The Bernays-Sch\"onfinkel-Ramsey Fragment with Bounded Difference Constraints over the Reals is Decidable
Marco Voigt

TL;DR
This paper proves that the satisfiability problem for a fragment of first-order linear real arithmetic with bounded difference constraints and uninterpreted predicates is decidable, extending the understanding of decidable logical fragments over the reals.
Contribution
It introduces a decidable fragment of first-order real arithmetic with bounded difference constraints and uninterpreted predicates, which was previously undecidable.
Findings
Decidability is achieved by bounding the ranges of universally quantified variables.
The fragment includes difference constraints over reals with bounded intervals.
Trivial instantiation procedures are insufficient due to infinite value ranges.
Abstract
First-order linear real arithmetic enriched with uninterpreted predicate symbols yields an interesting modeling language. However, satisfiability of such formulas is undecidable, even if we restrict the uninterpreted predicate symbols to arity one. In order to find decidable fragments of this language, it is necessary to restrict the expressiveness of the arithmetic part. One possible path is to confine arithmetic expressions to difference constraints of the form , where ranges over the standard relations and are universally quantified. However, it is known that combining difference constraints with uninterpreted predicate symbols yields an undecidable satisfiability problem again. In this paper, it is shown that satisfiability becomes decidable if we in addition bound the ranges of universally quantified variables. As bounded…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsLogic, Reasoning, and Knowledge · Advanced Topology and Set Theory · Constraint Satisfaction and Optimization
The Bernays–Schönfinkel–Ramsey Fragment
with Bounded Difference Constraints
over the Reals is Decidable
Marco Voigt
*Max Planck Institute for Informatics, Saarland Informatics Campus, Saarbrücken, Germany,
Saarbrücken Graduate School of Computer Science *
Abstract
First-order linear real arithmetic enriched with uninterpreted predicate symbols yields an interesting modeling language. However, satisfiability of such formulas is undecidable, even if we restrict the uninterpreted predicate symbols to arity one. In order to find decidable fragments of this language, it is necessary to restrict the expressiveness of the arithmetic part. One possible path is to confine arithmetic expressions to difference constraints of the form , where ranges over the standard relations and are universally quantified. However, it is known that combining difference constraints with uninterpreted predicate symbols yields an undecidable satisfiability problem again. In this paper, it is shown that satisfiability becomes decidable if we in addition bound the ranges of universally quantified variables. As bounded intervals over the reals still comprise infinitely many values, a trivial instantiation procedure is not sufficient to solve the problem.
1 Introduction
It has been discovered about half a century ago that linear arithmetic with additional uninterpreted predicate symbols has an undecidable satisfiability problem [15]. Even enriching Presburger arithmetic with only a single uninterpreted predicate symbol of arity one suffices to facilitate encodings of the halting problem for two-counter machines [5, 10]. These results do not change substantially when we use the reals as underlying domain instead of the integers. This means, in order to obtain a decidable subfragment of the combination of linear arithmetic with uninterpreted predicate symbols, the arithmetic part has to be restricted considerably. In this paper, two subfragments with a decidable satisfiability problem are presented. Both are based on the Bernays–Schönfinkel–Ramsey fragment (BSR) of first-order logic, which is the prefix class. Uninterpreted constant symbols and the distinguished equality predicate are allowed, non-constant function symbols are not. The arity of uninterpreted predicate symbols is not restricted. We extend BSR in two ways and call the obtained fragments BSR modulo simple linear real constraints (BSR(SLR)) and BSR modulo bounded difference constraints (BSR(BD)).
The first clause class—defined in Definition 1 and treated in detail in Section 4—adds constraints of the form , , and to BSR clauses, where and are real-valued variables that are implicitly universally quantified, and are linear arithmetic terms that are ground, and . We allow Skolem constants in the ground terms and . Since their value is not predetermined, they can be conceived as being existentially quantified. The constraints used in this clause fragment are similar to the kind of constraints that appear in the context of the array property fragment [4] and extensions thereof (see, e.g., [7, 9]). The main differences are that we use the real domain in this paper instead of the integer domain, and that we allow strict inequalities and disequations between universally quantified variables. In the presence of uninterpreted function symbols, strict inequality or disequations can be used to assert that some uninterpreted function is injective. This expressiveness prevents certain instantiation-based approaches to satisfiability checking from being applicable, e.g. the methods in [4, 9]. In the context of the array property fragment, this expressiveness even leads to undecidability.
The BSR(BD) clause class—presented in Definition 2 and in Section 5—adds constraints of the form , and to BSR clauses, where and are real-valued variables, could be any rational number, and ranges over again. We refer to constraints of the form as difference constraints. Already in the seventies, Pratt identified difference constraints and boolean combinations thereof as an important tool for the formalization of verification conditions [14]. Applications include the verification of timed systems and scheduling problems (see, e.g., [11] for references). As unrestricted combinations of uninterpreted predicate symbols with difference constraints lead to an undecidable satisfiability problem (once more, two-counter machines can be encoded in a simple way [17]), we have to further confine the language. Every difference constraint has to be conjoined with four additional constraints , , , , where are rationals. This restriction seems to weaken expressiveness severely. Indeed, it has to, since we aim for a decidable satisfiability problem. Yet, we show in Section 6 that BSR(BD) clause sets are expressive enough to formulate the reachability problem for timed automata. In [13] an encoding of the reachability problem for timed automata in difference logic (boolean combinations of difference constraints without uninterpreted predicate symbols) is given, which facilitates deciding bounded reachability, i.e. the problem of reaching a given set of states within a bounded number of transitions. When using BSR(BD) as a modeling language, we do not have to fix an upper bound on the number of steps a priori.
The main result of the present paper is that satisfiability of finite BSR(SLR) clause sets and finite BSR(BD) clause sets is decidable (Theorems 13 and 20), respectively. The proof technique is very similar for the two fragments. It is partially based on methods from Ramsey theory, which are briefly introduced in Section 3. The used approach may turn out to be applicable to other fragments of BSR modulo linear real arithmetic as well.
In order to facilitate smooth reading, long proofs are only sketched in the main text and presented in full in the appendix. The present paper is an extended version of [16].
2 Preliminaries and notation
Hierarchic combinations of first-order logic with background theories build upon sorted logic with equality [2, 3, 12]. We instantiate this framework with the BSR fragment and linear arithmetic over the reals as the base theory. The base sort shall always be interpreted by the reals . For simplicity, we restrict our considerations to a single free sort , which may be freely interpreted as some nonempty domain, as usual.
We denote by a countably infinite set of base-sort variables. Linear arithmetic (LA) terms are build from rational constants , etc., the operators , and the variables from . We moreover allow base-sort constant symbols whose values have to be determined by an interpretation (Skolem constants). They can be conceived as existentially quantified. As predicates over the reals we allow the standard relations .
In order to hierarchically extend the base theory by the BSR fragment, we introduce the free sort , a countably infinite set of free-sort variables, a finite set of free (uninterpreted) constant symbols of sort and a finite set of free predicate symbols equipped with sort information. Note that every predicate symbol in has a finite, nonnegative arity and can be of a mixed sort over the two sorts and , e.g. . We use the symbol to denote the built-in equality predicate on . To avoid confusion, we tacitly assume that no constant or predicate symbol is overloaded, i.e. they have a unique sort.
Definition 1** (BSR with simple linear real constraints—BSR(SLR)).**
A BSR(SLR) clause has the form , where , , are multisets of atoms satisfying the following conditions. (i) Every atom in is an LA constraint of the form or or where are ground (i.e. variable-free) LA terms, , and . (ii) Every atom in and is either an equation over free-sort variables and constant symbols, or a non-equational atom that is well sorted and where the range over base-sort variables, free-sort variables, and free-sort constant symbols.
Definition 2** (BSR with bounded difference constraints—BSR(BD)).**
A BSR(BD) clause has the form , where the multisets , satisfy Condition (ii) of Definition 1, and every atom in is an LA constraint of the form , , or where may be any rational constant (not a Skolem constant), , and . Moreover, we require that whenever contains a constraint of the form , then also contains constraints , , , and with .
We omit the empty multiset left of “” and denote it by right of “” (where at the same time stands for falsity). The introduced clause notation separates arithmetic constraints from the free first-order part. We use the vertical double bar “” to indicate this syntactically. Intuitively, clauses can be read as \bigl{(}\bigwedge\Lambda\wedge\bigwedge\Gamma\bigr{)}\to\bigvee\Delta, i.e. the multisets stand for conjunctions of atoms and stands for a disjunction of atoms. Requiring the free parts and of clauses to not contain any base-sort terms apart from variables does not limit expressiveness. Every base-sort term in the free part can safely be replaced by a fresh base-sort variable when an atomic constraint is added to the constraint part of the clause (a process known as purification or abstraction [2, 12]).
A (hierarchic) interpretation is an algebra which interprets the base sort as , assigns real values to all occurring base-sort Skolem constants and interprets all LA terms and constraints in the standard way. Moreover, comprises a nonempty domain , assigns to each free-sort constant symbol in a domain element , and interprets every sorted predicate symbol in by some set . Summing up, extends the standard model of linear arithmetic and adopts the standard approach to semantics of (sorted) first-order logics when interpreting the free part of clauses.
Given an interpretation and a sort-respecting variable assignment , we write to mean the value of the term under with respect to the variable assignment . The variables occurring in clauses are implicitly universally quantified. Therefore, given a clause , we call a (hierarchic) model of , denoted , if and only if holds for every variable assignment . For clause sets , we write if and only if holds for every clause . We call a clause (a clause set ) satisfiable if and only if there exists a model of (of ). Two clauses (clause sets ) are equisatisfiable if and only if () is satisfiable whenever () is satisfiable and vice versa.
Given a BSR(SLR) or BSR(BD) clause , we use the following notation: the set of all constant symbols occurring in is denoted by . The set () is the restriction of to base-sort (free-sort) constant symbols. We denote the set of all variables occurring in a clause by . The same notation is used for sets of clauses.
Definition 3** (Normal form of BSR(SLR) and BSR(BD) clauses).**
A BSR(SLR) or BSR(BD) clause is in normal form if (1) all non-ground atoms in have the form , , or where is a rational constant or a Skolem constant, and (2) every variable that occurs in also occurs in or in . A BSR(SLR) or BSR(BD) clause set is in normal form if all clauses in are in normal form and pairwise variable disjoint. Moreover, we assume that contains at least one free-sort constant symbol.
For BSR(SLR) clause sets, we pose the following additional requirement. can be divided into two parts and such that (a) every clause in has the form where is a Skolem constant and is some ground LA term, and (b) any ground atom in any constraint part in any clause in is such that and are constants (Skolem or rational, respectively).
For every BSR(SLR) clause set there is an equisatisfiable BSR(SLR) clause set in normal form. The same holds for BSR(BD) clause sets. Requirement (2) can be established by any procedure for eliminating existentially quantified variables in LA constraints (see, e.g., [6]). Establishing the other requirements is straightforward.
For two sets we write if holds for all and . Given a real , we denote the integral part of by , i.e. is the largest integer for which . By we denote the fractional part of , i.e. . Notice that is always nonnegative, e.g. , whereas . Given any tuple of reals, we write to mean the corresponding tuple of fractional parts, i.e. \text{fr}\bigl{(}\langle r_{1},\ldots,r_{\mu}\rangle\bigr{)}:=\bigl{\langle}\text{fr}(r_{1}),\ldots,\text{fr}(r_{\mu})\bigr{\rangle}. We use the notation in a component-wise fashion as well.
We write to address the set for any positive integer . Finally, denotes the power set operator, i.e. for any set , denotes the set of all subsets of .
3 Basic tools from Ramsey theory
In this section we establish two technical results based on methods usually applied in Ramsey theory. We shall use these results later on to prove the existence of models of a particular kind for BSR(SLR) or BSR(BD) clause sets that are finite and satisfiable. These models meet certain uniformity conditions. In order to construct them, we rely on the existence of certain finite subsets of that are used to construct prototypical tuples of reals. These finite subsets, in turn, have to behave nicely as well, since tuples that are not distinguishable by BSR(SLR) or BSR(BD) constraints are required to have certain uniformity properties.
A tuple is called ascending if . A coloring is a mapping for some arbitrary set and some finite set . For the most basic result of this section (Lemma 4), we consider an arbitrary coloring of -tuples of real numbers and stipulate the existence of a finite subset of a given cardinality such that all ascending -tuples of elements from are assigned the same color by .
Lemma 4**.**
Let be positive integers. Let be some coloring. For every set of sufficient size (either infinite or finite with sufficiently many elements) there exists a subset of cardinality such that all ascending tuples are assigned the same color by .
adaptation of the proof of Ramsey’s Theorem on page 7 in [8].
For the lemma is trivially satisfied, since in this case cannot contain ascending tuples. Hence, we assume . In order to avoid technical difficulties when defining the sequence of elements below, we assume for the rest of the proof that is finite but sufficiently large. This assumption does not pose a restriction, as we can always consider a sufficiently large subset of .
We proceed by induction on . The base case is easy, since can assign only finitely many colors to elements in and thus some color must be assigned at least \bigl{\lfloor}\tfrac{|R|}{|\mathcal{C}|}\bigr{\rfloor} times. Hence, if contains at least elements, we find a uniformly colored subset of size . Suppose . At first, we pick the smallest reals from and set . Thereafter, we simultaneously construct two sufficiently long but finite sequences and as follows:
Given , we define to be the smallest real in .
Given and the element , we define an equivalence relation on the set so that holds if and only if for every sequence of indices with , we have . This equivalence relation partitions into at most equivalence classes. We choose one such class with largest cardinality to be .
By construction of the sequence , we must have for every sequence of indices and all indices . Please note that this covers all ascending -tuples in starting with , i.e. they all share the same color. We now define a new coloring so that for every sequence of indices (in case of being the index of the last element in the sequence , shall be an arbitrary color from ). By induction, there exists a subset of cardinality , such that every ascending -tuple is colored the same by . The definition of entails that now all ascending -tuples are colored the same by . Hence, is the sought set. ∎
Based on Lemma 4, one can derive similar results for more structured ways of coloring tuples of reals. One such result is given in the next lemma. Its proof can be found in the appendix.
Lemma 5**.**
Let be positive integers, let be a nonnegative integer and let be an arbitrary coloring. Let be sufficiently large but finite subsets of . Let be fixed reals. Let be some enumeration of all mappings for which with entails . There exist subsets , each of cardinality , such that for all ascending tuples and the reals and every index , , we have \chi\bigl{(}r_{\varrho_{j}(1)},\ldots,r_{\varrho_{j}(m)}\bigr{)}=\chi\bigl{(}r^{\prime}_{\varrho_{j}(1)},\ldots,r^{\prime}_{\varrho_{j}(m)}\bigr{)}.
4 Decidability of satisfiability for BSR(SLR) clause sets
For the rest of this section we fix two positive integers and some finite BSR(SLR) clause set in normal form. For the sake of simplicity, we assume that all uninterpreted predicate symbols occurring in have the sort . This assumption does not limit expressiveness, as the arity of a predicate symbol can easily be increased in an (un)satisfiability-preserving way by padding the occurring atoms with additional arguments. For instance, every occurrence of atoms can be replaced with for some fresh variable that is added sufficiently often as argument.
Given the BSR(SLR) clause set , every interpretation induces a partition of into finitely many intervals: the interpretations of all the rational and Skolem constants occurring in yield point intervals that are interspersed with and enclosed by open intervals.
Definition 6** (-induced partition of ).**
Let be an interpretation and let be all the values in the set in ascending order. By we denote the following partition of :
{\mathcal{J}_{\mathcal{A}}}:=\bigl{\{}(-\infty,r_{1}),[r_{1},r_{1}],(r_{1},r_{2}),[r_{2},r_{2}],\ldots,(r_{k-1},r_{k}),[r_{k},r_{k}],(r_{k},+\infty)\bigr{\}}.
The idea of the following equivalence is that equivalent tuples are indistinguishable by the constraints that we allow in the BSR(SLR) clause set .
Definition 7** (-equivalence, ).**
Let be an interpretation and let be a positive integer. We call two -tuples -equivalent if
(i) for every and every , , we have if and only if and
(ii) for all , we have if and only if .
The induced equivalence relation on tuples of positive length is denoted by .
For every positive the relation induces only finitely many equivalence classes on the set of all -tuples over the reals. We intend to show that, if is satisfiable, then there is some model for which does not distinguish between different -equivalent tuples. First, we need some notion that reflects how the interpretation treats a given tuple . This role will be taken by the coloring , which maps to a set of expressions of the form , where is some predicate symbol occurring in and is an -tuple of domain elements from . The presence of in the set indicates that interprets in such a way that contains the pair . In this sense, comprises all the relevant information that contains regarding the tuple .
Definition 8** (-coloring ).**
Given an interpretation , let \widehat{\mathcal{S}}:=\{{a}\in\mathcal{S}^{\mathcal{A}}\mid\text{{a}=c^{\mathcal{A}}c\in} be the set of all domain elements assigned to free-sort constant symbols by . The -coloring of is the mapping
\chi_{\mathcal{A}}:\mathbb{R}^{m}\to\mathcal{P}\{P\bar{a}\mid\text{\bar{a}\in\widehat{\mathcal{S}}^{m^{\prime}}PN}\}
defined such that for every we have if and only if .
Having the coloring at hand, it is easy to formulate a uniformity property for a given interpretation . Two tuples are treated uniformly by , if the colors and agree. Put differently, does not distinguish from .
Definition 9** (-uniform interpretation).**
An interpretation is -uniform if colors each and every -equivalence class uniformly, i.e. for all -equivalent tuples we have .
We next show that there exists a -uniform model of , if is satisfiable. Since such a model does not distinguish between -equivalent -tuples, and as there are only finitely many equivalence classes induced by , only a finite amount of information is required to describe . This insight will give rise to a decision procedure that nondeterministically guesses how each and every equivalence class shall be treated by the uniform model.
Given some model of , the following lemma assumes the existence of certain finite sets with a fixed cardinality which are subsets of the open intervals in . All -equivalent -tuples that can be constructed from the reals belonging to the are required to be colored identically by . The existence of the is the subject of Lemma 11.
Lemma 10**.**
Let be the maximal number of distinct base-sort variables in any single clause in . In case of , we set . Let be a model of . Let be an enumeration of all open intervals in sorted in ascending order, i.e. . Suppose we are given a collection of finite sets possessing the following properties:
(i) and for every , .
(ii) Let . For all -equivalent -tuples we have .
Then we can construct a model of that is -uniform and that interprets the free sort as a finite set.
Proof sketch.
Claim I: Let be a positive integer with . Every -equivalence class over contains some representative lying in .
Let denote the set \{{a}\in\mathcal{S}^{\mathcal{A}}\mid\text{{a}=c^{\mathcal{A}}c\in\text{{fconsts}}(N)}\}. We construct the interpretation as follows: ; for every constant symbol ; for every uninterpreted predicate symbol and for all tuples and we pick some tuple with , and we define so that if and only if . By construction, is -uniform.
It remains to show . Consider any clause in and let be any variable assignment ranging over . Starting from , we derive a special variable assignment as follows. Let be all base-sort variables in . By Claim I, there is some tuple such that \langle q_{1},\ldots,q_{\ell}\rangle\sim_{\mathcal{J}_{\mathcal{A}}}\bigl{\langle}\beta(x_{1}),\ldots,\beta(x_{\ell})\bigr{\rangle}. We set for every . For all other base-sort variables, can be defined arbitrarily. For every free-sort variable we set .
As is a model of , we get . By case distinction on why holds, one can infer . Consequently, . ∎
In order to show that uniform models always exist satisfiable clause sets , we still need to prove the existence of the sets mentioned in Lemma 10. We use Lemma 5 to show this.
Lemma 11**.**
Let be an interpretation. Moreover, let be all reals in in ascending order and let be all open intervals in in ascending order, i.e. . Let be a positive integer. There is a collection of finite sets such that the following requirements are met.
(i) For every , , we have and .
(ii) Let . For all -equivalent -tuples we have .
Proof sketch.
Let the sets be the that we obtain by virtue of Lemma 5 when we set , , , . Requirement (i) is obviously satisfied for .
One can show that for every equivalence class there is some mapping such that
- (1)
whenever with then , and 2. (2)
for all ascending tuples
;
we have , and 3. (3)
for every tuple there exist ascending tuples defined as in (2) such that .
Consider any . By (2), can be written in the form for appropriate values and can be represented in the form for appropriate . Lemma 5 entails . ∎
Lemmas 10 and 11 together entail the existence of some -uniform model with a finite free-sort domain , if is satisfiable.
Corollary 12**.**
If has a model, then it has a model that is -uniform and that interprets the sort as some finite set.
Given any interpretation , the partition of the reals is determined by the rational constants in and by the values that assigns to the base-sort Skolem constants in . Let be all the base-sort Skolem constants in . If we are given some mapping , then induces a partition , just as induces . We can easily verify whether has a model that is compatible with (i.e. assigns the same values to ) and that is -uniform. Due to the uniformity requirement, there is only a finite number of candidate interpretations that have to be checked.
Consequently, in order to show decidability of the satisfiability problem for finite BSR(SLR) clause sets in normal form, the only question that remains to be answered is whether it is sufficient to consider a finite number of assignments of real values to the Skolem constants in . Recall that since is in normal form, we can divide into two disjoint parts and such that all ground LA terms occurring in are either (Skolem) constants or rationals. Moreover, every clause in constitutes a definition of some Skolem constant . As far as the LA constraints occurring in are concerned, the most relevant information regarding the interpretation of Skolem constants is their ordering relative to one another and relative to the occurring rationals. This means, the clauses in cannot distinguish two assignments if
(a) for every Skolem constant and every rational occurring in we have (a.1) if and only if , and (a.2) if and only if , and
(b) for all we have that if and only if .
This observation leads to the following nondeterministic decision procedure for finite BSR(SLR) clause sets in normal form:
- (1)
Nondeterministically fix a total preorder (reflexive and transitive) on the set of all base-sort Skolem constants and rational constants occurring in .
Define a clause set that enforces for base-sort Skolem constants, i.e. N_{\preceq}:=\bigl{\{}c>c^{\prime}\,\|\rightarrow\Box\bigm{|}c\preceq c^{\prime}\text{, either cc^{\prime} or both are Skolem constants}\bigr{\}}. 2. (2)
Check whether there is some mapping such that is a solution for the clauses in . (This step relies on the fact that linear arithmetic over existentially quantified variables is decidable.) 3. (3)
If such an assignment exists, define an interpretation as follows.
- (3.1)
Nondeterministically define to be some subset of , i.e. use a subset of the Herbrand domain with respect to the free sort . 2. (3.2)
For every nondeterministically pick some and set . 3. (3.3)
Set for every . 4. (3.4)
For every uninterpreted predicate symbol occurring in nondeterministically define the set in such a way that is -uniform. 4. (4)
Check whether is a model of .
Theorem 13**.**
Satisfiability of finite BSR(SLR) clause sets is decidable.
5 Decidability of satisfiability for BSR(BD) clause sets
Similarly to the previous section, we fix some finite BSR(BD) clause set in normal form for the rest of this section, and we assume that all uninterpreted predicate symbols occurring in have the sort . Moreover, we assume that all base-sort constants in are integers. This does not lead to a loss of generality, as we could multiply all rational constants with the least common multiple of their denominators to obtain an equisatisfiable clause set in which all base-sort constants are integers. We could even allow Skolem constants, if we added clauses stipulating that every such constant is assigned a value that is (a) an integer and (b) is bounded from above and below by some integer bounds. For the sake of simplicity, however, we do not consider Skolem constants here.
Our general approach to decidability of the satisfiability problem for finite BSR(BD) clause sets is very similar to the path taken in the previous section. Due to the nature of the LA constraints in BSR(BD) clause sets, the employed equivalence relation characterizing indistinguishable tuples has to be a different one. In fact, we use one equivalence relation on the unbounded space and another equivalence relation on the subspace for some positive integer . Our definition of the relations and is inspired by the notion of clock equivalence used in the context of timed automata (see, e.g., [1]).
Definition 14** (bounded region equivalence ).**
Let be a positive integer. We define the equivalence relation on such that we get if and only if the following conditions are met:
(i) For every we have , and if and only if .
(ii) For all we have if and only if .
The relation induces only a finite number of equivalence classes over . Over , on the other hand, an analogous equivalence relation would lead to infinitely many equivalence classes. In order to overcome this problem and obtain an equivalence relation over that induces only a finite number of equivalence classes, we use the following compromise.
Definition 15** (unbounded region equivalence ).**
Let be a positive integer. We define the equivalence relation on in such a way that
holds if and only if
(i) for every either and , or and , or the following conditions are met: (i.i) and (i.ii) if and only if , and (ii) for all
(ii.i) if or , then if and only if ,
(ii.ii) if , then if and only if .
Obviously, the equivalence relations and coincide on the subspace . Over the relation constitutes a proper refinement of . Figure 1 depicts the equivalence classes induced by and in a two-dimensional setting for . We need both relations in our approach.
Definition 16** (-uniform and -uniform interpretations).**
Let be a positive integer. Consider a interpretation . We call -uniform if its corresponding coloring (cf. Definition 8) colors each -equivalence class over uniformly, i.e. for all tuples with we have . We call -uniform if colors each -equivalence class over uniformly.
The parameter will be determined by the base-sort constant in with the largest absolute value. If is defined in this way, one can show that the LA constraints occurring in cannot distinguish between two -equivalent -tuples of reals. This observation is crucial for the proof of Lemma 17.
In order to prove the existence of -uniform models for satisfiable , we start from some model of and rely on the existence of a certain finite set of fractional parts. This set can be extended to a set by addition of the fractional parts in with integral parts from the range . Hence, contains reals. We assume that all -equivalent tuples from are treated uniformly by . Put differently, we require . We choose to formulate this requirement with respect to because of the more regular structure of its equivalence classes, which facilitates a more convenient way of invoking Lemma 4. Due to the fact that constitutes a refinement of on the subspace , and since for every -equivalence class over there is some -equivalence class such that , we can use the color of representative -tuples constructed from to serve as a blueprint when constructing a -uniform model .
Lemma 17**.**
Let be the maximal number of distinct base-sort variables in any single clause in ; in case of , we set . Let be a model of . Let be the maximal absolute value of any rational occurring in ; in case this value is zero, we set . Suppose we are given a finite set of cardinality such that and for all tuples , entails , where
\widehat{Q}:=\bigl{\{}q+k\bigm{|}q\in Q\text{ and }k\in\{-\kappa-1,\ldots,0,\ldots,\kappa\}\bigr{\}}.
Then we can construct a model of that is -uniform and that interprets the free sort as a finite set.
Proof sketch.
The construction of from is similar to the construction of uniform models outlined in the proof of Lemma 10.
Claim I: Let be a positive integer with . For every -equivalence class over and every there is some such that and for all with and and we have .
Let denote the set \{{a}\in\mathcal{S}^{\mathcal{A}}\mid\text{{a}=c^{\mathcal{A}}c\in\text{{fconsts}}(N)}\}. We construct the interpretation as follows: ; for every constant symbol ; for every uninterpreted predicate symbol occurring in and for all tuples and we pick some tuple in accordance with Claim I—i.e. satisfies —and define in such a way that if and only if .
Claim II: The interpretation is -uniform.
It remains to show . We use the same approach as in the proof for Lemma 10, this time based on the equivalence relation instead of . ∎
We employ Lemma 4 to prove the existence of the set used in Lemma 17.
Lemma 18**.**
Let be an interpretation and let be positive integers with . There exists a finite set of cardinality such that and for all tuples , entails , where
\widehat{Q}:=\bigl{\{}q+k\bigm{|}q\in Q\text{ and }k\in\{-\kappa-1,\ldots,0,\ldots,\kappa\}\bigr{\}}.
Proof sketch.
One can show that every -equivalence class over can be represented by a pair of mappings and such that
(i) for any ascending tuple with we have \bigl{\langle}r_{\varrho(1)}+\sigma(1),\ldots,r_{\varrho(m)}+\sigma(m)\bigr{\rangle}\in S, and
(ii) for every tuple there is an ascending tuple with such that \bigl{\langle}s_{1},\ldots,s_{m}\bigr{\rangle}=\bigl{\langle}r_{\varrho(1)}+\sigma(1),\ldots,r_{\varrho(m)}+\sigma(m)\bigr{\rangle}.
Having an enumeration of pairs of such mappings in which every -equivalence class over is represented, we construct a coloring \widehat{\chi}:\mathbb{R}^{m}\to\bigl{(}\mathcal{P}\{P_{i}\bar{a}\mid\text{\bar{a}\in\widehat{\mathcal{S}}^{m^{\prime}}P_{i}N}\}\bigr{)}^{k} by setting
[TABLE]
for every tuple , where we define to be [math]. By virtue of Lemma 4, there is a set of cardinality such that all ascending tuples are assigned the same color by . Then is the sought set. ∎
Lemmas 17 and 18 together entail the existence of -uniform models for finite satisfiable BSR(BD) clause sets, where is defined as in Lemma 17.
Corollary 19**.**
Let be defined as in Lemma 17. If is satisfiable, then it has a model that is -uniform and that interprets the sort as some finite set.
By virtue of Corollary 19, we can devise a nondeterministic decision procedure for finite BSR(BD) clause sets . We adapt the decision procedure for BSR(SLR) as follows. Since base-sort Skolem constants do not occur in , Steps (1), (2), and 3(3.3) are skipped. Moreover, Step 3(3.4) has to be modified slightly. The interpretations of uninterpreted predicate symbols need to be constructed in such a way that the candidate interpretation is -uniform for \kappa:=\max\bigl{(}\{1\}\cup\{|c|\bigm{|}c\in\text{{bconsts}}(N)\}\bigr{)}.
Theorem 20**.**
Satisfiability of finite BSR(BD) clause sets is decidable.
6 Formalizing reachability for timed automata
In this section we show that reachability for timed automata (cf. [1]) can be formalized using finite BSR(BD) clause sets. In what follows, we fix a finite sequence of pairwise distinct clock variables that range over the reals. For convenience, we occasionally treat as a set and use set notation such at , , and . A clock constraint over is a finite conjunction of LA constraints of the form true, , or , where , is an integer and . We denote the set of all clock constraints over by . A timed automaton is a tuple , where Loc is a finite set of locations; is the initial location; is a family of clock constraints from where each describes the invariant at location ; is the location transition relation within the automaton, including guards with respect to clocks and the set of clocks that are being reset when the transition is taken.
Although the control flow of a timed automaton is described by finite means, the fact that clocks can assume uncountably many values yields an infinite state space, namely, . Transitions between states fall into two categories:
delay transitions with for some and
; and
location transitions for some with ,
, and .
The operation is defined by setting for every , and means that for every and for every .
In [6] Fietzke and Weidenbach present an encoding of reachability for a given timed automaton in terms of first-order logic modulo linear arithmetic.
Definition 21** (FOL(LA) encoding of a timed automaton, [6]).**
Given a timed automaton , the FOL(LA) encoding of is the following clause set , where Reach is a -ary predicate symbol:
the initial clause \bigwedge_{x\in\bar{x}}x=0\;\;\wedge\;\;\text{{inv}}_{\ell_{0}}[\bar{x}]\;\bigm{\|}\;\rightarrow\text{{Reach}}(\ell_{0},\bar{x});
delay clauses
\bigm{\|}\;\text{{Reach}}(\ell,\bar{x})\rightarrow\text{{Reach}}(\ell,\bar{x}^{\prime})
for every location ;
[TABLE]
Corollary 4.3 in [6] states that for any model of , every location , and every tuple we have if and only if can reach the state from its initial configuration.
Given any clock constraint and some location , the timed automaton can reach at least one of the states with from its initial configuration if and only if the clause set N_{\mathbf{A}}\cup\bigl{\{}\psi[\bar{x}]\,\|\,\text{{Reach}}(\ell,\bar{x})\rightarrow\Box\bigr{\}} is unsatisfiable (cf. Proposition 4.4 in [6]).
Next, we argue that the passage of time does not have to be formalized as a synchronous progression of all clocks. Instead, it is sufficient to require that clocks progress in such a way that their valuations do not drift apart excessively.
Lemma 22**.**
Consider any delay clause
C:=\quad z\geq 0\;\;\wedge\;\;\bigwedge_{x\in\bar{x}}x^{\prime}=x+z\;\;\wedge\;\;\text{{inv}}_{\ell}[\bar{x}^{\prime}]\;\bigm{\|}\;\text{{Reach}}(\ell,\bar{x})\rightarrow\text{{Reach}}(\ell,\bar{x}^{\prime})
that belongs to the FOL(LA) encoding of some timed automaton . Let be some positive integer. Let be a finite clause set corresponding to the following formula
[TABLE]
For every -uniform interpretation we have for all tuples if and only if holds for all tuples .
Our approach to decidability of BSR(BD)-satisfiability exploits the observation that the allowed constraints cannot distinguish between tuples from one and the same equivalence class with respect to , which induces only a finite number of such classes. Decidability of the reachability problem for timed automata can be argued in a similar fashion, using a suitable equivalence relation on clock valuations [1]. We refer to the induced classes of indistinguishable clock valuations over , which are induced by a given timed automaton , as TA regions of .
In order to decide reachability for , it is sufficient to consider a bounded subspace of . More precisely, there exists a computable integer , depending on the number of clocks and the constants occurring in clock constraints in , such that any valuation of ’s clocks can be projected to some valuation that cannot distinguish from (see Section A.4). In the subspace , ’s TA regions coincide with (finite unions of) equivalence classes with respect to . In fact, the quotient constitutes a refinement of the division of into TA regions. Since any pair with for some TA region is reachable if and only if all pairs with are reachable, any minimal model of the encoding is -uniform (where minimality of refers to the minimality of the set with respect to set inclusion). This is why Lemma 22 may focus on -uniform models.
Theorem 23**.**
The reachability problem for a given timed automaton can be expressed in terms of satisfiability of a finite BSR(BD) clause set.
Appendix A Appendix
A.1 Details Concerning Section 3
Proof of Lemma 5
We start with two auxiliary results.
Lemma 24**.**
Let be positive integers and let be an arbitrary coloring. Let be sufficiently large but finite subsets of .
There exist subsets , each of cardinality , such that for all ascending tuples the colors are the same.
adaptation of the proof of Theorem 5 on page 113 in [8].
As in the proof of Lemma 4, we assume . We proceed by induction on .
The case is covered by Lemma 4.
Suppose . We define an equivalence relation on the set so that holds if and only if for all ascending tuples the colors \chi\bigl{(}\bar{r}_{1},\ldots,\bar{r}_{p-1},\bar{s}\bigr{)} and \chi\bigl{(}\bar{r}_{1},\ldots,\bar{r}_{p-1},\bar{s}^{\prime}\bigr{)} are identical. This equivalence relation partitions into at most equivalence classes. It thus induces a coloring of with one color for each equivalence class.
By virtue of Lemma 4, we can construct a subset with elements such that all ascending -tuples are colored identically by .
Let the coloring be defined by for some fixed ascending -tuple . By induction, we find subsets , each containing elements, such that for all ascending -tuples the colors are identical.
But then the definition of and entail that the sets satisfy the requirements posed by the lemma. ∎
Recall that we write to address the set for any positive integer .
Lemma 25**.**
Let be positive integers, let be a nonnegative integer and let be an arbitrary coloring. Let be sufficiently large but finite subsets of . Let be fixed reals. Let be some mapping such that with implies .
There exist subsets , each of cardinality , such that for all ascending tuples
[TABLE]
and the reals the colors are the same.
Proof.
We again assume . We define a new coloring by
[TABLE]
for every -tuple with ascending . By Lemma 24, there exist subsets , each with elements, such that for all ascending tuples the colors are the same. By definition of , the sets satisfy the requirements of the lemma. ∎
Now we have the right tools at hand to prove Lemma 5
Lemma**.**
Let be positive integers, let be a nonnegative integer and let be an arbitrary coloring. Let be sufficiently large but finite subsets of . Let be fixed reals. Let be some enumeration of all mappings for which with entails . There exist subsets , each of cardinality , such that for all ascending tuples and the reals and every index , , we have
\chi\bigl{(}r_{\varrho_{j}(1)},\ldots,r_{\varrho_{j}(m)}\bigr{)}=\chi\bigl{(}r^{\prime}_{\varrho_{j}(1)},\ldots,r^{\prime}_{\varrho_{j}(m)}\bigr{)}.
Proof.
We again assume . We construct sequences of subsets for every , , such that
- •
, and
- •
is a subset of sufficient cardinality that is constructed by application of Lemma 25 for , i.e. for all ascending tuples
[TABLE]
the colors are the same.
Then the sets are the sought . ∎
A.2 Details Concerning Section 4
Proof of Lemma 10
Lemma**.**
Let be the maximal number of distinct base-sort variables in any single clause in but at least , i.e. \lambda:=\max\bigl{(}\{m\}\cup\bigl{\{}|\text{{vars}}(C)\cap V_{\mathcal{R}}|\bigm{|}C\in N\bigr{\}}\bigr{)}. Let be a model of . Let be an enumeration of all open intervals in so that . Suppose we are given a collection of finite sets possessing the following properties,
- (i)
and for every , . 2. (ii)
Let . For all -equivalent -tuples we have .
Then we can construct a model of that is -uniform and that interprets the free sort as a finite set. Moreover, interprets all constant symbols in exactly as does.
Proof.
Claim I: Let , be a positive integer. For each of the finitely many equivalence classes in , we find a representative lying in .
Proof: Given an equivalence class , we define the following ascending sequences for every , ,
- •
, where the values are the reals in that stem from , enumerated in ascending order, and
- •
, which comprises all reals in in ascending order.
In every we find distinct reals.
We can now construct a tuple by setting
[TABLE]
for every , . Clearly, and are -equivalent.
We construct the interpretation as follows, where denotes the set \{{a}\in\mathcal{S}^{\mathcal{A}}\mid\text{{a}=c^{\mathcal{A}} for some} :
- •
,
- •
for every constant symbol occurring in we set ,
- •
for every uninterpreted predicate symbol occurring in and for all tuples and we pick some tuple which is -equivalent to , and we define so that
[TABLE]
Claim II: The interpretation is -uniform.
Proof: By construction of and by requirement (ii).
We next show . Consider any clause in and let be any variable assignment ranging over . Starting from , we derive a special variable assignment as follows. Let be an enumeration of all base-sort variables in . By Claim I, there is some tuple such that \langle q_{1},\ldots,q_{\lambda_{C}}\rangle\sim_{\mathcal{J}_{\mathcal{A}}}\bigl{\langle}\beta(x_{1}),\ldots,\beta(x_{\lambda_{C}})\bigr{\rangle}. We define for every , . For all other base-sort variables, can be defined arbitrarily. For every free-sort variable we set . We observe
(*)\qquad\bigl{\langle}\beta(x_{1}),\ldots,\beta(x_{\lambda_{C}})\bigr{\rangle}\sim_{\mathcal{J}_{\mathcal{B}}}\bigl{\langle}\widehat{\beta}_{C}(x_{1}),\ldots,\widehat{\beta}_{C}(x_{\lambda_{C}})\bigr{\rangle}.
As is a model of , we get . By case distinction on why holds, we can infer .
Case for some atomic LA constraint in , where are constant symbols or base-sort variables. Since and interpret constant symbols in the same way and due to , we conclude .
Case for some free-sort equation . In this case, and are either variables or constant symbols of the free sort, which means they do not contain subterms of the base sort. Since and behave identical on free-sort constant symbols and for every variable , we have .
Case for some . Analogous to the above case, we get .
Case for some non-equational atom
. This translates to
\bigl{\langle}\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{m^{\prime}}),\mathcal{A}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\not\in P^{\mathcal{A}}.
By definition of , we have for every , . Therefore, and by construction of ,
\bigl{\langle}\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{m^{\prime}}),\mathcal{A}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\not\in P^{\mathcal{B}}.
We observe the following properties:
- •
We have for every , , due to the definition of and .
- •
Since and interpret constant symbols in the same way, we get for every , .
- •
The definition of entails that \bigl{\langle}\mathcal{B}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{B}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle} and
\bigl{\langle}\mathcal{B}(\beta)(t_{1}),\ldots,\mathcal{B}(\beta)(t_{m})\bigr{\rangle} are -equivalent.
The first two observations imply
\bigl{\langle}\mathcal{B}(\beta)(t^{\prime}_{1}),\ldots,\mathcal{B}(\beta)(t^{\prime}_{m^{\prime}}),\mathcal{B}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{B}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\not\in P^{\mathcal{B}}.
Due to this result and the fact that is -uniform (Claim II), the third observation leads to \bigl{\langle}\mathcal{B}(\beta)(t^{\prime}_{1}),\ldots,\mathcal{B}(\beta)(t^{\prime}_{m^{\prime}}),\mathcal{B}(\beta)(t_{1}),\ldots,\mathcal{B}(\beta)(t_{m})\bigr{\rangle}\not\in P^{\mathcal{B}}.
Put differently, we have .
Case for some non-equational atom . Analogous to the previous case we can infer .
Altogether, we have shown . ∎
Proof of Lemma 11
As an auxiliary result, we first show a correspondence between the equivalence classes with respect to and mappings .
Lemma 26**.**
Let be an interpretation. Let be an enumeration of all point intervals in such that and let be an enumeration of all open intervals in such that . Let be any equivalence class with respect to . There is a mapping such that
- (i)
whenever with then , and 2. (ii)
for all ascending tuples
[TABLE]
we have , and 3. (iii)
for every tuple there exist ascending tuples defined as in (ii) such that .
Proof.
Let be some representative taken from , i.e. . Given , we construct possibly empty sequences , such that every with lists all elements of in ascending order that lie in , and every with contains exactly the value . We construct the mapping in such a way that holds if and only if .
Let be tuples of reals chosen in accordance with requirement (ii). It is easy to verify that is -equivalent to , i.e. belongs to .
In order to show (iii), we construct the tuples from in the same way we have constructed the from when constructing in the beginning of this proof. In addition, we pad them with suitable values from the respective intervals to reach the length for every tuple. ∎
We can now prove Lemma 11.
Lemma**.**
Let be an interpretation. Let be an enumeration of all point intervals in such that and let be an enumeration of all open intervals in such that . Let be a positive integer. There is a collection of finite sets such that the following requirements are met.
- (i)
For every , , it holds and . 2. (ii)
Let . For all -equivalent -tuples we have .
Proof.
Let the sets be the that we obtain by virtue of Lemma 5 when we set , , , .
Requirement (i) is obviously satisfied for .
By Lemma 26, the equivalence class to which any two given -equivalent tuples belong corresponds to some mapping . Part (ii) of Lemma 26 states that can be written in the form for appropriate values and can be represented in the form for appropriate . We then know by Lemma 5 that . ∎
A.3 Details Concerning Section 5
Proof of Lemma 17
Lemma**.**
Let \lambda:=\max\bigl{(}\{m\}\cup\bigl{\{}|\text{{vars}}(C)\cap V_{\mathcal{R}}|\bigm{|}C\in N\bigr{\}}\bigr{)}. Let be a model of and let \kappa:=\max\bigl{(}\{1\}\cup\{|c|\bigm{|}c\in\text{{bconsts}}(N)\}\bigr{)}. Suppose we are given a finite set of cardinality such that and for all tuples , entails , where
\widehat{Q}:=\bigl{\{}q+k\bigm{|}q\in Q\text{ and }k\in\{-\kappa-1,\ldots,0,\ldots,\kappa\}\bigr{\}}.
Then we can construct a model of that is -uniform and that interprets the free sort as a finite set.
Proof.
The construction of from is similar to the construction of uniform models outlined in the proof of Lemma 10.
Claim I: Let be a positive integer with . For each of the finitely many equivalence classes and every , there is some such that and for all with and and we have .
Proof: Let be all the indices from for which we have for every . Analogously, let be all the indices from such that holds for every . We define the real
\delta:=\min\bigl{\{}\text{fr}(r_{i})\bigm{|}\text{-\kappa\leq r_{i}\leq\kappa\text{fr}(r_{i})>01\leq i\leq m}\bigr{\}}\cup\bigl{\{}\frac{1}{2}\bigr{\}}.
There must be some integer for which we get and for every . Let be the tuple that we obtain from by replacing every with and every with . By construction, we observe and . Moreover, we have and for every .
Next, we define the following ascending sequences
- •
, where and the values , , are the strictly positive fractional parts in ascending order that occur in , and
- •
, which comprises all reals in in ascending order, including .
We can now construct a tuple by setting for such that .
Clearly, and are -equivalent. Since is a refinement of on the subspace , this entails .
Let denote the set \{{a}\in\mathcal{S}^{\mathcal{A}}\mid\text{{a}=c^{\mathcal{A}}c\in\text{{fconsts}}(N)}\}. The interpretation can be constructed as follows:
- •
,
- •
for every constant symbol occurring in we set ,
- •
for every uninterpreted predicate symbol occurring in and for all tuples and we pick some tuple in accordance with Claim I—i.e. satisfies —and define in such a way that
[TABLE]
Claim II: The interpretation is -uniform.
Proof: Let be two -equivalent tuples. By Claim I, there exist two tuples such that and . Clearly, by transitivity and symmetry of , we have . Even stronger, we can show . Suppose, . We observe the following properties, which follow from :
- •
and .
- •
For all , , for which , we have if and only if .
- •
For all , , for which or , we have if and only if . Because of , we even obtain if and only if .
Hence, our assumption entails that there are two indices such that and , and one of the following cases applies:
- (1)
and , or 2. (2)
and , or 3. (3)
and , or 4. (4)
and , or 5. (5)
and .
Ad (1). By Claim I, we have and .
Ad (2). By Claim I, we have and .
Ad (3). By Claim I, we have and .
Ad (4). By Claim I, we have and .
Ad (5). By Claim I, we have and .
Since all cases lead to a contradiction, we must have .
Because of and due to our assumptions regarding and , we have . Moreover, by construction of , we have and . Consequently, .
We next show . Consider any clause in and let be any variable assignment ranging over . Starting from , we derive a special variable assignment as follows. Let be an enumeration of all base-sort variables in . By Claim I, there exists some tuple such that \langle q_{1},\ldots,q_{\ell}\rangle\mathrel{\widehat{\simeq}}_{\kappa}\bigl{\langle}\beta(x_{1}),\ldots,\beta(x_{\ell})\bigr{\rangle} and . We define for every , . Hence, we have
[TABLE]
For all other base-sort variables , can be defined arbitrarily. For every free-sort variable we set .
As is a model of , we know . By case distinction on why holds, we may use this result to obtain .
Case for some constraint in . Hence, . Due to , the assumption , and the definition of , we know that holds if and only if holds. Consequently, we get and thus .
Case for some in . By and the definition of , we know that if and only if . Consequently, we get .
Case for some constraint in . By definition of BSR(BD) clause sets, must also contain constraints , , , and for certain constants whose absolute value is at most . If one of these constraints is violated by , then the first case applies.
If all of these constraints are satisfied by , then, by , they are also satisfied by . Moreover, and the definition of , entail , , , , if and only if , and if and only if . Hence, the following two observations hold:
[TABLE]
and
[TABLE]
Consequently, we have if and only if . In other words, .
Case for some free atom . Hence, and are either variables or constant symbols of the free sort, which means they do not contain subterms of the base sort. Since and behave identical on free-sort constant symbols and for every variable , we get .
Case for some . Analogous to the above case, .
Case for some non-equational atom
. This translates to
\bigl{\langle}\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{m^{\prime}}),\mathcal{A}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\not\in P^{\mathcal{A}}.
By construction of , we have for every , . Due to our assumptions regarding and by construction of , we therefore have
\bigl{\langle}\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t^{\prime}_{m^{\prime}}),\mathcal{A}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{A}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\not\in P^{\mathcal{B}}.
We observe the following properties:
- •
We have for every , , due to the definition of and .
- •
Since all the are base-sort variables, we get for every , .
These two observations yield
\bigl{\langle}\mathcal{B}(\beta)(t^{\prime}_{1}),\ldots,\mathcal{B}(\beta)(t^{\prime}_{m^{\prime}}),\mathcal{B}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{B}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\not\in P^{\mathcal{B}}.
Because of this result, and due to -uniformity of ,
\bigl{\langle}\mathcal{B}(\widehat{\beta}_{C})(t_{1}),\ldots,\mathcal{B}(\widehat{\beta}_{C})(t_{m})\bigr{\rangle}\mathrel{\widehat{\simeq}}_{\kappa}\bigl{\langle}\mathcal{B}(\beta)(t_{1}),\ldots,\mathcal{B}(\beta)(t_{m})\bigr{\rangle}
leads to
\bigl{\langle}\mathcal{B}(\beta)(t^{\prime}_{1}),\ldots,\mathcal{B}(\beta)(t^{\prime}_{m^{\prime}}),\mathcal{B}(\beta)(t_{1}),\ldots,\mathcal{B}(\beta)(t_{m})\bigr{\rangle}\not\in P^{\mathcal{B}}.
Put differently, we have .
Case for some non-equational atom
. Analogously to the previous case we can infer .
Altogether, we have shown . ∎
Proof of Lemma 18
We first need the following auxiliary result.
Lemma 27**.**
Let be an equivalence class with respect to . There are two mappings and such that
- (i)
for any ascending tuple with we have \bigl{\langle}r_{\varrho(1)}+\sigma(1),\ldots,r_{\varrho(m)}+\sigma(m)\bigr{\rangle}\in S, and 2. (ii)
for every tuple there is an ascending tuple with such that \bigl{\langle}s_{1},\ldots,s_{m}\bigr{\rangle}=\bigl{\langle}r_{\varrho(1)}+\sigma(1),\ldots,r_{\varrho(m)}+\sigma(m)\bigr{\rangle}.
Proof.
Fix some tuple taken from . Given , we set and further construct the sequence in such a way that it lists all strictly positive fractional values in in ascending order.
We construct by setting for every , and such that holds if and only if . Consequently, we have
- ()
\langle q_{1},\ldots,q_{m}\rangle=\bigl{\langle}\text{fr}(q_{1})+\lfloor q_{1}\rfloor,\ldots,\text{fr}(q_{m})+\lfloor q_{m}\rfloor\bigr{\rangle}=\bigl{\langle}q^{\prime}_{\varrho(1)}+\sigma(1),\ldots,q^{\prime}_{\varrho(m)}+\sigma(m)\bigr{\rangle}.
Let be any ascending tuple with . For all , we observe the following properties:
- (1)
. 2. (2)
. 3. (3)
if and only if , which entails that holds if and only if we have . 4. (4)
. 5. (5)
We have
if and only if
if and only if
if and only if
if and only if .
Taken together, these observations imply . Hence, we have just proved (i).
In fact, we have also already proved (ii), by giving the construction of the sequence and by having derived (). If the sequence is shorter than elements, we can simply pad it in an ascending fashion with arbitrary values from . ∎
We can now prove Lemma 18.
Lemma**.**
Let be an interpretation and let be positive integers. There exists a finite set of cardinality such that and for all tuples , entails , where
\widehat{Q}:=\bigl{\{}q+k\bigm{|}q\in Q\text{ and }k\in\{-\kappa-1,\ldots,0,\ldots,\kappa\}\bigr{\}}.
Proof.
Let be some enumeration of all equivalence classes in . By Lemma 27, there is a (not necessarily unique) sequence of pairs of functions such that each pair corresponds to the equivalence class in the sense of Lemma 27.
Let \widehat{\mathcal{S}}:=\{{a}\in\mathcal{S}^{\mathcal{A}}\mid\text{{a}=c^{\mathcal{A}}c\in\text{{fconsts}}(N)}\} be the set of all domain elements assigned to free-sort constant symbols by . We define a coloring \widehat{\chi}:\mathbb{R}^{m}\to\bigl{(}\mathcal{P}\{P_{i}\bar{a}\mid\text{\bar{a}\in\widehat{\mathcal{S}}^{m^{\prime}}P_{i} occurs} \text{in N}\}\bigr{)}^{k} by setting
[TABLE]
for every tuple , where we define to be [math]. By virtue of Lemma 4, there is a set of cardinality such that all ascending tuples are assigned the same color by . We then set .
Consider any equivalence class and the corresponding pair and let be two -equivalent tuples. Let be an enumeration of all the strictly positive fractional parts in in ascending order and let . Hence, .
By Lemma 27, there are two ascending tuples and in such that
and
.
Because of , we know that and . Then, entails
[TABLE]
A.4 Details Concerning Section 6
Proof of Lemma 22
We first need an auxiliary result.
Lemma 28**.**
Let be some equivalence class with respect to . We define the two sets as follows:
[TABLE]
and
[TABLE]
where are some fixed reals in the tuples , respectively, that correspond to the same index. We observe .
Proof.
We obviously have .
In order to prove , consider any . Pick some for which for every , . By construction of , we observe and for every , .
Claim III: For all indices we have if and only if .
Proof: For all reals we have if and only if . Using this fact, we get that entails which in turn implies . Symmetrically, entails .
Claim IV: Let be some enumeration of the indices in such that . There is some such that
.
Proof: Suppose Claim IV does not hold, while Claim III is respected. Hence, suppose there are indices such that and .111There are analogous arguments leading to contradictions in the cases where and .
For all reals we have , where
\lfloor\text{fr}(r)-\text{fr}(t)\rfloor=\begin{cases}0&\text{if \text{fr}(r)\geq\text{fr}(t)}\\ -1&\text{if \text{fr}(r)<\text{fr}(t).}\end{cases}
Hence, we get the following system of equations:
\begin{array}[]{r@{;;=;;}l@{\qquad=\qquad}r@{;;=;;}l}\lfloor s_{j_{1}}\rfloor-\lfloor s_{j_{2}}\rfloor-1&\lfloor s_{j_{1}}-s_{j_{2}}\rfloor&\lfloor q^{\prime}_{j_{1}}-q^{\prime}_{j_{2}}\rfloor&\lfloor q^{\prime}_{j_{1}}\rfloor-\lfloor q^{\prime}_{j_{2}}\rfloor\\ \lfloor s_{j_{1}}\rfloor-\lfloor s_{j_{3}}\rfloor-1&\lfloor s_{j_{1}}-s_{j_{3}}\rfloor&\lfloor q^{\prime}_{j_{1}}-q^{\prime}_{j_{3}}\rfloor&\lfloor q^{\prime}_{j_{1}}\rfloor-\lfloor q^{\prime}_{j_{3}}\rfloor\\ \lfloor s_{j_{2}}\rfloor-\lfloor s_{j_{3}}\rfloor-1&\lfloor s_{j_{2}}-s_{j_{3}}\rfloor&\lfloor q^{\prime}_{j_{2}}-q^{\prime}_{j_{3}}\rfloor&\lfloor q^{\prime}_{j_{2}}\rfloor-\lfloor q^{\prime}_{j_{3}}\rfloor\end{array}
As this system entails , we obtain a contradiction.
It remains to prove the existence of some tuple that satisfies the following requirements:
- (i)
and . 2. (ii)
and for every . 3. (iii)
for every . 4. (iv)
for every .
Notice that Requirement (ii) is entailed by Requirement (iii) and the definition of .
Consider any with . Requirement (i) entails that must satisfy . It follows that and . Hence, Requirement (iii) entails
,
which is equivalent to
[TABLE]
We distinguish several cases:
If , then we set .
If there is some such that , then, by Requirement (i), we must satisfy and, therefore, for every , is determined by .
If , then we observe for every . Hence, we have , which implies for every . As this entails , Requirement (iii) is satisfied if we set .
If none of the above cases apply, we have for every . Moreover, we know that there are indices such that .
Let be some enumeration of the indices in such that . Notice that holds due to our assumptions. By Claim IV, there is some such that
.
In fact, Claim III together with entails that is strictly smaller than .
We pick some real such that . For every , , we set \text{fr}(q_{k_{j}}):=\varepsilon+\bigl{(}\text{fr}(q^{\prime}_{k_{j}})-\text{fr}(q^{\prime}_{k_{1}})\bigr{)}. For every , , we set \text{fr}(q_{k_{j}}):=\varepsilon+1-\bigl{(}\text{fr}(q^{\prime}_{k_{1}})-\text{fr}(q^{\prime}_{k_{j}})\bigr{)}.
Claim V: .
Proof:
We observe
- •
\text{fr}(q_{k_{1}})=\varepsilon+\bigl{(}\text{fr}(q^{\prime}_{k_{1}})-\text{fr}(q^{\prime}_{k_{1}})\bigr{)}=\varepsilon>0.
- •
\text{fr}(q_{k_{|\bar{x}|}})=\varepsilon+1-\bigl{(}\text{fr}(q^{\prime}_{k_{1}})-\text{fr}(q^{\prime}_{k_{|\bar{x}|}})\bigr{)}<\bigl{(}\text{fr}(q^{\prime}_{k_{1}})-\text{fr}(q^{\prime}_{k_{|\bar{x}|}})\bigr{)}+1-\bigl{(}\text{fr}(q^{\prime}_{k_{1}})-\text{fr}(q^{\prime}_{k_{|\bar{x}|}})\bigr{)}=1.
- •
Because of and , we obtain . Hence, we get \text{fr}(q_{k_{\ell}})=\varepsilon+\bigl{(}\text{fr}(q^{\prime}_{k_{\ell}})-\text{fr}(q^{\prime}_{k_{1}})\bigr{)}\leq\varepsilon+\text{fr}(q^{\prime}_{k_{\ell+1}})+1-\text{fr}(q^{\prime}_{k_{1}})=\varepsilon+1-\bigl{(}\text{fr}(q^{\prime}_{k_{1}})-\text{fr}(q^{\prime}_{k_{\ell+1}})\bigr{)}=\text{fr}(q_{k_{\ell+1}}).
The above observations entail , , and . By definition of the and our assumptions and , these observations imply Claim V.
Claim VI: For every we have \bigl{(}\lfloor s_{k_{1}}\rfloor+\text{fr}(q_{k_{1}})\bigr{)}-\bigl{(}\lfloor s_{k_{j}}\rfloor+\text{fr}(q_{k_{j}})\bigr{)}=q^{\prime}_{k_{1}}-q^{\prime}_{k_{j}}.
Proof: If , then we have
[TABLE]
where in case of (or ) and if (or ).
If , then we have
[TABLE]
Since is strictly smaller than , we get . Moreover, Claim III together with entails . Hence, and . Consequently, we get
[TABLE]
Claim VII: For every we have .
Proof: As we assume , there is at least one such that . This entails . As one consequence of Claim VI, we get that \bigl{(}\lfloor s_{k_{i}}\rfloor+\text{fr}(q_{k_{i}})\bigr{)}-\bigl{(}\lfloor s_{k_{j}}\rfloor+\text{fr}(q_{k_{j}})\bigr{)}=q^{\prime}_{k_{i}}-q^{\prime}_{k_{j}} for every . This can be rewritten into the equivalent equation q^{\prime}_{k_{j}}-\bigl{(}\lfloor s_{k_{j}}\rfloor+\text{fr}(q_{k_{j}})\bigr{)}=q^{\prime}_{k_{i}}-\bigl{(}\lfloor s_{k_{i}}\rfloor+\text{fr}(q_{k_{i}})\bigr{)}. In other words, we have q^{\prime}_{k_{j}}>\bigl{(}\lfloor s_{k_{j}}\rfloor+\text{fr}(q_{k_{j}})\bigr{)} for every .
This means, if we set for every , , then the stipulated requirements are satisfied. ∎
Using the above result, we can prove Lemma 22
Lemma**.**
Consider any delay clause
[TABLE]
that belongs to the FOL(LA) encoding of some timed automaton . Let be some positive integer. Let be a finite clause set corresponding to the following formula
[TABLE]
For every -uniform interpretation we have for all tuples if and only if holds for all tuples .
Proof.
We first show that the clause is equivalent to the clause
[TABLE]
where is some fixed clock variable . Although the variable in is universally quantified, the fact that does not occur on the right-hand side of the implication entails that ’s quantifier can be moved inside the premise of the implication represents, where universal quantification will turn into existential quantification (the quantifier moves into the scope of one implicit negation symbols). This transformation yields an equivalent clause with the constraint . In addition, we observe
[TABLE]
Consequently, the clauses and are equivalent.
Let be any equivalence class with respect to . Since we assume to be -uniform, we have that, if holds for one , then holds for every .
Now suppose holds for all tuples . Moreover, suppose there is some pair of tuples such that . Thus, we have that satisfies the premises of —among them — but does not satisfy the consequent . As \mathcal{A},[\bar{x}{\mathop{\mapsto}}\bar{q},\bar{x}^{\prime}{\mathop{\mapsto}}\bar{q}^{\prime}]\models\bigwedge_{x_{1},x_{2}\in\bar{x}}\bigwedge_{-\lambda\leq k\leq\lambda}\bigl{(}x_{1}-x_{2}\leq k\;\leftrightarrow\;x^{\prime}_{1}-x^{\prime}_{2}\leq k\bigr{)}\;\wedge\;\bigl{(}x_{1}-x_{2}\geq k\leftrightarrow x^{\prime}_{1}-x^{\prime}_{2}\geq k\bigr{)}\;\wedge\;\bigwedge_{x\in\bar{x}}x^{\prime}\geq x, we know that , where is the equivalence class with respect to to which belongs and is defined as in Lemma 28. Moreover, we know that for every , as is -uniform. The fact that holds for all tuples entails for every for which , where is defined as in Lemma 28. Hence, Lemma 28 entails for every for which , in particular for . This contradiction implies that holds for all tuples .
The opposite direction can be argued analogously. ∎
Details regarding Theorem 23
Figure 2 illustrates the TA regions for some timed automaton with two clocks and in which all integer constants have an absolute value of at most . For every TA region of such an automaton, there is at least one representative which lies in .
Let be a timed automaton and let be the maximal absolute value of any integer constant occurring in the invariants and the transition guards of . Let be some enumeration of all the clock variables in . Consider a constraint of the form
.
We observe that entails . Of course, can also be conjoined with the constraint , say, which entails . This example illustrates that one can combine several difference constraints over different clock variables in such a way that bounds are achieved which cannot be formulated with a single constraint with . However, all of those combined constraints can be equivalently represented with atomic constraints or , where .
In the main text (in the discussion preceding Theorem 23 in Section 6), we mention that there exists a computable integer such that any valuation of ’s clocks can be projected to some valuation which cannot distinguish from . Due to the above observations, we find that meets the stipulated requirements. Hence, in order to decide reachability for , it is sufficient to consider the bounded subspace . This means, given the FOL(LA) encoding of , we obtain a BSR(BD) encoding of reachability with respect to in the following two steps:
(1) Replace every delay clause in with a corresponding finite set of clauses in accordance with Lemma 22, where we set .
(2) Conjoin the constraints for to every constraint in which a base-sort variable occurs.
Since any -uniform model of is -uniform over the subspace , Lemma 22 entails that faithfully encodes reachability with respect to .
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] Rajeev Alur and David L. Dill. A theory of timed automata. Theor. Comput. Sci. , 126(2):183–235, 1994.
- 2[2] Leo Bachmair, Harald Ganzinger, and Uwe Waldmann. Refutational theorem proving for hierarchic first-order theories. Applicable Algebra in Engineering, Communication and Computing , 5:193–212, 1994.
- 3[3] Peter Baumgartner and Uwe Waldmann. Hierarchic superposition with weak abstraction. In Automated Deduction (CADE-24) , pages 39–57, 2013.
- 4[4] Aaron R. Bradley, Zohar Manna, and Henny B. Sipma. What’s Decidable About Arrays? In Verification, Model Checking, and Abstract Interpretation (VMCAI’06) , pages 427–442, 2006.
- 5[5] Peter J. Downey. Undecidability of Presburger Arithmetic with a Single Monadic Predicate Letter. Technical report, Center for Research in Computer Technology, Harvard University, 1972.
- 6[6] Arnaud Fietzke and Christoph Weidenbach. Superposition as a Decision Procedure for Timed Automata. Mathematics in Computer Science , 6(4):409–425, 2012.
- 7[7] Yeting Ge and Leonardo Mendonça de Moura. Complete Instantiation for Quantified Formulas in Satisfiabiliby Modulo Theories. In Computer Aided Verification (CAV’09) , pages 306–320, 2009.
- 8[8] Ronald L. Graham, Bruce L. Rothschild, and Joel H. Spencer. Ramsey Theory . A Wiley-Interscience publication. Wiley, second edition, 1990.
