Iteration of Simple Formulas in Duration Calculus - CiteSeerX

UNU/IIST International Institute for Software Technology

Iteration of Simple Formulas in Duration Calculus Dimitar P. Guelev June 1998

UNU/IIST Report No. 141

R

UNU/IIST and UNU/IIST Reports UNU/IIST is a Research and Training Center of the United Nations University. It was founded in 1992, and is located in Macau. UNU/IIST is jointly funded by the Governor of Macau and the Governments of

China and Portugal through contribution to the UNU Endowment Fund.

The mission of UNU/IIST is to assist developing countries in the application and development of software technology. UNU/IIST contributes through its programmatic activities:

1. advanced development projects in which software techniques supported by tools are applied, 2. research projects in which new techniques for software development are investigated, 3. curriculum development projects in which courses of software technology for universities in developing countries are developed, 4. courses which typically teach advanced software development techniques, 5. events in which conferences and workshops are organised or supported by UNU/IIST, and 6. dissemination, in which UNU/IIST regularly distributes to developing countries information on international progress of software technology. Fellows, who are young scientists and engineers from developing countries, are invited to actively participate in all these projects. By doing the projects they are trained. At present, the technical focus of UNU/IIST is on formal methods for software development. UNU/IIST is an internationally recognised center in the area of formal methods. However, no software technique is universally applicable. We are prepared to choose complementary techniques for our projects, if necessary. UNU/IIST produces a report series. Reports are either Research R , Technical T , Compendia C or Administrative A . They are records of UNU/IIST activities and research and development achievements.

Many of the reports are also published in conference proceedings and journals.

Please write to UNU/IIST or visit UNU/IIST home page: http://www.iist.unu.edu, if you would like to know more about UNU/IIST and its report series. Zhou Chaochen, Director | 01.8.1997 { 31.7.2001

UNU/IIST International Institute for Software Technology

P.O. Box 3058 Macau

Iteration of Simple Formulas in Duration Calculus Dimitar P. Guelev Abstract A special kind of smallest xed point known as iteration is in most cases sucient for the description of temporal computation processes in Duration Calculus[ZHR91]. In 1994 Dang and Wang introduced an extension of Duration Calculus with iteration [DW94]. They showed how to describe the behaviours of a practically signi cant class of timed automata in this extension, using so-called simple formulas. In this paper we present a complete system of axioms for iteration of simple formulas. We obtained our axioms by translating appropriately the schemata for iteration from the proof system of propositional dynamic logic ([Seg77], cf. e.g. [AGM92]), which is a well-known formal system with iteration. We present this translation and the correspondence between the semantics of propositional dynamic logic and that of interval temporal logic that underlies it. The argument of completeness for the axioms for iteration in propositional dynamic logic relies on appropriate assignments to propositional variables that occur in them. We show that the corresponding assignments can be supplied to carry out such an argument for simple duration calculus formulas too by proving that iteration can be locally eliminated from these formulas.

Dimitar P. Guelev is a ph. d. student of logic at the Department of Mathematical Logic and Its Applications, Faculty of Mathematics and Informatics, So a University \St. Kliment Ochridski". He has been a fellow of UNU/IIST since March 1998. His research interests are in modal logic, temporal logic and probability logic. e-mail [email protected] a.bg, [email protected]

Copyright c 1998 by UNU/IIST, Dimitar P. Guelev

Contents

i

Contents

Introduction 1 Preliminaries: duration calculus with iteration propositional dynamic logic

1 2

2 Translating relational semantics of multimodal logic into interval logic 3 Axioms for iteration of simple formulas in DC

6 7

1.1 1.2 1.3 1.4

Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . Semantics of interval logic and duration calculus . . . . . . Duration calculus with iteration . . . . . . . . . . . . . . . . Another system with iteration: propositional dynamic logic

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

2 2 5 5

3.1 The translations of PDL axioms for iteration into propositional interval logic . . 8 3.2 Local elimination of iteration from simple DC formulas . . . . . . . . . . . . . . 9 3.3 Completeness of DC1 -DC3 for iteration of simple DC formulas . . . . . . . . . . 11

4 Discussion Conclusion Acknowledgements References

Report No. 141, June 1998

12 12 13 15

UNU/IIST, P.O. Box 3058, Macau

Contents

1

Introduction Among the number of formal systems designed to reason about real-time hybrid systems, duration calculus has proved to be a very successful one. Duration calculus was introduced by Zhou, Hoare and Ravn in 1991 [ZHR91] as an extension of rst-order interval temporal logic [Dut95], equipped with means to reason about state and duration. A relative completeness theorem for duration calculus was formulated and proved by Hansen and Zhou in 1992 [HZ92]. Since then, many extensions of the calculus have been designed and studied to cope with a variety of applications[LRSZ93, SRRZ92, ZHRR92, HZS92, ZRH92, LRSZ92, ZHS93, DW94, PD97]. Among the extensions of duration calculus are systems that capture properties of temporal computation processes, such as duration calculus of weakly monotonic time [PD97]. Extensions of this kind are signi cant, because they provide the way to formalise the semantics of hardware description languages, such as Verilog[IEEE95], in duration calculus [SX98]. In order to capture the semantics of iterative and recursive programming constructs, duration calculus of weakly monotonic time employs a smallest- xed-point operator. The expressiveness of this operator is so general that it is dicult to search for a complete axiomatisation. On the other hand, practically signi cant applications of its, such as describing iterative computations, can usually be dealt with using only a special case of smallest xed point, namely, X:l = 0 _ (; X ), which is known as iteration. In 1994 Dang and Wang introduced an extension of duration calculus with iteration (DC ) and showed its tness to reason about the behaviours of a practically signi cant class of nite timed automata[DW94]. They showed how behaviours of these automata can be described using the class of so-called simple DC formulas. In this paper we give an axiomatisation of iteration that is complete for simple DC formulas. We also discuss a way to generalise the result to broader classes of duration calculus and interval logic formulas. We derive our axiomatisation using a correspondence between the semantics of interval logic and the relational (Kripke-) semantics of propositional dynamic logic (cf. e.g. [AGM92]), which has iteration too. Propositional dynamic logic has been rst given a complete proof system by K. Segerberg in 1977[Seg77]. We translate the schemata that deal with iteration in a more recent version of the proof system[AGM92], and further subject them to some transformations so that we obtain sucient axioms for iteration in DC . The method employed can be used to transfer the axiomatisation of other frame properties, that have been studied in propositional multimodal logics, to interval logic and duration calculus too. The contents of the paper is organised as follows: Section 1 is a brief formal introduction to interval logic, duration calculus and propositional dynamic logic. Section 2 presents the correspondence between propositional multimodal logic frames and interval logic frames, and the corresponding translation, that we employ to derive our axioms. Section 3 presents the derived axioms and gives the argument for their completeness. Section 4 brie y points to the possible generalisation of the scope of the completeness of the axioms.

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Preliminaries: duration calculus with iteration propositional dynamic logic

2

1 Preliminaries: duration calculus with iteration propositional dynamic logic 1.1 Languages Let Const be a set of constant symbols, FSymb be a set of function symbols, RSymb be a set of relation symbols, V ar be a set of individual variables, PLetter be a set of temporal propositional letters and TV ar be a set of temporal variables. The language of interval logic is built up of these symbols and symbols from the set f?; :; ^; ; ; 9; (; )g. All these sets are considered pairwise disjoint. Interval logic terms and formulas are de ned as follows. Constants, individual variables and temporal variables are terms. If t1 ,. . . ,tn are terms and f 2 FSymb is n-place, then f (t1; : : : ; tn ) is a term too. If t1 ,. . . ,tn are terms and R 2 RSymb is n-place, then R(t1; : : : ; tn ) is an atomic formula. Atomic formulas are formulas. If ' is a formula then :' is a formula too. If ' and are formulas, then ' ^ and ('; ) are formulas too. If ' is a formula then 9x' is a formula too. Parentheses ( and ) are used to avoid ambiguity of reading of formulas in the usual way. _, ), , and 8 are introduced as abbreviations in the usual way. The priority of ;, known as the chop-operator, is considered lower than the priority of boolean connectives and quanti ers. Formulas and terms that contain no occurrences of temporal propositional letters and temporal variables, nor contain ;, are called rigid. Interval logic language contains a distinguished temporal variable l which is called the length variable. The language of duration calculus is an extension of the language of interval logic that allows for a special kind of temporal variables, that express durations of states. This extension is de ned as follows: Let SV ar be a set of state variables. A state expression is a boolean formula built of state variables as the propositional letters. A duration temporal variable is a term of the kind R S , where S is a state expression. For reasons that are explained in Section 1.2, the length R variable is considered an abbreviation of 1 in duration calculus, where 1 itself abbreviates S _ :S for some arbitrary state variable S .

1.2 Semantics of interval logic and duration calculus De nition 1 A time domain is a linearly ordered set hT; i. De nition 2 Given a time domain hT; i, we de ne the set of intervals I(T ) = f[1; 2 ] : 1; 2 2 T; 1  2 g, where [1 ; 2 ] = f 2 T : 1    2 g. De nition 3 An interval logic duration domain is a system of the type hD; +(2) ; 0(0) i, that satis es the following axioms

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Preliminaries: duration calculus with iteration propositional dynamic logic

3

(D1) (D2) (D3) (D4) (D5)

x + (y + z) = (x + y) + z x+0 =0+x=x x + y = x + z ) y = z; x + z = y + z ) x = y x+y =0 )x =y =0 (9z )x + z = y _ y + z = x; (9z )z + x = y _ z + y = x De nition 4 Given a time domain hT; i, and an interval logic duration domain hD; +; 0i, m : I(T ) ! D is a measure if (M 1) (M 2) (M 3)

m([1 ; 2 ]) = m([1 ; 20 ]) ) 2 = 20 m([1 ;  ]) + m([; 2 ]) = m([1 ; 2 ]) m([1 ; 2 ]) = x + y ) (9 )m([1 ;  ]) = x.

De nition 5 An interval logic frame is a tuple of the kind hhT; i; hD; +; 0i; mi, where hT; i is a time domain, hD; +; 0i is an interval logic duration domain, and m : I(T ) ! D is a measure. De nition 6 An interval logic model is a tuple of the kind hhT; i; hD; +; 0i; m; I i, where hhT;  i; hD; +; 0i; mi is an interval logic frame, and I is an interpretation of the symbols of interval logic language that satis es the following conditions: I (P ) : I(T ) ! f0; 1g for every P 2 PLetter. I (t) : I(T ) ! D for every t 2 TV ar, I (R) : Dn ! f0; 1g for every n-place R 2 RSymb and I (f ) : Dn ! D for every n-place f 2 FSymb. Besides I (0) = 0, I (+) = +, I (=) is =, and

I (l) = m.

De nition 7 Given an interval logic frame F (model M ), we denote its time domain by hTF ; F i (hTM ; M i), its duration domain by hDF ; +F ; 0F i (hDM ; +M ; 0M i), and its measure function by mF (mM ).

De nition 8 Let I and J be interpretations of interval logic language symbols as de ned above. I x-agrees with J for a given individual variable x if I and J assign the same values to all symbols, but possibly x. De nition 9 Given an interval logic model hF; I i, where F = hhT; i; hD; +; 0i; mi is the corresponding frame, and an interval [1 ; 2 ] 2 I(T ), the value I (t) for an interval logic term t is de ned by induction on the construction of t as follows: 2

1

I (x) = I (x) for x 2 V ar  I (v) = I (v)([1 ; 2 ]) for v 2 TV ar I (f (t1 ; : : : ; tn)) = I (f )(I (t1 ); : : : ; I (tn)) for an n-place f 2 FSymb 2

1

2

1

2

2

2

1

1

1

The relation hF; I i; [1 ; 2 ] j= ' for an interval logic formula ' is de ned by induction on the construction of ' as follows:

hF; I i; [1 ; 2 ] j= P i I (P )([1 ; 2]) = 1 for P 2 PLetter hF; I i; [1 ; 2 ] j= R(t1; : : : ; tn) for and n-place R 2 RSymb i I (R)(I (t1 ); : : : ; I (tn)) = 1 hF; I i; [1 ; 2 ] j= :' i hF; I i; [1 ; 2 ] 6j= ' hF; I i; [1 ; 2 ] j= ' ^ i hF; I i; [1 ; 2 ] j= ' and hF; I i; [1 ; 2] j= hF; I i; [1 ; 2 ] j= ('; ) i hF; I i; [1 ;  ] j= ' and hF; I i; [; 2 ] j= for some  2 [1 ; 2] Report No. 141, June 1998

2

2

1

1

UNU/IIST, P.O. Box 3058, Macau

Preliminaries: duration calculus with iteration propositional dynamic logic

4

hF; I i; [1 ; 2 ] j= 9x' i there exists an interpretation J that x-agrees with I and hF; J i; [1 ; 2] j= '

The de nition of duration calculus models diers from that of interval logic models in that the interpretation function provides meaning of the state variables, that are among the duration calculus language symbols1:

De nition 10 A duration calculus model is a tuple of the kind hhT; i; hD; +; 0i; m; I i, where hhT; i; hD; +; 0i; mi is an interval logic frame, and I is an interpretation of the symbols of

duration calculus language that satis es the conditions for interpretations in interval logic models together with the following ones: I (S ) : T ! f0; 1g for every S 2 SV ar. Besides for every [1 ; 2 ] 2 I(T ) and every S 2 SV ar there exist 10 ; : : : ; n0 such that 1 = 10 < : : : < n0 = 2 and I (S ) is constant on every interval of the kind [i ; i + 1), i = 1; : : : ; n ? 1. The following clauses are added to the de nition of duration calculus terms' interpretation: De nition 11 Given a duration calculus model hF; I i, I~(S ) for state expressions S is de ned by induction on the construction of S as follows:

I~(S ) = I (S ) for S 2 SV ar ~I (:S ) = 1 ? I~(S ) I~(S1 ^ S2 ) = min(I~(S1 ); I~(S2 )) Besides R

I ( S ) = 2

1

P

i=1;:::;n?1 I~(S )(i0 )=1

m([i0 ; i0+1 ]),

where 10  : : :  n0 are such that I~(S ) is constant on every interval of the kind [i0 ; i0+1 ), where i = 1; : : : ; n ? 1. R

Duration calculus formulas of the kind S = l ^ l 6= 0 are abbreviated to dS e. The proof systems for interval logic and duration calculus are to a great extent independent from the exact choice of theory for duration domains. In particular, a richer theory can be used to express more properties of durations, if appropriate for applications. A complete proof system for interval logic can be found in [Dut95]. A complete proof system for duration calculus with respect to the above semantics can be found in [Gue98]. Originally, duration calculus was introduced in [ZHR91] with a concrete semantics, based on the frame hhR; i; hR+ ; +; 0i; mi, where m([a; b]) = b ? a for all a; b 2 R, a  b. A relatively complete proof system for duration calculus with respect to this frame was rst given in [HZ92]. The above frame is the most important one for applications. 1

Here we give the abstract semantics of duration calculus, which has been introduced in [Gue98].

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Preliminaries: duration calculus with iteration propositional dynamic logic

5

1.3 Duration calculus with iteration In 1994 Dang and Wang introduced an extension of duration calculus that contains iteration of duration calculus propositions[DW94]. The following extensions to the de nitions of the syntax and semantics of duration calculus are needed to obtain this system DC : If ' is a DC formula then so are '+ and ' . A DC frame (model) is a duration calculus frame (model). Given a DC model hF; I i, and an interval [1 ; 2 ] 2 I(TF ), the satisfaction of formulas of the kind ' is de ned by the clause:

hF; I i; [1 ; 2 ] j= '+ i there exist 10 ; : : : ; n0 such that 1 = 10 < : : : < n0 = 2 and hF; I i; [i0 i0+1] j= ' for i = 1; : : : ; n ? 1. hF; I i; [1 ; 2 ] j= ' i 1 = 2 of hF; I i; [1 ; 2] j= '+. The above de nitions entail that  and + are interde nable: j= ' , l = 0 _ '+ and j= '+ , ('; ' ). In the sequel we shall focus on  .

1.4 Another system with iteration: propositional dynamic logic Propositional dynamic logic (PDL) is a multimodal logic with Kripke semantics and connectives that allow the construction of complex accessibility relations from the primitive ones. Among these is iteration.

The language of PDL is built of a set of propositional letters P , a set of relation symbols R and symbols from the set f?; :; ^; h; i; ; [; ?;  ; Id; (; )g. These sets are supposed to be pairwise disjoint. PDL relation terms are de ned as follows: Relation symbols are relation terms. Id is a relation term. If  and are relation terms, so are  [ and   . If  is a relation term, then so is  . If ' is a PDL formula, then '? is a relation term too. Now PDL formulas are de ned as follows: ? is a formula. Propositional letters are formulas. If ' is a formula, then so is :'. If ' and are formulas, then ' ^ is a formula too. If  is a relation term and ' is a formula, then hi' is a formula too. Boolean connectives _, ) and ,, and constant > are introduced as abbreviations in the usual way. []' abbreviates :hi:'. D

E

PDL frames are tuples of the form F = 2W ; 2W W , where W 6= ; is a set of possible worlds

or computation states. PDL models consist of a frame F and a valuation v that maps P to 2WF and R to 2WF WF . The standard extension v~ of a valuation v is de ned on relation terms as follows:

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Translating relational semantics of multimodal logic into interval logic

6

v~(Id) = fhw; wi : w 2 W g v~( [ ) = v~() [ v~( ) v~(  ) (= fhw; w00 i : 9w0 2 W (hw; w0 i 2 v~() ^ hw0 ; w00 i 2 v~( ))g !) k ? 1 V v~( ) = hw; w0 i : 9k < !9w1 ; : : : wk 2 W w1 = w ^ wk = w0 ^ hwi ; wi+1 i 2 v~() i=1 v~('?) = fhw; wi : hF; vi; w j= 'g v~( ) is also frequently expressed as S v~(k ), where 0 stands for Id, and k , when k 6= 0, k
The relation j= is de ned as follows:

hF; vi; w 6j= ? hF; vi; w j= p hF; vi; w j= :' hF; vi; w j= ' ^ hF; vi; w j= hi'

i w 2 v(p) for p 2 P i hF; vi; w 6j= ' i hF; vi; w j= ' and hF; vi; w j= i hF; vi; w0 j= ' for some w0 2 W such that hw; w0 i 2 v~()

PDL relational semantics can be used to reason about input-output relations that programs de ne between computation states. For example, consider the while-statement while ' do . Let v~() represent the function that maps every memory state to the one obtained by executing  on it. Then the function that maps every memory state to the one that is obtained by executing the entire while-statement on it is the value of ('?  )  (:')?. A complete deduction system for PDL can be found in [AGM92].

2 Translating relational semantics of multimodal logic into interval logic Consider an interval logic model hF; I i, where F = hhT; i; hD; +; 0i; mi. is the corresponding frame. Let the time domain T be such that min T , max T exist. The relation  on T can be regarded as a binary accessibility relation, as known from modal logic. Various subsets of  can be regarded as accessibility relations too. Hence, hT; i can be regarded as a modal logic frame. Let us introduce the valuation of multimodal formulas on hT; Ri, where R consists of subsets of , in the ordinary way, i.e. let v : P [ R ! 2T [ R, where P is the set of propositional letters and R is the set of relation symbols in the modal language. Let v(r)(1 ; 2 ) only if 1  2 . Now consider an propositional interval logic language with P [ R as its set of propositional temporal letters. Let I be such that I (r)([1 ; 2 ]) i v(r)(1 ; 2 ) for all r 2 R, and I (p)([; max T ]) i v(p)( ). We call hF; I i with I de ned as above propositional interval logic correspondent of the propositional modal logic model hT; R; vi. Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Axioms for iteration of simple formulas in DC

7

Now consider the following translation t of the propositional modal language L(P; R; 3) into the propositional interval logic language L(P [ R; ; ).

t(p) =:: p t(r) = r: t(:') = :: t(') t(' ^ ) = t(') ^ t( ) t(hri') =: (t(r); t('))

for p 2 P for r 2 R for ' 2 L(P; R; 3) for '; 2 L(P; R; 3) for r 2 R, ' 2 L(P; R; 3)

In case dynamic connectives [ and , and relational constant Id, are available t can be extended to map L(P; R; 3; Id; [; ) into L(P [ R; ; ; l = 0) as follows:

t(Id) =: l := 0 t( [ ) =: t() _ t( ) for ; 2 T (R; Id; [; ) t(  ) = (t(); t( )) for ; 2 T (R; Id; [; )

Here T (R; Id; [; ) stands for the set of relation terms built using Id, R, [ and . This translation is similar to the one of the language of propositional dynamic logic into the language of dynamic modal logic proposed in [Rij93].

Proposition 12 Let hhT; i; hD; +; 0i; m; I i be a propositional interval logic correspondent of hT; ; R; vi. Let ' 2 L(P; R; 3; Id; [; ) Then hT; ; R; vi; min T j= ' i hhT; i; hD; +; 0i; m; I i; [min T; max T ] j= t('). Proof: Direct check by induction on the construction of '. a A slightly dierent translation, that allows to dismiss the requirement for T to be bounded, can be obtained by putting I (p)([;  ]) i v(p)( ), thus restricting the valuation of propositional letters' corresponding temporal ones to trivial intervals, and putting t0 (p) =: (p; >). This translation can also be :extended to capture PDL test relational terms in neighbourhood logic[BZ97] by putting t0 ('?) = l = 0 ^ 3r t0 (').

3 Axioms for iteration of simple formulas in DC In this section we use the correspondence between PDL and interval logic described in Section 2 to derive axioms for iteration in duration calculus. In Subsection 3.1 give the translations of PDL iteration axioms. We transform them in a way that is appropriate for the establishment of their suciency for the axiomatisation of iteration for a practically signi cant class of duration calculus formulas. The completeness of PDL axioms relies on reasoning about suitable assignments for propositions that occur in them. We show how to construct the corresponding appropriate propositions in duration calculus by nding local iteration-free equivalents to DC formulas from the speci ed class in Subsection 3.2. Then we use these equivalents to establish the completeness of the derived axioms in Subsection 3.3. The local iteration-free equivalents to Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Axioms for iteration of simple formulas in DC

8

DC formulas that we nd are such on the standard duration calculus frame hhR; i; hR+ ; +; 0ii only. For the rest of the paper we only consider duration calculus models that are based on this frame.

3.1 The translations of PDL axioms for iteration into propositional interval logic Consider the modal logic schemata (1 )

[ ]' ) (' ^ [][ ]') and

(2 )

[ ](' ) []') ) (' ) [ ]').

It is known that these schemata are valid exactly on those modal logic frames that satisfy v~( ) = (~v()) , where v~ stands for the standard extension of the valuation v to T (R; Id; [; ) (cf. e.g. [AGM92]). Their t-translations are equivalent to the schemata (I1 )

_ ((; ); ) ) ( ; ) and

(I2 )

( ; (; ) ^ : ) _ (( ; ) ) ),

where, for the sake of simplicity, assignments (cf. e.g. [vBen83]):

=: :'. The following can be shown using the method of

Proposition 13 Let hF; I i; [min T; max T ] j= _((; ); ) ) ( ; ); ( ; (; )^: )_(( ; ) ) ) for some xed values of I~() and I~( ) and all possible values of I~( ). Then hF; I i; [1 ; 2 ] j= i 1 = 2 or there exist 10 ; : : : ; n0 such that 1 = 10  : : :  n0 = 2 and hF; I i; [i0 ; i0+1 ] j=  for every i = 1; : : : ; n ? 1. Now we further transform the schemata I1 and I2 to obtain a complete axiomatisation for iteration of simple formulas in DC . The proof of Proposition 13is based  on giving appropriate ~ ~ assignments to , to show that the validity of I1 entails I ( )  I () , and the validity of I2   entails I~( )  I~() . The rst inclusion can be as well expressed by the axioms (DC1 ) l = 0 ) (DC2 ) ( ; ) ) . Given an interval [1 ; 2 ] to evaluate I2 in, an assignment forn that is appropriate for the  o  ~ ~ establishment of the second inclusion within [1 ; 2 ] is I ( ) = [; 2 ] : [1 ;  ] 62 I () . Unfortunately, in order to de ne this set of intervals by means of a duration calculus formula, one has to refer to intervals of the kind [1 ;  ] that are out of the intervals in question. That is why the set cannot be guaranteed to be de nable by a duration calculus formula. What is the actual Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Axioms for iteration of simple formulas in DC

9

target of the assignment is to de ne the set of chop-points  , that are involved in the satisfaction of formulas like ( ; : : :) and ( ; (; : : :)). This can be done by replacing formulas of the kind  o n ('; ) by (' ^ ; >), and then searching for a  that satis es I~() = [1 ;  ] : [1 ;  ] 62 I~() . The transformation, performed on I2 , gives (DC3 ) (( ^ ; >) ) ( ^ l = 0; >)) _ (( ^ :); ) ^ ; >). In the next subsection we show that, given an  and an interval [1; 2 ], we can nd a  such that  o  n 0 0 0 0 I~() \ I([1 ; 2 ]) = [1 ; 2 ] : [1 ; 2 ] 62 I~() . This will enable a proof of the completeness of the following set axioms about iteration of simple formulas, that we shall denote by DC1 -DC3 too: (DC1 ) l = 0 )  (DC2 ) ( ; ) )  (DC3 ) (( ^ ; >) ) ( ^ l = 0; >)) _ (( ^ :); ) ^ ; >).

3.2 Local elimination of iteration from simple DC formulas Elimination of iteration from timed regular expressions that are closely related to duration calculus, has been employed earlier under various other conditions as part of model-checking algorithms by Dang and Pham[DP97], and Li, Dang and Zheng[LDZ97]. The contents of Lemma 15, Lemma 16, and Proposition 17 give a slightly stronger form of Lemma 3.6 from [LD96].

De nition 14 (Dang, Wang) ([DW94]) Consider a language for duration calculus. A formula built from de and formulas of the kinds dS e and dS e ^ l  a ^ l  b using _, ;, + and  is called simple.

Lemma 15 Let hF; I i be a duration calculus model. Let [1; 2 ] 2 I(TF ). Let ' be a disjunction of simple formulas built using only ; and containing no subformulas of the kind dS!e^ a  l ^ l  b k with a = 6 0. Then there exists a k < ! such that hF; I i; [1 ; 2] j= 2 ' , W 'i . i=0

Proof: Let [10 ; 20 ]  [1 ; 2]. By the de nition of  , we have that hF; I i; [10 ; 20 ] j= ' i there exists a n < ! such that hF; I i; [10 ; 20 ] j= 'n . We shall prove that there exist k; n0 such that for all [10 ; 20 ]  [1 ; 2 ], n  n0 we have hF; I i; [10 ; 20 ] j= 'n ) 'k . p W

Let ' =: i , where i are simple formulas built using only chop. Let 1 ; : : : ; r 2 [1 ; 2 ] i=1 be such that 1 = 1 < : : : < r = 2 and for every i = 1; : : : ; r ? 1 and every state expression S that occurs in ' either hF; I i; [i ; i+1 ] j= dS e, or hF; I i; [i ; i+1 ] l j= d:S me. Let  b0 = minfb : l  b occurs in 'g. We shall prove that k can be chosen to be (r ? 1)  b? + 1 . Let hF; I i; [10 ; 20 ] j= 'n for some n < !. This this implies that there exist 1 ; : : : ; n+1 and 1 ; : : : ; n 2 f1 ; : : : p g such that 10 = 1 < : : : < n+1 = 20 and hF; I i; [i ; i+1 ] j= i for i = 2

1

0

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Axioms for iteration of simple formulas in DC

10

1; : : : ; n. Let n  r ? 1. There are at most r ? 1 is such that there exist a j  r ? 1 for that satis es i  j  i+1 . For all other values of i there exists a j  r ? 1 such that [i ; i+1 ]  [j ; j+1 ]. Let i contain subformulas of the kind l  b. Since b  b0 , and j +1 ? j  2 ? 1, and for every state expression S that occurs in i dS e holds in all nontrivial subintervals of [j ; j +1 ], we have m l ?

2 1

that for any [; ]  [j ; j +1 ],  6= , hF; I i; [; ] j= i b . In case no formula of the kind l  b occurs in i , the same holds trivially. This situation may occur in at most r ? 1 subinter 2 [ 0 ;  0 ] there exist is such vals of [10 ; 20 ] of the kind [j ; j +1 ]. Besides, for all j such that l j m 1 2 0

?

2 1

0 ] j= ( 1 ; (: : : ; ( i?1 ; ( b ; ( i+1 ; (: : : ; n ) : : :))) : : :), that i  j  i+1 . Hence hF; I i; [10 ; 2l i m   ?  + 1 occurrences of formulas from f1 ; : : : ; p g which is a simple formula built of (r ? 1) 0

bl

2

(r?1) using ; only. Hence hF; I i; [10 ; 20 ] j= '

1

0

?

2 1 b0

m



+1

, provided that hF; I i; [10 ; 20 ] j= 'n for some n  r ? 1. Now obviously the existence of an n such that hF; I i; [10 ; 20 ] j= 'n entails k hF; I i; [10 ; 20 ] j= W 'i a i=0

Lemma 16 Let hF; I i be a duration calculus model. Let [1 ; 2] 2 I(TF ). Let ' be a disjunction of simple formulas built using only chop. Then there exists a simple formula '0 with no occurrences of  and + such that hF; I i; [1 ; 2 ] j= 2(' , '0 ). p

q

Proof: Let ' =: W i _ W j , where i , i = 1; : : : ; p, contain no subformulas of the kind i=1 j =1 a  l, a 6= 0, and j does contain such occurrences for every j = 1; : : : ; q. The case in p q which there are no s has been dealt with in Lemma 15. Let A =:

W

i=1

i , B =:

a0 = minfa : a  l occurs in B g. Then obviously hF; I i; [1 ; 2 ] 6j= B k for k  0 B B @

hF; I i; [1 ; 2 ] j= 2 ' ,

l

?

2 1 a0

W

i=0

m

1

l

W

j =1 m  ? . a 2

1

0

j and Hence

C

0 (A ; (B ; A )i )C A. By Lemma 15, there exists a simple formula A

with no occurrences of  , nor 1 of + , such that hF; I i; [1 ; 2 ] j= 2(A , A0 ). Hence hF; I i; [1 ; 2 ] j= l m 0 B B @

2 ',

?

2 1 a0

W

i=0

C

(A0 ; (B ; A0 )i )C A, which concludes the proof. a

Proposition 17 Let hF; I i be a duration calculus model. Let [1; 2 ] 2 I(TF ). Then for every simple formula ' there exists a simple formula '0 with no occurrences of hF; I i; [1 ; 2 ] j= 2(' , '0 ).

+

and  such that

Proof: Induction on the construction of '. Obviously de and formulas of the kinds dS e and dS e ^ l  a ^ l  b are  -free. Given ' we shall construct a '0 of the kind '01 _ :: : : _ '0n , where : 0 'i , i = 1; : : : ; n, are built using only chop. Let ' = 1 _ 2 . Then we put '0 = 10 _ 20 . Let Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Axioms for iteration of simple formulas in DC

11

n m m n ' =: ( 1 ; 2 ). Let 10 =: W i and 20 =: W j . Then we put '0 =: W W (i ; j ). Now obviously i=1 j =1 j =1 i=1 hF; I i; [1 ; 2 ] j= 2( k , k0 ), k = 1; 2 entails hF; I i; [1 ; 2 ] j= 2(' , '0). Let ' =:n +. Since j= + , ( ;  ) we reduce this case to the case of ' =:  . In this case, let 0 =: W i, where i=1 i , i = 1; : : : ; n are simple formulas built using only chop. Now apply Lemma 16 to obtain '0 .

a

3.3 Completeness of DC1-DC3 for iteration of simple DC formulas Now we can show that DC1 , DC2 and DC3 are sound and complete with respect to the semantics of  in DC .   Theorem 18 (soundness) Let hF; I i be a duration calculus model that satis es I~()  = I~( ). Then DCi, i = 1; 2; 3 are valid on hF; I i.

Proof: The proof about DC1 and DC2 is trivial and we omit it. Consider DC3. Let [1 ; 2 ] 2 I(TF ) be such that hF; I i; [1 ; 2 ] 6j= (( ^ ; >) ) ( ^ l = 0; >)). We shall prove that hF; I i; [1 ; 2 ] j= (( ^:); )^; >). We have that hF; I i; [1 ; 2] j= ( ^; >); :( ^l = 0; >). This k ~ ~ entails that [1 ; 1 ] 62 I (), and [1 ;  ] 2 I () \ I~() for some  2 [1 ; 2 ] and some k < !. Let k be the smallest one such that a  with the above property exists. Then there exist 10 ; : : : ; k0 +1 such that 1 = 10 < : : : < k0 +1 =  and hF; I i; [i0 ; i0+1 ] j=  for i = 1; : : : ; k, [1 ; i0 ] 6j=  for i = 1; : : : ; k, and [1 ; k0 +1 ] j= . A direct check shows that hF; I i; [1 ; k0 +1 ] j= ( ^ :; ) ^ , whence hF; I i; [1 ; 2 ] j= (( ^ :; ) ^ ; >). a

Theorem 19 (completeness) Let hF; I i be a duration calculus model that validates DC1 , DC2  

and DC3 for some simple DC formula . Then I~( ) = I~() .

  of this is Proof: The validity of DC1 and DC2 entails that I~( )  I~()  . The proof   trivial and we omit it. For the sake of contradiction, assume that [1 ; 2 ] 2 I~( ) n I~() . By   Proposition 17 there exists a simple formula 0 such that I~(0 ) \ I([1 ; 2 ]) = I~() \ I([1 ; 2 ]).   Let  =: :0 . Since hF; I i; [1 ; 2 ] j= and [1 ; 2 ] 62 I~() , we have hF; I i; [1 ; 2 ] j= ( ^ ; >).   Since [1 ; 1 ] 2 I~() , hF; I i; [1 ; 2 ] 6j= ( ^ l = 0; >). Hence hF; I i; [1 ; 2 ] 6j= (( ^ ; >) ) ( ^ l = 0; >)). Now assume that hF; I i; [1 ; 2 ] j= (( ^ :; ) ^ ; >). This entails that for some  0 ;  00 2 [1 ; 2 ] hF; I i; [1 ;  0 ] j= :, and hF; I i[ 0 ;  00 ] j= . Then for some k < ! there exist 10 ; : : : ; k0 +1 such that 1 = 10 < : : : < k0 +1 =  00 and hF; I i; [i0 ; i0+1 ] j=  for k  i = 1; : : : ; k, and besides, hF; I i; [10 ; k0 +1 ] j= . This implies that [1 ; k0 +1 ] 2 I~() and   [1 ; k0 +1 ] 2 I~()  I(TF ) n I~() , which is a contradiction. a

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

Discussion

12

4 Discussion Note that the proof of the soundness of DC1-DC3 (Theorem 18) does not rely on the special form of  that occurs in them. Besides, the only use of this form in the proof of completeness (Theorem 19) is for the local elimination of  from  . This shows that the following more general result can be stated:

Theorem 20 Let hF; I i be a duration calculus model that validates DC1, DC2 and DC3 and  be such that for every [ ;  ] 2 I(TF ) there exists and 0 that satis es hF; I i; [1 ; 2 ] j= 2( , 0 ).  1 2 Then I~( ) = I~() .

Hence the completeness of the three schemata can be generalised to any class of DC formulas, for which  can be locally eliminated. A rather big, yet not syntactically de ned class of such formulas can be de ned by the condition j=  ) l  c, where c is a positive constant. Discussions of this result with members of the UNU/IIST DeTfoRS research gave the following generalisations. Dang Van Hung suggested that the class of simple formulas can be extended by allowing the conjunction of length boundaries to every simple formulas, and not only to those of the kind dS e, i.e. if ' is a simple formula, then ' ^ a  l ^ l  b can be considered simple too. Extending the class of simple formulas this way still allows for local elimination of iteration. Another extension, that introduces negation into the class of simple formulas, was produced as a side result of Catalin Dima's research [D98]. It can be formulated by the following theorem:

Theorem 21 (Dima, 1998) & ' Let ' be a simple formula in which every subformula of the kind V dS e has the form "P P , where P is a xed nite set of state variables, and "P is either : P 2P or nothing for every P 2 P . Then :' is equivalent to a simple formula. Since the schemata are sound for interval logic too, the result can be generalised to axiomatise iteration in interval logic.

Conclusion We have given a complete axiomatisation of iteration of the class of simple formulas in DC . Thus we have enhanced the deduction system of DC in a way that makes it complete for a practically signi cant case. We have derived the axioms by establishing a semantical correspondence between multimodal logic frames and interval logic frames, and nding a matching truth-preserving translation of modal logic formulas into interval logic formulas. The correspondence and the translation can be used for transferring the axiomatisation of other frame properties from modal logic too. The axioms that we have found are sound for iteration of any duration calculus or interval logic formulas and not only simple ones. In order to show their completeness for iteration of simple DC formulas, we have proved that iteration can be locally Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

References

13

eliminated from simple formulas. The completeness of our axioms extends over every class of duration calculus or interval logic formulas that admit local elimination of iteration.

Acknowledgements The author is grateful to Dang Van Hung, Xu Qiwen and Catalin Dima for a some fruitful discussions on the topic of this paper during his work on it. Thanks are due especially to Dang Van Hung for his proof-reading it.

References [AGM92] S. Abramsky, D. Gabbay and T.S.E. Maibaum, eds. Handbook of Logic in Computer Science, Clarendon Press, Oxford, 1992. [BZ97] Rana Barua and Zhou Chaochen. Neighbourhood Logics : NL and NL2 . Research Report 120, UNU/IIST, P.O.Box 3058, Macau, August 1997. [DP97] Pham Hong Thai and Dang Van Hung. Checking a regular class of Duration Calculus Models for Linear Duration Invariants. Technical Report 118, UNU/IIST, P.O.Box 3058, Macau, July 1997. Also published in Bernd Kramer, Naoshi Uchihita, Peter Croll and Stefano Russo (eds.) Proceedings of the International Symposium of Software Engineering for Parallel and Distributed Systems (PDSE'98), 20-21 April, 1998, Kyoto, Japan. IEEE Computer Society Press, 1998, pp. 61-71. [Dut95] B. Dutertre. On First Order Interval Temporal Logic. Report no. CSD-TR-94-3 Department of Computer Science, Royal Holloway, University of London, Egham, Surrey TW20 0EX, England, 1995 [DW94] Dang Van Hung and Wang Ji. On The Design of Hybrid Control Systems Using Automata Models. Research Report 35, UNU/IIST, P.O.Box 3058, Macau, November 1994. Also published in V. Chandru and V. Vinay (eds.) LCNS 1180: Foundations of Software Technology and Theoretical Computer Science, 16th Conference, Hyderabad, India, December 1996, Springer, 1996. [D98] Catalin Dima. A decidable fragment of DC*. Technical report, UNU/IIST, 1998. [Gue98] D. P. Guelev. A Calculus of Durations on Abstract Domains: Completeness and Extensions. Technical Report 139, UNU/IIST, P.O.Box 3058, Macau, May 1998. [HZ92] M. R. Hansen and Zhou Chaochen. Semantics and Completeness of Duration Calculus. In: Real-Time: Theory and Practice, LNCS 600, Springer-Verlag, 1992, pp. 209-225.

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

References

14

[HZS92] M.R. Hansen, Zhou Chaochen, and J. Staunstrup. A Real-time Duration Semantics for Circuits. Research Report, ID/DTH, Bldg. 344, DK-2800 Lyngby, Denmark, March 1992. Also published in: Proceedings of the Workshop on Timing Issues in the Speci cation and Synthesis of Digital Systems, Princeton, March 1992. [IEEE95] IEEE Computer Society. IEEE Standard Hardware Description Language Based on the Verilog Hardware Description Language (IEEE std 1364-1995), 1995. [LD96] Li Xuan Dong and Dang Van Hung. Checking Linear Duration invariants by Linear Programming. Research Report 70, UNU/IIST, P.O.Box 3058, Macau, May 1996, Also published in Joxan Jaffar and Roland H. C. Yap (Eds.), Concurrency and Palalellism, Programming, Networking, and Security LNCS 1179, Springer-Verlag, Dec 1996, pp. 321-332. [LDZ97] Li Xuan Dong, Dang Van Hung, and Zheng Tao. Checking Hybrid Automata for Linear Duration Invariants. Research Report 109, UNU/IIST, P.O.Box 3058, Macau, June 1997. Also published in R.K.Shamasundar, K.Ueda (eds.), Advances in Computing Science, LNCS 1345, Springer-Verlag, 1997, pp.166-180. [PD97] P. K. Pandya and Dang Van Hung Duration Calculus of Weakly Monotonic Time. Technical Report 122, UNU/IIST, P.O.Box 3058, Macau, September 1997. [LRSZ92] Liu Zhiming, A.P. Ravn, E.V. Srensen, Zhou Chaochen. Towards a Calculus of Systems Dependability, Presented at Workshop on Theory of Hybrid Systems, Lyngby, Denmark, 19-20 October 1992. Published in the Journal of High Integrity Systems, Vol.1, No.1,1994, pp 49-65. [LRSZ93] Liu Zhiming, A.P. Ravn, E.V. Srensen, Zhou Chaochen A Probabilistic Duration Calculus,H. Kopetz and Y. Kakuda (eds), Dependable Computing and FaultTolerant Systems Vol. 7: Responsive Computer Systems, pp 30-52. Springer-Verlag, 1993. [Rij93] M. de Rijke. Extending Modal Logic. Ph.D. thesis, Institute for Logic Language and Computation, University of Amsterdam, 1993. ILLC Dissertation Series 1993-4. [Seg77] K. Segerberg A Completeness Theorem in the Modal Logic of Programs. Notices of the American Mathematical Society, vol. 24 (1977), p. A-552, 77T-E69 [SRRZ92] J.U. Skakkebk and A.P. Ravn, H. Rischel, and Zhou Chaochen. Speci cation of Embedded Real-time Systems. ProCoS Research Report, ID/DTH, Bldg. 344, DK-2800 Lyngby, Denmark, June 1992. Also published in: Proceedings 4th Euromicro Workshop on Real-Time Systems, IEEE Press, pp 116-121, June 1992. [SX98] G. Schneider and Xu Qiwen Towards a Formal Semantics of Verilog Using Duration Calculus. Technical Report 133, UNU/IIST, P.O.Box 3058, Macau, February 1998 [vBen83] Van Benthem, J.A.F.K., Modal Logic and Classical Logic, Bibliopolis, Naples, 1983. Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau

References

15

[ZHR91] Zhou Chaochen, C. A. R. Hoare and A. P. Ravn. A Calculus of Durations. Information Processing Letters, 40(5):269-276, 1991 [ZHRR92] Zhou Chaochen, M.R. Hansen, A.P. Ravn, and H. Rischel. Duration Speci cations for Shared Processors. Research Report, ID/DTH, Bldg. 344, DK-2800 Lyngby, Denmark, October 1991. Also published in: Proceedings of the Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, Niijmegen, January 1992, LNCS 571, pp 21-32, 1992. [ZHS93] Zhou Chaochen, M.R. Hansen, P. Sestoft. Decidability and Undecidability Results for Duration Calculus, Proc. of STACS'93, 10th Symposium on Theoretical Aspects of Computer Science, Wrzburg, LNCS 665, pp 58-68, Feb. 1993. [ZRH92] Zhou Chaochen, A.P. Ravn, and M.R. Hansen. An Extended Duration Calculus for Hybrid Real-time Systems. ProCoS Research Report, ID/DTH, Bldg. 344, DK-2800 Lyngby, Denmark, October 1992. (Revised version available as UNU/IIST Report 9.) Also published in Hybrid Systems, LNCS 736, Springer Verlag, 1993.

Report No. 141, June 1998

UNU/IIST, P.O. Box 3058, Macau