A Complete Proof System for First Order Interval
Temporal Logic with Projection
Dimitar P. Guelev∗
Abstract
This paper presents an ω-complete proof system for the extension of first order
Interval Temporal Logic (ITL, [12, 15, 4]) by a projection operator [16, 11]. Alternative earlier approaches to the axiomatisation of projection in ITL are briefly
presented and discussed. An extension of the proof system which is complete for
the extension of Duration Calculus (DC , [24]) by projection is also given.
Introduction
First Order Interval Temporal Logic (ITL) was introduced in [12, 15] as a tool for the
formal specification and verification of hardware systems. The completeness of a proof
system for ITL with respect to an abstractly defined class of frames was first presented
in [4]. Numerous extensions of ITL have been shown to be useful in the specification of
various kinds of software and hardware systems. Among these are the real time based
Duration Calculus (DC) [24] and various extensions of it, which include iteration and
more general fixed point operators [5, 18, 8], higher-order quantifiers [18, 22, 8] and
expanding modalities [23, 19].
A binary modal operator called projection and denoted by Π was first introduced
to discrete time ITL in [12]. This operator subjects its second formula operand to
evaluation at an interval of time which is obtained by keeping only some of the points
of the reference interval, including the end points. The points to be kept are those
which satisfy the first operand of Π. In [16, 17], another variant of projection was
introduced. It was denoted by proj in [16] and by 4 [17], and differs from Π in
the way the first operand determines the time points from the reference interval to be
selected. A similar projection operator, denoted by (.\\.), was introduced to DC in
[11]. DC is a real-time logic and the introduction of projection made it necessary
to admit finite nonempty sets of time points as ”intervals” along with the ”ordinary”
closed and bounded real-time intervals, which are the possible worlds in DC from the
view point of Kripke semantics.
All the projection operators mentioned above have been introduced to enable the
concise and flexible specification of time granularity, which is essential for the conve∗ School of Computer Science,
[email protected]
The University of Birmingham,
1
United Kingdom E-mail:
nience of choosing different levels of abstraction for the specification of hardware behaviour. In discrete-time ITL, the operators Π and proj provide access from discretetime intervals of finer granularity to discrete-time intervals of coarser granularity, thus
providing expressiveness for the specification of systems in which the initial step of
discretisation of time has already been made. The generalisation proposed in [11]
allows the reasoning about this initial time discretisation step itself to be formalised
within the logic. Along with the convenience of reasoning about the behaviour of single discrete-time systems at different levels of time granularity, this more general form
of projection facilitates the specification of systems which have multiple discrete-time
components with possibly independent clock rates. That is why the projection operator
from [11] significantly enhances the expressive power of DC by enabling combined
specifications of dense- and discrete-time properties of the modelled systems. Another
interesting real-time projection operator, which can be regarded as a real-time variant
of Π, has been studied in [9, 10].
In this paper we present a complete proof system for the extension of abstract time
ITL as introduced in [4] by a projection operator that we denote by (.\\.). The operator
we study here is a straighforward generalisation of that from [11], except that it allows
vacuous projection, like 4. This operator leads to a system of abstract-and-discrete
time ITL. Both DC and discrete time ITL with projection can be regarded as special
cases of this system. The variants of projection in ITL with and without vacuous
projection are interdefinable. The one with vacuous projection is technically more
convenient and therefore we develop our proof system and its completeness argument
for this variant of the projection operator.
The proof system we present is ω-complete and contains one infinitary rule, which
is related to the ITL modal operator called iteration. Iteration is known in ITL and
DC and can be regarded as a special case of projection. We obtained this proof system
by extending the complete proof system for abstract time ITL known from [4]. Our
completeness argument is an extension of the one given in that article too, and follows
closely the version of that completeness argument for the ω-complete proof system for
abstract time DC developed in [6].
1
Preliminaries on ITL with projection
In this paper ITL\\ stands for the extension of abstract time ITL by the projection
operator (.\\.) to be defined below. The model of time for ITL from [4] includes
a linearly ordered set of time points, and a measure function which maps bounded
intervals of time to their durations. Durations themselves are required to constitute an
appropriate kind of linearly ordered semigroup. This is what we mean by abstract time
in this paper too. In fact, frames for ITL\\ are ITL frames with the measure function
straightforwardly extended to include the durations of discrete-time intervals. In this
section we give a brief formal introduction to ITL\\ .
2
1.1 Languages
An ITL\\ language is essentially a first order language extended by the ITL-specific
binary modality (.; .) and the ITL\\ -specific binary modality (.\\.). The vocabulary
of an ITL\\ language consists of constant symbols c, d, . . . , function symbols f , g,
. . . and relation symbols R, S, . . . . Function symbols and relation symbols have arity
to indicate the number of arguments their occurrences take in terms and atomic formulas, respectively. Furthermore, every ITL\\ vocabulary contains countably many
individual variables x, y, . . . . Non-logical symbols are either flexible or rigid, depending on whether their interpretations depend on reference intervals or not, respectively,
as it becomes clear below.
Given the vocabulary of an ITL\\ language, its terms t and formulas ϕ are defined
by the following BNFs:
t ::= c | x | f (t, . . . , t)
ϕ ::= ⊥ | R(t, . . . , t) | ϕ ⇒ ϕ | (ϕ; ϕ) | ϕ∗ | (ϕ\\ϕ) | ∃xϕ
Terms and formulas that are built using no modalities and flexible symbols are called
rigid. The other terms and formulas are called flexible. Every ITL\\ vocabulary contains the rigid constant 0, the flexible constant `, the rigid binary function symbol +
and equality =. In this paper we consider only vocabularies which contain infinitely
many 0-ary flexible relation symbols, because of their special role in our proof system
for ITL\\ .
The two binary operators (.; .) and (.\\.) are known as chop and projection, respectively. Although iteration (.)∗ is definable in ITL\\ , we prefer to regard it as a separate
modality in our presentation, because of its role in our proof system. We always use
parentheses in formulas involving chop and projection. The diversity of notation in
the literature, especially concerning projection, indicates that the unambiguity that our
convention offers is important.
1.2
Frames, models and satisfaction
Definition 1 A time domain is a linearly ordered set. Let hT, ≤i be a time domain.
We denote the set {[τ1 , τ2 ] : τ1 , τ2 ∈ T, τ1 ≤ τ2 } by I(T ) and the set of the nonempty
finite subsets of T by Pfin (T ), respectively. We denote I(T )∪Pfin (T ) by I\\ (T ). The
elements of I(T ), Pfin (T ) and I\\ (T ) are called ordinary intervals, discrete intervals
and just intervals, respectively.
A duration domain is a system of the kind hD, 0(0) , +(2) i which satisfies the following axioms:
(D1) x + (y + z) = (x + y) + z
(D2) x + 0 = x,
0+x=x
(D3) x + y = x + z ⇒ y = z,
x+z =y+z ⇒x=y
(D4) x + y = 0 ⇒ x = 0
(D5) ∃z(x + z = y ∨ y + z = x),
∃z(z + x = y ∨ z + y = x)
Given a time domain hT, ≤i and a duration domain hD, 0, +i, a function m :
3
I\\ (T ) → D is called a measure function, if the following properties hold for all
σ, σ 0 ∈ I\\ (T ):
(M 1) min σ = min σ 0 ∧ m(σ) = m(σ 0 ) ⇒ max σ = max σ 0
(M 2) if σ ∪ σ 0 ∈ I\\ (T ), then max σ = min σ 0 ⇒ m(σ) + m(σ 0 ) = m(σ ∪ σ 0 )
(M 3) m(σ) = x + y ⇒ ∃τ ∈ σ m([min σ, τ ]) = x for σ ∈ I(T )
(M\\ ) m(σ) = m([min σ, max σ]) for σ ∈ Pfin (T )
Here, as usual, min σ and max σ stand for the least and the greatest time point of the
interval σ, respectively, in the sense of the ordering ≤ on T .
A linear ordering can be defined on duration domains by putting
x ≤ y iff ∃z(x + z = y).
The only ITL\\ -specific axiom about measure functions here is M\\ . It postulates
that removing all but finitely many internal points from an interval does not affect its
duration. This choice of extending m to discrete intervals differs from the one in [16]
where all intervals are discrete and the duration of an interval is defined by means of
the number of its points. In the sequel we denote unions σ ∪ σ 0 of intervals σ, σ 0 such
that min σ 0 = max σ and either σ, σ 0 ∈ I(T ) or σ, σ 0 ∈ Pfin (T ) by σ; σ 0 . We tacitly
assume min σ 0 = max σ wherever we use σ; σ 0 . For example, in this notation M 2 can
be abbreviated to m(σ) + m(σ 0 ) = m(σ; σ 0 )
Definition 2 An ITL\\ frame is a tuple of the form hhT, ≤i, hD, 0, +i, mi where
hT, ≤i is a time domain, hD, 0, +i is a duration domain and m : I\\ (T ) → D is a
measure function.
The real-time based frame FR = hhR, ≤R i, hR+ , 0R , +R i, λσ. max σ − min σi
where R+ stands for the set of the non-negative reals is undoubtedly the most interesting ITL\\ frame. Since Pfin (R) consists of the finite sets of reals, the frame FR embeds the practically significant model of timed state sequences where states are labelled
with real-valued time stamps. Correspondence between the validity of DC formulas
on timed state sequences and their validity in real time has been studied in [2]. Another
interesting ITL\\ frame is FZ = hhZ, ≤Z i, hN, 0N , +N i, λσ. max σ − min σi. Since
bounded intervals of integers are finite, we have Pfin (Z) = I(Z).
Definition 3 Given an ITL\\ language L and an ITL\\ frame F with its components
named as above, a function I on the vocabulary of L is an interpretation of L into F ,
if it satisfies the following conditions:
◦ I(c) ∈ D, I(f ) : Dn → D, and I(R) : Dn → {0, 1} for rigid constant symbols c,
and n-ary rigid function symbols f and relation symbols R
◦ I(c) : I\\ (T ) → D, I(f ) : I\\ (T ) × Dn → D, and I(R) : I\\ (T ) × Dn → {0, 1}
for the corresponding kinds of flexible symbols;
◦ I(x) ∈ D for individual variables x;
◦ I(=) is =, I(0) = 0, I(+) = +, and I(`) = m.
Given an ITL\\ language L, an ITL\\ model for L is a pair of the form hF, Ii
where F is an ITL\\ frame and I is an interpretation of L into I.
4
Given a frame F , we denote its components by hTF , ≤F i, hDF , 0F , +F i and mF ,
respectively. The same applies to models. We denote the frame and the interpretation
of a model M by FM and IM , respectively.
Definition 4 Given an ITL\\ language L, a model M = hF, Ii for it, and an interval
σ ∈ I\\ (TF ), the value Iσ (t) of a term t in L is defined by induction on the construction
of t as follows:
Iσ (c)
= I(c)
for rigid constants c
Iσ (c)
= I(c)(σ)
for flexible constants c
Iσ (f (t1 , . . . , tn )) = I(f )(Iσ (t1 ), . . . , Iσ (tn ))
for rigid n-ary f
Iσ (f (t1 , . . . , tn )) = I(f )(σ, Iσ (t1 ), . . . , Iσ (tn )) for flexible n-ary f
Given an interpretation I of an ITL\\ language L into a frame F , a symbol s from L
and an object a of the type of I(s) in F , we denote the interpretation which assigns a
to s and is equal to I for all the other symbols from the vocabulary of L by Isa .
Definition 5 We define the relation M, σ |= ϕ where M = hF, Ii is an ITL\\ model
for some language L, σ ∈ I\\ (TF ) and ϕ is a formula in L by induction on the construction of ϕ as follows:
M, σ 6|= ⊥
M, σ |= R(t1 , . . . , tn ) iff I(R)(Iσ (t1 ), . . . , Iσ (tn )) = 1, for rigid n-ary R
M, σ |= R(t1 , . . . , tn ) iff I(R)(σ, Iσ (t1 ), . . . , Iσ (tn )) = 1, for flexible n-ary R
M, σ |= ϕ ⇒ ψ
iff either M, σ |= ψ or M, σ 6|= ϕ
M, σ |= (ϕ; ψ)
iff M, σ1 |= ϕ and M, σ2 |= ψ
for some σ1 , σ2 ∈ I\\ (TF ) such that σ1 ; σ2 = σ
M, σ |= ϕ∗
iff either min σ = max σ
or there exist an n > 0 and σ1 , . . . , σn ∈ I\\ (TF )
such that σ1 ; . . . ; σn = σ and M, σi |= ϕ, i = 1, . . . , n
M, σ |= (ψ\\ϕ)
iff either min σ = max σ and M, σ |= ϕ,
or there exist an n > 0 and σ1 , . . . , σn ∈ I\\ (TF )
such that σ1 ; . . . ; σn = σ, M, σi |= ψ, i = 1, . . . , n,
and M, {min σ1 , max σ1 , . . . , max σn } |= ϕ
M, σ |= ∃xϕ
iff hF, Ixa i, σ |= ϕ for some a ∈ DF
Note that the clause about the satisfaction of formulas of the kind (ψ\\ϕ) always
refers to satisfaction of ϕ at a discrete interval, while in other clauses intervals on the
right side are of the same kind as that on the left side.
1.3 Abbreviations
First order logic abbreviations and infix notation are used in ITL\\ in the ordinary way.
These include the constant >, the connectives ¬, ∧, ∨ and ⇔ and quantifier ∀. We use
t1 ≤ t2 to abbreviate the formula ∃x(t1 + x = t2 ) which defines the standard linear
ordering on durations. The following abbreviations are specific to the modal operators
(.; .), (.\\.) and (.)∗ :
3ϕ ­ (>; ϕ; >), 2ϕ ­ ¬3¬ϕ
ϕ0 ­ ` = 0, ϕk+1 ­ (ϕk ; ϕ) for k < ω
5
ϕ+ ­ (ϕ∗ ; ϕ)
(ϕ1 \\ϕ2 \\ . . . \\ϕn ) ­ (ϕ1 \\ . . . \\(ϕn−1 \\ϕn ) . . .)
(ϕ1 ; ϕ2 ; . . . ; ϕn ) ­ (ϕ1 ; . . . ; (ϕn−1 ; ϕn ) . . .)
Note that we use 3 and 2 to abbreviate formulas in the way that has been adopted in the
literature on DC, which is different from their use as discrete-time ITL abbreviations.
Iteration can be defined using (.\\.) by the equivalence ϕ∗ ⇔ (ϕ\\>). However, we
prefer to regard it as an independent operator.
The possibility for M, σ |= (ϕ\\ψ) to hold due to min σ = max σ and M, σ |= ψ
is called vacuous projection. This possibility is ruled out in the version of the operator
in [11]. The projection of ϕ and ψ there is equivalent to (ϕ\\ψ) ∧ ϕ+ .
1.4 A proof system for ITL
ITL (without projection) can be defined by restricting the above definitions to I(T )
wherever I\\ (T ) is involved and disregarding the clauses which refer to discrete intervals or the operators (.\\.) and (.)∗ . Here follows the proof system for ITL which was
proved complete in [4].
(A1l ) (ϕ; ψ) ∧ ¬(χ; ψ) ⇒ (ϕ ∧ ¬χ; ψ)
ϕϕ⇒ψ
(A1r ) (ϕ; ψ) ∧ ¬(ϕ; χ) ⇒ (ϕ; ψ ∧ ¬χ)
(MP )
ψ
(A2)
((ϕ; ψ); χ) ⇔ (ϕ; (ψ; χ))
ϕ
(G)
(Rl )
(ϕ; ψ) ⇒ ϕ if ϕ is rigid
∀xϕ
ϕ
(Rr )
(ϕ; ψ) ⇒ ψ if ψ is rigid
(Nl )
¬(¬ϕ; ψ)
(Bl )
(∃xϕ; ψ) ⇒ ∃x(ϕ; ψ) if x is not free in ψ
ϕ
(Br )
(ϕ; ∃xψ) ⇒ ∃x(ϕ; ψ) if x is not free in ϕ (Nr )
¬(ψ; ¬ϕ)
(L1l ) (` = x; ϕ) ⇒ ¬(` = x; ¬ϕ)
ϕ⇒ψ
(Mono l )
(L1r ) (ϕ; ` = x) ⇒ ¬(¬ϕ; ` = x)
(ϕ; χ) ⇒ (ψ; χ)
(L2)
(` = x; ` = y) ⇔ ` = x + y
ϕ⇒ψ
(Mono r )
(L3l ) ϕ ⇒ (` = 0; ϕ)
(χ; ϕ) ⇒ (χ; ψ)
(L3r ) ϕ ⇒ (ϕ; ` = 0)
This system also includes first order logic axioms, equality axioms and the axioms
D1-D5 about duration domains. Substitution [t/x]ϕ of individual variable x by term t
in formula ϕ is allowed in axiom instances only if t is rigid or x does not occur in the
scope of modal operators in ϕ. This system is sound with respect to the semantics of
ITL\\ too, except for the axiom L2, which fails in the case of discrete intervals.
2
A proof system for ITL\\
In order to present our proof system for ITL\\ , we need to introduce some special
abbreviations. Given two formulas ϕ and ψ, we define a formula ϕψ . The new formula
is meant to be equivalent to (ψ\\ϕ), provided that ψ has the property defined below in
the considered ITL\\ models and intervals.
Definition 6 Let M be a model for some ITL\\ language L and ψ be a formula in L.
Let σ ∈ I\\ (TM ). Then ψ has the unique partition property at the interval σ in the
model M if either min σ = max σ and M, σ 6|= ψ, or there exist a finite set of time
6
points τ0 < τ1 < . . . < τn−1 < τn in σ such that τ0 = min σ, τn = max σ and the
only subintervals σ 0 of σ which satisfy M, σ 0 |= ψ are σ ∩ [τi−1 , τi ], i = 1, . . . , n.
A formula ψ which has the unique partition property at some interval σ in a model M
can be used to unambiguously specify the discrete ”sub”interval {τ0 , τ1 , . . . , τn−1 , τn }
of a nonzero length interval σ, where τ0 , . . . , τn , are the time points in σ which occur in
the definition of the unique partition property above. In case σ is a 0-length interval, its
only subinterval is σ itself, both discrete and ordinary. The discrete interval which can
be specified this way is of the kind that appears in the definition of M, σ |= (ψ\\ϕ) for
arbitrary ϕ. That is why a ψ with the unique partition property can be used as a witness
for the satisfaction of formulas of the kind (χ\\ϕ), provided that M, σ |= 2(ψ ⇒ χ).
The unique partition property can be characterised by an axiom as follows:
Lemma 7 Let M be a model for some ITL\\ language L, σ ∈ I\\ (TM ) and ψ be a
formula in L. Then ψ has the unique partition property at σ in M iff
M, σ |= ψ ∗ ∧ ¬(ψ ∗ ; ψ ∧ ((ψ; ` 6= 0) ∨ ` = 0); ψ ∗ ) ∧ ¬(>; ψ; ¬ψ ∗ ) ∧ ¬(¬ψ ∗ ; ψ; >)
.
Proof: If ψ has the unique partition property at σ, then a direct check shows that the
above formula holds for ψ at σ.
For the opposite implication, consider the case min σ = max σ first. In this case
M, σ |= ¬(ψ ∗ ; ψ ∧ ((ψ; ` 6= 0) ∨ ` = 0); ψ ∗ )
is equivalent to
M, σ |= ¬(ψ ∧ ((ψ; ` 6= 0) ∨ ` = 0))
and this implies M, σ 6|= ψ, because M, σ |= ` = 0.
In case min σ 6= max σ, M, σ |= ψ ∗ implies that there is a subinterval σ 0 of σ such
that M, σ 0 |= ψ. Now
M, σ |= ¬(>; ψ; ¬ψ ∗ ) ∧ ¬(¬ψ ∗ ; ψ; >)
implies that M, σ ∩ [min σ, min σ 0 ] |= ψ ∗ and M, σ ∩ [max σ 0 , max σ] |= ψ ∗ . This
means that there is a finite set of time points τ0 < τ1 < . . . < τn−1 < τn in σ
such that min σ = τ0 , max σ = τn , M, σ ∩ [τi−1 , τi ] |= ψ for i = 1, . . . , n and
σ 0 = σ ∩ [τi−1 , τi ] for some i ∈ {1, . . . , n}. For the sake of contradiction, assume that
0
< τm in σ such
there exists another finite set of time points τ00 < τ1 < . . . < τm−1
0
0
0
0
that min σ = τ0 , max σ = τm , M, σ ∩ [τi−1 , τi ] |= ψ for i = 1, . . . , m. Then there is
a least i such that τi 6= τi0 . Clearly, 0 < i ≤ min(m, n). Then
M, σ ∩ [τi−1 , max(τi , τi0 )] |= ψ ∧ ((ψ; ` 6= 0) ∨ ` = 0).
This implies that
M, σ |= (ψ ∗ ; ψ ∧ ((ψ; ` 6= 0) ∨ ` = 0); ψ ∗ ),
which is a contradiction. a
7
The formula ϕψ we mention in the beginning of this section is defined by induction
on the construction of ϕ as follows:
⊥ψ
­ ⊥
(R(t1 , . . . , tn ))ψ ­ R(t1 , . . . , tn ) ∧ ψ ∗
for rigid R(t1 , . . . , tn )
(R(t1 , . . . , tn ))ψ ­ (` = 0 ∧ R(t1 , . . . , tn ))∨
for flexible
(` 6= 0 ∧ (ψ\\R(t1 , . . . , tn )) ∧ ψ ∗ ) R(t1 , . . . , tn )
ψ
∗
(ϕ1 ⇒ ϕ2 )ψ
­ (ϕψ
1 ⇒ ϕ2 ) ∧ ψ
ψ
(ϕ1 ; ϕ2 )ψ
­ (ψ ∗ ∧ ϕ1 ; ψ ∗ ∧ ϕψ
2)
(ϕ∗ )ψ
­ (ψ ∗ ∧ ϕψ )∗
(ϕ1 \\ϕ2 )ψ
­ (ϕψ
1 \\ϕ2 )
ψ
(∃xϕ)
­ ∃x(ϕψ )
Following our notational conventions, we regards formulas of the form (t1 = t2 )ψ as
instances of (R(t1 , t2 ))ψ here.
To denote the formula which occurs in Lemma 7 concisely, we use the abbreviations
3ψ ϕ ­ (ψ ∗ ; ϕ; ψ ∗ )
2ψ ϕ ­ ¬3ψ ¬ϕ
∗
ψ ­ ψ ∗ ∧ 2ψ (ψ ⇒ (` 6= 0 ∧ ¬(ψ; ` 6= 0))) ∧ ¬(>; ψ; ¬ψ ∗ ) ∧ ¬(¬ψ ∗ ; ψ; >)
∗
It can easily be shown by induction on the construction on ϕ that, if M, σ |= ψ , then
M, σ |= 2ψ ((ψ\\ϕ) ⇔ ϕψ ) .
∗
We use formulas like ϕψ and ψ extensively to present our axioms and rules for ITL\\
concisely. For technical reasons, we also introduce abbreviations for some kinds of
formulas with nested occurrences of (.\\.). Let ϕ0 , . . . , ϕn , R1 , . . . , Rn , and ti,j ,
i = 1, . . . , n, j = 1, 2, be ITL\\ formulas, 0-ary (flexible) relation symbols and terms,
respectively. We introduce the sequence of formulas
proj(ϕk , tk+1,1 , tk+1,2 , Rk+1 , ϕk+1 , . . . , ϕn−1 , tn,1 , tn,2 , Rn , ϕn ), k = 0, . . . , n.
The kth member of this sequence takes 4(n − k) + 1 arguments. These are ϕk , . . . ,
ϕn , with ti,1 , ti,2 , Ri , inserted between ϕi−1 and ϕi , i = k + 1, . . . , n. We define the
formulas proj(. . .) by the clauses:
proj(ϕn ) ­ ϕn
proj(ϕk−1 , tk,1 , tk,2 , Rk , ϕk , . . . , ϕn−1 , tn,1 , tn,2 , Rn , ϕn ) ­
∗
(` = tk,1 ; Rk ∧2(Rk ⇒ ϕk−1 )∧proj(ϕk , . . . , ϕn−1 , tn,1 , tn,2 , Rn , ϕn )Rk ; ` =
tk,2 )
4(n − k) + 1-ary proj(. . .) is meant to correspond to n − k projections, each preceded
by the selection of a subinterval, in the way ϕψ corresponds to a single projection. The
0-ary relation symbols R1 , . . . , Rn here determine the particular subinterval partitions
involved in satisfying the considered projections. The terms ti,j , i = 1, . . . , n, determine the subintervals involved in the considered subinterval selections. We introduce
concise notation for the formulas which express these n−k projections and subinterval
selections by straightforward use of the operator (.\\.) as follows:
t
(ψ\\t21 ϕ) ­ (` = t1 ; (ψ\\ϕ), ` = t2 ), for arbitrary ϕ, ψ, t1 and t2
t
t
tn,2
t
tk+1,2
t
(ϕk−1 \\tk,2
ϕk \\tk+1,2
. . . \\tn,1
ϕn ) ­ (ϕk−1 \\tk,2
(ϕk \\tk+1,1
. . . \\tn,2
ϕn ))
n,1
k,1
k+1,1
k,1
It can be shown that, if R1 ,. . . ,Rn do not occur in ϕ0 , . . . , ϕn , then
t
t
n,2
(ϕ0 \\t1,2
ϕ1 . . . ϕn−1 \\tn,1
ϕn )
1,1
8
is equivalent to
∃R1 . . . ∃Rn proj(ϕ0 , t1,1 , t1,2 , R1 , ϕ1 , . . . , ϕn−1 , tn,1 , tn,2 , Rn , ϕn ),
where the quantifier prefix ∃R1 . . . ∃Rn is interpreted in the ordinary way. However,
such quantification is not allowed in ITL\\ . To axiomatise this equivalence without
involving such quantification explicitly is the main idea behind the proof system for
ITL\\ that we present in this paper.
In order to present our proof system we also need a class of ITL\\ formulas that
we call plain chop formulas. These are formulas of the kind
(` = c1 ∧ R; . . . ; ` = cn ∧ R)
where R stands for a (flexible) 0-ary relation symbol and c1 , . . . , cn , are rigid constants.
For the case of n being 1 the above formula is just ` = c1 ∧ R.
The last abbreviation we introduce here is
δ ­ ¬(` 6= 0; ` 6= 0)
Clearly, M, σ |= δ, iff σ is either 0-length or discrete with no internal points, that is, iff
σ = {min σ, max σ}. Hence M, σ |= δ ∗ iff σ ∈ Pfin (TM ). For an example of the use
of δ we make below, let ϕ be (` = c1 ∧ R; . . . ; ` = cn ∧ R). Then M, σ |= [δ/R]ϕ
iff σ is a discrete interval which can be represented in the form σ1 ; . . . ; σn where
M, σi |= ` = ci , and none of the intervals σ1 , . . . , σn has internal points.
2.1 The system
The proof system we propose for ITL\\ consists of the axioms and rules from the
proof system for ITL with the exception of the axiom L2, and axioms and rules about
iteration, discrete intervals and (.\\.):
Iteration
(I1)
(I2)
` = 0 ∨ (ϕ∗ ; ϕ) ⇒ ϕ∗
∀k < ω (χ1 ; ϕk ; χ2 ) ⇒ ψ
(χ1 ; ϕ∗ ; χ2 ) ⇒ ψ
Discrete Intervals
(L2⇐ )
(L2⇒ )
(DI1)
(DI2)
2(` = x + y ⇒ (` = x; ` = y)) ∨ δ ∗
(` = x; ` = y) ⇒ ` = x + y
δ ∗ ⇒ (ϕ ⇔ (δ\\ϕ))
[>/R]ϕ ⇒ (>\\[δ/R]ϕ), if ϕ is a plain chop formula and R occurs in it
Projection
9
(ϕ\\ψ) ⇔ ϕ∗ ∧ ψ for rigid formulas ψ
ϕ∗ ∧ ` = x ⇔ (ϕ\\` = x)
∗
ψ ∧ 2ψ (ψ ⇒ χ) ∧ ϕψ ⇒ (χ\\ϕ)
proj(ϕ0 , t1,1 , t1,2 , R1 , ϕ1 , t2,1 , t2,2 , R2 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ
(P 2)
t
t
t
(ϕ0 \\t1,2
ϕ1 \\t2,2
. . . \\tn,2
ϕn ) ⇒ θ
1,1
2,1
n,1
∗
(P 3)
ψ ⇒ ((ψ\\ϕ) ⇔ ϕψ )
(P 4)
(ϕ\\(ψ\\χ)) ⇔ ((ϕ\\ψ)\\χ) (PJ7 from [17], (\\-1) from [11])
ϕ
(P N )
∗
ψ ⇒ (ψ\\ϕ)
Instances of P 2 are allowed only if the 0-ary flexible relation symbols Ri , i = 1, . . . , n,
are distinct and do not occur in ϕ1 , . . . , ϕn and θ. In the rest of the paper we mostly
apply a special case of P 2, which is obtained by putting n = 1 and choosing both t1,1
and t1,2 to be 0. This instance of P 2 is equivalent to the rule:
∗
1
R1 ∧ 2(R1 ⇒ ϕ0 ) ∧ ϕR
1 ⇒θ
(P 20 )
, if R1 does not occur in ϕ0 , ϕ1 and θ.
(ϕ0 \\ϕ1 ) ⇒ θ
This rule is probably the most appropriate to illustrate the meaning of P 2. Let an
1
interval σ in a model M satisfy ϕR
1 ⇒ θ for any R1 , provided that R1 has the unique
partition property at σ in M and the partition τ0 < . . . < τn of σ which satisfies
M, σ ∩ [τi−1 , τi ] |= R1 , i = 1, . . . , n is such that M, σ ∩ [τi−1 , τi ] |= ϕ0 , i = 1, . . . , n
as well. Then M, σ |= (ϕ0 \\ϕ1 ) ⇒ θ. The side condition on R1 not to occur in ϕ0 ,
ϕ1 and θ corresponds to the requirement for the premiss of the rule to hold for any R1
with the properties described in the rule. The role of this side condition becomes still
clearer, if we note that (ϕ0 \\ϕ1 ) is equivalent to
∗
1
∃R1 (R1 ∧ 2(R1 ⇒ ϕ0 ) ∧ ϕR
1 ).
This makes our rule resemble a left introduction rule for ∃R1 . Similarly, the intended
meaning of P 1 can be written as
∗
∗
ψ ∧ 2ψ (ψ ⇒ χ) ∧ ϕψ ⇒ ∃R(R ∧ 2(R ⇒ χ) ∧ ϕR )
and provides a way to introduce positive occurrences of (.\\.). However, as we already
mentioned, the quantifier prefix ∃R is not allowed in our language. The instances of
P 2 for n > 1 are convenient for technical reasons to become clear later.
The axiom L2⇐ says that ordinary intervals can be “chopped” at any time point
within their boundaries. Axiom DI1 is based on the fact that δ defines a partition
of the reference interval which involves all of its time points, in case this interval is
discrete. Hence, the interval obtained by taking the chopping points involved in this
partition is the reference interval itself and therefore satisfies the same formulas. DI2
says that, given an arbitrary finite set of points in the reference interval, the discrete
interval which consists of these points, together with the boundaries of the reference
interval, can be accessed by means of (.\\.) from the reference interval. The validity of
P ` follows from M\\ . The meanings of the other axioms and rules are straightforward.
We call a formula ϕ an ITL\\ theorem iff it can be obtained from instances of
axioms of the proof system for ITL\\ by means of the rules of this system. We use the
expression `ITL\\ ϕ to denote that ϕ is an ITL\\ theorem.
(PR)
(P `)
(P 1)
10
3
Completeness of the proof system
In this section we present a Henkin-style completeness argument for our proof system.
We closely follow the argument about ITL from [4]. In what follows we assume that
the extension of the ITL proof system by I1 and I2 only is ω-complete for ITL∗ ,
the extension of ITL by iteration only. (Although iteration is generally regarded as a
basic operator in ITL, the result in [4] does not cover it.) Completeness arguments for
systems with an infinitary rule of this kind for logics with Kleene star are known in the
literature (cf. e.g. [20].) We do not include this proof in this paper, in order to avoid
a lengthy, yet routine presentation, and concentrate on the aspects of the proof system
which are specific to the new operator (.\\.). For the same reason, we mark fragments
of ITL\\ deductions below by ITL∗ and skip the details, in case no ITL\\ -specific
axioms or rules besides I1 and I2, are involved in them. Similarly, we mark purely
first order predicate logic fragments of deduction by P C.
The completeness argument is divided in two major parts. In the first part we establish the properties of ITL\\ theories which are needed for their use in the construction
of a model to show the satisfiability of an arbitrary given consistent set of ITL\\ formulas. The second part is the construction of this model itself. In both of these major
parts we use the ITL\\ theorems which are listed and derived below:
Theorem 8
(T 1) `ITL\\ ¬(ϕ\\⊥)
(T 2) `ITL\\ (ϕ\\∃xψ) ⇒ ∃x(ϕ\\ψ) if x 6∈ F V (ϕ)
(T 3)
(T 4)
(T 5)
`ITL\\ ` = 0 ⇒ ((ϕ\\ψ) ⇔ ψ)
`ITL\\ ϕ∗ ∧ (ϕ\\ψ1 ⇒ ψ2 ) ∧ (ϕ\\ψ1 ) ⇒ (ϕ\\ψ2 )
`ITL\\ 2(ϕ1 ⇒ ϕ2 ) ⇒ ((ϕ1 \\ψ) ⇒ (ϕ2 \\ψ))
(FOLJ1 from [17],
(\\-6) from [11])
((\\-7) from [11])
Proof: In the ITL\\ deductions for the above theorems we assume that R is a 0-ary
flexible relation symbol which does not occur in ϕ, ψ, ϕi , ψi , i = 1, 2.
T 1:
∗
1 R ∧ 2R (R ⇒ ϕ) ∧ ⊥R ⇒ ⊥ P C, the definition of ⊥R
2 (ϕ\\⊥) ⇒ ⊥
1, P 20
T 2:
1
2
3
4
5
6
7
(∃xψ)R ⇔ ∃x(ψ R )
∗
R ∧ 2R (R ⇒ ϕ) ∧ ψ R ⇒ (ϕ\\ψ)
∗
R ∧ 2R (R ⇒ ϕ) ∧ ∃x(ψ R ) ⇒ ∃x(ϕ\\ψ)
∗
R ∧ 2R (R ⇒ ϕ) ∧ (∃xψ)R ⇒ ∃x(ϕ\\ψ)
2(R ⇒ ϕ) ⇒ 2R (R ⇒ ϕ)
∗
R ∧ 2(R ⇒ ϕ) ∧ (∃xψ)R ⇒ ∃x(ϕ\\ψ)
(ϕ\\∃xψ) ⇒ ∃x(ϕ\\ψ)
T 3:
11
ITL, the definition of (∃xψ)R
P1
2, P C
1, 3, P C
ITL∗
4, 5, P C
6, P 20
1
2
3
4
5
6
7
8
9
10
` = 0 ⇒ δ∗
` = 0 ⇒ 2(ϕ ⇒ δ)
δ ∗ ⇒ ((δ\\ψ) ⇔ ψ)
` = 0 ⇒ ((δ\\ψ) ⇔ ψ)
2(ϕ ⇒ δ) ⇒ ((ϕ\\ψ) ⇒ (δ\\ψ))
` = 0 ⇒ ((ϕ\\ψ) ⇒ ψ)
ϕ∗ ∧ 2ϕ (ϕ ⇒ ϕ) ∧ ψ ϕ ⇒ (ϕ\\ψ)
` = 0 ⇒ ϕ∗
2ϕ (ϕ ⇒ ϕ)
` = 0 ∧ ψ ⇒ ψϕ
11
12
` = 0 ⇒ (ψ ⇒ (ϕ\\ψ))
` = 0 ⇒ ((ϕ\\ψ) ⇔ ψ)
T 4:
ITL∗
ITL∗
DI1
1, 3, P C
T5
2, 4, 5, P C
P1
ITL∗
ITL∗
plain induction
on the construction of ψ
7-10, P C
6, 11, P C
1
2
3
4
ϕ∗ ⇒ ((ϕ\\ψ1 ⇒ ψ2 ) ⇔ (ψ1 ⇒ ψ2 )ϕ )
ϕ∗ ⇒ ((ϕ\\ψ1 ) ⇔ ψ1ϕ )
ϕ∗ ⇒ 2ϕ (ϕ ⇒ ϕ)
(ψ1 ⇒ ψ2 )ϕ ⇒ (ψ1ϕ ⇒ ψ2ϕ )
5
6
7
ϕ∗ ∧ (ϕ\\ψ1 ⇒ ψ2 ) ∧ (ϕ\\ψ1 ) ⇒ 2ϕ (ϕ ⇒ ϕ) ∧ ψ2ϕ
ϕ∗ ∧ 2ϕ (ϕ ⇒ ϕ) ∧ ψ2ϕ ⇒ (ϕ\\ψ2 )
ϕ∗ ∧ (ϕ\\ψ1 ⇒ ψ2 ) ∧ (ϕ\\ψ1 ) ⇒ (ϕ\\ψ2 )
1
2
3
4
5
R ∧ 2(R ⇒ ϕ2 ) ∧ ψ R ⇒ (ϕ2 \\ψ)
2(R ⇒ ϕ1 ) ∧ 2(ϕ1 ⇒ ϕ2 ) ⇒ 2(R ⇒ ϕ2 )
∗
R ∧ 2(R ⇒ ϕ1 ) ∧ ψ R ⇒ ((ϕ2 \\ψ) ∨ ¬2(ϕ1 ⇒ ϕ2 ))
(ϕ1 \\ψ) ⇒ ((ϕ2 \\ψ) ∨ ¬2(ϕ1 ⇒ ϕ2 ))
2(ϕ1 ⇒ ϕ2 ) ⇒ ((ϕ1 \\ψ) ⇒ (ϕ2 \\ψ))
T 5:
∗
P3
P3
ITL∗
the definition of
(ψ1 ⇒ ψ2 )ϕ
1-4, P C
P1
5, 6, P C
P1
ITL
1,2, P C
3, P 20
4, P C
a
3.1
ITL\\ theories
Throughout this section L denotes an ITL\\ language. We identify L with the set of
its terms and its formulas. Thus, t ∈ L stands for t is a term in L and ϕ ∈ L stands
for ϕ is a formula in L. Similarly, Γ ⊆ L stands for Γ is a set of formulas in L.
We assume that the vocabulary of L contains no more than countably many symbols
of every kind. Given a set C of rigid constants and flexible 0-ary relation symbols,
the ITL\\ language obtained by adding the symbols from C to the vocabulary of L is
denoted by L(C).
To introduce the notion of an ITL\\ theory in L, we need to define closedness of
sets of formulas Γ ⊆ L under the rules of our proof system for ITL\\ . Closedness
under MP and I2 only can be defined straightforwardly: a set Γ ⊆ L is closed under
these rules, if whenever Γ contains all the premisses of an instance of a rule, Γ also
contains the conclusion of the instance of the rule. The definition becomes a little
more complicated if P 2 gets involved, because this rule has a side condition. Roughly
12
speaking, a derivation by an instance
proj(ϕ0 , t1,1 , t1,2 , R1 , ϕ1 , t2,1 , t2,2 , R2 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ
t
t1,2
t
ϕ1 \\t2,2
. . . \\tn,2
ϕn ) ⇒ θ
(ϕ0 \\t1,1
n,1
2,1
of P 2 from a set of formulas Γ can be unsound, unless the restriction not to contain
occurrences of R1 , . . . , Rn is imposed not only on the formulas ϕ0 , . . . , ϕn and θ, but
on the formulas from Γ too. This is so, because such a derivation is equivalent to an
application of the rule
V
proj(ϕ0 , t1,1 , t1,2 , R1 , ϕ1 , t2,1 , t2,2 , R2 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ ( Γ ⇒ θ)
V
t1,2
t
t
(ϕ0 \\t1,1
ϕ1 \\t2,2
. . . \\tn,2
ϕn ) ⇒ ( Γ ⇒ θ)
2,1
n,1
Yet such a rule cannot be formulated in ITL\\ , because Γ may be infinite. Closedness
under first order logic quantifier-related rules requires some special care too.
To define closedness under these rules soundly, we introduce a relation of derivability as follows:
Definition 9 We define Γ `L ϕ as the smallest relation between sets of formulas Γ,
languages L and formulas ϕ which satisfies the following conditions:
◦ If ϕ ∈ L and `ITL\\ ϕ, then Γ `L ϕ.
◦ If ϕ ∈ Γ and Γ ⊆ L, then Γ `L ϕ.
◦ If Γ `L ψ ⇒ ϕ and Γ `L ψ for some formula ψ ∈ L, then Γ `L ϕ.
◦ If Γ `L (χ1 ; ϕk ; χ2 ) ⇒ ψ for all k < ω, then Γ `L (χ1 ; ϕ∗ ; χ2 ) ⇒ ψ.
◦ If Γ `L({c}) [c/x]ϕ ⇒ ψ for some rigid constant c which is not in the vocabulary of
L, nor occurs in ϕ, ψ, then Γ `L ∃xϕ ⇒ ψ.
◦ If Γ `L({R1 ,...,Rn }) proj(ϕ0 , t1,1 , t1,2 , R1 , ϕ1 , t2,1 , t2,2 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ
for some distinct 0-ary relation symbols R1 , . . . , Rn which are not in L, nor occur in
t1,2
t
t
ϕ0 , . . . , ϕn , θ, then Γ `L (ϕ0 \\t1,1
ϕ1 \\t2,2
. . . \\tn,2
ϕn ) ⇒ θ.
2,1
n,1
Note that the relation ` introduced here is distinct from `ITL\\ , which is used to denote
theoremhood in ITL\\ . Clearly, `ITL\\ ϕ is equivalent to ∅ `L ϕ and ϕ ∈ L for some
ITL\\ language L. Besides, if L0 ⊆ L00 and Γ `L0 ϕ, then obviously Γ `L00 ϕ.
Now let us characterise ` by an inductive definition, in order to be able to reason
about it by means of transfinite induction.
Definition 10 Let Γ `α
L ϕ be a relation between sets of ITL\\ formulas Γ, ITL\\ languages L, ordinals α and ITL\\ formulas ϕ. Let this relation be defined by induction
on α as follows:
Γ `0L ϕ iff ϕ ∈ L, Γ ⊆ L and either `ITL\\ ϕ or ϕ ∈ Γ. For α 6= 0, Γ `α
L ϕ iff at
least one of the following holds:
13
◦
◦
◦
Γ `βL1 ψ ⇒ ϕ and Γ `βL2 ψ for some β1 , β2 < α and some ψ ∈ L.
The formula ϕ is ∃xψ ⇒ χ and Γ `βL({c}) [c/x]ψ ⇒ χ for some β < α and some
rigid constant c which is not in the vocabulary of L, nor occurs in ϕ.
t1,2
tn,2
The formula ϕ is (ϕ0 \\t1,1
. . . \\tn,1
ϕn ) ⇒ θ and
Γ `βL({R1 ,...,Rn }) proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ
◦
for some β < α and some distinct 0-ary flexible relation symbols R1 , . . . , Rn which
are not in the vocabulary of L and do not occur in ϕ.
The formula ϕ is (χ1 ; ψ ∗ ; χ2 ) ⇒ θ and for every k < ω there exists a βk < α such
that Γ `βLk (χ1 ; ψ k ; χ2 ) ⇒ θ.
Induction Principle. Γ `L ϕ is equivalent to ∃α ∈ Ord Γ `α
L ϕ.
Proof: Obviously ∃α ∈ Ord Γ `α
L ϕ defines a relation which satisfies the closedness
conditions on `. Suppose that the relation defined this way is not the smallest one that
satisfies these closedness conditions for the sake of contradiction. Choosing α0 to be
the least ordinal such that there exist a language L, a set of formulas Γ and a formula
0
ϕ which satisfy Γ `α
L ϕ and Γ 6`L ϕ immediately brings a contradiction. a
Lemma 11 Γ `L ϕ implies ϕ ∈ L and Γ ⊆ L.
Proof: Induction on α ∈ Ord for α satisfying Γ `α
L ϕ. a
Given a set Γ ⊆ L, we denote the set {ϕ ∈ L : Γ `L ϕ} by CnL (Γ). CnL (Γ)
consists of the logical consequences of Γ in L which can be derived using our axioms
and rules. Given Γ and a formula ϕ, we denote the set {ψ : Γ `L ϕ ⇒ ψ} by Γ +L ϕ.
Lemma 12 Γ +L ϕ = CnL (Γ ∪ {ϕ}).
Proof: The inclusion Γ +L ϕ ⊆ CnL (Γ ∪ {ϕ}) follows trivially from the closedness
of ` under MP . To show that Γ ∪ {ϕ} `L ψ implies Γ `L ϕ ⇒ ψ, we use induction
α
on α ∈ Ord for α satisfying Γ ∪ {ϕ} `α
L ψ. We prove that if Γ ∪ {ϕ} `L ψ, then there
0
α0
exists an ordinal α such that Γ `L ϕ ⇒ ψ by induction on α. We give details on the
case of ψ being of the form (χ1 ; ψ ∗ ; χ2 ) ⇒ θ and Γ ∪ {ϕ} `α
L ψ being true because
βk
of the existence of some βk < α such that Γ ∪ {ϕ} `L (χ1 ; ψ k ; χ2 ) ⇒ θ, k < ω,
here. In this case the induction hypothesis implies that for every k < ω there exists an
β0
ordinal βk0 such that Γ `Lk ϕ ⇒ ((χ1 ; ψ k ; χ2 ) ⇒ θ). Using that
`ITL\\ (ϕ ⇒ ((χ1 ; ψ k ; χ2 ) ⇒ θ)) ⇒ ((χ1 ; ψ k ; χ2 ) ⇒ (ϕ ⇒ θ))
β 0 +1
and the definition of `(.) , we infer that Γ `Lk
(χ1 ; ψ k ; χ2 ) ⇒ (ϕ ⇒ θ). Let α0
0
∗
be an ordinal that is greater than sup{βk0 + 1 : k < ω}. Then Γ `α
L (χ1 ; ψ ; χ2 ) ⇒
α0 +1
(.)
(ϕ ⇒ θ) by the definition of ` . Just like above, this implies that Γ `L
ϕ ⇒
((χ1 ; ψ ∗ ; χ2 ) ⇒ θ). The cases of Γ ∪ {ϕ} `α
ψ
holding
for
some
other
of
the
possible
L
reasons according to the definition are dealt with in similar ways. a
14
Definition 13 A set Γ ⊆ L is called theory in L, if Γ = CnL (Γ). A theory Γ is called
consistent, if ⊥ 6∈ Γ. A set Γ ⊆ L is called consistent in L if some consistent theory
in L contains it. A theory in L is called maximal in L if it is consistent and it is not
a proper subset of any consistent theory in L. A theory Γ is called complete in L, if
either ϕ ∈ Γ or ¬ϕ ∈ Γ for every ϕ ∈ L.
The conditions ⊥ ∈ CnL0 (Γ) and ⊥ ∈ CnL00 (Γ) are equivalent for any two languages
L0 and L00 which contain Γ. That is why consistency can be regarded as a property
of sets of formulas Γ regardless of the language L involved in the definition of this
property. Using Lemma 12, one can easily show that a theory is complete iff it is
maximal in its language.
The following adaptation of the notion of Henkin theory, which is specific to our
proof system for ITL\\ , plays a key role in further constructions.
Definition 14 A theory Γ in L(C) is called a Henkin theory with witnesses in C, if
◦ ∃xϕ ∈ Γ implies [c/x]ϕ ∈ Γ for some c ∈ C.
◦ Given a natural number n ≥ 1 and ϕi ∈ L(C), i = 0, . . . , n, ti,1 , ti,2 ∈ L(C),
t1,2
t
i = 1, . . . , n, such that (ϕ0 \\t1,1
. . . \\tn,2
ϕn ) ∈ Γ, there exist R1 , . . . , Rn ∈ C such
n,1
that proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ∈ Γ.
For the rest of this section we assume that C consists of countably many rigid constants
and countably many flexible 0-ary relation symbols, none of which is in the vocabulary
of L.
Theorem 15 (Lindenbaum lemma) Let Γ0 ⊂ L be consistent. Then there exists a
maximal Henkin theory Γ ⊂ L(C) with witnesses in C such that Γ0 ⊆ Γ.
Proof: This proof follows a general pattern known from numerous modal logics.
Let the set of all the formulas from L(C) be {ϕk : k < ω}. We define the sequence
of consistent sets Γk ⊂ L(C) so that Γk \ Γ0 is finite for every k < ω. This entails
that formulas from Γk have occurrences of only finitely many elements of C for every
k. Given a set of formulas ∆ ⊂ L(C), we use L(∆) to denote the ITL\\ language
obtained by extending the vocabulary of L with the symbols from C which occur in
the formulas from ∆. The definition of Γk , k < ω, is as follows:
Γ0 is as given in the theorem. Assume that Γk has been defined for some k < ω.
If Γk ∪ {ϕk } is not consistent, then Γk+1 = Γk . Otherwise we consider the following
cases:
1. ϕk is ∃xψ for some ψ ∈ L(C). Then we choose a rigid constant c ∈ C which does
not occur in formulas from Γk , nor in ϕk , and put Γk+1 = Γk ∪ {ϕk , [c/x]ψ}. Assume
that Γk+1 is inconsistent for the sake of contradiction. This implies
Γk `L(Γk ∪{ϕk }) ϕk ⇒ ⊥
by Lemma 12, which contradicts the consistency of Γk ∪ {ϕk }. Hence Γk+1 is consistent.
2. ϕk is (χ1 ; ψ ∗ ; χ2 ) for some χ1 , χ2 , ψ ∈ L(C). Then there exists an n < ω such
that Γk ∪ {ϕk , (χ1 ; ψ n ; χ2 )} is consistent too. Assuming the contrary would bring a
15
contradiction with the given consistency of Γk . We choose an n with the above property
and put Γk+1 = Γk ∪ {ϕk , (χ1 ; ψ n ; χ2 )}.
tn,2
t
ψn ) for some ψi ∈ L(C), i = 0, . . . , n, and ti,1 , ti,2 ∈
3. ϕk is (ψ0 \\t1,2
. . . \\tn,1
1,1
L(C), i = 1, . . . , n, such that ψn is not of the form (` = t0 ; (ψ 0 \\ψ 00 ); ` = t00 ).
The restriction on the form of ψn here is to ensure that ϕk does not satisfy the stated
condition for more than one n. Let
t
t
χj ­ (ψj \\tj+1,2
. . . \\tn,2
ψn ), j = 0, . . . , n − 1, χn ­ ψn .
j+1,1
n,1
t
t
Then ϕk can be also recorded as (ψ0 \\t1,2
. . . \\tj,2
χ ) for j = 1, . . . , n. Let Rij ,
1,1
j,1 j
j = 1, . . . , n, i = 1, . . . , j, be distinct 0-ary flexible relation symbols from C which
do not occur in L(Γk ∪ {ϕk }). Let
Γpk+1 = Γk ∪ {ϕk } ∪ {proj(ψ0 , t1,1 , t1,2 , R1j , . . . , tj,1 , tj,2 , Rjj , χj ) : j = 1, . . . , p}
for p = 1, . . . , n, Γ0k+1 = Γk ∪ {ϕk } and Γk+1 be Γnk+1 . We must prove that Γk+1 is
consistent. We prove that Γpk+1 is consistent by induction on p. Γ0k+1 is consistent by
assumption. Assume that Γpk+1 is consistent and Γp+1
k+1 is inconsistent for some p < n
for the sake of contradiction. Then Lemma 12 entails that
p+1
, χp+1 ) ⇒ ⊥
proj(ψ0 , t1,1 , t1,2 , R1p+1 , . . . , tp+1,1 , tp+1,2 , Rp+1
is a member of CnL(Γp
p+1
p+1
,...,Rp+1
})
k+1 )({R1
(Γpk+1 ), whence Γpk+1 `L(Γpk+1 ) ϕk ⇒ ⊥ by
p+1
the clause about closedness under P 2 in the definition of `, because R1p+1 , . . . , Rp+1
p
p
do not occur in L(Γk+1 ). This entails that Γk+1 is inconsistent too, which is a contradiction.
4. None of the above cases holds. ThenSΓk+1 = Γk ∪ {ϕk }.
Γk is a maximal Henkin theory in L(C) with
A standard argument shows that Γ =
witnesses in C. Clearly Γ ⊃ Γ0 . a
k<ω
Lemma 16 Let Γ be a complete theory in L(C) and (χ1 ; ϕ∗ ; χ2 ) ∈ Γ. Then there
exists a k < ω such that (χ1 ; ϕk ; χ2 ) ∈ Γ.
Proof: Assume that (χ1 ; ϕk ; χ2 ) 6∈ Γ for all k < ω for the sake of contradiction. Then
(χ1 ; ϕk ; χ2 ) ⇒ ⊥ ∈ Γ for all k < ω, because Γ is complete. Hence, (χ1 ; ϕ∗ ; χ2 ) ⇒
⊥ ∈ Γ by I2, because Γ is a theory. This is a contradiction. a
Given sets of formulas Γ, Γ1 , Γ2 ⊆ L(C) and a formula ϕ ∈ L(C), we denote the
set {(ϕ; ψ) : ϕ ∈ Γ1 , ψ ∈ Γ2 } by Γ1 ; Γ2 .
Lemma 17 Let Γ1 , Γ2 and Γ be complete theories in L(C). Let ` = ci ∈ Γi for some
ci ∈ C, i = 1, 2, and Γ1 ; Γ2 ⊂ Γ. Then ϕ ∈ Γ, ϕ ∈ Γ1 and ϕ ∈ Γ2 are equivalent
for rigid ϕ ∈ L(C). Similarly, ψ ∗ ∧ ϕ ∈ Γ is equivalent to (ψ\\ϕ) ∈ Γ for rigid
ϕ ∈ L(C).
Proof: The first part follows from axioms Rl and Rr . The second follows from axiom
PR. a
The following lemma presents some ITL\\ theorems which are essentially theorems in ITL∗ .
16
Lemma 18
∗
∗
(T 6) `ITL\\ R0 ∧ R ∧ 2(R ⇒ R0 ) ⇒ 2(R ⇔ R0 )
∗
∗
∗
(T 7) `ITL\\ R0 ∧ (R0 \\R ) ⇒ (R0 \\R)
Proof: Let M be a model for an ITL∗ language which contains R and R0 . Then
Lemma 7 entails that M, σ |= 2(R ⇔ R0 ) for all intervals σ ∈ I\\ (TM ) such that
∗
∗
M, σ |= R0 , R , 2(R ⇒ R0 ). Hence the formula T 6 is valid in ITL∗ . ITL\\ is a
conservative extension of ITL∗ and we assume that the extension of the proof system
of ITL by I1 and I2 is complete for ITL∗ . Hence the formula T 6 is a theorem in
∗
∗
∗
ITL\\ . The formula T 7 is equivalent to R0 ∧ (R )R0 ⇒ (R0 \\R) by P 3, which is
∗
valid in ITL . Hence T 7 is an ITL\\ theorem too. a
Lemma 19 Let Γ be a set of formulas in L, Γ 6= ∅, and Γ `L ϕ. Let c1 , c2 be two
rigid constants in the vocabulary of L. Then {(` = c1 ; ψ; ` = c2 ) : ψ ∈ Γ} `L (` =
c1 ; ϕ; ` = c2 ).
Proof: Let ∆ denote {(` = c1 ; ψ; ` = c2 ) : ψ ∈ Γ}. We do the proof by induction on
α
α ∈ Ord for α satisfying Γ `α
L ϕ. According to the definition of Γ `L ϕ, at least one
of the following cases holds:
1. ϕ is ITL\\ theorem and ϕ ∈ L. Let ψ ∈ Γ. Then ψ ⇒ ϕ is an ITL\\ theorem
and ψ ⇒ ϕ ∈ L. Hence (` = c1 ; ψ; ` = c2 ) ⇒ (` = c1 ; ϕ; ` = c2 ) is an ITL\\
theorem in L too by Mono l and Mono r . Now ∆ `L (` = c1 ; ϕ; ` = c2 ) follows from
∆ `L (` = c1 ; ψ; ` = c2 ) and ∆ `L (` = c1 ; ψ; ` = c2 ) ⇒ (` = c1 ; ϕ; ` = c2 ) by
MP .
2. ϕ ∈ Γ. Then (` = c1 ; ϕ; ` = c2 ) ∈ ∆, whence ∆ `L (` = c1 ; ϕ; ` = c2 ).
3. There exist β1 , β2 < α and ψ ∈ L such that Γ `βL1 ψ ⇒ ϕ and Γ `βL2 ψ. This case
is dealt with using that
∆ `L (` = c1 ; ψ ⇒ ϕ; ` = c2 ) and ∆ `L (` = c1 ; ψ; ` = c2 )
by the induction hypothesis, and
`ITL\\ (` = c1 ; ψ; ` = c2 ) ⇒ ((` = c1 ; ψ ⇒ ϕ; ` = c2 ) ⇒ (` = c1 ; ϕ; ` = c2 )) .
4. ϕ is ∃xψ ⇒ θ where ψ, θ ∈ L and Γ `βL({c}) [c/x]ψ ⇒ θ for some β < α,
where c is a rigid constant which is not in the vocabulary of L. Then, by the induction
hypothesis,
∆ `L({c}) (` = c1 ; [c/x]ψ ⇒ θ; ` = c2 ).
This entails that
∆ `L({c}) [c/x](` = c1 ; ψ; ` = c2 ) ⇒ (` = c1 ; θ; ` = c2 ).
Hence
∆ `L ∃x(` = c1 ; ψ; ` = c2 ) ⇒ (` = c1 ; θ; ` = c2 )
which implies
∆ `L (` = c1 ; ∃xψ; ` = c2 ) ⇒ (` = c1 ; θ; ` = c2 )
by Bl and Br , and finally
∆ `L (` = c1 ; ∃xψ ⇒ θ; ` = c2 )
t
t
5. ϕ is (ϕ0 \\t1,2
. . . \\tn,2
ϕn ) ⇒ θ where ϕ0 , . . . , ϕn , t1,1 , t1,2 , . . . , tn,1 , tn,2 ∈ L,
1,1
n,1
and
Γ `βL({R1 ,...,Rn }) proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ
17
for some β < α and some R1 , . . . , Rn that are distinct 0-ary relation symbols out of
the vocabulary of L. Then, by the induction hypothesis,
∆ `L({R1 ,...,Rn }) (` = c1 ; proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ; ` =
c2 ).
This entails that
∆ `L({R1 ,...,Rn }) proj(ϕ0 , c1 + t1,1 , t1,2 + c2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒
(` = c1 ; θ; ` =
c2 )
by the definition of proj. Hence
t +c2
tn,2
∆ `L (ϕ0 \\c1,2
. . . \\tn,1
ϕn ) ⇒ (` = c1 ; θ; ` = c2 ),
1 +t1,1
which is equivalent to
t1,2
t
∆ `L (` = c1 ; (ϕ0 \\t1,1
. . . \\tn,2
ϕn ) ⇒ θ; ` = c2 ).
n,1
6. ϕ is (χ1 ; ψ ∗ ; χ2 ) ⇒ θ where ψ, θ ∈ L, and for every k < ω there exists a βk < α
such that
Γ `βLk (χ1 ; ψ k ; χ2 ) ⇒ θ .
Then
∆ `L (` = c1 ; (χ1 ; ψ k ; χ2 ) ⇒ θ; ` = c2 ) ,
whence, by A2, Mono l and Mono r
∆ `L ((` = c1 ; χ1 ); ψ k ; (χ2 ; ` = c2 )) ⇒ (` = c1 ; θ; ` = c2 )
for all k < ω by the induction hypothesis. Hence
∆ `L ((` = c1 ; χ1 ); ψ ∗ ; (χ2 ; ` = c2 )) ⇒ (` = c1 ; θ; ` = c2 ) .
by I2. This is equivalent to
∆ `L (` = c1 ; (χ1 ; ψ ∗ ; χ2 ) ⇒ θ; ` = c2 )
by A2, Mono l and Mono r again. This concludes the proof. a
Given a set of formulas Γ and a formula ϕ, (ϕ\\Γ) stands for {(ϕ\\ψ) : ψ ∈ Γ}.
Lemma 20 Let Γ be a set of formulas in L, and Γ `L ϕ. Let R be a 0-ary flexible
∗
relation symbol in L. Then (R\\Γ) ∪ {R } `L (R\\ϕ).
Proof: Transfinite induction on α ∈ Ord such that Γ `α
L ϕ, like in the proof of Lemma
∗
19. Let ∆ denote (R\\Γ) ∪ {R }. We consider the following cases:
1. ϕ is an ITL\\ theorem and ϕ ∈ L. Then R∗ ⇒ (R\\ϕ) is an ITL\\ theorem in L
∗
too, by the rule P N . Since R ∈ ∆, ∆ `L (R\\ϕ) by MP from ∆ `L R∗ ⇒ (R\\ϕ).
2. ϕ ∈ Γ, then (R\\ϕ) ∈ ∆, whence ∆ `L (R\\ϕ).
3. There exist β1 , β2 < α and ψ ∈ L such that Γ `βL1 ψ ⇒ ϕ and Γ `βL2 ψ. Then, by
the induction hypothesis,
∆ `L (R\\ψ ⇒ ϕ) and ∆ `L (R\\ψ) .
∗
Now, using T 4 of Theorem 8 and R ∈ ∆, we can infer that
∆ `L (R\\ϕ) .
4. ϕ is ∃xψ ⇒ θ and Γ `βL({c}) [c/x]ψ ⇒ θ for some β < α, where c is a rigid
constant which is not in the vocabulary of L. Then, by the induction hypothesis,
∆ `L({c}) (R\\[c/x]ψ ⇒ θ).
This entails that
∆ `L({c}) ([c/x]ψ)R ⇒ θR
by P 3 and the definition of (.)R . Then
18
∆ `L({c}) [c/x](ψ R ) ⇒ θR
by the definition of (.)R . Hence
∆ `L ∃x(ψ R ) ⇒ θR and ∆ `L (∃xψ ⇒ θ)R
∗
by the definition of (.)R again, whence, using R ∈ ∆ and P 3, we obtain
∆ `L (R\\∃xψ ⇒ θ)
tn,2
t
ϕn ) ⇒ θ and
5. ϕ is (ϕ0 \\t1,2
. . . \\tn,1
1,1
Γ `βL({R1 ,...,Rn }) proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ⇒ θ
for some β < α and some distinct 0-ary relation symbols R1 , . . . , Rn which are not in
the vocabulary of L. Let P stand for proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) in
the rest of this proof for the sake of brevity. Then, by the induction hypothesis,
∆ `L({R1 ,...,Rn }) (R\\P ⇒ θ).
Like in the previous cases, this entails that
∆ `L({R1 ,...,Rn }) P R ⇒ θR
by P 3 and the definition of (.)R . Let R0 be a 0-ary flexible relation symbol not in the
vocabulary of L({R1 , . . . , Rn }). Then
∗
∗
`ITL\\ R ⇒ (R0 ∧ 2(R0 ⇒ R) ⇒ 2(R ⇔ R0 )).
by T 6 of Lemma 18. Since T 5 of Theorem 8 implies that
`ITL\\ 2(R ⇔ R0 ) ⇒ ((R\\P ) ⇔ (R0 \\P )) ,
and P 3 implies that
∗
∗
`ITL\\ R ⇒ ((R\\P ) ⇔ P R ) and `ITL\\ R0 ⇒ ((R0 \\P ) ⇔ P R0 ) ,
we have
∗
∆ `L({R0 ,R1 ,...,Rn }) R0 ∧ 2(R0 ⇒ R) ⇒ (P R ⇔ P R0 )
This entails that
∗
∆ `L({R0 ,R1 ,...,Rn }) R0 ∧ 2(R0 ⇒ R) ∧ P R0 ⇒ θR .
Yet
∗
`ITL\\ (R0 ∧ 2(R0 ⇒ R) ∧ P R0 ) ⇔
proj(R, 0, 0, R0 , ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn )
by the definition of proj, L3l and L3r . Hence
0
t1,2
tn,2
∆ `L (R\\0 ϕ0 \\t1,1
. . . \\tn,1
ϕn ) ⇒ θ R .
by P 2. This entails that
t1,2
t
∆ `L (R\\(ϕ0 \\t1,1
. . . \\tn,2
ϕn ) ⇒ θ)
n,1
by P 3, L3l and L3r again.
6. ϕ is (χ1 ; ψ ∗ ; χ2 ) ⇒ θ and for every k < ω there exists a βk < α such that
Γ `βLk (χ1 ; ψ k ; χ2 ) ⇒ θ.
Then
∆ `L (R\\(χ1 ; ψ k ; χ2 ) ⇒ θ)
by the induction hypothesis, whence
∆ `L ((χ1 ; ψ k ; χ2 ) ⇒ θ)R
by P 3 for all k < ω. Now note that ((χ1 ; ψ k ; χ2 ) ⇒ θ)R stands for
∗
R
∗ k
R
∗
R
∗
((χR
1 ∧ R ; (ψ ∧ R ) ; χ2 ∧ R ) ⇒ θ ) ∧ R .
Hence
∗
R
∗ k
R
∗
R
∆ `L (χR
1 ∧ R ; (ψ ∧ R ) ; χ2 ∧ R ) ⇒ θ
for all k < ω, which implies that
∗
R
∗ ∗
R
∗
R
∗
∆ `L ((χR
1 ∧ R ; (ψ ∧ R ) ; χ2 ∧ R ) ⇒ θ ) ∧ R .
19
by I2. Yet the above formula is exactly ((χ1 ; ψ ∗ ; χ2 ) ⇒ θ)R . This, together with
∗
R ∈ ∆ and P 3, implies
∆ `L (R\\(χ1 ; ψ ∗ ; χ2 ) ⇒ θ) .
This concludes the proof. a
Lemma 21 Let Γ be a complete Henkin theory in L(C) with witnesses in C. Let
c1 , c2 ∈ C be such that ∆ = {ϕ ∈ L(C) : (` = c1 ; ϕ; ` = c2 ) ∈ Γ} is nonempty. Then
∆ is a complete Henkin theory in L(C) with witnesses in C.
Proof: Let ∆ `L(C) ϕ. Then Lemma 19 entails that Γ `L(C) (` = c1 ; ϕ; ` = c2 ).
Hence ϕ ∈ ∆. This shows that ∆ = CnL(C) (∆).
Let ϕ ∈ L(C). Then either (` = c1 ; ϕ; ` = c2 ) ∈ Γ, or ¬(` = c1 ; ϕ; ` = c2 ) ∈ Γ,
because Γ is complete. If (` = c1 ; ϕ; ` = c2 ) ∈ Γ, then ϕ ∈ ∆ by the definition of ∆.
If ¬(` = c1 ; ϕ; ` = c2 ) ∈ Γ, then (` = c1 ; ¬ϕ; ` = c2 ) ∈ Γ by several applications of
A1l , A1r , Mono l and Mono r . In this case ¬ϕ ∈ ∆. Hence, ∆ is a complete theory in
L(C).
Let ∃xϕ ∈ ∆, that is, (` = c1 ; ∃xϕ; ` = c2 ) ∈ Γ. Then ∃x(` = c1 ; ϕ; ` = c2 ) ∈ Γ
by Br , Bl and Mono l . Since Γ is a Henkin theory with witnesses in C, there exists a
c ∈ C such that [c/x](` = c1 ; ϕ; ` = c2 ) ∈ Γ. This implies, that [c/x]ϕ ∈ ∆.
t
t
t
t
Let (ϕ0 \\t1,2
. . . \\tn,2
ϕn ) ∈ ∆, that is, (` = c1 ; (ϕ0 \\t1,2
. . . \\tn,2
ϕn ); ` =
1,1
n,1
1,1
n,1
t
+c
t
2
c2 ) ∈ Γ. Then (ϕ0 \\c1,2
. . . \\tn,2
ϕn ) ∈ Γ by A2, L2⇒ , Mono r and Mono l .
1 +t1,1
n,1
Since Γ is a Henkin theory with witnesses in C, there exist R1 , . . . , Rn ∈ C such that
proj(ϕ0 , c1 + t1,1 , t1,2 + c2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ∈ Γ. Since
¬proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ∈ ∆
entails
¬proj(ϕ0 , c1 + t1,1 , t1,2 + c2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ∈ Γ,
which is a contradiction by means of A1l and A1r , and ∆ is a complete theory in
L(C), we have proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) ∈ ∆. This concludes the
proof that ∆ is a Henkin theory with witnesses in C. a
Corollary 22 Let Γ1 , Γ2 ⊆ L(C). Let Γ be a complete Henkin theory in L(C) with
witnesses in C. Let Γ1 ; Γ2 ⊂ Γ and c1 , c2 ∈ C be such that ` = ci ∈ Γi , i = 1, 2. Then
there exist two complete Henkin theories Γ0i ⊇ Γi , i = 1, 2, in L(C) with witnesses in
C, such that Γ01 ; Γ02 ⊂ Γ.
Proof: Choose
Γ01 = {ϕ ∈ L(C) : (ϕ; ` = c2 ) ∈ Γ} and Γ02 = {ϕ ∈ L(C) : (` = c1 ; ϕ) ∈ Γ}.
a
Lemma 23 Let Γ be a complete Henkin theory in L(C) with witnesses in C. Let
∗
R ∈ C be such that R ∈ Γ and ∆ be {ϕ : (R\\ϕ) ∈ Γ}. Then ∆ is a complete
Henkin theory in L(C) with witnesses in C.
20
Proof: Like in the proof of Lemma 21, we can show that ∆ = CnL(C) (∆), yet using
Lemma 20 instead of Lemma 19.
Let ϕ ∈ L(C). Then either (R\\ϕ) ∈ Γ, or ¬(R\\ϕ) ∈ Γ, because Γ is complete.
∗
If (R\\ϕ) ∈ Γ, then ϕ ∈ ∆. If ¬(R\\ϕ) ∈ Γ, then (R\\¬ϕ) ∈ Γ, because R ∈ Γ,
∗
R ⇒ ((R\\¬ϕ) ⇔ (¬ϕ)R ) ∈ Γ as an instance of P 3, and (¬ϕ)R is equivalent to
R∗ ∧ ¬ϕR by the definition of (.)R . Hence, ∆ is a complete theory in L(C).
Consistency of ∆ follows from T 1 of Theorem 8. Let ∃xϕ ∈ ∆, that is, (R\\∃xϕ) ∈
∗
Γ. Then ∃x(R\\ϕ) ∈ Γ, because R ⇒ ((R\\∃xϕ) ⇔ (∃xϕ)R ) ∈ Γ as a consequence of P 3, and (∃xϕ)R is equivalent to ∃xϕR by the definition of (.)R . Since Γ is
a Henkin theory with witnesses in C, there exists a c ∈ C such that [c/x](R\\ϕ) ∈ Γ.
This implies, that [c/x]ϕ ∈ ∆.
t1,2
tn,2
Let (R\\(ϕ0 \\t1,1
. . . \\tn,1
ϕn )) ∈ Γ. Then
0
t
t
1,2
n,2
(R\\0 ϕ0 \\t1,1
. . . \\tn,1
ϕn ) ∈ Γ
by A2, L3l , L3r , Mono r and Mono l . Since Γ is a Henkin theory with witnesses in C,
there exist R0 , . . . , Rn ∈ C such that
∗
(` = 0; R0 ∧ 2(R0 ⇒ R) ∧ proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn )R0 ; ` = 0) ∈ Γ,
Let P stand for proj(ϕ0 , t1,1 , t1,2 , R1 , . . . , tn,1 , tn,2 , Rn , ϕn ) for the rest of the proof
∗
for the sake of brevity. Now (` = 0; R0 ∧ 2(R0 ⇒ R) ∧ P R0 ; ` = 0) ∈ Γ implies
∗
R0 , 2(R0 ⇒ R), P R0 ∈ Γ by L3l and L3r . We need to prove that (R\\P ) ∈ Γ.
∗
∗
From R0 ∈ Γ and the consequence R0 ⇒ ((R0 \\P ) ⇔ P R0 ) of P 3, we obtain
(R0 \\P ) ∈ Γ. From 2(R0 ⇒ R), (R0 \\P ) ∈ Γ we obtain (R\\P ) ∈ Γ by T 5 of
Theorem 8. Hence P ∈ ∆. This concludes the proof that ∆ is a Henkin theory with
witnesses in C. a
3.2
The canonical ITL\\ model
In this section we carry out the actual construction of a canonical model for ITL\\ to
conclude our completeness argument. Given an ITL\\ language L, we start from a
given complete Henkin theory Γ in an extension L(C) of L with witnesses in some
set C of countably many rigid constants and countably many 0-ary flexible relation
symbols, none of which is in the vocabulary of C. Every consistent set of L formulas
can be extended to such a theory by Theorem 15.
3.2.1
The canonical frame
Let c1 ≡ c2 iff c1 = c2 ∈ Γ for rigid constants c1 , c2 ∈ C. Clearly, ≡ is an equivalence
relation. Given c ∈ C, we denote {c0 ∈ C : c ≡ c0 } by [c].
Our first step is to define the duration domain hD, 0, +i of the canonical frame. Let
D be {[c] : c ∈ C}, 0 = {c ∈ C : c = 0 ∈ Γ}, and let the binary operation + be
defined on D by the equality [c1 ] + [c2 ] = {c : c = c1 + c2 ∈ Γ}.
Proposition 24 The above definition of + is correct and hD, 0, +i is a duration domain.
21
Proof: Standard argument in first order predicate logic Henkin style completeness
proofs. Cf. e.g. [21]. a
Our next step is to define the time domain hT, ≤i. We represent time points as
pairs h[c0 ], [c00 ]i such that c0 + c00 = ` ∈ Γ. Time points can be represented more
economically as classes [c0 ] such that c0 ≤ ` ∈ Γ too, because the existence of a
c00 ∈ C such that c0 + c00 = ` ∈ Γ can be derived using that Γ is a Henkin theory.
Yet having both [c0 ] and [c00 ] explicitly occurring in our representation makes it more
convenient to describe the rest of our construction and carry out the relevant proofs.
We define T as the set {h[c0 ], [c00 ]i : c0 , c00 ∈ C, ` = c0 + c00 ∈ Γ}. We define the
relation ≤ on T by the equivalence h[c01 ], [c001 ]i ≤ h[c02 ], [c002 ]i ↔ ∃x(c01 + x = c02 ) ∈ Γ.
Proposition 25 The above definition of ≤ is correct and hT, ≤i is a time domain.
Proof: Direct check. a
Note that ` = c1 + c2 ∈ Γ need not imply (` = c1 ; ` = c2 ) ∈ Γ, because Γ itself
may happen to be the theory of a discrete interval.
Given the time domain hT, ≤i, an element of I(T ) can be straightforwardly denoted
by [h[c01 ], [c001 ]i, h[c02 ], [c002 ]i]. However, we prefer the more concise form h[c01 ], [c002 ]i for
[h[c01 ], [c001 ]i, h[c02 ], [c002 ]i], because the classes [c01 ] and [c002 ] are unambiguously determined by the conditions ` = c01 +c001 , ` = c02 +c002 ∈ Γ. Hence, if ∃x(c+x+d = `) ∈ Γ,
the pair h[c], [d]i can be used to denote the ordinary interval [h[c], [c0 ]i, h[d0 ], [d]i], where
c0 , d0 ∈ C are such that c + c0 = `, d0 + d = ` ∈ Γ. In case c + d = ` ∈ Γ, the
pair h[c], [d]i denotes both the 0-length interval [h[c], [d]i, h[c], [d]i] and the unique time
point in this interval. The intended meaning will always be clear from the context.
Similarly, we concisely denote discrete intervals {h[c01 ], [c001 ]i, . . . , h[c0n ], [c00n ]i} where
0
h[ci ], [c00i ]i ≤ h[c0i+1 ], [c00i+1 ]i, i = 1, . . . , n − 1, by h[d0 ], . . . , [dn ]i, where the constants
di ∈ C, i = 1, . . . , n are determined by the conditions
d0 = c01 ∈ Γ, c0i + di = c0i+1 ∈ Γ, i = 1, . . . , n − 1, dn = c00n ∈ Γ.
The conjunction of these conditions implies that d0 + . . . + dn = ` ∈ Γ. Every
sequence d0 , . . . , dn which satisfies the latter condition represents a unique discrete
interval in T . Obviously the sequence d0 , . . . , dn represents the same discrete interval
as the sequence d00 , . . . , d0m iff d0 = d00 , dn = d0m ∈ Γ and d00 , . . . , d0m can be obtained
from d0 , . . . , dn by deleting and/or inserting constants c such that c = 0 ∈ Γ. Of
course, we can avoid this ambiguity by allowing only sequences d0 , . . . , dn that satisfy
d1 6= 0, . . . , dn−1 6= 0 ∈ Γ. However such a convention would only make our proofs
look more complicated, because of the need to consider more special cases, in order
to follow it. That is why we assume that, for example, h[d0 ], [0], [d1 ], [d2 ], [d3 ]i and
h[d0 ], [d1 ], [d2 ], [0], [0], [d3 ]i stand for the same interval, which consists of three points
iff d1 6= 0, d2 6= 0 ∈ Γ.
Given a discrete interval denoted by h[d0 ], . . . , [dn ]i, the smallest ordinary interval
which contains it can be denoted by h[d0 ], [dn ]i. For 0-length intervals, which are
both ordinary and discrete, the above notation is h[d0 ], [d1 ]i where d0 + d1 = ` ∈ Γ,
according to both conventions.
Note that T itself is an ordinary interval, and it can be denoted by h0, 0i. In our
notation, Pfin (T ) can be represented as {h[d0 ], . . . , [dn ]i : 1 ≤ n < ω, d0 , . . . , dn ∈
C, ` = d0 + . . . + dn ∈ Γ}.
22
We define the function m : I\\ (T ) → D by putting
m(h[c0 ], . . . , [cn ]i) = {c ∈ C : ` = c0 + c + cn ∈ Γ}.
Note that this equality is meaningful for both discrete and ordinary intervals. In the
latter case there is nothing in place of “. . .”. For discrete intervals, one can easily find
out that
m(h[c0 ], [c1 ], . . . , [cn−1 ], [cn ]i) = {c ∈ C : c = c1 + . . . + cn−1 ∈ Γ}.
For example, m(h[d0 ], [d1 ], [d2 ], [d3 ]i) = {c ∈ C : c = d1 + d2 ∈ Γ}.
Proposition 26 The above definition of m is correct and m is a measure function on
I\\ (T ).
Proof: Direct check, using the instances of the axiom P ` in Γ. a
Propositions 24, 25 and 26 entail that
F = hhT, ≤i, hD, 0, +i, mi
is an ITL\\ frame.
3.2.2
The reference interval
Let
σ0 = {h[c1 ], [c2 ]i : (` = c1 ; ` = c2 ) ∈ Γ}.
Proposition 27 σ0 ∈ I\\ (T ).
Proof: Since Γ is a complete theory, either ` = c1 + c2 ⇔ (` = c1 ; ` = c2 ) ∈ Γ for
all c1 , c2 ∈ C, or δ ∗ ∈ Γ. This follows from the instances of L2⇐ and L2⇒ in Γ by a
purely-ITL argument.
Let δ ∗ ∈ Γ. Then δ k ∈ Γ for some k < ω by Lemma 16. Since Γ has witnesses in
C, there exist c1 , . . . , ck ∈ C such that (δ ∧ ` = c1 ; . . . ; δ ∧ ` = ck ) ∈ Γ. This implies
that σ0 = h0, [c1 ], . . . , [cn ], 0i.
Let ` = c1 + c2 ⇔ (` = c1 ; ` = c2 ) ∈ Γ hold for all c1 , c2 ∈ C. Then clearly
σ0 = h0, 0i = T . a
3.2.3
The canonical interpretation
Now let us construct an interpretation I of L(C) into F such that hF, Ii, σ0 |= ϕ for
all ϕ ∈ Γ. To do this, we first associate a complete Henkin theory µ(σ) in L(C) with
witnesses in C with every interval σ ∈ I\\ (T ) such that σ ⊆ σ0 .
Definition 28 Let h[c1 ], [c2 ]i ∈ I(T ). Then we denote the set
{ϕ ∈ L(C) : (` = c1 ; ϕ; ` = c2 ) ∈ Γ}
by µ(h[c1 ], [c2 ]i).
23
Definition 29 Let σ ∈ Pfin (T ) and σ = h[c0 ], . . . , [cn ]i. Let (` = c0 ; . . . ; ` = cn ) ∈
Γ. Let R ∈ C be such that
∗
(` = c0 ; R ∧ (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R ; ` = cn ) ∈ Γ.
Then µR (σ) denotes the set {ϕ : (` = c0 ; (R\\ϕ); ` = cn ) ∈ Γ}.
The condition (` = c0 ; . . . ; ` = cn ) ∈ Γ in Definition 29 is not an immediate
consequence of σ ∈ Pfin (T ), because, for example, hT, ≤i may be dense, and σ0 still
may be discrete, which makes possible σ 6⊆ σ0 . However, if this condition is satisfied,
then (` = c0 ; (>\\(` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)); ` = cn ) ∈ Γ by DI2, and
∗
(` = c0 ; R ∧ (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R ; ` = cn ) ∈ Γ
is guaranteed to hold for some R ∈ C, because Γ is a Henkin theory with witnesses in
C. Hence, for every discrete interval σ ⊆ σ0 there exists an R ∈ C such that µR (σ) is
defined.
It can easily be established that, if the sequence c00 , . . . , c0m of rigid constants in C
can be obtained from the sequence c0 , . . . , cn by inserting and/or deleting rigid constants c ∈ C such that c = 0 ∈ Γ, and c0 = c00 , cn = c0m ∈ Γ, then
∗
∗
R ∧ (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R and R ∧ (` = c01 ∧ δ; . . . ; ` = c0n−1 ∧ δ)R
are equivalent. Hence, the definition of µR (σ) does not depend on the choice of the
sequence c0 , . . . , cn used to represent σ.
The following proposition entails that µR (σ) does not depend on the choice of R
and, since appropriate R are always available in C, we can define µ(σ) as µR (σ) for
some arbitrarily chosen R with the required properties.
Proposition 30 Let R1 and R2 both satisfy the requirements on R from Definition 29
for some discrete interval σ. Then µR1 (σ) = µR2 (σ).
Proof: Let σ = h[c0 ], . . . , [cn ]i. Since removing the elements ci satisfying ci = 0 ∈ Γ
from the sequence c1 , . . . , cn−1 has no effect on µR (σ) for appropriate R, we can
assume that c1 6= 0, . . . , cn−1 6= 0 ∈ Γ without loss of generality. Let P denote
(` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ) for the sake of brevity. The definition of δ R implies
that
`ITL\\ ci 6= 0 ∧ (` = ci ∧ δ)R ⇒ ` = ci ∧ R ∧ δ, i = 1, . . . , n − 1.
That is why the formula
n−1
^
∗
∗
ci 6= 0 ∧ R1 ∧ P R1 ∧ R2 ∧ P R2 ⇒ 2(R1 ⇔ R2 )
i=1
has an equivalent one which is valid in the ITL∗ -subset of IT L\\ . This implies that
∗
the above formula is an ITL\\ theorem. Hence (` = c0 ; Ri ∧ P Ri ; ` = cn ) ∈ Γ,
i = 1, 2, entails that (` = c0 ; 2(R1 ⇔ R2 ); ` = cn ) ∈ Γ. This means that
(` = c0 ; (R1 \\ϕ); ` = cn ) ∈ Γ and (` = c0 ; (R2 \\ϕ); ` = cn ) ∈ Γ
24
are equivalent for every ϕ ∈ L(C) by T 5 of Theorem 8, Mono l and Mono r . a
The only remaining case in which µ(σ) is over-defined occurs if σ is both an ordinary and a discrete interval. This is possible for 0-length intervals σ, and in case the
time domain hT, ≤i itself is discrete. The following proposition shows that the two
definitions of µ agree in this case too:
Proposition 31 Let c0 , . . . , cn ∈ C be such that c1 6= 0, . . . , cn−1 6= 0 ∈ Γ and
(` = c0 ; ` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ; ` = cn ) ∈ Γ.
Let R ∈ C be such that
∗
(` = c0 ; R ∧ (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R ; ` = cn ) ∈ Γ.
Then µ(h[c0 ], [cn ]i) = µR (h[c0 ], [c1 ], . . . , [cn−1 ], [cn ]i).
Proof: Both µ(h[c0 ], [cn ]i) and µR (h[c0 ], [c1 ], . . . , [cn−1 ], [cn ]i) are complete theories
by Lemmata 21 and 23. Hence it is sufficient to prove that µR (h[c0 ], . . . , [cn ]i) ⊆
µ(h[c0 ], [cn ]i).
Using that δ R stands for R∗ ∧ ¬(` 6= 0 ∧ R∗ ; ` 6= 0 ∧ R∗ ), we obtain
∗
(` = c0 ; R ∧ (` = c1 ∧ R; . . . ; ` = cn−1 ∧ R); ` = cn ) ∈ Γ
∗
from (` = c0 ; R ∧ (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R ; ` = cn ) ∈ Γ by a purely-ITL∗
deduction. Together with (` = c0 ; ` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ; ` = cn ) ∈ Γ,
this implies (` = c0 ; 2(R ⇒ δ); ` = cn ) ∈ Γ by a purely-ITL∗ deduction again.
Hence 2(R ⇒ δ) ∈ µ(h[c0 ], [cn ]i), and, given a ϕ such that (R\\ϕ) ∈ µ(h[c0 ], [cn ]i),
T 5 of Theorem 8 implies that we have (δ\\ϕ) ∈ µ(h[c0 ], [cn ]i) too. Since (` =
c0 ; ` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ; ` = cn ) ∈ Γ implies δ ∗ ∈ µ(h[c0 ], [cn ]i), (δ\\ϕ) ∈
µ(h[c0 ], [cn ]i) implies ϕ ∈ µ(h[c0 ], [cn ]i) by DI1. This concludes the proof, because
ϕ ∈ µR (h[c0 ], . . . , [cn ]i) is equivalent to (R\\ϕ) ∈ µ(h[c0 ], [cn ]i) by the definition of
µR (h[c0 ], . . . , [cn ]i). a
We define the canonical interpretation I of L(C) into the canonical frame F by the
following (standard) clauses:
I(x) = [c]
if x = c ∈ Γ
for individual
variables x
I(d) = [c]
if d = c ∈ Γ
for rigid constants d
I(f )([c1 ], . . . , [cn ]) = [c]
if f (c1 , . . . , cn ) = c ∈ Γ
for n-ary rigid
function symbols f
I(R)([c1 ], . . . , [cn ]) = 1
if R(c1 , . . . , cn ) ∈ Γ
for n-ary rigid
relation symbols R
I(d)(σ) = [c]
if d = c ∈ µ(σ)
for flexible constants d
I(f )(σ, [c1 ], . . . , [cn ]) = [c] if f (c1 , . . . , cn ) = c ∈ µ(σ) for n-ary flexible
function symbols f
I(R)(σ, [c1 ], . . . , [cn ]) = 1
if R(c1 , . . . , cn ) ∈ µ(σ)
for n-ary flexible
relation symbols R
The above definitions for flexible symbols’ interpretations apply only to σ ⊆ σ0 .
The values of I on these symbols for other σ ∈ I\\ (T ) are irrelevant to the properties
25
of hF, Ii that we need to establish. Besides, Γ provides no information on how to
determine these values. That is why we leave them unspecified. The only exception is
I(`):
I(`)(σ) = m(σ) for all σ ∈ I\\ (T ).
This definition agrees with the clause about flexible constant symbols in general, which
applies to ` too.
Clearly, M = hF, Ii is a model for L(C).
3.2.4
The truth lemma
Now let us prove that M, σ0 |= ϕ iff ϕ ∈ Γ, for all ϕ ∈ L(C). To do this, we use the
auxiliary propositions below.
Proposition 32 Let σ1 , σ2 ⊆ σ0 . Let either σ1 , σ2 ∈ I(T ) or σ1 , σ2 ∈ Pfin (T ). Let
max σ1 = min σ2 . Then µ(σ1 ); µ(σ2 ) ⊂ µ(σ1 ; σ2 ).
Proof: We do the cases σ1 , σ2 ∈ I(T ) and σ1 , σ2 ∈ Pfin (T ) separately.
Let σ1 , σ2 ∈ I(T ). Then there exist c01 , c001 , c02 , c002 ∈ C such that
µ(σi ) = {ϕ ∈ L(C) : (` = c0i ; ϕ; ` = c00i ) ∈ Γ}, i = 1, 2,
and max σ1 = min σ2 implies that c01 ≤ c02 , c002 ≤ c001 , c02 + c001 = ` ∈ Γ. It can be shown
by an ITL deduction from this that
(` = c01 ; ϕ1 ; ` = c001 ) ∧ (` = c02 ; ϕ2 ; ` = c002 ) ⇒ (` = c01 ; ϕ1 ; ϕ2 ; ` = c002 ) ∈ Γ
Since obviously µ(σ1 ; σ2 ) = {ϕ ∈ L(C) : (` = c01 ; ϕ; ` = c002 ) ∈ Γ}, this entails that
µ(σ1 ); µ(σ2 ) ⊂ µ(σ1 ; σ2 ).
Now let σ1 , σ2 ∈ Pfin (T ). Let σ1 ; σ2 = h[c0 ], . . . , [cn ]i. Then obviously there exists a k ∈ {1, . . . , n − 1} such that σ1 and σ2 can be represented as h[c0 ], . . . , [ck ], [c0 ]i
and h[c00 ], [ck+1 ], . . . , [cn ]i, respectively, where c0 , c00 ∈ C are such that
c00 = c0 + · · · + ck−1 , c0 = c0 + · · · + ck ∈ Γ.
Let R ∈ C satisfy the requirements of Definition 29 with respect to σ1 ; σ2 and µ(σ1 ; σ2 ) =
µR (σ1 ; σ2 ). The above representations of σ1 and σ2 imply that R satisfies these requirements with respect to σ1 and σ2 too, and µ(σi ) = µR (σi ), i = 1, 2. Just like in
the previous case,
µ
¶
∗
∗
∗
(` = c0 ; (R\\ϕ1 ) ∧ R ; ` = c0 )∧
⇒ (` = c0 ; (R\\ϕ1 ) ∧ R ; (R\\ϕ2 ) ∧ R ; ` = cn )
∗
00
(` = c ; (R\\ϕ2 ) ∧ R ; ` = cn )
∗
is a member of Γ. Besides, the choice of R entails that (` = c0 ; R ; ` = cn ) ∈ Γ.
Hence, it is sufficient to show that
¡
∗
∗¢
∗
`ITL\\ (R\\ϕ1 ) ∧ R ; (R\\ϕ2 ) ∧ R ∧ R ⇒ (R\\(ϕ1 ; ϕ2 )).
It follows from the deduction below:
26
∗
∗
1 (R\\ϕi ) ∧ R ⇒ ϕR
P 3, ITL∗ , i = 1, 2
i ∧R
∗
∗
2 ((R\\ϕ1 ) ∧ R ; (R\\ϕ2 ) ∧ R ) ⇒ (ϕ1 ; ϕ2 )R
1, Mono l , Mono r
∗
R
3 R ⇒ (R ⇒ R)
ITL
∗
4 (ϕ1 ; ϕ2 )R ∧ (R ⇒ R)R ∧ R ⇒ (R\\(ϕ1 ; ϕ2 ))
P1
¡
∗
∗¢
∗
5
(R\\ϕ1 ) ∧ R ; (R\\ϕ2 ) ∧ R ∧ R ⇒ (R\\(ϕ1 ; ϕ2 )) 2-4, P C
This concludes the proof. a
The role of the following proposition is analogous to that of Proposition 32, yet
with respect to (.\\.) instead of (.; .).
Proposition 33 Let σ, σ 0 ∈ I\\ (T ), σ 0 = h[c0 ], . . . , [cn ]i and σ 0 ⊆ σ ⊆ h[c0 ], [cn ]i.
∗
Let R ∈ C be such that R , (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R ∈ µ(σ). Then {ϕ :
(R\\ϕ) ∈ µ(σ)} = µ(σ).
Proof: We do the cases σ ∈ I(T ) and σ ∈ Pfin (T ) separately.
In case σ ∈ I(T ), σ = h[c0 ], [cn ]i, because min σ 0 = minh[c0 ], [cn ]i, max σ 0 =
maxh[c0 ], [cn ]i and σ 0 ⊆ σ ⊆ h[c0 ], [cn ]i. In this case the proposition follows immediately from the definitions of µR (σ 0 ) and µ(σ).
Now let σ ∈ Pfin (T ). Let P denote the formula (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)
for the sake of brevity. Let σ = h[d0 ], . . . , [dm ]i. Then c0 ∈ [d0 ] and cn ∈ [dm ], and
0
µ(σ) = µR (σ) for some R0 ∈ C such that
∗
0
(` = d0 ; R0 ∧ (` = d1 ∧ δ; . . . ; ` = dm−1 ∧ δ)R ; ` = dm ) ∈ Γ.
00
Similarly, let µ(σ 0 ) = µR (σ 0 ) for some R00 ∈ C such that
∗
00
(` = d0 ; R00 ∧ P R ; ` = dm ) ∈ Γ.
Let ∆ denote the theory µ(h[c0 ], [cn ]i) of the ordinary interval h[c0 ], [cn ]i, which under∗
∗
lies σ, for the sake of brevity. Now P R , R ∈ µ(σ) entails that (R0 \\P R ∧ R ) ∈ ∆,
∗
∗
whence, using that R0 ∈ ∆, we obtain (R0 \\P R ), (R0 \\R ) ∈ ∆ by T 4 of Theorem
8. Similarly, using that
∗
`ITL\\ P R ∧ R ⇒ (R\\P )
follows from P 3, whence
∗
∗
`ITL\\ R0 ⇒ (R0 \\P R ∧ R ⇒ (R\\P ))
∗
by P N and the definition of R0 , we obtain (R0 \\(R\\P )) ∈ ∆. This implies
∗
∗
((R0 \\R)\\P ) ∈ ∆ by P 4. Furthermore, (R0 \\R ) ∈ ∆ implies (R0 \\R) ∈ ∆
0
by T 7 of Lemma 18, whence P (R \\R) ∈ ∆ by P 3 again. Now notice that
∗
∗
0
00
(R0 \\R) ∧ R00 ∧ P (R \\R) ∧ P R ⇒ 2((R0 \\R) ⇔ R00 )
is valid in ITL∗ and therefore an ITL\\ theorem. Hence 2((R0 \\R) ⇔ R00 ) ∈ ∆.
This entails that (R0 \\(R\\ϕ)) ∈ ∆ and (R00 \\ϕ) ∈ ∆ are equivalent for all ϕ ∈
L(C) by T 5 of Theorem 8, P 3 and P 4. This concludes the proof, because ϕ ∈ µ(σ 0 )
is equivalent to (R00 \\ϕ) ∈ ∆ by the choice of R00 . a
27
Proposition 34 Let σ ∈ I\\ (T ) and Γ1 , Γ2 be complete Henkin theories in L(C)
with witnesses in C and Γ1 ; Γ2 ⊂ µ(σ). Then there exists a τ ∈ σ such that Γ1 =
µ(σ ∩ [min σ, τ ]) and Γ2 = µ(σ ∩ [τ, max σ]).
Proof: Let σ = h[c0 ], . . . , [cn ]i for some c0 , . . . , cn ∈ C, if σ ∈ Pfin (T ). Let σ =
h[c0 ], [cn ]i otherwise. Let c0 , c00 , d1 , d2 ∈ C be such that ` = di ∈ Γi , i = 1, 2, and
c0 = c0 + d1 , c0 = d2 + c00 . Then a direct check shows that τ can be chosen to be
h[c0 ], [c00 ]i. a
Theorem 35 (Truth lemma) Let t, ϕ ∈ L(C), σ ∈ I\\ (T ) and σ ⊆ σ0 . Then Iσ (t) =
[c] iff t = c ∈ µ(σ), and M, σ |= ϕ iff ϕ ∈ µ(σ).
Proof: Induction on the construction of terms t and formulas ϕ. We omit the details
about terms, because they are standard. The equivalence for atomic formulas ϕ is an
immediate consequence of the definition of µ(σ). Inductive steps which correspond to
propositional connectives and ∃ are trivial.
Let ϕ be (ϕ1 ; ϕ2 ). Then ϕ ∈ µ(σ) implies (ϕ1 ∧ ` = d1 ; ϕ2 ∧ ` = d2 ) ∈ µ(σ)
for some d1 , d2 ∈ C, because `ITL\\ (ϕ1 ; ϕ2 ) ⇒ ∃x∃y(ϕ1 ∧ ` = x; ϕ2 ∧ ` = y),
and µ(σ) is a Henkin theory with witnesses in C. Now Corollary 22 implies that
there are two complete theories Henkin theories Γ1 and Γ2 with witnesses in C such
that ϕi , ` = di ∈ Γi , i = 1, 2, and Γ1 ; Γ2 ⊂ µ(σ). Hence there exist a τ ∈ σ
and σ1 , σ2 ⊆ σ such that σ1 = [min T, τ ] ∩ σ, σ2 = [τ, max T ] ∩ σ, Γ1 = µ(σ1 )
and Γ2 = µ(σ2 ) by Proposition 34. This is equivalent to M, σi |= ϕi , i = 1, 2, by
the induction hypothesis, whence M, σ |= ϕ. For the converse implication, note that
M, σ |= ϕ implies M, σi |= ϕi , i = 1, 2, for some σ1 , σ2 such that σ1 ; σ2 = σ, whence
ϕi ∈ µ(σi ), i = 1, 2, by the induction hypothesis. This implies ϕ ∈ µ(σ), because
µ(σ1 ); µ(σ2 ) ⊂ µ(σ) by Proposition 32.
The inductive step is similar about ϕ being ϕ∗1 , because ϕ ∈ µ(σ) is equivalent
to the existence of a k < ω such that ϕk1 ∈ µ(σ) by Lemma 16, and M, σ |= ϕ is
equivalent to the existence of a k < ω such that M, σ |= ϕk by the definition of |=.
Let ϕ be (ϕ1 \\ϕ2 ). We consider the cases ` = 0 ∈ µ(σ) and ` 6= 0 ∈ µ(σ)
separately.
Let ` = 0 ∈ µ(σ). Then m(σ) = 0 by the definition of m, and ϕ2 ∈ µ(σ) by T 3 of
Theorem 8, whence, M, σ |= ϕ2 by the induction hypothesis. This entails M, σ |= ϕ.
The converse implication follows from T 3 in a similarly straightforward way.
Let ` 6= 0 ∈ µ(σ). Since µ(σ) is a Henkin theory, ϕ ∈ µ(σ) implies that there
∗
exists an R ∈ C such that R , 2(R ⇒ ϕ1 ), ϕR
2 ∈ µ(σ). This entails that (R\\ϕ2 ) ∈
∗
µ(σ) by P 3. R ∈ µ(σ) implies that there is a unique k < ω, k 6= 0 such that
Rk ∈ µ(σ). Let c1 , . . . , ck ∈ C be such that (` = c1 ∧ R; . . . ; ` = ck ∧ R) ∈ µ(σ).
Such constants exist, because µ(σ) is a Henkin theory with witnesses in C. Hence
∗
(` = c1 ; . . . ; ` = ck ) ∈ µ(σ) too. The definition of R implies that c1 6= 0, . . . , ck−1 6=
0 ∈ Γ.
We can choose the constants c0 , ck+1 ∈ C so that σ = h[c0 ], [ck+1 ]i, in case σ ∈
I(T ), and σ = h[c0 ], [c01 ], . . . , [c0l ], [ck+1 ]i, in case σ ∈ Pfin (T ) for some c01 , . . . , c0l ∈
C. Let σ 0 = h[c0 ], [c1 ], . . . , [ck ], [ck+1 ]i. Then (` = c1 ; . . . ; ` = ck ) ∈ µ(σ) implies
28
σ ⊇ σ 0 and min σ = min σ 0 , max σ = max σ 0 . Let us prove that ϕ2 ∈ µ(σ 0 ) by
finding an R0 ∈ C such that σ, σ 0 and R0 satisfy the conditions of Proposition 33.
DI2 and (` = c1 ; . . . ; ` = ck ) ∈ µ(σ) imply that (>\\(` = c1 ∧ δ; . . . ; ` =
∗
ck ∧ δ)) ∈ µ(σ). Then there exists an R0 ∈ C such that R0 , (` = c1 ∧ δ; . . . ; ` =
0
0
ck ∧ δ)R ∈ µ(σ). Since (` = ci ∧ δ)R stands for
` = ci ∧ (R0 )∗ ∧ ¬((R0 )∗ ∧ ` 6= 0; (R0 )∗ ∧ ` 6= 0)
0
by the definitions of δ, (.)R and P `, it can be established by a purely ITL∗ deduction
that
0
`ITL\\ ci 6= 0 ⇒ ((` = ci ∧ δ)R ⇒ ` = ci ∧ R0 )
where i = 1, . . . , k. This implies that (` = c1 ∧ R0 ; . . . ; ` = ck ∧ R0 ) ∈ µ(σ). Now,
using that
`ITL\\
k
^
∗
ci 6= 0 ∧ R ∧
∗
R0
i=1
µ
∧
(` = c1 ∧ R; . . . ; ` = ck ∧ R)∧
(` = c1 ∧ R0 ; . . . ; ` = ck ∧ R0 )
¶
⇒ 2(R ⇔ R0 ),
which can be established by a purely ITL∗ deduction too, we obtain 2(R ⇔ R0 ) ∈
µ(σ), which implies 2(R0 ⇒ ϕ1 ) ∈ µ(σ), and, furthermore, (R0 \\ϕ2 ) ∈ µ(σ) by T 5
of Theorem 8. Hence, ϕ2 ∈ µ(σ 0 ) by Proposition 33.
This implies M, σ 0 |= ϕ2 by the inductive hypothesis. Similarly, since
(` = c1 ∧ R0 ; . . . ; ` = ck ∧ R0 ) ∈ µ(σ),
the subintervals σi = h[c0 +. . .+ci−1 ], [ci+1 +. . .+ck+1 ]i∩σ of σ satisfy M, σi |= R0 ,
and, consequently, M, σi |= ϕ1 , because 2(R0 ⇒ ϕ1 ) ∈ µ(σ), for i = 1, . . . , k.
This can be demonstrated in detail by repeating the inductive step about (.; .)-formulas
which appears in this proof. Hence M, σ |= (ϕ1 \\ϕ2 ).
Now let us prove that M, σ |= ϕ implies ϕ ∈ µ(σ). M, σ |= ϕ implies that there
exist c0 , . . . , cn ∈ C such that M, σ |= (ϕ1 ∧ ` = c1 ; . . . ; ϕ1 ∧ ` = cn−1 ) and σ 0 =
h[c0 ], . . . , [cn ]i satisfies σ 0 ⊆ σ, min σ 0 = min σ, max σ 0 = max σ, and M, σ 0 |= ϕ2 .
By the induction hypothesis, ϕ2 ∈ µ(σ 0 ). Since (` = c1 ; . . . ; ` = cn−1 ) ∈ µ(σ), we
have (>\\(` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)) ∈ µ(σ) by DI2. Hence there exists an
R ∈ C such that
∗
R , (` = c1 ∧ δ; . . . ; ` = cn−1 ∧ δ)R ∈ µ(σ).
This, together with (ϕ1 ∧ ` = c1 ; . . . ; ϕ1 ∧ ` = cn−1 ) ∈ µ(σ), which follows from
M, σ |= (ϕ1 ∧ ` = c1 ; . . . ; ϕ1 ∧ ` = cn−1 ) by a repetition of the inductive step
about (.; .)-formulas which appears in this proof, entails that 2(R ⇒ ϕ1 ) ∈ µ(σ)
by a purely-ITL∗ deduction. Proposition 33 implies that (R\\ϕ2 ) ∈ µ(σ). Hence
(ϕ1 \\ϕ2 ) ∈ µ(σ) follows from 2(R ⇒ ϕ1 ) ∈ µ(σ) by T 5 of Theorem 8. a
3.2.5
The completeness theorem
Now we are ready to prove our completeness theorem about ITL\\ .
29
Theorem 36 (ω-completeness of ITL\\ ) Let Γ0 be a consistent set of formulas in the
ITL\\ language L. Then there exists a model M for L and an interval σ in its time
domain such that M, σ |= ϕ for all ϕ ∈ Γ0 .
Proof: Let the complete Henkin theory Γ considered above be an extension of Γ0 .
This choice is possible due to Theorem 15. Then M can be chosen to be the canonical
model for Γ built above. We have M, σ0 |= Γ0 by Theorem 35. a
4
Related work
4.1 Moszkowski-style ITL
The original projection operator 4 introduced in [16, 17] is a special case of the operator (.\\.) studied here. The system of ITL presented in these works is based on
discrete time. That is, only the frame FZ is considered. To distinguish the original
form of ITL, as introduced in Moszkowski’s works [16, 17], from the abstract time
variant studied here, we call it Moszkowski-style ITL in this section.
In the majority of the works on Moszkowski-style ITL, flexible non-logical symbols’ interpretations are assumed to depend on the beginning of the reference interval
only. An exception to this is the early work [12]. This assumption means that
(At) ϕ ⇔ ¬(¬ϕ; >)
is valid for atomic ϕ in Moszkowski-style ITL. This restriction has a crucial effect
on the complexity of the system. For example, propositional ITL (only 0-ary flexible
relation symbols and no function symbols, nor constant symbols, not even `) is not
decidable in the form adopted in this paper. Yet, under the assumption that At is
valid about atomic formulas, propositional discrete time ITL is decidable. Another
consequence of At is that |= ϕ does not imply |= [ψ/P ]ϕ, where P stands for a 0-ary
flexible relation symbol, in Moszkowski-style ITL.
Furthermore, projection is definable under the assumption At in Moszkowski-style
propositional ITL: every propositional ITL formula with projection is equivalent to
one without projection (in a normal form.) This enabled the demonstration of the completeness of a proof system for Moszkowski-style propositional ITL with projection
and the establishment of its decidability by a tableau-based procedure in [1].
Moszkowski-style ITL with projection can be embedded into abstract time ITL
with projection in the following way. Let 1 be a rigid constant and # be a flexible
constant in the considered ITL\\ language L. Consider the following axioms about #
and 1:
(1) 0 6= 1
(#1 ) ` = 0 ⇒ # = 1
(#2 ) (# = x; ` 6= 0 ∧ δ) ⇒ # = x + 1
(#3 ) δ ∗ ∨ # = 0
The validity of these axioms in a model for L is equivalent to the semantical condition
on I(#)(σ) to be equal to the number of isolated points of the reference interval σ for
all intervals σ in the model. The flexible constant # was introduced in [11] by this
semantical condition. In Moszkowski-style ITL, # is always equal to ` + 1. Yet in the
more general situation introduced in [11] and studied here # cannot be defined using `
30
only. Using #, we can establish the following correspondence between Moszkowskistyle ITL validity and provability in our system for ITL\\ :
Let ϕ be an ITL\\ formula. Then ϕ is valid in Moszkowski-style ITL iff
(` = 1)∗ ⇒ (` = 1 ∨ ` = 0\\[# − 1/`]ϕ)
is provable in the extension of our proof system by the axioms At about
atomic formulas, the axiom (1) about the constant 1 and the axioms #1 #3 about #.
4.2 Translating ITL\\ into ITL with discrete propositional variables and quantification over them
An earlier result on the axiomatisation of projection in ITL was established in [7]. In
that work ITL was extended by so-called discrete 0-ary relation symbols to represent
discrete ITL\\ intervals and quantification over them. The system thus obtained is
called ITLD .
ITLD languages contain a countable set of distinguished flexible 0-ary relation
symbols p, q, . . . , which are called discrete propositional variables. The following
restriction is imposed on the interpretations of discrete propositional variables:
Every interval may contain at most finitely many subintervals which satisfy a given discrete propositional variable, and these subintervals should
be 0-length ones.
This condition enables the use of discrete propositions to represent ITL\\ discrete
intervals in a straightforward way. In order to represent the dependency of the interpretations of flexible symbols on the internal points of discrete intervals, ITLD also allows
flexible symbols to take one formula argument. In the translation of ITL\\ into ITLD
below this argument is always the discrete propositional variable which represents the
reference interval.
The BNFs for terms and formulas in ITLD are extended to allow the new kind of
arguments of flexible symbols. Furthermore, the BNF for formulas in ITLD allows ∃
to bind discrete propositional variables:
t ::= c | f (t, . . . , t) | f (ϕ, t, . . . , t)
ϕ ::= ⊥ | R(t, . . . , t) | R(ϕ, t, . . . , t) | ϕ ⇒ ϕ | (ϕ; ϕ) | (ϕ\\ϕ) | ∃xϕ | ∃pϕ
The interpretations of flexible symbols which take a formula argument in ITLD
models have the following types:
◦ I(f ) : I(T ) × 2I(T ) × Dn → D,
for function symbols f
that take n term arguments;
◦ I(R) : I(T ) × 2I(T ) × Dn → {0, 1}, for relation symbols R
that take n term arguments.
The interpretations of other symbols are as in ITL. Let M = hF, Ii be an ITLD
˜
model. Let I(ϕ)
stand for {σ ∈ I(TF ) : M, σ |= ϕ}. The clauses for the inductive
31
definitions of term values and |= for the new kind of terms and atomic formulas are as
follows:
˜
Iσ (f (ϕ, t1 , . . . , tn )) = I(f )(σ, I(ϕ)
∩ 2σ , Iσ (t1 ), . . . , Iσ (tn ))
˜
M, σ |= R(ϕ, t1 , . . . , tn ) iff I(R)(σ, I(ϕ)
∩ 2σ , Iσ (t1 ), . . . , Iσ (tn )) = 1
σ
The intersections with 2 here guarantee that only the truth values of the formula argument at subintervals of the reference interval σ can influence the (truth) values of
terms and formulas where this formula argument occurs. Quantification over discrete
propositional variables is defined in the ordinary way:
hF, Ii, σ |= ∃pϕ iff hF, Ji, σ |= ϕ for some J which p-agrees with I.
Given an ITL\\ language L, the corresponding ITLD language L0 is defined as
follows: L0 has the same rigid symbols as L and, of course, `. For every flexible constant c in L, except `, there is a unary flexible function symbol c in L0 . Similarly, for
every n-ary function (relation) symbol f (R) in L there is an n + 1-ary function (relation) symbol f (R) in L0 , which takes one formula argument and n term arguments.
Furthermore, L0 contains a countable set {pi : 1 ≤ i < ω} of discrete propositional
variables, none of which occurs in L.
Let L be an ITL\\ language and L0 be its corresponding ITLD language. Let
3i ϕ ­ 3(ϕ ∧ ` 6= 0) ∨ (` 6= 0; ϕ; ` 6= 0), 2i ϕ ­ ¬3i ¬ϕ
An interval σ satisfies 3i ϕ iff ϕ holds at some subinterval of σ which is different from
the 0-length intervals [min σ, min σ] and [min σ, min σ] that are at the beginning and
at the end of σ. In the translation from L to L0 below we abbreviate ` = 0 by p0 :
cpi
­ c for rigid constants c
xpi
­ x for individual variables x
(s(t1 , . . . , tn ))pi ­ s(tp1i , . . . , tpni ) for rigid n-ary symbols s
`pi
­ `
cpi
­ c(pi ) for other flexible constants c
(s(t1 , . . . , tn ))pi ­ s(pi , tp1i , . . . , tpni ) for flexible n-ary symbols s
⊥pi
­ ⊥
(ϕ ⇒ ψ)pi
­ ϕpi ⇒ ψ pi
pi
pi
(ϕ; ψ)
­ (ϕpi ; p
i; ψ )

2(pi+1 ⇒ pi )∧
(ψ\\ϕ)pi
­ ∃pi+1  2((pi+1 ; ` 6= 0 ∧ 2i ¬pi+1 ; pi+1 ) ⇒ ψ pi )∧ 
(pi+1 ; ϕpi+1 ; pi+1 )
pi
pi
(∃xϕ)
­ ∃xϕ
No special clause about iteration is needed in this translation, because it is expressible
by projection:
(ϕ∗ )pi ­ (ϕ\\>)pi .
The intended meaning of ϕpi is to express the truth value of ϕ at the (discrete) interval
consisting of the time points in the ordinary reference interval which, if regarded as
0-length intervals, satisfy pi . Since p0 stands for ` = 0, and this formula holds at every
0-length interval, p0 always represents the reference interval itself. That is why if ϕ is
projection-free, then ϕp0 is equivalent to ϕ.
Let pi represent some possibly discrete interval σ in the above way. Then the formula for (ϕ; ψ)pi states that chopping can be done at the points of σ only. The formula
for (ψ\\ϕ)pi states that there exists a discrete interval σ 0 represented by pi+1 which is
required to have the properties expressed by the conjunction in the scope of ∃pi+1 . The
32
members of this conjunction state that σ 0 is a subset of σ, every two adjacent points of
σ 0 define a subinterval of σ 0 which satisfies ψ, and σ 0 has the same end points as σ and
satisfies ϕ, respectively. The following proposition gives the precise formulation of the
intended meaning of the translation:
Proposition 37 Let F be an ITL\\ frame (which is the same as an ITLD and an ITL
frame). Let M = hF, Ii and M 0 = hF, I 0 i be models for L and L0 , respectively. Let I
and I 0 coincide on rigid symbols from L and L0 . Let
I 0 (s)([min σ, max σ], {[τ, τ ] : τ ∈ σ}, d1 , . . . , dn ) = I(s)(σ, d1 , . . . , dn )
where σ ∈ I\\ (TF ) and d1 , . . . , dn ∈ DF for other flexible symbols s. Let t be a term
and ϕ be a formula from L.
◦ Let σ ∈ I(TF ). Then Iσ (t) = Iσ0 (t`=0 ), and M, σ |= ϕ iff M 0 , σ |= ϕ`=0 .
◦ Let σ ∈ Pfin (TF ). Let {τ ∈ [min σ, max σ] : I(p1 )([τ, τ ]) = 1} = σ.
Then Iσ (t) = Iσ0 (tp1 ), and M, σ |= ϕ iff M 0 , [min σ, max σ] |= ϕp1 .
Proof: Induction on the construction of t and ϕ. a
This proposition entails that a formula ϕ is valid at the ordinary intervals of all
ITL\\ models for the language of ϕ iff ϕ`=0 is valid in ITLD and ϕ is valid at all the
discrete intervals of ITL\\ models iff ∀p1 ((p1 ; >; p1 ) ⇒ ϕp1 ) is valid in ITLD .
The proof system for ITLD is obtained by adding the following axioms and rules
to the proof system for ITL:
Extensionality axioms about flexible symbols with formula arguments
(D= )
(D⇔ )
2(ϕ ⇔ ψ) ∧ x1 = y1 ∧ . . . ∧ xn = yn ⇒ f (ϕ, x1 , . . . , xn ) = f (ψ, y1 , . . . , yn )
2(ϕ ⇔ ψ) ∧ x1 = y1 ∧ . . . ∧ xn = yn ⇒ (R(ϕ, x1 , . . . , xn ) ⇔ R(ψ, y1 , . . . , yn ))
Axioms and rules about discrete propositional variables
(D0 ) p ⇒ ` = 0
[q/p]ϕ
(S0 ) ∃p2¬p
(GD )
∀pϕ
(S1 ) x ≤ ` ⇒ ∃p∀y((` = y; p; >) ⇒ y = x)
∀k < ω [(2i ¬p)k /P ]ϕ
D
(S∨) ∃r2(r ⇔ p ∨ q)
(ω )
[>/P ]ϕ
(∃D ) [q/p]ϕ ⇒ ∃pϕ
This proof system is ω-complete for ITLD [7].
There is a straightforward connection between the ITLD discrete propositional
variables p and the 0-ary flexible relation symbols R involved in our direct axiomatisation of ITL\\ . Namely, if p is interpreted as a discrete propositional variable, then
∗
(p; >; p) ⇒ (p; ` 6= 0 ∧ 2i ¬p; p) is valid in the corresponding model.
Although the way valid ITL\\ formulas can be “proven” using the above translation and the proof system for ITLD is indirect, this approach has some advantages over
the direct axiomatisation. Given that ITL semantics has been enriched with discrete
intervals, projection is only one of the many discrete interval-related modal operators
which may happen to have meaning in applications. It is clear that other related operators can be handled by extending the above translation with clauses which encode their
definitions.
33
In particular, note that ITL\\ does not provide the possibility to access the underlying ordinary interval from a discrete reference interval. An operator [.] to enable this
can be defined as follows:
M, σ |= [ϕ] iff M, [min σ, max σ] |= ϕ
That is, [ϕ] holds at some, possibly discrete, interval, if ϕ holds at the ordinary interval
which has the same endpoints as the given one. For example,
(ϕ\\[ψ]) ⇔ ϕ∗ ∧ [ψ] and [ϕ] ⇒ ϕ ∨ δ ∗
are valid formulas, according to the proposed definition of [.].
The clause about the new operator in our translation is
[ϕ]pi ­ ϕp0 ,
i.e., from the (possibly discrete) interval, which is represented by pi , “return” to the
underlying ordinary interval, which is represented by p0 ­ ` = 0.
5
Projection in DC
The Duration Calculus (DC ) [24] is probably the most interesting extension of ITL. Its
language extends that of ITL by allowing state expressions which are boolean formulas
built using a distinguished set of non-logical symbols called state variables. State variables and, consequently, state expressions, are interpreted as {0, 1}-valued functions of
time. These functions are required to be piecewise constant. This restriction is known
as finite variability of state
R in DC. State expressions S participate in DC formulas by
forming duration terms S. Given an ITL model M = hF, Ii, we denote the value of
the function represented by state expression S at time τ by Iτ (S). Given an interval σ
in the time domain of F and a partition σ1 , . . . , σn of σ such
R that Iτ (S) is Rconstant in
every interval of the kind [min σi , max σi ), the value Iσ ( S) of the term S at σ is
defined by the equality
R
P
Iσ ( S) =
m(σi ),
i=1,...,n Imin σi (S)=1
where m(σ) stands for the measure, or the duration of σ, as in Definition 1. Clearly,
this definition does not depend on the choice of σ1 , . . . , σn , provided that σ = σ1 ; . . . ; σn ,
and Iτ (S) is constant on [min σi , max σi ), i = 1, . . . , n.
The following abbreviations are frequently used in DC:
0
­ P ∧ ¬P ,
for some arbitrarily chosen state variable P
1
­ ¬0
R
dSe ­
S = ` ∧ ` 6= 0
DC has been primarily studied with respect to its real-time frame FR . A relatively
complete proof system for DC with respect to this frame was presented in [13]. A
comprehensive introduction to DC is given in [14]. An ω-complete proof system for
DC on the class of all ITL frames can be found in [6].
There is no established way of interpreting duration terms at ITL\\ discrete intervals. One reasonable way is to refer
term at the underlying
R to the value of the duration
R
ordinary interval, by putting Iσ ( S) = I[min
(
S).
This
complies with the
σ,max
σ]
R
possibility to define ` in DC by putting ` ­ (P ∨ ¬P ). The following axiom can be
used to characterise this property:
34
R
R
R
(P ) ϕ∗ ∧ S = x ⇔ (ϕ\\ S = x)
Furthermore, since iteration is available in our proof system, finite variability of state
can be straightforwardly
R
R characterised by the axiom
(F V ) ( S = ` ∨ (¬S) = `)∗ ∨ δ ∗
The subformula δ ∗ of this axiom accounts for the possibility of a discrete interval not
to contain all the time points where the interpretation of S changes its
R value.
The extension of the proof system for ITL\\ by the axioms P , F V and DC0DC7 below is ω-complete
R for DC with projection, as introduced here.
(DC0) `R = 0 ⇒ S = 0
(DC1)
0=0
(DC2) d1e
R ∨`=0
R
(DC3) (R S = x; dSe ∧ ` =Ry) ⇒ S = x + y
(DC4) ( S = x; d¬Se) ⇒ S = x
(DC5) dS1 e ∧ dS2 e ⇔ dS1 ∧ S2 e
(DC6) dS1 e ⇔ dS2 e if |= S1 ⇔ S2 in propositional calculus.
(DC7) dSe ⇒ 2(dSe ∨ ` = 0)
A proof can be obtained easily by following the example about ITL\\ given here
and the ω-completeness argument about DC in [6].
Conclusion
We have presented an ω-complete proof system for the extension of first order ITL
by projection and carried out the completeness argument about this system in the wellknown framework provided by Henkin constructions. We have also briefly presented an
alternative approach to the axiomatisation of ITL\\ , which employs a truth-preserving
translation of ITL\\ formulas into formulas of a (simpler) completely axiomatised
extension of ITL. This approach gives an indirect solution to the axiomatisation of
ITL, but provides a convenient way to handle other discrete interval related operators
along with projection. Our approach to ω-axiomatisation applies to DC, which the
best known and most widely applied extension of ITL.
Acknowledgements
The author is grateful to He Jifeng for a number of encouraging discussions on the
topic of this paper during its preparation. Thanks are also due to anonymous referees
for their many remarks and suggestions on the presentation of the results. Research on
the topic of this article was partially supported by a fellowship with the International
Institute for Software Technology of the United Nations University and Contract No.
I-1102/2001 by the Ministry of Education and Science of the Republic of Bulgaria.
35
References
[1] B OWMAN , H. AND S. T HOMPSON . A Decision Procedure and Complete Axiomatisation of Finite Interval Temporal Logic with Projection. Journal of Logic
and Computation, vol. 13, issue 2, 2003, pp. 195-239.
[2] C HAKRAVORTY, G. AND P. K. PANDYA . Digitizing Interval Duration Logic. To
appear in the proceedings of CAV 2003, LNCS, July, 2003.
[3] C AU , A., B. M OSZKOWSKI AND H. Z EDAN . Interval Temporal Logic. URL:
http://www.cms.dmu.ac.uk/˜cau/itlhomepage/itlhomepage.html
, accessed in 2000.
[4] D UTERTRE , B. On First Order Interval Temporal Logic. Report no. CSD-TR94-3 Department of Computer Science, Royal Holloway, University of London,
Egham, Surrey TW20 0EX, England, 1995.
[5] DANG VAN H UNG AND WANG J I . On The Design of Hybrid Control Systems
Using Automata Models. Proceedings of FST TCS 1996, LCNS 1180, Springer
Verlag, 1996, pp. 156-167.
[6] G UELEV,
D. P. A Calculus of Durations on Abstract Domains:
Completeness and Extensions. Technical Report 139,
UNU/IIST, P.O.Box 3058,
Macau,
May 1998. Available from
http://www.iist.unu.edu/newrh/III/1/page.html .
[7] G UELEV, D. P. Probabilistic and Temporal Modal Logics, Ph.D. thesis, Sofia
University, 2000.
[8] G UELEV, D. P. A Complete Fragment of Higher-order Duration µ-calculus. Proceedings of FST TCS 2000, LNCS 1974, Springer Verlag, 2000, pp. 264-276.
[9] G UELEV, D. P. AND DANG VAN H UNG . Prefix and Projection onto State in
Duration Calculus. ENTCS Proceedings of TPTS’02, 2002.
[10] G UELEV, D. P. AND DANG VAN H UNG . Projection onto State in the Duration Calculus: Relative Completeness. Proceedings of AVoCS’03, Southhampton, UK, Technical Report DSSE-TR-2003-2 of the University of Southampton, 2003, pp. 64-73. Also available as UNU/IIST Technical Report 269 from
http://www.iist.unu.edu/newrh/III/1/page.html .
[11] H E J IFENG . A Behavioral Model for Co-design. Proceedings of FM’99, LNCS
1709, Springer Verlag, 1999, pp. 1420-1438
[12] H ALPERN , J., Z. M ANNA AND B. M OSZKOWSKI . A Hardware Semantics Based
on Temporal Intervals. Proceedings of ICALP’83, LNCS 154, Springer Verlag,
1983, pp. 278-91.
[13] H ANSEN , M. R. AND Z HOU C HAOCHEN . Semantics and Completeness of Duration Calculus. Real-Time: Theory and Practice, LNCS 600, Springer Verlag,
1992, pp. 209-225.
36
[14] H ANSEN , M. R. AND Z HOU C HAOCHEN . Duration Calculus: Logical Foundations. Formal Aspects of Computing, 9, 1997, pp. 283-330.
[15] M OSZKOWSKI , B. Temporal Logic For Multilevel Reasoning About Hardware.
IEEE Computer, 18(2):10-19, February 1985.
[16] M OSZKOWSKI , B. Executing Temporal Logic Programs. Cambridge University
Press, 1986.
[17] M OSZKOWSKI , B. Compositional Reasoning about Projected and Infinite Time.
Proceedings of ICECCS’95, IEEE Computer Society Press, Los Alamitos, California, 1995, pp. 238-245.
[18] PANDYA , P. K. Some extensions to Mean-Value Calculus: Expressiveness and
Decidability. Proceedings of CSL’95, LNCS 1092, 1995.
[19] PANDYA , P. K. Weak Chop Inverses and Liveness in Mean-Value Calculus. Proceedings of FTRTFT’96, LNCS 1135, Springer Verlag, 1996, pp. 148-167.
[20] O RLOWSKA , E. Relational Proof Systems for Modal Logics. Proof Theory of
Modal Logic. H EINRICH WANSING ( ED .), Kluwer, 1996, pp. 55-78.
[21] S HOENFIELD , J. Mathematical Logic, Addison-Wesley, Reading, Massachusetts,
1967.
[22] Z HOU C HAOCHEN , D. P. G UELEV AND Z HAN NAIJUN . A Higher-Order Duration Calculus. Millenial Perspectives in Computer Science, Palgrave, 2000.
[23] Z HOU C HAOCHEN , AND M. R. H ANSEN . An Adequate First Order Interval
Logic. International Symposium, Compositionality - The Significant Difference,
LNCS 1536, Springer Verlag, 1998, pp. 584-608.
[24] Z HOU C HAOCHEN , C. A. R. H OARE AND A. P. R AVN . A Calculus of Durations.
Information Processing Letters, 40(5), 1991, pp. 269-276.
37