Handbook of Tableau Methods

M. D’Agostino, D. M. Gabbay, R. H¨ ahnle and J. Posegga, eds.

CONTENTS

Preface Introduction vii 1 45 125 197 255 297 397 469 529 581 631 657

Melvin Fitting Reinhold Letz

Tableau Methods for Classical Propositional Logic

Marcello D'Agostino Bernhard Beckert Rajeev Gore

First-order Tableau Methods Equality and other Theories Tableaux for Intuitionistic Logics

Arild Waaler and Lincoln Wallen

Tableau Methods for Modal and Temporal Logics Tableau Methods for Substructural Logics

**Marcello D'Agostino, Dov Gabbay and Krysia Broda
**

Tableaux for Nonmonotonic Logics

Nicola Olivetti Reiner Hahnle

Tableaux for Many-valued Logics Implemementing Semantic Tableaux

**Joachim Posegga and Peter Schmitt Graham Wrightson
**

Index

A Bibliography on Analytic Tableaux Theorem Proving

2

PREFACE

Recent years have been blessed with an abundance of logical systems, arising from a multitude of applications. A logic can be characterised in many di erent ways. Traditionally, a logic is presented via the following three components: 1. an intuitive non-formal motivation, perhaps tie it in to some application area 2. a semantical interpretation 3. a proof theoretical formulation. There are several types of proof theoretical methodologies, Hilbert style, Gentzen style, goal directed style, labelled deductive system style, and so on. The tableau methodology, invented in the 1950s by Beth and Hintikka and later perfected by Smullyan and Fitting, is today one of the most popular, since it appears to bring together the proof-theoretical and the semantical approaches to the presentation of a logical system and is also very intuitive. In many universities it is the style rst taught to students. Recently interest in tableaux has become more widespread and a community crystallised around the subject. An annual tableaux conference is being held and proceedings are published. The present volume is a Handbook of Tableaux presenting to the community a wide coverage of tableaux systems for a variety of logics. It is written by active members of the community and brings the reader up to frontline research. It will be of interest to any formal logician from any area. The rst chapter by Melvin Fitting contains a general introduction to the subject which can help the reader in nding a route through the following chapters, but can also be read on its own as a `crash course' on tableaux, concentrating on the key ideas and the historical background. In Chapter 2, focusing on classical propositional logic, Marcello D'Agostino explores and compares the main types of tableau methods which appear in the literature, paying special attention to variants and `improvements' of the original method. Chapter 3, by Reinhold Letz, investigates the impact of tableaux on the challenging problems of classical quanti cation theory and in Chapter 4 Bernhard Beckert looks at various methodologies for equality reasoning. The treatment of non-classical tableaux is started in Chapter 5, vii

viii

by Lincoln Wallen and Arild Waaler, which deals with the fundamental topic of intuitionistic logic. An area in which the tableau methodology is proving particularly useful is that of modal logics. These, together with their temporal `neighbours' are studied in Chapter 6 by Rajeev Gore. Chapter 7, by Marcello D'Agostino, Dov Gabbay and Krysia Broda, discusses the new family of `substructural logics' which include the well known relevance logic and linear logic. Another frontier of today's logical research where a tableau-style approach seems especially well-suited is that of nonmonotonic logics which are treated in Chapter 8 by Nicola Olivetti. Chapter 9, by Reiner Hahnle, o ers a treatment of many-valued logics, a traditional topic which has now re-gained popularity owing to its important computer science applications. Finally, in Chapter 10, Joachim Posegga and Peter Schmitt, present an intriguing `minimalist' approach to the implementation of classical tableaux. The volume concludes with an extensive annotated bibliography compiled by Graham Wrightson. Some of the chapters overlap considerably in their contents. This was a deliberate choice, motivated primarily by the need for making each chapter self-contained. However, we believe that di erent expositions of the same notions and ideas can also contribute to a deeper understanding of the subject. ACKNOWLEDGEMENTS We would like to thank all our friends and colleagues who helped with the Handbook project. Among them are the various chapter second readers: Roy Dyckho ; Luis Fari~as del Cerro; Jaakko Hintikka; Wilfrid Hodges; n Donald Loveland; Daniele Mundici; and Paliath Narendran. We would also like to thank Mrs Jane Spurr for her usual e cient and dedicated production and administration work. Finally thanks are due to our Kluwer Editor, Mrs A. Kuipers for her patience and understanding while waiting for the completion of the book.

The Editors M. D'Agostino, D. M. Gabbay, R. Hahnle and J. Posegga Ferrara, London, Karlsruhe and Darmstadt, March 1998

MELVIN FITTING

INTRODUCTION

1 GENERAL INTRODUCTION

1.1 What Is A Tableau?

This chapter is intended to be a prolog setting the stage for the acts that follow—a bit of background, a bit of history, a bit of general commentary. And the thing to begin with is the introduction of the main character. What is a tableau? It will make the introductions easier if we ﬁrst deal with a minor nuisance. Suppose we know what a tableau is—what do we call several of them: ‘tableaus’ or ‘tableaux?’ History and the dictionary are on the side of ‘tableaux’. On the other hand, language evolves and tends to simplify; there is a clear drift toward ‘tableaus’. In this chapter we will use ‘tableaus’, with the non-judgemental understanding that either is acceptable. This brings our trivial aside to a cloeaux. Now, what is a tableau? In its everyday meaning it is simply a picture or a scene, but of course we have something more technical in mind. A tableau method is a formal proof procedure, existing in many varieties and for several logics, but always with certain characteristics. First, it is a refutation procedure: to show a formula X is valid we begin with some syntactical expression intended to assert it is not. How this is done is a detail, and varies from system to system. Next, the expression asserting the invalidity of X is broken down syntactically, generally splitting things into several cases. This part of a tableau procedure—the tableau expansion stage—can be thought of as a generalization of disjunctive normal form expansion. Generally, but not always, it involves moves from formulas to subformulas. Finally there are rules for closing cases: impossibility conditions based on syntax. If each case closes, the tableau itself is said to be closed. A closed tableau beginning with an expression asserting that X is not valid is a tableau proof of X . There is a second, more semantical, way of thinking about the tableau method, one that, perhaps unfortunately, has played a lesser role thus far: it is a search procedure for models meeting certain conditions. Each branch of a tableau can be considered to be a partial description of a model. Several fundamental theorems of model theory have proofs that can be extracted from results about the tableau method. Smullyan developed this approach in [1968], and it was carried further by Bell and Machover in [Bell and Machover, 1977]. In automated theorem-proving, tableaus can be used, and sometimes are used, to generate counter-examples. The connection between the two roles for tableaus—as a proof procedure and as a model search procedure—is simple. If we use tableaus to search for a model in which X is false, and we produce a closed tableau, no such model exists, so X must be valid.

2

MELVIN FITTING

This is a bare outline of the tableau method. To make it concrete we need syntactical machinery for asserting invalidity, and syntactical machinery allowing a case analysis. We also need syntactical machinery for closing cases. All this is logic dependent. We will give examples of several kinds as the chapter progresses, but in order to have something speciﬁc before us now, we brieﬂy present a tableau system for classical logic.

**1.2 Classical Propositional Tableaus as an Example
**

In their current incarnation, tableau systems for classical logic are generally based on the presentation of Raymond Smullyan in [Smullyan, 1968]. We follow this in our sketch of a signed tableau system for classical propositional logic. The chapter by D’Agostino continues the discussion of propositional logic via tableaus. (Throughout the rest of this handbook, unsigned tableaus are generally used for classical logic, but signs play a signiﬁcant role when other logics are involved, and classical logic provides the simplest context in which to introduce them.) First, we need syntactical machinery for asserting the invalidity of a formula, and for doing a case analysis. For this purpose two signs are introduced: T and F , where these are simply two new symbols, not part of the language of formulas. Signed formulas are expressions of the form F X and T X , where X is a formula. The intuitive meaning of F X is that X is false (in some model); similarly T X intuitively asserts that X is true. Then F X is the syntactical device for (informally) asserting the invalidity of X : a tableau proof of X begins with F X . Next we need machinery—rules—for breaking signed formulas down and doing a case division. To keep things simple for the time being, let us assume that : and are the only connectives. This will be extended as needed. The treatment of negation is straightforward: from T :X we get F X and from F :X we get T X . These rules can be conveniently presented as follows. Negation

T :X FX

F :X TX

The rules for implication are somewhat more complex. From truth tables we know that if X Y is false, X must be true and Y must be false. Likewise, if X Y is true, either X is false or Y is true; this involves a split into two cases. Corresponding syntactic rules are as follows.

Implication

TX Y FX TY

FX Y TX FY

The standard way of displaying tableaus is as downward branching trees with signed formulas as node labels—indeed, the tableau method is often referred to as

INTRODUCTION

3

the tree method. Think of a tree as representing the disjunction of its branches, and a branch as representing the conjunction of the signed formulas on it. Since a node may be common to several branches, a formula labeling it, in effect, occurs as a constituent of several conjunctions, while being written only once. This amounts to a kind of structure sharing. When using a tree display, a tableau expansion is thought of temporally, and one talks about the stages of constructing a tableau, meaning the stages of growing a tree. The rules given above are thought of as branch-lengthening rules. Thus, a branch containing T :X can be lengthened by adding a new node to its end, with F X as label. Likewise a branch containing F X Y can be lengthened with two new nodes, labelled T X and F Y (take the node with F Y as the child of the one labelled T X ). A branch containing T X Y can be split—its leaf is given a new left and a new right child, with one labelled F X , the other T Y . This is how the schematic rules above are applied to trees. An important point to note: the tableau rules are non-deterministic. They say what can be done, not what must be done. At each stage we choose a signed formula occurrence on a branch and apply a rule to it. Since the order of choice is arbitrary, there can be many tableaus for a single signed formula. Sometimes a prescribed order of rule application is imposed, but this is not generally considered to be basic to a tableau system. Here is the ﬁnal stage of a tableau expansion beginning with (that is, for) the signed formula F (X Y ) ((X :Y ) :X ). 1. 2. 3. 4. 5. 6. 7.

F (X TX F (X TX F :X TX

Y ) ((X :Y ) :X ) Y :Y ) :X :Y

FX

@ @ 8. T Y @ @ 9. F X 10. T :Y 11. F Y

In this we have added numbers for reference purposes. Items 2 and 3 are from 1 by F ; 4 and 5 are from 3 by F ; 6 is from 5 by F :; 7 and 8 are from 2 by T ; 9 and 10 are from 4 by T ; 11 is from 10 by T :. Finally, the conditions for closing off a case—declaring a branch closed—are simple. A branch is closed if it contains T A and F A for some formula A. If each branch is closed, the tableau is closed. A closed tableau for F X is a tableau proof Y ) ((X of X . The tableau displayed above is closed, so the formula (X

4

MELVIN FITTING

:Y ) :X ) has a tableau proof.

It may happen that no tableau proof is forthcoming, and we can think of the tableau construction as providing us with counterexamples. Consider the following attempt to prove (X Y ) ((:X :Y ) Y ). 1. 2. 3. 4. 5. 6.

F (X Y ) ((:X :Y ) Y ) TX Y F (:X :Y ) Y T :X :Y FY

@ @ 7.

FX

@

TY

8. F :X 10. T X

@ 9. T :Y 11. F Y

Items 2 and 3 are from 1 by F , as are 4 and 5 from 3. Items 6 and 7 are from 2 by T , as are 8 and 9 from 4. Finally 10 is from 8 by F :, and 11 is from 9 by T :. The leftmost branch is closed because of 6 and 10. Likewise the rightmost branch is closed because of 5 and 7. But the middle branch is not closed. Notice that every non-atomic signed formula has had a rule applied to it on this branch—there is nothing left to do. (This is a special feature of classical propositional logic: it is sufﬁcient to apply a rule to a formula on a branch only once. This does not apply generally to all logics.) In fact the branch yields a counterexample, as follows. Let v be a propositional valuation that maps X to false and Y to false in accordance with 6 and 11. Now, we work our way back up the branch. Since v (Y ) = false, v(:Y ) = true, item 9. Then v(:X :Y ) = true, item 4. From this and the fact that v (Y ) = false we have v ((:X :Y ) Y ) = false, item 3. Also since v(X ) = false, v(X Y ) = true, item 2. Finally, v((X Y ) ((:X :Y ) Y )) = false, item 1. Notice, the valuation v gave to each formula on the unclosed branch the truth value the branch ‘said’ it had. But then, v is a counterexample to (X Y ) ((:X :Y ) Y ), so the formula is not valid. From a different point of view, we can think of a classical tableau simply as a set of sets of signed formulas: a tableau is the set of its branches, and a branch is the set of signed formulas that occur on it. Semantically, we think of the outer set as the disjunction of its members, and these members, the inner sets, as conjunctions of the signed formulas they contain. Considered this way, a tableau is a generalization of disjunctive normal form (a generalization because formulas more complex than literals can occur). Now, the tableau construction process can be thought of as a variation on the process for converting a formula into disjunctive normal form. In set terms, instead of lengthening branches, we expand sets. For exam-

INTRODUCTION

5

ple, suppose C = fZ1 ; Z2 ; : : : ; Zn g is a set of signed formulas, and one of the members is T :X . Then the set fZ1 ; Z2 ; : : : ; Zn ; F X g is said to follow from C . Similarly if the set contains F :X . If C contains F X Y then the set fZ1; Z2 ; : : : ; Zn ; T X; F Y g follows from C . Finally, if C contains T X Y then the pair of sets fZ1 ; Z2 ; : : : ; Zn ; F X g, fZ1 ; Z2 ; : : : ; Zn ; T Y g follows from C . Next, if D1 and D2 are tableaus (each represented as a set of sets of signed formulas) D2 follows from D1 if it is like D1 but with one of its members C replaced with the set or sets that follow from it. Taken this way, a tableau expansion for a signed formula S is a sequence of tableaus, beginning with ffS gg, each tableau after the ﬁrst following from its predecessor.

**1.3 Abstract Data Types vs Implementations
**

Computer Science has made us familiar with the distinction between an abstract data type and an implementation of it. The notion of a list, with appropriate operations on it, is an abstract data type. It can be concretely implemented using an array, or using a linked structure, or in other ways as well. Which is better, which is worse? It depends on the intended application. But this abstract/concrete distinction is actually an old one. Before there were electronic computers, there were human computors, generally using mechanical devices like slates, paper, and slide rules. Before there were algorithms designed for computers, there were algorithms designed for humans, using the devices at hand. What we now call a good implementation of an abstract data type was once called good notation. Think, for instance, of the distinction between Roman numerals and Arabic notation. They both implement the same data type—non-negative integers—but one is more efﬁcient for algorithmic purposes than the other. Tableaus were described abstractly above: sets of sets of signed formulas. One of the things that helped make them popular was a good concrete implementation, a good notation: the tree display of a tableau. It is space-saving, since there is structure sharing, that is, formulas common to several branches are written only once. It is time-saving, since formulas are not copied over and over as the tree grows. Instead the state of a tree at any given moment represents a member of a tableau expansion sequence. Trees present a display that people ﬁnd relatively easy to grasp, at least if it is not too big. And most importantly, there are by-hand algorithms that are wonderfully suited for use with tableaus as trees. In creating a tree tableau one has the same sense of calculation that one has when adding or multiplying using place-value notation. Still, from an abstract point of view the tree display of signed formulas is not a tableau but an implementation of a tableau. It is not the only one possible; Manna and Waldinger use quite a different notation for their version of tableaus [1990; 1993 ]. The connection method can be thought of as based on tableaus, with trees replaced by more general graphs; see [Bibel et al., 1987] for details. Indeed, we will see as this Chapter develops, that the tree display itself underwent considerable evolution before reaching its current form. Also, for some logics, the

6

MELVIN FITTING

straightforward tree version may not be best possible. For instance, with certain logics formulas get removed as well as added to branches, and with others they can come and go several times. For these, something more elaborate than just a growing tree is appropriate. Finally, what is good for hand calculation may not be at all useful for machine implementation. This point will be taken up in H¨ ahnle’s Chapter and elsewhere. But perhaps the basic point of this digression is a simple one: trees implement tableaus. They do so quite well for many purposes—so well that they are often thought of as being tableaus. This is too restrictive, especially today when computers are being used to explore a wide variety of logics. Be willing to experiment.

**1.4 What Good Is a Tableau System?
**

There are many kinds of proof procedures for many kinds of logics. What advantages does a tableau system have? Let us begin with what might be called the ‘practical’ ones. The classical propositional system presented in Section 1.2 can be used to ‘calculate’ in a way that Hilbert systems, say, can not. Each signed formula that is added comes directly from other signed formulas that are present. There is a choice of which signed formula to work with next, but there are always a ﬁnite number of choices—a bounded non-determinism, if you will. By contrast, since modus ponens is generally a Hilbert system rule, to prove Y we must ﬁnd an X for which both X and X Y are provable. There are inﬁnitely many possibilities for X —an unbounded non-determinism. Also note that the X we need may be considerably more complicated than the Y we are after, unlike with classical tableaus, where the formulas added are always simpler than the formulas they come from. Further, it can be shown that if the rules are applied in a classical tableau argument in a fair way, all proof attempts will succeed if any of them do. Thus any choices we make affect efﬁciency, not success. This means tableaus are well-suited for the discovery of proofs, either by people or by machines. Once quantiﬁers are added, as in Section 2.6, complications to this simple picture arise. There are inﬁnitely many ways of applying some of the quantiﬁer rules to a signed formula. If we systematically apply all rules in a fair way, it is still possible to show that a proof will be found, if a proof exists. But now, if a proof does not exist, the tableau expansion process will never terminate. Thus we get a semi-decision procedure—but after all, this is best possible. There is a problem for automation of tableaus that stems from the quantiﬁer rules: systematically trying closed term after closed term to instantiate a universal quantiﬁer is a terribly inefﬁcient method. Fortunately there is a way around it, using so-called free variable tableaus and uniﬁcation. This will be discussed in later chapters. Suitability for proof discovery is something that applies equally well to resolution, and to several other techniques that have been worked out over the years. A peculiar advantage that tableaus have is that it seems to be easier to develop tableau systems for new logics than it is to develop other automatable proof procedures.

once a tableau proof procedure has been created for a logic. see Anellis [1990.2. Other basic theorems about logic can also be given equally perspicuous tableau proofs. gives proofs of the compactness theorem.) 2 CLASSICAL HISTORY Tableau history essentially begins with Gentzen. Apply rules fairly: systematically apply each applicable rule. and can be applied to tableau proof procedures as readily as to Hilbert systems—see the proof of the Model Existence Theorem in [Fitting. For classical logic. Their history in this respect is somewhat curious. Such an approach is quite general. Of course. tableaus can be used to provide quite appealing proofs of metatheoretical results about a logic. But even so.INTRODUCTION 7 This may be because tableaus tend to relate closely to the semantic ideas underlying a logic—or maybe the reasons lie elsewhere. all using tableaus in an essential way. Something like this is at the heart of Maslov’s method [Mints. Take the issue of proving completeness as an example. it may be possible to use it to develop an automatable proof procedure of a different sort. This is a nice feature indeed. Here we discuss this portion of the development of our subject. We will generally re-prove the same formula that we did in Section 1. Start constructing a tableau expansion for F X . but similar arguments often carry over to other logics that have tableau proof procedures. 2. tableaus provide a good starting point. What we are describing is an empirical observation. (For another presentation of tableau history. This is sufﬁcient to illustrate differences between systems and to follow their evolution. not a mathematical truth. Of course. Finally. 1969]. Bell and Machover carried this even further [1977]. to allow easy comparison of the various systems. see [Szabo. which we do throughout the rest of this Chapter.2. it culminates with Smullyan. we are speaking of classical logic. On a pedagogical level. One common way of showing a proof procedure is complete is to make use of maximal consistent sets. and the Model Existence Theorem. tableaus are well-suited for computer implementation. 1991]. it can be shown that the resulting tableau contains enough information to construct a countermodel to X . 1991]. we conﬁne things to classical propositional logic (and occasionally intuitionistic propositional logic). ignoring issues of machine implementation. The one that concerns us here is his 1935 introduction of the se- . But there is another approach to proving completeness that is much more intuitive.1 Gentzen In his short career Gentzen made several fundamental contributions to logic. We saw a propositional example of this kind in Section 1. in [1968]. We will have more to say on this topic as we discuss the history of tableaus. 1996]. If no closed tableau is produced. Smullyan. various interpolation theorems. In order to keep clutter down.

Xn ! Y1 . . : : : . and make some comments on it. . and rules of derivation. ! X. ! . Interchange . . X. Y. think of the sequent above as asserting: the disjunction of Y1 . Informally. Before this. Axioms. Xn . Yk where X1 . 1935]. Gentzen’s ideas grew out of earlier work of Paul Hertz [1929]. ^. ! . is a new symbol. . . Xn . The rules for _ are dual to those for ^ and are omitted. Y. . and are sequences of formulas. This should be familiar ground to most logicians. as with most things. and . X. X. are sequents of the form A ! A. The arrow. X. but the essential idea is basically the same. The Classical Sequent Calculus First a new construct is introduced. Hilbert-style. : : : . X. Y. the seventh. A sequent is an expression of the form: The system has axioms. See [Szabo. possibly empty. We say roughly because this terminology is more appropriate for the natural deduction systems that Gentzen also introduced in [1935]. or axiomatic. .X Contraction ! . for its introduction and for its elimination.8 MELVIN FITTING quent calculus in [Gentzen. where A is a formula. Gentzen has seven structural rules. Next. In a sense.X ! . We’ll sketch Gentzen’s system. ! . or initial sequents as Gentzen called them. the true beginnings of our subject are fuzzy. X ! . each connective and quantiﬁer has exactly two kinds of rules. ! X. It is understood that either (or both) of n and k may be 0. roughly. . What Gentzen contributed was a formulation of both classical and intuitionistic logics with a clear separation between structural rules (essentially characterizing deduction in the abstract) and speciﬁc rules for each connective and quantiﬁer. Y. : : : . Yk are formulas. Yk follows from the conjunction of X1 . cut will be discussed in a section of its own. But we also note that. Y1 . Further. ! ! ! ! . a Hilbert system characterizes a logic as a whole—it is difﬁcult to separate out the role of individual connectives since several of them may appear in each axiom. X. Thinning X1 . In these and later rules. . Even the famous cut rule is a special case of Hertz’s syllogism rule. We give six of them here. . X. . the sequent. 1969] for further discussion of this. proof procedures were the norm. : : : . !. Next we give Gentzen’s rules for the connectives :.

ending with the sequent to be proved. It is not hard to extract a formal algorithm for decidability of both classical and intuitionistic propositional logics. ! X. Conjunction Implication ! . ! ! . X ! Interchange Y. a proof discovery system resulted. either . ! . X :Y. it is useful to think ‘negatively’ instead of ‘positively’.Y ! . Given any sequent.X Y Proofs are displayed in tree form. X ! Interchange X ! X Y. :X ! . suppose it is not. X :Y ! Interchange X. X Y ! :X X Y ! (X :Y ) :X Implication ! (X Y ) ((X :Y ) :X ) Implication in the sequent calculus are displayed beginning with axioms. By one of the Conjunction rules.X ^ Y X. X.X :X. Here is an example. Y ! . X. Try deriving them—this reduces the problem to a simpler one. Y ! Implication X :Y. X Y. Y ! Y Negation X ! X :Y. Although it was probably of minor importance to Gentzen. A proof of the sequent ! X is considered to be a proof of the formula X . a proof of (X Y ) ((X :Y ) :X ). each non-leaf must be labelled with a sequent that follows from the labels of its children by one of the rules of derivation. X :Y. ! X ^ Y. ! X Y. ! ! . others soon realized that by turning the rules upside-down. X :Y ! Contraction X. Each leaf must be labelled with an axiom. Thus the discovery of a Gentzen-style proof is a much more mechanical thing than it is with Hilbert systems. Y ! Interchange X :Y.INTRODUCTION 9 Negation X. X. X Y. X.X ! . Y2 . X. root at bottom. Well. . ! . suppose we want to show a sequent. X. A ^ B is provable. say X1 . X :Y ! Interchange X. When using the rules backward.‘ That is. there are a limited number of sequents from which it could be derived. since premises of rules involve subformulas of their conclusions. ! Y. with explanations added. Y. X :Y ! Implication X Y. ! X ^ Y. X :Y ! Interchange X. X Y. X Y ! Negation X :Y. X2 ! Y1 . X Y.

Continue working backward in this way. F Y1 . T X2 . such as Relevance Logic [Dunn. 1986]. 1986. F Y2 . F B g. Then. 1992].10 MELVIN FITTING X1 . ! Proof of the equivalence of the two formulations uses the structural rules in an essential way. we think of a sequent as informally saying the disjunction of the right side follows from the conjunction of the left. They are essential for proving the equivalence of the two versions of the conjunction rules. 1950]. F B g o where the outer set is thought of disjunctively and the inner sets conjunctively. Y2 . F Y1 . ! X ^ Y. everything on the left ‘holds’ in some model. F Y1 . there are two different ways of introducing . There are three conjunction rules but only two implication rules. X2 ! Y1 . This leads back to our set version of tableaus. F Y2 . until a contradiction (an axiom is not provable) is reached. and nothing on the right does. F Ag. in Section 1. Troelstra. Y2 . This backward way of thinking makes it easy to see in what way the sequent calculus relates to later tableau systems. At this point we can represent things using a set of sets of formulas. F Y1 . These days. B is not provable. or some combination of these. F Y2 .1. in [Kleene. T X2 . allows us to use an apparently more general axiom schema: ! . Y. The rules for conjunction and for implication are not like each other. but central. From this. if desired. Girard realized that the structural rules are not minor. F Y2 . arise in similar ways. combined with Thinning. This. By dropping Thinning and Contraction (and making other changes as well) Girard devised Linear Logic [Girard. without the structural rules. T X2 . Recall. as we just saw. F Y2 . we have the satisﬁability of one of fT X1 . A ^ B . G1. denying the sequent informally amounts to assuming the satisﬁability of fT X1 . T X2 . gives three different versions. X2 ! Y1 . It can be shown that an equivalent system results if the two rules for introducing a conjunction on the left of an arrow are replaced by the following single rule: X. A or X1 . or with Gentzen’s axiom scheme modiﬁed. The combined effect of Contraction and Interchange is that we can think of the sequences of formulas on either side of a sequent arrow as sets of formulas. T X2 . if we did not have X1 . F Ag or fT X1 . using a Conjunction rule backwards. Y2 . Cut and the Structural Rules We gave six structural rules above. and G3. F A ^ B g. it is not uncommon to ﬁnd sequent calculi formulated with sets instead of sequences. F Y1 . G2. differing primarily on structural details. Note that. n fT X1 . Kleene. X2 ! Y1 . fT X1 . That is. This can be remedied. Other so-called substructural logics. where and have a formula in common.

and disappears below. then. However. The Cut rule violates the subformula property: X appears above the line. if the Cut rule is available. in a sense. Consequently. and constructivity was a key part of Gentzen’s motivation. The Cut rule is a kind of transitivity condition. a proof of X _ Y should be either a proof of X or a . One can show Cut is eliminable by showing that Gentzen systems with and without cut are both sound and complete. On the other hand. remarkable property: the subformula property. together with a termination argument. allowing the use of Lemmas. we must do two things: we must show each Hilbert axiom is Gentzen provable. proof length can grow exponentially. in fact. since its role is both important and unique. All this is straightforward. Instead. (Wallen’s chapter contains a full treatment of theorem-proving in intuitionistic systems. Each formula appearing above the line of a rule is a subformula of some formula appearing below the line. Cut ! . Since these are no longer equivalent. All the other Gentzen rules have a special.INTRODUCTION 11 conjunction (and disjunction). except for modus ponens. essentially because completeness proofs for ﬁrst-order logic are non-constructive. ! . 1935] Gentzen showed something of the versatility inherent in the sequent calculus by giving an intuitively plausible system for intuitionistic logic. it is easy to show that modus ponens preserves Gentzen provability. We have left the Cut rule for last. Intuitionistic Logic In [Gentzen. It is this that makes the construction of proofs seem mechanical. Gentzen gave what today we would describe as an algorithm for removing Cuts from a proof. Cut elimination has become the centerpoint of proof theory. It is this on which decidability results in the propositional case rest. Why.) Intuitionistic logic is meant to be constructive—in particular. in the following. and we must show each Hilbert rule of inference preserves Gentzen provability. an analysis of Gentzen’s proof of Cut elimination shows that. as well as one for classical logic. have a Cut rule at all? In showing Gentzen’s formulation is at least as strong as a Hilbert axiom system. the formula X is cut away. the system is in many ways less appealing. ! . Clearly this is an important issue. it is enough to show Gentzen’s systems with and without the Cut rule are equivalent—a result usually referred to as ‘Cut eliminability’. Allowing Cuts in an automated proof system is. Gentzen did not proceed this way. Cut elimination says they are not necessary. substructural logics. have two notions of conjunction and disjunction. when removing the use of Lemmas. X X. If Cut is allowed.

! 2X. Since semantical methods were not much used in modal logic at the time. though this is not how Kanger thought of them.) We take 2 as primitive. since there are close connections between S 4 and intuitionistic logic. 1960]. we should be able to say which member of the disjunction is a consequence of the left-hand side. and for a sequence of formulas. in turn. ! . Gentzen showed this gave a system that was equivalent to an axiomatic formulation of intuitionistic logic. Now. intuitionistically. and similar formulations were soon introduced (after the void of World War II) for other kinds of logics. If X is indexed with n. we write 2 for the result of preﬁxing each formula in with 2. This is different than in classical logic where one can have a proof of X _ :X without having either a proof or a disproof of X . the equivalence of these systems with Hilbert style ones was via a translation procedure. used to obtain decision procedures for the logics. recall that the right-hand side of a sequent is interpreted as a disjunction. for instance. Matsumoto. 1961. At about the same time. S4 X on the right. Gentzen’s Immediate Heirs Gentzen’s introduction of the sequent calculus was enormously inﬂuential. Then the following two rules are added. This. a conjunction receives the same index as its conjuncts (which must be the same). !X 2 ! 2X Note that the second of the rules for introducing 2 allows only a single formula X. of course. (See Gor´ ’s Chapter for an extended e discussion of the role of tableaus in modal theorem-proving. The Gentzen rules are modiﬁed so that in a conjunction rule. Ohnishi and Matsumoto gave calculi for several modal logics [1957. 1959. analogous to Gentzen’s rules for intuitionistic logic. We describe their system for S 4 as a representative example. Beginning in 1957. Nothing else was possible. making essential use of Cut elimination. is all quite informal. by making use of his Cut elimination theorem. His system for S 5 is of special interest because it introduced a new piece of machinery: propositional formulas were indexed with positive integers. The sequent formulations were. but it led to Gentzen’s dramatic modiﬁcation of the sequent calculus rules: allow at most one formula to appear on the right of an arrow. We brieﬂy sketch some of the early developments. 1964 ] and [Ohnishi. it is written as X n . Kanger also gave sequent style formulations for some modal logics [1957]. since there was no known semantics for intuitionistic logic at that time. Now we add to Gentzen’s rules the following. These integers can be thought of as corresponding to the possible worlds of Kripke models.12 MELVIN FITTING proof of Y . This should come as no surprise. Then.

and showed soundness and completeness. The Ohnishi and Matsumoto systems. This is an early forerunner of the now widespread practice of adding extra machinery to sequent and tableau systems. Beth. : : : . This reading of a sequent suggests appropriate rules. Gentzen’s axiom schema. ! 2X n. however. In 1967 Rousseau [1967] treated many-valued logics using Gentzen methods. we must be sure that no suitable counter-example whatsoever is available. In 1955 he introduced the terminology. Now a sequent is an expression: 0 j 1 j ::: j m 1 where each i is a sequence of formulas. : : : . He was more-or-less explicitly analyzing proofs. and his work has become the foundation of modern proof theory. and the Kanger systems. 2. We will see more examples later on. can be found in some detail in [Feys. Xn ! . Then a sequent is satisﬁable if one of the false’s is false or one of the true’s is true. though it was discussed by Rousseau. 1965]. Consider the left-hand side as the falses’s and the righthand side as the true’s. under some valuation. : : : . then we have a negative answer to our problem. The sequent is considered satisﬁable if some member of i has truth value i. (The chapter by H¨ hnle discusses current tableau theorem-provers for many-valued a logics. then we have an afﬁrmative answer. we ought not to look for a counter-example in a . Yk is considered satisﬁable if.2 Beth Gentzen’s motivation was proof-theoretic. There is no attempt at a completeness or soundness argument in his paper—only constructive proofs of equivalence with other formalisms. therefore. 1955]: “If such a counter-example is found. ‘semantic tableau’. either some Xi is false or some Yi is true. Beth. m 1. Rousseau extended this to an m-valued logic—say the truth values are 0. turns into the schema A j A j : : : j A. and thought of one as a systematic attempt to ﬁnd a counter-example. Xn ! Y1 . For many-valued logics. And if it turns out that no suitable counter-example can be found. the more interesting issue is that of quantiﬁcation. 1956]. ! . For instance. on the other hand. 1955. 1. 2X m Where no formula with index n occurs within the scope of 2 in or . ! Where m 6= n. In this case. To quote from [Beth. 2X n. Rousseau gave a method of producing connective rules.INTRODUCTION 13 S5 X m . was motivated by semantic concerns [Beth. which we do not touch on here. X1 . A classical sequent.) The basic ideas are relatively simple. A ! A.

Next. . to keep the Valid and the Invalid columns that belong together properly associated. a tableau construction may never terminate. thus displaying both possibilities. add both A and B to it. Xn in the Valid column. In practice this can be hard to follow if there are many cases. ‘Invalid. . If a semantic tableau is constructed as outlined above. if available. Xn . Here is an example of a Beth semantic tableau—a proof once again of the familiar tautology (X Y ) ((X :Y ) :X ). . The other possibility is that no such contradiction ever appears. If :A occurs in a column.” Beth arranged his counter-example search in the form of a table with two columns. Now there is indeed a systematic method for constructing a counter-example. and Beth’s method supplies a decision procedure. Beth’s solution was to split the Valid column in two. . This corresponds to beginning with the conjecture that Y is not a consequence of X1 . . . . Xn . . there are basically only two possible outcomes. The description above is correct in the propositional case. rather like using the sequent calculus backward. For example. add A to the other one. A rigorous treatment of this point requires some care. Xn . Things get a little awkward with disjunctive cases however. that is. . and so Y must be a consequence of X1 . systematically break down the formulas in each column. . . one labelled ‘Valid. In the ﬁrst-order case things are more complex since if there are no counterexamples. . but we must rather try to construct one in a systematic way. Since further splitting might occur. such an impossibility tells us there are no models in which X1 . . and so Y is not a consequence of X1 . and Y in the Invalid one. . begin by placing X1 . If this happens we still generate the information to construct a model. . . there are no counter-examples. Xn .14 MELVIN FITTING haphazard manner. . If the tableau system really does embody a thorough. it is necessary to label the various columns. To determine whether Y is a consequence of X1 . . Similarly if A _ B appears in the Invalid column. . it consists in drawing up a semantic tableau. . It may happen that a formula appears in both the Valid and the Invalid columns. if A ^ B appears in the Valid column. . systematic analysis.’ Perhaps ‘True’ and ‘False’ (in some model) would be more accurate. . In this case. Of course a corresponding split has to be made in the Invalid column. but the principle is certainly clear. Xn are true but Y is not. add both A and B to it. .’ the other. Beth observed. the tableau itself supplies all the necessary information to produce a counter-example. . . but only in the limit. If A _ B occurs in the Valid column we should be able to add one of A or B —the problem is which. which indicates an impossibility. and we gloss over it.

we begin with 1 in the Invalid column. 1968. Case ii is impossible because of formulas 6 and 7. Smullyan. with formula 9 on the Invalid side and formula 10 on the Valid one. From 3 we conclude 4 is Valid and 5 is Invalid. as it happens). The . and Gentzen’s Extended Hauptsatz. formula 8. details are beside the point here. the other placing Y in the Valid column. (X :Y ) :X is a consequence of X Y . 1996]. formula 7. Formula 10 in turn yields formula 11. which gives 2 in the Valid. Likewise 5 produces 6. Tableaus and Consequences Beth recognized that tableaus make it possible to give proofs of results about classical logic that are intuitively satisfying. It is usual to derive Beth’s Theorem from the Craig Interpolation Theorem and Beth takes this route in his book (this was not his original proof however). there are no counter-examples. in particular in [Chang and Keisler. or Y is. 1990. He explicitly discussed the relationship between tableaus and the sequent calculus. Likewise formula 4 causes another split. Since each subcase is impossible. either X is not true there. 1953a].INTRODUCTION 15 Valid (2) X (4) X (6) X Y :Y (i) (8) Y (iii) (iv) (10) :Y (1) (X Y ) ((X :Y ) :X ) (3) (X :Y ) :X (5) :X (i) (ii) (ii) (iii) (iv) (7) X (11) Y (9) X Invalid In the tableau above. In his book [Beth. Now things become more complicated. and case iv is impossible because of 6 and 9. labelled i and ii. Among Beth’s fundamental consequences is his famous Deﬁnability Theorem of 1953 [1953. Then formula 2 causes a split into two cases. Beth uses tableaus to prove the Craig Lemma (not Craig’s original proof either). 1959] Beth used tableaus to show a subformula principle saying that if a formula has a proof. Statements of it can be found in many places. Now we see we have arrived at a contradictory tableau. Case iii is impossible because of 8 and 11. one placing X in the Invalid column. the tableau itself is closed. In turn. He even gave a tableau-based proof of Gentzen’s Cut Elimination Theorem (a proof with a fundamental ﬂaw. creating subcases iii and iv . relating implicit and explicit deﬁnability in ﬁrst-order logic. this means case i is impossible. He derived a version of Herbrand’s Theorem. or closed as Beth called it. And he considered the relationship between tableaus and natural deduction. and 3 in the Invalid ones. If X Y is true in a model. it has one in which only subformulas of it occur. Fitting.

The left and right columns are considered as tubes which are connected at the bottom of the apparatus. at least sometimes. as a tableau system. These days tableaus are often used to prove versions of Craig’s Lemma. Beth’s intuitionistic tableau calculus introduced a new element: there were two kinds of branching. for each of the formulas U and V . 1954]. He presented this in the form of a sequent calculus and. In 1956 Beth provided a much more intuitively appealing semantics [Beth.) What concerns us here is that. “Let us suppose that the semantic tableau for a certain sequent (f) is closed. several formulas could appear on the right of an arrow. as a sequent calculus. he proved the soundness and completeness of his intuitionistic tableau system with respect to his semantics. We consider the tableau as a system of communicating vessels. 1938. This picture suggests the construction. at the same time. unlike in Gentzen’s system. but this was not particularly satisfactory as an explication of intuitionistic ideas to a classical mathematician. these various pressures result in a state of equilibrium. closure of one of the new branches is enough to close the original one. of a formula U 0 or V 0 which sums up the total contribution of U or V to the balance of pressures. and this can be traced to the possibility of disjunctive branching. He explicitly noted it could be used as written. on the other hand. Conjunctive branching is the only kind that occurs in classical tableaus. With conjunctive branching. Rasiowa. More interestingly. Intuitionistic Logic Again Gentzen’s approach to intuitionistic logic could not be based on semantics. Rasiowa. Since he was concerned . 1959]. The following is a quote from the beginning of his proof of Craig’s Lemma. since none was available at that time. but never in quite as picturesque a fashion. 1951. (These have been largely superseded by an alternative semantics due to Kripke. 1956. Intuitionistic propositional logic has a higher degree of computational complexity than classical propositional logic. When a branch splits disjunctively. Beth. known today as Beth models. conjunctive and disjunctive. An algebraic/topological semantics was developed soon after [Tarski. Beth gave a constructive proof of the equivalence of his system with that of Gentzen.” The proof continues somewhat more technically. Beth introduced a tableau system for intuitionistic logic. or upsidedown. both branches must close for the original branch to be closed. The formulas U create a downward pressure in the left tubes and likewise the formulas V create a downward pressure in the right tubes.16 MELVIN FITTING reason this is mentioned here is to illustrate Beth’s almost physical sense of the tableau mechanism.

under the supposition that a given complex formula or sentence is true. and often occur to several people simultaneously. we illustrate the ideas via classical propositional logic. X has been established as valid. as Hintikka puts it: “.3 Hintikka It has been noted that scientiﬁc advances come when the times are ready. . The work of Beth and Hintikka is such an event. “. can be said about the truth-values of its components. and unlike Gentzen. [Hintikka. appearing in 1955. Any non-atomic occurrence of a negation symbol was taken to be eliminable. 1955]. he explicitly considered which points of his completeness proof would be problematic for an intuitionist. We do not give Beth’s intuitionistic tableau system here. . First. a proof attempt proceeds by breaking formulas down into constituent parts. which Hintikka himself later developed. . the typical situation is one in which we are confronted by a complex formula (or sentence) the truth or falsity of which we are trying to establish by inquiring into its components. and we do so later. implication was not taken as primitive. Now. Or.” Model Sets The essentially new element in Hintikka’s treatment was the model set. Hintikka was motivated by semantic concerns: the idea behind a proof of X is that it is a systematic attempt to construct a model in which :X is true. though. as proofs of impossibility of counter-examples.” As expected. It is easier to present the basic ideas using signed formulas. Here the rules of truth operate from the complex to the simple: they serve to tell us what. suppose we have a classical propositional model. Likewise. 2. the same year as Beth’s.INTRODUCTION 17 with intuitionism as a philosophy of mathematics. M. we interpreted all proofs of logical truth in a seemingly negative way. We can say things like: X ^ Y 2 if and only if X 2 and Y 2 . though he does not call it that. It makes possible a considerable simpliﬁcation in the proof of completeness for tableaus by abstracting properties of satisﬁability of formula sets out of details of the tableau construction process. if the attempt fails. viz. essentially K¨ onig’s Lemma. (See also [Hintikka.. . Hintikka’s insight was to see that one of these . And it suggests the possibility of extensions to modal logics. via the usual negation normal form rules.) Like Beth. Associate with it the set of propositional formulas that are true in it. He found this centered on the Tree Theorem. with Hintikka’s primary paper. we mention a pecularity of Hintikka’s treatment: he assumed all negations occur at the atomic level. 1953]. This if-and-only-if assertion can be divided into two implications. As usual.

This led Hintikka to call sets meeting the (a) conditions model sets.0)(b) If not :A 2 . consider the following two sets of conditions. Today they are sometimes called downward saturated sets or even Hintikka sets. both (a) and (b). then X _ Y 2 . (C. then not :A 2 . and deriving a contradiction. then X ^ Y 2 . and do this by showing it belongs to no model (downward saturated) set. He actually proved a version for ﬁrst-order logic. Recall. (C. (C. by (C. (:X _ Y ) ^ ((:X _ :Y ) ^ X ) 2 From 1. Hintikka’s Lemma is for propositional logic. and our creation of a model amounts to a special case of Hintikka’s proof of his Lemma. 1. then X 2 and Y 2 . Now. where A is atomic. this is still enough—any such set can be extended to one meeting the (b) conditions as well. so if we begin with a downward saturated set with : (X Y ) ((X :Y ) :X )] 2 . (C.18 MELVIN FITTING implications determines the other. say that of our old friend (X Y ) ((X :Y ) :X ). Hintikka assumed formulas are in negation normal form. Of course as we stated it. (C. Do this by supposing otherwise. Hintikka’s Lemma Every downward saturated set is satisﬁable.1)(a) If X ^ Y 2 . Hintikka proved that if is known to meet only the (a) conditions. it extends to admit equality. The Hintikka Approach Suppose we wish to establish the validity of some formula. there is clearly a model M whose true formulas are exactly those of . Hintikka’s idea is simple: show : (X Y ) ((X :Y ) :X )] is not satisﬁable. then A 2 . then X 2 or Y 2 .1)(b) If X 2 and Y 2 . :X _ Y 2 .0)(a) If A 2 . and hence corresponds to some model.2)(a) If X _ Y 2 . where A is atomic.1)(a) we have: 2. and to various non-classical logics as well. To be more precise. Using this terminology. (C.2)(b) If X 2 or Y 2 . the set of signed formulas on such a branch is a version of Hintikka’s notion of model set. we are really assuming the following. In a natural sense. If is a set meeting all the conditions above. In Section 1. we have the following.2 we saw that an unclosed tableau branch can be used to generate a model provided that on it all possible rules have been applied.

Notational simpliﬁcation was the essential next step in the development of tableaus and. following Beth. for Beth’s two categories. in Studia Logica. with two-column subtables (and subsubtables.) He then stated the following rules (we only give the propositional ones). Y . we would have X 62 . the ﬁrst of these possibilities contradicts 5. By 4. by (C. The work of Lis himself only came to general attention in the last few years.4 Lis Beth and Hintikka each had all the pertinent parts of tableaus as we know them. But Lis did so not by separating them into columns. If the ﬁrst of these held. in effect. They were subsequently rediscovered and extended by Smullyan. Now. (:X _ :Y ) ^ X 2 Then from 3 we get: 4. Consequently we have 6. but their systems were not ‘user-friendly’. requiring much recopying. . by 2. Lis used arithmetical notation. but in Polish (with Russian and English summaries). 1968]. +Y . using (C. and Lis’s ideas did not become generally known. At that time there was a great gulf ﬁxed between the East and the West in Europe. 1960] in 1960. Y . (X Y ). see Section 2. b) If c) If (ii) Conjunctive Rules (X _ Y ). and so on) are not handy in practice.2. either :X 2 or :Y 2 . either :X 2 or Y 2 . but his two-column tables. Thus we have arrived at a contradiction—no such can exist. then +X . But.0)(a). :X _ :Y 2 X2 Y2 2. then X . divided formulas into two categories. (i) If :X . + or . Lis. 5. culminating in his 1968 book [Smullyan. but keeping them together and distinguishing them by ‘signs’. Beth proposed a graphical representation for tableaus. just as with the preceding stage. (He also used a formal numeration system to record which formulas followed from which—we ignore this aspect of his system. a) If +(X ^ Y ). Lis published his paper [Lis. Beth’s ‘valid’ and ‘invalid’. contradicting 5.INTRODUCTION 19 3. Hintikka. then X . used a tree structure but with sets of formulas at nodes. and the second contradicts 6.0)(a). then +X . it was taken independently by two people: Zbigniew Lis and Raymond Smullyan.

) 2. Smullyan. Smullyan introduced both signed and unsigned tableau systems. for equality. Smullyan’s book was preceded by [Smullyan. Unifying Notation Like Lis. Smullyan. 1963. Smullyan used T and F . (This makes half of rule (i) redundant. though his display of trees was rather like Beth’s tables. He grouped the conjunctive cases together as type A formulas. quite an elegant treatment resulted. 1965. They also appeared in the 1967 textbook [Jeffrey.’ meaning by this that the subformula principle is a central feature.5 Smullyan It is through Smullyan’s 1968 book First-Order Logic [1968] that tableaus became widely known.2. drop all occurrences of the + sign. 1966] in which the still unknown contributions of Lis were rediscovered. instead of treating these as parallel. He noted that signed formulas act either conjunctively or disjunctively (in the propositional case—quantiﬁcation adds two more categories). Smullyan used tableaus as the basis of a general treatment of classical logic. using for a generic type A formula and as generic type B. 1 and 2 for type B. but the essential idea is the same. and adding new ones of his own. and replace occurrences of the sign with occurrences of negation. Smullyan’s tables for both the signed and the unsigned versions are as follows. Lis also presented what he called a natural deduction system—what we would call an unsigned tableau system. In addition to the system of semantic tableaus using signs. similar systems. deepened. and even for deﬁnite descriptions. . For each of these. and the disjunctive ones as type B. Smullyan called his version ‘analytic tableau. Where Lis used + and as signs. including an analysis of the variety of completeness proofs. But Smullyan.20 MELVIN FITTING (iii) Disjunctive Rules a) If then b) If then c) If then X Y +(X _ Y ) +X +Y +(X Y ) X +Y (X ^ Y ) These rules are intended to be used in the same way the ‘T’ and ‘F’ signed rules were in Section 1. 1967]. For this. and extended. two components were deﬁned: 1 and 2 for type A. abstracted their common features. which was directed at beginning logic students. :. Lis also gave rules for quantiﬁers. Drawing together ideas from several sources.

This was not a concern of Smullyan’s.) Today negation is often left out of the conjunctive/disjunctive classiﬁcation. which follow a different pattern. but because it introduces redundancy if one is attempting to automate semantic tableaus. likewise F X is true if X has the value false. not because it is mathematically inappropriate. 1996] these tables are extended to include all other binary connectives except for equivalence and exclusive-or (the dual to equivalence). and a is true if and only if at least one of 1 or 2 is true. T (X F (X 6 (X :(X 6 F (X T (X 6 :(X (X 6 Y) Y) Y) Y) Y) Y) Y) Y) T (X T (X (X (X F (X F (X :(X :(X 1 Y) Y) Y) Y) Y) Y) Y) Y) T (Y X ) T (Y X ) (Y X ) (Y X ) F (Y X ) F (Y X ) :(Y X ) :(Y X ) 2 2 1 The effects of uniform notation are quite lovely: all the classical propositional tableau rules for extending branches reduce to the following pair. even these can be included. In [Fitting. . (A signed formula T X is true in an interpretation if X has the value true. But if one is willing to weaken the subformula principle somewhat.INTRODUCTION 21 T (X ^ Y ) F (X _ Y ) F (X Y ) T :X F :X (X ^ Y ) :(X _ Y ) :(X Y ) ::X TX FX TX FX TX X :X X X 1 TY FY FY FX TX Y :Y :Y X 2 F (X ^ Y ) T (X _ Y ) T (X Y ) :(X ^ Y ) (X _ Y ) (X Y ) FX TX FX :X X :X 1 FY TY TY :Y Y Y 2 The idea is. using the following deﬁnitions (in which we use 6 for exclusive-or). in any interpretation an is true if and only if both 1 and 2 are true.

Then the sequent is valid if and only if the corresponding set is unsatisﬁable. to give a uniform proof of cut elimination. If we think of the strings of formulas on the left and the right of the sequent arrow as sets rather than as sequences. : : : .22 MELVIN FITTING 1 2 1 2 Smullyan took this abstract approach considerably further. :Yn . Yk to the set fX1. tableau and sequent proofs are the same thing. to intuitionistic and modal logic. eventually doing away with formulas altogether. omitting the structural rules). it could have come from the sequent X ! Y or from X. : : : . : : : . which is what everyone suspected all along. : : : . : : : . F X j jS. F Y1 . j jS. :Y g. . From this point of view. 1 . a tableau proof is a sequent proof backwards. Following Smullyan [1968]. While one can work with this. :Y !. : : : . let jS j be the sequent X1 . in a tableau system we show a formula (or a set of formulas) is unsatisﬁable. say. Axioms Inference Rules jS. Yk . and for more complex sets the number of possibilities can be much greater. j This more abstract approach makes it possible. T Xn . thus ignoring the structural rules. we need a suitable translation between sequents and (ﬁnite) sets of formulas. using uniform notation. In [Smullyan. In one direction things are simple: map the sequent X1 . But a problem arises in going the other way. 1 j jS. for instance. from a set to a sequent. 1970] the essence of the tableau approach to classical logic was distilled. : : : . Xn ! Y1 . T X. it makes things unnecessarily complicated. 2 j jS. Signed formulas deal with this problem nicely. So. rather than proving it for one and deriving it for the other as a consequence. 2 j jS. :Yk g. 1973] this was extended. Given the set fX. F Yk g is a set of signed formulas. The Role of Signs From the beginning of the subject the connection between tableaus and the sequent calculus was clear. Loosely. : : : . this deﬁnes a one-one translation between sequents and sets of signed formulas. What is more. if S = fT X1 . Xn . in order to make the sequent/tableau relationship clear. the sequent calculus rules can be presented in the following abstract form (again. one that applies to both tableaus and the sequent calculus. Thus we have a many-one mapping. In the sequent calculus we show a sequent is valid. Xn ! Y1 . and in [Smullyan.

Clearly this violates the subformula principle. for any formula X . and has played some role in this area. Chapter 3. a branch may be split. and it clearly does not violate the subformula principle. and so '(d) will be false in the model. The sequent calculus formulation of Cut was given in Section 2. one can introduce a Cut rule for tableaus. .INTRODUCTION 23 Cut and Analytic Cut Just as with the sequent calculus. for tableaus it has a much simpler appearance. then '(c) is also true for any closed term c. since we had to re-interpret d. so differences between systems can be illustrated sufﬁciently well at the propositional level. using Smullyan’s uniform notation. if (8x)'(x) is false in a model. universal. Now it is time to say a little about them. Here are signed and unsigned versions. and similarly for the unsigned version. this has no effect on how formulas already appearing are interpreted. with T X added to one fork. and as generic type D.1. Analytic Cut also shortens proofs. which is simply the Cut rule as given above. In stating things we use the informal convention that. but since d was chosen to be a constant symbol that was new to the proof. But Smullyan also considered what he called Analytic Cut. '(c) is like '(x) but with occurrences of c substituted for all free occurrences of the variable x. but with the restriction that X must be a subformula of some formula already appearing on the branch. with as generic type C. and type D.6 The Complications Quantiﬁers Add In our survey of various proof systems above. 2. The reason is simple: all the systems treat quantiﬁers more-or-less the same way. On the other hand. Now we give quantiﬁer tableau rules. Like unrestricted Cut. and show it can be eliminated from proofs. and F X added to the other. (A full treatment of ﬁrst-order tableaus can be found in the chapter by Letz. Note that the model in which '(d) is false is not the original model. we ignored quantiﬁers. existential. there is some member of the domain of the model for which '(x) does not hold. if d is a new constant symbol. Then. Quantiﬁed formulas are classiﬁed into type C. at any time during a signed tableau construction. It lends itself well to automation. Cut TX FX X :X That is. If (8x)'(x) is true in some model.) Quantiﬁer rules for classical logic are deceptively simple. if '(x) is a formula and c is a constant symbol. we can interpret it to designate some member of the domain for which '(x) fails.

j As we said. 4 is from 3 by F 8. if the -rule can be applied at all. Here is an example of a classical ﬁrst-order proof. z ) F R(c. the constant symbol c had not yet been used. z ). Using the notation of Section 2. Existential quantiﬁers. jS. g. . it can be applied in inﬁnitely many different ways. and 6 is from 5 by T 8. here are sequent rules for classical quantiﬁers. This means a tableau can never be completed in a ﬁnite number of steps. Notice that when the F 8 rule was applied. of (8x)(8y )R(x. 5. Where c is a constant symbol that is new to the branch. Where c is any constant symbol whatever. (c)j jS. 4. y) (8z )R(z. the quantiﬁer rules are deceptively simple. 2 and 3 are from 1 by F . (c)j jS. c) T (8y)R(c. this is the source of the undecidability of classical ﬁrst-order logic.5. z ) T (8x)(8y)R(x. y) F (8z )R(z. j Where c is a constant symbol that does not occur in fS. 5 is from 2 by T 8. jS. 3. 6. remove constant symbols. c) For a sequent calculus formulation things are reversed from the tableau version. Since there are (we assume) inﬁnitely many constant symbols available. instead of introducing new constant symbols. Where c is any constant symbol. In it. Essentially.24 MELVIN FITTING T (8x)'(x) F (9x)'(x) (8x)'(x) :(9x)'(x) (c) T '(c) F '(c) '(c) :'(c) T (9x)'(x) F (8x)'(x) (9x)'(x) :(8x)'(x) (c) T '(c) F '(c) '(c) :'(c) Now. the quantiﬁer rules are these. y ) (8z )R(z. 2. (c) (c) F (8x)(8y)R(x. 1. y) T R(c.

But now.” If T X Y occurs in a tableau. informally we have a proof of X Y . in our present . if and only if we possess a construction r. and so we have a way of converting proofs of X into proofs of Y . The ﬁrst explicitly presented as such seems to be in the 1969 book of Fitting [1969]. Likewise think of F X as asserting the opposite: X has not been given an intuitionistically acceptable proof. we do not have an intuitionistically acceptable proof of X _ Y . X has been given a proof that an intuitionist would accept. generalizing signs. informally X _ Y has been intuitionistically proved. by the way. and so we can add both F X and F Y to the branch. In the resulting tableau system. For instance. and using pairs of coupled trees. In this section we sketch a few such systems. the next stage in the development of tableaus was the extension to various non-classical logics. signs primarily were a device to keep track of left and right sides of sequents. which. would automatically effect a construction proving q. modifying closure rules. allowing trees to change in ways other than simple growth. a proof of p. The particular systems chosen illustrate the variety of extra machinery that has been developed for and added to tableau systems: reinterpreting signs. adjoining ‘side’ information. joined to any construction proving p (supposing that the latter be effected). That is. 1956]). so we can have neither a proof of X nor of Y . Then. hence this is the case for one of X or Y .) Some tableau rules are immediately suggested.INTRODUCTION 25 3 MODERN HISTORY After reaching a stable form in the classical case. intuitionists read disjunction constructively: to prove X _ Y one should either prove X or prove Y (see [Heyting. intuitionistic rules for disjunction look like classical ones! The same is the case for conjunction. without explicitly using sequent notation. In this the signed tableau system of Smullyan was adapted. that is. with the signs given a new informal interpretation. But things begin to get interesting with implication. (This is quite different from assuming X is intuitionistically refutable. “The implication p ! q can be asserted. Likewise if we have F X _ Y . say how they came about. For both Lis and Smullyan. so the tableau branch splits to T X and T Y . We quote Heyting [1956]. think of T X as informally meaning that X is intuitionistically true. In other words. proof trees were allowed to shrink as well as grow.1 Intuitionistic Logic Sequent calculi for intuitionistic logic were around from the beginning—Gentzen and Beth both developed them—so it is not surprising that a tableau version would be forthcoming (see Wallen’s chapter). Signs also had an intuitive interpretation that was satisfying: T X and F X can be thought of as asserting that X is true or false in a model. together with r. would form a proof of q. 3. and present the intuitions behind them. Then if we have T X _ Y in a tableau.

if S is a set of signed formulas. Then intuitively. T Y S. We write S. either we are not able to prove X . when using this representation of tableaus. F Y S. T X. its presence on both branches might be embodied in a single formula occurrence. T X. we may discover a proof of X without being able to convert it to a proof of Y . information about node existence and tableau structure could be lost. T X Y S. someday we could have both T X and F Y . and using the tree representation for tableaus. T X ^ Y S. the propositional intuitionistic rules are these. This does not say anything at all about whether we are able to prove X . the tableau branch splits to F X and T Y . It may happen that a formula should be deleted on one branch. check it off where it occurs. Now. T X S. F X S. just as it does classically. not necessarily now. F X S. F X ^ Y S. What we do instead. 1969].) We must be a little careful with this notion of formula deletion. F Y S.2. though. (Negation has a similar analysis.) There is still one more problem. what do we carry with us? If we have not proved some formula Z . Now suppose F X Y occurs in a tableau. add both T X and F Y .26 MELVIN FITTING state of knowledge. with S being the set of remaining formulas on the branch. we do not have a mechanism for converting proofs of X into proofs of Y . this is not necessarily a permanent state of things—tomorrow we may discover a proof. Now. T X _ Y S. (Of course. when passing from a state to a possible future state. What it says is that someday. That is. F X. tomorrow this will still be so—a proof remains a proof. If we simply delete formulas. or we are. as we move into the future. F X Y ST . T Y S. in which case we can provide a proof of Y as well. This suggests the following tableau rule: if a branch contains F X Y . The tree representation for tableaus that we have been using marks the presence of a node by using a formula as a label. signed formulas of the form T Z should remain with us. unchecked occurrence to the end of the branch on which it should not be deleted. To state the intuitionistic rules formally we use notation from [Fitting. is leave deleted formulas in place. That is. F Z to indicate a tableau branch containing the signed formula F Z . let ST be the set of T -signed members of S . But if we have proved Z . T Y S. We are talking about a possible future state of our mathematical lives. placing a sets representation for tableaus from Section 1. since there is no structure sharing. Conjunction S. but not on another. F X _ Y S. In this case. when using the set of check them off. but p in front of them. Thus. signed formulas of the form F Z need not. though. F Y Disjunction Implication . things are simpler: just replace one set by another. but ﬁrst delete all signed formulas on the branch that have an F sign. and add a fresh.

where neither is a deleted signed formula. on the other hand. p 1. say. A proof of X ) ::X . as far as usable formulas are concerned. F X S. FX 4. T :X @ @ 5. T :XX X 3.2. T :X S. T :X X 3. the tableau rules above correspond to Beth’s rules in the same way that the classical tableau rules of Lis and Smullyan correspond to Beth’s classical rules.INTRODUCTION 27 Negation S. F :: 4. both F X Y and F A B . A tableau proof attempt begins with F (:X theorem is (:X X ) X . Nonetheless. F :X @ @ 6. TX X ) ::X . a contradiction is still a contradiction. 7. but closure of the left branch is impossible since an application of F : to 4 causes deletion of 3. Of course the intuitive idea is somewhat different than in the classical case now: the contradiction is that an intuitionist has both veriﬁed and failed to verify X . The formula (:X it begins with F (:X F :X @ @ 5. For completeness sake. This is the analog of Beth’s disjunctive branching. p 1. using an implication rule on one will destroy the other. and produces 2 and 3 below. The nonX ) X . TX FX . F :X ST . is a theorem. An application of the F rule causes this very F -signed formula to be deleted. If a branch contains. a non-theorem and a theorem. then continues as follows. see Section 2. F (:X X ) X 2. As a matter of fact. T X Then unlike with classical tableaus. A tableau branch is closed if it contains T X and F X . The right branch is closed. F (:X X ) ::X p 2. for some formula X . intuitionistic tableaus can shrink as well as grow. We conclude with two examples. Use of T on 2 gives 4 and 5. both possibilities must be explored. It is possible to make a bad choice at this point and miss an available proof.

In terms of Kripke models. and they can be extended. 1993. At the cost of a small increase in the number of signs. Surma considered a more general situation. we consider Kleene’s strong three-valued logic.. Fc . While this is a natural idea. the two signs of Lis and Smullyan were extended to a larger number. 1991 ]. (The paper [Carnielli. and ﬁnally. as in intuitionistic logic. and Ornaghi have created a tableau system for intuitionistic logic that is more efﬁcient than the one presented above [Miglioli et al. 1967]. but reduces duplications inherent in the tableau system without the additional sign. Moscato. U . Finitely-valued Łukasiewicz logics were given a tableau treatment by Suchon [1974]. 3. one must construct a closed tableau for V X . The tableau is closed because of 4 and 5. in practice it means several tableaus may need to be constructed for a single validity proof. UX _Y FX UX UX UY UY FY More recently. for instance. Miglioli et al.2 Many-Valued Logic The signs of a signed tableau system can be reinterpreted. a topic to be continued in the next section. Also. Essentially. 1987] contains an error in the quantiﬁer rules which is corrected in [Carnielli. H¨ hnle showed that many-valued logics could often be treated a . and 6 and 7. To show a formula X is a theorem. as happened in many-valued logic (see Olivetti’s chapter). Suppose.1.. Suppose we introduce F . ?. for each non-designated value v. 1994]. where ? is intended to represent ‘unknown.) In these papers. Miglioli et al. trueg. then disjunction-of is simply maximumof.28 MELVIN FITTING An application of the F rule deletes 1 and adds 2 and 3. Miglioli. none of which are checked off.. But now. and T as signs corresponding to the three truth values. Then one of the Carnielli rules for disjunction is the following.’ Disjunction is easily characterized: order the truth values by: false < ? < true. [1984]. In addition to the signs T and F . the T : rule applied to 4 adds 7. 1988. We can take as the three truth values ffalse. a well known logic. this is the tableau version of the many-valued sequent calculus of [Rosseau. Likewise we can think of F X as true at a possible world if X is not true there. we can think of T X as true at a possible world if X is true there. where V is a sign corresponding to the truth value v . Without going into details. with one sign for each truth value of the logic. 1991]. the rules themselves tend to be complicated. in the sense customary with intuitionistic semantics. one more sign. This requires additional tableau rules. The T rule applied to 2 adds 5 and 6. think of Fc X as true at a world if :X is true there. this should suggest some of the ﬂexibility made possible by the use of signed formulas. is introduced. Then F : applied to 3 deletes it and adds 4. discussed in Section 2. and this was further developed by Carnielli in [1987.

a generalized uniform noa tation becomes possible. 1992]. again for the strong Kleene logic. In many cases. This was complex and hard to follow. 1993] for a general overview of the sube ject. U g X _ Y fF. Destructive Tableau Systems Fitting extended Smullyan’s uniform notation to the modal case. Systems for several modal logics. But the most extensive development was in Fitting’s 1983 book [Fitting. 3. U g Y As this example suggests. his completeness proofs for axiom systems proceeded by showing equivalence to Beth tableau systems (using cut elimination) then proving completeness for these by a systematic tableau style construction. 1962 ]. and to the development of tableau systems for various such logics (covered by Gor´ in his chapter). rather than a a a single truth values. We sketch a few to give an idea of the style of treatment. and for temporal logics in [Rescher and Urquhart.3 Modal Logic What is now called relational semantics for modal logic was fully developed by the mid-sixties. based on somewhat different principles. a fF. In fact. gave tableau systems for dozens of normal and non-normal modal systems. Hintikka [1961.INTRODUCTION 29 more efﬁciently by tableaus if sets of truth values were used as signs. 1991]. if the 0 . Kripke himself gave Beth-style tableaus for the modal logics he treated. if S is a set of signed formulas. where S is a set. Then to show X is valid one needs a single closed tableau. Next. Think of S X . similar to the intuitionistic system of that book. beginning with D X . once sets are used as signs. as asserting that the truth value of X (in some model) is a member of S . H¨ hnle. drawing on work of Kanger [1957]. 1972]. U g X fF. a set S # is deﬁned. which is a central issue in many-valued logics. Here is a signedformula version. appeared in [Fitting. T 2X T X F X FX 0 F X FX T 2X T X The idea is. 1990. We have not discussed quantiﬁcation. This led to a renewed interest in modal logic itself. among other things. 1963a. where D is the set of non-designated truth values. The idea is: a formula is true at a possible world if and only if the corresponding 0 is true at every accessible world. 1971]. [H¨ hnle. and the intuition behind the tableaus. a formula is true at a possible world if the corresponding 0 is true at some accessible world. See [Fitting. [H¨ hnle. 1983] which. 1969]. H¨ hnle. 1991. 1965 ]. 1963b. this works quite well. The following is a typical example of a H¨ hnle-style rule. and Kripke [1959. and soon Henkin-style completeness arguments became standard. A tree-style system for S4 appeared in [Fitting.

1: 2: 3: 4: 5: 6: 7: 8: The underlying intuition is direct. or by adding rules. Y ) (2X Here is a simple example of a proof in this system. and 1 through 4 as S . We give the version for K .30 MELVIN FITTING members of S are true at a possible world. this one modiﬁes a whole branch. Several other normal modal logics can be treated by modifying the deﬁnition of S #. is the set of signed formulas on a branch. 0 . hence the description ‘destructive’. It begins as follows. and we move to a ‘generic’ accessible world. p p p p p . or both. S# = f 0 j 2 Sg S. and apply the modal rule. S has been replaced by S # ). As is the case with both classical and intuitionistic tableaus. For instance. interpolation theorems and related results can be derived from the tableau formulation. the whole branch can be replaced with S # . except the modal one. 2 is deleted but 6 is added. F 2(X Y ) (2X 2Y ) T 2(X Y ) F 2X 2Y T 2X F 2Y TX Y TX FY Here 2 and 3 are from 1. and modiﬁes others. The rules for K are exactly as in the classical Smullyan system. Now take 5 as . and 4 and 5 are from 3 by F . 4 is deleted but 7 is added (at this point. the logic K 4 (adding transitivity to the model conditions) just requires a change in a deﬁnition. together with the following ‘destructive’ rule. The deﬁnition of S # differs from modal logic to modal logic. 0 Unlike the other rules (but exactly like the intuitionistic rules in Section 3. the smallest normal modal logic. 3 is deleted. Formula 1 is simply deleted. it is an information-loosing rule. We continue to use the device of checking off deleted formulas in trees. Now an application of T to 6 produces a closed tableau. and ﬁnally 5 is deleted but 8 is added (this is 0 ). All rules. Completeness can be proved using either a systematic tableau construction or a maximal consistent set approach. Since this removes formulas. are seen as exploring truth at a single world. The modal rule corresponds to a move from a world to an alternative one. of 2(X 2Y ). If S. A soundness argument can easily be based on this. the members of S # should be true there. S#.1). to the following.

The resulting system can be seen as a direct descendant of the sequent system of Kanger. n k 0 Preﬁxes should be thought of as names for possible worlds. The system for S 5 is particularly simple because the logic is characterized by models in which every world is accessible from every other. In a straightforward way. Other approaches have brought possible worlds visibly into the picture. and similarly for .INTRODUCTION 31 S# = f . Hughes and Cresswell [1968]. The .rules from Sction 2. discussed in Section 2. possible worlds were implicit. Semi-analyticity extends and weakens the notion of analytic cut. but restrict the modal rule to those cases in which S # is non-empty. and Z is a signed formula. For other modal logics sequences of integers . and involve boxes representing possible worlds. The notion of preﬁxes is at its simplest for S 5. but is still not as broad as the unrestricted version. 1983. for more details. modal logics that have tableau systems of this kind can not have a semantics whose models involve symmetry of the accessibility relation. Where k is any nonnegative integer that is new to the branch. 0 j 2 Sg Generally speaking. have a system of diagrams which are tableau-like. preﬁxes correspond to the Hughes and Cresswell boxes. See Fitting. This time there is no notion of formula deletion.5 are modiﬁed in a direct way: conclude n 1 and n 2 from n . where n is a non-negative integer. It is even possible to treat such quasi-regular logics as S 2 and S 3 by similar techniques. we get a tableau system for the smallest regular logic C . [1983]. n k 0 Where k is any nonnegative integer. 1993] for a deﬁnition of regularity). not explicit. For instance. with arrows representing accessibility. though. if we use the system for K above. where we can take as preﬁxes just natural numbers.and . for instance. Interestingly enough. In 1972 Fitting [1972] gave tableau systems using preﬁxes in which the idea was to designate possible worlds in such a way that syntactical rules determined accessibility. such logics can often be given tableau systems in this style if a cut rule is allowed. Various regular but non-normal logics can be dealt with by restricting rule applicability (see [Fitting. Making Accessibility Explicit In the various tableau systems described in the previous section. The following modal rules are used (similarity to quantiﬁer rules is intentional). and in fact a semi-analytic version is enough.1. Fitting. A preﬁxed signed formula for S 5 is just n Z .

Suppose every open branch of T1 covers some open branch of T2 —intuitively. Something very much like this. see [Dunn. Then we have argued for the validity of X Y . Smullyan presented a system of ‘linear reasoning’ for ﬁrst-order classical logic in [Smullyan. decision procedures can often be easier to describe and program. 3. 1983] for details. proofs of interpolation theorems. On the other hand. in a side table. since the antecedent and the consequent are not related to each other. Such a proof technique is complete for implications. Fitting. breaking it down by constructing T1 for T X . T1 for T X . using the additional machinery. here is a coupled tableau proof of (P Q) (:Q :P ). we do the following. Other techniques have also been used. motivated by automation concerns. The open branches of T1 represent all the ways in which X could be true. appeared in a pedagogically nice form in Jeffrey [Jeffrey. but for propositional classical logic only. and similarly for T2 . 1968]. under the name of coupled trees. that for so-called ﬁrst-degree entailment is rather simple—this is the fragment in which one considers only formulas of the form A B where A and B do not contain implications. By such methods very general theorem proving mechanisms can be created. While the semantics for relevance logic is generally quite complicated. Such proofs are not available once explicit possible worlds appear. each of the ways X could be true must also be a way in which Y is true. There is a drawback however. There are many ways explicit reference to possible worlds can be incorporated into tableaus. but instead of constructing a closed tableau for F X Y . The system was tableau based. Let us say a branch 1 covers a branch 2 if every signed atomic formula on 2 also occurs on 1 . most notably. making the transition from T1 to T2 using the covering condition. See [Fitting. Suppose we want to give a classical propositional logic proof of X Y . Completely construct two tableaus. In effect. To illustrate the technique. The reason this is of interest here is that the method of ‘coupled trees’ developed for it shows yet another way of working with tableaus. where the intuition is: extension-of corresponds to accessible-from.32 MELVIN FITTING are used. and was motivated by Craig’s original proof of his Interpolation Theorem. The most obvious is to simply record accessibility information directly. A sense of dissatisfaction with such things led to the creation of the family of relevance logics. 1986] for a survey of the subject. This builds on an abstract of Fitch concerning modal natural deduction systems. One of the nice features of tableaus is the extra information they can provide about the logic. 1972.4 Relevance Logic Fault has been found with tautologies like (P ^ :P ) Q. we are thinking of the proof of X Y as beginning with X . and T2 for T Y . . then building up to Y using the tableau T2 for T Y backwards. It is Jeffrey’s version with which we begin. 1967].

both true and false. It is the restriction of the covering condition to only open branches that allows a coupled tree argument for (P ^ :P ) Q. We may have information that tells us a proposition P is true. or false. T :Q :P T :P FP We do not describe the construction of the two tableaus. instead of working in the ideal setting of classical logic. The formula P (Q _ :Q) is classically valid. But note that the left branch of tableau one covers the right branch of tableau two. Dunn showed this gave a sound and complete proof procedure for ﬁrst-degree entailment. What sense can be made semantically of using tableau branches even if closed? Suppose. if neither T P nor F P is on . even closed branches contain information. under every valuation v in the four-valued logic. Thus we have a correctly constructed coupled tableau argument. which is elementary. trueg if both T P and F P are on . and see if every branch of T1 . we may have no information about P at all. Map P to ftrueg if T P is on but F P is not. F :Q 6. . map P to . The technique is fairly general. though not provable by the technique described above. closed branches are ignored and. The relationship between the four-valued logic and tableaus is simple: if a branch of a tableau has had all applicable tableau rules applied to it we can think of as determining a four-valued valuation as follows. two-valued one. Dunn showed that a simple semantics for ﬁrst-degree entailment could be given using this four-valued logic: X Y is a valid ﬁrst-degree entailment if and only if. Dunn’s proposal in [1976] is to simplify Jeffrey’s system to the extreme. completely construct tableaus T1 for T X (not using the Cut rule) and T2 for T Y . T Q Q 4. 2. There are some problems with this intuitively simple idea. which is the standard example of a tautology not acceptable to relevance logicians. while this may seem natural at ﬁrst encounter. a similar ‘ambiguation’ can be developed starting with many-valued logics other than the classical. or we may have contradictory information. trueg. closed or not. TP FP @ @ 3. To get around this Jeffrey added a device that amounts to allowing applications of the cut rule in the tableau for the antecedant of an implication. and the right branch of tableau one covers the left branch of tableau two. But equally well. and map P to ffalse. covers a branch of T2 . via formulas 2 and 8. if v (X ) is at least true (has true as a member) then v (Y ) is also at least true. via formulas 3 and 7. however. This is a logic that was urged as natural for computer science in Belnap [1977]. map P to ffalseg if F P is on but T P is not. we work in something more like the real world. In effect we are using a four-valued logic whose truth values are all subsets of ffalse. 7. To show X Y . Indeed. @ @ 5. neither true nor false. T Q 8. Also.INTRODUCTION 33 1.

and Neri Voghera developed a tableau-based a system that was implemented on a Facit EDB [Prawitz et al. 1958]. covered by D’Agostino et al. Smullyan and Lis were not interested in automation at all. was primarily interested in automation. We lay the historical foundations for today’s activity. Smullyan. all along there has been a subcurrent of interest in the uses of tableaus for automated theorem-proving—today it has become a major stream. Still. But another determinant was more technical—nobody seems to have connected tableau methods and uniﬁcation for a long time.. in fact. The ﬁrst of Wang’s programs. with basic ideas occurring independently several times. proved all the approximately 220 propositional theorems of Russell and Whitehead’s Principia Mathematica in 3 minutes! This was quite a remarkable achievement for 1958. each with additional features of interest. though this did not have a lasting inﬂuence. Perhaps this accounts for much of the emphasis on resolution in the automated theoremproving community. Schr¨ oder [1992] gives a tableau system in which additional bookkeeping machinery is introduced to check that each occurrence of a propositional variable was actually used to close a branch. 1965. Robinson. 4. At approximately the same time. for classical propositional logic. without which only toy examples are possible.. which he then implemented on an IBM 704 [Wang. Also. Dag Prawitz. In 1957– 58. Beth had machine theorem-proving very much in mind [Beth. By the post-modern period for tableaus we mean the period of their automation (involving issues discussed by H¨ ahnle in his Chapter). We also conﬁne the discussion to ‘pure’ tableau issues—we do not consider the increasingly fruitful relationships between tableaus and other theorem-proving mechanisms like connection graphs or resolution. Hao Wang proposed a family of theorem provers based on the sequent calculus. It is curious that resolution and tableaus in their current form appeared within a few years of each other [Lis. Indeed. We will not bring our history up to today because present developments are many and are continuing to appear at a rapid rate. see Section 3. who invented resolution. among the ﬁrst implemented theorem provers are some based on tableau ideas.34 MELVIN FITTING There are other approaches to relevance logic that make use of tableaus. 1960].2. the summer of 1958. H˚ kan Prawitz. 1960.1 The Beginnings Even though resolution has historically dominated automated deduction. before it starts. We will sketch the swelling of this interest—it is complex. H¨hnle [1992] gives a formulation of ﬁrsta degree entailment using many-valued tableaus with sets of truth values as signs. Robinson. post-modernism begins before modernism ends. Relevance logic itself is part of the more general subject of substructural logic. as in every other. 1960]. 1968]. . 4 POST-MODERN HISTORY In our subject.

A formula X is an AE formula if X is in prenex form. terms. add a dummy one. y2) 2: F (8x2 )(9y1 )(9y2 )'(c1 .) Wang implemented the AE system just described. and we attempt a tableau proof. y1 . Instead of a full ﬁrst-order system. and introduces an exponential growth factor into tableau construction. Suppose. x2 . all of which must come ﬁrst. we now have only -rules to apply. After this. uniﬁcation solved this problem. y1. but did not actually carry out an implementation. we can extend the deﬁnition to include those formulas that convert to AE form. that we have a typical AE formula. Prawitz and his colleagues worked with a formalization having constant symbols but no function symbols. but how do we know which t will be a useful choice? Eventually. c2 . -rule applications in proofs of AE formulas can be limited to constant symbols that were previously introduced by -rule applications. or universal quantiﬁer. using only the constant symbols c1 and c2 (four applications in all). Wang discussed essentially the same idea. x2 . as we will see in the next section. and all universal quantiﬁers precede any existential quantiﬁers. In general. The AE class is a decidable logic. (If there are no initial universal quantiﬁers. y2 ) Except for the case. classical tableau rules need only be applied to formulas once.INTRODUCTION 35 The . which is the source of the undecidability of ﬁrst-order logic. Subsequent modiﬁcations made possible proofs of all the theorems of *9 to *13 of Principia in about four minutes. Since the rules for putting a formula into prenex form are not hard to mechanize. It follows that a boundable number of -rule applications is always enough. (8x1 )(8x2 )(9y1 )(9y2 )'(x1 . Of the 158 ﬁrst-order propositions with equality in Principia Mathematica his program proved 139 of them. y2 ). Making use of this fact. the set of such constant symbols grows without bound. without compromising completeness. y2 ) 3: F (9y1 )(9y2 )'(c1 . It is rather easy to show that if this does not produce a proof. and formulas was non-trivial on these early machines. for instance. no proof is possible. It allows us to pass from to (t) for any t. each introducing a new constant symbol. Suppose we apply them in all possible ways.) Then the rule was implemented to simply instantiate to (c) for every constant symbol c that had been introduced by rule applications. We have two -rule applications to begin with. then apply the procedure just outlined. y1 . rule is a major source of difﬁculties for ﬁrst-order tableau implementations. Thus the tableau begins as follows. say c1 and c2 . Although Wang only worked with a decidable . x2 . we only use propositional rules. More generally. y1 . 1: F (8x1 )(8x2 )(9y1 )(9y2 )'(x1 . this method creates many useless instantiations. and a complete tableau procedure for it is remarkably simple. Wang implemented a calculus for a decidable fragment—the AE formulas (with equality). but uniﬁcation was not available in the 1950’s. as the authors note. But also. which simpliﬁed the structure of terms (representation of strings. thus limiting the theorems provable by their implementation to rather simple examples.

but it is a curious discovery. “A rather surprising discovery. In a way. Popplestone. In 1978 Mogilevskii and Ostroukhov [Mogilevskii and Ostroukhov. The rule allows passage from to (t) for any term t. It is interesting just how hard it is to say what is interesting. and then resolution. a substitution that uniﬁes t and u will close the branch. 4. Without guidance on what term or terms to choose. and print out those that passed an ad hoc test for being ‘nontrivial’. automation is essentially hopeless. This work seems to have had few direct successors. yield a complete theorem-prover. where x is a new free variable (a dummy.000 propositions were formed and tested in one hour. implemented a Beth tableau style theorem prover and speciﬁcally noted its relationship with Wang’s version. Possibly the introduction of the Davis-Putnam method. and why. the experiment was a failure. Wang avoided the problem by conﬁning his theorem-prover to a subsystem of full ﬁrst-order logic. One interesting experiment that Wang undertook was to have the computer generate propositional formulas at random.2 Dummy Variables and Uniﬁcation It is universally recognized that the or universal quantiﬁer rule is the most problematic for a ﬁrst-order tableau implementation. is the absence of any theorem of the predicate calculus in Principia which does not fall within the simple decidable subdomain of the AE predicate calculus. Systematically trying everything would. to use terminology from [Prawitz. of course. is to modify the -rule so that it reads: from pass to (x). but one that is hopelessly inefﬁcient. but only for propositional classical logic.36 MELVIN FITTING portion of ﬁrst-order logic. 1978] implemented (in ALGOL) a Smullyan-style theorem prover. and heuristics were introduced to deal with it. or its weaker cousin matching.” It is not clear what this says about the work of Russell and Whitehead. The universal quantiﬁer rule was still seen as a central problem. . 1960]). simply expressed. 1965] and this. test them for theoremhood. What is wanted is a substitution that will simultaneously close all branches. in [1967]. For instance. and 1000 were retained as nontrivial. because 14. which tends to indicate our general ignorance of the extensive range of decidable subdomains. serves very nicely as an appropriate tool for dealing with the universal quantiﬁer problem. The mass of data was simply too great. Then we use uniﬁcation to discover what is a good choice for x—a good choice being something that will aid in tableau closure. The idea. introduced uniﬁcation into automated theorem-proving [Robinson. though they mention variations for S 4 and for intuitionistic logic. In the meantime Robinson. drew research attention elsewhere. anticipated by Herbrand. if a branch contains T P (t) and F P (u).

though they may have had a similar device in mind. It is commonly known as run-time Skolemization.. an unsound system can result. Unfortunately. if we place no restrictions on which uniﬁers we can accept. Neither Bowen nor Broda discuss the issue explicitly. an incomplete theorem-prover results. It was written using a systematically-try-everything approach to the -rule. many-valued logic with a ﬁnite number of truth values) is virtually the only ﬁrst-order logic in which one can Skolemize a formula ahead of time. while Oppacher and Suen in their HARP theorem-prover of 1988 [Oppacher and Suen. Tableau systems have been developed for a wide variety of logics.3 Run-Time Skolemization We noted that the combination of uniﬁcation and tableaus leads to problems with the -rule. Fortunately there is a modiﬁcation that works for many non-classical logics. If this is done. but then the introduction of Skolem functions and uniﬁcation were speciﬁcally considered. was presented by Fitting in [1986]. both motivated by logic programming issues. Such an approach was discussed by Reeves in [1985]. No general upper limit on the number of applications can be set (or else ﬁrst-order logic would be decidable). 1974]). . Trilling. Broda used semantic tableaus directly. Of course the problem of what to do with the -rule can be easily avoided by Skolemizing away quantiﬁer occurrences that would lead to -rule applications before the proof actually starts. 1982 ] and Broda [1980] (neither of which seems to be aware of [Cohen et al. a name whose signiﬁcance will soon become apparent. Applications of the -rule require introduction of new constants. Wrightson in [1984b]. If we restrict things so that the rule. Bowen used a sequent calculus. An implementation of tableaus involving initial Skolemization. and this problem with the -rule could limit their usefulness. classical logic (more generally. 1974]. passing from to (x). and Fitting in [1986] also explicitly brought uniﬁcation into the picture. If we use free variables in -rules and delay determination of their ultimate values. Reeves in [1985]. The problem is this. beginning with the 1974 paper of Cohen. can be applied to a given formula only once. and that Skolemization provides one possible way out. Wrightson [1984b] and Reeves [1985] deal with this difﬁculty essentially by imposing constraints on the uniﬁcation process. 4. On the other hand. though he noted relationships with work of Beth and Smullyan.INTRODUCTION 37 Uniﬁcation was introduced independently into tableau theorem proving by several people. 1988] use matching. a rather simple sound and complete proof procedure combining tableaus and uniﬁcation results. it in fact gave a ﬁrst-order theorem-prover based on Beth tableaus. Matching with constraints gets quite complicated when function symbols are present. only moving to uniﬁcation when ‘necessitated by the presence of complex terms’. written in LISP. and Wegner [Cohen et al. This paper was followed by Bowen in [1980. While their paper was primarily devoted to presenting the virtues of ALGOL-68. The technique of using dummy variables to deal with universal quantiﬁers was described in too simple a way above. we don’t know what is new and what is not when -rule applications come up..

Wrightson. . This kind of tableau system is sometimes referred to as a free-variable tableau system. 4. . : : : . . This work was extended in [Beckert. 1993]. It is not necessary for classical logic. we need to be able to guarantee that the term t will be new to the branch. Nevertheless. H¨ hnle and Schmitt noted that the a version of run-time Skolemization used was unnecessarily inefﬁcient. 1990] exploits a relationship between tableaus and the matrix method. A simple way of ensuring this is to take for t the expression f (x1 . xn are all the free variables that occur in . though it probably occurred to others around the same time. . Shankar also observed that his way of analyzing a tableau system will yield similar results for modal and other logics as well. Examples continue to appear in the literature. 1988] was essential.4 Where Now If a logic has a tableau system at all. : : : . xn are all the free variables that occur on the branch. In applying the -rule. There is a clear relationship with the connection method explored. tableaus may or may not turn out to be the best possible. 1984b. Soon after Fitting’s book [1996] appeared. Clearly. it probably will be the basis for the ﬁrst theorem-prover to be implemented for it. we can think of the introduction of this term as part of a Skolemization process that goes on simultaneously with the tableau construction. no matter how free variables are instantiated. among other places. xn )) where x1 . in fact Maslov’s method readily converts tableau systems to resolution-style systems [Mints. 1991]. Skolemization ahead of time is generally impossible. Run-time Skolemization for tableaus seems to have ﬁrst appeared in 1987 in Schmitt’s THOT system [Schmitt. Skolem functions come with an implicit ‘time stamp’ and this makes the technique suitable for many modal and similar logics. . In effect.38 MELVIN FITTING Suppose we are using the version of the -rule described in the previous section. 1984a]. H¨ hnle and Schmitt. but its use does eliminate a preprocessing step. For non-classical logics. 1993] they showed it is enough to take as a rule: from pass to (f (x1 . in [Wrightson. most efﬁcient approach to automated theorem-proving. Many people have noted connections with resolution. In [H¨ hnle a and Schmitt. where f is a new function symbol and x1 . so it was included in the Prolog implementation of [Fitting. however. though other kinds of theorem-provers may follow in time. Subsequently Shankar a [Shankar. xn ). . For a given logic. so the run-time version used by Fitting in 1988 for modal logics [Fitting. 1992] used a proof-theoretic analysis to show that a more complicated restriction on free variables—but still simpler than using all those that occur on a branch—sufﬁces for ﬁrst-order intuitionistic logic. Wallen’s 1990 book on non-classical theorem-proving [Wallen. 1996]. passing from to (t). passing from to (x). 1987]. and in turn can be used to help create theorem-provers based on other methodologies. . tableaus will continue to have a central role because they are relatively easy to develop. . where x is a new free variable. .

Jeffrey’s book [1967] presents essentially the same rules. but we said little about it (see Beckert’s chapter). [1986]. because they exist for many. Much has occurred since then— we cannot discuss it adequately here. but are derived from them. beginning with Gentzen. The creation of logics. Andrews. becoming an elegant tool with Lis and especially Smullyan. or out of semantics as with Beth and Hintikka. and suggesting exciting automation possibilities. many logics. but this has not yet been published. [Toledo. The invention of tableau systems will continue. the development of tableau systems for them. all are very active areas of research. Reeves discusses the topic in [1987] and there is a theoretical treatment in Fitting’s book [1996]. . The increasing interest in non-classical theoremproving has brought tableaus to a position of prominence. I don’t know what comes after post-modernism generally. 1975]. investigates tableau systems for arithmetic that use the ! -rule. The system of Lis [1960] includes a complete set of rules for equality. May the history of tableaus need rewriting in another generation. developing relationships with other proof techniques. extending to many logics.INTRODUCTION 39 The development of theorem-provers that are not tableau-based. Equality is a central topic in logic. 5 CONCLUSIONS We have given a general overview of how tableaus began and developed. there is much we have not discussed. so anything more speciﬁc we say about it will be out of date by the time this appears in print. Details are less important than the general picture of tableau history. Higher order logic has not been mentioned. With all this. 1994] will serve as a representative example). The ﬁeld is developing rapidly. Smith. Van Heijenoort did research on tableau systems for higher order logic. but for tableau theorem-proving. Some of these topics will be explored further in subsequent chapters. There is something inherently natural about them. Their history is much like their appearance—branching and re-branching. though tableau systems for it exist. is a topic of current research. but it was little known at the time. Toledo. allowing inﬁnite branching. growing to encompass semantical ideas with Beth and Hintikka. maybe we have reached it. simply because they are easier to think of than other formulations. develops tableaus for type theory. [1993]. whether they grow out of proof theory as with Gentzen. Relationships with logic programming were not mentioned though connections are many ([Fitting. presents two tableau systems for monadic higher-order logic. researchers inﬂuenced each other directly and indirectly. Ideas occurred independently more than once.

Journal of Symbolic Logic 52. 1953. M. Model Theory. 108–119. H. Math. 18. The relation between semantic tableaux and resolution theorem provers. Nov. W. 149–168. H¨ hnle and Schmitt. 1977] J. 219. An Introduction to Mathematical Logic and Type Theory: To Truth Through Proof. 2 (Dec. pp 79 – 90. v.. H¨hnle and P. Czech Republic (aug 1993). NorthHolland. 49–60. In Future Parallel Computers. On machines which prove theorems. 1977] N. Imperial College of Science and Technology. Erratum. Beth. pp. Semantic construction of intuitionistic logic. Orlando. [Beth. 1976] J. 1982. New York REFERENCES [Andrews. W. 1990] I. vol. R. Systematization of ﬁnite many-valued logics through the method of tableaux. 1955. Schumann. Beckert. Hintenaus and J. London. Intuitive semantics for ﬁrst-degree entailments and ‘coupled trees’. A Course in Mathematical Logic. W. 1980] K. Eds. Indag. 1991] I. 15. 1990.40 MELVIN FITTING ACKNOWLEDGEMENTS I want to thank Perry Smith and Reiner H¨ ahnle for their suggestions. Leitsch. 1958. D. Brno. A. [Beth. 1986. Oct. Springer. A. . The even more a a o liberalized -rule in free variable semantic tableaux. 1953a] E. Indag. 1982] K. Academic Press. [Anellis. Wegner. Beth. 1. 1991] W. Dunn. Akad. Tech. Broda. Carnielli. 59–76. Michie. The Foundations of Mathematics. Trilling and P. Florida. C. F. [Chang and Keisler. 1991). 1993. A. K. Vanneschi. which considerably improved this chapter. [Anellis. Eds. 1. Bibel. Simon Stevin Wissen-Natur-Kundig Tijdschrift 32. and D. 473–493.. 1. Semantic entailment and formal derivability. third ed. In Machine Intelligence. 1977. Bell and M. Bowen. 13. A nucleus of a theorem-prover described in ALGOL-68. 1980. Chang and H. [Beckert. Gottlob. Parallel inference machines. 19. pp. [Bibel et al. 1987. Epstein. From semantic tableaux to Smullyan trees: the history of the falsiﬁability tree method. 1955] E. Amsterdam. M. A. In Modern Uses of Multiple-Valued Logic. Dunn and G. new series. 1987] W. Bowen. 1953] E. 1956] E. L. 1980. Revised Edition 1964. 1990] C. Programming with full ﬁrst order logic. [Bowen. Dordrecht and Boston. 1977. P. 1976. Springer LNCS 713. 1953. Mededelingen der Kon. Aspetsberger. Rep. [Beth. Kurfess. CUNY. [Broda. Philosophical Studies 29. J. On sequents and tableaux for many-valued logics. [Beth. North-Holland. Akad. Treleaven and M. Modern Logic 1. 6-80. Cohen. W. DOC 80/20. 1990. 10. Tech. 1. Ned. Beth. 1974. Amsterdam. Belnap Jr. new series. [Bell and Machover. W.. [Carnielli. Some consequences of the theorem of L¨ owenheim-Skolem-G¨ odel-Malcev. Mededelingen der Kon. J. 1993] B. P. W. 1958] E. G. [Cohen et al. International Journal of Computer and Information Sciences 3. Modern Logic 2. [Beth. Programming with full ﬁrst-order logic. In Proceedings of the third Kurt G¨ del Colloquium KGC’93. Hayes. A useful four-valued logic. 185–226. Beth. Journal of NonClassical Logic 8. Andrews. 1956. 330–339. 1–31. from semantic tableaux to Smullyan trees: the history of the falsiﬁability tree method. 1986] P. Anellis. 1991. and Pao. 36–69. 8–37. Syracuse University. Eds. Syracuse. 15. Beth. L. Wet. [Belnap. NY. Eds. 421–440. Ned. Carnielli. v. Mundici. Reidel. Beth. Keisler. Wet. [Beth. and Schmitt. 1980] K. Reprinted in [Siekmann and Wrighson. 1987. [Carnielli. North-Holland Publishing Company. 1959] E. 2. 1959. Machover. Rep. 1983] vol. A. [Dunn. Berlin. 1974] J. 11. pp. 1987] W. pp. On Padoa’s method in the theory of deﬁnition. 1991. D. [Bowen. Anellis. B. Math..

Springer-Verlag. 1996. J. D. 1993] R. McGraw-Hill. 8–55. pp. Revised Edition 1966. pp. 1986. [Kleene. 1993] M. Fitting Proof Methods for Modal and Intuitionistic Logics. Gauthier-Villars (Paris). 175–188. [H¨ hnle. 1967. 238–245.3.. Fitting Basic modal logic. An Introduction to Modal Logic. 1990. and J. 1994] M. [Heyting. 1968] G. In Handbook of Logic in Artiﬁcial Intelligence and Logic Programming. Tableau methods of proof for modal logics. 368–448. Hertz. Phys. Towards an efﬁcient tableau proof procedure for multiple-valued logics. 1950. 1). [Kanger. Y. Kripke. [H¨ hnle and Schmitt. 83–94. 17. Automated Theorem Proving in Multiple-Valued Logics. Fitting A tableau based automated theorem prover for classical logic. North-Holland. III. C. Fitting. editor. 1986. H¨ hnle. Bronx. Journal of Automated Reasoning 13. [Fitting. Notre Dame Journal of Formal Logic 13. 533 of LNCS. 1–14. 1959. Hintikka. 1990] R. Springer-Verlag. Hintikka. Kleene. C. Methuen and Co. In Proa a ceedings International Symposium on Multiple-Valued Logic. 1996] M. pp. 1983] M. 1963. Semantical considerations on modal logics. 1991. 1935] G. [H¨ hnle. Introduction to Metamathematics. 1963a] S. vol. Acta Philosophica Fennica. [Fitting. London. Hughes and Cresswell. No. Uber Axiomensysteme f¨ beliebige Satzsysteme. 191–213. 176–210. D. an Introduction. Modality and quantiﬁcation.. [Fitting. 1986. English translation. 405–431. [Hintikka. Noordhoff. Mathematische Annalen ur 101. Modal Logics.-Math. u [Kripke. Joseph Dopp. 1962. Schmitt. Intuitionistic Logic Model Theory and Forcing. Heyting. 110–128. A completeness theorem in modal logic. 1993. 1961] J. 1962] J. [Fitting. Hogger. 1969]. IEEE Press. C. Cornell University Press. ch. Semantical analysis of modal logic I.. 1929. 1935. 1968. [Feys. North-Holland Publishing Co. 1988. 10 of Intera a national Series of Monographs on Computer Science. Comm. Stockholm Studies in Philosophy. Victoria. Oxford University Press. C. [Hintikka. Zeitschrift f¨ r mathematische Logik und Grundlagen der Mathematik 9. 1990. 1957] S. Oxford University Press. E. Provability in logic (Acta Universitatis Stockholmiensis. Linear logic. [H¨ hnle. 1994. Kanger. . Hintikka. 1965. 1986] J. C. New York.. 1992] R. 1953] J. 1969. vol. Stockholm. [Fitting. Hintikka.. 117–224. In a a Proceedings Workshop on Computer Science Logic. H¨ hnle and P. 1. 2. [Fitting. In Handbook of Philosophical Logic. Gabbay. E. Amsterdam. Knowledge and Belief. C. P. Untersuchungen uber das logische Schliessen. 1959] S. Feys. A new approach to sentential logics. 1955. C. 1972. North-Holland. [Jeffrey. Journal of Automated Reasoning.. 3. Tech. Journal of Automated Reasoning 4. Fitting First-Order Logic and Automated Theorem Proving. Eds. 1983. H¨ hnle. 1986] M. Amsterdam. Girard. 1957. Form and content in quantiﬁcation theory. 1993. 159–192. Theoria 27. 1956. [Hintikka.INTRODUCTION 41 [Dunn. 67–96. Uniform notation of tableaux rules for multiple-valued logics. Scient. IV in Collection de Logique Math´matique. [Kripke. 1955] J. ‘Investigations into logical deduction’. M. D. 1965] R. Modal and Many-valued Logics. Soc. e e Nauwelaerts (Louvain). G. H. normal propositional calculi. vol. C. Reidel Publishing Co. [Girard. Guenthner. 457–514. Kripke. 237–247. Theoretical Computer Science 45. [Hintikka. Fitting. Dunn. 1950] S. S` rie B. Lehman College. rep. M. Van Nostrand. 1956] A. [Kripke. [Fitting.) [Fitting. Mathematische ¨ Zeitschrift 39. 1961. NY 10468. A. 1986] J. 1969] M. Intuitionism. 1991] R. 1993. Formal Logic: Its Scope and Limits. [Hughes and Cresswell. Acta Philosophica Fennica – Two Papers on Symbolic Logic 8. Kluwer. 1967] R. [Gentzen. in [Szabo. pp. C. H¨ hnle. Fennica. Eds. Herbert H. to appear. Gabbay and F. (First edition. Journal of Symbolic Logic 24. Dordrecht. Fitting First-order modal tableaux. vol. ¨ [Herz. 1972] M. The liberalized -rule in free variable sea a mantic tableaux. Heidelberg. Almqvist and Wiksell. Jeffrey. 248–260. 1929] P. 1963b] S. Relevance logic and entailment. Robinson. 1988] M. Kripke. 1953. Oxford. Dordrecht. Gentzen. Fitting Tableaux for logic programming. D. 1963. C. C.

1965. 206–220. Matsumoto.. [Miglioli et al. 23–41. 1992. Waldinger. An improved proof procedure. 113–130. A. Prawitz. [Mints. pp. Mogilevskii and D. 1988] F. Cybernetics 14. [Schmitt. [Rosseau. Miglioli. Prawitz and N. [Rescher and Urquhart.09. Manna and R. Rescher and A. The THOT theorem prover. 1951. Popplestone. 1994. Addison-Wesley. Adding equality to semantic tableaux. [Lis. 526–529. Tech. pp 162 – 199. Journal of Automated Reasoning 4. Urquhart. Osaka Mathematical Journal 11.007. 1960] D. 1967. [Matsumoto. Moscato and M. [Ohnishi and Matsumoto. Suen. 1994] P. Journal of Symbolic Logic 56. Ohnishi. 167–175. Reeves. 69–100. Dipartimento di Scienze dell’Informazione. 1959] M. 23–33. 1967] G. 1960] K. Osaka Mathematical Journal 12. Rapporto interno 37/88. 1985. W. Waldinger. In The Theory of Models. Journal of the ACM 12. Fundamenta Mathematica 41. 1978. [Manna and Waldinger. 1964] M. U. Voghera. [Rasiowa. U. Proof theory in the USSR 1925 – 1969.. The Logical Basis for Computer Programming. Ohnishi and K. non-normal modal propositional calculus.. A mechanical proof procedure and its realization in an electronic computer. [Manna and Waldinger. 1951] H. Universit´ degli Studi di Milano. K¨ rner’s criterion of relevance and analytic tableaux. A machine-oriented logic based on the resolution principle. New York. Oppacher and E. Universit´ degli Studi di Milano. [Ohnishi. [Popplestone. Theorem-proving by Semantic Tableaux. a [Miglioli et al. H. 1954. 102–128. Annals of the Japan Assoc. 1971] N. U. 1961. 1. 1990] Z. Rasiowa. Beth-tree methods in automatic theorem-proving. 31–46. 1987. 1957. 43–46. Gentzen method in modal calculi II. Eds. Manna and R. 1988. Lis. 1965] S. 1967] R. for Philosophy of Science 2. An improved refutation system for intuitionistic predicate logic.42 MELVIN FITTING [Kripke. Rapporto interno 99/93. 1959. Journal of Automated Reasoning 3. 1988. Sequents in many valued logic I. a [Miglioli et al. Moscato and M. J. 1983] vol. Ornaghi. 1964. Semantical analysis of modal logic II. 1987] P. Michie. 1987] S. 1988] P. with Russian and English summaries. Journal of the ACM 7. Polish. IBM Heidelbert Scientiﬁc Center. Matsumoto. 1960] Z. Decision procedure for modal sentential calculus S3. 1957] M. In Machine Intelligence. Fundamenta Mathematica 60. Ornaghi. [Ohnishi and Matsumoto. Osaka Mathematical Journal 9. Gentzen method in modal calculi I. 1961] M. Fundamenta Mathematica 38. [Rasiowa. J. Reprinted in [Siekmann and Wrighson. 1954] H. Robinson. Gentzen decision procedures for Lewis’s systems S2 and S3. Studia Logica 10. pp. 1991. Journal of Automated Reasoning 13. Journal of Philoo o o sophical Logic 21. Rasiowa. V. 1978. J. Algebraic models of axiomatic theories. 1992] Schr¨ der. Springer-Verlag. . [Prawitz et al. HARP: A tableau-based theorem prover. L. Algebraic treatment of the functional calculi of Heyting and Lewis. 385–424. 1960] D. Addison-Wesley. North-Holland. 125–137. 2 vols. 3. [Schr¨ der. Ohnishi and K. 361–373. 1985] S. A mechanical propositional calculus using Smullyan’s analytic tables. 1960. 183–188. 39–60. 1993] Z. Translation from Kibernetika. 1965] J. 1971. Moscato and M. Prawitz. 4. Miglioli. Rousseau. 225–246. [Robinson. Collins and D. A system for strict implication. L. 1. A. Reeves. Tarski. 1987. Temporal Logic. Ornaghi. [Oppacher and Suen. How to avoid duplications in refutation systems for intuitionistic logic and Kuroda logic. Wynikanie semantyczne a wynikanie formalne (logical consequence. PhD thesis. Henkin. and A. vol. 2. semantic and formal). Theoria 26 (1960). [Ohnishi and Matsumoto. 1965. [Prawitz. Ostroukhov. 1993. 1967. 1993. Rep. American Elsevier. Matsumoto. Ohnishi and K. 1990. Eds. An improved refutation system for intuitionistic predicate logic. University of Birmingham. [Reeves. Miglioli. Kripke. 1960. The Deductive Foundations of Computer Programming. 1991] G. Matsumoto. H. 183–192. Amsterdam. 1960. Mints. 115–120. [Mogilevskii and Ostroukhov. V. [Reeves. TR–87. 1993] P. 2 . Schmitt. 1978] G. L.. N. Dipartimento di Scienze dell’Informazione. Addison. Osaka Mathematical Journal 13..

Szabo. Eds. 1992. [Wrightson. M. Semantics. Springer-Verlag. 1992. [Troelstra. [Smullyan. 1969] M. Der Aussagenkalk¨ und die Topologie. Victoria University. Ed. 1968. 1992] N. 1938. Amsterdam. Higher-Order Logic. NY. 1956. 1960. 1965] R.. 1992] A. Tarski. Analytic natural deduction. Shankar. No. Syntax and Modality. Proof search in the intuitionistic sequent calculus. Kapur. and in [Siekmann and Wrighson. North-Holland. Wang. Woodger translator. 828–832. [Surma. New Zealand. 1975] S. 123– 139. Dover Press. Amsterdam. vol 1. Wrightson. In Automated Deduction — CADE-11. M. 1983] J. no. M. Rep. Rine. [Smullyan. Metamathematics. 1973. 607 in Lecture Notes in Artiﬁcial Intelligence. J. 1984] S. Reports on Mathematical Logic. Springer-Verlag. pp. [Szabo. The Collected Papers of Gerhard Gentzen. pp 244 – 264. Reprinted in A Survey of Mathematical Logic. pp. SpringerVerlag. 1963. Journal of Symbolic Logic 30. Semantic tableaux. Tableau Systems for First Order Number Theory and Certain Higher Order Theories. Hao Wang. 79–91. [Sucho´ 1974] W. Smullyan. 522–536. Ed. 1983. H. D. Model Theory. [Wallen. 1993] P. 1966] R. Revised edition. [Tarski. 1994. 1963] R. Berlin. In Computer Science and Multiple-Valued Logics. 274–293. . Victoria University. 1984. 1968] R. pp 224 – 268. Springer-Verlag. Abstract quantiﬁcation theory. Leblanc. [Toledo. [Wang. [Tarski. Tech. 1966. Logic. Toledo. J. The MIT Press. North-Holland. Unpublished Manuscript. Trees and nest structures. A. E. 1956]. E. CSDANZARP-84-001. Berlin. 143–149. Tech. H. M. [Smullyan. 1938] A. North-Holland.. 1970. and Proof Theory. Myhill. e tions de Łukasiewicz avec implication et n´ gation. 447 of Lecture Notes in Mathematics. Smith. Wellington. Surma. Toward mechanical mathematics. Proceedings of the National Academy of Sciences 49. 1990] L. Amsterdam. In Intuitionism and Proof Theory. C. A generalization of intuitionistic and modal logics. 1968. Oxford. 1990. Berlin. pp. 2–22. Recursion Theory. [Smullyan. Troelstra. Lectures on Linear Logic. Automated Deduction in Nonclassical Logics. In Truth. 1969. Wellington. 1970] R. A. Proceedings of the Summer Conference at Buffalo N. 1973] R. 1993. Revised edition.INTRODUCTION 43 [Shankar. Journal of Symbolic Logic 31. Y. 2 vols. Rep. and R. NZ. CSD-ANZARP-84-003. Eds. D. Smullyan. [Siekmann and Wrighson. 29 in CSLI Lecture Notes. 1983]. M. Wrightson. 37–42. Tarski. 1960] H. Sucho´ La m´ thode de Smullyan de construire le calcul n-valent des proposion. [Smullyan. 1965. n. ul 103–34. 1984a] G. Universities of e Cracow and Katowice 2. North-Holland. Siekmann and G. Smullyan. 1974. uniﬁcation and links. Non-classical theorem proving using links and uniﬁcation in semantic tableaux. 303–321. 1956] A. Amsterdam. Proceedings of the Temple University Conference on Alternative Semantics. Vesley. Smullyan. Ed. 1984b] G. North-Holland. Smullyan. An algorithm for axiomatizing every ﬁnite logic. CSLI. Automation of Reasoning. J. Wrightson. 1984. 1977. First-Order Logic. IBM Journal for Research and Development 4 (1960). [Smith. 1975. [Smullyan. S. Fundamenta Mathematica 31. Smullyan. Wallen. Reprinted as ‘Sentential calculus and topology’ in [Tarski. Kino. Ed. A unifying principle in quantiﬁcation theory. M. [Wrightson. 1984. 6. vol. pp.

44 MELVIN FITTING .

In contrast. Such reﬁnements of old ‘closed’ problems have revitalised a subject which seemed to be saturated and deserve only a brief mention as a stepping stone to the . even for relatively ‘short’ tautologies. as a result. Suppose we have proved that a system S is complete for classical propositional logic. has led to a reﬁnement of many traditional logical problems. however. For instance. in some sense. established by Church and Turing in the 1930’s. but only for formulas containing a ‘small’ number of variables. Algorithms were mainly regarded as ideal objects churning out their solutions in a ‘platonic’ world unaffected by realistic limitations of time and space. ﬁrst order logic was spared by a negative result.MARCELLO D’AGOSTINO TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 1 INTRODUCTION Traditionally. So. This point of view reﬂected a situation in which logical investigations were largely motivated by philosophical and mathematical (as opposed to computational) problems. but also the question of completeness is reﬁned by considering the length of proofs in a given system. Hence. This quest for feasibility has deeply affected the subject of computability theory and. The emergence and rapid growth of computing science over the last few decades has brought about a dramatic change of attitude. the proof-system S is not complete. Therefore it quickly becomes infeasible even for relatively small values of n. in some sense. when Wittgenstein and Post independently devised the well-known decision procedure based on the truth-tables. that for certain classes of tautologies the length of their shortest S-proof grows beyond any feasible limit. Not only is the question of decidability reﬁned by considering the efﬁciency of decision procedures. and an algorithm which solves a problem ‘in principle’ might require unrealistic resources in terms of space and time. the problem area is in no danger of saturation: it is always possible to ﬁnd ‘better’ methods (at least for certain purposes). It may well be. As usually happens this positive result ended up killing any theoretical interest in the subject. Its undecidability. the truth-table method requires checking 2n rows for a formula containing n distinct propositional variables. made it an ‘intrinsically’ interesting subject forever. a mathematical problem was considered ‘closed’ when an algorithm was found to solve it ‘in principle’. that is all decision procedures have to be partial. it is not a decision procedure for full propositional logic. If no decision procedure can be found. Algorithms are devised not to be ‘contemplated’ but to be implemented. In this sense the deducibility problem of classical propositional logic was already ‘closed’ in the early 1920’s.

the whole area has been simply abandoned by most logicians. .46 MARCELLO D’AGOSTINO ‘real thing’. the design of improved proof systems and proof procedures for propositional logic is objectively a central theme in discrete mathematics. . Open questions of theoretical computer science such as P =?NP and NP =?co-NP (see [Garey and Johnson.3 below) decision procedure for classical propositional logic. 1987]). From this point of view. a set of pairs ( . If true. Moreover. Such quantitative questions about propositional logic are related to a plethora of problems which are of the utmost practical and theoretical importance. 1996. 1979] and [Stockmeyer. according to this deﬁnition. where ` is a mathematically deﬁned consequence relation (i. As Alasdair Urquhart put it [Urquhart. although unproven. Section 1. the widespread conjecture that P 6= NP . the development of the NP-completeness theory has brought to light a web of connections between propositional logic and a variety of hard computational problems from different important areas of theoretical and technological research. In our conceptual framework. polynomial time. ` ).e. in spite of Quine’s early contributions. ] a logical system L is not just the traditional consequence relation `. yet. One example is the simpliﬁcation of Boolean formulae. . have been shown to be equivalent to quantitative problems about decidability and prooflength in propositional logic. and is apparently thought to be ﬁt only for engineers[. it would imply that there is no feasible (i. is presently providing the surrogate of a negative result. ` ) is not the same logic as (`. ` ). quite independent of its impact on automated theorem proving and before any ﬁrst-order issue is raised. Q) such that ` Q) and ` is an algorithmic system for generating all those pairs. . but a pair (`. .1 ” S S S T S T 1 [Gabbay. The other extreme of this view has been vividly put forward by Gabbay: “[. Traditionally two proof systems were considered equivalent if they proved exactly the same theorems. Since it is believed to be true by most researchers. classical logic ` perceived as a set of tautologies together with a Gentzen system ` is not the same as classical logic together with the two-valued truth-table decision procedure ` for it.1]. This central role played by logic (and by propositional logic in particular) over the last few decades has resulted in a greater awareness of the computational aspects of logical systems and a closer (or at least a fresh) attention to their prooftheoretical presentations.’ In fact. (`. 1992] ‘Here the general problem takes the form: how many logical gates do we need to represent a given Boolean function? This is surely as simple and central a logical problem that one could hope to ﬁnd. ] our lack of understanding of the simpliﬁcation problem retards our progress in the area of the complexity of proofs. Thus.e. as a matter of fact it is playing the same stimulating role as the undecidability result has played with regard to ﬁrst order logic. see Section 2.

V (:A) = 1 iff V (A) = 0 V (A _ B ) = 1 iff V (A) = 1 or V (B ) = 1 V (A ^ B ) = 1 iff V (A) = 1 and V (B ) = 1 V (A ! B ) = 1 iff V (A) = 0 or V (B ) = 1 The consequence relation associated with classical propositional logic can be expressed in terms of sequents. expressions of the form A1 . 3. : : : . Bm (where the Ai ’s and the Bi ’s are formulae) with the same informal meaning as the (1) formula A1 ^ : : : ^ An ! B1 _ : : : _ Bm : The sequence to the left of the turnstyle is called ‘the antecedent’ and the sequence to the right is called ‘the succedent’. It is convenient for our purposes to represent partial functions as total functions with values in f1. g where stands for the ‘undeﬁned’ value. i. 0. false under V if V (A) = 0 and undeﬁned under V if V (A) = . An ` B1 . 4. In this chapter we shall adopt this point of view as a conceptual grid to explore the landscape of propositional tableau methods. A Boolean valuation. for all formulae A and B : F F F 1. For every formula A we say that A is true under V if V (A) = 1. Different proof-theoretical algorithms for generating the same consequence relation may have different complexities. By a total valuation we shall mean a partial valuation which for no formula A yields the value . 2. 2 PRELIMINARIES 2.1 Partial Valuations and Semi-valuations Let us call a partial valuation any partial function V : 7! f1.e. i. Even more interesting: algorithmic characterizations which appear to be ‘close’ to each other from the proof-theoretical point of view may show dramatic differences as far as their complexity is concerned. Let us say that a valuation V falsiﬁes a sequent ` if V makes true all the formulae in and false all the formulae in .e. 0g where 1 and 0 stand as usual for the truth-values (true and false respectively) and stands for the sets of all formulae. We say that a sequent ` is true under V if V (A) = 0 for some A 2 or V (A) = 1 for some A 2 . : : : . is regarded from this point of view as a special case of a partial valuation of . We say that it is false under V if V (A) = 1 for all A 2 and V (A) = 0 for all A 2 .TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 47 Gabbay’s proposal seems even more suggestive when considerations of computational complexity enter the picture. namely one which is total and is faithful to the usual truth-table rules.

1. taking care that the classical rules of truth are not infringed. if V (A _ B ) = 0. The search space. then V (A) = 0 or V (B ) = 1. then V (A) = 0. g. Following Prawitz [1974] we shall call them ‘semivaluations’: DEFINITION 1. then V (A) = 1 and V (B ) = 0. then V (A) = 1 or V (B ) = 1. if V (A ^ B ) = 0. 3.48 MARCELLO D’AGOSTINO . Such partial valuations are known in the literature under different names and shapes. if V (:A) = 1. 6. then V (A) = 0 and V (B ) = 0. A (Boolean) semivaluation is a partial valuation V satisfying the following conditions: 2. LEMMA 2. Otherwise we have to ensure that no reﬁnement of the initial partial valuation will ever lead to a semivaluation. In fact. therefore. then V (A) = 1. then V (A) = 1 and V (B ) = 1. then V (A) = 0 or V (B ) = 0. if V (A ! B ) = 1. The crucial property of semivaluations is that they can be readily extended to Boolean valuations as stated by the following lemma whose proof is left to the reader. 4. if V (A ! B ) = 0. but it is sufﬁcient to construct some partial valuation satisfying certain closure conditions. If we eventually reach a partial valuation which is a semivaluation. by virtue of Lemma 2 we have successfully described a countermodel to the original sequent. if V (:A) = 0. In the ‘no-countermodel’ approach to validity we start from a sequent ` intended as a valuation problem and try to ﬁnd a countermodel to it — at the propositional level a Boolean valuation which falsiﬁes it. Every semivaluation can be extended to a Boolean valuation. if V (A ^ B ) = 1. namely . if V (A _ B ) = 1. We start from the partial valuation which assigns 1 to all the formulae in and 0 to all the formulae in . Each stage of our attempt to construct a semivaluation which falsiﬁes a given sequent ` can. there is no need for total valuations. in this process. and try to reﬁne it step by step. be described as a partial valuation. 7. 5. is a set of partial valuations which are naturally ordered by the approximation relationship (in Scott’s sense [1970]): V v V 0 if and only if V (A) V 0 (A) for all formulae A where is the usual partial ordering over the truth-values f1. 0. 8.

For instance TA. We shall denote by X. Sets of signed formulae will be denoted by S. U for S U . X for S fX g and S.e. together with the approximation relationship deﬁned above. A set of s-formulae S is explicitly inconsistent if S contains both TA and FA for some formula A. Sets of s-formulae correspond to the partial valuations of the previous section in the obvious way (we shall omit the adjective ‘partial’ from now on): given a set V (A) = 1 and V 0 (A) = 0. This ‘ﬁctitious’ element of the lattice does not correspond to any real partial valuation and is used to provide a least upper bound for pairs of partial valuations which have no common reﬁnement2 . FB will all be subformulae of TA _ B . 2. . Hence we can regard the equation V tV0 => as meaning intuitively that V and V 0 are inconsistent. the set of its subformulae is deﬁned in the usual way. TB. We shall use the upper case greek letters . We shall often write S. The conjugate of an s-formula is the result of changing its sign (so TA is the conjugate of FA and viceversa). 2 Namely partial valuations V and V 0 such that for some A in their common domain of deﬁnition . i. FA. forms a lattice with a bottom element consisting of the ‘empty’ valuation (V (A) = for all formulae A). We shall call subformulae of an s-formula A ( = T. We say that an s-formula X is satisﬁed by a Boolean valuation V if X = TA and V (A) = 1 or X = FA and V (A) = 0. Y. F ) all the formulae of the form TB or FB where B is a subformula of A.2 Expansion Systems We assume a 0-order language deﬁned as usual. Given a formula A. expressions of the form TA or FA where A is a formula. A set S of s-formulae is satisﬁable if there is a Boolean valuation V which satisﬁes all its elements. Z (possibly with subscripts) arbitrary signed formulae (s-formulae for short). U. : : : for sets of unsigned formulae.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 49 1 0 The set of all these partial valuations. s s DEFINITION 3. V (possibly with subscripts). It is convenient to ‘top’ this lattice by adding an ‘overdeﬁned’ element >.

The sets of s-formulae corresponding to Boolean valuations are often called truth sets or saturated sets. we have that Si S for at least one Si . with n 1. Let R be an expansion rule of type hni. In other words. and FA for every formula A such that V (A) = 0 (and nothing else). every Hintikka set can be extended to a truth set. : : : . otherwise we say that the rule is of branching type. The translation of Lemma 2 in terms of s-formulae is known as the (propositional) Hintikka lemma. (S1 .) Conversely. A set of s-formulae S is saturated under R or R-saturated if for every n-tuple S1 . The rules of an expansion system are intended as rules which help us in our search for a countermodel to a given sequent ` A. Sn ). Sn such that R(S. 1. An expansion rule R of type hni. 2. We say that a set of s-formulae S 0 is an expansion of S under a rule R if S 0 belongs to the image of S under R. S. DEFINITION 5. 5. An expansion system S is a ﬁnite set of expansion rules. The sets of s-formulae corresponding to semivaluations are known in the literature as Hintikka sets or downward saturated sets. 3. Every propositional Hintikka set is satisﬁable. LEMMA 4 (Propositional Hintikka lemma). if S0 then Si S for some Si . is a computable relation between sets of s-formulae and n-tuples of sets of s-formulae satisfying the following condition: R(S0 . If n = 1 we say that the rule is of linear type. Sn )) =) for every truth-set S . Let S be an expansion system. given a partial valuation V its associated set of s-formulae will be the set SV containing TA for every formula A such that V (A) = 1. 4. : : : . : : : . (S1 .50 MARCELLO D’AGOSTINO S of s-formulae its associated valuation is the valuation VS deﬁned as follows: 8 < 1 if TA 2 S VS (A) = : 0 if FA 2 S otherwise (An explicitly inconsistent set of s-formulae is associated with the inconsistent valuation denoted by >. We shall now deﬁne the notion of expansion system which generalizes the tableau method. When we apply these rules . A set of s-formulae S is S-saturated if it is R-saturated for every rule R of S.

: : : . then V satisﬁes also all the formulae of one of the sets (S1 ). The rules of the expansion systems we shall consider in the sequel will have the following general form: S Sn This formulation suggests that. : : : . A branch of an S-tree T is closed if the set n Si . where S1 . a typical S-rule can be represented as follows: If a valuation V satisﬁes (X1 ). where X1 . (Sn ). (S1 . : : : . is an explicitly inconsistent set. Sn are ﬁnite sets of s-formulae depending on X1 . where S1 . Xn are s-formulae and is a uniform substitution. Sn )). : : : . Then. S S1 3.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 51 systematically. we say that is open. we construct a tree whose nodes are sets of s-formulae. So if we deal with such ‘slim’ S-trees. The notion of S-tree for a given set of s-formulae S is deﬁned inductively as follows: DEFINITION 6. Xn and (Si ) denotes the result of applying the substitution to every formula of Si 0 1 n . : : : . if T is an S-tree for S . First we generate the one-branch tree whose nodes are labelled with the s-formulae in S (taken in an arbitrary sequence). An S-tree T is closed if every branch of T is closed and open otherwise. Otherwise. 1. : : : . nothing else is an S-tree for S . at each application of an S-rule of type n to a branch we split into n distinct branches each of which extends by means of a sequence of s-formulae as prescribed by the rule. whenever S is ﬁnite we can make S-trees ‘slimmer’ by representing an S-tree for S as a tree whose nodes are labelled with sformulae rather than sets of s-formulae. 2. and R is a rule of S such that then the following tree is also an S-tree for S : S is an S-tree for S . Sn are i=1 the sets of s-formulae associated with its nodes. R(S. (Xn ). : : : .

we shall say that an application of R to a branch is analytic when it has the weak subformula property.52 MARCELLO D’AGOSTINO where 0 .e. The arrays 1 . we shall say that an application of R to a branch is analytic when it has the subformula property. An expansion system S is said to be conﬂuent if it has the following property: Conf If is an unsatisﬁable set of formulae. Given a rule R of an expansion system S. the order in which the expansion rules are applied does not affect the ﬁnal result. n are vertical arrays of schematic s-formulae (i. the extensions of resulting from an application of the rule. in a similar way. Whatever move we may make. DEFINITION 8. 1 . An expansion system S is said to be complete if every unsatisﬁable set of formulae is S-inconsistent. all the notions deﬁned in this section. we shall speak of ‘formulae’ to mean either s-formulae or unsigned formulae depending on the context. n characterize. The array 0 characterizes the branches to which the rule can be applied. A rule R is analytic if every application of it is analytic. Accordingly. we shall often neglect this distinction and speak of subformulae and subformula property also when we mean weak subformulae and weak subformula property. : : : . In other words. are by no means restricted to the context of s-formulae. We shall say that an unsigned formula A is a weak subformula of an unsigned formula B if A is either a subformula of B or the negation of a subformula of B . We now say that a branch of an S-tree is saturated if the set of all formulae . DEFINITION 7. provided this creates no confusion. Let us say that a set of formulae is S-inconsistent if there exists a closed S-tree for . However. namely those branches such that S contains at least one instance of every schematic s-formula in 0 . every S-tree for into a closed one. it will not prevent us from succeeding if there is a closed tableau for the input set of formulae. schemas of s-formulae which can be instantiated by s-formulae). The only change which might have some signiﬁcance from the technical viewpoint concerns the notion of analytic application of a rule. that is when all the new unsigned formulae appended to the end of are weak subformulae of formulae occurring in . If we interpret TA as meaning the same thing as the unsigned formula A and FA as meaning the same thing as the unsigned formula :A. all these notions can be reformulated in terms of unsigned formulae with minor modiﬁcations (which we leave to the reader).e. If R is an expansion rule for unsigned formulae. if all the new s-formulae appended to the end of are subformulae of s-formulae occurring in . : : : . In fact. It ensures that we never take ‘the wrong path’ in our attempt to construct a closed tableau. i. can be expanded Conﬂuence is a crucial property for an expansion system. as well as in the previous one.

consists of replacing the fundamental question. Since . The following proposition establishes a sufﬁcient condition for both conﬂuence and completeness of an expansion system: PROPOSITION 9. Again by hypothesis. By hypothesis there exists a completed S-tree. Suppose a set of formulae is S-consistent. problems which ask whether or not a word over a given alphabet is a member of some distinguished set of words. which is motivated by practical considerations and above all by the rapid development of computer science. Workers in computational complexity agree in identifying the class of ‘practically solvable’ or ‘feasible’ problems with the class P of the problems that can be solved by a Turing machine within polynomial time. An S-tree T is said to be completed if every branch of T is either closed or saturated. and an algorithm which solves the problem is one which decides. An expansion system S is complete and conﬂuent if it satisﬁes the following conditions: 1. Now. if is an open S-saturated branch of an S-tree. ‘Is the problem P computationally solvable?’ with the question. whether or not it belongs to TAUT.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 53 occurring in is S-saturated. For instance. The reﬁnement. time bounded above by a polynomial in the length of the input. the set of the formulae occurring in is a Hintikka set.e. say T . . Most computational problems can be viewed as language-recognition problems i. the problem of deciding whether a formula of the propositional calculus is a tautology can be identiﬁed with the set TAUT of all the words over the alphabet of propositional calculus which express tautologies. Since . By 1 above. for every set of formulae there exists a completed S-tree for . ‘Is P solvable within bounded resources (time and space)?’.3 Background on Computational Complexity The subject of computational complexity can be seen as a reﬁnement of the traditional theory of computability. So S is complete. and therefore is satisﬁable. of the formulae 2. 2. it follows that is also satisﬁable. given a word over the alphabet. Assume S satisﬁes conditions 1 and 2 above.e. let T be a tableau for an unsatisﬁable set of formulae and let be an open branch of T . is also unsatisﬁable. for which must also be open. i. Let us denote by the set of all formulae occurring in . the set occurring in is a Hintikka set. that is every S-tree for is open. Proof. Hence this completed S-tree has an open S-saturated branch . So the class P can be described as the class of the languages which can be recognized in polynomial time by a Turing machine. there is a completed S-tree for which must be closed.

an exponential time algorithm may be preferable in practice to a polynomial time algorithm with running time. which would imply that no proof procedure can be uniformly feasible for the whole class of tautologies (it can of course be feasible for a number of inﬁnite subclasses of this class). 1979] and [Stockmeyer. 1979]. where ‘short’ means that the length of the proof is bounded above by some polynomial function of the length of w. as the length of the input grows. n1000 . for example non-deterministic Turing machines. 2. problems which arise in practice and are not speciﬁcally constructed in order to defy the power of our computational devices. The second result involves the notion of a proof system rather than the notion of a proof procedure. . 1974] ( denotes the set of all ﬁnite strings or ‘words’ over the alphabet ): DEFINITION 10. 1979] and [Stockmeyer. refer the reader to [Garey and Johnson. As far as the ﬁrst result is concerned. In fact. the theory of NP -completeness4 is providing growing evidence for the conjecture that P 6= NP .e. There is a deterministic polynomial time algorithm for the tautology problem if and only if P = NP . when non-deterministic models of computation are considered. If L 3 See 4 We . there is an analog of the Church-Turing thesis in the ﬁeld of computational complexity. for every word w 2 L. 1987]. The class NP can be viewed as the class of all languages L such that. ‘natural problems’.) The central role played by propositional logic in theoretical computer science is related to the following well-known results [Cook. there is a ‘short’ proof of its membership in L. the notion of polynomial time computability is theoretically useful because it is particularly robust: it is invariant under any reasonable choice of models of computation. exponential time algorithms require resources which quickly precipitate beyond any practical constraint. seem to show a tendency to be either intractable or solvable in time bounded by a polynomial of reasonably low degree. i. namely the thesis that a Turing machine can simulate any ‘reasonable’ model of computation with at most a polynomial increase in time and space.54 MARCELLO D’AGOSTINO The rationale of this identiﬁcation of feasible problems with sets in P is that. (See [Garey and Johnson. However. Cook and Reckhow. There is a non-deterministic polynomial time algorithm for the tautology problem if and only if NP is closed under complementation. Finally. The analog of the class P .3 is the class NP of the problems which are ‘solved’ in polynomial time by some non-deterministic algorithm. 1987] for deﬁnitions in terms of non-deterministic Turing machines. say. 1971. Needless to say. a proof system for L is a function f : 1 7! L for [Garey and Johnson. The following deﬁnitions are due to Cook and Reckhow [Cook and Reckhow. Moreover polynomial time computability is invariant under any reasonable choice of ‘encoding scheme’ for the problem under consideration. 1974]: 1.

besides the questions concerning the absolute complexity of proof systems. namely fallible ‘strategies’ to guide our proofs. On the contrary. However the importance of the complexity analysis of proof systems is by no means restricted to the P versus NP question. for every element of L. DEFINITION 11. As far as automated deduction is concerned. So we should be prepared to use heuristics and give up completeness. for example. Let S be a proof system for propositional logic. is that we should not expect a complete proof system to be feasible and should be prepared either to give up completeness and restrict our language in order to attain feasibility (this is the line chosen for some of the resolution-based applications). This deﬁnition captures the idea of a proof system in which. On the other hand if a proof system is not polynomially bounded. when given a string over 1 . a fortiori there is no polynomially bounded proof procedure based on it. If x does not represent a proof in S. The question of whether a proof system is polynomially bounded or not is one concerning its absolute complexity. We write `S A n . where jz j is the length of the string z . this does not imply (unless P = NP ) that there is a proof procedure based on it (namely a deterministic version) which is polynomially bounded. 1995]). In fact the results mentioned above imply that heuristics alone is not sufﬁcient if we want to be able to obtain proofs expressible in some conventional system. Most conventional proof systems for propositional logic have been shown not to be polynomially bounded by exhibiting for each system some inﬁnite class of ‘hard examples’ which have no polynomial size proofs. there are many interesting ones concerning their relative complexity which are computationally signiﬁcant even when the systems have been proved intractable. So. One consequence of these results (for an overview see [Urquhart. 2 L (the class of functions computable in polynomial The condition that f 2 L is intended to ensure that there is a feasible way. then f (x) is taken to denote some ﬁxed tautology in L. of checking whether it represents a proof and what it is a proof of. such questions of relative complexity may be relevant. we have to provide a quantitative version of some basic qualitative notions. or to appeal to suitable heuristics. Nor should we conclude that all conventional systems are to be regarded as equivalent and that the only difference is caused by the heuristics that we use. where f time). a proof system S is associated with a function f such that f (x) = A if x is a string of symbols which represents a legitimate proof of A in S. A proof system f is polynomially bounded if there is a polynomial p(n) such that for all y 2 L. to the choice of an appropriate formal system to start with. before any heuristic considerations. there exists a ‘short’ proof of its membership in L. In the study of the relative complexity of proof systems.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 55 some alphabet 1 . there is an x 2 1 such that y = f (x) and jxj p(jyj). If a proof system is polynomially bounded.

given two systems S and 0 . 0 . refer to the relative length of minimal proofs in different systems and do not say much about the relative difﬁculty of proof-search. for instance. Systems belonging to the same equivalence class can be considered as having ‘essentially’ (i. a simulation of f1 in f2 is a computable function h : 1 7! 2 such that f2 (h(x)) = f1 (x) for all x 2 1 . up to a polynomial) the same complexity. therefore S has a larger ‘practical’ scope than 0 . but there is no p-simulation in the reverse direction. jh(x)j p(jxj) for all x. The p-simulation relation is a quasi-ordering and its symmetric closure is an equivalence relation. An important special case of the relation in (2) occurs when g (n) is a polynomial in n. On the other hand if S p-simulates 0 . some open questions were settled and new ones have been raised (see [Urquhart. S is essentially more efﬁcient than 0 — S is polynomially bounded for every L TAUT for which 0 is polynomially bounded but the opposite is not true. 1979 ]. in the Cook and Reckhow tradition. there is a function g such that for all .5 or shortly p-simulate. . so is S (where L can be any inﬁnite subset of TAUT). Positive results about the above relation are usually obtained by means of simulation procedures: `S0 A =) `S A n g(n) S DEFINITION 12. 1995] for a survey and a map of the p-simulation relation between a number of conventional proof systems).e. Suppose that. Later on. 1979]. Results expressed in terms of polynomial simulation. Negative results consist of lower bounds for the function g . 1987] and is slightly different from the original one given.56 MARCELLO D’AGOSTINO to mean that there is a proof of A from in the system S such that j j n (where j j denotes as usual the length of intended as a string of symbols over the alphabet of S). as far as the length of proofs is concerned. However it is easy to see that the two deﬁnitions serve exactly the same purposes as far as the study of the relative complexity of proof systems is concerned. We can therefore order proof systems and put them into equivalence classes with respect to their relative complexity. we can say that. A: S (2) we are interested in the rate of growth of g for particular systems S and 0 . This can be shown by exhibiting a simulation function (as in deﬁnition 12) h such that for some polynomial p(n). ‘easy’ proofs may be rather hard to ﬁnd! A crucial consideration is therefore the size of the search space in S S S S S S S 5 Our deﬁnition of p-simulation is the same as the one used in [Buss. in [Cook and Reckhow. In this case S is said to polynomially simulate. The study of the relative complexity of proof systems was started by Cook and Reckhow [1974. In other words. If f1 : 1 7! L and f2 : 2 7! L are proof systems for L. The simulation function h is then a mapping from proofs in 0 to proofs in S which preserves feasibility: if 0 is a polynomially bounded system for L.

e. they are both true at the same time if the premise is true. describe these rules as pairs of single-conclusion rules. Tableau rules for signed and unsigned formulae which apply to formulae of type (in Smullyan’s unifying notation. of course. We could. In some cases we can deﬁne systematic procedures to explore the search space efﬁciently.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 57 which such‘ easy’ proofs are to be found. which are asserted ‘conjunctively’. see Fitting’s introduction). For instance the rules for eliminating true conjunctions is equivalent to the following pair of single-conclusion rules: . Some of the linear rules have two conclusions. and branching rules which apply to formulae of type . For the reader’s convenience we list them all in Table 1 both in their signed and unsigned versions. 3 SMULLYAN’S TABLEAUX 3. i.1 Tableau Expansion Rules The tableau rules have been introduced in Fitting’s chapter. In other cases. So the signiﬁcance of these results for automated deduction must be considered case by case. We can distinguish between linear rules. Let us consider the signed rules ﬁrst. so that a ‘speed-up’ in prooflength can be translated into a similar speed-up in proof-search. Signed rules TA ^ B TA TB TA ! B FA TB A^B A B A!B :A B FA ^ B FA FB FA ! B TA FB TA _ B TA TB T :A FA A_B A B FA _ B FA FB F :A TA Unsigned rules :(A ^ B ) :A :B :(A ! B ) A :B ::A A :(A _ B ) :A :B Table 1. we may not know of any such systematic procedure and the existence of shorter proofs may not help us developing more efﬁcient proof procedures.

of formulae is unsatisﬁable if and only if there is a closed Proof. the set of formulae in an open saturated branch is a Hintikka set (see Chapter 1).58 MARCELLO D’AGOSTINO TA ^ B TA TA ^ B TB In Smullyan’s unifying notation. A set tableau for . observe that a branch of a tableau is saturated only if it satisﬁes the following two conditions: 1. The if-direction of this theorem (soundness of tableaux) depends on the fact that the tableau expansion rules preserve the following property: any valuation satisfying all the formulae in a set S must also satisfy all the formulae contained in at least one branch of any tableau for S . So. by Proposition 9 that the tableau method is both conﬂuent and complete. We now show that for every set of formulae we can construct a completed tableau for it. this amounts to decomposing the two-conclusion rule 1 2 into the two single-conclusion rules: 1 2 So. either 1 or 2 also belongs to . 3. For every -formula in . All the rules are analytic in the sense explained above: every (signed) formula which occurs as a conclusion is a (signed) subformula of the (signed) formula which occurs as premiss of the rule. both 1 and 2 also belong to . The only-if direction (completeness of tableaux) follows from Proposition 9 above.2 Conﬂuence and Completeness THEOREM 13. To see why. with eight rules of type h1i — those for eliminating the -formulae — and three rules of type h2i — those for eliminating the -formulae. This will imply. Hence if a tableau for S is closed. . 2. we can describe the tableau method as an example of expansion system. For every -formula in . no valuation can satisfy all the formulae in S .

Here we elaborate on this topic and show how the tableau rules correspond to a semantic interpretation of (a suitable variant of) Gentzen’s sequent rules.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 59 Let us then say that a node n is fulﬁlled if (1) it is an atomic s-formula or (2) it is of type and both 1 and 2 occur in all the branches passing through n or (3) it is of type and for every branch passing through the node either 1 or 2 occurs in .e. 1935]. So every node gets fulﬁlled after a ﬁnite number of steps. 3. 33–34 ]). Apparently he considered the sequent calculi as technically more convenient for metalogical investi6 By ‘fulﬁlling a node’ we mean applying the appropriate tableau rule so that the node becomes fulﬁlled. i. it is a semidecision procedure. This node constitutes the level 1. We have seen that in classical logic this problem is reduced to the satisﬁability problem. more in general. to the set of questions ‘is satisﬁable?’ for any ﬁnite set of formulae Notice that when the original set is ﬁnite. or with an open completed tableau. it is guaranteed to terminate only if S is unsatisﬁable. If is allowed to be inﬁnite. The procedure either terminates with a closed tableau or runs forever. it runs forever.e. ‘is the sequent ` true?’ A decision procedure is a systematic method. 1968. Let be a set of s-formulae arranged in a denumerable sequence X1 .3 Tableaux as a Decision Procedure The Decision Problem for Propositional Logic is the set of all questions ‘is B a consequence of ?’ (where B is a formula and a ﬁnite set of formulae) or. or algorithm. At the i-th step fulﬁl all the nodes of level i 1 and append Xi to the end of each open branch. the procedure always terminates). It always terminates in a ﬁnite number of steps either with a closed tableau. if is satisﬁable. the procedure described in the previous section is indeed a decision procedure. . In the latter case we ‘obtain’ an inﬁnite tree which is a completed tableau for . Call all the nodes so obtained nodes of level 2. Start the tree with X1 . while if S is satisﬁable. 3. if is unsatisﬁable. Invertible Sequent Calculi Gentzen introduced the sequent calculi LK and LJ as well as the natural deduction calculi NK and NJ in his famous 1935 paper [Gentzen.4 Tableaux and the Sequent Calculus Tableaux have been introduced in Chapter 1 which also mentions their close relation to Gentzen’s sequent calculus. i. [pp. to answer all these questions. (Notice that if is ﬁnite. : : :. X2 . Then fulﬁl6 the origin and append X2 to every open branch. A simple procedure for constructing a completed tableau is the following one (from [Smullyan. Clearly a tableau is completed if and only if every node in it is fulﬁlled.

82. : : : . He also suggested that the rules of the 8 [Gentzen. 89].9 Such ‘unconditional’ formulae are sequents (see p. which eliminates the need for ‘structural’ rules to deal with permutations and repetitions of formulae. p. p.. but not if one wants to use sequents for some other logic. for sets of formulae and write . For such logics the antecedent and the succedent are usually represented as multisets. Bm In the case of intuitionistic logic the succedent (the expression to the right of the turnstile) may contain at most one formula. A ` . A: This well-known variant corresponds to Kleene’s system G4 [Kleene. This is not without reason. 11 Whereas in the natural deduction calculi there are. whose truth is no longer conditional on the truth of certain assumption formulae’.8 He called these calculi ‘logistic’ because. This obviously implies that the cut-free fragment is complete. provided that the axioms are allowed to have the more general form . see [Thistlewaite et al. i. Although Gentzen considered the antecedent and the succedent as sequences. 1967. . An ` B1 .7 In particular he thought that they were ‘especially suited to the purpose’ of proving the Hauptsatz [his ‘Fundamental Theorem’] and that their form was ‘largely determined by considerations connected with [this purpose]’.11 ‘Second.e. expressions of the form (3) A1 . . In this chapter we shall consider the classical system and focus on the propositional rules. it is often more convenient to use sets. A as an abbreviation of fAg). A proof of a sequent ` consists of a tree of sequents built up in accordance with the rules and on which all the leaves are axioms. 7 [Gentzen. 9 [Gentzen. : : : . Gentzen’s rules have become a paradigm both in proof-theory and in its applications. like relevance or linear logic. like the natural deduction calculi.10 Table 2 shows the rules of Gentzen’s LK once sequences have been replaced by sets (we use . p. Gentzen’s celebrated Hauptsatz says that the cut rule can be eliminated from proofs. 1983]). 1988] and [Avron. 47 above). 10 This reformulation is adequate for classical and intuitionistic logic. their form ensures the validity of the Hauptsatz: each proof can be transformed 1935]. for each operator.60 MARCELLO D’AGOSTINO gation. they do not involve the introduction and subsequent discharge of assumptions. but deal with formulae which are ‘true in themselves. etc. 1935. First. unlike the natural deduction calculi. an introduction and an elimination rule. they provide a precise analysis of the logical operators by specifying how each operator can be introduced in the antecedent or in the succedent of a sequent. 69. one can discard the last structural rule left — the thinning rule — and do without structural rules altogether without affecting completeness. Furthermore. chapter VI]. 1988]. in which the number of occurrences of formulae counts. 1935]. i. in the sequent calculi there are only introduction rules and the eliminations take the form of introductions in the antecedent.e. Gentzen seemed to consider the difference between the two formulations as a purely technical aspect (see [Sundholm.

B I-!right] ` .A ! B ` ` .B ` . in particular [Dummett.A ` Operational rules ` ` . 69]. In fact he argued that the introduction rules alone are sufﬁcient for this purpose and that the elimination rules are ‘no more. B I-_right] ` . 1935. :A ` I-_left] I-!left] ` . a cut-free system. .TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 61 Axioms A`A Structural rules ` .A Cut] . 1977]. B ` I-^left] .A_ B ` . in the ﬁnal analysis. Sequent rules for classical propositional logic into one which is cut-free. 12 On this point see [Statman. For a thorough discussion of this subtle meaning-theoretical issue the reader is referred to the writings of Michael Dummett and Dag Prawitz.A ! B . p. 1978]. gradually built up from its constituent elements’ [Gentzen.A I-:left] .B I-^right] ` . like Kleene’s G4.A ` I-:right] ` . A.A . seems to be particularly suited to a ‘backward’ search natural deduction calculus could be seen as deﬁnitions of the operators themselves. than consequences of these deﬁnitions’ [Gentzen. 80].A ^ B ` .B ` . Thinning] . ` . From a conceptual viewpoint this property represents the notion of a purely analytic or ‘direct’ argument12: ‘no concepts enter into the proof other than those contained in its ﬁnal result. as it were. and cut-free proofs enjoy the subformula property: every sequent in the proof tree contains only subformulae of the formulae in the sequent to be proved.A ^ B ` ` . so that ‘the ﬁnal result is.A ` . 1978] and [Prawitz. 1935. p. and their use was therefore essential to the achievement of that result’ [Gentzen.A ` .88]. p. Third. He also observed that this ‘harmony’ is exhibited by the intuitionistic calculus but breaks down in the classical case. :A Table 2.A _B . 1935.A ` . A.

the provability of the premise. if applying the rules backwards we reach an axiom in every branch. and such a method we call analysis. a system like G4 admits of an interesting semantic interpretation. it is easy to see that the thinning rule is not invertible: the provability of its conclusion does not imply. if a logical calculus has to be employed for this kind of ‘backward’ proof-search it is important that its rules be invertible: this allows us to stop as soon as we reach a sequent that we can recognize as unprovable (for instance one containing only atomic formulae and in which the antecedent and the succedent are disjoint) and conclude that the initial sequent is also unprovable. its fullest description can be found in Pappus (3rd century A. namely their invertibility. The soundness of the rules ensures that a valuation which falsiﬁes the conclusion must also falsify at least one of the premises. in general. also makes true at least one formula in . and so on until. who writes: Now analysis is a method of taking that which is sought as though it were admitted and passing from it through its consequences in order. we light upon something already known or ranking as a ﬁrst principle. one can start from the endsequent and use the rules in the reverse direction. On 13 The so-called ‘method of analysis’ was largely used in the mathematical practice of the ancient Greeks. The idea of an ‘analytic method’.62 MARCELLO D’AGOSTINO for proofs: instead of going from the axioms to the endsequent. 1941] pp. which is clearly reminiscent of Pappus’ ‘theoretical analysis’. 596–599. and we inquire what it is from which this comes about.). a Boolean valuation) which makes all the formulae in true. .e. and again what is the antecedent cause of the latter. by retracing our steps. is often associated with another sense of ‘analysis’ which is related to the ‘purity’ of the concepts employed to obtain a result and. Thus. to the subformula principle of proofs. going from the conclusion to suitable premises from which it can be derived. This is the so-called directional sense of analysis.13 works only in virtue of an important property of the rules of G4 which is described in Lemma 6 of [Kleene. Let us say that a sequent ` is valid if every situation (i. 14 See for instance [Matulis. As was early recognized by the pioneers of Automated Deduction14 . however. We should notice that the absence of the thinning rule is crucial in this context. we are allowed to conclude that no falsifying valuation is possible (since no valuation can falsify an axiom) and that the endsequent is therefore valid.D. in the framework of proof-theory. In fact. Otherwise if some situation makes all the formulae in true and all the formulae in false. According to this semantic viewpoint we prove that a sequent is valid by ruling out all possible falsifying situations. This method. to something which is admitted as a result of synthesis. So a sequent ` represents a valuation problem: ﬁnd a Boolean valuation which falsiﬁes it. DEFINITION 14.). as being a solution backwards ( [Thomas. 1967]. for in analysis we suppose that which is sought be already done. As far as classical logic is concerned. we say that the sequent is falsiﬁable and that the situation provides a countermodel to the sequent. A rule is invertible if the provability of the sequent below the line in each application of the rule implies the provability of all the sequents above the line. 1962].

Their correspondence with the rules of invertible sequent calculi is straightforward and is illustrated in [Smullyan. 16 In 15 [Gentzen.. . natural deduction rules do not capture the classical meaning of the logical operators. the invertibility of the rules allows us to stop as soon as we reach a falsiﬁable sequent and claim that any falsifying valuation provides a countermodel to the endsequent. 1971]. since its rules are ‘closer to the classical meaning of the logical constants’(p. 68. 3. we would not be be able. because it does not appear to share the ‘mechanical’ character of other proof systems such as tableaux and resolution. The construction of an analytic tableau for a sequent ` closely corresponds to the systematic search for a countermodel outlined above except that Smullyan’s presentation uses trees of formulae instead of trees of sequents. 1992]. to retransmit falsiﬁability back to the endsequent. there is considerable accordance in regarding natural deduction as unsuitable for automated deduction. As has been convincingly argued by Wilfried Sieg. 1993]). ‘classical deductive operations are then analysed as consisting of the constructive ones plus a principle of indirect proof for atomic sentences’(p. More recently this criticism of natural deduction has been taken up and extended in [Girard et al. Again. p. the classical system of natural deduction. this widespread opinion is to a large extent the result of a prejudice and (normal) natural deduction does admit. 244). 1989] and [Cellucci. This was already remarked in [Prawitz. So. Prawitz suggested that a good candidate for this role could be the classical sequent calculus. if employed in bockward search procedures. where the author pointed out that natural deduction rules are nothing but a reading of Heyting’s explanations of the constructive meaning of the logical operators [Heyting. 1983]. and so it is still regarded by most of the logic community.16 In particular the rules for the conditional are based 1935]. 244–245). In fact. On the other hand. as shown by the prominent role it plays in most undergraduate courses (see the Appendix for a listing of the natural deduction rules). the thinning rule may result in the loss of crucial semantic information. 1965]. in general. if the thinning rule were allowed. 1968b] and [Sundholm. Our main argument in favour of tableau methods versus natural deduction methods is of a different nature and puts in question the received view that the latter are more ‘natural’ than the former. at least in principle.5 Tableaux and Natural Deduction Is Natural Deduction Really ‘Natural’? Gentzen’s natural deduction was intended by his author as a deductive system which ‘comes as close as possible to actual reasoning’15. as argued in [Prawitz. and ‘one may doubt whether this is the proper way of analysing classical inferences’(p. 245). of proof-search strategies comparable to those adopted in more popular approaches to automated deduction (see [Sieg.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 63 the other hand. 1968] and [Smullyan. 1956].

in the sense that their simplest proofs must involve ‘tricks’ which are far from being natural.64 MARCELLO D’AGOSTINO on an interpretation of this operator which has nothing to do with the classical interpretation based on the truth-tables. a mixture of natural deduction and sequent calculus. :(P ^ Q) ! (:P _ :Q) P ^Q Q 2. Notice that we obtain a rather unnatural deduction whatever variant of ‘natural’ deduction we may decide to use.17 This mismatch between the natural deduction rules and the classical meaning of the logical operators is responsible for the fact that rather simple classical tautologies become quite hard to prove within the natural deduction framework. however. It is not difﬁcult to check that the simplest proof one can obtain is the following: :P 3 :Q4 3 4 :(:P _ :Q)2 :P _ :Q :(:P _ :Q)2 :P _ :Q 2. for instance. although probably the least bad of all is obtained by means of the variant which explicitly incorporates the principle of bivalence in the form of the ‘classical dilemma’ rule: 17 This does not apply. . Let us consider. one of de Morgan’s laws :(P ^ Q) ! (:P _ :Q) and try to prove it in the classical natural deduction system with the classical reductio ad absurdum rule. 1992] which is. to the multi-conclusion system proposed by [Cellucci. 3 2. 4 F F :(P ^ Q)1 P 2 F 1 :P _ :Q . 1 2 2 where the numerals on the right of the inference lines mean that the conclusion depends on the assumptions marked with the same numerals. in fact.

their length with respect to the length of the tautology to be proved): in fact. it is easy to verify that the length of their shortest proofs is linear in the length of the tautology under consideration. The reader can verify that any attempt to prove this classical tautology within the natural deduction framework leads to logical atrocities. 3 3 :P _ :Q :P _ :Q 1 :P _ :Q . 3 F 1. It is rather their contrived character which is disturbing. 3 :(P ^ Q)1 P ^ Q 1. 3 ((P ! Q) ! P ) ! P P F :P 2 . 3 :P :Q3 1. we would not expect such logical atrocities when we use them to prove intuitionistic tautologies. if we look at the class of tautologies which generalizes the de Morgan law proved above. both in the system with the classical dilemma and in the system with classical reductio. 3 2 P !Q 1.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 65 P 2 Q3 2. the other (intuitionistically valid) de Morgan law: :P _ :Q ! :(P ^ Q): . 2 It should be emphasized that the main problem here does not lie in the complexity of proofs (i. 1 1.) Consider. 2.e. for instance. Here is a typical proof: :P 2 (P ! Q) ! P 1 P 2. and this depends on the fact that the natural deduction rules do not capture the classical meaning of the logical operators. Since these rules are closely related to the constructive meaning of the operators. namely Ti = :(P1 ^ : : : ^ Pi ) ! :P1 _ : : : _ :Pi . (Notice that both the de Morgan law we have considered above and Peirce’s law are not intuitionistically valid. :(P ^ Q) ! (:P _ :Q) Another example of a tautology whose natural deduction proofs are extremely contrived is Peirce’s law: ((P ! Q) ! P ) ! P . 2 Q F P3 2.

strictly speaking. treat a sentence and its negation symmetrically. shorter than the corresponding natural deduction proofs. on the contrary. The tableau rules. . as a result of the symmetrical treatment of sentences with respect to their 18 On this point see [Girard et al.18 The difﬁculties of natural deduction with classical tautologies depend on the fact that a sentence and its negation are not treated symmetrically. since in both cases one obtains proofs whose length is linear in the length of the given tautology. 1989] and [Cellucci. whereas this is exactly what one would expect from the classical meaning of the logical operators. Although the tableau proofs for the class of tautologies which generalizes this de Morgan law are. 1992].66 MARCELLO D’AGOSTINO One can easily obtain a ‘really natural’ intuitionistic proof of this tautology as follows: F F 3 5 :P _ :Q1 :(P ^ Q) :(P ^ Q) 1 :(P ^ Q) .. For instance. :P _ :Q ! :(P ^ Q) :P 3 P ^ Q2 2 P 2. 5 These examples illustrate our claim that ‘natural’ deduction is really natural only for intuitionistic tautologies (and not necessarily for all of them). the difference in length is negligible. they allow for a very simple and natural proof of the nonintuitionistic de Morgan law: :(:(P ^ Q) ! (:P _ :Q)) :(P ^ Q) :(:P _ :Q) ::P ::Q P Q T :P :Q We stress once again that it is not the length of proofs which is at issue here. What is at issue is that the tableau proofs are more natural than those based on the ‘natural’ deduction rules. 3 :Q5 P ^ Q4 4 Q 4.

We shall also write AB to denote the concatenation of clauses A and B . which makes a crucial use of the cut rule and of its admissibility in the sequent calculus without cut. Given the commutativity and idempotence of disjunction. A clause is a disjunction of literals. A detailed discussion of this correspondence can be found in [Scott. a formula which is either a propositional variable (positive literal) or the negation of a propositional variable (negative literal). 3. The weak link is the correspondence between the cut-free sequent calculus and normal natural deduction which is far from being straightforward.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 67 negations. 1955]). the previous discussion strongly suggests that no straightforward step-bystep simulation procedure should be available. 1993] for the details). which can be used to search for a natural deduction proof in a mechanical way by means of a procedure very similar to the tableau saturation procedure (see [Sieg. 1983]. simply think of a clause A as a sequent in which the antecedent is the list of the negative literals of A and the succedent is the list of its positive literals.g. However. the resolution rule amounts to the following basic inference: Al Bl0 AB which is nothing but a simple form of the familiar cut rule. that such rules always lead to proofs which are natural from the classical point of view.) Its ﬁrst formulations date back to the origin of modern . a clause can be regarded as a set of literals and denoted simply by listing its elements.6 Tableaux and Resolution By a literal l we mean. the clause l1 _ l2 _ l3 can be written as l1 l2 l3 . e. At the propositional level. denoted by l0 is equal to :P if l = P and to P if l = :P . a variant of the sequent calculus obtained by reversing the natural deduction rules. A signiﬁcant step towards bridging the gap has been made by Sieg’s intercalation calculus. one can indicate a route which leads from a natural deduction proof to a corresponding tableau refutation via the equivalence of both to a suitable proof in the sequent calculus. l1 _ _ lk . then the resolution rule is exactly the cut rule. owing mainly to the very different treatment of negation in these two systems. without having to appeal to the power of the cut rule (and of its admissibility). for example. 1981] and [Sundholm. As we shall see. in general. Despite some optmistic remarks contained in Beth’s seminal paper on tableaux ( [Beth. As for the relationship between natural deduction proofs and tableau refutations. the symmetry of the tableau rules is by no means sufﬁcient to guarantee. Indeed one would expect tableau refutations and normal natural deduction proofs to correspond to each other in a more direct way. however. as usual. (To see this. The complement of a literal l. the problem is one of the trickiest in the area of proof transformation.

In order to refute sets of clauses we can use a version of Smullyan’s tableaux with only one decomposition rule which is an adaptation of the standard -decomposition (see Figure 1). Smullyan’s tableaux can also be used very perspicuously to generate refutations of sets of clauses. Tableau rule for a clause l1 _ _ lk logic19 . :Q _ S. but perhaps the more perspicuous. 1997]. then its children are labelled with the literals in A. 1965]). we shall see that. :P _:R. This is clearly a good measure since the total number of nodes in the tree is given by 2N 1. :P _ R. A tree resolution refutation for a set of clauses is a binary tree where each leaf is labelled with a clause of . We shall deﬁne the size of a tree resolution refutation as the number of leaves in the tree. However. the resolution rule has been widely known under this name since the publication of Robinson’s epoch-making paper ( [Robinson. In the sequel we shall follow the exposition in [Urquhart. the clause associated with a node n is the disjunction of the literals labelling the children of n. a tableau for is a tree in which the interior nodes are associated with clauses in as follows: if a node n is associated with a given clause A. :Q _:S g 19 See for instance [Schroeder-Heister. However. A resolution refutation of a set of clauses consists in a derivation of the empty clause. Notice that the node associated with a clause A is not labelled with A. This way of representing resolution refutations is clearly the least concise. each interior node with immediate successors labelled Al and Bl0 (where l is any literal.68 MARCELLO D’AGOSTINO l1 lk Figure 1. where N is the number of leaves. . starting from the clauses in and using the resolution rule as the only rule of inference. namely that of sequences or trees of clauses. denoted by . Such derivations can take different formats. and the root is labelled with (the emtpy clause). they cannot p-simulate resolution refutations even in tree format. The origin of the tree is labelled with the whole set of input clauses. 1995]. In Figure 2 we show a tableau for the set of clauses fP _ Q. A and B are clauses)is labelled with AB . Given a set of clauses. The more basic version is the one which yields refutations in tree format. which ﬁnds its anticipation in some posthumous papers by Gottlob Frege. Indeed. without appropriate enhancements.

one of the worst consists in applying the -decomposition rule to the formula in . :Q _ S. eventually. . . :P _ R. the set of formulae in the original ).7 Proof-search with Smullyan’s Tableaux Suppose that in the construction of a tableau T we come across a branch containing both a node k labelled with a formula and and a node m labelled with i (with i = 1 or i = 2). Among the many useless moves that one can make when applying the tableau rules mechanically. the sub-tableau generated by the formulae in will have the following form: . 3. . . :P _ :R. because one of the two branches generated by the rule application will contain another copy of i . .e. A tableau for the set of clauses fP _ Q. .TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 69 P "" J J R PQ :P R :P :R :QS :Q:S bb Q :P :P S S :Q :Q T S :R S S :S :Q _ :S g Regularity Figure 2. 1 2 T1 1 T2 Now. . . So. so is the following more concise one: . if this sub-tableau is a completed tableau for (i.

interpreted as a two-conclusion rule. it seems that not only would regularity stop us from applying the -decomposition rule to a node which is ‘subsumed’ by another node. 2. . shorten proofs (or in general completed tableaux) by an exponential factor. . then . . . as suggested in Section 3. This is. 1 and if a branch in it. Another way consists in wording the tableau rules so that regularity is satisﬁed by deﬁnition. somehow.2.1. for instance it would make it impossibile to generate a closed tableau for the inconsistent formula (P ^ Q) ^ (P ^ :Q). Again. This would clearly affect completeness. on some occasions.2 can be construed as implicitly incorporating the regularity restriction. One way consists in interpreting the -decomposition rule as a pair of one-conclusion rules. . if we simply agree that the -decomposition rule should not be applied. then can be expanded by appending to it every i which does not already occur in it. but it would also stop us from applying the -decomposition rule. . if by ‘fulﬁlling a node’ we mean applying to . 1 T1 Let us say that a node k subsumes a node m if m is labelled with a formula and k is labelled with one of its components i . the systematic procedure of Section 3. It is not difﬁcult to construct examples showing that this obvious ‘economy principle’ in the application of the tableau rules may. And the rule as follows: contains a formula and neither 1 nor 2 already occur can be split into the new expanded branches . there are several obvious ways of imposing the regularity condition without affecting completeness. implicit in the procedure to construct a completed tableau described in Section 3. . A tableau is said to be regular if no formula occurs more than once in each branch. the rule can be reformulated as follows: if a branch contains a formula . Indeed. The restriction on the structure of a tableau that we have just described is usually incorporated into a more general restriction called regularity. to a -formula labelling a node which is already ‘fulﬁlled’ in . We can often spare a large number of branchings if we agree that a node which is subsumed by another node in a given branch is not used in as premiss of an application of the -decomposition rule. in a given branch .70 MARCELLO D’AGOSTINO . However. . For instance. whenever just one of the i is already in the branch.

the resulting trees will be much ‘slimmer’ and avoid a great deal of duplication. so if we execute them. Another priority strategy inspired by the same principle. Priority Strategies The simplest priority strategy was presented by Smullyan in his well-known book on tableaux [Smullyan. namely that of avoiding branching whenever possible. is the complement of. To see this it is sufﬁcient to observe the examples in Figures 3 and 4. It consists in giving priority to -formulae over -formulae in the expansion of a tableau.e. The reason is simple: -decompositions do not create new branches. whenever possible. clash priority strategy— is equivalent to allowing the following ‘derived’ rules with two premisses: 0 1 2 0 2 1 : Again. every minimal size closed tableau for is regular. Things are different in the ﬁrst order case for which we refer the reader to Letz’s chapter in this Handbook. i. the regularity restriction implies the basic condition called strictness. 1989].e. . If is an unsatisﬁable set of formulae. A plausible strategy to reduce the size of refutations seems that of imposing that each clause decomposition (except the ﬁrst one) closes a branch in the tableau. Notice that this simple strategy— that we might call. i. 1968]. FACT 15. the literal labelling an ancestor of k . before the -decompositions.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 71 it the relevant rule in the way just described. This amounts to requiring that each clause decomposed by an application of the tableau rule at a given node k labelled with a literal contains a literal which ‘clashes’. It is not difﬁcult to turn the informal argument given above into a proof showing that closed tableaux of minimal size are regular. it is easy to observe that the clash priority strategy may enable us to shorten considerably the resulting tableaux. A tableau constructed in accordance with this restriction is called path connected (it is also called ancestor clash restricted in [Vellino. Obviously one of the two branches generated by such -decompositions will close immediately. consists in giving priority to -decompositions and 0 0 to -decompositions applied to ’s such that either 1 or 2 (the complements of 1 and 2 ) also occurs in the same branch. following [Vellino. namely that no formula is used more than once as a premiss of a rule application. Restriction Strategies Let us focus on clausal tableaux. As far as the propositional rules are concerned. 1989]).

One might be tempted to think that. So the order in which the rules are applied is crucial. This tableau is constructed by decomposing the formulae in the order in which they appear in the tree. if a clause C in the input set S contains a ‘pure literal’. in order to restore conﬂuence. a literal l which is not complemented in any other . To see why. the construction of the tableau would terminate without generating a closed tableau. i. but it does affect conﬂuence.e. T Q :(P ! R) l l :P P R T Q P :R Figure 3. The path connection strategy does not affect completeness. it is sufﬁcient to remove ‘redundant’ clauses (such as the clause RS in our previous example) from the input set by observing that. without giving priority to the -decompositions The example in Figure 5 shows that the path connection strategy may lead on some occasions to more concise refutations. S . . If the path connection restriction were applied. suppose we tried to construct the path connected tableau of Figure 5 starting with the decomposition of R.72 MARCELLO D’AGOSTINO :((P ! (Q ! R)) ! ((P ! Q) ! (P ! R))) P ! (Q ! R) :((P ! Q) ! (P ! R)) :P P !Q HH H Q!R P !Q :(P ! R) :P P T Q P :Q :P P . This is clearly the case when the input set of clauses S is not minimally inconsistent.

This tableau is constructed giving priority to the -decompositions over the -decompositions .TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 73 :((P ! (Q ! R)) ! ((P ! Q) ! (P ! R))) P ! (Q ! R) :((P ! Q) ! (P ! R)) P !Q :(P ! R) P :P :R S :P Q!R T Q :Q T R Figure 4.

P :Q. . are needed. Note that the input set does not contain ‘pure literals’ and yet the two open branches ending with :Q and :P cannot be further expanded without violating the path connection restriction. This seems to suggest that it might be always possible to apply the clause decomposition rule in accordance with the path connection restriction without affecting conﬂuence. all the clauses which are obviously ‘unconnected’ in the sense just explained. based on some other way of exploring the search space. so is S . The failure of conﬂuence in path connected tableaux implies that their completeness cannot be proved by means of a systematic proof procedure leading to branch saturation and. Unfortunately this is not the case. while the one on the right is a path connected tableau S . For.74 MARCELLO D’AGOSTINO PQ :P V :P Q :Q RS P R T Q QQ :P PQ :P V :P Q :Q RS P S T :P S Q S :P Q S Q Q Figure 5. R:S. before starting the tableau construction. we shall be left with a set S 0 of clauses. The tableau on the left has been constructed by applying the clause decomposition rule in a ‘random’ fashion. :RS. alternative procedures. In this example we simply hit a satisﬁble subset of the input set which is not connected with the unsatisﬁable subset and. namely such that every literal occurring in a clause of S 0 is complemented by a literal occurring in some other clause of S 0 . yet. if we reclause of move. A detailed discussion of such alternative proof procedures can be found in Letz’s chapter on First Order Tableaux. :R:S g. therefore. as is shown by the counterexample illustrated in Figure 6 which shows a typical ‘dead end’ in the construction of a tableau for the set = f:PQ. then C can be safely removed from S . since we can extend any assignment satisfying all the clauses in S n fC g to an assignment satisfying also C . RS. contains no pure literal. Thus. if the set of clauses S n fC g is satisﬁable.

A stronger restriction requires that every application of the clause decomposition rule (except the ﬁrst one) generates at least a literal that clashes with its immediate predecessor. Gentzen was admittedly more concerned with simplifying the proof of his main metalogical result (the Hauptsatz) than with optimizing the formal . However. By this he meant that: ‘the ﬁnal result is. In other words..TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 75 P QQ S :Q :P Q :P S :Q Figure 6. say l. It must be observed that neither strategy is optimal: on some occasions both generate tableau which are not of minimal size. The importance of Gentzen’s achievement can hardly be overestimated: by obeying the subformula principle. although it obviously inherits non-conﬂuence from the path connection strategy. 1989. in designing the sequent rules. his sequent calculus provided a partial realization of a time-honoured ideal. that of a purely analytical method of deduction. This relation is also discussed in Letz’s chapter. 1978]. 1994].69]. pp. 1989]). A ‘dead end’ for the path connection strategy The path connection restriction is closely related on the one hand to Bibel’s connection method [Bibel.24–25 ]. p. A class of examples is presented in [Vellino. Another class of examples showing that minimal connected tableaux can be exponentially larger than unrestricted tableaux is presented in [Letz et al. which had played such an important role in the history of logic and philosophy. as it were. it must also be remarked that. 3. A tableau constructed in accordance with this restriction is called tightly connected (or parent clash restricted in [Vellino.8 Anomalies and Limitations The Redundancy of Cut-free Proofs Gentzen said that the essential property of a cut-free proof is that ‘it is not roundabout’ [Gentzen. 1982] and on the other to Loveland’s model elimination [Loveland. The tight connection strategy is also complete. if the rule is applied to a clause C in a branch whose last node is labelled with a literal. then C must contain the literal l0 . 1935. p.88]. The proof represented by the derivation is not roundabout in that it contains only concepts which recur in the ﬁnal result’ [Gentzen. gradually built up from its constituent elements. 1935.

for the reasons discussed in Section 3. A. A _ :B. Gentzen’s rules are far from being ideal.76 MARCELLO D’AGOSTINO representation of proofs. From this point of view. Notice that (i) the proof in the example is minimal. [Gentzen. For classical logic. Yet. by his failure to prove the Hauptsatz directly for the natural deduction system (a problem solved only thirty years later by Dag Prawitz). (ii) the redundancy does not depend on our representation of the proof as a tree: the reader can easily check that all the sequents which label the nodes are different from each other and. but this information cannot be used in other parts of the tree and. 1935]) solution. and consider as axioms all the sequents of the form . As discussed in Section 3. In this case the proof obtained by employing thinning is not much shorter because of the simplicity of the example considered. a model of the antecedent): the subtree T1 encodes the information that there are no countermodels which make A true. Gentzen’s claims on the ‘naturalness’ of the natural deduction calculus can be endorsed. in some sense. it illustrates the use of thinning in direct proofs in order to eliminate redundancies. A minimal proof is illustrated in Figure 7 (we write the proof upside-down according to the interpretation of the sequent rules as reduction rules in the search for a counterexample. redundant when it is interpreted as a (failed) systematic search for a countermodel to the endsequent (i. :A _ C. allowing for a terse presentation of classical deductions which aims to be at the same time perspicuous and (reasonably) efﬁcient. The situation is perhaps clearer if we represent the proof in the form of a closed tableau a la Smullyan (see Figure 9). only in the domain of intuitionistic logic.e. the thinning rule is not suitable for backward proof search.5. as a simple example. Such a proof is. a cut-free proof of the sequent: A _ B. by `. Today we take Gentzen’s Hauptsatz for granted and are much more sensitive to the choice of carefully designed rules of inference. :A _ :C ` . expressing the fact that the antecedent is inconsistent. as we shall argue in the sequel. This intrinsic redundancy of the cut-free analysis is responsible in many cases . as a result. but he was led to discard the latter in favour of a ‘technically more convenient’ (cf. in fact. For this purpose he believed that the natural deduction calculus would provide a better answer. The only way to obtain a non-redundant proof in the form of a sequence or a directed acyclic graph of sequents would be by using the thinning rule as in Figure 8. the symmetry of the sequent calculus and its ‘mechanical’ ﬂavour seemed to provide a suitable approach to the automation of deduction. namely the sequent calculus. we mean ` . only to show again that such a countermodel is impossible. T2 still tries (in its left subtree) to construct a countermodel which makes A true.4. Let us consider. :A `). However. at best. the proof would have the same size if represented as a sequence or as a directed acyclic graph. It is easy to see that such a tableau shows the ` same redundancy as the sequent proof given before.

A _ :B. :A _ C. :A _ :C ` A. :A _ :C ` A. :A _ :C ` HH H A. :A _ C. A. A. A _ :B. :A ` bb B. :A ` "" A. :A _ :C ` T1 !!! B. :A _ :C ` B. :C ` Figure 7. C. :A _ :C ` B. A _ :B. A. A. C. . C. :A. :A _ :C ` HH H . :C ` bb and T2 = B. :A _ :C ` T2 aaa Where T1 = A. :A _ C. :A _ :C ` B. A. :A _ C. :A. :A _ :C ` A.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 77 A _ B. A _ :B. :A _ C. :A _ C. A _ :B. l l B. A _ :B. :A _ :C ` "" B. :A _ C. A minimal cut-free proof of the sequent which occurs at the root of the top tree . C. C. A _ :B. A _ :B. :B. C. A _ :B.

we may have to reiterate this redundant pattern an arbitrary number of times. depending on the composition of our input set of formulae. the original sequent is not valid and the problem is solved. it is often the case that the shortest tableau has to contain higly redundant conﬁgurations like the one shown in ﬁgure 10: where the subtree T has to be repeated n times. :A _ :C ` B. :A _ :C ` B. C. :B. Each copy of T may. Moreover. it is essential: it does not depend on any particular proof-search procedure (it affects minimal proofs) but only on the use of the cut-free rules. must make A false). Let us discuss in some more detail the relation between the inefﬁciency of these rules and their failure to simulate ‘analytic cut’ inferences. every countermodel. A _ :B. because this kind of countermodel is already sought in T1 .78 MARCELLO D’AGOSTINO (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) A. C. if any. A _ :B. :A ` A. :A _ C. . :A _ :C ` A _ B.e. contain a similar pattern. :A _ C. :A _ C. :A _ :C ` A. : : : . to try to construct (as we do if our search is governed by Gentzen’s rules) countermodels which make A true. If the search is successful. :A _ C. A proof in linear format making use of the thinning rule for explosive growth in the size of the search tree. :C ` A. if we restrict ourselves to classical bivalent models. :A _ :C ` A. In both cases it is pointless. The Culprit Can we think of a more economical way of organizing our search for a countermodel? of avoiding the basic redundancy of the cut-free analysis? We must ﬁrst identify the culprit. It is not difﬁcult to see how this may rapidly lead to a combinatorial explosion which is by no means related to any ‘intrinsic difﬁculty’ of the problem considered but only to the redundant behaviour of the tableau rules. For instance. :A _ :C ` Axiom Axiom From (1) and (2) Axiom From (4) and (3) From (5) by thinning Axiom From (6) and (7) From (5) by thinning From (8) and (9) Figure 8. In general. if a branch contains n disjunctions A _ B1 . :A. :A _ C. :A _ :C ` A. C. A _ :B. :A _ C. In the rest of this chapter this point will be examined in detail. A. Otherwise there is no countermodel which makes A true (i. A _ Bn which are all to be analysed in order to obtain a closed subtableau. Our example contains a typical pattern of cut-free refutations which can be described as follows: the subtree T1 searches for possible countermodels which make A true. in turn. :A _ :C ` B. while building up T2 .

:A _ C. A T A T L L L B1 L L L B2 L L L A T B3 . .TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 79 A_B A _ :B :A _ C :A _ :C A :A HH H A T B C T T :A T :C :A T :B C :A :C Figure 9. A _ :B. :A _ :C g . . . . Redundancy of tableau refutations . Figure 10. A closed tableau for fA _ B.

:B . 1968]) that there is also a closed tableau for . an expansion system can be seen as a (nondeterministic) algorithm to search through the space of all possible semivaluations for one which satisﬁes a given set of formulae. the tableau method is the most natural expansion system. so that T2 contains m occurrences of :A in distinct branches which will be left open if A is removed from the assumptions. however. so that T1 contains n occurrences of A in distinct branches which will be left open if :A is removed from the assumptions. A. Then. T2 l l : A T1 T1 where the subrefutation T2 is repeated n times in the lefthand tree and the subrefutation T1 is repeated m times in the righthand tree. In this section we shall render this claim more precise.e.A ` B . in some cases. the ‘elimination of cuts’ from the tableau proof does not remove ‘impure’ inferences.2. say n times. This fact can be seen as a typical ‘cut’ inference: where ‘`’ stands for the tableau derivability relation. :B . that . then it follows from the elimination theorem (see [Smullyan. . say m times. If the formula A is a subformula of some formula in . however. Let us assume. We have observed. As we have seen in Section 2. ` B : B : B T1 A T2 @ @ A T2 : A . in T2 to close a branch.8. . The examples discussed in Section 3. analytic tableaux constructed according to the cut-free tradition are not well-suited to the nature of the problem they are intended to solve. in T1 to close a branch. i.80 MARCELLO D’AGOSTINO Suppose there is a tableau proof of A from . involving only elements contained in the data. :A and a tableau proof of B from . since its rules correspond exactly to the clauses in the deﬁnition of a semivaluation. a closed tableau T2 for . the shortest tableau refutation of . . Similarly. When A is a subformula of some formula in . the cut is ‘analytic’: no external formulae are involved. a closed tableau T1 for . for instance.e. A. suggests that. :B will have one of the following two forms: ` A . in another. Searching for a Countermodel In a sense. i. that :A is used more than once. involving external formulae. let A be used more than once. . . but ‘pure’ analytic inferences.

in some sense. . n1 T n2 if an only if n1 is a predecessor of n2 ). such systems are not natural for classical logic. i. n2 belonging to different branches. Let T the partial ordering deﬁned by T on the set of its nodes (i. the same applies to vn2 . we have found a countermodel to the original sequent and the problem is solved. vn1 v vn2 for some pair of nodes n1 . the associ(5) n1 T n2 () vn1 v vn2 : In other words the relations between the nodes in an S-tree correspond to the relations between the associated partial valuations. It is easy to see that the non-redundancy condition is not satisﬁed by the tableau method (and in general by cut-free Gentzen systems). This can be made precise as follows: given an S-tree T we can associate with each node n of T . from an algorithmic point of view. the partial valuation vn which assigns 1 to all the formulae A such that T (A) occurs in the path to n. in some cases. If a tree does not satisfy (5). equivalently. We can therefore say that. if no extension of vn1 is a semivaluation.e. Otherwise. namely ated partial valuations are incomparable. A redundant tree does not reﬂect the structure of the semantic space of partial valuations which it is supposed to explore and this very fact has disastrous computational consequences: redundant systems are ill-designed. that ‘Gentzen’s calculus of sequents may be understood as the natural system for generating logical truths’. n2 belonging to different branches. they force us to repeat over and over again what is essentially the same computational process. and 0 to all the formulae A such that F (A) occurs in the path to n (and leaves all the other formulae undeﬁned).8: if vn1 can be extended to a semivaluation. and v the partial ordering or partial valuations deﬁned above. 20 Are Tableaux an Improvement on Truth-tables? The intrisic redundancy of tableau refutations has some embarassing consequences from the computational viewpoint. advanced in [Prawitz. It is therefore reasonable to require that the rules we adopt in our systematic search reﬂect this structure. for all nodes n1 . 1974]. Clearly (4) n1 T n2 =) vn1 v vn1 : It would be desirable to require that the converse also holds. These emerge in the most striking fashion 20 This suggestion may be contrasted with Prawitz’s suggestion.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 81 the search space has a natural structure of its own. the set n of the s-formulae occurring in the path from the root to n or. in that. then it is obviously redundant for the reasons discussed in section 3. and therefore n1 6 T n2 =) vn1 6v vn1 : So that for every pair of nodes n1 . n2 .e. The importance of avoiding this kind of redundancy is both conceptual and practical.

With 20 letters there are slightly more than one million cases in the truth-table analysis (which is still feasible on today’s computers) but over 2 1018 branches in a minimal closed tableau. with 10 letters there are over 1. ] is equally straightforward but saves labor by searching whole blocks of cases at once. e. . In fact. . the situation is not nearly as clear-cut as it appears. 23 [Jeffrey. However it turns out that a minimal closed tableau must contain more than 3.23 This appraisal. however. Beth himself. . 1967. Here are some typical quotations on this topic: Is there a better way of testing whether a proposition A is a tautology than computing its truth table (which requires computing at least 2n entries where n is the number of proposition symbols occurring in A)? One possibility is to work backwards. there are examples for which the complete truth-tables perform incomparably better than the standard tableau method. The truth-table method. who was (in the 1950’s) one of the inventors of tableaux.82 MARCELLO D’AGOSTINO when we compare the complexity of tableau proofs with that of truth-tables.e tableau] test [. In the next section we shall show that. 22 [Gallier. introduced by Wittgenstein in his celebrated Tractatus LogicoPhilosophicus. page 82].21 Beth’s opinion is echoed in the widespread yet unsubstantiated claim that the truth-table method is clearly and generally less efﬁcient than the tableau method and relates to it as an exhaustive search relates to ‘smarter’ procedures which makes use of shortcuts. for the number of cases to be searched doubles with each additional letter (so that.000. . Technically speaking. The truth-table test is straightforward but needlessly laborious when statement letters are numerous. For these examples it is.g. trying to ﬁnd a truth assignment which makes the proposition false. 1986.000 branches. contrary to expectations (and Beth’s opinion). The truth-tree [i. 1958. one may detect failure much earlier.. This is the essence of Gentzen [cut-free] systems22 . may turn out to be rather unfair.024) to check. of course.000 cases (exactly 1. provides a decision procedure for propositional logic which is immediately implementable on a machine. However this time-honoured method is usually mentioned only to be immediately dismissed because of its incurable inefﬁciency. these examples serve the purpose of ﬁlling a gap in the classiﬁcation of conventional proof systems in terms of the p-simulation relation 21 [Beth. . page 18]. In this way. pages 44–45].000 cases). true — to pursue the above quotation — that with 10 propositional letters there are over 1. also stressed that they ‘may be considered in the ﬁrst place as a more convenient presentation of the familiar truth-table analysis’.

P2 is the following expression in CNF: (P1 _ P2 ) ^ (P1 _ :P2 ) ^ (:P1 _ P2 ) ^ (:P1 _ :P2 ) Notice that in this case the truth-table procedure contains as many rows as clauses in the expressions. for each i = 1.Pk contains more than k! distinct branches. 25 This rather fancy terminology is used in [Dunham and Wang. In other words.Pk denote the set containing these 2k clauses. this appears to be the only known example of such an incomparability among conventional proof-systems. Every closed tableau for the set HP1 . There are 2k of such clauses.25 i. deﬁned as follows: given a sequence of k atomic variables P1 . If an expression is ‘fat’. in order to deal with clauses. either Pi or :Pi and no other member.Pk . . 1976].:::. For instance. whereas the complexity of truth-tables depends only on the number of distinct propositional variables which occur in it. : : : . So the tableau 24 As Alasdair Urquhart has pointed out. However we shall prove that it is hard for the tableau method. consider all the possible clauses containing as members. : : : . Pk . we redeﬁne the tableau _-elimination rule as follows: l1 _ : : : _ lk l1 lk Since the formula HP1 . 2. Recall that.Pk is in CNF. Let T be a minimal closed tableau for HP1 .e. this class of expressions is not ‘hard’ for the truth-table method. k .:::. its length is large compared to the number of distinct variables in it. Proof.e. We assume that all the V nodes labelled with assumption clauses precede the other nodes.:::.:::. we can assume that the ﬁrst part of the tableau consists of a sequence of applications of the ^-elimination rule until the conjunction is decomposed into a sequence of clauses. namely 2k . Let HP1 .TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 83 ship: truth-tables and Smullyan’s analytic tableaux are incomparable proof systems. PROPOSITION 16. total number of symbols) of the formula to be decided. An extreme example is represented by the sequence of ‘truly fat’ expressions in conjunctive normal form. The expression V V HP1 . For our purposes we can consider these clauses as ‘assumption’ formulas and forget about the ^-elimination steps.:::.Pk is unsatisﬁable.24 The key observation is that the complexity of tableau proofs depends essentially on the length (i. the number of branches generated by its tableau analysis may be large compared to the number of rows in its truth-table. HP1 .

:::. Indeed. : : : . Let C (k ) be the number of interior (i. Hence T contains at least as many distinct paths as there are permutations of P1 . which is O (k 2k ). Notice that k ! grows faster than any polynomial function of 2k . either Pj or :Pj is among the children of n. : : : . Notice also that for HP1 . Then. distinct permutations are associated with distinct paths. so that the overall complexity is O (k2 22k ). : : : . The previous argument can be easily adapted to give an exact lower bound on the size of a tableau. There must be a path n1 . Let Q1 . : : : . Every n n0 has exactly k children m1 .:::. Pk . Let n0 be the last node of this sequence. : : : .:::. k. nk such that the labelling formulas form a sequence Q1 .Pk . each labelled with an assumption. Qk be an arbitrary permutation of P1 . Even worse. but cannnot be decided in polynomial time—as shown by our examples—if we use be precise. : : : . : : : . where n is the total number of occurrences of atomic letters and operators in the CNF expression. there is no “feasible” simulation in either direction (since truth-tables cannot psimulate tableaux). This means. Pk . are decidable in polynomial time by the truth-tables. Namely: the class of ‘truly fat’ tautologies. Moreover.e. Such a path is obviously open.Pk there are resolution refutations in which the number of steps is linear in the number of clauses. where Qi is either Qi or :Qi . a uniform improvement on the truth-table method as far as computational complexity is concerned. there are natural and well-deﬁned subproblems of the tautology problem which are tractable for the truth-tables and intractable for any procedure based on analytic tableaux. k) is labelled either with Pi or with :Pi . at least in their standard form given them by Smullyan.84 MARCELLO D’AGOSTINO starts with a sequence of 2k nodes. a simple analysis shows that C (k ) is determined exactly by the following equation: C (k) = k + k (k 1) + k (k 1)(k 2) + : : : + +k (k 1) : : : (k (k 1)) 1 1 1 = k! (1 + 2! + 3! + + k! ) One immediate consequence of this fact is that analytic tableaux do not provide. where n is the length of the tautology. This implies that analytic tableaux cannot p-simulate the truth-table method. in practice. non-leaf) nodes in a minimal closed tableau for HP1 . : : : . namely at least k! distinct paths. Qk . So for every node n and every j = 1. mk (resulting from the decomposition of an assumption clause) such that mi (i = 1.Pk . and there are only 2k rows in the truth-table analysis26 of HP1 . since Qi 6= Qj for i 6= j . in which the number of variables is of order log n. that for this class of examples even the most naive program implementing the old truthtable method will run incomparably faster than any program implementing some proof-search procedure (no matter how smart) based on the tableau rules. the truth-table analysis involves O (k n 2k ) steps. 26 To .

this is not just an oddity due to a careful choice of artiﬁcial examples but the result of a fundamental inadequacy of the tableau rules which affects. namely the set of formulas which occur in an open path. do not meet this requirement. the more likely for the truth-tables to beat their more quoted rivals. we may well (and often do) end up considering more cases than is necessary. in general. every tableau refutation: the ‘fatter’ the formulas (namely the smaller the number of variables relative to the overall length of the formulas). this is not. the complexity of the semantic decision procedure for L is essentially O(k n mk ) where n is the length of the input formula and k is the number of distinct variables in it. and their equivalent cut-free sequent calculus in tree form. after we apply the rule for analysing A _ B . For instance. 1974]. true of the tableau analysis. While all the cases enumerated in the truth-table analysis are mutually exclusive. As we shall see. Analytic tableaux. when we expand the tableau below B we may have to consider possible models in which A is true.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 85 Smullyan’s analytic tableau rules (no matter how ‘smart’ we are in applying these rules). In general.27 As a result. it is obvious that the branches do not represent mutually inconsistent ‘possible models’. . when expanding the tree. The cause of this behaviour is not difﬁcult to detect if we look at the way in which the two methods enumerate the possible cases to be checked in order to test a formula for validity. given a decidable logic L which admits of characterization by means of m-valued truth-tables. But all these possibile models are already enumerated below A. This is a natural upper bound on the decision problem for L which should be at least equalized by any proof procedure. When applying the typical tableau branching rules: A_B A!B :(A ^ B ) A or B :A B :A :B A1 _ : : : _ An A1 An for expressions in clausal form. These examples consist of sets 27 By a ‘possible model’ we simply mean a set of formulas which may be embedded into a Hintikka set. so that the enumeration process is redundant. at different degrees. More Hard Examples for Smullyan’s Tableaux Another class of examples which are hard both for tableaux and for the truthtables is described in [Cook and Reckhow.

the one on the left is labelled with a positive literal and the one on the right is labelled with the corresponding negative literal. but the minimal tableau refutation for 6 has 10. Consider a binary tree T where each node.056. :PR. A simple example is shown in Figure 11. Urquhart comments that this lower bound ‘has some signiﬁcance for automated theorem proving based on simple tableau methods. the set 2 is the one illustrated in Figure 11. even in tree format.950. Now. is the result of a joint effort of Cook and Urquhart and can be found in [Urquhart. we can associate with each branch the clause containing exactly the literals in . In this way. the whole tree T can be taken as representing the set (T ) of the clauses associated with its branches. A more accurate version of this lower bound. 435. It is easy to check that the resulting tree provides the required refutation and its size is linearly related to the size of n . We stipulate that. Let n be the set of clauses associated with a complete binary tree of depth n. In [Cook and Reckhow. p. P :Q. A slightly earlier and different proof of an exponential lower bound for Cook and Reckhow’s examples is contained in [Murray and Rosenthal. 1974] Cook and Reckhow report (without proof) a lower bound on the number of nodes of a closed tableau n which is exponential in the size of n . Thus n contains 2n clauses and 2n 1 distinct atomic letters. is labelled with a distinct literal. 1995]. with a proof. For this purpose it is sufﬁcient to label each node a with the clause consisting of the literals occurring in the path from the root to a (and therefore the root with the empty clause). and sibling nodes are labelled with complementary literals. 1994].650.806 interior nodes. except the root. . for each pair of sibling nodes. :P :Rg of clauses associated with binary trees as follows. (T ) = fPQ. For instance. This shows that any pratical implementation of the tableau method must incorporate routines to eliminate repetition in tableau construction’. To see this.28 On the other hand the above examples have very small resolution refutations. This is sufﬁcient to prove the following: 28 [Urquhart.86 MARCELLO D’AGOSTINO g P Q Q g A A A g:Q Q Q Q g:P g R g A A A g:R Figure 11. The set 6 contains only 64 clauses of length 6. just observe that we can label the nodes of a complete binary tree of depth n with suitable clauses to obtain a tree resolution refutation of n . 1995].

turned out to be. In this way he thought he had reached a formal method which was ‘in complete harmony with the standpoint of [classical] semantics’ [p. contrary to expectations.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 87 On the contrary. in a sense. and could “even be proved to be. Suppose our semantics is 3-valued. the shortest ones which are possible” [p. 323]. where he introduced his version of semantic tableaux [Beth. the tableau rules allow for the possibility of a proposition’s being something else other than true or false. not clumsy or cumbersome but “remarkably concise’..] within (relatively) easy reach” [p. by transformation of semantic tableaux. 318]. Smullyan’s tableaux cannot p-simulate tree resolution. Are the Tableau Rules Really ‘Classical’? Beth’s aim. How about this other claim on the close correspondence between the tableau rules and classical semantics? The classical notion of truth is governed by two basic principles: the principle of Non-contradiction (no proposition can be true and false at the same time) and the principle of Bivalence (every proposition is either true or false. he claimed that the Gentzen-type formal proofs obtained in a ‘purely mechanical manner’. Gentzen’s Subformula Theorem and Extended Hauptsatz. He stressed the close correspondence between the formal rules in a Gentzen-type system and the semantic-oriented rules of the tableau method [pp. and Bernay’s o Consistency Theorem are [. adopting his approach. While enumerating all the possible cases. proofs of completeness become trivial and ‘such celebrated and profound results as Herbrand’s Theorem. it is not difﬁcult to show that tree resolution can p-simulate Smullyan’s tableaux for clauses (for a simple argument see [Urquhart. We have already shown that Beth was wrong in claiming that tableaux constitute a uniform improvement on the truth-table method.322-23] so that.. 318. 318. was to point out the “close connections between semantics and derivability theory” so as to avoid the difﬁculties which were usually encountered in the proof of the completeness theorem [pp. 1955]. 317]. Morever. namely: THEOREM 17. Suppose also that the truth-tables are extended in a way which preserves the classical rules of truth.313]. the Theorem of L¨ owenheim-SkolemG¨ del. with the truth-value ‘undeﬁned’ ( ) along with ‘true’ (1) and ‘false’ (0). in his 1955 paper. While the former principle is clearly embodied in the rule for closing a branch. . 1995]). and there are no other possibilities). there is no rule in the tableau method (and in cut-free Gentzen systems) which corresponds to the Principle of Bivalence.

However. So bivalence is re-introduced at the end of the analysis in order to exclude non-classical models. 89]. :A shows that A cannot be false if all the formulas in are true. Gentzen’s rules are not the only possible way of analysing the classical operators and not necessarily the best. In particular he thought that they were ‘especially suited to the purpose’ of proving the Hauptsatz. if we deﬁne logical consequence as follows ` A iff A is non-false when all the formulas in are true the logic deﬁned by this many-valued semantics collapses into classical logic. This is not without reason. they provide a precise analysis of the logical operators by specifying how each operator can be introduced in the antecedent or in the succedent of a sequent. and has been used by Sch¨ utte. and in fact for any manyvalued semantics which preserves the classical equivalences. 1935. . Gentzen’s rules have become a paradigm both in proof-theory and in its applications. and more recently by Girard. There are historical reasons for this ‘elimination of bivalence’ from the semantics of classical proof-theory. 69]. for proof-theoretical investigations into the sequent calculus. and cut-free proofs enjoy the subformula property: every sequent in the proof tree contains only subformulae of the formulae in the sequent to be proved. See the interesting discussion in [Girard. p. Apparently he considered the sequent calculi as technically more convenient for metalogical investigation [Gentzen.29 This last move amounts to restricting the possible models to the classical bivalent ones. Second. A closed tableau for . Their form was inﬂuenced by con29 This kind of semantics validates all the rules of the sequent calculus except the cut rule. 1935]. like the natural deduction calculi. A closed tableau for :A shows that A cannot be false. First. but nowhere is it used in the search for these models. their form ensures the validity of the Hauptsatz: each proof can be transformed into one which is cut-free. in his famous 1935 paper [Gentzen. Gentzen introduced the sequent calculi LK and LJ. So. 1987].88 MARCELLO D’AGOSTINO A B A _ B A ^ B A ! B :A 1 0 1 0 1 0 1 1 1 1 1 1 1 1 0 1 1 1 0 1 0 0 0 1 0 0 0 0 0 1 0 1 Then the tableau rules are still sound for this semantics. and that their form was ‘largely determined by considerations connected with [this purpose]’[p. as well as the natural deduction calculi NK and NJ.

it is easy to see that the sequent rules can be read upside-down as rules for constructing a countermodel to the endsequent. for every model M . and adopt the usual intepretation. 68]. p. But this is the Principle of Bivalence. What is. then. then what the cut rule says is: In all models and for all propositions A.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 89 siderations which were partly philosophical. 560]. In contrast. But. partly technical. 1968a.A ` ` ` . However. exactly as the tableau rules. In this context he introduced the natural deduction calculi in which the inferences are analysed essentially in a constructive way and classical logic is obtained by adding the law of excluded middle in a purely external manner. at least one formula in is true in M whenever all formulas in are true in M . so to speak. namely deﬁne ` as valid if and only if. p. i. 1935. do not require such a drastic move. 4 EXTENSIONS OF SMULLYAN’S TABLEAUX The reﬁnements described in this section have in common that they extend the method of analytic tableaux (in Smullyan’s formulation) by means of additional rules which are redundant. are not required for completeness. but may solve some of the anomalies of the original rules. So he introduced the sequent calculi as a technical device in order to enunciate and prove the Hauptsatz in a convenient form [p. 69] both for intuitionistic and classical logic.A If we read this rule upside-down. . the rule which the Hauptsatz shows to be eliminable is the cut rule: . none of the rules of the cutfree fragment implies bivalence (as is shown by the three-valued semantics for this fragment). but rather that such proofs obey the subformula principle’ [Smullyan. either A is true or A is false. As we shall see the subformula principle. the elimination of bivalence from the underlying semantics. In the ﬁrst place Gentzen wanted to set up a formal system which ‘comes as close as possible to actual reasoning’ [Gentzen. These calculi still have a strong deduction-theoretic ﬂavour and Gentzen did not show any sign of considering the relationship between the classical calculus LK and the semantic notion of entailment. as well as any other desirable property of the cut-fre proofs. one of the two fundamental principles which characterize the classical notion of truth. Then he recognized that the special position occupied by this law would have prevented him from proving the Hauptsatz in the case of classical logic. as Smullyan once remarked: ‘The real importance of cut-free proofs is not the elimination of cuts per se. The elimination of cuts from proofs is. following the same semantic interpretation that we adopt for the operational rules. the semantic counterpart of the cut-elimination theorem? If we think of Gentzen’s sequent rules in semantic terms.e.

Let T be an M-closed tableau and let k be the ending node of a checked branch . By repeating this operation a sufﬁcient number of times. we say that T is M-closed if every branch of T is closed or checked. we eventually obtain a closed tableau. Morever. Merging is clearly an ad hoc method especially devised to remedy the problems highlighted in Section 3. Every M-closed tableau can be expanded into a closed tableau. Now. 1989] for a discussion of this method in connection with clausal tableaux. we can mark a branch of a tableau T as checked if the set of formulae occurring in it is a superset of the set of formulae occurring in another (unchecked) branch of T .90 MARCELLO D’AGOSTINO 4. the hard . Proof. Then there must be a node m such that the set of formulae occurring in the path to m is a subset of the set of formulae occurring in .8 is well-known to anybody who has worked with Smullyan’s tableaux in the area of automated deduction. m which lie on different branches we have n m then one can stop pursuing the branch through m without loss of soundness. This implies that there must be a checked branch which is justiﬁed by a node n such that the sub-tableau Tn generated by n is closed. None of the checked branches of Tm can be justiﬁed by k or by a predecessor of k (by construction of T ). One of the ‘enhancements’ of Smullyan’s tableaux which is taken into consideration in the area of automated deduction is called merging (see [Vellino. More precisely. Let Tm be the sub-tableau generated by m. either Tm is closed or it is M-closed and at least one of its branches is checked. By appending Tn to n we obtain an Mcompleted tableau T 0 with a number of checked branches which is strictly less than the number of checked branches in T . The soundness of Tableaux with Merging (TM for short) is a corollary of the following lemma: LEMMA 18. It is usually avoided by augmenting the standard tableau rules with extra ‘control’ features which stop the expansion of redundant paths in the tree or license the generation of ‘lemmas’ to be used in closing redundant branches. If for any two nodes n. This lemma can be proved as follows. and [Broda.1 Tableaux with Merging The computational redundancy discussed in Section 3. 1992] for an extension to ﬁrst order logic).8. We say that the checked branch is justiﬁed by m. One consequence of the separation result in Proposition 16 is that some correction of the tableau rules is not just a discretional ‘optimization’ step. We say that a branch of T is M-saturated if it is either saturated or checked and that T is M-completed if every branch is M-saturated. but a necessary condition for a respectable tableau-like system. It is easy to see that if merging is employed. This technique can be easily described in terms of our discussion of the redundancy of analytic tableaux.

In the ﬁrst case. we can say that ` :A. . namely all the branches passing through any sibling of k . For. COROLLARY 21. For instance. The standard tableau method cannot p-simulate TLM. the subtableau justﬁes the use of the lemma :A as explained above. This operation is called ‘lemma generation’. the rules for eliminating disjunction might have the following form: A_B A A A or A_B B A A B A :A :B We shall call this extended method ‘tableaux with lemma generation’ (TLM for short). if k is labelled with a formula A. what is usually called ‘lemma generation’ is equivalent to replacing the branching rules of the standard tableau method with corresponding asymmetric ones. we can use :A as a ‘lemma’ and append this formula to the end of all the branches which share the set of formulae . 4. it is not difﬁcult to see that all the hard examples of section 3. Then. it is not difﬁcult to realize that the operation that we have called ‘lemma generation’ can be soundly performed even if the sub-tableau generated by k has not yet been constructed. Let us call L-tableau a tableau constructed by making use of ‘lemmas’. either it is possible to construct a closed sub-tableau below k .8 have polynomial size refutations if these asymmetric rules are employed. Then. if and only if there exists Now.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 91 examples of Section 3.8 can be solved by tableaux of polynomial size. Suppose a node k of a tableau T is the origin of a closed subtableau. it is easy to see that: PROPOSITION 20. There exists a closed tableau for a closed L-tableau for . and is the set of the formulae occurring in the path that leads to A. In the second case. Again. Hence.2 Tableaux and Lemmas Another way of solving the anomalies of Smullyan’s tableaux consists in using lemmas in construction of a tableau. the tableau will anyway remain open and the addition of the ‘lemmas’ in the other branches will not change this situation. This is sufﬁcient to establish the following fact: COROLLARY 19. So. or every sub-tableau below k must be open. The standard tableau method cannot p-simulate the tableau method with merging.

belong to the same family of proof systems as Smullyan’s Tableaux. 1994]. A ` . This analytic cut rule has the following forms depending on whether we deal with signed or unsigned formulae: where A is a subformula of some formula occurring above in the branch to which this rule is applied.92 MARCELLO D’AGOSTINO 4. D’Agostino and Mondadori. 5 ALTERNATIVES TO SMULLYAN’S TABLEAUX In this section we shall discuss two tableau systems which are not classiﬁed as extensions of Smullyan’s Tableaux (in the sense of the previous section). within the category of expansion systems and. . Neither. therefore. in Gentzen’s approach. the others being replaced by suitable axioms. however. because their rules are different from Smullyan’s rules and no rule is redundant. It then follows from either Corollary 19 or Corollary 21 that: COROLLARY 22. and . They still fall. TA FA A :A . i. however. 1967] noticed the importance of this rule. it is sufﬁcient to observe that tableaux with the addition of the analytic cut rule (TAC for short) can linearly simulate both TM and TLM. Richard Jeffrey [Jeffrey. and stressed that such a system preserves the subformula property (which. provided the main motivation for the cut-free sequent calculus). Smullyan [Smullyan. Then it is easy to see that the above branching rule allows us to construct a closed tableau for ` f:B j B 2 g. there is a closed tableau for f:Ag f:B j B 2 g. i.3 below). To show this. D’Agostino. noticed that the use of analytic cut can considerably shorten proofs. Smullyan’s tableaux cannot p-simulate TAC. The relation between this rule and the cut rule of the classical sequent calculus (with the cut formulae restricted to subformulae) should be clear from our discussion in Section 3. More recently.3 Tableaux with Analytic Cut Since the computational anomaly of the tableau rules is related to their failure to simulate ‘analytic cut’ inferences. but as alternative systems. that he called ‘punt’. has analysed this system from the complexity viewpoint. 1968a] once presented a sequent system with an analytic cut rule as the only proof rule. to appear] has presented a tableau-like version of Smullyan’s analytic cut system and. there is a closed tableau for fAg f:B j B 2 g. 1990. building on results by the present author and Mondadori ( [D’Agostino. 1992. so showing that ` . see also Section 5.8: Suppose ` A. the most direct way of solving it seems to consist in adding an analytic cut rule to Smullyan’s rules.e. Cellucci [Cellucci.e. in combination with the other rules of the tableau method.

This pre-processing stage is not strictly necessary but can be useful to simplify the input. The ﬁrst is a ‘pre-processing’ stage whose purpose is to arrange the input clauses and eliminate obvious redundancies. so that Robinson’s resolution [Robinson. i. etc. It consists in: 1. Then any application of the unit-resolution rule with an empty C . 31 See [Davis.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 93 5. Let us now turn to describe the essential steps of the procedure. The steps of the procedure are meant to give us instructions about how 30 The version given in [Davis and Putnam. but the order in which we list them is immaterial. the procedure is still considered among the most efﬁcient. removing any clause containing a ‘pure’ literal. that is with l and l0 as premisses. deleting any clause that contains both a literal and its complement. but it was soon recognized that it combined an efﬁcient test for truth-functional validity with a wasteful search through the Herbrand universe.1 The Davis–Putnam Procedure The Davis-Putnam procedure was introduced in 1960 [Davis and Putnam. l is a literal and l0 denotes the complement of l. It was meant as an efﬁcient theorem proving method30 for (prenex normal form) ﬁrst-order logic. 1960] and later reﬁned in [Davis et al. It is obvious that if S is a set of clauses and S 0 is the set that results from it after performing the three steps we have just described. at the propositional level. We shall denote the empty clause by . 3. 1960] was not in fact a completely deterministic procedure: it involved the choice of which literal to eliminate at each step. Step 2.. Clearly the splitting rule is nothing but a cut rule restricted to literals. 1965] can be viewed as a (non-deterministic) combination of the Davis-Putnam propositional module and uniﬁcation. removing any repetitions from the input clauses. Such choices may crucially affect the complexity of the resulting refutation.e. 1992]. 1983]. will yield as conclusion. We call the ﬁrst rule splitting rule and the second rule unit resolution rule. a literal which is not complemented in any other clause. The proof-system underlying the DPP consists of the following two expansion rules: l l0 where A is a (possibly empty) clause.31 This situation was later remedied by the emergence of uniﬁcation. The DPP is carried out in two stages. 2.. and is clearly connected with the resolution method. We shall refer to these steps as Step 1. S is satisﬁable if and only if S 0 is satisﬁable. Al l0 A . However. in a single inference rule.

T is closed. if an unfulﬁlled literal l belongs to . Then apply the splitting rule to l. Step 3. Let be a branch such that some unfulﬁlled clauses in contain the literal L and some other unfulﬁlled clauses in contain the complementary literal l0 . is not strictly necessary since it is subsumed by Step 3. Then mark C2 as fulﬁlled in . Notice that part a of Step 1. mark as fulﬁlled in all the clauses in of the form Cl0 and apply the unit-resolution rule to each of them with l0 as auxiliary premiss. Clauses fulﬁlled in cannot be used any more in an application of the unit-resolution rule in the same branch (but can be used in other branches). where S is a set of clauses. This allows us to reduce as much as possible the set of unfulﬁlled clauses in the given branch with no extra cost in terms of efﬁciency. that is append to both l and l0 as immediate successors. a. mark as fulﬁlled in b. Consider the tree T generated by the preceding step. or a tree which results from a given DPP-tree by performing one of the following steps: Step 1. it is convenient to execute it in the context of Step 1. 2. Let be a branch such that some unfulﬁlled clauses in contain the literal l. but no clause in contains the complementary literal l0. that is every literal in C1 is contained also in C2 . INPUT: A set literals occurring in S . The actual mechanism of marking clauses as fulﬁlled does not concern us here.94 MARCELLO D’AGOSTINO the two expansion rules given above are to be applied. is either a one-branch tree whose nodes are the clauses in S . Start with the one-branch tree consisting of all the clauses in S (taken in any order). if we except the marking of the literal l. Let then be a branch of the given tree. Clauses which are not so marked we shall call unfulﬁlled. the only essential point is that it keeps track of the branch in which a given clause is marked as fulﬁlled. then . We call l the cut literal of this application of the splitting rule. S of clauses and a linear ordering R of the 1. However. Then mark as fulﬁlled in all the clauses in containing l. if stop: S is unsatisﬁable. A DPP-tree for S . Step 4. since it involves the same kind of patternmatching which is required anyway to carry out part b. all the clauses in of the form Cl (including l itself). The DPP can be described as a procedure which generates a DPP-tree as follows: PROCEDURE 23. Some of these steps will involve marking some clauses as fulﬁlled in a given branch . and C2 is unfulﬁlled. Step 2. Let be a branch containing two clauses C1 and C2 such that C1 subsumes C2 .

and return to 2 above. 2. i. though being ‘close’ to the tableau method. We conclude by remarking that the DPP is still regarded as one of the most efﬁcient decision procedures for classical propositional logic. is not affected by the anomalies of cut-free systems? Observe that the non-redundancy condition (5) on p. if Step i (with i = return to 2 above. 3) is applicable to i to and 5. corresponding to the principle of bivalence: PB TA A A FA A version for unsigned formulae can be obtained in the obvious way. that we call PB. Moreover.8 leaves us with the following problem: PROBLEM 24. simply ‘throw in’ this rule. the ordering which determines which literals should be used as cut literals when applying the splitting rule is crucial for the performance of the DPP. (5.e. then apply Step 1. contain inconsistent sets of formulae.2) else stop: S is satisﬁable. by using the above rule in conjunction with the usual tableau rules. choosing as cut literal (among those satisfying the condition for applying Step 4) the one which comes ﬁrst in the ordering R. 1996]. 81 is obviously fulﬁlled by any tree-method satisfying the stronger condition that distinct branches deﬁne mutually exclusive situations. it is not difﬁcult.2 The KE System The discussion in Section 3. to construct short refutations of the ‘hard examples’ . Indeed. of course.1) if Step 4 is applicable to . 4. if none of the Steps 1–3 is applicable to . The simplest rule of the branching type which generates mutually inconsistent branches is a 0-premise rule.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 95 3. Is there a refutation system which. then apply Step 4 to . Of course deciding which order is ‘right’ or optimal is a non-trivial combinatorial problem which may turn out to be intractable. The rule PB is nothing but a semantic reading of the cut rule as a principle of bivalence. of the DPP-tree generated by the preced. A ‘wrong’ choice of this order may lead to combinatorial explosion even when a short proof is available and the procedure can ﬁnd it given the ‘right’ order of literals. The soundness and completeness of this procedure is discussed in detail in [Fitting. as a 0premise branching rule with A and :A as alternative conclusions. then (5. We could. else pick up the leftmost branch ing step. 5. leaving the tableau rules unchanged.

Can we further restrict the set of potential PB-formulae so as to allow for simple systematic refutation procedures. which we identiﬁed as a desideratum for a well-designed refutation system. then A is false. If A ^ B is true then both A and B are true. Thus we have to address also the following: PROBLEM 27. like the standard procedure for the tableau method? To solve Problem 25 we need only to notice that the following eleven facts hold true under any boolean valuation: 1. Section 6). If A _ B is true and B is false. Thus all the anomalies of Smullyan’s tableaux would be solved simply by (re)-introducing cut as a primitive rule. such a ‘solution’ is not satisfactory. a good solution to Problem 24 may consist in overturning the cut-free tradition: instead of eliminating cuts from proofs we assign the cut rule a central role and reformulate the elimination rules accordingly. we shall be anyway left with a large choice of formulae as potential conclusions of an application of PB (let us call them PB-formulae). 5. since a 0-premise rule like PB can introduce arbitrary formulae. The ‘mechanics’ of the tableau method does not seem to accommodate the cut rule in any natural way. If A ^ B is false and A is true. In the ﬁrst place. . If A _ B is true and A is false. Given (a) and (b) above. The above considerations suggest that in a well-designed tableau method: (a) the cut rule (PB) should not be redundant and (b) it should be the only branching rule. The tableau method is complete without the cut rule and it is not clear when such a rule should be used in a systematic refutation procedure. any proof system including a cut rule can polynomially simulate the truth-tables (see below. if Problem 26 has a positive solution. applications which do not violate the subformula property. Are there simple elimination rules of linear type which combined with PB yield a refutation system for classical logic? However.e. 3. Can we restrict ourselves to analytic applications of PB. then B is false. Secondly. then B is true. 4. i. However. Indeed. we need also to solve: PROBLEM 26.96 MARCELLO D’AGOSTINO described in the previous section. the standard branching rules still do not satisfy our non-redundancy condition (5). If A ^ B is false and B is true. This may be a problem for the development of systematic refutation procedures. 2. Thus. 6. without affecting completeness? Furthermore. then A is true. Problem 24 reduces to the following: PROBLEM 25. it is clearly ad hoc. If A _ B is false then both A and B are false.

Cellucci [Cellucci. 1988. See [Blanch´ . then B is true. however. does not apply to PB. The rules involving the logical operators will be called elimination rules or E-rules. . 1988a]) and are shown in Table 3. completeness is achieved. We call an application of PB a PB-inference and the formulae which are the conclusions of the PB-inference PB-formulae. ] They envisage many indemonstrables but especially ﬁve. 11. If :A is false. 1961]. Finally. DEFINITION 29. Chrysippus also maintained that his ‘anapodeiktoi’ formed a complete set of inference rules (‘the indemonstrables are those of which the Stoics say that they need no proof to be maintained. one for each signed formula. In fact. then A is true. Notice that those with two signed formulae below the line represent a pair of expansion rules of the linear type.32 In contrast with the tableau rules for the same logical operators. if TA and FA are the conclusions of a given PB-inference.115–119 and [Bochensky. If A ! B is false. . the E-rules are all of the linear type and are not a complete set of rules for classical propositional logic. : : : . 32 Quite independently. 1994] and Chapter 7 of this Handbook. [. . This. For substructural logics a see [D’Agostino and Gabbay. pp. intended as ‘operational rules’ which govern our use of the logical operators do not say anything about the bivalent structure of the intended models. These facts can immediately be used to provide a set of expansion rules of the linear type which. 1987] formulates the same set of rules (although he does not use signed formulae). For many-valued logics see [H¨ hnle. Surprisingly. Notice that all the linear rules can be easily simulated by the tableau rules. constitute a complete set of rules for classical propositional logic. 8. with the addition of PB.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 97 7. we shall say that PB has been applied to the formula A. the two-premise rules in the above list were already discovered by Chrysippus who claimed them to be the fundamental rules of reasoning (‘anapodeiktoi’). If :A is true. p. 1970]. The reason is easy to see. If A ! B is true and A is true. there is a close correspondence between the semantic rule PB and the cut rule of the sequent calculus. and with a different motivation. then A is false. T2 . Tn ) such that (i) T1 REMARK 28. : : : . Then T is a KE-tree for S if there exists a ﬁnite sequence (T1 . the classical signs can be used in a non-standard interpretation in order to yield appropriate rules for a variety of non-classical logics. of course. then A is false. So PB is not eliminable in the system KE. If we add the rule PB as the only rule of the branching type. These rules characterize the propositional fragment of the system KE (ﬁrst proposed in [Mondadori.33 As pointed out above (p. that the KE-rules are unsuitable for non-classical logics. 10. Let S = fX1 . from which it seems all others can be deduced’. e 33 This does not mean. 89).126). then A is true and B is false. If A ! B is true and B is false. 9. The E-rules. Mondadori. 1992]. except that disjunction was interpreted by him in an exclusive sense. Xm g be a set of signed formulae.

98 MARCELLO D’AGOSTINO Disjunction Rules TA _ B FA ET _1 TB Conjunction Rules TA _ B FB TA FA ^ B TB FA TA ! B FB FA F :A TA ET _2 FA _ B FA FB TA ^ B TA TB FA ! B TA FB EF _ FA ^ B TA FB TA ! B TA TB EF ^1 EF ^2 ET ^ Implication Rules EF ET !1 ET !2 ! Negation Rules T :A ET : FA EF : Principle of Bivalence TA FA PB Table 3. The KE-rules for signed formulae .

2 denotes the conjugate of i ): Rule A 1 2 Rule B1 1 2 c Rule B2 2 1 c . 3. Notice that the thicker subtree in the tableau refutation is clearly redundant. So the E-rules c of KE can be ‘packed’ into the following three rules (where i . both TP and FP are in . It is easy to prove that if a branch of T contains both TA and FA for some non-atomic formula A. Otherwise it is open. In Figure 12 we give a KE-refutation (using unsigned formulae) and compare it with a minimal tableau for the same set of formulae. Given a KE-tree T of signed formulae. : : : . disjunctive syllogism and the dual of disjunctive syllogism. (ii) Tn = T . Thus KE can be seen as a system of classical natural deduction using elimination rules only. Xm . Hence. It is intended that all deﬁnitions be modiﬁed in the obvious way. the classical operators are analysed as such and not as ‘stretched’ versions of the constructive ones (like in [Gentzen. the reader can compare the different structure of the two refutations and the crucial use of (the unsigned version of) PB to eliminate the redundancy exhibited by the tableau refutation. in what follows we shall consider a branch closed as soon as both TA and FA appear in it. A tree T is a KE-proof of A from a set of fTB jB 2 g fFAg. 1. of course. can be extended by means of the E-rules only to a branch 0 which is atomically closed in the sense of the previous deﬁnition. The rules are shown in Table 4. A tree T is a KE-refutation of S if T is a closed KE-tree for S . 1935] and [Prawitz. 1965]). Ti+1 results from Ti by an application of a rule of KE. T is closed. a branch of T is closed if for some atomic formula P . 4. However. for an arbitrary formula A. give a version of KE which works with unsigned formulae. We can see from the unsigned version that the two-premise rules correspond to familiar principles of inference: modus ponens. modus tollens. 2. We can. A KE-tree T of signed formulae is closed if each branch of Otherwise it is open.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 99 is a one-branch tree consisting of the sequence of X1 . i = 1. of formulae if T is a KE-refutation REMARK 31. and (iii) for each i < n. DEFINITION 30. It is convenient to use Smullyan’s unifying notation in order to reduce the number of cases to be considered (for which see Fitting’s Introduction).

KE rules for unsigned formulae .100 MARCELLO D’AGOSTINO Disjunction Rules A_B :A E_1 B Conjunction Rules A_B :B E _2 A :(A _ B ) E:_ :A :B A^B A B :(A ^ B ) A E:^1 :B Implication Rules :(A ^ B ) B E:^2 :A A!B :B E!2 :A E ^ A!B A B E !1 :(A ! B ) E: ! A :B Negation Rule ::A E:: A Principle of Bivalence A j :A PB Table 4.

In this version the rules E_1. E_2 and E!2 become: A_B Ac B A_B Bc A A!B Bc Ac This version is to be preferred for practical applications.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 101 A_B A _ :B :A _ C :A _ :C A_B A _ :B :A _ C :A _ :C b A :A :A A " " b B A A A :A :B T T ::A C T T A :C :A :A B :B C :C C T T :C Figure 12. is equal to :B if A = B and to B if A = :B . one with conclusion 1 and the other with conclusion 2 . are called minor premisses (rule A has no minor premiss). First we deﬁne some related notions. We now outline a simple refutation procedure for KE that we call the canonical procedure. In each application of rules B1 and c B2 the signed formulae i . :A _ C. The thick subtree in the tableau refutation is redundant. REMARK 32. :A _ :C g . . The ‘packed’ version of the rules then suggests a more economical version of KE for unsigned c formulae when i is taken to denote the complement of i deﬁned as follows: the complement of an unsigned formula A. The unifying notation can be easily adapted to unsigned formulae: simply delete all the signs ‘T ’ and replace all the signs ‘F ’ by ‘:’. The Rule A can be seen as a pair of branch-expansion rules. 2. A _ :B. A minimal tableau (on the left) and a KE-refutation (on the right) of fA _ B. the signed formulae and are called major premisses. In each application of the rules. i = 1.

every formula of type occurring in is fulﬁlled. We say that a KE-tree is completed if all its branches are completed.1) select a formula of type which is not yet fulﬁlled (in the sense of Deﬁnition 34) in the branch. We say that a formula is E-analysed in a branch if either (i) it is of type and both 1 and 2 occur in . 2.2) apply PB with 1 and 1 (or. PROCEDURE 35. if is not E-completed. or (ii) it is of type and the following are c c satisﬁed: (iia) if 1 occurs in . 1. is fulﬁlled in a branch if either 1 or 2 2.102 MARCELLO D’AGOSTINO DEFINITION 33. equivalently. then 2 occurs in . 2 and 2 ) as PB-formulae and go to step 1. expand E-completed. which is not yet completed (in the sense of Deﬁniby means of the E-rules until it becomes 2. DEFINITION 34. moreover. The canonical procedure for KE starts from the one-branch tree consisting of the initial formulae and applies the KE-rules until the resulting tree is either closed or completed. (iib) if 2 occurs in . We say that a formula of type occurs in . PROPOSITION 36. At each stage of the construction the following steps are performed: 1. We say that a branch is E-completed if all the formulae occurring in it are E-analysed. A branch which is E-completed is a branch in which the linear elimination rules of KE have been applied in all possible ways. We say that a branch is completed if it is E-completed and. 3. if the resulting branch 0 is neither closed nor completed then c c (3. (3. It may not be completed in the stronger sense of the following deﬁnition. . 3. 1. The canonical procedure is complete. go to step 1. then 1 occurs in . select an open branch tion 34). otherwise.

2 and some non-fulﬁlled formula of type occurring in . COROLLARY 37 (Analytic cut property). An application of PB in a branch of a KE-tree is strongly c analytic if the PB-formulae of this application are i and i for some i = 1.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 103 Proof. each of them will contain either 1 or 2 . the completeness of KE follows immediately via Hintikka’s lemma. and analytic restriction of KE the system obtained by restricting PB to analytic applications. . where the power of the cut rule is severely limited to allow for easy proofsearch. If S is unsatisﬁable. In fact the use of PB in the canonical procedure is even more restricted than it appears from the above corollary. is given in [Mondadori. Of course. Consider the following deﬁnition of strongly analytic application of PB. However it describes a ‘mechanical version’ of KE which is sufﬁcient for our purpose of comparing it with the tableau method. Let us call analytic the applications of PB which preserve the subformula property. Therefore. what we have called ‘the canonical procedure’ is not. the subformula principle follows immediately. It is easy to see that the canonical procedure eventually yields a KE-tree which is either closed or completed. Since the formulae in a completed branch form a Hintikka set. We can look at it as to a restricted proof system. A KE-tree is strongly analytic if it contains only strongly analytic applications of PB. Thus.34 The next three corollaries unfold the content of Proposition 36. 1988a]. eventually. DEFINITION 38. Proof. with i and i as PB-formulae (with i equals 1 or 2 and a non-fulﬁlled formula occurring in the branch). The above corollary says that the analytic restriction of KE is complete. then there is a closed KE-tree T 0 for S such that all the applications of PB preserve the subformula property. each branch will be either closed or completed. strictly speaking. Some steps involve a choice and different strategies for making these choices will lead to different algorithms. The only crucial observation is that when one c applies the rule PB as prescribed. All the applications of PB in the canonical procedure are strongly analytic. A constructive proof of the subformula principle. which yields a procedure for transforming any KE-proof into an equivalent KE-proof which enjoys the subformula property. a completely deterministic algorithm. it follows from the completeness of the canonical procedure that: 34 The reader should be aware that this is not the only mechanical procedure and not necessarily the best. All the PB-formulae involved in the canonical procedure are subformulae of formulae previously occurring in the branch. Since the elimination rules preserve the subformula property. then once the two resulting branches are E-completed as a result of performing step 2.

the canonical procedure for KE provides a generalization of the Davis–Putnam procedure which does not require reduction in clausal form. can be represented as a special case of the canonical procedure for KE. We say that an application of PB in a branch is canonical if (i) it is strongly analytic. In fact. To see that the DPP is a special case of the canonical procedure for KE observe that. We also say that a KE-tree is canonical if all the applications of PB in it are canonical. by giving priority to -expansions or -expansions applied c c to formulae such that either 1 or 2 occurs above in the branch. Section 4. Of course. Hence: COROLLARY 41. 1973. allows for slimmer tableaux. as the analytic restriction. .6] and in Fitting’s textbook [Fitting. the Davis–Putnam procedure (in the version of [Davis et al. i. analytic applications of PB do not need to be strongly analytic. S is unsatisﬁable.. if we restrict ourselves to formulae in clausal form. In general.e. This strategy avoids unnecessary branchings which may increase the size of proofs. the basic strategy consisting in applying the -elimination rule before the -elimination rule. The PB-formulae may well be subformulae of some formula occurring above in the branch. It is not difﬁcult to see that. the canonical procedure imposes even more control on the applications of the cut rule PB by requiring that it is applied on a branch only when the linear elimination rules are no further applicable.4]). Therefore. So. from the complexity viewpoint.104 MARCELLO D’AGOSTINO COROLLARY 39. If S is unsatisﬁable. In other words. every branch in a canonical KE-tree performs what essentially is a unit-resolution refutation [Chang. in applying them. and yet not satisfy the strongly analytic restriction. when the branch is Ecompleted. This problem is still open. One can ask whether the strongly analytic restriction is as powerful. The canonical procedure for KE is closely related to the Davis–Putnam procedure. then there is a closed canonical KE-tree for S . from this point of view. 1970]. in the standard tableau method. If KE-tree for S . one may describe a similar strategy for the standard tableau method. 1996. if we extend our language to deal with ‘generalized’ (n-ary) disjunctions and conjunctions. Section 4. Corollary 39 is stronger than Corollary 37. our argument establishes the completeness of the restricted system obtained by replacing the ‘liberal’ version of PB with one which allows only strongly analytic applications. 1992] which is also the one exposed in [Chang and Lee. we give priority to formulae of type or .35 Such a stricter notion of an analytic KE-tree is captured by the following deﬁnition: Canonical KE-trees are exactly those which are generated by our canonical procedure described above. it does not make any difference whether. much as. and (ii) is E-completed. On the 35 Since in our approach all the elimination rules are linear. then there is a closed strongly analytic DEFINITION 40. In this way one of the branches of the -expansion closes immediately.

is the number of lines in the proof (each ‘line’ being a sequent. in this special case. although in all these cases the systems obtained by restricting the potentially non-analytic rules to analytic applications are still complete. with arbitrary n. Others—such as Natural Deduction. Then we compare the analytic. but is not sufﬁcient in general for positive results. This restricted version of KE can then be seen as an extension of unit resolution (it is therefore a complete system for Horn clauses. Notice that the system resulting from this generalized version of KE by disallowing the branching rule PB (so that all the rules are linear) includes unit resolution as a special case. DEFINITION 42. Gentzen’s sequent calculus with cut and KE— allow for a more general notion of proof which includes non-analytic proofs. Our complexity measures are obviously connected by the relation jj ( ) ( ): Now. we shall pay special attention to simulation procedures which preserve the subformula property. the procedure is still feasible as shown by Proposition 45 below. Next we brieﬂy discuss the complexity of proof-search in a hierarchy of subsystems arising by allowing only a ﬁxed number of applications of the cut-rule (PB).6] and in [Fitting. the analytic KE indexanalytic restriction of KE system can p-simulate the truth-tables . systems obeying the subformula principle).TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 105 other hand. of . denoted by ( ). PB corresponds to the splitting rule of the Davis– Putnam procedure (when represented in tree form. Finally the complexity of . a formula. The -complexity. and modify the rule for _-elimination in the obvious way. 1973. depending on the system under consideration). Section 4. in analytic proofs. denoted by j j is the total number of symbols occurring in (intended as a string). All we need is to generalize our language so as to include n-ary disjunctions. denoted by ( ) is the length (total number of symbols) of a line of maximal length occurring in . Some systems of deduction—such as tableau method and Gentzen’s sequent calculus without cut—yield only analytic proofs. unlike the tableau method. strongly analytic and canonical restrictions of KE with other analytic proof systems (i. We ﬁrst show that.e. The length of a proof . Since we are interested. 1996. as in [Chang and Lee. for theoretical and practical reasons. or any other expression associated with an inference step. although it is not conﬁned to formulae in clausal form). Section 4.4]). It . observe that the -measure is sufﬁcient to establish negative results about the p-simulation relation. Although its scope largely exceeds that of unit resolution. 5.3 The Relative Complexity of KE In this section we discuss the complexity of analytic KE-refutations.

Let us say that a proof system is standard if its complexity (i. where k is the number of distinct atomic formulae in A. i. First apply PB to all atomic letters on each branch.106 MARCELLO D’AGOSTINO may. at least. We shall then speak of the analytic restriction of a system. the complexity of tableau proofs depends more crucially on the length of the formula. This generates a tree with . to p-simulate the truth-tables. DEFINITION 43. be adequate also for positive results whenever one can show that the -measure (the length of lines) is not signiﬁcantly increased by the simulation procedure under consideration. In any case. As said before.e. So we shall forget about the -measure and identify the complexity of a proof system with the -measure (this property is called ‘polynomial transparency’ in the general framework developed in [Letz. minimal proof-length) is O(nc 2k ). [Sketch] There is an easy KE-simulation of the truth-table procedure. We can turn these considerations into a positive criterion and require that a well-designed proof system should be able. In fact. the most basic semantical and computational characterization of classical propositional logic. for every tautology A of length n and containing k distinct variables. In what follows we shall consider the version of KE which uses unsigned formulae. All the procedures that we shall consider in the sequel will be of this kind. Therefore. Notice that the analytic restrictions of Gentzen’s sequent calculus and natural deduction are strictly more powerful than the cut-free sequent calculus and normal natural deduction respectively.e. a better way of measuring the complexity of the truth-tables takes into account also the length of the formula to be tested. the rules are restricted to applications which preserve the subformula property. we are interested in the complexity not of proofs in general but of analytic proofs. The above deﬁnition requires that the complexity of the truth-tables be an upper bound on the complexity of an acceptable proof system. The analytic restriction of KE is a standard proof system. it is important to notice that the complexity of the truth-table procedure is not always exponential in the length of the formula.e. i. there is a KE-refutation T of :A with (T ) = O( (T )) = O(n 2k ) Proof. On the contrary. It is so only when the number of distinct atoms approaches the length of the formula. the analytic restriction of the sequent calculus allows cuts provided they are restricted to subformulae. We described this situation as unnatural. where n is the length of the input formula. 1993]. PROPOSITION 44. For instance.e.8 above) examples which are ‘easy’ for the truth-tables and ‘hard’ for the tableau method. KE and the Truth-tables The complexity of the truth-table procedure for a given formula A is sometimes measured by the number of rows in the complete truth-table for that formula. 2k . i. In fact. there might be (and in fact there are. c is a ﬁxed constant and k the number of distinct variables occurring in it. however. as pointed out in Section 3.

KE . Proof. We have just shown that KE(0) has a decision procedure which runs in time O(n2 ). It is easy to show that the task of saturating a branch under the E-rules is computationally easy: PROPOSITION 45. Moreover. Then each branch can be closed by means of a KE-tree of linear size. are not strongly analytic. the maximum number of cut-formulae on each branch is k ). Let be a branch containing m nodes.e. (Hint: each truth-table rule can be simulated in a ﬁxed number of steps. the source of the complexity of proving a tautology in the system is clearly identiﬁed.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 107 2k branches. the complexity of a tautology depends entirely on the number of PBbranchings which are required in order to complete the tree. Therefore. though analytic. given a tableau refutation T of we can effectively construct a strongly analytic KE-refutation T 0 of which is not essentially longer.) Notice that the applications of PB required for the proof. most of the ‘textbook examples’ can be proved). then there is a strongly analytic KE-proof T 0 of A from such that (T 0 ) 2 (T ). It is obvious that the set of tautologies for which (k) is complete tends to TAUT. It is not difﬁcult to see that at most O(n2 ) pattern matchings need to be performed. For every ﬁxed k . If there is a tableau proof T of A from . KE(k ) has a polynomial time decision procedure. Notice that in this approach. KE Versus the Tableau Method First we notice that. PROPOSITION 47. each of which is an occurence of a formula of degree dm . saturating it under the KE elimination rules) can be performed in polynomial time. as k tends to inﬁnity. The set for which KE(0) is complete includes the horn-clause fragment of propositional logic (however KE(0) is not restricted to clausal form logic). Let us call KE(k ) the system obtained from KE by allowing at most k nested analytic applications of the cut-rule (i. The crucial point is that low-degree cut-bounded systems are powerful enough for a wide range of applications. P more precisely in time O(n2 ) where n = m2 dm . The proposition trivially follows from the fact that the E-rules have the subformula property and there are no more that n distinct subformulae of the formulae in . The task of E-completing a branch (i. we can show that: PROPOSITION 46. the set of all the tautologies.e. and quite large fragments of classical logic can be covered with a very limited number of applications of the branching rule PB (even with no applications of PB.

where k is the number of applications of branching rules in T . it follows that there is a KE-refutation T 0 of such that (T 0 ) (T ) + k. remain open and are closed only after a redundant computational process. then (T 0 ) 2 (T ). in the simulated tableau.8 we have already identiﬁed the source of this combinatorial explosion in the fact that the tableau rules fail to simulate even analytic cut inferences. its absence. Such a simulation lengthens the original tableau by one node for each application of a branching rule. Although it is well-known that the addition of this rule to the tableau rules does not increase the stock of inferences that can be shown valid (since PB is classically valid and the tableau method is classically complete). When a rule like PB is available. namely PB. So. one of the branches contains a formula which does not occur in the corresponding branch of the tableau. Observe that the elimination rules of KE. while all the tableau rules can be easily simulated by means of KE-rules. simulating any ‘cut’ inference is relatively inexpensive in terms of proof size as is shown by the diagram below: :B A T2 T T :A T1 . In the KE-simulation of the branching rules. in some cases. Since the linear rules of the tableau method are also rules of KE. which cannot be easily simulated by means of the tableau rules. These additional formulae may allow for the closure of branches that. It also follows from Proposition 47 and Proposition 45 that: PROPOSITION 48. In Section 3. The canonical restriction of KE can p-simulate the tableau method.108 MARCELLO D’AGOSTINO Proof. For instance in the case of the branching rule for eliminating disjunctions either of the following two simulations can be used (all the other cases are similar): A_B A T T or A_B B T :A :B B A Notice that the applications of PB are strongly analytic. is responsible for an explosive growth in the size of tableau proofs. Since k is obviously (T ). can easily simulate the branching rules of the tableau method. combined with PB. KE includes a rule. Notice that the KE-simulation contains more information than the simulated tableau.

constructed according to the same pattern. Therefore. By Proposition 16 above.P2 .P3 This is sufﬁcient to establish: . as we have shown in Section 3. H P1 P2 _ P3 P2 _ :P3 :P2 _ P3 :P2 _ :P3 J J P1 .8. the number of branches in the KE-tree for HP1 .:::. in spite of their similarity. in general. and require a great deal of duplication in the construction of a closed tableau.8 which are easy not only for (the canonical restriction of) KE but also for the truth-table method. reproducing a cut inference (even an analytic one) may be much harder. This fact already follows from Proposition 16.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 109 On the other hand if PB is not in the stock of rules. it is not difﬁcult to see that the class of hard examples for the tableau method used in the proof of Proposition 16 is ‘easy’ also for the canonical restriction of KE. It is apparent that.P3 Z Z :P1 P2 _ P3 P2 _ :P3 :P2 _ P3 :P2 _ :P3 J P2 P3 :P3 :P2 P2 P3 :P3 :P2 P3 :P3 P3 :P3 Figure 13.P2 . Moreover.P2 . Figure 13 shows a canonical KE-refutation of the set of clauses HP1 .Pk .P3 . A canonical KE-refutation of HP1 . We have already discussed a class of hard examples in Section 3. Propositions 44 and 47. the tableau method cannot p-simulate the truth-tables. is exactly 2k 1 (which is the number of clauses in the expression divided by 2) and that the refutation trees have size O(k 2k ). the tableau method cannot polinomially simultate KE.

at least for the case in which the input formulae are in clausal form.36 Figure 14 shows the KE-refutation of 3 with P1 . namely 2n ): (T ) = m + log m 1 X i=1 log m 2i + m = m + 2 1 12 2 = m + m log m 2: 1 + m (log m 1) This result also shows that the truth-tables cannot p-simulate KE in non-trivial cases. _: . P 1 and the remaining m=2 with its negation. A simple analysis shows that also the hard examples for Smullyan’s tableaux used in the Section 3. it is not difﬁcult to see that the size of the tree becomes exponential. The tableau method cannot p-simulate the canonical restriction of KE. it may be highly sensitive to the choice of the PB formulae. Apply PB to :P 1 . This creates a branching with :P 1 in one branch and ::P 1 in the other. there are short canonical KE-refutations of n which contain 2n + 2n n 2 nodes. Similarly on the second branch we obtain another set of the same form as n 1 . By reiterating the same procedure we eventually produce a closed tree for the original set n . Indeed. It is easy to see that the number of nodes generated by the refutation can be calculated as follows (where m is the number of formulae in n .110 MARCELLO D’AGOSTINO PROPOSITION 49. the rule PB is applied always to the ‘wrong’ atomic variable. : : : . This will be a set containing m(= 2n ) clauses of which m=2 start with. Such refutations have the following form: start with n . We express it in the form of a heuristic principle: HP Let be a branch to which none of the linear KE-rules is applicable. REMARK 50. by means of m=2 applications of the rule E_1 we obtain a set of formulae which is of the same form as n 1 . say. So these examples are essentially different from the examples which are usually employed in textbooks to show that the truth-tables are intractable (a favourite one is the sequence of expressions A A where A contains an increasing number of variables).8 to prove Theorem 17 are easy for the canonical restriction of KE. on the ﬁrst branch. namely to the last one in each clause. and let P1 . Now. Let S be the set of clauses occurring in the branch . : : : . a combinatorial explosion may result when ‘short’ refutations are possible by making different choices. If we make the ‘wrong’ choices. If. Pk be the list of all the atomic formulae occurring in S . This class of examples also illustrates an interesting phenomenon: while the complexity of KE-refutations is not sensitive to the order in which the elimination rules are applied. P7 as atomic variables. Let NPI be the number of 36 We mean that the exponential behaviour of the truth-tables in this case does not depend only on the large number of variables but also on the logical structure of the expressions. in Cook and Reckhow’s examples. To avoid this phenomenon an obvious criterion suggests itself from the study of this example.

On the other hand a good choice may sometimes be crucial for generating essentially shorter proofs than those generated by the tableau method (sometimes it does not matter at all: the examples of Proposition 16 which are ‘hard’ for the tableau method. In that paper he gives a natural example of a class of ﬁrst order inference schemata which are . A KE-refutation of 3 clauses C such that PI or :Pi occurs in C . Here we just stress that the simulation of the tableau rules by means of the KE-rules is independent of the choice of the PB-formulae. are ‘easy’ for the canonical restriction of KE no matter how the PB-formulae are chosen). our discussion shows that analytic cuts are often essential for the existence of short refutations with the subformula property. In any case. Then apply PB to an atom Pi such that NPi is maximal.37 37 This can be taken as further evidence in support of Boolos’ plea for not eliminating cut [Boolos.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 111 3 P1 P3 _ P6 P3 _ :P6 Z Z :P1 P2 _ P4 P2 _ :P4 :P3 _ P7 :P3 _ :P7 P3 P7 :P2 _ P5 :P2 _ :P5 P2 P5 J J :P3 P6 J :P2 P4 :P7 :P6 :P5 :P4 Figure 14. A detailed study of proof-search in the KE-system will have to involve more sophisticated criteria for the choice of the PB-formulae. 1984].

with k > 1. . If there is an ND-proof T of A from . then there is a KEproof T 0 of A from such that (T 0 ) 3 (T ) and T 0 contains only formulae A such that A occurs in T . (For a related technical result see [Statman. If (T ) = k . say C . Then the following KE-tree: :A T = 0 A^B A @ @ :(A ^ B ) T1 0 ‘hard’ for the tableau method while admitting ‘easy’ (non-analytic) natural deduction proofs. We want to give an effective proof of the following Proposition (where ND stands for Natural Deduction): PROPOSITION 51. and leave the others to the reader. The corresponding KE-tree is the closed sequence C. By induction on (T ). :(A ^ B ) such that By inductive hypothesis there is a KE-refutation T10 of (T10 ) 3 (T1 ). :C . Proof. Our discussion also shows that eliminating analytic cuts can result in a combinatorial explosion. We shall sketch this procedure for the natural deduction system given in [Prawitz. the procedure being similar for other formulations. If (T ) = 1.) KE provides an elegant solution to Boolos’ problem by making cut non-eliminable while preserving the subformula property of proofs. 1978]. then there are several cases depending on which rule has been applied in the last inference of T . then the ND-tree consists of only one node which is an assumption. 1965]. Boolos’ examples are a particularly clear illustration of the well-known fact that the elimination of cuts from proofs in a system in which cuts are eliminable can greatly increase the complexity of proofs. If the last rule applied in T is E^. then T has the form: T = T1 A^B A . Moreover the simulation procedure preserves the subformula property.112 MARCELLO D’AGOSTINO KE Versus Natural Deduction It can also be shown that KE can linearly simulate natural deduction (in tree form). We shall consider only the cases in which the rule is elimination of conjunction (E^) and elimination of disjunction (E_).

The strongly analytic restriction of KE linearly simulates the tableau method with merging. i = 1. KE and Other Reﬁnements of Analytic Tableaux We have seen that the technique called ‘merging’ is an ad hoc method for solving some of the anomalies of Smullyan’s tableaux. such that (Ti0 ) 3 (Ti ). The example shows that the applications of PB required to simulate merging are strongly analytic. In KE.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 113 is the required KE-proof and it is easy to verify that (T 0 ) 3 (T ). instead of the standard branching rules of tableaux. the redundant branches which are stopped via merging are simply not generated in a KE-tree (see the example in Figure 15). :C . 3. :C . If the last rule applied in T is the rule of elimination of disjunction. then T has the form: T = T1 A_B 1 2. :(A _ B ). and T30 of 3 . A. T20 of 2 . These considerations establish the following fact: PROPOSITION 52. By inductive hypothesis there are KE-refutations T10 of 1 . As a result. T3 C B] :C T 0 = A T2 A_B @ @ T :(A _ B ) T1 0 :A 0 B T3 0 is the required proof and it is easy to verify that (T 0 ) 3 (T ). Then the following KE-tree: 1 2 3 C C T2 A] 3.8 above). removes this redundancy by making all the branches in the tree mutually inconsistent. in particular what we have identiﬁed as the ‘redundancy’ of Smullyan’s rules (see Section 3. B. the use of PB as the sole branching rule. 2. .

The strongly analytic restriction of KE linearly simulates the tableau method with lemma generation. Let us now turn our attention to the other enhancement of Smullyan’s tableaux. In the tableau in the left-hand side the branch 2 is not further expanded (it is ‘merged’ with branch 1 ). the rules for eliminating disjunction are replaced by the following: A_B A A A or A_B B A A B A :A :B It is obvious that such asymmetric rules are equivalent to a combination of strongly analytic applications of PB and of the KE-elimination rules. We remark that it appears misleading. In the corresponding KE-tree shown in the righthand side. In contrast. the redundant branch is not generated. as shown in the diagram used to show Proposition 47 above.114 MARCELLO D’AGOSTINO A_B A_C A 1 A_B A_C A A T T A A B C :A A 2 B C Figure 15. The fact that we can append it without loss of soundness. to refer to tableaux with the asymmetric rules as to ‘tableaux with lemma generation’. the appended formula provides additional information . namely the use of lemmas in a tableau refutation. In any case. tableau rules can be used also for enumerating all the models of a satisﬁable set of formulae.2. so that the appended formula is not a ‘lemma’. Hence: PROPOSITION 53. discussed in Section 4. The use of this terminology conveys the idea that the additional formula appendend to one side of the branching rules is a ‘lemma’. In the former case the sub-tableau in question may well be open. does not depend on its being a lemma. We have that this method is equivalent to replacing the standard tableau branching rules with corresponding asymmetric ones. namely that the sub-tableau below the other side is closed or may be closed. and not only for refuting unsatisﬁable sets. but merely on the principle of bivalence. For instance. however.

In other word we require that the transitivity property be a valid derived rule in a particularly strict sense. unlike the tableau method. structural procedure. the enumeration of models is non-redundant. There must be a uniform. since all the models resulting from the enumeration are mutually exclusive. let jT j denote the size of the proof T (ie the number of steps in it). therefore. leading to much unwanted duplication in the resulting proof-tree. 80 and p. is highly inefﬁcient. the speed-up of KE over the tableau method can be traced to the fact that KE. B and a proof T2 of B from 2 . yields a proof T3 of A from 1 . Thus the strongly analytic restriction of KE is sufﬁcient to simulate efﬁciently the best known enhancements of the tableau method. simply by making an appropriate use of the (analytic) cut rule. We are. the required procedure being the one described in the previous section. We stress once again that the KE-system cannot be identiﬁed with its strongly analytic restriction. Notice that the existence of a uniform procedure for grafting proofs of subsidiary conclusions. or lemmata. We also require the method to be also computationally feasible. Concatenation of proofs is feasible in the ordinary deductive practice and should be feasible in any realistic formal model of this practice. The cut rule expresses the transitivity property of deduction and it is natural to require that a ‘simple’ procedure for implementing this property be feasible. in the proof of a theorem is just one condition of the STP. More precisely. can easily simulate inference steps based on ‘cuts’. for some ﬁxed constant c depending on the system. Some formal systems (like the tableau method and the cut-free sequent calculus) do not satisfy the STP. 6 A MORE GENERAL VIEW As seen in the previous section. which. in the sense that it does not generate models which are subsumed one by the other. The other condition requires that such a procedure be computationally easy. the standard way of grafting proofs of . As a result. In fact. given a proof T1 of A from 1 . though very perspicuous. So. as shown on p. led to formulate the following condition which has to be satisﬁed by any acceptable formal model of the notion of a classical proof: Strong Transitivity Principle (STP): Proof-concatenation should be feasible and uniform. 109. some others satisfy it in a non-obvious way. Cleraly KE satisﬁes our strong transitivity principle. less restricted notions of proof may be more powerful from the complexity viewpoint and still obey the subformula principle. replacing every occurrence of an assumption A with its proof provides an obvious grafting method which. for instance. In Natural Deduction.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 115 which can be used below to close every branch containing its complement. 2 such that jT3 j = jT1 j + jT2 j + c.

the next condition requires that proof systems can efﬁciently simulate the ex falso inference scheme: . By ‘derived rule’ here we mean that every application of NCD can be eliminated in a ﬁxed number of steps (the expression ‘derived rule’ is often used in the literature in a much more liberal sense). A] B B A F B :A] Notice that the construction does not depend on the number of occurrences of the assumption A in the subproof of B from . such that ( 3 ) ( 1 ) + ( 2 ) + c for some constant c. section 4. though providing a uniform method. :A. Similarly. Then there is a uniform method for constructing from 1 and 2 a proof 3 of B from . The rules of natural deduction. 1978. In analogy with the STP we can formulate a condition requiring a proof system to simulate efﬁciently another form of cut which holds for classical systems and is closely related to the rule PB: (C) Let 1 be a proof of B from . does not satisfy the feasibility condition. A] B B .5]). however. A and 2 be a proof of B from . :A] B (Notice that A _ :A can always be proved in a ﬁxed number of steps. :A] B This is a derived rule in Prawitz’s style Natural Deduction which yields classical logic if added to the intuitionistically valid rules (see [Tennant. A.) NCD is a classical version of the cut rule. A] A _ :A B B . We can show Natural Deduction to satisfy the STP by means of the following construction: . as shown by the following construction: . permit us to bypass this difﬁculty and produce a method satisfying the whole of STP. Consider the rule of Non-Constructive Dilemma (NCD): .116 MARCELLO D’AGOSTINO subsidiary conclusions in natural deduction proofs.

PROPOSITION 54. if there is a KE-refutation then there is an S-proof 0 of F from with ( 0 ) c ( ). for any B . So. the -cost of simulating classical cut in S–associated with condition (C) above—and the -cost of simulating the ex falso inference scheme in S–associated with condition (XF) above. The proposition is an immediate consequence of the following lemma: LEMMA 55. We set c = b1 + b2 + b3 + 1. If S is complete. the complexity of a proof of A from A in S is equal to 1. classical natural deduction in tree form is a classical cut system. of . Notice that the deﬁnition of a classical cut system is very general and does not assume anything about the form of the inference rules. For every classical cut system S. is b2 + b3 + 1. representing the -cost of simulating ‘absolute’ cut in S.39 Let S be a classical cut system. then S can linearly simulate KE. Moreover we shall make the obvious assumption that. It is easy to show that every classical cut system satisﬁes also the STP and. 39 The reader should be aware that our -measure applies to KE-refutations and not to trees: the same tree can represent different refutations yielding different values of the -measure.e. If S is a classical cut system.38 For KE this involves only adding the obvious rule which allows us to append F to any branch containing both A and :A for some formula A. As mentioned before. . such that ( 3 ) ( 1 ) + ( 2 ) + c for some constant c. Then there is a uniform method for constructing from 1 and 2 a proof 3 of B from . The next Proposition shows that every classical cut system can simulate KE without a signiﬁcant increase in proof complexity.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 117 (XF) Let 1 be a proof of A from and 2 be a proof of :A from . Let ( ) denote the number of nodes generated by a KE-refutation of (i. every classical cut system satisﬁes also condition STP and it is easy to verify that the constant associated with this condition. respectively. as shown above. To prove the proposition it is convenient to assume that our language includes a 0-ary operator F (Falsum) and that the proof systems include suitable rules to deal with it. let us say that a proof system is a classical cut system if (i) it is sound and complete for classical logic. and (ii) it satisﬁes conditions (C) and (XF). so that every closed branch in a KE-tree ends with a node labelled with F . 38 Systems which are not already deﬁned over a language containing F can usually be redeﬁned over such an extended language without difﬁculty. . then for every rule r of KE there is an S-proof r of the conclusion of r from its premises. For instance. Let b1 = Maxr ( ( r )) and let b2 and b3 be the constants representing. The simulation procedure shows that the cut inferences are restricted to formulae which occur in the simulated proof. for every system S. the assumptions are not counted). allows for an efﬁcient implementation of the transitivity property of ordinary proofs. therefore. The assumption is made only for convenience’s sake and can be dropped without consequence.

The proof is by induction on ( ). i. :C such that ( ) = ( 1 )+ 0 ( 2 ) + 2. 2. So there is a KErefutation 1 of . say B and :B . Since S is a and an S-proof 2 classical cut system. i = 1. By inductive hypothesis.e. Since there is an S-proof of the KE-rule for F . from the hypothesis that S is a classical cut system. which is obtained by means of an application of the KE-rule for F to B and :B . by inductive hypothesis there is an S-proof 1 of F from . there is an S-proof 2 of C from the premises from which it is inferred in such that ( 2 ) b1 . has the following form: C T1 T T :C T2 So there are KE-refutations 1 and 2 of . ( ) > 1. it follows that there is an S-proof 0 of F from such that ( 0) c ( 1 ) + c ( 2 ) + b2 < c ( 1) + c ( 2) + c < c ( ( 1 ) + ( 2 ) + 2) . :C with ( i0 ) c ( i ). Moreover. and the only node generated by the refutation is F . where is a KE-refutation of . C such that ( 1 ) c ( 1 ). contains a pair of complementary formulae. it follows that there is an S-proof 0 of F from such that C ( 0) c c c c ( 1 ) + b1 + b2 + b3 + 1 ( 1) + c ( ( 1 ) + 1) ( ) Case 2. Now. The KE-refutation has the form: T1 where C follows from premises in by means of an E-rule.118 MARCELLO D’AGOSTINO Proof. C such that ( ) = ( 1 ) + 1. C 0 of F from . there 0 0 is an S-proof 1 of F from . Then is explicitly inconsistent. C and . Case 1. ( ) = 1. So. we can obtain an S-proof 0 of the particular application contained in simply by performing the suitable substitutions and ( 0 ) b1 < c.

the proof of Proposition 54 also shows that: COROLLARY 57. This implies that it is only the possibility of representing (analytic) cuts and not the form of the operational rules which is crucial from a complexity viewpoint. unlike the tableau method. It follows from the above corollary and Proposition 44 that: COROLLARY 58. So.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 119 < c ( ) Notice that in the simulation used in the proof of the previous proposition the cut formula is always a formula which occurs in the KE-refutation. This holds true even if the proof as a whole does not enjoy the subformula property (for instance when the cut system in question is a Hilbert-style system). for all these systems. Finally Corollary 58 implies that. and (ii) S is complete for classical logic. Then. but the tableau method cannot p-simulate any analytic cut system. . together with Proposition 51.e. Every analytic cut system can linearly simulate the analytic restriction of KE. with ( ) = O(n 2k ). for every tautology A of length n and containing k distinct variables there is a proof . In fact. Every analytic cut system can linearly simulate the tableau method. Therefore Proposition 54. its simulation in the cut system will be such that the cut formulae are all subformulae of the conclusion or of the assumptions. Moreover. Corollary 59 implies that both these systems cannot be p-simulated by the tableau method. In fact. Proposition 47 and Proposition 49 imply that: COROLLARY 59. the simulation preserves the subformula property (i. Corollary 57. it maps analytic proofs to analytic proofs). imply that Prawitz’s style natural deduction and KE can linearly simulate each other with a procedure which preserves the subformula property. Every analytic cut system is a standard proof system. Since (the classical version of) Prawitz’s style natural deduction is a classical cut system. if the latter enjoys the subformula property. even if we restrict our attention to analytic proofs (the tableau method cannot p-simulate any analytic cut system). We say that a proof system S is an analytic cut system if (i) S is the analytic restriction of a classical cut system. the analytic restriction of both these systems have the same upper bound as the truth-table method. the simulation given above provides a means for transforming every proof-procedure based on the KE-rules into a proof-procedure of comparable complexity based on the rules of the given cut system. Moreover. it follows that it can linearly simulate KE. DEFINITION 56.

Thanks are also due to Krysia Broda. Italy. P] Q P P ^Q Q P _Q P !Q P Q Q P Q P ^Q 1. Special thanks to Alasdair Urquhart and Andr´ Vellino for making available interesting papers and e lecture notes. The rules listed above are the intuitionistic rules. Dov Gabbay and Marco Mondadori for many helpful suggestions. Q] P _Q R R The notation P ] means that the conclusion of the rule does not depend on the assumption P .120 MARCELLO D’AGOSTINO ACKNOWLEDGEMENTS I wish to thank Reinhold Letz for reading several versions of the present chapter and offering valuable comments. Classical logic is obtained by adding one of the following three rules: F :P P :P F Q F P _ :P ::P P :P ] P F . P] R 2. Universit` di Ferrara. P] P !Q . a APPENDIX NATURAL DEDUCTION AND VARIANTS P ^Q P P _Q . Dipartimento di Scienze Umane.

The Journal of Symbolic Logic. 1973] C. Buss. On machines which prove theorems. The Journal of Symbolic Logic. Boston. 1:235–252. Beth. 1970] R. [Blanch´ . Vieweg. 1997. The application of semantic tableaux with uniﬁcation to automated deduction. [Beth. Cellucci. 7:373–378. Short version presented at WOLLIC 96.L Chang and R. 1961. [Chang. 44:36–50. Automated Theorem Proving. Proceedings of the conference on ‘Logic and Computer Science: New Trends and Applications’. Semantic entailment and formal derivability. 1970. Journal of Philosophical Logic. Existential instantiation and normalization in sequent natural deduction. to appear] C. Imperial College. La logique et son histoire. Chang. Cellucci. Department of Computing. Notre Dame (Indiana). 1988. [Cook and Reckhow. 52:916–927. 1955] E. M. Are tableaux an improvement on truth-tables? Journal of Logic. University of Notre Dame. [D’Agostino. A. 1987] S. The relative efﬁciency of propositional proof systems. Avron. Academic Press. 1. On the length of proofs in the propositional calculus. Investigations into the complexity of some propositional calculi. D’Agostino. 1988] A. 1990. Cook and R. 1970] C. 1971] S. Reckhow. 1998] K. Boolos. Ph.. Bochensky. [Buss. The semantics and proof theory of linear logic. Technical report. 1987. [D’Agostino. [Cellucci. 1979] S. Reprinted in [Siekmann and Wrightson. R. Broda. [Broda. Broda. D’Agostino and D. Cellucci. Fascicolo Speciale 1987. 1955. Beth. To appear in the Journal of the IGPL. pages 79–90. Journal of the IGPL. T. 58:111–148. Finger and A. Annals of Pure and Applied Logic. In Proceedings of the 3rd Annual Symposium on the Theory of Computing. 1994. 13:243–281. 1974] S. pages 135–148. Russo.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 121 The last of these rules is the classical reductio ad absurdum. 1982] W. 57:161–184. W. The unit proof and the input proof in theorem proving. The complexity of theorem proving procedures. 1992] M. [Boolos. C. L. [Broda et al. 18:309–342. In Proceedings of the 6th Annual Symposium on the Theory of Computing. LDS-Natural deduction for substructural logics. 1992. Technical report DOC97-11. [Cook. Mededelingen der Koninklijke Nederlandse Akademie van Wetenschappen. Paris. 1958. [Bibel. Don’t eliminate cut. 1992] C. Symbolic Logic and Mechanical Theorem Proving. . 32:49–60. 1992. 1982. 1979. vol. 1984. pages 115– a 152. Imperial College. A. 1978] where the author uses the following classical rule of dilemma: P] Q Q :P ] Q REFERENCES [Avron. [Cellucci. A History of Formal Logic. Journal of Automated Reasoning. 17:698–707. 1990] M. Reckhow. Department of Computing. [D’Agostino and Gabbay. Part 1: basic substructural logics. In Rendiconti del Seminario Matematico Universit` e Politecnico di Torino. A generalisation of analytic deduction via labelled deductive systems. Theoretical Computer Science. Lee. Simon Stevin Wissen Natur-kundig Tijdschrift. M. Using full ﬁrst order logic as a programming language. 1961] I. Braunschweig. Blanch´. e e [Bochensky. PRG Technical Monographs 88. Journal of the Association for Computing Machinery. 1970. Cook and R. 1973. Gabbay. 1958] E. 1971. Language and Information. 1992. Oxford University Computing Laboratory. 4:486–489. Bibel. 1983]. Another variant of the classical calculus is described in [Tennant. Cook. 1992] K. W. [Chang and Lee. 1984] G. 1974. A. 1987] C. Analytic cut trees.D thesis. [Cellucci. [Beth. Polynomial size proofs of the pigeon-hole principle. D’Agostino. . [Cook and Reckhow. Armand Colin. 1987. 1994] M.

Davis. Uppsala. 1967] R. Universit` di Ferrara. Johnson. PhD thesis. . [Prawitz. North-Holland. Labelled Deductive Systems. 267–270. III. Robinson. Gentzen. 1978] D. Cambridge Tracts in Theoretical Computer Science. Springer. North Holland. [Garey and Johnson. part II. Annali dell’Universit` di a Ferrara. 1983]. Fitting. and E. 1956. In Proceedings of the 13th International Joint Conference on Artiﬁcial Intelligence(IJCAI). A. 1969]. Amsterdam. pages 25–40. [Girard. Reidel. 1992] R. Mondadori. Garey and D. Dummett. 500. Eckman. Cambridge University Press. English translation in [Szabo. 1986. pp. 1983]. McGraw-Hill Book Company. A Proof-Theoretical Study. Rosenthal. Reprinted in [Siekmann and Wrightson. Prawitz. [Gentzen. Classical analytical deduction.. [Robinson. Journal of Automated Reasoning. 1993. 1965. University of Karlsruhe. 1983] M. 1989] J. 123–129. 1996. [Gabbay.. 1988a] M. V. A Guide to the theory of NP-Completeness. 1971] D. Almqvist & Wilksell. H¨ hnle. Mondadori. Gabbay. a Sez. Math. 125–139. 1994] N. Controlled integration of the cut rule into connection tableaux calculi. R. First edition. Volume 1 . 1992] M. In [Siekmann and Wrightson. 1994] R Letz. ﬁrst edition 1967.Foundations. On the computational intractability of analytic tableau methods. 1956] A. 1996] M. Automated Theorem Proving: A Logical Basis. Oxford University Press. A. editors. [Mondadori. Journal of the Association for Computing Machinery. Wang. 1962. Logic for Computer Science. pp. Y. pp. 13:297–337. Prawitz. pages 235–308.122 MARCELLO D’AGOSTINO [D’Agostino and Mondadori. a a Department of Computer Science. North-Holland. 1978] D. 1990. Zeitschrift. [Heyting. Sez. Towards feasible solutions of the tautology problem. I. Tableau-Based Theorem-Proving in Multiple-Valued Logics. Discussion paper 5. Ideas and results in proof theory. 1983]. 1962. W. Berlin. Y. 4:285–319. 1996] D. Amsterdam. 10:117–154. 1967] S. [Dummett. 1986] J. [Kleene. Harper & Row. [Letz. John Wiley & Sons. Soviet Mathematics. [Prawitz. Universit` di Ferrara. 1979] M. [Davis and Putnam. M. Dordrecht. 1979. Lecture Notes in Mathematics. Discussion paper 1.. 1989. 7:201–215. K. 1994. Communications of the Association for Computing Machinery. 1974] D. Prawitz. [Loveland. 1996. 1965] J. Proof Theory and Logical Complexity. 1965] D. Computers and Intractability. 1994. 1983. 1971. [Davis. Annals of Mathematical Logic. Gallier. In J. Goller. A computing procedure for quantiﬁcation theory. Davis and H. and D. Jeffrey. The prehistory and early history of automated deduction. Reprinted in [Siekmann and Wrightson.On the Polynomial Transparency of Resolution. a [Mondadori. C. Hintikka. Saarinen. Berlin. [Jeffrey. Lafont and P. Mondadori. [Letz et al. D’Agostino and M. 1988] M. C. 1965. Duckworth. Kleene. Bulletin of the IGPL. Annali dell’Universit` di Ferrara. Mayr and C. Taylor. Natural Deduction. Journal of the Association for Computing Machinery. 1960] M. Heyting. Essays on Mathematical and Philosphical Logic. W. Bibliopolis. Truth and other Enigmas. H. III. The taming of the cut. Matulis. Niinduoto. 1962] V. Two versions of classical computation of predicates without structural rules. 1978. 3:1770–1773. 1988. [H¨ hnle. 1935] G. 1993] R Letz. 1988. London. [Gallier. Murray and E. [Dunham and Wang. 1960. pages 290–319. a [Murray and Rosenthal. Journal of Logic and Computation. New York. Comments on Gentzen-type procedures and the classical notion of truth. [Davis et al.-Y. 1967. New York. 1987. S.. A machine-oriented logic based on the resolution principle. 1978. Unstersuchungen uber das logische Schliessen. Formal Logic: its Scope and Limits. New York. Logemann. editors. Freeman & Co. G. 1976. [Matulis. 1935. Napoli. Davis. H. Chambery. Girard. Putnam. Proofs and the meaning and completeness of the logical constants. [Fitting. Inc. San Francisco. 12:23–41. 1994] M. second edition. Dold and B. 1981. ISILC Proof Theory Symposium. 1976] B. In Proceedings of the II Scandinavian Logic Symposium. A machine program for theorem proving. 1992. Intuitionism. 5:394–397. Springer-Verlag. 1978. Proofs and Types. pages 1–28. First-Order Logic and Automated Theorem Proving.. Mathematical Logic. 1978] M. Dunham and H. 1994. Prawitz. [Girard et al. [Prawitz. Loveland. 1987] J. In A. ¨ 39:176–210. 1974. Loveland. [Prawitz. Classical analytical deduction. Girard.

[Statman. 1968b] R.. Mass. 1978] N. Automated Theorem Proving in Non Classical Logics. Compiled by Dana Scott with the aid of David Bostock. Bounds for proof-search and speed-up in the predicate calculus. 1992] A.. 1989. Schroeder-Heister. 1989] A. 1981] D. The Journal of Symbolic Logic. Tennant. volume 2. Complexity of proofs in classical propositional logic. 1981. Automation of Reasoning. 1978] R. Vellino. Sundholm. AILA preprint. K. pages 897–912. PRG Technical Monograph 2. Sieg. Handbook of Mathematical Logic. History and Philosophy of Logic. M. Handbook of Philosophical Logic. New York. Analytic cut. 1968. Uniform Gentzen systems. Springer. 1968. Moschovakis. Study aids monographs. 1:425–467. [Sieg. Guenthner. Oxford University Computing Laboratory. 1977. Szabo. 15:225–287.2. Smullyan. 1987] L. chapter I. 1941. Scott. PhD thesis. Barwise. [Smullyan. B. 1978. 1968a] R. [Scott. 1970. Gabbay and F. [Urquhart. [Sundholm. [Tennant. [Szabo. Thistlewaite. William Heinemann and Harvard University Press. Classifying the computational complexity of problems. Subfaculty of Philosophy. 1983] J. A. 3. 1970] D. Systems of deduction. 1968] R. First-Order Logic. [Siekmann and Wrightson. The Bulletin of Symbolic Logic. 33:549–559. Natural Logic. 1997] P. The Journal of Symbolic Logic. In J. 1941] I. editor. Notes on the formalization of logic. Dordrecht. Amsterdam. In Y. Greek Mathematics. [Smullyan. [Thomas. Springer-Verlag. [Urquhart. Technical report. editors. . n. The Journal of Symbolic Logic. Logic from Computer Science. Urquhart. Frege and the resolution calculus. M. Statman. Meyer. 52:1–43. editors. Edimburgh University Press. Thomas. University of Toronto. Scott. M. pages 596–608. [Scott. Urquhart. pages 133–188. 1983. 33:560–564. volume I. 1992. 18:95–108. 1983. Edinburgh. London and Cambridge. Springer-Verlag. The Collected Papers of Gerhard Gentzen. Revised and expanded version of a paper under the same title in the Proceedings of the Fourth Annual Princeton Conference on Information Sciences and System. Annals of Mathematical Logic. Outline of a mathematical theory of computation. 1969. Smullyan. University of Oxford. editor. North-Holland. 1997. 1988. The complexity of propositional proofs. North-Holland. 1987. Herbrand’s theorem and Gentzen’s notion of a direct proof. Berlin. [Statman. The Complexity of Automated Reasoning. 1988] P. Reidel. Siekmann and G. 1978. 1995. editor. McRobbie and B. [Thistlewaite et al. Stockmeyer. 1995] A. Programming Research Group. 1993. 1970. Pitman. In D. [Vellino.TABLEAU METHODS FOR CLASSICAL PROPOSITIONAL LOGIC 123 [Schroeder-Heister. [Smullyan. Smullyan. editor. Statman. Mechanism and search. Graeme Forbes. 1983] G. aspects of proof theory. 1968. 1993] W. Wrightson. [Stockmeyer. Daniel Isaacson and G¨ oren Sundholm. 1977] R. Amsterdam. 1969] M.

124 .

We also consider some basic reﬁnements of tableaux: strictness. which can be employed to guide the tableau construction. including Skolemization. Therefore a fundamentally different completeness proof has to be given. Special emphasis is laid on the presentation of reﬁned tableau systems for clause logic which consist of more condensed inference rules and hence are particularly suited for automated deduction. the central rˆ of Herbrand interpretations ole is emphasized. In the third section. Furthermore. we turn to the traditional tableau systems for ﬁrst-order logic due to Smullyan. Following the tableau enumeration approach of free-variable tableaux. Since connection tableaux are not conﬂuent. The fourth section concentrates on the crucial weakness of traditional tableau systems with respect to proof search. We prove Hintikka’s Lemma and the completeness of ﬁrst-order tableaux. The techniques can be subdivided into three different classes. Unfortunately. typically. tableau calculi for ﬁrstorder sentences are introduced. In Section 6 methods are mentioned which can produce signiﬁcantly shorter tableau proofs. as so-called ‘rigid’ variables. We introduce the tableau calculi due to Smullyan as well as tableaux with free variables and uniﬁcation due to Fitting. The central such concept in clause logic is the notion of a connection. In Section 5. by applying a systematic tableau procedure. The instantiation of rigid variables then is guided by uniﬁcation. In Section 2 we study the most important normal forms and normal-form transformations of ﬁrst-order logic. the crucial demand is to reduce the number of tableaux to be considered by the search procedure. Therefore. It lies in the nature of the standard -rule. systematic tableau procedures cannot be applied. regularity and the Herbrand restriction. Moreover. systematic procedures for free-variable tableaux cannot be deviced as easily as for sentence tableaux. which enforces that instantiations have to be chosen too early. We also compare the connection tableau framework with other calculi from the area of automated deduction. The mechanisms of the ﬁrst type . the syntax and the classical model-theoretic semantics of ﬁrst-order logic are introduced and the fundamental properties of variable substitutions are described. An approach to remedy this weakness is to permit free variables in a tableau which are treated as placeholders for terms. Free-variable tableaux require a generalization of the quantiﬁer rules. The ﬁrst section provides the general background on ﬁrst-order logic with function symbols. a simulation of general clausal tableaux is not possible. The material is organized in six sections. Clause logic permits a more condensed representation of tableaux and hence a redeﬁnition of the tableau rules. we concentrate on formulae in clausal form.REINHOLD LETZ FIRST-ORDER TABLEAU METHODS INTRODUCTION In this chapter tableau systems for classical ﬁrst-order logic are presented. tableau enumeration procedures are used instead. Using uniform notation.

the alphabet or signature of a ﬁrst-order language will be deﬁned as consisting of six disjoint sets of symbols. the central modiﬁcation operation on ﬁrst-order expressions is introduced. then some rich person must have a rich grandfather. Altogether. Second. 2. all with arities such that there are inﬁnitely many function symbols of every arity. which may lead to even nonelementarily smaller tableau proofs. a ﬁrst-order alphabet has to provide symbols for denoting objects. logical symbols. ai consisting of a denumerably inﬁnite alphabet A and a partial mapping a: A ! N 0 . In order to express such formulations. associating natural numbers with certain symbols in A. In ﬁrst-order logic. hence we need quantiﬁers. all with arities such that there are inﬁnitely many predicate symbols of every arity. it must be possible to make universal or existential assertions. so-called liberalizations of the rule are discussed. it can express the internal structure of sentences. Finally. An inﬁnite set V of variables. 3.1 Syntax of First-order Logic Propositional logic deals with sentences and their composition. EXAMPLE 1. without arities. and. . in mathematical discourse. In this section we present the syntax and semantics of ﬁrst-order logic with function symbols. called their 1. A ﬁrst-order signature is a pair = arities. 1. we consider a special condition under which free variables in a tableau can be treated as universally quantiﬁed on a branch. An inﬁnite set of predicate symbols. Nullary function symbols are called constants. If every person that is not rich has a rich father.126 REINHOLD LETZ are centered around the (backward) cut rule. and some of its invariances are studied. such that A can be partitioned into the following six pairwise disjoint sets of symbols. 1 CLASSICAL FIRST-ORDER LOGIC The theory of ﬁrst-order logic is a convenient and powerful formal abstraction from expressions and concepts occurring in natural language. the replacement of variables. propositional variables. the logical structure and content of assertions of the following form can be studied that have no natural formalization in propositional logic. An inﬁnite set of function symbols. First-order logic does not stop at the sentence level. Furthermore. hence the alphabet of a propositional language consists of only three types of symbols. Furthermore. DEFINITION 2 (First-order signature). and relations. hA. functions. and punctuation symbols. most signiﬁcantly.

the corresponding ﬁrst-order language is deﬁned inductively1 as a set of speciﬁc strings over the alphabet of the signature. Every atom over is a formula over . variables and function symbols will be denoted with lower-case letters and predicate symbols with upper-case letters. then the concatenation P (t1 . Let in the following = hA. both with arity 2. _. DEFINITION 4 (Term (inductive)). In our presentation of ﬁrst-order languages we use preﬁx notation for the representation of terms and atomic formulae. ^ is the conjunction symbol. the ﬁrst one with arity 1 and all others binary. respectively. which we denote with the symbols ‘(’. NOTATION 6. ‘g ’ and ‘h’. A set of punctuation symbols consisting of three distinct symbols without arities. ‘d’. : : : . We call : the negation symbol. then the concatenation f (t1 . ^. and $. ai be a ﬁxed ﬁrst-order signature. 1 In inductive deﬁnitions we shall. called the existential quantiﬁer. 6. A set of connectives consisting of ﬁve distinct symbols :. for function symbols with arity 1 the letters ‘f ’. 1. Given a ﬁrst-order signature . tn ) is a term over . Optionally. : : : . conveniently. _ is the disjunction symbol. Normally. : : : . NOTATION 3. If f is an n-ary function symbol in A with n 0 and t1 . and ‘. ‘)’. 1. We do not distinguish between symbols and unary strings consisting of symbols. and 9. omit the explicit formulation of the necessity condition. tn are terms over . Preferably. and ‘e’. for constants the letters ‘a’. 5.’.FIRST-ORDER TABLEAU METHODS 127 4. ‘b’. If P is (the unary string consisting of) an nary predicate symbol in A with n 0 and t1 . tn ) is an atomic formula. ‘Q’ and ‘R’. called the universal quantiﬁer. and for predicate symbols the letters ‘P ’. tn are terms over . Every variable in A is said to be a term over . We will always talk about symbols of ﬁrst-order languages and never give examples of concrete expressions within a speciﬁc object language. and $ is the material equivalence symbol. DEFINITION 7 (Formula (inductive)). over . we use for variables letters from ‘u’ onwards. DEFINITION 5 (Atomic formula). 2. Terms of the form a() and atoms of the form P () are abbreviated by writing just a and P . subscripts will be used. or atom. ‘c’. nullary predicate symbols shall occasionally be denoted with lower-case letters. A set of quantiﬁers consisting of two distinct symbols 8. . : : : . and inﬁx notation for the binary connectives. ! is the material implication symbol. the context will clear up possible ambiguities. !.

y). a function symbol. ( $ ). a quantiﬁer. : : : . Although this way occurrences . and. ( ^ ). then some rich person must have a rich grandfather’. We have to provide a means for addressing different occurrences of symbols and subexpressions in an expression E . If and are formulae over and x is (the symbol string consisting of) a variable in A. x. One could simply address occurrences by giving the ﬁrst and last word positions in E . and y. The set of all (well-formed) expressions over is called the ﬁrst-order language over . we denote the complement of a formula with . called the conjunction of and . Among the strings W1 . All terms and formulae over called (well-formed) expressions over . the notions of (immediate) subterms and (immediate) subformulae are deﬁned. According to our conventions of denoting symbols and strings. W is called the dominating symbol of . 8x . called the disjunction of and . or a predicate symbol. x) has the immediate subexpression sequence x. f (a. then the following concatenations are also formulae over : : . Recalling the assertion given in Example 1: ‘if every person that is not rich has a rich father. a possible (abstracted) ﬁrst-order formalization would be the following formula. a formula of the form P (x. i is in the transitive closure of the immediate subexpression relation. lastly. 8x(:R(x) ! R(f (x))) ! 9x(R(x) ^ R(f (f (x)))). Every atomic formula and every negation of an atomic formula is called a literal. The complement of any negated formula : is and the complement of any unnegated formula is its negation : . called the material implication of by . called the universal quantiﬁcation of in x. DEFINITION 9 (First-order language). a. P as dominating symbol. y ). DEFINITION 11 (Literal). Wn that are not expressions is called the immediate subexpression sequence of . An expression is said to be a subexpression of an expression if the pair h . The sequence obtained by deleting all elements from W1 . Wn . y). : : : . in concordance with the Deﬁnitions 4 to 7. called the existential quantiﬁcation of in x. then any expression among these strings is called an immediate subexpression of . y). ( ! ). DEFINITION 8 ((Well-formed) expression). If an expression is the concatenation of strings W1 . EXAMPLE 14. Wn there is a unique string W whose symbol is a connective.128 REINHOLD LETZ 2. Analogously. the immediate subexpressions x and f (a. f (a. ( _ ). DEFINITION 13 (Subexpression). are DEFINITION 10 (Complement). : : : . called the material equivalence of and . EXAMPLE 12. and 9x . called the negation of . f (a. the subexpressions x.

pn in an (x. then the position both of E and of the dominating occurrence of s in E is the empty sequence . 2.1 x. p1 . Formally. Symbol tree of the formula 8x9y (P (x. pn . An occurrence of a symbol or an expression expression E is denoted with p1 . tree positions can be deﬁned as follows. then the addresses of the occurrences may change completely.:::.2. x)) Each occurrence of a symbol or a subexpression in an expression can be uniquely determined by a sequence of natural numbers that encodes the edges to be followed in the symbol tree. pn is the position of an occurrence of an expression or a symbol W in Ei .1x.2x..2. y) _ 8x:P (y. For example. and 2.2.g. En is the immediate subexpression sequence of E and if p1 . if E1 . if s is the dominating symbol of an expression E .pn W . by concatenating them or by replacing an occurrence of a subexpression.2. 8 1 x Q2 Q 1 9 Q 1 y P 1 Q 2 _ Q Q 2 x @2 @ 8 1 y x @2 @ 1 : P @2 @ 1 y x Figure 1. x)) are 1 x. then the position of that occurrence of W in E is the sequence i. 1 i n. This notation is motivated by a symbol tree representation of logical expressions. W with position p1 .1. 1. : : : . For any expression E . in the formula 8x9y (P It is essential to associate variable occurrences in an expression with occurrences of quantiﬁers. 2.FIRST-ORDER TABLEAU METHODS 129 of symbols and subexpressions in an expression could be uniquely determined.. 2. y ) _ 8x:P (y. : : : . DEFINITION 15 (Position (inductive)). We will use a notation which is more robust concerning concatenations of and replacements in expressions. : : : . this notation has the disadvantage that whenever expressions are modiﬁed. : : : . the occurrences of the variable x .1.2. e.2. as displayed in Figure 1.

pm+1 . 2.:::. x) is in the scope of both occurrences of the universal quantiﬁer. xn g the set of free variables of . 8. : : : . in an expression is in the scope of a quantiﬁer occurrence p1 .pm Q in . A variable occurrence is called free in an expression if is not bound by some quantiﬁer occurrence in the expression.:::.pm . 1. then the occurrence of the respective quantiﬁcation p1 .1.pm Qx is called the scope of p1 . the rightmost occurrence 2. we permit to omit outermost brackets.:::.pm+1 . 2 . a collection of objects termed universe.:::. the variable occurrence is said to be bound by the rightmost such quantiﬁer occurrence in the string notation of .1 P (y. where it is sufﬁcient to work with Boolean valuations and where the atomic formulae can be treated as the basic meaningful units.pm Q is the occurrence of a quantiﬁer in a formula . if brackets are missing.pm Q. m < n. the richer structure of the ﬁrst-order language requires a ﬁner analysis. If an expression does not contain variables. 2. If an occurrence of a variable p1 . In contrast to propositional logic.:::. Accordingly.pm Q in . DEFINITION 19 (Closures of a formula). Let be a formula and fx1 ..pn x. of symbols or expressions in are said to be in the scope of p1 .:::. for arbitrary binary connectives 1 .2.2. Closed formulae are called sentences. NOTATION 20.130 REINHOLD LETZ DEFINITION 16 (Scope of a quantiﬁer occurrence). Accordingly. Note that every occurrence of a variable in a well-formed expression is bound by at most one quantiﬁer occurrence in the expression. As usual.:::.2 Semantics of Classical First-order Logic Now we are going to present the classical model-theoretic semantics of ﬁrst-order logic due to [Tarski.e. by the one with the greatest index m < n.2. DEFINITION 17 (Bound and free variable occurrence). If p1 . whereas 2. and the sentence 9x1 9xn is called an existential closure of .2.2. DEFINITION 18 (Closed and ground expression. . the occurrence 2. m n.2. In ﬁrst-order logic the basic semantic components are the denotations of the terms. . then the sentence 8x1 8xn is called a universal closure of . Referring to the formula in Figure 1. Furthermore.pm .:::.2 x of x in the formula in Figure 1 is bound by the universal quantiﬁer at position 2.pn W . 1936].1 P (x. any formula of the shape 1 ( 2 ) may be abbreviated by writing just 1 2 (right bracketing). and if it does not contain free variables. then that variable occurrence is called a bound occurrence of x in . all occurrences p1 . we shall normally spare brackets. it is called ground.2. In order to gain readability. y ) is in the scope of only one quantiﬁer occurrence.:::. the dominating inﬁx connective is always the leftmost one. i. it is termed closed. namely. sentence).

For every variable x in V : 2. F . Ui consisting of a ﬁrst-order language L and a universe U . f. and hence. 2 Whenever the term ‘collection’ will be used. and predicate symbols in the signature of L. In the following. Ui. 1. no restriction is made with respect to the cardinality of an aggregation. 2. subsequently. Since formulae may contain free variables. Any non-empty collection2 of objects is called a universe. A variable assignment from a ﬁrst-order language L to a universe U is a mapping A: V ! U . the meaning of any term and any formula in the language is uniquely determined. function symbols. whereas the term ‘set’ indicates that only denumerably many elements are contained. For every universe U . and P the sets of variables. we denote with L a ﬁrst-order language. respectively. interpretation). I A (x) = A(x). Once an interpretation and a variable assignment have been ﬁxed. DEFINITION 25 (Term assignment (inductive)). . This way the mapping of atomic formulae to truth values as performed for the case of propositional logic is captured as a special case by the more general framework developed now. An interpretation for a ﬁrst-order structure hL. 1g. will be identiﬁed with the single element in its image. and let A be a variable assignment from L to U . respectively. I maps every n-ary function symbol in F to an n-ary function in UF . respectively.gg (= f0. A (ﬁrst-order) structure is a pair hL. DEFINITION 24 (Variable assignment). and with UP the collection of relations n2N0 P(U n ) n ) being the power set of U . Note that any nullary mapping in UF is with P(U from the singleton set f. according to the Zermelo-Fraenkel deﬁnition of natural numbers). The function symbols and the predicate symbols of the signature of a ﬁrst-order language are then interpreted as functions and relations over such a universe. with V . We call the sets . the notion of variable assignments will be needed. Let I be an interpretation for a structure hL. NOTATION 22. Ui is a mapping I : F P ! UF UP such that 1. and f. For every constant c in F : I A (c) = I (c). I maps every n-ary predicate symbol in P to an n-ary relation in UP .g to U . and with T and W the sets of terms and formulae in L. and abbreviate them with ? and >. we denote with UF the collection of mapS S pings n2N0 U n ! U ..g truth values.FIRST-ORDER TABLEAU METHODS 131 DEFINITION 21 (Universe). DEFINITION 23 (First-order structure. The term assignment of I and A is the mapping I A : T ! U deﬁned as follows. Any nullary relation in UP is just an element of the two-element set f.

: : : . for any sentence and any interpretation I . tn are terms. tn )) = 3.132 REINHOLD LETZ 3. A variable assignment is called an x-variant of a variable assignment if both assignments differ at most in the value of the variable x. and let A be a variable assignment from L to U . The formula assignment of I and A is the mapping I A : W ! f>. I A (: ) = > if I A ( ) = ? ? otherwise. For any nullary predicate symbol P in the signature of L: Finally. 9. > if I A ( ) = > or ? otherwise. I A (( ^ )) = I A (:(: _ : )): I A (( ! )) = I A ((: _ )): I A (( $ )) = I A ((( ! ) ^ ( ! ))): I A (8x ) = 0 > if I A ( ) = > for all x-variants A0 of A ? otherwise. : : : . If f is a function symbol of arity n > 0 and t1 . I A (tn )): DEFINITION 26 (Formula assignment). for all formulae 2 S . Let and denote arbitrary formulae of L. (by simultaneous induction) Let I be an interpretation for a structure hL. : : : . : : : . If P is a predicate symbol of arity n > 0 and t1 . the respective formula assignments are all identical. and hence do not depend on the variable assignments. I A (P ) = I (P ). 7. 2. Ui. 8. and write it I . : : : . 6. for sentences. I A (( _ )) = I A( ) = > 4. then I A (f (t1 . : : : . with I A (S ) = > we express the fact that I A ( ) = >. Consequently. I A (9x ) = I A (:8x: ): If S is a set of ﬁrst-order formulae. we shall speak of the formula assignment of an interpretation I . we come to the assignment of truth values to formulae. then I A (P (t1 . Particularly interesting is the case of interpretations for sentences. I A (tn )i 2 I (P ) ? otherwise. > if hI A (t1 ). tn )) = I (f )(I A (t1 ). ?g deﬁned as follows. 5. 1. tn are terms. . From the deﬁnition of formula assignments (items 8 and 9) it follows that.

Let order formulae. Let I be an interpretation for a structure hL. DEFINITION 30 (Implication. if I is an A-model for and A is the collection of all variable assignments. Possible ambiguities between an interpretation and the corresponding formula assignment will be clariﬁed by the context. If I is an (A-)model for every formula in a set of ﬁrst-order formulae S . If A from L to U : every fAg-model for strongly implies if. see Example 27. and we simply write j= . Given two ﬁrst-order formulae strongly implies if and only if the formula ! is valid. DEFINITION 28 (Model). and (strongly) imply each other. Deﬁnition 26 guarantees that variable assignments obey ‘dynamic binding’ rules (in terms of programming languages). and a ﬁrst-order formula. in the sense that a variable assignment to a variable x for an expression is overwritten by a variable assignment to the same variable x in a subexpression of . DEFINITION 29 (Satisﬁability. then I ( ) = ? and I ( ) = >. then is valid. The set is called (A-)satisﬁable if there exists an (A-)model for . Furthermore. 2. To comprehend the manner in which formula assignments give meaning to expressions. implication and strong implication coincide. Consider two sentences = 8x(9xP (x) ^ Q(x)) and = 8x9x(P (x) ^ Q(x)). Note that according to this deﬁnition any ﬁrst-order formula is equivalent to any-one of its universal closures. for (sets of) sentences. then we also call I an (A-)model for S . . Ui. for every variable assignment A 2 A. the notion of material (object-level) implication and the strong (meta-level) implication concept of ﬁrst-order formulae are related as follows. The notions of satisﬁability and validity abstract from the consideration of speciﬁc models. if = . and . A a collection of variable assignments from L to U . obviously. then I is called a model for . they are called (strongly) equivalent. THEOREM 31 (Implication Theorem). too. The central semantic notion is that of a model. We say that I is an A-model for if I A ( ) = >. Obviously. We call valid if every interpretation is a model for .FIRST-ORDER TABLEAU METHODS 133 EXAMPLE 27. and an interpretation I (P ) = I (Q) = fu1 g. and be two (sets of) ﬁrst- 1. The example illustrates how formulae are interpreted in which an occurrence of a variable is in the scopes of different quantiﬁer occurrences. validity). for every universe U and every variable assignment is an fAg-model for . u2 g. We say that implies . written j= .. Given a universe U = fu1. Loosely speaking. Let be a (set of) formula(e) of a ﬁrstorder language L (and A a collection of variable assignments). equivalence). if every model for is a model for .

for all x-variants A0 of A: I A (F ) = > A0 (G) = >. I A ( ) = ? or I A ( ) = >. Let I be any interpretation and A any variable 0 assignment with I A (8xF ) = >. Let A be any variable assignment and I an arbitrary fAg-model for . I A (8xG) = > . Let F . hence I A ( ! ) = >. (1) (2) (3) (4) (5) (6) (7) (8) (9) The subsequently listed basic strong equivalences between ﬁrst-order formulae can also be demonstrated easily. For the ‘if’-part. I A ( ) = >. Let A be any variable assignment and I an arbitrary interpretation. I A ( ! ) = >. LEMMA 33. in either case I is an fAg-model for ! . and H be arbitrary ﬁrst-order formulae. and I is an fAg-model for . in this case. LEMMA 32 (Replacement Lemma). I PROPOSITION 34. and. ::F $ F :(F ^ G) $ (:F _ :G) :(F _ G) $ (:F ^ :G) (F _ (G ^ H )) $ ((F _ G) ^ (F _ H )) (F ^ (G _ H )) $ ((F ^ G) _ (F ^ H )) :9xF $ 8x:F :8xF $ 9x:F 8x(F ^ G) $ (8xF ^ 8xG) 9x(F _ G) $ (9xF _ 9xG) (De Morgan law for ^) (De Morgan law for _) (_-distributivity) (^-distributivity) (98-conversion) (89-conversion) (8^-distributivity) (9_-distributivity) . Proof. if the formula can be obtained from by replacing an occurrence of F in with G. by Deﬁnition 26. By assumption. I ( ) = >. either I A ( ) = ?. G. Assume j= F ! G. then. I A ( ) = >. Or. then and are strongly equivalent. If j= F ! G. By Deﬁnition 26. Consequently. by assumption. Given two strongly equivalent formulae F and G and any formula with F as subformula. then j= 8xF ! 8xG. For the ‘only-if’-part. assume ! be valid. All formulae of the following structures are valid.134 REINHOLD LETZ Proof. It is obvious that strongly equivalent formulae can be substituted for each other in any context without changing the meaning of the context. Now. Another more subtle useful replacement property is the following. Then. Consequently. hence I A ( ) = >. by assumption. suppose that strongly implies .

Proof. PROPOSITION 37. (f n hx. Since Ax and Bu overlap on u x Bu ( ) = >. is the expression obtained from by simultaneously replacing every occurrence of each variable x 2 domain( ) that is free in by the term (x). is the basic modiﬁcation operation performed on logical expressions. For any mapping f . we are interested in substitutions which preserve the models of a formula. and x x if = 9x . DEFINITION 39 (Binding). abbreviated x=t. Similarly. We say that a binding x=t is proper if the variable x does not occur in the term t. for any two variable assignments A and B from L to U that overlap on V : (1) (2) I A ( ) = I B ( ). If and are expressions and there is a substitution with = . A (variable) substitution is any mapping : V ! T where V is a ﬁnite subset of V and x 6= (x). we consider the application of substitutions to logical expressions. A substitution is called ground if no variables occur in the terms of its range. then fu 2 U j I Au ( ) = >g = fu 2 U j I Bu ( ) = >g. For (2). will be denoted with fu . which we shall introduce next. then the -instance of . NOTATION 36. 1. for every x in the domain of . Let be a formula of a ﬁrst-order language L with V being the set of free variables in . Any element hx. i. then S denotes the (collection of the) set(s) of -instances of its elements. written .3 Variable Substitutions The concept of variable substitutions.e. is called a binding. I The reverse direction holds by symmetry. DEFINITION 40 (Instance). Furthermore. We conclude this part with proving a technically useful property of variable assignments. which proves the set inclusion in one direction. f (x)i) hx. Now. In order . its modiﬁcation by changing the value of x x to u. V fxg. Then. (1) is obvious from Deﬁnition 26 of formula assignments. and U a universe. DEFINITION 38 ((Variable) substitution). If is any expression and is a substitution. bound variable occurrences are not replaced. Let in the following denote T the set of terms and V the set of variables of a ﬁrst-order language. ui. consider x x an arbitrary element u 2 U with I Au ( ) = >. As a matter of fact.FIRST-ORDER TABLEAU METHODS 135 DEFINITION 35. by (1). if S is a (collection of) set(s) of formulae. Two variable assignments A and B are said to overlap on a set of variables V if for all x 2 V : A(x) = B (x). then is called an instance of . ti of a substitution.

We consider the case of a universal formula 8xF in more detail. for any interpretation I and any variable assignment A: I A (E ) = I A (E ). PROPOSITION 46 (Substitution soundness). = NOTATION 44. The proof is by induction on the structural complexity of the expression E . A substitution is said to be free for an expression provided. z )) and the substitutions 1 = fy=z g and 2 = fy=xg. and indeed 6j= 2 = 9x(P (x. the result is immediate from the Deﬁnition 25 of term assignments. While 1 is free for and j= 1 = 9x(P (x. A substitution is free for an expression variable occurs bound at the same positions in and in . x : : . If is a substitution that is free for a ﬁrst-order expression E . Consider a formula of the form 9x(P (x. The existential case is similar. This means that the following proposition holds. for free substitutions. : : : . y. z ) ^ :P (x. for any term. The cases of quantiﬁer-free formula are also straightforward from items (1) – (7) of the Deﬁnition 26 of formula assignments.136 REINHOLD LETZ to preserve modelhood for arbitrary logical expressions. While no bound variable occurrence can vanish when a substitution is applied. LEMMA 45. for every free occurrence s x of a variable in . z )). Bringing in additional bound variables can lead to unsoundness. 2 is not. First. we will sometimes omit the subscript and simply write A . PROPOSITION 42. if and only if any EXAMPLE 43. Given a ﬁrst-order formula and a substitution = fx1 =t1 . x. as shown with the following example. xn =tn g that is free for . If I is an interpretation. If the underlying interpretation is clear from the context. The following fundamental result relates substitutions and interpretations. xn and A any collection of all variable assignments . Let V denote the set of variables of the underlying ﬁrst-order language. z. xn =tnx a substitution. let V V be any set of variables containing x1 . and fx1 =t1 . no additional bound variable occurrences are imported. z ) ^ :P (z. then. then we denote with A I the variable assign: g n ment AI1 (t1 ) A I A (tn) using Notation 36. Proof. A a variable assignment. z ) ^ :P (y. z. z )). all variable occurrences in s x are free in . the following property is sufﬁcient. I A (8xF ) = > if and only if (by 0 item (8) of formula assignment) for all x-variants A0 of A: > = I A (F ) = (by 0 the induction hypothesis) I A (F ) iff (since is assumed to be free for F ) for 0 all x-variants A 0 of A : I A (F ) = > iff (by item (8) of formula assignment) I A (8xF ) = >. x. : : : . y. Now we can state a very general soundness result for the application of substitutions to logical expressions. DEFINITION 41 (Free substitution).

PROPOSITION 49. we have that . Consider an arbitrary variable assignment A 2 A.FIRST-ORDER TABLEAU METHODS 137 that overlap on V A-model for . x 2 domain( ) and x 2 domain( ). Since we have the result for . permits to omit parentheses when writing a composition of substitutions. = . Proof. assume x 2 domain( ). s x was chosen arbitrary and only free variable occurrences were modiﬁed. Assume and to be substitutions. then I is an Proof. x 2 domain( ) but x 2 domain( ). and be arbitrary substitutions and expression such that is free for . and let 0 be that subset of which contains 0 .=. and any substitution which is free for DEFINITION 48 (Composition of substitutions). First. The substitution 0 called the composition of and . the set of substitutions with the composition operation forms a semi-group. for the empty substitution . If. 1. COROLLARY 47. For any formula : j= . 2. no variable occurrence in s x is bound in . ( ) = ( ). Let 0 be the substitution obtained from the set fhx. 3. As a special instance of this proposition we obtain the following corollary (simply set V = V and A will be the collection of all variable assignments). Since is free for . written . any logical . then = s (x ) = s x = s x( ). ( ) = ( ). For (3) let x be any variable. (1) is immediate. : : : . and (3). A contains all variable assignments that overlap on V n V where V is any superset of fx1 . acts as a left and right identity for composition. As a consequence of (1) and (3). Lastly. Lemma 45 can be applied which yields that I A ( ) = I A ( ) = >.. If an interpretation I is an A-model for . by assumption. The repeated application of (2) yields that x(( ) ) = (x( )) = ((x ) ) = (x )( ) = x( ( )). (2) expresses that under the given assumption substitution application and composition permute. the associativity of substitution composition. as was assumed free for . therefore. . secondly. A 2 A and hence I A ( ) = >. Let . n V . then = = s (x ) = s x = s x( ) . is no binding x=t with x 2 domain( ). t i j x=t 2 g by removing all pairs for which x = t . Summarizing these results. For (2) consider any free occurrence s x of a variable x in . therefore s (x ) = s x( ). We distinguish three cases. This means that the substitutions ( ) and ( ) map every variable to the same term. xn g. Now. hence they are identical.

If Q is any quantiﬁer. . except for the case of formulae containing $. n 0. for any formula which is not in prenex form. This is because certain sublanguages permit the application of more efﬁcient solution techniques than available for the full ﬁrst-order format. For every ﬁrst-order formula form which is strongly equivalent to . For classical logic. 2. one of the following two cases holds. can lead to an exponential increase of the formula size (see [Reckhow. this can be strongly exploited by using prenex and Skolem forms. however. respectively. the connectives $ and ! can be eliminated before. by Proposition 34(6) and (7). A ﬁrst-order formulae is said to be a prenex Qn xn F .1 Prenex and Skolem Formulae DEFINITION 50 (Prenex form). Now. For an efﬁcient solution of a logical problem. and after ﬁnitely many iterations prenex form is achieved. and the Replacement Lemma (Lemma 32). the time needed for carrying out this procedure is bounded by a polynomial in the size of the input. and _ into prenex form—by the deﬁnition of formula assignment.138 REINHOLD LETZ 2 NORMAL FORMS AND NORMAL FORM TRANSFORMATIONS A logical problem for a ﬁrst-order language consists in the task of determining whether a relation holds between certain ﬁrst-order expressions. the formula obtained from by substituting all occurrences of :QxF in by Qx:F is strongly equivalent to . without affecting strong equivalence. 1. ^. We give a constructive method to transform any formula over the connectives :. Consequently. 8 or 9. therefore. with Q we denote the quantiﬁer 9 respectively 8. 1976]). are quantiﬁers and F is quantiﬁer-free. 2. then. has a subformula of the structure :QxF . 1 i n. We call F the matrix of . by the Replacement Lemma. there is a formula in prenex Proof. clearly and 0 = Qy(F fx=yg G) or Qy(G F fx=yg). where formula or in prenex form if it has the structure Q1 x1 the Qi . The removal of $. in either case one can move quantiﬁers in front without affecting strong equivalence. It is obvious that. PROPOSITION 51. the formula obtained by replacing all occurrences of in by 0 is strongly equivalent to . it is very important to know whether it is possible to restrict attention to a proper sublanguage of the ﬁrst-order language. has a subformula of the structure (QxF G) or (G QxF ) where is ^ or _. and the resulting prenex formula has less than double the size of the initial formula. then. let y be a variable not occurring in . are strongly equivalent.

then strongly implies . xn )g. we show that. If f is an n-ary function symbol not occurring in any formula of S (we say that f is new to S ). xn the variables that are free in 9yF . Consequently. : : : . for any term t. I A (9yF ) = >. Let be a Skolemization of a formula w. xn are the free variables in 9yF . A ﬁrst-order formula is said to be a Skolem formula or in Skolem form if it has the form 8x1 8xn F and F is quantiﬁer-free.r. If S is A-satisﬁable. and x1 . : : : . and x1 . : : : . Let S be a set of formulae containing a formula with the structure 8y1 8ym9yF . This is because the removal of existential quantiﬁers facilitates a particularly efﬁcient computational treatment of ﬁrst-order formulae. equivalence must be sacriﬁced. S . for any collection A of variable assignments. Furthermore.t.r. but we show that with a modiﬁcation of merely the meaning of the function symbol f an A-model for S f g can be speciﬁed. Let A be any variable assignment and I any fAg-model for F 0 . By Lemma 45. By assumption.FIRST-ORDER TABLEAU METHODS 139 DEFINITION 52 (Skolem form). the collection of fAg-models does not increase. occurs as a basic component of any calculus for full ﬁrst-order logic. the single step in which an existential quantiﬁer is removed.t. When moving to a Skolemization of a formula. the collection of models may decrease. a repeated application of Lemma 33 yields that = 8y1 8ymF 0 strongly implies . The possibility of transforming any ﬁrst-order formula into Skolem form is fundamental for the ﬁeld of automated deduction. a set of formulae S . Given a formula of a ﬁrst-order language L. DEFINITION 53 (Skolemization). We have introduced a general form of Skolemization which is applicable to arbitrary. for any variable assignment A. PROPOSITION 55. then the formula 8y1 8ym(F fy= f (x1 . When moving to a Skolemization of a formula. 2 S has the structure 8y1 8ym9yF (m 0). First. m 0. for the transformation of formulae into Skolem form. Then. by the deﬁnition of formula assignments. Now let A be any collection of variable assignments that has an A-model I for S .t. : : : . xn )g) is named a Skolemization of w. PROPOSITION 54. Let = 8y1 8ym9yF . I need not be an A-model for . sets of ﬁrst-order formulae in prenex form. f is an n-ary function symbol new to S . First. we deﬁne a total and disjoint partition P on the collection of variable assignments A by grouping together all elements in A that overlap on the variables . Since Afy=tg is an y -variant of A. Proof. is a Proof. This is necessary for the free-variable tableau systems developed in Section 4. then S f g is A-satisﬁable. however. I Afy=tg (F ) = >.r. has the form 8y1 8ymF 0 where F 0 = F fy=f (x1. a set of formulae S and A any collection of variable assignments. if Skolemization of w. the subformula 9yF of is strongly implied by F 0 = F fy=tg. not necessarily closed. but the preservation of A-satisﬁability can be guaranteed.

we have to assume the existence of a well-ordering3 on U . Note that supposing the existence of a well-ordering amounts to assuming the axiom of choice (for further equivalent formulations of the axiom of choice. i. the following estimate can be formulated. consult. respectively. THEOREM 56 (Skolemization Theorem). In order to be able to identify elements in those possibly nondenumerable collections. the collection of objects “with the property” F is unique. .A(xn )) . : : : .e. : : : . too. [Krivine. Every variable occurrence in is bound by exactly one quantiﬁer occurrence in . none of these collec- 0 PROPOSITION 57.r. but y does not occur free in F fy=f (x1 . xn )g) = >. Given a prenex formula of a ﬁrst-order language L. This entails that.:::. Given a formula of a ﬁrst-order language L. 3 A total ordering on a collection of objects S is a well-ordering on S if every non-empty subcollection M of objects from S has a smallest element modulo . which is necessary to deﬁne a mapping.un (F ) and an interpretation I = Iff (using Notation 36).e. Now we can deﬁne a total n-ary mapping f: U n ! U by setting f (u1 . throughout the sequence of Skolemization steps. : : : . whenever a variable occurrence is replaced by a Skolem term. is smaller than size( )2 . therefore. To realize that I is an A-model for . Proof. xn )g) = >. By the assumption of I being an A-model for . un ) = Uu1 . then size( ). xn )g. if is a Skolem formula obtained from via a sequence of Skolemizations. Since the symbol f does not occur in any formula of S . un . we abbreviate with Uu1 . S is A-satisﬁable if and only if S f g is A-satisﬁable. I is an A-model for S .:::.. i. then no variable occurrence within an inserted Skolem term is substituted afterwards.140 REINHOLD LETZ tions of objects is empty. Immediate from the Propositions 54 and 55.t. xn . let M denote the smallest element modulo . 1971]). xn to the objects u1 . Now A and A0 are identical except for the value of y . x1 . : : : . Let PA be the element of the partition P that con0 tains A. for any element of the partition P . for example. : : : . I A (F ) = > f and hence I A (F fy=f (x1 . Deﬁne the variable assignment A0 = Ay(A(x1 ). For any collection M U . a set of formulae S and A any collection of variable assignments. let be a Skolemization of w. for any two variable assignments B and C in any y y element of P : fu 2 U j I Bu (F ) = >g = fu 2 U j I Cu (F ) = >g. I A (F fy=f (x1. I A (9yF ) = >. : : : . By Proposition 37. and the run time of the Skolemization procedure is polynomially bounded by the size of . Concerning the space and time complexity involved in a transformation into Skolem form.:::. Proof.. the length of the string . Clearly.un (F ) the collection of objects determined by the variable assignments that map x1 . consider an arbitrary variable assignment A 2 A. and every variable occurrence in an inserted Skolem term is bound by a universal quantiﬁer. : : : .

Then the Herbrand universe of S is the set of terms deﬁned inductively as follows. The function base SF of S is the set of function symbols occurring in (formulae of) S with arities > 0. let L denote a ﬁrst-order language and aL a ﬁxed constant in the signature of L.FIRST-ORDER TABLEAU METHODS 141 Moreover.. Accordingly. but not for intuitionistic or other logics. then the term f (t1 . 1991]. : : : . Therefore. Ui is a model for the set of formulae. 1. the arity of each inserted Skolem function is bounded by the number of free variables in plus the number of variables in the quantiﬁer preﬁx of . : : : . and a sentence F . 2. any deterministic execution of the Skolemization procedure can be done in polynomial time. 1. Given a (set of) formula(e) S of a ﬁrst-order language L with Herbrand universe U . 1960] and [Bibel. tn ) is in the Herbrand universe of S . Some of those are considered in [Wallen. Prenexing and Skolemization only work for classical logic. for any universe U .2 Herbrand Interpretations The standard theorem proving procedures are based on the following obvious proposition. it is sufﬁcient to examine only the interpretations for one particular domain. Given a set of sentences only if f:F g is unsatisﬁable. for formulae in Skolem form. Every element of the constant base of S is in the Herbrand universe of S . With SC we denote the set of constants occurring in (formulae of) S . j= F if and DEFINITION 59 (Herbrand universe (inductive)). the output size is quadratically bounded by the input size. A further fundamental result for the efﬁcient computational treatment of ﬁrst-order logic is that. Since in the Skolemization operation merely variable replacements are performed. more sophisticated methods are needed to encode the nesting of the connectives and quantiﬁers. means to prove. If t1 . tn are in the Herbrand universe of S and f is an n-ary function symbol in the function base of S . The constant base of S is SC if SC is non-empty. the problem of determining whether a sentence is logically implied by a set of sentences can be reformulated as an unsatisﬁability problem. DEFINITION 60 (Herbrand interpretation). however. the Herbrand universe of the set of formulae. Demonstrating the unsatisﬁability of a set of formulae of a ﬁrst-order language L. I maps every constant in SC to itself. 2. Let S be (a set of) formula(e) of L. and the singleton set faL g if SC = . A Herbrand interpretation for S is an interpretation I for the pair hL. 1989. that no interpretation for hL. and in Chapter 5 of this book (see also [Prawitz. PROPOSITION 58. 1987]). . Ui meeting the following properties. Subsequently. In those cases. Ohlbach.

I is a model for S . 2. EXAMPLE 62. and the question whether a model exists can always be solved by restricting attention to Herbrand interpretations. Let I 0 be an interpretation with arbitrary universe U 0 which is a model for S . tn ) 2 U : h(c) = I 0 (c). First. then it has a Herbrand model. then it may be necessary to move to an extended ﬁrst-order language 0 that contains enough function symbols of every arity. For every constant c 2 U : Now let A be an arbitrary variable assignment A from L to U . For every n-ary predicate symbol P . but it has no Herbrand model. and any n-tuple of objects ht1 . tn i f (t1 . 3. L . we deﬁne a mapping h: U ! U 0 . if S has a model. : : : . The induction base is evident from the deﬁnition of I . the Herbrand universe is always rich enough to be used as a representative for any other universe. Every satisﬁable (set of) ﬁrstorder formula(e) S has a model with a countable universe. Proof. : : : . For formulae in Skolem form. Next. The formula 9x(P (x) ^ :P (a)) is satisﬁable. For every term f (t1 . and let U denote the Herbrand universe of S . n 0. : : : .142 REINHOLD LETZ 2. For formulae that are not in Skolem form. For any (set of) ﬁrst-order formulae S in Skolem form. 1. THEOREM 63 (L¨ owenheim-Skolem theorem). h(tn )i 2 I 0 (P ). I maps every function symbol f in SF with arity n function that maps every n-tuple of terms ht1 . The fact that Herbrand interpretations are sufﬁcient for characterizing modelhood in the case of Skolem formulae can be used for proving the L¨ wenheimo Skolem theorem. let S 0 be a (set of) ﬁrst-order formula(e) obtained from S by prenexing and Skolemization. : : : . h(f (t1 . : : : . as illustrated with the following simple example. Consequently. It can be veriﬁed easily by induction A0 on the construction of formulae that I 0 (S ) = > entails IA (S ) = >. : : : . : : : .4 By 4 If S is an inﬁnite set of formulae and the Herbrand universe of S already contains almost all function symbols of a certain arity. h(tn )). and the induction step follows from Deﬁnition 26. Proof. Given any satisﬁable (set of) ﬁrst-order formula(e) S . this does not work. we deﬁne a Herbrand interpretation I for S . : : : . as follows. With A 0 we denote the functional composition of A and h. tn i 2 I (P ) if and only if hh(t1 ). tn ). tn i 2 U n : ht1 . tn )) = I 0 (f )(h(t1 ). > 0 to the n-ary 2 U n to the term PROPOSITION 61.

there exists a Herbrand model I for S 0 with a countable Herbrand universe. Given a (set of) formula(e) S of a ﬁrst-order language L with Herbrand universe U . written BS . 2. : : : . the negation signs are pushed immediately before atomic formulae. tn ). I must be a model for S . S 0 must be satisﬁable. By Propositions 51 and 54. The resulting formula is in clausal form. Finally. by items 7 and 6 of Deﬁnition 26 of formula assignment. with P 2 SP and ti 2 U . in Skolem form there exists a After prenexing and Skolemizing a formula. it is a standard technique in automated deduction to transform the resulting formula into clausal form. Working with Herbrand interpretations has the advantage that interpretations can be represented in a very elegant manner. First. We shall exploit this fact and occasionally use subsets of the Herbrand base for denoting Herbrand interpretations. Secondly. apply _-distributivity from left to right until no conjunction is dominated by a disjunction. . the connectives $ and ! are removed. is a clause. DEFINITION 67 (Clausal form (inductive)). for every 1 i n. is the set of all atomic formulae P (t1 . DEFINITION 64 (Herbrand base). since obviously every Herbrand universe is countable. Let F be the matrix of a ﬁrst-order formula in Skolem form. NOTATION 65. too. with m 1 and the Li being literals.3 Formulae in Clausal Form DEFINITION 66 (Clause). Every Herbrand interpretation H of a (set of) formula(e) S can be uniquely represented by a subset H of the Herbrand base BS of S by deﬁning H(L) = > if L 2 H ? otherwise for any ground atom L 2 BS . 1. For any ﬁrst-order formula strongly equivalent formula in clausal form. using recursively Proposition 34(1) and de Morgan’s laws (2) and (3). Any formula c of the form 8x1 8xn (L1 _ _ Lm). Each literals Li is said to be contained in c. Any clause is in clausal form. If F is in clausal form and c is a clause. The predicate base SP of S is the set of predicate symbols occurring in (formulae of) S . then c ^ F is in clausal form. by Proposition 61. We perform the following four equivalence preserving operations. The Herbrand base of S . Then.FIRST-ORDER TABLEAU METHODS 143 Propositions 51 and 55. successively. 2. PROPOSITION 68. Proof. n 0.

1 Quantiﬁer Elimination in Unifying Notation The tableau method for propositional logic exploits the fact that all propositional formulae that are not literals can be partitioned into two syntactic types. only two inference rules are needed. 1959 ] and elaborated by Hintikka in [1955] and others. Accordingly. named the -type. This straightforward generalization speeds up the decomposition of formulae. . even for matrices not containing $. and the existential type. and the transformed formula logically implies the source formula. 1990]) are satisﬁability and unsatisﬁability preserving. as deﬁned in Table 2 where t ranges over the set of ground terms and c over the set of constants of a ﬁrst-order language. for all formulae over the connectives :. Likewise. named the -type. There exists no equivalence preserving polynomial transformation of a matrix into clausal form. or a disjunctive type. we permit subformulae sequences of more than two formulae. called the -type. Those transformations (see [Eder.144 REINHOLD LETZ It can easily be veriﬁed that.and the -rule. Altogether. called the . To any ﬁrst-order sentence F of any connective type ( or ) a sequence of sentences different from F will be assigned. Therefore. will be essentially Smullyan’s. the given transformation may lead to an exponential increase of the formula size. this results in the following classiﬁcation and decomposition schema for ﬁrst-order sentences—arbitrary ﬁrst-order formulae containing free variables will be treated in the next section. even if $ does not occur in the matrix (see [Reckhow.or -subformulae sequence of F . 3. 1985. While the subformula sequence and hence the decomposition of any formula of a connective type is always ﬁnite.and the -rule. a conjunctive type. by exploitation of the associativity of the connectives _ and ^. This uniformity extends to the ﬁrst-order language. which is developed in this section. called the -type. respectively. 3 FIRST-ORDER SENTENCE TABLEAUX The tableau method was introduced by Beth in [1955. called the . But there are polynomial transformations if logical equivalence is sacriﬁced. respectively. A ﬁrst-order sentence F of any quantiﬁcation type ( or ) has possibly inﬁnitely many . just two further inference rules will be needed. the tableau calculus for closed ﬁrst-order formulae. in that just two more syntactic types are needed to capture all ﬁrst-order formulae. Section 2 in the ﬁrst chapter of this book). but the most inﬂuential standard format was given by Smullyan in [1968] (cf. as deﬁned in Table 1.or -subformulae. the universal type. so that the typical logical problems—unsatisﬁability detection or model ﬁnding if possible—can be solved by considering the transformed formula. the . Note that. this cannot be achieved in general. 1976]). _. Boy de la Tour. ^ and !.

Trees will be viewed as downwardly growing from the root.or -type and its subformula w.. Connective types and -. Thus. . -. we say that F appears or is on B and in T . : : : . DEFINITION 70 (Formula complexity). . .e.‘ n ’ or ‘ 1 ’. Fn :(F1 ^ ^ Fn ) :F1 . A formula F 0 is called a tableau subformula of F if the pair hF 0 .or -type will be denoted with ‘ ’ or ‘ ’. the decomposition rules have the following fundamental proof-theoretic property. If a formula is the label of a node on a branch B of a formula tree T . :G Conjunctive -subformulae sequence Disjunctive -subformulae sequence F1 _ _ Fn F1 . The formula complexity of a formula F is the number of occurrences of formulae in F . :Fn F !G :F. G Existential -subformulae Table 1. Quantiﬁcation types and -. This assures that there can be no inﬁnite decomposition sequences. we will write ‘ ’ or ‘ ’ and ‘ (t)’ or ‘ (t)’. DEFINITION 73. We do not formally introduce trees. Any -. Fn :(F1 _ _ Fn ) :F1 . in this order.r. i. ordered trees with the nodes labelled with formulae.. : : : . NOTATION 72. Moreover. Nn . PROPOSITION 71. or -subformula F 0 of a formula F is named an immediate tableau subformula of F .t. : : : . . As in the propositional case. for a formula of the . -subformulae sequences Universal -subformulae 8xF :9xF F fx=tg :F fx=tg 9xF :8xF F fx=cg :F fx=cg Table 2. a formula of the . :Fn :(F ! G) F. and we permit trees to be inﬁnite. the decomposition schema guarantees that all tableau subformulae of a sentence are sentences. respectively. and the formulae in its subformula sequence with ‘ 1 ’. a term t. With B F1 j j Fn we mean the result of attaching n > 0 new successor nodes N1 .FIRST-ORDER TABLEAU METHODS 145 ::F F F1 ^ ^ Fn F1 . respectively. the following abbreviations will be used. We shall often use suggestive meta-symbols for naming formulae of a certain type. . fan- . . ﬁrst-order tableaux are particular formula trees. Every tableau subformula of a formula F has a smaller formula complexity than F . -. F i is in the transitive closure of the immediate tableau subformula relation. : : : . Furthermore. -subformulae DEFINITION 69. : : : . Obviously.‘ n ’.

if i is an -subformula of a formula on B . and a If T is a sentence tableau for a singleton set f g. if t is a ground term and a formula occurs on B . (c). Every one-node formula tree labelled with a formula from S is a sentence tableau for S . for any formula F 2 S . if c is a constant new to S and to the formulae in T . 1968] according to which B has to be modiﬁed to B n in a single inference step. The 1 need for this will become clear at the end of the section when we introduce the regularity reﬁnement. Let S be any set of sentences of a ﬁrst-order language L. .146 REINHOLD LETZ ning out of the end of B and labelled with the formulae F1 . We shall often treat the branch B of a formula tree as the set of formulae appearing on B . 5 Note that this rule is slightly more ﬂexible than the standard -rule as presented in [Smullyan. Inference rules of sentence tableaux for formulae Obviously. we also say that T is a sentence tableau for the formula . we shall also call the nodes complementary. : : : . Any such sequence N1 . we say that F or N is used. The inference rules of sentence tableaux for formulae are summarized in Figure 2. formula appears on B . the ancestor immediately above N is termed its predecessor. if 1 . When a decomposition rule is performed on a formula F at a node N . : : : . DEFINITION 74 (Sentence tableau (inductive)). If B is a branch of a sentence tableau T for S . All nodes above a node N on a branch are called its ancestors.5 j n . If two nodes in a tableau are labelled with complementary formulae. B F . i 1j j n (for any ground term t) (t) (for any new constant c) (c) Figure 2. the formula rule denoted with (F) can be omitted. (t). respectively. then the formula trees obtained from the following ﬁve expansion rules are all sentence tableaux for S : ( ) ( ) ( ) ( ) (F) B B B B formula i . n is the -subformula sequence of a 1 j on B . : : : . Fn . Based on the developed formula decomposition schema. Nn is termed a family in T . ﬁrst-order tableaux for sentences are deﬁned inductively. if the input set contains just one formula.

z ) (6) XXX X (7) :P (b.z ))) (1) (2) :(8y 8zP (y. a)) (3) (9) P (b. y. y. then S f i g is satisﬁable. An atomically closed sentence tableau In Figure 3. a node N is called (atomically) closed if all branches through N are (atomically) closed. otherwise the tableau is called (atomically) open. y.f (a.f (x. and (atomically) open otherwise.f (x. For every tableau expansion step. for every -subformula i of . f (a. f (a. b.FIRST-ORDER TABLEAU METHODS 147 DEFINITION 75 (Closed tableau). z )) ! (8yP (y. g (b). Let S be any satisﬁable set of ﬁrst-order sentences. PROPOSITION 76. z )) (2) (4) :(8yP (y. Note that all branches of the tableau are atomically closed. f (a. z )) (12) (13) P (g (b). f (a. z )) (8) (11) :P (g (b). otherwise the branch is termed (atomically) open. Finally. a)) (5) (6) :8y 9zP (g (y ). Similarly. x)) ^ 8y 9zP (g (y ). the respective type of tableau expansion rule and the used ancestor node are annotated at the connecting vertices.f (a.z )) XXX (4) (5) :8yP (y. (1) If 2 S .f (a. A closed sentence tableau for a set of sentences S represents a correct proof of the unsatisﬁability of S . a)) (3) (10) :9zP (g (b). y. a tableau is termed (atomically) closed if its root node is (atomically) closed. g (b). y. a)) Figure 3. f (a. f (a. b. b. a)) (12) 8zP (g (b). a larger sentence tableau for a ﬁrst-order sentence is displayed that illustrates the application of each tableau rule. . a)) ^ 8y 9zP (g (y ).f (a. a)) ^ 8y 9zP (g (y ). The correctness of the tableau approach as a proof method for ﬁrst-order sentences is based on the fact that the decomposition rules are satisﬁability preserving.z ))) (2) (3) 8y 8zP (y. z ) (10) (8) 8zP (b. y. f (a. g (b). A branch B of a tableau is called (atomically) closed if an (atomic) formula F and its negation appear on B . z )) ! (8yP (y. y. (1) :9x(8y 8zP (y.

for some -subformula i of . PROPOSITION 77 (Soundness of sentence tableaux). hence (4) follows from Proposition 55. Items (1) and (2) are immediate from the deﬁnition of formula assignment. Proposition 76 guarantees that one of the new branches in T 0 is satisﬁable. in this case. settling the undecidability of ﬁrst-order logic. Proof.t. 2 S . for any constant c that is new to S . (3) is a consequence of the soundness of substitution application (Proposition 46). whereas. lastly. either T contains B . S is Proof. consider any tableau T for S generated with n +1 expansion steps. this permits the generation of decision procedures based on tableaux. Clearly. 3. but merely semi-decision procedures. A branch of a tableau for a set of formulae S is called satisﬁable if S B is satisﬁable where B is the set of formulae on the branch. For certain formula classes. 2 S . that every sentence tableau for a satisﬁable set of sentences S has a satisﬁable branch. 7 Thus 6 This . by induction on the number of tableau expansion steps. when subscribing to Church’s Thesis. The induction base is evident.r. (c) is a Skolemization of w.148 REINHOLD LETZ (2) If (3) If (4) If 2 S . By the induction assumption. 1928] is the analyticity of the decomposition rules. Or B is expanded. which was proved by Church in [1936] and Turing in [1936]. since is assumed as closed and c is new to S . the satisﬁability of sets of ﬁrst-order formulae (or the non-validity of ﬁrst-order formulae) cannot be effectively recognized. A fundamental proof-theoretic advantage of the tableau method over synthetic proof systems like axiomatic calculi [Hilbert and Ackermann. every satisﬁable branch must be open. If a set of sentences satisﬁable. then S f (c)g is satisﬁable. For the induction step. which will be discussed below. then every sentence tableau for S has an open branch. We use the following notation.7 result was ﬁrst demonstrated by G¨ odel in [1930]. S . The formulae in a tableaux are in the reﬂexivetransitive closure of the tableau subformula relation on the input set.2 Completeness of Sentence Tableaux First-order logic differs from propositional logic in that there are no decision procedures for the logical status of a set of formulae. then S f (t)g is satisﬁable. there exist effective mechanical methods for verifying the unsatisﬁability of sets of ﬁrst-order formulae (or the logical validity of ﬁrstorder formulae6). Now. then S f i g is satisﬁable. T 0 has a satisﬁable branch B . for any ground term t. in which case T 0 has a satisﬁable branch. We prove. Let T 0 be a tableau for S from which T can be obtained by a single expansion step. More precisely.

for all formulae F in S with formula complexity < n.FIRST-ORDER TABLEAU METHODS 149 The tableau calculus represents such an effective mechanical proof method. The set S is called downward saturated provided: 1. If F is a . it deﬁnes a Herbrand interpretation H. if S contains an . 3. Since U is the universe of H and since H (being a Herbrand interpretation) maps every term t to itself. DEFINITION 78 (Downward saturated set). by the downward saturatedness of S and the induction assumption. again by the deﬁnition of downward saturation. 2. 3. Finally. then it contains all its -subformulae. we will provide a completeness proof of sentence tableaux. The formula complexity of every tableau subformula of F is < n. 2. Every atomic Hintikka set (and hence every Hintikka set) is satisﬁable. H(F ) = >. by the induction assumption. using Notation 65. if H( (c)) = >. for some constant c 2 T . (c) with c being a constant in U . In this part. Let S be an atomic Hintikka set. The induction base is evident. by the deﬁnition of downward saturation. Consider any non-literal formula F 2 S with formula complexity n. by downward saturation and the induction assumption . then. if S contains a . H( i ) = >. H( (t)) = >. since H does not contain an atomic formula and its negation. By the induction assumption. assume that H(F ) = >. H(F ) = >. that the formula assignment of H maps all formulae in S to >. for all variable assignments A to U . then it contains all 4. If F is a = 8xF 0 . Let S be a set of ﬁrst-order sentences and U the Herbrand universe of S . 4. We show that some Herbrand interpretation of S is a model for S . then. F is a . If F is an . We show. H( i ) = >. some i is in S . therefore. For the induction step. Let H denote the set of ground literals in S . for any term t in the Herbrand universe U of S . if S contains a . Therefore. Since. by induction on the formula complexity. LEMMA 80 (Hintikka’s Lemma). H(F ) = >. An essential concept used in this proof is that of a downward saturated set of sentences. if S contains a . HA (F 0 ) = H(F 0 fx=A(x)g) = >. DEFINITION 79 (Hintikka set). 1. every i is in S . By an (atomic) Hintikka set we mean a downward saturated set which does not contain an (atomic) formula and its negation. therefore H(F ) = >. Proof. then it contains at least one of its -subformulae. First. then it contains a (t) with t 2 U .

. The systematic tableau sequence of S w. otherwise not. Let be the smallest formula in S modulo . Furthermore.150 REINHOLD LETZ After these preliminaries. Such tableaux are called systematic tableaux. we have to provide means for making sure that any formula in the set will be taken into account in the tableau construction. we have to determine. and S any set of closed ﬁrst-order formulae. and number label 0 is the ﬁrst If Tn is the n-th element in T and has nodes with number labels. if some formula in S is not on some branch passing through N . For the node selection. we can come back to tableaux. since systematic tableaux shall be introduced for the most general case in which the set of input formulae may be inﬁnite. If a tableau T contains nodes with number labels. For the term selection needed in the quantiﬁer rules. to which closed term the respective variable has to be instantiated. from where the next formula has to be taken. The one-node tableau T0 with root formula element of T . we equip the nodes of tableaux with an additional number label. and 2. expressing whether the formula at the node can be used for a tableau expansion step or not. We are now going to demonstrate that the tableau construction can be made completely deterministic and yet it can be guaranteed that the tableau will eventually close if the set of input formulae is unsatisﬁable. DEFINITION 82 (Systematic tableau (sequence) (inductive)). if necessary. DEFINITION 81 (Usable node). otherwise T has no usable node. then the formula at the node will be a possible candidate for a tableau expansion step.t. In order to make the expansion deterministic. Concerning the fairness problem in case the set of input formulae be inﬁnite. let N be the usable node of Tn with formula F and number k . respectively. Let be a mapping from N 0 onto the set of ground terms and a total ordering on the set of formulae of a ﬁrst-order language L.r. let G denote the smallest such formula modulo . 1. then from all the nodes labelled with the smallest number the leftmost one with minimal tableau depth is called the usable node of T . Furthermore. Now expand each open branch B passing through N to: . many possible expansion steps are possible in a certain situation. i. we employ a total ordering on the set of closed terms. If a node carries a number label. we use an additional total ordering on the formulae.e. Both selection functions together can be used to uniquely determine the next tableau expansion steps. and is the following sequence T of tableaux for S . for the case of the quantiﬁer rules. The tableau calculus is indeterministic.

DEFINITION 83 (Nondestructiveness). remove the number label from N . 2. then all -subformulae of F must be on B . if F is of type with -subformula sequence 1. For any (atomically) open branch B of a saturated systematic tableau. if F is of type . Next. With T we denote the smallest formula tree containing all tableaux in T as initial segments. Let B be any (atomically) open branch of a saturated systematic tableau. it is guaranteed that the branch B satisﬁes the following condition: for any formula F on B . otherwise C is called destructive. a closed systematic tableau is shown with (0) = a and (1) = b. . PROPOSITION 85. The following structural property of sentence tableaux plays an important role. B [ G ] (c) if F is of type and c is the smallest constant modulo not occurring in T . 3. A tableau calculus C is called nondestructive if. The tableau resulting from the entire operation is the n +1-st element of the sequence T . if F is of type . if F is of type . whenever a tableau T can be deduced from a tableau T 0 according to the inference rules of C . DEFINITION 84 (Saturated systematic tableau). if F is of type . if F is of type . if F is not of type . for any system of tableau inference rules. Let T be a systematic tableau sequence for a set of ﬁrst-order formulae S . then T 0 is an initial segment of T . n. 4. Since obviously the calculus of sentence tableaux is nondestructive.FIRST-ORDER TABLEAU METHODS 151 1. B[ G] 1 n . If Tn has no usable node. remove the number labels from all nodes that have become atomically closed through the expansion steps. : : : . We formulate it generically. Then give every newly attached node the number label 0 if its formula label is not a literal. n. 2. Finally. it is the last element of T . According to the deﬁnition of systematic tableau. if F is of type with -subformula sequence . the set of formulae on B is a(n atomic) Hintikka set. : : : . B [ G ] ( (k)). then some -subformulae of F must be on B . then some -subformula of F must be on B . Proof. 3. otherwise change the number k at N to k +1. T is called a saturated systematic tableau of S . 4. 1 B [ G ] 1 j j n . 1. then all -subformulae of F must be on B . one can form the (tree) union of all the tableaux in a systematic tableau sequence. In Figure 4.

a) (9) (11) (P (b. Now the refutational completeness of tableaux is straightforward. a) ! :P (a. hence S is a(n atomic) Hintikka set.a) ^ (P (b. there would exist an atomic Hintikka set for the set S 0 of formulae on B and. a)) (7) :P (b. a model I for S 0 . First. b) ! :P (a. In order to recognize the ﬁniteness of T . then there exists a ﬁnite atomically closed sentence tableau for S . a) ^ (P (b. hence I would be a model for S . no (atomic) formula and its negation are in S . b) ! :P (a. An atomically closed systematic tableau So the set S of formulae on B is downward saturated. a))) (3) (4) (P (a. a) X X (9) (P (b. x) ! :P (a. contradicting the unsatisﬁability assumption. a) (3) XXXXX (6) (8) :P (a. If S is an unsatisﬁable set of ﬁrst-order sentences. This proves that every branch of T must be atomically closed. x) ! :P (y. Assume. indirectly. y ))) (1) (2) 9z 8x(P (x. Let T be a saturated systematic tableau for S . THEOREM 86 (Sentence tableau completeness).a) ^ (P (z. by Proposition 85. a))) (2) (3) 8x(P (x. x) ! :P (a. by Hintikka’s Lemma. a) ^ (P (b. that T contained an atomically open branch B . Now. Proof. we show that T must be atomically closed. by the deﬁnition of saturated systematic tableau. a) (4) (6) (P (b. a) ! :P (a. a))) (9) (10) P (b.y ) ^ (P (z. . Since B is (atomically) open. a)) Figure 4. a))) (4) (5) P (a. S S 0 .152 REINHOLD LETZ (1) 9y 9z 8x(P (x. Then.

o The generality of our systematic tableau procedure permits an easy proof of a further fundamental property of ﬁrst-order logic. Since.FIRST-ORDER TABLEAU METHODS 153 note that the closedness of any branch of a systematic tableau entails that it cannot have a branch of inﬁnite length. we can associate with S the collection of the initial ground sets of all closed quantiﬁer preferring sentence tableaux for S . a closed quantiﬁer preferring tableau exists. None of those properties is guaranteed to hold for sets containing formulae which are not in prenex form. the Herbrand complexity can be used as a calculus-independent refutation complexity measure for unsatisﬁable sets of formulae. A tableau is called quantiﬁer preferring if on any branch all applications of quantiﬁer rules precede applications of the connective rules. without increasing its size or affecting its closedness. the set of formulae on this branch up to the node N is called the initial set of the tableau. play an important rˆ ole as a complexity measure. then the initial ground set of T is unsatisﬁable. By Theorem 86. Sentence tableaux can also be used to illustrate the basic Herbrand-type property of ﬁrst-order logic that with any unsatisﬁable set of prenex formulae one can associate unsatisﬁable sets of ground formulae as follows. Any unsatisﬁable set of ﬁrst-order sentences has a ﬁnite unsatisﬁable subset. by the soundness of tableaux. S 0 is ﬁnite and. and the set of ground formulae in the initial set is termed the initial ground set of T . Since the branching rate of any tableau is ﬁnite. there exists a ﬁnite closed tableau T for S . THEOREM 87 (Compactness Theorem). . for any unsatisﬁable set S of prenex formulae. It is evident that we can reorganize any tableau for a set of prenex formulae in such a way that it is quantiﬁer preferring. S 0 must be unsatisﬁable. PROPOSITION 89. S of DEFINITION 90. DEFINITION 88. Such a tableau begins with a single branch containing only quantiﬁer rule applications up to a node N below which only connective rules are applied. in particular the ones with minimal complexity. Let S be any unsatisﬁable set of ﬁrst-order sentences. Proof. The Herbrand complexity of an unsatisﬁable set S of prenex formulae is the minimum of the complexities8 of the initial ground sets of all closed quantiﬁer preferring sentence tableaux for S . Since the quantiﬁer rules of tableaux are not speciﬁc to the tableau calculus. If T is a closed quantiﬁer preferring tableau for a set ﬁrst-order formulae. This measure may also be extended to 8 As the complexity of a set of formulae one may take the sum of the occurrences of symbols in the elements of the set. Let S 0 be the set of formulae in S appearing in T . (by K¨ nig’s Lemma) T must be ﬁnite. The sets in this collection.

A tableau calculus C is called proof conﬂuent or just conﬂuent (for a class of formulae) if. A tableau construction is strict if every .3 Reﬁnements of Tableaux The calculus of sentence tableaux permits the performance of certain inference steps that are redundant in the sense that they do not contribute to the closing of the tableau. DEFINITION 91 (Conﬂuence).9 PROPOSITION 92. a conﬂuent (tableau) calculus does never run into dead ends. In order to avoid such redundancies. Nonconﬂuence may have strong consequences on the termination behaviour and the functionality of a calculus. simply repeat the construction of TB . e.154 REINHOLD LETZ formulae which are not in prenex form. we discuss the notion of strictness which is a reﬁnement of the tableau rules. by working with transformations of the formulae in prenex form (see also [Baaz and Leitsc. Sentence tableaux are conﬂuent for ﬁrst-order sentences. Adapted to our framework. By the completeness of sentence tableaux. Let T be any sentence tableau generated for an unsatisﬁable set of sentences S .g. for any branch B in T . . Proof. one can restrict the tableau rules and/or impose conditions on the tableau structure. there exists a closed sentence tableau TB for S B . The strictness condition is motivated by the deﬁnition of systematic tableaux. In the subsequent sections. we shall introduce tableau calculi and procedures that are not conﬂuent and for which no systematic procedures of the type presented in this section exist. particularly. At the leaf of any branch B of T . the lack of conﬂuence may also require completely different approaches towards proving completeness. it reads as follows. we come to an important proof-theoretic virtue of sentence tableaux. First. for any unsatisﬁable set S of formulae (from the class). Next. As we shall see. Consequently. [Huet. since obviously any systematic tableau construction is strict. any occurrence of an i in is used only once a branch. Loosely speaking. 1980]. 3. which we introduce generically for any system of tableau rules.. DEFINITION 93 (Strict tableau).and -node is used only once on a branch and for any -node. from any tableau T for S constructed with the rules of C a closed tableau for S can be constructed with the rules of C . the 9 Note that the notion of conﬂuence used here slightly differs from its deﬁnition in the area of term rewriting (see. 1992]). when one is interested in decision procedures or in model generation for (sublanguages of) ﬁrst-order logic.

which obviously is completely useless. The regularity restriction can easily be integrated into systematic tableaux. 10 This . Strictness can also be implemented very efﬁciently by simply labelling nodes (or occurrences of tableau subformulae at nodes) as already used on a branch. i. In order to integrate the -rule restriction of strictness. for which no closed regular tableau exists if the traditional -rule is used. we call a tableau strictly regular if it is strict and regular. A stronger tableau restriction concerning the connective rules is achieved with the following structural condition. the resulting formula tree T 0 is smaller in size and (according to Deﬁnition 74) T 0 is a sentence tableau for S . The branch remains closed. one below the other.e. the connective rules) the regularity condition is a more powerful mechanism of avoiding suboptimal proofs than the strictness condition. Proof. We permit that only one -subformula can be attached. This is particularly detrimental if it happens in a -rule application where new branches with new proof obligations are produced. Let T be any closed irregular sentence tableau for a set S and N any node dominated by a node labelled with the same formula. by simply omitting the attachment of nodes B F1 j j Fn if one of the Fi already is on the branch B . PROPOSITION 96. on no branch.t. A formula tree is called regular if.r. we have generalized the -rule in order to achieve compatibility with regularity. DEFINITION 94 (Regular tableau). Every closed sentence tableau of minimal size is regular. Since (w.10 The following fact demonstrates that tableaux which are irregular can be safely ignored. that every closed irregular sentence tableau T is not minimal in size. is an interesting illustration of the fact that an unfortunate presentation of inference rules can block certain obvious pruning mechanisms.. whereas the traditional format requires to append all -subformulae at once. The size of a formula tree is the sum of the symbol occurrences in the formulae at the nodes of the tree. An obvious example is the unsatisﬁable formula (p ^ q ) ^ (p ^ :q ). a formula appears more than once. A further fundamental reﬁnement of sentence tableau concerns the -rule. It is straightforward to realize that regularity is not compatible with the traditional deﬁnition of the -rule. But strictness does not perform optimal redundancy elimination. We show the contraposition. DEFINITION 95.FIRST-ORDER TABLEAU METHODS 155 strictness condition is completeness-preserving. since it does not prevent that one and the same formula may appear twice on a branch. The main reason why regularity has not been used in the traditional presentation of tableaux lies in the different deﬁnition of the -rule here and there. Prune the branch by taking out the node N and its brothers (if existing) and attach the successors of N (if existing) to the predecessor of N .

y) ! 9yP (y. . y ) (2) (2) (1) (4) :9yP (y. F = :8x(9yP (x. we can rearrange T in such a way that all formula rule applications are performed ﬁrst. a) (7) :P (b. b) (3) (4) (4) (4) (4) :9yP (y. x)) (2) :(9yP (a. since the number of ground terms that can be selected for (4) is ﬁnite. (6) :P (a. there exists a(n atomically) closed Herbrand tableau T 0 for S with less or equal size than T . Now consider any -step in the . x)) (1) (1) :8x(9yP (x.a)) (3) 9yP (a. as shown in Figure 98. a)) (3) 9yP (a. But unfortunately.y ) ! 9yP (y. y ) (2) (2) (1) :8x(9yP (x. a) (5) P (a. Herbrand tableaux are deﬁned like sentence tableaux. The Herbrand restriction on the -rule may signiﬁcantly improve the termination behaviour of sentence tableaux. Any strict Herbrand tableau construction terminates.y ) ! 9yP (y. x)) (2) :(9yP (a. since it preserves minimal proof size. since the -rule can be applied again and again using the formula (4). but with the -rule replaced by the Herbrand -rule: ( H ) (t) where t is from the Herbrand universe of the branch. Without increasing the size.156 REINHOLD LETZ DEFINITION 97 (Herbrand tableau). b) (3) H (6) :P (a. EXAMPLE 98. Sentence and Herband tableau for Example 98 The Herbrand restriction on tableaux is as reasonable as regularity. PROPOSITION 99. a) (8) :P (c.y ) ! 9yP (y. Proof. For every (atomically) closed sentence tableau T for a set S . . The formula is satisﬁable. a) . a) (7) :P (b. inﬁnitely large sentence tableau can be constructed for F .y ) ! 9yP (y. a) H (4) (4) all Herbrand terms selected for (4) Figure 5. as illustrated with the formula F given in Example 98. a) (5) P (a.

. for any atomically open branch B through N . Replace any occurrence of t below N with a constant from the Herbrand universe of B . different Herbrand terms may be selected in the systematic tableau construction. It is straightforward to prove. Whenever a at a node N is selected. Herbrand tableaux provide a higher functionality than sentence tableaux. DEFINITION 103 (Weak Skolem. this entails that. the set of atoms on B deﬁnes a Herbrand model for B . datalogic form). if all terms from the Herbrand universe of B have already been selected at N on B .g. Imposing the Herbrand restriction on systematic tableaux preserves completeness. that the formula tree is a sentence tableau for S . the enumeration of ground terms must be organized differently. since Proposition 85 also holds for Herbrand tableaux. Obviously. since a larger class of ﬁrst-order formulae can be decided. by induction on the tableau inference steps. DEFINITION 101 (Systematic Herbrand tableau). attaching a formula (t) to the leaf N of a branch B . as described in the proofs of Propositions 96 and 99. cannot be used for expanding the current leaf of B . for different branches. Since the Herbrand universe may increase during branch expansion. Strictly regular Herbrand tableaux are conﬂuent for ﬁrstorder sentences. e. the modiﬁed formula tree is (atomically) closed and does not increase in size. In particular. it does not affect the inital tree T . Every (atomically) open branch B of a saturated regular systematic Herbrand tableau is a(n atomic) Hintikka set. The procedure results in a closed strictly regular Herbrand tableaux T 00 for S . The Herbrand tableau rule also has an effect on the systematic tableau construction.FIRST-ORDER TABLEAU METHODS 157 tableau that is not Herbrand. PROPOSITION 102. select the smallest term t (modulo the ordering ) from the Herbrand universe of B that has not been selected at N on B . Proof. See the proof of Proposition 85. A sentence is said to be in weak Skolem form if has no tableau subformula of type that has a tableau . hence T 00 is as desired. By the completeness of sentence tableaux. at any leaf of T . Since the modiﬁcation operation is performed from the leaves towards the root. there exists a closed sentence tableau T 0 for S . Simply repeat the construction of T 0 . Proof. moreover. PROPOSITION 100. Finitely many applications of this operation produce a(n atomically) closed Herbrand tableau T 0 for S equal or smaller in size than T . Let T be any strictly regular Herbrand tableau for an unsatisﬁable set of sentences S . Systematic Herbrand tableaux are deﬁned like systematic tableaux except that the -rule application is controlled differently. Now modify the resulting sentence tableau.

Every strictly regular Herbrand tableau for any ﬁnite set S of weak datalogic formulae is ﬁnite. the -step from node (10) :9zP (g(b). this entails that the number of -formulae on any branch must be ﬁnite. at a time when it is not clear whether the substitution will contribute to the closing of a branch. Given any ﬁnite set S of weak datalogic formulae. the Herbrand universe of any branch must be ﬁnite.158 REINHOLD LETZ subformula of type . Both properties demonstrate that Herband tableaux are decision procedures for the class. or with an open branch which deﬁnes a Herbrand model for S . are still too inefﬁcient for a broad application. however. g (b). f (a. Regularity then assures that also the length of any branch must be ﬁnite. Consider. Proof. even regular Herbrand ones. Since no functions symbols of arity > 0 occur in the elements of S . The essential difference concerns the applications of the -rule. The set of weak datalogic formulae is a generalization of the Bernays– Sch¨ nﬁnkel class [1928]. Since a systematic procedure has to enumerate all (Herbrand) instances in a systematic and therefore ‘blind’ manner. respectively. In principle. o PROPOSITION 104. The natural approach for overcoming this problem is to postpone the term selection completely by permitting free variables in a tableau . 4 FREE-VARIABLE TABLEAUX The tableau approach is traditionally useful as an elegant format for presenting proofs. a))g much later. a))g has been selected. The obvious weakness of the -rule is that it enforces to perform ground instantiations too early. it would normally perform the substitution fz=f (a. But systematic procedures. and hence the set of formulae occurring on a branch. g (b).. A systematic tableau would be much larger. either with a closed tableau if S is unsatisﬁable. z ) to node (11) :P (g(b). and has no function symbol of arity > 0. the question arises whether the tableau paradigm is also suited for proof‘ search. PROPOSITION 105. systematic tableau procedures could be used for this purpose. see the tableau displayed in Figure 3. g(b). e.g. which is not systematic. With the increasing importance of automatic deduction. Since S is assumed as ﬁnite. only ﬁnitely many new constants can occur on a branch. Because of the strictness condition on the -rule. A sentence is said to be in (weak) datalogic form if is in (weak) Skolem form. The formula structure and the tableau rules guarantee that only -formulae can appear on a branch which occur as subformulae in the elements of S . any regular systematic Herbrand tableau construction terminates. a)) in which the ‘right’ substitution fz=f (a. As an illustration.

Subsequently.. for example. 4. then we say that is a minimal uniﬁer for S. a formula and its negation. the two substitutions = fy=x. A uniﬁer for a set S is called a most general uniﬁer. So one has to integrate uniﬁcation into the tableau calculus. This view of free variables dates back to work of Prawitz [1960]. if is more general than any uniﬁer for S .. Since we can conﬁne ourselves to atomic closures. is the following. f (y )g. on the branch. For any ﬁnite set S of quantiﬁer-free expressions and any substitution . . however. Uniﬁcation will be introduced here for arbitrary ﬁnite sets of quantiﬁer-free expressions. Given the set of terms S = fx. i. In this section. The central uniﬁer concept in automated deduction. Closure of a branch means producing two complementary formulae. DEFINITION 108 (Minimal uniﬁer). The free variables are then treated in a rigid manner.FIRST-ORDER TABLEAU METHODS 159 and to determine the instances later when they can be used to immediately close a branch. Most general uniﬁers have the nice property that any uniﬁer for two atoms can be generated from a most general uniﬁer by further composition. the problem can be reduced to ﬁnding a substitution such that for two literals K and L on the branch: K = L . 11 With jM j we denote the cardinality of a set M . was applied by Bibel [1981] and Andrews [1981]. and incorporated into tableaux. i. x=f (x)g and = fx=f (y)g are both MGUs for S . For a minimal uniﬁer the number of substituted variables is minimal. because it permits to make instantiation optimal with respect to generality. they are not being considered universally quantiﬁed but as placeholders for arbitrary (ground) terms. then S is called uniﬁable. The general notion of a uniﬁer can be subclassiﬁed in certain useful ways.11 then is called a uniﬁer for S . DEFINITION 106 (Uniﬁer). This qualiﬁes MGUs as a useful instantiation vehicle in many inference systems.1 Uniﬁcation Uniﬁcation is one of the most successful advances in automated deduction. by Fitting [1996] (see also [Reeves. DEFINITION 107 (Most general uniﬁer). we will investigate this approach. MGU for short.e. but only is a minimal uniﬁer. we will always assume that S denotes ﬁnite sets of quantiﬁer-free expressions. 1987]). if jS j = 1. then we say that is more general than . If a uniﬁer for a set S has the property that for every uniﬁer for S : j j j j.e. If a uniﬁer exists for a set S . EXAMPLE 109. If and are substitutions and there is a substitution such that = .

fx=tg = fx=t g . and D contains a variable which does not occur in the other term of D. a set of expressions S has a disagreement set if and only if jS j > 1. A particularly useful technical tool for proving the Uniﬁcation Theorem below is the Decomposition Lemma. Operationally. the procedurally oriented concept of a computed uniﬁer will be developed. Let S be any ﬁnite set of quantiﬁer-free expressions and let VS be the set of variables occurring in S . Furthermore. b. since uniﬁes any disagreement set of S . In fact. x does not occur in t. tg of S provided that x does not occur in t. bg. every minimal uniﬁer is a most general uniﬁer. fx. tg be any disagreement set of S with x 6= x . It works by eliminating exactly one variable x from all expressions of the set and by replacing this variable with another term t from a disagreement set fx. If = n fx=x g. y. u). g (a. Consequently. Let be a uniﬁer for a set S with jS j > 1 and let fx. Obviously. g (z. PROPOSITION 115. y. then uniﬁes D. u)g. E2 g of expressions such that the dominating symbols of E1 and E2 are distinct and E1 and E2 occur at the same position as subexpressions in two of the expressions in S . If is a uniﬁer for a set S and D is a disagreement set of S . LEMMA 113 (Decomposition lemma). g (a. PROPOSITION 112. fu. If S is a ﬁnite set of expressions such that from the elements of one of its disagreement sets a proper binding x=t can be formed. v )g. g (z. DEFINITION 114 (Variable elimination and introduction). Now we shall introduce a concept which captures the elementary operation performed when making a set of expressions equal by instantiation. How can we a ﬁnd a minimal uniﬁer for a given set? For this purpose. then S fx=tg is said to be obtainable from S by a variable elimination w. which gives us t = t . First. x = t and x 6= t . v g. The last item of the proposition expresses that any binding formed from any disagreement set of a uniﬁable set must be a proper binding. each member of D is a term. A disagreement set of S is any two-element set fE1 . b. x = t . Putting all this together yields the chain fx=tg = fx=t g = fx=x g = . The following facts immediately follow from the above deﬁnitions. x=t. as will be shown in the Uniﬁcation Theorem (Theorem 118) below. the examination whether a binding is proper is called the occurs-check.t.160 REINHOLD LETZ DEFINITION 110 (Disagreement set). x 2 domain( ). v )g has the following disagreement sets: fa. Proof. EXAMPLE 111. fy. . By Proposition 112. and by the composition of substitu= tions.r. then = fx=tg . z g. The set of terms S = fx. Let S be a ﬁnite set of quantiﬁer-free expressions. fx.

Therefore. let S 0 = S fx=tg be obtained from S by a variable elimination w.r.e.. To recognize (3).r. Only ﬁnitely many sets can be obtained from S by a variable elimination. The deﬁnition of a computed uniﬁer can be seen as a declarative speciﬁcation of an algorithm for really computing a uniﬁer for a given set of expressions. and suppose uniﬁes S . Proof. a binding fx=tg and VS0 is the set of variables occurring in S 0 . . Now we are able to introduce the important notion of a computed uniﬁer. is a (the only) computed uniﬁer for any singleton set of quantiﬁer-free expressions. If S 0 has been obtained from S by a variable elimination w. Then S 0 is the result of replacing any occurrence of x in S by the term t. then the substitution fx=t g = fx=tg of cardinality n +1 is a computed uniﬁer for S .12 12 Historically. which is deﬁned by induction on the cardinality of the uniﬁer. a binding x=t. . For the proof of (1). it follows that x = t .t. and hence only ﬁnitely many sets can be obtained by a variable elimination. so are all sets obtainable from S by a variable elimination. and. Lastly. 2. Hence uniﬁes S 0 . there are no inﬁnite sequences of successive variable elimination steps. The procedure is a generalization of the algorithm given by Robinson in [1965]. 3. let S 0 = S fx=tg be any set obtained from S by a variable elimination.r.t.FIRST-ORDER TABLEAU METHODS 161 1. S i j S 0 can be obtained from S by a variable elimination stepg is well-founded where S and S 0 are arbitrary ﬁnite sets of quantiﬁer-free expressions. If S is uniﬁable. 4. Let = nfx=x g. For (2) note that since there are only ﬁnitely many disagreement sets of S and each of them is ﬁnite. since x=t is proper and t already occurs in S . only ﬁnitely many proper bindings are induced. 2. (4) is an immediate consequence of (3). jS 0 j jS j. which we will present now using a procedural notation. i. the ﬁrst uniﬁcation procedure was given by Herbrand in [1930]. Therefore. to the binding x=t composed from a disagreement set of S . By the Decomposition Lemma (Lemma 113). 1.t. S (fx=tg ) = (S fx=tg) = S 0 . Since uniﬁes every disagreement set of S . then jS 0 j jS j and VS0 = VS n fxg. we get VS 0 = VS n fxg. DEFINITION 116 (Computed uniﬁer (inductive)). If a substitution of cardinality n is a computed uniﬁer for a ﬁnite set S 0 and S 0 can be obtained from S by a variable elimination w. The transitive closure of the relation fhS 0 . we have fx=tg = .

is an MGU for S . Therefore. is the only minimal and computed uniﬁer for any singleton set of quantiﬁer-free expressions S and that . Otherwise Note that the uniﬁcation algorithm is a nondeterministic procedure. Assume the result to hold for any set of expressions with minimal and computed uniﬁers of cardinalities n. let be a minimal uniﬁer for S . And from the chain j 0 j = j j 1 j j 1 = j j it follows that is a minimal uniﬁer for S 0 . increment k by 1 and go to 1. If 0 is any minimal uniﬁer for S 0 . the notion of a computed uniﬁer is an adequate declarative speciﬁcation of the uniﬁcation algorithm. suppose S has only minimal or computed uniﬁers of cardinality > n 0. 1. Then go to 1. 2. If 2. Since j j n. then is a computed uniﬁer for S . This is because there may be several different choices for a disagreement set and for a binding. Evidently. 0 = .. set Sk+1 = Sk fx=tg. is a minimal uniﬁer for S . For the proof of (1). note that . For the induction step. If jSk j = 1. choose one. If S. 1. S0 = S . First. Dk contains a proper binding. quantiﬁer-free expressions. It follows immediately from Proposition 115 (1) and (4) that each uniﬁer output of the uniﬁcation algorithm is indeed a computed uniﬁer and that the procedure terminates. If 3. which is a uniﬁer for S 0 . and that both of them are most general uniﬁers. Let S be any ﬁnite set of quantiﬁerfree expressions.162 REINHOLD LETZ DEFINITION 117 (Uniﬁcation algorithm). output k as a computed uniﬁer for disagreement set Dk of Sk and go to 2. We will prove (1) to (3) by induction on the cardinalities of the respective uniﬁers. then Let S be any uniﬁable ﬁnite set of is a computed uniﬁer for S . respectively. then = fx=tg 0 is a uniﬁer for S and all variables in domain( 0 ) occur in S 0 . the Decomposition Lemma can be applied yielding that 0 = n fx=x g. and k = 0. Let be an arbitrary uniﬁer for S and x=t any proper binding from a disagreement set of S with x 6= x (which exists by Proposition 112). If is a minimal uniﬁer for S . is a . until either there are no variable elimination steps possible. THEOREM 118 (Uniﬁcation Theorem). the uniﬁcation procedure can be directly read off from the deﬁnition of a computed uniﬁer: it just successively performs variable elimination operations. or the resulting set is a singleton set. by the Decomposition Lemma (Lemma 113). We ﬁrst show that is minimal for S 0 . then set k+1 = k fx=tg. by the induction assumption. say x=t. Conversely. Proof. then is a computed uniﬁer for S . We shall demonstrate now that the notions of a minimal and a computed uniﬁer coincide. Let S 0 = S fx=tg and set = nfx=x g. is an MGU for S . Otherwise select a output ‘not uniﬁable’.

x1 ). xn 1 ). We have chosen a highly indeterministic presentation of the uniﬁcation algorithm. is a computed uniﬁer for S 0 . Of course. by the induction assumption. On the other hand. there is a substitution : 0 = . Furthermore. While the cardinality of a most general uniﬁer for a set of expressions S is always bounded by the number of variables in S . and P (f (x0 . then. i. Since x is in some disagreement set of S . : : : . let be a computed uniﬁer for S . The following class of examples demonstrates this fact. notions are treated differently in the literature (see [Lassez et al. it also states that each minimal uniﬁer indeed can be computed by the uniﬁcation algorithm. If P is an (n + 1)-ary predicate symbol and f a binary function symbol.. the complexity of uniﬁcation is a lower bound for the complexity of each advanced calculus. As a consequence. deﬁne Sn as the set containing the atomic formulae P (x1 . f (x1 . Deﬁne = fx=yg if x 2 domain( ) otherwise. . x0 ). for every n > 1. = fx=y gfy=xg. For (2) and (3). By the induction assumption. 1988] for a comparison). This gives us the chain computed uniﬁer for S 0 . this would also entail that S contains expressions with an exponential size.FIRST-ORDER TABLEAU METHODS 163 Since x 2 domain( ). the range of the uniﬁer may contain terms with a size exponential with respect to the size of the initial expressions. xn ). hence there is a substitution : = . This completes the proof of the Uniﬁcation Concerning terminology. = fx=tg is a computed uniﬁer for S . by deﬁnition. EXAMPLE 119. x2 . xn . we have stressed the importance of minimal uniﬁers. The minimality of can be recognized as follows. Therefore our Uniﬁcation Theorem is stronger than normally presented. Then consider the chain For (3). Then. =S is an MGU for S .. by deﬁnition. the Decomposition Lemma yields that if 0 = n fx=x g. either x 2 domain( ) or there is a variable y and y=x 2 . j j = j j = j 0 j + 1 j j + 1 = j j: S = S = S fx=tg 0 = S fx=tg demonstrating that Theorem.e. is minimal for S 0 . it is even permitted to select between alternative disagreement sets. Hence. Let be an arbitrary uniﬁer for S . Polynomial Uniﬁcation Uniﬁcation is the central ingredient applied in all advanced proof systems for ﬁrstorder logic. and 0 is a uniﬁer for S 0 . note that is an MGU for S 0 . xn ). then fx=tg 0 = . : : : . f (xn 1 .

as shown with the directed acyclic graph representing the term xn in the example above: f ! f ! : : :f ! x0 ! ! ! | n times {z } 2. 1978]. One must remember which pairs of expressions had already been uniﬁed in the graph (e. 1. a number of ‘almost’ linear algorithms have been developed. we have the problem of exponential space and. The representation of expressions has to be generalized from strings or trees to (directed acyclic) graphs. there are exponentially many paths through such a graph. the space complexity can be reduced from exponential to linear. all of the mentioned efﬁcient algorithms reduce the uniﬁcation problem to the problem of solving a set of equations. Different solutions have been proposed for doing uniﬁcation polynomially. and one must not repeat those operations. which may still be exponential even if graphs are used. all of those procedures—particularly the one in [Paterson and Wegman. a linear uniﬁcation algorithm is presented. In order to reduce the time complexity.164 REINHOLD LETZ Obviously. How sophisticated this is organized determines whether the worst-case complexity can be reduced to linear or just to quadratic time.g. Furthermore. 1978]—need sophisticated and expensive additional data structures. 1930]. . As a consequence. which render them not optimal for small or average sized expressions. However. Letz. any uniﬁer for an Sn must contain a binding xn =t such that the number of symbol occurrences in t is greater than 2n . In [Paterson and Wegman. Therefore. 1993]. since. This algorithm turns out to be very efﬁcient in practice. also of exponential time. 1976] and [Martelli and Montanari. We cannot treat polynomial uniﬁcation in detail here. during the check whether xn occurs in f (xn 1 . during the uniﬁcation of xn with itself at the last argument positions of the atoms).g. xn 1 ) at the n-th argument positions of the atoms). Corbin and Bidoit rehabilitated Robinson’s exponential algorithm by improving it with little additional data structure up to a quadratic worst-case complexity [Corbin and Bidoit. Martelli and Montanari. in the worst case. therefore. when working with such structures. but we give the essential two ideas contained in any of the mentioned polynomial uniﬁcation algorithms. 1982]. the following will work. and in occurs-checks: for which expressions the occurrence of the respective variable was already checked (e. in [Huet. 1976. for example. This way. 1983. Similar to the early approach in [Herbrand.

which also subsumes sentence tableaux. Before deﬁning tableau with uniﬁcation. xn )) Modify T to T where t is any term of the language L and fx=tg is free for (x) where f is new to S and T . : : : . substitutions have to be applied to the formulae in a tableau. since now free variables occur in the tableau. One the other hand. because they may share free variables. An application of the -rule of sentence tableaux would result in an unsatisﬁable formula :P (x. xn are the free variables in . On the one hand. the -rule of sentence tableaux can be modiﬁed in such a way that instantiations of -formulae are delayed until a branch can be immediately closed. But how do we know that the calculus of general free-variable tableau produces correct proofs? It is clear that the method of proving the correctness of sentence tableaux (using Proposition 76) will not work. ( +) (S) The + -rule [H¨ hnle. 1996] we use here is already an improvea ment of the original -rule used in [Fitting. x)). branches cannot be treated separately. Consider the satisﬁable formula 9y (:P (x. differs strongly from the tableau rules presented up to now. Two further modiﬁcation have to be performed. The difference between both rules will be discussed in Section 6. DEFINITION 121 (General free-variable tableau). y ) ^ P (x. This system will serve as a very general reference system. 1996]. As an example. the substitution rule is destructive. both proof-theoretically and concerning the functionality of the calculus. Let B be (the set of formulae on) the actual tableau branch and S the set of input sentences of the current tableau T . which is now needed to achieve closure of certain branches. In free-variable tableaux. : : : .and the -rule replaced by the following three rules. While all those rules were conservative in the sense that the initial tableau was not modiﬁed but just expanded.2 Generalized Quantiﬁer Rules Using the uniﬁcation concept. consider a tableau T with the two branches P (x) :P (a) and Q(x) :Q(b) . General free-variable tableaux are deﬁned as sentence tableaux are. where is free for all formulae in T . x). EXAMPLE 120. With T we denote the result of applying a substitution to the formulae in a tableau T . a) ^ P (x. and x1 . Fitting. we introduce a tableau system in which arbitrary substitutions can be applied. The additional substitution rule denoted with (S). which will be discussed below. 1994.FIRST-ORDER TABLEAU METHODS 165 4. ( ) (t) (f (x1 . This has severe consequences on free-variable tableaux. one has to generalize the -rule to full Skolemization in order to preserve soundness. but with the .

for any substitution S 0 C. then C fS f (t)gg is 8-satisﬁable. . It is evident that. I is an fAg-model for some element of C .r. and I (b) = 0).g. In order to illustrate the difference of this concept for formulae with free variables. : : : . The notion of satisﬁability is too coarse for freevariable tableaux. U = f0. 4. for any term t of the language L provided fx=tg is free for F . C 0 . for every variable assignment A. We now give a generalized version of Proposition 76 which can be used to prove correctness both of sentence tableaux and of general free-variable tableaux. for every variable assignment A. let A be an arbitrary element from A. for closed ﬁrst-order formulae. For (3). f ngg is 8-satisﬁable where 1 . 1994] and also used in [Fitting. If 2 of . What will work here is the following ﬁner notion which was a developed in [H¨ hnle. If 8xF = 2 S . then C fS f 1 g. n 3.r. If 2 S . = C fS g be a 8-satisﬁable collection of sets of -subformula i S . :P (a)g and fQ(x). e.t. which is free for all formulae in Proof. Now is free for F . therefore. By the deﬁnition of 8-satisﬁability. A collection C of sets of ﬁrst-order formulae is called 8-satisﬁable if there is an interpretation I such that. Let C 0 ﬁrst-order formulae. :Q(b)g is 8-satisﬁable (set. I (Q) = f1g. by Proposition 55. I is an fAg-model for some member of C 0 . 8-satisﬁability of a collection coincides with ordinary satisﬁability of some element of the collection. 1996]. there is an interpretation I such that. then C S of w. Item (4): since (t) is a Skolemization S of w. The collection consisting of the two sets of formulae fP (x). then C fS f i gg is 8-satisﬁable. C 0 is 8-satisﬁable. be item (8) of 0 formula assignments.166 REINHOLD LETZ DEFINITION 122 (8-satisﬁability). 1. fS f (t)gg is 8-satisﬁable for any Skolemization (t) 5. for every 2. I A (F ) = >. Lemma 45 can be applied yielding that I A (F ) = I A (F ). S is the -subformula sequence of . Then. which cannot be closed using the rules of general free-variable tableaux. I (P ) = f0g. for which this holds. Let A be the collection of all variable assignments. If 2 S . Since A is an xvariant of A. C 0 . I (a) = 1. for all x-variants of A. I A (F ) = >. 1g. although both branches are unsatisﬁable. consider the tableau T mentionend above.t. : : : . The non-trivial case for proving items (1) to (4) is the one in which S is fAg-satisﬁed by I and no element of C is. there exists an A-model I 0 for S f (t)g which is identical to I except for the interpretation of the new function symbol f in (t). PROPOSITION 123. Items (1) and (2) are immediate from the deﬁnition of formula assignment.

therefore. Consequently. because the calculus is obviously a generalization of the calculus of sentence tableaux. Note that the applied substitution will be automatically free for the formulae in the tableau.FIRST-ORDER TABLEAU METHODS 167 Since f does not occur in C . So general free-variable tableaux are only relevant as a common framework but not as a calculus supporting the ﬁnding of proofs. if two literals K and L are on a branch such that is a minimal uniﬁer for fK. they can be automatically computed . The represented tableau then is T 1 n . again by Lemma 45. The -rule is replaced with the weaker 0-rule and the substitution rule (S) is replaced with the weaker closure rule (C) ( 0 ) (x) Modify T to T where x is a variable new to S and T . but by annotating them below the nodes at the respective leaves. n explicitly to the tableau T . What we are interested in is to apply a substitution only if this immediately leads to the closure of a branch. for all variable assignment A 2 A. Then the proof is by induction on the number of inference steps. but with the following two modiﬁcations. (C) Lg. some element of = C is fAg-satisﬁed by I 0 . for some S 0 2 C 0 . I A (S ) = I A (S ). We solve this problem by not applying the substitutions 1 . Comparing both tableaux. The substitutions that close the branches need not be blindly guessed. PROPOSITION 124 (Soundness of general free-variable tableaux). DEFINITION 125 (Free-variable tableau). The completeness of general free-variable tableaux is trivial. Proof. If a set of formulae S is satisﬁable. I 0 is a 8-model for C fS f (t)gg. Consider its modiﬁcation A . and we will even restrict this to an atomic closure. note that the satisﬁability of a set of formulae S entails the 8-satisﬁability of the collection fS g. the minimal uniﬁer has only free variables in the terms of its range. I A (S 0 ) = >. a free-variable tableau for the same ﬁrstorder sentence is displayed for which in Figure 3 a sentence tableau is displayed. using Proposition 123 on the collection of the sets of formulae on the branches of a general free-variable tableau. let A be any variable assignment. Now is free for F . In Figure 6. are deﬁned as general free-variable tableaux. For (5). Let us now consider an example. It is apparent that the destructive modiﬁcations render it more difﬁcult to represent a free-variable tableau deduction. we can observe that it is much easier to ﬁnd the closed free-variable tableau than the closed sentence tableau. since K and L are quantiﬁer-free. This is because the 0 -rule guarantees that no variable occurs bound and free in formulae of the tableau and. or just free-variable tableaux. First. : : : . Free-variable tableaux with atomic closure. then every general free-variable tableau for S has an open branch. Since C 0 is assumed as 8-satisﬁable.

z1 =x1 g (12) 8zP (y2 . y. z2 ) 0 (8) (3) (9) P (y1 . y2 .f (x1 .168 REINHOLD LETZ (1) :9x(8y 8zP (y. f (x1 .z ))) (2) (3) 8y 8zP (y. x1 )) ^ 8y 9zP (g (y ).z )) XXX (4) (5) :8yP (y. Unfortunately. no identical simulation of sentence tableaux is possible. y. 4.13 the construction of any atomically closed sentence tableau can be simulated step by step by the calculus of free-variable tableaux. Closed free-variable tableau from the respective pairs of literals to be uniﬁed. for general formulae.f (x1 .f (x1 . in which no tableau subformula of type has a tableau subformula of type . x1 )) 0 (6) :8y 9zP (g (y ). . This is evident. f (x1 . f (x1 . For formulae in Skolem or weak Skolem form. z )) ! (8yP (y. x)) ^ 8y 9zP (g (y ). z )) 0 (12) (13) P (y2 . 13 I.3 Completeness of Free-variable Tableaux The completeness of free-variable tableaux is not difﬁcult to prove. z )) ! (8yP (y.e. y2 . z3 )) 2 = fy2 =g (b). x1 )) ^ 8y 9zP (g (y ). The problem is that more complex Skolem functions may be necessary in free-variable tableaux. z3 )g Figure 6.z ))) 0 (1) (2) :(8y 8zP (y. as becomes clear when comparing Figure 6 with Figure 3. y. h(x1 ). z2 =f (x1 .z ) 0 XXX X (5) (6) (7) :P (h(x1 ). (7) and (9) on the left and (11) and (13) on the right branch. f (x1 . y. viz.z ) 0 (3) (10) (8) 8zP (y1 . g (b). z )) 0 (11) :P (g (b). z )) (2) (4) :(8yP (y. f (x. z1 )) 1 = fy1 =h(x1 ). x1 )) 0 (10) :9zP (g (b). y1 . y. because only the -rule has a different effect for this class of formulae. y. f (x1 . The simulation then proceeds by simply delaying the instantiations of -formulae and performing the substitutions later by using the closure rule. f (x1 . y. y1 .f (x1 .f (x.

each Ti+1 . different orders of constructing a free-variable tableau can make a difference in the ﬁnal tableau. can be obtained from Ti by a tableau inference step. . : : : . Let T 0 be any atomically closed sentence tableau. We deﬁne sequences T1 . : : : . we want completeness of freevariable tableaux independent of the construction order. and B the inital segment of the branch in T 0 which corresponds to the selected branch (Ti ) in Ti . i. a tableau consisting of a left branch P (x) :P (a) and a right branch 9y (Q(x. Tm . It is clear that Skolem variants preserve the closedness of a formula tree.e. then the performance of the + -rule on the instantiated right branch will produce a Skolem constant. since x is still free. y)). a so-called Skolem variant. So. for example. 1 i < m...e.FIRST-ORDER TABLEAU METHODS 169 But modulo such a modiﬁcation. T1 is the one-node initial tableau of T 0 . Any Skolem variant of a(n atomically) closed sentence tableau is (atomically) closed. LEMMA 129. then T is even more general than T 0 . a tree-isomorphic simulation exists. Proof. and if every formula F 2 S is in weak Skolem form. Any sentence tableau T is a Skolem variant of itself. for any branch selection function . as opposed to sentence tableaux which are completely independent of the construction order. Let be a branch selection function and let T1 . If c is a constant introduced by a -rule application on a branch B of a Skolem variant T 0 of a sentence tableau T and t is any ground term whose dominating function symbol is new to B . in the presence of -formulae. A (branch) selection function is a mapping assigning an open branch to every tableau T which is not atomically closed. 2. there exists an atomically closed free-variable tableau T for S constructed according to such that T is more general than a Skolem variant of T 0 . Consider. Another problem is that the order in which a free-variable tableau is constructed can inﬂuence the arity of the Skolem functions in + -rules. The order of construction is formalized with the notion of a branch selection function. If the right branch is selected ﬁrst. The tableau Tn is said to be (constructed) according to if each Ti+1 can be obtained from Ti by performing an inference on the branch (Ti ). Then. then the formula tree obtained from replacing any occurrence of c in T 0 by t is a Skolem variant of T . then we have to introduce a complex Skolem term f (x). i. LEMMA 127. y ) ^ :Q(a. DEFINITION 128 (Branch selection function). If we decide to close the left branch ﬁrst using the uniﬁer fx=ag. B and (Ti ) are paths from the root to the same tree position. DEFINITION 126 (Skolem variant of a sentence tableau). Tn be a sequence of successive tableaux. Let Ti be the i-th element of such a sequence T1 . (inductive) 1. Let T 0 be any atomically closed sentence tableau and any branch selection function. As a matter of fact. Tm of free-variable tableaux which correspond to initial segments of T 0 as follows. : : : .

one can always use the same Skolem constants in the construction of T and T 0 and never has to move to a proper Skolem variant of T 0 . Let (f (x1 . Ti is more general than TiSk . Therefore. no free variable can occur in a -formula in a free-variable tableau for S . In +1 case (2). Now any such sequence T1 . which is an initial segment of a Skolem variant of T 0 . : : : . (Ti ) is atomically open.170 REINHOLD LETZ 1. tn are the respective ground terms at the same term positions in TiSk . The induction base is evident. 2. but B is atomically closed. Ti+1 is the result of performing a corresponding free-variable tableau expansion step on (Ti ). : : : . Lg to Ti . if S is in weak Skolem form. Consequently. which has the branch atomically closed. has been introduced in Ti by a 0 -step using a node Nj . then there exists a ﬁnite atomically closed free-variable tableau for S . xn )). The subcase of expansion is the problematic one. T = Tm is an atomically closed free-variable tableau for S that is more general than a Skolem variant of T 0 . since in each simulation step either a different node position of T is expanded or closed. If t1 . n 0. If B is atomically closed (and (Ti ) is atomically open). From this lemma immediately follows the refutational completeness of freevariable tableaux. By construction. 1 j n. For the induction step. . let Ti be more general than an initial segment TiSk of a Skolem variant of T 0 . i. then two complementary literals must be on B . which is an initial segment of some Skolem variant of T 0 . Ti+1 is more general than TiSk . and Ti+1 = Ti is more general than TiSk . If S is an unsatisﬁable set of ﬁrst-order sentences.e m is less or equal to the number of nodes of T 0 . For case (1). Ti+1 is the result of applying a minimal uniﬁer of fK. Finally. Let K and L be the corresponding literals on (Ti ). there exists a minimal uniﬁer for the literals K and the complement of L on (Ti ). Each variable xj . By the induction assumption. be the formula by which Ti was expanded. Then an expansion of (Ti ) corresponding to the sentence tableau expansion of B is possible and produces a tableau Ti+1 that is more general than the respective expansion of TiSk . We show by induction on the sequence length that any of the tableaux in such a sequence is more general than an initial segment of some Skolem variant of T 0. then let TiSk be the formula tree obtained by expanding +1 the branch corresponding to B with (f (t1 . : : : . THEOREM 130 (Free-variable tableau completeness). In this case. then some expansion step has been performed in the construction of T 0 to expand B . tn )). If B is atomically open. we consider ﬁrst the subcase in which B is not expanded by a -step. Then T is more general than T 0 . Tm must be of ﬁnite length. : : : . since one (possibly) has to move to another Skolem variant of T 0 .

the (tree) union of the tableaux in a successive tableau sequence cannot be performed. v ) _ P (y. y1 . . (8) P (x1 . The disadvantage of this completeness proof.4 0 . x. v ) _ P (y. The fundamental proof-theoretic difference from sentence tableaux is that with the application of substitutions to tableaux the paradigm of saturating a branch (possibly up to a Hintikka set) is lost. 1996]). The simple reason for this is the following. (1) :P (a. since we do not specify how to systematically construct a closed free-variable tableau. y1 . A notion of saturated systematic free-variable tableau can only be deﬁned for the fragment of the calculus without the closure rule. because the employment of a ﬁxed association between variables and ground terms degrades free-variable tableaux to sentence tableaux. there is a free-variable tableau proof of the same tree size. for any atomic sentence tableau proof. Since the calculus of free-variable tableaux is destructive. 195 in [Fitting. w1 ) (8) (9) P (x1 .FIRST-ORDER TABLEAU METHODS 171 4. x1 . w1 ) X X Figure 7.y. but useless for efﬁcient proof search. x1 . a. Free-variable tableau for a datalogic formula (see Deﬁnition 103) . a. is that it is proof-theoretically weaker than the one given for sentence tableaux. w)) (1) (2) :P (a. in general. This is proof-theoretically possible. p. v1 ) XXXXX (10) P (y1 . c) (1) (3) :P (c. x.y. w)) . The advantage of this approach is that we are assured that. Completeness could then be shown in the standard way by using any one-to-one association between the set of variables and the set of all ground terms which is then applied to the saturated tableaux at the end (cf. however. b) (1) (4) 8x8y 8v 8w(P (x.4 Proof Procedures for Free-variable Tableaux We have proven the completeness of free-variable tableaux via a simulation of sentence tableaux instead of providing an independent completeness proof. as it is done with the systematic sentence tableau procedure. b. c) ^ :P (c. b. v1 ) _ P (y1 . b) ^ 8x8y 8v 8w(P (x. The question is whether there exists a systematic procedure for free-variable tableaux of the same type and functionality as for sentence tableaux but with variable instantiations guided by uniﬁcation? The problem can at best be recognized with an example.

and a fair enumeration can be achieved by simply inspecting the search tree levelwise from the top to the leaves. If the input set is ﬁnite. Instead of saturation of a single tableau. The explicit enumeration of tableaux. no systematic procedure for free-variable tableaux has been devised up to now that both is guided by uniﬁcation and has the same functionality as sentence tableaux. What shall we do next? If we close the left branch by unifying P (x1 . Since the formula is a satisﬁable datalogic formula. This procedure. one will eventually ﬁnd a closed free-variable tableau. DEFINITION 131 (Search tree). the applied uniﬁer blocks the immediate closure of the right branch. the procedure never terminates. suffers from two severe disadvantages. 1. b. even if we only permit regular tableaux. which is based on a nondestructive variant of free-variable tableaux. and a branch selection function. an enormous amount of space is needed to store all tableaux.172 REINHOLD LETZ Consider the formula on top of Figure 7. C a tableau calculus. The search tree of C and for S is a tree T with its non-root nodes labelled with tableaux deﬁned as follows. The successors of the root are labelled with all single-node tableaux for S . this could be implemented as a procedure which explicitly constructs competitive tableaux and thus investigates the search tree in a breadth-ﬁrst manner. Referring to the ﬁgure. Let us contrast this with the behaviour of freevariable tableaux. The second disadvantage is that the cost for adding new tableaux increases during the proof process as the sizes of the 2. however. any regular Herbrand tableau construction will terminate with an open branch which is a Hintikka set. The fair enumeration is facilitated by the fact that the set of all existing tableaux can be organized in the form of a tree. c) or :P (c. Any closed tableau will eventually be found after ﬁnitely many steps. The ﬁrst one is that. producing a similar situation than before. due to the branching rate of the search tree. If all existing tableaux are enumerated in a fair manner. y1 . is described in [Billon. Every non-leaf node N in T labelled with a tableau T has as many successor nodes as there are successful applications of a single inference step in C applied to the branch in T selected by . We could proceed and try another four 0 -steps. But we will further pursue the destructive line and discuss a radically different paradigm of searching for tableau proofs. It was only very recently that such a procedure has been proposed for the restricted class of formulae in clausal form. the search tree branches ﬁnitely. How do we know when to stop and how can we produce a model? In fact. b). and the successor nodes of N in T are labelled with the respective resulting tableaux. 3. after eight steps we have produced the displayed two-branch tableau. The root of T consists of a single unlabelled node. v1 ) and the complement of :P (a. a. one considers all tableaux that can be constructed. Let S be a set of sentences. Since always new free variables are imported by the 0 -rule. for any unsatisﬁable input sentence. . In practice. 1996].

This motivates one to explore ﬁnite initial segments of the search tree in a depth-ﬁrst manner by strongly exploiting structure sharing techniques and backtracking. to each -node in the tableau. The natural deﬁnition of this bound is for ﬁnite sets S of formulae in Skolem form and for tableaux in which every F 2 S is used in the tableau only once at the beginning. for any ﬁnite set S of formulae and any n 0. due to the application of Prolog techniques. or [Beckert and Posegga. for some ﬁnite input set S .FIRST-ORDER TABLEAU METHODS 173 proof objects increase. . using iterative deepening search procedures. The customary and successful paradigm therefore is to perform tableau enumeration in an implicit manner. A size bound is a total mapping assigning to any tableau T a nonnegative integer n. for the bounds (1) and (3). initial parts of the search tree are explored several times. and if S is unsatisﬁable. A common methodology of developing completeness bounds for the strict (or strictly regular) free-variable tableau calculus C is to limit the application of 0 steps in certain ways (see also [Fitting. DEFINITION 132 (Completeness bound). then. Voronkov. many tableaux have identical or structurally identical subparts. For example. 1996]). 1997] that. 1985].. which is extended following the branches of the search tree. The respective initial segments are determined by so-called completeness bounds. there are only ﬁnitely many C -tableaux with size less or equal to n. First. A size bound is called a completeness bound for a tableau calculus C if. It is obvious that all mentioned size bounds are completeness bounds for the tableau calculus C . one may simply limit the application of 0 -steps permitted in the tableau (1) or on each branch of the tableau (2). at most n 0 -steps are permitted. no signiﬁcant efﬁciency is lost if the initial segments increase exponentially [Korf. Then. 1987]. With this approach. 1992]. with multiplicity n. one can make complexity assessments about the problem of determining whether a tableau with a certain limit exists. 1994]). at each time only one tableau is kept in memory. very high inference rates can be achieved this way (see [Stickel. Although. and truncated when a leaf node of the respective inital segment of the search tree is reached. The advantage is that. the recognition problem of the existence of a closed tableau for S with a certain limit is complete for the complexity class p in the polynomial hierarchy 2 [Garey and Johnson. Letz et al. for any ﬁnite input set of formulae S : for every n. 1988. that is. for some n. 1978]. there is a closed C -tableau with size n. Using this approach. Due to the construction process of tableaux from the root to the leaves. there are only ﬁnitely many C -tableaux of size n for S . 1998. Interestingly. according to this methodology. We give three concrete examples. one can demonstrate [Letz. the size of T . 1960] and [Bibel. These weaknesses give sufﬁcient reason why in practice no-one has succeeded with an explicit tableau enumeration approach up to now. iteratively increasing ﬁnite initial segments of a search tree are explored. Another variant (3) is the so-called multiplicity bound which has also been used in other frameworks [Prawitz.

This is because. from a searchtheoretic perspective. we shall mention completeness bounds in which normally the ﬁrst proof is in a much smaller initial segment. Accordingly. A tableau enumeration procedure. it is much easier to detect additional reﬁnements and redundancy elimination techniques than for the full ﬁrst-order format. does not take advantage of this proof-theoretic virtue of the calculus. In the next section. it should be emphasized that. in classical logic. 5 CLAUSAL TABLEAUX The efforts in automated deduction for classical logic have been mainly devoted to the development of proof procedures for formulae in clausal form. plus the closure rule. however. So the only way indeterminism can occur in this calculus is by the application of closure steps. Since. since the calculus can simulate the construction of any systematic sentence tableau. on any branch of the search tree there must be a closed tableau if the input set is unsatisﬁable. at least concerning the tableau expansion rules. This has two reasons. Normally. tableau enumeration procedures are not optimally suited for conﬂuent calculi (like the ones mentioned so far). one should even prefer the closure rule (if applicable) to all expansion rules. In fact. In order to minimize the search effort. due to the uniform structure of formulae in clausal form. for conﬂuent tableau calculi. First.174 REINHOLD LETZ A general disadvantage of completeness bounds of the -type is that they are too uniform to be useful in practice. any ﬁrst-order formula can be transformed into clausal form without affecting the satisﬁability status and with only a polynomial increase of the formula size. The calculus of expansion-deterministic free-variable tableaux is deﬁned as systematic sentence tableaux are but with the respective free-variable rules. The completeness of this reﬁnement of free-variable tableaux immediately follows from Lemma 129. similar to the systematic tableau procedure. Since only the closure rule is destructive. Second and even more important. This section will provide plenty of evidence for this fact. DEFINITION 133 (Expansion-deterministic free-variable tableau). is deterministic. with the obvious consequence that a proof will not be found. the ﬁrst initial segment of the search tree containing a closed tableau with size n may have an astronomic size. We conclude this section with mentioning an obvious method for reducing the effort for ﬁnding closed free-variable tableaux. Since in clause logic negations are only in front of atomic formulae. we can work with the following reﬁned calculus which. it is not necessary to consider all free-variable tableaux in an initial segment of a search tree. As a ﬁnal remark of this section. when a closed free-variable tableau for a . simpler and more efﬁcient proof procedures can be achieved this way. as discussed in Section 2. for formulae in clausal form. the tableau rules can be reduced and presented in a more condensed form. only atomic branch closures can occur.

then the clause L1 _ _ Lm is named the tableau clause below N .FIRST-ORDER TABLEAU METHODS 175 DEFINITION 134 (Variable renaming). xn in F w. B L1 j is a renaming of the free variables in c w. DEFINITION 136 (Tableau clause). if the nodes N1 . The tableau clause below the root node is called the start or top clause of T . : : : . respectively. : : : . Lm . the set of nodes N1 . It is convenient to ignore the intermediate formulae and reformulate such a sequence of inference steps as a single condensed tableau expansion rule. Such a macro step consists of an formula rule application.t. : : : . and = fx1 =y1 . the rule (E) is called clausal expansion rule or just expansion rule. Nm are labelled with the literals L1 . a sequence of 0 -steps and possibly a -step. XXX :R(f (x)) R(f (x)) R(f (f (x))) :R(f (fX (x)))) (f :R(f (f (x))) X XXX R(f (f (f (x)))) R(f (f (f (f (x))))) XXX XXX XX :R(x) X R(x) XXX :R(f (f (x))) XX :R(f (f (f (f (x))))) XX R(f (x)) R(f (f (x))) R(f (f (f (x)))) Figure 8. If B is a branch of a clausal tableau T for S . : : : . A tree consisting of just one unlabelled node is a clausal tableau for S . DEFINITION 135 (Clausal tableau). j Ln where c is the matrix14 of a clause in S and L1 _ _ Ln (C) the closure rule of free-variable tableaux. xn =yn g a substitution such that all y1 .r.t. F is called a renaming of x1 . the formulae in T . For any non-leaf node N in a clausal tableau. : : : . then the formula trees obtained from the following two inference rules are clausal tableaux for S : (E) Clausal tableaux are trees labelled with literals (and other control information) inductively deﬁned as follows. . Closed clausal tableau 14 Recall that the matrix of a prenex formula is the formula with the quantiﬁer preﬁx removed. Nm immediately below N is called the node family below N . S a set of formula. S . yn are distinct variables new to S . set of clauses S is to be constructed and a clause in S has been selected for branch expansion. Let F be a formulae. : : : .r. one can deterministically decompose it to the literal level. (inductive) Let S be any set of clauses. also called reduction rule.

It is obvious that the tight connection condition is properly more restrictive. Clausal tableaux provide a large potential for reﬁnements. The most inﬂuential structural reﬁnement paradigm of clausal tableau. a form of goal-orientedness is achieved: every tableau clause is somehow connectively related with the top clause of the tableau. DEFINITION 137 (Path connectedness.1 Connection Tableaux A closer look at the clausal tableau displayed in Figure 8 reveals an interesting structural property.176 REINHOLD LETZ In Figure 8. With the connection conditions. however. i. here the uniﬁers of closure steps were already applied. a closed clausal tableau is displayed. connectedness). any tableau clause except the top clause must have a literal complementary to some path literal. 2. In a (path) connection tableau. The completeness and conﬂuence of clausal tableaux for clause formulae follow immediately from the fact that clausal tableaux can simulate free-variable tableaux.e. one of the new branches must be closed using its leaf literal. which we call connectedness. is the following.. A clausal tableau is said to be path connected or called a path connection tableau if. there is one node with a complementary predecessor. For instance. since there exists no closed connection tableau which uses the redundant clause r _ :p. for imposing additional restrictions on the tableau construction. in every family of nodes except the start clause. r _ :p. one can integrate a ordering restrictions (see [Klingenbeck and H¨hnle. This property is very effective as a method for guiding the proof search. and 0 -steps and performing clausal expansion steps in place. there is one node with a complementary ancestor. Note that a full free-variable tableau proof including all intermediate inference steps would have more than twice the size. and :p _ :q . :p _ q . Therefore. A clausal tableau is said to be (tightly) connected or called a (tight) connection tableau if. by simply omitting formula steps. 1. . This motivates to glue together two steps (an expansion and a closure step) into a single inference step. in every family of nodes except the start clause. The input is the set of clauses 8x(R(x) _ R(f (x))) and 8x(:R(x) _ :R(f (f (x)))) corresponding to the negation of the formula F presented in Example 12. -steps. So we have demonstrated that F is valid. we can require that immediately after attaching a new clause. Clausal tableau provide a relatively concise representation of proofs containing all relevant information. 5. In Figure 9 the difference between the two notions is illustrated with a closed path connection tableau and a closed connection tableau for the set of propositional clauses p. 1994]) as they are successfully used in resolution-based systems.

T is open and no (path) connection tableau rule can be applied to T . PROPOSITION 140. since no clause contains a literal that is complementary to p.FIRST-ORDER TABLEAU METHODS 177 p :p :p Q p Q q r Q Q Q :p Q Q q Q :p :p Q Q :q :q Figure 9. (path) connection tableaux strongly differ from all the tableau calculi presented so far. we have encountered the ﬁrst tableau calculi that lack conﬂuence. in order to ﬁnd proofs. . Consequently. The path connection tableau calculus and the connection tableau calculus consist of three inference rules: (EI ) the start rule. :q g and the (path) connection tableau T for S obtained by starting with the clause p. (Path) connection tableaux are not conﬂuent. immediately followed by a reduction step unifying one of the newly attached literals with the complement of the literal (EP ) at one of its ancestor nodes or (EC ) at its predecessor node. DEFINITION 139 (Connection tableau calculi). and either (EP ) the path extension rule. Consider the unsatisﬁable set of clauses S = fp. the clausal inference rules can be reformulated in the following more procedurally oriented fashion. (C) the closure or reduction rule. respectively. With (path) connection tableaux. we must use tableau enumeration procedures. Proof. q. Proof-theoretically. A path connection and a connection tableau DEFINITION 138 ((Path) connection extension rule). The important consequence to be drawn from this property is that. which is simply a clausal expansion step performed only once at the root node. respectively. for those tableau calculi. systematic branch saturation procedures cannot exist. The path extension rule (EP ) and the (tight) extension rule (EC ) are deﬁned as follows: perform a clausal expansion step. or (EC ) the extension rule. Accordingly.

Instead. it sufﬁces to consider the tight connectedness condition. Proof. Ln . For any literal L contained in any relevant clause c in S .15 Unfortunately. In the ﬁrst part. because it achieves a more effective pruning of the proof search. In the ground completeness proofs. we will make use of the following lemma. DEFINITION 141 (Essentiality. DEFINITION 142 (Strengthening). the essentiality of c0 in S0 entails that there exists an interpretation I 00 with I 00 (S0 n fc0 g) = > and I 00 (c0 ) = ?. otherwise I (c0 ) = ?. 15 The tight connectedness condition is also the favourable one. An unsatisﬁable set of formulae S is said to be minimally unsatisﬁable if each formula in S is essential in S . We prove that c0 meets the conditions (i) and (ii). we demonstrate the completeness for the case of ground formulae—this is the original part of the proof. relevance. this result is lifted to the ﬁrst-order case by a simulation technique similar to the one used in the last section. A formula F in a set of formulae S is named relevant in S if there exists an unsatisﬁable subset S 0 S such that F is essential in S 0 . Consider the interpretation I 0 which is identical to I except that I 0 (L) = >. Since I assigns ? to every literal contained in c. the clause c0 must contain the literal L. : : : . Since L is in c0 . In the second part. hence there is an interpretation I for S0 with I (S0 n fcg) = > and I (c) = ?. On the one hand. LEMMA 143 (Mate Lemma). Clearly. c 0 contains L and c 0 is relevant in the strengthening fLg S . we need some additional terminology. Beforehand. Since the path connectedness condition is properly less restrictive. hence (i). The strengthening of a set of clauses S by a set of literals P = fL1 . we cannot proceed as in the case of free-variable tableaux where a direct simulation of sentence tableaux was possible. an entirely different approach for proving completeness will be necessary. Now the unsatisﬁability of S0 guarantees the existence of another clause c0 in S0 with I 0 (c0 ) = ?. just because of the lacking conﬂuence. there exists a clause c 0 in S such that 1. is the set of clauses obtained by ﬁrst removing all clauses from S containing literals from P and afterwards adding the n unit clauses L1 . Every formula in S0 is essential in S0 . On the other hand. minimal unsatisﬁability). every strengthening of an unsatisﬁable set of clauses is unsatisﬁable. .178 REINHOLD LETZ Let us turn now to the completeness proof of the new calculi. 2. Let S be an unsatisﬁable set of ground clauses. I (c) = >. which contradicts the selection of I . Ln g. From the relevance of c follows that S has a minimally unsatisﬁable subset S0 containing c. I (L) = ?. A formula F in a set of formulae S is called essential in S if S is unsatisﬁable and S nfF g is satisﬁable. The proof we give here consists of two parts. : : : . written P S . Clearly.

Expand the initial one-node tableau with the start clause c. since S0 is minimally unsatisﬁable. is evident from the Mate Lemma. PROPOSITION 144 (Ground completeness of regular connection tableaux). This will be shown by induction on the node depth. perform an extension step (EC ) at the node N using c 0 .FIRST-ORDER TABLEAU METHODS 179 I 00 (L) = >. there exists a closed regular connection tableau for S with start clause c. c 0 is relevant in P 0 S . Therefore. First. For the induction step from depth n to n + 1. Since no literal in P 0 = P fLg is contained in a non-unit clause of P 0 S and because N was assumed to be open. the procedure admits solely the construction of regular connection tableaux. Suppose N be the leaf node of the open branch selected by in the current tableau and L the literal at N . there exists such a clause c 0 . there exists a clause c 2 S such that The second half of the completeness proof is a standard lifting argument. therefore. A closed regular connection tableau T for S with start clause c can be constructed as follows. Let furthermore c be the tableau clause of N and P = fL1 . Lg. since it guarantees termination. n 1. the set of literals on the branch from the root up to the node N . Select any clause c 0 which is relevant in P S and contains L. no literal in P 0 is contained in c 0 (regularity). since in any expansion step the attached clause c0 must contain the literal L (connectedness) and no literals from the path to its predecessor node (regularity). : : : . For any ﬁnite unsatisﬁable set of ground clauses S and any clause c that is relevant in S . Finally. The induction base. m 0. let N be an open leaf node of tableau depth n +1 with literal L. for any branch selection function . Then iterate the following non-deterministic procedure as long as the intermediate tableau is not yet closed. the procedure must terminate either because every leaf is closed or because no clause c 0 exists for an extension step which meets the conditions stated in the procedure. c 0 is essential in S0 . since. . Let S be a set of clauses and S 0 a set of ground clauses. DEFINITION 145 (Ground instance set). n = 1. c is relevant in P S . for any open leaf node N with literal L. We even will show completeness for regular connection tableaux. and with the set P of path literals up to the predecessor of N . Because of the regularity restriction. By the induction assumption. for any clause c0 2 S 0 . S0 contains a clause c 0 that contains L. Consequently. We prove that the second alternative can never occur. there can be only branches of ﬁnite length. Proof. Lm . this reﬁnement will help in the proof. If. tableau clause c. c0 is essential in S0 fLg and also in its subset fLg S0. evidently. From this and the fact that fLg S0 is a subset of fLg S it follows that c0 is relevant in fLg S . Let S0 be any minimally unsatisﬁable subset of P S containing c. Interestingly. By the Mate Lemma.

it may be necessary to perform additional closure steps. the close relation of tableaux with other proof systems is not immediately evident. Let T 0 be a closed (regular) connection tableau for a ground instance set S 0 of a set of clauses S . Since the elements of S are in prenex form.180 REINHOLD LETZ c0 is a substitution instance of the matrix of c. G is a ground instance set of S . Proof. By Proposition 89. Proof. There is the well-known correspondence of tableau deductions with Gentzen’s sequent system deductions. since no -rule applications can occur. For any unsatisﬁable set of clauses. Furthermore. G must be ﬁnite and can consist only of clauses that are all instances of the matrices of clauses in S . there are strong similarities between tableau proofs and deductions in other calculi. it is helpful to reformulate the process of tableau construction in terms of formula generation procedures. 5. for any branch selection function . there exists a ﬁnite closed quantiﬁer preferring sentence tableau T for S . then S 0 is called a ground instance set of S . PROPOSITION 146. there exists a closed regular connection tableau constructed according to and with a top clause that is a substitution instance of c. which obviously are not needed in the ground proof. in [Smullyan. Then. any clause c that is relevant in S . In order to clarify the relation. e. LEMMA 147. the initial ground set G of T is unsatisﬁable. However. . we elaborate a correspondence that is motivated by achieving similarity to calculi from the area of automated deduction. as in the proof of Lemma 129.2 Tableaux and Related Calculi Due to the fact that tableau calculi work by building up tree structures whereas other calculi derive new formulae from old ones. then a clause c 2 S is selected with c0 being a ground instance of the matrix of c and a respective expansion or extension step with c is performed in the construction of T . Here. Whenever an expansion or extension step is performed in the construction of T 0 with a clause c0 . there exists a closed (regular) connection tableau T for S constructed according to such that T is more general than T 0 . and any branch selection function . Immediate from Proposition 144 and Lemma 147. 1968]. Consequently. which was shown. There are two natural formula interpretations of tableaux which we shall mention and which have both its merits. Proof. Every unsatisﬁable set of clauses has a ﬁnite unsatisﬁable ground instance set. THEOREM 148 (Completeness of regular connection tableaux). Let S be an unsatisﬁable set of clauses.g. The proof is exactly as the proof of Lemma 129 except that here it is much simpler.

it is helpful to only consider the open branches of tableaux. Furthermore. : : : . 2. The formula of a complex formula tree with root N and label F . For proving the unsatisﬁability of a set of formulae using the tableau framework. For certain purposes.FIRST-ORDER TABLEAU METHODS 181 DEFINITION 149. all other parts of the tableau may be disregarded without any harm. EXAMPLE 154 (Goal formula deduction). 1. DEFINITION 153 (Goal formula). the preﬁx ‘F ^’ is omitted. In Example 154. it is sufﬁcient to know that the deduction corresponds to a closed tableau. The collection of the sets of formulae on the branches of a ﬁnite formula tree T is 8-satisﬁable if and only if the (branch) formula of T is satisﬁable. Tn . . for every 1 i n. The goal tree of a tableau contains only the open nodes of a tableau. The formula of a one-node formula tree labelled with the formula F is simply F . 8x(:R(x) _ :R(f (f (x))))g has the following goal formula refutation. The goal formula of any open tableau is the formula of the goal tree of T . we have the following evident correspondence. is F ^ (F1 _ _ Fn ) where Fi is the formula of Ti . the branch formula and the formula of a formula tree T are strongly equivalent. The goal tree of a tableau T is the formula tree obtained from T by deleting all closed nodes. The set S = f8x(R(x) _ R(f (x))). The branch formula of a ﬁnite formula tree T is the disjunction of the conjunctions of the formulae on the branches of T . it is not necessary to explicitly construct a closed tableau. and immediate formula subtrees T1 . which is false under every interpretation. we give a goal formula deduction that corresponds to a construction of the tableau in Figure 8. which we call goal trees. Another ﬁner view is preserving the underlying tree structure of the formula tree. Using the goal formula interpretation. under a branch selection function that always selects the right-most branch. If the root is unlabelled like in clausal tableaux. (inductive) 1. By the ^-distributivity (Proposition 34. DEFINITION 150 (Formula of a formula tree). For the continuation of the refutation process. The goal formula of any closed tableau is the logical falsum ?. in this order. 2. PROPOSITION 151. one can view the tableau construction as a linear deduction process in which always a new goal formula is deduced from the previous one until eventually the falsum is derived. item 5). DEFINITION 152 (Goal tree).

the selection of open branches is performed 16 The soundness and completeness results for model elimination. always an open branch with maximal length or depth has to be selected. The open branch formula and the goal formula of any formula tree T are strongly equivalent to the (branch) formula of T .e.. 1978]. The fact that weak model elimination is indeed a specialized subsystem of the connection tableau calculus becomes apparent when considering the goal formula deductions of connection tableaux. It can be viewed as a version of path connection tableaux. The weak model elimination calculus consists of three inference rules which exactly correspond to the start. 1968] is indeed in a tableau-like fashion. elegance. which is still refutation-complete. and closure rule of connection tableaux. PROPOSITION 156. which are short and simple if compared with the rather involved proofs in [Loveland. This view has various advantages concerning generality. restricted to depth-ﬁrst branch selection functions. the calculus is better viewed as a variant of the connection tableau calculus.. extension. . 1978]. are immediate consequences of the soundness and completeness proofs of connection tableaux. one can immediately identify a close similarity of clausal tableaux with two well-known calculi from automated deduction which were developed in a different conceptual framework. Although model elimination became popular in the resolution-like style of Loveland [1978]. 1978].16 Here. 1994] for a more detailed comparison.6. i. Proof. 1968] and improved in [Loveland. _ (F ^ ^ :F ) Using the goal tree or goal formula notation. Immediate from the fact that any formula of the form is strongly equivalent to . for example. we treat a subsystem of the original model elimination calculus without factoring and lemmata. Another framework is the model elimination calculus which was introduced in [Loveland. The open branch formula of a formula tree T is either the falsum ? in case T is closed or otherwise the branch formula of the goal tree of T . called weak model elimination in [Loveland. See [Letz et al. The initial presentation in [Loveland.182 REINHOLD LETZ :R(x) _ :R(f (f (x))) :R(x) _ (:R(f (f (x))) ^ R(f (f (f (x))))) :R(x) _ (:R(f (f (x))) ^ R(f (f (f (x)))) ^ :R(f (x))) :R(x) _ (:R(f (f (x))) ^ R(f (f (f (x)))) ^ :R(f (x)) ^ R(f (f (x)))) :R(x) :R(f (x)) ^ R(f (f (x))) :R(f (x)) ^ R(f (f (x))) ^ :R(x) :R(f (x)) ^ R(f (f (x))) ^ :R(x) ^ R(f (x)) ? DEFINITION 155. 1987] Chapter III. The ﬁrst one is the connection calculus presented in [Bibel. In model elimination. only the tableau view can identify model elimination as a cut-free calculus. Furthermore. and the possibility of deﬁning extensions and reﬁnements.

replace every conjunction L ^ F with L]F and every disjunction L1 _ _ Ln with L1 Ln. in a model elimination chain. always the right-most open branch has to be selected (there is also a variant with depth-ﬁrst left-most selection). in which no logical operators are used but only the two brackets ‘[’ and ‘]’. a one-dimensional ‘chain’ representation of goal formulae is possible (as used in Loveland.FIRST-ORDER TABLEAU METHODS 183 in a depth-ﬁrst right-most manner. To any goal formula generated with a depth-ﬁrst right-most branch selection function. :R(x) :R(f (f (x))) :R(x) :R(f (f (x))) ] R(f (f (f (x))))) :R(x) :R(f (f (x))) R(f (f (f (x)))) ] :R(f (x))) :R(x) :R(f (f (x))) R(f (f (f (x)))) :R(f (x))) ] R(f (f (x))) :R(x) :R(f (x)) ] R(f (f (x))) :R(f (x)) R(f (f (x))) ] :R(x) :R(f (x)) R(f (f (x))) :R(x) ] R(f (x)) ? The transformation from goal formulae with depth-ﬁrst right-most selection function to model elimination chains works as follows. [1968. any occurrence s L of an unbracketed literal corresponds to a leaf node N of the goal tree of the corresponding connection tableau T . Due to the depth-ﬁrst right-most (or left-most) restriction of the branch selection function. S = f8x(R(x) _ R(f (x))). any inference step has to be backtracked. and the occurrences of bracketed literals to the left of s L correspond to the ancestor nodes of N in T . 1978]). due to the connection condition. apply the following operation: as long as logical operators are contained in the string. On the other hand. in which expansions steps can be performed in a deterministic manner and only the closure steps need to be backtracked. only tableau enumeration procedures can be used. i. 5. 8x(:R(x) _ :R(f (f (x))))g has the following model elimination refutation. The model elimination proof corresponding to the goal formula deduction given in Example 154 is depicted in Example 157. Accordingly. connection tableau procedures have the advantage that. This is because certain expansion steps may move us into a satisﬁable part of the formula.3 Proof Procedures for Connection Tableaux How can we ﬁnd closed connection tableaux? The nonconﬂuence of the calculus entails that no systematic branch saturation procedures exist. The nonconﬂuence proof uses such an example. EXAMPLE 157 (Model elimination deduction). the detected proofs are often free of redundancies. which we may not be able to leave because of the connectedness condition. in contrast to the case of free-variable tableaux. in .e. Furthermore. Consequently. for connection tableaux. From this it is evident that weak model elimination is just a variant of the connection tableau calculus.

The effect on the tableau search tree is that the respective nodes together with the dominated subtrees vanish so that the branching rate of the tableau search tree decreases. 1965]. A combination of both bounds. the number of connection tableaux with n branches/depth n is exponential/doubly exponential w. in the worst case. A natural approach here is to exploit subsumption between tableaux. tableaux on different branches.. that have less than n branches. called depth bound is coarser than the second one. and attempt to show that one tableau (together with its successors) is redundant in the presence of the other. one can also employ ﬁner and more restrictive completeness bounds than just limiting the 0 -rule. More speciﬁcally. On the one hand. which are typically full of redundant parts.. For a powerful deﬁnition of subsumption between formula trees. 1997]. On each iterative-deepening level n.t. in a similar manner subsumption between clauses is used in formula saturation procedures like resolution [Robinson. Since therefore connection tableau proofs are normally rather short. the following notion of formula tree contractions proves helpful. since in any connection tableau T . An experimental comparison of the two bounds is contained. Methods of Search Pruning In general. To this end. one can attempt to reﬁne the tableau calculus. consider only tableaux 1. for example. The ﬁrst completeness bound. the so-called weighted-depth bound. The other approach is to improve the proof search procedure so that information coming from the proof search itself can be used to even eliminate proof attempts not excluded by the calculus. the number of closed tableau branches is about the number of inference steps to construct T . the notion of subsumption has to be generalized from clauses to formula trees.r. These tableau structural methods of redundancy elimination are local pruning techniques in the sense that they can be performed by looking at single tableaux only. turned out to be particularly successful in practice [Ibens and Letz. that is.e. these global methods compare competitive tableaux in the search tree. Concerning complexity. in [Letz et al. 1992]. 2. there are two different methodologies for reducing the search effort of tableau enumeration procedures. In this paper also advanced methods of branch selection are described. The most widely used completeness bounds for connection tableaux are the following two. The second bound is also called inference bound. that have a tree depth smaller than n. disallow certain inference steps if they produce tableaux of a certain structure—the regularity and the connectedness conditions are of this type. i. the number of literals in the input set. .184 REINHOLD LETZ contrast to proofs generated with general tableau calculi.

of the second and the fourth tree but not a contraction of the third one. a. the goal tree of the left tableau ( :P (b. Now subsumption can be deﬁned easily by building on the ‘more general’relation between formula trees. z )) subsumes the goal tree of the right tableau ( :P (b. Since the exploitation of subsumption between entire tableaux has not enough reductive potential. Furthermore. b. Subsumption of the goal formulae of two tableaux This search pruning method preserves completeness of the proof search. a. b. a. z) :P (a. b. DEFINITION 159 (Formula tree subsumption). c) HH H :P (b. c) P (a. the third tree is a contraction of the fourth one.FIRST-ORDER TABLEAU METHODS 185 DEFINITION 158 ((Formula) tree contraction). z) HH H HH H :P (b. the tree on the left is a contraction of itself. c)). A (formula) tree T is called a contraction of a (formula) tree T 0 if T 0 can be obtained from T by attaching n (formula) trees to n non-leaf nodes of T . :P (a. for some n 0. b. This entails that whenever the right tableau can be completed to a closed tableau. No-one of the other trees is a contraction of another one. a. . c) P (a. Since z is a free variable. A A A A A A A A A A A A A A A A A A Figure 10. b. A formula tree T subsumes a formula tree T 0 if T is more general than a formula tree contraction of T 0 . then the whole subtree of the search tree with root N 0 is deleted from T . we favour the following form of subsumption deletion. c) Figure 11. PROCEDURE 160 (Subsumption deletion). For any pair of competitive nodes N and N 0 in a tableau search tree T . if the goal tree of the tableau at N subsumes the goal tree of the tableau at N 0 . c) :P (a. Let us illustrate this with Figure 11 which displays two connection tableaux for the set of clauses S given in Example 161. b. z) P (a. Illustration of the notion of tree contractions In Figure 10.

we will now present a phenomenon of logic which sheds light on the following problematic property of proof search. If a set of clauses S is minimally unsatisﬁable and L is a literal occurring in clauses of S . for the clausal case. 8x8y8z 8v(P (x. then there are at least two different subrefutations of the p-branch. however. there are at least two tableaux in the search tree of a respective tableau calculus whose goal trees subsume each other (in this case. :p _ :q _ :s. z ) _ P (x. p _ :r _ :s. respectively. since the new unit clause p is also falsiﬁed by the two interpretations17 fq. Since this type of redundancy can never be identiﬁed with tableau structure reﬁnements like connectedness. but in the strengthening fpg S the clauses :q _ r and :q _ s both are relevant but no more essential. :p _ q _ :r _ :s.186 REINHOLD LETZ then the left one can also be closed. Consequently. the explicit enumeration of tableaux or goal trees. sg and fq. v)). In more concrete terms. Even for minimally unsatisﬁable sets of input formulae (which are therefore free of redundancies). we have uncovered a natural limitation of all purely local pruning methods. This could be achieved with a proof procedure which explicitly constructs competitive tableaux and thus investigates the search tree in a breadth-ﬁrst manner. regularity. y. Proof. The set of clauses S = f8x8y 8z (:P (x. :p _ q _ r. EXAMPLE 161. is practically impossible. z )). :q _ r. The implicit 17 We are using Notation 65 for representing interpretations. Consequently. rg which have rendered the two mentioned clauses essential in S . PROPOSITION 162. The set S is minimally unsatisﬁable. the right tableau and all its possible expansions can be completely ignored. y. :p _ :r _ s. or allies. z ) _ :P (y. equivalently. . :q _ s. if we use the clause p _ q as a start clause. the strengthening process (which is implicitly performed in tableau calculi) may introduce redundancies. P (a. then the strengthening fLg S may contain more than one minimally unsatisﬁable subset or. In order to illustrate that cases of goal tree subsumption inevitably must occur in the search for proofs—and not only for artiﬁcial examples—. a form of global redundancy elimination is achieved which is complementary to the purely tableau structural pruning methods discussed so far. not every relevant clause in fLg S may be essential. y. x. We use a set S consisting of the following propositional clauses p _ q. With subsumption deletion. The observation that cases of subsumption inevitably will occur in practice would motivate one to organize the enumeration of tableaux in such a way that cases of subsumption can really be detected. the goal trees are even identical). b. As already mentioned. c)g. Let us formulate this more precisely.

Let T be an initial segment of a tableau search tree. after the unsolvability of the branch P (b. 3. then the solution substitution is stored at the leaf node of B . can be achieved with the mechanism of memorization of so-called failure substitutions. 1. if a substitution is computed such that one of the failure substitutions stored at the node N is more general than . PROCEDURE 164 (Local failure caching). 2. Whenever a branch B in a tableau at a node N in T has been closed via N 0 . then is turned into a failure substitution. has the disadvantage that it is not easily possible to implement subsumption techniques in an adequate way. 1. let N be a node in T and T the tableau at N . then is called a failure substitution for N . A restricted concept of subsumption deletion. Given an initial segment T of a tableau search tree for a tableau calculus and a depth-ﬁrst branch selection function. then all failure substitutions at B are deleted. since at each time only one tableau is in memory. backtracking occurs. Assume we are performing an iterative-deepening procedure and are exploring a certain ﬁnite initial segment T of the search tree.. 2. 1994] the term ‘anti-lemmata’ was used for this technique.. for some substitution (i. Let furthermore S denote the set of open branches of T and B the selected branch. which is performed with iterative-deepening search procedures. then the proof procedure immediately backtracks. If the subtree of the search tree T with root N 0 does not contain a closed tableau. a subrefutation of the branch B has been achieved). The working of this method can be comprehended by considering the set of clauses S given in Example 161 and the corresponding Figure 11. Then. When the search node N at which B was selected for solution is backtracked. y=bg is annotated at the top 18 In [Letz et al. a. DEFINITION 163 (Solution substitution. however. Suppose further that the tableau on the left is found ﬁrst by the search procedure. In any alternative solution attempt of the branch B below N . We describe how failure substitutions are applied in a search procedure which explores tableau search trees in a depth-ﬁrst manner using backtracking. z ) in the segment T has been detected (note that S is satisﬁable). If no closed tableau is found below N 0 and the proof procedure backtracks over N 0 . then is called a solution (substitution) of B at N via N 0 . failure substitution).FIRST-ORDER TABLEAU METHODS 187 enumeration of tableaux. But the failure substitution = fx=a.18 We present the method for depth-ﬁrst branch selection functions only.e. . If N 0 with tableau T 0 is a node below N in the search tree T such that the set of open branches of T 0 is (S n fB g) .

Using the local method. Their application. a permanent failure (and solution) cache is installed. First. Those mechanisms have the widest application. together with its possible expansions. it works for any type of tableau enumeration procedure which is implemented using backtracking. however. we consider socalled liberalizations of the -rule which may also lead to nonelementarily smaller tableau proofs. Since in automated deduction normally a transformation into . Experimental results conﬁrm the theoretical conjecture that a signiﬁcant search pruning effect can be achieved with the method. 6 EXTENSIONS OF TABLEAU SYSTEMS The analytic tableau approach has proven successful. since the work of Gentzen [1935] that the purely analytic paradigm suffers from a fundamental weakness. In the global method. then the goal tree of T subsumes the goal tree of the alternative tableau. which. also the local failure caching mechanism is integrated in an efﬁcient way. Second. Whenever a failure substitution for a tableau branch B in a tableau T is more general than a substitution computed during an alternative solution attempt of B . is restricted to formulae that are not in Skolem form. failure substitutions do not survive the existence of a branch B . we shall review methods which can remedy this weakness and lead to signiﬁcantly shorter proofs.. In this section. since they already improve the behaviour of tableaux for propositional logic. namely. in its full form. by employing constraint technology. z=cg is computed which is subsumed by .188 REINHOLD LETZ left node. This means that the right tableau is ignored. may lead to nonelementarily smaller tableau proofs. It should be noted that this mechanism is not limited to the clausal case. 1994]. 1992]. The mechanisms are all centered around the (backward) cut rule. This shows that local failure caching achieves a restricted form of subsumption deletion. In the version of the calculus described in [Letz et al. the smallest tableau proof may be extremely large if compared with proofs in other calculi. the substitution = fx=a.. It is well-known. This method is more powerful. both proof-theoretically and in the practice of automated deduction. In the alternative solution attempt of the branch displayed on the right. however. which is used on every future branch B 0 in which the literals are instances of the literals on the branch B . for very simple examples. but it is very expensive and needs an enormous amount of memory. That is. This signiﬁcantly reduces the amount of memory. we present mechanisms that amount to adding additional inference rules to tableau systems. 1992] is an efﬁcient implementation of the regular connection tableau calculus. The propositional aspects of those extensions have already been elaborated in the previous chapter. The term ‘local’ has been used in order to distinguish this method from a global method of failure caching described in [Astrachan and Stickel. the poor deductive power. y=b. The methods we mention are of three completely different sorts. The theorem prover S ETHEO [Letz et al.

since it blows up the search space. obviously. DEFINITION 166 ( -cut rule). It is motivated by the fact that free variables in tableaux need not necessarily be treated as rigid by the closure rule. That tautologies need not be used as expansion formulae in a tableau is evident from the fact that. note that the effect of the cut rule can be simulated by adding. only two open branches have been added. whenever there exists a closed tableau with cuts for an input set S . which normally is a lower bound to the length of any analytic tableau proof. afterwards perform the -step on the new right branch. for every applied cut with cut formula F . then there exists a closed cut-free tableau for S . The problem therefore is to perform cuts in a controlled manner. ﬁrst. since it can only be effective for free-variable tableaux. from the perspective of proof search. F j :F The formula F is called the cut formula of the cut step. an unrestricted use of the cut rule is highly detrimental.1 Controlled Integration of the Cut Rule Gentzen’s sequent calculus [Gentzen. DEFINITION 165 ((Tableau) cut rule). While this qualiﬁes the cut rule as one of the fundamental methods for representing proofs in a condensed format. (Cut) The cut rule is logically redundant. 6. by performing a cut in combination with the -rule only. Even the following stronger redundancy property holds. the rule has the disadvantage that it violates the tableau subformula property. for every interpretation and variable assignment. the special tautological formula F _:F to the input set. 1935] contains the cut rule which in the tableau format can be formulated as follows. for instance. perform a cut step with one of the formulae 1 or 2 .FIRST-ORDER TABLEAU METHODS 189 Skolem form is performed. Whenever a -step is to be applied. For this. The (tableau) cut rule is the following tableau expansion rule where F is any ﬁrst-order formula. one of the tableau subformulae of a tautology will become true. . Statman. Finally. 1979]. they can lead to nonelementary reductions of the proof length [Orevkov. since then the cuts can be performed by using the -rule on those tautologies. 1979. Since one of the new branch is closed. The entire operation is displayed in Figure 12. So in a sense the power of the cut can already be contained in an input set if the right tautologies are contained.e. i. Although tautologies and therefore the cut rule are redundant. the techniques seem mainly interesting as an improvement of this transformation. we consider in some more detail a line of improvement which is ﬁrst-order by its very nature. Consequently. The generalization of the rule results in a calculus in which the complexity of proofs can be signiﬁcantly smaller than the Herbrand complexity of the input formula.. A controlled application of the cut rule can be achieved.

19 Interestingly. the + -rule introduced in Sec- 9y:P (y)) requires two applications of the 19 On should mention. a more restrictive variant of the + -rule was given. for any atomic sentence tableau proof. the proof shortening effect of the -cut rule is studied extensively. 1994]). -rule with cut like in the standard -rule.. the converse. who identiﬁed a condition under which a Skolem term in a -rule application need not be new. Any closed sentence tableau for the formula 8x(P (x) ^ -rule whereas there is a closed freevariable tableau with only one application of the 0 -rule. 1994]) also the effect of the -cut rule on connection tableaux is analyzed and some weaknesses of the rule for the free-variable case are identiﬁed. there is a free-variable tableau proof of the same tree size. does not hold. It is shown there that. This property sufﬁces for guaranteeing that there exist no inﬁnite decomposition sequences. shorter sentence tableau proofs can be constructed. which can lead a to signiﬁcantly shorter tableau proofs [Baaz and Ferm¨ lle. 1996]. as demonstrated in [Egly.. Interestingly. 6. 1995]. This leads to a generalization of the rule to the so-called folding up rule. Liberalization of the -rule means reducing the number of variables to be considered in the respective Skolem term. that this weakness has already been recognized in [Smullyan. u EXAMPLE 167. 1968]. in the ﬁrst edition of Fitting’s book [1996]. a shortening to a linear proof length can be obtained with the -cut rule. The reason lies in the use of the + -rule in free-variable tableaux taken from [H¨ hnle. but one of the branches has one more formula on it which can additionally be used for closure. for certain propositional formulae with only exponential cut-free tableau proofs. In the previous chapter. So. With this liberalization. In ﬁrst-order logic. .2 Liberalizations of the -Rule Our completeness proof of free-variable tableaux has revealed that.190 REINHOLD LETZ 1 QQ 1 : Q1Q 2 2 QQ 1 : Q2Q 2 Figure 12. 1994. 1997]. even a nonelementary proof length reduction can be achieved. for the case of propositional logic (see also [d’Agostino and Mondadori. In [Letz et al. The -cut rule fulﬁls the weaker tableau subformula property that any formula in a tableau is either a tableau subformula or the negation of a tableau subformula in the input set. in which the new Skolem term had to contain all variables on the branch and not only the ones contained in the respective formula. 1994] and [Letz et al. Fitting.

we will therefore draw the radical consequence and also liberalize the closure rule in such a manner that ground satisﬁability is no more preserved. a pairwise comparison between the four mentioned Skolemization methods (the one + in [Fitting. The thus improved -rule is named ++ . 1996]. the -formula 9x(P (y ) ^ P (x)).t. for example. for each of the improvements. the system of free-variable tableaux (Deﬁnition 125) introduced in Section 4 is somewhat undecided in its treatment of free variables. With the + -rule a unary Skolem term f (y ) has to be used. Consider a -formula of the form 9y (F ^ G) .r. In the paper. + . however. in general. for which a nonelementary proof length reduction can be achieved w. In the last part of this section. The closure rule (C). Consider. and this is what counts. there is no notion of relevant free variables in a -formula which is both minimal and can be computed efﬁciently. But it is evident that y is irrelevant and a Skolem constant a could be used instead. The corresponding rule is called . smaller tableau proofs can be formulated. 1993]. 9y:P (y)gg which is not 8-satisﬁable. This can be illustrated with the following simple consideration. preserves ground satisﬁability and hence subscribes to a rigid interpretation of the free variables. In [Baaz and Ferm¨ lle. however. the notion of ground satisﬁability was introduced [Fitting. The difference between the old and the new + -rule is that the old one preserves ground satisﬁability. this method is further liberalized by identiu fying a relevant subset of the free variables in and excluding the other variables from the Skolem term. that with the new system. however. but the new one does not. there are example formulae. This method can identify the irrelevancy of the variable y in the aforementioned example. 1996].. 1995]. but the converse does not hold. and ) is made w. Note that. in the sense that it includes a minimal number of variables in the Skolem term.r. A collection C of sets of formulae is ground satisﬁable if every ground instance of C has a satisﬁable element. The original idea of a rigid interpretation of the free variables in a tableau is that they may stand for arbitrary ground terms. DEFINITION 168 (Ground satisﬁability). So. it is shown that for each formula stemming from the same occurrence in the input set and each number n of free variables in . In [Beckert et al. There are a number of improvements of the + -rule which shall brieﬂy be mentioned here. Furthermore. In a sense. always the same Skolem function symbol f n may be used without affecting the soundness of the rule. the proof shortening effect that may be obtained. The gain is that with the new rule again a size-reduction of tableau proofs can be achieved.FIRST-ORDER TABLEAU METHODS 191 tion 4 is already a liberalization of the original -rule in free-variable tableaux. Accordingly. the notion of relevancy deﬁned there can be decided in linear time.t. Interestingly. The + -rule is by far not the “best” Skolemization rule. As an example consider the ground satisﬁable collection ffP (x). One may argue. this older version of free-variable tableaux is conceptually cleaner with respect to the ‘rigid’ treatment of free-variables. + . the previous rule in the sequence. Evidently. 8-satisﬁability of a collection C entails ground satisﬁability.

thus producing a renaming of x in F . The generalization rule is the following expansion rule which can be applied to any open branch of a tableau (G) DEFINITION 169 (Local variable). i. Now B is equivalent to 8xB . So the constraint for any notion of relevant variables is that it be efﬁciently computable. The generalization rule preserves 8-satisﬁability. it is apparent that the generalization rule does not preserve ground satisﬁability. A variable x occurring free on an open tableau branch is called local (to the branch) if x does not occur free on other open branches of the tableau. 8xB is strongly equivalent to B 0 . [Beckert and H¨ hnle. And. Consequently.r. then any formula containing x can be treated as universally quantiﬁed20 in x. the satisﬁability of B entails the satisﬁability of B 0 . Then B1 _ _ (B ^ 8xF ) _ _ Bn is the open branch formula B 0 of T 0 . However.3 Liberalization of the Closure Rule The ﬁnal improvement of the tableau rules that we investigate is again of a quantiﬁcational nature.192 REINHOLD LETZ containing a free variable x in G but not in F . DEFINITION 170 (Generalization rule). It deals with the problem that the rigid interpretation of free variables often leads to an unnecessary lengthening of tableau proofs. assume F is any formula on an open branch B of T and T 0 is the tableau obtained by adding the formula 8xF to B . 20 In 8xF F where x is a local variable. Since x does occur free in B only. it is clear that the new universal formula will be decomposed by the 0 -rule. Since we are mainly interested in calculi performing atomic branch closure. the universal closure of the formula w. as instantiations are only performed in closure steps. a .t. PROPOSITION 171. which is undecidable in general. 1992]. the variable x is not relevant. If a variable is local to a branch. 6. Proof. This naturally leads to a local version of the closure rule..e. the variable could be added to the branch. since it violates the tableau subformula property. obviously. Let us formulate this as a tableau rule. the term universal variable was used for a similar notion. Let B = B1 _ _ B _ _ Bn be the open branch formula of T with B = F1 ^ ^ F ^ ^ Fm . the generalization rule is just of a theoretical interest. Given a tableau T with a local variable x. we would perform the generalization implicitly. We work with the coincidence between 8-satisﬁability and the satisﬁability of the open branch formula of a tableau. exactly at that moment. Then. As a matter of fact. Suppose further that 9y (F ^ G) be strongly equivalent to F ^ 9yG. but this might only be identiﬁable by proving the strong equivalence of two formulae.

Although the displayed tableau has no unsatisﬁable ground instance. and the ordinary closure rule. the order in which branches are selected can strongly inﬂuence the size of the ﬁnal tableau. the variable x is not local on the left branch and a renaming of x is not permitted. it can be renamed and the two remanining branches can be closed using the local closure rule.t. 8x(R(x) _ R(f (x))) X8x(:R(x) _ :R(f (f (x)))) ^ :R(x) R(y) R(f (y)) XXX :R(f (f (x))) X X X R(f (f (x))) XXX R(f (f (f (x)))) X X X X :R(f (x))X R(f (x)) XXX :R(f (f (f (x)))) R(f (f (x))) Figure 13.FIRST-ORDER TABLEAU METHODS 193 DEFINITION 172 (Local reduction rule). is that the local reduction rule permits to build refutations that are smaller than the Herbrand complexity of the input. Note also. .r. and L a variable renaming of all local variables in L w. however. Assume the tableau construction is performed using a right-most branch selection function. the local closure rule is the following rule.t. the soundness of the local reduction rule assures that we have indeed refuted the input set. Closed clausal tableau with local reduction rule Using the local closure rule instead of the standard closure rule. Suppose K and L are two literals on a branch of T . Let T be a tableau and S the set of formulae in T . As long as the right part of the tableau is not closed. S . The gain. Consequently. (CL ) Modify T to T if is a minimal uniﬁer for fK . The crucial difference then occurs when the right part of the tableau is closed and a tableau clause of the form R(y ) _ R(f (y )) is attached on the left.r. as illustrated with the following tableau which is smaller than the one given in Figure 8. Lg The soundness of the local closure rule follows from the fact that its effect can be simulated by a number of applications of the generalization rule. and consider the branch as closed. that tableau calculi containing the generalization rule or the local reduction rule are not independent of the branch selection function. S fK g. the 0 -rule. one can achieve a signiﬁcant shortening of proofs. Let K be a variable renaming of all local variables in K w. Since the variable x is now local. Then.

[Bibel. Boy de la Tour. 1997] U. Mondadori. [d’Agostino and Mondadori. Stickel. R. Fitting. The taming of the cut. 1997. 1955] E. Non-elementary Speedups between Different Versions of Tableaux. [Bernays and Sch¨ onﬁnkel. 1993] B. A Rehabilitation of Robinson’s Uniﬁcation Algorithm. 1992. Automated Theorem Proving. pages 121–128. First-Order Logic and Automated Theorem Proving. 5th Workshop on Theorem Proving with Analytic Tableaux and Related Methods. 1996] M. a u REFERENCES [Andrews. and P. Proceedings of the 11th Conference on Automated Deduction (CADE-11). Eder. Bibel and B. G. 28:633–645. Beckert and J. Journal of the ACM. pages 217–230. Second edition. Caching and Lemmaizing in Model Elimination Theorem Provers. Non-elementary Speed-ups in Proof Length by Different Variants of Classical Analytic Calculi. Journal of the Association for Computing Machinery. In Information Processing. North-Holland. 1959] E. Journal of Logic and Computation. Annals of Pure and Applied Logic. 1996. Theorem Proving via General Matings. 1992] O. 4th Workshop on Theorem Proving with Analytic Tableaux and Related Methods. American Journal of Mathematics. Billon. 1996] M. 1959. 28(2):193–214. First-Order Logic and Automated Theorem Proving. Bibel. The Disconnection Method. Springer. pages 158–172.. Proceedings of the 10th International Conference on Automated Deduction. W. H¨hnle. [Boy de la Tour. Mededlingen der Koninklijke Nederlandse Akademie van Wetenschappen. Germany. Complexity of Resolution Proofs and Function Introduction. 1990. 1985] E. 57:181–215. An Unsolvable Problem of Elementary Number Theory. 1994] B. On Matrices with Connections. LNAI 607.194 REINHOLD LETZ ACKNOWLEDGEMENTS I would like to thank Reiner H¨ ahnle for his corrections and comments on a previous version of the text. 1993. 1987] W. 4(3):285–319. Schmitt. 1981. 1996. 1994. Mathematische Annalen. 1981. 1987. An Implementation of a Theorem Prover based on the Connection Method. pages 108–119. Springer. 1936. Beth. Saratoga Springs. The even more liberalized -rule in free a variable semantic tableaux. Astrachan and M. leanTA lean. Springer. 1928] P. W. First edition. [Astrachan and Stickel. Technische Universit¨ t M¨ nchen. 1992. Beckert. 1992] a [Beckert et al. Proceedings of the 3rd Kurt G¨ del Colloquium. Bibel. [Eder. Springer. Second revised edition of [Fitting. In Proceeding of TABLEAUX’97. Amsterdam. W. tableau-based theorem provP: ing.-P. Corbin and M. Semantic Entailment and Formal Derivability. North-Holland. Ferm¨ uller. Baaz and A. [Beth. pages 224–238. Bernays and M. 99:342–372. E. 1990. Springer. Bidoit. editors. pages 108–119. 1981] W. [Beckert and H¨ hnle. 1992] M. [Church. AIMSA: Artiﬁcial Intelligence Methodology Systems Applications. Braunschweig. 1994] M. Minimizing the Number of Clauses by Renaming. Fitting. Egly. [Billon. 1983. [Fitting. 18(13):309–342. Leitsch. In W. 1996. 1996] J. [Baaz and Leitsc. 58:345–363. North–Holland. [Corbin and Bidoit. Petkoff. 1995] M. 1996]. 1955. Sch¨ onﬁnkel. 1928. d’Agostino and M. Andrews. In Proceedings of Tableaux96. The Foundations of Mathematics. Vieweg Verlag. 1990] T. 1981] P. 1985. [Egly. [Fitting. Beth. Church. Baaz and C. pages 909–914. [Beth. Posegga. 1995. Proceedings of the 12th International Conference on Automated Deduction. [Baaz and Ferm¨ ulle. pages 558–572. In Proceedings of Tableaux95. 1994. In Computational Logic and Proof Theory. Zum Entscheidungsproblem der Mathematischen Logik. 1983] J. [Bibel. . 1936] A. o [Beckert and Posegga.

1982. [Krivine. 27(4):797–821. 1978. Mayr. Letz.. Semantics Based Translation Methods for Modal Logics. PhD thesis. J. pages 201–215. 1991] H. Foundations of Deductive Databases and Logic Programming (ed. [Korf. Reidel. 1930. Cl. Paterson and M. 1994] S. [Herbrand. 1991. M. In Proceeding of TABLEAUX’97. Ackermann. 1979] V. Form and Content in Quantiﬁcation Theory. Johnson. 1930. Forthcoming. translation in [Szabo. 1978] M.-P.FIRST-ORDER TABLEAU METHODS 195 [Gentzen. Die Vollst¨ndigkeit der Axiome des logischen Funktionenkalk¨ Monato o a uls. 1928] D. 1978] D. Internal Rep. Recherches sur la th´orie de la d´ monstration. English translation in J. Garey und D. [Loveland. [Garey and Johnson. 1997. 15(2):236–251. W. u Springer. [Hilbert and Bernays. Vol. Technische Hochschule Darmstadt. 37:349–360. J. [Letz. 1980] G. SETHEO: A High-Performance Theorem Prover. [G¨ del. [Klingenbeck and H¨hnle. 1994] R. Wrightson (editors). Montanari. Maher. [Ohlbach. 1976] G. Journal of Automated Reasoning. Marriott. Steklova AN USSR. Klingenbeck and R. Universit´ de Paris VII. pages 285–297. Vol. 1976. Structures and Complexities of First-order Calculi. S. The liberalized -rule in free variable semantic tableaux. u [H¨ hnle. [Letz. Ohlbach. 1(5):691–746. 1992. pages 708–722. [Hintikka. Schumann. [Orevkov. 1994] R. shefte f¨ r Mathematik und Physik. 1998] R. An Efﬁcient Uniﬁcation Algorithm. Letz. Los Altos. 1985. 39:176–210 and 405–431. Minker). [Huet. 2. and K. 1930] J. Introduction to Axiomatic Set Theory. Zapiski Nauchnykh Seminarov Leningradskogo Otdeleniya Matematicheskogo Instituta im V. 1982] A. Springer. 27:97–109. S. Subgoal Alternation in Model Elimination. 1969] D. Travaux de la Soci´ t´ e e ee des Sciences et des Lettres de Varsovie. 1934] D. 1960. Springer. Mechanical Theorem Proving by Model Elimination. 1993] R. Uniﬁcation Revisited. 1960] D. 1997] O. 8:7–55. J. 1992] R. Journal of Logic and Computation. 1994. Resolution d’equations dans les languages d’ordre 1. In Proceedings of the 12th International Conference on Automated Deduction. Grundz¨ ge der theoretischen Logik. Wegman. Conﬂuent Reductions: Abstract Properties and Applications to Term Rewriting Systems. Journal of Automated Reasoning. H¨ hnle and P. [Letz et al. Theoria. First-Order Calculi and Proof Procedures for Automated Deduction. Automation of Reasoning. [Martelli and Montanari. translation: Mathematical Logic. Huet. Mathematische Zeit¨ schrift. Hilbert and P. Huet. 1988. Untersuchungen uber das logische Schließen. 1983. Journal of the Association for Computing Machinery. : : : . Chelsea. 1969]. 2. 1978. J. Morgan Kaufmann Publishers. e [Huet. Uniﬁcation in Linear Time and Space: a Structured Presentation. ACM Transactions on Programming Languages and Systems.-J. Artiﬁcial Intelligence. 88:137–161. Letz. 1955] K. K. 1928. Journal of Computer and Systems Sciences. Prawitz. Grundlagen der Mathematik.-phys.S. Schmitt. Semantic tableaux with ordering rea a strictions. North-Holland. 2337-2350. G¨ del. Siekmann and G. Acta Philosophica Fennica. Orevkov. 1978. Classical Papers on Computational Logic. [Loveland. Montanari. 1930] K.. Herbrand. Letz. 8(2):183–212.. Linear Uniﬁcation. Hintikka. B76-16. Freeman. Loveland. [Ibens and Letz. Krivine. Korf. Soviet Mathematics. Depth-First Iterative Deepening: an Optimal Admissible Tree Search. III. 33:33–160. Bayerl. 1935] G. No. J. 1971] J. 1971. a a Journal of Automated Reasoning 13(2):211–221. Bernays. 1979. [Letz et al. 1968. Journal of the Association for Computing Machinery. An Improved Proof Procedure. 1976. 13:297–337. Bibel. W. Martelli and U. 1950. Loveland.-L. 26:102–139. 1978] M. . [Hilbert and Ackermann. 1982. H¨hnle. Advances and Problems in Mechanical Proof Procedures. E. 1976] A. 1988] J. No. Goller. [Prawitz. N. New York. Ibens and R. Automated Theorem Proving: a Logical Basis. 2. [Lassez et al.R. In J. pages 587–625.. Lassez. Martelli and U. Technical report. 1985] R. pages 258–282. 4. [Paterson and Wegman. Gentzen. PhD thesis. [Prawitz. 1. 1994. Engl. 1993. math. 1955. Prawitz. 1994. [Martelli and Montanari. and W. 1980. Lower Bounds for Increasing Complexity of derivations after Cut Elimination. Springer. A. 1935. Controlled Integration of the Cut Rule into Connection Tableaux Calculi. Vol. 16:158–167. and C. Letz. Computers and Intractability: A Guide to the Theory of NP-Completeness. Engl. 1968] D. Hilbert and W. J. Dordrecht. !.-L. 1934.

Studies in Logic and the Foundations of Mathematics. 1989. Szabo. [Stickel. Mass. Advances in Artiﬁcial Intelligence (Proceedings of AISB-87). 1. The Collected Papers of Gerhard Gentzen. On the Lenghts of Proofs in the Propositional Calculus. Wiley. PhD thesis. 1988] M. Artiﬁcial Intelligence. Reckhow. Smullyan. Hallam. Tarski. Mellish and J. Lower Bounds on Herbrand’s Theorem. 75:104–107. 1936] A. 1988. Cambridge. Der Wahrheitsbegriff in den formalisierten Sprachen. 12:23–41. Soc. Journal of the Association for Computing Machinery. In Proceedings American Math. Semantic tableaux as a framework for automated theorem-proving. On Computable Numbers. University of Toronto. Reeves. 1979. A. Springer. 1987] S. Personal communication. Automated Deduction for Non-Classical Logic. [Statman. 4:353–380. [Wallen. M. Voronkov. Turing. [Turing. [Smullyan. 7:51–64. E. 1965. A. Robinson. 1968. 1976. 1976. 1968] R. A Prolog Technology Theorem Prover: Implementation by an Extended Prolog Compiler. Refutation Graphs. Wallen. [Reeves. North-Holland. [Robinson. 1997] A. [Voronkov. [Shostak. Proceedings of the London Mathematical Society. 1969. Statman. [Tarski. In C. 1997. MIT Press. First Order Logic.. [Szabo. A Machine-oriented Logic Based on the Resolution Principle. 1969] M. S. 1987. M. Stickel..196 REINHOLD LETZ [Reckhow. E. 1979] R. 1936. Journal of Automated Reasoning. pages 125–139. . 1965] J. with an Application to the Entscheidungsproblem. editors. 1989] L. Studia Philosophica. 1976] R. A. 1976] R. Amsterdam. 1936] A. Shostak. 1936. 42:230–265.

1992]. resolution [Stickel. 1992. Difﬁculties can arise with adaptations to tableau calculi for other logics. Reasoning in single models. connection tableaux [Baumgartner et al. and the universal formula versions of semantic tableaux. the connection method [Petermann. 1990].g.. theory reasoning methods have been described for various calculi. model elimination [Baumgartner. for set theory in [Cantone et al. however. and care has to be taken if theory links or theory connections have to be considered [Petermann. Background reasoners have been designed for various theories. Baumgartner. with different -rules. Policriti and Schwartz. e. 1994. is discussed in [B¨ rckert. Baumgartner and Petermann. the reason for using a background reasoner but which makes it impossible to present good background .g. nonmonotonic logics and linear logic). Baumgartner. u One main focus of this chapter is efﬁcient equality reasoning in semantic tableaux. 1998. 1995]. natural numbers. Furbach. in particular if the consequence relation is affected (e. which is. 1998]. 1987]. There is no uniform way for handling theories. in particular for equality reasoning. 1998].. an overview can be found in [Baumgartner et al. e. The general purpose foreground reasoner calls a special purpose background reasoner to handle problems from a certain theory.. 1987a]. after all. Theory reasoning is indispensable for automated deduction in real world domains. 1998]. 1992. 1994.BERNHARD BECKERT EQUALITY AND OTHER THEORIES 1 INTRODUCTION Theory reasoning is an important technique for increasing the efﬁciency of automated deduction systems. with methods for restricting the search space such as connectedness or ordering restrictions. the free variable.g. The knowledge from a given domain (or theory) is made use of by applying efﬁcient methods for reasoning in that domain. 1985. 1989]. Efﬁcient equality reasoning is essential. Following the pioneering work of M.. we describe how to combine background reasoners with the ground. Baumgartner. 1998]. Baumgartner and Petermann. In this chapter. but most speciﬁcations of real world problems use other theories as well: algebraic theories in mathematical problems and speciﬁcations of abstract data types in software veriﬁcation to name a few. with lemma generation. 1992. and the matrix method [Murray and Rosenthal. 1993. All results and methods can be adapted to other tableau versions for ﬁrst-order logic: calculi with signed formulae. Furbach.. etc. path resolution [Murray and Rosenthal. Equality. Stickel. is the only theory that is discussed in detail.

Subst is the set of all substitutions. We use the logical connectives ^ (conjunction). (xi ) = ti (1 i n). i consists of a set P of predicate symbols. which is a method for improving the interaction between foreground and background reasoners. a set F of function symbols. (implication). a formula 2 Form must not contain a variable that is both bound and free in (see Section 1. however.1 First-Order Logic: Syntax and Semantics NOTATION 1. _ (disjunction). there is an inﬁnite set V of object variables. DEFINITION 2. A ﬁrst-order signature = hP . o The chapter is organized as follows: in Section 2. Soundness of these methods is proven in Section 4. A sentence is a formula 2 Form not containing any free variables. and the main classiﬁcations of theory reasoning methods are discussed. Function symbols of arity 0 are called constants. x is bound in if it occurs in inside the scope of a quantiﬁcation (8x) or (9x).198 BERNHARD BECKERT reasoners for all possible theories. there are inﬁnitely many function and predicate symbols. Finally. the basic concepts of theory reasoning are introduced. to avoid . xn 7! tn g. completeness criteria for background reasoners are deﬁned. The second main focus of this chapter is therefore on the interaction between foreground and background reasoners. which plays a critical rˆ le for the efﬁciency of the combined system. the free variable. Lit Form is the set of all literals.1 in the chapter by Letz for formal deﬁnitions of Term and Form ). i. is introduced in Section 8. A substitution may be applied to a quantiﬁed formula . $ (equivalence). Term is the set of all terms and Term 0 Term is the set of all ground terms built from in the usual manner. : : : . F . The ground. : (negation). NOTATION 3. methods for handling equality are described that are based on modifying the input formulae. 2 THEORY REASONING 2. are deﬁned in Section 3. for each arity. and a function assigning an arity n 0 to the predicate and function symbols. In addition. xn g can be denoted by fx1 7! t1 . which are the versions that have to be distinguished for theory reasoning. Incremental theory reasoning. The restriction of to a set W V of variables is denoted by jW . if there is an occurrence of x in that is not inside the scope of a quantiﬁcation (8x) or (9x). : : : . and the universal formula version of semantic tableaux. and Subst Subst is the set of all idempotent substitutions with ﬁnite domain. and the quantiﬁer symbols 8 and 9. In Section 5. Total and partial background reasoners for the equality theory are presented in Sections 6 and 7. A variable x 2 V is free in a ﬁrst-order formula .e. A substitution 2 Subst with a ﬁnite domain fx1 . and methods are presented to add theory reasoning to these versions of tableaux. Form is the set of all ﬁrst-order formulae over . in Section 9.

maps the formulae in Form to the truth values true and false (in the usual way. : : : . n 0. then M satisﬁes the formula (is a model of ). ) j= : A difference between the strong consequence relation j= and the weak consequence relation j= is that the following holds for j= (but not for j=): . I i and all variable assignments : If Form (M. The evaluation function valI. 2.EQUALITY AND OTHER THEORIES 199 undesired results. DEFINITION 7. The combination of an interpretation I and an assignment associates (by structural recursion) with each term t 2 Term an element tI. This is not a real restriction as the bound variables in can be renamed. If valI. if for all structures M = hD. xn is bound in . tn . it is a ground instance. of D. A structure M = hD. ) j= . it is as well called an instance of . A formula is a tautology if it is satisﬁed by all structures. denoted by j= . are In addition to the normal (weak) consequence relation j=. DEFINITION 6.2 in the chapter by Letz). I i for a signature consists of a nonempty domain D and an interpretation I which gives meaning to the function and predicate symbols of . see Section 1. if all structures that are models of models of as well. A variable assignment is a mapping : V ! D from the set of variables to the domain D. : : : . denoted by j= . A formula 2 Form is a (weak) consequence of a set Form of formulae. xn 7! tn g 2 Subst such that 1. A formula 2 Form is universally quantiﬁed if it is of the form (8x1 ) (8xn ) . if there is a substitu- 0= . ) j= for all 2 . we use the notion of strong consequence: DEFINITION 8. none of the variables x1 . A formula 2 Form is a strong consequence of a set of formulae. ( ) = true. DEFINITION 4. DEFINITION 5. : : : . the bound variables in must neither occur in the domain nor the scope of . In this case. where does not contain any quantiﬁcations. which is denoted by (M. M satisﬁes a set of formulae if it satisﬁes all elements of . holds for all assignments . then (M. if a formula 0 is an instance of (Deﬁnition 4). If an instance does not contain any variables. and none of the variables that are bound in occurs in the terms t1 . A formula 0 is an instance of a formula tion = fx1 7! t1 .

often the additional condition (besides satisﬁability) is imposed on theories that they are closed under the logical consequence relation. are extensions of the equality theory E by additional axioms that are universally quantiﬁed equalities. DEFINITION 10. The most important theory in practice is the equality theory E . contrary to the equality theory. then j= for all substitutions 2 Subst . equality predicate is denoted by ity = can arise. yn )) (3) for all predicate symbols p 2 P : (f ) (monotonicity for function symbols). EXAMPLE 11. yn ))) (8x1 ) where n = (8xn )(8y1 ) (p) (monotonicity for predicate symbols). A theory T Form is a satisﬁable set of sentences. : : : . : : : . Without that restriction. In the literature. (8yn)((x1 y1 ^ : : : ^ xn yn ) (p(x1 . (8x)(8y)(8z )((x < y) ^ (y < z ) (x < z )) (transitivity). : : : .200 BERNHARD BECKERT LEMMA 9. An important class of theories. Symmetry and transitivity of are implied by reﬂexivity (1) and monotonicity for predicate symbols (3) (observe that 2 P ). xn ) f (y1. xn ) p(y1 . called equational theories. : : : . if 2.1 It consists of the following axioms: (1) (8x)(x x) (reﬂexivity). we do not have to distinguish between a theory and its deﬁning set of axioms. The theory OP of partial orderings consists of the axioms (1) (2) OP is a ﬁnite theory. 2P such that no confusion with the meta-level equal- . it does not contain monotonicity axioms. (8x1 ) where n = (2) for all function symbols f 2F : (8xn )(8y1) (8yn)((x1 y1 ^ : : : ^ xn yn ) f (x1 . 1 The (8x):(x < x) (anti-reﬂexivity). 2 Form . Given a set Form of formulae and a formula j= .2 Theories We deﬁne any satisﬁable set of sentences to be a theory. EXAMPLE 12.

commutativity of f . if for all T structures M and all variable assignments : If The deﬁnitions of structure. else it is T -unsatisﬁable. 3. it is an equational theory. z ))) and which state associativity resp. in addition to E . f (y. Let T be a theory. if is satisﬁed by all T -structures that satisfy . A formula (a set of formulae) is T -satisﬁable if there is a T -structure satisfying (resp. denoted by j=T . denoted by j=T . T f: g is unsatisﬁable. (8x)(8y)(8z )((x y) z (8x)( x e (8x)( x x 1 x (y z )) x ) e ) DEFINITION 15. 1989]. A sentence is a T -tautology if it is satisﬁed by all T -structures. . z ) f (x. ). The AC-theory for the function symbol f contains (besides E ) the additional axioms (8x)(8y)(8z )(f (f (x. y) f (y. and logical consequence are adapted to theory reasoning in a straightforward way: (M. T j= . f: g is T -unsatisﬁable. the fol- j=T . Given a theory T . and a sentence . 2. tautology. A T -structure is a structure that satisﬁes all formulae in T . of sentences. satisﬁability. x)) . Other typical examples for equational theories are speciﬁcations of algebraic structures: EXAMPLE 14. ) j= for all 2 . a set lowing propositions are equivalent: 1. A formula is a strong T -consequence of a set of formulae. ) j= : LEMMA 16. A formula is a (weak) T -consequence of a set of formulae.EQUALITY AND OTHER THEORIES 201 An overview of important equational theories and their properties can be found in [Siekmann. the equalities (8x)(8y)(f (x. then (M. Group theory can be deﬁned using. y). EXAMPLE 13. 4.

Theories deﬁned this way are always complete. DEFINITION 18. either or : is a T -tautology. The theory T = f(9x)p(x)g is not universal. because M j= or M j= : for all sentences . where T is deﬁned as the set of all formulae that are true in a given structure M . all considerations are usually restricted to universal theories. for example. THEOREM 19. A set of universally quantiﬁed formulae is T -unsatisﬁable if and only if there is a ﬁnite set of ground instances of formulae from that is T -unsatisﬁable. A theory T is complete if. Another important method for characterizing a theory T —besides axiomatization—is the model theoretic approach. EXAMPLE 20. An extension of OP that contains the density axiom (8x)(8y)((x < y) (9z )((x < z ) ^ (z < y))) . In the literature on theory reasoning. An example for a theory that is not axiomatizable is the set T of all satisﬁable sentences. An example is = f(8x)(:p(x))g.202 BERNHARD BECKERT 2. then the set of T -tautologies is decidable. including equality. A theory T is (ﬁnitely) axiomatizable if there is a (ﬁnite) decidable set Form of sentences (the axioms) such that: 2 Form is a T -tautology if and only if j= . then the set of T -tautologies is enumerable. for all sentences 2 Form . EXAMPLE 21. Let T be a universal theory. only literals or clauses). even the set f:p(t) j t 2 Term 0 g of all ground instances of is T -satisﬁable (using a T -structure where not all elements of the domain are represented by ground terms). however.3 Properties of Theories The following deﬁnitions clarify which properties theories should have to be useful in practice: DEFINITION 17. because the Herbrand-type Theorem 19 holds exactly for universal theories [Petermann. A theory T is universal if it is axiomatizable using an axiom set consisting of universally quantiﬁed formulae (Deﬁnition 4). Consequently. there are sets of universally quantiﬁed formulae that are T -unsatisﬁable whereas all ﬁnite sets of ground instances of formulae from are T -satisﬁable.g. If a theory T is axiomatizable. All theories that we are concerned with. This theorem is essential for theory reasoning if the background reasoner can only provide formulae without variable quantiﬁcations (e. because it is easy to get around using Skolemization. it may. the case if theory reasoning is added to clausal tableaux or resolution. The restriction to universal theories is not a problem in practice.. 1992]. are axiomatizable. this is. If T is both axiomatizable and complete. be undecidable (a simple example for this is the empty theory).

Ri is a refuter for a key . f:(a b)gi hfx 7! ag. Table 1 shows some examples for E -refuters. f (x) xg id fx 7! ag id hid .4 Basic Deﬁnitions for Theory Reasoning The following are the basic deﬁnitions for theory reasoning: DEFINITION 22. and. :p(b)g fp(f (a). (8x)(f (x) x)g hid . . f (b))gi hfx 7! bg . ( ) = false. it is undecidable whether a pair h . . I i and all variable assignments . : : : . k g Form of formulae (k 0) is a T -residue of if there is a substitution 2 Subst such that 1. EXAMPLE 25. y)) ^ (between (x. The set f:(x x)g is both E -unsatisﬁable and E -complementary. valI. DEFINITION 24. fp(a. b)gi fp(f (a). Ri is called a T -refuter for . b)gi Table 1. fp(a. called key. y) < y))) : 2. If the residue R is empty. It can be made universal by replacing the above axiom with E -Refuter (8x)(8y)((x < y) ((x < between (x. Then the pair h . the substitution is called a T -refuter for (it is identiﬁed with h . it is. In general. The following lemmata are immediate consequences of the deﬁnitions: . R=R j=T 1 _ : : : _ k (in case R is empty: j=T false).EQUALITY AND OTHER THEORIES 203 Key f:(a a)g f:(x a)g f(8x)(:(x a))g fp(a). T -complementarity generalizes the usual notion that formulae and : are complementary. 2. consequently. Examples for E -refuters is not a universal theory. Let Form be a ﬁnite set of formulae. The set f:(x y )g is E -unsatisﬁable. however. not E -complementary because a variable assignment may assign different elements of the domain to x and y . EXAMPLE 23. fp(f (a). it is undecidable whether a formula set is T -complementary.i). A ﬁnite set R = f 1 . f (b)). for all T -structures hD. A set Form of formulae is T -complementary if. f (b)).

Given a universal theory T such that there are inﬁnitely many function symbols of each arity n 0 in F that do not occur in T . Let T be the theory fp(t) j t 2 Term 0 g that violates the precondition of Theorem 29. k g. Let function THEOREM 29. Given a theory T . Nevertheless. for all keys and such that : if R( ) is deﬁned. The formula :p(x) is not T -complementary because there may be elements in the domain of a T structure that are not represented by any ground term.g. a background reasoner for T is a partial such that. By deﬁnition there is no restriction on what formulae may occur in keys or refuters. Given a theory T . 2. : : : . To model this. R=R THEOREM 28. for all keys Form for which R is deﬁned. however. of formulae form a refuter h . R : 2Form ! Subst 2Form . Ri for a set 1. sets of literals or clauses): EXAMPLE 30. for all keys for which R is deﬁned. a substitution k 0. A background reasoner R is total if. In practice. we deﬁne background reasoners to be partial functions on the set of all possible keys: DEFINITION 31. Provided that the signature contains enough function symbols not occurring in a universal theory T . then R( ) is deﬁned and R( ) R( ).e. all instances of :p(x) are T -unsatisﬁable. a set of formulae that does not contain any quantiﬁers is T -complementary if and only if the existential closure 9 of is T -unsatisﬁable. Given a theory T . which shows that the pre-condition of Theorem 29 is indispensable. : k g is T -complementary. : : : .. then a set of formulae that does not contain any bound variables is T -complementary if and only if all ground instances of are T -unsatisﬁable. the residues of all refuters in R( ) are empty. to restrict the search space. i. . There is an alternative characterization of T -complementary sets that do not contain bound variables (e. A background reasoner R is monotonic if. R( ) is a set of T refuters for . background reasoners do not compute refuters for all kinds of keys. keys are restricted to be sets of literals or universally quantiﬁed literals). as all function symbols occur in T . R( ) Subst . and they do not compute all possible refuters (typically. of formulae if and only if f: 1 . T -refuter for a and a set R = f 1 . LEMMA 27.204 BERNHARD BECKERT LEMMA 26. a substitution 2 Subst is a set of formulae if and only if the set is T -complementary. a quantiﬁer-free formula set is T -complementary if all its instances are T -complementary: T be a theory.

A background reasoner may. thus have been proven to be T -complementary by the background reasoner. could be divided into several expansion steps followed by a simple closure step. the formula 1 _ : : : _ k is added to the set of derived formulae and the substitution is applied. Ri for . however. which computes refuters h . t < t00 i 2 R( ). : : : . this means that B is closed if the substitution is applied. do the opposite: hid . then id 2 R( 2. t0 . where (usually) the key is taken from a tableau branch B . only computes refuters with an empty residue R.): A key is chosen from the set of formulae already derived by the foreground reasoner and is passed to the background reasoner. In the tableau framework.e. 3. let R( ) be the smallest set such that: 1. 2. There are two main approaches: if the background reasoner is total. however. If the foreground reasoner is then able to show that for some substitution the set ( f 1 _ : : : _ k g) is T -unsatisﬁable. Although total theory reasoning can be seen as a special case of partial theory reasoning. for all terms t 2 Term : if t < t 2 ). we speak of total theory reasoning else of partial theory reasoning. i. the restriction to total theory reasoning leads to a much smaller search space for the foreground reasoner. A background reasoner for the theory PO of partial orderings can be deﬁned as follows: For all keys . using partial reasoning.5 Total and Partial Theory Reasoning The central idea behind theory reasoning is the same for all calculi based in some way on Herbrand’s theorem (tableau-like calculi. more complex methods have to be employed to ﬁnd refuters. . k g is not empty (k 1). On the one hand. 2 Lit : if The combination of R and the ground version of tableaux leads to a complete calculus for PO (see Section 3. resolution. this proves that is T -unsatisﬁable. but hid . for all terms t. see. . etc. t00 2 Term : if t < t0 . On the other hand. for tableau rules it is sufﬁcient to preserve satisﬁability. : 2 . because there are less refuters for each key and the search is more goal-directed. . then hid . for total theory reasoning.2). f(9x)p(x)gi is a refuter for the key fp(c)g (this deduction usually does not help in ﬁnding a proof. the background reasoner has to make more complex deductions that. the way the foreground reasoner makes use of the refuter is quite difand ferent: no further derivations have to be made by the foreground reasoner. In the case of partial reasoning.EQUALITY AND OTHER THEORIES 205 EXAMPLE 32. In contrary to that. t0 < t00 2 . where the residue R = f 1 . Example 20). fp(c)gi is not a refuter for the key f(9x)p(x)g. then id 2 R( ). for all literals A background reasoner has to compute refuters that are strong consequences of (an instance of) the key. A tableau rule may deduce p(c) from (9x)p(x) where c is new.

for quantiﬁed formulae of universal type. accordingly 1 (t) denotes the result of replacing all occurrences of x in 1 by t. the main divisions being bottom up and top down reasoning.206 BERNHARD BECKERT 2. In the case of .6 Other Classiﬁcations of Theory Reasoning Besides total and partial theory reasoning. We will. This version of tableaux is called ‘ground’.2 The Ground Version of Semantic Tableaux We ﬁrst present the classical ground version of tableaux for ﬁrst-order logic. 1985]. . restrict (nearly) all considerations to keys consisting of literals. The letters . 1995]. or terms [Baumgartner et al. no variables occurring on other branches than B are instantiated. since all these types are subsumed by formula level theory reasoning. . and are used to denote formulae of (and only of) the appropriate type. g is called a -formula. the effect of calling the background reasoner is local if only local variables are instantiated by applying the theory expansion or closure rule to a tableau branch B .1 Unifying Notation Following Smullyan [Smullyan.. and wide theory reasoning. . DEFINITION 33. . One possibility is to classify according to the information given to the background reasoner: (complex) formulae. for formulae of disjunctive type. however. . 3. where all keys consist of literals. A formula of type 2 f . Another possibility is to classify background reasoners according to the type of calculus they use for deductions. Stickel distinguishes narrow theory reasoning. The non-literal formulae in Form are assigned a type according to Table 2. This type of classiﬁcation is not used here. This classiﬁcation is motivated by the tableau expansion rules which are associated with each (non-literal) formula. i. 3 THEORY REASONING FOR SEMANTIC TABLEAUX 3. 1992]. where keys consist of clauses [Stickel. because universally quantiﬁed variables are replaced by ground terms when the -rule is applied. the set of formulae that are not literals is divided into four classes: for formulae of conjunctive type. there are several other ways to distinguish different types of background reasoners. literals. (x) and 1 (x)).and -formulae the variable x bound by the (top-most) quantiﬁer is made explicit by writing (x) and 1 (x) (resp. 1996].e. Local and non-local theory reasoning can be distinguished according to the effect that calling the background reasoner has on the tableau [Degtyarev and Voronkov. and for quantiﬁed formulae of existential type (unifying notation). NOTATION 34. In particular.

Since formulae in ground tableaux do not contain free variables. Table 3.EQUALITY AND OTHER THEORIES 207 ^ :( _ ) : :( ) :: 1 2 : : 1 (x) _ :( ^ ) $ :( $ ) 1 2 : : ^ ^: : : ^: : ^ 1 (x) (8x) (x) (x) :(9x) (x) : (x) :(8x) (x) : (x) (9x) (x) (x) 1 (t) 1 (t) Table 2. and different extensions are implicitly disjunctively connected. thus. we apply the expansion rules starting from the initial tableau ff: gg. where a tableau branch is a (ﬁnite) multi-set of ﬁrst-order formulae. In graphical representations. A tableau is a (ﬁnite) multi-set of tableau branches. have to be sentences. Ri for is computed. Closed branches are removed from the tableau instead of just marking them as being closed. The application of substitutions to formulae . Premisses and conclusions are separated by a horizontal bar. Rule schemata for the ground version of tableaux The calculus is deﬁned using a slightly non-standard representation of tableaux: a tableau is a multi-set of branches. while vertical bars in the conclusion denote different extensions. In Table 3 the ground expansion rule schemata for the various formula types are given schematically. a proof is found when the empty tableau has been derived. To prove a sentence to be a tautology. tableaux are shown in their classical tree form. There is a theory expansion and a theory closure rule. too. and a refuter h . A tableau T is expanded by choosing a branch B of T and a formula 2 B and replacing B by as many updated branches as the rule corresponding to has extensions. Correspondence between formulae and rule types 1 2 1 2 where t is any ground term. DEFINITION 35. The formulae in an extension are implicitly conjunctively connected. the branches of a tableau are implicitly disjunctively connected and the formulae on a branch are implicitly conjunctively connected. where t is a ground term new to the tableau. a key B is chosen from a branch B . the formulae in the residue. as usual. For both rules. which are multi-sets of ﬁrst-order formulae.

k do not contain free variables. 1 .e. . : : : .208 BERNHARD BECKERT . the key is T -complementary and the branch it has been taken from is T -closed. Whether an expansion or a closure rule is to be applied depends on whether the residue R = f 1 . Ri is a refuter for a key taken from a ground tableau. the tableau Ti is constructed from Ti 1. then the tableau is expanded. a ground tableau proof for a ﬁrst-order sentence 2 Form consists of a sequence ff: gg = T0 . : : : .e. if h . Theory expansion and closure rules (ground version) without free variables does not have any effect. The old branch is replaced by k new branches. for 1 (n 0) 1 i n. there is a branch B 2 Ti 1 and a formula 2 B (that is not a literal) . by applying one of the expansion rules for ground tableaux from Table 3. one for each i (since the i are implicitly disjunctively connected). in this and all following schematic representations of rules. and 1 . If the residue R is empty.). where a branch is closed if it contains complementary formulae and : . Given a theory T and a ground background reasoner R for T (Deﬁnition 36). Ri is a refuter for as well. : : : . Table 4. the rule that a branch containing complementary formulae and : is closed does not have to be considered separately). i. for all keys Form for which R is deﬁned. the symbol is used to denote that a branch is closed if the rule is applied.-complementary key f . Tn = . This is a straightforward extension of the closure rule for tableaux without theory reasoning. : : : . then hid . the . .e. it can be seen as a special case of the expansion rule: the old branch is replaced by 0 new branches. . : g (therefore. The closure rule is applied if the residue is empty (k = 0). f 1 . . If k 1. : : : . k g is empty or not. Tn 1 . A background reasoner R for a theory T is a ground background reasoner for T if. 1 where hid . do not contain free variables. i. Thus. it is removed. The rule schemata are shown in Table 4. p g. it is possible to use only refuters of this form for ground tableaux.e. : : : . DEFINITION 37 (Ground tableau proof. k gi (k 1) is a refuter for the key f 1 . T1 . all formulae in R( ) are sentences. thus. i. 1 p k p where id is a refuter for the key f 1 . i. of tableaux such that. p g. DEFINITION 36.

EQUALITY AND OTHER THEORIES

209

t < t0 t0 < t00 t < t00

t<t

:

Table 5. Expansion and closure rules for the theory PO of partial orderings such that

Ti = (Ti 1 n fB g) 8 >f(B n f g) f 1 ; 2 gg > < f(B n f g) f 1 g; (B n f g) f 2 gg >fB f 1 (s)gg > : f(B n f (x)g) f 1 (t)gg

if if if if

= = = (x) = (x)

2. by applying the ground theory expansion rule, i.e. there is a branch B 2 Ti 1 and, for a key B , there is a T -refuter hid ; f 1; : : : ; k gi (k 1) in R( ) such that

where s 2 Term 0 is any ground term, and t 2 Term 0 is a ground term not occurring in Ti 1 nor in T ;

Ti = (Ti 1 n fB g) fB f 1 g; : : : ; B f k gg ;

3. or by closing a branch B 2 Ti 1 , i.e. Ti (i.e. id 2 R( ) for a key B ).

= Ti 1 n fB g where B is T -closed

It is possible to describe a background reasoner using tableau rule schemata. The reasoner from Example 32 then takes the form that is shown in Table 5. Even without theory reasoning, the construction of a closed tableau is a highly non-deterministic process, because at each step one is free to choose a branch B of the tableau and a formula 2 B for expansion. If is a -formula, in addition, a term has to be chosen that is substituted for the bound variable. There are two ways for resolving the non-determinism (actual implementations usually employ a combination of both): (1) fair strategies can be used such that, for example, each formula will ﬁnally be used to expand each branch on which it occurs. (2) Backtracking can be used; if a branch cannot be closed (observing a limit on its length), other possibilities are tried; for example, other terms are used in -rule applications. If no proof is found, the limit has to be increased (iterative deepening). The theory expansion rule makes things even worse, because it is highly nondeterministic. In which way it has to be applied to be of any use, in particular when and how often the rule is applied, and which types of keys and refuters are used depends on the particular theory and is part of the domain knowledge (see Section 5.3).

210

BERNHARD BECKERT

1 2

1

2

where y is a free variable.

1 (y )

where f is a new Skolem function symbol, and x1 ; : : : ; xn are the free variables in .

1 (f (x1 ; : : : ; xn ))

Table 6. Tableau expansion rule schemata for free variable tableau . . .

1

. . .

1

where h ; f 1 ; : : : ; k gi (k 1) is a refuter for the key f 1 ; : : : ; p g, and is applied to the whole tableau.

1

p

k

p

where is a refuter for the key is applied to the whole tableau.

f 1 ; : : : ; p g, and

Table 7. Theory expansion and closure rules (free variable version)

**3.3 Free Variable Semantic Tableaux
**

Using free variable quantiﬁer rules is crucial for efﬁcient implementation—even more so if a theory has to be handled. They reduce the number of possibilities to proceed at each step in the construction of a tableau proof and thus the size of the search space. When -rules are applied, a new free variable is substituted for the quantiﬁed variable instead of replacing it by a ground term, which has to be ‘guessed’. Free variables can later be instantiated ‘on demand’ when a tableau branch is closed or the theory expansion rule is applied to expand a branch. To preserve correctness, the schema for -rules has to be changed as well: the Skolem terms introduced now contain the free variables occurring in the -formula (the free variable rule schemata are shown in Table 6). Again, there is both a theory expansion and a theory closure rule. The difference to the ground version is that now there are free variables both in the tableau and in the refuter (the formulae that are added). When theory reasoning is used for expansion or for closing, the substitution of a refuter h ; Ri has to be applied to the whole tableau; the theory rule schemata are shown in Table 7. In case there is a refuter with an empty residue for a key taken from a branch, that branch is T -closed under the substitution , i.e. it is closed when is applied to the whole tableau. It is often difﬁcult to ﬁnd a substitution that instantiates the variables in a tableau T such that all branches of T are T -closed. The problem is simpliﬁed (as is usually done in practice) by closing the branches of T one after the other: if a substitution is found that closes a single branch B , it is applied (to the whole

EQUALITY AND OTHER THEORIES

211

DEFINITION 38 (Free variable tableau proof.). Let T be a theory and let R be a background reasoner for T , a free variable tableau proof for a ﬁrst-order sentence consists of a sequence

tableau) to close B before other branches are handled. This is not a restriction because, if a substitution is known to T -close several branches, it can be applied to close one of them; after that the other branches are closed under the empty substitution.

ff: gg = T0 ; T1; : : : ; Tn 1 ; Tn = ;

of tableaux such that, for 1

(n 0)

1

i n, the tableau Ti is constructed from Ti

1. by applying one of the free variable expansion rules from Table 6, that is, there is a branch B 2 Ti 1 and a formula 2 B (that is not a literal) such that

Ti = (Ti 1 n fB g) 8 if = >f(B n f g) f 1 ; 2 gg > < f(B n f g) f 1 g; (B n f g) f 2 gg if = if = (x) >fB f 1 (y )gg > : f(B n f (x)g) f 1 (f (x1 ; : : : ; xn ))gg if = (x) where y 2 V is a new variable not occurring in Ti 1 nor in T , f 2 F is a Skolem function symbol not occurring in Ti 1 , and x1 ; : : : ; xn are the free

variables in ; 2. by applying the free variable theory expansion rule, that is, there is a branch B 2 Ti 1 , a key B , and a T -refuter h ; f 1 ; : : : ; k gi (k 1) in R( ) such that

Ti = (Ti 1 n fB g)

fB

f 1 g; : : : ; B

f k gg ; n fB g)

B.

where the

3. or by closing a branch B 2 Ti 1 , that is, Ti = (Ti 1 branch B is T -closed under , i.e. 2 R( ) for a key

**3.4 Semantic Tableaux with Universal Formulae
**

Free variable semantic tableaux can be further improved by using the concept of universal formulae [Beckert and H¨ hnle, 1992]: -formulae (in particular axioms a that extend the theory) have often to be used multiply in a tableau proof, with different instantiations for the free variables they contain. An example is the axiom (8x)(8y)((x < y) (p(x) p(y))), that extends the theory of partial orderings by deﬁning the predicate symbol p to be monotonous. The associativity axiom (8x)(8y)(8z )((x y) z x (y z )) is another typical example. Usually, it has

212

BERNHARD BECKERT

(8x)p(x)

:p(a) _ :p(b)

p(y)

:p(a)

:p(b)

Figure 1. The advantage of using universal formulae to be applied several times with different substitutions for x, y and z to prove even very simple theorems from, for example, group theory. In semantic tableaux, the -rule has to be applied repeatedly to generate several instances of the axiom each with different free variables substituted for x, y and z . Free variables in tableaux are not implicitly universally quantiﬁed (as it is, for instance, the case with variables in clauses when using a resolution calculus) but are rigid, which is the reason why a substitution must be applied to all occurrences of a free variable in the whole tableau. Supposed a tableau branch B contains a formula p(x), and the expansion of the tableau proceeds with creating new branches. Some of these branches contain occurrences of x; for closing the generated branches, the same substitution for x has to be used on all of them. Figure 1 gives an example for the situation: this tableau cannot be closed immediately as no single substitution closes both branches. To ﬁnd a proof, the -rule has to be applied again to create another instance of (8x)p(x). In particular situations, a logical consequence of the formulae already on the tableau (in a sense made precise in Deﬁnition 39) may be that (8y )p(y ) can be added to B . This is trivially true in Figure 1. In such cases, different substitutions for y can be used without destroying soundness of the calculus. The tableau in Figure 1 then closes immediately. Recognizing such situations and exploiting them allows to use more general closing substitutions, yields shorter tableau proofs, and in most cases reduces the search space. DEFINITION 39. Let T be a theory, and let be a formula on a branch B of a tableau T . Let T 0 be the tableau that results from adding (8x) to B for some x 2 V . The formula is T -universal on B with respect to x if T j=T T 0 , where T and T 0 are identiﬁed with the formulae that are the disjunctions of their branches, respectively, and a branch is the conjunction of the formulae it contains. Let UVar ( ) V denote the universal variables of .2

2 When the context is clear, a formula which is universal on a branch B w.r.t. a variable x is just referred to by ‘the universal formula ’, and the variable x by ‘the universal variable x’.

EQUALITY AND OTHER THEORIES

213

The above deﬁnition is an adaptation of the deﬁnition given in [Beckert and H¨ hnle, 1998] to theory reasoning. a The problem of recognizing universal formulae is of course undecidable in general. However, a wide and important class can be recognized quite easily (using this class can already shorten tableau proofs exponentially): If tableaux are seen as trees, a formula on a branch B of a tableau T is (T -)universal w.r.t. x if all branches B 0 of T are closed which contain an occurrence of x that is not on B as well; this holds in particular if the branch B contains all occurrences of x in T . Assume there is a sequence of tableau rule applications that introduces a variable x by a -rule application and does not contain a rule application distributing x over different subbranches; then the above criterion is obviously satisﬁed and all formulae that are generated by this sequence are universal w.r.t. x. THEOREM 40. Given a theory T , a formula on a branch B of a tableau T is T -universal w.r.t. x on B if in the construction of T the formula was added to B by either 1. applying a -rule and application;

**x is the free variable that was introduced by that
**

that is T -universal w.r.t. x on B ;

2. applying an -, - or -rule to a formula

3. applying a -rule to a formula that is T -universal w.r.t. x on B , and x does not occur in any formula except that has been added to the tableau by that -rule application; 4. applying the theory expansion rule to a refuter f 1 ; : : : ; k g for a key B (i.e. = i for some i 2 f1; : : : ; k g), and all formulae in are T -universal w.r.t. x on B , and x does not occur in any of the j for j 6= i. The knowledge that formulae are T -universal w.r.t. variables they contain can be taken advantage of by universally quantifying the formulae in a key w.r.t. (some of) their universal variables. Similar to the ground and free variable cases, the closure rule can be seen as a special case of the expansion rule. The new theory rule schemata are shown in Table 8.

DEFINITION 41 (Universal formula version.). Let T be a theory, and let R be a background reasoner for T . A universal formula tableau proof for a ﬁrst-order sentence consists of a sequence

ff: gg = T0 ; T1; : : : ; Tn 1 ; Tn = ;

of tableaux such that, for 1

(n 0)

1

i n, the tableau Ti is constructed from Ti

1. by applying one of the free variable expansion rules from Table 6 (see Deﬁnition 38 for a formal deﬁnition);

214

BERNHARD BECKERT

. . .

1

. . .

1

where h ; f 1 ; : : : ; k gi (k is a refuter for the key

1

p

k

p

1)

where

**f(8xi1 ) (8ximi ) i j 1 i pg, the formula i is T -universal
**

w.r.t. the variables xi ; : : : ; xi i ; 1 m

and is applied to the whole tableau.

w.r.t. the variables xi ; : : : ; xi i ; 1 m and is applied to the whole tableau.

f(8xi1 ) (8ximi ) i j 1 i pg, the formula i is T -universal

is a refuter for the key

Table 8. Theory expansion and closure rules (universal formula version) 2. by applying the universal formula theory expansion rule to a branch B 2 Ti 1 , that is,

**f 1g; : : : ; B f k gg where h ; f 1 ; : : : ; k gi is a T -refuter in R( ) for a key = f(8xi1 ) (8ximi ) i j 1 i pg
**

such that (b) fxi ; : : : ; xi i g 1 m (a)

Ti = (Ti 1 n fB g)

fB

1; : : : ; p

2 B,

UVar ( i ) for 1 i p,

3. or by closing a branch B

2 Ti

1 , that is,

Ti = (Ti 1 n fB g)

where the branch B is T -closed under , i.e.

**2 R( ) for a key = f(8xi1 ) (8ximi ) i j 1 i pg
**

UVar ( i ) for 1 i p.

such that (b) fxi ; : : : ; xi i g 1 m (a)

1; : : : ; p

2 B,

Although it is easier to add theory reasoning to the ground version of tableau, to prove even simple theorems, free variable tableaux have to be used. These are sufﬁcient for simple theories. If, however, ﬁnding a refuter requires complex

EQUALITY AND OTHER THEORIES

215

EXAMPLE 42. Consider again the tableau T shown in Figure 1. The substitution = fy 7! ag is a refute for the key fp(y); :p(a)g, which is taken from the left branch of T . If is used to close the left branch, then the variable y is instantiated with a in the whole tableau T . However, if the formula p(y ) is recognized to be universal w.r.t. y , then the key f(8y )p(y ); :p(a)g can be used instead, for which the empty substitution id is a refuter; thus using the universal formula closure rule, the left branch can be closed without instantiating y . Then the right branch can be closed, too, without generating a second free variable instance p(y 0 ) of (8x)p(x). Using the universal formula technique is even more important in situations like the following:

deductions where the formulae both in the key and in the theory have to be used multiply with different instantiations, then universal formula tableaux have to be used (free variable tableaux are a special case of universal formula tableaux), The following example illustrates the advantage of using the universal formula expansion rule as compared to the free variable rule:

EXAMPLE 43. Supposed the equality f (x) x and the literals p(f (a); f (b)) and :p(a; b) are E -universal w.r.t. x on a tableau branch. In that case, the key f(8x)(f (x) x); p(f (a); f (b)); p(a; b)g can be used, for which id is a refuter. In free variable tableaux, the key f(f (x) x); p(f (a); f (b)); p(a; b)g has to be used, which allows to derive the refuters hfx 7! ag; ff (b) bgi and hfx 7! bg; ff (a) agi only; a refuter with an empty residue, which closes the branch immediately, cannot be deduced anymore. 4 SOUNDNESS In this section, soundness of semantic tableaux with theory reasoning is proven for the universal formula version. Soundness of the free variable version follows as a corollary because free variable tableaux are a special case of universal formula tableaux. For the ground version, soundness can be proven completely analogously. First, satisﬁability of tableaux is deﬁned (Deﬁnition 44), then it is proven that satisﬁability is preserved in a sequence of tableaux forming a tableau proof.

DEFINITION 44. Given a theory T , a tableau T is T -satisﬁable if there is a T structure M such that, for every variable assignment , there is a branch B 2 T with

(M; ) j= B :

LEMMA 45. If a tableau T is T -satisﬁable, then T is T -satisﬁable for all substitutions 2 Subst . Proof. By hypothesis there is a T -structure M = hD; I i such that, for all variable assignments , there is a branch B 2 T with (M; ) j= B . We claim that, for

216

BERNHARD BECKERT

the same structure M , we have also for all variable assignments that there is a branch B with (M; ) j= B . To prove the above claim, we consider a given variable assignment . Let the variable assignment be deﬁned by

(x) = (x )I;

for all x 2 V :

That implies for all terms t 2 Term , and in particular for all terms t occurring in B ,

(t )I; = tI;

and therefore

valI; (B ) = valI; (B ) = true :

Proof. We use the notation from Deﬁnition 41. Let B be the branch in Ti to which one of the classical expansion rules or the theory expansion rule has been applied or that has been removed by applying the theory closure rule to derive the tableau Ti+1 . Let M = hD; I i be a T -structure satisfying Ti . -rule: Let be an arbitrary variable assignment. There has to be a branch B 0 in Ti such that (M; ) j= B 0 . If B 0 is different from B then B 0 2 Ti+1 and we are through. If, on the other hand, B 0 = B , then (M; ) j= B . Let be the formula in B to which the -rule has been applied. By the property of -formulae, (M; ) j= entails (M; ) j= 1 or (M; ) j= 2 ; and, therefore, (M; ) j= (B n f g) f 1 g or (M; ) j= (B n f g) f 2 g. This concludes the proof for the case of a rule application, because (B n f g) f 1 g and (B n f g) f 2 g are branches in Ti+1 . - and -rule: Similar to the -rule. -rule: Let be the -formula to which the -rule is applied to derive Ti+1 from Ti ; 1 (f (x1 ; : : : ; xm )) is the formula added to the branch (f is a new Skolem function symbol and x1 ; : : : ; xm are the free variables in ). We deﬁne a structure M 0 = hD; I 0 i that is identical to M , except that the new function symbol f is interpreted by I 0 in the following way: For every set d1 ; : : : ; dm of elements from the domain D, if there is an element d such that (M; ) j= 1 (x) where (xj ) = dj 0 (1 j m) and (x) = d, then f I (d1 ; : : : ; dm ) = d. If there are several such elements d, one of them may be chosen; and if there is no such element, an arbitrary element from the domain is chosen. It follows from this construction that for all variable assignments : if (M; ) j= , then (M 0 ; ) j= 1 (f (x1 ; : : : ; xm )). Since f does not occur in T , M 0 is a T -structure. We proceed to show that M 0 satisﬁes Ti+1 . Let be an arbitrary variable assignment. There has to be a branch B 0 in Ti with (M; ) j= B 0 . If B 0 is different

LEMMA 46. Given a universal formula tableau proof (Tj )0 j n , if the tableau Ti (0 i < n) is T -satisﬁable, then the tableau Ti+1 is T -satisﬁable as well.

EQUALITY AND OTHER THEORIES

217

from B , then we are done because (M 0 ; ) j= B 0 (as f does not occur in B 0 ) and B 0 2 Ti+1 . In the interesting case where 2 B 0 = B , we have (M; ) j= which entails (M 0 ; ) j= 1 (f (x1 ; : : : ; xm )). Thus, (B n f g) f 1 (f (x1 ; : : : ; xm ))g, which is a branch in Ti+1 , is satisﬁed by M 0 . Theory Expansion Rule: Let h ; f 1 ; : : : ; k gi be the refuter used to expand the tableau. Since Ti is T -satisﬁable, the tableau Ti is T -satisﬁable as well (Lemma 45). Let M be a T -structure satisfying Ti , and let be an arbitrary variable assignment. There has to be a branch B 0 2 Ti with (M; ) j= B 0 . Again, the only interesting case is where B 0 = B , and B is the only branch in Ti satisﬁed by (M; ). By deﬁnition of universal formulae, that implies B j=T (8xj ) (8xj j ) j m 1 (1 j p) and, thus, B j=T (8xj ) (8xj j ) j (Lemma 9), which implies m 1 (M; ) j= where = f(8xj ) (8xj j ) j j 1 j pg, as (M; ) j= B . m 1 Because h ; f 1 ; : : : ; k gi is a refuter for and, thus, j=T 1 _ : : : _ k , we have (M; ) j= j for some j 2 f1; : : : ; k g. This, ﬁnally, implies that M satisﬁes the branch B f j g in Ti+1 . Theory Closure Rule: In the same way as in the case of the theory expansion rule, we conclude that (M; ) j= . But now this leads to a contradiction: because the residue is empty, valI; ( ) = false by deﬁnition. Thus the assumption that B 0 = B has to be wrong, and the branch B can be removed from the tableau. Based on this lemma, soundness of semantic tableaux with theory reasoning can easily be proven: THEOREM 47. If there is a universal formula tableau proof

for a sentence

ff: gg = T0 ; T1 ; : : : ; Tn 1 ; Tn = ; 2 Form (Deﬁnition 41), then is a T -tautology.

Proof. None of the tableaux in the sequence which the tableau proof consists of can be T -satisﬁable, otherwise the empty tableau Tn = ; had to be T -satisﬁable as well (according to Lemma 46); this, however, is impossible because the empty tableau has no branches. Thus, the ﬁrst tableau ff: gg in the sequence is T -unsatisﬁable, i.e. : is T -unsatisﬁable, which is equivalent to being a T -tautology. 5 COMPLETENESS

**5.1 Complete Background Reasoners
**

The most important feature of a background reasoner is completeness—besides soundness which is part of the deﬁnition of background reasoners. We deﬁne a

218

BERNHARD BECKERT

background reasoner to be complete if its combination with the foreground reasoner leads to a complete calculus. DEFINITION 48. A (ground) background reasoner for a theory T is a complete ground background reasoner for T if, for every T -tautology , a ground tableau proof (Deﬁnition 37) can be built using R.

a complete free variable background reasoner for T if, for every T -tautology , a free variable tableau proof (Deﬁnition 38) can be built using R.

a complete universal formula background reasoner for T if, for every T tautology , a universal formula tableau proof (Deﬁnition 41) can be built using R. Because free variable tableaux are a special case of universal formula tableaux, a complete universal variable background reasoner has to be a complete free variable background reasoner as well. The existence of complete background reasoners is trivial, because an oraclelike background reasoner that detects all kinds of inconsistencies (and thus does all the work) is complete for all versions of tableau: THEOREM 49. Let T be a theory. If a background reasoner R satisﬁes the condition: for all T -unsatisﬁable sentences 2 Form , then R is a complete ground, free variable, and universal variable background reasoner.

id 2 R(f g)

id 2 R(f: g). By applying the theory closure rule using this refuter, the empty tableau T1 = ; can be derived from the initial tableau T0 = ff: gg.

This completeness result is only of theoretical value. In practice, theory reasoners are needed that, on the one hand, lead to short tableau proofs and, on the other hand, can be computed easily (i.e. fast and at low cost). Of course, there is a trade off between these two goals. There is a complete background reasoner for a theory T such that R( ) is enumerable for all keys if and only if the theory T is axioamatizable. Thus, it is not possible to implement a complete background reasoner for a non-axiomatizable theory.

Proof. If

is a

T -tautology, then its negation :

is

T -unsatisﬁable and thus

5.2 Completeness Criteria

General completeness criteria that work for all theories such as ‘a background reasoner that computes all existing refuters is complete’ are not useful in practice. For

EQUALITY AND OTHER THEORIES

219

many theories, and in particular for equality, highly specialized background reasoners have to be used to build an efﬁcient prover. These exploit domain knowledge to restrict the number of refuters (and thus the search space); domain knowledge has to be used to prove such background reasoners to be complete. Therefore, the completeness criteria presented in the following refer to the semantics of the particular theory, and there is no uniform way to prove that a background reasoner satisﬁes such a criterion. Nevertheless, the criteria give some insight in what has to be proven to show completeness of a background reasoner. Fairness of the Foreground Reasoner First, a characterization of fair tableau construction rules (i.e. fairness of the foreground reasoner) is given for the ground version. This notion is used in the proof that a background reasoner that satisﬁes a completeness criterion can be combined with a fair foreground reasoner to form a complete calculus. For the multi-set representation of tableaux, the notion of fair tableau construction is somewhat more difﬁcult to formalize than for the tree representation, but this has no effect on which construction rules are fair. The condition for -, -, and -formulae is that the respective tableau rule is applied sooner or later. The -rule has to be applied to each -formula inﬁnitely often, and—this is speciﬁc for the ground version—each ground term has to be used for one of these applications. The background reasoner has to be called with all keys for which it is deﬁned and all refuters have to be used sooner or later.

DEFINITION 50. Given a ground background reasoner R, a ground tableau construction rule for R is a rule that, when supplied with a formula , deterministically speciﬁes in which way a sequence (Ti )i 0 of ground tableaux starting from T0 = ff: gg is to be constructed. The rule is fair if for all :

1. If there is a branch B that occurs in all tableaux Ti , i > n for some n 0, then B is exhausted, i.e. no expansion rule or closure rule can be applied to B . 2. For all inﬁnite sequences (Bi )i 0 of branches such that Bi 2 Ti and either Bi+1 = Bi or the tableau Ti+1 has been constructed from Ti by applying an expansion rule to Bi and Bi+1 is one of the resulting new branches in Ti+1 (i 0):

(b) for all -formulae 2 Bi (i 0) and all terms t 2 Term 0 , there is a j 0 such that the tableau Tj +1 has been constructed from Tj by applying the -rule to 2 Bj and t is the ground term that has been substituted for the universally quantiﬁed variable in .

(a) for all -, -, and -formulae 2 Bi (i 0), there is a j i such that the tableau Tj +1 has been constructed from Tj by applying the -, -, or -rule to 2 Bj .

220

BERNHARD BECKERT

(c) for all keys

constructed from Tj by applying the theory expansion or the theory closure rule to Bj using the key Bj and the refuter hid ; Ri (if the background reasoner is monotonic, a key 0 may be used as well).

Bi (i 0) such that R( ) is deﬁned and all refuters hid ; Ri 2 R( ), there is a j 0 such that the tableau Tj+1 has been

A Completeness Criterion for Ground Background Reasoners The criterion we are going to prove is that a background reasoner is complete if, for all T -unsatisﬁable downward saturated sets , it can either derive a residue consisting of new formulae that are not yet in , or it can detect the T -unsatisﬁability of . DEFINITION 51. A set ditions hold for all formulae 1. if 2. if 3. if 4. if

Form

= , then 1 ; 2 2 ; = , then 1 2 or 2 2 ; = (x), then 1 (t) 2 for some term t 2 Term 0 ; = (x), then 1 (t) 2 for all terms t 2 Term 0 .

2

is downward saturated if the following conthat are not a literal:

THEOREM 52. A ground background reasoner R for a theory T is complete if, for all (ﬁnite or inﬁnite) T -unsatisﬁable downward saturated sets Form that do not contain free variables: 1. there is a key 2. there is a key such that there is a refuter hid ; f 1 ; : : : ; k gi in R( with f 1 ; : : : ; k g \ = ; (k 1). such that id 2 R(

); or

)

Proof. Let R be a background reasoner satisfying the criterion of the theorem, and let be a T -tautology. We prove that, using R and an arbitrary fair ground tableau construction rule (Deﬁnition 50), a tableau proof for is constructed. Let (Ti )i 0 be the sequence of ground tableaux that is constructed according to the fair rule starting from T0 = ff: gg. Supposed (Ti )i 0 is not a tableau proof. If the sequence is ﬁnite, then there has to be at least one ﬁnite exhausted branch B in the ﬁnal tableau Tn . If the sequence is inﬁnite, then there is a sequence (Bi )i 0 , Bi 2 Ti , of branches as described inS Condition 2 in the deﬁnition of fairness (Deﬁnition 50). In that case, B = i 0 Bi is the union of these branches. We proceed to prove that the set B is T -satisﬁable. Because of the fairness conditions, B is downward saturated. If it were T -unsatisﬁable, then there had to be a key B such that

EQUALITY AND OTHER THEORIES

221

id 2 R( ) or such that there is a refuter hid ; f 1; : : : ; k gi 2 R( ) (k 1) where f 1; : : : ; k g \ B = ;. Because keys are ﬁnite, there then had to be an i 0 such that Bi ; thus, for some j 0, the tableau Tj +1 had to be constructed from Tj applying the theory closure rule to Bj —which is according to the construction of the sequence (Bi )i 0 not the case—, or Tj +1 had to be constructed from Tj applying the theory rule to Bj such that m 2 Bj +1 for some m 2 f1; : : : ; k g—which is impossible because f 1 ; : : : ; k g \ B = ;. We have shown B to be T -satisﬁable. Because : 2 B , : is T -satisﬁable as well. This, however, is a contradiction to being a T -tautology, and the assumption that (Ti )i 0 is not a tableau proof has to be wrong. The criterion can be simpliﬁed if the residues a background reasoner computes for keys consisting of literals consist of literals as well. This is a reasonable assumption, which is usually satisﬁed in practice (and is true for all total background reasoners).

COROLLARY 53. A ground background reasoner R for a theory T is complete if, for all keys Lit for which R is deﬁned, R Lit for all h ; Ri 2 R( ), and for all (ﬁnite or inﬁnite) T -unsatisﬁable sets Form of literals that do not contain free variables: 1. there is a key 2. there is a key such that there is a refuter hid ; f with f 1 ; : : : ; k g \ = ; (k 1). Proof. Let such that id 2 R(

); or

; : : : ; k gi in R( )

be a downward saturated T -unsatisﬁable set of formulae and deﬁne to be the set of literals in . Then 0 is T -unsatisﬁable, because a T -structure satisfying 0 would satisfy as well. 0 Thus, there is a key such that id 2 R( )—in which case we are 0 and a refuter hid ; f 1 ; : : : ; k gi 2 R( ) with done—, or there is a key f 1; : : : ; k g \ 0 = ;. In the latter case, the refuter satisﬁes the condition f 1; : : : ; k g \ = ;, because by assumption f 1; : : : ; k g Lit .

0=

\ Lit

There is a strong relation between the criterion from Theorem 52 and the deﬁnition of Hintikka sets for theory reasoning: similar to classical ﬁrst-order Hintikka sets (see Section 2.3 in the chapter by Fitting), any set is satisﬁable that does not contain ‘obvious’ inconsistencies (inconsistencies that can be detected by the background reasoner) and is downward saturated (the background reasoner cannot add new formulae). EXAMPLE 54. The complete background reasoner for the theory OP of partial orderings from Example 32 can be turned into a deﬁnition of Hintikka sets for OP : A set that is downward saturated and, in addition, satisﬁes the following conditions is OP -satisﬁable:

there are the . Proof.222 BERNHARD BECKERT 1. THEOREM 55. There is no literal of the form (t < t) in . g following subcases: If Tig has been derived from Tig by applying an expansion rule to a formula g +1 g on a branch Bi 2 Tig . (t0 < t00 ) 2 . then (t < t00 ) 2 . set i+1 = i fx 7! tg. such that Ti i = Tig for substitutions i 2 Subst (0 i n). Ri. 2. For all terms t. There are no literals . t0 . can be constructed. If a -rule has been applied and the term t has been substituted for the quantiﬁed variable in the ground tableau. t00 2 Term : if (t < t0 ). : : : . Since Rg is a complete ground background reasoner. = 0 . T0 0 g= T0 for 0 = id. using Rg a ground tableau proof g ff: gg = T0g . If an .: in .or -rule has been applied. where the new terms introduced by -rule applications have been chosen in an arbitrary way (see below). Let R be a free variable background reasoner for a theory T . 3. Tn = . then derive Ti+1 from Ti by applying a -rule to i and substituting a new free variable x for the quantiﬁed variable. Ri for a ground instance of a key . : : : . If a -rule has i = 0: Since is a sentence. Rg i g ( ). the free variable background reasoner has to compute a refuter for that is more general than h . Tn = . A Completeness Criterion for Free Variable Background Reasoners The criterion for free variable background reasoners is based on lifting completeness of a ground background reasoner. 2. and all refuters hid . Let the sentence be a T -tautology. R is complete if there is a complete ground background reasoner Rg for T such that. then apply that i i = i i i i the same rule to i to derive Ti+1 from Ti and set i+1 = i . for all keys Form . If the ground background reasoner computes a refuter hid . to be complete. then. R 0 = Rg . i ! i + 1: Depending on how Ti+1 has been derived from Tig . there is a refuter h . By induction we prove that there is a free variable tableau proof ff: gg = T0 . Ri 2 R( ) and a substitution 0 with in R 1. all ground substitutions . then there has to be a formula i on a branch Bi 2 Ti such g and B = B g .

then there has to be a key i on a branch Bi 2 Ti such that hid . then 0 is a free variable instance of (8x1 ) (8xk ) (w. there is a refuter h . then apply the free variable -rule to i to derive Ti+1 from Ti and set i+1 = i . R g g i i = i and Bi i = Bi . If Tig has been derived from Tig by applying the theory closure or the theory +1 g expansion rule using a key g taken from a branch Bi 2 Tig and a refuter id or g i in Rg ( g ). EXAMPLE 56. DEFINITION 57. and let (8x1 ) (8xk ) be a universally quantiﬁed literal in . : : : . the new ground term introduced in the ground tableau—that we are free to choose as long as it does not occur in Ti —shall be f (x1 . A Completeness Criterion for Universal Formula Background Reasoners A criterion for the completeness of universal formula background reasoners can be deﬁned based on completeness of free variable background reasoners (the proof of the theorem is similar to that of Thereom 55). The conditions for R are: 1. and set i+1 = 0 . Thus lifting the notion of fairness to the free variable case such that no backtracking at all is needed to construct a tableau proof is very difﬁcult (though not impossible). xn ) is the Skolem term that has been substituted for the existentially quantiﬁed variable in the free variable tableau. In addition. If 0 is constructed from by replacing the variables x1 . In the ground case. Thus. xn ) i where f (x1 . then h . : : : . xk by free variables y1 . For all terms s1 . there are additional choice points because there may be refuters with incompatible substitutions. however.r. For all atoms . then 2 R( ) where is an MGU of and 0. yk that do not occur in . For all terms t.t. : : : . is a 2. (t0 < s2 ) 2 . derive Ti+1 from Ti by applying the theory expansion or closure rule using the key i and the refuter h .EQUALITY AND OTHER THEORIES 223 been applied. Ri 2 R( ) and a substi0 such that i = 0 tution and R 0 = Rg . : : : . In that case. 3. : 0 2 . a tableau proof can be constructed deterministically using a fair tableau construction rule. t0 . The proof is based on the completeness of the ground background reasoner for OP from Example 32. f(s1 < s2 ) gi 2 R( ) where most general uniﬁer (MGU) of t and t0 . t0 2 Term that are uniﬁable: if (t < t0 ) 2 . 0 2 Form that are uniﬁable: If . t. Let Form be a key. In the free variable case. The criterion from Theorem 55 can be used to prove completeness of the free variable background reasoner R for the theory OP of partial orderings that satisﬁes the following conditions. Ri. s2 2 Term where t and t0 are uniﬁable: if (s1 < t). ). then 2 R( ) where is an MGU of t and t0 . .

and let F be the set of all the free variables occurring in fv but not in . Then. The proof for Theorem 52 shows that completeness is preserved if this restriction is combined with any complete background reasoner. the equality theory E deﬁnes the equality predicate . Similarly.3 Completeness Preserving Reﬁnements Restrictions on Keys In this section. only keys have to be considered that contain a pair of complementary literals or consist of formulae that all have a predicate symbol in common with the theory (which may or may not be deﬁned by the theory). the following holds: Let the key fv be constructed from by replacing all formulae 2 of the form (8x1 ) (8xn ) by a free variable instance of . for all refuters h fv . An important simpliﬁcation usually used in implementations is to impose the restriction on keys that they must consist of literals (universally quantiﬁed literals in the case of universal formula tableau). 2. 5. For example. Thus. for all keys Form . The background reasoner has only to be deﬁned for keys that contain a pair of complementary literals or at least one formula in which a symbol occurs that is deﬁned by the theory: DEFINITION 60. For the equality theory E . Let R be a universal formula background reasoner for a theory T . there is a refuter h . additional reﬁnements are discussed that are indispensable for an efﬁcient implementation of theory reasoning. A set of function or predicate symbols is deﬁned by a theory T if for all sets of formulae that do not contain these symbols: is satisﬁable if and only if is T -satisﬁable. Then the restriction R0 of R to keys that consist of (universally quantiﬁed) literals is complete (R0 is undeﬁned for other keys). The set of keys that have to be considered can be further restricted. all formulae in keys have to contain the predicate symbol < as it is the only predicate symbol in OP . COROLLARY 59. Rfv = R( fv jF ). Ri 2 R( ) where 1. for the theory OP . R is complete if there is a complete free variable background reasoner Rfv for T such that. free variable. Rfv i 2 Rfv ( fv ). however.224 BERNHARD BECKERT THEOREM 58. Let R be a complete ground. the theory of partial orderings deﬁnes the predicate symbol <. fv j(V nF ) = . or universal formula background reasoner. . this restriction is useless because E contains all predicate symbols.

(8x) ) and (8y): ). then W contains all free variables occurring in the tableau. Let R be a complete ground. 2. we use the abbreviations of all variables. R00 i of which the refuter h 0 . in particular. and 00 fW R00 g j=T 0 fW R0 g for all formula sets 2.EQUALITY AND OTHER THEORIES 225 COROLLARY 61. Let T be a theory. Ri W h 00 . 2. . R0 i if there is a substitution 2 Subst 0 (x) = (x) for all x 2 W . or contain a pair uniﬁable. h . The subsumption relation on refuters may or may not take the theory T into account: DEFINITION 62. and W such that Form (in- = V and T = V T where V is the set The set W contains the ‘relevant’ variables. (a) contain at least one occurrence of a function or predicate symbol deﬁned by T . or universal formula background reasoner for a theory T . cluding. R00 i such that T 1. for example. If. if the context is not known. In addition. R0 i if there is a refuter h 00 . The intuitive meaning of h . R0 i can be simulated by ﬁrst applying a substitution and then using the resulting refuter h 00 . the theory expansion rule is used to extend a tableau branch. including at least those occurring in the two refuters that are compared. free variable. Ri W h 0 . h . The subsumption relations W and W on refuters are deﬁned by: T h . the set W = V of all variables has to be used. It is of advantage to keep the set W as small as possible. and : (resp. R00 i. R. R0 i is a logical consequence. R0 h 0 . but. Ri 1. Most General Refuters There is another important reﬁnement that can be combined with all complete background reasoners: completeness is preserved if only most general refuters are computed (this is a corollary to Theorem 55). Then the restriction R0 of R to keys that 1. R0 i is that the effects of using the reT futer h 0 . and let W V be a set of variables. the empty set). and (b) consist of formulae that all have at least one predicate symbol in common with T . Ri W h 0 . where and are is complete (R0 is undeﬁned for other keys).

fp(a)gi only if x 62 W . f gi is more general than h . it T subsumes the refuter hid . all subsumption relations. R0 i.t. fp(x)gi subsumes hfx 7! ag. W ) for all variable sets W .r. Therefore. gi w. Then a background reasoner R0 is complete as well if. The refuter hid .226 BERNHARD BECKERT EXAMPLE 63. Only total refuters are computed. the subsumption relation W (and thus w. Let R be a complete free variable or universal formula background reasoner for a theory T . Ri W h 0 . only refuters with a minimal residue are most general. a free variable tableau proof resp.r.t. . Then hid . The sets of refuters computed for a key are restricted to be – ﬁnite (in which case their computation terminates). the context in which a background reasoner is used has to be taken into consideration: T THEOREM 65.r. the residues are empty. R0 i in R0 ( ) that subsumes h . COROLLARY 64. where is the key T that has been chosen for that rule application and W is the set of free variables in the tableau to which the rule is applied.t. f .e. for every T -tautology . The number of refuters that have to be considered is closely related to the number of choice points when the theory expansion or closure rule is applied to a tableau.t. p(b)i resp. fx 7! ag and fx 7! bg subsume each other w. Then. or T (Deﬁnition 62). i. Ri W h 0 .t. for every theory.e. Ri 2 R( ). Let R be a complete free variable or universal formula background reasoner for a theory T . however. there are background reasoners that have at least some of the following features: To avoid branching when the theory expansion rule is applied. Nevertheless. i.r.t. it can (depending on the theory T ) be difﬁcult to decide and is in general undecidable whether h . Let T be the equational theory E fa bg. T . however. W or W .r. If the subsumption relations W and W are used. T Other Search Space Restrictions There are other useful restrictions that. cannot be imposed on an arbitrary background reasoner without destroying completeness.r. fp(a)gi w. The refuter h . there is a refuter h 0 . it is often not useful to ensure minimality since there is a trade-off between the gain of computing a minimal set and the extra cost for checking minimality and removing subsumed refuters. it is desirable to compute a minimal set of refuters. for all keys and refuters h . While it is relatively easy to decide whether h . only refuters h . Ri w. Ri are computed where the residue is either empty or a singleton. a universal formula tableau proof can be built using R observing the restriction that each T -refuter that is used in a theory expansion or closure rule application is minimal in R( ) w. R0 i. Nevertheless. p(a)i and hid .

If a branch B contains a formula t] and an equality t s or s t that can be ‘applied’ to t] to derive a formula s] (which is constructed by substituting one occurrence of t in t] by s). in particular between total and partial theory reasoning (see Section 2. R. Exception are. of course. THEOREM 66 (Jeffrey.1 Partial Equality Reasoning for Ground Tableaux Virtually all approaches to handling equality can be regarded as a special case of the general methods for theory reasoning in semantic tableaux. following work by S. a trade-off between these desirable features. For all terms t 2 Term 0 : if :(t 3. Kanger on how to add equality to sequent calculi [Kanger. 1996] and applying transformations from ﬁrst-order logic with equality into ﬁrst-order logic without equality to the input formulae [Brand. t) 2 .e. 1967. There is. 2 Form : if ). Popplestone. a similar set of rules has been described by Z. The ﬁrst methods for adding equality to the ground version of semantic tableaux have been developed in the 1960s [Jeffrey. 1967). Jeffrey introduced the additional tableau expansion and closure rules shown in Table 9 (i. The second one is an additional equality theory closure rule: a branch is closed if it contains a formula of the form :(t t).EQUALITY AND OTHER THEORIES 227 t s t] s] s t t] s] :(t t) : Table 9. 1975. s 2 Term 0 and sentences 2 Form : if t]. 1963]. 1967]. then s] may be added to B . For all sentences ). (s t) 2 . For all terms t. a partial reasoning method). then id 2 R( . The ﬁrst one is the usual closure rule for ground tableaux with and without theory reasoning: a branch B is closed if there are formulae and : in B . . A ground background reasoner R for the theory E of equality is complete if it satisﬁes the following conditions: 1. Lis in [1960]. 6 PARTIAL EQUALITY REASONING 6. then hid . for example. Jeffrey’s equality theory expansion and closure rules – empty or a singleton (then theory expansion or closure rules are—at least for a single key—deterministic). f s]gi 2 R( 2. Bachmair et al. 1997] (see Section 9).. : 2 .5). the method of equality elimination [Degtyarev and Voronkov. then id 2 R( ). (t s) 2 or t]. There are two closure rules.

b) p(a. b) in a single step. If a ground background reasoner R for the the- . b) p(b. a) (3) :p(b. tn ) or :p(t1 . the rules are based upon the following fact: If an E -structure M satisﬁes the inequality :(f (a1 . : : : . :(ak bk ) is satisﬁed by M . the new expansion rules have a major disadvantage: they are symmetrical and their application is completely unrestricted. In addition. The rules presented by S. They are the tableau counterpart of RUE-resolution [Digricoli and Harrison. 1986] and are more goal-directed than Jeffrey’s expansion rules: only literals that are potentially complementary are used for expansion. 1969] (see [Snyder. If. Reeves [1987] (see Table 10) generate a smaller search space. The background reasoner is still complete if the formula to which an equality is applied is restricted to be (a) an inequality :(s t). for example. i. : : : can be added to B . i. ak ) f (b1 . bk )) or it satisﬁes the formulae p(a1 . then all the formulae p(f (a)). ak ) and :p(b1 . a) (3) :p(b.e. : : : . : : : . The application of Jeffrey’s additional rules to expand and close a tableau branch (Example 67) EXAMPLE 67. a rule is needed that implements the symmetry of equality. Jeffrey’s rules resemble paramodulation [Robinson and Wos. : : : .228 BERNHARD BECKERT (1) a b (2) p(a. b) Figure 2. bk ). or (b) a literal p(t1 . Figure 2 shows an example for the application of Jeffrey’s equality expansion and closure rules: The equality (1) is applied to the formula (2) to derive formula (4) and to (4) to derive (5). Besides being based on the ground version of tableaux. b) (4) p(a. The branch is closed by the complementary formulae (3) and (5). : : : . Like RUEresolution. : : : . a branch B contains the formulae f (a) a and p(a). b) (1) (2) (3) (4) (5) a b p(a. then at least one of the inequalities :(a1 b1 ). : : : . it is sufﬁcient to use the same closure rules as in Theorem 66: THEOREM 68 (Reeves. tn ) where p 6= . Note that it is not possible to derive p(b. b) (1) a b (2) p(a. an enormous number of irrelevant formulae (residues) can be derived. that allows to deduce s t from t s. With these equality theory expansion rules. This leads to much non-determinism and a huge search space. equalities do not have to be applied to complex formulae or to equalities. 1987). a) :p(b. p(f (f (a))). 1991] for an overview on various techniques for improving paramodulation).e.

: : : . : : : . a) (3) :p(b. : : : . : : : . : 2 . tk ) and 0 = :p(s1 . sk ) (k 1): if . then hid . tk ) :(f (t1 . For all terms t 2 Term 0 : if :(t t) 2 . For all literals 2 Lit : if . : : : . ft sgi 2 R( ). In the worst case. : : : . Reeves’ approach. can lead to heavy branching.EQUALITY AND OTHER THEORIES 229 :(t1 :p(s1 . sk )) :(t1 s1 ) :(tk sk ) :(t t) : Table 10. 3. :(sk tk )gi 2 R( ). it is complete: 1. 5. because the new expansion rules can as well be applied to pairs of equalities and inequalities. the number of branches generated is exponential in the number of equalities on the branch. tk ) f (s1 . : : : . 4. sk ) (k 1): if :(t s) 2 . . Figure 3 shows the application of Reeves’ rule to expand and close the same tableau branch as in Figure 2: It is applied to the atomic formulae (2) and (3) to generate the inequalities (4) and (5). sk ) s1 ) :(tk sk ) t s s t p(t1 . For all literals = p(t1 . : : : . :(sk tk )gi 2 R( 2. respectively. then hid. b) (4) :(a b) (5) :(a b) Figure 3. tk ) and s = f (s1 . f:(s1 t1 ). Applying Reeves’s equality expansion rule (Example 69) ory E of equality satisﬁes the following conditions. : : : . : : : . Reeves’ equality expansion and closure rules (1) a b (2) p(a. then id 2 R( ). The branches are closed by the formulae (1) and (4) and (1) and (5). For all terms t = f (t1 . however. 0 2 . EXAMPLE 69. For all terms s. then id 2 R( ). t 2 Term 0 : if (s t) 2 . f:(s1 t1 ). ). then hid .

the substitution that is part of a refuter may not be the identity. then h . c) By applying the standard free variable tableau rules. The main difference is that equality rule applications may require instantiating free variables. and and is applied to the whole tableau.230 BERNHARD BECKERT t s t0 ] ( s]) where is an MGU of t and t0 resp. 3. 0 If . formula (6) is derived from formula (2). Fitting’s equality reasoning rules for free variable tableaux 6. Figure 4 shows a free variable tableau that proves the following set of formulae to be inconsistent: (1) (8x)(g(x) f (x) _ :(x a)) (2) (8x)(g(f (x)) x) (3) b c (4) p(g(g(a)). 2. Fitting extended Jeffrey’s approach and adapted it to free variable tableaux [Fitting. s t t0 ] ( s]) :(t t0 ) 0 0 Table 11. The framed formulae are added to the left branch by applying Fitting’s equality expansion rules. (7) from (1). f( s]) gi 2 R( ) where is an MGU of t and t0 . t0 2 Term that are uniﬁable and all 2 Form : if (t s).2 Partial Equality Reasoning for Free Variable Tableaux M. For all terms t. These substitutions can be obtained using uniﬁcation: If an equality t s is to be applied to a formula t0 ].e. then 2 R( ) where is an MGU of t and t0 . EXAMPLE 71. : 0 2 . i. then 2 Lit that are uniﬁable: 2 R( ) where is an MGU of and 0. Formula (10) . b) (5) :p(a. and (8) and (9) from (7). R is a complete free variable background reasoner for the equality theory E if it satisﬁes the following conditions: 1. For all terms t. t0 2 Term that are uniﬁable: if :(t t0 ) 2 . 1990). t0 ] 2 . For all literals . for example. the application of a most general uniﬁer of t and t0 is sufﬁcient to derive ( s]) (see Table 11). Uniﬁcation can become necessary as well if a branch is to be closed using equality. 1996]. a branch that contains the inequality :(f (x) f (a)) is closed if the substitution fx 7! ag is applied (to the whole tableau): THEOREM 70 (Fitting.

b). If the application of equalities to equalities is prohibited. However. instead of the MGU of t and t0 . the closing refuter fx 7! h(a)g can be found. The difference to the equality expansion rules from Section 6. the universality of formulae has to be taken into consideration as well. as the following example demonstrates. s t) and the formula t0 ] it is applied to has to be taken into consideration. Completeness is preserved if the restriction is made that the formulae und 0 in Theorem 70 which the equality expansion rule is applied to have to be literals (similar to the ground case). only its restriction 0 to variables is applied w. h(b)). and formula (12) is derived by applying (3) to (11). universality of both the equality t s (resp. is not satisﬁed. i. Formulae (12) and (5) close the left branch. When branches are closed. Let the tableau branch B contain the formulae a b. EXAMPLE 72. If an equality is universal with respect to a variable x. the rule schemata are the same as the free variable schemata in Table 11). x) g(x. After this formula has been added to the branch.3 Partial Equality Reasoning for Tableaux with Universal Formulae Fitting’s method can easily be extended to free variable tableaux with universal formulae [Beckert. formula (11) is derived by applying (6) to (10) (the substitution fx1 7! ag has to be applied). provided it is allowed to apply equalities to equalities. h(b)) g(h(a). the restriction that equalities must not be applied to equalities (that can be employed in the ground case) would destroy completeness. Note that the criterion from Theorem 55. x)) : A refuter with the residue ff (h(a). which would guarantee completeness. .EQUALITY AND OTHER THEORIES 231 is derived by applying equality (8) to (4) (the substitution fx2 7! ag has to be applied). if the formula (100 ) p(f (g (a)). f (h(a).r. or backtracking has to be initiated. (8) and (9) has to be generated by applying the -rule to (1). Either a new instance of (7). :(f (x. then the term g (a) is substituted for x2 and the tableau cannot be closed. which not all formulae in the precondition of the rule are E -universal (apart from that. All refuters that can be derived that way instantiate the variable x either with a or with b. The example demonstrates a difﬁculty involved in using free variable equality expansion rules: If equality (8) is applied to (4) in the wrong way.2 is that.t. The right branch is closed by the inequality (9) (the substitution fx2 7! ag has already been applied). h(a)) g (h(a). When equalities are used to derive new formulae. b) is derived instead of (10) p(g (f (a)). completeness is lost: then the only possibility is to apply a b to the inequality in B . 6. 1997]. which in the sequel makes it impossible to close the branch.e. h(a))g can be derived. the variable x does not have to be instantiated to apply the equality.

r. then jF 2 R( ) where is an MGU of and F is the set of variables that are free in (8x) or (8y) 0 . For all s. 0 2 Form that are uniﬁable: if (8x) .232 BERNHARD BECKERT (1) ( x)(g (x) 8 (2) ( x)(g (f (x)) (3) b c 8 f (x) _ :( x a)) x) (4) p(g (g (a)). t0 are uniﬁable. t. Using Fitting’s expansion rules (Example 71) EXAMPLE 73. The background reasoner does not have to cope with the problem of recognizing universal formulae.t. b) p(a. we to be disjoint. If the method from Theorem 40 for recognizing universal formulae is used. A background reasoner R that satisﬁes the following conditions is a complete universal formula background reasoner for the equality theory E : 3. 3 ( x) is an abbreviation for ( x ) ( xm ) (m 1 assume the sets of free and bound variables occurring in 2. (8y ): 0 2 . For all t. THEOREM 74. then jF 2 R( ) where is an MGU of t and t0 and F is the set of variables that are free in (8x):(t t0 ). The variable x1 does not have to be instantiated. because in keys the universal formulae are explicitly universally quantiﬁed (Deﬁnition 41). and all 2 Form : if (8x)(t s). to x1 . b) (5) : p(a. t0 2 Term such that t. For all atoms . b) p(a. t0 2 Term that are uniﬁable: if (8x):(t t0 ) 2 . . then h jF . Without making a real restriction. c) (11) (12) Figure 4. because equality (6) is recognized to be universal w. f( s]) gi 2 R( ) where is an MGU of t and t0 and F is the set of variables that are free in (8x)(t s) or (8y) t0 ]. and 1. c) x1 x2 a) x2 a) (6) g (f (x1 )) (7) g (x2 ) (8) g (x2 ) (10) f (x2 ) _ :( (9) f (x2 ) :( p(g (f (a)). (8y ) t0 ] 2 .3 0 8 8 8 0). the tableau in Figure 4 (without the framed formulae) can be closed using the substitution fx2 7! ag.

which are based on additional tableau expansion rules. Universal E -uniﬁcation can only be used in the ground case. different types of E -uniﬁcation problems have to be solved.2 Universal. The different versions of E -uniﬁcation that are important for handling equality in semantic tableaux are: the classical ‘universal’ E -uniﬁcation. depends on the version of semantic tableaux that equality reasoning is to be added to. is that there are virtually no restrictions on the application of equalities. there are both types of variables. ti consists of a ﬁnite set E of universally quantiﬁed equalities (8x1 ) (8xm )(l r) and terms s and t. 1988]. then the problem of ﬁnding refuters that close a tableau branch is equivalent to solving E -uniﬁcation problems. For tableaux with universal formulae.1. if no equality expansion rules are added. Because of their symmetry. These are introduced in the following section. Depending on the version of semantic tableaux to which equality handling is added. and the method cannot be extended to free variable tableaux. Which type of E -uniﬁcation problems has to be solved to compute refuters. however. namely universal (bound) and rigid (free) ones. s. A set of rules that implement a completion procedure for the ground version of tableaux has been described in [Browne. even very simple problems cannot be solved in reasonable time. these equality expansion rules are quite complicated. the equalities can be applied several times with different instantiations for the variables they contain.e. this leads to a very large search space. ‘rigid’ E -uniﬁcation. i. A mixed E -uniﬁcation problem hE. they can be applied more than once but with only one instantiation for each variable. 1994]. DEFINITION 75.1 Total Equality Reasoning and E -uniﬁcation The common problem of all the partial reasoning methods described in Section 6. into (sufﬁciently) simple tableau expansion rules (i. rigid E -uniﬁcation problems have to be solved. For handling equality in free variable tableaux. such as completion-based approaches. in the mixed case. then equalities contain two types of variables.EQUALITY AND OTHER THEORIES 233 7 TOTAL EQUALITY REASONING 7. If total equality reasoning is used. both versions have to be combined [Beckert.e. 7. The different versions allow equalities to be used differently in an equational deduction: in the universal case. in the rigid case. Rigid and Mixed E -uniﬁcation . which is a combination of both. It is difﬁcult to transform more elaborate and efﬁcient methods for handling equality. and ‘mixed’ E -uniﬁcation. partial background reasoners).

y) f (y. Examples for the different versions of E -uniﬁcation A substitution 2 Subst is a solution to the problem hE. as it corresponds to the problem of ﬁnding a substitution that allows to simultaneously close several tableau branches. b) — f (b. a) fy 7! bg Type rigid ground universal rigid mixed Table 12. A ﬁnite set fhE1 .234 BERNHARD BECKERT E ff (x) xg ff (a) ag f(8x)(f (x) x)g ff (x) xg f(8x)(f (x. E j=E (s t ) where the free variables in E are ‘held rigid’. s1 . DEFINITION 77. s. . and it is rigid if there are no bound variables in E (if E is ground. s. f (b)) g(f (a). namely the case where the set E of equalities is empty. The fourth problem has no solution. b) t MGUs a fx 7! ag a id g(a. ti if E j=E (s t ) :4 The major differences between this deﬁnition and that generally given in the literature on (universal) E -uniﬁcation are: The equalities in E are explicitly quantiﬁed (instead of considering all the variables in E to be implicitly universally quantiﬁed). The substitution set E . A substitution 4 This is equivalent to treated as constants. ti is universal if there are no free variables in E . : : : . the problem is both rigid and universal). x))g s f (x) f (a) g(f (a). tn ig (n 1) of E -uniﬁcation problems is called simultaneous E -uniﬁcation problem. i. For handling equality in free variable tableaux. hEn . since the free variable x would have to be instantiated with both a and b. Contrary to that. sn . b) id g(a. f (b)) f (a. Syntactical uniﬁcation is a special case of E -uniﬁcation. The strong consequence relation j=E is used instead of j=E . EXAMPLE 76. the problem of ﬁnding a simultaneous solution to several mixed E -uniﬁcation problems plays an important rˆ ole. Table 12 shows some simple examples for the different versions of E -uniﬁcation.e. is applied not only to the terms s und t but also to the A mixed E -uniﬁcation problem hE. the empty substitution id is a solution to the third problem where the variable x is universally quantiﬁed. t1 i.

: : : . . sn ii where p(t1 . all formulae in of the form (8x1 ) (8xk )(s t) (k 0). tn ) . are called a pair of potentially complementary literals (n 0 and k. If the method for recognizing universal formulae from Theorem 40 is used and keys 1 and 2 are built from the literals on the branches B1 and B2 . All considerations here are restricted to keys consisting of universally quantiﬁed literals. : : : . problems of a key. the prob- s) is a free variable instance of hE ( ). Let of the universally quantiﬁed equalities in . and pairs of potentially complementary literals: DEFINITION 78. p 6= . ht1 . respectively (according to Theorem 41). i. Let lems consists exactly of: 1. for each inequality lem where :(t The problems in tually simultaneous = (8x1 ) (8xk )(:(t0 s0 )) in (k 0). (Deﬁnition 57). si (Deﬁnition 57).3 Extracting E -uniﬁcation Problems from Keys The important formulae in a key from which E -uniﬁcation problems are extracted are: equalities. DEFINITION 81. tn i. hs1 . sk i. ht1 . the problem hE ( ). : : : . 2. We now proceed to deﬁne the set of equalities and the set of E -uniﬁcation Form be a key. we use the tableau from Figure 4. sk . hs1 . sn ) are free variable instances of resp. P ( ) of the form hE ( ). tn ) and :p(s1 . l 0. : : : . 2 of potentially complementary literals. : : : .e. : : : . : : : . inequalities. tk ii are acE -uniﬁcation problems (sharing the same set of equalities). tk i (1 k n). Literals (8x1 ) where (8xk )p(s1 . 7. then both E ( 1 ) and E ( 2 ) contain the equalities b c and (8x)(g (f (x)) x). EXAMPLE 80. The set E ( ) of equalities consists DEFINITION 79. for each pair Form be a key. in addition. : : : . As an example.EQUALITY AND OTHER THEORIES 235 is a solution to the simultaneous problem if it is a solution to every component hEk . E ( 1 ) contains. t. Its left branch is denoted by B1 and its right branch by B2 . The set P ( ) of E -uniﬁcation prob- .e. the equality g (x2 ) f (x2 ). the literals may or may not be universally quantiﬁed). sn ) and (8y1 ) (8yl):p(t1 . i.

or ground) background reasoner R is complete for the equality theory E if it satisﬁes the following condition for all keys Lit : If a substitution is a most general solution w. hE ( 2 ). therefore. and it does not instantiate variables with terms containing f . the subsumption relation W (or W ) of one of the problems in P ( ). tn ig (n 1) iff E -uniﬁcation it is a solution to the non-simultaneous mixed E -uniﬁcation problem hE. . it is sufﬁcient to only formulate one general soundness and completeness theorem: THEOREM 84. The pair of potentially complementary literals corresponding to the solved uniﬁcation problem has been proven to actually be E -complementary. cii. that close a tableau branch B . and 1 and 2 are keys extracted from these branches. All substitutions that are E -refuters. We continue from Examples 80 and 83: tion to the two mixed E -uniﬁcation problems = fx2 7! ag is a solu- hE ( 1 ). x2 . ai. hE. : : : . We continue Example 80. i. the way equality is handled is nearly the same for the different versions of semantic tableaux.236 BERNHARD BECKERT since the non-simultaneous problems hE ( simultaneously. If one of the problems in P ( ) has a solution .t. Therefore. P ( 2 ) contains. s1 . bi.e. can be computed by extracting the set P ( ) of mixed E -uniﬁcation problems from a key B according to the above deﬁnition and solving the problems in P ( ). x2 . all instances of are E -unsatisﬁable. hg (g (a)). ). in addition. A substitution is a solution to a simultaneous mixed problem of the form fhE. EXAMPLE 85. ai 2 P ( 2 ) : When the theory closure rule is used to close one of the branches (and thus is applied to the tableau). tn )i (the function symbol f must not occur in the original problem). sn . A total (universal formula. t1 i. EXAMPLE 83. ti i (1 i k) have to be solved LEMMA 82. B1 denotes the left and B2 the right branch of the tableau in Figure 4 (without the framed formulae). f (s1 . : : : . si . hg(g(a)). ha. or the corresponding inequality has been proven to be E -complementary (provided the refuter is applied). sn ). cii 2 P ( 1 ) . : : : . free variable. is a refuter for . ha. the problem hE ( 2 ). Again.r. then R( ) E contains the restriction of to the variables occurring in . the other branch can then be closed using the empty substitution. f (t1 . bi. Then both P ( 1 ) and P ( 2 ) contain the problem hE ( i ). Apart from the version of E -uniﬁcation problems that have to be solved.

ti have to be considered: If s can be derived from t using the equalities in E .. Since the number of subterms in a given problem is polynomial in its size. s.t. t]hE. s.s. there is a sequence of terms s = r0 . 1991. ti be a ground (or rigid) E -uniﬁcation problem.s.r.ti .ti j E j=E s tg : Since a ground E -uniﬁcation problem hE. whether the terms are equal in the free algebra of E . ti such that ri is derivable in one step from ri 1 using the equalities in E . s. s. Let hE. 1989.4 Solving Ground E -uniﬁcation Problems DEFINITION 86. equivalently. i. rk = t.s.s.6 Solving Rigid E -uniﬁcation Problems Rigid E -uniﬁcation and its signiﬁcance for automated theorem proving was ﬁrst described in [Gallier et al.s.ti = fs 2 ThE. by considering all variables to be constants. 1991]. : : : . There are very efﬁcient and sophisticated methods for computing the congruence closure.s. 1990.ti = t]hE. s. ti. Snyder. then this can be done without using an intermediate term that does not occur in the original problem. To solve a universal E -uniﬁcation problem.s. s. It can be used for equality handling in semantic . one has to decide whether the equality of two given terms (or of instances of these terms) follows from E or.ti . The equivalence class t]hE.ti Term be the set of all (sub-)terms occurring in hE.EQUALITY AND OTHER THEORIES 237 7.e. k 0.e. Jouannaud and Kirchner. 1980]. ti is solvable (and id a solution) if and only if s]hE. This can be decided by computing a congruence closure. it is decidable whether the empty substitution id is a solution to a given rigid E -uniﬁcation problem hE. ti w. s. whether E j=E s t. which is based on techniques from graph theory. Gallier and Snyder. consequently. all occurring in hE. the solvability of a ground E -uniﬁcation problem can be decided in polynomial time.s. 1978]. and the congruence closure can be computed in time polynomial in the number of subterms and the number of equalities. ti is solvable by computing these equivalence classes. 1987]. ti. i. Overviews of methods for universal E -uniﬁcation can be found in [Siekmann. it is proven that ground E -uniﬁcation is decidable. no terms that are not in ThE. the equalities in E . one can decide whether hE. Shostak proved that for computing the equivalence classes of all terms in ThE.ti of a term t 2 ThE. 7. r1 . and let ThE. namely the equivalence classes of the terms (and subterms) occurring in hE.5 Solving Universal E -uniﬁcation Problems 7.s. for example the algorithm described in [Nelson and Oppen.ti is deﬁned by: In [Shostak.

. over a set V 0 of variables and a signature 0 such that the variables occurring in hE. x) yes . : : : . s. ti of a substitution which is a solution to the rigid E -uniﬁcation problem hE 0 . is the restriction to the variables occurring in hE. If a single instance is not sufﬁcient. 1969]. to solve a rigid E -uniﬁcation problem. an overview of rigid E -uniﬁcation can be found in [Beckert. 3. Given a rigid E -uniﬁcation problem hE. If several different instances of an equality are needed. V 0 = V n W and 0 = hP . 1981]. (E ) j=E (s ) (t ) for all substitutions 2 Subst . xn 7! tn g 2 Subst . accordingly. is by deﬁnition a solution to hE. the equalities of the problem can only be used with (at most) one instantiation for each variable they contain. t) no g. and the variable x do not occur in hE.e. ti. yes . a variable is either instantiated or not. ti is a substitution representing the instantiations of free variables that have been necessary to show that the two given terms are equal. F W. i. The last characterization of solutions in the above theorem shows that it is always possible to solve a rigid E -uniﬁcation problem by transforming it into a problem in which the terms to be uniﬁed are constants. provided that none of the variables xi occurs in any of the terms tj (1 i. s. then the answer is ‘not uniﬁable’. that is. no do not occur in the terms t1 . 1987]. 1998]. 5. : : : . eq (s. The solution to a rigid E -uniﬁcation problem hE.e. uninstantiated variables have to be treated as constants. s. the predicate eq . a sufﬁcient number of copies of that equality (with different rigid variables) has to be provided for the rigid E -uniﬁcation problem to be solvable. s. and (b) the constants yes . ti are constants. the following are equivalent conditions for being a solution to hE. ti and a substitution = fx1 7! t1 . ti: 1. : : : . s. ti. A single variable can only be instantiated once by a substitution and. 2. and (a) the constants yes . j n). the connection method [Bibel. no . xn tn g j=E s t. including the mating method [Andrews. Rigid E -uniﬁcation does not provide an answer to the question of how many different instantiations of an equality are needed to solve a problem. fx 7! 0 j x 2 W gi where W is the set of variables occurring in hE. and model elimination [Loveland. s.238 BERNHARD BECKERT tableaux and other rigid variable calculi for ﬁrst-order logic. s. i. E j=E s E j=E s t t . s. it is an E -refuter for the key E f:(s t)g. The following theorem clariﬁes the basic properties of rigid E -uniﬁcation by listing different characterizations of the set of solutions of a given problem: THEOREM 87. E fx1 t1 . 4. ti. no i where E 0 = E feq (x. tn .

EQUALITY AND OTHER THEORIES

239

If a rigid E -uniﬁcation problem is solvable, then it has inﬁnitely many solutions. But there are, for each problem, ﬁnite sets of solutions w.r.t. the subsumption relation W that is deﬁned as follows: E ;E DEFINITION 88. Let E Form be a set of rigid (i.e. quantiﬁer-free) equalities; and let W V be a set of variables. Then the subsumption relations vW E ;E and W are on Subst deﬁned by: E ;E vW;E iff E j=E (x) (x) for all x 2 W ; E W 0 E ;E iff there is a substitution 2 Subst such that

W

0

and

0 vW

E ;E

:

LEMMA 89. Let E Form be a set of rigid equalities, and let ; be substiW tutions such that E ;E where the set W contains all variables occurring in E . Then there is a substitution such that (E ) j=E E .

W The intuitive meaning of E ;E is that the effects of applying to the set E of equalities can be simulated by ﬁrst applying , then some other substitution , and then equalities form (E ) .

It is possible to effectively compute a ﬁnite set U of solutions for a rigid E uniﬁcation problem hE; s; ti that is complete w.r.t. the subsumption relation W , E ;E W . i.e. for every solution of hE; s; ti there is a solution in U such that E ;E This immediately implies the decidability of the question whether a given rigid E -uniﬁcation problem hE; s; ti is solvable or not. On ﬁrst sight this might be somewhat surprising since universal E -uniﬁcation is undecidable; however, the additional restriction of rigid E -uniﬁcation, that variables in E may only be instantiated once, is strong enough to turn an undecidable problem into a decidable one. The problem of deciding whether a rigid E -uniﬁcation problem has a solution is, in fact, NP-complete. This was ﬁrst proven in [Gallier et al., 1988] and then, more detailed, in [Gallier et al., 1990; Gallier et al., 1992]. The NP-hardness of the problem was already shown in [Kozen, 1981]. An alternative proof for the decidability of rigid E -uniﬁcation was presented in [de Kogel, 1995], it is easy to understand but uses an inefﬁcient decision procedure. More efﬁcient methods using term rewriting techniques are described in [Gallier et al., 1992; Becher and Petermann, 1994; Plaisted, 1995]. The procedure described in [Becher and Petermann, 1994] has been implemented and integrated into a prover for ﬁrst-order logic with equality [Grieser, 1996].

7.7

Rigid Basic Superposition

In [Degtyarev and Voronkov, 1998], a method called rigid basic superposition has been presented for computing a ﬁnite (incomplete) set of solutions for rigid

240

BERNHARD BECKERT

**E -uniﬁcation problems that is ‘sufﬁcient’ for handling equality in rigid variable
**

calculi, i.e. can be used to build a complete free variable background reasoner for the equality theory E . The procedure is an adaptation of basic superposition (in the formulation presented in [Nieuwenhuis and Rubio, 1995]) to rigid variables. It uses the concept of ordering constraints: DEFINITION 90. An (ordering) constraint is a (ﬁnite) set of expressions of the form s ' t or s t where s and t are terms. A substitution is a solution to a constraint C iff (a) s = t for all s ' t 2 C , i.e. is a uniﬁer of s and t, (b) s > t for all s t 2 C , where > is an arbitrary but ﬁxed term reduction ordering, and (c) instantiates all variables occurring in C with ground terms. There are efﬁcient methods for deciding the satisﬁability of an ordering constraint C and for computing most general substitutions satisfying C in case the reduction ordering > is a lexicographic path ordering (LPO) [Nieuwenhuis and Rubio, 1995]. The rigid basic superposition calculus consists of the two transformation rules shown below. They are applied to a rigid E -uniﬁcation problem hE; s; ti C that has an ordering constraint C attached to it. The computation starts initially with the uniﬁcation problem that is to be solved and the empty constraint. A transformation rule may be applied to hE; s; ti C only if the constraint is satisﬁable before and after the application. Left rigid basic superposition. If there are an equality l r or r l and an equality u v or v u in E and l0 is a subterm of u, then replace the latter equality by u r] v (where u r] is the result of replacing one occurrence of l0 in u by r) and add l r, u v , and l ' l0 to C . Right rigid basic superposition. If there is an equality l r or r l in E and l0 is a subterm of s or of t, then replace s (resp. t) with s r] (resp. t r]) and add l r, s t (resp. t s) and l ' l0 to C .

As the constraint expressions that are added by a rule application have to be satisﬁable, they can be seen as a pre-condition for that application; for example, since l ' l0 is added to C , the terms l and l0 have to be uniﬁable. The two transformation rules are repeatedly applied, forming a non-deterministic procedure for transforming rigid E -uniﬁcation problems. The process terminates when (a) the terms s and t become identical or (b) no further rule application is possible without making C inconsistent. Provided that no transformation is allowed that merely replaces an equality by itself, all transformation sequences are ﬁnite. It is possible to only allow transformations where the term l0 is not a variable, thus improving the efﬁciency of the procedure and reducing the number of solutions that are computed. Let hE; s; ti C be any of the uniﬁcation problems that are reachable by applying rigid basic superposition transformations to the original problem. Then, any

EQUALITY AND OTHER THEORIES

241

solution to C fs ' tg is a solution to the original problem. Let U be the set of all such solutions that are most general w.r.t. W . The set U is ﬁnite because the application of rigid basic superposition rules always terminates. EXAMPLE 91. Consider the rigid E -uniﬁcation problem5 and let > be the LPO induced by the ordering g The computation starts with

**hE; s; ti = hffa a; g2 x fag; g3 x; xi ;
**

> f > a on the function symbols.

**hE; s; ti C = hffa a; g2 x fag; g3 x; xi ; :
**

The only possible transformation is to use the right rigid basic superposition rule, applying the equality (l r) = (g 2 x fa) to reduce the term g 3 x (all other transformations would lead to an inconsistent constraint). The result is the uniﬁcation problem hE; gfa; xi fg 2 x fa; g 3 x x; g 2 x ' g 2 xg; its constraint can be reduced to C1 = fg 2 x fag. A most general substitution satisfying C1 fgfa ' xg is 1 = fx 7! gfag. A second application of the right rigid basic superposition rule leads to the uniﬁcation problem hE; ga; xi fg 2 x fa; fa a; gfa x; fa ' fag; its constraint can be reduced to C2 = fg 2 x fa; gfa xg. A most general substitution satisfying C2 fga ' xg is 2 = fx 7! gag. At that point the process terminates because no further rule application is possible. Thus, 1 and 2 are the only solutions that are computed by rigid basic superposition for this example.

7.8

Since universal E -uniﬁcation is already undecidable, mixed E -uniﬁcation is—in general—undecidable as well. It is, however, possible to enumerate a complete set of MGUs. EXAMPLE 92. The following example requires only very little non-equality reasoning. A powerful equality handling technique is needed to ﬁnd a closed tableau, and the universal formula version of tableaux has to be used to restrict the search space: If consists of the axioms6

Solving Mixed E -uniﬁcation Problems

(8x)(i(tr; x) x) (8x)(8y)(8z )(i(i(x; y); i(i(y; z ); i(x; z ))) tr) (8x)(8y)(i(i(x; y); y) i(i(y; x); x))

5 In 6 This

this example, we use g2 x as an abbreviation for g (g (x)), etc. is an axiomatization of propositional logic, i(x; y ) stands for ‘x implies y ’ and tr for ‘true’.

242

BERNHARD BECKERT

(1) :(8x)(8y)(8z )(9w)(i(x; w) tr ^ w i(y; i(z; y))) (2) :(i(c1 ; w1 ) tr ^ w1 (3) :(i(c1 ; w1 ) tr)

i(c2 ; i(c3 ; c2 ))) i(c2 ; i(c3; c2 )))

(4) :(w1

Figure 5. The tableau that has to be closed to prove the theorem from Example 92 then

j=E (8x)(8y)(8z )(9w)(i(x; w) tr ^ w i(y; i(z; y))) :

To prove this, the tableau shown in Figure 5 has to be closed. Formula (2) is derived from the negated theorem (1) by three - and one -rule application; (3) and (4) are derived from (2). To close the left branch, the E -uniﬁcation problem

Pl = h ; i(c1 ; w1 ); tri

has to be solved, and the problem

Pr = h ; w1 ; i(c2 ; i(c3 ; c2 ))i

has to be solved to close the right branch. The search for solutions performed by the tableau-based theorem prover 3TA P [Beckert et al., 1996], that uses a completion-based method for ﬁnding solutions of mixed E -uniﬁcation problems, proceeds as follows. One of the ﬁrst rules that are deduced from is the reduction rule (8x)(i(x; x) ! tr). Using this rule, the solution = fw1 7! c1 g to the problem Pl is found and applied to the tableau. Then the Problem Pr has to be solved to close the right branch; unfortunately, no solution exists. Thus, after a futile try to close the right branch, backtracking is initiated. More reduction rules are computed until ﬁnally the rule (8x)(i(x; tr) ! tr) is applied to the problem Pl and the solution 0 = fw1 7! trg is found. Now the problem Pr 0 has to be solved to close the right branch. It takes the computation of 48 critical pairs to deduce the rule (8x)(8y )(i(y; i(x; y )) ! tr) which can be applied to show that the empty substitution is a solution to Pr 0 and that therefore the right branch is closed.

EQUALITY AND OTHER THEORIES

243

7.9

Simultaneous E -uniﬁcation

Instead of closing one branch after the other, one can search for a simultaneous refuter for all branches of a tableau. However, this is much more difﬁcult than closing a single branch. Although (non-simultaneous) rigid E -uniﬁcation is decidable, it is undecidable whether a simultaneous solution to several E -uniﬁcation problems exists [Degtyarev and Voronkov, 1996a]. It is as well undecidable whether there is a substitution closing all branches of a given free variable tableau simultaneously after it has been expanded by a ﬁxed number of copies of the universally quantiﬁed formulae it contains [Voda and Komara, 1995; Gurevich and Veanes, 1997]. In the same way as it may be surprising on ﬁrst sight that simple rigid E -uniﬁcation is decidable, it may be surprising that moving from simple to simultaneous problems destroys decidability—even more so considering that the simultaneous versions of other decidable types of uniﬁcation (including syntactical uniﬁcation and ground E -uniﬁcation) are decidable. However, simultaneous rigid E -uniﬁcation turns out to have a much higher expressiveness than simple rigid E -uniﬁcation; it is even possible to encode Turing Machines into simultaneous rigid E -uniﬁcation problems [Veanes, 1997]. For an overview of simultaneous rigid E -uniﬁcation see [Degtyarev and Voronkov, 1998; Beckert, 1998]. Since simultaneous rigid E -uniﬁcation is undecidable, sets of uniﬁers can only be enumerated; in general they are not ﬁnite. Solutions to a simultaneous problem can be computed combining solutions to its constituents hEi ; si ; ti i; however, it is not possible to compute a ﬁnite complete set of uniﬁers of the simultaneous problem by combining solutions from ﬁnite sets of uniﬁers of the constituents that are complete w.r.t. the subsumption relation W , because they are complete w.r.t. E ;E different relations W i . Thus, the subsumption relation W has to be used, which E ;E E is the same for all i (but does not allow to construct ﬁnite complete sets of uniﬁers). The undecidability of simultaneous rigid E -uniﬁcation implies that, if a background reasoner produces only a ﬁnite number of solutions to any (non-simultaneous) rigid E -uniﬁcation problem, then closing a tableau T may require to extend T by additional instances of equalities and terms even if there is a substitution that closes all branches of T simultaneously and there is, thus, a solution to a simultaneous rigid E -uniﬁcation problem extracted from T . That notwithstanding, the background reasoner may be complete; and in that case the advantages of ﬁnite sets of solutions prevail. A complete background reasoner of this type can be built using rigid basic superposition (Section 7.7). It is not known whether the same can be achieved using (ﬁnite) sets of uniﬁers that are complete w.r.t. the subsumption relation W . E ;E 8 INCREMENTAL THEORY REASONING Besides the efﬁciency of the foreground and the background reasoner, the interaction between them plays a critical rˆ for the efﬁciency of the combined system: ole

244

BERNHARD BECKERT

It is a difﬁcult problem to decide whether it is useful to call the background reasoner at a certain point or not, and how much time and other resources to spend for its computations. In general, giving a perfect answer to these questions is as difﬁcult as the theory reasoning problem itself. Even with good heuristics at hand, one cannot avoid calling the background reasoner at the wrong point: either too early or too late. This problem can (at least partially) be avoided by using incremental methods for background reasoning [Beckert and Pape, 1996], i.e. algorithms that—after a futile try to solve a theory reasoning problem—allow to save the results of the background reasoner’s computations and to reuse this data for a later call.7 Then, in case of doubt, the background reasoner can be called early without running the risk of doing useless computations. In addition, an incremental background reasoner can reuse data multiply if different extensions of a problem have to be handled. An important example are completion-based methods for equality reasoning, which are inherently incremental. As already mentioned in Section 2.5, one of the main problems in using theorem reasoning techniques in practice is the efﬁcient combination of foreground and background reasoner and their interaction—in particular if (a) the computation steps of the background reasoner are comparatively complex, and (b) in case calling the background reasoner may be useless because no refuter exists or can be found. On the one hand, a late call to the background reasoner can lead to bigger tableaux and redundancy. Although several branches may share the same subbranch and thus contain the same key for which a refuter exists, the background reasoner is called separately for these branches and the refuter has to be computed repeatedly. On the other hand, an early call to the background reasoner may not be successful and time consuming; this is of particular disadvantage if the existence of a refuter is undecidable and, as a result, the background reasoner does not terminate although no refuter exists. Both these phenomena may considerably decrease the performance of a prover, and it is very difﬁcult to decide (resp. to develop good heuristics which decide) 1. when to call the background reasoner; 2. when to stop the background reasoner if it does not ﬁnd a refuter. EXAMPLE 93. The following example shows that earlier calls to the background reasoner can reduce the size of a tableau proof exponentially. Let Form be a set of formulae and let n 2 Form , n 0, be formulae such that, for some theory T , j=T : n (n 0) . Figure 6 shows a proof for

j=T

0$ 1

$

$

n

;

7 This should not be confused with deriving a refuter and handing it back to the foreground reasoner. The information derived by an incremental background reasoner cannot be used by the foreground reasoner, but only by the background reasoner during later calls.

EQUALITY AND OTHER THEORIES

245

:

(

0

$

1

$ :

$

n)

$ $

0

^:

(

1

$

$

n)

0^( 1

n)

0

:

: $

0

$

(

1

$

n)

1

$ :

n

n 1

:

n 1$ n n 1 ^: n n 1

:

n 1^ n

:

n 1 n

n

Figure 6. Short tableau proof for

j=T

0

$

$

n (Example 93)

where the background reasoner is called when a literal of the form n appears on a branch (with the key = f n g). As a result, all the left-hand branches are closed immediately and the tableau is of linear size in n. If the background reasoner were only called when a branch is exhausted, i.e. when no further expansion is possible, then the tableau would have 2n branches and the background reasoner would have to be called 2n times (instead of n times). An incremental background reasoner can be of additional advantage if the computations that are necessary to show that j=T : n are similar for all n. In that case, a single call to the background reasoner in the beginning may provide information that later can be reused to close all the branches with less effort. Even the best heuristics cannot avoid calls to the background reasoner at the wrong time. However, under certain conditions, it is possible to avoid the adverse consequences of early calls: If the algorithm that the background reasoner uses is incremental, i.e. if the data produced by the background reasoner during a futile try to compute refuters can be reused for a later call. If early calls have no negative effects, the disadvantages of late calls can easily be avoided by using heuristics that, in case of doubt, call the background reasoner at an early time. The problem of not knowing when to stop the background reasoner is solved by calling it more often with less resources (time, etc.) for each call. An additional advantage of using incremental background reasoners in the tableau framework is that computations can be reused repeatedly for different extensions of a branch—even if the computation of refuters proceeds differently for these extensions.

246

BERNHARD BECKERT

**8.1 Incremental Keys and Algorithms
**

Obviously, there has to be some strong relationship between the keys transferred to the background reasoner, to make it possible to reuse the information computed. Since, between calls to the background reasoner, (1) the tableau may be extended by new formulae and (2) substitutions (refuters) may be applied (to the tableau), these are the two operations we allow for changing the key: DEFINITION 94. A sequence ( i )i 0 of keys is incremental if, for i 0, there is a set i Form of formulae and a substitution i such that i+1 = i i i, where i = i i .

In general, not all refuters of i are refuters of i+1 (because a substitution is applied); nor are all refuters of i+1 refuters of i (because new formulae are added). To be able to formally denote the state the computation of a background reasoner has reached and the data generated, we use the following notion of incremental background reasoner: DEFINITION 95. An incremental background reasoner RA;I ;S is a background reasoner (Deﬁnition 31) that can be described using 1. an algorithm (a function) A 2.

**: D ! D operating on a data structure D, an initialization function I : 2Form ! D that transforms a given key into
**

the data structure format, and

3. an output function S that extracts computed refuters from the data structure, such that for every key

Form

for which RA;I ;S is deﬁned

RA;I ;S ( ) =

i 0

S (Ai (I ( ))) :

The above deﬁnition does not restrict the type of algorithms that may be used; every background reasoner whose computations proceed in steps can be described this way. If a background reasoner applies different transformations to the data at each step of its computation, this can be modeled by adding the state of the reasoner to the data structure such that the right operation or sub-algorithm can be applied each time the background reasoner is invoked. Of course, the input and output functions have to be reasonably easy to compute; in particular, the cost of their computation has to be much smaller than that of applying the algorithm A, which is supposed to do the actual work. The goal is to be able to stop the background reasoner when it has reached a certain state in its computations for a key , and to proceed from that state with a new key 0 = . For that purpose, an update function is needed that adapts the data structure representing the state of the computation to the new formulae and the substitution .

EQUALITY AND OTHER THEORIES

247

DEFINITION 96. Let T be a theory and RA;I ;S a complete incremental background reasoner for T . An update function

U : D 2Form

0

Subst

!D

is correct (for RA;I ;S ) if a complete background reasoner R0 ;I ;S is deﬁned by: A for every key 1. choose 2. 3.

Form and 2 Subst such that = 0 compute Dn = U (An (I ( 0 )); ; ) for an arbitrary n 0; S set R0 ;I ;S ( ) = i 0 S (Ai (Dn )). A

arbitrarily;

THEOREM 97. Let T be a theory, RA;I ;S a complete incremental background reasoner for T , and U a correct update function for RA;I ;S . Then RA;I ;S is a complete background reasoner for T that is deﬁned by: for every key 1. choose an arbitrary incremental sequence ( i )i 0 of keys where

According to the above deﬁnition, a correct update function behaves as expected when used for a single incremental step. Theorem 97 shows that this behavior extends to sequences of incremental steps. In addition, the algorithm can be applied arbitrarily often between incremental steps:

i+1 = i i

and 2.

i

(i 0) ;

3.

= k for some k 0; let (Di )i 0 D be deﬁned by (a) D0 = I ( 0 ), (b) Di+1 = U (Ani (Di ); i+1 ; i+1 ) for some ni S set RA;I ;S ( ) = j 0 S (Aj (Dk )).

0;

EXAMPLE 98. Let ( i )i 0 be an incremental sequence of keys such that i+1 = i i i (i 0). Then, for every sound and complete incremental background reasoner RA;I ;S , the trivial update function deﬁned by

U (D; i ; i ) = I (

is correct.

i i

i)

The above example shows that it is not sufﬁcient to use any correct update function to achieve a better performance of the calculus, because using the trivial update function means that no information is reused. A useful update function has to preserve the information contained in the computed data.

248

BERNHARD BECKERT

Whether there actually is a useful and reasonably easy to compute update function depends on the theory T , the background reasoner, and its data structure. Such a useful update function exists for a background reasoner for completionbased equality handling [Beckert and Pape, 1996]. Another important example are background reasoners based on resolution: if a resolvent can be derived from a key , then it is valid for all extensions of ; resolvents may be invalid for an instance of the key, but to check this is much easier than to re-compute all resolvents. In [Baumgartner, 1996], a uniform translation from Horn theories to partial background reasoners based on unit-resulting positive hyper-resolution with input restriction is described. This procedure can be used to generate incremental background reasoners for a large class of theories.

**8.2 Semantic Tableaux and Incremental Theory Reasoning
**

The incremental theory reasoning method presented in the previous section is easy to use for tableau-like calculi, because the deﬁnition of incremental sequences of keys matches the construction of tableau branches. The keys of a sequence are taken from an expanding branch, and the substitutions are those applied to the whole tableau. The keys used in calls to the background reasoner as well as the information computed so far by the background reasoner have to be attached to the tableau branches: DEFINITION 99. A tableau for incremental theory reasoning is a (ﬁnite) multiset of tableau branches where a tableau branch is a triple h ; D; i; is a (ﬁnite) multi-set of ﬁrst-order formulae, D 2 D (where D is the data structure used by the background reasoner), and Form is a key. Now, the tableau calculus with theory reasoning introduced in Section 3.4 can be adapted to incremental theory reasoning: calling the background reasoner is added as a further possibility of changing the tableau (besides expanding and closing branches).

DEFINITION 100 (Incremental reasoning version). Given a theory T , an incremental background reasoner RA;I ;S for T (Deﬁnition 95), and a correct update function U for RA;I ;S (Deﬁnition 96), an incremental theory reasoning tableau proof for a ﬁrst-order sentence consists of a sequence

ff: gg = T0 ; T1 ; : : : ; Tn 1 ; Tn = ;

of tableaux such that, for 1

(n 0)

1

i n, the tableau Ti is constructed from Ti

1. by applying one of the expansion rules from Table 6, i.e. there is a branch B = h ; D; i 2 Ti 1 and a formula 2 (that is not a literal) such that

Ti = (Ti 1 n fB g)

EQUALITY AND OTHER THEORIES

249

n f g) f 1 ; 2 g; D; ig if = n f g) f 1 g; D; i; n f g) f 2g; D; ig if = f 1 (y)g; D; ig if = (x) n f g) f 1(f (x1 ; : : : ; xn ))g; D; ig if = (x) where y 2 V is a new variable not occurring in Ti 1 , f 2 F is a Skolem function symbol not occurring in Ti 1 nor in T , and x1 ; : : : ; xn are the free

variables in ; 2. by applying the incremental theory expansion rule, i.e. there is a branch B = h ; D; i in Ti 1 and a T -refuter h ; f 1 ; : : : ; k gi (k 1) in the set S (D), and

8 > > > > <

fh( fh( h( > >fh > > : fh(

Ti = fh 0 ; D0 ; 0 i j h 0 ; D0 ; 0 i 2 (Ti 1 n fB g)g fh f j g; D; i j 1 j kg

3. by applying the incremental theory closure rule, i.e. there is a branch B h ; D; i in Ti 1 that is T -closed under , i.e. 2 S (D), and

=

Ti = fh 0 ; D0 ; 0 i j h 0 ; D0 ; 0 i 2 (Ti 1 n fB g)g

4. or by calling the background reasoner, i.e. there is a branch B in Ti 1 , a number c > 0 of applications, and a key

= h ; D; i

0=

where (b) fxi ; : : : ; xi i g 1 m and (a)

= f(8xi1 )

(8ximi ) i j 1 i pg

1; : : : ; p

2

,

UVar ( i ) for 1 i p.

Ti = (Ti 1 n fB g) fh ; Ac(U (D; ; )); 0 ig :

THEOREM 101. Let 2 Form be a sentence. If there is an incremental tableau proof for (Deﬁnition 100), then is a T -tautology. If RA;I ;S is a complete incremental background reasoner for a theory T and the formula is a T -tautology, then an incremental tableau proof for can be constructed using RA;I ;S .

Soundness and completeness of the resulting calculus are a corollary of Theorems 47, 58, and 97:

The maximal cost reduction that can be achieved by using an incremental reasoner is reached if the costs are those of the non-incremental background reasoner

250

BERNHARD BECKERT

called neither too early nor too late, i.e. if always the right key in the incremental sequence is chosen and the background reasoner is only called for that key (which is not possible in practice). In practice, the costs of an incremental method are between the ideal value and the costs of calling a non-incremental reasoner for each of the keys in an incremental sequence (without reusing). But even if the costs for one sequence, i.e. for closing one tableau branch, are higher than those of using a non-incremental method, the overall costs for closing the whole tableau can be small, because information is reused for more than one branch. 9 EQUALITY REASONING BY TRANSFORMING THE INPUT Methods based on transforming the input are inherently not speciﬁc for semantic tableaux (although they might be more suitable for tableaux than for other calculi). They do not require the tableau calculus to be adopted to theory reasoning. The simplest—however useless—method is to just add the theory axioms to the input formulae. A better way to ‘incorporate’ the equality axioms into the formulae to be proven is D. Brand’s S TE -modiﬁcation [Brand, 1975], which is described below. An improved transformation using term orderings has been presented in [Bachmair et al., 1997]. Usually, S TE -modiﬁcation is only deﬁned for formulae in clausal form; but since a transformation to clausal form may be of disadvantage for non-normal form calculi like semantic tableaux, we present an adaptation of Brand’s method for formulae in Skolemized negation normal form. DEFINITION 102. Let be a formula in Skolemized negation normal form. The E -modiﬁcation of is the result of applying the following transformations iteratively as often as possible: 1. If a literal of the form p(: : : ; s; : : :) or :p(: : : ; s; : : :) occurs in the formula where s 62 V , then replace it by

(8x)(:(s x) _ p(: : : ; x; : : :)) resp. (8x)(:(s x) _ :p(: : : ; x; : : :))

where x is a new variable. 2. If an equality of the form f (: : : ; s; : : :) t or the formula where s 62 V , then replace it by where x is a new variable.

t f (: : : ; s; : : :) occurs in

(8x)(:(s x) _ f (: : : ; x; : : :) t)

EQUALITY AND OTHER THEORIES

251

The S TE -modiﬁcation of is the result of (non-iteratively) replacing in the E -modiﬁcation 0 of all equalities s t by (8x)(:(t x) _ s x) ^ (8x)(:(s x) _ t x) where x is a new variable. EXAMPLE 103. The S TE -modiﬁcation of (8x)(p(f (a; g (x)))) is

(8x)(8u)(8v)(8w)(:(a u) _ :(g(x) v) _ :(f (u; v) w) _ p(w)) :

The S TE -modiﬁcation of (8x)(8y )(f (x; y )

g(a)) is

(8x)(8y)(8z )(:(a z ) _ ((8u)(:(f (x; y) u) _ g(z ) u) ^ (8u)(:(g(z ) u) _ f (x; y) u))) :

To prove the E -unsatisﬁability of the S TE -modiﬁcation of a formula, it is sufﬁcient to use the reﬂexivity axiom; symmetry, transitivity and monotonicity axioms are not needed any more. THEOREM 104 (Brand, 1975). Let be a sentence in Skolemized negation normal form, and let 0 be the S TE -modiﬁcation of . Then is E -unsatisﬁable if and only if

0 ^ (8x)(x

x)

is unsatisﬁable. 10 CONCLUSION We have given an overview of how to design the interface between semantic tableaux (the foreground reasoner) and a theory background reasoner. The problem of handling a certain theory has been reduced to ﬁnding an efﬁcient background reasoner for that theory. The search for efﬁcient methods has not come to an end, however, because there is no universal recipe for designing background reasoners. Nevertheless, some criteria have been presented that a background reasoner should satisfy and useful features it should have. Specialized methods have been presented for handling equality; the most efﬁcient of these are based on E -uniﬁcation techniques. Similar to the design of background reasoners in general, the problem of developing E -uniﬁcation procedures is difﬁcult to solve in a uniform way. The research in the ﬁeld of designing such procedures for certain equality theories has produced a huge amount of results, that is still rapidly growing, in particular for rigid and mixed E -uniﬁcation.

. pages 93–109. B. 1998. a a Schmitt. 7(1):39–58. 1996. [Beckert. LNCS 814. Marcello D’Agostino. [Baumgartner. 1997] B. 1997] L. A completion-based method for mixed universal and rigid E -uniﬁcation. Kluwer. Ohlbach. Bachmair. Journal of the ACM. 1994] B. Proceedings. P. Ornaghi. 1981. H¨hnle. D. France. Nebel and L. 1998. 1992. Springer. 1981] P. Baumgartner. MPI f¨ Informatik. Springer. In W. Semantic tableaux with equality.J. In P. 1994] G. Proceedings. [Becher and Petermann.. In W. In B. R. and U. volume I. u [Baumgartner. Germany. 11th International Conference on Automated Deduction (CADE). Nancy. [Beckert and Pape. 18th German Annual Conference on Artiﬁcial Intelligence (KI-94). pages u 319–330. second edition. H. In A. LNCS 1104. Journal of Automated Reasoning. Proving theorems with the modiﬁcation method. H¨hnle. Linear and unit-resulting refutations for Horn theories. 5th Workshop on Theorem Proving with Analytic Tableaux and Related Methods. Theory Reasoning in Connection Calculi. Theory reasoning. USA. Dreschler-Fischer. University of Koblenz. Petermann. Kluwer. Brand. Becher and U. LNCS 607. A uniﬁed approach to theory reasoning. Schmitt. 1975. Proceedings. 1998] P. [Baumgartner and Petermann. [Beckert. 1997. U. 1997. In H. editors. and Christian Pape for fruitful comments on earlier versions of this chapter. version 4. Vieweg. Sulzmann. German Workshop on Artiﬁcial Intelligence (GWAI). 1998] B. Beckert. NY. editor. Beckert and C. Springer. Automated Deduction – A Basis for Applications. Bibel and P. Automated Theorem Proving. Petermann. pages 678–692. editor. Bibel and P. 4(4):412–430. 1992] P. 28:193–214. Incremental theory reasoning methods for semantic tableaux. 16(3):241–319. [Beckert. LNCS 861. 1992] B. pages 507–521. Forschungsbericht 15/92. [Baumgartner. pages 30–42. Oel and M. Germany. [Beckert and H¨ hnle. volume I. Beckert and R. Pape.252 BERNHARD BECKERT ACKNOWLEDGEMENTS I would like to thank Peter Baumgartner. Kluwer. 1992] P. Braunschweig. 1994. 1996. Voronkov. The tableau-based theorem a prover 3TA . Proceedings. Bundy. Springer. [Beckert and H¨ hnle. Theorem proving through general matings. 1998. A model elimination calculus with built-in theories. In W. Springer. [Beckert et al. H. editors. 1992. [Brand. U. Springer. Paliath Narendran. First edition published in 1982. Schmitt. 1996] B. 1998. editors. Baumgartner. and M. Bibel. a REFERENCES [Andrews. To appear. Miglioli. Technical Report MPI-I-97-2-012. H. editors. 1987] W. NJ. H¨hnle. 1996. Rigid uniﬁcation by completion and rigid paramodulation. Italy. LNCS.. Analytic tableaux. Springer. LNCS 1071. In Proceedings. 1998] B Beckert. [Bachmair et al. Baumgartner and U. Beckert.. 1992. 1998] P. pages 303–307. An improved method for adding equality to a a free variable semantic tableaux. Furbach. 1994. New Brunswick. 13th International Conference on Automated Deduction P (CADE). Palermo. Automated Deduction – A Basis for Applications. Moscato. volume I. Baumgartner. Petermann. Kapur. Saarbr¨ cken. 1996] P. 1975] D. Journal of Logic and Computation. LNCS 671. Rigid E -uniﬁcation. Beckert. In D. Baumgartner. USA. Universit¨ t Karlsruhe. Automated Deduction – A Basis for Applications. Andrews. Elimination of equality via transformation with ordering constraints. SIAM Journal on Computing.0. editors. Ganzinger and A. H. Beckert and R. 12th International Conference on Automated Deduction (CADE). [Baumgartner et al. Saratoga Springs. Mundici. Proceedings. Bibel and P. ur Saarbr¨ cken. 1987. [Bibel. editor. 1996] B.

Lis. 1998] A. In Proceedings. Formal Logic. Narendran. What you always wanted to know about rigid E -uniﬁcation. equational matings. Rigid E -uniﬁcation simpliﬁed. pages 178–192. Snyder. 1990. Hamburg. H. Oxford University Press. pages 46–60. Calmet and C. 1987] J. In P. Gallier and W. 1992] J. In Procceedings. In K. Voronkov. MD. and W. Positive ﬁrst-order logic is NP-complete. [Gallier et al. Springer. Harrison. Jeffrey. 1990. April 1986. A simpliﬁed format for the model elimination procedure. Uppsala University. [B¨ rckert. 16(3):233–248. Plotkin. S. Symposium on Logic in Computer Science (LICS). 1991] J. Marburger. G. Some undecidable problems related to the Herbrand theorem. Its Scope and Limits. [Degtyarev and Voronkov. Karlsruhe. Germany. Theory reasoning in ﬁrst order calculi. Luck and H. In J. Degtyarev and A. 1988] R. Springer. C. In Proceedings. Degtyarev and A. Symposium on Logic in Computer Science (LICS). Lassez and G. Proceedings. pages 17–30. 25(4):327–332. 1996. [Kozen. [Kanger. LNCS 1092. 40:273–326. 20(1):47–80.. Journal of the ACM. [Grieser. MIT Press. 1996a] A. Gallier. 1996] M. Simultaneous rigid E -uniﬁcation is undecidable. 1986] V. 1991. Digricoli and M. 1. 1990] J. IEEE Press. 1987. Omodeo. First edition. C. Computable Set Theory. P. 1989. Classical Papers on Computational Logic. [Lis. W. B¨ u urckert. In J. 1998. Journal of the ACM. Browne.. Studia Logica.. Rigid E -uniﬁcation: NPcompleteness and application to equational matings. Kanger. [de Kogel. Gallier. 1996. An implementation of rigid E -uniﬁcation using completion and rigid paramodulation. [Gurevich and Veanes. 1967. 1990. 1960. 1995] E. Voronkov. P. editors. LNCS 918. Theorem proving using rigid E uniﬁcation. editor. [Jeffrey. vol. Jouannaud and C. 1997] Y. 10:39–60. Bulletin of the EATCS. Springer. Wynikanie semantyczne a wynikanie formalne. College Park. Forschungsbericht FITL-96-4. Equality elimination for the tableau method. 1969.. Ground term rewriting in semantic tableaux systems for ﬁrst-order logic with equality. April 1992. [Jouannaud and Kirchner. Journal of the ACM. Narendran. pages 178–190. Journal of Automated Reasoning. H. 1990. UPMAIL Technical Report 138. H. In Proceedings. Kleine B¨ uning. Solving equations in abstract algebras: A rule-based survey of uniﬁcation. Information and Computation. Braffort and D. Gurevich and M. A resolution principle for clauses with constraints. Ferro and E. 1969] D. Grieser. Hirschberg.. Raatz. (eds. 1994. LNCS 449. Proceedings. LNCS 777. and W. 1995. D. [Gallier et al.EQUALITY AND OTHER THEORIES 253 [Browne. H. [Gallier and Snyder. S. J. [Fitting. 1981] D. [Degtyarev and Voronkov. LNCS 1128. 1996] A. Snyder. In Polish with English summary. First-Order Logic and Automated Theorem Proving. D. [Gallier et al.-P. Computational Logic – Essays in Honor of Alan Robinson. USA. 33(2):253–289. pages 257–321. 1989] D. Springer. Narendran. Plaisted. [Cantone et al. Veanes. 1996] G. Limongelli. 1988. [Degtyarev and Voronkov. editors. NY. Theorem proving using equational matings and rigid E -uniﬁcation. Computer Programming and Formal Systems. 1963] S.. [Furbach. A. 1967] R. Furbach. 1990] H. International Symposium on Design and Implementation of Symbolic Computation Systems (DISCO). Goar. IBM Journal of Research and Development.V. 4th Workshop on Theorem Proving with Analytic Tableaux and Related Methods. and Wrightson. Springer. St. . and W. Third Workshop on Information Systems and Artiﬁcial Intelligence. 1997. Reprint as pages 364–371 of: Siekmann. de Kogel. North Holland. v. Snyder. In H. Raatz. [Gallier et al. Voronkov. Degtyarev and A. Automation of Reasoning. Annual Conference of the European Association for Computer Science Logic (CSL’95). [Digricoli and Harrison. J. 1996. Kirchner. McGraw-Hill. Technical Report UMIACS-TR-88-44. P. Snyder. pages 139–156. [Loveland. 1994] U. Gallier.). Loveland. H. Kozen. 1983. J. New York. 1988. 1990] J. Gallier. editors. 1963. 1988] J. 1960] Z. Plaisted and W Snyder. pages 129–195. C. Fitting. 39(2):377–429. Germany. Equality-based binary resolution. 10th International Conference on Automated Deduction (CADE). volume 6 of International Series of Monographs on Computer Science. FIT Leipzig e. Cantone.. A simpliﬁed proof method for elementary logic. Ithaka. Springer. IEEE Press. Proceedings. pages 87–94. Rigid E -uniﬁcation is NP-complete. 1981. Designing uniﬁcation procedures using transformations: A survey. 1996. editors.

1969] J. Mundici. Policriti and J. 1995] R. [Snyder. Voda and J. Oppen. Journal on Computer and Artiﬁcial Intelligence. 1969. editors. J. . 1992] U. On Herbrand skeletons. How to build-in an open theory into connection calculi. o Brno. Machine Intelligence. 1987a] N. First-Order Logic. LNCS 713. 1967] R. 11(2):105–142. Plaisted. LNCS 170. [Petermann. Springer. New York. Rubio. E. Collins and D. Slovakia. [Popplestone. 1995] R. Leitsch. Theorem proving with ordering and equality constrained clauses. Popplestone. 1993] U. Napa. V. [Murray and Rosenthal. 1997. E. pages 31–46. First published in 1968 by Springer. Veanes. [Siekmann. 1987. Journal of the ACM. Michie. On Simultaneous Rigid E -Uniﬁcation. An algorithm for reasoning about equality. 1987] S. Nelson and D. 1980] G. Michie. 1995] D. Rosenthal. Oliver and Boyd. Comenius University. 1991. and D. Technical Report MPI-I-95-2-010. In B. Theory links: Applications to automated theorem proving. M. A Proof Theory for General Uniﬁcation. FL. Earlier version in Proceedings. 1978] R. 21(7):583–585. 3rd Kurt G¨ del Colloquium (KGC). 1995] A. Fast decision procedures based on congruence closure. 1989] J. 1987] N. November 1995.254 BERNHARD BECKERT [Murray and Rosenthal. Robinson and L. 4:173–190. Nieuwenhuis and A. 1987. Paramodulation and theorem proving in ﬁrst order theories with equality. Journal of Symbolic Computation. Proceedings. pages 264–277. In N. 7(3/4):207–274. u u [Policriti and Schwartz. 1997] M. 1993. Murray and E. [Robinson and Wos. T. 1995] P. Reeves. [Petermann. Communications of the ACM. 19:321–351. 1985. 7th International Conference on Automated Deduction (CADE). Saarbr¨ cken. April 1980. Sweden. a [Stickel. Special cases and substitutes for rigid E -uniﬁcation. 34(2):225–254. PhD Thesis. A. second corrected edition. Springer. Uppsala University. [Nieuwenhuis and Rubio. [Veanes. Stickel. 1967. Komara. 1995. Journal of Automated Reasoning. Petermann. 3:225–246. V. A. Institute of Informatics. editors. 27(2):356–364. USA. Automated deduction by theory resolution. April 1987. 1995. Meltzer and D. 1995. [Nelson and Oppen. Journal of Automated Reasoning. Technical Report mff-ii02-1995. Murray and E. 1:333–355. Journal of Symbolic Computation. Shostak. V. [Plaisted. volume 1. Siekmann. 1991] W. C. 1984. 1992. Dover Publications. 1989. Adding equality to semantic tableau. Inference with path resolution and semantic graphs. Beth-tree methods in automatic theorem proving. [Reeves. Snyder. 1995. Journal of Symbolic Computation. Completeness of the pool calculus with an open built-in theory. A. [Smullyan. Max-Planck-Institut f¨ r Informatik. Machine Intelligence. Wos. Czech Republic. Birkh¨ user. Edinburgh University Press. Boston. H. Universal uniﬁcation. Smullyan. editors. [Shostak. 1978. Journal of Symbolic Computation. [Voda and Komara. Gottlob. 20:315–342. Journal of the ACM. Petermann. In G. Bratislava. T -theorem proving I. 1985] M. Rosenthal. Schwartz.

The rules of a tableau system are usually viewed as steps towards the construction of a countermodel. At the same time. 1986]. 2 There are. see e.1 Both types of application rely on the rich proof theory possessed by intuitionistic formalisms in comparison with their classical counterparts. broadly speaking. 1990. where partial derivations play a role as ﬁnitary evidence of non-provability.g.. [Howard. as opposed to the latter’s synthetic emphasis on sound inference and complete proofs. WALLEN TABLEAUX FOR INTUITIONISTIC LOGICS 1 INTRODUCTION Despite the fact that for many years intuitionistic logic has served its function primarily in relation to foundational questions in mathematics. however. It is beyond the scope of this chapter to comment on these applications in detail which. o o Constable et al. Heyting presented the constructive semantics of intuitionistic logic. 3 The purpose of this chapter is to view intuitionistic logic from the perspective of systems of tableaux. Intuitionistic type theories also play a role as the internal languages of universes of sets (see for example [1990]). published again in his seminal book on intuitionism [1956]. An interesting compendium of papers illustrating many of these ideas in detail is Odifreddi’s book on Logic and Computer Science [1990]. We will refer to Heyting’s rendition of intuitionistic semantics as the ‘proof interpretation’. either exploit formalisations of the intuitionistic meaning of general mathematical abstractions as programming logics [Martin-L¨ f. Coquand. The ﬁrst complete formalisation of intuitionistic predicate logic was due to Heyting [1930]. [1989. . the main distinction between tableau systems and other types of calculi might be said to be the former’s analytic emphasis on systematic completeness arguments. 1991]). or exploit the similarity of systems of formal intuitionistic proofs under cut-elimination to systems of typed lambda terms under various forms of reduction (e. WAALER AND L. 1992. there has been a signiﬁcant revival of interest over the last couple of decades stimulated by the application of intuitionistic formalisms in computer science [1982].A. 1996. The emphasis on analysis and 1 It is noteworthy that both types of application focus on higher-order rather than ﬁrst-order formalisms. 1989. these together contain a comprehensive list of references. relying on ideas of Brouwer and Kolmogorov. ways of giving classical logic a more ‘intuitionistic’ or ‘constructive’ proof theory. Girard.g. Four years after Heyting’s publication Gentzen [1935] published the system of natural deduction (NJ) and the calculus of sequents (LJ) thereby providing elegant formulations of the logic. 1984. Indeed.2 The basic proof theory of intuitionistic logic was explicitly formulated in the early part of the thirties. 1990 ]). Martin-L¨ f. 3 For extensive information about the history of the subject the reader should consult the article by van Dalen [1986] and the volumes by Troelstra and van Dalen [1988]. 1980.

A Beth countermodel to a classically valid sequent is inﬁnite. recasting the proof interpretation in a refutational framework is problematic. The key concern is the extent to which the resultant inference rules inter-permute. From the refutational perspective of proof-search the specialisation of LK to LJ is far from unique. Analysis of techniques for proof-search in intuitionistic logic sheds light on the basic techniques of the ﬁeld. WAALER AND L. each inducing a different search space. Refutation trees give rise most naturally to an alternative. A Sch¨ tte-type is proved by means of a refutation tree construcu tion which allows discussion of search strategies. which is a notational variant of Fitting’s tableau system for intuitionistic logic [1969]. The utility of LB for proof-search stems from the fact that it has fewer restrictions on rule permutation compared to LJ. It is our aim to bring a number of these techniques into focus by giving a treatment of them in intuitionistic logic from the analysis/refutational perspective of tableaux. 1968]. however. but unlike the classical sequent calculus whose inversion reﬂects the semantics of classical logic more or less directly.1) and present the proof system LJ as a formalisation of this interpretation (Section 1.3). . We can. and the more compact/uniform the search space. by a restriction of the latter to sequents whose succedents contain at most one formula [Gentzen. and LJ can be obtained from LK. semantics for the logic. Roughly speaking: the more the permutation properties. WALLEN refutation makes the tableau framework particularly suitable for the analysis of theorem-proving algorithms. The above describes the technical heart of this Chapter (Section 2). a corollary to Gentzen’s theorem (Section 1. The . The theorems of intuitionistic predicate logic form a proper subset of the theorems of classical predicate logic. the smoother the search. In the remainder of this introduction we give Heyting’s deﬁnition of the meaning of the intuitionistic connectives via his proof interpretation (Section 1. The rules of LJ can indeed be inverted to form a standard [Smullyan. maintain the idea of proof-search as a systematic attempt to construct evidence for non-provability by working purely formally with the notion of a refutation tree (Section 2. This calculus bears a satisfactory relationship with Heyting’s proof interpretation. more classical. one due to Beth [1959]. the for classical logic. For this reason we shall work with the latter.256 A. 1935]. We formulate a modiﬁed version of LJ called LB (after Beth). and one due to Kripke [1963].4). a property not always shared by Kripke models. intuitionistic logic is worthy of attention within computational logic itself precisely because of its rich proof theory and non-classical structure.2) in a form easily related to tableaux. and intuitionistic systems can be obtained in a number of interesting ways. Apart from being of current interest in computer science.2). In preparation for the development of this view we end the introduction by deﬁning Kripke’s alternative semantic scheme for intuitionistic logic (Section 1. There are in fact two kinds of semantics in this vein for intuitionistic logic. restricts the formulae that need to be considered in a LJ-proof and supports a view of cut-free LJ as a (refutational) tableau system. an observation which gives this volume its special character.

Skolem and Robinson. Our purpose here is different. We seek to explain optimisations in terms of their effect on the search space. and to classical logic. LB. 8. ^. Formulae are deﬁned in the usual way from a set of predicate symbols. It is commonplace to express an optimisation in proof-search by modifying the rules of a calculus. P.2 and 3. Given the above.e. 1990]. and (ii) the treatment of ﬁrstorder quantiﬁers using ideas from Herbrand. or [Ohlbach. C denote arbitrary closed formulae. search spaces. a set of variables. 9. and an ‘unsuccessful’ construction yields (in the limit) evidence for a counter-proof.r. Predicate symbols with arity 0 (i.3 respectively). A ﬁnal methodological comment is in order before we begin the exposition. say. We focus on two issues in particular: (i) restrictions on in propositional and predicate logic (Sections 3. 4 Extension of many of the ideas that follow to a language with function symbols and constants is non-trivial and seems to require more global techniques equivalent to those involved in. Refutation trees have the property that. we should expect to see optimisations arise from restrictions on the refutation tree construction which take advantage of the structure of the logic. in this case LB. how search using the calculus approximates evidence for non-provability. or more uniform. and simultaneously justiﬁes their form. propositional letters) are denoted p.TABLEAUX FOR INTUITIONISTIC LOGICS 257 Syntactically.t. relating them to the construction in Section 2. by deﬁnition. and a set of terms called parameters. We present simple expositions of each of these techniques in turn. The observation that a Kripke model can be obtained directly from a refutation tree in the latter case establishes the completeness of Kripke models w. This is related directly to the character of a calculus as a refutation system: i. a ‘successful’ construction codes a proof in that calculus. B. _. the sets are assumed to be nonempty and disjoint. .e.4 An atomic formula is a formula without any occurrences of logical symbols and no free variables. r. 1. refutation trees are a description of the search space induced by a particular calculus. . A t=x] denotes the result of replacing every occurrence of the variable x in A with the term t. This is how such optimisations are presented. [Wallen. q. or refutation. The close correspondence between these two notions in the case of classical logic has been a major obstacle to the development of computationally improved methods of proof-search for nonclassical logics.1 The proof interpretation We use a formal language with the following logical symbols: ?. 1990]. As a speciﬁcation for a revised implementation such an exposition is to be highly recommended. Q denote predicate symbols with arity one. Observe that there are no function symbols in the language. A. With the construction of Section 2 completed we turn our attention to various types of optimisation which have been suggested in the literature with the aim of obtaining less redundant.

Conceptually the main difference between Gentzen’s and his system of natural deduction is that while the rules of the latter deﬁne relations between formulae (assertions). We write A for the singleton multiset fAg. are (possibly empty) ﬁnite multisets of closed formulae. then extend this notion to hypothetical proofs of formulae. and . The presentation is inspired by Martin-L¨ f’s exposition of the intuitionistic system of natural deduction [1996]. A (canonical) proof of proof of A t=z ]. where . The clauses for the logical constants are as follows. the succedent. we present the (canonical) proofs of formulae ﬁrst. the antecedent. ). A (canonical) proof of A B is a construction f which maps any proof of A into a proof f ( ) of B . since a (canonical) proof of a proposition represented by an atomic formula must be given relative to a particular theory. 2 ). where 1 is a proof of A and 2 is a proof of B . There are no (canonical) proofs of ?. . WAALER AND L. The basic syntactic objects in the calculus are sequents: expressions of the form ! . In a formulation of intuitionistic logic. of A or n = 1 and is a proof of B . unexplained notions (though in a formal framework one might think in terms of textual juxtaposition or substitution). o First. and let ‘. if provided with proofs of the formulae in will become a proof of C .2 Gentzen’s system LJ The standard formal presentation of the proof interpretation of intuitionistic logic is the system of natural deduction (or the typed -calculus). there cannot be a clause for atomic formulae. Here we take ‘provided’ and ‘will become’ as primitive. where t is a term. A (canonical) proof of A _ B is a pair (n. the rules of the former operate on objects that can naturally be taken to represent judgements of logical consequence. the succedent is restricted to contain at most one formula. Such sequents are usually referred to as single-conclusioned. A (canonical) proof of A ^ B is a pair ( 1 . ). and is a A hypothetical proof of C from a collection of formulae is a construction which.’ denote multiset union. WALLEN We now turn to an informal presentation of the of intuitionistic logic. We will now introduce Gentzen’s sequent calculus LJ and explain how it may be seen as a formalisation of the proof interpretation. where n = 0 and is a proof A (canonical) proof of 8zA is a construction f which maps any term t into a proof f (t) of A t=z ]. This proceeds in two stages. 1. 9zA is a pair (t.258 A.

The identity axiom ID states that there is a hypothetical proof of A from A. A.TABLEAUX FOR INTUITIONISTIC LOGICS 259 The intended interpretation of ! C is the judgement that there is a hypothetical proof of the succedent thesis C from the antecedent hypotheses . The formula A in the conclusion of the thinning rule is said to be introduced by thinning. as discussed above. q ! r. the two hypothetical proofs can be combined into a hypothetical proof of C from . Thinning reﬂects the fact that a hypothetical proof may ignore proofs of a hypothesis in the construction of a proof of its conclusion. say . A. We will occasionally deﬁne axioms by introducing the sequent in the conclusion. Given a hypothetical proof of C from . The construction is easy to describe: if given proofs of the formulae in we would provide these to 0 and get a proof of A. An axiom is a zero-premiss rule. The rules of LJ come in three groups. contraction reﬂects the fact that a hypothetical proof may make multiple use of the proof of one of its hypotheses in constructing the proof of its conclusion. . The identity rules reﬂect basic properties of (hypothetical) proofs. The structural rules are and on the left. In particular.A ! C CUT 1 !A 2. and a hypothetical proof of A from . If such sequents when added to the calculus are called non-logical axioms. 2 ! C which can easily be derived from CUT by .A ! ! LT . CUT therefore formalises composition of the constructions and 0 that justify the judgements represented by the premisses of the rule. we would then take this proof together with proofs of the formulae of and provide them to the construction yielding a proof of C . like the propositional sequent p. It will occasionally be convenient to use the CUT rule in the form A!A ID !A !C . A ! C 1. a sequent may be used to represent judgements about atomic formulae. In ID both occurrences of A are called principal formulae. say 0 . given proofs of the hypotheses will produce a proof of C . Except for the falsity rule the logical rules come in pairs. A ! . The rule for falsity states that there is a construction which can provide a proof of any formula if provided with a proof of ?.A ! LC ?!C L ? . Such an ‘identity’ construction clearly exists since if we provide a proof of A we need do nothing to it to obtain a proof of A. The rule CUT captures our ability to compose hypothetical proofs to form new ones. That there is a hypothetical proof of C from means that there is a construction which.

This axiom is in accordance with the proof interpretation: !A . A. is said to prove its endsequent. An LJ-proof is a derivation whose leaves are all axioms. every such proof can be mapped into a proof of any formula C . be absent.B ! C . A logical rule is a speciﬁcation of a relation between at most two sequents. B ! C . A t=x] ! C . called premisses. The side formulae of a logical rule are the immediate subformulae of the principal formula.260 A. When referring to a proof we will say that the premiss of an inference occurs above its conclusion. The logical rules of LJ as no proof can be given of ?.A ! B !A B R ^ !B !A_B R . 9xA ! C 8 9 9 ! A a=x] ! 8xA ! A t=x] ! 9xA R 8 9 C may L R Restrictions: In R and L the parameter a cannot appear in the conclusion. Trees regulated by the rules are called derivations. and that one inference occurs above another if the conclusion of the former either is a premiss of the latter. 8xA ! C .B ! C . WAALER AND L. which occur in the premisses of an inference.A ! ! :A R : . :A ! C L : . WALLEN . The logical rules of LJ are given in Figure 1. A a=x] ! C . or occurs above one of the latter’s premisses. 8 Figure 1.A B ! C L L R . The parameter a occurring in the side formula of L9 and R8 in Figure 1 is called the eigenparameter of the inferences. As usual in proof systems for intuitionistic logic we take negation as a deﬁned symbol: :A is shorthand for A ?. called the conclusion. The endsequent of a proof is the sequent at its root.A ! C . and one sequent. If there are two premisses in a rule they are called the left and the right premiss respectively.A ^ B ! C L ^ L !A !B ! A^B _ !A !A_B . This gives rise to the following two derived rules: C may be absent in L?. The principal formula of a logical rule is the formula displayed in the conclusion with the logical symbol of the rule as the outermost one.A _ B ! C R _1 _2 !A .

This is sufﬁcient evidence to conclude that the construction given in our assumption can yield a construction which is a proof of A B . there is a hypothetical proof of B from and A.e. A proof of A B is itself a construction which maps proofs of A into proofs of B . That is to say.A ! ? !A ? . Then we are left with a hypothetical proof of B dependent only on A. is given in Figure 5 in Section 2. we have a construction which will yield a proof of B if provided with a proof of A. Two applications of cut give: !A !B A!B !C . We have to show that the rules in LJ can be naturally interpreted as properties of the constructions and proofs referred to in the proof interpretation. We illustrate the relationship between the logical rules and the proof interpretation by considering the implication and universal quantiﬁer. when provided with proofs of the formulae in becomes a proof of A B . Now assume we have a proof of A B . To justify the right negation rule we ﬁrst apply R Observe now that any proof of a sequent ! ? can be transformed into a proof of ! simply by omitting the succedent occurrences of ? throughout the proof. By deﬁnition this proof is a construction which maps a proof of A into a proof of B .5 Left implication rule. i. Assume that . For this to be the case there must be a construction which. the left rules formalise how the logical constants are used. i. This assumption is formally represented by the judgement ! A B .1. A ! B holds. Right implication rule. . :A ! !A RAA This is not the standard sequent calculus formulation.B ! C Smn theorem 5 Notice that in this argument we are in effect using an informal version of the [Kleene. The right rules can be seen as reﬂecting the meaning of the logical symbols. the reader is invited to check the other cases. LK. when given proofs of .e. we are therefore justiﬁed in asserting the sequent A ! B . We can obtain classical logic by adding a rule for reductio ad absurdum: . Assume that ! A and . Suppose we provide proofs of the formulae in to the hypothetical proof of our assumption. A left rule captures the function of the given logical symbol when it occurs as the outermost symbol in a hypothesis. 1952] for constructions. the standard sequent calculus for classical logic. We must argue that there is a hypothetical proof of A B from .TABLEAUX FOR INTUITIONISTIC LOGICS 261 The derivation of the left negation rule is trivial. B ! C both hold. REMARK 1.

Both sources are present within intuitionistic propositional logic and ultimately explain the fact that the decision problem for the propositional fragment is PSPACE complete [Statman. the sequent ! C holds. For the ﬁrst step we are left no choices: . EXAMPLE 2. Assume that . One of the ﬁrst results in intuitionistic logic. This is an immediate consequence of the form of the rules. 1979]. We prove ::(p _ :p). Assume further that we have a proof of 8xA. WALLEN which shows that given a hypothetical proof of B from A. We shall use this terminology throughout the chapter.e. due to Kolmogorov. i. !C . When inference r1 occurs above r2 in a derivation we say that r2 has been applied before r1 . We can therefore obtain a hypothetical proof of A t=x] from . for any term t. This is sufﬁcient to conclude that there is a hypothetical proof of C from and A B . Due to the eigenparameter condition we know that no premiss in is dependent on a. A t=x] ! C 1. Left rule for the universal quantiﬁer. simply by substituting t for a in . Gentzen’s so-called ‘Hauptsatz’ [1935]: any LJ-provable sequent has an LJ-proof without CUT. The result cannot be lifted to ﬁrst-order logic. 8xA ! C .3 Cut-elimination and the subformula property The most important property of the sequent calculus is the eliminability of the CUT rule. A B ! C holds. Whenever we apply a rule with principal formula C we say that we expand C to generate a new sequent. WAALER AND L. while that for classical logic is NP-complete. then ! C holds. and the non-invertibility of certain inference rules. that . ! A t=x] must hold. This result is central to tableau methods as it limits the formulae that need to be considered in the search. if we have a proof of 8xA. was that the double negation of any theorem in classical propositional logic is intuitionistically valid. If the rule has more than one premiss this expansion will generate two branches instead of one. An immediate consequence of this result for LJ is that an LJ-provable sequent has an LJ-proof comprised only of subformulae of the sequent. This establishes the grounds on which we may assert the conclusion of the rule: . In the search for an LJ-proof we assume that derivations grow upwards. and we can assert ! C : ! A t=x] Thus. By deﬁnition of the proof interpretation. an instance of the premiss of the rule. which means that a can be taken to denote any object. A t=x] ! C holds. Assume that there is a hypothetical proof of A a=x] from . Right rule for the universal quantiﬁer. We are therefore justiﬁed in concluding that there must be a hypothetical proof of 8xA from . We will now illustrate the two sources of complexity in proof-search for intuitionistic logic that go beyond that encountered in proof-search for classical logic: the non-eliminability of contraction on left implications.262 A.

TABLEAUX FOR INTUITIONISTIC LOGICS

263

If we now apply L:, we will generate the sequent ! p _ :p, which is not intuitionistically valid. However, if we ﬁrst apply contraction we get

:(p _ :p) ! ! ::(p _ :p)

which the reader can easily expand into a proof (apply R_2 , R:, L:, and R_1 ). If C is a theorem of classical propositional logic, but not intuitionistically valid, any proof in LJ of ! ::C must use contraction on :C . EXAMPLE 3. Backtracking will occur in LJ whenever a right disjunction is expanded, in that we must choose one right rule over another. If one choice does not lead to a proof, one must check whether this is the case for the other option as well. Since this particular instance of does not occur in the tableau proof system of Section 2.1, we consider the slightly more general case of choosing between L and R_. Consider the sequent ; p (q _ r) ! (p q ) _ r. This sequent is classically provable for any . In general it is not intuitionistically provable. The reader is invited to check that if ; p; r ! q is provable in LJ, and ! p is not, then we must expand the right disjunction ﬁrst (followed by an instance of R ), while if ! p is provable and ; p; r ! q is not, we must ﬁrst expand the left implication. A permutation is obtained from a derivation by interchanging two inferences. The signiﬁcance of for proof-search is as follows. Assume that in the search for a proof of a sequent rules r1 and r2 both apply, and assume that r1 does not permute over r2 . Then, other things being equal, we should apply r2 before r1 . Kleene [1952b] enumerates the seven cases where permutation fails in general in LJ. The cases are: L8 L 8 or R9 L R_1 or R_2 or R9

R

:(p _ :p) ! p _ :p :(p _ :p); :(p _ :p) ! :(p _ :p) !

8

L

9

R

L

_

**Permutation will also fail in LJ in the following cases:
**

L or R

8

or R L

unless the two inferences immediately above the L_-inference have the same principal formula. In general this will not be the case. EXAMPLE 4. Consider the task of showing that the set of identity axioms in LJ can be restricted to atomic sequents: sequents whose antecedents and succedents contain atomic formulae only. This is established by a simple inductive argument. The individual cases provide good illustrations of the permutability properties. Conjunction. The task is to prove A ^ B ! A ^ B using simpler axioms. We

_

or R

^

264

A. WAALER AND L. WALLEN

have a choice whether to start with a left or a right rule. Expanding the antecedent ﬁrst gives the proof:

B!B A!A A; B ! A A; B ! B A; B ! A ^ B A^B !A^B

The reader can easily check that the inferences interchange; i.e. we may just as well expand the succedent ﬁrst. Disjunction. In this case we are left with no choices since we cannot commit ourselves to one disjunct before we apply the left disjunction rule. We therefore get the proof:

**A!A B!B A !A_B B !A_B A_B !A_B
**

Implication. This case also shows a dependency among the rules: since the succedent side formula in the left premiss of the left implication inference must be matched by the antecedent side formula of the right implication inference, the right implication rule must be applied before the left one.

B!B A!A A; B ! B A B; A ! B A B!A B

Quantiﬁers. These cases are also subject to dependencies, but this time due to the eigenparameter conditions (as in classical logic).

1.4 Kripke semantics

We end this introduction by introducing and proving the soundness of LJ with respect to this semantics. Since proofs and models are dual, the relationship between the proof systems and the Kripke semantics is most clearly seen in the construction of countermodels to non-provable sequents. We shall show in Section 2 how Kripke models arise naturally from searches by establishing a model existence theorem based on a systematic search procedure. A Kripke model is a quadruple (U; D; ; 0 ); the universe U is non-empty set partially ordered by ; the domain function D maps each point in U to a nonempty set of terms in the language such that D(x) D(y ) whenever x y ;6 0 is a binary relation between U and the set of atomic formulae such that if x 0 p and x y , then y 0 p, and 8x 2 U , x jj ?. The forcing relation is the weakest 6

6 Note

that we have opted for an interpretation of the quantiﬁers by substitution.

TABLEAUX FOR INTUITIONISTIC LOGICS

265

relation that contains

**0 and is closed under the following rules.
**

if if if if if if

x x z x x x

A^B A_B A_B A B 8zA 9zA

x x x y y x

A and x B; A; B; B whenever y jj A and y x; 6 A t=z ] for each y x and each t 2 D(y), A t=z ] for some t 2 D(x).

LEMMA 5. If x

In the sequel, we do shall not indicate in the notation which model is being used as this should always be clear from the context. A sequent ! C is valid in a model if, for each point x which forces every formula in , x forces C . A model is a countermodel to ! C if it contains a point at which every formula in is forced, but C is not forced.

A and x y, then y A.

Proof. Induction on A. For atomic formulae the statement is immediate. We prove the statement for the case that A is B C . Assume x B C and x y . By transitivity of , for each z such that y z , either z jj B or z C . By deﬁnition, 6 y B C. We now establish the soundness of LJ with respect to Kripke semantics. Since LJ is a formalisation of the , the soundness result can be viewed as a formal variant of the correspondence between LJ and the proof interpretation sketched above. PROPOSITION 6. Let Kripke models.

! C be provable in LJ. Then ! C is valid in all

Proof. Let prove ! C . By induction on the length of we prove that for each point x in every model, if x forces every formula in , x forces C . If the last rule of is an axiom, this holds trivially. We consider only three cases as the other cases are similar. Case 1. The last rule of is a right implication:

Let x

and let y be any point such that x y. Then y by Lemma 5. If y A, then y B by the induction hypothesis; otherwise y jj A. In any case y 6 meets the forcing condition for A B . Case 2. The last rule of is a left implication:

;A ! B !A B

1 ..

.

!A

1 ..

.

;B ! C ;A B ! C

2 ..

.

266

A. WAALER AND L. WALLEN

a0 , a1 , a2

Pa0 , Pa 1

p

p

q

a0 , a1

Pa0

a0

Model 1

Model 2

Model 3

Figure 2. Example Kripke models Let x be any point in a model that forces ; A B . By the induction hypothesis applied to 1 , x A. By the forcing condition for A B , x B . By the induction hypothesis applied to 2 , x C . Case 3. The last rule of is R8:

Let x and x y . The eigenparameter condition ensures that we can substitute t for a in for any term t 2 D(y) and get a proof of ! A t=x]. By induction hypothesis and Lemma 5, y A t=x]. REMARK 7. A simple corollary to Proposition 6 is obtained via the contrapositive proposition: the existence of a countermodel to a sequent implies that the sequent is not intuitionistically provable. EXAMPLE 8. Models in propositional intuitionistic logic are restrictions of models for the ﬁrst-order language in that the domain function D is redundant. A countermodel to p _ :p is shown in Figure 2 as model 1. The ﬁgure depicts a model in which U = fx; y g, 0 is fhy; pig, and is the reﬂexive, transitive closure of fhx; y ig. Model 2 of the same ﬁgure is a countermodel to (p q ) _ (q p), another formula which is classically valid. EXAMPLE 9. Predicate symbols are restricted to unary predicates and prop ositional letters. Classical monadic predicate logic is decidable, but its intuitionistic version is undecidable. A countermodel to the classically valid formula 8x::Px ::8xPx is shown as model 3 in Figure 2 (domains are listed beside the circles marking the points). There exists no ﬁnite countermodel to this formula.

! A a=x] ! 8xA

. . .

TABLEAUX FOR INTUITIONISTIC LOGICS

267

2 A SYSTEMATIC SEARCH PROCEDURE The search space of a cut-free sequent calculus is in part determined by the permutation properties of the calculus. The existence of Kripke models for intuitionistic logic is also closely linked to the properties of permutation. This is as one should expect, given that a common way of viewing proof search is as a systematic attempt to construct a countermodel. One might say that the property of intuitionistic logic which gives rise to Kripke models is reﬂected syntactically in the properties of permutation. As shown in Section 1.3 Gentzen’s system LJ is quite asymmetrical w.r.t. permutation. To facilitate the formulation of search procedures for intuitionistic logic we will study a slightly modiﬁed formulation of LJ. The system appears under many labels in the literature. It seems to have been formulated independently by several authors; Takeuti [1975, p. 52] credits the invention of the system to Maehara [1954]. Since the system is a sequential formulation of the branch expansion rules of a system of Beth tableaux, we will refer to the system as LB.

**2.1 LB: a multi-succedent variant of LJ
**

The syntax of LB differs from LJ syntax in that the LB system operates on sequents with (possibly) multiple succedent formulae; the latter are interpreted disjunctively. In semantic terms, ! is forced at x iff every point y x which forces every formula in , forces at least one formula in . Since there can be more than one formulae in the succedent the system contains thinning and contraction on both the left and the right. The rules and axioms of LB are given in Figure 3. Observe that R , R8 and the axiom involving ? are deﬁned on sequents with at most one formula in the succedent; the other rules deﬁne relations between sequents with (possibly) multiple succedent formulae. The system admits negation rules as derived rules:

!A ; :A !

CUT

L

:

;A ! ! :A

R

:

is admissible in LB.

EXAMPLE 10. Consider once again the task of showing that the set of identity axioms can be restricted to atomic sequents, cf. Example 4. We repeat two cases for LB. Disjunction. In LB we can expand the succedent disjunction without committing ourselves to one disjunct, and hence expand the succedent before we apply the left disjunction rule.

A!A B!B A ! A; B B ! A; B A _ B ! A; B A_B !A_B

268

A. WAALER AND L. WALLEN

STRUCTURAL RULES

;A !

!

LT

! ! A;

RT

; A; A ! ;A !

AXIOMS

LC

! A; A; ! A;

RC

?!C

; A; B ! ;A^ B ! ;A ! ;B ! ;A_ B !

; A ! A;

LOGICAL RULES

L

^

L

! A; ! B; ! A ^ B; _ ! A; B; ! A _ B;

;A ! B !A B

R

R

^

_

! A;

**;B ! ;A B ! ; A t=x] ! ; 8xA ! ; A a=x] ! ; 9xA !
**

L

L

R

8 9

! A a=x] ! 8xA ! A t=x]; ! 9xA;

R

8 9

L

R

Restrictions: In R and L the parameter a cannot appear in the conclusion.

8

9

Figure 3. The logical rules of LB Implication. A superﬁcial look at the syntax gives the impression that since the L -rule sanctions classical sequents, L may permute with R . Let us try this for the implication case.

Observe that the succedent occurrence of A in the left leaf must be removed by thinning before the implication can be expanded. The resulting sequent is not, in general, provable. Therefore, in LB, as in LJ, we must expand the right implication below the left one. LB has more symmetrical permutation properties than LJ. As well as the usual restrictions on permutation caused by the eigenparameter conditions, permutation will fail in the case of an inference with a succedent side formula occurring over

B!B B; A ! B ! A; A B B!A B A B!A B

TABLEAUX FOR INTUITIONISTIC LOGICS

269

a R or a R8. Since the premiss of the latter inferences must be intuitionistic, this situation can arise only when the inference just above is a L . Therefore, in general, permutation will fail in the following ﬁve cases:

L R

8 8

L

8 or R9 L9

R

L or R

8

Consider now a sequent at a point in the search for an LB-proof. The task of a search procedure is to generate new sequents from a given one that better approximate axioms, so the problem is which formula to choose for expansion. The permutation properties impose certain constraints in that applications of L9, R8, and R should have priority. More precisely, eigenparameters should be introduced as early as possible in the search, and R should be applied to strengthen the antecedent prior to an application of L . This latter constraint arises from the fact that a proof of the left premiss of the L inference may require a stronger antecedent, as is illustrated in Example 10. There is, however, a consideration which runs contrary to this. Observe that prior to applications of R8 and R we must in general apply thinning to the succedent. This suggests that we should postpone application of these two rules as long as possible. The two conﬂicting considerations about R make the expansion of left implications particularly tricky. The non-permutabilities suggest that R should have priority over L . However we will then run the danger of deleting succedent information by thinnings that is needed at a later stage in the search. Consider the following ﬁgure:

! A; D B; C

; B _ C ! D B; C ; A (B _ C ) ! D B; C

Here we have applied L and delayed the R ; the right premiss is provable. However, in the expansion of the right premiss the choice is between L_ and R , which means we must opt for the L_. If ! A is provable, the ﬁgure above will lead to a proof. However, if we apply R before L we will not, in general, obtain a proof. The discussion indicates that in a sequent ; A B ! one should expand the left implication (after ﬁrst duplicating it by a contraction) if ; A B ! A is provable, otherwise not. This indeterminacy forces branching in the search space and this, together with the need for on certain subformulae of the endsequent, underlies the PSPACE-hardness of the propositional decision problem [Statman, 1979].7 The strategy we adopt in this section is to apply L to every antecedent implication and test the left premiss for provability prior to expansion of a R . Kripke models arise as natural objects from the syntax in a particularly direct way using this strategy, as we will see below. The search will proceed in stages. At each stage we try to expand with all rules

7 In formulations of intuitionistic logic without explicit contraction, contraction is eliminated in favour of additional branching in the search space [1992; 1993].

270

A. WAALER AND L. WALLEN

**;A B ! A ;B ! ;A B ! ; 8xA;A t=x] ! ; 8xA !
**

LC

LC

8

! A t=x]; 9xA; ! 9xA;

RC

9

Figure 4. Derived rules in LB except R and R8. An application of R or R8 indicates that new antecedent information is available in the resulting sequent, either directly by the left side formula of a R , or indirectly in that R8 introduces a new parameter with which we can instantiate a left universal quantiﬁer. However, sometimes the left side formula of a R can be removed immediately by thinning, and even if a new term is available, the antecedent is not strengthened before a left universal quantiﬁer has actually been instantiated with this term. What we want to say is that a new stage in the search is initiated when the antecedent has been strengthened. We introduce the binary relation to make this idea precise. Let the sequent S be above the sequent T in a derivation. Then T S iff there is an intervening instance of R whose left side formula is not introduced by thinning, or an intervening instance of R8 whose eigenparameter has been used as parameter in an intervening L8 -inference. We now introduce the search strategy in detail. The axioms are generalised to include sequents of the form: ; A ! A; and ; ? ! A; . Contraction is needed for left implications and universal quantiﬁers. For simplicity we use the derived rules of Figure 4. The ‘C’ in the names of the rules stands for ‘contraction’. Observe that the implication need only be copied into the left branch of the left implication rule. We order the logical rules into three distinct groups: G ROUP 2: LC8, RC9. G ROUP 3: R8, R . G ROUP 1: R^, L^, R_, L_, LC , L9.

The search proceeds by always opting for a rule in the group with the lowest number, should there be one that is applicable. To avoid vicious circles in the search we introduce some additional constraints. Let us say that a term is available at a sequent if there is an occurrence of this term below the sequent in the derivation. There are ﬁve constraints on application of the rules. (S1) the left side formula of a R is immediately removed by thinning if there is an antecedent occurrence of the same formula in a sequent below in the derivation,

TABLEAUX FOR INTUITIONISTIC LOGICS

271

(S2) if LC has been used to expand a formula A in sequent T and A also occurs in the sequent S to be expanded, then A can be expanded only if T S , (S3) an antecedent universal quantiﬁer 8xA can be instantiated with a term t if t is available and there is no antecedent occurrence of A t=x] in a sequent lower down in the derivation,

(S4) a succedent existential quantiﬁer 9xA can be instantiated with a term t if t is available and A t=x] does not already occur in the succedent, (S5) right thinning is only applied prior to R and R8. The last condition deﬁnes the points of . If the removal of a succedent occurrence of A does not lead to a proof, and A is an implication or universal quantiﬁer, we must return to this point in the search and expand A instead. We must then use thinnings on the other formulae in the succedent. EXAMPLE 11. The identity axioms are restricted to atomic formulae for this example. We illustrate the procedure on the following identity judgement:

(A B) C ! (A B) C :

Assume that the letters denote distinct atomic formulae. According to Example 10 we should expand the succedent ﬁrst in order to ﬁnd a proof. The search procedure will, however, opt for the antecedent implication. There is one applicable rule in G ROUP 1: LC . This yields

(A B) C ! A B; (A B ) C C ! (A B ) C (A B) C ! (A B) C

The right premiss is obviously provable. Consider the left premiss. Condition (S2) blocks a new application of LC since the antecedent is the same as that in the sequent we started with. So we must expand the succedent. Let us ﬁrst expand the leftmost succedent implication, A B . This requires the elimination of the other succedent formula by thinning (*).

Observe that the rightmost leaf (C; A ! B ) is not provable and no rule applies, thus terminating the search in this branch. Observe also that if we nevertheless try to expand the leftmost branch, condition (S2) blocks application of LC . Hence we must apply right thinning to B and R to A B . But then condition (S1) applies to the resulting sequent, and condition (S2) once again blocks further expansion of the tree:

(A B) C; A ! A B; B C; A ! B (A B) C; A ! B (A B) C ! A B (A B) C ! A B; (A B) C

(*)

(A B ) C; A ! B (A B) C; A; A ! B (A B) C; A ! A B (A B) C; A ! A B; B

272

A. WAALER AND L. WALLEN

This illustrates how termination is secured for the propositional fragment. The next step in the search is to backtrack to the point ( ) and expand the other succedent implication. This yields:

(A B) C ! (A B ) C (A B) C ! A B; (A B) C

(**)

Note that we have generated the endsequent once again. However, contrary to what was the case when the search started, condition (S2) applies and blocks yet another instance of LC . Hence we must apply R . The reader is encouraged to continue the example until a proof is constructed. Some optimisations of this strategy may be easily developed by taking only local information into consideration. For example, we can always postpone the left implication in the sequent ; A B ! C D; whenever either or is empty. More substantial optimisations are possible once we take global considerations into account, i.e. information obtained from the entire proof search state (partial derivation). The deﬁnition of such strategies is quite complex and is beyond the scope of this chapter. Proof search on the basis of such global considerations is the fundamental idea behind connection driven proof methods for intuitionistic logic and certain based search strategies such as the intuitionistic resolution calculus of Mints [1990; 1993 ]. The search procedure is deﬁned for a language without function symbols. The inclusion of function symbols complicates the deﬁnition of the search. For example, if a formula Pfa occurs in a sequent, where f is a unary function symbol, this formula must be given the same treatment as the formula 9x(Px ^ Fxa) in a language without function symbols. For this reason we omit function symbols from the language, leaving the extension of the search procedure to function symbols as an exercise for the reader. The right contraction rule, implicit in the rule RC9, is in fact redundant. Note that a succedent occurrence of an existentially quantiﬁed formula is always removed by thinning prior to applications of R and R8. The formulation in terms of right contraction has the advantage that backtracking in the search can be isolated to a single point: prior to instances of right thinning. A search procedure for LJ can be designed along the same lines as the procedure for LB [Waaler, 1997a]. However, due to the non-permutabilities involving disjunction, a search procedure based on the LJ rules has to be more complex in its deﬁnition. From a search perspective the main difference between LB and LJ is that in LB succedent information is preserved longer in the development of a proof. However, commitments must be made before right implications or universal quantiﬁcations are expanded, and, as expected, there is thus no difference between LJ and LB as far as the complexity of the search space is concerned. By shifting from LJ to LB we do, however, lose the tight connection between the formal system and the constructive semantics of intuitionistic logic. LB does enjoy , but the argument that LJ is a formalisation of the does not carry over to LB in a straightforward way. The connection between LB and the proof interpretation

TABLEAUX FOR INTUITIONISTIC LOGICS

273

; A; B ! ;A ^ B !

L

^

L

! A; ! B; ! A ^ B; _ ! A; B; ! A _ B;

; A ! B; ! A B;

R

^ _

;A ! ;B ! ;A _ B !

R

! A;

;B ! ;A B !

L

L

R

; A t=x] ! ; 8xA ! ; A a=x] ! ; 9xA !

8 9

! A a=x]; ! 8xA; ! A t=x]; ! 9xA;

R

8 9

L

R

Restrictions: In R and L the parameter a cannot appear in the conclusion.

8

9

Figure 5. The logical rules of LK can be made more explicit by a translation of LB-proofs into proofs in LJ. Such translations are deﬁned by Fitting [1969] and Schmitt and Kreitz [1996] by means of the introduction of cuts, and by Waaler at the level of cut-free proofs [Waaler, 1997b]. REMARK 12. We close this section by a remark about classical logic. If we replace the R and R8 rules of LB with the rules

; A ! B; ! A B;

! A a=x]; ! 8xA;

the resulting system is Gentzen’s system LK for classical logic. The logical rules of LK are shown in ﬁgure 5 for reference. The search for LB-proofs mimics the search in classical logic to a certain extent, in that the search is performed classically for all rules except the two rules for implication and the right rule for universal quantiﬁer. This is reﬂected in the truth conditions for Kripke models, which are the same as for classical logic except for the clauses for implication and the universal quantiﬁer.

2.2 Refutation trees

A Sch¨ tte-type proof of the for classical logic [1960] proceeds by induction on an u open branch in a complete tree. The construction for intuitionistic logic introduced in Section 2.3 generalises this procedure. In this section we give a formal presentation of the intuitionistic counterpart to an ‘open branch’. Due to the deﬁnition will have to be more complex than that for classical logic. The method introduced

274

A. WAALER AND L. WALLEN

; A; B ! ;A ^ B ! ;A ! ;A _ B ! ; A B ! A; ;A B !

L

^ _1

LC

! A; ! A ^ B;

;B ! ;A _ B !

1

R

^1 _2

2

! B; ! A ^ B; ! A; B; ! A _ B;

;A ! B !A B

R

^2 _

L

L

R

;B ! ;A B !

L

R

**; 8xA;A t=x] ! ; 8xA ! ; A a=x] ! ; 9xA !
**

L

LC

8

! A a=x] ! 8xA ! A t=x]; 9xA ! 9xA

R

8 9

9

LT

RC

;A !

!

! C1 ! Cn ! C1 ; : : : ; Cn ;

Split

C1 ; : : : ; Cn are all the implications and universally quantiﬁed formulae in the succedent of the conclusion, and n > 0.

Figure 6. Refutation rules for LB

L

9

and R

8

are subjected to the usual conditions on eigenparameters. In Split,

below is an adaptation of one developed for LJ in [Waaler, 1997a]. The rules of this formal system are given in Figure 6. Observe that only Split, a structural rule which replaces right thinning, is branching: the function of this inference is to record the backtracking in a search. Once again we divide the logical rules into three distinct groups: G ROUP 1: R^1 , R^2 , L^, R_, L_1 , L_2 , LC 1 , L 2 , L9. G ROUP 3: R8, R . G ROUP 2: LC8, RC9.

The relation is deﬁned on in an analogous manner to the deﬁnition on derivations trees. We will be interested in trees generated from the rules in Figure 6 that satisfy the following conditions (compare these with conditions (S1)–(S5) in the previous section): (R1) thinning only occurs on the left side formula of a R , and it occurs whenever there is an antecedent occurrence of the same formula below this inference in the tree;

TABLEAUX FOR INTUITIONISTIC LOGICS

275

(R2) if there is an instance of LC 1 with conclusion T , and there is an instance of LC 1 above with identical principal formula and with conclusion S , then T S;

(R3) the side formula of a LC8 does not have an antecedent occurrence below this inference in the tree, and the term used to instantiate the quantiﬁer is available at the conclusion; (R4) the term used to instantiate the quantiﬁer in an instance of RC9 with premiss S is available at the conclusion of the inference, and if another instance of the side formula occurs in the succedent of a sequent T below S , then T S;

A refutation tree for a sequent S is a tree with S as root, regulated by the rules (R1R5), and satisfying the condition that for each rule occurence in the tree no rule from a lower group is applicable to its conclusion. A refutation tree may be thought of as being constructed by successive applications of the rules from conclusion to premisses, making sure to use any applicable rule from a lower group before an applicable rule from a higher group. R is said to be a complete refutation tree for a sequent S if it is a refutation tree for S , R is not a proper subtree of any larger refutation tree for S , and, for every sequent ! in R, ? 62 and \ = ;.

(R5) every instance of Split has a R or R8 immediately above it in every branch.

(q p).

EXAMPLE 13. The following is a refutation tree for the sequent !

(p q) _

p!q q!p !p q !q p ! p q; q p ! (p q) _ (q p)

The reader should check that the relevant conditions are met. The sequent is classically valid but intuitionistically unprovable. EXAMPLE 14. This example illustrates termination. Consider the following tree.

(p q) r; p ! q (p q) r; p; p ! q (p q) r; p ! p q (p q) r; p ! p q; q (p q) r; p ! q (p q) r ! p q (p q) r !

The ﬁrst step is to apply LC 1 . (R2) now blocks a repeated application of LC 1 and we must hence apply R . LC 1 and R are then re-applied; observe that condition (R2) is met for the LC 1 and that we must use Split before this application of R . Finally, according to condition (R1), we must apply left thinning on p. Condition (R2) now blocks further expansion of the tree.

then the complete refutation tree is ﬁnite. which in combination with condition (R1) restricts the copying process to the branches where a new copy of a formula can potentially contribute to the search. and (for LJ) to the study by Waaler [1997a]. the only rule that has the potential to give rise to an inﬁnite refutation tree is LC 1 . where a0 is the eigenparameter of the R8-inference. LEMMA 16.276 A. In the propositional case.2 and 3. This means that LC 1 applies again. Pa0 . The existence of a complete refutation tree follows in the usual way via non-constructive reasoning. the blocks) endsequent. The complete refutation tree hence consists of a countably inﬁnite sequence of such blocks. However. and there are only a ﬁnite number of those. This obtains only when the left side formula strengthens the antecedent of the premiss compared to the antecedent of the conclusion. A sequent can only be strengthened by formulae that occur as subformulae of the endsequent S . The universe U of the Kripke model contains u and every subtree x of u whose endsequent is either . A search procedure for LJ based on the same idea is described and implemented by Sahlin. 2.e. If a sequent S is not provable in LB. For further results about in LB we refer to Sections 3. owing to the contraction on the principal formula that is built into the rule. This e procedure also contains various optimisations. Note that contraction has been built into one rule for left implication and the left rule for universal quantiﬁcation. condition (R2) constrains the application of this rule as follows: in between every two instances of LC 1 with identical principal formulae. WALLEN EXAMPLE 15. which yields the following block: Note that the leaf is similar to the endsequent except for the addition of Pa0 in the antecedent.3 The model existence theorem In this section we show how a complete refutation tree with endsequent S deﬁnes a countermodel to S in a natural way. We construct a refutation tree for :8x(Px _ :Px) !. must be a R whose left side formula is not removed by thinning. yielding a similar block above the leaf. Moreover. We ﬁrst deﬁne the basic construction which maps a complete refutation tree u into a Kripke model. only differing in the choice of a new eigenparameter a1 and the addition of Pa0 in the antecedent of its (i. :8x(Px _ :Px) ! :8x(Px _ :Px) ! :Pa0 :8x(Px _ :Px) ! Pa0 .3. Franz´n and Haridi [1992]. WAALER AND L. The ﬁrst step in the construction is to apply LC 1 and then expand the succedent. :Pa0 :8x(Px _ :Px) ! Pa0 _ :Pa0 :8x(Px _ :Px) ! 8x(Px _ :Px) :8x(Px _ :Px) ! Proof. if S is restricted to propositional intuitionistic logic. then there exists a complete refutation tree with S as endsequent.

Let us apply the above construction to the complete refutation tree in Example 13. 0 ) is a Kripke model. and if A 2 x+ . D. The model existence theorem follows from this. In terms of the this can be taken to mean that we are in possession of proofs of more formulae at the point y than at the point x. then x jj A.4 we motivated Kripke models. For any closed atomic formula p. When the left side formula of a R -inference r is introduced by thinning. x z . It is immediate from Lemma 16 that a complete refutation tree for S exists. A 2 x+ iff A occurs as a succedent formula of an x-sequent. with the proviso that (the dummy term) 0 2 D(x) only if D(x) is otherwise empty. to shed some light on the construction of the countermodel and provide a link to the syntax of refutation trees.TABLEAUX FOR INTUITIONISTIC LOGICS 277 (a) a premiss of a R thinning. Let the corresponding Kripke model (U. Then x y . It is easy to check that (U. It is immediate that this is a countermodel to ! (p q ) _ (q p). hz. THEOREM 19 (Model Existence). Let x y iff y is a subtree of x. D. The model is shown as model 2 in Figure 2. This is a countermodel to :8x(Px _ :Px) !. Let x and x+ be sets of formulae deﬁned as follows. The complete refutation tree in Example 15 gives rise to an inﬁnite model depicted as model 3 in Figure 2. Then S has a counter-model. A 2 x iff A occurs as an antecedent formula of an x-sequent. t 2 D(x) iff there is an x-sequent at which t is available. or -inference whose left side formula is not introduced by (b) a premiss of a R8 -inference whose eigenparameter occurs in a side formula of a LC8 -inference in x. x 0 p iff p 2 x . r is an x-inference if the conclusion of r is an x-sequent. T S implies that the antecedent of S is stronger than the antecedent of T . q ig. . The model will consist of 3 points: let x denote the refutation tree given in Example 13. A sequent occurring in a tree x 2 U is called an x-sequent if it does not occur in any y 2 U such that y is a proper subtree of x. In Section 1. then x A. Let S be an intuitionistic sequent not provable in LB. . Proof. pi. . y denote its subtree p ! q and z denote the subtree q ! p of x. if A 2 x . EXAMPLE 18. EXAMPLE 17. There are 6 six cases to consider. observe ﬁrst that x y if either x = y or there is an x-sequent T and a y -sequent S such that T S . we will say that the premiss of r is the sequent immediately above the thinning (so that the premiss and conclusion of r have equal antecedents). 0 ) be as deﬁned above. and 0 = fhy. We prove by induction on A that for each point x in the model.

Case 3: A is B _ C . B t=z ] 2 v . WALLEN Case 1: A is atomic or ?. By induction hypothesis and Lemma 5. By construction of the refutation tree there must be a v -inference of type LC8 with side formula B t=z ]. y A t=z ].e. A must occur in the succedent of an x-sequent T such that the antecedent of S is equal to the antecedent of T . or a z -inference L 2 . take S to be the endsequent of x. Observe that the x-sequents form a block of nonbranching inferences possibly with Split and right inferences immediately above. i. 6 Let A 2 x+ . Let S be the uppermost x-sequent that is the premiss of a left inference. Let A 2 x+ . This case is the dual of case 2. Let A 2 x and y x.278 A. v B t=z ]. there is a y -sequent. A will occur in both the antecedent and the succedent of T . Apply the induction hypothesis and the forcing condition for conjunction. every term t 2 D(x) must be available at S . Assume ﬁrst that the left premiss of r is introduced by thinning. By deﬁnition of 0 . Let A 2 x+ . By induction hypothesis and Lemma 5. WAALER AND L. If r is not an x-inference. A must be the principal formula of an inference of type R^1 or R^2 whose premiss is an x-sequent. If A 2 x . if a is not used in the instantiation of a LC8-inference above. hence. and x jj B a=x] by the 6 induction hypothesis. A will occur in the antecedent of T . In either case x jj 8zB . Assume A 2 x+ . Since this holds for any y and t. that r is an x-inference. let the conclusion of this inference be S . The induction hypothesis and the forcing condition yield x A. Let A 2 x+ . A must be the principal formula of an inference r with eigenparameter a. By construction. Then t 2 D(x) and B t=z ] 2 x . By induction hypothesis y B and y jj C . A must be introduced by an inference of type RC9. if there are no left x-inferences.e. By induction hypothesis. x y. Let A 2 x . If r is an x-inference. 6 In either case x jj B C . then a 2 D(x) and B a=x] 2 x+ .e. Hence B t=z ] 2 x for each t 2 D(x). By construction A must be the principal formula of either a y -inference of type LC 1 . In both cases we conclude by induction hypothesis and the forcing condition for A.e. if A 2 x . x B and x jj C . i. Then A must be the principal formula of a R -inference r. Assume A 2 x . and x jj A. 6 6 Case 6: A is 9zB . such that B a=x] 2 y + . Since A 2 x+ . . either y jj B or y C . giving B 2 x and C 2 x . 6 Case 5: A is 8zB . thus either B 2 x+ or C 2 x+ . x z y. by Lemma 5. x A. i. Since an atomic antecedent occurrence in a sequent will occur in every other sequent above. Then the subtree of which the premiss of r is the root gives rise to a point y such that x y . t 2 D(w) iff v = w. Then C 2 x+ and there must be a point u x such that B 2 u . A must be distinct from ?. i. Let A 2 x and t be the eigenparameter of the inference in x introducing 9zB . By construction. and t 2 D(y). Assume that the left premiss of r is 6 not introduced by thinning. Hence A 62 x . Then A must be the principal formula of a L^ -inference whose premiss is an x-sequent. By induction hypothesis y jj B a=x]. y x. Since this holds for every y x. 6 Case 2: A is B ^ C . in which case B 2 y + . x B C . in which case C 2 z . Case 4: A is B C . x 8zB . There must then be a point v y such that t 2 D(v) and for every point w v.

and F 9 map into inverted versions of the derived rules in ﬁgure 4. H is shorthand for S fH g (multiset union). A branch is closed if it contains a closed multiset. H j S. If a sequent is not provable in LB. since the rules are deﬁned on multisets. we must argue contrapositively (and non-constructively).1 Tableaux The Beth tableau system for intuitionistic logic is basically a notational variant of the system LB given above. and S. T 8 and T 9. we still treat negation as a deﬁned symbol. i. Consider a mapping I from multisets of signed formulae to sequents deﬁned by: It is easy to see that I maps the reduction rules of Figure 7 into slightly modiﬁed and inverted versions of the logical rules of LB (see Figure 3).e. Hence the sequent is not valid. Fitting presents an elegant formulation using ideas from both Beth and Hintikka in [Fitting. Rather than repeating the technical deﬁnition of tableaux based on these multisets of signed formulae let us simply observe the following. Second. the duplication of formulae is made explicit in the rules T . ST means fTA j TA 2 S g (as a multiset). REMARK 21. LB is complete. 1969]. H 0 means that the reduction produces two branches with these endpoints. or if it contains T ?. Refutation trees for propositional endsequents are ﬁnite (Lemma 16).TABLEAUX FOR INTUITIONISTIC LOGICS 279 Observe that the proof of the existence of a countermodel is carried out constructively from the refutation tree. If we want to conclude that LB is complete with respect to Kripke models. but the theorem itself is non-constructive. Writing S for a multiset of signed formulae. S. The presentation differs from Fitting’s in two ways. F and F 8 when inverted map into the rules: I (S ) = fA j TA 2 S g ! fA j FA 2 S g: . By completeness we can conclude that the search strategy deﬁnes a decision procedure for propositional intuitionistic logic. A signed formula is a pair consisting of a sign and a formula. We work with two signs T and F which can be informally understood as denoting ‘proven’ and ‘not proven’ respectively. A multiset is said to be closed if it contains occurrences of both TA and FA. the reduction rules of the tableau system can be written as in Figure 7. Hence the search procedure will always terminate for propositional sequents. 3 REFINEMENTS 3. T . Proof. THEOREM 20 (Completeness). First. the construction of the Model Existence theorem gives us a countermodel. written TA or FA. that every sequent valid in all Kripke models is provable in LB. We follow his presentation below. T 8.

A ! A. FB F S. F 8xA ST . What is signiﬁcant is that. the reader should not forget that the perspective of the tableau system is that of reduction and refutation. T 9xA S. This makes left and right thinning redundant. T (A _ B) S. F (A _ B) S. F 9xA S. S. T (A B) S. FA j S. Observe. FA a=x] F 8 S. or . FA t=x] F 9 Restrictions: The parameter a must be new. TB T _ S. FB F _ S. The formulation of the systematic search procedure within the context of tableau rules is now straightforward. FA j S. ! A a=x] ! 8xA. These two rules are admissible in LB. for intuitionistic logic the operation must be applied to a sequent. TA j S. TA a=x] T 9 S. whereas in (propositional) classical logic this perspective gives rise to a set of reduction rules which can be seen as working locally on single formulae. Simple though this relationship is.280 A. F 9xA. F (A B) F 0 ST . Our decision to base the earlier sections on sequent calculi is therefore justiﬁed. Hence the nodes of the reduction trees consist of multisets of formulae rather than single formulae. ? ! . F (A ^ B) S. FA. F (A B) ST .TA t=x] T 8 S. TA. Fitting/Beth Tableau rules [Fitting. To compensate for this we may introduce the tableau rule and use this rule in the search when there is already an occurrence of TA in the branch. WALLEN S. T (A ^ B) S. however. TB T S. FB F ^ S. Figure 7. WAALER AND L. 1969] . T 8xA S. not (directly) proof. A multiset which closes a branch in a tableau corresponds to an axiom . TA. T 8xA.A ! B ! A B. TB T ^ S. T (A B). FB . that left thinning plays an important role in the systematic search procedure for LB in deleting a side formula of a R whenever there is an occurrence of this formula below in the LB-derivation.

. . B ! . p. C B. (C ^ D) B ! L (C D) B ! D B . (C D) B ! EXAMPLE 23. . Variations of the same system are introduced by Hudelmaier [1992. (C D) B ! L (C _ D) B ! D B L . . L _: . By instantiating B by ? in L the following instances of the rules above: . . [1991]. The rules are as follows. ^: : (C _ D) B ! C B . D B ! . a fact captured by the derived rule LC of Figure 4. . . CUT and contraction are all derived rules in LB. (C ^ D) B ! C (D B) .B ! . C (D B) ! . D B ! . by the paper of Pinto and Dyckhoff [1995]. 1993 ] and Lincoln et al. C (D B) ! . The exposition below is inspired by Dyckhoff’s treatment in [1992] and. . D B ! . and leave the formulation of the associated tableau system to the reader. We will present the idea in relation to LB. . (C _ D) B.D B ! C D . L _.TABLEAUX FOR INTUITIONISTIC LOGICS 281 3.p B ! L 1 L . The derivation of L 1 is obtained by a simple application of L . The three other cases are given by the following derivations.B ! LC ^. (C _ D) B ! . for the semantical completeness proof. (C ^ D) B ! L ^ The p in L 1 can be restricted to being atomic. The idea has since been independently rediscovered by several logicians and computer scientists. (C _ D) B ! _ . As shown in Section 2 the only rule that needs contraction in the propositional fragment of LB is the left implication rule. . and L we can obtain . Proof.2 Contraction-free systems of propositional logic The idea behind contraction-free systems for the propositional fragment of intuitionisti logic can be traced back to a paper by Vorob’ev from 1952 [1952]. . . The four rules above.D B ! C D . (C D) B ! C D. p. The basic idea behind limiting contraction is to design rules that are sensitive to the structure of A in an antecedent occurrence of A B . PROPOSITION 22. C B.

:C. (Cn Dn ) Bn . (C1 . WALLEN . L 2 must be modiﬁed to account for this. however. Split is the more complex rule: _. :(C D) ! : In the same way we can obtain a double negation rule from L Let us now prove the sequent :(p _ :p) !. In Example 2 we showed that a proof of this sequent in LB requires contraction. ::p ! :(p _ :p) ! The reader is encouraged to redo Example 11 to see how the systematic search procedure will work using the new rules in place of L . Since LB also satisﬁes of the rules L 1 . :D ! C D . L a cut-elimination theorem. i and is 0 are given by: 0! Bn ! Cn Dn ! D1 ) B1 . THEOREM 24. 0 contains no formulae of the form (C D) B . restricted to a propositional language. We prove a model existence theorem on the basis of the new set of rules. WAALER AND L. L _. i is n f(Ci Di ) Bi g. The system obtained from propositional LB by deleting LC and L . :(C ^ D) ! . D1 B1 ! C1 D1 in which the sets . we can conclude that the sequent is provable in LB without CUT. but in the fact that together the four rules can replace L . permit a much simpler proof: ! :A . 0 . :(C _ D) ! . :D ! . L ^. L ^.B ! . Split 1 . giving L 2 : . thus making explicit contraction redundant. The proof follows the same line of argument as the proof of the model existence theorem for LB (theorem 19). (C D) B ! n . ::A ! :p ! :p :p. L ^. and adding the rules L 1 . First. and L is complete. The interest in these rules lies not in their soundness. since L is the only left implication rule with a right premiss. L and Split . C :D ! . the refutation rule LC 1 is replaced by the four rules L 1 . Given that we replace L we must also modify the refutation rules of LB accordingly (ﬁgure 6).282 A. Proposition 22 shows that every sequent derivable by the rules of LB and any is derivable in LB. Dn L 2 Second. The new rules do. L _. : : : . Proof.

Observe that (U. ‘wt’ as follows: wt(p)=wt(?)=1. wt(A _ B )=wt(A _. if A 2 x . either z = x or z = y . then T S . and there is an instance of Split above with conclusion S . L^. (RC2) if there is an instance of Split with conclusion T . the refutation trees for the system under consideration must meet three conditions: (RC1) thinning only occurs on the left side formula of a R . T S iff there is an instance of R in between T and S whose left side formula is not introduced by thinning. L ^. L_2 . then x A. The deﬁnition of the model (U. Cases 1–3 in the induction are identical to the proof of Theorem 19. . Second. Since we work in the propositional fragment.2. y is immediately above x if x y and for every z such that x z y . . First. Observe that this is not the case for L ^. The proof of the model existence theorem for LB proceeded by induction on the structure of a formula A. 0 ) is exactly as in Section 2. ) is a ﬁnite tree. the deﬁnition of the constraints is somewhat simpler than those required for LB in Section 2. As in Theorem 19 we prove that for all x 2 U and every formula A. R_. Let us say that the degree of a point x in U is the number of distinct points y in U such that y x. R^2 . and it occurs whenever there is an antecedent occurrence of the same formula below this inference in the tree. where m is wt(A) and n is the degree of x. (RC3) every instance of Split has a R immediately above it in every branch.3 (neglecting the domain function). The function ‘wt’ induces a well-founded relation over formulae. Observe that wt((C ^ D) B ) > wt(C (D B )). This was made possible by the fact that any side formula of a refutation rule of LB is simpler than the principal formula of the rule (and is in fact a subformula of it). The proof is by induction 6 on the lexicographical ordering of all pairs (m. Following Dyckhoff [1992] we therefore introduce the weight of a formula. L_1 . for example. which is what we need for the induction to go through. then x jj A. L 1 .TABLEAUX FOR INTUITIONISTIC LOGICS 283 Once again the set of logical refutation rules is ordered into distinct groups: G ROUP 1: R^1 . wt(A ^ B )=wt(A)+wt(B )+2. and if A 2 x+ . n). L G ROUP 2: Split . L 2. B )=wt(A)+wt(B )+1. G ROUP 3: R . Note that the ‘’immediately above’ relation is reﬂexive.

Consider now any other point v immediately above x. z B . EXAMPLE 25. q r ! q q r!p q (p q) r ! (p q) r ! Observe that the conditions pertaining to a complete refutation tree are met. which entails that if z C D.284 A. Hence. p. The proof of Theorem 24 cannot be lifted to ﬁrst-order intuitionistic logic. if A 2 x . By the forcing condition. and we can conclude by the induction hypothesis. Since the weight of this formula is less than the weight of A. the induction hypothesis can be used to conclude v A. Consider now any point z y . giving B 2 z . By construction there has to be an x-inference of type L ^ whose principal formula is A. By induction hypothesis. Hence C (D B ) 2 x . If p 2 y . for any z x. In the latter case B 2 x . Consider the following tree. and we are done. possibly with a Split in between. the induction hypothesis applies and gives x C (D B ). WALLEN Case 4 needs modiﬁcation. by condition (2) this premiss must be the conclusion of a R with principal formula C D. if z C D. a situation which makes the degree of the points in the branch undeﬁned. The case that A 2 x+ is exactly as in theorem 19. then u = z . The endsequent of v must be the premiss of a R immediately above the Split under consideration. Hence there must be a point y immediately above x such that both C 2 y and D B 2 y . WAALER AND L. referring to L _ instead of L ^. z C and z D B . then z B . if p 2 u . In this case either Split applies or there is an x-inference of type L 2 with principal formula A. . Consider ﬁrst the premiss . x p B . Let A be an implication. Furthermore. The countermodel deﬁned by the tree is given as model 1 in Figure 2. x (C ^ D) B . Sub-case 1: A is p B . Assume that Split applies. REMARK 26. then z B . There must then be a z -inference of type L 1 which applies. Since the degree of v is less than the degree of x. Consider a point y x. Since this holds for every y x. there are four subcases to consider. there must be a point z such that x z y. The reason is that in the ﬁrst-order case the models deﬁned by refutation trees may contain inﬁnite branches. x forces D B . and by Lemma 5. However. To illustrate the construction in the proof given above we repeat Example 14 for the new set of rules. Sub-case 3: A is (C _ D) B . By induction hypothesis and Lemma 5. p 2 z . By induction hypothesis. and such that for every u z . By inspection of the rules we see that A 2 v . D B ! C D. Sub-case 4: A is (C D) B . Sub-case 2: A is (C ^ D) B . y B . Same as previous case. This situation is shown in Example 18.

. This is sufﬁcient to conclude that the method of the previous section cannot be lifted to the ﬁrst-order case.A ! . :(A B) ! L L :^ . :B ! .TABLEAUX FOR INTUITIONISTIC LOGICS 285 . :9xA ! L :8 the parameter a cannot appear in the conclusion. :B ! . i. :A ! ID . :A t=x] ! . :(A ^ B) ! :B . Proof. and that they are not used in the arguments for the other rules. and the refutation tree given in Example 15 provides insight into why no ﬁnite countermodel can exist. the non-permutability of L over R8. L:^ is derived by two instances of CUT: The derivations of the other rules are left for the reader. Sequential formulation of rules in Miglioli et al. B ! :A .3 Limiting contraction in intuitionistic predicate logic Owing to the interaction between right universal and left implication. A. :(A ^ B). In Example 18 we presented a countermodel to :8x(Px _ :Px) ! ?. contraction on left implications cannot be removed in the ﬁrst-order case. :B ! . :B ! . :8xA ! A a=x] . The idea can be formulated in terms of the sequent rules in Figure 8. and :(A ^ B). However.e. [Miglioli et al. [1994]. A. :(A _ B) ! .e. R ) or R8 is used in the arguments for the rules that operate on intuitionistic (single-conclusioned) sequents. :(A ^ B) ! . The system obtained from LB by adding the rules in Figure 8. :A ! . It is easy to see that this formula has no ﬁnite countermodel. This observation is due to Miglioli et al. the method does transfer to ﬁrst-order intuitionistic logic. :8xA ! Restrictions: In L :8 . . B ! . THEOREM 28. Observe that either R: (i. if we restrict attention to left negations. PROPOSITION 27. Figure 8. ::A ! L :_ :: :9 : L L . The rules in Figure 8 are all derived rules in LB. 1994] 3. :A ! . :9xA. . who presented the idea within the framework of a tableau system. :(A ^ B) ! .. :A.

L 2 . The relation needs to be modiﬁed slightly. :B ! . First condition (1’) replaces condition (1): . :B ! . :A t=x] ! . observe that in the latter ﬁgure. :(A B) ! . the set of refutation rules must also be modiﬁed.A ! . Proof. [Miglioli et al. L:8 . G ROUP 4: R8. :(A _ B) ! L L :^1 . ::A ! L :: L :8 . :(A ^ B) ! .2. :(A ^ B) ! . :(A B) ! . ::A ! . 1994] forbidding L on formulae of the form :A. Since we have added new inference rules. As in the proof of Theorem 24. :9xA ! :9 :8 is subject to eigenparameter condition on the parameter a. R . L:_. L9. L: . emphasising only the modiﬁcations of that construction. G ROUP 1: R^1 .. A. :9xA. L_1 . L_2 . The rules are ordered into four groups: G ROUP 2: LC8. L:: . L^. we prove a model existence theorem on the basis of the new set of rules by referring to the corresponding proof for LB.286 A. Refutation rules for the system in Miglioli et al. Let the sequent S be above the sequent T in a derivation. :A. :8xA ! . :8xA ! L : L . G ROUP 3: L:^1 . RC9. in contrast to the situation in LB. R^2 . LC 1 . an intervening instance of one of the four propositional rules in GROUP 3 such that S occurs over the left premiss of the rule. the rules that are branching are precisely those that deﬁne points of backtracking in the search. Using this relation we can formulate two conditions that a refutation tree must satisfy in addition to the ﬁve conditions introduced for LB in Section 2. L:9. Then T S iff there is an intervening instance of R whose left side formula is not introduced by thinning. is complete. WAALER AND L. The points of backtracking can no longer be isolated to applications of Split. :(A ^ B) ! L :^2 :_ L . :B ! . :A ! . We add to the set of rules in ﬁgure 6 the rules in Figure 9. L:^2 . Figure 9. WALLEN . :(A ^ B) ! . R_. :8xA ! A a=x] . or an intervening instance of R8 or L:8 whose eigenparameter has been used as parameter in an intervening inference of type L8.

hence. adds new sub-cases to the proof of Theorem 19 for cases where the rules in Figure 9 apply. then x jj A. The symbol can informally be taken to stand for ‘negation proven’. the rules in GROUP 3 will give rise to new points in the model. We leave the details to the reader. Since one of these two cases must hold for every y x we conclude that x :(B ^ C ). and if A 2 x+ . .e. and the term used to instantiate the quantiﬁer is available at the conclusion. The proof.TABLEAUX FOR INTUITIONISTIC LOGICS 287 (R1’) thinning only occurs on the left side formula of a R or the side formula of a propositional inference in G ROUP 3. In case (i) y u. Keeping this in mind the tableau system consists of the rules in Figure 7 together with the rules in Figure 10. which 6 is by induction on A. In order to present the set of tableau rules we will no longer treat negation as a deﬁned symbol. i. by Lemma 5. y jj B . In case (ii) induction hypothesis and 6 Lemma 5 allow us to conclude that y :B . We consider one sub-case to Case 4 in the proof of theorem 19: A is :(B ^ C ). [1994] introduce the sign Fc (‘certain falsehood’) in addition to the two signs used by Fitting. if A 2 x . the conclusion of which is S . 0 ) associated with a refutation tree u to account for the fact that. Assume that r is L:^1 . or (ii) x z y and every y -sequent occurs above the left premiss of r. Let A 2 x and y x. (i) The other cases are similar (or simpler) and are left for the reader. and it occurs whenever there is an antecedent occurrence of the same formula below this inference in the tree. In their tableau presentation Miglioli et al. and which satisﬁes either of the two conditions: y z . By induction hypothesis we conclude that u :B . Finally. then T S . The new construction allows us to prove smoothly that for all x 2 U and every formula A. the case that r is L:^2 is symmetrical. By inspecting this rule we see that the left premiss of r gives rise to a point u immediately above z such that :B 2 u . . By construction there must be z -inference r of type L:^1 or L:^2 whose principal formula is A. then x A. The new clauses are: (R6) if there is an instance of a rule in GROUP 3 with conclusion T and there is an instance of the same rule above with identical principal formula. we include explicit negation rules. D. we must modify slightly the deﬁnition of the Kripke model (U. in addition to the rules in Group 4. (R7) the side formula of a L:9 does not have an antecedent occurrence below this inference in the tree. ST now means fTA j TA 2 S g fFc A j Fc A 2 S g.

Terms normally used in expansion with the rules L8 and R9 are instead replaced by indeterminates. FA t=x]. the subformula property (section 1. [Miglioli et al. TA F : S. FA a=x].Fc 9xA Fc 9 S. ! 9xC. FcA ^ B ST . 1990]. Fc 8xA ST . FcB Fc _ S. C =x] ! . FB Fc Restrictions: The parameter a in Fc must be new. There are in fact two separate problems to be addressed.. Tableau rules of Miglioli et al. The logical problem is how to ensure that solutions to the algebraic problem are logically adequate given the meaning attributed to the quantiﬁers by a logic. Fc A. a formulation of that solution would take us beyond the scope of a volume on tableau methods.3) does not serve to constrain term structure to the same degree as it constrains propositional structure. Chapter 3). T :A S. sometimes called ‘free variables’ or ‘Skolem variables’ (cf. 8xC ! L i 8 ! C =x]. WALLEN S. drawing indirectly on ideas from Herbrand [1967]. 1990]. one algebraic and the other logical. TA Fc: S. Fc A j ST . 1994] 3. The algebraic problem is how to limit the class of terms considered in the search. A Herbrand-Robinson treatment of quantiﬁcation in an intuitionistic type theory can be found in [Pym and Wallen. Fc B Fc^ S. Here we shall be content to provide a brief description of the main elements of that solution as it relates to intuitionistic logic. TA. 8 Figure 10. Fc 9xA S. The L8 and L9 rules in LB are modiﬁed accordingly: . Fc :A ST . R i 9 Here is a fresh symbol selected from an alphabet of indeterminates assumed to be disjoint from the terms of the language. The adaptation of Robinson’s solution to classical tableaux is discussed in other chapters in this volume (see Chapter 3).288 A. Fc A B ST . . Without loss of generality we can assume that the identity axioms are atomic. Fc A T : S. FcA _ B S. WAALER AND L.4 The treatment of quantiﬁers One of the most important problems encountered in the formulation of methods of systematic proof-search is how to constrain the non-determinism that arises when choosing terms for use with quantiﬁer rules. F :A ST . they are further modiﬁed to require 8 A comprehensive solution for intuitionistic predicate calculus was presented in [Wallen. Fc8xA Fc 8 S.8 Let us ﬁrst address the algebraic problem of limiting the class of terms considered in a search. This problem was solved for the classical predicate calculus by Robinson [1965].

This brings us to the second problem: how to distinguish the logically adequate solutions from the larger class of algebraically . for i = 1. be the pairs of principal formulae of the n axioms of the skeleton. and can be feasibly computed. n . The system of simultaneous equations induced is: sij = tij . The axioms of an LB-skeleton induce a system of simultaneous equations as follows. Notice. in which the structure of the axioms of a skeleton is used to decide which equations require solution. An LB-skeleton of 8xPx q ! 9y (Py instantiation of the skeleton with = a (to the right) q) (to the left) and an only that the predicate symbols of the principal formulae are identical. that the eigenparameter condition on R8 is not satisﬁed in the tree to the right in ﬁgure 11. : : : . j = 1. Pa ! q 8xPx q ! Pa q 8xPx q ! 9y(Py q) Figure 11. however. If the skeleton contains no axioms the induced system of equations is empty. let (Pi si1 : : : sim . The equation-solving perspective. i = 1. provides a completely adequate algebraic solution to the problem of constraining the terms considered in a search. P ! q 8xPx q ! P q 8xPx q ! 9y(Py q) Pa ! Pa Pa ! 8xPx q. : : : . a method which also sufﬁces to calculate ‘most general’ solutions. An example will help to illustrate these ideas. but intuitionistically unprovable sequent: 8xPx q ! 9y (Py q ). The system of equations induced by the skeleton is the singleton = a which is in solved form already. m : The solubility of such systems over the universe of terms augmented with the indeterminates as additional generating elements can be determined by . otherwise. makes this one of the central results of automated deduction. P ! q 8xPx q. Only those terms that materially effect the axioms are ever considered. All other logical and structural rules are as in LB (see Figure 3). : : : . Pi ti1 : : : tim ). In what follows we shall call trees constructed with the modiﬁed axioms and the L8i and R9i rules LB-skeletons. EXAMPLE 29. The fact that most general solutions exist. This is to reﬂect the fact that they do not necessarily carry logical force. Consider the classically valid. An LB-skeleton of the sequent is given in ﬁgure 11. Pa ! q 8xPx q.TABLEAUX FOR INTUITIONISTIC LOGICS 289 P ! Pa P ! 8xPx q. n.

6. this separability can be seen via the permutation properties of the calculus LK (see Figure 5). The eigenparameters in L9 and R8 are associated with information which eliminates those solutions which would result in an eigenparameter appearing in the derivation below the L9 or R8 rule with which it is associated. We shall ﬁrst consider this solution as it applies to LB and then show that the classically sound generalisation of this method known as 10 fails intuitionistically. or the of Gentzen [1935]. The equation induced by this LBi-skeleton is . WAALER AND L. This is expressed. though modern versions are much clearer. and to give as arguments to the terms exactly those indeterminates which appear in the conclusion of the rule (cf. The modiﬁed LB-skeleton of Figure 11 is shown in Figure 13. Proof-theoretically. the of Smullyan [1968]. see for example Theorem 2. Following Herbrand. A f ~=x] ! . page 554 in van Heijenoort’s collection [1967]. by the prenex normal form theorem. We shall call the LB system with modiﬁed quantiﬁer rules and axioms as described above LBi. The ‘logical’ rules of LBi are summarised in Figure 12. 1982]. the identiﬁcation (in classical logic) of those algebraic solutions which nevertheless will fail to satisfy eigenparameter conditions can be achieved quite simply. A formulation of Herbrand’s theorem for non-prenex formulae is given in [Bibel.290 A. Chapter 3). 9xA ! L i 9 ! A f ~=x] ! 8xA R i 8 = f 9 Theorem 5. The central modiﬁcation is to the rules L9 and R8 as follows: where in each case ~ is the list of indeterminates in the conclusion. variously. In the classical predicate calculus the quantiﬁcational structure is ‘separable’ from the propositional structure of the logic. It has become customary to introduce so-called ‘Skolem’ terms in place of the eigenparameters. Let us ﬁrst brieﬂy address classical logic. . and therefore to differ systematically from one logic to the next. Recall that the only impermutable rule pairs are the following: L or R R or L 8 8 9 9 which stem from the eigenparameter conditions. We should expect a solution to this problem to reﬂect the logical properties of the quantiﬁers. WALLEN adequate ones. 10 Skolemisation is discussed extensively in Chapter 3. How this is done in practice is somewhat immaterial. 1987].4 page 120 of [Girard. and f is a ‘function’ symbol uniquely associated with the inference that introduces it. Herbrand’s theorem9 [1967] also reﬂects this property by expressing ﬁrst-order provability in terms of the provability of quantiﬁer free forms.

A _ B ! R ! A.B ! . 8xA ! . 9xA ! 8 ! A f ~=x] ! 8xA ! A =x]. An LBi-skeleton for this sequent is shown in Figure 13. the reader can easily check that the instantiated skeleton is an LB-proof. A =x] ! . the parameter will occur in the conclusion of the R8 rule and the skeleton will thereby fail to satisfy the eigenparameter condition.1 can be easily modiﬁed for LBi. REMARK 31. B ! . the resulting instantiation will produce an LB-proof. In L i and R i . The search procedure of Section 2. ! A _ B. ! B. _ ! A. The sequent we shall consider is 9y (Py q ) ! 8xPx q .TABLEAUX FOR INTUITIONISTIC LOGICS 291 .2 and 3. The similarity of this essentially proof-theoretical technique to certain (seman- . is already in solved form. the Herbrand function f must not have been introduced by any other rule in the skeleton. ~ is the list of indeterminates appearing in the conclusion of the rule. The induced equation. the indeterminate must not have been introduced by any other rule in the skeleton. ! 9xA. ! A ^ B. A. The quantiﬁer rules of LBi replace those of LB in GROUPS 1. This adequately reﬂects the fact that any solution for which contains the parameter associated with the R8 rule will fail to produce a sound LB-derivation from the LBi-skeleton. B. and an LBi-skeleton is produced following the constraints of the procedure. = a.A ! .A B ! L i L R .A ! B !A B R ^ _ . . The ordering on expansions imposed by the procedure ensures that if the system of equations induced by the LBi-skeleton is solvable. 9 8 R i 8 9 L i 9 R i Restrictions: In L i and R i . The ‘logical’ rules of LBi which has no ﬁnite solution. A f ~=x] ! .B ! .A ^ B ! L ^ L ! A. The method of refutation trees can be extended to LBi. EXAMPLE 30. 8 9 Figure 12. . This is left as an exercise for the reader. Here is an example of an intuitionistically valid sequent proved by means of this search procedure.

292 A. the generality of the technique as a way to express nonpermutabilities in a sequent calculus or tableau system has not been widely appreciated. Thus we can conclude that. (See [1990] for an alternative view. permit auxiliary formulae on the right. To the right tic) methods of quantiﬁer elimination in classical logic due to Skolem11 has had both a positive and a negative inﬂuence on the adaptation of this technique to nonclassical logics. 9y(Py q) q ! 9y(Py q) 8xPx q ! 9y(Py q) ! C a=x]. the interaction we discovered when seeking to instantiate the skeleton of Figure 11 was a property of of that particular LB-skeleton and not an intrinsic dependency within the endsequent itself. for classical logic at least. Semantically. It is not hard to see that the resulting sequent 8xPx q ! 8xPx is unprovable in LB. 8xPx ! q 9y(Py q) ! 8xPx q q ! 9y(Py q). WALLEN P ! Pf P ! 8xPx q. 1967].q ! q Pa q. skolemisation points to a generalisation of the above technique in the context of classical logic.) Proof-theoretically. The important point to note is that the parameter a does not depend in any way on the indeterminate. however. WAALER AND L. On the positive side. The of our example endsequent is the sequent Pa q ! P q. This formula is classically unsatisﬁable if and only if the original formula is. P ! q 8xPx q ! P q 8xPx q ! 9y(Py q) Figure 13. . R 8 11 A comprehensive exposition of the relevant techniques arising from Skolem’s work can be found in [Shoenﬁeld. Recall that it has the form q. P ! q 8xPx q. ! 8xC. Pa ! q q ! Pa q 8xPx q ! 8xPx. as it is assumed that the technique relies on properties of classical logic. again at least in classical logic. The end-piece of such a derivation is shown below: Within LB we must thin away the formula 9y (Py q ) in the right branch of this ﬁgure before we can apply R8. To the left an LBi-skeleton for 8xPx an LBi-skeleton for 9y (Py q ) ! 8xPx q P ! Pa 8xPx ! Pa 8xPx. this is justiﬁed by the fact that the 8 is not in the scope of the 9. 8xPx ! q 9y(Py q). The classical R8 rule of LK does. the independence of the parameter a from the indeterminate can be justiﬁed by the fact that there is a skeleton in which the order of the quantiﬁer inferences is reversed from that in the skeleton of Figure 11. On the negative side.

According to this view. EXAMPLE 32. The reader should immediately see that the problem lies not in the skolemisation technique itself. q 8xPx q ! Pa. The skolemised form of the intuitionistically unprovable sequent This suggests that it might be difﬁcult to extend skolemisation technique to intuitionistic logic. 9y(Py q) 8xPx q ! 8xPx. however. The soundness of the skolemisation technique within classical logic can be seen to rest on the fact that the permutation constraints on the quantiﬁer rules arise only from their axioms and mutual relationships in the endsequent. The ﬁrst three cases are incorporated into the Herbrand function as currently constituted. The last two involving L are not. Pa ! q q ! Pa q q ! 9y(Py q) 8xPx q. An LK derivation of 8xPx q ! 9y(Py q) which allows successful completion of the end-piece in LK. 9y(Py q) 8xPx q ! 9y(Py q) Figure 14. The completion of this derivation in LK is given in Figure 14. these are the two 12 Note that there are no quantiﬁers in a Skolem normal form. Pa q 8xPx q ! Pa. but in the assumption that the technique should be independent of the logical properties of the quantiﬁers. Note that the essential permutation required to reverse the order of the R8 and L9 in leftmost skeleton of Figure 13 is L over R and R8. since neither the endsequent nor its Skolem normal form is intuitionistically provable. Once again we look to the permutation properties for our solution. the example below shows that skolemisation is unsound intuitionistically. a reﬂection of the existence of a prenex normal form. Recall that for LB we have the following impermutabilities L R 8 8 L 8 or R9 L9 R L or R 8 We have simply to encode these impermutabilities in the Herbrand terms to extend skolemisation to intuitionistic logic. This difﬁculty is.TABLEAUX FOR INTUITIONISTIC LOGICS 293 q.12 Our example does not show directly that a similar generalisation is unavailable for intuitionistic logic. a Herbrand function should be considered an extension to the ﬁrst-order language. 8x(Px _ q) ! 8xPx _ q is the intuitionistically provable sequent P _ q ! Pa _ q. . simply a reﬂection of the (negative) inﬂuence of the semantic view of skolemisation. Pa ! Pa. However.

Girard. J. In J. 1969] M. F. Metamathematical investigations of a calculus of constructions. Bell. Journal of Symbolic Logic. F. WAALER AND L. [Fitting. WALLEN cases above which the classical formulation of the skolemisation technique fails to account for. T. [Girard. of the Seventeenth Annual Symp. 1990] J. B. 1990] T. 4:191–213. Fitting. 1969. Englewood Cliffs.-Y. 1987. 1990. University of Oslo and Department of IT and Mathematics. [Beth. W. OUP. Intuitionistic Logic. R. editor. Norway. 405–431. T.294 A. Beth. P. English translation in M. though in fact they gain a suitable interpretation using . 1988] M. editor. The Foundations of Mathematics. Implementing Mathematics with the Nuprl Proof Development System. New Jersey. Finnmark College. volume 31 of APIC. [Herbrand. Investigations in proof theory. volume 1 of Studies in Proof Theory. North-Holland. North-Holland Publishing Co. Proceedings of the Herbrand Symposium. Smith. North-Holland. First-order modal tableaux. 1987] J. Oxford. [Bibel. Szabo The Collected Papers of Gerhard Gentzen. Odifreddi. 1969. [Fitting. [Dyckhoff. Proofs and Types. Cleaveland. Model Theory.-Y. 1990. Arild Waaler Department of Informatics. 1990. Cambridge University Press. Dyckhoff. [Coquand. The technical details of such an approach are described in various formats in [Wallen. 1992] R. 57(3):795–807. Bibel. Knoblock. In fact. F. N. editor. [Gentzen. Logic and Computer Science. pages 525–581. [Grifﬁn. to extend the technique to intuitionistic logic requires a simple modiﬁcation of the notion of ‘Skolem normal form’ to reﬂect the (permutation) properties of the intuitionistic connectives. pages 11–28. Gentzen. Lincoln Wallen Oxford University Computing Laboratory. Harper. Bromley. Mendler. 1990]. Panandagen. London. . Journal of Automated Reasoning. 1959] E. Howe. Bibliopolis. 39:176–210. [Constable et al. volume 14 of Oxford Logic Guides. Amsterdam. Of course we should not necessarily expect to be able to internalise these functions in any way. pages 91–122. 1992. Amsterdam. R. Oxford. North-Holland. H. Harvard University Press. Sasaki. Mathematische ¨ Zeitschrift. Fitting. and Forcing. o Cambridge. Constable. Amsterdam. P. 1935] G. Untersuchungen uber das logische Schließen. 1988. 1934–35. pages 47–58. 1986] R. Prentice-Hall. in the context of resolution. Computationally improved versions of Herbrand’s Theorem.E. 1982] W. MA. on Principles of Programming Languages. 1989. Contraction-free sequent calculi for intuitionistic logic. Cremer. Pym and Wallen. [Girard. M. A formulas-as-types notion of control.. From Frege to G¨ del: A Source Book of Mathematical Logic. Cambridge. F. The examples above are inspired by his paper. W. 1990. 1967] J. REFERENCES [Bell. In P. Similar techniques have been introduced for by Fitting [1988] and. van Heijenoort. Logic Colloquium ’81. Proof Theory and Logical Complexity. L. and S. W. In J. Toposes and Local Set Theories: an introduction. Stern. by Ohlbach [1990]. 1990] T. Shankar [1992] reformulated the technique for use with LJ. S. Herbrand. 1967. Grifﬁn. D. 1986. Girard. Coquand. 1934–1935. J. L. 1982. 1989] J. 1959. In Proc. Allen. Academic Press.

Die formalen Regeln der intuitionistischen Logik. Introduction to Metamathematics. Methodology and the Philosophy of Science. 1992] D. [Ohlbach. Nordic Journal of Philosophical Logic. Logic and Computer Science. [Parigot. Logic Colloquium ’90 Helsinki. In L. Springer Verlag. pages 198–231. Haridi. In Proc.E. Springer Verlag. 1982] P. Odifreddi. editor. pages 479–490. 1995] L. An evaluation semantics for classical proofs. Semantics-based translation methods for modal logics. [Pinto and Dyckhoff. Mints. [Martin-L¨ f. 1960. 1952b] S. A. 1(5):691–746. Hindley and J. pages 225–232. Tallinn. R. In Proceedings ASL Summer Meeting. 1992. Semantical analysis of intuitionistic logic I. volume 624 of LNCS. [Murthy. North-Holland. Lecture Notes in Computer Science 449. An O (nlogn)-space decision procedure for intuitionistic propositional logic. Pinto and R. 1979. T. 1996] P. 1993. . Journal of Logic and Computation. [Kleene. In J. 1963. 1956. Loop-free construction of counter-models for intuitionistic propositional logic. Napoli. Ornaghi. 1956] A. In Behara. pages 153–175. Sci. Eine Darstellung der intuitionistische Logik in der klassischen. [Martin-L¨ f. USSR. 1990] P. Amsterdam. 10:1–26. Nagoya Mathematical Journal. 1930. Sch¨ tte. 1995. Investigations into proof-search in a system of ﬁrst-order dependent function types. Conf. 1996. 1990. Academic Press. 1952] S. Heyting. Assoc. 1990] G. 7:45–64. 1965. Amsterdam 1991. A. 1993. U. Mach. Bounds for cut-elimination in intuitionistic propositional logic. [Sch¨ tte. Ohlbach. C. Dummett. 12:23–41. 1990. Maehara. Lambda-calculus and Formalism. and S. [Robinson. Constructive mathematics and computer programming. pages 51– 62. Crossley and M. [Mints. Sahlin. Journal Automated Reasoning. rev. [Mints. Amsterdam. 1991] C. Mints. [Heyting. Finland. [Martin-L¨ f. on Logic in Comp. Martin-L¨ f. London. 13:361–373. Gentzen-type systems and resolution rule. In J. An Introduction. COLOG’88. California. [Miglioli et al. The Netherlands. 1(1):11–60. In Proc. 1984. Robinson. Dyckhoff. [Hudelmaier. 2(5):619–656. 1952. In M. Berlin. IEEE Computer Society Press. Amsterdam. Springer-Verlag. [Hudelmaier. Beweistheorie. IEEE. pages 92–129. -calculus: an algorithmic interpretation of classical natural deduction. On the meaning of the logical constants and the justiﬁcation of the o o logical laws. 1954. C. volume 31 of The Apic Studies in Data Processing. Franz´n. volume 417 of Lecture Notes in Computer Science. 1990. J. Springer-Verlag.. 1994] P. Archive for Mathematical Logic. [Kripke. Intuitionistic Type Theory. of Sixth Symp. [Kleene. o o Cohen. u u [Sahlin et al. In Proceedings International Conference on Computer Logic. Notes by o o Giovanni Sambin of a Series of Lectures given in Padua. part i: Propositional logic. 1993] G. J. Bibliopolis. editor. Murthy. editors. London. 1954] S. An Improved Refutation System for Intuitionistic Predicate Logic. June 1980. Tenth Conference on Automated Deduction. Journal of Logic and Computation. part ii: Predicate logic.TABLEAUX FOR INTUITIONISTIC LOGICS 295 [Heyting. 1991] P. Martin-L¨ f. 1980] W. Berlin. Gentzen-type systems and resolution rule. Symposia Gaussiana. A. 1984] P. Comput. Academic Press. pages 236–250. Intuitionism. Wallen.. Berlin. 1960] K. Seldin. Journal of Logic and Computation. 1991. editor.J. Pym and L. Sitzungsberichte der Preussischen Akademie von Wissenschaften. 1990] D. 1993] J. volume 2 of Lecture Notes in Logic. Shankar. 1952. Lincoln. 1992. Stickel. An Intuitionistic Predicate Logic Theorem e Prover. Hudelmaier. [Lincoln. Curry: Essays on Combinatory Logic. Springer-Verlag. Parigot. 1994. 1965] J. 31:331–354. 1982. 3(1):63–76. 1963] S.-J. 1990. pages 163–190. Fritsch. Kleene. 1991. 2nd edition. [Howard. B. The formulae-as-types notion of construction. Miglioli. Hudelmaier. Amsterdam. [Maehara. and M. In Sixth annual IEEE symposium on Logic in Computer Science: Proceedings. [Pym and Wallen. Moscato. Los Alamitos.. A machine oriented logic based on the resolution principle. 1990] H. [Odifreddi. Permutability of inferences in Gentzen’s calculi LK and LJ. Scedrov. North-Holland. North-Holland. 1992] J. A. A. pages 190–201. Memoirs of the American Mathematical Society. Amsterdam. Walter de Gruyter & Co. Heyting. North-Holland. 1992] M. Linearizing intuitionistic implication. editors. and N. P. berlin. and Lintz.. Proceedings of the 6th International Congress for Logic. 1930] A. editors. Kleene. To H. 1980. 1992. Kripke. pages 96–109. LPAR ’92. Howard. Martin-L¨ f. Formal Systems and Recursive Functions.

1952] N. 1997a] A. Statman. 1988] A. pages 522–536. Shankar. Harvard University Press. van Dalen. van Heijenoort.K. Submitted for publication. Proceedings of 11th International Conference on Automated Deduction. 1997. Amsterdam. First-Order Logic. [Schmiktt and Kreitz. Technical Report PRG-TR37-97. North-Holland. [Wallen. volume 121 of Studies in Logic and the Foundations of Mathematics. [Troelstra and van Dalen. 1990. Springer Verlag. 1967] J. In M. Shoenﬁeld. A. [Statman. Addison-Wesley. A sequent calculus for intuitionistic logic with classical permutability properties. Wallen. MA. [Waaler. Technical Report PRG-TR-38-97. Reidel. Waaler. 1990] L. 1967. S. [Smullyan.A. New York. [Vorob’ev. 1996. 1992. MIT Press. MA. McRobbie and J. volume 1104 of Lecture Notes in AI. 1968] R. 1997b] A. Intuitionistic logic is polynomial-space complete. 1975. Smullyan. 1979] R. (In Russian). Berlin. Vorob’ev. Takeuti. In D. [Waaler. Proceedings of 13th International Conference on Automated Deduction. Amsterdam. Volumes I and II. volume Handbook of Philosophical Logic III. 1988. pages 225–339. Berlin. 1986. The derivability problem in the constructive propositional calculus with strong negation. volume 607 of Lecture Notes in AI. 1996] S. 1967] J. Waaler. Cambridge. Reading. pages 418–432. Comp. Automated deduction in nonclassical logics. Springer-Verlag. Proof search in the intuitionistic sequent calculus. [Shoenﬁeld. Converting non-classical matrix proofs into sequent-style systems. 1979. 1975] G. Oxford University Computing Laboratory.296 A. 85:689–692. Slaney. 1997. . North-Holland. editor. chapter 4. Oxford University Computing Laboratory.R. 1968. Dordrecht. Proof Theory. Kreitz. Theor. Doklady Akademii Nauk SSSR. [van Dalen. From Frege to G¨ del: A Source Book of Mathematical o Logic. Mathematical Logic. 9:73–81. Troelstra and D. WAALER AND L. 1986] D. Essential contractions in intuitionistic logic. 1992] N. WALLEN [Shankar. M. Springer Verlag. Science. [Takeuti. 1952. 1967. Kapur. Schmitt and C. UK. UK. Submitted for publication. Constructivism in Mathematics. editors. N. [van Heijenoort. van Dalen. Intuitionistic Logic.

Often the eventual use of these logics boils down to the task of deducing whether a certain formula of a logic is a logical consequence of a set of other formula of the same logic. maximal consistent sets can also be used to determine decidability. Section 4. In Section 4.6 relate our tableau systems to the well-known systems of Fitting and Smullyan. We therefore base our work on a method due to Hintikka [1955] and Rautenberg [1983]. Effectiveness however is of primary importance for automated deduction. One of the best accounts of proof methods for modal logics is the book by Melvin Fitting [1983].. due to Hintikka. Beckert and Possega. In Section 4. but give a brief overview of the associated Kripke semantics to keep the chapter self-contained.4–4. We concentrate on the propositional fragments restricted to a two-valued (classical) basis and assume some prior knowledge of modal and temporal logic. 1995. Section 4. In this chapter we give a systematic and uniﬁed introduction to tableau methods for automating deduction in modal and temporal logics. and a more constructive approach using ﬁnite sets. In Section 2 we give the syntax and (Kripke) semantics for propositional modal logics. the traditional axiomatic methods for deﬁning modal logics and the correspondences between axioms and certain conditions on frames. In Section 3 we give a brief overview of the history of modal tableau systems. 1973]. admissible rules and derivable rules. 1995] as a viable alternative to the more traditional methods based on resolution [Chang and Lee. is more appropriate. Baumgartner et al. but in general. 1988. 1992] and Hardware Veriﬁcation [Nakamura et al..8 covers decidability issues like the . Models for Concurrency [Stirling. 1991]. Fitting uses Smullyan’s idea of abstract consistency properties and the associated maximal consistent set approach for proving completeness. As Fitting notes. The method of semantic tableaux is now well established in the ﬁeld of Automated Deduction [Oppacher and Suen. explain tableau constructions and tableau closure. Sections 4.3 covers the (Kripke) semantics of modal tableau systems and the notions of soundness and completeness with respect to these semantics. Section 4 is the main part of the chapter and it can be split into two parts.. and then cover proof theoretic issues like structural rules. they do not give information about the efﬁcacy of the associated tableau method.´ RAJEEV GORE TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 1 INTRODUCTION Modal and temporal logics are ﬁnding new and varied applications in Computer Science in ﬁelds as diverse as Artiﬁcial Intelligence [Marek et al. To obtain generality.2 we cover the syntax of modal tableau systems. 1987].1 we motivate our study of modal tableau systems.

particularly linear and branching time logics over discrete frames with operators like ‘next’.18– 4. 3 are of equal binding strength but bind tighter than ^ which binds tighter than _ which .9–4. ^. The ﬁrst half of Section 4 concludes with a summary of the techniques covered so far and sets up the speciﬁc examples of tableau systems covered in the second half. modal logics with ‘provability’ interpretations and mono-modal logics with temporal interpretations. _ and ! respectively stand for logical negation.21 covers the connection between modal tableau systems and modal sequent systems. modal logics with epistemic interpretations. Section 5 is a very brief guide to tableau methods for multimodal logics. (A ^ B ).12 explain the technical machinery we need to prove the soundness and completeness results. Sections 4. A well-formed formula. together with the classical connectives ^ (‘and’). Sections 4. logical conjunction. _ (‘inclusive or’). hereafter simply called a formula. Finally. The symbols :.19 cover proof-theoretic issues again by highlighting some deﬁciencies of the tableau methods of Section 4. p2 .20 closes the loop on the Kripke semantics by highlighting the ﬁner characterisation results that are immediate from our constructive proofs of tableau completeness. Z (possibly annotated) denote ﬁnite (possibly empty) sets of formulae. (A ! B ). 2. To enable us to omit parentheses. logical disjunction and logical (material) implication.1 Syntax and Notational Conventions The sentences of modal logics are built from a denumerable non-empty set of primitive propositions P = fp1 . Y. and their connections with decidability. Upper case letters from the end of the alphabet like X. we adopt the convention that the connectives :. Section 6 gives a brief overview of labelled modal tableau systems where labels attached to formulae are used to explicitly keep track of the possible worlds in the tableau constructions. Lower case letters like p and q denote members of P . Section 4. The second half of Section 4 covers tableau systems for: the basic systems. and the admissibility of the cut rule. is any sequence of these symbols obtained from the following rules: any pi 2 P is a formula and is usually called an atomic formula. Upper case letters from the beginning of the alphabet like A and B together with P and Q (all possibly annotated) denote formulae. and if A and B are formulae then so are (:A). g. 2 PRELIMINARIES 2. (A _ B ).298 ´ RAJEEV GORE subformula property. : (‘not’). and ﬁniteness of proof search. Section 4. the parentheses ) and (. (2A) and (3A). the analytic superformula property. For convenience we use ? to denote a constant false formula (p1 ^ :p1 ) (say) and then use > = (:?) to deﬁne a constant true formula. ‘until’ and ‘since’. ! (‘implies’). and the non-classical unary modal connectives 2 (‘box’) and 3 (‘diamond’).

In the context of temporal logic. An to then its name is written as 1 2 n . and by taking the appropriate formulae from Figure 1 as axiom schemas.2 Axiomatics of Modal Logics The logics we shall study are all normal extensions of the basic modal logic and are traditionally axiomatised by taking the rule of necessitation RN (if A is a theorem then so is 2A) and modus ponens MP (if A and A ! B are theorems then so is B ) as inference rules. they stand for ‘always’ and ‘eventually’ so that 2A is read as ‘A is always true’ and 3A is read as ‘A is eventually true’. If a logic is axiomatised by adding axioms A1 . A2 . The logic K KA A A K . is also a theorem. the logic is so well known in the literature by another name that we revert to the traditional name. . Axiom names and deﬁning formulae Deﬁning Formula binds tighter than ! : So :A _ B ^ C ! D should be read as (((:A) _ (B ^ C )) ! D). The symbols 2 and 3 can take various meanings but traditionally stand for ‘necessity’ and ‘possibility’. Thus the rule of uniform substitution US is built in so that any substitutional instance of an axiom schema or theorem. 2.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 299 Axiom 2(A ! B ) ! (2A ! 2B ) 2A ! A 2A ! 3A 4 2A ! 22A 5 3A ! 23A B A ! 23A 2 32A ! 23A M 23A ! 32A L 2((A ^ 2A) ! B ) _ 2((B ^ 2B ) ! A) 3 2(2A ! B ) _ 2(2B ! A) X 22A ! 2A F 2(2A ! B ) _ (32B ! A) R 32A ! (A ! 2A) G 2(2A ! A) ! 2A Grz 2(2(A ! 2A) ! A) ! A Go 2(2(A ! 2A) ! A) ! 2A Z 2(2A ! A) ! (32A ! 2A) Zbr 2(2A ! A) ! (232A ! 2A) Zem 232A ! (A ! 2A) Dum 2(2(A ! 2A) ! A) ! (32A ! 2A) Dbr 2(2(A ! 2A) ! A) ! (232A ! 2A) K T D Figure 1. Sometimes however.

wRv or v j= A. some care is needed when extending this notion to modal logics if we want to preserve the ‘deduction theorem’: X `L (A ! B ) iff X fAg `L B . we write w j= p iff w 2 V (p). Ri where W is a non-empty set (of possible worlds) and R is a binary relation on W: We write wRw0 iff (w. Ri. w j= A and w j= B . w 6j= A or w j= B . L 2. R. R. R. Given some model hW. and say that w satisﬁes p or p is true at w. V i iff there exists some w 2 W such that w j= A. w j= A or w j= B . or even that w sees w0 . This satisfaction relation j= is then extended to more complex formulae according to the primary connective as below: w j= p w j= :A w j= A ^ B w j= A _ B w j= A ! B w j= 2A w j= 3A iff iff iff iff iff iff iff w 2 V (p). 1984 ] or Chellas [1980]. We also write w 6j= p to mean w 62 V (p). or that w0 is reachable from w.300 ´ RAJEEV GORE For an introduction to these notions see the introductory texts by Hughes and Cresswell [1968. for all v 2 W . for example. V i. We also write wRw0 to mean (w.3. that is. since it is well known that the deduction theorem fails if we use the notion of deducibility from classical Hilbert system formulations (due to the rule of necessitation). V i. We say that w satisﬁes A iff w j= A where the valuation is left as understood. we omit details. 6 there exists some v 2 W . V i j= A. R. R. However. with wRv and v j= A. A formula A is valid in a model hW. A formula A is satisﬁable on a frame hW. iff there exists some valuation V and some world w 2 W such that w j= A. As with classical logic. is usually known as S4. the notion of theoremhood can be extended to the notion of ‘deducibility’ where we write X `L A to mean ‘there is a deduction of A from the set of formulae X ’. Fitting [1993] shows how to set up the notions of ‘deducibility’ so that the deduction theorem holds. w 6j= A. or that w makes A true. KT4. or the article by Fitting [1993]. We return to this point in Section 4. iff it is true at every world in . w0 ) 62 R. w0 ) 2 R and we say that world w0 is accessible from world w. and some w 2 W . A formula A is satisﬁable in a model hW. written as hW. but since axiomatics are of a secondary nature here. If w j= A we sometimes also say that A is true at w. or w0 is a successor of w. The important point is that the notion of theoremhood `L A remains the same since it corresponds to ‘deducibility’ of A from the empty set viz: fg `L A. Thus V (p) is the set of worlds at which p is ‘true’ under the valuation V . We write `L A to denote that A is a theorem of an axiomatically formulated logic .3 Kripke Semantics for Modal Logics A Kripke frame is a pair hW. V i where V is a mapping from primitive propositions to sets of worlds. 6 A Kripke model is a triple hW. V : P 7! 2W .

Many of the restrictions are deﬁnable as formulae of ﬁrst-order logic where the binary predicate R(x. u : (R(s. where the correspondences between certain axioms and certain conditions are also summarised. v) ^ R(u. u 9v : (R(s. v)) First-Order Formula Figure 2. v 9w : R(u. Ri j= A.4 Known Correspondence and Completeness Results The logics we study are known to be characterised by certain classes of frames because it is known that particular axioms correspond to particular restrictions on the reachability relation R. w0 ) ! R(w0 . t) ^ R(s. Ri is a frame. w) 8w 9w0 : R(w. t. t)) 8u. Given a class of frames C . u)) ! (R(t. 1987]. y ) represents the reachability relation. u : (R(s. u) 8w. t) ^ R(t. suppose hW. an axiomatically formulated logic is sound with respect to C if for all formulae A: L j= A for all frames F 2 C : Logic L is complete with respect to C if for all formulae A: if F j= A for all frames F 2 C . Ri if and only if the reachability relation R meets a certain condition. F 2. t) ^ R(s. An axiom (schema) is valid in a frame iff all instances of that axiom (schema) are valid in all models based on that frame. u) 8s. u) _ t = u _ R(u. v) ! (R(u. t. w) 8s. V i (based on that frame). That is. A formula A is valid in a frame hW. iff it is valid in all models hW. w) ^ R(w. u : (R(s. Axioms and corresponding ﬁrst-order conditions on R W . R. if `L A then.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 301 Axiom Condition Reﬂexive Serial Transitive Euclidean Symmetric Weaklydirected Weaklyconnected Dense T D B 2 4 5 L X 8w : R(w. w0 ) 8s. v)) 8s. then `L A: A logic L is characterised by a class of frames C iff L is sound and complete with respect to C . Some interesting properties of frames which cannot be captured by any one axiom are given in Figure 3. see [Goldblatt. But . then a certain axiom A1 will be valid on hW. t. w0 : R(w. t. u)) ! (R(t. as shown in Figure 2. written as hW. u)) ! R(t. t) ^ R(s. u)) ! R(s. Ri.

a single reﬂexive point gives an (improper) 1R-chain: wRwRwRw . A set X is -satisﬁable iff there is an -model for X: An axiomatically formulated logic has the ﬁnite model property if every nontheorem A of can be falsiﬁed at some world in some ﬁnite -model.17. Because clusters are maximal we can order them with respect to R and speak of a cluster preceding another one. Figure 4 encapsulates the known characterisation results for each of our logics by listing the conditions on some class of frames that characterises each logic. w1 ) 8w1. 1983] are of particular interest precisely because of this ‘higher order’ nature. Kripke models and the notion of clusters see Goldblatt [1987] or Hughes and Cresswell [1984]. Given a frame hW. t : (R(s. t) ^ R(t. if hW. L L L L L L L L L L L L L Property Name Irreﬂexive Intransitive Antisymmetric Asymmetric Strict-order Property of 8w : :R(w. V i is an -model for a ﬁnite set X of formulae iff there exists some w0 2 W such that for all A 2 X . Then. then a cluster C is a maximal subset of W such that for all distinct worlds w and w0 in C we have wRw0 and w0 Rw: A cluster is degenerate if it is a single irreﬂexive world. if 6`L A implies that f:Ag has a ﬁnite -model. Informally. For an introduction to Kripke frames. V i is an -model iff hW. That is. For example. a model hW. w) 8s. w2 ) exor R(w2 . Thus we deﬁne a frame to be an -frame iff it meets the restrictions of Figure 4. van Benthem. Ri is an -frame.302 ´ RAJEEV GORE some quite bizarre axioms. Similarly. a cluster C is ﬁnal if no other cluster succeeds it and a cluster is last if every other cluster precedes it. r)) ! :R(s. Names of some non-axiomatisable conditions on R . w2 : (w1 = w2 ) ! (R(w1 . R. R is reﬂexive. r) 8s. an R-chain is a sequence of (not necessarily distinct) points from W with w1 Rw2 Rw3 R Rwn . Some of these ‘higher order’ conditions are explained next. A nondegenerate cluster is simple if it consists of a single reﬂexive world. An 1-R-chain is an R-chain where n can be chosen arbitrarily large. s)) ! (s = t) 8w1. 1984. otherwise it is nondegenerate. t) ^ R(t. Transitive frames are of particular interest when R is viewed as a ﬂow of time. w1 )) 6 R Figure 3. w2 ) ! :R(w2 . A formula A is -valid iff it is true in every world of every -model. Ri. t : (R(s. transitive and symmetric. r. R. A proper R-chain is an R-chain where the points are distinct. Note that in a nondegenerate cluster. w0 j= A. An -model hW. The breaks in Figure 4 correspond to the grouping of the tableau systems for these logics under Sections 4. w2 : R(w1 . whose corresponding conditions cannot be expressed in ﬁrst-order logic [van Benthem. A nondegenerate cluster is proper if it consists of two or more worlds.14–4. Ri is a frame where R is transitive.

transitive and no nonﬁnal proper clusters serial. y) ! R(y. transitive. z )) ! (R(x.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 303 Axiomatic L L-frame restriction Basis no restriction K K reﬂexive KT KT serial KD KD transitive K4 K4 Euclidean K5 K5 symmetric KB KB symmetric and serial KDB KDB reﬂexive and symmetric B KTB KD4 KD4 serial and transitive K45 K 45 transitive and Euclidean KD5 KD5 serial and Euclidean serial. z )) reﬂexive. Axiomatic Bases and -frames L . weakly-connected and no S4:3:1 nonﬁnal proper clusters S4Dbr KT 4Dbr reﬂexive. z )) reﬂexive. transitive and weakly-directed S4:2 KT 4:2 reﬂexive. z : S4R KT 4R (x 6= z ^ R(x. transitive and symmetric S5 KT 5 reﬂexive. z : S4F KT 4F (R(x. transitive and weakly-connected K4DL KD4L K4DLX KD4LX serial. no proper clusters and no Grz KGrz proper 1-R-chains transitive. transitive and 8x. weakly-connected and no nonﬁnal non-degenerate clusters and no K4DZbr K 4DZbr serial. y) ! R(y. z ) ^ :R(z. y. transitive and weakly-connected S4:3 KT 4:3 KT 4:3Dum reﬂexive. transitive and Euclidean KD45 KD45 reﬂexive and transitive S4 KT 4 symmetric and transitive KB4 KB 4 reﬂexive. weakly-connected and dense K4DLZ KD4LZ serial. transitive. weakly-connected. transitiveclusters nonﬁnal nondegenerate transitive and no 1-R-chains (irreﬂexive) G KG reﬂexive. y. no proper GL KGL clusters and no 1-R-chains (irreﬂexive) Figure 4. x)) ! (R(x. transitive. transitive. transitive and 8x. no proper clusters and no proper K 4Go K4Go 1-R-chains transitive.

axiomatic systems are notoriously bad for proof search because they give no guidance on how to look for a proof. Fitting also gives tableau systems that cater to both notions of logical consequence. the traditional axiomatically formulated logics obey the deduction theorem only if deducibility is deﬁned in a special way. thus the subscript is for the logic. As we saw in Section 2. 3 HISTORY OF MODAL TABLEAU SYSTEMS The history of modal tableau systems can be traced back through two routes. The syntactic route began with the work of Gerhard Gentzen [1935] and the numerous attempts to extend Gentzen’s results to modal logics. V i and for every w 2 W .5 Logical Consequence Suppose we are given some ﬁnite set of formulae Y . 1959. A j=L B iff Y j=L A ! B where we write Y. These notions can be generalised respectively to logical consequence Y j= A and Y ` A. and assume that the logic of interest is . a semantic version of the usual deduction theorem holds for local logical consequence viz: Y. and Y is just the conjunction of the members of Y . Such systems are the subject of the rest of this chapter. We write Y j=L A whenever A is a local logical consequence of Y in logic . some formula A. Curry [1952] appears to be the ﬁrst to seek Gentzen systems for modal logics. 1957 ]. By careful deﬁnition we can maintain the soundness and completeness results intact for these generalisations. Unfortunately. We say that the formula A is a local logical consequence of the set Y iff: for every -model hW. R. Fitting [1983] shows that a stronger version of logical consequence called global logical consequence corresponds to this notion of deducibility. A to mean Y fAg. one semantic and one syntactic.304 ´ RAJEEV GORE 2.6 Summary The semantic notion of validity j= A and the axiomatic notion of theoremhood ` A are tied to each other via the notions of soundness and completeness of the axiomatic deducibility relation ` with respect to some class of Kripke frames. not for the word ‘local’. it is b straightforward to show that Y j=L A iff fg j=L Y ! A where fg is the empty b set.2. Since both Y and A are evaluated at the same world w in this deﬁnition. soon followed by Ohnishi and Matsumoto [1957a. We concentrate only on the local notion since Fitting’s techniques can be used to extend our systems to cater for the global notion. if w j= Y then w j= A. L L L 2. Furthermore. Once the basic method was . Tableau systems also give rise to a syntactic notion of theoremhood but have the added beneﬁt that they facilitate proof search in a straightforward way. Kanger [1957] is the ﬁrst to use extra-logical devices to obtain Gentzen systems and is the precursor of what are now known as preﬁxed or labelled tableau systems.

1993. although he is sometimes unable to relate his tableau systems to his Gentzen systems (c. yet his sequent system for : is not).f. Borghuis. witnessed a resurgence. As we shall see. Beth. there is no explicit representation of the reachability relation. In many respects this early work on modal Gentzen systems was very difﬁcult because these authors had no semantic intuitions to guide them and had to work quite hard to obtain a syntactic cut-elimination theorem. such as transitivity or reﬂexivity. Here is an outline of what follows. and in general modal logic. 1993]. and deﬁne the notions of soundness and completeness of modal tableau S4 3 S4 3 . Regardless of this historical basis. During the eighties the two traditions were seen as two sides of the same coin. and systems. Rautenberg [1979] gives a rigorous account and covers many logics but has not received much attention as his book is written in German. We shall see that in some sense the two types of systems are dual in nature since implicit systems can be turned into explicit systems by giving a systematic method or strategy for the application of the implicit tableau rules. The semantic route began with the work of Beth for classical propositional logic [Beth. there are essentially two types of tableau systems which we shall call explicit systems and implicit systems. the primary emphasis is on the ability to distinguish different proofs so as to put a computational interpretation on proofs. Fitting’s book [1983] is the most widely known and covers most of the basic logics. while the syntactic tradition has gained prominence in the ﬁeld of type theory [Masini. The two routes began to meet in the late sixties when it was realised that classical semantic tableau systems and classical Gentzen systems were essentially the same thing. In automated deduction. 1955. his tableau system for : is cut-free. modal tableau systems. and these properties must be built into the rules in some way since we are not allowed to reason explicitly about R. whereas in type theory. the primary emphasis is on ﬁnding a proof. Not surprisingly. hence the reachability relation R plays a crucial part.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 305 worked out other authors tried to ﬁnd similar systems for other logics. the semantic tradition has assumed prominence in the ﬁeld of automated deduction. turning modal Gentzen systems into an industry for almost twenty years. 1953] but lay dormant for modal logics for almost twenty years until the advent of Kripke semantics [Kripke. From then on. the task is much easier when we use the associated Kripke semantics. In explicit systems. 1959]. In implicit systems. In the ﬁrst few sections we introduce the syntax of implicit modal tableau systems by deﬁning the form of the rules and tableau systems. and we are allowed to reason directly about the known properties of R. These are all purely syntactic aspects of modal tableau systems allowing us to associate a syntactic deducibility relation with modal tableau systems. but more recently. Recall that tableau systems are essentially semantic in nature. In the second part we introduce the semantics of modal tableau rules. the reachability relation is represented explicitly by some device. Zeman [1973] appears to be the ﬁrst to give an account of both traditions simultaneously. modal Gentzen systems involve a cut-elimination theorem.

Consequently we see that explicit tableau systems are better for the symmetric logics. assume we are given some ﬁnite set of formulae Y = fA1 . The main features of semantic tableau systems carry over from classical propositional logic in that a set of formulae X is deemed consistent if and only if no tableau for X closes. In this context. the monotonic modal logics used to deﬁne nonmonotonic modal logics of knowledge and belief. in every -model. The extra power of explicit tableau systems comes from the labels which carry very speciﬁc semantic information about the (counter-)model under construction. but see Fitting [1983] for a treatment of quantiﬁed modal tableau systems. see [Fitting.1 Purpose of Modal Tableau Systems As stated in the introduction. must also make A true. Ak g. Thus. modal logics with ‘provability interpretations’. the formula Y ! A must be -valid. Thus. and b b some formula A.306 ´ RAJEEV GORE systems with respect to these semantics. each world that makes each member of Y true. our modal tableau systems are anchored to the semantics of the modal logic although they can be used in sequent form to obtain metamathetical results like interpolation theorems as well. For the sake of brevity we do not consider quantiﬁed modal logics. then. we can construct a model to demonstrate that X is indeed satisﬁable. Modal tableau systems give us a purely syntactic method of determining whether or not some given formula is -valid. By deﬁnition. if the b set Y f:Ag is not -satisﬁable. monomodal logics of linear and branching time. we concentrate on the use of modal tableau systems for performing deduction. Let Y = (A1 ^ A2 ^ ^ Ak ) with Y = ? when k = 0. In the later sections of this chapter we introduce explicit tableau systems since they are an extension of implicit tableau systems. . 4 MODAL TABLEAU SYSTEMS WITH IMPLICIT ACCESSIBILITY 4. L L L L L . modal tableau systems can be seen as refutation procedures that decompose a given set of formulae into a network of sets with each set representing a possible world in the associated Kripke model. 1985]. from these open tableaux. Now. then. Rautenberg. That is. Furthermore. 1983] and [Rautenberg. 1983. thus tying the syntactic notion of consistency to the semantic notion of satisﬁability. We then give tableau systems in decreasing detail for: the basic modal logics. they give us a method of determining whether A is a local logical consequence of a set of formulae Y . In the last part we introduce the mathematical structures that we shall need to prove the soundness and completeness of the given tableau systems. if the set Y f:Ag is not -satisﬁable. and multimodal logics of linear and branching time.

. Qi and Pi denote (well formed) formulae. : and ^ as primitives and deﬁning all other connectives from these. We use the terms numerator and denominator rather than premiss and conclusion to avoid confusion with the sequent terminology. P . Each denominator usually contains one or more distinguished formulae called the side formulae. A tableau rule consists of a numerator N above the line and a (ﬁnite) list of denominators D 1 . P ) stands for X fP g. then so is one of the denominators’. Thus. P. P ) = (X . Note that (X . P ) so that the number of copies of the formulae and their order are immaterial as far as the notation is concerned. there are no explicit rules for _ and ! but these can be obtained by rewriting A _ B as :(:A ^ :B ) and A ! B as :(A ^ :B ). we use a slightly different formulation where formulae are carried from one tableau node to its child because the direct correspondence between sequent systems and tableau systems is easier to see using this formulation. . each tableau rule is read downwards as ‘if the numerator is -satisﬁable.(X . q denote primitive (atomic) propositions from P . Q. P . To minimise the number of rules. . denotes the empty set. in parentheses. Z denote ﬁnite (possibly empty) sets of (well formed) formulae. As we shall see later. We use the following notational conventions: - ? denotes a constant false proposition and .2 Syntax of Modal Tableau Systems The most popular tableau formulation is due to Smullyan as expounded by Fitting [1983]. taking 2. D 2 . P ) and also that (X . . . . Following Hintikka [1955] and Rautenberg [1983. . . The rule name appears L .2X stands for f2P j P 2 X g.X. Y ) stands for X Y and (X . Y. p. All our tableau systems work with ﬁnite sets of formulae. Q) = (X . Each tableau rule is labelled with a name which usually consists of the main connective of the principal formula. The numerator of each tableau rule contains one or more distinguished formulae called the principal formulae.Dk (below the line) separated by vertical bars: ( ) D jD N 1 2j j Dk The numerator is a ﬁnite set of formulae and so is each denominator.:2X stands for f:2P j P 2 X g: We use P and Q as formulae in the tableau rules and use A and B in the axioms to try to separate the two notions. for example.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 307 4. we work with primitive notation. Q. but may consist of a more complex name. 1985].

a rule name (_). The steps for extending the tableau are: L L L K K . :P ? . a numerator X . 2 . ( )g. Y are sets and P . ( ) XXY .: (K ) 2X . Figure 5 contains some tableau rules which we shall later prove are those that capture the basic normal modal logic . L L . P . thus C = f(?). and 3. (:) XX::P . otherwise it is open. The rule (?) is really a check for inconsistency. . Conversely we say that . :(P ^ Q) with a principal formula :(P ^ Q). :2P X :P Figure 5. j . (_). A tableau rule with numerator N is applicable to a node carrying set Y if Y is an instance of N . thus C = f 1 . For example.P ^Q X P. 2. :Q with respective side formulae :P and :Q. with successor i carrying an appropriate instantiation of denominator Di .. A C -tableau for X is a ﬁnite tree with root X whose nodes carry ﬁnite formula sets.choose a leaf node n carrying Y where n is not an end node. (^).: ^ (_) XX:P (P X Q)Q .308 ´ RAJEEV GORE Q (^) X . 2 . :P and X . (_) X . . therefore. . A branch in a tableau is closed if its end node is f?g. two denominators X . below at right is a tableau rule with: 1. :P j X .if has k denominators then create k successor nodes for n. we say that a set X is C -consistent if no C -tableau for X is closed. (K ). (:). otherwise it is open. Q are formulae at the left when the rule is being deﬁned. :Q A tableau system (or calculus) C is a ﬁnite collection of tableau rules 1 .all with the proviso that if a successor s carries a set Z and Z has already appeared on the branch from the root to s then s is an end node. Tableau rules for C K where X . .P (?) X . . and appears at the right when we use a particular instance of the rule. m identiﬁed with the set of its rule names. A tableau is closed if all its branches are closed. and choose a rule which is applicable to n. mg. :(P ^ Q) X .

:2qg (K ) f:(p ^ :q). capture axiomatically formulated theoremhood only. if every model that makes Y true at world w also makes A true at world w. p. p. We already know that axiomatically formulated is also sound and complete with respect to -frames. :qg (?) ? 4. The formula 2(p ! q ) ! (2p ! 2q ) is an instance of the axiom .3 Soundness and Completeness Tableau systems give us a syntactic way to deﬁne consistency. 2 . If we can show that C is also sound and complete with respect to -frames then we can complete the link between C and via: b b Y `C A iff Y j=L A iff j=L Y ! A iff `L Y ! A. :q (_) :p. 2p. and hence theoremhood. :2 (^) 2:( ^ : ). :qg (_) f:p. Completeness: We say that C is complete with respect to -frames (the Kripke semantics of ) if: Y j=L A implies Y `C A. Below at right is a more succinct version of the same C -tableau. :q (?) j ::q. as given. L L L L L K K K K f2:(p ^ :q) ^ 2p ^ :2qg (^) f2:(p ^ :q) ^ 2p. :qg (?) ? :(p ^ :q). As stated previously. a formula A is a theorem of C iff there is a closed tableau for the set f:Ag. p. Its negation can be written in primitive notation and simpliﬁed to 2(:(p ^ :q)) ^ 2p ^ :2q. the notions of soundness and completeness relate these syntactic notions to the semantic notions of satisﬁability and validity as follows. :2qg (^) f2:(p ^ :q). L L L L L L L L L L L L L L L L L L L . if there is a closed C -tableau for Y f:Ag then any -model that makes Y true at world w must make A true at world w. In words. :2 ( ) p q p q p q p q p q p q K QQ f::q. We write `C A if A is a theorem of C and write Y `C A if Y f:Ag is C -inconsistent. p. Hence 2(p ! q ) ! (2p ! 2q ) is a theorem of C . As with the axiomatic versions of these notions. then some C -tableau for Y f:Ag must close. p. In words. p. Below at left is a closed C -tableau for the (singleton) set X = f2(:(p ^ :q)) ^ 2p ^ :2qg where each node is labelled at the right by the rule that produces its successor(s). :q (?) 2:( ^ : ) ^ 2 ^ :2 (^) 2:( ^ : ) ^ 2 .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 309 EXAMPLE 1. Thus our tableau systems. Soundness: We say that C is sound with respect to -frames (the Kripke semantics of ) if: Y `C A implies Y j=L A.

p ^ q (^) p. In fact.310 ´ RAJEEV GORE they can be easily extended to handle the stronger notion of ‘deducibility’ using techniques for handling global logical consequence from Fitting [1983].. 4.P ^Q X P. P ^ Q) = (.4 Relationship to Smullyan Tableau Systems Tableau systems are often presented using trees where each node is labelled by a single (possibly signed) formula [Fitting. and then to extend all branches below this formula by adding other formulae onto the end of these branches.5 Structural Rules Tableau systems are closely related to Gentzen systems and both often contain three rules known as structural rules. For modal logics. the thinning rule ( ) allows us to capture the desired deletion rules.. P = p. the order of the formulae in the set is immaterial. . Contraction The (^) rule is shown below left. Consider the two applications of the (^) rule shown at right: Q (^) X . p ^ q) = fp ^ qg . In particular. 1983]. some of the tableau rules demand the deletion of formulae from the current branch. Thus a commonly used rule called the ‘exchange’ rule that simply swaps the order of formulae is implicit in our formulation. as well as the addition of new formulae. p . The left hand application is intuitive. so called because they do not affect a particular formula in the numerator but the whole of the numerator itself. q (^) = . q p^q p ^ q . corresponding to putting X and Q = q giving a numerator N = (X . 4. the tableau rules are often summarised using set notation by collecting into a numerator all the formulae on the branch prior to a tableau rule application. The associated tableau rules then allow us to choose some formula on the current branch as the principal formula of the rule. Such summarised rules correspond exactly to the tableau rules we use. Exchange Since we use sets of formulae. and collecting into one or more denominators all the formulae that remain after the tableau rule application.

X . the right-hand derivation is also legal since we can put X P = p. p ^ q) = fp ^ qg and hence obtain the denominator D = (X . Now. It is tempting to add a rule called the contraction rule (ctn) as shown below left. in certain modal logics. p. An explicit contraction rule is not what we want. q) = fp. Q) = (p ^ q. That is. Completeness is essential if our tableau systems are to be used as decision procedures.P ^Q X P. For an example. thus we need a way to duplicate formulae. a similar tableau for X may close if we carry a copy of the principal formula into the denominator. for the deﬁnition of a tableau is in terms of nodes carrying sets and the two nodes of the right-hand tableau carry identical sets since (p ^ q. qg: Thus. 2p. qg: However. Thus. 2p (ctn) But now we have a problem. 2pg. . Q) = (. 2p) = (p ^ q. N = (X . . P .^ Q. the rule below at left explicitly stipulates that a copy of the principal formula P ^ Q must be carried into the denominator. However. a tableau for X may not close if we always delete the principal formula. Q P P Q (^) X ..TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 311 and hence obtaining the denominator D = (X . and yet. p. 2p) = fp ^ q. they also allow us to carry that formula into the denominator if we so choose. P . 2p. And below at right is an application of it where we duplicate the formula 2p in N = fp ^ q. the deletion of the principal formula leads to incompleteness. although our tableau rules seem to delete the principal formulae in a rule application. 2p p ^ q. and Q = q to give the numerator = fp ^ qg. Q. P X. However. it can be shown that the deletion of the principal formula does no harm. 2pg: (ctn) X. p. So for example. P . any explicit application of the contraction rule immediately gives a cycle and stops the tableau construction. in classical propositional logic. In order to avoid these complexities we shall omit an explicit contraction rule from our tableau systems and make no assumptions about the deletion or copying of formulae when moving from the numerator to the denominator. P p ^ q. see Example 8 on page 324. whereas the rule below at right allows us to choose for ourselves: P^ (^0 ) X . P ^ Q) = (p ^ q. when we wish to copy the principal formula into the denominator we shall explicitly show it in the denominator. q) = fp ^ q.

bearing no relationship to the numerator X . Some of our systems require such an analytic cut rule for completeness. but we choose to make it explicit because it helps to keep the modal rules simpler. The thinning rule can also be built into the modal rules as we shall show. we follow this latter route. Alternatively it becomes necessary if we use a base rule like the one shown at below left: L L P . :P Consequently. Y ) as a new root node. :P (?) ? KE (cut) X X . For most of our systems. P j X . Cut The cut rule shown below encodes the law of the excluded middle but suffers the disadvantage that the new formulae P and :P are totally arbitrary. :P The redundancy of the cut rule is therefore very desirable and can be proved in two ways. In tableau systems for classical logic it can be built into the basic consistency check by using a base rule like our (?) (shown below right) since all formulae that are not necessary to obtain closure can be stashed in the set X . The ﬁrst is to allow the cut rule and show syntactically that whenever there is a closed C -tableau for X containing uses of the cut rule. To use the (cut) rule we have to guess the correct P (although note that modal tableau systems based on Mondadori’s system [D’Agostino and Mondadori. L L L L . Y ) simply by adding (X . Thus the formulae that appear in the denominator are not totally arbitrary. there is another closed C -tableau for X containing no uses of the cut rule. This is the cut-elimination theorem of Gentzen. our tableau system C is complete for classical propositional logic without ( ) and the thinning rule is required only for the modal aspects. A more practical version of the cut rule. P . It encodes the monotonicity of a logic since it encodes the principle that if Y `C A then X Y `C A. 1994] can use cut sensibly): ? K X . is one where P is a subformula of some formula in X . known as analytical cut. The alternative is to omit the cut rule from the beginning and show that the cut-free tableau system C is nevertheless sound and complete with respect to the semantics of the logic .312 ´ RAJEEV GORE Thinning The thinning rule ( ) allows us to convert any tableau for a given set Y into a tableau for a bigger set (X . The use of analytic cut is not as bad as it may seem since it can lead to exponentially shorter proofs.

But notice that here we have applied the ( ) rule. . in order to apply the (K ) rule. In fact. 2X . the numerator (schema) 2X . and has leaves labelled with the schemata D 1 . If C is sound and complete with respect to -frames and sound with respect to -frames then ( ) is admissible in C . Dn and let C be the tableau system C f( )g. but where the rules are applied to schema rather than to actual sets of formulae. For example. We can ensure that the new rules do not add to the deductive power of the system as follows.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 313 4. :2P (K ) X . :2P is not allowed to contain nonmodal formulae like p ^ q . but to a schema which represents a set of formulae. L L L L ( ) is . . But if a sequence of rule applications is used often then it is worth deﬁning a new rule as a macro or derived rule. these undesirable elements have to be ‘thinned out’ via the set Y as shown below left. not to a set of formulae. the subsequent application of the (K ) rule is also applied to a schema rather than an actual set of formulae. More formally. Thus our rules are really rule schemata which we instantiate by instantiating X to a set of formulae. Before applying the (K ) rule. if: a C -tableau for X is closed iff a C -tableau for X is closed. :P (K ) Y . not to actual sets of formulae. the cut rule is not derivable in C since the denominators of each rule of C are always related to the numerator of that rule. which denote sets of formulae. K K L L L L L L L LEMMA 2. :2P X . .D k is derivable in C iff there is a ﬁnite C -tableau that begins with the schema N itself. we apply rules to set variables and to formula variables. And in deﬁning a macro. if we replace (K ) by (K ) in C then ( ) becomes superﬂuous since these are the only necessary applications of ( ). whereas (cut) breaks this property since the P in the denominator is arbitrary. and instantiating :2P to a particular formula like :2q say. we have always applied the rules to sets of formulae. and formulae variables like :2P which denote formulae with a particular structure. And similarly. L L L K Y. And up till now. D2 . That is. D 2 . 2X .Dk . :2P ( ) 2X . :P On the other hand.6 Derived Rules and Admissible Rules Our rules are couched in terms of (set) variables like X . Since such an application of ( ) may be necessary before every application of (K ) it may be worth deﬁning a ‘derived rule’ (K ) which builds in this thinning step as shown below right. it is often possible (and useful) to add extra rules even though these rules are not derivable. Let ( ) be an arbitrary tableau rule with a numerator N and n denominators D1 . D2 . a rule ( ) with numerator N and denominators D1 . For example. Then the rule ( ) is said to be admissible in C if: X is C -consistent iff X is C -consistent. The addition of derived rules does not affect soundness and completeness of C since their applications can be replaced by the macro-expansion.

L L L PC PC PC PC PC PC PC . (_) and (:). 4. To prove the other direction suppose that C is sound and complete with respect to -frames. that ( ) is sound with respect to -frames. The assumption is that we are given a closed C PC-tableau for some set X that matches the numerator N of rule ( ). The corresponding denominators of ( ) must also contain fp. But the following rules are clearly sound with respect to the semantics of classical logic. By the completeness of C . Proof. :pg since neither p nor :p can be the principal formulae of ( ). Since C C we know that if X is C -consistent then X is C consistent. We prove this simultaneously for all three rules by induction on the length of the -tableau for X .X . (_) and (:) are invertible in C A tableau rule ( ) is invertible in C iff: if there is a closed C -tableau for (an instance of) the numerator N then there are closed C -tableaux for (appropriate instances of) the denominators D i . Suppose now that the given closed C -tableau for X is of length n. :pg X . L L L L L L L L L L L L L L L L L L L For example. PC. and we also ignore the rule ( ) since any closed C -tableau that uses ( ) can be converted into one that does not use ( ). !QQ) : instantiations of the denominators of ( ). Since ( ) is sound with respect to -frames. but only give the case for the (^) rule in detail. that is. and hence are admissible for C (the calculus C minus the (K ) rule) since C is sound and complete with respect to the same semantics: PC K PC . P j X. by the soundness of C this implies that X must be -unsatisﬁable. and that X is C -consistent.(P . there is some atomic formula p such that fp. where ( ) is one of (^). so is C . (!) XX:P ! QQ . Hence X must be C -consistent. We have to prove that there is a closed C PC-tableau for the corresponding LEMMA 3. The base case for the induction proof is when the length of the given closed C -tableau for X is 1. The induction argument requires slight modiﬁgiven closed C cations to our C -tableaux: we assume that all applications of the rule (?) are restricted to atomic formulae since every closed C -tableau can be extended to meet this condition. So these denominator instances are also closed. The induction hypothesis is that the lemma holds for all closed C -tableaux of lengths less than n. We argue by cases. Then there is a closed C -tableau for X which must utilise the rule ( ) since this is the only difference between C and C .314 ´ RAJEEV GORE Proof. there is no rule for A ! B in our tableau system since we always use primitive notation and rewrite A ! B as :(A ^ :B ). The rules (^). Suppose X is not C consistent. contradiction. the set X must be -satisﬁable.7 Invertible Rules :P (: !) X . But.

deg(B )) deg(2A) = 1 + deg(A) mdeg(A) = 0 when A is atomic mdeg(:A) = mdeg(A) mdeg(A ^ B ) = max(mdeg(A). Then.8 Subformula Property and Analytic Superformula Property For a formula A. P . the degree deg (A) counts the maximum depth of nesting while the modal degree mdeg (A) counts the maximum depth of modal nesting. by the induction hypothesis. 1 i 2. Q). and the C -tableau for it closes. It is crucial that the length of the new C -tableau is also n. must have a closed C -tableau of length less than n. as desired. P ^ Q). 1 i 2. the length of the ‘new’ C -tableau is actually n 1. since A must be some formula from Z . 1 i 2. P . Similar to above. PC (_) (:) If P ^ Q is the principal formula A of ( ) then ( ) = (^) has only one denominator (Z . Q) as the denominators of ( ). PC PC If P ^ Q is not the principal formula A of ( ) then the denominators of ( ) 0 are of the form (Zi . Q) and use ( ) with the If we now start a separate C 0 same A 2 Z as the principal formula. PC PC PC -tableau for (Z . P ^ Q) and we have to provide a closed C -tableau for the corresponding denominator (Z . P . P . P . In this case. mdeg(B )) mdeg(2A) = 1 + mdeg(A) For a ﬁnite set X : deg(X ) = maxfdeg(A) j A 2 X g mdeg(X ) = maxfmdeg(A) j A 2 X g . But this is the closed C -tableau we had to provide. Their deﬁnitions are: deg(A) = 0 when A is atomic deg(:A) = 1 + deg(A) deg(A ^ B ) = 1 + max(deg(A). Consider the actual ﬁrst rule application ( ) in the given closed C -tableau for (Z . 4. PC PC PC PC PC PC Similar to above. P ^ Q). The given C -tableau for (Z . P ^ Q) is closed. P . Since we already have closed C -tableaux for these sets. Q). there are closed C -tableaux of length less than n for each (Zi0 . we obtain the sets (Zi . P ^ Q). Q). Q). so each (Zi0 .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 315 (^) The numerator is of the form N = (Z . we have a closed C -tableau for (Z .

a ﬁnite set XC L such that XC L contains all formulae that may appear in any tableau for X . or of a set of formulae. pg For a ﬁnite set of formulae X.316 ´ RAJEEV GORE The set of all subformulae of a formula. the set of all subformulae Sf (X) consists of all S subformulae of all members of X . that is. A tableau rule has the subformula property iff every formula in the denominators is a subformula of some formula in the numerator. The modal tableau rules for more complex logics. all is not lost. :q. Nevertheless. the ﬁnite set of all subformulae Sf (A) is deﬁned inductively as [Goldblatt. but may remain the same. if the principal formula is not copied into the numerator. thereby increasing both the degree and the modal degree. Notice that the rules of C do not have the subformula property. A tableau system C has the subformula property iff every rule in C has it. for both the (_) and (K ) rule denominators contain formulae which are negations of a subformula of the principal formula. 1987]: Sf (p) = fpg where p is an atomic formula Sf (A ^ B ) = fA ^ B g Sf (A) Sf (B ) Sf (:A) = f:Ag Sf (A) Sf (2A) = f2Ag Sf (A) Note that under this deﬁnition. Since XC L L L Since C L has the analytical superformula property the only C L-tableaux . p. In order to prove this claim we need to introduce the idea of an analytic superformula. we need consider are those whose nodes carry subsets of the set XC L . L L L K L LEMMA 4. If C has the analytic superformula property then there are (only) a ﬁnite number of C -tableaux for the ﬁnite set X . Sf (X ) = A2X Sf (A): The set of strict subformulae of A is Sf (A) n fAg. introduce quite complex ‘superformulae’ into their denominators. Furthermore. for every tableau will be guaranteed to terminate. :p. :p ^ :q. The intuition is simple: rules will be allowed to ‘build up’ formulae so long as the rules cannot conspire to give an inﬁnite chain of ‘building up’ operations. A tableau system C has the analytical superformula property iff to every ﬁnite set X we can assign. But clearly this is not a disaster since the degree is not actually increased. qg = f:2:p. for example: Sf (p _ q ) Sf (3p) = = Sf (:(:p ^ :q )) Sf (:2:p) = f:(:p ^ :q). however. a formula must be in primitive notation to obtain its subformulae. a priori. 2:p. then termination is guaranteed without cycles since every rule application is guaranteed to give a denominator of lower degree. possibly with a cycle. :p. eventually leading to a node with degree zero. is used extensively. If C has the subformula property then each rule can be seen to ‘break down’ its principal formula(e) into its subformulae. For a formula A. Proof.

or they represent different worlds in the same model as in the (K ) example. As another example the (K ) rule is sound with respect to -models because if we are given some -model hW. :2P then we know that w has some successor w0 2 W such that wRw0 and w0 j= :P (by the deﬁnition of w j= :2P ). a tableau system C is sound with respect to -frames if Y implies Y j=L A. that we have a closed C -tableau for X = (Y . in general. L L `C L A Proof Outline. the numerator and denominators of a tableau rule either represent the same world in the same model as in the (^) example. Dynamic Rules and Invertibility The previous two examples show that. for each C -tableau rule we show that if the numerator is -satisﬁable then at least one of the denominators is -satisﬁable. V i with some w 2 W such that w j= 2X . Instead. For example. :P . p. that Y j=L A. the calculus C has the analytic superformula property because for any given ﬁnite X we can put XC K = Sf (X ) :Sf (X ) f?g. The base case is when the tableau consists of just one application of the (?) rule. that is. This would allow us to lift the -unsatisﬁability of the leaves up the tree to conclude that the root X is -unsatisﬁable. We therefore categorise each rule as either a static rule or as a transitional rule. that is. R. that is. We know that all leaves of this (closed) tableau end in f?g: So all we have to show is that for each C -tableau rule: if all the denominators are -unsatisﬁable then the numerator is -unsatisﬁable. the number of subsets of XC L is also ﬁnite. L L L L L L L L L L L L L Thus proving the soundness of a tableau system is possible on a rule by rule basis. the set X must contain some P and also :P and is clearly -unsatisﬁable (since our valuations are always classical two-valued ones). R0 . Furthermore.9 Proving Soundness By deﬁnition. although the underlying model has remained the same. Thus we can ﬁnd a w0 2 W such that w0 j= X . is ﬁnite. . the (^) rule is sound with respect to -models because if we are given some -model hW. p ^ q . Then we use induction on the structure of this tableau to show that X is -unsatisﬁable. V i with some w 2 W such that w j= X . :A). the world w0 may be different from w. K K K K K 4. R0 . K 4. In this case. we show the contrapositive. Now suppose that the (closed) C -tableau is some ﬁnite but arbitrary tree. then we can always ﬁnd a -model hW 0 . R.10 Static Rules. V 0 i and putting w = w0 . q by simply putting hW. In this case. since w j= 2X and wRw0 we know that w0 j= X (by the deﬁnition of w j= 2P ).TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 317 For example. V i = hW 0 . To prove this claim we assume that Y `C A. R. V 0 i with some w0 2 W 0 such that w0 j= X .

1955]. Downward Saturated Sets A set X is closed with respect to a tableau rule if. the tableau rules for C are categorised as follows: K CL Static Rules Transitional Rules C K ( ). whenever (an instantiation of) the numerator of the rule is in X. (:). safe in the knowledge that each of these sets is C -consistent. We shall have to prove this lemma for each C by extending Lemma 3. L 4. (?). so is (a corresponding instantiation of) at least one of the denominators of the rule. LEMMA 6. Y `C A. For each C with the analytic superformula property and each ﬁnite C -consistent X there is an effective procedure to construct some ﬁnite C saturated (and C -consistent) X s with X X s XC L . Hence we demonstrate by construction that Y 6j= A. (_) (K ) The division of rules into static or transitional ones is based purely on the semantic arguments outlined above. whereas in the transitional rules.318 ´ RAJEEV GORE The intuition behind this sorting is that in the static rules. the numerator and denominator represent different worlds (in the same model). LEMMA 5. Then we pick and choose sets with certain special properties from possibly different open tableaux for X .11 Proving Completeness via Model-Graphs By deﬁnition. The basic idea is due to Hintikka [Hintikka. But there is a proof-theoretic reason behind this sorting as captured by the following lemma. The static rules of invertible in C . For example. and use them as possible worlds to construct an -model M for X . are precisely the rules that are Proof. We prove the contrapositive. A set X is C -saturated if it is C -consistent and closed with respect to the static rules of C excluding ( ).14. L C L is complete with respect to L-frames iff: Y j=L A implies L L L L In order to do so we ﬁrst need some technical machinery. we assume Y 6`C A by assuming that no C -tableau for X = (Y . L C L. And it is precisely the requirement of invertibility that sometimes requires us to copy the principal formula into the numerator. (^). the numerator and denominator represent the same world (in the same model). except ( ). Proof Outline. The model M is deliberately constructed so as to contain a world w0 such that w0 j= Y and w0 j= :A. :A) is closed. see Section 4. That is. L L L L L L L .

‘part of’ because ( ) may have more than one denominator and D is an instance of only one of them. if wRw0 and 2P 2 w then P 2 w0 : L L . Let X s = Xn . terminating with some ﬁnal Xn because Xn is closed with respect to every static rule of C . If there are none. except ( ). A). and is C -consistent. In the next section we introduce the technical machinery necessary to extend this method to modal logics. the number of choices for ( ) is one less. so if there is a closed C -tableau for (Yi . A) and D = (Yi . that is. But ( ) is invertible in C . Since ( ) was applicable to A. then there is a closed C -tableau for (Yi . such sets are called downward saturated sets and form the basis of Hintikka’s [1955] method for proving completeness of classical tableau systems. Suppose that this application of ( ) has a principal formula A 2 Xi and side formulae fB1 . if :2P 2 w then there exists some w0 2 W with wRw0 and :P 2 w0 . . For a contradiction. B1 . Since Xi+1 is closed with respect to at least one more rule application. A model graph for some ﬁnite ﬁxed set of formulae X is a ﬁnite -frame hW. we know that no C -tableau for X closes and hence that the (?) rule is not applicable. Bk ) gives a part of an instance of ( ). . then we are done. no C -tableau for Xi+1 closes. let i = 0 and let ( ) 6= ( ) be a static rule of C with respect to which X0 is not closed. At least one of these denominators must have only open C -tableaux. as desired. Bk g Yi . B1 . Let X0 = X . Furthermore. assume that Xi+1 is C -inconsistent. . thereby making Xi+1 closed with respect to this particular application of ( ). Given a C -consistent set Xi which is not closed with respect to the static rule ( ) 6= ( ). By always iterating on the new set we obtain a sequence of ﬁnite C -consistent sets X0 Xi+1 . this means that there is a closed C -tableau for Yi . Bk g Yi . Ri such that all w 2 W are C -saturated sets with w XCL and (i) (ii) (iii) X w0 for some w0 2 W . assume that there is a closed C -tableau for (Yi . putting N = (Yi . Put Xi+1 = (Yi . Contradiction. we have X X s XCL. Since each rule carries subsets of XC L to subsets of XC L and we start with X XCL. . Since X is C -consistent. A). hence Xi+1 is C -consistent. So choose a denominator for which no C -tableau closes and let Yi be the C consistent set carried by it. Since fB1 . apply ( ) to (the numerator) Xi to obtain the corresponding denominators. that is.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 319 Proof. Now repeat this procedure on Xi+1 . the resulting set Xi+2 is guaranteed to be C -consistent. Bk ). A) by adding A to Yi . L L L L L L L L L L L L L L L L L L L In classic logic. Model Graphs and Satisﬁability Lemma The following deﬁnition from Rautenberg [1983] is central for the model constructions.

320 ´ RAJEEV GORE LEMMA 7. L L L L . Fitting [1983]. The procedure for each tableau system C is: 1. Gor´ [1992.12 Finite Model Property and Decidability In the above procedure. page 154 ]. that is decidable and that C is a decision procedure for deciding local logical consequence (Y j=L A) in . let #(p) = fw 2 W : p 2 wg. R. giving inﬁnite models rather than ﬁnite models. deﬁne the tableau rules for C . prove that each C L-consistent X can be extended (effectively) to a C L5. L L L L X s XC L . Hence C provides a decision procedure for determining whether Y j=L A. By (a). L L 4. Ri is a model graph for X then there exists an -model for X [Rautenberg. #i is an -model for X [Rautenberg. L L This model graph construction is similar to the subordinate frames construction of Hughes and Cresswell [1984] except that Hughes and Cresswell use maximal consistent sets and do not consider cycles. if M can be chosen ﬁnite (for ﬁnite X ) then the logic has the ﬁnite model property (fmp). see Hughes and Cresswell [1984. it is easy to show that (a) A 2 w implies w j= A. Hanson [1966]. Shvarts [1989]. 3. 1994 ] and Amerbauer [1993]. and (b) :A 2 w implies w 6j= A. The presentation is based on the basis laid down in the previous subsections and is therefore rather repetitive. 4. Using simultaneous induction on the degree of an arbitrary formula A 2 w. saturated X s with X L L 4. For every p 2 P . prove that the C rules are sound with respect to -frames. Most of e the systems are cut-free but even those that are not use only an analytical cut rule.13 Summary In the rest of this section we present tableau systems for many propositional normal modal logics based on the work of Rautenberg [1983]. 1983]. prove that the C rules are complete with respect to -frames by giving a procedure to construct a ﬁnite -model for any ﬁnite C -consistent X and hence prove that has the ﬁnite model property. Each tableau system immediately gives an analogous (cut-free) sequent system. L L 2. It is known that a ﬁnitely axiomatisable normal modal logic with the ﬁnite model property must be decidable. Proof. If hW. 1983]. w0 j= X hence the model M = hW. deﬁne XC L for a given ﬁxed X . 1991.

TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 321 4. Intuitions for (T ) : if the numerator represents a world w where X and 2P are true. The entries marked by question-marks are open questions. there must be a world w0 reachable from w such that w0 makes P false and makes all the formulae in X true.let 2(X ! 2X ) denote the set f2(P ! 2P ) j P 2 X g. e . seriality.let X denote the set Sf (X ) :Sf (X ) f?g. that is 3P . Then the deﬁnition of 2P forces P to be true at w0 . The calculi marked with a superscript y require analytic cut whilst the others are cut-free.14 The Basic Normal Systems In this section we study the tableau systems which capture the basic normal modal logics obtained from various combinations of the ﬁve basic axioms of reﬂexivity. This sorting should become even clearer once we prove soundness. transitivity. Euclideaness. Intuitions for (D) : if the numerator represents a world w where X and 2P are true. Intuitions for (K ) : if the numerator represents a world w where 2X and :2P are true. . The tableau systems are shown in Figure 7 on page 323 and the only structural rule is ( ).let Sf (X ) denote the set of all subformulae of all formulae in X . but require an analytic cut rule to handle symmetry. then every successor of w must make P true. In each case. must be . We shall also see that some of the basic logics have no known implicit tableau systems. e e e . then since :2P = 3:P . We shall see that implicit tableau systems can handle certain combinations of the ﬁrst four properties with ease. The following notational conventions are useful for deﬁning XC L for each X and each C . By reﬂexivity of R the world w itself must be one of these successors. then by seriality of R there must exist some w0 such that wRw0 . static rules and transitional rules as explained on page 318. Tableau Calculi and one or more logical rules from All the tableau calculi contain the rules of C Figure 6 on page 322. and symmetry. For any ﬁnite set X : L j P 2 Sf (X )g. The denominator of the (K ) rule represents w0 . we give the tableau calculi and prove them sound and complete with respect to the appropriate semantics. The semantic and sometimes axiomatic intuitions behind these rules are as follows. Hence :2:P . The rules are categorised into two sorts. e We sometimes write Sf X instead of Sf (X ) whence X = (Sf :Sf X ) f?g.let :Sf (X ) denote f:P PC . leaving an avenue for further work.

. X (D) X . :P g may be empty 2 : (K 4) X . . :2P X :P . (sfc3).X . 2P. .2P 2 :P 2X :2Y :2P (45) X .(PP . :Q j : Q (sfc) = f(sfc2). :QX . :2P . 2P .. :P P : ^ (sfc_) X . P j X .X .. :P .j 2P 2P .:2P . 2Q (T3 ) XX22PP::2Q .:2P 2X :P fP g f:P g may be empty .X ..:2P . 2 (sfc3) X . .P:2P . . 2:2P X :2P X: (5) X . :P 2X :2Y :2P (45D) X . P .2Y .. P . (B ) X . (T ) XX22PP . P.. Tableau Rules for Basic Systems . P.P . :P . :2P . :P P where f:2P.P P : : X (sfc2) X .:2Y .. Q)j X .X .:2P .:2Y . 2X . (sfc_)g (sfcT ) = f(sfc_). :P where Y (S 4) 2X . j:X .Y:.322 ´ RAJEEV GORE (K ) 2X . (sfc3)g Figure 6. :2.X . :P X.2P .2P 2P 2: 2 :2 :2 (S 5) 2X . 2X .2P :P :2 X :2 (KD) 2X .

(_) — C PC C PC. (T ). (T3). (T ). (sfcT ) C PC. (5) C PC. (T ) C PC. (D) C PC ? ? ? ? (KD) (K 4) (K 4) (45) (45D) (S 4) (S 5) (45) (45D) (K 4) (S 4) (K ) (S 4) (S 5) ? ? ? ? (K ) (K ) (K ) e Sf :Sf 2X C PC C PC. Tableau Calculi for Basic Systems . (?). (T ) C PC. (sfc) C PC. (sfcT ) C PC. (D) C PC C PC C PC.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 323 CL C PC CK CT CD C D0 C KB C K4 C K5 C KDB C KD5 C K4D C K45 C K45D C S4 C S5 C y K45 C y K45D C y K4B C y S4 CyB C y S5 C y S50 Static Rules Transitional Rules XCL e X e X e X e X e X ( ). (sfc) C PC. (sfc). (T ). (:). (T ) C PC. (B ). (sfcT ) C PC. (sfcT ) ? ? ? ? e Sf :Sf 2X e X e X e X e X e X e X e X e X e Sf :Sf 2X e Sf :Sf 2X e Sf :Sf 2X Figure 7. (T ). (5). (^).

Then we immediately have that w also makes 2:2P true since :2A ! 2:2A is just another way of writing the axiom 5 which we know must be valid in all Euclidean Kripke frames. does not close but the right one. hence w0 makes 2X true. and also that (D) creates a superformula :2:P . Of course. If w0 does not have successors then it makes 2X true vacuously. Note that (KD) is a transitional rule since the numerator and denominator represent different worlds. The following example shows that copying the principal formula -tableau. then by transitivity of R there must be a world w0 representing the denominator.324 ´ RAJEEV GORE true at w itself. if such a formula is present then the intuitions for the (K ) rule sufﬁce. Intuitions for (K 4) : if the numerator represents a world w where 2X and :2P are true. Intuitions for (S 4) : if the numerator represents a world w where 2X and :2P are true. Intuitions for (B ) : if R is symmetric and reﬂexive and the numerator represents a world w where X and :2P are true. we know that this world either makes P true or makes P false. does close. Intuitions for (sfcT ) : as for the (sfc) rule except that by reﬂexivity we cannot have both 2P and :P true at w so one of the cases cannot occur. with wRw0 . The other cases use similar intuitions. KT . there must be a world w0 representing the denominator. B EXAMPLE 8. Note that (D) is a static rule since its numerator and denominator represent the same world. and the deﬁnition of 2X forces X to be true at w0 . Intuitions for (sfc) : if the numerator represents a world w where :(P ^ Q) is true. or makes P true and Q false. or makes P false and Q true. If w makes P false. such that w0 makes 2X true and makes P false. with wRw0 . If w makes P true then we have the left denominator. then we know that w either makes both P and Q false. then we have the right denominator which also contains 2:2P since A ! 23A is a theorem of . So we can apply the (KD) rule even when the numerator contains no formulae of the form :2P . Intuitions for (KD) : if the numerator represents a world w where 2X is true. such that w0 makes X true and makes P false. Then by transitivity of R. using a non-copying into the denominator is crucial since the left C application of a rule (T 0 ). Intuitions for (5) : Suppose R is Euclidean and the numerator represents a world w where X and :2P are true. using (T ). then the seriality of R guarantees a successor w0 for this world. any and all successors of w0 must also make X true. and also that it has the subformula property.

q ^ :2q (^) 2(q ^ :2q). :(p ^ q) (_) L L L L L (?) p. :q (^) q. :2(p ^ q) ( ) 2p. :2q (K ) q ^ : q. :2(p ^ q) (K ) p.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 325 2(q ^ :2q) (T ) 0 2(q ^ :2q) (T ) 2(q ^ :2q). q. :(p ^ :2q). :q ? open . : q. :q (?) 2 2 ? EXAMPLE 9. :2q ( ) q ^ : q (^) q. :p p. If we apply the (_) rule ﬁrst then the tableau can be closed: KT 2p. since the C -tableau below does not close precisely because (K ) (and hence ( )) is applied at the start. The following example shows that the order of the modal rule applications is important. : q ( ) 2 2 :2q (K ) :q ? ? 2(q ^ :2q).

R. And since w0 j= 2P we must have w1 j= P . :P . 3P = :2:P . if w0 j= 2X . 9w0 2 W : wRw0 . V i is any Kripke model. and hence w0 j= 3P . all successors of w1 are L L PC L . and since w0 j= 2X we must have w1 j= X thus satisfying the denominator of (KD) when the :2P part is missing from the numerator. Then the reﬂexivity of R and the deﬁnition of j= implies that w0 j= 2X . hence w0 j= :2:P . Suppose M = hW. On the other hand. Proof for (KD): We show that (KD) is sound with respect to all serial Kripke frames. R. suppose w0 j= 2X . there is no reason why w1 and w0 cannot name the same world.326 ´ RAJEEV GORE Soundness THEOREM 10 (Soundness). the deﬁnition of j= implies that w1 j= X . hence w1 j= (X . V i is any Kripke model where R is serial. So suppose M = hW. Suppose w0 2 W and w0 j= X . That is. The proofs are fairly straightforward and intuitive so we give a sketch only. :P ). Proof for (K 4): We show that (K 4) is sound with respect to all transitive Kripke frames. R. Thus there exists w1 2 W with w0 Rw1 and w1 j= X . Proof for (K ): We show that (K ) is sound with respect to all Kripke frames. By deﬁnition. R. 2P . w0 2 W and that w0 satisﬁes the numerator of (K ). L L L Proof Outline. :P . Suppose w0 2 W and w0 j= 2X . Proof for (D): We show that (D) is sound with respect to all serial Kripke frames. w0 j= :2P implies that there exists a w1 2 W with w0 Rw1 and w1 j= :P . V i is any Kripke model where R is serial. by deﬁnition. By seriality there exists some w1 2 W with w0 Rw1 . Since w0 j= 2X and w0 Rw1 . For each rule in C we have to show that if the numerator of the rule is -satisﬁable then so is at least one of the denominators. The rules (sfc) and (sfcT ) are also sound for Kripke frames because any particular world in any model either satisﬁes P or satisﬁes :P for any formula P: For each modal rule we prove that it is sound with respect to some known property of R as enforced by the -frames restrictions. So suppose M = hW. Since R is transitive. V i is any Kripke model where R is reﬂexive. V i is any Kripke model where R is transitive. :2P . We often use annotated names like w1 and w0 to denote possible worlds. which is what we had to show. 8w 2 W. w0 2 W and w0 j= 2X . But then there is a world (namely w1 ) accessible from w0 that satisﬁes P . We have to show that there exists some world that satisﬁes the denominator of (K ). So suppose M = hW. P . By seriality there exists some w1 2 W with w0 Rw1 . Unless stated explicitly. That is. :2P for some P then. Suppose w0 2 W and w0 j= 2X . thus satisfying the denominator of (D). Each calculus C and C y listed in Figure 7 on page 323 (without question marks!) is sound with respect to -frames. 2P . The C rules are obviously sound since each world behaves classically. By deﬁnition of the satisfaction relation. R. Suppose M = hW. 2P . :2P . Proof for (T ): We show that (T ) is sound with respect to all reﬂexive Kripke frames. there is a world w2 accessible from w0 with w2 j= X .

Since R is transitive and Euclidean the proof for C applies when the :2Y . 2X . w2 . :P since the X . :P . :2P . Proof for (S 4): The proof for (K 4) also shows that (S 4) is sound with respect to all transitive Kripke models. hence w0 j= 2X implies that every successor of w1 . Suppose M = hW. V i be any Kripke model where R is serial. if there are any. that is w0 j= 32P. :2Y . K45 . Hence w0 is reﬂexive and we have w0 j= :2P . . Therefore w0 j= P and we are done. Suppose that w0 2 W and w0 j= 2X . Suppose M = hW. Suppose M = hW. suppose w0 6j= 2:2P: Then w0 j= :2:2P. w0 Rw1 and w1 Rw0 implies w0 Rw0 . and we are done. Proof for (5): We show that (5) is sound with respect to all Euclidean Kripke frames. w0 Rw1 implies w1 Rw0 which together with w1 j= 2P gives w0 j= P: But this contradicts the supposition that w0 j= :P: Hence w0 j= X . 2:2P and we are done.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 327 reachable from w0 . :2Q. Proof for (T3 ): We show that (T3 ) is sound with respect to all Kripke frames that are symmetric and transitive. 2X part will follow from the transitivity of R. there will be worlds w1 . w0 Rw0 and w0 Rwi implies that w0 Rwi for each 1 i n. . w0 2 W and w0 j= X .wn (not necessarily distinct) where w0 Rwi for each 1 i n and such that wi j= :Qi . 2P . must also satisfy X . We have to show that w0 j= 2:2P . V i be any Kripke model where R is transitive and Euclidean. :2Y . Otherwise w0 j= :P: In this latter case. We need only prove that there exists a w0 2 W such that w0 j= :2Y . :2P . . :2P part is missing. and then transitivity of R ensures that w0 j= X . Proof for (B ): We show that (B ) is sound with respect to all symmetric Kripke frames. and suppose that w0 2 W and w0 j= 2X . V i is any Kripke model where R is symmetric and transitive. P or w0 j= X . :2Y . But then w0 j= :2Y and we are done. V i is any Kripke model where R is symmetric. :P . hence it vacuously satisﬁes 2X . Since w0 j= :2P we know that there exists some w0 with w0 Rw0 and w0 j= :P . otherwise if Y = fQ1. Qn g. n 1. 2X . transitive and Euclidean. :2P . :2P . and suppose w0 2 W with w0 j= X . 2:2P: If w0 j= P then w0 j= X . :2P . :2P . :2Y . R. if Y is empty then we are done. Proof for (45): Let M = hW. :2P part is present. We have to show that there exists a w0 2 W such that w0 j= X . We have to show that there exists a w0 2 W such that w0 j= X . Then there exists some w1 2 W with w0 Rw1 and w1 j= :Q. If there are no formulae of the form :2P in w0 then seriality guarantees that there is some world w0 with wRw0 . Now. R. Proof for (45D): Let M = hW. :2P: We show that w0 j= P or w0 j= :P . By transitivity. . R. :P . w0 2 W and w0 j= X . R. :2P . :P allowing for the case where the :2Y . By the deﬁnition of Euclideaness w0 Rw0 and w0 Rw0 (sic) implies w0 Rw0 . Q2 . If w1 has no successors then it vacuously satisﬁes 2A for any formula A. V i is any Kripke model where R is Euclidean. :2P . By symmetry. so there exists some w1 2 W with w0 Rw1 and w1 j= 2P: Since R is symmetric. w0 Rw1 implies w1 Rw0 . :2P . 2X . 2X . Since R is Euclidean. By the deﬁnition of j= this gives w1 j= X . R. P and we are done. .

Contradiction. w0 Rw1 and w0 Rw2 implies w1 Rw2 . Thus there exist (not necessarily distinct) worlds w1 . hence w0 j= X . V i is any Kripke model where R is transitive and Euclidean. Our task is to provide a closed C -tableau for the appropriate instance of the denominators of ( ). that is. 1 i n. w0 Rw0 . Proof. wn such that w0 Rwi and wi j= :Qi . For every C . :2Y . Since w0 j= :2P there is also some w2 with w0 Rw2 and w2 j= :P . We then leave it to the reader to prove that a ﬁnite set X has a closed C -tableau iff it has a closed C tableau but give some hints at the end of the proof. :2Y . Hence w0 j= :P . the induction argument requires slight modiﬁcations to our C -tableaux: we assume that all applications of the rule (?) are restricted to atomic formulae since every closed C -tableau can be extended to meet this condition. If Y is 0 j= :P . Thus there exists some world w0 2 W with w0 Rw0 and w0 j= :P . w0 j= :2:2P . (:) and (T ). The main point is to highlight the need for copying the principal formula 2P of the (T ) rule into the denominator. And since w1 j= 2P we must have w2 j= P . Now choose any arbitrary world w0 such empty then we just get w that w0 Rw0 (there is at least one since w0 is a reﬂexive world). :2P . which is the same as w0 j= 32P . LEMMA 11. The ﬁrst gives w0 j= :2P . Proof for (S 5): We show that (S 5) is sound with respect to all Kripke frames that are transitive and Euclidean. hence w0 j= 2:2P as desired. w2 . We again proceed by induction on the length of the given closed C -tableau for X . that is.328 ´ RAJEEV GORE Assume for a contradiction that w0 6j= 2:2P . We have to extend the proof of Lemma 3 to each C . n 1. Suppose Y = fQ1. :2P . We consider only the case of C since the proofs for other calculi are similar. The assumption is that we are given a closed C -tableau for some set X that matches the numerator N of a static rule ( ) of C . The rule ( ) interferes with the induction argument so we proceed in two steps. . we return to the relationship between static rules and invertible rules. the static rules of C . . except ( ). L L C L. Suppose w0 2 W and w0 j= 2X . Invertibility Again Before moving on to completeness. By transitivity of R. R. w0 Rw0 and w0 Rwi for each i. Suppose M = hW. :P . ( ) is one of (^). We prove the lemma for the calculus C in which the (K ) and ( ) rules are replaced by the rule (K ). :2Y . (_). Since R is Euclidean. Thus there exists some w1 2 W with w0 Rw1 and w1 j= 2P . Q2 . The base case for the induction proof is when the length of the given closed KT L L KT KT KT KT KT KT KT . Since w0 was an arbitrary successor for w0 this holds for all successors of w0 . and the second gives w0 j= :2Qi . for 1 i n. :2P . Qn g. are invertible in KT L Proof for C : As stated already. Since R is Euclidean. Hence w0 j= 2X as well giving w0 j= 2X . :2P .

In this subcase. KT KT KT KT KT KT KT KT Similar to above. (ii) If ( ) is (K ) then (Z . but only give the case ( the static C rules are similar. Consider the ﬁrst rule application ( ) in the given closed C K T-tableau for (Z . we have a closed C -tableau for (Z . 2P . 2P . This is the closed C -tableau (of length n) we had to provide.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 329 We argue by cases. there are closed C 0 tableaux of length less than n for each (Zi . 2P . P ). 2P ). 2W . P ) and use ( ) If we now start a separate C with the same A 2 Z as the principal formula. 2P . P ). then we can obtain the same set (W . must have a closed C -tableau of length less than n. ( ) = (:): If 2P is the principal formula of ( ) then ( ) = (T ) and ( ) has a denominator (Z . P ). the denominator corresponding to ( ) = (T ). and the argument of Lemma 3 sufﬁces. 2P ). It is crucial that the length of the new C -tableau is also n. C K T-tableau for X is 1. P ). Suppose now that the given closed C K T-tableau for X is of length n. :2Q. 2P . we obtain the set (Zi0 . 2W . 1 i 2. The given C -tableau for (Z . :2Q. A closed C -tableau can be converted to a closed C -tableau simply by replacing the rule (K ) with the appropriate application of ( ) immediately followed by an application of (K ). P ) using (K ). P ). P ) closes. :Q. In order to lift this proof to C we have to show that X has a closed C tableau iff it has a closed C -tableau. If we start a new C -tableau for the set (Y . :Q. by the induction hypothesis. the C -tableau for (Z . so each (Zi0 . Then. KT KT KT KT KT KT KT ( ) = (^). 2P ). Since we already have a closed C -tableau for (W . Furthermore. 2P . Furthermore. The induction hypothesis is that the lemma holds for all closed C K T-tableaux of lengths less than n. 2P . PC ) = (T ) in detail since the cases for ( ) = (T ) form X of the given closed C K T-tableau of length n is of the N = (Z . If 2P is not the principal formula A of ( ) then there are two The set subcases: (i) If ( ) is a static (logical) rule of C then the denominators of ( ) 0 are of the form (Zi . P ). since A must be some formula from Z . P ). the C tableau for (W . :Q. P ) this is a closed C -tableau for (Z . also of length n. 2P ) and we have to provide a closed C K T-tableau for (Z . 2P ) is closed. P ). 2P ) and the denominator of ( ) is (W . But this is exactly the closed C -tableau we had to provide. 2P . P ). as desired. 1 i 2. 2P ) is of the form (Y . :2Q. 1 i 2. see Sec- KT KT KT KT KT . Since we already have closed C -tableaux for these sets. 2P . (Z . 2P . 2P . P ) is closed. P ) is of the form (Y . 2W . ( ) = (_). -tableau for (Z . :Q.

p). . proving completeness boils down to proving the following: if X is a ﬁnite set of formulae and no C -tableau for X is closed then there is an -model for X on an -frame hW. but the rule (T 0 ) is not invertible in C KT0 . there is no rule which allows us to do this in C 0. L L L L L L LEMMA 12. p). In Example 8 we saw the importance of copying the principal formula of the C KT0 . The curious reader may be wondering why the proof of Lemma 11 fails for In the above example. Conversely. N = (:2p. so we enter case (ii) of the proof (K ). we cannot use the (K ) to N . a set w is said to fulﬁll an eventuality :2P when :P 2 w: A sequence w1 w2 wm of sets is said to fulﬁll an eventuality :2P when :P 2 wi for some wi in the sequence. just apply the (K) rule once. We call a formula :2P an eventuality since it entails that eventually :P must hold. and then replacing these pairs by an application of (K ). KT KT KT KT KT Completeness As we saw in Subsection 4. If there is a closed C -tableau for tableau for X with all nodes in the ﬁnite set XC L : L X then there is a closed C L- . Thus. But if we start a new C rule to obtain the set (:p. KT KT (T ) rule into its denominator. In fact. We abuse notation slightly by using w. p). 2p): . Our task is to provide a closed with a known closed C C 0 -tableau for D = (:2p. As expected we shall associate sets of formulae with possible worlds and use an explicit immediate successor relation from which we will obtain R. a closed C -tableau can be converted to a closed C tableau by ﬁrst moving every application of ( ) so that it immediately precedes an application of (K ). 2p) and ( ) is the transitional rule 0 it would be (K ). If we had used C 0 -tableau for (:p. p).this set as the numerator of (T 0 ) has a corresponding denominator (:2p. and sometimes to denote sets of formulae (in a model under construction). To see that (T 0 ) is not invertible in C KT0 consider the set (:2p.330 ´ RAJEEV GORE tion 4. . Recall that a set X is C -saturated iff it is C -consistent and closed with respect to the static rules of C (excluding ( )). We now have to check that the XCL deﬁned in Figure 7 on page 323 allow (the Saturation) Lemma 6 (page 318) to go through.11 (page 318) . We can now explain this in more proof-theoretic terms: the rule (T ) is invertible in C KT.(:2p. 2p) has a closed C KT0 -tableau. w0 and w1 to sometimes denote worlds in a model. p) has no closed C KT0 -tableau (try it). A world w is said to fulﬁll an eventuality :2P when w j= :P: A sequence of worlds w1 Rw2 R Rwm is said to fulﬁll an eventuality :2P when wi j= :P for some wi in the sequence. Ri.6.but (:2p. p). the denominator of the (T 0 ) rule corresponding 0 -tableau for (:2p.

The ﬁrst case is obvious. If X is a ﬁnite set of formulae and consistent then there is an -model for X on a ﬁnite -frame. Some of the completeness proofs make extensive use of the following LEMMA 14 (subformula-complete). C L-saturated set of formulae (that corresponds to a world of L L L L K L K . For each C -consistent X there is an effective procedure to construct some ﬁnite C -saturated X s with X X s XC L .i is the desired model graph since this is a -frame and (i)-(iii) are satisﬁed. stands for a ﬁnite We use this fact to construct a graph of C -saturated worlds. We use a successor relation while building this graph and then form R from . Proof. By Lemma 7 (page 320). or f (?). The construction is a meta-level one since we are free to inspect all C -tableaux for w0 . Recall that a model graph for some ﬁnite ﬁxed set of formulae X is a ﬁnite L-frame hW0 . (:). the lemma also holds if we have both (sfcT ) and (T ) instead of (sfc). (^). Ri such that all w 2 W0 are C L-saturated sets with L L X is C L- w XCL and (i) X w0 for some w0 2 W0 . If X is closed with respect to (the static rules) f (?). lemma. (^). (_). L L Proof. (^). This is possible via Lemma 6 (page 318). w0 j= X under the truth valuation # : p 7! fw 2 W0 : p 2 wg. (sfc) g. THEOREM 15 (Completeness). Proof for C : If no :2P occurs in w0 then hW. (_). (sfc). Proof Outline: For each C L we give a way to construct a ﬁnite model graph hW0 . if w is a set of formulae in this construction then w2 = fP : 2P 2 wg. (:). (T ). and in general w (possibly annotated) W0 ). giving an -model for X at w0 as desired. Also. The (sfcT ) rule is just a special case of (sfc) and always appears with (T ). Ri for X . (_). (T3 ) g or f (?). (iii) if wRw0 and 2P 2 w then P 2 w0 : The ﬁrst step is to create a C L-saturated w0 from X with X w0 XC L . since all such C -tableaux are open. choosing nodes at will. Same as on page 318. always bearing in mind that the resulting model graph must be based on an -frame. .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 331 Proof. Obvious from the fact that all rules for C only. Since w0 is C L-consistent. (sfcT ) g then X is subformula-complete. (ii) if :2P 2 w then there exists some w0 2 W0 with wRw0 and :P 2 w0 . A set X is subformula-complete if P 2 Sf (X ) implies either P 2 X or :P 2 X . So w0 . L operate with subsets of XCL LEMMA 13. (:). Ri = hfw0 g. we know that no C L-tableau for w0 closes. Thus.

let Z = fQ1. Ri is a ﬁnite. For each w. Note that these nodes come from different C -tableaux. Qm be all the formulae such that :2Qi 2 w0 . that is. The only interesting case is to show that 2P 2 w implies P 2 w for w 2 Wend . for i = 1. or w0 y. :Qi ) for i = 1. Hence by Lemma 7. Continue to create the nodes of further levels using ( ) and (K ) as above. Put w0 vi for i = 1. no application of ( ) can lead to a closed C K-tableau. as the case may be. f(w0 . let Q1 . We know m + n 1. irreﬂexive and intransitive tree and a model graph for X . w would contain :2:P by (D) and hence would have a successor node by (K ). We have to show that (i)-(iii) are satisﬁed by this R. Ri = hfw0 g. Otherwise. Y is C 0 -consistent. Each of these sets matches the numerator of (K ) so (K ) is applicable to each of them. m. there is a -model for X with root w0 . 2 Create a C -saturated vi XCK from each (w0 . But we know that an application of (K ) to any of these sets could K K K K K T K T K D K D K D K D D D . giving the node(s) Otherwise. Q2 . P2 . f(w0 . f(w0 . Proceed as for C . Pn g be all the formulae such that 2Pj 2 w0 . noting that C -saturation now involves (T ) as well. . :Qi ) for i = 1. Note that the denominator of the (K ) rule has a maximum modal degree which is strictly less than that of its numerator. m by ( ) and (KD). and (the Saturation) Lemma 6. . and that the C -saturation process does not increase the maximum modal degree. Qm be all the formulae such that :2Qi 2 w0 and :Qi 62 w0 . Y itself is C 0 -consistent by ( ) and (KD). Q2 . m. . w0 )gi is the desired model graph since (i)-(iii) are satisﬁed. by using the static rules. Termination is as for C . as otherwise. 1 i m. But if Z is empty then create a single P -successor y using (KD) containing Y . If Z is non-empty then create a Qi -successor vi using (KD) containing (:Qi . Hence a path w0 w1 w2 must terminate (without cycles) because each successor created by (K ) has a maximum modal degree strictly lower than that of the parent node. Put w0 vi for each i = 1 m. proceed as for C . the set f2A : 2A 2 w0 g f:2Qi g must be C K-consistent for each 1 i m. Qm g be all the formulae such that :2Qi 2 w0 . m must be C -consistent (by ( ) and (K )). put wRw0 if w w0 and put wRw if w 2 Wend . contradicting that w 2 Wend . let Q1 . Proof for C : If no :2P occurs in w0 then hfw0 g. in particular. and let Y = fP1 . Otherwise. Otherwise. Y ) for each Qi . Since w0 is C 0 -consistent each :Qi . . Termination is as for C . except that C -saturation now involves (D) as well. . giving the nodes of level 1. then hW0 . w0 2 W0 . and let Wend be the nodes of (the resulting tree) W0 that have no successors. Proof for C 0 : If no :2Q occurs in w0 and no 2P occurs in w0 then hfw0 g. 2. Also. w0 )gi is the desired model graph. but ignoring the successor for :2Q 2 w if :Q 2 w.332 ´ RAJEEV GORE not have led to a closed C -tableau either. . . w0 )gi is the desired model graph since (i)-(iii) are satisﬁed. . This is true since w 2 Wend implies that w contains no 2P . 1 j n. put wRw for all worlds in the tree and also put wRw0 if w w0 . Proof for C : If no :2P occurs in w0 then hW. Since w0 is C K-consistent. Let R be the reﬂexive closure of . so each of their respective denominators 2 (w0 . Let R be and let W0 consist of all the nodes created in this process.

. i = 1. i > 0. the above construction of hW0 . or a node repeats. let Q1 . We can form the sets f2A : 2A 2 w0 g :2Qi for 1 i m. is also C -consistent. If in the latter case n > m are minimal with wn = wm we stop the construction and identify wn and wm in hW0 . However. w0 )gi is the desired model graph. Hence by (K 4) each denominator Xi = fA : 2A 2 w0 g f2A : 2A 2 w0 g :Qi for 1 i m. a sequence w0 w1 in hW0 . and furthermore. or because it contains formulae that do not appear in previous nodes that fulﬁll the same eventuality. So. . Proof for C : Suppose X is C -consistent and create a C -saturated superset w0 XCK45 of X as usual. Proof for C : If no :2P occurs in w0 then hfw0 g. .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 333 of level one. each of which is a numerator for (K 4). proceed as for C . this successor must already appear in the sequence. i thus obtaining a circle instead of an inﬁnite path. Ri form a tree. since w 2 W0 implies w XCK4. Again. except that C -saturation also involves (D). contradicting that w 2 Wend . we must sooner or later come to a node wm such that the sequence S = w0 w1 wm already contains all the successors of wm . One readily conﬁrms that hW0 . m and call i the Qi -successor of w0 . by ( ). Qm be all the formulae such that :2Qi 2 w0 . a sequence w0 w1 w2 must terminate since (KD) reduces the maximum modal degree and C 0 -saturation does not increase it. . Ri is a model graph for X where R is the transitive closure of : It is obvious that clusters in hW0 . That is. (a ﬁnite set). Qk be all the formulae such that :2Qi 2 w0 and Otherwise let Qi . Q2 . create a Qi -successor for each Qi using ( ) and the (45) rule. Since XC K45 is ﬁnite. Q2 . i either terminates. Now repeat the construction with each i thus obtaining the nodes of level 2 and so on. Property (iii) is satisﬁed by w 2 Wend just as in the proof for C . choose the successor wx of wm that fulﬁlls some eventuality D D K4 K4 K4 K4 K4D K4 K4D K45 K45 D K45 . . Otherwise. i runs ad inﬁnitum. In general. with i XCK4: Put w0 i .i is the desired model graph since it is an -frame and (i)-(iii) are satisﬁed. Clearly for each Xi we can ﬁnd some C -saturated i Xi . However. the (K 45) rule guarantees that if :2P 2 w0 then :2P 2 wi . Property (iii) holds for w 2 Wend as end nodes do not contain any 2P . Put w w for all w 2 Wend and let R be the transitive closure of . Continue construction of one such sequence S = w0 w1 always choosing a successor that is new to the current sequence.i is the desired model graph since (i)-(iii) are satisﬁed. f(w0 . If no :2P occurs in w0 then hfw0 g. Otherwise. there is no guarantee that this successor is w1 . Continuing in this way obtain the node(s) of level two etc. As in the ﬁrst proof for C put wRw if w 2 Wend and put wRw0 if w w0 . so one of the successors of wm must fulﬁll :2P . A sequence either terminates or cycles since XC K4D is ﬁnite. Note that a successor may be new either because it fulﬁlls an eventuality that is not fulﬁlled by the current sequence. it is not possible to choose a new successor. These are the immediate successors of w0 . w would have a successor by (KD). Proof for C : If no :2P occurs in w0 then hfw0 g. Now. as otherwise.

We show that (ii) and (iii) are satisﬁed as follows. Property (i) is satisﬁed by hW0 . Case 2: If x 6= 0. f(w0 . and let R0 be the reﬂexive. For if w0 contained an eventuality then so would all successors. and eventualities cannot disappear. Qk be all the formulae such that :2Qi 2 w0 and let P1 . let Q1 . The frame hW0 . Furthermore. wj 2 W0 . wx 1 . Proof of (iii): The (45) rule carries all formulae of the form 2P from its numerator to its denominator. w1 . wx )g and let R be the transitive closure of R0 . All the eventualities of w0 are also in wm . If the (45D) rule is ever used with no eventualities present then this can only happen when w0 contains no eventualities. Proof of (ii): The (45) rule also carries all eventualities from the numerator to the denominator. i x. . Since we have a cycle. This gives a frame which is a simple (nondegenerate) cluster. but that appears earliest in S and put wm wx giving S = w0 w1 wx wm wx : There are two cases to consider depending on whether x = 0 or x 6= 0: Case 1: If x = 0. R0 = f(wi . Pm be all the formulae such that 2Pj 2 w0 . wm g. Form R as in the proof for C where x = 0 gives a frame which is a simple cluster and x 6= 0 gives a frame which is a degenerate cluster followed by a nondegenerate cluster. Hence there is a Qi -successor for each eventuality of wm . transitive and symmetric closure of over W0 = fw0 . hence (ii) holds. So if w0 contains no eventualities and no formulae of the form 2P then hfw0 g. Therefore. hence (iii) holds as well. Choose wx as the successor nearest to w0 giving a cycle w0 wx wm wx and discard w1 . But we stopped the construction at wm because no new Qi -successors for wm could be found. for all wi 2 W0 we have: :2P 2 wi implies :2P 2 wm . Hence all of the eventualities of wm are fulﬁlled by the sequence wx R Rwm . Ri by construction. But we know that wx wm wx forms a cycle. wj )jwi 2 W0 . wm g. Now put R0 = R0 f(w0 . w2 .334 ´ RAJEEV GORE in wm . Proof for C : Based on the previous proof. Ri which is a nondegenerate cluster. always choosing a successor new to the sequence until no new successors are possible. put R as the reﬂexive. wx+1 . wx . these are all the eventualities that appear in the cycle. wx 1 as in the previous proof. . transitive and symmetric closure of over W0 n fw0 g. Hence 2P 2 w and w v implies that P 2 v and 2P 2 v. Create a successor w1 for w0 using (45D) for some Qi or Pj and continue creating successors using (45D). put W0 = fw0 . This gives a frame hW0 . Ri now consists of a degenerate cluster w0 followed by a nondegenerate cluster wx Rwx+1 R Rwm Rwx where R is transitive and Euclidean. w0 )gi is the desired model graph. discarding w1 . . we chose wx to be the successor of wm that was earliest in the sequence S . w2 . including the one it fulﬁlls. Otherwise. j xg. K45D K45 . Properties (i)–(iii) can be proved in a similar manner. That is. . .

i is the desired model graph as (i)–(iii) are satisﬁed. We can add reﬂexivity because of closure with respect to (T ). If no :2P occurs in w0 then hfw0 g. . let Qi . and take the transitive closure. y Proof for C : Suppose no C y -tableau for X is closed. P 2 vi and 2P 2 vj . w0 )gi is the desired model graph. so put w0 vi . Proof for C y : Similar to the proofs for C y and C . This gives all the nodes of level 1. and so 2P 2 w0 or :2P 2 w0 since w0 is subformula-complete. Q2 . Otherwise. Proof for C y : Suppose X is C y -consistent and create a C y saturated superset w0 with X w0 XCyK45 as usual.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 335 Note that the requirement to continually choose a new successor is tantamount to following an inﬁnite path in Shvarts’ formulation [Shvarts. hence 2Q 2 w0 implies Q 2 w0 . Proof for C : see page 341. Otherwise. Note that this holds only because the (45) rule carries :2P into its denominator along with :2Y . Then. then we obtain a degenerate cluster followed by a nondegenerate cluster. we show that S4 K4 S5 K45 K45 K45 2P 2 vi implies 2P 2 w0 implies P 2 vj . put w0 vi and stop. In each case the frame is a -frame. transitive and symmetric nondegenerate cluster. f(w0 . (b) :2P 2 vi implies :2P 2 w0 implies there exists a vk such that :P 2 vk : Proof of (a): Suppose 2P 2 vi : Then 2P 2 Sf (w0 ) since there are no building up rules. 1989]. for each i = 1 m. . We show that K45 K45 KB4 K45D KB4 KB4 K45 KD (a) :2P 2 vi implies :2P 2 w0 . and stop! Consider any two nodes vi and vj with i 6= j . That is. The crux of the proof is that (45) preserves all formulae of the form 2P and :2P . a successor for w will be based on f2A : 2A 2 wg :P . w0 must be closed with respect to (T3 ). . Let R be the reﬂexive and transitive closure of (instead of the transitive closure of ). Proof for C : If no :2P occurs in w0 then hfw0 g. and . If no :2P occurs in w0 then hfw0 g. Construct a C y -saturated w0 from X as usual. Qm be all the formulae such that :2Qi 2 w0 and create a Qi -successor vi for each Qi using the (45) rule. (a) Hence we can put vi Rvj Rvi for all vi and vj giving a reﬂexive. Since w0 contains at least one eventuality. In either case. If :2P 2 w0 then :2P 2 vi by (45).i is the desired model graph since (i)–(iii) are satisﬁed. and use (S 4) to create successors instead of (K 4). If some vk = w0 then we obtain a lone nondegenerate cluster. (i)–(iii) are satisﬁed giving a model graph and hence a model for X . the inevitable cycle that we encounter constitutes an inﬁnite branch if it is unfolded. contradicting the C y K45-consistency of vi : Hence 2P 2 w0 . Using the facts that each node is subformula-complete and there are no building up rules. Otherwise proceed as for C except create a successor for eventuality :2P 2 w only if :P 62 w. Proof of (b): As for (a) except uniformly replace :2P by 2P and vice-versa. If we also put w0 Rvi for all i = 1 m. create a successor vi for each eventuality in w0 using ( ) and (K 4) giving the nodes of level one.

Therefore. f e Let R be the reﬂexive and transitive closure of . then put wi giving a cycle on this path and stop! First of all. (b) Suppose 2P (i) (ii) 2 vi . w0 )gi is the desired model graph. Ri is a model graph for X we have to prove (i)–(iii). Second. . contradiction. . transitive and symmetric closure of . Hence if 2P 2 vi and 2P 2 Sf (w0 ) then 2P 2 w0 whence P 2 vi by (K 4) and P 2 w0 by (T3 ). Q2 . The latter implies 2:2P 2 w0 by (5) which implies :2P 2 vi . hence 2P 2 Sf (w0 ). (i) Clearly (i) holds by construction. we get an -frame (showing that is ‘almost’ ). It is obvious that clusters of R form a tree. Since there are no building up rules. f(w0 . contradiction. To prove that hW0 . Create a Qi -successor vi of level 1 for each Qi using the ( ) and (S 4) rules. note that C y S4 contains (sfcT ) and hence each wi is subformula- (S 4) ensures that complete. Note that reﬂexivity for w0 comes from saturation with respect to (T3 ) and reﬂexivity for vi comes from property (b) via (K 4). Since w0 is subformula-complete we must have 2P 2 w0 and hence 2P 2 vi by (K 4). and continue in this way to obtain the nodes of level 2 and so on with the following termination condition: S5 S4 K4B S5 (*) if w0 w1 wi 1 wi is a path in this construction and i the least index such that 2A 2 wi implies 2A 2 wi 1 . Otherwise. (a) Suppose :2P 2 vi and :2P 62 w0 . If 2P 62 Sf (w0 ) then 2P = 2:2Q for some eventuality :2Q of vi . contradiction.336 ´ RAJEEV GORE (b) 2P 2 vi implies 2P 2 w0 from which properties (i)–(iii) follow. let Q1 . Hence :2Q 2 vi . Qk be all the formulae such that :2Qi 2 w0 and :Qi 62 w0 . The only super-formulae are of the form 2A hence :2P 2 Sf (w0 ) or :2P 2 :Sf (w0 ) whence 2P 2 Sf (w0 ). Now let R be the reﬂexive. this termination condition is satisfactory since wi 1 is 1 2A 2 wj implies 2A 2 wj+1 so that 2-formulae accumulate and we eventually run out of new 2-formulae since XCyS4 is ﬁnite. Thus when w0 contains at least one eventuality. which by (5) gives 2:2Q 2 w0 . By (a) we then have :2Q 2 w0 . Hence case 2P 62 Sf (w0 ) is impossible. each wn+1 Sf (wn ) where w = Sf (w) :Sf (w). the only new formulae that may appear by saturating with the (sfcT ) rules are the negations of subformulae from the predecessor. But 2:2Q is 2P . Proof for C y : If no :2P occurs in w0 then hfw0 g. If 2P 2 Sf (w0 ) then 2P 2 w0 or :2P 2 w0 .

Hence (ii) also holds. (iii) Suppose 2P 2 wj : If (*) was not applied to wj then (iii) holds as for C by (T ) since (S 4) preserves 2-formulae. If (*) was applied to wj then (iii) would follow from 2P 2 wj 1 by (S 4) and (T ). (ii) would then hold for wj from the fact that wj Rwj 1 and the transitivity of R. Otherwise. Q2 . and 2P 2 wj by (S 4) contradicting the C y -consistency of wj since :2P 2 wj . so that W0 is ﬁnite. let Q1 . If the termination condition was not applied to wj . S4 S4 Proof for C y : If no :2P occurs in w0 then hfw0 g. But this is exactly what (*) guarantees. 2P 2 wi+1 and wi wi+1 implies P 2 wi : So suppose that wi wi+1 and 2P 2 wi+1 : We have to show that P 2 wi : There are two cases: 2P 2 Sf (wi ) or 2P 62 Sf (wi ): Case 1: If 2P 2 Sf (wi ). B B B . By subformula-completeness we then have 2Q 2 wi or :2Q 2 wi : If 2Q 2 wi . . if :2P 2 wi and P 62 wi then :P 2 wi and 2:2P 2 wi by (B ) and so :2P 2 wi+1 contradicting the consistency of wi+1 since 2P 2 wi+1 by supposition. Otherwise. f(w0 . 1992] Rautenberg’s deﬁnition of mdeg is not e sufﬁcient. If the termination condition was applied to wj . Repeat this procedure to give the nodes of level two and so on. then it could not have been applied to wj 1 . but as shown in [Gor´ . For any node w in this construction let s(w) be the number of formulae with P 2 w and :2P 2 w: Let t(w) = s(w) + mdeg (w): To quote Rautenberg ‘It is easily seen that w v ! t(v) < t(w). Create a Qi -successor for each Qi using ( ) and (K ) giving the nodes of level one. If 2P 2 wi then P 2 wi by (T ) and we are done. Qm be all the formulae such that :2Qi 2 w0 and :Qi 62 w0 : Since w0 is C y -saturated. The only difﬁculty is to show symmetry: that is. Suppose to the contrary that :2P 62 wj 1 . hence Qi 2 w0 for each Qi . Hence (ii) holds for wj 1 . We have to show that (i)–(iii) hold. That is (ii) holds for any world to which the termination condition was not applied. then 2P 2 wi or :2P 2 wi since wi is subformulacomplete. Ri is a -frame.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 337 (ii) Suppose :2P 2 wj where wj is some arbitrary world of some arbitrary path of our construction. Let R be the reﬂexive and symmetric closure of so that hW0 .’. Hence :2P 2 wi also implies that P 2 wi : Case 2: If 2P 62 Sf (wi ) then 2P = 2:2Q for some :2Q 2 wi+1 and :Q 2 wi+1 : Hence :2Q 2 Sf (wi ) or :2Q 2 :Sf (wi ) whence 2Q 2 Sf (wi ). Since :2P 2 wj by supposition. in this case. we must have 2P 2 Sf (wj 1 ) by the second point we noted above. then either :P 2 wj or wj has a P -successor fulﬁlling :2P by (S 4) and so (ii) is satisﬁed. So all we have to show is that :2P 2 wj 1 because. Then 2P 2 wj 1 by (the subformula-completeness) Lemma 14. We accept Rautenberg’s claim for the moment and return to this issue after completing the model construction. w0 )gi is the desired model graph as (i)–(iii) are satisﬁed. Hence (iii) holds as well. w0 is subformula-complete.

we still have to show that this construction terminates. But then P 2 wi since P is :2Q and we are done. sufﬁces to show that if w v then t(v) < t(w). which is enough to show termination. . (b1) If 2P 2 Sf (w0 ) and 2P 62 w0 . Proof for C y : If no :2P occurs in w0 then hfw0 g. w0 )gi is the desired model graph as (i)–(iii) are satisﬁed. (b) Suppose w0 vk and 2P 2 vk .338 ´ RAJEEV GORE then Q 2 wi+1 contradicting the C y -consistency of wi+1 since :Q 2 wi+1 : Hence :2Q 2 wi . for a set X . transitive and symmetric closure of : By construction. put w0 vi . let Q1 . Otherwise. For any k. for each i = 1. The crux of the matter is to use a deﬁnition of a metric mdg say. f(w0 . v2 . Similarly. let Q1 . Qm be all the formulae such that :2Qi 2 w0 and :Qi 62 w0 : Create a Qi -successor vi of level 1 for each Qi using the (S 5) rule and stop! Let W0 = fw0 . 1995]. a rather tedious counting exercise. Qm be all the formulae such that :2Qi 2 w0 : Since w0 is C y -saturated. Now. hW0 . with 1 k m. Q2 . by (S 4). and w0 is subformula-complete. and w0 vk . and . We have to show that (i)–(iii) hold. and 2P 2 vk implies 2P 2 w0 from which (i)–(iii) follow. Then 2:2P 2 w0 by (5) and :2P 2 vk by (S 4). . then 2P 2 Sf (w0 ) or 2P 62 Sf (w0 ). w0 )gi is the desired model graph. :2P 2 vk and :2P 62 w0 : Since :2P 2 Sf (w0 ). mdg (B )g [Massacci. m and stop! Let R be the reﬂexive. 2:2Qi 2 w0 for each Qi by (5): Create a Qi -successor for each Qi using ( ) and (S 4) giving the nodes vi of level one. if 2P 2 vk and 2P 2 Sf (w0 ) then 2P 2 w0 : (b2) If 2P 62 Sf (w0 ) then 2P = 2:2Q for some :2Q 2 vk since this is the only way that formulae from outside Sf (w0 ) can appear in vk : By (a). :2Q 2 vk implies :2Q 2 w0 which by (5) implies 2:2Q 2 w0 : Since 2:2Q is 2P. . we have 2P 2 w0 : But then. then :2P 2 w0 since w0 is subformulacomplete. (a) Suppose w0 vk . Proof for C y 0 : For completeness suppose X is C 0 -consistent and create a y 0 -saturated superset w0 with X w0 X 0 as usual. We have retained our version of mdeg because it is useful for other purposes. 2P 2 vk . which we omit for brevity. we show that: B S5 S5 S5 (a) (b) :2P 2 vk implies :2P 2 w0 . we use mdg (X ) = A2X mdg (A) rather than maxfmdg (A) j A 2 X g. Ri is an -frame. which is like our mdeg but where mdg (A ^ B ) = mdg (A) + mdg (B ) rather than maxf mdg (A). 2. C CS5 If no :2P occurs in w0 then hfw0 g. vm g: Consider any two nodes vi and vj of level 1 so that w0 vi and w0 vj with i 6= j: We claim that: S5 S5 S5 S5 S5 (a) 2P 2 vi implies 2P 2 w0 implies 2P 2 vj . contradicting the C y -consistency of vk : Hence. contradicting the C y -consistency of vk : Hence :2P 2 w0 . Otherwise. we have 2P 2 w0 : But this is absurd since it implies that 2P 2 Sf (w0 ) and our supposition was that 2P 62 Sf (w0 ): Hence the subcase (b2) cannot occur. Q2 . Then. . f(w0 . v1 .

TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 339 :2P 2 vi implies :2P 2 w0 implies there exists a w 2 W0 with :P 2 w: Proof of (a): Suppose 2P 2 vi . C . On the other hand Shvarts [1989] and Fitting [1983] use the transitional rule (KD). The advantage of C 0 is that it has the subformula property whereas C does not. but we omit details. and C 0 is lifted straight from Fitting [1983]. (sfc) and (sfcT ) do not carry all the numerator formulae into their denominators. (B ). 2P 2 Sf (w0 ) as there are no building up rules. Putting R equal to the reﬂexive. C back to Fitting [1973] via Fitting [1983] although our presentation is based on the work of Hintikka [1955] and Rautenberg [1983]. Hence :2P 2 w0 : And then either :P 2 w0 . For example. symmetric and transitive closure of -model graph since (i)–(iii) follow from (a) and (b). Clearly.C and C can all be traced The cut-free calculi C . The transitional (K ) rule then fulﬁlls that eventuality. The tableau systems C and C are based on the work of Shvarts [1989] (also known as Schwarz). or there is some vk such that :P 2 vk by (S 5): That is. (T ) XX22PP . 2P X. the w we seek is either w0 (b) itself. then P 2 vi by (T ): Also. Similarly. :2P 2 Sf (w0 ): Hence 2P 2 w0 or :2P 2 w0 since w0 is subformula-complete. If 2P 2 w0 then 2P 2 vi by (S 5). P . S5 gives an Bibliographic Remarks and Discussion . C 0 . Hence his rules for (T ). For example. Rautenberg [1983] does not explicitly distinguish transitional and static modal rules. Rautenberg’s (T ) rule is shown below left whereas ours is shown below right: K T D D K4 K4D D D D S4 K4D K45D K4B D K45 D X . contradicting the C y S50 -consistency of vi since :2P 2 vi by supposition. contraction is necessary for some modal systems. . C . (D). Rautenberg encodes the seriality of -frames by the static (D) rule which adds an eventuality 3P for every formula of the form 2P . the (S 5) transitional rule due to Fitting builds in the effect of Rautenberg’s static rule (5) by carrying :2P and :2Y from the numerator into the denominator. Proof of (b): Suppose :2P 2 vi . Thus contraction is implicit in his systems and as we saw in Example 8 (page 324). Then as there are no building up rules. The system C is an obvious extension of Rautenberg’s system C . P. hence 2P 2 w0 or :2P 2 w0 by (sfcT ): If :2P 2 w0 then either :P 2 vi or :2P 2 vi by (S 5): The ﬁrst contradicts the C y S50 -consistency of vi since P 2 vi and so does the second since 2P 2 vi : Hence 2P 2 w0 : And then 2P 2 vj by (S 5) and P 2 vj by (T ). while C and the (T3 ) rule come from the work of Amerbauer [1993]. Some of the desired properties of R can be obtained in two different ways. the (K 4) rule can be extended to handle seriality as done in the (KD) rule to give a (K 4D) rule. or one of the nodes of level 1.

the transitional rules usually lose information in the transition from the numerator to the denominator. they are nonstandard in that the denominators and numerators carry extra sets to store the necessary information. That is. 1995] if we replace the (sfc) and (sfcT ) rules by the ‘modal cut’ rule (mc) shown below: S4 S4 S4 S5 S4 S4 S5 Also. The tableau system C y is not exactly Hanson’s system but the ideas are his. The tableau systems C y and C y are due to Rautenberg while C y 0 . The advantage of adding (sfcT ) is that the termination condition in the completeness proof is much easier to check than the one for C where we have to look at all predecessors in order to detect a cycle. The completeness proofs in this section go through unchanged [Massacci. see also [Amerbauer.340 ´ RAJEEV GORE The C y system is based on ideas of Hanson [1966] where he gives Kripkelike tableau systems for and using a form of (sfcT ) as early as 1966. the overheads associated with any sort of cut rule are signiﬁcant. we can never return to it. For example. However. X jX 2P . Hence the number of eventualities never increases as all the eventualities that will ever appear are already in w0 . the (B ) rule subsumes the modal aspects of the (sfcT ) rule so that only the non-modal part is necessary in C y . not (sfcT ) since -frames and frames are not reﬂexive. Hanson and Rautenberg. once we leave a node in our tableau procedure. [1996] may be useful in such cases since one of their ideas addresses exactly this point. That is. X : where 2P 2 Sf (X ) B K45D B S5 S5 K45 K45 K45 K45 . and a more detailed analysis shows that C y performs much useless work. if :2P is going to appear in a successor. Hanson also suggests a tableau system for along these lines. 1993] for further reﬁnements. However. C y and C y are an amalgamation of ideas of Fitting. The advantage over the cut-free counterparts C and (mc) 2P . Note that in the latter. but in it he uses a rule which explicitly adds a formula to the parent node to obtain symmetry. The tableau systems of Heuerding et al. The (sfc) and (sfcT ) rules are used to make up for this ‘destructive’ aspect of our transitional rules. Notice that the effects of (sfcT ) on w0 when R is to be transitive and there are no building up rules like (5) is to ﬂush out all the eventualities that could possibly appear in any successor. The reﬁnements of Heuerding et al. Also. many of the rule combinations can be further reﬁned. it must be in Sf (w0 ): But then it must be in w0 since otherwise by (sfcT ). The idea behind (sfc) and (sfcT ) is to put extra information into a node before leaving it for good. Indeed this fact may actually make things worse since we will have to fulﬁll :2P at the ﬁrst level of the model construction as well as at deeper levels where :2P reappears. This is forbidden for our tableau systems since we cannot return to previous nodes. we add (sfc). we would have 2P 2 w0 contradicting the appearance of :2P in any consistent successor. [1996] are further reﬁnements of our tableau systems which allow for a more efﬁcient check for cyclic branches.

Note that C y does not have the subformula property. :2A is in every member of C . The (sac) rule is allowed to cut on subformulae of formulae that are in the numerator. . but C y 0 does. Fitting gives a completeness proof in terms of maximal consistent sets. 33A 2 w. 3A 2 w. Since C is ﬁnal. Since the superformulae are not bounded. Let R be the reﬂexive and transitive closure of to obtain a ﬁnite tree of ﬁnite clusters as in the C case. as otherwise. the system C without the ( ) rule is (weakly) complete for in the sense that A is an -theorem if and only if aC -tableau for f:2Ag closes. which he attributes to Osamu Sonabe. Fitting [1983. page 226] replaces the semi-analytic cut rule with a (static) building up rule of the form K45D S5 KDB KTB S5 S5 KB S5 T since it can lead to an inﬁnite chain A 2 w.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 341 C is that the completeness proofs. 3 and :3. so this system cannot give a decision procedure for either. any eventuality in any of its sets must be fulﬁlled by some set of C itself. . Construct some C -saturated set w0 from :2A by applying all the non-structural static rules.P .X . but a constructive completeness for this system is also easy as given below. But note that the (S 5) rule carries all its eventualities from its numerator into its denominator. Consider some ﬁnal cluster C of this tree. But a ﬁnal cluster is also symmetric. That is. as they are in Rautenberg’s systems. and hence the satisﬁability tests based upon them. Completeness Proof for C : Suppose no C -tableau for the singleton set f:2Ag closes. in this case. the semi-analytic cut rule cannot give a decision procedure. This completes the unusual proof for C that: if there is no closed C -tableau for f:2Ag then :A is -satisﬁable. page 201] gives tableau calculi for the symmetric logics . P ( ) X . are much simpler. if j=S5 A then `C 2A. Fitting then proves the curious fact that a single formula A is an -theorem if and only if a C -tableau for f:Ag closes. :2. That is. and using a semi-analytic cut rule (sac). we have merely traded one non-analytic rule for another. and furthermore. :Ag w1 . and hence some set w1 2 C has f:2A. C could not be ﬁnal. 1983. Fitting’s semi-analytic system for is essentially C + (S 5) + (sac). that the ( ) rule needs to be used only once at the beginning of the C -tableau to lift :A to :2A [Fitting. That is. Fitting [1983. hence C is an -frame and hence an -model for f:A. Thus. to these subformulae. page 229]. P 3 and proves that his system C S5 = C T + (S 5) + ( ) is sound and (weakly) complete with respect to S5-frames. :2Ag at w1 under the usual valuation #(p) = fw : p 2 wg. But note that the ( ) rule is not ‘once off’ S5 S5 S5 S5 S5 S5 S5 S5 S5 S5 S5 S4 S4 S5 S5 S5 S5 S5 S5 . and also on superformulae obtained by repeatedly preﬁxing modalities 2. obtaining w0 = f:2Ag! Now construct a tree of -successors as in the C completeness proof except that we use the transitional rule (S 5) instead of (S 4) to create -successors.

:2P . and : . (sfcT ). (R) (S 4) C y S4:2 C PC. P j . But note that a building up rule seems essential for C . 1992. the reﬂexivity axiom. The logic is another candidate for such logics of belief because its extra axiom. Schwarz. The subformula property can be regained for some logics by changing the transitional rules to carry more information from the numerator to the denominator. Marek et al. Figure 8 shows the tableau rules we require.342 ´ RAJEEV GORE : P (R) X . Schwarz and Truszczynski. 2A ! A. Fagin et al. X2:2P . :2Y 22:22Pj. P 2X : (S 4:2) X . have proved useful as nonmonotonic modal logics where the formula 2A is read as ‘A is believed’ or as ‘A is known’ [Moore.X 2P2P . The tableau calculi we consider are shown below: S4R S4F S4 2 K45 K45D K45D CL Static Rules Transitional Rules XCL e Sf :Sf 2X Sf :Sf 2XC S4R Sf :Sf 2XC S4R C S4R C PC. (T ). :2P . 2A ! 3A. 2:2P X . 1992. (S 4:2) (S 4) C y S4F C PC. 2:2P . 2(:2:2P ) :2P not starred j . :2P . 1995. (S 4) . S4F and S4:2 For the logics with a symmetric R we seem to need analytic cut. Tableau rules for S4R. :2P . (sfcT ). :P X . X. (T ). which can be written as 2A ! :2:A. together with the logics and . These logics. B 4. is deliberately omitted on the grounds that believing A should not imply that A is true. (T ).. 1985.. (S 4:2) (S 4F ). In these logics. either as (sfc) or as (sfcT ). so not all the systems are amenable to this trick. :P . :2Y. :2Y . encodes the intuition that ‘if A is believed then :A is not believed’. 2X .15 Modal Logics of Knowledge and Belief In this section we give a brief overview of tableau systems for the modal logics . 1991]. : (S 4F ) U .: Figure 8. U.

Note that the values of XC L are different from those in [Gor´ . :2:2p. 2:2p. 2 . ( : 2 :2 : 2 p ) . L L K4 2 K4 2G EXAMPLE 16. 2(:2:2:2p) ? (S 4) :p. Tableau systems for the logics : and : can be found in Amerbauer’s dissertation [Amerbauer. The (S 4:2) rule is the only potentially dangerous rule since its denominator contains a formula to which the rule can be applied in an endless fashion. 1993]. The soundness and completeness of these calculi is proved in detail by Gor´ e [Gor´ . each of which is an -frame as deﬁned here. and hence is a theorem of : . 2(:2:2:2p) :p. 2:2:2p (::) !!! :2:2p.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 343 The (S 4F ) rule is odd in that its left denominator is static whilst its right denominator is transitional. :2:2:p. 2(:2:2:2p) ::2p. 2:2:2 p p 2 . 1991]. 2:p. p. 2:2p. 2 ( :2 :2 :2 p (T ) (?) :p. 2:2:2p p p 2 p. Consequently. 2 ( :2 : 2 :2 p) (S 4) (::) 2: p. 2p. 2:2:2p 2 p. :2p. . p. 2 :2 . 2:2p. All other rules must treat starred formula as if they were non-starred. 2(:2:2:2p) :p. these logics are also characterised by the classes of ﬁnite. 2:2:2 p 2 . 1991] but it e is easy to see that the new ones are the correct ones due to the effect of (sfcT ). 2:p. 2:2:2p ? 2 p. ::2:2p. S4 2 S4 2 (: 2:2 p) ^ ( :2 :2 : p ) ( ^) (S 4) :2:2p. 2:2:2p (T ) 2: . :2:2:p (S 4:2) :2:2p. 2p. The following closed C y : -tableau for its negation (32p ^ :23p) which in primitive notation is (:2:2p) ^ (:2:2:p) illustrates the use of starred formulae. 2 ( : 2 :2 :2 p p) (S 4) 2: p. 2(:2:2:2p) p p) (::) (T ) (T ) 2: . 2 p. 2(:2:2:2p) (::) (T ) aaa (S 4) ::2:p. :2:2:p. (T ) (?) 2 p. Gor´ actually proves soundness and completeness with respect to a e e class of ﬁnite frames. 2:2:2p ::2p. The formula 32p ! 23p is an instance of the axiom 2. To forbid this the new formula is marked with a star and the (S 4:2) rule is restricted to apply only to non-starred formulae.-frames shown in Figure 13.

. It is also known that Grz implies reﬂexivity. all the tableau calculi contain the rules of C and one or more logical rules from Figure 9 on page 344 as shown below: K K G Grz PC K4G CL Static Rules Transitional Rules XCL e X e e Sf 2(X ! 2X ) e ! 2X ) e Sf 2(X CG C PC C K4Go C PC C Grz C PC. Intuitions for (G) : We know that axiomatically formulated logic is characterised by -frames. Therefore. named after G¨ del-Lob and sometimes called GL. axiom G must be valid on any -frame. .. :2P ! 2P ) :P 2( Figure 9. to . The axiom G is G G G G 2(2A ! A) ! 2A: Its contrapositive is which is the same as :2A ! :(2(2A ! A)) :2A ! 3(2A ^ :A): Thus. Tableau Rules for logics of provability 4. But the logic respectively added to o whose frames share some of the properties of -frames and -frames. 2X . or adding the axiom Grz :2(2(A ! o ¨ 2A) ! A) ! A. and w0 is reachable from w.16 Modal Logics with Provability Interpretations In this section we give tableau calculi for the modal logics that have important readings as logics of ‘provability’ where 2A is read as ‘it is provable in Peano Arithmetic that A holds’. page 241] and Boolos [1979].344 ´ RAJEEV GORE (G) X . These systems are obtained either by adding the axiom G:2(2A ! A) ! 2A. :2P2P 2X :P . It is known that both G and Grz imply the transitivity axiom 4 when they are [van Benthem and Blok. or adding the axiom 4 and the axiom Go :2(2(A ! 2A) ! A) ! 2A. 1978]. P (Grz ) X . explicitly contains 4 as an axiom. hence true in any world of any -model. (T ) (Grz ) (Grz ) (G) The semantic and axiomatic intuitions behind these rules are more enlightening than any technical proof (of soundness) so we present these as well. if the numerator represents a world w where :2P is true. named after Grzegorczyk. Once again. then there exists another world w0 where 2P is true and P is false.2X . see Fitting [1983. 2X .

w0 Rw implies w j= X . and more recently Gor´ et al [1995]. 2X . Suppose w0 2 W is such that w0 j= 2X . 2X .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 345 The denominator represents this world. :P by the transitivity of R: Since R is irreﬂexive. there are no proper clusters. :2P . Proof of C G: Suppose M = hW. w1 = w2 : Since R is transitive. hence w0 = w2 : Suppose w2 6j= 2P then : : : Continuing in this way. 2(P ! 2P ). C and C o are sound with respect to -frames. w2 = 6 w0 would give w1 Rw0 Rw1 implying w1 Rw1 and contradicting the irreﬂexivity of R. The calculi C . Thus there must exist some wi 2 W with w0 Rwi and wi j= X . page e 111]. We have to show that there exists some wn 2 W with w0 Rwn and wn j= X . then there exists some world where 2(P ! 2P )^:P eventually becomes true. show that Grz = S4Grz = S4Go where Go is 2(2(A ! 2A) ! A) ! 2A which gives the following (contraposed formulae) as theorems of Grz: :2A ! :2(2(A ! 2A) ! A) :2A ! 3(2(A ! 2A) ^ :A): Thus. G Grz . -frames and o-frames respectively. The denominator of (Grz ) represents G Grz K4G K4G Proof Outline: For each rule in C L we have to show that if the numerator of the rule is L-satisﬁable then so is at least one of the denominators. it is 6 possible to obtain an inﬁnite path of distinct worlds in M contradicting the Gframe condition on M. then R is transitive. page 107 ]. Since R is transitive. w0 j= 2X means that 8w 2 W. this world. and there are no proper 1-Rchains. :P by transitivity of R: Since R is irreﬂexive. Thus our task is reduced to showing that there exists some wn 2 W such that w0 Rwn and wn j= :P . Intuitions for (Grz ) : The axiom Grz is 2(2(A ! 2A) ! A) ! A: It is known that 4 and T are theorems of Grz [Hughes and Cresswell. 2X . w0 2 W and w0 j= 2X . :2P: Thus there exists some w1 2 W with w0 Rw1 and w1 j= X . 2X . R. 1984. Segerberg [1971. 2X . R. Proof of (Grz ) for C K4Go: Suppose M = hW. Proof of (T ) for C Grz: The (T ) rule is sound for Grz-frames since every Grz-frame is reﬂexive. 2(P ! 2P ): Suppose for a contradiction that no such THEOREM 17 (Soundness). V i is a K4Go -model. :P . :P . V i is a G-model. hence S4 Grz. if :2P is true at the numerator. w0 = w1 : Suppose w1 6j= 2P: Then 6 w1 j= :2P and there exists some w2 2 W with w1 Rw2 and w2 j= X . 2P and we are done.

w0 )gi is the desired model graph as (i)–(iii) are satisﬁed. Q2 . proving completeness boils down to proving the following: if X is a ﬁnite set of formulae and no C -tableau for X is closed then there is an -model for X on an -frame hW. let Q1 . For each C -consistent X there is an effective procedure to construct some ﬁnite C -saturated X s with X X s XC L . Hence (a) cannot hold and 9w 2 W. 2(P ! 2P ): That is. Let R be the transitive closure of . Since w1 j= :P . Since 6 w2 j= P . If there is a closed C -tableau for tableau for X with all nodes in the ﬁnite set XC L . 2(P ! 2P ). in this way. w1 6j= 2(P ! 2P ) and hence w1 j= :2(P ! 2P ): Thus there exists some w2 2 W with w1 Rw2 and w2 j= :(P ! 2P ). Qm be all L G L L X is G Grz G . f(w0 . Otherwise. And w3 = w0 and w3 = w1 as either would give a proper 6 6 6 cluster. Since w2 j= :2P there exists some w3 2 W with w3 j= :P . there exists some w1 2 W with w0 Rw1 and w1 j= :P . w2 j= P ^ :2P . The resulting tree is a model graph hW0 . Proof for C : If no :2P occurs in w0 then hfw0 g. Since wi has a successor. hence the proof above sufﬁces. or we obtain a cycle. giving a proper 1-R-chain.346 ´ RAJEEV GORE world exists in W . Thus wi 6= wi+j for any j 1 and each such sequence must terminate since XC G is ﬁnite. Proof for C : If no :2P occurs in w0 then hfw0 g. w3 6j= 2(P ! 2P ) and hence w3 j= :2(P ! 2P ). Obvious from the fact that all rules for C only. there is some :2Q 2 wi and 2Q 2 wi+j for all j 1 by (G). . w3 = w2 . the desired wn exists. As we saw in Subsection 4. Q2 . Otherwise. and so on for other levels. L L As usual we construct some C -saturated w0 from X with X w0 XC L .i is the desired model graph as (i)–(iii) are satisﬁed.11. LEMMA 19. By (a). If X is a ﬁnite set of formulae and consistent then there is an -model for X on a ﬁnite -frame. let Q1 . Proof. (a) LEMMA 18. . Continuing K4G Grz Grz K4G L L L L X then there is a closed C L- L operate with subsets of XCL C L- THEOREM 20 (Completeness). w1 = w2 and since K4Go -models cannot contain proper clusters. Repeating this construction on the nodes of level one gives the nodes of level two. That is. Qm be all the formulae such that :2Qi 2 w0 . By (a). Both are forbidden in o-frames. 6 w0 = w2 . Consider any sequence wi wi+1 wi+2 . Proof of (Grz ) for C : Every -frame is a o-frame. . that is put wRw0 if w w0 and put wRv if w w0 v. 8w 2 W. Ri for X which is also a -frame. Ri. w0 Rw implies w 6j= :P . we either obtain an inﬁnite path of distinct points. Since w0 j= :2P . that is. giving a proper cluster. w0 Rw and w j= :P . Create a C -saturated Qi -successor for each Qi using ( ) and (G) giving the nodes vi of level one.

Thus each such sequence must terminate (without cycles). Suppose wi+j = wi . Let R be the transitive closure of and also put wRw if w is reﬂexive to obtain a model graph hW0 . Since Q ! 2Q is just abbreviation for :(Q ^ :2Q). with B 62 wi . Q2 . Also. A C o-saturated set v is reﬂexive iff 2A 2 v implies A 2 v . Thus each such sequence must terminate (without cycles). We created a successor wi+1 for wi precisely because :Q 62 wi and so the ﬁrst case is impossible. and so on for other levels. contradicting the -consistency of wi since :2Q 2 wi by supposition. Proof for C : If no :2P occurs in w0 then hfw0 g. while C is from Rautenberg [1983]. Since wi has a successor. Continue creating successors in this fashion for these nodes using ( ) and (Grz ). Rautenberg gives a hint on how to ex- Grz G . Create a C -saturated Qi successor for each Qi using ( ) and (Grz ) giving the nodes vi of level one. 2(Q ! 2Q) 2 wi+j for all j 1. Since Q ! 2Q is just abbreviation for :(Q ^ :2Q). j 1. then 2(Q ! 2Q) 2 wi and hence Q ! 2Q 2 wi by (T ). That j 2 is crucial! Then 2(Q ! 2Q) 2 wi and Q ! 2Q 2 wi by (Grz ). Ri for X which is also a -frame. Ri for X which is also a o-frame. and by (Grz ). for all j 1. If v is non-reﬂexive then there exists some 2B 2 v but B 62 v . If wi is non-reﬂexive then there is some 2B 2 wi . contradicting the o-consistency of wi since :2Q 2 wi by supposition. Since wi has a successor. And if ::2Q 2 wi then 2Q 2 wi by (:).gi is the desired o model graph as (i)–(iii) are satisﬁed. And if ::2Q 2 wi then 2Q 2 wi by (:). there is some Q such that :2Q 2 wi . we created a successor wi+1 for wi precisely because :Q 62 wi and so the ﬁrst case is impossible. Since wi is reﬂexive. this means that o is characterised by ﬁnite transitive trees of non-proper clusters refuting the conjecture of Gor´ [1992] e that o is characterised by ﬁnite transitive trees of degenerate non-ﬁnal clusters and simple ﬁnal clusters. we know that :Q 2 wi or ::2Q 2 wi . we know that :Q 2 wi or ::2Q 2 wi . This gives the nodes of level one. If w0 is reﬂexive then create a C o-saturated Qi -successor for each :2Qi with :Qi 62 w0 . If wi is reﬂexive then :Q 62 wi . Qm be all the formulae such that :2Qi 2 w0 . otherwise if w0 is non-reﬂexive then create a C o-saturated Qi -successor for each :2Qi . j 2. there is some :2Q 2 wi that gives rise to wi+1 . 2(Q ! 2Q) 2 wi+j for all j 1. and yet both 2B and B are in wi+j by (Grz ). hence wi 6= wi+j . f. Let R be the reﬂexive and transitive closure of to obtain a model graph hW0 . Otherwise. :Q 62 wi .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 347 the formulae such that :2Qi 2 w0 and :Qi 62 w0 . Grz Grz K4G Grz K4G K4G K4G K4G K4G K4G K4G Bibliographic Remarks and Related Systems The tableau system C is from Fitting [1983] who attributes it to [Boolos. Suppose wi+j = wi . let Q1 . As Amerbauer [1993] points out. . Consider any sequence wi wi+1 wi+2 . 1979]. Consider any sequence wi wi+1 wi+2 . hence wi 6= wi+1 . 1 i m. and yet :Q 2 wi+1 by (Grz ).

i and : -frames. 1983. : is KT 43. are not available. and is KT 4Dbr. i j= A iff `S4:3:1A where ! is the set of natural numbers [Goldblatt.348 ´ RAJEEV GORE tend these to handle C e o but Gor´ [1992] is unable to give an adequate system for C . In all cases time is taken to be transitive and the variations between the logics comes about depending on whether we view time as linear or branching. i j= A iff `S4:3 A where I is either the set of real numbers or the set of rational numbers and is the usual (reﬂexive and transitive) ordering on numbers [Goldblatt. 1986]. 1987. it can be shown that hI . The formal correspondence between hI . : : is KT 43Dum. That is. as dense or discrete. Reﬂexive Monomodal Temporal Logics are all normal extensions of and are axThe logics : . Bellin [1985]. Borga [1983]. All logics are ‘monomodal’ in that the reverse analogues of these operators. We are allowed to look forwards but not backwards. K4G KG 2 K4G KGL K4G K4 3G 4. Consequently. leaving it as further work. 1987]. the reachability relation R is taken to model the ﬂow of time in a forward direction. : : and iomatised by taking the appropriate formulae from Figure 1 as axiom schemas. Sambin and Valentini [1980. 1987. The given C o o is due to Martin Amerbauer [1993] who following suggestions of Rautenberg and Gor´ also gives e systems for : and (which Amerbauer calls : ). page57]. 1982 ]. i and : : -frames can be obtained by using a technique known as bulldozing and deﬁning an appropriate mapping called a p-morphism [Goldblatt. between any two points there is always a ﬁnite number (possibly none) of other points and : : is said to model linear discrete time. 1994]. It can be shown that h!. 1984]. 1965]. and appropriate cut-elimination proofs have been given by Avron [1984]. Their respective axiomatisations are: is KT 4. between any two points there is always a third and : is said to model linear dense time. Hence. which is based heavily on [Gor´ . and between h!. The Diodorean modal logics : and : : have received much attention in the literature because of their interpretation as logics of dense and discrete linear time [Bull. we give tableau systems e for normal modal logics with natural temporal interpretations where 2A is read as ‘A is true always in the future’ and 3A is read as ‘A is true some time in the future’. That is. and each possible world represents a point in this ﬂow with some point deemed to be ‘now’. Hughes and Cresswell. and as reﬂexive or non-reﬂexive (which is not the same as irreﬂexive). We explain these notions below. S4 3 S4 3 1 S4Dbr S4 S4Dbr S4 S4 3 S4 3 1 S4 3 S4 3 1 S4 3 S4 3 1 S4 3 S4 3 1 . Borga and Gentilini [1986].17 Monomodal Temporal Logics In this section. namely ‘always in the past’ and ‘some time in the past’. Provability logics have also been studied using Gentzen systems. and Valentini [1983.

The C rules are sound with respect to -frames. by bulldozing each proper cluster of an frame we can obtain an inﬁnite dense sequence so that is the logic that models branching dense time. : : and . (S 4:3:1) Sf (2(X e e e C S4Dbr C PC. the deﬁnition of -frames is slightly different. (S 4Dbr) Sf (2(X ! 2X ).TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 349 The logics and can be given interpretations as logics of dense and discrete branching time. The (S 4:3) rule can be seen as a disjunctive choice between which one of the k eventualities is fulﬁlled ﬁrst and an appropriate ‘jump’ to the corresponding world. The intuition behind the (S 4:3) rule is based on a consequence of the characteristic : axiom 3. (T ) (S 4). Therefore. That is. The tableau calculi C : . 1984. Proof. it can be shown that is also characterised by the class of all reﬂexive transitive (and possibly inﬁnite) trees [Hughes and Cresswell. e C S4:3 C PC. Obvious from the fact that all rules for C only. : . The axiomatic system is proposed by Zeman [1973. LEMMA 21. 1994]. L operate with subsets of XCL LEMMA 22. page 249] as the temporal logic for branching discrete time. (T ) (S 4:3) X e ! 2X ). If there is a closed C tableau for the ﬁnite set closed C tableau for X with all nodes in the ﬁnite set XC L . L L L S4 3 S4 S4 3 . (T ) (S 4). If there are k eventualities. C : : and C are respectively the calculi for the logics :. : : and cover the four possible combinations of discreteness and density paired with linearity and branching. :: and as shown below: S4 S4Dbr S4 S4Dbr S4 S4 S4 14 S4 S4 3 S4 3 1 S4 3 S4 3 1 S4Dbr S4 3 1 S4Dbr S4Dbr CL Static Rules S4Dbr S4 S4 3 S4 3 S4 3 1 Transitional Rules XCL contain the rule (S 4:3) but does contain the rule (S 4): Also note that the (S 4:3:1) rule contains some static denominators and some transitional denominators. although e note that there. As on page 318. page 120]. Adding 3 to gives a weakly-connected R for : so that eventualities can be weakly-ordered. THEOREM 23. We omit details since the proofs can be found in [Gor´ . 2X ) e e C S4:3:1 C PC. the logics . That is. For each C -consistent X there is an effective procedure to construct some ﬁnite C -saturated X s with X X s XC L : L L Proof. Figure 10 on page 350 shows the rules we need to add to C in order to obtain tableau systems for : . one of them must be fulﬁlled ﬁrst. 2X ) Note that C S4:3 does not contain the rule (S 4) and that C S4:3:1 does not L L X then there is a Proof. but Zeman and Gor´ e [1994] call this logic : .

2X . . 2(Qj ! 2Qj ). Tableau rules (S 4Dbr).350 ´ RAJEEV GORE . :Pk = fP1 . Qk gj j Sk j k+1 k+2 1 2 where j S2k Y = fQ1 .: (S 4Dbr) 2X . :2SQ1. Yj = Y n fQj g. (S 4:3) and (S 4:3:1) . Qk g. :P1 j j 2X . :2Yj for 1 j k Figure 10. where Y . .2P . :2Y1 . Pk g and Yi = Y n fPi g f (S 4:3:1) S j S j U . 2:2P j2X X . Pk g 2X . :2Yj . j S. :2Yk . 2(P ! 2P ) 2 :P (S 4:3) 2X . :2fP1 . Sj = U . 2:2Qj Sk+j = 2X . 2X . :Qj .

The differences are that only one sequence is constructed. the proof for C : is reproduced there we used below to give an idea of how to handle linearity. Proof sketch for C : : The completeness proof of C : is similar to the completeness proof for C . S4 3 1 THEOREM 24. so is at least one of S = w0 w1 w2 wm wm+1 thus escaping out of the cycle. 1994] but note that e : for . . L L L Again we omit details since they can be found in [Gor´ . so that :2Y is the set of eventualities in wn 1 that remain unfulﬁlled by C: Let w0 = fP j2P 2 wn 1 g: Since (2w0 . Note that the (S 4:3) rule guarantees only that at least one eventuality gives a C : consistent successor whereas (S 4) guarantees that every eventuality gives a C consistent successor. :2Y ) wn 1 is C S4:3-consistent by ( ). they must be ordered. If X is a ﬁnite set of formulae and X is C -consistent then there is an -model for X on a ﬁnite -frame hW. or ‘non-eternal’. we can extend C by putting wn 1 wm0 : Recomputing Y using m0 instead of m must decrease the size of Y since wn 1 has remained ﬁxed. C would already fulﬁll the eventuality that gives this successor. But there may be many such eventualities and since R is weakly-connected. In the latter case we carry on the construction of S: In the former case we form a ﬁnal Xj = 2w0 f:Pj g :2Yj . And this crucial difference is why thinning seems essential. Otherwise it must be dealt with immediately by fulﬁlling it via a transition. choose the C S4:3-consistent Xi that gives a S4:3-saturated Pi -successor for wn 1 which is new to S to sprout a continuation of the sequence. However. and that in doing so. no such successor will be possible giving a sequence S = w0 w1 w2 wm wm+1 wn 1 wm containing a cycle C = wm wm+1 wn 1 wm which we write pictorially as S4 14 S4Dbr S4 3 S4 S4 3 S4 3 S4 3 S4 wn 1 : The cycle C fulﬁlls at least one of the eventualities in wn 1 . If the eventuality :2P is ‘eternal’ then it can be stashed away (statically) as 2:2P and ignored until ‘later’.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 351 The intuition behind the (S 4:3:1) rule is that each eventuality is either ‘eternal’. as otherwise. for j = 1. the (S 4:3) rule is used instead of the (S 4) rule. namely the :2Q that gave the duplicated Q-successor wm of wn 1 : But C may not fulﬁll all the eventualities in wn 1 : Let Y = fP j:2P 2 wn 1 and :P 62 wj . . always attempting to choose a successor new to the sequence. m j n 1g. That is. Repeating this procedure will eventually lead either to an empty Y or to a new successor. Ri. because it is fulﬁlled an inﬁnite number of times in the sequence of worlds that constitute an : : -model. k by (S 4:3): As before. The basic idea is to follow one sequence. Sooner or later. If no such new successor is possible then choose the successor wm0 that appears earliest in S: This successor must precede wm .

1987] that omit reﬂexivity where the new axiom schemata are D. and Zbr. which is sound for frames. X . 1994] e . That is. Z . Let R be the reﬂexive and transitive closure of so that the overlapping clusters of become maximal disjoint clusters of R: It should be clear that hW. and transitive non-reﬂexive linear discrete time respectively. Non-reﬂexive Monomodal Temporal Logics : : respectively have counterparts called and The logics : and [Goldblatt. Another minor complication is the need for an explicit tableau rule to capture density (no consecutive degenerate clusters. The simplest way to handle the seriality axiom D is to use the static (D) rule of Rautenberg even though it breaks the subformula property. see Figure 11. L. Ri is a model-graph for X: Note that thinning seems essential. By using rules from Figure 11 it is possible to obtain cut-free tableau calculi possessing the analytic superformula property for these logics as: 1I missed this aspect in [Gor´ . see Figure 1 on page 299.1 so we use the transitional (KD4) and (KD4L) rules instead. Ri is a linear order of maximal. 1987]) for but this is handled by the transitional rule (K 4DX ). I am not aware of a proof of completeness for the non-reﬂexive counterpart of but it seems reasonable to conjecture that is this counterpart. we have to exclude the eventualities that are already fulﬁlled by the current cycle C in order to escape out of the cycle that they cause.352 ´ RAJEEV GORE cycle that fulﬁlls all the eventualities of wn 1 and stop. We return to this point later. 1987]. <i j= A iff `K4DLZ A where I is either the set of real numbers or the set of rational numbers and ! is the set of natural numbers [Goldblatt. The non-reﬂexive analogue of the (S 4:3) rule becomes very clumsy since it is based on the -theorem: K4DLZ S4 3 S4 3 1 K4DLX S4Dbr K4DZbr K4DLX K4DLX K4LX 3P ^ 3Q ! 3(P ^ 3Q) _ 3(Q ^ 3P ) _ 3(P _ Q) and it is easier to use the rule (K 4L) which makes explicit use of subsets. Sooner or later we must run out of new successors since XC S4:3 is ﬁnite and so only the former case is available to us. Hence these logics model transitive nonreﬂexive linear dense. see [Goldblatt. in computing Y . The (K 4L) rule is similar to a rule given by Valentini [1986]. disjoint clusters that satisﬁes properties (i)–(iii). <i j= A iff `K4DLX A and h!. and hence that hW. It is known that hI . But (D) and (K 4Zbr) can conspire to give an inﬁnite sequence of building up operations.

Yi =Y nYi Si = (X . m = 2k 1. :2fP1 . 2X . 2P P X. 2:2Qj for 1 j k. . Sj = U . Y m is an enumeration of the non-empty subsets of Y . :2fQ1. Sk+i = X .j :2P2X . :2Y i for 1 i m Figure 11. j SPk g S1 j S2 j m where m = 2k 1. Qk g 1 2 k j Sk+1 k+2 j where : j Sk+m Y = fQ1.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 353 2 : (K 4D) X . . :Y i ) X (K 4LZ ) S j S j U . 2:22X . Y 1 .j2S . (K 4L) 2X . Y m is an enumeration of the non-empty subsets of Y . Yj = Y n fQj g for 1 j k. :P g may be empty where :2Y may be empty X. 1 i m. :2Yj .X . Y (K 4DX ) X22X:22Y .X . 2X . 2X . Y 1 . . :2Y i .2P 2 :P where f:2P. . Tableau rules for non-reﬂexive Diodorean logics . Qk g.: (K 4Zbr) X . . 2X . 2Y i . Y i = Y n Y i for 1 i m.j S . :Y i . :P .

AC -saturated set v is reﬂexive iff 2A 2 v implies A 2 v . else create a reﬂexive (K 4DX )-successor (like vn ) as shown above. So in the general C construction. . The Saturation Lemma (Lemma 6 on page 318) will go through as for the other logics since the tableau systems have the analytic superformula property. Nevertheless. If v1 is non-reﬂexive then create a successor v2 for v1 using (K 4DX ). If v is non-reﬂexive then create a successor v1 for v using (K 4DX ). (K 4Zbr) First of all note that (K 4DX ) is a transitional rule. THEOREM 26. it may appear as if the explicit subset notation would allow us to dispense with ( ) but this is not so. We omit details since the proofs are similar to the ones for the reﬂexive temporal logics and are not difﬁcult. We again construct just one sequence but with the following twist. Note that v v1 v2 vn hence the sole purpose of vn is to carry v and be reﬂexive. Repeating this procedure must eventually give a (K 4DX )-successor vn that is reﬂexive. Now discard v1 . Once again. eventually we will produce a sequence. whereas (K 4L) and (K 4LZ ) only allow us to delay them. Now. and we may need thinning to escape from the cycle if it does not fulﬁll all its own eventualities as in the case for C : . the proof for C is reproduced below to give an idea of how to handle the density requirement. S4 3 S4 3 1 THEOREM 25. Ri. 1994] e but note that there we used the name Z14 for the axiom we here dub Zbr. v2 . (K 4L) (K 4D). In either case the sequence produced using satisﬁes the following criterion: there are no consecutive non-reﬂexive sets in the sequence. thus it need not fulﬁll any eventualities. this procedure may produce a cycle. Proof sketch for C : The construction of the model graph is similar to the construction for C : except that we now know that every eventuality gives rise to two C -consistent successors. not a static rule. if we are constructing a successor for w and w is reﬂexive then create a possibly non-reﬂexive (K 4L)-successor. However. (K 4LZ ) (K 4D). For ( ) allows us to ignore certain eventualities. L L L Again we omit details since they are similar to the proofs given in [Gor´ . The C rules are sound with respect to -frames. L L Proof. If v is non-reﬂexive then there exists some 2Q 2 v but Q 62 v . one from (K 4DX ) and at least one from (K 4L) (and ( )). vn 1 and put v vn . Thus using the reﬂexive analogues of these rules for : and : : does not help to eliminate ( ). If X is a ﬁnite set of formulae and X is C -consistent then there is an -model for X on a ﬁnite -frame hW. possibly K4DLX K4DLX S4 3 K4DLX K4DLX K4DLX S4 3 .354 ´ RAJEEV GORE CL C K4DLX C K4DLZ C K4DZbr Static Rules Transitional Rules XCL e Sf :Sf 2X e Sf :Sf 2X e X C PC C PC C PC (K 4DX ).

Rautenberg [1983] refers to ‘a simple tableau’ system for : but does not give details since his main interest is in proving interpolation. it is claimed that the logic ‘is characterised by the ﬁnite reﬂexive-and-transitive frames in which all but the ﬁnal clusters are simple’. 1990]. that fulﬁlls all its eventualities. But note that the extra 2 modality in Dbr is exactly what is needed since. Apparently. In fact. The observation that we can detect reﬂexive worlds is due to Martin Amerbauer [1993]. The resulting model is a ﬁnite reﬂexive and transitive linear sequence of R-clusters with no consecutive degenerate R-clusters. Bull [1965] mentions that Kripke used semantic tableau for : : . Shimura [1991] has given a syntactic proof of cut-elimination for the corresponding sequent system for : . Serebriannikov has also obtained this system for : but I have been unable to trace this paper. ’. . Zeman does not investigate remedies and consequently does not give a tableau system for : : . We show that this second claim is not correct by giving a ﬁnite reﬂexive-and-transitive model in which all but the ﬁnal clusters are simple. and : lacks interpolation. A Note on S4Dbr S4Dum In a chapter on modal logic by Segerberg and Bull [1984. The model is pictured in Figure 12. The explanation rests on the fact that 2(2(P ! 2P ) ! P ) can be written as 2(:P ! 3(P ^ 3:P )): Thus Dum can be written as: 2(:P ! 3(:P ^ This is just as well because we have just shown that characterises this class and Dum and Dbr are different. page 245] merely shows that his tableau procedure for : goes into unavoidable cycles when attempting to prove Dum. . but in which Dum is false. The mentioned by Bull is : : but Zeman [1973. In subsequent personal communications I have been unable to ascertain the : system to which Rautenberg refers [Rautenberg. Bull [1985] states that ‘Zeman’s Modal Logic (XLII 581). 3P )) ^ 32P ! P: S4Dbr S4Dbr S4 3 1 Related Work and Extensions Zeman [1973] appears to have been the ﬁrst to give a tableau system for : but he is unable to extract the corresponding cut-free sequent system [Zeman. S4 3 S4 3 S4 3 S4 3 S4 3 S4 3 S4 3 D D S4 3 1 S4 3 S4 3 1 S4 3 1 . as otherwise they would form two consecutive degenerate R-clusters. whereas we give a semantic proof. The density condition is met because if we have w1 Rw2 then one of them must be reﬂexive.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 355 containing cycles. page 51]. in the counter-example of Figure 12. page 232]. Let R be the transitive closure of but also put wRw if w is reﬂexive. w0 6j= 232p: That is. the counter-example does not falsify Dbr because the extra modality handles the branching inherent in -models which is absent in : : -models. and furthermore that has no consecutive non-reﬂexive worlds in the sequence. 1973. Hence between any w1 and w2 we can always put a third world w which is a copy of the one that is reﬂexive. . gives tableau systems for : and in its Chapter 15. in 1963.

there seems to be some mismatch between the rules in [Shimura.356 ´ RAJEEV GORE f:pg R Z w0 Z Z Z fpg w1 R 6 f:pg '$ &% R = ? Z R Z Z Z Z R ~ Z- R w3 fpg w2 Dum can be written as: 2(:p ! 3(p ^ 3:p)) ^ 32p ! p. A ﬁnite reﬂexive-and-transitive model in which all but the ﬁnal clusters are simple in which Dum is false at w0 but he gives no reference and subsequent texts that use semantic tableau do not mention this work [Zeman. 1994] when we e S4 . These side conditions correspond exactly to the missing second branches of the rules from [Gor´ . However. At ﬁrst sight. 1992] has (independently) given almost identical systems for these logics. Until very recently. w0 j= 2(:p ! 3(p ^ 3:p)) but w0 6j= p: Figure 12. I had thought that there were no other cut-free Gentzen systems for the logics S4. since the former are non-branching.3. Note that no such explicit representation of R is required in our systems where the desired properties of R are obtained by appropriate tableau rules. Presumably Kripke would have used tableaux where an explicit auxiliary relation is used to mimic the desired properties (like linearity) of R as is done in the semantic diagrams of Hughes and Cresswell [1968. e 1994]. the rules in [Shimura. 1992] and those given in [Gor´ . w0 j= 32p because w3 j= 2p. while the latter are branching. w0 j= :p ! 3(p ^ 3:p) because of w1 and w2 . page 290]. 1992] contain an extra side-condition corresponding to an oracle. 1973].1 in the literature.14 and S4. Guram Bezhanishvili has recently informed me that Shimura [Shimura. and many other logics containing . Shimura also gives interpolation theorems for these. and also take a logic as a parameter.

these techniques extend easily to give a cut-free tableau system for : = : [van Benthem and Blok. These applications of ( ) can be eliminated by building thinning in a deterministic way into the transitional rules. the ones that do not match the numerator of (S 5).2Y . see [Shimura. Thus.P P : : 2P (S 5 ) X . The new transitional rule (S 5 ) does the work of ( ) and (S 5). The main applications of ( ) in our completeness proofs are the ones used to eliminate the formulae that do not match elements of the numerator. This is not an application of ( ) when the transitional rule in question is non-branching like (S 4). The crucial point is that we can specify X 0 exactly because we know exactly which formulae to throw away: namely. For example. see page 313.Y:. and implicitly use an embedding of into . it is just that we are not interested in these successors. Lemma 2. . There are two places where we resort to applications of ( ) in our completeness proofs. 1992. see page 312. prior to an application of a transitional rule.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 357 take into account that Shimura actually uses the logic as a parameter to his rules for : and : : .0::P X. ( ) introduces a form of nondeterminism into each C since we have to guess which formulae are really necessary for a proof.18 Eliminating Thinning The structural rule ( ) corresponds to the sequent rule of weakening which explicitly enforces monotonicity. Thus is characterised by ﬁnite linear sequences of irreﬂexive worlds. Finally. we can change the (S 5) rule shown below left to the (S 5 ) rule shown below right: L 2 :2 :2 (S 5) 2X . because a consistent successor also exists for these eventualities. S4 14 S4 3 1 S4 S5 S4 3Grz KGrz 3 S5 GL K4 3W S4 3Grz KLG KG KLG G3 4. thus pre-empting the reﬂexivity of R.2P .6]. where X 0 = f2A : 2A 2 X g f:2B : :2B 2 X g f:2P g. see Fitting [Fitting. In some completeness proofs we also avoid creating a successor for :2Q 2 w if :Q 2 w. The non-reﬂexive counterpart of : is (sometimes called : or or : ) where L is as above and G is the G¨ del-Lob axiom 2(2A ! o ¨ lin A) ! 2A: Rautenberg [1983] shows that is characterised by the class of ﬁnite transitive trees of irreﬂexive worlds. Shimura’s oracles contain the nondeterminism inherent in these rules. 1978] which is axiomatised as KGrz:3 where Grz is the Grzegorczyk axiom schema Grz :2(2(A ! 2A) ! A) ! A: This logic is characterised by ﬁnite linear sequences of simple clusters but note that Shimura [1991] has already given a sequent system for this logic. We consider each in turn. From a theorem proving perspective. 1983].X . and it is easy to turn his system into a tableau system. It is therefore desirable to eliminate ( ). but note that Valentini [1986] has already given a cut-free sequent system for this logic.

an alternate proof for C : may be possible by considering all (S 4:3)-successors for every node. Unfortunately. For in the counter-model construction for C : . we must be able to ignore some of the eventualities in wn 1 using ( ) and this means that ( ) is now an essential rule of C : . But we believe it can be limited to the explicit contractions we have shown in our modal rules. but the completeness proof (see [Gor´ . However. It is possible to rework all of our work using multisets instead of sets.358 ´ RAJEEV GORE rules as well. For example. page 30–31 ]. The frames in . (K 4L) and (S 4:3:1) etc. contraction is built into our tableau rules by the ability to carry a copy of the principal formula into the denominator. At this stage it is essential to invoke applications of ( ) on subsets of the eventualities. whereas the non-branching rules guarantee that every denominator is consistent (since they only have one denominator). but the proofs become very messy. hence our logics are also characterised by the ﬁnite frames shown in Figure 13. Clearly the intuitions inherent in our semantic methods are no longer sufﬁcient to prove that weakening is eliminable. for the (S 4Dbr) rule also e branches. 4. For a more detailed study of contraction in modal tableau systems see the work of Hudelmaier [1994] and Miglioli et al. but this is beyond the scope of this chapter.20 Finite L-frames In all our completeness proofs we construct ﬁnite model graphs. We have obtained a syntactic proof of elimination of weakening in the sequent system containing the sequent analogues of the modiﬁed tableau rule (S 4:3 ). and then showing that any two worlds in this tree can be ordered as is done by Hughes and Cresswell [1984. giving a tree of nondegenerate clusters. [1995]. It may be possible to eliminate thinning by using cleverer completeness proofs. our set-based rules and completeness proofs are not sophisticated enough to prove this since (the saturation) Lemma 6 on page 318 requires that we copy the principal formula into the denominator. we may reach a stage where all C : -consistent successors already appear in S but no such cycle fulﬁlls all the eventualities of the last node.19 Eliminating Contraction As we have seen. The crucial difference between the branching transitional rules like (S 4:3) and the non-branching transitional rules like (S 4) is that the former guarantee only that at least one denominator is consistent. That is. even though we can also build thinning into these S4 3 S4 3 S4 3 S4 3 4. Note however that this seems to require a cut rule since Hughes and Cresswell use maximal consistent sets rather than saturated sets as we do. But note that not all branching transitional rules are bad. 1994]) goes through without recourse to ( ) because we can make a second pass of the initial model graph to obtain the desired frame. ( ) appears essential for some of the branching transitional rules like (S 4:3).

and is decidable. putting ( ) equal to (cut) in Lemma 2 (page 313) gives: L L L THEOREM 27.21 Admissibility of Cut and Gentzen Systems The cut rule is sound with respect to all our -frames and each C is sound and complete with respect to the appropriate -frames. the Gentzen system G K shown in Figure 14 is a proof system for modal logic . The systems of Cerrato enjoy the subformula property and separate introduction rules but do not enjoy cut-elimination in general (although the systems for do so). Masini [1992. 4. some of these methods have their own disadvantages. Elegant modal sequent systems respecting these ideals of Gentzen have proved elusive although the very recent work of Avron [1994]. For example.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 359 Figure 13 are all based on trees of clusters or trees of worlds where we assume that clusters immediately imply transitivity. Then. :Y . Each of our tableau rules has a sequent analogue so it is possible to convert each tableau system C into a sequent system G L. not only do some of our systems break the subformula property. 1996]. By induction it is straightforward to show that the sequent X ! Y is provable in G L iff there is a closed C -tableau for X . L Tableau systems are (upside down) cousins of proof systems called Gentzen systems or sequent systems. Our sequent systems do not possess all the elegant properties usually demanded of (Gentzen) sequent systems. The systems of Masini enjoy cut-elimination and give direct proofs of decidability but (currently) apply only to the logics and . a formula A is valid in all -frames (and hence a theorem of ) iff the sequent ! A is provable in G K . Cerrato [1993]. For example. The hypersequents cannot handle logics like : : and of Pottinger [1983] and Avron [1994] seem to retain most of the desired properties since they give cut-free systems with the subformula property for most of the basic modal logics including . K K K L L L K K KD S4 3 1 S4Dbr S5 5 TABLEAU SYSTEMS FOR MULTIMODAL TEMPORAL LOGICS In this section we brieﬂy survey tableau systems for multimodal temporal logics with future and past time connectives which have proved useful in Computer Sci- . but most do not possess separate rules for introducing modalities into the right and left sides of sequents. each logic has the ﬁnite model property. Thus. However. see Fitting [1983]. It would be interesting to see if they can be extended to handle the Diodorean or provability logics. These ﬁner-grained results are not always obtainable when using other tableau methods. 1991] and Wansing [1994] are attempts to redress this dearth. G L is cut-free as long as C does not use (sfc) or (sfcT ). The systems of Wansing enjoy cut-elimination and clear introduction rules but do not immediately give decision procedures. Consequently. and [Kracht. The rule (cut) is admissible in each C . That is.

or a ﬁnite intransitive and symmetric tree of at least two worlds ﬁnite tree of ﬁnite clusters with ﬁnite nondegenerate ﬁnal clusters a single ﬁnite cluster. or a simple cluster followed by a ﬁnite nondegenerate cluster a sequence of at most two ﬁnite nondegenerate clusters a ﬁnite tree of ﬁnite nondegenerate clusters with one last cluster ﬁnite sequence of ﬁnite nondegenerate clusters ﬁnite sequence of ﬁnite nondegenerate clusters with no proper non-ﬁnal clusters ﬁnite tree of ﬁnite nondegenerate clusters with no proper non-ﬁnal clusters ﬁnite sequence of ﬁnite clusters ﬁnite sequence of ﬁnite clusters with a nondegenerate ﬁnal cluster ﬁnite sequence of ﬁnite clusters with a nondegenerate ﬁnal cluster. Deﬁnition of ﬁnite.-frames L L . or a degenerate cluster followed by a ﬁnite nondegenerate cluster ﬁnite tree of ﬁnite nondegenerate clusters single ﬁnite cluster single ﬁnite nondegenerate cluster ﬁnite symmetric tree of reﬂexive worlds a single ﬁnite nondegenerate cluster. and no consecutive degenerate clusters ﬁnite sequence of degenerate clusters with a ﬁnal simple cluster ﬁnite tree of degenerate clusters with ﬁnal simple clusters ﬁnite transitive tree of irreﬂexive worlds ﬁnite transitive tree of reﬂexive worlds ﬁnite transitive tree of worlds ﬁnite transitive sequence of irreﬂexive worlds Figure 13.360 ´ RAJEEV GORE L K T D K4 KDB K4D K45 K45D S4 KB4 S5 B S4R S4:3Zem S4F S4:2 S4:3 S4:3:1 S4Dbr K4L K4DL K4DLX K4DLZ K4DLZbr G Grz S4Grz S4MDum K4Go GL ﬁnite.-frames ﬁnite intransitive tree of irreﬂexive worlds ﬁnite intransitive tree of reﬂexive worlds ﬁnite intransitive tree of worlds with reﬂexive ﬁnal worlds ﬁnite tree of ﬁnite clusters a single reﬂexive world. or a degenerate cluster followed by a ﬁnite nondegenerate cluster a single ﬁnite nondegenerate cluster.

In Computer Science the term ‘temporal logic’ is used to describe logics where the frames are discrete in the sense of : : -frames and -frames. Y X. Kamp then showed that certain binary modal connectives are ‘expressively complete’ in that they capture any property expressible in the ﬁrst-order theory of linear orders. 1984]. Y ( ) (Ax) X ! P. One example is the property ‘A is true now and remains true until B becomes true’. t2 . 3 and 2 are ‘expressively incomplete’ because there are simple properties of linear orders that cannot be expressed using only these connectives together with the usual boolean connectives. Y X. 1983]. 1968]. Kamp showed that linear tense logic equipped with monomodal tense connectives like . the boolean connectives and the predicate familiar from number theory.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 361 X. Wolper introduced extra connectives corresponding to regular expressions but these are S4 3 1 S4Dbr . P ! P. properties that correspond to regular expressions from automata theory like ‘A is true in every second state’. P ! Y X ! :P. P. certain binary modal connectives have proved more useful. The term ‘linear temporal logic’ is used when the frames are linear (discrete) sequences and the term ‘branching temporal logic’ is used when the frames are (discrete and) branching. . for example. Y (! :) X !P 2X ! 2P (! 2P : K ) Figure 14. that is. U ! V. expressible using time point variables like t1 . If we wish to refer to the past then we can use a multimodal tense logic where A is read as ‘A is true at all points in the past’ and A is read as ‘A is true at some point in the past’ [Burgess. Sequent rules for G K ence. Here we just try to show how these logics and their tableau methods relate to the methods we have seen so far. Y (! ^) X ! P ^ Q. Y X ! Q. The impetus for studying linear binary modal operators started with the seminal results of Kamp [Kamp. The brevity is justiﬁed since the survey by Emerson [Emerson. the quantiﬁers 8. However. Q ! Y (^ !) X. 1990] covers tableau methods for these logics. Wolper then showed that even these connectives could not express all desirable properties of sequences [Wolper. :P ! Y (: !) X !Y X. Y X. P ^ Q ! Y X ! P. 9.

i ) j= A or (M. j ) j= A. (M. i ) j= B . (3A). i ) j= B . Any primitive proposition p is a formula. ( A). (M. i ) j= p (M. 9k. ( A). then so are: (:A). (2A). A model M = hS. . .1 Linear Temporal Logics Syntax of Linear Temporal Logics We add the unary modal connectives . i ) j= 2A (M. (A U B ). j ) j= A. 9j. i ) j= A _ B (M. i ) j= A U B or (M. i ) j= A W B iff iff iff iff iff iff iff iff i 2 V (p). A means ‘A is true in the previous state’. V i is a state sequence together with a valuation V that maps every primitive proposition onto a subset of S as usual. k i. 1 . (A _ B ). A U B means ‘A is true until B becomes true’. A model satisﬁes a formula at state i according to: eue ue u PLTL (M. . i ) 6j= A. (M. i j < k. (M. . The others are explained shortly. S and Z . Semantics of Linear Temporal Logics For brevity we concentrate on the linear temporal logic with future connectives only and dub it for propositional linear temporal logic. see [Wolper. 8j. i ) j= A ^ B (M. j ) j= A. and A S B means ‘A has been true since B became true’. (A ^ B ). (M. i ) j= A U B (M. ( A). and the binary modal connectives U . j i. i ) j= :A (M. (A S B ) and (A Z B ). 5. and . 1 . i+1 ) j= A. k ) j= B and 8j. and if A and B are formulae. (A W B ). A state sequence is a pair hS. (M. e (M. n (with repetitions when S is ﬁnite). W . and follow Goldblatt [1987]. i ) j= A (M. i ) j= 2A: to form an inﬁnite sequence where iff Intuitively imagine the states 0 . i ) j= 3A (M. (M. i where is a function from the natural numbers ! onto S enumerating the members of S as an inﬁnite sequence 0 . j i. Intuitively.362 ´ RAJEEV GORE beyond the scope of this article. A means ‘A is true in the next state’. (M. ( A). 1983]. i ) j= A and (M.

A weaker version of U called W (for weak until) drops the ﬁrst demand by allowing for the possibility that there is no future state where B is true as long as 2A is true at i . 9k. (M. and still maintain that 2A is :3:A. The recursive nature of the Mix and U 2 axioms gives rise to a ﬁx-point characterisation of these operators which is the key to the tableau procedures for these logics. i ) j= A (M. (M. j i. i ) j= A Z B Axiomatisations A Hilbert system for iff u iff iff iff (M. i ) j= A: We also need the inference rules of universal substitution US. j ) j= A. k j < i. i ) j= A (M. 1991]: e e 363 (M. k i. For example. then 2 is interpreted using while is interpreted using R. 1987]. (M. The function must now map the set of integers onto S . see [Wolper. j ) j= A. Notice also that the e PLTL taken from Goldblatt [1987] is given below: K : 2(A ! B ) ! (2A ! 2B ) Ko : (A ! B ) ! ( A ! B ) Fun : :A $ : A Mix : 2A ! (A ^ 2A) Ind : 2(A ! A) ! (A ! 2A) U 1 : A U B ! 3B U 2 : A U B $ B _ (A ^ (A U B )) L L e iff e ee e e e L . Note that the clause for A U B demands that there is some future state k where B becomes true but does not specify a value for A at this state. i ) j= A S B or (M. 8j. the formula A is true at some state i if A is true at the successor state i+1 . 9j. Banieqbal and Barringer. modus ponens MP and an extended rule of necessitation RN viz: if A 2 then both 2A 2 and A 2 . i ) j= A (M. k ) j= B and 8j. Some care is needed to ensure the correct behaviour of the deﬁnitions below if time does not extend ad inﬁnitum in the past [Fisher. see page 299. (M.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS i R j iff j = i + 1 and R is functional. (M. j i. Note that we could also obtain 2 and 3 by deﬁning 2A as A W? and 3A as > U A. j ) j= A. Now if we let be the reﬂexive and transitive closure of R. If we wish to allow reasoning about the past we can also allow backward looking operators. 1983. i 1 ) j= A. i ) j= A S B (M.

1. the following logical equivalences hold in linear temporal logic: (A U B ) (B _ (A U B )) 3B (> U B ) (A W B ) (A U B ) _ 2A 2A (A W?) e . see Wolper [1983. 1985].: : -frames. Further complexity results for linear and branching time logics can be found in [Emerson and Sistla.uk) at the University of Manchester. If this is not possible then the graph is pruned by removing the nodes that contain unfulﬁllable eventualities. He gives a tableau-based decision procedure for this logic. 1987]. it is characterised by our ﬁnite.364 ´ RAJEEV GORE axiom Ind encodes an induction principle: if it is always the case that A being true now implies A is true in the next state. and extensions involving regular operators. linear temporal logic is also characterised by a class of ﬁnite frames. 1984. A tableau procedure is given by Wolper where he also shows that the problem of deciding satisﬁability in is PSPACE-complete. If the initial node is removed by this pruning procedure then the initial formula is unsatisﬁable on a linear model hence its negation is a theorem of this logic. A system for temporal logic has also been implemented in the MGTP theorem prover by Koshimura and Hasegawa [1994]. then A being true now implies A is true always in the future. Decidability and incompleteness results for ﬁrst-order linear temporal logics have been studied by Merz [1992]. For example.ac. see Section 5. Finite Model Property. It is this property that makes Gentzen systems for these logics difﬁcult to obtain. Decidability and Complexity Wolper [1983] shows that although our models are inﬁnite state sequences. The linear temporal logic including both future and past modalities has been extensively studied by Gough [1984]. 1985]. A second phase then prunes nodes from this model graph to check that all eventualities can be fulﬁlled on a linear sequence. The (informal) gist of any tableau procedure for linear temporal logics involving next-time modalities is to use the ﬁx-point nature of the modalities to create a cyclic graph of (state) nodes. Sistla and Clarke. In fact. see [Goldblatt. This graph is then pruned by deleting nodes that contain unfulﬁllable eventualities. Gough uses (the appropriately deﬁned analogues of downward saturated) Hintikka sets to build a model graph for a given formula of this logic.man. The procedure has been automated and the resulting prover called dp is available by anonymous ftp from Graham Gough (gdg@cs. England. S4 3 1 PLTL Tableau Systems Tableau systems for the fragment of linear temporal logic containing only future connectives have been studied by Wolper.

e e Gentzen Systems Gentzen systems for temporal logics have been given by various authors but almost all require either a cut rule or an inﬁnitary rule for completeness Kawai [1987. For _ we put one disjunct in n and create a copy of the old n containing the other disjunct giving a branch in the tableau. U and even S . For each node x we then create a successor node y and ﬁll it with fA : A 2 xg. The exceptions appear to be the work of Gudzhinskas [1982] and Pliuskevicius [1991] but these articles are extremely difﬁcult to read. again marking all parent formulae as ‘processed’. Repeating this process on the new formulae means that n contains ‘processed’ formulae and unprocessed formulae.2 Branching Temporal Logics Just as and : : are branching and linear respectively. If the initial node ever gets deleted by this procedure then it can be shown that the initial set of formulae cannot be satisﬁed on a linear discrete model Wolper [1983. 5. all unprocessed formulae are in outermost.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 365 Suppose we are given an initial node n node containing a set of formulae X . and point to the abundant literature for tableau methods for these logics. Some of these nodes contain eventualities like 3B or A U B since each of these demands the existence of some node that fulﬁlls B .-form. We can use the usual boolean rules for :: and ^ to saturate this node by adding the appropriate subformulae to node n. hence some nodes reappear. That is. delete any node s whose eventualities cannot all be jointly fulﬁlled by some linear path through the graph beginning at s. Otherwise there will be a linear sequence of nodes that satisﬁes all the formulae in the initial node. 1988]. we can add the appropriate instance of the right-hand side formula and mark the left hand instance as ‘processed’. But all unprocessed formulae begin with since these are the only formulae not touched by the above procedure. We brieﬂy cover the syntax and semantics of one of the most powerful of these branching time logics called . and delete any nodes without successors. 1985]. there are branching analogues of the linear temporal logics we have seen using . Note that we now allow arbitrary cycles whereas in the completeness proofs of Section 4 we conﬁned cycles to nodes on the same branch. S4Dbr S4 3 1 CTL e . Now we make a second pass and delete nodes that contain both P and :P for some formula. Repeating this procedure on such successors produces a graph because the number of different formulae that can be generated from this process is ﬁnite. For every formula in n that is an instance of the left hand of the above equivalences. thus demonstrating a linear discrete model for X .

if P and Q are state formulae then so are P any state formula P is also a path formula . s1 . s j= P ^ Q iff s j= P and s j= Q . s2 . but the two are equivalent in our classical two-valued setting. if P and Q are path formulae then so are P The other boolean connectives are introduced in the usual way while AP abbreviates :E :P . and FP abbreviates > U P . . if P is a path formula then EP is a state formula. si+2 : : : of x: ^ Q and :P . where x = s0 . and where xi denotes the sufﬁx fullpath si . if P and Q are path formulae then so are XP and (P U Q). Semantics of Branching Temporal Logics The semantics of are again in terms of a Kripke structure M = hS. More formally: any atomic formula p is a state formula. s j= EP iff for some fullpath y starting at s. 2. i 0. x) j= P we mean that the state formula P is true at state s in model M. : : : is a fullpath in M. If M is understood then we just write s j= P or x j= P . s2 . Li where S is a non-empty set of states or worlds. R. s1 . s j= :P iff s 6j= P . si+1 . eu CTL s j= p iff p 2 L(s). Note the absence of . Note that L is a slight variation on our usual V since the latter assigns atomic propositions to sets of worlds. and the path formula P is true of the path x in model M. : : : in M is an inﬁnite sequence of states such that si Rsi+1 for each i.366 ´ RAJEEV GORE Syntax of Branching Temporal Logics We again concentrate on the future fragment only and follow Emerson and Srinivasan [1988] using new modal connectives E and X in addition to U . ^ Q and :P . A fullpath x = s0 . and GP abbreviates :F :P . The syntax of branching time logics is given in terms of ‘state’ formulae and ‘path’ formulae where ‘state’ formulae are true or false at some state (world) and where ‘path’ formulae are true or false of (rather than on) a linear sequence of states (worlds). R is a binary relation on S such that each state has at least one successor. . respectively. y j= P . s) j= P and (M. . and . By (M. 3. and L is a function which assigns to each state a set of atomic propositions (those that are intended to be true at that state). The formal deﬁnition of j= is as below where s is an arbitrary state of some M.

1985]) and use the following logical equivalences to expand formulae that match the left hand sides into an ‘outermost-EX -normal’ or ‘outermost-AX -normal’ form [Emerson and Srinivasan. x j= P ^ Q iff x j= P and x j= Q . x j= :P iff x 6j= P . Note that path formulae cannot be evaluated at states since there are no clauses in the deﬁnition of j= for evaluating XP or P U Q at a state. then formula XP cannot be evaluated at some state s. 0 j < i. As Emerson and Srinivasan note. Similarly. then FP and GP are just 3P and 2P . But a state formula P can be evaluated on a fullpath simply by checking if the ﬁrst state of the fullpath satisﬁes P . Emerson and Srinivasan [1988] compare the expressiveness of various such branching time logics. Tableau methods for branching time logics can be found in Emerson [1985]. PLTL CTL e Tableau Systems The logic is known to have the ﬁnite model property. and is valid if for every model M and every fullpath path x in M we have x j= P . A path formula P is satisﬁable if there is some model M containing some path x such that x j= P . x j= XP iff x1 j= P . these tableau methods are based on the appropriate analogues of Hintikka-structures (see [Emerson and Halpern.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 367 x j= P iff s0 j= P for any state formula P . xi j= P . if P is a state formula. in fact. Hence. Once a path is chosen however. These deﬁnitions are enough to give a semantics for the modalities obtained via deﬁnitions: AP is true at state s if P is true of all paths beginning at s. xi j= Q and 8j. and GP is true of a path x if P is true of all sufﬁx fullpaths xi . a menagerie of branching time temporal logics can be obtained by restricting or extending these deﬁnitions [Emerson and Srinivasan. but once again. it is just the same as the linear time formula P since XP is true on path x if the second state of the path satisﬁes (state formula) P . note the presence of the extra modalities. Once again. 1988]. if P is a state formula. except that they are evaluated over a linear sequence. But note that is strictly more expressive than . FP is true of a path x if P is true of some sufﬁx fullpath xi (i 0) of x. x j= P U Q iff 9i 0. The notions of satisﬁability and validity are the same as before for state formulae. it is characterised by ﬁnite-frames. it must be evaluated with respect to a path x. 1988]: CTL S4Dbr . (i 0).

or have no successor. The work of Gabbay [1987] and Gabbay et al. All these branching time logics exclude past-time operators. that contain unfulﬁllable eventualities. thus. Again. EX and AXP act like ‘wrappers’ to keep this building up procedure in check. 1988]. but they can be added. Note that all these tableau methods break the subformula property in a weak way since they introduce superformulae of the form P or AXP or EXP where P is built from subformulae of the initial set. Now any formula of the form AXQ 2 w allows us to put Q into each next state since XQ must be true of all paths that begin at w. a second phase prunes nodes that are inconsistent. 5. 1986] and so their decision problems can be studied from an automata-theoretic perspective as well [Muller et al. Unfortunately. Again the procedure gives a cyclic graph since only a ﬁnite number of different sets can be built in this manner and some set reappears. Each formula of the form EXPi gives us reason to create a successor state wi containing Pi just as :2P 2 w gave rise to a successor v containing :P in the modal tableau completeness proofs of Section 4. Gentzen systems for some branching time logics (without A and E ) have been studied by Paech [1988]. these systems require a (partly hidden) cut rule which means that they are not the proof-theoretic analogues of the tableau procedures mentioned above. just as acted as a wrapper for the procedure. And once again. any complicated formula A has a logically equivalent form A0 where A0 is a conjunction B ^ C ^ D such that B involves only past-time modalities.. not cyclic trees. Temporal logics are known to be related to B¨ uchi automata [Vardi and Wolper. C involves no .368 ´ RAJEEV GORE E (P _ Q) EP _ EQ A(P ^ Q) AP ^ AQ EGP P ^ EXEGP AGP P ^ AXAGP EFP P _ EXEFP AFP P _ AXAFP E (P U Q) Q _ (P ^ EXE (P U Q)) A(P U Q) Q _ (P ^ AXA(P U Q)) There are no clauses to ‘expand’ formulae beginning with EX or AX in some given set w. These ‘wrappers’ are removed by creating successor state(s) and ﬁlling these with the ‘unwrapped’ (sub)formulae. the connection with Gentzen systems becomes very tenuous. we form arbitrary graphs. But we never apply an expansion rule to these superformulae. [1994] is particularly interesting because many temporal logics have the ‘separation property’: that is.3 Bibliographic Remarks and Related Systems The complexity of the decision problem for branching time logics has been studied by Emerson and Sistla [1983]. e e PLTL Gentzen Systems Once we start to use graphs rather than trees.

S. Yl: If 2A appears on the left of a tableau t. No separate reachability relation is kept since the reachability relation is built into the structure of the labels. Yr: If 2A appears on the right of a tableau t.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 369 modalities. There are essentially two ways to represent R. y ) to represent that the node named y is reachable from the node named x. Bull and Segerberg [1984] give an account of the genesis of the possible worlds approach and suggest that credit is also due to Hintikka and Kanger. Kripke uses auxiliary tableaux. Thus it is clear that this is a refutation procedure and we are attempting to obtain a falsifying model of possible worlds for the given formula. and D involves only future-time modalities. see [Fitting.1 History of Explicit Tableau Systems The most celebrated work is of course that of Kripke [1959] where possible worlds related by an accessibility relation are ﬁrst proposed as a semantics for modal logics. The names x and y are merely indices to allow cross-reference between these two ‘data-structures’. put A on the left of t0 . where each node contains a set of formulae. 6 MODAL TABLEAU SYSTEMS WITH EXPLICIT ACCESSIBILITY We now turn to tableau systems where the reachability relation R is represented explicitly. obtaining a complex web of tableaux. then start out a new tableau t0 . To handle the added complexities of modal formulae like 2A and :2A. One is to maintain a network of named nodes. where a new tableau is used for each possible world and these auxiliary tableaux are interrelated by an auxiliary reachability relation R. 6. and such that tRt0 : . and also maintain a separate relation R(x. 1993] for examples using this style of tableau. then for every tableau t0 such that tRt0 . Auxiliary tableaux may have tableaux auxiliary to them and so on. Kripke uses two basic rules to handle modal formulae: one to handle 2A on the left of a tableau and one to handle 2A on the right of a tableau. just future-time modalities and just pure propositional reasoning. Thus the decision problems for these logics can often be handled by separate routines for just past-time modalities. attaching the label l1 to every formula that belongs to the world named l1 and attaching l2 to every formula that belong to the world named l2 . Pierce with the idea of ‘a book of possible worlds’ as far back as 1911! Kripke follows Beth [1955] and divides each tableau into a left hand side and a right-hand side where the left side is for formulae that must be assigned ‘true’ and the right side is for formula that must be assigned ‘false’. The second is to incorporate complex or structured world names into the syntax. Zeman [1973] even credits C. They are. with A on the right.

The semantic diagrams of Hughes and Cresswell [1968] and the tableau systems of Zeman [1973] use essentially the same ideas except that Hughes and Cresswell use annotations of ones and zeros instead of using a left and right side. they are used only as indices into an explicit and separate representation of the reachability relation. Slaght [1977] goes one step further than usual and adds rules for quantiﬁers and also incorporates a form of negated normal form by translating :2P into 3:P. 1995a ] has reﬁned these ideas even further to give modular preﬁxed tableau systems for many modal logics. Although labels are used in the TABLEAUX prover. are the precursors of the second explicit approach which we call the labelled tableau method. The rules are therefore like constraints that may be activated at a later time. and Artosi and Governatori [1994]. The construction is on a global level in that we can return to previous nodes of the tableau construction at will. In this method. 1991. so that the auxiliary relation directly mimics the required accessibility relation. 1983. 1988]. Note also that the application of the Yl rule can have delayed consequences. it is immediately linked into this counter-model according to the constraints on R: That is. Indeed. so for any tableau t we have tRt by deﬁnition. These constraints form an extra theory about R that must be taken into account at each rule application. the deﬁnition of the auxiliary relation R changes with each logic. If we permit labels to contain variables then specialised ‘string uniﬁcation’ methods can be used to detect closed tableau branches as is done by Wallen [1989]. This is essentially a way to keep track of all worlds in the counter model being sought. Fitting’s preﬁxed tableaux are direct applications of Kanger’s idea to handle many different modal logics [Fitting. Catach. then we have to keep track of this previous application of Yl and add A to the left of t0 : Thus. each formula is preﬁxed with a label to retain its modal context and the reachability relation is encoded in the structure of the labels. chapter 8]. Massacci [1994. Kripke’s method is a refutation procedure where extra modal information is kept in the auxiliary relation between tableaux. the meaning of ‘every tableau t0 such that tRt0 ’ includes tableaux that may come into existence via the Yr rule at any later point of the construction. When a new world comes into existence. if a new auxiliary tableau t0 is created and it happens to be auxiliary to the tableau t in which the Yl rule has already been applied. For example. The principle of using labels to ‘bring some of the semantics into the syntax’ is also the basis of Gabbay’s Labelled Deductive S4 L . :9x( ) into 8x:( ) and :2x( ) into 9x:( ): These ideas have been implemented by Catach in his TABLEAUX theorem prover [Catach. which precede Kripke’s work. 1957].370 ´ RAJEEV GORE Different constraints on this auxiliary relation give different tableau systems. In our tableau systems C we cannot return to nodes higher up in the tree. :3P into 2:P. 1991. Kanger’s spotted formulae [Kanger. the auxiliary relation R for is deﬁned to be reﬂexive and transitive. That is. Given two labels we can tell whether they are related by the reachability relation simply by inspecting their structure. page 503]. Catach even laments the lack of modularity in this method [Catach. And as we shall soon see. For example.

with no explicit reference to the particular properties of the reachability relation since these properties were built into the rules. it must be mentioned that the translational methods seem to be much better for automated deduction in ﬁrst-order modal logics where various domain restrictions can complicate matters for the ﬁrst-order versions of our implicit tableau systems C . 4. and B in a modular way. . 1993. all modal logics are only semi-decidable since they all include classical ﬁrst-order logic. D. at all times. Labelled tableaux are global in that the labels allow us to ‘see’ the reachability relation and hence allows us to keep a picture of the whole model under construction. but I am not aware of any such detailed investigations. and are easily handled and Gent has also obtained systems for and : . and also logics like for which I know no implicit tableau system formulation. In all fairness. Preﬁxes are one way to separate the modal component from the classical component. This deﬁciency of translational methods is also mentioned by Auffray and Enjalbert [1989] while the method of Frisch and Scherl [1991] is limited to serial logics. K T K4 S4 S5 B S4 3 S4 3 1 S4 3 1 S4 3 1 L 6. We now review in some detail recent work of Massacci [1994] which gives simple labelled tableau systems for all the 15 distinct basic normal modal logics obtainable from by the addition of any combination of the axioms T . like resolution. It is known that a formula of second order logic is required to express the reachability relation for : : [van Benthem. At the ﬁrst-order level.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 371 Systems [Gabbay. see [Ohlbach. and Gent [1991a. Such ‘translation methods’ have been investigated by Morgan [1976]. decidability is no longer an important issue. 1983]. the modal logics . Frisch and Scherl [1991]. S5 KB K .2 Labelled Tableau Systems Without Uniﬁcation As stated previously the idea of labelled tableau systems goes back to at least Kripke and Kanger. Our implicit tableaux were local in that. In all these translational methods. Another is to explicitly translate the modalities into a restricted subset of ﬁrst-order logic. we worked with a set of formulae (denoting one particular world). 1993 ]. The most striking feature of Gent’s work is that he is unable to give a system for : : and this is essentially due to the fact that the reachability relation R for : : -frames is not ﬁrst-order deﬁnable. Clearly it must be possible to identify decidable classes of ﬁrst-order logic into which these translations will fall. can then be applied to this restricted subset. Ohlbach [1990. Auffray and Enjalbert [1989]. Then. thus the translated system may not be decidable even though the original modal logic is decidable. The biggest disadvantage of the translational methods is that ﬁrst-order logic is known to be only semi-decidable. There is a subtle but deep signiﬁcance to the use of labels which explains their increased power over implicit tableau methods. 1991 ]. The most attractive feature of labels for modal tableau systems is the ability to handle the symmetric logics like which require some form of analytic cut rule in the implicit systems we have studied so far. Specialised routines for ﬁrst-order deduction. 1990]. . 5. 1997].

which we have stated in terms of R. 2 such that every other label in is an exten- :n 2 implies 2 . 1995a]. we do not use an empty label at any stage. To model combinations of these properties both Kripke and Fitting merge the respective atomic aspects into new rules. A label is a simple extension of a label if = :n for some n 1.372 ´ RAJEEV GORE The preﬁxed tableaux of Fitting can be obtained as derived rules in this method. but there are also some subtle differences. In particular. the system given there for is incomplete. for labels and often omit the dots using n instead of :n if no confusion can arise. Consequently. merely adds the individual atomic rules as they are. could instead be stated in terms of the basic tree relation S deﬁned in the preceding paragraph (letting R drop out of the picture altogether). 1. As an aside. but most of this section was written independently of [Massacci. 1. Fitting goes one step further by building in the closure of these properties as side-conditions. . there is some (root) label sion of . whereas Massacci sometimes uses an empty label to capture the -accessibility conditions between labels. for example. 1995a]. and 1.’ Using trees it is possible to isolate the individual atomic aspects of reﬂexivity. A label is a nonempty sequence of positive integers separated by dots.21. 2 and 3. we can work with a single set of labelled formulae.2. and extended his work into a journal version [1995a]. note that [Massacci. corrected. A set of labels is strongly generated (with root ) if: K5 L 1. Hence our labelled tableau systems are a mixture of the methods of Fitting and Massacci.1 are three labels respectively of lengths 1. so there is no need to delete formulae when ‘traversing’ from one world to another. A label is an extension of a label if = :n1 :n2 : :nk for some k 1 with each ni 1. We now switch to the tableau formulation of Fitting and Smullyan [1983] rather than sticking to the formulation of Rautenberg because the labels allow us to distinguish formulae that belong to one world (label) from those that belong to another (label). The closure is obtained by repeated applications of the atomic rules. thereby requiring explicit reference to the underlying reachability relation. 1994] contains some minor errors. page 80] that: ‘These considerations suggest that the rules. symmetry etc. We use to denote a set of labels. on the other hand. We use lowercase Greek letters like . and thereby obtains modularity. and 2. transitivity. and is denoted by j j. Massacci has reworked. For example. The irony is that this method is essentially Kripke’s ‘reformulated method’ based on his observation [1963. The length of a label is the number of integers it contains (or the number of dots plus one). Thus there is a lot of overlap between this section and [Massacci. Massacci.

and each denominator is comprised of at most two labelled formulae. A tableau is closed if every branch is closed. we often drop this pedantic distinction and use B to mean the set of labelled formulae on the branch. where each node contains a single labelled formula. and in Figure 17 we show how they can be used to give labelled tableau systems for many basic modal logics including some symmetric logics that proved elusive using implicit tableau systems. A labelled tableau calculus is simply a collection of labelled tableau rules. there is no modal aspect to the -rules since the labels in the numerator and denominator(s) are identical. There may be side conditions on the labels that appear in the rule. except that each numerator is comprised of a single labelled formula. A tableau branch is any path from the root downwards in such a tree. . The rules are categorised into three types: the -rules are just the usual ones needed for classical propositional logic. Otherwise it is open. In Figure 16 we list the rules we need. the -rules are all the rules applicable to formulae of the form :: 2P (such formulae are called -formulae in many tableau formulations). Although a branch B of a tableau is deﬁned as a set of nodes. As we shall soon see. and the single -rule is the only rule applicable to formulae of the form :: :2P (such formulae are called -formulae in many tableau formulations). The -rule is a ‘successor creator’ since it is the only rule allowed to create new labels. As expected. Notice that none of the rules explicitly mention the reachability relation between PC PC . constructed by the systematic construction described in Figure 15. If X is a set of labelled formulae then we let lab(X ) = f j :: P 2 Xg be the set of all labels that appear in X . A labelled tableau for a ﬁnite set of formulae X = fA1 . each of which contains a formula. It is the power to look backwards along the reachability relation (in rules like (lB ) and (l4r ) that allows us to handle the symmetric and Euclidean logics with such ease.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 373 In what follows. the labels capture a basic reachability relation between the worlds they name where the world named by :n is accessible from the world named by . A label is used on a branch if there is some labelled formula :: P on that branch. An g is a tree. All are based on those of Massacci [1994]. A labelled formula is a structure of the form :: A where is a label and A is a formula. otherwise it is open. A labelled tableau rule has a numerator and one or more denominators as before. we always assume that = 1 as it simpliﬁes some technical details. A2 . A branch is closed if it contains some labelled formula :: P and also contains :: :P . A label is new to a branch if there is no labelled formula :: P on that branch. A set of strongly generated labels can be viewed as a tree with root where :n is an immediate child of (whence the name ‘strongly generated’). Then lab(B) is just the set of labels that are used on branch B. Each -rule is a licence to add the formula in the denominator to the already existing world named by the label of the denominator.

and mark all formula on B of the form :: 2Q as awake. An g . End Stage n+1: Once this has been done for every open branch that passes through :: A. if :: A is of the form :: 2P then. otherwise mark :: A as ﬁnished. While the tableau is open and some formula is awake do: Begin Stage n+1: Choose an awake labelled formula :: A as close to the root as possible.374 ´ RAJEEV GORE Stage 1: Put the labelled formulae 1 :: Ai . Otherwise update the tableau as follows where ‘updating a branch with a labelled formula’ means adding the formula to the end of the branch and marking it as awake if it does not already appear on the branch (with any mark). If :: A is atomic then mark this formula as ﬁnished and stop stage n + 1. For every open branch B which passes through :: A. . if :: A is of the form :: P ^ Q then update B with and then update the new B with :: Q. :: P :: A is of the form :: ::P then update B with :: P . If there are several awake formulae at the same level then choose the one on the leftmost branch. if :: A is of the form :: :2P then let k be the smallest integer such that the label k is new on branch B. in some order and mark them all as awake. in a vertical linear sequence of nodes. if :: A is of the form :: 2P then mark it as asleep. 1 i n. update B with k :: :P . Figure 15. A2 . one beneath the other. and terminate Stage n+1. Systematic tableau construction for X = fA1 . If any of these updates fails to add the corresponding formula then delete that fork. do: (^) (_) (:) ( ) ( ) if :: A is of the form :: :(P ^ Q) then split the end of B and update the left fork with :: :P and update the right fork with :: :Q. but doing nothing if the formula already appears on the branch (with any mark). possibly leaving B unaltered or with no fork. for every -rule rule in the calculus which is applicable to :: 2P . update B with if the corresponding denominator.

(lT ). (l4r ). (l^). (l4r ) (lK ). (l4). (l4r ). (l4) (lK ). (l5) (lK ). (lT ). (lB ) (lK ). (lT ) (lK ). (lT ). (l5) (lK ). Figure 16. (l4d). (lD) (lK ).(lB ) (lK ). (l4r ). (l4). (lD) (lK ). (lD). (l5). (l5) (lK ). (lB ). (lB ). (l4).TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 375 (l:) :: ::P :: P (l^) :: : (l ) :n :: 2P where :n is new to the current branch :P :: 2P (lK ) :n :: P (lD) :: :: 2PP (lT ) ::::2P :2: P :n :: 2P :: 2P 1:n :: 2P (lB ) (l4) :n :: 2P (l5) 1 :: 22P :: P 2 :n :: 2P (l4r ) :n::::2PP (l4d) :n:m :: 2P Note: except for n in the rule (l ). Labelled Tableau Systems for the Basic Logics . (l4d). (lD) (lK ). (l4). each label in the numerator and denominator must already exist on the branch. (lD). (l4r ). (l_) LC K LC PC LC T LC PC LC D LC PC LC KB LC PC LC K 4 LC PC LC K 5 LC PC LC KDB LC PC LC KD5 LC PC LC K 4D LC PC LC K 45 LC PC LC K 45D LC PC LC K 4B LC PC LC B LC PC LC S 4 LC PC LC S 5 LC PC LC L -Rules -Rule (lK ) (lK ). (l4r ) — (l (l (l (l (l (l (l (l (l (l (l (l (l (l (l — ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) Figure 17. (l4) (lK ). Single Step Rules for the Basic Modal Logics :: P ^ Q :: P :: Q (l_) :: :(P ^ Q) :: :P j :: :Q PC-Rules LC PC (l:). (l4) (lK ).

avoiding repetitions right from the beginning. like those for . That is. except that we have amalgamated two of Fitting’s procedures in one here. whereas the (lK ) and (lB ) rules add P to a successor and predecessor respectively. for transitivity we require :: 2P to be able to give : :: P . but some combination of the rules will do so. and the one given by Massacci [1994]. Later he reﬁnes the procedure to stop explicit repetitions since this is just a form of contraction where such formulae may have to be used more than once for completeness. For example. in all rules. A particular rule may not capture a property of accessibility completely. instead of building this transitive closure property into a side condition for (l4). one step at a time. For example. the world named by the label in the denominator is at most one step away from the world named by the label in the numerator. As Massacci [1994] points out.376 ´ RAJEEV GORE labels in their side-conditions. adding fresh unﬁnished occurrences to handle necessary repetitions. Fitting ﬁrst works with occurrences of labelled formulae in order to mark them as ﬁnished. But it is precisely this ‘single step’ nature that allows the rules to ignore the reachability relation and which gives us the modularity apparent in the calculi of Figure 17. any world that has a predecessor also has a successor. The systematic construction is based on the one given by Fitting [1983. and mark most formulae as ﬁnished once we have dealt with them. At ﬁrst sight. thereby computing the closure by repeated applications of the single step rules. Furthermore. the ‘single step’ nature of the -rules seems a drawback since we know that a -formula can affect all successors. We can also derive other useful rules. note that in a symmetric frame. assuming that both these labels (worlds) and : exist. the (lT ) rule adds the formula P to the same world. we cannot derive Fitting’s actual rule for transitivity since that rule captures the closure of the transitivity property by referring to -accessibility in the side condition. But we can derive every instance of transitivity. page 402] for his preﬁxed tableau. for any j j 1. One is immediately tempted to add side conditions that explicitly mention the reachability relation to capture this notion as is done by Fitting [1983]. hence (lT d ) captures the essence of the (T3) rule of C y on page 322. regardless of how many primitive steps it takes to reach them. the rule of ‘delayed reﬂexivity’ (lT d ) below centre says something like ‘all worlds ( :n) that have a predecessor ( ) are reﬂexive’. But K4B K4B . We work with labelled formulae per se. as shown below extreme left where we assume that = n:m. it is obtained by the combination of (l4) and (lK ). It can be derived in LC K 5 and LC K 4B as shown below extreme right: L derivation of transitivity 2P (l4) :n :: 2P (lK ) :n:m :: P :: ( lT d ) :n ::::2P :n P :n :: 2P (l4r ) :: 2P (lK ) :n :: P d derivation of (lT ) As an aside. For example.

L L . the systematic -tableau for X = f(2:2:p) ^ (:2:p)g neither terminates nor closes. and show that it captures the conditions on -frames.3 Soundness of Single Step Tableau Rules The soundness of the tableau rules is proved using a method from Fitting [1983]. The formula (23p) ^ (3p) can be written in primitive notation as (2:2:p) ^ (:2:p). Because we always start a stage at the highest awake formulae. Space forbids us from comparing these strategies in more detail. Massacci [1994] gives an alternative systematic procedure where the formulae on a branch are processed using a different strategy. Notice that the systematic procedure constructs only one tableau and that it traverses this tableau in a breadth-ﬁrst manner (except that some formulae may change from asleep to awake and temporarily interrupt this traversal). all formulae of the form :: :2P on a branch are processed before all formulae of the form :: 2Q for example. these formulae get considered over and over again as desired. ‘s’ and Systematic LC K -tableau for X Extant Tableau at Stage End 1 2 s a 3 s f a a we do not mark -formulae as ﬁnished since they may need to be used again and again. but modiﬁed to cater for the strongly generated property. = f2(p ! q). We ﬁrst extend the primitive notion of reachability between labels and :n into a general notion of accessibility between labels and . ‘f’ for awake. We assume that A ! B is written as :(A ^ :B ) and that :(A ! B ) is rewritten and simpliﬁed to A ^ :B . As the reader can verify. S4 6. The notation s/a indicates that the formula was asleep but was woken up during the stage. :(2p ! 2q)g Marks at Stage End 4 5 6 s f s a s/a f s/a f a s f a f a a 7 s f s f a a a 8 s f s f f a a 9 s f s f f f a a a 1:1 :: :p (closed) 1 :: 1 :: 1 :: 1 :: 1:1 :: 1:1 :: 1:1 :: 2(p ! q) :(2p ! 2q) 2p :2q :q p!q p 1:1 :: ::q (closed) a a EXAMPLE 29.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 377 EXAMPLE 28. :(2p ! 2q)g. Below we show a closed systematic LC K -tableau for X = f2(p ! q). asleep and finished respectively. We use ‘a’.

Proof. but there is still a slight complication for the serial logics.378 ´ RAJEEV GORE Recall that label is the root of a strongly generated set of labels if every other label in the set is an extension of . L K45 L L L L LD K L L L LD L L L L F = h . the condition on -frames is calculated by computing the transitive and Euclidean closure of the basic reachability relation. K4-accessibility and KB-accessibility forces F to be respectively reﬂexive. we say that 2 is a -deadend if no label in is a simple extension of . where K45-accessibility is deﬁned as: iff ( = : and j j 1) or (j j 2 and j j 2) By substitution we get: THEOREM 30. It is obvious that KT-accessibility. But ﬁrst we relate -accessibility to the -frames of Figure 4 on page 303. We return to this point later. Now we can express the seriality condition for the serial counterpart = 1 by demanding that all 1 -deadends be reﬂexive. If is a strongly generated set of labels with root = 1 then . transitive and symmetric. We consider only the case for K45 in detail. We leave it to the reader to generalise these conditions to account for the case where is an arbitrary label. A set X of labelled formulae is strongly generated if lab(X ) is strongly generated. It is here that our assumption that the root = 1 simpliﬁes the conditions for -accessibility. These conditions are calculated by taking the appropriate closure of the underlying basic reachability relation between and :n. In particular. (Thanks to Nicolette Bonnette for many simpliﬁcations. The notation j j means the number of labels in . In Figure 18 we have computed the forms of the 1 -deadends and added an extra condition to make them reﬂexive for each logic 1 .) For example.-frames of Figure 13 on page 360 are closely related. We have to show that K45-accessibility forces F to be Euclidean and transitive. i is an L-frame. K45-accessibility is Euclidean if 0 1 and 0 2 implies 1 2 . For any two labels and from some strongly generated set of labels with root = 1 we deﬁne an -accessibility relation according to Figure 18. For any nonserial logic 1 we say that is an 1 -deadend if there is no that is 1 -accessible from . Note that the conditions on -accessibility in Figure 18 and the conditions on accessibility in the ﬁnite.

2 . is -accessible from iff = :n for some n 1 = :n or = = :n or = :m = : and j j 1 = :n or (j j 2 and j j 2) ( = : and j j 1) or (j j 2 and j j 2) -condition or ( is a -deadend and = ) -condition or (j j = 1 and = = 1) -condition or ( is a -deadend and = ) -condition or (j j = 1 and = = 1) -condition or (j j = 1 and = = 1) K KT KB K4 K5 K45 KD KDB KD4 KD5 KD45 KB4 B S4 S5 L K KB K4 K5 K45 jj 2 ( K K = or = :n or = :m = : and j j 1) or ( = jj 1 ) Figure 18. Deﬁnition of -accessibility L .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 379 Deﬁnition of where and are nonempty and drawn from a strongly generated set of labels with root = 1 Logics for all .

n 1. 1983]. The argument is almost identical. And the conjunction of these two gives the second disjunct of the goal showing that -accessibility relation is indeed Euclidean. L L L L Proof. A strongly generated set X of labelled formulae is -satisﬁable under the interpretation I if I ( ) j= A for each :: A in X . and is -satisﬁable if it is -satisﬁable under some -interpretation. where is the appropriate -accessibility relation from Figure 18 [Fitting. V i be some -model where is any one of the 15 distinct basic normal modal logics obtainable by adding any combination of the axioms T . By the fact that the initial label is always = 1. D. But this together with 1 and j 1 j 1) in the left disjunct of the ﬁrst hypothesis immediately gives j 1 j 2. R. The set of labelled formulae lab(B) from any branch B of a labelled tableau is a strongly generated set. To show that -accessibility is also transitive. A branch of a labelled tableau is satisﬁable if the set of labelled formulae on it is -satisﬁable. except for one subcase which relies on the fact that j 0 j = 1 implies 0 = 1. we must show that 0 1 and 1 2 implies 0 2 . Similarly. B . we know that 0 is nonempty. L L K L L L L L L L PROPOSITION 31. 4 and 5 to logic . and the fact that the only new labels that may be created are labels of the form :n. hence j 0 j 1. The same expansions can be used but the roles of hypotheses and goal are slightly altered. Thus both disjuncts of the ﬁrst line of the hypothesis imply j 1 j 2. Call a world in M idealisable iff it has an R-successor in M. and a tableau is -satisﬁable if some branch of the tableau is -satisﬁable. ( 1 = 0: K45 K45 Let X be a strongly generated set of labelled formulae. An -interpretation of (a strongly generated set of labelled formulae) X in M is a mapping I : lab(X ) 7! W that satisﬁes: if and I ( ) is idealisable then I ( )RI ( ). let lab(X ) be the set of labels that appear in X and let M = hW. which are all . Thus both disjuncts of the second hypothesis imply j 2 j 2). j 0 j 1 together with ( 2 = 0 : 2 and j 2 j 1) in the left disjunct of the second hypothesis gives j 2 j 2.380 ´ RAJEEV GORE Hypotheses Expanded Hypothesis 0 0 and 1 2 ( 1 = 0: ( 2 = 0: ( 2 = 1: 1 and j 1 j 2 and j 2 j 1) or (j 0 j 2 and 1) or (j 0 j and and j 1 j 2) j 2 j 2) 2 Goal Expanded Goal 1 2 3 and j 3 j 1) or (j 1 j 2 and j 2 j 2) Now.

Hence there is some I ( ) 2 W . there must be some I (1) 2 W with I (1)RI (1:n). V i and some -interpretation I in M such that I ( ) 2 W and I ( ) j= :2P . Consequently we have to prove that if a branch B is -satisﬁable. We then have n. R. it does not appear in B and hence has no image under I . V i and some -interpretation I in M such that I (1:n) 2 W and I (1:n) j= 2P . and applying rule (l ) causes it to be updated into branches C and D . V i and some -interpretation I in M such that I ( n) 2 W . Euclidean frames must validate axiom 5 (32A ! 2A) hence I ( nm) j= 2P . The conﬁguration n nm immediately implies I ( )RI ( n)RI ( nm) by the deﬁnition of I . K5 K5 K5 K5 K5 K5 Soundness of (l5) for -frames: Suppose B is a -satisﬁable branch and that we apply the (l5) rule to some 1:n :: 2P to get a branch C containing 1 :: 22P . -satisﬁable and the labels n and nm must already exist on Since B is B. Hence I ( ) is idealisable as there is some w 2 W with I ( )Rw and w j= :P . a rule can cause a given branch to split into at most branches. which in turn implies that there is some w0 2 W such that wRw0 and w0 j= :P . Soundness of (l ) for -frames: Suppose B is an -satisﬁable branch and that we apply the (l ) rule to some awake :: :2P on B to obtain branch C containing n :: :P where n is a simple extension of that is new to B. and I ( n) j= :P meaning that C is indeed -satisﬁable under the extended I in M. Extend I by putting I ( n) = w. We have to show that C is also -satisﬁable. so by deﬁnition. there is some -model M = hW. there is some -model M = hW. As before there is some -model M = hW. I ( nm) 2 W and I ( n) j= 2P . We have to show that C is also -satisﬁable. We have not altered I in any way. Since the systematic procedure updates all branches that pass through the chosen formula. I (1)RI (1:n) and I (1)Rw gives wRI (1:n). then there is some w 2 W such that I (1)Rw and w j= :2P . We now prove soundness of some of the rules leaving the others to the reader. Then I ( n)RI ( nm) and I ( n)RI ( n) gives I ( nm)RI ( n). R. I ( )RI ( n). The label n can exist on B only if also exists on B since B is strongly generated. Hence I ( nm) j= 32P . Since R is Euclidean. But then I (1:n) j= K5 K5 K5 K5 K5 K5 . then T 0 is also -satisﬁable.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 381 simple extensions of some 2 lab(B). Since 1 is used on B and 1 1:n. Since B is -satisﬁable. C is -satisﬁable under I in M. that is I ( n) is reﬂexive. Since n is new. the soundness theorem states the following: if a tableau T is -satisﬁable and we apply rule (l ) to get tableau T 0 . Now suppose for a contradiction that I (1) j= :22P . and then wRw0 gives I (1:n)Rw0 . Since every rule has at most two denominators. then at least one of the new branches is also -satisﬁable. Because R is Euclidean we know that I ( n)RI ( n). We have to show that C is -satisﬁable. L L L L L L L L L L L Soundness of (l4d ) for -frames: Suppose B is a -satisﬁable branch and that we apply the (l4d ) rule to some n :: 2P to get a branch C containing nm :: 2P . R.

We have already noted that the systematic procedure is essentially a breadthﬁrst traversal of the tableau under construction except that certain formulae may awaken to interrupt this traversal. Then B itself is closed and hence contains some labelled formula :: P and also contains :: :P . That is. Hence there are four ways in which the systematic procedure can go on ad inﬁnitum: 1. If the systematic tableau for f:Ag is closed then A is -valid. 2. all simple extensions of some common . by constructing an inﬁnite branch containing a sequence of distinct labelled . The latter means that there is some -model M = hW. Hence our tableau is -satisﬁable. Our tableau begins with nodes 1 :: Ai . We now prove some useful properties of our systematic labelled tableau procedure giving some insight into its behaviour. L L L L L L L L L COROLLARY 33 (Soundness). . our tableau is not -satisﬁable. Hence I (1) j= 22P and C is K5-satisﬁable under I in M. which is clearly impossible. Since B was an arbitrary branch this must be true for all branches of this closed tableau. Chains and Periodicity The systematic tableau construction may go on ad inﬁnitum in some cases. THEOREM 32. by constructing an inﬁnite branch containing a sequence of labelled formulae :1 :: P1 . :: P3 . The systematic tableau is a ﬁnitely generated tree in that each node has at most two immediate children (since branches are caused only by the (_) rule). :: P2 . Now any -interpretation I 0 for B in any -model M0 would entail that I 0 ( ) j= P and also that I 0 ( ) j= :P . suppose the tableau for X is closed and that X is -satisﬁable. Contradiction. hence if the tableau for X closes then X is -unsatisﬁable. If the systematic tableau for X closes then X is L-unsatisﬁable. :: Pn . any tableau obtained from this initial tableau by these rules is also -satisﬁable. pages 404–407 ]). Then the initial tableau comprising the linear sequence of these nodes 1 :: Ai is satisﬁable (under I in M). for each Ai 2 X so deﬁne an -interpretation I in M such that I (1) = w.4 Fairness. It has little to do with the sequence of nodes on a particular branch. By K¨ nigs lemma. an inﬁnite but ﬁnitely generated tree must contain an inﬁnite o branch (see Fitting [1983. Inﬁnite Tableaux. R. all with the same label . :n :: Pn .382 ´ RAJEEV GORE Proof. Hence B is not -satisﬁable. For a contradiction. V i and some world w 2 W such that w j= X . . Then. by deﬁnition. Suppose B is some branch of this closed tableau. Since each of our tableau rules is sound. :3 :: P3 . L L L 6. contradiction. In what follows we refer to the uninterrupted sequence of node traversal as the visit sequence. formulae :: P1 . 2P implies w0 j= P . :2 :: P2 . the visit sequence is the sequence in which the systematic procedure would visit the nodes if no -formula is reawakened.

LEMMA 34. If j j = 1 then = 1 and the only possible formulae with this label are either subformulae of X .TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 383 3. LEMMA 36. The only way to awaken a -formula occurrence :: 2Q is to visit some formula occurrence :: :2P that appears on the same branch as :: 2Q. Since the systematic tableau is ﬁnitely branching. Since must be of ﬁnite length. page 411]. First note that although a branch does not contain repetitions. LEMMA 35. Lemma 34 guarantees that there are only a ﬁnite number of formulae with label . the maximum number of formulae with some given label is ﬁnite. 3 :: P3 . or are obtained from some subformulae of X by the building up rules (l5) and (lD). the number Nk of different labels of length k is ﬁnite. negations of a subformula of X . If j j 1 then must have been created by (l ) which adds only the negation of a subformula of its numerator. See Fitting [1983. 2 :: P2 . In any branch of a systematic tableau for the ﬁnite set of formulae X . hence the number of occurrences of :: :2P on the visit sequence is (also) ﬁnite. . n :: Pn . and item 2 above is also impossible. the visit sequence may do so. We leave it to the reader to compute actual bounds noting the presence of the ‘building up rules’ (lD) and (l5). Proof by induction on k and the fact that the systematic tableau construction avoids repetitions. Proof. see Massacci [1994] X . pages 410–412 ] and Massacci [1994] for more exact bounds but once again beware that these need to be adjusted for the ‘building up rules’. and 4. the number of such branches is ﬁnite. In any branch of a systematic tableau for the ﬁnite set of formulae Proof. (2) and (4) cannot occur. A branch can contain :: :2P at most once. We show that items (1). A particular labelled formula occurrence quence can be awakened only a ﬁnite number of times. Item 1 above is then impossible since any branch has but a ﬁnite number of formulae with label and we do not permit the branch to contain repetitions. k for any k. By induction on the length of . For details see Fitting [1983. by traversing a set of formulae that repeatedly switch from asleep to awake and vice-versa on the visit sequence. by constructing an inﬁnite branch containing a sequence of labelled formulae 1 :: P1 . :: 2Q on the visit se- Proof. But no inﬁnite sequence of building up rules is possible. all with different labels . Thus no branch can contain an inﬁnite number of labels all of the same length We now turn to item 4 in some detail since these details cannot be found elsewhere.

If none of these -formulae occurrences is visited then :: 2Q is never awakened. meaning that all -formula occurrences preceding :: A in the visit sequence must be ﬁnished. Hence there must come a stage when we visit the formula occurrence immediately after :: :2B in the visit sequence. if there are no -formulae occurrences between the root and :: A on the visit sequence then every subsequent stage will visit the next intervening formulae occurrence in the visit sequence and mark it as asleep or ﬁnished. Let :: :2B be the last -formula occurrence in the visit sequence that precedes :: A. If :: :2B is awake at the end of stage n then it satisﬁes the induction hypothesis. LEMMA 38. If :: :2B is not awake at the end of stage n then it must be ﬁnished. no formulae occurrences will be awakened in this process. the systematic procedure is guaranteed to visit it at some later stage. Each subsequent stage must visit one of the awake -formulae occurrences preceding :: A and mark each one as asleep. hence :: 2Q can be awakened only a ﬁnite number of times. and -formulae are never reawakened. Again. :: A in the visit sequence. Suppose the lemma holds for any labelled formula occurrence with j -formulae occurrences preceding it in the visit sequence. and marked as ﬁnished. On the other hand. Hence there are a ﬁnite number of -formulae occurrences that can awaken :: 2Q.384 ´ RAJEEV GORE on any branch of the tableau. it is marked as ﬁnished. whenever one of these -formulae occurrences is visited. Some -formulae occurrences preceding :: A may be awakened by the visit to :: :2B but each of these will be visited in turn and put to sleep in the stages that follow. so it will eventually be visited at some later stage. No -formulae occurrences can awaken during this process since there are no awake -formula occurrences preceding :: A. Consider some :: A occurrence that is awake at the end of stage n but that has j + 1 -formulae occurrences preceding it in the visit sequence. LEMMA 37 (Fairness). if :: A is the root then it is immediately visited at Stage n + 1. Hence there must come a stage that visits :: A. No labelled formula occurrence on the visit sequence can remain awake for ever. Similarly. Otherwise this stage and subsequent stages must bring us closer and closer to :: A since none of these intervening formulae occurrences is a -formula. If a labelled formula occurrence :: A on the visit sequence is awake at the end of Stage n. Proof: By induction on the number of -formulae occurrences that precede . The absence of intervening -formulae occurrences means that no formulae occurrences can awaken until after :: A is visited. Hence there must come a stage that visits :: A. If this is :: A then we are done. meaning that no -formula occurrences preceding :: A in the visit sequence are awake. Since this formula occurrence was an arbitrary -formula occurrence we know that every -formula occurrence can be awakened only a ﬁnite number of times. Clearly.

Basically. But this can happen only a ﬁnite number of times since Lemma 36 guarantees that :: A can awaken only a ﬁnite number of times.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 385 Proof. A chain is a sequence of labels 1. Hence there must come a stage when :: A is put to sleep. Since this is true for every chain on an inﬁnite branch. X is inﬁnite. 1983]. 1983]). If :: A ever awakens at some later stage k then Lemma 37 again guarantees that it will be visited and put back to sleep. 2 from branch B is periodic if there exist distinct labels i and j in the chain (i < j ) such that i :: A is on B iff j :: A is on B. Suppose the occurrence :: A is awake at stage n. Lemma 37 guarantees that :: A will be visited at some later stage m with m > n. there is a limit to the number of different (un- LEMMA 39. since every label starts with a 1 we can be more precise as below (again following Fitting [Fitting. 6. the branch must become periodic. Proof. If :: A is not a -formula then it will be marked as ﬁnished and will remain so hereafter. The only way the systematic procedure can go ad inﬁnitum is for some branch to have at least one inﬁnite sequence of longer and longer labels of the form . pages 408–410 ] but make adjustments for the strongly generated property. 1 . even with the building up rules. Else :: A is a -formula and it will be marked as asleep at the end of stage m. A chain of labels 1. that is if fAj i :: A on B g = fB j j :: B on B g.5 Completeness Again we follow Fitting [1983. . A branch is periodic if every inﬁnite chain (of labels) on B is periodic. In fact. then it must be periodic [Fitting. 1 . :n1 :n2 where each label is a simple extension of its predecessor. never to awaken again. If any branch of a systematic tableau for the ﬁnite set of formulae labelled) formulae we can play with. 1983]. where is the appropriate -accessibility relation between labels from Figure 18 (page 379): L L 0) there is no formula A such that both 1) if :: ::A 2 X then :: A 2 X :: A and :: :A are in X . We brieﬂy return to this point later. given a ﬁnite X . Thus any inﬁnite chain of preﬁxed formulae from any one branch must repeat formulae at some stage. If we could keep track of cycles then we could obtain a decision procedure. Thus the systematic procedure is ‘fair’ in that item 4 is also impossible. We thus have a handle on the systematic construction since an inﬁnite branch is not as bad as it ﬁrst seemed. :n1 . A strongly generated set X of labelled formulae is -downward-saturated if it satisﬁes the following conditions. 2 where each label in the sequence is a simple extension of its predecessor [Fitting.

L L L We have already noted that the systematic procedure is essentially a breadthﬁrst traversal of the tableau under construction. For the -rules. :: :(A ^ B ) 2 X then :: :A 2 X or :: :B 2 X . iff 3. If B is an open branch of a completed systematic tableau then B is closed with respect to every tableau rule in the calculus in that: every rule that could have been applied to a formula in B must have been applied at some stage. then X is -satisﬁable in a model whose possible worlds are the labels that appear in X . LEMMA 41. Since X is strongly generated. The identity mapping I ( ) = is then an -interpretation for X in the model hW. let W 2.386 ´ RAJEEV GORE 2) if 3) if 4) if 5) if LEMMA 40. V i as follows: 1. Proof. L j :: p 2 Xg. the condition that = 1 is forced upon us by our reliance on this condition in the deﬁnitions of -accessibility. V i. . We have also identiﬁed the mode in which this procedure can go ad inﬁnitum. By fairness. R. R. Else. L L Proof. Thus the -rules and the -rules must have been applied whenever it was possible. :: A ^ B 2 X then :: A 2 X and :: B 2 X . The creation of :n must have awakened :: PC . But before we can prove the completeness theorem we need to show that our systematic procedure ‘does everything that is necessary’ in the following sense. R. we say that an open tableau is completed if it is inﬁnite or if no formulae in it is awake. It is then easy to show by induction on the degree of a formula A and the downward-saturated property that: if :: A 2 X then j= A in the model hW. if was used on the extant part of B then we are done for the given instance of rule (l ) must have been applied then. so is lab(X ). Keeping these in mind. must be :n and must have been created at some later stage by some awake -formula :: :2Q on B. suppose :: 2P is some -formula on B and suppose some instance of a -rule (l ) is applicable to it because some label of the required form is used on B. Now. If X is a strongly generated set of labelled formulae that is downward-saturated and lab(X ) has root = 1. V i. every formula is visited at least once. for each primitive proposition p let V (p) = f R (that is. Now deﬁne a model hW. Once again. let L = lab(X ). when :: 2P was ﬁrst visited. :: 2A 2 X then :: A 2 X for every 2 lab(X ) such that :: :2A 2 X then :: :A 2 X for some 2 lab(X ) such that . Suppose X is -downward-saturated and let lab(X ) be the set of labels that appear in X . iff is -accessible from ).

L . Clauses 1). If the systematic tableau for satisﬁable. Clause 0) is satisﬁed since B is open. L Case 1: If = :n then :: 2A 2 B implies n :: A 2 B by the fact that B is closed with respect to the rule (lK ). 2P . If A is -valid then the systematic tableau for f:Ag must close. Then the tableau must be completed.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 387 Since B is completed. hence 1 :: Ai 2 B for every Ai 2 X . By the deﬁnition of -accessibility. 2) and 3) are satisﬁed since B must be closed with respect to the classical propositional rules. The tableau started with a linear sequence of nodes 1 :: Ai for every Ai 2 X . and our systematic procedure is fair. Since lab(B) must have root = 1. and must contain some open branch B by deﬁnition. if l = 1 then = 1:m1 and 1 :: 2A 2 B immediately implies :: A 2 B by (lK ). if (j j 2 and j j 2) then = 1:n1:n2 nk for some k 1 and = 1:m1:m2 ml for some l 1. THEOREM 43. B is closed with respect to every rule of the calculus (in the appropriate sense). If B is an open branch of a completed systematic tableau then B is -downward-saturated. Case 2: Otherwise. Then starting from ( :: 2A) = (1:n1 :n2 nk :: 2A) we can obtain 1:n1 :: 2A 2 B and 1 :: 2A 2 B by closure of B with respect to (l4r ). By Lemma 41. . Lemma 40 then guarantees that B is -satisﬁable (under the identity interpretation I ( ) = ) in an -model M = hlab(B). Otherwise. L L L L COROLLARY 44 (Completeness). if l 2 then 1:m1 :: 2A 2 B and closure with respect to (l4d ) guarantee that 1:m1 :m2 ml 1 :: 2A 2 B from which we get (1:m1 :m2 ml :: A) = ( :: A) 2 B by (lK ) as desired. We now have to go through the necessary clauses (see page 385) to show that B is -downward-saturated. Lemma 42 guarantees that B is an -downward-saturated set. For clause 4) assume that :: 2A 2 B and that for some in lab(B). From the ﬁrst we can obtain 1 :: 22A 2 B by closure of B with respect to (l5). V i. if :: A 2 B then j= A in M. Suppose the systematic tableau for X does not close. We have to show that :: A 2 B for each deﬁnition of -accessibility from Figure 18. LEMMA 42. We give the proof for only. Furthermore. means that = :n or (j j 2 and j j 2) L L K5 K5 X does not close then X is L- Proof. But then 1 j= X in M. The given instance of rule (l ) must have been applied at that later stage since was used on the extant part of B. the procedure must have visited :: 2P at some later stage still. Proof. Now. and from this we obtain 1:m1 :: 2A 2 B by (lK ). Clause 5) must be satisﬁed because B is closed with respect to (l ).

Massacci [1994. once a chain of labels becomes periodic because i and j label identical sets of formulae.388 ´ RAJEEV GORE These methods extend easily to cater for ‘strong completeness’ where we are allowed both ‘global’ and ‘local’ assumptions. L L 6. But it is also possible to modify the systematic procedure to identify potential periodic chains and keep tabs on them during the systematic procedure. Termination and Decidability In the previous sections we have seen how an inﬁnite tableau must give rise to a counter-model. see Fitting [1983] and Massacci [1994]. Thus these labelled tableaux can be used as decision procedures for the 15 basic logics. We noted on page 378 that the -accessibility relation and the ﬁnite. It may also be possible to extend these systems to handle some of the Diodorean modal logics. thereby obtaining systems for the provability logics. An alternative extension is to change the -rule. But there simply is no space. That is. 1995a ] gives alternative proofs of decidability for his systematic procedure based on an interpretation of the tableau rules as term rewriting rules. We now brieﬂy explain these comments by way of an alternative labelled tableau system LC K 45 for logic . 6.6 Cycles. (l4r ) . But a check for periodicity cannot be avoided for the transitive logics. The details are considerably more intricate than the preceding paragraph suggests since we have to preserve ‘fairness’ and completeness. (l4r ) . Lemma 39 guarantees that every inﬁnite branch will eventually become periodic. all formulae with the longer label are put to sleep. hence the modiﬁed systematic procedure will terminate for ﬁnite X . We also mentioned on page 305 that there is a duality between the explicit tableau methods and the implicit tableau methods.7 Extensions and Further Work The most obvious extensions of this approach are to multi-modal logics where different sorts of labels are used to model the different reachability relations. By keeping tabs on cycles we can also prove the ﬁnite model property for these logics since the resulting -frames are exactly the ﬁnite-frames of Figure 13 (page 360). Consider the system LC K 45 = LC PC f (l 1 ) . as shown in Figure 19. see Massacci [1994]. If the tableau has not closed then we are still guaranteed the same model as if we had allowed it to run ad inﬁnitum. (lK ) g 1 where the new rules are as given below: Grz G L L K45 . They are awakened only when periodicity for this chain is broken by the appearance of some new formula with a label i or j .-frames of Figure 13 (page 360) are closely related. Note that ﬁrst-order deﬁnability is not a hurdle for these labelled tableau systems since the class of -frames and -frames are not ﬁrst-order deﬁnable.

we do not need any check for periodicity since every systematic tableau is guaranteed to terminate for ﬁnite X . We therefore need to modify the systematic procedure slightly so that one of the mutually exclusive rules (l4r ) or (l 1 ) is applied to the chosen (awake) -formula as is appropriate.3 (page 377). The system LC K 45 does not ﬁt into the mould of our other labelled systems since: it has two -rules. the (l4r ) rule does not create a successor but merely moves a -formula from world 1:n to the root world 1. (lT ) (l Grz ) Figure 19. We have to show that if the numerator is -satisﬁable then so is each denominator. Proof. and the (l 1 ) rule is a special case of the usual ( ) rule. Then a -formula with a label 6= 1 cannot cause the creation of a successor and a systematic LC K 45-tableau for a ﬁnite X will contain labels of length at most 2. (l4) (l Grz ) (lK ). and creates a successor for a formula only if its label is the root label 1.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 389 (l G) (l Grz ) :: :2P :n :: :P :n :: 2P where :n is new to the current branch :: :2P where :n is new to the current branch :n :: :P :n :: 2(P ! 2P ) -Rules -Rule LC L PC-Rules L-accessibility K K4 S4 LC G LC PC LC K 4Go LC PC LC Grz LC PC (lK ). neither of which is the usual ( ) rule. So as in Section 6. (l4) (l G) (lK ). Proof for (l4r ) : If I (1:n) j= :2P then 1 1:n gives I (1)RI (1:n) which K45 L K45 K45 . The rules of LC K 45 are sound for K45-frames. (l4). suppose there is some -model M and an -interpretation I under which each numerator is -satisﬁable in M. THEOREM 45. Furthermore. each label in the numerator and denominator must already exist on the branch. Labelled Tableau Systems for Provability Logics :n :n 2 :: 2 (l4r ) 11 ::::::2P (l4r ) 11 ::::2PP (lK ) :n :: P 1 2P P 1 :: :2P where 1:n is new to the current branch (l 1 ) 1:n :: :P Note: except for 1:n in the rule (l 1 ) . even though the logic is transitive.

that is. which by the Euclidean axiom 32A ! 2A gives I (1) j= 2P .390 ´ RAJEEV GORE gives I (1) j= 3:2P which is I (1) j= 33:P . giving 1 I (1) j= 32P . Proof. captures -accessibility over lab(B) completely since B contains labels of length at most 2. where n and m are integers. V i as deﬁned in Lemma 40 on page 386. the number of preﬁxes of length 2 on any branch of a systematic tableau for X can be bounded by extending Lemma 35. The new rules of LC K 45 are essentially the operations that we required in the completeness proofs for C y K45 on page 335. like (l4r ) and (l4r ) . see [Ladner. The calculus LC K 45 is complete with respect to K45-frames. by the variant 33A ! 3A of the transitivity axiom 4 we have I (1) j= 3:P . Thus X is K45-satisﬁable under the identity L-interpretation I ( ) = in the K45-model hlab(B). see Massacci [1994] or Fitting [1983]. as required. we may even be able to determine the complexity of the decision and satisﬁability problems for using this system. Very well. Given a ﬁnite X . THEOREM 46. although such results are already known for most of the basic logics. For clause 4) note that 1 1:n and 1:n 1:m for all n and m. have allowed us to eliminate even analytic cut. 1985]. The extra power of rules that look backward against R. Choose an open branch B. Proof for (l4r ) : If I (1:n) j= 2P then 1 1:n gives I (1)RI (1:n). 1977. Proof for (l 1 ) : The rule (l 1 ) is just an instance of (l ) and we know the latter is sound for all Kripke frames. 1 For most cases. Hence. suppose the systematic tableau for X is open. Halpern and Moses. The derivation below left shows that clause 4) must be satisﬁed while the derivation below right shows that clause 5) must also be satisﬁed K45 K45 K45 1 tion that labels be at most length 2. . I (1) j= :2P as required. LC K 45 will be more efﬁcient than LC K 45 due to the restric- :n :: 2P (l4r ) 2P (lK1) 1:m :: P 1 :: 1 :n :: :2P (l4r ) :2P (l 1 ) 1:m :: :P 1 :: K45 . We have to show that if the systematic tableau for X is open then some open branch B gives an -downward-saturated set of labelled formulae (see page 385). The clauses 0) to 3) of the deﬁnition of -downward-saturated go through as before. Then. the K45model created by the completeness proof for LC K 45 (above) is also a ﬁniteK45-frame as deﬁned on page 360. as pointed out to me by Massacci. but LC K 45 is cut-free! Furthermore. Thus LC K 45 implements the completeness proof for C y K45. The branch must be closed with respect to all the rules of LC K 45 in the appropriate sense (page 386) since this is a consequence of the systematic procedure itself rather than the form of the rules.

Bellin. In Proc. Alain Heuerding. 1993] M. 1994] A. [Beth. PhD thesis.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 391 The system of Mondadori [D’Agostino and Mondadori. The only work along these lines that I know of is the work of Artosi. Jean Goubault. W. Tel Aviv University. Math. [Bellin. 1994. pages 441–445. Canberra. 1994] who use both (PB ) and labelled tableaux. The method of hypersequents in proof theory of propositional non-classical logics. Clearly. Enjalbert. . and Nicolette Bonnette for numerous corrections. Amerbauer. [Avron. 1984] A. A system of natural deduction for GL. In Proceedings of the CADE-12 Workshop on Automated Model Building. 1985] G. it should be possible to extend all our modal tableau systems by modifying our tableau rules to incorporate the rule (PB ). 1994] A. 1994. 1985. Bob Meyer and Minh Ha Quang for their comments on earlier drafts. Avron. Governatori. 1953] E. [Artosi and Governatori. In 11th International Joint Conference on Artiﬁcial Intelligence. 1989] Y. 1987. Ohlbach [1993] has also studied such systems but in a different guise. for Ohlbach literally translates modal logics into classical ﬁrst-order logic. Workshop on Temporal Logic in Speciﬁcation. Labelled model modal logic. Modal theorem proving: An equational viewpoint. Australian National University. [Amerbauer. but where the labels are allowed to contain variables as well as constants. Barringer. 15:330–339. Institute of Computer Science. 1993.und Sequenzenkalk¨ le f¨ r Normale Modale u u Aussagenlogiken. [Banieqbal and Barringer. 1989. Journal of Symbolic Logic. pages 11–17. Naturwissenschaftliche Fakult¨ der Universit¨ t Salzburg. The rule (PB) is also driven by string uniﬁcation of labels. Theoria. Particular thanks to Fabio Massacci for many useful comments and fruitful discussions. Auffray and P. Governatori and coworkers [Artosi and Governatori. 1953. Technical Report 294-94. 51:89–114. Beth. the restrictions on the reachability relation are not built into a notion like -accessibility. at a [Avron. 1984. Israel. LNCS 398. The main advantage is that we can now ‘detect’ closure subject to a constraint that two given labels unify. That is. but into the uniﬁcation algorithms. KE L ACKNOWLEDGEMENTS I would like to thank Melvin Fitting. Artosi and G.. 1994] has already been described in another Chapter in this Handbook. Temporal logic with ﬁxed points. Banieqbal and H. Indag. Schnittfreie Tableau. On modal systems having arithmetical interpretations. REFERENCES [Auffray and Enjalbert. On Padoa’s method in the theory of deﬁnition. A branch is now closed if it contains some :: A and some :: :A as long as the labels and are uniﬁable as strings with different string uniﬁcation algorithms for different modal logics. 1987] B. Any method that uses labels is really translating the modal logic into classical ﬁrst-order logic since all these methods use a label of ‘universal force’ for 2formulae and use a label of ‘existential force’ for 3-formulae. Avron. 49:935–942. The recent work of Russo [1995] makes these intuitions explicit.

Temporal and modal logic. An algebraic study of Diodorean modal systems. Branching time temporal logic. F. ´ [Gudzhinskas. 1980. Sistla. Volume II: Extensions of Classical Logic. Curry. Mondadori. [Catach. Journal of Logic and Computation. Decision procedures and expressiveness in the temporal logic of branching time. Guenthner. Modal sequents for normal modal logics. 1993] T. 32:145–148. 1984] E. Bull. The Netherlands. L. [Borghuis. LNAI 918. 1973. P. School/Workshop on Linear Time. A. A. Proceedings of the fourth a workshop on theorem proving with analytic tableaux and related methods. [Beckert and Possega. Academic Press. J. 1988. [Bull. 1995. Kluwer Academic Publishers. 1983] E. Baumgartner. 1985] E. [Baumgartner et al. W. Review of ‘Melvin Fitting. Logics of Programs. Emerson and J. Journal of Symbolic Logic. volume II of Handbook of Philosophical Logic. Bull and K. [Borga and Gentilini. A. Beth. TABLEAUX: A general theorem prover for modal logics. D. Basic modal logic. and temporal logics. 1980] B. Emerson. In Proc.). Deciding branching time logic. 1993. 50:855–856. Borga. International Computer Science Conference: Artiﬁcial Intelligence: Theory and Applications. 1988. pages 249–256. Automata. 39:231–240. Cambridge. [Cerrato. Gabbay and F. Y. Cambridge University Press. Studia Logica. Extensions of Classical Logic. 1955] E. [Fagin et al.. H¨hnle. Modal Logic: An Introduction. The MIT Press. Branching Time and Partial Order In Logics and Models of Concurrency. . In Proc. 1983. Proof Methods for Modal and Intuitionistic Logics. volume Volume B: Formal Models and Semantics. Gabbay and F. Emerson. Deciding branching time logic: A triple exponential decision procedure for CTL . Borga and P. Emerson and A. 16th ACM Symposium Theory of Computing. 1991] L. Catach. 1988] E. Cambridge University Press. [Borga. Gentilini. [Chellas. Symbolic logic and mechanical theorem proving. Halpern. Semantic entailment and formal derivability. Guenthner. [Emerson and Sistla. 1983. pages 14–24. Vol. P. 1984. Reidel. 30(1):58–64. 1995] B. leanTA : Lean tableau-based deduction. [Boolos. In D. 1983] M. Moses and M. chapter 16. 1995] R. On the proof theory of the modal logic Grz. Cerrato. Interpreting modal natural deduction in type theory. Mathematical Logic Quarterly (previously ZML). 1984] R. The Unprovability of Consistency. Halpern. Syntactical proof of the elimination theorem for von Wright’s temporal logic. [Emerson. Reidel. In Maarten de Rijke. In Proc. Letterkunde. [Emerson. LNCS 164. 30:1–24. Segerberg. 169. Reidel. pages 79–87. 1985. Logika Primenen. Journal of Computer and System Sciences. 42:453–459. A. TABLEAUX: A general theorem prover for modal logics. Diamonds and Defaults. 1984] J. G. Handbook of Theoretical Computer Science. Basic tense logic. Sistla. Gudzhinskas. LNCS 193. A. T. 1952. 1952] H. 1995] P. pages 67–102. 1993. 1993] C. Lee. 1984. [Burgess. A. In Proc. 1979] G. Chellas. 1986. Journal of Automated Reasoning. 1991. 17:249–265. Handbook of Philosophical Logic. 1984. Bull. [Emerson and Halpern. 1994] M. New York. [Bull. Afd. A. 1985] E. 1995. Beckert and J. 1985. [D’Agostino and Mondadori. MIT Press. Mat. 1986] M. van Leeuwen. 1983’. pages 123–172. [Emerson and Sistla. Logics of Programs 1985. Emerson and A. ZML (now called Mathematical Logic Quarterly). 1955. Borghuis. 1965. P Journal of Automated Reasoning. 1985] R. 7:489–510. 1985. On some proof theoretical properties of the modal logic GL. 1982. The elimination theorem when modality is present. pages 1–88. Journal of Symbolic Logic. Synthese Library. Srinivasan. Mededelingen der Koninklijke Nederlandse Akademie van Wetenschappen. Y. A. 1988. [Curry. editor. In D. Dordrecht. D’Agostino and M. 18:309–342. [Bull and Segerberg. pages 1–88. 4:285–319. editors. 1965] R. R.. 1994. [Chang and Lee. and J. Reasoning about Knowledge. 15(3):339–358. Journal of Symbolic Logic. Burgess. Fagin. 1990. editors. In J. Vardi. 1973] G.392 ´ RAJEEV GORE [Beth. A. Emerson and J. 1982] E. Proc. 1995. 1979. pages 176–192. 1988] L Catach. Posegga. tableaux. LNCS 354. 2:113–130. B. Boolos. MA. editor. Posegga (Ed. Chang and R. The taming of the cut: classical refutations with analytic cut. [Emerson and Srinivasan. 1990] E. [Catach.

133-134:73–104. Journal of Symbolic Logic. Available via http://arp. [Fitting. In Proceedings of the 3rd Workshop on Theorem Proving with Analytic Tableaux and Related Methods. Handbook of Logic in Artiﬁcial Intelligence and Logic Programming: Logical Foundations. Hudelmaier. [Gor´ et al. Scherl. of Computer Science. Michael Seyfried. 1996] Alain Heuerding. I. [Gabbay.edu. Studia Logica. Hintikka. B. 1973. Gor´ . 1966] W. Holland. Oxford University Press. Termination conditions for modal decision procedures (abstract only). pages 99–104. Gor´ . Hughes and M. [Gor´ . 1994. Logics of Time and Computation. Methuen.au/ on WWW. and E. Master’s thesis. 1991. 1987] D. Theory matrices (for modal logics) using alphabetical monotonicity. Gabbay. London. In Proc.. J. 1995. University of Cambridge. Sandewall. Dept. Proof Methods for Modal and Intuitionistic Logics. Labelled Deductive Systems. June. Gor´ . 1987. In J. 53:433–457. 1984] G. Gor´ . [Gent. Gough. e e Technical Report 257. [Frisch and Scherl. Australian National University. Oxford University Press. Acta Philosophica Fennica. Model existence theorems for modal and intuitionistic logics. volume 169 of Synthese Library. I. Proc. 1987. Center for the Study of Language and Information. In D. Cornell University. Goldblatt. Untersuchungen uber das logische Schliessen. in The Collected Papers of Gerhard Gentzen. Technical Report TR-16-95. Gent. . 1991. 1969. Imperial College. 1993] I. England. 1983] M. In Proc. Moses. Fitting. 1968. Form and content in quantiﬁcation theory. Fikes. pp 68-131. London. PhD thesis. Gabbay et al. 1992] R. Halpern and Y. 1997] D. J. Heinle. [Hintikka. NorthHolland. 1991] I. Frisch and R. pages 480–490. Workshop on Temporal Logic in Speciﬁcation. 1935. [Fitting. Mathematische ¨ Zeitschrift. Hanson. [Hanson. 1993. 1991. M. Y. 1991a] I. Cresswell. Oxford University Press. Technical Report TR-94/5. J. Gabbay. 1994] R. International Joint Conference on Artiﬁcial Intelligence. J. Heuerding. 1966. Basic modal logic. D. and A. Stanford. 1991. E. 31:687–688. [Hudelmaier. [Halpern and Moses. A general framework for modal deduction. Cut-free sequent and tableau systems for propositional Diodorean modal loge e ics. 38:613–627. Introduction to Modal Logic. Efﬁcient loop-check for backward proof search in some non-classical logics. Cresswell. CSLI Lecture Notes Number 7. Temporal logic . and Heinrich Zimmermann. [Goldblatt. In Proc. Dept. Gent.anu. 2nd Conference on Principles of Knowledge Representation and Reasoning. A guide to the modal logics of knowledge and belief: Preliminary draft. 1997. Analytic Proof Systems for Classical and Modal Logics of Restricted Quantiﬁcation. 1973] M. 1993] M. Hughes and M. [Gent. 1994] D M Gabbay. pages 409–448. England. Fisher. [Heuerding et al. Technical Report 91-62. Department of Computing. E. Relations between propositional normal e e modal logics: an overview. edited by M. 1984. 1993. [Gor´ . 1991] A. Allen. A resolution method for temporal logic. 1991] R. English translation: Investigations into logical deduction.. 1984. and M A Reynolds. (printed in 1994).mathematical foundations and computational aspects. 39:176–210 and 405–431. Coventry. 1955] K. 1992. pages 365–448. 1994] J. W. Studia Logica. Gent. Automated Reasoning Project. On a contraction free sequent calculus for the modal logic S4. [Gabbay et al. University of Warwick. 1995] R. 1985. London. A Companion to Modal Logic. [Hughes and Cresswell. Morgan-Kaufmann. 1985] J. Volume 1. [Hughes and Cresswell. Dordrecht. Submitted to Tableaux 96. [Gor´ . 52(2):233–257. Springer-Verlag. Fitting. 1994. [Gabbay. 12th International Joint Conference on Artiﬁcial Intelligence 1991. Fitting. University of Manchester. Methuen. Semi-analytic tableaux for modal logics with applications to nonmonotonicity. 1984] G. Gentzen. 1991. Cut-free sequent and tableau systems for propositional normal modal logics. 8:3–55. Journal of Symbolic Logic. 1968] G.. of Computer Science. 1994. Hodkinson. [Fitting. The declarative past and imperative future: Executable temporal logic for interactive systems. [Gentzen. editors. Reidel. M. editor. 1991] M. 1935] G. e e Logique et Analyse. England. E. [Gent. Morgan-Kaufmann.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 393 [Fisher. 1987] R. Mathematical Sciences Institute. [Gough. 1983. R. LNCS 398. Theory tableaux. volume 1. Szabo. Decision procedures for temporal logics. 1955.

1994] F. 1977. Massacci. [Masini. 1987] H. Journal of Symbolic Logic. A. Sweden. Proc. Department of Computing. Technical Report 187-91... USA. 1959] S. Baumgartner. Completeness theorems for temporal logics T and 2T . . Provability in Logic. 1988] H. Translation methods for non-classical logics: An overview.. Decidability and incompleteness results for ﬁrst-order temporal logics of linear time. 1957. 2(2). [Kawai. A. and M. Technical Report TR-94/5. W. Tanaka. volume LNAI 918. U. [Miglioli et al. 1995a] F. 1995] F. In Proceedings of the 3rd Workshop on Theorem Proving with Analytic Tableaux and Related Methods. 25:272–279. 1996] M. Universit¨ t Kaiserslautern. Masini. editors. of Computer Science. 1991. University of Kentucky. 9:67–96.5 International Conference on VLSI. Annals of Pure and Applied Logic. and M. ZML (now Mathematical Logic Quarterly). SIAM Journal of Computing. Kripke. 1957] M. M. Kono. 1985] R. Ornaghi. 1976. Universita Degli Studi Di Pisa. Sequential calculus for a ﬁrst-order inﬁnitary temporal logic. Merz. Massacci. Koshimura and R. and J. Matsumoto. Weak alternating automata give a simple explanation of why most temporal and dynamic logics are decidable in exponential time. 1987. [Massacci. Saoudi. Marek. Kripke. 1988] D. [Masini. Morgan. Kawai. 33:423–432. Methods for automated theorem proving in nonclassical logics. and P. Posegga. March 1959. pages 723–737. 1963] S. J. 3049. 2-sequent calculus: Classical modal logic. Kracht. In Proc. 1992] S. S. 1996. LNAI 814. 1994. Springer. of Philosophy. 58:229–246. 1993. Proceedings of the e IFIP TC 10/WG 10. Ladner. 1991] A. Kanger. 1992] A. 1992. In Alan Bundy. 3(5):533–562. Ohnishi and K. [Morgan. PhD thesis. ZML (now Mathematical Logic Quarterly). 1990. University of Stockholm. Technical Report TR-13/91. Semantical analysis of modal logic I: Normal modal propositional calculi. Modal propositional tableaux in a model generation theorem prover. Kluwer. Osaka Mathematical Journal. G. Technical Report SEKI Report SR-90-11. VLSI ‘87. H¨ ahnle. 1994. 1993] A. Moore. 1963. Logics in Computer Science. Ohlbach. 2-sequent calculus: Intuitionism and natural deduction. 1977] R. 6(3):467–480. Simple steps tableaux for modal logics. Tense Logic and the Theory of Linear Order. Artiﬁcial Intelligence. characterisation.394 ´ RAJEEV GORE [Kamp. 1957] S. 1988. Semantical considerations on nonmonotonic logic. Almqvist and Wiksell. A completeness theorem in modal logic. Submitted for publication. Kawai. USA. [Kracht. Nakamura. Kamp. Modal nonmonotonic logics: ranges. 1991] W. Journal of Applied Non-Classical Logic. pages 95–105. Schwarz. 34:393–398. Proof Theory of Modal Logics. editor.. [Massacci. [Kanger. to appear. Miglioli. [Koshimura and Hasegawa. 1992. 1993] H. CADE-12. 1988. Dept. 1990] H. Kaiserslautern. Moscato. 1995] P. C-25(8):852–862. IEEE Transactions on Computers. [Massacci. [Ohnishi and Matsumoto. G. 1995. Temporal logic based fast veriﬁcation system using cover expressions. editor. Truszczynski. E Muller. Fujita. [Moore. December 1995. 1968] J. London. [Kripke. 24(1):1–14. Wansing. 2-sequent calculus: A proof theory of modalities. 1985. [Kawai. University of California. R. 1987] H. Zeitschrift f¨ r Mathematik Logik und Grundlagen der Mathematik. pages 101–111. Refutation systems for propositional modal logics. D-6750. 1991. Corrections to our paper ‘Gentzen method in modal calculi I’. Vancouver. editor. In C H S´quin. computation. [Kripke. 1994] M. Masini. [Ohlbach. u [Ladner. Imperial College. 10:147. Bulletin of the Interest Group in Pure and Applied Logics. Strongly analytic tableaux for normal modal logics. 1987. a Germany. and H. 1(1):69–89. [Ohlbach. [Marek et al. Personal communication. Masini. Power and weakness of the modal display calculus. [Merz. C. Hasegawa. Stockholm Studies in Philosophy. pages 422–427. The computational complexity of provability in systems of modal propositional logic. Massacci. Journal of Logic and Computation. [Muller et al. Postfach. In H. 1957. 1995. In P. Proceedings of the 4th Workshop on Theorem Proving with Analytic Tableaux and Related Methods. Ohlbach. Springer-Verlag. Dept. 1968. 1976] C. 1993. J. Semantics based translation methods for modal logics. E Schupp. [Masini. [Nakamura et al.

M. Wiesbaden. cut-free formulations of T. In Proc. 11:115–120. Journal of the Association for Computing Machinery. [van Benthem. 18(4):517–526. Truszczynski. Shimura. Blok. Clarke. 1984. Oppacher and E. 1980. Uppsala. 32:137–144. Rautenberg. Ohnishi and K. Rautenberg. [Shimura. 1983] S. Modal tree constructions. editors. [Ohnishi and Matsumoto. Edinburgh University. F. K. Gentzen-systems for propositional temporal logics. 1990] W. 1992. Journal of Philosophical Logic. F. The Logic of Time: a model-theoretic investigation into the varieties of temporal ontology and temporal discourse. van Benthem. [Sambin and Valentini. A. An essay in classical modal logic (3 vols. [Sambin and Valentini. Gentzen style systems for K45 and K45D. Valentini and U. Modal labelled deductive systems. The modal logic of consistency assertions of Peano arithmetic. 2nd Workshop on Computer Science Logics. Russo. Klassische und Nichtklassische Aussagenlogik. 1988] F. K. 156. P. [van Benthem. Corrections for modal tableau calculi and interpolation by W. A. Pottinger. [Schwarz and Truszczynski. Slaght. [Valentini and Solitro. 1971] K. 1982. van Benthem and W. 1980] G. Modal tableau calculi and interpolation. 1986. [Stirling. JPL 12 (1983). 1992] G. Logic at Botik ’89. 1959] M. Technical Report Filosoﬁska Studier. A modal sequent calculus for a fragment of arithmetic. Journal of Philosophical Logic. Ohnishi and K. [Russo. [Valentini. The complexity of propositional linear temporal logics. Investigations of ﬁnitary calculus for a discrete linear time logic by means of ﬁnitary calculus. 1992. Osaka Mathematical Journal. of Computing. Shimura. Imperial College. pages 167–247. Stirling. 29:25–32. In Proc. F. [Sistla and Clarke. 32(3):733–749. 1988. 1991. Personal communication. Gentzen method in modal calculi I. [Rautenberg. . 34:245–256. 1990. A syntactic proof of cut elimination for GLlin . 1985. [Oppacher and Suen. 1957. Dept of Computer Science. [Rautenberg. pages 504–528. Journal of Philosophical Logic. 1989] G. Matsumoto. Minimal model semantics for nonmonotonic modal logics. 1977] R. The modal logic of provability: Cut-elimination.TABLEAU METHODS FOR MODAL AND TEMPORAL LOGICS 395 [Ohnishi and Matsumoto. 1983] W. 1991. In LNCS vol 502. editors. Pliuskevicius. 14:229. [Pliuskevicius. Rautenberg. In A. HARP: A tableau-based theorem prover. 1985. Suen. Sistla and E. Meyer and M. Schwarz and M. [Rautenberg. Modal and temporal logics for processes. Segerberg. K. Journal of Automated Reasoning. Studia Logica. Springer-Verlag. [Slaght. Sambin and S. 1979. 1978. volume II. Notre Dame Journal of Formal Logic. 1979] W. Springer-Verlag. 1991] T.3 and S4. Sambin and S. 1978] J. 1983. 1995. LNCS 363. 1983. Osaka Mathematical Journal. Correspondence theory. 1992] G. Theoria. Symposium on Logical Foundations of Computer Science. [Paech. Synthese library. Journal of Philosophical Logic. D. 1991] R. Matsumoto. Shvarts. 1992] T. London. In D. Logics in Computer Science. [Valentini. L. 1983. Dept. 9:113–130. [Schwarz. S4 and S5. [Segerberg. 12:403–423. Reports on Mathematical Logic. 1985] A. In Proc. 1989. 25:57–73. Guenthner. A. 1995] A. [Shvarts. 1984] J. ECS-LFCS-92-221. nr 13. Reports on Mathematical Logic. A. Gentzen method in modal calculi II. 1983] G. Rautenberg. 1985] W. 26:39–65. [Shimura. Zeitschrift f¨ r Matheu matische Logik und Grundlagen der Mathematik. 1959. pages 240–253. The modal logic of provability: the sequential approach. of Theoretical Aspects of Reasoning About Knowledge. Schwarz. Taitslin. Uniform. Valentini. Cut-free systems for the modal logic S4. Technical Report TR-95/7. 1983. Cut-free systems for some modal logics containing S4. F. Valentini. vol. Paech. Reidel. Valentini. 1982] G. R.3GRZ. [van Benthem and Blok. 4:69–100. 1983] J. 1992] C. 1986] S. 1988] B. 1992. [Pottinger. Rautenberg. 1983. Technical report. Dordrecht: Reidel. 1957a] M. Handbook of Philosophical Logic. Solitro. 1988. 1983] S. Abstract in JSL. Transitivity follows from Dummett’s axiom. December 5th. LNCS 385. 12:471–476. 1977. pages 245–256. Valentini. 1971. ZML (now Mathematical Logic Quarterly). Uppsala Universitet. Modal logic S4F and the minimal knowledge paradigm. van Benthem. 1992. Gabbay and F. 48:900–901. 11:311–342. E. Vieweg. 44:117–118. [Rautenberg.).

[Wansing. J. 1994] Heinrich Wansing. [Zeman. Journal of Computer and System Sciences. 4. [Wallen. MIT Press. 56:72– 99. Sequent calculi for normal modal propositional logics. Logique et Analyse. 1983. Temporal logic can be more expressive. 1985] P. 1994. Oxford University Press. A. 32. 1989. Automata-theoretic techniques for modal logics of programs. 1983] P. Wolper. Information and Control. [Wolper.396 ´ RAJEEV GORE [Vardi and Wolper. Automated Deduction in Nonclassical Logics: Efﬁcient Matrix Proof Methods for Modal and Intuitionistic Logics. Modal Logic: The Lewis-Modal Systems. 1986. Wallen. 1973] J. The tableau method for temporal logic: an overview. Vardi and P. Zeman. Wolper. Journal of Logic and Computation. . 110-111:119–136. 1986] M. 1973. 1985. Wolper. 1989] L. [Wolper.

So (positive) logic programs are ‘sub-classical’. in a sense. However.g. whose aim is described as an attempt ‘to apply the traditional methods of [classical] logic to contemporary theories of problem solving and computer programming’. but procedural derivation (see [Kowalski. the theoretical framework for most applications was assumed to be classical logic. however. is not complete for classical logic. a2 . . not classical logic. Let us consider. DOV GABBAY. an is an expression of a fragfact that a program clause a0 ment of positive logic [a subsystem of Intuitionistic Logic] rather than an implication formula of classical logic. Thus logic programs are regarded as syntactically restricted ﬁrstorder theories within the framework of classical logic. 1989. The resolution method for Horn clauses appears to be based on classical logic. This is just an example of a general phenomenon which arises in the application of logic: we start from a logic L (e. Correspondingly. this assumption often turned out to clash with researchers’ intuitions even in wellestablished areas of application. here are some quotations which are clearly in conﬂict with the received view (and with each other) as to the correct interpretation of logic programs: Relevance Logic not only shows promise as a standard for modular reasoning systems. ] the systems of modules which are actually used in computer science have the feature that relevance. : : : . the method actually used for logic programming. 1991. and is in fact equivalent to Relevance Logic. what is probably the most representative of these application areas: logic programming. but it has. . This interpretation is the leitmotiv of Kowalski’s well-known [1979].214] According to the standard view.MARCELLO D’AGOSTINO. [Garson. Traditionally. The idea that the execution of a Prolog program is to be understood as a derivation in classical logic has played a key role in the development of the area. p. The logical behaviour of such clauses is in no way related to any negation or complement operation. provides a theory of their behaviour. known as SLD-resolution. the proof-theory of logic programs is considered as a specialized version of classical resolution. neglects the a1 . been already adopted by artiﬁcial intelligence researchers. However. The classical interpretation seems to be a semantical overkill’ [Wagner. KRYSIA BRODA TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 1 INTRODUCTION Over the last few decades a good deal of research in logic has been prompted by the realization that logical systems can be successfully employed to formalize and solve a variety of computational problems. This view. classical logic) and develop a deduction system .[.835]. p. for example. 1979]). a logic program is a deﬁnite set of Horn clauses.

i. (Curry. The reader is referred to [Dˆ sen. Gentzen’s analysis brought to light that the properties of ` fall in two categories: Properties characterizing the behaviour of the logical operators !. We may regard L as the result of application-dependent constraints which belong to the ‘pragmatics’ of L. a logical system in its own sake. Then. however. the work on BCK Logic (Fitch. Lafont). the effects of the perturbations and the overall behaviour of the perturbed system can be regarded as typical engineering problems. the subject of substructural logics arises from the combination of four main components: the tradition of Relevance Logic (Anderson. Historically. in order to adapt this system to a given application problem. ﬁxed by the operational rules. the behaviour of L belongs to the domain of applied logic. Lambek. In this way the behaviour of L becomes a new theoretical problem and belongs to the domain of pure logic. Meyer). we may decide to recognize L as a ﬁrst-class citizen. Belnap. 1. ^. Nelson. try and give a ﬂavour of the subject by brieﬂy discussing its impact on the traditional notion of logical deduction. which arise from ‘perturbations’ of classical and intuitionistic logic and are known as substructural or resource logics. the work on Categorial Logic. 1993] for the necessary historical and conceptual background.1 Background on substructural logics Substructural logics ultimately stem from Gentzen’s Investigations into Logical Deduction [Gentzen. which characterize classical and intuitionistic inferences. the recent developments in Linear Logic. Van Benthem). 1935]. we often introduce ad hoc procedural ‘perturbations’ which restrict the original logic L and turn it into another logic L . Prior). Now we have two alternatives. Alternatively. If we adopt this conservative option. (Girard. produce Gentzen-style proof systems. In this chapter we shall focus on an important family of logical systems. instead of imposing some theoretical system borrowed from the literature on pure logic.398 MARCELLO D’AGOSTINO. Howard. KRYSIA BRODA for L. and in particular from his characterization of deductive inference in terms of calculi of sequents. which can become an independent object of investigation. We shall not attempt here to provide an introduction to the subject and shall assume the reader to be familiar at least with the basic ideas involved. DOV GABBAY. we can axiomatize L . expressed by the turnstile `.e. o We shall. Meredith. We can then try to provide a theoretical characterization of the new system by exploiting its analogy with more familiar ones (for instance. develop algebraic and relational semantics for it). Such calculi can be seen as axiomatizations of the notion of logical consequence. :. _. .

a binary relation formalizing the intuitive notion of logical consequence. for an overview see [Dunn. as usual. ﬁxed by the structural rules (including the cut rule). via variations of its structural properties. If the system R proposed by Anderson and Belnap had to be called ‘logic’. of course. on our deﬁnition of ‘logic’. 1986]) showed the inadequacy of this traditional deﬁnition. the deﬁnition had to be amended. the rules that govern the information-processing mechanism. which was ﬁrst formulated explicitly by Tarski [1930a.. 1 This terminology goes back to Gentzen [1935] and his distinction between structural and operational rules in the sequent calculi. philosophical or linguistic problems. a consequence relation is a relation ` between sets of formulae and formulae satisfying the following conditions: (Identity) (Monotonicity) (Transitivity) A`A ` B =) .e. A ‘logic’ is usually identiﬁed with a consequence relation. A ` B () ` A ! B The closure conditions in the deﬁnition of consequence relation are all structural conditions. they do not involve any speciﬁc logical operator. A ` B and ` A =) . the system of intuitionistic implication can be shown to correspond to the smallest consequence relation closed under the following additional condition concerning the ! operator: (Cond) . . ` B where and are sets of formulae (we write. are captured by re-interpreting the relation `. 1975] and [Anderson et al. and this is no exception. Such ‘perturbed’ systems may have a decent proof-theory and even an intuitive semantics. From the viewpoint of the present chapter. A ` B . i. but can we call them ‘logics’? An answer to this question depends. Very seldom deﬁnitions are completely stable. but express basic properties of the notion of logical consequence1. Gentzen’s approach already contained the possibility of heuristic variations. According to the traditional deﬁnition. Many perturbations of classical and intuitionistic logic. while the structural properties of the turnstile as expressing the properties of the underlying information system. prompted by their interaction with computational. The emergence of Relevance Logic (see the monumental [Anderson and Belnap. this heuristic is central. 1930b].TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 399 Properties pertaining to the interpretation of `. The operational rules of his sequent calculus can be seen as expressing the meaning of the logical operators. ‘A’ instead of ‘fAg’ and ‘ . 1992].e.e. Let’s see why. i. A’ instead of fAg’). i. For instance.

the deﬁnition of a ‘relevant’ deduction requires that every single occurrence of an assumption is used to obtain the conclusion. and it can be shown that no alternative proofs can be found. KRYSIA BRODA The whole idea of Relevance Logic is that in a ‘proper’ deduction all the premisses have to be used at least once to establish the conclusion. where is a ﬁnite sequence of formulae. 1935]. because it does not satisfy (Monotonicity). To make this sort of distinction we need a ﬁner-grained notion of consequence relation. since the subproof which occurs as premiss would not be a ‘proper proof’. in the typical natural deduction proof of the positive paradox the assumption B is discharged ‘vacuously’ by the application of the !-introduction rule. Therefore. A `R A is not. between A. the standard proof is no longer an acceptable proof of the positive paradox. as in the ‘mingle’ system (see [Dunn. in that this condition would allow the addition of ‘irrelevant’ assumptions which are not used in deducing the conclusion. therefore. But there is no way to distinguish the set fA. let us write `R A. Consider the statement A. This is not provable because there is no way of using both occurrences of A in the antecedent in order to obtain the conclusion. one of these two occurrences is ‘irrelevant’. The trouble is that the distinction between these two different approaches to the notion of relevance cannot be expressed by the traditional notion of consequence relation. to mean that there is an R-deduction of A using all the elements of (which are occurrences of formulae). A `R A. Ag from the set fAg and. A `R A and A `R A. such ‘vacuous’ applications of the !-introduction rule are not allowed. a (single-conclusion2) consequence 2 Gentzen also considered multiple-conclusion consequence relations and showed that this more general notion was more convenient for the formalization of classical logic. so as to stop the validity of the notorious ‘fallacies of relevance’ such as the so-called ‘positive paradox’ A ! (B ! A). It becomes provable if we ‘dilute’ the criterion of use to the effect that at least one occurrence of each assumption needs to be used. we have to drop (Monotonicity) from our deﬁnition of a consequence relation. while A `R A is trivially provable. according to this notion. if we want to consider the system of relevant implication as a logic. But this is not the whole story. If we restrict our notion of proof in such a way that all the assumptions have to be used in order to obtain the conclusion of the proof. Is ND it a consequence relation in the traditional sense? The answer is obviously ‘no’. i. such a ﬁner-grained notion was already contained in Gentzen’s calculus of sequents [Gentzen. For instance. So. So. Now. It takes the form of a side-condition on the application of the natural deduction rules. This criterion of use is ultimately sufﬁcient to prevent the fallacies from being provable.400 MARCELLO D’AGOSTINO. 1935]. . DOV GABBAY. In the system R. In this approach.e. A. i. Let us consider the restricted deducibility relation `0 which incorporates this side-condition. In fact. See [Gentzen. it is not used in obtaining the conclusion of the subproof constituting the premiss of the rule application. 1986]). The criterion of use is clearly of a ‘metalevel’ nature. a consequence relation is taken to be a relation between sets of formulae and formulae.e. Indeed.

That such a relation holds between a sequence and a formula A is expressed by the sequent ` A (Gentzen used the notation =) A. . but we prefer the ‘turnstile’ notation for reasons of uniformity). that he called operational rules and structural rules. `B . B. A. The remaining rules of Contraction and Exchange have the effect of making Gentzen’s relations ` deductively equivalent to the corresponding consequence relations with sets as ﬁrst argument. i. A. A. `B Here the Weakening rule corresponds to the Monotonicity condition of a consequence relation. in his view. in Gentzen’s system the role of the Identity condition is played by the assumption that every axiom A ` A can be used at any step of a sequent proof. Gentzen’s richer axiomatization provides the means of characterizing systems like R as ‘substructural’ consequence relations. A. While the ﬁrst type of rules embodied. ` B . ` C . ` B The more ‘liberal’ mingle system is then distinguished from R by the fact that it allows for this weaker version of the Weakening rule. in the sequent formulation. the rule which is dropped is the Weakening rule. ` B . A. . ` B . A. the second type embodied the meaning of `. logics for which the standard structural rules of Gentzen’s axiomatization may not hold. one can consider a rule symmetric to the Contraction rule: Expansion . Gentzen speciﬁed also two sets of rules to derive new sequents from given ones. A. rather than a set. responsible for the arbitrary introduction of ‘irrelevant’ items in the antecedent of a sequent.e. of formulae. the meaning of the logical operators. After removing Weakening. ` B ` A . the structure on the left of ` is a sequence. and Cut corresponds to Transitivity. A. In the case of R. ` B . A. B. Moreover.TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 401 relation is axiomatized as a relation between a ﬁnite sequence of formulae and a formula. The axioms of Gentzen’s system are given by all the sequents of the form A ` A. ` C . A. These structural rules are the following: Weakening Exchange Contraction Cut . except that.

KRYSIA BRODA The discussion of Relevance Logic clearly brings out the general idea that variations in the notion of logical consequence correspond to variations in the allowed structural rules of a suitable sequent-based system. satisfying: Identity Surgical Cut A`A ` A . A ‘proper’ proof is one in which every assumption is used exactly once. This means that the Contraction rule is not sound in Linear Logic. Apart from the cut rule. With Girard’s Linear Logic [Girard. 1. and therefore the Exchange rule is also disallowed. ` B . . Linear Logic completely rejects the ‘vagueness’ of traditional proof-theory concerning the use and manipulation of assumptions in a deductive process. Belnap and Meyer. A. In this chapter we shall focus on tableau methods for substructural logics and shall discuss two main lines of research: the approach based on ‘proof-theoretic’ tableaux developed by McRobbie. consequence relations may or may not obey any of the following conditions describing their structural properties: . and range over sequences. informally. an outgrowth of Gabbay’s research program on Labelled Deductive Systems. that a proof of B from two occurrences of A can be turned into a proof of B from one occurrence only of A. which is motivated by the work done in the tradition of Relevance Logic. `B Since the . In the ‘non-commutative’ variant of Linear Logic — which was anticipated in 1958 by Lambek [1958] as a system intended for applications to mathematical linguistics (see Abrusci [1990. This is why we call the cut ‘surgical’. 1991 ] and [van Benthem. DOV GABBAY. an application of the cut rule replaces an occurrence of the formula A with the sequence exactly in the position of A.402 MARCELLO D’AGOSTINO. 1987. If a particular assumption A can be used ad libitum. and the approach based on ‘labelled tableaux’. 1991] for further developments — also the order in which assumptions are used becomes crucial. unless A is one of those assumptions which can be used ad libitum. 1988a ] the ‘substructural movement’ reached its climax. Avron. in which case we should preﬁx it with the storage operator. leaving the basic operational rules unchanged. since it says. which is part of their deﬁnition.2 Substructural Consequence Relations In this chapter we take a consequence relation as a relation ` between sequences of formulae and formulae. But this is impossible. this has to be made explicit by preﬁxing it with the ‘storage’ operator !. Structural rules.

depending on the structure of the data and on the allowed ways of manipulating it. as with the standard Gentzen systems. If Contraction is disallowed. A ! B. this notion of relevance extends to the single occurrences of the formulae in the data (as in Anderson and Belnap’s system of Relevance Logic. B. .B ` C . Notice that if Exchange is allowed. is usually characterized by the following equivalence: C! ` A ! B () . ` C . If also Expansion is disallowed. if we disallow the Weakening rule.e. the reader is referred to [Avron. The operator !. A ` B .TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 403 Exchange Expansion . each occurrence of a formula in the data has to be used). B. each item of data can be used only once and has to be replicated if it is used more than once (as in Girard’s Linear Logic and its satellites). A. nor does the order in which they occur. the ‘chronology’ of this process — i. the order in which formulae occur in the data — becomes signiﬁcant (as in the Lambek calculus).e.3 If Contraction and Expansion are also allowed (notice that the Weakening rule implies the Expansion rule) the antecedent of a sequent can be regarded as a set of formulae. . `C . 1991].A ` B `A!B which. Then different combinations of the above structural rules can be seen as different ways of deﬁning the properties of the ‘information ﬂow’ expressed by the turnstile. ` C We can think of a sequent ` A as stating that the piece of information expressed by A is ‘contained’ in the data structure expressed by . the consequence relation becomes sensitive to the relevance of the data to the conclusion: all the data has to be used in the derivation process. under the assumption of Identity and Surgical cut is equivalent to the pair of sequent rules: (1) `A . A. . A. Finally. the number of occurrences of formulae does not count. or ‘implication’ as is often improperly called. A. A. if Exchange is disallowed. In this way the process of deriving a formula becomes more similar to a physical process and the consequence relation becomes sensitive to the resources employed. A. the antecedent of a sequent can be regarded as a multiset. i. The conditional operator. For instance. ` C . `C `C `C `C Contraction Weakening . A. . ` C 3 For multiset-based consequence relations. A. A.

404 MARCELLO D’AGOSTINO. A ` B () ` A !1 B A. Of course. ` C 4 For the time being we are considering only single-conclusion sequents. a sequent ` A becomes equivalent to ` A where denotes the -concatenation of the formulae in . KRYSIA BRODA For instance. if Exchange is allowed !1 and !2 collapse into each other. A. except the cut rule. However. . In the classical and intuitionistic sequent calculus the comma occurring in the left-hand side of a sequent is associated with classical conjunction. ` B () ` A !2 B . and the structural rules deﬁning the meaning of the turnstile. and yet is deﬁned in the same way as its classical version. in a sense. B. namely4: C . The operators and ^. A B. is to be used in the derivation. the comma is no longer equivalent to classical conjunction. A. This operator represents a particular way of combining pieces of information. A B. In the new setting. In this context we shall use the symbol ! without subscripts. in which the only conditions which are required to hold are Identity and Surgical cut. the shape of the latter depends crucially on the format of the operational rules and of the cut rule. it has the same ‘meaning’. Later on we shall consider also multi-conclusion sequents in the context of logical systems with classical (involutive) negation. ` C . A ` B [CUT] . Its inferential role depends on two components: the operational rules deﬁning its meaning.A ` B Notice that if no structural rule. ` C Clearly. `A B `B . Given Identity and Surgical cut. Notice also that in systems which do not allow Exchange the conditional operator splits into two operators deﬁned as follows: C!1 C!2 . DOV GABBAY. denoted by and sometimes called ‘tensor’ which is no longer classical (because of the failure of some or all of the structural rules). Therefore. we can derive the only-if part of C! from the Gentzen rules (the if-part is a primitive rule) as follows: A`A B`B `A!B A ! B. C can be easily shown to be equivalent to the pair of sequent rules: (2) `A . ` C () . the new consequence relations may still be closed under the standard condition deﬁning classical conjunction. B. Such condition characterizes a new type of ‘substructural’ conjunction.

B. let us consider the following restricted form of cut: Transitivity Then. i. additive conjunction. Negation can be deﬁned a la Johansson. in the two-premiss rule. describe a type of conjunction which is sometimes called ‘context-free’ since its characterization does not impose any special condition on the ‘context’. ` C . The operator :. under the assumption of Weakening and Contraction. ` C which corresponds to the the following sequent rules: (4) Here. ` C . The sequent ` A ^ B expresses the fact that from this we can derive either A or B at our choice. in Girard’s terminology. C and (3). ` C . we could derive both A and B and then ‘shrink’ the two copies of used in this derivation into one. together with Identity. A ` ? () ` :A. Of course. the premisses must share the same structure of side formulae.TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 405 It is not difﬁcult to see that C together with Identity and Surgical Cut. on the other hand. A. so as to satisfy the condition of the rule. Again. it is easy to see that Transitivity. implies: (3) A`B C `D A C`B D A`B B`C A`C Moreover. as well as its deﬁnition C . namely . Then the condition C! above immediately yields: C: . The rules for . we could derive A and B from different data-structures. they do deﬁne a new operator which is called. imply Surgical Cut. If either of these rules is disallowed. if we allowed Contraction. In this approach :A is deﬁned as A ! ?.e. A ^ B. A ^ B. on the structures of side formulae (the and ). the condition C: is equivalent to the following pair of sequent rules: . given Identity and Surgical cut. it is easy to see that. If we allowed Weakening. say and and then expand both to . A ‘context-dependent’ type of conjunction is expressed by the following equivalence: C^ ` A ^ B () ` A and ` B `A `B `A^B . that is the two proofs of A and B must depend exactly on the same structure of assumptions. C^ and the corresponding sequent rules would not deﬁne any new operator different from . Thus. in terms of implication ´ and the ‘falsum’ constant ?.

A ` C and . the following equivalences also hold: (10) & Thus. Identity and Surgical Cut. is equivalent to the rule: (8) Let us now deﬁne a binary operator (9) If (7) holds and Exchange is allowed. B ` C .A ` ? ` :A `A :A. KRYSIA BRODA (5) .406 MARCELLO D’AGOSTINO. with the intended meaning ` and we denote. Involutive negation and the operator . :A ` B () ` A B (by and .A _ B ` C which corresponds to the the following sequent rules: (6) `A `A_B `B `A_B Notice that the disjunction operator deﬁned by these rules is ‘context-dependent’ in a sense similar to the sense in which ^ is: a crucial condition in the two-premiss rule is that the context of the inference step. This type of disjunction is called ‘additive’ to distinguish it from a context-free type of disjunction that arises when we consider logics with an involutive negation operator (see below). A ` B () ` :A B & & def which. A _ B ` C () . ` ? The operator _ The disjunction operator can be deﬁned by the following equivalence: C_ .B ` C . Moreover . given C: — or equivalently the sequent rules in (5) —. respectively.A ` C . namely the structure of side formulae . DOV GABBAY. in the logics satisfying the Exchange property and the double negation law (7) we can naturally introduce multi-conclusion sequents of the form where is (like ) a list of formulae. is the same in both premisses. the -concatenation of the formulae in & ` & & & as follows: is commutative and associative. Involutive negation is characterized by the additional condition expressed by the ‘double negation law’: (7) & ::A ` A . :A ` ? `A A B = :A ! B .

& & & & & . & This condition is equivalent to the following pair of rules: & (13) ` . The operator corresponds to the comma in the right-hand side of a multi-conclusion sequent. just as the operator corresponds to the comma in the left-hand side. We conclude this section with a terminological remark.A ` B. and . B. A B. A B. and include !. i. A. A B.e. ` . those which can be deﬁned via rules of inference with no conditions on the context of the inference step (see [Avron.TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 407 the -concatenation of the formulae in ). which bring up the ‘context-free’ character of this type of disjunction as opposed to the the context-dependent character of _. A. The reader can easily derive multi-conclusion versions of C . and the corresponding sequent rules. 1988b] for this characterization). ` . ` . Clearly can be deﬁned directly by the following condition: & C ` . so the antecedent and the succedent of a sequent can be regarded as multisets rather than just sequences. Following Girard [1987] the logical operators we have been considering so far can be classiﬁed into two categories. . B.A ` . ` . just as is equivalent to classical conjunction. is clearly equivalent to classical disjunction. Under these circumstances the following equivalences can also be easily shown: (11) (12) A B a` :(A ! :B ) A B a` :(:A :B ) & & & When all the usual structural rules are allowed. :. () ` . are the context-dependent conjunction and disjunction ^ and _. Notice that in the logics satisfying (7) and Exchange both and are commutative. described in Fiutting’s introduction. . 2 PROOF-THEORETIC TABLEAUX An early example of tableau methods for substructural logics is Dunn’s method of ‘coupled trees’ for ﬁrst degree entailment. and Surgical Cut can be replaced by the more familiar (though not necessarily more natural): ` A. the multiplicatives and the additives. C! and C: . The ‘additive’ operators. The properties of the (classical) negation operator allow us to translate back and forth from the single-conclusion formulation to the multi-conclusion one. The multiplicative operators are the ‘context-free’ ones.

give rise to different logical operators. Each left-handed sequent means that the sequence of formulae on the left of the turnstile is inconsistent. given this ‘context-dependent’ version of the twopremiss rules. that . () . given the double negation law. We have already observed that when some of the structural rules are disallowed.A ! B ` It is not difﬁcult to see that. :B ` . in this case a ‘semantic’ interpretation. :A ` which allows us to move any formula from the succedent to the antecedent. p. By exploiting the properties of classical negation. . as in classical tableaux. 1979. This is an immediate consequence of the equivalence ` A. i. is not immediately available. :A `. As the authors remark. 1984 ] and was concerned with systems belonging to the family of Relevance Logic. KRYSIA BRODA After that. where all the three structural rules are allowed.A ` . Indeed.e. :A ` . However. this kind of ‘proof-theoretic’ interpretation of the tableau rules can be given also in the case of classical tableaux (and was in fact given by Smullyan himself). :A ` .B ` . the ﬁrst work dealing explicitly with tableau methods for substructural logics was done by Michael McRobbie and Nuel Belnap Jr. This implies that ` ::A and. to prove that ` A we prove. regarding a closed tableau as a failed attempt to construct a countermodel. as opposed to that of Smullyan which is semantical’ [McRobbie and Belnap. that ` A. This approach has been recently extended by the same authors with the collaboration of Robert Meyer to the system of Linear Logic [1995].B ` .A _B ` . the so-called ‘multiplicatives’ being associated with the context-free rules and the ‘additives’ with the context-dependent versions. their method is ‘purely proof-theoretic in character. In the case of classical logic. [1979. As remarked in Chapter 2. is given by socalled left-handed sequent system. disjunction and negated conjunction) with the following equivalent version where the sequences of ‘sideformulae’ and are identical in both premiss: (14) . we can replace the two-premiss rules (for conditional.408 MARCELLO D’AGOSTINO. indeed. The link between the ‘ofﬁcial’ sequent-based formulation of the logics under consideration and the proof-theoretic tableau methods for them. :A is inconsistent. Gentzen’s system LK can be reformulated in terms of sequents in which the succedent is always empty. :(A ^ B ) ` . meaning by this that the justiﬁcation of their approach relies entirely on the corresponding substructural sequent calculi. DOV GABBAY. The rules of a left-handed sequent system for classical logic are given in Table 1. 187]. the context-dependent and the context-free version of the rules are by no means identical and. the rules of Smullyan’s tableaux are obtained simply by reading the sequent rules upside-down and omitting the side-formulae. So. that . their tableau rules can be seen as a rewriting of (suitable variants) of the sequent rules.

This basic observation leads straight to McRobbie and Belnap’s ‘relevant tableaux’. A.A_ B ` Negated disjunction1 .B ` . In the ﬁgure the sign indicates that the corresponding node has been used. Consider. called R.A^ B ` Negated conditional .A ` .B ` . 1979] dealt with the multiplicative operators. the classical tableau for the implicational formulap corresponding to the Weakening rule (displayed in Figure 1). :A ` . :(A ! B ) ` Conjunction1 .A ` . :g fragment of Anderson and Belnap’s main system of relevance logic. ::A ` Contraction . given the involutive property of negation which holds in the most popular systems of relevance logics. for instance.TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 409 A XIOM A.e. ` . :B ` :(A _ B ) ` Disjunction . B.B ` . these operators can all be deﬁned in terms of ! and :. :A ` S TRUCTURAL RULES Exchange .A ` O PERATIONAL RULES Double negation Conditional . .A ! B ` . A left-handed version of Gentzen’s LK 2. :A ` . A ` . formulae which are not used in the derivation of the conclusion. As remarked above. . .1 Proof-theoretic Tableaux for Relevance Logics The ﬁrst paper on tableaux for Relevance Logic [McRobbie and Belnap. ` . :B ` . It is therefore quite natural to think of relevant tableaux as special cases of classical tableaux with the global requirement that all formula-occurences are used at least once as premisses of some rule-application (including the closure rule). The tableau is . A. :B ` . A.A ` Weakening ` . B. :(A ^ B ) ` . is obtained by restricting the operational rules of Table 1 to the rules for ! and : and by dropping the Weakening rule.A ` .A ^ B ` Conjunction2 Negated conjunction . which is responsible for the introduction of irrelevancies in classical (and intuitionistic) reasoning. namely a tableau rule has been applied to the formula-occurrence with which it is labelled. A suitable left-handed Gentzen’s system for the f!. A. i. :A ` :(A _ B ) ` Negated disjunction2 Table 1.

are ‘built in’ . This corresponds to the context-free format of the conditional rule where the sequence of side formulae in the conclusion of the sequent rule is split into the two sequences ( and ) which occur in the premisses. each node is used at least once (notice that node 4 is used twice as premiss of the closure rule on different branches).e. Notice that in this tableau method the allowed structural rules of the sequent calculus. i. The equivalence between such a tableau method and the left-handed Gentzen system for the same fragment is rather straightorward (a rigorous proof can be found in [McRobbie and Belnap. there is no guarantee that each tableauconstruction is good. A tableau for the Weakening axiom. let us instead consider the formula corresponding to the structural rule of Contraction. To stick to pure implicational formulae. and not on every branch. KRYSIA BRODA 1 :(P ! (Q ! P )) p p 2 P 3 :(Q ! P ) p 4 Q 5 :P p Figure 1. 1979]): the sequence of formulae on each branch correspond to the antecedent of a sequent and each tableau-expansion rule applied to a node m corresponds to an application of the corresponding sequent rule for the formula labelling m. since it does not satisfy the global requirement of use (the formula-occurence in node 4 is not used). that every tableau for the initial sequence of formulae can . and the Contraction rule to the freedom of using a node more than once (as we do in Figure 2). So. namely Exchange and Contraction. This tableau is closed classically but not relevantly classically closed. In Figure 2 we show a tableau for this formula which is closed both classically and relevantly. It must be stressed that each node is required to be used at least once in the whole tree. The Exchange rule corresponds to the freedom of using nodes occurring anywhere in the branch. Observe that in the relevant tableaux of McRobbie and Belnap. :g fragment of R is nothing but a classical tableau satisfying the use requirement. In Figure 3 we show another example of a relevantly closed tableau involving the negation operator. DOV GABBAY.410 MARCELLO D’AGOSTINO. since it satisﬁes the use requirement.e. but it is not closed relevantly. i. a relevant tableau for the f!.

This tableau is closed both classically and relevantly .TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 411 1 :((P ! (P ! Q)) ! (P ! Q)) p p 2 P ! (P ! Q) 3 :(P ! Q) p p p 4 P 5 :Q p 7 6 :P p 8 :P ZZ p P !Q . A tableau for the Contraction axiom. l p 9 Q p Figure 2. l .

412 MARCELLO D’AGOSTINO. to the branch being expanded. It is important to notice that in the context of relevant tableaux we have to stick to the two-conclusion version of the -rule and that repetition of formulae must not be avoided. depending on our needs. DOV GABBAY. We noticed that the second format may be preferable for certain reﬁnements of tableaux (such as regular tableaux). In the context of classical tableaux (see Chapters 2 and 3) this is an instance of the general rule. relevant tableaux lack the conﬂuence property of classical tableaux which plays such an important role in the automation of the method. one after the other. If the application of the branching rule to node 2 (occuring at node 5) is carried out at node 3. each with a single conclusion. KRYSIA BRODA 1 :((P ! Q) ! :(Q ! :P )) p p 2 P !Q 3 :(:Q ! :P ) p p 4 :Q 5 ::P p p 6 P 7 :P p @ @ 8 Q p Figure 3. We considered two alternative formats of this rule: we may have one rule with two conclusions which are appended. or. there is no way to expand the tableau into a relevantly closed one. For instance. The reason is easy to see. in order to avoid repetition of identical formulae in the same branch. A last important remark concerns the formulation of the tableau rules. we may have two rules. consider the proof illustrated in Figure 2. Let us ﬁrst consider the rule for negated conditionals. allowing us to append only one conclusion or both. For instance. In other words. if we applied the one-conclusion version of the -rule to node 3 in the . A relevantly closed tableau for the contraposition law be expanded into a (relevantly) closed tableau whenever there is one. provided that they do not already occur in the branch itself. In the same connection we observed that both the and the rules may be interpreted as allowing the addition of certain formulae to a given branch.

the other ‘multiplicative’ operators. once ^ is replaced with and _ with +.2 we wrote as A B again following Girard’s fancier notation) is deﬁned as :A ! B .B ` . Tableau methods for relevance logics including these operators were formulated for the ﬁrst time in [McRobbie and Belnap.A ` . where the two-premiss rules are the same as the ones in Table 1.2 where we followed the notation introduced by Girard) is deﬁned as :(A ! :B ). can be deﬁned in terms of : and !. i. Similarly. so as to obtain only :P as conclusion and omitting the conclusion Q in node 4. 1984]. Tableau rules for fusion and ﬁssion are obtained immediately by reversing the sequent rules: (15) A B A B :(A B ) :A :B :(A + B ) :A :B A+B A B Let us now turn our attention to the rules for the ‘additives’. For instance the rule for fusion requires both A and B to occur in the premiss. we would be able to generate a ‘relevantly’ closed tableau for the positive paradox. while the ‘ﬁssion’ of A and B . the rules for fusion and ﬁssion are the following: & Fusion . but in the absence of Weakening. B ` .e. which are deﬁned by the rules listed above. :B ` :(A + B ) ` The reader should notice that the two-premiss rules have the same form as the context-free rules for disjunction and conjunction given in Table 1. we are faced with two pairs of operators: on the one side we have the ‘additive’ disjunction and conjunction deﬁned by the one-premiss rules in Table 1 and by the contextdependent two-premiss rules in (14). while the onepremiss rules are different. of A and B . Thus. the operators deﬁned by the context-dependent two-premiss rules for conjunction and disjunction given in (14) and by the one-premiss rules given in Table 1. .A+B ` Negated fusion . for the negated ﬁssion rule both :A and :B must occur in the premiss.TABLEAU METHODS FOR SUBSTRUCTURAL LOGICS 413 tableau contained in Figure 1. The ‘fusion’. The justiﬁcation for this choice emerges immediately if one translates A B into :(A ! :B ). Again. As mentioned in the previous section. we have the ‘multiplicative’ versions of these operators. The one-premiss sequent rules given above yield the following tableau rules: . :A. ( is just the same as the operator discussed in Section 1. that the relevantists write as A B . written as A + B (that in Section 1. called ‘fusion’ and ‘ﬁssion’. and so their rules. on the other. . :(A B ) ` Fission Negated ﬁssion . :B ` . this difference would not be sufﬁcient to distinguish fusion from conjunction and ﬁssion from disjunction if all the structural rules were allowed.A B ` . A. :A ` .

and therefore use all the formula-occurrences in on both branches. Cm as additional premisses which can therefore be marked as ‘used’ as well as the occurrence of the main premiss.e. each formula-occurrence which appears in the branch above this application must be used in at least one of the two branches generated by it. A way of combining these two contrasting requirements for the mixed system containing both the multiplicatives and the additives is described in [McRobbie and Belnap.e. . in the multiplicative-free fragment it is necessary that each formula-occurrence is used at least once in each branch.414 MARCELLO D’AGOSTINO. So. . So. A _ B ` we must prove both sequents . C1 . The tableau rules corresponding to the two-premiss sequent rules for the additives are more complicated. : : : . A ` and . B `. while in the additive-free fragment a tableau is relevantly closed if every node is used at least once in the whole tree. and (iii) marking all the ‘old’ copies (as well as the formulaoccurrence to which the rule is applied) as used. . Cm are all the unused formula occurrences appearing in the path up to the node at which the rule is