Part I

Normal Modal Logics

1
 This part covers the metatheory of normal modal logics. It currently
consists of Aldo Antonelli’s notes on classical correspondence theory for
basic modal logic.

2 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Chapter 1

Syntax and Semantics

1.1 Introduction
nml:syn:int: Modal logic deals with modal propositions and the entailment relations among
sec
them. Examples of modal propositions are the following:

1. It is necessary that 2 + 2 = 4.

2. It is necessarily possible that it will rain tomorrow.

3. If it is necessarily possible that φ then it is possible that φ.

Possibility and necessity are not the only modalities: other unary connectives
are also classified as modalities, for instance, “it ought to be the case that φ,”
“It will be the case that φ,” “Dana knows that φ,” or “Dana believes that φ.”
Modal logic makes its first appearance in Aristotle’s De Interpretatione: he
was the first to notice that necessity implies possibility, but not vice versa; that
possibility and necessity are inter-definable; that If φ ∧ ψ is possibly true then
φ is possibly true and ψ is possibly true, but not conversely; and that if φ → ψ
is necessary, then if φ is necessary, so is ψ.
The first modern approach to modal logic was the work of C. I. Lewis, cul-
minating with Lewis and Langford, Symbolic Logic (1932). Lewis & Langford
were unhappy with the representation of implication by means of the mate-
rial conditional: φ → ψ is a poor substitute for “φ implies ψ.” Instead, they
proposed to characterize implication as “Necessarily, if φ then ψ,” symbolized
as φ J ψ. In trying to sort out the different properties, Lewis identified five
different modal systems, S1, . . . , S4, S5, the last two of which are still in use.
The approach of Lewis and Langford was purely syntactical : they identified
reasonable axioms and rules and investigated what was provable with those
means. A semantic approach remained elusive for a long time, until a first
attempt was made by Rudolf Carnap in Meaning and Necessity (1947) using
the notion of a state description, i.e., a collection of atomic sentences (those
that are “true” in that state description). After lifting the truth definition to
arbitrary sentences φ, Carnap defines φ to be necessarily true if it is true in all

3
state descriptions. Carnap’s approach could not handle iterated modalities, in
that sentences of the form “Possibly necessarily . . . possibly φ” always reduce
to the innermost modality.
The major breakthrough in modal semantics came with Saul Kripke’s article
“A Completeness Theorem in Modal Logic” (JSL 1959). Kripke based his
work on Leibniz’s idea that a statement is necessarily true if it is true “at
all possible worlds.” This idea, though, suffers from the same drawbacks as
Carnap’s, in that the truth of statement at a world w (or a state description
s) does not depend on w at all. So Kripke assumed that worlds are related by
an accessibility relation R, and that a statement of the form “Necessarily φ”
is true at a world w if and only if φ is true at all worlds w′ accessible from
w. Semantics that provide some version of this approach are called Kripke
semantics and made possible the tumultuous development of modal logics (in
the plural).
When interpreted by the Kripke semantics, modal logic shows us what
relational structures look like “from the inside.” A relational structure is just
a set equipped with a binary relation (for instance, the set of students in
the class ordered by their social security number is a relational structure).
But in fact relational structures come in all sorts of domains: besides relative
possibility of states of the world, we can have epistemic states of some agent
related by epistemic possibility, or states of a dynamical system with their state
transitions, etc. Modal logic can be used to model all of these: the first gives
us ordinary, alethic, modal logic; the others give us epistemic logic, dynamic
logic, etc.
We focus on one particular angle, known to modal logicians as “correspon-
dence theory.” One of the most significant early discoveries of Kripke’s is that
many properties of the accessibility relation R (whether it is transitive, sym-
metric, etc.) can be characterized in the modal language itself by means of
appropriate “modal schemas.” Modal logicians say, for instance, that the re-
flexivity of R “corresponds” to the schema “If necessarily φ, then φ”. We
explore mainly the correspondence theory of a number of classical systems of
modal logic (e.g., S4 and S5) obtained by a combination of the schemas D, T,
B, 4, and 5.

1.2 The Language of Basic Modal Logic

nml:syn:lan:
sec
Definition 1.1. The basic language of modal logic contains

1. The propositional constant for falsity ⊥.

2. The propositional constant for truth ⊤.

3. A denumerable set of propositional variables: p0 , p1 , p2 , . . .

4. The propositional connectives: ¬ (negation), ∧ (conjunction), ∨ (disjunc-

tion), → (conditional), ↔ (biconditional).

4 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 5. The modal operator □.
6. The modal operator ♢.

Definition 1.2. Formulas of the basic modal language are inductively defined
as follows:
1. ⊥ is an atomic formula.
2. ⊤ is an atomic formula.
3. Every propositional variable pi is an (atomic) formula.
4. If φ is a formula, then ¬φ is a formula.
5. If φ and ψ are formulas, then (φ ∧ ψ) is a formula.
6. If φ and ψ are formulas, then (φ ∨ ψ) is a formula.
7. If φ and ψ are formulas, then (φ → ψ) is a formula.
8. If φ and ψ are formulas, then (φ ↔ ψ) is a formula.
9. If φ is a formula, then □φ is a formula.
10. If φ is a formula, then ♢φ is a formula.
11. Nothing else is a formula.

If a formula φ does not contain □ or ♢, we say it is modal-free.

1.3 Simultaneous Substitution

nml:syn:sub: An instance of a formula φ is the result of replacing all occurrences of a propo-
sec
sitional variable in φ by some other formula. We will refer to instances of
formulas often, both when discussing validity and when discussing derivability.
It therefore is useful to define the notion precisely.
nml:syn:sub: Definition 1.3. Where φ is a modal formula all of whose propositional vari-
def:subst-inst
ables are among p1 , . . . , pn , and θ1 , . . . , θn are also modal formulas, we define
φ[θ1 /p1 , . . . , θn /pn ] as the result of simultaneously substituting each θi for pi
in φ. Formally, this is a definition by induction on φ:
1. φ ≡ ⊥: φ[θ1 /p1 , . . . , θn /pn ] is ⊥.
2. φ ≡ ⊤: φ[θ1 /p1 , . . . , θn /pn ] is ⊤.
3. φ ≡ q: φ[θ1 /p1 , . . . , θn /pn ] is q, provided q ̸≡ pi for i = 1, . . . , n.
4. φ ≡ pi : φ[θ1 /p1 , . . . , θn /pn ] is θi .
5. φ ≡ ¬ψ: φ[θ1 /p1 , . . . , θn /pn ] is ¬ψ[θ1 /p1 , . . . , θn /pn ].

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 5

 6. φ ≡ (ψ ∧ χ): φ[θ1 /p1 , . . . , θn /pn ] is

(ψ[θ1 /p1 , . . . , θn /pn ] ∧ χ[θ1 /p1 , . . . , θn /pn ]).

7. φ ≡ (ψ ∨ χ): φ[θ1 /p1 , . . . , θn /pn ] is

(ψ[θ1 /p1 , . . . , θn /pn ] ∨ χ[θ1 /p1 , . . . , θn /pn ]).

8. φ ≡ (ψ → χ): φ[θ1 /p1 , . . . , θn /pn ] is

(ψ[θ1 /p1 , . . . , θn /pn ] → χ[θ1 /p1 , . . . , θn /pn ]).

9. φ ≡ (ψ ↔ χ): φ[θ1 /p1 , . . . , θn /pn ] is

(ψ[θ1 /p1 , . . . , θn /pn ] ↔ χ[θ1 /p1 , . . . , θn /pn ]).

10. φ ≡ □ψ: φ[θ1 /p1 , . . . , θn /pn ] is □ψ[θ1 /p1 , . . . , θn /pn ].

11. φ ≡ ♢ψ: φ[θ1 /p1 , . . . , θn /pn ] is ♢ψ[θ1 /p1 , . . . , θn /pn ].

The formula φ[θ1 /p1 , . . . , θn /pn ] is called a substitution instance of φ.

Example 1.4. Suppose φ is p1 → □(p1 ∧ p2 ), θ1 is ♢(p2 → p3 ) and θ2 is ¬□p1 .

Then φ[θ1 /p1 , θ2 /p2 ] is

♢(p2 → p3 ) → □(♢(p2 → p3 ) ∧ ¬□p1 )

while φ[θ2 /p1 , θ1 /p2 ] is

¬□p1 → □(¬□p1 ∧ ♢(p2 → p3 ))

Note that simultaneous substitution is in general not the same as iterated

substitution, e.g., compare φ[θ1 /p1 , θ2 /p2 ] above with (φ[θ1 /p1 ])[θ2 /p2 ], which
is:

♢(p2 → p3 ) → □(♢(p2 → p3 ) ∧ p2 )[¬□p1 /p2 ], i.e.,

♢(¬□p1 → p3 ) → □(♢(¬□p1 → p3 ) ∧ ¬□p1 )

and with (φ[θ2 /p2 ])[θ1 /p1 ]:

p1 → □(p1 ∧ ¬□p1 )[♢(p2 → p3 )/p1 ], i.e.,

♢(p2 → p3 ) → □(♢(p2 → p3 ) ∧ ¬□♢(p2 → p3 )).

6 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 p
w2
q

p
w1
¬q

¬p
w3
¬q

Figure 1.1: A simple model.

nml:syn:rel:
fig:simple
1.4 Relational Models
nml:syn:rel: The basic concept of semantics for normal modal logics is that of a relational
sec
model. It consists of a set of worlds, which are related by a binary “accessibility
relation,” together with an assignment which determines which propositional
variables count as “true” at which worlds.
Definition 1.5. A model for the basic modal language is a triple M = ⟨W, R, V ⟩,
where
1. W is a nonempty set of “worlds,”
2. R is a binary accessibility relation on W , and
3. V is a function assigning to each propositional variable p a set V (p) of
possible worlds.
When Rww′ holds, we say that w′ is accessible from w. When w ∈ V (p) we
say p is true at w.

The great advantage of relational semantics is that models can be repre-

sented by means of simple diagrams, such as the one in Figure 1.1. Worlds are
represented by nodes, and world w′ is accessible from w precisely when there is
an arrow from w to w′ . Moreover, we label a node (world) by p when w ∈ V (p),
and otherwise by ¬p. Figure 1.1 represents the model with W = {w1 , w2 , w3 },
R = {⟨w1 , w2 ⟩, ⟨w1 , w3 ⟩}, V (p) = {w1 , w2 }, and V (q) = {w2 }.

1.5 Truth at a World

nml:syn:trw: Every modal model determines which modal formulas count as true at which
sec
worlds in it. The relation “model M makes formula φ true at world w” is the
basic notion of relational semantics. The relation is defined inductively and
coincides with the usual characterization using truth tables for the non-modal
operators.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 7

Definition 1.6. Truth of a formula φ at w in a M, in symbols: M, w ⊩ φ, is nml:syn:trw:
defn:mmodels
defined inductively as follows:

1. φ ≡ ⊥: Never M, w ⊩ ⊥.

2. φ ≡ ⊤: Always M, w ⊩ ⊤.

3. M, w ⊩ p iff w ∈ V (p).

4. φ ≡ ¬ψ: M, w ⊩ φ iff M, w ⊮ ψ.

5. φ ≡ (ψ ∧ χ): M, w ⊩ φ iff M, w ⊩ ψ and M, w ⊩ χ.

6. φ ≡ (ψ ∨ χ): M, w ⊩ φ iff M, w ⊩ ψ or M, w ⊩ χ (or both).

7. φ ≡ (ψ → χ): M, w ⊩ φ iff M, w ⊮ ψ or M, w ⊩ χ.

8. φ ≡ (ψ ↔ χ): M, w ⊩ φ iff either both M, w ⊩ ψ and M, w ⊩ χ or

neither M, w ⊩ ψ nor M, w ⊩ χ.

9. φ ≡ □ψ: M, w ⊩ φ iff M, w′ ⊩ ψ for all w′ ∈ W with Rww′ . nml:syn:trw:

defn:sub:mmodels-box
10. φ ≡ ♢ψ: M, w ⊩ φ iff M, w′ ⊩ ψ for at least one w′ ∈ W with Rww′ . nml:syn:trw:
defn:sub:mmodels-diamond

Note that by clause (9), a formula □ψ is true at w whenever there are

no w′ with Rww′ . In such a case □ψ is vacuously true at w. Also, □ψ may
be satisfied at w even if ψ is not. The truth of ψ at w does not guarantee the
truth of ♢ψ at w. This holds, however, if Rww, e.g., if R is reflexive. If there
is no w′ such that Rww′ , then M, w ⊮ ♢φ, for any φ.

Problem 1.1. Consider the model of Figure 1.1. Which of the following hold?

1. M, w1 ⊩ q;

2. M, w3 ⊩ ¬q;

3. M, w1 ⊩ p ∨ q;

4. M, w1 ⊩ □(p ∨ q);

5. M, w3 ⊩ □q;

6. M, w3 ⊩ □⊥;

7. M, w1 ⊩ ♢q;

8. M, w1 ⊩ □q;

9. M, w1 ⊩ ¬□□¬q.

Proposition 1.7. nml:syn:trw:

prop:dual
1. M, w ⊩ □φ iff M, w ⊩ ¬♢¬φ.

8 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 2. M, w ⊩ ♢φ iff M, w ⊩ ¬□¬φ.

Proof. 1. M, w ⊩ ¬♢¬φ iff M ⊮ ♢¬φ by definition of M, w ⊩. M, w ⊩ ♢¬φ

iff for some w′ with Rww′ , M, w′ ⊩ ¬φ. Hence, M, w ⊮ ♢¬φ iff for all
w′ with Rww′ , M, w′ ⊮ ¬φ. We also have M, w′ ⊮ ¬φ iff M, w′ ⊩ φ.
Together we have M, w ⊩ ¬♢¬φ iff for all w′ with Rww′ , M, w′ ⊩ φ.
Again by definition of M, w ⊩, that is the case iff M, w ⊩ □φ.
2. M, w ⊩ ¬□¬φ iff M ⊮ □¬φ. M, w ⊩ □¬φ iff for all w′ with Rww′ ,
M, w′ ⊩ ¬φ. Hence, M, w ⊮ □¬φ iff for some w′ with Rww′ , M, w′ ⊮ ¬φ.
We also have M, w′ ⊮ ¬φ iff M, w′ ⊩ φ. Together we have M, w ⊩ ¬□¬φ
iff for some w′ with Rww′ , M, w′ ⊩ φ. Again by definition of M, w ⊩,
that is the case iff M, w ⊩ ♢φ.

Problem 1.2. Complete the proof of Proposition 1.7.

Problem 1.3. Let M = ⟨W, R, V ⟩ be a model, and suppose w1 , w2 ∈ W are

such that:
1. w1 ∈ V (p) if and only if w2 ∈ V (p); and
2. for all w ∈ W : Rw1 w if and only if Rw2 w.
Using induction on formulas, show that for all formulas φ: M, w1 ⊩ φ if and
only if M, w2 ⊩ φ.

Problem 1.4. Let M = ⟨W, R, V ⟩. Show that M, w ⊩ ¬♢φ if and only if

M, w ⊩ □¬φ.

1.6 Truth in a Model

nml:syn:tru: Sometimes we are interested which formulas are true at every world in a given
sec
model. Let’s introduce a notation for this.
Definition 1.8. A formula φ is true in a model M = ⟨W, R, V ⟩, written M ⊩
φ, if and only if M, w ⊩ φ for every w ∈ W .

nml:syn:tru: Proposition 1.9.

prop:truthfacts
1. If M ⊩ φ then M ⊮ ¬φ, but not vice-versa.
2. If M ⊩ φ → ψ then M ⊩ φ only if M ⊩ ψ, but not vice-versa.

Proof. 1. If M ⊩ φ then φ is true at all worlds in W , and since W ̸= ∅, it

can’t be that M ⊩ ¬φ, or else φ would have to be both true and false at
some world.
On the other hand, if M ⊮ ¬φ then φ is true at some world w ∈ W . It
does not follow that M, w ⊩ φ for every w ∈ W . For instance, in the
model of Figure 1.1, M ⊮ ¬p, and also M ⊮ p.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 9

 2. Assume M ⊩ φ → ψ and M ⊩ φ; to show M ⊩ ψ let w ∈ W be an
arbitrary world. Then M, w ⊩ φ → ψ and M, w ⊩ φ, so M, w ⊩ ψ, and
since w was arbitrary, M ⊩ ψ.
To show that the converse fails, we need to find a model M such that
M ⊩ φ only if M ⊩ ψ, but M ⊮ φ → ψ. Consider again the model of
Figure 1.1: M ⊮ p and hence (vacuously) M ⊩ p only if M ⊩ q. However,
M ⊮ p → q, as p is true but q false at w1 .

Problem 1.5. Consider the following model M for the language comprising
p1 , p2 , p3 as the only propositional variables:

p1 p1
¬p2 w1 w3 p2
¬p3 p3

p1
w2 p2
¬p3

Are the following formulas and schemas true in the model M, i.e., true at every
world in M? Explain.

1. p → ♢p (for p atomic);

2. φ → ♢φ (for φ arbitrary);

3. □p → p (for p atomic);

4. ¬p → ♢□p (for p atomic);

5. ♢□φ (for φ arbitrary);

6. □♢p (for p atomic).

1.7 Validity
explanation Formulas that are true in all models, i.e., true at every world in every model, nml:syn:val:
sec
are particularly interesting. They represent those modal propositions which are
true regardless of how □ and ♢ are interpreted, as long as the interpretation
is “normal” in the sense that it is generated by some accessibility relation on
possible worlds. We call such formulas valid. For instance, □(p ∧ q) → □p is
valid. Some formulas one might expect to be valid on the basis of the alethic
interpretation of □, such as □p → p, are not valid, however. Part of the interest
of relational models is that different interpretations of □ and ♢ can be captured
by different kinds of accessibility relations. This suggests that we should define
validity not just relative to all models, but relative to all models of a certain

10 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 kind. It will turn out, e.g., that □p → p is true in all models where every world
is accessible from itself, i.e., R is reflexive. Defining validity relative to classes
of models enables us to formulate this succinctly: □p → p is valid in the class
of reflexive models.
Definition 1.10. A formula φ is valid in a class C of models if it is true in
every model in C (i.e., true at every world in every model in C). If φ is valid
in C, we write C ⊨ φ, and we write ⊨ φ if φ is valid in the class of all models.

nml:syn:val: Proposition 1.11. If φ is valid in C it is also valid in each class C ′ ⊆ C.

prop:subset-class

nml:syn:val: Proposition 1.12. If φ is valid, then so is □φ.

prop:Nec-rule

Proof. Assume ⊨ φ. To show ⊨ □φ let M = ⟨W, R, V ⟩ be a model and w ∈ W .

If Rww′ then M, w′ ⊩ φ, since φ is valid, and so also M, w ⊩ □φ. Since M
and w were arbitrary, ⊨ □φ.

Problem 1.6. Show that the following are valid:

1. ⊨ □p → □(q → p);
2. ⊨ □¬⊥;
3. ⊨ □p → (□q → □p).

Problem 1.7. Show that φ → □φ is valid in the class C of models M =

⟨W, R, V ⟩ where W = {w}. Similarly, show that ψ → □φ and ♢φ → ψ are valid
in the class of models M = ⟨W, R, V ⟩ where R = ∅.

1.8 Tautological Instances

nml:syn:tau: A modal-free formula is a tautology if it is true under every truth-value assign- explanation
sec
ment. Clearly, every tautology is true at every world in every model. But for
formulas involving □ and ♢, the notion of tautology is not defined. Is it the
case, e.g., that □p ∨ ¬□p—an instance of the principle of excluded middle—is
valid? The notion of a tautological instance helps: a formula that is a substitu-
tion instance of a (non-modal) tautology. It is not surprising, but still requires
proof, that every tautological instance is valid.
Definition 1.13. A modal formula ψ is a tautological instance if and only if
there is a modal-free tautology φ with propositional variables p1 , . . . , pn and
formulas θ1 , . . . , θn such that ψ ≡ φ[θ1 /p1 , . . . , θn /pn ].

nml:syn:tau: Lemma 1.14. Suppose φ is a modal-free formula whose propositional vari-

lem:valid-taut
ables are p1 , . . . , pn , and let θ1 , . . . , θn be modal formulas. Then for any
assignment v, any model M = ⟨W, R, V ⟩, and any w ∈ W such that v(pi ) = T if
and only if M, w ⊩ θi we have that v ⊨ φ if and only if M, w ⊩ φ[θ1 /p1 , . . . , θn /pn ].

Proof. By induction on φ.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 11

 1. φ ≡ ⊥: Both v ⊭ ⊥ and M, w ⊮ ⊥.

2. φ ≡ ⊤: Both v ⊨ ⊤ and M, w ⊩ ⊤.

3. φ ≡ pi :

v ⊨ pi ⇔ v(pi ) = T
by definition of v ⊨ pi
⇔ M, w ⊩ θi
by assumption
⇔ M, w ⊩ pi [θ1 /p1 , . . . , θn /pn ]
since pi [θ1 /p1 , . . . , θn /pn ] ≡ θi .

4. φ ≡ ¬ψ:

v ⊨ ¬ψ ⇔ v ⊭ ψ
by definition of v ⊨;
⇔ M, w ⊮ ψ[θ1 /p1 , . . . , θn /pn ]
by induction hypothesis
⇔ M, w ⊩ ¬ψ[θ1 /p1 , . . . , θn /pn ]
by definition of v ⊨.

5. φ ≡ (ψ ∧ χ):

v ⊨ ψ ∧ χ ⇔ v ⊨ ψ and v ⊨ χ
by definition of v ⊨
⇔ M, w ⊩ ψ[θ1 /p1 , . . . , θn /pn ] and
M, w ⊩ χ[θ1 /p1 , . . . , θn /pn ]
by induction hypothesis
⇔ M, w ⊩ (ψ ∧ χ)[θ1 /p1 , . . . , θn /pn ]
by definition of M, w ⊩.

6. φ ≡ (ψ ∨ χ):

v ⊨ ψ ∨ χ ⇔ v ⊨ ψ or v ⊨ χ
by definition of v ⊨;
⇔ M, w ⊩ ψ[θ1 /p1 , . . . , θn /pn ] or
M, w ⊩ χ[θ1 /p1 , . . . , θn /pn ]
by induction hypothesis
⇔ M, w ⊩ (ψ ∨ χ)[θ1 /p1 , . . . , θn /pn ]
by definition of M, w ⊩.

12 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 7. φ ≡ (ψ → χ):

v ⊨ ψ → χ ⇔ v ⊭ ψ or v ⊨ χ
by definition of v ⊨
⇔ M, w ⊮ ψ[θ1 /p1 , . . . , θn /pn ] or
M, w ⊩ χ[θ1 /p1 , . . . , θn /pn ]
by induction hypothesis
⇔ M, w ⊩ (ψ → χ)[θ1 /p1 , . . . , θn /pn ]
by definition of M, w ⊩.

8. φ ≡ (ψ ↔ χ):

v ⊨ ψ → χ ⇔ either v ⊨ ψ and v ⊨ χ
or v ⊭ ψ and v ⊭ χ
by definition of v ⊨
⇔ either M, w ⊩ ψ[θ1 /p1 , . . . , θn /pn ] and
M, w ⊩ χ[θ1 /p1 , . . . , θn /pn ]
or M, w ⊮ ψ[θ1 /p1 , . . . , θn /pn ] and
M, w ⊮ χ[θ1 /p1 , . . . , θn /pn ]
by induction hypothesis
⇔ M, w ⊩ (ψ ↔ χ)[θ1 /p1 , . . . , θn /pn ]
by definition of M, w ⊩.

nml:syn:tau: Proposition 1.15. All tautological instances are valid.

prop:valid-taut

Proof. Contrapositively, suppose φ is such that M, w ⊮ φ[θ1 /p1 , . . . , θn /pn ],

for some model M and world w. Define an assignment v such that v(pi ) = T
if and only if M, w ⊩ θi (and v assigns arbitrary values to q ∈
/ {p1 , . . . , pn }).
Then by Lemma 1.14, v ⊭ φ, so φ is not a tautology.

1.9 Schemas and Validity

nml:syn:sch:
sec
Definition 1.16. A schema is a set of formulas comprising all and only the
substitution instances of some modal formula χ, i.e.,

{ψ : ∃θ1 , . . . , ∃θn (ψ = χ[θ1 /p1 , . . . , θn /pn ])}.

The formula χ is called the characteristic formula of the schema, and it is

unique up to a renaming of the propositional variables. A formula φ is an
instance of a schema if it is a member of the set.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 13

 It is convenient to denote a schema by the meta-linguistic expression ob-
tained by substituting ‘φ’, ‘ψ’, . . . , for the atomic components of χ. So, for
instance, the following denote schemas: ‘φ’, ‘φ → □φ’, ‘φ → (ψ → φ)’. They
correspond to the characteristic formulas p, p → □p, p → (q → p). The schema
‘φ’ denotes the set of all formulas.

Definition 1.17. A schema is true in a model if and only if all of its instances
are; and a schema is valid if and only if it is true in every model.

Proposition 1.18. The following schema K is valid nml:syn:sch:

prop:Kvalid

□(φ → ψ) → (□φ → □ψ). (K)

Proof. We need to show that all instances of the schema are true at every world
in every model. So let M = ⟨W, R, V ⟩ and w ∈ W be arbitrary. To show that
a conditional is true at a world we assume the antecedent is true to show that
consequent is true as well. In this case, let M, w ⊩ □(φ → ψ) and M, w ⊩ □φ.
We need to show M ⊩ □ψ. So let w′ be arbitrary such that Rww′ . Then by
the first assumption M, w′ ⊩ φ → ψ and by the second assumption M, w′ ⊩ φ.
It follows that M, w′ ⊩ ψ. Since w′ was arbitrary, M, w ⊩ □ψ.

Proposition 1.19. The following schema dual is valid nml:syn:sch:

prop:Dual-valid

♢φ ↔ ¬□¬φ. (dual)

Proof. Exercise.

Problem 1.8. Prove Proposition 1.19.

Proposition 1.20. If φ and φ → ψ are true at a world in a model then so is nml:syn:sch:

prop:soundMP
ψ. Hence, the valid formulas are closed under modus ponens.

Proposition 1.21. A formula φ is valid iff all its substitution instances are. nml:syn:sch:
prop:valid-instances
In other words, a schema is valid iff its characteristic formula is.

Proof. The “if” direction is obvious, since φ is a substitution instance of itself.

To prove the “only if” direction, we show the following: Suppose M =
⟨W, R, V ⟩ is a modal model, and ψ ≡ φ[θ1 /p1 , . . . , θn /pn ] is a substitution
instance of φ. Define M′ = ⟨W, R, V ′ ⟩ by V ′ (pi ) = {w : M, w ⊩ θi }. Then
M, w ⊩ ψ iff M′ , w ⊩ φ, for any w ∈ W . (We leave the proof as an exercise.)
Now suppose that φ was valid, but some substitution instance ψ of φ was not
valid. Then for some M = ⟨W, R, V ⟩ and some w ∈ W , M, w ⊮ ψ. But then
M′ , w ⊮ φ by the claim, and φ is not valid, a contradiction.

Problem 1.9. Prove the claim in the “only if” part of the proof of Proposi-
tion 1.21. (Hint: use induction on φ.)

14 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Valid Schemas Invalid Schemas
□(φ → ψ) → (♢φ → ♢ψ) □(φ ∨ ψ) → (□φ ∨ □ψ)
♢(φ → ψ) → (□φ → ♢ψ) (♢φ ∧ ♢ψ) → ♢(φ ∧ ψ)
□(φ ∧ ψ) ↔ (□φ ∧ □ψ) φ → □φ
□φ → □(ψ → φ) □♢φ → ψ
¬♢φ → □(φ → ψ) □□φ → □φ
♢(φ ∨ ψ) ↔ (♢φ ∨ ♢ψ) □♢φ → ♢□φ.
Table 1.1: Valid and (or?) invalid schemas.
nml:syn:sch:
tab:valid-invalidSchemas
Note, however, that it is not true that a schema is true in a model iff its
characteristic formula is. Of course, the “only if” direction holds: if every
instance of φ is true in M, φ itself is true in M. But it may happen that φ is
true in M but some instance of φ is false at some world in M. For a very simple
counterexample consider p in a model with only one world w and V (p) = {w},
so that p is true at w. But ⊥ is an instance of p, and not true at w.

Problem 1.10. Show that none of the following formulas are valid:

D: □p → ♢p;

T: □p → p;

B: p → □♢p;

4: □p → □□p;

5: ♢p → □♢p.

Problem 1.11. Prove that the schemas in the first column of Table 1.1 are
valid and those in the second column are not valid.

Problem 1.12. Decide whether the following schemas are valid or invalid:

1. (♢φ → □ψ) → (□φ → □ψ);

2. ♢(φ → ψ) ∨ □(ψ → φ).

Problem 1.13. For each of the following schemas find a model M such that
every instance of the formula is true in M:

1. p → ♢♢p;

2. ♢p → □p.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 15

 w2 p w3 p

w1 ¬p

Figure 1.2: Counterexample to p → ♢p ⊨ □p → p.

nml:syn:ent:
fig:counterex
1.10 Entailment
explanation With the definition of truth at a world, we can define an entailment relation nml:syn:ent:
sec
between formulas. A formula ψ entails φ iff, whenever ψ is true, φ is true as
well. Here, “whenever” means both “whichever model we consider” as well as
“whichever world in that model we consider.”

Definition 1.22. If Γ is a set of formulas and φ a formula, then Γ entails φ,

in symbols: Γ ⊨ φ, if and only if for every model M = ⟨W, R, V ⟩ and world
w ∈ W , if M, w ⊩ ψ for every ψ ∈ Γ , then M, w ⊩ φ. If Γ contains a single
formula ψ, then we write ψ ⊨ φ.

Example 1.23. To show that a formula entails another, we have to reason

about all models, using the definition of M, w ⊩. For instance, to show p→♢p ⊨
□¬p → ¬p, we might argue as follows: Consider a model M = ⟨W, R, V ⟩ and
w ∈ W , and suppose M, w ⊩ p → ♢p. We have to show that M, w ⊩ □¬p → ¬p.
Suppose not. Then M, w ⊩ □¬p and M, w ⊮ ¬p. Since M, w ⊮ ¬p, M, w ⊩ p.
By assumption, M, w ⊩ p → ♢p, hence M, w ⊩ ♢p. By definition of M, w ⊩ ♢p,
there is some w′ with Rww′ such that M, w′ ⊩ p. Since also M, w ⊩ □¬p,
M, w′ ⊩ ¬p, a contradiction.
To show that a formula ψ does not entail another φ, we have to give a
counterexample, i.e., a model M = ⟨W, R, V ⟩ where we show that at some
world w ∈ W , M, w ⊩ ψ but M, w ⊮ φ. Let’s show that p → ♢p ⊭ □p → p.
Consider the model in Figure 1.2. We have M, w1 ⊩ ♢p and hence M, w1 ⊩
p → ♢p. However, since M, w1 ⊩ □p but M, w1 ⊮ p, we have M, w1 ⊮ □p → p.
Often very simple counterexamples suffice. The model M′ = {W ′ , R′ , V ′ }
with W ′ = {w}, R′ = ∅, and V ′ (p) = ∅ is also a counterexample: Since
M′ , w ⊮ p, M′ , w ⊩ p → ♢p. As no worlds are accessible from w, we have
M′ , w ⊩ □p, and so M′ , w ⊮ □p → p.

Problem 1.14. Show that □(φ ∧ ψ) ⊨ □φ.

Problem 1.15. Show that □(p → q) ⊭ p → □q and p → □q ⊭ □(p → q).

16 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Chapter 2

Frame Definability

2.1 Introduction
nml:frd:int:
sec
One question that interests modal logicians is the relationship between the
accessibility relation and the truth of certain formulas in models with that ac-
cessibility relation. For instance, suppose the accessibility relation is reflexive,
i.e., for every w ∈ W , Rww. In other words, every world is accessible from
itself. That means that when □φ is true at a world w, w itself is among the
accessible worlds at which φ must therefore be true. So, if the accessibility
relation R of M is reflexive, then whatever world w and formula φ we take,
□φ → φ will be true there (in other words, the schema □p → p and all its
substitution instances are true in M).
The converse, however, is false. It’s not the case, e.g., that if □p → p is
true in M, then R is reflexive. For we can easily find a non-reflexive model M
where □p → p is true at all worlds: take the model with a single world w,
not accessible from itself, but with w ∈ V (p). By picking the truth value of p
suitably, we can make □φ → φ true in a model that is not reflexive.
The solution is to remove the variable assignment V from the equation. If
we require that □p→p is true at all worlds in M, regardless of which worlds are
in V (p), then it is necessary that R is reflexive. For in any non-reflexive model,
there will be at least one world w such that not Rww. If we set V (p) = W \{w},
then p will be true at all worlds other than w, and so at all worlds accessible
from w (since w is guaranteed not to be accessible from w, and w is the only
world where p is false). On the other hand, p is false at w, so □p → p is false
at w.
This suggests that we should introduce a notation for model structures with-
out a valuation: we call these frames. A frame F is simply a pair ⟨W, R⟩ con-
sisting of a set of worlds with an accessibility relation. Every model ⟨W, R, V ⟩
is then, as we say, based on the frame ⟨W, R⟩. Conversely, a frame determines
the class of models based on it; and a class of frames determines the class of
models which are based on any frame in the class. And we can define F ⊨ φ,
the notion of a formula being valid in a frame as: M ⊩ φ for all M based on F.

17
 If R is . . . then . . . is true in M:
serial : ∀u∃vRuv □p → ♢p (D)
reflexive: ∀wRww □p → p (T)
symmetric: p → □♢p (B)
∀u∀v(Ruv → Rvu)
transitive: □p → □□p (4)
∀u∀v∀w((Ruv ∧ Rvw) → Ruw)
euclidean: ♢p → □♢p (5)
∀w∀u∀v((Rwu ∧ Rwv) → Ruv)
Table 2.1: Five correspondence facts.
nml:frd:acc:
tab:five
With this notation, we can establish correspondence relations between for-
mulas and classes of frames: e.g., F ⊨ □p → p if, and only if, F is reflexive.

2.2 Properties of Accessibility Relations

Many modal formulas turn out to be characteristic of simple, and even familiar, nml:frd:acc:
sec
properties of the accessibility relation. In one direction, that means that any
model that has a given property makes a corresponding formula (and all its
substitution instances) true. We begin with five classical examples of kinds of
accessibility relations and the formulas the truth of which they guarantee.

Theorem 2.1. Let M = ⟨W, R, V ⟩ be a model. If R has the property on the nml:frd:acc:
thm:soundschemas
left side of Table 2.1, every instance of the formula on the right side is true
in M.

Proof. Here is the case for B: to show that the schema is true in a model we
need to show that all of its instances are true at all worlds in the model. So
let φ → □♢φ be a given instance of B, and let w ∈ W be an arbitrary world.
Suppose the antecedent φ is true at w, in order to show that □♢φ is true at
w. So we need to show that ♢φ is true at all w′ accessible from w. Now, for
any w′ such that Rww′ we have, using the hypothesis of symmetry, that also
Rw′ w (see Figure 2.1). Since M, w ⊩ φ, we have M, w′ ⊩ ♢φ. Since w′ was an
arbitrary world such that Rww′ , we have M, w ⊩ □♢φ.
We leave the other cases as exercises.

Problem 2.1. Complete the proof of Theorem 2.1.

Notice that the converse implications of Theorem 2.1 do not hold: it’s not
true that if a model verifies a schema, then the accessibility relation of that
model has the corresponding property. In the case of T and reflexive models, it
is easy to give an example of a model in which T itself fails: let W = {w} and
V (p) = ∅. Then R is not reflexive, but M, w ⊩ □p and M, w ⊮ p. But here we
have just a single instance of T that fails in M, other instances, e.g., □¬p → ¬p

18 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 w w′
⊩φ ⊩ ♢φ
⊩ □♢φ

Figure 2.1: The argument from symmetry.

nml:frd:acc:
fig:Bsymm
are true. It is harder to give examples where every substitution instance of T
is true in M and M is not reflexive. But there are such models, too:

nml:frd:acc: Proposition 2.2. Let M = ⟨W, R, V ⟩ be a model such that W = {u, v}, where
prop:reflexive
worlds u and v are related by R: i.e., both Ruv and Rvu. Suppose that for all
p: u ∈ V (p) ⇔ v ∈ V (p). Then:

1. For all φ: M, u ⊩ φ if and only if M, v ⊩ φ (use induction on φ).

2. Every instance of T is true in M.

Since M is not reflexive (it is, in fact, irreflexive), the converse of Theorem 2.1
fails in the case of T (similar arguments can be given for some—though not
all—the other schemas mentioned in Theorem 2.1).

Problem 2.2. Prove the claims in Proposition 2.2.

Although we will focus on the five classical formulas D, T, B, 4, and 5,

we record in Table 2.2 a few more properties of accessibility relations. The
accessibility relation R is partially functional, if from every world at most
one world is accessible. If it is the case that from every world exactly one
world is accessible, we call it functional. (Thus the functional relations are
precisely those that are both serial and partially functional). They are called
“functional” because the accessibility relation operates like a (partial) function.
A relation is weakly dense if whenever Ruv, there is a w “between” u and v.
So weakly dense relations are in a sense the opposite of transitive relations: in
a transitive relation, whenever you can reach v from u by a detour via w, you
can reach v from u directly; in a weakly dense relation, whenever you can reach
v from u directly, you can also reach it by a detour via some w. A relation is
weakly directed if whenever you can reach worlds u and v from some world w,
you can reach a single world t from both u and v—this is sometimes called the
“diamond property” or “confluence.”

Problem 2.3. Let M = ⟨W, R, V ⟩ be a model. Show that if R satisfies the

left-hand properties of Table 2.2, every instance of the corresponding right-
hand formula is true in M.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 19

 If R is . . . then . . . is true in M:
partially functional :
♢p → □p
∀w∀u∀v((Rwu ∧ Rwv) → u = v)
functional : ∀w∃v∀u(Rwu ↔ u = v) ♢p ↔ □p
weakly dense:
□□p → □p
∀u∀v(Ruv → ∃w(Ruw ∧ Rwv))
weakly connected :
□((p ∧ □p) → q) ∨
∀w∀u∀v((Rwu ∧ Rwv) → (L)
□((q ∧ □q) → p)
(Ruv ∨ u = v ∨ Rvu))
weakly directed :
∀w∀u∀v((Rwu ∧ Rwv) → ♢□p → □♢p (G)
∃t(Rut ∧ Rvt))
Table 2.2: Five more correspondence facts.
nml:frd:acc:
tab:anotherfive
2.3 Frames
nml:frd:fra:
sec
Definition 2.3. A frame is a pair F = ⟨W, R⟩ where W is a non-empty set
of worlds and R a binary relation on W . A model M is based on a frame
F = ⟨W, R⟩ if and only if M = ⟨W, R, V ⟩ for some valuation V .

Definition 2.4. If F is a frame, we say that φ is valid in F, F ⊨ φ, if M ⊩ φ

for every model M based on F.
If F is a class of frames, we say φ is valid in F, F ⊨ φ, iff F ⊨ φ for every
frame F ∈ F.

The reason frames are interesting is that correspondence between schemas

and properties of the accessibility relation R is at the level of frames, not of
models. For instance, although T is true in all reflexive models, not every model
in which T is true is reflexive. However, it is true that not only is T valid on
all reflexive frames, also every frame in which T is valid is reflexive.

Remark 1. Validity in a class of frames is a special case of the notion of validity

in a class of models: F ⊨ φ iff C ⊨ φ where C is the class of all models based
on a frame in F.
Obviously, if a formula or a schema is valid, i.e., valid with respect to the
class of all models, it is also valid with respect to any class F of frames.

2.4 Frame Definability

Even though the converse implications of Theorem 2.1 fail, they hold if we nml:frd:def:
sec
replace “model” by “frame”: for the properties considered in Theorem 2.1, it
is true that if a formula is valid in a frame then the accessibility relation of

20 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 that frame has the corresponding property. So, the formulas considered define
the classes of frames that have the corresponding property.

Definition 2.5. If F is a class of frames, we say φ defines F iff F ⊨ φ for all

and only frames F ∈ F.

We now proceed to establish the full definability results for frames.

nml:frd:def: Theorem 2.6. If the formula on the right side of Table 2.1 is valid in a
thm:fullCorrespondence
frame F, then F has the property on the left side.

Proof. 1. Suppose D is valid in F = ⟨W, R⟩, i.e., F ⊨ □p → ♢p. Let M =

⟨W, R, V ⟩ be a model based on F, and w ∈ W . We have to show that there
is a v such that Rwv. Suppose not: then both M ⊩ □φ and M, w ⊮ ♢φ
for any φ, including p. But then M, w ⊮ □p → ♢p, contradicting the
assumption that F ⊨ □p → ♢p.

2. Suppose T is valid in F, i.e., F ⊨ □p → p. Let w ∈ W be an arbitrary

world; we need to show Rww. Let u ∈ V (p) if and only if Rwu (when q
is other than p, V (q) is arbitrary, say V (q) = ∅). Let M = ⟨W, R, V ⟩. By
construction, for all u such that Rwu: M, u ⊩ p, and hence M, w ⊩ □p.
But by hypothesis □p→p is true at w, so that M, w ⊩ p, but by definition
of V this is possible only if Rww.

3. We prove the contrapositive: Suppose F is not symmetric, we show that

B, i.e., p → □♢p is not valid in F = ⟨W, R⟩. If F is not symmetric, there
are u, v ∈ W such that Ruv but not Rvu. Define V such that w ∈ V (p) if
and only if not Rvw (and V is arbitrary otherwise). Let M = ⟨W, R, V ⟩.
Now, by definition of V , M, w ⊩ p for all w such that not Rvw, in
particular, M, u ⊩ p since not Rvu. Also, since Rvw iff w ∈ / V (p), there
is no w such that Rvw and M, w ⊩ p, and hence M, v ⊮ ♢p. Since Ruv,
also M, u ⊮ □♢p. It follows that M, u ⊮ p → □♢p, and so B is not valid
in F.

4. Suppose 4 is valid in F = ⟨W, R⟩, i.e., F ⊨ □p → □□p, and let u, v,

w ∈ W be arbitrary worlds such that Ruv and Rvw; we need to show
that Ruw. Define V such that z ∈ V (p) if and only if Ruz (and V is
arbitrary otherwise). Let M = ⟨W, R, V ⟩. By definition of V , M, z ⊩ p
for all z such that Ruz, and hence M, u ⊩ □p. But by hypothesis 4,
□p → □□p, is true at u, so that M, u ⊩ □□p. Since Ruv and Rvw, we
have M, w ⊩ p, but by definition of V this is possible only if Ruw, as
desired.

5. We proceed contrapositively, assuming that the frame F = ⟨W, R⟩ is not

euclidean, and show that it falsifies 5, i.e., F ⊭ ♢p → □♢p. Suppose there
are worlds u, v, w ∈ W such that Rwu and Rwv but not Ruv. Define
V such that for all worlds z, z ∈ V (p) if and only if it is not the case
that Ruz. Let M = ⟨W, R, V ⟩. Then by hypothesis M, v ⊩ p and since

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 21

 Rwv also M, w ⊩ ♢p. However, there is no world y such that Ruy and
M, y ⊩ p so M, u ⊮ ♢p. Since Rwu, it follows that M, w ⊮ □♢p, so that
5, ♢p → □♢p, fails at w.

You’ll notice a difference between the proof for D and the other cases: no
mention was made of the valuation V . In effect, we proved that if M ⊩ D then
M is serial. So D defines the class of serial models, not just frames.

Corollary 2.7. Any model where D is true is serial. nml:frd:def:

prop:D-serial

Corollary 2.8. Each formula on the right side of Table 2.1 defines the class
of frames which have the property on the left side.

Proof. In Theorem 2.1, we proved that if a model has the property on the left,
the formula on the right is true in it. Thus, if a frame F has the property on
the left, the formula on the right is valid in F. In Theorem 2.6, we proved the
converse implications: if a formula on the right is valid in F, F has the property
on the left.

Problem 2.4. Show that if the formula on the right side of Table 2.2 is valid
in a frame F, then F has the property on the left side. To do this, consider a
frame that does not satisfy the property on the left, and define a suitable V
such that the formula on the right is false at some world.

Theorem 2.6 also shows that the properties can be combined: for instance
if both B and 4 are valid in F then the frame is both symmetric and transitive,
etc. Many important modal logics are characterized as the set of formulas valid
in all frames that combine some frame properties, and so we can characterize
them as the set of formulas valid in all frames in which the corresponding
defining formulas are valid. For instance, the classical system S4 is the set of
all formulas valid in all reflexive and transitive frames, i.e., in all those where
both T and 4 are valid. S5 is the set of all formulas valid in all reflexive,
symmetric, and euclidean frames, i.e., all those where all of T, B, and 5 are
valid.
Logical relationships between properties of R in general correspond to re-
lationships between the corresponding defining formulas. For instance, every
reflexive relation is serial; hence, whenever T is valid in a frame, so is D. (Note
that this relationship is not that of entailment. It is not the case that whenever
M, w ⊩ T then M, w ⊩ D.) We record some such relationships.

Proposition 2.9. Let R be a binary relation on a set W ; then: nml:frd:def:

prop:relation-facts
1. If R is reflexive, then it is serial.

2. If R is symmetric, then it is transitive if and only if it is euclidean.

3. If R is symmetric or euclidean then it is weakly directed (it has the “di-

amond property”).

22 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 4. If R is euclidean then it is weakly connected.
5. If R is functional then it is serial.

Problem 2.5. Prove Proposition 2.9.

2.5 First-order Definability

nml:frd:fol: We’ve seen that a number of properties of accessibility relations of frames
sec
can be defined by modal formulas. For instance, symmetry of frames can be
defined by the formula B, p → □♢p. The conditions we’ve encountered so far
can all be expressed by first-order formulas in a language involving a single two-
place predicate symbol. For instance, symmetry is defined by ∀x ∀y (Q(x, y) →
Q(y, x)) in the sense that a first-order structure M with |M| = W and QM = R
satisfies the preceding formula iff R is symmetric. This suggests the following
definition:
Definition 2.10. A class F of frames is first-order definable if there is a sen-
tence φ in the first-order language with a single two-place predicate symbol Q
such that F = ⟨W, R⟩ ∈ F iff M ⊨ φ in the first-order structure M with
|M| = W and QM = R.

It turns out that the properties and modal formulas that define them con-
sidered so far are exceptional. Not every formula defines a first-order definable
class of frames, and not every first-order definable class of frames is definable
by a modal formula.
A counterexample to the first is given by the Löb formula:

□(□p → p) → □p. (W)

W defines the class of transitive and converse well-founded frames. A relation

is well-founded if there is no infinite sequence w1 , w2 , . . . such that Rw2 w1 ,
Rw3 w2 , . . . . For instance, the relation < on N is well-founded, whereas the
relation < on Z is not. A relation is converse well-founded iff its converse is
well-founded. So converse well-founded relations are those where there is no
infinite sequence w1 , w2 , . . . such that Rw1 w2 , Rw2 w3 , . . . .
There is, however, no first-order formula defining transitive converse well-
founded relations. For suppose M ⊨ β iff R = QM is transitive converse
well-founded. Let φn be the formula

(Q(a1 , a2 ) ∧ · · · ∧ Q(an−1 , an ))

Now consider the set of formulas

Γ = {β, φ1 , φ2 , . . . }.

Every finite subset of Γ is satisfiable: Let k be largest such that φk is in the

subset, |Mk | = {1, . . . , k}, aM
i
k
= i, and QMk =<. Since < on {1, . . . , k} is

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 23

transitive and converse well-founded, Mk ⊨ β. Mk ⊨ φi by construction, for
all i ≤ k. By the Compactness Theorem for first-order logic, Γ is satisfiable in
some structure M. By hypothesis, since M ⊨ β, the relation QM is converse
well-founded. But clearly, aM M
1 , a2 , . . . would form an infinite sequence of the
kind ruled out by converse well-foundedness.
A counterexample to the second claim is given by the property of univer-
sality: for every u and v, Ruv. Universal frames are first-order definable by
the formula ∀x ∀y Q(x, y). However, no modal formula is valid in all and only
the universal frames. This is a consequence of a result that is independently
interesting: the formulas valid in universal frames are exactly the same as those
valid in reflexive, symmetric, and transitive frames. There are reflexive, sym-
metric, and transitive frames that are not universal, hence every formula valid
in all universal frames is also valid in some non-universal frames.

2.6 Equivalence Relations and S5

The modal logic S5 is characterized as the set of formulas valid on all universal nml:frd:es5:
sec
frames, i.e., every world is accessible from every world, including itself. In such
a scenario, □ corresponds to necessity and ♢ to possibility: □φ is true if φ is
true at every world, and ♢φ is true if φ is true at some world. It turns out that
S5 can also be characterized as the formulas valid on all reflexive, symmetric,
and transitive frames, i.e., on all equivalence relations.
Definition 2.11. A binary relation R on W is an equivalence relation if and
only if it is reflexive, symmetric and transitive. A relation R on W is universal
if and only if Ruv for all u, v ∈ W .

Since T, B, and 4 characterize the reflexive, symmetric, and transitive

frames, the frames where the accessibility relation is an equivalence relation
are exactly those in which all three formulas are valid. It turns out that the
equivalence relations can also be characterized by other combinations of for-
mulas, since the conditions with which we’ve defined equivalence relations are
equivalent to combinations of other familiar conditions on R.
Proposition 2.12. The following are equivalent: nml:frd:es5:
prop:equivalences
1. R is an equivalence relation;
2. R is reflexive and euclidean;
3. R is serial, symmetric, and euclidean;
4. R is serial, symmetric, and transitive.

Proof. Exercise.

Problem 2.6. Prove Proposition 2.12 by showing:

1. If R is symmetric and transitive, it is euclidean.

24 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 2. If R is reflexive, it is serial.
3. If R is reflexive and euclidean, it is symmetric.
4. If R is symmetric and euclidean, it is transitive.
5. If R is serial, symmetric, and transitive, it is reflexive.
Explain why this suffices for the proof that the conditions are equivalent.

Proposition 2.12 is the semantic counterpart to Proposition 3.29, in that it

gives an equivalent characterization of the modal logic of frames over which R
is an equivalence relation (the logic traditionally referred to as S5).
What is the relationship between universal and equivalence relations? Al-
though every universal relation is an equivalence relation, clearly not every
equivalence relation is universal. However, the formulas valid on all universal
relations are exactly the same as those valid on all equivalence relations.
Proposition 2.13. Let R be an equivalence relation, and for each w ∈ W
define the equivalence class of w as the set [w] = {w′ ∈ W : Rww′ }. Then:
1. w ∈ [w];
2. R is universal on each equivalence class [w];
3. The collection of equivalence classes partitions W into mutually exclusive
and jointly exhaustive subsets.

nml:frd:es5: Proposition 2.14. A formula φ is valid in all frames F = ⟨W, R⟩ where R is

prop:S5=univ
an equivalence relation, if and only if it is valid in all frames F = ⟨W, R⟩ where
R is universal. Hence, the logic of universal frames is just S5.

Proof. It’s immediate to verify that a universal relation R on W is an equiva-

lence. Hence, if φ is valid in all frames where R is an equivalence it is valid in
all universal frames. For the other direction, we argue contrapositively: sup-
pose ψ is a formula that fails at a world w in a model M = ⟨W, R, V ⟩ based
on a frame ⟨W, R⟩, where R is an equivalence on W . So M, w ⊮ ψ. Define a
model M′ = ⟨W ′ , R′ , V ′ ⟩ as follows:
1. W ′ = [w];
2. R′ is universal on W ′ ;
3. V ′ (p) = V (p) ∩ W ′ .
(So the set W ′ of worlds in M′ is represented by the shaded area in Figure 2.2.)
It is easy to see that R and R′ agree on W ′ . Then one can show by induction
on formulas that for all w′ ∈ W ′ : M′ , w′ ⊩ φ if and only if M, w′ ⊩ φ for each
φ (this makes sense since W ′ ⊆ W ). In particular, M′ , w ⊮ ψ, and ψ fails in a
model based on a universal frame.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 25

 [w]

[z]

[u]
[v]

Figure 2.2: A partition of W in equivalence classes.

nml:frd:es5:
fig:partition
2.7 Second-order Definability
Not every frame property definable by modal formulas is first-order definable. nml:frd:st:
sec
However, if we allow quantification over one-place predicates (i.e., monadic
second-order quantification), we define all modally definable frame properties.
The trick is to exploit a systematic way in which the conditions under which a
modal formula is true at a world are related to first-order formulas. This is the
so-called standard translation of modal formulas into first-order formulas in a
language containing not just a two-place predicate symbol Q for the accessi-
bility relation, but also a one-place predicate symbol Pi for the propositional
variables pi occurring in φ.

Definition 2.15. The standard translation STx (φ) is inductively defined as

follows:

1. φ ≡ ⊥: STx (φ) = ⊥.

2. φ ≡ ⊥: STx (φ) = ⊤.

3. φ ≡ pi : STx (φ) = Pi (x).

4. φ ≡ ¬ψ: STx (φ) = ¬STx (ψ).

5. φ ≡ (ψ ∧ χ): STx (φ) = (STx (ψ) ∧ STx (χ)).

6. φ ≡ (ψ ∨ χ): STx (φ) = (STx (ψ) ∨ STx (χ)).

7. φ ≡ (ψ → χ): STx (φ) = (STx (ψ) → STx (χ)).

8. φ ≡ (ψ ↔ χ): STx (φ) = (STx (ψ) ↔ STx (χ)).

9. φ ≡ □ψ: STx (φ) = ∀y (Q(x, y) → STy (ψ)).

10. φ ≡ ♢ψ: STx (φ) = ∃y (Q(x, y) ∧ STy (ψ)).

26 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 For instance, STx (□p → p) is ∀y (Q(x, y) → P (y)) → P (x). Any structure for
the language of STx (φ) requires a domain, a two-place relation assigned to Q,
and subsets of the domain assigned to the one-place predicate symbols Pi .
In other words, the components of such a structure are exactly those of a
model for φ: the domain is the set of worlds, the two-place relation assigned
to Q is the accessibility relation, and the subsets assigned to Pi are just the
assignments V (pi ). It won’t surprise that satisfaction of φ in a modal model
and of STx (φ) in the corresponding structure agree:
nml:frd:st: Proposition 2.16. Let M = ⟨W, R, V ⟩, M′ be the first-order structure with
prop:st ′ ′
|M′ | = W , QM = R, and PiM = V (pi ), and s(x) = w. Then

M, w ⊩ φ iff M′ , s ⊨ STx (φ)

Proof. By induction on φ.

Proposition 2.17. Suppose φ is a modal formula and F = ⟨W, R⟩ is a frame.

′
Let F′ be the first-order structure with |F′ | = W and QF = R, and let φ′ be
the second-order formula

∀X1 . . . ∀Xn ∀x STx (φ)[X1 /P1 , . . . , Xn /Pn ],

where P1 , . . . , Pn are all one-place predicate symbols in STx (φ). Then

F ⊨ φ iff F′ ⊨ φ′
′
Proof. F′ ⊨ φ′ iff for every structure M′ where PiM ⊆ W for i = 1, . . . , n, and
for every s with s(x) ∈ W , M′ , s ⊨ STx (φ). By Proposition 2.16, that is the
case iff for all models M based on F and every world w ∈ W , M, w ⊩ φ, i.e.,
F ⊨ φ.

Definition 2.18. A class F of frames is second-order definable if there is a sen-

tence φ in the second-order language with a single two-place predicate symbol P
and quantifiers only over monadic set variables such that F = ⟨W, R⟩ ∈ F iff
M ⊨ φ in the structure M with |M| = W and P M = R.

Corollary 2.19. If a class of frames is definable by a formula φ, the corre-

sponding class of accessibility relations is definable by a monadic second-order
sentence.

Proof. The monadic second-order sentence φ′ of the preceding proof has the
required property.

As an example, consider again the formula □p → p. It defines reflexivity.

Reflexivity is of course first-order definable by the sentence ∀x Q(x, x). But it
is also definable by the monadic second-order sentence

∀X ∀x (∀y (Q(x, y) → X(y)) → X(x)).

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 27

This means, of course, that the two sentences are equivalent. Here’s how
you might convince yourself of this directly: First suppose the second-order
sentence is true in a structure M. Since x and X are universally quantified,
the remainder must hold for any x ∈ W and set X ⊆ W , e.g., the set {z : Rxz}
where R = QM . So, for any s with s(x) ∈ W and s(X) = {z : Rxz} we have
M ⊨ ∀y (Q(x, y) → X(y)) → X(x). But by the way we’ve picked s(X) that
means M, s ⊨ ∀y (Q(x, y) → Q(x, y)) → Q(x, x), which is equivalent to Q(x, x)
since the antecedent is valid. Since s(x) is arbitrary, we have M ⊨ ∀x Q(x, x).
Now suppose that M ⊨ ∀x Q(x, x) and show that M ⊨ ∀X ∀x (∀y (Q(x, y)→
X(y))→X(x)). Pick any assignment s, and assume M, s ⊨ ∀y (Q(x, y)→X(y)).
Let s′ be the y-variant of s with s′ (y) = s(x); we have M, s′ ⊨ Q(x, y) → X(y),
i.e., M, s ⊨ Q(x, x) → X(x). Since M ⊨ ∀x Q(x, x), the antecedent is true, and
we have M, s ⊨ X(x), which is what we needed to show.
Since some definable classes of frames are not first-order definable, not
every monadic second-order sentence of the form φ′ is equivalent to a first-
order sentence. There is no effective method to decide which ones are.

28 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Chapter 3

Axiomatic Derivations

3.1 Introduction
nml:axs:int: We have a semantics for the basic modal language in terms of modal models,
sec
and a notion of a formula being valid—true at all worlds in all models—or valid
with respect to some class of models or frames—true at all worlds in all models
in the class, or based on the frame. Logic usually connects such semantic
characterizations of validity with a proof-theoretic notion of derivability. The
aim is to define a notion of derivability in some system such that a formula is
derivable iff it is valid.
The simplest and historically oldest derivation systems are so-called Hilbert-
type or axiomatic derivation systems. Hilbert-type derivation systems for many
modal logics are relatively easy to construct: they are simple as objects of
metatheoretical study (e.g., to prove soundness and completeness). However,
they are much harder to use to prove formulas in than, say, natural deduction
systems.
In Hilbert-type derivation systems, a derivation of a formula is a sequence
of formulas leading from certain axioms, via a handful of inference rules, to
the formula in question. Since we want the derivation system to match the
semantics, we have to guarantee that the set of derivable formulas are true
in all models (or true in all models in which all axioms are true). We’ll first
isolate some properties of modal logics that are necessary for this to work: the
“normal” modal logics. For normal modal logics, there are only two inference
rules that need to be assumed: modus ponens and necessitation. As axioms we
take all (substitution instances) of tautologies, and, depending on the modal
logic we deal with, a number of modal axioms. Even if we are just interested
in the class of all models, we must also count all substitution instances of K
and Dual as axioms. This alone generates the minimal normal modal logic K.

Definition 3.1. The rule of modus ponens is the inference schema

φ φ→ψ
mp
ψ

29
We say a formula ψ follows from formulas φ, χ by modus ponens iff χ ≡ φ → ψ.

Definition 3.2. The rule of necessitation is the inference schema

φ
nec
□φ

We say the formula ψ follows from the formulas φ by necessitation iff ψ ≡ □φ.

Definition 3.3. A derivation from a set of axioms Σ is a sequence of formulas

ψ1 , ψ2 , . . . , ψn , where each ψi is either

1. a substitution instance of a tautology, or

2. a substitution instance of a formula in Σ, or

3. follows from two formulas ψj , ψk with j, k < i by modus ponens, or

4. follows from a formula ψj with j < i by necessitation.

If there is such a derivation with ψn ≡ φ, we say that φ is derivable from Σ,

in symbols Σ ⊢ φ.

With this definition, it will turn out that the set of derivable formulas forms
a normal modal logic, and that any derivable formula is true in every model
in which every axiom is true. This property of derivations is called soundness.
The converse, completeness, is harder to prove.

3.2 Normal Modal Logics

Not every set of modal formulas can easily be characterized as those formulas nml:prf:nor:
sec
derivable from a set of axioms. We want modal logics to be well-behaved. First
of all, everything we can derive in classical propositional logic should still be
derivable, of course taking into account that the formulas may now contain also
□ and ♢. To this end, we require that a modal logic contain all tautological
instances and be closed under modus ponens.

Definition 3.4. A modal logic is a set Σ of modal formulas which

1. contains all tautologies, and

2. is closed under substitution, i.e., if φ ∈ Σ, and θ1 , . . . , θn are formulas,

then
φ[θ1 /p1 , . . . , θn /pn ] ∈ Σ,

3. is closed under modus ponens, i.e., if φ and φ → ψ ∈ Σ, then ψ ∈ Σ.

30 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 In order to use the relational semantics for modal logics, we also have to
require that all formulas valid in all modal models are included. It turns
out that this requirement is met as soon as all instances of K and dual are
derivable, and whenever a formula φ is derivable, so is □φ. A modal logic that
satisfies these conditions is called normal. (Of course, there are also non-normal
modal logics, but the usual relational models are not adequate for them.)
Definition 3.5. A modal logic Σ is normal if it contains

□(p → q) → (□p → □q), (K)

♢p ↔ ¬□¬p (dual)

and is closed under necessitation, i.e., if φ ∈ Σ, then □φ ∈ Σ.

Observe that while tautological implication is “fine-grained” enough to pre-

serve truth at a world, the rule nec only preserves truth in a model (and hence
also validity in a frame or in a class of frames).
nml:prf:nor: Proposition 3.6. Every normal modal logic is closed under rule rk,
prop:rk
φ1 → (φ2 → · · · (φn−1 → φn ) · · · )
rk
□φ1 → (□φ2 → · · · (□φn−1 → □φn ) · · · ).

Proof. By induction on n: If n = 1, then the rule is just nec, and every normal
modal logic is closed under nec.
Now suppose the result holds for n − 1; we show it holds for n.
Assume

φ1 → (φ2 → · · · (φn−1 → φn ) · · · ) ∈ Σ

By the induction hypothesis, we have

□φ1 → (□φ2 → · · · □(φn−1 → φn ) · · · ) ∈ Σ

Since Σ is a normal modal logic, it contains all instances of K, in particular

□(φn−1 → φn ) → (□φn−1 → □φn ) ∈ Σ

Using modus ponens and suitable tautological instances we get

□φ1 → (□φ2 → · · · (□φn−1 → □φn ) · · · ) ∈ Σ.

nml:prf:nor: Proposition 3.7. Every normal modal logic Σ contains ¬♢⊥.

prop:notDiamondBot

Problem 3.1. Prove Proposition 3.7.

Proposition 3.8. Let φ1 , . . . , φn be formulas. Then there is a smallest modal

logic Σ containing all instances of φ1 , . . . , φn .

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 31

Proof. Given φ1 , . . . , φn , define Σ as the intersection of all normal modal
logics containing all instances of φ1 , . . . , φn . The intersection is non-empty as
Frm(L), the set of all formulas, is such a modal logic.

Definition 3.9. The smallest normal modal logic containing φ1 , . . . , φn is

called a modal system and denoted by Kφ1 . . . φn . The smallest normal modal
logic is denoted by K.

3.3 Derivations and Modal Systems

We first define what a derivation is for normal modal logics. Roughly, a deriva- nml:prf:prf:
sec
tion is a sequence of formulas in which every element is either (a substitution
instance of) one of a number of axioms, or follows from previous elements by
one of a few inference rules. For normal modal logics, all instances of tau-
tologies, K, and dual count as axioms. This results in the modal system K,
the smallest normal modal logic. We may wish to add additional axioms to
obtain other systems, however. The rules are always modus ponens mp and
necessitation nec.

Definition 3.10. Given a modal system Kφ1 . . . φn and a formula ψ we say

that ψ is derivable in Kφ1 . . . φn , written Kφ1 . . . φn ⊢ ψ, if and only if there
are formulas χ1 , . . . , χk such that χk = ψ and each χi is either a tautological
instance, or an instance of one of K, dual, φ1 , . . . , φn , or it follows from
previous formulas by means of the rules mp or nec.

The following proposition allows us to show that ψ ∈ Σ by exhibiting a

Σ-derivation of ψ.

Proposition 3.11. Kφ1 . . . φn = {ψ : Kφ1 . . . φn ⊢ ψ}.

Proof. We use induction on the length of derivations to show that {ψ : Kφ1 . . . φn ⊢

ψ} ⊆ Kφ1 . . . φn .
If the derivation of ψ has length 1, it contains a single formula. That formula
cannot follow from previous formulas by mp or nec, so must be a tautological
instance, an instance of K, dual, or an instance of one of φ1 , . . . , φn . But
Kφ1 . . . φn contains these as well, so ψ ∈ Kφ1 . . . φn .
If the derivation of ψ has length > 1, then ψ may in addition be obtained
by mp or nec from formulas not occurring as the last line in the derivation.
If ψ follows from χ and χ → ψ (by mp), then χ and χ → ψ ∈ Kφ1 . . . φn by
induction hypothesis. But every modal logic is closed under modus ponens, so
ψ ∈ Kφ1 . . . φn . If ψ ≡ □χ follows from χ by nec, then χ ∈ Kφ1 . . . φn by
induction hypothesis. But every normal modal logic is closed under nec, so
ψ ∈ Kφ1 . . . φn .
The converse inclusion follows by showing that Σ = {ψ : Kφ1 . . . φn ⊢ ψ}
is a normal modal logic containing all the instances of φ1 , . . . , φn , and the
observation that Kφ1 . . . φn is, by definition, the smallest such logic.

32 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 1. Every tautology ψ is a tautological instance, so Kφ1 . . . φn ⊢ ψ, so Σ
contains all tautologies.

2. If Kφ1 . . . φn ⊢ χ and Kφ1 . . . φn ⊢ χ→ψ, then Kφ1 . . . φn ⊢ ψ: Combine

the derivation of χ with that of χ → ψ, and add the line ψ. The last line
is justified by mp. So Σ is closed under modus ponens.

3. If ψ has a derivation, then every substitution instance of ψ also has a

derivation: apply the substitution to every formula in the derivation.
(Exercise: prove by induction on the length of derivations that the result
is also a correct derivation). So Σ is closed under uniform substitution.
(We have now established that Σ satisfies all conditions of a modal logic.)

4. We have Kφ1 . . . φn ⊢ K, so K ∈ Σ.

5. We have Kφ1 . . . φn ⊢ dual, so dual ∈ Σ.

6. If Kφ1 . . . φn ⊢ χ, the additional line □χ is justified by nec. Conse-

quently, Σ is closed under nec. Thus, Σ is normal.

3.4 Proofs in K
nml:prf:prk: In order to practice proofs in the smallest modal system, we show the valid
sec
formulas on the left-hand side of Table 1.1 can all be given K-proofs.

Proposition 3.12. K ⊢ □φ → □(ψ → φ)

Proof.

1. φ → (ψ → φ) taut
2. □(φ → (ψ → φ)) nec, 1
3. □(φ → (ψ → φ)) → (□φ → □(ψ → φ)) K
4. □φ → □(ψ → φ) mp, 2, 3

Proposition 3.13. K ⊢ □(φ ∧ ψ) → (□φ ∧ □ψ)

Proof.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 33

 1. (φ ∧ ψ) → φ taut
2. □((φ ∧ ψ) → φ) nec
3. □((φ ∧ ψ) → φ) → (□(φ ∧ ψ) → □φ) K
4. □(φ ∧ ψ) → □φ mp, 2, 3
5. (φ ∧ ψ) → ψ taut
6. □((φ ∧ ψ) → ψ) nec
7. □((φ ∧ ψ) → ψ) → (□(φ ∧ ψ) → □ψ) K
8. □(φ ∧ ψ) → □ψ mp, 6, 7
9. (□(φ ∧ ψ) → □φ) →
((□(φ ∧ ψ) → □ψ) →
(□(φ ∧ ψ) → (□φ ∧ □ψ))) taut
10. (□(φ ∧ ψ) → □ψ) →
(□(φ ∧ ψ) → (□φ ∧ □ψ)) mp, 4, 9
11. □(φ ∧ ψ) → (□φ ∧ □ψ) mp, 8, 10.

Note that the formula on line 9 is an instance of the tautology

(p → q) → ((p → r) → (p → (q ∧ r))).

Proposition 3.14. K ⊢ (□φ ∧ □ψ) → □(φ ∧ ψ)

Proof.
1. φ → (ψ → (φ ∧ ψ)) taut
2. □(φ → (ψ → (φ ∧ ψ))) nec, 1
3. □(φ → (ψ → (φ ∧ ψ))) → (□φ → □(ψ → (φ ∧ ψ))) K
4. □φ → □(ψ → (φ ∧ ψ)) mp, 2, 3
5. □(ψ → (φ ∧ ψ)) → (□ψ → □(φ ∧ ψ)) K
6. (□φ → □(ψ → (φ ∧ ψ))) →
(□(ψ → (φ ∧ ψ)) → (□ψ → □(φ ∧ ψ))) →
(□φ → (□ψ → □(φ ∧ ψ)))) taut
7. (□(ψ → (φ ∧ ψ)) → (□ψ → □(φ ∧ ψ))) →
(□φ → (□ψ → □(φ ∧ ψ))) mp, 4, 6
8. □φ → (□ψ → □(φ ∧ ψ))) mp, 5, 7
9. (□φ → (□ψ → □(φ ∧ ψ)))) →
((□φ ∧ □ψ) → □(φ ∧ ψ)) taut
10. (□φ ∧ □ψ) → □(φ ∧ ψ) mp, 8, 9

The formulas on lines 6 and 9 are instances of the tautologies

(p → q) → ((q → r) → (p → r))
(p → (q → r)) → ((p ∧ q) → r)

Proposition 3.15. K ⊢ ¬□p → ♢¬p

Proof.

34 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 1. ♢¬p ↔ ¬□¬¬p dual
2. (♢¬p ↔ ¬□¬¬p) →
(¬□¬¬p → ♢¬p) taut
3. ¬□¬¬p → ♢¬p mp, 1, 2
4. ¬¬p → p taut
5. □(¬¬p → p) nec, 4
6. □(¬¬p → p) → (□¬¬p → □p) K
7. (□¬¬p → □p) mp, 5, 6
8. (□¬¬p → □p) → (¬□p → ¬□¬¬p) taut
9. ¬□p → ¬□¬¬p mp, 7, 8
10. (¬□p → ¬□¬¬p) →
((¬□¬¬p → ♢¬p) → (¬□p → ♢¬p)) taut
11. (¬□¬¬p → ♢¬p) → (¬□p → ♢¬p) mp, 9, 10
12. ¬□p → ♢¬p mp, 3, 11

The formulas on lines 8 and 10 are instances of the tautologies

(p → q) → (¬q → ¬p)
(p → q) → ((q → r) → (p → r)).

Problem 3.2. Find derivations in K for the following formulas:

1. □¬p → □(p → q)

2. (□p ∨ □q) → □(p ∨ q)

3. ♢p → ♢(p ∨ q)

3.5 Derived Rules

nml:prf:der: Finding and writing derivations is obviously difficult, cumbersome, and repet-
sec
itive. For instance, very often we want to pass from φ → ψ to □φ → □ψ, i.e.,
apply rule rk. That requires an application of nec, then recording the proper
instance of K, then applying mp. Passing from φ → ψ and ψ → χ to φ → χ
requires recording the (long) tautological instance

(φ → ψ) → ((ψ → χ) → (φ → χ))

and applying mp twice. Often we want to replace a sub-formula by a formula

we know to be equivalent, e.g., ♢φ by ¬□¬φ, or ¬¬φ by φ. So rather than
write out the actual derivation, it is more convenient to simply record why the
intermediate steps are derivable. For this purpose, let us collect some facts
about derivability.

Proposition 3.16. If K ⊢ φ1 , . . . , K ⊢ φn , and ψ follows from φ1 , . . . , φn

by propositional logic, then K ⊢ ψ.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 35

Proof. If ψ follows from φ1 , . . . , φn by propositional logic, then

φ1 → (φ2 → · · · (φn → ψ) . . . )

is a tautological instance. Applying mp n times gives a derivation of ψ.

We will indicate use of this proposition by pl.

Proposition 3.17. If K ⊢ φ1 → (φ2 → · · · (φn−1 → φn ) . . . ) then K ⊢ □φ1 →

(□φ2 → · · · (□φn−1 → □φn ) . . . ).

Proof. By induction on n, just as in the proof of Proposition 3.6.

We will indicate use of this proposition by rk. Let’s illustrate how these
results help establishing derivability results more easily.

Proposition 3.18. K ⊢ (□φ ∧ □ψ) → □(φ ∧ ψ)

Proof.
1. K ⊢ φ → (ψ → (φ ∧ ψ)) taut
2. K ⊢ □φ → (□ψ → □(φ ∧ ψ))) rk, 1
3. K ⊢ (□φ ∧ □ψ) → □(φ ∧ ψ) pl, 2

Proposition 3.19. If K ⊢ φ ↔ ψ and K ⊢ χ[φ/q] then K ⊢ χ[B/q] nml:prf:der:

prop:rewriting

Proof. Exercise.

Problem 3.3. Prove Proposition 3.19 by proving, by induction on the com-

plexity of χ, that if K ⊢ φ ↔ ψ then K ⊢ χ[φ/q] ↔ χ[ψ/q].

This proposition comes in handy especially when we want to convert ♢

into □ (or vice versa), or remove double negations inside a formula. In what
follows, we will mark applications of Proposition 3.19 by “φ for ψ” whenever
we re-write a formula χ(ψ) for χ(φ). In other words, “φ for ψ” abbreviates:

⊢ χ(φ)
⊢φ↔ψ
⊢ χ(ψ) by Proposition 3.19

For instance:

Proposition 3.20. K ⊢ ¬□p → ♢¬p

Proof.
1. K ⊢ ♢¬p ↔ ¬□¬¬p dual
2. K ⊢ ¬□¬¬p → ♢¬p pl, 1
3. K ⊢ ¬□p → ♢¬p p for ¬¬p

36 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 In the above derivation, the final step “p for ¬¬p” is short for
K ⊢ ¬□¬¬p → ♢¬p
K ⊢ ¬¬p ↔ p taut
K ⊢ ¬□p → ♢¬p by Proposition 3.19
The roles of χ(q), φ, and ψ in Proposition 3.19 are played here, respectively,
by ¬□q → ♢¬p, ¬¬p, and p.
When a formula contains a sub-formula ¬♢φ, we can replace it by □¬φ
using Proposition 3.19, since K ⊢ ¬♢φ ↔ □¬φ. We’ll indicate this and similar
replacements simply by “□¬ for ¬♢.”
The following proposition justifies that we can establish derivability results
schematically. E.g., the previous proposition does not just establish that K ⊢
¬□p → ♢¬p, but K ⊢ ¬□φ → ♢¬φ for arbitrary φ.
Proposition 3.21. If φ is a substitution instance of ψ and K ⊢ ψ, then K ⊢
φ.

Proof. It is tedious but routine to verify (by induction on the length of the
derivation of ψ) that applying a substitution to an entire derivation also re-
sults in a correct derivation. Specifically, substitution instances of tautolog-
ical instances are themselves tautological instances, substitution instances of
instances of dual and K are themselves instances of dual and K, and appli-
cations of mp and nec remain correct when substituting formulas for proposi-
tional variables in both premise(s) and conclusion.

3.6 More Proofs in K

nml:prf:mpr: Let’s see some more examples of derivability in K, now using the simplified
sec
method introduced in section 3.5.
Proposition 3.22. K ⊢ □(φ → ψ) → (♢φ → ♢ψ)

Proof.
1. K ⊢ (φ → ψ) → (¬ψ → ¬φ) pl
2. K ⊢ □(φ → ψ) → (□¬ψ → □¬φ) rk, 1
3. K ⊢ (□¬ψ → □¬φ) → (¬□¬φ → ¬□¬ψ) taut
4. K ⊢ □(φ → ψ) → (¬□¬φ → ¬□¬ψ) pl, 2, 3
5. K ⊢ □(φ → ψ) → (♢φ → ♢ψ) ♢ for ¬□¬.

Proposition 3.23. K ⊢ □φ → (♢(φ → ψ) → ♢ψ)

Proof.
1. K ⊢ φ → (¬ψ → ¬(φ → ψ)) taut
2. K ⊢ □φ → (□¬ψ → □¬(φ → ψ)) rk, 1
3. K ⊢ □φ → (¬□¬(φ → ψ) → ¬□¬ψ) pl, 2
4. K ⊢ □φ → (♢(φ → ψ) → ♢ψ) ♢ for ¬□¬.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 37

Proposition 3.24. K ⊢ (♢φ ∨ ♢ψ) → ♢(φ ∨ ψ)

Proof.
1. K ⊢ ¬(φ ∨ ψ) → ¬φ taut
2. K ⊢ □¬(φ ∨ ψ) → □¬φ rk, 1
3. K ⊢ ¬□¬φ → ¬□¬(φ ∨ ψ) pl, 2
4. K ⊢ ♢φ → ♢(φ ∨ ψ) ♢ for ¬□¬
5. K ⊢ ♢ψ → ♢(φ ∨ ψ) similarly
6. K ⊢ (♢φ ∨ ♢ψ) → ♢(φ ∨ ψ) pl, 4, 5.

Proposition 3.25. K ⊢ ♢(φ ∨ ψ) → (♢φ ∨ ♢ψ)

Proof.
1. K ⊢ ¬φ → (¬ψ → ¬(φ ∨ ψ) taut
2. K ⊢ □¬φ → (□¬ψ → □¬(φ ∨ ψ) rk
3. K ⊢ □¬φ → (¬□¬(φ ∨ ψ) → ¬□¬ψ)) pl, 2
4. K ⊢ ¬□¬(φ ∨ ψ) → (□¬φ → ¬□¬ψ) pl, 3
5. K ⊢ ¬□¬(φ ∨ ψ) → (¬¬□¬ψ → ¬□¬φ) pl, 4
6. K ⊢ ♢(φ ∨ ψ) → (¬♢ψ → ♢φ) ♢ for ¬□¬
7. K ⊢ ♢(φ ∨ ψ) → (♢ψ ∨ ♢φ) pl, 6.

Problem 3.4. Show that the following derivability claims hold:

1. K ⊢ ♢¬⊥ → (□φ → ♢φ);
2. K ⊢ □(φ ∨ ψ) → (♢φ ∨ □ψ);
3. K ⊢ (♢φ → □ψ) → □(φ → ψ).

3.7 Dual Formulas

nml:prf:dua:
sec
Definition 3.26. Each of the formulas T, B, 4, and 5 has a dual, denoted by nml:prf:dua:
def:duals
a subscripted diamond, as follows:

p → ♢p (T♢ )
♢□p → p (B♢ )
♢♢p → ♢p (4♢ )
♢□p → □p (5♢ )

Each of the above dual formulas is obtained from the corresponding formula
by substituting ¬p for p, contraposing, replacing ¬□¬ by ♢, and replacing ¬♢¬
by □. D, i.e., □φ → ♢φ is its own dual in that sense.
Problem 3.5. Show that for each formula φ in Definition 3.26: K ⊢ φ ↔ φ♢ .

38 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 3.8 Proofs in Modal Systems
nml:prf:prs: We now come to proofs in systems of modal logic other than K.
sec

nml:prf:prs: Proposition 3.27. The following provability results obtain:

prop:S5facts
1. KT5 ⊢ B;

2. KT5 ⊢ 4;

3. KDB4 ⊢ T;

4. KB4 ⊢ 5;

5. KB5 ⊢ 4;

nml:prf:prs: 6. KT ⊢ D.
prop:S5facts-KT-D

Proof. We exhibit proofs for each.

1. KT5 ⊢ B:

1. KT5 ⊢ ♢φ → □♢φ 5
2. KT5 ⊢ φ → ♢φ T♢
3. KT5 ⊢ φ → □♢φ pl.

2. KT5 ⊢ 4:

1. KT5 ⊢ ♢□φ → □♢□φ 5 with □φ for p

2. KT5 ⊢ □φ → ♢□φ T♢ with □φ for p
3. KT5 ⊢ □φ → □♢□φ pl, 1, 2
4. KT5 ⊢ ♢□φ → □φ 5♢
5. KT5 ⊢ □♢□φ → □□φ rk, 4
6. KT5 ⊢ □φ → □□φ pl, 3, 5.

3. KDB4 ⊢ T:

1. KDB4 ⊢ ♢□φ → φ B♢
2. KDB4 ⊢ □□φ → ♢□φ D with □φ for p
3. KDB4 ⊢ □□φ → φ pl1, 2
4. KDB4 ⊢ □φ → □□φ 4
5. KDB4 ⊢ □φ → φ pl, 1, 4.

4. KB4 ⊢ 5:

1. KB4 ⊢ ♢φ → □♢♢φ B with ♢φ for p

2. KB4 ⊢ ♢♢φ → ♢φ 4♢
3. KB4 ⊢ □♢♢φ → □♢φ rk, 2
4. KB4 ⊢ ♢φ → □♢φ pl, 1, 3.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 39

 5. KB5 ⊢ 4:

1. KB5 ⊢ □φ → □♢□φ B with □φ for p

2. KB5 ⊢ ♢□φ → □φ 5♢
3. KB5 ⊢ □♢□φ → □□φ rk, 2
4. KB5 ⊢ □φ → □□φ pl, 1, 3.

6. KT ⊢ D:

1. KT ⊢ □φ → φ T
2. KT ⊢ φ → ♢φ T♢
3. KT ⊢ □φ → ♢φ pl, 1, 2

Definition 3.28. Following tradition, we define S4 to be the system KT4,

and S5 the system KTB4.

The following proposition shows that the classical system S5 has several
equivalent axiomatizations. This should not surprise, as the various combina-
tions of axioms all characterize equivalence relations (see Proposition 2.12).

Proposition 3.29. KTB4 = KT5 = KDB4 = KDB5. nml:prf:prs:

prop:S5

Proof. Exercise.

Problem 3.6. Prove Proposition 3.29.

3.9 Soundness
A derivation system is called sound if everything that can be derived is valid. nml:prf:snd:
sec
When considering modal systems, i.e., derivations where in addition to K we
can use instances of some formulas φ1 , . . . , φn , we want every derivable formula
to be true in any model in which φ1 , . . . , φn are true.

Theorem 3.30 (Soundness Theorem). If every instance of φ1 , . . . , φn is nml:prf:snd:

valid in the classes of models C1 , . . . , Cn , respectively, then Kφ1 . . . φn ⊢ ψ thm:soundness

implies that ψ is valid in the class of models C1 ∩ · · · ∩ Cn .

Proof. By induction on length of proofs. For brevity, put C = C1 ∩ · · · ∩ Cn .

1. Induction Basis: If ψ has a proof of length 1, then it is either a tautological

instance, an instance of K, or of dual, or an instance of one of φ1 , . . . , φn .
In the first case, ψ is valid in C, since tautological instance are valid in
any class of models, by Proposition 1.15. Similarly in the second case,
by Proposition 1.18 and Proposition 1.19. Finally in the third case, since
ψ is valid in Ci and C ⊆ Ci , we have that ψ is valid in C as well by
Proposition 1.11.

40 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 2. Inductive step: Suppose ψ has a proof of length k > 1. If ψ is a tauto-
logical instance or an instance of one of φ1 , . . . , φn , we proceed as in the
previous step. So suppose ψ is obtained by mp from previous formulas
χ → ψ and χ. Then χ → ψ and χ have proofs of length < k, and by induc-
tive hypothesis they are valid in C. By Proposition 1.20, ψ is valid in C
as well. Finally suppose ψ is obtained by nec from χ (so that ψ = □χ).
By inductive hypothesis, χ is valid in C, and by Proposition 1.12 so is ψ.

3.10 Showing Systems are Distinct

nml:prf:dis: In section 3.8 we saw how to prove that two systems of modal logic are in fact
sec
the same system. Theorem 3.30 allows us to show that two modal systems Σ
and Σ ′ are distinct, by finding a formula φ such that Σ ′ ⊢ φ that fails in a
model of Σ.
Proposition 3.31. KD ⊊ KT

Proof. This is the syntactic counterpart to the semantic fact that all reflexive
relations are serial. To show KD ⊆ KT we need to see that KD ⊢ ψ implies
KT ⊢ ψ, which follows from KT ⊢ D, as shown in Proposition 3.27(6). To
show that the inclusion is proper, by Soundness (Theorem 3.30), it suffices to
exhibit a model of KD where T, i.e., □p → p, fails (an easy task left as an
exercise), for then by Soundness KD ⊬ □p → p.

Proposition 3.32. KB ̸= K4.

Proof. We construct a symmetric model where some instance of 4 fails; since

obviously the instance is derivable for K4 but not in KB, it will follow K4 ⊈
KB. Consider the symmetric model M of Figure 3.1. Since the model is
symmetric, K and B are true in M (by Proposition 1.18 and Theorem 2.1,
respectively). However, M, w1 ⊮ □p → □□p.
¬p p
w1 w2
⊩ □p ⊮ □p
⊮ □□p
Figure 3.1: A symmetric model falsifying an instance of 4.
nml:prf:dis:
nml:prf:dis:
fig:Bnot4
Theorem 3.33. KTB ⊬ 4 and KTB ⊬ 5.
thm:KTBnot45

Proof. By Theorem 2.1 we know that all instances of T and B are true in every
reflexive symmetric model (respectively). So by soundness, it suffices to find
a reflexive symmetric model containing a world at which some instance of 4
fails, and similarly for 5. We use the same model for both claims. Consider

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 41

the symmetric, reflexive model in Figure 3.2. Then M, w1 ⊮ □p → □□p, so 4
fails at w1 . Similarly, M, w2 ⊮ ♢¬p → □♢¬p, so the instance of 5 with φ = ¬p
fails at w2 .

w1 p w2 p w3 ¬p
⊩ □p ⊩ ♢¬p
⊮ □□p ⊮ □♢¬p
⊮ ♢¬p
Figure 3.2: The model for Theorem 3.33.
nml:prf:dis:
Theorem 3.34. KD5 ̸= KT4 = S4. nml:prf:dis:
fig:KTBnot45
thm:KD5not4

Proof. By Theorem 2.1 we know that all instances of D and 5 are true in all
serial euclidean models. So it suffices to find a serial euclidean model containing
a world at which some instance of 4 fails. Consider the model of Figure 3.3,
and notice that M, w1 ⊮ □p → □□p.

Problem 3.7. Give an alternative proof of Theorem 3.34 using a model with
3 worlds.

Problem 3.8. Provide a single reflexive transitive model showing that both
KT4 ⊬ B and KT4 ⊬ 5.

3.11 Derivability from a Set of Formulas

In section 3.8 we defined a notion of provability of a formula in a system Σ. nml:prf:prg:
sec
We now extend this notion to provability in Σ from formulas in a set Γ .
Definition 3.35. A formula φ is derivable in a system Σ from a set of for- nml:prf:prg:
mulas Γ , written Γ ⊢Σ φ if and only if there are ψ1 , . . . , ψn ∈ Γ such that defn:Gammaproves

Σ ⊢ ψ1 → (ψ2 → · · · (ψn → φ) · · · ).

3.12 Properties of Derivability

nml:prf:prp:
sec
Proposition 3.36. Let Σ be a modal system and Γ a set of modal formulas. nml:prf:prp:
prop:derivabilityfacts
The following properties hold:
1. Monotony: If Γ ⊢Σ φ and Γ ⊆ ∆ then ∆ ⊢Σ φ; nml:prf:prp:
prop:derivabilityfacts-monotony
2. Reflexivity: If φ ∈ Γ then Γ ⊢Σ φ; nml:prf:prp:
prop:derivabilityfacts-reflexivity
3. Cut: If Γ ⊢Σ φ and ∆ ∪ {φ} ⊢Σ ψ then Γ ∪ ∆ ⊢Σ ψ; nml:prf:prp:
prop:derivabilityfacts-cut

42 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 w4 ¬p

p p
w2 w3

w1 ¬p
⊩ □p, ⊮ □□p
Figure 3.3: The model for Theorem 3.34.
nml:prf:dis:
fig:KD5not4
nml:prf:prp: 4. Deduction theorem: Γ ∪ {ψ} ⊢Σ φ if and only if Γ ⊢Σ ψ → φ;
prop:derivabilityfacts-deduction
nml:prf:prp: 5. Γ ⊢Σ φ1 and . . . and Γ ⊢Σ φn and φ1 → (φ2 → · · · (φn → ψ) · · · ) is a
prop:derivabilityfacts-ruleT
tautological instance, then Γ ⊢Σ ψ.

The proof is an easy exercise. Part (5) of Proposition 3.36 gives us that,
for instance, if Γ ⊢Σ φ ∨ ψ and Γ ⊢Σ ¬φ, then Γ ⊢Σ ψ. Also, in what follows,
we write Γ, φ ⊢Σ ψ instead of Γ ∪ {φ} ⊢Σ ψ.
Definition 3.37. A set Γ is deductively closed relatively to a system Σ if and
only if Γ ⊢Σ φ implies φ ∈ Γ .

3.13 Consistency
nml:prf:con: Consistency is an important property of sets of formulas. A set of formulas is
sec
inconsistent if a contradiction, such as ⊥, is derivable from it; and otherwise
consistent. If a set is inconsistent, its formulas cannot all be true in a model at
a world. For the completeness theorem we prove the converse: every consistent
set is true at a world in a model, namely in the “canonical model.”
Definition 3.38. A set Γ is consistent relatively to a system Σ or, as we will
say, Σ-consistent, if and only if Γ ⊬Σ ⊥.

So for instance, the set {□(p→q), □p, ¬□q} is consistent relatively to propo-
sitional logic, but not K-consistent. Similarly, the set {♢p, □♢p → q, ¬q} is not
K5-consistent.
nml:prf:con: Proposition 3.39. Let Γ be a set of formulas. Then:
prop:consistencyfacts
1. Γ is Σ-consistent if and only if there is some formula φ such that Γ ⊬Σ φ.
nml:prf:con: 2. Γ ⊢Σ φ if and only if Γ ∪ {¬φ} is not Σ-consistent.
prop:consistencyfacts-b

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 43

 3. If Γ is Σ-consistent, then for any formula φ, either Γ ∪ {φ} is Σ- nml:prf:con:
consistent or Γ ∪ {¬φ} is Σ-consistent. prop:consistencyfacts-c

Proof. These facts follow easily using classical propositional logic. We give the
argument for (3). Proceed contrapositively and suppose neither Γ ∪ {φ} nor
Γ ∪ {¬φ} is Σ-consistent. Then by (2), both Γ, φ ⊢Σ ⊥ and Γ, ¬φ ⊢Σ ⊥. By
the deduction theorem Γ ⊢Σ φ → ⊥ and Γ ⊢Σ ¬φ→⊥. But (φ→⊥)→((¬φ→
⊥) → ⊥) is a tautological instance, hence by Proposition 3.36(5), Γ ⊢Σ ⊥.

44 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Chapter 4

Completeness and Canonical

Models

4.1 Introduction
nml:com:int: If Σ is a modal system, then the soundness theorem establishes that if Σ ⊢ φ,
sec
then φ is valid in any class C of models in which all instances of all formulas
in Σ are valid. In particular that means that if K ⊢ φ then φ is true in all
models; if KT ⊢ φ then φ is true in all reflexive models; if KD ⊢ φ then φ is
true in all serial models, etc.
Completeness is the converse of soundness: that K is complete means that
if a formula φ is valid, ⊢ φ, for instance. Proving completeness is a lot harder to
do than proving soundness. It is useful, first, to consider the contrapositive: K
is complete iff whenever ⊬ φ, there is a countermodel, i.e., a model M such that
M ⊮ φ. Equivalently (negating φ), we could prove that whenever ⊬ ¬φ, there
is a model of φ. In the construction of such a model, we can use information
contained in φ. When we find models for specific formulas we often do the
same: e.g., if we want to find a countermodel to p → □q, we know that it has to
contain a world where p is true and □q is false. And a world where □q is false
means there has to be a world accessible from it where q is false. And that’s
all we need to know: which worlds make the propositional variables true, and
which worlds are accessible from which worlds.
In the case of proving completeness, however, we don’t have a specific for-
mula φ for which we are constructing a model. We want to establish that a
model exists for every φ such that ⊬Σ ¬φ. This is a minimal requirement, since
if ⊢Σ ¬φ, by soundness, there is no model for φ (in which Σ is true). Now
note that ⊬Σ ¬φ iff φ is Σ-consistent. (Recall that Σ ⊬Σ ¬φ and φ ⊬Σ ⊥ are
equivalent.) So our task is to construct a model for every Σ-consistent formula.
The trick we’ll use is to find a Σ-consistent set of formulas that contains φ,
but also other formulas which tell us what the world that makes φ true has
to look like. Such sets are complete Σ-consistent sets. It’s not enough to
construct a model with a single world to make φ true, it will have to contain

45
multiple worlds and an accessibility relation. The complete Σ-consistent set
containing φ will also contain other formulas of the form □ψ and ♢χ. In all
accessible worlds, ψ has to be true; in at least one, χ has to be true. In order
to accomplish this, we’ll simply take all possible complete Σ-consistent sets
as the basis for the set of worlds. A tricky part will be to figure out when a
complete Σ-consistent set should count as being accessible from another in our
model.
We’ll show that in the model so defined, φ is true at a world—which is
also a complete Σ-consistent set—iff φ is an element of that set. If φ is Σ-
consistent, it will be an element of at least one complete Σ-consistent set (a
fact we’ll prove), and so there will be a world where φ is true. So we will have
a single model where every Σ-consistent formula φ is true at some world. This
single model is the canonical model for Σ.

4.2 Complete Σ-Consistent Sets

Suppose Σ is a set of modal formulas—think of them as the axioms or defining nml:com:ccs:
sec
principles of a normal modal logic. A set Γ is Σ-consistent iff Γ ⊬Σ ⊥, i.e.,
if there is no derivation of φ1 → (φ2 → · · · (φn → ⊥) . . . ) from Σ, where each
φi ∈ Γ . We will construct a “canonical” model in which each world is taken
to be a special kind of Σ-consistent set: one which is not just Σ-consistent,
but maximally so, in the sense that it settles the truth value of every modal
formula: for every φ, either φ ∈ Γ or ¬φ ∈ Γ :

Definition 4.1. A set Γ is complete Σ-consistent if and only if it is Σ-consistent

and for every φ, either φ ∈ Γ or ¬φ ∈ Γ .

Complete Σ-consistent sets Γ have a number of useful properties. For one,

they are deductively closed, i.e., if Γ ⊢Σ φ then φ ∈ Γ . This means in particular
that every instance of a formula φ ∈ Σ is also ∈ Γ . Moreover, membership in
Γ mirrors the truth conditions for the propositional connectives. This will be
important when we define the “canonical model.”

Proposition 4.2. Suppose Γ is complete Σ-consistent. Then: nml:com:ccs:

prop:ccs-properties

1. Γ is deductively closed in Σ. nml:com:ccs:

prop:ccs-closed

2. Σ ⊆ Γ . nml:com:ccs:
prop:ccs-sigma

3. ⊥ ∈
/Γ nml:com:ccs:
prop:ccs-lfalse

4. ⊤ ∈ Γ nml:com:ccs:
prop:ccs-ltrue

5. ¬φ ∈ Γ if and only if φ ∈
/ Γ. nml:com:ccs:
prop:ccs-lnot

6. φ ∧ ψ ∈ Γ iff φ ∈ Γ and ψ ∈ Γ nml:com:ccs:

prop:ccs-land

7. φ ∨ ψ ∈ Γ iff φ ∈ Γ or ψ ∈ Γ nml:com:ccs:
prop:ccs-lor

46 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

nml:com:ccs: 8. φ → ψ ∈ Γ iff φ ∈
/ Γ or ψ ∈ Γ
prop:ccs-lif
nml:com:ccs: 9. φ ↔ ψ ∈ Γ iff either φ ∈ Γ and ψ ∈ Γ , or φ ∈
/ Γ and ψ ∈
/Γ
prop:ccs-liff

Proof. 1. Suppose Γ ⊢Σ φ but φ ∈ / Γ . Then since Γ is complete Σ-

consistent, ¬φ ∈ Γ . This would make Γ inconsistent, since φ, ¬φ ⊢Σ ⊥.
2. If φ ∈ Σ then Γ ⊢Σ φ, and φ ∈ Γ by deductive closure, i.e., case (1).
3. If ⊥ ∈ Γ , then Γ ⊢Σ ⊥, so Γ would be Σ-inconsistent.
4. Γ ⊢Σ ⊤, so ⊤ ∈ Γ by deductive closure, i.e., case (1).
5. If ¬φ ∈ Γ , then by consistency φ ∈
/ Γ ; and if φ ∈
/ Γ then φ ∈ Γ since Γ
is complete Σ-consistent.
6. Suppose φ ∧ ψ ∈ Γ . Since (φ ∧ ψ) → φ is a tautological instance, φ ∈ Γ
by deductive closure, i.e., case (1). Similarly for ψ ∈ Γ . On the other
hand, suppose both φ ∈ Γ and ψ ∈ Γ . Then deductive closure implies
(φ ∧ ψ) ∈ Γ , since φ → (ψ → (φ ∧ ψ)) is a tautological instance.
7. Suppose φ ∨ ψ ∈ Γ , and φ ∈ / Γ and ψ ∈/ Γ . Since Γ is complete Σ-
consistent, ¬φ ∈ Γ and ¬ψ ∈ Γ . Then ¬(φ ∨ ψ) ∈ Γ since ¬φ →
(¬ψ → ¬(φ ∨ ψ)) is a tautological instance. This would mean that Γ is
Σ-inconsistent, a contradiction.
8. Suppose φ→ψ ∈ Γ and φ ∈ Γ ; then Γ ⊢Σ ψ, whence ψ ∈ Γ by deductive
closure. Conversely, if φ → ψ ∈
/ Γ then since Γ is complete Σ-consistent,
¬(φ → ψ) ∈ Γ . Since ¬(φ → ψ) → φ is a tautological instance, φ ∈ Γ
by deductive closure. Since ¬(φ → ψ) → ¬ψ is a tautological instance,
¬ψ ∈ Γ . Then ψ ∈/ Γ since Γ is Σ-consistent.
9. Suppose φ ↔ ψ ∈ Γ . If φ ∈ Γ , then ψ ∈ Γ , since (φ ↔ ψ) → (φ → ψ) is
a tautological instance. Similarly, if ψ ∈ Γ , then φ ∈ Γ . So either both
φ ∈ Γ and ψ ∈ Γ , or neither φ ∈ Γ nor ψ ∈ Γ .
Conversely, suppose φ→ψ ∈ / Γ . Since Γ is complete Σ-consistent, ¬(φ↔
ψ) ∈ Γ . Since ¬(φ ↔ ψ) → (φ → ¬ψ) is a tautological instance, if φ ∈ Γ
then ¬ψ ∈ Γ , and since Γ is Σ-consistent, ψ ∈ / Γ . Similarly, if ψ ∈ Γ
then φ ∈/ Γ . So neither φ ∈ Γ and ψ ∈ Γ , nor φ ∈/ Γ and ψ ∈ / Γ.

Problem 4.1. Complete the proof of Proposition 4.2.

4.3 Lindenbaum’s Lemma

nml:com:lin: Lindenbaum’s Lemma establishes that every Σ-consistent set of formulas is
sec
contained in at least one complete Σ-consistent set. Our construction of the
canonical model will show that for each complete Σ-consistent set ∆, there is a
world in the canonical model where all and only the formulas in ∆ are true. So

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 47

Lindenbaum’s Lemma guarantees that every Σ-consistent set is true at some
world in the canonical model.
Theorem 4.3 (Lindenbaum’s Lemma). If Γ is Σ-consistent then there is nml:com:lin:
thm:lindenbaum
a complete Σ-consistent set ∆ extending Γ .

Proof. Let φ0 , φ1 , . . . be an exhaustive listing of all formulas of the language

(repetitions are allowed). For instance, start by listing p0 , and at each stage
n ≥ 1 list the finitely many formulas of length n using only variables among
p0 , . .S
. , pn . We define sets of formulas ∆n by induction on n, and we then set
∆ = n ∆n . We first put ∆0 = Γ . Supposing that ∆n has been defined, we
define ∆n+1 by:
(
∆n ∪ {φn }, if ∆n ∪ {φn } is Σ-consistent;
∆n+1 =
∆n ∪ {¬φn }, otherwise.
S∞
Now let ∆ = n=0 ∆n .
We have to show that this definition actually yields a set ∆ with the required
properties, i.e., Γ ⊆ ∆ and ∆ is complete Σ-consistent.
It’s obvious that Γ ⊆ ∆, since ∆0 ⊆ ∆ by construction, and ∆0 = Γ . In
fact, ∆n ⊆ ∆ for all n, since ∆ is the union of all ∆n . (Since in each step of the
construction, we add a formula to the set already constructed, ∆n ⊆ ∆n+1 ,
so since ⊆ is transitive, ∆n ⊆ ∆m whenever n ≤ m.) At each stage of the
construction, we either add φn or ¬φn , and every formula appears (at least
once) in the list of all φn . So, for every φ either φ ∈ ∆ or ¬φ ∈ ∆, so ∆ is
complete by definition.
Finally, we have to show, that ∆ is Σ-consistent. To do this, we show that
(a) if ∆ were Σ-inconsistent, then some ∆n would be Σ-inconsistent, and (b)
all ∆n are Σ-consistent.
So suppose ∆ were Σ-inconsistent. Then ∆ ⊢Σ ⊥, i.e., thereS are φ1 ,
∞
. . . , φk ∈ ∆ such that Σ ⊢ φ1 → (φ2 → · · · (φk → ⊥) . . . ). Since ∆ = n=0 ∆n ,
each φi ∈ ∆ni for some ni . Let n be the largest of these. Since ni ≤ n,
∆ni ⊆ ∆n . So, all φi are in some ∆n . This would mean ∆n ⊢Σ ⊥, i.e., ∆n is
Σ-inconsistent.
To show that each ∆n is Σ-consistent, we use a simple induction on n.
∆0 = Γ , and we assumed Γ was Σ-consistent. So the claim holds for n = 0.
Now suppose it holds for n, i.e., ∆n is Σ-consistent. ∆n+1 is either ∆n ∪ {φn }
if that is Σ-consistent, otherwise it is ∆n ∪ {¬φn }. In the first case, ∆n+1
is clearly Σ-consistent. However, by Proposition 3.39(3), either ∆n ∪ {φn } or
∆n ∪ {¬φn } is consistent, so ∆n+1 is consistent in the other case as well.

Corollary 4.4. Γ ⊢Σ φ if and only if φ ∈ ∆ for each complete Σ-consistent nml:com:lin:

set ∆ extending Γ (including when Γ = ∅, in which case we get another char- cor:provability-characterization

acterization of the modal system Σ.)

Proof. Suppose Γ ⊢Σ φ, and let ∆ be any complete Σ-consistent set extending

Γ . If φ ∈
/ ∆ then by maximality ¬φ ∈ ∆ and so ∆ ⊢Σ φ (by monotony) and

48 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 ∆ ⊢Σ ¬φ (by reflexivity), and so ∆ is inconsistent. Conversely if Γ ⊬Σ φ, then
Γ ∪ {¬φ} is Σ-consistent, and by Lindenbaum’s Lemma there is a complete
consistent set ∆ extending Γ ∪ {¬φ}. By consistency, φ ∈ / ∆.

4.4 Modalities and Complete Consistent Sets

nml:com:mod: When we construct a model MΣ whose set of worlds is given by the complete explanation
sec
Σ-consistent sets ∆ in some normal modal logic Σ, we will also need to define
an accessibility relation RΣ between such “worlds.” We want it to be the case
that the accessibility relation (and the assignment V Σ ) are defined in such a
way that MΣ , ∆ ⊩ φ iff φ ∈ ∆. How should we do this?
Once the accessibility relation is defined, the definition of truth at a world
ensures that MΣ , ∆ ⊩ □φ iff MΣ , ∆′ ⊩ φ for all ∆′ such that RΣ ∆∆′ . The
proof that MΣ , ∆ ⊩ φ iff φ ∈ ∆ requires that this is true in particular for
formulas starting with a modal operator, i.e., MΣ , ∆ ⊩ □φ iff □φ ∈ ∆. Com-
bining this requirement with the definition of truth at a world for □φ yields:

□φ ∈ ∆ iff φ ∈ ∆′ for all ∆′ with RΣ ∆∆′

Consider the left-to-right direction: it says that if □φ ∈ ∆, then φ ∈ ∆′ for

any φ and any ∆′ with RΣ ∆∆′ . If we stipulate that RΣ ∆∆′ iff φ ∈ ∆′ for all
□φ ∈ ∆, then this holds. We can write the condition on the right of the “iff”
more compactly as: {φ : □φ ∈ ∆} ⊆ ∆′ .
So the question is: does this definition of RΣ in fact guarantee that □φ ∈ ∆
iff MΣ , ∆ ⊩ □φ? Does it also guarantee that ♢φ ∈ ∆ iff MΣ , ∆ ⊩ ♢φ? The
next few results will establish this.
Definition 4.5. If Γ is a set of formulas, let

□Γ = {□ψ : ψ ∈ Γ }
♢Γ = {♢ψ : ψ ∈ Γ }

and

□−1 Γ = {ψ : □ψ ∈ Γ }
♢−1 Γ = {ψ : ♢ψ ∈ Γ }

In other words, □Γ is Γ with □ in front of every formula in Γ ; □−1 Γ is

all the □’ed formulas of Γ with the initial □’s removed. This definition is not
terribly important on its own, but will simplify the notation considerably.
Note that □□−1 Γ ⊆ Γ :

□□−1 Γ = {□ψ : □ψ ∈ Γ }

i.e., it’s just the set of all those formulas of Γ that start with □.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 49

Lemma 4.6. If Γ ⊢Σ φ then □Γ ⊢Σ □φ. nml:com:mod:
lem:box1
Proof. If Γ ⊢Σ φ then there are ψ1 , . . . , ψk ∈ Γ such that Σ ⊢ ψ1 → (ψ2 →
· · · (ψn →φ) · · · ). Since Σ is normal, by rule rk, Σ ⊢ □ψ1 →(□ψ2 →· · · (□ψn →
□φ) · · · ), where obviously □ψ1 , . . . , □ψk ∈ □Γ . Hence, by definition, □Γ ⊢Σ
□φ.

Lemma 4.7. If □−1 Γ ⊢Σ φ then Γ ⊢Σ □φ. nml:com:mod:

lem:box2
Proof. Suppose □−1 Γ ⊢Σ φ; then by Lemma 4.6, □□−1 Γ ⊢ □φ. But since
□□−1 Γ ⊆ Γ , also Γ ⊢Σ □φ by Monotony.

Proposition 4.8. If Γ is complete Σ-consistent, then □φ ∈ Γ if and only if nml:com:mod:

for every complete Σ-consistent ∆ such that □−1 Γ ⊆ ∆, it holds that φ ∈ ∆. prop:box

Proof. Suppose Γ is complete Σ-consistent. The “only if” direction is easy:

Suppose □φ ∈ Γ and that □−1 Γ ⊆ ∆. Since □φ ∈ Γ , φ ∈ □−1 Γ ⊆ ∆, so
φ ∈ ∆.
For the “if” direction, we prove the contrapositive: Suppose □φ ∈
/ Γ . Since
Γ is complete Σ-consistent, it is deductively closed, and hence Γ ⊬Σ □φ.
By Lemma 4.7, □−1 Γ ⊬Σ φ. By Proposition 3.39(2), □−1 Γ ∪ {¬φ} is Σ-
consistent. By Lindenbaum’s Lemma, there is a complete Σ-consistent set ∆
such that □−1 Γ ∪ {¬φ} ⊆ ∆. By consistency, φ ∈ / ∆.

Lemma 4.9. Suppose Γ and ∆ are complete Σ-consistent. Then □−1 Γ ⊆ ∆ nml:com:mod:
if and only if ♢∆ ⊆ Γ . lem:box-iff-diamond

Proof. “Only if” direction: Assume □−1 Γ ⊆ ∆ and suppose ♢φ ∈ ♢∆ (i.e.,

φ ∈ ∆). In order to show ♢φ ∈ Γ , it suffices to show □¬φ ∈ / Γ , for then by
maximality, ¬□¬φ ∈ Γ . Now, if □¬φ ∈ Γ then by hypothesis ¬φ ∈ ∆, against
the consistency of ∆ (since φ ∈ ∆). Hence □¬φ ∈ / Γ , as required.
“If” direction: Assume ♢∆ ⊆ Γ . We argue contrapositively: suppose φ ∈ /∆
in order to show □φ ∈ / Γ . If φ ∈/ ∆ then by maximality ¬φ ∈ ∆ and so by
hypothesis ♢¬φ ∈ Γ . But in a normal modal logic ♢¬φ is equivalent to ¬□φ,
and if the latter is in Γ , by consistency □φ ∈
/ Γ , as required.

Proposition 4.10. If Γ is complete Σ-consistent, then ♢φ ∈ Γ if and only nml:com:mod:

if for some complete Σ-consistent ∆ such that ♢∆ ⊆ Γ , it holds that φ ∈ ∆. prop:diamond

Proof. Suppose Γ is complete Σ-consistent. ♢φ ∈ Γ iff ¬□¬φ ∈ Γ by dual

and closure. ¬□¬φ ∈ Γ iff □¬φ ∈ / Γ by Proposition 4.2(5) since Γ is complete
Σ-consistent. By Proposition 4.8, □¬φ ∈/ Γ iff, for some complete Σ-consistent
∆ with □−1 Γ ⊆ ∆, ¬φ ∈ / ∆. Now consider any such ∆. By Lemma 4.9,
□−1 Γ ⊆ ∆ iff ♢∆ ⊆ Γ . Also, ¬φ ∈ / ∆ iff φ ∈ ∆ by Proposition 4.2(5). So
♢φ ∈ Γ iff, for some complete Σ-consistent ∆ with ♢∆ ⊆ Γ , φ ∈ ∆.

Problem 4.2. Show that if Γ is complete Σ-consistent, then ♢φ ∈ Γ if and

only if there is a complete Σ-consistent ∆ such that □−1 Γ ⊆ ∆ and φ ∈ ∆.
Do this without using Lemma 4.9.

50 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 4.5 Canonical Models
nml:com:cmd: The canonical model for a modal system Σ is a specific model MΣ in which
sec
the worlds are all complete Σ-consistent sets. Its accessibility relation RΣ and
valuation V Σ are defined so as to guarantee that the formulas true at a world ∆
are exactly the formulas making up ∆.
Definition 4.11. Let Σ be a normal modal logic. The canonical model for Σ
is MΣ = ⟨W Σ , RΣ , V Σ ⟩, where:
1. W Σ = {∆ : ∆ is complete Σ-consistent}.
2. RΣ ∆∆′ holds if and only if □−1 ∆ ⊆ ∆′ .
3. V Σ (p) = {∆ : p ∈ ∆}.

4.6 The Truth Lemma

nml:com:tru: The canonical model MΣ is defined in such a way that MΣ , ∆ ⊩ φ iff φ ∈ ∆.
sec
For propositional variables, the definition of V Σ yields this directly. We have
to verify that the equivalence holds for all formulas, however. We do this by
induction. The inductive step involves proving the equivalence for formulas
involving propositional operators (where we have to use Proposition 4.2) and
the modal operators (where we invoke the results of section 4.4).
nml:com:tru: Proposition 4.12 (Truth Lemma). For every formula φ, MΣ , ∆ ⊩ φ if
prop:truthlemma
and only if φ ∈ ∆.

Proof. By induction on φ.
1. φ ≡ ⊥: MΣ , ∆ ⊮ ⊥ by Definition 1.6, and ⊥ ∈
/ ∆ by Proposition 4.2(3).
2. φ ≡ ⊤: MΣ , ∆ ⊩ ⊤ by Definition 1.6, and ⊤ ∈ ∆ by Proposition 4.2(4).
3. φ ≡ p: MΣ , ∆ ⊩ p iff ∆ ∈ V Σ (p) by Definition 1.6. Also, ∆ ∈ V Σ (p) iff
p ∈ ∆ by definition of V Σ .
4. φ ≡ ¬ψ: MΣ , ∆ ⊩ ¬ψ iff MΣ , ∆ ⊮ ψ (Definition 1.6) iff ψ ∈
/ ∆ (by
inductive hypothesis) iff ¬ψ ∈ ∆ (by Proposition 4.2(5)).
5. φ ≡ ψ ∧ χ: MΣ , ∆ ⊩ ψ ∧ χ iff MΣ , ∆ ⊩ ψ and MΣ , ∆ ⊩ χ (by
Definition 1.6) iff ψ ∈ ∆ and χ ∈ ∆ (by inductive hypothesis) iff ψ∧χ ∈ ∆
(by Proposition 4.2(6)).
6. φ ≡ ψ ∨ χ: MΣ , ∆ ⊩ ψ ∨ χ iff MΣ , ∆ ⊩ ψ or MΣ , ∆ ⊩ χ (by Defini-
tion 1.6) iff ψ ∈ ∆ or χ ∈ ∆ (by inductive hypothesis) iff ψ ∨ χ ∈ ∆ (by
Proposition 4.2(7)).
7. φ ≡ ψ → χ: MΣ , ∆ ⊩ ψ → χ iff MΣ , ∆ ⊮ ψ or MΣ , ∆ ⊩ χ (by
Definition 1.6) iff ψ ∈
/ ∆ or χ ∈ ∆ (by inductive hypothesis) iff ψ →χ ∈ ∆
(by Proposition 4.2(8)).

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 51

 8. φ ≡ ψ ↔ χ: MΣ , ∆ ⊩ ψ ↔ χ iff either MΣ , ∆ ⊩ ψ and MΣ , ∆ ⊩ χ
or MΣ , ∆ ⊮ ψ and MΣ , ∆ ⊮ χ (by Definition 1.6) iff either ψ ∈ ∆ and
χ ∈ ∆ or ψ ∈/ ∆ and χ ∈
/ ∆ (by inductive hypothesis) iff ψ ↔ χ ∈ ∆ (by
Proposition 4.2(9)).

9. φ ≡ □ψ: First suppose that MΣ , ∆ ⊩ □ψ. By Definition 1.6, for every

∆′ such that RΣ ∆∆′ , MΣ , ∆′ ⊩ ψ. By inductive hypothesis, for every
∆′ such that RΣ ∆∆′ , ψ ∈ ∆′ . By definition of RΣ , for every ∆′ such
that □−1 ∆ ⊆ ∆′ , ψ ∈ ∆′ . By Proposition 4.8, □ψ ∈ ∆.
Now assume □ψ ∈ ∆. Let ∆′ ∈ W Σ be such that RΣ ∆∆′ , i.e., □−1 ∆ ⊆
∆′ . Since □ψ ∈ ∆, ψ ∈ □−1 ∆. Consequently, ψ ∈ ∆′ . By inductive
hypothesis, MΣ , ∆′ ⊩ ψ. Since ∆′ is arbitrary with RΣ ∆∆′ , for all ∆′ ∈
W Σ such that RΣ ∆∆′ , MΣ , ∆′ ⊩ ψ. By Definition 1.6, MΣ , ∆ ⊩ □ψ.

10. φ ≡ ♢ψ: First suppose that MΣ , ∆ ⊩ ♢ψ. By Definition 1.6, for some
∆′ such that RΣ ∆∆′ , MΣ , ∆′ ⊩ ψ. By inductive hypothesis, for some
∆′ such that RΣ ∆∆′ , ψ ∈ ∆′ . By definition of RΣ , for some ∆′ such
that □−1 ∆ ⊆ ∆′ , ψ ∈ ∆′ . By Proposition 4.10, for some ∆′ such that
♢∆′ ⊆ ∆, ψ ∈ ∆′ . Since ψ ∈ ∆′ , ♢ψ ∈ ♢∆′ , so ♢ψ ∈ ∆.
Now assume ♢ψ ∈ ∆. By Proposition 4.10, there is a complete Σ-
consistent ∆′ ∈ W Σ such that ♢∆′ ⊆ ∆ and ψ ∈ ∆′ . By Lemma 4.9,
there is a ∆′ ∈ W Σ such that □−1 ∆ ⊆ ∆′ , and ψ ∈ ∆′ . By definition of
RΣ , RΣ ∆∆′ , so there is a ∆′ ∈ W Σ such that RΣ ∆∆′ and ψ ∈ ∆′ . By
Definition 1.6, MΣ , ∆ ⊩ ♢ψ.

Problem 4.3. Complete the proof of Proposition 4.12.

4.7 Determination and Completeness for K

We are now prepared to use the canonical model to establish completeness. nml:com:cmk:
sec
Completeness follows from the fact that the formulas true in the canonical
model for Σ are exactly the Σ-derivable ones. Models with this property are
said to determine Σ.

Definition 4.13. A model M determines a normal modal logic Σ precisely

when M ⊩ φ if and only if Σ ⊢ φ, for all formulas φ.

Theorem 4.14 (Determination). MΣ ⊩ φ if and only if Σ ⊢ φ. nml:com:cmk:

thm:determination

Proof. If MΣ ⊩ φ, then for every complete Σ-consistent ∆, we have MΣ , ∆ ⊩

φ. Hence, by the Truth Lemma, φ ∈ ∆ for every complete Σ-consistent ∆,
whence by Corollary 4.4 (with Γ = ∅), Σ ⊢ φ.
Conversely, if Σ ⊢ φ then by Proposition 4.2(1), every complete Σ-consistent
∆ contains φ, and hence by the Truth Lemma, MΣ , ∆ ⊩ φ for every ∆ ∈ W Σ ,
i.e., MΣ ⊩ φ.

52 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Since the canonical model for K determines K, we immediately have com-
pleteness of K as a corollary:

nml:com:cmk: Corollary 4.15. The basic modal logic K is complete with respect to the class
cor:Kcomplete
of all models, i.e., if ⊨ φ then K ⊢ φ.

Proof. Contrapositively, if K ⊬ φ then by Determination MK ⊮ φ and hence

φ is not valid.

For the general case of completeness of a system Σ with respect to a class

of models, e.g., of KTB4 with respect to the class of reflexive, symmetric,
transitive models, determination alone is not enough. We must also show that
the canonical model for the system Σ is a member of the class, which does not
follow obviously from the canonical model construction—nor is it always true!

4.8 Frame Completeness

nml:com:fra: The completeness theorem for K can be extended to other modal systems, once
sec
we show that the canonical model for a given logic has the corresponding frame
property.

nml:com:fra: Theorem 4.16. If a normal modal logic Σ contains one of the formulas on the
thm:completeframeprops
left-hand side of Table 4.1, then the canonical model for Σ has the corresponding
property on the right-hand side.

If Σ contains . . . . . . the canonical model for Σ is:

D: □φ → ♢φ serial;
T: □φ → φ reflexive;
B: φ → □♢φ symmetric;
4: □φ → □□φ transitive;
5: ♢φ → □♢φ euclidean.
Table 4.1: Basic correspondence facts.
nml:com:fra:
tab:correspondencetable Proof. We take each of these up in turn.
Suppose Σ contains D, and let ∆ ∈ W Σ ; we need to show that there is a ∆′
such that RΣ ∆∆′ . It suffices to show that □−1 ∆ is Σ-consistent, for then by
Lindenbaum’s Lemma, there is a complete Σ-consistent set ∆′ ⊇ □−1 ∆, and
by definition of RΣ we have RΣ ∆∆′ . So, suppose for contradiction that □−1 ∆
is not Σ-consistent, i.e., □−1 ∆ ⊢Σ ⊥. By Lemma 4.7, ∆ ⊢Σ □⊥, and since Σ
contains D, also ∆ ⊢Σ ♢⊥. But Σ is normal, so Σ ⊢ ¬♢⊥ (Proposition 3.7),
whence also ∆ ⊢Σ ¬♢⊥, against the consistency of ∆.
Now suppose Σ contains T, and let ∆ ∈ W Σ . We want to show RΣ ∆∆,
i.e., □−1 ∆ ⊆ ∆. But if □φ ∈ ∆ then by T also φ ∈ ∆, as desired.
Now suppose Σ contains B, and suppose RΣ ∆∆′ for ∆, ∆′ ∈ W Σ . We
need to show that RΣ ∆′ ∆, i.e., □−1 ∆′ ⊆ ∆. By Lemma 4.9, this is equivalent

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 53

to ♢∆ ⊆ ∆′ . So suppose φ ∈ ∆. By B, also □♢φ ∈ ∆. By the hypothesis that
RΣ ∆∆′ , we have that □−1 ∆ ⊆ ∆′ , and hence ♢φ ∈ ∆′ , as required.
Now suppose Σ contains 4, and suppose RΣ ∆1 ∆2 and RΣ ∆2 ∆3 . We need
to show RΣ ∆1 ∆3 . From the hypothesis we have both □−1 ∆1 ⊆ ∆2 and
□−1 ∆2 ⊆ ∆3 . In order to show RΣ ∆1 ∆3 it suffices to show □−1 ∆1 ⊆ ∆3 . So
let ψ ∈ □−1 ∆1 , i.e., □ψ ∈ ∆1 . By 4, also □□ψ ∈ ∆1 and by hypothesis we
get, first, that □ψ ∈ ∆2 and, second, that ψ ∈ ∆3 , as desired.
Now suppose Σ contains 5, suppose RΣ ∆1 ∆2 and RΣ ∆1 ∆3 . We need
to show RΣ ∆2 ∆3 . The first hypothesis gives □−1 ∆1 ⊆ ∆2 , and the second
hypothesis is equivalent to ♢∆3 ⊆ ∆2 , by Lemma 4.9. To show RΣ ∆2 ∆3 , by
Lemma 4.9, it suffices to show ♢∆3 ⊆ ∆2 . So let ♢φ ∈ ♢∆3 , i.e., φ ∈ ∆3 . By
the second hypothesis ♢φ ∈ ∆1 and by 5, □♢φ ∈ ∆1 as well. But now the first
hypothesis gives ♢φ ∈ ∆2 , as desired.

As a corollary we obtain completeness results for a number of systems. For

instance, we know that S5 = KT5 = KTB4 is complete with respect to the
class of all reflexive euclidean models, which is the same as the class of all
reflexive, symmetric and transitive models.

Theorem 4.17. Let CD , CT , CB , C4 , and C5 be the class of all serial, re- nml:com:fra:
thm:generaldet
flexive, symmetric, transitive, and euclidean models (respectively). Then for
any schemas φ1 , . . . , φn among D, T, B, 4, and 5, the system Kφ1 . . . φn is
determined by the class of models C = Cφ1 ∩ · · · ∩ Cφn .

Proposition 4.18. Let Σ be a normal modal logic; then:

1. If Σ contains the schema ♢φ → □φ then the canonical model for Σ is nml:com:fra:

prop:anotherfive-a
partially functional.

2. If Σ contains the schema ♢φ ↔ □φ then the canonical model for Σ is

functional.

3. If Σ contains the schema □□φ → □φ then the canonical model for Σ is

weakly dense.

(see Table 2.2 for definitions of these frame properties).

Proof. 1. Suppose that Σ contains the schema ♢φ → □φ, to show that

RΣ is partially functional we need to prove that for any ∆1 , ∆2 , ∆3 ∈
W Σ , if RΣ ∆1 ∆2 and RΣ ∆1 ∆3 then ∆2 = ∆3 . Since RΣ ∆1 ∆2 we have
□−1 ∆1 ⊆ ∆2 and since RΣ ∆1 ∆3 also □−1 ∆1 ⊆ ∆3 . The identity ∆2 =
∆3 will follow if we can establish the two inclusions ∆2 ⊆ ∆3 and ∆3 ⊆
∆2 . For the first inclusion, let φ ∈ ∆2 ; then ♢φ ∈ ∆1 , and by the schema
and deductive closure of ∆1 also □φ ∈ ∆1 , whence by the hypothesis
that RΣ ∆1 ∆3 , φ ∈ ∆3 . The second inclusion is similar.

2. This follows immediately from part (1) and the seriality proof in Theo-
rem 4.16.

54 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 3. Suppose Σ contains the schema □□φ → □φ and to show that RΣ is
weakly dense, let RΣ ∆1 ∆2 . We need to show that there is a complete
Σ-consistent set ∆3 such that RΣ ∆1 ∆3 and RΣ ∆3 ∆2 . Let:

Γ = □−1 ∆1 ∪ ♢∆2 .

It suffices to show that Γ is Σ-consistent, for then by Lindenbaum’s

Lemma it can be extended to a complete Σ-consistent set ∆3 such that
□−1 ∆1 ⊆ ∆3 and ♢∆2 ⊆ ∆3 , i.e., RΣ ∆1 ∆3 and RΣ ∆3 ∆2 (by Lemma 4.9).
Suppose for contradiction that Γ is not consistent. Then there are for-
mulas □φ1 , . . . , □φn ∈ ∆1 and ψ1 , . . . , ψm ∈ ∆2 such that

φ1 , . . . , φn , ♢ψ1 , . . . , ♢ψm ⊢Σ ⊥.

Since ♢(ψ1 ∧ · · · ∧ ψm ) → (♢ψ1 ∧ · · · ∧ ♢ψm ) is derivable in every normal

modal logic, we argue as follows, contradicting the consistency of ∆2 :

φ1 , . . . , φn ,♢ψ1 , . . . , ♢ψm ⊢Σ ⊥
φ1 , . . . , φn ⊢Σ (♢ψ1 ∧ · · · ∧ ♢ψm ) → ⊥
by the deduction theorem
Proposition 3.36(4), and taut
φ1 , . . . , φn ⊢Σ ♢(ψ1 ∧ · · · ∧ ψm ) → ⊥
since Σ is normal
φ1 , . . . , φn ⊢Σ ¬♢(ψ1 ∧ · · · ∧ ψm )
by pl
φ1 , . . . , φn ⊢Σ □¬(ψ1 ∧ · · · ∧ ψm )
□¬ for ¬♢
□φ1 , . . . , □φn ⊢Σ □□¬(ψ1 ∧ · · · ∧ ψm )
by Lemma 4.6
□φ1 , . . . , □φn ⊢Σ □¬(ψ1 ∧ · · · ∧ ψm )
by schema □□φ → □φ
∆1 ⊢Σ □¬(ψ1 ∧ · · · ∧ ψm )
by monotony, Proposition 3.36(1)
□¬(ψ1 ∧ · · · ∧ ψm ) ∈ ∆1
by deductive closure;
¬(ψ1 ∧ · · · ∧ ψm ) ∈ ∆2
since RΣ ∆1 ∆2 .

On the strength of these examples, one might think that every system Σ of
modal logic is complete, in the sense that it proves every formula which is valid
in every frame in which every theorem of Σ is valid. Unfortunately, there are
many systems that are not complete in this sense.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 55

Chapter 5

Filtrations and Decidability

5.1 Introduction

One important question about a logic is always whether it is decidable, i.e., if nml:fil:int:
sec
there is an effective procedure which will answer the question “is this formula
valid.” Propositional logic is decidable: we can effectively test if a formula is
a tautology by constructing a truth table, and for a given formula, the truth
table is finite. But we can’t obviously test if a modal formula is true in all
models, for there are infinitely many of them. We can list all the finite models
relevant to a given formula, since only the assignment of subsets of worlds to
propositional variables which actually occur in the formula are relevant. If the
accessibility relation is fixed, the possible different assignments V (p) are just
all the subsets of W , and if |W | = n there are 2n of those. If our formula φ
contains m propositional variables there are then 2nm different models with n
worlds. For each one, we can test if φ is true at all worlds, simply by computing
the truth value of φ in each. Of course, we also have to check all possible
accessibility relations, but there are only finitely many relations on n worlds
2
as well (specifically, the number of subsets of W × W , i.e., 2n .
If we are not interested in the logic K, but a logic defined by some class of
models (e.g., the reflexive transitive models), we also have to be able to test
if the accessibility relation is of the right kind. We can do that whenever the
frames we are interested in are definable by modal formulas (e.g., by testing if
T and 4 valid in the frame). So, the idea would be to run through all the finite
frames, test each one if it is a frame in the class we’re interested in, then list
all the possible models on that frame and test if φ is true in each. If not, stop:
φ is not valid in the class of models of interest.
There is a problem with this idea: we don’t know when, if ever, we can stop
looking. If the formula has a finite countermodel, our procedure will find it.
But if it has no finite countermodel, we won’t get an answer. The formula may
be valid (no countermodels at all), or it have only an infinite countermodel,
which we’ll never look at. This problem can be overcome if we can show that
every formula that has a countermodel has a finite countermodel. If this is the

56
case we say the logic has the finite model property.
But how would we show that a logic has the finite model property? One
way of doing this would be to find a way to turn an infinite (counter)model
of φ into a finite one. If that can be done, then whenever there is a model in
which φ is not true, then the resulting finite model also makes φ not true. That
finite model will show up on our list of all finite models, and we will eventually
determine, for every formula that is not valid, that it isn’t. Our procedure
won’t terminate if the formula is valid. If we can show in addition that there
is some maximum size that the finite model our procedure provides can have,
and that this maximum size depends only on the formula φ, we will have a size
up to which we have to test finite models in our search for countermodels. If
we haven’t found a countermodel by then, there are none. Then our procedure
will, in fact, decide the question “is φ valid?” for any formula φ.
A strategy that often works for turning infinite structures into finite struc-
tures is that of “identifying” elements of the structure which behave the same
way in relevant respects. If there are infinitely many worlds in M that be-
have the same in relevant respects, then we might hope that there are only
finitely many “classes” of such worlds. In other words, we partition the set of
worlds in the right way. Each partition contains infinitely many worlds, but
there are only finitely many partitions. Then we define a new model M∗ where
the worlds are the partitions. Finitely many partitions in the old model give
us finitely many worlds in the new model, i.e., a finite model. Let’s call the
partition a world w is in [w]. We’ll want it to be the case that M, w ⊩ φ iff
M∗ , [w] ⊩ φ, since we want the new model to be a countermodel to φ if the old
one was. This requires that we define the partition, as well as the accessibility
relation of M∗ in the right way.
To see how this would go, first imagine we have no accessibility relation.
M, w ⊩ □ψ iff for some v ∈ W , M, v ⊩ □ψ, and the same for M∗ , except with
[w] and [v]. As a first idea, let’s say that two worlds u and v are equivalent
(belong to the same partition) if they agree on all propositional variables in M,
i.e., M, u ⊩ p iff M, v ⊩ p. Let V ∗ (p) = {[w] : M, w ⊩ p}. Our aim is to show
that M, w ⊩ φ iff M∗ , [w] ⊩ φ. Obviously, we’d prove this by induction: The
base case would be φ ≡ p. First suppose M, w ⊩ p. Then [w] ∈ V ∗ by
definition, so M∗ , [w] ⊩ p. Now suppose that M∗ , [w] ⊩ p. That means that
[w] ∈ V ∗ (p), i.e., for some v equivalent to w, M, v ⊩ p. But “w equivalent to v”
means “w and v make all the same propositional variables true,” so M, w ⊩ p.
Now for the inductive step, e.g., φ ≡ ¬ψ. Then M, w ⊩ ¬ψ iff M, w ⊮ ψ iff
M∗ , [w] ⊮ ψ (by inductive hypothesis) iff M∗ , [w] ⊩ ¬ψ. Similarly for the other
non-modal operators. It also works for □: suppose M∗ , [w] ⊩ □ψ. That means
that for every [u], M∗ , [u] ⊩ ψ. By inductive hypothesis, for every u, M, u ⊩ ψ.
Consequently, M, w ⊩ □ψ.
In the general case, where we have to also define the accessibility relation
for M∗ , things are more complicated. We’ll call a model M∗ a filtration if its
accessibility relation R∗ satisfies the conditions required to make the inductive
proof above go through. Then any filtration M∗ will make φ true at [w] iff
M makes φ true at w. However, now we also have to show that there are

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 57

filtrations, i.e., we can define R∗ so that it satisfies the required conditions.
In order for this to work, however, we have to require that worlds u, v count
as equivalent not just when they agree on all propositional variables, but on
all sub-formulas of φ. Since φ has only finitely many sub-formulas, this will
still guarantee that the filtration is finite. There is not just one way to define
a filtration, and in order to make sure that the accessibility relation of the
filtration satisfies the required properties (e.g., reflexive, transitive, etc.) we
have to be inventive with the definition of R∗ .

5.2 Preliminaries
Filtrations allow us to establish the decidability of our systems of modal logic nml:fil:pre:
sec
by showing that they have the finite model property, i.e., that any formula that
is true (false) in a model is also true (false) in a finite model. Filtrations are
defined relative to sets of formulas which are closed under subformulas.

Definition 5.1. A set Γ of formulas is closed under subformulas if it contains nml:fil:pre:

defn:modallyclosed
every subformula of a formula in Γ . Further, Γ is modally closed if it is closed
under subformulas and moreover φ ∈ Γ implies □φ, ♢φ ∈ Γ .

For instance, given a formula φ, the set of all its sub-formulas is closed
under sub-formulas. When we’re defining a filtration of a model through the
set of sub-formulas of φ, it will have the property we’re after: it makes φ true
(false) iff the original model does.
The set of worlds of a filtration of M through Γ is defined as the set of all
equivalence classes of the following equivalence relation.

Definition 5.2. Let M = ⟨W, R, V ⟩ and suppose Γ is closed under sub-

formulas. Define a relation ≡ on W to hold of any two worlds that make
the same formulas from Γ true, i.e.:

u≡v if and only if ∀φ ∈ Γ : M, u ⊩ φ ⇔ M, v ⊩ φ.

The equivalence class [w]≡ of a world w, or [w] for short, is the set of all worlds
≡-equivalent to w:
[w] = {v : v ≡ w}.

Proposition 5.3. Given M and Γ , ≡ as defined above is an equivalence rela-

tion, i.e., it is reflexive, symmetric, and transitive.

Proof. The relation ≡ is reflexive, since w makes exactly the same formulas
from Γ true as itself. It is symmetric since if u makes the same formulas
from Γ true as v, the same holds for v and u. It is also transitive, since if u
makes the same formulas from Γ true as v, and v as w, then u makes the same
formulas from Γ true as w.

58 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 The relation ≡, like any equivalence relation, divides W into partitions, i.e.,
subsets of W which are pairwise disjoint, and together cover all of W . Every
w ∈ W is an element of one of the partitions, namely of [w], since w ≡ w. So
the partitions [w] cover all of W . They are pairwise disjoint, for if u ∈ [w] and
u ∈ [v], then u ≡ w and u ≡ v, and by symmetry and transitivity, w ≡ v, and
so [w] = [v].

5.3 Filtrations
nml:fil:fil: Rather than define “the” filtration of M through Γ , we define when a model M∗
sec
counts as a filtration of M. All filtrations have the same set of worlds W ∗ and
the same valuation V ∗ . But different filtrations may have different accessibility
relations R∗ . To count as a filtration, R∗ has to satisfy a number of conditions,
however. These conditions are exactly what we’ll require to prove the main
result, namely that M, w ⊩ φ iff M∗ , [w] ⊩ φ, provided φ ∈ Γ .
nml:fil:fil: Definition 5.4. Let Γ be closed under subformulas and M = ⟨W, R, V ⟩. A
defn:filtration
filtration of M through Γ is any model M∗ = ⟨W ∗ , R∗ , V ∗ ⟩, where:
1. W ∗ = {[w] : w ∈ W };
nml:fil:fil: 2. For any u, v ∈ W :
defn:filtration-R
nml:fil:fil: a) If Ruv then R∗ [u][v];
defn:filtration-R1
nml:fil:fil: b) If R∗ [u][v] then for any □φ ∈ Γ , if M, u ⊩ □φ then M, v ⊩ φ;
defn:filtration-R2
nml:fil:fil: c) If R∗ [u][v] then for any ♢φ ∈ Γ , if M, v ⊩ φ then M, u ⊩ ♢φ.
defn:filtration-R3
3. V ∗ (p) = {[u] : u ∈ V (p)}.

It’s worthwhile thinking about what V ∗ (p) is: the set consisting of the
equivalence classes [w] of all worlds w where p is true in M. On the one hand,
if w ∈ V (p), then [w] ∈ V ∗ (p) by that definition. However, it is not necessarily
the case that if [w] ∈ V ∗ (p), then w ∈ V (p). If [w] ∈ V ∗ (p) we are only
guaranteed that [w] = [u] for some u ∈ V (p). Of course, [w] = [u] means that
w ≡ u. So, when [w] ∈ V ∗ (p) we can (only) conclude that w ≡ u for some
u ∈ V (p).
nml:fil:fil: Theorem 5.5. If M∗ is a filtration of M through Γ , then for every φ ∈ Γ
thm:filtrations
and w ∈ W , we have M, w ⊩ φ if and only if M∗ , [w] ⊩ φ.

Proof. By induction on φ, using the fact that Γ is closed under subformulas.

Since φ ∈ Γ and Γ is closed under sub-formulas, all sub-formulas of φ are also
∈ Γ . Hence in each inductive step, the induction hypothesis applies to the
sub-formulas of φ.
1. φ ≡ ⊥: Neither M, w ⊩ φ nor M∗ , w ⊩ φ.
2. φ ≡ ⊤: Both M, w ⊩ φ and M∗ , w ⊩ φ.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 59

 3. φ ≡ p: The left-to-right direction is immediate, as M, w ⊩ φ only if w ∈
V (p), which implies [w] ∈ V ∗ (p), i.e., M∗ , [w] ⊩ φ. Conversely, suppose
M∗ , [w] ⊩ φ, i.e., [w] ∈ V ∗ (p). Then for some v ∈ V (p), w ≡ v. Of
course then also M, v ⊩ p. Since w ≡ v, w and v make the same formulas
from Γ true. Since by assumption p ∈ Γ and M, v ⊩ p, M, w ⊩ φ.

4. φ ≡ ¬ψ: M, w ⊩ φ iff M, w ⊮ ψ. By induction hypothesis, M, w ⊮ ψ iff

M∗ , [w] ⊮ ψ. Finally, M∗ , [w] ⊮ ψ iff M∗ , [w] ⊩ φ.

5. φ ≡ (ψ ∧ χ): M, w ⊩ φ iff M, w ⊩ ψ and M, w ⊩ χ. By induction

hypothesis, M, w ⊩ ψ iff M∗ , [w] ⊩ ψ, and M, w ⊩ χ iff M∗ , [w] ⊩ χ.
And M∗ , [w] ⊩ φ iff M∗ , [w] ⊩ ψ and M∗ , [w] ⊩ χ.

6. φ ≡ (ψ ∨ χ): M, w ⊩ φ iff M, w ⊩ ψ or M, w ⊩ χ. By induction

hypothesis, M, w ⊩ ψ iff M∗ , [w] ⊩ ψ, and M, w ⊩ χ iff M∗ , [w] ⊩ χ.
And M∗ , [w] ⊩ φ iff M∗ , [w] ⊩ ψ or M∗ , [w] ⊩ χ.

7. φ ≡ (ψ → χ): M, w ⊩ φ iff M, w ⊮ ψ or M, w ⊩ χ. By induction

hypothesis, M, w ⊩ ψ iff M∗ , [w] ⊩ ψ, and M, w ⊩ χ iff M∗ , [w] ⊩ χ.
And M∗ , [w] ⊩ φ iff M∗ , [w] ⊮ ψ or M∗ , [w] ⊩ χ.

8. φ ≡ (ψ ↔ χ): M, w ⊩ φ iff M, w ⊩ ψ and M, w ⊩ χ, or M, w ⊮ ψ

and M, w ⊮ χ. By induction hypothesis, M, w ⊩ ψ iff M∗ , [w] ⊩ ψ,
and M, w ⊩ χ iff M∗ , [w] ⊩ χ. And M∗ , [w] ⊩ φ iff M∗ , [w] ⊩ ψ and
M∗ , [w] ⊩ χ, or M∗ , [w] ⊮ ψ and M∗ , [w] ⊮ χ.

9. φ ≡ □ψ: Suppose M, w ⊩ φ; to show that M∗ , [w] ⊩ φ, let v be such

that R∗ [w][v]. From Definition 5.4(2b), we have that M, v ⊩ ψ, and by
inductive hypothesis M∗ , [v] ⊩ ψ. Since v was arbitrary, M∗ , [w] ⊩ φ
follows.
Conversely, suppose M∗ , [w] ⊩ φ and let v be arbitrary such that Rwv.
From Definition 5.4(2a), we have R∗ [w][v], so that M∗ , [v] ⊩ ψ; by induc-
tive hypothesis M, v ⊩ ψ, and since v was arbitrary, M, u ⊩ φ.

10. φ ≡ ♢ψ: Suppose M, w ⊩ φ. Then for some v ∈ W , Rwv and M, v ⊩ ψ.

By inductive hypothesis M∗ , [v] ⊩ ψ, and by Definition 5.4(2a), we have
R∗ [w][v]. Thus, M∗ , [w] ⊩ φ.
Now suppose M∗ , [w] ⊩ φ. Then for some [v] ∈ W ∗ with R∗ [w][v],
M∗ , [v] ⊩ ψ. By inductive hypothesis M, v ⊩ ψ. By Definition 5.4(2c),
we have that M, w ⊩ φ.

Problem 5.1. Complete the proof of Theorem 5.5

What holds for truth at worlds in a model also holds for truth in a model
and validity in a class of models.

Corollary 5.6. Let Γ be closed under subformulas. Then:

60 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 1. If M∗ is a filtration of M through Γ then for any φ ∈ Γ : M ⊩ φ if and
only if M∗ ⊩ φ.

2. If C is a class of models and Γ (C) is the class of Γ -filtrations of models

in C, then any formula φ ∈ Γ is valid in C if and only if it is valid in
Γ (C).

5.4 Examples of Filtrations

nml:fil:exf: We have not yet shown that there are any filtrations. But indeed, for any
sec
model M, there are many filtrations of M through Γ . We identify two, in
particular: the finest and coarsest filtrations. Filtrations of the same models
will differ in their accessibility relation (as Definition 5.4 stipulates directly
what W ∗ and V ∗ should be). The finest filtration will have as few related
worlds as possible, whereas the coarsest will have as many as possible.

Definition 5.7. Where Γ is closed under subformulas, the finest filtration M∗

of a model M is defined by putting:

R∗ [u][v] if and only if ∃u′ ∈ [u] ∃v ′ ∈ [v] : Ru′ v ′ .

nml:fil:exf: Proposition 5.8. The finest filtration M∗ is indeed a filtration.

prop:finest

Proof. We need to check that R∗ , so defined, satisfies Definition 5.4(2). We

check the three conditions in turn.
If Ruv then since u ∈ [u] and v ∈ [v], also R∗ [u][v], so (2a) is satisfied.
For (2b), suppose □φ ∈ Γ , R∗ [u][v], and M, u ⊩ □φ. By definition of R∗ ,
there are u′ ≡ u and v ′ ≡ v such that Ru′ v ′ . Since u and u′ agree on Γ , also
M, u′ ⊩ □φ, so that M, v ′ ⊩ φ. By closure of Γ under sub-formulas, v and v ′
agree on φ, so M, v ⊩ φ, as desired.
To verify (2c), suppose ♢φ ∈ Γ , R∗ [u][v], and M, v ⊩ φ. By definition of
R , there are u′ ≡ u and v ′ ≡ v such that Ru′ v ′ . Since v and v ′ agree on Γ ,
∗

and Γ is closed under sub-formulas, also M, v ′ ⊩ φ, so that M, u′ ⊩ ♢φ. Since

u and u′ also agree on Γ , M, u ⊩ ♢φ.

Problem 5.2. Complete the proof of Proposition 5.8.

Definition 5.9. Where Γ is closed under subformulas, the coarsest filtra-

tion M∗ of a model M is defined by putting R∗ [u][v] if and only if both of
the following conditions are met:

nml:fil:exf: 1. If □φ ∈ Γ and M, u ⊩ □φ then M, v ⊩ φ;

defn:coarsest-Box

nml:fil:exf: 2. If ♢φ ∈ Γ and M, v ⊩ φ then M, u ⊩ ♢φ.

defn:coarsest-Diamond

Proposition 5.10. The coarsest filtration M∗ is indeed a filtration.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 61

 1 2 3 4
¬p p ¬p p

[1] [2] [1] [2]

¬p p ¬p p
Figure 5.1: An infinite model and its filtrations.
nml:fil:exf:
fig:ex-filtration

Proof. Given the definition of R∗ , the only condition that is left to verify is
the implication from Ruv to R∗ [u][v]. So assume Ruv. Suppose □φ ∈ Γ and
M, u ⊩ □φ; then obviously M, v ⊩ φ, and (1) is satisfied. Suppose ♢φ ∈ Γ
and M, v ⊩ φ. Then M, u ⊩ ♢φ since Ruv, and (2) is satisfied.

Example 5.11. Let W = Z+ , Rnm iff m = n + 1, and V (p) = {2n : n ∈ N}.

The model M = ⟨W, R, V ⟩ is depicted in Figure 5.1. The worlds are 1, 2, etc.;
each world can access exactly one other world—its successor—and p is true at
all and only the even numbers.
Now let Γ be the set of sub-formulas of □p→p, i.e., {p, □p, □p→p}. p is true
at all and only the even numbers, □p is true at all and only the odd numbers,
so □p → p is true at all and only the even numbers. In other words, every odd
number makes □p true and p and □p → p false; every even number makes p
and □p → p true, but □p false. So W ∗ = {[1], [2]}, where [1] = {1, 3, 5, . . . } and
[2] = {2, 4, 6, . . . }. Since 2 ∈ V (p), [2] ∈ V ∗ (p); since 1 ∈ / V ∗ (p). So
/ V (p), [1] ∈
∗
V (p) = {[2]}.
Any filtration based on W ∗ must have an accessibility relation that includes
⟨[1], [2]⟩, ⟨[2], [1]⟩: since R12, we must have R∗ [1][2] by Definition 5.4(2a), and
since R23 we must have R∗ [2][3], and [3] = [1]. It cannot include ⟨[1], [1]⟩: if it
did, we’d have R∗ [1][1], M, 1 ⊩ □p but M, 1 ⊮ p, contradicting (2b). Nothing
requires or rules out that R∗ [2][2]. So, there are two possible filtrations of M,
corresponding to the two accessibility relations

{⟨[1], [2]⟩, ⟨[2], [1]⟩} and {⟨[1], [2]⟩, ⟨[2], [1]⟩, ⟨[2], [2]⟩}.

In either case, p and □p → p are false and □p is true at [1]; p and □p → p are
true and □p is false at [2].

Problem 5.3. Consider the following model M = ⟨W, R, V ⟩ where W = {0σ :

σ ∈ B∗ }, the set of sequences of 0s and 1s starting with 0, with Rσσ ′ iff σ ′ = σ0
or σ ′ = σ1, and V (p) = {σ0 : σ ∈ B∗ } and V (q) = {σ1 : σ ∈ B∗ \ {1}}. Here’s
a picture:

62 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 000

p
00
¬q
p
¬q 001

¬p
0 q
p
¬q 010

p
01
¬q
¬p
q 011

¬p
q

We have M, w ⊮ □(p ∨ q) → (□p ∨ □q) for every w.

Let Γ be the set of sub-formulas of □(p ∨ q) → (□p ∨ □q). What are W ∗
and V ∗ ? What is the accessibility relation of the finest filtration of M? Of the
coarsest?

5.5 Filtrations are Finite

nml:fil:fin: We’ve defined filtrations for any set Γ that is closed under sub-formulas. Noth-
sec
ing in the definition itself guarantees that filtrations are finite. In fact, when
Γ is infinite (e.g., is the set of all formulas), it may well be infinite. However,
if Γ is finite (e.g., when it is the set of sub-formulas of a given formula φ), so
is any filtration through Γ .

nml:fil:fin: Proposition 5.12. If Γ is finite then any filtration M∗ of a model M through

prop:filt-are-finite
Γ is also finite.

Proof. The size of W ∗ is the number of different classes [w] under the equiva-
lence relation ≡. Any two worlds u, v in such class—that is, any u and v such
that u ≡ v—agree on all formulas φ in Γ , φ ∈ Γ either φ is true at both u and
v, or at neither. So each class [w] corresponds to subset of Γ , namely the set
of all φ ∈ Γ such that φ is true at the worlds in [w]. No two different classes
[u] and [v] correspond to the same subset of Γ . For if the set of formulas true
at u and that of formulas true at v are the same, then u and v agree on all
formulas in Γ , i.e., u ≡ v. But then [u] = [v]. So, there is an injective function
from W ∗ to ℘(Γ ), and hence |W ∗ | ≤ |℘(Γ )|. Hence if Γ contains n sentences,
the cardinality of W ∗ is no greater than 2n .

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 63

5.6 K and S5 have the Finite Model Property
nml:fil:fmp:
sec
Definition 5.13. A system Σ of modal logic is said to have the finite model
property if whenever a formula φ is true at a world in a model of Σ then φ is
true at a world in a finite model of Σ.

Proposition 5.14. K has the finite model property. nml:fil:fmp:

prop:K-fmp

Proof. K is the set of valid formulas, i.e., any model is a model of K. By

Theorem 5.5, if M, w ⊩ φ, then M∗ , w ⊩ φ for any filtration of M through the
set Γ of sub-formulas of φ. Any formula only has finitely many sub-formulas, so
Γ is finite. By Proposition 5.12, |W ∗ | ≤ 2n , where n is the number of formulas
in Γ . And since K imposes no restriction on models, M∗ is a K-model.

To show that a logic L has the finite model property via filtrations it is
essential that the filtration of an L-model is itself a L-model. Often this re-
quires a fair bit of work, and not any filtration yields a L-model. However, for
universal models, this still holds.

Proposition 5.15. Let U be the class of universal models (see Proposition 2.14) nml:fil:fmp:
and UFin the class of all finite universal models. Then any formula φ is valid prop:univ-fin
in U if and only if it is valid in UFin .

Proof. Finite universal models are universal models, so the left-to-right direc-
tion is trivial. For the right-to left direction, suppose that φ is false at some
world w in a universal model M. Let Γ contain φ as well as all of its sub-
formulas; clearly Γ is finite. Take a filtration M∗ of M; then M∗ is finite by
Proposition 5.12, and by Theorem 5.5, φ is false at [w] in M∗ . It remains to
observe that M∗ is also universal: given u and v, by hypothesis Ruv and by
Definition 5.4(2), also R∗ [u][v].

Corollary 5.16. S5 has the finite model property. nml:fil:fmp:

cor:S5fmp

Proof. By Proposition 2.14, if φ is true at a world in some reflexive and eu-

clidean model then it is true at a world in a universal model. By Proposi-
tion 5.15, it is true at a world in a finite universal model (namely the filtration
of the model through the set of sub-formulas of φ). Every universal model is
also reflexive and euclidean; so φ is true at a world in a finite reflexive euclidean
model.

Problem 5.4. Show that any filtration of a serial or reflexive model is also
serial or reflexive (respectively).

Problem 5.5. Find a non-symmetric (non-transitive, non-euclidean) filtration

of a symmetric (transitive, euclidean) model.

64 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 5.7 S5 is Decidable
nml:fil:dec: The finite model property gives us an easy way to show that systems of modal
sec
logic given by schemas are decidable (i.e., that there is a computable procedure
to determine whether a formula is derivable in the system or not).

Theorem 5.17. S5 is decidable.

Proof. Let φ be given, and suppose the propositional variables occurring in φ

are among p1 , . . . , pk . Since for each n there are only finitely many models
with n worlds assigning a value to p1 , . . . , pk , we can enumerate, in parallel,
all the theorems of S5 by generating proofs in some systematic way; and all
the models containing 1, 2, . . . worlds and checking whether φ fails at a world
in some such model. Eventually one of the two parallel processes will give an
answer, as by Theorem 4.17 and Corollary 5.16, either φ is derivable or it fails
in a finite universal model.

The above proof works for S5 because filtrations of universal models are
automatically universal. The same holds for reflexivity and seriality, but more
work is needed for other properties.

5.8 Filtrations and Properties of Accessibility

nml:fil:acc: As noted, filtrations of universal, serial, and reflexive models are always also
sec
universal, serial, or reflexive. But not every filtration of a symmetric or tran-
sitive model is symmetric or transitive, respectively. In some cases, however,
it is possible to define filtrations so that this does hold. In order to do so, we
proceed as in the definition of the coarsest filtration, but add additional condi-
tions to the definition of R∗ . Let Γ be closed under sub-formulas. Consider the
relations Ci (u, v) in Table 5.1 between worlds u, v in a model M = ⟨W, R, V ⟩.
We can define R∗ [u][v] on the basis of combinations of these conditions. For
instance, if we stipulate that R∗ [u][v] iff the condition C1 (u, v) holds, we get
exactly the coarsest filtration. If we stipulate R∗ [u][v] iff both C1 (u, v) and
C2 (u, v) hold, we get a different filtration. It is “finer” than the coarsest since
fewer pairs of worlds satisfy C1 (u, v) and C2 (u, v) than C1 (u, v) alone.
if □φ ∈ Γ and M, u ⊩ □φ then M, v ⊩ φ; and
C1 (u, v):
if ♢φ ∈ Γ and M, v ⊩ φ then M, u ⊩ ♢φ;
if □φ ∈ Γ and M, v ⊩ □φ then M, u ⊩ φ; and
C2 (u, v):
if ♢φ ∈ Γ and M, u ⊩ φ then M, v ⊩ ♢φ;
if □φ ∈ Γ and M, u ⊩ □φ then M, v ⊩ □φ; and
C3 (u, v):
if ♢φ ∈ Γ and M, v ⊩ ♢φ then M, u ⊩ ♢φ;
if □φ ∈ Γ and M, v ⊩ □φ then M, u ⊩ □φ; and
C4 (u, v):
if ♢φ ∈ Γ and M, u ⊩ ♢φ then M, v ⊩ ♢φ;
Table 5.1: Conditions on possible worlds for defining filtrations.
nml:fil:acc:
tab:Cn-filtrations
normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 65
Theorem 5.18. Let M = ⟨W, R, P ⟩ be a model, Γ closed under sub-formulas. nml:fil:acc:
Let W ∗ and V ∗ be defined as in Definition 5.4. Then: thm:more-filtrations

1. Suppose R∗ [u][v] if and only if C1 (u, v)∧C2 (u, v). Then R∗ is symmetric,
and M∗ = ⟨W ∗ , R∗ , V ∗ ⟩ is a filtration if M is symmetric.
2. Suppose R∗ [u][v] if and only if C1 (u, v) ∧ C3 (u, v). Then R∗ is transitive,
and M∗ = ⟨W ∗ , R∗ , V ∗ ⟩ is a filtration if M is transitive.
3. Suppose R∗ [u][v] if and only if C1 (u, v) ∧ C2 (u, v) ∧ C3 (u, v) ∧ C4 (u, v).
Then R∗ is symmetric and transitive, and M∗ = ⟨W ∗ , R∗ , V ∗ ⟩ is a filtra-
tion if M is symmetric and transitive.
4. Suppose R∗ is defined as R∗ [u][v] if and only if C1 (u, v) ∧ C3 (u, v) ∧
C4 (u, v). Then R∗ is transitive and euclidean, and M∗ = ⟨W ∗ , R∗ , V ∗ ⟩
is a filtration if M is transitive and euclidean.

Proof. 1. It’s immediate that R∗ is symmetric, since C1 (u, v) ⇔ C2 (v, u)

and C2 (u, v) ⇔ C1 (v, u). So it’s left to show that if M is symmetric
then M∗ is a filtration through Γ . Condition C1 (u, v) guarantees that
(2b) and (2c) of Definition 5.4 are satisfied. So we just have to verify
Definition 5.4(2a), i.e., that Ruv implies R∗ [u][v].
So suppose Ruv. To show R∗ [u][v] we need to establish that C1 (u, v) and
C2 (u, v). For C1 : if □φ ∈ Γ and M, u ⊩ □φ then also M, v ⊩ φ (since
Ruv). Similarly, if ♢φ ∈ Γ and M, v ⊩ φ then M, u ⊩ ♢φ since Ruv. For
C2 : if □φ ∈ Γ and M, v ⊩ □φ then Ruv implies Rvu by symmetry, so
that M, u ⊩ φ. Similarly, if ♢φ ∈ Γ and M, u ⊩ φ then M, v ⊩ ♢φ (since
Rvu by symmetry).
2. Exercise.
3. Exercise.
4. Exercise.

Problem 5.6. Complete the proof of Theorem 5.18.

5.9 Filtrations of Euclidean Models

The approach of section 5.8 does not work in the case of models that are nml:fil:euc:
sec
euclidean or serial and euclidean. Consider the model at the top of Figure 5.2,
which is both euclidean and serial. Let Γ = {p, □p}. When taking a filtration
through Γ , then [w1 ] = [w3 ] since w1 and w3 are the only worlds that agree
on Γ . Any filtration will also have the arrow inherited from M, as depicted in
Figure 5.3. That model isn’t euclidean. Moreover, we cannot add arrows to
that model in order to make it euclidean. We would have to add double arrows
between [w2 ] and [w4 ], and then also between w2 and w5 . But □p is supposed
to be true at w2 , while p is false at w5 .

66 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 ¬p w1 w2 p
⊩ □p ⊩ □p

¬p w3 w4 p w5 ¬p
⊩ □p ⊮ □p ⊮ □p
Figure 5.2: A serial and euclidean model.
nml:fil:euc:
fig:ser-eucl
[w2 ] p

⊩ □p
¬p [w1 ] [w1 ] = [w3 ]

⊩ □p

[w4 ] p [w5 ] ¬p

⊮ □p ⊮ □p
Figure 5.3: The filtration of the model in Figure 5.2.
nml:fil:euc:
fig:ser-eucl2
In particular, to obtain a euclidean flitration it is not enough to consider
filtrations through arbitrary Γ ’s closed under sub-formulas. Instead we need
to consider sets Γ that are modally closed (see Definition 5.1). Such sets of
sentences are infinite, and therefore do not immediately yield a finite model
property or the decidability of the corresponding system.

nml:fil:euc: Theorem 5.19. Let Γ be modally closed, M = ⟨W, R, V ⟩, and M∗ = ⟨W ∗ , R∗ , V ∗ ⟩

thm:modal-closed-filt
be a coarsest filtration of M.

1. If M is symmetric, so is M∗ .

2. If M is transitive, so is M∗ .

3. If M is euclidean, so is M∗ .

Proof. 1. If M∗ is a coarsest filtration, then by definition R∗ [u][v] holds if

and only if C1 (u, v). For transitivity, suppose C1 (u, v) and C1 (v, w); we
have to show C1 (u, w). Suppose M, u ⊩ □φ; then M, u ⊩ □□φ since 4 is
valid in all transitive models; since □□φ ∈ Γ by closure, also by C1 (u, v),
M, v ⊩ □φ and by C1 (v, w), also M, w ⊩ φ. Suppose M, w ⊩ φ; then
M, v ⊩ ♢φ by C1 (v, w), since ♢φ ∈ Γ by modal closure. By C1 (u, v), we

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 67

 get M, u ⊩ ♢♢φ since ♢♢φ ∈ Γ by modal closure. Since 4♢ is valid in all
transitive models, M, u ⊩ ♢φ.
2. Exercise. Use the fact that both 5 and 5♢ are valid in all euclidean
models.
3. Exercise. Use the fact that B and B♢ are valid in all symmetric models.

Problem 5.7. Complete the proof of Theorem 5.19.

68 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Chapter 6

Modal Tableaux

Draft chapter on prefixed tableaux for modal logic. Needs more exam-
ples, completeness proofs, and discussion of how one can find countermod-
els from unsuccessful searches for closed tableaux.

6.1 Introduction
nml:tab:int: Tableaux are certain (downward-branching) trees of signed formulas, i.e., pairs
sec
consisting of a truth value sign (T or F) and a sentence

T φ or F φ.

A tableau begins with a number of assumptions. Each further signed formula

is generated by applying one of the inference rules. Some inference rules add
one or more signed formulas to a tip of the tree; others add two new tips,
resulting in two branches. Rules result in signed formulas where the formula is
less complex than that of the signed formula to which it was applied. When a
branch contains both T φ and F φ, we say the branch is closed. If every branch
in a tableau is closed, the entire tableau is closed. A closed tableau consititues
a derivation that shows that the set of signed formulas which were used to
begin the tableau are unsatisfiable. This can be used to define a ⊢ relation:
Γ ⊢ φ iff there is some finite set Γ0 = {ψ1 , . . . , ψn } ⊆ Γ such that there is a
closed tableau for the assumptions

{F φ, T ψ1 , . . . , T ψn }.

For modal logics, we have to both extend the notion of signed formula
and add rules that cover □ and ♢ In addition to a sign(T or F), formulas in
modal tableaux also have prefixes σ. The prefixes are non-empty sequences of
positive integers, i.e., σ ∈ (Z+ )∗ \ {Λ}. When we write such prefixes without
the surrounding ⟨ ⟩, and separate the individual elements by .’s instead of ,’s.

69
 σ T ¬φ σ F ¬φ
¬T ¬F
σFφ σ Tφ

σ Tφ ∧ ψ
∧T σFφ∧ψ
σ Tφ ∧F
σFφ | σFψ
σ Tψ
σFφ∨ψ
σ Tφ ∨ ψ ∨F
∨T σFφ
σ Tφ | σ Tψ
σFψ
σFφ→ψ
σ Tφ → ψ →F
→T σ Tφ
σ F φ | σ Tψ
σFψ

Table 6.1: Prefixed tableau rules for the propositional connectives

nml:tab:rul:
tab:prop-rules
If σ is a prefix, then σ.n is σ ⌢ ⟨n⟩; e.g., if σ = 1.2.1, then σ.3 is 1.2.1.3. So
for instance,
1.2 T □φ → φ
is a prefixed signed formula (or just a prefixed formula for short).
Intuitively, the prefix names a world in a model that might satisfy the
formulas on a branch of a tableau, and if σ names some world, then σ.n names
a world accessible from (the world named by) σ.

6.2 Rules for K

The rules for the regular propositional connectives are the same as for regular nml:tab:rul:
sec
propositional signed tableaux, just with prefixes added. In each case, the rule
applied to a signed formula σ S φ produces new formulas that are also prefixed
by σ. This should be intuitively clear: e.g., if φ ∧ ψ is true at (a world named
by) σ, then φ and ψ are true at σ (and not at any other world). We collect the
propositional rules in Table 6.1.
The closure condition is the same as for ordinary tableaux, although we
require that not just the formulas but also the prefixes must match. So a
branch is closed if it contains both

σ T φ and σ F φ

for some prefix σ and formula φ.

The rules for setting up assumptions is also as for ordinary tableaux, except
that for assumptions we always use the prefix 1. (It does not matter which

70 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 σ T □φ σ F □φ
□T □F
σ.n T φ σ.n F φ

σ.n is used σ.n is new

σ T ♢φ σ F ♢φ
♢T ♢F
σ.n T φ σ.n F φ

σ.n is new σ.n is used

Table 6.2: The modal rules for K.

nml:tab:rul:
tab:rules-K
prefix we use, as long as it’s the same for all assumptions.) So, e.g., we say
that
ψ1 , . . . , ψ n ⊢ φ

iff there is a closed tableau for the assumptions

1 T ψ1 , . . . , 1 T ψn , 1 F φ.

For the modal operators □ and ♢, the prefix of the conclusion of the rule
applied to a formula with prefix σ is σ.n. However, which n is allowed depends
on whether the sign is T or F.
The T□ rule extends a branch containing σ T □φ by σ.n T φ. Similarly,
the F♢ rule extends a branch containing σ F ♢φ by σ.n F φ. They can only
be applied for a prefix σ.n which already occurs on the branch in which it is
applied. Let’s call such a prefix “used” (on the branch).
The F□ rule extends a branch containing σ F □φ by σ.n F φ. Similarly, the
T♢ rule extends a branch containing σ T ♢φ by σ.n T φ. These rules, however,
can only be applied for a prefix σ.n which does not already occur on the branch
in which it is applied. We call such prefixes “new” (to the branch).
The rules are given in Table 6.2.
The requirement that the restriction that the prefix for □T must be used
is necessary as otherwise we would count the following as a closed tableau:

1. 1 T □φ Assumption
2. 1 F ♢φ Assumption
3. 1.1 T φ □T 1
4. 1.1 F φ ♢F 2
⊗

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 71

 But □φ ⊭ ♢φ, so our proof system would be unsound. Likewise, ♢φ ⊭ □φ,
but without the restriction that the prefix for □F must be new, this would be
a closed tableau:

1. 1 T ♢φ Assumption
2. 1 F □φ Assumption
3. 1.1 T φ ♢T 1
4. 1.1 F φ □F 2
⊗

6.3 Tableaux for K

nml:tab:prk:
sec
Example 6.1. We give a closed tableau that shows ⊢ (□φ ∧ □ψ) → □(φ ∧ ψ).

1. 1 F (□φ ∧ □ψ) → □(φ ∧ ψ) Assumption

2. 1 T □φ ∧ □ψ →F 1
3. 1 F □(φ ∧ ψ) →F 1
4. 1 T □φ ∧T 2
5. 1 T □ψ ∧T 2
6. 1.1 F φ ∧ ψ □F 3

7. 1.1 F φ 1.1 F ψ ∧F 6
8. 1.1 T φ 1.1 T ψ □T 4; □T 5
⊗ ⊗

Example 6.2. We give a closed tableau that shows ⊢ ♢(φ ∨ ψ) → (♢φ ∨ ♢ψ):

1. 1 F ♢(φ ∨ ψ) → (♢φ ∨ ♢ψ) Assumption

2. 1 T ♢(φ ∨ ψ) →F 1
3. 1 F ♢φ ∨ ♢ψ →F 1
4. 1 F ♢φ ∨F 3
5. 1 F ♢ψ ∨F 3
6. 1.1 T φ ∨ ψ ♢T 2

7. 1.1 T φ 1.1 T ψ ∨T 6
8. 1.1 F φ 1.1 F ψ ♢F 4; ♢F 5
⊗ ⊗

Problem 6.1. Find closed tableaux in K for the following formulas:

1. □¬p → □(p → q)

2. (□p ∨ □q) → □(p ∨ q)

72 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 3. ♢p → ♢(p ∨ q)

4. □(p ∧ q) → □p

6.4 Soundness for K

nml:tab:sou:
sec

This soundness proof reuses the soundness proof for classical proposi-
tional logic, i.e., it proves everything from scratch. That’s ok if you want
a self-contained soundness proof. If you already have seen soundness for
ordinary tableau this will be repetitive. It’s planned to make it possi-
ble to switch between self-contained version and a version building on the
non-modal case.

In order to show that prefixed tableaux are sound, we have to show that if explanation

1 T ψ1 , . . . , 1 T ψn , 1 F φ

has a closed tableau then ψ1 , . . . , ψn ⊨ φ. It is easier to prove the contra-

positive: if for some M and world w, M, w ⊩ ψi for all i = 1, . . . , n but
M, w ⊩ φ, then no tableau can close. Such a countermodel shows that the
initial assumptions of the tableau are satisfiable. The strategy of the proof is
to show that whenever all the prefixed formulas on a tableau branch are sat-
isfiable, any application of a rule results in at least one extended branch that
is also satisfiable. Since closed branches are unsatisfiable, any tableau for a
satisfiable set of prefixed formulas must have at least one open branch.
In order to apply this strategy in the modal case, we have to extend our
definition of “satisfiable” to modal modals and prefixes. With that in hand,
however, the proof is straightforward.

Definition 6.3. Let P be some set of prefixes, i.e., P ⊆ (Z+ )∗ \{Λ} and let M
be a model. A function f : P → W is an interpretation of P in M if, whenever
σ and σ.n are both in P , then Rf (σ)f (σ.n).
Relative to an interpretation of prefixes P we can define:

1. M satisfies σ T φ iff M, f (σ) ⊩ φ.

2. M satisfies σ F φ iff M, f (σ) ⊮ φ.

Definition 6.4. Let Γ be a set of prefixed formulas, and let P (Γ ) be the set
of prefixes that occur in it. If f is an interpretation of P (Γ ) in M, we say
that M satisfies Γ with respect to f , M, f ⊩ Γ , if M satisfies every prefixed
formula in Γ with respect to f . Γ is satisfiable iff there is a model M and
interpretation f of P (Γ ) such that M, f ⊩ Γ .

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 73

Proposition 6.5. If Γ contains both σ T φ and σ F φ, for some formula φ and
prefix σ, then Γ is unsatisfiable.

Proof. There cannot be a model M and interpretation f of P (Γ ) such that

both M, f (σ) ⊩ φ and M, f (σ) ⊮ φ.

Theorem 6.6 (Soundness). If Γ has a closed tableau, Γ is unsatisfiable. nml:tab:sou:

thm:tableau-soundness
Proof. We call a branch of a tableau satisfiable iff the set of signed formulas
on it is satisfiable, and let’s call a tableau satisfiable if it contains at least one
satisfiable branch.
We show the following: Extending a satisfiable tableau by one of the rules
of inference always results in a satisfiable tableau. This will prove the theo-
rem: any closed tableau results by applying rules of inference to the tableau
consisting only of assumptions from Γ . So if Γ were satisfiable, any tableau
for it would be satisfiable. A closed tableau, however, is clearly not satisfiable,
since all its branches are closed and closed branches are unsatisfiable.
Suppose we have a satisfiable tableau, i.e., a tableau with at least one
satisfiable branch. Applying a rule of inference either adds signed formulas
to a branch, or splits a branch in two. If the tableau has a satisfiable branch
which is not extended by the rule application in question, it remains a satisfiable
branch in the extended tableau, so the extended tableau is satisfiable. So we
only have to consider the case where a rule is applied to a satisfiable branch.
Let Γ be the set of signed formulas on that branch, and let σ S φ ∈ Γ be
the signed formula to which the rule is applied. If the rule does not result in a
split branch, we have to show that the extended branch, i.e., Γ together with
the conclusions of the rule, is still satisfiable. If the rule results in split branch,
we have to show that at least one of the two resulting branches is satisfiable.
First, we consider the possible inferences with only one premise.
1. The branch is expanded by applying ¬T to σ T ¬ψ ∈ Γ . Then the
extended branch contains the signed formulas Γ ∪ {σ F ψ}. Suppose
M, f ⊩ Γ . In particular, M, f (σ) ⊩ ¬ψ. Thus, M, f (σ) ⊮ ψ, i.e., M
satisfies σ F ψ with respect to f .
2. The branch is expanded by applying ¬F to σ F ¬ψ ∈ Γ : Exercise.
3. The branch is expanded by applying ∧T to σ T ψ ∧ χ ∈ Γ , which results
in two new signed formulas on the branch: σ T ψ and σ T χ. Suppose
M, f ⊩ Γ , in particular M, f (σ) ⊩ ψ ∧ χ. Then M, f (σ) ⊩ ψ and
M, f (σ) ⊩ χ. This means that M satisfies both σ T ψ and σ T χ with
respect to f .
4. The branch is expanded by applying ∨F to F ψ ∨ χ ∈ Γ : Exercise.
5. The branch is expanded by applying →F to σ F ψ → χ ∈ Γ : This results
in two new signed formulas on the branch: σ T ψ and σ F χ. Suppose
M, f ⊩ Γ , in particular M, f (σ) ⊮ ψ → χ. Then M, f (σ) ⊩ ψ and
M, f (σ) ⊮ χ. This means that M, f satisfies both σ T ψ and σ F χ.

74 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 6. The branch is expanded by applying □T to σ T □ψ ∈ Γ : This results in
a new signed formula σ.n T ψ on the branch, for some σ.n ∈ P (Γ ) (since
σ.n must be used). Suppose M, f ⊩ Γ , in particular, M, f (σ) ⊩ □ψ.
Since f is an interpretation of prefixes and both σ, σ.n ∈ P (Γ ), we know
that Rf (σ)f (σ.n). Hence, M, f (σ.n) ⊩ ψ, i.e., M, f satisfies σ.n T ψ.

7. The branch is expanded by applying □F to σ F □ψ ∈ Γ : This results in a

new signed formula σ.n F φ, where σ.n is a new prefix on the branch, i.e.,
σ.n ∈/ P (Γ ). Since Γ is satisfiable, there is a M and interpretation f of
P (Γ ) such that M, f ⊨ Γ , in particular M, f (σ) ⊮ □ψ. We have to show
that Γ ∪ {σ.n F ψ} is satisfiable. To do this, we define an interpretation
of P (Γ ) ∪ {σ.n} as follows:
Since M, f (σ) ⊮ □ψ, there is a w ∈ W such that Rf (σ)w and M, w ⊮ ψ.
Let f ′ be like f , except that f ′ (σ.n) = w. Since f ′ (σ) = f (σ) and
Rf (σ)w, we have Rf ′ (σ)f ′ (σ.n), so f ′ is an interpretation of P (Γ )∪{σ.n}.
Obviously M, f ′ (σ.n) ⊮ ψ. Since f (σ ′ ) = f ′ (σ ′ ) for all prefixes σ ′ ∈
P (Γ ), M, f ′ ⊩ Γ . So, M, f ′ satisfies Γ ∪ {σ.n F ψ}.

Now let’s consider the possible inferences with two premises.

1. The branch is expanded by applying ∧F to σ F ψ ∧ χ ∈ Γ , which results

in two branches, a left one continuing through σ F ψ and a right one
through σ F χ. Suppose M, f ⊩ Γ , in particular M, f (σ) ⊮ ψ ∧ χ. Then
M, f (σ) ⊮ ψ or M, f (σ) ⊮ χ. In the former case, M, f satisfies σ F ψ,
i.e., the left branch is satisfiable. In the latter, M, f satisfies σ F χ, i.e.,
the right branch is satisfiable.

2. The branch is expanded by applying ∨T to σ T ψ ∨ χ ∈ Γ : Exercise.

3. The branch is expanded by applying →T to σ T ψ → χ ∈ Γ : Exercise.

Problem 6.2. Complete the proof of Theorem 6.6.

nml:tab:sou: Corollary 6.7. If Γ ⊢ φ then Γ ⊨ φ.

cor:entailment-soundness

Proof. If Γ ⊢ φ then for some ψ1 , . . . , ψn ∈ Γ , ∆ = {1 F φ, 1 T ψ1 , . . . , 1 T ψn }

has a closed tableau. We want to show that Γ ⊨ φ. Suppose not, so for some
M and w, M, w ⊩ ψi for i = 1, . . . , n, but M, w ⊮ φ. Let f (1) = w; then f is
an interpretation of P (∆) into M, and M satisfies ∆ with respect to f . But by
Theorem 6.6, ∆ is unsatisfiable since it has a closed tableau, a contradiction.
So we must have Γ ⊢ φ after all.

nml:tab:sou: Corollary 6.8. If ⊢ φ then φ is true in all models.

cor:weak-soundness

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 75

 σ T □φ σ F ♢φ
T□ T♢
σ Tφ σFφ

σ T □φ σ F ♢φ
D□ D♢
σ T ♢φ σ F □φ

σ.n T □φ σ.n F ♢φ
B□ B♢
σ Tφ σFφ

σ T □φ σ F ♢φ
4□ 4♢
σ.n T □φ σ.n F ♢φ

σ.n is used σ.n is used

σ.n T □φ σ.n F ♢φ
4r□ 4r♢
σ T □φ σ F ♢φ

Table 6.3: More modal rules.

nml:tab:mru:
Logic R is . . . Rules tab:more-rules

T = KT reflexive T□, T♢
D = KD serial D□, D♢
K4 transitive 4□, 4♢
B = KTB reflexive, T□, T♢
symmetric B□, B♢
S4 = KT4 reflexive, T□, T♢,
transitive 4□, 4♢
S5 = KT4B reflexive, T□, T♢,
transitive, 4□, 4♢,
euclidean 4r□, 4r♢

Table 6.4: Tableau rules for various modal logics.

nml:tab:mru:
tab:logics-rules
6.5 Rules for Other Accessibility Relations
In order to deal with logics determined by special accessibility relations, we nml:tab:mru:
sec
consider the additional rules in Table 6.3.
Adding these rules results in systems that are sound and complete for the
logics given in Table 6.4.

76 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 Example 6.9. We give a closed tableau that shows S5 ⊢ 5, i.e., □φ → □♢φ.

1. 1 F □φ → □♢φ Assumption
2. 1 T □φ →F 1
3. 1 F □♢φ →F 1
4. 1.1 F ♢φ □F 3
5. 1 F ♢φ 4r♢ 4
6. 1.1 F φ ♢F 5
7. 1.1 T φ □T 2
⊗

Problem 6.3. Give closed tableaux that show the following:

1. KT5 ⊢ B;

2. KT5 ⊢ 4;

3. KDB4 ⊢ T;

4. KB4 ⊢ 5;

5. KB5 ⊢ 4;

6. KT ⊢ D.

6.6 Soundness for Additional Rules

nml:tab:msn: We say a rule is sound for a class of models if, whenever a branch in a tableau
sec
is satisfiable in a model from that class, the branch resulting from applying the
rule is also satisfiable in a model from that class.

nml:tab:msn: Proposition 6.10. T□ and T♢ are sound for reflexive models.

prop:soundness-T

Proof. 1. The branch is expanded by applying T□ to σ T □ψ ∈ Γ : This

results in a new signed formula σ T ψ on the branch. Suppose M, f ⊩
Γ , in particular, M, f (σ) ⊩ □ψ. Since R is reflexive, we know that
Rf (σ)f (σ). Hence, M, f (σ) ⊩ ψ, i.e., M, f satisfies σ T ψ.

2. The branch is expanded by applying T♢ to σ F ♢ψ ∈ Γ : This results

in a new signed formula σ F ψ on the branch. Suppose M, f ⊩ Γ , in
particular, M, f (σ) ⊮ ♢ψ. Since R is reflexive, we know that Rf (σ)f (σ).
Hence, M, f (σ) ⊮ ψ, i.e., M, f satisfies σ F ψ.

nml:tab:msn: Proposition 6.11. D□ and D♢ are sound for serial models.

prop:soundness-D

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 77

Proof. 1. The branch is expanded by applying D□ to σ T □ψ ∈ Γ : This
results in a new signed formula σ T ♢ψ on the branch. Suppose M, f ⊩ Γ ,
in particular, M, f (σ) ⊩ □ψ. Since R is serial, there is a w ∈ W such that
Rf (σ)w. Then M, w ⊩ ψ, and hence M, f (σ) ⊩ ♢ψ. So, M, f satisfies
σ T ♢ψ.

2. The branch is expanded by applying D♢ to σ F ♢ψ ∈ Γ : This results

in a new signed formula σ F □ψ on the branch. Suppose M, f ⊩ Γ , in
particular, M, f (σ) ⊮ ♢ψ. Since R is serial, there is a w ∈ W such that
Rf (σ)w. Then M, w ⊮ ψ, and hence M, f (σ) ⊮ □ψ. So, M, f satisfies
σ F □ψ.

Proposition 6.12. B□ and B♢ are sound for symmetric models. nml:tab:msn:

prop:soundness-B

Proof. 1. The branch is expanded by applying B□ to σ.n T □ψ ∈ Γ : This

results in a new signed formula σ T ψ on the branch. Suppose M, f ⊩ Γ ,
in particular, M, f (σ.n) ⊩ □ψ. Since f is an interpretation of prefixes on
the branch into M, we know that Rf (σ)f (σ.n). Since R is symmetric,
Rf (σ.n)f (σ). Since M, f (σ.n) ⊩ □ψ, M, f (σ) ⊩ ψ. Hence, M, f satisfies
σ T ψ.

2. The branch is expanded by applying B♢ to σ.n F ♢ψ ∈ Γ : This results

in a new signed formula σ F ψ on the branch. Suppose M, f ⊩ Γ , in
particular, M, f (σ.n) ⊮ ♢ψ. Since f is an interpretation of prefixes on
the branch into M, we know that Rf (σ)f (σ.n). Since R is symmetric,
Rf (σ.n)f (σ). Since M, f (σ.n) ⊮ ♢ψ, M, f (σ) ⊮ ψ. Hence, M, f satisfies
σ F ψ.

Proposition 6.13. 4□ and 4♢ are sound for transitive models. nml:tab:msn:

prop:soundness-4

Proof. 1. The branch is expanded by applying 4□ to σ T □ψ ∈ Γ : This

results in a new signed formula σ.n T □ψ on the branch. Suppose M, f ⊩
Γ , in particular, M, f (σ) ⊩ □ψ. Since f is an interpretation of prefixes
on the branch into M and σ.n must be used, we know that Rf (σ)f (σ.n).
Now let w be any world such that Rf (σ.n)w. Since R is transitive,
Rf (σ)w. Since M, f (σ) ⊩ □ψ, M, w ⊩ ψ. Hence, M, f (σ.n) ⊩ □ψ, and
M, f satisfies σ.n T □ψ.

2. The branch is expanded by applying 4♢ to σ F ♢ψ ∈ Γ : This results in

a new signed formula σ.n F ♢ψ on the branch. Suppose M, f ⊩ Γ , in
particular, M, f (σ) ⊮ ♢ψ. Since f is an interpretation of prefixes on the
branch into M and σ.n must be used, we know that Rf (σ)f (σ.n). Now
let w be any world such that Rf (σ.n)w. Since R is transitive, Rf (σ)w.
Since M, f (σ) ⊮ ♢ψ, M, w ⊮ ψ. Hence, M, f (σ.n) ⊮ ♢ψ, and M, f
satisfies σ.n F ♢ψ.

78 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 nml:tab:msn: Proposition 6.14. 4r□ and 4r♢ are sound for euclidean models.
prop:soundness-4r

Proof. 1. The branch is expanded by applying 4r□ to σ.n T □ψ ∈ Γ : This

results in a new signed formula σ T □ψ on the branch. Suppose M, f ⊩ Γ ,
in particular, M, f (σ.n) ⊩ □ψ. Since f is an interpretation of prefixes on
the branch into M, we know that Rf (σ)f (σ.n). Now let w be any world
such that Rf (σ)w. Since R is euclidean, Rf (σ.n)w. Since M, f (σ).n ⊩
□ψ, M, w ⊩ ψ. Hence, M, f (σ) ⊩ □ψ, and M, f satisfies σ T □ψ.

2. The branch is expanded by applying 4r♢ to σ.n F ♢ψ ∈ Γ : This results

in a new signed formula σ T □ψ on the branch. Suppose M, f ⊩ Γ , in
particular, M, f (σ.n) ⊮ ♢ψ. Since f is an interpretation of prefixes on the
branch into M, we know that Rf (σ)f (σ.n). Now let w be any world such
that Rf (σ)w. Since R is euclidean, Rf (σ.n)w. Since M, f (σ).n ⊮ ♢ψ,
M, w ⊮ ψ. Hence, M, f (σ) ⊮ ♢ψ, and M, f satisfies σ F ♢ψ.

nml:tab:msn: Corollary 6.15. The tableau systems given in Table 6.4 are sound for the
cor:soundness-logics
respective classes of models.

6.7 Simple Tableaux for S5

nml:tab:s5: S5 is sound and complete with respect to the class of universal models, i.e.,
sec
models where every world is accessible from every world. In universal models
the accessibility relation doesn’t matter: “there is a world w where M, w ⊩ φ”
is true if and only if there is such a w that’s accessible from u. So in S5, we can
define models as simply a set of worlds and a valuation V . This suggests that
we should be able to simplify the tableau rules as well. In the general case,
we take as prefixes sequences of positive integers, so that we can keep track of
which such prefixes name worlds which are accessible from others: σ.n names
a world accessible from σ. But in S5 any world is accessible from any world,
so there is no need to so keep track. Instead, we can use positive integers as
prefixes. The simplified rules are given in Table 6.5.

Example 6.16. We give a simplified closed tableau that shows S5 ⊢ 5, i.e.,

♢φ → □♢φ.

1. 1 F ♢φ → □♢φ Assumption
2. 1 T ♢φ →F 1
3. 1 F □♢φ →F 1
4. 2 F ♢φ □F 3
5. 3T φ ♢T 2
6. 3F φ ♢F 4
⊗

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 79

 n T □φ n F □φ
□T □F
mTφ mFφ

m is used m is new

n T ♢φ n F ♢φ
♢T ♢F
mTφ mFφ

m is new m is used

Table 6.5: Simplified rules for S5.

nml:tab:s5:
tab:rules-S5
6.8 Completeness for K
explanation To show that the method of tableaux is complete, we have to show that when- nml:tab:cpl:
sec
ever there is no closed tableau to show Γ ⊢ φ, then Γ ⊭ φ, i.e., there is
a countermodel. But “there is no closed tableau” means that every way we
could try to construct one has to fail to close. The trick is to see that if ev-
ery such way fails to close, then a specific, systematic and exhaustive way also
fails to close. And this systematic and exhaustive way would close if a closed
tableau exists. The single tableau will contain, among its open branches, all
the information required to define a countermodel. The countermodel given by
an open branch in this tableau will contain the all the prefixes used on that
branch as the worlds, and a propositional variable p is true at σ iff σ T p occurs
on the branch.
Definition 6.17. A branch in a tableau is called complete if, whenever it
contains a prefixed formula σ S φ to which a rule can be applied, it also contains
1. the prefixed formulas that are the corresponding conclusions of the rule,
in the case of propositional stacking rules;
2. one of the corresponding conclusion formulas in the case of propositional
branching rules;
3. at least one possible conclusion in the case of modal rules that require a
new prefix;
4. the corresponding conclusion for every prefix occurring on the branch in
the case of modal rules that require a used prefix.

explanation For instance, a complete branch contains σ T ψ and σ T χ whenever it con-

tains T ψ ∧ χ. If it contains σ T ψ ∨ χ it contains at least one of σ F ψ and σ T χ.

80 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 If it contains σ F □ it also contains σ.n F □ for at least one n. And whenever
it contains σ T □ it also contains σ.n T □ for every n such that σ.n is used on
the branch.
nml:tab:cpl: Proposition 6.18. Every finite Γ has a tableau in which every branch is
prop:complete-tableau
complete.

Proof. Consider an open branch in a tableau for Γ . There are finitely many
prefixed formulas in the branch to which a rule could be applied. In some fixed
order (say, top to bottom), for each of these prefixed formulas for which the
conditions (1)–(4) do not already hold, apply the rules that can be applied to it
to extend the branch. In some cases this will result in branching; apply the rule
at the tip of each resulting branch for all remaining prefixed formulas. Since the
number of prefixed formulas is finite, and the number of used prefixes on the
branch is finite, this procedure eventually results in (possibly many) branches
extending the original branch. Apply the procedure to each, and repeat. But
by construction, every branch is closed.

nml:tab:cpl: Theorem 6.19 (Completeness). If Γ has no closed tableau, Γ is satisfiable.

thm:tableau-completeness

Proof. By the proposition, Γ has a tableau in which every branch is complete.

Since it has no closed tableau, it thas has a tableau in which at least one branch
is open and complete. Let ∆ be the set of prefixed formulas on the branch,
and P (∆) the set of prefixes occurring in it.
We define a model M(∆) = ⟨P (∆), R, V ⟩ where the worlds are the prefixes
occurring in ∆, the accessibility relation is given by:

Rσσ ′ iff σ ′ = σ.n for some n

and
V (p) = {σ : σ T p ∈ ∆}.
We show by induction on φ that if σ T φ ∈ ∆ then M(∆), σ ⊩ φ, and if
σ F φ ∈ ∆ then M(∆), σ ⊮ φ.

1. φ ≡ p: If σ T φ ∈ ∆ then σ ∈ V (p) (by definition of V ) and so M(∆), σ ⊩

φ.
If σ F φ ∈ ∆ then σ T φ ∈
/ ∆, since the branch would otherwise be closed.
So σ ∈/ V (p) and thus M(∆), σ ⊮ φ.
2. φ ≡ ¬ψ: If σ T φ ∈ ∆, then σ F ψ ∈ ∆ since the branch is complete. By
induction hypothesis, M(∆), σ ⊮ ψ and thus M(∆), σ ⊩ φ.
If σ F φ ∈ ∆, then σ T ψ ∈ ∆ since the branch is complete. By induction
hypothesis, M(∆), σ ⊩ ψ and thus M(∆), σ ⊮ φ.
3. φ ≡ ψ ∧ χ: If σ T φ ∈ ∆, then both σ T ψ ∈ ∆ and σ T χ ∈ ∆ since
the branch is complete. By induction hypothesis, M(∆), σ ⊩ ψ and
M(∆), σ ⊩ χ. Thus M(∆), σ ⊩ φ.

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 81

 If σ F φ ∈ ∆, then either σ F ψ ∈ ∆ or σ F χ ∈ ∆ since the branch is
complete. By induction hypothesis, either M(∆), σ ⊮ ψ or M(∆), σ ⊮ ψ.
Thus M(∆), σ ⊮ φ.

4. φ ≡ ψ ∨ χ: If σ T φ ∈ ∆, then either σ T ψ ∈ ∆ or σ T χ ∈ ∆ since

the branch is complete. By induction hypothesis, either M(∆), σ ⊩ ψ or
M(∆), σ ⊩ χ. Thus M(∆), σ ⊩ φ.
If σ F φ ∈ ∆, then both σ F ψ ∈ ∆ and σ F χ ∈ ∆ since the branch is
complete. By induction hypothesis, both M(∆), σ ⊮ ψ and M(∆), σ ⊮ ψ.
Thus M(∆), σ ⊮ φ.

5. φ ≡ ψ → χ: If σ T φ ∈ ∆, then either σ F ψ ∈ ∆ or σ T χ ∈ ∆ since

the branch is complete. By induction hypothesis, either M(∆), σ ⊮ ψ or
M(∆), σ ⊩ χ. Thus M(∆), σ ⊩ φ.
If σ F φ ∈ ∆, then both σ T ψ ∈ ∆ and σ F χ ∈ ∆ since the branch is
complete. By induction hypothesis, both M(∆), σ ⊩ ψ and M(∆), σ ⊮ ψ.
Thus M(∆), σ ⊮ φ.

6. φ ≡ □ψ: If σ T φ ∈ ∆, then, since the branch is complete, σ.n T ψ ∈ ∆

for every σ.n used on the branch, i.e., for every σ ′ ∈ P (∆) such that
Rσσ ′ . By induction hypothesis, M(∆), σ ′ ⊩ ψ for every σ ′ such that
Rσσ ′ . Therefore, M(∆), σ ⊩ φ.
If σ F φ ∈ ∆, then for some σ.n, σ.n F ψ ∈ ∆ since the branch is complete.
By induction hypothesis, M(∆), σ.n ⊮ ψ. Since Rσ(σ.n), there is a σ ′
such that M(∆), σ ′ ⊮ ψ. Thus M(∆), σ ⊮ φ.

7. φ ≡ ♢ψ: If σ T φ ∈ ∆, then for some σ.n, σ.n T ψ ∈ ∆ since the branch

is complete. By induction hypothesis, M(∆), σ.n ⊩ ψ. Since Rσ(σ.n),
there is a σ ′ such that M(∆), σ ′ ⊩ ψ. Thus M(∆), σ ⊩ φ.
If σ F φ ∈ ∆, then, since the branch is complete, σ.n F ψ ∈ ∆ for every σ.n
used on the branch, i.e., for every σ ′ ∈ P (∆) such that Rσσ ′ . By induc-
tion hypothesis, M(∆), σ ′ ⊮ ψ for every σ ′ such that Rσσ ′ . Therefore,
M(∆), σ ⊮ φ.

Since Γ ⊆ ∆, M(∆) ⊩ Γ .

Problem 6.4. Complete the proof of Theorem 6.19.

Corollary 6.20. If Γ ⊨ φ then Γ ⊢ φ. nml:tab:cpl:

cor:entailment-completeness

Corollary 6.21. If φ is true in all models, then ⊢ φ. nml:tab:cpl:

cor:weak-completeness

82 normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY

 6.9 Countermodels from Tableaux
nml:tab:cou: The proof of the completeness theorem doesn’t just show that if ⊨ φ then ⊢ φ, explanation
sec
it also gives us a method for constructing countermodels to φ if ⊭ A. In the case
of K, this method constitutes a decision procedure. For suppose ⊭ φ. Then the
proof of Proposition 6.18 gives a method for constructing a complete tableau.
The method in fact always terminates. The propositional rules for K only add
prefixed formulas of lower complexity, i.e., each propositional rule need only
be applied once on a branch for any signed formula σ S φ. New prefixes are
only generated by the □F and ♢T rules, and also only have to be applied once
(and produce a single new prefix). □T and ♢F have to be applied potentially
multiple times, but only once per prefix, and only finitely many new prefixes are
generated. So the construction either results in a closed branch or a complete
branch after finitely many stages.
Once a tableau with an open complete branch is constructed, the proof of
Theorem 6.19 gives us an explict model that satisfies the original set of prefixed
formulas. So not only is it the case that if Γ ⊨ φ, then a closed tableau exists
and Γ ⊢ φ, if we look for the closed tableau in the right way and end up with
a “complete” tableau, we’ll not only know that Γ ⊭ φ but actually be able to
construct a countermodel.

Example 6.22. We know that ⊬ □(p ∨ q) → (□p ∨ □q). The construction of

a tableau begins with:

1. 1 F □(p ∨ q) → (□p ∨ □q) ✓ Assumption

2. 1 T □(p ∨ q) →F 1
3. 1 F □p ∨ □q ✓ →F 1
4. 1 F □p ✓ ∨F 3
5. 1 F □q ✓ ∨F 3
6. 1.1 F p ✓ □F 4
7. 1.2 F q ✓ □F 5

The tableau is of course not finished yet. In the next step, we consider the
only line without a checkmark: the prefixed formula 1 T □(p ∨ q) on line 2. The
construction of the closed tableau says to apply the □T rule for every prefix
used on the branch, i.e., for both 1.1 and 1.2:

1. 1 F □(p ∨ q) → (□p ∨ □q) ✓ Assumption

2. 1 T □(p ∨ q) →F 1
3. 1 F □p ∨ □q ✓ →F 1
4. 1 F □p ✓ ∨F 3
5. 1 F □q ✓ ∨F 3
6. 1.1 F p ✓ □F 4
7. 1.2 F q ✓ □F 5
8. 1.1 T p ∨ q □T 2
9. 1.2 T p ∨ q □T 2

normal-modal-logic rev: ec6994c (2022-08-13) by OLP / CC–BY 83

 ¬p p
1.1 q 1.2 ¬q

¬p
1 ¬q

Figure 6.1: A countermodel to □(p ∨ q) → (□p ∨ □q).

nml:tab:cou:
fig:counter-Box
Now lines 2, 8, and 9, don’t have checkmarks. But no new prefix has been
added, so we apply ∨T to lines 8 and 9, on all resulting branches (as long as
they don’t close):

1. 1 F □(p ∨ q) → (□p ∨ □q) ✓ Assumption

2. 1 T □(p ∨ q) →F 1
3. 1 F □p ∨ □q ✓ →F 1
4. 1 F □p ✓ ∨F 3
5. 1 F □q ✓ ∨F 3
6. 1.1 F p ✓ □F 4
7. 1.2 F q ✓ □F 5
8. 1.1 T p ∨ q ✓ □T 2
9. 1.2 T p ∨ q ✓ □T 2

10. 1.1 T p ✓ 1.1 T q ✓ ∨T 8

11. ⊗ 1.2 T p ✓ 1.2 T q ✓ ∨T 9

⊗

There is one remaining open branch, and it is complete. From it we define the
model with worlds W = {1, 1.1, 1.2} (the only prefixes appearing on the open
branch), the accessibility relation R = {⟨1, 1.1⟩, ⟨1, 1.2⟩}, and the assignment
V (p) = {1.2} (because line 11 contains 1.2 T p) and V (q) = {1.1} (because
line 10 contains 1.1 T q). The model is pictured in Figure 6.1, and you can
verify that it is a countermodel to □(p ∨ q) → (□p ∨ □q).

Photo Credits

84
Bibliography

85