Linear Temporal Logic LT LK extended by Multi-Agent ... - CiteSeerX

Journal of Logic and Computation Advance Access published May 4, 2009

Linear Temporal Logic LT LK extended by Multi-Agent Logic Kn with Interacting Agents VLADIMIR RYBAKOV, Department of Computing and Mathematics, Manchester Metropolitan University, Manchester M1 5GD, UK and Siberian Federal University, Krasnoyarsk, Russia. E-mail: [email protected] Abstract We study an extension LTLK of the linear temporal logic LTL by implementing multi-agent knowledge logic KD45m (which is often referred as multi-modal logic S5m ). The temporal language of our logic adapts the operations U (until) and N (next) and uses new temporal operations: Uw —weak until, and Us —strong until. We also employ the standard agents’ knowledge operations Ki from the multi-agent logic KD45m and extend them with an operation IntK responsible for knowledge obtained via interaction of agents. The semantic models for LTLK are Kripke/Hintikka-like structures NC based on the linear time. Structures NC use i ∈ N as indexes for time, and the base set of any NC consists of clusters C(i) (for all i ∈ N) containing all possible states at the time i. Agents’ knowledge is modelled in time clusters C(i) via agents’ knowledge accessibility relations Rj . The logic LTLK is the set of all formulas which are valid (true) in all such models NC w.r.t. all possible valuations. We prove that LTLK is decidable: we reduce the decidability problem to verification of validity for special normal reduced forms of rules in specific models (not LTLK models) of size single-exponential in size of the rules. Furthermore, we extend these results to a linear temporal logic LTLK (Z) based on the time flow indexed by all integer numbers (with additional operations Since and Previous). Also we show that LTLK has the finite model property (fmp) while LTLK (Z) has no standard fmp. Keywords: Linear temporal logic, modal logics multi-agent logic, interacting agents, decidability, algorithms, inference rules

1

Introduction

Extensions of multi-modal logics (a special sort of hybrid logics) can be understood very broadly as a combination of logics via fusion of languages, or by means of combining/fusion of models adequate to individual logics (for building more expressive and precise semantical models). Historically, the term hybrid logic often refers to a number of logics obtained by adding further expressive power to ordinary modal logics. Frequently, it is connected with introduction of so-called nominals which are propositional symbols of a new sort, each being true at exactly one possible world. Construction of hybrid logics may be also motivated by (i) the interest to properties of background logics which can be extended to hybrids, (ii) the estimation of efficiency for obtained systems [this often refers to computational complexity of decision problem (or satisfiability problem) for these logics]. Along this venue whole new areas in non-classical logic and proof theory have been developed (cf., for instance, [2, 3, 5, 6, 15]). Sometimes ideas originating in modal logic have developed into full-fledged separate disciplines with their own tools, technique and various applications (cf., e.g. description logics, in [4]). Temporal logics, the origin of which may be traced back to Prior [28, 29], can be considered as a special case of multi-modal logics, e.g. as bi-modal logics, with some laws imposed on the interaction of modalities to imitate the flow of time. Mathematical theory devoted to study of various aspects of the interaction of temporal operations (e.g. axiomatizations of temporal logics) and to the construction of solid © The Author, 2009. Published by Oxford University Press. All rights reserved. For Permissions, please email: [email protected] doi:10.1093/logcom/exp027

2 Linear Temporal Logic semantic theory based on Kripke/Hintikka-like models and temporal Boolean algebras, formed a highly technical branch in the field of non-classical logics (cf. [17, 18, 22, 42, 43]). Temporal logics are currently the most widely used specification formalism for reactive systems. They were first suggested to be used for specifying properties of programs in late 1970s (cf. [27]). The most used temporal framework is the linear-time propositional temporal logic LT L, which has been studied from various viewpoints of its application (cf. [9, 24, 25]). First axiomatization for LT L was proposed in Gabbay et al. [16]. This temporal logic has numerous applications to safety, liveness and fairness (cf. [11]), to various problems arising in computing (cf. [1]). Model checking for LT L formed an extensive area within logic in computer science, which uses, in particular, applications of automata theory (cf. [10, 21, 41]). The book of Kröger and Merz [23] contains up-to-date presentation of the theory and applications of linear and branching time temporal logic. Another view on possible applications of multi-modal logics comes from knowledge logics (cf. [12, 13, 19]), which are special multi-modal logics with modalities Ki responsible for knowledge of agents. They are intended to model effects and properties of agents’ knowledge in changing environment. These logics are special hybrids implementing operations for agents’ knowledge, and possibly some more logical operations intended to model knowledge. Combinations of temporal logics with multi-agent logics is nowadays an active research area. For example, Meyden and Shilov [45] studied the modal logic of knowledge and linear time, and showed (Theorem 1 [45], stated without proof) that this logic (with operations until and common knowledge) is undecidable (while some of its fragments are decidable, which is given with estimations of complexities for decision procedures). In the book Fagin et al. [12] (Section 4.3, Knowledge in MultiAgent Systems: Incorporating time), a combination of LT L with knowledge base operation KKB is suggested. The paper Penczek and Lomusico [26] considers computation tree logic of knowledge (CTLK) aimed to verification of epistemic properties of multi-agent systems. The paper Hoek and Wooldridge [44] considers reductions of model checking for CKLn to linear temporal logic model checking. BDI logics (with logical operations for beliefs, desires and intensions), in turn, are special kind of multi-modal (multi-agent) logics, in which specific axioms postulate interaction between mentioned logical operations; various decision procedures for such logics were suggested (cf. e.g. [30]). Paper Governatori et al. [14] studies a combination of the belief logic with a linear-time temporal logic (using a powerful technique called fibring) in order to model the evolution of multi-agent systems through time. Summarizing previous research and using a refined technique, the paper of Halpern et al. [20], provides sound and complete axiomatizations for a big number of different logics involving modalities for knowledge and time (all the logics considered there involve the discrete time linear temporal logic operators next and until and an operator for the knowledge of each of a number of agents). In present article, we consider a combination of linear temporal logic LT L with multi-agent logic possessing a logical operation to be known via agents’ interaction. Our hybrid logic LT LK extends the standard linear temporal logic LT L (with operations until and next) by embedding the multiagent knowledge logic KD45m (i.e. multi-modal S5m ) with knowledge via interaction operation IntK (IntK is the dual analogue of the common knowledge operation C as it is introduced in Fagin et al. [12], in fact, IntK = ¬C¬). Informally, for any formula (statement) ϕ, IntKϕ says that there is a finite path (of unbounded length) of interchanging agents’ accessibility relations which leads to a state where ϕ is true. Intuitively it means that the agents interact and pass each other the information that ϕ is true at a state (i.e that ϕ is satisfiable in some state). But our embedding of KD45m in LT L is made (as far as we can judge) in a way quite different from ones presented in literature (and, as we think, the logic LT LK has very good intuitive motivation,

Linear Temporal Logic 3 which isdescribed below). The sematic basis of the logic LT LK consists of Kripke/Hintikka frames NC := i∈N C(i),R,R1 ,...,Rm ,Next, where i, as always, encodes time, and any C(i) is not a single state (as it is usually specified) but is a frame (model) for KD45m . Therefore all Rj are defined locally, only within each C(i), and so computations of all agents’ knowledge operations in a state s ∈ C(i) depend only on truth values of propositions within C(i). It seems to be an adequate interpretation for reasoning about network computing: i ∈ N encodes time states, any C(i) is a set of all web sites (computers, CPUs, etc.) available in time i, and agents’ accessibility relations Rj within C(i) are valid only for time i (s1 ∈ C(i),s1 Rj s2 ⇒s2 ∈ C(i)), agents cannot predict the future (say i+1) and accessibility relations which they will possess in future time (i+1 and after). The language for LT LK has, together with standard temporal operations U (until) and N (next), some refined versions of U: weak until Uw and strong until Us (assigned to handle properties within time clusters C(i)). As mentioned above, the language has the standard agents’ knowledge operations Kj (from KD45m ) and the operation IntK responsible for knowledge obtained via interaction of agents. The semantic models for LT LK are mentioned above the frames NC , which are based on linear time with time points i modelled by time clusters C(i) of all possible states of the current time point i (i is a natural number, i ∈ N). Agents’ knowledge is modelled within time clusters via agent knowledge accessibility relations Rj , which are arbitrary equivalence relations within each C(i) (such an approach has a resemblance with synchronous agents’ systems and systems with perfect recall (cf. [12], pp. 128–130), though we do not impose perfect recall, where any agents’ local state encodes everything that has happened thus far, and states of our frames are free of carrying any information except the one that is given by a valuation of propositions; in our case we consider clusters of states in a current time point, and members of these clusters are states of our frames). We study the logic LT LK which is the set of all formulas which are true in all such models NC w.r.t. all valuations of letters. The prime question we are dealing within the article is the decidability of LT LK . We reduce the decidability problem for LT LK to validness verification for inference rules in reduced normal form in special Kripke/Hintikka models (of size at most single exponential from a square polynomial on size of the rules). So, we prove that LT LK is decidable. Here, we use the technique developed for study of inference rules in [31–40] (though all facts which we need are proven within this article). Notice that our proof of decidability of LT LK contrasts with the results of Meyden and Shilov [45] where a modal logic of knowledge and linear time (with operations until and common knowledge) is stated to be undecidable. Our choice for embedding KD45m in LT L locally allowed us to get decidability—which is of computational value. To compare results, LT LK differs from the logic in [45] in the respect that in [45] agents have individual valuations (observations) and the operations ∼j (Rj in our case) are defined in [45] via a kind of agreements the agents’ observations on runs. In our case, all Rj are arbitrary equivalence relations on sets C(i),i ∈ N, therefore presenting the more general case. In the final part of the article, we extend obtained results to a temporal logic LT LK (Z), with additional operations Since and Previous. This logic is based on time flow indexed by all integer numbers. We obtain a decision algorithm for LT LK (Z) developing tools used before for LT LK . In conclusion, we show that LT LK (Z) does not have standard finite model property (fmp) [but, in a sense, is characterized by finite models (based at non-LT LK (Z)-frames) with special valuations], while LT LK has fmp. The article is organized as follows: Section 2 provides all necessary preliminary definitions, notation, motivations and examples. Section 3 contains the description of the main technique, all mathematical technical lemmas, proofs and is concluded by Theorem 15 stating that the logic LT LK

4 Linear Temporal Logic is decidable. Section 4 extends results of Section 3 to the logic LT LK (Z). The article is self-contained and does not use any results which are not proven within.

2

Definitions, notation

Temporal logics are, in essence, modal logics geared towards the description of the temporal ordering of the events. Linear temporal logics differ from typical modal logics by presence of specific temporal operations which cannot be expressed in the standard modal language. The logic which we consider in this article, is based on the following Kripe/Hintikka-like models with linear discrete time. The frame NC := C(i),R,R1 ,...,Rm ,Next i∈N

is a tuple, where N is the set of natural numbers, C(i) are some non-empty pairwise disjoint (i.e. C(i)∩ C(j) = ∅ if i = j) sets, the relations R, R1 , ..., Rm , are binary accessibility relations. For all elements a and b from i∈N C(i), aRb ⇔ [a ∈ C(i) and b ∈ C(j) and i ≤ j ]; any Rj is a reflexive, transitive and symmetric relation, and ∀a,b ∈

C(i), aRj b ⇒ [a,b ∈ C(i) for some i];

i∈N

∀a,b ∈

C(i), a Next b ⇔ [a ∈ C(i) for some i and b ∈ C(i+1)].

i∈N

These frames are intended to model the reasoning/computation in discrete time, so each i ∈ N (any natural number i) is the time index (time tick). Any C(i), i ∈ N, is a set of all possible states at the time point i; the relation R represents the current of time (which we assume to be linear and discrete). Relations Rj represent agents’ accessibility relations to states within any cluster of states C(i) at the time point i. So, as usually, any Rj is supposed to be an S5-like relation. We model reasoning (computations), which are simultaneous and parallel: after a step i of a process a new cluster of possible states C(i+1) appears, and agents will be given new access rules (a new configuration of all Ri ) to the states within C(i+1). However, the agents cannot predict, which access rules they will have (i.e. in particular, why we do not use nominals). The Next relation is the standard one—it describes all states available in the next time point cluster. Based on these structures NC , we propose the following language as a combination of an extended language of LT L and an extension of the usual language for agents’ knowledge logic. It includes the language of the standard LT L [which extends the language of the Boolean logic by operations N (next) and U (until)] and the new operations Uw (weak until) and Us (strong until). Also our language includes the language of the agents’ knowledge logic, (which expands the language of Boolean logic by modal-like unary operations Kj , 1 ≤ j ≤ m) and knowledge via interaction operation IntK. Formation rules for formulas are as usual. The formula Nϕ has meaning: ϕ holds in the next time cluster of states (all states of that cluster); ϕUψ can be read: ϕ holds until ψ will hold; ϕUw ψ has meaning: ϕ weakly holds until ψ will hold; ϕUs ψ says: ϕ strongly holds until ψ will hold;

Linear Temporal Logic 5 Kj ϕ means: the agent j knows ϕ at the current state of a time cluster; IntKϕ means: ϕ is known by interaction between agents. Similar to the standard definition of Kripke/Hintikka models on frames, for any collection of propositional letters Prop and any frame NC , a valuation in NC is a mapping which assigns truth values to elements of Prop in NC . So, for any p ∈ Prop, V (p) ⊆ NC . We will call NC ,V a model (a Kripke/Hintikka model). For any model M, the truth values are extended from propositions (in Prop) to arbitrary formulas (built over Prop as follows, (for a ∈ NC , notation (NC ,a) V ϕ says that the formula ϕ is true at a in NC w.r.t. V ). The rules are given below: ∀p ∈ Prop, (M,a)

Vp

⇔ a ∈ V (p);

(M,a)

V ϕ ∧ψ

⇔ (M,a)

Vϕ

(M,a)

V ¬ϕ

⇔ not[(M,a)

(M,a)

V Nϕ

⇔∀b[(a Next b)⇒(M,b)

(M,a)

V ϕUψ

V ϕ];

⇔∃b[(aRb)&((M,b)

∀c[(aRcRb)&¬(bRc)⇒(M,c) (M,a)

V ϕUw ψ

V ψ;

& (M,a)

⇔∃b[(aRb)&((M,b)

V ϕ]; V ψ)& V ϕ]]; V ψ)∧

∀c[(aRcRb)&¬(bRc)&(c ∈ C(i)) ⇒ ∃d ∈ C(i)(M,d) (M,a)

V ϕUs ψ

⇔∃b[(aRb)&b ∈ C(i)&∀c ∈ C(i)((M,c)

∀c[(aRcRb)&¬(bRc)⇒(M,c) (M,a)

V Kj ϕ

⇔∀b[(a Rj b)⇒(M,b)

(M,a)

V IntKϕ

(M,ais )

V ϕ]]; V ψ)&

V ϕ]]; V ϕ];

⇔ ∃ai1 ,...,ais ∈ M[aRi1 ai1 Ri2 ai2 ...Ris ais & V ϕ].

First of all, from this definition it is immediately visible that the operation IntK is the dual of the common knowledge operation C as it is introduced in Fagin et al. [12] (in fact, IntK = ¬C¬, where C is the common knowledge operation from [12]). (M,a) V IntKϕ says that there is a finite path (of unbounded length) of interchanging agents’ accessibility relations which leads to a state where ϕ is true. Intuitively, it looks as agents interact and pass each other the information that ϕ is true at some state. So, ϕ is known in a via an interaction of agents. It looks as an attractive application of the common knowledge operation from [12]. Notice also that, in the rules above, the treatment of U is slightly different from standard one—it is sufficient for ψ to be true at least at one state of the achievable current time cluster. The operation Uw more drastically differs from the standard U—it is sufficient for ϕ to be true only in a certain state of all time clusters before ψ will become true at a state. And the strong until—ϕUs ψ—means that there is a time point i, where the formula ψ is true at all states in the time cluster C(i), and ϕ holds in all states of all time points j preceding i.

6 Linear Temporal Logic

2.1 Possible applications of suggested logical operations The operations Uw and Us may be implemented for reasoning about network computations and their supervision. Assume that any C(i) in the model NC :=

C(i),R,R1 ,...,Rm ,Next,V

i∈N

consists of CPUs available at the time moment i. Any p from Prop is a computational task, and (NC ,a) V p means that the CPU a performs a computation for p. (i) Persistence: the truth relation (NC ,a)

Vp

Uw q

means that, in the future, some CPU will start computation for q and before this, in any time point there is a CPU which performs computation for p. Thus, Uw allows us to check persistence in computations for p. (Here and below, we can interpret latter letter in operation Uw and other U-like operations as a termination condition.) (ii) Idleness: the statement (NC ,a) V p Us q means that in some future time point all CPUs will compute q and before this all CPUs make computations for p. So, Us can check that there are no idle CPUs w.r.t. p. (iii) Distributed computation: the fact (NC ,a)

V ¬(p∧q)Us r

means that before a computation for r will start no CPUs are performing computations for p and q simultaneously. So, this way we can check a kind of distribution of computations for p and q: no CPUs computing both p and q (so to say computations for p and q must be disjunctive). (iv) Parallel computation: the relation (NC ,a)

V (¬(p∧q)Us r)

∧(p Uw r) ∧ (q Uw r)

represents parallel computation of tasks p and q. The formula above says that the computation for p and q are distributed (before the termination signal r) and parallel: in any time (before termination by r) there are two distinct CPUs one of which perform computation for p and another one—for q. These examples illustrate some of motives for the introduction of new operations Uw and Us . The major distinction of our logic from the standard propositional temporal logic LT L is embedding of a structure into the states. We replace a single state i [which (usually) is a world in a linear Kripke model] with a structure C(i) (which is a Kripke model for multi-agents’ logic KD45m , the latter is the multi-modal logic S5m ). Every C(i) is a set with a collection of agents’ binary accessibility relations Rj . In terms of implementation, we can present any C(i) as a collection of all possible web sites in a network at a time moment i, and any Rj is all web links available for the agent j. Therefore, the introduction of the operation IntK, to be known via interaction between agents (cf. definition of the rule for the computation of its truth value above), is very relevant to this approach.

Linear Temporal Logic 7 Indeed, IntK means that the information about the truth of a proposition may be transferred via agents’ interaction: an agent passes the information to another one, etc., until it will reach the state (web site) where it has been requested. To briefly compare the suggested logical operations with standard ones, note that using operations U and N we can define all standard temporal and modal operations. For instance, Fϕ [ϕ holds eventually, which, in terms of modal logic, means ϕ is possible (denotation 3ϕ)], can be described as trueUϕ. Therefore, we can also define the modal operation 2 (as 2ϕ := ¬3¬ϕ) in this language. The temporal operation G, where Gϕ means ϕ holds henceforth, can be defined as ¬F¬ϕ. We can describe within this language various properties of transition systems and Kripke structures. For instance, the formula G(¬request ∨(request U grant)) says that whenever a request is made it holds continuously until it is eventually granted. The standard temporal operations together with knowledge operations add more expressive power to the language. (v) Discoverability: the formula 2¬K1 ¬ϕ says that, for any future time cluster and for any state a of this cluster the knowledge ϕ is discoverable for agent 1, it has access to a state b where ϕ holds. So ϕ is always discoverable for the agent 1. (vi) Weak necessity: the formula 2w ϕ := ¬(Us ¬ϕ) expresses the weak necessity, it says that in any time cluster C(i) there is a state where ϕ is true. To give more examples, the formula (¬ϕUw 2ϕ)∧32ϕ signifies that there is a minimal time point i since which ϕ holds in all states of all future time clusters, but before the time point i the formula ϕ is false in a state of any time cluster. Such properties are difficult to express in terms of standard modal or temporal operations. The operations Us and Uw may be presented using standard operation U and the belief operation [universal modality on whole C(i) for each i]. Vice versa, the belief operation locally may be expressed by Us . Also the operation belief is too strong: it covers all agents’ knowledge operations and IntK, and its introduction into the language would collapse the approach. Introduction of the operation believe in C(i) (in the context of the article) would not much correspond interpretations (as network computation, web surfing), e.g. it does not look realistic to assume that there is an omniscient supervisor: an agent who can use any web link and can open any web site. The expressions for standard modal and temporal operations presented above are only for illustration of expressive power of our language, below we use only postulated language and notation. Definition 1 For a Kripke structure M := NC ,≤,V and a formula ϕ , we say that (i) ϕ is satisfiable in M (denotation – M Sat ϕ) if there is a state b of M (b ∈ NC ) where ϕ is true: (M,b) V ϕ. (ii) ϕ is valid in M (denotation – M ϕ) if, for any b of M (b ∈ NC ), the formula ϕ is true at b ((M,b) V ϕ).

8 Linear Temporal Logic Definition 2 For a Kripke frame NC and a formula ϕ, we say that (i) ϕ is satisfiable in NC (denotation NC Sat ϕ) if there is a valuation V in the frame NC such that NC ,V Sat ϕ. (ii) ϕ is valid in NC (denotation NC ϕ) if not(NC Sat ¬ϕ). Definition 3 The logic LT LK is the set of all formulas which are valid in all frames NC . A formula ϕ is a theorem of LT LK if ϕ ∈ LT LK . To connect satisfiability and theorems of LT LK , it is sufficient to recall that a formula ϕ in the language of LT LK is said to be satisfiable in LT Lk iff there is a valuation V in a Kripke frame NC which makes ϕ satisfiable: NC ,V Sat ϕ. It is clear that a formula ϕ is satisfiable iff ¬ϕ is not a theorem of LT LK : ¬ϕ ∈ LT LK . And vise versa, ϕ is a theorem of LT LK (ϕ ∈ LT LK ) if ¬ϕ is not satisfiable.

3

Main results, decidability algorithm

In fact, LT LK is a fusion of a special temporal-like logic and the agents’ knowledge logic, thus LT LK is a logic with modal and time operations. Therefore, to approach decidability issue we can borrow some techniques from these areas. We will apply a technique using elements of previous research concerning truth and admissibility of inference rules (cf. [31–40]) in non-classical logics. This approach uses a representation of formulas by rules, and transformation of rules into their normal reduced forms. Such translation of formulas into these rules is essential for (i) implicit representation of non-nested universal modality, and (ii) simplification of proofs (using the specific structure of these rules), in particular, by avoiding proofs of inductive steps on nested logical operations. All necessary notation, known facts and results are given below. By definition, a (sequential) rule is an expression ϕ1 (x1 ,...,xn ),...,ϕm (x1 ,...,xn ) r := , ψ(x1 ,...,xn ) where ϕ1 (x1 ,...,xn ),...,ϕm (x1 ,...,xn ) and ψ(x1 ,...,xn ) are some formulas constructed out of letters x1 ,...,xn . Letters x1 ,...,xn are variables of r, we use notation xi ∈ Var(r) to say xi is a variable of r. Definition 4 A rule r is said to be valid in a Kripke model NC ,V with the valuation V (we will use notation NC V r) if ϕi )] ⇒ [∀a ((NC ,a) V ψ)]. [∀a ((NC ,a) V 1≤i≤m

Otherwise we say r is refuted in NC , or refuted in NC by V , and write NC

V r.

A rule r is valid in a frame NC (notation NC r) if, for any valuation V of letters from Var(r), NC V r (again, otherwise we say NC refutes r, notation NC r) . Material implication has standard meaning: x → y := ¬x ∨y. For any formula ϕ, we can consider the rule x → x/ϕ (with the premise x → x and the conclusion ϕ) and employ the technique of reduced normal forms for inference rules as follows.

Linear Temporal Logic 9 Lemma 5 A formula ϕ is a theorem of LT LK iff the rule (x → x/ϕ) is valid in any frame NC . The proof for this statement is trivial. In the sequel, for simplicity of notation and utilization of intuition, concerning the action of modal logical operations, we will use symbols 3i for ¬Ki ¬ and 2i := Ki , respectively. This will also help to maintain a well-balanced notation. A rule r is (said to be) in the reduced normal form if r = εr /x1 , where t(j,i,0) εr := θj ; θj := ( [ xi ∧(Nxi )t(j,i,1) ∧ 1≤j≤s

1≤i≤n

(xi Uxk )t(j,i,k,0) ∧

k∈[1,n],k =i

(xi Uw xk )t(j,i,k,1) ∧

k∈[1,n],k =i

(xi Us xk )

k∈[1,n],k =i

t(j,i,k,2)

t(j,i,2)

∧IntKxi

∧

(3l xi )t(j,i,l,3) ]),

1≤l≤m

and all xt are certain letters (variables), t(j,i,z),t(j,i,k,z) ∈ {0,1} and, for any formula α above, α 0 := α, α 1 := ¬α. Definition 6 Given a rule rnf in the reduced normal form, rnf is said to be a normal reduced form for a rule r iff, for any frame NC , NC r ⇔ NC rnf . Based on proofs of Lemma 3.1.3 and Theorem 3.1.11 from [33], by similar technique, following closely to the proof in [33], we obtain: Theorem 7 There exists an algorithm running in (single) exponential time, which, for any given rule r, constructs its normal reduced form rnf . For readers interested in the details of this technique, we put below a draft of proof for Theorem 7. Actually we shall specify the general algorithm described in Lemma 3.1.3 and Theorem 3.1.11 of [33] to the language of our logic. Assume a rule is given, ϕ1 (x1 ,...,xn ),...,ϕm (x1 ,...,xn ) r= ψ(x1 ,...,xn ) It is evident that r is equivalent to the rule r0 =

ϕ1 (x1 ,...,xn )∧...∧ϕm (x1 ,...,xn )∧xc ≡ ψ(x1 ,...,xn ) xc

where xc is a new variable. Therefore, we can restrict ourself to considering only rules in the form c = ϕ(x1 ,...,xn )/xc . If ϕ = α ◦β, where ◦ is a binary logical operation and both formulas α and β are not variables or unary logical operations applied to the variables (which of both we call final formulas), take two new variables xα and xβ and the rule r1 := xα ◦xβ ∧(xα ≡ α)∧(xβ ≡ β)/xc . If one of the formulas α or β is final and another one is not, we apply this transformation to the only non-final formula. It is clear that r and r1 are equivalent w.r.t. validity in frames.

10 Linear Temporal Logic If ϕ = ∗α, where ∗ is a unary logical operation and α is not a variable, take a new variable xα and the rule r1 := ∗xα ∧(xα ≡ α)/xc . Again r and r1 are equivalent. We continue this (similar) transformation over the resulting rules

j∈J1 γj ∧

i∈I1 (xαi ≡ αi )

xc until all formulas αi and γj in the premise of the resulting rules will be either atomic formulas (i.e. logical operations applied to variables) or variables. As a result, we obtain a rule r2 . Evidently this transformation is linear in terms of the length of r, and the rule r2 has size linear in r. Next, we transform the premise of r2 in the disjunctive normal form and, next, transform the premise into the disjunctive normal and, then, transform the premise into the perfect disjunctive normal form (which has the disjunctive members of uniform length each of which contains all the components required in the definition of reduced normal forms) and obtain as the result an equivalent rule r3 . This transformation, as well as all known ones for reduction of Boolean formulas to disjunctive normal forms, is exponential. As a result, the final rule r3 will have the required form. This concludes the proof. The length of the final rule r3 may be (single) exponential in r, but the length of the intermediate rule r2 is linear in r. Using this theorem and Lemma 5, to solve the question about decidability of LT LK , it suffices to find an algorithm recognizing rules in reduced normal form, that are valid in all frames NC . Lemma 8 If a rule rnf is refuted in a frame NC , then rnf may be refuted by a valuation V in such frame with (i) clusters C(i) at most square polynomial in size of rnf , where (ii) the number of non-isomorphic models with the valuation V on the time clusters C(i) is at most exponential in size of rnf . Proof. Let rnf = εrnf /x1 , εrnf := 1≤j≤m θj , and NC V rnf , then (in the sequel ∃1 , as usual, means there exists exactly one) (∀a ∈ NC ∃1 θja )[(NC ,a)

V θj a ]

and (∃a1 ∈ NC )[(NC ,a1 )

V ¬x1 ],

(1)

where θja is a disjunctive member of the premise of r. It is obvious that from NC V rnf we obtain that some disjunct from the premise of rnf must be true at a. This disjunct is uniquely defined because any pair of distinct disjuncts is inconsistent. In the sequel, for any a ∈ NC , θja is the unique disjunct from the premise of rnf which is true at a w.r.t. V (cf. above). For any time cluster C(i) ∈ NC and c ∈ C(i), denote by Fg (c) the frame generated within C(i) by relations R1 ,...,Rm (i.e. the frame consisting of all worlds which may be accessed from c by some finite combinations of these accessibility relations Rj ). For any a,b ∈ Fg (c) for some c, we set a ≡ b ⇔ θ ja = θ jb . This evidently is an equivalence relation in any Fg (c). For a ∈ C(i) ⊆ NC , [a]≡ is the class of all states from C(i) equivalent to a w.r.t. ≡, so they have to be all together with a inside the frame

Linear Temporal Logic 11 Fg (c) for some c. Consider the factor model NC,≡ of NC by ≡, where [a]≡ Rj [b]≡ ⇔ ∃i(a,b ∈ C(i))∧b ∈ Fg (a)∧ ∀xi ∈ Var(rnf )[(NC ,a)

(2)

V 3j xi ⇔(NC ,b)

V 3j xi ];

[a]≡ R[b]≡ ⇔a R b; [a]≡ Next [b]≡ ⇔ a Next b, ∀xi ∈ Var(rnf )[V (xi ) := {[a]≡ | (NC ,a)

V xi }.

By (1) this definition is correct (note that we cannot use just standard filtration technique because possible paths of knowledge accessibility relations cannot be bounded through any filtration, decision formulas IntKxj create a problem). We need to show that ∀a ∈ NC,≡ (NC,≡ ,[a]≡ )

V θj a .

(3)

By definition of NC,≡ , for all i, via standard computation it follows:

If (NC ,a)

(NC,≡ ,[a]≡ )

V xi ⇔(NC ,a)

(NC,≡ ,[a]≡ )

V Nxi ⇔(NC ,a)

V xi ; V Nxi ;

(NC,≡ ,[a]≡ )

V xi Uxk ⇔(NC ,a)

(NC,≡ ,[a]≡ )

V xi Uw xk ⇔(NC ,a)

V xi Uw xk ;

(NC,≡ ,[a]≡ )

V xi Us xk ⇔(NC ,a)

V xi Us xk .

V 3j xi then for some b, aRj b and (NC ,b)

that [a]≡ Rj [b]≡ and (NC,≡ ,[a]≡ ) Vice versa, let (NC,≡ ,[a]≡ )

V xi Uxk ;

V xi . Then b ∈ Fg (a) and by (2) we conclude

V 3j xi . V 3j xi .

Then we have, for some b, [a]≡ Rj [b]≡ and (NC,≡ ,[b]≡ ) V xi . In this case, b ∈ Fg (a) and (NC ,b) V xi , and by reflexivity of Rj , (NC ,b) V 3j xi . Then from (2) it follows that (NC ,a) V 3j xi . So, we proved (NC,≡ ,[a]≡ )

V 3j xi ⇔(NC ,a)

V 3j xi .

To complete the proof for (3) we only need to show that (NC,≡ ,[a]≡ )

V IntKxi ⇔(NC ,a)

V IntKxi .

If (NC ,a) V IntKxi there is a certain path aRj1 a1 Rj2 a2 ...Rjs as , such that (NC ,as ) all aj are from Fg (a) and by (2) we conclude that

V xi . Then

[a]≡ Rj1 [a1 ]≡ Rj2 [a2 ]≡ ...Rjs [as ]≡ . Besides we have, (NC,≡ ,[as ]≡ ) Conversely, if (NC,≡ ,[a]≡ )

V xi ,

so (NC,≡ ,[a]≡ )

V IntKxi ,

V IntKxi .

then there is a path by relations Rj in NC,≡

leading from [a]≡ to some [b]≡ , where (NC,≡ ,[b]≡ )

V xi .

Thus, we have [a]≡ Rj1 [a1 ]≡ Rj2

12 Linear Temporal Logic [a2 ]≡ ... Rjs [as ]≡ = [b]≡ , and [b]≡ V xi implies (NC ,b) V xi . By definition of ≡, we conclude that b ∈ Fg (a). Hence, there is a path by relations Rj leading in NC from a to b, and consequently we have (NC ,a) V IntKxi . This completes the proof of (3). By (3) the model NC,≡ refutes the rule r. Note that, for any a ∈ NC , the class [a]≡ is uniquely identified by θja . All relations Rj on [a]≡ (as the first argument) within the time cluster from NC,≡ containing [a]≡ are also uniquely identified by θja ; again, the valuation V on [a]≡ is identified by θja . Therefore, the following hold: (i) For any world [a]≡ ∈ NC,≡ , the size of the Kripke model Fg ([a]≡ ) by V on the frame generated from [a]≡ by relations R1 ,...,Rm [i.e. the model based on the set of all worlds accessible from [a]≡ by finite concatenations of relations R1 ,...,Rm (in arbitrary order, arbitrary number)] is linear in the size of rnf (the base set has linearly many worlds each of which is determined by θja valid at this world). (ii) There are at most exponentially many in the size of rnf non-isomorphic models Fg ([a]≡ ) by the valuation V . (iii) We, evidently, may assume that there are at most double-exponentially many in the size of rnf non-isomorphic models C(i) by V in NC,≡ . To reduce the number of worlds in time clusters C(i) in NC,≡ and the number of non-isomorphic clusters, we perform the following rarefaction of NC,≡ . For any variable letter xj from the rule rnf , ∀C(i) ∈ NC,≡ , let r(xj ,C(i))+ := [a]≡ , where [a]≡ is a fixed world from C(i) with (NC,≡ ,[a]≡ )

V xj

(if one exists).

And, respectively, ∀C(i) ∈ NC,≡ , r(xj ,C(i))− := [a]≡ , where [a]≡ is a fixed world from C(i) with (NC,≡ ,[a]≡ )

V ¬xj

(if one exists).

If, for any C(i) ∈ NC,≡ we allow to remain in the cluster C(i) only the models Fg (r(xj ,C(i))+ ) and Fg (r(xj ,C(i))− ) for all xj ∈ Var(rnf ), this will not effect the truth values of the disjuncts in the premise of rnf at remaining worlds in NC,≡ , and the resulting model will refute rnf by V . But the number of worlds in C(i) ⊆ NC,≡ will be at most 2n×k1 , where n is the number of variable letters in rnf and k1 is the number of disjuncts in the premise of rnf . So, the size of any C(i) then is at most square polynomial from rnf . Furthermore, after this transformation, we may assume that the number of non-isomorphic models by V on time clusters C(i) is at most exponential in size of rnf (indeed, we can merely replace all models C(i),V which have the same representation of valid and not valid inside letters xj by some unique model from this class). This completes the proof of our lemma. In order to prove decidability of LT LK , we need the following special finite Kripke models. Take any frame NC and some numbers k1 ,m1 , where m1 > k1 > 2 and modify NC as follows. The frame NC (k1 ,m1 ) has the structure: NC (k1 ,m1 ) :=

1≤i≤m1

C(i),R,R1 ,...,Rm ,Next,

Linear Temporal Logic 13 where R is the accessibility relation from NC extended by pairs (x,y), where x ∈ C(i),y ∈ C(j) and i,j ∈ [k1 ,m1 ], so xRy holds for all such pairs; any Rj is simply transferred from NC , and Next is the relation from NC extended by ∀a ∈ C(m1 )∀b ∈ C(k1 )(a Next b = true). In the sequel, for any natural number k, Next k is k-times composition of Next. If given a valuation V of letters from a formula ϕ in NC (k1 ,m1 ), the truth values of ϕ can be defined at elements of NC (k1 ,m1 ) by the modified versions of the rules for computation of the truth values of formulas in NC specified earlier (in accordance with standard meaning of truth values for the time operations and knowledge modalities). We describe below the steps for time operations. For a cluster C(i), NxtC(i) is the next up (by the operation Next for worlds) for C(i) cluster. The operation Nxt is a function, and in the sequel, for any natural number k, Nxt k is the superposition of the function Nxt k-times. Let a ∈ C(i) ⊆ NC (k1 ,m1 ). (NC (k1 ,m1 ),a)

V ϕUψ

⇔∃t ∈ N(t ≥ 0)&

t

∃b ∈ Nxt C(i)[(NC (k1 ,m1 ),b) ∀c ∈ Nxt t1 C(i)((NC (k1 ,m1 ),c) (NC (k1 ,m1 ),a)

V ϕUw ψ

Vψ

& ∀t1 ((t1 ∈ [0,t −1]⇒

V ϕ)].

⇔∃t ∈ N(t ≥ 0)&

∃b ∈ Nxt t C(i)[(NC (k1 ,m1 ),b)

Vψ

∃c ∈ Nxt t1 C(i)((NC (k1 ,m1 ),c)

V ϕ)].

(NC (k1 ,m1 ),a)

V ϕUs ψ

& ∀t1 ((t1 ∈ [0,t −1]⇒

⇔∃t ∈ N(t ≥ 0)&

∀b ∈ Nxt t C(i)[(NC (k1 ,m1 ),b)

Vψ

∀c ∈ Nxt t1 C(i)((NC (k1 ,m1 ),c)

V ϕ)].

& ∀t1 ((t1 ∈ [0,t −1]⇒

For any rule rnf in the normal reduced form, Pr(rnf ) = {θj | j ∈ I} is the set of all disjunctive members of the premise of rnf (assuming I to be a set of indexes chosen to label the disjuncts). One more notation we need follows from the evident Lemma 9 For any Kripke frame F := NC or F := NC (k1 ,m1 ) with a valuation V , where F any a ∈ F, there is a unique disjunct D from Pr(rnf ) such that (F,a)

V

Pr(rnf ), for

V D.

r ,V

In the sequel, we will denote this unique disjunct by DFnf (a). Recall that, for any Kripke model M with a valuation V of a set of propositional letters P, Dom(V ) is the set of all such letters, and for any world a from the model M, ValV (a) := {p | p ∈ Dom(V ),(M,a) V p}. Lemma 10 If a rule rnf in the reduced normal form is refuted in a frame NC by a valuation V then rnf can be refuted in a frame NC (k1 ,m1 ) by a valuation V1 , where

14 Linear Temporal Logic (i) The size of any cluster C(i) in NC (k1 ,m1 ) is at most square polynomial from the size of rnf ; the number mc of non-isomorphic models by V1 on time clusters C(i) in NC (k1 ,m1 ) is at most exponential from square polynomial in size of rnf . (ii) The size of the frame NC (k1 ,m1 ) is at most s1 ×s2s3 , where s1 is polynomial in rnf , s2 is the number of disjuncts in the premise of rnf , and s3 is square polynomial in rnf . Proof. If rnf is refuted in a frame NC by a valuation V , then NC V Pr(rnf ) and ∃a1 ∈ NC [(NC ,a1 )

V ¬x1 ].

r ,V

Therefore, the disjuncts DNnfC (x) are uniquely defined for all x ∈ NC . By Lemma 8, we may assume that the sizes of time clusters C(i) in NC are at most square polynomial in rnf and that the number of non-isomorphic models by V on the time clusters C(i) is at most exponential in size of rnf ; let mc be the number of such non-isomorphic models C(i). In the sequel, if not specified otherwise, we consider time clusters C(i) as models with V , and we mean C(i) = C(j) if the models C(i) and C(j) are isomorphic. For any Kripke frame F := NC or F := NC (k1 ,m1 ) with a valuation V , where F V Pr(rnf ), and any C(i) ⊆ F we will, in the sequel, consider the following structures (which are just pairs) r ,V M(i) := C(i), s∈C(i) DFnf (s) generated on time clusters C(i) up to renaming worlds in C(i). We can consider (deem) these structures as the first-order multi-set models with two base sets: C(i) and rnf ,V r ,V (s) and the mapping ∀s ∈ C(i) : s → DFnf (s). s∈C(i) DF If not specified otherwise, M(i1 ) = M(i2 ) will mean that M(i1 ) and M(i2 ) are isomorphic, r ,V r ,V i.e. there is a one-to-one mapping f from C(i1 ) onto C(i2 ), where ∀x ∈ C(i1 )(DFnf (x) = DFnf (f (x))). The name of the frame F, rnf and the valuation V are omitted in the record M(i) for simplicity of notation, but always their value will be clear from the context. Fix some i1 ∈ N where ∃a1 ∈ C(i1 ) such that (NC ,a1 ) V ¬x1 . Let, for any i ∈ N, PStr (i) := {M(j) | j ∈ N,j ≥ i}. That is, PStr (i) is the set of all structures M(j) situated after M(i) in the current of time. Choose an imin ∈ N, where imin > 3,imin > i1 and ∀j ∈ N, j ≥ imin ⇒ PStr (j) = PStr (imin ). Next, we choose the minimal by ≤ number ir ∈ N, where ir > imin +1 and the following holds {M(j) | imin ≤ j ≤ ir } = PStr (imin ) and

(4)

M(imin ) = M(ir ) (existence of such ir follows from the choice of imin ∈ N). In next step, we modify the Kripke structure NC by deleting all C(i) with i > ir and setting new relations R and Next on i∈[1,ir ] C(i) as follows. The relation R is the transitive and reflexive closure of the relation R∗ , where ∀i1 ,i2 ∈ [1,ir ][i1 ≤ i2 ⇒∀x,y(x ∈ C(i1 )&y ∈ C(i2 )⇒xR∗ y), ∀x ∈ C(ir )∀y ∈ C(imin+1 )(xR∗ y), ∀i1 ,i2 ∈ [imin +1,ir ]∀x ∈ C(i1 )∀y ∈ C(i2 )(xR∗ y). The relation Next is transferred from NC and extended with ∀x ∈ C(ir )∀y ∈ C(imin+1 )(x Next y).

Linear Temporal Logic 15

We choose the valuation V1 on i∈[1,ir ] C(i) of variable letters xi from rnf as the restriction of V from NC . The resulting structure M1 := i∈[1,ir ] C(i),V1 is based on the frame of the kind NC (k1 ,m1 ). Therefore, we can compute the truth values of formulas in the language of LT LK at the structure M1 as it is described for NC (k1 ,m1 ) earlier. In order to continue the proof of Lemma 10 we need, Lemma 11 For any b ∈ C(i), where i ∈ [imin +1,ir ], (M1 ,b)

rnf ,V V1 DNC (b).

Proof. Let b ∈ C(i1 ),i1 ∈ [imin +1,ir ] and (NC ,b) i1 ≤ i2 , (NC ,c)

V xj

V xi Uxj . Then, for some c ∈ C(i2 ) ⊆ NC , where

holds and ∀i3 ∈ [i1 ,i2 −1]∀d ∈ C(i3 ) (NC ,d)

(if i1 = i2 then (M1 ,b)

V1 xi Uxj

V xi ,

holds immediately). Take the minimal w.r.t ≤ number i2 , where

there is c ∈ C(i2 ) with this property. If i2 ≤ ir then we immediately get (M1 ,b) Assume i2 > ir . Then, in particular, ∀s ∈ C(ir )(NC ,s)

V xi Uxj ,

V1 xi Uxj .

and, respectively, by (4)

∀s ∈ C(imin )(NC ,s) V xi Uxj but ∀s ∈ C(imin )(NC ,s) V1 xj . Using (4) again we conclude that for some i3 , where imin ≤ i3 ≤ ir , the following holds: r ,V r ,V M(i3 ) = M(i2 ) and ∃s ∈ C(i4 )[DNnfC (s) = DNnfC (c)] and, in particular, (NC ,s) V xj . Because ∀s ∈ C(imin )(NC ,s) (M1 ,g)

V xi Uxj

V1 xi Uxj . This

we conclude that, for any g from the time cluster C(imin ),

together with (NC ,s)

V xj

entails (M1 ,b)

V1 xi Uxj .

For the opposite direction, assume b is a world from C(i1 ),i1 ∈ [imin +1,ir ] and (M1 ,b) V xi Uxj . For any C(i) ∈ M1 , NxtC(i) is (up) next to C(i) time cluster. Then, for some t ≤ ir −imin , ∃c ∈ Nxt t C(i1 )((M1 ,c)

xj )∧∀t1 [(0 ≤ t1 < t)⇒

∀s ∈ Nxt t1 C(i1 )(M1 ,s)

xi ].

Take minimal t satisfying this property. If t ≤ ir −i1 +1, then (NC ,b) Assume t > ir −i1 +1. Then, in particular, ∀x ∈ C(j)[j ∈ [i1 ,ir ]⇒(M1 ,x) and

∀y ∈ C(ir )(M1 ,y)

C(ir )(M1 ,z)

V 1 xj ,

V1 xi Uxj ,

and

also

∀x ∈ C(ir )(NC ,x)

V xi . Therefore,

V 1 xi

V1 xi Uxj .

But

∀z ∈

(because M(imin ) = M(ir ) by (4)). V 1 xi ,

and also

we obtain V1 xi Uxj

and then by (4) we conclude that ∀x ∈ C(ir )(NC ,x) V1 xi Uxj . Thus,

(5)

and by (4) ∀x ∈ C(imin )(NC ,x)

∀x ∈ C(imin )(NC ,x)

(NC ,b)

V 1 xj

evidently holds.

V 1 xi ]

∀y ∈ C(imin +1)(M1 ,y)

consequently ∀z ∈ C(imin )(M1 ,z)

Therefore, it follows that ∀x ∈ C(ir )(M1 ,x)

V1 xi Uxj

V1 xi Uxj .

This together with (5) imply

we proved that

∀i1 ∈ [imin +1,ir ]∀b ∈ C(i1 ), (M1 ,b)

V1 xi Uxj

⇔ (NC ,b)

V xi Uxj .

16 Linear Temporal Logic Statements: ∀i1 ∈ [imin +1,ir ]∀b ∈ C(i1 ), (M1 ,b)

V 1 x i U s xj

⇔ (NC ,b)

V xi Us xj

∀i1 ∈ [imin +1,ir ]∀b ∈ C(i1 ), (M1 ,b)

V 1 xi U w xj

⇔ (NC ,b)

V xi Uw xj

and

can be shown by similar technique. Similar statements for logical operations Ki , IntK and N [by (4)] are evident. Lemma 11 is proved. To continue the proof of Lemma 10 we also need, Lemma 12 For any b ∈ C(i), where i ∈ [1,imin ], (M1 ,b)

rnf ,V V1 DNC (b).

Proof. As in the previous lemma, for any variable xi ∈ Var(rnf ), ∀b ∈ C(i), where i ∈ [1,imin ], (M1 ,b) (M1 ,b)

V1 Nxi

⇔ (NC ,b)

V 1 xi

⇔ (NC ,b)

V xi

and

V Nxi

follow immediately by structure of M1 . Now we shall prove that ∀b ∈ C(i1 ), where i1 ∈ [1,imin ], (M1 ,b)

V1 xi Uxj

⇔ (NC ,b)

V xi Uxj .

V1 xi Uxj

⇒ (NC ,b)

V1 xi Uxj

The statement ∀b ∈ C(i1 ), where i1 ∈ [1,imin ], (M1 ,b)

follows immediately from the structure of M1 . If b ∈ C(i1 ),i1 ∈ [1,imin ] and (NC ,b) V1 xi Uxj and there are an j1 ∈ [i1 ,ir ] and c ∈ C(j1 ), where (NC ,c) then evidently (M1 ,b)

V 1 xj

& ∀j2 [(i1 ≤ j2 < j1 ) ⇒ ∀s ∈ C(j2 )(NC ,s)

V1 xi ],

(6)

V1 xi Uxj .

If b ∈ C(i1 ),i1 ∈ [1,imin ],(NC ,b)

V1 xi Uxj

but no j1 and c satisfy (6) then

∀j1 ∈ [imin ,ir ]∀s ∈ C(j1 )(NC ,s)

V1 xi Uxj ,

and by Lemma 11 , we conclude that ∀s ∈ C(imin+1 )(M1 ,s) above [that b ∈ C(i1 ),i1 ∈ [1,imin ],(NC ,b)

V1 xi Uxj

V1 xi Uxj .

This and our assumption

but no j1 and c satisfy (6)] imply that

(M1 ,b) V1 xi Uxj . The statements ∀i1 ∈ [1,imin ]∀b ∈ C(i1 ), (M1 ,b)

V 1 xi U w xj

⇔ (NC ,b)

V xi Uw xj ,

∀i1 ∈ [1,imin ]∀b ∈ C(i1 ), (M1 ,b)

V 1 x i U s xj

⇔ (NC ,b)

V xi Us xj

can be verified by similar reasoning. Again, similar statements for logical operations Ki and IntK are evident. Lemma 12 is proved.

Linear Temporal Logic 17 To continue the proof of Lemma 10, note that by Lemmas 12 and 11 and (4) the finite structure M1 refutes rnf and has all required properties from Lemma 10 except the effective bound on the size of M1 in (i) and (ii). To obtain the effective finite bound we will use the following rarefaction technique. First, for any variable letter xj from rnf , min(xj+ )w is the minimal index i from [imin +1,ir ] such if such i exists; min(xj− )w is the minimal index i from [imin +1,ir ] such

that ∃s ∈ C(i)(M1 ,s)

V 1 xj

that ∃s ∈ C(i)(M1 ,s)

V1 ¬xj

if such i exists; min(xj )s is the minimal index i from [imin +1,ir ]

such that ∀s ∈ C(i)(M1 ,s) V1 xj if such i exists. Let Ind := {i | i = min(xj+ )w or i = min(xj− )w or i = min(xj )s , xj ∈ Var(rnf )}. Given by two numbers i,j ∈ [1,ir ] we call time clusters C(i),C(j) duplications if for some t, Nxt t M(i) = M(j). For any C(i) from M1 , where i > 1, PrevC(i) is the previous to C(i) time cluster, i.e. Nxt(PrevC(i)) = C(i). For any pair of time clusters C(i),C(j) ∈ M1 , where 1 < i < j and C(i) and C(j) are duplications, if i,j ∈ [1,imin ) or i,j ∈ (imin+1 ,ir )&∃w,v ∈ Ind[i,j ∈ (w,v)&(w,v)∩Ind = ∅],

the structure M1 (C(i),C(j)) obtained from M1 by deleting all time clusters C(x) with x ∈ [i,j) from M1 and letting Next(PrevC(i)) = C(j) is said to be the rarefaction of M1 by (C(i),C(j)). To complete the proof of Lemma 10 we need, Lemma 13 If M1 (C(i),C(j)) is the rarefaction of M1 by (C(i),C(j)) then ∀c ∈ M1 (C(i),C(j)),(M1 (a,b),c) Proof. The proof is a standard routine verification.

rnf ,V1 V1 DM1 (c).

Using this lemma we can subsequently rarefy M1 by cutting intervals of time clusters between duplication pairs of clusters (moving from time clusters to their greatest duplications) in the shortest intervals between indexes in Ind. Let nm be the number of all different M(i) in the obtained model. As we know, the size of any cluster C(i) is at most square polynomial in rnf , and using this it is not hard to calculate that nm is at most s1 ×s2s3 , where s1 is square polynomial in rnf , s2 is the number of disjuncts in the premise of rnf and s3 is square polynomial in rnf . Observe now, that in the obtained model, it will remain at most nm +1 time clusters C(i) with i ∈ [1,imin ], and at most 3×v1 ×nm +3 clusters C(i), where v1 is the number of variable letters in rnf , with i ∈ (imin ,ir ]. So, this Kripke structure has the required property (ii) from Lemma 10, which concludes its proof. Lemma 14 If, for a rule rnf in normal reduced form, a frame NC (k1 ,m1 ) refutes rnf , then rnf may be refuted in some frame NC as well. Proof. Let NC (k1 ,m1 ) := 1≤i≤m C(i),R,R1 ,...Rm ,Next, rnf = εr /x1 , where εr := 1≤j≤m θj , be an inference rule in reduced normal form with n variables xi , V be a valuation on NC (k1 ,m1 ), where θj and NC (k1 ,m1 ) V 1≤j≤m

NC (k1 ,m1 )

V x1 .

18 Linear Temporal Logic To prove our lemma it is sufficient to employ standard unravelling technique (just roll the cluster of clusters C(i) with i ∈ [k1 +1,m1 ] towards the ‘future’ preserving the valuation V ). Details are given below. Consider the frame NC with the following structure and the valuation V1 of variables from the rule rnf [below rest(a,b), for any natural numbers a and b, is the reminder after division a by b]: NC := C(i),R1 ,...,Rm ,Next, where i∈N

∀i ∈ [1,m1 ]C(i) := C(i) ∈ NC (k1 ,m1 ); ∀i ∈ (m1 ,∞), C(i) := C(j) where C(j) ∈ NC (k1 ,m1 ) and j = rest(j −(k1 +1),m1 −(k1 +1))+k1 ; ∀i ∈ [1,m1 ]∀s ∈ C(i) ⊆ NC ,ValV1 (s) = ValV (s); ∀i ∈ (m1 ,∞)∀s ∈ C(i) ⊆ NC ,ValV1 (s) = ValV (s). Now to complete the lemma it is sufficient to show that for any s ∈ C(i) ⊆ NC rnf ,V V1 DNC (k1 ,m1 ) (s).

(NC ,s) For any variable xi ∈ Var(rnf ), ∀s ∈ C(i),(NC ,s)

V1 xi ⇔(NC (k1 ,m1 ),s)

V xi

holds immediately by choice of V1 . The fact that ∀s ∈ C(i),(NC ,s)

V1 Nxi

⇔ (NC (k1 ,m1 ),s)

V Nxi

follows immediately by direct computation using structure of NC . Assertion s ∈ C(i1 )&C(i) ∈ NC & (NC ,s)

V1 xi Uxj

⇒ (NC (k1 ,m1 ),s)

V xi Uxj

follows by standard computation from the chosen structure of NC . The opposite statement s ∈ C(i1 )&C(i) ∈ NC & (NC (k1 ,m1 ),s)

V1 xi Uxj

⇒ (NC ,s)

V xi Uxj

immediately derivable by simple computation using structure of NC . Thus we proved: ∀s ∈ C(i) ⊆ NC [(NC ,s)

V1 xi Uxj

⇔ (NC (k1 ,m1 ),s)

V xi Uxj .

The assertions ∀s ∈ C(i) ⊆ NC [(NC ,s)

V 1 xi Uw xj

⇔ (NC (k1 ,m1 ),s)

V xi Uxj

∀s ∈ C(i) ⊆ NC [(NC ,s)

V 1 xi Us xj

⇔ (NC (k1 ,m1 ),s)

V xi Uxj

and

may also be verified by standard computation similar to one pointed above. It is evident that ∀s ∈ C(i) ⊆ NC ∀j[(NC ,s) ∀s ∈ C(i) ⊆ NC [(NC ,s)

V 1 K j xi V1 IntKxi

⇔ (NC (k1 ,m1 ),s) ⇔ (NC (k1 ,m1 ),s) r ,V

V K j xi

and

V IntKxi .

And the statement: for any s ∈ C(i) ⊆ NC (NC ,s) V1 DNnfC (k1 ,m1 ) (s) follows from the proved equivalencies of truth values above, and, hence, our lemma is proved.

Linear Temporal Logic 19 Combining Lemma 5, Theorem 7, Lemma 10 and Lemma 14 we derive, Theorem 15 The logic LT LK is decidable. The algorithm for checking a formula to be a theorem of LT LK consists in validity verification for rules in the reduced normal form in finite Kripke/Hintikka frames NC (k1 ,m1 ) of size effectively bounded on the size of the rules (single-exponential from a square polynomial on size of the rules). The overall complexity of the suggested algorithm includes as well the reduction of formulas to rules and rules to the normal reduced forms. But this complexity is single exponential (the same as the complexity of reduction of any Boolean formula to the disjunctive normal form). Recall, that a logic L has fmp iff, for any formula ϕ, where ϕ ∈ L, there is a finite Kripke frame F such that F ϕ, but for any formula ψ ∈ L, F ψ (in this case F is said to be an L-frame). From Lemma 5, Theorem 7, Lemma 10 and Lemma 14, we immediately obtain, Corollary 16 The logic LT LK has the fmp. There are some variations of the logic LT LK that use other logical operations to model Us and Uw . Consider the following new relation Rs on frames NC : ∀i ∈ N,∀a,b ∈ C(i)(aRs b). The relation Rs plays a special role in modelling the knowledge of a supervisor (omniscient agent) who knows the information in all states of the current time point. Let 2s := Ks , 3s := ¬Ks ¬. We use notation ≡sem to say that the truth values of formulas in frames NC coincide. It is easy to see that, Proposition 17 The following holds (i) ϕUw ψ ≡sem 3s ϕU3s ψ; (ii) ϕUs ψ ≡sem 2s U2s ψ. So, having at our disposal a supervisor agent, we can obtain weak and strong until. The logic LT LKS in the language with Ks and without Us and Uw obeys the technique for LT LK presented in this article, and we can get the decidability with the same bound of complexity. Another way to vary or extend the language is to add variants of the operation N. For instance, we could consider an operation Nw —weak next with interpretation (M,a)

V Nw ϕ

⇔∃b[(a Next b)&(M,b)

V ϕ],

and the logic with this new operation again will be decidable. Moving in this direction further, we can consider a new operation Nextw on frames NC being a restriction of Next, for instance, satisfying the conditions: ∀a,b ∈ C(i),a Nextw b ⇒ [a ∈ C(i) for some i and b ∈ C(i+1)]; i∈N

∀a ∈

C(i)[a ∈ C(i)⇒[∃b ∈ C(i+1)(a Nextw b)] &

i∈N

∀c ∈ C(i)∀d ∈ C(i+1)[(c Nextw d)⇔(a Nextw d)]]. Again, the method of the Theorem 15 will works for this case and we get decision algorithm.

20 Linear Temporal Logic

4

Extension of LT LK with temporal indexes from Z

Our logic LT LK is based on a flow of time modelled by natural numbers, which matches well with human intuition. In this section, we will extend this logic to the one using time indexes from Z in order to handle past temporal operations—Since and Previous. This will require reasonably small adaptation of our previous technique. We start by introducing the semantics defining the new logic. The frame ZC := C(i),R,R1 ,...,Rm ,Next,Prev i∈Z

is a tuple, where Z is the set of all integer numbers, C(i) are some non-empty (pairwise disjoint) sets, R is a binary linear relation for time, R1 ,...,Rm are binary accessibility relations imitating possible agents’ transitions. ∀a,b ∈ C(i)(aRb)⇔ [a ∈ C(i)&b ∈ C(j)&i ≤ j]. i∈Z

As before, Rj are reflexive, transitive and symmetric relations, and ∀a,b ∈

C(i),aRj b⇒∃i ∈ Z[a,b ∈ C(i)].

i∈Z

So, again, any Rj is a S5-like relation, i.e an equivalence relation, at clusters C(i). Further, we assume that a Next b ⇔ [∃i((a ∈ C(i))&(b ∈ C(i+1))]; a Prev b ⇔ [∃i((a ∈ C(i))&(b ∈ C(i−1))]. The language of new logic LT LK (Z) extends the language of LT LK by four more logical operations: S (since), Sw (weak since), Ss (strong since), N−1 (previous). N−1 ϕ means that ϕ holds in the previous time cluster of states; ϕSψ says that since ψ was true, ϕ holds until now; ϕSw ψ denotes that since ψ was true, ϕ weakly holds until now; ϕSs ψ means that since ψ was true, ϕ strongly holds until now. For a frame ZC with a valuation V , the rules of computation for truth values of formulas in the model M := ZC ,V are as before and extended for new logical operations as follows: (M,a) (M,c) (M,a)

V ϕSψ

⇔∃b[(bRa)∧((M,b)

V ψ)∧∀c[(bRcRa)&¬(cRb)⇒

V ϕ]]; V ϕSw ψ

⇔∃b[(bRa)∧((M,b)

V ψ)∧

∀c[(bRcRa)&¬(cRb)&(c ∈ C(i)) ⇒ ∃d ∈ C(i)((M,d) (M,a)

V ϕSs ψ

⇔∃b[(aRb)∧b ∈ C(i)∧∀c ∈ C(i)((M,c)

∀c[(bRcRa)&¬(cRb)⇒((M,c) (M,a)

VN

−1

V ϕ)]]; V ψ)∧

V ϕ)]],

ϕ ⇔∀b((a Prev b) ⇒ (M,b)

V ϕ).

Definitions for satisfiability and validness of formulas in Kripke structures of the kind M := ZC ,V and frames ZC are standard, as before. Definition 18 The logic LT LK (Z) is the set of all formulas which are valid in all frames ZC .

Linear Temporal Logic 21 Aimed to show decidability of LT LK (Z) we will adapt the techniques from the previous section, we will transfer formulas to rules, then rules to their reduced normal forms, and next we will work with computation of the validness of rules in reduced normal form in the special structures. So, in this section, a rule in the reduced normal form is an expression: r = εr /x1 , where εr :=

θj ; θj := (

1≤j≤s

xi

1≤i≤n

(xi Uw xk )t(j,i,k,1) ∧

k∈[1,n],k =i

(xi Us xk )t(j,i,k,2) ∧

k∈[1,n],k =i

∧(Nxi )t(j,i,1) ∧

(xi Uxk )t(j,i,k,0) ∧

k∈[1,n],k =i

t(j,i,0)

[

(xi Sxk )t(j,i,k,3) ∧

k∈[1,n],k =i

(xi Sw xk )

k∈[1,n],k =i t(j,i,2) IntKxi ∧

t(j,i,k,4)

∧

(xi Ss xk )t(j,i,k,5) ∧

k∈[1,n],k =i

(3l xi )t(j,i,l,6) ]),

1≤l≤m

and all xt are certain letters (variables), t(j,i,z),t(j,i,k,z) ∈ {0,1} and, for any formula α above, α 0 := α, α 1 := ¬α. A rule rnf in the reduced normal form is a normal reduced form for a rule r iff, for any frame ZC , ZC r ⇔ ZC rnf . Using exactly the same method as in the previous section for LT LK , we can show that there is an algorithm, which in single exponential time constructs reduced normal form for any given inference rule. So, to prove decidability of LT LK (Z), it is sufficient to construct an algorithm recognizing inference rules in reduced normal form which are valid in all frames ZC . Lemma 19 If ZC rnf then rnf can be refuted by a valuation V in a frame of the kind ZC , where (i) all time clusters C(i) are of size at most square polynomial from rnf and (ii) the number of non-isomorphic models with respect to the valuation V on time clusters C(i) is at most exponential from the size of rnf . It immediately follows from the proof of Lemma 8, because transformations from Lemma 8 do not effect truth values of temporal operations for future and past. Now, proceeding similar to as we did in the previous section for NC , we need some special models obtained from the frames ZC by rolling of positive and negative time infinities in time clusters of clusters. For any frame ZC and some integer numbers k1 ,m1 ,k2 ,m2 , where m2 > k2 > 2,−2 > k1 > m1 we construct the frame NC (k1 ,m1 ,k2 ,m2 ) from ZC as follows. NC (k1 ,m1 ,k2 ,m2 ) := m1 ≤i≤m2 C(i),R,R1 ,...,Rm ,Next,Prev, where R is the accessibility relation from ZC extended by pairs (x,y), where x ∈ C(i),y ∈ C(j) and i,j ∈ [m1 ,k1 ], or i,j ∈ [k2 ,m2 ]. Any relation Rj is simply transferred from ZC , and Next and Prev are taken from ZC and extended in standard manner (bearing in mind the essence of rolling) by ∀a ∈ C(m2 )∀b ∈ C(k2 +1)(a Next b = true); ∀a ∈ C(m2 )∀b ∈ C(k2 +1)(b Prev a = true); ∀a ∈ C(m1 )∀b ∈ C(k1 −1)(a Prev b = true); ∀a ∈ C(m1 )∀b ∈ C(k1 −1)(b Next a = true). Now C(k2 +1) has two previous clusters—C(m2 ) and C(k2 ), and similarly C(k1 −1) has two next clusters—C(k1 ) and C(m1 ). This will effect our further constructions and proofs compared

22 Linear Temporal Logic with the ones from the previous section. For any given valuation V of letters from a formula ϕ in NC (k1 ,m1 ,k2 ,m2 ), we have to define how to compute the truth value of ϕ at worlds of NC (k1 ,m1 ,k2 ,m2 ) providing the rules for the computation. For this, we need some modification of computation rules from the previous section, because paths by relations Next and Prev are not uniquely defined. For all operations U, Us and Uw , we define truth values as in previous section for NC (k1 ,m1 ), but we admit that it should be at least one path of time clusters C(j) by the relation Next with the required property. Truth values for operations S, Ss and Sw may be computed by the rules dual to ones for U, Us and Uw with replacement of the Next relation by Prev one. Computation for operations N and N−1 is standard, similar as for the frame NC . As for Lemma 9, if F := ZC (k1 ,m1 ,k2 ,m2 ) or F := ZC , and F V Pr(rnf ) then, for any a ∈ F, there is a unique disjunct from Pr(rnf ) which is true at a w.r.t. V . As before, we will denote this r ,V

(a). And, as in the previous section, for any Kripke frame F := ZC or F := LT LK (Z)(k1 ,m1 ,k2 ,m2 ) with a valuation V , where F V Pr(rnf ), for all C(i) ∈ F, we will consider the pairs rnf ,V M(i) := C(i), DF (s) unique disjunct by DFnf

s∈C(i)

up to renaming worlds in C(i). If not specified otherwise, M(i1 ) = M(i2 ) will mean that M(i1 ) and M(i2 ) are isomorphic, i.e. there is a one-to-one mapping f from C(i1 ) onto C(i2 ), where r ,V

∀x ∈ C(i1 )(DFnf

r ,V

(x) = DFnf

(f (x))).

We omit in the notation M(i) the name of the frame F, rnf and the valuation V for brevity sake (always their value will be clear from the context). These structures will play even more essential role compared with the previous section. Lemma 20 If, for a rule rnf in the reduced normal form, ZC ZC (k1 ,m1 ,k2 ,m2 ) V1 rnf , where

V rnf ,

then, for some frame ZC (k1 ,m1 ,k2 ,m2 ),

(i) The size of any cluster C(i) in ZC (k1 ,m1 ,k2 ,m2 ) is at most square polynomial size in rnf ; the number mc of non-isomorphic models with respect to the valuation V1 on time clusters C(i) in ZC (k1 ,m1 ,k2 ,m2 ) is at most exponential from square polynomial on the size of rnf . (ii) The size of the frame ZC (k1 ,m1 ,k2 ,m2 ) is at most s1 ×s2s3 , where s1 is polynomial in rnf , s2 is the number of disjuncts in the premise of rnf and s3 is square polynomial in rnf . (iii) M(k2 ) = M(m2 ), M(k1 ) = M(m1 ). Proof. The item (iii) will be especially important here because, as we will show later, LT LK (Z) does not have the standard fmp. To complete this lemma we just need to adapt the proof of Lemma 10, bearing in mind the lack of standard fmp. If ZC rnf , then (cf. Lemma 19) rnf can be refuted in a frame of the kind ZC , where (i) all time clusters C(i) are of size at most square polynomial from rnf and (ii) the number of non-isomorphic models by V on time clusters C(i) is at most exponential from r ,V square polynomial on size rnf . Again, the disjuncts DZnfC (x) are uniquely defined for all x ∈ ZC . We, as before, consider time clusters C(i) as models w.r.t. V , and we make them to be equal if they are isomorphic. Structures M(i) for i ∈ Z are defined above.

Linear Temporal Logic 23 Choose an i1 ∈ Z where ∃a1 ∈ C(i1 ) such that (NC ,a1 )

V ¬x1 .

For, any i ∈ Z,

+ (i) := {M(j) | j ∈ Z,j ≥ i}; PStr − PStr (i) := {M(j) | j ∈ Z,j ≤ i}.

Now we will apply the reasoning from Lemma 10 to both directions—to future and past. + + Choose an imin ∈ Z, where imin > |i1 |+3 and ∀j ∈ Z, j ≥ imin ⇒ PStr (j) = PStr (imin ). Next, we choose the minimal by ≤ number ir ∈ Z, where ir > imin +1 and the following holds + (imin ) and {M(j) | imin ≤ j ≤ ir } = PStr

(7)

M(imin ) = M(ir ) (existence of such ir follows from the choice of imin ∈ Z). Next, we make similar choice to the past. − − Choose an jmin ∈ Z, where jmin < −|i1 |−3 and ∀j ∈ Z, j ≤ jmin ⇒ PStr (j) = PStr (jmin ). And, next, we choose the maximal by ≤ number jr ∈ Z, where jr < jmin −1 and the following holds − (jmin ) and {M(j) | jmin ≥ j ≥ jr } = PStr

(8)

M(jmin ) = M(jr ) (existence of such jr follows from the choice of jmin ∈ Z). Based on (7) and (8) wemodify ZC by deleting all C(i) with i > ir or i < jr and setting new relations R, Next and Prev on i∈[jr ,ir ] C(i) as follows. The relation R is the minimal transitive and reflexive relation which extends the relation transferred from ZC and includes pairs (x,y), where ∃i1 ,i2 ∈ [imin +1,ir ](x ∈ C(i1 )&y ∈ C(i2 )) or ∃i1 ,i2 ∈ [jmin −1,jr ](x ∈ C(i1 )&y ∈ C(i2 )). The relation Next is transferred from ZC and is extended with ∀x ∈ C(ir )∀y ∈ C(imin+1 )[(x Next y)&(y Prev x)], Similarly, the relation Prev is transferred from ZC and is extended with ∀x ∈ C(jr )∀y ∈ C(jmin−1 )[(x Prev y)&(y Next x)]. (this definition depart a little from the line of proof for Lemma 10, because a world now has two previous worlds, and also some world has two next ones). The valuation V1 on i∈[jr ,ir ] C(i) of variable letters xi from rnf is the restriction of the valuation V from ZC . The resulting structure M1 := i∈[jr ,ir ] C(i),V1 is based on the frame of the kind ZC (k1 ,m1 ,k2 ,m2 ). Therefore, we can compute the truth values of formulas in the language of LT LK (Z) at the structure M1 as it is described for ZC (k1 ,m1 ,k2 ,m2 ) above. Now, as in Lemma 10, we have to show that in the new model, the truth values for disjuncts of the rule are the same as in the model ZC ,V : ∀b ∈ C(i)[i ∈ [imin +1,ir ] ⇒ (M1 ,b)

rnf ,V V1 DZC (b)],

(9)

The proof for (9) just follows the proof of Lemma 11, the distinction is we must, in addition, to consider operations related to since—S, Sw , Ss and N−1 .

24 Linear Temporal Logic Assume b ∈ C(i1 ),i1 ∈ [imin +1,ir ] and (ZC ,b) i1 ≥ i2 , (ZC ,c)

V xi Sxj .

Then, for some c ∈ C(i2 ) ⊆ ZC , where

V xj holds and

∀i3 ∈ [i2 ,i1 −1]∀d ∈ C(i3 ) (ZC ,d) (if i1 = i2 then (M1 ,b)

V1 xi Sxj

V xi

holds immediately). Take the maximal w.r.t. ≤ number i2 where

there is c ∈ C(i2 ) with this property. If i2 ≥ jr then we immediately get (M1 ,b) Assume i2 < jr , then ∀s ∈ C(jr )(ZC ,s) C(jmin )(ZC ,s) C(j)(ZC ,s)

V1 xi Sxj .

and by (8) we conclude that ∀s ∈

V xi Sxj ,

V xi Sxj . And by using (8) again, we see that for some j ∈ [jr ,jmin ], ∃s ∈ V xi Sxj . This

and ∀s ∈ C(jmin )(ZC ,s)

V xi Sxj

imply (M1 ,b)

For the opposite, let b ∈ C(i1 ),i1 ∈ [imin +1,ir ] and (M1 ,b)

V1 xi Sxj .

V1 xi Sxj .

Then, for some c ∈ C(i2 )

from M1 , (M1 ,c) V1 xj and, for all worlds d ∈ C(j) ⊆ M1 from a path (by Prev) of clusters C(j) leading from C(i1 ) to C(i2 ), but distinct from C(i2 ), (M1 ,d)

V 1 xi

(10)

(or i1 = i2 and all is clear). If, for some such path, it is passing from C(i1 ) through C(imin ), or is interrupted before C(imin −1) or at the cluster C(imin −1) itself, then evidently (ZC ,b) V xi Sxj . Assume that this not a case. Then ∀s ∈ C(ir ),(M1 ,s)

V1 xi Sxj

and ∀s ∈ C(ir ),(ZC ,s)

V1 xi Sxj .

Using (7) we derive, ∀s ∈ C(imin ),(ZC ,s) which with (10) implies ∀s ∈ C(i1 )[(ZC ,s) we proved that

V1 xi Sxj ],

∀b ∈ C(i1 )(i1 ∈ [imin +1,ir ] ⇒[(ZC ,b)

V1 xi Sxj ,

so statements (ZC ,b) V xi Sxj ⇔(M1 ,b)

V1 xi Sxj

V xi Sxj ])

hold. Thus,

(11)

Similar statements for strong and weak versions of S may be verified similarly. Verification of the step for the operation N−1 is evident. Proof of the step for operations U, Uw and Us can be performed as in Lemma 10. Thus, summarizing (9) holds. The statement ∀b ∈ C(i)[i ∈ [jr ,jmin−1 ] ⇒ (M1 ,b)

rnf ,V V1 DZC (b)]

(12)

may be verified by a calculation symmetric to the one given for (9). The assertion ∀b ∈ C(i)[i ∈ [jmin ,imin ] ⇒ (M1 ,b)

rnf ,V V1 DZC (b)]

(13)

can be proved the same way as Lemma 12 using in this case relations (9) and (12). And using all statements (9), (12) and (13) we conclude that the model M1 is a finite one, which refutes the rule rnf by V1 and has all required properties of Lemma 20 except the effective finite bound. But this may be achieved as in Lemma 10 by similar rarefication technique applied to upper time cluster of clusters and to bottom time cluster of clusters subsequently. This completes the proof of our Lemma 20.

Linear Temporal Logic 25 Lemma 21 If a rule rnf in the normal reduced form satisfies the conclusions of Lemma 20 then rnf may be refuted in a frame ZC by some valuation V . Proof. Let rnf = εr /x1 , where εr := 1≤j≤s θj , be an inference rule in the reduced normal form with n variables xi . Let ZC (k1 ,m1 ,k2 ,m2 ) := m1 ≤i≤m2 C(i),R,R1 ,...,Rm ,Next,Prev, V is a valuation on NC (k1 ,m1 ,k2 ,m2 ) where NC (k1 ,m1 ,k2 ,m2 )

V rnf

and, w.r.t. V in NC (k1 ,m1 ,k2 ,m2 ),

M(m2 ) = M(k2 ) and M(k1 ) = M(m1 ).

(14)

Now, as earlier, it is sufficient, to employ standard unravelling technique—just roll the cluster of clusters C(i) with i ∈ [k2 +1,m2 ] towards future, and the cluster of clusters C(i) with i ∈ [m1 ,k1 −1] towards past preserving the valuation V [now (14) is of an important role to avoid collision]. The details are given below. We chose the frame ZC with the following structure and the valuation V1 of variables from the rule rnf . ZC := i∈Z C(i),R1 ,...,Rm ,Next,Prev, where [recall that, for any n,m ∈ N, rest(n,m) is the reminder after division n by m] ∀i ∈ [m1 ,m2 ]C(i) := C(i) ∈ ZC (k1 ,m1 ,k2 ,m2 ); ∀i ∈ (m2 ,∞)C(i) := C(j) where C(j) ∈ ZC (k1 ,m1 ); j = rest(j −(k2 +1),m2 −(k2 +1))+k2 ; ∀i ∈ (−∞,m1 )C(i) := C(j) where C(j) ∈ ZC (k1 ,m1 ,k2 ,m2 ); j = −rest(j −(k1 −1),m1 −(k1 −1))+k1 ; ∀s ∈ C(j) ⊆ C(i) = |ZC |,ValV1 (s) = ValV (s). i∈Z

To prove our lemma it is sufficient to show that for any s ∈ C(i) ⊆ ZC (ZC ,s) ∀xi ∈ Var(rnf ), ∀s ∈ C(i), (ZC ,s)

rnf ,V V1 DZC (k1 ,m1 ,m2 ,k2 ) (s).

(15)

⇔ (ZC (k1 ,m1 ,k2 ,m2 ),s) V xi holds immediately by choice of V1 . The fact that ∀s ∈ C(i),(ZC ,s) V1 Nxi ⇔ (ZC (k1 ,m1 ),s) V Nxi and ∀s ∈ C(i),(ZC ,s) V1 N−1 xi ⇔ (ZC (k1 ,m1 ,k2 ,m2 ),s) V N−1 xi follow immediately from (14) and structure of ZC . Assertion V 1 xi

s ∈ C(i1 )&C(i) ⊆ ZC & (ZC ,s) (ZC (k1 ,m1 ,k2 ,m2 ),s)

V1 xi Uxj

⇒

V xi Uxj

follows by standard computation from the chosen structure of ZC . The opposite statement s ∈ C(i1 )&C(i) ⊆ ZC & (ZC (k1 ,m1 ,k2 ,m2 ),s) (ZC ,s)

V1 xi Uxj

⇒

V xi Uxj

is immediately implied by (14) and structure of ZC . Thus we proved: ∀s ∈ C(i) ∈ ZC [(ZC ,s)

V1 xi Uxj

⇔ (ZC (k1 ,m1 ,k2 ,m2 ),s)

V xi Uxj ].

26 Linear Temporal Logic The similar assertions for operations Us and Uw may be verified by similar way. For operations S, Ss and Sw the reasoning is dual for the considered case of U, again using (14). More, it is evident that ∀s ∈ C(i) ⊆ ZC ∀j[(ZC ,s) ∀s ∈ C(i) ⊆ ZC [(ZC ,s)

V1 Kj xi ⇔(ZC (k1 ,m1 ,k2 ,m2 ),s) V1 IntKxi ⇔(ZC (k1 ,m1 ,k2 ,m2 ),s)

V Kj xi ], V IntKxi ].

r ,V

Therefore, the statement (15): for any s ∈ C(i) ⊆ ZC (ZC ,s) V1 DZnfC (k1 ,m1 ,k2 ,m2 ) (s) immediately follows from the proved equivalencies of truth values above, and, hence, our lemma is completed. From two previous lemmas we immediately obtain: Theorem 22 The logic LT LK (Z) is decidable. The algorithm for checking a formula to be a theorem of LT LK (Z) consists of validity verification for rules in the reduced normal form in finite Kripke/Hintikka frames NC (k1 ,m1 ,k2 ,m2 ) of size effectively bounded from the size of the rules (single-exponential from a square polynomial on size of the rules) w.r.t. valuations satisfying the conditions Lemma 20. The results of this theorem and two previous lemmas show that LT LK (Z) is in a sense characterized by finite models. But, in fact, LT LK (Z) does not have the standard fmp. It is known that the standard temporal logic L(Z) based on the frame of all integer numbers does not have fmp [7, 8]. The proof of lack of fmp is also given in Rybakov [36], where it is shown that the formula ϕ0 := ¬[¬q∧2+ 3+ (p∧2+ q)∧2+ 3+ (¬p∧2+ q)∧2− 3− (p∧2− q)∧ 2− 3− (¬p∧2− q)] is not a theorem of L(Z), but ϕ0 cannot be refuted by any finite L(Z)-frame. Here modalities with + subscription are for future time, and ones with—subscription are for past time. We can translate formulas in the language of L(Z) to the language of LT LK (Z) by replacing any letter p by (⊥Us p). If t is this translation, then it is easy to see that ϕ ∈ L(Z) ⇔ t(ϕ) ∈ LT LK (Z). Therefore, LT LK (Z) has no standard fmp. Actually, the same would hold even for LT LK if we would have used in the language the operation S (since). In fact, operations N and N−1 are not essential for loss of standard fmp. It is sufficient to have operations to express modalities 3+ and 3− and frames generating the logic based on the frame N of all natural numbers (or the frame Z of all integer numbers). The effect of loss of fmp comes from discreteness of time in given time frames. If to comment this result from pure algebraic logic viewpoint, the variety of all LT LK (Z)-algebras (i) is not generated by all its finite algebras; (ii) has equational theory described by (actually equal to) all equations valid at all finite algebras of another variety of algebras w.r.t. only special valuations. It seems the author observed for the first time such quasi fmp.

5

Conclusion, future work

Our article proves that logics LT LK and LT LK (Z) are decidable. We reduce decidability problem to verification of validness of inference rules in the reduced normal form in special Kripke/Hintikka

Linear Temporal Logic 27 models (of at most exponential size in rules) w.r.t. some special valuations. There is a good avenue for future research. For instance, development of tools of model checking with implementation and refinement the suggested deciding algorithm is an interesting direction. It also would be interesting to find axiomatizations for LT LK and LT LK (Z). Precise estimates of complexity for the decision algorithms, as well as possible improvements of the provided algorithms are open questions. The approach to handle interaction of agents via taking dual counterpart to common knowledge operation seemed to be flexible enough and may be applied for other logics involving multi-agent systems, as suggested in our article. We think that a search for decision algorithms being based on representation formulas by rules, and, then, transformation of these rules to the rules in the reduced normal form (to handle implicitly non-nested universal modality) look like a promising direction.

Funding Engineering and Physical Sciences Research Council UK (grant EP/F014406/1).

References [1] H. Barringer, N. Fisher, D. Gabbay, and G. Gough. Advances in temporal logic. Vol. 16 of Applied logic series, Kluwer Academic Publishers, 1999. [2] T. Braüner. Natural deduction for hybrid logic. Journal of Logic and Computation, 14, 329–353, 2004. [3] T. Braüner, T. Two natural deduction systems for hybrid logic. Journal of Logic, Language and Computation, 13, 1–23, 2004. [4] F. Baader, D. Calvanese, D. L. McGuinness, D. Nardi, and P. Patel-Schneider, eds, The Description Logic Handbook, Implementations and Applications. Cambridge University Press, 2003. [5] P. Blackburn and M. Marx. Constructive interpolation in hybrid logic. Journal of Symbolic Logic, 68, 463–480, 2003. [6] C. Areces, P. Blackburn, and M. Marx. Hybrid logic: characterization, interpolation and complexity. Journal of Symbolic Logic, 66, 977–1010, 2001. [7] R. A. Bull. An algebraic study of tense logics with linear time. The Journal of Symbolic Logic, 33, 27–38, 1968. [8] R. A. Bull. Note on a paper in tense logic. The Journal of Symbolic Logic, 34, 215–218, 1969. [9] E. Clarke, O. Grumberg, and K. P. Hamaguchi. Another look at LTL model checking. In Conference on Computer Aided Verification (CAV), Stanford, California, 1994. Vol. 818 of Lecture Notes in Computer Science, Springer, 1994. [10] M. Daniele, F. Giunchiglia, and M. Vardi. Improved automata generation for linear temporal logic. In (CAV’99), International Conference on Computer-Aided Verification, Trento, Italy, 1999. [11] E. A. Emerson. Temporal and modal logics. In Handbook of Theoretical Computer Science. J. van Leenwen, ed., Elsevier Science, pp. 996–1072, 1990. [12] R. Fagin, J. Halpern, Y. Moses, and M. Vardi. Reasoning About Knowledge. The MIT Press, 1995. [13] J. Fagin, E. Geanakoplos, J. Halpern, and M. Vardi. The hierarchical approach to modeling knowledge and common knowledge. International Journal of Game Theory, 28, 331–365, 1999.

28 Linear Temporal Logic [14] G. Governatori, A. M. Orgun, and C. Liu. Modal tableaux for verifying stream authentication protocols. Journal of Autonomous Agents and Multi Agent Systems, 2008 (forthcoming). [15] D. Gabbay and R. de Queiroz. The functional interpretation of modal necessity. In Advancies in Intensional Logic, de Rijke, ed., pp. 59–91. Kluwer, 1997. [16] D. Gabbay, A. Pnueli, S. Shelah, and J. Stavi. On the temporal analysis of fairness. In Proceedings of the 7th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ACM Press, pp. 163–173, 1980. [17] D. M. Gabbay and I. M. Hodkinson. An axiomatisation of the temporal logic with Until and Since over the real numbers. Journal of Logic and Computation, 1, 229–260, 1990. [18] R. Goldblatt. Logics of Time and Computation. CSLI Lecture Notes, 7, 1992. [19] J. Halpern and R. Shore. Reasoning about common knowledge with infinitely many agents. Information and Computation, 191, 1–40, 2004. [20] J. Halpern, R. van der Meyden, and M. Vardi. Complete axiomatizations for reasoning about knowledge and time. SIAM Journal on Computing, 33, 674–703, 2004. [21] M. Hammer, A. Knapp, and St. Merz. Truly On-the-Fly LTL Model Checking. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2005), pp. 191–205, 2005. [22] I. Hodkinson. Temporal logic and automata. In Temporal Logic: Mathematical Foundations and Computational Aspects. D. M. Gabbay, M. A. Reynolds, and M. Finger, eds, ChII, Vol. 2, pp. 30–72. Clarendon Press, 2000. [23] F. Kroger and St. Merz. Temporal Logic and State Systems. Springer, 2008. [24] Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer, 1992. [25] Z. Manna and A. Pnueli. Temporal Verification of Reactive Systems: Safety. Springer, 1995. [26] W. Penczek and A. Lomusico. Verifying epistemic properties of milti-agent systemse via bounded model checking. Fundamenta Informaticae, 55, 167–185, 2003. [27] A. Pnueli. The temporal logic of programs. In Proceedings of the 18th Annual Symposium on Foundations of Computer Science, IEEE, pp. 46–57, 1977. [28] A. Prior. The Past Present and Future. Oxford University Press, 1967. [29] A. Prior. Papers on Time and Tense, new edn. Oxford University Press, 2003. [30] A. S. Rao and M. P. Georgeff. Decision procedures for BDI logics. Journal of Logic and Computation, 8. 293–343, 1998. [31] V. V. Rybakov. Rules of inference with parameters for intuitionistic logic. Journal of Symbolic Logic, 57, 912–923, 1992. [32] V. V. Rybakov. Hereditarily structurally complete modal logics. Journal of Symbolic Logic, 60, 266–288, 1995. [33] V. V. Rybakov. Admissible logical inference rules. In Studies in Logic and the Foundation of Mathematics, vol. 136. Elsevier, 1997. [34] V. V. Rybakov, V. R. Kiyatkin, and T. Oner. On finite model property for admissible rules. Mathematical Logic Quarterly, 45, 505–520, 1999. [35] V. V. Rybakov. Construction of an explicit basis for rules admissible in modal system S4. Mathematical Logic Quarterly, 47, 441–451, 2001. [36] V. V. Rybakov. Logical consecutions in discrete linear temporal logic. Journal of Symbolic Logic, 70, 1137–1149, 2005. [37] V. V. Rybakov. Logical consecutions in intransitive temporal linear logic of finite intervals. Journal of Logic Computation, 15, 633–657, 2005.

Linear Temporal Logic 29 [38] V. V. Rybakov. Linear temporal logic with Until and Before on integer numbers, deciding algorithms. Computer Science–Theory and Applications, Vol. 3967 of Lecture Notes in Computer Science, pp. 322–334. Springer, 2006. [39] V. Rybakov. Since-until temporal logic based on parallel time with common past. In Logical Foundation of Computer Science. Vol. 4514 of Lecture Notes in Computer Science, pp. 486–497. Springer, 2007. [40] V. Rybakov. Logic of discovery in uncertain situations–decciding algorithms. In KnowledgeBased and Intelligent Information & Engineering Systems 2007. Vol. 4694 of Lecture Notes in Artificial Intelligence, pp. 950–968. Vetri sul Mare, Springer, 2007. [41] M. Vardi. An automata-theoretic approach to linear temporal logic. In Proceedings of the Banff Workshop on Knowledge Acquisition (Banff’94), 1994. [42] J. van Benthem. The Logic of Time. Kluwer, 1991. [43] J. van Benthem and J. A. Bergstra. Logic of transition systems. Journal of Logic, Language and Information, 3, 247–283, 1994. [44] W. van der Hoek and M. Wooldridge. Model checking knowledge and time. In 9th Worshop on SPIN (Model Checking Software). Grenoble, 2002. [45] R. van der Meyden and N. N. Shilov. Model checking knowledge and time in systems with perfect recall. Vol. 1738 of Lecture Notes in Computer Science, pp. 432–445. Springer, 1999. Received 13 June 2008