A Calculus of Durations on Abstract Domains ... - Semantic Scholar

UNU/IIST International Institute for Software Technology

A Calculus of Durations on Abstract Domains: Completeness and Extensions Dimitar P. Guelev May 1998

UNU/IIST Report No. 139

R

UNU/IIST and UNU/IIST Reports UNU/IIST is a Research and Training Center of the United Nations University. It was founded in 1992, and is located in Macau. UNU/IIST is jointly funded by the Governor of Macau and the Governments of

China and Portugal through contribution to the UNU Endowment Fund.

The mission of UNU/IIST is to assist developing countries in the application and development of software technology. UNU/IIST contributes through its programmatic activities:

1. advanced development projects in which software techniques supported by tools are applied, 2. research projects in which new techniques for software development are investigated, 3. curriculum development projects in which courses of software technology for universities in developing countries are developed, 4. courses which typically teach advanced software development techniques, 5. events in which conferences and workshops are organised or supported by UNU/IIST, and 6. dissemination, in which UNU/IIST regularly distributes to developing countries information on international progress of software technology. Fellows, who are young scientists and engineers from developing countries, are invited to actively participate in all these projects. By doing the projects they are trained. At present, the technical focus of UNU/IIST is on formal methods for software development. UNU/IIST is an internationally recognised center in the area of formal methods. However, no software technique is universally applicable. We are prepared to choose complementary techniques for our projects, if necessary. UNU/IIST produces a report series. Reports are either Research R , Technical T , Compendia C or Administrative A . They are records of UNU/IIST activities and research and development achievements.

Many of the reports are also published in conference proceedings and journals.

Please write to UNU/IIST or visit UNU/IIST home page: http://www.iist.unu.edu, if you would like to know more about UNU/IIST and its report series. Zhou Chaochen, Director | 01.8.1997 { 31.7.2001

UNU/IIST International Institute for Software Technology

P.O. Box 3058 Macau

A Calculus of Durations on Abstract Domains: Completeness and Extensions Dimitar P. Guelev Abstract This paper presents a completeness theorem for Duration Calculus [ZHR91] and some of its application-oriented extensions with respect to an abstractly speci ed class of frames, as a generalization of the result on the standard real-time frame coped with in [HZ92]. The choice of abstract semantics gives the opportunity to prove completeness of Duration Calculus not relative to a semantically de ned set of axioms, as needed for its completeness with respect to the standard frame. The abstract semantics captures the essential property of nite variability of states, as present in Duration Calculus, which is actually given axiomatization in the framework of Interval Temporal Logic [Dut95], where from proof systems for Duration Calculus and some extensions of its are derived. These include two-dimensional interval logic, two-dimensional duration calculus and duration calculus for weakly monotonic time [PD97].

Dimitar P. Guelev is a ph. d. student of logic at the Department of Mathematical Logic and Its Applications, Faculty of Mathematics and Informatics, So a University \St. Kliment Ochridski". He has been a fellow of UNU/IIST since March 1998. His research interests are in modal logic, temporal logic and probability logic. e-mail [email protected] a.bg, [email protected]

Copyright c 1998 by UNU/IIST, Dimitar P. Guelev

Contents

i

Contents

Introduction 1 Preliminaries: interval logic on temporal domains

1 3

2 Interval logic and nite variability

5

1.1 Syntax of interval logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Semantics of interval logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Proof system for interval logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2.1 2.2 2.3 2.4

Axioms and an !-rule about the nite covering property . . . . . . . . Completeness: interval logic theories that are closed under the !-rule . Completeness: construction of the canonical model . . . . . . . . . . . Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

3 3 5

. 6 . 7 . 12 . 17

3 Duration calculus on abstract domains

18

4 Finite variability and length in interval logic 5 Two-dimensional systems

21 26

3.1 Syntax of duration calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.2 Semantics of duration calculus on abstract domains . . . . . . . . . . . . . . . . . 18 3.3 Completeness of duration calculus on abstract domains . . . . . . . . . . . . . . . 20

5.1 Two-dimensional interval logic . . . . . . . 5.1.1 Syntax . . . . . . . . . . . . . . . . . 5.1.2 Semantics . . . . . . . . . . . . . . . 5.1.3 Proof system and completeness . . . 5.2 Two-dimensional duration calculus . . . . . 5.2.1 Syntax . . . . . . . . . . . . . . . . . 5.2.2 Semantics . . . . . . . . . . . . . . . 5.2.3 Proof system and completeness . . . 5.3 Duration calculus of weakly monotonic time

Conclusion Acknowledgements References

Report No. 139, May 1998

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

. . . . . . . . .

26 26 26 27 28 28 28 28 29

30 30 31

UNU/IIST, P.O. Box 3058, Macau

Contents

1

Introduction Duration Calculus (DC) was introduced by Zhou, Hoare and Ravn in [ZHR91] as a logical tool for reasoning about the properties of real-time hybrid systems. It is a rst-order system that is interpreted on the set of reals and the set of nite real-time intervals as its formal model of time- ow. The language of duration calculus enables the expression of real-time systems' properties in terms of time intervals and their lengths, states that systems may have in certain sets of time instants, and the durations of these states. Duration calculus can be viewed as an extension of rst-order Interval Logic (IL) [Dut95], where interval logic temporal variables, that are functions on the set of intervals, have the special form of being the durations of states occupied by modelled systems within the given intervals. States are required to change at most nitely many times within nite intervals. Interval logic itself is a rst order modal logic with one binary modal operator ;, known as chop, and temporal variables. Worlds in the Kripke semantics of interval logic are intervals of time points. The interpretation of chop formulas is as follows: [1 ; 2 ] j= ('; ) i (9 2 [1 ; 2 ]) [1 ; ] j= '; [; 2 ] j= : Temporal variables are individual constants, whose values depend on possible worlds, i.e. they are functions on intervals. Duration calculus state variables are propositions with their truth values de ned on time points, and not onR intervals. Given such a proposition S , a temporal variable in duration calculus has the form S , where S is regarded as a function that takes the values 0 and 1, and the interval R S takes R of integration is the possible world, where the evaluation of place. Informally, S represents the sum of the lengths of those partsR of an interval within which a modeled system satis es some boolean condition. In particular, 1 will always evaluate to the length of this interval. Propositional systems with chop have been studied earlier by Venema [Ven91]. This chop operator, the temporal variables and the state variables of duration calculus, and the power of rst order language have proved t to express a wide range of properties of real time hybrid systems and bring the study of the correctness of their design to a rigorous formal level. Many extensions of durations calculus have been designed to meet the needs of a variety of applications [ZCC93]. The semantics of interval logic has been de ned for an abstract class of frames. The axiomatic system for interval logic contains a rst order theory for the domain of duration values, that can be altered to axiomatize dierent classes of interval logic frames, more or less close to classical ones, as the frame with real time, and that with discrete (integer) time. Unlike it, duration calculus has been studied primarily with respect to the 'standard' frame based on the real numbers and the one based on the natural numbers as models of time ow. Expressiveness, completeness, decidability, extensions and automation of theorem-proving have been studied for duration calculus mostly with respect to these two frames, for their importance with respect to applications. Establishing completeness of duration calculus with respect of these frames encounters some natural obstacles, that originate from two main sources. One is the impossibility to recursively axiomatize a complete and categorical duration calculus theory either of real or of natural numbers. The other is the impossibility to express the requirement for states to change at most Report No. 139, May 1998


Contents

2

nitely many times in nite intervals in duration calculus. Both facts can be demonstrated by simple compactness arguments. That is why the completeness of duration calculus with respect to real time has been proved relative to the set of all interval logic formulas that are valid on its real-time model taken as axioms. This set is in nite and undecidable, thus rendering the notion of valid proof in duration calculus undecidable too. Besides, in the lack of compactness, the completeness theorem does not establish the relation between consistency and satis ability for theories, but just for individual formulas. In this paper we introduce abstract semantics for duration calculus that captures the property of nite variability of states, yet, following the example of in interval logic, accounts only of an arbitrary xed set of rst-order de nable properties of durations. We provide a proof system for this semantics, that contains an !-rule to cope with nite variability. We prove the completeness of this proof system by showing that consistency of theories with respect to it implies their satis ability. We show that the expressiveness of duration calculus state expressions can be achieved in a proof system for interval logic that is extended with our !-rule by introducing appropriate counterparts for them. Next, we apply this general result to derive complete proof systems for some application-oriented extensions of interval logic. In 1997 Pandya and Dang [PD97] introduced the duration calculus of weakly monotonic time as an extension of duration calculus to reason about properties of systems that incorporate 'slow' processes, such as physical ones, that consume real 'macro-time' and 'fast' processes, such as computations, that consume discrete 'micro-time' and no 'macro-time'. In 1998 Schneider and Xu [SX98] applied this calculus to formalize the semantics of the hardware speci cation language Verilog[IEEE95]. In March 1998, Zhou Chaochen proposed to generalize this system to allow arbitrary durations of both microand macro-time intervals. This led to the introduction of two-dimensional duration calculus and two-dimensional interval logic. Our axiomatization of nite variability for duration calculus proved particularly useful in nding the complete proof systems that we give for these logics, and we give the axioms that describe the discrete time intervals as needed for the applications of duration calculus of weakly monotonic time. The contents of this paper is organized as follows: Section 1 gives a formal introduction to interval logic and states Dutertre's completeness theorem. In section 2 we introduce the nite covering property for interval logic sentences as our tool to treat nite variability. We introduce our axioms and !-rule for sentences that have this property and prove the completeness of the extension of the proof system for interval logic thus obtained. The completeness proof follows closely Dutertre's example [Dut95], focusing on technicalities that appear due to the new rule. In section 3 we introduce the abstract semantics for duration calculus. We give the appropriate axioms about states and their durations and prove the completeness of the system. In section 4 we show that duration calculus state expressions and their durations can be modelled by appropriate sentences and temporal variables in interval logic. We give axioms for these counterparts and prove that they satisfy the properties of state durations that are expressed in the proof system for duration calculus found in [HZ92]. In section 5 we formally introduce twodimensional interval logic and two-dimensional duration calculus, which have duration calculus of weakly monotonic time as their special case. We give complete proof systems for these calculi too, and propose axioms that are sucient in order to gain the discrete micro-time expressivity inherent to duration calculus of weakly monotonic time as introduced by [PD97]. Report No. 139, May 1998


Preliminaries: interval logic on temporal domains

3

1 Preliminaries: interval logic on temporal domains 1.1 Syntax of interval logic The language of interval logic contains a set of propositional temporal letters PLetter, a set of temporal variables TV ar, a set of global variables GV ar, a set of relation symbols RSymb, and a set of function symbols FSymb. These sets are countably in nite. Interval logic terms are de ned as follows: Global variables and temporal variables are terms. If f 2 FSymb and f is n-place, and t1 ,. . . ,tn are terms, then f (t1 ; : : : ; tn) is a term too. Interval logic atomic formulas are of the kinds P and R(t1 ; : : : ; tn ), where P 2 PLetter and R 2 RSymb is n-place. IL formulas are de ned as follows: Atomic formulas are formulas. If ' is a formulas, then :' is a formula too. If ' and are formulas, then ' ^ and ('; ) are formulas too. If ' is a formula and x 2 GV ar, then 9x' is a formula too. Formulas and terms that contain no occurrences of temporal propositional letters and temporal variables are called rigid. The language of interval logic contains the length temporal variable l, the constant (0-place function symbol) 0, the 2-place function symbol + and the 2-place relation symbol =. The logical constants ? and >, the connectives _, ) and , and the 8 quanti er are introduced as abbreviations in the usual way.

1.2 Semantics of interval logic De nition 1 A time domain is a linearly ordered set hT; i. De nition 2 Given a time domain hT; i, we de ne the set of intervals I(T ) = f[t1 ; t2 ] : t1; t2 2 T; t1 t2g, where [t1 ; t2 ] = ft 2 T : t1 t t2 g. De nition 3 A duration domain is a system of the type hD; +(2) ; 0(0) i, that satis es the following axioms (D1) (D2) (D3) (D4) (D5)

x + (y + z) = (x + y) + z x+0 =0+x=x x + y = x + z ) y = z; x + z = y + z ) x = y x+y =0 )x =y =0 (9z )x + z = y _ y + z = x; (9z )z + x = y _ z + y = x

Remark: The rest of the proof system for interval logic is in a great extent independent from the exact choice of theory for the duration domain. In particular, a richer theory can be used to express more properties of durations, if appropriate for applications.

De nition 4 Given a time domain hT; i, and a duration domain hD; +; 0i, m : I(T ) ! D is

a measure if



Preliminaries: interval logic on temporal domains (M 1) (M 2) (M 3)

4

m([1 ; 2 ]) = m([1 ; 20 ]) ) 2 = 20 m([1 ; ]) + m([; 2 ]) = m([1 ; 2 ]) m([1 ; 2 ]) = x + y ) (9 )m([1 ; ]) = x.

De nition 5 We call m : I(T ) ! D a weak measure if it satis es M 2 and M 3, but possibly

not M 1.

Weak measures only appear in the semantics of interval logic extensions.

De nition 6 An interval logic frame is a tuple of the kind hhT; i; hD; +; 0i; mi, where hT; i is a time domain, hD; +; 0i is a duration domain, and m : I(T ) ! D is a measure. De nition 7 An interval logic model is a tuple of the kind hhT; i; hD; +; 0i; m; I i, where hhT; i; hD; +; 0i; mi is an interval logic frame, and I is an interpretation of the symbols of interval logic language that satis es the following conditions: I (P ) : I(T ) ! f0; 1g for every P 2 PLetter. I (t) : I(T ) ! D for every t 2 TV ar, I (R) : Dn ! f0; 1g for every n-place R 2 RSymb and I (f ) : Dn ! D for every n-place f 2 FSymb. Besides I (0) = 0, I (+) = +, I (=) is =, and

I (l) = m.

De nition 8 Let I and J be interpretations of interval logic language symbols as de ned above.

I x-agrees with J for a given global variable x if I and J assign the same values to all symbols, but possibly x.

De nition 9 Given an interval logic model hF; I i, where F = hhT; i; hD; +; 0i; mi is the corresponding frame, and an interval [1 ; 2 ] 2 I(T ), the value I (t) for an interval logic term t is de ned by induction on the construction of t as follows:

2

1

I (x) = I (x) for x 2 GV ar I (v) = I (v)([1 ; 2 ]) for v 2 TV ar I (f (t1 ; : : : ; tn)) = I (f )(I (t1 ); : : : ; I (tn)) for an n-place f 2 FSymb 2

1

2

1

2

2

2

1

1

1

The relation hF; I i; [1 ; 2 ] j= ' for an IL formula ' is de ned by induction on the construction of ' as follows:

hF; I i; [1 ; 2 ] j= P i I (P )([1 ; 2]) = 1 for P 2 PLetter hF; I i; [1 ; 2 ] j= R(t1; : : : ; tn) for and n-place R 2 RSymb i I (R)(I (t1 ); : : : ; I (tn)) = 1 hF; I i; [1 ; 2 ] j= :' i hF; I i; [1 ; 2 ] 6j= ' hF; I i; [1 ; 2 ] j= ' ^ i hF; I i; [1 ; 2 ] j= ' and hF; I i; [1 ; 2] j= hF; I i; [1 ; 2 ] j= ('; ) i hF; I i; [1 ; ] j= ' and hF; I i; [; 2 ] j= for some 2 [1 ; 2] 2

2

1

1

hF; I i; [1 ; 2 ] j= 9x' i there exists an interpretation J that x-agrees with I and hF; J i; [1 ; 2] j= '



Interval logic and nite variability

5

1.3 Proof system for interval logic Here follows a deduction system for interval logic, that has been proposed in [Dut95]. (A1l ) (A1r ) (A2) (Rl ) (Rr ) (Bl ) (Br ) (L1l ) (L1r ) (L2) (L3l ) (L3r )

('; ) ^ :(; ) ) (' ^ :; ) ('; ) ^ :('; ) ) ('; ^ :) (('; ); ) , ('; ( ; )) ('; ) ) ' if ' is rigid ('; ) ) if is rigid (9x'; ) ) 9x('; ) if x is not free in ('; 9x ) ) 9x('; ) if x is not free in ' (l = x; ') ) :(l = x; :') ('; l = x) ) :(:'; l = x) l = x + y , (l = x; l = y) ' ) (l = 0; ') ' ) ('; l = 0)

'') (MP ) ' (G) 8x' ' (Nl ) :(:'; ) ' (Nr ) :( ; :') ') (Monol ) ('; ) ) ( ; ) ') (Monor ) (; ') ) (; )

The proof system also includes the axioms for duration domains, rst order axioms and identity axioms. The following restriction applies for substitution axioms: (Q1) ;.

8x' ) [t=x]' if t is free for x in ' and either t is rigid or ' contains no occurrences of

Theorem 10 (Dutertre, 1995) A set of IL formulas ? is satis able on an interval logic model i it is consistent with respect to the above proof system.

In the sequel we shall use the following abbreviations 2' * ) ((>; '); >). ) :((>; :'); >), 3' *

2 Interval logic and nite variability In this section we introduce the nite covering property for interval logic sentences and propose a complete proof system for interval logic with the nite covering property. The completeness proof closely follows [Dut95]. Technical results and their proofs that are the same or dier insigni cantly from those in [Dut95] are marked appropriately and included just for the sake of self-containedness. The proof is divided into two parts, the rst dealing with the properties of interval logic maximal theories and their properties that are relevant to their role of possible worlds (subsection 2.2), and the second being the construction of a canonical model for the extension of interval logic in focus (subsection 2.3).

De nition 11 Let be an IL formula, and let hF; I i be an interval logic model, where F = hhT; i; hD; +; 0i; mi is the corresponding frame. is said to have the nite covering property (fcp) on hF; I i if for every [1 ; 2 ] 2 I(T ) such that 1 6= 2 hF; I i; [1 ; 2 ] j= ) 2 and Report No. 139, May 1998



6

there exist 10 ; : : : ; n0 2 T , such that 1 = 10 < : : : < n0 = 2 and for all i = 1; : : : ; n ? 1 hF; I i; [i0 ; i0+1 ] j= 2 . is said to have the nite covering property on a class of frames K if it has the property on every model that belongs to K. The main result of this section is the axiomatization of the nite covering property in interval logic.

2.1 Axioms and an !-rule about the nite covering property De nition 12 Let be an IL formula. We de ne the sequence of formulas f k gk
0 * ) ( k ; 2 ). ) l = 0, k+1 *

Proposition 13 Let have the fcp on hF; I i. Then for every [1 ; 2] 2 I(T ) there exists k0 < ! such that hF; I i; [1 ; 2 ] j= 2 k for all k k0 . Proof: Let 10 ; : : : ; n0 be such that 1 = 10 < : : : < n0 = 2 and for all i = 1; : : : ; n ? 1 hF; I i; [i0 ; i0+1 ] j= 2 . Then hF; I i; [1 ; 2 ] j= 2 k for all k n. a Corollary 14 Let have the fcp on hF; I i. Then for every [1; 2 ] 2 I(T ) there exists k0 < ! such that hF; I i; [1 ; 2 ] j= 2( k , >) for every natural k k0 . Lemma 15 For every k < ! ÌL 2( ) 2 ) ) k ) (:(: k ; >) ^ :(>; : k )). In particular ÌL 2( ) 2 ) ) k ) 2 k . Lemma 16 Let hF; I i; [1 ; 2] j= 2(' , ). Let be an IL formula that possibly contains the propositional temporal letter P . Then hF; I i; [1 ; 2 ] j= 2(['=P ] , [ =P ]). Proof: Induction on the construction of . a Let be an IL formula that possibly contains the propositional temporal letter P . Consider the following !-rule 8k < ! [ k =P ]

[>=P ] (! )

Proposition 17 The rule ! is sound on the class of interval logic models where has the fcp. Proof: Let hF; I i be an interval logic model and let have the nite covering property on hF; I i. Let hF; I i; [1 ; 2 ] j= [ k =P ] for all k < !. There exists a k < ! such that hF; I i; [1 ; 2 ] j= 2( k , >). By Lemma 16 this implies that hF; I i; [1 ; 2] j= 2([ k =P ] , [>=P ]), whence hF; I i; [1 ; 2 ] j= [>=P ]. a




7

2.2 Completeness: interval logic theories that are closed under the !-rule Here we establish some properties maximal interval logic theories that show their tness for describing interval possible worlds in the canonical model to be constructed in section 2.3. The most important results of this section are the Lindenbaum lemma (Theorem 24) for theories that are closed under our in nitary rule, the reduction of consistency to nite consistency for sets of formulas that contain chop-powers of the formulas with the nite covering property (Corollary 29), and Theorem 34, which shows that, given a maximal theory of some interval, and a chopformula that holds in it, appropriate theories for subintervals to satisfy the operands of this formula can be found. For the rest of this section we x a set of formulas and consider only interval logic models on which has the nite covering property for every 2 .

De nition 18 A set ? of IL formulas is a theory, if it contains all interval logic theorems,

) 2 for all 2 , and is closed under MP and ! , 2 . De nition 19 A theory ? is consistent, if ? 62 ?. A set of IL formulas ? is consistent, if ? is a subset of some consistent theory. A theory (a set of IL formulas) is inconsistent if it is not consistent.

De nition 20 A theory ? is maximal, if ? is consistent and ? is not a proper subset of any consistent theory.

De nition 21 A theory ? is a Henkin theory, if 9x' 2 ? implies [c=x]' 2 ? for some constant symbol c.

De nition 22 Let ? be a set of IL formulas. We denote the set f' : ? ` 'g by Cn(?), where ` stands for derivability involving the rules MP and ! , 2 . We denote the set f : ' ) 2 ?g by ? + '. Lemma 23 Let ? be a theory. Then ? + ' = Cn(? [ f'g). Proof: ? + ' Cn(? [ f'g), because Cn(? [ f'g) is closed under MP . We prove the inverse inclusion ? + ' Cn(? [ f'g) by induction on the inference of a formula from ? [ f'g, using MP and ! , 2 . For 2 ? [ f'g we use that ) (' ) ) 2 ?, because it is a tautology, whence, by MP , ' ) 2 ?, and nally 2 ? + '. For obtained by MP from ) ; 2 Cn(? [ f'g), we have 2 ? + ', because we have ' ) ( ) ); ' ) 2 ?, (' ) ( ) )) ) ((' ) ) ) (' ) )) 2 ? (a tautology), and hence, since ? is closed under MP , ' ) 2 ?. This implies 2 ? + '. For [>=P ] 2 Cn(? [ f'g) obtained by ! for some

2 from [ k =P ] 2 ? + ', k < !, we have ' ) [ k =P ] 2 ?, whence ' ) [ k =P ] 2 ?. Since ? is closed under ! , this implies ' ) [>=P ] 2 ?, whence ' ) [>=P ] 2 ?. Hence [>=P ] 2 ? + '. This completes the proof of ? + ' Cn(? [ f'g). a Report No. 139, May 1998



8

For the rest of the paper we x a countable language L for interval logic, and a countable set C of constant symbols (0-place function symbols) that do not occur in L. We denote the language for interval logic that has the symbols of L plus those from C by L(C ). Note that L(C ) is countable too.

Theorem 24 Let ?0 L be consistent. Then there exists a maximal Henkin theory ? in L(C ) that contains ?0 .

Proof: We may assume that ?0 is a theory. Let L(C ) = f'k : k < !g. Let = f k : k < !g. Let 1 ; 2 : ! ! ! be such that for every k1 ; k2 < ! there exists a k such that 1 (k) = k1 and 2 (k) = k2 . Consider the sequence ?0 ?1 : : : ?k : : : that is de ned as follows: ?0 is as in the theorem. Having de ned ?k , let k1 = 1 (k) and k2 = 2 (k) and let us consider the following cases in order to de ne ?k+1 : 1. ?k + 'k is inconsistent. Then ?k+1 = ?k . 1

2. ?k + 'k is consistent. 1

2a. 'k =: 9x for some global variable x and some other formula . We choose a c 2 C that occurs in no formula from ?0 [ f' (n) : n < kg, and we put ?k+1 = ?k + 'k + [c=x] . 1

1

1

2b. 'k =: :[>=P ] for some that contains occurrences of the temporal propositional variable P . The above equality may hold for at most 2m ? 1 distinct formulas , where m is the number of the occurrences of > in 'k . Let these be 1 ,. . . ,p . Then ?k +'k +:[ kn =P ]1 +: : :+ :[ knp =P ]p is consistent for some n1; : : : ; np < !. Otherwise we would have [ ki =P ]q 2 ?k +'k for some q p and all i < !, whence, by ! k , [>=P ]p 2 ?k + 'k , and this would contradict the consistency of ?k + 'k . We x an nq with the above property for every q = 1; : : : ; p, and put ?k+1 = ?k + 'k + :[ kn =P ]1 + : : : + :[ knp =P ]p . 1

1

1

1

2

2

2

2

1

1

1

1

1

2

2

2c. 'k is of none of the above kinds. Then ?k+1 = ?k + 'k . 1

1

S

By Lemma 23 ?k is consistent for every k < !. We shall prove that ? = ?k is a maximal k=P ] 62 ?. Let [>=P ] 62 ? = 'k for some k1 < !. Let k be such that 1 (k) = k:1 and 2 (k) = k2 . Then [>=P ] 62 ?k+1 ?. Hence ?k + [>=P ] is inconsistent. Let :[>=P ] = 'k0 . Let k0 be such that 1 (k0 ) = k10 and 2 (k0 ) = k2 . Then ?k0 + :[>=P ] is consistent, for otherwise, ?max(k;k0 ) + ('k _ 'k0 ) would be inconsistent, and 'k _ 'k0 is a tautology. However, according to case 2b, then :[ n =P ] 2 ?k0 +1 for some n < !, and this contradicts our assumption. 2

2

1

1

1

1

1

1

? 62 ?, because ? 62 ?k for: all k < !. Hence ? is consistent. Assume ?0 ? is consistent too, and ' 2 ?0 n ?. Then, if ' = 'k , choosing a k such that (k) = k1 will entail ' 62 ?k+1 , whence ' is not consistent with ?k ? ?0 , and this is a contradiction. Hence ? is maximal. 1




9

The construction of ?k+1 in case 2a ensures that ? is a Henkin theory too. a

Remark: The following technical results can also be proved for the case of an arbitrary set

of formulas with respect to which the rule ! is admitted. We do this just for the sake of simplicity.

Lemma 25 Let ? be a maximal theory in L(C ) that is closed under ! . Then k 2 ? for some k < !.

Proof: Consider the formula * ) :P . We have ` :[>=P ], because :[>=P ] =: ::>. Since ? is consistent and closed under ! , [ k =P ] 62 ?: for some k < !. Then for this k we have :[ k =P ] 2 ?, whence k 2 ?, because :[ k =P ] = :: k , and ? is maximal. a De nition 26 Let ? L(C ). We denote the set f'1 ^ : : : ^ 'n : n < !; '1 ; : : : ; 'n 2 ?g by ?^. De nition 27 Let ?1; ?2 L(C ). We denote the set f('; ) : ' 2 ?1; 2 ?2g by ?1; ?2 . Lemma 28 Let ? L(C ). If ? is closed under MP and k 2 ?, then ? is closed under ! i ? is closed under the nitary rule

(!k )

8i k [ i =P ] [>=P ]

Proof: Obviously,! if ? is closed under !k , then ? is closed under ! . For the converse, let * ) V [ i=P ] ) . Then [ i =P ] is a tautology for i k. Besides, since for k0 k ik

[ i =P ] 2 ? for all i < !. , k ) 2 ?, by Lemma 16 2([ k =P ] , [ k0 =P ] ) 2 ?, whence

Hence, by ! , [>=P ] 2 ?. This implies that ? is closed under !k . a

2( k0

Corollary 29 Let ? L(C ) be inconsistent and contain k . Then there exists a nite ?0 ?, which is inconsistent too.

Proof: Induction on the inference of ? from ? by MP and ! . We replace every application of ! with an application on !k to obtain a proof of ? from nitely many premisses in ?. a Lemma 30 Let ? be a maximal theory. Let ?1; ?2 =6 ;, ?^1 ; ?^2 ?. Then ?1 and ?2 are consistent and Cn(?1); Cn(?2 ) ?. Proof: By Lemma 25 k 2 ? for some k < !. Then ?1 [ f k g is consistent. Assume the contrary, then by Corollary 29 ÌL :('1 ^ : : : ^ 'n ^ k ) for some '1 ; : : : ; 'n 2 ?1 . Hence, by Nl , ÌL :('1 ^ : : : ^ 'n ^ k ; ) for any 2 ?2. Since :(: k ; >) 2 ?, hence :('1 ^ : : : ^ 'n; ) 2 ?. This contradicts ?^1 ; ?^2 ?. Hence ?1 [ f k g and, consequently, ?1 are consistent. A similar argument establishes the consistency of ?2 [ f k g and ?2 . Report No. 139, May 1998



10

Now let ' 2 Cn(?1 ) and 2 Cn(?2 ). Then ' 2 Cn(?1 [ f k g) and 2 Cn(?2 [ f k g) too. By Corollary 29, ÌL '1 ^ : : : ^ 'n ^ k ) ' and ÌL 1 ^ : : : ^ m ^ k ) , where '1 ; : : : ; 'n 2 ?1 , 1 ; : : : ; m 2 ?2 . By Monol and Monor , ÌL ('1 ^ : : : ^ 'n ^ k ; 1 ^ : : : ^ m ^ k ) ) ('; ). We have ('1 ^ : : : ^ 'n ; 1 ^ : : : ^ m ) 2 ?, because ?^1 ; ?^2 ?. Hence, since ? is a theory, and :(: k ; >); :(>; : k ) 2 ?, we obtain ('1 ^ : : : ^ 'n ^ k ; 1 ^ : : : ^ m ^ k ) 2 ? by A1l and A1r . This implies ('; ) 2 ?. Hence Cn(?1 ); Cn(?2 ) ?. a Following [Dut95], we introduce the functions 1 and 2 on pairs of sets of IL formulas as follows

1 (?; ) = f : :('; : ) 2 ?; ' 2 )g

2 (?; ) = f' : :(:'; ) 2 ?; 2 )g

Lemma 31 Let 0; 00 L(C ), 0 6= ; and let ? be a maximal theory. Then 1 (?; 0) [ 00 is inconsistent i there exists a nite 0 1 (?; 0 ) [ 00 that is inconsistent. The same holds for 2 (?; 0 ) [ 00. Proof: We have that k 2 ? for some k < ! by Lemma 25. Hence, by Lemma 15, :('; : k ) 2 ? for every formula '. Hence k 2 1 (?; 0 ). Now the lemma follows from Corollary 29. The proof about 2 (?; 0 ) [ 00 is similar. a Lemma 32 Let ? be a maximal theory in L(C ), and ?1 ; ?2 L(C ) be such that ?^1 ; ?^2 ?. Let ?01 = ?1 [ 2 (?; ?2 ) and ?02 = ?2 [ 1 (?; ?1 ). Then (?01 )^ ; ?^2 ? and ?^1 ; (?02 )^ ?. Proof: ([Dut95]) Let '1 ; : : : ; 'n 2 ?01 , 1; : : : ; l 2 ?2. If '1 ; : : : ; 'n 2 ?1, then ('1 ^ : : : ^ 'n ; 1 ^ : : : ^ n ) 2 ? by assumption. Let '1 ; : : : ; 'm 2 2 (?; ?2 ), m n. Then there exist 1 ; : : : ; m 2 ?2 such that :(:'i ; i) 2 ? for i = 1; : : : ; m. Let * ) 1 ^ : : : l ^ 1 ^ : : : ^ m . Then ) i is a tautology and hence, by Monor , ÌL (:'i ; ) ) (:'i ; i ), whence ÌL :(:'i; i ) ) :(:'i; ) for every i = 1; : : : ; m. Since ? is maximal consistent, and hence closed under MP , :(:'i ; ) 2 ? for every i = 1; : : : ; m. If m < n, let ' * ) 'm+1 ^ : : : ^ 'n . Otherwise, let ' be an arbitrary element of ?1 . Since ' 2 ?^1 and 2 ?^2 , ('; ) 2 ?. Now, using that ÌL ('; ) ^ :(:'1 ; ) ^ : : : ^ :(:'m; ) ) ('^'1 ^: : : ^'m ; ), we obtain that ('^'1 ^: : : ^'m ; ) 2 ?. Hence ('1 ^: : : ^'n ; 1 ^: : : l ) 2 ?.

a Corollary 33 Let ? be a maximal theory in L(C ), and ?1; ?2 L(C ) be such that ?^1 ; ?^2 ?. Let ?01 = ?1 [2 (?; ?2 ) and ?02 = ?2 [1 (?; ?1 ). Then Cn(?01 ); Cn(?2 ) ? and Cn(?1 ); Cn(?02 ) ?.

Proof: Apply Lemma 30. a Theorem 34 Let ? be a maximal theory in L(C ). Let ?1 ; ?2 L(C ) and ?^1 ; ?^2 ?. Then there exist two maximal theories ?1 ?1 and ?2 ?2 such that ?1 ; ?2 ?.




11

Proof: ([Dut95]) Consider the sequences ?n1 , ?n2 , n < !, that are de ned as follows: ?01 = Cn(?1 ), ?02 = Cn(?2 ), ?22k+1 = Cn(?22k [ 1 (?; ?21k )), ?21k+2 = Cn(?21k+1 [ 2 (?; ?22k+1 )), ?22k+2 = ?22k+1 .

S

?n1 , By Lemma 30, ?01 ; ?02 ?. By induction and Lemma 32 ?n1 ; ?n2 ?. Let ?!1 = n
Lemma 35 Let ?1 , ?2 and ? be maximal theories in L(C ). Let l = c1 2 ?1 and l = c2 2 ?2 for some c1 ; c2 2 C . Let ?1 ; ?2 ?. Then if ' is a rigid formula, ' 2 ? i ' 2 ?1 i ' 2 ?2 . Proof: ([Dut95]) Let ' 2 ?. Then, since :' is also rigid, ÌL (:'; l = c2 ) ) :' by Rl . Assume that ' 62 ?1 . Then :' 2 ?1 , whence (:'; l = c2 ) 2 ? and :' 2 ?, which is a contradiction. Hence ' 2 ?1 . Similarly ' 2 ?2 . a Proposition 36 Let ? be a maximal theory in L(C ). Let (l = c; >) 2 ? for some c 2 C . Then 1 = f' : (l = c; ') 2 ?g is a maximal theory too. Similarly, if (>; l = c) 2 ?, then 2 = f' : ('; l = c) 2 ?g is a maximal theory. Proof: Consider the following deduction: (l = c; ) ) :(l = c; : ) L1l (l = c; ) ^ :(l = c; : ) ) (l = c; ^ :: ) A1r (l = c; ) ^ (l = c; ) ) (l = c; ^ ) It shows that ÌL (l = c; ) ^ (l = c; ) ) (l = c; ^ ) for any formulas ; . Hence, given '1 ; : : : ; 'n 2 1 , i.e. (l = c; '1 ); : : : ; (l = c; 'n ) 2 ?, we may conclude that (l = c; '1 ^ : : : ^ 'n ) 2 ?, whence '1 ^ : : : ^ 'n 2 1 . This implies that fl = cg; ^1 ? and, by Lemma 30, 1 is consistent. Now we shall prove that for any formula ' either ' 2 1 , or :' 2 1 . This will imply that 1 is maximal. Consider the following deduction (l = c; >) ^ :(l = c; :') ) (l = c; > ^ ::') A1r (l = c; >) ) (l = c; ') _ (l = c; :')




12

It shows that for any ' (l = c; ') _ (l = c; :') 2 ?, because (l = c; >) 2 ?. Since ? is maximal, then either (l = c; ') 2 ?, or (l = c; :') 2 ?. Hence either ' 2 1 or :' 2 1 . The argument about 2 is similar. a

Corollary 37 Let ?, 0 and 00 be maximal theories in L(C ) and let fl = cg; 0 ; fl = cg; 00 ? for some c 2 C . Then 0 = 00 . Similarly, if 0 ; fl = cg; 00 ; fl = cg ?, then 0 = 00 . Proof: We have 0; 00 f' : (l = c; ') 2 ?g, an this is a maximal theory by Proposition 36. Since 0 and 00 are maximal too, this implies that 0 = 00 = f' : (l = c; ') 2 ?g. The other case is proved symmetrically. a

2.3 Completeness: construction of the canonical model In this section we conclude the proof of the completeness of our extension of the proof system for interval logic for the class of interval logic models that the formulas from have the nite covering property on. We do this by constructing a canonical model starting from an arbitrary xed maximal Henkin interval logic theory. This theory is satis ed at a root interval in the model, which contains the entire time domain of the model. Appropriate maximal theories are used to construct the subintervals of the root interval, and their properties are established below. The time domain of the canonical model consists of the pairs of intervals that are partititions of the root interval of the model as its time-points. Finally, the measure function of the model is de ned using that a pair of time-point partititions determine the theory of the middle component of a new three-subinterval partitition of the root interval. This component is a subinterval of the root interval, which has the two time-point partititions as its ends. The constant that is equal to the l variable in the theory of this middle subinterval is used to de ne the value of the measure of the subinterval. Let us x a maximal Henkin theory ?0 in L(C ).

De nition 38 We de ne the set as follows: = f' 2 ?0 : ' is rigidg. De nition 39 We de ne the relation on rigid terms from L(C ) by putting t1 t2 i t1 = t2 2 . Since ?0 is a maximal theory, contains either ' or :' for every rigid ', and is closed under MP too. Hence it contains all the instances of the rst order axioms for =. This implies that is an equivalence relation.

De nition 40 We de ne the set W , the relation R W W W , and the sets T and D as follows:




13

W = f? : ? is a maximal theory and ? for all 2 g R(1 ; 2 ; ?) i 1; 2 ?. T = fh1 ; 2 i : 1 ; 2 2 W; 1 ; 2 ?0 g, D = f[c] : c 2 C g.

Lemma 41 Let ; 1; 2 2 W . Let ?1 and ?2 be maximal theories in L(C ). Then 1 (; 1) ?2 implies ?2 2 W and R(1 ; ?2 ; ), and 2 (; 2 ) ?1 implies ?1 2 W and R(?1 ; 2 ; ). Proof: ([Dut95]) Let 1 (; 1) ?. Let ' 2 1, 2 ?2 . If :('; ) 2 , then : 2 ?2 by the de nition of 1 , and this is a contradiction. Hence 1 ; ?2 , i.e. R(1 ; ?2 ; ). Hence, by Lemma 35, ?2 2 W . The proof about ?1 is similar. a Proposition 42 Let ; 1; 2 ; 3 2 W . Then if there exists a 0 2 W such that R(1; 2 ; 0) and R(0 ; 3 ; ), then there exists a 00 2 W such that R(1 ; 00 ; ) and R(2 ; 3 ; 00 ), and vice-versa.

Proof: ([Dut95]) Assume that R(1 ; 2; 0 ) and R(0; 3 ; ) for some 0 2 W , i.e. 1; 2 0 and 0 ; 3 . There exist c1 ; c2 ; c3 2 C such that l = c1 2 1 , l = c2 2 2 and l = c3 2 3 . Let A = f(l = c2 ; l = c3 )g [ 1 (; 1 ). If A is consistent, then by Theorem 24 there exists a maximal theory 00 A and, by Lemma 41, 00 2 W and R(1 ; 00 ; ). Then, if 2 2 2 and 3 2 3 , we have (l = c1 ; 2 ) 2 0 and ((l = c1 ; 2); 3 ) 2 . Hence, by axiom A2, (l = c1 ; (2 ; 3 )) 2 , whence by axiom L2l :(l = c1 ; :(2 ; 3 )) 2 . Then ::(2; 3 ) 2 1 (; 1 ), whence (1; 2 ) 2 00 . This shows that 2 ; 3 00, i.e. R(2 ; 3 ; 00 ). Now we only need to prove that A is consistent. Let '1 ; : : : ; 'n 2 1 (; 1 ). Then :( i ; 'i ) 2 for i = 1; : : : ; n and some 1 ; : : : ; n 2 1 . Let * ) 1 ^ : : : ^ n . Clearly, 2 1 , and for all i = 1; : : : ; n :( ; :'i ) 2 . Now, since 1 ; 2 0 and 0; 3 , we have ( ; l = c2 ) 2 0 and (( ; l = c2 ); l = c3 ) 2 . Then, by A2, ( ; (l = c2 ; l = c3 )) 2 . Applying A1r several times we get ÌL ( ; (l = c2 ; l = c3 )) ^:( ; :'1 ) ^ : : : ^:( ; :'n ) ) ( ; (l = b2 ; l = b3 ) ^ '1 ^ : : : ^ 'n ). Hence ( ; (l = b2 ; l = b3 ) ^ '1 ^ : : : ^ 'n ) 2 . This shows that for any '1 ; : : : ; 'n 2 1 (; 1 ) there is a 2 1 such that ( ; (l = b2 ; l = b3 ) ^ '1 ^ : : : ^ 'n ) 2 . Hence 6ÌL :((l = b2 ; l = b3 ) ^ '1 ^ : : : ^ 'n ), because otherwise Nr would give ÌL :( ; ((l = b2; l = b3 ) ^ '1 ^ : : : ^ 'n )), which contradicts the consistency of . Hence every nite subset of A is consistent. Since is a maximal theory, now Lemma 31 entails that A is consistent. The other part of the equivalence is proved similarly. a

Proposition 43 Let 2 W . Then there exist 1; 2 2 W such that l = 0 2 1; 2 and R(1 ; ; ) and R(; 2 ; ).

Proof: ([Dut95]) Similar to the proof of Proposition 42. We prove just the existence of 1 . Let A = fl = 0g [ 2 (; 1 ). Let us prove that A is consistent. Let '; : : : ; 'n 2 2 (; ). Then there exist 1 ; : : : ; n 2 such that :(:'i ; i ) 2 for i = 1; : : : ; n. Let * ) 1 ^ : : : ^ n. Then 2 and :(:'i ; ) 2 . By L3l (l = 0; ) 2 too, and, like in the proof of Proposition Report No. 139, May 1998



14

42, (l = 0 ^ '1 ^ : : : ^ 'n ; ) 2 , whence 6ÌL :(l = 0 ^ '1 ^ : : : ^ 'n ). This shows that every nite subset of A is consistent. Hence, by Lemma 31, A is consistent. So, by Theorem 24, there exists a maximal theory 1 A. We have l = 0 2 1 , and, by Lemma 41, 1 2 W and 1 ; . a

De nition 44 We de ne the relation on T as follows: h1 ; 2i h01; 02 i if 9c1; c2 2 C l = c1 2 1 ; l = c1 + c2 2 01 : Proposition 45 The relation is a total order on T . Proof: ([Dut95]) Let h1; 2 i; h01 ; 02 i 2 T . The de nition of implies that h1 ; 2 i h01 ; 02i i there exist c; c0 2 C such that l = c 2 1, l = c0 2 01 and 9z(c + z = c0 ). Now, using D1 ? D5, it is easy to establish that that is a total order. a Proposition 46 Let h1 ; 2 i; h01 ; 02i 2 T and h1 ; 2i h01; 02 i. Then there exists a unique 2 W such that R(1 ; ; 01 ) and R(; 02 ; 2 ). Proof: ([Dut95]) Let c1 ; c2 ; c01 ; c02 2 C be such that l = c1 2 1, c2 2 2, c01 2 01 and c02 2 02 . Since h1 ; 2 i h01 ; 02 i, there exists a c 2 C such that b1 + c = b01 2 . Hence b1 + c = b01 2 01 . Let A = fl = bg[ 1 (01 ; 1 ) [ 2 (2 ; 02 ). We shall prove that A is consistent. Let '1 ; : : : ; 'n 2 ( 01; 1 ), 1 ; : : : ; m 2 2 (2 ; 02 ). Then there are formulas '01 ; : : : ; '0n 2 1 , 10 ; : : : ; m0 2 02 such that :('0i ; :'i ) 2 01 , i = 1; : : : ; n, and :(: j ; j0 ) 2 2 , j = 1; : : : ; m. Let '0 * ) '01 ^ : : : ^ 0 0 0 0 0 0 0 0 'n and * ) 1 ^ : : : ^ m . We have ' ^ l = c1 2 1 and ^ l = c2 2 2 , because 1 and 02 are maximal theories. Just like in Proposition 42 and Proposition 43, we have :('0 ^ l = c1 ; :'i ) 2 01 for i = 1; : : : ; n and :(: j ; 0 ^ l = c02 ) 2 2 for j = 1; : : : ; m. Since, by the de nition of T , 1 ; 2 ; 01 ; 02 ?0 , we have ('0 ^ l = c1 ; :(: 1 ; 0 ^ l = c02 ) ^ : : : ^:(: m ; 0 ^ l = c02 ) 2 ?0 and (:('0 ^ l = c1 ; :'1 ) ^ : : : ^ :('0 ^ l = c1 ; :'n ); 0 ^ l = c02 ) 2 ?0 . Besides, ÌL = l = c01 ^ c1 + c = c01 ) l = c1 + c and, by L2, ÌL l = c1 + c ) (l = c1 ; l = c), whence (l = c1 ; l = c) 2 01 and ((l = c1 ; l = c); 0 ^ l = c02 ) 2 ?0 and, by A2, (l = c1 ; (l = c; 0 ^ l = c02 )) 2 ?0 . Now, using that ÌL ('0 ^ l = c1 ; :(: 1 ; 0 ^ l = c02 ) ^ : : : ^:(: m ; 0 ^ l = c02 ) ^ (l = c1 ; (l = c; 0 ^ l = c02 )) ) ('0 ^l = c1 ; :(: 1 ; 0 ^l = c02 )^: : :^:(: m; 0 ^l = c02 )^(l = c; 0 ^l = c02 )), we obtain ('0 ^ l = c1 ; :(: 1 ; 0 ^ l = c02 ) ^ : : : ^:(: m; 0 ^ l = c02 ) ^ (l = c; 0 ^ l = c02 )) 2 ?0 . Applying A1l m ? 1 times, we get ÌL :(: 1 ; 0 ^ l = c02 ) ^ : : : ^:(: m ; 0 ^ l = c02 ) ^ (l = c; 0 ^ l = c02 ) ) (l = c^ 1 ^: : :^ m ; 0 ^l = c02 ), whence, by Monor , ('0 ^l = c1 ; (l = c^ 1 ^: : :^ m ; 0 ^l = c02 )) 2 ?0 , and by A2, (('0 ^ l = c1 ; l = c ^ 1 ^ : : : ^ m ); 0 ^ l = c02 ) 2 ?0 . Similarly, using that ÌL (('0 ^ l = c1 ; l = c ^ 1 ^ : : : ^ m ); 0 ^ l = c02 ) ^ (:('0 ^ l = c1 ; :'1 ) ^ : : : ^:('0 ^ l = c1 ; :'n ); 0 ^ l = c02 ) ) (('0 ^ l = c1 ; l = c ^ 1 ^ : : : ^ m ) ^:('0 ^ l = c1 ; :'1 ) ^ : : : ^ :('0 ^ l = c1 ; :'n ); 0 ^ l = c02 ), we obtain (('0 ^ l = c1 ; l = c ^ 1 ^ : : : ^ m ) ^ :('0 ^ l = c1; :'1 ) ^ : : : ^ :('0 ^ l = c1; :'n ); 0 ^ l = c02 ) 2 ?0 . Using A1r n ? 1 times and Report No. 139, May 1998



15

Monol , we get that (('0 ^ l = c1 ; l = c ^ 1 ^ : : : ^ m ^ '1 ^ : : : ^ 'n ); 0 ^ l = c02 ) 2 ?0 . This entails that l = c ^ 1 ^ : : : ^ m ^ '1 ^ : : : ^ 'n is consistent. So, every nite subset of A is consistent. Hence, by Lemma 31, A is consistent, and we can apply Theorem 24 to obtain a maximal theory A. Since 1 (01 ; 1 ); 2 (2 ; 02 ) , 2 W and R(1 ; ; 01 ) and R(; 02 ; 2) by Lemma 41. a

De nition 47 Let I(T ) = f[1 ; 2 ] : 1 ; 2 2 T; 1 2g. We de ne the function : I(T ) ! W as follows: For 1 = h1 ; 2 i and 2 = h01 ; 02 i we put ([1 ; 2 ]) = i R(1 ; ; 01 ) and R(; 02 ; 2). Proposition 46 ensures the correctness of this de nition.

Proposition 48 Let 1; 2 ; 3 2 T , 1 2 3. Then R(([1 ; 2 ]); ([2 ; 3 ]); ([1 ; 3 ])). Proof: ([Dut95]) Let 1 = h1 ; 2i, 2 = h01; 02 i and 3 = h001 ; 002 i. We have R(1; ([1 ; 2 ]);

01 ), R(01 ; ([2 ; 3 ]); 001 ) and R(1 ; ([1 ; 3 ]); 001 ) by the de nition of . This means that 1 ; ([1 ; 2 ]) 01 , 01 ; ([2 ; 3 ]) 001 and 1 ; ([1 ; 3 ]) 001 .

We shall prove that ([1 ; 2 ]); ([2 ; 3 ]) ([1 ; 3 ]). Let ' 2 ([1 ; 2 ]), 2 ([2 ; 3 ]). Let c 2 C be such that l = c 2 1 . Then (l = c; ') 2 01 and ((l = c; '); ) 2 001 . Using A2, we get (l = c; ('; )) 2 001 . By L1l , :(l = b; :('; )) 2 001 . Now, since l = c 2 1 and 1 ; ([1 ; 3 ]) 001 , ('; ) 2 ([1 ; 3 ]). This shows that ([1 ; 2 ]); ([2 ; 3 ]) ([1 ; 3 ]). a

Proposition 49 Let 1; 2 2 T , 1 2. Let ?1; ?2 2 W and R(?1 ; ?2; ([1 ; 2 ])), Then there exists a 2 T such that 1 2 and ?1 = ([1 ; ]), ?2 = ([; 2 ]). Proof: ([Dut95]) Let 1 = h1; 2 i and 2 = h001 ; 002 i. We have 1; 2; 001 ; 002 ?0 by the de nition of T , and 1 ; ([1 ; 2 ]) 001 , ([1 ; 2 ]); 002 2 by the de nition of . Let ?1 ; ?2 2 W be such that R(?1 ; ?2 ; ([1 ; 2 ])), i.e. ?1 ; ?2 ([1 ; 2 ]). By Proposition 42 there exists a 01 2 W such that 1 ; ?1 01 and 01 ; ?2 01 , and a 02 2 W such that ?1 ; 02 2 and ?2 ; 002 02 . We shall prove that = h01 ; 02 i 2 T and 1 2 . By Proposition 46, this will imply that ([1 ; ]) = ?1 and ([; 2 ]) = ?2 .

There exist c1 ; c002 ; d1 ; d3 2 C such that l = c1 2 1 , l = c002 2 002 , l = d2 ?1 and l = d2 2 ?2 . Let ' 2 01 , 2 02 . We have that ('; l = d2 ) 2 001 , (('; l = d2 ); l = c002 ) 2 ?0 , (l = d1 ; ) 2 2 and (l = c1 ; (l = d1 ; )) 2 ?0 . Besides, (l = d1 ; l = d2 ) 2 ([1 ; 2 ]), (l = c1 ; (l = d1 ; l = d2 )) 2 001 , and ((l = c1 ; (l = d1 ; l = d2 )); l = c002 ) 2 ?0 . Now, by A2 and L2, ('; l = d2 + c002 ); (l = c1 + d1 ; ); (l = c1 + d1 ; l = d2 + c002 ) 2 ?0 . Using that ÌL (l = c1 + d1 ; ) ^ ('; l = d2 + c002 ) ^ (l = c1 + d1 ; l = d2 + c002 ) ) (' ^ l = c1 + d1 ; ^ l = d2 + c002 ), we get (' ^ l = c1 + d1 ; ^ l = d2 + c002 ) 2 ?0 . Hence ('; ) 2 ?0 . This shows that 01 ; 02 ?0 , i.e. = h01 ; 02 i 2 T . Since 1 ; ?1 01 , l = c1 +d+1 2 01 , whence 1 . Since 01 ; ?2 001 , l = c1 +(d1 +d2 ) 2 001 , whence 2 . a

De nition 50 We de ne the function m : I(T ) ! D as follows: m([1; 2 ]) = [c] i l = c 2 ([1 ; 2 ]).




16

De nition 51 We de ne the function + : D D ! D as follows: [c1 ] + [c2 ] = [c3 ] i c1 + c2 = c3 2 . Theorem 52 Let F = hhT; i; hD; [0] ; +i; mi is an interval logic frame. Proof: hT; i is a time domain by Proposition 45. Since every instance of D1-D5 is in , we have that D1-D5 hold for any elements of D. Hence D is a duration domain.

Now we shall prove that m satis es M 1-M 3. For M 1, let 1 = h1 ; 2 , 2 = 01 ; 02 i, and 3 = h001 ; 002 . Let 1 2 3 . Let m([1 ; 2 ]) = m([1 ; 3 ]) = [c] for some c 2 C . Then l = c 2 ([1 ; 2 ]); ([1 ; 3 ]). Let d 2 C be such that l = d 2 1 . Since, by the de nition of , 1; ([1 ; 2 ]) 01 , (l = d; l = c) 2 01 , whence, by axiom L2, l = d + c 2 01. Similarly l = d + c 2 001 . Let e 2 C be such that e = d + c 2 . Such an e exists, because ?0 is a Henkin theory. Hence l = e 2 01 ; 001 and, since 01 ; 02 ; 001 ; 002 ?0 , we have that fl = eg; 02 ; fl = eg; 002 ?0. Hence, by Corollary 37, 02 = + 200 . Let f 2 C be such that l = f 2 02 ; 002 . Then, 01 ; fl = f g; 001 ; fl = f g ?0 , whence, again by Corollary 37, 01 = 001 . Hence 2 = 3 , and this implies M 1. To prove M 2 for m, assume that l = c1 2 ([1 ; 2 ]) and l = c2 2 ([2 ; 3 ]) for some c1 ; c2 2 C . Then (l = c1 ; l = c2 ) 2 ([1 ; 3 ]), because ([1 ; 2 ]); ([2 ; 3 ]) ([1 ; 3 ]) by Proposition 48. Hence, by L2, l = c1 + c2 2 ([1 ; 3 ]). Let c 2 C be such that c = c1 + c2 2 . Then obviously l = c 2 ([1 ; 3 ]), whence m([1 ; 3 ]) = [c] = [c1 ] + [c2 ] . To prove M 3, let m([1 ; 2 ]) = [c1 ] + [c2 ] for some c1 ; c2 2 C . Then l = c1 + c2 2 ([2 ; 3 ]), whence (l = c1 ; l = c2 ) 2 ([2 ; 3 ]) by A2. By Theorem 34 there exist two maximal theories ?1 and ?2 such that l = c1 2 ?1 , l = c2 2 ?2 and ?1 ; ?2 ([1 ; 2 ]). By Lemma 35 ?1 ; ?2 , whence ?1 ; ?2 2 W . By Proposition 49 there exists a 2 T such that 1 2 , ?1 = ([1 ; ]) and ?2 = ([; 2 ]). Obviously, m([1 ; ]) = [c1 ] . This entails M 3. a

De nition 53 We de ne the interpretation I of symbols on F as follows: I (c) = [c] for all c 2 C , I (x) = [c] i x = c 2 for x 2 GV ar, I (f )([c1 ] ; : : : ; [cn ] ) = [cn+1 ] i f (c1 ; : : : ; cn ) = cn+1 2 for every n-place f 2 FSymb, I (R)([c1 ] ; : : : ; [cn ] ) = 1 i R(c1 ; : : : ; cn ) 2 for every n-place R 2 RSymb, I (P )([1 ; 2 ]) = 1 i P 2 ([1 ; 2 ]) for every P 2 PLetter, [t1 ; t2 ] 2 I(T ), I (v)([1 ; 2 ]) = [c] i v = c 2 ([1 ; 2 ]) for every v 2 TV ar, [1 ; 2 ] 2 I(T ). Theorem 54 hF; I i is an interval logic model. Proof: Since W consists of Henkin theories, the interpretation I is everywhere de ned. It is easy to check that I (l) = m, I (0) = [0] , I (+) = + and I (=) is =. a Theorem 55 Let t be a term in L(C ). Let [1 ; 2] 2 I(T ). Then I (t) = [c] i t = c 2 2

([1 ; 2 ]).

1




17

Proof: Induction on the construction of term t. a Theorem 56 Let ' 2 L(C ). Then hF; I i; [1 ; 2 ] j= ' i ' 2 ([1 ; 2]). Proof: Induction on the: construction For ' atomic the equivalence follows from the : of^'. the de nition of I . For ' = : or ' = equivalence follows from the maximality of : ([1 ; 2 ]). For ' = 9x the equivalence follows from ([1 ; 2 ])'s being a Henkin theory. For ' =: ( ; ) 2 ([1 ; 2 ]), 9x9y( ^ l = x; ^ l = y) 2 ([1 ; 2 ]) too. Hence ( ^ l = c1 ; ^ l = c2 ) 2 ([1; 2 ]) for some c1 ; c2 2 C . By Theorem 34 there exist ?1 ; ?2 2 W such that ?1 ; ?2 ([1 ; 2 ]), ^ l = c1 2 ?1 , ^ l = c2 . By Proposition 49 there exists a such that ?1 = ([1 ; ]) and ?2 = ([; 2 ]), whence, by the induction hypothesis hF; I i; [1 ; ] j= and hF; I i; [; 2 ] j= , and hence hF; I i; [1 ; 2] j= '. For the converse, Let hF; I i; [1 ; 2] j= '. Then there exists a 2 [1 ; 2 ] such that hF; I i; [1 ; ] j= and hF; I i; [; 2 ] j= . By the induction hypothesis, 2 ([1 ; ]), 2 ([; 2 ]), whence ( ; ) 2 ([1 ; ]); ([; 2 ]). By Proposition 48 ([1 ; ]); ([; 2 ]) ([1; 2 ]), whence ' 2 ([1 ; 2 ]). a Theorem 57 has the nite covering property on hF; I i for every 2 . Proof: Let 2 . Let [1; 2 ] 2 I(T ). Then ([1; 2 ]) is a maximal theory that is closed under ! and contains ) 2 . Hence, by Lemma 25 hF; I i; [; 2 ] j= k for some k < !. Hence there exist 10 < : : : < n0 such that 1 = 10 , n0 = 2 , and for i = 1; : : : ; n ? 1 and hF; I i; [i ; i+1 ] j= 2 . This shows that hF; I i; [1 ; i ] j= i?1 , i = 1; : : : ; n, and hence has the fcp on hF; I i. a Corollary 58 (completeness) The system given in section 1.3 together with rules ! , 2 , and the axiom ) 2 is complete for the class of interval logic models that 2 have the nite covering property on.

Proof: Let ? be any set of IL formulas that is consistent with this proof system. Then, by Theorem 24 there exists a maximal Henkin theory ?0 ?. The above model, built on the basis of ?0 , satis es ? by Theorem 56 and has the nite covering property on it by Theorem 57. a

2.4 Discussion In this section we give some comments on our choice of an !-rule to complete the proof system for interval logic with the nite covering property. The proof of Lemma 25 shows that we could have chosen a much simpler rule to deal with the nite covering property, namely

8k < ! : k ?

The reason for our choosing ! in the way we did is that this rule can be viewed as a strengthening of the induction rules that are known for duration calculus. These rules are [l = 0=P ] [Q=P ] ) [(Q _ (Q; dS e) _ (Q; d:S e))=P ] IR1 [>=P ] Report No. 139, May 1998


Duration calculus on abstract domains

18

[l = 0=P ] [Q=P ] ) [(Q _ (dS e; Q) _ (d:S e; Q))=P ] IR2 [>=P ] By substituting Q appropriately in the premisses of these rules one can show that ` [l = 0=P ], [(dS e_d:S e_ l = 0)=P ], . . . , [(dS e_d:S e_ l = 0)k =P ], . . . , where the power (dS e_d:S e_ l = 0)k is de ned as in our rule, and what we do is that we replace dS e _ d:S e _ l = 0 with its interval logic counterpart. Yet IR1 and IR2 require a little more to be proved in order to obtain their premisses. They require ` [Q=P ] ) [(Q _ (Q; dS e) _ (Q; d:S e))=P ] for an arbitrary temporal propositional letter Q. That is why we do not expect anything similar to Lemma 25 to hold with these rules instead of ! . On the other hand, if has the nite covering property, the rules [l = 0=P ] [Q=P ] ) [(Q; )=P ] IR10 [>=P ] [l = 0=P ] [Q=P ] ) [( ; Q)=P ] IR20 [>=P ] are still sound, and their use may be convenient, e. g. in automating proof, because they are nitary.

3 Duration calculus on abstract domains 3.1 Syntax of duration calculus The language of duration calculus is essentially that of interval logic with a special form of the temporal R variables. Temporal variables in duration calculus are replaced by expressions of the form S , where S is a state expression, and state expressions are built up from state variables using boolean connectives. The precise syntax of state expressions is as follows: Let SV ar be a countable set of state variables. If S 2 SV ar, then S is a state expression. If S1 and S2 are state expressions, then so are :S1 and S1 ^ S2. The state constants 0 and 1 and the connectives _, ) and , are de ned on state expressions using : and ^ as usually.

3.2 Semantics of duration calculus on abstract domains Duration calculus frames are essentially interval logic frames too. In order to obtain a model for duration calculus from an interval logic frame, the interpretation function I , as known for interval logic, is extended to state variables and the special kind of temporal variables. Given an interval logic frame hhT; i; hD; +; 0i; mi, I maps every S 2 SV ar to a boolean-valued function on T . The following property is essential for this mapping: For every S 2 SV ar and every [1 ; 2 ] 2 I(T ) there exist 10 ; : : : ; n0 such that 1 = 10 : : : n0 = n, and ; 0 2 [i0 ; i0+1 ) implies I (S )( ) = I (S )( 0 ) for all i = 1; : : : ; n ? 1. Report No. 139, May 1998



19

This property is known as the nite variability property of state variables. Next, the standard extension of I over state expressions is de ned as follows: I~(S ) = I (S ) for S 2 SV ar, I~(:S )( ) = 1 ? I~(S )( ) and I~(S1 ^ S2 )( ) = min(I~(S1 )( ); I~(S1 )( )) for all 2 T . The following lemma shows that the nite variability property transfers from state variables to state expressions.

Lemma 59 Let S be a state expression and I be a duration calculus interpretation of the symbols on an IL frame F = hhT; i; hD; +; 0i; mi. Then for every [1 ; 2 ] 2 I(T ) there exist 10 ; : : : ; n0 such that 1 = 10 : : : n0 = n , and ; 0 2 [i0 ; i0+1 ) implies I~(S )( ) = I~(S )( 0 ) for all i = 1; : : : ; n ? 1. Proof: Induction on the construction of S . a

R

Using this lemma, the interpretation of temporal variables of the kind S is de ned as follows: Let [1 ; 2 ] 2 I(T ). Let 10 ; : : : ; n0 have the property stated in Lemma 59. Let us de ne p:d for p 2 f0; 1g and d 2 D as follows: ( 0 p:d = d0 ifif pp = =1

nP ?1 R Then I ( S ) = I~(S )(i0 )m([i0 ; i0+1 ]). It is easy to show that this de nition does not depend i=1 on the particular choice of 10 ; : : : ; n0 . 2

1

following abbreviation is frequently used when writing duration calculus formulas: dS e * ) RThe S = l ^ l 6= 0.

Proposition 60 Let S be a state expression. Then dS e _ d:S e has the nite covering R property on every duration calculus model. Besides, the following formulas are valid about S :

(DC 0) (DC 1) (DC 2) (DC 3) (DC 4) (DC 5) (DC 6) (DC 7)

R

lR = 0 ) S = 0

0=0 dR1e _ l = 0 R (R S = x; dS e ^ l = Ry) ) S = x + y ( S = x; d:S e) ) S = x dS1e ^ dS2e , dS1 ^ S2e dS1e , dS2 e if S1 and S2 are equivalent in propositional calculus. dS e ) 2(dS e _ l = 0)

Proof: Direct check. a




20

3.3 Completeness of duration calculus on abstract domains Proposition 60 entails that the rule ! S and the axiom S ) 2 S are sound for S * ) dS e_d:S e_ l = 0 for some state expression S . Let DC = fdS e _ d:S e _ l = 0 : S is a state expressiong. In this section we shall prove that the extension of the proof system for interval logic with the axioms ) 2 and ! for 2 DC and DC 0-DC 7 is also complete with respect to the above semantics of duration calculus. We shall denote derivability in this system by `DC .

Theorem 61 (completeness) Let ?0 be a countable set of formulas in the language of DC. Then ?0 is satis able on a DC model i ?0 is consistent with respect to `DC . Proof: The proof system we introduced is sound by Proposition 17 and Proposition 60. To prove completeness, notice that consistency of ?0 with respect to `DC implies the consistency of ?DC = ?0 [f2 : is an instance of DC 0 ? DC 7g with respect to ÌL, where = DC . Hence, by Theorem 58, there exists an interval logic model hF; I i, where F = hhT; i; hD; +; 0i; mi and [1 ; 2 ] 2 I(T ) such that hF; I i; [1 ; 2 ] j= ? for some maximal Henkin extension ? of ?DC , and

S * ) dS e _ d:S e _ l = 0 has the fcp on hF; I i. The construction of the canonical model from section 2.3 shows that 1 ; 2 can be chosen so that T = [1 ; 2 ].

Now we shall extend I to the set of state variables S . Let S 2 SV ar. If 1 = 2 , the de nition of I (S ) can be arbitrary. Let 1 < 2 . Since S has the fcp, there exist 10 ; : : : ; n0 such that 1 = 10 < : : : < n0 = 2 and hF; I i; [i0 ; i0+1 ] j= dS e _ d:S e for i = 1; : : : ; n ? 1. We de ne I (S ) in the following way

(

if i0 < i0+1 for some i 2 f1; : : : ; n ? 1g such that hF; I i; [i0 ; i0+1 ] j= dS e; I (S )( ) = 01 otherwise. It is easy to show that this de nition does not depend on the particular choice of 10 ; : : : ; n0 .

R

R

Now we shall prove that hF; I i; [ 0 ; 00 ] j= S = c i I000 ( S ) = I (c) according to the de nition from section 3.2 for every state expression S , c 2 C , and all [ 0 ; 00 ] 2 I(T ). We shall do this by induction on the construction of S . The case S 2 SV ar is clearR from the de nition of I . The case 0 = 00 is: proved using that hF; I i; [ 0 ; 00 ] j= l = 0 ) S = 0, which is an : 0 0 instance of DC 0. Let S = :S (S = S ^ S 00 ) and 0 < 00 . An induction on the construction of S shows that there exist 10 < : : : < n0 such that 0 = 10 , 00 = n0 and I~(S 0 ) (and I~(S 00 )) repeatedly that are constant on intervals of the kind [i0 ; i0R+1 ), i = 1; : : :R; n ? 1. Now, using R 0 0 hF; I i; [i ; j ] j=R ( S = x; dS e ^ l = y) ) S = x + y; ( S = x; d:S e) ) R S = x; (R :S 0 = x; d::S 0 e) ) :S 0 = x; dS 0 e ^ dS 00 e , dS e; 2(d::S 0 e , dS 0 e), which are instances ofRDC 3DCR6, for 1 i < j n, and the inductive hypothesis,Rwe get that hF; I i; [i0 ; i0+1 ] j= S 0 = ci ; S 00 = di , i = 1; :R: : ; n ? 1, implies hF; I i; [ 0 ; 00 ] j= (S 0 ^ S 00 ) = :(: : : (e1 + e2 ) : : : + en?1 ) and hF; I i; [ 0 ; 00 ] j=: (:S 0 ) + (: : : (c1 + c2 ) : : : + cn?1 ) = l, where ei = ci if hF; I i; [i0 ; i0+1 ] j= dS 0 e ^ dS 00 e, and ei = 0 otherwise.

R

This shows that I000 ( S ) is as in the de nition for duration calculus models for every state expression S . Hence, we have constructed a duration calculus model that satis es ?0 . a Report No. 139, May 1998


Finite variability and length in interval logic

21

4 Finite variability and length in interval logic In this section we introduce an interval logic counterpart to duration calculus state variables.

De nition 62 Let ' be an IL formula and K be a class of interval logic models. We call ' state-like on K, if ' satis es the axioms (S 1) ')l= 6 0 (S 2) ' ) 2(' _ l = 0) and the rule ! is sound on models from K with respect to ' * ) ' _ 2:'. R

Next, for every state-like formula ' we introduce a temporal variable to represent S for the corresponding state expression S in duration calculus as follows:

De nition 63 Let ' be an IL formula and let l' be a temporal variable such that: (I 1) l = 0 ) l' = 0 (I 2) (l' = x; 2:') ) l' = x (I 3) (l' = y; ' ^ l = x) ) l' = x + y We call l' a length variable for '. The following theorem shows that state-like formulas Rand their length variables are an exact counterpart of duration calculus state expressions and .

Theorem 64 Consider the proof system for IL extended with the rules ! for 2 f '; ; '^ g. In this system we have

` l? = 0 ` l> = l ` 2(' , ) ) l' = l ` ' ) l = l'^ ` l' + l2:' = l ` (l' = x; l' = y) ) l' = x + y ` l'^ + l'^2: = l'

Proof: To establish ` l? = 0, consider the deduction:

I1 l = 0 ) l? = 0 Monol ? I2 (l = 0; 2:?) ) l? = 0 2:? 2:? ) (l = 0; 2:?) L3l (l = 0; 2:?) ) (l? = 0; 2:?) MP (l = 0; 2:?) (l = 0; 2:?) ) l? = 0 MP l? = 0 Report No. 139, May 1998



22

To establish ` l> = l, consider the deduction

2> ^ l = x ) l = x ) 2> ^ l = x ) (l = 0; 2> ^ l = x) l = x ) (l = 0; 2> ^ l = x)

L3l

l = 0 ) l> = 0 Monol (l = 0; 2> ^ l = x) ) ) (l> = 0; 2> ^ l = x) l = x ) (l> = 0; 2> ^ l = x) l = x ) (l> = 0; 2> ^ l = x) (l> = 0; 2> ^ l = x) ) l> = x I 3

l = x ) l> = x l> = l To establish ` 2(' , ) ) l' = l , let * ) P ) 2(' , ) ) l' = l . Consider the deductions l = 0 ) l' = 0 ^ l = 0 I 1 l = 0 ) (2(' , ) ) l' = l ) ' ) 2' 2(' , ) ) 2' ) 2 2(' , ) ^ ';k ) l' = l Mono l 2(' , ) ^ ( ';k ; ') ) 2(' , ) ^ ( ';k ; ' ^ ) ) ) (2(' , ) ^ ';k ; ' ^ ) ) ( ';k ^ l' = l ; ' ^ ) 2(' , ) ^ ( ';k ; ') ) ( ';k ^ l' = l ; ' ^ ) 2(' , ) 2(' , ) ^ ';k ) l' = l 2:' ) 2: Monol 2(' , ) ^ ( ';k ; 2:') ) 2(' , ) ^ ( ';k ; 2:' ^ 2: ) ) ) (2(' , ) ^ ';k ; 2:' ^ 2: ) ) ( ';k ^ l' = l ; 2:' ^ 2: ) 2(' , ) ^ ( ';k ; 2:') ) ( ';k ^ l = l ; 2:' ^ 2: ) I3 ( ';k ^ l' = l ^ l' = x; ' ^ ^ l = y) ) ) l' = x + y ^ l = x + y 2(' , ) ^ ( ';k ; ') ) ( ';k ^ l' = l ; ' ^ ) ) l' = l ) ( ';k ^ l' = l ; ' ^ ) ( ';k ; ') ) 2(' , ) ) l' = l

I2 ( ';k ^ l' = l ^ l' = x; 2:' ^ 2: ) ) ) l' = x ^ l = x ';k 2(' , ) ^ ( ; 2:') ) ';k ' ' ) ( ';k ^ l' = l ; 2:' ^ 2: ) ( ^ l = l ; 2:' ^ 2: ) ) l = l ( ';k ; 2:') ) 2(' , ) ) l' = l ( ';k ; ') ) 2(' , ) ) l' = l ( ';k ; 2:') ) 2(' , ) ) l' = l ( ';k ; ' _ 2:') ) 2(' , ) ) l' = l They show that ` [l = 0=P ] and that ` [ '^ ;k =P ] implies ` [ '^ ;k+1 =P ]. Hence, by ! '^ , ` [>=P ], i.e. ` > ) 2(' , ) ) l' = l . To establish ` ' ) l'^ , consider the Report No. 139, May 1998



23

deductions:

2' ) 2(' ^ , ) ' ) 2' 2(' ^ , ) ) l'^ = l ' ) l'^ = l To show that ` l' + l2:' = l, let * ) P ) l' + l2:' = l and consider the deductions: l = 0 ) l' = 0 I 1 l = 0 ) l2:' = 0 I 1 l = 0 ) l' + l2:' = l 1 I 2; I 3 0 ' 2:' 1 I 2; I 3 0 ' 2:' l + l = l^ l + l = l^ B B@ ^l' = x ^ l2:' = y^ ; 2:' ^ l = tCA ) @ ^l' = x ^ l2:' = y^ ; ' ^ l = tCA ) ^l = z ^l = z ! ! ' 2 : ' ' = x ^ l2:' = y + t^ l = x + t ^ l = y ^ l ) ^l = z + t ^ z = x + y ) ^l = z + t ^ z = x + y

(l' + l2:' = l; ') ) l' + l2:' = l (l' + l2:' = l; 2:') ) l' + l2:' = l (l' + l2:' = l; ' _ 2:') ) l' + l2:' = l

';k ) l' + l2:' = l Monol ' 2:' ( ';k ; ' _ 2:') ) (l' + l2:' = l; ' _ 2:') (l + l = l; ' _ 2:') ) l' + l2:' = l ( ';k ; ' _ 2:') ) l' + l2:' = l Just like above, they show that ` [ ';k =P ] for all k < !, whence ` > ) l' + l2:' = l. To establish ` (l' = x; l' = y) ) l' = x + y, let * ) P ) (l' = x; l' = y) ) l' = x + y. The deductions l = 0 ) l' = 0 I 1 L 3 l l = 0 ) (l = 0; l = 0) (l = 0; l = 0) ) (l' = 0; l' = 0) Monol ; Monor l = 0 ) (l' = x; l' = y) ) l' = x + y

0 ';k 1 ( ; (' _ 2:') ^ l = u)^ 0 ' 1 1 I2 I3 0 ' B CA ) l = x; l = x; @ ^l' = x; B@ ' ^ l = t^ CA ) B@ 2:' ^ l = t^ CA ) (0'0_ 2:') ^ l =1t ^ l0' = y 1 1 ^l' = y ^l' = y l' = x; C B l' = x; C C B B ' ) l' = x ^ y = 0 ) @@ ' ^ l = t^ A _ @ 2:' ^ l = t^ AA ) l = x + t ^ y = t ^l' = y ^l' = y ! ( ';k ; (' _ 2:') ^ l = u) ^ l' = x; ) (' _ 2:') ^ l = t ^ l' = y ) l' = x + y ( ';k ; (' _ 2:') ^ l = z ) ) (l' = x; l' = y ^ l = t) ) z = u + t ) ) (( ';k ; (' _ 2:') ^ l = u) ^ l' = x; (' _ 2:') ^ l = t ^ l' = y) ( ';k ; (' _ 2:') ^ l = z ) ) (l' = x; l' = y ^ l = t) ) z = u + t ) l' = x + y




24

';k ^ (l' = x; l' = w) ) (l' = x + w; ' ^ l = z) ) I 3 ) l' = (x + w) + z I 3 ) l' = x + w ' Monol (l = w; ' ^ l = z )^ ( ';k ^ (l' = x; l' = w); ' ^ l = z ) ) ^l' = y ) ) l' = (x + w) + z ) w+z =y Monor ( ';k ^ l' = x; ( ';k ^ l' = w; ' ^ l = z ) ^ l' = y)^ ^( ';k ^ (l' = x; l' = w ^ l = u); ' ^ l = z) ) ) l' = x + y ( ';k ; ' ^ l = z ) ) (l' = x; l' = y ^ l = t) ) t = u + z ) ! ';k ' ';k ' ' ) 9w (^ ( ';k^^l (l=' x=; (x ; l' =^ wl );='w^; l'=^zl)= z) ^ l = y)^ ( ';k ; ' ^ l = z ) ) (l' = x; l' = y ^ l = t) ) t = u + z ) l' = x + y

';k ^ (l' = x; l' = w) ) (l' = x + w; 2:') ) I 2 I 2 ) l' = x + w ) l' = x + w (l' = w; 2:')^ Monol ^l' = y ) ( ';k ^ (l' = x; l' = w); 2:') ) l' = x + w )w=y Monor ( ';k ^ l' = x; ( ';k ^ l' = w; 2:') ^ l' = y)^ ^( ';k ^ (l' = x; l' = w ^ l = u); 2:') ) ) l' = x + y ( ';k ; 2:' ^ l = z ) ) (l' = x; l' = y ^ l = t) ) t = u + z ) ! ';k ^ l' = x; ( ';k ^ l' = w ^ l = u; 2:' ^ l = z ) ^ l' = y)^ (

) 9w ^( ';k ^ (l' = x; l' = w ^ l = u); 2:' ^ l = z)

( ';k ; 2:' ^ l = z ) ) (l' = x; l' = y ^ l = t) ) t = u + z ) l' = x + y ( ';k ; (' _ 2:') ^ l = z ) ) (l' = x; l' = y ^ l = t) ) t = u + z )! ';k ' ' ) ((_(( ';k; '; 2^:l'=^zl) =^ (zl) ^=(lx'; l= x=; ly'^=l y=^t)l ^= tt)=ût+=zu)_+ z) ( ';k ; (' _ 2:') ^ l = z ) ) (l' = x; l' = y ^ l = t) ) t = u + z ) l' = x + y ( ';k ; (' _ 2:') ^ l = z ) ) ( ';k ; (' _ 2:') ^ l = z ) ) ( ';k ; (' _ 2:') ^ l = z ) ) ) (l' = x; l' = y ^ l = t) ) ) (l' = x; l' = y ^ l = t) ) ) (l' = x; l' = y ^ l = t) ) ) (t = u + z _ z = u + t) ) t = u + z ) l' = x + y ) z = u + t ) l' = x + y ( ';k ; (' _ 2:') ^ l = z ) ) (l' = x; l' = y ^ l = t) ) l' = x + y show that ` [ ';k =P ] for all k < !. Hence, by ! ' , ` > ) (l' = x; l' = y) ) l' = x + y. To show that ` l'^ + l'^2: = l' , consider the deductions l = 0 ) l'^ = 0 ^ l'^2: = 0 ^ l' = 0 I 1 l = 0 ) l'^ + l'^2: = l'




25

) 2(2: , ?) 2(' ^ 2: , ?) ) l'^2: = l? l? = 0 ) l'^ = l' ) l'^2: = 0 Monor (l'^ + l'^2: = l' ; ) ) (l'^ + l'^2: = l' ; l'^ = l' ^ l'^2: = 0) (l'^ + l'^2: = l' ; ) ) l'^ + l'^2: = l' 2: ) 2( , ?) 2(' ^ , ?) ) l'^ = l? l? = 0 2: ) l'^ = 0 2: ) l'^2: = l'Mono r (l'^ + l'^2: = l' ; 2: ) ) (l'^ + l'^2: = l' ; l'^ = 0 ^ l'^2: = l' (l'^ + l'^2: = l' ; 2: ) ) l'^ + l'^2: = l'

;k ) l'^ + l'^2: = l' Monol ( ;k ; _ 2: ) ) (l'^ + l'^2: = l' ; ) _ (l'^ + l'^2: = l' ; 2: ) ( ;k ; _ 2: ) ) l'^ + l'^2: = l' Just like above they show that ;k ) l'^ + l'^2: = l' for all k < !, whence, by ! , ` l'^ + l'^2: = l'. a We shall denote derivability in the extension of the system for interval logic with DC 0-DC 7 by `DC .

Theorem 65 `DC RR 0 = 0 `DC R 1 = l `DC S 0 `DC RRS1 + R SR2 = R (S1 _ SR 2) + R (S1 ^ S2) `DC (R S = Rx; S = y) ) S = x + y ` S = S if S and S are equivalent in classical propositional calculus. DC

1

2

1

2

Proof: Note that dS e is state-like on the class of models of DC. Besides DC 0, DC 3 and DC 4 are exact counterparts of I 1-I 3. By DC 5 we get that ` 2(dS1 ^ S2 e , dS1 e ^ dS2 e) for all state expressions S1 ; S2 . To see that ` dS e , 2:d:S e ^ l = 6 0, consider the deductions: dS e ^ d:S e , dS ^ :S e DC 5 R (S ^ :S ) = R 0 DC 6 R 0 = 0 DC 1 :(dS e ^ d:S e) Mono ; Mono r l 2:(dS e ^ d:S e) 2dS e ^ 3d:S e ) 2:(dS e ^ d:S e) dS e ) 2(dS e _ l = 0) DC 7 2(d:S e ) l 6= 0) ) 3(dS e ^ d:S e) dS e ) 2:d:S e ^ l =6 0 Similar deductions show that d:S e ) 2:d::S e^ l = 6 0. Hence an induction on the construction of state expressions shows that ` ldS e = l (S ) , where (S ) * ) ) dS e forR S a state variable, (:S )R* d S e d S e * * 2: (S ) and (S ^ S ) ) (S ) ^ (S ). To show that ` l = S , let ) P ) l = S 1


2

1

2


Two-dimensional systems

26

and consider the deductions

I1 R l = 0 ) ldSe = 0 l = 0 ) S = 0 DC 0 R l = 0 ) ldSe = S dS e;k ) ldS e = R S

I 3 ; DC 3 R R (ldS e = S ^ S = x; dS e ^ l = y) ) dS e;k ; dS e) ) (ldS e = R S ; dS e) Monol R (

) ldSe = x + y ^ S = x + y

R

( dS e;k ; dS e) ) ldS e = S dS e;k ) ldS e = R S

I 2 ; DC 4 R (ldS e = SR ; 2:dS e) ) dS e;k ; 2:dS e) ) (ldS e = R S ; 2:dS e) Monol (

d S e )l = S

R

( dS e;k ; 2:dS e) ) ldS e = S R They show that the rule ! dSe can be applied on to obtain ` > ) ldS e = S . Now the theorems in question can easily be derived from their counterparts about state-like variables that are found in Theorem 64. a

5 Two-dimensional systems In this section we present two-dimensional interval logic and two-dimensional duration calculus, that are generalizations of duration calculus with weakly monotonic time, and give complete proof systems for both of them.

5.1 Two-dimensional interval logic 5.1.1 Syntax The language of two-dimensional interval logic (IL2 ) is essentially that of (one-dimensional) interval logic, the only dierence being that there are two more length variables, namely l? and lj , to denote lengths of intervals in terms of micro-time and macro-time respectively.

5.1.2 Semantics De nition 66 A two-dimensional interval logic frame is a tuple of the kind hhT; i; hD; +; 0i; m; m? ; mj i, where hhT; i; hD; +; 0i; mi is an interval logic frame, and m? and mj are weak measures (see De nition 5) such that for every [1 ; 2 ] 2 I(T ), 1 = 6 2, there exist 10 ; : : : ; n0 such 0 0 that 1 = 1 < : : : < n = 2 and for every i = 1; : : : ; n ? 1 either m([i0 ; i0+1 ]) = m? ([i ; i0+1 ]) and mj([i0 ; i0+1 ]) = 0, or m([i0 ; i0+1 ]) = mj ([i0?1 ; i0+1 ]) and m?([i0 ; i0+1 ]) = 0.




27

De nition 67 A two-dimensional interval logic model is a tuple of the kind hhT; i; hD; +; 0i; m; m? ; mj ; I i, where hhT; i; hD; +; 0i; m; m? ; mj i is a two-dimensional interval logic frame and hhT; i; hD; +; 0i; m; I i is an interval logic model such that I (l?) = m? and I (lj) = mj. Remark: Note that xing a 0 2 T and de ning the mappings ? and j of T = f 2 T : 0 g into D by ? ( ) = m?([0 ; ]) and j ( ) = mj([0 ; ]), entails that mapping h? ; ji : T ! DD is injective. These mappings de ne the correspondence between De nition 0

0

66 and the original semantics of duration calculus of weakly monotonic time regards time instants as ordered pairs of the kind h? ( ); j ( )i and T as consisting of vertical and horizontal segments in the \plane" D D, which is also the reason for calling this calculus \two-dimensional".

5.1.3 Proof system and completeness Let * ) l = l? _ l = lj. Now we shall use our completeness theorem for interval logic with the nite covering property to show that the original proof system for interval logic, extended with the rule ! for as de ned above, and the axioms (L2? ) (L2j ) (L+) (FCP )

l? = x + y , (l? = x; l? = y) lj = x + y , (lj = x; lj = y) l = l? + lj (l = l? _ l = lj ) ) 2(l = l? _ l = lj ),

is complete for two-dimensional interval logic.

De nition 68 A formula has the nite covering property on a two-dimensional interval logic

model if it has the nite covering property on the underlying (one-dimensional) interval logic model.

Proposition 69 has the nite covering property on the class of two-dimensional interval logic models.

Proof: Routine check. a Theorem 70 The system from section 1.3 together with (L2? ), (L2j), (L+), (FCP ) and the rule 8k < ! [(l = l? _ l = lj)k =P ] [>=P ] (!)

is complete on the class of two-dimensional interval logic models.

Proof: Let ? be a consistent two-dimensional interval logic theory. By Theorem 58 there exist an interval logic model hhT; i; hD; +; 0i; m; I i and an interval [1 ; 2 ] 2 I(T ) such that l = l? _ l = lj has the fcp on this model, and hhT; i; hD; +; 0i; m; I i; [1 ; 2 ] j= ?. It is easy to Report No. 139, May 1998



28

nd that the validity of L2? , L2j and L+ on our model entails that I (l? ) and I (lj ) are weak measures such that m = I (l? ) + I (lj ). Similarly the fcp for l = l? _ l = lj entails that for every [1 ; 2 ] 2 I(T ) such that 1 6= 2 there exist 10 ; : : : ; n0 such that 1 = 10 < : : : < n0 = 2 and for every i = 1; : : : ; n ? 1 either m([1 ; 2 ]) = m?([1 ; 2 ]), or m([1 ; 2 ]) = mj ([1 ; 2 ]). a

5.2 Two-dimensional duration calculus 5.2.1 Syntax The language of two-dimensional duration calculus is essentially the one for (one-dimensional) R R duration calculus, the dierence being that there are two more operators, namely ? and j, that express durations of states in micro-time and macro-time respectively.

5.2.2 Semantics Two-dimensional duration calculus frames are essentially IL2 frames too. Just like in onedimensional duration calculus, the interpretations of states are required to have the nite variability property:

De nition 71 A two-dimensional duration calculus model is a tuple of the kind hhT; i; hD; +; 0i; m; m? ; mj ; I i, where hhT; i; iD; +; 0i; m; m? ; mji is a two-dimensional interval logic frame, and hhT; i; hD; +; 0i; m; I i is a (one-dimensional) duration calculus model. Given [1 ; 2 ] 2 I(T ), and 1 ; : : : ; n0 such that 1 R= 10 < : : : < Rn0 = 2 and S is constant R ? on j ? 0 0 S = every interval of the kind [i ; i+1 ), we de ne I ( S ) and I ( S ) by putting I n ? 1 nP ?1 R P I~(S )(i0 )m? ([i0 ; i0+1 ]) and I j S = I~(S )(i0 )mj ([i0; i0+1 ]). 2

i=1

1

2

2

2

1

1

1

i=1

5.2.3 Proof system and completeness R R We introduce the following abbreviations: dS e? * ) lj 6= 0 ^ j S = l? . ) l? 6= 0 ^ ? S = l? , dS ej * Let 2 f?; jg and consider the following axioms about state durations: (DC 0 ) (DC 1 ) (DC 2 ) (DC 3 ) (DC 4 ) (DC 5 )

R lR = 0 ) S = 0

0 = 0 dR1e _ l = 0 R (R S = x; dS e ^ l =R y) ) S = x + y ( S = x; d:S e ) ) S = x dS1 e ^ dS2e , dS1 ^ S2e



Two-dimensional systems (DC 6 ) (DC 7 ) (DC +)

29

dS1 e , dS2 e if S1 and S2 are equivalent in classical propositional calculus. dRS e )R 2(dS eR _ l = 0) S = ?S + jS

Theorem 72 The proof system for two dimensional interval logic given in section 5.1.3 extended with the rules ! S for S * ) dS e _ d:S e _ l = 0 for every state expression S , and the axioms DC 0 ? DC 7 , 2 f?; jg, and DC +, is sound and complete for the class of tow-dimensional duration calculus models.

Proof: Similar to that of Theorem 61. a

5.3 Duration calculus of weakly monotonic time The main feature that distinguishes duration calculus of weakly monotonic time (WDC) from just two-dimensional duration calculus is that micro-time is considered discrete. This choice is motivated by applications where micro-time is consumed by computations run on digital computers. In this section we propose a way to introduce discrete quants of xed length of micro-time to two-dimensional duration calculus in a way that enables reasoning about processes with their atomic steps taking nite numbers of such quants. We assume that the theory of duration domains is appropriately extended with the constant 1 and the axiom 0 6= 1. As usual, we use a b as an abbreviation for 9x(b = a + x) and a < b as an abbreviation for a b ^ a 6= b. We propose the following axioms about the WDC constant Unit [PD97] and two supplementary constants subunit and Discrete: (U 0) (U 1) (U 2) (U 3) (U 4) (U 5) (U 6)

subunit ) 2subunit subunit ) l? = 0 ^ lj 1 Unit , (subunit ^ lj = 1) (l? = l ^ l? 6= 0; (lj = l ^ lj 6= 0; l? = l ^ l? 6= 0)) ) ) (l? = l ^ l? 6= 0; ((Unit; >) ^ (>; Unit); l? = l ^ l? 6= 0)) (Unit; lj = l ^ lj 1) ) (Unit; (Unit; >)) (Unit; lj 6= 0) ^ (>; Unit) ) lj 2 Discrete , l? = 0 ^ (Unit; >) ^ (>; Unit)

Besides, we require subunit _ l? = l to have the nite covering property, and allow the rule ! : for = subunit _ l? = l. The intended meaning of the above constants and axioms is as follows. subunit is true on every interval that lies entirely in some micro-time quant. Unit is true on micro-time intervals of length 1 that accomodate atomic transitions. Discrete is true on micro-time intervals that consist of an integer number of Unit-intervals. Axiom U 0 re ects the fcp for subunit. Axiom U 1 constrains the lengths of intervals that satisfy subunit and states that they should be purely micro-time intervals. Axiom U 2 de nes Unit. Unit can as well be introduced as an abbreviation Report No. 139, May 1998



30

for (subunit ^ lj = 1). Axiom U 3 states that every micro-time interval should begin and end at a Unit interval. In particular, every maximal purely micro-time interval is of length greater or equal to 1. Axiom U 4 states that Unit intervals may not overlap. Axiom U 6 de nes Discrete as true at those micro-time intervals that begin and end at Unit subintervals.

Theorem 73 Let hhT; i; hD; +; 0i; m; m? ; mj; I i be a two-dimensional duration calculus model :

that validates the above axioms and the rule ! for = subunit _ l? = l. Then for all 0 ; 1 ; 2 ; 3 2 I(T ) such that 0 < 1 < 2 < 3 and mj([0 ; 1 ]) = m?([1 ; 2 ]) = mj ([2 ; 3 ]) = 0

there exist 10 ; : : : ; n0 such that 1 = 10 < : : : < n0 = 2 , and mj ([i ; i+1 ]) = 1 for all i = 1; : : : ; n ? 1. Besides, [i ; i+1 ], i = 1; : : : ; n ? 1, and no other subintervals of [1; 2 ], satisfy Unit.

Proof: Routine check. a

Conclusion We have de ned the properties of nite covering and nite variability on the abstract class of frames for interval logic and we have axiomatized these properties by adding an !-rule to the proof system of interval logic. We have given duration calculus an abstract semantics that captures the essential feature of nite variability of states present in its original semantics. In this way we have made it possible to nd a complete proof system for duration calculus, that does not rely on semantically de ned sets of axioms. We have found such a system and have shown how it can be adapted and extended to complete proof systems for other practically signi cant extensions of duration calculus and interval logic, such as the duration calculus with weakly monotonic time. We have shown that within this system the expressivity of duration calculus state expressions and their duration temporal variables can be achieved by an appropriately de ned class of temporal propositions and temporal variables, and we have axiomatized the relations between propositions and variables in this class. Thus we have shown that the various extensions of interval logic can be treated in the uni ed framework of this proof system.

Acknowledgements The author is grateful to Zhou Chaochen, Dang Van Hung and Xu Qiwen for a number of fruitful discussions on the topic of this paper during his work on it. Thanks are due to Wang Ji, Xu Qiwen and Zhan Naijun for their remarks on draft versions of this report, and especially to Dang Van Hung for his proof-reading it.



References

31

References [Dut95]

B. Dutertre. On First Order Interval Temporal Logic. Report no. CSD-TR-94-3

Department of Computer Science, Royal Holloway, University of London, Egham, Surrew TW20 0EX, England, 1995 [HZ92] M. R. Hansen and Zhou Chaochen. Semantics and Completeness of Duration Calculus. In: Real-Time: Theory and Practice, LNCS 600, Springer-Verlag, 1992, pp. 209-225. [IEEE95] IEEE Computer Society. IEEE Standard Hardware Description Language Based on the Verilog Hardware Description Language (IEEE std 1364-1995), 1995. [PD97] P. K. Pandya and Dang Van Hung Duration Calculus of Weakly Monotonic Time. Technical Report 122, UNU/IIST, P.O.Box 3058, Macau, September 1997. [SX98] G. Schneider and Xu Qiwen Towards a Formal Semantics of Verilog Using Duration Calculus. Technical Report 133, UNU/IIST, P.O.Box 3058, Macau, February 1998 [Ven91] Y. Venema. A Modal Logic for Chopping Intervals. Journal of Logic and Computation, 1(4):453-476, 1991. [ZCC93] Zhou Chaochen (ed.) Duration Calculus. Compendium. Technical Report 3, UNU/IIST, P.O.Box 3058, Macau, March 1993. [ZHR91] Zhou Chaochen, C. A. R. Hoare and A. P. Ravn. A Calculus of Durations. Information Processing Letters, 40(5):269-276, 1991

