Metric Integer Interval Temporal Logic. Mathematics and Applications

Transcription

1 Metric Integer Interval Temporal Logic Samuel Lukas Vogel Thesis to obtain the Master of Science Degree in Mathematics and Applications Supervisor(s): Prof. João Rasga Examination Committee Chairperson: Prof. Maria Cristina de Sales Viana Serôdio Sernadas Supervisor: Prof. João Filipe Quintas dos Santos Rasga Member of the Committee: Prof. Manuel António Gonçalves Martins April 2016

2 ii

3 iii Dedicated to Catarina Pinheiro.

4 iv

5 Acknowledgments Deepest gratitude and appreciation for the help, support, advices, guidance, suggestions and valuable comments are extended to João Rasga, my thesis adviser. v

6 vi

7 Resumo Em computação, raciocinar sobre tempo real é fundamental, dadas as numerosas aplicações que dependem disso. Recentemente a lógica temporal tem desempenhado um papel cada vez mais importante na solução deste problema, como se comprova pelo sucesso da Metric Interval Temporal Logic (MITL). Nesta tese tentamos preencher a lacuna que existe entre a lógica temporal discreta e a lógica temporal densa, propondo e estudando uma nova lógica, Metric Integer Interval Temporal Logic (MIIT L), com intervalos explícitos como em MIT L, mas em tempo discreto como Propositional Linear Temporal Logic (PLT L). Com este objetivo em mente, mostramos que o problema da satisfação em MIITL é decidível e provamos que PLTL é equivalente a MIITL. Apresentamos também um sistema axiomático fortemente completo para um fragmento de MIIT L. Por fim reduzimos um fragmento de MITL a MIITL, o que pode ser útil, dado o salto de complexidade entre as duas lógicas. Palavras-chave: Lógica Temporal sobre Tempo Discreto, Lógica Temporal sobre Tempo Real, MITL, PLTL. vii

8 viii

9 Abstract In computer science, reasoning about real-time is an important issue, given that numerous applications depend on it. In recent years temporal logic has been found to be very useful in the matter, as can be seen by the success of Metric Interval Temporal Logic (MITL). In this thesis we try to bridge the gap between discrete and explicit dense time logics by introducing a new logic, Metric Integer Interval Temporal Logic (MIIT L), with explicit intervals as MIT L but over discrete time as Propositional Linear Temporal Logic (PLTL). We propose an algorithm for the satisfiability problem of MIITL and show that PLTL is equivalent to MIITL. Moreover we provide a strongly complete axiom system for a bounded fragment of MIITL. Finally, we reduce a bounded MITL fragment to MIITL, which can be useful, given the leap of complexity from reasoning in discrete-time to reasoning in dense-time. Keywords: Temporal Logics for Dicrete Time Reasoning, Temporal Logics for Dense Time Reasoning, MITL, PLTL. ix

10 x

11 Contents Acknowledgments v Resumo vii Abstract ix 1 Introduction 1 2 MIT L 3 3 MIIT L 5 4 PLT L 15 5 Equivalence between PLT L and MIIT L PLTL Equivalence Strongly complete deductive calculus for MIITL 21 7 Relation between MITL and MIITL 31 8 Conclusions 37 Bibliography 39 xi

12 xii

13 Chapter 1 Introduction Temporal logics constitute a well-known topic of study in theoretical computer science. They are a special type of modal logic widely used for reasoning about hardware and software systems. Motivated by philosophical matters, Arthur Prior in 1955 formalized temporal logics by developing tense logics from modal logics. In his book [Pri55] he enriched propositional modal logic with two temporal operators F (future) and P (past) initializing the modern era of temporal logics. Later, in 1968 Kamp [Kam68] proposed the until U and since S operators, extending the expressiveness of temporal logics. The original philosophical motivation of temporal logics was then overshadowed by the wide range of applications introduced by the work of Amir Pnueli [Pnu77]. He revolutionized temporal logics and program verification by realizing that the work of Prior could be applied to computer programs. In [Pnu77] Pnueli introduced Propositional Linear Temporal Logic PLT L (or Linear Time Temporal Logic - LT L) which is a reference for reasoning in discrete, linear time. Since then, PLT L has been widely studied. For example its satisfiability problem has been shown to be PSPACE-complete. Even though PLTL had a profound impact in computer science, it has some shortcomings in time reasoning. Systems can be modeled in PLT L by a sequence of states, by specifying their order, but PLTL cannot specify their precise times. In an attempt to expand the expressiveness of PLTL to real time, Alur, Feder and Henziger introduced Metric Interval Temporal Logic MIT L [AFH96], which is the standard for reasoning in dense time. MITL semantics consist of a sequence of states and a sequence of intervals, where each state is associated to an interval over the reals. MITL formulas are built from a timed-constrained version of the until operator U I, where I is a non-singular interval. The resulting logic can constrain the time derence between events only with finite precision and its satisfiability problem is EXPSPACE-complete. Temporal logics continue to be a current subject of investigation in computer science, as can be seen by the research in reasoning about quantum systems [MRSS10]. 1

14 Contributions This thesis has two main goals: to explore the expressiveness of a discrete linear temporal logic with explicit Until operators and to relate MIT L with discrete linear temporal logics. The main original contributions of this thesis are: a new linear temporal logic with explicit constrained Until operators, MIT L; an algorithm for the satisfiability problem in MIIT L; the proof that MIITL is equivalent to PLTL; a complete axiom system for MIITL, a fragment of MIITL; the reduction of a fragment of MITL to MIITL, proving that not all formulas in MITL require a dense time domain. Overview The remainder of the thesis is organized as follows: in section 2, we recall the syntax and semantics of MITL, as well as some results of [AFH96]. In section 3, we introduce MIITL a new linear time logic, with constrained Until operators and show its decidability. In section 4, we recall the syntax and semantics of PLTL. In section 5, we show the equivalence between PLTL and MIITL. In section 6, we introduce MIITL, a fragment of MIITL and propose a strongly complete axiom system for it. And finally, in section 7, we show that indeed a fragment of MITL is reducible to MIITL. 2

15 Chapter 2 MITL As mentioned in the introduction, the development of linear temporal logic and its applications in model checking revolutionized temporal logics, albeit its biggest shortcoming, the inability to express quantitative timing requirements. In PLT L, systems can be modeled by a sequence of states, by specifying their order, but PLTL cannot specify their precise times. In recent years much work has been done into expanding the expressiveness of PLT L to real time. Koymans was one of the first to tackle this issue. In [Koy90] he introduced Metric Temporal Logic (MTL). MTL temporal operators are constrained by intervals over the reals, for example [1,2] p means that p will be true at all instants in the interval [1, 2]. Unfortunately, later in [Hen91], Henziger proved that the satisfiability problem in MT L is undecidable. This is due to the expressiveness and density of the logic, which allow reducing the halting problem to the satisfiability problem. The halting computations of a Turing Machine can be specified by a MTL formula, so deciding the satisfiability of such a formula is the same as solving the halting problem. Metric Interval Temporal Logic rises from the attempt to find a decidable real-time logic. In the paper [AFH96] Alur, Feder and Henziger propose MITL as a relaxation of MTL. By prohibiting singular time intervals from constraining temporal operators in MTL (e.g. {2} p, which means that p will be true exactly at time 2) the authors obtained a decidable logic. Further research provided a weakly complete axiomatization for MIT L [SRHF02]. Here we recall the syntax and semantics of MITL as in [AFH96], as well as some relevant results for our work presented in that paper. Given a finite set P of propositions, formulas in MITL are inductively defined as follows. ϕ ::= p ϕ ϕ ϕ ϕ U I ϕ where p P and I is a nonsingular interval, with positive integer endpoints. We introduce some standard abbreviations for additional temporal operators. I ϕ abv (ϕ ϕ) U I ϕ (timed constrained eventually) and I ϕ abv ((ϕ ϕ) U I ϕ) (timed constrained always). A time interval is a nonempty convex subset of R 0. Intervals have one of the following forms: [a, b], [a, b[, [a, [, ]a, b], ]a, b[, ]a, [, where a b and a, b R 0. For an interval I of the above form, 3

16 l(i) = a and for a bounded I, r(i) = b. An interval I is singular if it is of the form [a, a]. Two intervals are adjacent if their union is a convex subset of R and their intersection is empty. Definition 1. A set s is said to be a state if s P. Moreover s satisfies a proposition p, written s = p, if p s. Definition 2. A state sequence s = (s 0, s 1, s 2,...) is an infinite sequence of states. An interval sequence Ī = (I 0, I 1, I 2,...) is an infinite sequence of time intervals such that: I 0 is left-closed and l(i 0 ) = 0; for all i, the intervals I i and I i+1 are adjacent; for all t R 0, t belongs to some interval I i. Definition 3. A timed state sequence σ = ( s, Ī) is a tuple formed by an infinite sequence of states and an infinite interval sequence. For t 0 and t I i, by σ (t) we refer to the state s i. Definition 4. Given a timed state sequence σ and t I i, we denote by σ t the timed state sequence ( s, Ī ), s.t s = (s i, s i+1,...) and Ī = ((I i t) [0, [, I i+1 t,...) Definition 5. The satisfaction relation σ = ϕ is inductively defined as follows: σ = p p s 0 ; σ = ϕ σ = ϕ; σ = ϕ 1 ϕ 2 σ = ϕ 1 and σ = ϕ 2 ; σ = ϕ 1 U I ϕ 2 t I : σ t = ϕ 2 and t ]0, t[ σ t = ϕ 1. The paper [AFH96] also shows that MITL cannot distinguish the time domain R 0 from the time domain Q 0. This means that replacing the time domain over the reals by a time domain over the rationals does not change the satisfiability of any formula in MIT L. We recall here those results. Definition 6. The timed state sequence σ = ( s, Ī) is rational for all intervals in Ī, their endpoints are rational. Definition 7. Given a rational timed state sequence σ and a MITL-formula ϕ, we denote by = Q the satisfaction relation = of definition 5 redefined so that all time quantifiers range over Q 0 only. We say that σ Q-satisfies ϕ σ = Q ϕ. Definition 8. The MIT L-formula ϕ is Q-satisfiable there is a rational timed state sequence that Q- satisfies ϕ. Theorem 1. Given a MITL-formula ϕ, ϕ is Q-satisfiable ϕ is satisfiable. The paper [AFH96] also provides an algorithm for reducing the problem of satisfiability in MIT L to the problem of the emptiness of timed automata. Theorem 2. The satisfiability problem for MIT L is EXPSPACE-complete. 4

17 Chapter 3 MIITL In this section we introduce a new logic, MIITL, similar to MITL, where time state sequences are defined over the naturals. This new formalism tries to bridge the discreteness of PLT L and the explicit intervals of MIT L by capturing the constrained temporal operators of MIT L as well as the discreteness of PLTL. We also provide an algorithm that reduces the problem of satisfiability of MIITL to the problem of Büchi automata emptiness. Definition 9. We define integer intervals as follows: {i N : a i b} a N, b N { } and a b [a : b] = otherwise In the sequel given an integer interval I = [a : b] and i N with i a, we denote by I i the integer interval [a i : b i]. And given j N, we denote by I + j the integer interval [a + j : b + j]. Given a finite set P of propositions, formulas in MIITL are inductively defined as follows. ϕ ::= p ϕ ϕ ϕ ϕ U I ϕ where p P, U is the time constrained Until operator and I is an integer interval. Now we define the semantics of MIITL. Definition 10. A set s is said to be a state if s P. And s satisfies a proposition p, written s = p if p s. Definition 11. A state sequence τ is an infinite sequence of states. In the sequel given a state sequence τ = (s 0, s 1,...) and i N, we denote by τ i the timed state sequence (s i, s i+1,...). Definition 12. The satisfaction relation τ = ϕ is inductively defined as follows: τ = p p s 0 ; τ = ϕ τ = ϕ; τ = ϕ 1 ϕ 2 τ = ϕ 1 and τ = ϕ 2 ; 5

18 τ = ϕ 1 U I ϕ 2 t I τ t = ϕ 2 and t [1 : t 1] τ t = ϕ 1. Definition 13. A formula ϕ is entailed by a set Γ of formulas, written Γ = ϕ, if for every state sequence τ, τ = ϕ whenever τ = γ, for each γ Γ. Definition 14. Given a formula ϕ and t N, ϕ t is defined as (ϕ ϕ) U [t:t] ϕ. Proposition 1. Given a state sequence τ, a formula ϕ and a natural i, τ = ϕ i τ i = ϕ. Proof. Indeed: τ = ϕ i τ = (ϕ ϕ) U [i:i] ϕ t [i : i] τ t = ϕ and t [1 : i 1] τ t = ϕ ϕ τ i = ϕ Proposition 2 (Non-Compactness of MIITL). There is an infinite set Γ, such that and a ϕ, Γ = ϕ and there is no finite subset Γ f Γ such that Γ f = ϕ. Proof. Let p P, Γ = {p i : i N} and ϕ = ((p p) U [0: ] p). Observe that τ = ((p p) U [0: ] p) there is no t [0 : ] τ t = p and t [1 : t 1] τ t = p p there is no t [0 : ] τ t = p τ i = p, i N Hence, for all state sequences τ that satisfy Γ, by proposition 1, τ i = p for all i N, so τ = ϕ. Hence Γ = ϕ. Now take any finite subset Γ f Γ, Γ f = {p i : i {i 0,..., i n }}. There is τ = Γ f s.t. τ = p j, i.e. τ j = p by prop. 1 where j {i 0,..., i n }, which implies that τ = ϕ. Hence Γ f = ϕ. The absence of compactness for satisfiability implies that there is no sound, strongly complete deductive system for MIIT L. Decidability Now we show that the problem of satisfiability in MIITL can be reduced to the problem of the emptiness of Büchi automata. We begin by defining a normal form of the formulas of MIITL. Definition 15. We define the Unless operator by abbreviation, ϕ 1 W I ϕ 2 abv (( ϕ 2 ) U I ( ϕ 1 )). Proposition 3. Let τ be a state sequence, then τ i = ϕ 1 W I ϕ 2 t I τ i+t = ϕ 1 or t > 0 : τ t+i = ϕ 2 and t I, t t τ t +i = ϕ 1. 6

19 Proof. τ i = (( ϕ 2 ) U I ( ϕ 1 )) τ i = ( ϕ 2 ) U I ( ϕ 1 ) t I τ i+t = ϕ 1 or t > 0 : τ t+i = ϕ 2 and t I, t t τ t +i = ϕ 1 t I τ i+t = ϕ 1 or t > 0 : τ t+i = ϕ 2 and t I, t t τ t +i = ϕ 1 Proposition 4. Let ϕ 1 and ϕ 2 be formulas. Then: 1. Let τ be a state sequence and I s.t. l(i) > 1. Then τ i = ϕ 1 U I ϕ 2 τ i+1 = ϕ 1 and τ i+1 = ϕ 1 U I 1 ϕ Let τ be a state sequence and b s.t. b > 1. Then τ i = ϕ 1 U [1:b] ϕ 2 τ i+1 = ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 U [1:b 1] ϕ 2 ). 3. Let τ be a state sequence. Then τ i = ϕ 1 U [1:1] ϕ 2 τ i+1 = ϕ Let τ be a state sequence and I s.t. l(i) > 1. Then τ i = ϕ 1 W I ϕ 2 τ i+1 = ϕ 2 or τ i+1 = ϕ 1 W I 1 ϕ Let τ be a state sequence and b s.t. b > 1. Then τ i = ϕ 1 W [1:b] ϕ 2 τ i+1 = ϕ 2 ϕ 1 or τ i+1 = ϕ 1 (ϕ 1 W [1:b 1] ϕ 2 ). 6. Let τ be a state sequence. Then τ i = ϕ 1 W [1:1] ϕ 2 τ i+1 = ϕ Let τ be a state sequence. Then τ i = ϕ 1 U [1: ] ϕ 2 either τ i+1 = ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 U [1: ] ϕ 2 ). 8. Let τ be a state sequence. Then τ i = ϕ 1 W [1: ] ϕ 2 either τ i+1 = ϕ 1 ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 W [1: ] ϕ 2 ). Proof. 1. τ i = ϕ 1 U I ϕ 2, l(i) > 1 t I : τ i+t = ϕ 2 and t [1 : t 1] τ i+t = ϕ 1 τ i+1 = ϕ 1 and t I 1 : τ i+t+1 = ϕ 2 and t [1 : t 1] τ i+t +1 = ϕ 1 τ i+1 = ϕ 1 and τ i+1 = ϕ 1 U I 1 ϕ 2 7

20 2. τ i = ϕ 1 U [1:b] ϕ 2, b > 1 t [1 : b] : τ i+t = ϕ 2 and t [1 : t 1] τ i+t = ϕ 1 τ i+1 = ϕ 2 or t [1 : b 1] : τ i+t+1 = ϕ 2 and t [0 : t 1] τ i+t +1 = ϕ 1 τ i+1 = ϕ 2 or t [1 : b 1] : τ i+t+1 = ϕ 2, t [1 : t 1] τ i+t +1 = ϕ 1 and τ i+1 = ϕ 1 τ i+1 = ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 U [1:b 1] ϕ 2 ) 3. τ i = ϕ 1 U [1:1] ϕ 2 τ i+1 = ϕ 2 4. τ i = ϕ 1 W I ϕ 2, l(i) > 1 t I τ i+t = ϕ 1 or t > 0 : τ t+i = ϕ 2 and t I, t t τ t +i = ϕ 1 τ i+1 = ϕ 2 or t I 1 τ i+t+1 = ϕ 1 or t > 1 : τ t+i = ϕ 2 and t I, t t τ t +i = ϕ 1 τ i+1 = ϕ 2 or t I 1 τ i+t+1 = ϕ 1 or t > 0 : τ t+i+1 = ϕ 2 and t I 1, t t τ t +i+1 = ϕ 1 τ i+1 = ϕ 2 or τ i+1 = ϕ 1 W I 1 ϕ 2 5. τ i = ϕ 1 W [1:b] ϕ 2, b > 1 t [1 : b] τ i+t = ϕ 1 or t > 0 : τ t+1 = ϕ 2 and t [1 : b], t t τ t +i = ϕ 1 t [1 : b] τ i+t = ϕ 1 or t > 1 : τ t+i = ϕ 2 and t [1 : b], t t τ t +i = ϕ 1 or τ i+1 = ϕ 1 ϕ 2 τ i+1 = ϕ 1 ϕ 2 or τ i = ϕ 1 and ( t [1 : b] τ i+t+1 = ϕ 1 or t > 0 : τ t+i+1 = ϕ 2 and t [1 : b 1], t t τ t +i+1 = ϕ 1 ) τ i+1 = ϕ 1 ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 W [1:b 1] ϕ 2 ) 8

21 6. τ i = ϕ 1 W [1:1] ϕ 2 τ i+1 = ϕ 1 7. τ i = ϕ 1 U [1: ] ϕ 2 t [1 : ] : τ i+t = ϕ 2 and t [1 : t 1] τ i+t = ϕ 1 τ i+1 = ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 U [1: ] ϕ 2 ) 8. τ i = ϕ 1 W [1: ] ϕ 2 t [1 : ] τ i+t = ϕ 1 or t > 0 : τ t+i = ϕ 2 and t [1 : ], t t τ t +i = ϕ 1 τ i+1 = ϕ 1 ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 W [1: ] ϕ 2 ) Proposition 5. Given a formula in MIITL there is an equivalent formula with until and unless operators, conjunctions and disjunctions and where all negations are in front of propositions. Proof. First we prove that each formula of the form ϕ, where the head of ϕ is not, is equivalent to a formula ϕ with until and unless operators, conjunctions and disjunctions where all negations are in front of propositions. Proof is done by induction on the complexity of ϕ. Let τ be any state sequence such that τ = ϕ. [Base] ϕ P: let ϕ be ϕ which is the negation of a proposition. [Step] ϕ is ϕ 1 ϕ 2 : let ϕ be ϕ 1 ϕ 2. Then τ = ϕ τ = (ϕ 1 ϕ 2 ) τ = ϕ 1 or τ = ϕ 2 (IH) τ = ϕ 1 or τ = ϕ 2 τ = ϕ 1 ϕ 2 ; ϕ is ϕ 1 U I ϕ 2 : let ϕ be ϕ 2 W I ϕ 1. Then τ = ϕ τ = (ϕ 1 U I ϕ 2 ) (def. of the unless operator) τ = ( ϕ 2 ) W I ( ϕ 1 ) (IH) τ = ϕ 2 W I ϕ 1. Now it is clear how one can obtain the pretended formula from MIITL. Definition 16. A formula ϕ is in normal form it is built from propositions and negated propositions using conjunction, disjunction and temporal formulas of the following two types: ϕ 1 U I ϕ 2, l(i) 1; 9

22 ϕ 1 W I ϕ 2, l(i) 1. Proposition 6. For any given formula ϕ of MIITL there is an equivalent formula ϕ in normal form. Proof. By proposition 5, given a formula ϕ there is an equivalent formula ϕ with until and unless operators, conjunctions and disjunctions and where all negations are in front of propositions. Using the following equivalences ϕ can be transformed into ϕ. 1. (ϕ 1 U [0:b] ϕ 2 ) (ϕ 2 (ϕ 1 U [1:b] ϕ 2 )), b N { }; 2. (ϕ 1 W [0:b] ϕ 2 ) (ϕ 1 (ϕ 1 W [1:b] ϕ 2 )), b N { }. The equivalence 1. is immediate. For the equivalence 2. assume that τ = ϕ 1 W [0:b] ϕ 2 for a given state sequence τ. Then either t [0 : b] τ t = ϕ 1 or t > 0 : τ t = ϕ 2 and t [0 : b], t t τ t = ϕ 1. We consider two cases: t [0 : b] τ t = ϕ 1. Then τ = ϕ 1 and τ t = ϕ 1, t [1 : b]. Thus τ = (ϕ 1 (ϕ 1 W [1:b] ϕ 2 )); t > 0 : τ t = ϕ 2 and t [0 : b], t t τ t = ϕ 1. Then τ = ϕ 1 and t > 0 : τ t = ϕ 2 and t [1 : b], t t τ t = ϕ 1. Thus τ = (ϕ 1 (ϕ 1 W [1:b] ϕ 2 )). For the other direction if τ = ϕ 1 (ϕ 1 W [1:b] ϕ 2 ) then we have two possibilities: τ = ϕ 1 and τ t = ϕ 1 t [1 : b] thus τ = ϕ 1 W [0:b] ϕ 2 ; τ = ϕ 1 and t > 0 : τ t = ϕ 2 and t [1 : b], t t τ t = ϕ 1 thus τ = ϕ 1 W [0:b] ϕ 2. Hence τ = ϕ 1 W [0:b] ϕ 2 τ = ϕ 1 (ϕ 1 W [1:b] ϕ 2 ). Definition 17. Let φ be a formula in normal form, we define Closure(φ) as the smallest set satisfying the following conditions: if ψ is a subformula of φ then ψ Closure(φ); if ψ Closure(φ) and ψ is a proposition then ψ Closure(φ); if ϕ 1 U I ϕ 2 Closure(φ), l(i) > 1 then ϕ 1 U I 1 ϕ 2 Closure(φ); if ϕ 1 W I ϕ 2 Closure(φ), l(i) > 1 then ϕ 1 W I 1 ϕ 2 Closure(φ); if ϕ 1 U [1:b] ϕ 2 Closure(φ), b 1 and b N then ϕ 1 U [1:b 1] ϕ 2 Closure(φ); if ϕ 1 W [1:b] ϕ 2 Closure(φ), b 1 and b N then ϕ 1 W [1:b 1] ϕ 2 Closure(φ). Now we define the Generalized Büchi Automaton ([RR11]) A φ for every formula φ of MIITL in the normal form. Definition 18. Let φ be a formula in normal form, over the set of propositions P, we define the generalized nondeterministic Büchi automaton A φ = Q, Σ, δ, Q 0, F as follows. The set of states Q has all the subsets q of Closure(φ) such that: if ϕ 1 ϕ 2 q then {ϕ 1, ϕ 2 } q, if ϕ 1 ϕ 2 q then ϕ 1 or ϕ 2 q and for all propositions p in φ, p q p / q; 10

23 Σ is 2 P ; δ is defined as follows, (q i, s, q i+1 ) δ, for all s Σ, q i, q i+1 Q such that s is the set of propositions in q i and if ϕ 1 U I ϕ 2 q i and l(i) > 1 then {ϕ 1, ϕ 1 U I 1 ϕ 2 } q i+1 ; if ϕ 1 U [1:b] ϕ 2 q i then either ϕ 2 q i+1 or {ϕ 1, ϕ 1 U [1:b 1] ϕ 2 } q i+1 ; if ϕ 1 U [1:1] ϕ 2 q i then ϕ 2 q i+1 ; if ϕ 1 W I ϕ 2 q i, l(i) > 1 then either ϕ 2 q i+1 or ϕ 1 W I 1 ϕ 2 q i+1. if ϕ 1 W [1:b] ϕ 2 q i then either {ϕ 1, ϕ 2 } q i+1 or {ϕ 1, ϕ 1 W [1:b 1] ϕ 2 } q i+1 ; if ϕ 1 W [1:1] ϕ 2 q i then ϕ 1 q i+1 ; if ϕ 1 U [1: ] ϕ 2 q i then either ϕ 2 q i+1 or {ϕ 1, ϕ 1 U [1: ] ϕ 2 } q i+1 ; if ϕ 1 W [1: ] ϕ 2 q i then either {ϕ 1, ϕ 2 } q i+1 or {ϕ 1, ϕ 1 W [1: ] ϕ 2 } q i+1 ; Q 0 = {q Q : φ q}; F = {F ψ : ψ is ϕ 1 U [1: ] ϕ 2 Closure(φ)}, and F ψ = {q Q : ϕ 2 q or ψ / q}. If there is no formula of the form ϕ 1 U [1: ] ϕ 2 Closure(φ) then F = {Q}. Note that the infinite words in Σ of A φ coincide with the definition of state sequences. Proposition 7. Given a formula φ in the normal form, φ is satisfiable if L(A φ ). Proof. Suppose L(A φ ) and τ L(A φ ). Let q i be the i th state of the respective run. For all ϕ Closure(φ), we prove by induction on the complexity of ϕ, that if ϕ q i then τ i = ϕ. [Base 1 ] ϕ P: ϕ q i then ϕ s i of τ then τ i = ϕ. [Step 1 ] The Induction Hypothesis (IH 1 ) states that if ϕ q i then τ i = ϕ, for all ϕ Closure(φ) with less complexity than ϕ. ϕ is ψ and ψ P. ϕ q i, then by definition of Q, ψ / q i then ψ / s i thus τ i = ψ hence τ i = ϕ; ϕ is ϕ 1 ϕ 2 ϕ q i, by def. of Q, {ϕ 1, ϕ 2 } q i thus by IH 1 τ i = ϕ 1 and τ i = ϕ 2 thus τ i = ϕ 1 ϕ 2 ; ϕ is ϕ 1 ϕ 2 ϕ q i, by def. of Q, ϕ 1 q i or ϕ 2 q i thus by IH 1 τ i = ϕ 1 or τ i = ϕ 2 thus τ i = ϕ 1 ϕ 2 ; ϕ is ϕ 1 U [1:b] ϕ 2 ϕ q i, we prove this by induction on b. [Base 2 ] ϕ 1 U [1:1] ϕ 2 q i, by def. of δ ϕ 2 q i+1 then by IH 1 τ i+1 = ϕ 2 and by prop. 4.3 τ i = ϕ 1 U [1:1] ϕ 2. [Step 2 ] The Induction Hypothesis (IH 2 ) states that for all b b, if ϕ 1 U [1:b ] ϕ 2 q i then τ i = ϕ 1 U [1:b ] ϕ 2. If ϕ 1 U [1:b+1] ϕ 2 q i then by def. of δ either ϕ 2 q i+1 or {ϕ 1, ϕ 1 U [1:b] ϕ 2 } q i+1. if ϕ 2 q i+1 then by IH 1 τ i+1 = ϕ 2 and by prop. 4.2 τ i = ϕ 1 U [1:b+1] ϕ 2 ; 11

24 if {ϕ 1, ϕ 1 U [1:b] ϕ 2 } q i+1 then by the first IH 1 τ i+1 = ϕ 1 and by IH2 2 τ i+1 = ϕ 1 U [1:b] ϕ 2. Thus by prop. 4.2 τ i = ϕ 1 U [1:b+1] ϕ 2 ; ϕ is ϕ 1 U I ϕ 2 ϕ q i, and l(i) 1 we prove this by induction on l(i). [Base 3 ] l(i) = 1 is the previous case. [Step 3 ] The Induction Hypothesis (IH 3 ) states that for all I s.t. l(i) b, if ϕ 1 U I ϕ 2 q i then τ i = ϕ 1 U I ϕ 2. If ϕ 1 U I ϕ 2 q i then by def. of δ {ϕ 1, ϕ 1 U I 1 ϕ 2 } q i+1. By IH 1 τ i+1 = ϕ 1 and by IH 3 τ i+1 = (ϕ 1 U I 1 ϕ 2 ). Thus by prop. 4.1 τ i = ϕ 1 U I ϕ 2 ; ϕ is ϕ 1 W [1:b] ϕ 2 ϕ q i, we prove this by induction on b. [Base 4 ] ϕ 1 W [1:1] ϕ 2 q i then by def. of δ ϕ 1 q i+1, then by IH 1 τ i+1 = ϕ 1 and by prop. 4.6 τ i = ϕ 1 W [1:1] ϕ 2. [Step 4 ] The Induction Hypothesis (IH 4 ) states that for all b b, if ϕ 1 W [1:b ] ϕ 2 q i then τ i = ϕ 1 W [1:b ] ϕ 2. If ϕ 1 W [1:b+1] ϕ 2 q i then by def. of δ either {ϕ 1, ϕ 2 } q i+1 or {ϕ 1, ϕ 1 W [1:b] ϕ 2 } q i+1. if {ϕ 1, ϕ 2 } q i+1 then by IH 1 τ i+1 = ϕ 1 ϕ 2 and thus by prop. 4.5 τ i = ϕ 1 W [1:b+1] ϕ 2 ; if {ϕ 1, ϕ 1 W [1:b] ϕ 2 } q i+1 then by IH 1 τ i+1 = ϕ 1 and by IH 4 τ i+1 = ϕ 1 W [1:b] ϕ 2. Thus by prop. 4.5 τ i = ϕ 1 W [1:b+1] ϕ 2 ; ϕ is ϕ 1 W I ϕ 2 ϕ q i, and l(i) 1 we prove this by induction on l(i). [Base 5 ] l(i) = 1 is the previous case. [Step 5 ] The Induction Hypothesis (IH 5 ) states that for all I s.t. l(i) b, if ϕ 1 W I ϕ 2 q i then τ i = ϕ 1 W I ϕ 2. If ϕ 1 W I ϕ 2 q i then by def. of δ either ϕ 2 q i+1 or ϕ 1 W I 1 ϕ 2 q i+1. if ϕ 2 q i+1 by IH 1 τ i+1 = ϕ 2 and by prop. 4.4 τ i = ϕ 1 W I ϕ 2 ; if ϕ 1 W I 1 ϕ 2 q i+1 by IH 5 τ i+1 = ϕ 1 W I 1 ϕ 2. Thus by prop. 4.4 τ i = ϕ 1 W I ϕ 2 ; ϕ is ϕ 1 U [1: ] ϕ 2 ϕ q i, then F ϕ F and either ϕ 2 q i+1 or {ϕ 1, ϕ 1 U [1: ] ϕ 2 } q i+1. If ϕ 2 q i+1 then by IH 1 τ i+1 = ϕ 2 and by prop. 4.7 τ i = ϕ 1 U [1: ] ϕ 2. Suppose ϕ 2 / q j j > i then ϕ 1 U [1: ] ϕ 2 q j j > i. This would mean that the automaton A φ does not accept τ. Because the respective run of τ does not infinitely often visit the states of F ϕ. Thus there is always j > i such that ϕ 2 q j and for all i < j < j ϕ 1 q j, using IH 1 τ i = ϕ 1 U [1: ] ϕ 2. ϕ is ϕ 1 W [1: ] ϕ 2 ϕ q i, then either {ϕ 2, ϕ 1 } q i+1 or {ϕ 1, ϕ 1 W [1: ] ϕ 2 } q i+1. Then by IH 1 either τ j = ϕ 1 and τ j = ϕ 2 for some j > i and τ j = ϕ 1, i < j < j. Or τ j = ϕ 1 j > i in both cases τ i = ϕ 1 W [1: ] ϕ 2. By definition of A φ φ q 0 thus τ = φ and φ is satisfiable. Proposition 8. Given a state sequence τ and a formula φ in the normal form, if τ = φ then τ L(A φ ). 12

25 Proof. Suppose τ = φ, let ρ be our potential run in A φ, such that q i = {ϕ Closure(φ) : τ i = ϕ}. It is easy to check that q i Q. Let q i be the i th state of ρ, q i+1 be the next state and s i the set of propositions in q i. We prove that (q i, s i, q i+1 ) δ. Suppose ϕ q i ϕ P: τ i = ϕ then ϕ s i ϕ is ϕ 1 U I ϕ 2 : and l(i) > 1, τ i = ϕ then by prop. 4.1 τ i+1 = ϕ 1 (ϕ 1 U I 1 ϕ 2 ) thus {ϕ 1, ϕ 1 U I 1 ϕ 2 } q i+1 ; ϕ is ϕ 1 U [1:b] ϕ 2 : τ i = ϕ, by prop. 4.2 either τ i+1 = ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 U [1:b 1] ϕ 2 ) thus ϕ 2 q i+1 or {ϕ 1, ϕ 1 U [1:b 1] ϕ 2 } q i+1 ; ϕ is ϕ 1 U [1:1] ϕ 2 : τ i = ϕ, by prop. 4.3 τ i+1 = ϕ 2 thus ϕ 2 q i+1 ; ϕ is ϕ 1 W I ϕ 2 : and l(i) > 1, τ i = ϕ, by prop. 4.4 either τ i+1 = ϕ 2 or τ i+1 = ϕ 1 W I 1 ϕ 2 thus either ϕ 2 q i+1 or ϕ 1 W I 1 ϕ 2 q i+1 ; ϕ is ϕ 1 W [1:b] ϕ 2 : τ i = ϕ, by prop. 4.5 either τ i+1 = ϕ 1 ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 W [1:b 1] ϕ 2 ), thus either {ϕ 1, ϕ 2 } q i+1 or {ϕ 1, ϕ 1 W [1:b 1] ϕ 2 } q i+1 ; ϕ is ϕ 1 W [1:1] ϕ 2 : τ i = ϕ, by prop. 4.6 τ i+1 = ϕ 1 thus ϕ 1 q i+1 ; ϕ is ϕ 1 U [1: ] ϕ 2 : τ i = ϕ, by prop. 4.7 either τ i+1 = ϕ 2 or τ i+1 = ϕ 1 (ϕ 1 U [1: ] ϕ 2 ), thus either ϕ 2 q i+1 or {ϕ 1, ϕ 1 U [1: ] ϕ 2 } q i+1 ; ϕ is ϕ 1 W [1: ] ϕ 2 : τ i = ϕ, by prop. 4.8 either τ i+1 = ϕ 2 ϕ 1 or τ i+1 = ϕ 1 (ϕ 1 W [1: ] ϕ 2 ), thus either {ϕ 2, ϕ 1 } q i+1 or {ϕ 1, ϕ 1 W [1: ] ϕ 2 } q i+1. So we can conclude that ρ is indeed an infinite run over the states of A φ. Now we have to prove that τ is accepted by A φ, that is ρ is an accepting run. τ = φ so φ q 0, by definition of Q 0, q 0 Q 0. Thus ρ starts with an initial state. Suppose there is a formula ψ Closure(φ) such that ψ is ϕ 1 U [1: ] ϕ 2, then F ψ F. Suppose ρ does not visit the states of F ψ infinitely often. Then i : j i ϕ 2 / q j and ψ q j. Thus i : j i τ j = ϕ 2 and τ j = ψ. But by definition of the satisfaction relation, if τ i = ψ then there is j > i s.t. τ j = ϕ 2. So we conclude that ρ visits the states F ψ infinitely often. Finally, suppose there is no formula of the form ϕ 1 U [1: ] ϕ 2 Closure(φ), then A φ accepts all infinite runs and, in this case, ρ. Theorem 3. The proposed algorithm for checking the satisfiability of a formula φ of MIITL is O(2 N K ), where K is the biggest integer constant appearing in the formula and N is the number of propositions, conjunctions, disjunctions and temporal operators. Proof. The algorithm starts by transforming φ into the equivalent formula φ. Note that all transformations only create a constant number of new subformulas, thus φ is linear in the length of φ. Since the size of Closure(φ ) is O(N K) the number of states in A φ is O(2 N K ). 13

26 14

27 Chapter 4 PLTL PLT L (or LT L) was first introduced by Amir Pnueli [Pnu77] for program verification. This pioneer work brought numerous applications, such as model checking, temporal reasoning in medicine and in natural language processing, temporal databases, etc. Since then, there has been an extensive research on this subject. For instance in [GPSS80], Gabbay shows the decidability of PLT L and provides a sound and complete Hilbert-style axiom system, as well as a PSPACE-complete algorithm for the satisfiability problem. We now recall the syntax and semantics of PLTL as in [GHLN08]. Given a finite set P of propositions, formulas in PLTL are inductively defined as follows. ϕ ::= p ϕ ϕ ϕ ϕ Uϕ ϕ where p P, U is the Until operator and is the Next operator. Definition 19. A PLTL-structure M is a pair (N, V M ) where N is the set of natural numbers and V M : N 2 P maps each state n N into a subset of P. Definition 20. The truth of a formula ϕ in the state j of a PLTL-structure M, which is denoted by M, j = ϕ, is inductively defined as follows: M, j = ϕ, with ϕ P, ϕ V M (j); M, j = ϕ M, j = ϕ; M, j = ϕ ψ M, j = ϕ and M, j = ψ; M, j = ϕ M, j + 1 = ϕ; M, j = ϕ Uψ there is k j M, k = ψ and for every j i < k M, i = ϕ. Given a formula ϕ in the context of PLTL, we denote by n ϕ the formula that results by applying the operator n-times to ϕ. Note that given a PLTL-structure M and a formula ϕ, M, j = n ϕ M, j + n = ϕ. 15

28 16

29 Chapter 5 Equivalence between PLTL and MIITL 5.1 PLT L PLT L (or LT L) was first introduced by Amir Pnueli [Pnu77] for program verification. This pioneer work brought numerous applications, such as model checking, temporal reasoning in medicine and in natural language processing, temporal databases, etc. Since then, there has been an extensive research on this subject. For instance in [GPSS80], Gabbay shows the decidability of PLT L and provides a sound and complete Hilbert-style axiom system, as well as a PSPACE-complete algorithm for the satisfiability problem. We now recall the syntax and semantics of PLTL as in [GHLN08]. Given a finite set P of propositions, formulas in PLTL are inductively defined as follows. ϕ ::= p ϕ ϕ ϕ ϕ Uϕ ϕ where p P, U is the Until operator and is the Next operator. Definition 21. A PLTL-structure M is a pair (N, V M ) where N is the set of natural numbers and V M : N 2 P maps each state n N into a subset of P. Definition 22. The truth of a formula ϕ in the state j of a PLTL-structure M, which is denoted by M, j = ϕ, is inductively defined as follows: M, j = ϕ, with ϕ P, ϕ V M (j); M, j = ϕ M, j = ϕ; M, j = ϕ ψ M, j = ϕ and M, j = ψ; M, j = ϕ M, j + 1 = ϕ; M, j = ϕ Uψ there is k j M, k = ψ and for every j i < k M, i = ϕ. Given a formula ϕ in the context of PLTL, we denote by n ϕ the formula that results by applying the operator n-times to ϕ. 17

30 Note that given a PLTL-structure M and a formula ϕ, M, j = n ϕ M, j + n = ϕ. 5.2 Equivalence In this section we prove the equivalence between PLTL and our new logic MIITL, proving that both have the same expressive power. Proposition 9. In the context of MIITL we have that ϕ U [a:b] ψ, with a, b N, is equivalent to i 1 j=1 ϕ j). b i=a ( ψ i Proof. τ = (ϕ U [a:b] ψ) t [a : b] : τ t = ψ and t [1 : t 1] τ t = ϕ τ = b i=a i 1 ( ψ i ϕ j) j=1 Definition 23. Let ϕ be a formula of MIITL, over the set of propositions P, we define the formula ϕ in PLTL over the same set of propositions as follows: ϕ, if ϕ P ϕ is (ψ ) if ϕ is ψ (ϕ 1 ) (ϕ 2 ) if ϕ is ϕ 1 ϕ 2 b ( ( i (ϕ i 1 2 )) ( j (ϕ 1 ))) if ϕ is ϕ 1 U [a:b] ϕ 2 i=a j=1 ( a 1 ( ( ( i (ϕ 1 )) ( a (ϕ 2 )))) a+1 ( (ϕ 1 ) U(ϕ 2 )) a ) ( i (ϕ 1 )) if ϕ is ϕ 1 U [a: ] ϕ 2 i=1 i=1 Definition 24. Let ϕ be a formula of PLTL, over the set of propositions P, we define the formula ϕ in MIITL over the same set of propositions as follows: ϕ, if ϕ P ϕ is (ψ ) if ϕ is ψ (ϕ 1 ) (ϕ 2 ) if ϕ is ϕ 1 ϕ 2 (ψ ) 1, if ϕ is ψ (ϕ 1 ) ((ϕ 1 ) U [0: ] (ϕ 2 )) if ϕ is ϕ 1 Uϕ 2 Definition 25. Given a state sequence τ over the set of propositions P, we define the PLT L-structure M τ over the same set of propositions as follows: V Mτ (i) is the i th state of τ. Definition 26. Given a PLTL-structure M the state sequence τ M is (V M (0), V M (1), V M (2),...). Note that τ is τ Mτ and M is M τm. 18

31 Theorem 4. Let ϕ be a formula of PLTL and M a PLTL-structure, M, t = ϕ τ t M = ϕ. Proof. Proof done by induction on the complexity of ϕ. [Base] ϕ P: M, t = ϕ ϕ V M (t) ϕ s t τ t M = ϕ. [Step] ϕ is ψ: M, t = ϕ M, t = ψ M, t = ψ (IH) τ t M = ψ τ t M = (ψ ) τ t M = ϕ ; ϕ is ϕ 1 ϕ 2 : M, t = ϕ M, t = ϕ 1 and M, t = ϕ 2 (IH) τ t M = ϕ 1 and τt M = ϕ 2 τ t M = ϕ ; ϕ is ψ: M, t = ϕ M, t + 1 = ψ (IH) τ t+1 M = ψ τ t M = (ψ ) 1 τ t M = ϕ ; ϕ is ϕ 1 Uϕ 2 : M, t = ϕ there is k t M, k = ϕ 2 and for every t i < k M, i = ϕ 1 (IH) there is k t τ k M = ϕ 2 and for every t i < k τi M = ϕ 1 τt M = (ϕ 1 ) ((ϕ 1 ) U [0: ] (ϕ 2 )) τ t M = ϕ. Theorem 5. Let ϕ be a formula of MIITL and τ a state sequence, τ t = ϕ M τ, t = ϕ. Proof. Proof done by induction on the complexity of ϕ. [Base] ϕ P: τ t = ϕ ϕ s t ϕ V Mτ (t) M τ, t = ϕ. [Step] ϕ is ψ: τ t = ϕ τ t = ψ (IH) M τ, t = ψ M τ, t = (ψ ) M τ, t = ϕ ; ϕ is ϕ 1 ϕ 2 : τ t = ϕ τ t = ϕ 1 and τ t = ϕ 2 (IH) M τ, t = ϕ 1 and M τ, t = ϕ 2 M τ, t = ϕ ; ( b ϕ is ϕ 1 U [a:b] ϕ 2 : τ t = ϕ (prop. 9) τ t = i=a ( ϕ i 2 i 1 j=1 ϕ j 1) ) for some i {a,..., b} τ t = ϕ i 2 and for every j {1,..., i 1} τt = ϕ j 1 for some i {a,..., b} τt+i = ϕ 2 and for every j {1,..., i 1} τ t+j = ϕ 1 (IH) for some i {a,..., b} M τ, t + i = ϕ 2 and for every j {1,..., i 1} M τ, t + j = ϕ 1 M τ, t = b ( ( i (ϕ i 1 2 )) ( j (ϕ 1 ))) M τ, t = ϕ ; i=a ϕ is ϕ 1 U [a: ] ϕ 2 : τ t = ϕ s [a : ] : τ s+t = ϕ 2 and s [1 : t 1] τ s +t = ϕ 1 either 1. or 2. holds 1. τ a+t = ϕ 2 and τ t+s = ϕ 1 for all 0 < s < a (IH) M, t + a = ϕ 2 and M, t + s = ϕ 1 for all 0 < s < a M, t = a 1 i (ϕ 1 ) ( a (ϕ 2 )); i=1 2. s a + 1 : τ s+t = ϕ 2 and for all 0 < s < s τ s +t = ϕ 1 (IH) s a + 1 : M τ, s + t = ϕ 2 and for all 0 < s < s M τ, t + s = ϕ 1 s a t : M τ, s = ϕ 2, for all a t s < s M τ, s = ϕ 1 and for all 0 < s a M τ, t + s = ϕ 1 M, t + a + 1 = (ϕ 1 ) U (ϕ 2 ) and M, t = a i (ϕ 1 ) M, t = a i (ϕ 1 ) ( a+1 ((ϕ 1 ) U(ϕ 2 ))). i=1 i=1 j=1 19

32 Proposition 10. Let ϕ be a formula of MIITL, ϕ is equivalent to (ϕ ). Reciprocally let ψ be a formula of PLTL, ψ is equivalent to (ψ ). Proof. Let ϕ be a formula of MIITL and τ any state sequence. By theorem 5 τ = ϕ M τ, 0 = ϕ (theorem 4) τ Mτ = (ϕ ) (τ Mτ is τ) τ = (ϕ ). Let ψ be a formula of PLTL and M a PLTL-structure. By theorem 4 M, 0 = ψ τ M = ψ (theorem 5) M τm, 0 = (ψ ) (M τm is M) M, 0 = (ψ ). Corollary 1. Given a formula ϕ in the context of MIITL, ϕ is satisfiable in MIITL ϕ is satisfiable in PLTL. Proof. Suppose ϕ is satisfiable in the context of MIITL. Then there is τ, such that τ = ϕ. By theorem 5 M τ, 0 = ϕ, thus ϕ is satisfiable in the context of PLTL. Now suppose ϕ is satisfiable in the context of PLTL then there is a PLTL-structure M such that M, 0 = ϕ. By theorem 4 τ M = (ϕ ) and by proposition 10 τ M = ϕ. Corollary 2. Given a formula ϕ in the context of PLTL, ϕ is satisfiable in PLTL ϕ is satisfiable in MIIT L. Proof. Suppose ϕ is satisfiable in the context of PLTL then there is a PLTL-structure M such that M, 0 = ϕ. By theorem 4 τ M = ϕ. Now suppose ϕ is satisfiable in the context of MIITL then there is a state sequence τ such that τ = ϕ. By theorem 5 M τ, 0 = (ϕ ) and by proposition 10 M τ, 0 = ϕ. 20

33 Chapter 6 Strongly complete deductive calculus for MIITL In this section we explore the fragment MIITL of MIITL, where all Until operators are constrained over bounded intervals and having the same semantics as MIIT L. We propose a strongly complete Hylbert-style axiom system for this fragment. Let L be the set of all formulas in MIITL. Deduction We present the axioms and the rules of the axiom system for MIITL : a) (ϕ (ψ ϕ)); b) ((ϕ (ψ δ)) ((ϕ ψ) (ϕ δ))); c) ((( ϕ) ( ψ)) (ψ ϕ)); ( b 1. (ϕ U [a:b] ψ) k 2. ( (ϕ i ) ( ϕ) i ); i=a ( ψ i+k i 1 j=1 ϕ j+k)) ; 3. ((ϕ ψ) i (ϕ i ψ i )); 4. (ϕ 0 ϕ); for each ϕ, ψ, δ L and a, b, i, k N; together with Modus Ponens (MP) i.e the rule: ϕ (ϕ ψ) ψ. Definition 27. Given a formula ϕ L, a derivation sequence for Γ ϕ is a sequence (ψ 1, J 1 )...(ψ n, J n ) such that: 21

34 ψ i L; J i is a justification for ψ i, i.e. J i is either: Hyp, in which case ψ i Γ or; Ax j, in which case ψ i is an axiom of type j or; MP k 1, k 2, in which case k 1, k 2 < i, and ψ k1 is α and ψ k2 is (α ψ i ) for some α L ψ n is ϕ. In order to prove the completeness of the axiom system we need some auxiliary results. Theorem 6 (Metatheorem of deduction (MTD)). Let Γ be a set of formulas, if Γ {ψ} ϕ then Γ (ψ ϕ). Proof. Let w = (ψ 1, J 1 )...(ψ n, J n ) be a derivation sequence for Γ {ψ} ϕ. We show by induction on the length of w that there exists a derivation sequence w = (ψ 1, J 1 )...(ψ n, J n ) for Γ (ψ ϕ). [Base] J 1 is an hypothesis or an axiom. J 1 is an hypothesis and ϕ is not ψ. Then let w be: 1 ϕ Hyp 2 (ϕ (ψ ϕ)) Ax a) 3 (ψ ϕ) MP 1, 2 J 1 is an hypothesis and ϕ is ψ. Then let w be: 1 (ψ (ψ ψ)) Ax a) 2 (ψ ((ψ ψ) ψ)) Ax a) 3 ((ψ ((ψ ψ) ψ)) ((ψ (ψ ψ)) (ψ ψ))) Ax b) 4 ((ψ (ψ ψ)) (ψ ψ)) MP 2, 3 5 (ψ ψ) MP 1, 4 22

35 J 1 is an axiom. Then let w be: 1 ϕ Ax 2 (ϕ (ψ ϕ)) Ax a) 3 (ψ ϕ) MP 1, 2 [Step] J n is an hypothesis or an axiom, then the proof is similar as before. J n is MP i,k, then k is such that ψ k = (ψ i ϕ). Take the derivation sequences (ψ 1, J 1 )...(ψ i, J i ) and (ψ 1, J 1 )...(ψ k, J k ). Then by induction hypothesis there are derivation sequences w with length u and w with length v for Γ (ψ ψ i ) and Γ (ψ (ψ i ϕ)), respectively. Let w be the concatenation of w and w concatenated with the following steps: u + v + 1 ((ψ (ψ i ϕ)) ((ψ ψ i ) (ψ ϕ))) Ax b) u + v + 2 ((ψ ψ i ) (ψ ϕ)) MP u + v, u + v + 1 u + v + 3 (ψ ϕ) MP u, u + v + 2 Definition 28. Given a set of formulas Γ, Γ is said to be consistent if there is no formula ϕ L such that Γ ϕ and Γ ( ϕ). Proposition 11. Let Γ be a set of formulas, if Γ is inconsistent, then Γ ψ, for all ψ L. Proof. Γ is inconsistent so Γ ϕ and Γ ( ϕ), for some ϕ L. Let ψ L and consider the following derivation sequence for Γ {ϕ, ϕ} ψ. 23

36 1 ϕ Hyp 2 ( ϕ) Hyp 3 ( ( ψ)) ψ Thm 4 ( ϕ) (ϕ ( ϕ)) Ax a) 5 ϕ ( ϕ) MP 2, 4 6 ϕ (( ψ) ϕ) Ax a) 7 (( ψ) ϕ) MP 1, 6 8 (( ψ) ϕ) (( ϕ) ( ( ψ))) Ax c) 9 ( ϕ) ( ( ψ)) MP 7, 8 10 ( ( ψ)) MP 2, 9 11 ψ MP 10, 3 Then, since Γ ϕ and Γ ( ϕ), we conclude that Γ ψ. Proposition 12. Let Γ be a set of formulas and ϕ L, if Γ ( ϕ) then Γ {ϕ} is consistent. Proof. The proof is done by contraposition. Assume that Γ {ϕ} is not consistent, then by proposition 11 Γ {ϕ} ( ϕ). Using MTD, it follows that Γ (ϕ ( ϕ)). It is easy to check that ((ϕ ( ϕ)) ( ϕ)) is a theorem. So by applying MP, Γ ( ϕ). Proposition 13. Let Γ be a consistent set of formulas and ϕ L, if Γ ϕ then Γ {ϕ} is consistent. Proof. Suppose that Γ is consistent, Γ ϕ and Γ {ϕ} is not consistent. Thus there is a formula ψ such that Γ {ϕ} ψ and Γ {ϕ} ( ψ). So by MTD Γ (ϕ ψ) and Γ (ϕ ( ψ)). Γ ϕ is a hypothesis thus Γ ψ and Γ ( ψ) that is Γ is inconsistent. Definition 29. A set Γ L is said to be maximal consistent (MCS) if it is consistent and none of its proper extensions is consistent. Proposition 14. Let Γ be an MCS, then ϕ Γ ϕ / Γ, for all ϕ L. Proof. ( ) ϕ Γ, suppose that ϕ Γ, then Γ would be inconsistent. ( ) ϕ / Γ. Suppose that Γ ( ϕ) then by proposition 13, Γ { ϕ} is consistent. This would mean that Γ has a proper consistent extension, which contradicts the hypothesis that Γ is an MCS. So Γ ( ϕ) and by proposition 12 Γ {ϕ} is consistent. Hence ϕ Γ since Γ has no proper consistent extensions. Proposition 15. Let Γ be an MCS, then ϕ Γ Γ ϕ, for all ϕ L. Proof. ( ) ϕ Γ then clearly Γ ϕ using hypothesis as derivation sequence. 24

37 ( ) Γ ϕ then by proposition 13 Γ {ϕ} is consistent. Suppose ϕ / Γ then there would exist a proper consistent extension of Γ. Soundness We want to prove that all axioms are valid, that is, for each axiom, all state sequences satisfy it. Proposition 16. Axioms a), b) and c) are sound. These three axioms are the classical propositional calculus axioms. So we omit the proof of proposition 16 since it is standard. Proposition 17. Axiom 1. is sound. Proof. Let τ be any state sequence. Observe that τ = (ϕ U [a:b] ψ) k (prop. 1) τ k = ϕ U [a:b] ψ t [a : b] : τ t+k = ψ and t [1 : t 1] τ t +k = ϕ for some i {a,..., b} τ i+k = ψ and for every j {1,..., i 1} τ j+k = ϕ (prop. 1) for some i {a,..., b} τ = ψ i+k and for every j {1,..., i 1} τ = ϕ j+k τ = b i=a i 1 ( ψ i+k j=1 ϕ j+k) Proposition 18. Axiom 2. is sound. Proof. Let τ be any state sequence. Observe that τ = (ϕ i ) τ = ϕ i (prop. 1) τ i = ϕ τ i = ( ϕ) (prop. 1) τ = ( ϕ) i Proposition 19. Axiom 3. is sound. 25

38 Proof. Let τ be any state sequence. Observe that τ = (ϕ 1 ϕ 2 ) i (prop. 1) τ i = ϕ 1 ϕ 2 τ i = ϕ 1 and τ i = ϕ 2 (prop. 1) τ = ϕ i 1 and τ = ϕi 2 τ = (ϕ i 1 ϕi 2 ) Proposition 20. Axiom 4. is sound. Proof. Let τ be any state sequence. Observe that τ = ϕ 0 (prop. 1) τ 0 = ϕ τ = ϕ Proposition 21. The Modus Ponens rule is sound. We omit the proof of proposition 21, since it follows a standard way. Corollary 3. The Calculus for MIITL is sound. Completeness In order to prove completeness we build an MCS from any consistent set of formulas, as well as a state sequence that satisfies it. Definition 30. Let g : N L be a enumeration of all formulas in MIITL. Definition 31. Let Γ be a set of formulas, Γ + is defined as follows: Γ 0 = Γ. Γ i {g(i)} Γ i+1 = Γ + = Γ i i=0 Γ i Γ i ( g(i)) otherwise Proposition 22. Let Γ be a consistent set of formulas, then Γ + is a maximal consistent set. 26

39 Proof. First we prove by induction that Γ i is consistent, for i N. [Base] Γ 0 is consistent by hypothesis. [Step] If Γ i+1 = Γ i, by induction hypothesis Γ i+1 is consistent. If Γ i+1 = Γ i {g(i)}, Γ i ( g(i)), so by proposition 12, Γ i+1 is consistent. Now we prove by contradiction that Γ + is consistent. Suppose Γ + is not consistent. Then there is a finite set Ψ Γ s.t., for some ϕ, Ψ ϕ and Ψ ( ϕ). Let m be such that Ψ Γ m. But we proved that Γ m is consistent and Ψ Γ m, so Ψ is consistent, which contradicts the assumption. As before, we prove by contradiction that Γ + is an MCS. Suppose that it is not an MCS. Then there is ϕ Γ + and {ϕ} Γ + is consistent. Let m be such that ϕ = g(m), ϕ / Γ m+1, thus Γ m ( ϕ). That would mean that {ϕ} Γ + ϕ and {ϕ} Γ + ϕ, which implies that {ϕ} Γ + is inconsistent, contradicting what we proved before. Lemma 1. Let Γ be a maximal consistent set of formulas and k N, then: 1. ϕ k Γ ( ϕ) k / Γ. 2. (ϕ 1 ϕ 2 ) k Γ {ϕ k 1, ϕk 2 } Γ. 3. (ϕ U [a:b] ψ) k Γ for some t [a : b] : ψ t+k Γ and for all t [1 : t 1] ϕ t +k Γ. Proof. Property 1. ( ) Suppose ϕ k Γ, then by consistency (ϕ k ) / Γ. Now suppose ( ϕ) k Γ, using axiom 2. (ϕ k ) Γ contradicting the assumption. So ( ϕ) k / Γ. ( ) Suppose ( ϕ) k / Γ. If ϕ k / Γ then by maximal consistency (ϕ k ) Γ and using axiom 2. ( ϕ) k Γ, contradiction. So ϕ k Γ, For property 2. ( ) Suppose (ϕ 1 ϕ 2 ) k Γ, then by axiom 3. ϕ k 1 ϕk 2 Γ. Which implies that {ϕk 1, ϕk 2 } Γ. ( ) Suppose {ϕ k 1, ϕk 2 } Γ, then ϕk 1 ϕk 2 Γ. Using axiom 3. (ϕ 1 ϕ 2 ) k Γ. For property 3. ( ) Suppose (ϕ U [a:b] ψ) k Γ. Axiom 1. states that (ϕ U [a:b] ψ) k by MP Γ b i=a ( ψ i+k i 1 j=1 ϕ j+k). By proposition 15 b i=a b i=a ( ψ i+k i 1 j=1 ϕ j+k) thus ( ψ i+k i 1 ϕ j+k) Γ. Γ is an MCS, hence ψ i+k i 1 ϕ j+k Γ for some i [a : b]. Thus there is i [a : b] : ψ i+k Γ and j=1 j [1 : i 1] ϕ j+k Γ. ( ) Suppose that t [a : b] : ψ t+k Γ and t [1 : t 1] ϕ t +k Γ. Take the least t s.t. ψ t+k Γ and t [a : b] then ϕ t +k Γ t [1 : t 1]. Γ is an MCS, thus ψ t+k t 1 ϕ j+k Γ, so, clearly b i=a (ϕ 1 U [a:b] ϕ 2 ) k Γ. ( ψ i+k i 1 j=1 ϕ j+k) Γ. By axiom 1. Γ (ϕ 1 U [a:b] ϕ 2 ) k and by proposition 15 j=1 j=1 27

40 Now we define a state sequence for every MCS. Definition 32. p(γ, i) = {ϕ : ϕ i Γ, ϕ P}. Definition 33. Let τ Γ be the state sequence, s.t. τ Γ = (p(γ, 0), p(γ, 1), p(γ, 2),...). Theorem 7. Let Γ be an MCS then τ i Γ = ϕ ϕi Γ, for all ϕ L. Proof. Proof done by strong induction on the complexity of ϕ. [Base] ϕ is a proposition: τ i Γ = ϕ ϕ s i ϕ p(γ, i) ϕ i Γ [Step] ϕ is ψ: τ i Γ = ψ τ i Γ = ψ ψ i / Γ ( ψ) i Γ (IH) (property 1. of lemma 1) ϕ i Γ ϕ is ϕ 1 ϕ 2 : τ i Γ = ϕ 1 ϕ 2 τ i Γ = ϕ 1 and τ i Γ = ϕ 2 ϕ i 1 Γ and ϕi 2 Γ (IH) (property 2. of lemma 1) (ϕ 1 ϕ 2 ) i Γ ϕ is ϕ 1 U I ϕ 2 and I = [a : b]: τ i Γ = ϕ 1 U I ϕ 2 t [a : b] : τ i+t Γ = ϕ 2 and t [1 : t 1] τ i+t Γ = ϕ 1 (IH) t [a : b] : ϕ i+t 2 Γ and t [1 : t 1] ϕ i+t 1 Γ (property 3. of lemma 1) (ϕ 1 U I ϕ 2 ) i Γ 28

41 Corollary 4. Let Γ L, if Γ is consistent, then Γ + ϕ τ Γ + = ϕ, for every formula ϕ L. Proof. Suppose Γ is consistent. By proposition 22 Γ + is a maximal consistent set. By theorem 7 τ i Γ + = ϕ ϕ i Γ +, for all ϕ L. Thus for i = 0 and using axiom 4., τ Γ + = ϕ ϕ Γ +. By proposition 15 τ Γ + = ϕ Γ + ϕ, for all ϕ L. Now we are able to prove that the given axiom system is strongly complete. Theorem 8 (Strong Completeness). If Γ = ϕ, then Γ ϕ. Proof. Suppose Γ = ϕ, assume by contradiction that Γ ϕ then Γ ( ( ϕ)) then (prop. 12) Γ { ϕ} is consistent then (cor. 4) Let Ψ = Γ { ϕ} τ Ψ + = Γ τ Ψ + = ϕ then (def. entailed satisfaction) Hence Γ = ϕ 29

42 30

43 Chapter 7 Relation between MITL and MIITL MITL MITL is the fragment of MITL where all the Until operators are constrained by bounded intervals of the type [a, b]. Relationship In this section we show that MITL and MIITL have many similarities. Indeed, we prove that for every formula ϕ in MITL there is a formula ϕ in MIITL, such that ϕ is satisfiable in the context of MITL ϕ is satisfiable in the context of MIITL. Definition 34. Given a rational timed state sequence σ = (s, I), D σ = {n N : for all I i in I there is k Z s.t. l(i i ) = k n }. Note that given a rational timed state sequence σ = (s, I), for all I i in I, r(i i ) = l(i i+1 ). This is the reason why the definition of D σ only considers the left endpoints of intervals. Definition 35. Given a rational timed state sequence σ = (s, I), we define its least common multiple (LCM σ ) as the minimum of D σ, if D σ ;, if D σ =. Intuitively, for every rational timed state sequence σ with finite LCM σ, its LCM σ is the smallest natural number such that for every interval I i in σ s interval sequence, l(i i ) = j/lcm σ, for some j N and r(i i ) = k/lcm σ, for some k N. Recall the definition of σ in definition 3. Proposition 23. Let σ be a rational timed state sequence with LCM σ equal to m. For all a N and for all t, t ] a m, a+1 [ m, σ (t) = σ (t ). 31

44 Proof. t ] a m, a+1 [ m thus t = a+ɛ m, ɛ ]0, 1[. Suppose t I i. By definition of least common multiple l(i i ) = m k and l(i i+1) = k m for some k, k N. If k = k then I i = { } k m, which contradicts the hypothesis, because a+ɛ m I i. Hence k > k and thus ] a m, a+1 [ m Ii. Definition 36. Given a formula ϕ in the context of MITL, we define its least common multiple (LCM ϕ ) as the minimum of the LCM σ of all rational timed state sequences σ that satisfy ϕ. It is important to note that not every rational timed state sequence σ has a finite least common multiple. For example, suppose p P and let σ = (s, I), s = ({p}, {p},...) and I = ([0, 1.1[, [1.1, 2.01[, [2.01, 3.001[, [3.001, [,...). σ clearly has an infinite least common multiple. Imposing that all formulas in the context of MITL have a finite least common multiple would be a very bold statement. Lemma 2. Let σ = (s, I) be a rational timed state sequence with least common multiple equal to m, let r and r be two rationals s.t. r, r ] a m, a+1 [ m, for some a N. Then σ r = Q ϕ σ r = Q ϕ, for any formula ϕ in MITL. Proof. Proof done by induction on the complexity of ϕ. [Base] ϕ is a proposition: σ r = Q ϕ ϕ σ (r) (prop. 23) ϕ σ (r ) σ r = Q ϕ. [Step] ϕ is ψ: σ r = Q ϕ σ r = Q ψ (IH) σ r = Q ψ σ r = Q ψ σ r = Q ϕ; ϕ is ϕ 1 ϕ 2 : σ r = ϕ σ r = Q ϕ 1 and σ r = ϕ 2 (IH) σ r = Q ϕ 1 and σ r = Q ϕ 2 σ r = Q ϕ; ϕ is ϕ 1 U [c,d] ϕ 2 : σ r = Q ϕ t [c, d] : σ r+t = Q ϕ 2 and t ]0, t[ σ r+t t [c, d] + r : σ t = Q ϕ 2 and t ]r, t[ σ t = Q ϕ 1 either 1., 2. or 3. holds = Q ϕ 1 there is 1. t [c, d] + r then (IH) t [c, d] + r : σ t = Q ϕ 2 and t ]r, t[ σ t = Q ϕ 1 ; 2. t < c + r. t [c, d] + r then t c + r and thus t [c + r, c + r [. c is an integer thus [c + r, c + r [ ] b m, b+1 [ m, for some b N. By IH σ c+r = Q ϕ 2 and σ t = Q ϕ 1 t ]r, c + r [; 3. t > d + r. t [c, d] + r then t d + r and thus t ]d + r, d + r]. d is an integer thus ]d + r, d + r] ] b m, b+1 [ m, for some b N. By IH σ d+r = Q ϕ 2 and σ t = Q ϕ 1 t ]r, d + r [. Clearly 1., 2. or 3. hold σ r = Q ϕ. Definition 37. In the context of MITL, given a timed state sequence σ = (s, I) and a natural n with n I i, σ /n is the following state sequence ( s, Ī ), s = (s 0, s 1,..., s i 1, s i, s i, s i...) and Ī = (I 0, I 1,..., I i 1, I i [0, n], ]n, n + 1], ]n + 1, n + 2],...). Proposition 24. Let ϕ be a formula in the context of MITL and σ a rational timed state sequence such that σ /n = Q ϕ, for some n N. Then ϕ has a finite least common multiple. Proof. Suppose σ /n = (s, I ), n I j and for all I i in I l(i i ) = a i b i. Let m = Thus D σ/n and the least common multiple of σ /n is finite. j b i, clearly m D σ/n. i=0 32

45 Definition 38. Given a natural number m we define: 2a, i = m a h m : R 0 N, s.t. h m (i) =, a N 2 im + 1, otherwise Definition 39. Given an interval I and m N, we extend the definition of h m as follows: h m (I) = {j N : j = h m (i) and i I}. Definition 40. Given a formula ϕ in the context of MITL and natural numbers n and m, we define the formula g n m(ϕ) in the context of MIITL as follows: g n m(ϕ) is ( g i+n m 2bm (ϕ 2 ) i n+i n i=2am j=n n n 1, n is even where for all n N, n = n n is odd ϕ, ϕ P g n m(ψ), ϕ is ψ g n m(ϕ 1 ) g n m(ϕ 2 ), ϕ is ϕ 1 ϕ 2 g j+n m (ϕ 1 ) j) ϕ is ϕ 1 U [a,b] ϕ 2 Proposition 25. Given a formula ϕ 1 U [a,b] ϕ 2, a state sequence τ and two natural numbers n, m. We have that τ n = g n m(ϕ 1 U [a,b] ϕ 2 ) t [2am : 2bm] + n s.t. τ t = g t m(ϕ 2 ) and if n and t are even then t [n + 1 : t 1] τ t = g t m(ϕ 1 ); if n is even and t is odd then t [n + 1 : t] τ t = g t m(ϕ 1 ); if n and t are odd then t [n : t] τ t = g t m(ϕ 1 ); if n is odd and t is even then t [n : t 1] τ t = g t m(ϕ 1 ). Proof. We consider 2 cases. n is even, thus n n = 1. τ n = g n m(ϕ) τ n = i [2am : 2bm] s.t. τ n = g i+n m s.t. τ t = g t m(ϕ 2 ) and τ = t j=n+1 2bm i=2am (ϕ 2 ) i and τ n = i+n n j=1 ( g i+n m g j m(ϕ 1 ) j, 1. or 2. holds (ϕ 2 ) i i+n n j=1 g j+n m (ϕ 1 ) j) there is g j+n m (ϕ 1 ) j there is t [2am : 2bm] + n 1. if t is even, then t = t 1. t [2am : 2bm] + n s.t. τ t = g t m(ϕ 2 ) and t [n + 1 : t 1] τ t = g t m(ϕ 1 ); g t m(ϕ 1 ). 2. if t is odd, then t = t. t [2am : 2bm] + n s.t. τ t = g t m(ϕ 2 ) and t [n + 1 : t] τ t = n is odd, thus n n = 0. τ n = g n m(ϕ) τ n = i [2am : 2bm] s.t. τ n = g i+n m s.t. τ t = g t m(ϕ 2 ) and τ = t j=n 2bm i=2am (ϕ 2 ) i and τ n = i+n n j=0 g j m(ϕ 1 ) j, 1. or 2. holds 33 ( g i+n m (ϕ 2 ) i i+n n j=0 gm j+n (ϕ 1 ) j) there is g j+n m (ϕ 1 ) j there is t [2am : 2bm] + n