-Modal Logic-PhDthesis_Marchignoli

Universita` degli Studi di Pisa

Dipartimento di Informatica

Dottorato di Ricerca in Informatica

Universita di Pisa

Ph.D. Thesis

Natural Deduction Systems for TemporalLogics

Davide Marchignoli

Supervisor

A. Masini

ADDR: Corso Italia 40, 56125 Pisa, Italy.TEL:+39-50-887268.FAX: +39-50-887226.

E-MAIL: [email protected].

Universita` degli Studi di Pisa

Dipartimento di Informatica

Dottorato di Ricerca in Informatica

Universita di Pisa

Ph.D. Thesis

Natural Deduction Systems for TemporalLogics

Davide Marchignoli

Abstract. In this thesis we study natural deduction proof systems for discretetime linear temporal logics.We start defining a proof system for a simple logic for which no inductionrule is needed. The resulting proof system is simple and its rules for modaloperators are close to the quantifiers rules in predicate logic.We prove that standard proof theoretic properties of predicate logic hold alsofor this system. In particular we prove that the system enjoys normalizationproperty and that its intuitionistic fragment enjoys disjunction property andexistential property.Then we extend the previous system to cope with linear temporal logic and weconsider several different modal operator. The new system require an inductionrule and is not normalizing.We recover the normalization property defining a new proof system with aninfinitary rule. We show that this new system is equivalent to the system basedon the inductive rule as long as we consider finite set of formulas.Starting from our first proof system, we devise a term calculus that gives acomputational reading to the temporal operators of intuitionistic temporallogic. We argue about its application in staged evaluation by defining a basiclanguage with constructs for boxed code and delayed evaluation.Finally we briefly show how the proof systems defined in this thesis can befaithfully encoded in logical frameworks.

ADDR: Corso Italia 40, 56125 Pisa, Italy.TEL:+39-50-887268.FAX: +39-50-887226.

E-MAIL: [email protected].

Contents

1 Introduction 1

2 Basic Notions and Notations 72.1 Natural Deduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.1 Computational interpretation. . . . . . . . . . . . . . . . . . . 122.2 Modal and Temporal Logics . . . . . . . . . . . . . . . . . . . . . . . 15

2.2.1 Hilbert systems. . . . . . . . . . . . . . . . . . . . . . . . . . . 172.2.2 Temporal Logics. . . . . . . . . . . . . . . . . . . . . . . . . . 192.2.3 ND Systems for modal logics . . . . . . . . . . . . . . . . . . . 21

3 Small Temporal Logic 253.1 Language and Semantics . . . . . . . . . . . . . . . . . . . . . . . . . 253.2 Axiomatization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273.3 Labelled formulas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283.4 Natural deduction system NKSTL . . . . . . . . . . . . . . . . . . . 29

3.4.1 Relational Entailment . . . . . . . . . . . . . . . . . . . . . . 323.5 Soundness and Completeness . . . . . . . . . . . . . . . . . . . . . . . 363.6 A natural deduction system without equality for STL . . . . . . . . . 38

4 Small temporal logic Normalization 414.1 Reduction Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4.1.1 Relational Reductions . . . . . . . . . . . . . . . . . . . . . . 414.1.2 Logical Reductions . . . . . . . . . . . . . . . . . . . . . . . . 42

4.2 NKSTL Normalization . . . . . . . . . . . . . . . . . . . . . . . . . 454.3 NJSTL Normalization . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5 Temporal Logics 535.1 Language and Semantics . . . . . . . . . . . . . . . . . . . . . . . . . 535.2 Proof Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

5.2.1 Until Temporal Logic . . . . . . . . . . . . . . . . . . . . . . . 565.2.2 Past Tense operators . . . . . . . . . . . . . . . . . . . . . . . 575.2.3 Branching Time logics . . . . . . . . . . . . . . . . . . . . . . 59

5.3 A partial result of normalization . . . . . . . . . . . . . . . . . . . . . 60

ii CONTENTS

5.4 Failure of normalization . . . . . . . . . . . . . . . . . . . . . . . . . 62

6 Omega temporal logic 656.1 The system LTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656.2 Normalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.2.1 Reduction Rules . . . . . . . . . . . . . . . . . . . . . . . . . 726.2.2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 726.2.3 NKLTL Normalization . . . . . . . . . . . . . . . . . . . . . 756.2.4 Consequences of normalization in NKLTL . . . . . . . . . . 786.2.5 NJLTL Normalization . . . . . . . . . . . . . . . . . . . . . 796.2.6 Consequences of normalization in NJLTL . . . . . . . . . . 81

6.3 Elimination of () . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

7 Temporal calculus 877.1 Temporal -calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

7.1.1 Strong Normalization . . . . . . . . . . . . . . . . . . . . . . . 907.1.2 Confluency . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

7.2 Multi stage Interpretation . . . . . . . . . . . . . . . . . . . . . . . . 957.2.1 Interpretation of modal types . . . . . . . . . . . . . . . . . . 967.2.2 Reduction Semantics . . . . . . . . . . . . . . . . . . . . . . . 977.2.3 Correctness criteria . . . . . . . . . . . . . . . . . . . . . . . . 101

7.3 Comparison with multi staged calculi . . . . . . . . . . . . . . . . . . 1047.3.1 Encoding # . . . . . . . . . . . . . . . . . . . . . . . . . . . 1047.3.2 Encoding 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

7.4 Mini-MLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

8 Temporal Logics in Logical Framework 1178.1 Dependently Typed -calculus . . . . . . . . . . . . . . . . . . . . . . 1178.2 Encoding in Dependently Typed -calculus . . . . . . . . . . . . . . . 120

8.2.1 Encoding Formulas . . . . . . . . . . . . . . . . . . . . . . . . 1218.2.2 Encoding Judgments . . . . . . . . . . . . . . . . . . . . . . . 1238.2.3 Encoding Provability . . . . . . . . . . . . . . . . . . . . . . . 125

Bibliography 133

Chapter 1

Introduction

In this thesis we are mainly concerned with temporal logics [GHR94] and systems ofnatural deduction [Pra65]. The kind of temporal logics considered here range froma simple bimodal logic to past tense temporal logic with until. For each one of thesea proof system in natural deduction style is introduced and investigated.

Starting from the seminal paper of Pnueli [Pnu77], in which temporal logic ispresented as a tool for the specification and verification of the behaviour of reactivesystems, temporal logics found its way in many different areas of Computer Science.Nowadays temporal logic is a main ingredient in the study of temporal database,in specification, verification and synthesis of concurrent systems [CES86, Lam94],in linguistics and in many other areas (for a detailed list of applications see also[GHR94]).

The term temporal logic is often used to denote the broad class of logical systemthat are aimed to the representation of temporal information. Several differentapproaches have been developed in this direction, among these we will focus on theapproaches based on modal logics (see [Che90]).

Temporal Logic (or Tense Logic) arise from the seminal studies made by ArthurPrior around 1960 (see for a survey [Pri68]). The basic linguistic constructs oftemporal modal logics are called modal operators (or quantifiers). In the originalworks of Prior, he introduced two modal operators with intended meaning It will atsome time be the case that and It will always be the case that (usually denotedwith 2 and 3).

The work of Prior opened a wide spectrum of possibilities for the modeling oftime in logical systems.

From the semantic point of view, flow of time is described as a relation amongevents; when described in mathematical structures the events take the name ofworlds and the relation take the name of accessibility relation. According to thecontext in which temporal logic is applied, several different choices are available forthe formalization of the accessibility relation.

In application of temporal logic to computer science, the accessibility relationis usually discrete (given each event there exists a set of successors for that event)

2 CHAPTER 1. INTRODUCTION

since it describe the evolution of systems that compute in steps. Another possibilityis that of having a dense relation (for each pair of ordered events exists always athird event that follows the former and precede the latter).

Again, in computer science, it is usually the case that we are interested in thedescription of a system starting from a given event, say the boot time of the system.Conversely we could also consider a relation in which for each event there existsanother event that precedes it in time.

In the former case we consider a time structure that extends infinitely in thefuture (it is usually unnecessary to consider an end point in time), in the latter weobtain a time structure that extends infinitely both in the past and in the future.

Another common property of discrete accessibility relations is linearity ; in lineartemporal logic it is assumed that each event has exactly one successor in time. Con-versely in branching time temporal logic each event may have one or more successorin time.

Also from the syntactic point of view there is a number of different systems thatare generally referred to with the generic name of temporal logic. Beyond the basicmodal operators denoting possibility and necessity in the future several other modaloperators have been introduced and investigated.

Notably, in discrete time temporal logic a modal operator have been introducedwith the meaning in the next time it will be the case that. Moreover modaloperators for the quantification over the past and for bounded quantification havebeen studied.

Most of these studies follow the same methodology that has been developed forthe study of modal logics. In particular most of the works present axiomatic systemsand no great investigation has been made toward other approaches.

A particularly successful logic formalism in computer science is natural deduc-tion. Natural deduction systems have been introduced in 1935 by Gerhard Gentzen[Gen69] and, starting with the study of Dag Prawitz in [Pra65], have become objectof deep investigation in logic and in computer science.

The first motivation leading to the definition of natural deduction systems isthat of mirroring the human reasoning in the process of developing proofs.

Instead of being defined by a set of truth assumed axiomatically, a natural deduc-tion system is defined by a set of inference rules. Each logical constant is completelydescribed in the system by a set of introduction and elimination rules. A formulawith a given logical constant may only be introduced starting from a set of assump-tions described by the introduction rules for that logical constant. Symmetricallythe only formulas that can be deduced assuming a formula with a given logicalconstant are specified by elimination rules for that logical constant.

The reasons for the success of natural deduction systems in computer science aremanyfold.

First, respect to Hilbert style proofs, natural deduction proofs are more easilymanaged by humans. This is particularly relevant in the context of logical frame-works ([Pfe96] provides an index for the subject) in which a computer program assist

3the user in the development of formal proofs.Second, natural deduction proofs have a rich syntactic structure that can be

exploited to obtain (syntactically) interesting meta-theoretical results. For instancethe well known normalization property of the natural deduction system for predicatelogic can be used to prove the consistency of predicate logic.

Also, by means of the Curry-Howard isomorphism [How80], a deep connectionhas been drawn among (a class of) natural deduction systems and (a class of) calculi.Moreover the type disciplines of many calculi can be seen as an application of theCurry-Howard isomorphism to a given natural deduction system. Conversely, inmany case, calculi can be seen as (computational) interpretations of logical systemsdefined by a natural deduction system.

In the area of temporal logic (and more in general in modal logic) natural de-duction systems have been mostly neglected. The first attempt to devise a naturaldeduction system for modal logic has been made by Prawitz in [Pra65].

In his work Prawitz introduced three natural deduction systems for modal logicsS4 and S5 (for sake of discussion we will refer here only to the first). S4 is a modallogic with reflexive, transitive accessibility relation and with modal operators 2 fornecessity and 3 possibility.

The peculiar rules of his systems are the introduction rules for 2, these aretranslations of the axiomatic inference rule of necessitation (if formula is a theorem,so is also 2). Unfortunately, the necessitation rule interacts poorly with the notionof assumption in natural deduction systems.

In the first formulation, the 2 introduction rule require: (i) a proof of ; (ii)that each formula assumed in the proof of is of the form 2 for some formula .

This is an almost direct translation of the necessitation rule, unfortunately theresulting system is non normalizing. In order to recover the normalization propertyPrawitz devise a new 2 introduction rule (the third version).

The third formulation the 2 introduction rule is a complicated elaboration ofthe first formulation, condition (ii) is relaxed so to require that a formula of theform 2 is present on each path of the proof leading from the assumptions to theconclusion.

This rule is clearly non-local (requires conditions on the structure of the wholeproof, rather than on the immediate premises of the rule). Non local rules are ingeneral difficult to handle, and proof techniques (rewriting) used to prove propertiesof natural deduction systems usually fail with non-local rules.

More important, the resulting system lies quite far from the intentions of naturaldeduction. The inference rules of the system hardly constitute the meaning ofmodal operators and the process of proving modal formulas remains quite unnatural.

Other works after that of Prawitz addressed the problem of formulating naturaldeduction systems for modal logic (at best of our knowledge there are not worksdealing with natural deduction systems for temporal logic).

In [Mas96] A. Masini propose natural deduction systems for positive fragmentsof several modal logics (K, KT, K4, S4). His systems introduce the notion of level of


formulas so to accomodate a more flexible treatement of assumptions. In the result-ing formalisms the modal rules mimic quite closely the quantifier rules of predicatelogic.

In [PW95] Pfenning and Wong present a proof system for (the intuitionisticfragment of) modal logic S4. The theoretical properties of the resulting calculus areinvestigated and some hint to the applications of the calculus are given (notably forstaged computation and binding time analysis).

In [Sim94], A. Simpson introduce a family of labelled natural deduction systemsfor a broad class of (intuitionistic) modal logics. The main aim of the work ofSimpson is that of studying intuitionistic modal logic, no great attention is paid inhis work to classical modal logic.

In [Vig97] and successively in [BMV97a] D. Basic, S. Matthews and L. Vigano`study the application of Labelled Deductive Systems [Gab97] to modal logics. Theystudy a methodology to obtain natural deduction systems for a broad class of modallogics. Also they show a modular proof of correcteness for the whole class of systemthey introduce.

The systems of Simpson and Basin will be described in some detail in 2.2.3.In this thesis, starting from ideas found in the works quoted above, we aim to the

definition of systems of natural deduction (or better, natural systems) for temporallogics. In particular, we exploit the idea of labelled system to obtain inference rulesfor temporal operators that are close to the standard rules of quantifiers in predicatelogics.

We advocate the validity of the approach by considering a number of differenttemporal logics and establishing basic proof theoretical results for the proposedsystems. In particular, following the methodology of Prawitz, we will study thenormalization property and its several consequences.

We advocate the significance of the approach considering applications of thedeveloped proof systems. Starting from one of the investigated proof systems, wedevise a term calculus with application to the area of staged evaluation. Also weshow how the proposed logical systems can be encoded in logical framework in orderto obtain proof checker for temporal logics.

The thesis, then, is roughly divided in two parts.In Chapter 2 we give a brief and rigorous introduction to the main topics we will

touch in the thesis, namely natural deduction and temporal logics.In Chapter 3 we start considering a simple variant of temporal logic, that we call

here Small Temporal Logic. Respect to other temporal logics, small temporal logichas the peculiarity of not needing an inductive rule, this turns out to give a rathersimple proof system. We give a proof system in natural deduction style and discussthe various choices leading to such system.

In Chapter 4 we study the properties of the proof system for Small TemporalLogic. Two different versions are considered, an intuitionistic version and a classicalversion. Normalization is proved both for the intuitionistic version and the classicalversion, moreover several properties of intuitionistic predicate logic are also proved

5for Small Temporal Logic, remarkably disjunction property and existential property.In Chapter 5 we show how the proof system for Small Temporal Logic can be

extended in order to obtain a proof systems for linear temporal logic, some othervariant of linear temporal logic is also considered. For each of these logics theintroduction of an induction rule in the proof system will be required. We will showthat such addition spoils the normalization property of the proof system.

In order to recover some of the properties of normalizing systems for the proofsystems for temporal logics, in Chapter 6 we define a new class of proof systemsbased on a rule with infinite premises ( rule). We study the properties of theseproof systems and how they relate with the systems based on the inductive rule.A consequence of the properties of the system based on the -rule will be theconsistency of the systems based on the inductive rule.

In Chapter 7 we study an application of intuitionistic Small Temporal Logicto staged evaluation. First we define temporal -calculus (an extension of simplytyped -calculus whose type system is based on Small Temporal Logic) and study itsproperties. Then we define a reduction strategy that is shown to be meaningful withrespect to staged evaluation and estabilish correctness properties for this reductionstrategy. Finally we introduce a simple programming language based on temporal-calculus.

In Chapter 8 we briefly cover the aspect of proving temporal formulas. In partic-ular we show how the proof systems defined in this thesis can be faithfully encodedin logical frameworks. We consider the dependently typed -calculus and showhow, using standard methodologies, we can define isomorphisms among the set oftemporal proofs and given subsets of -terms.

Chapter 2

Basic Notions and Notations

In this chapter we briefly review some basic notions that we will repeatedly use inthe sequel. This in no way makes this work self-contained but should anyway besufficient for the acquainted reader to fix notations. The quoted bibliography willprovide further information for each single discussed topic.

2.1 Natural Deduction

In this section we quickly recall the most important notions for natural deductionsystems. For simplicity we consider natural deduction systems for propositionallogic; as common in this context, we will take formula as a short-end for .For more information on the subject consider [Pra65, Gir87, Tak87, TS96].

Systems of natural deduction have been proposed by Gentzen as natural for-malization of the process carried out by a mathematician when writing rigorousproofs.

A key property of systems of natural deduction is the possibility to work underassumptions, in order to prove one can assume the truth of and prove(under such an assumption) the truth of . When proving the assumption isactive (or open) and can be used in the deduction process. Once the deduction of is concluded, the assumption may be discharged so as to obtain a deduction of that does not depend on the truth of . Once the statement has beenproved and the assumption has been discharged, becomes a closed assumptionand cannot be used again in the deduction process.

Assumptions and formula occurrences When dealing with natural deductionwe must be careful to distinguish among formulas and assumptions occurring in de-ductions. Assumptions used in deductions are formula occurrences, so that differentassumptions in a deduction can have the same shape (i.e. the same formula) butthey are nevertheless distinct objects.

8 CHAPTER 2. BASIC NOTIONS AND NOTATIONS

A rigorous formalization would require labelling each assumption in order todistinguish it from other assumptions of the same shape. For our purpose in thissection we prefer to avoid such labelling and rely on the position in which theassumption occurs within deductions to distinguish among different occurrences offormulas of the same shape.

Deductions. A deduction of a formula under a set of assumption occurrences (or simply a deduction of from ) is a tree-like structure depicted as

whose leaves are the open assumptions of the deduction and whose root is theconclusion of the deduction.

The set of deductions of a natural deduction system is inductively defined bymeans of a set of logical rules. Instead of describing a general format for logicalrules, we prefer to consider a concrete example.

Definition 2.1.1 (ND system for classical propositional logic)

(Ax)

[]

(EC)

[]

(I)

(E)

i1 2

(I)1 2

[1]

[2]

(E)

1 21 2

(I)1 2i (E)

The axiom rule (Ax) is the only rule without premises. It states that for eachformula , the single node labelled is a deduction, namely the trivial deduction.This deduction has as conclusion and the singleton {} as set of open assumptions.

A rule () with 1, . . . , n as premises and as conclusion permits the formationof a deduction with conclusion starting from deductions for 1, . . . , n. For in-stance, if 1, 2 are deductions with conclusions 1, 2 and open assumptions 1,2respectively, by rule (I) we also have that

11

1

22

21 2

(I)

is a deduction with conclusion 1 2 and open assumptions 1 2.

2.1. NATURAL DEDUCTION 9

For most rules, the set of open assumptions is the union of the sets of openassumptions of the premises. Some rule instead permits to discharge a subset of theassumptions from its premises, this is depicted using square brackets on the premiseof the rule. For instance consider a deduction of with open assumptions ,moreover assume that all the assumptions in are of shape . Then, using (I),we can build a new derivation with conclusion and open assumptions .The (possibly empty) set is the set of assumption discharged by rule (I). Suchdischarge operation is usually depicted bracketing the assumptions in

[]1

(I)

1

Numbers labelling rule occurrences and assumptions (as in the previous example)are sometimes used to record the binding among closed assumptions and rules thatdischarged such assumptions.

Given a set of formulas and a formula , a system of natural deduction S issaid to prove that is a consequence of if exists a deduction in S such that concludes with and have open assumptions whose shapes are in .

In this case one says that is a deduction in S of from , or, if is empty,that is a proof of . The natural deduction system S defines indeed a consequencerelation (S) over the set of formulas, S if exists in S a deduction of from with . The subscript S is omitted when the system is clear from the context.

Obviously the consequence relation resulting from the proof system should coin-cide with the semantic entailment relation () of the logic. A proof system is saidsound when implies is a logical consequence of . Conversely it is saidcomplete if whenever is a logical consequence of .

A sequent presentation. It is possible to give another presentation of naturaldeduction systems that makes more explicit the set of open assumptions of a deduc-tion. In this alternative presentation, each deduction concludes with a pair (, ).The first component of such pair is a set of formulas representing (a superset of) theopen assumptions of the deduction, the second component is a formula representingthe conclusion of the deduction. The whole pair is called sequent and is usuallywritten . We will rely on the context to distinguish among the sequent as apair and the assertion that in some fixed system formula is a consequence of .

Finally, commas appearing in sequents are interpreted as unions, so that , is interpreted as {} .

It is easy to convince oneself that starting from the system in 2.1.1 and makingexplicit the set of open assumptions in each rule we can mechanically derive therules in Definition 2.1.2.


Definition 2.1.2 (Sequent style ND system for propositional logic)

, (Ax)

,

(I)

(E)

i 1 2

(I) 1 2 , 1 , 2

(E)

1 2 1 2

(I) 1 2

i(E)

,

(EC)

Some observation about logical rules. In natural deduction systems, eachlogical rule, except the axiom rule, is related to a logical connective and can beclassified either as an introduction rules or as an elimination rules.

A generic rule () with premises 1, . . . n and conclusion is an introductionrule for connective if is obtained by 1, . . . , n using as main connective. Thepremises 1, . . . , n can be seen as minimal conditions necessary to conclude .

Conversely a generic rule () with among its premises and as conclusionis an elimination rule for connective . The conclusion of elimination rules can beseen as the maximal information that can be restored from the premises. Thepremise of the rule containing the eliminated connective is said the main premise ofthe rule.

Since proofs in natural deduction systems have a single conclusion, each elim-ination rule must conclude with exactly a formula. When a connective naturallyeliminates as a set of formulas (this is for instance the case of disjunction) elimina-tion rules take a slightly different form. Instead of allowing to conclude with formulasderived from the main premise, they discharge such formulas from assumptions inother premises of the deduction (see for instance (E)); such rules are called improperrules.

In a natural deduction system each connective has one or more introduction rulesand one or more elimination rules. If the system is well behaved (in a sense that willbe clear later) each elimination rule is dual to the corresponding introduction rule.This duality is manifest in the observation that each introduction/elimination pairdoes not change the content of the deduction. For instance 1 and 2 below can beconsidered essentially equal in that they concludes with the same formula startingfrom the same set of formulas (i.e. they prove , ).

1

2

(I)

(E)

2

Rule pairs for which such a duality holds are said to satisfy the inversion principle.


Normal Deductions. If one is interested in the logical content of deductions, 1and 2 above can be safely considered equivalent. In the same way such equivalencecan be extended to the whole set of deductions of propositional logics by means ofequations of which 1 = 2 is an instance.

For example, in the same spirit we would like to equate deductions

[]

(I)

(E) =

andi

i1 2

(I)

1 [1]

1

2 [2]

2

(E) =

i

i

ii

Leaving out the complex details, all we need to know is that the set of deductionscan be endowed with an equivalence relation that equate any deductions differingonly for the presence of introduction/elimination pairs.

It is then natural to seek a canonical form for the whole set of equivalent deduc-tions. Going back to 1 and 2, considering that they conclude with , the formercontains a useless detour. A good candidate to represent the whole class of deduc-tions equivalent to 1 is the deduction that do not contain detour. Such a deductionis said a normal deduction.

Several interesting properties can be usually established for normal deductions.For instance normal deduction in the system of natural deduction for propositionallogic enjoy the following.

Proposition 2.1.3 (Subformula property) If is a normal proof of , theneach formula occurring in is a subformula of .

In virtue of the previous considerations, it is interesting to know if each deductionin a given natural deduction system is equivalent to some normal deduction. In thiscase we would have, for instance, that each provable formula would admit aproof (the normal proof) constituted only of subformula of . A system in whicheach deduction is equivalent to a normal deduction is said (weakly) normalizing. Anatural deduction system is said strongly normalizing if exists an effective procedurethat, given any deduction, computes an equivalent normal deduction.

Proposition 2.1.4 The system of propositional logic is normalizing.

The normalization procedure for a strongly normalizing natural deduction systemis usually given as a set of rewrite rules over deductions. Proving strong normal-ization then is tantamount to proving that the reduction relation induced by the


rewrite rules admit no infinitely increasing chains (for details about normalizationin classical logic see [Pra65, Sta91]).

In propositional logic we have, for instance, the following reduction rule.

[]

(I)

(E)

Theorem 2.1.5 (Strong normalization for ND system Prop) The system ofnatural deduction for propositional calculus is strongly normalizing, i.e. for eachdeduction it does not exists an infinite reduction sequence = 0 1 .

Once the strong normalization has been proved, the reduction process becomesinteresting by itself as a computational process.

2.1.1 Computational interpretation.

In order to talk about computation we need to introduce a formalism in whichcomputations can be described, the intention being that of relating such formalismto natural deduction. We will now introduce -calculus (see [Bar91]), a formalismparticularly convenient for the description of computations.

Definition 2.1.6 (Untyped -calculus) Given a set of variables V, the abstractsyntax of the terms of the calculus (briefly -terms) is defined by the followinggrammar:

t ::= x | (x.t) | (tt)

where we used x to range over V and t to range over the set of -terms.Given a term t, the set FV(t) of free variables in t is defined inductively by

the following equations:

FV(x) = {x} FV(x.t) = FV(t) \ {x} FV(t1t2) = FV(t1) FV(t2)

Variables occurring in terms that are not free are said bound variables, a termwithout free variables is said closed. Two terms differing only for the choice ofbound variables are said -equivalent. -equivalent terms are considered equal (tobe precise, terms are defined as equivalent classes with respect to -equivalence).

Given terms t, u and a variable x, the substitution of u for x in t is defined byinduction on t as

x{u/x} = u y{u/x} = y(x.t){u/x} = x.t (y.t){u/x} = y.t{u/x}(t1t2){u/x} = t1{u/x}t2{u/x}

where x, y V and x 6= y.


Computations in -calculus are represented as a process of rewriting by substi-tution. Roughly, if we interpret x.t as the function associating term t to variablex and (x.t)u as the application of term u to such a function, it is natural to seet{u/x} as the result of such application. Such a process of rewriting is formalizedby a reduction relation within terms whereas the notion of result is formalized bynormal forms.

Definition 2.1.7 (-reduction) reduction (here denoted by ) is the minimalrelation over the set of -terms containing

(x.t)u t{u/x}

and closed respect the following compatibility conditions:

t ux.t x.u

t1 t1

t1t2 t1t2

t2 t2

t1t2 t1t2

We denote with the reflexive and transitive closure of . A -term t is innormal form if it does not exists a -term u such that t u. A -term t is said tohave normal form if exists u in normal form such that t u.

One of the important properties that a computational system should guaranteeis that the evaluation of a given term does not give rise to different results. Inparticular, since reduction in is non deterministic, (there is no prescribed order onreductions) one needs to prove that no two different normal forms can be obtainedfrom the same term.

The following well-known property is sufficient to show each -term has at mostone normal form.

Proposition 2.1.8 (Church-Rosser Property) Given -terms t, t1 and t2

If t t1 and t t2 exists u such that t1

u and t2 u.

Within calculus we can then define a class of terms to represent natural num-bers and functions. Functions that admit a representation within -calculus are said-definable. Finally, the following theorem gives the expressive power of -calculus.

Theorem 2.1.9 All general recursive functions are -definable.

We come back now at natural deduction systems, but, instead of consideringclassical logic, we take a weaker logic (the reason for this choice will be made clearlater). We consider the fragment of intuitionistic propositional logic without .

The most rewarding (at least from this perspective) semantic definition we cangive of intuitionistic logic is due to Heyting (a discussion on Heyting Semantics, canbe found in [Gir89]). The Heytings idea is that the semantics of a intuitionisticpropositional formula is nothing but the set of its proofs, where a proof of:


an atomic formula is a process that is assumed to be given;

a conjunction is a pair of proofs, one for and one for ;

a disjunction is either a proof of A plus the information that is the provedsentence, or a proof of plus the information that is the proved sentence;

an implication is a function that maps each proof of to a proof of .

It is now easy to notice that the definition of deduction in Definition 2.1.1 ful-fills the Heytings definition of proof. The only mismatch is in the rule for , weeasily obtain a natural deduction proof system for propositional intuitionistic logicsubstituting rule (EC) with the following:

(E)

From the provability point of view it is clear that intuitionistic logic is strictlyweaker than classical logic. Consider for instance the excluded middle principle( ). According to Heytings semantics, a proof of requires either aproof of or a proof of , that is not true in general; hence, in intuitionistic logic,the excluded middle principle is no longer valid.

On the other side, from a computational point of view, the natural deductionsystem for classical logic does not enjoy the Church-Rosser property so that thesame proof can be reduced to different normal forms.

By a change of perspective, we read again the Heytings definition as the specifi-cation of a typed calculus. The semantics of a type is the set of terms inhabitingtype , where a term whose type is:

an atomic type is some datum from a set associated to such a type;

the product is a pair of terms, one of type and one of type ;

the disjoint sum is either a term of type tagged with 0, or a term of type tagged with 1;

the function type is a term that when applied to a term of type results ina term of type .

It is now matter of choosing a concrete syntax and formalizing the clauses aboveas term formation rules to obtain the definition of a typed language. For simplicitywe will consider here only the calculus arising from the implicative fragment of thelogic (for a more general presentation see [Gir89, Hin97, TS96]).

2.2. MODAL AND TEMPORAL LOGICS 15

Definition 2.1.10 (Simply typed -calculus ()) Given a set of basic typesT0, the set of types T of the simply typed -calculus is described by the followingabstract syntax:

T ::= |

where ranges over T0 and , range over T .Let V be a given set of variables.A variable declaration is a pair x: with x V and T . A typing environ-

ment (or typing context) is a set of variable declaration.A -term t has type under typing context if exists a derivation of t:

built with the following rules:

, x: x:

, x: t:

x.t:

t: u:

tu:

A -term t for which exists a context and a type such that t: is said toadmit type in . The set of -terms is defined as the set of -terms that admita type in .

The following property make it possible to inherit -reduction within .

Proposition 2.1.11 (Subject Reduction) For each -terms t and u

t: and t u = u:

Comparing the natural deduction system for intuitionistic propositional logicand the definition of simply typed -calculus it is immediately seen a strong corre-spondence among the two.

Such correspondence can be made mathematically quite precise. It can be shownthat it is an isomorphism (the Curry-Howard isomorphism) between:

intuitionistic logic and simply typed -calculus. . . formulas and . . . types. . . deductions and . . . terms. . . normalization and . . . computation

For a description of Curry-Howard isomorphism see also [Gir89, Bar92].

2.2 Modal and Temporal Logics

Modal and temporal logics appears in many different contexts of computer science(for a list of applications see [GHR94]). The distinctive tract of modal logics is thenotion of possibility and necessity. The true/false approach used in classical logicsis here substituted by notions of possibly true and necessarily true. Such notionsare expressed within the logic by means of modal operators (or quantifiers). For acomprehensive discussion of modal logics see [Che90, HC84].


Definition 2.2.1 (The language of modal logics) Given a set of atomic for-mulas L, the abstract syntax of modal formulas is defined as follows:

Form ::= | | ( ) | ( ) | ( ) | (2) | (3)

where ranges over L and , range over modal formulas. 2 and 3 are said thenecessity and possibility modal operators respectively.

Modal logics are interpreted within rich mathematical structures, known asKripke Structures, where the truth value of formulas depends on the world in whichformulas are evaluated. Necessity and possibility become quantifiers on this set ofworlds, a formula is necessary true at a world w if it is true in each world deemedpossible from w. Conversely a formula is possibly true in a world w if exists a worlddeemed possible from w in which the formula is evaluated true. The notion of pos-sible world (or reachable world) is formalized by mean of a relation of reachabilityin this world structure.

Definition 2.2.2 (Kripke Frames and Structures) A Kripke frame (or modalframe or simply frame) is a pair (W,R) where:

W is a non empty set;

R is a binary relation on W;

when F refers to a modal frame we will also write FW and FR for its first andsecond component respectively.

Given a set of atomic formulas L, a Kripke structure (or modal structure) on Lis a triple (W,R, ) where:

(W,R) is a Kripke frame;

is a function from W to the power-set of L, :W 2L.

If M is a modal structure, we will write MW , MR and M to denote its compo-nents.

One usually refers to the elements ofW as the worlds of the structure, R is calledthe reachability relation (or accessibility relation) and is called truth assignment.

The evaluation of modal formulas is defined with respect to a Kripke structureand a world of the structure. The interpretation of propositional connectives willcoincide with their interpretation in propositional logic, the interpretation of modalquantifiers will depend on the reachability relation of the structure.


Definition 2.2.3 Given a modal formula , a modal frame M = (W,R, ) and aworld w W define the satisfaction relation by induction as follow:

M, w (w), for each LM, w M, w and M, w M, w M, w or M, w M, w M, w 6 or M, w M, w 2 w W if w R w then M, w M, w 3 w W such that w R w and M, w

(2.2.1)

Relation is then extended to structures and frames as follow:

M M, w for each world w MW

F F , for each truth assignment :FW 2L

In case M (F ) one says that M (F) is a model of .Finally, a modal formula is said valid if F for each modal frame F .

Observe that the two modal operators 2 and 3 are dual each other, i.e. moreprecisely M 3 if and only if M 2.

Since the definition of satisfaction is parametric both in a structure and in aworld, one can define two different consequence relations considering truth for wholestructures or truth for each world of the structure.

Definition 2.2.4 (Consequence Relations) Global consequence relation g is arelation among set of modal formulas defined by:

g M (xM, x ) = (xM, x )

Local consequence relation, is a relation among set of formulas defined by

Mx (M, x = M, x )

Other notions of validity result considering restricted class of frames.

2.2.1 Hilbert systems.

Traditionally proof systems for Modal logics are formulated as Hilbert systems; wewill start here considering normal modal logic K.

Definition 2.2.5 (Modal Logic K) Modal Logic K is the logic defined by the fol-lowing axiom schemata:

P0) any instance of propositional tautologies;

Axiom K) 2( ) 2 2


and by modus ponens and necessitation inference rules:

MP) if and then ;

NEC) if then 2.

As usual we will use the notation to indicate that formula is provable inthe system.

A definition of the modal entailment relation is beyond the purposes of thisintroduction, for a complete exposition see [vB83].

The Hilbert system for modal logic K fully characterize modal validity definedin Definition 2.2.3, i.e. if and only if .

The name modal logics gives a broad classification distinguishing among classicallogics and logics of modalities, many different modal logics results by restricting theclass of frames of interest. Many interesting set of frames can be classified accordingto the properties of the accessibility relation. The semantics definition restricted tosuch classes of frames give rise to different modal logics. An interesting topic rise bythe study of reachability relation properties that have a characterize at the syntacticlevel. For instance it is well known that, if we add formula 2 to the set ofaxioms of K, we obtain a logic containing all and only the formulas valid in frameswith reflexive reachability relation.

Definition 2.2.6 Consider a formula P on the first order language with binarysymbols R and =. Then we say that a modal formula defines property P if

{F | F } = {F | F P}

where in the second set, F is seen as a first order structure and is first-order truthrelation.

For a through introduction to Correspondence theory (the study of frame prop-erties definable in modal logic) see [van84].

Modal logics obtained by the addition of axiom to the Hilbert system for K areusually named by their Lemmon Code. The Lemmon code is a string of the formKC1 . . . Cn; letters C1 . . . Cn come from a set of standard letters each one denoting adifferent axiom. The most widely used letters, together with the first order propertythey define, are summarized in Table 2.1. For instance modal logic whose frameshave accessibility relation that is reflexive and transitive has Lemmon code KT4.

Some logic also have an historical name, notably we recall S4 that stands forKT4 and S5 that stands for KT5.


Code Name Axiom Frame property

B Symmetric 23 w,w.w R w implies w R wD Seriality 2 3 w.w.w R w

T Reflexivity 2 w.w R w4 Transitivity 2 22 w,w, w.w R w and w R w

implies w R w

5 Euclidean 3 23 w,w, w.w R w and w R w

implies w R w

Table 2.1: Lemmon codes and frame properties

2.2.2 Temporal Logics.

Temporal logics naturally arise from modal logics when the accessibility relation isused to model the flow of time (as observed in the seminal work [Pnu77]). Temporallogics have applications in several fields in computer science (see for instance [Pnu77,Pnu97, Eme90, Sti92]), in particular they are used in the specification of systemswhose behavior can be described by a sequence of events. Properties of interestin these systems are notions like always happens, happens in the next time andeventually happens.

Like modal logics, temporal logics are interpreted on Kripke frames. Severaltemporal logics have been defined in literature (for a comprehensive accounting see[GHR94]), differing both in the choice of modalities and the choice of propertiessatisfied by frames. Here we are interested in particular in a discrete time lineartemporal logic.

Definition 2.2.7 (The language of temporal logics.)Given a set of atomic formulas L the abstract syntax of discrete time linear temporallogic formulas (or linear temporal logic, for short) is defined as follow:

Form ::= | | | | | # | 2 | 3

where ranges over L and , range over the set of formulas. Formulas #, 2and 3 are usually read next , always and eventually .

Modal operators # and 2 are used to express respectively immediate future(next time relative to current time) and remote future (any time past current time).The two modal operators are described at the semantics level by using two differentaccessibility relations, one for # and its reflexive transitive closure for 2.

Definition 2.2.8 (Semantics.) A Kripke frame (W,R) is a linear temporal frame(or simply a temporal frame) if R is a linear total relation on W, i.e.

for each w W exists a unique w W such that w R w


A linear temporal structure (or simply temporal structure) is a triple (W,R, )such that:

(W,R) is a linear temporal frame;

is a truth assignment.

Given a formula , a temporal structure M = (W,R, ) and a world w W wedefine the satisfaction relation extending equation 2.2.1 with the following clauses:

M, w # w W if wRw then M, w M, w 2 w W if w R wM, w M, w 3 w W such that w R w and M, w

(2.2.2)

where R is the reflexive, transitive closure of R.

The pair of operators 2 and 3 are indeed one dual of the other, i.e. M 2if and only if M 3. By definition of R, the accessibility relation for 2 isreflexive and transitive, so that 2 satisfies axioms T and 4, i.e. for each structureM,M 2 andM 2 22. Summarizing, this fragment of the logicbehaves as S4.

The next time operator #, instead, is auto-dual, i.e. M # if and only ifM #. Moreover by the assumption that R is total we also have that #satisfies axiom D, i.e. for each M, M # #.

Moreover the two pairs of modal quantifiers are related by the fact that theaccessibility relation for # is contained in the accessibility relation for 2. For eachstructure M, we have M 2 #.

It is more common to define linear temporal structures as sequences of subsetof L (see for instance [Sti92]); it is however easy to see the two formulations areequivalent. We chose this formulation in order to keep as the definition of semanticsfor modal and temporal logic as close as possible.

Axiomatization. Here we briefly define linear temporal logic via an Hilbert ax-iomatization.

Definition 2.2.9 Linear temporal logic is defined by the following axiom schemata:


T1) 2( ) 2 2;

T2) #( ) # #;

T3) (# #) (# #);

T4) 2 #2;


T5) 2( #) 2

and the following inference rules:

MP) if and then ;

NEC#) if then #.

NEC2) if then 2;

As usual we will use the notation to indicate that formula is provable inthe system.

Observe that axioms T1 corresponds to axiom K on the 2 fragment of the logic,and axiom T2 corresponds to axiom K on the # fragment of the logic. AxiomT3 is used to impose linearity on the structure. Axiom T5 is also knows as theinduction axiom and is used to capture the fact that the accessibility relation formodal operator 2 is contained in the reflexive, transitive closure of the accessibilityrelation for #. Conversely, axiom T4 imposes the reflexivity and transitivity ofmodal operator 2.

2.2.3 ND Systems for modal logics

Here we briefly sketch two approaches that has been undertaken in the representationof modal logics within natural deduction systems. Both approaches are related toLabelled Deductive Systems (see [Gab97]) and give rise to similar systems for modallogic K.

Simpson approach. The system we are going to describe is due to A. Simpsonand is presented in [Sim94].

The main focus of Simpsons work is on intuitionism within modal logics, andthe natural deduction system he proposes is aimed to study the proof theory ofintuitionistic modal logics. The aim is foundational, quoting from [Sim94]: wewant to provide a natural deduction system for intuitionistic modal logic in which thestandard possible world meanings of modalities can be read off from their inferencerules. Nevertheless, the technique developed for this purpose can also be used todevelop natural deduction systems for classical modal logics.

The basic idea is that if the possible world meaning has to be made explicit inlogical rules, the worlds itself should explicit appear in rules. A logical judgment ofhis system take the form p: and is interpreted as formula holds at world p. Herep is a world variable (simply a symbol used in the proof system) not to be confusedwith points of Kripke structures; world variable are interpreted as generic worlds ofgeneric structures.

We start by considering the semantics definition of modal logic K. Once we fixa world, the semantics of propositional connectives coincide with the semantics of


propositional logic and we can use the rules of Definition 2.1.1 simply relativizingformulas respect world variable; for instance the rules for conjunction become

p:1 p:2p:1 2

(I)p:1 p:2

p:i(E)

From the clause for modal connective 2, we have that the truth of 2 can beestablished at a generic world p, if the truth of can be established at any otherother world q reachable from p. Conversely if 2 is proved true at world p, and qis any world reachable from p then we also have that q is true at world q.

From this informal description it is clear that we need another judgment toexpress the fact that the world denoted by some variable, say q, is accessible fromthe world denoted by some other variable, say q. Using notation p R q to expressaccessibility of q from p, the equations for modal operators in Definition 2.2.3 canbe syntactically rephrased in the form of natural deduction rules as follow:

[p R q]

q:p:2 (2I)

E(q) p R q p:2q: (2E)

The fact that we need to prove q: in any possible world q reachable from p toconclude 2 in order to concluded p:2 is expressed in (2I) by the eigenvariablecondition on q. We write E(q) to denote that q must be a fresh variable not occurringneither in the conclusion (i.e. such that q 6= q) nor in the open assumptions.

Similar considerations lead to the formulation of the rules for the introductionand the elimination of 3.

Definition 2.2.10 (Natural deduction system for intuitionistic K)

p: (Ax)q:p: (E)

p:ip:1 2

(I)p:1 2

[p:1]

p0:

[p:2]

p0:p0: (E)

[p:]

p:

p: (I)

p: p:p: (E)

[p R q]

q:p:2 (2I)

E(q)p R q p:2

q: (2E)

p:1 p:2p:1 2

(I)p:1 2p:i (E)

p R q q:p:3

(3I)p:3

[p R q][q:]

p0:p0: (3E)

E(q)


Other modal logics can be obtained enriching the previous system with rules todeal with relational judgments. Simpson study the class of modal logics that arefirst-order definable by mean of a geometrical theory, moreover he gives a methodto derive rules from a (logical) description of a geometric theory. For sake of exem-plification we only show here some representative rule.

[p R q]

p0:p0: (RD)

E(q)

[p R p]

p0:p0: (RT )

p R q q R r

[p R r]

p0:p0: (R4)

The rules shown above are the natural deduction equivalent of axioms D, Tand 4 respectively. Some observation is in order about the choice for the format ofrelational rules.

Like logical rules also relational rules may introduce fresh variables, this is thecase, for instance, of (RD). Each relational rule is given as an indirect rule with ex-actly one logical judgment as main premise and some number of relational judgmentas minor premises. The conclusion of a relational rule is always a logical judgment.Finally each relational rule discharge one or more relational assumption.

In this way Simpson relegate the relational judgment to the role of side condi-tions for the applicability of the rules; since relational judgments are not part of thelogic one would indeed expect that no rule of the system concludes with a relationaljudgment. Moreover, in this way, there is never the need of defining a logic of rela-tional judgments, since no relational judgment appear as conclusion of a deduction,there is no need to define what results from the application of a logical rule to arelational judgment.

In the following judgments of the form p R q will also be called relational formulasand judgment of the form p: will be called also labelled formulas or logical formulaswhen we want to distinguish them from relational formulas.

BasinVigano` approach. The system described here is due to Basin and andVigano` and has been studied in [BMV98b, BMV98a, BMV97a, BMV97b, Vig97,BMV96b, BMV96a].

Their work exploits Labelled deductive systems so to obtain a modular naturaldeduction system to represent a large class of modal logics. In the setting they define,a natural deduction system for a given logic is obtained by plugging a (specific)proof system for a relational theory (here called relational proof system) withina (parametric) natural deduction system for modal logics (here called logic proofsystem). The interface among the two proof systems is described by means of alabelling algebra. The relational proof system deals with relational judgment of theform t R t where t and t are term of the labelling algebra. The logical proof systemsdeals with judgments of the form t: where the label t is a term of the labellingalgebra and is a logical formulas. Relational judgment appear also as premises ofthe rules of the logical proof system.


Following [BMV97a] we describe a (parametric) natural deduction system com-posed of a base system for modal logic K and a class of systems for Horn theoriesdefining different modal logics.

The base system for logic K is composed of the same rule of the system ofSimpson except for (E). Logics defined by these systems are classical hence therule for -elimination is the following:

[p:]

q:p: (EC)

The other important difference among the two sets of rules is in the nature of thelabels. In Simpsons work labels are simply variables whereas in this system labelsare terms of some algebra that will be specific to the relational theory considered.

The proof system for the relational theory is obtained from a Horn theory bytranslating each Horn formula to a rule of the proof system. The translation is quitestraightforward and we will not describe it in details. What matters for our purposeis that the resulting rules take the form

t1 R t1 tn R t

n

t0 R t0

where t0, . . . , tn and t0, . . . , t

n are terms (with variables) of the labelling algebra.

For instance the rules below correspond to axioms T, 4 and D respectively.

x R x(RT )

x R y y R zx R z

(R4)x R f(x)

(RD)

Rule corresponding to axiom D clearly explain the need of considering termsand not simply variables. To assert that a generic world is reachable from a worldvariable x, we need to conclude with a judgment of the form x R t for some term t.Now if we chose to a variable for t, since relational deductions and logical deductionsare separate objects, we cannot impose any global condition on such a variable. Inparticular we cannot impose that such a variable does not appear in some assumptionof the deduction.

Chapter 3

Small Temporal Logic

In this chapter we will introduce small temporal logic (or, for short, STL), a logicwith two modal connectives obtained by a semantic simplification of linear temporallogic.

Two different reasons lead us to consider STL. First, the intuitionistic fragmentof STL give rise to an interesting calculus related to staged evaluation whose propertywill be exploited in Chapter 7. Second the proof system for this logic will constitutethe basis of the proof system that will be developed for linear temporal logic.

3.1 Language and Semantics

Definition 3.1.1 (Language of Small Temporal Logic (STL))Given a set of propositional variables L, the language of small temporal logic isdefined by:

Form ::= | | | | | # | 3 | 2

where we used to range over L and , to range over formulas.We will also use as a shorthand for and as a shorthand for

( ) ( ).

The language of small temporal logic is the same of linear temporal logic, thedifference is purely semantical and is introduced in order to simplify the proof sys-tem. More precisely, what we want to leave out is the induction axiom. In order todo this we interpret formulas over frames with two distinct relations, one used asaccessibility relation for 2 and one used as accessibility relation for #.

Definition 3.1.2 (Birelational Frames and Structures)A birelational frame M is a triple (W,R,R) where:

(W,R) and (W,R) are Kripke frames;

26 CHAPTER 3. SMALL TEMPORAL LOGIC

R is a linear total relation on W;

R is reflexive and transitive;

the reflexive and transitive closure of R is included in R.

Given a set of propositional variables L, a birelational structure over L is aquadruple (W,R,R, ) such that (W,R,R) is a birelational frame and :W 2L

is a truth assignment.

Definition 3.1.3 Given a small temporal logic formula , a birelational structureM = (W,R,R, ) and an element w of W, define the satisfaction relation ()inductively on as follow:

M, w (w), for each atomic formula M, w M, w and M, w M, w M, w or M, w M, w M, w 6 or M, w M, w # w W if w R w then M, w M, w 2 w W if w R w then M, w M, w 3 w W such that M, w

(3.1.1)

We say that the structure M is a model of (M ) if for each w W holdsM, w .

The usual definition of satisfiable and valid formula follow accordingly.

Truth assignment can also be seen as a function :L 2W , we will indifferentlyuse one or the other representation when this leads to a simpler exposition.

Observation 3.1.4 Temporal frames can be identified with the subset of birelationalframes for which the accessibility relation R is the reflexive and transitive closureof the accessibility relation R.

For each temporal frame F = (W,R) exists a birelational frame F such that foreach temporal formula , F if and only if F .

Indeed, denote with R the reflexive transitive closure of relationR and take F =(W,R,R), by definition of for temporal and birelational frames, we immediatelyhave the statement.

As a corollary we have that formulas that are valid in small temporal logic arealso valid in temporal logic.

To see that small temporal logic validity and temporal logic validity do notcoincide consider formula = 2( #) 2. We have that is validin temporal logic, since it is the instance of the induction axiom schema, but it isnot valid in small temporal logic. To see this consider the birelational structureM = (W,R,R, ) with

W = {0, 1, . . . , , + 1, . . .} R = {(i, i+ 1) | 0 i < + }

3.2. AXIOMATIZATION 27

R = {(i, j) | 0 i j < + } (i) i <

It is easily seen that M is a counter-model for .

3.2 Axiomatization

A complete axiomatization for STL can easily be obtained by combining the axiomsthat define the properties of the two accessibility relations.

Definition 3.2.1 (Small temporal logic axiomatization)Small temporal logic is axiomatized by the following axiom schemata:


T1) 2( ) 2 2;

T2) #( ) # #;

T3) (# #) (# #);

T4) 2 22;

T5) 2 #2;

and the following inference rules:

MP) if and then ;

NEC2) if then 2;

NEC#) if then #.

Observe that the set of axioms is obtained from the axiomatization of lineartemporal logic by dropping the induction axiom. Indeed axioms T4 and T5 arederivable from the axiomatization of linear temporal logic, but the induction axiomis not derivable in the axiomatization of STL.

Proposition 3.2.2 (Soundness) If is provable in the Hilbert system of Defini-tion 3.2.1 then .

Proof. Simply observe that each axiom is valid and that rules MP and Nec pre-serve validity. 2

The completeness of the axiomatization follows from a general result of corre-spondence theory based on [Lem77]. Here we will briefly sketch the argument, formore details see [Sti92, van84].


Proposition 3.2.3 (Completeness) If is a valid small temporal logic formula,there exists a proof of in the Hilbert system of Definition 3.2.1.

Proof. The proof follows a standard Henkin argument (see [HC84] for details).Instead of proving = we prove 6 = 6 , i.e. that for eachconsistent formula exists M and w such that M, w .

Given such a formula , by a standard construction, we can obtain a tupleM = (W,R,R, ) (called the canonical model of STL) such that:

(W,R, ) is a Kripke structure;

(W,R, ) is a Kripke structure;

M, w , for some w W;

M satisfies any instance of axioms T3, T4 and T5.

Finally, by correspondence theory, we have

M T3 implies R is linear and total;

M T4 implies R is reflexive and transitive;

M T5 implies if R R.

i.e. M is a birelational model of . 2

3.3 Labelled formulas

In the following we will use judgments in the style of Simpson and Vigano` systems.Given a set of world variables V, we have two different kinds of judgments: logicaljudgments and relational judgments.

We will call logical judgments (or labelled formulas) pairs composed of a worldvariable and a formula; such judgments will be written as p:. When it will beclear from the context that is a set of formulas, we will denote with p: the setof labelled formulas {p: | }.

We will call relational judgment, or relational formulas, triples composed of twoworld variables and a relational symbol among R,R and =. Relational judgmentswill be written using infix notation for the relational symbol. We will use the termjudgment to denote either relational or logical judgments.

Be careful not to confuse relational symbols with the accessibility relations ofstructures. To avoid confusion we will reserve the calligraphic letters R and R foraccessibility relations and will use the roman letters R,R for relational symbols.

Intuitively labelled formulas express the truth of formulas when interpreted re-spect to a given point of the structure. Relational judgments express relations amongworlds to which world variables refer. To make these notions precise, we now definean evaluation relation for logical and relational judgments.

3.4. NATURAL DEDUCTION SYSTEM NKSTL 29

Definition 3.3.1 Assume given a set of world variables V and a birelational frameM = (W,R,R, ). We define a modal environment as a function :V W.

Given a modal environment , the evaluation relation extends to labelled formulasas follow:

M, p: M, (p)

In the same way, we extend the evaluation relation to relational judgments:

M, p R q (p) R (q)

M, p R q (p) R (q)

M, p = q (p) = (q)

Finally, we extend the definition of consequence relation to judgments as follow,given a set G of judgments and a labelled formula p:, we take:

p: M (M, = M, p:)

We will write [p 7 w] for the modal environment that agrees with on V \ {p}and maps p to w.

Observation 3.3.2 From the definition it is immediately seen that the evaluationfor labelled formulas give rise to the same notion of validity defined for unlabelledformulas.

More formally, given a labelled formula p: and a birelational structure M =(W,R,R, ),

w W M, w M, p:

In the following we will need sequents of judgments. We will write G; p: forthe sequent with set of relational premises G, set of logical premises and conclusionp:.

We will use J to range over relational and logical judgment. We will sometimesneed to replace occurrences of world variables within judgment. If J is a judgmentand p, q are world variables we will denote with J {q/p} the judgment obtained bysubstituting in J each occurrence of p with q.

3.4 Natural deduction system NKSTL

We now give a proof system in natural deduction style for the simple logic above.We choose to follow the Simpsons approach since we want to keep the system assimple as possible and then we prefer to avoid the introduction of an algebra ofterms.

For sake of completeness we list also the propositional rules even if they coincidewith those in Simpson (except for elimination rule) and Vigano` systems.


Propositional Rules.

[p:]

q:p: (EC)

[p:]

p:

p: (I)

p: p:p: (E)

p:ip:1 2

(I)

p:1 2

[p:1]

p0:

[p:2]

p0:p0: (E)

p:1 p:2p:1 2

(I)p:1 2p:i (E)

Modal Rules.

[p R q]

q:p:# (#I)

E(q)p:# p R q

q: (#E)p R q q:

p:3(3I)

p:3

[p R q][q:]

p0:

p0:(3E)

E(q)

[p R q]

q:p:2 (2I)

E(q)p R q p:2

q: (2E)

Recall that we use superscript E(q) on rule names to denote the fact that q hasto be a fresh variable for the rule being applicable. So in rules (#E), (3E) and (2I)the world variable q can occur neither in the conclusion nor in any open assumptionof the premises.

Observe that, assuming linearity of R, connective # becomes autodual, i.e.# # and so # behaves both as a universal quantifier and an existentialquantifier. Hence also the following formulation would do:

q: p R qp:#

(#I)p:#

[p R q][q:]

r:

r:(#E )

E(q)

Relational Rules. The system defined up to now, is essentially modal logic K inwhich we have two pair of dual modalities. In order to obtain a complete axiomati-zation with respect to birelational frames we have to add rules encoding propertiesof the accessibility relations.


[p = p]

q:q: (=)

p1 = p2 p3 = p2

[p1 = p3]

q:q: (=)

[p R q]

p0:p0: (RD)

E(q)

{q R pi}i{1,2}

[p1 = p2]

p:p: (RL)

p1 = p2 p1:p2: (=)

p1 = p2 J

[J{p1/p2}]

r:r: (=)

[p R p]

p0:p0: (R

T)

p R q

[p R q]

p0:p0: (R

I)

p R q q R r

[p R r]

p0:p0: (R

4)

Some observations about the relational rules are in order. Rules (=) are usedto characterize the equality relation as an equivalence relation that behaves as acongruence with respect to judgments. Rule (RL) characterize linearity and permitto conclude q1 = q2 from assumptions p R q1 and p R q2. Rule (RD) is the analogousof axiom D for accessibility relation R, whereas rules (RT) and (R

4) correspond to

axiom T and 4 respectively. Finally rule (RI) is used to characterize the relationshipamong accessibility relations R and R.

It is interesting to note that relational rules are mutually orthogonal. In partic-ular dropping rules (RL) and (=) we obtain a system for frames with a branchingstructure. The resulting system remains distant from branching temporal logics,since it lacks a notion of path. It can be nevertheless interesting as a starting pointfor a simple logic with branching semantics.

Remark 3.4.1 As observed before, modal operator # behaves both as an existen-tial and as a universal quantifier. Even if we chose the universal formulation, thesystem gives also the existential one, i.e. rules (#I) and (#E ) are derivable in thesystem as shown by the following deductions:

[p R q] p R q[q = q] q:

q: (=)

q: (RL)

p:# (#I)E(q)

[p R q][p R q] p:#

q: (#E)

r:

r:(RD)

E(q)

Conversely rules (#I) and (#E) can be derived in a system with (#I) and (#E )


using the following derivations:

q: [p R q]p:#

(#I)

p:# (RD)E(q)

p:#p R q [p R r]

[q = r] [r:]q: (=)

q: (RL)

q: (#E )E(r)

Intuitionistic small temporal logic. In the following we will also consider theproof system obtained from NKSTL substituting rule (EC) with rule (E). Thisnew system will be called here NJSTL, and we will refer to the logic generated byNJSTL as the intuitionistic small temporal logic.

There is not yet agreement on what should be intuitionistic modal logics ingeneral and we will not be concerned in our work with intuitionistic semantics.

Some evidence about the fact that NJSTL make sense as intuitionistic counter-part of NKSTL is given by the fact that NJSTL satisfy the following properties(see [Sim94]):

NJSTL is conservative over intuitionistic propositional logic;

the addition of excluded middle ( ) yields NKSTL;

disjunction property holds for NJSTL (see 4.3.7);

modal quantifiers are independent in NJSTL (see 4.3.11).

There are other reasons that lead us to consider this proof system. First, NJSTLdeductions is a relevant subset of NKSTL deductions, and for this restricted subsetthere are some properties that do not hold in general. Second, NJSTL may be ofsome interest when trying to recover a computational content from small temporallogic.

3.4.1 Relational Entailment

Following the Simpson approach we avoided rules that do not conclude with a logicalformula. In particular, relational rules that one would expect to have the shapeof introduction rules (for instance (RT)) have a rather peculiar form and dischargeassumptions instead of introducing new formulas. If we formulated the system usingsequents we would see that relational rules are always left introductions and we donot have right introduction.

This asymmetry slightly complicates matters when we come to reasoning aboutthe relational part of a deduction. If we consider the relational rules that do notinvolve fresh variables (i.e. all but rule (RD)) we can give an equivalent formulationusing an approach a` la Vigano`. This means defining an entailment relation amonglogical judgment and a proof system characterizing such relation.


Definition 3.4.2

p R p

p R q

p R q

p R q q R r

p R r

p R q p R r

q = r

p = q J

J {q/p} p = p

p = q r = q

q = r

Given a set of relational judgments G and a relational judgment J , we will writeG J if exists a deduction of J with assumptions in G.

Trivially each of the rules above correspond to a relational rule of our proofsystem and conversely each rule of our proof system correspond to one of the rulesabove (except for rule (RD)). Moreover, logical rules of NKSTL system togetherwith the rules above immediately define a natural deduction system a` la Vigano`.With some work one could show that such system corresponds exactly to the (RD)-free fragment of NKSTL.

We are not interested here in this alternative formulation of NKSTL. Instead,we find convenient to describe relational parts of NKSTL deductions in terms ofrelational entailment.

Definition 3.4.3 Let be an NKSTL deduction and J ,J occurrences of rela-tional judgment in .

We say that J immediately depends J if J is discharged by a rule that has J

among its premises.We say that J depends on J if exists a sequence J0, . . . ,Jn such that J0 =

J ,Jn = J and for each i Ji immediately depends on Ji+1.

Observe that the dependency relation among formula occurrences in deductionsis well founded, so it can be used as measure in inductive arguments. Indeed if Jdepends on J , J must be used as premise for some rule appearing below J , henceit cannot also appear above some rule that has J as premise.

Proposition 3.4.4 Let G and J be relational formulas such that G J . Then foreach and p:, if exists a NKSTL (NJSTL) deduction of G,J ; p: thereexists also a NKSTL (NJSTL) deduction of G; p:.

Proof. Let be the deduction of G,J ; p: and the deduction of J .Proceeding by induction on we build a deduction of G; p: as follow.

If is the trivial deduction, J G and is also a deduction of G; p:.Else concludes with some rule () with premises 1 and

2 of G J1 and G J2

respectively. Applying to the relational rule corresponding to () we immediatelyobtain a new deduction 1 of G,J1,J2; p:. The inductive hypothesis for

1

and 2 yields also a deduction of G; p:. 2


Proposition 3.4.5 Let be a deduction of G; p:, and J a relational judg-ment occurring (possibly not open) in . Moreover, let G be the set of relationalassumptions discharged by rules (3E), (2I), (#I) and (RD) that occur in below J .

Then G,G J .

Proof. Proceed by induction using as measure the size of the set of judgments Jdepends on.

if J is open, J G; if J is discharged by a logical rule or by rule (RD), thenJ G. In any case trivially G,G J ;

if J is discharged by a relational rule () with premises J1, . . . ,Jn, by induc-tion hypothesis we have G,G J1, . . .G,G

Jn.

Now observe that we have in the relational proof system a rule correspondingto () from which J , . . . ,Jn J so that we can conclude G,G

J . 2

Having defined a proof system for relational judgments allow us to state somesimple facts about the structure of such proofs. In particular it is interesting thecase in which the conclusion of the proof is of shape p R q, in this case we canrebuild the sequence of world variables witnessing p R q.

Proposition 3.4.6 Let G be a set of relational judgments and p, q world variables.If G p R q or G p R q, there exist two sequences s0, . . . , sn and e0, . . . , en ofworld variables such that:

G e0 = p and G sn = q;

for each i n, G si = ei;

for each i < n, either si R ei+1 G or si R ei+1 G.

Proof. We proceed by induction on a deduction of G J :

if J is obtained by application of the reflexivity rule we take n = 0 and thetrivial sequences p and q;

if J is obtained by an application of the R introduction rule with premisep R q, we apply the induction hypothesis to obtain the sequences;

if J is obtained by an application of the equality rule with premise J =J {p/p} (J = J {q/q}) we apply the induction to J to obtain a new pair ofsequences s0, . . . , sn and e0, . . . , en. Since one of the premises of the equalityrule must be p = p (q = q) and by transitivity of equality, the sequencess0, . . . , sn and e0, . . . , en satisfy the requirements;


if J = p R q is obtained by application of a transitivity rule with premisesp R r and r R q, the induction hypothesis give us two pair of sequences:

s0. . .sh = r s

0. . .s

k = q

p =e0. . .eh r =e

0. . .e

k

Now, since by transitivity of equality s0 = eh, the new pair of sequences

s0, . . . , sh1, s

0, . . . , s

k and e

0, . . . , e

h, s

1, . . . , s

k satisfy the requirements. 2

Now transposing the previous fact on NKSTL and NJSTL, we have:

Corollary 3.4.7 Let a deduction of G; p0: and J a relational judgmentof shape p R q occurring not open in . Moreover, let G the set of relationalassumptions discharged by rules (3E), (2I), (#I) and (RD) that occur in below J .

Then there exists two sequences of world variables s0, . . . sn and e0, . . . , en satis-fying the following:

G,G e0 = p and G,G sn = q;

for each i n, G,G si = ei;

for each i < n, one of the two judgments si R ei+1 and si R si+1 belongs to

G G.

Proof. By Proposition 3.4.5 there exists a deduction of G,G p R q and applyingproposition Proposition 3.4.6 we immediately have the result. 2

Definition 3.4.8 Let ,G, p R q as in the proposition above and let s0, . . . , sn,e0, . . . , en the two sequences whose existence is stated by the proposition. We willsay that p R q is of finite length if for each i < n si R ei+1 G. In this case wewill also say the the judgment p R q is of length n.

Finally we consider how renaming of world variables affect NKSTL (NJSTL)deductions.

Given any function f :V V trivially we can extends f to labelled formulas andrelational formulas as follow:

f(p R q) = f(p) R f(q) f(p R q) = f(p) R f(q)

f(p = q) = f(p) = f(q) f(p:) = f(p):

Consequently f naturally extends also to logical and relational contexts, via :

f(p: ) = {f(p:)} f() f({J } G) = {f(J )} f(G).

The following statement permit to extend f also to NKSTL (NJSTL) deduc-tions.


Proposition 3.4.9 Let f a function on the set of world variables V, then:

G; p: = f(G); f() f(p):.

Moreover the deduction of f(G); f() f(p): is obtained by renaming worldvariables occurring in the deduction of G; p:.

Proof. Proceeding by induction on a derivation of G; p:, build a derivationof f(G); f() f(p):. Here we consider only the case

=

[p R q]

q:p:# (#I)

E(q)

where is a deduction of G, p R q; q:.Let r a world variable different from f(p) and occurring neither in f(G) nor in

f() and let g = f [q 7 r] the function that agrees with f on V \ {q} and maps q tor. By inductive hypothesis, exists a deduction of g(G), g(p R q); g() g(q:),and, by the choice of r, applying rule (#I) on

we obtain also a deduction ofg(G); g() g(p:#). Again, by the choice of r and g, is also a deduction off(G); f() f(p):#. 2

Corollary 3.4.10 If G; p: and p does occur neither in G nor in , thenG; q: for any world variable q.

Proof. Simply apply Proposition 3.4.9 using function f :V V such that f(p) = qand f(x) = x for any other x V. 2

Observe that, if f is not injective, the sets of assumptions f() and f(G) canbe smaller than and G, consider for instance = {p:, q:} and f such thatf(p) = f(q) = p.

3.5 Soundness and Completeness

In this section we will prove the soundness and completeness of NKSTL. First werecall the standard notion of sound rule and adapt it to our system.

Definition 3.5.1 Let () a natural deduction rule that, given deductions of G1; 1 p1:1, . . . ,Gn; n pn:n, builds a deduction of G; p:. Rule () is said soundif, for each birelational structure M from:

M, G1 and M, 1 = M, p1:1...

M, Gn and M, n = M, pn:n

3.5. SOUNDNESS AND COMPLETENESS 37

follows:

M, G and M, = M, p:.

Proposition 3.5.2 (Soundness)

p: = p:

for each set of labelled formulas and for each labelled formula p:.

Proof. It is sufficient to show that each rule in NKSTL is sound. We prove as anexample that rule (2I) is sound.

So we consider a birelational frameM = (W,R,R, ) and a modal environment such that M, . We now have to prove that, assuming

M, p R q and M, = M, q:,

we also have M, p:2.Let w and w elements of W such that (p) = w and w R w, then take

= [q 7 w]. Clearly M, p R q and, from the side condition on q, alsoM, . Hence, applying the hypothesis, M, q:.

Summarizing, for each w such that (p) R w we have M, w , but thismeans M, p:2. 2

The proof of completeness can be given deriving each axiom of the Hilbert systemand showing that each inference rule is eliminable.

Lemma 3.5.3 If p: then p:# and p:2

Proof. If is a proof of p: and q is a world variable not occurring in , usingCorollary 3.4.10,

{q/p}q:p:#

(#I) and

{q/p}q:p:2 (2I)

are proofs of p:# and p:2 respectively. 2

Lemma 3.5.4 Each axiom of the Hilbert system is derivable in NKSTL.

Proof. We only give as example a derivation of axiom K

[p R q] [p:#( )]

q: (#E)

[p R q] [p:#]q: (#E)

q:(E)

p:#(#I)

p:# #(I)

p:#( ) # #(I)

2


Proposition 3.5.5 (Completeness)

p: = p:


Proof. Follows immediately from the completeness of the Hilbert system and fromlemmata 3.5.3 and 3.5.4. 2

3.6 A natural deduction system without equality

for STL

In this section we want to describe a variant of the natural deduction system forsmall temporal that does not use judgments for equality.

Consider the following introduction/elimination rules for #:

p R q q:p:# (#I

)p R q p:#

q: (#E)

Using rule (#I) together with (RD) we can derive the linearity axiom:

[p R q]

[p:#][p R q] [q:]

p:#(#I)

(E)

q: (I)

p:#(#I)

p:#(RD)

p:# # (I)

Whereas using rule (#E) and again rule (RD) we obtain a proof of axiom D:

[p R q] [p:#]q: (#E)

[p R q] [p:#]q: (#E)

(E)

p:#(I)

p:#(RD)

p:# #(I)

Clearly also axioms T2 and T4 can be proved using rules (#I) and (#E) withdeductions that do not contain equality judgments. This suggest a simplification ofthe system defined above.

Definition 3.6.1 The system NKSTLI is obtained by system NKSTL by remov-ing rules (=) and (RL) and substituting rule (#I) with (#I).

The resulting system is easily seen to be sound and complete with respect tobirelational temporal frames.

3.6. A NATURAL DEDUCTION SYSTEM WITHOUT EQUALITY FOR STL 39

Proposition 3.6.2 (Soundness)

p: = p:


Proof. Follow easily by the soundness of NKSTL and by the fact that (#I) isderivable in NKSTL. 2

Proposition 3.6.3 (Completeness)

p: = p:


Proof. Easy by completeness of NKSTL and by the fact that (#I) can be derivedfrom (#I) and (RD). 2

Even if also NKSTLI give rise to a complete system, we immediately face aproblem when trying to normalize, for instance, a proof of p R p1, p R p2, p1: p2:. Indeed it is easily seen that such a deduction would require the introductionof #.

The problem arise from the relational contexts in which two distinct world vari-ables (here p1 and p2) are successors of a same relational variable (here p).

With the following definition we want to make precise the set of deductionsgiving rise to the problem sketched above. Then we show that we can avoid suchcomplications imposing a mild restriction on the set of relational contexts.

Definition 3.6.4 A set of relational assumptions G will be said linear if

G does not contain the equality symbol;

do not exist world variables p, q1 and q2 such that p R q1 and p R q2.

Consider a deduction of G; p: concluding with an application of (RD). Suchan application of rule (RD) will be said linear if the assumption discharged by sucha rule, say q R q, is such that for no q q R q G.

A deduction of G; p: will be said linear if G is linear and each applicationof (RD) within is linear.

Clearly, given a linear deduction , each subdeduction of have a linear setof open assumption.

Proposition 3.6.5 Given a linear G, if G; p: there exists a linear deductionof G; p:.


Proof. By induction on the deduction of G, p: removing each non linearoccurrence of (RD).

The only non trivial case to consider is the case that the deduction concludes witha non-linear application of (RD). Then we have a deduction of G, q R q

; p:with q R q G. Consider now the function f on V that is the identity of V \ {q}and maps q to q.

By Proposition 3.4.9 we also have a deduction of f(G), f(q R q); f() f(p):, but, from the side conditions on (RD), this is a deduction of G; p:.Now, is of the same size of so the statement follows by inductive hypothesis.

2

As a consequence of the previous proposition we obtain a complete proof systemalso if we restrict (RD) to linear applications only. It could be shown that theresulting system is normalizing.

Chapter 4

Small temporal logicNormalization

In this chapter we study the properties related to normalization within the systemsNKSTL and NJSTL. The emphasis is on weak normalization and properties ofnormal deductions.

4.1 Reduction Rules

4.1.1 Relational Reductions

The relational rules will not take a fundamental part in reduction, we can considerthem as indirect rules that do not discharge logical judgments. We can easily seethat each relational rule commute with the other rules following the schema

J1 Jm

[J ]

p:

p:()

J 1 Jn

q: (r) J1 Jm

[J ]

p: J 1 Jn

q:(r)

q: ()

where (R) is a relational rule, (r) is an elimination rule with main premise p:and J is the judgment discharged by the relational rule. To see that the reductiongiven above make sense it is sufficient to observe that no elimination rule dischargesassumptions on its main premise, so in this case J1 Jm cannot be discharged by(r).

The only exception to the pattern above is given by the equality rules for whichwe have the following permutative reductions:

p1 = p2 p1:

p2: (=)

p2:

p2:(E)

p1 = p2

p1:

p1 = p2 p2:

p1:(=)

p1:(E)

p2:(=)

42 CHAPTER 4. SMALL TEMPORAL LOGIC NORMALIZATION

p1 = p2 p1:#

p2:#(=)

p2 R qq: (#E)

p1 = p2 p2 R q

[p1 R q] p1:#

q:(#E)

q: (=)

p1 = p2 p1:3

p2:3(=)

[p2 R r][r:]

q:

q:(3E)

p1:3

p1 = p2 [p1 R r]

[p2 R r][r:]

q:

q:(=)

q: (3E)

Documents

-Modal Logic-PhDthesis_Marchignoli