- Email: [email protected]
Arithmetical axiomatization of first-order temporal logic
Information ProcessingLeuers 26 (1987/88) I I I-I 16 NoldMtoIland
23 November 1987
ARITHMETICAL A X I O M A T I Z A T I O N OF F I R S T - O R D E R T E M P O R A L LOGIC *
Andrzej SZALAS Department of Computing, Imperial College of Science and Technolo,~v, l_~mdan S W7 2BZ. IJntt('d Kingdom. and Instituw of bl]ormatics, Unit~ersiO, o[ IVarxaw. O0.O01 tVa~;~aw, Poland
~"ommunic:acdby W.M. Turski Received 20 January 1987 Revised 23 March 1987
KCvword~: Arithmetical completeness~conlpleteness, firsl-order tenlporal logic. Kripkt' structure, proof 5ystenl, soundness.
temporal theory
i. Introduction and preliminaries A major trend in p r o g r a m m i n g logic concerns proof systems that enable formal reasoning about program properties. Various notions of completeness were defined and new completeness proving techniques were developed. The most widely accepted nonclassical notion of completeness is that of relative completeness defined by Cook [1], who separated the reasoning about programs from reasoning about first-order properties of underlying interpretations and proved that Hoare's system [41 is complete relative to the class of exprest i r e i.",crpretaltUns. A characterization of the class of expressive interpretations was given by Lipton [8]. Due to his theorem, expressive interpretations .... either finite or contain arithmetics of natural ~,~ .> ..... The notion of arithmetical completeness was ~erlved from rela;~v.", completeness, ~,,,d wa. investigated by Harel in his work on Dynamic Logic (cf. [2,3]~. In fact, arithmetical completeress restricts the notion of relative completeness to arithmetical interpretations. In this paper we consider a proof system for first-order temporal logic with linear a n d discrete time. The version of temporal logic we deal with is essentially that investigated, for example, in * This work was supported by the Science and Enginecrin;,. Research Council of Great Britain.
[9,10,6,7]. As shown in [11,!2,14]. it is impossible to provide a finitistic a n d complete axiomatization of this logic. In [13], one can find a complete but infinitary proof system which allows to verify the validity of temporal formulae. O n the other hand, in order to deal with finitistie proof rules, one can consider arithmetical proof systems. Following this idea, we devote the current paper to a syntactic characterization of first-order temporal formulae valid in Kripke structures that contain arithmetics of natural numbers. Note that the technique of obtaining arithmetical axiomatizations of logics of programs presented by Harel [2,3] cannot be applied in the case of the temporal logic we deal with. Thus, we introduce a new method of obtaining arithmetical axiomatizations of logics of programs. It can he appl;ea in logics with modal operators definable by suprema and infima of enumerable and rectosire sets of formulae. Let us briefly recall notions which are important for our presentation. Let L be a many-sorted first-order language with equality = , usual Boolean constants true, false, and connectives - , A, V, ~ , ~-~, first-order quantifiers 3, V, and an additional syntax rule saving that if A and B are formulae, then A at B is also a formula. Formula A at B means that A holds in the ne×t state hat t~ holds. Note that instead of the more familiar until operator we use a slightly modified
~'[}2[)-{)190/87/$3.50~i~1987, ElsevierScience Pubh ,hers B3'. (North-I Iolland)
111
Volume 26, Ntlmher 2t
I N F O R M A T I O N PROCF-SSING LETTERS
Kr6ger's atnext operator at. As shown in [5,6], this does not change the expressive power of the language. A signature of the, language consists of a set of sorts, sets of functor and predicate symbols together with their domains and counter-domains, and two sets of so-called local and global variables (cf. [6,9,13D. A formula that contains neither temporal npcrators nor local variables is called classic a l "rogethcr with the set T of terms built of variable and functor symbols, we consider the set T~. of exten&,d terms (cf, [13]). Extended terms are buih of variable and functor symbois, and capres sions of the form Okz, where k is a natural number, z is a local variable, and by O k we denote the nexttimc operator O repeated k times. W,: d=fi~,e :}e semantics of th~ !anguag~ u~.;.qg the notion of Kxipke structures. A Kripke structure (KS in short) K = (I, S) consists of a first-order inte~retation I and an w-sequence S of states, where we denote by ~ 'he set of natural numbers. Interpretation I is defined as in the case of classical many-sorted logic, i.e., it specifies domains corresponding to sorts and it assigns concrete functions and ~elations to functors and predicates. In o'.her words, ! is a realization of a first-order language in a many-sorted relational system. Sequence S = ( s , ) i . ~ consists of states. ,v,,er¢ ever'..' state s, aaa~gas a vz;lue s,(z) 'o o~-h local variable z. In the sequel, for k ~ ~. by S',k we denote the suffix (s i ) i , ~ of S. Given a KS K = (I, S) and a valuation v of free global variables, we ivductively define the wdue of an extended term t ~ T~.: x~(v) is the vahle of x in valuation v where x is a global w~riable, (OJzI~t(v) is the value of z in vatuatmu sj, where z is a local variable, - f(t; . . . . . tn)K(v) = fl(t,K(V). . . . . t,K(V)), where f is an n-argument functor, and G ... tn are extended terms. The satisfaction relation ~ for formulae without temporal operator at is defined in the usual way. For operator at we define: (!, S),v ~ A a| B iff there is a natural number k > 0 such that (l, S , , , , , , ~ A A B and, for all 0
23 November 1987
A and we denote tiffs by K ~ A iff, for every valuation v, K,v ~ A. K is a mCdel for a set D of formulae ( K ~ D ) iff K ~ A , for every A ~ D . Formula A semantically follows from set D of formulae (D ~ A) iff, for any KS K, K ~ D implies K ~ A. CnadD) denotes the set of semantic consequences of D, Cn=t(D) = (BID~= B}. To present a proof system we need yet another notion. For any extended term t and formula q without atnext operator, we inductively define tO and qO with ~nmitivc meaning ' m o v e O inside': - xO = x, for any global variable x, (Okz)O = Ok+lz, for any local variable z and natural number k, f ( t l , . ,'.)O = f(tlO . . . . . t nO), where f is an nargument functor and tt . . . . , t . are extended terms, -- p(ti . . . . . t m ) O = p ( h O . . . . . tmO), where p is an m-argmnent predicate and t l , . . . , t m are extended terms, ( - A)O = - (AO), where A is a formula, (A * B)O = (AO) * (BO), where * is any twoargument Boolean connective, and A, B are formulae, - (Q x A)O = Q x (AO), where Q is a first-order quantifier and A is a formula. Given a formula A, we define nexttime operator OA to be (A at trne). In the sequel we consider two logics, L o and L~,I. In the first one, the only temnoral modality is the nexttime operator O, while the second one is the full temporal logic containing atnext operator at. By Cno(Ax), where A× is a set of formulas in Lo, we denote the set of all semantic consequences of Ax in L o. What follows is a proof system, here called PN, for logic L o. We assume the follovAng set of (s'~hemas of) axioms (A1)-(Ag): -
-
-
( A t ) all instances of classical propositional tautologies, (A2) 3x Okz = x, where z is a local variable and k is a natural number, (A3) Vx(Okz = X ---, (A(Okz) ~, A(x))), where Okz does not appear in A within the scope of the nexttim,~ operator, and x does not appear in A,
Volume 26, Number 3
INFORMATION PROCESSING LETTERS
(A4) V x A ( x ) ~ A ( x / t ) , where t ~ T, a n d A ( x / t ) denotes the fcrmula obtained from A b y replacing all occurrences of x by t, (A5) = is ar equivalence relation, (A6) x I = x~ A . . " ,'\x n = x" ~ fix1 . . . . . Xn) = f(X~. . . . . X~), wheie f is an n-argument functor, a n d x I . . . . . x,,. x~. . . . . x" are global variables. (AT) x I = x I A . . . A x,. = xl,, - , (p(x I . . . . . x ,,,) ,-, p(x[ . . . . . x~,,)) where p is an m-argument predicate, and xl . . . . . x~, x; . . . . . Xm are global variables, (A8) OA ~ AO, where A is a forvr~'h~ We assume the following inference rules: (MP)
A,A~B~f,N
(GEN)
A ~
B
B,
I--eN A ~ VX B, where x is not free
in A. If A is derivable in the above system from a set Ax of formulae, we write Ax I-'pN A. By Co(Ax ) we denote the set of all syntactic conseauences of Ax, Co(Ax) = {A lAx ~eN A}. The next theorems follow directly from [13] (Ax is an arbitrary set of formulae in Lo). 1.1. Thenrem. The proof system PN is sound, i.e., Co(Ax ) ~ C a o ( A x ). 1.2. Theorem. The proof system PN is complew, i.e., C n o ( A x ) c: Co(Ax ). " ~ ,.hall extend plc:3f sTstem PN in o . k : r to obtain an ari'l~,.,.dcally complete characterization of logic L.v 2. Arhhmetical Kripke structures and temporal theories This section introduces the notion of arithmetical Kripke structure a n d (arithmetical) temporal theory. We show that inductive definitions do not add to the logical contents of arithmetical temporal theories based on logic I,o,
23 November 1987
By arithmetical Kripke structure (AKS in short) we understand a n y KS K = (I, S) such that I contains arithmetics of natural numbers, i.e., I contains sort N of natural numbers, constants 0 a n d 1, a n d two binary functions + and *, with the standard meaning. Note that, contrary to Harel's definition [2], we do not require the existence of a predicate which allows to eucode finite sequences ol elements. By temporal theory in logic L o we understand a triple T = (L, Co, Ax>, where L is a language based o n logic L o , Co is a syntactic consequence relation, as introduced in Section 1, and Ax is a set of specific axioms. We :;aV that temporal theoly T = (L, C~, Ax) is arithmetic, provided that L ~.ontains (at least) a sort N and functor symbols 0, 1. + , *, and that Ax contains all classical first-order formulae valid in all AKSs. In what follows we justify the possibility of introducing new predicates by inductive definitions. Let T = (L, Co, Ax) be an arithmetical temporal theory. We form an extension T ' (I,'. Co, A x ' > of T by adding to L a set of fresh predicate symbols of the form pn,t~(n, xl . . . . . x~), whe:c n is a variable r . n g i n g over N, and by adding to Ax formulae of the form p~.B(0, x~ . . . . . x,~) ~ A(x~ . . . . . x~,),
p ~ . ( u + 1, x, . . . . . Xm) '-" 13(X~. . . . . X,,d.
(1)
where PAJ~ does not appear in A, the only new predicate symbol appearing in B is PAJ~, and all occurrences of PAj, in B are of the form p;,.a(n, xt . . . . . x~). In such t case we say that T ' is obtained from T by sinn, ',aneously assuming #lductice @finitions (of the form ( I ) ) - - S A I D . 2.1. Lemma. If temporal thenO' T' is obtahwetfrom arithmetical teml)oral theory T by SAlt), then every model K = (I, S) for T can be extended to a model K" = (I'. S) for T'. Proof. We extend first-order interpretation ! to 1' by adding relations PA.a oefined as follows: (pAjOK.(0, a . . . . . . am) iff A K ( a . . . . . . a,~), (p~,l~)~.(n + 1. a~ . . . . . a,,,) ill" B K ( x , / a , . . . . . x ,,,/a ,,, ), I13
Volume 2(,. Ntmlber 3
IN!.ORMATIt)N I~R(I('ESSING LE'FI'EI~-,";
where by B ( x J a l . . . . . x,,,/aM) we denote the formula obtained from B by replacing all occurrences of variables x ~ , . . . , x m by elements a ~ , . . . , a m , respectively. Now, by an easy inductive verification it cau be proved that (p;,,~)K'(n, a~ . . . . . am) is well defined for any n ~ N and any elements a t . . . . . a mMoreover, K ' = ( I ' , S} is a model for T ' , since (P-~ r~)~:' was defined to satisfy axioms (i). C3
23 November 1987
(A9) A at B ~ 3 n pa.B(n ,~;,....x~:). where A and B are formulae without atnext operator, x~ . . . . . x~ are all free variables appearing in A and B, n ranges over the natural numbers, a n d PA.v, is a new inductively defined predicate:
p~,.(O, x, ..... x~) ~ O ( A ^ B) and
A theory "l ' : : (I_', C o, A x ' ) is said to be an incsscntml extension of a theory T = (L, C o, Ax) provided that C o ( A x ) = G ~ ( A x ' ) o F, where F is the set of all formulae in L. 2.2. Theorem. U theoo" T ' = (L', Co, A x ' ) is obtained from arithmetical theor)" T = (L, C o, Ax) b,r SAID, then T' is an inessentiat extension of T. Proof. Since A x c Ax" and L c L', T ' is an extension of T. Now it suffices to show that, for every formula B in T, B ~ Co(Ax) implies B ~ Co(Ax'). First. let us show that B ~ C n o ( A x ) implies B Cno(Ax" ), Assume B ~ Cn o(A,x). Then, there is a KS K such that K ~ Ax and K ~ B. F r o m L e m m a 2.1 it follows that this model can be extended to a model for T'. Thus, B ~ C n o ( A X ' ) . Now, by applying soundness and completeness theorems for L . (Theorems 1.1 and 1.2), we obtain B C~,(Axt implies B ~ Co(Ax').
PA.u(~ ~ i, x, . . . . . x , . )
.~o((A10)
B^ p...(n, x, ..... x,,,)).
all classical first-order formulae valid in all AKSs.
Note that in view of Theorem 2.2 we are allowed to introduce new predicates by inductive definitions (as in axiom (A9)) since A and B are formulae of Lo. 3.1. Theorem. The proof s)'stem PA is aHt'mieti~ call), sound. Proof. As shown in [13], axioms ( A l l - ( A 8 ) are true in all Kripke structures, in particular in arithmetical ones. Also, rules (MP) and ( G E N ) are sound. Thus, what remains to show is that (A9) is true in any AKS. First we show that pA.n(n, x 1. . . . . X,,,) ~'
3. Arithmetical characterization of logic L:~, l~l this section we present an aritl~metically complete axiomatic characterizatk,i of first-order temporal logic L m with atnext operator at.. Let us denote by Th~ th~ sz ~. of all ciao,,,k,al first-order formulae valid in all AKSs, and by ~ A iet us denote that a formula A of L~, is valid in all AKSs. We say that a given proof :;ystem P is arith,'negically sound provided > p A implies ~ A, where F- e denotes a syW_aetic consequence relation of P. We say that P is arithmetically complete iff i-% A implies t-p A Let us consider proof system PA, which is obtained from PN (gi>:n in Section 1) by adding ti~,~ fuIGvdng Gchcz;;:,~ :;f) ar-om.~: 114
A ( - B)O j A (A A ' 3 ) 0 n ~u. O
We proceed by induction on n. If n = 0, then, hy the definition of relation PA.n, pA.r~(n, x . . . . . . xm) ~' O(A A B). O n the other hand, (O
B)oJ A (A A B)O1) *--~(A A B)O'
which, by axiom (A8), is equivalent to O(A A B). Now. assume that pA,B(n, X. . . . . . Xm)
'-'
A O
(-B)OJ^(A^B)O"+'.
Volmne 26, Number 3
INFORMATION PROCESSING LIZT'|'ERS
Consider pA,u(n + 1, xt . . . . . X,,). By the definition of relation PA.B, it is equivalent to O ( - - B A pAre(n, x 1. . . . . Xm)). By inductive assumption we obtain pA 13(U+ 1, XI . . . . . Xm)
,~o(-/3^ A (-8)oJ \ (l
(A A
B)O" ' t)
which proves the result. As proved in [13],
23November 1987
formula, we have C ~ T h ~ , i.e., C ~ C n o ( T h , ) . F r o m the completeness theorem for PN (Theorem ].2) we obtain Th,~I--pN C. N o t e that, for a n y formula G, the following formula is valid (thus provable in PN): G(x) ---,G ( x / O k z ) , where x is a free global variable that does not appear within the scope of a temporal operator. Since C was obtained from B by rcphtcing some extended terms of the form O~z by free global variables, by applying the above formula to C we obtain Th~ I-l,r~ 13. Since I-l, N A ~ B, we have Th~ ~-pN A 13 3.3. Theorem. The proof ,wstem PA i;" ;tritl'metica!ly oomph,re.
AaIB
sup I A (- B)O, ^ (A,, mO"l1
nC~o-- {0} ~ O < J < n
Thus, by the above argument, we have 3 n ( p ~ , . ( n , x . . . . . . Xm) ) sup (
A
( - B)O j A (A A B)On+l / !
..... Imo •~-~ A a t B .
n ( - B ) O j ^ ( A ^ B)O" []
3.2. Lemma. I f A ~ Lo, then we have that ~ ~ A q f Th~ I t,N A. ProoL ( , = ) Assume Th~ F-pN A. By the soundness a n d completeness theorems for PN (Theorems 1A a n d 1.2), Th~ k-pN A iff A ~ C n o ( T h ~ ) . Thus, we obtain that A is true in any KS which is a model fcr - r h in particular in any AKS, i.e., ~,~ A. ~ Assume I = .~,. By axiom (A8), i ~,N A B, where ~ ~z ,l formula that does not contain nexttime operator O. Since ~ A, we have ~,~ B. Let us prove that B ~ C u o ( T h ~ ) . Note that formula B can contain extended terms of the form Okz where k ~ ~ a n d z is a local variable. Since ~ B, the truth value of B does not depend on values of extended terms appearing in B. Thus, ~ B ~-~C, where C is obtained from B by replacing all extended terms of the form Okz by free global variables not occurring in B. From 1-% B we obtain ~=~ C. Since C is it classical first-order
Proof. Assume ~ A. Since A contains a finite number of atnext operators, by applying axiom (A9) a finite number of times we have that I--cA Def(A) --, (A ~ B), where B does not contain the amext operator, a n d Def(A) denotes the (finite) conjunction of inductive definitions assumed while applying axiom (A9) in order to obtain B. (This means that Dcf(A) is implicitly assumed as an axiom, i.e., I--i,a Def(A).) Since PA is arithmetically sot nd, we have ~ Def(A) ~ (A ~ B). By the assumption, ~ A, and so ~ Def(A) ~ B. Note that neither Def(A) nor B contain the amext operator. Thus, by Lemma 3.2. Th~ I--Pr~ Def(A) - , B. Since PN is a subsystem of PA and all forumlae in Th., arc axioms in PA, we have that I-pA Def(A) .~, lB. Also, t-t, A l ) c f ( A ) - , (A ~-, B) and so, since all propositional tautologies are axioms in PA, I--,A Def(A)--* A. Thus, we have ~-p~, Def(A) and I--pA D e f ( A ) ~ A and so. by rule MP, ~-PA A. []
References It] S,A. Cook, Smmdness and completenessof axiom system for program verification, SIAM J. Comput. 7 (I) (19781 70-90. [2] D. HareL First-Order Dynamic Logic, Lecture Notes in Computer Science, Vol, 68 (Springer, Berlin, 19781. [3] D. Harel, Arithmetical completeness in logics of programs, in: G. Ausid!o and C. B~.hm,eds.. Proe. 5th Coll. on Automated Language Programming, l,ecture Notes in Computer Science. Vol. 62 (Springer, Berlin, 19781 268-288. 115
V~lllllle ]fi, N~lIIlher 3
INFORMATION PROCI'SSING I+I/+FI'EI;tS
[4] C.A.R. Hoare, An axion-atic basis for computer programrtfing. Comm. ACM 12 11969) 576-580. [51 F. l'.2r~)g~-r,A g,~neralized nexttime operator in temporal logic, J. Comput. System Sci. 29 (1) (1984) 80-98. [61 F. KxiSg r, Temporal Logic of Programs--Lecture Notes. Rept. TUM-18521. Technische Univ. Miinchen, 1985. [7] F. Kr~,ger, On temporal program verification rules, Theoret, Inform. 19 (3) (1q85) 261-280. [81 R L k~pmn. A necessary anti sofficlel|t condition for exisWnee ~f tloare l~gics, in: Proc, 18th IEEE Syrup, on [:~und ~tions of Compu;¢r Science (t977) 1-6. [~[ Z ~vl~ltlnaalld A, Pnudi, Verification of concurrent program..: The temporal framework, in: R.S. Boyer and J.S, Moore, eds., The Correctne~.s Problem in Computer Science (Academi~ Press, New York, t981l 215-273.
t16
23 November1987
[10] Z. Mmma and A. Pnueli, Verification of concurrent programs: Temporal proof principles, in: D. Kozen, ed., Proc. Logic of Programs, Lecture Notes in Computer Science, Vol. 131 (Springer, Berlin, 1981) 200-252. [11] A. Szalas, Concerning the semaxttic consequence relation in first-order temporal logic, Tbeoret. Comput. Sci. 47 (1986) 329-334. [121 A. Szalas. Towards the temporal approach to abstract data types, Fundamcata Informatieae (1987) to appear. [13] A. Szalas, A complete axiomatic characterization of firstorder temporal logic of linear time, Theoret. Comput. Sci. 54 (2,3) (1987) 199-214. [14] A. Szalas and 1.. H~.~lenderskl, Incompleteness of first-order temporal logic with until, Theorct. Comput. Sci. (1988) to appear.
23 November 1987
ARITHMETICAL A X I O M A T I Z A T I O N OF F I R S T - O R D E R T E M P O R A L LOGIC *
Andrzej SZALAS Department of Computing, Imperial College of Science and Technolo,~v, l_~mdan S W7 2BZ. IJntt('d Kingdom. and Instituw of bl]ormatics, Unit~ersiO, o[ IVarxaw. O0.O01 tVa~;~aw, Poland
~"ommunic:acdby W.M. Turski Received 20 January 1987 Revised 23 March 1987
KCvword~: Arithmetical completeness~conlpleteness, firsl-order tenlporal logic. Kripkt' structure, proof 5ystenl, soundness.
temporal theory
i. Introduction and preliminaries A major trend in p r o g r a m m i n g logic concerns proof systems that enable formal reasoning about program properties. Various notions of completeness were defined and new completeness proving techniques were developed. The most widely accepted nonclassical notion of completeness is that of relative completeness defined by Cook [1], who separated the reasoning about programs from reasoning about first-order properties of underlying interpretations and proved that Hoare's system [41 is complete relative to the class of exprest i r e i.",crpretaltUns. A characterization of the class of expressive interpretations was given by Lipton [8]. Due to his theorem, expressive interpretations .... either finite or contain arithmetics of natural ~,~ .> ..... The notion of arithmetical completeness was ~erlved from rela;~v.", completeness, ~,,,d wa. investigated by Harel in his work on Dynamic Logic (cf. [2,3]~. In fact, arithmetical completeress restricts the notion of relative completeness to arithmetical interpretations. In this paper we consider a proof system for first-order temporal logic with linear a n d discrete time. The version of temporal logic we deal with is essentially that investigated, for example, in * This work was supported by the Science and Enginecrin;,. Research Council of Great Britain.
[9,10,6,7]. As shown in [11,!2,14]. it is impossible to provide a finitistic a n d complete axiomatization of this logic. In [13], one can find a complete but infinitary proof system which allows to verify the validity of temporal formulae. O n the other hand, in order to deal with finitistie proof rules, one can consider arithmetical proof systems. Following this idea, we devote the current paper to a syntactic characterization of first-order temporal formulae valid in Kripke structures that contain arithmetics of natural numbers. Note that the technique of obtaining arithmetical axiomatizations of logics of programs presented by Harel [2,3] cannot be applied in the case of the temporal logic we deal with. Thus, we introduce a new method of obtaining arithmetical axiomatizations of logics of programs. It can he appl;ea in logics with modal operators definable by suprema and infima of enumerable and rectosire sets of formulae. Let us briefly recall notions which are important for our presentation. Let L be a many-sorted first-order language with equality = , usual Boolean constants true, false, and connectives - , A, V, ~ , ~-~, first-order quantifiers 3, V, and an additional syntax rule saving that if A and B are formulae, then A at B is also a formula. Formula A at B means that A holds in the ne×t state hat t~ holds. Note that instead of the more familiar until operator we use a slightly modified
~'[}2[)-{)190/87/$3.50~i~1987, ElsevierScience Pubh ,hers B3'. (North-I Iolland)
111
Volume 26, Ntlmher 2t
I N F O R M A T I O N PROCF-SSING LETTERS
Kr6ger's atnext operator at. As shown in [5,6], this does not change the expressive power of the language. A signature of the, language consists of a set of sorts, sets of functor and predicate symbols together with their domains and counter-domains, and two sets of so-called local and global variables (cf. [6,9,13D. A formula that contains neither temporal npcrators nor local variables is called classic a l "rogethcr with the set T of terms built of variable and functor symbols, we consider the set T~. of exten&,d terms (cf, [13]). Extended terms are buih of variable and functor symbois, and capres sions of the form Okz, where k is a natural number, z is a local variable, and by O k we denote the nexttimc operator O repeated k times. W,: d=fi~,e :}e semantics of th~ !anguag~ u~.;.qg the notion of Kxipke structures. A Kripke structure (KS in short) K = (I, S) consists of a first-order inte~retation I and an w-sequence S of states, where we denote by ~ 'he set of natural numbers. Interpretation I is defined as in the case of classical many-sorted logic, i.e., it specifies domains corresponding to sorts and it assigns concrete functions and ~elations to functors and predicates. In o'.her words, ! is a realization of a first-order language in a many-sorted relational system. Sequence S = ( s , ) i . ~ consists of states. ,v,,er¢ ever'..' state s, aaa~gas a vz;lue s,(z) 'o o~-h local variable z. In the sequel, for k ~ ~. by S',k we denote the suffix (s i ) i , ~ of S. Given a KS K = (I, S) and a valuation v of free global variables, we ivductively define the wdue of an extended term t ~ T~.: x~(v) is the vahle of x in valuation v where x is a global w~riable, (OJzI~t(v) is the value of z in vatuatmu sj, where z is a local variable, - f(t; . . . . . tn)K(v) = fl(t,K(V). . . . . t,K(V)), where f is an n-argument functor, and G ... tn are extended terms. The satisfaction relation ~ for formulae without temporal operator at is defined in the usual way. For operator at we define: (!, S),v ~ A a| B iff there is a natural number k > 0 such that (l, S , , , , , , ~ A A B and, for all 0
23 November 1987
A and we denote tiffs by K ~ A iff, for every valuation v, K,v ~ A. K is a mCdel for a set D of formulae ( K ~ D ) iff K ~ A , for every A ~ D . Formula A semantically follows from set D of formulae (D ~ A) iff, for any KS K, K ~ D implies K ~ A. CnadD) denotes the set of semantic consequences of D, Cn=t(D) = (BID~= B}. To present a proof system we need yet another notion. For any extended term t and formula q without atnext operator, we inductively define tO and qO with ~nmitivc meaning ' m o v e O inside': - xO = x, for any global variable x, (Okz)O = Ok+lz, for any local variable z and natural number k, f ( t l , . ,'.)O = f(tlO . . . . . t nO), where f is an nargument functor and tt . . . . , t . are extended terms, -- p(ti . . . . . t m ) O = p ( h O . . . . . tmO), where p is an m-argmnent predicate and t l , . . . , t m are extended terms, ( - A)O = - (AO), where A is a formula, (A * B)O = (AO) * (BO), where * is any twoargument Boolean connective, and A, B are formulae, - (Q x A)O = Q x (AO), where Q is a first-order quantifier and A is a formula. Given a formula A, we define nexttime operator OA to be (A at trne). In the sequel we consider two logics, L o and L~,I. In the first one, the only temnoral modality is the nexttime operator O, while the second one is the full temporal logic containing atnext operator at. By Cno(Ax), where A× is a set of formulas in Lo, we denote the set of all semantic consequences of Ax in L o. What follows is a proof system, here called PN, for logic L o. We assume the follovAng set of (s'~hemas of) axioms (A1)-(Ag): -
-
-
( A t ) all instances of classical propositional tautologies, (A2) 3x Okz = x, where z is a local variable and k is a natural number, (A3) Vx(Okz = X ---, (A(Okz) ~, A(x))), where Okz does not appear in A within the scope of the nexttim,~ operator, and x does not appear in A,
Volume 26, Number 3
INFORMATION PROCESSING LETTERS
(A4) V x A ( x ) ~ A ( x / t ) , where t ~ T, a n d A ( x / t ) denotes the fcrmula obtained from A b y replacing all occurrences of x by t, (A5) = is ar equivalence relation, (A6) x I = x~ A . . " ,'\x n = x" ~ fix1 . . . . . Xn) = f(X~. . . . . X~), wheie f is an n-argument functor, a n d x I . . . . . x,,. x~. . . . . x" are global variables. (AT) x I = x I A . . . A x,. = xl,, - , (p(x I . . . . . x ,,,) ,-, p(x[ . . . . . x~,,)) where p is an m-argument predicate, and xl . . . . . x~, x; . . . . . Xm are global variables, (A8) OA ~ AO, where A is a forvr~'h~ We assume the following inference rules: (MP)
A,A~B~f,N
(GEN)
A ~
B
B,
I--eN A ~ VX B, where x is not free
in A. If A is derivable in the above system from a set Ax of formulae, we write Ax I-'pN A. By Co(Ax ) we denote the set of all syntactic conseauences of Ax, Co(Ax) = {A lAx ~eN A}. The next theorems follow directly from [13] (Ax is an arbitrary set of formulae in Lo). 1.1. Thenrem. The proof system PN is sound, i.e., Co(Ax ) ~ C a o ( A x ). 1.2. Theorem. The proof system PN is complew, i.e., C n o ( A x ) c: Co(Ax ). " ~ ,.hall extend plc:3f sTstem PN in o . k : r to obtain an ari'l~,.,.dcally complete characterization of logic L.v 2. Arhhmetical Kripke structures and temporal theories This section introduces the notion of arithmetical Kripke structure a n d (arithmetical) temporal theory. We show that inductive definitions do not add to the logical contents of arithmetical temporal theories based on logic I,o,
23 November 1987
By arithmetical Kripke structure (AKS in short) we understand a n y KS K = (I, S) such that I contains arithmetics of natural numbers, i.e., I contains sort N of natural numbers, constants 0 a n d 1, a n d two binary functions + and *, with the standard meaning. Note that, contrary to Harel's definition [2], we do not require the existence of a predicate which allows to eucode finite sequences ol elements. By temporal theory in logic L o we understand a triple T = (L, Co, Ax>, where L is a language based o n logic L o , Co is a syntactic consequence relation, as introduced in Section 1, and Ax is a set of specific axioms. We :;aV that temporal theoly T = (L, C~, Ax) is arithmetic, provided that L ~.ontains (at least) a sort N and functor symbols 0, 1. + , *, and that Ax contains all classical first-order formulae valid in all AKSs. In what follows we justify the possibility of introducing new predicates by inductive definitions. Let T = (L, Co, Ax) be an arithmetical temporal theory. We form an extension T ' (I,'. Co, A x ' > of T by adding to L a set of fresh predicate symbols of the form pn,t~(n, xl . . . . . x~), whe:c n is a variable r . n g i n g over N, and by adding to Ax formulae of the form p~.B(0, x~ . . . . . x,~) ~ A(x~ . . . . . x~,),
p ~ . ( u + 1, x, . . . . . Xm) '-" 13(X~. . . . . X,,d.
(1)
where PAJ~ does not appear in A, the only new predicate symbol appearing in B is PAJ~, and all occurrences of PAj, in B are of the form p;,.a(n, xt . . . . . x~). In such t case we say that T ' is obtained from T by sinn, ',aneously assuming #lductice @finitions (of the form ( I ) ) - - S A I D . 2.1. Lemma. If temporal thenO' T' is obtahwetfrom arithmetical teml)oral theory T by SAlt), then every model K = (I, S) for T can be extended to a model K" = (I'. S) for T'. Proof. We extend first-order interpretation ! to 1' by adding relations PA.a oefined as follows: (pAjOK.(0, a . . . . . . am) iff A K ( a . . . . . . a,~), (p~,l~)~.(n + 1. a~ . . . . . a,,,) ill" B K ( x , / a , . . . . . x ,,,/a ,,, ), I13
Volume 2(,. Ntmlber 3
IN!.ORMATIt)N I~R(I('ESSING LE'FI'EI~-,";
where by B ( x J a l . . . . . x,,,/aM) we denote the formula obtained from B by replacing all occurrences of variables x ~ , . . . , x m by elements a ~ , . . . , a m , respectively. Now, by an easy inductive verification it cau be proved that (p;,,~)K'(n, a~ . . . . . am) is well defined for any n ~ N and any elements a t . . . . . a mMoreover, K ' = ( I ' , S} is a model for T ' , since (P-~ r~)~:' was defined to satisfy axioms (i). C3
23 November 1987
(A9) A at B ~ 3 n pa.B(n ,~;,....x~:). where A and B are formulae without atnext operator, x~ . . . . . x~ are all free variables appearing in A and B, n ranges over the natural numbers, a n d PA.v, is a new inductively defined predicate:
p~,.(O, x, ..... x~) ~ O ( A ^ B) and
A theory "l ' : : (I_', C o, A x ' ) is said to be an incsscntml extension of a theory T = (L, C o, Ax) provided that C o ( A x ) = G ~ ( A x ' ) o F, where F is the set of all formulae in L. 2.2. Theorem. U theoo" T ' = (L', Co, A x ' ) is obtained from arithmetical theor)" T = (L, C o, Ax) b,r SAID, then T' is an inessentiat extension of T. Proof. Since A x c Ax" and L c L', T ' is an extension of T. Now it suffices to show that, for every formula B in T, B ~ Co(Ax) implies B ~ Co(Ax'). First. let us show that B ~ C n o ( A x ) implies B Cno(Ax" ), Assume B ~ Cn o(A,x). Then, there is a KS K such that K ~ Ax and K ~ B. F r o m L e m m a 2.1 it follows that this model can be extended to a model for T'. Thus, B ~ C n o ( A X ' ) . Now, by applying soundness and completeness theorems for L . (Theorems 1.1 and 1.2), we obtain B C~,(Axt implies B ~ Co(Ax').
PA.u(~ ~ i, x, . . . . . x , . )
.~o((A10)
B^ p...(n, x, ..... x,,,)).
all classical first-order formulae valid in all AKSs.
Note that in view of Theorem 2.2 we are allowed to introduce new predicates by inductive definitions (as in axiom (A9)) since A and B are formulae of Lo. 3.1. Theorem. The proof s)'stem PA is aHt'mieti~ call), sound. Proof. As shown in [13], axioms ( A l l - ( A 8 ) are true in all Kripke structures, in particular in arithmetical ones. Also, rules (MP) and ( G E N ) are sound. Thus, what remains to show is that (A9) is true in any AKS. First we show that pA.n(n, x 1. . . . . X,,,) ~'
3. Arithmetical characterization of logic L:~, l~l this section we present an aritl~metically complete axiomatic characterizatk,i of first-order temporal logic L m with atnext operator at.. Let us denote by Th~ th~ sz ~. of all ciao,,,k,al first-order formulae valid in all AKSs, and by ~ A iet us denote that a formula A of L~, is valid in all AKSs. We say that a given proof :;ystem P is arith,'negically sound provided > p A implies ~ A, where F- e denotes a syW_aetic consequence relation of P. We say that P is arithmetically complete iff i-% A implies t-p A Let us consider proof system PA, which is obtained from PN (gi>:n in Section 1) by adding ti~,~ fuIGvdng Gchcz;;:,~ :;f) ar-om.~: 114
A ( - B)O j A (A A ' 3 ) 0 n ~u. O
We proceed by induction on n. If n = 0, then, hy the definition of relation PA.n, pA.r~(n, x . . . . . . xm) ~' O(A A B). O n the other hand, (O
B)oJ A (A A B)O1) *--~(A A B)O'
which, by axiom (A8), is equivalent to O(A A B). Now. assume that pA,B(n, X. . . . . . Xm)
'-'
A O
(-B)OJ^(A^B)O"+'.
Volmne 26, Number 3
INFORMATION PROCESSING LIZT'|'ERS
Consider pA,u(n + 1, xt . . . . . X,,). By the definition of relation PA.B, it is equivalent to O ( - - B A pAre(n, x 1. . . . . Xm)). By inductive assumption we obtain pA 13(U+ 1, XI . . . . . Xm)
,~o(-/3^ A (-8)oJ \ (l
(A A
B)O" ' t)
which proves the result. As proved in [13],
23November 1987
formula, we have C ~ T h ~ , i.e., C ~ C n o ( T h , ) . F r o m the completeness theorem for PN (Theorem ].2) we obtain Th,~I--pN C. N o t e that, for a n y formula G, the following formula is valid (thus provable in PN): G(x) ---,G ( x / O k z ) , where x is a free global variable that does not appear within the scope of a temporal operator. Since C was obtained from B by rcphtcing some extended terms of the form O~z by free global variables, by applying the above formula to C we obtain Th~ I-l,r~ 13. Since I-l, N A ~ B, we have Th~ ~-pN A 13 3.3. Theorem. The proof ,wstem PA i;" ;tritl'metica!ly oomph,re.
AaIB
sup I A (- B)O, ^ (A,, mO"l1
nC~o-- {0} ~ O < J < n
Thus, by the above argument, we have 3 n ( p ~ , . ( n , x . . . . . . Xm) ) sup (
A
( - B)O j A (A A B)On+l / !
..... Imo •~-~ A a t B .
n ( - B ) O j ^ ( A ^ B)O" []
3.2. Lemma. I f A ~ Lo, then we have that ~ ~ A q f Th~ I t,N A. ProoL ( , = ) Assume Th~ F-pN A. By the soundness a n d completeness theorems for PN (Theorems 1A a n d 1.2), Th~ k-pN A iff A ~ C n o ( T h ~ ) . Thus, we obtain that A is true in any KS which is a model fcr - r h in particular in any AKS, i.e., ~,~ A. ~ Assume I = .~,. By axiom (A8), i ~,N A B, where ~ ~z ,l formula that does not contain nexttime operator O. Since ~ A, we have ~,~ B. Let us prove that B ~ C u o ( T h ~ ) . Note that formula B can contain extended terms of the form Okz where k ~ ~ a n d z is a local variable. Since ~ B, the truth value of B does not depend on values of extended terms appearing in B. Thus, ~ B ~-~C, where C is obtained from B by replacing all extended terms of the form Okz by free global variables not occurring in B. From 1-% B we obtain ~=~ C. Since C is it classical first-order
Proof. Assume ~ A. Since A contains a finite number of atnext operators, by applying axiom (A9) a finite number of times we have that I--cA Def(A) --, (A ~ B), where B does not contain the amext operator, a n d Def(A) denotes the (finite) conjunction of inductive definitions assumed while applying axiom (A9) in order to obtain B. (This means that Dcf(A) is implicitly assumed as an axiom, i.e., I--i,a Def(A).) Since PA is arithmetically sot nd, we have ~ Def(A) ~ (A ~ B). By the assumption, ~ A, and so ~ Def(A) ~ B. Note that neither Def(A) nor B contain the amext operator. Thus, by Lemma 3.2. Th~ I--Pr~ Def(A) - , B. Since PN is a subsystem of PA and all forumlae in Th., arc axioms in PA, we have that I-pA Def(A) .~, lB. Also, t-t, A l ) c f ( A ) - , (A ~-, B) and so, since all propositional tautologies are axioms in PA, I--,A Def(A)--* A. Thus, we have ~-p~, Def(A) and I--pA D e f ( A ) ~ A and so. by rule MP, ~-PA A. []
References It] S,A. Cook, Smmdness and completenessof axiom system for program verification, SIAM J. Comput. 7 (I) (19781 70-90. [2] D. HareL First-Order Dynamic Logic, Lecture Notes in Computer Science, Vol, 68 (Springer, Berlin, 19781. [3] D. Harel, Arithmetical completeness in logics of programs, in: G. Ausid!o and C. B~.hm,eds.. Proe. 5th Coll. on Automated Language Programming, l,ecture Notes in Computer Science. Vol. 62 (Springer, Berlin, 19781 268-288. 115
V~lllllle ]fi, N~lIIlher 3
INFORMATION PROCI'SSING I+I/+FI'EI;tS
[4] C.A.R. Hoare, An axion-atic basis for computer programrtfing. Comm. ACM 12 11969) 576-580. [51 F. l'.2r~)g~-r,A g,~neralized nexttime operator in temporal logic, J. Comput. System Sci. 29 (1) (1984) 80-98. [61 F. KxiSg r, Temporal Logic of Programs--Lecture Notes. Rept. TUM-18521. Technische Univ. Miinchen, 1985. [7] F. Kr~,ger, On temporal program verification rules, Theoret, Inform. 19 (3) (1q85) 261-280. [81 R L k~pmn. A necessary anti sofficlel|t condition for exisWnee ~f tloare l~gics, in: Proc, 18th IEEE Syrup, on [:~und ~tions of Compu;¢r Science (t977) 1-6. [~[ Z ~vl~ltlnaalld A, Pnudi, Verification of concurrent program..: The temporal framework, in: R.S. Boyer and J.S, Moore, eds., The Correctne~.s Problem in Computer Science (Academi~ Press, New York, t981l 215-273.
t16
23 November1987
[10] Z. Mmma and A. Pnueli, Verification of concurrent programs: Temporal proof principles, in: D. Kozen, ed., Proc. Logic of Programs, Lecture Notes in Computer Science, Vol. 131 (Springer, Berlin, 1981) 200-252. [11] A. Szalas, Concerning the semaxttic consequence relation in first-order temporal logic, Tbeoret. Comput. Sci. 47 (1986) 329-334. [121 A. Szalas. Towards the temporal approach to abstract data types, Fundamcata Informatieae (1987) to appear. [13] A. Szalas, A complete axiomatic characterization of firstorder temporal logic of linear time, Theoret. Comput. Sci. 54 (2,3) (1987) 199-214. [14] A. Szalas and 1.. H~.~lenderskl, Incompleteness of first-order temporal logic with until, Theorct. Comput. Sci. (1988) to appear.