contents preface iv balder ten cate (invited speaker) abstract model theory for extensions of modal...
TRANSCRIPT
ESSLLI 2007
19th European Summer School in Logic, Language and Information
August 6-17, 2007
http://www.cs.tcd.ie/esslli2007
Trinity College Dublin
Ireland
WORKSHOP PROCEEDINGS
ESSLLI is the Annual Summer School of FoLLI,
The Association for Logic, Language and Information
http://www.folli.org
European Summer School in Logic, Language, and Information
ESSLLI 2007
Dublin, Ireland
August 6–17 2007
International Workshop on Hybrid Logic
HyLo 2007
6–10 August 2007
Proceedings
Editors:
Jørgen VilladsenThomas BolanderTorben Brauner
Contents
Preface iv
Balder ten Cate (Invited Speaker)Abstract model theory for extensions of modal logic . . . . . . . . . . . . . . . . . . 1
Ian Hodkinson (Invited Speaker)Axiomatising an arbitrary elementary modal logic using hybrid logic . 2
Philippe Balbiani and Andreas HerzigTalkin’bout Kripke models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Lutz StrassburgerDeep inference for hybrid logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Natasha Alechina, Philippe Balbiani and Dmitry ShkatovLogics with modalities corresponding to infinite unions and intersectionsof accessibility relations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Jens Ulrik HansenA tableau system for a first-order hybrid logic . . . . . . . . . . . . . . . . . . . . . . . . 32
Dmitry SustretovTopological semantics and decidability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Volker WeberHybrid branching-time logics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Vladimir RybakovA hybrid LTLK of linear temporal logic LTL and multi-agent logic Kn 61
Mark Kaminski and Gert SmolkaA straightforward saturation-based decision procedure for hybrid logic 71
Martin Mundhenk and Thomas SchneiderThe complexity of hybrid logics over equivalence relations . . . . . . . . . . . . 81
iii
Preface
This volume contains the proceedings of the International Workshop on HybridLogic 2007 (HyLo 2007). The workshop is held in Dublin, Ireland, on 6–10August 2007, as part of the European Summer School in Logic, Language, andInformation (ESSLLI 2007), August 6–17 2007. The workshop is open to allESSLLI participants.
Hybrid logic is a branch of modal logic allowing direct reference toworlds/times/states. It is easy to justify interest in hybrid logic on the groundsof applications as the additional expressive power is very useful. In addition,hybrid-logical machinery improves the behaviour of the underlying modal for-malism. For example, it becomes considerably simpler to formulate modal proofsystems, and one can prove completeness and interpolation results of a general-ity that is not available in orthodox modal logic.
The topic of the HyLo workshop of 2007 is not only standard hybrid-logicalmachinery like nominals, satisfaction operators, and the downarrow binder, butgenerally extensions of modal logic that increase its expressive power.
The workshop HyLo 2007 is relevant to a wide range of people, including thoseinterested in description logic, feature logic, applied modal logics, temporal logic,and labelled deduction. The workshop continues a series of previous workshopson hybrid logic, most recently the LICS-affiliated HyLo 2006. The workshopaims to provide a forum for advanced PhD students and researchers to presentand discuss their work with colleagues and researchers who work in the broadsubject areas represented at ESSLLI.
The program committee of HyLo 2007 consisted of
• Carlos Areces (INRIA Lorraine, France)
• Patrick Blackburn (INRIA Lorraine, France)
• Thomas Bolander (Technical University of Denmark) — Co-Chair
• Torben Brauner (Roskilde University, Denmark) — Chair
• Mai Gehrke (New Mexico State University, USA)
• Valeria de Paiva (PARC, USA)
• Jørgen Villadsen (Technical University of Denmark)
The papers were refereed by the program committee whose help is gratefullyacknowledged.
It is planned to publish revised versions of the accepted papers in a special issueof Journal of Logic, Language and Information. This will involve a separatereviewing round.
The workshop organizers are Torben Brauner (Chair) and Jørgen Villadsen.
iv
The invited speakers at the workshop are
• Balder ten Cate (University of Amsterdam, The Netherlands)
• Ian Hodkinson (Imperial College, UK)
The workshop starts with a one hour introduction by Torben Brauner.
The workshop HyLo 2007 is sponsored by the HyLoMOL project which is fundedby the Danish Natural Science Research Council.
Jørgen VilladsenThomas Bolander
Torben Brauner
v
Abstract model theory for extensions of modal logic
Balder ten Cate
University of AmsterdamThe Netherlands
Many languages used in computer science (e.g., in knowledge representation, XML querying, systemverification) are extensions of modal logic. But what does it mean to be an extension of modal logic?There are at least three different dimensions along which the basic modal logic can be extended:
1. Axiomatic extensions (or, restricting the class of frames) Traditionally, by an extensionof the basic modal logic K, people have been referring to axiomatic extensions. Model theoretically, wecan also see this as the study of modal logics of more specific frame classes. Many beautiful resultshave been proved for logics of specific frame classes. For instance, Spaan (1993) has shown than everynon-trivial extension of S4.3 is NP-complete for satisfiability, and Marx and Venema (1997) have shownthat every extension of the basic modal logic K with Sahlqvist axioms that have first-order universalHorn correspondents has Craig interpolation.
2. Language extensions (or, increasing the expressive power) A different way of extendingmodal logic is by making the language more expressive, e.g., by adding a universal modality, backwardlooking modalities, the ↓-binder of hybrid logic, etc. A fundamental theorem here is of course the VanBenthem bisimulation theorem, which tell us that the basic modal language is the bisimulation variantfragment of first-order logic. Some recent results give a nice insight into what properties extensions ofthe basic modal language may have:
• Van Benthem (2007) proved that if an extension of the basic modal language satisfies bisimulationinvariance and compactness, then it is not really more expressive than the basic modal language.In other words, every proper extension of the basic modal language must lack either compactnessor bisimulation invariance.
• Ten Cate (2005) considered M(D), the extension of the basic modal language with the differencemodality, which is well known to lack Craig interpolation, and showed that the least expressiveextension of M(D) with Craig interpolation is full first-order logic. Likewise, it was shown therethat the hybrid language H(@, ↓) is the least expressive extension of H(@) with Craig interpolation.
3. Signature extensions (or, changing the type of structures considered) Besides Kripkestructures, modal logic can be used to describe other types of structures, e.g., topological spaces, neigh-borhood models, or even theories of arithmetic. Moreover, there is no need to stick to the rigid formatof unary modalities: some of these types of structures naturally give rise to k-ary modalities with k > 1.Recently a general framework has arisen, in which many of these ”signature extensions” can be accountedfor, based on coalgebra. Kripke models (as well as topological spaces, probabilistic transition systems,and polyadic Kripke models) are examples of coalgebras for well behaved functors on the category ofsets. It was recently shown that certain results on modal logic can be generalized to whole family of suchfunctors, yielding for instance a general uniform interpolation result (Kupke and Venema, 2005) and ageneral Goldblatt-Thomason result (Kurz and Rosicky, 2007).
In this talk I will discuss these three dimensions, with a special focus on the second, and I will discusssome interesting interactions between them.
1
Axiomatising an arbitrary elementary modal logic using hybrid logic
Ian Hodkinson
Imperial CollegeUK
In a recent paper* it was shown that the modal logics of elementary classes of Kripke frames are preciselythose logics that can be captured by sets S of hybrid sentences H of a certain syntactic form. Each Hgenerates an infinite set of modal formulas called ’approximants’. Taken together, the approximants ofall the H in S axiomatise the logic of the class of frames defined by S. The proof is analogous to standardproofs of Sahlqvist’s theorem. I will discuss this result and its proof, concentrating of course on thehybrid aspects.
* Hybrid formulas and elementarily generated modal logics.Ian Hodkinson, Notre Dame J. Formal Logic 47 (2006) 443-478.http://projecteuclid.org/euclid.ndjfl/1168352661
2
Talkin’bout Kripke models
Philippe Balbiani, Andreas Herzig∗
IRIT–CNRS, 31062 Toulouse Cedex 9 (France){balbiani,herzig}@irit.frhttp://www.irit.fr/LILaC
Abstract
Suppose there is given a finite model M of a finite modal language.In this short note we investigate different ways of characterizing what istrue in M , and what is true at some possible world w of M . We focus onmethods that do not resort to nominals, and stay with the usual languageof modal logic. We investigate two different ways of associating formulas topossible worlds and models, and show that both lead to characterizationsthat are exponential in the number of possible worlds.
1 Introduction
Suppose given a finite modal language, i.e. having a finite number of atomicpropositions and a finite number of modal operators, and a finite model M .How can we characterize syntactically the formulas that are true in M , i.e., howcan we build a formula φM such that M |= ψ iff φM |= ψ? And how can wecharacterize syntactically the formulas that are true at some point w of M?The latter is understood here as: how can we build formulas φM and φw suchthat M,w |= ψ iff φM |= φw → ψ? Such characterizations are useful in variouscontexts. For example it is used in [1] in order to describe action models; moregenerally it is used in completeness proofs requiring the description of modelsby formulas, as done for example for the case of classical propositional logic inbelief revision and update [4].
In the literature there exist such characterizations [3]. In general they resortto the tools of hybrid logics: they introduce atomic propositions naming possibleworlds, alias nominals, in order to speak about possible worlds and what is truetherein. We here investigate what can be done without such a device. It willturn out that this can be done, but at the price of formulas of length exponentialin the cardinality of the set of possible worlds.
A similar proposal is credited in the literature to Alexandru Baltag [2, 8].In Section 5 we explain the differences.
∗Jerome Lang triggered this work by a challenging question. Thanks are due to MaartenMarx, Pierre Marquis and Hans van Ditmarsch for useful discussions, as well as to one of thereviewers of HyLo’07 for his extensive and highly relevant comments and criticisms.
3
2 Background
Let our finite modal language be built from a finite set of propositional symbolsProp and a finite set of modal symbols Mod . From these ingredients a multi-modal language is built in the standard way; in particular �iϕ is a formula ifϕ is a formula and i ∈ Mod , and ♦iϕ abbreviates ¬�i¬ϕ.
Kripke models for that language are as usual of the form M = 〈W, val, R〉,where W is a set of possible worlds, val : W −→ 2Prop a valuation, and R :Mod −→ (W −→ 2W ) maps modal symbols to accessibility relations. We writeRi for R(i). The set of all Kripke models is noted K. As Prop and Mod arefinite, a model M is finite iff W is finite.
Truth of a formula ϕ in a world w of a model M is noted M,w |= ϕ and isdefined as usual. In particular
• M,w |= p iff p ∈ val(w), for p ∈ Prop;
• M,w |= �iϕ iff M,w′ |= ϕ for every w′ ∈ Ri(w).
Truth of ϕ in M , noted M |= φ, is defined as: M,w |= ϕ for every w ∈ W .When M is some class of Kripke models for our language, then the consequencerelation |=M is defined by:
ϕ |=M ψ iff for every M ∈M, if M |= ϕ then M |= ψ.
The formula ϕ on the left of |=M is called the global hypothesis. We write |=for |=K (logical consequence in the class of all Kripke models).
Example 1 Our running example will be in terms of the language Prop = {p}and Mod = {1, 2}, and the model that we consider is the S52-model
w2←→ w′
where p is true at w and false at w′. (We do not draw the reflexive arrows.) Ourexample model is formally described as M = 〈{w,w′}, val, R〉 with val(w) = {p},val(w′) = ∅, R1 = {〈w,w〉, 〈w′, w′〉}, and R2 = W ×W .
3 Characterizing finite models by means of globalhypotheses
If we accepted to introduce nominals w and w′ into our language then the modelM of Example 1 could be characterized by the so-called Jankov-Fine formula
JF (M) = (w → (p ∧ ♦1w ∧�1w ∧ ♦2w ∧ ♦2w′ ∧�2(w ∨ w′)) ∧
(w′ → (¬p ∧ ♦1w′ ∧�1w
′ ∧ ♦2w ∧ ♦2w′ ∧�2(w ∨ w′))
Indeed, for any ψ we have M |= ψ iff JF (M) |= ψ, and M,v |= ψ iff JF (M) |=v → ψ, for v ∈ {w1, w2}. In other words, we can characterize what is true in
4
M and what is true at worlds in M . Note that Jankov-Fine characterizationsof models are of length polynomial in the number of possible worlds.
In the rest of the paper we will investigate syntactic characterizations of agiven finite model M = 〈W, val, R〉 that do without nominals. We suppose thatM is generated from some w ∈ W , i.e., that W = {w′ : 〈w,w′〉 ∈
⋃i∈Mod R
∗i },
where R∗i is the reflexive and transitive closure of R.
3.1 Characterizing possible worlds
First, due to finiteness of Prop, the valuation val(w) is finite for every possibleworld w, and can be characterized by a conjunction of literals. The followingdefinition generalizes this and associates a formula to each possible world w thatdescribes what is accessible from w in at most n steps.1
Definition 1 (world descriptions) Let M = 〈W, val, R〉 be a model. Wedefine recursively the formula δn(w) for all n ≥ 0:
δ0(w) =∧
p∈val(w) p ∧∧
p6∈val(w) ¬p
δn+1(w) = δ0(w) ∧∧
i∈Mod(∧
v∈Ri(w) ♦iδn(v) ∧ �i
∨v∈Ri(w) δ
n(v))
Finally, δ(w) = δ|W |(w), where |W | is the cardinality of W .
As usual we suppose that the conjunction of an empty set is >, and that thedisjunction of an empty set is ⊥. These formulas resemble Jankov-Fine formulas[3], but do not introduce new atomic propositions as done in the latter.
Example 2 For our example model M we have δ0(w) = p and δ0(w′) = ¬p.For the first level of accessibility we have:
δ1(w) = p ∧ ♦1p ∧�1p ∧ ♦2p ∧ ♦2¬p ∧�2(p ∨ ¬p)
Using valid K-equivalences this simplifies to δ1(w) ≡ p∧♦1p∧�1p∧♦2p∧♦2¬p.Similarly, δ1(w′) ≡ ¬p ∧ ♦1¬p ∧�1¬p ∧ ♦2p ∧ ♦2¬p. For the second level weget:
δ2(w) ≡ p∧♦1p∧�1p∧�1(♦2p∧♦2¬p)∧♦2�1p∧♦2�1¬p∧�2(�1p∨�1¬p)
Similarly for w′:
δ2(w′) ≡ ¬p∧♦1¬p∧�1¬p∧�1(♦2p∧♦2¬p)∧♦2�1p∧♦2�1¬p∧�2(�1p∨�1¬p)
Using the abbreviation
µ = �1(♦2p ∧ ♦2¬p) ∧ ♦2�1p ∧ ♦2�1¬p ∧�2(�1p ∨�1¬p)1As an anonymous reviewer of HyLo’07 pointed out to us, such formulas were already
introduced in [2], and further studied in [7] and the unpublished [6].
5
we thus haveδ(w) = δ2(w) ≡ p ∧ ♦1p ∧�1p ∧ µ
andδ(w′) = δ2(w′) ≡ ¬p ∧ ♦1¬p ∧�1¬p ∧ µ
Clearly, the length of δn(w) is bound by |W |n (keeping Prop and Mod fixed).Hence the size of δ(w) is bound by |W ||W | = 2|W |×log(|W |).
We have the following property:
Lemma 1 (world descriptions are sound) M,w |= δn(w) for every n ≥ 0.
Proof 1 Straightforward by induction on n.
The next definition generalizes bisimulations.
Definition 2 (n-bisimulation) Let Z ⊆ W 2 be a relation between possibleworlds, and let n ∈ IN. We recursively define the property of Z being an n-bisimulation in w and w′, noted Z : M,w ↔
n M,w′:
• Z : M,w ↔0 M,w′ iff wZw′ and val(w) = val(w′);
• Z : M,w ↔n+1 M,w′ iff wZw′, val(w) = val(w′), and for all i ∈ Mod,
– for all v ∈ Ri(w) there is v′ ∈ Ri(w′) such that Z : M,v ↔n M,v′;
(forth condition)– for all v′ ∈ Ri(w′) there is v ∈ Ri(w) such that Z : M,v ↔
n M,v′.(back condition)
Finally we define n-bisimilarity in w and w′, noted M,w ↔n M,w′, as:
M,w ↔n M,w′ iff there exists a n-bisimulation in w and w′, i.e. iff there is a
Z such that Z : M,w ↔n M,w′.2
Truth of formulas of modal depth at most n is invariant under n-bisimulations(where modal depth is as usual the maximal number of nested modal operators).
Lemma 2 (formulas of depth n are invariant under n-bisimulations) IfZ : M,w ↔
n M,w′ then for every ψ with modal depth at most n we have:M,w |= ψ iff M,w′ |= ψ.
Proof 2 Straightforward by induction on n.
Lemma 3 (unions of n-bisimulations are n-bisimulations) If Z1 : M,w ↔n
M,w′ and Z2 : M,w ↔n M,w′ then Z1 ∪ Z2 : M,w ↔
n M,w′.
Proof 3 As stated in [3, Remark 2.26], unions of bisimulations are bisimula-tions. The same holds for n-bisimulations.
2Our definition of an n-bisimulation is different from that in [3, Definition 2.30], whichis in terms of a sequence of bisimulations. Our notion of n-bisimilarity is equivalent to thedefinition there for finite point-generated models.
6
Proposition 1 (δn characterizes n-bisimilarity-invariance) M,w ↔n M,w′
if and only if M,w |= δn(w′).
Proof 4 For the left-to-right direction suppose M,w ↔n M,w′. Therefore there
is some relation Z such that Z : M,w ↔n M,w′. Hence
M,w |= δn(w′) if and only if M,w′ |= δn(w′)by Lemma 2 (because δn(w′) is of modal depth n). Now by Lemma 1 M,w′ |=δn(w′), and so it follows that M,w |= δn(w′).
The right-to-left direction is by induction on n. We prove that for all v andv′,
if M,v |= δn(v′) then there is Z such that Z : M,v ↔n M,v′.Things are clear for n = 0: just take Z = {〈v, v′〉}. Suppose M,v |= δn+1(v′)By definition of δ,
M,v |= δ0(v′) ∧∧
i∈Mod(∧
u′∈Ri(v′) ♦iδn(u′) ∧ �i
∨u′∈Ri(v′) δ
n(u′)).Hence
• for every u′ ∈ Ri(v′) there is u ∈ Ri(v) such that M,u |= δn(u′);
• for every u ∈ Ri(v) there is u′ ∈ Ri(v′) such that M,u |= δn(u′).
By induction hypothesis the back and forth conditions hold for n steps in theaccessible worlds:
• for every u′ ∈ Ri(v′) there is u ∈ Ri(v) and Zu such that Zu : M,u ↔n
M,u′;
• for every u ∈ Ri(v) there is u′ ∈ Ri(v′) and Zu′ such that Zu′ : M,u ↔n
M,u′.
Let Z = {〈v, v′〉} ∪ (⋃
u∈Ri(v) Zu) ∪ (⋃
u′∈Ri(v′) Zu′). By Lemma 3, unions ofn-bisimulations are n-bisimulations. Hence Z : M,v ↔n+1 M,v′.
3.2 Characterizing models
Now we can define a Jankov-Fine-like formula µ(M) characterizing the modelM .
Definition 3 (model descriptions) Let M = 〈W, val, R〉 be any Kripke model.
µ(M) =∧
w∈W
(δ(w) →∧
i∈Mod
(∧
v∈Ri(w)
♦iδ(v) ∧�i
∨v∈Ri(w)
δ(v))
Example 3 For the model M of our running Example 1 we have:
µ(M) = (δ(w) → ♦1δ(w) ∧�1δ(w) ∧ ♦2δ(w) ∧ ♦2δ(w′) ∧�2(δ(w) ∨ δ(w′))) ∧(δ(w′) → ♦1δ(w′) ∧�1δ(w′) ∧ ♦2δ(w) ∧ ♦2δ(w′) ∧�2(δ(w) ∨ δ(w′)))
Lemma 4 (model descriptions are sound) M |= µ(M).
7
Proof 5 We have to prove that for every w,w′ ∈W ,M,w |= δ(w′) →
∧i∈Mod(
∧v′∈Ri(w′) ♦iδ(v′) ∧�i
∨v′∈Ri(w′) δ(v
′)).Suppose M,w |= δ(w′). As δ(w′) = δ|W |(w′), by Proposition 1 there is a Z suchthat Z : M,w ↔|W | M,w′. And by Lemma 2 this |W |-bisimilarity means that
M,w |=∧
i∈Mod(∧
v′∈Ri(w′) ♦iδ(v′) ∧�i
∨v′∈Ri(w′) δ(v
′))if and only if
M,w′ |=∧
i∈Mod(∧
v′∈Ri(w′) ♦iδ(v′) ∧�i
∨v′∈Ri(w′) δ(v
′)).But the latter is the case because M,w′ |= δ(w′) by Lemma 1. (Note that modaldepth of this formula is at most |W |.)
The formula µ(M) is complete in the sense that it determines the truth ofevery formula of the language, given a world description.
Lemma 5 (model descriptions are complete) For every w and every for-mula ψ, either µ(M) |= δ(w)→ ψ or µ(M) |= δ(w)→ ¬ψ.
Proof 6 First, by soundness of world descriptions (Lemma 1) we have M,w |=δ(w), and by soundness of model descriptions (Lemma 4) we have M |= µ(M).Hence we cannot have µ(M) |= δ(w) → ⊥. Therefore the disjunction can onlybe exclusive.
The proof of the inclusive disjunction is by induction on the structure ofthe formula. The cases of atoms, conjunctions and negations are clear. Forformulas of the form �iψ, by induction hypothesis we have µ(M) |= δ(v) → ψor µ(M) |= δ(v)→ ¬ψ for every v ∈W . There are two cases.
1. µ(M) |= δ(v)→ ψ for all v ∈ Ri(w).
Thenµ(M) |= (
∨v∈Ri(w) δ(v))→ ψ.
Thereforeµ(M) |= �i(
∨v∈Ri(w) δ(v))→ �iψ.
As µ(M) |= δ(w)→ �i
∨v∈Ri(w) δ(v) by the definition of µ(M), we get
µ(M) |= δ(w)→ �iψ.
2. There is some v ∈ Ri(v) such that µ(M) |= δ(v)→ ¬ψ.
Thenµ(M) |= �i(δ(v)→ ¬ψ).
As µ(M) |= δ(w)→ ♦iδ(v) by the definition of µ(M), we getµ(M) |= δ(w)→ ¬�iψ.
3.3 Characterizing pointed models
The grande finale is:
Proposition 2 (characterization of pointed models) For every finite modelM and world w in M :
M,w |= ψ if and only if µ(M) |= δ(w)→ ψ.
8
Proof 7 For the right-to-left direction suppose µ(M) |= δ(w) → ψ. As byLemma 1 M |= µ(M) we have M |= δ(w) → ψ. And as M,w |= δ(w) byLemma 1, we have M,w |= ψ.
For the left-to-right direction suppose µ(M) 6|= δ(w) → ψ. By Lemma 5 wemust have µ(M) |= δ(w) → ¬ψ. Then by the left-to-right direction we haveM,w |= ¬ψ.
Corollary 1 (characterization of truth in a model) For every finite modelM :
M |= ψ if and only if µ(M) ∧∨
w∈W δ(w) |= ψ.
Proof 8 The left-to-right direction is straightforward from Proposition 2 (be-cause local consequence implies global consequence).
For the right-to-left direction suppose M 6|= ψ. Then there is some w ∈ Wsuch that M,w 6|= ψ. By Proposition 2 we have µ(M) 6|= δ(w)→ ψ. By Lemma5 we must have µ(M) |= δ(w)→ ¬ψ. Therefore µ(M) ∧
∨w∈W δ(w) 6|= ψ.
4 Characterizing finite models by means of localhypotheses
If we have at our disposal some modal symbol, say +, such that R+ contains thetransitive closure of all other accessibility relations then we can go from globalto local consequence. This follows from the following:
Proposition 3 Suppose + ∈ Mod is a distinguished modality. Suppose M is aset of Kripke models such that in every M ∈M, + is a master modality, i.e. theaccessibility relation R+ contains the transitive closure of all other relations:
(⋃
i∈Mod
Ri)+ ⊆ R+
Then
ϕ |=M ψ if and only if |=M (ϕ ∧�+ϕ)→ ψ.
Proof 9 ϕ |=M ψ means that for every M ∈ M, if M |= ϕ then M |= ψ.W.l.o.g. all the M can be supposed to be point-generated models. For that reasonthe latter is equivalent to:for every M ∈M, if M,v |= ϕ ∧�+ϕ for every world v in M , then M |= ψ.
This means M,v |= (ϕ∧�+ϕ)→ ψ, for every M ∈M and world v in M . Andthe latter is nothing but |=M (ϕ ∧�+ϕ)→ ψ.
It follows in particular that all monomodal logics stronger than K4 allow suchcharacterizations, in particular the logics of common belief common knowledge.
This is not the case for weaker systems. Consider for example the languagewhere Prop = {p} and Mod = {1}, and let M be the models of modal logicK. Take the model M = 〈{u, v}, val, R〉 with val(u) = {p}, val(v) = ∅, andR1(u) = R1(v) = W . Then M,u |= �2n
1 p ∧�2n+11 ¬p for every n ≥ 0, but there
is no formula implying all these formulas.
9
5 Comparison with Baltag’s solution
Baltag’s solution works as follows [8]. Consider a finite Kripke model M =〈W, val, R〉. First, for each couple of distinct worlds w and v, either there is afinite formula Bv(w) such that M,w |= Bv(w) and M,v |= ¬Bv(w), or w and vsatisfy the same modal formulas. In the latter case w and v are identified. In thisway we can suppose that M is bisimulation-contracted. Second, to each possibleworld there is associated a formula B(w) =
∧v∈W,v 6=w Bv(w) characterizing it.
Third, to the model M there is associated the formula
B(M) =∧
w∈W
(B(w)→∧
i∈Mod
(∧
v∈Ri(w)
♦iB(v) ∧�i
∨v∈Ri(w)
B(v)))
Then a ‘state definition lemma’ can be proved saying that M,w |= ψ iffB(M) |= B(w)→ ψ, for any formula ψ.
Example 4 For our running example we have Bw′(w) = B(w) = p and Bw(w′) =B(w′) = ¬p. Then
B(M) = (p → (♦1p ∧�1p ∧ ♦2p ∧ ♦2¬p ∧�2(p ∨ ¬p)) ∧(¬p → (♦1¬p ∧�1¬p ∧ ♦2p ∧ ♦2¬p ∧�2(p ∨ ¬p))
which simplifies to (♦2p∧♦2¬p)∧ (p→ (♦1p∧�1p))∧ (¬p→ (♦1¬p∧�1¬p)).
It remains to determine the size of the difference formulas B(w).
Proposition 4 Let M = (W, val, R) be a finite model. For all x, x′ ∈ W , if(M,x) and (M,x′) are not bisimilar then there exist modal formulas φ1(x, x′)and φ2(x, x′) such that M,x |= φ1(x, x′) ∧ ¬φ2(x, x′) and M,x′ |= ¬φ1(x, x′) ∧φ2(x, x′).
Proof 10 Let us consider the following set of new Boolean variables:
• BV = {p(x, x′): x, x′ ∈W}.
We associate to the model M three sets P 1M , P 2
M and P 3M of Horn clauses in
the Boolean language defined by BV as follows. First, let P 1M be the set of all
clauses of the formp(x, x′)←
where x, x′ ∈ W are such that for some p ∈ PROP , either x ∈ val(p) andx′ 6∈ val(p) or x 6∈ val(p) and x′ ∈ val(p). Second, let P 2
M be the set of allclauses of the form
p(x, x′)← p(y, y′1), . . . , p(y, y′n)
where x, x′, y, y′1, . . . , y′n ∈ W are such that xRy and R(x′) = {y′1, . . . , y′n}.
Third, let P 3M be the set of all clauses of the form
p(x, x′)← p(y1, y′), . . . , p(yn, y′)
10
where x, x′, y1, . . . , yn, y′ ∈W are such that R(x) = {y1, . . . , yn} and x′Ry′. Let
PM = P 1M ∪ P 2
M ∪ P 3M . Obviously, PM is a finite set of Horn clauses in the
Boolean language defined by BV . Let I0M , I1
M , . . . be the sequence of subsets ofBV defined as follows:
• I0M = ∅,
• for all k ≥ 0, Ik+1M = {p ∈ BV : there exists a clause p ← q1, . . . , qn in
PM such that {q1, . . . , qn} ⊆ IkM}.
Remark that I0M ⊆ I1
M ⊆ . . .. Let IM = I0M ∪ I1
M ∪ . . .. It is a well-known factthat IM is the least model of PM . See [5] for details. Now, for all p(x, x′) ∈ IM ,we define the modal formulas φ1(x, x′) and φ2(x, x′) as follows by induction onthe least k ≥ 0 such that p(x, x′) ∈ Ik
M . Since I0M = ∅, then k ≥ 1. We consider
the cases k = 1 and k ≥ 2. If k = 1 then p(x, x′) ∈ I1M . Hence, the clause
p(x, x′)← belongs to PM . If the clause p(x, x′)← belongs to P 1M then let
• φ1(x, x′) be the conjunction of all literals based on PROP that are true atx in M ,
• φ2(x, x′) be the conjunction of all literals based on PROP that are true atx′ in M .
If the clause p(x, x′) ← belongs to P 2M then let φ1(x, x′) be ♦>, and φ2(x, x′)
be �⊥. If the clause p(x, x′) ← belongs to P 3M then let φ1(x, x′) be �⊥, and
φ2(x, x′) be ♦>. If k ≥ 2 then either there exists y, y′1, . . . , y′n ∈ W such that
xRy, R(x′) = {y′1, . . . , y′n} and{p(y, y′1), . . . , p(y, y′n)} ⊆ Ik−1
M ,or there exists y1, . . . , yn, y
′ ∈W such that R(x) = {y1, . . . , yn}, x′Ry′ and{p(y1, y′), . . . , p(yn, y
′)} ⊆ Ik−1M .
In the former case, let
• φ1(x, x′) be ♦(φ1(y, y′1) ∧ . . . ∧ φ1(y, y′n)),
• φ2(x, x′) be �(φ2(y, y′1) ∨ . . . ∨ φ2(y, y′n)).
In the latter case, let
• φ1(x, x′) be �(φ1(y, y′1) ∨ . . . ∨ φ1(y, y′n)),
• φ2(x, x′) be ♦(φ2(y, y′1) ∧ . . . ∧ φ2(y, y′n)).
The reader may easily verify by induction on the least k ≥ 0 such that p(x, x′) ∈IkM that M,x |= φ1(x, x′) ∧ ¬φ2(x, x′) and M,x′ |= ¬φ1(x, x′) ∧ φ2(x, x′). Now,
consider the binary relation Z on W defined by
• xZx′ iff p(x, x′) 6∈ IM .
The reader may easily verify that if Z is nonempty then Z is a bisimulation.Let x, x′ ∈ W be such that (M,x) and (M,x′) are not bisimilar. Thus, notxZx′. Consequently, p(x, x′) ∈ IM . Therefore, M,x |= φ1(x, x′) ∧ ¬φ2(x, x′)and M,x′ |= ¬φ1(x, x′) ∧ φ2(x, x′).
Let us remark that the length of both φ1(x, x′) and φ2(x, x′) is inO(2|W |×|W |).
11
6 Conclusion
We have investigated how finite Kripke models can be characterized within thestandard language of modal logic, without employing the much easier strategyof extending the modal language by nominals. The method that we have mainlyinvestigated here iteratively describes a possible world by the conjunction of thedescription of its valuations and the description of its successors via the acces-sibility relation. The key observation is that one may stop after |W | iterations,where |W | is the cardinality of the set of possible worldsW . We have shown thatwhile nominals allow for descriptions that are polynomial in |W |, the methodsdoing without nominals generate descriptions exponential in |W |.
References
[1] Alexandru Baltag and Lawrence S. Moss. Logics for epistemic programs.Synthese, 139(2):165–224, 2004.
[2] Jon Barwise and Larry Moss. Vicious Circles. CSLI Publications, Stanford,1997.
[3] Patrick Blackburn, Maarten de Rijke, and Yde Venema. Modal Logic. Cam-bridge Tracts in Theoretical Computer Science. Cambridge University Press,2001.
[4] Hirofumi Katsuno and Alberto O. Mendelzon. Propositional knowledge baserevision and minimal change. Artificial Intelligence, 52:263–294, 1991.
[5] John W. Lloyd. Foundations of Logic Programming, 2nd Edition. SpringerVerlag, 1987.
[6] Lawrence S. Moss. Finite models constructed from canonical formulas.http://www.indiana.edu/∼iulg/moss/.
[7] Lawrence S. Moss. Coalgebraic logic. J. of Pure and Applied Logic, 96(1-3):277–317, 1999.
[8] Johan van Benthem. One is a lonely number: on the logic of communication.In Z. Chatzidakis, P. Koepke, and W. Pohlers, editors, Logic Colloquium’02,pages 96–129. ASL & A.K. Peters, Wellesley MA, 2006. Tech Report PP-2002-27, ILLC Amsterdam (2002).
12
Deep Inference for Hybrid Logic
Lutz Straßburger
INRIA Futurs, Projet Parsifal
Ecole Polytechnique — LIX — Rue de Saclay — 91128 Palaiseau Cedex — Francehttp://www.lix.polytechnique.fr/~lutz
Abstract. This paper describes work in progress on using deep inference for design-ing a deductive system for hybrid logic. We will see a cut-free system and prove itssoundness and completeness. An immediate observation about the system is that thereis no need for additional rewrite rules as in Blackburn’s tableaux, nor substitutionrules as in Seligman’s sequent system.
1 Introduction
The point of hybrid logics is to internalize constructs of the meta level into the syntax ofthe object level. This idea has been employed in the case of modal logics whose semantics isusually given in terms of Kripke-frames. While the ordinary modalities 2 and 3 do only haveaccess to points in the frame which are reachable from the current point, the hybrid languagehas full access to every single point in the frame.1 This leads to an increased expressivity(e.g., we can now speak about irreflexive reachability relations) without loss in complexity(satisfiability remains PSPACE-complete) [Bla00].
Such an enrichment of the language imposes certain challenges to the deductive system.For example the sequent calculus system proposed by Seligman in [Sel97] needs substitutionrules which act globally on the sequent, the tableau system by Tzakova [Tza99] (see also[BB06]) needs to use prefixes, and the tableau system introduced by Blackburn [Bla00] needsadditional rewrite rules which have a different behaviour than usual tableau rules.
The actual reason for the necessity of these alien constructs in the deductive systems isthat the meta language of the deductive formalism (here sequent calculus and tableaux) isdifferent from the meta language of the logic (here hybrid modal logic). Whenever there issuch a discrepancy between the two meta languages, one has to expect difficulties in designinga concrete deductive system for the logic in question. The bigger the discrepancies, the biggerthe difficulties. Another well-known example of such a situation is the modal logic S5, forwhich there is no cut-free sequent system, unless one resorts to constructs like hypersequents,higher arity sequents, displayed sequents, or the usage of a hybrid language (see [Sto04] fora survey).
However, recently a new deductive formalism, called the calculus of structures, has beenintroduced, which has no “built-in meta language” because it collapses object and metalevel. This collapse is achieved by the consequent use of deep inference: the inference rulesdo not work on the root connective of the formula in question, but can do arbitrary rewritingdeep inside the formulas. This simple idea has been successful for various logics imposingproblems on the sequent calculus, e.g., non-commutative logics [Gug07,DG04] and variousmodal logics [SS05], including S5 [Sto04].
Given this success together with the first sentence of this introduction, one should expectthat the calculus of structures provides the right formalism for dealing with hybrid logics.1 Strictly speaking, only the named points in a model are accessible. But since a formula is a finite
object, it can directly speak about only a finite number of points in the model, and each of themcan be given a name.
13
The purpose of this work is to investigate to what extend these expectations can be fulfilled.We are going to carry out the exercise of producing a cut-free deductive system for hybridlogic employing deep inference.
2 Formulas and Inference Rules
The syntax that we use here is a hybrid between the one used by Blackburn in [Bla00] andthe one usually used for deep inference systems (e.g., [BT01,GS01]). We start from two sets ofprimitives, the set V = {a, b, c, . . .} of propositional variables, and the set N = {s, r, u, . . .}of nominals. The elements of the set A = V ∪ N are called atoms. The set F of formulasis generated by the grammar:
F ::= A | A | f | t | [F ,F ] | (F ∧F ) | 3F | 2F | 〈N :F 〉
The elements of the set F are denoted by capital Latin letters (A, B, C, . . . ). The formula[A,B ] denotes the disjunction of A and B, and the formula (A∧B) denotes the conjunctionof A and B. The constants f and t stand for falsum and truth, respectively. The 2 and 3 arethe usual modalities. The difference to usual modal logics lies in the formulas of the shape〈s:A〉, where the left subformula has to be a nominal. Informally speaking, the meaning isthat “A is true in state s”.
Note that the negation (−) is defined a priory only on atoms, but via the usual De Morganequations we can define negation for all formulas:
f = t 3A = 2A [A,B ] = (B ∧ A)
t = f 2A = 3A (A ∧B) = [B, A]¯a = a ¯s = s 〈s:A〉 = 〈s: A〉
It follows immediately that ¯A = A for all formulas A. An implication A → B is encoded vianegation and disjunction as [A, B ].
We are now ready to see the inference rules. Figure 1 shows the rules of system BH↓. Theletters B and H stand for “Basic Hybrid logic”, and the ↓ indicates that we have here the socalled down fragment, which represents the cut-free version of the system.2 We can obtainthe full system by adding to each rule its up-version, which is obtained by negating andexchanging premise and conclusion of the rule [Bru03,Str03]. The resulting system BH↓↑ isshown in Figure 2. The inference rules in Figures 1 and 2 are (almost) all of the shape
S{A}ρ
S{B}.
They should be read as usual term rewriting rules A → B that can be applied anywhereinside a formula context S{ }. Only the rules v↓ and v↑ are of different shape. They canbe applied only in contexts of a special shape. They also have the side condition that thenominal v may not appear anywhere else in the formula. A derivation ∆, denoted by
P
S ‖‖ ∆
Q
is a rewriting path using the inference rules in S starting with P and ending with Q. Theformula P is called the premise of ∆, and Q is the conclusion of ∆. A proof of a formula
2 This ↓ should not be confused with the binding operator ↓x.
14
S{t}ai↓
S{[a, a]}S{A}
t↓S{(A ∧ t)}
S{A}f↓
S{[A, f ]}
S{(A ∧ [B, C ])}s
S{[(A ∧ B), C ]}S{[B, A]}
σ↓S{[A, B ]}
S{[A, [B, C ] ]}α↓
S{[ [A, B ], C ]}
S{f}w↓
S{A}S{[A, A]}
c↓S{A}
S{t}e2↓
S{2t}S{2[A, B ]}
k2↓S{[2A, 3B ]}
S{t}e:↓
S{〈s: t〉}S{〈s: [A, B ]〉}
k:↓S{[〈s: A〉, 〈s: B〉]}
S{〈s: A〉}n↓
S{[s, A]}S{〈s: A〉}
n2↓S{2〈s: A〉}
S{〈s: A〉}n:↓
S{〈r: 〈s: A〉〉}
S{t}r↓
S{〈s: s〉}S{〈r: s〉}
σn↓S{〈s: r〉}
S{〈s: 2u〉}b↓
S{[〈s: 2r〉, 〈r: u〉]}
(C ∧ [ [〈s: 2v〉, 〈v: A〉], B ] ∧ D)v↓
(C ∧ [〈s: 2A〉, B ] ∧ D)
v does notappear in A,B, C, nor D
Fig. 1. System BH↓
Q is a derivation with premise t and conclusion Q, and a refutation of a formula P is aderivation with premise P and conclusion f . By the up-down duality of the rules in BH↓↑,every refutation of a formula P in BH↑ corresponds to a proof of P in BH↓, and vice versa.Figure 3 shows an example of a proof in system BH↓. Its conclusion is the formula
[s:2[r, A], s:2[r, B ], s:3(A ∧B)] (1)
where A and B can be arbitrary formulas. The formula (1) might be more familiar to thereader acquainted with hybrid logic, when it written as implication
s:3(r ∧A), s:3(r ∧B) → s:3(A ∧B) (2)
where the comma on the left has to be read as conjunction. Informally speaking, the for-mula (2) says that if for a state s there are a reachable state in which r and A hold and areachable state in which r and B hold, then there is a reachable state in which A and Bhold. This formula is valid in hybrid logic because for each nominal r there is exactly onestate in which r holds. The proof in Figure 3 is the result of translating the sequent proofgiven in [Bla00, Section 8] into BH↓.
In order to ease readability, we used in the proof in Figure 3 the following syntacticconventions:
– Sometimes we omit the context parentheses for formulas s:A.– We omit instances of the rule α↓, and omit nested [. . .] brackets. Sometimes we also
leave the rule σ↓ implicit.
15
S{t}ai↓
S{[a, a]}S{(a ∧ a)}
ai↑S{f}
S{(A ∧ [B, C ])}s
S{[(A ∧ B), C ]}
S{[B, A]}σ↓
S{[A, B ]}S{[A, [B, C ] ]}
α↓S{[ [A, B ], C ]}
S{(A ∧ (B ∧ C))}α↑
S{((A ∧ B) ∧ C)}S{(A ∧ B)}
σ↑S{(B ∧ A)}
S{A}t↓
S{(A ∧ t)}S{A}
f↓S{[A, f ]}
S{(t ∧ A)}f↑
S{A}S{[f , A]}
t↑S{A}
S{f}w↓
S{A}S{[A, A]}
c↓S{A}
S{A}c↑
S{(A ∧ A)}S{A}
w↑S{t}
S{t}e2↓
S{2t}S{2[A, B ]}
k2↓S{[2A, 3B ]}
S{(2A ∧ 3B)}k2↑
S{3(A ∧ B)}S{3f}
e2↑S{f}
S{t}e:↓
S{〈s: t〉}S{〈s: [A, B ]〉}
k:↓S{[〈s: A〉, 〈s: B〉]}
S{(〈s: A〉 ∧ 〈s: B〉)}k:↑
S{〈s: (A ∧ B)〉}S{〈s: f〉}
e:↑S{f}
S{〈s: A〉}n↓
S{[s, A]}S{(s ∧ A)}
n↑S{〈s: A〉}
S{〈s: A〉}n2↓
S{2〈s: A〉}S{〈s: A〉}
n:↓S{〈r: 〈s: A〉〉}
S{〈r: 〈s: A〉〉}n:↑
S{〈s: A〉}S{3〈s: A〉}
n2↑S{〈s: A〉}
S{t}r↓
S{〈s: s〉}S{〈r: s〉}
σn↓S{〈s: r〉}
S{〈r: s〉}σn↑
S{〈s: r〉}S{〈s: s〉}
r↑S{f}
S{〈s: 2u〉}b↓
S{[〈s: 2r〉, 〈r: u〉]}S{(〈s: 3r〉 ∧ 〈r: u〉)}
b↑S{〈s: 3u〉}
(C ∧ [ [〈s: 2v〉, 〈v: A〉], B ] ∧ D)v↓
(C ∧ [〈s: 2A〉, B ] ∧ D)
[C, (〈s: 3A〉 ∧ B), D]v↑
[C, ((〈s: 3v〉 ∧ 〈v: A〉) ∧ B), D]
in the rules v↓ and v↑, the nominal v must not occur in any of A, B, C, or D
Fig. 2. System BH↓↑
– Sometimes we apply two rules at once to save space, e.g., c↓; c↓ means that there aretwo applications of c↓.
– We mark the redex of each rule application when read from bottom to top with a graybackground.
We also use the rules
S{t}i↓
S{[A, A]}and
S{(A ∧ A)}i↑
S{f}(3)
which are the non-atomic versions of ai↓ and ai↑. One can easily show by induction onthe structure of A, that i↓ is derivable in BH↓, and dually, i↑ is derivable in BH↑. For the
16
te:↓
r: ti↓
r: [A, A]t↓
r: [A, (A ∧ t) ]i↓
r: [A, (A ∧ [B, B ] )]s
r: [A, B, (A ∧ B) ]k:↓
[r: A, r: [B, (A ∧ B)] ]k:↓
[r: A, r: B, r: (A ∧ B) ]n:↓
[r: A, r: B, s: 〈r: (A ∧ B)〉 ]n2↓
[r: A, r: B, s: 2〈r: (A ∧ B)〉 ]n↓
[r: A, r: B, s: 2 [r, (A ∧ B)] ]k2↓
[r: A, r: B, s: [2r, 3(A ∧ B)] ]k:↓
[r: A, r: B, s: 2r, s: 3(A ∧ B) ]σ↓
[s: 2r, r: A, r: B , s: 3(A ∧ B)]f↓
[s: 2r, r: A, f , r: B, s: 3(A ∧ B)]w↓
[s: 2r, r: A, s: 2v, v: r , r: B, s: 3(A ∧ B)]n:↓; n:↓
[s: 2r, u: r: A, s: 2v, v: r, v: r: B , s: 3(A ∧ B)]n↓; n↓
[s: 2r, u: [r, A] , s: 2v, v: r, v: [r, B ] , s: 3(A ∧ B)]b↓
[s: 2u, u: r , u: [r, A], s: 2v, v: r, v: [r, B ], s: 3(A ∧ B)]f↓; f↓
[s: 2u, u: [r, f ] , u: [r, A], s: 2v, v: [r, f ] , v: [r, B ], s: 3(A ∧ B)]w↓;w↓
[s: 2u, u: [r, A ], u: [r, A], s: 2v, v: [r, B ], v: [r, B ], s: 3(A ∧ B)]c↓; c↓
[s: 2u, u: [r, A] , s: 2v, v: [r, B ] , s: 3(A ∧ B)]v↓
[s: 2u, u: [r, A], s: 2[r, B ] , s: 3(A ∧ B)]v↓
[s: 2[r, A] , s: 2[r, B ], s: 3(A ∧ B)]
Fig. 3. Example of a proof in BH↓
convenience of the reader, we show the inductive cases for i↑:
(t ∧ f)f↑
f
((A ∧B) ∧ [B, A])α↑
(A ∧ (B ∧ [B, A]))s
(A ∧ [(B ∧ B), A])i↑
(A ∧ [f , A])t↑
(A ∧ A)i↑
f
(2A ∧3A)k2↑
3(A ∧ A)i↑
3fe2↑
f
(s:A ∧ s: A)k:↑
s: (A ∧ A)i↑
s: fe:↑
f
3 Soundness and Completeness
We assume the reader to be familiar with the standard Kripke semantics for hybrid logic andabstain from repeating the definition here, since we will not need it anyway. For showingsoundness and completeness of system BH with respect to the Kripke semantics, we willrefer to Blackburn’s tableau system, for which soundness and completeness has been shownin [Bla00]. More precisely, we show that a formula P has a finite closed tableau if and onlyif there is a refutation for P in BH↑ ∪ {k:↓}. For this, observe that any tableau τ can bewritten as a formula F (τ) of the shape
[(A11 ∧A12 ∧ · · · ∧A1m1), (A21 ∧A22 ∧ · · · ∧A2m2), . . . , (An1 ∧An2 ∧ · · · ∧Anmn)] (4)
17
with a subformula (Ai1∧Ai2∧· · ·∧Aimi) for each branch in the tableau where Ai1, . . . , Aimi
are all formulas occurring in the branch.
3.1 Theorem (Soundness) If there is a proof
t
BH↓↑ ‖‖ ∆
Q
then the formula Q is valid.
Proof: For the rules of the shapeS{A}
ρS{B}
(5)
it suffices to show that A → B is a valid implication. We leave this as an exercise to thereader. By induction on S{ } we can then show that S{A} → S{B} is a valid implication.Then by induction on the length of ∆, we get validity of Q. It remains to show that alsothe rules v↓ and v↑, which do not follow the pattern in (5), are sound in a weak sense.(Note that v↓ and v↑ are not sound in the strong sense that premise implies conclusion, asit is the case with all other rules.) However, note that the rule v↑ is precisely Blackburn’stableau rule for 3. Hence, soundness follows immediately. Then the soundness of v↓ followsby duality. ut
3.2 Theorem (Completeness) If a formula Q is valid, then there is a proof
t
BH↓ ∪ {k:↑} ‖‖ ∆
Q
.
Proof: First, we are going to show that if there is a closed tableau τ for a formula P , thenthere is a refutation in BH↑ for P , that has the following shape:
P
BH↑ ∪ {k:↓} ‖‖ ∆1
F (τ)
BH↑ ‖‖ ∆2
f
where F (τ) is the formula associated to the tableau τ , as shown in (4). Since τ is closed,the derivation ∆2 can be obtained by first applying w↑ and f↑ to to transform F (τ) into aformula
[(A1 ∧ A1), (A2 ∧ A2), . . . , (An ∧ An)]
which is easily refuted by applying i↑ and t↑. So, let us now concentrate on ∆1. We proceedby induction on the size of τ and make a case analysis on the tableau rules, as presentedin [Bla00]. The rules involving negation are vacuous because we have pushed negation tothe atoms.
– The tableau rule [∧] is simulated by
[C1, (〈s: (A ∧B)〉 ∧ C2), C3 ]c↑; c↑
[C1, (〈s: (A ∧B)〉 ∧ 〈s: (A ∧B)〉 ∧ 〈s: (A ∧B)〉 ∧ C2), C3 ]w↑;w↑
[C1, (〈s: (A ∧ t)〉 ∧ 〈s: (t ∧B)〉 ∧ 〈s: (A ∧B)〉 ∧ C2), C3 ]f↑; f↑
[C1, (〈s:A〉 ∧ 〈s:B〉 ∧ 〈s: (A ∧B)〉 ∧ C2), C3 ]
18
– The tableau rule [∨] is simulated by
[C1, (〈s: [A,B ]〉 ∧ C2), C3 ]c↑; c↑
[C1, (〈s: [A,B ]〉 ∧ 〈s: [A,B ]〉 ∧ C2 ∧ 〈s: [A,B ]〉 ∧ C2), C3 ]k:↓
[C1, ([s:A, s:B ] ∧ 〈s: [A,B ]〉 ∧ C2 ∧ 〈s: [A,B ]〉 ∧ C2), C3 ]s
[C1, ([〈s:A〉, (〈s:B〉 ∧ 〈s: [A,B ]〉 ∧ C2)] ∧ 〈s: [A,B ]〉 ∧ C2), C3 ]s
[C1, (〈s:A〉 ∧ 〈s: [A,B ]〉 ∧ C2), (〈s:B〉 ∧ 〈s: [A,B ]〉 ∧ C2), C3 ]
– The tableau rule [: ] is simulated by
[C1, (〈s: 〈r:A〉〉 ∧ C2), C3 ]c↑
[C1, (〈s: 〈r:A〉〉 ∧ 〈s: 〈r:A〉〉 ∧ C2), C3 ]n:↑
[C1, (〈r:A〉 ∧ 〈s: 〈r:A〉〉 ∧ C2), C3 ]
– The tableau rule [3] is simulated by
[C1, (〈s:3A〉 ∧ C2), C3 ]c↑
[C1, (〈s:3A〉 ∧ 〈s:3A〉 ∧ C2), C3 ]v↑
[C1, (〈s:3v〉 ∧ 〈v:A〉 ∧ 〈s:3A〉 ∧ C2), C3 ]
– The tableau rule [2] is simulated by
[C1, (〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]c↑
[C1, (〈s:2A〉 ∧ 〈s:3r〉 ∧ 〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]k:↑
[C1, (〈s: (2A ∧3r)〉 ∧ 〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]k2↑
[C1, (〈s:3(A ∧ r)〉 ∧ 〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]σ↑; n↑
[C1, (〈s:3〈r:A〉〉 ∧ 〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]n2↑
[C1, (〈s: 〈r:A〉〉 ∧ 〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]n:↑
[C1, (〈r:A〉 ∧ 〈s:2A〉 ∧ 〈s:3r〉 ∧ C2), C3 ]
– For simulating the tableau rule [Ref], we have to observe that introducing a formula〈s: s〉 does only make sense if that branch is eventually closed by the pair 〈s: s〉 and〈s: s〉. In our simulation this would be mimicked by an instance of i↑:
S{(〈s: s〉 ∧ 〈s: s〉)}i↑
S{f}
Due to deep inference, we can take a shortcut by skipping the introduction of 〈s: s〉 andreplacing the instance of i↑ by
S{〈s: s〉}r↑
S{f}
– The tableau rule [Sym] is simulated by
[C1, (〈s: r〉 ∧ C2), C3 ]c↑
[C1, (〈s: r〉 ∧ 〈s: r〉 ∧ C2), C3 ]σn↑ [C1, (〈r: s〉 ∧ 〈s: r〉 ∧ C2), C3 ]
19
– The tableau rule [Nom] is simulated by
[C1, (〈s: r〉 ∧ 〈r:A〉 ∧ C2), C3 ]c↑
[C1, (〈s: r〉 ∧ 〈r:A〉 ∧ 〈s: r〉 ∧ 〈r:A〉 ∧ C2), C3 ]σn↑ [C1, (〈r: s〉 ∧ 〈r:A〉 ∧ 〈s: r〉 ∧ 〈r:A〉 ∧ C2), C3 ]k:↑
[C1, (〈r: (s ∧A)〉 ∧ 〈s: r〉 ∧ 〈r:A〉 ∧ C2), C3 ]n↑
[C1, (〈r: 〈s:A〉〉 ∧ 〈s: r〉 ∧ 〈r:A〉 ∧ C2), C3 ]n:↑
[C1, (〈s:A〉 ∧ 〈s: r〉 ∧ 〈r:A〉 ∧ C2), C3 ]
– Finally, the tableau rule [Bridge] is simulated by
[C1, (〈s:3r〉 ∧ 〈r:u〉 ∧ C2), C3 ]c↑
[C1, (〈s:3r〉 ∧ 〈r:u〉 ∧ 〈s:3r〉 ∧ 〈r:u〉 ∧ C2), C3 ]b↑
[C1, (〈s:3u〉 ∧ 〈s:3r〉 ∧ 〈r:u〉 ∧ C2), C3 ]
Now we can complete our proof as follows: For a valid formula Q we have by Blackburn’scompleteness result a closed tableau for 〈s: Q〉 where s is a nominal not appearing in Q. Byour simulation we get a refutation ∆ in BH↑∪ {k:↓} of 〈s: Q〉. Since s does not appear in Q,this refutation ∆ remains correct, if we remove s everywhere in ∆. It can only happen thatsome rule instances become vacuous, for example,
S{(〈s:A〉 ∧ 〈s:B〉)}k:↑
S{〈s: (A ∧B)〉}becomes
S{(A ∧B)}k:↑
S{(A ∧B)},
which we can remove. This yields a refutation of Q in BH↑ ∪ {k:↓}. By dualizing it, we geta proof of Q in BH↓ ∪ {k:↑}. ut
3.3 Remark We used here Blackburn’s tableau system for showing completeness. How-ever, we could equally well have used Seligman’s sequent system, which is in spirit closer tothe system of this paper (see e.g. [Bru03,Str03] for translation between sequent calculus andcalculus of structures).3 We have chosen here Blackburn’s tableau because his completenessproof is easy accessible and his system is small (and hence our proof is short).
4 Discussion
The system BH proposed in this short note has two serious design flaws, which indicate thatthe last word on deep inference for hybrid logic is not yet spoken. Let us briefly discussthem:
1. It is rather annoying that we have a completeness proof only for BH↓ ∪ {k:↑} instead ofpure BH↓. This means we do not have the strong cut elimination result usually associatedto a deep inference system, namely, that the whole up-fragment is admissible. However,in a weak sense BH↓ ∪ {k:↑} can still be considered cut-free. Furthermore, I conjecturethat BH↓ without k:↑ is already complete, and that the need for k:↑ in this paper iscaused only by the rather naive method of proving completeness. (Note that the proofin Figure 3 does not need k:↑, although the naive translation from the sequent calculuswould introduce it.)
3 It is in fact a common property of deep inference deductive systems that they can p-simulatemost other deductive systems, e.g., Frege-Hilbert systems, sequent calculus, natural deduction,resolution, and tableaux. See also [BG07].
20
te:↓
r: ti↓
r: [A, A]t↓
r: [A, (A ∧ t) ]i↓
r: [A, (A ∧ [B, B ] )]s
r: [A, b, (A ∧ B) ]k:↓
[r: A, r: [B, (A ∧ B)] ]k:↓
[r: A, r: B, r: (A ∧ B) ]n:↓
[r: A, r: B, s: 〈r: (A ∧ B)〉 ]n2↓
[r: A, r: B, s: 2〈r: (A ∧ B)〉 ]n↓
[r: A, r: B, s: 2 [r, (A ∧ B)] ]k2↓
[r: A, r: B, s: [2r, 3(A ∧ B)] ]k:↓
[r: A, r: B, s: 2r, s: 3(A ∧ B) ]σ↓
[s: 2r, r: A, r: B , s: 3(A ∧ B)]n:↓; n:↓
[s: 2r, s: 〈r: A〉, s: 〈r: B〉, s: 3(A ∧ B)]n2↓; n2↓
[s: 2r, s: 2〈r: A〉, s: 2〈r: B〉, s: 3(A ∧ B)]n↓; n↓
[s: 2r, s: 2 [r, A] , s: 2 [r, B ] , s: 3(A ∧ B)]f↓
[s: 2 [r, f ] , s: 2[r, A], s: 2[r, B ], s: 3(A ∧ B)]w↓
[s: 2[r, A ], s: 2[r, A], s: 2[r, B ], s: 3(A ∧ B)]c↓
[s: 2[r, A] , s: 2[r, B ], s: 3(A ∧ B)]
Fig. 4. A proof of (1) in BH↓ without using v↓
2. The more serious flaw lies in the presence of the rules v↓ and v↑. They are clearly notof the “deep inference kind”. And since they do not incorporate proper implications, wedo not have the strong result
P
BH↓↑ ‖‖Q
iff
t
BH↓ ‖‖[P , Q]
iffThe formula P → Qis a valid implicationof the logic.
(6)
which would state at the same time soundness, completeness, cut elimination, and thededuction theorem. It is therefore an important problem for future research to find aproper deep inference replacement for v↓ and v↑, or to show that these rules are notneeded for completeness. That this might very well be possible shows the example inFigure 4, which proves the same formula as the proof in Figure 3, but without using v↓.It seems that the rules v↓ and v↑ are artifacts of sequent calculus and tableaux, and arepresent in this paper only because of the naive completeness proof.4
This leads to the following conjecture. Let BH′↓ = BH↓ \ v↓.
4.1 Conjecture The system BH′↓ is complete for basic hybrid logic.
At the moment, I see two possible ways of proving it. Either, we repeat Blackburn’sconstruction via Hintikka sets for BH′↓, or, we resort to a syntactic cut elimination proof4 On the other hand, one should note the rules v↓ and v↑ could be read as the quantification
that takes place in the interpretation of the modalities in the Kripke-semantics. Since there arewell-behaved deep inference rules for the quantifiers [Bru03], one can at least expect a properdeep inference version of v↓ and v↑ without side condition.
21
as done in [Bru03,Str03,Gug07]. As a corollary we would then get the statement in (6) forBH′↓.
Furthermore, it would in principle be possible to use BH′↓ for proving decidability: theonly rules in BH↓ that increase the size of the formula (while going up in the derivation)are the rules v↓ and c↓; and contraction can be put under control by incorporating it in theother inference rules, as it is usually done in the sequent calculus.
5 Conclusion
We have seen a rough outline of a deep inference system for basic hybrid logic. For provingcompleteness, we used the up-fragment to simulate tableaux. We could also have used thedown-fragment to simulate sequent calculus (and would have encountered the same problemsas already mentioned in the previous section).
Although we discussed here only basic hybrid logic, it should be clear that the systemBH can straightforwardly be extended
– by adding inference rules to restrict the logic to certain frame classes, for example
S{33s}4↓
S{3s}and
S{2s}4↑
S{22s}
for transitive frames (see [SS05] for details), and– by adding the binder ↓x for labels.
References
[BB06] Thomas Bolander and Torben Brauner. Tableau-based decision procedures for hybrid logic.Journal of Logic and Computation, 16(6):737–763, 2006.
[BG07] Paola Bruscoli and Alessio Guglielmi. On the proof complexity of deep inference. In Proof,Computation, Complexity (PCC 2007), 2007.
[Bla00] Patrick Blackburn. Internalizing labelled deduction. Journal of Logic and Computation,10(1):137–168, 2000.
[Bru03] Kai Brunnler. Deep Inference and Symmetry for Classical Proofs. PhD thesis, TechnischeUniversitat Dresden, 2003.
[BT01] Kai Brunnler and Alwen Fernanto Tiu. A local system for classical logic. In R. Nieuwenhuisand A. Voronkov, editors, LPAR 2001, volume 2250 of LNAI, pages 347–361. Springer-Verlag, 2001.
[DG04] Pietro Di Gianantonio. Structures for multiplicative cyclic linear logic: Deepness vs cyclicity.In Jerzy Marcinkowski and Andrzej Tarlecki, editors, Computer Science Logic, CSL 2004,volume 3210 of Lecture Notes in Computer Science, pages 130–144. Springer-Verlag, 2004.
[GS01] Alessio Guglielmi and Lutz Straßburger. Non-commutativity and MELL in the calculus ofstructures. In Laurent Fribourg, editor, Computer Science Logic, CSL 2001, volume 2142of LNCS, pages 54–68. Springer-Verlag, 2001.
[Gug07] Alessio Guglielmi. A system of interaction and structure. ACM Transactions on Compu-tational Logic, 8(1), 2007.
[Sel97] Jerry Seligman. The logic of correct description. In M. de Rijke, editor, Advances inIntensional Logic, Applied Logic Series, pages 107–135. Kluwer, 1997.
[SS05] Charles Stewart and Phiniki Stouppa. A systematic proof theory for several modal logics.In R. A. Schmidt, I. Pratt-Hartmann, M. Reynolds, and H. Wansing, editors, Advances inModal Logic, Volume 5, pages 309–333. King’s College Publications, 2005.
[Sto04] Finiki Stouppa. The design of modal proof theories: the case of S5. Master’s thesis, Tech-nische Universitat Dresden, 2004.
[Str03] Lutz Straßburger. Linear Logic and Noncommutativity in the Calculus of Structures. PhDthesis, Technische Universitat Dresden, 2003.
[Tza99] Miroslava Tzakova. Tableau calculi for hybrid logics. In N. V. Murray, editor, AutomatedReasoning with Analytic Tableaux and Related Methods, TABLEAUX’99, volume 1617 ofLNAI, pages 278–292. Springer-Verlag, 1999.
22
Logics with modalities corresponding to infinite unions andintersections of accessibility relations
Natasha Alechina, Philippe Balbiani and Dmitry Shkatov
Abstract
We consider multi-modal logics interpreted over edge-labelled graphs with modalities 〈#〉 and 〈∩〉,where 〈#〉ϕ means ‘ϕ is accessible by an edge with some label’ and 〈∩〉ϕ means ‘ϕ is accessible byan edge with any label’ . In a logic with finitely many edge labels, 〈#〉 is definable, but if the set oflabels is infinite, it is an independent modality. 〈∩〉 is not definable in standard multi-modal logics. Weaxiomatise multi-modal K, deterministic multi-modal K, and PDL with converse and a single nominal,extended with 〈#〉 and 〈∩〉.
1 Introduction
In this paper, we consider multi-modal logics interpreted over edge-labelled graphs with modalities 〈#〉and 〈∩〉, where 〈#〉ϕ means ‘ϕ is accessible by an edge with some label’, and 〈∩〉ϕ means ‘ϕ is accessibleby an edge with any label’.
Our interest in the 〈#〉 modality was originally motivated by applications to modelling semi-structureddata, such as data on the Web [1]. A collection of web pages can be represented as a graph with labellededges. Edge labels come from some set I , which is either finite but very large, or even countably infinite.For example, I could be the set of all URLs, or all possible phrases in English (link names). Suppose wewant to reason about constraints on possible paths in a graph, expressed as inclusions of regular expressions(inclusion constraints were introduced by Abiteboul and Vianu in [2]):
a; (b+ c); #; d∗ ⊆ e; f
(if a data item is reachable by a path defined by a; (b+ c); #; d∗, that is: an a link followed by either a b ora c link, followed by an arbitrary link, followed by finitely many d links, then it is also reachable by a pathe; f ). We can study the implication problem for inclusion constraints (whether a set of constraints impliesa constraint) by expressing it in a logical language; in [3], a logic called PDLpath was introduced for thispurpose. The only unusual feature of PDLpath compared to other flavours of PDL, see e.g. [9, 8], is thewild card, or existential modality 〈#〉, standing for ‘any label’. In [4], we considered axiomatisation anddecidability problems for K and DK with 〈#〉 and axiomatisation for PDLpath (decidablity was proved in[3]).
In this paper, we add an extra modality 〈∩〉 to K# , DK# and PDLpath . While 〈#〉 corresponds to theunion of edge relations, 〈∩〉 corresponds to their intersection. We show that completeness and decidabilityresults go through if 〈∩〉 is added to the logics. We also simplify some proofs compared to [4].
2 Logics K#∩ and DK#∩Consider the propositional modal languageLI
#∩ containing (1) a countable set of propositional parametersPar; (2) propositional connectives ¬ (“not”) and ∨ (“or”); (3) for every element i of a countable set I ofmodal indices, a modal operator 〈i〉 ; (4) a modal operator 〈#〉 ; and (5) a modal operator 〈∩〉 . All the otherconnectives, including the dual modalities [i], [#] and [∩], can be defined in the usual way. The formulasof LI
#∩ are defined by
ϕ := p | ¬ϕ | ϕ1 ∨ ϕ2 | 〈i〉ϕ | 〈#〉ϕ | 〈∩〉ϕ,
23
where p ∈ Par and i ∈ I . These formulas are evaluated on LI#∩-models.
Definition 1 An LI#∩-model is a tuple M = (W, {Ri}i∈I ,R#,R∩, V ), where W �= ∅, Ri ⊆ W ×W ,
R# =⋃
i∈I Ri, R∩ =⋂
i∈I Ri, and V is a function from Par into 2W . M is deterministic if, for everyw ∈W and every i ∈ I , there is no more than one v such that wRiv.
The truth definitions for formulas of LI#∩ are standard; in particular,
• M, w � 〈i〉ϕ iff ∃v ∈ W (wRiv and M, v � ϕ)
• M, w � 〈#〉ϕ iff ∃v ∈W (wR#v and M, v � ϕ)
• M, w � 〈∩〉ϕ iff ∃v ∈ W (wR∩v and M, v � ϕ).
It is easy to see that 〈#〉 increases the expressive power if I is infinite; otherwise, 〈#〉ϕ can be definedas a finite disjunction of formulas of the form 〈i〉ϕ. As for the modality 〈∩〉 , it is a well-known fact thatit cannot be defined with the other modalities if I contains at least two elements. Hence, we will alwaysassume in this paper that I is countably infinite.1
Lemma 1 Let ϕ be a formula not containing the modalities 〈#〉 and 〈∩〉, and let all labels occurring in ϕbe in the set L. Then the satisfiability of ϕ in a model is preserved with respect to the operation of removingRi edges (where i �∈ L).
Proof. Let M, w � ϕ, and let M′ be obtained from M by removing all edges with labels not in L. ThenM and M′ are bisimilar with respect to {Ri : i ∈ L}, hence M′, w � ϕ. �
Lemma 2 Let ϕ be a formula which does contain 〈#〉 or 〈∩〉, and let all labels occurring in ϕ be in theset L. Then the satisfiability of ϕ in a model is not guaranteed to be preserved with respect to removingnon-L edges;
Corollary 1 〈#〉 is not definable in a language with an infinite set of labels I .
Corollary 2 〈∩〉 is not definable in a language with at least two elements in the set of labels I .
Let us denote the logic of all LI#∩-models as K#∩ and the logic of all deterministic LI
#∩-models (i.e.models where every basic accessibility relation is deterministic) as DK#∩ . We are now going to formulateHilbert-style axiomatisations of K#∩ and DK#∩ . Below, π stands for either an arbitrary i ∈ I or #, ∩:
Axiom schemata:(A0) All classical tautologies;(K) [π](ϕ→ ψ) → ([π]ϕ→ [π]ψ);(ER) 〈i〉ϕ→ 〈#〉ϕ;(RE) 〈∩〉ϕ→ 〈i〉ϕInference rules:
(MP)� ϕ→ ψ,� ϕ
� ψ ;
(N)� ϕ� [π]ϕ
.
Also, it is not difficult to guess that the axiomatisation of DK#∩ can be obtained by adding to theaxiom schemata above the ‘axioms of determinism’:
D1 〈i〉ϕ→ [i]ϕ;D2 〈∩〉ϕ→ [#]ϕ.It is easy to show the following.
1If I is finite, both 〈#〉 and 〈∩〉 are definable in K∪,∩n : multi-modal K with n modalities and their finite intersections and
unions. As shown in [10], the complexity of this logic is still PSPACE, as that of multi-modal K .
24
Theorem 1 K#∩ is sound with respect to the class of all L#∩-models. DK#∩ is sound with respect to theclass of all deterministic L#∩-models.
It is also easy to see that both K#∩ and DK#∩ are non-compact (consider the set Γ = {〈#〉 p} ∪ {¬〈i〉p :i ∈ I}), and hence don’t have strongly-complete axiomatisations.
Let M = (W, {Ri}i∈I ,R#,R∩, V ) be the canonical model for K#∩ . Consider a K#∩ -consistentformula φ. Using the truth lemma in the canonical model construction, we can prove that there existsw ∈ W such that M, w � φ. Using axioms (ER) and (RE), the reader may verify that R# ⊇ ⋃
i∈I Ri
and R∩ ⊆⋂
i∈I Ri. Let I1 and I2 be a partition of the set of all i ∈ I such that i does not occur in φ, sothat both I1 and I2 are non-empty. Let M′ = (W, {R′
i}i∈I ,R#,R∩, V ) be the model obtained from Mas follows. For all i ∈ I ,
if i occurs in φ then R′i = Ri,
if i ∈ I1 then R′i = R#,
if i ∈ I2 then R′i = R∩.
The reader may easily verify that R# =⋃
i∈I R′i and R∩ =
⋂i∈I R′
i. Since M and M′ are identicalfor all i ∈ I such that i occurs in φ, then M′, w � φ. Hence, we have
Theorem 2 K#∩ is complete with respect to the class of all L#∩-models.
Now let us consider DK#∩ . First, note that DK#∩ is sound and complete with respect to the class ofall modelsM = (W, {Ri}i∈I ,R#,R∩, V ) where
R# ⊇ ⋃i∈I R′
i,
R∩ ⊆⋂
i∈I R′i
for all x, y, z in W and for all i in I , if xRiy and xRiz then y = z and
for all x, y, z in W and for all i in I , if xR#y and xR∩z then y = z.
Since the above class of models is first-order definable, then DK#∩ is sound and complete with respectto the class of all countable models satisfying the four conditions above. Let φ be a DK#∩ -consistentformula. Hence, there is a countable modelM = (W, {Ri}i∈I ,R#,R∩, V ) satisfying the four conditionsabove and such that for some w ∈ W , M, w � φ. Observe that R∩ is deterministic and that for allx ∈ W , if R∩(x) �= ∅ then R∩(x) = R#(x) is a singleton. Let I1 and I2 be a partition of the setof all i ∈ I such that i does not occur in φ, so that I1 and I2 are non-empty and I1 is infinite. LetM′ = (W, {R′
i}i∈I ,R#,R∩, V ) be the model obtained from M as follows. For all i ∈ I ,
if i occurs in φ then R′i = Ri
if i ∈ I1 then for all x in W , let R#(x) = {y1, y2, . . .}. We define now for all x in W , if R∩(x) = ∅then R′
i(x) = {yi}, else R′i(x) = R∩(x).
if i ∈ I2 then R′i = R∩.
The reader may easily verify that
R# =⋃
i∈I R′i,
R∩ =⋂
i∈I R′i,
M′, w � φ.
Hence, we have
Theorem 3 DK#∩ is complete with respect to the class of all deterministic L#∩-models.
Now let us consider the decidability/complexity of K#∩ .
25
Theorem 4 The satisfiability problem for K#∩ is decidable.
Proof. Consider a formula φ satisfiable in some model M = (W, {Ri}i∈I ,R#,R∩, V ) where R# ⊇⋃i∈I Ri and R∩ ⊆
⋂i∈I Ri. Let Γφ be the least set of formulas such that
• φ is in Γφ,
• Γφ is closed for subformulas,
• if [#]ψ ∈ Γφ and i ∈ I occurs in φ then [i]ψ ∈ Γφ,
• if [i]ψ ∈ Γφ then [∩]ψ ∈ Γφ,
• if [#]ψ ∈ Γφ then [∩]ψ ∈ Γφ.
It must be noted that Γφ is finite and Card(Γφ) is linear in the length of φ. Observe also that for alli ∈ I , if [i]ψ ∈ Γφ then i occurs in φ. Let ≡Γφ
be the equivalence relation on W defined by
x ≡Γφy iff for all ψ ∈ Γφ, M, x � ψ iff M, y � ψ.
For all x in W , let | x | be the equivalence class of x modulo ≡Γφ. We define a structure M′ =
(W ′, {R′i}i∈I ,R′
#,R′∩, V ′) as follows:
W ′ = {| x |: x ∈W},
| x | R′i | y | iff i occurs in φ and for all [i]ψ in Γφ, if M, x � [i]ψ then M, y � ψ or i does not occur in
φ and for all [#]ψ in Γφ, if M, x � [#]ψ then M, y � ψ,
| x | R′# | y | iff for all [#]ψ in Γφ, if M, x � [#]ψ then M, y � ψ,
| x | R′∩ | y | iff for all [∩]ψ in Γφ, if M, x � [∩]ψ then M, y � ψ,
if p ∈ Γφ then V ′(p) = {| x |: x ∈ V (p)} else V ′(p) = ∅.
Note that M′ is a filtration of M in the usual sense. Hence, for all ψ ∈ Γφ and for all x ∈ W ,M, x � ψ iff M′, | x |� ψ. Moreover,R′
# =⋃
i∈I R′i and R′∩ ⊆
⋂i∈I R′
i. Hence, K#∩ is decidable.�
The complexity of the satisfiability problem for K#∩ is the same as for multi-modalK:
Theorem 5 The satisfiability problem for K#∩ is PSPACE-complete.
Proof. As for the lower bound, the satisfiability problem for K#∩ is PSPACE-hard since K#∩ is a conser-vative extension of multi-modal K . As for the upper bound, let us prove that the satisfiability problem forK#∩ is in PSPACE. Let C be the set of all edge labels occurring in a formula φ. If this set is empty, letC contain a single fresh edge label a. Using a tableau-based proof procedure with prefixed formulas as inFitting [7], we consider the following rules:
• if the prefixed formula σ : 〈b〉ϕ is in the branch then take a new integer k and add σ · (b, k) : ϕ to thebranch;
• if the prefixed formula σ : 〈∩〉ϕ is in the branch then take a new integer k and add σ · (∩, k) : ϕ tothe branch;
• if the prefixed formula σ : 〈#〉ϕ is in the branch then take a new integer k and add σ · (#, k) : ϕ tothe branch;
• if the prefixed formula σ : [b]ϕ is in the branch then for all integers k such that the prefix σ · (b, k) isalready in the branch, add σ · (b, k) : ϕ to the branch;
• if the prefixed formula σ : [b]ϕ is in the branch then for all integers k such that the prefix σ · (∩, k)is already in the branch, add σ · (∩, k) : ϕ to the branch;
26
• if the prefixed formula σ : [∩]ϕ is in the branch then for all integers k such that the prefix σ · (∩, k)is already in the branch, add σ · (∩, k) : ϕ to the branch;
• if the prefixed formula σ : [#]ϕ is in the branch then for all integers k such that the prefix σ · (b, k)is already in the branch, add σ · (b, k) : ϕ to the branch;
• if the prefixed formula σ : [#]ϕ is in the branch then for all integers k such that the prefix σ · (#, k)is already in the branch, add σ · (#, k) : ϕ to the branch;
• if the prefixed formula σ : [#]ϕ is in the branch then for all integers k such that the prefix σ · (∩, k)is already in the branch, add σ · (∩, k) : ϕ to the branch.
It is easy to see that this (in addition to the usual tableau rules for multi-modalK) gives a PSPACE decisionprocedure for building a model where ⋃
b∈C
Rb ⊆ R#
R∩ ⊆⋂b∈C
Rb
Set other accessibility relations Rd with d �∈ C to be equal to R∩. Now we have a model where
⋃b∈I
Rb ⊆ R#
R∩ ⊆⋂b∈I
Rb
and we know how to build a proper K#∩ model given a structure satisfying the conditions above. Let usremark that if I is finite then this tableau-based proof procedure is still complete. �
3 Logic PDL#∩The language of PDL#∩ is an extension of the language of PDL, propositional dynamic logic. The lan-guage of PDL has two kinds of primitive symbols: propositional parameters and atomic transitions (or,modality indices). Indices are used to label edges in the transition system. Compound path expressions arebuilt out of indices using binary operators ◦ (composition), ∪ (union) and a unary operator ∗ (finite itera-tion). In addition to these, the language of PDL#∩ has the modal identity constant id, the unary converseoperator ·−, and # and ∩ which stand for some and any label, respectively. Moreover, the language ofPDL#∩ has a single nominal (a propositional letter that is true at exactly one point of a model) r, which ismeant to mark the root of the graph. PDL#∩ is an extension of PDLpath introduced in [3] with ‘any label’modality ∩.
Definition 2 Given a countable set of indices I = {i1, i2, . . . , in, . . .}, path expressions over I are definedby the following BNF expression:
ΛI := I | id | # | ∩ | ΛI ◦ ΛI | ΛI ∪ ΛI | Λ ∗I | ΛI
−.
PDL#∩ -formulas over the set of path expressions ΛI are defined as follows:
ϕ := � | ⊥ | r | ¬ϕ | ϕ ∨ ϕ | 〈ΛI〉ϕ | @rϕ.
PDL#∩ -formulas are evaluated on path models.
Definition 3 A path model M over the set of labels ΛI is a tuple (W, {Rπ}π∈ΛI , V ), where
1. W �= ∅;
27
2. V is a function assigning some {w} ⊆W to r.
3. {Rπ}π∈ΛI is a collection of binary relations over W satisfying the following conditions:
(a) R# =⋃
i∈I Ri and R∩ =⋂
i∈I Ri;
(b) Rid = { (w,w) : w ∈W } (identity relation);
(c) Rπ− = R−π (converse);
(d) Rπ1◦π2 = Rπ1 ◦ Rπ2 (composition);
(e) Rπ1∪π2 = Rπ1 ∪ Rπ2 (union);
(f) Rπ∗ = R∗π (reflexive-transitive closure);
(g) For everyw, v ∈ W , there is a sequence of points u1, . . . , un such that (1)w = u1, (2) v = un,and (3) for every 1 ≤ i ≤ n−1, either, for some i ∈ I , uiRiui+1, or, for some i ∈ I , ui+1Riui
(connectedness).
By a weak path model we will mean a model where instead of (3a) weaker conditionsR# ⊇ ⋃i∈I Ri and
R∩ ⊆⋂
i∈I Ri hold.
The truth of PDL#∩ -formulas at a point in a (weak) path model is defined as follows.
Definition 4 Let M = (W, {Rπ}π∈ΛI , V ) be a path model, w, v ∈ W . Then,
M, w � � always;M, w �⊥ never;M, w � r iff V (r) = {w};M, w � ¬ϕ iff M, w � ϕ;M, w � ϕ ∨ ψ iff M, w � ϕ or M, w � ψ;M, w � 〈π〉ϕ iff for some v ∈ W,wRπv and M, v � ϕ;M, w � @rϕ iff M, v � ϕ and V (r) = {v}.
Here are some examples of properties definable in PDL#∩ : r defines the root; ¬〈#〉� defines leafnodes; 〈(#∪#−)∗〉r defines nodes connected to the root. To express a path constraint π1 ⊆ π2 (everythingreachable from the root by a path π1 is reachable by a path π2), we can say @r[π1]〈π2
−〉r. Note that onconnected graphs, @rϕ is definable as 〈(# ∪ #−)∗〉(r ∧ ϕ).
Now, we describe a Hilbert-style axiomatisation of PDL#∩ . Axiom schemata of PDL#∩ can belogically divided into four parts.
The first part describes the behaviour of propositional connectives and conventional modal operators〈π〉 and [π ] :
(A0) all classical tautologies;
(K) [π ] (ϕ→ ψ) → ([π ] ϕ→ [π ] ψ);
(A1) 〈π〉ϕ↔ ¬[π ] ¬ϕ.
The second part describes the properties of path expression operators:
(A2) 〈π1 ◦ π2〉 ϕ↔ 〈π1〉 〈π2〉ϕ;
(A3) 〈π1 ∪ π2〉 ϕ↔ 〈π1〉ϕ ∨ 〈π2〉ϕ;
(A4) 〈π∗〉ϕ↔ ϕ ∨ 〈π〉 〈π∗〉ϕ;
(A5) [π∗](ϕ→ [π ] ϕ) → (ϕ→ [π∗]ϕ);
(A6) ϕ→ [π− ] 〈π〉ϕ;
(A7) ϕ→ [π ] 〈π−〉ϕ;
28
(A8) ϕ↔ 〈id〉ϕ;
(ER) 〈i〉ϕ→ 〈#〉ϕ;
(RE) 〈∩〉ϕ→ 〈i〉ϕ.
The third part describes properties of @r operator:
(A9) @r(ϕ→ ψ) → (@rϕ→ @rψ);
(A10) @rϕ↔ ¬@r¬ϕ;
(A11) r ∧ ϕ→ @rϕ;
(A12) @rr;
(A13) 〈π〉@rϕ→ @rϕ.
Finally, the following axiom pertains to connectedness:
(A14) 〈(# ∪ #−)∗〉 r.The inference rules are:
(MP)� ϕ→ ψ,� ϕ
� ψ ; (N)� ϕ� [π]ϕ
; (NN)� ϕ� @rϕ
;
4 Completeness for PDL#∩In this section, we prove completeness of the above axiomatisation of PDL#∩ (its soundness is straightfor-ward). As the language of PDL#∩ contains 〈#〉 and 〈π∗〉 , both of which give rise to non-compact logics,we can only prove weak completeness for PDL#∩ . We will first prove completeness with respect to weakpath models, and then show that every PDL#∩ formula which has a weak path model is also satisfied in apath model.
Definition 5 Let Σ be a set of PDL#∩ -formulas over ΛI . The closure of Σ, CL(Σ), is the smallest set suchthat
• if ϕ ∈ Σ then Sub(ϕ) ⊆ CL(Σ);
• if 〈π−〉ϕ ∈ Σ then [π ] 〈π−〉ϕ ∈ CL(Σ) (here and below, π ranges over all path labels);
• if 〈π1 ◦ π2〉 ϕ ∈ CL(Σ) then 〈π1〉 〈π2〉ϕ ∈ CL(Σ);
• if 〈π1 ∪ π2〉 ϕ ∈ CL(Σ) then 〈π1〉ϕ ∨ 〈π2〉ϕ ∈ CL(Σ);
• if 〈π∗〉ϕ ∈ CL(Σ) then 〈π〉 〈π∗〉ϕ ∈ CL(Σ);
• if ψ ∈ CL(Σ) and ψ �= @rχ and ψ �= ¬@rχ, then @rψ ∈ CL(Σ);
• @rr ∈ CL(Σ);
• 〈(# ∪ #−)∗〉 r ∈ CL(Σ);
• if ϕ ∈ CL(Σ) and ϕ is not of the form ¬ψ, then ¬ϕ ∈ CL(Σ).
Lemma 3 Let Σ be a set of PDL#∩ -formulas. If Σ is finite, then CL(Σ) is finite, too.
PDL#∩ -atoms (over Σ) are maximally consistent subsets of CL(Σ).
Lemma 4 If ϕ ∈ CL(Σ) is PDL#∩ -consistent, then there exists an atom A over Σ such that ϕ ∈ A.
29
Now we define the finite canonical weak PDL#∩ -model over Σ.
Definition 6 Let Σ be a finite set of PDL#∩ -formulas over the set of path expressions ΛI . First, define afamily of binary relations {Sπ} on the set At(Σ) of atoms over Σ, as follows:
• For all atoms A,A′ ∈ At(Σ), ASπA′ iff A ∧ 〈π〉 A′ is consistent.
Now, the finite canonical modelMΣ over ΛI is a tuple (WΣ, {RΣπ }π∈ΛI , V
Σ) such that
1. WΣ = At(Σ);
2. V Σ(p) = {A ∈ At(Σ) : p ∈ A } for p ∈ Par, V Σ(r) = {A ∈ At(Σ) : r ∈ A };
3. • for every atomic c, RΣc = Sc;
• RΣ# = S#;
• RΣ∩ = S∩;
• RΣid = { (A,A) : A ∈ At(Σ) };
• RΣρ = (RΣ
ρ )−;
• RΣπ1◦π2
= RΣπ1◦ RΣ
π2;
• RΣπ1∪π2
= RΣπ1∪ RΣ
π2;
• RΣπ∗ = (RΣ)∗π .
Finite canonical models for PDL#∩ are the same as weak path models, apart from not satisfyingcondition 2 (V Σ(r) is not guaranteed to be a singleton). Conditions (3b)–(3f) are satisfied because ofdefinition 6. Condition (3a) is not necessarily satisfied: we can only show that
⋃iRΣ
i ⊆ RΣ# and RΣ
∩ ⊆⋂iRΣ
i .A proof of the following lemma is fairly standard:
Lemma 5 Let Σ be a set of PDL#∩ -formulas,MΣ be the finite canonical model over Σ, and ψ ∈ CL(Σ).Then, for every A ∈ At(Σ), MΣ, A � ψ iff ψ ∈ A.
What remains to be done is ensure that we can reshape MΣ into a model with exactly one root whichsatisfies
⋃iRi = R# and
⋂iRi = R∩, in a truth-preserving way. To that end, we will show that, given
an atom A ∈ MΣ, if we take a submodel MΣA of MΣ generated by A, then MΣ
A contains at most oneroot. Then we show how to transform this submodel into a model which satisfies condition (3a).
First we prove that all the atoms of the submodel of MΣ generated by A agree on formulas beginningwith @r.
Lemma 6 Let A be an atom, MΣA be a submodel of MΣ generated by A, and B and B′ be atoms such
that B,B′ ∈ MΣA. Then, for every @rψ ∈ CL(Σ), @rψ ∈ B iff @rψ ∈ B′.
Next, we can show that MΣA has at most one root.
Lemma 7 Let A be an atom, MΣA be a submodel of MΣ generated by A, and B and B′ be atoms such
that (1) B,B′ ∈MΣA and (2) B �= B′. Then, at most one of B and B′ contains r.
Theorem 6 PDL#∩ is complete with respect to the class of all path models.
Proof. We have shown that every consistent PDL#∩ formula ϕ has a weak path model MΣA. All that
remains to show is that MΣA can be transformed in a path model satisfying ϕ.
We do this in exactly the same way as in the completeness proof for K#∩ . Let I be the set of atomiclabels not occurring in ϕ. Partition I into two non-empty sets I1 and I2, and set, for each i ∈ I1, Ri = RΣ
#
and for each i ∈ I2, Ri = RΣ∩ . It is easy to check that in the resulting model M , R# =
⋃iRi and
R# =⋂
iRi.It is easy to prove by induction on complexity of ϕ that for all states w, MΣ
A, w |= ϕ iff M, w |= ϕ. �
30
Theorem 7 PDL#∩ is decidable.
Proof. From the proof of Theorem 6 we know that every satisfiable formula has a model exponential in thesize of the formula. Note that there are finitely many different types of accessibility relations in that model.So we can enumerate all such models and check whether any of them satisfies the formula. �
Acknowledgements Natasha Alechina and Dmitry Shkatov gratefully acknowledge EPSRC support (grantGR/M98050/01). We would like to thank the Isaac Newton Institute for Mathematical Sciences where someof the work on this paper was done.
References
[1] Serge Abiteboul, Peter Buneman, and Dan Suciu. Data on the Web: From Relations to SemistructuredData and XML. Morgan Kaufmann, 1999.
[2] Serge Abiteboul and Victor Vianu. Regular path queries with constraints. In Proceedings of the Six-teenth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS’97),pages 122–133, 1997.
[3] Natasha Alechina, Maarten de Rijke, and Stephane Demri. A modal perspective on path constraints.Journal of Logic and Computation, 13(6):939–956, 2003.
[4] Natasha Alechina and Dmitry Shkatov. Logics with an existential modality. In Guido Governatori,Ian Hodkinson and Yde Venema (eds.), Advances in Modal Logic, 2006, pages 31–48.
[5] Patrick Blackburn, Maarten de Rijke, and Yde Venema. Modal Logic. Cambridge University Press,2001.
[6] Francesco M. Donini. Complexity of Reasoning. In Description Logic Handbook, pages 96–136,Cambridge University Press, 2003.
[7] Melvin Fitting. Proof Methods for Modal and Intuitionistic Logics. D. Reidel, 1983.
[8] Giuseppe De Giacomo. Decidability of Class-Based Knowledge Representation Formalisms. PhDthesis, Universita degli Studi di Roma “La Sapienza”, 1995.
[9] David Harel, Dexter Kozen, and Jerzy Tiuryn. Dynamic Logic. MIT Press, 2000.
[10] Carsten Lutz and Ulrike Sattler. The Complexity of Reasoning with Boolean Modal Logics. In FrankWolter, Heinrich Wansing, Maarten de Rijke, and Michael Zakharyaschev (eds.), Advances in ModalLogic, 2001.
31
A TABLEAU SYSTEM FOR A FIRST-ORDER HYBRID LOGIC
JENS ULRIK HANSENINSTITUTE FOR MATHEMATICAL SCIENCES
UNIVERSITY OF COPENHAGEN
DENMARKE-MAIL: [email protected]
Abstract. In this paper a first-order version of hybrid logic is presented. The language is obtained by
adding nominals, satisfaction operators and the down-arrow binder to classical first-order modal logic(including constants and function symbols). The satisfaction operators are applied to both formulas
and terms. Moreover adding the universal modality is discussed.
This first-order hybrid language is interpreted over varying domains and a sound and complete, fullyinternalized tableau system for this logic is given.
Keywords: Hybrid logic, first-order modal logic, first-order hybrid logic, tableau systems.
1. Introduction
First-order modal logic in philosophy is an old field of study and has been treated extensively. Propo-sitional hybrid logic is also becoming a well-studied field. However the literature on hybrid logic versionsof first-order modal logic is still limited. Some few examples are [1, 2, 4, 6, 7].
Though it is known that hybrid versions of first-order modal logic have many advantages comparedto classical first-order modal logic. First of all many classical first-order modal logics lacks the interpo-lations property, but it has been shown in [1] that a hybrid version of first-order modal logic containingsatisfaction operators and the down-arrow binder, fixes this problem.
When it comes to the expressiveness of first-order hybrid languages it may come as no surprise thatit is a great deal higher than the expressiveness of classical first-order modal languages. It has longbeen known that first-order modal logic lacks the power to express certain properties related to naturallanguage semantics. See for instance [11]. That first-order hybrid logic is useful in relation to naturallanguage semantics is also well known and discussed in for instance [3]. A kind of a first-order hybridlogic is also used in [8]. Thus from the viewpoint of natural language semantics first-order hybrid logicis a very natural thing.
Furthermore adding predicate abstraction to first-order modal logic as done in [9] does not give anynew expressive powers compared to first-order hybrid logic. Since predicate abstraction easily can besimulated in a first-order hybrid logic with the down-arrow binder and satisfaction operators on terms(see for instance [7]).
Additionally as for propositional hybrid logic a wide range of general completeness results are possible,as discussed in for instance [2] and [6], as well as completely internalized proof systems. This articlecontains such an internalized proof system, namely a completely internalized tableau system for a first-order hybrid logic.
The first-order hybrid language we will present is in a sense just classical first-order logic combinedwith a propositional hybrid logic containing nominals, satisfaction operators, and the down-arrow binder.However there is a bit more to it since we will also use satisfaction operators on terms. Furthermore wewill also discuss adding the universal modality to the language.
2. A first-order hybrid language
In this section a first-order hybrid language (denoted by FHL) is presented and a varying domainsemantics for the language is given. The language is obtained by combining classical first-order logicwith hybrid logic. First we will give the syntax of the language.
2.1. Syntax for FHL. As in classical first-order logic the language FHL contains a countable infiniteset of first-order variables FVAR, a countable infinite set of constants CON, a countable infinite set offunction symbols FSYM, and a countable infinite set of relation symbols RSYM. (For any n ∈ N there
32
might be function and relation symbols of arity n.) To get a first-order hybrid logic we further needa countable infinite set of nominals NOM and a countable infinite set of state variables SVAR. (Statevariables will vary over worlds and nominals will appear as world constants.) Besides the logical symbols¬,∨,∃,=, (, and ) of classical first-order logic, there will be the classical modal operator ♦, a down-arrowbinder ↓, and for every u ∈ NOM ∪ SVAR there will be two kinds of satisfaction operators @u and u: .1
The terms of FHL can now be defined.
Definition 1 (FHL-terms). The set of FHL-terms (denoted by TFHL) is given by the following gram-mar:
t ::= x | c | u: t | f(t1, . . . , tn) ,
where x ∈ FVAR, c ∈ CON, u ∈ NOM ∪ SVAR, and f is an n-ary function symbol of FSYM.
(When no confusion can arise we will referrer to FHL-terms as just terms.) As in classical first-order logic variables and constants are terms and function symbols can be used to recursively definingmore complex terms. Furthermore new terms can be constructed from a term t by prefixing it with thesatisfaction operator u: getting the term u: t. The intuition behind the term u: t is that it denotes whatt denotes at the world u. This is crucial since we will interpret our constants and function symbols (aswell as the relation symbols) non-rigidly, i.e. they might denote different things in different worlds.2
Now for the definition of FHL-formulas (or just formulas).
Definition 2 (FHL-formulas). The set of FHL-formulas (denoted by FFHL) is given by the followinggrammar:
ϕ ::= R(t1, . . . , tn) | t1 = t2 | u | ¬ψ | (ψ1 ∨ ψ2) | ♦ψ | (∃x)ψ | @uψ | ↓v.ψ ,
where R ∈ RSYM is n-ary, t1, t2, . . . , tn ∈ TFHL, u ∈ NOM ∪ SVAR, x ∈ FVAR, and v ∈ SVAR.
When we in the following are talking about variables, and nothing else is mentioned, we will be talkingabout elements of FVAR∪ SVAR. Free occurrences of first-order variables are defined as in classical first-order logic and the free occurrences of state variables are defined in a similar manner, noting that onlythe ↓-binder can bind state variables. A sentence is a formula in which all variables are bound.
2.2. Semantics for FHL. Only a varying domain semantics is presented for FHL, since constantdomain semantics can be seen as a special case of varying domain semantics. If 〈W,R〉 is an ordinarymodal frame, D a non-empty set, and D a function on W such that it assigns a non-empty set D(w) toevery w ∈ W , then the tuple 〈W,R,D,D〉 is called a skeleton. A model is a tuple M = 〈W,R,D,D, `〉,where 〈W,R,D,D〉 is a skeleton and ` = (`w)w∈W is an interpretation. The interpretation ` interpretsthe constants, function symbols, and relation symbols non-rigidly, thus an interpretation ` = (`w)w∈W issuch that for all c ∈ CON: `w(c) ∈ D; for all n-ary f ∈ FSYM: `w(f) : Dn → D; for all n-ary R ∈ RSYM:`w(R) ⊆ Dn (for all w ∈W ). Given a model M = 〈W,R,D,D, `〉, we will denote `w(c) by cMw , `w(f) byfMw , and `w(R) by RMw .3 For all nominals i ∈ NOM the interpretation ` assigns an element of W , i.e.`(i) ∈W , thus the interpretation of nominals does not depend on worlds.
Given a model M, a valuation ν in M is a function ν : (FVAR∪SVAR) → (D∪W ), such that ν(x) ∈ Dfor all x ∈ FVAR, and ν(u) ∈ W for all u ∈ SVAR. Given valuations ν and ν′ and a variable z, we saythat ν′ is a z-variant of ν if ν′(y) = ν(y) for all y ∈ FVAR ∪ SVAR with y 6= z. For a w ∈ W and az ∈ FVAR, ν′ is a z-variant of ν in w if ν′ is a z-variant of ν and ν′(z) ∈ D(w).
1The reason for using two different satisfaction operators is that satisfaction operators will be applied both to terms
and formulas. So to avoid confusion two different operators will be used.2The first-order hybrid logics of [1, 2, 4, 6, 7] all have a limited notion of terms. For instance taking terms only to
be first-order variables, constants (interpreted non-rigidly) and of the form u: c for a u ∈ NOM ∪ SVAR and c a constant.However the author sees no reason not to allow terms of arbitrary complexity as given by definition 1. Of course some
tableau rules are needed to deal with these terms, however these rules are not that complicated.3Note that for a constant c, cMw does not need to be in the domain of the world w, i.e. in D(w). Furthermore there
might be an object a ∈ D that does not exists in any domain for any world in W . In other words it is not required that
D = ∪w∈WD(w) as is done in for instance [9].
33
Now given a model M and a valuation ν in M, a term evaluation function (·)M,ν(·) : TFHL → D is
defined by
− If x is a variable and w ∈W , then (x)M,νw = ν(x).
− If c is a constant and w ∈W , then (c)M,νw = cMw .
− If i is a nominal, t a term, and w ∈W , then (i: t)M,νw = (t)M,ν
`(i) .
− If u is a state variable, t a term, and w ∈W , then (u: t)M,νw = (t)M,ν
ν(u) .
− If f is an n-ary function symbol, t1, . . . , tn are terms, and w ∈W,
then(f(t1, . . . , tn)
)M,ν
w= fMw
((t1)M,ν
w , . . . , (tn)M,νw
).
The definition of the semantic relation M, w |=ν ϕ can now be defined by
M, w |=ν R(t1, . . . , tn) iff((t1)M,ν
w , . . . , (tn)M,νw
)∈ RMw
M, w |=ν t1 = t2 iff (t1)M,νw = (t2)M,ν
w
M, w |=ν i iff `(i) = w
M, w |=ν u iff ν(u) = w
M, w |=ν ϕ iff M, w 6|=ν ϕ
M, w |=ν ϕ ∨ ψ iff M, w |=ν ϕ or M, w |=ν ψ
M, w |=ν ♦ϕ iff there is a w′ ∈W s.t. R(w,w′) and M, w′ |=ν ϕ
M, w |=ν (∃x)ϕ iff there is an x-variant ν′ of ν in w s.t. M, w |=ν′ ϕ
M, w |=ν @iϕ iff M, `(i) |=ν ϕ.
M, w |=ν @uϕ iff M, ν(u) |=ν ϕ.
M, w |=ν↓u.ϕ iff there is an u-variant ν′ of ν s.t. ν′(u) = w and M, w |=ν′ ϕ.
The notion of satisfiability and validity is defined in the usual manner. Note that if ϕ is a sentence,wherever M, w |=ν ϕ does not depend on the valuation ν.
3. A tableau system for FHL
In this section a tableau system for FHL interpreted over varying domains is presented. Tableau proofswill only be of FHL-sentences. The tableau system here given is inspired by [9], however introducinghybrid machinery into the language makes it possible to internalise the tableau system completely. The@i operators will play the role of prefixes and the term operators i: will be used instead of the groundingmechanism on terms need for varying domain tableaux in [9].4
When doing tableaux for first-order logic, we need something to instantiate quantifiers as in (∃x)ϕ.To make things simpler a new countable infinite set PAR = {p, q, ...} of parameters is introduced. Thesewill behave like constants and is only used to instantiate quantifiers.5 The language obtained by addingthe new set PAR of constants to the language FHL will be referred to as the extended language. Hence aextended term or a formula of the extended language is just like a FHL-term or a FHL-formula exceptthat they might contain parameters. Note that since parameters appears as constants they cannot bebound by quantifies.
The tableau rules are given in figure 1. If t is a term of the extended language, t is called closed if itcontains no first-order or state variables. A tableau branch is closed if it contains both @iϕ and @i¬ϕ forsome i ∈ NOM and some extended formula ϕ. A tableau is called closed if all its branches are closed. Atableau proof of a FHL-sentence ϕ is a closed tableau starting with the formula @i¬ϕ for some nominali not occurring in ϕ.
4The only other tableau system for a hybrid version of first-order modal logic, know to the author, is the system
introduced in [4], where only rules for constant domains are given, and some limitation on terms are imposed.5In [9], [10], and other literature on first-order tableau systems, parameters are a new kind of variables. This is essential
in [9] where variables are assigned values rigidly and constants non-rigidly. However this problem is here dealt with by
instantiating the quantified variable x by i: p instead of just p, for a parameter p. This works since i: p is a rigid term,which at the same time carries the information of which domain there has been quantified over, in the sense that we will
think of i:p as belonging to the domain of the world i. This will become much clearer in the completeness proof.
34
Propositional rules:
@i(ϕ ∨ ψ)(∨)
@iϕ | @iψ
@i¬(ϕ ∨ ψ)(¬∨)
@i¬ϕ@i¬ψ
@i¬¬ϕ(¬¬)
@iϕ
Modal rules:
@i♦ϕ(♦)1
@i♦j@jϕ
@i¬♦ϕ @i♦j(¬♦)
@j¬ϕ
Quantifier rules:
@i(∃x)ϕ(∃)2
@iϕ[i:p/x]
@i¬(∃)ϕ(¬∃)3
@i¬ϕ[i:p/x]
Equality rules:
(ref)4
@ij: t = j: t
@ij: t = k:s @iϕ(sub)5
@iϕ[k:s//j: t]
@ rules:
@i@jϕ(@)
@jϕ
@i¬@jϕ(¬ @)
@j¬ϕ
(nom ref)@ii
@ij @iϕ(nom)
@jϕ
@ij @k♦i(bridge)
@k♦j
Downarrow rules:
@i ↓w.ϕ(↓)
@iϕ[i/w]
@i¬ ↓w.ϕ(¬ ↓)
@i¬ϕ[i/w]
Term rules:
@ik1: t = k2:s(:1)
@jk1: t = k2:s
@ij(:2)4
@ki: t = j: t(:3)4
@ik:j: t = j: t
@iR(t1, ..., tn)(:fix 1)
@iR(i: t1, ..., i: tn)
@i¬R(t1, ..., tn)(:fix 2)
@i¬R(i: t1, ..., i: tn)
@it = s(:fix 3)
@ii: t = i:s
@i¬t = s(:fix 4)
@i¬i: t = i:s(:func)7
@if(t1, ..., tn) = f(i: t1, ..., i: tn)
1 The nominal j is new to the branch. 2 Where p is a parameter and i:p is new to the branch. 3 Wherep is any parameter. 4 Where t is a closed term. 5 ϕ[k : s//j : t] is the formula ϕ where some of theoccurrences of j: t have been replaced by k:s. 7 Where f is a n-ary function symbol and t1, ..., tn are allclosed terms.
Figure 1. Tableau rules for FHL.
35
The classical rules are standard rules that can be found in many texts on first-order modal logic. Thehybrid rules for @ and down-arrow are also standard and can for instance be found in [4]. The termrules are new rules added to deal with the : operator on terms.6
A @-formula (or @-sentence) is a formula (or sentence) in the extended language on the form @iϕ, forsome formula (or sentence) ϕ of the extended language and some nominal i. Note that since quantifiers areinstantiated by parameters prefix a nominal, no free first-order variables will occurs after an applicationof the rules (∃) or (¬∃). Similar no new free state variables occurs after applications of the rules (↓)or (¬ ↓). These considerations and the restriction on the rules (ref), (: 2), and (: 3), ensures that allformulas occurring on a tableau for a FHL-sentence, will all be @-sentences. At the same time the useof parameters and nominals in the rules (∃), (¬∃), (↓), and (¬ ↓) ensures that no accidental binding ofany free variables happens. Note also that if the formula @it = s occurs on a branch, t and s will beclosed terms, and thus no accidental binding of free variables can happen in the use of the rule (sub).
3.1. Soundness and completeness. Soundness is not hard to prove. It is done in the same way as in[9]. The proof of the tableau system being complete is in a sense also standard. It is shown that if aFHL-sentence ϕ does not have a tableau proof then ¬ϕ is satisfiable, and thus ϕ is not valid. The ideabehind the proof is taken from [10] and uses a variant of a standard Lindenbaum-Henkin construction.
Before the proof of completeness some terminology is needed. If S is a finite set of @-sentences wemay construct a tableau for this set by simply putting all the sentences of S on one tableau branch,and then use the given tableau rules on this branch.7 Note that if a finite set S of @-sentences has aclosed tableau, then any finite set S′ ⊇ S also has a closed tableau. Now the notion of consistency canbe defined. A set S of @-sentences is inconsistent if there is a closed tableau for some finite subset of S.A set of @-sentences is consistent if it is not inconsistent. A set S of @-formulas is ♦-complete if;
@i♦ϕ ∈ S =⇒ @i♦j,@jϕ ∈ S, for some nominal j,
and S is ∃-complete if;
@i(∃x)ϕ ∈ S =⇒ @iϕ[i:p/x] ∈ S, for some parameter p.
Further a set S of @-formulas omits infinitely many nominals if there are infinitely many nominals inNOM that does not occur in S, and similar S omits infinitely many parameters if there infinitely manyparameters not in S.
Lemma 3. If S is a consistent set of @-sentences that omits infinitely many nominals and parameters,then S can be extended to a maximally consistent set S′ of @-sentences that is both ♦-complete and∃-complete.
Proof: First enumerate the countable many @-sentences of the extended language: @i1ϕi,@i2ϕ2, ...Then for all n ∈ N define Sn recursively by:
S1 = S,
Sn+1 =
Sn ∪ {@inϕn}, if ϕn is not of the form ♦ψ or (∃x)ψ,
and the set Sn ∪ {@inϕn} is consistent.
Sn ∪ {@inϕn,@in
♦j,@jψ}, if ϕn is of the form ♦ψ, j is a new nominal not occurringin Sn or @in
ϕn, and the set Sn ∪ {@inϕn} is consistent.
Sn ∪ {@inϕn,@inψ[i:p/x]}, if ϕn is of the form (∃x)ψ, p a new parameter not occurringin Sn or @in
ϕn, and the set Sn ∪ {@inϕn} is consistent.
Sn, otherwise.
This definition works since by the assumption on S, Sn will omits infinitely many nominals and para-meters, for all n ∈ N.
6The term rules are inspired by the @ rules. For instance (:2) plays the role of (nom) and (:3) plays the roles of (@)
and (¬ @). The rules (:fix1) - (:fix4) and (:func) are included to the deal with the semantics of i: t. Note that a generalsubstitution rule of the form
@iϕ
@iϕ[i: t//t]
is not sound. The term i: t cannot be substituted for t in the formula @jk: t = k: t in a sound way. Thus all the rules
(:fix1) - (:fix4) and (:func) are needed to secure that the substitution only take place at the top level.7So if ϕ is a FHL-sentence, then a tableau proof for ϕ is the same as a closed tableau for the finite set {@i¬ϕ} (for
some nominal i not occurring in ϕ).
36
Each Sn is consistent. This is easily proven by induction on n ∈ N, using the fact that if ϕn
is on the form ♦ψ or (∃x)ψ, then the consistency of Sn ∪ {@inϕn} implies the consistency of Sn ∪{@inϕn,@in♦j,@jψ} and Sn ∪ {@inϕn,@inψ[i:p/x]}, where j and p are new.
Now define S′ by
S′ =⋃n∈N
Sn.
Since Sn is consistent for all n ∈ N it easily follows that also S′ is consistent.To show that S′ is ♦-complete, assume that @i♦ϕ ∈ S′. Let n ∈ N be such that @inϕn is the formula
@i♦ϕ. Then since @inϕn ∈ S′ and S′ is consistent, Sn ∪ {@inϕn} is also consistent. But then, by theconstruction of Sn+1, @in
♦j,@jψ ∈ Sn+1 ⊆ S′, for some new nominal j. That S′ also is ∃-complete isproved in the same way.
That S′ is maximal consistent is clear, since all formulas that can be added without destroyingconsistency have been added in the construction of S′. �
Lemma 4. Let S be a maximal consistent set of @-sentences, which is ♦-complete and ∃-complete. ThenS obeys the tableau rules, i.e. if the premises of a rule are in S then the conclusion is also in S.
For instance if the @-sentences @ij and @iϕ are in S then so is @jϕ.8
To prove completeness assume that the FHL-sentence ϕ does not have a tableau proof, i.e. there isno closed tableau starting with @i¬ϕ (for a i ∈ NOM not in ϕ). But then {@i¬ϕ} is consistent. Sinceϕ only contains finitely many nominals and no parameters, ϕ also omits infinitely many nominals andparameters. Thus by lemma 3 there is a maximal consistent set S of @-sentences that contains @i¬ϕand is ♦-complete and ∃-complete. Using this maximal consistent set S a model M = 〈W,R,D,D, `〉can be constructed such that it satisfies @i¬ϕ. Now for the construction of the model M:
First define the relation ∼ on the set NOM by:
i ∼ j ⇐⇒ @ji ∈ S.∼ is a equivalence relation on the set NOM, which is seen using lemma 4 and the rules (nom ref) and(nom).
The set of worlds W is then defined as the set of ∼-equivalence classes:
W = NOM/∼.
The members of W will be denoted by [i]. The accessibility relation R on W is defined by
[i]R[j] ⇐⇒ @i♦j ∈ S.That this is well-defined follows from lemma 4 and the rules (nom) and (bridge).
To define the domain D of the model, first let D be the set defined by
D = {i: t | for some i ∈ NOM and some closed extended term t}.Now define a relation ≡ on D by
i: t ≡ j:s ⇐⇒ @ki: t = j:s ∈ S for some k ∈ NOM.
This relation is also easily seen to be a equivalence relation on the set D. It follows by lemma 4 appliedto the rules (ref), (sub), and (:1). The domain of the model is now defined by
D = D/≡.
The elements of D will be denoted by i: t. For all [i] ∈W define
D([i]) = {j:p | j ∈ [i] and p is a parameter}.Note that D([i]) ⊆ D for all i ∈ NOM, since p is a closed term.
Now for the definition of the interpretation `. For all constants a ∈ CON ∪ PAR and [i] ∈W define
aM[i] = i:a,
8That this is so can be seen the following way: Assume that @ij, @iϕ ∈ S. Now if @jϕ /∈ S then S ∪ {@jϕ} must be
inconsistent by the maximallity of S. So there is a finite subset A ⊆ S ∪{@jϕ} such that A has a closed tableau. Then we
can construct a closed tableau for the finite set (A \ {@jϕ})∪ {@ij, @iϕ} (⊆ S) using the (nom) rule. But this contradictthe consistency of S, hence @jϕ ∈ S. The other cases, except the rules (♦) and (∃), are similar. For the rules (♦) and
(∃), the lemma follows from the ♦-completeness and ∃-completeness of S.
37
which is well-defined by lemma 4 and (:2). For a n-ary relation symbol R and [i] ∈W , define RM[i] by
RM[i] (i1: t1, ..., in: tn) ⇐⇒ @iR(i1: t1, ..., in: tn) ∈ S,(1)
for all i1: t1, ..., in: tn ∈ D. This is well-defined by lemma 4 and the rules (nom), (sub), and (:1). For an-ary function symbol f and [i] ∈W , define fM[i] : Dn → D by
fM[i] (i1: t1, ..., in: tn) = i:f(i1: t1, ..., in: tn)(2)
for all i1: t1, ..., in: tn ∈ D. That this is well-defined follows from lemma 4 and the rules (:1), (:2), and(sub). Finally for nominals i ∈ NOM let `(i) = [i]. Now for the central lemma:
Lemma 5 (Truth lemma). For all @-sentences @iϕ,
@iϕ ∈ S =⇒ M, [i] |=ν ϕ , for some (all) valuations ν.
@i¬ϕ ∈ S =⇒ M, [i] 6|=ν ϕ , for some (all) valuations ν.
The completeness of the tableau system follows from this lemma. Since @i¬ϕ ∈ S by the definitionof S, M, [i] 6|=ν ϕ. Thus M is a model that falsifies the sentence ϕ at the world [i], and it follows thatϕ cannot be a valid sentence. Now the proof of the Truth lemma requires the following extra lemma:
Lemma 6. If t is a term of the extended language that contains no variables, and i is a nominal, then
tM,ν[i] = i: t,
for all valuations ν in M.
Proof: The proof goes by induction on the construction of t. t cannot be a first-order variable byassumption, and if t is a constant a ∈ CON ∪ PAR, then aM,ν
[i] = aM[i] = i:a. If t is on the form u:s, thenu ∈ NOM since t contains no variables. Further s cannot contain any variables either, and thus
(u:s)M,ν[i] = sM,ν
`(u) = sM,ν[u]
(∗)= u:s
(∗∗)= i:u:s,
where (∗) follows by the induction hypothesis, and (∗∗) from lemma 4 and the rule (:3).Finally assume that t is on the form f(t1, ..., tn), and that t contains no variables. Then t1, ..., tn
contains no variables either. Then by the induction hypothesis
f(t1, ..., tn)M,ν[i] = fM[i] ((t1)
M,ν[i] , ..., (tn)M,ν
[i] ) = fM[i] (i: t1, ..., i: tn) = i:f(i: t1, ..., i: tn) = i:f(t1, ..., tn),
where the last equality follows from lemma 4 and the rules (:func) and (:fix3). �
Proof of lemma 5: The proof goes by induction on the complexity of ϕ. If ϕ is R(t1, ..., tn), Then
@iR(t1, ..., tn) ∈ S =⇒ @iR(i: t1, ..., i: tn) ∈ S=⇒ RM[i] (i: t1, ..., i: tn)
=⇒ RM[i] ((t1)M,ν[i] , ..., (tn)M,ν
[i] )
=⇒ M, [i] |=ν R(t1, ..., tn),
for all valuations ν. Here the first implication follows from lemma 4 and (:fix1), the second by thedefinition (1), and the third by lemma 6 (because R(t1, ..., tn) is assumed to be a @-sentence it cannotcontain any variables). Furthermore if @i¬R(t1, ..., tn) ∈ S then by lemma 4 and (:fix2) @i¬R(i: t1, ..., i:tn) ∈ S, and since S is consistent @iR(i: t1, ..., i: tn) /∈ S. Thus by definition RM[i] (i: t1, ..., i: tn) does not
hold, and so neither does RM[i] ((t1)M,ν[i] , ..., (tn)M,ν
[i] ). It then follows that
M, [i] 6|=ν R(t1, ..., tn),
as required.The case where ϕ is on the form t1 = t2 is similar.ϕ cannot be u for a u ∈ SVAR, since then @iϕ is not a @-sentence. If ϕ is j for j ∈ NOM, `(j) = [j].
But then
M, [i] |=ν j ⇐⇒ [j] = [i] ⇐⇒ j ∼ i ⇐⇒ @ij ∈ S,and the claim follows, since @i¬j ∈ S implies that @ij /∈ S.
The cases where ϕ is ψ1 ∨ ψ2 or ¬ψ are easy.
38
Now assume that ϕ is on the form ♦ψ. If @i♦ψ ∈ S, then by ♦-completeness, @i♦j,@jψ ∈ S, for somenominal j. Thus by the induction hypothesis it follows that M, [j] |=ν ψ. But since @i♦j ∈ S, [i]R[j],and thus M, [i] |=ν ♦ψ. Assume now that @i¬♦ψ ∈ S. If M, [i] |=ν ♦ψ then there is a j ∈ NOM suchthat [i]R[j] and M, [j] |=ν ψ. But then @i♦j ∈ S by the definition of R, and thus using lemma 4 and(¬♦) it follows that @j¬ψ ∈ S. But by induction this implies that M, [j] 6|=ν ψ, which is a contradiction,and thus M, [i] 6|=ν ♦ψ must be the case.
Assume now that ϕ is on the form (∃x)ψ. If @i(∃x)ψ ∈ S it follows by the ∃-completeness of Sthat also @iψ[i: p/x] ∈ S, for some parameter p. By the induction hypothesis M, [i] |=ν ψ[i: p/x]. Butthen also M, [i] |=ν′ ψ, where ν′ is a x-variant of ν in [i] such that ν′(x) = (i: p)M,ν
[i] = i:p (note thati:p ∈ D([i])). But then M, [i] |=ν (∃x)ψ follows. Assume now that @i¬(∃x)ψ ∈ S. If M, [i] |=ν (∃x)ψ,then there is an x-variant ν′ of ν in [i] such that M, [i] |=ν′ ψ. But by the definition of D([i]) this impliesthat there is a parameter p such that ν′(x) = i:p = (i: p)M,ν
[i] . It thus follows that M, [i] |=ν ψ[i: p/x].But on the other hand using lemma 4 on (¬∃) it also follows that @i¬ψ[i:p/x] ∈ S and further by theinduction hypothesis that M, [i] 6|=ν ψ[i:p/x]. This is a contradiction and thus M, [i] 6|=ν (∃x)ψ must bethe case.
In the case ϕ is on the form @jψ, it first follows that
@i@jψ ∈ S =⇒ @jψ ∈ S =⇒ M, [j] |=ν ψ =⇒ M, [i] |=ν @jψ,
using lemma 4 on (@) and the induction hypothesis. If @i¬@jψ ∈ S it follows from lemma 4 and (¬@)that @j¬ψ ∈ S, which further by the induction hypothesis implies that M, [j] 6|=ν ψ. But then
M, [i] 6|=ν @jψ.
Finally assume that ϕ is ↓v.ψ. Then @i↓v.ψ ∈ S implies that @iψ[i/v] ∈ S by lemma 4 and (↓),which further by the induction hypothesis implies that M, [i] |=ν ψ[i/v]. But from this follows thatM, [i] |=ν′ ψ, where ν′ is a v-variant of ν such that ν′(v) = (i)M,ν
[i] = `(i) = [i]. Finally this impliesthat M, [i] |=ν↓v.ψ. Now assume that @i¬ ↓v.ψ ∈ S. Then from lemma 4 and (¬ ↓) it follows that@i¬ψ[i/v] ∈ S and further by induction that M, [i] 6|=ν ψ[i/v]. As before it follows that M, [i] 6|=ν′ ψ,whenever ν′ is a v-variant of ν such that ν′(v) = (i)M,ν
[i] = [i], and thus that M, [i] 6|=ν↓v.ψ. �
Before ending this section a remark is in its place. If one is interested in a first-order hybrid languagejust containing nominals and satisfaction operators (on both formulas and terms) and not the down-arrow binder, one can simply remove the rules (↓) and (¬ ↓) from the tableau system without destroyingthe completeness proof. Thus getting a sound and complete tableau system for the weaker language. Inthe next section we will see that if one is interested in a more expressive language than FHL a tableausystem for such a language is easily obtainable.
4. Adding the universal modality
Even though the language FHL is very expressive, there are things it cannot express. However it iseasy to extend the language even further by adding the universal modality E to FHL. Let FHLU bethe language obtained by adding the unary operator E to the language of FHL. Terms are as before andthe definition of formulas is extended with the clause that if ϕ is a formula then Eϕ is also a formula.The semantics for Eϕ is given by
M, w |=ν Eϕ iff there is a w′ ∈W s.t. M, w′ |=ν ϕ .
The dual operator A to E is defined by
Aϕdf= ¬E¬ϕ.
A tableau system for FHLU is obtained by adding the rules of figure 2 to the tableau system of FHL.The soundness of the new tableau system is trivial. For the completeness proof we first add the notionof a set of @-formulas being E-complete if;
@iEϕ ∈ S =⇒ @jϕ ∈ S, for some nominal j.
To lemma 3 we add the further conclusion that S′ can assumed to be E-complete. In the proof of thelemma we then need to add a new clause in the construction of Sn+1, namely that:
Sn+1 = Sn ∪ {@inϕn,@jψ}, if ϕn is of the form Eψ, j is a new nominal not occurringin Sn or @in
ϕn, and the set Sn ∪ {@inϕn} is consistent.
39
E rules:
@iEϕ(E)1
@jϕ
@i¬Eϕ(¬E)2
@j¬ϕ
1 The nominal j is new to the branch. 2 Where j is any nominal.
Figure 2. The extra tableau rules for FHLU.
The rest of the proof of lemma 3 goes through as before. In the proof of the truth lemma we also needto add the case where ϕ is Eψ: Assume that ϕ is on the form Eψ. Then if @iEψ ∈ S, @jψ ∈ S forsome nominal j, by the E-completeness of S. But then by the induction hypothesis M, [j] |=ν ψ and itfollows that M, [i] |=ν Eψ. Assume now that @i¬Eψ ∈ S. Now if M, [i] |=ν Eψ then there is a nominalj such that M, [j] |=ν ψ. On the other hand it follows from lemma 4 and (¬E) that @j¬ψ ∈ S. But bythe induction hypothesis this implies that M, [j] 6|=ν ψ, which is a contradiction and thus M, [i] 6|=ν Eψmust be the case. The rest of the completeness proof goes through as before. Thus a sound and completetableau system for FHLU has been presented.
5. Concluding remarks and further perspectives
This paper contains a fully internalized tableau system for a first-order hybrid logic that is bothsound and complete. The language presented (FHL) contains nominals, a down-arrow binder as well assatisfaction operators on both formulas and terms. The notions of terms are as general as in classicalfirst-order logic. Furthermore the tableau system it made to deal with varying domains. It turns out thattableau systems for FHL behave nicely, even when dealing with varying domain semantics. In [9] thisrequires an amount of meta notions, such as prefixes, parameters associated with prefixes, and groundingof terms. This is completely internalised in the tableau system for FHL. The only thing that might notlook that nice for this tableau system is all the term rules needed. However it might be possible to findsimpler rules.
Moreover as in [2] and [6] it would be interesting to see how automatic completeness proofs looksin the case of the presented tableau system. Besides automatic completeness results for different frameconditions given by pure formulas, first-order hybrid logic also allows for automatic completeness resultsfor different domain conditions as discussed in for instance [2].
References
[1] Carlos Areces, Patrick Blackburn, and Maarten Marx, Repairing the interpolation theorem in quantified modal logic.Annals of Pure and Applied Logic 124: 287-299, 2003.
[2] Patrick Blackburn and Balder ten Cate. Pure Extensions, Proof Rules, and Hybrid Axiomatics. Studia Logica 84:
277-322, 2006.[3] Patrick Blackburn and Maarten Marx. Quantified Hybrid Logic and Natural Language. R. van Rooy and M. Stokhof
(eds.), Proceedings of the Thirteenth Amsterdam Colloquium, December 17-19, ILLC Amsterdam, 2001, pages 43-48,2001.
[4] Patrick Blackburn and Maarten Marx. Tableaux for Quantified Hybrid Logic. In U. Egly and C. Fernmller (eds.),
Automated Reasoning with Analytic Tableaux and Related Methods, International Conference, TABLEAUX 2002,Copenhagen Denmark, July/August, Proceedings, pages 38-52, 2002.
[5] Patrick Blackburn, Johan van Benthem, and Frank Wolter (eds.). Handbook of Modal Logic. Elsevier, Amsterdam,
2007.[6] Torben Brauner. Natural deduction for first-order hybrid. Journal of Logic, Language and Information 14: 173-198,
2005.
[7] Torben Brauner and Silcio Ghilardi. First-Order Modal Logic. Chapter 9 in [5].[8] M. J. Cresswell. Entities and Indices. Kluwer Academic Publishers, 1990.
[9] Melvin C. Fitting and Richard Mendelsohn. First-Order Modal Logic. Kluwer Academic Publishers, 1998.
[10] Melvin C. Fitting. Modal Proof Theory. Chapter 2 in [5].[11] Kai Frederick Wehmeier. World travelling and mood swings. In B. Lwe, W.Malzornm T. Rsch, (eds.), Foundations of
the Formal Sciences II, Klwer Academic Publishers, Dordecht, pages 257-260, 2003.
40
Topological Semantics and Decidability
Dmitry Sustretov∗
Abstract
It is well-known that the basic modal logic of all topological spaces is S4.However, the structure of basic hybrid logics of classes of spaces satisfying variousseparation axioms was until present unclear. We give a direct proof of that modallogics of T0, T1 and T2 topological spaces coincide and are S4. We also examinebasic hybrid logics of these classes and prove their decidability; as part of this,we find out that the hybrid logics of T1 and T2 spaces coincide. Finally, we provethat logics of T0 and T1 spaces are PSPACE-complete.
1 Basic definitions
In this paper we are going to study modal logics that arise as sets of all formulas validon certain classes of topological spaces. Thus the first definition in this paper is boundto be about how the modal formulas are interpreted on topological spaces (topologicalsemantics was first introduced by Tarski [4]).
Definition 1 (Topological semantics). A topological space is a pair (T, τ) whereτ ⊆ P(T ) such that ∅, T ∈ τ and τ is closed under finite intersections and arbitraryunions. Elements of τ are called opens, an open containing a point x is called aneighborhood of the point x.
A topological model M is a tuple (T, τ, V ) where (T, τ) is a topological space andthe valuation V : Prop → P(T ) sends propositional letters to subsets of T .
Truth of a formula φ (of the basic modal language) at a point w in a topologicalmodel M (denoted by M, w |= φ) is defined inductively:
M, w |= p iff x ∈ V (p)M, w |= φ ∧ ψ iff M, w |= φ and M, w |= ψM, w |= ¬φ iff M, w 2 φM, w |= 2φ iff ∃O ∈ τ such that w ∈ O and ∀v ∈ O.(M, v |= φ)
The basic modal language can be extended with nominals and @ operator (in this casewe call it H(@)) and universal modality A (we denote the dual modality E and callthe language H(E)). Nominals are a special kind of propositional letters: it is requiredthat their valuation is a singleton set. The semantics of @ and E is given below:
M, w |= @iϕ iff ∃vM, v |= i and M, v |= ϕ(where i is a nominal)
M, w |= Eϕ iff ∃vM, v |= ϕ
Relational and topological semantics are not completely unrelated; it is possibleto transform certain topological spaces into frames and vice versa in a satisfiability-preserving fashion.
∗INRIA-Loria, Universite Henri Poincare, Nancy, France, e-mail: [email protected]
41
Proposition 1. A topological space is called Alexandroff if every point of that spacehas a minimal neighborhood.
For any Alexandroff space (T, τ) there exists a binary relation R such that for anyvaluation V and for any formula ϕ ∈ H(E), (T,R, V ), w |= ϕ iff (T, τ, V ), w |= ϕ.
For any transitive reflexive frame (W,R) there exists a topology τ on W suchthat for any valuation V and for any formula ϕ ∈ H(E), (W,R, V ), w |= ϕ iff(W, τ, V ), w |= ϕ.
Proof. See [5], section 2.4.
Definition 2 (Topobisimulation). Let (T, τ, V ) and (S, σ,W ) be two topological mod-els and consider a relation R ⊆ T × S. Denote
R(X) = {y | ∃x ∈ X, (x, y) ∈ R}R−1(Y ) = {x | ∃y ∈ Y, (x, y) ∈ R}
for any subset X ⊆ T , Y ⊆ S.The relation R is called a topobisimulation if
Prop if Rxy then for all p ∈ Prop, (T, τ, V ), x |= p iff (S, σ,W ), y |= p
Zig for any O ∈ τ , R(O) ∈ σ
Zag for any U ∈ σ, R−1(U) ∈ τ
A bisimulation is called total iff for any x ∈ T there is y ∈ S such that Rxy andfor any y ∈ S there is x ∈ T such that Rxy.
A bisimulation is called hybrid if additionally for any nominal i if x ∈ V (i) andy ∈W (i) then Rxy.
A map is called interior if it is open and continuous. Clearly, the graph of aninterior map satisfies Zig and Zag conditions.
In topological semantics just like in the relational semantics, two points connectedby a topobisimulation satisfy the same formulas (if the topobisimulation is total, thisis true for the formulas with universal modality). See [5] for the proofs.
It is well-known that the (basic modal) logic of all topological spaces is S4. Inwhat follows, we are going to deal with three classes of topological spaces, defined bythe so-called separation axioms.
Definition 3 (Separation axioms).
T0 for any two distinct points x, y there is either an open neighborhood of x thatdoes not contain y, or an open neighborhood of y that does not contain x.
T1 any singleton set is closed.
T2 any two distinct points x, y can be separated by two open neighborhoods, i.e.there exist Ox 3 x,Oy 3 y such that Ox ∩Oy = ∅.
There are necessary and sufficient conditions (given in [2]) of whether a class ofspaces is definable in H(@) (and H(E)). Thus, axioms T0 and T1 are definable inH(@), the formulas are, respectively, @i¬j → (@i2¬j ∨@j2¬i) and 3i→ i. On theother hand, [2] show that T2 is not definable even in H(E). The basic modal languageis even less expressible: none of the separation axioms is definable in it. Nonetheless,although we know the boundaries of expressivity of modal and hybrid languages, weknow very little about the structure of the logics. Are the logics of separation axiomsdistinct? Are they decidable? If yes, what is the complexity? In this paper we willaddress all those questions.
42
2 Decidability
In this section we will denote by Log(K) a set of formulas in the hybrid language H(E)(with nominals, @ and universal modality) which are valid on all topological spaces inthe class K.
In the subsequent subsections we will prove decidability of logics of different separa-tion axioms. Our main tool will be the notion of topological filtration, which allows topresent the information relevant for the satisfiability of a formula in a finite structure.
Definition 4 (Topological filtration). Let Σ be a subformula-closed set of formulasand M = (T, τ, V ) be a topological model. Define an equivalence relation !Σ on Tas follows:
w !Σ v iff ∀ϕ ∈ Σ M, w |= ϕ iff M, v |= ϕ
A filtration of M through Σ is a model N = (S, σ,W ), defined as follows. LetS = T/ !Σ and let us denote by [s] an equivalence class of !Σ with a representatives. For a formula ϕ ∈ Σ define
[[ϕ]]N = {[x] |M,x |= ϕ}
and W (p) = [[p]]N. This is well-defined, because points from the same equivalence classsatisfy the same formulas from Σ.
Let π be a natural projection map t 7→ [t]. Define σ to be the finest topology thatmakes π continuous (that is, σ is the quotient topology).
Note that if Σ = Cl(ϕ) (all subformulas of a single formula ϕ), then any filtrationby Σ is finite (there is only finite number of subsets of Cl(ϕ)).
2.1 T1 spaces
The logic of T1 spaces does not have a finite model property with respect to the classof T1 spaces: for example, the formula i→ 2i can only be falsified on an infinite modelwith T1 topology. In order to prove decidability of Log(T1) we will introduce a class offinite topological models and prove that T1 has the finite model property with respectto that class. Then we will show that for any formula the number of possible modelsfrom that class is bounded and that will imply decidability.
In fact, decidability of Log(T1) follows from the decidability of the logic of T1
spaces for H(E) extended with downarrow operator ([2], section 5.4). We can justifyourselves by the fact that the proof presented here provides us with concrete structuresthat represent what T1 spaces are “from the point of view of hybrid logic” and thatwill help us later to prove complexity results.
Definition 5 (Finite representation of a T1 model). A T1 model is called finitelyrepresentable if it is topobisimilar to a finite topological model. A finite topologicalmodel where the complement of any point named by a nominal is open is called finiterepresentation of a T1 model (we will say simply finite representation, when there isno confusion).
Theorem 2. A formula ϕ has a T1 model iff it has a finitely representable T1 model.
Proof. The left-to-right direction is proved using filtrations. Indeed, a filtration of anyT1 space is a finite representation of a T1 model, as follows from the fact known fromgeneral topology (see [1]) that the natural projection is open. Then it is left to applythe standard argument that filtration preserves satisfiability of all subformulas of ϕ.
To prove right-to-left direction we will construct a T1 model M = (S, σ,W ) suchthat the given finite representation (T, τ, V ) is an interior image of M.
43
We identify T with the set of natural numbers {1, . . . , n}. Suppose there are mpoints t1, . . . , tm ∈ T named by a nominal. If m = n then every point is named bya nominal and should be represented by a singleton in M. In this case the modelconstruction process described below will produce a model with a finite discrete sub-model.
Let the support of M be N, the set of natural numbers. Denote Xi = {k} fori = tk, 1 ≤ k ≤ m and let Xi for i ∈ T −{t1, . . . , tm} form a partition of N−{1, . . . ,m}such that every Xi is an infinite coinfinite set. Let σ0 be a collection of cofinite subsetsof N and for any subset O ⊆ T denote
O =⋃i∈O
Xi
Note that Xk for m + 1 ≤ k ≤ n are dense in S in the topology σ0. Then definethe topology σ on N to be generated by the following set:
σ0 ∪ {O | O ∈ τ}
The valuation is defined as follows:
W (p) = V (p) for all p ∈ Prop ∪Nom
Define f : S → T to be the map that maps Xk to k for all k ∈ T . We will provethat f is an interior map and that its graph is a total hybrid topobisimulation.
Indeed, take an arbitrary open from σ, it will have the form O ∪ U where O ∈ τand U ∈ σ0. It can be represented as a union ∪k∈O(Xk ∩ U). Here certain Xk-s aredense in S in the topology σ0, in this case Xk ∩ U is non-empty. All the other Xk-sare singletons that correspond to points named by nominals and in that case eitherXk ∩ U is just Xk or the intersection is empty. Denote by F the set of those k-s suchthat Xk has an empty intersection with U . Then f(O∩U) = O\F = O∩(T \F ). Theset T \ F is open, because it is a complement of a set of points named by nominals,hence O \ F is open. We have proved that f is open.
The continuity of f follows easily from its definition and construction of σ: indeed,f−1(O) = O, and if O is open, then O is open too.
It is easy to see that the graph R of f is a topobisimulation: it satisfies the Zigand Zag conditions, because it is a graph of an interior map, it satisfies Prop byconstruction of the valuation on S. It is also total and connects all points named bythe same nominal in two models. In other words R is a total hybrid topobisimulation.
Now, if (T, τ, V ), k |= ϕ then M, v |= ϕ for all v ∈ Xk, which finishes the proof ofthe right-to-left direction.
Note that the size of a filtration through ϕ is bounded by 2|Cl(ϕ)|, hence we havean upper bound on the size of finite representations of T1 models necessary to refutenon-theorems of Log(T1). This allows us to deduce
Theorem 3. Log(T1) is decidable.
2.2 Log(T1) = Log(T2)
We can exploit further the construction of Theorem 2 in order to construct T2 modelsout of T1 finite representations.
Theorem 4. A formula ϕ is satisfiable on a T2 space iff there exists a finite repre-sentation of a T1 model where ϕ is satisfiable.
44
Proof. Since all T2 spaces are T1, the same filtration argument as in Theorem 2 applieshere.
Now suppose we are given a finite representation M = (T, τ, V ) such that ϕ is sat-isfiable on it. Let (S, σ0) be an (n−m)-resolvable T2 space, where n = |T | and m is thenumber of points in the finite representation named by a nominal. Let X ′
1, . . . , X′n−m
be the dense subsets of S which form the partition of S. Let Xn−m+1, . . . , Xn bearbitrary singleton subsets of S. Finally, denote
Xi = X ′i \
n⋃j=n−m+1
Xj , for 1 ≤ i ≤ 1, n−m
Since S is a T1 space, X1, . . . , Xn−m are still dense in S.As usual, denote
O =⋃i∈O
Xi
and consider a new topology σ on S generated by
σ0 ∪ {O | O ∈ τ}
and the valuation
W (p) = V (p) for all p ∈ Prop ∪Nom
It is left to prove that this construction preserves satisfiability of subformulas of ϕ.We use the same argument as in the proof of Theorem 2 here. Indeed, we are in
the same setting: Xk form a partition of S, some of them are singleton sets (namedby nominals), others are dense in T in σ0. Consider the map f : S → T that mapsXk to k for all k ∈ T . It is continuous by its construction: the preimage of an openO is O which is open. It is open, because, like in Theorem 2 the image of any openO ∩ U from σ is O \ F where F is a set of points named by nominals, and since thatT \F is open follows from the definition of a finite representation of the T1 model, weconclude that f maps opens to opens. The graph of f is a hybrid total bisimulation,which means that it preserves satisfiability of H(E) formulas and the statement of thetheorem follows.
Since every T2 space is a T1 space, we get the following corollary
Theorem 5. The logic of T2 spaces coincides with the logic of T1 spaces (and hence,is decidable).
2.3 T0 spaces
In this section we will use a similar technique to prove one more representation/decidabilityresult, this time for T0 spaces.
Proposition 6. An Alexandroff space corresponding to a partial order by the Propo-sition 1 is T0 and the frame that corresponds to a T0 Alexandroff space is a partialorder.
Proof. This is an easy consequence of Proposition 1.
45
By the Proposition above, every T0 validity is a partial order validity. The converseis not true.
Consider the countable topological space (N, σ) with cofinite topology. Constructa topological space (T, τ) as follows: let T = {∗}∪N and τ = {{∗}∪O | O ∈ σ}. Thisis a T0 space. Now, introduce a valuation that names ∗ with a nominal i and considera formula ϕ = 3(¬i ∧ 3i). This formula is satisfied at ∗, but it is not satisfiable onany partial order. Hence Log(T0) is a strict subset of the logic of partial order.
Although the counterexample we have just mentioned tells us that Log(T0) is morecomplicated than the logic of partial orders, it will serve us as the source of ideas onhow one might build a T0 model out of a quasi-model. We will need a different notionof a finite representation of a model than one for T1 and T2 spaces (otherwise Log(T0)would coincide with Log(T1) which is impossible).
Definition 6 (finite representation of a T0 model). A finitely representable T0 modelis a T0 topological model which is topobisimilar to a finite topological model. A finitetopological model is called a finite representation of a T0 model if for every pair ofpoints x, y named by nominals, there exists an open neighborhood Ox of x such thaty /∈ Ox or there exists an open neighborhood Oy of y such that x /∈ Oy (we will saysimply finite representation, when there is no confusion).
Once again we will describe a way to construct a topological space (this time aT1 space) that satisfies a given formula given a finite representation that satisfies thatformula. We will have as a consequence a
Theorem 7. Log(T0) is decidable.
Proof. What we really prove here is that a formula has a T0 model iff it has a finitelyrepresentable T0 model.
A filtration of a T0 space through Cl(ϕ) gives a finite representation of a T0 model,because the natural projection is an open map. This construction preserves satisfia-bility by the same argument, as the one that was mentioned in the previous sections.
The other direction of the proof goes as follows. Consider a finite representationM = (T, τ, V ). We identify T with natural numbers 1, . . . , n and we will use such anumbering that 1, . . . ,m are named by a nominal. We construct a topological model(S, σ,W ) with a support {1, . . . ,m}∪N and topology and valuation defined below. Wewill suppose further that n 6= m since otherwise the finite representation is already areal T0 model that satisfies ϕ.
Partition S into setsX1, . . . , Xn: letXk = {k} for 1 ≤ k ≤ m and letXm+1, . . . , Xn
be the sets of the form {k + j(n−m) | 0 ≤ j <∞} for m+ 1 ≤ k ≤ n}.As usual, denote
O =⋃i∈O
Xi
for O ⊆ T . Define the topology σ to be
{O \ F | O ∈ τ, F ⊆ N finite }
Valuation is also defined in a usual way
W (p) = V (p) for all p ∈ Prop ∪Nom
The model thus constructed is T0. Any point x from N can be separated from anyother point by a set S−{x}. Since two points named by nominal can be separated byan open O in the finite representation, O will separate them in M (that is where weuse the fact that T is a finite representation of a T0 model).
46
Consider the map f : S → T that maps Xk to k for all k ∈ T . This is an interiormap and its graph is a total hybrid topobisimulation.
Indeed, note that X1, . . . , Xn have non-empty intersection with all the sets of theform T \ F , where F ⊂ N is finite. Similarly, any open from σ can be seen as a union∪k∈O(Xk ∩ (T \ F )) for some O ∈ τ and some fixed finite F ⊂ N . Thus the image ofthis set under f will be O, which is open.
The continuity of f follows from its construction and definition of the topologyσ. The remaining conditions that make the graph of f a hybrid bisimulation can bechecked straightforwardly.
Since total hybrid bisimulations preserve satisfiability of H(E) formulas, (S, σ,W )satisfies the same formulas as (T, τ, V ), which finishes the proof of the theorem.
3 Complexity
Now, when we know that Log(T0) and Log(T1) are decidable, it is natural to ask whatthe complexity is. The lower bound follows from the result of Ladner [3] that S4 hasa PSPACE-complete satisfiability problem.
Proposition 8. Log(T0) and Log(T1) have a PSPACE-hard satisfiability problem.
To establish an upper bound we will present a two player game parametrized bya formula where one of the players has a winning strategy iff the formula is satisfiedon a finite representation of a T0 or T1 model (and hence, is satisfiable on a T0 orT1 space). The amount of information on the board at the end of any play will bepolynomial in the length of the formula. Thus, it is possible to build a polynomialspace Turing machine that decides whether the game has a winning strategy by justrepeatedly analyzing all possible plays.
We will present a different notion of a model, equivalent to the notions of finiterepresentation of a T1 (or T0) model.
Definition 7 (Hintikka set). Let Σ be a set of formulas closed under subformulas andsingle negations. A set A ⊆ Σ is called a Hintikka set if it is maximal subset satisfyingthe following conditions:
1. ⊥ /∈ A
2. if ¬ϕ ∈ Σ then ϕ ∈ A iff ¬ϕ /∈ A
3. if ϕ ∧ ψ ∈ Σ then ϕ ∧ ψ ∈ A iff ϕ ∈ A and ψ ∈ A
Definition 8 (Quasi-model). Let ϕ be a formula and Cl(ϕ) be its subformula closure.A tuple (T, τ, λ), where (T, τ) is a finite topological space and λ is a function from Tto Cl(ϕ) is called a quasi-model for ϕ if the following holds:
1. λ(t) is a Hintikka set for any t ∈ T
2. at least for one t ∈ T , ϕ ∈ λ(t)
3. for all 2ψ ∈ Cl(ϕ), 2ψ ∈ λ(t) iff there exists an open O 3 t such that ∀s ∈O ψ ∈ λ(s)
If we impose extra condition on the quasi model, we are then talking about T1 orT0 quasi-models:
(T1 condition for quasi-models) if i ∈ λ(t) where i is a nominal, then T −{t}is open.
47
(T0 condition for quasi-models) for every pair of points x, y named by nomi-nals, there exists an open neighborhood Ox of x such that y /∈ Ox or there existsan open neighborhood Oy of y such that x /∈ Oy.
Lemma 9. This definition is equivalent to the notion of a finite representation of amodel in the following sense: a formula ϕ is satisfied on finite representation of a T1
(T0) model (S, σ,W ) iff there exists a T1 (T0) quasi-model for ϕ.
Proof. To prove the left-to-right direction take a given finite topological space (S, σ,W )and define a mapping λ : S → Cl(ϕ):
λ(x) = {ψ ∈ Cl(ϕ) | (S, σ,W ), x |= ψ}
Then (S, σ, λ) is a quasi-model for ϕ.Right-to-left direction: take (S, σ, λ) and define valuation W :
W (p) = {x ∈ S | p ∈ λ(x)}
Then (S, σ,W ) is a finite representation. One can prove by induction on formulastructure and using condition 3 in the definition 8 that for all formulas ψ ∈ Cl(ϕ),ψ ∈ λ(x) iff (S, σ,W ), x |= ψ.
The winning strategy in the game we are about to describe contains all the neces-sary information to build a quasi-model that satisfies the formula. During each playof the game a piece of model is constructed. Since the quasi-models are a specialkind of finite topological spaces and by Proposition 1, finite topological spaces canbe regarded as relational structures, we will think about the quasi-models as finiterelational structures.
We will prove the upper bound for H(E) outright; it is not much harder than forH(@) and the result is more general. One remark must be made, the quasi-model forH(E) should satisfy one extra condition:
(universal modality condition) if Eϕ ∈ λ(x) then there exists a point y suchthat ϕ ∈ λ(y).
Theorem 10. LogH(E)(T0) is PSPACE-complete.
Proof. For the purposes of this proof we will consider 3 as a primitive operator and 2ϕas on abbreviation of ¬3¬ϕ. Every subformula of the form @iϕ can be equivalentlyreplaced by E(i ∧ ϕ) so we do not consider @ either.
Here is the description of the game for a formula ϕ. There are two players: ∀belard(male) and ∃loise (female). ∃loise plays by putting Hintikka sets on the board anddefining a transitive reflexive relation R on them; ∀belard introduces challenges thatshe must meet. She starts the game by putting a set {X0, . . . , Xk} on the board andintroducing a relation R on them (it will be updated after each move). The sets andthe relation must satisfy the following conditions:
(root) X0 contains ϕ, k ≤ |Cl(ϕ)|,(init-nom) no nominal occurs in two different Hintikka sets,(init-diamond) for all 3χ ∈ Cl(ϕ), if RXlXj and 3χ /∈ Xl then 3χ /∈ Xj
and χ /∈ Xj ,(init-univ) for all Xl and for all Eχ ∈ Cl(ϕ), Eχ ∈ Xl iff χ ∈ Xj for
some j,(init-cycles) R has no cycles.
If the conditions do not hold, ∃loise looses immediately. ∀belard ’s turn consists ofselecting a Hintikka set Xl and picking a formula 3ψ out of it. ∃loise must meet the
48
challenge by putting a Hintikka set Y on the board, such that the following conditionshold:
(diamond) ψ ∈ Y , RXlY and for all 3χ ∈ Cl(ϕ), if 3χ /∈ Xl then 3χ /∈ Yand χ /∈ Y ,
(univ) for all Xl and for all Eχ ∈ Cl(ϕ), Eχ ∈ Xl iff χ ∈ Xj for some j,(nom) if i ∈ Y for some nominal i then Y is one of the Hintikka sets
∃loise played during the first move. If this is the case, the gamestops and she wins (unless the next rule is violated, in which caseshe loses),
(cycles) R does not have cycles that involve Hintikka sets that containnominals.
If ∃loise cannot find a Y that satisfies those conditions, then the game stops and∀belard wins. Otherwise, ∀belard must choose a formula of the form 3ψ from the lastplayed set (that is, Y ) and the game continues in a similar way. If ∃loise manages tomeet all ∀belard ’s challenges and if he has no more challenges to present, she wins.This does not guarantee that the game will stop at some point, so we introduce an extrarule. A list of formulas played by ∀belard is kept, if he plays a formula the second time,∃loise must respond with the same Hintikka set as she did when he played the formulafor the first time. If her set satisfies the conditions from the previous paragraph, ∃loisewins; otherwise, she loses. In any case, the game stops immediately.
We will now prove that ∃loise has a winning strategy in the game iff a formula ϕhas a quasi-model.
(left-to-right direction) Suppose that ∃loise has a winning strategy in the game.We build a quasi-model (S, σ, λ) for ϕ as follows. Let S0 be the Hintikka sets played atthe first move — {X0, . . . , Xk}. Define sets {Si} by induction; suppose Si is defined,then Si+1 is a copy of the Hintikka sets played by ∃loise in reply to ∀belard moveswhen he picks sets form Si (with an exception: we do not copy sets from the initialmove when ∃loise plays them further in the game). Let S be the disjoint union ofSi. Set Rxy iff for all formulas 3ψ ∈ Cl(ϕ), 3ψ /∈ x implies 3ψ /∈ y and ψ /∈ y.Note that R thus defined coincides with R defined throughout the game. Note alsothat R is reflexive, transitive and contains no cycles that involve Hintikka sets namedby nominals. Let σ consist of all upward closed sets (as in Proposition 1) and putλ(x) = x. The topology thus defined satisfies the T0 condition for quasi-models (if itdid not then R would contain cycles with points named by nominals). The universalmodality condition for quasi-models is taken care of by the rules of the game: namely,by conditions (init-univ) and (univ).
It is left to prove that condition 3 in the Definition 3 is satisfied. Suppose that2ψ = ¬3¬ψ ∈ Cl(ϕ) and 2ψ ∈ λ(t), then 3¬ψ /∈ λ(t). Then the conditions (init-diamond) and (diamond) guarantee that for all s in the minimal upward closed setO 3 t, 3¬ψ /∈ λ(s) hence 2ψ = ¬3¬ψ ∈ λ(s). By definition of σ, O is open.
Suppose now that t ∈ O, ∀s ∈ O ψ ∈ λ(s) where O is open, or upward closed set.We need to prove that 3¬ψ /∈ λ(t). We will prove it by contradiction: if 3¬ψ ∈ λ(t)then once ∀belard chooses this formula, ∃loise must respond with one of the Hintikkasets from O, but if she does that she breaks (diamond) (because ¬ψ /∈ s for all s ∈ O)and loses. Hence, 3¬ψ /∈ λ(t).
We have built a quasi-model from a winning strategy of ∃loise .(right-to-left direction) Let us prove that ∃loise can read her winning strategy
off a quasi-model (S, σ, λ) for ϕ. Let R be the relation of the corresponding relationalstructure obtained by the Proposition 1.
During her first move ∃loise picks a point t such that ϕ ∈ λ(t), for each nominalcontained in ϕ she picks a point named by that nominal, and for each subformula ofϕ of the form Eψ she picks a point t such that ψ ∈ λ(t). This move complies with therequired conditions.
49
Next, when ∀belard chooses a point X and a formula 3ψ, ∃loise responds with amaximal (with respect to the relation R understood as order relation) successor Y ofX such that Y contains ψ. Obviously this complies with (diamond), (univ), (nom)and (cycles) rules. It is always possible to find a maximal successor because quasi-models are finite. ∃loise needs to adopt this strategy to be able to successfully answerwith the same Hintikka set when ∀belard will pick formula 3ψ again. For suppose∃loise played Y in response for ∀belard ’s challenge 3ψ from X and suppose that later∀belard picks the same formula 3ψ from a set Z, which is a successor of X. SinceRXZ any successor of Z containing ψ will be a maximal successor of X containing ψ.So Y is among successors of Z and can be played again to fulfill the rules of the game.
Theorem 11. LogH(E)(T0) is PSPACE-complete.
Proof. The game for T1 is the game for T0 with the following modifications. (init-cycles) and (cycles) conditions are replaced with
(no-incoming) points named by nominals have no incoming arcs
and (nom) is dropped (it is has no effect because of (no-incoming).We only have to prove that this new rule really correspond to T1 quasi-models, the
rest is taken care of in the proof for the T0 case.Indeed, in the model that we build out of the ∃loise ’s winning strategy no Hintikka
set that contains a nominal has an incoming arc (because of the (no-incoming) rule.Then a complement of any such point is a union of upward closed sets, hence open.
The converse is also true: in the relational counterpart of any T1 quasi-modelno nominal-named point has an incoming arc, because otherwise the complement ofthe point would not be open. Thus, when we build ∃loise ’s strategy based on a T1
quasi-model, we will never break (no-incoming) rule.
References
[1] Nicolas Bourbaki, Elements of mathematics; 3. General topology, Hermann, Paris,1966.
[2] D. Gabelaia, B. ten Cate, and D. Sustretov, Modal languages for topology: Expres-sivity and definability, submitted to Annals of Pure and Applied Logic, preprintavailable at http://www.arxiv.org/abs/math.LO/0610357.
[3] R. Ladner, The computational complexity of provability in systems of modal logic,SIAM Journal of Computing 6 (1977), 467–480.
[4] A. Tarski, Der Aussagenkalkul und die Topologie, Fundamenta Mathematicae 31(1938), 103–134.
[5] J. van Benthem, G. Bezhanishvili, B. ten Cate, and D. Sarenac, Multimodal logicsof products of topologies, Studia Logica (2006), 369–392.
50
Hybrid Branching-Time Logics
Volker Weber
Fachbereich Informatik, Universitat Dortmund, [email protected]
Abstract
We introduce hybrid branching-time logics as extensions of CT L-like logics with hybrid machinerysuch as the downarrow-operator. Following recent work in the linear framework, we restrict to logicswith only a single variable. We investigate the expressiveness of the resulting logics and prove theirsatisfiability problems to be 2EXPTIME-complete.
The complexity gap relative to CT L is explained by a corresponding succinctness result. To provethe upper bound, the automata-theoretic approach to branching-time logics is extended to match hy-brid logics, showing that non-emptiness of alternating one-pebble Buchi tree automata is 2EXPTIME-complete.
1 Introduction
Hybrid logics are extensions of modal logic that allow to refer to individual states of a model. They aim atextending the expressive power of modal logics, without losing their nice properties such as decidability.Hybrid logics have been researched quite intensively during the last years. Their applications range fromverification to reasoning about semistructured data [11]. See [4] for a recent survey and an introductionto hybrid logic.
On the technical side, the aims of hybrid logic can be achieved by adding nominals and state variables,corresponding to the first-order concepts of constants and variables. Nominals are an additional kind ofatomic symbols which are true in exactly one state in a model, and therefore name this state. Nominals arefixed with the model, whereas the assignment of states to state variables can be changed by quantification.To preserve the local perspective of modal logic, the quantifier considered the most is the downarrow-operator (denoted ↓), first introduced in [13], which binds a state variable to the current state.
Satisfiability of hybrid ↓-languages is undecidable with respect to arbitrary Kripke-structures [2] andonly non-elementarily decidable if the class of models is restricted to trees [20] or linear structures [12],i.e., to those models important in verification. These results initiated research on decidable fragments andfragments of lower complexity [24, 22].
In [22], Schwentick and W. considered bounded-variable fragments of hybrid ↓-languages in the linearframework. While complexity of the two-variable fragment is already as bad as for the unbounded lan-guage, satisfiability of the one-variable fragment is EXPSPACE-complete. Furthermore, the one-variablefragment has the full expressive power of first-order logic.
The aim of this paper is to extend this successful approach to the branching-time framework. While thelogic of [22] could also be interpreted over trees, we believe that hybrid extensions of classical branching-time logics like CT L are a more convenient formalism to reason about trees.
Our main result is that satisfiability for the one-variable-fragment of hybrid CT L+Past is 2EXPTIME-complete. The lower bound is already achieved for the logic containing only the next X and future Fmodalities and is explained by a corresponding succinctness result. The upper bound is by a reduction tonon-emptiness of alternating one-pebble Buchi tree automata, a problem that we prove to be 2EXPTIME-complete as well. Furthermore, we study the expressive power of hybrid branching-time logics and showthat the one-variable-fragment of hybrid CT L is strictly more expressive than CT L.
Section 2 gives the basic notions of branching-time logics and introduces their hybrid extension. Italso contains the definition of alternating one-pebble Buchi tree automata. Section 3 is concerned withthe expressive power of hybrid branching-time logics, which are compared with classical branching-timelogics and logics with the N-operator (“from now on”) introduced in [18]. The results on complexity ofsatisfiability and succinctness can be found in Section 4, those on tree automata in Section 5. We givesome directions for further research in Section 6.
51
2 Preliminaries
The basic definitions of branching-time logics and Buchi tree automata are presented in this section. Asboth formalism are defined with respect to infinite trees, we start by defining these structures.
Let D={1,. . . ,k} be a finite set of directions for some k ∈ N. An infinite D-tree is a prefix-closed setT ⊆ D∗, i.e., whenever x · c ∈ T where x ∈ D∗ and c ∈ D, then also x ∈ T . The empty string ε is theroot of T and for all c ∈ D, x · c is called a child of the node x. A path π in T is a prefix-closed minimalset π ⊆ T , such that for every x ∈ π, there is a unique c ∈ D with x · c ∈ π. We use “≤” to denotethe descendant-relation on T , i.e., x < y if and only if y is a strict descendant of x. Note that this orderis partial as nodes in different branches are incomparable. The branching degree d(x) is the number ofchildren of a node x. We only consider k-ary trees, where d(x) = k for every node x, and refer to them astrees in the following.
A labeled tree over a finite alphabet Σ is a pair (T, V ) where T is a tree and V : T → Σ assigns asymbol from Σ to every node of T . We are mainly interested in the case in which Σ = 2PROP for some setPROP of propositions. Such trees, usually referred to as computation trees, result for example from theunwinding of Kripke structures (see, e.g., [16]). In the following, we identify (T, V ) with T .
2.1 Branching-Time Logics
We briefly recall the basic notions of branching-time logic, starting from PCT L [15, 18], the extension ofCT L with past modalities Y for “previous” and S for “since”.
PCT L-formulas are defined by the following grammar:
ϕ ::= p | ¬ϕ | ϕ ∧ ϕ | EXϕ | EϕUϕ | AϕUϕ | Yϕ | ϕSϕ
where p ∈ PROP. We use the usual abbreviations ⊤, ⊥, ϕ ∨ ϕ, ϕ→ ϕ, and
EFϕ := E⊤Uϕ EGϕ := ¬AF¬ϕ AXϕ := ¬EX¬ϕAFϕ := A⊤Uϕ AGϕ := ¬EF¬ϕ Pϕ := ⊤Sϕ
The semantics of PCT L-formulas are defined with respect to a computation tree T and a node n of T :
• T, n |= p iff p ∈ V (n)• T, n |= ¬ϕ iff T, n 6|= ϕ
• T, n |= ϕ ∧ ψ iff T, n |= ϕ and T, n |= ψ
• T, n |= EXϕ iff there exists a c ∈ D, such that T, n · c |= ϕ
• T, n |= EϕUψ iff there exists a path π with n ∈ π, such there is a descendant n′ ∈ π of n withT, n′ |= ψ and for all nodes x ∈ π with n ≤ x < n′, we have T, x |= ϕ
• T, n |= AϕUψ iff for all paths π with n ∈ π, there is a descendant n′ ∈ π of n with T, n′ |= ψ andfor all nodes x ∈ π with n ≤ x < n′, we have T, x |= ϕ
• T, n |= Yϕ iff T, n′ |= ϕ with n = n′ · c for some c ∈ D• T, n |= ϕSψ iff there exists an ancestor n′ of n, such that T, n′ |= ψ and for all nodes x withn′ < x ≤ n, we have T, x |= ϕ
Two formulas ϕ and ψ are equivalent, if T, ε |= ϕ ⇐⇒ T, ε |= ψ for all computation trees T , i.e., weonly consider initial equivalence as we want to compare the expressive power of logics with and withoutpast modalities (cf. [18]).
We consider several fragments of PCT L and denote them by B(C), where C is the set of temporaloperators allowed. To give some examples:
• B(X,F) is the logic UB of [5],• B(X,U) is the well known logic CT L [7], and• B(X,U,Y,S) is PCT L.
In all these logics, future temporal operators occur only immediately in the scope of the path quantifiers Eand A. Opposed to this, the branching time logic CT L∗ from [9] allows Boolean combinations and nestingof these operators.
52
2.2 Hybrid Branching-Time Logics
We extend branching-time logics with hybrid machinery along the lines of [22]. I.e., we use only one statevariable x. Furthermore, we consider only a single nominal root.
Definition 2.1 Let B(C) be a branching-time logic with C ⊆ {X,F,U,Y,P,S}. The formulas of thecorresponding hybrid branching-time logic HB(C) are those of B(C) and
↓x.ϕ | x | @xϕ | root | @rootϕ,
where ϕ is a HB(C)-formula and x is the only state variable.The semantics of hybrid branching-time formulas is defined with respect to a computation tree T and
two nodes n,m of T , where n is the current node and m is the node assigned to the state variable x:
T, n,m |=↓x.ϕ iff T, n, n |= ϕ T, n,m |= x iff n = m
T, n,m |= @xϕ iff T,m,m |= ϕ T, n,m |= root iff n = ε
T, n,m |= @rootϕ iff T, ε,m |= ϕ
and the semantics of classical branching-time logic are extended in the obvious way, i.e., the state variableis not affected.
A formula ϕ is called satisfiable if there is a computation tree T and nodes n,m such that T, n,m |= ϕ.
Remark 2.2 (Using hybrid machinery) We give two examples on how hybrid branching-time logicswork. The reader will find both patterns again in the proofs given in this paper.
Hybrid branching-time logics can reason about the past without using past modalities. The pastformula Pϕ for example, can be expressed as ↓x.@rootEF(EFx ∧ ϕ). This illustrates how a finite prefixof a path can be fixed.
Moreover, we can easily compare two states. The property that there are two different nodes in a treethat agree on p1, . . . , pn can be expressed as EF(↓x.@rootEF(¬x ∧
∧ni=1 pi ↔ @xpi)).
Remark 2.3 (Bisimulations) Bisimulation equivalence is not respected by hybrid branching-time logics:We can distinguish two isomorphic subtrees by naming the root of one of those subtrees. But they respecthybrid one-bisimulations defined in [3] and successfully applied in [22] in the linear framework.
2.3 Tree Automata
The following basic notions about Buchi automata on infinite trees are based on the definitions in [26] and[27]. For a more general introduction to automata on infinite trees, we refer to [25].
A non-deterministic Buchi tree automaton A is a tuple (Q,Σ, q0, δ, F ), where Q is a finite set of states,Σ is a finite alphabet, q0 ∈ Q is the initial state, F ⊆ Q is a set of final states, and δ : Q × Σ → 2Qk
is a transition function. Whenever A is in state q at a node x, it non-deterministically chooses a k-tuple(q1, . . . , qk) of states from δ(q, V (x)) and moves to node x · i in state qi for each i = 1, . . . , k.
A run r of A on a Σ-labeled tree (T, V ) is a Q-labeled tree (T, V ′), such that the root is labeled by theinitial state and the transition rules are respected, i.e., if a node x is labeled q and its children are labeledq1, . . . , qk, then (q1, . . . , qk) ∈ δ(q, V (x)). A run r is accepting if lim(π) ∩ F 6= ∅ for every infinite path π
of r, where lim(π) is the set of states occurring infinitely on π. A labeled tree (T, V ) is accepted by A ifthere is an accepting run of A on (T, V ). The language L(A) of A is the set of trees accepted by A.
Proposition 2.4 ([21]) Non-emptiness of non-deterministic Buchi tree automata is decidable in quadratictime.
Alternating one-pebble Buchi tree automata generalize this concept in three ways. First, they aretwo-way automata, i.e., they can also move upward in the tree. Additionally, they can drop a pebble ata position in the tree and lift the pebble again if they are at the position where the pebble was placed.In other words, these automata can mark a position to find it again after moving away. Finally, theycan universally and existentially branch into several independent sub-computations. More formally, analternating one-pebble Buchi tree automaton is a tuple A = (Q,Σ, q0, δ, F ), such that Q is a finite set ofstates, Σ is a finite alphabet, q0 ∈ Q is the initial state, F ⊆ Q is the set of accepting states, and
δ : Q× Σ → (Q× {drop,lift}) ∪ B+([k]×Q)
53
is a transition function.In this definition, we use [k] := {−1, 0, 1, . . . , k} to give the direction of a move of the automaton
and B+(X) to denote the set of positive Boolean formulas over X, i.e., formulas built from X by ∧ and∨ including ⊤ and ⊥. Note that such an automaton can send several subcomputations into the samedirection, but does not need to go into every direction.
A configuration (q, x, y) ∈ Q × D∗ × (D∗ ∪ {⊥}) of A consists of a state, the current position in thetree, and the position of the pebble, where “⊥” means that the pebble is not placed.
A run r of A on an infinite labeled k-ary tree (T, V ) is a possibly infinite tree (T ′, V ′) whose nodes arelabeled by configurations of A. This tree must be compatible with the transition function. For example,for every node v ∈ T ′ labeled by a state (q, x · c, y),
• if δ(q, V (x · c)) = (q′,drop) and y = ⊥, then v has a child labeled with (q, x · c, x · c), otherwise, i.e.if y 6= ⊥, the transition cannot be applied;
• if δ(q, V (x · c)) = (q′, lift), then v has a child (q′, x · c,⊥) if x · c = y, otherwise the transition cannotbe applied;
• if δ(q, V (x · c)) = (1, q′) ∧ (−1, q′′), v has children labeled by (q′, x · c · 1, y) and (q′′, x, y);• if δ(q, V (x·c)) = (0, q′)∨(2, q′′), then v has a child labeled by (q′, x·c, y) or a child labeled (q′′, x·c·2, y).
A run is accepting if every infinite path contains infinitely many configurations with states from F . Ac-ceptance of A is defined as usual.
3 Expressiveness
We examine the expressive power of hybrid branching-time logics. By Remark 2.3, these logics are strictlymore expressive than their classical counterparts. We give two examples where hybrid machinery is usedto cover even more expressive classical branching-time logics. These results are in contrast to [22], whereit was shown that the hybrid version of LT L is expressively equivalent to LT L. Thereafter, we comparebranching-time logics with the N-operator to hybrid branching-time logics.
3.1 Capturing Classical Branching-Time Logics
Adding hybrid machinery to B(X,F) results in a strictly more expressive logic.
Theorem 3.1 HB(X,F) is strictly more expressive than B(X,F).
Proof. It is known from [18] that the extension of B(X,F) with one of the past modalities S or Y isstrictly more expressive than B(X,F). We show that both S and Y can be expressed in HB(X,F).
For the Y modality, the idea is to fix the current state by naming it x and then to jump to the rootand move forward to the state where EXx holds. This state is the unique predecessor of the state namedx. If the latter state is already the root, no predecessor exists and the following formula evaluates to false.
Yϕ ≡↓x.@rootEF((EXx) ∧ ϕ)
The Since-modality can be replaced in a similar way:
ϕSψ ≡↓x.@rootEF(EFx ∧ ψ ∧ (x ∨EX(EFx ∧AG(EFx→ ϕ)))),
but we have to distinguish whether ψ holds at the current or at some previous state.
Note that both formulas presented in the previous proof are of linear size in the length of the past-formulas. Thus, we obtain the following intensification of Theorem 3.1.
Corollary 3.2 There is a linear translation from B(X,F,Y,S) to HB(X,F).
This shows that every hybrid branching-time logic containing X and F can refer to the past. Inparticular, the hybrid version of CT L captures the extension of CT L with past modalities, which is knownto be strictly more expressive than the pure future logic [18].
Corollary 3.3 For every PCT L-formula ϕ, there is an equivalent HB(X,U)-formula ψ of size O(|ϕ|).
54
As hybrid branching-time logics do not respect bisimulation-equivalence, this inclusion is strict.
Theorem 3.4 HB(X,U), the hybrid version of CT L, is strictly more expressive than PCT L.
The last argument even shows that there cannot be a translation from hybrid branching-time logicsinto PCT L∗, since the latter can express only bisimulation-invariant properties.1
On the other hand, we conjecture that it is not possible to express the CT L∗-formula EGFp, statingthat there is a path on which p becomes true infinitely often, in HB(X,U).2 In this case, HB(X,U) andCT L∗ are incomparable with respect to expressive power.
Finally, hybrid branching-time logics are obviously fragments of Monadic Path Logic (MPL), thefragment of MSO where set-quantification is restricted to paths. This inclusion can be proved to be strictby observing that hybrid branching-time logics respect hybrid one-bisimulations as defined in [3].
3.2 Expressing “From Now On”
The temporal operator N for “from now on” was introduced by Laroussinie and Schnoebelen to branching-time logics with past [18]. The semantics of N is given by: T, n |= Nϕ iff T ′, ε |= ϕ, where T ′ is the subtreeof T rooted at n.3 That is, N allows to forget about the past.
In [18] the authors provide several results on whether N adds expressive power to branching-time logicswith past. E.g., it does for B(X,F,Y,P) but does not for PCT L and PCT L∗. Moreover, they argue thatN offers a more convenient way to describe some properties in branching-time logics with past (see [18]for an example), which is partially attributed to the succinctness of logics with the N-operator.4
The following proposition shows that hybrid branching-time logics offer at least the same convenienceand are therefore at least as succinct as the logics including N.
Proposition 3.5 For every set of temporal operators M ⊆ {X,F,U,Y,P,S}, there is a linear translationfrom B(N,M) to HB(P,M).
Proof. Given a B(N,M)-formula ϕ, we obtain an equivalent HB(P,M)-formula ↓x.ϕ′ by substitutingN by the downarrow-operator and guarding all past modalities. I.e., ϕ′ results from ϕ by applying thefollowing rules once for every past modality and every N-operator:
Nψ → ↓x.ψ Pψ → P(Px ∧ ψ)Yψ → Y(Px ∧ ψ) ϕSψ → ϕS(Px ∧ ψ)
Requiring P in HB(P,M) is only a restriction if Y is the only past modality in M .
As we show in the next section, we cannot add N on top of hybrid branching-time logics withoutblowing up the complexity of satisfiability non-elementarily. Intuitively, this is because N can play therole of a second state variable, therefore enabling us to talk about three points at the same time: the newroot created by N, the state named x, and the current state.
But the reader should be warned not to think of N as a kind of state variable, since the ability to namea state and then to talk about its past is crucial to most results in this paper.
4 Satisfiability
The expressive power of hybrid branching-time logics comes at the price of an exponentially more complexsatisfiability problem compared to, e.g., CT L and PCT L. But we show that this is justified as hybridformulas are exponentially more succinct.
The proof of the lower bound of our complexity result is by a reduction from the 2n-corridor tilinggame. We first define the 2n-corridor tiling problem. An instance I = (T,H, V, n) of this problem consistsof a finite set T of tile types, horizontal and vertical constraints H,V ⊆ T × T , and a number n given inunary. The task is to decide, whether T tiles the 2n ×m-corridor for some m, respecting the constraintsH and V and some border constraints, especially on the top row to be reached.
1PCT L∗ is expressively equivalent to CT L∗ [14]. The latter was characterized in [19] as the fragment of MPL thatrespects bisimulation-equivalence.
2It is well known that this property cannot be expressed in CT L, see [8] and references therein.3More formally, T ′ = {m ∈ N
∗ | n ·m ∈ T}.4This succinctness gap has so far only been proved for the case of linear temporal logic in [17]. Succinctness and complexity
for branching-time logics with N seem to be open problems.
55
· · · · · · · · · · · ·
root row 1 row m
q# q# q# q# q q1 2n 1 2n
Figure 1: A path in the encoding of a winning strategy for the 2n-corridor tiling game with m rows.
The 2n-corridor tiling game is played by two players E and A on an instance I of the 2n-corridor tilingproblem. The players alternately place tiles starting with player E and following the constraints H and V ,as the opponent wins otherwise. E wins the game if the required top row is reached. To decide whetherE has a winning strategy in such a game is complete for 2EXPTIME [6].
Proposition 4.1 Satisfiability of HB(X,F) is hard for 2EXPTIME.
Proof. Let I = (T,H, V, n) be an instance of the 2n-corridor tiling problem. We build an HB(X,F)-formula ϕI of size polynomial in |I| that is satisfiable if and only if player E has winning strategy in thetiling game on I.
Such a winning strategy is a finite T -labeled tree whose levels alternately correspond to moves of Eand A. A node corresponding to a move of E, as the root for example, has one child for every possiblenext move of A. Nodes representing moves of A have only one child: the best move E can make. In orderfor the strategy to be winning, every path in this tree has to correspond to a correct tiling reaching therequired top row.
The first part of the formula ϕI describes an encoding of a winning strategy, using a numbering of thestates belonging to one row of the tiling as shown in Figure 1. Numbers are encoded by n propositions,one for each digit. The second part basically contains the conditions posed by H and V .
To make this more precise, ϕI is the conjunction of the two formulas ϕstruc and ϕtiles. The first formula,ϕstruc, starts by separating the lines of the tiling by an additional state labeled by the proposition symbolq# and marking the states beyond the encoding by the proposition symbol q.
ϕstruc = root ∧ q# ∧ ¬q ∧ (n−1∧i=0
¬qi) ∧AG((¬q ∧ ¬q#) ∨ ((q ↔ ¬q#) ∧n−1∧i=0
¬qi))
∧AF(q# ∧AGq) ∧AG(q → AGq) ∧ ϕnum
To get a correct numbering of the states representing one row of the tiling, ϕnum requires every state tohave only properly numbered direct successors. This numbering is required to check the vertical constraints.
ϕnum = AG([q# → AX(¬q ∧ ¬q# ∧n−1∧i=0
¬qi)] ∧ [(¬q ∧ ¬q#) → ((n−1∧i=0
qi ∧AXq#) ∨ ν)])
ν = ↓x.AXn−1∨i=0
(∧j<i
(qj ↔ @x¬qj) ∧ qi ∧@x¬qi ∧∧j>i
(qj ↔ @xqj))
The second part of ϕI expresses that every state corresponding to a move of one of the players is labeledby exactly one tile, using proposition symbols pt to represent the tiles, that the conditions in H and V arerespected, and that all possible moves of A are represented.
ϕtiles = AG([¬q ∧ ¬q#] → [∨t∈T
(pt ∧∧
t6=t′∈T
¬pt′) ∧ θH ∧ θV ∧ θA])
θH = ¬n−1∧i=0
qi →∧t∈T
(pt → AX∨
(t,t′)∈H
pt′)
θV = ↓x.@rootAG([EXEFx ∧ ¬EF(q# ∧EXEF(q# ∧EFx))
∧n−1∧i=0
(qi ↔ @xqi)] →∧t∈T
(pt →∨
(t,t′)∈V
@xpt′)))
θA = ¬q0 →∧t∈T
(pt →∧
(t,t′)∈H
[EXpt′∨ ↓x.@rootAG([EXEFx ∧ ¬EF(q#
∧EXEF(q# ∧EFx)) ∧n−1∧i=0
(qi ↔ @xqi)] → EX[EFx ∧∨
(t′′,t′) 6∈V
pt′′ ])])
56
We omit formulas for the border constraints, which are straightforward.
Before we proceed with the upper bound, we show that the lower bound is due to the succinctness ofhybrid formulas.
Theorem 4.2 The succinctness of HB(F) with respect to CT L is O(n)!, i.e., there is a HB(F)-formulaof length O(n) such that every equivalent CT L-formula is at least of length O(n)!.
Proof. We consider the CT L+-formula E(Fp1 ∧ Fp2 ∧ · · · ∧ Fpn), expressing that there exists a pathon which each of the propositions p1, . . . , pn holds at some point. Adler and Immerman proved that onerequires a formula of size O(n)! to express this property in CT L [1].
The following HB(F)-formula expresses the same property and has only size O(n).
EF(↓x.@root
n∧i=1
EF(pi ∧EFx))
The crucial point is that this property depends only on a finite prefix of the path, which can be fixedby naming its last state x.
The proof of the upper bound for satisfiability of hybrid branching-time logics uses the automata-theoretic approach to branching-time logics (see [28] and references therein), extended to the hybridframework.
Before we present this proof, we observe that nesting of the ↓-operator can be avoided.
Lemma 4.3 For every HB(X,U,Y,S)-formula ϕ, there is an equivalent HB(X,U,Y,S)-formula ψ oflength O(|ϕ|) without nested occurrences of the ↓-operator.
Proof. We add, for each sub-formula θ =↓x.ξ of ϕ, a new proposition pθ. In a bottom-up fashion, wereplace every occurrence of a formula θ by pθ and add to ϕ one conjunct AG(pθ ↔ θ′), for every θ. Here,θ′ results from θ by replacing all strict sub-formulas ↓ x.χ by the respective proposition. Note that theresulting formula has indeed linear size.
We can now prove the main theorem of this paper.
Theorem 4.4 For every set of temporal operators M ⊆ {U,Y,P,S}, satisfiability of HB(X,F,M)-formulas is complete for 2EXPTIME.
Proof. The lower bound was proved in Proposition 4.1.The proof of the upper bound is a extension of a proof in [26], constructing an alternating Buchi tree
automaton for a given CT L-formula.Given an HB(X,U,Y,S)-formula ϕ without nested occurrences of the ↓-operator, we build an alter-
nating one-pebble Buchi tree automaton Aϕ = (Q,Σ, q0, δ, F ), with Σ = 2PROP, such that ϕ holds atthe root of some Σ-labeled tree (T, V ) if and only if Aϕ accepts this tree. This reduces the satisfiabilityproblem for HB(X,U,Y,S) to non-emptiness of alternating one-pebble Buchi tree automata. The latterproblem is proved to be in 2EXPTIME in Section 5.
In the following, we denote the dual of a formula ψ by ψ. It is obtained from ψ by switching ∧ and∨, and by negating all other maximal subformulas (we identify ¬¬ψ with ψ), e.g., x ∨ (¬x ∧EFp) =¬x ∧ (x ∨ ¬EFp) (cf. [26]).
The set Q of states is the Fisher-Ladner-closure of ϕ, consisting of the subformulas of ϕ and their duals.The initial state q0 is ϕ. The set F of accepting states contains ⊤ and all formulas of the form ¬E(χUψ)and ¬A(χUψ) from Q. The transition function δ is defined by induction on the formula structure:
δ(⊤, σ) = (0,⊤) δ(p, σ) = (0,⊤) if p ∈ σδ(¬ψ, σ) = δ(ψ, σ) δ(ψ ∧ ξ, σ) = (0, ψ) ∧ (0, ξ)δ(x, σ) = (⊤, lift) δ(↓x.ψ, σ) = (ψ,drop)
δ(EXψ, σ) =∨k
i=1(i, ψ) δ(E(χUψ), σ) = (0, ψ) ∨ ((0, χ) ∧∨k
i=1(i,E(χUψ))δ(AXψ, σ) =
∧ki=1(i, ψ) δ(A(χUψ), σ) = (0, ψ) ∨ ((0, χ) ∧
∧ki=1(i,E(χUψ))
δ(Yψ, σ) = (−1, ψ) δ(χSψ, σ) = (0, ψ) ∨ ((0, χ) ∧ (−1, χSψ)
57
. . .
. . .root
pa pb pb pa pa q
q
q
Figure 2: The tree used to represent the string abbaa in the proof of Theorem 4.5.
where σ ∈ Σ, p ∈ PROP, and the notion of a dual is extended to δ in the obvious way, e.g.,δ(EXψ, σ) =
∧ki=1(i, ψ). The result then follows by Theorem 5.1.
This result is optimal with respect to the number of state variables available. We have shown in Section3.2 that the N-operator can be simulated by a state variable, and therefore be seen as a “weak” kind ofvariable. We show that adding the N-operator to hybrid branching-time logics causes a non-elementaryblow-up in complexity.
We have to be a bit careful when adding the N-operator to hybrid branching-time logics. First, what isthe semantics of a formula of the form @rootψ in the scope of an N-operator? As the N was introduced toforget about the past, the most natural thing is to define that this formula jumps to the new root createdmy the N-operator. While this is minor if past modalities are available, it is the only reasonable choicefor pure future hybrid branching-time logics.
The second difficulty is that the state variable might be bound to some state in the past. In order notto unbind the variable, we assume that in this case the assignment is updated to the current state, i.e., tothe new root. But this situation does not occur in the following proof.
Theorem 4.5 The satisfiability problem for HB(X,F,N) has non-elementary complexity.
Proof. We give a reduction from the non-emptiness problem for star-free expressions built from union,concatenation, and negation. This problem is known to have non-elementary complexity [23]. With astring of length i over an alphabet Σ we associate a tree whose first i + 1 nodes have only one child. Allstates beyond carry the label q as shown in Figure 2.
The following formula ψ holds at the root if and only if the tree is an encoding of a string, e.g., everystate belonging to the string is labeled by exactly one pσ.
ψ = EF((q ∧AGq)∧ ↓x.@rootAG(EFx→ (¬q ∧∨
σ∈Σ
(pσ ∧∧
σ 6=σ′∈Σ
¬pσ′))))
∧¬q ∧AG(¬q → EX ↓x.@rootAG(EXx→ AXx))
We map every star-free expression α to a formula ϕα. The idea is that x is always used to mark theend of the substring which is matched with respect to a star-free (sub-)expression while its beginning is atthe child of the root “created” by N.
ϕα = ψ ∧EF((¬q ∧AGq)∧ ↓x.@rootα′)
where α′ is inductively defined as follows:
ε′ = x σ′ = EX(x ∧ pσ) , for all σ ∈ Σ∅′ = ⊥ (α · β)′ = EF(EFx∧ ↓x.@rootα
′ ∧Nβ′)(¬α)′ = ¬α′ (α ∪ β)′ = α′ ∨ β′
5 Non-emptiness of Alternating One-Pebble Tree Automata
In this section, we show that the non-emptiness problem for alternating Buchi tree automata with onepebble is 2EXPTIME-complete. The proof is based on [22] where EXPSPACE-completeness for thestring case is shown.
Theorem 5.1 Non-emptiness of alternating one-pebble Buchi tree automata is complete for 2EXPTIME.
58
Proof (Sketch). Hardness follows from Proposition 4.1 and the proof of Theorem 4.4.To simplify the presentation of the proof of the upper bound, we assume that we do not have arbitrary
positive Boolean combinations on the right-hand side of a transition rule, but only either disjunctionsor conjunctions. This is equivalent to the more general notion used before. A configuration is calledexistential if the matching transition rule contains a disjunction and universal if it contains a conjunction.
A run r of an alternating Buchi tree automaton A with one pebble is an infinite in which the nodesare labeled with configurations (q, x, y), where q is the state, x is a node of the tree and j is the positionof the pebble (⊥ if the pebble is not placed). We are interested in runs of the following particularly simplestructure. A run is homogeneous if, for every existential configuration (q, x, y), all nodes of r labeled withconfiguration (q, x, y) have the same configuration at their child.
Note that the configuration graph of A on a tree T can be seen as the arena of a two-player game witha Buchi winning condition. From the existence of memoryless winning strategies in such games [10] (seealso [29]), it follows that if A has an accepting run on T , then it also has a homogeneous accepting run.
We can show that for each alternating one-pebble Buchi tree automaton there is an equivalent non-deterministic Buchi tree automaton of double exponential size. The basic idea is to simulate an acceptinghomogeneous run of the alternating automaton by running the non-deterministic Buchi automaton con-structed in [22] for the string case along every branch of the tree.
6 Conclusion
We have shown how to extend branching-time logics with hybrid machinery without blowing up complexity.The key to this result was the restriction to a single state variable proposed in [22].
We want to give some open problems and directions for further research.
• There are a lot of open problems concerning the expressive power of hybrid branching-time logics.E.g., is HB(X,F) a strict fragment of HB(X,U)?
• We only considered satisfiability, leaving out the model-checking problem. This gap has to be filledin future work.
• We restricted to CT L-like branching-time logics, not allowing Boolean combinations and nestingof temporal operators inside a path-quantifier. Extending our results to such logics is a challeng-ing problem. In particular, the complexity and expressiveness of hybrid CT L∗ should be investigated.
• On the purely automata-theoretic side, the result on one-pebble tree automata should be extendedto k-pebble tree automata.
References
[1] M. Adler and N. Immerman. An n! lower bound on formula size. ACM TOCL, 4(3):296–314, 2003.
[2] C. Areces, P. Blackburn, and M. Marx. A road-map on complexity for hybrid logics. In Proc. of 13thComputer Science Logic (CSL ’99), volume 1683 of LNCS, pages 307–321. Springer, 1999.
[3] C. Areces, P. Blackburn, and M. Marx. Hybrid logics: Characterization, interpolation and complexity.Journal of Symbolic Logic, 66(3):977–1010, 2001.
[4] C. Areces and B. ten Cate. Hybrid logics. In Handbook of Modal Logic, volume 3 of Studies in Logic,pages 821–868. Elsevier, 2007.
[5] M. Ben-Ari, A. Pnueli, and Z. Manna. The temporal logic of branching time. Acta Informatica,20:207–226, 1983.
[6] B. S. Chlebus. Domino-tiling games. J. Comput. Syst. Sci., 32(3):374–392, 1986.
[7] E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching-time temporal logic. In Proc. Logic of Programs, volume 131 of LNCS, pages 52–71. Springer, 1981.
[8] E. A. Emerson. Temporal and modal logic. In J. van Leeuwen, editor, Handbook of TheoreticalComputer Science, Vol. B: Formal Models and Sematics, pages 995–1072. Elsevier, MIT Press, 1990.
59
[9] E. A. Emerson and J. Y. Halpern. “sometimes” and “not never” revisited: on branching versus lineartime temporal logic. J. ACM, 33(1):151–178, 1986.
[10] E. A. Emerson and C. S. Jutla. Tree automata, mu-calculus and determinacy. In Proc. of 32nd IEEESymposium on Foundations of Computer Science (FOCS), pages 368–377. IEEE, 1991.
[11] M. Franceschet and M. de Rijke. Model checking hybrid logics (with an application to semistructureddata). Journal of Applied Logic, 2005.
[12] M. Franceschet, M. de Rijke, and B.-H. Schlingloff. Hybrid logics on linear structures: Expressivityand complexity. In 10th TIME / 4th ICTL, pages 192–202. IEEE, 2003.
[13] V. Goranko. Temporal logic with reference pointers. In Temporal logic, volume 827 of LNCS, pages133–148. Springer, 1994.
[14] T. Hafer and W. Thomas. Computation tree logic CTL* and path quantifiers in the monadic theoryof the binary tree. In Proc. of ICALP’87, volume 267 of LNCS, pages 269–279. Springer, 1987.
[15] O. Kupferman and A. Pnueli. Once and for all. In Proc. of 10th Logic in Computer Science (LICS’95), pages 25–35. IEEE, 1995.
[16] O. Kupferman and M. Y. Vardi. Memoryful branching-time logic. In Proc. of 21st Logic in ComputerScience (LICS 2006), pages 265–274. IEEE, 2006.
[17] F. Laroussinie, N. Markey, and P. Schnoebelen. Temporal logic with forgettable past. In Proc. of 17thLogic in Computer Science (LICS 2002), pages 383–392. IEEE, 2002.
[18] F. Laroussinie and P. Schnoebelen. A hierarchy of temporal logics with past. Theor. Comput. Sci.,148(2):303–324, 1995.
[19] F. Moller and A. M. Rabinovich. On the expressive power of CTL. In Proc. of 14th Logic in ComputerScience (LICS ’99), pages 360–369. IEEE, 1999.
[20] M. Mundhenk, T. Schneider, T. Schwentick, and V. Weber. Complexity of hybrid logics over transitiveframes. In Proc. of M4M-4, volume 194 of Informatik-Berichte, pages 62–78. Humbold-UniversitatBerlin, 2005.
[21] M. Rabin. Weakly definable relations and special automata. In Proc. Symp. Math. Logic and Foun-dations of Set Theory, pages 1–23. North Holland, 1970.
[22] T. Schwentick and V. Weber. Bounded-variable fragments of hybrid logics. In Proc. of the 24thInternational Symposium on Theoretical Aspects of Computer Science (STACS 2007), volume 4393of LNCS, pages 561–572. Springer, 2007.
[23] L. J. Stockmeyer. The complexity of decision problems in automata theory and logic. PhD thesis,MIT, 1974.
[24] B. ten Cate and M. Franceschet. On the complexity of hybrid logics with binders. In Proc. of 19thComputer Science Logic (CSL 2005), volume 3634 of LNCS, pages 339–354. Springer, 2005.
[25] W. Thomas. Automata on infinite objects. In J. van Leeuwen, editor, Handbook of TheoreticalComputer Science, Vol. B: Formal Models and Sematics, pages 133–192. Elsevier, MIT Press, 1990.
[26] M. Y. Vardi. Alternating automata and program verification. In Computer Science Today, volume1000 of LNCS, pages 471–485. Springer, 1995.
[27] M. Y. Vardi. Reasoning about the past with two-way automata. In Proc. of ICALP’98, volume 1443of LNCS, pages 628–641. Springer, 1998.
[28] M. Y. Vardi. Automata-theoretic techniques for temporal reasoning. In Handbook of Modal Logic,volume 3 of Studies in Logic, pages 971–989. Elsevier, 2007.
[29] W. Zielonka. Infinite games on finitely coloured graphs with applications to automata and infinitetrees. Theoretical Computer Science, 200:135–183, 1998.
60
A Hybrid LTLK of Linear Temporal Logic LTL andMulti-Agent Logic Kn. Decision Algorithms
V.RybakovDepartment of Computing and Mathematics
Manchester Metropolitan UniversityJohn Dalton Building, Chester Street, Manchester M1 5GD, U.K.
AbstractWe study a hybrid LTLK of the linear temporal logic LTL and the multi-agent knowledge logic Kn. Thelanguage adopts the temporal operations U (until) and N (next), and uses new operations, – weak until, Uw, andstrong until – Us. Also we take the standard agents knowledge operations Ki from multi-agent knowledge logicKn The semantic models for LTLK are Kripke/Hintikka-like structures NC based on linear time. They havetime points i modeled by time clusters C(i) consisting of all possible states in the time i. Agent’s knowledgeis modeled on time clusters as agent knowledge accessibility relations Ri. The hybrid logic LTLK is the setof all formulas which are true in all such models NC w.r.t. all possible valuations. We propose an algorithmrecognizing theorems ofLTLK (so we show thatLTLK is decidable), which is based on verification of validityfor special normal reduced forms of rules in models of single-exponential size in the testing rules.
Keywords: hybrid logics, linear temporal logic, multi-agent knowledge logic, inference rules,decidability, algorithms, polynomial algorithms
1 IntroductionThe term hybrid logics can be understood very broadly – as a combination of logics via a fusion oflanguages for construction of formulas or by means of composed combinations of models adequateto individual logics in building more general semantical models. However, historically, the termHybrid Logic , in major, refers to a number of logics obtained by adding further expressive powerto ordinary modal logics. Often, it is connected with adding so-called nominals which are propo-sitional symbols of a new sort, each being true at exactly one possible world. Basic accent may bealso motivated by interest to properties of background logics which can be extended to hybrids, toestimation of efficiency of obtained systems and computational complexity of decision problem forobtained logics. In this way whole branch in non-classical logics has been created (cf., for instance,Blackburn and Marx [7, 8], Brauner [4, 5], Gabbay and Queiroz [15]). Sometimes the origin inmodal logics is developed till creation of a robust separate branch with own instruments, techniqueand various applications (cf., for example – description logics – in Baader et. al [6]). Temporal
61
logics, origination of which may be refereed to Prior [21, 22], can be considered as a special case ofhybrid logics, e.g. as a bimodal logic with some laws posed on interaction of modalities to imitatethe flow of time. Mathematical theory devoted to study of various aspects of interaction for temporaloperations (e.g. axiomatizations of temporal logics) and to construction of effective semantic the-ory based on Kripke/Hintikka-like models and temporal Boolean algebras, formed a highly technicalbranch in non-classical logics (cf. e.g. van Benthem [36, 35], Goldblatt [17], Gabbay and Hodkinson[16], Hodkinson [18]).
Temporal logics are currently the most widely used specification formalism for reactive systems.They were first suggested to be used for specifying properties of programs in late 1970’s (cf. Pnueli[23]). The temporal framework most used is linear-time propositional temporal logic LTL, whichhas been studied from various viewpoints of its application (cf. e.g. Manna and Pnueli [19, 20],Clark E. et al., [9]). Temporal logic has numerous applications to safety, liveness and fairness (cf.Emerson [11]), to various problems arising in computing (cf. Eds. Barringer, Fisher, Gabbay andGough, [3]). Model checking for LTL formed a direction in logic in computer science, which uses,in particular, applications of automata theory (cf. Vardi [10, 33]).
Another view on possible hybrid logics comes from knowledge logics (cf. Fagin et.al [12, 13],Halpern and Shore [14]), which are special multi-modal logics with modalities Ki responsible forknowledge of agents. They are intended to model effects and properties of agents knowledge inchanging environment and logical inference, tools devoted to derivation of new knowledge fromknown facts. We could also refer as to hybrid logics to logics introducing justification to epistemiclogic (cf, for instance, Artemov and Nogina [1, 2]).
In this paper we study a hybrid of linear temporal logic LTL and the multi-agent knowledgelogic. We adopt the standard temporal operations U (until) and N (next), and extend the languageby operations weak until Uw and strong until Us. To set more efficient hybrid, we take the standardagents knowledge operations Ki from the multi-agent knowledge logic. The semantic models forthese hybrid language are Kripke/Hintikka-like models NC based on linear time with time pointsi modeled by time clusters C(i) of all possible states in the current time point i. Agent’s knowl-edge is modeled on time clusters as agent knowledge accessibility relations Ri being some specialequivalence relations. The hybrid logic LTLK is the set of all formulas which are true in all suchmodels NC w.r.t. all valuations of letters. The main question we are dealing with is the decidabilityof this logic, we construct an algorithm recognizing theorems of LTLK (so we show that LTLK isdecidable). Here we use technique developed for study inference rules in [25] – [31], and base onthe evident observation that a formula ϕ is a theorem of a logic iff the rule x → x/ϕ is valid in allframes generating this logic. The algorithm is based on verification of validity for special normalreduced forms of rules in models of single-exponential size in the testing rules.
2 Definitions, NotationTemporal logics are, in essence, modal logics geared towards the description of the temporal or-dering of events. Linear temporal logics differ from typical modal logics by presence of specifictemporal operations which cannot be expressed in standard modal language. The logic (a hybrid ofan extension of the standard linear temporal logic LTL with the agent knowledge logic based onKn)which we consider in this paper, is based on the following Kripe/Hintikka-like models with lineardiscrete time. The frame
NC := 〈⋃i∈N
C(i), R,R1, . . . Rm, Next〉
62
is a tuple, where N is the set of natural numbers, C(i) are some nonempty sets, R,R1, . . . Rm arebinary accessibility relations. For all elements a and b from
⋃i∈N C(i),
aRb⇔ [a ∈ C(i) and b ∈ C(j) and i < j] or [a, b ∈ C(i) for some i; ]
any Rj is a reflexive, transitive and symmetric relation, and
∀a, b ∈⋃i∈N
C(i), aRjb⇒ [a, b ∈ C(i) for some i ; ]
∀a, b ∈⋃i∈N
C(i), a Next b⇔ [a ∈ C(i) for some i and b ∈ C(i+ 1).]
These frames are intended to model the reasoning/computation in discrete time, so each i ∈ N(any natural number i) is the time index for the cluster of states arising after the step in currentcomputation. Any C(i) is a finite set of all possible states in the time point i, and R models discretecurrent of time. Relations Rj are intended to model knowledge of agents for any current time pointin the cluster of states C(i). So, as usually, any Rj is supposed to be S5-like relation.
We suppose the reasonong/computation to be simultaneous and parallel - after a step new clusterof possible states appears, and agents will be given new access rules to the information in this timecluster of states. However, the agents cannon predict, which access rules they will have (that is whywe, in particular, do not use nominals). The Next relation is the standard one – it describers allstates available in the next time point cluster.
Based on these structures NC , we propose the following hybrid language (based on extendedlanguage of LTL and usual language for agents knowledge logic) to describe properties of linearparallel computation with knowledge agents. It includes the language of the standard LTL (whichextends the language of Boolean logic by operations N (next), U (until)) and the new operationsUw (weak until) and Us (strong until). Also we include the language of the agents knowledge logic,which extends the language of Boolean logic by modal-like unary operations Kj , 1 ≤ j ≤ m.Formation rules for formulas are as usual, and the formula
Nϕ has meaning ϕ holds in the next time cluster of states (state);ϕUψ can be read: ϕ holds until ψ will hold;ϕUwψ has meaning ϕ weakly holds until ψ will hold;ϕUsψ has meaning ϕ strongly holds until ψ will hold;Kjϕ means the agent j knows ϕ in the current state of a time cluster.
Similar to the standard definition of Kripke/Hintikka models on frames, for any collection ofpropositional letters Prop and any frame NC , a valuation in NC is a mapping which assigns truthvalues to elements of Prop in NC . So, for any p ∈ Prop, V (p) ⊆ NC . We will call 〈NC , V 〉 amodel (a Kripke/Hinikka model).
For any modelM, the truth values are extended from propositions of Prop to arbitrary formulasas follows (for a ∈ NC , we denote (NC , a) V ϕ to say that the formula ϕ is true at a in NC w.r.t.V ). The rules are as follows:
∀p ∈ Prop, (M, a) V p ⇔ a ∈ V (p);
(M, a) V ϕ ∧ ψ⇔ (M, a) V ϕ ∧ (M, a) V ψ;
(M, a) V ¬ϕ⇔ not[(M, a) V ϕ];
63
(M, a) V Nϕ⇔∀b[(a Next b)⇒(M, b) V ϕ];
(M, a) V ϕUψ⇔∃b[(aRb) ∧ ((M, b) V ψ)∧
∀c[(aRcRb)&¬(bRc)⇒(M, c) V ϕ]];
(M, a) V ϕUwψ⇔∃b[(aRb) ∧ ((M, b) V ψ)∧
∀c[(aRcRb)&¬(bRc)&(c ∈ C(i))⇒ ∃d ∈ C(i)(M, d) V ϕ]];
(M, a) V ϕUsψ⇔∃b[(aRb) ∧ b ∈ C(i) ∧ ∀c ∈ C(i)((M, c) V ψ)∧
∀c[(aRcRb)&¬(bRc)⇒(M, c) V ϕ]];
(M, a) V Kjϕ⇔∀b[(a Rj b)⇒(M, b) V ϕ].
Thus, in the rules above the treatment of U is slightly different from standard one – it is sufficientfor ψ to be true at least in one state of the achieved current time cluster. The operation Uw moredrastically differs from the standard U, – it is sufficient for ϕ to be true only in a certain state of alltime clusters before ψ will true at a state. And the strong until – ϕUsψ – means that there is a timepoint i, where the formula ψ is true at all states in the time cluster C(i), and ϕ holds in all states ofall time points j proceeding i.
Using operations U and N we can define all standard temporal and modal operations. Forinstance, Fϕ (ϕ holds eventually, which, in terms of modal logic, means ϕ is possible (denotation3ϕ)), can be described as trueUϕ. Therefore, we can also define the modal operation 2 (as 2ϕ :=¬3¬ϕ) in this language. The temporal operation G, where Gϕ means ϕ holds henceforth, can bedefined as ¬F¬ϕ. We can describe within this language various properties of transition systems andKripke structures. For instance, the formula G(¬request∨ (requestU grant)) says that whenevera request is made it holds continuously until it is eventually granted.
The standard temporal operations together with knowledge operations add more expressive powerto the language. For instance, the formula 2¬K1¬ϕ says that, for any future time cluster and forany state a of this cluster the knowledge ϕ is discoverable for agent 1, it has access to a state b whereϕ holds. The new temporal operations Us and Us brings new unique features in the language. Forinstance the formula
2wϕ := ¬(>Us¬ϕ)
codes the weak necessity, it says that in any time cluster C(i) there is a state where ϕ is true. Theformula
¬(ϕUw2ϕ) ∧32ϕ
codes that, since a time point i ϕ holds in all states, but before i ϕ is false in a state of any timecluster. Such properties are problematic to be expressed in standard modal or temporal operations.
Definition 1 For a Kripke structure M := 〈NC ,≤, V 〉 and a formula ϕ , we say that(i) ϕ is satisfiable in M (denotation – M Satϕ) if there is a state b of M
(b ∈ NC) where ϕ is true: (M, b) V ϕ.
(ii) ϕ is valid in M (denotation – M ϕ) if, for any b of M (b ∈ NC),the formula ϕ is true at b ((M, b) V ϕ).
64
Definition 2 For a Kripke frame NC and a formula ϕ, we say that(i) ϕ is satisfiable in NC (denotation NC Satϕ) if there is a valuation V in the
frame NC such that 〈NC , V 〉 Satϕ.
(ii) ϕ is valid in NC (denotation NC ϕ) if not(NC Sat¬ϕ).
Definition 3 The logic LTLK is the set of all formulas which are valid in all frames NC .
So, a formula ϕ in the language of LTLK is satisfiable iff there is a valuation V in the Kripkeframe NC which makes ϕ satisfiable: 〈NC , V 〉 Satϕ. It is clear that a formula ϕ is satisfiable iff¬ϕ is not a theorem of LTLK : ¬ϕ 6∈ LTLK , and vise versa, ϕ is a theorem of LTLk (ϕ ∈ LTLK)if ¬ϕ is not satisfiable. We intend to study logical laws in LTLK (say when two formulas ϕ andψ are equivalent – when ϕ ≡ ψ ∈ LTLK). First what is necessary for it is an algorithm verifyingformulas to be theorems of LTLK . Therefore we devote our paper to construction a such algorithm,so we will prove that LTLK is decidable.
3 Main Results, Decidability AlgorithmIn fact, LTLK is fusion of a special temporal-like logic and the agent knowledge logic. Thereforeto approach decidability we can borrow some evolved techniques from these areas. Though, not allways could be efficient enough. We will apply a technique based on our own approach tested forseveral logics in study of inference rules (cf. [25] – [31]). This approach uses a representation offormulas by rules, and converting rules in a special normal reduced form. Recall, a (sequential) ruleis an expression
r :=ϕ1(x1, . . . , xn), . . . , ϕm(x1, . . . , xn)
ψ(x1, . . . , xn),
where ϕ1(x1, . . . , xn), . . . , ϕm(x1, . . . , xn) and ψ(x1, . . . , xn) are some formulas constructed outof letters x1, . . . , xn. Letters x1, . . . , xn are variables of r, we use notation xi ∈ V ar(r).
Definition 4 A rule r is said to be valid in a Kripke model 〈NC , V 〉 with the valuation V (we willuse notation NC V r) if
[∀a ((NC , a) V
∧1≤i≤m
ϕi)] ⇒ ∀a ((NC , a) V ψ).
Otherwise we say r is refuted in NC , or refuted in NC by V , and write NC �� V r.
A rule r is valid in a frameNC (notationNC r) if, for any valuation V of V ar(r),NC V r.
For any formula ϕ we can convert it in the rule x → x/ϕ and employ the technique of reducednormal forms for inference rules as follows. First, it is evident that
Lemma 5 A formula ϕ is a theorem of LTLK iff the rule (x→ x/ϕ) is valid in any frame NC .
65
A rule r is said to have the reduced normal form if r = εc/x1 where
εc :=∨
1≤j≤m
(∧
1≤i,k≤n,i 6=k
[xt(j,i,0)i ∧ (Nxi)t(j,i,1) ∧ (xiUxk)t(j,i,k,0)∧
(xiUwxk)t(j,i,k,1) ∧ (xiUsxk)t(j,i,k,2) ∧∧
1≤m≤n
(¬Km¬xi)t(j,i,m,3)]),
and xs are certain letter (variables), t(j, i, z), t(j, i, k, z) ∈ {0, 1} and, for any formula α above,α0 := α, α1 := ¬α. We employ here all operations U, Us and Uw because they are not seem to beeasy and naturally mutually expressible in LTLK .
Definition 6 Given a rule rnf in the reduced normal form, rnf is said to be a normal reduced formfor a rule r iff, for any frame NC , NC r⇔NC rnf .
Based on proofs of Lemma 3.1.3 and Theorem 3.1.11 from [27], by similar technique, we obtain
Theorem 7 There exists an algorithm running in (single) exponential time, which, for any givenrule r, constructs its normal reduced form rnf .
Thus, Lemma 5 says, that to solve the question about decidability of LTLK it is sufficient tofind an algorithm recognizing rules in reduced normal form which are valid in all frames NC . Todescribe our algorithm we need the following special finite Kripke models. Take any frame NC andsome numbers k,m, where m > k > 1 and modify NC as follows. The frame NC(k,m) has thestructure:
NC(k,m) := 〈∧
1≤i≤m
C(i), R,R1, . . . RnNext〉,
where R is the accessibility relation from NC extended by pairs (x, y), where
x ∈ C(i), y ∈ C(j)) and i, j ∈ [n,m],
so xRy holds for all such pairs; any Rj is simply transferred from NC , and Next is the relationfrom NC extended by
∀a ∈ C(m)∀b ∈ C(k)(a Next b = true).
If given a valuation V of letters from a formula ϕ in NC(k,m), the truth values of ϕ can bedefined at elements of NC(k,m) by the same rules as for frames NC above (actually just in accor-dance with standard computing of truth values for time operations and knowledge modalities). Justin case we describe below steps for time operations.
(NC(k,m), a) V ϕUψ⇔∃b[(aRb) ∧ (NC(k,m), b) V ψ) ∧ ∀c[(aRcRb)&¬(bRc)⇒
⇒(NC(k,m),c) V ϕ]],
(NC(k,m), a) V ϕUwψ⇔∃b[(aRb) ∧ ((NC(k,m), b) V ψ) ∧ ∀c[(aRcRb)&¬(bRc)
&(c ∈ C(i))⇒ ∃d ∈ C(i)(NC(k,m), d) V ϕ]],
66
(NC(k,m), a) V ϕUsψ⇔∃b[(aRb) ∧ b ∈ C(i) ∧ ∀c ∈ C(i)((NC(k,m), c) V ψ)∧
∀c[(aRcRb)&¬(bRc)⇒ (NC(k,m),c) V ϕ]].
Using these modified Kripke structures NC(k,m) we can derive
Lemma 8 A rule rnf in the reduced normal form is refuted in a frame NC w.r.t. a valuation V ifand only if rnf can be refuted in a frame NC(k,m) by a valuation V1, where
• (i) The size of any cluster C(i) in NC(n,m) is single-exponential in rnf ;
• (ii) n and m are single exponential in rnf ;
• (iii) The size of the frame NC(n,m) is single exponential in rnf .
Combining Theorem 7, Lemma 5 and Lemma 8 we derive
Theorem 9 The logic LTLK is decidable. The algorithm for checking a formula to be a theoremin LTL)K consists of verification for validity of rules in reduced normal form in Kripke/Hintikkaframes of size single-exponential in the size of reduced normal forms.
The overall complexity of the algorithm includes as well the reduction of rules to normal re-duced forms, but this complexity is single exponential (the same as the complexity of reduction anyBoolean formula to the disjunctive normal form).
The logic LTLK is seemed to be rather interesting, because it models situations resistant to de-scribe in the standard temporal or modal language. There are a number of open questions concerningLTLk, for instance to clarify whether operations U, Us and Uw are independent, and if, it is not acase, provide expressing formulas, clarify the minimal amount of operations allowing to model thelogic in total.
Here we would like to discuss some another operations allowing to model Us and Uw. Considerthe following new relationRs on framesNC : ∀i ∈ N,∀a, b ∈ C(i)(aRsb). The relationRs plays anespecial role to model the knowledge of a supervisor (omniscient agent) who knows the informationin all states of the current time point. Let 2s := Ks, 3s := ¬Ks¬. We use notation ≡sem to saythat the truth values of formulas in frames NC coincide. It is easy to see that
Proposition 10 The following holds
(i) ϕUwψ ≡sem 3sϕU3sψ; (ii) ϕUsψ ≡sem 2sU2sψ
So, having in disposal an supervisor agent, we can obtain weak and strong until. The logicLTLKs in the language with Ks and without Us and Uw obeys the technique presented in thispaper for LTLK , and we can get the decidability with the same estimation of complexity. Anotherway to vary/extend the language is to add variants of the operation N. For instance, we couldconsider the operation Nw – weak next with interpretation
(M, a) V Nwϕ⇔∃b[(a Next b)⇒(M, b) V ϕ],
and the logic with this new operation again will be decidable. Moving in this direction further, wecan consider a new specific operation Nextw on frames NC being a restriction of Next, say
∀a, b ∈⋃i∈N
C(i), a Nextw b⇒ [a ∈ C(i) for some i and b ∈ C(i+ 1)];
67
∀a ∈⋃i∈N
C(i)[a ∈ C(i)⇒∃b ∈ C(i+ 1)(a Nextwb)
∧∀c ∈ C(i)∀d ∈ C(i+ 1)((cNextwd)⇔(a Nextw d))].
Again, the technique for decidability will work for this case also.
Conclusion, Future work: We proved decidability of the logic LTLK and its variantswith an exponential estimation on the size of Kripke/Hintikka models from the algorithm. There isa good avenue for future research. Say, it would be interesting to find axiomatizations for LTLK
and its mentioned variants. Next open question is to clarify whether the operations Us and Uw areindependent from standard language of LTL, to find new modeling of the operations Uw and Us,and similar ones. Technique from this paper seems to be rather flexible, and may work for otherlogics from AI, Philosophy and Computation areas.
References[1] S. Artemov and E. Nogina. Introducing justification to epistemic logic, Journal of Logic and
Computation, vol. 15, No. 6, pp. 1059-1073, 2005.
[2] S. Artemov and E. Nogina. On epistemic logic with justification, in: R. van der Meyden, edi-tor, Theoretical Aspects of Rationality and Knowledge. Proceedings of the Tenth Conference(TARK 2005), June 10-12, 2005, Singapore, pp. 279-294, 2005.
[3] Barringer H, Fisher M, Gabbay D., Gough G. Advances in Temporal Logic. Vol. 16 of Appliedlogic series, Kluwer Academic Publishers, Dordrecht, 1999.
[4] Brauner, T. Natural Deduction for Hybrid Logic,- J. of Logic and Computation, 14: 329 – 353,2004.
[5] Brauner, T. Two Natural Deduction Systems for Hybrid Logic,- J. of Logic, Language andComputation, 13: 1 – 23, 2004.
[6] Baader, et. al. Eds. The description Logic handbo ok, implementations and applications. Cam-bridge University press, 2003.
[7] Patrick Blackburn and Maarten Marx. Constructive Interpolation in Hybrid Logic , by PatrickBlackburn and Maarten Marx. Journal of Symbolic Logic, 68(2), 463-480, 2003.
[8] Patrick Blackburn and Maarten Marx Hybrid Logic: Characterization, Interpolation and Com-plexity, by Carlos Areces, Patrick Blackburn and Maarten Marx. Journal of Symbolic Logic,66(3), 977-1010, 2001.
[9] Clarke E., Grumberg O., Hamaguchi K. P. Another look at LTL Model Checking. - In: Confer-ence on Computer Aided Verification (CAV), LNCS 818, Stanford, California, 1994, Springer-Verlag.
[10] Daniele M, Giunchiglia F, Vardi M. Improved Automata Generation for Linear TemporalLogic. - In book: (CAV’99), International Conference on Computer-Aided Verification, Trento,Italy, July 7-10, 1999.
68
[11] Emerson E.A. Temporal and Modal Logics. In: Handbook of Theoretical Computer Science.J. van Leenwen, Ed., 1990, pp. 996 - 1072.
[12] Fagin, R., Halpern, J., Moses, Y. and Vardi M. Reasoning About Knowledge, The MIT Press,ISBN-10: 0-262-06162-7 ISBN-13: 978-0-262-06162-9, 1995.
[13] Fagin, J. Geanakoplos, Halpern, J. and M. Y. Vardi. The hierarchical approach to modelingknowledge and common knowledge, International Journal of Game Theory, 28:3, 1999, pp.331–365.
[14] Halpern, J. and R. Shore. Reasoning about common knowledge with infinitely many agents,Information and Computation, 191:1, 2004, pp. 1-40.
[15] Gabbay, D. and de Queiroz, R. The functional Interpretation of Modal Necessity. In de Rijke,editor, Advancies in Intensional Logic, pp. 59 – 91, Kluwer, 1997.
[16] D. M. Gabbay and I. M. Hodkinson. An axiomatisation of the temporal logic with Until andSince over the real numbers. Journal of Logic and Computation, 1 (1990), 229-260.
[17] Goldblatt R. Logics of Time and Computation. CSLI Lecture Notes, No.7, 1992.
[18] Hodkinson I. Temporal Logic and Automata, Chapter II of Temporal Logic: MathematicalFoundations and Computational Aspects, volume 2, by D. M. Gabbay, M. A. Reynolds, M.Finger, Clarendon Press, Oxford, 2000, pp. 30-72.
[19] Manna Z, Pnueli A. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, 1995.
[20] Manna Z., Pnueli A. The Temporal Logic of Reactive and Concurrent Systems: Specification.Springer-Verlag, 1992.
[21] Prior, A. The Past Present and Future. Oxford University Press, 1967.
[22] Prior, A. Papers on Time and Tense. Oxford University press, new edition, 2003.
[23] Pnueli A. The Temporal Logic of Programs. In: Proc. of the 18th Annual Symp. on Foundationsof Computer Science, 46 - 57, IEEE, 1977.
[24] Pnueli A., Kesten Y. A deductive proof system for CTL∗. In: Proc. 13th Conference onConcurrency Theory, Vol. 2421 of LNCS, pp. 24-40, Brno, Czech Republic, 2002.
[25] Rybakov V.V. Rules of Inference with Parameters for Intuitionistic logic. Journal of SymbolicLogic, Vol. 57, No. 3, 1992, pp. 912 - 923.
[26] Rybakov V.V. Hereditarily Structurally Complete Modal Logics. Journal of Symbolic Logic,Vol. 60, No.1, 1995, pp. 266 - 288.
[27] Rybakov V.V. Admissible Logical Inference Rules. - Studies in Logic and the Found. ofMathematics, Vol. 136, Elsevier Sci. Publ., North-Holland, New-York- Amsterdam, 1997.
[28] Rybakov V.V., Kiyatkin V.R., Oner T., On Finite Model Property For Admissible Rules. Math-ematical Logic Quarterly, Vol.45, No 4, 1999, pp. 505-520.
[29] Rybakov V.V. Construction of an Explicit Basis for Rules Admissible in Modal System S4.Mathematical Logic Quarterly, Vol. 47, No. 4 (2001), pp. 441 - 451.
69
[30] Rybakov V.V. Logical Consecutions in Discrete Linear Temporal Logic. Journal of SymbolicLogic, V.70, No 4 (2005), pp. 1137-1149.
[31] Rybakov V.V. Logical Consecutions in Intransitive Temporal Linear Logic of Finite Intervals.Journal of Logic Computation, Vol. 15 No. 5 (2005) pp. 633 -657.
[32] Sistla A.P. and Clarke E.M. The Complexity of Propositional Linear Temporal Logic. Journalof the ACM, 32(3), 1985, pp. 733 – 749.
[33] Vardi M. An automata-theoretic approach to linear temporal logic. In: Proceedings of theBanff Workshop on Knowledge Acquisition, (1994), (Banff’94).
[34] Vardi M. Reasoning about the past with two-way automata. In: Proc. 25th Int. Coll. on Au-tomata, Languages, and Programming, Vol. 1443 of LNCS, pages 628–641, 1998.
[35] van Benthem J. and Bergstra J.A. Logic of Transition Systems. Journal of Logic, Languageand Information 3(4), pp. 247–283 (1994).
[36] van Benthem, J. The Logic of Time, Kluwer, 1991.
70
A Straightforward Saturation-Based
Decision Procedure for Hybrid Logic
Mark Kaminski1 Gert Smolka1
Programming Systems Lab
Saarland University
Saarbrucken, Germany
Abstract
In this paper we present a saturation-based decision procedure for basic hybridlogic extended with the universal modality. Termination of the procedure isguaranteed by constraints that are conceptually simpler than the loop-checkscommonly used with related tableau-based decision methods in that they do notrely on the order in which new formulas are introduced. At the same time, ourconstraints allow us to limit the worst-case asymptotic complexity of the proce-dure more tightly than it seems to be possible for methods using conventionalloop-checks. The procedure is based on Hardt and Smolka’s higher-order formu-lation of hybrid logic [10].
1 Introduction
Recently, several tableau-based decision procedures, both prefixed and internal-ized [7, 6], were developed for H(E), the basic hybrid language [5] extended withthe universal modality. Termination of the procedures is guaranteed by restrictingthe applicability of rules that generate new prefixes (or nominals, respectively) toformulas prefixed by so-called urfathers. A prefix on a tableau branch is calledan urfather of that branch if the associated set of formulas is not included in thecorresponding set for any other prefix that occurs earlier on the branch.
We present a saturation-based decision procedure forH(E) based on the higher-order formulation of hybrid logic devised by Hardt and Smolka [10]. The procedureis obtained from a model existence theorem as a set of terminating saturation rulesthat, applied to a set C of hybrid formulas, will construct a model if and only ifC is satisfiable. Like in internalized tableau systems [4, 7, 6], the saturation rulesdo not rely on any extensions of the object syntax. Termination of the procedureis guaranteed by constraints restricting the expansion of diamond-prefixed formu-las, reminiscent of the urfather-based loop-checks in [7, 6], but motivated by adifferent model construction. Our algorithm works on unordered sets of formu-las rather than ordered tableau branches and treats equality explicitly. Given aset of formulas, the admissibility of diamond expansion does not depend on anyknowledge about how the set was constructed. Moreover, since our expansionconstraints only depend on very specific subsets of the formulas that are true at a
1{kaminski,smolka}@ps.uni-sb.de
71
f := fπ @ut := (λπ.t)uu := π
.=u Et := E(λπ.t)3t := 3π(λπ.t) At := A(λπ.t)2t := 2π(λπ.t)
Figure 1: Hybrid Notation in Higher-Order Syntax
given nominal rather than on all such formulas, we are able to give upper boundsfor the asymptotic worst-case complexity of our procedure that are smaller thanthe ones known for conventional loop-checks. We expect our approach to providefor a simple and comparatively efficient implementation of the decision procedure.
2 Basics
As the formal basis for our presentation we take the formulation of hybrid logicbased on the simply typed λ-calculus introduced in [10]. For an introduction tothe simply typed λ-calculus, see [3].
For each type T we assume a countably infinite set VarT of variables, anddefine Var :=
⋃T VarT . Two base types are given special interpretation: the
type V of vertices and the type B of truth values. Variables of type V are callednominal variables, and are written as π, x, y, z. Variables f, g : V → B are calledpropositional variables. We also assume a countably infinite set Par of constants oftype V, which we call parameters. Parameters are written as a, b. Elements of theset Nam := Par ∪ Var are called names. Names of type V are written as u, v, w.
We consider λ-terms, written as s, t, over the following signature:• Type constants B, V
• Boolean connectives ∨,∧ : B → B → B and ¬ : B → B
• Equality predicate on vertices .= : V → V → B
• Relational constant R : V → V → B
• Modal operators 3, 2 : V → (V → B) → B
• Universal modalities E, A : (V → B) → B
For a term t, Vt denotes the set of nominal variables that occur free in t, andN t := Vt ∪ {a ∈ Par | a occurs in t}. If Vt = ∅, t is called closed.
Terms of type B are called formulas. We denote the set of all formulas by For .Given a term t, we write Ft for the set of all subformulas of t. We call a formulat monadic if for every subterm s it holds |Vs| ≤ 1, and every subterm of the formλx.t is closed. It can be shown that monadic formulas of the formt ∈MFI ::= fu | u
.=v | ¬t | t ∨ t | 3u(λπ.t)naturally correspond to formulas of H(@) [10]. It is easily seen that the monadicfragment of MFI extended by terms of the form E(λπ.t) analogously correspondsto H(E). Let us call formulas which are elements of this extended set proper. Fig-ure 1 summarizes the correspondence between hybrid and higher-order syntax.Note that a proper formula never contains subterms of the form Ruv. A set C
of β-normal, η-long, negation-normal formulas is called a clause if every elementt ∈ C is either proper or of the form Ruv. In other words, a clause contains only
72
formulas of the form Ruv and proper formulas of the formp ::= fu | ¬fu | u
.=v | ¬u.=v | p ∗ p | µu(λπ.p) | M(λπ.p)
where ∗ ∈ {∧,∨}, µ ∈ {3, 2}, M ∈ {A, E}. A clause C is called proper if everyformula t ∈ C is proper. C is called monadic if every proper t ∈ C is monadic.V , N , and F are extended to clauses in the natural way. So, for instance,NC :=
⋃t∈C N t. Please note that in the following, we will always think of clauses
as conjunctions, not as disjunctions.
Definition (Interpretation) An interpretation of hybrid logic is a standard in-terpretation of the simply typed λ-calculus that interprets the type constantsB, V, the parameters .=,¬,∧,∨, R, 3, 2, E, A, and the variables in Var such thatDB = {0, 1} where 0 6= 1, DV 6= ∅, and
D(u .=v) = 1 ⇐⇒ Du = Dv
D(¬t) = 1 ⇐⇒ Dt 6= 1D(s ∧ t) = 1 ⇐⇒ Ds = 1 and Dt = 1D(s ∨ t) = 1 ⇐⇒ Ds = 1 or Dt = 1D(Ruv) = 1 ⇐⇒ (Du,Dv) ∈ DR
D(3ut) = 1 ⇐⇒ ∃ a ∈ DV : (Du, a) ∈ DR and Dta = 1D(2ut) = 1 ⇐⇒ ∀ a ∈ DV : (Du, a) ∈ DR implies Dta = 1D(Et) = 1 ⇐⇒ ∃ a ∈ DV : Dta = 1D(At) = 1 ⇐⇒ ∀ a ∈ DV : Dta = 1
Whenever we have Dt = 1, we also write D � t and say that D satisfies t, orthat t is valid in D. A term is called satisfiable if it has a satisfying interpretation.
We write (λx.t)↓u for t[x := u] and make use of the following property.
Proposition 2.1 (β-Compatibility) D(s↓t) = Ds(Dt).
3 Saturatedness and Model Existence
For every clause C, let ∼C denote the equivalence closure of the relation{(u, v) |u .=v ∈ C}. We also write [u]C to denote the set {v |u ∼C v}.
Let ι ∈ P(Nam) → Nam be a choice function, i.e. a function such that, for allA ∈ P(Nam): |A| > 0 =⇒ ιA ∈ A.
For every clause C we define ρC ∈ NC → NC such that ρCu = ι[u]C . Namesu such that ρCu = u are called ρC -normal.
So, given a name u, ρC returns a canonical representative of the equivalenceclass of u in C. Later, when we look at the saturation process, it will be obviousthat ρC needn’t be re-computed from scratch for every intermediate clause, butcan be constructed incrementally, for instance using a disjoint-set forest (see [9, 8]).
Definition (Triviality) A clause C is called trivial if either• ¬u
.=v ∈ C for some u, v such that ρCu = ρCv, or• fu ∈ C and ¬fv ∈ C for some u, v, f such that ρCu = ρCv.
Formulas that are either of the form 3ut or 2ut are called modal literals.Let C be given. We define the notation
PCu := {λx.3xt |3ut ∈ C} ∪ {λx.2xt |2ut ∈ C}
PC(3ut) :={{λx.3xt} ∪ {λx.2xs |2us ∈ C} if 3ut ∈ C
∅ otherwise
73
(S .=) PCu ⊆ PC(ρCu).
(S∧) If s ∧ t ∈ C, then s, t ∈ C.(S∨) If s ∨ t ∈ C, then s ∈ C or t ∈ C.(S3) If 3ut ∈ C and ρCu = u,
then ∃v : PC(3ut) ⊆ PC(3vt) and 3vt is expanded in C.(S2) If 2ut, Ruv ∈ C, then t↓v ∈ C.(SA) If At ∈ C and ρCu = u, then t↓u ∈ C.(SE) If Et ∈ C, then t↓u ∈ C for some u.
Figure 2: Saturatedness Conditions
The sets PCu and PC(3ut) are called the patterns of u and 3ut, respectively, thelatter also being called diamond patterns. A formula of the form 3ut ∈ C is calledexpanded in C if there exists a name v such that Ruv ∈ C and t↓v ∈ C.
We use patterns to abstract away names from formulas in such a way thatevery two modal literals of the form µut and µvt, for some µ ∈ {3, 2}, correspondto the same abstraction λx.µxt. Although diamond expansion introduces newnominal variables and hence formulas that are not subformulas of the terms fromwhich they were generated, such formulas can always be related to a subterm of agenerating formula by abstracting away the newly introduced variable. As we willsee in Chapter 7, this property is of crucial importance when it comes to showingtermination of our procedure.
Definition (Saturatedness) A clause C is called saturated if it satisfies S .=,
S∧,S∨,S2,SA,SE , and S3.
The saturatedness conditions given in Figure 2 are mostly straightforward, solet us just explain the intuition behind S3. There we observe that, provided thereis some name w such that Rvw, t↓w ∈ C and PC(3ut) ⊆ PC(3vt), there is noneed to expand 3ut because in a model of C the vertex corresponding to theintroduced name could not make any formulas true that are not already true inthe vertex corresponding to w. Therefore, given a model of PC(3vt), it suffices tointroduce an edge between the vertices corresponding to u and v to ensure thatthe resulting model satisfies PC(3ut). Note also that S3 and SA apply only toρC -normal names. We take these names to be the vertices of our model. Theprecise model construction is as follows.
Given a saturated clause C, let DC be an interpretation such that
DCV = {ρCu |u∈NC}
DCu = ρCu
DCf = λu∈DCV. ∃v : ρCv = u ∧ fv∈C
DCR = {(u, ρCv) | ρcu = u ∧
∃3ut ∈ C, w : PC(3ut) ⊆ PC(3wt) ∧Rwv ∈ C}
Looking at DC, one may wonder why we do not weaken S2 to
(S′2) If 2ut, Ruv ∈ C and ρCu = u, then t↓v ∈ C.
Condition S′2
looks more similar to S3 and SA, and seems sufficient becausenames that are not ρC -normal do not directly appear in the model. However, thisintuition turns out to be wrong.
74
Consider the clause C := {3u(λπ.fπ), Ruw, fw,2u(λπ.¬fπ), 3v(λπ.fπ),2v(λπ.¬fπ)} and assume ρCu = v. If we replace S2 with S′
2, C becomes sat-
urated. But C is clearly unsatisfiable. We see that since S3 does not require3v(λπ.fπ) to be expanded, we have to enforce propagation of 2u(λπ.¬fπ) alongRuw to arrive at a trivial clause.
Theorem 1 (Model Existence) If C is a non-trivial saturated clause and t ∈ C
proper, then DC � t.
Proof By induction on |t|.Case t = fu. Assume fu ∈ C. Then DC(fu) = DCf(ρCu) = 1 by the definition
of DCf .Case t = ¬fu. Assume ¬fu ∈ C. Since C non-trivial, there exists no v such that
ρCv = ρCu and f(ρCv) ∈ C, i.e. DCf(ρCu) = DC(fu) 6= 1. Hence DC � ¬fu.Case t = u
.=v. Assume u.=v ∈ C. Then DCu = ρCu = ρCv = DCv, i.e.
DC � u.=v.
Case t = ¬u.=v. Assume ¬u
.=v ∈ C. Since C is non-trivial, ρCu 6= ρCv, i.e.DC 6� u
.=v. Hence DC � ¬u.=v.
Case t = t1 ∧ t2. Assume t1 ∧ t2 ∈ C. By S∧, t1 ∈ C and t2 ∈ C. By the induc-tive hypothesis, DC � t1 and DC � t2. Therefore DC � t1 ∧ t2.
Case t = t1 ∨ t2. Analogously to the preceding case.Case t = 3us. Assume 3us ∈ C. Then by S .
= it holds 3(ρCu)s ∈ C. SinceρC(ρCu) = ρCu, by S3 there exist v, w such that PC(3(ρCu)s) ⊆ PC(3vs)and Rvw, s↓w ∈ C. Then (DCu,DCw) = (ρCu, ρCw) ∈ DCR. Moreover, bythe inductive hypothesis and β-compatibility, DCs(DCw) = DC(s↓w) = 1. Wehave shown that DCw witnesses validity of 3us.
Case t = 2us. Assume 2us ∈ C. We have to show that for every pair (v, w) ∈DCR such that v = DCu = ρCu it holds DCsw = 1.So assume, for some v ∈ DCV, that (ρCu, v) ∈ DCR. Then C contains a modalliteral of the form 3(ρCu)s′ such that, for some u′ and w with ρCw = v itholds PC(3(ρCu)s′) ⊆ PC(3u′s′) and Ru′w ∈ C. By S .
= it holds 2(ρCu)s ∈ C.Consequently, 2u′s ∈ C. Now by S2, s↓w ∈ C. By the inductive hypothesisand β-compatibility it holds DCsv = DCs(ρCw) = DCs(DCw) = DC(s↓w) = 1.
Case t = As. Assume As ∈ C. To show: DCsu = 1 for all u ∈ DCV. So letu ∈ DCV be arbitrary. Since ρCu = u, by SA, s↓u ∈ C. By the inductivehypothesis and β-compatibility, DC(s↓u) = DCs(DCu) = DCsu = 1.
Case t = Es. Assume Es ∈ C. By SE , s↓u ∈ C for some u. By the inductivehypothesis and β-compatibility, DC(s↓u) = DCs(DCu) = 1, i.e. DCu witnessesvalidity of Es. �
So, given a proper clause C, in order to show C satisfiable it suffices to find anon-trivial saturated clause D ⊇ C. Theorem 1 then guarantees that DD � C.
4 Saturation Algorithm
Definition (Saturation Relation) The saturation relation → on clauses is de-fined such that C → D if and only if C ( D and D can be obtained from C byone of the rules C .
=, C∧, C∨, C2, CA, CE , or C3.
75
(C3.=
) If 3ut ∈ C, add 3(ρCu)t.(C2.
=) If 2ut ∈ C, add 2(ρCu)t.
(C∧) If s ∧ t ∈ C, add s and t.(C∨) If s ∨ t ∈ C and neither s ∈ C nor t ∈ C, add s or t.(C3) If 3ut ∈ C, ρCu = u, and
there is no v such that PC(3ut) ⊆ PC(3vt) and 3vt is expanded in C,add Rux and t↓x for some x 6∈ VC.
(C2) If 2ut, Ruv ∈ C, add t↓v.(CA) If At ∈ C and ρCu = u, add t↓u.(CE) If Et ∈ C and for no u ∈ NC, t↓u ∈ C, add t↓x for some x 6∈ VC.
Figure 3: Saturation Rules
A clause C is called terminal if there exists no D such that C → D. We sayC → D don’t care if C → D and D is obtained from C by one of the rules excludingC∨. We say C → D1, D2 don’t know if D1, D2 are the two alternative results ofapplying C∨ to some formula in C.
Proposition 4.1 (Soundness) 1. If C → D don’t care, then C is satisfiable ifand only if D is satisfiable.
2. If C → D1, D2 don’t know, then C is satisfiable if and only if D1 is satisfiableor D2 is satisfiable.
We can now describe the proposed decision procedure. Given a finite monadicand proper clause C, we first construct C0 := C ∪ {π
.=π}. Using saturation andthe usual backtracking techniques, we search for a saturated non-trivial clause D
such that C0 →∗ D. C is satisfiable if and only if D exists.The reader might be wondering why we need to construct C0 and cannot
saturate C directly. The reason is that we need to ensure that at least one name oftype V occurs free in the initial clause. This way we prevent the saturation relationfrom terminating with clauses like {A(λπ.gπ ∧ ¬gπ)}, that are only satisfiable inan empty model, i.e. an interpretation D such that DV = ∅.
5 Example
Let us demonstrate the basic properties of the saturation algorithm and themodel construction with an example. Consider the following input clause C:{A(λπ.3π(λπ.fπ)), 2π(λπ.3π(λπ.π
.=a))}. (In hybrid notation, C can be writ-ten more concisely as {A3f , 23a}.) From C we construct C0 := C ∪ {π
.=π} andproceed as follows:
C0 : A(λπ.3π(λπ.fπ)), 2π(λπ.3π(λπ.π.=a)), π .=π
C2 : 3π(λπ.fπ), 3a(λπ.fπ) CA on A(. . .), π, a
C3 : Rπx, fx C3 on 3π(λπ.fπ)C4 : 3x(λπ.fπ) CA on A(. . .), xC5 : 3x(λπ.π
.=a) C2 on 2π(. . .), Rπx
C6 : Rxy, y.=a C3 on 3x(λπ.π
.=a)
76
Now assume that ρC6y = ρC6a = a. Then CA is not applicable to A(. . .), y. Sinceadditionally PC6(3x(λπ.fπ)) = PC6(3a(λπ.fπ)) ⊆ PC6(3π(λπ.fπ)), C6 is satu-rated. The model constructed from C6 looks as follows:
πf
x a
6 Completeness
Theorem 2 (Completeness) Every terminal clause is saturated.
Proof Assume C is a terminal clause. We have to show that C satisfies all thesaturatedness conditions.S .
=: By assumption, C is closed under application of C3.=
and C2.=, i.e. for every
µut ∈ C where µ ∈ {3, 2} we have µ(ρCu)t ∈ C. Then for every λx.µxt ∈ PCu
it holds λx.µxt ∈ PC(ρCu), i.e. PCu ⊆ PC(ρCu).S∧,S∨,S2,SA are easily shown using C∧, C∨, C2, CA, respectively.SE : Assume Et ∈ C. Since every application of CE enlargesNC by a new variable,
terminality of C implies that CE is not applicable. Then there has to exist someu such that t↓u ∈ C.
S3: Assume 3ut ∈ C and ρCu = u. As with CE , terminality of C implies that C3
is not applicable. Then there has to exist some v such that PC(3ut) ⊆ PC(3vt)and 3vt is expanded in C. �
7 Termination
Since C∨ is the only rule that leads to “don’t know”-reductions, the search tree ourdecision procedure has to traverse is finitely branching (binary, to be more precise).Therefore, to prove termination of the procedure it suffices to show that the treehas finite depth. This is clearly the case if the relation → always terminates. So,let us prove → terminating.
The degree of a clause C is defined as follows: deg C := maxt∈C |t|.
Lemma 7.1 Let C0 → C1 → . . . be a saturation sequence. There exist no twoindices i, j ∈ N such that i < j and, for some Et ∈ Ci ⊆ Cj , both Ci+1 and Cj+1
are obtained by an application of CE to Et.
Proof Assume by contradiction i, j do exist. Since Ci+1 was obtained by ap-plying CE to 3ut, for some w we must have t↓w ∈ Ci+1 ⊆ Cj , contradicting theapplicability of CE in Cj . �
Proposition 7.2 If C → D, then PC(3ut) ⊆ PD(3ut).
Lemma 7.3 Let C0 → C1 → . . . be a saturation sequence. There exist no twoindices i, j ∈ N, such that i < j and
1. Ci+1 is obtained by an application of C3 to 3ut ∈ Ci,
2. Cj+1 is obtained by an application of C3 to 3vt ∈ Cj,
3. PCi(3ut) = PCj
(3vt).
77
Proof Assume by contradiction indices i, j do exist. Clearly, u 6= v. By as-sumption, C3 is applicable to 3vt in Cj . This implies, amongst other things,that there exists no w such that PCj
(3vt) ⊆ PCj(3wt) and 3wt is expanded
in Cj . But, also by assumption, 3ut is expanded in Cj and, by Prop. 7.2,PCj
(3ut) ⊇ PCi(3ut) = PCj
(3vt). Contradiction. �
Proposition 7.4 If C is monadic and C → D, then D is monadic.
The following proposition is an analogue to the “quasi-subformula property”as stated in [7] or in [6].
Lemma 7.5 (Pattern Preservation) Let C be monadic and C → D.
1. At ∈ FD ⇐⇒ At ∈ FC
2. Et ∈ FD ⇐⇒ Et ∈ FC
3. {λx.3xt |3ut ∈ FD} = {λx.3xt |3ut ∈ FC}
4. {λx.2xt |2ut ∈ FD} = {λx.2xt |2ut ∈ FC}
Proof By straightforward case analysis on the saturation rules. For the lattertwo claims we additionally observe that every two formulas of the form µut andµvt, µ ∈ {3, 2}, are abstracted to the same term λx.µxt. �
Proposition 7.6 If C → D, then deg D = deg C.
Proposition 7.7 There exists a function f ∈ N× N → N, exponential in the ar-guments, such that for every clause C it holds: If deg C, |NC| < ∞, then |C| ≤f(deg C, |NC|).
Theorem 3 (Termination) → terminates on finite monadic clauses.
Proof Let C0 be a finite monadic clause. Assume by contradiction that thereexists an infinite sequence C0 → C1 → C2 → . . .. Since C0 is finite, the setsA3 := {{t} ∪ A | (t, A)∈ {λx.3xs |3us∈FC0}×P({λx.2xs |2us∈FC0})} andAE := {Et ∈ C0} are finite as well. By Prop. 7.4 and Lemma 7.5, for all Ci it holds{Et ∈ Ci} ⊆ AE and {PCi
(3ut) |3ut ∈ Ci} ⊆ A3. Now consider C :=⋃
i∈NCi.
By Lemma 7.1 and 7.3, C was obtained by finitely many applications of the rulesCE and C3, and hence NC is finite. Moreover, by Prop. 7.6, deg C = deg C0.Therefore, by Prop. 7.7, C is finite. But since Ci → Ci+1 implies Ci ( Ci+1, C
must be infinite. Contradiction. �
Since → terminates, it provides a basis for a decision procedure for the satis-fiability problem in H(E). The procedure is in EXPTIME, which is known to beoptimal for the problem [12, 1].
8 Discussion
Although our presentation is limited to a decision procedure for the class of allframes, the procedure can easily be modified to deal with other frame classes.Indeed, to obtain a decision procedure for most of the common frame classes itsuffices to modify the rule C2, analogously to how it is demonstrated in [11].Termination of the procedure is guaranteed as long as the modified rules do notviolate Lemma 7.5. In particular, our expansion constraint suffices to deal withtransitive frames.
78
Unlike urfather-based loop checks that are applicable on a per-prefix (or per-nominal) basis, the expansion constraint in C3 works on a per-diamond-patternbasis. It is possible for a clause to have two formulas of the form 3us, 3ut suchthat one of them can be expanded and the other one cannot.
An interesting feature of our expansion constraint is that we only need tolook at modal literals. This does not suffice in the case of urfather-based loop-checks, and can lead to more diamond expansions. Consider, for instance, atableau representation of {3a(λπ.fπ), ga, 3b(λπ.fπ),¬gb} (in hybrid notation,{@a3f , @ag, @b3f , @b¬g}). Clearly, neither a nor b can be considered an urfa-ther of the respective other name. Hence both diamonds need to be expanded. Inour approach, saturatedness is achieved after only one expansion.
Even if one could restrict urfather-based loop-checks to consider modal literalsonly, our expansion constraint can still do better. Given m and n distinct formulasof the form 3ut and 2ut, respectively, and assuming none of their proper subfor-mulas are modal literals, there exist 2m+n distinct sets of formulas, correspondingto up to approximately 2m+n distinct states one can obtain using urfather-basedloop-checks. In our case, however, the number of diamond expansions is boundedfrom above by m · 2n, the number of distinct diamond patterns. As an exam-ple, consider the formula A(λπ.
∨J⊆I,|J|≥1
∧j∈J 3π(λπ.fjπ)) (in hybrid notation,
A(∨
J⊆I,|J|≥1
∧j∈J 3fj)) where I is some index set and f1, . . . , f|I| are pairwise
distinct. Depending on the strategy, urfather-based loop checking can lead to anumber of diamond expansions that is exponential in |I|. Our expansion con-straint, on the other hand, allows at most |I| expansions.
9 Strong Diamond Expansion
Consider the following simplification of C3:
(Cs3) If 3ut ∈ C, ρCu = u, and 3ut is not expanded in C,
add Rux and t↓x for some x 6∈ VC.
We can define a saturation relation →s analogously to →, but with the rule Cs3
instead of C3.Note that whenever C3 is applicable to a clause C, Cs
3is also applicable to C.
The reverse direction does not hold, as we can see by looking at a simple example:Let C := {3a(λπ.fπ), 3b(λπ.fπ)}. Since C does not contain any equations,
both a and b are ρC-normal. Moreover, PC(3b(λπ.fπ)) = {λx.3x(λπ.fπ)} =PC(3a(λπ.fπ)). So, C3 is not applicable to any of the formulas in C, whereas Cs
3
is applicable to 3b(λπ.fπ).On formulas of the basic hybrid language H(@) even the simpler saturation
relation →s can be proven terminating by using essentially the same chain ofreasoning as found in [6] for a related internalized calculus. Since applicability ofC3 implies that of Cs
3, our model construction from Section 3 suffices to show the
completeness of the procedure based on →s.
10 Conclusion
Compared to the known tableau-based methods in [7, 6], our decision procedurehas several noteworthy differences:
79
1. The applicability of saturation rules in our decision procedure does not dependon the order in which new formulas are added to a clause. This informationis always present in the structure of a tableau, and is exploited by the tableaualgorithms to ensure termination, usually by means of additional rule applica-bility conditions. In the saturation-based setting the same information couldbe represented by a saturation sequence C0 → C1 → . . . → C. Our saturationrules depend solely on the contents of a clause, not on how it was constructed.
2. The rule CA is only applicable to ρC -normal names. Assuming ρ is imple-mented such that certain monotonicity principles are preserved, it will usuallybe possible to arrive at a saturated clause without having to propagate univer-sal modalities to every name. A suitable, efficient implementation of ρ may befound in [8].
3. In contrast to loop-checks as used in [7, 6], which restrict expansion on a per-prefix basis, C3 uses termination checking on a per-diamond-pattern basis. Asdemonstrated in Section 8, an input clause always generates strictly, and up toexponentially, fewer distinct diamond patterns than sets of subformulas. Thuswe hope that in practice our procedure will perform significantly better thana procedure based on loop-checks.We see the procedure as a promising basis for automated theorem proving
in hybrid logic and hope for it to provide a practical alternative to other ap-proaches (in particular to the direct resolution method by Areces, de Nivelle andde Rijke [2]).
References
[1] Areces, C., Blackburn, P., and Marx, M. The computational complexity of hybridtemporal logics. Logic Journal of the IGPL 8, 5 (2000), 653–679.
[2] Areces, C., de Nivelle, H., and de Rijke, M. Resolution in modal, description andhybrid logic. Journal of Logic and Computation 11, 5 (2001), 717–736.
[3] Barendregt, H. P. Lambda calculi with types. In Handbook of Logic in Computer Science,S. Abramsky, D. M. Gabbay, and T. S. E. Maibaum, Eds., vol. 2. Oxford University Press,1992.
[4] Blackburn, P. Internalizing labelled deduction. Journal of Logic and Computation 10, 1(2000), 137–168.
[5] Blackburn, P., and Seligman, J. Hybrid languages. Journal of Logic, Language andInformation 4, 3 (1995), 251–272.
[6] Bolander, T., and Blackburn, P. Termination for hybrid tableaus. To appear in Journalof Logic and Computation.
[7] Bolander, T., and Brauner, T. Tableau-based decision procedures for hybrid logic.Journal of Logic and Computation 16, 6 (2006), 737–763.
[8] Cormen, T. H., Leiserson, C. E., Rivest, R. L., and Stein, C. Introduction to Algo-rithms, 2nd ed. The MIT Press, 2001.
[9] Galler, B. A., and Fisher, M. J. An improved equivalence algorithm. Communicationsof the ACM 7, 5 (May 1964), 301–303.
[10] Hardt, M., and Smolka, G. Higher-order syntax and saturation algorithms for hybridlogic. In International Workshop on Hybrid Logic 2006 (HyLo 2006), to appear in ENTCS,Elsevier.
[11] Massacci, F. Strongly analytic tableaux for normal modal logics. In Proceedings of the12th International Conference on Automated Deduction (CADE’94) (1994), A. Bundy, Ed.,vol. 814, Springer-Verlag, pp. 723–737.
[12] Spaan, E. Complexity of Modal Logics. PhD thesis, ILLC, University of Amsterdam, 1993.
80
The Complexity of Hybrid Logics over Equivalence Relations
Martin Mundhenk Thomas Schneider
Institut fur Informatik, Friedrich-Schiller-Universitat, Jena, Germany
{mundhenk,schneider}@cs.uni-jena.de
Abstract
This paper examines and classifies the computational complexity of model checking and satisfia-bility for hybrid logics over frames with equivalence relations. The considered languages contain allpossible combinations of the downarrow binder, the existential binder, the satisfaction operator, andthe global modality, ranging from the minimal hybrid language to very expressive languages. Formodel checking, we separate polynomial-time solvable from PSPACE-complete cases, and for satisfi-ability, we exhibit cases complete for NP, PSpace, NExp, and even N2Exp. Our analysis includesthe versions without atomic propositions of all these languages.
1 Introduction
The quintessence of this paper is the following statement.
Although highly expressive hybrid languages can be tamed by restricting the class of frames,even very restricted frame classes have high and different levels of complexity.
Hybrid logics are powerful and well-behaved extensions of modal logic. However, their expressive poweroften claims a high price in terms of computational costs: Satisfiability for the language with the “down-arrow binder” ↓ is undecidable [1]. Facing this drawback, it is natural to ask for restrictions under whichdecidability can be restored. One way is to restrict the syntax, for instance by disallowing certain com-binations of ↓ and the 2 modality, which was examined in [12]. Another way is to restrict the semanticsby considering specific frame classes over which ↓ is not as expressive as over the class of all frames. Asuccessful “taming” (i.e., decidability for satisfiability) of the ↓ language has been established for framesof bounded width in [12], and for transitive and complete frames in [9]. Furthermore, over linear frames,where ↓ alone is useless, decidability has been shown for extensions of the ↓ language in [5].
The starting point for our considerations is the NExp-completeness result for satisfiability of the ↓language over complete frames from [9]. What happens if we enrich the language and allow for slightlymore general frames? We examine model checking and satisfiability for hybrid languages with and withoutpropositional variables for each possible combination of ↓, ∃ (a binder stronger than ↓), the satisfactionoperator @, and the stronger “somewhere” modality E over frames whose accessibility relation is anequivalence relation (ER frames for short). All these combinations are shown in Figure 1 (a). The resultscover a spectrum from polynomial time up to nondeterministic doubly exponential time and thus exhibitthe lack of robustness of languages.
The model-checking part of this paper mainly consists of consequences or refinements of results from [4](where the complexity of model checking for hybrid languages over arbitrary frames has been classifiedinto polynomial-time computable and polynomial-space complete cases). In contrast, our satisfiabilitypart contains new and technically involved results for highly expressive binder languages. The interestingpoint about those results is that adding the @ operator to the ↓ language or replacing ↓ by the stronger∃ binder does not change complexity, while adding E causes a whole exponential “jump” (from NExp-completeness to N2Exp-completeness). As we will show, this jump is due to two circumstances. First,the logic with ↓ and E lacks the exponential-size model property with respect to frames with equivalencerelations. This is because this language is expressive enough to enforce models of doubly exponentialsize. Second, we can encode a N2Exp-complete version of the the classical bounded tiling problem inthese large models.
Our results are visualised in Figure 1 (b)–(d), where the nodes of the diagrams correspond to thelanguages given in part (a). The abbreviations HL and PHL stand for the full and pure (without
81
@ ↓
E↓,@
∃
↓,E
P
P PS
PPS
PS
PS
[4]
[4]
[4]
1
1 1
1
NP
NP PS
NPPS
PS
PS
2
2
2
12
12 12
12
NP
NP NExp
NPNExp
NExp
N2Exp
2
2
2
6
66
11
(a) hierarchy of all HL(·) (b) [P]HL(·)-ER-MC (c) PHL(·)-ER-SAT (d) HL(·)-ER-SAT
Figure 1: A hierarchy of hybrid languages and an overview of their complexity.
atomic propositions) language, respectively. The abbreviations in the nodes denote complexities: P forpolynomial-time computable, and the rest for completeness with respect to NP, PSpace, NExp, andN2Exp. Each result is marked with the number of the respective theorem or a reference to its origin.
This paper is organised as follows. In Section 2, we begin with basic concepts and notations ofhybrid logic, complexity theory, and tilings. Sections 3 and 4 contain our results for model checking andsatisfiability, respectively. Due to space limitations, we have moved easier proofs and few parts of moresophisticated proofs into a technical report, see [8]. We conclude in Section 5.
2 Preliminaries
2.1 Hybrid Logic
Hybrid languages are extensions of the modal language allowing for explicit references to states. Here weintroduce the languages relevant for our work. The definitions and notations are taken from [1, 2].
Syntax. Let PROP be a countable set of propositional atoms, NOM be a countable set of nominals,SVAR be a countable set of state variables, and ATOM = PROP∪NOM∪SVAR. It is common practiceto denote propositional atoms by p, q, . . . , nominals by i, j, . . . , and state variables by x, y, . . . The fullhybrid language HL(↓,∃,@,E) is the set of all formulae of the form ϕ ::= a | ¬ϕ | ϕ∧ϕ′ | 3ϕ |↓x.ϕ | ∃ϕ |@tϕ | Eϕ , where a ∈ ATOM, t ∈ NOM∪SVAR, and x ∈ SVAR. We use the well-known abbreviations∨, →, ↔, ⊤ (“true”), and ⊥ (“false”), as well as 2ϕ = ¬3¬ϕ, ∀ϕ = ¬∃¬ϕ, and Aϕ = ¬E¬ϕ. Wheneverwe leave ↓, @, or E out of the hybrid language, we omit the according symbol from HL(·).
A hybrid formula is called pure if it contains no propositional atoms; nominal-free if it contains nonominals; and a sentence if it contains no free state variables. (Free and bound are defined as usual; theonly binding operators here are ↓, ∃.)
Semantics for HL(↓,∃,@,E) is defined in terms of Kripke models. A Kripke model is a triple M =(M,R, V ), where M is a nonempty set of states, R ⊆ M ×M is a binary relation —the accessibilityrelation —, and V : PROP → P(M) is a function —the valuation function. The structure F = (M,R)is called a frame.
A hybrid model is a Kripke model with the valuation function V extended to PROP∪NOM, where forall i ∈ NOM, #V (i) = 1. Whenever it is clear from the context, we will omit “hybrid” when referring tomodels. In order to evaluate ↓- and ∃-formulae, an assignment g : SVAR →M for M is necessary. Givenan assignment g, a state variable x and a state m, an x-variant gx
m of g is defined by gxm(x) = m and
gxm(x′) = g(x′) for all x′ 6= x. For any atom a, let [V, g](a) = {g(a)} if a ∈ SVAR, and V (a), otherwise.
Given a model M = (M,R, V ), an assignment g, and a state m ∈M , the satisfaction relation for hybridformulae is defined by
M, g,m a iff m ∈ [V, g](a), a ∈ ATOM,
M, g,m ¬ϕ iff M, g,m 6 ϕ,
M, g,m ϕ ∧ ψ iff M, g,m ϕ & M, g,m ψ,
M, g,m 3ϕ iff for some n ∈M : mRn & M, g, n ϕ,
M, g,m ↓x.ϕ iff M, gxm,m ϕ,
82
M, g,m ∃x.ϕ iff for some n ∈M : M, gxn,m ϕ,
M, g,m @tϕ iff M, g, n ϕ, where [V, g](t) = {n},
M, g,m Eϕ iff for some n ∈M : M, g, n ϕ.
A formula ϕ is satisfiable if there exist a model M = (M,R, V ), an assignment g for M, and a statem ∈M , such that M, g,m ϕ.
The operators ↓ and ∃ are called binders; @ and E are sometimes informally called jumping operators.There are certain dependencies between these four operators. First, ↓ can be expressed using ∃: ↓x.ϕ isequivalent to ∃x.(x∧ϕ). Second, ∃ can be expressed using ↓ and E: ∃x.ϕ is equivalent to ↓y.E↓x.E(y∧ϕ).Third, E can be expressed using ∃ and @: Eϕ is equivalent to ∃x.(@xϕ). Fourth, @ can be expressedusing E: @xϕ is equivalent to E(x ∧ ϕ). In these formulae, x and y are state variables. Only in the lastcase can x stand for a nominal, too.
Because of these dependencies, arbitrary combinations of the operators ↓,∃,@,E result in seven dif-ferent hybrid languages: HL, HL(@), HL(E), HL(↓), HL(↓,@), HL(∃), and HL(↓,E). The inclusionhierarchy of these languages is given in Figure 1(a). All other combinations coincide with one of theselanguages. The pure fragment of HL(X) is denoted by PHL(X).
Frame Classes; Satisfiability and Model Checking Problems. Let M = (M,R, V ) be a hybridmodel with the underlying frame F = (M,R). If we require the accessibility relation to have certainproperties, we restrict the class of relevant frames. Two frame classes are important for this paper. Theclass of complete frames is determined by the restriction R = M ×M , and the class of ER frames is theclass of all frames with equivalence relations. In the latter case, call each equivalence class of F a cluster.
For any hybrid language HL(·) and any frame class F, the satisfiability problem HL(·)-F-SAT isdefined as follows: Given a formula ϕ ∈ HL(·), do there exist a hybrid model M based on a frame fromF, an assignment g for M, and a state m ∈ M such that M, g,m ϕ ? The model checking problemHL(·)-F-MC is defined as follows: Given a formula ϕ ∈ HL(·), a hybrid model M based on a frame fromF, and an assignment g for M, does M, g,m ϕ hold for some state m from M? (If no binder is in theconsidered language, the assignment g can be left out of either formulation.)
For example, the satisfiability problem over complete frames for the ↓ language is HL(↓)-compl-SAT,while the model checking problem over ER frames for the ∃,@ language is denoted by HL(∃,@)-ER-MC.
Bounded Model Properties. A logic HL(·) is said to have the f(n)-size model property with respectto some class F of frames, for some computable function f : N → N, iff each formula ϕ ∈ HL(·)-F-SATis satisfiable in a model from F that has at most f(|ϕ|) states. This property is important for provingupper complexity bounds of certain logics.
2.2 Further Basic Concepts
Complexity. We refer to [10] for an introduction into complexity theory. In our classification, weuse the complexity classes P and NP ((nondeterministic) polynomial time), PSpace (polynomial space),NExp and N2Exp (nondeterministic time 2poly(n) and 22poly(n)
, respectively). It is known that PSpace
is closed under nondeterminism, that is, PSpace = NPSpace. A PSpace-complete problem is QSAT,which consists in determining whether a given Quantified Boolean Formula (QBF) is valid. QBF are first-order formulae of the form Q1x1 . . .Qnxnα(x1, . . . , xn), where each Qi is either ∃ or ∀, and α(x1, . . . , xn)is a Boolean formula with only the xi as free variables.
Domino tiling problems are a helpful tool to establish lower complexity bounds for logics. A tile is aunit square, divided into four triangles by its diagonals. A tile type is a colouring of these four trianglesand cannot be rotated. More formally, a tile type t is a quadruple t =
(left(t), right(t), top(t),bot(t)
)of
colours. Given a set T of tile types, a T -tiling of the square with side length n is a complete coveringof that square with tiles having types from T , such that each point (x, y) is covered by exactly one tile,adjacent tiles have the same colour at their common edges, and the outer border of the square is colouredwhite. Formally, a T -tiling of the n× n square is a function τ : {0, 1, . . . , n− 1} × {0, 1, . . . , n− 1} → T
satisfying the following condition for all (x, y) ∈ {0, 1, . . . , n− 1} × {0, 1, . . . , n− 1}.
right(τ(x, y)
)= left
(τ(x+ 1, y)
)& top
(τ(x, y)
)= bot
(τ(x, y + 1)
)(1)
bot(τ(x, 0)
)= top
(τ(x, n− 1)
)= left
(τ(0, y)
)= right
(τ(n− 1, y)
)= white (2)
83
The square tiling problem denotes the following question. Given a finite set T of tile types and a string 1n
of n consecutive 1s, is there a T -tiling of the square with side length n? This problem is NP-complete aswas shown in [11]. The proof technique used in [11] translates Turing machine computations into tilingsand is very robust, such that simple variants of the square tiling problem can straightforwardly be shownto be complete for larger complexity classes. We will consider the following variant, which we call the22n
-Tiling problem. Given a finite set T of tile types and a string 1n, is there a T -tiling of the 22n
× 22n
square? This problem is N2Exp-complete.
3 Model Checking
Franceschet and de Rijke [4] investigated model checking for hybrid logics with the ↓ and ∃ binders. Theirhardness results hold for the pure nominal-free fragments of these languages. With a slight modificationof their proof technique, it is possible to establish the same lower bound over ER frames. The proof ofthe following theorem is given in [8].
Theorem 1 Let X be {↓}, {↓,@}, {∃}, or {↓,E}. Then PHL(X)-ER-MC and HL(X)-ER-MC arePSpace-complete.
4 Satisfiability
4.1 The languages without binders
We show NP-completeness of satisfiability for all pure and non-pure languages without binders, whichis the same complexity as for modal logic over ER frames [7]. The lower bound is almost trivial, andthe upper bound is due to the O(n2)-size model property, which is established by a generalisation of theselection procedure given in [7]. The proof of the following theorem is given in [8].
Theorem 2 Let X be ∅, {@}, or {E}. Then HL(X)-ER-SAT and PHL(X)-ER-SAT are NP-complete.
4.2 The languages with binders and without E
We consider the languages HL(↓), HL(↓,@), and HL(∃) and show that satisfiability is NExp-complete(Theorem 6). Using the hierarchy of the languages, it suffices to prove that HL(↓)-ER-SAT is NExp-hard (Lemma 3 —which follows immediately from [9, Theorem 3]), and that HL(↓,@)-ER-SAT andHL(∃)-ER-SAT are in NExp (Lemmas 4 and 5).
Lemma 3 HL(↓)-ER-SAT is NExp-hard.
Lemma 4 HL(↓,@)-ER-SAT is in NExp.
Proof. It suffices to reduce HL(↓,@)-ER-SAT to HL(↓)-compl-SAT, which is in NExp [9]. This reduc-tion will rely on two basic observations. First, it suffices to consider sentences only, because free statevariables can be replaced by nominals without affecting satisfiability. Second, a satisfying ER model foran HL(↓,@) sentence ϕ consists w.l.o.g. of not more clusters than there are nominals in ϕ plus one.
To put the last observation more formally, let ϕ be an HL(↓,@) sentence with nominals i1, . . . , in. Ifϕ is satisfied in a state m of a model M, then ϕ is satisfied in the restriction of M to the clusters thatcontain m and all V (ik). This is so because other clusters are not accessible by means of 3 or @.
Hence we can assume w.l.o.g. that a satisfying model for ϕ consists of at most n+ 1 clusters. Clearlyn 6 |ϕ|. Such a model can be transformed into a model consisting of one “new” cluster that is the unionof all these “old” clusters. The old clusters can be distinguished by fresh atomic propositions c0, . . . , cn,which help simulate 3 and @ using only 3. This simulation is captured by the following translation fromHL(↓,@) to HL(↓) using a fresh state variable x.
at = a, for a ∈ ATOM (3ϕ)t = ↓x.3( ∧n
k=0
(ck ↔ 2(x→ ck)
)∧ ϕt
)
(¬ϕ)t = ¬ϕt (@vϕ)t = 3(v ∧ ϕt)
(ϕ ∧ ψ)t = ϕt ∧ ψt (↓v.ϕ)t = ↓v.ϕt
84
012
2n−1
C
00
00
Dvalues of
012
2n−1
C
10
00
Dvalues of
012
2n−1
C
01
00
Dvalues of
012
2n−1
C
11
00
Dvalues of
012
2n−1
C1
11
1D
values of
Figure 2: The behaviour of the counters C and D in an ER model.
With the help of the translation (·)t, we define the reduction function f : HL(↓,@) → HL(↓) by
f(ϕ) = ϕt ∧ c0 ∧ 2∨n
k=0 ck ∧ 2(ik → ck) ∧∧
k,ℓ=0,...,nk 6=ℓ
(2(ck ↔ cℓ)∨2
((ck → ¬cℓ)∧ (cℓ → ¬ck)
)),
where the conjuncts after ϕt express that ϕ is satisfied in cluster 0; each state of the new cluster belongsto some old cluster; nominal ik is true in cluster k; and two clusters k, ℓ are either equal or disjoint. Itremains to prove that ϕ ∈ HL(↓,@)-ER-SAT if and only if f(ϕ) ∈ HL(↓)-compl-SAT, see [8]. ❏
Lemma 5 HL(∃)-ER-SAT is in NExp.
Lemma 5 can be proven analogously, see [8]. From Lemmas 3, 4, and 5 we obtain the complete charac-terisation of the satisfiability problems for hybrid logics with ↓ and without E.
Theorem 6 Let X be {↓}, {∃}, or {↓,@}. Then HL(X)-ER-SAT is NExp-complete.
4.3 The full language
In contrast to HL(↓)-ER-SAT and HL(↓,@)-ER-SAT, the complexity of HL(↓,E)-ER-SAT is one ex-ponential level higher. The main reason for this property is the fact that small formulae can enforcesatisfying models of doubly exponential size. We will show that it is possible, but not quite straightfor-ward, to enforce a tiling in such big models, which establishes N2Exp-hardness. On the other hand, wewill prove that each satisfying model for an HL(↓,E)-formula ϕ can be restricted to a submodel of doublyexponential size that still satisfies ϕ. This will allow for a guess-and-check procedure running in N2Exp.
Lemma 7 For each n ∈ N there is a formula ϕn ∈ HL(↓,E) with the following properties.
(i) |ϕn| ∈ O(n2) (ii) ϕn ∈ HL(↓,E)-ER-SAT
(iii) Each satisfying ER model for ϕn has at least 22n
clusters with 2n states each.
Proof. In order to enforce a model of the required size, we will proceed in two steps. In the first step, wewill implement a counter C that ranges over the values 0, . . . , 2n − 1 within each cluster. This will makeit possible, for each cluster, to distinguish 2n states. The counter C is realised by atomic propositionscn−1, . . . , c0 whose truth values, in this order, constitute the binary representation of the value of C atthe respective state. (The “truth value” of ci at the state m is 1 if m ∈ V (ci), and 0 otherwise, as usual.)
In the second step we will implement a counter D that ranges over the values 0, . . . , 22n
− 1 anddistinguishes 22n
clusters (not states). It will be realised by one atomic proposition d. Given a clusterX, the binary representation of the value of D at X is determined by the truth values of d at the statesin X, in the order given by their C-values. Such a doubly exponential counter has been used in [6] toestablish lower bounds on the size of certain concepts in Description Logic.
The required behaviour of C and D in a satisfying model for ϕn is visualised in Figure 2, wherepoints and “sausages” represent states and clusters, respectively. The values of C and D in each stateare displayed next to it. In the case of C, the shown number determines the truth values of all ci asdescribed above, and in case of D the given number is the truth value of d. The respective value of thewhole counter D becomes readable after turning the D column counterclockwise by 90 degrees. The statewith C = 0 in the cluster with D = 0 shall be the state that satisfies ϕn. It is marked by a larger point.
85
0
1
2
3
2n−1
C D
values of
0
1
2
3
2n−1
C D
values of
11
01
0
00
11
0
x
y
z w
v
Name the current state y. Name the state in the x-Clusterwith ¬d and lowest possible C-value z. For the state in they-Cluster with the same C-value as z (which we call w onlyin this description and in the picture), require three things:(a) d has to hold at w; (b) ¬d has to hold at all states of they-Cluster with C-value less than the C-value of w; (c) everystate v of the y-Cluster with C-value greater than the C-value of w has to agree in d with the states of the x-Clusterthat have the same C-value as v.
Figure 3: Incrementation of the D counter.
All these enforcements, of course, will make heavy use of the ↓ operator combined with E. We willnow show how to achieve the required behaviour of C and D. This will be via several formulae whoseconjunction results in ϕn. We start with the conjuncts enforcing that each cluster has exactly 2n statesamong which every value of C between 0 and 2n− 1 occurs once. In order to keep notation short, we willintroduce some abbreviations. First, we would like to refer to specific C-values directly and abbreviate(C = 0) = ¬c0 ∧ . . . ∧ ¬cn−1 and (C 6= 2n − 1) = ¬c0 ∨ . . . ∨ ¬cn−1. Second, it will be necessary toexpress that, for some x ∈ SVAR, the C-value at the current state equals one plus the C-value of thestate to which x is bound. (Recall that @xψ abbreviates E(x ∧ ψ).)
(C = Cx + 1) =∨n−1
k=0
[ck ∧@x¬ck ∧
∧k−1ℓ=0 (¬cℓ ∧@xcℓ) ∧
∧n−1ℓ=k+1(cℓ ↔ @xcℓ)
]
In addition, we will use analogous shortcuts C T Cx expressing that the C-value at the current state isless than, equals, or is greater than the C-value of the state to which x is bound. The following conjunctsenforce the required behaviour of each cluster with respect to C.
◮ At the state satisfying ϕn, C = 0 holds. CZERO1 = (C = 0)
◮ In each cluster there is a state with C = 0. CZERO2 = A3(C = 0)
◮ Each cluster has at most one state of each C-value. CUNIQUE = A↓x.2((C = Cx) → x
)◮ For each state of C-value c < 2n − 1, there is a state of C-value c+ 1 in the same cluster.
CSUCC = A[(C 6= 2n − 1) →↓x.3(C = Cx + 1)
]
We will now construct the part of ϕn that implements the counter D. This requires expressing that thevalue of D in the cluster of the current state equals one plus the value of D in the cluster of the stateassigned to some state variable x. The appropriate macro is described and illustrated in Figure 3.
(D = Dx + 1) = ↓y.@x2 ↓z.[(¬d ∧2((C < Cz) → d)
)→
[@y2
((C = Cz) →
(d ∧2
((C < Cz) → ¬d
)∧2
((C > Cz) →↓v.@x2((C = Cv) → (d↔ @vd))
)))]]
We easily obtain the two remaining conjuncts for ϕn.
◮ The state satisfying ϕn belongs to a cluster with D = 0. DZERO = 2¬d
◮ For each cluster X of D-value d < 22n
− 1, there is a cluster Y of D-value d+ 1.
DSUCC = A↓x.(3¬d→ E(D = Dx + 1)
)
Now let ϕn = CZERO1 ∧ CZERO2 ∧ CUNIQUE ∧ CSUCC ∧ DZERO ∧ DSUCC. Since each of the aboveabbreviations is of at most quadratic size and they do not occur nested in ϕn, Part (i) of the theoremis satisfied. For (ii), it is easy to see that the following ER model satisfies ϕn at the state 〈0, 0〉 underany assignment. Use bini(n) to denote the i-th bit in the binary representation of n ∈ N, and letMn = (Mn, Rn, V n) as follows.
Mn = {〈x, y〉 | x, y ∈ N; 0 6 x < 22n
; 0 6 y < 2n} V n(ci) = {〈x, y〉 | bini(y) = 1}Rn = {
(〈x1, y1〉, 〈x2, y2〉
)| x1 = x2} V n(d) = {〈x, y〉 | biny(x) = 1}
(3)
86
0 22n
− 1 22n
22n+1 − 1 22n+1− 22n
22n+1− 1
0
2n+1−1
C\D
row 0 row 1 row 22n
− 1
Figure 4: Enforcing a tiling in an ER model of doubly exponential size.
In order to show (iii), let M = (M,R, V ) be an ER model with m0,0 ∈M and g be an assignment for Msuch that M, g,m0,0 ϕn. Now the four C-conjuncts enforce that C = 0 at m0,0, and that each clusterof M contains exactly one state of C-value c for each c = 0, . . . , 2n − 1. Due to DZERO, the D-value ofm0,0’s cluster equals 0, and DSUCC successively enforces the existence of a cluster of D-value d for eachd = 0, . . . , 22n
− 1. (Note that the value of D in each cluster is uniquely determined by V (d) and theorder of the cluster’s states determined by their C-values.) Hence M has at least 22n
clusters with 2n
states each. ❏
Corollary 8 HL(↓,E) does not have the 2poly(n)-size model property with respect to ER frames.
Theorem 9 HL(↓,E)-ER-SAT is N2Exp-hard.
Proof. We will reduce the 22n
-tiling problem to HL(↓,E)-ER-SAT. The reduction will use the tech-niques enforcing doubly exponentially large satisfying models from the proof of Lemma 7. In order toencode a tiling for the 22n
×22n
-square in an ER model M, we will first enforce that M has 22n+1clusters
with 2n+1 states each, using the same construction of counters C and D, but with parameter n+ 1. Thetiled square itself will be encoded in the states of C-value 0 of all clusters. Hence row 0 of the square willbe in the clusters of D-value 0, . . . , 22n
− 1; row 1 will be in the clusters of D-value 22n
, . . . , 2 · 22n
− 1;etc.; see Figure 4. The horizontal adjacencies in the original square can be expressed referring to pairsof clusters with successive D-values. In contrast, for the vertical adjacencies, pairs of clusters whoseD-values differ by 22n
will have to be compared.1
For the required reduction, we will show how to transform an instance 〈T, n〉 of the tiling problem intoa formula ψT,n such that there is a T -tiling of the 22n
× 22n
-square if and only if ψT,n is satisfiable. As inthe proof of Lemma 7, this formula will consist of several conjuncts. The first of them will be the formulaϕn+1 from that proof, enforcing the required structure of the model. In order to keep the remainingconjuncts short, we will use the same abbreviations again, but with n + 1 instead of n. Furthermore,D = Dx + 22n
denotes that the D-value of the current state’s cluster equals 22n
plus the D-value of thecluster containing the state to which x is bound. This abbreviation is defined analogously to the shortcutD = Dx + 1.
Now we are ready to give the conjuncts that enforce the tiling. Let T be a set of tile types. For eachtile type t we will use an atomic proposition t to denote that a tile of type t lies at the respective position.
◮ At each state with C-value 0 lies exactly one tile. TILE = A((C = 0) →
∨t∈T
(t∧
∧t′∈Tt′ 6=t
¬t))
◮ Tiles match horizontally and vertically.
HOR = A[(
(C = 0) ∧3(¬cn ∧ d))→↓x.
( ∧t∈T
→ A(((C = 0) ∧ (D = Dx + 1)) →
∨t′∈RI(t)
t′))]
The 3-subformulae require that corresponding position of the current state does not belong to thelast column (or row, respectively) of the square. The conjunct VER is defined analogously.
1 Note that this is not the standard way to encode tilings in models, insofar as not every state of the model correspondsto a position in the grid. However, this modification of the standard way is not new, since it relies on ideas developed byChlebus in [3] to encode the rectangle tiling problem with exponential parameter into a more intricate version of a boundedtiling problem that he called “High Tiling”.
87
◮ The borders of the square are white. (The three omitted conjuncts are analogous.)
WHITE = A[(
2(cn → ¬d) →∨
t∈Tbot(t)=white
t)∧ . . . ∧ . . . ∧ . . .
Now let ψT,n = ϕn+1∧TILE∧HOR∧VER∧WHITE. Each conjunct is of size at most O(n2 + |T |2). Fromtheir definitions it is clear that ψT,n can be computed in time polynomial in n+ |T |. It is straightforwardto show that there is a T -tiling of the 22n
× 22n
-square if and only if ψT,n ∈ HL(↓,E)-ER-SAT, see [8]. ❏
We will now establish the corresponding upper bound, showing that the full hybrid language has a doublyexponential size model property over ER frames. This will make it possible to decide satisfiability usinga straightforward check-and-guess procedure and involving results for model checking.
Lemma 10 HL(↓,E) has the 222n+2-size model property with respect to ER frames.
Proof. Intuitively, the proof relies on the following considerations: Call the set of propositional variablesand nominals that hold at a given state of a model the type of this state. Let the C-type of a cluster bethe set of types of all points of this cluster. If we had no ↓ in our language, then two states of the sametype that belong to the same cluster would not be distinguishable, that is, they would satisfy the sameformulae. Even two states of the same type that belong to two different clusters of the same C-type wouldnot be distinguishable. This would enable us to restrict clusters to at most one state per possible typeand to restrict a whole satisfying model for some formula ϕ to at most one cluster per possible C-typewithout affecting satisfiability of ϕ.
In the presence of ↓, this argumentation must be refined and requires a certain amount of technicaldetails. Let ϕ be a formula of size n and M = (M,R, V ) be a satisfying model for ϕ. First, there are atmost 2n possible types of states. Since an assignment for M might bind all state variables occurring inϕ to different states of the same type, only up to n + 1 states of the same type belonging to the samecluster are distinguishable. Hence, it is legitimate to restrict each cluster of M to at most n + 1 statesof each type in the first step, which leads to an exponential bound in the size of clusters.
In the second step, we modify the notion of a C-type of a cluster X to be the multiset containing asmany copies of each type as there are states of this type in X, but not more than n+ 1. It is legitimate,too, to restrict the whole model to at most n+1 clusters of each C-type. Since there are at most (n+2)2
n
many different C-types, the number of clusters —and, hence, states —of the restricted model is boundedby 22O(n)
.
The formal proof of the 222n+2-size model property requires quite some notation. Let ϕ ∈ HL(↓,E)-ER-SAT
be of size n. Then there exist an ER model M = (M,R, V ), an assignment g0 for M, and a state m0 ∈Msuch that M, g0,m0 ϕ. Let Ci ⊆ M , i ∈ I, be all clusters of M, for an appropriate index set I thatcontains 0, such that m0 ∈ C0. Let x1, . . . , xs be all state variables occurring in ϕ. Analogously, leta1, . . . , at be all other atoms in ϕ. Clearly s, t 6 n. A ϕ-type is a subset of {a1, . . . , at}. Let A1, . . . , A2t
be an enumeration of all ϕ-types, such that m0 is of type A1. (A state m is of type Aℓ iff for eachj = 1, . . . , t: (m ∈ V (aj) ⇔ aj ∈ Aℓ). Furthermore, we will deliberately speak of “(C-)types” instead of“ϕ-(C-)types” whenever no confusion may arise.) Given a cluster C, we divide it into 2t “type layers”Cℓ
i ={m ∈ Ci | m is of type Aℓ}.
We define a function f : I × {1, . . . , 2t} → P(M) that assigns a set of states to each pair 〈i, ℓ〉 of acluster number i and a type number ℓ, such that f(i, ℓ) is a subset of Ci. The union of all possible f(i, ℓ)will constitute the first restriction of M. The function f is defined as follows, where #Cℓ
i denotes thenumber of states in Cℓ
i . If #Cℓi 6 s+ 1, then f(i, ℓ) = Cℓ
i . Otherwise, f(i, ℓ) is some subset of Cℓi of size
at most s+ 1 that satisfies the following conditions.
(i) For each j = 1, . . . , s: if g0(xj) ∈ Cℓi , then g0(xj) ∈ f(i, ℓ). (ii) m0 ∈ f(0, 1).
Such a subset always exists. For any cluster Ci, let f(Ci) denote the union of all f(i, ℓ). Due to thedefinition of f , f(Ci) ⊆ Ci, and f(Ci) has at most (s + 1) · 2t states. We denote the union of all f(Ci)by M ′.
After restricting the cluster size, we will restrict the number of the clusters. Let A be the multisetcontaining s+ 1 copies of each type Aℓ. Call each subset of A a ϕ-C-type. The power set P(A) contains(s+2)2
t
elements. Let A1, . . . ,A(s+2)2t be an enumeration of all ϕ-C-types, such that f(C0) is of C-type
88
A1. (The C-type of a cluster Ci is determined by the number of states of each type in its restrictionf(Ci).) We divide M ′ into (s+ 2)2
t
“C-type layers” Cℓ being the union of f(Ci) for all Ci of C-type Aℓ.Now define a second choice function f ′ :
{1, . . . , (s + 2)2
t}→ P(M ′) that assigns a set of states to
each C-type number such that f ′(ℓ) is a union of (restricted) clusters. The union of all possible f ′(ℓ) willconstitute the second restriction of M. The function f ′ is defined as follows. If there are not more thans+ 1 clusters of C-type Aℓ, then f ′(ℓ) = Cℓ. Otherwise, f ′(ℓ) is the union of s+ 1 restricted clusters oftype Aℓ satisfying
(iii) ∀j = 1, . . . , s: if g0(xj) ∈ f(Ci) for some Ci of type Aℓ, then f(Ci) ⊆ f ′(ℓ); (iv) f(C0) ⊆ f ′(1).
Such a subset always exists. Due to the definition of f ′, each f ′(ℓ) contains at most s + 1 restrictedclusters and, hence, (s + 1)2 · 2t states. We now construct a new model M′′ = (M ′′, R′′, V ′′) from M,where M ′′ is the union of f ′(ℓ) for all C-types Aℓ, and R′′ and V ′′ are the restrictions of R and V to M ′′.Now the following facts about M′′ are obvious. It is still an ER model, whose clusters are restrictionsof clusters of M. It contains m0, because m0 ∈ f(C0) ⊆ f ′(1). The assignment g0 is an assignment forM′′. Since there are (s+ 2)2
t
C-types, M ′′ contains (s+ 2)2t
· (s+ 1)2 · 2t states. This number is limitedby 222n+2
because s, t 6 n.It remains to show that M′′, g0,m0 ϕ. For this purpose, we make use of an auxiliary statement.
This statement uses the concept of agreement in a pair of assignments. We say that two states m and m′
from M agree in two assignments g/g′ for M iff {xk | g(xk) = m} = {xk | g′(xk) = m′}. Two clusters
Ci and Ci′ agree in g/g′ iff they are of the same C-type, and for each Aℓ, each m ∈ Cℓi , there is some
m′ ∈ Cℓi′ that agrees with m in g/g′.
Claim 1. For each subformula ψ of ϕ; for each two assignments g, g′ for M; for each C-type Aℓ; foreach two clusters Ci and Ci′ that agree in g/g′; for each type Aℓ; and for each m ∈ Cℓ
i and m′ ∈ Cℓi′ that
agree in g/g′; it holds that M, g,m ψ iff M, g′,m′ ψ.
Now the required fact M′′, g0,m0 ϕ is a consequence of the following claim.
Claim 2. For each subformula ψ of ϕ, for each m ∈ M ′′, for each assignment g for M”, it holds thatM, g,m ψ iff M′′, g,m ψ.
Claims 1 and 2 are proven in [8]. ❏
The following theorem is an almost immediate consequence of Lemma 10 and [4, Theorem 4.5]. Fordetails of the proof, see [8].
Theorem 11 HL(↓,E)-ER-SAT is N2Exp-complete.
4.4 Pure languages with binders
Satisfiability for all pure languages with binders is PSPACE-complete. The lower bound is due to aneasy reduction from QSAT similarly to that for the model checking problem in Theorem 1. The upperbound uses a polynomial-size model property that is obtained in a similar manner as the 222n+2
-size modelproperty for HL(↓,E) in Lemma 10. Note the following subtle difference in argumentation. While the222n+2
-size model property of HL(↓,E) implies an N2Exp upper bound for satisfiability, the polynomial-size model property of a binder language does not imply an NP upper bound for satisfiability. Thereason becomes clear if we recall the general complexity results for model checking over arbitrary framesfrom [4]: In the presence of binders, this problem is PSpace-complete, but an upper time bound isO(|ϕ| · |M |2|ϕ|). If the model is large compared to the formula, as in the case of HL(↓,E), then the factor|ϕ| in the exponent is unimportant. In the case of a polynomial-size model property, however, the uppertime bound for model checking only yields an exponential time bound for the whole guess-and-checkalgorithm deciding satisfiability. The proof of Theorem 12 is given in [8].
Theorem 12 Let X be {↓}, {↓,@}, {∃}, or {↓,E}. Then PHL(X)-ER-SAT is PSpace-complete.
89
5 Conclusion
We have completely classified the computational complexity of model checking and satisfiability over ERframes for all hybrid languages shown in Figure 1 (a). In detail, we have established the following results.
Model checking is in polynomial time for each binder-free language, and PSpace-complete in thecases with binders. In all seven cases, the pure fragment has the same complexity.
Satisfiability is NP-complete for all binder-free cases, whether pure or with propositional variables.This is the same complexity as for modal logic over equivalence relations [7]. For the four languages withbinders, there is a significant gap in complexity between the pure and non-pure cases. The former arePSpace-complete, while the latter are NExp-complete if E is not in the language, and even N2Exp-complete with E. As for the last case, we have established a 222n+2
-size model property for HL(↓,E) withrespect to ER frames, and we have disproven a 2poly(n)-size model property.
The scope of our results is slightly larger than stated in Theorems 1, 6, 11, and 12, in the sensethat all these statements hold as well for the nominal-free fragments of all sentences of the respectivelanguages HL(·) and PHL(·). This is due to the fact that neither nominals nor free state variablesoccur in the particular reductions used for the lower bounds. (Except for the case of Lemma 3, to beprecise. However, the lower NExp bound for HL(↓)-compl-SAT does hold for nominal-free sentences aswell, because nominals and free state variables can be simulated in complete frames using bound statevariables.) The only case in which the lower bound does not carry over to the pure fragment is that ofsatisfiability for binder-free languages (see Theorem 2).
References
[1] Areces, C., P. Blackburn and M. Marx, A road-map on complexity for hybrid logics, in: Proc. of the13th CSL, 1999, LNCS 1683 (1999), pp. 307–321.
[2] Areces, C., P. Blackburn and M. Marx, The computational complexity of hybrid temporal logics,Logic Journal of the IGPL 8 (2000), pp. 653–679.
[3] Chlebus, B. S., Domino-tiling games., J. Comput. Syst. Sci. 32 (1986), pp. 374–392.
[4] Franceschet, M. and M. de Rijke, Model checking for hybrid logics (with an application to semistruc-tured data), Journal of Applied Logic 4 (2006), pp. 279–304.
[5] Franceschet, M., M. de Rijke and B.-H. Schlingloff, Hybrid logics on linear structures: Expressivityand complexity, in: Proc. of the 10th TIME, 2003 (2003), pp. 166–173.
[6] Ghilardi, S., C. Lutz and F. Wolter, Did I damage my ontology? A case for conservative extensionsin description logics, in: P. Doherty, J. Mylopoulos and C. Welty, editors, Proc. 10th Int. Conf. onPrinciples of Knowledge Representation and Reasoning (KR’06) (2006), pp. 187–197.
[7] Ladner, R. E., The computational complexity of provability in systems of modal propositional logic,SIAM Journal on Computing 6 (1977), pp. 467–480.
[8] Mundhenk, M. and T. Schneider, The complexity of hybrid logics over equivalence relations, TechnicalReport 07-02, Reports on Computer Science, Friedrich-Schiller-Universitat Jena (2007).URL http://www.minet.uni-jena.de/Math-Net/reports/reports.html
[9] Mundhenk, M., T. Schneider, T. Schwentick and V. Weber, Complexity of hybrid logics over transitiveframes, in: H. Schlingloff, editor, M4M, Informatik-Berichte 194 (2005), pp. 62–78.
[10] Papadimitriou, C. H., “Computational Complexity,” Addison-Wesley, 1994.
[11] Savelsbergh, M. and P. van Emde Boas, Bounded tiling, an alternative to satisfiability, in: G. Wech-sung, editor, 2nd Frege Conference, Mathematische Forschung 20 (1984), pp. 354–363.
[12] ten Cate, B. and M. Franceschet, On the complexity of hybrid logics with binders, in: Proc. of the19th CSL, 2005, LNCS 3634 (2005), pp. 339–354.
90