Maehara-style Modal Nested Calculi

HAL Id: hal-01644750

https://hal.inria.fr/hal-01644750

Submitted on 22 Nov 2017

HAL

is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire

destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Lutz Straßburger, Roman Kuznets

To cite this version:

Lutz Straßburger, Roman Kuznets. Maehara-style Modal Nested Calculi. [Research Report] RR-9123,

Inria Saclay. 2017. �hal-01644750�

ISSN0249-6399ISRNINRIA/RR--9123--FR+ENG

RESEARCH REPORT N° 9123

Novembre 2017 Project-Team Parsifal

Maehara-style Modal Nested Calculi

Roman Kuznets, Lutz Straßburger

RESEARCH CENTRE SACLAY – ÎLE-DE-FRANCE 1 rue Honoré d’Estienne d’Orves Bâtiment Alan Turing

Roman Kuznets

, Lutz Straßburger

Project-Team Parsifal

Research Report n°9123 — Novembre 2017 — 21 pages

Abstract: We develop multi-conclusion nested sequent calculi for the fifteen logics of the intuitionistic modal cube between IKandIS5. The proof of cut-free completeness for all logics is provided both syntactically via a Maehara-style translation and semantically by constructing an infinite birelational countermodel from a failed proof search. Interestingly, the Maehara-style translation for proving soundness syntactically fails due to the hierarchical structure of nested sequents. Consequently, we only provide the semantic proof of soundness. The countermodel construction used to prove completeness required a completely novel approach to deal with two independent sources of non-termination in the proof search present in the case of transitive and Euclidean logics.

Key-words: Nested sequents, intuitionistic modal logics

* Embedded Computing Systems Group of the Institute of Computer Engineering and Theory and Logic Group of the Institute of Computer Languages, Faculty of Informatics, TU Wien, Austria

R´esum´e : Nous dveloppons des calculs des s´equents emboit´es `a plusieurs conclusions pour les quinze logiques du cube modal intuitionniste entre IK et IS5. La preuve de compl´etude sans coupure pour toutes les logiques est fournie `a la fois syntaxiquement via une traduction de style Maehara et s´emantiquement en construisant un contre-mod`ele birelational infini `a partir d’une recherche de preuve rat´ee. Il est int´eressant de noter que la traduction de style Maehara pour prouver la correction syntaxiquement ´echoue en raison de la structure hi´erarchique des squences emboit´es. Par cons´equent, nous ne fournissons que la preuve s´emantique de la correction.

Mots-cl´es : sequents emboˆıt´es, logique modale intuitionniste

1 Introduction

Ever since Gentzen’sLK andLI¹, it is almost considered common knowledge that sequent systems for intuitionistic logic are single conclusion, in other words, one must restrict the succedent to (no more than) one formula. Gentzen [16] himself obtained this as a natural consequence of the natural deduction presentation, which has only one conclusion. In effect, the ability to have several formulas in the succedent was an additional feature introduced by Gentzen to incorporate the principle of the excluded middle. Despite this near-consensus, a multi-conclusion sequent calculus for intuitionistic propositional (and predicate) logic is almost as old as Gentzen’sLI. It was proposed by Maehara [17] as the auxiliary calculusL¹Jused to translate intuitionistic reasoning into classical one. It is hard to divine Maehara’s thinking: the terse language of results, the whole results, and nothing but results was much in vogue at the time. But on the face of it, his system amounts to an observation that most classical sequent rules remain valid intuitionistically, with only a couple of propositional rules requiring the singleton-succedent restriction in the intuitionistic case. Thus, the blanket restriction of succedent to (at most) singleton sets can be seen as an overreaction. Even the interpretation of the succedent as the disjunction of its formulas is retained in Maehara’s calculus.

One possible criticism of this calculus could be that it was introduced as an auxiliary, artificial construct bridging the gap between the natural(-deduction) inspiredLIand the fully symmetricLK.

This criticism is, however, unfounded. It has been noted (see, for instance, the excellent in-depth survey of various intuitionistic calculi by Dyckhoff [8]) that Maehara’s calculus is essentially a notational variant of tableaux from Fitting’s PhD thesis [14] (which Fitting himself attributes to Beth [3]). In fact, the same system can be found in [7] and, according to von Plato [25], a similar system was considered by Gentzen himself.

In other words, this calculus is quite natural, has been discovered by several researchers independently, and has a distinction of correlating with the semantic presentation of intuitionistic reasoning much better thanLI. Indeed, tableau rules are typically read from the semantics, and Beth–Fitting’s destructive tableaux match intuitionistic Kripke models perfectly. It should also be noted that Egly and Schmitt [9] demonstrated thatLI cannot polynomially simulate Maehara’s calculus, meaning that the latter is more efficient with respect to proof search.

The idea of extending intuitionistic reasoning with modalities is equally natural but less straightforward. There have been multiple approaches over the years with each classical modal logic receiving several alternative intuitionizations. We refer the reader to Simpson’s PhD [23] for the discussion of these approaches and concentrate on what eventually became officially known asintuitionistic modal logics. Just like for their classical counterparts, one can talk about the intuitionistic modal cube consisting of 15 logics. And just like their classical brethren, ordinary sequent systems seem inadequate to describe these logics, butnested sequent systems [5] exist for all of them [24]. A nested sequent is a tree of ordinary sequents, referred to assequent nodes. The tableau analog of nested sequents is prefixed tableaux [13], the underlying idea being that the tree structure of a sequent is homomorphically embedded into the accessibility structure of a Kripke model.

The nested sequent calculi in [24, 18, 6] for intuitionistic modal logics are all globally single- conclusion: exactly one of the sequent nodes is allowed to have a non-empty succedent, and it contains exactly one formula. One can say that they are the modalizations of LI in that the propositional rules are local and identical to those inLIif the rest of the nested structure is ignored.

The goal of this paper is to construct a modalization of the Maehara-style calculus with propositional rules conforming to the birelational semantics of intuitionistic modal logics. We formulate the calculi for the 15 intuitionistic modal logics and prove their completeness in two alternative ways:

1. by a syntactic translation from the single-conclusion calculi of [24] and 2. by a direct semantic proof of cut admissibility.

The syntactic-translation method originally employed by Maehara in [17] for translating from multi-conclusion systems to single-conclusion systems is not applicable in the setting of nested

1This calculus has been erroneously calledLJalmost since the beginning. The mistake is due to the peculiarities of the S¨utterlin handwriting used by Gentzen.LIwith ”I” standing for the German wordintuitionistischethe same way as ”K” stands for the German wordklassischeinLKcertainly makes much more sense thanLJ(for more details, see [25, p. 83]).

d: AĄ3A @w.Dv. wRv pserialq t: pAĄ3Aq ^ pAĄAq @w. wRw preflexiveq b: pAĄ3Aq ^ p3AĄAq @w.@v. wRvĄvRw psymmetricq 4: p33AĄ3Aq ^ pAĄ Aq @w.@v.@u. wRv^vRuĄwRu ptransitiveq 5: p3AĄ3Aq ^ p3AĄAq @w.@v.@u. wRv^wRuĄvRu pEuclideanq Figure 1: Intuitionistic modal axiomsd,t,b,4, and5with corresponding frame conditions

sequents because formulas in the succedent of the sequent can occur in various places in the nested sequent tree, and there is no immediate equivalence to their disjunction as it is the case with ordinary sequents. Also the method by [9] that is based on rule permutations does not work in our case, again, because the formulas in the succedent do not necessarily occur in the same sequent node. For this reason, we prove soundness for our multi-conclusion systems by a direct semantic argument.

This paper is organized as follows. First, in Section 2 we recall the syntax and semantics of intuitionistic modal logics, and in Section 3 we present our nested sequent systems, and we show completeness of the multi-conclusion systems by using completeness of the single-conclusion systems shown in [24]. Then we show semantically in Sections 4 the soundness of the multi- conclusion systems, and finally, in Section 5, we give a semantic argument for the completeness of the multi-conclusion system with respect to the birelational Kripke models.

2 Syntax and Semantics of Intuitionistic Modal Logics

Definition 2.1 (Language of intuitionistic modal logic). We start from a countable set A of propositional variables (oratoms). Then the setMofformulas of intuitionistic modal logic (IML) is generated by the grammar

M::“A| K | pM^Mq | pM_Mq | pMĄMq |M|3M

We denote atoms by lowercase Latin letters, like a, b, c, and formulas by capital Latin letters, likeA,B,C. Negation can be defined as A:“AĄ K, and the constantJis defined asJ:“ K.

Definition 2.2 (LogicIK). A formula is a theorem ofIK, anintuitionistic variant of the modal logicK, if it can be derived from the axioms of intuitionistic propositional logic (IPL) extended with thek-axioms

k1: pAĄBq Ą pAĄBq , k2: pAĄBq Ą p3AĄ3Bq , k3: 3pA_Bq Ą p3A_3Bq ,

k₄: p3AĄBq ĄpAĄBq , and k₅: 3K Ą K

(1)

using the rules

nec^´´´A^´

A and A AĄB

mp^´´´´´´´´´´´´´´´

B (2)

callednecessitation andmodus ponensrespectively.

Note that in the classical case the axiomsk2–k5from (1) would follow fromk1, but due to the lack of De Morgan duality, this is not the case in intuitionistic logic.

This variant ofIKhas first been studied in [11, 21] and investigated in detail in [23]. There exist other intuitionistic variants ofK, e.g., [12, 22, 4, 20], the most prominent being the one which has only the axiomsk1andk2from (1). There is now consensus in the literature to call this variant constructive modal logic, e.g., [1, 19, 2].

Besides the axioms (1) we also consider the axiomsd,t,b,4, and5shown in the left column of Figure 1. By adding a subset of these five axioms, we cana priori define 32 different logics. But some of them coincide, so that we get (as in the classical case) only 15 different logics that can be organized in the intuitionistic version of the “modal cube” [15], which is shown in Figure 2.

IS4˝

˝^IS5

IT˝

ITB˝

ID4˝

˝ID45

˝

ID5

˝

ID ˝IDB

IK4˝

˝IK45 ˝_IKB5

˝IK5

IK˝ ˝

IKB

Figure 2: The intuitionistic “modal cube”

Definition 2.3(LogicsIK`X). For any XĎ td,t,b,4,5u, the logicIK`X is obtained fromIK by adding all axioms in X. We typically simplify the name of the logic by dropping the plus and capitalizing the names of axioms that are letters. For example, the logicID45in Figure 2 is IK` td,4,5u. Additionally,IS4:“IK` tt,4uandIS5:“IK` tt,4,5u. We writeIK`X$Ato state thatAis a theorem ofIK`X.

Definition 2.4(45-closure). A setXĎ td,t,b,4,5uis called45-closedif the following two conditions are fulfilled:

1. ifIK`X$4, then4PX;

2. ifIK`X$5, then5PX.

The45-closure ofX, denoted by ˆX, is the smallest 45-closed set that containsX.

Let us now recall thebirelational models [21, 10] for intuitionistic modal logics, which are a com- bination of the Kripke semantics for propositional intuitionistic logic and for classical modal logic.

Definition 2.5 (Birelational semantics). A frame xW,ď, Ry is a non-empty set W of worlds together with two binary relations ď, R Ď W ˆW, where ď is a preorder (i.e., reflexive and transitive), such that the following two conditions hold:

(F1) For allw, v, v¹, ifwRv andvďv¹, then there is aw¹ such thatwďw¹ andw¹Rv¹. (F2) For allw¹, w, v, ifwďw¹ andwRv, then there is av¹ such thatw¹Rv¹ andvďv¹.

A(birelational) model Mis a quadruplexW,ď, R, Vy, wherexW,ď, Ryis a frame, andV, called thevaluation, is a monotone function from theď-ordered setxW,ďyof worlds into the setx2^A,Ďy of subsets of propositional variables ordered by inclusion. ValuationV maps each worldwto the set of propositional variables that are true inw. We writeM, w,aifaPVpwq. The relation,is extended to all formulas as follows:

ˆ M, w. K;

ˆ M, w,A^B iff M, w,A andM, w,B;

ˆ M, w,A_B iff M, w,A orM, w,B;

ˆ M, w,AĄB iff for allw¹ěwwe have thatM, w¹,AimpliesM, w¹ ,B;

ˆ M, w,A iff for allw¹, v¹ PW withw¹ěwandw¹Rv¹ we haveM, v¹,A;

ˆ M, w,3A iff there is avPW such thatwRv andM, v,A.

WhenM, w,Awe say that wforces A inM. We writeM, w.A(wdoes not force Ain M) if M, w,Adoes not hold. Whenever omit the name of the modelMwhen it does not create confusion.

In particular, note thatw, Jfor all worldswin all models. It is easy to show that:

Proposition 2.6(Monotonicity). Ifwďw¹ andM, w,A, thenM, w¹,A.

Definition 2.7 (Validity for formulas). We say that a formulaA is valid in a model Mand write M,Aif every world inMforcesA.

Definition 2.8(X-model andX-validity for formulas). LetXĎ td,t,b,4,5uandM“ xW,ď, R, Vy be a birelational model. If the relationR obeys all frame conditions in the second column of Figure 1 that correspond to the axioms inX, then we callMan X-model. We say that a formulaA isX-valid and writeX,AifAis valid in everyX-model.

Theraison d’ˆetre of the birelational models is the following theorem, for which a proof can be found in [23].

Theorem 2.9(Soundness and completeness). For anyXĎ td,t,b,4,5u, a formulaA is a theorem of IK`Xif and only if it is valid in allX-models, i.e.,

IK`X$A ðñ X,A .

If we collapse the relationďby lettingwďv iffw“v we obtain the standard Kripke models for classical modal logics.

3 Nested Sequents for Modal Logics

Ordinary one-sided sequents are usually multisets of formulas separated by commas:

A1, . . . , An . (3)

The intended meaning of such a sequent is given by itscorresponding formula A₁_ ¨ ¨ ¨ _A_n .

Ordinary two-sided sequents are pairs of such multisets of formulas usually separated by the sequent arrowñ. The corresponding formula of a two-sided sequent

B1, B2, . . . , BhñC1, C2, . . . , Cl (4) is the formula

B1^B2^ ¨ ¨ ¨ ^BhĄC1_C2_ ¨ ¨ ¨ _Cl .

In their original formulation for classical modal logics,nested sequents are a generalization of ordinary one-sided sequents: a nested sequent is a tree whose nodes are multisets of formulas. More precisely, it is of the form

A1, . . . , An,rΓ1s, . . . ,rΓms (5) whereA₁, . . . ,A_n are formulas and Γ₁, . . . , Γ_mare nested sequents. The corresponding formula for the sequent in (5) in the classical case is

A1_ ¨ ¨ ¨ _An_fmpΓ1q _ ¨ ¨ ¨ _fmpΓmq

wherefmpΓiqis the corresponding formula of Γi foriP t1, . . . , mu. In the following, we just write sequent for nested sequent.

Definition 3.1 (Sequent tree). For a sequent Γ we writetrpΓqto denote itssequent treewhose nodes (calledsequent nodes from now on and denoted by lowercase Greek letters, like γ,δ, σ) are multisets of formulas. We slightly abuse the notation and writeγPΓ instead ofγPtrpΓq.

trpΓq:“

A1, . . . , Ak

trpΓ1q trpΓ2q ¨ ¨ ¨ trpΓnq

(6)

Thedepth of a sequent is defined to be the depth of its tree.

For capturing intuitionistic logic, we need “two-sided” nested sequents. For this, we follow [24]

and assign each formula in the nested sequent a uniquepolarity that can be either‚forinput/left polarity (representing “being in the antecedent of the sequent” or “on the left of the sequent arrow, if there were a sequent arrow”), and˝foroutput/right polarity (representing “being in the succedent of the sequent” or “on the right of the sequent arrow, if there were a sequent arrow”).

Definition 3.2(Two-sided nested sequent). A two-sided nested sequent is of the shape

B₁^‚, . . . , B_h^‚, C₁^˝. . . , C_l^˝,rΓ₁s, . . . ,rΓ_ms (7) whereB₁, . . . , B_h, C₁, . . . , C_l are formulas and Γ₁, . . . ,Γ_m are two-sided nested sequents.

In a classical setting, the corresponding formula of (7) is simply

B1^ ¨ ¨ ¨ ^BhĄC1_ ¨ ¨ ¨ _Cl_fmpΓ1q _ ¨ ¨ ¨ _fmpΓmq . (8) However, in the intuitionistic setting, the situation is not as simple. The systems presented in [24, 18, 6] follow Gentzen’s idea of having exactly one formula of output polarity in the sequent.

Such a sequent is generated by the grammar

Definition 3.3(Single-conclusion two-sided nested sequent).

Λ ::“∅|Λ, B^‚|Λ,rΛs Γ ::“Λ, C^˝|Λ,rΓs (9) In (9), Λ stands for a sequent that contains only formulas with input polarity, and Γ for a sequent that contains exactly one formula with output polarity. Thecorresponding formula of a sequent in (9) is defined as follows:

fmp∅q:“ K ,

fmpΛ, B^‚q:“fmpΛq ^B , fmpΛ,rΛ¹sq:“fmpΛq ^3fmpΛ¹q ,

fmpΛ, C^˝q:“fmpΛq ĄC , fmpΛ,rΓsq:“fmpΛq ĄfmpΓq .

(10)

Unfortunately, it seems impossible to give such a corresponding formula for a multi-conclusion sequent in the intuitionistic setting. For this reason, in the next section we provide an alternative definition of validity for multi-conclusion sequents.

The next step is to show the inference rules. But before we can do so, we need to introduce an additional notation.

Definition 3.4(Sequent context). A(sequent) context is a nested sequent with a holet u, taking the place of a formula. Contexts are denoted by Γt u, and Γt∆uis the sequent obtained from Γt u by replacing the occurrence oft uwith ∆. We write ΓtHufor the sequent obtained from Γt uby removing thet u(i.e., the hole is filled with nothing).

Definition 3.5 (Multi-conclusion nested sequent calculi NKK`X for classical modal logics).

Figure 3 shows the system for the classical modal logicK, which is just the two-sided version of Br¨unnler’s system [5] (see also [18]), extended with the rules forKandĄ.² Then, Figure 4 shows the rules for the axiomsd,t,b,4, and5from Figure 1. ForXĎ td,t,b,4,5uwe writeX^‚ andX^˝to be the corresponding subsets oftd^‚,t^‚,b^‚,4^‚,5^‚uandtd^˝,t^˝,b^˝,4^˝,5^˝urespectively. Then we write

NKK`X:“NKKYX^‚YX^˝ .

As usual, we denote derivability in these and other nested sequent calculi by using$.

Theorem 3.6(Br¨unnler [5]). For a 45-closed setXĎ td,t,b,4,5u,NKK`Xis sound and complete w.r.t. the classical modal logicK extended with the axioms X.

2We use here a system with explicit contraction and the additive versions for^and_because in this way the two intuitionistic systems we show later are just restrictions of the classical system.

K^{‚´´´´´´´´}

ΓtK^‚u id^{´´´´´´´´´´´} Γta^‚, a^˝u

ΓtA^‚, A^‚u c^{‚ ´}´´´´´´´´´´´´

ΓtA^‚u

ΓtA^˝, A^˝u c^˝´´´´´´´´´´´´´

ΓtA^˝u

ΓtA^‚u

^^‚´´´´´´´´´´´´´´

ΓtA^B^‚u

ΓtA^˝u ΓtB^˝u

^^˝´´´´´´´´´´´´´´´´´´´

ΓtA^B^˝u

ΓtA^˝u ΓtB^‚u Ą^‚´´´´´´´´´´´´´´´´´´´

ΓtAĄB^‚u

ΓtA^‚, B^˝u Ą^˝´´´´´´´´´´´´´´

ΓtAĄB^˝u

ΓtB^‚u

^^‚´´´´´´´´´´´´´´

ΓtA^B^‚u

ΓtA^˝u _^˝´´´´´´´´´´´´´´

ΓtA_B^˝u

ΓtrA^‚,∆su

‚´´´´´´´´´´´´´´´´

ΓtA^‚,r∆su

ΓtrA^˝su

˝´´´´´´´´´´

ΓtA^˝u

ΓtA^‚u ΓtB^‚u _^‚´´´´´´´´´´´´´´´´´´´

ΓtA_B^‚u

ΓtB^˝u _^˝´´´´´´´´´´´´´´

ΓtA_B^˝u

ΓtrA^‚su 3^{‚´´´´´´´´´´} Γt3A^‚u

ΓtrA^˝,∆su 3^˝´´´´´´´´´´´´´´´´

Γt3A^˝,r∆su

Figure 3: SystemNKK ΓtrA^˝su

d^{˝´´´´´´´´´´} Γt3A^˝u

ΓtA^˝u t^{˝´´´´´´´´´´}

Γt3A^˝u

Γtr∆s, A^˝u b^˝´´´´´´´´´´´´´´´´

Γtr∆,3A^˝su

Γtr3A^˝,∆su 4^˝´´´´´´´´´´´´´´´´

Γt3A^˝,r∆su

ΓtHut3A^˝u 5^˝´´´´´´´´´´´´´´´´

Γt3A^˝utHu ΓtrA^‚su

d^{‚´´´´´´´´´´} ΓtA^‚u

ΓtA^‚u t^{‚´´´´´´´´´´}

ΓtA^‚u

Γtr∆s, A^‚u b^‚´´´´´´´´´´´´´´´´

Γtr∆,A^‚su

ΓtrA^‚,∆su 4^‚´´´´´´´´´´´´´´´´

ΓtA^‚,r∆su

ΓtHutA^‚u 5^‚´´´´´´´´´´´´´´´´

ΓtA^‚utHu

Figure 4: Rules for the axioms in Figure 1;5^˝ and5^‚ have provisodepthpΓt utHuq ě1.

We can now straightforwardly obtain an intuitionistic variant of the systemNKKby demanding that each sequent occurring in a proof contains exactly one output formula. Note that almost all rules in Figures 3 and 1 preserve this property when going from conclusion to premise, and can therefore remain unchanged. There are only two rules that violate this condition:c^˝ andĄ^‚. We therefore forbid the use ofc^˝ and changeĄ^‚ in that we delete the old output formula in the left premise.

Definition 3.7(Single-conclusion nested sequent calculiNIKs`Xfor intuitionistic modal logics).

NIKs:“NKKztc^˝,Ą^‚u Y tĄ^‚_su , whereĄ^‚_s is the rule

Γ^ÓtA^˝u ΓtB^‚u Ą^‚_s ^´´´´´´´´´´´´´´´´´´´

ΓtAĄB^‚u (11)

with Γ^Ót ustanding for the context Γt uwith all output formulas removed. For eachXĎ td,t,b,4,5u, we define

NIKs`X:“NIKsYX^‚YX^˝ . Another rule that we use in this paper is

Γtr su drs ´´´´´´´

Γt∅u .

We writeNIKs`X<sup>1</sup> for the system obtained fromNIKs`Xby replacing the two rulesd^‚ andd^˝ with the ruled^rs if they are present:

NIKs`X¹:“

#

NIKs`Xztd^‚,d^˝u Yd^rs ifdPX ,

NIKs`X otherwise.

(In a similar way we can defineNKK`X¹.)

Theorem 3.8 (Straßburger, [24]). For a 45-closed set XĎ td,t,b,4,5u,NIKs`X<sup>1</sup> is sound and complete w.r.t. the intuitionistic modal logic IK`X.³

3In [24], the theorem is incorrectly stated forNIKs`X. However, in the absence ofc^˝, the ruled^rsis not admissible in the general case (see Lemma 3.11 below).

The proof in [24] is done via cut elimination where the cut rule is shown on the left below:

Γ^ÓtA^˝u ΓtA^‚u cut_s´´´´´´´´´´´´´´´´´´

ΓtHu , ΓtA^˝u ΓtA^‚u

cut_m´´´´´´´´´´´´´´´´´´

ΓtHu . (12)

The variant of the cut rule on the right above is the version for the systems without the restriction of having only one output formula in a sequent.

This brings us to the actual purpose of this paper: multiple-conclusion systems for the logics IK`X, in the style of Maehara [17].

Definition 3.9(Multi-conclusion nested sequent calculiNIKm`XandNIKm`X¹for intuitionistic modal logics). As before, we start from the classical system and define

NIKm“NKKztĄ^˝,

˝u Y tĄ^˝_m,

˝ mu where the rulesĄ^˝_m and

˝

mare given below and Γ^Ót uis defined in Definition 3.7:

Γ^ÓtA^‚, B^˝u Ą^˝_m^´´´´´´´´´´´´´

ΓtAĄB^˝u , Γ^ÓtrA^˝su

˝m´´´´´´´´´´

ΓtA^˝u . (13)

Then, the systemsNIKm`XandNIKm`X¹ are defined analogously toNIKs`XandNIKs`X¹. In all these systems, the weakening rule

wΓtHu´´´´´´

Γt∆u is depth-preserving admissible:

Lemma 3.10 (dp-admissibility of weakening). Let XĎ td,t,b,4,5u. Then the weakening rule w is depth-preserving admissible in NKK`X, in NIKs`X, and in NIKm`X, i.e., if ΓtHuhas a proof, then Γt∆uhas a proof of at most the same depth.

Proof. The proof is a straightforward induction on the depth of the derivation (see [5] for details).

The following lemma clarifies the relationship between the ruled^rs and the rulesd^‚andd^˝. Lemma 3.11. Let XĎ td,t,b,4,5u. If dPXthen d^rs is admissible in NKK`Xand in NIKm`X.

Furthermore,d^‚ and d^˝ are derivable in td^rs,

‚,3^˝u.

Proof. The proof of the first statement is by induction on the derivation depth with case distinction based on the last rule used in this derivation. It is obvious that the empty bracket can be removed from any initial sequent. For most rules, the statement for the conclusion easily follows from the IH for the premises. If the bracket to be removed became empty because the last rule was

‚ with

∆“∅, then these

‚ followed byd^rs can be replaced withd^‚. This also proves the derivability ofd^‚ from

‚ andd^rs. Similarly,3^˝with ∆“∅followed byd^rs can be replaced withd^˝, making the latter derivable from3^˝ andd^rs. The cases for the rules 4^˝,4^‚,5^˝, and5^‚ are similar. We only show the transformation for5^˝:

Γt∅utr3A^˝su 5˝ ´´´´´´´´´´´´´´´´

Γt3A^˝utr su drs ´´´´´´´´´´´´´´´

Γt3A^˝ut∅u

ù

Γt∅utr3A^˝su w´´´´´´´´´´´´´´´´´´´´´

Γt∅utr3A^˝, A^˝su 5˝ ´´´´´´´´´´´´´´´´´´´´´

Γt3A^˝utrA^˝su d˝ ´´´´´´´´´´´´´´´´´´

Γt3A^˝ut3A^˝u 5˝ ´´´´´´´´´´´´´´´´´´´´´

Γt3A^˝,3A^˝ut∅u c˝ ´´´´´´´´´´´´´´´´´´´´´

Γt3A^˝ut∅u

Note that the first transition is by weakening, which is admissible in all our systems by Lemma 3.10, and that the proviso for both applications of5^˝ in the transformed derivation is satisfied whenever it is satisfied in the original derivation.

Remark 3.12. Lemma 3.11 fails to hold forNIKs`Xbecause of the absence ofc^˝. Below is an example of a derivation from whichd^rs cannot be eliminated:

id^{´´´´´´´´´´´} rra^˝, a^‚ss 3˝ ´´´´´´´´´´´´´

r3a^˝,ra^‚ss 3˝ ´´´´´´´´´´´´´´´

33a^˝,rra^‚ss K‚ ´´´´´´´´´´´´´´´

K^‚,rra^‚, b^˝ss Ą^‚_s ^´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´

33aĄ K^‚,rra^‚, b^˝ss Ą˝ ´´´´´´´´´´´´´´´´´´´´´´´´´

33aĄ K^‚,rraĄb^˝ss d˝ ´´´´´´´´´´´´´´´´´´´´´´´´´´´´

33aĄ K^‚,r3paĄbq^˝s 4˝ ´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´

33aĄ K^‚,3paĄbq^˝,r s drs ´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´

33aĄ K^‚,3paĄbq^˝ Ą˝ ´´´´´´´´´´´´´´´´´´´´´´´´´´´´

p33aĄ Kq Ą3paĄbq^˝

In all systems presented so far, the identity rule idis restricted to atomic formulas, but the general form is derivable.

Proposition 3.13 (Non-atomic initial sequents). For every formula A and every appropriate context Γt u, the sequent

ΓtA^‚, A^˝u is derivable in NKK, in NIKs, and in NIKm.

Proof. By a straightforward induction on A.

Remark 3.14. The appropriateness of the context only plays a role forNIKs, where Γt uis not allowed to contain output formulas.

Maehara shows [17] the equivalence of his multiple conclusion system to Gentzen’s single conclusion system from [16] by translating a multiple conclusion sequent into a single conclusion sequent whereby the multiple formulas on the right are replaced by one, their disjunction. This is not possible in the nested sequent setting because “the formulas on the right” are generally scattered all over the sequent tree.

However, one direction is straightforward:

Theorem 3.15 (Translation from single- to multi-conclusion). Let XĎ td,t,b,4,5uand Γbe a single-conclusion sequent.

NIKs`X$Γ ùñ NIKm`X$Γ , NIKs`X<sup>1</sup> $Γ ùñ NIKm`X¹ $Γ .

Proof. The only rule inNIKs`X(resp.NIKs`X¹) that is not an instance of a rule inNIKm`X (resp.NIKm`X¹) isĄ^‚_s. But it can be derived usingĄ^‚ and weakening. Thus, the theorem follows

from Lemma 3.10.

Corollary 3.16. Let XĎ td,t,b,4,5u. If a sequent Γis provable in NIKs`Xor in NIKs`X¹, then Γis also provable both in NIKm`Xand in NIKm`X¹.

Proof. This follows immediately from Theorem 3.15 using Lemma 3.11.

Note that in Corollary 3.16, it is implicitly assumed that the sequent Γ has exactly one output formula because otherwise it could not be the endsequent of a correct derivation inNIKs`Xor NIKs`X¹.

Corollary 3.17(Formula-level completeness ofNIKm`XandNIKm`X¹). For a 45-closed set XĎ td,t,b,4,5u,

X,B ùñ NIKm`X$B<sup>˝</sup> , X,B ùñ NIKm`X¹ $B^˝ .

Proof. If B is X-valid, thenB^˝ is derivable in NIKs`X<sup>1</sup> by Theorem 3.8. Thus, B<sup>˝</sup> is derivable both inNIKm`Xand inNIKm`X¹ by Corollary 3.16.

4 Semantic Proof of Soundness

In this section we show that every rule inNIKm`Xis sound with respect to X-models. For this, we first have to extend the notion of validity from formulas to sequents.

Definition 4.1(M-map). For a sequent Γ and a birelational modelM“ xW,ď, R, Vy, anM-map for Γ is a mapf: trpΓq ÑW from nodes of the sequent tree to worlds in the model such that, wheneverδis a child ofγ intrpΓq, thenfpγqRfpδq.

Definition 4.2 (Forcing for sequents). A sequent Γ issatisfied by an M-map f for Γ, written f ,Γ, iff

M, fpγq ,A for allA^‚PγPΓ ùñ M, fpδq ,B for someB^˝PδPΓ . If Γ is not satisfied byf, it isrefuted by it.

Remark 4.3. This definition works for both single- and multi-conclusion sequents.

Definition 4.4(X-validity for sequents). For everyXĎ td,t,b,4,5u, a sequent Γ isX-valid, written X,Γ, iff it is satisfied by allM-maps for Γ for all X-modelsM. A sequent isX-refutable iff there is anM-map for anX-modelMthat refutes it.

Lemma 4.5(Sequent validity extends formula validity). A formulaB isX-valid in all X-models if and only if the sequentB^˝ is:

X,B ðñ X,B^˝ . Proof. This follows immediately from the definition of validity.

Theorem 4.6 (Soundness). For any XĎ td,t,b,4,5u,

NIKm`X$Σ ùñ X,Σ .

Proof. We prove the contrapositive: if Σ is X-refutable, then NIKm`X does not prove Σ. To demonstrate this, it is sufficient to show that, whenever the conclusion of a rule fromNIKm`Xis X-refutable, then so is at least one of the premises of this rule.

LetM“ xW,ď, R, Vybe an arbitraryX-model andf be an arbitraryM-map for the conclusion Γ of a given rule. Let γ PΓ be the node with the hole of this rule. Since the model M is never modified, we omit its mentions in this proof. Note that anM-map refutes a sequent iff it maps its nodes into worlds ofMin a way that makes all input formulas forced and all output formulas not forced.

Initial sequents. The statement is vacuously true for K^‚ and id because neither ΓtK^‚u nor Γta^‚, a^˝ucan be refuted in any birelational model.

Local propositional rules_^‚,^^‚, Ą^‚,_^˝,^^˝. Since propositional rules (including contraction rules) are local in that they act within one node of the sequent tree, the node we calledγ, the proof for them is analogous to the case of propositional intuitionistic logic. Namely, for all propositional rules exceptĄ^˝_m, for any birelational modelM, anyM-map refuting the conclusion must refute one of the premises. Consider, for instance, an instance of the rule_^‚ and anM-mapf that refutes its conclusion ΓtA_B^‚u. In particular, it forces all input formulas from Γt u, forces none of output formulas from Γt u (each formula at the world assigned byf), and satisfiesfpγq ,A_B. For the latter to happen, eitherfpγq ,A, makingf refute the left premise ΓtA^‚u, or fpγq ,B, in which case it is the right premise ΓtB^‚uthat is refuted by f.

RuleĄ^˝_m. Assume that all input formulas in the conclusion of the rule Γ^ÓtB^‚, C^˝u

Ą^˝_m^´´´´´´´´´´´´´

ΓtBĄC^˝u

are forced and all output formulas are not forced by anM-map f in their respective worlds, in particular,fpγq .BĄC. Then there exists a worldw ěfpγqwhere w,B and w.C. It is

easy to show using (F1) and (F2) that there exists anotherM-mapg for the conclusion such that gpγq “wandgpδq ěfpδqfor each node δPΓtBĄC^˝u. By monotonicity (Proposition 2.6), all input formulas in the conclusion are also forced byg in their respective worlds. Since additionally gpγq ,B andgpγq .C, it follows that in the premise all input formulas are forced and the only output formula,C, is not forced bygin their respective worlds. Thus, the constructedg refutes the premise in the same model.

Rules

‚,3^˝,t^‚,t^˝, b^‚,b^˝,4^˝, and5^˝. Although these rules are not local in that they affect two nodes of the sequent tree, their treatment is much the same as that of propositional rules: any M-map refuting the conclusion must also refute the premise. Consider, for instance,

Γtr3A^˝,∆su 4˝ ´´´´´´´´´´´´´´´

Γt3A^˝,r∆su .

Assume that all input formulas in the conclusion are forced and all output formulas are not forced by anM-mapf in their respective worlds of a transitive modelM, in particular,fpγq .3A. Let δbe the node corresponding to the displayed bracket. Note thatfpγqRfpδq. Consider any world w such that fpδqRw. Then, by transitivity, fpγqRw and w. A. We have shown that w .A wheneverfpδqRw. Thus, fpδq .3A, which is sufficient to demonstrate thatf refutes the premise of the rule. We also show the argument for

ΓtHut3A^˝u 5˝ ´´´´´´´´´´´´´´´

Γt3A^˝utHu .

Assume that all input formulas in the conclusion are forced and all output formulas are not forced by anM-mapf in their respective worlds of a Euclidean modelM, in particular,fpγq .3Afor the displayed3Ain the conclusion (hereγis node with the hole containing the principle formula). Let δbe the nodes containing the other hole andρbe the root of the sequent tree. ThenfpρqR^kfpγq andfpρqR^lfpδqfor somek, lě0. Moreover, the proviso for the rule demands thatką0. Consider any worldwsuch thatfpδqRw. Then bothfpγqandw are accessible fromfpρqin one or more Rsteps. It is an easy corollary of Euclideanity thatfpγqRw, meaning thatw.A. We have shown thatw.AwheneverfpδqRw. Thus,fpδq .3A, which is sufficient to demonstrate thatf refutes the premise of the rule.

Rules4^‚ and 5^‚ are similar in nature but require an additional consideration in the proof. We explain it on the example of

ΓtrA^‚,∆su 4‚ ´´´´´´´´´´´´´´´

ΓtA^‚,r∆su .

As in the case of4^˝, we deal with two nodes: parentγ and its childδ, the latter corresponding to the displayed bracket. We assume thatfpγq ,A and need to show thatfpδq ,A. The difference lies in the fact that apart from worlds accessible fromfpδqitself, as in the case of4^˝, we have to consider also worlds accessible from futures offpδq. However, the condition (F1) and transitivity ensure that any world accessible from a future offpδq is also accessible from some future offpγqmaking it possible to apply the assumption.

Rules3^‚,d^‚, andd^˝. All these rules are similar to the majority of modal rules, except for the fact that one needs to choose a new world for the premise. For rulesd^‚andd^˝, this world is chosen as any world accessible fromfpγqby seriality. For the rule3^‚, the assumption is that3Ais forced atfpγq, which implies that there exists an accessible world forcingA, and it is this world that is chosen for the extra node in the sequent tree of the premise. Consider, e.g., an instance of3^‚ and assume thatf refutes its conclusion Γt3A^‚u. In particular,fpγq ,3A. Thus, there exists a worldwPW such thatfpγqRw andw,A. We define anM-mapg for the premise ΓtrA^‚suto act likef on all nodes that are present in the conclusion and to map the nodeδ corresponding to the displayed bracket tow. Then, just likef, the mapg forces all input formula in Γt uand none of output formulas in Γt uand, in addition,gpδq ,A, meaning thatg refutes the premise.

Rule

˝m. Assume that all input formulas in the conclusion of the rule Γ^ÓtrA^˝su

˝m´´´´´´´´´´

ΓtA^˝u .

are forced and all output formulas are not forced by anM-map f in their respective worlds, in particular,fpγq .A. Then there exist worldsuandwsuch thatuěfpγq, anduRw, andw.A.

It is easy to show using (F1) and (F2) that there exists anM-mapg for the premise such that gpγq “u,gpδq “wfor the nodeδpresent in the premise but not in the conclusion, andgpϑq ěfpϑq for each nodeϑPΓtA^˝u. By monotonicity (Proposition 2.6), all input formulas in the conclusion are also forced byg in their respective worlds. Since additionallygpδq .A, it follows that in the premise all input formulas are forced and the only output formula,A, is not forced byg in their respective worlds. Thus, the constructedg refutes the premise in the same model.

This completes the proof of soundness.

5 Semantic Proof of Completeness

In this section we show the completeness of our multiple conclusion systems semantically. To simplify the argument, we work with a modified system cNIKm`X¹, that is defined as follows.

For every inference rule inNIKm`X(andNIKm`X¹), except for Ą^˝_m and

˝

m, we can define its contraction variant, denoted by the subscriptc, that keeps the principal formula of the conclusion

in all premises. Below are three examples:

ΓtA^‚,rA^‚,∆su

‚c ´´´´´´´´´´´´´´´´´´´´

ΓtA^‚,r∆su , Γt3A^‚,rA^‚su 3^‚c ´´´´´´´´´´´´´´´´

Γt3A^‚u , ΓtAĄB^‚, A^˝u ΓtAĄB^‚, B^‚u Ą^‚_c ^´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´

ΓtAĄB^‚u .

Note that K^‚ and K^‚_c are identical (as are d^rs andd^rsc). We denote by cNIKm`X<sup>1</sup> the system obtained fromNIKm`X¹by removingc^‚andc^˝, and by replacing every rule, except forĄ^˝_mand

˝m, with its contraction variant.

Definition 5.1 (Equivalent derivations). Two derivations are equivalent if they have the same endsequent. Two systemsS1andS2 areequivalent if for every derivation inS1, there is a derivation inS2 of the same endsequent, and vice versa.

Lemma 5.2(Equivalence of Kleene’ing). For every XĎ td,t,b,4,5u, the systems NIKm`X, NIKm`X¹, and cNIKm`X¹

are pairwise equivalent.

Proof. Every rule r_c is derivable via r and c^‚ or c^˝, and conversely, every rule r is derivable fromr_c andw. Hence, the statement follows from Lemmas 3.10 and 3.11.

We can now state the completeness theorem:

Theorem 5.3 (Completeness). Let XĎ td,t,b,4,5ube a 45-closed set, and letΥbe a sequent.

X,Υ ùñ NIKm`X$Υ .

Remark 5.4. Note that this is stronger than the completeness result proved syntactically in Corollary 3.17 which was formulated for single formulas rather than arbitrary sequents. While the argument used to prove Corollary 3.17 extends as is to single-conclusion sequents, the result in this section shows completeness for all multi-conclusion sequents.

The rest of this section is dedicated to the proof of Theorem 5.3, and we letXand Υ be fixed.

We prove the contrapositive: ifNIKm`X&Υ, then Υ isX-refutable. By Lemma 5.2 we can work with the systemcNIKm`X¹, which is equivalent toNIKm`X. We work with the (almost) complete proof search treeTincNIKm`X¹ that is constructed as follows: the nodes ofTare sequents, and the root ofTis the endsequent Υ. For each possible unary rule applicationrto a sequent Γ inTthe premise ofris a child of Γ inT, and for each possible binary rule application to Γ, both premises ofrare children of Γ inT. (Recall that we mean here upward rule applications.) There are only two exceptions: along each branch of the proof search tree

1. each formula3A^‚is used no more than once as the principal formula of the rule3^‚c (different occurrences of the same formula in the same sequent node are considered the “same” here) and

2. each sequent node is used no more than once as the principal node of the ruled^rs (but, of course, the ruled^rs is applied to every node in a sequent Γ).

The countermodel that we are going to construct will be based on the tree T that is obtained fromTby removing all subtrees that have derivable sequents as roots. In the following, we use Γ,∆, etc. to denote sequent occurrences inTrather than sequents.

We distinguish three types of unary rules:

1. theleveling rulesĄ^˝_mand

˝

m, which are non-invertible, 2. thenode creating rules3^‚c andd^rs, and

3. all other unary rules (which are invertible), that we callsimple.

Definition 5.5 (Level). Thelevel of Γ (and of every γPΓ) is the total number of leveling-rule instances on the path from Υ to Γ inT. Sequents Γ and ∆ with the same level areequilevel.

In contrast to the soundness proof, we now distinguish between nodes in the premise and conclusion of the rule, which necessitates the following

Definition 5.6 (Corresponding nodes). Let Ω be the set of all sequent nodes of all sequent occurrences inT. We define the correspondence relation «on Ω recursively:

ˆ ifγandδcan be traced to the same sequent node in the endsequent Υ, then γ«δ;

ˆ ifγandδare created by instances of3^‚c with the same principal formula3A^‚in nodesγ¹«δ¹ respectively, thenγ«δ;

ˆ ifγandδare created by instances of d^rs from nodes γ¹«δ¹ respectively, then γ«δ;

ˆ ifγandδare created by applications of

˝mwith the same principal formulaA^˝ in equilevel nodesγ¹ «δ¹ respectively, thenγ«δ.

Ifγ«δ, we also say that γandδarecorresponding.

Clearly,«is an equivalence relation. It is easy to see that distinct nodes of the same sequent occurrence cannot be corresponding. For a sequent nodeγPΩ and a sequent occurrence ∆ we denote byγ∆the unique sequent node of ∆ corresponding toγ(if it exists). Ifγis the parent ofδin trpΓqand bothγΣandδΣexist for some sequent occurrence Σ, thenγΣis the parent ofδΣintrpΣq.

Definition 5.7(Superior sequent). We call ∆ asuperior of Γ, written ΓĎ∆, ifγ∆ exists for all γPΓ and satisfies γĎγ∆ as multisets of formulas.

It is clear thatĎis reflexive and transitive.

Definition 5.8 (Corresponding rules). Two instances of the same rulerare calledcorresponding if they are applied to nodesγ«δ, to the same principal formula inγandδ(this requirement is dropped ford^rs, which has no principal formulas), to corresponding children ofγandδ (for

‚c,3^˝c, 4^‚_c, and 4^˝_c), and to corresponding second nodes (for5^‚_c and5^˝_c).

Clearly, rule correspondence is also an equivalence relation.

Definition 5.9(Rule transfer). Letrbe a rule instance and ∆ be the conclusion of a corresponding rule instance. We denote the first premise of this corresponding rule instance byrp∆qand, in case of binary rules, the second premise byr¹p∆q.

The following lemma is a direct consequence of the definition:

Lemma 5.10 (Corresponding rules for superior sequents). Let Γ be the conclusion of a rule instance r and ∆ be a superior of Γ.

ˆ If r is not node-creating, then ∆ is the conclusion of a corresponding rule instance and rpΓqĎrp∆q(also r¹pΓqĎr¹p∆qfor binary rules).

ˆ If ris node-creating, then either

1. a corresponding rule instance has already been used on the path from Υ to ∆ and rpΓqĎ∆, or

2. ∆ is the conclusion of a corresponding rule instance and rpΓqĎrp∆q.

In the former case, we define rp∆q:“∆to unify the notation.

In the following, we useGto denote an arbitrary subset of the set of sequent occurrences inT.

We writeGĎTif all occurrences are taken fromT.

Definition 5.11 (Confluent sets). A setGĎTis calledconfluent iff the following condition is satisfied: for any Γ,∆PG, the sequent occurrences Γ and ∆ are equilevel and there is a sequent occurrence ΣP Gthat is a superior of both Γ and ∆. The set G is maximal confluent if it is confluent and has no proper confluent supersets inT.

It is an immediate corollary of Zorn’s Lemma that

Lemma 5.12 (“Lindenbaum”). Each confluent set can be extended to a maximal confluent set.

Definition 5.13. LetGĎTbe a set of sequent occurrences, and let r be a rule instance with conclusion inG. Then we define

rpGq:“ trp∆q |∆PGandrp∆qis definedu . For binary rules, we user¹pGqfor the second premises.

Lemma 5.14(Properties of confluent sets). Let the set GĎTbe confluent, and let r be a rule instance with conclusion in G.

1. If r is unary, then rpGqis confluent, andrpGq ĎT. If ris not a leveling rule, then GYrpGq is also confluent, and GYrpGq ĎT.

2. If r is simple and Gis maximal confluent, then rpGq ĎG, in other words, maximal confluent sets are closed with respect to applications of simple rules.

3. If r is a binary rule, then at least one of rpGq and r¹pGq is a confluent set and contained in T, and additionally must be a subset of Gif the latter is maximal confluent.

Proof. 1. LetrpΠq,rp∆q PrpGq, where Π,∆PG. By the confluence ofG, there is ΣPGsuch that Π,∆ĎΣ. By Lemma 5.10,

rpΠq,rp∆qĎrpΣq PrpGq . (14) This demonstrates thatrpGqis confluent.

For a non-levelingr, take two sequents fromGYrpGq. If both belong to Gor both belong torpGq, the two sequents have a superior in the same set by its confluence. If ΠPGand rp∆q P rpGq, then there is a superior Σ Ě Π,∆ inG by its confluence. By Lemma 5.10, (14) holds again. Given thatrpΠqĚΠ becauseris not a leveling rule,rpΣq PrpGqis a superior

of both Π andrp∆q.

2. Follows from Clause 1 and the maximality ofG.

3. We prove that eitherrpGq ĎTorr¹pGq ĎTby contradiction. Otherwise, there would have been Π,∆PGsuch thatr_TpΠqandr¹_Tp∆qare both derivable. For a superior ΣĚΠ,∆, which would have existed by the confluence ofG, bothrpΣqandr¹pΣqwould have been derivable by admissibility of weakening (Lemma 3.10), making ΣPGĎTderivable byr, in contradiction to our assumptions. Whichever ofrpGqorr¹pGqis withinTmust be confluent (and contained inGfor maximal confluent sets) as in Clause 1.

Definition 5.15(Limit). For a confluent setGwe define itslimitGˆ as a (possibly infinite) nested sequent tree obtained by taking the quotient of all sequent nodes inGwith respect to the equivalence relation«, i.e.,trpGqˆ consists of equivalence classesrγsG over allγPΓPG. We define rγsG to be the parent ofrδsG intrpGqˆ iff there areγ¹ P rγsG andδ¹ P rδsG such that γ¹ is the parent ofδ¹ in trpΓqfor some ΓPG. For formulas inside, we define

rγsG:“ ď

δPrγsG

δ .

Lemma 5.16. Gˆ is well-defined, i.e., trpGqˆ is a tree. Furthermore, ifρis the root of ΓPG, then rρsG is the root of trpGq.ˆ

Proof. It immediately follows from Definition 5.6 that ρ₁«ρ₂ for the rootsρ₁ andρ₂of any two sequents Σ₁,Σ₂ PGbecause ρ₁ andρ₂ can be traced down to the root ρ_Υ of the endsequent Υ.

Thus,rρs_G includes all roots of all sequents inG. To show that there is a path from rρs_G to any elementrγsG PGˆ for a nodeγ from ΣPG, it remains to note that there is a path fromρΣtoγ in trpΣqand thatρΣ«ρ.

Further, it is easy to show that forγ«δwithγfrom a sequent ΣPGandδfrom a sequent Π PG, the path from ρΣ to γ has the same length as the path from ρΠ to δ. In other words, each edge intrpGqˆ increases the distance from the root (in each member sequent), which prevents directed cycles.

Finally, we show that each node in trpGqˆ has at most one parent. Indeed, assume rγsG and rγ¹sG are both parents ofrδsG intrpGq. This means thatˆ γΣ is the parent of δΣ andγ_Π¹ is the parent ofδΠ for some sequent occurrences Σ and Π from the confluent setG. They must have a superior ΛPG. Since all nodes inδΣ«δΠ«δΛ, andγΣ«γΛ, andγ_Π¹ «γ_Λ¹ exist by superiority of Λ and since bothγΛ andγ_Λ¹ must coincide with the unique parent ofδΛ intrpΛq, it follows that γΛ“γ_Λ¹ and, consequently,γΣ«γ_Π¹ . In other words,rγsG“ rγ¹sG.

Definition 5.17(Countermodel). We defineM:“ xW,ď, R, Vy, where

ˆ W :“ trγs_GPGˆ |γPΓPGandGis maximal confluent and GĎTu.

ˆ The binary relationR₀onW is the (disjoint) union of all parent–child relations on ˆGover all maximal confluent setsGĎT. The binary relationRonW is defined as the closure ofR₀ with respect to the frame properties corresponding to the axioms from the 45-closedX, except for seriality.

ˆ For rγs_G,rδs_H P W, where G and H are maximal confluent sets of sequents, we define rγs_G ď0 rδs_H iff for some conclusion ΓPGand premise ∆PHof a leveling-rule instancer with rpGq ĎHwe haveγ_Γ «δ_∆. The binary relationďonW is the reflexive and transitive closure ofď0.

ˆ Forrγs_GPW, we define Vprγs_Gq:“ ta|a^‚P rγs_Gu.

Note that this model construction is a distant relative of the canonical models. Indeed, the structure of the proof-search tree is almost completely ignored: only levels are used to prevent maximal confluent sets from reaching over leveling rules. We use the completeness of the (infinite) proof search to demonstrate the properties of maximal confluent trees, there is no direct translation of rule applications in the proof search to accessibility relation in the model.

Lemma 5.18 (Input formula preservation). If A^‚P rγs_G and rγs_Gď rδs_H, thenA^‚P rδs_H. Proof. The statement forďfollows from that forď0. AssumeA^‚P rγsG andrγsG ď0rδsH. Then

1. A^‚PγΠfor some ΠPGand

2. for some conclusion ΓPGand premise ∆PHof a leveling-rule instancerwithrpGq ĎHwe haveγΓ«δ∆.

By confluence of G, there is a superior Σ to both Π and Γ. We have A^‚ P γΠ Ď γΣ and rpΣq PrpGq ĎH. Thus,A^‚Pγ_rpΣq. Since

γ_rpΣq«γΓ «δ∆«δ , it follows thatγ_rpΣqP rδs_HandA^‚P rδs_H.

Lemma 5.19 (Correctness). Mis an X-model.

Proof. Clearly, W ‰ ∅. By construction, R satisfies all requisite frame conditions other than seriality, andďis a preorder.

Seriality. If seriality is explicitly required, thend^rs is a rule ofcNIKm`X¹. By Lemma 5.14, for everyrγs_GPW, whereγPΓPG, we have thatrpΓq PGfor the instancerofd^rsapplied toγ. Since γ_rpΓq must have a childδintrprpΓqq, we haverγs_GRrδs_G.

Monotonicity. To show monotonicity ofV alongď, assumeaPVprγsGqandrγsG ď rδsH. Then a^‚P rγs_G anda^‚P rδs_Hby Lemma 5.18. Hence,aPVprδs_Hq.

(F1)–(F2). Since the proofs of these two properties are similar, we only show (F2). We first show (F2) forď0 andR0. Assume that

rγs_Gď0rδs_H and rγs_GR₀rσs_G for somerγsG,rσsG,rδsHPW. This means that:

1. for some conclusion ΓPGand premise ∆PHof a leveling-rule instancerwithrpGq ĎHwe haveγΓ«δ∆and

2. for some ΠPG, the nodeγΠ is the parent ofσΠin trpΠq.

By confluence ofG, there is a superior Σ to both Π and Γ. IntrpΣq, the node γ_Σ is the parent ofσ_Σ. FurtherrpΣq PrpGq ĎHandγ_rpΣqis the parent ofσ_rpΣq intrprpΣqq. Sinceσ_rpΣq«σ_Σ«σ,

rσsG ď0rσ_rpΣqsH . SinceγrpΣq«γΓ«δ∆«δ, it follows that

rδs_HR₀rσ_rpΣqsH . Extending (F2) toďandR0is straightforward.

It remains to note that, if (F1)–(F2) hold forďandR0, then they hold forďandR, which is the closure ofR0 with respect to the frame properties ofX. This is proved by induction on the length of derivation of anR-link from theR0-links. (Recall that no seriality closure is performed.) We show only (F1) for the Euclidean closure: assuming by IH that theR-links

rγs_GRrδs_G and rγs_GRrσs_G satisfy both (F1)–(F2), we show that

rδsGRrσsG

satisfies (F1). LetrδsGď rδ¹sH. By (F1) forrγsGRrδsG, there isrγ¹sH such that rγ¹sHRrδ¹sH and rγs_Gď rγ¹sH .

By (F2) forrγsGRrσsG, there isrσ¹sHsuch that

rγ¹sHRrσ¹sH and rσsGď rσ¹sH .

Finally, we haverδ¹sHRrσ¹sH by Euclideanity. The cases for transitivity, reflexivity, and symmetry are similar.

Lemma 5.20 (Modal saturation). Assume that rγsGRrδsG in the constructed model M.