On interactive proof-search for constructive modal necessity

,


Introduction
Modal logics play an important role in several areas of Computer Science and Philosophy. For instance, various type systems for concurrent and distributed computations [12,15] employ modalities and a modal lambda calculus has been proposed to model information flow in computer networks [4]. In Artificial Intelligence (AI) they are useful to model knowledge structures among agents, ontologies or the behaviour of computer systems. These and other applications oblige to design effective and simple to use procedures for proof search in modal logics. However, the existing processes are quite sophisticated, for instance [17,1], and machine-oriented in the sense that their inference rules deviate from the natural human reasoning, for they are or intend to be fully automated, like the bidirectional approach of [10]. This makes the modelling of actual arguments involving modal reasoning difficult. Such arguments arise for instance in AI, while verifying an agent-based computer system; or in Philosophy, in the representation of concrete cases in modal argumentation theory, where the operator usually represents the argument attack relation [3,8].
In this paper we walk in the opposite direction by proposing a sequent calculus adequate for proof-search but in an interactive style, as is understood and implemented in modern proof-assistants like Coq. This means that the proofsearch is driven by the human agent: the process starts with the desired sequent S; if it is suitable as a conclusion of some rule, then the process continues with the premises of this rule. If at the end all branches of this search end in an axiom or initial rule, the procedure is succesful. The purpose of this work is to give a precise formal definition of this process and to prove its equivalence with the usual forward proof construction in the case of constructive modal logic S4 for necessity.

A Dual Sequent Calculus for Necessity
The formal system GS4 hereby considered is a sequent calculus whose foundations come from the analysis of [13]. Propositions are analysed judgmentally without any semantic label (worlds). In the specific case of modal connectives by means of judgments over propositions. The notion of so-called hypothetical judgments is extended to categorical judgment where a conclusion does not depend on hypotheses about the constructive truth of propositions. Hence, a distinction of two forms of primitive judgments is essential: 'A true' means that we know how to verify A under hypothetical judgments, whereas 'A valid ' represents the fact that A is a proposition whose truth does not depend on any hypotheses, thus internalizing a categorical judgment as a proposition syntactically represented by the modal formula A. The system is called dual for it handles sequents with two separate contexts of the form ∆|Γ A. We chose to implement such contexts by means of two disjoint lists (instead of sets or multisets), ∆ for valid and Γ for true hypotheses. This choice allows us to omit the labels valid, true in context formulae, contrary to [16]. A similar separation is present in several works: for instance the systems of [6] use global and local assumptions or the work of [2] which discusses modal logic encodings by using separate consequence relations (semantical and deductive) related to classical validity and truth. The idea behind the context separation in GS4 is that formulae in ∆ are modal (i.e. boxed formulae), whereas those in Γ are propositional. Nevertheless, like the intuitive semantic qualifiers, this idea does not represent a syntactic restriction, we can have arbitrary formulae in both contexts. Moreover, the succedent of a sequent only considers true propositions, there is no need to consider valid conclusions explicitly as they are represented by the formula A. For the sake of self-containment let us briefly review the elements of our syntax. Modal formulae are generated by the following grammar: where p n denotes an element taken from an infinite supply of propositional variables, indexed by a natural number. Let us also note that we do not consider neither negation nor the constant ⊥. Therefore we will be dealing with minimal propositional logic [18] extended with the necessity operator. A particular modal logic is generated by adding suitable axioms. It is important to remark that the logic here discussed is called constructive due to the approach of Martin-Löf but also to distinguish it from both, the classical modal logics where the operator obeys the axiom A ↔ ¬♦¬A and the intuitionistic modal logics which include the axiom ¬♦⊥. In contrast, in the constructive modal logic S4 the above axioms are omitted and both modalities are primitive. Our work only considers the necessity modality . Contexts are implemented by means of so-called snoc lists: Γ, ∆ ::= · | Γ, A These are finite lists built from the empty list, denoted here by ·, and a constructor that generates a new list from a given one by adding a new element to its right-end. The constructor called snoc is denoted by a comma. Therefore Γ, A is the context obtained by adding A after the last element in Γ . This constructor is opposed to the traditional cons operation, predefined in functional languages, which adds elements at the left-end of the list 1 . The snoc lists provide a formalization akin to the usual practice in computer science logic where the last context formula is the one introduced or discharged to prove an implication. The concatenation operation is inductively defined in the obvious way and denoted by Γ 1 ; Γ 2 . Also, whenever we write Γ, A; Γ it means (Γ, A); Γ , that is, the formula A is associated to the left context. This should be clear, for the expression The system GS4 is defined by the following inference rules: -Left rules for truth contexts.
The name cons is for constructor and note that snoc is the backward reading of cons.
-Left rules for valid contexts.
We have two starting rules allowing to use an hypothesis present in any of the two contexts; the right rules for the connectives are the usual ones; the left rules come in two versions, one for each context. For the case of conjunction and disjunction these rules are also usual. The left rules for implication are new 2 , to the best of our knowledge and capture the direct use of an implication to prove its consequent. The right rule for corresponds to the necessitation rule. Observe that we can introduce a formula A only in the case when we derive A without resorting to any true hypothesis. This formulation is the key to validate the deduction theorem in Hilbert axiomatic systems for modal logic. See for instance [9]. The left rule L is discussed in our previous work [5] and represents a transference principle between contexts: we can move a valid hypothesis A to the truth context by modalizing it. Finally LV says that to use an assumption A which is valid, it suffices to use only A. These left rules for necessity allow to replace a modal reasoning about A, for a propositional reasoning about A.
Let us show a couple of derivations in our system.
Example 2. The following is a proof of The above proofs can be read according to the usual definition of forward derivation, though actually they were gained from a bottom-up proof construction process, which corresponds to the below notion of derivation given originally by Kanger [11].
Definition 1 (Derivationà la Kanger). A proof or derivation of ∆|Γ A is a finite sequence of sequents Π = J 1 , . . . , J k such that J 1 is ∆|Γ A and for every 1 ≤ i ≤ k one of the following conditions hold: Thus, a derivation starts with the sequent sought after, whereas the usual notion of formal proof ends with it. Also, for any given sequent, the premisses that allow to conclude it appear later in the sequence. This gives an idea of backward proof. Regrettably, even when this intuitive notion permeates Kanger's work, the concept is not engaged, for the proofs there are written forwards. Moreover, like the examples above show, the mere sequence does not let us keep a trace of the proof-search process. Our purpose here is to give a formal notion of backward proof for modal logic that corresponds to the kind of techniques implemented in proof assistants, thus resolving the just mentioned issues. But first let us observe that GS4 indeed captures the constructive modal logic S4 for necessity. Theorem 1. The sequent calculus GS4 exactly captures the constructive modal logic S4 Proof (Sketch). It is easy to show that the characteristic axioms of S4, namely K, T and 4 are derivable in GS4. Moreover, by structural induction on the respective derivability relations, we can show that GS4 is equivalent to the dual natural deduction system N S4 of [5] (we omit the proof details due to lack of space), where we also give a detailed and formally verified proof of the equivalence of N S4 with an axiomatic system for S4.

Backward proofs in GS4
To being able to formalize our notion of backward proof, let us first introduce a useful device to sequents, namely labelled hypotheses [7], which are pairs of the form H : A where H is a label or shortcut to refer to A. The set of labels is taken to be disjoint with the set of names in the current signature. A labelled context Γ is a set of labelled hypotheses Γ = {H 1 : Moreover, in a context of the form Γ, H : A; Γ we assume that A is not in Γ ; Γ and that H is a new label not used in Γ ; Γ . The use of labels does not contribute much to the usual system of forward derivations, but as we will see soon it is very useful to the backward approach. In the following we use labelled contexts where they account for simplicity. Otherwise, we use conventional contexts.
The process of backward proof construction of a given sequent S consists of searching for an inference rule R whose conclusion matches S and then to continue the proof-search with the premisses S or S 1 , S 2 of R. This backward reading of the inference rules is called a tactic. A backward proof will be a particular sequence of tactics. Let us formalise these concepts. where [·] denotes the empty goal sequence. Moreover, if S 1 , S 2 ∈ GSeq then by S 1 ; S 2 we mean the concatenation 3 of S 1 with S 2 .
We define now a transition system of tactics corresponding to backward proof-search. Definition 3. The transition system of tactics for GS4 is defined as follows: -The non-empty set of states is the set of goal sequences GSeq.
-An initial state is a singleton sequence 4 .
-[·] is the unique terminal state.
-The transition relation ⊆ GSeq × GSeq is inductively defined by the below axioms and inference rule, where a transition S 1 S 2 can be read as "to prove the sequents in S 1 it suffices to prove the sequents in S 2 ". Sequencing:

Conclusion analysis (right sequent rules):
A basic transition transforms a singleton goal sequence into a, perhaps empty, sequence of subgoals dictated by the backwards reading of an inference rule of GS4. The (seq) rule determines the order in which goals are solved, namely from the first (most left) goal in the current sequence of pending goals. Also observe that each cut rule has two corresponding tactics, namely cut and assert. The difference being only operational: either we first prove the lemma and then use it or viceversa.
Finally we can give the promised definition of a backward proof.

Definition 4. A backward proof of ∆|Γ
A is a finite sequence of states S 1 , . . . , S k such that Therefore a backward proof of a sequent ∆|Γ A is a finite sequence of tactics that ends in the empty sequence of goals [·], meaning that the proof-search of the original goal ∆|Γ A has no pending subgoals left to prove. This transition sequence of tactics corresponds to the bottom-up construction of a derivation tree by means of a left-to-right depth-first proof search.
Let us present now some particular examples of backward proofs that intend to show the adequacy of our secuent calculus GS4 for interactive proof-search.

Example 3. The following is a backward proof of
Example 4. The following is a proof of The above example shows the utility of the cut rule with a valid hypothesis, implemented by means of the vassert tactic.
We discuss next the equivalence of backward and forward proofs.

Equivalence
In this section we formally prove that our backward approach is equivalent to the usual notion of (forward) derivation. Let us start by noting that, according to definition 4, a backward proof is a chaining sequence of particular instances of the relation . Therefore a backward proof of the sequent ∆|Γ A corresponds to an instance of the transitive closure of the relation. For the proof of the equivalence, it will be useful to work directly with this relation.
Definition 5. The transitive closure of the relation , denoted + , is inductively defined by the following rules: The following rule is admissible: Proof. Induction on S 1 + S 2 . If S 1 S 2 , then the rule (seq) yields S 1 ; S S 2 ; S and by rule (tc1) we get S 1 ; S + S 2 ; S. Assume now that S 1 S 1 and S 1 + S 2 . By rule (seq) we have S 1 ; S S 1 ; S and the I.H. yields S 1 ; S + S 2 ; S, therefore rule (tc2) allows us to conclude S 1 ; S + S 2 ; S. Definition 6. We say that a goal sequence S = def G 1 , . . . , The next lemma shows that solvability of sequences is rearward preserved by the transition relation . Lemma 2. If S 1 S 2 and the sequence S 2 is solvable then S 1 is solvable.
Proof. It is clear that the property holds for the basic transitions, since these correspond to the inference rules of our sequent calculus. The result follows by an easy induction on .
The above property is easily lifted to the transitive closure + . Lemma 3. If S 1 + S 2 and the sequence S 2 is solvable then S 1 is solvable.
We are now ready to prove the desired equivalence.
Theorem 2 (Equivalence of forward and backward proofs). Let ∆|Γ A be any sequent. The following conditions are equivalent: Proof. The ⇐) direction is immediate from lemma 3, since the sequence [·] is trivially solvable. We prove the ⇒) direction by induction on the derivability of ∆|Γ A.We show here only some cases leaving the others to the reader. The split tactic yields the first transition, after that, the second step is an application of the rule (seq + ) using the IH ∆|Γ A + [·]; finally, the last step is justified by the IH ∆|Γ B where the first step corresponds to the apply tactic and the second is given by the IH. where the first step is an instance of the assert A tactic, and the remaining are gained from the inductive hypotheses.
The above theorem guarantees the reliability of the proof-search process: if ∆|Γ A is derivable then the interactive proof-search process succeeds and viceversa. This finishes our exposition.

Final Remarks
In this paper we presented a dual sequent calculus GS4 for the constructive modal logic S4 of necessity, and showed that it is adequate for interactive backward proof-search. The rules for handling the necessity operator are simple and intuitive due to the use of dual contexts, a feature that also let us define, in a simple way, a bottom-up construction process by means of a left-to-right depthfirst proof-search. This procedure was captured with a formal notion of backward proof which results equivalent to the usual definition of forward proof. This work is the first step in a study of proof-search in modal logic whose natural continuation consists in the proof of the cut-elimination theorem in order to validate if GS4 is loop-free and then can be also adequate for full automatization. As usual, a proof of cut-elimination is not trivial. In our particular case we actually need to eliminate the two versions (Cut) and (CutV) of the cut-rule. However, the rules ( L) and ( LV) for the necessity operator allow us to prove the admissibility of (CutV) from that of (Cut) in a direct way. We are currently finding out if we can do the same for the left rules for valid contexts, a feature that would heavily simplify the proof of cut-elimination for the rule (Cut). Another part of this future inquiry is the extension of the current approach to the full modal logic S4, both constructively, where ♦ is not a dual of , but also classically. In this last case additional research about proof-search with negation is required. The final purpose of this program is to show the utility of our deductive systems for actual case studies in some specific areas, like argumentation theory in the lines of [3,8] or proof-search in multi-agent dialogues related to the work of [19].