presentation of proofs in modal natural deductionuros.m/logcom/hdb/volume_10/issue_04/... ·...

Presentation of Proofs in Modal NaturalDeduction

ERIKA F. de LIMA, IMS - Institute for Natural Language Processing,University of Stuttgart, Azenbergstrasse 12, 70174 Stuttgart, Germany.E-mail: [email protected]

CHRISTOPH LINGENFELDER, IBM Germany, P.O. Box 13 80, 71003Boeblingen, Germany.E-mail: [email protected]

AbstractWe introduce a calculus for transforming first-order proofs of theorems originally formulated in modal logic, intomodal natural deduction proofs. With a transformation procedure based on this calculus, we are able to presenta proof in the language in which the problem was originally formulated, and in a formalism giving better insightinto the contents of the proof. As a target language of the proof transformation we use a linearized modal naturaldeduction calculus which makes the reasoning involving modal contexts explicit.

Keywords: Modal logic, modal natural deduction, theorem proving, proof transformation.

1 Introduction

Modal logic has been used as a means for representing knowledge in many fields of ArtificialIntelligence (AI) and Computer Science, such as specification and verification of processes[17], specification of distributed systems [10] and planning systems [19].

An efficient strategy for automated deduction in modal logics involves the translation ofmodal logic formulae into first-order syntax. This approach takes advantage of the advancedsearch control techniques developed for first-order logic and allows the use of theorem proverimplementations already available.

Ideally one would like to present the proof obtained automatically in a formalism whichfacilitates the understanding of the proof. This issue has been addressed for first and higher-order logic in [1], [18], and [16]. Additionally, in the case of first-order or propositional logicproofs of modal logic theorems, the proof should be presented in the language in which theproblem was originally formulated.

This question is addressed by Caferra and Demri in [3]: if a problem formulated in propo-sitional modal logic is translated into predicate logic, and a resolution proof is obtained forthe translation, is it possible to present in the source language a sequence of semantic en-tailments of formulae which ‘corresponds’ to the proof found in the target language? Theauthors answer the question affirmatively, presenting for some propositional modal logicssuch a sequence of formulae. The method used is basically to translate formulae obtained asintermediate steps of a resolution proof back into modal logic syntax. Certainly the resultsdo not constitute a calculus; the reasoning, especially involving modal contexts, remains im-plicit. A crucial question to proof transformation and presentation in the context of automateddeduction concerns comprehensibility: the target formalism must help give insight into the

J. Logic Computat., Vol. 10 No. 4, pp. 527–572 2000 c Oxford University Press

528 Presentation of Proofs in Modal Natural Deduction

contents of the proof.In this paper we present a method to transform proofs of problems originally formulated in

modal logic, and translated into predicate logic using the methods in [20], into modal naturaldeduction proofs. The method is extended to quantified modal logic with rigid symbols.As the source formalism of the proof transformation we use refutation graphs, a compactrepresentation of resolution proofs [23]. Modal natural deduction, the target language of ourproof transformation, enables the formulation of proofs in a form both natural and intuitive.We use a formalism based on a linearized version of first-order natural deduction due toAndrews [1], extended by the incorporation of modal rules similar to those in [7] and [24],further by an indexing mechanism for terms and assumptions, and by explicitly representingthe modal context associated with a formula.

2 Modal natural deduction

Natural deduction, originally developed by Gentzen and Jaskowski for first-order logic inthe early 1930s [8, 11], was motivated by the desire to create a formalism that resemblesinformal mathematical reasoning (‘der moglichst genau das wirkliche logische Schließen beimathematischen Beweisen wiedergibt’ [8]). Modal natural deduction goes back at least to[7], which used a type of ‘nested box’ formalism to handle deductions in modal logic. Oneobjectionable feature of this formalism, as well as the formula tree formalism for modallogics (see [22]), is the fact that the information regarding the modal context associated witha formula remains implicit. To represent a modal context explicitly in the natural deductionformalism, we introduce the concept of a world path.

DEFINITION 2.1Let Cp be a denumerable set of world constants and Vw a denumerable set of world variablessuch that Cp and Vw are mutually disjoint. Let = Cp [ Vw. A world path is a finitesequence � = !0!1 : : : !n such that !i 2 for 0 � i � n. We use the symbols p; p0; p1; : : :for elements in Cp, w;w0; w1; : : : for elements in Vw, and ! for an element of .

The length of a world path �, denoted by j�j, is the number of symbols composing theworld path. The ith symbol of a world path � is denoted by �(i).

REMARKS. The concept of world path is similar to the concept of index in [12]. However,we intend world paths to denote sets of possible worlds in a Kripke model [4]. The worldpath w0 denotes the set of all worlds in the model. If the world path � stands for a certainset of worlds, the world path �w stands for the set of all successors of the worlds in this set.The elements of Cp, on the other hand, stand for ‘particular worlds’, so the world path �pdenotes a set containing one successor of each element in the set denoted by �. For a formaldefinition of the semantics of world paths see Definition 2,8.

DEFINITION 2.2Let � denote the set of world paths, N the set of natural numbers. We define a base substitu-tion � as a mapping from ��N to � such that �(�; i) = �0 with �0(j) = �(j) for all i 6= j,or i = j and �(i) 2 Cp, and �0(i) equals an arbitrary element of Vw [ Cp otherwise.

We define a substitution � as a mapping from � to � such that for j�j = n, �(�) = �(�; 1) Æ: : : Æ �(�; n).

We say �0 is an instance of � if there is a substitution � such that �(�) = �0.

Further, we say two world paths are unifiable if they have a common instance.

Presentation of Proofs in Modal Natural Deduction 529

DEFINITION 2.3An assumption is a pair (A; �) where A is a formula and � a world path. We also write A�

for (A; �). An assumption (A; �0) is an instance of (A; �) if �0 is an instance of �. LetA be aset of assumptions and � a unifier. We define �(A) to be the set f(Ai; �(�i))j(Ai; �i) 2 Ag.

DEFINITION 2.4A natural deduction proof line ‘(�) A ` F � R(�1; : : : ; �n)g’ consists of:

(i) an integer �, the line number,

(ii) a finite, possibly empty set of assumptions A,

(iii) a formula F , called the conclusion,

(iv) a world path �, and

(v) the justificationR(�1; : : : ; �n), where ‘R’ stands for a rule of the calculus, and �1; : : : ;�n(n � 0) stand for lines from which the given line is obtained by the application of rule‘R’ and �i � � for 0 � i � n.

A proof line ‘(�) B ` G � R(�1; : : : ; �n)’ within a sequence of proof lines is correctlyjustified if ‘B ` G �’ matches the lower part of the rule ‘R,’ and there are proof linesf(�i) Bi ` Gi �i Ri(�1i ; : : : ; �ni)g; (i = 1; : : : ; n) preceding line � in the sequence,such that fBi ` Gi �i; (i = 1; : : : ; n)g match the upper part of the rule, and further if i > 1,the world paths �i are unifiable such that �(�i) = �.

A finite sequence S of proof lines is a natural deduction derivation in the logic L of aformula F from assumptionsA, if

(i) F is the conclusion of the last line of S,

(ii) A is the set of assumptions of this last line,

(iii) every line in S is correctly justified by one of the L-rules,

(iv) line numbers in the sequence grow monotonically.

A finite sequence S of proof lines is a natural deduction proof of a formula F if it is anatural deduction derivation of F from an empty set of assumptions and w0 is the world pathof its last line.

2.1 Natural deduction rules

2.1.1 Propositional modal logicWe now introduce some of the modal natural deduction (MND) rules. For complete sets ofrules for normal modal logics see Appendix A.

All natural deduction rules needed in propositional logic carry over into the modal case,but they have to be extended by the addition of a construct to convey information about modalcontexts. Examples of these rules are shown in Figure 1. For the complete set of rules, seeAppendix A.

The conditions for the application of these rules are as follows:

Ass In the Assumption rule, if the world path � contains any symbols from Cp, and thelogic is not serial, the prefix of � up to the last occurrence of a constant from Cp mustoccur in the derivation prior to the assumption line.


F� ` F �(Ass)

A; F� ` G �

A ` F � G �(�I)

A ` F � B ` F � G �0

A0;B0 ` G �00(�E)

A ` F � B ` G �0

A0;B0 ` F �00(MI)

FIGURE 1. Modal natural deduction rules

�E In the Modus Ponens rule, the world path �00 of the resulting line must be a commoninstance of � and �0; �00 = �(�) = �(�0), where � is a unifier. Further A0 = �(A),B0 = �(B).

MI In the Modal Instantiation rule, as in the Modus Ponens rule, �00 must be a commoninstance of � and �0, A0 = �(A), and B0 = �(B), where � is a unifier. Further, asin the Assumption rule, if the world path �00 contains any symbols from Cp, and thelogic is not serial, the prefix of �00 up to the last occurrence of a constant from Cp mustoccur in the derivation prior to the conclusion line.

REMARKS. The condition on the Assumption and MI rules ensures that every new constantp 2 Cp in the derivation can only be introduced with the 3-Elimination rules. Without theseconditions, non-serial logics would not be covered by the calculus. Further, note that anassumption F� can only be discharged by the Deduction rule (�I) if the line to which the ruleis applied has � as its context.

In addition to propositional rules, we need introduction and elimination rules to handle modaloperators. These are shown in Figure 2.

A ` 2F �

A ` F �w(2E)

A ` F �w

A ` 2F �(2I)

A ` 3F �

A ` F �p(3E)

A ` F �p

A ` 3F �(3I)

A ` :3F �

A ` 2:F �(:3E)

A ` :2F �

A ` 3:F �(:2E)

A ` ? �p

A ` ? �(?-Ret)

FIGURE 2. Modal natural deduction rules involving modalities and context modification

The application of these rules is subject to the following conditions:


2I The 2-Introduction rule may be applied providedw 2 Vw and provided j�0j � j�j forall (A; �0) 2 A.

3E In the 3-Elimination rule p 2 Cp is new to the proof.

3I The 3-Introduction rule may be applied provided j�0j � j�j for all (A; �0) 2 A.

?-Ret The condition for the 3-Introduction rule holds for this rule as well.

REMARKS. Following the definition of world paths, we noted that world paths denote sets ofpossible worlds in a Kripke model. Let � denote some set of worlds W0. With the 2E rule,if 2F holds in W0, one may derive F in a context denoting the set of all successors of theworlds in W0. With the 3E rule, F is derived in a context denoting a set of one particularsuccessor of each world in W0. The ?-Ret rule serves to ‘bring’ a contradiction to W0, if ithas been derived in actual successors of the worlds in W0.

The rules shown in Figure 3 are required for modal systems other than K, in which theaccessibility relation is transitive, reflexive, symmetric, serial, and/or Euclidean.

A ` 2F �

A ` 22F �(Trans)

A ` 2F �

A ` F �(Reflex)

A ` 32F �

A ` F �(Sym)

A ` 2F �

A ` 3F �(Ser)

A ` 3F �

A ` 3F �w(Euc)

FIGURE 3. Modal natural deduction rules for logics other than K

EXAMPLE 2.5Following is a modal natural deduction proof of (3P ^ 2(Q � R) ^ 2Q) � 3R. (Inthis example, assumptions are abbreviated by line numbers (indexed by their world path); aline number in place of an assumption stands for the conclusion formula introduced by theassumption rule in the line with this number.)

(1) 1w0` 3P w0 Ass

(2) 2w0` 2(Q � R) w0 Ass

(3) 3w0` 2Q w0 Ass

(4) 1w0` P w0p1 3E(1)

(5) 2w0` Q � R w0w1 2E(2)

(6) 3w0` Q w0w2 2E(3)

(7) 2w0; 3w0

` R w0w1 �E(5; 6)(8) 1w0

; 2w0; 3w0

` R w0p1 MI(4; 7)(9) 1w0

; 2w0; 3w0

` 3R w0 3I(8)(10) 1w0

; 2w0` 2Q � 3R w0 �I(9)

(11) 1w0` 2(Q � R) � (2Q � 3R) w0 �I(10)

(12) ` 3P � (2(Q � R) � (2Q � 3R)) w0 �I(11)(13) ` (3P ^ 2(Q � R) ^ 2Q) � 3R w0 Tau(12)


2.1.2 Quantified modal logicThe calculus for propositional modal logic is extended to quantified modal logic with rigidsymbols by the addition of quantifier elimination and introduction rules. In order to handlemodal logics with varying domains, these rules need to be modified, by indexing constantswith the modal context in which they are introduced and by introducing additional conditionsfor their application.

In a natural deduction derivation, terms may be introduced by instantiation (8I) or in anassumption (Ass). Each occurrence of a term in a formula and in a derivation line is associatedwith the modal context of the line in which it is introduced. t� denotes the modal context �associated with a term t. The subscript is not part of the formal syntax of terms, but rathera convenient indexing mechanism needed to ensure the correct application of the quantifierrules in an MND calculus.

REMARK. In a first-order Kripke model, a domain D� is associated with each world � in themodel. If D� = D� for all possible worlds �; �, we speak of constant domain, if D� � D�

whenever �R�, of increasing domain, and of decreasing domain if D� � D� whenever�R�. We will be concerned with increasing and constant domain variants of quantifiedmodal logics.

DEFINITION 2.6Let L be a modal logic, and let � and �0 be world paths. We say �0 fits � in L, if

(i) �0 = �, or

(ii) �0 is a prefix of � and L is constant or increasing domain, or

(iii) � is a prefix of �0 and L is constant domain.

The rules involving quantifier elimination and introduction are shown in Figure 4.

A ` 8xF �

A ` F [t�0=x] �(8E)

A ` F �0

A ` 8xF [x=c�] �0(8I)

A ` F [t�0=x] �

A ` 9xF �(9I)

A ` 9xF �0 B; F [c�=x])�0 ` G �0

A;B ` G �0(9E)

FIGURE 4. Quantified modal natural deduction rules

In order for these rules to be applicable, �0 must fit � in L. Further, the application of theserules is subject to the following conditions:

8E In the Universal Instantiation rule, t must be free for x in F .

8I The Universal Generalization rule is applicable provided c does not occur in any of theassumptions in A, and further, if � is a proper prefix of �0 such that �0 = ��00, then �00

contains no elements from Cp.


9E The Rule of Choice may be applied provided c does not occur in G, nor in 9xF , nor inany of the assumption formulae in B.

REMARKS. The notion of fit is necessary to ensure the correctness of the Universal Instanti-ation and Universal Generalization rules. Condition (ii) in Definition 2.6 ensures that in 8E,the inserted term exists in the current world. Condition (iii) rules out the following derivation,which is not correct given an increasing domain model.

(1) 1w0` 2P (cw0

) w0 Ass(2) 1w0

` P (cw0) w0w1 2E(1)

(3) 1w0` 8P (x) w0w1 8I(2)

Further, the conditions in 8I rules out the following derivation:

(1) 1w0` 83P (x) w0 Ass

(2) 1w0` 3P (cw0

) w0 8E(1)(3) 1w0

` P (cw0) w0p1 3E(2)

(4) 1w0` 8P (x) w0p1 8I(3)

(5) 1w0` 38P (x) w0 3I(4)

Further, we restrict ourselves to logics with rigid symbols, since in the case of a logicwith flexible symbols, the quantified modal logic calculus as is is not sound, as the followingexample shows.

Consider the formula (8x(P (x) ^ 3P (x))) � (P (c) ^ 3P (c)), where c is a flexibleconstant, i.e. its interpretation may vary from world to world. This formula is not a theorem,as the counter model M given as follows shows.

Let W = �; �; , R = (�; �); (�; ), D� = D� = D = 1; 2. Let c be a constant suchthat =�(c) = = (c) = 1, and =�(c) = 2. Further let P be a unary predicate such that P (1)holds (only) in � and �, while P (2) holds (only) in � and . So k�M� 8x(P (x) ^ 3P (x)),but 6k�M� P (c) ^3P (c).

However, in the quantified MND calculus, the following proof can be constructed:

(1) 8x(P (x) ^3P (x)) ` 8x(P (x) ^3P (x)) w0 Ass(2) 8x(P (x) ^3P (x)) ` (P (cw0

) ^3P (cw0)) w0 8E(1)

(3) ` (8x(P (x) ^3P (x))) � (P (c) ^3P (cw0)) w0 �I(2)

Thus the quantified modal logic calculus is restricted to logics with rigid symbol interpreta-tion. Note that this restriction also applies to other calculi for quantified modal logic such asHilbert, sequent and tableaux calculi (see for instance [6]).

2.2 Correctness

REMARK. The semantics underlying our calculus is Kripke semantics, see for instance [9]or [6] for definitions of Kripke model. In the sequel we will be interested in certain classesof models, in particular those defined by requiring that the accessibility relation be reflexive,serial, symmetric, transitive, or Euclidean.

DEFINITION 2.7Let M = hW;R; k�i be a Kripke model. An access function in M is a maximally definedfunction f : W ! W such that �Rf(�). So a world � in W has no successor if and onlyif f is undefined at �. Let A be the set of (partial) access functions in M. A choice functionfor M is a function c : Cp ! A.


DEFINITION 2.8Let � be the set of world paths, M = hW;R; k�i a model, and c a choice function for M. Apartial function v from � to }(W ) is called a world path mapping inM for c if the followingconditions hold (in the following, w 2 Vw and p 2 Cp):

1. v(w) =W ,

2. v(�w) =

�f� 2 W j 9� 2 v(�) such that �R�g if v(�) is definedundefined otherwise,

3. v(�p) =

8<:

ff(�) 2 W j f = c(p); � 2 v(�)g if v(�) is definedand the domain of f contains v(�)

undefined otherwise.

REMARKS. If v(�p) is defined, there exists a one-to-one mapping from v(�) onto v(�p).Note that if no world in v(�) has a successor, v(�w) is empty. Further if �0 is a prefix of �and v(�0) is undefined, then v(�) is undefined as well. v(�w) is defined iff v(�) is defined,and if v(�p) is defined, then v(�) is defined as well. Further, v(�p) can only be empty ifv(�) is empty itself.

Informally: v(�w) is the set of all successors of the elements in v(�), while v(�p) is a setof ‘particular’ successors. The choice function c is used to ‘choose’ one successor. Note thatv(�p) is defined iff all elements in v(�) do have a successor.

EXAMPLE 2.9Let M = hW;R; k�i be a model such that W = f�1, �2, �3, �4, �5, �6, �7, �8g, R =f(�1; �2), (�1; �3), (�2; �4), (�2; �5), (�3; �6), (�4; �7), (�5; �8)g, and let f1 and f2 beaccess functions as shown in Figure 5.

�1��*

HHHj

f1

f2 �3HHHj

f1;f2

�2��*

HHHj

f1

f2

�6

�5HHHj

f1;f2

�4��*

f1;f2

�8

�7

FIGURE 5. Access functions

Further, let c be a choice function such that c(p1) = c(p3) = f1, c(p2) = f2, and let vbe a world path mapping in M for c such that v(p0) = f�1g. Then: v(p0w1) = f�2; �3g,v(p0p1) = f�2g, v(p0w1w2) = f�4; �5; �6g, v(p0p1w2) = f�4; �5g, v(p0p1p2) = f�5g,v(p0w1w2p3) is undefined (since �6 2 v(p0w1w2), and f1(�6) is undefined), andv(p0p1w2w3w4) = ;.

DEFINITION 2.10Let M be a model, c a choice function, and v be a world path mapping in M for c. Furtherlet � be a world path such that �(1) 2 Vw and v(�) is defined and not empty. A model pathfor (v; �) is a sequence of worlds in W defined recursively as follows:

1. If � 2 Vw, < ! > is a model path for (v; �) for all ! 2W .


2. Let � = �0� , where � 2 Vw [ Cp. < !1; !2; : : : ; !n > is a model path for (v; �),provided < !1; !2; : : : ; !n�1 > is a model path for (v; �0) and further:

(a) if � 2 Vw, !n�1R!n,(b) if � 2 Cp, !n = c(�)(!n�1).

Note that in both cases !n 2 v(�).

We say an assumption (A; �0) is in a model path � for (v; �) if �0 is a prefix of � and thereis a world � 2 v(�0) such that � 2 �.

We say a model path � =< !1; !2; : : : ; !n > is an extension of a model path �0 if thereis a i (1 � i � n) such that �0 =< !1; !2; : : : ; !i >.

The ith world of a model path � is denoted by �i.

DEFINITION 2.11An assumption (A; �) is true in a model M under the world path mapping v with respect tothe model path � for (v; �) if k�M�j�j

A.We omit M and v if the model and world path mapping are clear from the context.

EXAMPLE 2.12Let M; c and v be as in example 1. Further, let � = p0p1w2w3. Then v(�) = �7; �8. Thesequences < �1; �2; �4; �7 > and < �1; �2; �5; �8 > are model paths for (v; �).

DEFINITION 2.13We say an MND proof line f(i) A ` F � R(h1; : : : ; hm)g is correct with respect to themodel M under the world path mapping v if v(�) is undefined or empty, or for all modelpaths � for (v; �) either F is true in the last world in � or there is an assumption (A; �0) 2 Aand a world � = �j�j and 6k�M� A.

Let L be an MND system and C be a class of L-models. We say a derivation in the systemL is correct if for all C-models M = hW;R; k�i there is a choice function c such that for allworld path mappings v in M for c and all lines in the derivation are correct with respect toM under v.

In order to prove correctness of the MND calculus, we need the following lemma:

LEMMA 2.14Let v be a world path mapping in a model M for a choice function c. Let � be a world pathwhose first symbol is a member of Vw. If �0 is an instance of � and v(�0) is defined, thenv(�0) � v(�).

PROOF. By induction on the length of � (j�j = j�0j). Let � be as above, and let �0 be aninstance of � such that v is defined for �0.

Induction base: j�j = j�0j = 1. Now � 2 Vw, so v(�) = v(�0) and hence v(�0) � v(�).

Induction step: suppose the lemma holds for world paths of length n. We show that it holdsfor world paths of length n+1 as well.

Let � = �! and �0 = � 0!0 such that j� j = j� 0j = n and !; !0 2 Vw [ Cp. Since �0 is aninstance of �, � 0 is an instance of � as well. Since v(�0) is defined, v(� 0) is defined as well,and since j� j = j� 0j = n, according to the induction hypothesis, v(� 0) � v(�). We considerthe following cases:

1. ! 2 Vw and !0 2 Vw. According to the definition of v: v(�0) =S�2v(� 0)f� 2W j�R�g

and v(�) =S�2v(�)f� 2 W j�R�g. Since v(� 0) � v(�), v(�0) � v(�).


2. ! 2 Vw and !0 2 Cp. Let !0 = p and f = c(p). According to the definition of v, sincev(�0) is defined: v(�0) =

S�2v(� 0)ff(�) 2 Wg and v(�) =

S�2v(�)f� 2 W j�R�g.

Since v(� 0) � v(�), v(�0) � v(�).

3. ! 2 Cp and !0 2 Cp. Since �0 is an instance of �, then due to the definition of instance,! = !0. Hence c(!) = c(!0). Let c(!) = f . According to the definition of v, sincev(�0) is defined: v(�0) =

S�2v(� 0)ff(�) 2 Wg and v(�) =

S�2v(�)ff(�) 2 Wg.

Since v(� 0) � v(�), then v(�0) � v(�).

THEOREM 2.15 (Correctness of an MND derivation)Any derivation S in the MND system L is correct.

PROOF. By induction on the number of lines in S.

Induction base: n = 1. Let C be the class of all models, and M be an arbitrary model inC.

Assumption rule

(1) F� ` F � Ass

Since there is no line preceding line (1), � contains no element from Cp. Thus, for any choicefunction c and any world path mapping v in M for c, v(�) is defined.

Let � be an arbitrary model path for (v; �), and � its last element. In the case k�M� F , line(1) is correct. Otherwise there is an assumption, namely (F; �), and a world in v(�), namely�, such that � in � and 6k�M� F , and hence line (1) is correct.

Induction step: suppose the theorem holds for every derivation S consisting of no more thann lines. We show that it holds for a derivation containing n+ 1 lines.

We consider the following cases: 2-Elimination and Introduction,3-Elimination and In-troduction, ?-Return, the Seriality rule as an example of a rule for logics other than K, the^-Introduction rule as an example of a rule involving more than one premiss, and the de-duction rule as an example of a rule in which an assumption is discharged. (Other cases areproven analogously.)

REMARKS. In the following proofs, we let C be the class of all models unless otherwisespecified, and suppose that for an arbitrary C-model M there is a choice function c such thatfor an arbitrary world path mapping v in M for c all lines (j) (j < n + 1) in the derivationare correct with respect to M under v.

We then show that there is a choice function c0 such that for an arbitrary world path map-ping v0 in M for c0, line (n + 1) is correct with respect to M under v0, and all lines (i)(i < n+ 1) in the derivation are correct with respect to M0 under v0. We make explicit useof c0 and v0 only if c0 6= c or v0 6= v, respectively.

In the 2-Elimination, 2-Introduction, 3-Elimination, 3-Introduction and Seriality rules,where the assumption set remains unchanged by the application of the rule, we further assumethat all assumptions in the set of line (i) from which line (n + 1) is derived are true in Munder v for an arbitrary model path � for (v; �(i)), where �(i) is the world path of line i. Wefurther assume that v(�(n+1)) is defined and not empty, where �(n+1) is the world path ofline (n+1). Otherwise line (n+1) is trivially correct. We make use of these considerationsin the following proofs.


2-Elimination...(i) A ` 2F � R(h1; : : : ; hr)...(n+ 1) A ` F �w 2E(i)

Let M, c, v and � be as in the remarks above. Further, let � be the last element of �. Sinceline i is correct and all assumptions in A are true, k�M� 2F . Let � be an arbitrary element ofv(�w). Since v(�w) is defined and not empty, such an element exists.

Further, let �0 be the world path for (v; �w) extending � by beta. According to the se-mantics of the box operator and the definition of model path extension, k�M� F . Since � wasarbitrary, line (n+ 1) is correct with respect to M under v.

2-Introduction

...(i) A ` F �w R(h1; : : : ; hr)...(n+ 1) A ` 2F � 2I(i)

Let M, c, v be as in the remarks above. Further, let �0 be an arbitrary model path for (v; �)and let � be its last element. Suppose 6k�M� 2F . Therefore there is a successor of �, say�, such that 6k�M� F . According to the definition of v, � 2 v(�w). Let � be the modelpath extending �0 by the world �. Since � is a model path for (v; �w), and line (i) iscorrect, 6k�M� F contradicts the assumption that all elements ofA are true, so the supposition6k�M� 2F is false and line (n+ 1) correct.

3-Elimination...(i) A ` 3F � R(h1; : : : ; hr)...(n+ 1) A ` F �p 3E(i)

According to the remarks above, k�M� 3F for the last world � in �. Hence according to thesemantics of the diamond operator, there exists a � 2 W such that �R� and k�M� F .

So we know there is at least one access function which maps � to a world in which Fis true. Let c0 be a choice function such that c0(p) equals one such access function, andotherwise equal to c. Let v0 be an arbitrary world path mapping in M for c0. Let � 2 W besuch that � = c0(p)(�). Note that � 2 v0(�p).

Since p cannot occur in �, line (i) is correct with respect to M under v0, and the modelpath � for (v; �) is also a model path for (v0; �) .

Let �0 be the model path which is an extension of � and such that � is the last element of�0 (note that there is exactly one such model path). Since k�M� F , and since � was arbitrary,line (n+ 1) is correct.


3-Introduction...(i) A ` F �p R(h1; : : : ; hr)...(n+ 1) A ` 3F � 3I(i)

Again, we assume v(�) is defined and not empty.Suppose v(�p) is defined. Let �0 be an arbitrary model path for (v; �p), and let � be its

last element. Further let � be the model path obtained from �0 by deleting its last element�, and let � be the last element of �. Since line (i) is correct, k�M� F and according tothe semantics of the diamond operator and the definition of model path, k�M� 3F , and line(n+ 1) is correct as well.

Now suppose v(�p) is undefined. Then there is at least one element in v(�), say �, whichdoes not have a successor. Let line (h), h � i, be the last line in the derivation of line (i) towhich 3E is applied producing the world path ��p. So there is a line f(g) B ` 3G �� Rgin the derivation, g < h such that �(��) = �. According to the induction hypothesis, line (g)is correct. Since � does not have a successor, 6k�M� 3G.

Let � be a model path for (v; �) ending in �. Since � is an instance of ��, according toLemma 2.14, � is a model path for (v; ��). Since (g) is correct, there is an assumption in B,say (B; �0) such that 6k�M�j�0j

B and hence there is an assumption in A, namely (B; �(�0)),

which is not true for v with respect to � and therefore line (n+ 1) is correct.

?-Return...(i) A ` ? �p R(h1; : : : ; hr)...(n+ 1) A ` ? � ?-Ret(i)

According to the remarks above, we assume that v(�) is defined and not empty. Note v(�p)cannot be empty, since according to the definition of v, v(�) would be empty as well.

Consider the case in which v(�p) is defined. Let � be an arbitrary model path for (v; �p),and let � be its last element. Since line (i) is correct and 6k�M� ?, there is an assumption(A; �0) 2 A which is not true with respect to �.

Let �0 be the model path obtained from � by deleting its last element. Since the ?-Returnrule requires that j�0j � j�j, and � is an extension of �0, (A; �0) is not true with respect to�0, and therefore line (n+ 1) is correct as well.

The case in which v(�p) is undefined is proven analogously to the second case in the3-Introduction rule.

Seriality rule...(i) A ` 2F � R(h1; : : : ; hr)...(n+ 1) A ` 3F � Ser(i)

Let M, c, v be as in the remarks above. Suppose for the sake of contradiction that there isa model path � for (v; �) such that 6k�M� 3F for its last element �. So according to the


semantics of the diamond operator, k�M :F for every in M such that �R . Since Ris serial, such a exists. Thus k�M :F for some in M such that �R and therefore6k�M� 2F , contradicting the assumption that line (i) is correct and all assumptions in A aretrue. Therefore such a model path � does not exist and line (n+ 1) is correct.

^-Introduction...(i) A ` F �1 R(h1; : : : ; hr)...(j) B ` G �2 R0(t1; : : : ; ts)...(n+ 1) A0;B0 ` F ^G �3 ^I(i; j)

Assume lines (i) and (j) are both correct. Further assume v(�3) is defined and not empty(otherwise trivial), and all assumptions in A are true with respect to all model paths �1 for(v; �1), and analogously for B.

For the sake of contradiction, suppose there exists a model path �3 for (v; �3) such that6k�M� F ^ G for its last element �. Assume 6k�M� F . According to Lemma 2.14, � 2 v(�1).Since�3 is a model path for (v; �3), and �3 is an instance of �1, �3 is a model path for (v; �1)as well. This contradicts the assumption that line (i) is correct and all assumptions in A aretrue with respect to all model paths, so the supposition is false and k�M� F . Analogouslyk�M� G.

Now Let� be an arbitrary model path for (v; �3), and let (A; �0) be an arbitrary assumptionin A0, and � = �j�0j. Since �3 is an instance of �1 and hence � is also a model path for(v; �1), k�M� A. Analogously for B0, so all assumptions in A0;B0 are true with respect to �.

Deduction rule...(i) A; F� ` G � R(h1; : : : ; hr)...(n+ 1) A ` F � G � �I(i)

Let M, c, v, v(�), A be as in the remarks above. Let � be an arbitrary model path for (v; �),and let � be its last element. In the case k�M� G, then k�M� F � G. Otherwise 6k�M� G.Since line (i) is correct and all assumptions in A true, then 6k�M� F , and hence k�M� F � G.

THEOREM 2.16 (Correctness of an MND proof)Let L be an MND system. If f(n) ` F w0 R(h1; : : : ; hm)g is the last line in an MNDproof in the system L, then F is valid in the class of L-models.

PROOF. Let C be the class of L-models. Since (n) is correct (Theorem 2.15), then for allC-models M there is a choice function c such that for all world path mappings v in M forc, line (n) is correct with respect to the model M under v, that is, if v(w0) is defined, thenfor all � 2 v(w0) k�M� F . According to the definition of world path mapping, v(w0) = W .Thus F is true in W for every world path mapping v, so it follows from the definition ofcorrectness of an MND derivation and Theorem 2.15, that the conclusion of the last line inan MND proof is valid in the class of L- models.


We defer the completeness proof until section 5, where we prove the completeness of thetransformation calculus, which yields as a corollary the completeness of the MND calculus.

3 Proof transformation

In this section we present a calculus for transforming resolution proofs of problems originallyformulated in modal logic, and translated into predicate logic using the functional translationmethod [20], into modal natural deduction proofs. We begin with two preliminary sections;Section 3.1 briefly introduces the functional translation method used to transform modal logicformulae into first-order logic. Section 3.2 contains some basic notions on refutation graphs,a compact representation of resolution proofs which serve as the starting point of our trans-formation process. The transformation calculus is presented in Section 3.3.

3.1 The functional translation method for modal logic

The functional translation method for modal logic introduced by Ohlbach [20] uses the pos-sible worlds semantics of the two modal operators2 and3 to translate modal logic formulaeinto first-order syntax, preserving satisfiability. Modal context information is encoded bymeans of so-called ‘context access functions’. These functions map worlds to accessibleworlds, and their composition represents a path through the possible worlds structure. A sim-ilar approach has been suggested by Auffray and Enjalbert in [2]. The target language of thetranslation method is order-sorted predicate logic (OSPL); the sort ‘W ! W ’ is defined foraccess functions. As an example, for a constant domain logic with serial accessibility rela-tion, the formula ‘23P ’ is translated into ‘8f : `W ! W ’9g : `W ! W ’P (f Æ g)’ wheref and g are context access functions.

Note that the formula in the above translation involves quantification of function symbols.The second-order syntax can be avoided by the use of a function apply (‘#’) taking twoarguments: a function variable and its argument, that is, f(p) is written # (f; p) with themeaning ‘apply the function f to the argument p,’ transforming in this manner the second-order syntax into first order. Whenever the second-order syntax is used, it is considered anabbreviation.

Further, to handle non-serial logics, a special predicate END is introduced, so thatEND(w) is true if w is an end world. So a formula ‘2P ’ is now translated into ‘8f :`W ! W ’:END(id) � P (id Æ f)’ meaning if the initial world (id) is not the end world,P holds in all worlds accessible through f . In order to handle non-constant domain logics, aspecial predicate EXISTS is introduced, so that EXIST (w; t) is true if the object referredto by t is in the domain associated with the world w. We refer the reader to [20] for details.

DEFINITION 3.1A mapping �F from modal logic into order-sorted predicate logic is defined recursively asfollows (Fw is used to abbreviate �F (F;w)):

xw = x if x is a variablef(t1; : : : ; tn) = f 0(w; (t1)w ; : : : ; (tn)) if f is an n-place function symbolP (t1; : : : ; tn)w = EXISTS0(w; (t1)w) ^ : : : ^EXISTS0(w; (tn)w)^

P 0(w; (t1)w; : : : ; (tn)w) if P is a predicate symbol(8xF )w = 8xEXISTS0(w; x) � Fw(9xF )w = 9xEXISTS0(w; x) ^ Fw


(2F )w = :END(w) � 8f : `W !W ’FwÆf(3F )w = :END(w) ^ 9f : `W !W ’FwÆf(F ^G)w = Fw ^Gw

(F _G)w = Fw _Gw

(F � G)w = Fw � Gw

(:F )w = :(Fw).

REMARKS. In the translated formulae the terms ‘id Æ x’ are rewritten to ‘x’.

EXAMPLE 3.2Consider the following axioms A1, A2 and A3 and theorem T :

A1 := 3PA2 := 2QA3 := 2(Q � R)T := 3R.

The translation of the axioms and the negation of the theorem into predicate logic assumingconstant domain, but not seriality of the accessibility relation yields:

�(3P ) := :END(id) ^ 9fP (id Æ f)�(2Q) := :END(id) � 8fQ(id Æ f)�(2(Q � R)) := :END(id) � (8fQ(id Æ f) � R(id Æ f))�(:3R) := :END(id) � 8f:R(id Æ f).

We note that the mapping�F is defined in [20] to handle parametrized modal logis as well.In this case, the context access functions are defined so as to depend not only on possibleworlds but also on domain elements, with the sort ‘D;W ! W ’ being introduced for thispurpose. So for instance ‘2p3qP ’ is translated into `8f : `D;W ! W ’9g : `D;W !W ’P (f(p) Æ g(q))’.

The mapping �F may be simplified for some particular cases, to account for serial ac-cessibility relations and constant domain interpretations. Basically, in case of seriality, thepredicateEND is no longer needed in the translated formula, since END(w) is false for allworlds w. In the case of constant domain logics, the predicate EXISTS is not necessary.Again, we refer the reader to [20] for details.

3.2 Refutation graphs

In this section we present some basic notions concerning the representation which serves asthe starting point of the transformation process described in the next section, namely refuta-tion graphs.

Refutation graphs, first used by Shostak [23], consist of a set of nodes, each marked with aliteral. These so-called literal nodes are grouped into nodes representing clauses. Resolvabil-ity between literal nodes is represented graphically by drawing links between pairs of literaloccurrences.

Refutation graphs are used as a compact representation of resolution proofs, abstractingfrom the ordering of resolution steps. The choice of refutation graphs as a starting point ofthe proof transformation does not impose a restriction on the method, since any resolutionproof can be transformed into a refutation graph [21]. The material in this section stems from[16] and [5].


DEFINITION 3.3Let L be the set of all literals. A clause graph is a quadruple � = (N ; [N ];$;�), where

(i) N is a finite set. Its members are called the literal nodes of �.

(ii) [N ] � 2N is a partition of the set of literal nodes. The members of [N ] are called theclause nodes of �. Contrary to the standard definition of a partition, ; 2 [N ] is allowed.

(iii) $ : N ! L is a mapping, which labels the literal nodes with literals, such that if L;K 2N belong to different clause nodes, then V ($L) \ V ($K) = ;.

(iv) The set of polylinks� is a partition of a subset ofN , such that for all � 2 � the followingpolylink condition holds:

(a) All the literal nodes in one polylink are labelled with literals whose atoms are unifiable.(b) There must be at least one positive and one negative literal in a polylink.

Literal nodes belonging to no polylink at all are called pure; Np is the set of all pure literalnodes. Each polylink � has two opposite shores, a positive shore S+(�), and a negativeshore S�(�), constituted by the literal nodes with positive and negative literals, respectively.As a literal node belongs to at most one polylink, it is possible to use �(N) to denote thispolylink; if N 2 Np;�(N) = ;.

A clause graph �0 is a subgraph of a clause graph � if it can be obtained from � byremoving sets of clause nodes and polylinks.

DEFINITION 3.4A clause graph � = (N ; [N ];$;�) is said to represent a clause set S if for every clause nodeC 2 [N ] there is a parent clause C 0 2 S and a ground substitution such that the restrictionof $ to C is a bijection between its literal nodes and the literals of C 0, or informally, if allthe clause nodes in the graph are instances of clauses in S.

DEFINITION 3.5A walk in a clause graph � is an alternating sequence C0�1C1 : : : Cn�1�nCn (n � 1)of clause nodes and polylinks such that for every pair of clause nodes Cj ; Cj+1 one clausenode contains a literal node of the positive shore of the connecting polylink �j and the othercontains a literal node of its negative shore.

A set of links separates � if there exist two clause nodes C and D connected by a walkin � which are no longer connected in the graph obtained from � by the deletion of .

A trail in a clause graph � is a walk where all the links used are distinct. A trail joinsits start and end clause nodes C0 and Cn. A cycle is a trail joining a clause node to itself.If a clause graph � contains such a cycle it is called cyclic, otherwise acyclic. It is calledconnected if each pair of clause nodes is joined by a trail.

A component of a clause graph � is a maximal connected subgraph of �.A deduction graph is a non-empty, ground and acyclic clause graph. A refutation graph is

a deduction graph without pure literal nodes. We sometimes speak of deduction or refutationgraphs even if they are not ground, but then the existence of a global substitution is requiredthat transforms them into ground graphs without destroying the polylink conditions for anyof its links. A minimal deduction (refutation) graph is one containing no proper subgraphwhich is itself a deduction (refutation) graph.

EXAMPLE 3.6Literal nodes are represented by boxes marked with the pertinent literal. Figure 6 showsa graph containing eight literal nodes—numbered 1 to 8—grouped into four clause nodes.There are three polylinks, namely f2, 4g, f5, 7g, and f1, 3, 6, 8g. This graph contains


no pure literal nodes. It contains no trail joining a clause node to itself, so it is acyclic (ifa link is entered by one of its shores, it must be exited through the opposite shore, so thelink joining f1, 3, 6, 8g cannot be used to form a cycle). It is a refutation graph proving�((3P ^ 2(Q � R) ^ 2Q) � 3R)), where � is the mapping from modal logic intofirst-order logic syntax as defined in the previous section.

¬END(id) ¬Q(id f3)END(id) R(id f3)

END(id) Q(id f2)

1 2

3 4 5

6 7

8

END(id) ¬R(id f4)

FIGURE 6. The refutation graph �0 proving �(F )

DEFINITION 3.7Let a(F ) denote the set of atom occurrences within a formula F . For a formula F anda clause graph � = (N ; [N ];$;�) representing the clause form of �(:F ), a relation� � f(!a; L)j!a 2 a(F ); L 2 Ng is a clause graph relation if it is compatible withthe relation established by the normalization process of the construction of the clause formof the formula. In the case of a modal formula F which is translated into predicate logic viathe functional translation method, the relation � must in addition be compatible with thistranslation process. So an END predicate introduced by the functional translation is relatedto all atom occurrences under the modal operator leading to the introduction of the predicate.Accordingly, an EXIST predicate introduced by the functional translation is related to allatom occurrences under the quantifier leading to the introduction of the predicate.

As an example, consider F := (3P ^ 2Q ^ 2(Q � R)) � 3R and the graph shown inFigure 6, representing the clause form of�(:F ). The clauseEND(id)_:Q(idÆf3)_R(idÆf3) with literals numbered 3, 4, and 5, respectively in Figure 6, stems from the subformula2(Q � R) of F , whose functional translation is :END(id) � (8fQ(id Æ f) � R(id Æ f)).Accordingly, the relation � associates the second occurrence of Q in F with both literalsnumbered 3 and 4 in the graph. It also associated the first occurence of R in F with theliterals numbered 3 and 5.

3.3 Transforming resolution proofs into MNDP Proofs

We follow the method in [16], developed for first-order logic, and introduce the concept of ageneralized natural deduction proof (GNDP) of a formula F . A GNDP resembles a naturaldeduction proof, but contains so-called external lines, which are not justified by a rule of theMND calculus, but by an “external” proof, possibly in a different calculus.

We will show how to obtain a natural deduction proof of a formula F by constructing a se-quence of generalized natural deduction proofs. Each element in the sequence is constructed


from its predecessor via transformation rules. They modify existing lines and possibly insertnew ones, thus creating a new GNDP in the sequence. The goal of the transformation pro-cedure is the eventual derivation of a natural deduction proof, which is accomplished by theelimination of all external lines from the GNDP.

DEFINITION 3.8A finite sequence S of proof lines is called a generalized natural deduction proof (GNDP) ofa formula F in the logic L, if

(i) F is the conclusion of the last line of S,

(ii) the last line of S has no assumptions, and

(iii) if a line is not justified by a rule of the logic L it must be correct with respect to the classof L-models as defined in Definition 2.11 (usually guaranteed by a proof in a differentcalculus).

Lines justified by a rule of the calculus are called internal, those justified by a proof,external lines. A GNDP consisting solely of an external line with conclusion F and noassumptions is called the trivial GNDP for F .

3.3.1 Transformation rulesTransformation rules are classified according to the types of lines to which they apply. Exter-nal rules are applied to external lines; they reduce the goal to a simpler formula. Mixed rulesare applied to external lines, triggered by the presence of certain internal lines. In both cases,this may involve the addition of new assumptions to the GNDP. Internal rules are appliedto internal lines, deducing new internal lines in the GNDP. These are the forward-chainingrules in the transformation calculus; they are used for reasoning in propositional logic and fordealing with modal contexts.

In this section we will present only a few modal transformation rules. For examples offirst-order rules see Appendix B, for a detailed account of first-order rules, see [16], and fora complete set of modal rules, see Appendix C.

In the transformation calculus, one needs to distinguish world paths which stem from exter-nal lines and those which are introduced by the application of internal rules. To this purposethe definition of world path and world path mapping are extended as follows:

DEFINITION 3.9Let Cp and Vw be as given in Definition 2.1. Further, let Ca be a denumerable set of worldconstants, and Vx a denumerable set of world variables, such that Cp; Ca;Vw, and Vx aremutually disjoint. Let = Cp [ Ca [ Vw [ Vx. A world path is a finite sequence � =!0!1 : : : !n such that !i 2 for 0 � i � n. We will use the symbols a; a0; a1; : : : forelements in Ca, and x; x0; x1; : : : for elements in Vx.

The definition of world path mapping (Definition 2.1) is extended by the following condi-tions:

1. v(a) = f�1g; �1 arbitrary,

2. v(x) = f�2g; �2 arbitrary,

3. v(�a) =

8<:

ff(�) 2 W j f = c(a); � 2 v(�)and f is defined on �g if v(�) is defined

undefined otherwise,


4. v(�x) =

8<:

ff(�) 2W j f = c(x); � 2 v(�)g if v(�) is definedand f is total on v(�)

undefined otherwise.

REMARKS. The world path �a denotes a set of arbitrary successors of the worlds denotedby �. The world path �x denotes a set of particular successors of the worlds denoted by �,which are left unspecified at the moment of their introduction to the proof. See rules E2,E3, and the rule M-Close.

In the following, �, �, and are integers such that �; > �, A and B denote lists ofassumption formulae, capital letters F , G,: : : indicate single formulae, small Greek lettersare used as labels for proof lines, the justification ‘R’ stands for an arbitrary rule of the MNDcalculus, the justifications �, �0, �00 represent proofs, and �, �0, �p, �x, �a and �w representworld paths. For all transformation rules it must be the case that the proofs �0 and �00 can bederived from the proof � or are otherwise known. In the automatic transformation procedure,the proofs �0, �00 must be computed from �.

External rules External transformation rules should be understood as follows: given a GNDPwith a line matching the line on the left side of the arrow, a new GNDP is created by replacingthis line by those on the right side of the arrow.

E2:

(�) A ` 2F � � !

�(�) A ` F �a �0

(�) A ` 2F � 2I(�)

where a 2 Ca is new to the GNDP.

E3:

(�) A ` 3F � � !

�(�) A ` F �x �0

(�) A ` 3F � 3I(�)

where x 2 Vx is new to the GNDP.

E:2:

(�) A ` :2G � � !

�(�) A ` 3:G � �0

(�) A ` :2G � :2E(�)

REMARKS. The external rule E2 should be understood as follows: given as goal the proofof 2F in � from the assumptions in A, one may justify this line with the 2I rule of theMND calculus, provided one can construct a proof of F from A in �a, that is, in arbitrarysuccessors of the worlds denoted by �.

Analogously, for the external rule E3: given as goal the proof of 3F in � from the as-sumptions in A, one may justify this line with the 3I rule of the MND calculus, providedone can construct a proof of F from A in a set containing one successor of each world in �.

At the time E3 is applied, this set remains unspecified—denoted by the variable x in theworld path introduced by the rule. This variable must be instantiated by an element of Cp ata later point in the transformation (see rule M-Close and the example in Section 4).

Note that there is also a rule E:3 analogous to E:2.

Internal rules The internal rules should be understood as follows: given a GNDP with a linematching line (�) in the rule, a new GNDP is created by adding the line marked by an arrow.


I2: (�) A ` 2F � R! (�) A ` F �w 2E(�)

I3: (�) A ` 3F � R! (�) A ` F �p 3E(�)

where p 2 Cp is new to the GNDP

I:2: (�) A ` :2F � R! (�) A ` 3:F � :2E(�)

I?-Return: (�) A ` ? �p R! (�) A ` ? � ?-Ret(�)

I-MI: (�) B ` G �0 R(�) A ` F � R

! ( ) A0;B0 ` F �0 MI(�; �)provided �0 = �(�) is an instance of �, and A0 = �(A), B0 = �(B).

REMARK. There is also an internal rule I:3 analogous to I:2.

The following rules are needed for modal logics other than K (logics determined by theclasses of transitive, reflexive, symmetric, serial and/or Euclidean Kripke models):

I-Tran: (�) A ` 2F � R! (�) A ` 22F � Tran(�)

I-Reflex: (�) A ` 2F � R! (�) A ` F � Reflex(�)

I-Sym: (�) A ` 32F � R! (�) A ` F � Sym(�)

I-Ser: (�) A ` 2F � R! (�) A ` 3F � Ser(�)

I-Eu: (�) A ` 3F � R! (�) A ` 23F � Eu(�)

Closing rules The following mixed rules serve to ‘close’ an external line. If an internal line(�) is derived which contains the same conclusion formula as an external line (�), further (�)contains no assumptions which are not present in (�), and (�) contains a world path ‘compat-ible’ with that of (�) as specified below, then the external line (�) may be transformed intoan internal line by an application of the rules M-Close and M-Close/inst. In order to ensure‘compatibility’ of world paths we introduce the following concepts:

DEFINITION 3.10We define an extended instance of a world path inductively as follows:

(i) !0 is an extended instance of ! if !0 is an instance of !,


(ii) c 2 Ca is an extended instance of w 2 Vw,

(iii) �0!0 is an extended instance of �! if �0 is an extended instance of �, and!0 is an extendedinstance of !.

DEFINITION 3.11We define a general instance of a world path inductively as follows:

(i) !0 is a general instance of ! if !0 is an extended instance of !0,

(ii) x 2 Vx is a general instance of p 2 Cp,

(iii) �0!0 is a general instance of �! if �0 is a general instance of �, and !0 is a general instanceof !.

M-Inst(�) B ` F �0p�1 R(�) A ` F �00x�

01 �

( 1) C1 ` G1 �000x�001 R1

...

( n) Cn ` Gn �(n)0 x�

(n)1 Rn

9>>>>>=>>>>>;

!

8>>>>><>>>>>:

(�) B ` F �0p�1 R(�) A ` F �00p�

01 �0

( 1) C1 ` G1 �000 p�001 R1

...

( n) Cn ` Gn �(n)0 p�

(n)1 Rn

provided B � A, �00x�01 is a general instance of �0p�1, and further, the rule is applied to all

lines i in the derivation with world paths whose (j�0j+1)th symbol is x.

M-Close(�) A ` F � R(�) A ` F �0 �

�!

�(�) A ` F � R(�) A ` F �0 MI(�; �)

provided B � A, and further �0 is an extended instance of �.

REMARKS. If B = A and �0 = �, line � is superfluous and may be omitted, after all lineswhich use � as a justification have been changed to use � instead. See Section 4 for anexample of the application of M-Close.

Once M-Close is applied to the last external line in the derivation, the rule I-Final is used tosubstitute all symbols from Ca appearing in the derivation by symbols from Vw:

I-Final:(�1) A1 ` F1 �00a�

01 R1

...

(�n) An ` Fn �(n)0 a�

(n)1 Rn

9>=>; !

8><>:

(�1) A1 ` F1 �00w�01 R1

...

(�n) An ` Fn �(n)0 w�

(n)1 Rn

provided the rule is applied to all lines in the derivation with world paths whose (j�0j+ 1)thsimbol is a.

DEFINITION 3.12We define the transformation systems:TK = f E^, E_1, E�, E8, E9, E:, E2, E3, M-Cases, M-Choose, I?, I^left, I^right, I�,I:^, I:_, I: �, I::, I:8, I:9, I8, I2, I3, I:2, I:3, I?-Return , I-Ex? g, TKD =TK [ fI-Serg, TKT = TK [ fI-Reflexg, TKB = TK [ fI-Symg, TK4 = TK [ fI-Trang,TK5 = TK [ fI-Eug.

Additional systems are obtained by the union of these sets. For instance TS4 = TKT[TK4.


4 Example

In this section, a GNDP sequence for the formula F := (3P ^ 2Q ^ 2(Q � R)) � 3R isused to illustrate the proof transformation process. It shows how external rules are applied toreduce the ‘goal’ formula to a simpler formula, and how internal rules are used for performingreasoning in propositional logic and dealing with modal contexts. The axioms and theoremare shown below:

A1 := 3PA2 := 2QA3 := 2(Q � R)T := 3R.

The translation of the axioms and the negation of the theorem into OSPL without seriality ofthe accessibility relation yields:

�(3P ) := :END(id) ^ 9fP (id Æ f)�(2Q) := :END(id) � 8fQ(id Æ f)�(2(Q � R)) := :END(id) � (8fQ(id Æ f) � R(id Æ f))�(:3R) := :END(id) � 8f:R(id Æ f).

The variable disjoint clause set for �F (:F ) consists of the clauses below:

C1 := :END(id)C2 := P (id Æ a)C3 := END(id) _Q(id Æ f2)C4 := END(id) _ :Q(id Æ f3) _R(id Æ f3)C5 := END(id) _ :R(id Æ f4).

The following information is available at the beginning of the proof transformation:

1. a refutation graph �0 proving �(F ),

2. a clause graph relation � between the atom occurrences of F and the literal nodes of therefutation graph �0, and

3. a ground substitution mapping the variables in the clause set for �(:F ) to the groundterms occurring in the corresponding clause nodes of the refutation graph.

The refutation graph �0 is shown in Figure 7. Note that clause C2 is not present in the graph.The contribution of the formula 3P to the reasoning involved is solely the existence of aworld. The substitution is as follows: = fa=f2; a=f3; a=f4g.

The relation � relates the occurrence of P in F to the literal node numbered 8 in Figure7. The first occurrence of Q in F is related to the literal nodes numbered 1 and 2, while thesecond occurrence of Q to the nodes numbered 3 and 4. The first occurrence of R in F isrelated to the nodes numbered 3 and 5. Finally, the last occurrence of R in F is related to thenodes 6 and 7.

The proof transformation begins with the trivial GNDP for F:

(50) ` (3P ^ 2(Q � R) ^ 2Q) � 3R a0 �0

The first rule to be applied is E�, yielding the following GNDP:

(1) 1a0 ` 3P ^ 2Q ^2(Q � R) a0 Ass

(49) 1a0 ` 3R a0 �0(50) ` (3P ^ 2(Q � R) ^ 2Q) � 3R a0 �I(1; 49)


¬END(id) ¬Q(id f3)END(id) R(id f3)

END(id) Q(id f2)

1 2

3 4 5

6 7

8

END(id) ¬R(id f4)

FIGURE 7. The refutation graph �0 proving �(F )

The refutation graph �0 that justified line 50 remains unchanged; it now justifies the externalline 49.1 � and remain unaltered as well. The external rule E3 is applied next, resultingin the new line (48), which is justified by the same refutation graph �0. Line (50) is nowinternal. For each step of the proof transformation only lines relevant to the applied rulewill be shown in the new GNDP; all other lines in the preceding GNDPs are assumed to beincluded unchanged.

(48) 1a0 ` R a0x1 �0(49) 1a0 ` 3R a0 3I(48)

No external rule can be applied to the external line 48 at this point. The refutation graphguides the next step in the proof transformation [17]. There are two literal nodes (numbered6 and 7) related to R in the graph. To prove the conjunction :END(id) ^ R(id f4) we‘cut’ the clause node producing two refutation graphs proving :END(id) and R(id f4).Both graphs involve nodes containing the END predicate. This means the next steps in thetransformation involve the proof of the existence of a world. The information provided bythe relation � is used to isolate the appropriate formula—3P—with the I^ rule. Its modalcontext is eliminated with I3, introducing lines (2) and (3) to the GNDP as follows.

The graph �1 (shown in Figure 8.) is constructed from �0 by the elimination of the link �and associated literals. The relation�1 is constructed from� by deleting elements associatedwith deleted nodes.

(1) 1a0 ` 3P ^ 2Q ^ 2(Q � R) a0 Ass(2) 1a0 ` 3P a0 Ê(1)(3) 1a0 ` P a0p1 3E(2)

Next the relation �1 is used to isolate A2 and A3 with the rule I^. The modal context ofthese formulae is ‘eliminated’ with the rule I2.

(4) 1a0 ` 2Q a0 Ê(1)(5) 1a0 ` Q a0w1 2E(4)(6) 1a0 ` 2(Q � R) a0 Ê(1)(7) 1a0 ` Q � R a0w2 2E(6)

The graph �1 guides the application of the next rule. It is possible to derive R in an appro-priate modal context by reasoning in propositional logic alone, so the rule I-Tau is applied,producing the following internal line:

1Technically, the polarization of the assumption clause nodes changes. For details, see [16].


¬Q(id f3) R(id f3)

Q(id f2)

¬R(id f4)

FIGURE 8. The refutation graph �1 proving R

(8) 1a0 ` R a0w1 Tau(5; 7)

According to the external line (48), the ‘goal’ is to produce a proof of R in a particularsuccessor of a0. Since R has been proven in a0w1, and there is a line with modal contexta0p1 present in the proof, the modal instantiation rule can be applied to lines (3) and (8)yielding:

(9) 1a0 ` R a0p1 MI(5; 8)

Now all conditions have been met so that line (48) can be transformed into an internal line.Note that M-Close could not have been applied to lines (48) and (8) although their conclu-sions and assumption set match. A world path in an external line with an element of Vxrequires an internal line with an element of Cp in its internal line for the rule M-Close to beapplied.

(9) 1a0 ` R a0p1 MI(5; 8)(48) 1a0 ` R a0p1 MI(9)

Since the assumption sets and the world paths of lines (9) and (48) are equal, line (48) can bedeleted from the proof, after all lines using (48) as a justification have been changed to use(9) instead. At this point the symbol a0 from Ca is changed into a symbol from Vw with theI-Final rule. The final GNDP is shown below.

(1) 1w0` 3P ^ 2Q ^2(Q � R) w0 Ass

(2) 1w0` 3P w0 Ê(1)

(3) 1w0` P w0p1 3E(2)

(4) 1w0` 2Q w0 Ê(1)

(5) 1w0` Q w0w1 2E(4)

(6) 1w0` 2(Q � R) w0 Ê(1)

(7) 1w0` Q � R w0w2 2E(6)

(8) 1w0` R w0w1 �E(5; 7)

(9) 1w0` R w0p1 MI(5; 8)

(49) 1w0` 3R w0 3I(9)

(50) ` (3P ^ 2(Q � R) ^ 2Q) � 3R w0 �I(1; 49)

5 Completeness

We now turn to the completeness of the transformation rule system. The construction usedfor the proof is as follows: external rules are applied until all external lines in the GNDP


conclude in literals. Each external line in the GNDP thus obtained is then mapped to a so-called prefixed tableau. Prefixed tableaux, due to Fitting [6], consist of nodes which aremade up of prefixed formulae; these are formulae preceded by a construct which is intendedto name a modal context for the formula. By using the completeness of prefixed tableaux,and a correspondence between prefixed tableaux rules and internal and mixed transformationrules, we argue that a GNDP sequence with a modal natural deduction proof as its last elementcan be constructed.

In order to establish a correspondence between certain sequences of GNDPs and sequencesof prefixed tableaux, we modify the prefixed tableaux introduced in [6] to use world paths asprefixes instead of sequences of positive integers. We begin with some preliminary defini-tions. See [6] for a definition of prefixed tableaux.

DEFINITION 5.1The rank r(F ) of a formula F is defined recursively as follows: if F is an Atom, r(F ) =r(:F ) = 0,if F is ?, r(F ) = 0,if F = :G and G is not an atom, r(:G) = 1 + r(G),if F = G �H , � 2 f^;_g, r(F ) = 1 +max(r(G); r(H)),if F = G � H , r(F ) = 3 +max(r(G); r(H)),if F = �xG, � 2 f8; 9g, r(F ) = 1 + r(G),if F = �G, � 2 f2;3g, r(F ) = 1 + r(G).NB. The unorthodox definition of the rank of an implication is intended to make subsequentproofs easier.

DEFINITION 5.2A prefixed formula is a pair (�; F ) where � is a world path and F a formula.

DEFINITION 5.3Prefixed tableau rules are defined as shown in Figure 9, where: in (8) and (9)w 2 Vw, in (10)and (11) p 2 Cp is new to the branch; in (12) and (13) t is any term free for x in F , and in(14) and (15) a is a new constant, cf. [6].

DEFINITION 5.4We define a function f mapping GNDPs and external lines in GNDPs to prefixed tableaux,such that f(G; �) is mapped to a prefixed tableau T as follows:

1. If the conclusion of the external line � is not ?, there is a node in T consisting of thenegation of the conclusion of � prefixed by its world path.

2. For each internal line � in G which introduces an assumption (other than ? ) on which� depends, there is a corresponding prefixed tableau node consisting of the conclusion ofthe internal line prefixed by its world path.

3. For each internal line �—with conclusion other than?—which depends only on assump-tions on which � also depends, whose world path contains no element from Vw, and whichprecedes � in the GNDP, there is a corresponding prefixed tableau node as in 2.

Further we define a function ! from GNDPs, external lines in GNDPs and lines in GNDPsto occurrences of nodes in prefixed tableaux, such that !(G; �; �) is the node in f(G; �)corresponding to line � in G. If there is no such node, that is, the conclusion of � is ?, or �is neither �, nor an assumption line on which � depends, nor an internal line depending on anassumption on which � also depends, !(G; �; �) is undefined.


(1)� (F1 ^ F2)

� F1� F2

(2)� :(F1 _ F2)

� :F1� :F2

(3)� :(F1 � F2)

� F1� :F2

(4)� :(:F )

� F

(5)� F1 _ F2� F1 j �F2

(6)� :(F1 ^ F2)

� :F1 j �:F2(7)

� F1 � F2� :F1 j � F2

(8)� 2F

�w F(9)

� :3F

�w :F(10)

� 3F

�p F(11)

� :2F

�p :F

(12)� 8xF

� F [t=x](13)

� :9xF

� :F [t=x](14)

� 9xF

� F [a=x](15)

� :8xF

� :F [a=x]

FIGURE 9. Prefixed tableau rules

REMARK. The function f maps a GNDP and an external line in the GNDP into a tableauconsisting of only one branch; this branch contains the negation of the conclusion of theexternal line, and one node for each assumption on which the external line depends.

DEFINITION 5.5Let G be a GNDP, � a line in G, and f as defined above. A branch � of a prefixed tableauT = f(G; �) is closed if it contains nodes !(G; �; �) = � F and !(G; �; �) = �0:F suchthat if � and � are both internal lines in G then � = �0 and for all i, �(i) 2 Cp [ Ca, else� = � and for all i, either �(i) = �0(i) and �(i) 2 Cp [ Ca, or �(i) 2 Cp and �0(i) 2 Vx.

DEFINITION 5.6Let �c be the set of world paths containing no symbol from Vw. We let Ra—the prefixaccessibility relation—be a binary relation on �c. We shall write �Ra�

0 to mean that �0 isaccessible from �. Ra is said to satisfy:

the general condition iff for every � 2 �, �Ra�! for every ! 2 Cp [ Ca [ Vx;the symmetric condition iff for every � 2 � , �pRa� for every p 2 Cp;the reflexive condition iff for every � 2 � , �Ra�;the transitive condition iff for every � 2 �, �Ra��

0 for every �0 2 �.

The following lemma and theorem will be needed in order to establish the completeness ofthe transformation calculus. The proof of the following lemma is analogous to the proof ofLemma 6.1 in [6].

LEMMA 5.7Let S be a set of prefixed formulae such that F is closed for all �F 2 S. If S is downwardsaturated, then S is L-satisfiable.

The proof of the following theorem is analogous to proof of Theorem 6.2 in [6].


THEOREM 5.8Let C be a class of models whose relation may be symmetric, reflexive, and/or transitive.Further let M an arbitrary model in C, v a world path mapping in M, and � an arbitraryworld path. Furthermore, let F be a formula and A a set of assumptions, A =

Sf(Ai; �i)g.

If for all model paths � for (v; �) either F is true in the last world in � or there is anassumption (A; �0) 2 A which is not true with respect to �, then the prefixed tableau for theset S = f�1A1; �2A2; : : : ; �nAn; �:Fg closes.

PROOF. Let T be the prefixed tableau constructed from T0 by the systematic tableau proce-dure. Suppose T does not close. So T must have at least one open branch �. Since the nodesin � have been introduced by the systematic tableau procedure, they constitute a downwardsaturated set. Therefore according to Lemma 5.7 this set is L-satisfiable. Since �:F is an el-ement of this set, there is a modelM0 and a world path mapping v0 inM0 so that k�M

v0(�) :F

holds. Hence not k�Mv0(�) F and since k�M

v(�) F for an arbitrary v and an arbitrary M the

supposition is false, that is, T closes and the theorem holds.

EXAMPLE 5.9We intend to define a correspondence between certain transformation rules and prefixedtableaux rules. We begin with an example. Consider the following GNDP G0:

(1) 1 ` :(F � :(G ^H)) a0 Ass(20) 1 ` (G ^H) a0 �

Now, let G1 be the GNDP obtained from G0 by the application of the rule E^ (see Appendix Afor a list of first-order rules):

(1) 1 ` :(F � :(G ^H)) a0 Ass(10) 1 ` G a0 �0

(19) 1 ` H a0 �00

(20) 1 ` (G ^H) a0 ^I(10; 19)

T1 = f(G1; 10) is the following prefixed tableau:

a0 :Ga0 :(F � :(G ^H))

The application of the prefixed tableau rules ‘:(F1 � F2)’, ‘:(:F )’ and ‘F1 ^ F2’ to T1yields a closed tableau T2 as follows:

a0 :Ga0 :(F � :(G ^H))a0 Fa0 ::(G ^H)a0 G ^Ha0 Ga0 H

Further, let G2 be the GNDP obtained from G1 by the application of the GNDP transformationrules I:�, I^left and I^right, I:: followed by I^left and I^right:


(1) 1 ` :(F � :(G ^H)) a0 Ass(2) 1 ` F ^ ::(G ^H) a0 Tau(1)(3) 1 ` F a0 Ê(2)(4) 1 ` ::(G ^H) a0 Ê(2)(5) 1 ` (G ^H) a0 ::E(3)(6) 1 ` G a0 Ê(5)(7) 1 ` H a0 Ê(5)(10) 1 ` G a0 �0

(19) 1 ` H a0 �00

(20) 1 ` (G ^H) a0 Î(10; 19)

f(G2; 10) is the following tableau:

a0 :Ga0 :(F � :(G ^H))a0 F ^ ::(G ^H)a0 Fa0 ::(G ^H)a0 G ^Ha0 Ga0 H

We note: all nodes in T2 are present in f(G2; 10). The tableau f(G2; 10) contains one addi-tional node, namely a0 F ^::(G^H). We write f(G2; 10) � T2 and note that f(G2; 10) isa closed tableau as well, and further that line (10) in G2 can be closed by an application of therule M-Close. (T � T 0 denotes the fact that all branches in T have a ‘corresponding’ branchin T 0 as we shall see shortly.)

We depict our general claim in Figure 10 before stating it informally.

G

G0

f(G; �)

f(G0; �) � T ;? ?

-

-f

f

Traforules

Tableaurules

FIGURE 10. GNDP–tableau correspondence

Let G in Figure 10 be a GNDP such that the conclusions of its external lines consist ofliterals only, and let � be an external line in G. Now, the application of the function f toG and � yields a prefixed tableau f(G; �). We claim that if a sequence of tableau rules isapplied to f(G; �) producing a closed tableau T , then there is a corresponding sequence oftransformation rules which, applied to G, yields a GNDP G0, such that ‘f(G0; �) � T ’, to theeffect that f(G0; �) is a closed tableau as well. Further we claim that there is an internal linein G0 which can be used to close the external line �:

We now formalize these concepts. In the following, we will sometimes refer to a prefixedtableau simply as a tableau.


DEFINITION 5.10Let � and �0 be tableau branches. We write � � �0 iff for all nodes n in � there is a node n0 in�0 such that n = n0. We say T subsumes T 0 (denoted by T � T 0) iff for all branches � in Tthere is a branch �0 in T 0 such that �0 � �.

It follows from this definition that if T � T 0, then T closes whenever T 0 closes. Furtherthe number of rule applications needed to close T does not exceed the number needed toclose T 0.

We introduce the following notation. We write

T1[(�1); : : : ; (�m)! (�1); : : : ; (�n)]G

to denote the GNDP constructed from G by the application of rule T1 to lines (�1):::(�m),inserting the new lines (�1):::(�n) as specified by the rule T1.

In case of the rule I-Inst, we write I-Inst(�)[(�)! (�)]G to denote the GNDP constructedfrom G by the application of this rule to the line � such that the world path in � is instantiatedwith � to the world path in �.

Example: I^left[(�) ! (�)]G is the GNDP constructed from G by the application of therule I^left to line (�) in G, inserting line (�).

Note that lines appearing on the left side of the arrow are left unchanged in the new GNDP.A line which is modified by the rule appears on both sides of the arrow. We use the con-catenation symbol Æ to denote a series of multiple rule applications, in the specified sequence.

DEFINITION 5.11Let Tf be the set of prefixed tableaux obtained by the application of the function f to a GNDPand external lines in GNDPs as defined above, and let Tr be the set of prefixed tableauxobtained by the application of a tableau rule to the elements of Tf . We define a prefixedtableau function to be a function r from Tf � Tr to GNDPs as follows. Let G1 be a GNDP, �an external line in G1 and let T1 = f(G1; �).

1. If T2 is obtained from T1 by the application of the rule ‘F1 ^ F2’ to the node !(G1; �; �),then r(T1; T2) = I ^ left[(�)! (�) Æ I ^ right[(�) ! ( )]G1.

2. If T2 is obtained from T1 by the application of the rule ‘:(F1_F2)’ to the node!(G1; �; �),then r(T1; T2) = I:_ [(�)! (�)] Æ I ^ left[(�)! ( )] Æ I ^ right[(�)! (Æ)]G1.

3. If T2 is obtained from T1 by the application of the rule ‘:(F1 � F2)’ to the node!(G1; �; �), then r(T1; T2) = I:�[(�) ! (�)] Æ I ^ left[(�) ! ( )] Æ I ^ right[(�) !(Æ)]G1.

4. If T2 is obtained from T1 by the application of the rule ‘:(:F )’ to the node !(G1; �; �),then r(T1; T2) = I::[(�) ! (�)]G1.

5. If T2 is obtained from T1 by the application of the rule ‘F1 _ F2’ to the node !(G1; �; �),then r(T1; T2) = M-Cases[(�); (�) ! (�); ( ); (Æ); ("); (�)]G1 .

6. If T2 is obtained from T1 by the application of the rule ‘:(F1^F2)’ to the node!(G1; �; �),then r(T1; T2) = I:^ [(�)! (�)] ÆM-Cases[(�); (�) ! ( ); (Æ); ("); (�); (�)]G1 .

7. If T2 is obtained from T1 by the application of the rule ‘F1 � F2’ to the node !(G1; �; �),then r(T1; T2) = I� [(�)! (�)] ÆM-Cases[(�); (�) ! ( ); (Æ); ("); (�); (�)]G1 .

8. If T2 is obtained from T1 by the application of the rule ‘2F ’ to the node !(G1; �; �): let� 2F be the node !(G1; �; �). For each node �0 F inserted by the rule:If the condition by which �0 is accessible from � is:


(a) generalr(T1; T2) = I2[(�) ! (�)] Æ I-Inst(�)[(�) ! ( )]G1, where � is such that �0 =�(�w);

(b) symmetricin this case � = ��p and �0 = ��. There must be a line �0 preceding � in the GNDPwith conclusion32F and world path ��. r(T1; T2) = I3Sym[(�0)! (�)]G1;

(c) reflexivein this case �0 = �. r(T1; T2) = I-Reflex[(�)! (�)]G1;

(d) transitivein this case �0 = ��00. Let j�00j = n. r(T1; T2) = I-Trans[(�) ! (�1)] Æ : : : ÆI-Trans[(�n�2) ! (�n�1)] Æ I2[(�n�1) ! (�1)] Æ : : : Æ I2[(�n�1) ! (�n)] ÆI-Inst(�)[(�n) ! ( )]G1, where � is such that �0 = �(�w1w2 : : : wn) (the wis areinserted by applications of the I2 rule).

9. If T2 is obtained from T1 by the application of the rule ‘:3F ’ to the node !(G1; �; �)then r(T1; T2) is as in (8), but with I:3[(�) ! (�)] being applied preceding the rulesspecified.

10. If T2 is obtained from T1 by the application of the rule ‘3F ’ to the node !(G1; �; �) thenr(T1; T2) = I3[(�)! (�)]G1.

For Euclidean logics: r(T1; T2) = I3[(�)! (�)] Æ I-Eu[(�)! (�)]G1.

11. If T2 is obtained from T1 by the application of the rule ‘:2F ’ to the node !(G1; �; �)then r(T1; T2) = I:2[(�) ! (�)] Æ I3[(�)! (�)]G1.

For Euclidean logics: r(T1; T2) = I:2[(�) ! (�)]ÆI3[(�)! ( )]ÆI-Eu[(�)! (Æ)]G1.

12. If T2 is obtained from T1 by the application of the rule ‘8xF ’ to the node !(G1; �; �)inserting the term t, then r(T1; T2) = I8[(�)! (�)]G1, where I8 inserts t as well.

13. If T2 is obtained from T1 by the application of the rule ‘:9xF ’ to the node !(G1; �; �)inserting the term t, then r(T1; T2) = I:9[(�)! (�)] Æ I8[(�)! ( )]G1.

14. If T2 is obtained from T1 by the application of the rule ‘9xF ’ to the node !(G1; �; �) thenr(T1; T2) = M-Choose[(�); (Æ) ! (�); ( ); (Æ)]G1.

15. If T2 is obtained from T1 by the application of the rule ‘:8xF ’ to the node !(G1; �; �)then r(T1; T2) = I:8[(�)! (�)] ÆM � Choose[(�); (")! ( ); (Æ); (")]G1.

LEMMA 5.12Let (�) be an external line with a literal as its conclusion in a GNDP G1. Further let T1 =f(G1; �), let T2 be a tableau obtained from T1 by the application of a tableau rule, and letr(T1; T2) = G2. Then:

1. If G2 is obtained from G1 by the application of internal rules only, then f(G2; �) � T2.

2. If G2 is obtained from G1 by the application of at least one mixed rule, then f(G2; �) � T2for all external lines � inserted by the application of the rule.

PROOF. We consider the following cases from Definition 5.11:

(5) T2 is obtained from T1 by an application of the rule ‘F1 _ F2’ to the node !(G1; "; �). Sothere is a line� in G1 whose conclusion is a disjunction, and r(T1; T2) = M- Cases[(�); (�) !(�); ( ); (Æ); ("); (�)]G1 . G1 contains the following lines:


...(�) A ` F _G � R...(�) A ` L � �

According to the definition of f , f(G1; �) = T1 is a tableau consisting of a branch � whichcontains the following nodes:

� :L...� F _G...

The application of ‘F1 _ F2’ to the node !(G1; �; �) yields T2 as follows:

� :L...

� F _G...

� F � G

��

��

��

QQQQQQ

G2 is the GNDP obtained from G1 by the application of the rules M- Cases to (�) and (�) asfollows:

...(�) A ` F _G � R...Case 1:(�) A; F ` F � Ass( ) A; F ` L � �0

Case 2:(Æ) A; G ` G � Ass(") A; G ` L � �00

End of cases(�) A ` L � _E(�; ; ")

Now, f(G2; ) is a tableau consisting of a branch �0 which contains the following nodes:


� :L...� F _G...� F...

Obviously f(G2; ) � T2 and analogously f(G2; ") � T2.

(9) T2 is obtained from T1 by an application of the rule ‘:3F ’ to the node !(G1; �; �).In this case G1 contains an internal line as follows, and r(T1; T2) = I:3[(�) ! (�)] ÆI2[(�)! ( )]G1.alias

...(�) A ` :3F � R...

Let f(G1; �) = T1. According to the definition of f , T1 is a tableau consisting of a branch �with the following node !(G1; �; �):

...� :3F...

The application of the rule ‘:3F ’ to the node !(G1; �; �) yields T2:

...� :3F�w :F...

G2 is the GNDP obtained from G1 by the application of the rules I:3 to (�) and I2 to theresulting line (�):

...(�) A ` :3F � R(�) A ` 2:F � :3E(�)( ) A ` :F �w 2E(�)

According to the definition of f , f(G2; �) is a tableau consisting of a branch �0 containing thefollowing nodes:


...� :3F� 2:F�w :F...

Obviously f(G2; �) � T2.We limit ourselves to showing the cases above. All other cases are analogous.

LEMMA 5.13Let G1 be a GNDP derived from a trivial GNDP such that the conclusion formulae of itsexternal lines are literals. Let f(�) A ` L � �g be an external line in G1. Further letT1 = f(G1; �). If (T1; T2; : : : ; Tn) is a prefixed tableau sequence such that Ti+1 is obtainedfrom Ti by the application of a tableau rule and Tn is closed, then there exists a sequence ofGNDPs (G1;G2; : : : ;Gn) such that Gn contains an internal line f(� 0) A0 ` L �0 Rg suchthat M-Close can be applied to (�) and (� 0), or Gn can be transformed into such a GNDP bythe application of the rules I?, ?-Return, I-Ex?, I2 and I3.

PROOF. By induction on n, the length of the sequence of prefixed tableaux.

Induction base: n = 1.The tableau T1 is closed. We show that G1 contains an internal line f(� 0) A0 ` L �0 Rgsuch that M-Close can be applied to (�) and (� 0), or G1 can be transformed into such a GNDPby the application of the above rules. We note: f(G1; �) consists of a branch �.

Since � is closed, there are nodes !(G, 1; �) = �1 G and !(G; 2; �) = �2 :G in � andeither:

1. 2 = � and for all i, either �1(i) = �2(i) and �1(i) 2 Cp [ Ca, or �1(i) 2 Cp and�2(i) 2 Vx.

In this case 1 is an internal line such that M-Close can be applied directly to 1 and 2( 2 = �).

2. 1 and 2 are both internal lines and �1 = �2 and for all i�1(i) 2 Cp [ Ca.

In this case G1 contains lines as follows:

...( 1) C1 ` G �0 R 1

...( 2) C2 ` :G �0 R 2

Let A1; : : : ; An be the assumptions introduced in the process of deriving the external line(�), and �a1 ; : : : ; �an their respective world paths:


(�1) A1 ` A1 �a1 Ass...(�n) An ` An �an Ass...( 1) C1 ` G �0 R 1

...( 2) C2 ` :G �0 R 2

...(�) A ` L � �

Now, the assumptions Ai were introduced by the application of external rules, so that themodal contexts �ai are all prefixes (proper or otherwise) of �. Now, let � be the longestworld path in �a1 ; : : : ; �an used in the derivation of G and :G above, such that �0 = ��000

(�000 may be empty). Note that the world path � is a prefix of � as well, that is, � = ��00,where �00 may be empty, and further that the world path � consists of elements from Ca andCp exclusively. Lines 1 and 2 are as follows:

...( 1) C1 ` G ��000 R 1

...( 2) C2 ` :G ��000 R 2

An application of I? to lines ( 1) and ( 2) yields:

...( 1) C1 ` G ��000 R 1

...( 2) C2 ` :G ��000 R 2

(Æ) C1; C2 ` ? ��000 Contra( 1; 2)...(�) A ` L ��00 �

Now, arbitrary world constants (elements from Ca) are introduced by the application of ex-ternal rules, and may occur in world paths of external lines, of assumptions introduced byexternal rules or any internal lines derived from these assumptions, that is, an element fromCa may occur in � but not in �000. The world path ��000 is ground, so �000 contains only par-ticular world constants (elements from Cp). Further, since there are no assumptions in C1 orC2 introduced in a context of length greater than j�j, the rule ?-Return may be repeatedlyapplied to ‘bring’? to �, yielding:

...(Æ) C1; C2 ` ? ��000 Contra( 1; 2)...(�) C1; C2 ` ? � ?-Ret(Æn)(�) A ` L ��00 �


We need to derive an internal line with conclusion L in the appropriate modal context. Thiscan be accomplished with the rule I-Ex?. To this purpose we define a function � from worldpaths to modalities as follows (let � denote the empty world path and " the empty modality):

1. �(�) = "

2. �(�a) = 2�(�)

3. �(�x) = 3�(�).

We now apply I-Ex? to line (�) to produce:...(�) C1; C2 ` ? � ?-Ret(Æn)(�) C1; C2 ` �(�00)L � I-Ex?(�)(�) A ` L ��00 �

If the world path �00 is empty, or equivalently, if the modality �(�00) is empty, (�) is thedesired internal line, else successive applications of the rules I2 and I3 yield:

...(�) C1; C2 ` ? � ?-Ret(Æn)(�) C1; C2 ` �(�00)L � I-Ex?(�)(�) C1; C2 ` L ��(iv) R(�) A ` L ��00 �

where �(iv) contains a new world constant (an element from Cp) where �00 contains an ele-ment from Vx, and an element from Vw where �00 contains an element from Ca. So ��(iv)

and ��00 fulfil the world path condition for the application of M-Close. Further, since theassumption set of the external line consists of the union of all assumptions present in thebranch, C1 [ C2 � A and M-Close can be applied to (�) and the internal line with conclusionL.

Induction step: suppose the claim holds for a sequence of length n�1. We show that it holdsfor a sequence of length n as well.

Let G1 and (�) be as above, and let T1 = f(G1; �). Further let (T1; T2; : : : ; Tn) be aprefixed tableau sequence such that Ti+1 is obtained from Ti by the application of a tableaurule and Tn is closed. Let G2 be the GNDP obtained by the application of the function r tothe pair (T1; T2). Obviously G2 is a GNDP whose external lines have literals as conclusion.We consider the following cases.(i) G2 is obtained from G1 by the application of internal rules only.Since f(G2; �) � T2 (Lemma 5.12), f(G2; �) closes in at most the same number of steps asT2 does. Hence there exists a sequence of prefixed tableaux (f(G2; �); T 03 ; : : : ; T

0n) of length

n such that T 0n is a closed tableau.(ii) G2 is obtained from G1 by the application of mixed and possibly internal rules.The application of a mixed rule introduces a new, possibly two new external lines with thesame conclusion as (�), such that for any external line ( ) introduced by the rule, f(G2; ) �T2 (Lemma 5.12). Thus f(G2; ) closes in at most the same number of steps as T2 does andhence there exists a sequence of prefixed tableaux (f(G2; ); T 03 ; : : : ; T

0n) of length n such

that T 0n is a closed tableau.The length of the tableau sequences in (i) and (ii) is n-1, and hence according to the induc-

tion hypothesis there exists a sequence (G2; : : : ;Gn) such that line (�) in Gn can be closed.


Thus (G1;G2; : : : ;Gn) is a GNDP sequence as required and the claim holds for a sequenceof length n.

THEOREM 5.14 (Completeness of the transformation systems)Let C be a class of models, M an arbitrary model in C. Furthermore, let � be a world path,F a formula, and let A be a set of assumptions, A =

Sf(Ai; �i)g, such that �i is a prefix of

�. If there is a choice function c in M, such that for an arbitrary world path mapping v inM for c if the following hold: if line f(!) A ` F �g is correct, then there is a finitesequence of GNDPs starting with the following GNDP:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(!) A ` F � �

and ending with a natural deduction derivation of F , such that every element in the sequenceis derived from its predecessor by the application of one of the transformation rules in the setTC as defined in Definition 3.12.

PROOF. The proof is by induction on the rank of F . Let c be a choice function in M, suchthat for an arbitrary world path mapping v in M for c, v(�) is defined, and for all modelpaths � for (v; �) either F is true in the last world in � or there is an assumption (A; �0) 2 Awhich is not true with respect to �.

Induction base: r(F ) = 0. In this case F is a literal or the negation of a literal. We considerthe case in which F is a literal L. We have the following GNDP G1:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(!) A ` L � �

Let f(G1; !) = T1 as defined in Section 5:

� :L�1 A1

�2 A2

...�n An

As line (!) is correct, for all model paths � for (v; �) either L is true in the last world in �,or there is an assumption (A; �0) 2 A which is not true with respect to �. (Specially in thecase L = ?, since ? cannot be true, there is an assumption (A; �0) 2 A which is not truewith respect to �.) In this case, according to Theorem 5.8, T1 must close. Thus there existsa prefixed tableau sequence (T1; T2; : : : ; Tn) such that f(G; !) = T1, Ti+1 is obtained fromTi by the application of a tableau rule, and Tn is closed. According to Lemma 5.13 thereexists a sequence of GNDPs (G1;G2; : : : ;Gn) such that Gn can be transformed into a NDPby applications of the rules M-Close, I? and I-Ex?, I-Return, I2 and I3. If F is the negationof a literal, the proof is analogous.


Hence, due to the correspondence of internal and mixed transformation rules to prefixedtableaux rules, we can construct a sequence of GNDPs from the initial GNDP by the applica-tion of internal and mixed transformation rules and M-Close, ending with a natural deductionderivation of F , in the case F is a literal, or the negation of a literal.

Induction step: r(F ) > 0. As our induction hypothesis we assume that the theorem holds forformulae whose rank is smaller than r(F ). We consider the following cases:

(1) F is a disjunction. Given the following lines in the GNDP:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(!) A ` F1 _ F2 � �

An application of E_1 to (!) yields:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(�) A; (:F1; �) ` :F1 � Ass( ) A; (:F1; �) ` F2 � �0

(Æ) A ` :F1 � F2 � �I( )(!) A ` F1 _ F2 � Tau(Æ)

Let v(�) be defined, and let � be an arbitrary model path for (v; �) ending in �. EitherF1 _ F2 is true in � or there is an assumption (A; �0) 2 A which is not true with respect to�.

We must show that either F2 is true in �, or there is an assumption (A; �0) 2 A [f(:F1; �)g which is not true with respect to �. We consider the following cases:

1. k�M� F1_F2. We only need to consider the case where k�M� F1, and hence 6k�� :F1. Sothere is an assumption in A[f(:F1; �)g, namely (:F1; �), and a world in v(�), namely�, in which :F1 does not hold.

2. There is an assumption (A; �0) 2 A which is not true with respect to �, and since(A; �0) 2 A [ f(:F1; �)g, this holds for line as well.

Since � was arbitrary, it follows that for all model paths � for (v; �) either F2 is true in � orthere is an assumption (A; �0) 2 A [ f(:F1; �)g which is not true with respect to �.

Furthermore, since the rank of F2 is smaller than that of F , the theorem holds for thisformula according to the induction hypothesis. So the ND derivation of line ( ) above,together with lines (Æ) and (!) provides an ND derivation of F .

Further if F is: (2) a conjunction, (3) an implication, (4) a negation, or (5) a universalquantification. An application of the external rules E^, E�, E:, and E8 respectively resultsin external lines with a conclusion whose rank is smaller than that of F , and these cases areanalogous to the one above.(6) F = 9xF1:

(�1) (A1; �1) ` A1 Ass �1... `(�n) (An; �n) ` An Ass �n(!) A ` 9xF1 � �


An application of E9 to (!) yields:

(�1) (A1; �1) ` A1 Ass �1... `(�n) (An; �n) ` An Ass �n(Æ) A ` :8x:F1 �0 �(!) A ` 9xF1 Neg(Æ) �

Let v(�) be defined, and let � be an arbitrary model path for (v; �) ending in �. Either 9xF1is true in � or there is an assumption (A; �0) 2 A which is not true with respect to �.

In the case k�� 9xF1, then trivially k�� :8x:F1. Otherwise 6k�� 9xF1, in which casethere is an assumption in A which is not true with respect to �. Since the assumption sets oflines (Æ) and (!) are equal, this holds for line (Æ) as well.

Note that the rank of the conclusion of the new external line (Æ) is not smaller than thatof F . We follow the application of E9 with an application of E: to (Æ), producing a GNDPwith the following lines:

(�1) (A1; �1) ` A1 Ass �1... `(�n) (An; �n) ` An Ass �n(�) A; (8x:F1; �) ` 8x:F1 Ass �( ) A; (8x:F1; �) ` ? �0 �(Æ) A ` :8x:F1 :I( ) �(!) A ` 9xF1 Neg(Æ) �

Since 6k�M� ?, we must show that there is an assumption (A; �0) 2 A[f(8x:F1; �)g whichis not true with respect to �.

In the case 6k�M� 8x:F1, this is trivially the case, since � 2 v(�). Otherwise k�M� 8x:F1.Hence 6k�M� :8x:F1, so since (Æ) is correct, there is an assumption (A; �0) 2 A which isnot true with respect to �. Since A � A[ f(8x:F1; �)g, the same holds for line ( ).

Since 0 = r(?) < r(F ), the theorem holds for line ( ) according to the inductive hy-pothesis. So the ND derivation for line ( ) together with lines (Æ) and (!) provides an NDderivation of F .

We now turn to the modal cases:

(7) F = 2F1:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(!) A ` 2F1 � �

We proceed by applying the rule E2 to the external line (!), yielding:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(�) A ` F1 �a �0

(!) A ` 2F1 � 2I(�)


Let v(�) be defined, and let � be an arbitrary model path for (v; �) ending in �. Either 2F1is true in �, or there is an assumption (A; �0) 2 A which is not true with respect to �.

We consider the case in which k�M� 2F1. If � has no successors, there is no model pathextending �, and the proposition holds trivially. Otherwise, according to the semantics of thebox operator, for any model path �0 for (v; �a) extending �, k�M F1 for the last element of �0.

Otherwise 6k�M� 2F1, and hence there is assumption (A; �0) 2 A which is not true withrespect to �. Since the assumption set of line (�) coincides with that of line (!), the sameholds for line (�).

Further, since the rank of F1 is smaller than that of F , the theorem holds for this formulaaccording to the induction hypothesis. So the ND derivation of line (�) above, together withline (!) provides an ND derivation of F .

(8) F = 3F1:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(!) A ` 3F1 � �

The application of the rule E3 to the external line (!) yields:

(�1) (A1; �1) ` A1 �1 Ass...(�n) (An; �n) ` An �n Ass(�) A ` F1 �x �0

(!) A ` 3F1 � 3I(�)

Let v(�) be defined, and let � be an arbitrary model path for (v; �) ending in �. Either 3F1is true in �, or there is an assumption (A; �0) 2 A which is not true with respect to �.

In case k�M� 3F1, then according to the semantics of the diamond operator, there exists a 2 W such that �R and k�M F1.

So we know there is at least one access function which maps � to a world in which F1is true. So let c0 be a choice function such that c0(x) equals one such access function, andotherwise equal to c. Let v0 be an arbitrary world path mapping in M for c0. Let 2 W besuch that = c0(x)(�). Note that 2 v0(�x). Since x cannot occur in �, the model path �for (v; �) is also a model path for (v0; �) .

So for any model path �0 for (v0; �x) extending � such that 2 �0 (note that there isexactly one such model path), k�M F1 for the last element in �0.

Otherwise 6k�M� 3F1. According to the semantics of the diamond operator, for any inM such that �R , 6k�M F1. So for any model path �0 for (v; �x) extending �, 6k�M F forthe last element of �0. Note there is exactly one such model path. Now, since 6k�M� 3F1,there is an assumption (A; �0) 2 A which is not true with respect to �. Since j�0j � j�jall assumptions in �0 are assumptions in �, and hence, since � was arbitrary, and since therank of F1 is smaller than that of F , the theorem holds for this formula according to theinduction hypothesis. So the ND derivation of line (�), together with line (!) provides anND derivation of F .

COROLLARY 5.15 (Completeness of the transformation rule system)Let C be a class of models, and F a formula valid in C. Then there is a finite sequence


< G1; G2; : : : ; Gn > of GNDPs starting with f(!) ` F � a0g and ending with a naturaldeduction proof of F , such that every element in the sequence is derived from its predecessorby application of one of the transformation rules in the set TC .

Since for any model M in C, for any choice function c, and any world path mapping v inM for c, v(wi) is always defined for wi 2 Vw,2 the corollary follows from Theorem 5.14with A = ;.

COROLLARY 5.16 (Completeness of the modal natural deduction system)Let C be a class of models, and let F be a formula valid in C. Then there is a naturaldeduction proof of F .

The corollary follows from Corollary 5.15 since the last GNDP in the sequence < G1; G2;: : : ; Gn > is a natural deduction proof of F .

6 Conclusion and future work

In this paper a calculus is introduced for transforming proofs of theorems originally formu-lated in modal logic, into modal natural deduction proofs.

With this procedure we are able to present a proof in a native calculus of modal logicrather than simply translating first-order formulae obtained as the result of intermediate stepsof the proof search into modal logic. Modal natural deduction is used as the target calculusof the proof transformation. The modal natural deduction formalism used is based on a lin-earized form of first-order natural deduction due to Andrews [1]. Reasoning with modalitiesis made possible by the introduction of world paths, a construct denoting modal contexts, byan indexing mechanism for terms and assumptions, and by the addition of modal rules.

Logics determined by the classes of reflexive, transitive, serial, symmetric, and/or Eu-clidean models, including S4 and S5, are handled in the corresponding first-order proofs bytheory unification of the context terms. The proof of equality of two such terms can be writ-ten as an equality proof, i.e. a sequence of application of equations. The basic equationscorrespond to modal rules shown in Figure 2, which are introduced by the application oftransformation rules for logics other than K in Section 3.3.1. The structuring of the equalityproof is analogous to the approach presented in [13, 14].

The translation into modal natural deduction enables the presentation of a proof in thelanguage in which the theorem was originally formulated, and in a formalism which facilitatesthe understanding of the proof.

References[1] P. Andrews. Transforming matings into natural deduction proofs, Lecture Notes in Computer Science, Vol. 87,

pp. 281–292, 1980.[2] Y. Auffray and P. Enjabert. Modal theorem proving: an equational viewpoint, Journal of Logic and Computa-

tion, 2, 247–295, 1992.[3] R. Caferra and S. Demri. Semantic entailment in non-classical logics based on proofs found in classical logic,

Lecture Notes in Artificial Intelligence, Vol. 607, pp. 385–399, 1992.[4] B. Chellas. Modal Logic–an Introduction, Cambridge University Press, 1980.[5] N. Eisinger. Completeness, Confluence, and Related Properties of Clause Graph Resolution, Ph.D. Thesis,

Universitat Kaiserslautern SEKI Report SR-88-07, 1988[6] M. Fitting. Proof Methods for Modal and Intuitionistic Logics, D. Reidel Publishing Company, 1983

2Note that after the last application of M-Close all symbols from Ca are changed into symbols from Vw .


[7] F. Fitch. Symbolic Logic—An Introduction, The Ronald Press, New York. 1952.[8] G. Gentzen. Untersuchungen uber das logische Schließen I, Mathematische Zeitschrift, 39, 176–210, 1935.[9] G. Hughes and M. Cresswell. An Introduction to Modal Logic, Methuen, London, 1968.

[10] J. Y. Halpern and Y. Moses. A guide to the modal logics of knowledge and belief. In Proceedings of 9th IJCAI,pp. 479–490, 1985.

[11] S. Jaskowski. On the rules of suppositions in formal logic, Studia Logica, 1, 1934.[12] P. Jackson and H. Reichgelt. A general proof method for first-order modal logic. In Proceedings of 11th IJCAI,

pp. 942–944, 1989.[13] C. Lingenfelder and A. Pracklein. Presentation of proofs in an equational calculus. In Proceedings of 1st World

Conference on the Fundamentals of Artificial Intelligence (WOCFAI91), pp. 313–322, 1991a.[14] C. Lingenfelder and A. Pracklein. Proof transformation with built-in equality predicate. In Proceedings of 12th

IJCAI, pp. 165–171, 1991b.[15] C. Lingenfelder. Structuring computer generated proofs. In Proceedings of 11th IJCAI, 1989.[16] C. Lingenfelder. Transformation and Structuring of Computer Generated Proofs, PhD. Thesis, Universitat

Kaiserslautern, 1990.[17] J. Loecks and K. Sieber. Foundations of Program Verification, Wiley-Teubner Series in Computer Science,

1984.[18] D. Miller. Proofs in Higher Order Logic , PhD. Thesis, Carnegie Mellon University, 1983[19] R. Moore. Reasoning about Knowledge and Action, PhD. Thesis, MIT, Cambridge, 1980.[20] H. J. Ohlbach. Semantics-based translation methods for modal logics.Journal of Logic and Computation, 1,

691–746, 1991.[21] J. Posegga. Using Deduction Graphs as a Representation for Resolution Proofs, Diploma Thesis, Universitaet

Kaiserslauten, 1986.[22] D. Prawitz. Natural Deduction, Almqvist & Wiksell, Stockholm, 1965.[23] R. Shostak. Refutation graphs, Artificial Intelligence, 7, 51– 64, 1976.[24] D. Siemens. Fitch-style rules for many modal logics, Notre Dame Journal of Formal Logic, 18, 632–636, 1977.

Appendices

A Propositional modal natural deduction rules

Assumption rule (Ass):

F� ` F �

If the world path � contains any symbols from Cp , and the logic is not serial, the prefix of � up to the last occurrenceof a constant from Cp must occur in the derivation prior to the assumption line.

Tertium non datur (Axiom):

F� ` F _ :F �

If the world path � contains any symbols from Cp , and the logic is not serial, the prefix of � up to the last occurrenceof a constant from Cp must occur in the derivation prior to the assumption line.

Deduction rule (�I):

A; F� ` G �

A ` F � G �

Modus Ponens (�E):

A ` F � B ` F � G �0

A0;B0 ` G �00

Provided the world path �00 of the resulting line is a common instance of � and �0; �00 = �(�) = �(�0), where �is a unifier. Further A0 = �(A), B0 = �(B),


^-Introduction (Î):

A ` F � B ` G �0

A0;B0 ` F ^G �00


^-Elimination (Ê):

A ` F ^G �

A ` F �and

A ` F ^G �

A ` G �

_-Introduction (_I):

A ` F �

A ` F _G �and

A ` G �

A ` F _G �

Rule of Cases (_E):

A ` F _G � B; F� ` H � C;G� ` H �

A;B; C ` H �

(:-Introduction(:I):

A; F� ` ? �

A ` :F �

Rule of Double Negation (::E):

A ` ::F �

A ` F �

Rule of Contradiction (Contra):

A ` F � B ` :F �0

A0;B0 ` ? �00


Ex falso quodlibet (Ex?):

A ` ? �

A ` F �

Tautology (Tau):

A1 ` F1 � A2 ` F2 � : : : An ` Fn �SAi ` F �

Provided F is a consequence of F1 through Fn in propositional logic.

B Examples of first-order transformation rules

B.1 External rules

E^:

( ) A ` F ^G � � !

8<:

(�) A ` F � �0

(�) A ` G � �00

( ) A ` F ^G � Î(�; �)


E_1:

(Æ) A ` F _G � � !

8>><>>:

(�) A;:F� ` :F � Ass(�) A;:F� ` G � �0

( ) A ` :F � G � �I(�)(Æ) A ` F _G � Tau( )

E�:

( ) A ` F � G � � !

8<:

(�) F� ` F � Ass(�) A; F� ` G � �0

( ) A ` F � G � �I(�)

E8:

(�) A ` 8xF � � !

�(�) A ` F [c�=x] � �0

(�) A ` 8xF � 8I(�)

c may not occur in A nor in F .

E9:

(�) A ` 9xF � � !

�(�) A ` :8x:F � �0

(�) A ` 9xF � 9G(�)

E::

( ) A ` :F � � !

8<:

(�) A; F� ` F � Ass(�) A; F� ` ? � �0

( ) A ` :F � :I(�)

B.2 Mixed rules

M-Cases:

(�) A ` F _G � R(�) A ` H � �

�!

8>>>>>>>>>>>><>>>>>>>>>>>>:

(�) A ` F _G � RCase 1:(�) A; F� ` F � Ass( ) A; F� ` H � �0

Case 2:(Æ) A;G� ` G � Ass(") A;G� ` H � �00

End of cases (1,2) of (�)(�) A ` H � _E(�; ; ")

M-Choose:

(�) A ` 9xF � R(Æ) A ` G � �

�!

8>><>>:

(�) A ` 9xF � R(�) A; (F [c�=x])� ` F [c�=x] � Ass( ) A; (F [c�=x])� ` G � �0

(Æ) A ` G � 9E(�; )

c may not occur in A, F , or G.

B.3 Internal rules

I?: (�) A ` F � R(�) B ` :F �0 R00

! ( ) A;B ` ? �00 Contra(�; �)

�00 is a common instance of � and �0; �00 = �(�) = �(�0). Further A0 = �(A), B0 = �(B).


I^left: (�) A ` F ^G � R! (�) A ` F � ^E(�)

I^right: (�) A ` F ^G � R

! (�) A ` G � ^E(�)

I�: (�) A ` F � G � R! (�) A ` :F _G � Tau(�)

I:^: (�) A ` :(F ^G) R! (�) A ` :F _ :G Tau(�)

I:_: (�) A ` :(F _G) � R! (�) A ` :F ^ :G � Tau(�)

I:�: (�) A ` :(F � G) � R! (�) A ` F ^ :G � Tau(�)

I::: (�) A ` :(:F ) � R! (�) A ` F � :E(�)

I:8: (�) A ` :(8xF ) � R! (�) A ` 9x(:F ) � Neg(�)

I:9: (�) A ` :(9xF ) � R! (�) A ` 8x(:F ) � Neg(�)

I-Ex? : (�) A ` ? � R! (�) A ` F � Ex?(�)

C Modal transformation rules

C.1 External rules

E2:

(�) A ` 2F � � !

�(�) A ` F �a �0

(�) A ` 2F � 2I(�)

where a 2 Ca is new to the GNDP.

E3:

(�) A ` 3F � � !

�(�) A ` F �x �0

(�) A ` 3F � 3I(�)


E:2:

(�) A ` :2G � � !

�(�) A ` 3:G � �0

(�) A ` :2G � :2E(�)

E2:

(�) A ` 2F � � !

�(�) A ` F �a �0

(�) A ` 2F � 2I(�)

E3:

(�) A ` 3F � � !

�(�) A ` F �x �0

(�) A ` 3F � 3I(�)



E:2:

(�) A ` :2F � � !

�(�) A ` 3:F � �0

(�) A ` :2F � :2E(�)

E:�:

(�) A ` :3F � � !

�(�) A ` 2:F � �0

(�) A ` :3F � :2E(�)

E-Tran:

(�) A ` 22F � � !

�(�) A ` 2:F � �0

(�) A ` 22F � Tran(�)

E-Reflex:

(�) A ` F � � !

�(�) A ` 2F � �0

(�) A ` F � Reflex(�)

E-Sym:

(�) A ` 23F � � !

�(�) A ` F � �0

(�) A ` 23F � Sym(�)

E-Ser:

(�) A ` 3F � � !

�(�) A ` 2F � �0

(�) A ` 3F � Ser(�)

E-Eu:

(�) A ` 23F � � !

�(�) A ` 3F � �0

(�) A ` 23F � Eu(�)

E-3Tran:

(�) A ` 3F � � !

�(�) A ` 33F � �0

(�) A ` 3F � 3Tran(�)

E-3Reflex:

(�) A ` 3F � � !

�(�) A ` F � �0

(�) A ` 3F � 3Reflex(�)

E-3Sym:

(�) A ` F � � !

�(�) A ` 32F � �0

(�) A ` F � 3Sym(�)

E-3Eu:

(�) A ` 2F � � !

�(�) A ` 32F � �0

(�) A ` 2F � 3Eu(�)

C.2 Internal rulesI2: (�) A ` 2F � R

! (�) A ` F �w 2E(�)

I3: (�) A ` 3F � R! (�) A ` F �p 3E(�)

where p 2 Cp is new to the GNDP:


I:2: (�) A ` :2F � R! (�) A ` 3:F � :2E(�)

I:3: (�) A ` :3F � R! (�) A ` 2:F � :2E(�)

I?-Return: (�) A ` ? �p R! (�) A ` ? � ?-Ret(�)

I-MI: (�) B ` G �0 R(�) A ` F � R

! ( ) A0;B0 ` F �0 MI(�; �)

provided �0 = �(�) is an instance of �, and A0 = �(A), B0 = �(B).

I-Tran: (�) A ` 2F � R! (�) A ` 22F � Tran(�)

I-Reflex: (�) A ` 2F � R! (�) A ` F � Reflex(�)

I-Sym: (�) A ` 32F � R

! (�) A ` F � Sym(�)

I-Ser: (�) A ` 2F � R! (�) A ` 3F � Ser(�)

I-Eu: (�) A ` 3F � R! (�) A ` 23F � Eu(�)

I-Final:(�1) A1 ` F1 �0

0a�0

1 R1

...

(�n) An ` Fn �(n)0 a�

(n)1 Rn

9>>=>>;

!

8>><>>:

(�1) A1 ` F1 �0

0w�0

1 R1

...

(�n) An ` Fn �(n)0 w�

(n)1 Rn

provided the rule is applied to all lines in the derivation with world paths whose (j�0j+ 1)th symbol is a.

C.3 Mixed rulesM-Inst(�) B ` F �0p�1 R(�) A ` F �0

0x�0

1 �( 1) C1 ` G1 �00

0 x�00

1 R1

...

( n) Cn ` Gn �(n)0 x�

(n)1 Rn

9>>>>>>=>>>>>>;

!

8>>>>>><>>>>>>:

(�) B ` F �0p�1 R(�) A ` F �0

0p�0

1 �0

( 1) C1 ` G1 �00

0 p�00

1 R1

...

( n) Cn ` Gn �(n)0 p�

(n)1 Rn

provided B � A, �0

0x�0

1 is a general instance of �0p�1, and further, the rule is applied to all lines i in thederivation with world paths whose (j�0j+1)th symbol is x.M-Close(�) A ` F � R(�) A ` F �0 �

�!

�(�) A ` F � R(�) A ` F �0 MI(�; �)

provided B � A, and further, �0 is an extended instance of �.

Received 4 January 1996

presentation of proofs in modal natural deductionuros.m/logcom/hdb/volume_10/issue_04/... ·...

Documents