Probabilistic Interval Temporal Logic and Duration Calculus with Infinite Intervals: Complete Proof Systems

Logical Methods in Computer Science V ol. 3 (3:3) 2007, pp. 1–43 www .lmcs-online.org Submitted Ma y 5, 2005 Published Jul. 19, 2007 PR OBABILI STIC INTER V AL TEMPORAL LOGIC AN D DURA TIO N C ALCULUS WI TH I NFINITE IN TER V ALS: COMPLETE PR OOF SYSTEMS DIMIT AR P . GUELEV Institute of Mathematics and Informatics, Bulgarian A cademy of Sciences e-mail addr ess : gelevdp@math.bas.bg Abstra ct. The pap er p resents probabilistic ex t ensions of interv al temp oral log ic ( ITL ) and duration calculus ( DC ) with infinite in terv als and complete Hilbert-style proof sys- tems for them. The completeness results are a strong completeness theorem for the system of probabilistic ITL with resp ect to an abstract semantics and a relativ e completeness th e- orem for the system o f probabilistic DC with respect to real-time seman tics. The p rop osed systems subsume probabilistic real-time DC as know n from t he literature. A correspon- dence b etw een the prop osed systems and a system of p robabilistic interv al temp oral logic with fin ite in terv als and expanding mo dalities is established to o. Introduction The dur ation c alculus ( DC ) was in trod uced b y Zh ou, Hoare and Ra v n in [ZHR91] as a logic to sp ecify requirements on real-ti me systems. DC is a classica l predicate in terv al- based linear-time log ic with one n ormal b inary mod alit y kn o wn as chop . DC w as originally dev eloped for real time b y augmen ting the real-time v arian t of interval temp or al lo gic ( ITL , [Mos85, Mos86]) with b oolean expressions for state and real-v alued terms to denote s tate dur ations . DC has b een used successfully in man y case studies suc h as [Z Z94, D W96 , SX98, Dan98, LH99]. W e refer th e reader to [HZ97] or the recen t monograph [ZH04] for a comprehensiv e in trod uction to DC . T emp oral logics su c h as linear temp oral logic ( L TL ), computation tree logic ( CTL ) and their timed v ersions are used mostly as requirement s languages for mo del-c hec kers suc h as SMV [McM] and UPP AAL [UPP] whic h accept descriptions of systems in dedicated inp ut languages. The probabilistic v ariant of CTL [ASB95 ] has a similar role in the probabilistic mo del c hec ker PRISM [KNP01, PRI]. Th e systems in u se are t ypically prop ositional, whic h restricts the v ariety of prop erties that can b e exp ressed. This is only in p art comp ensated for by the p ossibilit y to d o fully algorithmic v erification. More complex pr op erties and systems which, e.g., inv olve unsp ecified num b ers of concurrent pro cesses or u n b ound ed amoun ts of data ha ve to b e view ed as parameterized families and require the develo pment of dedicated tec hn iques. Alternativ ely , mo del-c hec kers are used on instances of the systems 2000 A CM Subje ct Classific ation: F.3. 1. Key wor ds and phr ases: probabililistic in terv al temp oral logic, duration calculus. LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.216 8/LMCS-3 (3:3) 2007 c  D . P . Guelev CC  Creative Commons 2 D. P . GUELEV with artificial b ounds on their size, wh ic h , h o w ever, quickly leads to the notorious state sp ac e explosion problem. The u se of th e logics as r e asoning to ols and not just as nota tions is also limited to optimising simp lifications su c h as abstractions. Unlike these systems of logic, the exp r essiv e p o wer of DC is geared to wards th e p ossibilit y to capture the seman tics of th e systems to b e v erified and therefore it is used as a system description language as wel l. Examples include the DC sema n tics of th e timed sp ecificatio n language RAISE pr op osed in [LH99] and the DC s emantics of the V erilog hardwa re sp ecification language [IEE95] prop osed in [SX98]. Th is s h ifts the in terest from the satisfaction of DC formulas b y given mo dels to wards v alidit y in DC . The needs of applications ha v e brought to life a n um b er of extensions and v ariants of DC . Th ese in clude state quan tifiers and the least fi x ed p oint op erator [P an95 ], alternativ e sets of in terv al mo dalities [Pa n96, ZH98, BRZ00, He 99b], enhancemen ts of the semant ics to com bine real and discrete time [PD98, He 99a, Gue04a] and infin ite in terv als [ZDL95, PWX98, SX98, WX04]. T he extension of DC b y a probabilit y oper ator replaces the linear mo del of time of DC b y a model based on sets of b eha viours with probabilit y on them. Despite the absen ce of an explicit branc hing-time modality , the pr ob ab ilistic DC ( PDC ) is essen tially a b ranc hing-time predicate in terv al-based temp oral log ic. DC and, consequ ently , its extensions are n ot r ecursiv ely axiomatisable. The worst case complexit y of decision p ro cedures for v alidity is high ev en for very r estricted subsets of DC such as the so-calle d prop ositional DC [ZHS93, Rab98]. No interesting qu an tified decidable su bsets of DC seem to b e kn o wn (The s tate qu antifier in the ⌈ P ⌉ -sub s et of DC studied in [ZHS 93] is expressib le in that su b set and do es not increase its ultimate expres- siv e p o w er.) T he p rop ositional abstract-time and real-time ITL s w ith chop are undecidable to o. Undecidabilit y is typical of in terv al-based systems as sho wn in the early wo rks [HS86] and [V en91a, V en91b] w h ere the chop mo dalit y w as studied as an example of an op erator in man y-dimensional mo dal logic . A v ery simple su b set of DC which exhibits its incom- pleteness was identi fied in [Gue04c]. This is comp ensated b y the con v enience of ac hieving comp osionalit y in sp ecification and particularly th e sp ecification of sequent ial comp osition, whic h is deemed to b e difficult to hand le in systems without the chop mo dalit y [MO99]. T o ol sup p ort f or ITL and DC has b een d ev eloped on the basis of PVS [PVS] b y combin- ing ITL - and DC -sp ecific pro of and pro of thr ough trans lation in to the higher-order logic input language of PVS [SS94, Hu 99, Ras02]. There is also a mo d el- and v alidit y-c hec ker DCV ALID [P an], which accepts the discrete time ⌈ P ⌉ -subset of DC ( QD D C ) and a com- bination of QDD C with CTL ∗ [P an01] and us es MONA [Mo n] as a bac k-end to ol. The expressiv e p o wer of these sub sets of DC is that of w eak monadic second order logic w ith one successor ( W S 1 S ). D CV ALID has b een s uccessful in in teresting case studies such as that from [P an02]. Ho wev er, the fi n ite-state- based algorithms of MONA imp ose on it the same ultimate limitations as in other mod el-c hecking to ols. That is wh y p ro of systems are a relativ ely imp ortan t instru men t f or v erification by DC and its extensions. DC was originally in tro duced for real time, whereas PD C w as first introdu ced in [LRSZ93] for discrete time. A system of real-ti me PDC was in tro duced later in [DZ99] where some axioms w ere prop osed to o. How ev er, these axioms d o not form a co mplete pro of system. Calculation with direct reference to the seman tics was used to r eason ab out prop erties expressed in PDC in b oth w orks. More case studies in PDC w ere giv en in [Jos95] and recen tly in [ZH04], whic h con tains a c hapter on discrete time PDC . The deduc- tiv e p o w er of th e p r o of system for d iscrete time PDC used in [ZH04] h as not b een studied either. PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 3 A first atte mpt to dev elop a complete pro of system for PDC was m ade in [Gue98], where a system of probabilistic ITL w as p rop osed with the DC -sp ecific state expr essions with finite v ariabilit y withdr a w n. Ho we v er, th e seman tics of that logic had some non- standard elemen ts for tec hnical reasons, and the pro of system w as a mixtur e of ITL and elemen ts from Neigh b ourho o d L ogic ( NL , [ZH98, RZ97, BRZ00]). Some of these problems w ere eliminated in [T ri99]. A more streamlined system of probabilistic NL and a complete pro of system with resp ect to its abstract-time seman tics w as p rop osed later in [Gue00]. The use of a (comm utativ e) linearly-o rdered group as the model of time in that system after Dutertre’s w ork on abstract-time ITL [Dut95 a] allo wed a finitary complete pro of system to b e obtained. Ho wev er, PNL still had s ome lo ose ends; the qu estions of the precise corresp ondence b et w een PNL and the original systems of PDC fr om [LRSZ93, DZ99] and of the d eductiv e p ow er of the pr o of system with resp ect to real-time mo dels remained op en. Systems of (non-prob ab ilistic) branc hing time N L w er e dev eloped in the r ecent wo rks [BMS07] and [BM05 ]. Some of th ese sy s tems can b e view ed as the u n derlying br anc h ing time logics of PNL . The works [BMS07] and [BM05] pr esent the prop ositional v arian ts of these branc hing time interv al temp oral log ics and fo cus on decision p ro cedures for them. In this p ap er we fi rst prop ose another system of p r obabilistic ITL . Unlik e that from [Gue98], this system is based on infinite interv als. W e prop ose a pro of system for probabilis- tic ITL w ith infin ite interv als wh ich is complete with resp ect to the abstract-time semantics based on that for ITL with infinite interv als from [WX04]. The use of infinite interv als remo v es th e need to admix NL mo dalities in pro ofs, whic h was done in [Gue98]. Then we dev elop a system of probabilistic DC ( PDC ) as an extension of the prop osed probabilistic ITL and demonstrate that adding the D C axio ms and rules known from [HZ92] to our pro of system for this probabilistic ITL leads to a pro of system for PDC w ith is complete with resp ect to real-time mo dels relativ e to v alidit y at the real-time-based frame in pr ob ab ilistic ITL with infinite in terv als. The incompleteness of DC implies that relativ e completeness lik e th at fr om [HZ92] for basic DC is the b est w e can ha v e w ith a finitary pro of system. Finally , we describ e satisfactio n-preserving translations b et ween N L -based PDC and the system of PDC with infi nite in terv als that we prop ose. Our system of PDC has some sligh t enhancemen ts in comparison with the original probabilistic DC from [LRSZ93, DZ99]. They b oth impr ov e its expressivit y and facilitate the d esign of th e p r o of system. The firs t enhancement is a simplification. W e remo v e the extra reference time p oin t needed to define the prob ab ility op erator. The role of this time p oint is n aturally transf erred to the flexible constant ℓ which expresses interv al lengths in DC . Th is extends the p ossibilities for meaningful n esting of o ccur r ences of the probabilit y op erator and allo ws the expression of probabilities of p rop erties whic h are probabilistic themselv es. The second enhancemen t is the use of infinite in terv als. It is a consequence of our d ev eloping of PDC as an extension of an infinite-in terv al-based system of probabilistic ITL . As m en tioned ab o ve, this m akes it p ossible to a v oid th e use of an expanding mo dalit y suc h as those of NL , whic h wa s made in [Gue00]. T h e combinatio n of the chop mo d alit y and infinite in terv als has the expressiv e p o wer of expand ing mo d alities with the adv antag e of k eeping the intr osp e ctivity of chop , w hic h is a tec hnically u seful prop erty . W e d iscuss the trade-offs b et ween NL and ITL in Section 9. Th e la st enhancemen t is the replacemen t of the probabilistic timed automata wh ic h were used in [DZ99] to d efine sets of b eha viours and the resp ectiv e probability functions for PDC mo d els by arbitrary systems of probabilit y functions, whic h can b e constrained b y additional axioms in PDC th eories. One such constrain t that w e study in detail is the requ ir emen t on all the probabilit y fun ctions in a 4 D. P . GUELEV mo del to b e consistent with a global probabilit y fu n ction whic h is defined on the space of all the b eha viours of the m o delled system. Mo dels wh ic h describ e the b eha viour of automata lik e those inv olv ed in the definition of the original system of real-time DC from [DZ99] can b e describ ed b y P D C theories in this m ore general setting too. Structur e of the p ap er. Afte r the necessary preliminaries on ITL w ith infi nite interv als and DC we in trod uce our system of p robabilistic ITL with infin ite in terv als and a pr o of system for it. W e pro ve the complete ness of this pro of system with resp ect to the abs tract seman tics of pr ob ab ilistic ITL , which is the main result of the pap er. T hen we prop ose axioms whic h constrain the system of probabilit y f unctions in mo dels of PITL to b e consisten t with a global prob ab ility function to the exten t that this constrain t can b e f ormulated in the setting of abstract pr obabilies. In the r est of the pap er w e introd uce a sy s tem of probabilistic DC as an extension of th e new system of p robabilistic ITL b y state exp ressions and duration terms for them based on the r eal-time frame of pr ob ab ilistic ITL . W e show ho w this system of P DC su b sumes the system prop osed in [DZ99]. The main r esult ab out PDC is the completeness of the well-kno wn axioms of DC from [HZ92] relativ e to v alidit y in real-time and -p robabilit y-based mo dels f or probabilistic ITL . Before concluding th e pap er w e explain the corresp ondence b et w een P N L from [Gue00 ] and the infin ite-in terv al based PITL p rop osed in this pap er. W e conclude b y explaining some of the limitations of the scop e of its m ain results. 1. Pre liminaries In this section we giv e preliminaries on ITL and DC with infinite interv als as known from [ZDL95, PWX98, SX98, WX04] and the pr obabilit y op erator of PDC as int ro duced in [LRSZ93, DZ99]. 1.1. In terv a l temp oral logic with infinite interv als. Here follo ws a b r ief formal in- tro duction to ITL with infinite in terv als as pr esen ted in [WX04], whic h extends the fi nite in terv al abstract-time system of ITL prop osed and studied in [Dut95 a]. 1.1.1. L anguage. An ITL vo c abulary consists of c onstant symb ols c, d, . . . , individual vari- ables x, y , z , . . . , function symb ols f , g , . . . and r elation symb ols R, . . . . Constan t, fu nction and relation symbols can b e either rigid or flexible . Belo w it b ecomes clear that rigid sym b ols h av e the same meaning at all times, wh ereas the meaning of flexible symb ols can dep end on the r eference time in terv al. The rigid constan ts 0 and ∞ , addition +, equalit y =, the fl exible constan t ℓ , wh ic h alwa ys ev aluates to the length of the reference inte rv al, and a count ably infi nite set of ind ividual v ariables are man d atory in ev ery ITL vocabulary . W e denote the arity of fun ction and relation symbols s b y # s . Giv en a v o cabulary , th e definition of an ITL language is essen tially th at of its sets of terms t and formulas ϕ , whic h can b e d efined b y the follo w ing BNFs: t ::= c | x | f ( t, . . . , t ) ϕ ::= ⊥ | R ( t, . . . , t ) | ( ϕ ⇒ ϕ ) | ( ϕ ; ϕ ) | ∃ xϕ Man y authors use the alternativ e notation ϕ ⌢ ψ for formula s ( ϕ ; ψ ) wh ic h are b uilt with the chop mo dalit y . PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 5 T erms and formulas with no occurr ences of flexible symb ols are called rigid . Other terms and form ulas are called flexible . T he set of the v ariables which ha v e f ree o ccurr ences in a form ula ϕ is denoted by F V ( ϕ ). 1.1.2. Mo dels and satisfaction. A finite in terv al ITL f r ame consists of a linearly ordered set h T , ≤i called the time domain , a monoid h D , 0 , + i called th e dur ation doma in and a function m : I ( T ) → D called th e me asur e f u nction , where I ( T ) = { [ τ 1 , τ 2 ] : τ 1 , τ 2 ∈ T , τ 1 ≤ τ 2 } is the set of the closed and b ounded interv als in T . Th e monoid h D , 0 , + i is required to satisfy some additional axioms. T he full list of axioms is: ( D 1) x + ( y + z ) = ( x + y ) + z ( D 2) x + 0 = 0 + x = x ( D 3) x + y = x + z ⇒ y = z , x + z = y + z ⇒ x = y ( D 4) x + y = 0 ⇒ x = y = 0 ( D 5) ∃ z ( x + z = y ∨ y + z = x ) , ∃ z ( z + x = y ∨ z + y = x ) The measure f unction m is r equ ired to satisfy the axioms: ( M 1) m ([ τ 1 , τ 2 ]) = m ([ τ 1 , τ ′ 2 ]) ⇒ τ 2 = τ ′ 2 ( M 2) m ([ τ 1 , τ ]) + m ([ τ , τ 2 ]) = m ([ τ 1 , τ 2 ]) ( M 3) m ([ τ 1 , τ 2 ]) = x + y ⇒ ∃ τ ( m ([ τ 1 , τ ]) = x ) In the case of ITL with infi nite interv als the time domain h T , ≤i is supp osed to ha v e a d istinguished greatest element ∞ and m is defined on the set ˜ I ( T ) = I fin ( T ) ∪ I inf ( T ), where I fin ( T ) = { [ τ 1 , τ 2 ] : τ 1 , τ 2 ∈ T , τ 1 ≤ τ 2 < ∞} and I inf ( T ) = { [ τ , ∞ ] : τ ∈ T , τ < ∞} . The duration domain is augmen ted with a greatest elemen t ∞ too. T he axiom D 3 is w eak ened to ( D 3 ′ ) x + y = x + z ⇒ x = ∞ ∨ y = z , x + z = y + z ⇒ z = ∞ ∨ x = y and the follo wing axioms ab out durations and the measur e functions are added: ( D 6) x + y = ∞ ⇔ x = ∞ ∨ y = ∞ ( M 4) m ([ τ 1 , τ 2 ]) = ∞ iff τ 2 = ∞ Giv en σ 1 , σ 2 ∈ ˜ I ( T ) suc h that m ax σ 1 = min σ 2 , w e denote σ 1 ∪ σ 2 b y σ 1 ; σ 2 . A function I on an ITL vocabulary L is an interpr etation of L i nto a fr ame F = hh T , ≤ , ∞i , h D , + , 0 , ∞i , m i if it satisfies the cond itions: I ( c ) , I ( x ) ∈ D f or rigid constant s c and individual v ariables x ; I ( f ) ∈ ( D # f → D ) for rigid function sy mb ols f ; I ( R ) ∈ ( D # R → { 0 , 1 } ) for rigid relation sym b ols R ; I ( c ) ∈ ( ˜ I ( T ) → D ), I ( f ) ∈ ( ˜ I ( T ) × D # f → D ), I ( R ) ∈ ( ˜ I ( T ) × D # R → { 0 , 1 } ) for flexible c , f and R ; I (0) = 0, I ( ∞ ) = ∞ , I (+) = +, I (=) is = and I ( ℓ ) = m . An infi nite-in terv al mo d el for an ITL v o cabulary L is a pair of the form h F , I i su ch that F is a frame and I is an in terpr etation of L int o F . Definition 1.1. Give n a mo del h F , I i , the v alues I σ ( t ) of terms t at interv als σ ∈ ˜ I ( T ) is defined b y the clauses: 6 D. P . GUELEV I σ ( x ) = I ( x ) f or individual v ariables x I σ ( c ) = I ( c ) for r igid co nstan ts c I σ ( f ( t 1 , . . . , t # f )) = I ( f )( I σ ( t 1 ) , . . . , I σ ( t # f )) for r igid function symb ols f I σ ( c ) = I ( c )( σ ) for fl exible c I σ ( f ( t 1 , . . . , t # f )) = I ( f )( σ, I σ ( t 1 ) , . . . , I σ ( t # f )) for fl exible f In particular, I σ ( ℓ ) = m ( σ ), w hic h means that the function on ˜ I whic h is the meaning of the fl exible constan t ℓ alwa ys ev aluates to the length of the reference in terv al σ . Definition 1.2. Let I b e an in terpretation of some ITL v ocabulary L in to a frame F whose duration domain is h D , + , 0 , ∞ i . Let x b e an in dividual v ariable in L and d ∈ D . Th en the in terpretation J of L in to F whic h is defined b y the equalities J ( x ) = d and J ( s ) = I ( s ) for s ∈ L \ { x } is denoted by I d x and is called a x -variant of I . W e abbreviate ( . . . ( I d 1 x 1 ) d 2 x 2 . . . ) d n x n b y I d 1 ,...,d n x 1 ,...,x n and call it an x 1 , . . . , x n -v arian t of I . An x 1 , . . . , x n -v arian t of I for some finite list of v ariables x 1 , . . . , x n is cal led just variant . The mo d elling r elation | = on mo d els based on some f rame F , in terv als σ and form ulas in the v ocabulary L is defined b y the clauses: h F , I i , σ 6| = ⊥ h F , I i , σ | = R ( t 1 , . . . , t n ) iff I ( R )( I σ ( t 1 ) , . . . , I σ ( t n )) = 1 for rigid R h F , I i , σ | = R ( t 1 , . . . , t n ) iff I ( R )( σ, I σ ( t 1 ) , . . . , I σ ( t n )) = 1 for flexible R h F , I i , σ | = ( ϕ ⇒ ψ ) iff either h F, I i , σ 6| = ϕ or h F, I i , σ | = ψ h F , I i , σ | = ( ϕ ; ψ ) iff h F , I i , σ 1 | = ϕ and h F, I i , σ 2 | = ψ for some σ 1 ∈ I fin ( T F ) and σ 2 ∈ ˜ I ( T F ) s uc h that σ 1 ; σ 2 = σ h F , I i , σ | = ∃ xϕ iff h F, I d x i , σ | = ϕ for some d ∈ D 1.1.3. Abbr e v iations and pr e c e denc e of op er ators. T he binary relation sym b ol ≤ is defined in ITL by the equiv alence x ≤ y ⇔ ∃ z ( x + z = y ) . (1.1) The customary infix notation for +, ≤ and = is used in ITL . ⊤ , ∧ , ⇒ and ⇔ , ∀ , 6 =, ≥ , < and > are u sed in the u sual wa y . W e denote the universal closur e ∀ x 1 . . . ∀ x n ϕ of a f orm ula ϕ where { x 1 , . . . , x n } = F V ( ϕ ) b y ∀ ϕ . Since ( . ; . ) is asso ciativ e, w e omit parentheses in formulas w ith consecutiv e occurren ces of ( . ; . ). Here follo w the infinite-in terv al v ersions of some ITL abbreviations: ✸ ϕ ⇋ ( ⊤ ; ϕ ; ⊤ ) ∨ ( ⊤ ; ϕ ) , ✷ ϕ ⇋ ¬ ✸ ¬ ϕ . Note that ✷ and ✸ abbreviate d ifferen t constructs in the original discrete-time system of ITL of Moszko wski. O u r u s age originate s from the literature on DC . The disjunctiv e mem b er ( ⊤ ; ϕ ) in the definition of ✸ is r elev an t only at infin ite in terv als. The formula ( ⊤ ; ϕ ; ⊤ ) without it restricts th e su bint erv al whic h satisfies ϕ to b e finite. W e assume th at ✸ and ✷ bind more tightly and ( . ; . ) binds less tigh tly than the b o olean connectiv es. PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 7 1.1.4. Pr o of system. A complete pro of system for abstr act-time ITL with finite inte rv als is giv en in [Dut95a]. The follo wing axioms and rules h av e b een s ho wn to form a complete pro of system for ITL w ith infi nite interv als w h en added to a Hilb ert-st yle pro of system for classical first-order pr ed icate logic and the axioms D 1, D 2, D 3 ′ , D 4- D 6 ab ou t durations in [WX04]: ( A 1) ( ϕ ; ψ ) ∧ ¬ ( χ ; ψ ) ⇒ ( ϕ ∧ ¬ χ ; ψ ), ( ϕ ; ψ ) ∧ ¬ ( ϕ ; χ ) ⇒ ( ϕ ; ψ ∧ ¬ χ ) ( A 2) (( ϕ ; ψ ); χ ) ⇔ ( ϕ ; ( ψ ; χ )) ( R ) ( ϕ ; ψ ) ⇒ ϕ , ( ψ ; ϕ ) ⇒ ϕ if ϕ is rigid ( B ) ( ∃ xϕ ; ψ ) ⇒ ∃ x ( ϕ ; ψ ), ( ψ ; ∃ xϕ ) ⇒ ∃ x ( ψ ; ϕ ) if x 6∈ F V ( ψ ) ( L 1) ( ℓ = x ; ϕ ) ⇒ ¬ ( ℓ = x ; ¬ ϕ ), ( ϕ ; ℓ = x ∧ x 6 = ∞ ) ⇒ ¬ ( ¬ ϕ ; ℓ = x ) ( L 2) ℓ = x + y ∧ x 6 = ∞ ⇔ ( ℓ = x ; ℓ = y ) ( L 3) ϕ ⇒ ( ℓ = 0; ϕ ), ϕ ∧ ℓ 6 = ∞ ⇒ ( ϕ ; ℓ = 0) ( S 1) ( ℓ = x ∧ ϕ ; ψ ) ⇒ ¬ ( ℓ = x ∧ ¬ ϕ ; χ ) ( P 1) ¬ ( ℓ = ∞ ; ϕ ) ( P 2) ( ϕ ; ℓ = ∞ ) ⇒ ℓ = ∞ ( P 3) ( ϕ ; ℓ 6 = ∞ ) ⇒ ℓ 6 = ∞ ( N ) ϕ ¬ ( ¬ ϕ ; ψ ) , ϕ ¬ ( ψ ; ¬ ϕ ) ( Mono ) ϕ ⇒ ψ ( ϕ ; χ ) ⇒ ( ψ ; χ ) , ϕ ⇒ ψ ( χ ; ϕ ) ⇒ ( χ ; ψ ) The presence of the mo d alit y ( . ; . ) and fl exible sym b ols in ITL brings a restriction on the use of first order logic axioms whic h inv olv e sub stitution suc h as ( ∃ r ) [ t/x ] ϕ ⇒ ∃ xϕ. The application of this axiom is correct only if n o v ariable in t b eco mes b ound due to the substitution, and either t is rigid or ( . ; . ) does not o ccur in ϕ , b ecause the v alue of a flexible term could b e d ifferen t at the differen t in terv als wh ic h are in v olv ed in ev aluating formulas with ( . ; . ). The correctness of the pro of system can b e established by a direct chec k. Here follo w some commen ts and informal reading of the axioms and the pro of ru les wh ic h can b e helpful f or th eir under s tanding to o. A 1 states that if c hopping in to a ϕ -sub in terv al and a ψ -subinterv al is p ossible, but c h op p ing into a χ -subinterv al and a ψ -su bint erv al is not, then an y c h opping into a ϕ - and a ψ -subinte rv al wo uld lead to a ϕ -subinterv al whic h additionally satisfies the negation of χ . In the presence of the rules Mono and prop ositional tautologies one can choose b et ween A 1 and the axiom ( α ; ψ ) ∨ ( β ; ψ ) ⇔ ( α ∨ β ; ψ ) , whic h can b e describ ed as distributivity of ( . ; . ) over ∨ . Axiom B can b e view ed as an parametric analogon of this distributivit y axiom, with ∃ x to b e r ead as parametric (p ossibly infinitary) disju nction. A 2 is ju st the asso ciativit y of ( . ; . ). R states that th e satisfaction of rigid formulas do es not dep en d on the reference in terv al. L 1 and S 1 expr ess that if, u p on dividing an int erv al, the du ration of one of the subint erv als is fixed, then the prop erties of b oth subinte rv als are completely determined. T h is is s o b ecause the subin terv als themselv es are un iqu ely determined. L 2 is the additivit y of length. P 2 and P 3 give separate treatment to some sp ecial cases of additivit y that arise from the presence of infin itely long in terv als. 8 D. P . GUELEV L 3 states that inte rv als of length 0 can b e assumed at either end of an y in terv al. P 3 rules out the interv al [ ∞ ; ∞ ]. The r ules N state that v alid form ulas are v alid in sub in terv als to o. These r ules are the standard form of the mo dal logic rule ϕ/ ✷ ϕ , y et ab out the binary mo dalit y ( . ; . ). The fact that wea k ening the condition on a subin terv al in a ( . ; . )-form ula can only facili tate the satisfiabilit y of the whole ( . ; . )-formula is expressed b y the rules Mono . 1.2. DC with infinite in terv als. The formal definition of DC with infinite in terv als as an extension of the logic of the r eal-time-based frame of ITL with infi nite in terv als b elo w is after [ZDL95]. The main feature of DC relativ e to ITL are state exp ressions whic h are prop ositio nal formulas that denote piece-wise constan t { 0 , 1 } -v alued fun ctions of time. Unlik e purely- ITL flexible symb ols, DC state expr essions d en ote fu nctions on time p oints and not interv als. 1.2.1. L anguage. DC vo c abularies are ITL v o cabularies extended b y state variables P , Q , . . . . State v ariables are u sed to b uild state expr essions S whic h ha ve the syntax S ::= 0 | P | S ⇒ S and in tur n app ear as the argum ent of dur ation terms R S which are the DC -sp ecific con- struct in th e syntax of terms t : t ::= c | x | v | R S | f ( t, . . . , t ) Duration terms are r egarded as fl exible. The syn tax of formulas is as in ITL . Flexible constants and 0-ary flexible predicate letters in DC are also known as temp or al variables and temp or al pr op ositional letters , resp ectiv ely . 1.2.2. Semantics. W e are only interested in real-time DC whic h is based on the ITL fr ame F R = hh R , ≤ , ∞i , h R + , + , 0 , ∞i , λσ. max σ − min σ i where R = R ∪ {∞} and R + = { x ∈ R : x ≥ 0 } . DC interpr etations extend ITL in terpretations to pro vid e v alues for state v ariables, whic h are fu nctions of t yp e R → { 0 , 1 } that satisfy the follo win g finite variability require- men t: F or ev ery pair τ 1 , τ 2 ∈ R such that τ 1 < τ 2 , and ev ery state v ariable P there exist an n < ω and τ ′ 1 , . . . , τ ′ n ∈ R such that τ 1 = τ ′ 1 < . . . < τ ′ n = τ 2 and I ( P ) is co nstan t on the semi-open inte rv als [ τ ′ i , τ ′ i +1 ), i = 1 , . . . , n − 1. Giv en an inte rpretation I , the v alues I τ ( S ) of state expressions S at time τ ∈ R are defined b y the equ alities I τ ( 0 ) = 0 I τ ( P ) = I ( P )( τ ) for state v ariables P I τ ( S 1 ⇒ S 2 ) = max(1 − I τ ( S 1 ) , I τ ( S 2 )) The v alue I σ ( R S ) of d u ration term R S at inte rv al σ ∈ ˜ I ( R ) is defined by th e equalit y I σ ( R S ) = max σ R min σ I τ ( S ) dτ Note that I σ ( R S ) can b e ∞ for σ ∈ I inf ( R ). The v alues of other kinds of terms and | = are defined as in ITL . PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 9 1.2.3. Abbr e v iations. The b o olean connectiv es ¬ , ∨ , ∧ and ⇔ are used in state expressions as abbreviations in the usu al wa y . The follo wing abb reviations are sp ecific to DC : 1 ⇋ ¬ 0 ⌈ ⌈ S ⌉ ⌉ ⇋ R S = ℓ ∧ ℓ 6 = 0 Sometimes ℓ is introd uced as an abbreviation for R 1 . 1.2.4. Pr o of system. Th e axioms and ru les b elo w were prop osed in [HZ92] for DC with finite in terv als. ( D C 1) R 0 = 0 ( D C 2) R 1 = ℓ ( D C 3) R S ≥ 0 ( D C 4) R S 1 + R S 2 = R ( S 1 ∨ S 2 ) + R ( S 1 ∧ S 2 ) ( D C 5) ( R S = x ; R S = y ) ⇒ R S = x + y ( D C 6) R S 1 = R S 2 if S 1 and S 2 are prop ositionally equiv alen t ( I R 1) [ ℓ = 0 / A ] ϕ ϕ ⇒ [ A ∨ ( A ; ⌈ ⌈ S ⌉ ⌉ ∨ ⌈ ⌈¬ S ⌉ ⌉ ) / A ] ϕ [ ⊤ / A ] ϕ ( I R 2) [ ℓ = 0 / A ] ϕ ϕ ⇒ [ A ∨ ( ⌈ ⌈ S ⌉ ⌉ ∨ ⌈ ⌈¬ S ⌉ ⌉ ; A ) / A ] ϕ [ ⊤ / A ] ϕ These axioms and rules ha ve b een sho wn to b e complete w ith resp ect to the finite- in terv al v ariant hh R , ≤i , h R + , + , 0 i , λσ. max σ − min σ i of F R relativ e to v alidit y in the class of the ITL mo dels wh ic h are based on the fi nite-in terv al v arian t of F R in [HZ92]. The correctness of I R 1 and I R 2 is based on the finite v ariabilit y of state. Sin ce ev ery finite interv al can b e partitioned in to fi nitely many subinte rv als in w hic h the state expression S is constant, pro ving the v alidit y of a prop ert y ϕ ab out zero-length in terv als and pro ving that the v alidit y of ϕ at in terv als with n alternatio ns of the v alue of S implies the v alidit y of the same prop er ty ab out interv als with n + 1 such alternations is suffi cien t to conclude that ϕ holds ab out in terv als with any finite num b er of alternations of the v alue of S . This, b y the assu m ption of fi nite v ariability , means that ϕ is v alid ab out all in terv als. Th e completeness pro of from [HZ92] in v olv es tw o theorems whic h can b e derived using the ru les I R 1 and I R 2, in stead of the r ules thems elves. The second of these theorems d o es n ot hold for infinite in terv als and therefore w e mo d ify it appropriately: ( T 1) ℓ = 0 ∨ ( ⌈ ⌈ S ⌉ ⌉ ; ⊤ ) ∨ ( ⌈ ⌈¬ S ⌉ ⌉ ; ⊤ ) ( T 2) ℓ = 0 ∨ ℓ = ∞ ∨ ( ⊤ ; ⌈ ⌈ S ⌉ ⌉ ) ∨ ( ⊤ ; ⌈ ⌈¬ S ⌉ ⌉ ) The use of T 1 and T 2 instead of I R 1 and I R 2 brings tec h nical con venience to the r epre- sen tation of DC as a theory in ITL with D C 1- D C 6, T 1 and T 2 as its axioms in the pro of of relativ e completeness. W e take D C 1- D C 6, T 1 and the infin ite-in terv al v ersion of T 2 as axioms to form a relativ ely complete p ro of system for DC with in fi nite in terv als and disregard the r ules I R 1 and I R 2 in th e rest of the pap er. Th e pr o of of the relativ e completeness of this system follo ws closely the pattern of the original pro of from [HZ92]. It app ears as part of the pro of of the relativ e completeness of our infinite-in terv al-based system of probabilistic DC in Section 8 . 1.3. Probabilistic DC for real time. Probabilistic DC was fi rst in tr o duced for discrete time in [LRSZ93]. There is a c hapter on discrete time probabilistic D C in [ZH04] to o. Here follo ws the formal defin ition of real-time probilistic DC as in trod uced in [DZ99]. 10 D. P . GUELEV 1.3.1. R e al-time pr ob abilistic automata. Th e semantic s of the r eal-time probabilistic DC as originally prop osed in [DZ99] is based on a class of real-time probabilistic automata. Definition 1.3. A finite pr ob abilistic time d automaton is a system of the form A = h S, A, s 0 , h q a , a ∈ A i , h p a : a ∈ A ii (1.2) where: S is a fin ite set of states ; A ⊂ {h s, s ′ i : s, s ′ ∈ S, s 6 = s ′ } is a set of tr ansitions ; s 0 ∈ S is calle d the initial state ; q a ∈ [0 , 1] is the choic e pr ob ability for transition a ∈ A ; p a ∈ ( R + → R + ) is th e dur ation pr ob ability density of transition a . Giv en the automaton A , A s denotes { s ′ ∈ S : h s, s ′ i ∈ A } . If a ∈ A and a = h s, s ′ i , then s and s ′ are denoted by a − and a + , resp ectiv ely . Ch oice probabilities q a are required to satisfy P a ∈ A s q a = 1 for A s 6 = ∅ . Probabilit y densities p a are r equired to satisfy ∞ R 0 p a ( τ ) dτ = 1. An automaton A of th e form (1.2) w orks by going thr ough a finite or infinite sequence of stat es s 0 , s 1 , . . . , s n , . . . suc h th at h s i , s i +1 i ∈ A for all i . Eac h transition has a d uration d i , wh ic h is the time th at elapses b efore s i c h anges to s i +1 . Thus individual b ehaviours of A can b e r epresen ted as s equ ences of the form h a 0 , d 0 i , . . . , h a n , d n i , . . . (1.3) where a i ∈ A , d i ∈ R + , a − 0 = s 0 and a + i = a − i +1 for all i . Havi ng arriv ed at state s , A c h o oses transition a ∈ A s with pr obabilit y q a . The p robabilit y for the duration of a to b e in [ τ 1 , τ 2 ] is τ 2 R τ 1 p a ( τ ) dτ . Automata of the ab o ve t yp e are closely relate d to the p robabilistic real-time pro cesses kno wn from [A CD91, A CD92]. 1.3.2. DC mo dels for r e al-time pr ob abilistic automata b ehaviours. Probabilistic DC was in tro duced in [DZ99] for v o cabularies built to describ e the b eha viours of giv en real-time probabilistic automata. T he DC v o cabulary L A for (1.2) has the states s ∈ S as its state v ariables. T he only other non-logical sym b ols are the mandatory ones. A DC in terpr etation of L A describ es th e b ehavio ur (1.3) of A if f or all i < ω τ ∈ " P j τ 2 , then ≡ τ 1 ⊂≡ τ 2 and w ≡ ∞ v h olds iff P w = P v and I w and I v agree on all symbols, except p ossibly s ome in d ividual v ariables. W w ,τ is the set of those v ∈ W whic h repr esen t the probabilistic branc hing of w from time τ on wards. Definition 2.4. A gener al PDC mo del for L is a tuple of the f orm h F , W , I , P i where F , W , I and P are as abov e and satisfy the follo wing r equ iremen ts f or ev ery w ∈ W : W is close d under variants of i nterpr etations. I f w ∈ W , x is an ind ivid ual v ariable from L and a is in the domain from F w h ic h corresp ond s to the sort of x , then there is a v ∈ W suc h that P v = P w and I v = ( I w ) a x . P w r epr esents pr ob ability me asur es. The fun ction λX .P w ( τ , X ) for ev ery w ∈ W and τ ∈ T is a finitely additiv e probabilit y measure on the b o ole an algebra h 2 W , ∩ , ∪ , ∅ , W i . (2.1) and satisfies the equalit y P w ( τ , X ) = P w ( τ , X ∩ W w ,τ ) for all X ⊆ W , whic h means that λX .P w ( τ , X ) is requir ed to b e c onc entr ate d on the set W w ,τ . Informally , a general PITL mo del is based on a set W of d escriptions of infin ite b e- ha viours made b y means of the ITL inte rpretations I w whic h are asso ciat ed with eac h w ∈ W . All the in terpretations I w are into the same frame F and are supp osed to treat rigid symb ols identica lly to express that, e. g., arithmetics is the same in all b eha viours. It is assumed that, giv en a finite initial part of a b eha viour w unt il time τ , the mo d elled system can p r o ceed acco rding to a description within th e set W w ,τ of the b eha viours which are the same as w up to time τ . The probabilit y for the sys tem to c h o ose a b eha viour in X ⊆ W w ,τ is P w ( τ , X ). Next we defin e term v alues w σ ( t ) and the satisfaction of form ulas in PITL mo dels. The definitions of term v alues, the mo delling relation | = and its asso ciated notation [ [ . ] ] for terms, form ulas, mo dels and time inte rv als in PITL are give n b y the follo wing clauses, where the comp onent s of the m o del M are n amed as abov e: T erm values w σ ( x ) = I w ( x ) for v ariables x w σ ( c ) = I w ( c ) for rigid c w σ ( f ( t 1 , . . . , t # f )) = I w ( f )( w σ ( t 1 ) , . . . , w σ ( t # f )) for rigid f w σ ( c ) = I w ( c )( σ ) for flexible c w σ ( f ( t 1 , . . . , t # f )) = I w ( f )( σ, w σ ( t 1 ) , . . . , w σ ( t # f )) for flexible f w σ ( p ( ψ )) = P w (max σ, [ [ ψ ] ] M ,w ,σ ) 14 D. P . GUELEV Here [ [ ψ ] ] M ,w ,σ stands for { v ∈ W w , max σ : ( ∀ v ′ ∈ W )( P v ′ = P v ∧ I v ′ = ( I v ) I w ( x 1 ) ,...,I w ( x n ) x 1 , ... , x n → M , v ′ , [min σ, ∞ ] | = ψ ) } , (2.2) where x 1 , . . . , x n are the fr ee v ariables of ψ . This means th at [ [ ψ ] ] M ,w ,σ consists of the b ehavio urs v whic h are max σ -equiv alen t to w and s atisfy ψ at the infinite inte rv al starting at min σ . Satisfaction of formulas M , w , σ 6| = ⊥ M , w , σ | = R ( t 1 , . . . , t # R ) iff I w ( R )( w σ ( t 1 ) , . . . , w σ ( t # R )) = 1 for rigid R M , w , σ | = R ( t 1 , . . . , t # R ) iff I w ( R )( σ, w σ ( t 1 ) , . . . , w σ ( t # R )) = 1 for flexible R M , w , σ | = ( ϕ ⇒ ψ ) iff eit her M , w , σ 6| = ϕ or M , w , σ | = ψ M , w , σ | = ( ϕ ; ψ ) iff M , w, σ 1 | = ϕ and M , w, σ 2 | = ψ for s ome σ 1 ∈ I fin ( T F ) and σ 2 ∈ ˜ I ( T F ) suc h that σ 1 ; σ 2 = σ M , w , σ | = ∃ xϕ iff M , v , σ | = ϕ for some v ∈ W and s ome a from th e domain of the sort of x such that P v = P w and I v = ( I w ) a x Ob viously M , w, σ | = ψ iff h F , I w i , [min σ, ∞ ] | = ITL ψ as in non-probab ilistic ITL for ψ with no occurr ence of pr obabilit y terms . The probabilit y f unctions λX.P w ( τ , X ) for w ∈ W and τ ∈ T in general PITL mo dels M = h F, W , I , P i are n eeded ju st as m uch as they pro vide v alues for probability terms. That is wh y these functions need not b e defined on the entire algebra (2.1). In d eed, it is sufficien t for λX.P w ( τ , X ) to b e defined on the (generally smaller) algebra h{ [ [ ψ ] ] M ,w ,σ : ψ ∈ L , σ ∈ ˜ I ( T ) , max σ = τ } , ∩ , ∪ , ∅ , W w ,τ i , whic h we denote by B M ,w ,τ . This ob s erv ation justifies the b roadening of the defi nition of general PITL mo dels as follo ws. Amendmen t to Definition 2.4 Structur es of the form M = h F , W , P , I i fr om Definition 2.4, but with their pr ob ability fu nctions λX.P w ( τ , X ) define d just on the r esp e ctive algebr as B M ,w ,τ , ar e gener al PITL mo dels to o. Example A PITL mo d el M A = h F R , W , P , I i whic h is based on the real-time f r ame F R and describ es the working of a giv en p robabilistic automaton A of the form (1.2) from Definition 1.3 can b e d efi ned as follo ws. T he v o cabu lary of M A includes of the mand atory sym b ols 0, + , ℓ , . . . , the transitions a ∈ A as flexible 0-a ry predicate letters, and the c h oice probabilities q a as rigid co nstan ts. As for the duration p robabilit y densities p a , it is con venien t to ha v e rigid unary function sym b ols P a whic h denote the fu nctions λτ . τ R 0 p b ( t ) dt . The vocabulary do es n ot provide direct reference to the states of A as done in PDC ; b ehavio ur is instead describ ed in terms of tr ansition s whose b eginnings and ends mark th e times of state c hange. E v ery p ossible b ehaviour (1.3) is describ ed b y a w ∈ W such that I w ( a i ) " P j x ; ⊤ )) = 0 ⇒ p (( θ ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ≤ x.p (( θ ∧ ℓ = y ; ⊤ )) ( P ) ℓ ≤ y ∧ p (( ℓ = y ∧ θ ∧ p ( ϕ ) ≤ x ; ⊤ )) = 0 ⇒ p (( θ ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ≥ x.p (( θ ∧ ℓ = y ; ⊤ )) Let u s s h o w that these axioms enforce the p ossible approxima tions of (5.4). Assume that P and P are part of our pro of system. Let ϕ b e a PITL form ula, y b e an ind ividual v ariable of the duration sort and x 0 , . . . , x n b e n + 1 individual v ariables of the p r obabilit y sort. Let θ 0 ⇋ p ( ϕ ) ≤ x 0 , θ i ⇋ x i − 1 < p ( ϕ ) ∧ p ( ϕ ) ≤ x i , i = 1 , . . . , n. No w consid er the instances ℓ ≤ y ∧ p (( ℓ = y ∧ θ i ∧ p ( ϕ ) > x i ; ⊤ )) = 0 ⇒ p (( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ≤ x i .p (( θ i ∧ ℓ = y ; ⊤ )) ℓ ≤ y ∧ p (( ℓ = y ∧ θ i ∧ p ( ϕ ) ≤ x i − 1 ; ⊤ )) = 0 ⇒ p (( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ≥ x i − 1 .p (( θ i ∧ ℓ = y ; ⊤ )) of P and P for i = 1 , . . . , n and the instance ℓ ≤ y ∧ p (( ℓ = y ∧ θ 0 ∧ p ( ϕ ) > x 0 ; ⊤ )) = 0 ⇒ p (( θ 0 ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ≤ x 0 .p (( θ 0 ∧ ℓ = y ; ⊤ )) of P . Since ⊢ PITL θ i ∧ p ( ϕ ) > x i ⇒ ⊥ and ⊢ PITL θ i ∧ p ( ϕ ) ≤ x i − 1 ⇒ ⊥ , w e ha ve 32 D. P . GUELEV ⊢ PITL p (( ℓ = y ∧ θ i ∧ p ( ϕ ) > x i ; ⊤ )) = 0 , p (( ℓ = y ∧ θ i ∧ p ( ϕ ) < x i − 1 ; ⊤ )) = 0 b y PITL 1 an d P ⊥ . Hence the consid ered instances of P and P en tail ⊢ PITL ℓ ≤ y ⇒ x i − 1 .p (( θ i ∧ ℓ = y ; ⊤ )) ≤ p (( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) (5.5) for i = 1 , . . . , n and ⊢ PITL ℓ ≤ y ⇒ p (( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ≤ x i .p (( θ i ∧ ℓ = y ; ⊤ )) (5.6) for i = 0 , . . . , n . Let χ denote the rigid formula y < ∞ ∧ x 0 = 0 ∧ x n = 1 ∧ n ^ i =1 x i − 1 ≤ x i . Then a p urely ITL d eduction sho ws that ⊢ PITL χ ⇒ ϕ ⇔ n _ i =0 (( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ! and ⊢ PITL χ ⇒ ¬ ((( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) ∧ (( θ j ∧ ℓ = y ; ⊤ ) ∧ ϕ )) for i 6 = j , i, j = 0 , . . . , n . Hence, using the axioms for arithmetics of probabilities and PITL 4, w e ca n deriv e ⊢ PITL χ ⇒ p ( ϕ ) = n X i =0 p (( θ i ∧ ℓ = y ; ⊤ ) ∧ ϕ ) . No w (5.5 ) and (5.6 ) imply ⊢ PITL χ ⇒ n X i =1 x i − 1 .p (( θ i ∧ ℓ = y ; ⊤ )) ≤ p ( ϕ ) ∧ p ( ϕ ) ≤ n X i =0 x i .p (( θ i ∧ ℓ = y ; ⊤ )) . (5.7) Recall th e mod el M and its d istinguished w 0 ∈ W and time p oin t τ 0 . Let τ , τ ′ ∈ T and τ ≤ τ ′ . Let I w 0 ( y ) = m ([ τ 0 , τ ′ ]). Then the s atisfaction of (5.7) at w 0 , [ τ 0 , τ ] in M means that if A = [ [ ϕ ] ] M ,w 0 ,τ and B i = [ [ θ i ] ] M ,w 0 ,τ , i = 0 , . . . , n , then P w 0 ( τ , A ) is b ound ed b y the sums (5.3) where ξ 0 = 0, η 0 = I w 0 ( x 0 ) and ξ i = I w 0 ( x i − 1 ) and η i = I w 0 ( x i ) for i = 1 , . . . , n . Assume that z is a v ariable of the probabilit y sort and M satisfies the rigid formula n ^ i =1 x i ≤ x i − 1 + z at w 0 as w ell. Then , since n P i =0 P w 0 ( τ , B i ) = 1, the lo we r and u pp er approxima tions (5.3) differ by no more than I w 0 ( z ). No w it is clear that the v alidit y of P and P in M en tails that (5.4) h olds appro ximately with p recision which is smaller than any probabilit y δ ∈ U suc h th at δ + . . . + δ | {z } n times ≥ 1 for some n < ω . He nce, if h U, + , ., 0 , 1 i has no “infi nitely small” elemen ts, then the in tegral from (5.4) is defined and (5.4) holds. If there are suc h elemen ts, then the difference b etw een the least upp er b oun d and the greatest lo we r b ound of the sums (5.3), resp ectiv ely , is “infinitely small”. PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 33 Ob viously the condition W w 0 ,τ 0 = W is relev ant just to th e sc op e of the (appro ximate) v alidit y of (5.2). If all instances of P and P hold ev er y w here in a PITL mo del, then so do the appro ximations of (5.2). 6. Probabilistic rea l-time DC with infinite inter v als In this section w e int ro duce an enhanced system of real-time probabilistic D C w hic h enables the handling of infinite in terv als and has a syn tactically simp ler and more expressiv e probabilit y op erator instead of the original µ ( . )( . ). T he new system is obtained as the extension of PITL b y state expressions and duration terms. It p rop erly sub s umes the original probabilistic real-time DC from [DZ99] in a straigh tforw ard w a y . Th e relativ e completeness result ab out p r obabilistic DC in this p ap er is ab out this enhanced system and w e use the acron ym PDC for it in the rest of the pap er. 6.1. Language. PDC v o cabularies are just PITL vocabularies extended b y state v ari- ables, w hic h are us ed to construct state expressions and dur ation terms just lik e in (non- probabilistic) DC (see Section 1.2 of the Preliminaries). 6.2. Mo de ls and satisfaction. PDC mo dels are PITL mo dels whic h are based on the real-time and -probabilit y fr ame for t w o-sorte d ITL with infinite in terv als F R = hh R , ≤ , ∞i , h R + , + , 0 , ∞i , h R + , + , ., 0 , 1 i , λσ. max σ − min σ i , the only difference b eing that the int erpretations I w , w ∈ W are supp osed to map the state v ariables from the resp ectiv e vocabularies to { 0 , 1 } -v alued functions of time with the finite v ariabilit y prop erty . W e assume that m ultiplicatio n is a v ailable for probabilities. The definition of the v alues of duration terms and the definition of the satisfactio n relation are just lik e in DC and PITL , resp ectiv ely . 6.3. Describing probabilistic real-time automata and expressing µ ( . )( . ) . Th e prob- abilistic automata from the semantic s of PDC orig inally in tro duced in [DZ99] can b e d e- scrib ed in the system of PDC pr op osed in this pap er. The original probabilit y op erator µ ( . )( . ) can b e expr essed using p ( . ) as follo ws. Let A b e an automaton of the form (1.2) fr om Definition 1 .3. Th e DC v ocabulary whic h corresp onds to A consists the s tates of A as state v ariables and the PITL v o cabu lary for A in tro duced th e example from Section 2.2, w hic h includes the trans itions of A as temp oral prop ositional lette rs (0-ary fl exible predicate symb ols), the rigid constan ts q a and th e r igid unary fu nction symb ols P a to d enote λτ . τ R 0 p a ( t ) dt f or eac h transition a , r esp ectiv ely . Let M = h F R , W , I , P i b e a PDC mo del for this v o cabulary in the sen s e of Section 6.2 with W b eing the set of all th e b ehavio urs of A and λX .P w ( τ , X ) b eing the conditional pr obabilit y for a b eha viour of A to b e d escrib ed by an int erpretation in the set X ⊆ W w ,τ , giv en that w ∈ W describ es this b eha viour within the inte rv al [0 , τ ], like in the example from S ection 2.2. Then M v alidates the axio ms ✷ ¬ ( ⌈ ⌈¬ a − ⌉ ⌉ ; ⌈ ⌈ a − ⌉ ⌉ ∧ ¬ a ; ⌈ ⌈ a + ⌉ ⌉ ) , ¬ ( ⌈ ⌈ a − ⌉ ⌉ ∧ ¬ a ; ⌈ ⌈ a + ⌉ ⌉ ; ⊤ ) and ✷ ( ¬ ( ⌈ ⌈ a − ⌉ ⌉ ; a ) ∧ ¬ ( a ∧ ¬⌈ ⌈ a − ⌉ ⌉ ) ∧ ¬ ( a ; ⌈ ⌈¬ a + ⌉ ⌉ )) 34 D. P . GUELEV for all transitions a at all in terv als σ such that min σ = 0. Th ese axioms force the in terpre- tations of the temp oral p r op ositional lett ers a to corresp ond to the resp ectiv e transitions of A , wh ich are iden tified b y obs erving their source states a − and destination states a + , in the wa y p rop osed in the examp le from Section 2.2. Ha ving this corresp ondence, the probabilistic b eha viour of A can b e d escrib ed by formulas su c h as (2.4). If us ed toget her with the axioms P and P from S ection 5, su c h f orm ulas are suffi cien t to express the con- ditions on the prob ab ility fu nctions λX.P w ( τ , X ) for w ∈ W which are enco ded b y the comp onent s p a and q a of the au tomaton A . F ur thermore, the v alue of µ ( ϕ )( t ) is equ al to w [0 , 0] ( p (( ϕ ∧ ℓ = t ; ⊤ ))) for ev ery DC form ula ϕ and ev ery w ∈ W . Note that the probabilities expressed by terms of the form p ( ϕ ) are determined b y u sing the tru th v alues of ϕ at infinite interv als. Th at is wh y the probabilit y for ϕ to hold at a finite in terv al endin g at some future time p oin t is exp r essed by the term p (( ϕ ; ⊤ )), in whic h ⊤ acco unt s of the infinite in terv al follo wing that end p oin t. In our PDC axioms ab out probabilistic timed automata b ehavio ur w e refer to the probabilit y P a ( τ ) for transition a to b e o v er b y time τ instead of th e probability density p a ( t ) for a to finish at time t , whic h w as used in the original pap er [DZ99]. This is not a limitati on, b ecause, at least in the case of piece-wise con tinuous p a , the relatio n P a ( τ ) = τ R 0 p a ( t ) dt b et w een P a and p a can b e axiomatised m u c h lik e (5.2). On the con trary , there are p ractically in teresting cases su c h as that of transitions with d iscrete or fi nite sets of p ossible dur ations in whic h p a cannot b e defined w hereas P a exists. 7. A pr oof syste m for PD C The pro of system for P DC that w e p r op ose consists of the DC axioms DC 1- DC 6, T 1 and T 2 from Section 1.2 .4. W e demonstrate the relativ e completeness of this pro of system in Section 8 b elo w. Since completeness relativ e to v alidit y in the class of the P ITL mod els whic h are based on F R means that all formulas w h ic h are v alid at suc h PITL mo dels are admitted as axioms, the PITL axioms from Sectio n 3 are no more r elev an t than an y of these v alid form ulas from the formal p oint of view. 8. Rela tive c omplete ness of the proof system for P DC The pr o of of the completeness of the axioms DC 1- DC 6, T 1 and T 2 for PDC relativ e to v alidit y in the class of the F R -based mo dels of PITL follo ws closely the pattern of the original relativ e completeness pr o of for (non-p r obabilistic) DC from [HZ92]. Th e v arian t of this pro of about th e system of DC based on the mo d alities of NL from [RZ97] is very close to our setting. Therefore we include the pro of details mostly for the sak e of completeness. Belo w PITL R L stands for the set of the PITL formulas written in the v o cabulary L wh ich are v alid in the class of all F R -based PITL mo d els. Let ϕ b e a PDC f orm ula written in some vocabulary L and let S b e the set of all the state expressions whic h can b e w ritten using only the state v ariables w hic h occur in ϕ . Giv en a state expression S ∈ S , w e d enote the set { S ′ ∈ S : S ′ is prop ositionally equiv alen t to S } b y [ S ]. Since ϕ con tains a finite num b er of state v ariables, there are finitely many differen t equiv alence classes [ S ] f or S ∈ S . Let L ′ b e the ITL vocabulary whic h consists of the PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 35 sym b ols from L , except the state v ariables, and the fr esh fl exible constan ts ℓ [ S ] , S ∈ S . Since there are fin itely many classes [ S ], these fl exib le constants are finitely m an y to o. If all the state expressions whic h o ccur in some PDC form u la ψ are from S , we denote the result of sub stituting ev ery duration term R S with the resp ectiv e flexible constant ℓ [ S ] in ψ b y ψ ′ . Note that ψ ′ is a P ITL formula with no PDC -sp ecific constructs left in it. No w co nsider the set H of all the instances of DC 1- DC 6, T 1 and T 2 for state expressions from S . Unless no state v ariables o ccur in ϕ , H is infinite. Ho w ev er, since there are fi nitely man y equ iv alence classes [ S ], the set H ′ = { α ′ : α ∈ H } is finite. W e define the sequence of formulas ψ k , k < ω as follo ws: ψ 0 ⇋ ✷ ^ H ′ , ψ k +1 ⇋ ✷ ^ H ′ ∧ p ( ψ k ) = 1 for all k < ω . The form ula ψ k states that all the in stances of the DC axioms hold with probability 1 at in terpretations whic h are accessible thr ough p r obabilit y terms of heigh t at most k . No w assu me that ϕ is consistent with our pro of system for P DC . Let n = h ( ϕ ) where h ( ϕ ) = 0 for ϕ with no o ccurrence of probabilit y terms, and h ( ϕ ) = 1 + max { h ( ψ ) : p ( ψ ) o ccurs in ϕ } for ϕ with probabilit y terms. Then the f orm ula ψ ⇋ ℓ = ∞ ∧ ( ϕ ′ ∨ ( ϕ ′ ; ℓ = ∞ )) ∧ ψ n is consisten t with P ITL R L . This entails that there is a P ITL mo del M = h F R , W , I , P i , w 0 ∈ W and an in terv al σ 0 ∈ ˜ I ( R ) suc h that M , w 0 , σ 0 | = ψ . Clearly σ 0 ∈ I inf ( R ). F ollo win g th e example from [HZ92], we use M in order to build a PDC mo del for L wh ic h satisfies ϕ . W e defin e the ascending sequence of sub s ets N 0 ⊆ N 1 ⊆ . . . ⊆ N n of W by the equalities N 0 = { w 0 } and N k = [ w ∈ N k − 1 { v ∈ W w , min σ 0 : M , v , σ 0 | = ψ n − k } for k = 1 , . . . , n. The set of the b eha viour descriptions W ′ for the PDC mod el we are constru cting is N n . Let w ∈ N n and τ ∈ (min σ 0 , ∞ ). Let Q b e a state v ariable o ccurring in ϕ . Th en ℓ = 0 ∨ ( ⌈ ⌈ Q ⌉ ⌉ ; ⊤ ) ∨ ( ⌈ ⌈¬ Q ⌉ ⌉ ; ⊤ ) , ℓ = 0 ∨ ℓ = ∞ ∨ ( ⊤ ; ⌈ ⌈ Q ⌉ ⌉ ) ∨ ( ⊤ ; ⌈ ⌈¬ Q ⌉ ⌉ ) ∈ H , b ecause these form u las are ins tances of T 1 and T 2, resp ectiv ely . This ent ails that M , w , [ τ , τ + 1] | = ( ℓ [ Q ] = ℓ ∧ ℓ 6 = 0; ⊤ ) ∨ ( ℓ [ ¬ Q ] = ℓ ∧ ℓ 6 = 0; ⊤ ) and M , w , [min σ 0 , τ ] | = ( ⊤ ; ℓ [ Q ] = ℓ ∧ ℓ 6 = 0) ∨ ( ⊤ ; ℓ [ ¬ Q ] = ℓ ∧ ℓ 6 = 0) , whic h implies that th er e are some ξ , η ∈ R su c h that ξ < τ < η and M , w , [ τ , η ] | = ℓ [ Q ] = ℓ ∨ ℓ [ ¬ Q ] = ℓ and M , I , [ ξ , τ ] | = ℓ [ Q ] = ℓ ∨ ℓ [ ¬ Q ] = ℓ. Let us fix some ξ and η with this pr op ert y and denote the op en n eigh b ourho o d ( ξ , η ) of τ b y O Q,w ,τ . Similarly , M , w , [min σ 0 , min σ 0 + 1] | = ( ℓ [ Q ] = ℓ ∧ ℓ 6 = 0; ⊤ ) ∨ ( ℓ [ ¬ Q ] = ℓ ∧ ℓ 6 = 0; ⊤ ) 36 D. P . GUELEV and hence th er e is an η > min σ 0 suc h that M , w , [min σ 0 , η ] | = ℓ [ Q ] = ℓ ∨ ℓ [ ¬ Q ] = ℓ. W e fix su c h an η and write O Q,w , mi n σ 0 for the semi-op en neigh b ourho o d [min σ 0 , η ) of min σ 0 . Ob viously [ τ ∈ [min σ 0 , ∞ ) O Q,w ,τ = [min σ 0 , ∞ ) . Moreo ver, O Q,w = { O Q,w ,τ : τ ∈ [min σ 0 , ∞ ) } is a (relativ ely) open co v ering of [min σ 0 , ∞ ). Here follo ws the k ey observ ation in this pro of: the compactness of the in terv als of the form [min σ 0 + k , min σ 0 + k + 1] wh ere k = 0 , 1 , 2 , . . . implies that for ev ery such k there is a fin ite sub-co v erin g O Q,w ,k ⊂ O Q,w of [min σ 0 + k , min σ 0 + k + 1]. Let O Q,w ,k = { O Q,w ,τ Q,w,k, 1 , . . . , O Q,w ,τ Q,w,k,n w,k } . W e w ill use the time p oin ts τ Q,w ,k ,i , i = 1 , . . . , n w ,k , k = 0 , 1 , . . . , where Q is a state v ariable occurr in g in ϕ to define an in terpretation ( I ′ ) w of L in our PDC mo d el under construction wh ic h corresp onds to I w for w ∈ W ′ . Let us denote th e set of these time p oints b y C Q,w . Since min σ 0 ∈ C Q,w and C Q,w ∩ σ is finite for ev er y b ounded in terv al σ , the set C Q,w ∩ [min σ 0 , τ ] con tains a greatest time p oin t for every τ ∈ [min σ 0 , ∞ ). ( I ′ ) w is defined by the follo wing clauses ( I ′ ) w ( s ) = I ( s ) for all sym b ols s ∈ L whic h are not state v ariables; ( I ′ ) w ( Q )( τ ) = 0 for all state v ariables Q ∈ L whic h do n ot occur in ϕ and all τ ∈ R ; ( I ′ ) w ( Q )( τ ) = 1 for state v ariables P wh ic h o ccur in ϕ and τ such that M , w , [ τ ′ , sup O Q,w ,τ ′ ] | = ℓ [ Q ] = ℓ , wh er e τ ′ = max( C Q,w ∩ [min σ 0 , τ ]); ( I ′ ) w ( Q )( τ ) = 0 for state v ariables Q wh ic h o ccur in ϕ and τ such that M , w , [ τ ′ , sup O Q,w ,τ ′ ] | = ℓ [ ¬ Q ] = ℓ , wher e τ ′ is as ab o v e and f or τ < min σ 0 as w ell. A straigh tforw ard argument based on the presence of the app ropriate instances of DC 1- DC 6 in H imp lies that this defi nition of ( I ′ ) w is correct and I ′ satisfies the equ alit y ( I ′ ) w σ ( R S ) = I w σ ( ℓ [ S ] ) for all state expressions S ∈ S and all in terv als σ ∈ ˜ I ( R ) such that min σ 0 ≤ min σ . The functions ( P ′ ) w , w ∈ W ′ , are defined u sing the resp ectiv e P w b y the equalit y ( P ′ ) w ( τ , A ∩ W ′ ) = P w ( τ , A ) (8.1) for w ∈ S n − 1 i =0 N i and τ ≥ min σ . Since M , w 0 , σ 0 | = ψ n , the construction of W ′ implies that P w ( τ , ( W ′ ) w ,τ ) = 1 for all such w . Hence if P ( τ , A 1 ) 6 = P ( τ , A 2 ), then P ( τ , A 1 ∩ W ′ w ,τ ) 6 = P ( τ , A 2 ∩ W ′ w ,τ ) as well , whic h implies that A 1 ∩ ( W ′ ) w ,τ 6 = A 2 ∩ ( W ′ ) w ,τ . That is why the equality (8.1) defines the f unction ( P ′ ) w correctly . W e allo w ( P ′ ) w to b e arbitrary for w ∈ W ′ \ S n − 1 i =0 N i , b ecause the truth v alues of formulas of probabilit y heigh t up to n at w 0 , σ 0 do not dep end on these functions. Let M ′ = h F R , W ′ , I ′ , P ′ i . An indu ction on k implies th at if ψ is a PDC f ormula written in L , h ( ψ ) ≤ k , w ∈ N i , σ ∈ ˜ I ( R ), min σ ≥ m in σ 0 and k + i ≤ n , then M ′ , w , σ | = ψ iff M , w , σ | = ψ ′ and P w (max σ, [ [ ψ ′ ] ] M ,w ,σ ) = ( P ′ ) w ( τ , [ [ ψ ] ] M ′ ,w ,σ ) . This, in particular, im p lies that M ′ , w 0 , σ 0 | = ϕ or M ′ , w 0 , σ 0 | = ( ϕ ; ℓ = ∞ ) . In the latter case M ′ , w 0 , σ | = ϕ for some σ ∈ I fin ( R ) suc h th at min σ = min σ 0 . PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 37 This concludes the pro of of the relativ e completeness of the axioms DC 1– DC 6, T 1 and T 2 for PDC , b ecause w e ha v e sho wn th at the assumption that a give n PDC formula is consisten t with this p r o of system entail s that the form ula is satisfiable at a PDC mo del. 9. PITL with infinite inter v als an d PNL The system which is clo sest to PITL b oth in its seman tics and pro of sys tem is the probabilistic extension of n eighb ou r ho o d logic PNL whic h was pr op osed in [Gue00]. Th e mo dalities ✸ l and ✸ r of NL are defin ed by the clauses: M , σ | = ✸ l ϕ iff M , σ ′ | = ϕ for some σ ′ suc h that m ax σ ′ = min σ M , σ | = ✸ r ϕ iff M , σ ′ | = ϕ for some σ ′ suc h that m in σ ′ = max σ ✸ l and ✸ r are called exp anding mo d alities b ecause they allo w access outside the r eference in terv al. The dual mo dalities ✷ d of ✸ d are defined b y the clauses ✸ d ⇋ ¬ ✸ r ¬ ✸ d ϕ for d ∈ { l , r } . A dur ation calculus on the basis of N L w as dev elop ed in [RZ97]. In fi nite inte rv als are an alternativ e wa y to ac hieve the exp ressivit y of ✸ r . A tr u th pr eservin g translation from ITL with infin ite in terv als to N L is imp ossib le for the trivial reason that N L d o es not ha ve infinite in terv als and there is no straigh tforw ard w a y to capture the ITL in terp retation of flexible symb ols at infinite inte rv als. F u rthermore, NL dur ation domains kn o w n from the literature d o not includ e ∞ , b u t include n egativ e durations. Ho wev er, if the only flexible sym b ols in the considered vocabularies are ℓ and state v ariables, then the d uration calculi based on NL and on ITL with infinite in terv als, resp ectiv ely , can b e r elated b y means of a translation whic h has the follo win g prop ert y: If ψ is the NL -based DC form u la which is the translation of s ome ITL -based DC form ula ϕ and F V ( ϕ ) = { x 1 , . . . , x n } , then M ′ , [ τ , τ ] | = ψ iff M , [ τ , ∞ ] | = ϕ, (9.1) where the du ration domain of the ITL model M is obtained from that of the NL mo del M ′ b y remo ving the negativ e elemen ts and adding ∞ , an d the meanings of the non-logical sym b ols in M and M ′ on the inte rsection of the tw o d uration domains are the same. W e describ e suc h a tr anslation in th is section. The predicate log ic equiv alences R ( t 1 , . . . , t n ) ⇔ ∃ x 1 . . . ∃ x n R ( x 1 , . . . , x n ) ∧ n ^ i =1 t i = x i ! and f ( t 1 , . . . , t n ) = z ⇔ ∃ x 1 . . . ∃ x n f ( x 1 , . . . , x n ) = z ∧ n ^ i =1 t i = x i ! , where x 1 , . . . , x n do not o ccur in t 1 , . . . , t n , all o w us to assume that all atomic subformulas of the ITL form ulas to b e translated are either rigid of h a v e the f orm R S = x where x is a v ariable. W e can also treat ℓ as R 1 . The clauses b elo w define t w o auxiliary trans lations ( . ) fin and ( . ) inf from ITL -based to NL -based D C . ( . ) fin translates an ITL form ula wh ic h is to b e ev aluated at a finite in terv al in to its NL equiv alent . ( . ) inf translates an ITL formula whic h is to b e ev aluated at an infinite in terv al σ into a corresp ond ing N L formula wh ic h 38 D. P . GUELEV defines the same condition on σ wh en ev aluated at the zero-length interv al [min σ, min σ ]. ( . ) inf refers to ( . ) fin for the translation of ( . ; . )-form u las. Both au x iliary translations are correct only under the assumption that the free v ariables of the giv en ITL formula s range o ver non-negativ e finite durations. Infinit y is handled only where exp licitly denoted b y the sym b ol ∞ . A tomic formulas R ( t 1 , . . . , t n ) with the p arameter list t 1 , . . . , t n consisting of individual v ariables and, p ossibly , ∞ translate into dedicated sp e cialising form u las S R t 1 ,...,t n , whic h define the appropriate pred icates on the non- ∞ parameters acco rding to the in tend ed meaning of R and the p ositions of the occurr ences of ∞ in t 1 , . . . , t n . F or instance, S = x,y is x = y , S = x, ∞ is ⊥ , and S = ∞ , ∞ is ⊤ . Ato mic formulas with = and function sym b ols are handled similarly , e.g. the form ula S + x, ∞ ; y for x + ∞ = y is ⊥ , and S + x, ∞ ; ∞ is ⊤ . ⊥ fin ⇋ ⊥ ( R ( t 1 , . . . , t n )) fin ⇋ S R t 1 ,...,t n ( f ( t 1 , . . . , t n ) = t n +1 ) fin ⇋ S f t 1 ,...,t n ; t n +1 ( R S = ∞ ) fin ⇋ ⊥ ( R S = x ) fin ⇋ R S = x ( ϕ ⇒ ψ ) fin ⇋ ϕ fin ⇒ ψ fin ( ϕ ; ψ ) fin ⇋ ∃ x ∃ y ( R 1 = x + y ∧ ✸ l ✸ r ( ℓ = x ∧ ϕ fin ∧ ✸ r ( ℓ = y ∧ ψ fin ))) ( ∃ xϕ ) fin ⇋ ([ ∞ /x ] ϕ ) fin ∨ ∃ x ( x ≥ 0 ∧ ϕ fin ) ⊥ inf ⇋ ⊥ ( R ( t 1 , . . . , t n )) inf ⇋ S R t 1 ,...,t n ( f ( t 1 , . . . , t n ) = t n +1 ) inf ⇋ S f t 1 ,...,t n ; t n +1 ( R S = ∞ ) inf ⇋ ∀ x ✸ r R S > x ( R S = x ) inf ⇋ ✸ r ( R S = x ∧ ✷ r R S = 0) ( ϕ ⇒ ψ ) inf ⇋ ϕ inf ⇒ ψ inf ( ϕ ; ψ ) inf ⇋ ✸ r ( ϕ fin ∧ ✸ r ( ℓ = 0 ∧ ψ inf )) ( ∃ xϕ ) inf ⇋ ([ ∞ /x ] ϕ ) inf ∨ ∃ x ( x ≥ 0 ∧ ϕ inf ) As m entioned ab ov e, ( . ) inf is correct only under the assu m ption that the free v ariables of the giv en ITL form ulas range o ver non-negativ e finite durations. T o remov e this restriction, giv en an ITL formula ϕ whose fr ee v ariables are x 1 , . . . , x n , we define the sequence of form ulas ϕ 0 , . . . , ϕ n b y the clauses ϕ 0 ⇋ ϕ and ϕ i ⇋ ( x i ≥ 0 ∧ ϕ i − 1 ) ∨ [ ∞ /x i ] ϕ i − 1 for i = 1 , . . . , n, and c ho ose the formula ψ from (9.1) to b e ( ϕ n ) inf . This translation can b e extended to one b et we en PDC with infinite in terv als and a system of probabilistic DC based on NL by putting ( p ( ϕ ) = x ) fin ⇋ p ( ϕ inf ) = x . ( p ( ϕ ) = x ) inf ⇋ ϕ inf ∧ x = 1 ∨ ¬ ϕ inf ∧ x = 0. A translation from NL int o ITL with infin ite interv als is p ossib le to o u nder the assumption that th ere is a time p oin t τ 0 suc h that the v alues of all flexible symbols except ℓ at in terv als starting b efore τ 0 are irrelev an t to the truth v alue of the translated form ula. T his restriction is necessary , b ecause an ITL f orm ula cannot express co nditions on the past prior to the b eginning of the infi nite reference int erv al. It can b e a v oided if one considers a sys tem of ITL with in terv als wh ic h can b e infinite in to the p ast as w ell, whic h is b ey ond th e scop e of PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 39 this pap er. If a p rop erty do es not dep end on the in terpretation of the flexible symb ols on the left of the b eginning of the referen ce in terv al and can b e expressed b y an N L form ula, then it can b e expressed by an NL form ula in whic h the only o ccurr ences of ✸ l are in subformulas of the form ✸ l ✸ r χ . Giv en an NL form u la ϕ whic h satisfies this syntact ical restriction, one can find an ITL form ula ψ su ch that M , [ τ 0 , ∞ ] | = ψ is equiv alen t to the existence of a τ 1 ≥ τ 0 suc h that M ′ , [ τ 0 , τ 1 ] | = ϕ . Belo w we giv e a translation wh ich, giv en a ϕ of the form ϕ ::= ⊥ | R ( t, . . . , t ) | ( ϕ ⇒ ϕ ) | ✸ r ϕ | ✸ l ✸ r ϕ | ∃ x ( x ≥ 0 ∧ ϕ ) pro du ces a corresp onding ψ . This tr an s lation pr o duces formulas constructed using ∃ , ⇒ , ⊥ , rigid form u las and formulas of the form ( ℓ = t 1 ; ℓ = t 2 ∧ α ; ⊤ ) (9.2) with α b eing a mo dalit y-free f ormula. The translation works by reducing the n u m b er of the o ccurrences of ✸ l ✸ r and ✸ r in form u las of the form (9.2), y et with α b eing a NL formula. The ITL formula ψ is obtained b y starting from ( ℓ = 0; ℓ = 0 ∧ ✸ ϕ ; ⊤ ). T o under s tand the correctness of the translati on, one ca n thin k of a system whic h has all the mo dalitie s ( . ; . ), ✸ l and ✸ r , with the ob vious semantic s, and c hec k that the tr anslation rules corresp ond to v alid equiv alences at infin ite reference int erv als, pr o v id ed that the f ree v ariables of the in v olve d form ulas hav e finite non-negativ e v alues. Here follo w the transformation rules whic h defin e the translation: ( ℓ = t 1 ; ℓ = t 2 ∧ ( χ 1 ⇒ χ 2 ); ⊤ ) → ( ℓ = t 1 ; ℓ = t 2 ∧ χ 1 ; ⊤ ) ⇒ ( ℓ = t 1 ; ℓ = t 2 ∧ χ 2 ; ⊤ ) ( ℓ = t 1 ; ℓ = t 2 ∧ ✸ r χ ; ⊤ ) → ∃ z ( ℓ = t 1 + t 2 ; ℓ = z ∧ χ ; ⊤ ) ( ℓ = t 1 ; ℓ = t 2 ∧ ✸ l ✸ r χ ; ⊤ ) → ∃ z ( ℓ = t 1 ; ℓ = z ∧ χ ; ⊤ ) ( ℓ = t 1 ; ℓ = t 2 ∧ ∃ x ( x ≥ 0 ∧ χ ); ⊤ ) → ∃ x ( x < ∞ ∧ ( ℓ = t 1 ; ℓ = t 2 ∧ χ ; ⊤ )) The individu al v ariable z in the rules ab o v e is su pp osed to b e fresh . The last ru le can b e applied only if x 6∈ F V ( t 1 ) , F V ( t 2 ). Th is translatio n can b e extended to one from PNL to PITL by mapping NL prob ab ility terms p ( ϕ ) to PITL corr esp onding pr obabilit y terms p ( ψ ) where ψ is the translatio n of ϕ . Concluding rem arks W e conclude by discussing some r estrictions on the scop e of the completeness results ab out PITL and P D C presen ted in this pap er. Countable add itivity of pr ob ability functions. According to our definition, the probabilit y functions in PITL mo dels are r equ ired to b e just fi nitely additiv e, whereas classical prob- abilit y theory is ab out coun tably additiv e probabilit y fu n ctions. One simple r eason for this is the c hoice to ha v e an abstract d omain of probabilities whic h is not required to b e Dedekind-complete and therefore the infin ite sums wh ic h are relev an t to countable addi- tivit y cannot b e guarant eed to exist. The difficu lty in axiomatising coun table add itivit y b ecomes ev en more ob vious from the observ ation that PITL has the L¨ owenheim-Skolem prop erty . This means that coun tably-infinite consisten t sets of PITL f orm ulas can b e sat- isfied at countably-infinite mo d els, w hic h, in particular, ha v e coun tably-infin ite d omains. This follo w s im m ediately from th e construction of the PITL mo del in the completeness 40 D. P . GUELEV argumen t f or our pr o of sys tem. Countably-infinite PITL mo dels with coun tably add itiv e probabilit y functions v alidate form u las of th e f orm ∀ x ( p ( ϕ ) = 0) ⇒ p ( ∃ xϕ ) = 0 . This follo ws immed iately fr om the fact that x ranges o ver a counta bly-infinite domain. Hence, the ab o v e formula sh ould b e a theorem in a pro of system whic h is complete with resp ect to mo dels w ith countably add itiv e probabilit y fun ctions, as long as the L¨ ow enheim- Sk olem prop ert y holds. Ho we v er, this form ula is not v alid in arbitrary mo d els. Completeness of PDC r elative to (non-pr ob abilistic) r e al-time ITL. Our d emonstration that some w ell-kno wn axioms of (non-prob ab ilistic) DC form a pro of system whic h is complete relativ e to pr ob abilistic ITL with infin ite in terv als w as hardly a tec h nical c h allenge, giv en the similar pro ofs from [HZ92, RZ97]. It w ould ha v e b een in teresting to d ev elop a pro of system for PDC wh ic h is complete relativ e to r eal-time ITL without probabilities. The pro of of Lemma 4.11, whic h is the k ey step in our mo del constru ction for the completeness argumen t f or PITL , exp lains wh y this is imp ossible. The mo d el construction in v olv es an expression of τ -equiv alence b y the f orm ulas ( ✷ ∀ ( χ ν ⇔ χ ν ′ ) ∧ ℓ = c ; ℓ = ∞ ) (9.3) for τ b eing th e equiv alence class [ c ] of the rigid constant c . T he relation of τ -equiv alence is needed to hold b et w een an y giv en w ∈ W from a PDC mo del M = h F R , W , I , P i and the v ∈ W which are needed to p opulate [ [ ϕ ] ] M ,w ,σ for ϕ suc h that M , w is supp osed to satisfy p ( ϕ ) 6 = 0 at inte rv als σ whose end p oin t is τ . The p ro of of Lemma 4.11 relies on the p ossibilit y to use th e formulas (9.3) and an assumption wh ic h essentia lly amounts to the deriv abilit y of ¬ ϕ from some appr opriately c hosen form u las in order to deriv e the existence of a form ula θ s u c h that the same form ulas imply ( θ ∧ ℓ = c ; ℓ = ∞ ) ⇒ ¬ ϕ , which in its turn enables an app lication of the PITL pro of ru le P ≤ to derive θ ⇒ p ( ϕ ) = 0 and reac h the aimed con trad iction. T he existence of the formula θ amounts to the in terv al-rela ted in tep olation prop erty of ITL with in finite in terv als (see Section 4.1). Unfortunately , DC has neither this inte rp olation prop ert y , nor th e related Cr aig int erp olation prop ert y [Gue04b]. The counterexample to Craig interp olation in [Gue04b] indicates that the prop erty could p ossibly b e restored by allo wing infin itary form ulas to tak e the role of θ . DC is not a compact logic and therefore deriv abilit y from infi nite sets of pr emises is not r ed ucible to deriv abilit y from finite ones. Hence, in ord er to ac hieve sufficien t deductiv e p o wer, the pro of rule P ≤ w ould h a v e to b e replaced by one allo wing in finitary formulas on th e left of ⇒ as w ell. The deductive p o wer of a finitary rule w ould b e insuffi cien t for the role of P ≤ in an y presumable finitary pro of system for PDC that is complete relativ e to (non -p robabilistic) real-time ITL with infinite interv als. Referen ces [AC D91] R a jeev Alur, Costas Courcoub etis, and David L. Dill. Model-checking for Probabilis tic Real-time Systems. In Pr o c e e di ngs of IC A LP’ 91 , volume 510 of LNCS , pages 115–136. Springer, 1991. [AC D92] R a jeev Alur, Costas Courcoub etis, and David L. D ill. V erifying Automata S p ecifications of Pro ba- bilistic Real-time Sy stems. I n R e al-Time: The ory and Pr actic e , volume 600 of LNCS , pages 28–44 . Springer, 1992. [ASB95] Adnan Aziz, Vigya n Sin gh al, and F elice Balarin. It Usually W orks: The T emporal Logic of Sto- chas tic Sy stems. In Pr o c e e dings of CA V’95 , volume 939 of LNCS , pages 155–165. Springer, 1995. PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 41 [BM05] Davide Bresol in and Angelo Montanari. A T ableau-based Decision Procedu re for Branching Time Interv al T emp oral Logic. In T ABLEAUX 2005. 14th Confer enc e on A utomatic R e asoning with Ana lytic T able aux and R el ate d Metho ds , volume 3702 of LNA I , pages 63–7 7. Springer, 2005. [BMS07] D a vide Bresolin, Angelo Montanari, and Pietro Sala. An Optimal T ableau-b ased D ecision Proce- dure for Prop ositional N eigh b ourho od Logic. I n ST ACS 2007. 24th International Symp osium on The or etic al Asp e cts of Computer Scienc e , 2007. t o app ear. [BRZ00] Rana Barua, Suman Roy , and Zhou Chaochen. Completeness of Neighbourho o d Logic. Journal of L o gic and Computation , 10(2):271–295 , 2000. [CK73] C. C. Chang and H. J. Keisler. Mo del The ory . North H olland, 197 3. The b o ok h as had more recent editions. [Dan98] Dang V an Hu ng. Mo delling and V erification of Biphase Mark Protocols in Duration Calculus Using PVS/DC − . In Pr o c e e dings of the 1998 International Confer enc e on A ppl ic ation of Concurr ency to System Design (CSD’98) , pages 88–98. IEEE Computer Society Press, Marc h 1998. [Dut95a] Brun o Dut ertre. On First-order I nterv al T emporal Logic. Rep ort CSD-TR-94-3, Department of Computer Science, Ro y al Hollow ay , Universit y of London, Egham, S u rrey TW20 0EX, England, 1995. A short versi on app eared as [Dut95b]. [Dut95b] Bruno Dutertre. On First Order Interv al T emporal Logic. In Pr o c e e dings of LICS’ 95 , p ages 36 –43. IEEE Computer Society Press, 1995. [DW9 6] Dang V an H ung and W ang Ji. On The Design of Hybrid Con trol Systems Using A utomata Models. In Pr o c e e dings of FST TCS 1996 , v olume 1180 of LNCS , p ages 156–1 67. Springer, 1996. [DZ99] Dang V an Hung and Zhou Chao chen. Probabilistic Duration Calculus for Contin uous Time. F ormal Asp e cts of Computing , 11(1):21–44 , 1999. [Gue98] Dimitar P . Guelev. Probabilis tic Interv al T emp oral Logic. T ec hnical Report 144, UN U/I IST, P .O.Bo x 3058, August 1998. Draft. [Gue00] Dimitar P . Guelev. Probabilis tic Neighbourho o d Logic. In Mathai Joseph, ed itor, Pr o c e e dings of FTR TFT 2000 , volume 1926, p ages 26 4–275. Springer, 2000. A proof-complete version is a va ilable as UNU /II ST T ec hnical Rep ort 196 from http://www.iist. unu.edu . [Gue01] Dimitar P . Guelev. Interv al-related Interpolation in Interv al T emp oral Logi cs. L o gic Journal of the IGPL , 9(5):677–685, 2001. Presented at I CTL 2000 , Leipzig, Oct ob er, 2000. [Gue04a] D imitar P . Guelev. A Complete Pro of System for First-order Interv al T emp oral Logic with Pro- jection. Journal of L o gic and Computation , 14(2):215–249, 2004. [Gue04b] Dimitar P . Guelev. Logical In terp olation and Pro jection on to State in th e Duration Calculus. Journal of Applie d Non-classic al L o gics, Sp e cial Issue on I nterval T emp or al L o gics and Dur ation Calculi , 14(1-2):185–21 3, 2004. Presen ted at the ESSLLI Workshop on Interval T emp or al L o gics and Dur ation Calculi , Vienna, August, 2003. [Gue04c] D imitar P . Guelev. Sharp ening the Incompleteness of the Duration Calculus. In Irek Ulidowski, editor, Pr o c e e dings of AR TS 2004 , volume ? of ENTCS . Elsevier Science, 2004. Presented at AR TS 2004, Stirling, UK. [He 99a] He Jifeng. A Behavioral Model for Co-design. In Pr o c e e dings of FM’99 , volume 1709 of LNCS , pages 1420–1438 . S pringer, 1999. [He 99b] He Jifeng. Integra ting V ariants of D C . Researc h Report 172, UN U/I IST, P .O.Box 3058, Macau, August 1999. [HS86] J. Y. Halpern and Y. Shoham. A Prop ositional Logic of Time In terv als. In Pr o c e e di ngs of LICS’86 , pages 279–292. IEEE Computer Society Press, 1986. [Hu 99] Hu Cheng jun. Pr o of T e chniques and T o ol s for Interval L o gics . Ph.D. thesis, Changsha Institute of T ec h nology , Changsha, China, 1999. (In Chinese). [HZ92] Michael R. Hansen and Zh ou Chaochen. Semantics and Completeness of Duration Calculus. In R e al-Time: T he ory and Pr actic e , volume 600 of LNCS , pages 209–225. Springer, 1992. [HZ97] Michael R. Hansen and Z h ou Chaochen. D u ration Calculus: Logical F oun dations. F ormal Asp e cts of Computing , 9:283–330, 1997. [IEE95] IEEE Computer So ciety. IEEE Standar d Har dwar e Description L anguage Base d on the V erilo g Har dwar e Description L anguage (IEEE std 1364-1995) . IEEE Computer So ciety Press, 1995 . [Jos95] Mathai Joseph. R e al -Ti me Systems . Prentice Hall, 1995. [KNP01] Marta Kwiatko wsk a, Gethin Norman, and David Park er. PRISM: Probabilistic symbolic mo del chec ker. In P . Kemp er, editor, Pr o c. T o ols Session of A achen 2001 International Multic onfer enc e 42 D. P . GUELEV on Me asur ement, Mo del ling and Evaluation of Computer-Communic ation Syst ems , pages 7–12, 2001. Av ailable as T echnical Rep ort 760/2001, Universit y of Dortmund. [LH99] Li Li and He Jifeng. A Denotational Semantics of Timed RSL u sing Duration Ca lculus. In Pr o- c e e dings of R TCSA’99 , p ages 492–503. IEEE Computer S o ciety Press, 1999 . [LRSZ93] L iu Zhiming, A. P . Ravn, E. V. Sørensen, and Zh ou Chao chen. A Probabilistic D u ration Calculus. In H. Kop etz and Y. Kakud a, editors, Dep endable Computing and F ault-toler ant Systems V ol. 7: R esp onsive Computer Systems , pages 30–5 2. Springer, 1993. [McM] Ken McMillan. SMV documentation postscript versions. URL: http://www -cad.eecs. berkeley. edu/~kenmcmil/psdoc.html . Accessed in F ebruary , 2002. [MO99] Markus M ¨ uller-Olm. A mo dal fixp oint logic with chop. In Pr o c e e dings of ST A CS’99 , volume 1563 of LNCS , p ages 510–512. Springer, 1999. [Mon] The MONA Pro ject. URL: http://www. brics.dk/~ mona/ . Main tained by Anders Mo \ ller. [Mos85] Ben Moszk o wski. T emporal Logic F or Mu ltilevel Reasoning Ab out Hardwa re. I EEE Computer , 18(2):10–1 9, 1985. [Mos86] Ben Moszk o wski. Exe cuting T emp or al L o gic Pr o gr ams . Cam bridge Universi ty Press, 1986. [P an] P aritosh K. P andya. D CV A LI D. A tool for mo delchec king Duration Calculus F orm u lae. URL: http://www .tcs.tifr. res.in/~p andya/dcvalid.html . [P an95] P aritosh K . Pandya . S ome ex tensions to Mean-V alue Calculus: Expressiveness and Decidabilit y. In Pr o c e e dings of CSL’ 95 , volume 1092 of LNCS , pages 434–451. Springer, 1995. [P an96] P aritosh K. Pandy a. W eak Chop Inv erses and Liveness in Mean-V alue Calculus. In Pr o c e e dings of FTR TFT’96 , volume 1135 of LNCS , pages 148–167. Springer, 1996. [P an01] P aritosh K. P andya. Model chec king CTL[DC] . I n Pr o c e e dings of T ACAS 2001 , volume 2031 of LNCS , pages 559–573. Springer, 2001 . [P an02] P aritosh K. P and ya. The saga of sync hronous bus arbiter: On mod el chec k ing quantita tive timing prop erties of synchronous programs. In Pr o c e e dings of SLAP’02 , vol ume 65(5) of ENTCS . Elsevier Science, 2002. [PD98] P aritosh K. P andya and Dan g V an Hu ng. Duration Calculus of W eakly Monotonic Time. In Pr o- c e e dings of FTR TFT’98 , volume 1486 of LNCS , pages 55–64. Springer, 1998. [PRI] PRISM: Probabilistic Sym b olic Model Chec ker. URL: http://www .cs.bham.a c.uk/~dxp/prism/ . Main tained by David P arke r. [PVS] PVS Sp ecification and V erification Sy stem. U RL: http://pvs.csl.sr i.com . Maintained by Sam Owre. [PWX98] P aritosh K. Pandya, W an g Hanping, and Xu Qiw en. T ow ards a Theory of Sequential H ybrid Programs. In D . Gries and W.-P . de Roever, editors, Pr o c e e di ngs of IFIP Working Confer enc e PROCOMET’98 , pages 336–384 . Chapman & Hall, 1998. [Rab98] Alexander Rabino vich. Non-elementary Lo w er Bound for Prop ositional Du ration Calculus. Infor- mation Pr o c essing L ette rs , 66:7– 11, 1998. [Ras02] Thomas M. Rasmussen. Interval L o gic - Pr o of The ory and The or em Pr oving . Ph .D . thesis, T echnical Universit y of Denmark, 2002. [RZ97] Suman Roy and Zhou Chaochen. Notes on N eigh b ourho od Logi c. T echnical Rep ort 97, UNU/I IST, P .O.Bo x 3058, F ebruary 1997. [SS94] J.U. Sk akkebæk and N. Shank ar. T o wards a Duration Calculus Proof A ssistan t in PV S. In Pr o- c e e dings of FTR TFT’94 , volume 863 of LNCS , p ages 660–6 79. Springer, 1994. [SX98] Gerardo Schneider and X u Qiwe n. T o w ards a F ormal Semantics of V erilog U sing Duration Calculus. In And ers P . Ravn and Hans Rischel, editors, Pr o c e e dings of FTR TFT’ 98 , volume 1486 of LNCS , pages 282–293. Springer, 1998. [T ri99] V ladimir T. T rifono v. A c ompleteness the or em for the pr ob abil i stic interval temp or al l o gic wi th r esp e ct to its standar d semantics . M.Sc. Thesis, Sofia Un ivers it y , July 1999. (In Bulgarian). [UPP] UPP AAL. URL: http://www.uppaa l.com . [V en91a] Yde V en ema. A Mod al Logi c fo r Chopping Interv als. Journal of L o gic and Computation , 1(4):453– 476, 1991. [V en91b] Yd e V enema. Many-Dimensional Mo dal L o gics . Ph.D. thesis, Universit y of Amsterdam, 1991. [WX04] W ang Hanpin and Xu Qiwe n. Completeness of T emp oral Logics o ver In finite Interv als. Discr ete Applie d Mathematics , 136(1):87– 103, 2004. PROBABILI STIC ITL AND DC WITH INFINITE INTER V ALS: COMPLETE PR OOF SYSTEMS 43 [ZDL95] Zh ou Chaoc hen, Dang V an Hun g, and Li Xiaoshan. A Duration Calculus with Infinite Interv als. In Horst Reic hel, editor, F undamentals of Computation The ory , vol ume 965 of LNC S , pages 16–41. Springer, 1995. [ZH98] Zhou Chaochen and Mic h ael R. Hansen. A n A dequate First O rder Interv al Logic. In International Symp osium, Comp ositionality - The Signific ant Differ enc e , volume 1536 of LNCS , pages 584–608 . Springer, 1998. [ZH04] Zhou Chaochen and Michael R. Hansen. Dur ation Calculus. A F ormal Appr o ach to R e al-Time Systems . Springer, 2004 . [ZHR91] Zhou Chao chen, C. A. R. Hoare, and Anders P . Ra vn. A Calculus of Du rations. Inf ormation Pr o c essing L etters , 40(5):269–276 , 1991. [ZHS93] Zhou Chaochen, Mic hael R. Hansen, and P . Sestoft. Decidabilit y and Un decidabilit y R esults for Duration Calculus. I n Pr o c e e di ngs of ST ACS’93 , volume 665 of LNCS , pages 58–68. Springer, 1993. [ZZ94] Zheng Y uhua and Zhou Chaochen. A F ormal Proof of a Deadline Driven S cheduler. In Pr o c e e dings of FTR TFT’94 , volume 863 of LNCS , pages 756–775. Springer, 1994. This work is lice nsed under the Creative Commons Attribution- NoDer ivs Licen se. T o view a copy of this license, visit http: //cre ativecommons.org/licenses/by-nd/2.0/ or sen d a letter to Creative Commons , 559 Nathan Abbott Wa y , Stanford, Califor nia 94305, USA.