Monodic Temporal Resolution

Size: px

Start display at page:

Download "Monodic Temporal Resolution"

Gabriella Knight
5 years ago
Views:

1 Monodic Temporal Resolution ANATOLY DEGTYAREV Department of Computer Science, King s College London, London, UK. and MICHAEL FISHER and BORIS KONEV Department of Computer Science, University of Liverpool, Liverpool, UK. ÍÒØÐ ÖÒØÐÝ Ö Ø¹ÇÖÖ ÌÑÔÓÖÐ ÄÓ ÇÌÄµ Ò ÓÒÐÝ ÔÖØÐÐÝ ÙÒÖ ØÓÓº ÏÐ Ø ÛÐÐ ÒÓÛÒ ØØ Ø ÙÐÐ ÐÓ ÒÓ ÒØ ÜÓÑØ ØÓÒ ÑÓÖ ØÐ ÒÐÝ Ó ÖÑÒØ Ó Ø ÐÓ Û ÒÓØ ÔÖÚÓÙ ÐÝ ÚÐÐº ÀÓÛÚÖ ÖØÖÓÙ Ý ÀÓÒ ÓÒ ØºÐº ÒØÝÒ ÒØÐÝ ÜÓÑØ Ð ÖÑÒØ ØÖÑ Ø ÑÓÒÓ ÖÑÒØ Ð ØÓ ÑÔÖÓÚ ÙÒÖ ØÒÒ Ó ÇÌÄº Ø Ò ÓÖÖ ØÓ ÙØÐ Ø ØÓÖØÐ ÚÒ Ø ÑÔÓÖØÒØ ØÓ Ú ÔÔÖÓÔÖØ ÔÖÓÓ ØÒÕÙ ÓÖ Ø ÑÓÒÓ ÖÑÒØº ÁÒ Ø ÔÔÖ Û ÑÓÝ Ò ÜØÒ Ø ÐÙ Ð ØÑÔÓÖÐ Ö ÓÐÙØÓÒ ØÒÕÙ ÓÖÒÐÐÝ ÚÐ¹ ÓÔ ÓÖ ÔÖÓÔÓ ØÓÒÐ ØÑÔÓÖÐ ÐÓ ØÓ ÒÐ Ø Ù Ò Ù ÑÓÒÓ ÖÑÒØ º Ï ÚÐÓÔ Ô ÒÓÖÑÐ ÓÖÑ ÓÖ ÑÓÒÓ ÓÖÑÙÐ Ò ÇÌÄ Ò ÔÖÓÚ ÓÑÔÐØ Ö ÓÐÙØÓÒ ÐÙÐÙ ÓÖ ÓÖÑÙÐ Ò Ø ÓÖÑº ÆÓØ ÓÒÐÝ Ø ÐÙ Ð Ö ÓÐÙØÓÒ ØÒÕÙ Ù ÙÐ ÔÖØÐ ÔÖÓÓ ØÒÕÙ ÓÖ ÖØÒ ÑÓÒÓ Ð ÙØ Ø Ù Ó Ø ÔÔÖÓ ÔÖÓÚ Ù ÛØ ÒÖ ÙÒÖ ØÒÒ Ó Ø ÑÓÒÓ ÖÑÒØº ÁÒ ÔÖØÙÐÖ Û Ö ÓÛ ÓÛ ÚÖÐ ØÙÖ Ó ÑÓÒÓ ÇÌÄ Ò ØÐ ÓÖÓÐÐÖ Ó Ø ÓÑÔÐØÒ Ö ÙÐØ ÓÖ Ø ÐÙ Ð ØÑÔÓ¹ ÖÐ Ö ÓÐÙØÓÒ ÑØÓº Ì ÒÐÙ ÒØÓÒ Ó ÒÛ Ð ÑÓÒÓ Ð ÑÔÐ ØÓÒ Ó Ü ØÒ ÑÓÒÓ Ð Ý ÖÙØÓÒ Ò ÓÑÔÐØÒ Ó ÐÙ Ð ØÑÔÓÖÐ Ö ÓÐÙØÓÒ Ò Ø Ó ÑÓÒÓ ÐÓ ÛØ ÜÔÒÒ ÓÑÒ ÛØ ÑÙ Ò Ò Ò ÓØ ØÓÖÝ Ò ÔÖØº Categories and Subject Descriptors: F.4.1 [MATHEMATICAL LOGIC AND FORMAL LANGUAGES]: Mathematical Logic Temporal logic; F.4.1 [MATHEMATICAL LOGIC AND FORMAL LANGUAGES]: Mathematical Logic Mechanical theorem proving; I.2.3 [ARTIFICIAL INTELLIGENCE]: Deduction and Theorem Proving Resolution ÒÖÐ ÌÖÑ ÌÓÖÝ ÐÓÖØÑ ÎÖ ØÓÒ ØÓÒÐ ÃÝ ÏÓÖ Ò ÈÖ ÌÑÔÓÖÐ ÄÓ ÙØÓÑØ ÌÓÖÑ ÈÖÓÚÒ Ê ÓÐÙØÓÒ 1. INTRODUCTION Temporal Logic has achieved a significant role in Computer Science, in particular, within the formal specification and verification of concurrent and distributed systems [Pnueli 1977; Manna and Pnueli 1992; Holzmann 1997]. While First-Order Temporal Logic (ÇÌÄ) is a very powerful and expressive formalism in which the specification of many algorithms, protocols and computational systems can be given at the natural level of abstraction, most of the temporal logics used remain essentially propositional. The reason for Permission to make digital/hard copy of all or part of this material without fee for personal or classroom use provided that the copies are not made or distributed for profit or commercial advantage, the ACM copyright/server notice, the title of the publication, and its date appear, and notice is given that copying is by permission of the ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists requires prior specific permission and/or a fee. c 20TBD ACM /20TBD/ $5.00 ACM Transactions on Computational Logic, Vol. TBD, No. TBD, TBD 20TBD, Pages 1 40.

2 this is that it is easy to show that ÇÌÄ is, in general, incomplete (that is, not recursivelyenumerable [Szalas and Holenderski 1988]). In fact, until recently, it has been difficult to find any non-trivial fragment of ÇÌÄ that has reasonable properties. A breakthrough by Hodkinson et. al. [Hodkinson et al. 2000] showed that monodic fragments of ÇÌÄ could be complete, even decidable. (In spite of this, the addition of equality or function symbols can again lead to the loss of recursively enumerability from these monodic fragments [Wolter and Zakharyaschev 2002a; Degtyarev et al. 2002].) Following the definition of the monodic fragment, work analysing and extending this fragment has continued rapidly, and holds great promise for increasing the power of logic-based formal methods. However, until recently, there were no proof techniques for monodic fragments of ÇÌÄs. Although a tableaux based approach was proposed in [Kontchakov et al. 2004], we here provide a complete resolution calculus for monodic ÇÌÄ, based on our work on clausal temporal resolution over a number of years [Fisher 1991; Fisher et al. 2001; Degtyarev and Fisher 2001; Degtyarev et al. 2002; 2003b]. The clausal resolution technique has been shown to be one of the most effective proof techniques for propositional temporal logics [Hustadt and Konev 2003], and we have every reason to believe that it will be as least as successful in the case of ÇÌÄ; this paper provides the key formal background for this approach. The structure of the paper is as follows. After a brief introduction to ÇÌÄ (Section 2), we define a normal form that will be used as the basis of the resolution technique and show that any monodic temporal problem can be transformed into the normal form (Section 3). In Section 4 we present the temporal resolution calculus and, in Section 5, we provide detailed completeness results. In Sections 6 and 7, we adapt the resolution technique to a number of variations of monodic ÇÌÄ, whose completeness follows from the corresponding adaptation of the completeness results given in Section 5. Thus, in Section 6, we provide an extension of the monodic fragment (as defined in [Hodkinson et al. 2000]) and, in Section 7, we restrict first-order quantification in a number of ways to provide sub-classes which admit simplified clausal resolution techniques. In the penultimate part of the paper, we examine results relating to the practical use of the clausal resolution calculus. The first such aspect concerns decidability, which we consider in Section 8. An appropriate loop search algorithm is required for implementation of the clausal resolution technique, and the definition and completeness of such an algorithm is examined in Section 9. In order to develop a practical clausal resolution system, as well as examining a fragment with important applications and a simplified normal form, we present results relating to resolution over the monodic fragment with expanding domains in Section 10. This provides the basis for the system currently being implemented [Konev et al. 2003b]. Finally, in Section 12, we present conclusions and outline our future work. 2. FIRST-ORDER TEMPORAL LOGIC First-Order (linear time) Temporal Logic, ÇÌÄ, is an extension of classical first-order logic with operators that deal with a linear and discrete model of time (isomorphic to Æ, and the most commonly used model of time). 2

3 2.1 Syntax of ÇÌÄ The first-order temporal language is constructed in a standard way [Fisher 1997; Hodkinson et al. 2000] from: predicate symbols È È ½ each of which is of some fixed arity (N.B., null-ary predicate symbols are called propositions); individual variables Ü Ü ½ ; individual constants ½ (N.B., there is no equality operator defined and, while constants are present, no other function symbols are allowed in this ÇÌÄ language); boolean operators,,, µ, true ( true ), false ( false ); quantifiers and ; together with temporal operators ( always in the future ), ( sometime in the future ), ( at the next moment ), Í (until), and Ï (weak until). Definition 2.1 Atomic Formulae and Literals. An atomic formula of ÇÌÄ is defined as È Ø ½ Ø Ò µ, where È is a predicate symbol with arity Ò, and each Ø is either an individual constant or an individual variable. A literal is either an atomic formula or the negation of an atomic formula. Definition 2.2 Well-Formed Formulae. The set of well-formed formulae of ÇÌÄ, WFF ÇÌÄ is defined as follows: false, true and any atomic formula is in WFF ÇÌÄ ; if is in WFF ÇÌÄ then so are,,, and ; if is in WFF ÇÌÄ and Ü is an individual variable, then Ü and Ü are also in WFF ÇÌÄ ; if and are in WFF ÇÌÄ then so are,, µ,, Í, and Ï. For a given formula,, ÓÒ Ø µ denotes the set of constants occurring in. We write Üµ to indicate that Üµ has at most one free variable Ü (if not explicitly stated otherwise). As usual, a closed formulae is one with no free variables. From now on, we deal exclusively with well-formed formulae of ÇÌÄ. 2.2 Semantics of ÇÌÄ Formulae in ÇÌÄ are interpreted in first-order temporal structures of the form Å Á, where is a non-empty set, the domain of Å, and Á is a function associating with every moment of time, Ò Æ, an interpretation of predicate and constant symbols over. We require that the interpretation of constants is rigid. Thus, for every constant and all moments of time, we have Á µ Á µ. The interpretation of predicate symbols is flexible. A (variable) assignment over is a function from the set of individual variables to. For every moment of time, Ò, there is a corresponding first-order structure Å Ò Á Ò, where Á Ò Á Òµ. Intuitively, ÇÌÄ formulae are interpreted in sequences of worlds, Å Å ½ with truth values in different worlds being connected by means of temporal operators. 3

4 The truth relation Å Ò in a structure Å, for an assignment, is defined inductively in the usual way under the following understanding of temporal operators: Å Ò true Å Ò false Å Ò È Ø ½ Ø Ñ µ iff Á Ò Ø ½µ Á Ò Ø Ñµ Á Ò È µ where Á Ò Ø µ Á Ò Ø µ if Ø is a constant, and Á Ò Ø µ Ø µ if Ø is a variable iff Å Ò iff Å Ò and Å Ò iff Å Ò or Å Ò Å Ò Å Ò Å Ò Å Ò µ iff Å Ò µ Å Ò iff Å Ò µ µ µ µµ Å Ò iff Å Ò ½ Å Ò iff there exists Ñ Ò such that Å Ñ Å Ò iff for all Ñ Ò, Å Ñ Å Ò Íµ iff there exists Ñ Ò, such that Å Ñ and for all Æ, Ò Ñ implies Å Ñ Å Ò Ïµ iff Å Ò Íµ or Å Ò Å is a model for a formula (or is true in Å) if there exists an assignment such that Å. A formula is satisfiable if it has a model. A formula is valid if it is true in any temporal structure under any assignment. We say that a formula is a logical consequence of formula, denoted, if for every structure Å such that Å we also have Å. This logic is complex. It is known that even small fragments of ÇÌÄ, such as the twovariable monadic fragment (all predicates are unary), are not recursively enumerable [Merz 1992; Hodkinson et al. 2000]. However, the set of valid monodic formulae is known to be finitely axiomatisable [Wolter and Zakharyaschev 2002a]. Definition 2.3 Monodic Formula. An ÇÌÄ-formula is called monodic if any subformulae of the form Ì, where Ì is one of,, (or ½ Ì, where Ì is one of Í, Ï), contains at most one free variable. Example 2.4. The formulae are monodic, whereas the formula is non-monodic. Ü ÝÈ Ü Ýµ and Ü È Ü µ Ü Ý È Ü Ýµ µ È Ü Ýµµ The addition of either equality or function symbols to the monodic fragment leads to the loss of recursive enumerability [Wolter and Zakharyaschev 2002a]. Moreover, it was proved in [Degtyarev et al. 2002] that the two variable monadic monodic fragment with equality is not recursively enumerable. However, in [Hodkinson 2002] it was shown that the guarded monodic fragment with equality is decidable. 3. DIVIDED SEPARATED NORMAL FORM (DSNF) As in the case of classical resolution, our method works on temporal formulae transformed into a normal form. The normal form we use follows the spirit of Separated Normal Form 4

5 (SNF) [Fisher 1991; Fisher et al. 2001] and First-Order Separated Normal Form (SNF ) [Fisher 1992; 1997], but is refined even further. The development of SNF/SNF was partially devised in order to separate past, present and future time temporal formula (inspired by Gabbay s separation result [Gabbay 1987]). Thus, formulae in SNF/SNF comprise implications with present-time formulae on the left-hand side and (present or) future formulae on the right-hand side. The transformation of temporal formulae into separated form is based upon the well-known renaming technique [Tseitin 1983; Plaisted and Greenbaum 1986], which preserves satisfiability and admits the extension to temporal logic in (Renaming Theorems [Fisher 1997]). Another aim with SNF/SNF was to reduce the variety of temporal operators used to a simple core set. To this end, the transformation to SNF/SNF involves the removal of temporal operators represented as maximal fixpoints, that is, and Ï (Maximal Fixpoint Removal Theorems [Fisher 1997]). Note that the Í operator can be represented as a combination of operators based upon maximal fixpoints and the operator (which is retained within SNF/SNF ). This transformation is based upon the simulation of fixpoints using QPTL [Wolper 1982; Kesten and Pnueli 1995]. In the first-order context, we now add one further aim, namely to divide the temporal part of a formula and its (classical) first-order part in such way that the temporal part is as simple as possible. The modified normal form is called Divided Separated Normal Form or DSNF for short. Definition 3.1 Temporal Step Clauses. A temporal step clause is a formula either of the form Ð µ Ñ, where Ð and Ñ are propositional literals, or Ä Üµ µ Å Üµµ, where Ä Üµ and Å Üµ are unary literals. We call a clause of the the first type an (original) ground step clause, and of the second type an (original) non-ground step clause 1. (Note that the term original here is used to distinguish these clauses from other that are introduced later.) Definition 3.2 DSNF. A monodic temporal problem in Divided Separated Normal Form (DSNF) is a quadruple Í Á Ë, where (1) the universal part, Í, is a finite set of arbitrary closed first-order formulae; (2) the initial part, Á, is, again, a finite set of arbitrary closed first-order formulae; (3) the step part, Ë, is a finite set of original (ground and non-ground) temporal step clauses; and (4) the eventuality part,, is a finite set of eventuality clauses of the form Ä Üµ (a nonground eventuality clause) and Ð (a ground eventuality clause), where Ð is a propositional literal and Ä Üµ is a unary non-ground literal. The intuition here is that the initial part describes the initial state of the temporal model, the universal part describes the properties of all states, the step part describes the required transitions from one state to the next, and the eventuality part describes properties of some future state. Note that, in a monodic temporal problem, we disallow two different temporal step clauses with the same left-hand sides. This requirement can be easily guaranteed by renaming. For ½ We could also allow arbitrary Boolean combinations of propositional and unary literals in the right hand side of ground and non-ground step clauses, respectively, and all results of this paper would hold. We restrict ourselves with literals for simplicity of the presentation. 5

6 example, if we have two step clauses È µ È µ then we can rename É Ê by a new predicate Ë, add the formula Ë µ É Êµ to Í and replace the above step clauses by just È µ In what follows, we will not distinguish between a finite set of formulae and the conjunction Î of formulae within the set. With each monodic temporal problem, we associate the formula É Ê Ë Á Í ÜË Ü Now, when we talk about particular properties of a temporal problem (e.g., satisfiability, validity, logical consequences etc) we mean properties of the associated formula. Arbitrary monodic first-order temporal formula can be transformed into DSNF. We present the transformation as a two stage reduction. Reduction to conditional DSNF. We first give a reduction from monodic FOTL to a normal form where, in addition to the parts above, conditional eventuality clauses of the form È Üµ µ Ä Üµ and Ô µ Ð are allowed. The reduction is based on using a renaming technique to substitute non-atomic subformulae and replacing temporal operators by their fixed point definitions described e.g. in [Fisher et al. 2001]. The translation can be described as a number of steps. (1) Translate a given monodic formula to negation normal form. (To assist understanding of the translation, we list here some equivalent FOTL formulae.) Ü Üµ Üµµ Ü Üµ Üµµ Ü Üµ Üµ Ü ÜµÍ Üµµ ÜµÏ Üµ Üµµµµ Ü ÜµÏ Üµµ ÜµÍ Üµ Üµµµ If the transformations above are applied in a straightforward way, the size of the result may grow exponentially; we may have to use renaming [Tseitin 1983; Plaisted and Greenbaum 1986; Nonnengart and Weidenbach 2001] in order to keep it linear. (2) Recursively rename innermost temporal subformulae, Üµ, Üµ, Üµ, ÜµÍ Üµ, ÜµÏ Üµ by a new unary predicate È Üµ. Since subformulae have positive polarity then, as in the classical case [Tseitin 1983; Plaisted and Greenbaum 1986; Nonnengart and Weidenbach 2001], renaming introduces implications È Üµ of the following form [Fisher et al. 2001]: µ Ü È Üµ µ Üµµ µ Ü È Üµ µ Üµµ µ Ü È Üµ µ Üµµ µ Ü È Üµ µ ÜµÍ Üµµ µ Ü È Üµ µ ÜµÏ Üµµ 6

7 Assuming that any required (first-order) renaming of the complex expression Üµ can be carried out 2, then formulae of the form µ and µ are already in the normal form, while formulae of the form µ, µ, and µ require extra reduction by removing the temporal operators using their fixed point definitions. (3) Use fixed point definitions Ü È Üµ µ Üµµ is satisfiability equivalent [Kaivola 1995; Fisher et al. 2001] to Ü È Üµ µ Ê Üµµ Ü Ê Üµ µ Ê Üµµ Ü Ê Üµ µ Üµµ Ü È Üµ µ ÜµÍ Üµµµ is equivalent (w.r.t. satisfiability) to Ü È Üµ µ Üµµ Ü È Üµ µ Üµ Üµµ Ü È Üµ µ Ë Üµ Üµµ Ü Ë Üµ µ Üµ Üµµµ Ü Ë Üµ µ Ë Üµ Üµµµ and Ü È Üµ µ ÜµÏ Üµµµ is equivalent (w.r.t. satisfiability) to Ü È Üµ µ Üµ Üµµ Ü È Üµ µ Ë Üµ Üµµ Ü Ë Üµ µ Üµ Üµµµ Ü Ë Üµ µ Ë Üµ Üµµµ where Ê Üµ and Ë Üµ are new unary predicates. Conditional problems to unconditional problems. In the second stage, we replace any formula Ü È Üµ µ Ä Üµµ by Ü È Üµ Ä Üµµ µ ÛØÓÖÄ Üµµµ (1) Ü ÛØÓÖÄ Üµ Ä Üµµ µ ÛØÓÖÄ Üµµ (2) Ü ÛØÓÖÄ Üµµ (3) where ÛØÓÖÄ Üµ is a new unary predicate. Note that formula µ can easily be transformed into the required form by moving the Ä Üµ subformula across the implication. LEMMA 3.3. Ü È Üµ µ Ä Üµµ is satisfiable if, and only if, ½µ µ µ is satisfiable. Proof (µ) Let Å be a model of Ü È Üµ µ Ä Üµµ. Let us extend this model by a new predicate ÛØÓÖÄ such that, in the extended model, Å, formulae (1), (2), and (3) would be true. Let be an arbitrary element of the domain. We define the truth value of ÛØÓÖÄ µ in Ò-th moment, Ò Æ, depending on whether Å È µ or Å È µ. The new renaming formulae are added to the universal part; this kind of first-order renaming will be used implicitly later in this section. 7

8 Assume Å È µ. Together with Å Ü È Üµ µ Ä Üµµ, and the fact that È µ È is an axiom, then the above implies that Å Ä µ. For every Ò Æ let us put Å Ò ÛØÓÖÄ µ Å Ò Ä µ Å Ò Ä µµ Assume Å È µ. There are two possibilities: Å È µ. In this case let us put Å Ò ÛØÓÖÄ µ for all Ò Æ. There exists Ñ Æ such that Å Ñ È µ and, for all Ò Ñ, Å Ò È µ. These conditions imply, in particular, that there is Ð Ñ such that Å Ð Ä µ if the formula is satisfiable. Now we define ÛØÓÖÄ µ in Å as follows: Å Ò ÛØÓÖÄ µ Å Ò Ä µ if Ò Ð ÛØÓÖÄ µ if Ò Ð Å Ò It is easy to see that Å is the required model. ( ) Let us show that Ü È Üµ µ Ä Üµµ is a logical consequence of ½µ µ µ. Let Å be a model of ½µ µ µ. By contradiction, suppose Å Ü È Üµ µ Ä Üµµ, that is, Å Ü È Üµ Ä Üµµ. Let Ñ Æ be an index and Ñ be a domain element such that Å Ñ È µ and for all Ò Ñ, Å Ò Ä µµ. Then from (1) and (2) we conclude that for all Ò Ñ, we have Å Ò ÛØÓÖÄ µµ. However, this conclusion contradicts the formula Ü ÛØÓÖÄ Üµ which is true in Å. This leads us to the following theorem. THEOREM 3.4 TRANSFORMATION. Every monodic first-order temporal formula can be transformed, in a satisfiability equivalence preserving way, to DSNF with at most a linear increase in size of the problem. Note 3.5. Furthermore, if is a formula and P is a problem in DSNF obtained from by the transformations given above, then every model of can be expanded to a model of P, and every model of P can be reducted to a model of, where the notions of an expansion and reduct are analogous to the once used in classical first-order logic [Gallier 1986]. Example 3.6. Let us consider the temporal formula Ü ÝÞÙ Ü Ý Þ Ùµ where Ü Ý Þ Ùµ does not contain temporal operators and reduce it to DSNF. First, we rename the innermost temporal subformula by a new predicate, Ü È ½ Üµ ÜÈ ½ Üµ µ ÝÞÙ Ü Ý Þ Ùµ Now, we rename the first -formula and the subformula under the operator, ÜÈ Üµ ÜÈ ½ Üµµ È Üµ ÜÈ ÜµµÝÞÙ Ü Ý Þ Ùµ ÜÈ Üµµ È ½ Üµ 8

9 unwind the operator ÜÈ Üµ ÜÈ ½ Üµ µ È Üµ ÜÈ Üµ µ ÝÞÙ Ü Ý Þ Ùµ ÜÈ Üµ µ È Üµ ÜÈ Üµ µ È Üµ ÜÈ Üµ µ È ½ Üµ and, finally, reduce the conditional eventuality to an unconditional one. ÜÈ Üµ ÜÈ Üµ µ ÝÞÙ Ü Ý Þ Ùµ ÜÈ Üµ µ È Üµ ÜÈ Üµ µ È Üµ ÜÈ Üµ µ È ½ Üµ Ü È ½ Üµ È Üµµ µ ÛØÓÖÈ Üµ Ü ÛØÓÖÈ Üµ È Üµµ µ ÛØÓÖÈ Üµ Ü ÛØÓÖÈ Üµ The parts of this formula form the following monodic temporal problem (we also rename the complex È Üµ ÛØÓÖÈ Üµ expression by È Üµ): Á Í Ë ÜÈ Üµ Ü È Üµ µ ÝÞÙ Ü Ý Þ Ùµµ Ü È Üµ µ È Üµµ Ü È Üµ µ È ½ Üµµ Ü È ½ Üµ È Üµµ µ ÛØÓÖÈ Üµµ Ü È Üµ µ È Üµ ÛØÓÖÈ Üµµ È Üµ µ È Üµ ÛØÓÖÈ Üµ µ ÛØÓÖÈ Üµ È Üµ 4. TEMPORAL RESOLUTION As in the propositional case [Fisher 1991; Degtyarev et al. 2002], our calculus works with merged step clauses, but here the notion of a merged step clause is much more complex. This is, of course, because of the first-order nature of the problem and the fact that skolemisation is not allowed under temporal operators. In order to build towards the calculus, we first provide some important definitions. While the formal definitions of various different forms of clause are given below, it is useful to consider a simple example. Imagine we have, amongst out original set of step clauses, the three step clauses: È Üµ µ Ê Ýµ µ Ì Þµ µ 9 É Üµ Ë Ýµ Í Þµ

10 From these clauses we can derive the ground step clauses Ú È Úµ Ê Úµ Ì Úµµ µ Ú È Úµ Ê Úµ Ì Úµµ µ Û É Ûµ Ë Ûµ Í Ûµµ Û É Ûµ Ë Ûµ Í Ûµµ Since we know the set of constants that can be used in the problem, we can also derive clauses of the form È µ µ É µ The above three types of clause are called derived clauses. We can then combine (conjoin) these derived clauses both with each other and with a conjunction of original ground step clauses. Such combinations are called merged derived step clauses. Finally, combining (again, conjoining) merged derived step clauses together with a conjunction of original step clauses gives us full merged step clauses. It is these that we will work with in general. Definition 4.1 Derived Step Clauses. Let P be a monodic temporal problem, and let È ½ Üµ µ Å ½ Üµ È Üµ µ Å Üµ (4) be a subset of the set of its original non-ground step clauses. Then Ü È ½ Üµ È Üµµ µ Ü Å ½ Üµ Å Üµµ (5) Ü È ½ Üµ È Üµµ µ Ü Å ½ Üµ Å Üµµ (6) È µ µ Å µ (7) are derived step clauses, where ÓÒ Ø Pµ and ½. A derived step clause is a logical consequence of its premises obtained by dividing and bounding left-hand and right-hand sides. Definition 4.2 Merged Derived Step Clauses. Let ½ µ ½ Ò µ Ò be a set of derived step clauses or original ground step clauses. Then Ò Ò ½ is called a merged derived step clause. µ Note that the left-hand and right-hand sides of any merged derived step clause are closed formulae. Definition 4.3 Full Merged Step Clauses. Let µ be a merged derived step clause, È ½ Üµ µ Å ½ Üµ È Üµ µ Å Üµ be original step clauses, and Üµ Î Î È Üµ Üµ Å Üµ Then ½ ½ Ü Üµ µ ½ Üµµµ is called a full merged step clause. In the case, the conjunctions Üµ, Üµ are empty, that is, their truth value is true, and the merged step clause is just a merged derived step clause. 10

11 Definition 4.4 Constant Flooding. Let P be a monodic temporal problem, P P Ä µ Ä Üµ ÓÒ Ø Pµ is the constant flooded form 3 of P. Evidently, P is satisfiability equivalent to P. Example 4.5. Let us consider a temporal problem given by Á ½ É µ Ù½ Ü È½ Üµ È Í Üµµ Ù Ü É Üµ Ý È ½ Ýµ È Ýµµ µ Ä Üµµ ½ È ½ Üµ µ È ½ Üµ Ë È Üµ µ È Üµ É Üµ µ É Üµ ½ Ä Üµ Then ½ È ½ µ µ È ½ µ ÝÈ ½ Ýµ µ ÝÈ ½ Ýµ ÝÈ ½ Ýµ µ ÝÈ ½ Ýµ Ý È ½ Ýµ È Ýµµ µ Ý È ½ Ýµ È Ýµµ Ý È ½ Ýµ È Ýµµ µ Ý È ½ Ýµ È Ýµµ are examples of derived step clauses. Every derived step clause is also a merged derived step clause. In addition, Ñ½ È ½ µ ÝÈ ½ Ýµ µ È ½ µ ÝÈ ½ Ýµµ Ñ ÝÈ ½ Ýµ ÝÈ ½ Ýµ µ ÝÈ ½ Ýµ ÝÈ ½ Ýµµ are other examples of merged derived step clauses. Finally, Ñ½ Ü È Üµ È ½ µ µ È Üµ È ½ µµµ Ñ Ü É Üµ Ý È ½ Ýµ È Ýµµ µ É Üµ Ý È ½ Ýµ È Ýµµµµ Ñ Ü È ½ Üµ ÝÈ ½ Ýµ ÝÈ ½ Ýµ µ É Üµ ÝÈ ½ Ýµ ÝÈ ½ Ýµµµ are examples of full merged step clauses. Note that, constant flooding adds to the problem the eventuality Ä µ. Inference Rules. The inference system we use consists of the following inference rules. (Recall that the premises and conclusion of these rules are (implicitly) closed under the operator.) The conclusion of every rule is a first-order formula to be added to the universal part (see the definition of a derivation, Definition 4.11 below), where neither of the initial, step, or eventuality parts is changed by our rules. In what follows, µ and µ denote merged derived step clauses, Ü Üµ µ Üµµµ and Ü Üµ µ Üµµµ denote full merged step clauses, and Í denotes the (current) universal part of the problem. (1) Step resolution rule w.r.t. Í: µ Í µ Ö where Í. Strictly speaking, P is not in DSNF: we have to rename ground eventualities by propositions. Rather than flooding, we could have introduced special inference rules to deal with constants. 11

12 (2) Initial termination rule w.r.t. Í: The contradiction is derived and the derivation is (successfully) terminated if Í Á. (3) Eventuality resolution rule w.r.t. Í: Ü ½ ½ Üµ µ ½ ½ Üµµµ Ü Ò Ò Üµ µ Ä Üµ Ò Ò Üµµµ Î Ü Ò Í µ Ö Üµµ ½ where Ä Üµ is a non-ground eventuality from and Ü Üµ µ Üµµ are full merged step clauses such that for all ½ Ò, the loop side conditions Ü Í Üµ µ Ä Üµµ and Ü Í Üµ µ Ò Üµµ are both valid. The set of merged step clauses, satisfying the loop side conditions, is called a loop in Ï Ä Üµ and the formula Ò Üµ Üµµ is called a loop formula. ½ (4) Eventuality termination rule w.r.t. Í: The contradiction is derived and the derivation is (successfully) terminated if Í ÜÄ Üµ, where Ä Üµ 4. (5) Ground eventuality resolution rule w.r.t. Í: where µ conditions ½ ½ ½ µ ½ Ò µ Ò Ð ÒÎ Í µ Ö µ are merged grounded step clauses such that the ground loop side Í Ð and Í Ò for all ½ Ò are satisfied. (6) Ground eventuality termination rule w.r.t. Í: The contradiction is derived and the derivation is (successfully) terminated if Í Ð, where Ð. Note 4.6. In principle, the eventuality resolution and eventuality termination rules could handle both ground and non-ground eventualities. However, we consider their ground counterparts explicitly. Note that the ground eventuality resolution rule does not use full merged step clauses and can be considered, thus, as a specific strategy for the general eventuality resolution rule. For a temporal problem P, by ÌÊ Pµ we denote the set of all formulae which can be obtained from P applying the inference rules above. In the case Í ÜÄ Üµ, the degenerate clause, true µ true, can be considered as a premise of the eventuality resolution rule; the conclusion of the rule is then true and the derivation successfully terminates. 12 ½

13 Note 4.7. The eventuality resolution rule above can be thought of as two separate rules: an induction rule to extract a formula of the form Ü È Üµ µ Ä Üµµ and a resolution rule to resolve this with Ý Ä Ýµ, that is, Induction rule w.r.t. Í: Ü ½ ½ Üµ µ ½ ½ Üµµµ Ü Ò Ò Üµ µ Ò Ò Üµµµ ÒÏ Ü Üµµ µ Ä Üµµ ½ Ò Í µ (with the same side conditions as the eventuality resolution rule above). Ï The formula Ò Üµµ can be considered as an invariant formula since, within ½ the loop detected, this formula is always true. Pure eventuality resolution: ÒÏ Ü Üµµ µ Ä Üµµ Ä Üµ ½ Î Ü Ò Üµµ Ö µ ½ We see here that a classical first-order formula is generated; this is added to Í. The ground eventuality resolution rule can be split into two parts in a similar way. Example 4.8 Example 4.5 contd.. We apply temporal resolution to the (unsatisfiable) temporal problem from Example 4.5. It can be immediately checked that the loop side conditions are valid for the full merged step clause Ñ, that is, Ñ Ü É Üµ Ý È ½ Ýµ È Ýµµ µ É Üµ Ý È ½ Ýµ È Ýµµµµ Ý È ½ Ýµ È Ýµµ É Üµ µ Ä Üµ Ý È ½ Ýµ È Ýµµ É Üµ µ Ý È ½ Ýµ È Ýµµ É Üµ see Ùµ see Ù½µ We apply the eventuality resolution rule to ½ and Ñ½ and derive a new universal clause ÒÙ½ Ü Ý È ½ Ýµ È Ýµµµ É Üµµ which contradicts clauses Ù½ and ½ (the initial termination rule is applied). Example 4.9. The need for constant flooding can be demonstrated by the following example. None of the rules of temporal resolution can be applied directly to the (unsatisfiable) temporal problem given by Á È µ Ë Õ µ Õ Í Õ È µ È Üµ If, however, we add to the problem an eventuality clause Ð and a universal clause Ð µ È µ, the step clause Õ µ Õ will be a loop in Ð, and the eventuality resolution rule 13

14 would derive true 5. Correctness of the presented calculi is straightforward. THEOREM 4.10 SOUNDNESS OF TEMPORAL RESOLUTION. The rules of temporal resolution preserve satisfiability. Proof Considering models for ÇÌÄ formulae, it can be shown that the temporal resolution rules preserve satisfiability. Let Å Á be a temporal structure and be a variable assignment. We assume that a temporal problem P is true in Å under the assignment and show that P, extended with the conclusion of a temporal resolution rule, is true in Å under. We do this by considering cases of the inference rule used, as follows. Consider the step resolution rule. Let µ be a merged derived clause and assume that Å µ µ, Í, but for some, Å. Then Å ½ in contradiction with the side condition of the rule. Consider now the eventuality resolution rule. Let Ü Üµ µ Üµµ, ½ Ò, be full merged step clauses and Ä Üµ be an eventuality such that ÒÎ Ü Üµ µ Üµµ, Å Ü Ä Üµ, and the loop side Å ½ Ï conditions Ü Í Üµ µ Ä Üµµ and Ü Í Üµ µ Ò Üµµ Î are both valid, but for some, Å Ü Ò Üµµ. It follows there exists a domain element such that Å µµ. It is not hard to see that, by validity of the loop side conditions and by the fact that the full merged clauses are true in Å under, Å Ð Ä µ for all Ð, that is, Å ½ Ä µ in contradiction with the eventuality. Correctness of the initial termination and eventuality termination rules is obvious. Correctness of the ground counterparts of the eventuality resolution and eventuality termination rules can be proved in a similar way. Similarly to classical first-order resolution, temporal resolution is a refutationally complete saturation-based theorem proving method, i.e., a contradiction can be deduced from any unsatisfiable problem, and the search for a contradiction proceeds by saturation the universal part of a given problem. Definition 4.11 Derivation. A derivation is a sequence of universal parts, Í Í Í ½ Í, extended little by little by the conclusions of the inference rules. The Á, Ë and parts of the temporal problem are not changed during a derivation. A derivation terminates if, and only if, either the contradiction is derived, in which case we say that the derivation successfully terminates, or if no new formulae can be derived by further inference steps. Note that since there exist only finitely many different full ½ ½ Note that the non-ground eventuality È Üµ is not used. We show in Section 7 that if all step clauses are ground, for constant flooded problems we can neglect non-ground eventualities. 14

15 merged step clauses, the number of different conclusions of the inference rules of temporal resolution is finite. Therefore, every derivation is finite. If a (finite) derivation does not terminate, we call it partial. Any partial derivation can be continued yielding a terminating derivation. We adopt the notion of a fair derivation from [Bachmair and Ganzinger 2001]. Definition 4.12 Fair derivation. A derivation Í Í Í ½ Í Í Ò is called fair if for any and formula ÌÊ Í Á Ë µ, there exists such that Í. We formulate now the completeness result and prove it in Section 5, which is entirely devoted to this issue. THEOREM 4.13 COMPLETNESS OF TEMPORAL RESOLUTION. Let an arbitrary monodic temporal problem P be unsatisfiable. Then any fair derivation by temporal resolution from P successfully terminates. 5. COMPLETENESS OF TEMPORAL RESOLUTION In short, the proof of Theorem 4.13 proceeds by building a graph associated with a monodic temporal problem, then showing that there is a correspondence between properties of the graph and of the problem, and that equivalent properties are captured by the rules of the proof system. Therefore, if the problem is unsatisfiable, eventually our rules will discover it. First, we introduce additional concepts. Let P Í Á Ë be a monodic temporal problem. Let È ½ È Æ and Ô ½ Ô Ò, Æ Ò, be the sets of all (monadic) predicate symbols and all propositional symbols, respectively, occurring in Ë. A predicate colour is a set of unary literals such that for every È Üµ È ½ Üµ È Æ Üµ, either È Üµ or È Üµ belongs to. A propositional colour is a set of propositional literals such that for every Ô Ô ½ Ô Ò, either Ô or Ô belongs to. Let be a set of predicate colours, be a propositional colour, and be a map from the set of constants, ÓÒ Ø Pµ, to. A triple is called a colour scheme, and is called a constant distribution. We write sometime when and. Note 5.1. The notion of colour scheme came, of course, from the well known concept used in the decidability proof for the monadic class in classical first-order logic (see, for example, [Börger et al. 1997]). In our case, is the quotient domain (a subset of all possible equivalence classes of predicate values), is a propositional valuation, and is a standard interpretation of constants in the domain. We construct quotient structures based only on the predicates and propositions which occur in the temporal part of the problem, since only these symbols are really responsible for the satisfiability (or unsatisfiability) of temporal constraints. In addition, we have to consider so-called constant distributions because, unlike in the classical case, we cannot eliminate constants replacing them by existentially bound variables since in doing this the monodicity property would be lost. For every colour scheme let us construct the formulae,, in the following way. For every and for every, introduce the conjunctions: Î Ä Üµ Î Ð Üµ Ä Üµ 15 Ð

16 Let Î Üµ Ä Üµ Ä Üµ µ Å Üµ Ë Ä Üµ Î Üµ Å Üµ Ä Üµ µ Å Üµ Ë Ä Üµ Î Ð Ð µ Ñ Ë Ð Î Ñ Ð µ Ñ Ë Ð (Recall that there are no two different step clauses with the same left-hand side.) Now,, are of the following forms: Î Î Ü Üµ µ µ Ü Ï Üµ ÓÒ Ø È µ Î Î Ü Üµ µ µ Ü Ï Üµ Î ÓÒ Ø È µ Î Ü Üµ µ µ Ü Ï Üµ ÓÒ Ø È µ We can consider the formula as a categorical formula specification of the quotient structure given by a colour scheme. In turn, the formula represents the part of this specification which is responsible just for transferring requirements from the current world (quotient structure) to its immediate successors, and represents the result of transferal. Example 5.2. Consider a monodic temporal problem, P, given by Á Ë È Üµ µ È Üµ Í Ð µ ÜÈ Üµ È Üµ Ð For this problem, there exist two predicate colours, ½ È Üµ and È Üµ ; two propositional colours ½ Ð and Ð ; and six colour schemes (we omit the empty constant distribution for readability), ½ ½ ½ µ ½ µ ½ µ µ ½ ½ µ ½ µ The categorical formulae for these colour schemes are the following: ½ ÜÈ Üµ ÜÈ Üµ Ð ½ ÜÈ Üµ ÜÈ Üµ ½ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ Ð true true ÜÈ Üµ ÜÈ Üµ Ð ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ Ð ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ Ð true true ÜÈ Üµ ÜÈ Üµ Ð ÜÈ Üµ ÜÈ Üµ Definition 5.3 Canonical Merged Derived Step Clauses. Let P be a first-order temporal problem, be a colour scheme for P. Then the clause µ µ is called a canonical merged derived step clause for P. If all conjunctions in are empty, which implies all conjunctions in are empty and vice versa, the truth value of both and is true, and the clause µ µ degenerates to true µ trueµ. If a conjunction Üµ,, is empty (which also implies the conjunction Üµ is empty and vice versa) then the formula Ü Ï Üµ 16

17 ½ Fig. 1. Behaviour graph for the problem Á, Í Ð µ ÜÈ Üµ, Ë È Üµ µ È Üµ Ð (Example 5.6). È Üµ, (and Ü Ï Üµ) disappears from (from respectively). In the propositional case, the clause µ µ reduces to µ µ. Definition 5.4 Canonical Merged Step Clause. Let be a colour scheme, µ be a canonical merged derived step clause, and. Ü Üµ µ is called a canonical merged step clause. Üµµµ If the truth value of the conjunctions Üµ, Üµ is true, the canonical merged step clause is just a canonical merged derived step clause. Definition 5.5 Behaviour Graph. Now, given a temporal problem P Í Á Ë we define a finite directed graph as follows. Every vertex of is a colour scheme for P such that Í is satisfiable. For each vertex, there is an edge in to, if Í is satisfiable. They are the only edges originating from. A vertex is designated as an initial vertex of if Á Í is satisfiable. The behaviour graph À of P is the subgraph of induced by the set of all vertices reachable from the initial vertices. Example 5.6 Example 5.2 contd.. Let us construct the behaviour graph for the problem given in Example 5.2. Note that Í, so the vertex is not in the graph. The behaviour graph for P, given in Fig. 1, consists of five vertices; all of them are initial. There is an edge in the graph from the node to the node ½ since the formula Í ½, Ð µ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ßÞ Ð ßÞ Ð ßÞ Ð Í ½ 17

18 is satisfiable. There is no edge from ½ to since the formula Í ½, Ð µ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ÜÈ Üµ ßÞ Ð ßÞ Ð ßÞ Ð Í ½ is unsatisfiable. Other edges are considered in a similar way. LEMMA 5.7. Let P ½ Í ½ Á Ë and P Í Á Ë be two problems over the same set of symbols, such that Í ½ Í. Then the behaviour graph of P is a subgraph of the behaviour graph of P ½. Proof Satisfiability of Í implies satisfiability of Í ½. Definition 5.8 Path; Path Segment. A path,, through a behaviour graph, À, is a function from Æ to the vertices of the graph such that for any there is an edge µ ½µ in À. In a similar way, we define a path segment as a function from Ñ Ò, Ñ Ò, to the vertices of À with the same property. Recall that vertices of the behaviour graph of a problem, P, are quotient representations of intermediate interpretations Å Ò in possible models of P. Intuitively, if a pair of vertices, or of colour schemes, and is suitable, then this pair can represent adjacent interpretations Å and Å ½ in a model of P. The definition of predicate colour suitability given below expresses the condition when a pair of predicate colours specify an element in adjacent interpretations with regard to the step part of P. A similar intuition is behind the notions of suitable propositional colours and suitable constant distributions. Definition 5.9 Suitability. For and, let µ be an ordered pair of colour schemes for a temporal problem P. An ordered pair of predicate colours µ where, is called suitable if the formula Í Ü Üµ Üµµ is satisfiable; Similarly, an ordered pair of propositional colours µ is suitable if Í is satisfiable; and an ordered pair of constant distributions µ is suitable if, for every, the pair µ µµ is suitable. When the graph is clear from the context, we denote suitable pairs by connecting them with an arrow, for example, if a pair of predicate colours µ is suitable, we denote it by. Note that the satisfiability of Ü Üµ Üµµ implies Ü Üµ µ Üµµ as the conjunction Üµ contains a valuation at Ü of all predicates occurring in Üµ. LEMMA Let À be the behaviour graph for the problem P Í Á Ë with an edge from a vertex to a vertex. Then (1) for every there exists a such that the pair µ is suitable; (2) for every there exists a such that the pair µ is suitable; (3) the pair of propositional colours µ is suitable; (4) the pair of constant distributions µ is suitable. Proof From the definition of a behaviour graph it follows that Í is satisfiable. Now to prove the first item it is enough to note that satisfiability of the expression 18

19 Í implies satisfiability of Í Ü Ï Üµµ Ü Üµ. This, in turn, implies satisfiability of its logical consequence Í Ï Ü Üµ Üµµ. So, one of the members of this disjunction must be satisfiable. The second item follows from the satisfiability of Í Ü Ï Üµµ Ü Üµ. Other items are similar. Example 5.11 Example 5.6 cont.. Let us consider suitability of predicate and propositional colours from Example 5.2. Since the formula Í Ü ½ Üµ Üµµ, where Í Ð µ ÜÈ Üµ, ½ È Üµ, and true, is satisfiable, the pair ½ µ is suitable. Since the formula Í Ü Üµ ½ Üµµ, where Í Ð µ ÜÈ Üµ, È Üµ, and ½ È Üµ, is unsatisfiable, the pair ½ µ is not suitable. In a similar way, it can be easily checked that the pairs of predicate colours and the pairs of propositional colours ½ ½ µ and µ are suitable. ½ ½ µ ½ µ ½ µ and µ Let À be the behaviour graph for a temporal problem P Í Á Ë and Ò be a path in À where. Let Á Ó and Ò Ò Ò ½ for Ò ½. According to the definition of a behaviour graph, the set Í Ò is satisfiable for every Ò. From classical model theory, since the language Ä is countable and does not contain equality, the following lemma holds. LEMMA Let be a cardinal,. For every Ò, if the set Í Ò is satisfiable then there exists an Ä-model Å Ò Á Ò of Í Ò such that for every Ò the set Ò µ Å Ò µ is of cardinality. Definition 5.13 Run/E-Run. Let be a path through a behaviour graph À of a temporal problem P, and µ. By a run in we mean a function Ö Òµ from Æ to Ë Æ such that for every Ò Æ, Ö Òµ Ò and the pair Ö Òµ Ö Ò ½µµ is suitable. In a similar way, we define a run segment as a function from Ñ Ò, Ñ Ò, to Ë Æ with the same property. A run Ö is called an e-run if for all and for every non-ground eventuality Ä Üµ there exists such that Ä Üµ Ö µ. Let be a path, the set of all runs in is denoted by Ê µ, and the set of all e-runs in is denoted by Ê µ. If is clear, we may omit it. Here µ µ denotes that there exists a path from to such that and belong to a run in ; and denotes that there exists a path from to. Example is a path through the behaviour graph given in Fig. 1. Ö ½ ½ ½ ½ and Ö ½ ½ are both runs in. Ö is an e-run, but Ö ½ is not. We now relate properties of the behaviour graph for a problem to the satisfiability of the problem. 19

20 THEOREM 5.15 EXISTENCE OF A MODEL. Let P Í Á Ë be a temporal problem. Let À be the behaviour graph of P, let and be vertices of À such that and. If both the set of initial vertices of À is non-empty and the following conditions hold (1) For every vertex, predicate colour, and non-ground eventuality Ä Üµ there exist a vertex and a predicate colour such that µ µ Ä Üµ (2) For every vertex, constant ÓÒ Ø Pµ, and non-ground eventuality Ä Üµ, there exists a vertex such that Ä Üµ µ (3) For every vertex and ground eventuality Ð, there exists a vertex such that Ð then P has a model. The proof proceeds as follows. First, we provide a lemma showing that, under the conditions of Theorem 5.15, there exists a path through the behaviour graph satisfying certain properties, and then we show that, if such a path exists, then the problem has a model. LEMMA Under the conditions of Theorem 5.15, there exists a path through À where: (a) µ is an initial vertex of À; (b) for every colour scheme µ, and every ground eventuality literal Ð there exists a colour scheme µ,, such that Ð ; (c) for every colour scheme µ and every predicate colour from the colour scheme there exists an e-run Ö Ê µ such that Ö µ ; and (d) for every constant Ä, the function Ö Òµ defined by Ö Òµ Ò µ, where Ò is the constant distribution from Òµ, is an e-run in. Proof [of Lemma 5.16] Let Ä ½ Üµ Ä Üµ be all non-ground eventuality literals from ; Ð ½ Ð Ô be all ground eventuality literals from ; and ½ Õ be all constants of P. Let be an initial vertex of À. We construct the path as follows. Let ½ be all predicate colours from. By condition (1) there exists a vertex ½Ä½µ and a predicate colour ½µ ½ ½ Ä ½ µ such that ½ µ ½Ä½µ ½µ ½ µ and Ä ½ Üµ ½µ ½. In the same way, there exists a vertex ½Äµ and a predicate colour µ ½ such that ½Ä½µ ½µ ½ µ ½Äµ µ ½ µ and Ä Üµ µ. And ½ ½ Ä µ so on. Finally, there exists a vertex ½Ä µ and a predicate colour µ ½ ½ Ä µ such that ½Ä ½µ ½µ ½ µ ½Ä µ µ ½ µ and Ä Üµ µ. Clearly, ½ ½,..., ½µ ½,..., µ ½,..., µ ½ forms a segment of a run and every non-ground eventuality is satisfied along this segment. Now, let µ be any successor of in ½ Ä µ. As above, there exists a sequence of vertices Ä½µ,..., Ä µ and a sequence of predicate colours ½µ Ä ½ µ,..., 20

21 µ Ä µ such that,..., µ ½µ µ forms a segment of a run and every non-ground eventuality is satisfied along this segment. Continue this construction. At a certain point we construct a segment of a path from to a vertex Ä µ such that for every there exists Ä µ such that all eventualities are satisfied on the run-segment from to. In a similar way we can construct a vertex ½Ä½µ such that Ä µ ½Ä½µ and Ä ½ Üµ ½ Ä ½ µ ½ µ. And so on. As above, at some point we will have constructed a segment to a vertex such that all eventualities are satisfied on the run-segment. Then we can construct a vertex Ð½µ such that ÕÄ µ Ð½µ and Ð ½ Ð ½ µ. And so on. Finally, we construct a vertex ÐÔµ such that and on this path segment all conditions of the theorem hold for. Let us denote this path segment as, and let ½ be any successor of. By analogy, we can construct a vertex ½ and a path segment ½ from ½ to ½ such that all conditions of the theorem hold for ½. An so forth. Eventually, we construct a sequence, ½,..., such that there exists Ò Ò and Ò because there are only finitely many different colour schemes. Let ½ Ò ½, Ò ½. Now, we define our path as ½ µ. Properties (a) and (b) evidently hold on. Let µ and. Clearly, there exist and Ò such that µ µ and µ Ò µ. Since for every Ò there exists Ò Ä µ Ò such that all eventualities are satisfied on the run-segment from to and there exists µ Ò, ÒÄ µ Ò µ Ò µ µ, then there is an e-run, Ö, such that Ö µ, that is, property (c) holds. Note that, for every constant of P the sequence Ö Òµ is a run in. By construction, for every Ä Üµ there is a vertex Äµ Ò Ö Òµ is an e-run in and property (d) holds. in such that Ä Üµ Äµ Ò µ. Therefore, Proof [of Theorem 5.15] Following [Hodkinson et al. 2000; Degtyarev and Fisher 2001] take a cardinal exceeding the cardinality of the set Ê. Let us define a domain Ö Ö Ê. Then for every Ò Æ we have Ë Ò µ, where Ò µ Ö Ö Òµ and Ò µ. Ò Hence, by Lemma 5.12, for every Ò Æ there exists an Ä-structure Å Ò Á Ò satisfying Í Ò such that Ò µ Ö Å Ò Ö µ. Moreover, we can suppose that ÁÒ Ö for every constant ÓÒ Ø Pµ. A potential first order temporal model is Å Á, where Á Òµ Á Ò for all Ò Æ. To be convinced of this we have to check validity of step and eventuality clauses. (Recall that satisfiability of Á and Í in Å is implied by satisfiability of in Å and definition of a behaviour graph.) Let Ü È Üµ µ Ê Üµµ be an arbitrary step clause; we show that it is true in Å. Namely, we show that for every Ò and every Ö, if Å Ò È Ö µ then Å Ò ½ Ê Ö µ. Suppose Ö Òµ Ò and Ö Ò ½µ, where µ is a suitable pair in accordance with the definition of a run. It follows that Ö Ò µ and Ö Ò ½ µ, in other words Å Ò Ö µ and Å Ò ½ Ö µ. Since Å Ò È Ö µ then È Üµ. It follows that Ê Üµ is a conjunctive member of Üµ. Since the pair µ is suitable, it follows that the conjunction Ü Üµ Üµµ is satisfiable and, moreover, Ü Üµ µ Üµµ. Together with Å Ò ½ Ö µ 21

22 this implies that Å Ò ½ Ê Ö µ. Propositional step clauses are treated in a similar way. Let Üµ Ä Üµ be an arbitrary eventuality clause. We show that for every Ò and every Ö, Ö Ê, there exists Ñ Ò such that Å Ñ Ä Ö µ. Since Ö is an e-run, there exists Ñµ for some Ñ Ò such that Ö Ñµ and Ä Üµ. It follows that Ö Ñ µ, that is Å Ñ Ö µ. In particular, Ä Ö µ. Propositional eventuality clauses are considered in a similar way. Å Ñ Note For constant flooded temporal problems condition 3 of Theorem 5.15 implies condition 2. LEMMA Let Å be a first-order temporal structure. Then there exists a colour scheme such that Å. Proof Let Å Á. For every, let µ be the set of unary literals such that for every predicate È Üµ, Æ, È Üµ µ if Å È µ È Üµ µ if Å È µ Similarly, let be the set of propositional literals such that for every proposition Ô, Ò, Ô if Å Ô Ô if Å Ô We define as µ, and µ as Á µ. Clearly, Å. Proof [Theorem 4.13: completeness of temporal resolution] To simplify denotation, we assume that the temporal problem P Í Á Ë is already in the constant flooded form. Recall that according to our definitions, a fair derivation for the problem P is a finite sequence of universal parts, Í Í Í ½ Í Í Ò such that for any and formula ÌÊ Í Á Ë µ, there exists such that Í. In particular, for any formula ÌÊ Í Ò Á Ë µ we have Í Ò. The proof of the theorem proceeds by consideration of the number of vertices in the behaviour graph À for P Ò Í Ò Á Ë, which is finite. If À is empty, then by Lemma 5.18 the set Í Ò Á is unsatisfiable, and Í Ò contains the contradiction due to the initial termination rule. Now suppose À is not empty. In the following we show that there exists an inference rule of temporal resolution such that when Í Ò is extended with the conclusion of the rule yielding Í Ò, the behaviour graph for the resulting temporal problem P Í Ò Á Ë contains at least one vertex less than À. By lemma 5.7 this means, however, that Í Ò Í Ò in contradiction with our assumption that Í Ò is the last member of the fair derivation. Suppose there exists a vertex of À which has no successors. In this case the set Í Ò is unsatisfiable. Indeed, suppose Í Ò is true in a model Å. By lemma 5.18, we can define a colour scheme such that Å. As is satisfiable, there exists an edge from the vertex to the vertex in the contradiction with the choice of as having no successor. The conclusion of the step resolution rule,, is added to the set Í Ò ; this 22

23 implies removing the vertex from the behaviour graph because the set is not satisfiable. Next, we check the possibility where À is not empty and every vertex À has a successor. Since the problem, P, is unsatisfiable, at least one condition of Theorem 5.15 is violated. By Note 5.17, it is enough to consider only two cases of violation of the conditions of Theorem First condition of Theorem 5.15 does not hold. Then, there exist a vertex, predicate colour, and eventuality Ä Üµ such that for every vertex and predicate colour, µ µ µ Ä Üµ (8) Let Á be a finite nonempty set of indexes such that Á is the set of all successors of (possibly including itself); and let Â, for Á, be finite nonempty sets of indexes such that Á Â is the set of all predicate colours such that there exists a run going through and the colour. (To unify notation, if Á, we define Â as, and as ; and if Á, we add the index of to Â. Therefore, Â is always defined and without loss of generality we may assume that.) Let ½ be the set of all immediate successors of. To simplify the proof, we will represent canonical merged derived step clauses µ (and Ð µ Ð ) simply as µ (and Ð µ Ð, resp.), and formulae (and Ð ) simply as (and Ð, resp.). Consider two cases depending on whether the canonical merged derived step clause µ (or any of µ, Â) degenerates or not. (1) Let true. It follows that Í Ò ÜÄ Üµ. Indeed, suppose Í Ò ÜÄ Üµ has a model, Å. Then we can construct a colour scheme such that Å. Since ½ is the set of all immediate successors of and true, it holds that there exists ½, such that. Since Üµ true, every pair µ, where, is suitable; hence Ä Üµ for every, and ÜÄ Üµ leading to a contradiction. Therefore, Í Ò ÜÄ Üµ and the eventuality termination rule can be applied. The same holds if any one of µ degenerates. (2) Let none of the µ degenerate. We are going to prove that the eventuality resolution rule can be applied. First, we have to check the side conditions for such an application. (a) Ü Í Ò Üµ µ Ä Üµµ for all Á, Â. Consider the case when (for other indexes the arguments are similar). We show that Ü Í Ò Üµ µ Ð½ Ð Üµµ is valid (it follows, in particular, that Ü Í Ò Üµ µ Ä Üµµ is valid). Suppose Å is a model for Ü Í Ò Üµ 23 Ð½ Ð Üµµ

King s Research Portal

King s Research Portal DOI: 10.1007/3-540-45616-3_7 Document Version Peer reviewed version Link to publication record in King's Research Portal Citation for published version (APA): Degtyarev, A., Fisher,