De re/de dicto distinction: a logicians’ perspective on data anonymity

A model is a tuple |$(W,\mathcal {A},\lbrace \sim _x\rbrace _{x\in V},\pi )$|⁠, where

1. W is a (possibly empty) set of worlds,

2. |$\mathcal {A}$| is a (possibly empty) set of agents,

3. |$\sim _x$| is an equivalence relation on |$W\times \mathcal {A}$| for each data variable |$x\in V$|⁠,

4. |$\pi (p)\subseteq W\times \mathcal {A}$| for each atomic proposition p.

For any model |$(W,\mathcal {A},\lbrace \sim _x\rbrace _{x\in V},\pi )$|⁠, world |${w\in W}$|⁠, agent |$a\in \mathcal {A}$|⁠, and formula |$\varphi \in \Phi$|⁠, the satisfaction relation |$w,a\Vdash \varphi$| is defined as follows:

1. |$w,a\Vdash p$|⁠, if |$(w,a)\in \pi (p)$|⁠,

2. |$w,a\Vdash \, !X$|⁠, if |$a=b$| for each world |$u\in W$| and each agent |$b\in \mathcal {A}$| such that |$(w,a)\sim _X (u,b)$|⁠,

3. |$w,a\Vdash \lnot \varphi$|⁠, if |$w,a\nVdash \varphi$|⁠,

4. |$w,a\Vdash \varphi \vee \psi$|⁠, if either |$w,a\Vdash \varphi$| or |$w,a\Vdash \psi$|⁠,

5. |$w,a\Vdash {\sf O}_X\varphi$|⁠, if |$u,a\Vdash \varphi$| for each world |$u\in W$| such that |$(w,a)\sim _X (u,a)$|⁠,

6. |$w,a\Vdash {\sf D}_X\varphi$|⁠, if |$u,b\Vdash \varphi$| for each world |$u\in W$| and each agent |$b\in \mathcal {A}$| such that |$(w,a)\sim _X (u,b)$|⁠,

7. |$w,a\Vdash {\sf R}_X\varphi$|⁠, if |$u,a\Vdash \varphi$| for each world |$u\in W$| and each agent |$b\in \mathcal {A}$| such that |$(w,a)\sim _X (u,b)$|⁠.

For any given model, the truth set |$[\![ \varphi ]\!]$| of a formula |$\varphi \in \Phi$| is the set |$\lbrace (w,a) \,\,| \,\,w,a\Vdash \varphi \rbrace$|⁠.

Formulae |$\varphi ,\psi \in \Phi$| are semantically equivalent if |$[\![ \varphi ]\!] =[\![ \psi ]\!]$| in each model.

|$[\![ {\sf O}_\varnothing \varphi ]\!] , [\![ {\sf D}_\varnothing \varphi ]\!] ,[\![ {\sf O}_x\varphi ]\!]$|⁠, |$[\![ {\sf D}_x\varphi ]\!] \!\in \!\lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$| for any formula |$\varphi \in \Phi$| such that |$[\![ \varphi ]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠.

Suppose that |$[\![ \varphi ]\!] =[\![ p]\!]$|⁠. First, we show that |$[\![ {\sf O}_\varnothing \varphi ]\!] =[\![ \bot ]\!] =\varnothing$|⁠. Indeed, assume the opposite. Thus, there is a world |$w^{\prime }\in \lbrace w,u,v\rbrace$| and an agent |$a^{\prime }\in \lbrace a,b\rbrace$| such that |$(w^{\prime },a^{\prime })\in [\![ {\sf O}_\varnothing \varphi ]\!]$|⁠. Hence, |$w^{\prime },a^{\prime }\Vdash {\sf O}_\varnothing \varphi$| by Definition 3. Then, |$v,a^{\prime }\Vdash \varphi$| by item 5 of Definition 2 because |$(w^{\prime },a^{\prime })\sim _\varnothing (v,a^{\prime })$|⁠. Thus, |$(v,a^{\prime })\in [\![ \varphi ]\!]$| by Definition 3. Hence, by the assumption |$[\![ \varphi ]\!] =[\![ p]\!]$|⁠, we have |$(v,a^{\prime })\in [\![ p]\!]$|⁠. Observe in Fig. 4 that the truth set |$[\![ p]\!]$| does not contain any single pair |$(x,y)$|⁠, where |$x=v$|⁠. This is a contradiction. Therefore, |$[\![ {\sf O}_\varnothing \varphi ]\!] =[\![ \bot ]\!]$|⁠.

The proof that |$[\![ {\sf D}_\varnothing \varphi ]\!] =[\![ \bot ]\!]$| is similar, but it uses item 6 of Definition 2 instead of item 5. In Fig. 4, we visualize both results by a directed edge from diagram |$[\![ p]\!]$| to diagram |$[\![ \bot ]\!]$| labeled with |${\sf O}_\varnothing ,{\sf D}_\varnothing$|⁠.

Next, we show that |$[\![ {\sf O}_x\varphi ]\!] =[\![ p]\!]$|⁠.

|$(\subseteq )$|⁠: Let us consider any world |$w^{\prime }\in \lbrace w,u,v\rbrace$| and any agent |$a^{\prime }\in \lbrace a,b\rbrace$| such that |$(w^{\prime },a^{\prime })\in [\![ {\sf O}_x\varphi ]\!]$|⁠. Thus, |$w^{\prime },a^{\prime }\Vdash {\sf O}_x\varphi$| by Definition 3. Note that |$(w^{\prime },a^{\prime })\sim _{x}(w^{\prime },a^{\prime })$|⁠. Hence, |$w^{\prime },a^{\prime }\Vdash \varphi$| by item 5 of Definition 2. Then, |$(w^{\prime },a^{\prime })\in [\![ \varphi ]\!]$| again by Definition 3. Therefore, |$(w^{\prime },a^{\prime })\in [\![ p]\!]$| by the assumption |$[\![ \varphi ]\!] =[\![ p]\!]$|⁠.

By Definition 3, it suffices to show that |$w^{\prime },a^{\prime }\Vdash {\sf O}_x\varphi$|⁠. Toward this proof, consider any |$w^{\prime \prime }\in \lbrace w,u,v\rbrace$| such that |$(w^{\prime },a^{\prime })\sim _x (w^{\prime \prime },a^{\prime })$|⁠. By item 5 of Definition 2, it suffices to establish that |$w^{\prime \prime },a^{\prime }\Vdash \varphi$|⁠.

Observe that the assumption |$(w^{\prime },a^{\prime })\sim _x (w^{\prime \prime },a^{\prime })$| implies that |$(w^{\prime },a^{\prime })\in [\![ p]\!]$| iff |$(w^{\prime \prime },a^{\prime })\in [\![ p]\!]$|⁠, see Fig. 4. Then, |$(w^{\prime \prime },a^{\prime })\in [\![ p]\!]$| by statement (8). Thus, by the assumption |$[\![ \varphi ]\!] =[\![ p]\!]$| it follows that |$(w^{\prime \prime },a^{\prime })\in [\![ \varphi ]\!]$|⁠. Therefore, |$w^{\prime \prime },a^{\prime }\Vdash \varphi$| by Definition 3.

The proof that |$[\![ {\sf D}_x\varphi ]\!] =[\![ p]\!]$| is similar, but it uses item 6 of Definition 2 instead of item 5. In Fig. 4, we visualize both results by a directed loop edge from diagram |$[\![ p]\!]$| back to the same diagram |$[\![ p]\!]$| labeled with |${\sf O}_x,{\sf D}_x$|⁠.

The proofs in the remaining three cases, |$[\![ \varphi ]\!] =[\![ \bot ]\!]$|⁠, |$[\![ \varphi ]\!] =[\![ \lnot p]\!]$|⁠, and |$[\![ \varphi ]\!] =[\![ \top ]\!]$|⁠, are similar. We show the corresponding directed edges in Fig. 4.

|$[\![ \varphi ]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$| for any formula |$\varphi \in \Phi$| that does not contain modality |${\sf R}$|⁠.

We prove the statement of the lemma by induction on the structural complexity of formula |$\varphi$|⁠.

If |$\varphi$| is an atomic proposition p, then |$[\![ \varphi ]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$| because truth set |$[\![ p]\!]$| is an element of the set |$\lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠.

Suppose that formula |$\varphi$| has the form |$!X$|⁠, where dataset X is either |$\varnothing$| or |$\lbrace x\rbrace$|⁠. Observe from the left-most diagram in Fig. 4 that for any |$w^{\prime }\in \lbrace w,u,v\rbrace$| and any |$a^{\prime }\in \lbrace a,b\rbrace$| there is |$w^{\prime \prime }\in \lbrace w,u,v\rbrace$| and an agent |$a^{\prime \prime }\in \lbrace a,b\rbrace$| such that |$(w^{\prime },a^{\prime })\sim _X (w^{\prime \prime },a^{\prime \prime })$| and |$a^{\prime }\ne a^{\prime \prime }$|⁠. Thus, by item 2 of Definition 2, it follows that |$w^{\prime },a^{\prime }\nVdash \, !X$| for each world |$w^{\prime }\in \lbrace w,u,v\rbrace$| and each agent |$a^{\prime }\in \lbrace a,b\rbrace$|⁠. Hence, truth set |$[\![ !X]\!]$| is empty by Definition 2. Then, |$[\![ !X]\!] =[\![ \bot ]\!]$|⁠, see Fig. 4. Therefore, |$[\![ !X]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠.

Suppose that formula |$\varphi$| has the form |$\lnot \psi$|⁠. Thus, the truth set |$[\![ \varphi ]\!]$| is the complement of the truth set |$[\![ \psi ]\!]$| by Definition 3 and item 3 of Definition 2. By the induction hypothesis, |$[\![ \psi ]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠. Observe in Fig. 4 that the complement of each truth sets in the family |$\lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$| belongs to the same family. Therefore, |$[\![ \varphi ]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠.

Suppose that formula |$\varphi$| has the form |$\psi _1\vee \psi _2$|⁠. Thus, the truth set |$[\![ \varphi ]\!]$| is the union of the truth sets |$[\![ \psi _1]\!]$| and |$[\![ \psi _2]\!]$| by Definition 3 and item 4 of Definition 2. Observe in Fig. 4 that the union of any two truth sets in the family |$\lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$| belongs to the same family. For example, |$[\![ p]\!] \cup [\![ \lnot p]\!] =[\![ \top ]\!]$|⁠. Note that, by the induction hypothesis, |$[\![ \psi _1]\!] ,[\![ \psi _2]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠. Therefore, |$[\![ \varphi ]\!] \in \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠.

If formula |$\varphi$| has either the form |${\sf O}_X\psi$| or the form |${\sf D}_X\psi$|⁠, then the statement of the lemma follows from the induction hypothesis and Lemma 1.

For any world |$w^{\prime }\in \lbrace w,u,v\rbrace$| and any agent |$a^{\prime }\in \lbrace a,b\rbrace$|⁠, if data variable x has value |$+$| at |$(w^{\prime },a^{\prime })$|⁠, then data variable x has value |$+$| at |$(w^{\prime },b)$|⁠.

|$[\![ {\sf R}_x p]\!] \notin \lbrace [\![ p]\!] ,[\![ \bot ]\!] ,[\![ \lnot p]\!] ,[\![ \top ]\!] \rbrace$|⁠.

It suffices to prove that the truth set |$[\![ {\sf R}_x p]\!]$| is the one depicted by the right-most diagram in Fig. 4. In other words it is enough to show that for any cell |$(w^{\prime },a^{\prime })$| of that diagram, |$w^{\prime },a^{\prime }\Vdash {\sf R}_x p$| iff cell |$(w^{\prime },a^{\prime })$| is gray.

|$(\Rightarrow ):$| Suppose that the cell |$(w^{\prime },a^{\prime })$| is white at the right-most diagram in Fig. 4. We consider the following two cases separately:

Case 1: |$(w^{\prime },a^{\prime })=(w,a)$|⁠. Note that |$(u,a)\notin \pi (p)$| by the choice of valuation function |$\pi$|⁠. Hence, |$(u,a)\nVdash p$| by item 1 of Definition 2. Additionally, |$(w,a)\sim _x (u,b)$|⁠, see the left-most diagram in Fig. 4. Thus, |$(w,a)\nVdash {\sf R}_x p$| by item 7 of Definition 2. Therefore, |$(w^{\prime },a^{\prime })\nVdash {\sf R}_x p$| by the assumption |$(w^{\prime },a^{\prime })=(w,a)$| of the case.

Case 2: |$(w^{\prime },a^{\prime })\ne (w,a)$|⁠. Thus, the assumption that the cell |$(w^{\prime },a^{\prime })$| is white at the right-most diagram in Fig. 4 implies that the same cell |$(w^{\prime },a^{\prime })$| is white at the second-from-left diagram in Fig. 4. Hence, |$(w^{\prime },a^{\prime })\notin [\![ p]\!]$|⁠. Then, |$(w^{\prime },a^{\prime })\nVdash p$| by Definition 3. Therefore, it follows that |$(w^{\prime },a^{\prime })\nVdash {\sf R}_x p$| by item 7 of Definition 2 and because |$(w^{\prime },a^{\prime })\sim _x (w^{\prime },a^{\prime })$|⁠.

|$(\Leftarrow ):$| Suppose that the cell |$(w^{\prime },a^{\prime })$| is gray at the right-most diagram in Fig. 4. Thus |$a^{\prime }=b$| and the value of data variable x is |$+$|⁠, see Fig. 4. Consider any world |$w^{\prime \prime }\in \lbrace w,u,v\rbrace$| and any agent |$a^{\prime \prime }\in \lbrace a,b\rbrace$| such that |$(w^{\prime },b)\sim _x (w^{\prime \prime },a^{\prime \prime })$|⁠. By item 7 of Definition 2, it suffices to show that |$(w^{\prime \prime },b)\Vdash p$|⁠.

Indeed, the assumption |$(w^{\prime },b)\sim _x (w^{\prime \prime },a^{\prime \prime })$| means that the value of data variable x at cell |$(w^{\prime \prime },a^{\prime \prime })$| is the same as its value at cell |$(w^{\prime },b)$|⁠, which is |$+$|⁠. Hence, the value of data variable x at cell |$(w^{\prime \prime },b)$| is also |$+$| by Lemma 3. Hence, |$(w^{\prime \prime },b)\in [\![ p]\!]$|⁠, see Fig. 4. Therefore, |$(w^{\prime \prime },b)\Vdash p$| by Definition 3.

Formula |${\sf R}_x p$| is not semantically equivalent to any formula in language |$\Phi$| that does not contain modality |${\sf R}$|⁠.

Formula |${\sf O}_x p$| is not semantically equivalent to any formula in language |$\Phi$| that does not contain modality |${\sf O}$|⁠.

Formula |${\sf D}_x p$| is not semantically equivalent to any formula in language |$\Phi$| that does not contain modality |${\sf D}$|⁠.

|$\vdash \Box _X\varphi \rightarrow \varphi$|⁠, where |$\Box \in \lbrace {\sf D},{\sf R}\rbrace$|⁠.

Note that |$\vdash \Box _X\varphi \rightarrow {\sf O}_X\varphi$| by the Overt Knowledge axiom. At the same time, |$\vdash {\sf O}_X\varphi \rightarrow \varphi$| by the Truth axiom. Therefore, |$\vdash \Box _X\varphi \rightarrow \varphi$| by propositional reasoning.

|$\vdash \Box _X\varphi \rightarrow \Box _X\Box _X\varphi$|⁠, where |$\Box \in \lbrace {\sf O},{\sf D}\rbrace$|⁠.

|$\vdash \Box _X\varphi \leftrightarrow {\sf O}_X\Box _X\varphi$|⁠, where |$\Box \in \lbrace {\sf D},{\sf R}\rbrace$|⁠.

Note that the formula |${\sf O}_X\Box _X\varphi \rightarrow \Box _X\varphi$| is an instance of the Truth axiom. Thus, it suffices to show that |$\vdash \Box _X\varphi \rightarrow {\sf O}_X\Box _X\varphi$|⁠. If |$\Box$| is modality |${\sf R}$|⁠, then the last formula is an instance of the Introspection of De Re Knowledge axiom.

Finally, let us prove |$\vdash {\sf D}_X\varphi \rightarrow {\sf O}_X{\sf D}_X\varphi$|⁠. It follows from Lemma 6 that |$\vdash {\sf D}_X\varphi \rightarrow {\sf D}_X{\sf D}_X\varphi$|⁠. At the same time, the following formula is an instance of the Overt Knowledge axiom:|${\sf D}_X{\sf D}_X\varphi \rightarrow {\sf O}_X{\sf D}_X\varphi$|⁠. Therefore, |$\vdash {\sf D}_X\varphi \rightarrow {\sf O}_X{\sf D}_X\varphi$| by propositional reasoning.

If |$\varphi _1,\dots ,\varphi _n\vdash \psi$|⁠, then |$\Box _X\varphi _1,\dots ,\Box _X\varphi _n\vdash \Box _X\psi$|⁠, for any modality |$\Box \in \lbrace {\sf O},{\sf D},{\sf R}\rbrace$|⁠.

Any consistent set of formulae can be extended to a maximal consistent set of formulae.

The standard proof of Lindenbaum’s lemma [30, Proposition 2.14] applies here.

If |$\vdash \varphi$|⁠, then |$w,a\Vdash \varphi$| for any world w and any agent a of any model |$(W,\mathcal {A},\lbrace \sim _x\rbrace _{x\in V},\pi )$|⁠.

The soundness of the Truth, the Negative Introspection, the Distributivity, the Monotonicity, and Overt Knowledge axioms as well as of the Necessitation and the Modus Ponens inference rules is straightforward. Below, we prove the soundness of each of the remaining axioms as a separate claim.

If |$w,a\Vdash {\sf R}_X\varphi$|⁠, then |$w,a\Vdash {\sf O}_X{\sf R}_X\varphi$|⁠.

Proof of Claim.

Note that |$(w,a)\sim _X (v,b)$| by the assumptions |$(w,a)\sim _X (u,a)$| and |$(u,a)\sim _X(v,b)$|⁠. Thus, |$v,a\Vdash \varphi$| by the assumption |$w,a\Vdash {\sf R}_X\varphi$| of the claim and item 7 of Definition 2.

If |$w,a\Vdash \, !X$|⁠, then |$w,a\Vdash {\sf D}_X!X$|⁠.

Proof of Claim.

By item 6 of Definition 2, it suffices to prove that |$u,b\Vdash \, !X$|⁠. Toward this proof, consider any world |$v\in W$| and any agent |$c\in \mathcal {A}$| such that |$(u,b)\sim _X(v,c)$|⁠. By item 2 of Definition 2, it suffices to show that |$b=c$|⁠.

Note that statement (9) and the assumption |$(u,b)\sim _X(v,c)$| imply that |$(w,a)\sim _X(v,c)$|⁠. Thus, |$a=c$| by the assumption |$w,a\Vdash \, !X$| of the claim and item 2 of Definition 2. Similarly, |$a=b$| by statement (9). Therefore, |$b=c$|⁠.

If |$w,a\Vdash \Box _\varnothing \varphi$|⁠, then |$w,a\Vdash {\sf R}_\varnothing \varphi$|⁠, where |$\Box \in \lbrace {\sf O},{\sf D}\rbrace$|⁠.

Proof of Claim.

Note that the statement |$(w,a)\sim _\varnothing (u,b)$| is true for any world |$u\in W$| and any agent |$b\in \mathcal {A}$|⁠. Thus, by item 5 (or item 6) of Definition 2 the assumption |$w,a\Vdash \Box _\varnothing \varphi$| implies that |$u,a\Vdash \varphi$| for any world |$u\in W$|⁠. Hence, |$w,a\Vdash {\sf R}_\varnothing \varphi$| by item 7 of Definition 2.

If |$w,a\Vdash \, !X$| and |$w,a\Vdash {\sf O}_X\varphi$|⁠, then |$w,a\Vdash \Box _X\varphi$|⁠, where |$\Box \in \lbrace {\sf D},{\sf R}\rbrace$|⁠.

Proof of Claim.

First, assume that |$\Box ={\sf D}$|⁠. Consider any world |$u\in W$| and any agent |$b\in \mathcal {A}$| such that |$(w,a)\sim _X(u,b)$|⁠. By item 6 of Definition 2, it suffices to show that |$u,b\Vdash \varphi$|⁠.

Note that the assumption |$w,a\Vdash \, !X$| of the claim implies that |$a=b$| by the assumption |$(w,a)\sim _X(u,b)$| and item 2 of Definition 2. Thus, |$(w,a)\sim _X(u,a)$| again by the assumption |$(w,a)\sim _X(u,b)$|⁠. Hence, |$u,a\Vdash \varphi$| by the assumption |$w,a\Vdash {\sf O}_X\varphi$| of the claim and item 5 of Definition 2. Therefore, |$u,b\Vdash \varphi$| because |$a=b$|⁠.

The proof in the case |$\Box ={\sf R}$| is similar.

A Cartesian tree is a tuple |$(\alpha,\beta,E,\ell )$|⁠, where

1. |$\alpha,\beta\le \omega$| are two ordinals,

2. |$E\subseteq (\alpha\times \beta)^2$| is an symmetric adjacency relation on |$\alpha\times \beta$| that forms an (undirected) tree structure,

3. |$\ell$| is a labeling function that to each edge |$e\in E$| assigns a dataset |$\ell (e)\subseteq V$|⁠.

For any nodes |$n_1,n_2\in \alpha\times \beta$| and any |$X\subseteq V$|⁠, let |$n_1\stackrel{X}{\rm o\!\!-\!\!o }n_2$| if all edges along the simple path connecting nodes |$n_1$| and |$n_2$| are labeled with each data variable in set X.

A loaded Cartesian tree is a tuple |$(\alpha,\beta,E,\ell , S)$| such that

1. |$(\alpha,\beta,E,\ell )$| is a Certesian tree,

2. S is a node labeling function that maps each node |$(w,a)$| in set |$\alpha\times \beta$| into a maximal consistent set of formulae |$S(w,a)$|⁠, which we denote by |$S_{wa}$|⁠, such that

   • if |$!X\in S_{wa}$| and |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(u,b)$|⁠, then |$a=b$|⁠,

   • if |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(u,a)$|⁠, then |${\sf O}_X\varphi \in S_{wa}$| iff |${\sf O}_X\varphi \in S_{ua}$|⁠,

   • if |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(u,b)$|⁠, then |${\sf D}_X\varphi \in S_{wa}$| iff |${\sf D}_X\varphi \in S_{ub}$|⁠,

   • if |${\sf R}_X\varphi \in S_{wa}$| and |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(u,b)$|⁠, then |$\varphi \in S_{ua}$|⁠.

A loaded Cartesian tree |$(\alpha^{\prime },\beta^{\prime },E^{\prime },\ell ^{\prime }, S^{\prime })$| is an extension of a loaded Cartesian tree |$(\alpha,\beta,E,\ell , S)$| if

1. |$\alpha\le \alpha^{\prime }$|⁠,

2. |$\beta\le \beta^{\prime }$|⁠,

3. |$E=E^{\prime }\cap (\alpha\times \beta)^2$|⁠,

4. |$\ell ^{\prime }(e)=\ell (e)$| for each edge |$e\in E$|⁠,

5. |$S^{\prime }_{wa}=S_{wa}$| for each node |$(w,a)\in \alpha\times \beta$|⁠.

A loaded Cartesian tree |$(\alpha,\beta,E,\ell , S)$| is complete when for each ordinal |$u\lt \alpha$|⁠, ordinal |$b\lt \beta$|⁠, formula |$\varphi \in \Phi$|⁠, and dataset |$X\subseteq V$|⁠,

1. if |$!X\notin S_{ub}$|⁠, then there is a node |$(w,a)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,a)$| and |$b\ne a$|⁠,

2. if |${\sf O}_X\varphi \notin S_{ub}$|⁠, then there is a node |$(w,b)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,b)$| and |$\varphi \notin S_{wb}$|⁠,

3. if |${\sf D}_X\varphi \notin S_{ub}$|⁠, then there is a node |$(w,a)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,a)$| and |$\varphi \notin S_{wa}$|⁠,

4. if |${\sf R}_X\varphi \notin S_{ub}$|⁠, then there is a node |$(w,a)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,a)$| and |$\varphi \notin S_{wb}$|⁠.

For any finite loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$|⁠, any node |$(u,b)\in \alpha\times \beta$|⁠, and any formula |${\sf O}_X\varphi \notin S_{ub}$|⁠, there is an extension |$T^{\prime }=(\alpha+1,\beta,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,b)$| in tree |$T^{\prime }$| and |$\varphi \notin S^{\prime }_{\alpha b}$|⁠.

Note that |$(\alpha+1,\beta,E^{\prime },\ell ^{\prime })$| is a Cartesian tree by Definition 5.

|$Q^-$| is a consistent set of formulae.

Proof of Claim.

such that |$\psi _1,\dots ,\psi _n\vdash \varphi$|⁠. Hence, |${\sf O}_X\psi _1,\dots ,{\sf O}_X\psi _n\vdash {\sf O}_X\varphi$|⁠, by Lemma 8. Thus, |$S_{ub}\vdash {\sf O}_X\varphi$| by assumption (13). Then, |${\sf O}_X\varphi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set, which contradicts the assumption |${\sf O}_X\varphi \notin S_{ub}$| of the lemma.

|$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in tree T iff |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in tree |$T^{\prime }$|⁠, for each dataset |$Y\subseteq V$|⁠, each |$w_1,w_2\lt \alpha$|⁠, and each |$a_1,a_2\lt \beta$|⁠.

|${\sf O}_Y\psi \in S_{ub}$| iff |${\sf O}_Y\psi \in Q$|⁠, for each dataset |$Y\subseteq X$| and each formula |$\psi \in \Phi$|⁠.

Proof of Claim.

|$(\Rightarrow ):$| By Lemma 6 and the Modus Ponens rule, the assumption |${\sf O}_Y\psi \in S_{ub}$| implies that |$S_{ub}\vdash {\sf O}_Y{\sf O}_Y\psi$|⁠. Hence, |$S_{ub}\vdash {\sf O}_X{\sf O}_Y\psi$| by the Monotonicity axiom, the Modus Ponens inference rule, and the assumption |$Y\subseteq X$|⁠. Thus, |${\sf O}_X{\sf O}_Y\psi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Then, |${\sf O}_Y\psi \in Q^-$| by equation (12). Therefore, |${\sf O}_Y\psi \in Q$| because |$Q^-\subseteq Q$|⁠.

|$(\Leftarrow ):$| Suppose that |${\sf O}_Y\psi \notin S_{ub}$|⁠. Thus, |$\lnot {\sf O}_Y\psi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Then, |$S_{ub}\vdash {\sf O}_Y\lnot {\sf O}_Y\psi$| by the Negative Introspection axiom and the Modus Ponens inference rule. Hence, |$S_{ub}\vdash {\sf O}_X\lnot {\sf O}_Y\psi$| by the Monotonicity axiom, the Modus Ponens inference rule, and the assumption |$Y\subseteq X$| of the claim. Thus, |${\sf O}_X\lnot {\sf O}_Y\psi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Then, |$\lnot {\sf O}_Y\psi \in Q^-$| by equation (12). Hence, |$\lnot {\sf O}_Y\psi \in Q$| because |$Q^-\subseteq Q$|⁠. Therefore, |${\sf O}_Y\psi \notin Q$| because set Q is consistent.

|${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{w_2a}$|⁠, for each |$w_1,w_2\lt \alpha+1$|⁠, each |$a\lt \beta$|⁠, and each |$Y\subseteq V$| such that |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in |$T^{\prime }$|⁠.

Proof of Claim.

We consider the following three cases separately.

Case 1: |$w_1=w_2$|⁠. Then, |${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{w_2a}$|⁠.

Case 2: |$w_1,w_2\lt \alpha$|⁠. Then, |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in T by Claim 6 and the assumption |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in |$T^{\prime }$| of the current claim. Hence, |${\sf O}_Y\psi \in S_{w_1a}$| iff |${\sf O}_Y\psi \in S_{w_2a}$| by condition 2(b) of Definition 7. Therefore, |${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{w_2a}$| by equation (14).

We further split this case into two subcases:

In addition, statement (17) and the assumption |$a=b$| of Case 3A imply that |${\sf O}_Y\psi \in S_{w_1a}$| iff |${\sf O}_Y\psi \in S_{ub}$| by item 2(b) of Definition 7. Hence, |${\sf O}_Y\psi \in S_{w_1a}$| iff |${\sf O}_Y\psi \in Q$| by Claim 7 and statement (18). Then, |${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{\alpha b}$| by equation (14). Therefore, |${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{w_2a}$| because of the part |$w_2=\alpha$| of statement (15) and the assumption |$a=b$| of Case 3A.

By the assumption of the lemma |$u\lt \alpha$|⁠. Thus, the node |$(u,a)$| also belongs to the tree T. Hence, vacuously, all edges along the unique simple path between the nodes |$(w_1,a)$| and |$(u,a)$| are labeled with each element of the empty set. In other words, |$(w_1,a)\stackrel{\varnothing }{\rm o\!\!-\!\!o }(u,a)$| in T. Thus, |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(u,a)$| in T by statement (19). Then, |${\sf O}_Y\psi \in S_{w_1a}$| iff |${\sf O}_Y\psi \in S_{ua}$| by item 2(b) of Definition 7. Hence, |${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{\alpha a}$| by equation (14), the part |$w_1\lt \alpha$| of statement (15), and the assumption |$a\ne b$| of Case 3B. Therefore, |${\sf O}_Y\psi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\psi \in S^{\prime }_{w_2 a}$| by the part |$w_2=\alpha$| of statement (15).

|${\sf D}_Y\psi \in S^{\prime }_{\alpha a}$| iff |${\sf D}_Y\psi \in S^{\prime }_{ub}$|⁠, for each formula |$\psi\in\Phi$|⁠, each ordinal |$a\lt \beta$|⁠, and each dataset |$Y\subseteq \ell ^{\prime }(\langle (\alpha,a),(u,b)\rangle )$|⁠.

Proof of Claim.

We consider the following two cases separately:

The assumption |$(u,b)\in \alpha\times \beta$| of the lemma implies that |$u\lt \alpha$|⁠. Thus, nodes |$(u,b)$| and |$(u,a)$| both belong to the tree T. Vacuously, all edges along the simple path connecting these nodes in tree T are labeled with each element of the empty set. Hence, |$(u,b)\stackrel{\varnothing }{\rm o\!\!-\!\!o }(u,a)$| in tree T. Then, |${\sf D}_\varnothing \psi \in S_{ub}$| iff |${\sf D}_\varnothing \psi \in S_{ua}$| by item 2(c) of Definition 7. Thus, |${\sf D}_\varnothing \psi \in S^{\prime }_{ub}$| iff |${\sf D}_\varnothing \psi \in S^{\prime }_{\alpha a}$| by equation (14) and the assumption |$a\ne b$| of the claim. Therefore, |${\sf D}_Y\psi \in S^{\prime }_{ub}$| iff |${\sf D}_Y\psi \in S^{\prime }_{\alpha a}$| by equation (20).

Case 2:  |$a= b$|⁠. Then, the assumption |$Y\subseteq \ell ^{\prime }(\langle (\alpha,a),(u,b)\rangle )$| of the claim imply that |$(\alpha,a)\stackrel{Y}{\rm o\!\!-\!\!o }(u,a)$| in |$T^{\prime }$|⁠. Thus, |${\sf O}_Y{\sf D}_Y\psi \in S^{\prime }_{\alpha a}$| iff |${\sf O}_Y{\sf D}_Y\psi \in S^{\prime }_{u a}$| by Claim 8. Hence, |${\sf D}_Y\psi \in S^{\prime }_{\alpha a}$| iff |${\sf D}_Y\psi \in S^{\prime }_{u a}$| by Lemma 7 because |$S^{\prime }_{\alpha a}$| and |$S^{\prime }_{u a}$| are maximal consistent sets. Therefore, |${\sf D}_Y\psi \in S^{\prime }_{\alpha a}$| iff |${\sf D}_Y\psi \in S^{\prime }_{u b}$| by the assumption |$a=b$| of the case.

|${\sf D}_Y\psi \in S^{\prime }_{w_1a_1}$| iff |${\sf D}_Y\psi \in S^{\prime }_{w_2a_2}$| for each formula |$\psi \in \Phi$|⁠, each |$w_1,w_2\lt \alpha+1$|⁠, each |$a_1,a_2\lt \beta$|⁠, and each |$Y\subseteq V$| such that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠.

Proof of Claim.

We prove the claim by induction on the length of the simple path between the nodes |$(w_1,a_1)$| and |$(w_2,a_2)$| in tree |$T^{\prime }$|⁠.

Base Case. |$(w_1,a_1)=(w_2,a_2)$|⁠. Then, |$w_1=w_2$| and |$a_1=a_2$|⁠. Therefore, |${\sf D}_Y\psi \in S^{\prime }_{w_1a_1}$| iff |${\sf D}_Y\psi \in S^{\prime }_{w_2a_2}$|⁠.

Induction Step. Consider the following two cases separately:

Case 1:  |$w_1,w_2\lt \alpha$|⁠. Then, |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in T by Claim 6 and the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| of the current claim. Thus, |${\sf D}_Y\psi \in S_{w_1a_1}$| iff |${\sf D}_Y\psi \in S_{w_2a_2}$| by item 2(c) of Definition 7. Therefore, |${\sf D}_Y\psi \in S^{\prime }_{w_1a_1}$| iff |${\sf D}_Y\psi \in S^{\prime }_{w_2a_2}$| by equation (14) and the assumption |$w_1,w_2\lt \alpha$| of the case.

Thus, |${\sf D}_Y\psi \in S^{\prime }_{\alpha a_1}$| iff |${\sf D}_Y\psi \in S^{\prime }_{ub}$| by Claim 9 and statement (21). Additionally, by the induction hypothesis, statement (22) implies that |${\sf D}_Y\psi \in S^{\prime }_{ub}$| iff |${\sf D}_Y\psi \in S^{\prime }_{w_2a_2}$|⁠. Hence, |${\sf D}_Y\psi \in S^{\prime }_{w_1 a_1}$| iff |${\sf D}_Y\psi \in S^{\prime }_{w_2a_2}$| because |$w_1=\alpha$|⁠.

If |${\sf R}_Y\psi \in S^{\prime }_{w_1a_1}$| and |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠, then |$\psi \in S^{\prime }_{w_2a_1}$|⁠, for each |$w_1,w_2\lt \alpha+1$|⁠, each |$a_1,a_2\lt \beta$|⁠, each dataset |$Y\subseteq V$|⁠, and each formula |$\psi \in \Phi$|⁠.

Proof of Claim.

One of the following four cases must take place, see Fig. 8:

Case 1: either |$Y=\varnothing$| or |$a_1=a_2$|⁠. In the former case, all edges along the simple path between nodes |$(w_1,a_1)$| and |$(w_2,a_1)$| are labeled with all data variables from set Y. Hence, |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_1)$| in |$T^{\prime }$|⁠. In the latter case, the same statement is true by the assumption of the claim that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠. Thus, |${\sf O}_Y\psi \in S^{\prime }_{w_1a_1}$| iff |${\sf O}_Y\psi \in S^{\prime }_{w_2a_1}$| by Claim 8. Note also that |${\sf O}_Y\psi \in S^{\prime }_{w_1a_1}$| by the assumption |${\sf R}_Y\psi \in S^{\prime }_{w_1a_1}$| of the claim, the Overt Knowledge axiom, the Modus Ponens inference rule, and the maximality of the set |$S^{\prime }_{w_1a_1}$|⁠. Hence, |${\sf O}_Y\psi \in S^{\prime }_{w_2a_1}$|⁠. Therefore, |$\psi \in S^{\prime }_{w_2a_1}$| by the Truth axiom, the Modus Ponens inference rule, and the maximality of the set |$S^{\prime }_{w_1a_1}$|⁠.

Case 2: |$w_1,w_2\lt \alpha$|⁠. Then, |${\sf R}_Y\psi \in S_{w_1a_1}$| by the assumption |${\sf R}_Y\psi \in S^{\prime }_{w_1a_1}$| of the claim and equation (14). Additionally, |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in T by the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| of the current claim and Claim 6. Hence, |$\psi \in S_{w_2a_1}$| by item 2(d) of Definition 7. Therefore, |$\psi \in S^{\prime }_{w_2a_1}$| by equation (14).

We further split this case into two subcases:

Case 3A: |$w_1\lt \alpha$| and |$(w_2,a_2)=(\alpha,b)$|⁠. Then, |${\sf R}_Y\psi \in S_{w_1a_1}$| by the assumption |${\sf R}_Y\psi \in S^{\prime }_{w_1a_1}$| of the claim and equation (14). Note also that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(u,b)$| in T by statement (23) and Claim 6. Thus, |$\psi \in S_{ua_1}$| by item 2(d) of Definition 7. Then, |$\psi \in S^{\prime }_{\alpha a_1}$| by equation (14) and the assumption |$a_1\ne a_2$| of Case 3. Therefore, |$\psi \in S^{\prime }_{w_2 a_1}$| by the assumption |$(w_2,a_2)=(\alpha,b)$| of Case 3A.

At the same time, statement (24), by Claim 6, the assumption |$(u,b)\in \alpha\times \beta$| of the lemma, and the assumption |$w_2\lt \alpha$| of Case 3B, implies that |$(u,b)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in T. Thus, |$\psi \in S_{w_2b}$| by item 2(d) of Definition 7 and statement (25). Hence, |$\psi \in S_{w_2a_1}$| because |$b=a_1$| by the assumption |$(w_1,a_1)=(\alpha,b)$| of Case 3B. Therefore, |$\psi \in S^{\prime }_{w_2a_1}$| by equation (14) and the assumption |$w_2\lt \alpha$| of Case 3B.

|$!Y\in S^{\prime }_{w_1a_1}$| iff |$!Y\in S^{\prime }_{w_2a_2}$|⁠, for each |$Y\subseteq V$|⁠, each |$w_1,w_2\lt \alpha+1$|⁠, and each |$a_1,a_2\lt \beta$| such that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠.

Proof of Claim.

It suffices to show that if |$!Y\in S^{\prime }_{w_1a_1}$|⁠, then |$!Y\in S^{\prime }_{w_2a_2}$|⁠. Indeed, by the Introspection of Traceability axiom and the Modus Ponens inference rule, the assumption |$!Y\in S^{\prime }_{w_1a_1}$| implies that |$S^{\prime }_{w_1a_1} \vdash {\sf D}_Y(!Y)$|⁠. Hence, |${\sf D}_Y(!Y)\in S^{\prime }_{w_1a_1}$| because |$S^{\prime }_{w_1a_1}$| is a maximal consistent set. Thus, |${\sf D}_Y(!Y)\in S^{\prime }_{w_2a_2}$| by Claim 10 and the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| of the current claim. Hence, |$S^{\prime }_{w_2a_2}\vdash \, !\, Y$| by Lemma 5. Therefore, |$!Y\in S^{\prime }_{w_2a_2}$| because |$S^{\prime }_{w_2a_2}$| is a maximal consistent set.

If |$!Y\in S^{\prime }_{w_1a_1}$| and |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠, then |$a_1=a_2$|⁠, for each dataset |$Y\subseteq V$|⁠, each |$w_1,w_2\lt \alpha+1$|⁠, and each |$a_1,a_2\lt \beta$|⁠.

Proof of Claim.

We prove the statement of the claim by induction on the length of the simple path between the nodes |$(w_1,a_1)$| and |$(w_2,a_2)$| in tree |$T^{\prime }$|⁠.

Base Case: if the length of the path is zero, then |$(w_1,a_1)=(w_2,a_2)$|⁠. Therefore, |$a_1=a_2$|⁠.

Induction Step: we further split the induction step into the following three cases:

Case 1:  |$w_1,w_2\lt \alpha$|⁠. Then, |$!Y\in S_{w_1a_1}$| by equation (14). Also, by Claim 6 and the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| of the current claim, |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in T. Therefore, |$a_1=a_2$| by item 2(a) of Definition 7.

by the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| of the claim. We further split the proof into the following two subcases:

Case 2A:  |$a_2=b$|⁠. Note that |$a_1=b$| by the induction hypothesis, the assumption |$!Y\in S^{\prime }_{w_1a_1}$| of the claim and statement (26). Therefore, |$a_1=a_2$| by the assumption |$a_2=b$| of Case 2A.

At the same time, the assumption |$!Y\in S^{\prime }_{w_1a_1}$| of the claim implies that |$!Y\in S^{\prime }_{ub}$| by Claim 12 and statement (26). Thus, |$!Y\in S_{ub}$| by equation (14) and because |$u\lt \alpha$| due to the assumption |$(u,b)\in (\alpha,\beta)$| of the lemma. Therefore, |$a_2=b$| by item 2(a) of Definition 7 and statement (28), which contradicts the assumption of Case 2B.

For any finite loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$|⁠, any node |$(u,b)\in \alpha\times \beta$|⁠, and any formulae |${\sf D}_X\varphi \notin S_{ub}$| and |${\sf R}_X\psi \notin S_{ub}$| such that |$!X\notin S_{ub}$| there is an extension |$T^{\prime }=(\alpha+1,\beta+1,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,\beta)$| in tree |$T^{\prime }$|⁠, |$\varphi \notin S^{\prime }_{\alpha\beta}$|⁠, and |$\psi \notin S^{\prime }_{\alpha b}$|⁠.

The proof of the next claim is the same as the proof of Claim 5 except that it uses modalities |${\sf D}$| and |${\sf R}$| instead of modality |${\sf O}$|⁠.

|$H^-$| and |$G^-$| are consistent sets of formulae.

|$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in tree T iff |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in tree |$T^{\prime }$|⁠, for each dataset |$Y\subseteq V$|⁠, each |$w_1,w_2\lt \alpha$|⁠, and each |$a_1,a_2\lt \beta$|⁠.

|${\sf O}_\varnothing \chi \in S_{ub}$| iff |${\sf O}_\varnothing \chi \in G$|⁠, for each formula |$\chi \in \Phi$|⁠.

Proof of Claim.

|$(\Rightarrow ):$| Suppose that |${\sf O}_\varnothing \chi \in S_{ub}$|⁠. Then, by Lemma 6 and the Modus Ponens inference rule, |$S_{ub}\vdash {\sf O}_\varnothing {\sf O}_\varnothing \chi$|⁠. Hence, |$S_{ub}\vdash {\sf R}_\varnothing {\sf O}_\varnothing \chi$| by the Data-Free Knowledge axiom and the Modus Ponens inference rule. Then, |$S_{ub}\vdash {\sf R}_X{\sf O}_\varnothing \chi$| by the Monotonicity axiom and the Modus Ponens inference rule. Thus, |${\sf R}_X{\sf O}_\varnothing \chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set of formulae. Therefore, |${\sf O}_\varnothing \chi \in G^-\subseteq G$| by equation (32).

|$(\Leftarrow ):$| Suppose that |${\sf O}_\varnothing \chi \notin S_{ub}$|⁠. Then, |$\lnot {\sf O}_\varnothing \chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set of formulae. Thus, |$S_{ub}\vdash {\sf O}_\varnothing \lnot {\sf O}_\varnothing \chi$| by the Negative Introspection axiom and the Modus Ponens inference rule. Hence, |$S_{ub}\vdash {\sf R}_\varnothing \lnot {\sf O}_\varnothing \chi$| by the Data-Free Knowledge axiom and the Modus Ponens inference rule. Thus, |$S_{ub}\vdash {\sf R}_X\lnot {\sf O}_\varnothing \chi$| by the Monotonicity axiom and the Modus Ponens inference rule. Then, |${\sf R}_X\lnot {\sf O}_\varnothing \chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set of formulae. Thus, |$\lnot {\sf O}_\varnothing \chi \in G^-\subseteq G$| by equation (32). Therefore, |${\sf O}_\varnothing \chi \notin G$| because set G is consistent.

|${\sf O}_Y\chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\chi \in S^{\prime }_{w_2a}$|⁠, for each formula |$\chi\in\Phi$|⁠, each |$w_1,w_2\lt \alpha+1$|⁠, each |$a\lt \beta+1$|⁠, and each dataset |$Y\subseteq V$| such that |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in |$T^{\prime }$|⁠.

Proof of Claim.

We consider the following four cases separately:

Case 1: |$w_1=w_2$|⁠. Then, |$S^{\prime }_{w_1a}=S^{\prime }_{w_2a}$|⁠. Therefore, |${\sf O}_Y\chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\chi \in S^{\prime }_{w_2a}$|⁠.

Case 2: |$a=\beta$|⁠. Then, |$S^{\prime }_{w_1a}=H=S^{\prime }_{w_2a}$| by equation (33). Therefore, |${\sf O}_Y\chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\chi \in S^{\prime }_{w_2a}$|⁠.

Case 3: |$a\lt \beta$| and |$w_1,w_2\lt \alpha$|⁠. Then, |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in T by Claim 15 and the assumption |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in |$T^{\prime }$| of the current claim. Hence, |${\sf O}_Y\chi \in S_{w_1a}$| iff |${\sf O}_Y\chi \in S_{w_2a}$| by item 2(b) of Definition 7. Therefore, |${\sf O}_Y\chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_Y\chi \in S^{\prime }_{w_2a}$| by equation (33) and the assumptions |$a\lt \beta$| and |$w_1,w_2\lt \alpha$| of the case.

Case 4: |$a\lt \beta$| and one of |$w_1,w_2$| is equal to |$\alpha$| while the other is less than |$\alpha$|⁠. Without loss of generality, let |$w_1\lt \alpha$| and |$w_2=\alpha$|⁠. Hence, the simple path between nodes |$(w_1,a)$| and |$(w_2,a)$| must contain the edge |$\langle (u,b),(w_2,a)\rangle$|⁠, see Fig. 9. In addition, |$Y\subseteq \ell ^{\prime }(\langle (u,b),(w_2,a)\rangle )$| by the assumption |$(w_1,a)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a)$| in |$T^{\prime }$| of the claim. Note that |$\ell ^{\prime }(\langle (u,b),(w_2,a)\rangle )=\varnothing$| by either equation (30) or Fig. 9 and the assumption of the case that |$a\lt \beta$|⁠. Thus, |$Y=\varnothing$|⁠. Hence, it suffices to show that |${\sf O}_\varnothing \chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_\varnothing \chi \in S^{\prime }_{w_2a}$|⁠.

We further split this case into two subcases:

Case 4A: |$a=b$|⁠. Hence, |${\sf O}_\varnothing \chi \in S_{ua}$| iff |${\sf O}_\varnothing \chi \in G$| by Claim 16. Then, |${\sf O}_\varnothing \chi \in S_{w_1a}$| iff |${\sf O}_\varnothing \chi \in G$| by statement (34). Thus, |${\sf O}_\varnothing \chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_\varnothing \chi \in S^{\prime }_{w_2a}$| by equation (33), the assumptions |$a\lt \beta$|⁠, |$w_1\lt \alpha$|⁠, and |$w_2=\alpha$| of Case 4 and the assumption |$a=b$| of Case 4A.

Case 4B: |$a\ne b$|⁠. Then, |${\sf O}_\varnothing \chi \in S_{ua}$| iff |${\sf O}_\varnothing \chi \in S^{\prime }_{\alpha a}$| by equation (33), the assumption |$a\lt \beta$| of Case 4 and the assumption |$u\lt \alpha$| of the lemma. Thus, |${\sf O}_\varnothing \chi \in S_{w_1a}$| iff |${\sf O}_\varnothing \chi \in S^{\prime }_{\alpha a}$| by statement (34). Therefore, |${\sf O}_\varnothing \chi \in S^{\prime }_{w_1a}$| iff |${\sf O}_\varnothing \chi \in S^{\prime }_{w_2a}$| by equation (33), the assumptions |$a\lt \beta$|⁠, |$w_1\lt \alpha$|⁠, and |$w_2=\alpha$| of Case 4.

|${\sf D}_Y\chi \in S^{\prime }_{w a}$| iff |${\sf D}_Y\chi \in S^{\prime }_{ub}$|⁠, for each |$\chi \in \Phi$|⁠, each |$(w,a)\in (\alpha+1)\times (\beta+1)$| such that |$(w,a)\notin \alpha\times \beta$|⁠, and each dataset |$Y\subseteq \ell ^{\prime }(\langle (w,a),(u,b)\rangle )$|⁠.

Proof of Claim.

We consider the following two cases separately:

Case 1:  |$w=\alpha$|⁠, |$a\lt \beta$|⁠. Then, |$\ell ^{\prime }(\langle (w,a),(u,b)\rangle )=\varnothing$| by equation (30); alternatively, see Fig. 9. Thus, |$Y=\varnothing$| by the assumption |$Y\subseteq \ell ^{\prime }(\langle (w,a),(u,b)\rangle )$| of the claim. Hence, it suffices to prove that |${\sf D}_\varnothing \chi \in S^{\prime }_{w a}$| iff |${\sf D}_\varnothing \chi \in S^{\prime }_{ub}$| We further split this case into two subcases.

Case 1A:  |$a\ne b$|⁠. The assumption |$(u,b)\in \alpha\times \beta$| of the lemma implies that |$u\lt \alpha$| and |$b\lt \beta$|⁠. Hence, |$(u,a),(u,b)\in \alpha\times \beta$| by the assumption |$a\lt \beta$| of Case 1. Thus, nodes |$(u,a)$| and |$(u,b)$| belong to tree T. Note that all edges along the simple path between these two nodes are vacuously labeled with all elements of the empty set. Hence, |$(u,a)\stackrel{\varnothing }{\rm o\!\!-\!\!o }(u,b)$| in tree T. Thus, |${\sf D}_\varnothing \chi \in S_{ua}$| iff |${\sf D}_\varnothing \chi \in S_{ub}$| by item 2(c) of Definition 7. Then, |${\sf D}_\varnothing \chi \in S^{\prime }_{w a}$| iff |${\sf D}_\varnothing \chi \in S_{ub}$| by equation (33) and the assumption |$w=\alpha$| of Case 1 and the assumption |$a\ne b$| of Case 1A. Hence, |${\sf D}_\varnothing \chi \in S^{\prime }_{w a}$| iff |${\sf D}_\varnothing \chi \in S^{\prime }_{ub}$| by equation (33) and the assumption |$(u,b)\in \alpha\times \beta$| of the lemma.

Case 1B:  |$a=b$|⁠. Note that, vacuously, all edges along the path between the nodes |$(w,a)$| and |$(u,b)$| in tree |$T^{\prime }$| are labeled with all elements of the empty set. In other words, |$(w,a)\stackrel{\varnothing }{\rm o\!\!-\!\!o }(u,b)$| in tree |$T^{\prime }$|⁠. Hence, |${\sf O}_\varnothing {\sf D}_\varnothing \chi \in S^{\prime }_{w a}$| iff |${\sf O}_\varnothing {\sf D}_\varnothing \chi \in S^{\prime }_{u b}$| by Claim 17 and the assumption |$a=b$| of Case 1B. Therefore, |${\sf D}_\varnothing \chi \in S^{\prime }_{w a}$| iff |${\sf D}_\varnothing \chi \in S^{\prime }_{u b}$| by Lemma 7 because |$S^{\prime }_{w a}$| and |$S^{\prime }_{u b}$| are maximal consistent sets of formulae.

In addition, by equation (33) and the assumption |$(u,b)\in \alpha\times \beta$|⁠, it suffices to prove that |${\sf D}_Y\chi \in H$| iff |${\sf D}_Y\chi \in S_{ub}$|⁠.

|$(\Rightarrow ):$| Suppose that |${\sf D}_Y\chi \notin S_{ub}$|⁠. Then, |$\lnot {\sf D}_Y\chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Hence, |$S_{ub}\vdash {\sf D}_Y\lnot {\sf D}_Y\chi$| by the Negative Introspection axiom and the Modus Ponens inference rule. Thus, |$S_{ub}\vdash {\sf D}_X\lnot {\sf D}_Y\chi$| by the Monotonicity axiom and statement (35). Hence, |${\sf D}_X\lnot {\sf D}_Y\chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Then, |$\lnot {\sf D}_Y\chi \in H^-\subseteq H$| by equation (31). Therefore, |${\sf D}_Y\chi \notin H$| because set H is consistent.

|$(\Leftarrow ):$| Let |${\sf D}_Y\chi \in S_{ub}$|⁠. Then, |$S_{ub}\vdash {\sf D}_Y{\sf D}_Y\chi$| by Lemma 6 and the Modus Ponens inference rule. Thus, |$S_{ub}\vdash {\sf D}_X{\sf D}_Y\chi$| by the Monotonicity axiom and statement (35). Hence, |${\sf D}_X{\sf D}_Y\chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set of formulae. Then, |${\sf D}_Y\chi \in H^-\subseteq H$| by equation (31).

|${\sf D}_Y\chi \in S^{\prime }_{w_1a_1}$| iff |${\sf D}_Y\chi \in S^{\prime }_{w_2a_2}$|⁠, for each dataset |$Y\subseteq V$|⁠, each formula |$\chi \in \Phi$|⁠, each |$w_1,w_2\le \alpha+1$| and each |$a_1,a_2\le \beta+1$| such that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠.

If |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| and |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠, then |$\chi \in S^{\prime }_{w_2a_1}$| for each dataset |$Y\subseteq V$|⁠, each formula |$\chi \in \Phi$|⁠, each |$w_1,w_2\le \alpha+1$| and each |$a_1,a_2\le \beta+1$|⁠.

Proof of Claim.

Case 1: |$(w_1,a_1)=(w_2,a_2)$|⁠. The assumption |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| implies that |$S^{\prime }_{w_1a_1}\vdash \chi$| by Lemma 5. Hence, |$\chi \in S^{\prime }_{w_1a_1}$| because |$S^{\prime }_{w_1a_1}$| is a maximal consistent set. Therefore, |$\chi \in S^{\prime }_{w_2a_1}$| by the assumption of the case.

Case 2: |$w_1,w_2\lt \alpha$| and |$a_1,a_2\lt \beta$|⁠. Thus, the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| implies that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in T by Claim 15. In addition, the assumption |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| implies that |${\sf R}_Y\chi \in S_{w_1a_1}$| by equation (33). Then, |$\chi \in S_{w_2a_1}$| by item 2(d) of Definition 7. Therefore, |$\chi \in S^{\prime }_{w_2a_1}$| by equation (33) and the assumptions |$w_2\lt \alpha$| and |$a_1\lt \beta$| of the case.

Case 3: |$Y=\varnothing$|⁠. Thus, by the assumption |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| of the claim, |${\sf R}_\varnothing \chi \in S^{\prime }_{w_1a_1}$|⁠. Then, |$S^{\prime }_{w_1a_1}\vdash {\sf O}_\varnothing \chi$| by the Overt Knowledge axiom and the Modus Ponens inference rule. Hence, |${\sf O}_\varnothing \chi \in S^{\prime }_{w_1a_1}$| because |$S^{\prime }_{w_1a_1}$| is a maximal consistent set of formulae. Observe that, vacuously, all edges along the simple path between the nodes |$(w_1,a_1)$| and |$(w_2,a_1)$| in tree |$T^{\prime }$| are labeled with each data variable from the empty set. In other words, |$(w_1,a_1)\stackrel{\varnothing }{\rm o\!\!-\!\!o }(w_2,a_1)$| in |$T^{\prime }$|⁠. Thus, |${\sf O}_\varnothing \chi \in S^{\prime }_{w_2a_1}$| by Claim 17. Hence, |$S^{\prime }_{w_2a_1}\vdash \chi$| by the Truth axiom and the Modus Ponens inference rule. Therefore, |$\chi \in S^{\prime }_{w_2a_1}$| because |$S^{\prime }_{w_2a_1}$| is a maximal consistent set.

Case 4: |$a_1=\beta$|⁠. The assumption |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| of the claim implies that |$S^{\prime }_{w_1a_1} \vdash \chi$| by Lemma 5. Thus, |$\chi \in S^{\prime }_{w_1a_1}$| because |$S^{\prime }_{w_1a_1}$| is a maximal consistent set. Then, |$\chi \in H$| by equation (33) and the assumption |$a_1=\beta$| of the case. Therefore, |$\chi \in S^{\prime }_{w_2a_1}$| again by equation (33) and the assumption |$a_1=\beta$| of the case.

We further split this case into two subcases:

Case 5A: |$a_1= b$|⁠. The assumption |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| of the claim implies |$S^{\prime }_{w_1a_1}\vdash {\sf O}_Y{\sf R}_Y\chi$| by the Introspection of De Re Knowledge axiom and the Modus Ponens rule. Hence, |${\sf O}_Y{\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| because |$S^{\prime }_{w_1a_1}$| is a maximal consistent set. Thus, |${\sf O}_Y{\sf R}_Y\chi \in S^{\prime }_{ub}$| by Claim 17, statement (36) and the assumption |$a_1= b$| of Case 5A. Then, |${\sf O}_Y{\sf R}_Y\chi \in S_{ub}$| by equation (33) and the assumption |$(u,b)\in \alpha\times \beta$| of the lemma. Hence, |$S_{ub}\vdash {\sf R}_Y\chi$| by the Truth axiom and the Modus Ponens inference rule. Thus, |$S_{ub}\vdash {\sf R}_X\chi$| by the Monotonicity axiom, the Modus Ponens inference rule, and the assumption |$X\subseteq Y$| of Case 5. Then, |${\sf R}_X\chi \in S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Hence, |$\chi \in G^-\subseteq G$| by equation (32). Thus, |$\chi \in S^{\prime }_{w_2a_1}$| by equation (33), the assumption |$w_2=\alpha$| of Case 5 and the assumption |$a_1=b$| of Case 5A.

Case 5B: |$a_1\ne b$|⁠. The assumption |${\sf R}_Y\chi \in S^{\prime }_{w_1a_1}$| of the claim implies |${\sf R}_Y\chi \in S_{w_1a_1}$| by equation (33) and the assumptions |$w_1\lt \alpha$| and |$a_1\lt \beta$| of Case 5. Hence, |$\chi \in S_{u,a_1}$| by item 2(d) of Definition 7 and statement (37). Therefore, |$\chi \in S_{w_2,a_1}$| by equation (33), the assumptions |$w_2=\alpha$| and |$a_1\lt \beta$| of Case 5 and the assumption |$a_1\ne b$| of Case 5B.

If |$!Y\in S^{\prime }_{w_1a_1}$| and |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$|⁠, then |$a_1=a_2$| for each dataset |$Y\subseteq V$|⁠, each |$w_1,w_2\le \alpha+1$| and each |$a_1,a_2\le \beta+1$|⁠.

Proof of Claim.

At least one of the following three cases must take place, see Fig. 9:

Case 1: |$(w_1,a_1)=(w_2,a_2)$|⁠. Then, |$a_1=a_2$|⁠.

Case 2: |$w_1,w_2\lt \alpha$| and |$a_1,a_2\lt \beta$|⁠. Then, the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| implies that |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in T by Claim 15. Also, the assumption |$!Y\in S^{\prime }_{w_1a_1}$| implies |$!Y\in S_{w_1a_1}$| by equation (33). Therefore, |$a_1=a_2$| by item 2(a) of Definition 7.

by the assumption |$(w_1,a_1)\stackrel{Y}{\rm o\!\!-\!\!o }(w_2,a_2)$| in |$T^{\prime }$| of the claim. At the same time, the assumption |$!Y\in S^{\prime }_{w_1a_1}$| of the claim implies that |$S^{\prime }_{w_1a_1}\vdash {\sf D}_Y!Y$| by the Introspection of the Traceability axiom and the Modus Ponens inference rule. Hence, |${\sf D}_Y!Y\in S^{\prime }_{w_1a_1}$| because |$S^{\prime }_{w_1a_1}$| is a maximal consistent set. Thus, |${\sf D}_Y!Y\in S^{\prime }_{ub}$| by statement (38) and Claim 19. Then, |$S^{\prime }_{ub}\vdash !Y$| by Lemma 5. Thus, |$S^{\prime }_{ub}\vdash !X$| by the Monotonicity axiom, statement (39) and the Modus Ponens inference rule. Then, |$!X\in S^{\prime }_{ub}$| because |$S^{\prime }_{ub}$| is a maximal consistent set. Therefore, |$!X\in S_{ub}$| by equation (33) and the assumption |$(u,b)\in \alpha\times \beta$| of the lemma, which contradicts the assumption |$!X\notin S_{ub}$| of the lemma.

For any infinite chain of loaded trees |$T_1\sqsubseteq T_2\sqsubseteq T_3\sqsubseteq \dots$|⁠, if loaded tree |$T_{i+1}$| is an extension of the loaded tree |$T_i$| for each |$i\ge 1$|⁠, then |$\bigcup _i T_i$| is a loaded tree that extends each of the loaded trees |$T_1,T_2,\dots$|⁠.

For any loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$|⁠, any integers |$u\lt \alpha$| and |$b\lt \beta$|⁠, and any formula |$\psi \in \Phi$|⁠, tree T is |$(u,b,\psi )$|-complete if the following conditions are satisfied:

1. if formula |$\psi$| has the form |$!X$| and |$!X\notin S_{ub}$|⁠, then is there is |$(w,a)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,a)$| and |$b\ne a$|⁠,

2. if formula |$\psi$| has the form |${\sf O}_X\varphi$| and |${\sf O}_X\varphi \notin S_{ub}$|⁠, then there is |$(w,b)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,b)$| and |$\varphi \notin S_{wb}$|⁠,

3. if formula |$\psi$| has the form |${\sf D}_X\varphi$| and |${\sf D}_X\varphi \notin S_{ub}$|⁠, then there is |$(w,a)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,a)$| and |$\varphi \notin S_{wa}$|⁠,

4. if formula |$\psi$| has the form |${\sf R}_X\varphi$| and |${\sf R}_X\varphi \notin S_{ub}$|⁠, then there is |$(w,a)\in \alpha\times \beta$| such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(w,a)$| and |$\varphi \notin S_{wb}$|⁠.

If a loaded Cartesian tree T is |$(u,b,\psi )$|-complete, then any extension of tree T is also |$(u,b,\psi )$|-complete.

If a loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$| is |$(u,b,\psi )$|-complete for all integers |$u\lt \alpha$| and |$b\lt \beta$| and each formula |$\psi \in \Phi$|⁠, then tree T is complete.

For any finite loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$|⁠, any integers |$u\lt \alpha$| and |$b\lt \beta$|⁠, and any formula |$\psi \in \Phi$|⁠, if tree T is not |$(u,b,\psi )$|-complete, then there is a finite |$(u,b,\psi )$|-complete extension of tree T.

To finish the proof of the lemma, we consider the cases corresponding to conditions 1-4 of Definition 10 separately.

Case 1: suppose that formula |$\psi$| has the form |$!X$| and |$!X\notin S_{ub}$|⁠. Hence, by Lemma 11 and statement (40), there is an extension |$T^{\prime }=(\alpha+1,\beta+1,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,\beta)$| in tree |$T^{\prime }$|⁠. Thus, |$T^{\prime }$| is a |$(u,b,\psi )$|-complete extension of tree T by Definition 10.

Case 2: suppose formula |$\psi$| has the form |${\sf O}_X\varphi$| and |${\sf O}_X\varphi \notin S_{ub}$|⁠. Then, by Lemma 10 there is an extension |$T^{\prime }=(\alpha+1,\beta,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,b)$| in tree |$T^{\prime }$| and |$\varphi \notin S^{\prime }_{\alpha b}$|⁠. Thus, |$T^{\prime }$| is a |$(u,b,\psi )$|-complete extension of tree T by Definition 10.

Case 3: suppose formula |$\psi$| has the form |${\sf D}_X\varphi$| and |${\sf D}_X\varphi \notin S_{ub}$|⁠. We further slit this case into two subcases.

Case 3A:  |$!X\in S_{ub}$|⁠. The assumption |${\sf D}_X\varphi \notin S_{ub}$| of Case 3 implies |$S_{ub}\nvdash {\sf D}_X\varphi$| because |$S_{ub}$| is a maximal consistent set. Thus, it follows that |$S_{ub}\nvdash {\sf O}_X\varphi$| by the Traceable Data axiom applied contrapositively and the assumption |$!X\in S_{ub}$| of Case 3A. Hence, |${\sf O}_X\varphi \notin S_{ub}$| because |$S_{ub}$| is a maximal consistent set. Then, by Lemma 10 there is an extension |$T^{\prime }=(\alpha+1,\beta,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,b)$| in tree |$T^{\prime }$| and |$\varphi \notin S^{\prime }_{\alpha b}$|⁠. Thus, |$T^{\prime }$| is a |$(u,b,\psi )$|-complete extension of tree T by Definition 10.

Case 3B:  |$!X\notin S_{ub}$|⁠. Hence, by the assumption |${\sf D}_X\varphi \notin S_{ub}$| of Case 3, the part |${\sf R}_X\bot \notin S_{ub}$| of statement (40), and Lemma 11, there is an extension |$T^{\prime }=(\alpha+1,\beta+1,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,\beta)$| in tree |$T^{\prime }$| and |$\varphi \notin S^{\prime }_{\alpha\beta}$|⁠. Thus, |$T^{\prime }$| is a |$(u,b,\psi )$|-complete extension of tree T by Definition 10.

Case 4: suppose formula |$\psi$| has the form |${\sf R}_X\varphi$| and |${\sf R}_X\varphi \notin S_{ub}$|⁠. Similar to the previous case, we further slit this case into two subcases.

Case 4A:  |$!X\in S_{ub}$|⁠. By applying the argument similar to the one in Case 3A, but using the form |$!X\rightarrow ({\sf O}_X\rightarrow {\sf R}_X)$| of the Traceability axiom instead of the form |$!X\rightarrow ({\sf O}_X\rightarrow {\sf D}_X)$|⁠, one can conclude that there is an extension |$T^{\prime }=(\alpha+1,\beta,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,b)$| in tree |$T^{\prime }$| and |$\varphi \notin S^{\prime }_{\alpha b}$|⁠. Thus, |$T^{\prime }$| is a |$(u,b,\psi )$|-complete extension of tree T by Definition 10.

Case 4B:  |$!X\notin S_{ub}$|⁠. Thus, by the assumption |${\sf R}_X\varphi \notin S_{ub}$| of Case 4, the part |${\sf D}_X\bot \notin S_{ub}$| of statement (40), and Lemma 11, there is an extension |$T^{\prime }=(\alpha+1,\beta+1,E^{\prime },\ell ^{\prime }, S^{\prime })$| of tree T such that |$(u,b)\stackrel{X}{\rm o\!\!-\!\!o }(\alpha,\beta)$| in tree |$T^{\prime }$| and |$\varphi \notin S^{\prime }_{\alpha b}$|⁠. Therefore, |$T^{\prime }$| is a |$(u,b,\psi )$|-complete extension of tree T by Definition 10.

Any finite loaded Cartesian tree can be extended to a complete loaded Cartesian tree.

Let T be a finite loaded Cartesian tree. To prove the theorem, we will construct an infinite chain of finite loaded Cartesian trees |$T=T_1\sqsubseteq T_2\sqsubseteq T_3\sqsubseteq \dots$| such that |$T_{i+1}$| is an extension of tree |$T_i$| for each integer |$i\ge 1$|⁠. Toward the construction of this chain, consider an enumeration |$(u_1,b_1,\psi _1),(u_2,b_2,\psi _2),\dots$| of all triples |$(u,b,\psi )$| such that u and b are nonnegative integer numbers and |$\psi \in \Phi$| is a formula.

We define chain |$T=T_1\sqsubseteq T_2\sqsubseteq T_3\sqsubseteq \dots$| recursively. Suppose that tree |$T_k=(\alpha_k,\beta_k,E_k,\ell _k, S_k)$| is already defined. If |$T_k$| is |$(u,b,\psi )$|-complete for each |$u\lt \alpha_k$|⁠, |$b\lt \beta_k$|⁠, and |$\psi \in \Phi$|⁠, then let |$T_{k+1}=T_k$|⁠. Otherwise, let |$i_{min}$| be the smallest i such that |$u_i\lt \alpha_k$|⁠, |$b_i\lt \beta_k$|⁠, and |$T_k$| is not |$(u_i,b_i,\psi _i)$|-complete. By Lemma 15, tree |$T_k$| can be extended to a finite |$(u_i,b_i,\psi _i)$|-complete tree |$T_{k+1}$|⁠.

Let |$T^{\prime }=\cup _{k\ge 1} T_k=(\alpha^{\prime },\beta^{\prime },E^{\prime },\ell ^{\prime }, S^{\prime })$|⁠. Note that |$T^{\prime }$| is an extension of all trees |$T_k$| by Lemma 12. |$T^{\prime }$| is |$(u,b,\psi )$|-complete for each |$u\lt \alpha^{\prime }$| and |$b\lt \beta^{\prime }$| by the construction of the chain |$T=T_1\sqsubseteq T_2\sqsubseteq T_3\sqsubseteq \dots$| and Lemma 13. Therefore, |$T^{\prime }$| is complete by Lemma 14.

For each complete loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$|⁠, let canonical model |$M(T)$| be defined as the tuple |$(\alpha,\beta,\lbrace \sim \rbrace _{x\in V},\pi )$|⁠, such that

1. |$(w_1,a_1)\sim _x(w_2,a_2)$| if |$(w_1,a_1)\stackrel{\lbrace x\rbrace }{\rm o\!\!-\!\!o }(w_2,a_2)$| for each |$x\in V$|⁠, each |$w_1,w_2\in \alpha$|⁠, and each |$a_1,a_2\in \beta$|⁠,

2. |$\pi (p)=\lbrace (w,a)\in \alpha\times \beta \,\,| \,\,p\in S_{wa}\rbrace$| for each p.

|$(w_1,a_1)\sim _X(w_2,a_2)$| iff |$(w_1,a_1)\stackrel{X}{\rm o\!\!-\!\!o }(w_2,a_2)$|⁠, for each |$w_1,w_2\in \alpha$|⁠, each |$a_1,a_2\in \beta$|⁠, and each dataset |$X\subseteq V$|⁠.

By the definition, the statement |$(w_1,a_1)\sim _X(w_2,a_2)$| is equivalent to the statement that |$(w_1,a_1)\sim _x(w_2,a_2)$| for each data variable |$x\in X$|⁠. By item 1 of Definition 11, the last statement is equivalent to the statement that |$(w_1,a_1)\stackrel{\lbrace x\rbrace }{\rm o\!\!-\!\!o }(w_2,a_2)$| for each data variable |$x\in X$|⁠. By Definition 6, the previous statement is equivalent to the statement that for each |$x\in X$| there is a simple path between nodes |$(w_1,a_1)$| and |$(w_2,a_2)$| such that all edges along this path are labeled with date variable x. Note that in any tree there is a unique simple path between any two nodes. Thus, the last statement is equivalent to the statement that all edges along this unique simple path between nodes |$(w_1,a_1)$| and |$(w_2,a_2)$| are labeled with each variable from set X. Finally, by Definition 6, the previous statement is equivalent to |$(w_1,a_1)\stackrel{X}{\rm o\!\!-\!\!o }(w_2,a_2)$|⁠.

|$w,a\Vdash \varphi$| iff |$\varphi \in S_{wa}$|⁠, for any formula |$\varphi \in \Phi$|⁠, any world |$w\in \alpha$|⁠, and any agent |$a\in \beta$| of any canonical model |$M(T)$| based on a complete loaded Cartesian tree |$T=(\alpha,\beta,E,\ell , S)$|⁠.

We prove the statement of the lemma by induction on structural complexity of formula |$\varphi$|⁠. If formula |$\varphi$| is an atomic proposition, then the statement of the lemma follows from item 1 of Definition 2 and item 2 of Definition 11. The case when formula |$\varphi$| is a negation or a disjunction follows from items 3 and 4 of Definition 2 and the fact that |$S_{wa}$| is a maximal consistent set in the standard way.

Suppose that formula |$\varphi$| has the form |$!X$|⁠.

|$(\Rightarrow ):$| Assume that |$!X\notin S_{wa}$|⁠. Then, by item 1 of Definition 9, there is a node |$(w^{\prime },a^{\prime })$| such that |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a^{\prime })$| and |$a\ne a^{\prime }$|⁠. Hence, |$(w,a)\sim _X(w^{\prime },a^{\prime })$| by Lemma 16. Therefore, |$w,a\nVdash !X$| by item 2 of Definition 2.

|$(\Leftarrow ):$| Assume that |$w,a\nVdash \, !X$|⁠. Then, by item 2 of Definition 2, there exist a world |$w^{\prime }$| and an agent |$a^{\prime }$| such that |$(w,a)\sim _X (w^{\prime },a^{\prime })$| and |$a\ne a^{\prime }$|⁠. Hence, |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o } (w^{\prime },a^{\prime })$| by Lemma 16. Therefore, |$!X\notin S_{wa}$| by item 2(a) of Definition 7 applied contrapositively.

Suppose that formula |$\varphi$| has the form |${\sf O}_X\psi$|⁠.

|$(\Rightarrow ):$| Assume that |${\sf O}_X\psi \notin S_{wa}$|⁠. Then, by item 2 of Definition 9, there is a node |$(w^{\prime },a)$| such that |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a)$| and |$\psi \notin S_{w^{\prime }a}$|⁠. Hence, |$(w,a)\sim _X(w^{\prime },a)$| by Lemma 16 and |$w^{\prime },a\nVdash \psi$| by the induction hypothesis. Therefore, |$w,a\nVdash {\sf O}_X\psi$| by item 5 of Definition 2.

|$(\Leftarrow ):$| Suppose that |${\sf O}_X\psi \in S_{wa}$|⁠. Consider any world |$w^{\prime }$| such that |$(w,a)\sim _X(w^{\prime },a)$|⁠. By item 5 of Definition 2, it suffices to show that |$w^{\prime },a\Vdash \psi$|⁠.

The assumption |$(w,a)\sim _X(w^{\prime },a)$| implies |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a)$| by Lemma 16. Then, |${\sf O}_X\psi \in S_{w^{\prime }a}$| by item 2(b) of Definition 7 and the assumption |${\sf O}_X\psi \in S_{wa}$|⁠. Hence, |$S_{w^{\prime }a}\vdash \psi$| by the Truth axiom and the Modus Ponens inference rule. Thus, |$\psi \in S_{w^{\prime }a}$| because |$S_{w^{\prime }a}$| is a maximal consistent set. Therefore, |$w^{\prime },a\Vdash \psi$| by the induction hypothesis.

Suppose that formula |$\varphi$| has the form |${\sf D}_X\psi$|⁠.

|$(\Rightarrow ):$| Assume that |${\sf D}_X\psi \notin S_{wa}$|⁠. Then, by item 3 of Definition 9, there is a node |$(w^{\prime },a^{\prime })$| such that |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a^{\prime })$| and |$\psi \notin S_{w^{\prime }a^{\prime }}$|⁠. Hence, |$(w,a)\sim _X(w^{\prime },a^{\prime })$| by Lemma 16 and |$w^{\prime },a^{\prime }\nVdash \psi$| by the induction hypothesis. Therefore, |$w,a\nVdash {\sf D}_X\psi$| by item 6 of Definition 2.

|$(\Leftarrow ):$| Suppose that |${\sf D}_X\psi \in S_{wa}$|⁠. Consider any world |$w^{\prime }$| and any agent |$a^{\prime }$| such that |$(w,a)\sim _X(w^{\prime },a^{\prime })$|⁠. By item 6 of Definition 2, it suffices to show that |$w^{\prime },a^{\prime }\Vdash \psi$|⁠.

The assumption |$(w,a)\sim _X(w^{\prime },a^{\prime })$| implies |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a^{\prime })$| by Lemma 16. Then, |${\sf D}_X\psi \in S_{w^{\prime }a^{\prime }}$| by item 2(c) of Definition 7 and the assumption |${\sf D}_X\psi \in S_{wa}$|⁠. Then, |$S_{w^{\prime }a^{\prime }}\vdash \psi$| by Lemma 5. Thus, |$\psi \in S_{w^{\prime }a^{\prime }}$| because |$S_{w^{\prime }a^{\prime }}$| is a maximal consistent set. Therefore, |$w^{\prime },a^{\prime }\Vdash \psi$| by the induction hypothesis.

Suppose that formula |$\varphi$| has the form |${\sf R}_X\psi$|⁠.

|$(\Rightarrow ):$| Assume that |${\sf R}_X\psi \notin S_{wa}$|⁠. Then, by item 4 of Definition 9, there is a node |$(w^{\prime },a^{\prime })$| such that |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a^{\prime })$| and |$\psi \notin S_{w^{\prime }a}$|⁠. Hence, |$(w,a)\sim _X(w^{\prime },a^{\prime })$| by Lemma 16 and |$w^{\prime },a\nVdash \psi$| by the induction hypothesis. Therefore, |$w,a\nVdash {\sf R}_X\psi$| by item 7 of Definition 2.

|$(\Leftarrow ):$| Suppose that |${\sf R}_X\psi \in S_{wa}$|⁠. Consider any world |$w^{\prime }$| and any agent |$a^{\prime }$| such that |$(w,a)\sim _X(w^{\prime },a^{\prime })$|⁠. By item 7 of Definition 2, it suffices to show that |$w^{\prime },a\Vdash \psi$|⁠.

The assumption |$(w,a)\sim _X(w^{\prime },a^{\prime })$| implies |$(w,a)\stackrel{X}{\rm o\!\!-\!\!o }(w^{\prime },a^{\prime })$| by Lemma 16. Then, |$\psi \in S_{w^{\prime }a}$| by item 2(d) of Definition 7 and the assumption |${\sf R}_X\psi \in S_{wa}$|⁠. Therefore, |$w^{\prime },a\Vdash \psi$| by the induction hypothesis.

For any set of formulae |$\Gamma \subseteq \Phi$| and any formula |$\varphi \in \Phi$|⁠, if |$\Gamma \nvdash \varphi$|⁠, then there is a world |$w\in W$| and an agent |$a\in \mathcal {A}$| of some model, such that |$w,a\Vdash \gamma$| for each formula |$\gamma \in \Gamma$| and |$w,a\nVdash \varphi$|⁠.

The assumption |$\Gamma \nvdash \varphi$| implies that the set |$\Gamma \cup \lbrace \lnot \varphi \rbrace$| is consistent. Let |$\Delta$| be any maximal consistent extension of this set. Consider the loaded Cartesian tree |$(1,1,\varnothing ,\varnothing ,S)$|⁠, where |$S_{00}=\Delta$|⁠. In other words, the loaded cartesian tree consists of a single node (0,0) labeled with set |$\Delta$|⁠. Because the set of edges is empty, the tuple |$(1,1,\varnothing ,\varnothing )$| is a Cartesian tree by Definition 5. Thus, to prove that the tuple |$(1,1,\varnothing ,\varnothing ,S)$| is a loaded Cartesian tree, it suffices to show that conditions 2(a)-(d) of Definition 7 are satisfied. Conditions 2(a)-(c) are vacuously satisfied because the tree has only one node. To verify condition 2(d), it suffices to show that if |${\sf R}_X\psi \in S_{00}$|⁠, then |$\psi \in S_{00}$|⁠. Indeed, the assumption |${\sf R}_X\psi \in S_{00}$| implies |$S_{00}\vdash \psi$| by Lemma 5 and the Modus Ponens inference rule. Therefore, |$\psi \in S_{00}$| because |$S_{00}$| is a maximal consistent set.

By Theorem 5, tree |$(1,1,\varnothing ,\varnothing ,S)$| can be extended to a complete loaded Cartesian tree |$T^{\prime }=(\alpha,\beta,E,\ell , S^{\prime })$|⁠. Note that |$S^{\prime }_{00}=S_{00}=\Delta \supseteq \Gamma \cup \lbrace \lnot \varphi \rbrace$| by item 5 of Definition 8. Consider canonical model |$M(T^{\prime })$|⁠. By Lemma 17, we have |$0,0\Vdash \gamma$| for each |$\gamma \in \Gamma$| and |$0,0\Vdash \lnot \varphi$| because |$\Gamma \cup \lbrace \lnot \varphi \rbrace \subseteq S^{\prime }_{00}$|⁠. Note that the statement |$0,0\Vdash \lnot \varphi$| implies |$0,0\nVdash \varphi$| by item 3 of Definition 2.

The inference rule |$\frac{\varphi }{\Box _{X}\varphi }$|⁠, where |$\Box \in \lbrace {\sf O},{\sf R}\rbrace$|⁠, is derivable.

Suppose that |$\vdash \varphi$|⁠. Thus, |$\vdash {\sf D}_X\varphi$| by the Necessitation inference rule. Hence, |$\vdash {\sf O}_X\varphi$| by the Overt Knowledge axiom and the Modus Ponens inference rule. This proves that the rule |$\frac{\varphi }{{\sf O}_{X}\varphi }$| is derivable.

To prove derivability of the rule |$\frac{\varphi }{{\sf R}_{X}\varphi }$|⁠, assume again that |$\vdash \varphi$|⁠. Thus, |$\vdash {\sf D}_\varnothing \varphi$| by the Necessitation inference rule. Hence, |$\vdash {\sf R}_\varnothing \varphi$| by the Data-Free Knowledge axiom and the Modus Ponens inference rule. Therefore, |$\vdash {\sf R}_X\varphi$| by the Monotonicity axiom and the Modus Ponens inference rule.

At the same time, |$\lnot \Box _X\varphi \rightarrow \Box _X\lnot \Box _X\varphi$| is an instance of the Negative Introspection axiom. Thus, |$\vdash \lnot \Box _X\lnot \Box _X\varphi \rightarrow \Box _X\varphi$| by the law of contrapositive in the propositional logic. Hence, |$\vdash \Box _X(\lnot \Box _X\lnot \Box _X\varphi \rightarrow \Box _X\varphi )$| by either the Necessitation inference rule (if |$\Box$| is modality |${\sf D}$|⁠) or Lemma 18 (if |$\Box$| is modality |${\sf O}$|⁠). Thus, by the Distributivity axiom and the Modus Ponens inference rule, |$\vdash \Box _X\lnot \Box _X\lnot \Box _X\varphi \rightarrow \Box _X\Box _X\varphi .$| The latter, together with statement (), implies the statement of the lemma by propositional reasoning.

If |$\Gamma ,\varphi \vdash \psi$|⁠, then |$\Gamma \vdash \varphi \rightarrow \psi$|⁠.

Suppose that sequence |$\psi _1,\dots ,\psi _n$| is a proof from set |$\Gamma \cup \lbrace \varphi \rbrace$| and the theorems of our logical system that uses the Modus Ponens inference rule only. In other words, for each |$k\le n$|⁠, either

1. |$\vdash \psi _k$|⁠, or

2. |$\psi _k\in \Gamma$|⁠, or

3. |$\psi _k$| is equal to |$\varphi$|⁠, or

4. there are |$i,j\lt k$| such that formula |$\psi _j$| is equal to |$\psi _i\rightarrow \psi _k$|⁠.

It suffices to show that |$\Gamma \vdash \varphi \rightarrow \psi _k$| for each |$k\le n$|⁠. We prove this by induction on k by considering the four cases above separately.

Case 1:  |$\vdash \psi _k$|⁠. Note that |$\psi _k\rightarrow (\varphi \rightarrow \psi _k)$| is a propositional tautology, and thus, is an axiom of our logical system. Hence, |$\vdash \varphi \rightarrow \psi _k$| by the Modus Ponens rule. Therefore, |$\Gamma \vdash \varphi \rightarrow \psi _k$|⁠.

Case 2:  |$\psi _k\in \Gamma$|⁠. Note again that |$\psi _k\rightarrow (\varphi \rightarrow \psi _k)$| is a propositional tautology, and thus, is an axiom of our logical system. Therefore, by the Modus Ponens rule, |$\Gamma \vdash \varphi \rightarrow \psi _k$|⁠.

Case 3: formula |$\psi _k$| is equal to |$\varphi$|⁠. Thus, |$\varphi \rightarrow \psi _k$| is a propositional tautology. Therefore, |$\Gamma \vdash \varphi \rightarrow \psi _k$|⁠.

Case 4: formula |$\psi _j$| is equal to |$\psi _i\rightarrow \psi _k$| for some |$i,j\lt k$|⁠. Thus, by the induction hypothesis, |$\Gamma \vdash \varphi \rightarrow \psi _i$| and |$\Gamma \vdash \varphi \rightarrow (\psi _i\rightarrow \psi _k)$|⁠. Note that formula |$(\varphi \rightarrow \psi _i)\rightarrow ((\varphi \rightarrow (\psi _i\rightarrow \psi _k))\rightarrow (\varphi \rightarrow \psi _k))$| is a propositional tautology. Therefore, |$\Gamma \vdash \varphi \rightarrow \psi _k$| by applying the Modus Ponens inference rule twice.

Therefore, |$\Box _X\varphi _1,\dots ,\Box _X\varphi _n\vdash \Box _X\psi$| by applying the previous steps |$(n-1)$| more times.