- Email: [email protected]
The logic of “initially” and “next”: Complete axiomatization and complexity
s..__
__ k!i!z
ELSEVIER
Informqtion p;~ryv Information ProcessingLetters69 (1999)221-225
The logic of “initially” and “next”: Complete axiomatization and complexity P.-Y. Schobbens a,*y1,J.-F. Raskin by2 a Institut d’lnfomatique, University of Namur; 5000 Namur; Belgium b EECS Department, University of California, Berkeley, CA 94720-1770, USA
Received2 November 1998;receivedin revisedform 4 February 1999
Abstract Andr6ka et al. (1995) obtained a large number of completeness results for discrete linear-time temporal logics. One of them is left open: the completeness of the logic of “initially” and “next”, for which a deductive system is proposed. This simple logic is of practical importance, since the proof of program invariants only require these modalities. We show here that the conjectured medium completeness of this system indeed holds; further, we show that deciding this entailment is PSPACE-complete, while deciding validity is only coNP-complete. 0 1999 Elsevier Science B.V. All rights reserved. Keywords:
Temporallogic; Completeaxiomatization;Computationalcomplexity;Automatictheorem proving; Program specification
1. Introduction Temporal logic has been created by Prior [5]. Its importance for program verification has been noted by Pnueli [4], and it is still a topic of intensive research. The creation of complete proof systems, as required for practical proofs of programs, is an important sub-topic explored in [2,1]. Treating first-order [9], second-order, branching, or dense-time [6] temporal logics is more difficult; often only partial results are available. In this article we deal with a simple propositional temporal logic [l] restricted to two modal operators: initially, noted Q, and next, noted 0. This logic is very
useful since sequential and concurrent programs are described by their initial values and by their transitions [3]. The logic thus allows the proof of invariance properties of programs, of the form y k /?, where y is a description of the program, and p is an invariance property to be checked. An axiomatization is proposed in [l], but its completeness is stated as an open research problem. Section 2 recalls the problem [ 11. The completeness is established in Section 3. Section 4 characterizes the complexities of decision problems for this logic. Detailed proofs can be found in [7].
2. The logic of “initially” * Correspondingauthor.Email: [email protected]. ’ This work was performed when at IST, Lisbon, and was partially supported by the Portuguese Foundation for Science and Technology (FCT) under PRAXIS XXI, by the European Commission under WGs 22704 Aspire and 23531 Fireworks. 2 This work was supported by the Belgian FNRS.
and “next”
For programs, we decide here to model time as a sequence of execution steps, beginning when the program is launched. Time is thus discrete: we are not interested in what happens inside a step, and linear:
0020-0190/99/$ - see front matter 0 1999 Elsevier Science B.V. All rights reserved. PII: SOO20-0190(99)00022-8
222
P-E Schobbens, J.-E Raskin /Information
we observe the execution sequences of the program, but do not want to look into the decisions open to the program. Therefore, we model time by the set of natural numbers N. 2.1. Syntax Given a set of proposition symbols syntax of the logic TL& is defined by:
p E P, the
Processing Letters 69 (1999) 221-225
where an infinite set of hypotheses is used, and weak completeness where no hypothesis is allowed. No effective proof system can be strongly complete for this logic, since the logic is not compact. To perform proofs of this type, we use a Hilbert system: the formula y will be used as a supplementary axiom, and we also use the following axioms and rules [ 11, on top of the axioms of propositional logic: (Ko)
~::=PIo~Io~I~1~~2I’~.
We will also use the other propositional shorthands.
connectives
(Ko)
as
(funa) @no)
2.2. Semantics (conk>
A model records an execution, i.e., the evolution of the state, given by the subset of propositions that are true at each time point: M:N-+
W’)
4
2p.
Given a model M and a time t E W, we define the satisfaction of formulae: M, t IFp
-p
E M(t),
M,tIt~l~~zrM,tl~~2ifM,tI~~1, M,t IF-4
E M, t IF q5does not hold,
M, t 1104
rM,t+lIt$,
M,tlkQ$
=M,Okq5.
For this logic we define the following classical notions: A model M globally saCsjies a formula 4, noted M It 4, iff M, t IF 4 at all times t E N. A formula ;p $0:~ satisjable iff there is a model M such A formula 4 is valid if every model M globally satisfies it. A formula 4 is point-satisjiable iff there is a model M and a time t such that M, t IF 4. A formula is not point-satisfiable iff its negation is valid. A formula y entails another formula /!?, noted y E j3, iff M It y implies M Ik B for any model M. 2.3. Proof theory Axiomatizing entailment is called medium completeness in [ 11, to contrast it with strong completeness
(NE% )
4J 04 e-,0$,
OlcI +
(IN@
If we can provide a Hilbert proof of a formula p without using the supplementary axiom y , we say that /3 is a theorem of TL”o. and we write this as E /I. If we used y, we write y E B. In [ 11, E is noted l-to.
2.4. Derived rules and theorems
(RE) is the replacement rule: two equivalent formulae can be replaced in any context. (COM) commutes any modal and boolean operators; it subsumes (K). (NXT) states that each time point has a successor. (IND’) is a useful variant of (IND), obtained by taking @ := (04 + 4).
223
P-Z Schobbens, J.-E Raskin /Information Processing Letters 69 (1999) 221-225
3. Completeness In this section, we prove the medium completeness of the proof system [l]. We construct a model by filtration of the canonical model, as in [2]. Definition 1. The closure C is the smallest set: (1) containing all subformulae of y , B; (2) closed under 0,~. The simpliJied closure .J,C contains the simplified form (noted $4) of the formulae r$ E C using the seven simplification rules -4 * 4, (fun), (COM), (con). This set is used to obtain a finite number of formulae containing the same information, to enable the later induction step. This is called filtration. The structures So S’ , . . . , Sk will be used to represent models, and thus to decide entailment: Definition 2. The structure So = (A’, RL, RL) where:
l
A0 is the set of atoms, i.e., maximally ally consistent subsets of J, C, i.e.: . foralla~A”,forall~~~C,~~aiffJ-q5~a, . forallaEA”,forall~1-,~2EJ.C,~1~~2 uiff&$uor&Eu; forallu,bEA”,aR~biffV@5EC:
J.Oq5cuiff
l
forallu,bEA”,uR~biffVO~EC:
JO@Euiff
l
proposition-
We now define a series of structures S’ from So by deleting atoms that can not take part into a model for /3 under hypothesis y . Formally: Definition 8. The atom a E A’ is useless in S’ iff either: (1) J, y $ a: under hypothesis y , y must be true in every atom; (2) a 4 (R&)*(R&)): 3 every atom must be reachable from its initial atom, and in particular has an initial atom; (3) -3b: uRkb: every atom in a fulfilling path must have a successor. So we pass from S’ to S’+’ by deleting useless a. Lemma 9. Thefuljillingpuths
such a
are the same in all S’.
The procedure described above stops when there are no more atoms to delete. Let us note Sk or S the final structure: the canonical structure for ,fJ under y . Lemma 10. Each a E Ak is contained in a path under hypothesis y. Corollary 11. y I=-/I iff there is no a E Ak such that -1BEu-
-14Eb. Now, we use this decision procedure to prove the completeness of the proposed proof system. Atoms are viewed as the conjunction of their formulae:
Lemma 3. Rg (a) = { j, q5 I $0~5 E a} E A’. Lemmal
$4~
Lemma 5. uR:b
Rt(a)if$Oq5~
R:(u). ;=
implies R:(u)
= R:(b).
Definition 6. A path n = acut . . .a,. . . fulfills under hypothesis y in structure So iff l thereisnbOsuchthatJ/?Eu,; l
for all i 3 0, ui R$zo;
l
for all i > 0, ui R~u~+I;
0 foralli
bO,.Jy
M* &a
Similarly, a set of atoms B is viewed as a disjunction: /? s=vc;. aEB
Lemma 12. l-4 k LAO
t,
VaGA~,+Eak
In
purticulul;
6.
EUi. Lemma 13.
Note that a fulfilling path is a witness for the point satisfiability problem of b under hypothesis y . Lemma 7. y k -/3 ifs there is no path n in So that fuljlls /3 under y.
Lemma 14. For all a E A”, I- ii + ok:(u). 3 (R&)* denotes the reflexive-transitive closure of Rb
224
I?-Y Schobbens, J.-E R&in
/Information
The above lemmas are still provable under y in the structures S’, by an inductive reasoning: Lemma 15. For every a E A’ \ A’+‘, y k- -6.
Processing Letters 69 (1999) 221-225
Lemma 17. A TL& formula #I is in simplified form iff it is a boolean combination (without double negution) offormulae of the form: l ~ 0. :. ?p, abbreviated us 0’~: n (perhaps 0) next-
Proof. (1) _1y +7!a: since a is maximal. (2) a q! (R&)*(R&(u)): Let R* be the reflexive-transitive closure atoms,
of R&. Let B be the reachable
B = R*(R&(u)).
Lemma 18. Every TL&
by Lemma 14. (4 y k 6 + &(a) (b) k k&(u) + B since R&(u) E B; by (NECo), (K&k y l-b cc>
&(a) + OR&(b)
l
openrutors applied to a proposition p. We cull those formulae the next-formulae of #I. We note ml the maximal value of such n in _1B. OOnp: We cull those formulae the init-formulae of /3. We note m2 the muximul value of such n. formula j3 can be simplt$ed
into J, B, by applying at most IB I2 simplification The size of _1B is at most 1#?j2.
rules.
+ oii. by Lemma
13. Thus y k
b -+ OR*(b), since the closure contains the base relation, using (N”ECo), (50). Doing this for any b E B : y k_B +” OB with (COM). (IND’) gives y k OB -+ B. (4 Assume a is not reachable, then i is incompatible with a : k B + 4. Chaining (2a)-(2d): ,. ,. y~u-+=~u, which simplifies to y F -6. (3) -3b: uRLb: y k ii + 01 (NXT) I- -01 so y k -2.
by Lemma
Corollary 19 (Weak completeness). The simplijkution rules, the replacement rule and the propositional axioms form a complete proof system for validity in TL&,.
13. By
q
Since y I- -k? can also be written y F Ti t, I, we can remove 6 in the lemmas by (BE). This shows completeness: since no atom of Sk contains -/I. they all contain /3 which is thus provable under y by Lemma 12. Theorem 16. If y i= /3 then y E j3.
4. Complexity In this section, we characterize the complexity of validity, global satisfiability, and entailment with its two specializations [lo]: the data-entailment and the expression-entailment problems.
Theorem 20. The validity problem of TL& complete.
of TL&reduces
to
is coNP-
4.2. Global sutisjubility With our simple TL& logic and the notion of global satisfiability, we can encode interesting problems about programs, and specially the halting problem for a Turing Machine with a polynomial memory, as in [S]. Theorem 21. Deciding the global is PSPACE-complete.
sutisjiubility
of
TL&
4.3. Entailment Theorem 22. The problem PSPACE-complete.
4. I. Validity We show that point-satisfiability boolean satisfiability.
The validity problem reduces to the boolean validity of BE, the simplified formula where modal subformulae are considered as proposition symbols. Indeed, for a propositionally satisfiable formula, we can show its point satisfiability by choosing the point of satisfaction t > m2, as in [l].
of entailment
of TL&
is
Proof. Easiness: Given simplified /I, y , we introduce a new propositional symbol p@ replacing each init-
l?-Z Schobbens, J.-E Raskin /Information Processing Letters 69 (1999) 221-225
formula 04. The TL& entailment lent to the anchored validity of
y + /l is equiva-
A(PC#J * 4) + (OB + W) P$ in the logic of always/next, which is PSPACE-easy [8]. Hardness: By Theorem 2 1, whose co-problem is the case where /l = 1. q The same reasoning ment [lo]:
applies
to expression-entail-
Theorem 23. The expression-entailment for i.e., y b?B with /3jixed, is PSPACE-complete. Surprisingly,
data-entailment
TL&,,
TL&,
i.e., y +
Proof. As we consider y fixed, we can construct the canonical structure for T under y, noted S = (A, RO, Ro), and RG, in constant time. We now show how to solve the co-problem: we construct a model M II- y and for a time t > 0, M, t Iy #?.We first guess whether: l t > m2: then we guess: . m2 atoms au, at, . . . , a,,-1, m 1 atoms at, at+], . . * , CZ~+~,_~;and we check V #boo1 pB, where we define the boolean valuation V by: (1) V(Ojp) = T iff p E at+j, (2) V(OOjp)=TiffpEaj; . corresponding atoms so, st, . . . , sm2_l and sI, st+t , . . . , s~+~,_I in S such that: fl Prop@),
p E
Sj
iff p E
aj,
(3) (s,,-1, sr) E R;5. t < m2: In that case, the two sequences overlap. We guess t, then the t + ml atoms of aj and sj . Condition (3) is now void. The number of guesses is linear. All verifications are done in linear time. This co-problem is thus NP-easy, implying that the data-entailment problem is coNPeasy. It is coNP-hard since TL:, contains boolean logic. 0 l
5. Conclusion The completeness and complexity results presented here completes our knowledge of the various temporal logics [ 1,8] on this simple but useful case of TL&, . The completeness result confirms the conjecture of [l]: a non-standard inference rule is needed to reach medium completeness. For this logic, validity and data-entailment are coNP-complete; global satisfiability, expression-entailment and entailment are PSPACE-complete. It is the only logic we know of where validity and entailment have such a different complexity.
is pretty different:
Theorem 24. The data-entailmentfor ?b with y jixed, is coNP-complete.
(1) (sj, sj+t) E ROE (2) for all p E Prop(y)
225
References [l] H. Andreka, V Goranko, S. Mikulas, I. Nemeti, I. Sam, Effective temporal logics of programs, in: L. Bolt, A. S&as (Eds.), Time and Logic: A Computational Approach, UCL Press, 1995, Chapter 2, pp. 51-130. [2] 0. Lichtenstein, A. Pnueli, L. Zuck, The glory of the past, in: R. Parikh (Ed.), Logics of Programs, Lecture Notes in Computer Sci., Vol. 193, Springer, Berlin, 1985, pp. 196-218. [3] Z. Manna, A. Pnueli, Temporal Verification tems: Safety, Springer, New York, 1995.
of Reactive Sys-
[4] A. Pnueli, The temporal logic of programs, in: Proc. 18th Annual Symposium on Foundations of Computer Science, 1977, pp. 46-57. [5] A.N. Prior, Time and Modality, Oxford, 1957.
Oxford
University
Press,
[6] J.-E Raskin, P.-Y. Schobbens, T.A. Henzinger, Axioms for real-time logics, in: D. Sangiorgi, R. de Simone (Eds.), CONCUR’98: 9th International Conference on Concurrency Theory, Lecture Notes in Computer Sci., Vol. 1466, Springer, Berlin, 1998. [7] P.-Y. Schobbens, J.-E Raskin, Proving a conjecture of Andreka, Technical Report RP-98-015, Institut d’Informatique, Univ. of Namur, April 1998. [8] A.P. Sistla, E.M. Clarke, The complexity of propositional linear temporal logic, J. ACM 32 (3) (1985) 733-749. [9] A. Szalas, A complete axiomatic characterization of first-order temporal logic of linear time, Theoret. Comput. Sci. 54 (2-3) (1987) 199-214. [lo] M.Y. Vardi, The complexity ACM STOC’82, Baltimore, 146.
of relational query languages, in: MD, ACM Press, 1982, pp. 137-
__ k!i!z
ELSEVIER
Informqtion p;~ryv Information ProcessingLetters69 (1999)221-225
The logic of “initially” and “next”: Complete axiomatization and complexity P.-Y. Schobbens a,*y1,J.-F. Raskin by2 a Institut d’lnfomatique, University of Namur; 5000 Namur; Belgium b EECS Department, University of California, Berkeley, CA 94720-1770, USA
Received2 November 1998;receivedin revisedform 4 February 1999
Abstract Andr6ka et al. (1995) obtained a large number of completeness results for discrete linear-time temporal logics. One of them is left open: the completeness of the logic of “initially” and “next”, for which a deductive system is proposed. This simple logic is of practical importance, since the proof of program invariants only require these modalities. We show here that the conjectured medium completeness of this system indeed holds; further, we show that deciding this entailment is PSPACE-complete, while deciding validity is only coNP-complete. 0 1999 Elsevier Science B.V. All rights reserved. Keywords:
Temporallogic; Completeaxiomatization;Computationalcomplexity;Automatictheorem proving; Program specification
1. Introduction Temporal logic has been created by Prior [5]. Its importance for program verification has been noted by Pnueli [4], and it is still a topic of intensive research. The creation of complete proof systems, as required for practical proofs of programs, is an important sub-topic explored in [2,1]. Treating first-order [9], second-order, branching, or dense-time [6] temporal logics is more difficult; often only partial results are available. In this article we deal with a simple propositional temporal logic [l] restricted to two modal operators: initially, noted Q, and next, noted 0. This logic is very
useful since sequential and concurrent programs are described by their initial values and by their transitions [3]. The logic thus allows the proof of invariance properties of programs, of the form y k /?, where y is a description of the program, and p is an invariance property to be checked. An axiomatization is proposed in [l], but its completeness is stated as an open research problem. Section 2 recalls the problem [ 11. The completeness is established in Section 3. Section 4 characterizes the complexities of decision problems for this logic. Detailed proofs can be found in [7].
2. The logic of “initially” * Correspondingauthor.Email: [email protected]. ’ This work was performed when at IST, Lisbon, and was partially supported by the Portuguese Foundation for Science and Technology (FCT) under PRAXIS XXI, by the European Commission under WGs 22704 Aspire and 23531 Fireworks. 2 This work was supported by the Belgian FNRS.
and “next”
For programs, we decide here to model time as a sequence of execution steps, beginning when the program is launched. Time is thus discrete: we are not interested in what happens inside a step, and linear:
0020-0190/99/$ - see front matter 0 1999 Elsevier Science B.V. All rights reserved. PII: SOO20-0190(99)00022-8
222
P-E Schobbens, J.-E Raskin /Information
we observe the execution sequences of the program, but do not want to look into the decisions open to the program. Therefore, we model time by the set of natural numbers N. 2.1. Syntax Given a set of proposition symbols syntax of the logic TL& is defined by:
p E P, the
Processing Letters 69 (1999) 221-225
where an infinite set of hypotheses is used, and weak completeness where no hypothesis is allowed. No effective proof system can be strongly complete for this logic, since the logic is not compact. To perform proofs of this type, we use a Hilbert system: the formula y will be used as a supplementary axiom, and we also use the following axioms and rules [ 11, on top of the axioms of propositional logic: (Ko)
~::=PIo~Io~I~1~~2I’~.
We will also use the other propositional shorthands.
connectives
(Ko)
as
(funa) @no)
2.2. Semantics (conk>
A model records an execution, i.e., the evolution of the state, given by the subset of propositions that are true at each time point: M:N-+
W’)
4
2p.
Given a model M and a time t E W, we define the satisfaction of formulae: M, t IFp
-p
E M(t),
M,tIt~l~~zrM,tl~~2ifM,tI~~1, M,t IF-4
E M, t IF q5does not hold,
M, t 1104
rM,t+lIt$,
M,tlkQ$
=M,Okq5.
For this logic we define the following classical notions: A model M globally saCsjies a formula 4, noted M It 4, iff M, t IF 4 at all times t E N. A formula ;p $0:~ satisjable iff there is a model M such A formula 4 is valid if every model M globally satisfies it. A formula 4 is point-satisjiable iff there is a model M and a time t such that M, t IF 4. A formula is not point-satisfiable iff its negation is valid. A formula y entails another formula /!?, noted y E j3, iff M It y implies M Ik B for any model M. 2.3. Proof theory Axiomatizing entailment is called medium completeness in [ 11, to contrast it with strong completeness
(NE% )
4J 04 e-,0$,
OlcI +
(IN@
If we can provide a Hilbert proof of a formula p without using the supplementary axiom y , we say that /3 is a theorem of TL”o. and we write this as E /I. If we used y, we write y E B. In [ 11, E is noted l-to.
2.4. Derived rules and theorems
(RE) is the replacement rule: two equivalent formulae can be replaced in any context. (COM) commutes any modal and boolean operators; it subsumes (K). (NXT) states that each time point has a successor. (IND’) is a useful variant of (IND), obtained by taking @ := (04 + 4).
223
P-Z Schobbens, J.-E Raskin /Information Processing Letters 69 (1999) 221-225
3. Completeness In this section, we prove the medium completeness of the proof system [l]. We construct a model by filtration of the canonical model, as in [2]. Definition 1. The closure C is the smallest set: (1) containing all subformulae of y , B; (2) closed under 0,~. The simpliJied closure .J,C contains the simplified form (noted $4) of the formulae r$ E C using the seven simplification rules -4 * 4, (fun), (COM), (con). This set is used to obtain a finite number of formulae containing the same information, to enable the later induction step. This is called filtration. The structures So S’ , . . . , Sk will be used to represent models, and thus to decide entailment: Definition 2. The structure So = (A’, RL, RL) where:
l
A0 is the set of atoms, i.e., maximally ally consistent subsets of J, C, i.e.: . foralla~A”,forall~~~C,~~aiffJ-q5~a, . forallaEA”,forall~1-,~2EJ.C,~1~~2 uiff&$uor&Eu; forallu,bEA”,aR~biffV@5EC:
J.Oq5cuiff
l
forallu,bEA”,uR~biffVO~EC:
JO@Euiff
l
proposition-
We now define a series of structures S’ from So by deleting atoms that can not take part into a model for /3 under hypothesis y . Formally: Definition 8. The atom a E A’ is useless in S’ iff either: (1) J, y $ a: under hypothesis y , y must be true in every atom; (2) a 4 (R&)*(R&)): 3 every atom must be reachable from its initial atom, and in particular has an initial atom; (3) -3b: uRkb: every atom in a fulfilling path must have a successor. So we pass from S’ to S’+’ by deleting useless a. Lemma 9. Thefuljillingpuths
such a
are the same in all S’.
The procedure described above stops when there are no more atoms to delete. Let us note Sk or S the final structure: the canonical structure for ,fJ under y . Lemma 10. Each a E Ak is contained in a path under hypothesis y. Corollary 11. y I=-/I iff there is no a E Ak such that -1BEu-
-14Eb. Now, we use this decision procedure to prove the completeness of the proposed proof system. Atoms are viewed as the conjunction of their formulae:
Lemma 3. Rg (a) = { j, q5 I $0~5 E a} E A’. Lemmal
$4~
Lemma 5. uR:b
Rt(a)if$Oq5~
R:(u). ;=
implies R:(u)
= R:(b).
Definition 6. A path n = acut . . .a,. . . fulfills under hypothesis y in structure So iff l thereisnbOsuchthatJ/?Eu,; l
for all i 3 0, ui R$zo;
l
for all i > 0, ui R~u~+I;
0 foralli
bO,.Jy
M* &a
Similarly, a set of atoms B is viewed as a disjunction: /? s=vc;. aEB
Lemma 12. l-4 k LAO
t,
VaGA~,+Eak
In
purticulul;
6.
EUi. Lemma 13.
Note that a fulfilling path is a witness for the point satisfiability problem of b under hypothesis y . Lemma 7. y k -/3 ifs there is no path n in So that fuljlls /3 under y.
Lemma 14. For all a E A”, I- ii + ok:(u). 3 (R&)* denotes the reflexive-transitive closure of Rb
224
I?-Y Schobbens, J.-E R&in
/Information
The above lemmas are still provable under y in the structures S’, by an inductive reasoning: Lemma 15. For every a E A’ \ A’+‘, y k- -6.
Processing Letters 69 (1999) 221-225
Lemma 17. A TL& formula #I is in simplified form iff it is a boolean combination (without double negution) offormulae of the form: l ~ 0. :. ?p, abbreviated us 0’~: n (perhaps 0) next-
Proof. (1) _1y +7!a: since a is maximal. (2) a q! (R&)*(R&(u)): Let R* be the reflexive-transitive closure atoms,
of R&. Let B be the reachable
B = R*(R&(u)).
Lemma 18. Every TL&
by Lemma 14. (4 y k 6 + &(a) (b) k k&(u) + B since R&(u) E B; by (NECo), (K&k y l-b cc>
&(a) + OR&(b)
l
openrutors applied to a proposition p. We cull those formulae the next-formulae of #I. We note ml the maximal value of such n in _1B. OOnp: We cull those formulae the init-formulae of /3. We note m2 the muximul value of such n. formula j3 can be simplt$ed
into J, B, by applying at most IB I2 simplification The size of _1B is at most 1#?j2.
rules.
+ oii. by Lemma
13. Thus y k
b -+ OR*(b), since the closure contains the base relation, using (N”ECo), (50). Doing this for any b E B : y k_B +” OB with (COM). (IND’) gives y k OB -+ B. (4 Assume a is not reachable, then i is incompatible with a : k B + 4. Chaining (2a)-(2d): ,. ,. y~u-+=~u, which simplifies to y F -6. (3) -3b: uRLb: y k ii + 01 (NXT) I- -01 so y k -2.
by Lemma
Corollary 19 (Weak completeness). The simplijkution rules, the replacement rule and the propositional axioms form a complete proof system for validity in TL&,.
13. By
q
Since y I- -k? can also be written y F Ti t, I, we can remove 6 in the lemmas by (BE). This shows completeness: since no atom of Sk contains -/I. they all contain /3 which is thus provable under y by Lemma 12. Theorem 16. If y i= /3 then y E j3.
4. Complexity In this section, we characterize the complexity of validity, global satisfiability, and entailment with its two specializations [lo]: the data-entailment and the expression-entailment problems.
Theorem 20. The validity problem of TL& complete.
of TL&reduces
to
is coNP-
4.2. Global sutisjubility With our simple TL& logic and the notion of global satisfiability, we can encode interesting problems about programs, and specially the halting problem for a Turing Machine with a polynomial memory, as in [S]. Theorem 21. Deciding the global is PSPACE-complete.
sutisjiubility
of
TL&
4.3. Entailment Theorem 22. The problem PSPACE-complete.
4. I. Validity We show that point-satisfiability boolean satisfiability.
The validity problem reduces to the boolean validity of BE, the simplified formula where modal subformulae are considered as proposition symbols. Indeed, for a propositionally satisfiable formula, we can show its point satisfiability by choosing the point of satisfaction t > m2, as in [l].
of entailment
of TL&
is
Proof. Easiness: Given simplified /I, y , we introduce a new propositional symbol p@ replacing each init-
l?-Z Schobbens, J.-E Raskin /Information Processing Letters 69 (1999) 221-225
formula 04. The TL& entailment lent to the anchored validity of
y + /l is equiva-
A(PC#J * 4) + (OB + W) P$ in the logic of always/next, which is PSPACE-easy [8]. Hardness: By Theorem 2 1, whose co-problem is the case where /l = 1. q The same reasoning ment [lo]:
applies
to expression-entail-
Theorem 23. The expression-entailment for i.e., y b?B with /3jixed, is PSPACE-complete. Surprisingly,
data-entailment
TL&,,
TL&,
i.e., y +
Proof. As we consider y fixed, we can construct the canonical structure for T under y, noted S = (A, RO, Ro), and RG, in constant time. We now show how to solve the co-problem: we construct a model M II- y and for a time t > 0, M, t Iy #?.We first guess whether: l t > m2: then we guess: . m2 atoms au, at, . . . , a,,-1, m 1 atoms at, at+], . . * , CZ~+~,_~;and we check V #boo1 pB, where we define the boolean valuation V by: (1) V(Ojp) = T iff p E at+j, (2) V(OOjp)=TiffpEaj; . corresponding atoms so, st, . . . , sm2_l and sI, st+t , . . . , s~+~,_I in S such that: fl Prop@),
p E
Sj
iff p E
aj,
(3) (s,,-1, sr) E R;5. t < m2: In that case, the two sequences overlap. We guess t, then the t + ml atoms of aj and sj . Condition (3) is now void. The number of guesses is linear. All verifications are done in linear time. This co-problem is thus NP-easy, implying that the data-entailment problem is coNPeasy. It is coNP-hard since TL:, contains boolean logic. 0 l
5. Conclusion The completeness and complexity results presented here completes our knowledge of the various temporal logics [ 1,8] on this simple but useful case of TL&, . The completeness result confirms the conjecture of [l]: a non-standard inference rule is needed to reach medium completeness. For this logic, validity and data-entailment are coNP-complete; global satisfiability, expression-entailment and entailment are PSPACE-complete. It is the only logic we know of where validity and entailment have such a different complexity.
is pretty different:
Theorem 24. The data-entailmentfor ?b with y jixed, is coNP-complete.
(1) (sj, sj+t) E ROE (2) for all p E Prop(y)
225
References [l] H. Andreka, V Goranko, S. Mikulas, I. Nemeti, I. Sam, Effective temporal logics of programs, in: L. Bolt, A. S&as (Eds.), Time and Logic: A Computational Approach, UCL Press, 1995, Chapter 2, pp. 51-130. [2] 0. Lichtenstein, A. Pnueli, L. Zuck, The glory of the past, in: R. Parikh (Ed.), Logics of Programs, Lecture Notes in Computer Sci., Vol. 193, Springer, Berlin, 1985, pp. 196-218. [3] Z. Manna, A. Pnueli, Temporal Verification tems: Safety, Springer, New York, 1995.
of Reactive Sys-
[4] A. Pnueli, The temporal logic of programs, in: Proc. 18th Annual Symposium on Foundations of Computer Science, 1977, pp. 46-57. [5] A.N. Prior, Time and Modality, Oxford, 1957.
Oxford
University
Press,
[6] J.-E Raskin, P.-Y. Schobbens, T.A. Henzinger, Axioms for real-time logics, in: D. Sangiorgi, R. de Simone (Eds.), CONCUR’98: 9th International Conference on Concurrency Theory, Lecture Notes in Computer Sci., Vol. 1466, Springer, Berlin, 1998. [7] P.-Y. Schobbens, J.-E Raskin, Proving a conjecture of Andreka, Technical Report RP-98-015, Institut d’Informatique, Univ. of Namur, April 1998. [8] A.P. Sistla, E.M. Clarke, The complexity of propositional linear temporal logic, J. ACM 32 (3) (1985) 733-749. [9] A. Szalas, A complete axiomatic characterization of first-order temporal logic of linear time, Theoret. Comput. Sci. 54 (2-3) (1987) 199-214. [lo] M.Y. Vardi, The complexity ACM STOC’82, Baltimore, 146.
of relational query languages, in: MD, ACM Press, 1982, pp. 137-