July 12, 2010 4 Validity and decidability 4.1 Validity and deciding the minimal modal logic A modal formula was valid if it is true at all worlds in all models. The valid formulas form the minimal modal logic, true solely in virtue of local quantification in any graph. It often takes little effort to recognize modal formulas as valid or not. What is the general situation? Logicians think here in terms of “decision procedures”, algorithmic “mechanical” methods that test whether a given formula is valid, or follows logically from others. Indeed, the idea that logical deduction is essentially linked to computation goes back to the Middle Ages. Two landmark facts dominate the history here. Validity in propositional logic can indeed be tested by an algorithmic decision procedure, viz. the truth table method, and computers can do this, too. But the dream that all logical validity might be computable was shattered by the discovery in the 1930s that validity for predicate logic has no mechanical testing method at all. Or, put more succinctly: “first-order logic is undecidable”. Of course, this is not all. In between propositional and predicate logic, many logics are still decidable – with monadic predicate logic, first- order logic with unary predicates only, as a prime example.24 This leads to the “Balance” mentioned earlier in this course. Modal logic sits in between propositional logic and predicate logic qua expres- sive power over its models. But, what about the computational com- plexity of its validity problem? Does it side with propositional logic (where that problem is decidable), or with predicate logic (where it is undecidable)? There is no obvious truth table method for modal logic, since there are infinitely many models (both finite and infinite ones) to be searched in principle. But here is the truth: 24Indeed, existing methods for proof search in predicate logic (which you may have been taught in your first logic course) often do decide validity in special cases, though there is no guarantee that must do so. 37 July 12, 2010 38 / Modal Logic for Open Minds Theorem 4. The minimal modal logic is decidable. There are many proofs of this result, backed up by concrete de- cision procedures. Methods include “semantic tableaux”, and others that you may know from standard logic courses. In this chapter, we will prove decidability in a number of different ways. Each pass will tell us something more about what makes modal logic tick, showing some interesting difference with first-order logic as a whole. 4.2 The finite model property Basic modal logic has the finite model property (FMP): Theorem 5. Every satisfiable modal formula (that is, true in some M,s) has a finite model. By contrast, first-order logic has no FMP. Let the formula λ say that < is an irreflexive transitive order where every point has a successor. The natural numbers with “smaller than” are a model. λ has only infinite models: any finite transitive model in which each point has a successor must have loops, which are forbidden by the irreflexivity. The FMP does not give decidability per se. We still might have to check all finite models: infinitely many. But it does when we can find an effective bound on the size of a verifying model in terms of the given formula ϕ. This strengthened version of the FMP is called the effective finite model property. Our first analysis works by a method of selection: Theorem 6. Modal logic has the effective finite model property. Proof. Consider any formula ϕ satisfied in a model M, w. For conve- nience, unravel M via a bisimulation to a tree, so ϕ holds at the root. The essential point is that evaluation of ϕ only needs finite path depth into the tree, and finite branching width. Here is the idea. Consider ϕ as a Boolean combination taken from a finite set of propositional atoms and modal formulas ¿α (this is always possible, looking at ϕ from the outside).25 For atoms, it is enough to know the valuation at the current world. For each true diamond formula in this set, we choose a verifying successor world in the model. The total number needed is bounded by the number of sub-formulas of ϕ, which is at most the size length(ϕ) of ϕ itself. For false diamonds, we need not choose any worlds at all, as these only constrain what should hold at successors we need for other reasons. Going down the tree in this fashion, we lose one level of modal 25We made this same point earlier in Chapter 3, in our proof of the Adequacy ¾ ¾ Lemma for bisimulation games. For instance, the formula ¬(p ∧ ¿(q ∨ p) ∧ s) is ¾ ¾ equivalent to the Boolean combination ¬(p ∧ ¿(q ∨ p) ∧ s), where we consider the bold-face sub-formulas temporarily as “units”. July 12, 2010 Validity and decidability / 39 operator depth in each round: the process stops at md(ϕ). Moreover, the width of the process is also clearly bounded by the size of the for- mula. We can make this precise by induction on finite sets of formulas (counting their total number of operators): if such a set consists of true formulas at a node s, then there is a finite sub-tree starting at s which still verifies the whole set. We put together the finite sub-models for the α’s (which exist by the inductive hypothesis) to get the total model for the set one node higher up. We can compute an effective upper bound on the size of the models constructed in this proof, viz. length(ϕ)md(ϕ)+1. This gives an algorithm for deciding validity. Enumerate all modal models up to this size – using the fact that, modulo isomorphism of models, there are only finitely many of these. Check if the given formula ϕ holds in any one of these models. If so, ϕ is of course satisfiable – and if not, it is not satisfiable at all. This decides SAT (the satisfiability problem) for modal formulas. And then we can decide validity of any formula ϕ by deciding satisfiability of ϕ. ¬ Remark (Finite depth property). Implicit in this proof is a feature of modal formulas called their “Finite Depth Property”. For any model M,s and modal formula ϕ, M,s = ϕ iff M k,s = ϕ, where M k,s is the sub-model of M whose domain| consists| of s plus| all worlds| reach- able from it in at most k successor steps, with k the modal depth of ϕ. Modal formulas can only “see” the current model locally via successor paths up to their own modal depth. Related to this argument is the general method of filtration, which we only sketch here. It proceeds by contracting all worlds that agree on each sub-formula of the ϕ at issue, and it is also somewhat reminiscent of our earlier bisimulation contractions. Definition 4.2.1 (Filtrated model). Consider any model M, and take any modal formula ϕ. The filtrated model M ϕ arises as follows. Set w v if worlds w, v agree on the truth value of| each sub-formula of ϕ. ∼ Take the equivalence classes w∼ of this relation as the new worlds. For accessibility, set w∼Rv∼ iff there are worlds s w, t v with sRt. ∼ ∼ Finally, for the valuation, set w∼ = p iff w = p. | | Clearly, filtrated models are finite, and also, relevant formulas do not change truth values, as seen by a simple induction on their construction: Fact. For each sub-formula α of ϕ, we have this equivalence: 26 M,s = α iff α holds at s∼ in the filtrated model M ϕ. | | 26The method works much more generally, but it needs further twists to preserve July 12, 2010 40 / Modal Logic for Open Minds 4.3 Inductive analysis of valid sequents Next, we look into the concrete syntactic structure of valid inferences. Definition 4.3.1 (Modal sequents). A modal sequent consists of two sequences of modal formulas separated by a double arrow: ϕ ...ϕk 1 ⇒ ψ1,...ψm. Such a sequence is valid if in every world in every model, the conjunction of the ϕ’s implies the disjunction of the ψ’s.27 This implies that a sequent is valid whenever some formula appears on both sides. This convention makes for better combinatorial reduc- tion laws than the stipulation & &. Here, order and multiplicity of formulas on either side of the arrow⇒ is immaterial: just think of them as sets. We use letters , ,... for finite sets of formulas. Now, we give a set of principles thatA decomposeB questions of validity into ever-simpler equivalent ones, so that the associated procedure terminates. The first of these are purely propositional: Fact (Valid propositional reduction laws). 1. A sequent with only atoms is valid iff some formula occurs on both sides. 2. , ϕ iff , ϕ A ¬ ⇒B A⇒B 3. , ϕ iff , ϕ A⇒B ¬ A ⇒B 4. , ϕ ψ iff , ϕ, ψ A ∧ ⇒B A ⇒B 5. , ϕ ψ iff both , ϕ and , ψ A⇒B ∧ A⇒B A⇒B Proof. This is a routine exercise in propositional logic.28 Reducing sequents by these rules leads to ever simpler ones in terms of logical operators, until you hit atomic ones that you can decide “on sight”. So, this is a decision procedure for propositional logic. Now for the modal operators. Starting from the outside of formulas in a se- quent, we can reduce sequents until all outer Boolean connectives have disappeared. We are left with (using only diamonds here as primitive modalities) irreducible sequents ¿ ¿ ¿ p, ¿ϕ ,..., ϕk ψ ,..., ψm, q (4.1) 1 ⇒ 1 with p, q sequences of proposition letters.