Categorical and Kripke Semantics for Constructive S4

Modal Logic
Natasha Alechina
1
, Michael Mendler
2
, Valeria de Paiva
3
, and Eike Ritter
4
1
School of Computer Science and IT, Univ. of Nottingham, UK, nza@cs.nott.ac.uk
2
Department of Computer Science, Univ. of Shefeld, UK, michael@dcs.shef.ac.uk
3
Xerox Palo Alto Research Center (PARC), USA, paiva@parc.xerox.com
4
School of Computer Science, Univ. of Birmingham, UK, exr@cs.bham.ac.uk
Abstract. We consider two systems of constructive modal logic which are com-
putationally motivated. Their modalities admit several computational interpreta-
tions and are used to capture intensional features such as notions of computation,
constraints, concurrency, etc. Both systems have so far been studied mainly from
type-theoretic and category-theoretic perspectives, but Kripke models for simi-
lar systems were studied independently. Here we bring these threads together and
prove duality results which show how to relate Kripke models to algebraic models
and these in turn to the appropriate categorical models for these logics.
1 Introduction
This paper is about relating traditional Kripke-style semantics for constructive modal
logics to their corresponding categorical semantics. Both forms of semantics have im-
portant applications within computer science. Our aim is to persuade traditional modal
logicians that categorical semantics is easy, fun and useful; just like Kripke semantics.
Additionally we show that categorical semantics generates interesting new constructive
modal logics, which differ somewhat from the traditional diet of intuitionistic modal
logics[WZ95].
The salient feature of the constructive modal logics considered in this paper is the
omission of the axioms 3(AB) 3A3B and 3, which are typically assumed
for possibility 3not only in classical but also in intuitionistic settings. While in classical
(normal) modal logics these principles follow from the properties of necessity 2 there
is no a priori reason to adopt them in an intuitionistic setting where the classical duality
between 2 and 3 breaks down and 3 is no longer derivable from2. In fact, a growing
body of work motivated by computer science applications [Wij90,FM97,PD01] rejects
these principles from a constructive point of view. In this paper we will study the se-
mantics of two such constructive modal logics, CS4 and PLL, introduced below.
We explore three standard types of semantics, Kripke, categorical, and algebraic se-
mantics for CS4 and PLL. The algebraic semantics (CS4-modal algebra, PLL-modal
algebra) is concerned only with equivalence of and the relative strength of formulas in
terms of abstract semantic values (eg. truth values, proofs, constraints, etc...). It does not
explain why a formula is true or why one formula is stronger than another. If one is in-
terested in a more informative presentation and a concrete analysis of semantics, then a
Kripke or categorical semantics may be more useful. The former explains meaning in
terms of worlds (in models) and validity of assertions at worlds (in models) in a classical
Tarski-style interpretation. The semantic value is given by the set of worlds at which a
formula is valid. This form of semantics has been very successful for intuitionistic and
modal logics alike. More recent and less traditional is the categorical approach. Here,
we model not only the semantic value of a formula, but also the semantic value of
its derivations/proofs, usually in a given natural deduction calculus. Thus, derivations in
the logic are studied as entities in their own right, and have their own semantic objects
in the models. Many applications of modal logic to computer science rely on having a
term calculus for natural deduction proofs in the logic. Such a termcalculus is a suitable
variant of the -calculus, which is the prototypical functional programming language.
From this point of view the semantic value of a formula is given by the collection of
normal formprograms that witness its assertion. Having a calculus of terms correspond-
ing to derivations in the logic one obtains a direct correspondence between properties
of proofs and properties of programs in the functional programming language based on
these terms. For a discussion of the necessity modal operator 2 and its interpretation as
the eval/quote operator in Lisp the reader is refered to [GL96].
In this sense both Kripke semantics and categorical semantics, presented here for
CS4 and PLL, should be seen as two complementary elaborations of the algebraic
semantics. They are both intensional renements of their correspondingmodal algebras,
and have important applications within computer science. The natural correspondence
between the Kripke models and modal algebras will be stated and proved as a Stone
Duality Theorem. This turns out to require a different approach compared to other more
standard intuitionistic modal logics, in particular as regards the 3 modality. The other
correspondence, between modal algebras and corresponding categorical structures, is
essentially that between natural deduction proofs and the appropriate -calculus. This
is known as the Extended Curry-Howard Isomorphism. Whereas the extended Curry-
Howard isomorphismbetween intuitionistic propositional logic and the simply-typed -
calculus has been known since the late 60s, establishing such isomorphisms for modal
logics is a more recent development. In this paper we develop a suitable categorical
semantics and associated -calculus for CS4 and PLL. It should be mentioned that the
results for PLL are not new (see [FM97] for the Kripke and [BBdP98] for categorical
semantics for PLL). Our contribution here is to show how PLL is related to CS4 and
how these known results for PLL can be derived from those from CS4, or, to put it the
other way round, how the known constructions for PLL may be generalised to CS4.
2 The Constructive Modal Systems CS4 and PLL
In this paper we take a fresh look at two prominent constructive modal extensions to
intuitionistic propositional logic (IPL), which are particularly interesting because of
their various applications in computer science.
To give the reader a taste for these applications, we list a few. Davies and Pfenning
[DP96] use the 2-modality to give a -calculus for computation in stages. The idea
is that a term 2t represents a delayed computation. Ghani et al. [GdPR98] investigate
renements of this calculus which are suitable for the design of abstract machines.
Similar ideas relating 2with staged evaluation and the distinction between run-time and
compile-time semantics have been developed by Moggi et.al. [BMTS99]. Despeyroux
and Pfenning [DPS97] use a box modality to encode higher-order abstract syntax in
theorem-provers like Elf and Isabelle. Still another use of the 2 modality, to model
the quote mechanism of Lisp, is proposed by Goubault-Larrecq [GL96]. A 3-style
modality has been extensively used to distinguish a computation from its result in the
-calculus: Moggis [Mog91] inuential work on computational monads describes the
computational -calculus, which corresponds to an intuitionistic modal type theory with
a 3-like modality (see [BBdP98]). Fairtlough and Mendler [Men93,FMW97,Men00]
use the same modality, which they call

, in their work on lax logic for constraints and
hardware verication. The calculus has also been used for denotational semantics of
exception handling mechanisms, continuations, etc. On the syntactic side, it has been
used, in the monadic-style of functional programming to add a notion of encapsulated
state to functional languages.
Despite their relevance for computer science these modal extensions of IPL seem
to be less well investigated as modal logics in their own right, perhaps because of the
unusual properties of their associated modal operators.
2.1 Constructive S4
The rst modal system, which we call Constructive S4 (CS4), is a version of the intu-
itionistic S4 rst introduced by Prawitz in his 1965 monograph [Pra65]. The Hilbert-
style formulation of CS4 is obtained by extending IPL by a pair 2, 3 of S4-like intu-
itionistic modalities satisfying the axioms and the necessitation rule listed in Figure 1.
The normal basis of CS4, i.e., consisting only of axioms 2K and 3K plus the axiom
3 (which we reject, see below) has been introduced
1
and motivated by Wijesek-
era [Wij90] as a predecessor to constructive concurrent dynamic logic. The practical
importance of CS4 as a type system for functional programming is evident from the
literature, e.g. as cited in the beginning of this section, though most applications so far
focus on the 2 modality. The formal role of 3 and its interaction with 2 has recently
been studied systematically by Pfenning and Davies [PD01].
2K : 2(A B) (2A 2B) 3K : 2(A B) (3A 3B)
2T : 2A A 3T : A 3A
24 : 2A 22A 34 : 33A 3A
Nec : If A is a theorem then 2A is a theorem.
Fig. 1. Hilbert-style system for Constructive S4
The natural deduction formulation of CS4 is subject to some controversy. We recall
it in the style of Bierman and de Paiva [BdP96]. The naive introduction rule for 2(corre-
sponding to the necessitation rule Nec) insists that all of the undischarged assumptions
at the time of application are modal, i.e. they are all of the form 2A
i
. However, the
1
Wijesekera considers a rst order system, to be precise.
fundamental feature of natural deduction is that it is closed under substitution and this
naive rule will not be closed under substitution, i.e. substituting a correct derivation in
another correct derivation will yield an incorrect one (if this substitution introduces non-
modal assumptions). We conclude that 2
I
must be formulated as in Figure 2, where the
substitutions are given explicitly. The same sort of problem arises in the rules for 3
E
and the same solution (of explicit substitutions) can be used, see the rule 3
E
in Figure 2.
Both problems were rst observed by Prawitz, who proposed a syntactically more
complicated way of solving it [Pra65]. An interesting alternative approach has recently
been presented by Pfenning and Davies [PD01], which (essentially) involves two kinds
of variables, and two kinds of substitution. Note that in our solution the discharging
brackets are used in a slightly different way from traditional natural deduction. In the
introduction rule for 2 they mean, discharge all assumptions (which must be all boxed
in this rule).
.
.
.
2B
B
(2E)
[2A1 2An]
.
.
.
.
.
.
.
.
.
2A1 . . . 2An B
2B
(2I)
.
.
.
B
3B
(3I)
[2A1 2An B]
.
.
.
.
.
.
.
.
.
.
.
.
2A1 . . . 2An 3B 3C
3C
(3E)
Fig. 2. Natural Deduction rules for Constructive S4
The system CS4 is the weakest among the variants of intuitionistic S4 discussed in
the literature. In particular, it does not prove the distribution of the possibility operator
over disjunction 3(A B) 3A 3B, nor does it assume 3, i.e., that possi-
bly falsum (3) and falsum () are equiprovable (which is the nullary form of the
distribution). This version of non-classical S4 without distributivity of 3 over is ex-
tremely well-behaved. As we will see there is a complete version of the Curry-Howard
Isomorphism for it.
2.2 Propositional Lax Logic
The second constructive modal logic we consider is an extension of IPL that features a
single modality 3 satisfying the axioms
3T : A 3A
34 : 33A 3A
3F : (A B) 3A 3B.
The third axiom is known (categorically) as functorial strength. This system is dis-
cussed under different names and in slightly differing but equivalent axiomatic pre-
sentations, such as Computational Logic [BBdP98] or Propositional Lax Logic (PLL)
[FM97]. Henceforth we shall call it PLL. The natural deduction system contains the
following rules for 3 ([Men93]):
.
.
.
B
3B
(3
I
)
[A]
.
.
.
.
.
.
3A 3B
3B
(3
E
)
PLL also has a colourful history. As a modal logic it was invented in the forties by
Curry [Cur57] (who seems to have dropped it again because of its wild properties) and
independently rediscovered in the nineties by Benton et al. and Fairtlough and Mendler,
who used the symbol

for the modality, as the Curry-Howard isomorphic version of
Moggis computational lambda-calculus. As an algebra the system PLL is well known
in abstract topology. The operator

arises naturally as a (strong, or multiplicative)
closure operator on the lattice of open sets, or more generally as a so-called nucleus
in the theory of topoi and sheacation [Joh82]. From this topological perspective,
Goldblatt studied a system identical to PLL accommodating Lawveres suggestion that
the

modality means it is locally the case that by interpreting this in various ways to
mean at all nearby points [Gol81,Gol93]. The algebraic properties of such operators
(on complete Heyting algebras) have been explored by Macnab [Mac81], who calls
them modal operators.
In this paper we show how PLL can be naturally seen as a special CS4 theory
or CS4 algebra in the sense that it can be obtained from CS4 by adding the axiom
A 2A. These results identify

as a constructive modality of possibility and provide
a satisfactory explanation for why in PLL a modality 2 is missing: it is implicitly built
into the semantics already.
3 Kripke models
Our rst step is to develop a suitable Kripke model theory for CS4. While it is easy to
agree that a Kripke model of constructive modal logic should consist of a set of worlds
W and two accessibility relations, one intuitionistic and the other modal R, it is not so
clear how these relations should interact (frame conditions) and just how they should be
used to interpret specically the 3 modality. The mainstream approach as exemplied
by Ewald [Ewa86], Fischer-Servi [FS80], Plotkin and Stirling [PS86], Simpson [Sim94]
is based on the analogy of 2 with and of 3 with -quantication over the modal
accessibility R. Reading these quantiers intuitionistically, relative to , one arrives at
the semantic interpretation w [= 2A iff v. w v u. v R u u [= A for
necessity, and
w [= 3A iff u. w R u & u [= A (1)
for possibility. Indeed, as the shown in the literature, this gives a fruitful basis for intu-
itionistic modal logics. Unfortunately, it is not suitable for CS4, since it forces the ax-
iom3(AB) (3A3B) to hold, which we want to avoid. It also requires an extra
frame condition to ensure hereditariness of truth, viz., that w [= 3Aand w v implies
v [= 3A. Hereditariness, however, can also be achieved simply by -quantifying over
all -successors in the interpretation of 3:
w [= 3A iff u. w u v. u R v & v [= A. (2)
Not only does this away with the extra frame condition to force 3hereditary along , it
also eliminates the unwanted axiom3(AB) (3A3B). In fact, as it turns out this
works for CS4. This interpretation (2) of 3, as far as we are aware, has been introduced
by Wijesekera [Wij90] to capture non-deterministic computations and independently in
[FM97] as an adequate Kripke interpretation of truth up to constraints. In both cases
the absence of the axioms 3(A B) (3A 3B) is a natural consequence of the
semantics.
Wijesekera only considered the normal base 2K, 3K of CS4, yet included the
axiom 3. To eliminate the axiom 3 we follow [FM97] in permitting explicit
fallible worlds in our models. What remains, then, is to nd suitable frame conditions
on and R that are characterised by the CS4 axioms 2T, 24, 3T, 34. These are
incorporated into the following notion of CS4 model:
Denition 1. A Kripke model of CS4 is a structure M = (W, , R, [=), where W is
a non-empty set, and R are reexive and transitive binary relations on W, and [= a
relation between elements w W and propositions A, written w [= A (A satised at
w in M) such that:
is hereditary with respect to propositional variables, that is, for every variable p
and worlds w, w

, if w w

and w [= p, then w

[= p.
R and are related as follows: if wRw

and w

v then there exists v

such that
w v

and v

Rv. In other words: (R ; ) ( ; R).

The relation [= has the following properties:
w [= ;
w [= A B iff w [= A and w [= B;
w [= A B iff w [= A or w [= B;
w [= A B iff w

. w w

(w

[= A w

[= B)
w [= 2A iff w

. w w

u. w

Ru u [= A
w [= 3A iff w

. w w

u. w

Ru u [= A
Notice that we do not have the clause w ,[= , i.e., we allow inconsistent worlds.
Instead, we have
if w [= and w w

, then w

[= , and
if w [= , then for every propositional variable p, w [= p (to make sure that A
is still valid).
As usual, a formula A is true in a model M = (W, , R, [=) if for every w W,
w [= A. We sometimes write M, w [= A when we want to make the model explicit. A
formula A is valid ([= A) if it is true in all models; a formula is satisable if there is a
model and a consistent world where it is satised. A formula Ais a logical consequence
of a set of formulae if for every M, w if M, w [= , then M, w [= A.
Observe that under the translation of intuitionistic logic into classical S4 which
introduces a modality 2
I
corresponding to the intuitionistic accessibility relation ,
our modalities 2 and 3 are translated as 2
I
2
M
and 2
I
3
M
, respectively (where 2
M
and 3
M
are modalities corresponding to R). This means that our variant of S4 does
not fall directly in the scope of Wolter and Zakharyaschevs analysis of intuitionistic
modal logics as classical bimodal logics in [WZ97] since they assume 3to be a normal
modality. However, analogous techniques could probably be used to give a new proof
of decidability and nite modal property of CS4 and PLL.
Theorem 1. CS4 is sound and strongly complete with respect to the class of models
dened above, that is, for every set of formulae and formula A, we have
CS4
A [= A.
We can use Theorem 1 to give a new soundness and completeness theoremfor PLL.
This is based on the observation that PLL models are a sub-class of CS4 models:
Denition 2. A Kripke model for PLL is a Kripke model for CS4 where R is heredi-
tary, that is, for every formula A, if w [= A and wRv, then v [= A.
The latter requirement corresponds to the strength axiom. It is in fact equivalent to
the axiomA 2A, so that 2 becomes redundant in Kripke models for PLL. An alter-
native (slightly stronger) denition to the same effect given by Fairtlough and Mendler
requires that R is a subset of .
Theorem 2. PLL is sound and strongly complete with respect to the class of models
dened above.
Proof. Soundness of PLL follows fromsoundness of CS4 and the fact that PLL-models
satisfy the axiom scheme A 2A, which renders the strength 3F axiom derivable
from3K of CS4.
For completeness consider an arbitrary set of PLL-formulas, and a PLL-formula
B such that ,
PLL
B. Then, it is not difcult to see that

,
CS4
B where

is the theory extended by all instances of the scheme A 2A. For otherwise, if

CS4
B, we could transform this derivation into a derivation
PLL
B simply by
dropping all occurrences of 2 in any formula, which means that every use of a CS4-
axiom becomes an application of a PLL-axiom, and any use of an axiom A 2A or
rule Nec becomes trivial. Note, this holds since if we drop all 2in a CS4 axiom, we get
a PLL-axiom. By strong completeness of CS4 we conclude there exists a CS4-model
M such that M [=

but M ,[= B. But then not only M [= but also M validates all
instances of A 2A, which means that M is a PLL-model.
4 Modal Algebras and Duality
There is no unique right Kripke semantics for a given system of modal logic. In gen-
eral, the t between modal (intuitionistic or classical) logics and Kripke structures is
not perfect: apart from several versions of Kripke semantics for the same logic, which
already seems suspect to category theorists, there are logics which are not complete for
any Kripke semantics ([Fin74,Tho74]). Modal algebras have the denite advantage of
tting the logics much better.
One can think of an algebra as a collection of syntactic objects, e.g. formulae of a
logic. Representation theorems for algebras show how given an algebra one can build
a representation for it - a structure which is a concrete set-theoretic object, e.g. a
Kripke model
2
.
We dene modal algebras corresponding to PLL and CS4 below and show how to
construct representations for them. Since the modal algebras can be directly obtained
from the respective categorical models, and modal algebras can be shown (see below)
to be Stone-dually related to our Kripke models, we obtain an algebraic link (albeit
a weak one) between Kripke models and categorical models for the two constructive
modal systems considered.
Recall that a Heyting algebra H is a structure of the formA, , , +, , 0) where
Ais a set of objects (one example would be formulae), is a partial order (for formulae,
a b means a implies b), is a product (which corresponds to in intuitionistic
logic), + a sum (corresponds to ), pseudocomplement (corresponds to ) and 0
the least element ().
We introduce two additional operators, corresponding to the modalities. Note that
2 distributes over , but 3 does not distribute over +.
Denition 3. A CS4-modal algebra / = A, , , +, , 0, 2, 3) consists of a Heyt-
ing algebra A, , , +, , 0) with two unary operators 2 and 3 on A, such that for
every a, b A,
2(a b) = 2a 2b 2a a a 3a
3a 3(a +b) 2a 22a 33a 3a
1 21 2a 3b 3(2a b).
Next, we identify the corresponding algebraic structure for PLL, which are also known,
in a somewhat different axiomatisation, as local algebras [Gol76]:
Denition 4. A PLL-modal algebra / = A, , , +, , 0, 3) consists of a Heyting
algebra A, , , +, , 0) with a unary operator 3on A, such that for every a, b A,
3a 3(a +b) a 3a 33a 3a a 3b 3(a b).
Obviously, every Kripke model M for CS4 or PLL gives rise to a corresponding
modal algebra M
+
(take the set of all denable sets of possible worlds).
Conversely, every modal algebra gives rise to a so-called general frame. A general
frame is a structure which consists of a set of possible worlds W, two accessibility re-
lations and a collection J of subsets of W which can serve as denotations of formulae.
Intuitively, J should contain w:w [= p for every propositional variable p and be
closed under intersection, union and operations which give the set of worlds satisfying
2 (3) from the set of worlds satisfying . (For more background, see for example
[Ben83].)
2
More precisely, a general frame; see the discussion below.
Here, we will be somewhat sloppy and identify elements of the algebra with logical
formulae straightaway. We assume that some subset P of A is arbitrarily designated as
a set of propositional variables; , +, and 0 are interpreted as , , and . Then
we can formulate the representation theorem for models instead of general frames:
Theorem 3 (Representation for CS4). Let / be a CS4-modal algebra. Then the
Stone representation of /, SR(/) = (W

, R

, [=

) is a Kripke model for CS4,

where
1. W

is the set of all pairs (, ) where / is a prime lter, and /

an arbitrary set of elements such that for all nite, nonempty, choices of elements
c
1
, . . . , c
n
, 3(c
1
+ +c
n
) , .
2. (, )

) iff

.
3. (, )R

) iff a. 2a a

and

.
4. For all a /, (, ) [=

a iff a .
Let us call pairs (, ) with , /consistent theories if for any, possibly empty,
choice of elements b
1
, . . . , b
m
in and any non-empty choice of elements c
1
, . . . , c
n

, b
1
. . . b
m
, 3(c
1
+ + c
n
). Then, the worlds of SR(/) are simply the
consistent theories (, ) where is a prime lter. In the completeness proof we also
need a slightly stronger notion of consistency as follows: For a /, a theory (, )
is a-consistent if for any choice of elements b
1
, . . . , b
m
in and c
1
, . . . , c
n
, b
1

. . . b
m
, (a +3(c
1
+ +c
n
)). This includes the degenerate case n = 0 where we
simply require b
1
. . . b
m
, a.
The proof of our Stone Representation Theorem 3 relies on the following lemma.
Lemma 1 (Saturation Lemma). Let a / and (, ) an a-consistent theory in the
CS4-algebra /. Then (, ) has a saturated a-consistent extension (

, ), such that

is a prime lter and

.
We can now extract without extra effort a Stone Representation for PLL algebras from
that for CS4 algebras, identical to the one implicit in the completeness proof given in
Fairtlough and Mendler [FM97].
Theorem 4 (Representationfor PLL). Let /be a PLL-modal algebra. Then the Stone
representation of /, SR(/) = (W

, R

, [=

) is a Kripke model for PLL, where

W

, [=

are as above and (, )R

) iff

and

.
Proof. Observe that every PLL algebra / is at the same time a CS4 algebra /

where
the operator 2 is taken to be the identity function. Hence, we can construct its CS4
Stone representation SR(/

) as in Theorem 3, which is a CS4 algebra. Now, what

properties does the relation R

have in SR(/

)? Well, (
1
,
1
) R

(
2
,
2
) iff
a. 2a
1
a
2
and
1

2
. But since 2 is the identity operator, this is the
same as
1

2
and
1

2
as dened in Theorem 4. Observe further that R

is a
subrelation of

, which means that R

is hereditary. Thus, SR(/

) is a PLL model.
Section 6 introduces categorical models for CS4 and PLL. Observe that one can
viewcategorical models as modal algebras where the partial order relation is replaced
by a collection of morphisms. Intuitively, (again thinking of objects as formulae) while
a b in an algebra means that b is implied by a, the category has possibly several
morphisms from a to b labelled by encodings of corresponding derivations of b froma.
5 Discussion on Kripke Semantics
Since our Kripke semantics for CS4 is new it deserves some further justication and
discussion, which we give in this section.
First, how do our models relate to Wijesekeras? Let us call the class of structures
M = (W, , R, [=) with reexive and transitive but arbitrary R CK-models (i.e.,
drop the requirement that R is reexive and transitive as well as the frame condition
R; ;R), and further those in which for all worlds w ,[= infallible CK models.
Then, Wijesekera [Wij90] showed
3
that the theory IPL +2K +3K +3 with the
rules of Modus Ponens and Nec is sound and complete for the class of infallible CK
models. The proof of Wijesekera can be modied to show that CK = IPL+2K+3K
is sound and complete for all CK models. Our CS4-models may then be seen as the
special class of CK models characterised by the additional axioms 3T, 2T, 34, 24.
Following [FM97] we permitted fallible worlds to render the formula 3invalid.
This makes CS4 different from traditional intuitionistic modal logics which invari-
ably accept this axiom. Fallible worlds were used originally to provide an intuitionis-
tic meta-theory for intuitionistic logic, e.g.,[TvD88,Dum77]. For intuitionistic proposi-
tional logics, with a classical meta-theory, fallible worlds are redundant. However, this
is no longer true for modal logics. There, the presence or absence of fallible worlds
is reected in the absence or presence of the theorem 3. In particular note that
in the standard classical setting, i.e., without fallible worlds and w [= 3A meaning
v. w R v & v [= A, the axiom 3 (as well as 3(A B) 3A 3B) is
automatically validated.
It is not only the fallible worlds but also the extension by sets , capturing heredi-
tary refutation information, that distinguishes the representation of constructive modal
logic, such as CS4, from that for standard intuitionistic modal logics, such as those
of [PS86,FS80,Ewa86]. Indeed, if the axioms 3 and 3( ) 3 3 are
adopted the sets and fallible worlds become redundant. Without these axioms, how-
ever, we also need the negative information in to characterise truth at a world fully.
It is also worthwhile to note that the model representation of Thm. 3 for CS4 is simpler
than the one given by Wijesekera [Wij90] in the completeness proof for CK + 3.
There, the are (essentially) sets of sets of propositions, in which every element in
is a set of all possible future worlds for (, ) that are accessible through R

. This too,
expresses negative information, though of a second-order nature. A quite different, but
still second-order representation of CK models has been proposed by Hilken [Hil96].
As we have shown, however, the representation for CS4 can be done in a rst-order
fashion.
Our constructive S4 models satisfy the inclusion R; ;R, a frame condition
that is typically assumed in standard intuitionistic modal logic already for system IK.
One may wonder about the converse ;R R;of this inclusion. One can showthat in
our models it generates the independent axiomscheme ((2A 3B)2(A3B))
3B, thus inducing a proper extension of CS4.
3
Actually, Wijesekera also lists the axiom 2A 3(A B) 3B, but this is derivable
already.
As pointed out before, traditional intuitionistic modal logics such as those consid-
ered by Fischer-Servi [FS80] or Plotkin and Stirling [PS86] adopt a fundamentally dif-
ferent interpretation of 3, dening w [= 3A iff v. w R v & v [= A. This enforces
validity of 3(AB) (3A3B) but requires a frame condition
1
;R R;
1
(conuence of and R) to make 3 hereditary along . It is not surprising, then, that
for our constructive modal models, where hereditariness is built in by the semantic in-
terpretation, this frame condition obtains the axiom scheme 3(AB) (3A3B),
again inducing a proper extension.
We leave it as an open question if the above-mentioned axioms ((2A 3B)
2(A3B)) 3B or 3(AB) (3A3B) are complete for the frame conditions
;R R; or
1
;R R;
1
, respectively. At least for PLL [FM97] it is known
that
1
;R R;
1
is completely captured by the axiom 3(AB) (3A3B),
and in [Wij90] this axiom is linked with sequentiality of R.
6 Categorical models
Categorical models distinguish between different proofs of the same formula. A cat-
egory consists of objects, which model the propositional variables, and for every two
objects Aand B each morphism in the category fromAto B, corresponds to a proof of
B using A as hypothesis.
Cartesian closed categories (with coproducts) are the categorical models for intu-
itionistic propositional logic. For a proper explanation the reader should consult Lam-
bek and Scott [LS85]; Here we just outline the intuitions. Conjunction is modelled by
cartesian products, a suitable generalisation of the products in Heyting algebras. The
usual logical relationship between conjunction and implication
A B C if and only if A (B C)
is modelled by an adjunction and this denes categorically the implication connective.
Thus we require that for any two objects B and C there is an object B C such that
there is a bijection between morphisms from A B to C and morphisms from A to
B C. Disjunctions are modelled by coproducts, again a suitable generalisation of
the sums of Heyting algebras. True and false are modelled by the empty product (called
a terminal object) and co-product (the initial object), respectively. Finally negation, as
traditional in constructive logic, is modelled as implication into falsum. A cartesian
closed category (with coproducts) is sometimes shortened to a ccc (respectively a bi-
ccc). Set, the category where the objects are sets and morphisms between sets are
functions, is the standard example of a bi-cartesian closed category.
To present a categorical model of constructive S4 we must add to a bi-ccc the struc-
ture needed to model the modalities. In previous work [BdP96] it was shown that to
model the S4 necessity 2 operator one needs a monoidal comonad. Such a monoidal
comonad consists of an endofunctor 2: ( ( together with natural transformations

A
: 2A 22Aand
A
: 2A Aand m
A,B
: 2A2B 2(AB) and a map
m
1
: 1 21, satisfying some commuting conditions. These natural transformations
model the axioms 4 and T together with the necessitation rule and the K axiom.
Here we assume that the modal operator 3 is dually modelled by a monad with
certain special characteristics: namely we want our monad to be strong with respect to
the 2 operator, i.e. we assume a natural transformation st
A,B
: 2A3B 3(2A
B) satisfying the conditions detailed in [Kob97]. The strength is needed to model the
explicit substitution in the 3
E
-rule.
Denition 5. A CS4-category consists of a cartesian closed category ( with coprod-
ucts, a monoidal comonad (2, , , m
,
, m
1
) where 2: ( ( and a 2-strong
monad (3, , ) where 3: ( (.
The soundness theorem shows in detail how the categorical semantics models the
modal logic.
Theorem 5 (Soundness). Let ( be any CS4-category. Then there is a canonical inter-
pretation [[ ]] of CS4 in ( such that
a formula A is mapped to an object [[A]] of (;
a natural deduction proof of B using formulae A
1
, . . . , A
n
as hypotheses is
mapped to a morphism [[]] from [[A
1
]] [[A
n
]] to [[B]];
each two natural deduction proofs and of B using formulae A
1
, . . . , A
n
as
hypotheses which are equal (modulo normalisation of proofs) are mapped to the
same morphism, in other words [[]] = [[]].
A trivial degenerate example of an CS4-category consists of taking any bi-ccc, say
Set for example and considering the identity functor (both as a monoidal comonad and
as monad) on it. Less trivial, but still degenerate models are Heyting algebras (the poset
version of a bi-ccc) together with a closure and a co-closure operator. Non-degenerate
models (but quite complicated ones) can be found in [GL96]. To prove categorical com-
pleteness we use a term model construction.
Theorem 6 (Completeness).
(i) There exists a CS4-category such that all morphisms are interpretations of natu-
ral deduction proofs.
(ii) If the interpretation of two natural deduction proofs is equal in all CS4-categories,
then the two proofs are equal modulo proof-normalisation in natural deduction.
A categorical model of PLL consists of a cartesian closed category with a strong
monad. These models were in fact the original semantics for Moggis computational
lambda-calculus and PLL can be seen as reverse engineering from that [BBdP98].
Hence we refrain from stating categorical soundness and completeness for this system,
but of course they hold as expected [Kob97].
In the logic, PLL arises as a special case of CS4 when we assume the derivability of
A 2A. A similar statement holds in category theory. We have an inclusion functor
from the category of PLL-categories into the category of CS4-categories: each PLL-
category is a CS4-category where the co-monad is the identity functor. Conversely,
each CS4-category such that 2A is isomorphic to A is a CS4-category.
7 Conclusions
This paper shows how traditional Kripke semantics for two systems of intuitionistic
modal logic, CS4 and PLL, can be related via duality theory to the categorical se-
mantics of (natural deduction) proofs for these logics. The associated notions of modal
algebras serve as an intermediate reference point. From this point of view the results
of this paper may be seen as presenting two kinds of representations for these modal
algebras.
The rst representation explains the semantics of an element in the algebra in terms
of sets of worlds and truth within Kripke models. To this end we have developed an
appropriate class of Kripke models for CS4 and proved a Stone representation theorem
for it. As far as we are aware the model representation for CS4 is new. Its essential rst-
order character contrasts with the second order representations for the weaker system
CK given by Wijesekera and Hilken. We have also shown how the canonical model
construction of [FM97] for PLL follows from that for CS4 as a special case. Goldblatt
[Gol76] proved a standard representation theorem for PLL algebras in terms of -
frames, that only requires prime lters rather than pairs (, ). However, Goldblatts
work explains

as a constructive modality of necessity, which is an altogether different

way to look at

.
The contribution of this paper regarding PLL lies in showing that the modality

of PLL is a constructive modality of possibility, in the sense that it can be obtained
by adding to CS4 the axiom A 2A. This is not the only way to derive PLL from
CS4, but probably the most simple one so far proposed. Pfenning and Davies [PD01]
give a full and faithful syntactic embedding PLL CS4 that reads

A as 32A and
A B as 2A B. Both possibilities can be used to generate different semantics for
PLL from that of CS4. The embedding discussed in this paper most closely reects the
notion of constraint models for PLL introduced in [FM97].
The second representation given in this paper explains the semantics of an element
in the algebra in terms of provability in a natural deduction calculus. The representation
theorem establishes a -calculus and Curry-Howard correspondence for CS4. In gen-
eral, modal algebras can be extended to categorical models by adding information about
proofs (replacing of the algebra by the collection of morphisms of the category), but
this process is not trivial.
This extra information about proofs is crucial in applications of logic to model com-
putational phenomena. While terms (encodings of proofs in intuitionistic proposi-
tional logic) can be seen as semantic counterparts of functional programs, addition of
modalities to intuitionistic propositional logic makes it possible to obtain more sophisti-
cated semantics of programs reecting such computational phenomena as, for example,
non-termination, non-determinism, side effects, etc. [Mog91]. Information about proofs
can also be necessary in other applications of logic to computer science, where not just
the truth (or falsity) of a formula is important, but also the justication (proof) of the
claimed truth (see e.g. [Men93,FMW97,Men00]). One example we are considering is
the verication of protocols.
The results in this paper partially depend on having a natural deduction presentation
of the logic following the standard Prawitz/Dummett pattern of logical connectives de-
scribed by introduction and elimination rules. This is true for CS4 and for PLL, but not
for weaker logics, for example for a modal logic where 2 satises only the K-axiom.
Thus, our main challenge is to extend this work on categorical semantics to other modal
logics.
Next we would like to apply our techniques to constructive temporal logics. Another
direction we would like to pursue is providing concrete mathematical models for CS4.
Some such applications might be generated as generalisation of our previous work on
constraint verication in PLL. Meanwhile we shall continue our work on applications
of constructive modal logics to programming.
Acknowledgements The second author is supported by EPSRC (grant GR/M99637).
We would like to thank Gavin Bierman, Richard Crouch and Matt Fairtlough for their
useful comments and suggestions.
References
[BBdP98] N. Benton, G. Bierman, and V. de Paiva. Computational types from a logical perspec-
tive. Journal of Functional Programming, 8(2), 1998.
[BdP96] G. M. Bierman and V. de Paiva. Intuitionistic necessity revisited. Technical Report
CSR-96-10, University of Birmingham, School of Computer Science, June 1996.
[Ben83] J. Benthem, van. Modal logic and classical logic. Bibliopolis, Naples, 1983.
[BMTS99] Z. Benaissa, E. Moggi, W. Taha, and T. Sheard. Logical modalities and multi-
stage programming. In Workshop on Intuitionistic Modal Logics and Application
(IMLA99), Satellite to FLoC99, Trento, Italy, 6th July 1999. Proceedings available
from http://www.dcs.shef.ac.uk/floc99im.
[Cur57] H. B. Curry. A Theory of Formal Deducibility, volume 6 of Notre Dame Mathematical
Lectures. Notre Dame, Indiana, second edition, 1957.
[DP96] R. Davies and F. Pfenning. A modal analysis of staged computation. In Guy Steele,
Jr., editor, Proc. of 23rd POPL, pages 258270. ACM Press, 1996.
[DPS97] J. Despeyroux, F. Pfenning, and C. Sch urmann. Primitive recursion for higher-order
abstract syntax. In P. de Groote and J. Roger Hindley, editors, Proc. of TLCA97,
pages 147163. LNCS 242, Springer Verlag, 1997.
[Dum77] M. Dummett. Elements of Intuitionism. Clarendon Press, Oxford, 1977.
[Ewa86] W. B. Ewald. Intuitionistic tense and modal logic. Journal of Symbolic Logic, 51,
1986.
[Fin74] K. Fine. An incomplete logic containing S4. Theoria, 39:31 42, 1974.
[FM97] M. Fairtlough and M. Mendler. Propositional lax logic. Information and Computation,
137, 1997.
[FMW97] M. Fairtlough, M. Mendler, and M. Walton. First-order lax logic as a
framework for constraint logic programming. Technical Report MIP-
9714, University of Passau, July 1997. Postscript available through
http://www.dcs.shef.ac.uk/michael.
[FS80] G. Fischer-Servi. Semantics for a class of intuitionistic modal calculi. In M. L. Dalla
Chiara, editor, Italian Studies in the Philosophy of Science, pages 5972. Reidel, 1980.
[GdPR98] Neil Ghani, Valeria de Paiva, and Eike Ritter. Explicit Substitutions for Constructive
Necessity. In Proceedings ICALP98, 1998.
[GL96] J. Goubault-Larrecq. Logical foundations of eval/quote mechanisms, and the modal
logic S4. Manuscript, 1996.
[Gol76] R. Goldblatt. Metamathematics of modal logic. Reports on Mathematical Logic,
6,7:31 42, 21 52, 1976.
[Gol81] R. Goldblatt. Grothendieck Topology as Geometric Modality. Zeitschrift f ur Mathe-
matische Logik und Grundlagen der Mathematik, 27:495529, 1981.
[Gol93] R. Goldblatt. Mathematics of Modality. CSLI Lecture Notes No. 43. Center for the
Study of Language and Information, Stanford University, 1993.
[Hil96] B. P. Hilken. Duality for intuitionistic modal algebras. Journal of Pure and Applied
Algebra, 148:171 189, 2000.
[Joh82] P. T. Johnstone. Stone Spaces. Cambridge University Press, 1982.
[Kob97] S. Kobayashi. Monad as modality. Theoretical Computer Science, 175:29 74, 1997.
[LS85] J. Lambek and Ph. J. Scott. Introduction to Higher-Order Categorical Logic. Cam-
bridge University Press, 1985.
[Mac81] D. S. Macnab. Modal operators on Heyting algebras. Algebra Universalis, 12:529,
1981.
[Men93] M. Mendler. A Modal Logic for Handling Behavioural Constraints in Formal Hard-
ware Verication. PhD thesis, Department of Computer Science, University of Edin-
burgh, ECS-LFCS-93-255, March 1993.
[Men00] M. Mendler. Characterising combinational timing analyses in intuitionistic modal
logic. The Logic Journal of the IGPL, 8(6):821852, November 2000.
[Mog91] E. Moggi. Notions of computation and monads. Information and Computation,
93(1):5592, July 1991.
[PD01] F. Pfenning and R. Davies. A judgemental reconstruction of modal logic. Mathemat-
ical Structures in Computer Science, 2001.
[Pra65] D. Prawitz. Natural Deduction: A Proof-Theoretic Study. Almqvist and Wiksell,
1965.
[PS86] G. Plotkin and C. Stirling. A framework for intuitionistic modal logics. In Theoretical
aspects of reasoning about knowledge, Monterey, 1986.
[Sim94] A.K. Simpson. The Proof Theory and Semantics of Intuitionistic Modal Logic. PhD
thesis, University of Edinburgh, 1994.
[Tho74] S.K. Thomason. An incompleteness theorem in modal logic. Theoria, 40:30 34,
1974.
[TvD88] A. S. Troelstra and D. van Dalen. Constructivism in Mathematics, volume II. North-
Holland, 1988.
[Wij90] D. Wijesekera. Constructive modal logic I. Annals of Pure and Applied Logic,
50:271301, 1990.
[WZ95] F. Wolter and M. Zakharyaschev. Intuitionistic Modal Logics. In Logic in Florence,
1995.
[WZ97] F. Wolter and M. Zakharyaschev. Intuitionistic modal logics as fragments of classical
bimodal logics. In E. Orlowska, editor, Logic at Work. Kluwer, 1997.
Appendix
The full proofs of the main theorems are collected in this appendix.
Theorem 1 CS4 is sound and complete with respect to the class of models dened
above, that is, for every set of formulae and formula A,
CS4
A [= A.
Proof. The soundness proof goes by induction on the length of a derivation of A from
. We showthat all axioms are valid and inference rules preserve validity. The intuition-
istic part is not problematic. As for the modal axioms, 2K and 3K are valid just due
to truth denitions and transitivity of . 3T and 2T are valid because R is reexive.
34 and 24 are valid because of transitivity of R. The latter also depends on transitivity
of ;R, which follows from the frame condition R; ;R and the fact that both
R and are transitive. In these proofs we also need that is hereditary, reexive and
transitive. The necessitation rule Nec follows from the fact that if a formula is true in
all models then it must be satised at all worlds in all models since every world induces
a model. Completeness follows from the Stone Representation Theorem 3.
Lemma 1 [Saturation Lemma] Let a be element of the algebra, and (, ) an a-
consistent theory. Then (, ) has a saturated a-consistent extension (

, ), such
that

is a prime lter and

.
In the proof of the Saturation Lemma and the following proof of the Stone Rep-
resentation Theorem we abbreviate consistency of a theory (, ) as , 3, and
a-consistency by , a + 3, remembering that only in the second case we permit
the choice from to be empty, in which case the disjunct 3 disappears rather than
being taken as 3.
Proof. We obtain (

, ) in the usual way by enumerating all elements of the algebra

(therefore, we assume that this is possible)
c
0
, c
1
, . . . , c
n
, c
n+1
, . . .
with innite repetition of every element, and by building up a hierarchy of a-consistent
theories
(
0
, ) (
1
, ) (
n
, ) (
n+1
, )
starting with
0
=
df
and such that
n+1
=
df
(
n
c
n
if the theory (
n
c
n
, )
is a-consistent, otherwise
n+1
=
df

n
. Then, put

=
df

n

n
.
First observe that a-consistency of (

, ) follows from a-consistency of each

pair (
n
, ).
We show that

is upward closed. To this end suppose b and b c. For

some n, b
n
. Since our enumeration is with innite repetition c = c
m
for some
m n. Then, we claim that c
m

m+1
. For otherwise, (
m
c
m
, ) would have
to be a-inconsistent, or (
m
c
m
) a + 3. But since
n

m
, we also have
b
m
and b c, which would imply
m
a +3, contradicting a-consistency of
(
m
, ). Hence, c = c
m

m+1

as desired.
It remains to be seen that

is prime, i.e. if c +c

then c

or c

.
Suppose c +c

, i.e. c +c

n
for some n. Again, we can nd indices m n
and m

n such that c = c
m
and c

= c

m
. Let k be the maximum of both. We
claim that c
m

k+1
or c
m

k+1
. Suppose otherwise, i.e. both (
k
c
m
, )
and (
k
c
m
, ) are a-inconsistent. Thus, (
1
k
c
m
) a + 3
1
and (
2
k

c
m
) a+3
2
, where
i
k
and
i
are some subsets of propositions from
k
and ,
respectively. Let
3
k
=
1
k

2
k
and
3
=
1

2
. Then, we can derive (
3
k
c
m
)
a+3
3
and (
3
k
c
m
a+3
3
Fromthis, we get (
3
k
c
m
+c
m
) a+3
3
But since c
m
+ c
m
= c + c

n

k
by assumption, nally
k
a + 3 in
contradiction to a-consistency of (
k
, ). This proves our claim that c
m

k+1
or
c
m

k+1
, hence c

or c

.
Theorem 3 [Representation for CS4] Let /be a CS4-modal algebra. Then the Stone
representation of /, SR(/) = (W

, R

, [=

) is a Kripke model for CS4, where

1. W

is the set of all pairs (, ) where / is a prime lter, and /

an arbitrary set of elements such that for all nite, nonempty, choices of elements
c
1
, . . . , c
n
, 3(c
1
+ +c
n
) , .
2. (, )

) iff

3. (, )R

) iff a. 2a a

and

.
4. For all a /, (, ) [=

a iff a .
Proof. Consider SR(/) as dened in the theorem. We must show that it satises the
denition of a Kripke model for constructive S4.
It is easy to see that R is reexive and transitive (inequalities corresponding to the
axioms T and 4 take care of that). Obviously, is reexive, transitive and hereditary.
Finally, to verify the inclusion of R

in

; R

let the accessibilities

(
1
,
1
)R

(
2
,
2
)

(
3
,
3
)
in W

be given. Consider the pair (

1
, ) W

. We are going to show that

(
1
,
1
)

(
1
, )R

(
3
,
3
).
Trivially, (
1
,
1
)

(
1
, ). Moreover, by denition of R

and

,
2
1

2

3
,
where
2
is a:2a . This proves (
1
, )R

(
3
,
3
), whence R

; R

overall.
Now we need to show that (, ) [=

a satises the properties of a constructive

modal validity relation.
If a is of the form b c or b +c, the proof is easy (for disjunction, we use the fact
that is a prime lter). If a is of the form b c, the proof uses the fact that SR(/)
contains pairs (, ) for all prime lters .
Suppose 2a , (, )

(
1
,
1
) and (
1
,
1
)R

(
2
,
2
). We want to show
that a
2
. Since (, )

(
1
,
1
), 2a
1
. Since (
1
,
1
)R

(
2
,
2
), a
2
as desired.
Suppose (
1
,
1
)((, )

(
1
,
1
) (
2
,
2
)((
1
,
1
)R

(
2
,
2
)
a
2
)). We want to show 2a . Consider the theory (
2
, ). If it is a-consistent,
then by the saturation lemma it has a saturated a-consistent extension (
2
, ) W

. It
is easy to check that (, )

(, )R

(
2
, ) and a ,
2
. This contradicts our as-
sumption, hence (
2
, ) is not a-consistent. For some b
1
, . . . , b
m

2
, b
1
. . .b
m

a; by monotonicity of 2 and the lter property, 2a .
Suppose 3a and (, )

(
1
,
1
), i.e.
1
. We want to show that there
exists (
2
,
2
) such that a
2
and (
1
,
1
)R

(
2
,
2
). Consider the pair (
2
1

a,
1
), which must be consistent. Otherwise we would have, for some 2b
1
, . . . , 2b
m

1
, b
1
. . . b
m
a 3
1
. Hence by monotonicity 3(b
1
. . . b
m
a)
33
1
and 3(b
1
. . . b
m
a) 3
1
(by 33a 3a). On the other hand,
2b
1
. . . 2b
m
3a 3(2b
1
. . . 2b
m
a) by 2c 3d 3(2c d) and
3(2b
1
. . . 2b
m
a) 3(b
1
. . . b
m
a) by monotonicity of 3, hence our
assumption implies that (
1
,
1
) is inconsistent: 2b
1
. . . 2b
m
3a 3
1
.
Since (
2
1
a,
1
) is consistent, it has a saturated consistent extension (
2
,
1
)
such that a
2
. It is easy to check that (
1
,
1
)R

(
2
,
1
).
Suppose 3a , . Consider the theory (, a) W

. It holds that (, )

(, a). Now let (

2
,
2
) W

be any theory such that (, a)R

(
2
,
2
). Then,
by denition of R

, a
2
. But this implies a ,
2
, for otherwise 3a
2
by the
lter property and a 3a, which would contradict consistency of theory (
2
,
2
).
This proves that for all (
2
,
2
) with (, a)R

(
2
,
2
), we have a ,
2
, as desired.
Theorem 5 Let ( be any CS4-category. Then there is a canonical interpretation [[ ]] of
CS4 in ( such that
a formula A is mapped to an object [[A]] of (;
a natural deduction proof of B using formulae A
1
, . . . , A
n
as hypotheses is
mapped to a morphism [[]] from [[A
1
]] [[A
n
]] to [[B]];
each two natural deduction proofs and of B using formulae A
1
, . . . , A
n
as
hypotheses which are equal (modulo normalisation of proofs) are mapped to the
same morphism, in other words [[]] = [[]].
Proof. We use an induction over the structure of natural deduction proofs.
We describe the modality rules, starting with the 2
I
-rule. Consider a proof

1
2A
1

n
2A
n
[2A
1
2A
n
]

B
2
I
2B
By induction hypothesis, let f
1
, . . . , f
n
, f be the interpretation of
1
, . . . ,
n
, respec-
tively. Then the interpretation of is
(2f) m
A1,...,An
(
A1

An
) (f
1
f
n
)
where m
A1,...,An
is inductively dened by
m
A1,...,Am1,Am
= m
A1Am1,Am
(m
A1,...,Am1
Id
Am
)
The 2
E
-rule is modelled by the morphism.
Dually, the 3
I
-rule is modelled by the morphism
A
. Last, we consider the 3
E
-rule.
Consider a proof

1
2A
1

n
2A
n

3B
[2A
1
2A
n
B]

3C
3
E
3C
By induction hypothesis, let f
1
, . . . , f
n
, f, g be the interpretation of
1
, . . . ,
n
, ,
respectively. Then the interpretation of is

C
3g st
A1,...,An,B
(f
1
f
n
f)
where the morphismst
A1,...,An,B
is inductively dened by
st
A1,A2,...,An+1,B
= Id
A1
st
A2,...,An+1,B
We omit the routine verication that the desired equalities hold.
Theorem 6
(i) There exists a CS4-category such that all morphisms are interpretations of natu-
ral deduction proofs.
(ii) If the interpretation of two natural deduction proofs is equal in all CS4-categories,
then the two proofs are equal modulo proof-normalisation in natural deduction.
Proof. We show both statements by constructing a CS4-category ( out of the natural
deduction proofs. We give here only the morphisms, and omit the verication that the
required equalities between proofs hold. We write a natural deduction proof
A
.
.
.
B
as A B. The objects of the category are formulae, and a morphism between A and B
is a proof of B using A as a hypothesis. The identity morphism is the basic axiom A
A, and composition is given by cut. The bi-cartesian closed structure of ( follows in the
usual way from the conjunction, disjunction and implication in intuitionistic logic.
The 2-modality gives rise to a monoidal comonad. The natural transformations

A
: 2A 22A and
A
: 2A A are given by the 21- and 2c-rules applied to
the identity axioms 2A 2A, respectively. The functor 2sends an object Ato 2Aand
a morphism f: A B to the morphism 2f: 2A 2B. This is obtained by applying
the 21-rule to the composition of f and 2A A. Dually, the 3-modality gives rise to
a monad on (. The strength is given by the proof obtained thus
[2A] [B]
[2A][B]
I
2A B
3I
3(2A B)
3E
3(2A B)
I
2A 3B 3(2A B)
This category ( shows now the claim: Assume an equation between proofs holds
in all CS4-categories. Because ( is a CS4-category, it holds in (. But equality in ( is
equality between natural deduction proofs, hence the two proofs are equal.