in this way, further up
4. logics with segerberg operator 75
the chain, we eventually get F, V, w 1 �∗p; however, since V (p) = W \ {v} and wR∗v
does not hold, F, V, w �∗p, a contradiction.
Let’s now assume that, for some w and v, wR∗v, but for no n, wRnv. Take a
valuation on F such that V (p) = { x : for no n, xRnv }. Then, we immediately get
that F, V, w p. Furthermore, since under V , every point satisfies p → �p, trivially
F, V, w �∗(p→ �p). Finally, since F, V, v 1 p (by taking n = 0), F, V, w 1 �∗p.
Therefore, F, V, w 1 p ∧ �∗(p→ �p) → �∗p. q.e.d.
In light of lemma 4.43 it is natural to consider as the standard models of L∗the
models that are based on RTC frames.
A consequence of lemma 4.43 is that, as in the present chapter we deal only with
extensions of Seg, we will not be considering frames other than RTC-frames.
Another byproduct of lemma 4.43 is the soundness of Seg with respect to RTC
frames.
Definition 4.44 (Soundness) Let Λ be a normal modal logic in language L and F
be a class of Kripke frames for L. Λ is sound with respect to F if Λ ⊆ {ϕ : F ϕ }.a
Lemma 4.45 Logic Seg is sound with respect to the class of RTC frames.
Proof According to lemma 4.43, Seg1 and Seg2 are true on every RTC frame. It is
straightforward to check that all the other axioms of Seg are true on every Kripke
frame, hence on every RTC frame. It is equally straightforward to check that the
inference rules of Seg preserve validity on Kripke frames. Therefore, all theorems of
Seg are valid on every RTC frame. q.e.d.
The following lemma will be useful in what follows.
Lemma 4.46 Let Λ be a normal modal logic and K be a class of Kripke frames
for L. Then, Λ is sound with respect to K iff every K-satisfiable set Γ ⊆ FmaL is
Λ-consistent.
Proof Straightforward. q.e.d.
4. logics with segerberg operator 76
4.3.3 Non-standard models
It is tempting to think that, as Seg defines the class of RTC frames, we can confine
our attention only to the standard models of L∗, that is models based on RTC frames.
However, although formulas Seg define the class of frames where R∗ is the reflexive
transitive closure of R, they have models that are not based on such frames. The
most obvious example is the canonical model of Seg. Indeed, the set {�n♦> :
n ≥ 0 } ∪ {♦∗ ¬♦>} is obviously satisfiable in the class of RTC frames; hence, by
lemmas 4.45 and 4.46, it is Seg-consistent. Therefore, MSeg contains maximally
consistent sets ∆ and ∆′ such that ∆R∗∆′ but, for no n, ∆Rn∆′. The following class
of models accommodates MSeg.
Definition 4.47 (Non-standard models) A non-standard model for L∗ is a tuple
M = (W,R,R†, V, ) where
• W is a non-empty set;
• R ⊆ W ×W ;
• R† is a reflexive and transitive relation containing R;
• V is a mapping from PropL∗ to 2W ;
• is a truth-relation defined as for Kripke models;
• for every w ∈ W , M, w Seg. a
It is interesting to know—as far as we are aware, this question has never been
raised in the literature—whether a non-standard model can be finite. After all, the
canonical model of Seg, the motivating example for non-standard models, is uncount-
ably infinite; thus, it is conceivable that every non-standard model might be infinite.
The following example shows, however, that finite non-standard models do exist.
Example 4.48 (Finite non-standard model) Take models M and M′ depicted
on the following diagram (unlabelled arrows represent R; in M, R∗ is the reflexive
4. logics with segerberg operator 77
transitive closure of R; in M′, it is the reflexive transitive closure of R plus the pair
(w, u′)):
'
&
$
%
'
&
$
%rrr
rrr r
w
v
u
w
v
u u′M M′
R∗
6
6
6
6
���������
where u′ and u satisfy the same parameters. Then, the relation depicted by dotted
lines is a total L∗-bisimulation between M and M′. Since M is based on an RTC
frame, by lemma 4.45, M Seg. As M and M′ are L∗-bisimilar, they satisfy the
same L∗-formulas. Hence, M′ Seg. It is then easy to see that M′ is a non-standard
model. ¶
4.4 Extensions of Seg
In this section, we prove some results concerning extensions of Seg. First, we prove
that adding Segerberg formulas to a normal modal logic Λ in monomodal language
ML gives a conservative extension of Λ. Secondly, we show that adding Segerberg
formulas to S4 gives the system that is essentially equivalent to S4. Lastly, we prove
the analogue of Makinson’s theorem for the extensions of Seg and its corollary stating
that it is decidable whether an effectively finitely axiomatisable extension of Seg is
consistent.
4.4.1 Conservativity
The first question we ask is whether the addition of Segerberg formulas Seg to a
normal modal logic Λ in the language ML is conservative; that is, whether the
addition of Seg to Λ does not generate new theorems not containing “♦∗ ”.
4. logics with segerberg operator 78
Definition 4.49 Let Λ and Λ′ be logics in languages L and L′, respectively, with
L ⊆ L′. Λ′ is a conservative extension of Λ if (1) Λ ⊆ Λ′, and (2) if ϕ ∈ FmaL and
0Λ ϕ, then 0Λ′ ϕ. a
Theorem 4.50 Let Λ be a normal modal logic in the language ML and Λ∗ = Λ⊕Seg.
Then, Λ∗ is a conservative extension of Λ.
Proof If Λ is inconsistent, then the statement of the theorem is trivially true; so, we
may assume that Λ is consistent.
Then, in virtue of fact 4.28, we can build a canonical model for Λ, MΛ =
(WΛ,RΛ,VΛ). Define R∗ be the reflexive-transitive closure of RΛ, and take the
model M = (WΛ,RΛ,R∗,VΛ), with the usual truth clause for formulas of the form
�∗ϕ.
We can show that all theorems of Λ∗ are true in M. First, according to theo-
rem 4.32, MΛ ϕ iff `Λ ϕ; therefore, all theorems—and hence axiom schemata—of Λ
are true in M. Secondly, as M is based on an RTC frame, by lemma 4.45, M Seg.
Thus, all axiom schemata of Λ∗ are true in M. Lastly, it is easy to check that modus
ponens and generalisation—for both “�” and “�∗”—preserve truth in M. Hence, all
theorems of Λ∗ are true in M.
On the other hand, if 0Λ ϕ, then by theorem 4.32 MΛ 6 ϕ and hence M 6 ϕ.
Thus, M validates all theorems of Λ∗ and refutes every non-theorem of Λ. Therefore,
no not-theorem of Λ is a theorem of Λ∗. q.e.d.
4.4.2 Minimal uninteresting logic
The minimal “interesting” normal logic in L∗ is Seg. What is the maximal “interest-
ing” normal logic in L∗? This question, as it is stated, is difficult to answer. But a
good approximation of the answer is to say what is the minimal uninteresting logic in
L∗. Intuitively, it should be Seg⊕S4, since S4 is the logic of reflexive and transitive
frames, that is frames whose accessibility relation R is the reflexive, transitive clo-
sure of itself; then, the addition of Seg to S4 should result in S4 with two equivalent
modalities. The following lemma confirms this intuition.
4. logics with segerberg operator 79
Lemma 4.51 Seg ⊕ S4 = S4 ⊕ �ϕ↔ �∗ϕ.
Proof To prove that S4⊕�ϕ ↔ �∗ϕ ⊆ Seg⊕S4, we have to show that �ϕ↔ �∗ϕ is a
theorem of Seg⊕S4. Since we already know that `Seg �∗ϕ→ �ϕ (see example 4.40),
we only have to prove the other implication.
1. �ϕ→ ϕ – axiom T
2. �ϕ→ ��ϕ – axiom 4
3. �∗(�ϕ→ ��ϕ) – from 2 by generalisation
4. �ϕ ∧ �∗(�ϕ→ ��ϕ) → �∗�ϕ – axiom Seg1
5. �ϕ→ �∗�ϕ – from 3 and 4 by PL
6. �ϕ→ (ϕ→ �ϕ) – axiom A0
7. �∗�ϕ→ �∗(ϕ→ �ϕ) – from 6 by PL and (K∗)
8. �ϕ→ �∗(ϕ→ �ϕ) – from 5 and 7 by PL
9. ϕ ∧ �∗(ϕ→ �ϕ) → �∗ϕ – axiom Seg1
10. �ϕ→ �∗ϕ – from 1, 8, and 9 by PL.
To prove that Seg ⊕ S4 ⊆ S4 ⊕ �ϕ ↔ �∗ϕ, we have to show that Segerberg
formulas are provable in the latter logic. They are since (1) �ϕ ↔ ϕ ∧ ��ϕ and
ϕ ∧ �(ϕ → �ϕ) → �ϕ are S4-theorems and (2) the replacement theorem holds for
S4 (that is, in S4, replacing any subformula of a theorem results in a theorem).q.e.d.
4.4.3 Analogue of Makinson’s theorem
Given an arbitrary extension Λ of our base logic Seg, we would like to be able
to find out whether Λ is consistent or not, because the inconsistent extensions of
Seg are not of any interest (as any inconsistent logics are, since they fail to do the
basic job of a logic, e.g. to distinguish valid formulas from non-valid ones). In the
4. logics with segerberg operator 80
case of monomodal logics, a useful tool in determining consistency is a well-known
Makinson’s theorem (see [Mak71]) that says that any consistent logic in ML is either
a sublogic of the logic of the frame comprising a single reflexive point or a sublogic
of the logic of the frame comprising a single irreflexive point. We know that in the
case of logics with two independent modalities the analogue of Makinson’s theorem
does not hold. Thus, it is interesting to know whether it holds for extensions of Seg,
which have two interconnected modalities. This question is not trivial since the proof
of the original Makinson’s theorem makes use of the model theoretic constructions
of generated submodels and bounded morphisms to reshape the canonical models of
consistent logics in ML; thus, the proof can not be directly turned into the proof
for logics in L∗, as the canonical models of these logics are non-standard, hence we
can not rely on the preservation of truth-values of formulas of L∗ under the instances
of bisimulations pertaining only to the accessibility relation for ♦, as we could if we
dealt with standard models for L∗.
Let’s denote by Fref the RTC frame ({u},R,R∗), where R = {(u, u)}, and by
Firref the RTC frame ({u},R,R∗), where R = ∅. Let Λref be the logic of Fref and
Λirref be the logic of Firref . We can prove the following analogue of Makinson’s
theorem.
Theorem 4.52 (Analogue of Makinson’s theorem) Let Λ be a consistent exten-
sion of Seg. Then, either Λ ⊆ Λirref or Λ ⊆ Λref .
Proof Since Λ is consistent, we can build the canonical (non-standard) model for
Λ, MΛ = (WΛ,RΛ,R†,VΛ) over the language with the empty set of propositional
parameters (but with ⊥). By lemma 4.31, every theorem of Λ in this language is true
at every point of WΛ. Now, (1) either there is such w ∈ MΛ that for no v ∈ MΛ do
we have wRΛv, or (2) for every w ∈ MΛ there exists such v ∈ MΛ that wRΛv. We
will show that in the former case Λ ⊆ Λirref while in the latter Λ ⊆ Λref .
(1) Suppose that for some w ∈ WΛ there is no v ∈ WΛ such that wRΛv. Take a
submodel Mw of MΛ generated (with respect to both RΛ and R†) by w. It is easy
to see that Mw contains only w. Indeed, by assumption, for no v ∈ WΛ, wRΛv.
Furthermore, we can show that for no v 6= w does wR†v hold. For, if otherwise, since
4. logics with segerberg operator 81
w and v are distinct maximally consistent sets, there would be ϕ such that ϕ ∈ v
and ¬ϕ ∈ w. Then, ♦∗ ϕ ∈ w and, since ♦∗ ϕ↔ ϕ ∨ ♦♦∗ ϕ ∈ w, ♦♦∗ ϕ ∈ w. But then, by
lemma 4.30, for some v, wRΛv, contrary to the assumption. Since Mw is a generated
submodel of MΛ, all theorems of Λ are true at w in Mw.
Now, suppose that, for the sake of a contradiction, there exists a model M =
({u},R,R∗, V ), based on Firref , such that, for some ψ ∈ Λ, M, u 1 ψ (ψ may be a
formula in an arbitrary vocabulary). Based on V , construct the formula ψ ′ out of ψ,
in the following way: for each p occurring in ψ, if u ∈ V (p), then substitute p with >;
if on the other hand, u /∈ V (p), substitute p with ⊥. It is easy to see that M, u ψ iff
M, u ψ′; hence, M, u 1 ψ′. Now, ψ′ ∈ Λ∗ (since it is obtained by substitution from
ψ), hence, by theorem 4.32, Mw, w ψ′. As Mw and M are based on isomorphic
frames and they trivially agree on all propositional symbols of ψ ′ (ψ′ does not have
any), Mw, w ψ′ iff M, u ψ′, which gives us a contradiction. Hence, Λ ⊆ Λirref .
(2) Suppose that for every w ∈ MΛ there exists v ∈ MΛ such that wRΛv. Then,
since RΛ ⊆ R†, for every w ∈ MΛ there is v ∈ MΛ such that wR†v. Take a model
Mw = ({w},R,R†, V ), where R = R† = (w,w) and V (p) = ∅ for every p. It is easy
to see that Mw is a bounded morphic image of MΛ; hence, all theorems of Λ are true
at w in Mw. By an argument analogous to that used in the previous case, no theorem
of Λ is refutable on the frame isomorphic to the frame of Mw; hence Λ ⊆ Λref .q.e.d.
Corollary 4.53 Let Λ be an effectively finitely axiomatisable consistent extension of
Seg. It is decidable whether Λ is consistent.
Proof It follows from theorem 4.52, that Λ is consistent iff either Λ ⊆ Λirref or
Λ ⊆ Λref . Thus, to check the consistency of Λ, all we have to do is check whether
axioms of Λ are true either in the frame Firref or in the frame Fref . q.e.d.
82
Chapter 5
Logics with existential modality
In this chapter, we study multimodal logics with the existential modality 〈#〉 . Intu-
itively, 〈#〉ϕ means that ϕ is true at a point accessible by some atomic accessibility
relation. As we have already mentioned in the introduction, the modal operator 〈#〉
was introduced in [AdRD03] to reason about path constrains in query languages for
semistructured data. In [AdRD03], logic PDLpath was suggested as a formal tool for
reasoning about such path constrains. In [AdRD03], formulas of PDLpath are defined
as follows:
ϕ := > | ⊥ | root | ¬ϕ | ϕ ∨ ϕ | 〈π〉ϕ
where π is an expression of the regular language augmented with the identity constant
and the converse operator. In [AdRD03], formulas of PDLpath are interpreted on
transition systems, 〈π〉ϕ being read as “transition π leads to a node where ϕ holds”;
root stands for a unique node in a transition system (so, it can not be treated as an
ordinary propositional parameter).
In [AdRD03], PDLpath was studied semantically. The main purpose of this chapter
is to provide PDLpath with the adequate Hilbert-style axiomatisation. The chapter
is structured as follows. First, in section 5.1, we present axiomatisations, and prove
their completeness, of two logics whose language contains 〈#〉 but is simpler than
the language of PDLpath, namely the language of basic multimodal logic augmented
with 〈#〉 , which we refer to as L#. This will allow us, at first, to concentrate on 〈#〉
without having to worry about all the other features of the full PDLpath. The logics
we consider in section 5.1 are the minimal normal modal logic in L#, K#, and its
5. logics with existential modality 83
deterministic extension, DK#(that is, the logic, in L#, of all deterministic frames).
Then, in section 5.2, we present the axiomatisation of the full PDLpath and prove its
completeness.
5.1 Logics K#and DK#
5.1.1 Syntax and semantics
The language L#IΦ of K# is a multimodal propositional language augmented with the
existential modality 〈#〉 ; its formulas are defined by the following BNF expression:
ϕ := p | ¬ϕ | ϕ1 ∨ ϕ2 | 〈i〉ϕ | 〈#〉ϕ,
where p ranges over the set Φ of propositional parameters, whose arbitrary mem-
bers we denote as p, q, r, . . ., and i ranges over the set I of indices, whose arbitrary
members we denote as a, b, c, . . .. We collectively call indices of I and # labels. For
this language, we adopt all the usual conventions enhancing the readability of propo-
sitional formulas, and in the usual manner, define [#]ϕ as ¬〈#〉 ¬ϕ. The intuitive
meaning of 〈#〉 is “accessible by some modality”. Subformulas of the formulas of
L# are defined in the usual way, as substrings of formulas that are formulas in their
own right; the set of all subformulas of ϕ is denoted by Sub(ϕ).
Definition 5.1 A model for L#IΦ, or an L#I
Φ-model, is a tuple M =
(W, {Ri}i∈I ,R#, V ) such that
1. W 6= ∅;
2. Ri ⊆ W ×W ;
3. R# =⋃i∈I Ri;
4. V is a function from Φ into 2W .
M is deterministic if for every w ∈ W and every i ∈ I there is no more than one v
such that wRiv. a
5. logics with existential modality 84
The truth definition for formulas of L#IΦ is essentially the same as for any other
multimodal language; in particular,
M, w 〈i〉ϕ iff ∃v ∈ W (wRiv and M, v ϕ) and
M, w 〈#〉ϕ iff ∃v ∈ W (wR#v and M, v ϕ).
It is obvious that the last clause can be reformulated as follows:
M, w 〈#〉ϕ iff ∃i ∈ I ∃v ∈ W (wRiv and M, v ϕ), which immediately
suggests the above-mentioned reading of 〈#〉 as “accessible by some modality”. It is
easy to see that, in the language L#IΦ with a finite I, # is redundant, 〈#〉ϕ being
then equal to 〈1〉ϕ∨ . . . ∨ 〈n〉ϕ, so throughout this chapter we presume that the set
of indices I is countably infinite.
The definitions of truth and satisfiability in a model and a class of models are the
same as in any propositional modal logic; the same for frames.
5.1.2 Bisimulations for L#
In this section, we define bisimulations for L# and show that the truth of formulas of
L# is preserved under so defined bisimulations. This will enable us to use, working
with L#-models, all model operations whose truth-preservation is guaranteed by their
being an instance of bisimulation.
The definition of bisimulations for L# is the same as for basic multimodal language
MML(that is, we stipulate back-and-forth conditions only for basic modalities, not
imposing any conditions on R#). This is enough to prove the following theorem.
Theorem 5.2 Let M = (W, {Ri}i∈I ,R#, V ) and M′ = (W ′, {R′i}i∈I ,R
′#, V
′) be
two L#IΦ models such that M, w � M′, w′. Then, for any L#I
Φ-formula ϕ, we have
M, w ϕ iff M′, w′ ϕ.
Proof The only interesting case is that of 〈#〉ψ. Suppose that M, w 〈#〉ψ. Then,
for some i ∈ I, wRiv and M, v ψ. Therefore, by the forth condition, there exist
such v′ ∈ W ′, that w′Riv′ and M′, v′ ψ. Hence, M′, w′ 〈#〉ψ. The other
direction is symmetrical. q.e.d.
5. logics with existential modality 85
5.1.3 Standard translation and decidability
In this section, we extend the standard translation of the language of propositional
modal logic into the language of first-order logic to L#. This immediately gives us
the decidability result for K# and all its extensions that can be defined by guarded
formulas. To this end, we will need a first-order language with individual parameters
(see remark 2.13).
Consider the first-order language FOΨ whose vocabulary Ψ includes a countable
stock of individual parameters {a1, a2, . . . , an, . . .}, a countable stock of unary predi-
cate parameters {P1, P2, . . . , Pn, . . .}, and a single ternary predicate parameter R.
Definition 5.3 Define, by mutual recursion, two functions, τ#x and τ#
y , mapping
formulas of L#IΦ into formulas of FOΨ, as follows. τ#
x is defined by
1. τ#x (pi) = Pi(x);
2. τ#x (¬ϕ) = ¬τ#
x (ϕ);
3. τ#x (ϕ ∨ ψ) = τ#
x (ϕ) ∨ τ#x (ψ);
4. τ#x (〈i〉ϕ) = ∃y(R(ai, x, y) ∧ τ#
y (ϕ));
5. τ#x (〈#〉ϕ) = ∃z∃y(R(z, x, y) ∧ τ#
y (ϕ)).
To obtain the definition of τ#y , swap x and y in the foregoing clauses 1–5. Define the
standard translation τ#(ϕ) of every ϕ in L#IΦ to be τ#
x (ϕ). a
Theorem 5.4 Let ϕ be a formula of L#IΦ, M = (W, {Ri}i∈I ,R#, V ), be an L#I
Φ-
model, and MFO be its counterpart first-order model. Then, for every w ∈ W ,
M, w ϕ iff MFO, α τ#(ϕ), where α(x) = w.
Proof Straightforward. q.e.d.
Theorem 5.5 K# and all its extensions that are defined semantically via guarded
formulas are decidable.
Proof Immediately follows from theorems 5.4 and 2.57. q.e.d.
5. logics with existential modality 86
5.1.4 Axiomatisation of K#
In this section, we formulate an axiomatisation of the validities of the language of L#
over the class of all frames underlying L#-models, which we call L#-frames (this set
of validities, which, by lemma 4.36, is a normal modal logic, we refer to as K#) and
prove its (weak) completeness. The idea of the axiomatisation is readily suggested by
the analogy between # and the existential quantifier of the first-order logic. In the
axiomatisation, we use π to stand for either an arbitrary i ∈ I or #.
The axiom schemata of K# are as follows:
(A0) All classical tautologies;
(K) [π](ϕ→ ψ) → ([π]ϕ→ [π]ψ);
(ER) 〈i〉ϕ→ 〈#〉ϕ.
The inference rules are:
(MP) From ϕ→ ψ and ϕ infer ψ;
(N) From ϕ infer [π]ϕ;
(EL) From 〈i〉ϕ→ ψ infer 〈#〉ϕ→ ψ, provided i does not occur in ψ.
Theorem 5.6 K# is sound with respect to the class of all L#-frames.
Proof All the cases except possibly (EL) are straightforward, so we only consider
this last case. Suppose that 〈i〉ϕ → ψ is valid, that is true at every point of every
model based on a L# frame. For the sake of a contradiction, assume that M, w 1
〈#〉ϕ→ ψ, where i does not occur in ψ. Then, M, w 〈#〉ϕ and M, w 1 ψ. Then,
for some j ∈ I and some v ∈ W , wRjv and M, v ϕ. Consider the model, M′,
that is like M except that, in M′, Ri = Rj (that is, to obtain M′, we change the
“interpretation” of modality i in M so that it now has the same meaning as j). Since
i does not occur in ψ, M′, w ψ. Since M′ is different from M no more than in
Ri, it is still true in M′ that, for some j ∈ I and some v ∈ W , wRjv and M, v ϕ;
and since now Ri = Rj, then wRiv, which means that M′, w 〈i〉ϕ. But then
M′, w 1 〈i〉ϕ→ ψ, which gives us a contradiction. q.e.d.
5. logics with existential modality 87
It is easy to see that theorem 5.6 can not be proved without the proviso on (EL),
which explains the rationale for the proviso.
We now turn to completeness proper. The first question to ask is whether we can
prove strong completeness of K#. As the following theorem shows, the answer is no.
Theorem 5.7 K# is not compact and hence not strongly complete with respect to
any class of structures.
Proof Consider the set Γ = { 〈#〉 p,¬〈i〉p : i ∈ I } of formulas. It is obvious that
every finite subset of Γ is satisfiable, while Γ itself is not. Thus, K# is not com-
pact, and since no non-compact logic can be strongly complete, K# is not strongly
complete. q.e.d.
In light of theorem 5.7, all we can hope for is weak completeness for K#. To prove
it, we use a completeness-via-finite-models technique (see, for example, section 4.8
of [BdRV01]).
Let’s define ∼ ϕ as follows:
∼ ϕ =
{ψ if ϕ is of the form ¬ψ
¬ψ otherwise
Definition 5.8 (Closure) Let Σ be a set of L#-formulas. The closure of Σ, CL(Σ),
is the smallest set such that
• if ϕ ∈ Σ, then Sub(ϕ) ⊆ CL(Σ);
• if ϕ ∈ CL(Σ), then ∼ ϕ ∈ CL(Σ). a
Lemma 5.9 Let Σ be a set of L#-formulas. If Σ is finite, then CL(Σ) is finite, too.
Proof Straightforward. q.e.d.
For our completeness proof, we only have to deal with finite Σ’s; thus, from now on,
we assume that all CL(Σ)’s are also finite.
5. logics with existential modality 88
Definition 5.10 (Atoms) Let Σ be a set of L#-formulas. A set of formulas A is
an atom over Σ, if (1) A ⊆ CL(Σ), (2) A is consistent, and (3) every Γ such that
A ⊂ Γ ⊆ CL(Σ) is inconsistent. a
The following series of lemmas describes some of the properties of atoms.
Lemma 5.11 If Γ ⊆ CL(Σ) is consistent and ϕ ∈ CL(Σ), then either Γ ∪ {ϕ} or
Γ ∪ {∼ ϕ} is consistent.
Proof Suppose, for the sake of a contradiction, that both Γ ∪ {ϕ} and Γ ∪
{∼ ϕ} are inconsistent. This means that Γ ∪ {ϕ} `⊥ and Γ ∪ {∼ ϕ} `⊥. But then,
by PL, Γ ` ¬ϕ and Γ ` ¬ ∼ ϕ, and again by PL, Γ ` ¬ϕ ∧ ¬ ∼ ϕ, that is Γ `⊥,
contrary to the assumption that Γ is consistent. q.e.d.
Lemma 5.12 If A is an atom over Σ and ϕ ∈ CL(Σ) then exactly one of ϕ and ∼ ϕ
belongs to A.
Proof If both ϕ and ∼ ϕ are in A then A ` ϕ∧ ∼ ϕ, hence A `⊥, which is impossible
since A is an atom.
Suppose next that ϕ /∈ A and ∼ ϕ /∈ A. Since A is an atom, both A ∪ {ϕ} and
A∪ {∼ ϕ} are inconsistent. But then, by lemma 5.11, A is inconsistent too, which is
impossible. q.e.d.
Lemma 5.13 Let Σ be a set of L#-formulas and A be an atom over Σ. Then, for
all ϕ ∨ ψ ∈ CL(Σ), ϕ ∈ CL(Σ) or ψ ∈ CL(Σ).
Proof Let ϕ ∨ ψ ∈ A, ϕ /∈ A and ψ /∈ A. Note that ϕ ∈ CL(Σ) and ψ ∈ CL(Σ), and
hence, by lemma 5.12, ∼ ϕ ∈ A and ∼ ψ ∈ A. But then A is inconsistent, which is
impossible.
Next, suppose that ϕ ∈ A, ψ ∈ A and ϕ ∨ ψ /∈ A. Since ϕ ∨ ψ ∈ CL(Σ),
and therefore ¬(ϕ ∨ ψ) ∈ CL(Σ), ¬(ϕ ∨ ψ) ∈ A. Then, A is inconsistent, which is
impossible. q.e.d.
Lemma 5.14 If ϕ ∈ CL(Σ) is K#-consistent, then there exist an atom A over Σ
such that ϕ ∈ A.
5. logics with existential modality 89
Proof Enumerate all the formulas of CL(Σ) as ψ1, . . . , ψn. Construct the sequence
B0, . . . , Bn of subsets of CL(Σ) as follows: B0 = {ϕ}, Bi+1 = Bi ∪ {ψi} if Bi ∪ {ψi}
is consistent and Bi+1 = Bi ∪ {∼ ψi} otherwise. Then, Bn is the sought-after
atom. Indeed, by lemma 5.11, Bn is consistent, and by its construction, it can not be
extended to another consistent subset of CL(Σ). q.e.d.
Now we turn to defining finite canonical models for K#. For that, we will need the
following two pieces of notation. First, for a set of formulas X, we use X to denote∧ϕ∈X ϕ; secondly, we write π ∈ Σ, where π is an index and Σ a set of formulas, to
mean that π has an occurrence in one of the formulas in Σ. Note that, given a finite
set of L#ΦI -formulas Σ, since Σ is finite and I is infinite, there is bound to be such a
that a ∈ I and a /∈ Σ.
Definition 5.15 (Finite canonical models for K#) Let Σ be a finite set of L#IΦ-
formulas and let a be an index such that a ∈ I but a /∈ Σ. The finite canonical model
over Σ, MΣ, is the triple (At(Σ), {RΣi }i∈I ,R
Σ#, V
Σ), where
1. At(Σ) is the set of all atoms over Σ;
2. ARΣi A
′ iff i ∈ Σ or i = a and A ∧ 〈i〉 A′ 0 ⊥;
3. ARΣ#A
′ iff A ∧ 〈#〉 A′ 0 ⊥;
4. For every p ∈ Φ, V Σ(p) = {A ∈ At(Σ) : p ∈ A }. a
Lemma 5.16 (Existence lemma) Let Σ be a set of L#IΦ-formulas, A be an atom
over Σ, and π is a label such that either π ∈ Σ or π = #. Then, for all 〈π〉ϕ ∈ CL(Σ),
〈π〉ϕ ∈ A iff there is an atom A′ such that ARπA′ and ϕ ∈ A′.
Proof First, left to right. Suppose that 〈π〉ϕ ∈ A. Enumerate formulas of CL(Σ)
as ψ1, . . . , ψn. Construct the sequence B0, . . . , Bn of subsets of CL(Σ) such that, for
every Bi from the sequence, A ∧ 〈π〉 Bi is consistent, as follows. Put B0 = {ϕ}.
Clearly, A∧〈π〉 B0 is consistent. Next, since φ↔ (φ∧χ)∨ (φ∧¬χ) is a propositional
tautology, and thus, due to (K), 〈π〉φ ↔ 〈π〉 (φ ∧ χ) ∨ 〈π〉 (φ ∧ ¬χ) is a theorem of
5. logics with existential modality 90
every normal modal logic; as an instance, 〈π〉 Bi ↔ 〈π〉 (Bi ∧ ψi+1)∨ 〈π〉 (Bi ∧¬ψi+1)
is a theorem, too. Therefore, either for B = Bi ∪ {ψi+1} or for B = Bi ∪ {∼ ψi+1},
A ∧ 〈π〉 B is consistent. In the first case, let Bn+1 = Bn ∪ {ψi+1}; in the second, let
Bi+1 = Bi ∪ {¬ψi+1}. Finally, let A′ = Bn. It is obvious that A′ is an atom, and
hence we are done.
Secondly, right to left. Suppose that there is an atom A′ such that ϕ ∈ A′ and
ARπA′, that is that A ∧ 〈π〉 A′ is consistent. Then, as ϕ ∈ A′ and, thus, is one of
the conjuncts of A′, A∧ 〈π〉ϕ is consistent, too. Then, as 〈π〉ϕ ∈ CL(Σ) and A is an
atom, 〈π〉ϕ ∈ A; indeed, otherwise, ¬〈π〉ϕ ∈ A, which means that A ∧ 〈π〉ϕ must
be inconsistent. q.e.d.
Lemma 5.17 (Truth lemma) Let Σ be a set of L# formulas, MΣ be the finite
canonical model over Σ, and ψ ∈ CL(Σ). Then, for every A ∈ At(Σ), MΣ, A ψ iff
ψ ∈ A.
Proof Straightforward induction on the complexity of ψ. The base case immediately
follows from definition 5.15. The other cases follow from lemmas 5.12, 5.13, and
5.16. q.e.d.
Now, lemmas 5.14 and 5.17 guarantee that every K#-consistent L#IΦ-formula ϕ
is satisfiable in the canonical model over {ϕ}, Mϕ. All we have to do to prove the
weak completeness of K# is show that finite canonical models are L#IΦ-models.
Lemma 5.18 Every finite canonical model MΣ = (At(Σ), {RΣi }i∈I ,R
Σ#, V
Σ) is an
L#-model.
Proof All we have to prove is that RΣ# =
⋃i∈I R
Σi .
First, we prove the right-to-left inclusion. Suppose, for the sake of a contradiction,
that, for some i ∈ I, ARΣi A
′ but ARΣ#A
′ does not hold. Then, by definition 5.15,
A ∧ 〈i〉 A′ 0 ⊥, but A ∧ 〈#〉 A′ ` ⊥. But then 〈#〉 A′ ` ¬A and hence, in virtue of
(ER), 〈i〉 A′ ` ¬A, which is impossible since A ∧ 〈i〉 A′ 0 ⊥.
Secondly, the left-to-right inclusion. Suppose that ARΣ#A
′. If, for some i ∈ I,
ARΣi A
′, then we are done. So, let’s assume that for no i ∈ I does ARΣi A
′ hold.
5. logics with existential modality 91
We can show that in such a case ARΣaA
′ holds. Indeed, if suppose otherwise, then
A ∧ 〈#〉 A′ 0 ⊥ and A ∧ 〈a〉 A′ ` ⊥. But then 〈a〉 A′ ` ¬A, and hence, in virtue of
(EL), which is applicable here since a /∈ Σ, 〈#〉 A′ ` ¬A, which is impossible since
A ∧ 〈#〉 A′ 0 ⊥. q.e.d.
Remark 5.19 The reason why, while building the finite canonical model MΣ, we
have added to the indices occurring in Σ a “new” index a is that otherwise we would
not have been able to prove that MΣ is an L#-model. Indeed, consider the set
Σ = {〈#〉 p ∧ ¬〈b〉 p}. Then, since 〈#〉 p ∧ ¬〈b〉 p is consistent, in MΣ there is an
atom A such that 〈#〉 p ∧ ¬〈b〉 p ∈ A. In virtue of lemmas 5.12, 5.13 and 5.16, for
some B ∈ MΣ such that p ∈ B, we have ARΣ#B, but for no index c ∈ Σ do we have
ARΣc B.
Theorem 5.20 K# is complete with respect to the class of all L# frames.
Proof Immediately follows from lemmas 5.14, 5.17, and 5.18. q.e.d.
5.1.5 Axiomatisation of DK#
In this section, we present the axiomatisation of the validities of the language L#
over the class of deterministic L#-frames, that is L#-frames satisfying the following
condition:
(D) ∀x∀y∀z(xRiy ∧ xRiz → y = z).
By lemma 4.36, these validities form a logic, which we call DK#. To get the ax-
iomatisation of DK#, we add to axiom schemata and rules of inference of the above
Hilbert-style axiomatisation of K# the following axiom schema, for every i ∈ I:
(F) 〈i〉ϕ→ [i]ϕ
The soundness of DK#is straightforward.
Theorem 5.21 DK# is sound with respect to the class of deterministic L#-frames.
5. logics with existential modality 92
Proof We only mention that the transformation of the models used in the proof of
theorem 5.6 to handle (EL) preserves determinism since if M is based on a deter-
ministic frame then Rj is deterministic and, hence, model M′ obtained from M by
putting Ri = Rj is also deterministic. q.e.d.
The completeness of DK# is not so straightforward. First, while building a finite
canonical model over a set of formulas Σ for DK#, we can not, as in the case of
K#, add to the modal indices of Σ just one “new” index since that might give us
an irreparably nondeterministic model. So, we will use all indices of I while building
the initial canonical model and then get rid of all the labels not in Σ that harm
determinism. A more fundamental problems is that, even so, if we simply replace in
the completeness proof for K# from the previous section the notion of K#-consistency
by the notion of DK#-consistency while building finite canonical models, we have
no guarantee that the resulting model is deterministic with respect to the modality
indices that are in Σ, as the following example shows.
Example 5.22 Consider the formula ϕ = p∧〈i〉 q and the finite canonical model Mϕ
over ϕ. Then, among the points of Mϕ (that is, among DK#-atoms over p∧〈i〉 q) are
A = {p, q, 〈i〉 q, p∧〈i〉 q} and A′ = {¬p, q, 〈i〉 q,¬(p∧〈i〉 q)}. Then, A∧〈i〉A 0DK#⊥
and A ∧ 〈i〉A′0DK#
⊥, which means that ARϕi A and ARϕ
i A′. ¶
Nevertheless, we will be able to show that for every ψ such that 〈i〉ψ ∈ CL(ϕ) and
every pair of atoms B,B ′ ⊆ CL(ϕ), if A ∧ 〈i〉 B 0DK#⊥ and A ∧ 〈i〉 B′ 0DK#
⊥,
then ψ ∈ B iff ψ ∈ B′. In other words, in the canonical model over ϕ, if i-accessible
points are different, ϕ cannot tell them apart. This suggests the following strategy
for building a deterministic model for a DK#-consistent formula ϕ. First, build the
finite canonical model Mϕ over {ϕ}, in the way similar to how it was done in the
completeness proof for K#. Second, get rid of all the links along indices not in Σ
that harm determinism, obtaining a model M′ϕ. Thirdly, take a submodel of M′ϕ
generated by the atom Aϕ containing ϕ and unravel this submodel into a tree-like
model with the root Aϕ. Lastly, prune the resultant tree, leaving only one Ri branch
for every i ∈ I. We will show that thus built model still satisfies ϕ, since ϕ can’t tell
apart the points on the branch we leave in the tree from the pruned ones.
5. logics with existential modality 93
We need to modify the definition of the closure used in our completeness proof of
K#. To that end, we first have to define modal depths of occurrences of subformulas
in formulas.
Definition 5.23 (Modal depth) Let ϕ be a L#IΦ-formula and ψ a subformula of
ϕ. The modal depth of an occurrence of ψ in ϕ, in symbols mdϕ(ψ), is the number of
modal connectives of ϕ whose scope includes this occurrence of ψ. a
Somewhat sloppily, we usually talk of the modal depth of subformulas of a given
formula rather than their occurrences in that formula.
Definition 5.24 (Deterministic closure) Let Σ be a set of L#-formulas. The
deterministic closure of Σ, DCL(Σ), is the smallest set such that
• CL(Σ) ⊆ DCL(Σ);
• if ϕ ∈ Σ and ψ ∈ Sub(ϕ) such that mdϕ(ψ) > 0, then for every i ∈ I that has
an occurrence in Σ, 〈i〉ψ, 〈i〉 ∼ ψ ∈ DCL(Σ). a
It is easy to see that DCL(Σ) is finite whenever Σ is finite. The reason for the second
condition of definition 5.24 will become clear when we reshape canonical models into
deterministic ones.
Definition 5.25 (Finite canonical models for DK#) Let Σ be a finite set of L#IΦ-
formulas. The finite canonical model over Σ, MΣ, is the triple (At(Σ), {RΣi }i∈I ,R
Σ#, V
Σ),
where
1. At(Σ) is the set of all atoms over Σ;
2. ARΣi A
′ iff A ∧ 〈i〉 A′ 0 ⊥;
3. ARΣ#A
′ iff A ∧ 〈#〉 A′ 0 ⊥;
4. For every p ∈ Φ, V Σ(p) = {A ∈ At(Σ) : p ∈ A }. a
Proceeding exactly as in the completeness proof for K#, we get the following two
lemmas.
5. logics with existential modality 94
Lemma 5.26 (Truth lemma) Let Σ be a set of L# formulas, MΣ be the finite
canonical model for DK# over Σ, and ψ ∈ CL(Σ). Then, for every A ∈ At(Σ),
MΣ, A ψ iff ψ ∈ A.
Proof Exactly as in the proof of lemma 5.17. q.e.d.
Lemma 5.27 Every finite canonical model MΣ = (At(Σ), {RΣi }i∈I ,R
Σ#, V
Σ) is an
L#-model.
Proof Analogous to the proof of lemma 5.18. q.e.d.
Next, we do the easy part—get rid of nondeterminism with respect to the modalities
that are not in Σ.
Lemma 5.28 Let MΣ = (At(Σ), {RΣi }i∈I ,R
Σ#, V
Σ) be a finite canonical model for
DK# over Σ. Then, there exist a model M′Σ = (At(Σ), {R′Σi }i∈I ,R
Σ#, V
Σ) such that
(1) for every i /∈ Σ and every A,B,B ′ ∈ At(Σ), if AR′Σi B and AR′Σ
i B′ then B = B′,
and (2) for every ψ ∈ CL(Σ) and every X ∈ At(Σ), M′Σ, X ψ iff MΣ, X ψ.
Proof First, let’s note that it follows from definition 5.25 that if ARΣ#B, then ARΣ
i B
holds for every i /∈ Σ. Now, enumerate all i ∈ I such that i /∈ Σ in an (infinite)
sequence ij1, . . . , ijn, . . .; also enumerate all pairs of atoms (A,B) from At(Σ) such
that ARΣ#B. Going through the second enumeration, remove all the i-links between
the n-th pair if that pair is connected by at least one a in Σ and all the i-links but
ijn if that pair is not connected by any a in Σ. It is obvious that this procedure gives
us the model with the properties required by the statement of the lemma. q.e.d.
Now, the difficult part, obtaining a model deterministic with respect to i ∈ Σ. To
that end, we need versions of tree-likeness and unravelling that are slightly different
from the standard ones. We introduce the notion of strongly tree-like models and
show that every L#-model can be unravelled into a strongly tree-like model (the
standard unravelling produces just a tree-like model).
Definition 5.29 Let M = (W, {Ri}i∈I ,R#, V ) be a L#IΦ-model. M is tree-like if
the structure (W,R#) is an irreflexive tree. M is strongly tree-like if M is tree-like
and, for every (w, v) ∈ R#, there exists exactly one i ∈ I such that (w, v) ∈ Ri. a
5. logics with existential modality 95
Now we show that every rooted L#-model can be unravelled into a strongly tree-like
model in a truth-preserving way.
Theorem 5.30 Let M = (W, {Ri}i∈I ,R#, V ) be a rooted L#IΦ-model with root w.
Then, there exists a tree-like L#IΦ-model MT = (W T , {RT
i }i∈I ,RT#, V
T ) with root w,
such that (1) MT is strongly tree-like and (2) for every L#IΦ-formula ϕ, M, w ϕ
iff MT , w ϕ.
Proof We begin by building the required model MT ; then, we prove that thus
built MT has the properties claimed by the lemma. First, consider model M′ =
(W ′, {R′i}i∈I ,R
′#, V
′), where
1. W is the set of all possible sequences of the form (w,wi11 , . . . , w
inn ), where
w1, . . . , wn≥0 ∈ W and i1, . . . , in ∈ I;
2. (w,wi11 , . . . , winn )R′
j(w,wi11 , . . . , w
inn , w
in+1
n+1 ) if wnRjwn+1 and j = in+1;
3. R′# =
⋃i∈I R
′i;
4. V ′(p) = { (w,wi11 , . . . , w
inn ) : wn ∈ V (p) }, for every p ∈ Φ.
Next, take the submodel of M′ generated by w. This submodel is the sough-after
MT . It is clear that MT is a tree-like model with root w. Thus, all that remains to
be shown is that MT has the properties (1) and (2) from the statement of the lemma.
(1) This is obvious from the way relations R′i are defined (the last member of the
sequence serving as the second argument of each R′i bears exactly one superscript).
(2) Consider the relation Z ⊆ W ×W T such that vZ(w,wi11 , . . . , w
inn ) iff wn = v.
It is easy to see that Z is a bisimulation such that wZw. Hence, by theorem 5.2,
M, w ϕ iff MT , w ϕ, for every ϕ. q.e.d.
Now, we show that, in tree-like models, for every formula ϕ, the value of ϕ at the
root does not change if we replace a point v accessible from the root in k steps is
replaced with another point v′ such that v and v′ agree on all the subformulas of ϕ
of modal depth k. (In the statement of the following lemma, we use wRk#v to mean
that there are such u1, . . . , uk−1 that wR#u1R# . . .R#uk−1R#v; in particular, wR0#v
means that w = v.)
5. logics with existential modality 96
Lemma 5.31 Let ϕ be a L#-formula, M = (W, {Ri}i∈I ,R#, V ) a tree-like L#-
model, w ∈ W , and v ∈ W such that wRk#v. Let M′ be obtained from M by
replacing the subtree generated by v by another subtree, with root v ′, such that, for
every ψ ∈ Sub(ϕ) with mdϕ(ψ) = k, M, v ψ iff M′, v′ ψ. Then, M, w ϕ iff
M′, w′ ϕ.
Proof By induction on k
Let k = 0. Then, w = v. Moreover, v and v′ agree on all ψ ∈ Sub(ϕ) with
mdϕ(ψ) = 0. As mdϕ(ϕ) = 0, w and v′ agree on ϕ.
Assume that the statement of the lemma is true for k = n. Let’s show that then
it is also true for k = n + 1. Suppose, for the sake of a contradiction, that it is not.
Then, v and v′ agree on all ψ ∈ Sub(ϕ) with mdϕ(ψ) = n + 1 and M, w ϕ, but
M′, w′1 ϕ (the other case is symmetrical). Since no changes have been made to
w itself, ϕ should have a subformula 〈i〉χ with mdϕ(〈i〉χ) = 0 such that, for some
u such that wRiu and u ∈ path(w, v), M, u χ but M′, u 1 χ (the other case is
symmetrical). Now, mdϕ(χ) = mdϕ(〈i〉χ) + 1 and Sub(χ) ⊆ Sub(ϕ); therefore, v
and v′ agree on all ψ ∈ Sub(χ) with mdχ(ψ) = n. As uRn#v, applying the inductive
hypothesis to the tree generated by u, we get M, u χ iff M′, u χ, which gives us
a contradiction. q.e.d.
Lemma 5.32 Let MϕT be a strongly tree-like model obtained from the canonical
model over ϕ, Mϕ, by unravelling the submodel of Mϕ generated by an atom Aϕ
containing ϕ. Then, for every B,B ′ ∈ MϕT such that, for some C, CRiB and
CRiB′, and every ψ such that mdϕ(ψ) > 0, we have MϕT , B ψ iff MϕT , B′ ψ.
Proof Assume, for the sake of a contradiction, that there exist B and B ′ such that
CRiB and CRiB′, MϕT , B ψ, and MϕT , B′
1 ψ. Then, MϕT , C 〈i〉ψ and
MϕT , C 〈i〉 ∼ ψ. Therefore, since by definition 5.24, 〈i〉ψ, 〈i〉 ∼ ψ ∈ DCL(ϕ), by
lemma 5.26, 〈i〉ψ, 〈i〉 ∼ ψ ∈ C. This, however, is impossible, since in virtue of axiom
(F), 〈i〉ψ, 〈i〉 ∼ ψ,`DK#⊥. q.e.d.
Now we are ready to prove the completeness theorem.
5. logics with existential modality 97
Theorem 5.33 DK# is weakly complete with respect to the class of deterministic
L#-frames.
Proof Let ϕ be a DK#-consistent formula. Build the finite canonical model Mϕ over
ϕ (see definition 5.25). There is in Mϕ an atom Aϕ such that ϕ ∈ Aϕ. By lemma 5.26,
Mϕ, Aϕ ϕ. Remove, using the construction of lemma 5.28, all the “redundant”
atomic links in Mϕ indexed by i /∈ Σ. By lemma 5.28, M′ϕ, Aϕ ϕ. Now, unravel
M′ϕ into a strongly tree-like model M′ϕT using the construction of theorem 5.30.
Then, by theorem 5.30, M′ϕT , Aϕ ϕ. Next, level by level, for every point C and
label i at level n such that C can reach several points B1, . . . , Bm by an edge labelled i,
replace all Bjs by B1. Denote the resultant model by M′ϕT′
. In virtue of lemmas 5.31
and 5.32, M′ϕT′
, Aϕ ϕ. Lastly, construct M′ϕT′′
by replacing all identical copies
of B1 produced in construction of M′ϕT′
) by a single point B1. M′ϕT′
and M′ϕT′′
are obviously bisimilar, so in virtue of theorem 5.2, M′ϕT′′
, Aϕ ϕ. It is clear that
M′ϕT′′
is deterministic. This immediately gives us the required result. q.e.d.
5.2 Logic PDLpath
The language of PDLpath is an extension of the language of PDL, propositional dy-
namic logic. The language of PDL has two kinds of primitive symbols: propositional
parameters and atomic transitions (or, as will call them, to be consistent with the
rest of this thesis, modality indices). Atomic modality indices are used to label edges
in the transition system, which can also be thought of as a Kripke model. Compound
modality indices of PDL are built out of the atomic ones using binary operators ◦
(composition), ∪ (union) and a unary operator ∗ (finite iteration). In addition to
these traditional ingredients of the language of PDL, the language of PDLpath, intro-
duced in [AdRD03], has the modal identity constant id, the unary converse operator ·
on modalities and the what in [AdRD03] is called the wildcard modality and we called
the existential modality #. Moreover, the language of PDLpath has a single nominal (a
propositional letter that is true at exactly one point of a model) root, which is meant
to mark the root of the graph. In the literature, PDL with the converse operator
is referred to as converse PDL or CPDL, while CPDL with nominals is referred
5. logics with existential modality 98
to as CPDL with nominals. Thus, PDLpath is a fragment (since we have only one
nominal) of CPDL with nominals augmented with the existential modality #.
Our main concern in this part of the thesis is to provide a sound and complete
Hilbert-style axiomatisation for PDLpath. To that end, we need to extend the language
of PDLpath as introduced in [AdRD03] with the ”at” modality @ of hybrid logics: given
a formula ϕ and a nominal r, we can form a formula @rϕ, which intuitively says that ϕ
is true at the unique point that satisfies r. We need the modality @r to axiomatically
describe the behaviour of the nominal r.
5.2.1 Syntax and semantics
Definition 5.34 Given a countable set of indices I = {i1, i2, . . . , in, . . .}, labels over
I are defined by the following BNF expression:
ΛI := I | id | # | ΛI ◦ ΛI | ΛI ∪ ΛI | Λ ∗I | ΛI a
Definition 5.35 (PDLpath-formulas) PDLpath-formulas over the set of labels ΛI are
defined as follows:
ϕ := > | ⊥ | r | ¬ϕ | ϕ ∨ ϕ | 〈ΛI〉ϕ | @rϕ a
We use the lower-case Greek letters from near the middle of the alphabet, like π, ρ, . . .,
to refer to arbitrary labels and sometimes refer to indices as “atomic labels”.
PDLpath-formulas are evaluated on path models.
Definition 5.36 (Path models) A path model M over the set of labels ΛI is a tuple
(W, {Rπ}π∈ΛI, V ), where
1. W 6= ∅;
2. V is a function assigning some {w} ⊆ W to r.1
3. {Rπ}π∈ΛIis a collection of binary relations over W satisfying the following
conditions:
1Conceptually, r is a name of a point, so we could say that V assigns to r some w ∈ W . MakingV assign a singleton set to r is technically more convenient, though.
5. logics with existential modality 99
(a) R# =⋃i∈I Ri;
(b) Rid = { (w,w) : w ∈ W } (identity relation);
(c) Rπ = Rπ (converse);
(d) Rπ1◦π2= Rπ1
◦ Rπ2(composition);
(e) Rπ1∪π2= Rπ1
∪ Rπ2(union);
(f) Rπ∗ = R∗π (reflexive-transitive closure);
(g) For every w, v ∈ W , there is a sequence of points u1, . . . , un such that
(1) w = u1, (2) v = un, and (3) for every 1 ≤ i ≤ n− 1, either, for some
i ∈ I, uiRiui+1, or, for some i ∈ I, ui+1Riui (connectedness). a
The truth of PDLpath-formulas at a point in a path model is defined as follows.
Definition 5.37 (Truth at a point) Let M = (W, {Rπ}π∈ΛI, V ) be a path model,
w, v ∈ W . Then,
M, w > always;
M, w ⊥ never;
M, w r iff V (r) = {w};
M, w ¬ϕ iff M, w 1 ϕ;
M, w ϕ ∨ ψ iff M, w ϕ or M, w ψ;
M, w 〈π〉ϕ iff for some v ∈ W,wRπv and M, v ϕ;
M, w @rϕ iff M, v ϕ and V (r) = {v}. a
The definitions of truth and satisfiability in a model and a class of models are stan-
dard; the same for frames.
5.2.2 Bisimulations for PDLpath
In this section, we define bisimulations for the language of PDLpath and show that the
truth of formulas of PDLpath is preserved under so defined bisimulations. Because
of the presence in the language of PDLpath of the converse modality π, we have
to stipulate two versions of the back-and-forth conditions: one saying that every
5. logics with existential modality 100
move forward along the accessibility relation for basic labels should be matched in
a bisimilar model, the other saying that every move backward along the accessibility
relation for basic labels should be matched in a bisimilar model.
Definition 5.38 Let M = (W, {Rπ}π∈ΛI, V ) and M′ = (W ′, {R′
π}π∈ΛI, V ′) be two
path models over ΛI . A non-empty relation Z ⊆ W ×W ′ is a bisimulation between
M and M if the following conditions are satisfied, for every i ∈ I:
1. if wZw′ then w ∈ V (r) iff w′ ∈ V ′(r);
2. if wZw′ and wRiv, then there exists v′ ∈ W ′ such that w′R′iv
′ and vZv′;
3. if wZw′ and w′R′iv
′, then there exists v ∈ W such that wRiv and vZv′;
4. if wZw′ and vRiw, then there exists v′ ∈ W ′ such that v′R′iw
′ and vZv′;
5. if wZw′ and v′R′iw
′, then there exists v ∈ W such that vRiw and vZv′. a
As the following lemma shows, the definition 5.38 ensures that the back-and-forth
conditions are satisfied for all the labels of the language of PDLpath.
Lemma 5.39 Let M = (W, {Rπ}π∈ΛI, V ) and M′ = (W ′, {R′
π}π∈ΛI, V ′) be two
bisimilar path models over ΛI. Then, for every π ∈ ΛI ,
• if wZw′ and wRπv, then there exists v′ ∈ W ′ such that w′R′πv
′ and vZv′;
• if wZw′ and w′R′πv
′, then there exists v ∈ W such that wRπv and vZv′.
Proof Straightforward induction on the complexity of π. q.e.d.
Lemma 5.39 immediately gives us the following theorem.
Theorem 5.40 Let M = (W, {Rπ}π∈ΛI, V ) and M′ = (W ′, {R′
π}π∈ΛI, V ′) be two
bisimilar path models over ΛI such that M, w � M′, w′ and ϕ be a PDLpath-formula
over ΛI . Then, M, w ϕ iff M′, w′ ϕ.
Proof Straightforward induction on the complexity of ϕ. q.e.d.
In view of theorem 5.40, we can use all the model-theoretic constructions on path
models that are instances of PDLpath-bisimulations without worrying about the truth-
preservation of PDLpath-formulas.
5. logics with existential modality 101
5.2.3 Standard translation and decidability
In this section, we present the standard translation of formulas of PDLpath into
guarded fixed point logic µGF described in section 2.4.1. To that end, we will,
first, add to the language of PDLpath an infinite set of propositional parameters
X1, . . . , Xn, . . . (let’s call thus obtained language LX(PDLpath)), which we will need to
translate PDLpath-formulas of the form 〈π∗〉ϕ (they will be translated into predicate
variables of µGF bound by the least fixed point operator LFP ). Secondly, since we
can’t reuse predicate variables bound by LFP , to handle nested 〈π∗〉 ’s, we will need
a family of translations τnx , where n ∈ N, rather than a single translation τx (anal-
ogously for τy). Intuitively, n indicates which of the X’s of LX(PDLpath) we should
use upon encountering the next formula of the form 〈π〉ϕ: we will stipulate that
τnx (〈π∗〉ϕ) use propositional parameter Xn. Lastly, our translation will only translate
those formulas of PDLpathX in which the converse is applied only to atomic labels or
#; as the following lemma shows, this does not result in a loss of generality.
Definition 5.41 (Normal form) A formula ϕ of the language LX(PDLpath) over
ΛI is in normal form if, in every subformula of ϕ of the form 〈π〉ψ, either π ∈ I or
π = #. a
Lemma 5.42 Every formula ϕ of the language LX(PDLpath) is equivalent to a for-
mula ϕ in a normal form.
Proof Immediately follows from the fact that the following are theorems of PDLpath:
• 〈π1 ◦ π2〉ϕ↔ 〈π1 ◦ π2〉 ϕ;
• 〈π1 ∪ π2〉ϕ↔ 〈π1 ∪ π2〉 ϕ;
• 〈π∗〉ϕ↔ 〈π∗〉ϕ. q.e.d.
Now we are ready to define the standard translation for PDLpath.
Definition 5.43 Define, by mutual recursion, two families of functions, {τ nx }n∈N and
{τny }n∈N, mapping formulas of LX(PDLpath) over the set of labels ΛI into formulas of
its counterpart FO(LFP) language, as follows. τ nx is defined by
5. logics with existential modality 102
• τnx (r) := P (x);
• τnx (Xi) := Xi(x);
• τnx (¬ϕ) := ¬τnx (ϕ);
• τnx (ϕ ∨ ψ) := τnx (ϕ) ∨ τnx (ψ);
• τnx (〈i〉ϕ) := ∃y(R(ai, x, y) ∧ τny (ϕ)), for every i ∈ I;
• τnx (〈#〉ϕ) := ∃z∃y(R(z, x, y) ∧ τny (ϕ);
• τnx (〈i〉ϕ) := ∃y(R(ai, y, x) ∧ τny ϕ), for every i ∈ I;
• τnx (〈#〉ϕ) := ∃z∃y(R(z, y, x) ∧ τny (ϕ);
• τnx (〈π1 ◦ π2〉 ϕ) := τnx (〈π1〉 〈π2〉ϕ);
• τnx (〈π1 ∪ π2〉 ϕ) := τnx (〈π1〉ϕ) ∨ τnx (〈π2〉ϕ);
• τnx (〈π∗〉ϕ) = [LFP Xn y.τn+1y (ϕ ∨ 〈π〉Xn)](x)
τny is defined analogously, switching the roles of x and y. Finally, define the standard
translation of a PDLpath-formula ϕ, τ(ϕ), to be τ 0x(ϕ). a
It is easy to see that the above translation maps a PDLpath-formula into a formula of
µGF (see section 2.4.1 for the definition of µGF ). Indeed, all the quantifiers in the
above translation are guarded and we never use Xn’s in guards, which are the only
restrictions placed on FO(LFP) formulas belonging to µGF .
Theorem 5.44 Let ϕ be a PDLpath-formula, M = (W, {Rπ}π∈ΛI, V ) a path model,
and MFO(LFP) be its counterpart FO(LFP)-model. Then, for every w ∈ W , M, w
ϕ iff MFO(LFP), α τ(ϕ), where α(x) = w.
Proof Straightforward. q.e.d.
Theorems 5.44 and 2.59 (together with the result of [Gra99] on the eliminability of
individual parameters) give us the following theorem.
Theorem 5.45 PDLpath and all its extensions defined semantically via µGF formulas
are decidable.
5. logics with existential modality 103
5.2.4 Axiomatisation of PDLpath
In this section, we present the axiomatisation of PDLpath and prove its completeness.
Axioms and rules
Axiom schemata of PDLpath can be logically divided into four parts.
The first part describes the behaviour of propositional connectives and conven-
tional modal operators 〈π〉 and [ π ] :
(A0) all classical tautologies;
(K) [ π ] (ϕ→ ψ) → ([ π ] ϕ→ [ π ] ψ);
(A1) 〈π〉ϕ↔ ¬[ π ] ¬ϕ.
The second part describes the properties of the label constructs:
(A2) 〈π1 ◦ π2〉 ϕ↔ 〈π1〉 〈π2〉ϕ;
(A3) 〈π1 ∪ π2〉 ϕ↔ 〈π1〉ϕ ∨ 〈π2〉ϕ;
(A4) 〈π∗〉ϕ↔ ϕ ∨ 〈π〉 〈π∗〉ϕ;
(A5) [π∗](ϕ→ [ π ] ϕ) → (ϕ→ [π∗]ϕ);
(A6) ϕ→ [ π ] 〈π〉ϕ;
(A7) ϕ→ [ π ] 〈π〉ϕ;
(A8) ϕ↔ 〈id〉ϕ;
(ER) 〈i〉ϕ→ 〈#〉ϕ.
The third part describes properties of @r operator:
(A9) @r(ϕ→ ψ) → (@rϕ→ @rψ);
(A10) @rϕ↔ ¬@r¬ϕ;
5. logics with existential modality 104
(A11) r ∧ ϕ→ @rϕ;
(A12) @rr;
(A13) 〈π〉@rϕ→ @rϕ.
Finally, the following axiom pertains to connectedness:
(A14) 〈(# ∪ #)∗〉 r.
The inference rules are:
(MP) From ϕ→ ψ and ϕ infer ψ;
(N) From ϕ infer [π]ϕ;
(NN) From ϕ infer @rϕ;
(EL) From 〈i〉ϕ→ ψ infer 〈#〉ϕ→ ψ, provided i does not occur in ψ.
In addition to the above axiom schemata and rules of inference, in the course of
the following completeness proof, we will appeal to two additional rules of inference,
pertaining to the converse operator, whose derivability we establish in the following
lemma.
Lemma 5.46 The following rules of inference are derivable in PDLpath:
• from ϕ→ [ π ]¬ψ infer ψ → [π]¬ϕ;
• from ϕ→ [π]¬ψ infer ψ → [ π ]¬ϕ.
Proof The first rule can be derived as follows.
1. ϕ→ [ π ]¬ψ – premise
2. ψ – assumption
3. [ π ] (ϕ→ [ π ]¬ψ) – by (N) from 1
4. ψ → [ π ] 〈π〉ψ – (A6)
5. logics with existential modality 105
5. [ π ] 〈π〉ψ – by (MP) from 2, 4
6. [ π ] (〈π〉ψ ∧ (ϕ→ [ π ]¬ψ)) – from 3 , 5 by (K)
7. [ π ] (¬ϕ ∨ (〈π〉ψ ∧ [ π ]¬ψ)) – by PL from 6
8. [ π ]¬ϕ – by PL and (A1) from 7
9. ψ → [ π ]¬ϕ – from 2, 8.
The second rule can be derived analogously, relying on axiom (A7). q.e.d.
Completeness proof
Now, we turn to proving completeness of the above axiomatisation of PDLpath (its
soundness is straightforward). As the language of PDLpath contains 〈#〉 and 〈π∗〉 ,
both of which, as we have already seen, give rise to non-compact logics, we have
no hope of proving strong completeness. As in the completeness proofs for K# and
DK#, we are going to use completeness-via-finite-models technique to prove weak
completeness of PDLpath.
Definition 5.47 (PDLpath-closure) Let Σ be a set of PDLpath-formulas over ΛI .
The closure of Σ, CL(Σ), is the smallest set such that
• if ϕ ∈ Σ then Sub(ϕ) ⊆ CL(Σ);
• if 〈π〉ϕ ∈ Σ then [ π ] 〈π〉ϕ ∈ CL(Σ);
• if 〈π1 ◦ π2〉 ϕ ∈ CL(Σ) then 〈π1〉 〈π2〉ϕ ∈ CL(Σ);
• if 〈π1 ∪ π2〉 ϕ ∈ CL(Σ) then 〈π1〉ϕ ∨ 〈π2〉ϕ ∈ CL(Σ);
• if 〈π∗〉ϕ ∈ CL(Σ) then 〈π〉 〈π∗〉ϕ ∈ CL(Σ);
• if ψ ∈ CL(Σ) and ψ 6= @rχ and ψ 6= ¬@rχ, then @rψ ∈ CL(Σ);
• @rr ∈ CL(Σ);
• 〈(# ∪ #)∗〉 r ∈ CL(Σ);
5. logics with existential modality 106
• if ϕ ∈ CL(Σ), then ∼ ϕ ∈ CL(Σ). a
Lemma 5.48 Let Σ be a set of PDLpath-formulas. If Σ is finite, then CL(Σ) is finite,
too.
Proof Straightforward. q.e.d.
PDLpath-atoms are defined exactly as K#-atoms (see definition 5.10). Naturally,
PDLpath-atoms have more properties than K#-atoms.
Lemma 5.49 Let Σ be a set of PDLpath formulas and A be an atom over Σ. In
addition to the properties listed in lemmas 5.12 and 5.13, A has the following ones:
• for all 〈π〉ϕ ∈ CL(Σ), if ϕ ∈ A then [ π ] 〈π〉ϕ ∈ A;
• for all 〈π1 ◦ π2〉 ϕ ∈ CL(Σ), 〈π1 ◦ π2〉 ϕ ∈ A iff 〈π1〉 〈π2〉ϕ ∈ A;
• for all 〈π1 ∪ π2〉 ϕ ∈ CL(Σ), 〈π1 ∪ π2〉 ϕ ∈ A iff 〈π1〉ϕ ∨ 〈π2〉ϕ ∈ A;
• for all 〈π∗〉ϕ ∈ CL(Σ), 〈π∗〉ϕ ∈ A iff 〈π〉 〈π∗〉ϕ ∈ A;
• for all 〈id〉ϕ ∈ CL(Σ), 〈id〉ϕ ∈ A iff ϕ ∈ A.
Proof Straightforward. q.e.d.
An analogue of lemma 5.14 can be proved.
Lemma 5.50 If ϕ ∈ CL(Σ) is PDLpath-consistent, then there exist an atom A over
Σ such that ϕ ∈ A.
Proof The same as the proof of lemma 5.14. q.e.d.
Now we define the finite canonical PDLpath-model over Σ.
Definition 5.51 (Finite canonical models for PDLpath) Let Σ be a finite set of
PDLpath-formulas over the set of labels ΛI and let a be such a label that a ∈ I but
a /∈ CL(Σ). First, define a family of binary relations {Sπ} on the set At(Σ) of atoms
over Σ, as follows:
5. logics with existential modality 107
• For all atoms A,A′ ∈ At(Σ), ASπA′ iff π ∈ CL(Σ) or π = a and A∧〈π〉 A′ 0 ⊥.
Now, the finite canonical model MΣ over ΛI is a tuple (WΣ, {RΣπ}π∈ΛI
, V Σ) such that
1. W = At(Σ);
2. V (r) = {A ∈ At(Σ) : r ∈ A };
3. • for every atomic c such that c ∈ CL(Σ) or c = a, RΣa = Sa;
• RΣ# = S#;
• RΣid = { (A,A) : A ∈ At(Σ) };
• RΣρ = RΣ
ρ ;
• RΣπ1◦π2
= RΣπ1
◦ RΣπ2
;
• RΣπ1∪π2
= RΣπ1
∪ RΣπ2
;
• RΣπ∗ = (RΣ)∗π. a
At this point, we are able to prove that finite canonical models for PDLpath satisfy
conditions (3a)–(3f) required by definition 5.36 of path models (indeed, conditions
(3b)–(3f) are satisfied in virtue of definition 5.51, and condition (3a) can be shown to
be satisfied in the same way as in the proof of lemma 5.18); that is, the accessibility
relations of these models are well-structured. We can not, however, show that finite
canonical models for PDLpath satisfy condition (2), that is that they have only one
atom containing nominal r, that is only one root. Accordingly, our strategy in proving
completeness of PDLpath will be, first, to prove existence lemma and truth lemma for
finite canonical models and then show how to transform them into models with exactly
one root. In what follows, we will refer to the models satisfying conditions (3a)–(3f)
of definition 5.36 as regular ; thus, what we said above in this paragraph gives us the
following.
Lemma 5.52 Every finite canonical model for PDLpath is regular.
To prove the existence lemma for finite canonical models, we first need to show
that, for every π ∈ ΛI , Sπ ⊆ RΣπ . In the course of the proof, we will rely on the
following lemma, whose proof can be found in [BdRV01] (Lemma 4.87, pp. 244-245).
5. logics with existential modality 108
Lemma 5.53 Let π ∈ ΛI . Then, Sπ∗ ⊆ (Sπ)∗.
Now, we prove that Sπ ⊆ RΣπ .
Lemma 5.54 For every π ∈ ΛI, Sπ ⊆ RΣπ .
Proof By induction on the complexity of π.
(0) The cases π ∈ I and π = # are obvious, since for π ∈ I ∪ {#}, RΣπ = Sπ.
(1) Let π be id. Suppose that ASidB, that is A ∧ 〈id〉 B 0 ⊥. In virtue of (A8),
A∧ B 0 ⊥. Since both A and B are atoms, this is only possible if A = B. Therefore,
ARΣidB.
(2) Let π be ρ. Suppose that ASρB, that is A∧〈ρ〉B 0 ⊥. This implies B∧〈ρ〉 A 0
⊥. Indeed, if we suppose otherwise, then ` B → ¬〈ρ〉 A and hence ` B → [ ρ ]¬A.
Then, by lemma 5.46, ` A→ [ρ]¬B, which means that, contrary to the assumption,
A ∧ 〈ρ〉B ` ⊥. Thus, B ∧ 〈ρ〉 A 0 ⊥ and hence BSρA. By inductive hypothesis,
BRΣρA and therefore ARΣ
ρB, as required.
(3) Let π be π1 ◦ π2. Suppose that ASπ1◦π2B, that is A ∧ 〈π1 ◦ π2〉 B 0 ⊥. Then,
in virtue of axiom (A2), A ∧ 〈π1〉 〈π2〉 B 0 ⊥. Then, we can construct an atom C
such that both A ∧ 〈π1〉 C 0 ⊥ and C ∧ 〈π2〉 B 0 ⊥. Here is how. Enumerate all the
formulas in CL(Σ) as ψ1, . . . , ψn. First, note that since A ∧ 〈π1〉 〈π2〉 B 0 ⊥, we also
have A∧ 〈π1〉 (>∧〈π2〉 B) 0 ⊥. Secondly, if φ∧ 〈π1〉χ 0 ⊥, then φ∧ 〈π1〉 (χ∧ψ) 0 ⊥
or φ ∧ 〈π1〉 (χ∧ ∼ ψ) 0 ⊥ (for, otherwise, φ ∧ (〈π1〉 (χ ∧ ψ) ∨ 〈π1〉 (χ∧ ∼ ψ) ` ⊥ and
hence φ ∧ 〈π1〉 ((χ ∧ ψ) ∨ (χ∧ ∼ ψ) ` ⊥ and then φ ∧ 〈π1〉χ ` ⊥). In particular, for
every ψi ∈ CL(Σ), if A∧〈π1〉 (χ∧〈π2〉 B) 0 ⊥ then either A∧〈π1〉 (χ∧ψi∧〈π2〉 B) 0 ⊥
or A ∧ 〈π1〉 (χ∧ ∼ ψi ∧ 〈π2〉 B) 0 ⊥. Construct a sequence of formulas χ0, χ1, . . . , χn
as follows. χ0 = >. χj+1 is χj ∧ ψj+1 if A ∧ 〈π1〉 (χn ∧ ψn+1 ∧ 〈π2〉 B) 0 ⊥ and
χj+1 = χj∧ ∼ ψj+1 otherwise. It follows from the above argument that this sequence
is well-defined. Now let C be an atom containing all the conjuncts of χn. We already
know that A ∧ 〈π1〉 (C ∧ 〈π2〉 B 0 ⊥). But then A ∧ 〈π1〉 C 0 ⊥ and C ∧ 〈π2〉 B 0 ⊥,
which means that ASπ1C and CSπ2
B. Then, by inductive hypothesis, ARΣπ1C and
CRΣπ2B; hence, ARΣ
π1◦π2B, and we are done.
(4) Let π be π1 ∪ π2. Suppose that ASπ1∪π2B, that is A∧ 〈π1 ∪ π2〉 B 0 ⊥. Then,
in virtue of axiom (A3), A ∧ (〈π1〉 B ∨ 〈π2〉 B) 0 ⊥. Therefore, either A ∧ 〈π1〉 B 0 ⊥
5. logics with existential modality 109
or A ∧ 〈π2〉 B 0 ⊥. Consequently, either ASπ1B or ASπ2
B. Then, by inductive
hypothesis, either ARΣπ1B or ARΣ
π2B, and so ARΣ
π1∪π2B.
(5) Let π be ρ∗. By inductive hypothesis, Sρ ⊆ RΣρ . It is easy to check that then
(Sρ)∗ ⊆ (RΣ
ρ )∗. Then, by lemma 5.53, Sρ∗ ⊆ (RΣρ )∗. q.e.d.
Now we are able to prove the existence lemma.
Lemma 5.55 (Existence lemma) Let Σ be a set of PDLpath-formulas over ΛI , A
be an atom over Σ, and π ∈ ΛI. Then, for all 〈π〉ψ ∈ CL(Σ), 〈π〉ψ ∈ A iff there is
an atom A′ such that ARΣπA
′ and ψ ∈ A′.
Proof First, the left-to-right direction. Suppose that 〈π〉ψ ∈ A. Using the “forcing
choices” technique used in the proof of lemma 5.16, we can build an atom A′ such
that A ∧ 〈π〉 A′ 0 ⊥. Then, by lemma 5.54, ARΣπA
′.
The right-to-left direction is proved by induction on the complexity of π.
(0) π ∈ I. Suppose that there is an atom A′ such that ϕ ∈ A′ and ARπA′. Then,
by definition 5.51, ASπA′, which means that A ∧ 〈π〉 A′ 0 ⊥. Then, as ϕ ∈ A′ and,
thus, ϕ is one of the conjuncts of A′, A∧ 〈π〉ϕ 0 ⊥, too. Then, as 〈π〉ϕ ∈ CL(Σ) and
A is an atom, 〈π〉ϕ ∈ A.
(1) π = #. Analogously to (0).
(2) π = ρ. Suppose that ARΣρA
′ and ψ ∈ A′. Then, A′RΣρA. By lemma 5.49,
[ ρ ] 〈ρ〉ψ ∈ A′. But then 〈ρ〉ψ ∈ A; indeed, if we suppose otherwise then ¬〈ρ〉ψ ∈ A
and so, by inductive hypothesis, 〈ρ〉 ¬〈ρ〉ψ ∈ A′, which is impossible since then A′
would be inconsistent.
(3) π = π1 ∪ π2. Suppose that ARΣπ1∪π2
A′ and ψ ∈ A′. Then, either ARΣπ1A′ or
ARΣπ2A′. By definition 5.47, 〈π1〉ψ, 〈π2〉ψ ∈ CL(Σ); therefore, by inductive hypothe-
sis, either 〈π1〉ψ ∈ A or 〈π2〉ψ ∈ A. Then, by lemma 5.49, 〈π1 ∪ π2〉 ψ ∈ A.
(4) π = π1 ◦ π2. Suppose that ARΣπ1◦π2
A′ and ψ ∈ A′. Then, for some atom B,
ARΣπ1B and BRΣ
π2A′. By definition 5.47, 〈π2〉ψ ∈ CL(Σ) and 〈π1〉 〈π2〉ψ ∈ CL(Σ);
hence, by inductive hypothesis, 〈π2〉ψ ∈ B and then 〈π1〉 〈π2〉ψ ∈ A. Then, by
lemma 5.49, 〈π1 ◦ π2〉 ψ ∈ A.
(5) π = ρ∗. Suppose that ARΣρ∗A
′ and ψ ∈ A′. Then, there is a finite sequence of
atoms B1, . . . , Bn such that A = B1, Bn = A′ and BiRΣρBi+1 for 1 ≤ i ≤ n− 1. We
5. logics with existential modality 110
will show by sub-induction on n that 〈ρ∗〉ψ ∈ Bi for every 1 ≤ i ≤ n, which will give
us 〈ρ∗〉ψ ∈ A.
Base case. n = 1. This means that A = A′, hence ψ ∈ A. It follows from (A4) by
PL that ψ → 〈ρ∗〉ψ is a theorem of PDLpath; therefore, 〈ρ∗〉ψ ∈ A.
Inductive step. Suppose what is to be proved holds for n ≤ k. We have to show
that then it also holds for k + 1. Suppose that
A = B1RΣρB2, . . . , BkR
ΣρBk+1 = A′.
By inductive hypothesis, 〈ρ∗〉ψ ∈ B2, and hence, by the inductive hypothesis of the
outer induction, 〈ρ〉 〈ρ∗〉ψ ∈ A. It follows from (A4) by PL that 〈ρ〉 〈ρ∗〉ψ → 〈ρ∗〉ψ
is a theorem of PDLpath; therefore, 〈ρ∗〉ψ ∈ A. q.e.d.
Lemma 5.56 (Truth lemma) Let Σ be a set of PDLpath-formulas, MΣ be the finite
canonical model over Σ, and ψ ∈ CL(Σ). Then, for every A ∈ At(Σ), MΣ, A ψ iff
ψ ∈ A.
Proof Straightforward induction on the complexity of ψ. The base case immediately
follows from definition 5.51. The other cases follow from lemmas 5.49 and 5.55.q.e.d.
What remains to be done is ensure that we can reshape MΣ into a model with
exactly one root in a truth-preserving way. To that end, we will show that, given an
atom A ∈ MΣ, if we take a submodel MΣA of MΣ generated by A, then MΣ
A contains
at most one root. It is easy to see that this will be enough to prove weak completeness
of PDLpath. Indeed, if we choose A to be the atom containing the consistent formula
ϕ which model we have to build in the course of the completeness proof, then the
above procedure will give us the path model satisfying ϕ, since axiom (A14) ensures
that MΣA contains at least one root.
First, let’s note the following simple fact.
Lemma 5.57 Let M be a regular model and w ∈ M. Then, the submodel of M
generated by w is also regular.
Proof Straightforward. q.e.d.
5. logics with existential modality 111
Next, we prove that all the atoms of the submodel of MΣ generated by A agree on
formulas beginning with @r.
Lemma 5.58 Let A be an atom, MΣA be a submodel of MΣ generated by A, and B
and B′ be atoms such that B,B ′ ∈ MΣA. Then, for every @rψ ∈ CL(Σ), @rψ ∈ B iff
@rψ ∈ B′.
Proof Assume, for the sake of a contradiction, that @rψ ∈ B and @rψ /∈ B′ (the
other case is symmetrical) and, hence, by lemma 5.49, ¬@rψ ∈ B′.
Let’s notice that, for any two atoms X,X ′ ∈ MΣA, if XRΣ
i∈IX′ and @rψ ∈ X ′, then
@rψ ∈ X. Indeed, otherwise, by lemma 5.49, ¬@rψ ∈ X, which is impossible since,
on the one hand, in virtue of (A13), ¬@rψ∧〈i〉@rψ ` ⊥ and hence X∧〈i〉 X ′ ` ⊥, and
on the other, by definition 5.51, XRΣi X
′ holds only if X ∧ 〈i〉 X ′ 0 ⊥. Analogously,
for any two atoms X,X ′ ∈ MΣA, if XRΣ
i X′ and ¬@rψ ∈ X ′, then ¬@rψ ∈ X. For
otherwise, by lemma 5.49, @rψ ∈ X, which is impossible since, on the one hand, in
virtue of (A10) and (A13), @rψ ∧ 〈i〉 ¬@rψ ` ⊥ and hence X ∧ 〈i〉 X ′ ` ⊥, and on
the other, by definition 5.51, XRΣaX
′ holds only if X ∧ 〈i〉 X ′ 0 ⊥.
From the foregoing, it also follows that, for any X,X ′ ∈ MΣA such that X ′RΣ
i X,
if @rψ ∈ X ′ then @rψ ∈ X and ¬@rψ ∈ X ′ then ¬@rψ ∈ X.
Now, as MΣ, and hence, by lemma 5.57, MΣA, is regular, B ∈ MΣ
A implies that
there is a chain of atomic transitions RΣi connecting A and B (so that, to reach B
from A, we can move forward as well as backward along RΣi ’s in the chain). It follows,
then, that from @rψ ∈ B we can infer @rψ ∈ A (using the argument of the preceding
paragraphs, we “pull back” @rψ along the chain connecting A and B). Analogously,
from ¬@rψ ∈ B′ we can infer ¬@rψ ∈ A. This is impossible, though, since A is an
atom. q.e.d.
Next, we can show that MΣA has at most one root.
Lemma 5.59 Let A be an atom, MΣA be a submodel of MΣ generated by A, and B
and B′ be atoms such that (1) B,B ′ ∈ MΣA and (2) B 6= B′. Then, at most one of B
and B′ contains r.
5. logics with existential modality 112
Proof Assume, for the sake of a contradiction, that r ∈ B and r ∈ B ′. Since B 6= B′,
there is ψ ∈ CL(Σ) such that ψ ∈ B and ∼ ψ ∈ B ′. There are two cases to consider:
(1) @rψ ∈ CL(Σ) and (2) @rψ /∈ CL(Σ) and, hence, either ψ = @rχ or ψ = ¬@rχ.
(1) Suppose that @rψ ∈ CL(Σ), and hence, by definition 5.47, ¬@rψ ∈ CL(Σ).
Then, as ψ ∈ B and r ∈ B, we also have that @rψ ∈ B (due to (A11), otherwise B
would be inconsistent). Analogously, as ∼ ψ ∈ B and r ∈ B, we also have ¬@rψ ∈ B′.
However, since @rψ ∈ B, in virtue of lemma 5.58, we also have @rψ ∈ B′. This is
impossible, though, since B ′ is an atom.
(2) Suppose that @rψ /∈ CL(Σ) and, hence, either (2a) ψ = @rχ or (2b) ψ = ¬@rχ.
The case (2a) is analogous to the case (1), and the case (2b) is symmetrical.q.e.d.
Finally, we show that MΣA is a path model.
Lemma 5.60 Let A be an atom and MΣA be a submodel of MΣ generated by A.
Then, MΣA is a path model.
Proof By lemma 5.57, MΣA is regular and, by lemma 5.59, it has no more than one
root. So, all that remains to be shown is that MΣA has at least one root. Suppose, for
the sake of a contradiction, that it does not. Then, MΣA, A ¬〈(# ∪ #)∗〉 r. Since,
by definition 5.47, ¬〈(# ∪ #)∗〉 r ∈ CL(Σ), ¬〈(# ∪ #)∗〉 r ∈ A, which is impossible
since then, in virtue of (A14), A would be inconsistent. q.e.d.
Now, we can prove completeness of PDLpath.
Theorem 5.61 (Completeness of PDLpath) PDLpath is complete with respect to
the class of all path frames.
Proof Let ϕ be a PDLpath-consistent formula. We will show that then ϕ has a path
model, which immediately implies completeness. Build a finite canonical model M{ϕ}
over {ϕ}. Since ϕ is consistent, by lemma 5.50, there is an atom Aϕ ∈ M{ϕ} such
that ϕ ∈ Aϕ. By lemma 5.56, M{ϕ}, Aϕ ϕ. Next, take the submodel M{ϕ}Aϕ of
M{ϕ} generated by Aϕ. By lemma 5.60, M{ϕ}Aϕ
is a path model, and since it is a
generated submodel of M{ϕ}, we have M{ϕ}Aϕ, Aϕ ϕ. q.e.d.
5. logics with existential modality 113
5.2.5 PDLpath without connectedness
In this section, we consider what happens if we want to drop from the semantic
definition of PDLpath the requirement that the models it is interpreted on—that is,
path models—should be connected (condition (3g) of definition 5.36). It is easy to
guess that all we have to do to axiomatise PDLpath without connectedness is to drop
from the above axiomatisation of PDLpath axiom (A14). Then, we can still show that
every consistent formula has a model with exactly one root.
The only difference between the completeness proof for PDLpath and the complete-
ness proof for PDLpath without connectedness is that, in the latter case, we can not
prove the analogue of lemma 5.60, as the following example shows.
Example 5.62 Consider formula ϕ = ¬〈(# ∪ #∗〉 r. Since now path models are
allowed to be unconnected, it is consistent, and hence, there is, in the finite canonical
model M{ϕ} over {ϕ}, an atom Aϕ such that ϕ ∈ Aϕ. It is easy to see that the
submodel M{ϕ}Aϕ of M{ϕ} generated by Aϕ, does not contain an atom B such that
r ∈ B. ¶
Nevertheless, as the following lemma shows, given a finite canonical model for PDLpath
without connectedness MΣ and an atom A, we can always reshape MΣA into a path
model.
Lemma 5.63 Let A be an atom and MΣA be a submodel of MΣ generated by A such
that no X ∈ MΣA contains r. Then, there exists M′Σ
A such that (1) M′ΣA is a path
model, and (2) for every X ∈ MΣA and every ψ ∈ CL(Σ), M′Σ
A, X ψ iff MΣA, X ψ.
Proof Let’s take an arbitrary atom B ∈ MΣA and form the set Br = {χ : @rχ ∈ B }
(in virtue of lemma 5.58, it does not matter which B we take).
First, note that Br is consistent. Indeed, suppose that χ1 ∧ . . . ∧ χn ` ⊥, where
{χ1, . . . , χn} = Br. Then, ` ¬(χ1∧. . .∧χn) and hence, by (NN), ` @r¬(χ1∧. . .∧χn).
Therefore, due to (A10), ` ¬@r(χ1 ∧ . . . ∧ χn) and, due to (K) and PL, ` ¬(@rχ1 ∧
. . . ∧ @rχn), which is impossible since then B would be inconsistent. Secondly, note
that, as every X ∈ MΣA contains @rr (due to (A12)), r ∈ Br. Since Br is consistent,
by lemma 5.50, there exists an atom C such that Br ⊆ C.
5. logics with existential modality 114
Next, obtain M′ΣA by adding to MΣ
A the submodel MΣC of MΣ generated by
C. It is easy to see that M′ΣA is a disjoint union of MΣ
A and MΣC . Indeed, if for
some X ∈ MΣA, some X ′ ∈ MΣ
C , and some i ∈ I we would have either XRΣi X
′ or
X ′RΣi X, then C would be in MΣ
A, which contradicts our assumption that no atom
in MΣA contains r. Now, first, in virtue of lemma 5.59, M′Σ
A contains exactly one
atom containing r (namely, C). Moreover, as both MΣA and MΣ
C are, by lemma 5.57,
regular (since they are generated submodels of a regular model MΣ), M′ΣA, being
their disjoint union, is also regular. Therefore, M′ΣA is a path model. Secondly, as
M′ΣA is a disjoint union of M′Σ
A, for every X ∈ MΣA and every ψ ∈ CL(Σ), M′Σ
A, X ψ
iff MΣA, X ψ. q.e.d.
Theorem 5.64 (Completeness of PDLpath without connectedness) PDLpath with-
out axiom (A14) is complete with respect to the class of all (not necessarily connected)
path frames.
Proof Let ϕ be a PDLpath without connectedness consistent formula. We show that
then ϕ has a path model. Build a finite canonical model M{ϕ} over {ϕ}. Since ϕ
is consistent, by lemma 5.50, there is an atom Aϕ ∈ M{ϕ} such that ϕ ∈ Aϕ. By
lemma 5.56, M{ϕ}, Aϕ ϕ. Next, take the submodel M{ϕ}Aϕ of M{ϕ} generated
by Aϕ. By lemmas 5.52, 5.57 and 5.59, M{ϕ} is regular and has no more than one
root. Since it is a generated submodel of M{ϕ}, we have M{ϕ}, Aϕ ϕ. If it has
exactly one root, then it is a path model and, therefore, we are done. Otherwise, by
lemma 5.63, there exist a path model M′{ϕ} such that M{ϕ}, Aϕ ϕ. q.e.d.
115
Chapter 6
Conclusion
In the present conclusion, we recapitulate the main results of the thesis and also
discuss their limitations and directions for future work.
In chapter 3, we have proved a general decidability result for intuitionistic modal
logics through embedding them into the two-variable monadic second-order guarded
fragment GF 2mon with an acyclic set of mso-definable closure conditions imposed on
relations occurring in GF 2mon-formulas; the decidability of this latter fragment has
been established in chapter 3 by way of generalising the result of [GMV99] on de-
cidability of GF 2mon with single mso-definable closure conditions, rather than sets of
such conditions (sets of conditions are needed to account for multiple conditions im-
posed on accessibility relations in the Kripke-style semantics of intuitionistic modal
logics), imposed on relations occurring in GF 2mon-formulas. The result covers a consid-
erable range of intuitionistic modal logics known from the literature. In particular,
as the proofs of theorems 3.16 and 3.17 show, logics with the following conditions
imposed on their accessibility relation are covered: R ◦ R♦ ◦ R = R♦ together with
R◦R� ◦R = R� and a standalone condition R♦ ⊆ R. The method we used to estab-
lish decidability overcomes the limitation of the only previously known general decid-
ability method for intuitionistic modal logics, that used in [WZ99a, WZ97, WZ99b],
where decidability is proved through embedding of intuitionistic modal logics with n
modalities into classical modal logics with n + 1 modalities (such classical logics are
called classical counterparts of intuitionistic logics); the limitation of this method is
that decidability of only those logics can be established whose classical counterpart is
6. conclusion 116
known to be decidable. Our method does not share this limitation. It does, however,
have an important limitation of its own: to prove decidability of a given logic, we
need to be able to reformulate the conditions imposed on the accessibility relations
in its Kripke-style semantics as a set of acyclic mso-definable closure conditions. As
we mentioned in chapter 3, we failed to accomplish this for a number of well-known
intuitionistic modal logics, such as the logic IS4 defined in [Sim94] and logics with the
condition R� ◦R ⊆ R◦R�. Accordingly, the accommodation of such logics into the
framework presented in chapter 3 (that is, a successful attempt to reformulate their
semantic conditions as mso-definable closure conditions) or the generalisation of the
framework to account for such logics is the most important direction for future work.
In chapter 4, we proved the analogue of Makinson theorem, along with a number of
minor results, for the lattice of extensions of the logic Seg, which is the logic obtained
from the basic (classical) modal logic K∗ in the language with the finite-iteration
modality ♦∗ (referred to in in chapter 4 as a “Segerberg operator”) by augmenting it
with axioms describing the behaviour of ♦∗ . This result is nothing but a first step in the
investigation of the lattice of extensions of Seg. From the computer scientific point
of view, such investigation would be beneficial in increasing our understanding of the
behaviour of finite-iteration programming construct in the computational settings
where some additional conditions are satisfied by “atomic” programs. So far, the
behaviour of the finite-iteration construct has only been studied in the contexts of
the propositional dynamic logic, PDL, and its deterministic extension, that is in the
contexts where atomic programs are not required to satisfy any properties and where
the only such requirement is that every execution of a given program in a given state
may result in no more than one state. However, we might also be interested in the
study of the behaviour of the finite iteration-construct in all of the following contexts:
• if there exist executions changing state w into states v and v ′, then there also
exist executions changing both v and v′ into state w′ (in λ-calculus, this property
is called convergence);
• from every state some execution is possible;
6. conclusion 117
• every execution is reversible.
All these computational settings can be easily modeled with the help of modal lan-
guages; therefore, a general study of modal logics with ♦∗ is of great potential benefit
to theoretical computer science. This task seems daunting if the logics to be studied
are extensions of PDL; it would then be more practicable, for a start, to study the
extensions of the logic whose only modal operator, apart from the traditional modal-
ity ♦, is ♦∗ , that is extensions of Seg. In fact, even such a study seems formidable
enough; therefore, it would be reasonable to concentrate first on the tabular exten-
sions of Seg. It seems that the reasonable first step from the analogue of Makinson
theorem proved in chapter 4 would be to prove the analogue of the generalisation of
Makinson theorem proved for mono-modal logics by A. Chagrov in [Cha02]: for every
tabular extension Λ of K—except the logic of a frame consisting of a single reflexive
point and the logic of a frame consisting of a single irreflexive point—and an arbitrary
formula ϕ, it is undecidable whether the logic obtained by augmenting K with ϕ is
Λ.
In chapter 5, we proved completeness of three logics whose language contains the
existential modality 〈#〉 (that is the modality saying that something is true in a state
accessible by some atomic modality); namely, the minimal normal logic with 〈#〉 ,
K#; its deterministic extension, DK#; and logic PDLpath introduced in [AdRD01]
for the study of path constraints in the models of semistructured data. The obvious
next step in the study of logics with 〈#〉 is to prove completeness of the deterministic
PDLpath, that is the extension of PDLpath where all the atomic transitions are required
to be deterministic. Another direction for further work in this area is to find out what
properties of atomic transitions apart from determinism would be worth considering
given the intended applications of logics with 〈#〉 in the area of semistructured data
and to design complete logics corresponding to those conditions.
In conclusion, we would like to express the hope that the present thesis constitutes
a contribution, however minor, to the appreciation of relevance and significance of
modal logics for theoretic computer science. It was noted long ago that modal logic
and theoretical computer science are bound to develop together simply because the
6. conclusion 118
structures used to model modal logics, Kripke models, are essentially the structures
used by theoretical computer scientists to model computational phenomena, tran-
sition systems. Therefore, modal languages are natural formal tools to study the
properties of transition systems and, thus, of the computational phenomena those
systems are intended to model. In the present thesis we have seen that modal logics
are applicable not only to computational phenomena that has now been studied for
a long time, but also to those that only recently came to the attention of theoretical
computer scientists, such as λ-calculus with monads and semistructured data.
119
References
[ABS00] S. Abiteboul, P. Buneman, and D. Suciu. Data on the Web. Morgan
Kaufmann, 2000.
[AdRD01] N. Alechina, M. de Rijke, and S. Demri. Path constraints from a modal
logic point of view. In Proceedings of the 8th International Workshop
on Knowledge Representation meets Databases (KRDB 2001), Rome,
Italy, September 15, 2001, volume 45 of CEUR Workshop Proceedings.
Technical University of Aachen (RWTH), 2001.
[AdRD03] Natasha Alechina, Maarten de Rijke, and Stephane Demri. A modal
perspective on path constraints. Journal of Logic and Computation,
13(6):939–956, 2003.
[AMdPR01] N. Alechina, M. Mendler, V. de Paiva, and E. Ritter. Categorical and
Kripke semantics for constructive modal logics. In Laurent Fribourg, ed-
itor, Proceedings of the 15th International Workshop Computer Science
Logic, CSL 2001, volume 2142 of Lecture Notes in Computer Science,
pages 292–307. Springer, 2001.
[AS05] N. Alechina and D. Shkatov. A general method for proving decidability
of intuitionistic modal logics. Journal of Applied Logic, 2005. To appear.
[AvBN95] Hajnal Andreka, Johan van Benthem, and Istvan Nemeti. Back and
forth between modal logic and classical logic. Bulletin of the Interest
Group in Pure and Applied Logics, 3:685–720, 1995.
REFERENCES 120
[AvBN96] H. Andreka, J. van Benthem, and I. Nemeti. Modal Languages and
Bounded Fragments of Predicate Logic. Technical Report ML-96-03,
ILLC, University of Amsterdam, 1996.
[AvBN98] Hajnal Andreka, Johan van Benthem, and Istvan Nemeti. Modal log-
ics and bounded fragments of predicate logic. Journal of Philosophical
Logic, 27(3):217–274, 1998.
[BB02] Dietmar Berwanger and Achim Blumensath. Automata for guarded fixed
point logics. In E. Gradel, W. Thomas, and T. Wilke, editors, Automata,
Logics, and Infinite Games, number 2500 in LNCS, chapter 19, pages
343–355. Springer Verlag, 2002.
[BBdP98] N. Benton, G. Bierman, and V. de Paiva. Computational types from a
logical perspective. Journal of Functional Programming, 8(2):177–193,
1998.
[BdP00] G. M. Bierman and V. de Paiva. On an intuitionistic modal logic. Studia
Logica, 65(3):383–416, 2000.
[BdRV01] Patrick Blackburn, Maarten de Rijke, and Yde Venema. Modal Logic.
Cambridge University Press, 2001.
[Ben83] J. Benthem, van. Modal logic and classical logic. Bibliopolis, Naples,
1983.
[BGG97] E. Borger, E. Gradel, and Y. Gurevich. The Classical Decision Problem.
Springer-Verlag, 1997.
[Bul65a] R. A. Bull. A modal extension of intuitionistic modal logic. Notre Dame
Journal of Formal Logic, VI(2):142–146, 1965.
[Bul65b] R. A. Bull. Some modal calculi based on IC. In Formal Systems and
Recursive Functions, pages 3–7. North Holland, 1965.
REFERENCES 121
[Bul66] R. A. Bull. MIPC as the formalisation of an intuitionistic concept of
modality. Journal of Symbolic Logic, 31(4):609–616, 1966.
[Cha02] Alexander Chagrov. An algorithmic problem of the axiomatization of
tabular normal modal logics. Logical Investigations, 9, 2002. in Russian.
[CZ97] Alexander Chagrov and Michael Zakharyaschev. Modal Logic. Oxford
University Press, 1997.
[Dos85] K. Dosen. Models for stronger normal intuitionistic modal logics. Studia
Logica, 44:39–70, 1985.
[DP96] R. Davies and F. Pfenning. A modal analysis of staged computation.
In Guy Steele, Jr., editor, Proc. of 23rd POPL, pages 258–270. ACM
Press, 1996.
[DP01] R. Davies and F. Pfenning. A modal analysis of staged computation.
Journal of the ACM, 48(3):555–604, 2001.
[FHV95] Ronald Fagin, Jeseph Y. Halpern, and Moshe Vardi. Reasoning about
Knowledge. MIT Press, 1995.
[Fit48] F. B. Fitch. Intuitionistic modal logic with quantifiers. Portugaliae
Mathematicae, 7:113–118, 1948.
[FM97] M. Fairtlough and M. Mendler. Propositional lax logic. Information and
Computation, 137(1):1 – 33, 1997.
[FS86] G. Fisher Servi. On modal logics with intuitionistic base. Studia Logica,
27:533–546, 1986.
[GG00] Elisabeth Goncalves and Erich Gradel. Decidability issues for action
guarded logics. In Proceedings of 2000 International Workshop on De-
scription Logics – DL2000, pages 123–132, 2000.
REFERENCES 122
[GHO00] Erich Gradel, Colin Hirsch, and Martin Otto. Back and Forth Between
Guarded and Modal Logics. In Proceedings of 15th IEEE Symposium on
Logic in Computer Science LICS 2000, pages 217–228, Santa Barbara,
2000. See also: journal version [GHO02].
[GHO02] Erich Gradel, Colin Hirsch, and Martin Otto. Back and Forth Between
Guarded and Modal Logics. ACM Transactions on Computational Log-
ics, 3(3):418 – 463, 2002. See also: conference version [GHO00].
[GKWZ03] Dov Gabbay, Agi Kurucz, Frank Wolter, and Michael Zakharyaschev.
Many-Dimensional Modal Logics: Theory and Applications. Elsever,
2003.
[GL96] J. Goubault-Larrecq. Logical foundations of eval/quote mechanisms,
and the modal logic S4. Manuscript, 1996.
[GMV99] Harald Ganzinger, Christoph Meyer, and Margus Veanes. The two-
variable guarded fragment with transitive relations. In Proc. 14th IEEE
Symposium on Logic in Computer Science, pages 24–34. IEEE Computer
Society Press, 1999.
[Gol76] R. Goldblatt. Metamathematics of modal logic. Reports on mathematical
Logic, 6,7:31 – 42, 21 – 52, 1976.
[Gra99] Erich Gradel. On the restraining power of guards. Journal of Symbolic
Logic, 64:1719–1742, 1999.
[GW99] Erich Gradel and Igor Walukiewicz. Guarded Fixed Point Logic. In
Proceedings of 14th IEEE Symposium on Logic in Computer Science
LICS ‘99, Trento, pages 45–54, 1999.
[HM02] Eva Hoogland and Maarten Marx. Interpolation in guarded fragments.
Studia Logica, 70(3):373–409, 2002.
[Kie03] E. Kieronski. The two-variable guarded fragment with transitive guards
is 2exptime-hard. In Andrew D. Gordon, editor, Foundations of Software
REFERENCES 123
Science and Computational Structures, 6th International Conference,
FOSSACS 2003, volume 2620 of Lecture Notes in Computer Science,
pages 299–312, Warsaw, Poland, 2003. Springer.
[Kob97] S. Kobayashi. Monad as modality. Theoretical Computer Science, 175:29
– 74, 1997.
[LL32] Clarence I. Lewis and Cooper H. Langford. Symbolic Logic. Dover, 1932.
[Mak71] David C. Makinson. Some embedding theorems for modal logic. Notre
Dame Journal of Formal Logic, pages 252–254, 1971.
[Mar01] Maarten Marx. Tolerance logic. Journal of Logic, Language and Infor-
mation, 10:353–373, 2001.
[McCar] Gregory McColm. Guarded quantification in least fixed point logic.
Journal of Logic, Language and Information, to appear.
[Men91] M. Mendler. Constrained proofs: a logic for dealing with behavioural
constrains in formal hardware verification. In G. Jones and M. Sheeran,
editors, Proceedings of Workshop on Designing Correct Circuits, Oxford
1990. Springer-Verlag, 1991.
[Min68] G. Mints. Some calculi of modal logic. Trudy Matematicheskogo Instituta
imeni V.A.Steklova, 98:88–111, 1968.
[Mog91] E. Moggi. Notions of computation and monads. Information and Com-
putation, 93(1):55–92, July 1991.
[Ono77] H. Ono. On some intuitionistic modal logics. Publications of the Research
Institute for Mathematical Science, Kyoto University, 13:55–67, 1977.
[OS88] H. Ono and N.-Y. Suzuki. Relations between intuitionistic modal logics
and intermediate predicate logics. Reports on Mathematical Logic, 22:65–
87, 1988.
REFERENCES 124
[PD01] F. Pfenning and R. Davies. A judgmental reconstruction of modal logic.
Mathematical Structures in Computer Science, 11(4):511–540, 2001.
[Pit90] A.M. Pitts. Evaluation logic. In G. Birtwistle, editor, IVth Higher Order
Workshop, pages 162–189. Springer-Verlag, Banff, 1990.
[Pra65] D. Prawitz. Natural Deduction: A Proof-Theoretic Study. Almqvist and
Wiksell, 1965.
[Pra76] Vaughan R. Pratt. Semantical considerations on Floyd-Hoare logic. In
17th Annual Symposium on Foundations of Computer Science, pages
109–121, Houston, Texas, October, 25-27 1976. IEEE.
[Pri57] Arthur Prior. Time and Modality. Oxford University Press, 1957.
[PS86] G. D. Plotkin and C. P. Stirling. A framework for intuitionistic modal
logic. In J.Y. Halper, editor, Theoretical Aspects of Reasoning about
Knowledge, pages 399–406, 1986.
[Rab69] M. Rabin. Decidability of second-order theories and automata on infinite
trees. Transactions of the American Mathematical Society, 141:1–35,
1969.
[Ros97] Erich Rosen. Modal logic over finite structures. Journal of Logic, Lan-
guage and Information, 6:427–439, 1997.
[Sim94] A. K. Simpson. The Proof Theory and Semantics of Intuitionistic Modal
Logic. PhD thesis, University of Edinburgh, 1994.
[ST01] Wieslaw Szwast and Lidia Tendera. On the decision problem for the
guarded fragment with transitivity. In Proceedings of the 16th Annual
IEEE Symposium on Logic in Computer Science, LICS 2001, pages 147–
156, Boston, Massachusetts, USA, 2001. IEEE Computer Society.
[Sti87] C. P. Stirling. Modal logics for communicating systems. Theoretical
Computer Science, 49:311–347, 1987.
REFERENCES 125
[Wij90] D. Wijesekera. Constructive modal logic I. Annals of Pure and Applied
Logic, 50:271–301, 1990.
[Wol95] Frank Wolter. The finite model property in tense logic. Journal of
Symbolic Logic, 60:757–774, 1995.
[Wol96a] Frank Wolter. Properties of tense logics. Mathemaical Logic Quaterly,
42:481–500, 1996.
[Wol96b] Frank Wolter. Tense logic without tense operators. Mathematical Logic
Quarterly, 42:145–171, 1996.
[Wol97a] Frank Wolter. Completeness and decidability of tense logics closely re-
lated to logics above K4. Journal of Symbolic Logic, 62:131 – 158, 1997.
[Wol97b] Frank Wolter. A note on the interpolation property in tense logic. Jour-
nal of Philosophical Logic, 26:545–551, 1997.
[WZ97] F. Wolter and M. Zakharyaschev. On the relation between intuitionistic
and classical modal logics. Algebra and Logic, 36:121–155, 1997.
[WZ99a] F. Wolter and M. Zakharyaschev. Intuitionistic modal logics. In A. Can-
tini, E. Casari, and P. Minari, editors, Logic and Foundations of Math-
ematics, pages 227–238. Kluwer Academic Publishers, 1999.
[WZ99b] F. Wolter and M. Zakharyaschev. Intuitionistic modal logics as frag-
ments of classical bimodal logics. In E. Orlowska, editor, Logic at Work,
pages 168–186. Springer-Verlag, 1999.
[ZWC01] M. Zakharyaschev, F. Wolter, and A. Chagrov. Advanced modal logic.
In Dov Gabbay, editor, Handbook of philosophical logic, volume 3, pages
83–266. Kluwer Academic Publishers, 2001.
Recommended