Intuitionistic Layered Graph Logic:Semantics and Proof Theory

Intuitionistic Layered Graph Logic:
Semantics and Proof Theory

Simon Docherty University College London, UK simon.docherty.14@ucl.ac.uk    David Pym University College London, UK d.pym@ucl.ac.uk
Abstract

Models of complex systems are widely used in the physical and social sciences, and the concept of layering, typically building upon graph-theoretic structure, is a common feature. We describe an intuitionistic substructural logic that gives an account of layering. The logic is a bunched system, combining the usual intuitionistic connectives, together with a non-commutative, non-associative conjunction (used to capture layering) and its associated implications. We give soundness and completeness theorems for a labelled tableaux system with respect to a Kripke semantics on graphs. We then give an equivalent relational semantics, itself proven equivalent to an algebraic semantics via a representation theorem. We utilise this result in two ways. First, we prove decidability of the logic by showing the finite embeddability property holds for the algebraic semantics. Second, we prove a Stone-type duality theorem for the logic. By introducing the notions of ILGL hyperdoctrine and indexed layered frame we are able to extend this result to a predicate version of the logic and prove soundness and completeness theorems for an extension of the layered graph semantics . We indicate the utility of predicate ILGL with a resource-labelled bigraph model.

Complex systems, modelling, graphs, layered graphs, substructural logic, bunched logic, layered graph logic, predicate logic, tableaux, Kripke semantics, algebraic semantics, decidability, finite model property, Stone-type duality, soundness and completeness, bigraphs, pointer logic, hyperdoctrine

1 Introduction

Complex systems can be defined as the field of science that studies, on the one hand, how it is that the behaviour of a system, be it natural or synthetic, derives from the behaviours of its constituent parts and, on the other, how the system interacts with its environment. A commonly employed and highly effective concept that helps to manage the difficulty in conceptualizing and reasoning about complex systems is that of layering: the system is considered to consist of a collection of interconnected layers each of which has a distinct, identifiable role in the system’s operations. Layers can be informational or physical and both kinds may be present in a specific system.

Graphs provide a suitably abstract setting for a wide variety of modelling purposes, and layered graphs already form a component of many existing systems modelling approaches. For example, both social networks [5] and transportation systems [31], have been modelled by a form of layered graph in which multiple layers are given by relations over a single set of nodes. A key feature of the TCP/IP conceptual model of communications on the Internet [8] is its separation into layers. This form of layering is not immediately represented in terms of graphs. However, the form of its information flows may be captured quite naturally using layered graphs [9]. Elsewhere layered graph models have been deployed to solve problems related to telecommunications networks [23] and to aid the design of P2P systems for businesses [41]. A bigraphs [36] is a form of layered graph that superimposes a spatial place graph of locations and a link graph designating communication structure on a single set of nodes. Such graphs provide models of distributed systems and have been used to generalize process models like petri nets and the -calculus. Similar ideas have also been used to give layered models of biological systems [35].

In this paper, we give a formal definition of layered graph and provide a bunched logic for reasoning about layering. Bunched logics freely combine systems of different structural strengths. For example, the logic of bunched implications (BI) [37, 26, 38, 21] combines intuitionistic propositional logic with multiplicative intuitionistic linear logic (MILL) [22].

This kind of combination can be most clearly understood proof-theoretically. Consider the sequent calculus, a proof system that directly represents consequence. In a sequent in intuitionistic logic, the context is simply a finite sequence of formulae connected by an operation which admits the structural properties of Exchange (E), Contraction (C), and Weakening (W). In the bunched system BI, the context in a sequent is constructed as a finite tree, using two operations and with formulae at the leaves and and at the internal vertices. In this set-up, the semi-colon admits Exchange, Contraction, and Weakening, but the comma admits only Exchange. Both are associative. As a result, we have in BI the ‘deep’ structural rules for

but do not have the corresponding and rules for the comma .

Corresponding to the two operations are additive and multiplicative conjunctions, and , each of which is accompanied by a corresponding implication, and , respectively. So we have rules such as

and

and their right and left counterparts.

The logic BI has a classical counterpart, called Boolean BI (BBI), in which the additives are classical, That is, BBI freely combines classical propositional logic and MILL. In [9, 10], the logic LGL, or ‘layered graph logic’, was introduced. Like BBI, LGL employs classical additives, but, unlike BBI, it employs a multiplicative conjunction that is neither commutative — that is, does not admit Weakening — nor associative.

The key difference with LGL in the present work is that the additive component of the bunched logic we employ is intuitionistic. Our logic is thus related to BI in precisely the same manner that LGL is related to BBI.

There are a number of reasons to investigate such a logic. Propositional intuitionistic logic was famously given a truth-functional semantics on ordered sets of possible worlds by Kripke [30]. Propositions are intuitionistically true if their classical truth value persists with respect to the introduction of new facts. This is formally captured by the notion of persistent valuation. A valuation is persistent iff for all and all : and implies . For persistent , this property extends to the satisfaction relation of Kripke’s semantics. Thus is true at a world iff is true at all worlds such that .

Directed graphs carry a natural order: the subgraph relation. An intuitionistic logic on graphs is therefore suitable for reasoning about properties that persist with respect to this order. One example relevant to systems modelling is the existence of a path satisfying desirable properties. This principle can be generalized to a chosen order on the subgraphs of a model.

There are also technical motivations that lie behind the introduction of an intuitionstic variant of the logic, most prominently the question of completeness. In [9] an algebraic completeness result was given for a class of structures that included the layered graph models. Some of the methods in this paper also yield a completeness result for a class of relational structures that closely resemble the layered graph models. However a completeness result specifically for the class of layered graph models eludes proof. This is not unexpected: completeness proofs typically capture a general classes of models, of which the intended class of models is a subclass. In the case of intuitionistic LGL, however, we are able to give a labelled tableaux system that outputs intuitionistic layered graph countermodels to invalid formulae, yielding completeness for the intended class of models. Moreover, we are able to combine this result with those for algebraic and relational structures to prove strong metatheoretic properties like the decidability of validity on layered graph models.

There are precursors in the literature for such a logic. The first, a spatial logic for querying graphs [7] also includes multiplicative connectives for reasoning about the decomposition of graphs into disjoint subgraphs. In this treatment directionality is not considered, with the consequence that the spatial decomposition cannot capture a notion of layering. As a result the multiplicative conjunction that captures decomposition is both commutative and associative, in contrast to our logic. It also differs in that the additive component of the logic is classical. A closer relative is the logic BiLog, designed specifically for reasoning about bigraphs [13]. In BiLog there are two sets of multiplicatives reflecting the two different ways bigraphs can be composed: the side-by-side composition of place graphs and the composition of link graphs at designated interfaces. As both compositions are order-sensitive, the associated connectives are non-commutative, however both are associative. Once again the additive connectives are classical. In both cases, very little metatheoretic work has been done beyond specification of semantics. In contrast we provide a comprehensive proof theoretic treatment of intuitionistic LGL and give an affirmative result on decidability. This is bolstered further by mathematically substantial results on topological duality for the logic and a sound and complete extension to predicate logic. Although we defer to another occasion a detailed investigation of the relationship between bigraphs and our logic, we indicate how bigraph-like structures provide an instance of our semantics.

The route map for this paper is as follows. In Section 2, we introduce a formal definition of layered graph. This motivates the introduction of ordered scaffolds, the central semantic structure for the logic. This is followed by a specification of the syntax and semantics of Intuitionistic Layered Graph Logic (ILGL). We give two proof systems for the logic: a simple Hilbert-type system extending that of propositional intuitionistic logic and a labelled tableaux system.

In Section 3, we establish the basic metatheory of the logic: namely, the soundness and completeness of the layered graph semantics with respect to the labelled tableaux system. This is facilitated by design choices in the labelling algebra that allow us to extract ordered scaffold countermodels for formulae lacking a tableaux proof.

In Section 4, we turn towards decidability of the logic. Our proof proceeds in two stages. First, we define an algebraic semantics based on ILGL’s Hilbert system and a relational semantics based on ILGL’s layered graph semantics. Using the labelled tableaux system we are able to show that the relational semantics and layered graph semantics are equivalent. Further, by a representation theorem for the algebraic semantics, we are are able to show equivalence with the relational semantics. With this established, we prove the finite model property holds for the algebraic semantics, and thus decidability holds for the logic. In Section 5 we extend the representation theorem to a Stone-type topological duality.

Finally, in Section 6 we define predicate ILGL and prove soundness and completeness with respect to a Hilbert system for a semantics on indexed relational structures. As an example of how this might be used, we define an extension of the layered graph semantics for a specific signature of predicate ILGL, and show this semantics is an instantiation of the one proven complete. We finish the section with an extension of the duality theorem of Section 5. In Section 7 we discuss directions for further work.

This paper is an expanded version of [16] and contains several new results. In particular the content of Sections 4 - 6 is new. This includes decidability of the logic, the representation & duality theorems for ILGL’s algebraic semantics and the extension to predicate ILGL with its associated soundness, completeness and duality theorems. We also give full proofs of tableaux completeness that were previously only sketched.

While layered graphs are a key component of models of complex systems, other structure is also important. For example, in modelling the structure and dynamics of distributed systems — in order, for example, to study security properties — it is necessary to capture the architecture of system locations, their associated system resources, and the processes that describe how the system delivers its services. Tools for reasoning about the structure and behaviour of complex systems therefore must handle location. But they must also handle resource and process. Thus logics for layered graphs represent just a first step in establishing a logical account of complex systems modelling. A second step would be to reformulate the Hennessy-Milner-van Bentham-style logics of state for location-resource-processes [12, 11, 1] to incorporate layering.

2 Intuitionistic layered graph logic

2.1 The Layered Graph Construction

We begin with a formal, graph-theoretic account of the notion of layering that, we claim, captures the concept as used in complex systems. In this definition, two layers in a directed graph are connected by a specified set of edges, each element of which starts in the upper layer and ends in the lower layer.

Given a directed graph, , we refer to its vertex set by . Its edge set is given by a subset , while its set of subgraphs is denoted . We overload set theoretic inclusion to also refer to the subgraph relation: . For a distinguished edge set , the reachability relation on subgraphs of is defined iff there exist and such that .

This generates a partial composition on subgraphs. Let denote definedness and denote undefinedness. For subgraphs and , with output given by the graph union of the two subgraphs and the -edges between them. Formally, if , then is defined by and .

For a graph , we say it is layered (with respect to ) if there exist , such that and (see Figure 2). Layering is evidently neither commutative nor (because of definedness) associative: for a full exposition of these properties see [9].

Figure 1: The graph composition
Figure 2: An ordered scaffold

Within a given ambient graph, , we can identify a specific form of layered structure, called an ordered scaffold, on which we interpret intuitionistic layered graph logic. To set this up, we begin with the definition of admissible subgraph set, a subset such that, for all , if , then iff .

{defi}

[Ordered Scaffold] An ordered scaffold is a structure such that is a graph, , an admissible subgraph set and a preorder on . Layers are present if for at least one pair .

Figure 2 shows a simple example of an ordered scaffold. Note that the scaffold is preordered and we choose a subset of the subgraph set. This is a more general definition of scaffold than that taken in [9, 10], where the structure was less tightly defined.

There are several reasons for these choices. Properties of graphs that are inherited by their subgraphs are naturally captured in an intuitionistic logic. This idea is generalized by the preorder the ordered scaffold carries, structure that allows us to extend the Kripke interpretation of propositional intuitionistic logic to obtain our semantics for ILGL. We do not specify which preorder the scaffold carries as there are a number of natural choices. It also may be desirable to define more exotic orders for specific modelling situations.

Figure 3: Place and link graphs
Figure 4: Bigraph
{exa}

[Bigraphs] A bigraph [36] is comprised of a set of nodes on which a place graph and a link graph are defined. The place graph has the structure of a disjoint union of trees (a forest), whilst the link graph is a hypergraph on which one edge can connect many nodes. Intuitively, the place graph denotes spatial relationships, whilst the link graph denotes the communication structure of the system.

The link graph has additional structure: finite sets of labelled vertices , denoting inner names and outer names respectively. These act as interfaces to enable the composition of bigraphs: if the outer names of a bigraph match the inner names of another, their link graphs may be connected at these vertices. This compositional quality makes bigraphs ideal structures for modelling distributed systems. Bigraphical Reactive Systems (BRS) provide a dynamics for such models by defining transitions that reconfigure spatial relations and connectivity. Such systems generalize a wealth of process calculi, including -calculi and the CCS.

Figure 4 shows a bigraph and Figure 4 its consituent parts. The structure of the place graph is visually realised in the bigraph by the containment of its nodes. We now show how a system of composed bigraphs can be encoded as an ordered scaffold. Given we work with directed graphs, we model a form of directed bigraph [24].

We begin with a single bigraph. First, consider the link graph. We can replace each hyperedge with a vertex attached to which we add an edge for each connection of the hyperedge. This obtains a directed graph with the same path information. Now note that a forest can straightforwardly be seen as a partial order on its vertices. This generates a partial order on the set of subgraphs . We extend to the link graph by specifying that .

Now we consider a system of composed bigraphs. Given bigraphs , where has the same outer names as ’s inner names, we can connect the outer name vertices of to the inner name vertices of with new edges. We collect all such edges as . Thus the composition denotes the composition of the link graphs and , and we can take the disjoint union of the partial orders to obtain a bigraph . In this way we obtain an ordered scaffold with the admissible subgraph set given by the closure under composition of the set together with each link graph , and order generated by the union of the partial orders defined by the place graphs of the system. \qed

We choose an admissible subgraph set in order to reason more specifically about the layering structure of interest in the model, and to avoid degenerate cases of layers. For example, two disjoint subgraphs and may designate distinct, non-interacting regions in a systems model. However their disjoint union would be interpreted as layered over another subgraph if but . The solution is to specify for the ordered scaffold modelling the system.

There are further technical considerations behind this choice. When we restrict to interpreting ILGL on the full subgraph set, it is impossible to perform any composition of models without the states proliferating wildly. A similar issue arises during the construction of countermodels from the tableaux system of Section 3, a procedure that breaks down when we are forced to take the full subgraph set as the set of states.

2.2 The logic ILGL

Having established the layered graph construction and a semantic structure of interest, we now set up the logic ILGL. Let be a set of atomic propositions, ranged over by p. The set of all propositional formulae is generated by the following grammar:

A Hilbert-type proof system for ILGL, , is given in Figure 5. The additive fragment, corresponding to intuitionistic propositional logic, is standard (e.g., [2]). The presentation of the multiplicative fragment is similar to that for BI’s multiplicatives [38], but for the non-commutative and non-associative (following from the absence of a multiplicative counterpart to ) conjunction, , together with its associated left and right implications and (cf. [32, 33]). The multiplicative conjunction is key to our logic, as it captures layering.

\AxiomC \RightLabel \UnaryInfC \DisplayProof\AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof\AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof
\AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof  \AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof
\AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof
Figure 5: Rules of the Hilbert system,
{defi}

[Layered graph model] A layered graph model of is a pair where is an ordered scaffold and is a persistent valuation; that is, . \qed

Satisfaction in layered graph models is then defined in a familiar way.

{defi}

[Satisfaction in layered graph models] Given a layered graph model , we generate the satisfaction relation as follows:

\qed
{defi}

[Validity] is valid in a layered graph model ) iff, for all , . is valid iff, for all layered graph models , . \qed

A straightforward inductive argument shows that persistence extends to all formulae for this semantics.

{lem}

[Persistence] For all , and implies . \qed

Note that, unlike in BI’s resource monoid semantics, we require the restriction ‘for all , ’ in the semantic clauses for the multiplicative implications. Without this we cannot prove persistence, and with it completeness, because we cannot apply the inductive hypothesis in those cases.

The reason for this is that we put no restriction on the interaction between and in the definition of preordered scaffold. This is unlike the analogous case for BI, where the monoidal composition is required to be bifunctorial with respect to the ordering. One might resolve this issue with the following addendum to the definition of preordered scaffold: if and , then and .

Two natural examples of subgraph preorderings show that this would be undesirable. First, consider the layering preorder. Let be the reflexive, transitive closure of the relation iff , restricted to the admissible subgraph set . Figure 7 shows a subgraph with and but . Second, consider the subgraph order. In Figure 7, we have and but . It is, however, the case that, with this ordering, if and , then .

Figure 6: -reachability preorder
Figure 7: Subgraph order

2.3 Labelled tableaux

It’s clear that obtaining completeness for the class of layered graph models with respect to the Hilbert system will not be a straightforward task. For one, there does not appear to be any sensible way to augment equivalence classes of ILGL formulae with graph theoretic structure in such a way that -provability is reflected. A key reason for this is that the multiplicativity of is not directly represented in .

We take an alternative route: we define a labelled tableaux system for ILGL, utilising a method first showcased on tableaux systems for BBI and DMBI [34, 15], strongly influenced by previous work for BI [21]. By carefully restricting the labelling algebra of the proof system, we are able to uniformly transform the labels of a derivation into a layered graph model under the right conditions. This is similar in spirit to the labelled tableaux system for Separation Logic [20], which has a countermodel extraction procedure that outputs heap models, the intended models of the logic. It will be shown in Section 4 that this captures a notion of provability equivalent to .

{defi}

[Graph labels] Let be a countable set of atomic labels. We define the set to be the set of graph labels. A sub-label of a label is a non-empty sub-word of , and we denote the set of sub-labels of by . \qed

The graph labels are a syntactic representation of the subgraphs of a model, with labels of length representing a graph that can be decomposed into two layers. We exclude the possibility as layering is anti-reflexive. In much the same way we give a syntactic representation of preorder.

{defi}

[Constraints] A constraint is an expression of the form , where and are graph labels. \qed

Let be a set of constraints. The domain of is the set of all non-empty sub-labels appearing in . In particular, The alphabet of is the set of atomic labels appearing in . In particular, we have .

 

\AxiomC \RightLabel \UnaryInfC \DisplayProof  \AxiomC \RightLabel \UnaryInfC \DisplayProof  \AxiomC \RightLabel \UnaryInfC \DisplayProof  \AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof  \AxiomC \RightLabel \UnaryInfC \DisplayProof  \AxiomC \AxiomC \RightLabel \BinaryInfC \DisplayProof
Figure 8: Rules for closure of constraints

 

{defi}

[Closure of constraints] Let be a set of constraints. The closure of , denoted , is the least relation closed under the rules of Figure 8 such that . \qed

This closure yields a preorder on , with generating reflexivity and yielding transitivity. Crucially, taking the closure of the constraint set does not cause labels to proliferate and the generation of any particular constraint from an arbitrary constraint set is fundamentally a finite process.

{prop}

Let be a set of constraints. (1) iff . (2) and . \qed {lem}[Compactness] Let be a (possibly countably infinite) set of constraints. If , then there is a finite set of constraints such that . \qed

{defi}

[Labelled Formula / CSS] A labelled formula is a triple , written . A constrained set of statements (CSS) is a pair , where is a set of labelled formulae and is a set of constraints, satisfying the following properties: for all and distinct , (1) if , then , (2) if , then , and (3) if , then . A CSS is finite if and are finite. The relation is defined on CSSs by . We denote by when holds and is finite. \qed

The CSS properties ensure models can be built from the labels: (Ref) ensures we have enough data for the closure rules to generate a preorder, (Contra) ensures the contra-commutativity of graph layering is respected, and (Freshness) ensures the layering structure of the models we construct is exactly that specified by the labels and constraints in the CSS. As with constraint closure, CSSs have a finite character.

{prop}

For any CSS in which is finite, there exists such that is finite and is a CSS. \qed

\AxiomC \RightLabel \UnaryInfC \DisplayProof    \AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof    \AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof    \AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof    \AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof
\AxiomC \RightLabel \UnaryInfC \DisplayProof\AxiomC \RightLabel \UnaryInfC \DisplayProof
with and being fresh atomic labels
Figure 9: Tableaux rules for ILGL

Figure 9 presents the rules of the tableaux system for ILGL. That ‘ and are fresh atomic labels’ means . This means it is impossible to introduce the word as a label. Note also that bunching is explicit in the labels, with concatenation of labels occurring in the rules for the multiplicative connectives , , . This is analogous (and in fact equivalent) to the concatenation of contexts via the multiplicative conjunction’s context former in a sequent calculus. This is in stark contrast to the Hilbert system which outsources this structure to the metatheory.

{defi}

[Tableaux] Let be a finite CSS. A tableau for this CSS is a list of CSS, called branches, built inductively according the following rules, where denotes the concatenation of lists:

  1. The one branch list is a tableau for ;

  2. If the list is a tableau for and

    \AxiomC

    cond \UnaryInfC \DisplayProof

    is an instance of a rule of Figure 9 for which cond is fulfilled, then the list is a tableau for .

A tableau for the formula is a tableau for . \qed

It is a simple but tedious exercise to show that the rules of Figure 9 preserve the CSS properties of Definition 2.3.

We now give the notion of proof for our labelled tableaux.

{defi}

[Closed tableau/proof] A CSS is closed if one of the following conditions holds: (1) , and ; (2) ; and (3) . A CSS is open iff it is not closed. A tableau is closed iff all its branches are closed. A proof for a formula is a closed tableau for . \qed

Figure 10 shows a tableau proof of in tree form. Each branch gives the set of labelled formulae of a CSS, with the rectangular boxes giving its set of constraints . denotes the application of a rule, with the circled side conditions showing which condition on the closure of the constraint set was used to allow it. Finally, the cross marks the closure of a branch.

The first rule application at is . This introduces fresh labels and with the constraints and . Since we have the constraint we are able to apply at . The tableau then branches. On the left hand branch we have both and , thus it is closed; on the right we apply at . This introduces a fresh label with the constraint and introduces to the branch. We then apply at , introducing , thus closing the branch. As both branches are closed, the tableau is closed and the formula is proved.

Figure 10: A tableau proof of

CSSs are related back to the graph semantics via the notion of realization.

{defi}

[Realization] Let be a CSS. A realization of is a triple where is a layered graph model and is such that (1) for all , if , then and ), (2) if , then , (3) if , then , (4) if , then . \qed

We say that a CSS is realizable is there exists a realization of it. We say that a tableau is realizable if at least one of its branches is realizable. We can also show that the relevant clauses of the definition extend to the closure of the constraint set automatically.

{prop}

Let be a CSS and a realization of it. Then: (1) for all , is defined; (2) if , then . \qed

3 Soundness & Completeness

In this section we establish the soundness and, via countermodel extraction, the completeness of ILGL’s tableaux system with respect to layered graph semantics. The proof of soundness is straightforward (cf. [15, 19, 21, 34]). We begin with two key lemmas about realizability and closure. Their proofs proceed by simple case analysis.

{lem}

The tableaux rules for ILGL preserve realizability. \qed

{lem}

Closed branches are not realizable. \qed

{thm}

[Soundness] If there exists a closed tableau for the formula , then is valid in layered graph models.

{proof}

Suppose that there exists a proof for . Then there is a closed tableau for the CSS . Now suppose that is not valid. Then there is a countermodel and a subgraph such that . Define with . Note that is a realization of , hence by Lemma 3, is realizable. By Lemma 3, cannot be closed. But, this contradicts the fact that is a proof and therefore a closed tableau. It follows that is valid.

We now proceed to establish the completeness of the labelled tableaux with respect to layered graph semantics. We begin with the notion of a Hintikka CSS, which will facilitate the construction of countermodels.

{defi}

[Hintikka CSS] A CSS is a Hintikka CSS iff, for any formulae and any graph labels , we have the following:

\qed

We now give the definition of a function that extracts a countermodel from a Hintikka CSS. A Hintikka CSS can thus be seen as the labelled tableaux counterpart of Hintikka sets, which are maximally consistent sets satisfying a subformula property.

{defi}

[Function ] Let be a Hintikka CSS. The function associates to a tuple , such that (1) ), (2) , , where , , , and , (3) iff , and (4) iff there exists such that and . \qed

The next lemma shows that there is a precise correspondence between the structure that the Hintikka CSS properties impose on the labels and the layered structure specified by the construction of the model.

{lem}

Let be a Hintikka CSS and . (1) If , then iff . (2) If , then . 3. iff there exist s.t. , and .

{proof}
  1. Immediate from CSS property (Contra).

  2. Immediate from 1. and the definition of .

  3. The right-to-left direction is trivial, so assume . There are three possible cases for and other than and : we attend to one as the others are similar. Suppose and . Then must hold because of either or . That is, or . In both cases the property (Freshness) is contradicted so neither can hold. It follows that only the case and is non-contradictory, and so by 1. . \qedhere

{lem}

Let be a Hintikka CSS. is a layered graph model. {proof} is clearly a graph and being a preorder on can be read off of the rules for the closure of constraint sets. Thus the only non-trivial aspects of the proof are that is admissible and that is persistent.

First we show that is an admissible subgraph set. Let with . First we assume . Then and for labels . By the previous lemma it follows that and and . Thus . Now suppose . Then for some . The case is clearly impossible as so necessarily . Then we have as sub-labels of and with the only possible composition equal to . It follows that and as required.

Finally we must show is a persistent valuation. Let with . Then and for some with . By definition of there exists with and . By closure rule we have so .

{lem}

Let be a Hintikka CSS and . For all formulae , and all . we have (1) if , then , and (2) if , then . Hence, if , then is not valid and is a countermodel of .

{proof}

We proceed by a simultaneous structural induction on , concentrating on cases of interest.

  • Base cases.

    • Case . We suppose that . Then . By the definition of , there is a label such that