Propositional Dynamic Logic Contents 1 Introduction 1 2 Syntax - - PDF document

Propositional Dynamic Logic

Contents

1 Introduction 1 2 Syntax and Semantics 2 2.1 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3 Hilbert-style axiom system for PDL 3 4 Soundness and Completeness; Decidability 3 4.1 Soundness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4.2 Completeness: Proof idea . . . . . . . . . . . . . . . . . . . . . . 4 4.3 Completeness: Detailed proof . . . . . . . . . . . . . . . . . . . . 5 4.3.1 Consistent sets; maximal consistent sets . . . . . . . . . . 6 4.3.2 An intermediate structure . . . . . . . . . . . . . . . . . . 7 4.3.3 Constructing a (finite) structure and a state at which ¬F holds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 4.3.4 End of the completeness proof . . . . . . . . . . . . . . . 10 4.3.5 Decidability . . . . . . . . . . . . . . . . . . . . . . . . . . 10

1 Introduction

Propositional dynamic logic (PDL) is a multi-modal logic with structured modal- ities. For each program α, there is: – a box-modality [α] and – a diamond modality α. PDL was developed from first-order dynamic logic by Fischer-Ladner (1979) and has become popular recently. Here we consider regular PDL. 1

2 Syntax and Semantics

2.1 Syntax

Prog: set of programs Prog0 ⊆ Prog: set of atomic programs Π: set of propositional variables The set of formulae FmaPDL

Prog,Π of (regular) propositional dynamic logic and the

set of programs P0 are defined by simultaneous induction as follows: Formulae: F, G, H ::= ⊥ (falsum) | ⊤ (verum) | p p ∈ Π0 (atomic formula) | ¬F (negation) | (F ∧ G) (conjunction) | (F ∨ G) (disjunction) | (F → G) (implication) | (F ↔ G) (equivalence) | [α]F if α ∈ Prog | α F if α ∈ Prog Programs: α, β, γ ::= α0 α0 ∈ Prog0 (atomic program) | F? F formula (test) | α; β (sequential composition) | α ∪ β (non-deterministic choice) | α∗ (non-deterministic repetition)

2.2 Semantics

A PDL structure K = (S, R(), I) is a multimodal Kripke structure with an accessibility relation for each atomic program. That is, it consists of:

• a non-empty set S of states
• an interpretation R() : Prog0 → S × S of atomic programs that assigns a

transition relation R(α) to each atomic program α

• an interpretation I : Π × S → {0, 1}

The interpretation of PDL relative to a PDL structure K = (S, R(), I) is de- fined by extending R() to Prog and extending I to FmaPDL

Prop0 by the following

simultaneously inductive definition: 2

valK(p, s) = I(p, s) if p ∈ Π valK(¬F, s) = ¬BoolvalK(F, s) valK(F ∧ G, s) = valK(F, s) ∧Bool valK(G, s) valK(F ∨ G, s) = valK(F, s) ∨Bool valK(G, s) valK([α]F, s) = 1 iff for all t ∈ S with (s, t) ∈ R(α), valK(F, t) = 1 valK(α F, s) = 1 iff for some t ∈ S with (s, t) ∈ R(α), valK(F, t) = 1 R([F?]) = {(s, s) | valK(F, s) = 1} (F? has the same meaning as: if F then skip else do not terminate) R(α ∪ β) = R(α) ∪ R(β) R(α; β) = {(s, t) | there exists u ∈ S s.t.(s, u) ∈ R(α) and (u, t) ∈ R(β)} R(α∗) = {(s, t) | there exists n ≥ 0 and there exist u0, . . . , un ∈ S with s = u0, y = un, (u0, u1), . . . , (un−1, un) ∈ R(α)}

• (K, s) satisfies F (notation (K, s) |

= F) iff valK(F, s) = 1.

• F is valid in K (notation K |

= F) iff (K, s) | = F for all s ∈ S.

• F is valid (notation |

= F) iff K | = F for all PDL-structures K.

3 Hilbert-style axiom system for PDL

Axioms (D1) All propositional logic tautologies (D2) [α](A → B) → ([α]A → [α]B) (D3) [α](A ∧ B) ↔ [α]A ∧ [α]B (D4) [α; β]A ↔ [α][β]A (D5) [α ∪ β]A ↔ [α]A ∧ [β]A (D6) [A?]B ↔ (A → B) (D7) [α∗]A ↔ A ∧ [α][α∗]A, (D8) [α∗](A → [α]A) → (A → [α∗]A] Inference rules MP

P, P →Q Q

Gen

F [α]F

4 Soundness and Completeness; Decidability

We will show that PDL is determined by PDL structures, and has the finite model property (the last result is due to Fischer and Ladner (1979)).

4.1 Soundness

• Theorem. If the formula F is provable in the inference system for PDL then

F is valid in all PDL structures. Proof: Induction of the length of the proof, unsing the following facts: 3

• 1. The axioms are valid in every PDL structure. Easy computation.
• 2. If the premises of an inference rule are valid in a structure K, the conclu-

sion is also valid in K. (MP) If K | = F, K | = F → G then K | = G (follows from the fact that for every state s of L if (K, s) | = F, (K, s) | = F → G then (K, s) | = G). (Gen) Assume that K | = F. Then (K, s) | = F for every state s of K. Let t be a state of K. (K, t) | = [α]F if for all t′ with (t, t′) ∈ R(α) we have (K, t′) | = F. But under the assumption that K | = F the latter is always the case. This shows that (K, t) | = [α]F for all t.

4.2 Completeness: Proof idea

• Theorem. If the formula F is is valid in all PDL structures then F is provable

in the inference system for PDL. Idea of the proof: Assume that F is not provable in the inference system for PDL. We show that: (1) ¬F is “consistent” with the set L of all theorems of PDL (2) We can construct a “canonical” PDL structure K and a state w in this PDL structure such that (K, w) | = ¬F. Contradiction! We construct the PDL structure K as follows:

• 1. We know that if F is not provable then ¬F must be consistent with the

set L of all theorems of PDL.

• 2. This means that L ∪ {¬F} is consistent.
• 3. We show that every consistent set of formulae is contained in a maximal

consistent set of formulae.

• 4. We choose a set S of states, in which every state is a maximal consistent

set W of PDL formulae (a “possible world”).

• 5. We define suitable relations R(α) on S as explained in the detailed proof.
• 6. Let KP be the Kripke model defined this way.

We prove that (KP , W) | = φ iff φ ∈ W. Thus if W¬F is the maximal consistent set containing ¬F then (KP , W¬F ) | = ¬F.

• 7. The model constructed this way is not exactly what we are looking for,

because R(α∗) = R(α)∗. We need to change this model such that this property holds, but have to take care that it is still the case that the new model has a state at which ¬F is true. 4

• 8. We change it as follows:
• We define a family Γ of subformulae of our formula.
• We show that this family of formulae is finite and closed under sub-

formulae.

• We now say that two states W, W ′ ∈ S are equivalent (and can be

merged) if for every G ∈ Γ, (KP , W) | = G iff (KP , W ′) | = G (i.e. if they satisfy the same subformulae of F, in other words if we cannot distinguish these states if we only look where the subformulae of F in Γ are true or false).

• We merge equivalent states in S (i.e. we partition S into equivalence

classes and define a new set of states S/ ∼, in which a state is the representative of an equivalence class of states in S).

• We define relations R′(α) such that if sR(α)s′ then [s]R′(α)[s′]. The

labelling is defined similarly.

• We now show that this new structure K = (S/∼, R′(), I) is a PDL

structure, and that (K, [W¬F ]) | = ¬F. This ends the completeness proof. Decidability If we analyse the structure K = (S/∼, R′(), I), we note that every state in S/∼ is the representative of a set of states in S at which certain subformulae of F are true. If we have two different states s1, s2 in S/∼:

• s1 is the representative of a set of states in S at which a set Γ1 ⊆ Γ are

true

• s2 is the representative of a set of states in S at which a set Γ2 ⊆ Γ are

true. Clearly, Γ1 = Γ2 (otherwise s1 and s2 would be representatives for the same set

• f formulae, hence equal).

We can now think of the states in S/∼ as being labelled with the sets of formulae in Γ which are true in them. The number of states in S/∼ is therefore smaller than or equal to the number of subsets of Γ. Since Γ is finite, the number of states in S/∼ is therefore finite (at most 2|Γ|).

4.3 Completeness: Detailed proof

In order to complete the proof we need the following definitions and results: 5

4.3.1 Consistent sets; maximal consistent sets Let L be a set of PDL formulae which: (1) contains all propositional tautologies (2) contains axiom PDL (3) is closed under modus ponens and generalization (4) is closed under instantiation

• Definition. A subset F ⊆ L is called L-inconsistent iff there exist formulae

A1, . . . , An ∈ F such that (¬A1 ∨ · · · ∨ ¬An) ∈ L F is called L-consistent iff it is not L-inconsistent.

• Definition. A consistent set F of PDL formulae is called maximal L-consistent

if for every formula A either A ∈ F or ¬A ∈ F.

• Theorem. Let F be a maximal L-consistent set of formulae. Then:

(1) For every formula A, either A ∈ F or ¬A ∈ F, but not both. (2) A ∨ B ∈ F iff A ∈ F or B ∈ F. (3) A ∧ B ∈ F iff A ∈ F and B ∈ F. (4) L ⊆ F. (5) F is closed under Modus Ponens. Proof. (1) A ∈ F or ¬A ∈ F by definition. Assume A ∈ F and ¬A ∈ F. We know that ¬A ∨ ¬¬A ∈ L (propositional tautology), so F is inconsistent. Contradiction. (2) “⇒” Assume A ∨ B ∈ F, but A, B ∈ F. Then ¬A, ¬B ∈ F. As ¬¬A ∨ ¬¬B ∨ ¬(A ∨ B) ∈ L (classical tautology) it follows that F is inconsistent. (2) “⇐” Assume A ∈ F and A∨B ∈ F. Then ¬(A∨B) ∈ F. Then ¬A∨(A∨B) ∈ L, so F is inconsistent. (3) Analogous to (2) (4) If A ∈ L then ¬A is inconsistent. Hence, ¬A ∈ F, so A ∈ F. (5) Assume A ∈ F, A → B ∈ F and B ∈ F. Then ¬A ∨ ¬(A → B) ∨ B is a tautology, hence in L. Thus, F inconsistent. QED Theorem. Every consistent set F of formulae is contained in a maximally consistent set of formulae.

• Proof. We enumerate all PDL formulae: A0, A1, . . . and inductively define an

ascending chain of sets of formulae: F0 := F 6

Fn+1 :=

• Fn ∪ {An}

if this set is consistent Fn ∪ {¬An}

• therwise

It can be proved by induction that Fn is consistent for all n. Let Fmax =

n∈N Fn.

Then Fmax is maximal consistent and contains F. QED

• Lemma. If F is not provable in PDL then ¬F is consistent with the set L of all

theorems of PDL, so it is contained in a maximally conststent set of formulae W¬F .

• Proof. Assume that ¬F is not consistent with the set L of all theorems of PDL.

Then there exist formulae A1, . . . , An such that ¬A1∨¬A2∨· · ·∨¬An∨¬(¬F) ∈

• L. By using Modus Ponens n times we can show that ¬¬F ∈ L, hence F ∈ L

(i.e. F is provable). QED 4.3.2 An intermediate structure Goal: Assume F is not a theorem. Construct a PDL structure K and a state w of K such that (K, w) | = ¬F. States: State of K: maximal consistent set of formulae. Intuition: (K, W) | = φ iff φ ∈ W. Then: (K, W¬F ) | = ¬F Accessibility relation: Intuition: (K, W) | = [α]F iff for all W ′, ((W, W ′) ∈ R(α) → (K, W ′) | = F) (W, W ′) ∈ R(α) iff W ′ ⊇ {F | [α]F ∈ W}

• Theorem. (K, W) |

= G iff G ∈ W.

• Proof. Induction on the structure of the formula F.
• Theorem. K satisfies all PDL structure conditions except R(α∗) ⊆ (R(α))∗.

Proof: By direct checking. Example: R(α; β) ⊆ R(α) ◦ R(β) Assume (W, W ′) ∈ R(α; β). Then W ′ ⊇ {F | [α; β]F ∈ W}. We want to show that there exists W0 with (W, W0) ∈ R(α) and (W0, W ′) ∈ R(β). Note that:

• (W, W0) ∈ R(α) iff {A | [α]A ∈ W} ⊆ W0
• (W0, W ′) ∈ R(β) iff {B | [β]B ∈ W0} ⊆ W ′ iff {¬[β]D | D ∈ W ′} ⊆ W0.

7

It is sufficient to show that {A | [α]A ∈ W} ∪ {¬[β]B | B ∈ W ′} is PDL- consistent. Assume that the set is not PDL consistent. Then there is a theorem ⊢ A1 ∧ · · · ∧ Am ∧ ¬[β]B1 ∧ . . . ¬[β]Bn →⊥ where [α]Ai ∈ W and Bj ∈ W ′. Let B = B1 ∨ · · · ∨ Bn. Then since ⊢ [β]B1 ∨ · · · ∨ [β]Bn → [β]B it follows that ⊢ A1 ∧ · · · ∧ Am → [β]B hence: ⊢ [α](A1 ∧ · · · ∧ Am) → [α][β]B and since ⊢ [α]A1 ∧ · · · ∧ [α]Am → [α](A1 ∧ · · · ∧ Am) we showed that ⊢ [α]A1 ∧ · · · ∧ [α]Am → [α][β]B Using the PDL-theorem [α][β]B → [α; β]B it then follows that ⊢ [α]A1 ∧ · · · ∧ [α]Am → [α; β]B Since [α]A ∈ W and W is maximally consistent it follows that [α; β]B ∈ W, hence B = B1 ∨· · ·∨Bn ∈ W ′. But then (as W ′ maximally consistent) Bj ∈ W ′ for some j which is a contradiction. It follows that {A | [α]A ∈ W}∪{¬[β]B | B ∈ W ′} is PDL consistent. Therefore it is contained in a maximal consistent set W0. QED 4.3.3 Constructing a (finite) structure and a state at which ¬F holds

• Theorem. Assume F is not a PDL theorem. We can construct a PDL structure

K′ and a state w of K′ such that (K′, w) | = ¬F.

• Proof. To obtain a PDL structure that falsifies F we will collapse K by a suitable

Γ that contains F. The closure rules for Γ that will be needed are:

• Γ is closed under subformulae;
• [B?]D ∈ Γ implies B ∈ Γ;
• [α; β]B ∈ Γ implies [α][β]B ∈ Γ;
• [α ∪ β]B ∈ Γ implies [α]B, [β]B ∈ Γ;
• [α∗]B ∈ Γ implies [α][α∗]B ∈ Γ

8

A set Γ satisfying these conditions will be called closed.

• Theorem. If Γ is the smallest closed set containing a given formula F, then Γ

is finite.

• Proof. The point is to show that closing Subformulae(F) under the above rules

produces only finitely many new formulae. Define a formula to be boxed if it is prefixed by a modal connective, i.e. is of the form [α]B for some α and B. Each time we apply a closure rule, new boxed formulae appear on the right side of the rule, and further rules may apply to these new formulae. But observe that the programs α indexing prefixes [α] on the right side are in all cases shorter in length than those indexing the prefix on the left of the rule in question. Hence we will eventually produce only atomic prefixes on the right, and run out of rules to apply. QED Having determined that Γ, the smallest closed set containing F, is finite, we identify the states which satisfy the same formulae in Γ: Fix a model K = (S, R, I) and a set Γ ⊆ FmaΣ that is closed under subformulae, i.e. B ∈ Γ implies Subformulae(B) ⊆ Γ. For each s ∈ S, define Γs = {B ∈ Γ | (K, s) | = B} and put s ∼Γ t iff Γs = Γt. Then s ∼Γ t iff for all B ∈ Γ, (K, s) | = B iff (K, t) | = B. Fact: ∼Γ is an equivalence relation on S. Let [s] = {t | s ∼Γ t} be the ∼Γ-equivalence class of s. Let SΓ := {[s] | s ∈ S} be the set of all such equivalence classes. Goal: (K, s) | = A → (K′, s′) | = A, K′ = (S′, R′, I′). Step 1: S′ := SΓ, where Γ = Subformulae(S) Step 2: I′ : (Π ∩ Γ) × S′ → {0, 1} def. by I′(P, [s]) = I(P, s) Step 3: R′(α) def. e.g. by: ([s], [t]) ∈ R′(α) iff ∃s′ ∈ [s], ∃t′ ∈ [t]: (s′, t′) ∈ R(α) Theorem: K′ is a PDL structure and it has the properties: (F1) If sR(α)t then [s]R′(α)[t] (F2) If [s]R′(α)[t] then for all formulae B, if [α]B ∈ Γ and (K, s) | = [α]B then (K, t) | = B Proof: Induction on the structure of α. QED 9

4.3.4 End of the completeness proof Since (K, W¬F ) | = ¬F it can easily be seen that (K′, [W¬F ]) | = ¬F. This completes the completeness proof. 4.3.5 Decidability

• Lemma. If Γ is finite, then SΓ is finite and has at most 2n elements, where n

is the number of elements of Γ. This shows that checking whether a formula A is a PDL theorem is decid- able. We compute how many subformulae A has. Let n be the number of subfor- mulae of A (in extended sense). We generate all structures of size up to 2n. If we find a structure where A is not true, A is not a theorem. If A is true in all such structures, at every state then A is a PDL theorem. Bibliography

• 1. Michael J. Fischer, Richard E. Ladner: Propositional Dynamic Logic of

Regular Programs. J. Comput. Syst. Sci. 18(2): 194-211 (1979)

• 2. Robert Goldblatt: Logics of Time and Computation, second edition, 1992,

(Center for the Study of Language and Information Publication Lecture Notes). 10