Logic and computation in finitely presentable infinite ...

Logic and computation in finitely presentable infinite structures Valentin Goranko1 , Sasha Rubin2 1

School of Mathematics, University. of the Witwatersrand, Johannesburg 2 Department of Computer Science, University of Auckland E-mails: [email protected], [email protected] Course outline: June 26, 2006

This is a tentative outline of the course, which will comprise ten 40-min lectures, delivered 2 per day, with a 5 min break in between. More course material, including updated notes, exercises, slides, and references will be placed on the course website: http://www.math.wisc.edu/∼rubin/teaching/teaching.html Background. This is an advanced course and the participants are expected to have some background on first-order logic, finite and pushdown automata, and modal logic. Basic knowledge of B¨ uchi automata, MSO, and extended modal logics such as LTL and CTL would be an advantage. Some background notes are included in this reader. Attendance of the ESSLLI introductory course on ‘Verification of infinite state systems’ presented by Montanari and Puppis is a strongly recommended supplement to the course. This course reader includes, with the kind permission of the authors, the following publications: 1) W. Thomas. A short introduction to infinite automata. In Proc. of DLT 2002, LNCS 2295, pp. 130-144. Springer, 2002. 2) W. Thomas. Constructing infinite graphs with a decidable MSO-theory. In Proc. of MFCS 2003, LNCS 2747. Springer, 2003. 3) A. Carayol and S. W¨ohrle. The Caucal hierarchy of infinite graphs in terms of logic and higher-order pushdown automata. In Proc. of FSTTCS 2003, LNCS 2914, pp. 112-123. Springer, 2003. 4) A. Blumensath and E. Gr¨adel, Finite presentations of infinite structures: Automata and interpretations, Theory of Computing Systems, vol. 37, pp. 641 - 674, 2004.

1

Day 1 Lecture 1: Introduction Infinite structures are used to model theoretically unbounded systems or data-structures, such as transition systems of models of computation with infinite or unbounded memory (stacks, queues, FIFO channels) or state space (parameterized network systems, counter systems, Petri nets) etc. Model checking is the procedure of deciding whether a ‘system’ (program, hardware, protocol, computer network, etc) satisfies a formal specification; in other words, whether it does what it is supposed to do. Logical languages are most natural choice of a medium for formal specification and verification of properties of structures, because they are syntactically unambiguous, closed under natural operations (Booleans, projections, etc.), and have explicit and precise formal semantics. The most popular natural logical languages used for specification and verification are: first-order logic FO (suitably extended with reachability operators), (weak) monadic second-order logic (W)MSO, modal and temporal logics such as LTL, CTL, etc. However, model-checking of a formal specification, just like any other computational task, is generally undecidable (if algorithmically definable at all) on infinite structures. Thus, the central problem arising in this area is to identify and study classes of finitely presentable infinite structures and respective logical languages where the model checking problems can be solved algorithmically. Such infinite structures should be representable in a finite way and should be algorithmically accessible, i.e., operations performed on them for the model checking procedure should be computable. Natural examples of finitely presentable infinite structures include integers, infinite trees, grids, etc.; more generally, every recursive structure. A natural construction that produces infinite structures from finite ones is tree-unfolding of finite transition systems; in terms of it, every finite transition system is a finitary presentation of its (generally infinite) unfolding. Other types of finitary representations and abstractions include: configuration graphs of computing devices, e.g., pushdown automata; presentations by means of effective rewrite systems, (e.g., prefix-recognizable graphs), presentations recognizable by computing devises (automatic structures, recursive structures, etc.). The classes of structures and the logical languages for which model checking is decidable on these classes form two opposite hierarchies: the larger the class of structures C, the smaller the language L which can be effectively model checked on every structure from L, and vice versa. Thus, there is a trade-off between effectiveness and expressiveness. In this course we will focus on some cases where this trade-off is particularly successful and fruitful. References: [8],[53],[54],[55].

2

Day 1 Lecture 2: Background The course centers around the interplay between formal languages and logic. This lecture will consist of definitions and illustrative examples of the basic concepts. The primary models of computation will be resource bounded Turing machines; specifically, finite-state automata, rational-transductions, and pushdown-automata [35]. Also, ω-automata, tree-automata and ω-tree automata [53]. The main logical concepts include: signatures, structures, logical languages (FO, MSO, WMSO), terms, formulas, theories, and most importantly definability and interpretability [29, 33]. Words. The following operations on sets of words are basic: Boolean operations union, intersection, and negation; logical operations projection, co-projection, and permutation of co-ordinates; automata theoretic operations product U V or U L, finite power U ? , and ω-power Lω ; and the following language theoretic operations: (i) for each a ∈ Σ? , the a-successor function suca : w 7→ wa, (ii) the prefix-relation u p v or u p α, (iii) the equal-length relation el. Trees. We consider vertex-labelled trees with directions. So, given a labelling alphabet Σ, and a direction alphabet ∆ of size k, a k-ary branching Σ-labelled tree T is a function T : D → Σ from a prefix-closed D ⊂ ∆? , where ∆ = {1, · · · , k} is the set of directions. The tree is called finite if D is finite. The set of k-branching Σ-labelled trees is denoted by treesk (Σ) if the trees are finite, and treesωk (Σ) if they are infinite. Basic operations on trees include the usual Boolean and logical ones, as well as the following language theoretic operations: i) sucda (T ) extends every leaf of T in direction d and labels each new vertex with the symbol a, ii) T ext T 0 if T 0 extends T , and iii) T ≡dom T 0 if they have the same domain. Structures. The following structures are central to this course. - (N, S) where S : n 7→ n + 1. - ({0, 1}? , suc0 , suc1 ). - W(Σ) = (Σ? ; (suca )a∈Σ , p , el). - W ω (Σ) = (Σ? ∪ Σω ; (suca )a∈Σ , p , el). - Tk (Σ) = (T reesk (Σ), (sucda )d≤k,a∈Σ , ext , ≡dom ). - Tkω (Σ) = (T reesk (Σ) ∪ T reesωk (Σ), (sucda )d≤k,a∈Σ , ext , ≡dom ). Interpretations of structures. Loosely, a structure A is interpretable in structure B if one can define an isomorphic copy of A in B. Then all definability questions concerning A can be asked of B instead. In this lecture, we will describe different types of interpretations, and give immediate consequences such as the preservation of decidability. 3

Definition [Interpretation] An interpretation of structure A = (A; (RiA )i ) in structure B consists of the following data: (∆(x), (x, y), φi (x)), where (x, y) interprets the equality, so that A is isomorphic to the quotient structure B (∆B ; (φB i )i )/ .

Here ΦB denotes the tuples b such that B |= Φ(b). The surjective mapping µ : ∆B → A induced by the isomorphism is called the co-ordinate map. We say A is interpretable in B. We identify two main types of interpretations, depending on the free variables of the domain formula: Type 1) If the free variables of ∆ are first-order, then µ sends elements B to elements of A. We call the interpretation FO, WMSO, or MSO, depending on whether all the formulas are FO, WMSO, or MSO respectively. Type 2) If the free variables of ∆ are (W)MSO, then µ sends (finite) subsets of B to elements of A. We call it a (finite-)set interpretation. Examples. 1. W({0, 1}) and (N, +, |2 ) are each FO-interpretable in the other.1 2. Both (N, S) and (Q, ≤) are MSO interpretable in ({0, 1}? , σ0 , σ1 ). 3. (N, +) is finite-set interpretable in (N, S) via the map sending a finite set X ⊂ N to the natural number Σi∈X 2i . 4. W({0, 1}) is finite-set interpretable in (N, S). Proposition. 1. If A has decidable L-theory and B is L-interpretable in A, then B has decidable L theory. Here L is one of FO, WMSO, or MSO. 2. If A has decidable (W)MSO theory, and B is (finite-)set interpretable in A, then B has decidable FO-theory. References. Useful background references are: [35],[53], [29],[33]. Also, the following very useful lecture notes, available online, can be consulted: http://www-i7.informatik.rwth-aachen.de/download/papers/thomas/thomas97b.ps, http://www.labri.fr/perso/igw/Papers/igw-eefss01.ps. 1

Here x|2 y if x divides y and x is a power of 2.

4

Day 2 Lecture 3: Automata and MSO In this lecture, we show how to use automata to prove decidability of certain theories. The idea is that, under a suitable coding, definable relations are computable by finite automata. Although this already gives decidability, the remarkable fact is that the converse holds too: the regular relations are, via the coding, definable. Thus, there is a tight connection between definability and regularity. We illustrate the technique with MSO(N, S), explain the link with word-models and the usual presentation of this result, and then state the corresponding theorem for two-successors. B¨ uchi’s Theorem. Coding: A set A ⊂ N can be viewed as an infinite string str(A) over alphabet {0, 1}, with a 1 in the ith position if and only if i ∈ A. Similarly, a tuple of sets (A1 , · · · , Ar ) can be viewed as an infinite string over alphabet {0, 1}r . Moreover, write str(R) for the set of strings str(A1 , · · · , Ar ) for which (A1 , · · · , Ar ) ∈ R. For instance, the set R = {A ⊂ N | A is infinite} corresponds to the set of strings str(R) = {w ∈ {0, 1}? | w has infinitely many 1s}. For every formula φ(X1 , · · · , Xr ) of the MSO theory of (N, S), we associate the language of strings str(A1 , · · · , Ar ) for which (N, S) |= φ(A1 , · · · , Ar ). Theorem. Let R be a set of tuples (A1 , · · · , Ar ), where Ai ⊂ N. The following are equivalent: 1. R is MSO-definable in (N, S). 2. str(R) is ω-regular. 3. str(R) is FO-definable in W ω ({0, 1}) Rabin’s Theorem. Coding: A set A ⊂ {1, · · · , k}? can be viewed as an infinite k-branching tree whose vertices are labelled with symbols from {0, 1}. Namely, define tree(A) as mapping w ∈ {1, · · · , k}? to 1 if and only if w ∈ A. Similarly, a tuple of sets (A1 , · · · , Ar ) corresponds to a tree over alphabet {0, 1}k ; and a set R of tuples corresponds to the set tree(R) of trees. Rabin proved that ω-tree automata are closed under complementation. This is the hard ingredient in the following theorem. Theorem: Let R be a set of tuples (A1 , · · · , Ar ), where Ai ⊂ {1, · · · , k}? . The following are equivalent: 1. R is MSO-definable in ({1, · · · , k}? , σ1 , · · · , σk ). 2. tree(R) is recognised by a tree-automaton. 3. tree(R) is first-order definable in Tkω ({1, · · · , k}). Summary.

5

The following correspondences imply the decidability of the corresponding theory. W M SO(N, S) ≡ automata on finite strings M SO(N, S) ≡ ω-automata on strings ?

W M SO({1, · · · , k} , σ1 , · · · , σk ) ≡ automata on k-branching finite-trees M SO({1, · · · , k}? , σ1 , · · · , σk ) ≡ ω-automata on k-branching infinite-trees References: [28], [54],[49],[53],[48].

Day 2 Lecture 4: Tree-interpretable structures and MSO Following Rabin’s theorem [48] on decidability of MSO of the infinite binary tree T2 , there has been a unceasing quest for identifying even larger classes of structures with decidable MSO. One way to obtain finitely-presentable infinite structures with decidable theories is via interpretation in a fixed structure with decidable theory. This idea, permeating the course, will be illustrated in this lecture, using as a point of departure Rabin’s theorem. A structure A is tree-interpretable if there is a (one-dimensional) MSO-interpretation of A in T2 . Theorem: Every tree-interpretable structure has decidable MSO-theory. Here are some important cases of tree-interpretable structures that will be introduced and discussed in the course: 1. Concrete structures, such as: the k-branching trees for any k, ω-branching trees, the linear order of the rationals, etc. 2. Pushdown graphs, studied by Muller and Schupp [45, 46, 47]. These are the transition (configuration) graphs of pushdown automata [35, 1], defined as follows: given a pushdown automata A, a configuration in A is a tuple, consisting of the current state and the content of the stack; the vertices in the configuration graph are all (infinitely many, because of the unbounded stack) configurations, and the edges are the possible one-step transitions between configurations. 3. Prefix-recognizable graphs, introduced and studied by Caucal [17, 20]. These graphs are defined by prefix-rewriting systems on words as follows. A transition graph G (with possibly many types of transitions) is prefix-recognizable if the set of its vertices can be labelled by a regular language W of words in a finite alphabet, in such a way that all transitions in G can be determined by a finite set of rewrite rules of the type U1 →a U2 where U1 , U2 are regular subsets of W . The rules work as follows: there is a transition of type a from a vertex v1 to a vertex v2 iff there is a rule U1 →a U2 and words v ∈ W , u1 ∈ U1 , u2 ∈ U2 such that v1 = u1 v and v2 = u2 v; i.e., if the transition can be recognized by a rewrite rule by looking only at the prefixes of the labels of the vertices. The pushdown graphs are particular case of prefix-recognizable graphs, where U1 and U2 in all rules are singletons. In fact, tree-interpretable structures were introduced in [7] as a generalization of the notion of a prefix-recognizable graph to arbitrary relational structures. 6

4. A hierarchy of infinite graphs, studied by Courcelle [23, 22, 24]. These are defined in terms of graph-rewriting systems acting on vertices or hyper-edges (VR- and HRrecognizable graphs) or algebraically, by way of recursive equations (VR- and HRequational graphs). The VR-equational graphs are equivalent to prefix-recognizable graphs. In this lecture we will discuss some examples, properties, and different characterizations of the family of tree-interpretable structures. References: [48], [47],[23, 22],[18], [6], [55], [7],[57].

Day 3 Lecture 5: Caucal hierarchy and MSO The family of tree-interpretable structures can be further extended by applying other operations preserving the decidability of MSO. For instance, such operation is the tree-unfolding of a graph. That operation, applied to a single vertex with two labelled loops produces the infinite binary tree; whence Rabin’s theorem follows. The unfolding operation was extended in the 1980’s by Muchnik (see [52, 55]) to a construction, now known as Muchnik’s tree iteration, which preserves the decidability of the MSO, too. In [19] Caucal builds up a hierarchy of infinite structures with decidable MSO, by starting from the class of finite graphs and alternatively applying two operations preserving the decidability of the MSO-theory, viz., unfolding and inverse rational mappings (a special case of MSO-interpretations). In [15] Cachat shows, using parity games, that the graphs in Caucal’s hierarchy are equivalent to so called higher-order pushdown systems (arising from ‘higher-order pushdown automata’ involving a hierarchy of stack of stacks). Furthermore, in [16], Carayol and W¨ohrle show that Caucal’s hierarchy coincides with the hierarchy obtained by alternating (a version of) Muchnik’s tree-iteration construction and MSO-transductions (MSO interpretations in a disjoint union of copies of the target structure), as well as with the family of graphs obtained as the -closure of configuration graphs of higher-order pushdown automata. Important parameters of finitely presentable infinite structures are their tree-width and clique-width. In pursuit of ultimate characterization of the class of structures with decidable MSO, Seese [51] raised conjecture that every (set of) infinite graph(s) having a decidable MSO-theory is the image of a (set of) trees under an MSO-transduction; equivalently (as shown by Courcelle and others), iff it has a bounded clique-width. This conjecture has recently been partly confirmed by Courcelle and Sang-il Oum. In this lecture we will build up Caucal’s hierarchy, and will discuss its different characterizations and the boundaries of the class of structures with decidable MSO, in particular Seese’s conjecture. References: [52], [18], [17], [16], [51],[25].

7

Day 3 Lecture 6: Automatic structures 1 A natural and direct way to present structures in a finite way, is to have the structures themselves be computable. Here is a general definition: Fix a model of computation M. A structure is M-computable if its domain and atomic operations are computable by machines in the class M. Taking M to be the class of all Turing machines, we get the computable structures [30]. However, even basic operations on computable relations, like projection, are not computable. In general, it is only the quantifier-free fragment of first-order logic that is effectively decidable on computable structures. On the opposite end of the spectrum, if we take M to be a class of automata, we get what may be called automatic structures [34, 39, 5]. Many problems on automata are decidable. In particular, the closure properties of the automata presenting an automatic structure A, imply that every definable relation on A is also computable by an automaton. Each notion of automaton ♦ ∈ {word, ω-word, tree, ω-tree} yields a notion of ♦-automatic structure. In this lecture, we will establish basic properties of automatic structures. As an illustrative example, the structure ({0, 1}? , +), where + is the usual addition on the binary-representation of natural numbers, is word-automatic. This is because the domain and addition operation are computable by word-automata. The exact relationship between automatic structures, which have in general only decidable FO-theory, and say tree-interpretable structures which have decidable MSO-theory, is via set interpretations. For instance, the word-automatic structures are exactly those that are finite-set interpretable in (N, S). Definition [Automatic Structure]. A relational structure with equality2 (A; (Ri )i ) is ♦-automatic over alphabet Σ if it satisfies the following conditions: 1. the domain A consists of ♦s over Σ, 2. the domain A is ♦-regular; 3. every atomic relation (including equality) R ⊂ Ari in A is ♦-regular. Theorem [Definability on Automatic Structures.] Let A be a ♦-automatic structure. Every relation R ⊂ Ak that is first-order definable in A is computable by an ♦automaton. Moreover, the translation from FO-formula to ♦-automaton is effective. Corollary. The first-order theory of every automatic structure is decidable. The main focus of the study of automatic structures has been with regard to their isomorphism types. Call a structure (♦-)automatically presentable if it is isomorphic to some (♦-)automatic structure. Write W-AutStr, T-AutStr, Wω -AutStr, and Tω -AutStr for the classes of word-, tree-, ω-word-, and ω-tree–automatically presentable structures. The following basic relationships hold: W-AutStr ⊂ T-AutStr, W-AutStr ⊂ Wω -AutStr, T-AutStr ⊂ Tω -AutStr, and 2

This is one whose signature only contains relation symbols, and contains a symbol = for equality.

8

Wω -AutStr ⊂ Tω -AutStr. However, the exact relationship amongst all these classes is not yet known, though we will have something to say about this in the following lectures. We have seen that one can generate a collection of structures as those interpretable in a fixed structure. We have previously established a tight correspondence between being computable by some flavour of automaton and (W)MSO definability theory of a certain corresponding structure. This allows us to characterise the automatically presentable structures via (finite)-set interpretability. Also, we can achieve a similar characterisation using first-order logic. Definition [Universal automatic structures]. A structure U is called universal for the class of ♦-automatic structures, if i) U is ♦-automatic, and ii) every ♦-automatic structure is FO-interpretable in U. Theorem. Suppose |Σ| ≥ 2. 1. The structure W(Σ) is universal for the class of word automatic structures. 2. The structure W ω (Σ) is universal for the class of ω-word automatic structures. 3. The structure T2 (Σ) is universal for the class of tree automatic structures. 4. The structure T2ω (Σ) is universal for the class of ω-tree automatic structures. References: [4], [34], [39],[40],[36],[5], [49].

Day 4 Lecture 7: Automatic structures 2 Extending the Definability Theorem. The fundamental theorem of automatic structures says that every first-order definable relation in an automatic structure is computable by an automaton. We are interested in extending this theorem beyond first-order. However, there are some obvious constraints that should guide us. In particular, the extension must still be decidable; so for instance, MSO (or even WMSO) is too strong. We consider generalised quantifiers (see for instance [32, Section 3]). These include quantifiers such as ’there exists at least κ many x such that φ(x, y)’ (for a fixed cardinal κ), ’there are the same number of x satisfying φ1 (x, y) as z satisfying φ2 (z, y)’, ’there exists k modulo m many x such that φ(x, y)’, etc. Of course, the quantifiers we are interested in are the ones that, on automatic structures, only define regular relations. A generalised quantifier ∃C preserves ♦-regularity, if for every ♦-automatic structure A = (A; (Ri )i ), and every atomic relation Ri ⊂ An+1 , the quantified relation ∃C x R(x, y1 , · · · , yn ) is ♦-regular. Moreover, if this translation is effective, then say that ∃C preserves ♦-regularity effectively. Write Qreg ♦ for the collection of generalised quantifiers that preserve ♦-regularity. Immediately from the definitions, the Definability Theorem extends to FO + Qreg ♦ . 9

On the positive side, we will show that ’there exists infinitely many’ and ’there exists k modulo m many’ preserve regularity effectively on Wω -AutStr. Problem. Classify the quantifiers in Qreg ♦ . Classicaly, there is a natural hierarchy amongst the generalised quantifiers. The simplest of these, the unary monadic ones, are of the form ∃C for C ⊂ N ∪ {∞}, and express that ’the number of x satisfying φ(x, y) is in C’. We classify those there preserve regularity in the W-AutStr-case. Write ∃mod for the collection of quantifiers of the form ’there exists k modulo m many’, for 0 ≤ k < m. Theorem. A unary monadic quantifier preserves word-regularity if and only if it is definable in FO plus ∃mod . References: [41],[49].

Day 4 Lecture 8: Automatic structures 3 Question. How do we prove that a given structure is not automatically presentable ? How is this different from showing that a given structure is not automatic ? In this lecture, we survey some answers to this question. Suppose we are given a structure A whose domain consists of a set of words, say. Then to show that A is not automatic, we need to exhibit that either the domain, or one of the atomic relations, is not word-recognisable. The standard techniques of automata theory (pumping lemma, Myhill-Nerode congruence, etc) can be used to achieve this. Exercise. Show that the following codings of (Q, +) are not automatic. 1. The binary-representation of rationals as ultimately periodic sequences. 2. The representation of rationals as pairs of integers. However, to show that A is not automatically presentable, requires proving that there does not exist a coding of A that gives an automatic structure. This requires more subtlety. We will discuss some techniques that show the following structures are not in W-AutStr: full arithmetic (N; +, ×), skolem arithmetic (N; ×), the free monoid on two generators ({0, 1}? ; · ), the ordinal (ω ω ; ≤), and the random graph. Here are some of the available techniques. 1. If A ∈ W-AutStr, and contains functions f1 , · · · , fl , and a D ⊂ A is listed lengthlexicographically asSd0 , d1 , · · · , then the generated sets G0 (D) = {d0 }, Gn+1 (D) = Gn (D) ∪ {dn+1 } ∪ i {fi (x) | x ⊂ Gn (D)}, satisfy that |Gn (D)| = 2O(n) . 2. Say that a structure B is a sum-augmentation of a set of structures S (each having the same signature as B) if there is a finite partition of B = B1 ∪ · · · ∪ Bn such that for each i, the substructure B  Bi is isomorphic to some structure in S. If A ∈ W-AutStr, then for every formula φ(x, y) on A, there is a finite set of structures S, so that for every tuple of elements b from A, the substructure A  φA (·, b) is a sumaugmentation of S. References: [4],[5],[26],[49]. 10

Day 5 Lecture 9: Rational structures and modal logic Modal and temporal logics are widely recognized as particularly simple, natural, and versatile frameworks to specify reachability, liveness, safety, fairness, etc. properties in infinite state systems. Infinite structures emerge naturally in various areas of applications of modal logic, including: modal logics over transition systems of models of computation with infinite or unbounded memory; temporal logics over infinite time flows; description logics over infinite domains; etc. In [38] Kesten et al formulate minimal requirements for an ‘assertional language L to be adequate for symbolic model checking’, according to which the basic modal logic is the minimal natural logical language satisfying these requirements. In this lecture we will introduce rational Kripke models as a very general framework for decidable model checking of modal logic on infinite models, and will indicate some potential applications to e.g., regular and bounded model checking. Rational transducers, studied by Eilenberg [27], Elgot and Mezei [28], Nivat, Berstel [2], etc., are asynchronous automata on pairs of words. Intuitively, these are finite automata with two autonomous heads that read the input pair of words asynchronously, i.e. each of them can read arbitrarily farther ahead of the other. The transitions are determined by a finite set of pairs of (possibly empty) words; alternatively, a transition can be labelled either by a pair of letters (when both heads make a move on their words) or by ha, εi or hε, ai, where a is a letter, and ε is the empty word (when one of the heads reads on, while the other is waiting). Formally, a rational transducer is a tuple hQ, Σ, qi , F, ρi , where Q is a finite set of states, Σ is a finite alphabet, qi ∈ Q is an initial state, F is a set of accepting states, and ρ ⊆ Q × (Σ ∪ {ε}) × (Σ ∪ {ε}) × Q is the transition relation, consisting of finitely many tuples, each containing the current state, the pair of letters (or ε) triggering the transition, and the new state. Alternatively, one can take ρ ⊆ Q × Σ∗ × Σ∗ × Q. Rational relations are relations, recognizable by rational transducers. Equivalently, given an alphabet Σ, a (binary) rational relation over Σ∗ is rational subset of Σ∗ × Σ∗ , i.e., a relation generated by a rational expression (built up using union, concatenation, and iteration) from a finite subset of Σ∗ × Σ∗ . Besides the references above, these have also been studied, inter alia, by Johnson [37], Frougny and Sakarovich [31], and recently Morvan [44]. A Kripke frame (W, R) is rational if W ⊆ Σ∗ is a rational language in a finite alphabet Σ, and R ⊆ Σ∗ × Σ∗ is a rational relation in Σ. A Kripke model (W, R, V ) is rational if (W, R) is a rational frame, and V is a rational valuation, i.e., every V (p) is a rational set in W . Rational frames include automatic graphs, counter systems, transition graphs of Petri nets, etc. A key property of rational Kripke models is the following. If X ⊆ Σ∗ is a rational set and R ⊆ Σ∗ ×Σ∗ is a rational relation, then the set [R] X = {w ∈ Σ∗ | R(w) ⊆ X} is an effectively computable (from the automata for X and R) rational set. Theorem: For every rational Kripke model (W, R, V),and every modal formula φ in the  −1 −1 modal language Lrat with modalities [R] , [−R] , R , −R : 11

[[φ]]M is an effectively computable rational subset of W . As a corollary, local and global model checking, and satisfiability checking of formulae from Lrat in any rational Kripke model are decidable. However, the first-order theory of a rational graph, as well as many important queries outside first-order logic, such as reachability, on rational models are generally undecidable. References: [2],[1],[37], [31],[44], [38], [12], [11].

Day 5 Lecture 10: Infinite state model checking of expressive modal logics While basic modal logic is good enough for model checking of pre-conditions and postconditions specified over regular sets of states, it fails to capture many important for verification in infinite systems properties, such as reachability, safety, liveness, fairness, etc. along some or all computation paths in a given transition system. In this lecture we will discuss extensions of basic modal logic, such as LTL, CTL, CTL*, modal µ-calculus, and fragments of these, that can express these properties, and some special cases of classes of infinite state transition systems in which model checking of such extended modal logics is effective. Given a transition system hW, Ri, and a set of ‘initial states’ I ⊆ W , the forward reachability problem is about computing (symbolically) the set of states succ∗ (I) which can be reached by a finite R-path starting from a state in I. Likewise, given a set (of ‘bad’, or ‘desirable’) states B ⊆ W , the backward reachability problem is about computing the set pred∗ (B) ⊆ W of states from which a state in B can be reached by a finite R-path. Repeated reachability is about computing the set of states, from which a given state, or a set of states, is reachable infinitely often by an R-path. Most of the important verification problems, such as safety, liveness, and fairness, are expressible in terms of versions of (repeated) reachability. In general, however, these problems are undecidable on infinite state transition systems. Some particular decidable cases, that will be discussed in the lecture, include: • Transition systems with decidable MSO, since all these properties are expressible in MSO. • In particular, LTL and CTL over pushdown systems, see [10],[50], [56]. • Transition systems (in particular, rational Kripke models) with finite bisimulation index, i.e., those bisimilar to finite transition systems. • A class of configuration graphs of counter systems, where the CTL* can be encoded and model-checked within Presburger arithmetic. • Regular ground tree rewriting graphs [42, 43].

12

Time permitting, we will also discuss briefly the cases of regular model checking [12] and bounded model checking [3]. The lecture will end with a concluding discussion on the course. Additional references: [11], [58], [21], [13],[9], [14].

References [1] J. Autebert, J. Berstel, and L. Boasson. Context-free languages and pushdown automata. In A. Salomaa and G. Rozenberg, editors, Handbook of Formal Languages, volume 1, Word Language Grammar, pages 111–174. Springer-Verlag, Berlin, 1997. [2] Jean Berstel. Transductions and Context-Free Languages. Teubner Studienb¨ ucher Informatik. B.G. Teubner, Stuttgart, 1979. [3] Armin Biere, Alessandro Cimatti, Edmund M. Clarke, Ofer Strichman, and Yunshun Zhu. Bounded Model Checking, volume 58 of Advances in Computers. Elsevier, 2003. [4] A. Blumensath. Automatic structures. Diploma thesis, RWTH-Aachen, 1999. [5] A. Blumensath and E. Gr¨adel. Automatic structures. In 15th Symposium on Logic in Computer Science (LICS), pages 51–62, 2000. [6] Achim Blumensath. Prefix-recognisable graphs and monadic second-order logic. Technical Report AIB-06-2001, RWTH Aachen, May 2001. [7] Achim Blumensath. Axiomatising tree-interpretable structures. Theory Comput. Syst., 37(1):3–27, 2004. [8] Achim Blumensath and Erich Gr¨adel. Finite presentations of infinite structures: Automata and interpretations. Theory of Computing Systems, 37:641 – 674, 2004. [9] Bernard Boigelot, Axel Legay, and Pierre Wolper. Omega-regular model checking. In Tools and Algorithms for the Construction and Analysis of Systems,10th International Conference, TACAS 2004, volume 2988 of Lecture Notes in Computer Science, pages 561–575, Barcelona, Spain, March 2004. Springer-Verlag. [10] Ahmed Bouajjani, Javier Esparza, and Oded Maler. Reachability analysis of pushdown automata: Application to model-checking. In Antoni W. Mazurkiewicz and J´ozef Winkowski, editors, Proc. of CONCUR ’97, volume 1243 of Lecture Notes in Computer Science, pages 135–150. Springer, 1997. [11] Ahmed Bouajjani, Peter Habermehl, and Tomas Vojnar. Abstract Regular Model Checking. In Proc. 16th Intern. Conf. on Computer Aided Verification (CAV’04), volume 3114 of Lecture Notes in Computer Science. Springer Pub., 2004. [12] Ahmed Bouajjani, Bengt Jonsson, Marcus Nilsson, and Tayssir Touili. Regular model checking. In Proc. of CAV’2000, LNCS 1855, pages 403–418. Springer, 2000. [13] O. Burkart, D. Caucal, F. Moller, and B. Steffen. Verification of infinite structures. In Handbook of Process Algebra, pages 545–623. Elsevier Science, 2001. 13

[14] Olaf Burkart and Bernhard Steffen. Model checking the full modal mu-calculus for infinite sequential processes. TCS, 221(1–2):251–270, June 1999. [15] Thierry Cachat. Higher order pushdown automata, the caucal hierarchy of graphs and parity games. In Jos C. M. Baeten, Jan Karel Lenstra, Joachim Parrow, and Gerhard J. Woeginger, editors, ICALP, volume 2719 of Lecture Notes in Computer Science, pages 556–569. Springer, 2003. [16] A. Carayol and S. W¨ohrle. The Caucal hierarchy of infinite graphs in terms of logic and higher-order pushdown automata. In Proceedings of the 23rd Conference on Foundations of Software Technology and Theoretical Computer Science, FSTTCS 2003, volume 2914 of Lecture Notes in Computer Science, pages 112–123. Springer, 2003. [17] D. Caucal. On infinite transition graphs having a decidable monadic theory. TCS, 290:79–115, 2003. [18] Didier Caucal. On infinite transition graphs having a decidable monadic theory. In Friedhelm Meyer auf der Heide and Burkhard Monien, editors, Proc. of ICALP96, volume 1099 of Lecture Notes in Computer Science, pages 194–205. Springer, 1996. [19] Didier Caucal. On infinite terms having a decidable monadic theory. In Krzysztof Diks and Wojciech Rytter, editors, MFCS, volume 2420 of Lecture Notes in Computer Science, pages 165–176. Springer, 2002. [20] Didier Caucal. On the transition graphs of Turing machines. TCS, 296(2):195–223, March 2003. [21] Thomas Colcombet. On families of graphs having a decidable first order theory with reachability. In Proceedings of the 29th International Conference on Automata, Languages, and Programming, volume 2380 of Lecture Notes in Computer Science, pages 98–109. Springer-Verlag, 2002. [22] B. Courcelle. Graph rewriting: An algebraic and logic approach. In J. Van Leeuwen, editor, Handbook of Theoretical Computer Science, Volume B, Formal models and semantics, pages 193–242. Elsevier, 1990. [23] Bruno Courcelle. The monadic second-order logic of graphs II: Infinite graphs of bounded width. Mathematical Systems Theory, 21:187–221, 1989. [24] Bruno Courcelle. The monadic second-order logic of graphs V: On closing the gap between definability and recognizability. TCS, 80:153–202, 1991. [25] Bruno Courcelle and Igor Walukiewicz. Monadic second-order logic, graph coverings and unfoldings of transition systems. Ann. Pure Appl. Logic, 92(1):35–62, 1998. [26] C. Delhomm´e. Automaticit´e des ordinaux et des graphes homog`enes. Comptes Rendus Mathematique, 339(1):5–10, 2004. [27] S. Eilenberg. Automata, Languages and Machines, volume A. Academic Press, New York, 1974. [28] C.C. Elgot and J.E. Mezei. On relations defined by finite automata. IBM J. of Research and Development, 9:47–68, 1965. 14

[29] H.B. Enderton. A mathematical introduction to logic. Second edition, 2001. [30] Ershov et al., editor. Handbook of Recursive Mathematics Volume 1. Studies in Logic and the foundations of Mathematics. Elsevier, 1998. [31] Christiane Frougny and Jacques Sakarovitch. Synchronized rational relations of finite and infinite words. Theor. Comput. Sci., 108(1):45–82, 1993. [32] L. Hella. Logical hierarchies in ptime. Information and Computation, 129(1):1–19, 1996. [33] W. Hodges. A shorter model theory. Cambridge University Press, Cambridge, 1997. [34] Bernard R. Hodgson. On direct products of automaton decidable theories. Theor. Comput. Sci., 19:331–335, 1982. [35] John E. Hopcroft, Rajeev Motwani, and Jeffrey D. Ullman. Introduction to Automata Theory, Languages and Computation. Addison Wesley, 2nd edition, 2000. [36] Hajime Ishihara, Bakhadyr Khoussainov, and Sasha Rubin. Some Results on Automatic Structures. In Logic in Computer Science, pages 235–242. IEEE Computer Society, July 22–25 2002. [37] J. Howard Johnson. Rational equivalence relations. Theor. Comput. Sci., 47(3):39–60, 1986. [38] Y. Kesten, O. Maler, M. Marcus, A. Pnueli, and E. Shahar. Symbolic model checking with rich assertional languages. Theor. Comput. Sci., 256(1-2):93–112, 2001. [39] B. Khoussainov and A. Nerode. Automatic presentations of structures. In D. Leivant, editor, Logic and Computational Complexity, pages 367–392. Springer, Berlin,, 1994. [40] Bakhadyr Khoussainov and Sasha Rubin. Automatic structures: Overview and future directions. Journal of Automata, Languages and Combinatorics, 8(2):287–301, 2003. [41] D. Kuske and M. Lohrey. First-order and counting theories of omega-automatic structures. Technical Report Fakult¨ atsbericht Nr. 2005/07, Universit¨at Stuttgart, Fakult¨at Informatik, Elektrotechnik und Informationstechnik, September 2005. [42] Christof L¨oding. Model-checking infinite systems generated by ground tree rewriting. In Proc. of FOSSACS 2002, volume 2303, pages 280–294, 2002. [43] Christof L¨oding. Reachability problems on regular ground tree rewriting graphs. Theory of Computing Systems, page to appear, 2005. [44] C. Morvan. On rational graphs. In J. Tiuryn, editor, Proc. of FOSSACS 2000, volume 1784 of LNCS, pages 252–266, 2000. [45] David E. Muller and Paul E. Schupp. Pushdown automata, graphs, ends, second-order logic, and reachability problems. In Proc of the Annual ACM Symposium on Theory of Computing, pages 46–54. ACM Press, 1981. [46] D.E. Muller and P.E. Schupp. Groups, the theory of ends, and context-free languages. J. Comput. Syst. Sci., 26(3):295–310, 1983, June. 15

[47] D.E. Muller and P.E. Schupp. The theory of ends, pushdown automata, and secondorder logic. Theor. Comput. Sci., 37(1):51–75, 1985. [48] M. Rabin. Decidability of second order theories and automata on infinite trees. Trans. Amer. Math. Soc., 141:1–35, 1969. [49] S. Rubin. Automatic Structures. Phd thesis, University of Auckland, 2004. [50] S. Schwoon, J. Esparza, and A. Kucera. Model-Checking LTL with regular valuations for pushdown systems. In Proc. of TACS ’2001, volume 2215 of Lecture Notes in Computer Science, pages 306–339, 2001. [51] Detlef Seese. The structure of the models of decidable monadic theories of graphs. Annals of Pure and Applied Logic, 53:169–195, 1991. [52] A. L. Semenov. Decidability of monadic theories. volume 176 of LNCS, pages 162–175, Praha, Czechoslovakia, September 1984. Springer. [53] W. Thomas. Automata on infinite objects. In J. van Leeuwen ed., editor, Handbook of Theoretical Computer Science, volume B, pages 135–191. Elsevier, 1990. [54] Wolfgang Thomas. A short introduction to infinite automata. In Werner Kuich, Grzegorz Rozenberg, and Arto Salomaa, editors, Proceedings of the 5th International Conference on Developments in Language Theory (DLT’01), volume 2295 of Lecture Notes in Computer Science, pages 130–144. Springer-Verlag, 2002. [55] Wolfgang Thomas. Constructing infinite graphs with a decidable mso-theory. In Proceedings of the 28th International Symposium on Mathematical Foundations of Computer Science, volume 2747 of Lecture Notes in Computer Science, pages 113 – 124. Springer, 2003. [56] Igor Walukiewicz. Model checking ctl properties of pushdown systems. In Sanjiv Kapoor and Sanjiva Prasad, editors, FSTTCS, volume 1974 of Lecture Notes in Computer Science, pages 127–138. Springer, 2000. [57] Igor Walukiewicz. Monadic second-order logic on tree-like structures. Theor. Comput. Sci., 275(1-2):311–346, 2002. [58] P. Wolper and B. Boigelot. Verifying systems with infinite but regular state spaces. In Alan J. Hu and Moshe Y. Vardi, editors, Proc. of CAV ’98, volume 1427 of LNCS, pages 88–97, 1998.

16


           !" #$! %&#'() *+ ,%%- ./01 2)3&- 45647 2)3&- 8()&9 :;?@ABC:AE FDG:;H>>I;JB FK J LMNOPQROS %&T&*  )! '() ) ) '# *&  &' '&"9 *&  U*T3) *'& '# 9 ( V*  *&T&*   )  W)3- X! )"' ) ) &) !)" Y)&Z ' #) !&ZZU"'WZ[ #)(V'+ #'   !Z9 '# #'()" ")&\!)\] %& * !^ U9- V Z*3! '( X)*3 9W '# *&T&*  )! '() )- V*3 ) X)Z '&  '^3)""Z WT_^3'\&*`)X"- 9&3'&*`Z ) *'&)"- )&Z ) *'^ &)" )&* *'& \)W- W3 *U"9] / W& 3))3 *`) *'& '#  )&* *'& \)W YZ! ' a!""bc3!WW )&Z ' d)!3)" )&Z  !Z& [(& *'& !"  '& * W'V ' 3'\&*` ")&\!)\- )&Z Z*3!   ) ! '# 3& )" )"\'* (*3 W'X"( Y"*+ )3)X*"* 9 '# \*U&  ) ' Z3*Z)X*"* 9 '#  T ^'Z '9[] e fghijkglmn omlpqkjrst u vw wxy zy  {|}vwx {~w{w vw €xv |}x|w  €~vw }vv‚  v wx„w   …vx{v zw  {~x{}~v† u v~ {vw‡v  vvw‚ ~ ƒ~„w …y  {~v~  …w „}w v vw v{w   {~x{}~v ~†w† …y  …~v „w{vx ˆ‰Š‹ Œ Œ Œ‹‰Ž ~ vwxw xw  v{w†  wv  vvw ~ vw ~„w …y  …w }{v~ ~  „x~…w z { …w zw€wz …y  …w x} Œ ‹’Ž z  vx~v~ xwv~ ˆy „~  €‡wz ~|}vŽ …y  …w x“ ‘ ˆ’Š‹ ”Œ Œˆ’Š‹ } Œ Œ Œ ‹’‹’•Š ‹ Œ Œ Œ‹’• Ž  – …w „x~…w† —y vwx ~ vw wwx“ w{w  {|}vwx {~w{w ƒ w |xx~ }w z wvwxwz vw vw z vw |}x|w  vx~ |x{w~ ƒ  {~vwz ƒ ~v €~vw }vv  xw …vx{v „~w ƒ  }vv …w{w z~v˜ ™ƒ vvw z ~|}v ƒ wxw {“ w{vwz ~ …vx{v €~vw wv vw zwvwz š z ›  vw vx~v~ xwv~ …w~ ~|y  }…wv  š œ › œ š† u vw xw x  zw {w{~ ˆx vw }vv~{ „wx~€{v~  vvw“ …wz |xxƒ {† žŸ ¡¢¢£Ž  xw„wxw zw„w|wv v |{w† v €xv vw …vx{v „~w  |}x}wz˜  yvw }{   xw{v~„w |xx x  |xv{ ~ zwwz ƒ…yƒ vvwz vx~v~ x| ƒ w „wxv~{w xw vw yvw¤ vvw† w v  zw {w{~  vw|x |x|wxvy ˆ~„w …y  vw|x ~{ x}Ž ~ v {|}vw vw wv  vw „wxv~{w ƒ wxw vw ~„w x} ~ v~€wz† ¥ƒ w„wx  vwz …y ¦{¦~ ž¦{¦¢§£ vw w¨{~w{y  zw {w{~ ~ ~|x„wz {~zwx…y ƒ w vw “{wz y…~{ ||x{‚ ~ z|vwz† ~ ||x{ ~„„w  xwv}x …{ v vw xv‚  }vv vwxy˜ ©vvw  vx~v~ x| xw …~v „w{vx z wv  vvw  w  vx~v~ xwv~ xw ~„w …y …w }{v~†  wwv~ |~v ~ ƒy…~{ zw“ {w{~ v {~w„w w¨{~w{y ~  |xv~{}x xw|xwwvv~  …w }{v~

wy …y vw xzwxwz …~xy zw{~~ z~x‚ ˆ—

¤Ž† ww —

¤ xw  x  ~~~ wz {y{~{ €~vw }vv {{w|v~ wv   “ “ƒ xz  …}zwz wv† v v~ |~v z ~~ v vw vxwvwv  ~€~vw yvw ~v ~ v}x v {{w vw {vx~v  …}zwz wv† w z~vv~ ƒ xz  x…~vxxy €~vw wv  xw|xwwvv~  ~z~„~z} vvw vw —

¤ }z …w xw“ |{wz …y }} €~vw }vv vwxw…y zx||~ vw xw  }~xwwv  {y{~{~vy† ©vvw |x|wxv~w ƒ ~ v} …w {|v}xwz …y xw}x }w† x vw |w{~€{v~  vx~v~ xwv~ w  v ~„w }vv vwxwv~{ zw€~v~  ƒ xz xwv~† wxw ~  xw xwwx„~x  |v~ wxw …y {~zwx~ €~vw“vvw vxz}{wx x ƒ xz xw ƒ x~v~ yvw  z~ wxwv ~z† ¡xwwvy  v  xw“ wx{ ~ zw„vwz v vw v}zy  ~€~vw vx~v~ yvw }~ vww ~zw ~  vvw|v v wwx~ w vw wvzy  zw {w{~ v yvw ƒ ~v ~€~vw vvw |{w† ˆw xwzwx { vx{w v~ xwwx{ ~xy w …y {}v~ vw  ™Ÿ©“¡x{wwz~  vw } {wxw{w  ƒ       z   

     !   !           " # "  Ž† }v  x vw }w vwxwv~{ |~v  „~w ƒ  ~€~vw vx~“ v~ yvw xw ~vwxwv~ ~{w vwy |x„~zw  vwxv~„w v vzxz zw  }vv x vw zw€~v~  “xw}x }w† u  vww ~„wv~v~ vw {~{ €~vw }vv xw v~ |xwwv˜ wy wvwx   v v zw€w vw ~€~vw vx}{v}xw ˆ~€~vw vvw |{w ~€~vw vx“ ~v~ x|Ž† } vw~x zy~{ ~ {{w|v}y  xw {~vwz ƒ ~v vw |xxw ~ v~w‚ ˆ ~ vw x~~ {~x{}~v zwŽ …}v xvwx ~v vw w‡|“ xv~  vv~{ zv‚ ˆƒ w vw {wz ƒ xz xw {~zwxwz ƒxw|xwwvv~  ~z~„~z} vvw   ~€~vw yvwŽ† u v~ xw €~vw }vv ƒ ~  …w }w} ~ vw zw„w|wv   ~€~vxy …}v x~v~{y x~wvwz zw vwxy† u v~ ||wx w }x„wy w …~{ {w  ~€~vw vx~v~ yvw~„~ {x{vwx~ v~ ƒxw}v xwx  vw~x |ƒ wx  {{w|vx  }w z z~{}~ vw vv}  x~v~{ |x…w† —}x ~ ~ v w| vw xwzwx v wvwx v~ vy zw„w|~ €wz z v ~„w w xwwxw{w ƒ wxw xw xw}v z  zwv~wz |x { …w {{wwz† w z v vxwv ~ y zw|v vw y {w{v~ ƒ ~v |x{w vwxy ƒ wxw z~ wxwv w  |w{~y~ ~€~vw vx~v~ yvw xw w|ywz z ƒ wxw vw wv~{ ~ …wz  …~~}v~ w  }~„w{w xvwx v  {{w|vwz }w† ˆw xwzwx y vxv vv }… $ w{v ƒ ~v vw }x„wy ž % ¢ &£ ƒ wxw vw wwv~ {{w|v z x~v~{ xw}v xw |xwwvwz†Ž j omhgl lnmhh * h j + gs , sgi * ikmshgigjs qkm - . h w {~zwx wzw …wwz vx~v~ x|  vw x / 0 ˆ1 ‹ ˆ2 3 Ž345 Ž ƒ wxw 1 ~ vw wv  „wxv~{w ˆwv~w {~zwxwz  vvw‚Ž 6 vw |…wv  wzw …w z 2 3 vw wv  7 “…wwz wzw† ©}{  vx}{v}xw ~ w‡vwzwz v  }vv …y vw |w{~€{v~  ~~v~ z € „wxv~{w† u  {w {~zwxwz …wƒ  ƒ wxw 1 ~ ~„w   xw}x }w „wx w }‡~~xy |…wv 8  '

( )*

vw wv   ~~v~ z € vvw ƒ ~ …w }wz v …w xw}x }w „wx 8 † x vw {~€{v~  ~€~vw }vv ~v ~ v} }¨{w v  v vw~x vx~v~ vx}{v}xw ~†w† v ˆvw |xwwvv~ Žƒvw x| ˆ1 ‹ ˆ2 3 Ž 345 Ž†


 

                          

 x| / 0 ˆ1 ‹ ˆ2 3 Ž 345 Ž ~ {wz  !    ! ~ ~v ~ vw vx~v~ x|  vw xw{…w … vvw  w “xww |}z  }vv† w {~zwx |}zƒ  }vv ~ vw xv 0 ˆš‹ 6 ‹ 8 ‹ ‹ ƒ ‹ Ž ƒ wxw š ~ vw €~vw wv  {vx vvw 6 vw ~|}v |…wv 8 vw v{ |…wv vw ~~v~ {vx vvw 8 vw ~~v~ v{ y… z š œ 6 œ 8 œ 8 œš vw vx~v~ xwv~†  }}  … vvw  vw }vv ~ ~„w …y  {vx vvw z  v{ {vwv ~†w† …y  ƒ xz x š 8 † w x| / 0 ˆ1 ‹ ˆ2 3 Ž 345 Ž ~ ƒ |w{~€wz  ƒ ˜ 1 ~ vw wv  {€}xv~ x š 8 ~{ xw xw{…w ˆ„~ €~vwy y ||~{v~  vx~v~  Ž xƒ vw ~~v~ … vvw † 2 3 ~ vw wv   |~x ˆ ‹ Ž x 1 x ƒ ~{ vwxw ~  vx~v~ ˆ ‹ 7 ‹ ‹ ‹ Ž ~ †   Ÿ~zwx vw |}z  }vv „wx 6 0 7 ‹‰‹ ƒ ~v vw ~w vvw  v{ |…wv 8 0 ‹ƒ  z ~~v~ v{ wvvwx  ƒ ~{ xw{~ w vw }w 7 ‰  ~ vw vzxz ƒ y ˆ{{w|v~ …y w|vy v{Ž˜ y vw vx~v~ ˆ ‹ 7 ‹ ‹ ‹ Ž ~v wwxvw vxv~ x  vw v{ {vwv vwx xwz~ wvvwx 7  vw }| xwz~ ‰ ~v {{w vw v| x vw v{ …y vw vx~v~ ˆ ‹‰‹ ‹ ‹ Ž z €y x  ~|}v wvvwx ~v zwwvw vw v| wvvwx x vw v{ }~ vw vx~v~ ˆ ‹ ‹ ‹ ‹ Ž† w ~€~vw vx~v~ x|   ƒ ˜ 





  



 !

"

#

#

#

$

  

% & ' ('

$

& ( 

%

)*

+,

-



./

-0 1 /

- 2 .2 3 4 5 

01 2

0

/

0 0 1 

0

4

0



0  

.

1

 . 1  

3

 0

/

3

 0 1

/

6 

o

8

  1

3

 0 1 1

/

6

o

8

 1

1

3

 0 1 1 1

/

777

o

6  1  1

8

1

o

777

8

~ „~w ƒ  |}zƒ  }vv ~ ƒ w“ƒ  ww w†† ž ©  |†– –£† y vw~x zw€~v~ |}zƒ  x| xw  …}zwz ~“ z }v“zwxww†  xw wwx {  x| ƒ ~{ ~{}zw vw {w  „wxv~{w  ~€~vw zwxww  …ww ~vxz}{wz …y Ÿ}{ žŸ}¢ £† ww x| xw ~vxz}{wz ~ vwx  |xw€‡ xw ƒ x~v~ yvw ~ ƒ ~{ {vx vvw‚ ˆ vwy {{}x ~ |}zƒ  }vvŽ z  xw wvwx z ƒ wxw  ƒ xz  vw v|  vw v{ ˆxvwx v  ~w wvvwxŽ y …w xw ƒ x~vvw† }  xw x~v~ vw| { …w |w{~€wz …y  vx~|w ˆ Š‹ 7 ‹ Ž zw{x~…~  vx~v~ x ƒƒ xz Š „~ wvvwx 7 v vw † w wv}xw  ~€~vw zwxww ~ ~vxz}{wz …y ƒ ~ wwx~ wz ƒxwxzx~v~ x}w  vw x Š 3 ~v xw}x wv Š‹  xz† ©}{  x}wƒ wz v vw ˆ~ wwx ~€~vwŽ wvƒ xw ƒ x~vw vx~|w ˆ Š‹ 7 ‹ Žƒƒ ~v Š Š z †  x| / 0 ˆ1 ‹ ˆ2 3 Ž 345 Ž ~ {wz       ~ x w : ;
?

> '

>?'

@

A

@?

@?

@

>

>? ! @?

*

>?

B C

>

! @

€~vw yvw  }{ wwx~ wz |xw€‡ xw ƒ x~v~ x}w Š 3 „wx  |…wv 8  ƒ w „w 1 8 ~  xw}x wv 2 3 {~v  vw |~x ˆ Š ‹ Ž wxw Š Š x w x}w Š 3 x  z 8 † ƒ ~v vw x}w   
Ÿ~zwx vw |xw€‡ xw ƒ x~v~ yvw „wx 8 0 3 z  ˆwxw ƒ w ~zwv~y  ~wv wv ƒ ~v ~v ƒwwwvŽ† w {xxw|z~ x| / 0 ˆ1 ‹ 2 3 ‹ 2 Ž „wx 1 0  vw wzw xwv~ 23 0 ˆ ‹ ŠŽ  z 2 0 ˆ ‹  Ž    vw x| / ~ ~x|~{ v vw vx}{v}xw  vw v}x }…wx ƒ ~v vw }{{wx xwv~ z vw “xwv~† uv ~ ƒ  vv vw |}zƒ  x| {~{~zw ƒ ~v vw |xw€‡“xw{~ …w x|  €~vw ~“ z }v“zwxww†  v~xz {  x| {vwz vx~{vy …w“ vƒ ww vw |}zƒ  x| z vw |xw€‡“xw{~ …w x| xw vw ¥  “ w  }v~ x| ˆwv~w $ }v {wz w  }v~ x xw}x x|Ž ~vx“ z}{wz …y Ÿ}x{ww žŸ} ¢£† ww x| xw wwxvwz …y zwvwx~~v~{ y“ |wxwzw xw|{wwv x|“xx† u žŸ  £  xwvx~{v~  vw |xw€‡“ xw{~ …w x| ~ |xwwvwz ƒ ~{ {x{vwx~ w vw ¥  “w  }v~ x|† A

@

"

$ $

@

#

A

)*

 A

@?

> ' >?' #

@?

>

>? ! @?

! @

' !

,

-0 /

0

0

A

- 02 02

6 

3 4 5

-0 /#

6

/

- 02 0

6

3 4

/9

;

:

 

     

                

u y |x{v~{ ||~{v~ ˆ zw {w{~Ž vw xwvx~{v~ v |xw€‡ xw ƒ x~v~ ~ v w„wxw v ƒ vw |w{~€{v~  ~vwxwv~ ~€~vw“vvw y“ vw† % ‡{w|v~ xw vx}{v}xw zwx~„wz x xw{}x~„w |xx ~ v~ {w |xw€‡ xw ƒ x~v~ v{w vw vx}{v}xw  vw vvw |{w v …w zw{x~…wz ˆww w†† ž% ©  £Ž† x vw {~{ ~vwxv}xw  vxz}{wx ˆž% ¦ £ ž% ~ & £ ž wx & ¢£Ž xw |ƒ wx} vy|w  xwv~ xw ƒ  ~ |xv~{}x vw xv~ z vw y{x“ ~ wz xv~ xwv~† x ~|~{~vy ƒ w {~zwx …~xy xwv~ y ƒ wxw xw„wx vw |…wv  vw vƒ  {|wv {~{~zw†  xwv~  6 œ 6 ~     ~ ~v { …w zw€wz …y  xw}x w‡|xw~ vxv~ x vw v~{ w‡|xw~ ˆzwv~ vw w|vy xwv~Ž z ˆ ‹ Ž x ƒ xz ‹ ˆzwv~ vw xwv~ ˆ ‹ Ž Ž …y w  vw |wxv~ }~ {{vwv~ ˆ||~wz {|wvƒ ~wŽ z ~vwxv~  {{vwv~ ˆ www vxŽ†  vwxv~„w {x{vwx~ v~  vww xwv~ ~„„w  zw  “ zwvwx~~v~{ }vv ƒ ~{ ƒ x w“ƒ y …}v y{x}y  vw vƒ  {|wv   ~|}v ˆ Š‹ Ž 6 œ 6 †  ~}vxvw v~ zw ƒ ~v  ~|w w‡|w {~zwx vw }¨‡ xwv~ ˆ Š‹ Ž Š ~  }¨‡  ˜  {xxw|z~ }vv ƒ }z |xxw ƒ ~v ~v xwz~ wz  vw w{z {|wv }v~ ~v }ww vv vw }¨‡ Š vxv v~ ~ v}x { …w {w{wz …y „~ vw v  xwz~ wz  vw vƒ  {|wv ~}vw“ }y {|x~ Š wvvwxƒ …y wvvwx ƒ ~v vw xw~~ }¨‡  †         !  vw x / 0 ˆ1 ‹ ˆ2 3 Ž 345 Ž ƒ wxw 1 ~  xw}x wv  ƒ xz „wx  }‡~~xy |…wv 8 z ƒ wxw w{ 2 3 ~  xv~ xwv~† 9


@?

' >?


 



            

w ~vxz}{v~  {w  vx~v~ x|  zw„w|wz …„w xwv   w‡|~{~v xw|xwwvv~  „wxv~{w z wzw ~ vwx  xz xw|w{v~„wy |~x  ƒ xz† wxw ~  vwxv~„w ƒ y v {x{vwx~ w ƒvx~v~ yvw …y vx}{v}x |x|wxv~w† u vw vwx~y  Ÿ}{ v~ }v v |x{wwz x  ~vwx‚ v  w‡vwx‚ |xwwvv~† w |xwwv wxw vxww  vww {x{vwx~ v~ xw}v z}w v ¦}wx z ©{}|| ˆ~ vw~x |~wwx~ ||wx ž¦© £Ž z v Ÿ}{ z ~ v}zwv ˆžŸ}¢ £ ž¦x £ ž ~ £Ž†  wv / 0 ˆ1 ‹ ˆ2 3 Ž 345 Ž …w  x|  …}zwz zwxww z ~v zw~vwz x~~‚ „wxvw‡ †  wv 1  …w vw wv  „wxv~{w ƒ w z~v{w ƒv ~ v v  ˆ„~ |v xwz x wzw  ƒ w  xw„wxwz wzwŽ†
w€w /  v …w vw }…x|  / ~z}{wz …y vw „wxvw‡ wv 1  1  {~ ~v „wxv~{w ~ 1   Š  1  vw …}zxy „wxv~{w‚† w   / xw vw {w{vwz {|wv ˆ}~ wzw ~ …v z~xw{v~Ž  vw x| /  ƒ ~v   † u ž¦© £ ¦}wx z ©{}|| „w wv…~wz  …w}v~} {x{vwx~ v~  |}zƒ  x| ~ vwx  vw ~x|~ vy|w  vw~x wz ˆƒ wxw  wz ~x|~ ~ }wz v xw|w{v vw „wxvw‡ |x|wxvy  …w~  …}zxy „wxvw‡Ž˜ ;


  ?  v' t%s 'tyqutqys ’“  „- –  /@ – AB – A  ˆ z%sys A   - „C – C ; ˆ ) C . -  –  /@/ ‚ p#"!q'x ’   „ -  –    –  D  /@ – A B –    – A  E ˆ v' t%s  ƒ"yx  v#‰#vts tyss‚ F G    HF F G   I JKLM NO  P Q RS O  ? T ’“  U V W  V  >  X Y st q' vq'ty"ts t%s vrs"  …†‡ƒv#tsy{yst"tv# wx '%zv#! t%"t t%s ys'qt %r' "' y[ t%s[ 'tyqutqys' ’  y  Z ‚ p' tx{vu" sŽ"&{s u#'vrsy ’ [  „- –  – /@ – A B – A  – A “[ ˆ‚ s wt"v# " u{x  ’ [ v# ’“ wx u#'vrsyv#! #x t%s ’“ƒ‹sytvus' v# t%s 'st ’  „ \  \   ˆ @ ‚ p zyr v# t%v' 'st %"' t%s y&  ]      ^  zvt% ; –    – ;_ . -  ––€ /  "#r zs t"˜s vt "' " ys{ys's#t"tv#  t%s ss&s#t „;  D ˆ   „;_ D ˆ  ’ [ ‚ $%s zv#! …†‡ƒ y&q" * „ ˆ „zyvtts# v# "wwys‹v"tsr 'q!!s'tv‹s y&ˆ rs‰#s' t%s 'st ’ v# ’“ & ( ~( „ ˆ ! &  „„( „  ˆ " ( „  ˆ " ( „   ˆˆ # ( „ ˆˆ # ( „` ˆ t '"x' t%"t  v' v# t%s u'qys  ` q#rsy  ƒ  ƒ "#r   ƒ'quus''y'‚ $%s ys"tv# - „C – C  ˆ )C . - –  /@/ v' rs‰#sr wx t%s zv#! y&q" aB „ –  ˆ  %b „A  „ – b ˆ ! AB „b –  ˆˆ vt% t%s "#"!q' y&q"' a  a “ y t%s t%sy 'quus''y ys"tv#' zs 'ss t%"t t%s 'tyqutqys zvt% q#v‹sy's *cd "#r t%s ys"tv#' a cd ys'tyvutsr t *cd v' v'&y{%vu t ’ [ ‚

# !s#sy" "# …†‡ƒv#tsy{yst"tv#  " 'tyqutqys ‘ v# " 'tyqutqys v' !v‹s# wx " r&"v# y&q" * „ ˆ "#r y s"u% ys"tv#    ‘ '"x  "yvtx
 "# …†‡ƒ y&q" a „ –    – _ ˆ 'qu% t%"t ‘ zvt% t%s ys"tv#'   v' v'&y{%vu t t%s 'tyqutqys zvt% q#v‹sy's *  "#r t%s ys"tv#' a  ys'tyvutsr t *  ‚ $%s# y "# …†‡ƒ's#ts#us  „v# t%s 'v!#"tqys  ‘ˆ #s u"# u#'tyqut " 's#ts#us  „v# t%s 'v!#"tqys  ˆ 'qu% t%"t ‘ )  v )   ‚ # yrsy t wt"v#  y&   #s %"' t ys{"us s‹syx "t&vu y&q"  „  –    – _ ˆ wx t%s uyys'{#rv#! y&q" a „  –    – _ ˆ "#r t ys"tv‹v s " Œq"#tv‰u"tv#' t * „ ˆ „ y rst"v' 'ss s‚!‚ ~€ˆ‚ p' " u#'sŒqs#us zs #ts t%s zv#!         T ‘  U P Q RS    >    V  O  P Q RS  O  ? T U V W  V  >  O  U   U O  P Q RS O  ? T ‘ X # t%s vtsy"tqys " &ys !s#sy" tx{s  v#tsy{yst"tv# v' "' q'sr u"sr …†‡ƒty"#'rqutv# „'ss ~ ˆ z%sys t%s q#v‹sy's  v' ys{ys's#tsr v# " ƒ r u{x   y"t%sy t%"# v#  vt's ‚ ”y t%s ys'qt' tys"tsr wsz vt 'q  us' t q's t%s 'v&{s u"'s &s#tv#sr "w‹s‚  

  G      G                G 

p !y"{% 0  „1 – „2  ˆ  3 ˆ v' u"sr   UO V      O „‹sy t%s "ws "{%"wst  ˆ v vt v' t%s ty"#'vtv# !y"{%  t%s ys"u%"ws !w" 't"ts'  "# `ƒ yss {q'%rz# "qt&"t#‚  sys " {q'%rz# "qt&"t# v'  t%s y&   „ –  – ! – " B – # B – $ ˆ z%sys v' t%s ‰#vts 'st  u#ty 't"ts'  t%s v#{qt "{%"wst ! t%s 't"u˜ "{%"wst " B t%s v#vtv" u#ty 't"ts # B . ! t%s v#vtv" 't"u˜ 'x&w "#r $ 9 :  : ! : ! @ : t%s ty"#'vtv# ys"tv#‚ p !w" 't"ts „u#‰!qy"tv#ˆ  t%s "qt&"t# v' !v‹s# wx " u#ty 't"ts "#r " 't"u˜ u#ts#t v‚s‚ wx " zyr y& ! @ ‚ $%s !y"{% 0  „1 – „2  ˆ  3  ˆ v' #z '{suv‰sr "' z' % 1 v' t%s 'st  u#‰!qy"tv#' y& ! @ z%vu% "ys ys"u%"ws „‹v" ‰#vtsx &"#x "{{vu"tv#'  ty"#'vtv#'  $ ˆ y& “t%s v#vtv" !w" 't"ts " B # B ‚ % 2  v' t%s 'st  " {"vy' „& ' C – "( C ˆ y& 1 y z%vu% t%sys v' " ty"#'vtv# „& – + – ' – ( – " ˆ v# $ ‚ p &ys !s#sy" u"''  !y"{%' z%vu% v#uqrs' t%s u"'s  ‹sytvus'  v#‰#vts rs!yss %"' wss# v#tyrqusr wx
"qu" ~ ‚ $%s's !y"{%' "ys v#tyrqusr v# tsy&'  {ys‰Žƒyszyvtv#! 'x'ts&' v# z%vu% u#ty 't"ts' „"' t%sx uuqy v# {q'%rz# "qt&"t"ˆ "ys # #!sy q'sr "#r z%sys " zyr # t%s t{  t%s 't"u˜ „y"t%sy t%"# " 'v#!s sttsyˆ &"x ws yszyvtts#‚ $%q' " yszyvtv#! 'ts{ u"# ws '{suv‰sr wx " tyv{s „)  – + – ) “ˆ rs'uyvwv#! " ty"#'vtv# y& " zyr )  C ‹v" sttsy + t t%s zyr ) “ C ‚ $%s s"tqys  v#‰#vts rs!yss v' v#tyrqusr wx "zv#! !s#sy"v sr yszyvtv#! yqs'  t%s y& *  #  * “ zvt% ys!q"y 'st' *  – * “  zyr'‚ †qu% " yqs s"r' t t%s „v# !s#sy" v#‰#vtsˆ 'st  yszyvts tyv{s' „)  – + – ) “ˆ zvt% )  . *  "#r ) “ . * “‚ p !y"{% 0  „1 – „2  ˆ   ˆ v' u"sr  + , S W  -  >  v y '&s ‰#vts 'x'ts& .  'qu% !s#sy"v sr 3{ys‰Ž yszyvtv#! yqs' *  #  * “ ‹sy "# "{%"wst !  zs %"‹s % 1 9 ! @ v' " ys!q"y 'st

u#'v't'  t%s {"vy' „)  C – ) “ C ˆ z%sys )  . *   ) “ . * “ y '&s yqs “ y& .  "#r C . ! @ ‚

% 2 * #  *


 





F G    H 

  G  JL I  J LM NO  P Q RS O  ? T    UOS V      O  U V W  V  >  U   U O  P Q RS O  ? T   + , S W  -  >    O X

”vy't zs {ys's#t t%s {y y {q'%rz# !y"{%'‚ Y st 0  „1 – „2  ˆ  3 ˆ ws !s#sy"tsr wx t%s {q'%rz# "qt&"t#   „ –  – ! – " B – # B – $ ˆ‚ "u% u#‰!qy"ƒ tv# v' " zyr ‹sy t%s "{%"wst  ! ‚ $"˜v#!
 ) ) \ )! ) zs u"# ys{ys's#t " u#‰!qy"tv# wx " #rs  t%s tyss ’ _ ‚ ”y tsu%#vu" u#‹s#vs#us zs zyvts t%s u#‰!qy"tv#' v# ys‹sy's yrsy v‚s‚ "' zyr' v# !  ‚ s !v‹s "# …†‡ƒ v#tsy{yst"tv#  0 v# ’ _ ‚ $%s y&q" a  „ –  ˆ z%vu% rs‰#s' 2  v# ’ _ %"' t '"x t%s zv#! t%sys v' " 't"u˜ u#ts#t C 'qu% t%"t   „& ' C ˆ  "#r   „"( C ˆ  y " yqs „& – + – ' – ( – " ˆ  $ ‚

$%v' v' s"'vx y&"v sr „s‹s# zvt% " ‰y'tƒyrsy y&q"ˆ q'v#! t%s 'quus''y ys"tv#' v# ’ _ t u"{tqys t%s {y#!"tv#  C wx ' – & – " "#r wx t%s sttsy'  ( ‚  z vt v' s"'x t zyvts rz# "' t%s rs'vysr r&"v# y&q" * „ ˆ z%vu% rs‰#s' t%s u#‰!qy"tv#' ys"u%"ws y& " B # B ‚ s ys sy t „" B # B ˆ  "' rs‰#"ws ss&s#t  t%s tyss ’ _ "#r t t%s q#v# 2  t%s ys"tv#' 2   rs‰#sr wx  3 a  „ –  ˆ‚ $%s y&q" * „ ˆ '"x' t%"t s"u% 'st ' z%vu% u#t"v#' „" B # B ˆ  "#r v' u'sr q#rsy t"˜v#! 2 ƒ 'quus''y' "' u#t"v#'  ‚

”y {ys‰Žƒysu!#v "ws !y"{%' " 'v!%t !s#sy"v "tv#  t%s {ys‹vq' {y v' #ssrsr‚ Y st 0 ws " {ys‰Žƒysu!#v "ws !y"{% zvt% " ys!q"y 'st 1 9 ! @  ‹sytvus'‚ s rs'uyvws "# …†‡ƒv#tsy{yst"tv#  0 v# t%s tyss ’ _ z%sys
v' t%s 'v s  ! ‚ s 't"yt zvt% " y&q" a „ –  ˆ z%vu% rs‰#s' t%s sr!s ys"tv# v#rqusr wx " 'v#!s yqs *  #  * “ zvt% ys!q"y *  – * “‚ $%s y&q" sŽ{ys''s' y  –  t%"t t%sys v' " zyr „ tyss #rsˆ C 'qu% t%"t   )  C    ) “ C zvt% )  . *   ) “ . * “‚  ‘  –‘“ "ys ‰#vts "qt&"t" ysu!#v  v#! *  – * “ ys'{sutv‹sx t%v' u"# ws {%y"'sr "' z' t%sys v' " #rs C 'qu% t%"t ‘ "uus{t' t%s {"t% 's!&s#t y&  t C "#r ‘“ t%s {"t% 's!&s#t y&  t C ‚

puus{t"#us  " {"t% 's!&s#t v' sŽ{ys''sr wx ysŒqvyv#! " uyys'{#rv#! "qt&"ƒ t# yq#‚ t' sŽv'ts#us u"# ws ursr wx " tq{s  'qw'st' ‹sy t%s u#'vrsysr {"t% 's!&s#t „ y "# "qt&"t# zvt%   't"ts' " ƒtq{s  'st' 'q  us'ˆ‚ $%s rv'ƒ Šq#utv#  'qu% y&q"' t"˜s# y " + ƒyqs' !v‹s' t%s rs'vysr y&q" rs‰#v#! t%s sr!s ys"tv# 2  ‚ $%s r&"v# y&q" * „ ˆ v' {y‹vrsr v# t%s '"&s z"x #z ys syyv#! t t%s {"t% 's!&s#t y& #rs  w"u˜ t t%s yt‚  'v#! t%s v#tsy{yst"tv#  ’ _ v# ’“ t%s rsuvr"wvvtx u"v&' z y& |"ƒ wv#}' $yss $%sys& ‚ t v' v#tsys'tv#! t #ts t%"t t%s {ys‰Žƒysu!#v "ws !y"{%' v# "ut uv#uvrs zvt% t%s !y"{%' z%vu% "ys …†‡ƒv#tsy{yst"ws v# ’“ „~ˆ‚

h k loh   Y st 0  „1 – „2  ˆ 34 – „56 ˆ6 37 ˆ ws " !y"{% "#r ( B " rs'v!#"tsr ‹sytsŽ  1 ‚ $%s  T  V    0 y& ( B v' " 'tyqutqys  t%s y&  „0 – ( B ˆ  „1  – „2  ˆ 34 – „5 6 ˆ6 37 ˆ‚ r&"v# 1  v' t%s 'st  " {"t%' y& ( B  %sys " {"t% y& ( B v' " 'sŒqs#us t' ( B ;  (     ;  (  z%sys y   zs %"‹s „( E  – (  ˆ . 2  ‚ p {"vy „& – " ˆ  {"t%' v' v# 2  v " v' "# sŽts#'v#  & wx "# sr!s y& 2   "#r zs %"‹s & . 5 6 v t%s "'t ss&s#t  & v' v# 56 ‚ p' "# sŽ"&{s u#'vrsy t%s 'v#!st# !y"{% 0 B zvt% ‹sytsŽ ( B "#r tz sr!s ys"tv#' 2B – 2   wt%  z%vu% u#t"v# t%s sr!s „( B – ( B ˆ‚ $%s q# rv#!  0 B v' „v'&y{%vu tˆ t%s wv#"yx tyss ’“‚ $%v' sŽ"&{s vq'ty"ts' t%s {zsy  t%s q# rv#! {sy"tv# †t"ytv#! y& t%s tyv‹v" 'v#!st# !y"{% „z%vu%  uqy's %"' " rsuvr"ws …†‡ƒt%syxˆ zs wt"v# t%s wv#"yx tyss ’“ z%sys rsuvr"wvvtx  t%s …†‡ƒt%syx v' " rss{ ys'qt‚ $%s q# rv#! {sy"tv# t"˜s' 'sŒqs#us'  sr!s' „"' ss&s#t'  t%s q# rsr 'tyqutqysˆ‚ p ys"tsr u#'tyqutv# u"sr    ys sy' t 'sŒqs#us'  ssƒ &s#t' v#'ts"r‚ t %"' t%s "r‹"#t"!s t%"t vt u‹sy' "ywvty"yx ys"tv#" 'tyqutqys' zvt%qt sŽty" u#‹s#tv#'‚ $ '{"ys #t"tv# zs rs‰#s vt #x ‹sy !y"{%' "' u#'vrsysr "w‹s‚ $%s tyss vtsy"tv#  " !y"{% 0  „1 – „2 ˆ – „56 ˆ6 ˆ v' t%s 'tyqutqys 0 @  „1 @ – A – – „2 @ ˆ34 – „5 6@ ˆ6 37 ˆ z%sys A  - „C –C34( ˆ ) C . 137@ – ( . 1 / „ 'quus''y ˆ

 - „C ( – C ( ( ˆ ) C . 1 @ – ( . 1 / „ u#s ys"tv# ˆ 2 @  - „C ) – C ( ˆ ) C . 1 @ – „) – ( ˆ . 2  /  "#r 5 6@  -C ( ) C . 1 @ – ( . 56 / ‚ ”y& t%s 'v#!st# !y"{% &s#tv#sr "w‹s #s wt"v#' wx tyss vtsy"tv# " u{x  t%s #"tqy" #q&wsy yrsyv#! y"t%sy t%"#  t%s wv#"yx tyss‚  zs‹sy t%s 'tyqutqys ’“ u"# ws !s#sy"tsr wx tyss vtsy"tv# y& t%s tz ss&s#t 'tyqutqys „- –  / – 5B – 5  ˆ q'v#! t%s tz {ysrvu"ts' 5B  - / "#r 5   -  / ‚ $%s q# rv#!  „0 – ( B ˆ u"# ws wt"v#sr wx " &#"rvu ty"#'rqutv# y& 0 @  &ys {ysuv'sx wx "# …†‡ƒv#tsy{yst"tv# v# " tz r u{x  0 ‚  t% {sy"tv#' {ys'sy‹s t%s rsuvr"wvvtx  t%s …†‡ƒt%syx‚ p!"v# zs 't"ts t%v' #x y !y"{%'
 





F G   K H  G   I      I    

H  J LMI JL I JLMM T    O O  U  V W  V  >  P Q RS  O  ? O   U  T  V   T    V +   >   ,  V  U    U  O    V  W  V  >  P Q RS  O  UX

Žts#rv#! s"yvsy zy˜  †%s"% "#r †tq{{ t%s t%sys& z"' '%z# y tyss vtsy"tv#' wx p‚ …qu%#v˜ „'ss ~ ˆ‚ p q {y v' !v‹s# wx "q˜vszvu  v# ~    y " ‹syx ys"r"ws "uuq#t zs ysu&&s#r ~‚ ”y t%s q# rv#! {sy"tv# 'ss t%s {"{sy' ~   wx
qyuss "#r "q˜vszvu  ‚ p' " '&" "{{vu"tv#  t%s t%sys& zs '%z " ys'qt „ z%vu% zs r #t ˜#z " ys sys#usˆ # 'tyqutqys' „ –†quu– 5 ˆ t%s 'quus''y 'tyqutqys  t%s #"tqy" #q&wsy' zvt% "# sŽty" q#"yx {ysrvu"ts 5 ‚
#'vrsy t%s wv#"yx tyss ’“ sŽ{"#rsr wx t%s {ysrvu"ts 5   -C . - –  /@ ) )C ) . 5 /  t%s s‹s {ysrvu"ts

y 5 ‚  z t%s …†‡ƒt%syx  „ –†quu– 5 ˆ v' rsuvr"ws v t%s …†‡ƒt%syx  „ –†quu B –†quu  – 5 ˆ v' rsuvr"ws z%sys †quu B  †quu   †quu‚ $%s q# rv#!

 t%s "ttsy 'tyqutqys v' t%s wv#"yx tyss sŽ{"#rsr wx t%s s‹s {ysrvu"ts y 5 ‚  s#us zs wt"v#          T O  P Q RS O  ? T „ –†quu – 5 ˆ  U V W  V  >  O  U   U O  P Q RS O  ? T O  >   ?

 ,   V V

>? O 

  

 V  W T  5 X

mn    o
j  jn  # ~ 
"qu" v#tyrqusr t%s zv#! %vsy"yu%x „ ˆ  !y"{%' t!st%sy zvt% " %vsy"yu%x „ ˆ  tyss' % B  t%s u"''  ‰#vts tyss' %   t%s u"''  !y"{%' z%vu% "ys …†‡ƒv#tsy{yst"ws v# " tyss   %     t%s u"''  q# rv#!'  !y"{%' v# 0   x t%s ys'qt'  t%s {ysusrv#! 'sutv#' „"#r t%s "ut t%"t " ‰#vts 'tyquƒ tqys %"' " rsuvr"ws …†‡ƒt%syxˆ s"u% 'tyqutqys v# t%s
"qu" %vsy"yu%x %"' " rsuvr"ws …†‡ƒt%syx‚  x " %vsy"yu%x ys'qt   "&& ~ # %v!%syƒyrsy ysuqy'v# 'u%s&s' t%s %vsy"yu%x v' 'tyvutx v#uys"'v#!‚ #
"qu"}' {"{sy ~  " rv sys#t y&"v'&  v#tsy{yst"tv# „‹v" v#‹sy's y"tv#" 'qw'tvtqtv#' ˆ v' q'sr v#'ts"r  …†‡ƒv#tsy{yst"tv#'‚ s zy˜ zvt% t%s "ttsy t ˜ss{ t%s {ys's#t"tv# &ys q#v y&  t%s sŒqv‹"s#us wstzss# t%s tz "{{y"u%s' %"' wss# s't"wv'%sr wx
"y"x "#r  %ys ~ ‚ Y st q' t"˜s " ˜ "t '&s 'tyqutqys' z%vu% uuqy v# t%v' %vsy"yu%x‚ t v' us"y t%"t B v' t%s u"''  ‰#vts !y"{%' z%vs   u#t"v#' t%s 'ƒu"sr ys!q"y tyss' „"tsy#"tv‹sx rs‰#sr "' t%s v#‰#vts tyss' z%vu% %"‹s #x ‰#vtsx &"#x ##ƒv'&y{%vu 'qwtyss'ˆ‚ ”v!qys  „q{{sy %" ˆ '%z' " ‰#vts !y"{% "#r vt' q# rv#! "' " ys!q"y tyss


 

/    



/ 

/ 

/ / / / /      oo   oo   oo   oo   oo

/

 

/ 

/ 

/ 

 

/







W W , Y4-X/2 >65 7191Y2 -1O - X75/O1Y 9.-60 s #q&wsy t%s ‹sytvus'  t%s %yv #t" v#s wx  –  –    "#r u" t%s ‹sytvus' wsz t%s& t ws  s‹s   s‹s   s‹s  stu‚  z zs q's t%s 'v&{s …†‡ƒv#tsy{yst"tv# z%vu% t"˜s' " tyss #rs' "' r&"v# "#r v#tyrqus' y    " #sz sr!s y& "#x ‹sytsŽ  s‹s  \  t t%s ‰y't ‹sytsŽ  s‹s  ‚ $%v' v#tyrqus' t%s t%v# v#s' v# ”v!qys € "' #sz sr!s' „"''q&sr t {v#t  ;1 C 6/>5 >5 X4 1, n

G n+1 (a, b) = {uv | u, v ∈ G n (a, b)} ⊇ {uv | u, v ∈ {a, b}≤2 ≤2n

= {a, b}

n−1

}

.

n

Therefore, |G n (a, b)| ≥ 22 and the claim follows. (ii) is analogous to (i), and (iv) immediately follows from (iii) as the divisibility relation is definable in (N, ·). (iii) Suppose (N, |) ∈ AutStr. We define the set of primes Px

iff

x = 1 ∧ ∀y(y|x → y = 1 ∨ y = x),

the set of powers of some prime Qx

iff

∃y(P y ∧ ∀z(z|x ∧ z = 1 → y|z)),

and a relation containing all pairs (n, pn), where p is a prime divisor of n, Sx y

iff

x|y ∧ ∃=1 z(Qz ∧ ¬Pz ∧ z|y ∧ ¬z|x).

The least common multiple of two numbers is lcm(x, y) = z

iff

x|z ∧ y|z ∧ ¬∃u(u = z ∧ x|u ∧ y|u ∧ u|z).

For every n ∈ N there are only finitely many m with Snm. Therefore S satisfies the conditions of Proposition 6.1. Consider the set generated by P via S and lcm, and let γ (n) := |G n (P)| be the cardinality of G n (P). If (N, |) is in AutStr then (N, |, P, Q, S) ∈ AutStr, and γ (n) ∈ 2O(n) by Proposition 6.4. Let P = { p1 , p2 , . . .}. For n = 1 we have G 1 (P) = { p1 }. Generally, G n (P) consists of (1) numbers of the form p1k1 , (2) numbers of the form p2k2 · · · pnkn , and (3) numbers of a mixed form.

OF28

A. Blumensath and E. Gr¨adel

In n steps we can create (1) p1 , . . . , p1n (via S), (2) γ (n − 1) numbers with k1 = 0, and (3) for every 0 < k1 < n, γ (n − 2) − 1 numbers of a mixed form (via lcm). All in all we obtain γ (n) ≥ n + γ (n − 1) + (n − 1)(γ (n − 2) − 1) = γ (n − 1) + (n − 1)γ (n − 2) + 1 ≥ nγ (n − 2)

(as γ (n − 1) > γ (n − 2))

≥ n(n − 2) · · · 3γ (1)

(without loss of generality assume that n is odd)

= n(n − 2) · · · 3 ≥ ((n + 1)/2)! ∈ 2(n log n) . Contradiction. Remark. (1) Since it is easy to construct a tree-automatic presentation of Skolem arithmetic this result implies that the class of structures with tree-automatic presentation strictly includes the class of automatic structures (see [6]). (2) The structure (N, ⊥), where ⊥ stands for having no common divisor, is automatic. To see this, we represent each number n ∈ N by a pair (w, k) where w = w0 w1 · · · ∈ {0, 1}∗ such that wi = 1 iff the ith prime divides n, and k is the number of elements m < n with the same set of prime divisors as n. Then (w, k) ⊥ (w  , k  ) iff w and w represent disjoint sets which can obviously be checked by an automaton.

7.

Composition of Structures

The composition method developed by Feferman and Vaught [25] and by Shelah [45] (see also [30] and [47]) considers compositions (products and sums) of structures according to some index structure and allows one to compute—depending on the type of composition—the first-order or MSO theory of the whole structure from the respective theories of its components and the monadic theory of the index structure. The characterisation given in Section 4 can be used to prove closure of automatic structures under such compositions of finitely many structures. A generalised product— as it is defined below—is a generalisation of a direct product, a disjoint union, and an ordered sum. We will prove that given a finite sequence (Ai )i of structures first-order interpretable in some structure C, all their generalised products are also first-order interpretable in C. The definition of such a product is a bit technical. Its relations are defined in terms of the types of the components of its elements. The atomic n-type atpA(a) ¯ of a tuple (a0 , . . . , an−1 ) in a structure A is the conjunction of all atomic and negated atomic formulae ϕ(x) ¯ such that ϕ(a) ¯ holds in A.

Finite Presentations of Infinite Structures

OF29

We first look at how a direct product and an ordered sum can be defined using types. Example. (1) Let A := A0 × A1 where Ai = (Ai , Ri ), for i ∈ {0, 1}, and R is a binary ¯ belongs to R iff (a0 , b0 ) ∈ R0 relation. The universe of A is A0 × A1 . Some pair (a, ¯ b) and (a1 , b1 ) ∈ R1 . This is equivalent to the condition that the atomic types of a0 b0 and of a1 b1 both include the formula Rx0 x1 . (2) Let A := A0 + A1 where Ai = (Ai ,