Monodic temporal logic with quantified propositional variables

This item was submitted to Loughborough’s Institutional Repository

(

https://dspace.lboro.ac.uk/

) by the author and is made available under the

following Creative Commons Licence conditions.

For the full text of this licence, please go to:

Monodic Temporal Logic with

Quantified Propositional Variables

Walter Hussak

February 2011

Abstract

We extend the monodic fragment of first-order linear temporal logic to include right-linear grammar operators and quantification of proposi-tional variables. Unlike proposiproposi-tional temporal logic, the use of grammar operators in first-order temporal logic is not equivalent to general propo-sitional quantification, as the latter admit satisfiable formulae without countable models. We consider the decision problem for fragments where propositional quantification occurs outside of quantification of individual variables and temporal (grammar) operators. We show that if externally quantified propositions inside temporal operators occur within positive occurrences of universal quantifiers for individual variables then validity for all propositional prefix classes is recursively enumerable, and decidable in the two-variable case. Without this condition we show that, even with very severe restrictions on the first-order part of the logic, no non-trivial prefix class is recursively enumerable.

Keywords: Monodic Temporal Logic, Quasimodels, Decidability, Recursive

Enumerability.

1

Introduction

Propositional linear temporal logic can be made more expressive by introducing propositional quantification [18], [17]. The resulting logic QPTL is decidable, but with non-elementary complexity. Other ways of achieving the expressive power of QPTL include the use of right-linear grammar operators as in ETL [21], the linearµ-calculus [2], and the use of various kinds of automata as temporal connectives [20], [15]. These alternative methods have often been preferred to propositional quantification because of elementary decision problems, and have given rise to extensions in a wide range of logics from Extended CTL* to Automata Logic [5]. Recently, there has been an increase in interest in

∗_{Department of Computer Science, Loughborough University, Loughborough, LE11 3TU,} [email protected]

QPTL with complete proof systems being given in [14] and [9]. Propositional quantification has also been studied in branching temporal logic [8].

In this paper we extend both the use of grammar operators and propositional quantification to first-order linear temporal logic and establish basic results on decidability/recursive enumerability. For the latter to hold, the underlying first-order temporal logic being extended has to be decidable/recursively enumerable, and so we work with the monodic fragment [12]. We show that unsatisfiability is recursively enumerable for the monodic fragment where propositional quan-tification occurs outside of quanquan-tification of individual variables and grammar operators, inside of which externally quantified propositions are within positive occurrences of existential quantifiers for individual variables in the overall for-mula. Satisfiability is decidable for the case where the number of individual variables is restricted to two.

This paper is structured as follows. In section 2, we define the monodic fragment of first-order temporal logic and monodic fragments with grammar operators and propositional quantification. The structures used for proving decidability of monodic temporal logics are ‘quasimodels’ [12]. In section 3, we give an expanded form of quasimodel corresponding to a collection of models of a monodic formula differing on the assignments of propositions. The main decidability/recursive enumerability results are given in section 4. We make some concluding remarks in section 5.

2

Languages and models

The alphabet of the temporal language consists of lists of propositional

sym-bolsP0, P1, . . .some of which are designated as quantifiable, predicate symbols

p0, p1, . . .(but not equality), individual variablesx0, x1, . . ., individual constants

c0, c1, . . ., the booleans¬,∧,>,⊥, the quantifiers∃xand∃P for individual and

propositional variables respectively, and temporal operatorsGi_(ψ

1, . . . , ψm)

cor-responding to right-linear grammarsGi_{. EachG}i_{with non-terminalsV}

0, . . . , Vl

and terminalsv1, . . . , vm, generates words by means of a finite set of

produc-tionsVh →vh0V_h00 ∈Prodi starting at V₀. The grammar operator G°(ψ₁, ψ₂)

is defined by the productionsV0 →v1V1, V1 →v2 andGW(ψ1, ψ2) by the

pro-ductionsV0→v1V0, V0→v2. Formulaeψare defined by:

ψ ::= P |p(t1, . . . tn)| ¬ψ1|ψ1∧ψ2| ⊥ | > |

∃xψ| ∃Piψ| Gi(ψ1, . . . , ψm)

where Pi is quantifiable, pis an n-ary predicate symbol and any of the ti’s in

p(t1, . . . , tn) is a constant or individual variable. We use the standard

abbrevi-ations for∨,⇒and∀, and

°ψ=G°(>, ψ), ψ1Uψ2=¬GW(ψ1∧¬ψ2,¬ψ1∧¬ψ2),♦ψ=>Uψ,¤ψ=¬♦¬ψ

and refer, loosely, to ‘predicates’ p(x1, . . . , xn). A formula denoted by, for

set {x1, . . . , xn}. The formula which results from substituting all occurrences

of xby y in ψ, is denoted ψ[x/y]. We write ψ1 ≤ψ2 to denote that ψ1 is a

subformula ofψ2. The symbols⊥and >are also used loosely to denote truth

values. Thescopesof occurrences of∃xandGi _{in ∃xψ andG}i_(ψ

1, . . . , ψm) are

ψand (ψ1, . . . , ψm) respectively.

Astructure (or model) I over domain Dassigns values of appropriate type to propositional symbols, predicate symbols, and individual constants over some domainD

I =<D, PI

0, . . . , pI0, . . . , cI0, . . .>

Ifuassigns values to some subset of symbols, then the structureI†udenotes the structure which assigns values for these symbols according touand other symbols according to I. A temporal structure (or model) M is a sequence of structures (I(n) :n∈N) over the same domainDsuch that, for every individual constant c and n1, n2 ∈ N, cI(n1) = cI(n2). The truth relation (M, n) |=a ψ,

whereais an assignment of values to individual variables, is defined inductively on the construction ofψas follows:

ˆ (M, n)|=a _{P iffP}I(n)_=>

ˆ (M, n)|=a _p(t

1, . . . , tn) iff pI(n)(a1, . . . , an) =>, where ai =a(ti) ifti is

a variable, andai=tIi(n) ifti is a constant

ˆ (M, n)|=a _¬ψ

1 iff (M, n)|=aψ1 does not hold

ˆ (M, n)|=a _ψ

1∧ψ2 iff (M, n)|=aψ1 and (M, n)|=aψ2

ˆ (M, n) |=a _{∃xψ iff (M, n) |=}b _{ψ for some assignment b that may differ}

froma only onx

ˆ (M, n) |=a _{∃P ψ iff for all n}0 _{∈ N there is an assignmentu}

n0 of a truth

value toP such that, ifM0_{= (I(n}0_)†u

n0 :n0 ∈N), we have (M0, n)|=aψ

ˆ (M, n)|=a _Gi_(ψ

1, . . . , ψm) iff there is a finite or infinite wordwnwn+1. . .

generated byGi _{such that, for alln}0 _{≥n, if w}

n0 is defined andw_n0 =v_j,

then (M, n0_)|=a_ψ

j

A temporal structureMsatisfiesa formulaφwith no free individual variables iff (M,0)|=a_{φfor some assignmenta, andφisvalidiff allMsatisfyφ.}

Satisfi-ability/validity for a subsetLof the temporal language isdecidable/recursively enumerableiff the set of satisfiable/valid formulae inL is recursive/recursively enumerable.

A formulaφismonodicif any subformula ofφof the formGi_(ψ

1, . . . , ψm) has

at most one free individual variable. The languageEMTLis the set of monodic formulae with no propositional quantification and the languageQEMTLis the set of closed (for the individual variables) monodic formulae where propositional quantification occurs only outside of quantification of individual variables and grammar operators. By first-order logic we mean the set of formulae with-out either grammar operators or propositional quantification. We denote by

subxφ the set of subformulae of φ containing at most one free variable,

re-named to some variable x not occurring in φ. For every formula of the form

ψ(x) = Gi_(ψ

1(x), . . . , ψm(x)), we reserve a unary (possibly nullary) predicate

pψ(x) called the surrogate of ψ. Given any EMTL formula ψ, we denote by

ψ the formula that results from ψ by replacing all subformulae of the form

Gi_(ψ

1(x), . . . , ψm(x)), which are not within the scope of another occurrence of

a grammar operator, by their surrogates. Clearly,ψ is a formula in first-order logic.

Every formula inQEMTLcan be put into aprenex normal form

Q1P1. . .QkPk.φ(P1, . . . , Pk) (1)

where each Qi is either ∃ or ∀, each Pi a propositional variable, and φ has

no propositional quantifiers. Here, Q1P1. . .QkPk is the prefix and φ the ma-trix. A variable x is said to be live in a subformula ψ of φ if there is some

Gi_(ψ

1, . . . , ψm)≤ψ in which somePj(1≤j ≤k) occurs, and such that x

oc-curs free in everyψ0 _withGi_(ψ

1, . . . , ψm)≤ψ0≤ψ. The languageEMTL∃pos is

the set of matrices in (1) such that, whenever∃xψ≤φandxis live inψ, then

|{ψ0_{:∃xψ≤ ¬ψ}0 _{≤φ}|is even (2)}

Then,QEMTL∃pos _{is the set of formulae (1) such thatφ∈EMTL}∃pos_{. Note that}

(2) says that the quantifier that binds the free variable in anyGi_(ψ

1, . . . , ψm)

involving aPj(1 ≤j ≤k), is always a positive occurrence of ∃ in φ.

Exam-ples of EMTL∃pos formulae will be seen in section 4. We define subclasses of formulae (1) called prefix classes by specifying allowable prefixes. Asφ in (1) may contain quantifiers for individual variables, these are only prefix classes for propositional quantification. We denote by Π the set {P1, . . . , Pk}, by surrφ

the set of propositions, constants, predicates and surrogates of subformulae of

φ, and bysurrPφthe set of propositions Pi∈Π and surrogates of subformulae

ofφcontaining at least onePi∈Π. A structureJ assigning values of

appropri-ate type to symbols insurrφ−surrPφmay be expanded to a structureJ0 that

assigns values to symbols insurrPφ. In that caseJ0 is called a Π-expansionof

J.

3

Quasimodels

The decidability of monodic fragments of first-order temporal logic is usually established using ‘quasimodels’ [12]. Quasimodels for a formulaφhave, at each moment in time n, a ‘state candidate’ which is a collection of possible sets, indexed by elements t in some finite set T, of the formulae ψ in subxφ such

that ψ is true at moment in time n, for some element a (substituting for x) of the domain of a first-order model J(n) that ‘realizes’ the state candidate. They also have a setR of ‘runs’, which are sequences comprising a choice oft

from each realizable state candidate. This set of runsRforms the domain of a temporal model (I(n) : n∈N) for φ by defining, for eachn∈ N, a surjection

∆n fromRto the domainDofJ(n) so that a runris interpreted inI(n) in the

same way as its image under ∆n in D is interpreted inJ(n). The effect of ∆n

is to ‘duplicate’ the points of theJ(n) so that different duplicates can produce different required behaviours at different moments in time, and hence give rise to a temporal model forφ. A test for satisfiability ofφis constructed by encoding the existence of a quasimodel into one of the (decidable) second-order theories of natural numbers with successor functions and monadic predicatesS1SorS2S. The exact nature of quasimodels depends on the linear [12] or branching [13], [3] temporal logic of interest. Our aim in this section is to determine when an

EMTLpos formula φhas a model for all (temporal) assignments υ in some set of assignments Υ where the assignments to Pi ∈ Π vary. This is achieved by

extending the basic quasimodel approach.

We define quasimodels for which realizable state candidates have an extra indexuin some other finite setU, to cater for different subsets ofsubxφbeing

true at the same moment in timenand element of the domain, but for different assignments over time for the propositionsPi ∈Π. This leads to a setof

first-order models atn, (Ju(n) :u∈U), for state candidates. These new realizable

state candidates are defined below by Definitions 3.3 and 3.4 and are computed in first-order logic in Lemma 3.6. Also, we define indexed sets of runs Rυ to

correspond to eachυ ∈Υ. A temporal model forφ with temporal assignment

υ ∈ Υ to Pi ∈ Π, (Iuυn(n) : n ∈ N) where uυn ∈ U depends on υ and n, is

then constructed to have its domain equal to the union R of all the indexed sets of runsRυand interpretation atn,Iuυn(n), defined by surjections ∆υn, for

eachRυ, to the domainD(common to allJu(n)’s) ofJuυn(n). Below, runs are

defined by Definitions 3.8 and 3.9 and quasimodels and the surjections ∆υn by

Definitions 3.7 and 3.10, and Lemma 3.12 respectively.

The main result, linking the existence of our (new) quasimodels and models for φ, for all assignments υ ∈ Υ, is Theorem 3.13. It relies on an induction on subformulaeψ ofφ, proving thatψ is true inIuυn(n), for an assignment of

free individual variables inψto runsr∈R, iffψis true in the temporal model at n for the same assignment of free individual variables and for assignments toPi ∈Π according to υ. A difficulty arises in overcoming occurrences of ∀x,

i.e. occurrences of¬∃x, in the induction, as runsr∈Rthat are in Rυ behave

well in Iuυn(n), but runs in another Rυ0 (υ

0 _{6= υ), which are in the domain}

of the model and have to be taken into account by the universal quantifier, may not behave so well in Iuυn(n). Fortunately, as φ belongs to EMTL

∃pos_,

there is no Pi ∈ Π in the scope of any ∀x, and so interpretations for those

scopes will be the same for υ as for any other υ0_{. In the induction, the live}

individual variables inψ (that are in the scope of an existential quantifier inφ

that containsPi ∈Π), are assigned (by ‘realizing’ assignments) to runsr∈Rυ

that satisfy existentially quantified subformulae, as required, in Juυn(n) and

thereforeIuυn(n). Free individual variables bound by other quantifiers can have

any assignments as they behave identically in allυ∈Υ. Realizing assignments are given in Definition 3.5.

The other parts of this section that we have not mentioned are Lemma 3.11, which concerns countable models, and the two following results from classical

first-order logic that we use.

Lemma 3.1 LetJ =<D, PJ

0, . . . , pJ0, . . . , cJ0, . . .>be a structure of first-order

logic. Suppose that

∆ :D0 _→D

is a surjection and that the structure I =<D0_{, P}I

0, . . . , pI0, . . . , cI0, . . .> is such

that, for alll≥0, and for all assignmentsaof individual variables to elements in

D0_{, if the assignmenta}J _{is defined bya}J_{(x) = ∆(a(x)), we have thatP}I l =PlJ,

I|=a_p

l(x1, . . . , xn) iffJ |=a J

pl(x1, . . . , xn), and ∆(cIl) =cJl. Then, as equality

is absent, for any formulaψand assignmenta,

I|=aψ iff J|=aJ ψ

We will say that ∆inducesthe first-order structureIoverD0 _{from J.}

Lemma 3.2 Satisfiability for the class of first-order logic formulae not

neces-sarily in prenex normal form, which use at most two individual variables and any number of constants, is decidable (see [4]).

For the remainder of this paper, we shall fix φ to be an EMTL∃pos formula which is the matrix of a formula as in (1) with no free individual variables.

Definition 3.3 (state candidate) Let C be the set of individual constants

in φ, U be a set of cardinality 22|subxφ|

.2|subxφ||C| _{and T a set of cardinality}

2|subxφ||U|_{+|C|. Suppose thatT andC are functions with signatures:}

T :T×U → P(subxφ), C:C×U → P(subxφ)

whereP(subxφ) is the powerset ofsubxφ. Then, the pair<T , C>is called astate candidateforφ. AsT,C,U andsubxφare finite, there is an effective bound on

the number of possible state candidates forφ. The state candidates of interest are the ‘realizable’ state candidates.

Definition 3.4 (realizable state candidate)For a structureJ and an

ele-mentaof its domainD, thetype tpJ(a) is defined to be: tpJ(a) ={ψ∈subxφ:J |=ψ(a)}

LetJ be a structure assigning values to all symbols in surrφ−surrPφover a

domainD and let J ={Ju : u∈U} be a set of Π-expansionsof J. Then,J realizesthe state candidate <T , C>withbaseJ iff:

(i) For allt∈T, there isa∈Dsuch that, for allu∈U,T(t, u) = tpJu(a).

(ii) For alla∈D, there ist∈T such that, for allu∈U,tpJu(a) =T(t, u).

(iii) For all c ∈ C, if cJ _{= a where a ∈ D, then, for all u ∈ U, tp}

Ju(a) =

A state candidate isrealizableif it is realized by some such J. Intuitively, the

u∈U give different structures to match different assignments toPi ∈Π over

time. Lemma 3.6 below provides a test for realizability. In the proof of the main result, Theorem 3.13, we shall make use of the following assignment for live variables.

Definition 3.5 (realizing assignment) Suppose that J realizes <T , C> as

in Definition 3.4. Let∃xψ be a subformula ofφ such thatxis live in ψ, a be an assignment to individual variables, andu∈U be such that

Ju|=a∃x.ψ

Then, clearly, there exists an assignmentraa,u,ψ, called a realizing assignment,

such that

raa,u,ψ(y) =a(y) (y6=x) (3)

and

Ju|=raa,u,ψ ψ (4)

(Strictly speaking, we should writeraa,u,ψ,J as the realizing assignment depends

onJ, butJ will be clear from the context.)

Lemma 3.6 A state candidate<T , C> forφis realizable iff the conjunctionθ

of the following three first-order logic formulaeθ1,θ2 andθ3is satisfiable:

θ1 = ^ t∈T ∃x ^ u∈U ( ^ ψ(x)∈T(t,u) ψ(x)[. . .] ∧ ^ ψ(x)∈/T(t,u) ¬ψ(x)[. . .] ) θ2 = ∀x _ t∈T ^ u∈U ( ^ ψ(x)∈T(t,u) ψ(x)[. . .] ∧ ^ ψ(x)∈/T(t,u) ¬ψ(x)[. . .] ) θ3 = ^ c∈C ^ u∈U ( ^ ψ(x)∈C(c,u) ψ(c)[. . .] ∧ ^ ψ(x)∈/C(c,u) ¬ψ(c)[. . .] )

where [. . .] substitutes occurrences ofPi∈Π by propositionsPi,uand predicates

pψ ∈ surrPφ by predicates pψ,u of the same arity. Furthermore, if φ has at

most two individual variables (possibly reused with different quantifiers) then realizability is decidable.

Proof For the decidable case, if φ has at most two individual variables, the conjunction θ1 ∧θ2 ∧θ3 can be written using no more than two individual

variables. Decidability follows from Lemma 3.2.

Definition 3.7 (state function)Astate functionfassociates with eachn∈N

a realizable state candidatef(n) =<T_n, Cn>.

Definition 3.8 An individual assignment υPi for P_i ∈ Π (1 ≤ i ≤ k), is a

subset of N. For each n ∈ N, we write υPi_{(n) = > iff n ∈ υ}Pi_{. A set of} assignments forΠover timeΥ is a set of functionsυ∈Υ such that

giving, for each Pi ∈ Π, the individual assignment υPi ∈ P(N) defined by

n ∈ υP i _{iff P}

i ∈ υ(n). For each n ∈ N, we also use the notation υn in the

manner:

υn(Pi) => iff Pi∈υ(n) (Pi∈Π)

For the remainder of this section, we fix some non-empty Υ.

Definition 3.9 (runs) A family of runs for(φ,Υ), with respect to the state

functionf, consists of pairwise disjoint setsRυ(υ∈Υ) and a map

R:R×N→T×U

where R=S_υ∈ΥRυ, with function RT : R×N→T giving thet elements of

R, and, for allυ∈Υ andn∈N, anuυn ∈U, called theu value corresponding toRυat n, satisfying

R(r, n) = (RT(r, n), uυn) (r∈Rυ, n∈N) (5)

such that the following properties hold:

(i) For allυ∈Υ,n∈Nandt∈T, there existsr∈Rυ such that

RT(r, n) =t

(ii) For allc∈C andυ∈Υ, there is arc∈Rυ such that, for alln∈N,

T_n(R(rc, n)) = Cn(c, uυn)

(iii) For all r ∈ R, n ∈ N and Gi_(ψ

1, . . . , ψm) ∈ subxφ, Gi(ψ1, . . . , ψm) ∈

Tn(R(r, n)) iff there is a wordwnwn+1. . ., generated by the corresponding

grammarGi_{, such that, forn}0_{≥nand 1≤j≤m, ifw}

n0 is defined andw_n0 =

vj thenψj ∈Tn0(R(r, n0)),

(iv) For alln∈N,υ∈Υ andr∈Rυ, Π∩Tn(R(r, n)) =υ(n).

As with runs, quasimodels are defined with respect to Υ.

Definition 3.10 (quasimodel)Aquasimodel for(φ,Υ) is a pair<f, R>where:

(i) f is a state function

(ii) Ris a family of runs for (φ,Υ) with respect tof as in Definition 3.9, such thatφ∈T₀(R(r,0)) for allr∈Rυ andυ∈Υ.

The following is clear from Definition 3.10.

Lemma 3.11 If there exists a quasimodel for (φ,Υ) and Υ is countable, then

there is a quasimodel<f, R> where R is a function R : R×N → T for some countable setR.

Models are constructed from quasimodels in Theorem 3.13 below by taking the runs inRas the domain, and inducing structuresI(n) atnfrom the first-order modelJ(n) of the realizable state candidate atn, by means of a surjection ∆n

fromRto the domain Dof theJ’s. Indeed, surjections ∆υn fromRυ toD are

defined and, to ensure that the new domain has at least as many elements as

D, the larger setR×D rather thanR is used for the domain of the model.

Lemma 3.12 Let <f, R>be a quasimodel for (φ,Υ). Suppose that, for each

n∈N,f(n) =<T_n, Cn>is realized byJ(n) ={Ju(n) :u∈U}, with baseJ(n),

(common to alln) domain D and types tp_Ju(n)(a). Then, for eachυ ∈Υ and

n∈N, there exists a surjection

∆υn:Rυ×D→D

such that, for allr, rc ∈Rυ and a∈D, ifuυn is the uvalue corresponding to

Rυ atnas in (5) of Definition 3.9,

(i) Tn(R(r, n)) =tpJuυn(n)(∆υn(r, a))

(ii) ∆υn(rc, cJ(n)) =cJ(n)

Proof Fixυ, n. By (5) and Definition 3.9(i),

{T_n(RT(r, n), uυn) :r∈Rυ}={Tn(t, uυn) :t∈T} (6)

and, by Definition 3.4(i) and (ii),

{Tn(t, uυn) :t∈T}={tpJuυn(n)(a) :a∈D} (7)

From (6) and (7), it follows that there exists a surjection ∆υn :Rυ×D →D

such that, for allr∈Rυ anda∈D,

T_n(RT_{(r, n), u}

υn) =tpJuυn(n)(∆υn(r, a))

and

∆υn(r, a) =a if Tn(RT(r, n), uυn) =tpJuυn(n)(a) (8)

For (ii), ifc∈C, by (5), Definition 3.9(ii) and Definition 3.4(iii),

T_n(RT_(r

c, n), uυn) =Tn(R(rc, n)) =Cn(c, uυn) =tpJuυn(n)(c

J(n)_{) (9)}

By (8) and (9), ∆υn(rc, cJ(n)) =cJ(n).

The correspondence between models that satisfyφfor all assignments in Υ and quasimodels for (φ,Υ) is given in the following theorem.

Theorem 3.13 Letφ∈EMTL∃pos. Then:

(i) There is a temporal structureM= (I(n) :n∈N) such that the temporal structureMυ= (I(n)†υn:n∈N) satisfiesφfor allυ∈Υ, iff there exists

(ii) If Υ is countable andMexists as in (i), thenMcan be chosen to have a countable domain.

Proof The proof given here is a sketch with some simplifications: full details are in Appendix 1. LetMandMυbe temporal structures as in (i) over domain

D. For alln∈Nandυ∈Υ, letJυ(n) be the expansion ofI(n)†υnto surrogates

pψ∈surrφgiven by:

pJυ(n)

ψ (a) => iff (Mυ, n)|=ψ(a) (a∈D) (10)

so that, for alln∈Nandψ≤φ, and all assignmentsa intoD,

Jυ(n)|=aψ iff (Mυ, n)|=aψ (11)

For a quasimodel, we need a finite family of structures{Ju:u∈U}. We obtain

this by finding, for each n ∈ N, |U| ‘representatives’ {Jυn

1, . . . , Jυn|U|}, where

υn

1, . . . , υn|U| ∈ Υ, of the structures {Jυ(n) : υ ∈ Υ}, and |T| representatives

{an

1, . . . , an|T|} of the elements ofD. The representatives are chosen to be such

that, for eachυ∈Υ, there existsuυn ∈ {υn1, . . . , υn|U|}such that: {{ψ∈subxφ:Jυ(n)|=ψ(a)}:a∈D}=

{{ψ∈subxφ:Juυn(n)|=ψ(a)}:a∈D} (12)

and, for allc∈C,

{ψ∈subxφ:Jυ(n)|=ψ(cI(n))}={ψ∈subxφ:Juυn(n)|=ψ(c I(n)_)}

and such that, for eacha∈D, there existsan

i ∈ {an1, . . . , an|T|} ⊇ {cI(n):c∈C}

such that, for alluυn∈ {υ1n, . . . , υ|nU|},

{ψ∈subxφ:Juυn(n)|=ψ(a)}={ψ∈subxφ:Juυn(n)|=ψ(a n

i)} (13)

We then letelemTn :{an

1, . . . , an|T|} →T and elemU

n _:{υn

1, . . . , υ|nU|} →U be

bijections and define a realizable state candidate<T_n, Cn> by:

T_n(elemTn(an i),elemUn(υnj)) ={ψ∈subxφ:Jυn j(n)|=ψ(a n i)} Cn(c,elemUn(υnj)) ={ψ∈subxφ:Jυn j(n)|=ψ(c I(n)_)}

(1≤i≤ |T|,1≤j ≤ |U|, c∈C). A family of runsR=S_υ∈ΥRυ, whereRυ =

{ra,υ:a∈D}, is defined by:

R(ra,υ, n) = (elemTn(ani),elemUn(uυn))

where, from (12) and (13), an

i is chosen to be such that Tn(R(ra,υ, n)) =

Tn(elemTn(ain),elemUn(uυn)) =

{ψ∈subxφ:Juυn(n)|=ψ(a n

Given (14), it is a routine though lengthy task to show that<f, R>, wheref asso-ciates with eachn∈Nthe realizable state candidate<Tn, Cn>, is a quasimodel

for (φ,Υ). The full proof is given in Appendix 1.

Conversely, suppose that<f, R>is a quasimodel for (φ,Υ) wheref(n) is the realizable state candidate<T_n, C_n>. There are only finitely many possibilities for the <T_n, Cn> and each distinct <T_n, C_n> can be realized over a countable domain by classical model theory. It follows, by Lemma 3.1, that there is a single countable domain D such that, for each n∈ N, <T_n, Cn> is realized by a set of structures overD,J(n) ={Ju(n) :u∈U}, with base J(n) and types tp_Ju(n)(a) (a∈D, u∈ U). As equality is absent it also follows by Lemma 3.1 that each J(n) can be chosen to be such that, if c, d ∈ C are distinct, then

cJ(n)_6=dJ(n)_{. Then, we can arrange for theJ(n)’s to be such that for allc∈C,}

n, n0 _∈N

cJ(n)=cJ(n0) (15)

As theRυ(υ∈Υ) that make upRare pairwise disjoint, we define, consistently,

surjections ∆n:R×D→D (n∈N) such that:

∆n(r, a) = ∆υn(r, a) (r∈Rυ, a∈D), ∆n(rc, cJ(n)) =cJ(n) (rc∈Rυ, c∈C)

where the ∆υn satisfy all the conditions of Lemma 3.12. By Lemmas 3.1 and

3.12(ii), for eachn∈N, ∆n induces a set of structuresI(n) ={Iu(n) :u∈U}

with base I(n) over domain D0 _{=R×D from J(n) such that, forn, n}0 _∈N,

cI(n)_{= (r}

c, cJ(n)) = (rc, cJ(n 0₎

) (by (15)) =cI(n0₎

, whererc∈Rυfor some (any)

choice of υ ∈ Υ. Then, I(n) realizes <Tn, Cn>. Clearly, M = (I(n) :n ∈ N)

and therefore, forυ∈Υ,Mυ= (I(n)†υn :n∈N) are temporal structures. We

need to show thatMυ satisfiesφ, i.e. for allυ∈Υ,

(Mυ,0)|=φ (16)

This is proved by induction on subformulaeψofφby showing that, for alln∈N

andυ∈Υ, ifuυn is theuvalue corresponding toRυatnas in (5) and Lemma

3.12, anda is chosen to be an assignment in D0 _{to individual variables of the}

form a(x) = (r, a) wherer∈Rυifxis live inψ, (17) then Iuυn(n)|= a_ζ ψψ implies (Mυ, n)|=aζψψ (18)

whereζψψis either¬ψ orψ according to whether the number of enclosing¬’s

is odd or even, i.e.

ζψ=

½

empty string, if|{ψ0 _:ψ≤ψ0 _{≤ ¬ψ}0_{≤φ}|is even}

¬, otherwise

From (18), if ψ = φ, ψ is closed and ζψ is the empty string and so, for any

assignmenta, we have that

Iuυn(n)|=

a_{φ implies (M}

Then (16) follows from (19) as, by Definition 3.10(ii) and Lemma 3.12(i), for anya∈D,r∈Rυand υ∈Υ,

φ∈T0(R(r,0)) =tpJ_uυ0(0)(∆υ0(r, a))

and so, by the definition of tp (Definition 3.4), as φ has no free variables,

Juυ0(0)|=φand, asIuυ0(0) is induced byJuυ0(0),Iuυ0(0)|=φgiving (Mυ,0)|=

φby (19). The main part of the induction reassigns a live variablexaccording to the realizing assignmentraa,uυn,ψ (Definition 3.5) to prove the∃xψcase. The

details are in the Appendix 1.

To prove (ii) we note that, if Υ is countable then, by Lemma 3.11, the quasimodel <f, R>in (i) can be chosen so that R : R×N →T has countable

R. Then, the temporal structure (I(n) :n∈N) constructed above has domain

D0 _{=R×D which is countable asRandD are countable.}

4

Decidability and recursive enumerability

The main result in Section 3, Theorem 3.13, gives an association between mod-els for (propositionally unquantified)EMTL∃pos formulaeφ, for all assignments

υto Pi∈Π in a set of assignments Υ, and quasimodels for (φ,Υ). By

Skolem-ization (Lemma 4.4 below), aQEMTL∃posformulaQ1P1. . .QkPk.φhas a model

iffφhas a model for all assignmentsυin a set of assignments Υσ generated by

a Skolem function for the prefixQ1P1. . .QkPk. In this section, we encode the

existence of quasimodels for (φ,Υ) into S1S, by means of which a test in S1S for satisfiability ofQEMTL∃pos can be constructed (Theorem 4.5). The main de-cidability/recursive enumerability result follows in Theorem 4.6. Expressiveness ofQEMTL∃pos is considered in Theorem 4.7, and Theorem 4.8 shows that the decidability/recursive enumerability result in Theorem 4.6 cannot be improved significantly.

We arrive at the encoding in stages. Let the ‘predicate’

ξφ(f, υ, <un>)

be parameterized by functions f : N→Σ, where Σ is the set of all realizable state candidates for φ (with respect to Π = {P1, . . . , Pk}), assignments υ to

Pi∈Π over time, and sequences<un:n∈N>(abbreviated<un>) of elements

ofU. For the functionf, letf(m)T _andf(m)C_{denote theT andC part of the}

state candidatef(m) respectively (m∈N). Letξφ(f, υ, <un>) assert that, for

alln∈N, t∈T andc∈C, there exist functions

ρn,t:N→T and ρc:N→T

such that (compare with corresponding conditions of Definition 3.9(i), (ii), (iii) and (iv), and Definition 3.10(ii)):

(ρ3.9(i)) ρn,t(n) =t,

respects grammars,

(ρ3.9(iv)) the sequence<f(m)T(ρn,t(m), um) :m∈N>of subsets ofsubxφ

agrees withυ,

(ρ3.10(ii)) ρn,t(0) containsφat 0, i.e. f(0)T(ρn,t(0), u0) contains φ,

(ρ3.9(ii)) conditionsρ3.9(iii),ρ3.9(iv) andρ3.10(ii)are satisfied when ρn,t

is replaced byρc _{and, for allm∈N,}

f(m)T_(ρc_{(m), u}

m) =f(m)C(c, um)

Lemma 4.1 A functionf :N→Σ is the state function of a quasimodelhf, Ri

for (φ,Υ) iff, for allυ∈Υ, there exists<un>such thatξφ(f, υ, <un>) is true. Proof The proof is given in Appendix 2.

We encodeξφ(f, υ, <un>) into S1S as follows. A functionf :N→Σ is given

by unary predicates Ps(z) (s∈Σ), where exactly one of thePs(z)’s is true at

eachz∈N, i.e. fS1S _=∀z(_ s∈Σ Ps(z) ∧ ^ s,s0_∈Σ,s6=s0 ¬(Ps(z)∧Ps0(z)))

An assignmentυ is given by predicatesP1(z), . . . , Pk(z) corresponding to P1,

. . . , Pk. A sequence of U values <un> is given by predicatesRu(z) (u ∈ U)

exactly one of which is true at eachz∈N. We also need to refer toT values at

z∈Nin order to defineρmaps. AssumingT∩U =∅, we have

χt(z) =Rt(z)∧ ^ t0_∈T,t0_6=t ¬Rt0(z), χ_u(z) =R_u(z)∧ ^ u0_∈U,u0_6=u ¬Ru0(z), τT =∀z _ t∈T χt(z), τU =∀z _ u∈U χu(z)

Grammars are defined as follows. For a grammarGi_{, with non-terminalsV}

0, . . . ,

Vl, terminalsv1, . . . , vmand productionsProdi, define predicatesV0(z), . . . , Vl(z)

to correspond to the non-terminals andW1(z), . . . , Wm(z) the terminals. Word

generation byGi _{atz is represented by the formula:}

γi_{(z) =V} 0(z) ∧ ∀z0_≥z ^ 0≤h≤l [Vh(z0)⇒ _ Vh→vjVh0∈Prodi (Wj(z0)∧Vh0(z0+ 1))∨ _ Vh→vj∈Prodi (Wj(z0)∧ ^ 1≤j0_≤m ¬Wj0(z0+ 1))] ∧ ∀z0 ≥z ^ 0≤h,h0_≤l,h6=h0 ^ 1≤j,j0_≤m,j6=j0 [¬(Vh(z0)∧Vh0(z0))∧ ¬(W_j(z0)∧W_j0(z0))] ∧ ∀z0 ≥z[ ( ^ 1≤j≤m ¬Wj(z0)) ⇒ ∀z00≥z0( ^ 1≤j≤m ¬Wj(z00))]

The properties (ρ3.9(i)), (ρ3.9(iii)), (ρ3.9(iv)), (ρ3.10(ii)) and (ρ3.9(ii)) are given

below byρ3.9(i),ρ3.9(iii),ρ3.9(iv),ρ3.10(ii)andρ3.9(ii)respectively, whereρ3.9(iii)∧

ρ3.9(iv)∧ρ3.10(ii) is abbreviated by ρ. Theρc of (ρ3.9(ii)) is defined by the Rt

(t∈T) corresponding tocin ρ3.9(ii) below. ρ3.9(i) = ∀z V t∈T∃_|. . .∃_{zRt0. . ._} t0∈T (τT∧χt(z)∧ρ) ρ3.9(ii) = V c∈C∃_|. . .∃_{zRt. . ._} t∈T ((τT∧ρ)∧ ∀zV_{<T ,C>∈Σ}V_t∈TV_u∈U( P_{<T ,C>}(z)∧χt(z)∧χu(z)⇒T(t, u) =C(c, u))) ρ3.9(iii) = ∀z( V <T ,C>∈Σ V t∈T V u∈U V Gi∈subxφ(P<T ,C>(z)∧χt(z)∧χu(z)⇒( Gi_(ψ 1, . . . , ψm)∈T(t, u)⇔ ∃V0. . .∃Vl∃W1. . .∃Wm( γi_{(z) ∧}V <T0,C0>∈Σ V 1≤j≤m V t0∈T V u0∈U∀z 0₍ z0_≥z∧Wj(z0_)∧P <T0,C0>(z 0_)∧χt 0(z0)∧χu0(z0)⇒ψj∈T0(t0, u0)))))) ρ3.9(iv) = ∀z V <T ,C>∈Σ V t∈T V u∈U V 1≤i≤k(P<T ,C>(z)∧χt(z)∧χu(z)⇒ (Pi(z)⇔Pi∈T(t, u))) ρ3.10(ii) = V <T ,C>∈Σ V t∈T V u∈U(P<T ,C>(0)∧χt(0)∧χu(0)⇒φ∈T(t, u))

The predicate ξφ(f, υ, <un>) in free variables f, υ and <un>is given in S1S

by a formula ζS1S φ (P_|s:_{zs∈Σ_} f , P_|1, . . . , P_{z k_} υ , R_|u:_{zu∈U_} <un> )

in free variablesPs (s∈Σ),P1, . . . , Pk, andRu(u∈U), and is defined by

ζS1S

φ (Ps:s∈Σ, P1, . . . , Pk, Ru:u∈U ) =fS1S ∧ρ3.9(i)∧ρ3.9(ii)∧τU

We have the following restatement of Lemma 4.1 in terms ofζS1S φ .

Lemma 4.2 Unary predicates Ps(z) (s ∈ Σ) define a state function of a

quasimodel for (φ,Υ) iff, for all valuesυ∈Υ for P1, . . . , Pk,

∃. . .∃Ru. . .

| {z }

u∈U

. ζφS1S(Ps:s∈Σ, P1, . . . , Pk, Ru:u∈U )

is true.

TheQ1P1. . .QkPkprefix ofQEMTL∃pos formulae is dealt with by a Skolem

Definition 4.3 A Skolem function for a quantifier prefix Q1P1. . .QkPk for QEMTL(respectively S1S), whereP1, . . . , Pk∈Π (respectivelyP1(z), . . . , Pk(z)

are unary predicates in S1S), is a map σ that gives a value in P(N) for each

Pj withQj=∃, given as argument a sequence of values (each in P(N)) for the

Pi such that i < j and Qi = ∀. For such a σ, we write Υσ for the set of all

assignments toP1, . . . , Pk, where values forPi with Qi =∀ are arbitrary, and

values forPj withQj=∃are given byσ.

The classical result which relates prefixes and Skolem functions, translates to the following result here:

Lemma 4.4 Given a temporal structure Mor a structure MS1S _{for S1S over}

N, and aQEMTLor S1S formulaQ1P1. . .QkPk.φ, we have that:

(i) (M,0)|=Q1P1. . .QkPk.φ iff (M†υ,0)|=φfor allυ∈Υσ

(ii) MS1S _|=Q

1P1. . .QkPk.φ iff MS1S†υ|=φfor allυ∈Υσ

for some Skolem functionσforQ1P1. . .QkPk.

By Lemma 4.4, satisfiability of a prefixed expression Q1P1. . .QkPk.φ reduces

to satisfiability of φfor a set of values Υσ defined by a Skolem functionσ. In

view of Lemma 4.2, a test for satisfiability ofQ1P1. . .QkPk.φ can be encoded

into S1S.

Theorem 4.5AQEMTL∃pos formulaQ1P1. . .QkPk.φis satisfiable iff the S1S

formula ∃. . .∃Ps. . . | {z } s∈Σ Q1P1. . .QkPk_|∃. . .∃_{zRu. . ._} u∈U .ζφS1S(Ps:s∈Σ, P1, . . . , Pk, Ru:u∈U) (20) is satisfiable.

Proof A function f, defined in S1S by unary predicatesPs(s∈Σ), is a state

function for a quasimodel hf, Ri for (φ,Υσ) for some Skolem function σ for

Q1P1. . .QkPk, iff, by Lemma 4.2,

∃. . .∃Ru. . .

| {z }

u∈U

. ζφS1S(Ps:s∈Σ, P1, . . . , Pk, Ru:u∈U )

is true for all valuesυ∈Υσ for P1, . . . , Pk for some Skolem functionσ, iff, by

Lemma 4.4(ii),

Q1P1. . .QkPk_|∃. . .∃_{zRu. . ._} u∈U

.ζS1S

φ (Ps:s∈Σ, P1, . . . , Pk, Ru:u∈U) (21)

is true (for the chosenPs’s). By Lemma 4.4(i),Q1P1. . .QkPk.φis satisfiable iff

valuesυ∈ΥσforP1, . . . , Pk. By Theorem 3.13(i),φis satisfiable for allυ∈Υσ

iff there exists a quasimodel hf, Ri for (φ,Υσ). Therefore,Q1P1. . .QkPk.φ is

satisfiable iff there exists a state functionf such that for some Skolem function

σthere is a quasimodelhf, Rifor (φ,Υσ). From (21), this is the case iff

∃. . .∃Ps. . . | {z } s∈Σ Q1P1. . .QkPk_|∃. . .∃_{zRu. . ._} u∈U .ζS1S φ (Ps:s∈Σ, P1, . . . , Pk, Ru:u∈U) is satisfiable.

Theorem 4.6 Validity for QEMTL formulae in which live variables occur

within positive occurrences of universal quantifiers, i.e. formulae of the form:

Q1P1. . .QkPk.¬φ(P1, . . . , Pk)

whereφ(P1, . . . , Pk)∈EMTL∃pos, is decidable whenφis restricted to have at

most two individual variables, and recursively enumerable otherwise.

Proof This corresponds to satisfiability of formulaeQ1P1. . .QkPk.φ(P1, . . . , Pk)

whereφ(P1, . . . , Pk)∈EMTL∃pos. Such a formula is satisfiable iff the S1S

for-mula (20) of Theorem 4.5 is satisfiable. In the 2-variable case, the set of all realizable state candidates Σ can be computed by Lemmas 3.2 and 3.6, and satisfiability of (20) can be decided as S1S is decidable [6]. In the general case, (20) can be evaluated for all possible sets Σ of (not necessarily realizable) state candidates. By Theorem 4.5, ifQ1P1. . .QkPk.φ is not satisfiable, no set Σ of

realizable state candidates will satisfy (20). State candidates in any set Σ sat-isfying (20) can be tested for realizability in first-order logic as per Lemma 3.6.

IfQ1P1. . .QkPk.φis not satisfiable, as unsatisfiability for first-order logic is

re-cursively enumerable, such a Σ will eventually be shown not to be realizable. Thus, unsatisfiability ofQ1P1. . .QkPk.φis recursively enumerable.

Theorem 4.7 The languageQEMTL∃pos is more expressive thanEMTL.

Proof It is easy to see that QEMTL∃pos is more expressive thanEMTLas it admits formulae such as

∀P∃x¤p(x)⇔P

which has only uncountable models, whereas all satisfiableEMTLformulae have a countable model by Theorem 3.13(ii). An example of aQEMTL∃pos formula that has countable models but cannot be expressed inEMTL, is the formula

∀P1∀P2(♦(P1UP2)∧

^

i=1,2

¬PiU(Pi∧ °¤¬Pi))⇒

∃x♦((p(x)∧P1∧ °♦(¬p(x)∧P2))∨(¬p(x)∧P1∧ °♦(p(x)∧P2)))

This expresses the negation of the 2-sorted temporal logic formula

which is shown to be not expressible in first-order ETL in [1] and therefore is not expressible in its monodic fragmentEMTL.

Theorem 4.8 LetL be the set of formulae of the form:

∃P1. . .∃Pk.φ(P1, . . . , Pk)

whereφ(P1, . . . , Pk) is inEMTLand uses just one individual variable and

pred-icate symbol. Then, the set of valid formulae inLis not recursively enumerable.

Proof We make use of the encoding of the Σ1

1-complete recurring tiling problem

for N×N [10] into temporal logic with monadic predicates given in [12]. The recurrent tiling problem is to determine whether there is a tiling ofN×N by a given set of tiles{t0, . . . ,tn}, where each ti has fixed orientation and coloured

edgesright(ti),left(ti), up(ti) and down(ti), such thatt0 occurs infinitely often

in the first row. Arguing as in [12] we can show, by associating eachti with a

unary predicatepi, that there is a recurrent tiling ofN×Niff the conjunction of

the following formulae is satisfiable:

θ1 = ∃x¤♦(C0∧p(x)) θ2 = ∀x∃y♦(Cn+1∧p(x)∧ °p(y)) θ3 = ∀x∀y(♦(Cn+1∧p(x)∧ °p(y))⇒¤♦(Cn+1∧p(x)∧ °p(y))) θ4 = ∀x(¬♦(Cn+2∧ °(¬p(x)UCn+1))∧¤¬(p(x)∧ ¬Cn+1∧ ¬Cn+2 ∧ °(¬Cn+1U(p(x)∧ ¬Cn+1)))) θ5 = V 0≤i≤n¤∀x∀y(C0∧ °ip(x)∧♦(Cn+1∧p(x)∧ °p(y)) ⇒W_up(t i)=down(tj)° j_p(y)) θ6 = V 0≤i≤n¤∀x(Ci∧p(x)⇒ W right(ti)=left(tj)° n−i+3+j_p(x)) θ7 = Cn+1∧ °Cn+2∧ V 0≤i≤n°i+2Ci∧ V 0≤i≤n+2¤(Ci⇔ °n+3Ci) ∧V_{0≤i6=j≤n+2}¤¬(Ci∧Cj)

The first six formulae correspond to those in Theorem 2 of [12]. To economize on predicate symbols,θ7 partitions time into ‘periods’ ofn+3 moments

Cn+1, Cn+2, C0, . . . , Cn, Cn+1, Cn+2, C0, . . . , Cn, Cn+1, . . .

The predicatesQ1(x) andQ2(y) in [12] being true at the same moment of time

correspond top(x) andp(y) being true here at consecutiveCn+1andCn+2. The

predicatePi(x) (0≤i≤n) being true in [12] is represented byp(x) being true

atCi.

The formulaeθ1,θ4,θ6 and θ7 belong toEMTL. It suffices to translateθ2,

θ3andθ5 into negations of formulae inL. These translate thus:

θ2 = ∀x♦(Cn+1∧p(x)∧∃x°p(x)) θ3 = ∀S1∀S2(∃x¤(S1⇔Cn+1∧p(x))∧∃x¤(S2⇔Cn+2∧p(x))⇒ (♦(Cn+1∧S1∧ °S2)⇒¤♦(Cn+1∧S1∧ °S2))) θ5 = ∀S10. . .∀S1n∀S20. . .∀S2n∀S1∀S2(∃x ^ 0≤i≤n ¤((S1i⇔Ci∧p(x))∧

(S1⇔Cn+1∧p(x)))∧ ∃x ^ 0≤i≤n ¤((S2i⇔Ci∧p(x))∧(S2⇔Cn+1∧p(x))) ⇒ ^ 0≤i≤n ¤(C0∧ °iS1i∧♦(S1∧ °S2)⇒ _ up(ti)=down(tj) °jS2j) )

The reason for undecidability above in Theorem 4.8 is that, in the absence of restrictions onφ, propositional quantification allows non-monodic formulae to be simulated monodically. Only the trivial∀P1. . .∀Pk prefix class is recursively

enumerable for unrestricted monodicφ.

5

Conclusions

In [7] monodic temporal logic is extended to include least fixed points such that scopes of individual variable quantifiers do not contain free fixed point variables. The correspondence between models and quasimodels is an adaptation of that in [12] and a similar method would suffice forEMTLhere, though notQEMTL∃pos. As withEMTLhere, the existence of models implies the existence of countable models obtained from suitably chosen quasimodels. The work of [19] considers quantification of flexible variables in first-order temporal logic. Decidability of satisfiability is shown for a fragment which also has a restriction to positive occurrences of existential quantifiers, however the result assumes that predicates are rigid.

We have dealt with satisfiability over arbitrary domains. A similar encoding to that given in Theorem 4.8 here, of formulae (1)-(8) of Theorem 3 in [12], would show that validity over finite domains, for propositional quantification at the outer level, is not recursively enumerable without further restrictions. The problems of finding fragments admitting propositional quantification for which validity over finite domains is recursively enumerable, or fragments where propositional quantification occurs within temporal operators and/or individual variable quantification for which validity over arbitrary domains is recursively enumerable, are left open. Also, we have not considered past-time operators or flows of time other than the natural numbers, though some of these cases may be proved by easy additions to the work here.

The aim in this paper has been to demonstrate decidability or recursive enu-merability in the most convenient manner. It is possible that the bounds given here (in particular that for |T|) can be reduced. However, the complexity of

QEMTL∃pos is non-elementary as it contains QPTL. A more favourable com-plexity analysis of monadicEMTLmay be possible by methods similar to those in [11] and [16].

Acknowledgements

I have to thank the anonymous referee for the sacrifice of time in reading several revisions of this paper, and for the many suggestions that have improved the

presentation, accuracy and indeed the main result of the paper.

References

[1] S.Abiteboul, L.Herr, and J.Van Den Busse. Temporal connectives versus explicit timestamps to query temporal databases.Journal of Computer and System Sciences,58, pp. 54-68, 1999.

[2] B.Banieqbal and H.Barringer. Temporal logic with fixed points. In Tempo-ral Logic in Specification, LNCS 398, pp. 62-74, Springer-Verlag, 1987. [3] S.Bauer, I.Hodkinson, F.Wolter, and M.Zakharyaschev. On non-local

propositional and one-variable quantified CTL*. In Proceedings TIME’02, pp. 2-9, IEEE Computer Society Press, 2002.

[4] E.B¨orger, E.Gr¨adel, and Y.Gurevich, The Classical Decision Problem, Springer, 1997.

[5] A.Bouajjani and R.Mayr. Model checking lossy vector addition systems.

LNCS 1563, pp. 323-333, Springer, 1999.

[6] J.R.B¨uchi. On a decision method in restricted second order arithmetic. In Logic, Methodology and Philosophy of Science: Proc. of the 1960 Int. Congress, pp. 1-11, Stanford University Press, 1962.

[7] O.Delande. Decidable fragments of fixed point extensions of monodic tem-poral logic. Master’s thesis, Imperial College London, 2006.

[8] T.French. Decidability of quantified propositional branching time logics. In

Proceedings of the 14th Australian Joint Conference on Artificial Intelli-gence, LNCS 2256, pp. 165-176, Springer, 2001.

[9] T.French and M.Reynolds. A sound and complete proof system for QPTL. In Advances in Modal Logic, 4, pp. 127-147, King’s College Publications, 2003.

[10] D.Harel. Effective transformations on infinite trees, with applications to high undecidability, dominoes, and fairness. Journal of the ACM,33, pp. 224-248, 1986.

[11] I.Hodkinson, R.Kontchakov, A.Kurucz, F.Wolter, M.Zakharyaschev. On the computational complexity of decidable fragments of first-order linear temporal logics. InProceedings TIME-ICTL’03, pp. 91-98, IEEE Computer Society Press, 2003.

[12] I.Hodkinson, F.Wolter, and M.Zakharyaschev. Decidable fragments of first-order temporal logics.Annals of Pure and Applied Logic,106, pp. 85-134, 2000.

[13] I.Hodkinson, F.Wolter, and M.Zakharyaschev. Decidable and undecidable fragments of first-order branching temporal logics. In Proceedings LICS 2002, pp. 393-402, IEEE Computer Society Press, 2002.

[14] Y.Kesten and A.Pnueli. A complete proof system for QPTL. Journal of Logic and Computation,12(5), pp. 701-745, 2002.

[15] O.Kupferman, N.Piterman, and M.Vardi. Extended temporal logic revis-ited. InProceedings CONCUR’01, LNCS 2154, pp. 519-535, Springer, 2001. [16] K.Mamouras. First-order temporal logic with fixpoint operators over the

natural numbers. Master’s thesis, Imperial College London, 2009.

[17] Z.Manna and A.Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer-Verlag, Berlin, 1992.

[18] A.P.Sistla, M.Y.Vardi, and P.Wolper. The complementation problem for B¨uchi automata with application to temporal logic.Theoretical Computer Science, 49, pp. 217-237, 1987.

[19] F.D.Valencia. Decidability of infinite-state timed CCP processes and first-order LTL. Theoretical Computer Science,330, pp. 577-607, 2005.

[20] M.Y.Vardi and P.Wolper. Reasoning about infinite computations. Informa-tion and ComputaInforma-tion,115, pp. 1-37, 1994.

[21] P.Wolper. Temporal logic can be more expressive.Information and Control,

56, pp. 72-99, 1983.

Appendix 1 - proof of Theorem 3.13(i) Only if

We prove the case where, ifci6=cj∈C, for allυ∈Υ andn∈N,

|Υ| ≥ |U|, |D| ≥ |T|andcJυ(n) i 6=c

Jυ(n)

j (22)

Put Jn = {Jυ(n) : υ ∈ Υ}. Now, subxφ comprises κ subformulae, say,

ψ1, . . . , ψκ ofφ. Define the equivalence relation≈n2 on Υ byυ1≈n2 υ2 (υ1, υ2∈

Υ) iff ∀a∈D∃a0∈D ^ 1≤i≤κ Jυ1(n)|=ψi(a)⇔Jυ2(n)|=ψi(a 0_{) (23)} and ∀a0∈D∃a∈D ^ 1≤i≤κ Jυ1(n)|=ψi(a)⇔Jυ2(n)|=ψi(a 0_{) (24)} and ∀c∈C ^ 1≤i≤κ Jυ1(n)|=ψi(c Jυ1(n))⇔J_υ 2(n)|=ψi(c Jυ2(n)) (25)

AscJυ1(n) =cJυ2(n), an upper bound for the number of equivalence classes of

≈n

2 is 22

κ

.2κ|C|_{= 2}2|subxφ|

.2|subxφ||C|_{=|U|(by Definition 3.3). If, for allυ∈Υ,}

[υ]≈n

2 denotes the equivalence class containing υ, then as, by (22),|Υ| ≥ |U|,

there exist distinctυn

1, . . . , υ|nU|∈Υ such that all equivalence classes are listed

in [υn 1]≈n 2, . . . ,[υ n |U|]≈n 2

Now define the equivalence relation≈n

1 onD bya≈n1 a0 (a, a0∈D) iff ^ 1≤i≤κ ^ 1≤j≤|U| Jυn j(n)|=ψi(a)⇔Jυnj(n)|=ψi(a 0_{) (26)}

Here, there are at most 2κ|U| _{equivalence classes and so, by (22), as D has}

at least |T| = 2|subxφ||U| +|C| = 2κ|U|+|C| elements, there exist distinct

an

1, . . . , an2κ|U|, c J(n)

1 , . . . , c

J(n)

|C| ∈D such that all equivalence classes are listed in

[an 1]≈n 1, . . . ,[a n 2κ|U|]≈n 1,[c J(n) 1 ]≈n 1, . . . ,[c J(n) |C| ]≈n1 whereC ={c1, . . . , c|C|} and cJi(n) =c I(n)

i (1≤i≤ |C|) is the common value

in D assigned to ci by all Jυ(n)∈ Jn for all n ∈N. Henceforth, we will not

distinguish between the individual constantci and its valuecJi(n).

First of all, we construct a realizable state candidate <T_n, Cn>. For each

n∈N, let elemTn:{an 1, . . . , an2κ|U|, c1, . . . , c|C|} →T and elemUn :{υn 1, . . . , υ|nU|} →U be bijections. Define Tn:T×U → P(subxφ),

T_n(elemTn(a),elemUn(υ)) ={ψ∈subxφ:Jυ(n)|=ψ(a)} (27)

Cn:C×U → P(subxφ),

C_n(c,elemUn(υ)) ={ψ∈subxφ:Jυ(n)|=ψ(c)} (28)

From now on, we will drop theelemTn_andelemUn_{and will identifyelemT}n_(a)

andelemUn(υ) withaandυrespectively. Clearly,<T_n, Cn> is a state candidate. We show that<T_n, Cn>is realized by the finite family of structures

JF

n ={Jυ(n) :υ∈U}

over domainD. For conditions (i) and (ii) of Definition 3.4, suppose that (t=)

a ∈ T and a0 _{∈ D are such that a ≈}n

1 a0, and that υ ∈ U. Then, for all

ψ∈subxφ,

ψ∈T_n(a, υ)

iff, by (27),