1. Introduction
Reynolds’s Separation logic (SL) (Reynolds, 2002) is an extension of Hoare logic for reasoning about programs that explicitly mutate memory. Its assertion logic, also called separation logic, extends the usual (additive) connectives for conjunction , disjunction , implication , and the (additive) verum constant , with the multiplicative connectives separating conjunction , its unit (denoted by in some literature), and separating implication , also called magic wand, from the logic of Bunched Implications (BI) (O’Hearn and Pym, 1999). Moreover, the assertion language introduces the pointsto predicate on expressions, along with the usual quantifiers and predicates of firstorder logic with equality and arithmetic. The additive connectives may be either intuitionistic, as for BI, or classical, as for the logic of Boolean Bunched Implications (BBI). Classical additives are more expressive as they support reasoning about nonmonotonic commands such as memory deallocation, and assertions such as “the heap is empty” (Ishtiaq and O’Hearn, 2001). In this paper we consider classical additives only.
The concrete memory model for SL is given in terms of heaps, where a heap is a finite partial function from addresses to values. A heap satisfies iff it can be partitioned into heaps satisfying and respectively; it satisfies iff it is empty; it satisfies iff any extension with a heap that satisfies must then satisfy ; and it satisfies iff it is a singleton map sending the address specified by the expression to the value specified by the expression . While the predicate refers to the content of heaps, the BI connectives refer only to their structure. Some basic spatial properties of heaps include the following:
 Empty heap:

There is a unique empty heap ;
 Identity:

Combining heap with the empty heap gives the original heap ;
 Commutativity:

Combining heap with heap is the same as combining with ;
 Associativity:

Combining heap with heap and then combining the result with heap is the same as combining heap with the combination of heaps and .
These conditions define a nondeterministic monoid: giving algebraic models for BBI (Galmiche and LarcheyWendling, 2006).
The idea of separation logic has proved fruitful for a range of memory (or, more generally, resource) models, some quite different from the original heap model. In this paper we will present examples drawn from (Boyland, 2003; Parkinson, 2005; Bornat et al., 2005; Calcagno et al., 2007a; Dockins et al., 2009; Villard et al., 2009; Jensen et al., 2013), but this list is far from exhaustive. Each such model has its own notion of separation and sharing of resources, and hence may formally give rise to a new logic with respect to the BI connectives, let alone any specialpurpose predicates which might be added to the logic. As new variations of separation logic are introduced, their relation to prior logics is seldom developed formally, and so new metatheory and tool support must be substantially reconstructed for each case. This has led to a subgenre of papers highlighting the need for organisation and generalisation across these logics (Biering et al., 2007; Calcagno et al., 2007a; Parkinson, 2010; Jensen, 2013).
In this paper we take as a starting point Abstract Separation Logic (Calcagno et al., 2007a), which is intended to generalise the logics of many concrete models. In particular we set quantifiers aside to work with Propositional Abstract Separation Logic (PASL). This logic is defined via the abstract semantics of partial cancellative monoids, or separation algebras, which are nondeterministic monoids restricted by:
 Partialdeterminism:

The combination of heap with heap is either undefined, or a unique heap;
 Cancellativity:

If combining and gives and combining heap and also gives , then .
Semantics in this style are reminiscent of the ternary algebraic semantics often used in connection with substructural logics (Anderson and Belnap, 1976), an observation we exploit in this paper. Separation algebras allow interpretation of , and , although the latter is not considered by (Calcagno et al., 2007a). The pointsto () predicate is not a first class citizen of PASL; it may be introduced as a predicate only if an appropriate concrete separation algebra is fixed. PASL is appropriate to reasoning about the structure of memory, but not its content.
Precondition strengthening and postcondition weakening in Hoarestyle logics require reasoning in the assertion logic, but proof search and structural proof theory for PASL have received little attention until recently. It is known that the added expressive power of the multiplicative connectives comes at a price, yielding a logic that is in general undecidable (Brotherston and Kanovich, 2014; LarcheyWendling and Galmiche, 2010). Given the wide applicability of abstract separation logic, even a semidecision procedure for PASL would assist program verification.
However the definition of separation algebras presented by (Calcagno et al., 2007a) is not necessarily canonical. Most notably (Dockins et al., 2009) suggested the following useful additional properties for spatial reasoning^{1}^{1}1Dockins et al. (Dockins et al., 2009) also suggested generalising separation algebras to have a set of units; it is an easy corollary of (Brotherston and Villard, 2014, Lemma 3.11) that singleunit and multipleunit separation algebras satisfy the same set of formulae, and we do not pursue this generalisation in this paper.:
 Indivisible unit:

If combining heap with heap gives the empty heap, then and must themselves be the empty heap;
 Disjointness:

If the result of combining heap with itself is defined, then must be the empty heap;
 Splittability:

Every nonempty heap can be split into two nonempty heaps and ;
 Crosssplit:

If a heap can be split in two different ways, then there should be heaps that constitute the intersections of these splittings.
Conversely, following (Gotsman et al., 2011) some authors have further generalised separation algebras by dropping cancellativity; we will present concrete examples from (Jensen and Birkedal, 2012; Vafeiadis and Narayan, 2013). These extensions and restrictions of PASL point to a need to present modular proof theory and proof search techniques which allow the axiomatic properties of the abstract models to be adjusted according to the needs of a particular application.
This paper is an extended journal version of the conference paper (Hóu et al., 2014). In that paper, we solved the open problems of presenting sound and complete structural proof theory, and gave a semidecision procedure, along with an efficient implementation, for Propositional Abstract Separation Logic. We further showed that our methods could encompass the axiomatic extensions of (Dockins et al., 2009), and conversely that cancellativity and partialdeterminism could be dropped, and so our proof theory was modular in the sense that it could be used for many neighbouring logics of PASL, including BBI. In this journal paper we make a major extension to the modularity of our approach by introducing a technique to synthesise proof rules from any spatial axiom in a certain format, general enough to encompass all axioms of (Dockins et al., 2009). The remainder of this introduction sketches the techniques used in this paper.
Because of the similarity between nondeterministic monoids, which provide semantics for BBI (Galmiche and LarcheyWendling, 2006), and the separation algebras which provide semantics for PASL, it is natural to investigate whether techniques used successfully for BBI can be extended to PASL. This paper answers this question in the affirmative by extending the work on BBI of (Hóu et al., 2013, 2015b). In these papers, a sound and complete proof theory was provided for BBI in the style of labelled sequent calculus (Negri and von Plato, 2001), a proof style for modal and substructural logics with Kripkestyle frame semantics in which statements about the elements of the frame are explicitly included in the context of sequents. This allows relational properties of the semantics to be explicitly represented as proof rules, which allows labelled sequent calculi to encompass a wide variety of logics in a modular style – the addition or subtraction of semantic properties corresponds exactly to the addition or subtraction of the corresponding proof rules.
This paper builds on (Hóu et al., 2015b) by presenting a labelled sequent calculus for a sublogic of BBI, which is of no intrinsic interest that we are aware of, but which does include all BI connectives. We then show that it can be extended to a labelled sequent calculus for BBI, for PASL, and for various neighbouring logics, by extending it with instances of a general structural rule synthesised from axioms on the semantics. This is possible so long as the axiom is in a certain format, which is sufficiently general to encompass, for example, the spatial properties identified by (Dockins et al., 2009). We call an axiom in this format a frame axiom. We then show that our sequent calculi can be used for effective backward proof search, thereby providing semidecision procedures for a variety of logics. Our implementation, Separata^{2}^{2}2Available at http://users.cecs.anu.edu.au/~zhehou., is the first automated theorem prover for PASL and many of its neighbours. Separata differs from our previous implementation for BBI in two aspects: first, Separata can handle multiple abstract separation logics, including BBI, whereas is designed for BBI only; second, Separata is a semidecision procedure, whereas
adopts a heuristic proof search which is incomplete.
In this work, we are interested in proof search procedures that are complete. In this setting, sequent calculi are amenable to backward proofsearch only if the cut rule is redundant. This result follows much as for the calculus of (Hóu et al., 2015b). However completeness does not follow so easily; in (Hóu et al., 2015b) the completeness of was shown by mimicking derivations in the Hilbert axiomatisation of BBI. This avenue is no longer viable for PASL because partialdeterminism and cancellativity are not axiomatisable in BBI (Brotherston and Villard, 2014). That is, there can be no Hilbert calculus in the language of BBI which is sound and complete with respect to separation algebras. We instead prove the cutfree completeness of our labelled sequent calculi via a countermodel construction procedure which shows that if a formula is not cutfree derivable in our sequent calculus then it is falsifiable in some PASLmodel.
The calculi of this paper differ in style from because, in (Hóu et al., 2015b), explicit substitutions are used in the proof rules, whereas in this paper these are replaced by explicit equality assertions. These are easier for us to manage with respect to proving the modular completeness of our family of calculi, but the presentation with substitutions is more amenable to implementation. We hence show how equivalent new calculi can be defined, with substitutions replacing equalities, and show how this allows a semidecision procedure to be implemented. Experimental results show that our prover is usually faster than other provers for BBI when tested against the same benchmarks of BBI formulae.
This paper improves upon all aspects of the presentation of results from its conference predecessor (Hóu et al., 2014), partly because of lesser limitations on space, but we here briefly summarise the more important differences between this paper and the earlier work:

A new modular framework of calculi based on frame axioms and synthesised structural rules. The completeness of calculi in this framework can be obtained in one proof. In the previous work, each new calculus required a new proof;

A new completeness proof by countermodel construction for a framework of calculi. This proof includes treatments for splittability and crosssplit, which are not included in the previous work;

A translation from the current calculi to previous calculi with global label substitutions;

More comprehensive experiments with testing of randomly generated formulae;

Many more examples of concrete separation algebras and their applications;

Example derivations of various formulae; and a

Discussion of applications of this work.
The remainder of this paper is structured as follows. Section 2 introduces Propositional Abstract Separation Logic via its separation algebra semantics, gives a number of concrete examples of these semantics, and defines the labelled sequent calculus for PASL. Fundamental results such as soundness and cutelimination are also proved. Section 3 proves the completeness of our calculi framework by countermodel construction. Section 4 shows how our framework can encompass various neighbouring logics of PASL, based on models with different spatial properties, and discusses how these properties manifest in examples. Section 5 shows how to translate our calculi into a format that is more amenable to implementation, and presents some example derivations. Section 6 presents the implementation and experiments. Section 7 discusses applications and extensions of the calculi in this work. Finally, Section 8 discusses related work.
2. A labelled sequent calculus for Pasl
In this section we define the separation algebra semantics of Calcagno et al. (Calcagno et al., 2007a) for Propositional Abstract Separation Logic (PASL), present concrete examples of these semantics, and give the labelled sequent calculus for this logic. Soundness and cutelimination are then demonstrated for .
2.1. Propositional abstract separation logic
The formulae of PASL are defined inductively as follows, where ranges over some set of propositional variables:
PASLformulae will be interpreted via the following semantics:
Definition 2.1 ().
A separation algebra, or partial cancellative commutative monoid, is a triple where is a nonempty set, is a partial binary function written infix, and , satisfying the following conditions, where ‘’ is interpreted as “either, both sides are undefined, or, both sides are defined and equal”:
 identity::

 commutativity::

 associativity::

 cancellativity::

if and then
Note that the partialdeterminism of the monoid is assumed since is a partial function: for any , if and then .
Example 2.2 ().
The paradigmatic example of a separation algebra is the set of heaps (Reynolds, 2002): finite partial functions from an infinite set of locations to a set of values. Then if have disjoint domains, and is undefined otherwise. is the empty function.
Example 2.3 ().
A partial commutative semigroup (Bornat et al., 2005), also known as a permission algebra^{3}^{3}3We prefer the former term, as many interesting examples have little to do with permissions, and the ‘permissions algebra’ terminology is not used consistently in the literature; compare (Calcagno et al., 2007a; Vafeiadis, 2007). (Calcagno et al., 2007a), is a set equipped with an associative commutative partial binary operator , written infix. In other words, it is a separation algebra without the requirement to have a unit, or to be cancellative.
Fixing such a , for which we will give some example definitions shortly, and given an infinite set of locations , we define two finite partial functions from to to be compatible iff for all in the intersection of their domains, is defined. We then define the binary operation on partial functions as undefined if they are not compatible. Where they are compatible, is defined as:
Setting as the empty function, many examples of concrete separation algebras have this form, with the operation, where defined, intuitively corresponding to some notion of sharing of resources. The following are some example definitions of such a construction:

Heaps: let be the set of values, and be undefined everywhere.

Fractional permissions (Boyland, 2003): let be the set of pairs of values (denoted by ) and (real or rational) numbers (denoted by ) in the interval , and

Named permissions (Parkinson, 2005): given a set of permission names, let be the set of pairs of values (denoted by ) and nonempty subsets (denoted by ) of , and

Counting permissions (Bornat et al., 2005): let be the set of pairs of values (denoted by ) and integers (denoted by ). Here is interpreted as total permission, negative integers as read permissions, and positive integers as counters of the number of permissions taken. Let

Binary Tree Share Model (Dockins et al., 2009): Consider the set of finite nonempty binary trees whose leaves are labelled true () or false (), modulo the smallest congruence such that
Let (resp. ) be the pointwise disjunction (resp. conjunction) of representative trees of the same shape. Then let be the pairs of values (denoted by ) and equivalence classes of trees (denoted by ) so defined, and with defined as shown below, where is the equivalence class containing the tree whose only node contains :
Note that the construction above with partial commutative semigroups does not in general guarantee cancellativity of the separation algebra; for this we need to require further that is cancellative and has no idempotent elements (satisfying ). As we will see later, some interesting concrete models fail this requirement, and so we will generalise the results of the paper to drop cancellativity in Section 4.
Example 2.4 ().
Other concrete separation algebras resemble the construction of Example 2.3 without fitting it precisely:

Finite set of locations: The concrete memory model of a 32bit machine (Jensen et al., 2013) has as its locations the set of integers .

Total functions: Markings of Petri nets (Murata, 1989) without capacity constraints are simply multisets. They may be considered as separation algebras (Calcagno et al., 2007a) by taking to be and to be the set of natural numbers with addition, then considering the set of total functions , with defined as usual (hence, as multiset union), and as the constant function. If there is a global capacity constraint then we let be undefined if , and hence becomes undefined also in the usual way.
Note that this example can only be made to exactly fit the construction of Example 2.3 if we restrict ourselves to markings of infinite Petri nets with finite numbers of tokens. In this case we would consider a place without tokens to have an undefined map, rather than map to , and set to be the positive integers.

Constraints on functions: The endpoint heaps of (Villard et al., 2009) are only those partial functions that are dual, irreflexive and injective (we refer to the citation for the definition of these properties). Similarly, if the places of a Petri net comes equipped with a capacity constraint function , we consider only those functions compatible with those constraints.
The examples above, which we do not claim to be exhaustive, justify the study of the abstract properties shared by these concrete semantics. We hence now turn to the logic PASL, which has semantics in any separation algebra (Definition 2.1). In this paper we prefer to express PASL semantics in the style of ternary relations, which are standard in substructural logic (Anderson and Belnap, 1976) and in harmony with the most important work preceding this paper (Hóu et al., 2015b). We give the ternary relations version of Definition 2.1, easily seen to be equivalent, as follows.
Definition 2.5 ().
A PASL Kripke relational frame is a triple , where is a nonempty set of worlds, , and , satisfying the following conditions for all in :
 identity::

 commutativity::

 associativity::

 cancellativity::

 partialdeterminism::

.
A PASL Kripke relational model is a tuple of a PASL Kripke relational frame and a valuation function (where is the power set of ). The forcing relation between a model and a formula is defined in Table 1, where we write for the negation of . Given a model , a formula is true at (world) iff . The formula is valid iff it is true at all worlds of all models.




2.2. The labelled sequent calculus
Let be an infinite set of label variables, and let the set of labels be , where is a label constant not in ; here we overload the notation for the identity world in the semantics. Labels will be denoted by lowercase letters such as . A labelled formula is a pair of a label and formula . As usual in a labelled sequent calculus, one needs to incorporate Kripke relations explicitly into the sequents. This is achieved via the syntactic notion of relational atoms, which have the form of either (equality), (inequality), or a ternary relational atom standing for , where are labels. A sequent takes the form
where is a set of relational atoms, and and are sets of labelled formulae. We also use the symbol “” inside , and to indicate set union: for example, is . Given , we denote by the set of equations occurring in .
We now abuse the sequent turnstile slightly to write , where is a (possibly infinite) set of equations, to denote an equality judgment under the assumption , defined inductively as follows:
It is easy to see that iff for a finite subset of Note that an equality judgement is not a sequent but abuses the sequent turnstile to keep track of equalities.
As we shall soon see, working within a labelled sequent calculus framework allows us to synthesise, in a generic way, proof rules that correspond to a variety of different properties of separation algebras, and their extensions. However we first must introduce a core logic, a sublogic of BBI (and hence, of PASL) which we call , which consists only of identity, cut, logical rules and the structural rules and . The proof system for this sublogic is presented in Figure 1. The structural rule is essentially a form of cut on equality predicates. The rules and are admissible for and many of its extensions, but will be needed for some extensions, such as the extension of PASL with splittability. Note that the equality judgment is not a premise requiring proof, but rather a condition for the rule id. Therefore the rules , , , , are zeropremise rules. In the rules and , the respective principal formulae and also occur in the premises. This is to ensure that contraction is admissible, which is essential to obtain cutelimination.
Identity and Cut:  

Logical Rules:  
Structural Rules:  
Side conditions:  
In and , the labels and do not occur in the conclusion. 
Given a relational frame , a function from labels to worlds is a label mapping iff it satisfies , mapping the label constant to the identity world . Intuitively, a labelled formula means that formula is true in world . Thus we define an extended PASL Kripke relational model as a model equipped with a label mapping.
Definition 2.6 (Sequent Falsifiability).
A sequent is falsifiable in an extended model if for every , , and for every , we have each of and and It is falsifiable if it is falsifiable in some extended model.
Synthesising structural rules from frame axioms
We now define extensions of the sublogic via firstorder axioms that correspond to various semantic conditions used to define PASL and its variations. For this work, we consider only axioms that are closed formulae of the following general axiom form where are natural numbers:
(1) 
Note that where , , or are , we assume the empty conjunction is . We further require the following conditions:

each , for , is either a ternary relational atom or an inequality;

each , for , is a relational atom;

every label variable in occurs only once;

if , for , is a ternary relational atom, then does not occur in .
We call axioms of this form frame axioms. A frame axiom can be given semantics in terms of Kripke frames, following the standard classical firstorder interpretation (see e.g., (Fitting, 1996)). Recall that a firstorder model is a pair of a nonempty domain and an interpretation function that associates each constant in the firstorder language to a member of and every ary relation symbol to an ary relation over . When interpreting firstorder formulae with free variables, we additionally need to specify the valuation of the free variables, i.e., a mapping of the free variables to elements of . The notion of truth of a firstorder formula (under a model and a given valuation of its free variables) is standard and the reader is referred to, e.g., (Fitting, 1996) for details.
Definition 2.7 ().
A Kripke frame satisfies a frame axiom iff is true in the first order model , where is the interpretation function that associates the symbol to the label constant in the set , the predicate symbol to the relation , and the equality symbol to the identity relation over . A Kripke frame satisfies a set of frame axioms iff it satisfies every frame axiom in the set.
A frame axiom such as the one from Formula (1) induces the following general structural rule:
where the existential condition in Equation 1 becomes a sidecondition that the existentially quantified variables must be fresh label variables not occurring in the conclusion of the rule.
Example 2.8 ().
The semantic clauses in Definition 2.5 can be captured by the following frame axioms:
 identity 1::

 identity 2::

 commutativity::

 associativity::

 cancellativity::

 partialdeterminism::

.
These frame axioms are mostly a straightforward translation from the semantic clauses of Definition 2.5 into the syntactic form, replacing the relation with the predicate symbol It is trivial to show that the Kripke frames defined in Definition 2.5 satisfy the frame axioms above. However, notice that the syntactic form of the frame axioms does not allow more than one occurrence of a variable in the left hand side of the implications. Thus, for each semantic clause of Definition 2.5, we need to identify each world that occurs multiple (say, ) times on the left hand side of the implications, make distinct copies of that world, and add equalities relating them. If occurs in a ternary relational atom on the left hand side, we need to create a fresh (universally quantified) variable, e.g., , and add that .
Take the associativity axiom in Definition 2.5 as an example:
The world occurs twice on the left hand side, so we make two copies of it: and . The corresponding axiom in frame axiom form is then:
We may then synthesise the following structural rule for associativity:
with the “freshness” sidecondition that does not appear in the conclusion.
Note that this rule is applicable on , as is trivial.
From the frame axioms in Example 2.8 above, we obtain the structural rules of Figure 2. The identity axiom, as it is a biimplication, gives rise to two rules and . The commutativity axiom translates to rule , associativity to , cancellativity to and partial determinism to . The proof system is defined to be the rules of Figure 1 for the sublogic , plus the synthesised structural rules of Figure 2.
Side conditions:  
In , the label does not occur in the conclusion. 
We remark here that it is not always obvious what the effect of each semantic property will be on the set of valid formulae; for example it was only recently discovered (LarcheyWendling and Galmiche, 2014) that cancellativity does not affect validity in the presence of the other properties. This lends weight to the suggestion of (Gotsman et al., 2011) that cancellativity should be omitted from the definition of separation algebra; see also our examples of concrete separation algebras without cancellativity in Section 4.5. It is nonetheless harmless to include it in our rules, and may be useful for some extensions of PASL, as we discuss in Section 8.
It is easy to check that the following hold:
Theorem 2.9 (Soundness of the general structural rule).
Every synthesised instance of the general structural rule is sound with respect to the Kripke relational frames with the corresponding frame axiom.
Corollary 2.10 (Soundness of ).
For any formula , and for an arbitrary label , if the labelled sequent is derivable in then is valid.
Note that the soundness of has been formally verified via the interactive theorem prover Isabelle (Hóu et al., 2016).
2.3. Cutelimination for the general proof system
In this section we see that the rule of Figure 1 is admissible in the general nested sequent calculus . Since cutadmissibility can be obtained indirectly from the cutfree completeness proof in the next section, we do not give full details here.
A label substitution is a mapping from label variables to labels. The domain of a substitution is the set . We restrict to substitutions with only finite domains. We use the notation to denote a substitution mapping variables to labels Application of a substitution to a term or a formula is written in a postfix notation, e.g., denotes a formula obtained by substituting for every free occurrence of in This notation generalises straightforwardly to applications of substitutions to (multi)sets of formulas, relational atoms and sequents.
We will first present a substitution lemma for instance systems of . This requires the following lemma.
Lemma 2.11 (Substitution in equality judgments).
Given any set of equality relational atoms, any labels , and , and any label variable , if , then , where every occurrence of is replaced with .
In the substitution lemma below we use to denote the height of the derivation .
Lemma 2.12 (Substitution for ).
In any instance system of , if is a derivation for the sequent , then there is a derivation of the sequent where every occurrence of label variable is replaced by label , such that .
Since does not involve explicit label substitutions in the rules anymore, the proof for the substitution lemma is actually simpler than the proof for (Hóu et al., 2015b), to which we refer interested readers.
The admissibility of weakening for any instance system of can be proved by a simple induction on the length of the derivation. The invertibility of the inference rules in can be proved in a similar way as for (Hóu et al., 2015b), which uses similar techniques as for (Negri and von Plato, 2001). The proofs for the following lemmas are a straightforward adaptation of similar proofs from (Hóu et al., 2015b) so we omit details here.
Lemma 2.13 (Weakening admissibility of ).
If is derivable in any instance system of , then for any set of relational atoms, and any set and of labelled formulae, the sequent is derivable with the same height in that instance of .
Lemma 2.14 (Invertibility of rules in ).
In any instance system of , if is a cutfree derivation of the conclusion of a rule, then there is a cutfree derivation for each premise, with height at most .
Since the sequents in our definition consists of sets, the admissibility of contraction is trivial and we do not state it as a lemma here. The cutelimination proof here is an adaptation of that of (Hóu et al., 2015b). The proof in our case is simpler, as our cut rule does not split context, and our inference rules do not involve explicit label substitutions. We hence state the theorem here without proof:
Theorem 2.15 (Cutelimination for ).
For any instance of , if a formula is derivable in that instance, then it is derivable without using in that instance.
3. Countermodel construction for
We now give a countermodel construction procedure that works for all finite instances (systems with finite rules) of the general proof system , and hence establishes their completeness.
As the countermodel construction involves infinite sets and sequents, we extend the definition of equality judgment:
Definition 3.1 ().
Given a (possibly infinite) set of relational atoms, the judgment holds iff holds for some finite .
Given a set of relational atoms, we define the relation as follows: iff . We next state a lemma which is an immediate result from our equality judgment rules and will be useful in our countermodel construction later:
Lemma 3.2 ().
Given a set of relational atoms, the relation is an equivalence relation on the set of labels.
The equivalence relation partitions into equivalence classes for each label :
The countermodel construction is essentially a procedure to saturate a sequent by applying all backward applicable rules repeatedly. The aim is to obtain an infinite saturated sequent from which a countermodel can be extracted. We first define a list of required conditions for such an infinite sequent which would allow the countermodel construction.
Definition 3.3 (General Hintikka sequent).
A labelled sequent is a general Hintikka sequent if it satisfies the following conditions for any formulae and any labels :

It is not the case that , and

and

If then

If then

If then and

If then or

If then or

If then and

If then s.t. , , and

If then if and then or

If then if and , then or

If then s.t. , , and

It is not the case that and .

Either or .

Given a frame axiom of the form
for any labels and substitution , if and for , then there exist and substitution such that .
In condition 15, the variables and are schematic variables, i.e., symbols that belong to the metalanguage, and the substitutions and replace these schematic variables with labels. Since and have disjoint domains, we have that and . These will be useful in the proofs below.
We are often interested in some particular Hintikka sequents that correspond to certain frame axioms. Given a set of frame axioms, a Hintikka sequent is an instance of the general Hintikka sequent where condition 15 holds for each frame axiom in . We say a Kripke frame satisfies when every frame axiom in is satisfied by the Kripke frame.
Next we show a parametric Hintikka lemma: a Hintikka sequent parameterised over a set of frame axioms gives a Kripke relational frame where the set of frame axioms are satisfied and the formulae in the right hand side of the sequent are false.
Lemma 3.4 ().
Given a set of frame axioms, every Hintikka sequent is falsifiable in some Kripke frame satisfying
Proof.
Let be an arbitrary Hintikka sequent. We construct an extended model as follows:


iff s.t.

Comments
There are no comments yet.