Second case study: Guarded Fragment Decidability via the tree model property and Rabin’s theorem More efficient decidability via translation to automata
The Guarded Fragment GF formulas are built up from atomic formulas Ai(x1...xn) using the boolean connectives: If ½1, ½22 GF, then so is ½1 Æ ½2 , ½1 Ç ½2 , : ½1 In addition, if ½ 2 GF then 8 y1…yn [R(x1…xm y1…yn)!½(…)]2GF 9 y1…yn [R(x1…xm y1…yn)Æ ½(…)]2GF provided that the free variables of ½ are all contained in the free variables of R(x1…xm y1…yn)
New issues with GF GF is like ML but: arbitrary arity formulas no longer need to “look forward”
Examples of GF formulas Any ML formula is in GF: 8 y [R(x,y) ! U(y)] But we can do more in GF: 8 xyz [T(x,y,z)! 9uv T(z,u,v)] 8 xy [R(x,y) ! S(x,y)] 8 x [U(x)! 9y R(x,y)Æ V(y)] 9 xy R(x,y)Æ R(y,x) However, the following sentences are not in GF: 9 xyz R(x,y) Æ R(y,z) Æ R(z,x) 8 xyz [R(x,y) Æ R(y,z) Æ R(z,x) ! S(x,z)] 9 xy R(x,y)Æ 8 y’ [R(x,y’)! T(y,y’)] 8 xyz [R(x,y) Æ R(y,z) ! R(x,z)]
What do we mean by a tree model for GF? There are GF sentences that are satisfiable, but not satisfiable over any tree. 9 x y z [ T(x,y,z) Æ R(x, y) Æ R(y,z) Æ R(z,x) Æ U(x)Æ U(y) Æ U(z) ] 8 x U(x) ! [ 9 y z U(y) Æ U(z) Æ T(x,y,z) Æ R(x,y) Æ R(y,z) Æ R(z,x) ] .... ....
What do we mean by a tree model for GF? .... .... ... ...
What do we mean by a tree model for GF? Fix a number k. Consider a tree over a signature with the following unary relations: one unary relation F for each fact over elements {1…k} for each i, j · k, a unary relation Eqi,j A node labelled with a bunch of these unary relations describes a small piece of the structure, of size at most k. Eqi,j asserts that the element i in a child is equal to element j in the parent (in the slides we sometimes write this as #i=#j). We call trees over this signature k tree codes.
What do we mean by a tree model for GF? 3 2 2 1 1 L3 L2 L1 2 1 3 L1 3 1 L3, #2=#3 L2, #2=#3 2 1 3 1
Tree model property: statement The width of a formula is the maximum number of free variables in any subformula. For GF, the width is equal to the maximal arity of any relation in the formula. Proposition: for every GF formula ½ of width k, if ½ is satisfiable, then there is a model that has a k tree code Recall plan for Modal Logic: define a notion of bisimulation, show that bisimulations preserve ML formulas define a notion of unravelling of a structure show that the unravelling of M is a tree-like structure bisimilar to M thus if Á satisfied by some M, it is satisfied by the unravelling of M
Tree model property: statement The width of a formula is the maximum number of free variables in any subformula. For GF, the width is equal to the maximal arity of any relation in the formula. Proposition: for every GF formula ½ of width k, if ½ is satisfiable, then there is a model that has a k tree code Modification for GF: define a notion of guarded bisimulation, show that guarded bisimulations preserve ML formulas GF sentences define a notion of guarded unravelling of a structure show that the guarded unravelling of M is a tree-like structure guarded bisimilar to M thus if Á satisfied by some M, it’s satisfied by guarded unravelling of M
Recall: Bisimulation Given two Kripke Structures M and M’ a bisimulation between M and M’ is a mapping B relating elements of M with elements of M’ such that whenever B(x,x’) holds: (Partial Isomorphism) x satisfies the same unary predicates in M as x’ does in M’ (Back) For every y with R(x,y) in M, there is y’with R(x’,y’) in M’ with B(y,y’) (Forth) For every y’ with R(x’,y’) in M’, there is y with R(x,y) in M with B(y,y’) We say (M,x) and (M’,x’) are bisimilar if there is a bisimulation relating x and x’.
Guarded bisimulation Given two structure M and M’ a guarded bisimulation between M and M’ is a mapping B relating guarded tuples of M with guarded tuples of M’ such that whenever B(x1...xn,x’1...x’n) holds: (Partial Iso.) x1...xn satisfies the same predicates in M as x’1...x’n does in M’ (Back) For every guarded y1...ym in M, there is guarded y’1... y’m in M’ with B(y1...ym,y’1...y’m) and yi=xj implies y’i=x’j (Forth) For every guarded y’1...y’m in M’, there is guarded y1...ym in M with B(y1...ym,y’1...y’m) and yi=xj implies y’i=x’j We say (M,x1...xn) and (M’,x’1...x’n) are guarded bisimilar if there is a guarded bisimulation relating x1...xn and x’1...x’n.
Recall: Bisimulation as a game Bisimulation game between players Spoiler and Duplicator: Positions of the game are pairs (x,x’) with x2M x’2M’. (Partial Iso.) If x and x’ disagree on a unary predicate Spoiler wins. (Back) Spoiler can play y2 M with R(x,y), and Duplicator must respond with y’2M’ s.t. R(x’,y’). If Duplicator cannot respond, she loses; if she responds with y, play continues from (y, y’). (Forth) Spoiler can play y’2 M with R(x’,y’) in M’, and Duplicator must respond with y2 M s.t. R(x’,y’). If Duplicator cannot respond, she loses; if she responds with y’, then play continues from (y, y’). Duplicator wins if she can play forever or Spoiler cannot play. (M,x) and (M’,x’) are bisimilar if and only if there is a winning strategy for Duplicator starting from (x, x’).
Guarded bisimulation as a game Guarded bisimulation game between Spoiler and Duplicator. Positions of the game are pairs of guarded tuples x1...xn2M , x’1...x’n2 M’ If x1...xn and x’1...x’n disagree on a predicate then Spoiler wins. Spoiler can play guarded y1...ym2 M, and Duplicator must respond with guarded y’1...y’m 2 M’ such that the overlap of yj with xk is the same as y’j with x’k. If Duplicator can not respond, she loses; if she responds play continues from (y1...ym, y’1...y’m). Spoiler can play y’1...y’m2 M’, and Duplicator must respond with guarded y1...ym 2 M’ ... (M,x1...xn) and (M’,x’1...x’n) are guarded bisimilar if and only if there is a winning strategy for Duplicator starting at (x1...xn,x’1...x’n )
Guarded Bisimulation
Guarded Bisimulation
Guarded Bisimulation
Guarded Bisimulation
Guarded Bisimulation
Guarded Bisimulation
Guarded Bisimulation (Not!)
Guarded bisimulation and GF Proposition: If (M,c1...cn) and (M’,c’1...c’n) are guarded bisimilar then for any GF formula ½(x1...xn), (M, c1...cn) ² ½ if and only if (M’, c’1...c’n) ² ½
Guarded bisimulation and GF Proposition: If (M,c1...cn) and (M’,c’1...c’n) are guarded bisimilar then for any GF formula ½(x1...xn), (M, c1...cn) ² ½ if and only if (M’, c’1...c’n) ² ½ Induction on formula construction. Base case of A(x1...xn) holds since guarded bisimulation preserves atomic formulas. Æ, Ç, : induction steps are obvious
Guarded bisimulation and GF If (M,c1...cn) and (M’,c’1...c’n) are guarded bisimilar Then for any GF formula ½(x1...xn), (M, c1... cn) ² ½ if and only if (M’, c’1...c’n) ² ½ Suppose (M,c1...cn)² 9 y1...yk R(x1...xj,y1...yk)Æ Á’ and there is a guarded bisimulation B from (M,c1...cn) to (M’,c’1...c’n). There is e1...ek such that R(c1...cj,e1...ek) and (M, c1...cj,e1...ek)² Á’ Now by (Back) there is e’1...e’k such that R(c’1...c’j,e’1...e’k) and B(c1...cj e1...em, c’1...c’j e’1...e’k) Now by induction (M’, c’1..c’j e’1...e’k)² Á’ so e’1...e’k witnesses (M’,c’1...c’j)² 9 y1...yk R(x1...xj,y1...yk)Æ Á’ Similarly argument starting with (M’,c’1...c’n) ² 9 y1...yk R(x1...xn,y1...yk)Æ Á’
Tree model property: statement Proposition: for every GF formula ½ of width k, if ½ is satisfiable in some model M, then there is a model that has a k tree code Approach: Define an unravelling of M at guarded tuple x1... xn. This will be a model U that is tree like and has a copy x’1...x’n of x1... xn. Show that (M, x1...xn) and (U, x’1...x’n) are guarded bisimilar.
Guarded Unravelling
Guarded Unravelling
Guarded Unravelling
Guarded Unravelling
Guarded Unravelling
Guarded Unravelling ...
Guarded unravellings We define the code of the unravelling via the guarded bisimulation game. The sequence of possible plays by Spoiler forms a tree. Each node is associated with a guarded set S, and we associate it with all the structure that is on S in M.
Where we are Proposition: for every GF formula ½ of width k, if ½ is satisfiable, then there is a model that has a k tree code So it suffices to check ½ on a structure that is tree-like (has a tree code). But we want to check something on a tree, not a tree-like structure.
Translating from structures to trees ML Theorem: For any ML formula Á(x), if it is satisfied in some model then there is a tree model T such that T, root(T) ² Á We can show: Theorem: For any GF sentence Á and any number k we can construct another sentence Á’ such that: if M has k code TM, then M ² Á if and only if TM ² Á’ We will not be able to get Á’in FO
Tree codes ... 9 x y z A(x,y)Æ B(y,z) L3 contains A(1,3) #2=#2 9 x y z A(x,y)Æ B(y,z) #2=#2 #2=#2 L3 contains A(1,3) #2=#2 L5 #2=#2 L3 #3=#2 L5 contains B(2,3) ...
Monadic Second Order Logic (MSO) MSO extends first-order logic by adding monadic (unary) relation variables X1…Xj Atomic formulas are R(x1…xn) and Xi(x) If ½1, ½22 MSO, then so is ½1 Æ ½2 , ½1 Ç ½2 , : ½1 9 x ½1 , 9 X ½1 Theorem (Rabin): The tree satisfiability problem for MSO is decidable.
Mapping from relations to tree codes Theorem: For any GF sentence Á and any number k we can construct Á’ in MSO such that: if M has k code TM, then M ² Á if and only if TM ² Á’
Putting it all together We have shown: For any GF sentence Á, if it is satisfied in some model then there is a model M with a k tree-like code such that M ² Á where k is the width of Á We have also shown: For any GF sentence Á and any k we can construct MSO Á’ such that: if M has k code TM, then M ² Á if and only if TM ² Á’ Thus: For any GF sentence Á and any k we can construct Á’ in MSO such that: Á is satisfiable iff Á’is satisfiable in a k tree code.
Recall Decidability via the tree model property and Rabin’s theorem More efficient decidability via translation to automata
Automata for GF We consider infinite labelled ranked ordered trees: labelled: we have a set A1....An of node predicates, and each node is labelled with a subset of the A1.... An ranked: every node has r children ordered: the children are numbered first child, second child, etc.
Automata on r-ranked ordered trees An alternating Büchi tree automaton (ABT) is given by (Q,S,q0,d,) where: Q is a finite set of states S is the set of label predicates q0 2 Q is the initial state d : Q £ P(S) → BC+(Dir£Q) is the transition function is the acceptance condition, which in this case is a subset of Q For now, let Dir = {Down1,…,Downr}, the possible directions the automaton is allowed to move in. BC+(Dir£Q) consists of formulas that are positive boolean combinations of atoms from Dir£Q.
Acceptance game for automaton We can think of a run of an ABT A on a tree t as an acceptance game between two players: Eve: the "existential" player trying to show t is in the language Adam: the opponent trying to show t is not in the language The positions are of the form (q,v) for q a state and v a node in t, or (𝜓,v) for 𝜓 in BC+(Dir£Q) and v a node. The possible moves are: q , v d(q,v) , v 𝜓1 ∨ 𝜓2 , v 𝜓1 , v 𝜓2 , v 𝜓1 ∧ 𝜓2 , v 𝜓1 , v 𝜓2 , v (d,r) , v r , v' controlled by Eve controlled by Adam where v' is the node in direction d of v
Acceptance game for automaton We can think of a run of an ABT A on a tree t as an acceptance game. A play in the game is a series of positions in the game, starting in position (q0,r) for r the root of t. A strategy for Eve is a choice of her next move, given any partial play ending in a position controlled by Eve. A winning strategy for Eve (for the Büchi condition ), is a strategy such that for any play consistent with the strategy, there is some q in that appears infinitely often in positions of the form (q,v). We say t is accepted by A if there is a winning strategy for Eve in the acceptance game of A on t.
Examples Let S = { P1, P2 } and consider languages of binary trees over S. We can construct ABT for the following languages. L1 = { t : there is exactly one P1 node in t } L2 = { t : below every P1 node in t there is a P2 node } L3 = { t : every branch in t has infinitely many P2 } L4 = { t : there is some branch in t with finitely many P2 } L5 = { t : there are finitely many nodes with P1 in t }
Special types of automata 2-way alternating Büchi automata (2ABT): the set of directions includes Up and Stay, in addition to Downi 1-way nondeterministic Büchi automaton (1NBT): each transition function formula is a disjunction of formulas of the form (Down1,q1)∧ … ∧(Downr,qr)
Decidable emptiness Theorem (Vardi 1998): Language emptiness is decidable in EXPTIME for 2ABT automata. Specifically, it is decidable in time polynomial in the size of the automaton and exponential in the number of states.
Alternating automata for ML Let 𝜙 be a formula in modal logic in NNF. Then define A𝜙 as follows. Q = cl(𝜙), together with True and False q0 = 𝜙(c) and Ω = { True } Transition function 𝛿(P(c),𝜏) := (Stay,True) if P(c) ∈ 𝜏 (Stay,False) otherwise 𝛿(¬P(c),𝜏) := (Stay,False) if P(c) ∈ 𝜏 (Stay,True) otherwise 𝛿(𝜓1 ∨ 𝜓2,𝜏) := (Stay,𝜓1)∨(Stay,𝜓2) 𝛿(𝜓1 ∧ 𝜓2,𝜏) := (Stay,𝜓1)∧(Stay,𝜓2) 𝛿(∃y R(c,y) ∧ 𝜓(y),𝜏) := ⋁1≤i≤r(Downi,𝜓(c)) 𝛿(∀y R(c,y) → 𝜓(y),𝜏) := ⋀1≤i≤r(Downi,𝜓(c))
New goal Given a GF sentence Á, we want to construct a 2ABT AÁ such that AÁ accepts exactly the labelled r-ranked trees t such that t ² Á We will use 2ABT on binary trees. In order to do this we need to show that we can use binary trees for our tree codes.
Alternative encodings in trees Our first encoding used equality predicates to explain how neighboring nodes overlap: 3 2 2 1 1 L3 L2 L1 2 1 3 L1 3 1 L3, #2=#3 L2, #2=#3 2 1 1 3
Alternative encodings in trees An alternative is to use a set Uk of 2k names, and indicate overlap in adjacent nodes by using the same names. 3 3 3 1 5 L3 L2 L1 2 4 4 L1 3 1 L3 L2 2 5 4 4 We call this “implicit coding”.
Tree codes using binary trees By rearranging and duplicating nodes, we can ensure the tree codes are binary trees. L0 L0 L1 L0 … L1 L2 Ln L2 L0 … L0 Ln L0
Alternating automata for GF Theorem (essentially Grädel 1999): Let 𝜙 be a sentence in GF in NNF. We can construct in 2EXPTIME a 2ABT A𝜙 such that A𝜙 accepts t iff the decoding of t satisfies 𝜙 and the number of states of A𝜙 is singly exponential in the size of 𝜙. 𝜙 is satisfiable iff L(A𝜙) is non-empty. Corollary: GF satisfiability is decidable in 2EXPTIME.
Alternating automata for GF Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. Q = cl(𝜙,Uk) (the subformula closure of 𝜙, with names from Uk for free variables) q0 = 𝜙
Alternating automata for GF Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. 𝛿(R(c1,…,cm),𝜏) is (Stay,False) if c1,…,cm not represented in 𝜏 (Stay,True) if R(c1,…,cm) is in 𝜏 (Up,R(c1,…,cm))∨(Down1,R(c1,…,cm)) ∨(Down2,R(c1,…,cm)) otherwise 𝛿(¬R(c1,…,cm),𝜏) is (Stay,True) if c1,…,cm not represented in 𝜏 (Stay,False) if R(c1,…,cm) is in 𝜏 and (Up,¬R(c1,…,cm))∧(Down1,¬R(c1,…,cm)) ∧(Down2,¬R(c1,…,cm)) otherwise
Alternating automata for GF Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. 𝛿(𝜓1∨𝜓2,𝜏) := (Stay,𝜓1)∨(Stay,𝜓2) 𝛿(𝜓1∧𝜓2,𝜏) := (Stay,𝜓1)∧(Stay,𝜓2)
Alternating automata for GF Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. 𝛿(∃y1…yn 𝛼(c1,…,cm,y1,…yn)∧𝜓’(c1,…,cm,y1,…,yn),𝜏) is (Stay,False) if c1,…,cm not represented in 𝜏; otherwise it is a disjunction of 𝜓’(c1,…,cm,d1,…,dn) for all 𝛼(c1,…,cm,d1,…dn) in 𝜏 (Up,∃y1…yn 𝛼(c1,…,cm,y1,…yn)∧𝜓’(c1,…,cm,y1,…,yn)) (Downi,∃y1…yn 𝛼(c1,…,cm,y1,…yn)∧𝜓’(c1,…,cm,y1,…,yn)) 𝛿(∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn),𝜏) is (Stay,True) if c1,…,cm not represented in 𝜏; otherwise it is a conjunction of (Up,∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn)) (Downi,∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn))
Alternating automata for GF Let 𝜙 be a sentence in GF in NNF. Then define A𝜙 as follows. The set F of accepting states are of the form True ¬R(c1,…,cn) ∀y1…yn 𝛼(c1,…,cm,y1,…yn)→𝜓’(c1,…,cm,y1,…,yn)
Alternating automata for GF Since the number of states of this ABT is exponential in the size of the formula (in fact polynomial in the size of the formula and exponential in the width), we get: Theorem: GF satisfiability is decidable in 2EXPTIME. When the maximum arity of relations is fixed, it is decidable in EXPTIME.
Summary Decidability via the tree model property and Rabin’s theorem More efficient decidability via translation to ABT over infinite trees