A Dyadic Deontic Logic in HOL

Conference Paper (PDF Available) · July 2018with 154 Reads
Conference: DEON 2018, At Utrecht, Netherlands
A shallow semantical embedding of a dyadic deontic logic by Carmo and Jones in classical higher-order logic is presented. This embedding is proven sound and complete, that is, faithful. The work presented here provides the theoretical foundation for the implementation and automation of dyadic deontic logic within o-the-shelf higher-order theorem provers and proof assistants.
Christoph Benzmüller
University of Luxembourg, Luxembourg, and Freie Universität Berlin, Germany
Ali Farjami
University of Luxembourg, Luxembourg
Xavier Parent
University of Luxembourg, Luxembourg
A shallow semantical embedding of a dyadic deontic logic by Carmo and
Jones in classical higher-order logic is presented. This embedding is proven
sound and complete, that is, faithful.
The work presented here provides the theoretical foundation for the imple-
mentation and automation of dyadic deontic logic within o-the-shelf higher-
order theorem provers and proof assistants.
Keywords: Logic of CTD conditionals by Carmo and Jones; Classical higher-
order logic; Semantic embedding; Automated reasoning
1 Introduction
Dyadic deontic logic is the logic for reasoning with dyadic obligations (“it ought to
be the case that ... if it is the case that ..."). A particular dyadic deontic logic,
tailored to so-called contrary-to-duty (CTD) conditionals, has been proposed by
Carmo and Jones [13]. We shall refer to it as DDL in the remainder. DDL comes
with a neighborhood semantics and a weakly complete axiomatization over the class
of finite models. The framework is immune to the well-known CTD paradoxes, like
This work has been supported the European Union’s Horizon 2020 research and innovation pro-
gramme under the Marie Skodowska-Curie grant agreement No 690974.
Vol. \jvolume No. \jnumber \jyear
Journal of Applied Logics — IFCoLog Journal of Logics and their Applications
Benzmüller, Farjami and Parent
Chisholm’s paradox [14, 19], and other related puzzles. However, the question of
how to mechanise and automate reasoning tasks in DDL has not been studied yet.
This article adresses this challenge. We essentially devise a faithful semantical
embedding of DDL in classical higher-order logic (HOL). The latter logic thereby
serves as an universal meta-logic. Analogous to successful, recent work in the area
of computational metaphysics (cf. [6] and the references therein), the key motivation
is to mechanise and automate DDL on the computer by reusing existing theorem
proving technology for meta-logic HOL. The embedding of DDL in HOL as devised
in this article enables just this.
Meta-logic HOL [4], as employed in this article, was originally devised by Church
[17], and further developed by Henkin [18] and Andrews [1, 3, 2]. It bases both terms
and formulas on simply typed -terms. The use of the -calculus has some major
advantages. For example, -abstractions over formulas allow the explicit naming of
sets and predicates, something that is achieved in set theory via the comprehension
axioms. Another advantage is, that the complex rules for quantifier instantiation
at first-order and higher-order types is completely explained via the rules of -
conversion (the so-called rules of -, -, and ÷-conversion) which were proposed
earlier by Church [15, 16]. These two advantages are exploited in our embedding of
Dierent notions of semantics for HOL have been thoroughly studied in the
literature [7, 20]. In this article we assume HOL with Henkin semantics and choice
(cf. the detailed description by Benzmüller et. al. [7]). For this notion of HOL, which
does not suer from Gödel’s incompleteness results, several sound and complete
theorem provers have been developed in the past decades [9]. We propose to reuse
these theorem provers for the mechanisation and automation of DDL. The semantical
embedding as devised in this article provides both the theoretical foundation for the
approach and the practical bridging technology that is enabling DDL applications
within existing HOL theorem provers.
The article is structured as follows: Section 2 outlines DDL and Sec. 3 introduces
HOL. The semantical embedding of DDL in HOL is then devised and studied in
Sec. 4. This section also addresses soundness and completeness, but due to space
restrictions the proofs can only be sketched here; for details we refer to [8]. Section 5
discusses the implementation and automation of the embedding in Isabelle/HOL [21]
and Sec. 6 concludes the paper.
2 The Dyadic Deontic Logic of Carmo and Jones
This section provides a concise introduction of DDL, the dyadic deontic logic pro-
posed by Carmo and Jones. Definitions as required for the remainder are presented.
For further details we refer to the literature [13, 12].
To define the formulas of DDL we start with a countable set Pof propositional
symbols, and we choose ¬and as the only primitive connectives.
The set of DDL formulas is given as the smallest set of formulas obeying the
following conditions:
Each piœPis an (atomic) DDL formula.
Given two arbitrary DDL formulas Ïand Â,then
¬Ïclassical negation,
ÏÂclassical disjunction,
(Â/Ï)dyadic deontic obligation: “it ought to be Â, given Ï,
2Ïin all worlds,
2aÏin all actual versions of the current world,
2pÏin all potential versions of the current world,
aÏmonadic deontic operator for actual obligation, and
pÏmonadic deontic operator for primary obligation
are also DDL formulas.
Further logical connectives can be defined as usual: Ï·Â:= ¬(¬Ï¬Â),
ÏæÂ:= ¬ÏÂ,ÏΩæ Â:= (ÏæÂ)·(ÂæÏ),3Ï:= ¬2¬Ï,3aÏ:= ¬2a¬Ï,
3pÏ:= ¬2p¬Ï,:= ¬qq, for some propositional symbol q,:= ¬, and
Ï:= (Ï/).
ADDLmodel is a structure M=ÈS, av, pv, ob, V Í,whereSis a non empty set of
items called possible worlds, Vis a function assigning a set of worlds to each atomic
formula, that is, V(pi)S.av:Sæ˝(S),where˝(S)is the power set of S,isa
function mapping worlds to sets of worlds such that av(s)=ÿ.av(s)is the set of
actual versions of the world s.pv:Sæ˝(S)is another, similar mapping such that
av(s)pv(s)and sœpv(s).pv(s)is the set of potential versions of the world s.
ob:˝(S)æ˝(˝(S)) is a function mapping sets of worlds to sets of sets of worlds.
X)is the set of propositions that are obligatory in context ¯
XS. The following
conditions hold for ob (where ¯
X, ¯
Y, ¯
Zdesignate arbitrary subsets of S):
1. ÿ/œob(¯
2. If ¯
X,then ¯
X)if and only if ¯
Benzmüller, Farjami and Parent
3. Let ¯
X)and ¯
X=ÿ(where ¯
={sœS|for all ¯
we have sœ¯
Z}), then (¯
4. If ¯
Xand ¯
X)and ¯
Z, then (¯
5. If ¯
Xand ¯
X)and ¯
Z=ÿ,then ¯
Satisfiability of a formula Ïfor a model M=ÈS, av, pv, ob, V Íand a world sœS
is expressed by writing that M,s |=Ïand we define VM(Ï)={sœS|M, s |=Ï}.
In order to simplify the presentation, whenever the model Mis obvious from context,
we write V(Ï)instead of VM(Ï). Moreover, we often use “i” as shorthand for “if
and only if”.
M,s |=pisœV(p)
M,s |=¬ÏiM,s |=Ï(that is, not M,s |=Ï)
M,s |=ÏÂiM,s |=Ïor M,s |=Â
M,s |=2ÏiV(Ï)=S
M,s |=2aÏiav(s)V(Ï)
M,s |=2pÏipv(s)V(Ï)
M,s |=(Â/Ï)iV(Â)œob(V(Ï))
M,s |=aÏiV(Ï)œob(av(s)) and av(s)V(¬Ï)=ÿ
M,s |=pÏiV(Ï)œob(pv(s)) and pv(s)V(¬Ï)=ÿ
Our evaluation rule for (_/_)is a simplified version of the one used by Carmo
and Jones. Given the constraints placed on ob, the two rules are equivalent (cf. [5,
result II-2-2]).
As usual, a DDL formula Ïis valid in a DDL model M=ÈS, av, pv, ob, V Í,i.e.
M|=DDL Ï, if and only if for all worlds sœSwe have M, s |=Ï. A formula Ïis
valid, denoted |=DDL Ï, if and only if it is valid in every DDL model.
3 Classical Higher-order Logic
In this section we introduce classical higher-order logic (HOL). The presentation,
which has partly been adapted from [5], is rather detailed in order to keep the article
suciently self-contained.
3.1 Syntax of HOL
For defining the syntax of HOL, we first introduce the set Tof simple types.We
assume that Tis freely generated from a set of basic types BT ´{o, i}using the
function type constructor .Typeodenotes the (bivalent) set of Booleans, and ia
non-empty set of individuals.
For the definition of HOL, we start out with a family of denumerable sets of typed
constant symbols (C)œT, called the HOL signature, and a family of denumerable
sets of typed variable symbols (V)œT.1We employ Church-style typing, where
each term texplicitly encodes its type information in subscript .
The language of HOL is given as the smallest set of terms obeying the following
Every typed constant symbol cœCis a HOL term of type .
Every typed variable symbol XœVis a HOL term of type .
If sand tare HOL terms of types and ,respectively,then
(st), called application, is an HOL term of type .
If XœVis a typed variable symbol and sis an HOL term of type ,then
(Xs), called abstraction, is an HOL term of type .
The above definition encompasses the simply typed -calculus. In order to
extend this base framework into logic HOL we simply ensure that the signature
(C)œTprovides a sucient selection of primitive logical connectives. Without
loss of generality, we here assume the following primitive logical connectives to be
part of the signature: ¬ooœCoo,oooœCooo,(o)oœC(o)oand
=œC, abbreviated as =. The symbols (o)oand =are
generally assumed for each type œT. The denotation of the primitive logical con-
nectives is fixed below according to their intended meaning. Binder notation Xso
is used as an abbreviation for (o)oXso. Universal quantification in HOL is
thus modeled with the help of the logical constants (o)oto be used in combi-
nation with lambda-abstraction. That is, the only binding mechanism provided in
HOL is lambda-abstraction.
HOL is a logic of terms in the sense that the formulas of HOL are given as the
terms of type o. In addition to the primitive logical connectives selected above,
we could assume choice operators (o)œC(o)(for each type )inthe
signature. We are not pursuing this here.
Type information as well as brackets may be omitted if obvious from the context,
and we may also use infix notation to improve readability. For example, we may
write (st)instead of ((oooso)to).
1For example in Section 4 we will assume constant symbols av,pv and ob with types iio,
iioand (io)(io)oas part of the signature.
Benzmüller, Farjami and Parent
From the selected set of primitive connectives, other logical connectives can be
introduced as abbreviations.2For example, we may define s·t:= ¬(¬s¬t),
sæt:= ¬st,sΩæ t:= (sæt)·(tæs),:= (XiX)=(XiX),:= ¬
and ÷Xs:= ¬X¬s.
The notions of free variables,-conversion,—÷-equality (denoted as =—÷) and
substitution of a term sfor a variable Xin a term t(denoted as [s/X]t) are
defined as usual.
3.2 Semantics of HOL
The semantics of HOL is well understood and thoroughly documented. The intro-
duction provided next focuses on the aspects as needed for this article. For more
details we refer to the previously mentioned literature [7].
The semantics of choice for the remainder is Henkin semantics, i.e., we work with
Henkin’s general models [18]. Henkin models (and standard models) are introduced
next. We start out with introducing frame structures.
Aframe Dis a collection {D}œTof nonempty sets D, such that Do={T,F}
(for truth and falsehood). The Dæare collections of functions mapping Dinto
Amodel for HOL is a tuple M=ÈD, IÍ,whereDis a frame, and Iis a family
of typed interpretation functions mapping constant symbols pœCto appropriate
elements of D, called the denotation of p. The logical connectives ¬,,and =
are always given their expected, standard denotations:3
I(¬oæo)=not œDoæosuch that not(T)=Fand not(F)=T.
I(oæoæo)=or œDoæoæosuch that or(a, b)=Ti(a=Tor b=T).
I(=ææo)=id œDææosuch that for all a, b œD,id(a, b)=Tiais
identical to b.
2As demonstrated by Andrews [4], we could in fact start out with only primitive equality in
the signature (for all types ) and introduce all other logical connectives as abbreviations based on
it. Alternatively, we could remove primitive equality from the above signature, since equality can
be defined in HOL from these other logical connectives by exploiting Leibniz’ principle, expressing
that two objects are equal if they share the same properties. Leibn iz equal ity .
=at type is thus
defined as s
=t:= Po(Ps Ωæ Pt). The motivation for the redundant signature as selected
here is to stay close to the the choices taken in implemented theorem provers such as LEO-II and
Leo-III and also to theory paper [7], which is recommended for further details.
3Since =ææo(for all types ) is in the signature, it is ensured that the domains Dææo
contain the respective identity relations. This addresses an issue discovered by Andrews [2]: if such
identity relations did not existing in the Dææo, then Leibniz equality in Henkin semantics might
not denote as intended.
I((æo)æo)=all œD(æo)æosuch that for all sœDæo,all(s)=Ti
s(a)=Tfor all aœD;i.e.,sis the set of all objects of type .
Variable assignments are a technical aid for the subsequent definition of an inter-
pretation function Î.ÎM,g for HOL terms. This interpretation function is parametric
over a model Mand a variable assignment g.
Avariable assignment gmaps variables Xto elements in D.g[d/W ]denotes
the assignment that is identical to g, except for variable W, which is now mapped
to d.
The denotation ÎsÎM,g of an HOL term son a model M=ÈD, IÍunder
assignment gis an element dœDdefined in the following way:
ÎpÎM,g =I(p)
ÎXÎM,g =g(X)
Î(sæt)ÎM,g =ÎsæÎM,g(ÎtÎM,g)
Î(Xs)æÎM,g =the function ffrom Dto Dsuch that
f(d)=ÎsÎM,g[d/X]for all dœD
AmodelM=ÈD, I Íis called a standard model if and only if for all ,œ
Twe have Dæ={f|f:D≠æ D}.InaHenkin model (general model)
function spaces are not necessarily full. Instead it is only required that for all
,œT,Dæ{f|f:D≠æ D}. However, it is required that the valuation
function ηÎ
M,g from above is total, so that every term denotes. Note that this
requirement, which is called Denotatpflicht, ensures that the function domains Dæ
never become too sparse, that is, the denotations of the lambda-abstractions as
devised above are always contained in them.
Corollary 1. For any Henkin model M=ÈD, IÍand variable assignment g:
1. Î(¬oæoso)oÎM,g =TiÎsoÎM,g =F.
2. Î((oæoæoso)to)oÎM,g =TiÎsoÎM,g =Tor ÎtoÎM,g =T.
3. Î((·oæoæoso)to)oÎM,g =TiÎsoÎM,g =Tand ÎtoÎM,g =T.
4. Î((æoæoæoso)to)oÎM,g =Ti(if ÎsoÎM,g =Tthen ÎtoÎM,g =T).
5. Î((Ωæ oæoæoso)to)oÎM,g =Ti(ÎsoÎM,g =TiÎtoÎM,g =T).
6. ΀ÎM,g =T.
7. ΋ÎM,g =F.
Benzmüller, Farjami and Parent
8. Î(Xso)oÎM,g =Tifor all dœDwe have ÎsoÎM,g[d/X]=T.
9. Î(÷Xso)oÎM,g =Tithere exists dœDsuch that ÎsoÎM,g[d/X]=T.
Proof. We leave the proof as an exercise to the reader.
An HOL formula sois true in an Henkin model Munder assignment gif and
only if ÎsoÎM,g =T; this is also expressed by writing that M,g |=HOL so. An HOL
formula sois called valid in M, which is expressed by writing that M|=HOL so,if
and only if M,g |=HOL sofor all assignments g. Moreover, a formula sois called
valid, expressed by writing that |=HOL so, if and only if sois valid in all Henkin
models M. Finally, we define |=HOL sofor a set of HOL formulas if and only if
M|=HOL sofor all Henkin models Mwith M|=HOL tofor all toœ.
Note that any standard model is obviously also a Henkin model. Hence, validity
of a HOL formula sofor all Henkin models, implies validity of sofor all standard
4 Modeling DDL as a Fragment of HOL
This section, the core contribution of this article, presents a shallow semantical
embedding of DDL in HOL and proves its soundness and completeness. In contrast
to a deep logical embedding, where the syntax and semantics of logic Lwould
be formalized in full detail (using structural induction and recursion), only the core
dierences in the semantics of both DDL and meta-logic HOL are explicitly encoded
4.1 Semantical Embedding
DDL formulas are identified in our semantical embedding with certain HOL terms
(predicates) of type io. They can be applied to terms of type i, which are
assumed to denote possible worlds. That is, the HOL type iis now identified with
a (non-empty) set of worlds. Type iois abbreviated as ·in the remainder.
The HOL signature is assumed to contain the constant symbols avi·,pvi·and
ob··o. Moreover, for each propositional symbol piof DDL, the HOL signature
must contain the corresponding constant symbol pi
·. Without loss of generality, we
assume that besides those symbols and the primitive logical connectives of HOL, no
other constant symbols are given in the signature of HOL.
The mapping ·Êtranslates DDL formulas sinto HOL terms ÂsÊof type ·.The
mapping is recursively4defined:
··and p
··thereby abbreviate
the following HOL terms:
···=A·B·Xi(AX BX)
···=A·B·Xi(ob A B)
··=A·XiYi(¬(av X Y )AY)
··=A·XiYi(¬(pv X Y )(AY))
··=A·Xi((ob (av X)A)·÷Yi(av X Y ·¬(AY)))
··=A·Xi((ob (pv X)A)·÷Yi(pv X Y ·¬(AY)))
Analyzing the truth of a translated formula ÂsÊin a world represented by term wi
corresponds to evaluating the application (ÂsÊwi). In line with previous work [10],
we define vld·o=A·Si(AS). With this definition, validity of a DDL formula s
in DDL corresponds to the validity of formula (vld ÂsÊ)in HOL, and vice versa.
4.2 Soundness and Completeness
To prove the soundness and completeness, that is, faithfulness, of the above embed-
ding, a mapping from DDL models into Henkin models is employed.
Definition 1 (Henkin model HMfor DDL model M).For any DDL model M=
ÈS, av, pv, ob, V Í, we define a corresponding Henkin model HM. Thus, let a DDL
model M=ÈS, av, pv, ob, V Íbe given. Moreover, assume that piœP,foriØ1,are
4A recursive definition is actually not needed in practice. By inspecting the equations below it
should become clear that only the abbreviations for the logical connectives of DDL are required in
combination with a type-lifting for the propositional constant symbols; cf. also Fig. 1.
Benzmüller, Farjami and Parent
the only propositional symbols of DDL. Remember that our embedding requires the
corresponding signature of HOL to provide constant symbols pj
·such that ÂpjÊ=pj
for j=1,...,m.
A Henkin model HM=È{D}œT,IÍfor Mis now defined as follows: Diis cho-
sen as the set of possible worlds S; all other sets Dare chosen as (not necessarily
full) sets of functions from Dto D.ForallDthe rule that every term t
must have a denotation in Dmust be obeyed (Denotatpflicht). In particular, it
is required that D·,Di·and D··ocontain the elements Ipj
Iob··o. The interpretation function Iof HMis defined as follows:
1. For i=1,...,m,Ipi
·œD·is chosen such that Ipi
2. Iavi·œDi·is chosen such that Iavi·(s, u)=Tiuœav(s)in M.
3. Ipvi·œDi·is chosen such that Ipvi·(s, u)=Tiuœpv(s)in M.
4. Iob··oœD··ois such that Iob··o(¯
X, ¯
X)in M.
5. For the logical connectives ¬,,and =of HOL the interpretation function
Iis defined as usual (see the previous section).
Since we assume that there are no other symbols (besides the pi,av,pv,ob and
¬,,,and=) in the signature of HOL, Iis a total function. Moreover, the
above construction guarantees that HMis a Henkin model: ÈD, IÍis a frame, and
the choice of Iin combination with the Denotatpflicht ensures that for arbitrary
assignments g,Î.ÎHM,g is an total evaluation function.
Lemma 1. Let HMbe a Henkin model for a DDL model M.InHMwe have for
all sœDiand all ¯
X, ¯
Y, ¯
ZœD·(cf. the conditions on DDL models as stated on
page 3):5
(av) Iavi·(s)=ÿ.
(pv1) Iavi·(s)Ipvi·(s).
(pv2) sœIpvi·(s).
(ob1) ÿ/œIob··o(¯
(ob2) If ¯
X, then (¯
(ob3) Let ¯
X)and ¯
If (¯
X=ÿ, where ¯
={sœS|for all ¯
we have sœ¯
then (¯
5In the proof in [8] we implicitly employ curring and uncurring, and we associate sets with their
characteristic functions. This analogously applies to the remainder of this article.
(ob4) If ¯
Xand ¯
X)and ¯
then (¯
(ob5) If ¯
Xand ¯
X)and ¯
then ¯
Proof. Each statement follows by construction of HMfor M.
Lemma 2. Let HM=È{D}œT,IÍbe a Henkin model for a DDL model M.We
have HM|=HOL for all œ{AV, P V 1,PV2,OB1,...,OB5}, where
AV is Wi÷Vi(avi·WiVi)
PV1 is WiVi(avi·WiViæpvi·WiVi)
PV2 is Wi(pvi·WiWi)
OB1 is X·¬ob··oX·(X·)
OB2 is X·Y·Z·((Wi((Y·Wi·X·Wi)Ωæ (Z·Wi·X·Wi)))
æ(ob··oX·Y·Ωæ ob··oX·Z·))
OB3 is ··oX·
(((Z·(··oZ·æob··oX·Z·)) ·÷Z·(··oZ·))
æ((÷Yi(((WiZ·(··oZ·æZ·Wi)) Yi)·X·Yi))
OB4 is X·Y·Z·
OB5 is X·Y·Z·
Proof. By construction of HMfor Min combination with Lemma 1.
Lemma 3. Let HMbe a Henkin model for a DDL model M. For all DDL formulas
, arbitrary variable assignments gand worlds sit holds:
M,s |=if and only if ÎÂÊSiÎHM,g[s/Si]=T
Proof. By induction on the structure of .
Lemma 4. For every Henkin model H=È{D}œT,IÍsuch that H|=HOL for all
œ{AV , PV 1, P V2 , O B1 ,. .. , OB5 }, there exists a corresponding DDL model M.
Corresponding means that for all DDL formulas and for all assignments gand
worlds s,ÎÂÊSiÎH,g[s/Si]=Tif and only if M,s .
Benzmüller, Farjami and Parent
Proof. Suppose that H=È{D}œT,IÍis a Henkin model such that H|=HOL for
all œ{AV, PV1, PV2, OB1,..,OB5}. Without loss of generality, we can assume
that the domains of Hare denumerable [18]. We construct the corresponding DDL
model Mas follows:
1. S=Di,
2. sœav(u)for s, u œSiIavi·(s, u)=T,
3. sœpv(u)for s, u œSiIpvi·(s, u)=T,
4. ¯
Y)for ¯
X, ¯
YœDi≠æ DoiIob··o(¯
X, ¯
Y)=T, and
5. sœV(pj)iIpj
Since H|=HOL for all œ{AV, PV1, PV2, OB1, .., OB5}, it is straightfor-
ward (but tedious) to verify that av,pv and ob satisfy the conditions as required for
Moreover, the above construction ensures that His a Henkin model HMfor
DDL model M. Hence, Lemma 3 applies. This ensures that for all DDL formulas
, for all assignment gand all worlds swe have ÎÂÊSiÎH,g[s/Si]=Tif and only if
M,s .
Theorem 1 (Soundness and Completeness of the Embedding).
|=DDL Ïif and only if {AV , PV 1, P V2 , O B1 ,. ., OB5 }|=HOL vld ÂÏÊ
Proof. (Soundness, Ω) The proof is by contraposition. Assume |=DDL Ï, that is,
there is a DDL model M=ÈS, av, pv, ob, V Í, and world sœS, such that M,s |=Ï.
Now let HMbe a Henkin model for DDL model M. By Lemma 3, for an arbitrary
assignment g, it holds that ÎÂÏÊSiÎHM,g[s/Si]=F. Thus, by definition of Î.Î,
it holds that Î’Si(ÂÏÊS)ÎHM,g =Îvld ÂÏÊÎHM,g =F. Hence, HM|=HOL vld ÂÏÊ.
Furthermore, HM|=HOL for all œ{AV, PV1, PV2, OB1,. . . ,OB5}by Lemma 2.
Thus, {AV, PV1, PV2, OB1,..,OB5}|=HOL vld ÂÏÊ.
(Completeness, æ) The proof is again by contraposition. Assume
{AV, PV1, PV2, OB1,..,OB5}|=HOL vld ÂÏÊ, that is, there is a Henkin model H=
È{D}œT,IÍsuch that H|=HOL for all œ{AV, PV1, PV2, OB1,..,OB5},but
Îvld ÂÏÊÎH,g =Ffor some assignment g. By Lemma 4, there is a DDL model M
such that M2Ï. Hence, |=DDL Ï.
Each DDL reasoning problem thus represents a particular HOL problem. The
embedding presented in this section, which is based on simple abbreviations, tells
us how the two logics are connected.
5 Implementation in Isabelle/HOL
The semantical embedding as devised in Sec. 4 has been implemented in the higher-
order proof assistant Isabelle/HOL [21]. Figure 1 displays the respective encoding.
Figure 2 applies this encoding to Chisholm’s paradox (cf. [14]), which involves the
following four statements:
1. It ought to be that Jones goes to assist his neighbors;
2. It ought to be that if Jones goes, then he tells them he is coming;
3. If Jones doesn’t go, then he ought not tell them he is coming;
4. Jones doesn’t go.
These statements can be given a consistent formalisation in DDL see Fig. 2. This
is confirmed by the model finder Nitpick [11] integrated with Isabelle/HOL. Nitpick
computes an intuitive, small model for the scenario consisting of two possible worlds
i1and i2. Function ob is interpreted in this model as follows:
The designated current world in the given model is i2, in which Jones doesn’t go to
assist his neighbors and doesn’t tell them that he is coming. In the other possible
world i1, Jones is going to assist them and he also tells them that he his coming.
That is, V(go)=V(tell)={i1}. Also, we have {i1}œob({i1,i
2}). So, i2|=go by
the evaluation rule for . Similarly, {i1}œob({i1})implies i2|=(tell/go), and
{i2}œob({i2})implies i2|=(¬tell/¬go).
For further experiments, focusing on the automation of meta-theoretic aspects
of DDL, we refer to [8, Fig. 2 and Fig. 3].
6 Conclusion
A shallow semantical embedding of Carmo and Jones’s logic of contrary-to-duty
conditionals in classical higher-order logic has been presented, and shown to be
faithful (sound an complete). This theory work has meanwhile been implemented in
the proof assistant Isabelle/HOL. This implementation constitutes the first theorem
Benzmüller, Farjami and Parent
prover for the logic by Carmo and Jones that is available to date. The foundational
theory for this implementation has been laid in this article.
There is much room for future work. First, experiments could investigate whether
the provided implementation already supports non-trivial applications in practical
normative reasoning, or whether further emendations and improvements are re-
quired. Second, the introduced framework could also be used to systematically anal-
yse the properties of Carmo and Jones’s dyadic deontic logic within Isabelle/HOL.
Third, analogous to previous work in modal logic [10], the provided framework could
be extended to study and support first-order and higher-order variants of the frame-
We thank the anonymous reviewers for their valuable feedback and comments.
[1] P.B. Andrews. Resolution in type theory. Journal of Symbolic Logic, 36(3):414–432,
[2] P.B. Andrews. General models and extensionality. Journal of Symbolic Logic, 37(2):395–
397, 1972.
[3] P.B. Andrews. General models, descriptions, and choice in type theory. Journal of
Symbolic Logic, 37(2):385–394, 1972.
[4] P.B. Andrews. Church’s type theory. In E.N. Zalta, editor, The Stanford Encyclopedia
of Philosophy. Metaphysics Research Lab, Stanford University, spring 2014 edition,
[5] C. Benzmüller. Cut-elimination for quantified conditional logic. Journal of Philosophical
Logic, 46(3):333–353, 2017.
[6] C. Benzmüller. Recent successes with a meta-logical approach to universal logical
reasoning (extended abstract). In S.A. da Costa Cavalheiro and J.L. Fiadeiro, editors,
Formal Methods: Foundations and Applications - 20th Brazilian Symposium, SBMF
2017, Recife, Brazil, November 29 - December 1, 2017, Proceedings, volume 10623 of
Lecture Notes in Computer Science, pages 7–11. Springer, 2017.
[7] C. Benzmüller, C. Brown, and M. Kohlhase. Higher-order semantics and extensionality.
Journal of Symbolic Logic, 69(4):1027–1088, 2004.
[8] C. Benzmüller, A. Farjami, and X. Parent. Faithful semantical embedding of a dyadic
deontic logic in HOL. CoRR, https://arxiv.org/abs/1802.08454, 2018.
[9] C. Benzmüller and D. Miller. Automation of higher-order logic. In D.M. Gabbay,
J.H. Siekmann, and J. Woods, editors, Handbook of the History of Logic, Volume 9 —
Computational Logic, pages 215–254. North Holland, Elsevier, 2014.
[10] C. Benzmüller and L.C. Paulson. Quantified multimodal logics in simple type theory.
Logica Universalis (Special Issue on Multimodal Logics), 7(1):7–20, 2013.
[11] J.C. Blanchette and T. Nipkow. Nitpick: A counterexample generator for higher-order
logic based on a relational model finder. In ITP 2010, number 6172 in Lecture Notes
in Computer Science, pages 131–146. Springer, 2010.
[12] J. Carmo and A.J.I. Jones. Deontic logic and contrary-to-duties. In D. M. Gabbay
and F. Guenthner, editors, Handbook of Philosophical Logic: Volume 8, pages 265–343.
Springer Netherlands, Dordrecht, 2002.
[13] J. Carmo and A.J.I. Jones. Completeness and decidability results for a logic of contrary-
to-duty conditionals. J. Log. Comput., 23(3):585–626, 2013.
[14] R.M. Chisholm. Contrary-to-duty imperatives and deontic logic. Analysis, 24:33–36,
[15] A. Church. A set of postulates for the foundation of logic. Annals of Mathematics,
33(3):346–366, 1932.
[16] A. Church. An unsolvable problem of elementary number theory. American Journal of
Mathematics, 58(2):354–363, 1936.
[17] A. Church. A formulation of the simple theory of types. Journal of Symbolic Logic,
5(2):56–68, 1940.
[18] L. Henkin. Completeness in the theory of types. Journal of Symbolic Logic, 15(2):81–91,
[19] P. McNamara. Deontic logic. In E.N. Zalta, editor, The Stanford Encyclopedia of
Philosophy. Metaphysics Research Lab, Stanford University, winter 2014 edition, 2014.
[20] R. Muskens. Intensional models for the theory of types. Journal of Symbolic Logic,
75(1):98–118, 2007.
[21] T. Nipkow, L.C. Paulson, and M. Wenzel. Isabelle/HOL — A Proof Assistant for
Higher-Order Logic, volume 2283 of Lecture Notes in Computer Science. Springer,
Received \jreceived
Benzmüller, Farjami and Parent
Figure 1: Shallow semantical embedding of DDL in Isabelle/HOL.
Received \jreceived
Figure 2: The Chisholm paradox scenario encoded in DDL (the shallow semantical
embedding of DDL in Isabelle/HOL as displayed in Fig. 1 is imported here). Nitpick
confirms consistency the encoded statements.
Received \jreceived
  • ... With our contribution we make a first, important step towards formally assessing the PGC and its potential applications in AI. Our formalisation utilises the shallow semantical embedding approach [3] and adapts a recent embedding of dyadic deontic logic in HOL [1] [2]. ...
    ... We introduce a modification of the semantic embedding developed by Benzmüller et al. [1] [2] for the Dyadic Deontic Logic originally presented by Carmo and Jones [5]. We extend this embedding to a two-dimensional semantics as originally presented by David Kaplan [7] [8]. ...
    Full-text available
    An ambitious ethical theory ---Alan Gewirth's "Principle of Generic Consistency"--- is encoded and analysed in Isabelle/HOL. Gewirth's theory has stirred much attention in philosophy and ethics and has been proposed as a potential means to bound the impact of artificial general intelligence.
  • ... The closest work to ours is Benzmüller & al. (2018), where the authors translate the language of deontic logics significantly more complex than DL * into higher-order lan- guages and then encode the latter into automatic theorem provers such as Isabelle/HOL ( Nipkow & al. 2002) and LEO-3 (Benzmüller & al. 2017). The major difference with our approach turns out to be a matter of complexity in derivability-checking. ...
    Systems of deontic logic suffer either from being too expressive and therefore hard to mechanize, or from being too simple to capture relevant aspects of normative reasoning. In this article we look for a suitable way in between: the automation of a simple logic of normative ideality and sub-ideality that is not affected by many deontic paradoxes and that is expressive enough to capture contrary-to-duty reason- ing. We show that this logic is very useful to reason on normative scenarios from which one can extract a certain kind of argumentative structure, called a Normative Detachment Structure with Ideal Conditions. The theoretical analysis of the logic is accompanied by examples of automated reasoning on a concrete legal text.
  • Article
    Full-text available
    A shallow semantical embedding of a dyadic deontic logic by Carmo and Jones in classical higher-order logic is presented. This embedding is proven sound and complete, that is, faithful. The work presented here provides the theoretical foundation for the implementation and automation of dyadic deontic logic within off-the-shelf higher-order theorem provers and proof assistants.
  • Article
    Full-text available
    A semantic embedding of quantified conditional logic in classical higher-order logic is utilized for reducing cut-elimination in the former logic to existing results for the latter logic. The presented embedding approach is adaptable to a wide range of other logics, for many of which cut-elimination is still open. However, special attention has to be payed to cut-simulation, which may render cut-elimination as a pointless criterion.
  • Article
    This article has two parts. In Part I, we briefly outline the analysis of ‘contrary-to-duty’ obligation sentences presented in our 2002 handbook chapter ‘Deontic logic and contrary-to-duties’, with a focus on the intuitions that motivated the basic formal-logical moves we made. We also explain that the present account of the theory differs in two significant respects from the earlier version, one terminological, the other concerning the way the constituent modalities interconnect. Part II is the principal contribution of this article, in which we show that it is possible to define a complete and decidable axiomatization for the Carmo and Jones logic, a problem that was still open. The axiomatization includes two new inference rules; we illustrate their use in proofs, and show that on the basis of this axiomatization we can recover all the axioms and rules considered in ‘Deontic logic and contrary-to-duties’, and used there in the analysis of contrary-to-duty conditional scenarios.
  • Article
    Deontic logic is concerned with the logical analysis of such normative notions as obligation, permission, right and prohibition. Although its origins lie in systematic legal and moral philosophy, deontic logic has begun to attract the interest of researchers in other areas, particularly computer science, management science and organisation theory. Among the application areas which have already received some attention in the literature are: issues of knowledge representation in the design of legal expert systems; the formal specification of aspects of computer systems, for instance in regard to security and access control policies, fault tolerance, and database integrity constraints; the formal characterisation of aspects of organisational structure, pertaining for example to the responsibilities and powers which agents are required or authorised to exercise. The “AEON” workshop proceedings provide some illustrations of work in these areas (see [ΔEON91; ΔEON94; ΔEON96]).
  • Article
    Full-text available
    We present an embedding of quantified multimodal logics into simple type theory and prove its soundness and completeness. A correspondence between QKπ models for quantified multimodal logics and Henkin models is established and exploited. Our embedding supports the application of off-the-shelf higher- order theorem provers for reasoning within and about quantified multimodal logics. Moreover, it provides a starting point for further logic embeddings and their combinations in simple type theory.
  • Conference Paper
    Full-text available
    Nitpick is a counterexample generator for Isabelle/HOL that builds on Kodkod, a SAT-based first-order relational model finder. Nitpick supports unbounded quantification, (co)inductive predicates and datatypes, and (co)recursive functions. Fundamentally a finite model finder, it approximates infinite types by finite subsets. As case studies, we consider a security type system and a hotel key card system. Our experimental results on Isabelle theories and the TPTP library indicate that Nitpick generates more counterexamples than other model finders for higher-order logic, without restrictions on the form of the formulas to falsify.