Some new techniques are needed when formalising the results of section 6.4. A set of modal operators must index formulae (and sequents and rules), there must be a method for modalising a multiset of formulae and we need to be able to handle IW rules.
The first of these is easy; instead of indexing formulae by a single type variable, we index on a pair of type variables, one which contains the propositional connectives, and one which contains the modal operators:
datatype(0a, 0b)form =At nat
|Compound 0a (0a, 0b)form list
|Modal 0b (0a, 0b) form list
|ff
Modalising multisets is relatively straightforward. We use the notation !·Γ, where ! is a modal operator and Γ is a multiset of formulae:
defsmodaliseMultiset-def:
(a :: 0b) ·(Γ :: (0a,0b) form multiset)≡ {#Modal a [p].p :# Γ #}
Two new rule sets are created. The first are the normal modal rules:
inductive-setmodRules2 where
[[ps 6= [] ;mset c =H Modal M MsI]] =⇒(ps,c)∈modRules2
The second are the modalised context rules (definition 20, p. 89). Taking a subset of the normal modal rules, we extend using a pair of modalised multisets for context. We create a new inductive rule set calledp-e, for “prime extend”, which takes a set of modal active parts and a pair of modal operators (say ! and •), and returns the set of active parts extended with !·Γ⇒ • ·∆:
inductive-setp-e :: (0a,0b) rule set ⇒ 0
b ⇒ 0
b ⇒(0a,0b)rule set forR :: (0a,0b)rule set andM N :: 0b
where
[[r ∈ R;R⊆modRules2 ]] =⇒extendRule (M·Γ⇒∗N·∆)r ∈ p-e R M N
To encode the condition “all modalised context rules are IW rules”, we need a method for extending the conclusion of a rule without extending the premisses. Again, this is simple:
defsextendConc-def:extendConc S r ≡(fst r,extend S (snd r))
The extension of a rule set is now more complicated; the inductive definition has four clauses, depending on the type of rule:
inductive-setext :: (0a,0b)rule set ⇒(0a,0b) rule set⇒ 0b ⇒ 0b ⇒(0a,0b)rule set forR R0:: (0a,0b)rule set and M N :: 0b
where
ax: [[r ∈R ;r ∈Ax ]] =⇒extendRule seq r ∈ext R R0M N
| up: [[r ∈R ;r ∈upRules]] =⇒extendRule seq r ∈ext R R0M N
|mod1: [[r ∈p-e R0M N ;r ∈R ]] =⇒extendConc seq r ∈ext R R0M N
|mod2: [[r ∈R;r ∈modRules2 ]] =⇒extendRule seq r ∈ ext R R0M N
Note the new rule set carries information about which set contains the modalised context rules and which modal operators extend those prime parts.
We have two different inversion lemmata, depending on whether the rule was a modalised context rule, or some other kind of rule. We only show the former, since the latter is much the same as earlier proofs. The interesting cases are picked out:
lemmarightInvert:
fixesΓ ∆ :: (0a,0b)form multiset
assumesrules:R1 ⊆upRules ∧R2 ⊆modRules2 ∧R3 ⊆modRules2 ∧
R =Ax ∪ R1 ∪(p-e R2 M1 M2)∪R3 ∧
R0=Ax ∪ R1 ∪R2 ∪R3
and a: (Γ⇒∗∆⊕Modal M Ms,n)∈ derivable (ext R R2 M1 M2) and b:∀ r0∈R0.rightPrincipal r0(Modal M Ms)R0−→
(Γ0⇒∗∆0)∈set (fst r0) and neq:M2 6=M
shows∃ m≤n.(Γ +Γ0⇒∗∆ + ∆0,m)∈derivable (ext R R2 M1 M2)
This is the case where the last inference was a normal modal inference:
{assumer ∈modRules2
obtainps cwherer = (ps,c)by(cases r)auto withhr ∈ modRules2iobtainT Ts wherec = (∅ ⇒∗
HModal T TsI) ∨
c = (H Modal T TsI⇒∗ ∅)
using modRule2Characterise[wherePs=ps andC=c]byauto moreover
{assumec = (∅ ⇒∗HModal T Ts I)
proof−
We need to knowr∈R so that we can extend the active part fromhc = (∅ ⇒∗
HModal T TsI)iand
hr = (ps,c)i and hr ∈Riand hr ∈modRules2i
have(ps,∅ ⇒∗HModal T TsI) ∈Rbyauto
withruleshave (ps, ∅ ⇒∗HModal T TsI) ∈p-e R2 M1 M2 ∨
(ps, ∅ ⇒∗HModal T TsI)∈R3 byauto
moreover
{assume(ps,∅ ⇒∗HModal T TsI)∈R3
then have(ps,∅ ⇒∗HModal T TsI)∈R0usingrules byauto
}
moreover
{assume(ps,∅ ⇒∗HModal T TsI)∈p-e R2 M1 M2
In this case, we show that ∆0 and Γ0 must be empty. The details are generally suppressed: then obtainΓ0∆0r0
whereaa: (ps,∅ ⇒∗HModal T TsI) =extendRule (M1·Γ0⇒∗M2·∆0)r0
∧r0∈R2 byauto
then haveM1·Γ0=∅ and M2·∆0=∅
by(auto simp add:modaliseMultiset-def)
The other interesting case is where the last inference was a modalised context inference:
{assumeba:r ∈p-e R2 M1 M2 ∧
extendConc S r = (Ps, Γ⇒∗∆⊕Modal M Ms) withrules obtainF FsΓ00∆00ps r0where
ca:r =extendRule (M1·Γ00⇒∗M2·∆00)r0and cb:r0∈R2 and
cc: r0= (ps,∅ ⇒∗HModal F FsI)∨r0= (ps,HModal F FsI ⇒∗ ∅) byauto
obtainΓ1 ∆1 whereS = (Γ1 ⇒∗∆1)by(cases S) auto moreover
{assumer0= (ps,∅ ⇒∗HModal F FsI) withba ca hS = (Γ1 ⇒∗∆1)ihave
eq1: (M1·Γ00+ Γ1 ⇒∗M2·∆00+ ∆1 ⊕Modal F Fs) = (Γ⇒∗∆⊕Modal M Ms) by(auto simp add:extendRule-def extend-def extendConc-def union-ac) then haveModal M Ms ∈set-of (M2·∆00)∨
Modal M Ms ∈set-of ∆1 ∨
Modal M Ms =Modal F Fs byauto
{assumeModal M Ms ∈set-of (M2·∆00) — Contradiction then haveModal M Ms :#M2·∆00byauto
with neq
have∃ m≤n.(Γ + Γ0⇒∗∆ + ∆0,m) ∈derivable (ext R R2 M1 M2) byauto
}
moreover
{assumeModal M Ms =Modal F Fs— The last inference is principal then haver0= (ps,∅ ⇒∗HModal M MsI)
usinghr0= (ps,∅ ⇒∗
HModal F FsI)ibysimp
withcband ruleshave rightPrincipal r0(Modal M Ms)R0 andr0∈R0byauto
withb have(Γ0⇒∗∆0) ∈set ps using hr0= (ps,∅ ⇒∗
HModal M MsI)i
by(auto simp add:Ball-def)
ultimately have∃ m≤n.(Γ + Γ0⇒∗∆+∆0,m)∈ derivable (ext R R2 M1 M2) byauto
}
moreover
{assumeModal M Ms∈set-of ∆1— Formula is in the implicit weakening then obtain∆2 where∆1 = ∆2 ⊕Modal M Msbyblast
frombaand rules
haveextendConc(Γ1 + Γ0⇒∗∆2 + ∆0)r ∈(ext R R2 M1 M2)byauto moreover fromba andca havefst (extendConc(Γ1 + Γ0⇒∗∆2 + ∆0)r) =Ps
by(auto simp add:extendConc-def)
ultimately have(Γ + Γ0⇒∗∆ + ∆0,n0+1)∈derivable (ext R R2 M1 M2) byauto
then have∃ m≤n.(Γ + Γ0⇒∗∆ + ∆0,m)∈derivable (ext R R2 M1 M2) using hn =Suc n0i byauto
}
ultimately have∃m≤n.( Γ + Γ0⇒∗∆ + ∆0,m)∈ derivable (ext R R2 M1 M2) byblast
The other case, where the last inference was a left inference, is more straightforward, and so is omitted.
We guarantee no other rule has the same modal operator in the succedent of a modalised context rule using the conditionM 6=M2. Note this lemma only allows one kind of modalised
context rule. In other words, it could not be applied to a calculus with the rules:
!·Γ⇒A,• ·∆
Γ0,!·Γ⇒ •A,• ·∆,∆0 R1
• ·Γ⇒A,!·∆
Γ0,• ·Γ⇒ •A,!·∆,∆0 R2
since, if ([∅ ⇒A],∅ ⇒ •A)∈ R, thenR1∈p-eR!•, whereasR2∈p-eR •!. Similarly, we
cannot have modalised context rules which have more than one modalised multiset in the antecedent or succedent of the active part. For instance:
!·Γ1,• ·Γ2⇒A,!·∆1,• ·∆2
Γ0,!·Γ1,• ·Γ2⇒ •A,!·∆1,• ·∆2,∆0
cannot belong to any p-eset. It would be a simple matter to extend the definition of p-e
to take aset of modal operators, however this has not been done.
As an example, classical modal logic (the rules for which were given in section 6.4) can be formalised. The (modal) rules for this calculus are then given in two sets, the latter of which will be extended with2·Γ⇒3·∆:
inductive-setg3mod2 where diaR: ([∅ ⇒∗HA I],∅ ⇒∗H3AI)∈g3mod2 | boxL: ([H AI⇒∗ ∅],H2AI⇒∗ ∅)∈g3mod2 inductive-setg3mod1 where boxR: ([∅ ⇒∗HAI],∅ ⇒∗H2AI) ∈g3mod1 | diaL: ([HAI⇒∗ ∅],H 3AI⇒∗ ∅)∈ g3mod1
We then show the strong admissibility of the rule:
Γ⇒2A,∆ Γ⇒A,∆
lemmainvertBoxR:
assumesR=Ax ∪g3up ∪(p-e g3mod1 2 3)∪g3mod2 and (Γ⇒∗∆⊕(2A),n)∈derivable (ext R g3mod1 2 3) shows ∃ m≤n.(Γ⇒∗∆⊕A,m)∈ derivable (ext R g3mod1 2 3) proof−
fromassms show?thesis
usingprincipal andrightInvert andg3 byauto qed
where principal is the result which fulfils the principal formula conditions given in the inversion lemma, andg3 is a result about rule sets.