Modal Logics with Composition on Finite Forests: Expressivity and Complexity (Extra Material)
Bartosz Bednarczyk, Stéphane Demri, Raul Fervari, Alessio Mansutti
MModal Logics with Composition on Finite Forests:Expressivity and Complexity (Extra Material)
Bartosz Bednarczyk
TU Dresden & University of Wrocław
Stéphane Demri
LSV, CNRS, ENS Paris-Saclay, Université Paris-Saclay
Raul Fervari
FAMAF, Universidad Nacional de Córdoba & CONICET
Alessio Mansutti
LSV, CNRS, ENS Paris-Saclay, Université Paris-Saclay
Abstract
We study the expressivity and complexity of two modal log-ics interpreted on finite forests and equipped with standardmodalities to reason on submodels. The logic ML ( ) extendsthe modal logic K with the composition operator from am-bient logic, whereas ML (∗) features the separating conjunc-tion ∗ from separation logic. Both operators are second-orderin nature. We show that ML ( ) is as expressive as the gradedmodal logic GML (on trees) whereas ML (∗) is strictly lessexpressive than GML . Moreover, we establish that the sat-isfiability problem is Tower-complete for ML (∗) , whereasit is (only) AExp Pol -complete for ML ( ) , a result which issurprising given their relative expressivity. As by-products,we solve open problems related to sister logics such as staticambient logic and modal separation logic. CCS Concepts: • Theory of computation → Modal andtemporal logics . Keywords: modal logic on trees, separation logic, static am-bient logic, graded modal logic, expressive power, complexity
ACM Reference Format:
Bartosz Bednarczyk, Stéphane Demri, Raul Fervari, and AlessioMansutti. 2020. Modal Logics with Composition on Finite Forests:Expressivity and Complexity (Extra Material). In
Proceedings of the35th Annual ACM/IEEE Symposium on Logic in Computer Science(LICS ’20), July 8–11, 2020, Saarbrücken, Germany.
ACM, New York,NY, USA, 62 pages. https://doi.org/10.1145/3373718.3394787
The ability to quantify over substructures to express prop-erties of a model is often instrumental to perform modularand local reasoning. Two well-known examples are provided
Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies are notmade or distributed for profit or commercial advantage and that copies bearthis notice and the full citation on the first page. Copyrights for componentsof this work owned by others than ACM must be honored. Abstracting withcredit is permitted. To copy otherwise, or republish, to post on servers or toredistribute to lists, requires prior specific permission and/or a fee. Requestpermissions from [email protected].
LICS ’20, July 8–11, 2020, Saarbrücken, Germany © 2020 Association for Computing Machinery.ACM ISBN 978-1-4503-7104-9/20/07...$15.00 https://doi.org/10.1145/3373718.3394787 by separation logics [30, 37, 44], dedicated to reasoning onpointer programs, and ambient (or more generally, spatial)logics [10, 13, 15, 20], dedicated to reasoning on disjointdata structures. In the realm of modal logics dedicated toknowledge representation, submodel reasoning remains akey ingredient to express the dynamics of knowledge and be-lief, as done in the logics of public announcement [5, 35, 39],sabotage modal logics [4], refinement modal logics [12] andrelation-changing logics [1–3]. Though the models may beof different nature (e.g. memory states for separation logics,epistemic models for logics of public announcement or fi-nite edge-labelled trees for ambient logics), all those logicsfeature composition operators that enable to compose ordecompose substructures in a very natural way.From a technical point of view, reasoning about submodelsrequires a global analysis, unlike the local approach for clas-sical modal and temporal logics (typically based on automatatechniques [49, 50]). This makes the comparison betweenthose formalisms quite challenging and often limited to a su-perficial analysis on the different classes of models and com-position operators. For instance, the composition operatorin ambient logics decomposes a tree into two disjoint piecessuch that once a node has been assigned to one submodel,all its descendants belong to the same submodel. Instead,the separating conjunction ∗ from separation logic decom-poses the memory states into two disjoint memory states.Obviously, these and other well-known operators are closelyrelated but no uniform framework investigates exhaustivelytheir relationships in terms of expressive power.Most of these logics can be easily encoded in monadicsecond-order logic MSO (or in second-order modal logics [25,32]). Complexity-wise, if models are tree-like structures, wecan then infer decidability thanks to the celebrated Rabin’stheorem [42]. However, most likely, this does not produce thebest decision procedures when it comes to solving simplereasoning tasks (e.g. the satisfiability problem of
MSO isTower-complete [45]). Thus, relying on
MSO as a commonumbrella to capture and understand the differences betweenthose logical formalisms is often not satisfactory.
Our motivations.
Our intention in this work is to providean in-depth comparison between the composition operatorfrom static ambient logic [13] and the separating conjunc-tion ∗ from separation logics [44] by identifying a common a r X i v : . [ c s . L O ] J u l ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti ground in terms of logical languages and models. As a con-sequence, we are able to study the effects of having these op-erators as far as expressivity and complexity are concerned.We aim at defining two logics whose only differences rest ontheir use of and ∗ syntactically and semantically (by consid-ering the adequate composition operation). To do so, we pickas our common class of models, the Kripke-style finite trees(actually finite forests, so that the class is closed under takingsubmodels), which provides an ubiquitous class of structures,extremely well-studied in computer science. For the under-lying logical language (i.e. apart from or ∗ ), we advocatethe use of the standard modal logic K (i.e. to have Booleanconnectives and the standard modality (cid:51) ) so that the mainoperations on the models amount to quantify over submod-els or to move along the edges. This framework is sufficientlyfundamental to give us the possibility to take advantage ofmodel theoretical tools from modal logics [6, 9, 21]. The ben-efits of settling a common ground for comparison may leadto further comparisons with other logics and new results. Our contributions.
We introduce ML ( ) and ML (∗) , twologics interpreted on Kripke-style forest models, equippedwith the standard modality (cid:51) , and respectively with the com-position operator from static ambient logic [13] and withthe separating conjunction ∗ from separation logic [44]. Bothlogical formalisms can state non-trivial properties about sub-models, but the binary modalities and ∗ operate differently:whereas ∗ is able to decompose the models at any depth,is much less permissive as the decomposition is completelydetermined by what happens at the level of the children ofthe current node. We study their expressive power and com-plexity, obtaining surprising results. We show that ML ( ) isas expressive as the graded modal logic GML [6, 47] whereas ML (∗) is strictly less expressive than GML . Interestingly,this latter development partially reuses the result for ML ( ) ,hence showing how our framework allows us to transposeresults between the two logics. To show that GML is strictlymore expressive than ML (∗) , we define Ehrenfeucht-Fraïsségames for ML (∗) . In terms of complexity, the satisfiabilityproblem for ML ( ) is shown AExp Pol -complete , interest-ingly the same complexity as for the refinement modal logic RML [12] handling a quantifier over refinements (generalis-ing the submodel construction). The AExp
Pol upper boundfollows from an exponential-size model property, whereasthe lower bound is by reducing the satisfiability problem foran AExp
Pol -complete team logic [28]. Much more surpris-ingly, although ML (∗) is strictly less expressive than ML ( ) ,its complexity is much higher (not even elementary). Pre-cisely, we show that the satisfiability problem for ML (∗) isTower-complete. The Tower upper bound is a consequenceof [42], whereas hardness is shown by reduction from aTower-complete tiling problem, adapting substantially the Problems in AExp
Pol are decidable by an alternating Turing machine work-ing in exponential-time and using polynomially many alternations [11].
Tower-hardness proof from [7] for second-order modal logicK on finite trees. To conclude, we get the best of our resultson ML ( ) and ML (∗) to solve several open problems. Werelate ML ( ) with an intensional fragment of static ambientlogic SAL ( ) from [13] by providing polynomial-time reduc-tions between their satisfiability problems. Consequently,we establish AExp
Pol -completeness of
SAL ( ) , refuting hintsfrom [13, Section 6]. Similarly, we show that the modal sepa-ration logic MSL( (cid:51) − , ∗ ) from [22] is Tower-complete. This document extends [8] with a technical appendix includingadditional information and all omitted proofs.
In this section, we introduce the logics ML ( ) and ML (∗) interpreted on tree-like structures equipped with operatorsto split the structure into disjoint pieces. Due to the presenceof such operators, we are required to consider a class ofmodels that is closed under submodels, which we call Kripke-style finite forests (or finite forests for short).Let AP be a countably infinite set of atomic propositions .A (Kripke-style) finite forest is a triple M = ( W , R , V ) where W is a non-empty finite set of worlds , V : AP → P( W ) is a valuation and R ⊆ W × W is a binary relation whose inverse R − is functional and acyclic. Then, in particular the graphdescribed by ( W , R ) is a finite collection of disjoint finitetrees (where R encodes the child relation).We define R ( w ) def = { w ′ ∈ W | ( w , w ′ ) ∈ R } . Worlds in R ( w ) are understood as children of w . We inductively define R n : R def = {( w , w ) | w ∈ W } ; R n + def = {( w , w ′′ ) | ∃ w ′ ( w , w ′ ) ∈ R n and ( w ′ , w ′′ ) ∈ R } . R + denotes the transitive closure of R .We define operators that chop a finite forest. It should benoted that these operators, as well as the resulting logics, canbe cast under the umbrella of the logic of bunched implica-tions BI [26, 41], with the exception that we do not explicitlyrequire them to have an identity element (as enforced on themultiplicative operators of BI , see [26]). Let M = ( W , R , V ) and M i = ( W i , R i , V i ) (for i ∈ { , } ) be three finite forests. The separation logic composition.
We introduce the bi-nary operator + that performs the disjoint union at the levelof parent-child relation. Formally, M = M + M def ⇔ R ⊎ R = R , W = W = W , V = V = V . This is the composition used in separation logic [22, 44]. Thefigure below depicts possible instances for M , M and M . = + The ambient logic composition.
We introduce the oper-ator + w , where w ∈ W , that constraints further + : M = M + w M def ⇔ M = M + M and R + i ( w ′ ) = R + ( w ′ ) holds for all i ∈ { , } and w ′ ∈ R i ( w ) . M is a disjoint union between M and M except that, assoon as w ′ ∈ R i ( w ) , the whole subtree of w ′ in R belongs odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany to M i , like the composition in ambient logic [13]. Below, weillustrate a model decomposed with + w . w = w + w w We say that M is a submodel of M , written M ⊑ M ifthere is M such that M = M + M . Modal logics on trees.
The logic ML ( ) enriches the modallogic K (a.k.a. ML ) with a binary connective , called com-position operator , that admits submodel reasoning via theoperator + w . Similarly, ML (∗) enriches ML with the con-nective ∗ , called separating conjunction (or star ) that admitssubmodel reasoning via the operator + . Both connectivesand ∗ are understood as binary modalities. As we showthroughout the paper, ML ( ) and ML (∗) are strongly relatedto the graded modal logic GML [21]. For conciseness, let usdefine all these logics by considering formulae that containall of their ingredients. These formulae are built from φ : = ⊤ | p | φ ∧ φ | ¬ φ | (cid:51) φ | (cid:51) ≥ k φ | φ ∗ φ | φ φ , where p ∈ AP and k ∈ N (encoded in binary). A pointedforest ( M , w ) is a finite forest M = ( W , R , V ) together witha world w ∈ W . The satisfaction relation | = is defined asfollows (standard clauses for ∧ , ¬ and ⊤ are omitted): M , w | = p ⇔ w ∈ V ( p ) ; M , w | = (cid:51) φ ⇔ there is w ′ ∈ R ( w ) s.t. M , w ′ | = φ ; M , w | = (cid:51) ≥ k φ ⇔ |{ w ′ ∈ R ( w ) | M , w ′ | = φ }| ≥ k ; M , w | = φ ∗ φ ⇔ there are M , M s.t. M = M + M , M , w | = φ and M , w | = φ ; M , w | = φ φ ⇔ there are M , M s.t. M = M + w M , M , w | = φ and M , w | = φ . The formulae φ ⇒ ψ , φ ∨ ψ and ⊥ are defined as usual.We use the following standard abbreviations: (cid:50) φ def = ¬ (cid:51) ¬ φ , (cid:51) ≤ k φ def = ¬ (cid:51) ≥ k + φ and (cid:51) = k φ def = (cid:51) ≥ k φ ∧ (cid:51) ≤ k φ . We write size ( φ ) to denote the size of φ with a tree representation offormulae and with a reasonably succinct encoding of atomicformulae. Besides, we write md ( φ ) to denote the modal degree of φ understood as the maximal number of nested unarymodalities (i.e. (cid:51) or (cid:51) ≥ k ) in φ . Similarly, the graded rank gr ( φ ) of φ is defined as max ({ k | (cid:51) ≥ k ψ ∈ subf ( φ )} ∪ { }) ,where subf ( φ ) is the set of all the subformulae of φ .Given the formulae φ and ψ , φ ≡ ψ denotes that φ and ψ are logically equivalent ; i.e., for every pointed forest ( M , w ) , M , w | = φ iff M , w | = ψ . For instance ( k ≥ p ∈ AP):1. (cid:51) φ ≡ (cid:51) ≥ φ ; 2. ( (cid:50)(cid:50) ⊥ (cid:50)(cid:50) ⊥) (cid:46) ( (cid:50)(cid:50) ⊥ ∗ (cid:50)(cid:50) ⊥) ;3. (cid:51) ≥ k p ≡ (cid:51) p ∗ · · · ∗ (cid:51) p (cid:124) (cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32) (cid:123)(cid:122) (cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32) (cid:125) k times ; 4. (cid:51) ≥ k φ ≡ (cid:51) φ · · · (cid:51) φ (cid:124) (cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32) (cid:123)(cid:122) (cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32)(cid:32) (cid:125) k times . The modal logic ML is the logic restricted to formulae withthe unique modality (cid:51) [9]. Similarly, the graded modal logic GML is restricted to the graded modalities (cid:51) ≥ k [21]. We introduce the modal logics ML ( ) and ML (∗) , which are re-stricted to the suites of modalities ( (cid:51) , ) and ( (cid:51) , ∗) , respec-tively. The two equivalences (3) and (4) already shed somelight on ML ( ) and ML (∗) : the two logics are similar whenit comes to their formulae of modal degree one. Lemma 2.1.
Let φ be a formula in ML ( ) with md ( φ ) ≤ .Then, φ ≡ φ [ ← ∗] where φ [ ← ∗] is the formula in ML (∗) obtained from φ by replacing every occurrence of by ∗ . However, as shown by the non-equivalence (2), it is un-clear how the two logics compare when it comes to formu-lae of modal degree greater than one. Indeed, since M = M + w M implies M = M + M , but not vice-versa, the sep-arating conjunction ∗ is more permissive than the operator .However, further connections between the two operators canbe easily established. Let us introduce the auxiliary operatordefined as φ def = φ ∗ (cid:50) ⊥ . Formally, ( W , R , V ) , w | = φ ⇔ there is R ′ ⊆ R s.t. R ′ ( w ) = R ( w ) and ( W , R ′ , V ) , w | = φ . Similar operators are studied in [2, 4, 12]. We show that andare sufficient to capture ∗ (essential property for Section 5). Lemma 2.2.
Let φ , ψ ∈ GML . We have φ ∗ ψ ≡ ( φ ψ ) . Unlike , when ∗ splits a finite forest M into M and M , itmay disconnect in both submodels worlds that are otherwisereachable, from the current world, in M . Applying beforeallows us to imitate this behaviour. Indeed, even thoughpreserves reachability in either M or M , deletes part of M ,making some world inaccessible. This way of expressing theseparating conjunction allows us to reuse some methodsdeveloped for ML ( ) in order to study ML (∗) . The logic QK t . Both ML ( ) and ML (∗) can be seen as frag-ments of the logic QK t , which in turn is known to be afragment of monadic second-order logic on trees [7]. Thelogic QK t extends ML with second-order quantification andis interpreted on finite trees. Its formulae are defined accord-ing to the following grammar: φ : = p | (cid:51) φ | φ ∧ φ | ¬ φ | ∃ p φ . Given M = ( W , R , V ) and w ∈ W , the satisfaction relation | = of ML is extended as follows: M , w | = ∃ p φ iff ∃ W ′ ⊆ W s.t. ( W , R , V [ p ← W ′ ]) , w | = φ .One can show logspace reductions from ML ( ) and ML (∗) to QK t , by simply reinterpreting the operators ∗ and asrestrictive forms of second-order quantification, and by rela-tivising (cid:51) to appropriate propositional symbols in order tocapture the notion of submodel (details are omitted). Satisfiability problem.
The satisfiability problem for a logic L , written Sat( L ), takes as input a formula φ in L and checkswhether there is a pointed forest ( M , w ) such that M , w | = φ .Note that any L among ML , GML , ML ( ) or ML (∗) hasthe tree model property, i.e. any satisfiable formula is alsosatisfied in some tree structure. The problems Sat( ML ) and ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Sat(
GML ) are known to be PSpace-complete, see e.g. [9, 31,46, 47], and therefore Sat( ML ( ) ) and Sat( ML (∗) ) are PSpace-hard. As an upper bound, by Rabin’s theorem [42], the sat-isfiability problem for QK t is decidable in Tower, whichtransfers directly to Sat( ML ( ) ) and Sat( ML (∗) ). Expressive power.
Given two logics L and L , we say that L is at least as expressive as L (written L ⪯ L ) wheneverfor every formula φ of L , there is a formula ψ of L such that φ ≡ ψ . L ≈ L denotes that L and L are equally expressive ,i.e. L ⪯ L and L ⪯ L . Lastly, L ≺ L denotes that L is strictly more expressive than L , i.e. L ⪯ L and L (cid:48) L .The equivalence (1) recalls us that ML ≺ GML [21]. Fromthe equivalence (4), we get
GML ⪯ ML ( ) . ML ( ) : Expressiveness and Complexity In this section, we study the expressive power of ML ( ) andthe complexity of Sat( ML ( ) ). We show constructively that ML ( ) ⪯ GML , hence proving ML ( ) ≈ GML . Next, we showthat Sat ( ML ( )) is AExp Pol -complete. The upper bound isachieved by proving an exponential-size model property. Thelower bound is by reduction from the satisfiability problemfor propositional team logic [28, Thm. 4.9]. ML ( ) is not more expressive than GML
Establishing ML ( ) ⪯ GML amounts to show that given φ , φ in GML , one can construct ψ in GML such that φ φ ≡ ψ .For instance, a simple case analysis yields the equivalence ( p ∨ (cid:51) ≥ r ) ( q ∨ (cid:51) ≤ q ) ≡ ( p ∨ (cid:51) ≥ r ) . With this property,the general algorithm consists in iteratively replacing in-nermost subformulae of the form φ φ by a counterpart in GML , allowing us to eliminate all the occurrences of andobtain an equivalent formula in
GML . The base case involvessubformulae φ and φ in ML (a fragment of GML ).Let us provide a few definitions. Let φ be a formula in GML . We write max PC ( φ ) to denote the set of subformulae ψ of φ that are maximal and modality-free, i.e.1. ψ is modality-free: it does not contain modalities (cid:51) ≥ k and one of its occurrences is not in the scope of (cid:51) ≥ k ;2. ψ is maximal: one of its occurrences does not belongto a larger modality-free subformula of φ .For instance, max PC (( p ∨ (cid:51) ≥ r )∧( q ∨ p )) = { p , q ∨ p } . Similarly, max GM ( φ ) denotes the set of subformulae ψ of φ such that ψ is of the form (cid:51) ≥ k ψ ′ and one of its occurrences in φ is notin the scope of graded modalities (cid:51) ≥ k . For instance, max GM (( p ∨ (cid:51) ≥ r ) ∧ ( q ∨ (cid:51) ≥ (cid:51) ≥ q )) = { (cid:51) ≥ r , (cid:51) ≥ (cid:51) ≥ q } .Every formula φ in GML is a Boolean combination of formu-lae from max PC ( φ ) ∪ max GM ( φ ) . Lastly, φ is in good shape if theproperties (1) and (2) below hold:1. max PC ( φ ) ⊆ {⊥ , ⊤} . Consequently, every propositionalvariable in φ occurs in the scope of a graded modality;2. For all (cid:51) ≥ k ψ , (cid:51) ≥ k ′ ψ ′ in max GM ( φ ) with ψ (cid:44) ψ ′ , theconjunction ψ ∧ ψ ′ is unsatisfiable. Let φ and φ be GML formulae. First, we show that when φ ∧ φ is in good shape, there is a GML formula ψ suchthat φ φ ≡ ψ . To do so, we take a slight detour throughPresburger arithmetic ( PA ), see e.g. [27, 40]. Given two for-mulae φ , φ in GML , we will characterise the formula φ φ by using arithmetical constraints for the number of succes-sors. Then, we will take advantage of basic properties of PA in order to eliminate quantifiers, and obtain a GML for-mula. Below, the variables x , y , z , . . . , possibly decorated andoccurring in formulae, are from PA and therefore they areinterpreted by natural numbers.Let φ be in GML s.t. max PC ( φ ) ⊆ {⊤ , ⊥} and { ψ , . . . , ψ n } contains the set { ψ | (cid:51) ≥ k ψ ∈ max GM ( φ )} . We define formulaein PA that state constraints about the number of childrensatisfying a formula ψ j . The variable x j is intended to beinterpreted as the number of children satisfying ψ j . We write φ PA ( x , . . . , x n ) to denote the arithmetical formula obtainedfrom φ by replacing with x j ≥ k every occurrence of (cid:51) ≥ k ψ j that it is not in the scope of a graded modality. For instance,assuming that φ = (cid:51) ≥ ( p ∧ q ) ∨ ¬ (cid:51) ≥ ¬ p , the expression φ PA ( x , x ) denotes the formula x ≥ ∨ ¬( x ≥ ) .Let φ , φ be GML formulae such that φ ∧ φ is in goodshape and { ψ , . . . , ψ n } = { ψ | (cid:51) ≥ k ψ ∈ max GM ( φ ∧ φ )} . Weconsider the formula [ φ , φ ] PA in PA defined below: [ φ , φ ] PA def = ∃ y , y , . . . , y n , y n ( (cid:211) nj = x j = y j + y j )∧ φ PA ( y , . . . , y n ) ∧ φ PA ( y , . . . , y n ) . The formula [ φ , φ ] PA states that there is a way to divide thechildren in two distinct sets and each set allows to satisfy φ PA or φ PA , respectively. As PA admits quantifier elimina-tion [17, 40, 43], there is a quantifier-free formula χ equiva-lent to [ φ , φ ] PA and its free variables are among x , . . . , x n .A priori, the atomic formulae of χ may not be of the simpleform x j ≥ k (e.g. ‘modulo constraints’ or constraints of theform (cid:205) a i x j ≥ k may be involved). However, if the atomicformulae of χ are restricted to expressions of the form x j ≥ k ,then we write χ GML to denote the
GML formula obtainedfrom χ by replacing every occurrence of x j ≥ k by (cid:51) ≥ k ψ j . Lemma 3.1.
Let φ , φ be in GML such that φ ∧ φ is ingood shape. [ φ , φ ] PA is equivalent to a quantifier-free PA formula χ whose atomic formulae are only of the form x j ≥ k .Moreover, φ φ ≡ χ GML and gr ( χ GML ) ≤ gr ( φ ) + gr ( φ ) . The bound on gr ( χ GML ) stated in this key lemma is essen-tial to obtain an exponential bound on the smallest modelsatisfying a formula in ML ( ) (see Section 3.2). Thanks toLemma 3.1, we can show that GML is closed under the opera-tor by reducing the occurrences of this operator to formulaein good shape. In particular, we show that given two arbi-trary formulae φ and φ in GML , φ φ is equivalent to adisjunction of formulae of the form ( ψ ψ ) ∧ χ , where χ is aBoolean combination of atomic propositions and ψ ∧ ψ is ingood shape (hence ψ ψ is equivalent to a formula in GML odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany by Lemma 3.1). This is shown syntactically: atomic proposi-tions are dealt with by propositional reasoning, whereas toproduce ψ and ψ we use axioms from GML [6] and rely onthe following equivalences: (guess) (cid:51) ≥ k φ ≡ (cid:51) ≥ k (cid:0) ( φ ∧ ψ ) ∨ ( φ ∧ ¬ ψ ) (cid:1) ; ( (cid:51) ≥ k dist) if φ ∧ ψ unsat., (cid:51) ≥ k ( φ ∨ ψ ) ≡ (cid:212) k = k + k ( (cid:51) ≥ k φ ∧ (cid:51) ≥ k ψ ) ; ( dist) ( φ ∨ ψ ) χ ≡ ( φ χ ) ∨ ( ψ χ ) .Notice that the conjunction of φ ∧ ψ and φ ∧ ¬ ψ from (guess)is trivially unsatisfiable, allowing us to use ( (cid:51) ≥ k dist). As GML is shown to be closed under the operator , we conclude.
Theorem 3.2. ML ( ) ⪯ GML . Therefore, ML ( ) ≈ GML . To prove ML ( ) ⪯ GML , we iteratively put subformulaein good shape and apply Lemma 3.1. This is done severaltimes, potentially causing an exponential blow-up each timea formula is transformed. To provide an optimal complexityupper bound, we need to tame this combinatorial explosion.
Pol -completeness
In order to show that Sat( ML ( ) ) is in AExp Pol , the mainingredient is to show that given φ in ML ( ) , we build φ ′ in GML such that φ ′ ≡ φ and the models for φ ′ (if any) do notrequire a number of children per node more than exponentialin size ( φ ) . The proof of Theorem 3.2 needs to be refined toimprove the way φ ′ is computed. In particular, this requiresa strategy for the application of the equivalences used to puta formula in good shape.We need to introduce a few more simple notions. Let φ be a GML formula with max GM ( φ ) = { (cid:51) ≥ k ψ , . . . , (cid:51) ≥ k n ψ n } .We define bd ( , φ ) def = k + · · · + k n . For all m ≥
0, we define bd ( m + , φ ) def = max { bd ( m , ψ ) | (cid:51) ≥ k ψ ∈ max GM ( φ )} . Hence, bd ( m , φ ) can be understood as the maximal bd ( , ψ ) for somesubformula ψ occurring at the modal depth m within φ . Wewrite max bd ( φ ) for the value max { bd ( m , φ ) | m ∈ [ , md ( φ )]} .If φ is satisfiable, we can use max bd ( φ ) to obtain a bound onthe smallest model satisfying it, as stated in Lemma 3.3 below. Lemma 3.3.
Every satisfiable φ in GML is satisfied by apointed forest with at most max bd ( φ ) md ( φ ) + worlds. To show that ML ( ) has the exponential-size model prop-erty, we establish that given φ in ML ( ) , there is φ ′ in GML such that φ ′ ≡ φ , md ( φ ′ ) ≤ md ( φ ) and max bd ( φ ′ ) is exponen-tial in size ( φ ) . First, we consider the fragment F of ML ( ) : φ :: = (cid:51) ≥ k ψ | p | φ φ | φ ∧ φ | ¬ φ , where p ∈ AP and (cid:51) ≥ k ψ is a formula in GML (abusively assumed in ML ( ) but we know GML ⪯ ML ( ) ). Given φ in ML ( ) or in F , wewrite cd ( φ ) to denote its composition degree , i.e. the maximalnumber of imbrications of in φ . We extend the notion of bd to formulae in F , so that bd ( m , φ ) = bd ( m , φ [ ← ∧]) , where φ [ ← ∧] is the formula obtained from φ by replacing everyoccurrence of by ∧ . Similarly, max GM ( φ ) def = max GM ( φ [ ← ∧]) .Let φ be in F such that max GM ( φ ) = { (cid:51) ≥ k χ , . . . , (cid:51) ≥ k n χ n } .The key step to show the exponential-size model propertyessentially manipulates the formulae in max GM ( φ ) in order to produce equivalent formulae ψ , . . . , ψ n , so that for alldistinct i and j , ψ i ∧ ψ j is in good shape. Moreover, by replac-ing in φ every (cid:51) ≥ k i χ i with the equivalent formula ψ i , weonly witness an exponential blow-up on bd ( , φ ) , whereasfor every m > bd ( m , φ ) remains polynomially bounded bythe bd of the original formula. With the bound on the gradedrank found in Lemma 3.1, we derive Lemma 3.4. Lemma 3.4.
Let φ be a formula of the fragment F such that max GM ( φ ) = { (cid:51) ≥ k χ , . . . , (cid:51) ≥ k n χ n } and (cid:98) k = max { k , . . . , k n } .There is a GML formula ψ such that φ ≡ ψ and,1. md ( ψ ) ≤ md ( φ ) ; 2. bd ( , ψ ) ≤ (cid:98) k × n + cd ( φ ) ;3. bd ( , ψ ) ≤ n × bd ( , φ ) ; 4. ∀ m ≥ , bd ( m , ψ ) = bd ( m , φ ) . In the proof of Lemma 3.4, a first step essentially consistsin applying multiple times (guess) in order to derive, forevery i ∈ [ , n ] , an equivalence (cid:51) ≥ k i χ i ≡ ψ ′ i where ψ ′ i def = (cid:51) ≥ k i (cid:212) f : [ , n ]→{⊤ , ⊥} (cid:0) χ i ∧ [ χ ] f ( ) ∧ · · · ∧ [ χ n ] f ( n ) (cid:1) .Here, [ χ j ] ⊤ def = χ j and [ χ j ] ⊥ def = ¬ χ j . Roughly speaking, inthis step, we expand χ i by considering all the possible truthvalues for the formulae χ , . . . , χ n (the disjuncts where χ i is negated can be simply discharged from the disjunction,as they are unsatisfiable). Substituting every (cid:51) ≥ k i χ i by ψ ′ i in φ leads to a formula φ ′ such that bd ( , φ ′ ) ≤ n × bd ( , φ ) (as in Lemma 3.4) and for every m (cid:44) bd ( m , φ ′ ) = bd ( m , φ ) .Afterwards, we repeatedly apply ( (cid:51) ≥ k dist) to ψ ′ i and obtainthe formula ψ i satisfying the aforementioned property, i.e.for all distinct i and j , ψ i ∧ ψ j is in good shape. With ( dist),this allows us to apply Lemma 3.1 until all the operators areremoved. Besides, replacing every ψ ′ i by ψ i in φ ′ leads to aformula having the same bd as the formula ψ in Lemma 3.4.Applying adequately the transformation from Lemma 3.4to a formula in ML ( ) , i.e. by considering maximal subformu-lae of the fragment F , allows us to get a logically equivalent GML formula having small models.
Lemma 3.5.
Every satisfiable φ in ML ( ) is satisfied by apointed forest of size at most exponential in size ( φ ) . The proof of Lemma 3.5 (relying on Lemma 3.4) consistsin showing that for all φ in ML ( ) , there is φ ′ in GML suchthat φ ′ ≡ φ and max bd ( φ ′ ) is exponential in size ( φ ) , which issufficient by Lemma 3.3 to get the exponential-size modelproperty, whence the upper bound AExp Pol . Theorem 3.6.
Sat( ML ( ) ) is in AExp Pol . The (standard) proof consists in observing that to checkthe satisfiability status of φ in ML ( ) , first guess a pointedforest of exponential-size (thanks to Lemma 3.5) and checkwhether it satisfies φ . This can be done in exponential-timeusing an alternating Turing machine with a linear amount ofalternations (between universal states and existential states)by viewing ML ( ) as a fragment of MSO .It remains to establish AExp
Pol -hardness. We provide alogspace reduction from the satisfiability problem for theteam logic PL[~] shown AExp
Pol -complete in [28, Thm. 4.9].
ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
PL[~] formulae are defined by the following grammar: φ : = p | (cid:219)¬ p | φ ∧ φ | ~ φ | φ (cid:219)∨ φ ,where p ∈ AP and the connectives (cid:219)¬ and (cid:219)∨ are dotted toavoid confusion with those of ML ( ) . PL[~] is interpreted onsets of (Boolean) propositional valuations over a finite subsetof AP. They are called teams and are denoted by T , T , . . . . Amodel for φ is a team T over a set of propositional variablesincluding those occurring in φ and such that T | = φ with: T | = p ⇔ for all v ∈ T , we have v ( p ) = ⊤ ; T | = (cid:219)¬ p ⇔ for all v ∈ T , we have v ( p ) = ⊥ ; T | = φ (cid:219)∨ φ ⇔ ∃ T , T s.t. T = T ∪ T , T | = φ , T | = φ . The connectives ~ and ∧ are interpreted as the classical nega-tion and conjunction, respectively. Notice that, in the clausefor (cid:219)∨ , the teams T and T are not necessarily disjoint.Let us discuss the reduction from Sat(PL[~]) to Sat( ML ( ) ).A direct encoding of a team T into a pointed forest ( M , w ) consists in having a correspondence between the proposi-tional valuations in T and the propositional valuations ofthe children of w . This would work fine if there were nomismatch between the semantics for (disjointness of thechildren) and the one for (cid:219)∨ (disjointness not required). Tohandle this, when checking the satisfaction of φ in PL[~]with n occurrences of (cid:219)∨ , we impose that if a propositionalvaluation occurs among the children of w , then it occurs inleast n + (cid:219)∨ several times, always with respect to the numberof occurrences of (cid:219)∨ in the subformula of φ that is evalu-ated. Non-disjointness of the teams is encoded by carefullyseparating the children of w having identical valuations.We now formalise the reduction. Assume that we wishto translate φ from PL[~], written with atomic propositionsin P = { p , . . . , p m } and containing at most n occurrencesof the operator (cid:219)∨ . We introduce a set Q = { q , . . . , q n + } ofauxiliary propositions disjoint from P . The elements of Q are used to distinguish different copies of the same proposi-tional valuation of a team. Thus, with respect to a pointedforest ( M , w ) , we require each child of w to satisfy exactlyone element of Q . This can be done with the formula uni ( Q ) def = (cid:50) ( (cid:211) i (cid:44) i ′ ∈[ , n + ] ¬( q i ∧ q i ′ ) ∧ (cid:212) i ∈[ , n + ] q i ) .We require that if a child of w satisfies a propositional val-uation over (elements in) P , then there are n + P , each of them satisfying adistinct symbol in Q . So, every valuation over P occurring insome child of w , occurs at least in n + w . How-ever, as the translation of the operator (cid:219)∨ modifies the set ofcopies of a propositional valuation, this property must beextended to arbitrary subsets of Q . Given ∅ (cid:44) X ⊆ [ , n + ] ,we require that for all k (cid:44) k ′ ∈ X , if a children of w sat-isfies q k , then there is a child satisfying q k ′ with the samevaluation over P . The formula cp ( X ) below does the job: (cid:219) k (cid:44) k ′ ∈ X ¬ (cid:0) (cid:50) q k ( (cid:51) = q k ∧ ¬(⊤ (cid:51) = q k ∧ (cid:51) = q k ′ ∧ (cid:219) j ∈[ , m ] (cid:51) p j ⇒ (cid:50) p j )) (cid:1) . Lastly, before defining the translation map τ , we describehow different copies of the same propositional valuation aresplit. We introduce two auxiliary choice functions c and c that take as arguments X ⊆ [ , n + ] , and n , n ∈ N with | X | ≥ n + n such that for each i ∈ { , } , we have c i ( X , n , n ) ⊆ X , | c i ( X , n , n )| ≥ n i . Moreover c ( X , n , n )⊎ c ( X , n , n ) = X . The maps c and c are instrumental to de-cide how to split X into two disjoint subsets respecting basiccardinality constraints. The translation map τ is designed asfollows ( ∅ (cid:44) X ⊆ [ , n + ] ): τ ( p , X ) def = (cid:50) (( (cid:212) j ∈ X q j ) ⇒ p ) ; τ ( (cid:219)¬ p , X ) def = (cid:50) (( (cid:212) j ∈ X q j ) ⇒ ¬ p ) ; τ ( φ ∧ φ , X ) def = τ ( φ , X ) ∧ τ ( φ , X ) ; τ ( ~ φ , X ) def = ¬ τ ( φ , X ) ; τ ( φ (cid:219)∨ φ , X ) def = ( τ ( φ , X ) ∧ cp ( X )) ( τ ( φ , X ) ∧ cp ( X )) , where (i) | X | is greater or equal to the number of occurrencesof (cid:219)∨ in φ (cid:219)∨ φ plus one; (ii) given n , n such that n (resp. n ) is the number of occurrences of (cid:219)∨ in φ (resp. φ ) plusone, for each i ∈ { , } we have c i ( X , n , n ) = X i .Lemma 3.7 below guarantees that starting with a linearnumber of children with the same propositional valuation issufficient to encode (cid:219)∨ within ML ( ) . Lemma 3.7.
Let φ be in PL[~] with n occurrences of (cid:219)∨ andbuilt upon p , . . . , p m . Then, φ is satisfiable iff so is uni ( q , . . . , q n + ) ∧ cp ([ , n + ]) ∧ τ ( φ , [ , n + ]) . The ML ( ) formula involved in Lemma 3.7 has modaldepth one. By Theorem 3.6, Sat ( ML ( )) is AExp Pol -completeeven restricted to formulae of modal depth at most one.
Corollary 3.8.
Sat( ML ( ) ) is AExp Pol -complete.
As we show in the next section, the complexity of ML (∗) does not collapse to modal depth one: Sat( ML (∗) ) restrictedto formulae of modal depth k is exponentially easier thanSat( ML (∗) ) restricted to formulae of modal depth k + ML (∗) is Tower-complete We show that Sat( ML (∗) ) is Tower-complete, i.e. completefor the class of all problems of time complexity boundedby a tower of exponentials whose height is an elementaryfunction [45]. Given k , n ≥
0, we inductively define thetetration function t as t ( , n ) def = n and t ( k + , n ) = t ( k , n ) .Intuitively, t ( k , n ) defines a tower of exponentials of height k . By k -NExpTime, we denote the class of all problems de-cidable with a nondeterministic Turing machine (NTM) ofworking time O ( t ( k , p ( n ))) for some polynomial p ( . ) , on eachinput of length n . To show Tower-hardness, we design a uni-form elementary reduction allowing us to get k -NExpTime-hardness for all k greater than a certain (fixed) integer. Inour case, we achieve an exponential-space reduction fromthe k -NExpTime variant of the tiling problem, for all k ≥ Tile k takes as input a triple TT = (T , H , V) where T is a finite set of tile types, H ⊆ T × T odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany (resp.
V ⊆ T × T ) represents the horizontal (resp. vertical)matching relation, and an initial tile type c ∈ T . A solutionfor the instance (TT , c ) is a mapping τ : [ , t ( k , n ) − ] ×[ , t ( k , n ) − ] → T such that (first) τ ( , ) = c , and (hor&vert) for all i ∈ [ , t ( k , n ) − ] and j ∈ [ , t ( k , n ) − ] , ( τ ( j , i ) , τ ( j + , i )) ∈ H and ( τ ( i , j ) , τ ( i , j + )) ∈ V .The problem of checking whether an instance of Tile k hasa solution is known to be k -NExpTime-complete (see [38]).The reduction below from Tile k to Sat( ML (∗) ) recyclesideas from [7] to reduce Tile k to Sat( QK t ). To provide theadequate adaptation for ML (∗) , we need to solve two ma-jor issues. First, QK t admits second-order quantification,whereas in ML (∗) , the second-order features are limited tothe separating conjunction ∗ . Second, the second-order quan-tification of QK t essentially colours the nodes in Kripke-stylestructures without changing the frame ( W , R ) . By contrast,the operator ∗ modifies the accessibility relation, possiblymaking worlds that were reachable from the current world,unreachable in submodels. The Tower-hardness proof forSat( ML (∗) ) becomes then much more challenging: we wouldlike to characterise the position on the grid encoded by aworld w by exploiting properties of its descendants (as donefor QK t ), but at the same time, we need to be careful andonly consider submodels where w keeps encoding the sameposition. In a sense, our encoding is robust: when the opera-tor ∗ is used to reason on submodels, we can enforce that noworld changes the position of the grid that it encodes. t ( j , n ) children. Let M = ( W , R , V ) be a finite forest. We consider two dis-joint sets of atomic propositions P = { p , . . . , p n , val } and Aux = { x , y , l , s , r } (whose respective role is later defined).Elements from Aux are understood as auxiliary propositions.We call ax -node (resp. Aux -node ) a world satisfying the propo-sition ax ∈ Aux (resp. satisfying some proposition in
Aux ). Wecall t-node a world that satisfies the formula t def = (cid:211) ax ∈ Aux ¬ ax .Every world of M is either a t -node or an Aux -node. We saythat w ′ is a t -child of w ∈ W if w ′ ∈ R ( w ) and w ′ is a t -node.We define the concepts of Aux -child and ax -child similarly.The key development of our reduction is given by thedefinition of a formula, of exponential size in j ≥ n ≥
1, that when satisfied by ( M , w ) forces every t -node in R i ( w ) , where 0 ≤ i < j , to have exactly t ( j − i , n ) t -children, each of them encoding a different numberin [ , t ( j − i , n ) − ] . As we impose that w is a t -node, it musthave t ( j , n ) t -children. We assume n to be fixed throughoutthe section and denote this formula by type ( j ) . From theproperty above, if M , w | = type ( j ) then for all i ∈ [ , j − ] and all t -nodes w ′ ∈ R i ( w ) we have M , w ′ | = type ( j − i ) .First, let us informally describe how numbers are encodedin the model ( M , w ) satisfying type ( j ) . Let i ∈ [ , j ] . Givena t -node w ′ ∈ R i ( w ) , n i ( w ′ ) denotes the number encodedby w ′ . We omit the subscript i when it is clear from the context. When i = j , we represent n ( w ′ ) by using the truthvalues of the atomic propositions p , . . . , p n . The proposition p b is responsible for the b -th bit of the number, with the leastsignificant bit being encoded by p . For example, for n = M , w ′ | = p ∧ p ∧ ¬ p whenever n ( w ′ ) =
6. Theformula type ( ) forces the parent of w ′ (i.e. is a t -node in R j − ( w ) ) to have exactly 2 n t -children by requiring one t -child for each possible valuation upon p , . . . , p n . Otherwise,for i < j (and therefore j ≥ n i ( w ′ ) is repre-sented by the binary encoding of the truth values of val onthe t -children of w ′ which, since ( M , w ′ ) | = type ( j − i ) , are t ( j − i , n ) children implicitly ordered by the number they, inturn, encode. The essential property of type ( j ) is thereforethe following: the numbers encoded by the t -children of a t -node w ′′ ∈ R i ( w ) , represent positions in the binary repre-sentation of the number n i ( w ′′ ) . Thanks to this property, theformula type ( j ) forces w to have exactly t ( j , n ) children, allencoding different numbers in [ , t ( j , n ) − ] . This is roughlyrepresented in the picture below, where “1” stands for val being true whereas “0” stands for val being false.. w . . . . . . << . . . << . . . << type ( j ) , has t ( j , n ) children type ( j − ) type ( j − ) To characterise these trees in ML (∗) , we simulate second-order quantification by using Aux -nodes. Informally, we re-quire a pointed forest ( M , w ) satisfying type ( j ) to be suchthat (i) every t -node w ′ ∈ R ( w ) has exactly one x -child,and one (different) y -child. These nodes do not satisfy anyother auxiliary proposition; (ii) for every i ≥
2, every t -node w ′ ∈ R i ( w ) has exactly five Aux -children, one for each ax ∈ Aux . We can simulate second-order existential quan-tification on t -nodes with respect to the symbol ax ∈ Aux by using the operator ∗ in order to remove edges leading to ax -nodes. Then, we evaluate whether a property holds onthe resulting model where a t -node “satisfies” ax ∈ Aux ifit has a child satisfying ax . To better emphasise the need tomove along t -nodes, given a formula φ , we write ⟨ t ⟩ φ for theformula (cid:51) ( t ∧ φ ) . Dually, [ t ] φ def = (cid:50) ( t ⇒ φ ) . ⟨ t ⟩ i and [ t ] i arealso defined, as expected.Let us start to formalise this encoding. Let j ≥
1. First, werestrict ourselves to models where every t -node reachablein at most j steps does not have two Aux -children satisfyingthe same proposition. Moreover, these
Aux -nodes have nochildren and only satisfy exactly one ax ∈ Aux . We expressthis condition with the formula init ( j ) below: ⊞ j (cid:219) ax ∈ Aux (cid:16)(cid:0) t ⇒ ¬( (cid:51) ax ∗ (cid:51) ax ) (cid:1) ∧ (cid:50) (cid:0) ax ⇒ (cid:50) ⊥ ∧ (cid:219) bx ∈ Aux \{ ax } ¬ bx (cid:1)(cid:17) , ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti where ⊞ φ def = φ and ⊞ m + φ def = φ ∧ (cid:50) ⊞ m ( φ ) . Notice that if M , w | = init ( j ) and M ′ ⊑ M , then M ′ , w | = init ( j ) .Among the models (( W , R , V ) , w ) satisfying init ( j ) , wedefine the ones satisfying type ( j ) described below (see simi-lar conditions in [7, Section IV]): (sub j ) every t -node in R ( w ) satisfies type ( j − ) ; (zero j ) there is a t -node ˜ w ∈ R ( w ) such that n ( ˜ w ) = (uniq j ) distinct t -nodes in R ( w ) encode different numbers; (compl j ) for every t -node w ∈ R ( w ) , if n ( w ) < t ( j , n ) − n ( w ) = n ( w ) + t -node w ∈ R ( w ) ; (aux) w is a t -node, every t -node in R ( w ) has one x -childand one y -child, and every t -node in R ( w ) has threechildren satisfying l , r and s , respectively.We define type ( ) def = ⊤ , and for j ≥ type ( j ) is defined as type ( j ) def = sub ( j ) ∧ zero ( j ) ∧ uniq ( j ) ∧ compl ( j ) ∧ aux , where each conjunct expresses its homonymous property.The formulae for sub ( j ) , aux and zero ( j ) can be defined as sub ( j ) def = [ t ] type ( j − ) ; aux def = t ∧ [ t ]( (cid:51) x ∗ (cid:51) y ) ∧ [ t ] ( (cid:51) l ∗ (cid:51) s ∗ (cid:51) r ) ; zero ( ) def = ⟨ t ⟩ (cid:211) b ∈[ , n ] ¬ p b ; zero ( j + ) def = ⟨ t ⟩[ t ]¬ val . The challenge is therefore how to express uniq ( j ) and compl ( j ) , to guarantee that the numbers of children of w spanall over [ , t ( j , n ) − ] . The structural properties expressed by type ( j ) lead to strong constraints, which permits to controlthe effects of ∗ when submodels are constructed. This is akey point in designing type ( j ) as it helps us to control whichedges are lost when considering a submodel. Nominals, forks and number comparisons.
In order todefine uniq ( j ) and compl ( j ) (completing the definition of type ( j ) ), we introduce auxiliary formulae, characterisingclasses of models that emerge naturally when trying to cap-ture the semantics of (uniq j ) and (compl j ).Let us consider a finite forest M = ( W , R , V ) and w ∈ W .A first ingredient is given by the concept of local nominals ,borrowed from [7]. We say that ax ∈ Aux is a (local) nominalfor the depth i ≥ t -node w ′ ∈ R i ( w ) having an ax -child. In this case, w ′ is said to be the world thatcorresponds to the local nominal ax . The following formulastates that ax is a local nominal for the depth i : nom i ( ax ) def = ⟨ t ⟩ i (cid:51) ax ∧ (cid:219) k ∈[ , i − ] [ t ] k ¬ (cid:0) ⟨ t ⟩ i − k (cid:51) ax ∗ ⟨ t ⟩ i − k (cid:51) ax (cid:1) . We define the formula @ i ax φ def = ⟨ t ⟩ i ( (cid:51) ax ∧ φ ) which, under thehypothesis that ax is a local nominal for the depth i , statesthat φ holds on the t -node that corresponds to ax . Moreover,we define nom i ( ax (cid:44) bx ) def = nom i ( ax ) ∧ nom i ( bx ) ∧ ¬ @ i ax (cid:51) bx ,which states that ax and bx are two nominals for the depth i with respect to two distinct t -nodes.As a second ingredient, we introduce the notion of fork that is a specific type of models naturally emerging when try-ing to compare the numbers n ( w ) and n ( w ) of two worlds w , w ∈ R i ( w ) (e.g. when checking whether n ( w ) = n ( w ) or n ( w ) = n ( w ) + j ≥ i ≥ fork ij ( ax , bx ) that is satisfied by ( M , w ) iff: • ax and bx are nominals for the depth i . • w has exactly two t -children, say w U and w D . • For every k ∈ [ , i − ] , both R k ( w U ) and R k ( w D ) con-tain exactly one t -child. • The only t -node in R i − ( w U ) , say w ax , corresponds tothe nominal ax . The only t -node in R i − ( w D ) , say w bx ,corresponds to the nominal bx . • If i < j , then ( M , w ax ) and ( M , w bx ) satisfy type lsr ( j − i ) def = type ( j − i ) ∧ [ t ]( (cid:51) l ∧ (cid:51) s ∧ (cid:51) r ) .It should be noted that, whenever ( M , w ) satisfies the for-mula fork ij ( ax , bx ) , we witness two paths of length i , bothstarting at w and leading to w ax and w bx , respectively. Worldsin this path may have Aux -children. Below, we schematise amodel satisfying fork ij ( ax , bx ) :. fork ij ( ax , bx ) w type lsr ( j − i ) type lsr ( j − i ) axbx i Since the definition of fork ij ( ax , bx ) is recursive on i and j (due to type ( j − i ) ), we postpone its formal definition to thenext two sections where we treat the base cases for i = j andthe inductive case for j > i separately.The last auxiliary formulae are [ ax < bx ] ij and [ bx = ax + ] j .Under the hypothesis that ( M , w ) satisfies fork ij ( ax , bx ) , theformula [ ax < bx ] ij is satisfied whenever the two (distinct)worlds w ax , w bx ∈ R i ( w ) corresponding to the nominals ax and bx are such that n ( w ax ) < n ( w bx ) . Similarly, under thehypothesis that ( M , w ) satisfies fork j ( ax , bx ) , the formula [ bx = ax + ] j is satisfied whenever n ( w bx ) = n ( w ax ) + i = j and j =
1, respectively.For the base case, we define the formulae fork jj ( ax , bx ) and [ ax < bx ] jj (for arbitrary j ), as well as [ bx = ax + ] .From these formulae, we are then able to define uniq ( ) and compl ( ) , which completes the characterisation of type ( ) and type lsr ( ) . Afterwards, we consider the case 1 ≤ i < j and j ≥
2, and define fork ij ( ax , bx ) , [ ax < bx ] ij , [ bx = ax + ] j ,as well as uniq ( j ) and compl ( j ) , by only relying on formulaethat are already defined (by inductive reasoning). Base cases: i = j or j = . In what follows, we considera finite forest M = ( W , R , V ) and a world w . Following itsinformal description, we have fork jj ( ax , bx ) def = (cid:51) = t ∧ [ t ] ⊞ j − ( t ⇒ (cid:51) = t ) ∧ nom j ( ax (cid:44) bx ) , where ⊞ j φ def = ⊤ for j <
0. As previously explained, in thebase case, the number n ( w ′ ) encoded by a t -node w ′ ∈ R j ( w ) odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany is represented by the truth values of p , . . . , p n . Then, theformula [ ax < bx ] jj is defined as [ ax < bx ] jj def = (cid:220) u ∈[ , n ] (cid:0) @ j ax ¬ p u ∧ @ j bx p u ∧ (cid:219) v ∈[ u + , n ] ( @ j ax p v ⇔ @ j bx p v ) (cid:1) . The satisfaction of ( M , w ) | = fork jj ( ax , bx ) enforces that thedistinct t -nodes w ax , w bx ∈ R j ( w ) corresponding to ax and bx satisfy n ( w ax ) < n ( w bx ) , which can be shown by usingstandard properties about bit vectors.The formula [ bx = ax + ] is similarly defined: (cid:220) u ∈[ , n ] (cid:0) @ ax (¬ p u ∧ (cid:219) v ∈[ , u − ] p v ) ∧ @ bx ( p u ∧ (cid:219) v ∈[ , u − ] ¬ p v )∧ (cid:219) v ∈[ u + , n ] ( @ ax p v ⇔ @ bx p v ) (cid:1) . Assuming ( M , w ) | = fork ( ax , bx ) , this formula states thatthe two distinct t -nodes w ax , w bx ∈ R ( w ) corresponding to ax and bx are such that n ( w bx ) = n ( w ax ) +
1. Again, correctnessis guaranteed by standard analysis on bit vectors.To define uniq ( ) , we recall that a model satisfying type ( ) satisfies the formula aux and hence every t -node in R ( w ) hastwo auxiliary children, one x -node and one y -node. The ideais to use these two Aux -children and rely on ∗ to state thatit is not possible to find a submodel of M such that w hasonly two distinct children w x and w y corresponding to thenominals x and y , respectively, and such that n ( w x ) = n ( w y ) .In a sense, the operator ∗ simulates a second-order quantifi-cation on x and y . Let [ x = y ] def = ¬([ x < y ] ∨ [ y < x ] ) . Wedefine uniq ( ) def = ¬ (cid:0) ⊤ ∗ ( fork ( x , y ) ∧ [ x = y ] ) (cid:1) .To capture compl ( ) we state that it is not possible to finda submodel of M that looses x -nodes from R ( w ) , keeps all y -nodes, and is such that (i) x is a local nominal for the depth1, corresponding to a world w x encoding n ( w x ) < n − (ii) there is no submodel where w has two t -children, w x and asecond world w y , such that w y corresponds to the nominal y and n ( w y ) = n ( w x ) +
1. Thus, compl ( ) is defined as: ¬ (cid:0) (cid:50) ⊥∗ (cid:0) [ t ] (cid:51) y ∧ @ x ¬ ∧¬(⊤∗( fork ( x , y )∧[ y = x + ] )) (cid:1)(cid:1) . The subscript “1” in the formula refers to the fact that weare treating the base case of compl ( j ) with j =
1. We have def = (cid:211) i ∈[ , n ] p i , reflecting the encoding of 2 n − type ( ) (and type lsr ( ) ),which is established correct with respect to its specification. Lemma 4.1.
Let M , w | = init ( ) . We have M , w | = type ( ) iff ( M , w ) satisfies (sub ), (zero ), (uniq ), (compl ) and (aux). Inductive case: ≤ i < j . As an implicit inductive hypoth-esis used to prove that the formulae are well-defined, weassume that [ bx = ax + ] j ′ and type ( j ′ ) are already definedfor every j ′ < j , whereas fork i ′ j ′ ( ax , bx ) , and [ ax < bx ] i ′ j ′ arealready defined for every 1 ≤ i ′ ≤ j ′ such that j ′ − i ′ < j − i .Therefore, we define: fork ij ( ax , bx ) def = fork ii ( ax , bx ) ∧ [ t ] i type lsr ( j − i ) . It is easy to see that this formula is well-defined: fork ii ( ax , bx ) is from the base case, whereas type lsr ( j − i ) is defined by in-ductive hypothesis, since we have j − i < j . Consider now [ ax < bx ] ij . Assuming M , w | = fork ij ( ax , bx ) ,we wish to express n ( w ax ) < n ( w bx ) for the two distinct worlds w ax , w bx ∈ R i ( w ) corresponding to the nominals ax and bx ,respectively. As i < j , n ( w ax ) (resp. n ( w bx ) ) is encoded us-ing the truth value of val on the t -children of w ax (resp. w bx ). To rely on arithmetical properties of binary numbersused to define [ ax < bx ] jj , we need to find two partitions P ax = { L ax , S ax , R ax } and P bx = { L bx , S bx , R bx } , one for the t -children of w ax and another one for those of w bx s.t.: (LSR): Given b ∈ { ax , bx } , P b splits the t -children as follows: • there is a t -child s b of w b such that S b = { s b } ; • n ( r ) < n ( s b ) < n ( l ) , for every r ∈ R b and l ∈ L b . (LESS): P ax and P bx have constraints to satisfy < : • n ( s ax ) = n ( s bx ) , M , s ax | = ¬ val and M , s bx | = val ; • for every l ax ∈ L ax and l bx ∈ L bx , if n ( l ax ) = n ( l bx ) then M , l ax | = val iff M , l bx | = val .It is important to notice that these conditions essentiallyrevolve around the numbers encoded by t -children, whichwill be compared using the already defined (by inductivereasoning) formulae [ ax < bx ] i ′ j ′ , where j ′ − i ′ < j − i . Sincethe semantics of [ ax < bx ] ij is given under the hypothesis that M , w | = fork ij ( ax , bx ) , we can assume that every child of w ax and w bx has all the possible Aux -children. Then, we relyon the auxiliary propositions in { l , s , r } in order to mimicthe reasoning done in (LSR) and (LESS).We start by considering the constraints involved in (LSR)and express them with the formula lsr ( j ) , which is satisfiedby a pointed forest ( M = ( W , R , V ) , w ) whenever: • ( M , w ) satisfies type ( j ) . • Every t -child of w has exactly one { l , s , r } -child, andonly one of these t -children (say w ′ ) has an s -child. • Every t -child of w that has an l -child (resp. r -child)encodes a number greater (resp. smaller) than n ( w ′ ) .Despite this formula being defined in terms of type ( j ) , weonly rely on lsr ( j − i ) (which is defined by inductive reason-ing) in order to define [ ax < bx ] ij . The picture below schema-tises a model satisfying lsr ( j ) .. w . . . . . . <<< < lsr ( j ) , implies type ( j ) ll s r r The definition of lsr ( j ) follows closely its specification: lsr ( j ) def = type ( j ) ∧ nom ( s ) ∧¬(⊤∗( fork j ( s , l )∧¬[ s < l ] j ))∧¬(⊤∗( fork j ( s , r )∧¬[ r < s ] j )) ∧ [ t ] (cid:51) = ( l ∨ s ∨ r ) . We define the formula [ ax < bx ] ij as follows: ⊤ ∗ (cid:0) nom i ( ax (cid:44) bx ) ∧ [ t ] i lsr ( j − i ) ∧ S ij ( ax , bx ) ∧ L ij ( ax , bx ) (cid:1) , ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti where S ij ( ax , bx ) and L ij ( ax , bx ) check the first and secondcondition in (LESS), respectively. In particular, by defining [ ax = bx ] ij def = ¬([ ax < bx ] ij ∨ [ bx < ax ] ij ) , we have S ij ( ax , bx ) def = ⊤ ∗ (cid:0) fork i + j ( x , y ) ∧ @ i ax ⟨ t ⟩( (cid:51) s ∧ (cid:51) x ) ∧ @ i bx ⟨ t ⟩( (cid:51) s ∧ (cid:51) y ) ∧ [ x = y ] i + j ∧ @ i + x ¬ val ∧ @ i + y val (cid:1) L ij ( ax , bx ) def = ¬ (cid:0) ⊤ ∗ (cid:0) fork i + j ( x , y ) ∧ @ i ax ⟨ t ⟩( (cid:51) l ∧ (cid:51) x ) ∧ @ i bx ⟨ t ⟩( (cid:51) l ∧ (cid:51) y ) ∧ [ x = y ] i + j ∧¬( @ i + x val ⇔ @ i + y val ) (cid:1)(cid:1) . Both fork i + j ( x , y ) and [ x = y ] i + j used in these formulae aredefined recursively. The formula S ij ( ax , bx ) states that thereis a submodel M ′ ⊑ M such thatI. M ′ , w | = fork i + j ( x , y ) ;II. s ax corresponds to the nominal x at depth i + s bx corresponds to the nominal y at depth i + n ( s ax ) = n ( s bx ) , M , s ax ̸| = val and M , s bx | = val .(The enumeration I-VI refers to the conjuncts in the formula) S ij ( ax , bx ) correctly models the first condition of (LESS).Regarding L ij ( ax , bx ) and (LESS), a similar analysis can beperformed. We define LS ij ( ax , bx ) def = L ij ( ax , bx ) ∧ S ij ( ax , bx ) .Let us consider [ bx = ax + ] j . Under the hypothesis that M , w | = fork ij ( ax , bx ) , this formula must express n ( w bx ) = n ( w ax ) + w ax , w bx ∈ R i ( w ) .Then, as done for defining [ ax < bx ] ij , we take advantage ofarithmetical properties on binary numbers and we search fortwo partitions P ax = { L ax , S ax , R ax } and P bx = { L bx , S bx , R bx } of the t -children of w ax and w bx , respectively, such that P ax and P bx satisfy (LSR) as well as the condition below: (PLUS): P ax and P bx have the arithmetical properties of + • P ax and P bx satisfy (LESS); • for every r ax ∈ R ax , we have M , r ax | = val ; • for every r bx ∈ R bx , we have M , r ax ̸| = val ,where S ax = { s ax } and S bx = { s bx } , as required by (LSR).The definition of [ bx = ax + ] j is similar to [ ax < bx ] ij : ⊤∗ (cid:0) nom ( ax (cid:44) bx ) ∧ [ t ] lsr ( j − ) ∧ LS j ( ax , bx ) ∧ R ( ax , bx ) (cid:1) , where R ( ax , bx ) def = @ ax [ t ]( (cid:51) r ⇒ val )∧ @ bx [ t ]( (cid:51) r ⇒ ¬ val ) captures the last two conditions of (PLUS).To define uniq ( j ) and compl ( j ) , we rely on fork ij ( ax , bx ) , [ ax < bx ] ij and [ bx = ax + ] j . uniq ( j ) def = ¬ (cid:0) ⊤ ∗ ( fork j ( x , y ) ∧ [ x = y ] j ) (cid:1) compl ( j ) def = ¬ (cid:16) (cid:50) ⊥ ∗ (cid:16) [ t ]( type lsr ( j − ) ∧ (cid:51) y ) ∧ nom ( x )∧ @ x ¬ j ∧ ¬ (cid:0) ⊤ ∗ ( fork j ( x , y ) ∧ [ y = x + ] j ) (cid:1)(cid:17)(cid:17) , where j def = [ t ] val reflects the encoding of t ( j , n ) − j >
1. The main difference between compl ( ) and compl ( j ) ( j >
1) is that the conjunct [ t ] (cid:51) y of compl ( ) is replacedby [ t ]( type lsr ( j − ) ∧ (cid:51) y ) in compl ( j ) , as needed to cor-rectly evaluate fork j ( x , y ) . Indeed, the difference between fork ( x , y ) and fork j ( x , y ) is precisely that the latter re-quires [ t ] type lsr ( j − ) . The definition of type ( j ) is nowcomplete. We can state its correctness. Lemma 4.2.
Let M , w | = init ( j ) . We have M , w | = type ( j ) iff ( M , w ) satisfies (sub j ), (zero j ), (uniq j ), (compl j ) and (aux). The size of type ( j ) is exponential in j > n ≥
1. As its size is elementary, we can use this formulaas a starting point to reduce
Tile k . [ , t ( k , n ) − ] × [ , t ( k , n ) − ] Below, we briefly explain how to use previous developmentsto define a uniform reduction from
Tile k , for every k ≥ type ( j ) . Let k ≥ (TT , c ) be an instance of Tile k . We can construct a for-mula tiling TT , c ( k ) that is satisfiable if and only if (TT , c ) as a solution. To represent [ , t ( k , n ) − ] in some pointedforest ( M , w ) , where M = ( W , R , V ) , we recycle the ideas fordefining type ( k ) . From Lemma 4.2, we know that if M , w | = init ( k ) ∧ type ( k ) then the t -children of w encode the in-terval [ , t ( k , n ) − ] . A position in the grid is however apair of numbers, hence the crux of our encoding rests onthe fact that each w ′ ∈ R ( w ) encodes two numbers n H ( w ′ ) and n V ( w ′ ) . Similarly to type ( k ) , these numbers are repre-sented by the truth values on the t -children of w ′ , with thehelp of new propositions val H and val V . We are in luck:since both numbers are from [ , t ( k , n ) − ] , w ′ just needsas many children as when encoding a single number, andtherefore if M , w | = tiling TT , c ( k ) then M , w ′ | = type ( k − ) .In fact, the portion of tiling TT , c ( k ) that encodes the gridcan be described quite naturally by slightly updating thecharacterisation of type ( k ) . For example, (uniq j ) becomes (uniq TT , k ) for all distinct t -nodes w , w ∈ R ( w ) n H ( w ) (cid:44) n H ( w ) or n V ( w ) (cid:44) n V ( w ) . The formula uniq ( k ) has to be updated accordingly, but with-out major differences or complications. Of course, more isrequired as tiling TT , c ( k ) must also encode the tiling condi-tions (first) and (hor&vert). Fortunately, the kit of formulaedefined for type ( k ) allows us to have access to n H ( w ′ ) and n V ( w ′ ) in such a way that both conditions can be expressedrather easily. For example, to express vertical constraints, wedesign a formula stating that for all t -nodes w , w ∈ R ( w ) ,if n V ( w ) = n V ( w ) + n H ( w ) = n H ( w ) then there is ( c , c ) ∈ V such that w ∈ V ( c ) and w ∈ V ( c ) . Furtherdetails are omitted by lack of space. Theorem 4.3.
Sat ( ML (∗)) is Tower-complete. ML (∗) Strictly Less Expressive Than
GML
Below, we focus on the expressivity of ML (∗) . We first show ML (∗) ⪯ GML and then we prove the strictness of the inclu-sion. The former result takes advantage of the notion of g-bisimulation, i.e. the underlying structural indistinguishabil-ity relation of
GML , studied in [21]. To show ML (∗) ≺ GML ,we define an ad hoc notion of Ehrenfeucht-Fraïssé gamesfor ML (∗) , see e.g. classical definitions in [33] and similar odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany approaches in [14, 19]. Then, we design a simple formula in GML that cannot be expressed in ML (∗) . ML (∗) is not more expressive than GML
To establish that ML (∗) ⪯ GML , we proceed as in Section 3.1.In fact, by Lemma 2.2, given φ , φ in GML , the formula φ ∗ φ is equivalent to ( φ φ ) . Moreover, we know thatgiven φ , φ in GML , φ φ is equivalent to some formula in GML , as shown in Section 3. So, to prove that ML (∗) ⪯ GML by applying the proof schema of Theorem 3.2, it is sufficientto show that given φ in GML , there is ψ in GML such that φ ≡ ψ . To do so, we rely on the indistinguishability relationof GML , called g-bisimulation [21].A g-bisimulation is a refinement of the classical back-and-forth conditions of a bisimulation (see e.g. [9]), tailoredtowards capturing graded modalities. It relates models withsimilar structural properties, but up to parameters m , k ∈ N responsible for the modal degree and the graded rank, re-spectively. The following invariance result holds: g-bisimilarmodels are modally equivalent in GML (up to formulae ofmodal degree m and graded rank at most k ). For simplicity,we present the construction of the above-mentioned for-mula ψ by directly using the notion of model equivalence,without going explicitly through g-bisimulations.Given m , k ∈ N and P ⊆ fin AP, we write
GML [ m , k , P ] to denote the set of GML formulae ψ having md ( ψ ) ≤ m , gr ( ψ ) ≤ k and propositional variables from P . GML [ m , k , P ] is finite up to logical equivalence [21]. Given pointed forests ( M , w ) and ( M ′ , w ′ ) , we write ( M , w ) ≡ P m , k ( M ′ , w ′ ) when-ever ( M , w ) and ( M ′ , w ′ ) are GML [ m , k , P ] -indistinguishable ,i.e. for every ψ in GML [ m , k , P ] , M , w | = ψ iff M ′ , w ′ | = ψ .We write T P ( m , k ) to denote the quotient set induced by theequivalence relation ≡ P m , k . As GML [ m , k , P ] is finite up tological equivalence, we get that T P ( m , k ) is finite.To establish that GML is closed under , we show thatthere is a function f : N → N such that for all m , k ∈ N and P ⊆ fin AP, if two models are in the same equivalence classof ≡ P m , f ( m , k ) , then they satisfy the same formulae of the form φ , where φ is in GML [ m , k , P ] . By standard arguments andusing the fact that GML [ m , f ( m , k ) , P ] is finite up to logicalequivalence, we then conclude that φ is equivalent to aformula in GML [ m , f ( m , k ) , P ] . Similar approaches are fol-lowed in [23, 24, 36]. As we are not interested in the size ofthe equivalent formula, we can simply use the cardinality of T P ( m , k ) in order to inductively define a suitable function: f ( , k ) def = k , f ( m + , k ) def = k × (|T P ( m , f ( m , k ))| + ) .In conformity with the results in Section 4, the map f canbe shown to be a non-elementary function. To prove that f satisfies the required properties, we start by showing atechnical lemma which essentially formalises a simulationargument on the relation ≡ P m , f ( m , k ) with respect to the sub-model relation. By taking submodels as with the operator,equivalence in GML is preserved.
Lemma 5.1.
Let ( M , w ) ≡ P m , f ( m , k ) ( M ′ , w ′ ) where m , k ∈ N , P ⊆ fin AP , M = ( W , R , V ) and M ′ = ( W ′ , R ′ , V ′ ) . Let R ⊆ R .There is R ′ ⊆ R ′ s.t. (( W , R , V ) , w ) ≡ P m , k (( W ′ , R ′ , V ′ ) , w ′ ) and if R ( w ) = R ( w ) , then R ′ ( w ′ ) = R ′ ( w ′ ) . The proof of Lemma 5.1 is by induction on m . The lastcondition about R ( w ) = R ( w ) will serve in the proof ofLemma 5.2, as it allows us to capture the semantics of , bypreserving the children of the world w ′ . In the proof, werely on the properties of g-bisimulations [21] to define abinary relation ↔ between worlds of R ( w ) and R ′ ( w ′ ) . Every w ↔ w ′ is such that ( M , w ) ≡ P m − , f ( m − , k ) ( M ′ , w ′ ) . Theoperator does not necessarily preserve the children of w and w ′ , so that the induction hypothesis, naturally definedfrom the statement of Lemma 5.1, is applied on models wherethe condition R ( w ) = R ( w ) may not hold. We show thatfor all R ⊆ R , it is possible to construct R ′ ⊆ R ′ such that, forall w ↔ w ′ , (( W , R , V ) , w ) ≡ P m − , k (( W ′ , R ′ , V ′ ) , w ′ ) . Theresult is then lifted to (( W , R , V ) , w ) ≡ P m , k (( W ′ , R ′ , V ′ ) , w ′ ) ,again thanks to the properties of the g-bisimulation.Intuitively, Lemma 5.1 states that given two models satis-fying the same formulae up to the parameters m and f ( m , k ) ,we can extract submodels satisfying the same formulae up to m and k (reduced graded rank). This allows us to concludethat if φ is in GML , there is some
GML formula equivalentto φ (Lemma 5.2). In other words, the operator can beeliminated to obtain a GML formula. This, together withLemma 2.2 and Theorem 3.2 entail ML (∗) ⪯ GML . Lemma 5.2.
For every φ ∈ GML [ m , k , P ] there is a formula ψ ∈ GML [ m , f ( m , k ) , P ] such that φ ≡ ψ . ML (∗) ≺ GML with EF games for ML (∗) We tackle the problem of showing that ML (∗) is strictlyless expressive than GML . To do so, we adapt the notionof Ehrenfeucht-Fraïssé games (EF games, in short) [33] to ML (∗) , and use it to design a GML formula that is not ex-pressible in ML (∗) . We write ML (∗)[ m , s , P ] for the set offormulae φ of ML (∗) having md ( φ ) ≤ m , at most s nested ∗ ,and atomic propositions from P ⊆ fin AP. It is easy to see that ML (∗)[ m , s , P ] is finite up to logical equivalence.We introduce the EF games for ML (∗) . A game is playedbetween two players: the spoiler and the duplicator . A gamestate is a triple made of two pointed forests ( M , w ) and ( M ′ , w ′ ) and a rank ( m , s , P ) , where m , s ∈ N and P ⊆ fin AP.The goal of the spoiler is to show that the two models aredifferent. The goal of the duplicator is to counter the spoilerand to show that the two models are similar. Two models aredifferent whenever there is φ ∈ ML (∗)[ m , s , P ] that is satis-fied by only one of the two models. The EF games for ML (∗) are formally defined in Figure 1. The exact correspondencebetween the game and the logic is formalised in Lemma 5.3.Using the standard definitions in [33], the duplicator hasa winning strategy for the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Game on [ ( M = ( W , R , V ) , w ) , ( M = ( W , R , V ) , w ) , ( m , s , P ) ] .if there is p ∈ P s.t. w ∈ V ( p ) iff w (cid:60) V ( p ) then the spoiler wins. else the spoiler chooses i ∈ { , } and plays on M i . The duplicator replieson M j where j (cid:44) i . The spoiler must choose one of the following moves,otherwise the duplicator wins: modal move : if m ≥ R i ( w i ) (cid:44) ∅ then the spoiler can choose toplay a modal move by selecting an element w ′ i ∈ R i ( w i ) . Then, • the duplicator must reply with a w ′ j ∈ R j ( w j ) (else, the spoiler wins); • the game continues on [ ( M , w ′ ) , ( M , w ′ ) , ( m − , s , P ) ]. spatial move : if s ≥ can choose to play a spatial moveby selecting two finite forests M i and M i s.t. M i + M i = M i . Then, • the duplicator replies with two forests M j and M j s.t. M j + M j = M j ; • The game continues on [ ( M k , w ) , ( M k , w ) , ( m , s − , P ) ], where k ∈ { , } is chosen by the spoiler. Figure 1.
Ehrenfeucht-Fraïssé games for ML (∗) if she can play in a way that guarantees her to win regard-less how the spoiler plays. When this is the case, we write ( M , w ) ≈ P m , s ( M ′ , w ′ ) . Similarly, the spoiler has a winningstrategy , written ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) , if he can play in a waythat guarantees him to win, regardless how the duplicatorplays. Lemma 5.3 guarantees that the games are well-defined. Lemma 5.3. ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) iff there is a formula φ in ML (∗)[ m , s , P ] such that M , w | = φ and M ′ , w ′ ̸| = φ . Lemma 5.3 is proven with standard arguments from [33],for instance the left-to-right direction, i.e. the completeness ofthe game , is by induction on the rank ( m , s , P ) . Thanks to theEF games, we are able to find a GML formula φ that is notexpressible in ML (∗) . By Lemma 2.1 and as ML ( ) ≈ GML ,such a formula is necessarily of modal degree at least 2.Happily, φ = (cid:51) = (cid:51) = ⊤ does the job and cannot be ex-pressed in ML (∗) . For the proof, we show that for every rank ( m , s , P ) , there are two structures ( M , w ) and ( M ′ , w ′ ) suchthat ( M , w ) ≈ P m , s ( M ′ , w ′ ) , M , w | = φ and M ′ , w ′ ̸| = φ . Theinexpressibility of φ then stems from Lemma 5.3. The twostructures are represented below ( ( M , w ) on the left). w . . . . . . ≥ s + ≥ s − ( s + )( s + ) + ≈ P m , s w ′ . . . . . . ≥ s + ≥ s − ( s + )( s + ) + In the following, we say that a world has type i if it has i children. As one can see in the figure above, children of thecurrent worlds w and w ′ are of three types: 0, 1 or 2. Whenthe spoiler performs a spatial move in the game, a world oftype i can take, in the submodels, a type between 0 and i .That is, the number of children of a world weakly monotoni-cally decreases when taking submodels. This monotonicity,together with the finiteness of the game, lead to bounds onthe number of children of each type, over which the duplica-tor is guaranteed to win. For instance, the bound for worldsof type 2 is given by the value 2 s ( s + )( s + ) , where s is thenumber of spatial moves in the game. In the two presented pointed forests, one child of type 0 and one of type 2 areadded with respect to these bounds, so that the duplicatorcan make up for the different numbers of children of type 1. Lemma 5.4. ML (∗) cannot characterise the class of modelssatisfying the GML formula (cid:51) = (cid:51) = ⊤ . Notice that ML (∗) is more expressive than ML .Indeed, the formula (cid:51) ⊤ ∗ (cid:51) ⊤ distinguishesthe two models on the right, which are bisim-ilar and hence indistinguishable in ML [48]. (cid:48) By ML (∗) ⪯ GML , Lemma 5.4 and Theorem 3.2, we conclude.
Theorem 5.5. ML ≺ ML (∗) ≺ GML ≈ ML ( ) . ML ( ) , ML (∗) and Sister Logics Below, we show how our new results on ML ( ) and ML (∗) allow us to make substantial contributions for sister logics. Static ambient logic (
SAL ) is a formalism proposed to reasonabout spatial properties of concurrent processes specified inthe ambient calculus [16]. In [13], the satisfiability and valid-ity problems for a very expressive fragment of
SAL are shownto be decidable and conjectured to be in PSpace (see [13,Section 6]). We invalidate this conjecture by showing thatthe intensional fragment of
SAL (see [34]), herein denoted
SAL ( ) , is already AExp
Pol -complete. More precisely, we de-sign semantically faithful reductions between Sat( ML ( ) )and Sat( SAL ( ) ) (in both directions), leading to the above-mentioned result by Corollary 3.8.
SAL ( ) formulae are from φ : = ⊤ | | n [ φ ] | φ ∧ φ | ¬ φ | φ φ ,where n ∈ AP is an ambient name . Historically, the semanticsof
SAL is given on a class of syntactically defined finite trees.However, this class of models is isomorphic to the classof finite trees M = ( W , R , V ) , such that each world in W satisfies exactly one atomic proposition (its ambient name).Then, the satisfaction relation | = for SAL ( ) is standard for ⊤ and Boolean connectives, φ φ is as in ML ( ) , and otherwise M , w | = ⇔ R ( w ) = ∅ ; M , w | = n [ φ ] ⇔ there is w ′ ∈ W such that R ( w ) = { w ′ } , w ′ ∈ V ( n ) and M , w ′ | = φ . With such a presentation,
SAL ( ) is a fragment of ML ( ) ,where and n [ φ ] correspond to (cid:50) ⊥ and (cid:51) = ⊤ ∧ (cid:51) ( n ∧ φ ) ,respectively. However, to reduce Sat ( SAL ( )) to Sat ( ML ( )) ,we must deal with the constraint on V (uniqueness of theambient name). Let φ be in SAL ( ) written with the ambientnames in N = { n , . . . , n m } . It is known (see [13, Lemma 8])that if φ is satisfiable, then it can be satisfied by a tree havingambient names from N ∪ { n } , where n is a fresh name. Thus,we can show that φ is satisfiable iff so is the ML ( ) formula φ ∧ ⊞ md ( φ ) ( (cid:212) n ∈ N ∪{ n } ( n ∧ (cid:211) n ′ ∈( N ∪{ n })\{ n } ¬ n ′ )) , where the right conjunct states that V , restricted to the propo-sitions in N ∪ { n } , forms a partition of the worlds reachablefrom the current one in at most md ( φ ) steps. odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Reducing Sat ( ML ( )) to Sat ( SAL ( )) requires a bit morework. Let M = ( W , R , V ) be a finite forest and w ∈ W .Assume we want to check the satisfiability status of φ in ML ( ) having atomic propositions from P = { p , . . . , p m } and with n occurrences of . We encode ( M , w ) into a model ( M ′ = ( W ′ , R ′ , V ′ ) , w ) of SAL ( ) as follows. Let rel and ap be two ambient names not in P . The ambient name rel en-codes the relation R whereas ap can be seen as a container forpropositional variables holding on the current world. (i) Werequire W ⊆ W ′ , R ⊆ R ′ and (cid:208) i ∈[ , md ( φ )] R i ( w ) ⊆ V ′ ( rel ) ,i.e., every world reachable from w in at most md ( φ ) steps hasthe ambient name rel . Let w ′ be one of these worlds and sup-pose that { p | w ′ ∈ V ( p )} ∩ P = { q , . . . , q l } . (ii) We require W ′ to contain n + w ′ , . . . , w ′ n + ∈ R ′ ( w ′ ) \ R ( w ′ ) , allhaving ambient name ap . These worlds encode copies of w ′ ’svaluation, similarly to what is done in Section 3.2 to encodeteams from PL[~]. (iii) For all j ∈ [ , n + ] , R ′ ( w ′ j ) contains l worlds, all satisfying and a distinct ambient name from { q , . . . , q l } . Below we schematise the encoding (w.r.t. w ′ ). w ′{ q , . . . , q l } w . . . w k ⇝ w ′ rel w k rel ap q q l ap q q l . . . n + . . . times w rel . . .. . .. . . Let n ∈ AP. We define the modality ⟨ n ⟩ φ def = n [ φ ] ⊤ and itsdual [ n ] φ def = ¬⟨ n ⟩¬ φ . We write ∀ [ n ] for ¬((¬ ∧ ¬ n [⊤]) ⊤) ,so that ( M , w ) | = ∀ [ n ] whenever every child of w has theambient name n . Moreover, [ ≥ ] def = ⊤ and [ ≥ β + ] def = ¬ [ ≥ β ] , so that ( M , w ) | = [ ≥ β ] whenever w has at least β children. Lastly, [ = β ] def = [ ≥ β ]∧¬[ ≥ β + ] . The modelsof SAL ( ) encoding models of ML ( ) are characterised by C φ def = (cid:219) j ∈[ , md ( φ )] [ rel ] j (cid:16) ∀ [ rel ] (cid:0) ∀ [ ap ] ∧ [ = n + ] ∧ [ ap ] (cid:0) ( p [ ]∨ ) . . . ( p m [ ]∨ ) (cid:1) ∧ (cid:211) i ∈[ , m ] (⟨ ap ⟩⟨ p i ⟩⊤ ⇒ [ ap ]⟨ p i ⟩⊤) (cid:1)(cid:17) . Lastly, we define the translation of φ , written τ ( φ ) , into SAL ( ) . It is homomorphic for Boolean connectives and ⊤ , τ ( p ) def = ⟨ ap ⟩⟨ p ⟩⊤ and otherwise it is inductively defined: τ ( (cid:51) ψ ) def = ⟨ rel ⟩ τ ( ψ ) ; τ ( ψ ψ ) def = (cid:0) τ ( ψ ) ∧ ⟨ ap ⟩ ≥ j ⊤ (cid:1) (cid:0) τ ( ψ ) ∧ ⟨ ap ⟩ ≥ k ⊤ (cid:1) , where in τ ( ψ ψ ) , j (resp. k ) is the number of occurrences ofin ψ (resp. ψ ) plus one and ⟨ ap ⟩ ≥ α ⊤ def = ( ∀ [ ap ] ∧ [ = α ]) ⊤ .We show that φ is satisfiable in ML ( ) iff C φ ∧ τ ( φ ) issatisfiable in SAL ( ) , leading to the following results aboutthe complexity of static ambient logics.
Corollary 6.1.
Sat(
SAL ( ) ) is AExp Pol -complete.
Sat(
SAL ) with SAL from [13] is AExp
Pol -hard.
The family of modal separation logics ( MSL ), combining sep-arating and modal connectives, has been recently introducedin [22]. Its models, inspired from the memory states used in separation logic (see also [18]), are Kripke-style structures M = ( W , R , V ) , where W = N and R ⊆ W × W is finite andfunctional. Hence, unlike finite forests, M may have loops.Among the fragments studied in [22], the modal separa-tion logic MSL (∗ , (cid:51) − ) was left with a huge complexity gap(between PSpace and Tower). Its formulae are defined from φ : = p | (cid:51) − φ | φ ∧ φ | ¬ φ | φ ∗ φ .The satisfaction relation is as in ML (∗) for p ∈ AP, Booleanconnectives and φ ∗ φ , otherwise M , w | = (cid:51) − φ ⇔ ∃ w ′ s.t. ( w ′ , w ) ∈ R and M , w ′ | = φ . Since
MSL (∗ , (cid:51) − ) is interpreted over a finite and functionalrelation, (cid:51) − effectively works as the (cid:51) modality of ML (∗) .Then, assume we want to check the satisfiability of φ in ML (∗) by relying on an algorithm for Sat ( MSL (∗ , (cid:51) − )) . Wesimply need to consider the formula φ [ (cid:51) ← (cid:51) − ] obtainedfrom φ by replacing every occurrence of (cid:51) by (cid:51) − , and checkif it can be satisfied by a locally acyclic model ( M , w ) of MSL ,i.e. one where w does not belong to a loop of length ≤ md ( φ ) .Local acyclicity can be enforced by the formula locacycl def = r ∧ (cid:211) i ∈[ , md ( φ )] ( (cid:50) − ) i ¬ r ,where r ∈ AP is fresh. Then, φ in ML (∗) is satisfiable iff φ [ (cid:51) ← (cid:51) − ]∧ locacycl in MSL (∗ , (cid:51) − ) is satisfiable. Hence,the results in Section 4 allow us to close the complexity gap. Corollary 6.2.
Sat ( MSL (∗ , (cid:51) − )) is Tower-complete. We have studied and compared ML ( ) and ML (∗) , two modallogics interpreted on finite forests and featuring compositionoperators. We have not only characterised the expressivepower and the complexity for both logics, but also identi-fied remarkable differences and export our results to otherlogics. ML ( ) is shown as expressive as GML , and its satis-fiability problem is found to be AExp
Pol -complete. Besidesthe obvious similarities between ML ( ) and ML (∗) , these re-sults are counter-intuitive: though the logic ML (∗) is strictlyless expressive than GML (and consequently, than ML ( ) ),Sat( ML (∗) ) is Tower-complete. We also recalled that thereare logspace reductions from ML (∗) and ML ( ) to the second-order modal logic QK t from [7].Our proof techniques go beyond what is known in the lit-erature. For instance, to design the Tower-hardness proof weneeded substantial modifications from the proof introducedin [7] for QK t . On the other hand, to show the expressiv-ity inclusion of ML (∗) within GML , we provided a noveldefinition of Ehrenfeucht-Fraïssé games for ML (∗) .Lastly, our framework led to the characterisation of thesatisfiability problems for two sister logics . We proved thatthe satisfiability problem for the modal separation logic MSL (∗ , (cid:51) − ) is Tower-complete [22]. Moreover, the satisfia-bility problem for the static ambient logic SAL ( ) is AExp
Pol -complete, solving open problems from [13, 22] and pavingthe way to study the complexity of the full
SAL . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Acknowledgements
We would like to thank the anonymous reviewers for theircomments and suggestions that helped us to improve thequality of the document. B. Bednarczyk is supported by thePolish Ministry of Science and Higher Education program“Diamentowy Grant” no. DI2017 006447. S. Demri and A. Man-sutti are supported by the Centre National de la RechercheScientifique (CNRS). R. Fervari is supported by ANPCyT-PICTs-2017-1130 and 2016-0215, and by the Laboratoire In-ternational Associé SINFIN.
References [1] C. Areces, R. Fervari, and G. Hoffmann. 2012. Moving Arrows and FourModel Checking Results. In
WoLLIC’12 (LNCS) , Vol. 7456. Springer,142–153.[2] C. Areces, R. Fervari, and G. Hoffmann. 2015. Relation-changing modaloperators.
Logic Journal of the IGPL
23, 4 (2015), 601–627.[3] G. Aucher, Ph. Balbiani, L. Fariñas del Cerro, and A. Herzig. 2009.Global and Local Graph Modifiers.
Electronic Notes in TheoreticalComputer Science
231 (2009), 293–307.[4] G. Aucher, J. van Benthem, and D. Grossi. 2018. Modal logics ofsabotage revisited.
JLC
28, 2 (2018), 269–303.[5] Ph. Balbiani, A. Baltag, H. van Ditmarsch, A. Herzig, T. Hoshi, andT. De Lima. 2008. ’Knowable’ as ’known after an announcement’.
Review on Symbolic Logic
1, 3 (2008), 305–334.[6] M. Fattorosi Barnaba and F. De Caro. 1985. Graded Modalities.
StudiaLogica
44, 2 (1985), 197–221.[7] B. Bednarczyk and S. Demri. 2019. Why Propositional QuantificationMakes Modal Logics on Trees Robustly Hard?. In
LiCS’19 . IEEE, 1–13.[8] B. Bednarczyk, S. Demri, R. Fervari, and A. Mansutti. 2020. Modal Log-ics with Composition on Finite Forests: Expressivity and Complexity.In
LiCS ’20 . ACM, 167–180.[9] P. Blackburn, M. de Rijke, and Y. Venema. 2001.
Modal Logic . CambridgeUniversity Press.[10] I. Boneva, J.-M. Talbot, and S. Tison. 2005. Expressiveness of a SpatialLogic for Trees. In
LiCS’05 . IEEE Computer Society, 280–289.[11] L. Bozzelli, A. Molinari, A. Montanari, and A. Peron. 2017. On the Com-plexity of Model Checking for Syntactically Maximal Fragments of theInterval Temporal Logic HS with Regular Expressions. In
GandALF’17(EPTCS) , Vol. 256. 31–45.[12] L. Bozzelli, H. van Ditmarsch, and S. Pinchinat. 2015. The complexityof one-agent refinement modal logic.
TCS
603 (2015), 58–83.[13] C. Calcagno, L. Cardelli, and A.D. Gordon. 2003. Deciding validity ina spatial logic for trees. In
TLDI’03 . ACM, 62–73.[14] C. Calcagno, T. Dinsdale-Young, and Ph. Gardner. 2010. Adjunctelimination in Context Logic for trees.
Inf. Comput.
POPL’05 . 271–282.[16] L. Cardelli and A.D. Gordon. 2001. Formal Methods for DistributedProcessing. Cambridge University Press, New York, NY, USA, ChapterMobile Ambients, 198–229.[17] D. Cooper. 1972. Theorem proving in arithmetic without multiplication.
Machine Learning
JLC
28, 4 (2018), 733–778.[19] A. Dawar, Ph. Gardner, and G. Ghelli. 2004. Adjunct EliminationThrough Games in Static Ambient Logic. In
FST&TCS’04 (LNCS) ,Vol. 3328. Springer, 211–223.[20] A. Dawar, Ph. Gardner, and G. Ghelli. 2007. Expressiveness and com-plexity of graph logic.
I&C
Studia Logica
64, 2(2000), 271–283.[22] S. Demri and R. Fervari. 2019. The power of modal separation logics.
JLC
29, 8 (2019), 1139–1184.[23] S. Demri, R. Fervari, and A. Mansutti. 2019. Axiomatising Logics withSeparating Conjunction and Modalities. In
JELIA’19 (LNAI) , Vol. 11468.Springer, 692–708.[24] M. Echenim, R. Iosif, and N. Peltier. 2019. The Bernays-Schönfinkel-Ramsey Class of Separation Logic on Arbitrary Domains. In
FoSSaCS’19(LNCS) , Vol. 11425. Springer, 242–259.[25] K. Fine. 1970. Propositional quantifiers in modal logic.
Theoria
Mathematical. Structures in Comp. Sci.
15, 6 (Dec.2005), 1033–1088.[27] Ch. Haase. 2018. A survival guide to Presburger arithmetic.
SIGLOGNews
5, 3 (2018), 67–82.[28] M. Hannula, J. Kontinen, J. Virtema, and H. Vollmer. 2018. Complexityof Propositional Logics in Team Semantic.
ACM ToCL
19, 1 (2018),2:1–2:14.[29] M. Hennessy and R. Milner. 1980. On Observing Nondeterminism andConcurrency. In
ICALP (LNCS) , Vol. 85. Springer, 299–309.[30] S. Ishtiaq and P. O’Hearn. 2001. BI as an assertion language for mutabledata structures. In
POPL’01 . 14–26.[31] R. Ladner. 1977. The computational complexity of provability in sys-tems of modal propositional logic.
SIAM Journal of Computing
6, 3(1977), 467–480.[32] F. Laroussinie and N. Markey. 2014. Quantified CTL: Expressivenessand Complexity.
LMCS
10, 4:17 (2014).[33] L. Libkin. 2004.
Elements of Finite Model Theory . Springer.[34] É. Lozes. 2004. Adjuncts elimination in the static ambient logic.
Elec-tronic Notes in Theoretical Computer Science
96 (2004), 51–72.[35] C. Lutz. 2006. Complexity and succinctness of public announcementlogic. In
AAMAS’06 . ACM, 137–143.[36] A. Mansutti. 2018. Extending Propositional Separation Logic for Ro-bustness Properties. In
FSTTCS (LIPIcs) , Vol. 122. Schloss Dagstuhl -Leibniz-Zentrum fuer Informatik, 42:1–42:23.[37] P.W. O’Hearn, J.C. Reynolds, and H. Yang. 2001. Local Reasoningabout Programs that Alter Data Structures. In
CSL’01 (LNCS) , Vol. 2142.Springer, 1–19.[38] C. H. Papadimitriou. 1994.
Computational complexity.
Addison-Wesley.I–XV, 1–523 pages.[39] J. Plaza. 1989. Logics of public communication. In
ISMIS’89, Charlotte,North Carolina, USA .[40] M. Presburger. 1929. Über die Vollständigkeit eines gewissen Systemsder Arithmetik ganzer Zahlen, in welchem die Addition als einzigeOperation hervortritt. In
Comptes Rendus du premier congrès de mathé-maticiens des Pays Slaves, Warszawa . 92–101.[41] D. Pym. 2002.
The semantics and proof theory of the logic of bunchedimplications . Applied Logic, Vol. 26. Kluwer Academic Publishers.[42] M. Rabin. 1969. Decidability of second-order theories and automataon infinite trees.
Trans. Amer. Math. Soc.
41 (1969), 1–35.[43] C. Reddy and W. Loveland. 1978. Presburger arithmetic with boundedquantifier alternation. In
STOC’78 . ACM press, 320–325.[44] J.C. Reynolds. 2002. Separation logic: a logic for shared mutable datastructures. In
LiCS’02 . IEEE, 55–74.[45] S. Schmitz. 2016. Complexity Hierarchies beyond Elementary.
TOCT
8, 1 (2016), 3:1–3:36.[46] L. Schröder and D. Pattinson. 2006. PSPACE bounds for rank-1 modallogics. In
LiCS’06 . IEEE, 231–240.[47] S. Tobies. 2001. PSPACE Reasoning for Graded Modal Logics.
JLC
Modal Correspondence Theory . Ph.D. Dissertation.University of Amsterdam. odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany [49] M. Vardi and P. Wolper. 1986. Automata-theoretic techniques formodal logics of programs.
JCSS
32 (1986), 183–221.[50] M. Vardi and P. Wolper. 1994. Reasoning about Infinite Computations.
I&C
115 (1994), 1–37.
ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
ContentsAbstract 11 Introduction 12 Preliminaries 23 ML ( ) : Expressiveness and Complexity 43.1 ML ( ) is not more expressive than GML
Pol -completeness 54 ML (∗) is Tower-complete 64.1 Enforcing t ( j , n ) children. 74.2 Tiling a grid [ , t ( k , n ) − ] × [ , t ( k , n ) − ] ML (∗) Strictly Less Expressive Than
GML ML (∗) is not more expressive than GML ML (∗) ≺ GML with EF games for ML (∗) ML ( ) , ML (∗) and Sister Logics 126.1 Static ambient logic 126.2 Modal separation logic 137 Conclusion 13References 14Contents 16A Proofs of Section 2 17A.1 Proof of Lemma 2.1 18A.2 Proof of Lemma 2.2 18B Proofs of Section 3 18B.1 Proof of Lemma 3.1 18B.2 Proof of Theorem 3.2 21B.3 GML is closed under the operator 21B.4 Proof of Lemma 3.3 22B.5 Proof of Lemma 3.4 22B.6 Proof of Lemma 3.5 23B.7 Proof of Lemma 3.7 24C Proofs of Section 4 25C.1 Correctness of init ( j ) , nom i ( ax ) , @ i ax φ and nom i ( ax (cid:44) bx ) type ( j ) i = j / j =
1: Correctness of fork jj ( ax , bx ) , [ ax < bx ] jj and [ bx = ax + ] i = j / j =
1: Correctness of uniq ( ) and compl ( ) type ( ) ≤ i < j : Correctness of fork ij ( ax , bx ) , lsr ( j ) , [ ax < bx ] ij and [ bx = ax + ] j ≤ i < j : Correctness of uniq ( j ) and compl ( j ) ML (∗) ⪯ GML ML (∗)[ m , s , P ] is finite up to logical equivalence 45D.5 Characteristic formulae 45D.6 Proof of Lemma 5.3 46D.7 Proof of Lemma 5.4 47E Proofs of Section 6 54E.1 Definitions and Proofs of Section 6.1 (Static Ambient Logic) 54 odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany E.2 Proofs of Section 6.2 (Modal Separation Logic) 61
A Proofs of Section 2
We start this appendix by showing a classical property of ML and GML which carries over to ML (∗) and ML ( ) . Let M = ( W , R , V ) be a finite forest and w ∈ W . We introduce the notation R | ≤ nw def = {( w ′ , w ′′ ) ∈ R | w ′ ∈ R i ( w ) for some i ∈ [ , n − ]} .Informally, R | ≤ nw is the maximal subset of R encoding exactly a subtree rooted at w having only paths of length at most n . Wedenote with R | w the set {( w ′ , w ′′ ) ∈ R | w ′ ⊆ R ∗ ( w )} , i.e. the maximal subset of R encoding exactly a subtree rooted at w .Alternatively, R | w = (cid:208) n ∈ N R | ≤ nw . Lemma A.1.
Let n ∈ N and φ be a formula of ML ( ) or ML (∗) such that md ( φ ) ≤ n . Let M = ( W , R , V ) be a finite forest and w ∈ W . M , w | = φ if and only if ( W , R | ≤ nw , V ) , w | = φ .Proof. The proof is by structural induction on φ . As this is the first proof by structural induction of the appendix, we depictalso the trivial cases for ∧ and ¬ . In later proofs, these cases will be omitted (when straightforward) in order to shorten thepresentation. Every case but the ones for and ∗ are from the analogous lemma for ML . Base case: φ = p . This formula only depends on w and V , hence the statement of the lemma trivially holds for these formulae. Induction case: φ = ¬ ψ . The statements below are equivalent. • M , w | = ¬ ψ • M , w ̸| = ψ (by definition of | = ) • ( W , R | ≤ nw , V ) , w ̸| = ψ (by the induction hypothesis, as md ( ψ ) = md (¬ ψ ) ≤ n ) • ( W , R | ≤ nw , V ) , w | = ¬ ψ (by definition of | = ). Induction case: φ = ψ ∧ χ . The statements below are equivalent. • M , w | = ψ ∧ χ • M , w | = ψ and M , w | = χ (by definition of | = ) • ( W , R | ≤ nw , V ) , w | = ψ and ( W , R ′ , V ) , w | = χ (by the induction hypothesis, as max ( md ( ψ ) , md ( χ )) = md ( ψ ∧ χ ) ≤ n ) • ( W , R | ≤ nw , V ) , w | = ψ ∧ χ (by definition of | = ). Induction case: φ = (cid:51) ψ . The statements below are equivalent. • M , w | = (cid:51) ψ • there is w ∈ R ( w ) such that M , w | = ψ (by definition of | = ) • there is w ∈ R ( w ) such that ( W , R | ≤ n − w , V ) , w | = ψ (by the induction hypothesis, as md ( ψ ) = md ( (cid:51) ψ ) − ≤ n − • there is w ∈ R ( w ) such that ( W , R | ≤ n − w ∪ {( w , w )} , V ) , w | = (cid:51) ψ (by definition of | = and by recalling that our modelsare forests). • ( W , R | ≤ nw , V ) , w | = (cid:51) ψ (since {( w ′ , w ′′ ) ∈ R | ≤ nw | w ′ ∈ R ∗ ( w )} = R | ≤ n − w ). Induction case: φ = ψ χ . The statements below are equivalent. • M , w | = ψ χ • there are M = ( W , R , V ) and M = ( W , R , V ) such that M + w M = M , M , w | = ψ and M , w | = χ (by definition of | = ) • there are M = ( W , R , V ) and M = ( W , R , V ) s.t. M + w M = M , ( W , R | ≤ nw , V ) , w | = ψ and ( W , R | ≤ nw , V ) , w | = χ (by the induction hypothesis, as max ( md ( ψ ) , md ( χ )) = md ( ψ χ ) ≤ n ) • ( W , R | ≤ nw , V ) , w | = ψ χ (by definition of | = and as R | ≤ nw = R | ≤ nw ∪ R | ≤ nw ). Induction case: φ = ψ ∗ χ . The statements below are equivalent. • M , w | = ψ ∗ χ • there are M = ( W , R , V ) and M = ( W , R , V ) such that M + M = M , M , w | = ψ and M , w | = χ (by definition of | = ) • there are M = ( W , R , V ) and M = ( W , R , V ) s.t. M + M = M , ( W , R | ≤ nw , V ) , w | = ψ and ( W , R | ≤ nw , V ) , w | = χ (by the induction hypothesis, as max ( md ( ψ ) , md ( χ )) = md ( ψ χ ) ≤ n ) ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti • there are M = ( W , R , V ) and M = ( W , R , V ) such that M + M = M , ( W , R ′ , V ) , w | = ψ and ( W , R ′ , V ) , w | = χ where for every j ∈ { , } R ′ j def = R j ∩ R | ≤ nw (again by the induction hypothesis, right to left direction, as R ′ j | ≤ nw = R j | ≤ nw ) • iff ( W , R | ≤ nw , V ) , w | = ψ ∗ χ (by definition of | = and as R | ≤ nw = R ′ | ≤ nw ∪ R ′ | ≤ nw ). □ A.1 Proof of Lemma 2.1
Proof.
Let M = ( W , R , V ) be a finite forest and w ∈ W . Notice that if md ( φ ) is at most 1, by Lemma A.1 the satisfaction of φ only depends on the set of worlds { w } ∪ R ( w ) . More precisely, M , w | = φ iff ( W , R | ≤ w , V ) , w | = φ . The same holds for formulaein ML (∗) . Similarly, ψ def = φ [ ← ∗] (as in the statement) has modal degree at most 1 and again by Lemma A.1 we have M , w | = ψ iff ( W , R | ≤ w , V ) , w | = ψ . To conclude the proof it is sufficient then to prove the following: ( W , R | ≤ w , V ) , w | = φ iff ( W , R | ≤ w , V ) , w | = ψ .Notice that this result already trivially holds for md ( φ ) =
0. Indeed, in this case the satisfaction of φ and ψ only depends on thesatisfaction of propositional variables on the current world w and therefore not at all on the accessibility relation. Instead, theproof for md ( φ ) = ( W , R | ≤ w , V ) , w | = φ φ iff ( W , R | ≤ w , V ) , w | = φ ∗ φ .depicted as follows. The statements below are equivalent. • ( W , R | ≤ w , V ) , w | = ψ χ • there are M = ( W , R , V ) and M = ( W , R , V ) s.t. M + w M = ( W , R | ≤ w , V ) , M , w | = ψ and M , w | = χ (by definitionof | = ) • there are disjoint R and R such that R ∪ R = R | ≤ w , ( W , R , V ) , w | = ψ and ( W , R , V ) , w | = χ (by definition of + w , as R | ≤ w = { w } × R ( w ) ) • there are M = ( W , R , V ) and M = ( W , R , V ) s.t. M + M = ( W , R | ≤ w , V ) , M , w | = ψ and M , w | = χ (by definition of + ) • ( W , R | ≤ w , V ) , w | = ψ ∗ χ (by definition of | = ). □ A.2 Proof of Lemma 2.2
Proof.
Let M = ( W , R , V ) be a finite forest and w ∈ W .For the left to right direction, suppose M , w | = φ ∗ ψ . Then, by definition of | = , there are M = ( W , R , V ) and M = ( W , R , V ) such that M + M = M , M , w | = φ and M , w | = ψ . By Lemma A.1 we can easily conclude that ( W , R | w , V ) , w | = φ and ( W , R | w , V ) , w | = ψ , where R | w def = {( w ′ , w ′′ ) ∈ R | w ′ ∈ R ∗ ( w )} . Indeed, this holds as by definition, for every n ∈ N , ( R | w )| ≤ nw = R | ≤ nw . Now, consider the model (cid:98) M = ( W , R | w ∪ R | w , V ) . It is easy to see that ( W , R | w , V ) and ( W , R | w , V ) are suchthat ( W , R | w , V ) + w ( W , R | w , V ) = (cid:98) M . Hence (cid:98) M , w | = φ ψ . Moreover by definition R | w ∪ R | w ⊆ R and ( R | w ∪ R | w )( w ) = R ( w ) .We conclude that M , w | = ( φ ψ ) .For the right to left direction, suppose M , w | = ( φ ψ ) . Then by definition of | = there is a model (cid:98) M = ( W , (cid:98) R , V ) such that (cid:98) R ⊆ R , (cid:98) R ( w ) = R ( w ) and (cid:98) M , w | = φ ψ . Again by definition of | = , there are M = ( W , R , V ) and M = ( W , R , V ) such that M + w M = (cid:98) M and M , w | = φ and M , w | = ψ . Consider now the set R = R \ (cid:98) R . We define: R ′ def = R ∪ {( w ′ , w ′′ ) ∈ R | w ′ (cid:60) R ∗ ( w )} R ′ def = R ∪ ( R \ R ′ ) By definition, it is easy to see that R ′ | w = R | w and R ′ | w = R | w . Moreover, R ′ ∩ R ′ = ∅ and R ′ ∪ R ′ = R . Hence, again by usingLemma A.1 we can easily conclude that ( W , R ′ , V ) , w | = φ and ( W , R ′ , V ) , w | = ψ . From the properties of R ′ and R ′ expressedabove, we obtain M , w | = φ ∗ ψ . □ B Proofs of Section 3
B.1 Proof of Lemma 3.1
Before proving Lemma 3.1, we establish the lemma below.
Lemma B.1.
Let φ , φ be in GML such that φ ∧ φ is in good shape. If there is some quantifier-free χ equivalent to [ φ , φ ] PA whose atomic formulae are of the form x j ≥ k , we have φ φ ≡ χ GML . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Proof.
Let φ and φ be formulae in GML such that max PC ( φ ∧ φ ) ⊆ {⊤ , ⊥} and for all (cid:51) ≥ k ψ and (cid:51) ≥ k ′ ψ ′ in max GM ( φ ∧ φ ) with ψ (cid:44) ψ ′ , the formula ψ ∧ ψ ′ is unsatisfiable, i.e. φ ∧ φ is in good shape. Let { ψ , . . . , ψ n } be the set { ψ | (cid:51) ≥ k ψ ∈ max GM ( φ ∧ φ )} .By assumption, for all i (cid:44) j , the formula ψ i ∧ ψ j is unsatisfiable.In order to grasp the relationship between φ i and its arithmetical counterpart φ PA i , let M i = ( W i , R i , V i ) be a model, w ∈ W i ,and for each j ∈ [ , n ] , let β ij = |{ w ′ ∈ W i | M i , w ′ | = ψ j and ( w , w ′ ) ∈ R i }| . Moreover, let v w : { x , . . . , x n } → N be thearithmetical valuation such that v w ( x j ) def = β ij for all j ∈ [ , n ] . We have the following equivalence (†) M i , w | = φ i iff v w | = PA φ PA i , where | = PA is the satisfaction relation in PA . Below, we also use the notation “ φ PA i ( β i , . . . , β in ) ” instead of “ v w | = PA φ PA i ”.Now, let us show that φ φ ≡ χ GML . We start by showing that φ φ ⇒ χ GML is valid. Let M = ( W , R , V ) be a model, w ∈ W such that M , w | = φ φ . By definition of | = , there are M , M such that M = M + w M , M , w | = φ and M , w | = φ .Let us keep the definition of the β ij ’s from above, and for each j ∈ [ , n ] , let α j = |{ w ′ ∈ W | M , w ′ | = ψ j and ( w , w ′ ) ∈ R }| . By (†) and as M = M + M holds too, we have the following relationships: ( j ∈ [ , n ]) α j = β j + β j φ PA ( β , . . . , β n ) φ PA ( β , . . . , β n ) . We recall the definition of the arithmetical formula [ φ , φ ] PA : [ φ , φ ] PA def = ∃ y , y , . . . , y n , y n ( n (cid:219) j = x j = y j + y j ) ∧ φ PA ( y , . . . , y n ) ∧ φ PA ( y , . . . , y n ) . By assumption, there is a quantifier-free formula χ with free variables among x , . . . , x n such that χ is logically equivalentto [ φ , φ ] PA and its atomic formulae are of the form x j ≥ k . The formula χ GML is defined as the
GML formula obtained from χ by replacing every occurrence of x j ≥ k by (cid:51) ≥ k ψ j . Let v w : { x , . . . , x n } → N be the arithmetical valuation such that v w ( x j ) def = α j for all j . Obviously v w | = PA ψ PA , which is equivalent to v w | = PA χ . Similarly to (†) , we can get M , w | = χ GML .Now, we show that χ GML ⇒ φ φ is valid. Let M = ( W , R , V ) be a model, w ∈ W such that M , w | = χ GML . As above, foreach j ∈ [ , n ] , let α j = |{ w ′ ∈ W | M , w ′ | = ψ j and ( w , w ′ ) ∈ R }| . Let v w : { x , . . . , x n } → N be the arithmetical valuationsuch that v w ( x j ) def = α j for all j . Similarly to (†) , we can get v w | = PA χ and equivalently v w | = PA [ φ , φ ] PA . So, by the semanticsof the arithmetical formula [ φ , φ ] PA , there are natural numbers β , β , . . . , β n , β n such that ( j ∈ [ , n ]) α j = β j + β j φ PA ( β , . . . , β n ) φ PA ( β , . . . , β n ) . For each i ∈ { , } let us build M i such that for all j ∈ [ , n ] , w has β ij children in M i , and by construction for each such achild, its whole subtree in ( W , R ) is present in ( W , R i ) too. Such a division is possible because if a child of w contributes tothe value α j in M (and therefore it satisfies ψ j ), it cannot contribute to any value α j ′ with j ′ (cid:44) j (as by assumption ψ j ∧ ψ j ′ is unsatisfiable). Hence, by construction M = M + w M . Moreover, for any child w ′ of w in M i , we have M i , w ′ | = ψ j iff M , w ′ | = ψ j (for all j ∈ [ , n ] ) as the whole subtree of w ′ in M is present in M i . For each i ∈ { , } , let v iw be the arithmeticalvaluation such that for all j ∈ [ , n ] , we have v iw ( x j ) def = β ij . So, obviously, v iw | = PA φ PA i ( β i , . . . , β in ) and therefore by (†) , we have M i , w | = φ i . Consequently, we get M , w | = φ φ . □ Condition 2. in the definition of φ ∧ φ in good shape is essential here to obtain φ φ ≡ χ GML . Here is a simple counter-example. The formula [ φ , φ ] PA obtained from (cid:51) ≥ p (cid:51) ≥ q is defined as ∃ y , y , y , y ( x = y + y ) ∧ ( x = y + y ) ∧ ( y ≥ ) ∧ ( y ≥ ) . Obviously, [ φ , φ ] PA is arithmetically equivalent to ( x ≥ ) ∧ ( x ≥ ) but (cid:51) ≥ p (cid:51) ≥ q (cid:46) (cid:51) ≥ p ∧ (cid:51) ≥ q .Indeed, when M , w | = (cid:51) ≥ p ∧ (cid:51) ≥ q and w has a unique child satisfying p ∧ q , there is no way for w to satisfy (cid:51) ≥ p (cid:51) ≥ q .So the aforementioned assumption is crucial in order to simulate the appropriate partitioning of subtrees.To prove the result in full generality, we need to establish that such a quantifier-free formula χ always exists. Here is theproof of Lemma 3.1. Proof.
For each i ∈ { , } , let φ ′ i be an arithmetical formula logically equivalent to φ PA i such that: • φ ′ i is in disjunctive normal form (DNF), • each disjunct of φ ′ i is a conjunction such that for each j ∈ [ , n ] , the variable y ij is in at most two literals with thefollowing three options: – y ij occurs in a unique literal of the form y ij ≥ k , – y ij occurs in a unique (negative) literal of the form ¬( y ij ≥ k ) , – y ij occurs in two literals whose conjunction is y ij ≥ k ∧ ¬( y ij ≥ k ) and k > k . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
In the case such a formula φ ′ i does not exist, typically when φ ′ i is inconsistent, χ can simply take the value ⊥ . In the sequel,we assume that both φ ′ and φ ′ exist. Using propositional reasoning and the fact that disjunction distributes over existentialfirst-order quantification, the formula [ φ , φ ] PA is therefore logically equivalent to a formula of the form (cid:220) α , β ∃ y , y , . . . , y n , y n ( n (cid:219) j = x j = y j + y j ) ∧ C α ∧ C β where C α (resp. C β ) is a conjunction from φ ′ (resp. from φ ′ ). In order to build χ from [ φ , φ ] PA , we take advantage of quantifierelimination in PA and we explain below how this can be done. It is sufficient to explain how to eliminate quantifiers forsubformulae of the form Ψ = ∃ y , y , . . . , y n , y n ( n (cid:219) j = x j = y j + y j ) ∧ C α ∧ C β . Let j ∈ [ , n ] and suppose that by performing quantifier elimination on ∃ y j + , y j + , . . . , y n , y n , the formula Ψ is equivalent to ∃ y , y , . . . , y j , y j Ψ j + . with Ψ n + = ( (cid:211) nj = x j = y j + y j ) ∧ C α ∧ C β , and,1. Ψ j + is quantifier-free with no occurrences of the variables y j + , y j + , . . . , y n , y n ,2. Ψ j + is of the form ( j (cid:219) a = x a = y a + y a ) ∧ D ∧ C ′ ∧ C ′ wherea. D is a conjunction of literals built from constraints of the form x j ′ ≥ k with j ′ ∈ [ j , n ] ,b. for each i ∈ { , } , C ′ i a conjunction such that for each j ′ ∈ [ , j ] , y ij ′ is in at most two literals with the following threeoptions: • y ij ′ occurs in a unique literal of the form y ij ′ ≥ k , • y ij ′ occurs in a unique (negative) literal of the form ¬( y ij ′ ≥ k ) , • y ij ′ occurs in two literals whose conjunction is y ij ′ ≥ k ∧ ¬( y ij ′ ≥ k ) and k > k .Now, let us show how to perform quantifier elimination of ∃ y j ∃ y j Ψ j + to preserve the property for j −
1. First note that ∃ y j ∃ y j Ψ j + is logically equivalent to ( j − (cid:219) a = x a = y a + y a ) ∧ D ∧ C ′′ ∧ C ′′ ∧ ∃ y j ∃ y j ( x j = y j + y j ) ∧ D ∧ D , where C ′ = C ′′ ∧ D (assuming abusively that A ∧ ⊤ = A ), C ′ = C ′′ ∧ D and each variable y ij does not occur in C ′′ i ,and each D i is either ⊤ , or contains at most 2 literals involving the variable y ij . It is then easy to eliminate quantifiers in ∃ y j ∃ y j ( x j = y j + y j ) ∧ D ∧ D and below we treat all the cases depending on the value for D ∧ D leading to the formula D (we omit the symmetrical cases): • ⊤ ∧ ⊤ : D def = ⊤ , • ( y j ≥ k ) ∧ ⊤ : D def = ( x j ≥ k ) , • ¬( y j ≥ k ) ∧ ⊤ : D def = ⊤ , • ( y j ≥ k ) ∧ ¬( y j ≥ k ′ ) ∧ ⊤ : D def = ( x j ≥ k ) , • ( y j ≥ k ) ∧ ( y j ≥ k ′′ ) : D def = ( x j ≥ k + k ′′ ) , • ¬( y j ≥ k ) ∧ ( y j ≥ k ′′ ) : D def = ( x j ≥ k ′′ ) , • ( y j ≥ k ) ∧ ¬( y j ≥ k ′ ) ∧ ( y j ≥ k ′′ ) : D def = ( x j ≥ k + k ′′ ) , • ( y j ≥ k ) ∧ ¬( y j ≥ k ′ ) ∧ ( y j ≥ k ′′ ) ∧ ¬( y j ≥ k ′′′ ) : D def = ( x j ≥ k + k ′′ ) ∧ ¬( x j ≥ k ′ + k ′′′ ) .It is now easy to check that the formula ∃ y , y , . . . , y j − , y j − ( j − (cid:219) a = x a = y a + y a ) ∧ ( D ∧ D ) ∧ C ′′ ∧ C ′′ , odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany satisfies the conditions for Ψ j . By iterating the process of quantifier elimination, we get the desired formula χ . By Lemma B.1,we conclude that φ φ ≡ χ GML . □ B.2 Proof of Theorem 3.2
Proof.
Let φ be a formula in ML ( ) . As (cid:51) ψ ≡ (cid:51) ≥ ψ , we can assume that the only modalities in φ are of the form (cid:51) ≥ or. If φ has no occurrence of , we are done. Otherwise, let ψ be a subformula of φ whose outermost connective is and thearguments are in GML , say ψ = φ φ . By Lemma B.2, there is a formula ψ ′ in GML such that φ φ ≡ ψ ′ . One can showthat φ ≡ φ [ ψ ← ψ ′ ] , where φ [ ψ ← ψ ′ ] is obtained from φ by replacing every occurrence of ψ by ψ ′ . Note that the number ofoccurrences of in φ [ ψ ← ψ ′ ] is strictly less than the number of occurrences of in φ . By repeating such a type of replacement,eventually we obtain a formula φ ′ in GML such that φ ≡ φ ′ . □ B.3
GML is closed under the operator
Given φ ∈ GML , we write submax GM ( φ ) to denote the set { χ | (cid:51) ≥ k χ ∈ max GM ( φ )} . Lemma B.2.
Let ψ and ψ be two formulae in GML with max GM ( ψ ) ∪ max GM ( ψ ) = { (cid:51) ≥ k χ , . . . , (cid:51) ≥ k n χ n } and (cid:98) k = max { k , . . . , k n } . There is a GML formula ψ such that ψ ≡ ψ ψ , bd ( , ψ ) ≤ (cid:98) k n + and bd ( , ψ ) ≤ n bd ( , ψ ∧ ψ ) .Proof. Without loss of generality, we assume that submax GM ( ψ ) = submax GM ( ψ ) . Otherwise, if χ ∈ submax GM ( ψ j )\ submax GM ( ψ − j ) ,then we add to ψ − j the conjunct (cid:51) ≥ χ ∨ ¬( (cid:51) ≥ χ ) , and we repeat the process until submax GM ( ψ ) = submax GM ( ψ ) . Moreover,we assume that the propositional variables not in the scope of a modality are among p , . . . , p α .In order to compute ψ , we perform the following steps.1. For each i ∈ { , } , let ˆ ψ i be a formula logically equivalent to ψ i such that ˆ ψ i is in disjunctive normal form (DNF) withrespect to the atoms in max GM ( ψ i )∪ { p , . . . , p α } . Assume that max GM ( ψ i ) = { (cid:51) ≥ k χ , . . . , (cid:51) ≥ k n ′ χ n ′ } with { χ ⋆ , . . . , χ ⋆ n } = { χ , . . . , χ n ′ } , i.e. some χ ⋆ i may occur more than once but with different graded rank.Let B = { , } . Given a formula φ , we write φ for φ and φ for ¬ φ . Hence, the formula ˆ ψ i satisfiesˆ ψ i ⊆ (cid:220) f : [ , n ′ + α ]→ B (( (cid:51) ≥ k χ ) f ( ) ∧ · · · ∧ ( (cid:51) ≥ k n ′ χ n ′ ) f ( n ′ ) ) ∧ ( p f ( n ′ + ) ∧ · · · ∧ p f ( n ′ + α ) α ) , where the relation ⊆ in that context means that ˆ ψ i is subdisjunction of the generalised disjunction on the right-handside. Note that bd ( , ψ i ) = bd ( , ˆ ψ i ) .2. The second step consists in partitioning the modalities so that ˜ ψ i is obtained from ˆ ψ i by replacing any occurrence of ( (cid:51) ≥ k j χ j ) f ( j ) by ( (cid:220) g : [ , k j ]→{ Y | χ j ∈ Y and Y ⊆{ χ ⋆ ,..., χ ⋆ n }} (cid:219) Y ∈ ran ( g ) (cid:51) ≥| g − ( Y )| ( Y ∧ ¯ Y )) f ( j ) , where Y stands for (cid:211) ψ ∈ Y ψ and ¯ Y stands for (cid:211) ψ ∈({ χ ⋆ ,..., χ ⋆ n }\ Y ) ¬ ψ .It is easy to check that ψ i ≡ ˆ ψ i and ˆ ψ i ≡ ˜ ψ i . We write ˆ˜ ψ i to denote ˜ ψ i in DNF of the form belowˆ˜ ψ i ⊆ (cid:220) f : [ , n ′′ + α ]→ B (( (cid:51) ≥ l χ ⋆⋆ ) f ( ) ∧ · · · ∧ ( (cid:51) ≥ l n ′′ χ ⋆⋆ n ′′ ) f ( n ′′ ) ) ∧ ( p f ( n ′′ + ) ∧ · · · ∧ p f ( n ′′ + α ) α ) , with l i ≤ (cid:98) k (because | g − ( Y )| above is always bounded by (cid:98) k ), and there are at most 2 n distinct χ ⋆⋆ j . Consequently, ˆ˜ ψ ˆ˜ ψ islogically equivalent to a disjunction of the form below as the disjunction distributes over the composition operator: (cid:220) (cid:16) ( p f ( n ′′ + ) ∧ · · · ∧ p f ( n ′′ + α ) α ) ∧ ( p f ′ ( n ′′ + ) ∧ · · · ∧ p f ′ ( n ′′ + α ) α )∧ (cid:0) ( (cid:51) ≥ l χ ⋆⋆ ) f ( ) ∧ · · · ∧ ( (cid:51) ≥ l n ′′ χ ⋆⋆ n ′′ ) f ( n ′′ ) ( (cid:51) ≥ l χ ⋆⋆ ) f ′ ( ) ∧ · · · ∧ ( (cid:51) ≥ l n ′′ χ ⋆⋆ n ′′ ) f ′ ( n ′′ ) (cid:1)(cid:17) . Observe that ( p ∧ ψ ) ( p ′ ∧ ψ ′ ) is logically equivalent to p ∧ p ′ ∧ ( ψ ψ ′ ) . By Lemma 3.1, the subformula with outermostconnective can be rewritten as a GML formula φ with graded rank at most twice the maximal graded rank (i.e. 2 × (cid:98) k )and with | submax GM ( φ )| ≤ n . Note that the condition of being in good shape is guaranteed by construction of ˜ ψ i . Theformula ψ is obtained by applying Lemma 3.1 on the large disjunction above as much as needed. It is now easy to check that bd ( , ψ ) ≤ ( × (cid:98) k ) × n . □ ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
B.4 Proof of Lemma 3.3
Proof.
The proof is by induction on the modal degree of φ and we show that the branching degree of the models is at most max bd ( φ ) (which allows us to get the number of worlds at most max bd ( φ ) md ( φ ) + as only nodes reachable in at most md ( φ ) stepsare relevant for satisfaction). The base case with md ( φ ) = max bd ( φ ) = bd ( , φ ) = φ can be witnessed on a single node model. For the induction step, let us suppose that for all formulae ψ of modal depth less than d , if ψ has a model then it has model in which each node has at most max bd ( ψ ) children.Let φ be a satisfiable formula in GML of modal depth d +
1. Let max GM ( φ ) = { ψ , . . . , ψ n } and p , . . . , p m be the propositionalvariables in φ that are not in the scope of a graded modality. We write DNF ( φ ) to denote the set of formulae in disjunctivenormal form logically equivalent to φ with atomic formulae among { ψ , . . . , ψ n , p , . . . , p m } . We exclude from DNF ( φ ) theconjunctions and disjunctions with repetitions as well as conjunctions that do not respect the conditions below to avoidobvious inconsistencies. Typically, the conjunctions are of the form (modulo AC and without repetitions) (cid:51) ≥ k φ ∧ . . . ∧ (cid:51) ≥ k m φ m ∧ ¬ (cid:51) ≥ k ′ φ ′ ∧ . . . ∧ ¬ (cid:51) ≥ k ′ m φ ′ m ′ ∧ L ∧ · · · ∧ L m ′′ , where the L i ’s are literals built over p , . . . , p m . Without loss of generality, we assume that if φ i = φ ′ j , then k ′ j > k i and thereare no contradictory literals in L ∧ · · · ∧ L m ′′ .Let φ ′ ∈ DNF ( φ ) . As φ ′ is satisfiable too, there is a conjunction φ ′′ in φ ′ that is satisfiable, say of the form below: φ ′′ = (cid:51) ≥ k φ ∧ . . . ∧ (cid:51) ≥ k m φ m ∧ ¬ (cid:51) ≥ k ′ φ ′ ∧ . . . ∧ ¬ (cid:51) ≥ k ′ m φ ′ m ′ ∧ L ∧ · · · ∧ L m ′′ . By definition of bd ( , φ ′ ) , we have ( k + · · · + k m ) = bd ( , φ ′ ) ≤ max bd ( φ ) . Let M = ( W , R , V ) be a model and w ∈ W such that M , w | = φ ′′ . By definition of | = , for each i ∈ [ , m ] , there is a set X i made of k i children of w such that each child in X i satisfies φ i . Let M ′ = ( W ′ , R ′ , V ′ ) be the model such that W ′ def = { w } ∪ { w ′ | w ′ ∈ R ∗ ( w ′′ ) , w ′′ ∈ X ∪ · · · ∪ X m } , R ′ = R ∩ ( W ′ × W ′ ) and V ′ is the restriction of V to W ′ . It is easy to verify that M ′ , w | = φ ′′ and w has at most ( k + · · · + k m ) children in M ′ . Bythe induction hypothesis, for each i ∈ [ , m ] , there is a model M i = ( W i , R i , V i ) and w i ∈ W i (say ( W i , R i ) is rooted at w i ) suchthat M i , w i | = φ i and each node in M i has at most max bd ( φ i ) children. As φ i is a subformula of φ , by definition of bd ( φ ) , wehave also max bd ( φ i ) ≤ max bd ( φ ) . Let us build the model M ′′ obtained from M ′ such that for all i ∈ [ , m ] and for all children w ′ ∈ X i , we replace the subtree rooted at w ′ in M ′ by a copy of M i . It is then easy to verify that M ′′ , w | = φ ′′ and each node in M ′′ has at most max bd ( φ ) children. This completes the proof for the induction step. □ B.5 Proof of Lemma 3.4
Proof.
Let φ be a formula in F built over the GML formulae in { (cid:51) ≥ k χ , . . . , (cid:51) ≥ k n ′ χ n ′ } and the propositional variables p , . . . , p α . We write { χ ⋆ , . . . , χ ⋆ n } to denote the set { χ , . . . , χ n ′ } (therefore n ≤ n ′ ). Without loss of generality, we can assume thatfor all subformulae ( ψ ψ ) of φ , we have submax GM ( ψ ) = submax GM ( ψ ) = { χ ⋆ , . . . , χ ⋆ n } (see Appendix B.3 for the definitionfo submax GM ( φ ) ). In the previous equality, we need to define submax GM ( ψ ) for the formulae ψ in F (as it was done only for GML formulae so far). Assuming that ψ in F is built over { (cid:51) ≥ l φ , . . . , (cid:51) ≥ l m φ m } , we set submax GM ( ψ ) def = { φ , . . . , φ m } .In the case the assumption above is not satisfied, we proceed as follows to lead to a logically equivalent formula satisfyingthe condition, at a polynomial computational cost only.1. Compute the outermost GML formulae of the form (cid:51) ≥ k ψ in φ .2. Let Φ be the tautology (cid:211) ( (cid:51) ≥ k ψ ∨ ¬ (cid:51) ≥ k ψ ) where the generalised conjunction goes through all the above (cid:51) ≥ k ψ in φ .3. In a bottom-up fashion, replace ψ ψ by ( ψ ∧ Φ ) ( ψ ∧ Φ ) .The resulting formula is of polynomial size in the size of φ . So, in the sequel, we can assume that for all subformulae ( ψ ψ ) of φ , we have submax GM ( ψ ) = submax GM ( ψ ) = { χ ⋆ , . . . , χ ⋆ n } .Let CD = cd ( φ ) (composition degree of φ ). In order to define ψ from φ , we construct a sequence of formulae φ = φ , . . . , φ M = ψ such that:1. The number of occurrences of decreases strictly from φ i to φ i + .2. Suppose that χ ′ χ ′ is a subformula of φ i at the composition depth CD ′ ≤ CD such that χ ′ , χ ′ are GML formulae andany subformula of χ ′ ∧ χ ′ of the form (cid:51) ≥ k χ has k ≤ (cid:98) k × ( CD − CD ′ ) and bd ( , χ ) ≤ n × bd ( , φ ) . By using Lemma B.2and its proof, we replace χ ′ χ ′ by the formula A in GML with bd ( , A ) ≤ (cid:98) k × ( CD + − CD ′ ) × n , bd ( , A ) ≤ n × bd ( , φ ) and for all m ≥ bd ( m , A ) = bd ( m , φ ) .Let us explain below how to perform the transformation in (2.). It is worth noting that all the subformulae (cid:51) ≥ k χ belongingto max GM ( χ ′ j ) for some j ∈ { , } and obtained by a transformation using Lemma B.2, has χ already equal to Y ∧ ¯ Y for some Y ⊆ { χ ⋆ , . . . , χ ⋆ n } and k ≤ (cid:98) k × ( CD − CD ′ ) . In order to compute A from χ ′ χ ′ , we perform the following steps. odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany
1. Let ˜ χ ′ j be the formula obtained from χ ′ j by replacing any occurrence of (cid:51) ≥ k χ with χ ∈ { χ ⋆ , . . . , χ ⋆ n } , by (cid:220) g : [ , k j ]→{ Y | χ ∈ Y and Y ⊆{ χ ⋆ ,..., χ ⋆ n }} (cid:219) Y ∈ ran ( g ) (cid:51) ≥| g − ( Y )| ( Y ∧ ¯ Y ) . Hence, if χ were already of the form Y ∧ ¯ Y in χ ′ j , nothing is done at this stage.2. It is easy to check that ψ ′ j ≡ ˜ ψ ′ j . We write ˆ ψ ′ j to denote ˜ ψ ′ j in DNF of the form belowˆ ψ ′ j ⊆ (cid:220) f : [ , n ′′ + α ]→ B (( (cid:51) ≥ l χ ⋆⋆ ) f ( ) ∧ · · · ∧ ( (cid:51) ≥ l n ′′ χ ⋆⋆ n ′′ ) f ( n ′′ ) ) ∧ ( p f ( n ′′ + ) ∧ · · · ∧ p f ( n ′′ + α ) α ) , with l k ≤ (cid:98) k × ( CD − CD ′ ) , and there are at most 2 n distinct χ ⋆⋆ k . Consequently, ˆ χ ′ ˆ χ ′ is logically equivalent to a disjunctionof the form: (cid:220) f , f ′ (cid:16) ( p f ( n ′′ + ) ∧ · · · ∧ p f ( n ′′ + α ) α ) ∧ ( p f ′ ( n ′′ + ) ∧ · · · ∧ p f ′ ( n ′′ + α ) α )∧ (cid:0) ( (cid:51) ≥ l χ ⋆⋆ ) f ( ) ∧ · · · ∧ ( (cid:51) ≥ l n ′′ χ ⋆⋆ n ′′ ) f ( n ′′ ) ( (cid:51) ≥ l χ ⋆⋆ ) f ′ ( ) ∧ · · · ∧ ( (cid:51) ≥ l n ′′ χ ⋆⋆ n ′′ ) f ′ ( n ′′ ) (cid:1)(cid:17) . By Lemma 3.1, the subformula with outermost connective can be rewritten as a
GML formula A with graded rank atmost twice the maximal graded rank (i.e. 2 × (cid:98) k × ( CD − CD ′ ) ) and with | submax GM ( A )| ≤ n . Note that the condition ofbeing in good shape is guaranteed by construction of ˜ χ ′ j .The formula ψ is obtained from φ by applying the above transformations. As the number of occurrences of decreasesstrictly, we get some formula φ M in GML logically equivalent to φ . It remains to check that the outcome formula ψ = φ M satisfies the announced quantitative properties. □ B.6 Proof of Lemma 3.5
Given a formula φ in ML ( ) or in F , recall that we write cd ( φ ) to denote its composition degree , i.e. the maximal number ofimbrications of in φ . Similarly, we write w (cid:51) ( φ ) to denote its diamond weight , i.e. the number of distinct subformulae of φ whose outermost connective is a modality (cid:51) or (cid:51) ≥ k .The following lemma subsumes Lemma 3.5. Lemma B.3 (Exponential-size model property) . Let φ be a formula in ML ( ) . Then, there is a GML formula φ ′ such that φ ′ ≡ φ and max bd ( φ ′ ) ≤ gr ( φ ) × ( w (cid:51) ( φ )) md ( φ ) × cd ( φ ) × w (cid:51) ( φ ) and md ( φ ′ ) ≤ md ( φ ) . We recall that bd ( m , φ ) can be understood as the maximal bd ( , ψ ) for some subformula ψ occurring at the modal depth m within φ and max bd ( φ ) is equal to max { bd ( m , φ ) | m ∈ [ , md ( φ )]} . Proof.
Based on Lemma 3.4 and on its proof, one can show the following property. Then, we shall explain how to compute φ ′ from φ .Let φ be a formula in the fragment F built over GML formulae in { (cid:51) ≥ k χ , . . . , (cid:51) ≥ k n χ n } , k max = max { k , . . . , k n } and max bd ( χ i ) ≤ B for all i ∈ [ , n ] for some B ≥
0. By Lemma 3.4, there is a
GML formula ψ such that1. φ ≡ ψ ,2. bd ( , ψ ) ≤ k max × cd ( φ ) × n ,3. bd ( , ψ ) ≤ n × B ,4. bd ( m , ψ ) ≤ B for all m ≥ md ( ψ ) ≤ md ( φ ) .Consequently, max bd ( ψ ) ≤ max { k max × cd ( φ ) × n , n × B } . Let φ be an ML ( ) formula with D = md ( φ ) . In order to define φ ′ from φ , we define a sequence of formulae φ = φ , . . . , φ M = φ ′ such that:1. The number of occurrences of decreases strictly from φ i to φ i + .2. Suppose that (cid:51) ≥ k ψ is a subformula of φ i at modal depth D ′ ≤ D such that ψ belongs to the fragment F and it containsat least one occurrence of . If ψ is built upon (cid:51) ≥ k ψ , . . . , (cid:51) ≥ k n ψ n , then n ≤ w (cid:51) ( φ ) and for all i ∈ [ , n ] , we have max bd ( ψ i ) ≤ gr ( φ ) × ( w (cid:51) ( φ )) D − D ′ × cd ( φ ) × w (cid:51) ( φ ) .Let us explain how the substitutions are operated. If φ belongs to the fragment F , then we apply Lemma 3.4 getting ψ ≡ φ with ψ in GML and max bd ( ψ ) ≤ max ( gr ( φ ) × cd ( φ ) × w (cid:51) ( φ ) , w (cid:51) ( φ ) × ( w (cid:51) ( φ ) × gr ( φ ))) .Now assume that φ i contains some occurrences of in the scope of a graded modality. There is necessarily a subformula (cid:51) ≥ k ψ of φ i , say at modal depth D ′ ≤ D such that ψ belongs to the fragment F and it contains at least one occurrence of ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti . We can assume that ψ is built from (cid:51) ≥ k ψ , . . . , (cid:51) ≥ k n ψ n with n ≤ w (cid:51) ( φ ) and by the induction hypothesis, max bd ( ψ i ) ≤ gr ( φ ) × ( w (cid:51) ( φ )) D − D ′ × cd ( φ ) × w (cid:51) ( φ ) . By the variant of Lemma 3.4 stated above, there is ψ ′ in GML such that1. ψ ≡ ψ ′ ,2. bd ( , ψ ′ ) ≤ k max × cd ( φ ) × n ≤ gr ( φ ) × cd ( φ ) × w (cid:51) ( φ ) ,3. bd ( , ψ ′ ) ≤ n × gr ( φ ) × ( w (cid:51) ( φ )) D − D ′ × cd ( φ ) × w (cid:51) ( φ ) ≤ gr ( φ ) × ( w (cid:51) ( φ )) D + − D ′ × cd ( φ ) × w (cid:51) ( φ ) .4. bd ( m , ψ ′ ) ≤ gr ( φ ) × ( w (cid:51) ( φ )) D − D ′ × cd ( φ ) × w (cid:51) ( φ ) for all m ≥ md ( ψ ′ ) ≤ md ( φ ) .Let φ i + be obtained from φ i by replacing (cid:51) ≥ k ψ by (cid:51) ≥ k ψ ′ . Since the substitution is performed in a bottom-up manner, still,if (cid:51) ≥ k χ is a subformula of φ i + such that χ belongs to the fragment F , it contains at least one occurrence of and it is builtover (cid:51) ≥ k χ , . . . , (cid:51) ≥ k α χ α then α ≤ w (cid:51) ( φ ) . □ B.7 Proof of Lemma 3.7
This section contains the proof of Lemma 3.7 and its first part is dedicated to preliminary definitions and results.Given P = { p , . . . , p m } and a finite forest M = ( W , R , V ) , for all w ′ , w ′′ ∈ W , we write w ′ ≈ P w ′′ iff for all i ∈ [ , m ] , wehave M , w ′ | = p i iff M , w ′′ | = p i , i.e. w ′ and w ′′ agree on the truth values of all the propositional variables in P . As done inSection 3.2, we recall that Q = { q , . . . , q n + } . Lemma B.4.
Let ∅ (cid:44) X ⊆ [ , n + ] and ( M , w ) be a pointed forest such that M , w | = uni ( Q ) . We have M , w | = cp ( X ) iff for all w ′ ∈ R ( w ) ∩ ( (cid:208) k ∈ X V ( q k )) , X ⊆ { k ∈ [ , n + ] | there is w ′′ ∈ R ( w ) such that w ′ ≈ P w ′′ and M , w ′′ | = q k } . The second condition can be restated as follows: whenever a child of w satisfies a valuation with respect to P and belongsto ( (cid:208) k ∈ X V ( q k )) , then the valuation is satisfied in a child of w satisfying q k for all k ∈ X . We recall that cp ( X ) is defined asfollows. (cid:219) k (cid:44) k ′ ∈ X ¬ (cid:0) (cid:50) q k ( (cid:51) = q k ∧ ¬(⊤ (cid:51) = q k ∧ (cid:51) = q k ′ ∧ (cid:219) j ∈[ , m ] (cid:51) p j ⇒ (cid:50) p j )) (cid:1) . Proof.
In order to show the main equivalence of the statement, we proceed by showing intermediate properties for subformulaeof cp ( X ) . Actually, we shall state the properties, assuming that their proof are by an easy verification. In what follows, wealways assume that ( M , w ) be a pointed forest such that M , w | = uni ( Q ) . (unicity) The first intermediate property is related to the formula uni ( Q ) , which allows us to state a unicity property. Wehave M , w | = uni ( Q ) with uni ( Q ) equal to (cid:50) ( (cid:211) i (cid:44) i ′ ∈[ , n + ] ¬( q i ∧ q i ′ ) ∧ (cid:212) i ∈[ , n + ] q i ) iff for all w ′ ∈ R ( w ) , there is aunique i ∈ [ , n + ] such that M , w ′ | = q i . (uniformity) The second property is related to the subformula (cid:211) j ∈[ , m ] (cid:51) p j ⇒ (cid:50) p j that states a uniformity condition. Wehave M , w | = (cid:211) j ∈[ , m ] (cid:51) p j ⇒ (cid:50) p j iff for all w ′ , w ′′ ∈ R ( w ) , we have w ′ ≈ P w ′′ . (two-witnesses) Let k (cid:44) k ′ ∈ X and ψ k , k ′ be the formula (⊤ (cid:51) = q k ∧ (cid:51) = q k ′ ∧ (cid:211) j ∈[ , m ] (cid:51) p j ⇒ (cid:50) p j ) . We have M , w | = ψ k , k ′ iff there are w ′ (cid:44) w ′′ ∈ R ( w ) such that M , w ′ | = q k , M , w ′′ | = q k ′ and w ′ ≈ P w ′′ . (no-witness-1) Again, let k (cid:44) k ′ ∈ X . We have M , w | = (cid:51) = q k ∧ ¬ ψ k , k ′ iff there is a unique w ′ ∈ R ( w ) such that M , w ′ | = q k and there is no w ′′ ∈ R ( w ) such that M , w ′′ | = q k ′ and w ′ ≈ P w ′′ . (no-witness-2) Finally, we have M , w | = (cid:50) q k ( (cid:51) = q k ∧ ¬ ψ k , k ′ ) there is w ′ ∈ R ( w ) such that M , w ′ | = q k and there is no w ′′ ∈ R ( w ) such that M , w ′′ | = q k ′ and w ′ ≈ P w ′′ .Consequently, M , w | = cp ( X ) iff for all k (cid:44) k ′ ∈ X , there is no w ′ ∈ R ( w ) such that M , w ′ | = q k and for which there is no w ′′ ∈ R ( w ) such that M , w ′′ | = q k ′ and w ′ ≈ P w ′′ . Otherwise said, for all w ′ ∈ R ( w ) such that M , w ′ | = q k , there is w ′′ ∈ R ( w ) such that M , w ′′ | = q k ′ and w ′ ≈ P w ′′ ( P and Q are disjoint). □ Let ( M , w ) be a pointed forest satisfying uni ( Q ) , T be a team built upon P and ∅ (cid:44) X ⊆ [ , n + ] . We write ( M , w ) ≡ X P T iffthe conditions below are satisfied.1. For all valuations v ∈ T , for all k ∈ X , there is w ′ ∈ R ( w ) such that for all i ∈ [ , m ] , we have M , w ′ | = p i iff v ( p i ) = ⊤ (written M , w ′ | = v ) and M , w ′ | = q k .2. For all valuations v such that (for all k ∈ X , there is w ′ k ∈ R ( w ) such that M , w ′ k | = v and M , w ′ k | = q k ), we have v ∈ T .Hence, when ( M , w ) ≡ X P T , the children of w encodes the team T with the property that each encoding of v ∈ T is witnessedby | X | witness worlds.Given an PL[~] formula φ , its (cid:219)∨ -weight , written w (cid:219)∨ ( φ ) , is defined as the number of occurrences of (cid:219)∨ in φ . Lemma B.5.
Let ∅ (cid:44) X ⊆ [ , n + ] , ( M , w ) be a pointed forest such that M , w | = uni ( Q ) ∧ cp ( X ) and T be a team built over P such that ( M , w ) ≡ X P T . For all PL[~] formula ψ built over P such that w (cid:219)∨ ( ψ ) ≤ | X | − , we have T | = ψ iff M , w | = τ ( ψ , X ) . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Proof.
The proof is by structural induction.
Base case with ψ = p i , i ∈ [ , m ] . First, assume that T | = p i , which means that for all valuations v ∈ T , we have v ( p i ) = ⊤ . Adabsurdum , suppose that there is w ′ ∈ R ( w ) ∩ ( (cid:208) k ∈ X V ( q k )) , such that M , w ′ ̸| = p i . Let v be the valuation over P satisfiedby w ′ . As M , w | = cp ( X ) , by Lemma B.4, the valuation v is satisfied in a child of w satisfying q k for all k ∈ X . By (2.) in thedefinition of ≡ X P , this implies that v ∈ T , which leads to a contradiction. Consequently, for all w ′ ∈ R ( w ) ∩ ( (cid:208) k ∈ X V ( q k )) ,we have M , w ′ | = p i , which can be expressed precisely with M , w | = (cid:50) (( (cid:212) j ∈ X q j ) ⇒ p i ) . Hence, M , w | = τ ( p i , X ) bydefinition of τ . For the proof of the other direction, we assume that M , w | = (cid:50) (( (cid:212) j ∈ X q j ) ⇒ p i ) and one can show T | = p i by using this time (1.). Indeed, ad absurdum , suppose that T ̸| = p i . So, there is a valuation v such that v ( p i ) = ⊥ .By (1.), for all k ∈ X , there is w ′ k ∈ R ( w ) such that M , w ′ k ̸| = p i and M , w ′ k | = q k . Since w ′ k ∈ R ( w ) , M , w ′ k | = q k and M , w | = (cid:50) (( (cid:212) j ∈ X q j ) ⇒ p i ) , we get M , w ′ k | = p i , which leads to a contradiction. Base case with ψ = (cid:219)¬ p i , i ∈ [ , m ] . Similar to the case ψ = p i . Induction step.
The cases in the induction step for which the outermost connective of ψ is either ∧ or ~ are by an easyverification. Let us consider the case ψ = ψ (cid:219)∨ ψ . Observe that w (cid:219)∨ ( ψ ) = w (cid:219)∨ ( ψ ) + w (cid:219)∨ ( ψ ) + w (cid:219)∨ ( ψ ) ≤ | X | − w (cid:219)∨ ( ψ ) + w (cid:219)∨ ( ψ ) + ≤ | X | and let X i = c i ( X , w (cid:219)∨ ( ψ ) + , w (cid:219)∨ ( ψ ) + ) for i ∈ { , } . Assume T | = ψ (cid:219)∨ ψ . By definition of | = for PL[~], there are T and T such that T = T ∪ T , T | = ψ and T | = ψ .Let us define M = ( W , R , V ) and M = ( W , R , V ) such that M = M + w M and satisfying the conditions below(only the relevant part is explicitly specified). • Assume v ∈ T ∩ T . As ( M , w ) ≡ X P T , for all k ∈ X , there is w ′ k ∈ R ( w ) such that M , w ′ k | = v and M , w ′ k | = q k . Forall i ∈ { , } and k ∈ X , for all w ′ ∈ R ( w ) ∩ V ( q k ) such that M , w ′ | = v , if k ∈ X i , then ( w , w ′ ) ∈ R i by definition,otherwise ( w , w ′ ) ∈ R − i . For all w ′ ∈ R ( w ) such that w ′ (cid:60) ( (cid:208) k ∈ X V ( q k )) and M , w ′ | = v , it is irrelevant whether ( w , w ′ ) belongs to R or to R . • Assume that v ∈ T j \ T − j for some j ∈ { , } . For all w ′ ∈ R ( w ) such that M , w ′ | = v , ( w , w ′ ) ∈ R j by definition.One can check that M , w ≡ X P T , M , w ≡ X P T , w (cid:219)∨ ( ψ ) ≤ | X | − w (cid:219)∨ ( ψ ) ≤ | X | −
1. By the inductionhypothesis, we have M , w | = τ ( ψ , X ) and M , w | = τ ( ψ , X ) . Moreover, as M , w | = cp ( X ) , it is also easy to check that M , w | = cp ( X ) and M , w | = cp ( X ) . Hence, M , w | = ( τ ( ψ , X ) ∧ cp ( X )) ( τ ( ψ , X ) ∧ cp ( X )) , i.e. M , w | = τ ( ψ , X ) bydefinition of τ . Assume M , w | = τ ( ψ (cid:219)∨ ψ , X ) . There are M , M such that M = M + w M , M , w | = cp ( X ) ∧ τ ( ψ , X ) and M , w | = cp ( X ) ∧ τ ( ψ , X ) . Let us define T and T such that T = T ∪ T , M , w ≡ X P T and M , w ≡ X P T . Let v ∈ T and j ∈ { , } . We have v ∈ T j def ⇔ for all k ∈ X j , there is w ′ k ∈ R j ( w ) such that M j , w ′ k | = v and M j , w ′ k | = q k . As M , w | = cp ( X ) and X = X ⊎ X , one can verify that the definition of T and T is well-designed and the teams T and T satisfy the expected properties. Using that w (cid:219)∨ ( ψ ) + ≤ | X | and w (cid:219)∨ ( ψ ) + ≤ | X | , by the induction hypothesis,we have T | = ψ and T | = ψ . Consequently, T | = ψ . □ The proof of Lemma 3.7 is now by an easy verification.
Proof. (Lemma 3.7) Let φ be an PL[~] formula built upon P = { p , . . . , p m } with w (cid:219)∨ ( φ ) = n and Q = { q , . . . , q n + } .Suppose that φ is satisfiable, meaning that there is a team T = { v , . . . , v K } satisfying φ . Let M = ( W , R , V ) be the finiteforest such that w = { } ∪ [ , K ] × [ , n + ] , R = {( , ( i , j )) | ( i , j ) ∈ [ , K ] × [ , n + ]} , and V is a valuation such that, • V ( q j ) = [ , K ] × { j } for all j ∈ [ , n + ] , • V ( p s ) = {( i , j ) | v i ( p s ) = ⊤} for all s ∈ [ , m ] .One can show that M , w | = uni ( Q ) ∧ cp ([ , n + ]) and M , w ≡ [ , n + ] P T . As w (cid:219)∨ ( φ ) = |[ , n + ]| − = n ), by Lemma B.5, wehave M , w | = τ ( φ , [ , n + ]) .Conversely, suppose that uni ( Q ) ∧ cp ([ , n + ]) ∧ τ ( φ , [ , n + ]) is satisfiable, meaning that there is a pointed forest ( M , w ) satisfying it with M = ( W , R , V ) . We define the team T such that for all valuations v built over P , v belongs to T iff there is w ′ ∈ R ( w ) such that M , w ′ | = q k for some k ∈ [ , n + ] and M , w ′ | = v . Again, one can check that M , w ≡ [ , n + ] P T (here weuse the fact the M , w | = uni ( Q ) ∧ cp ([ , n + ]) ) and by Lemma B.5, we have T | = φ . □ C Proofs of Section 4
C.1 Correctness of init ( j ) , nom i ( ax ) , @ i ax φ and nom i ( ax (cid:44) bx ) In the following statements and proofs, let M = ( W , R , V ) be a finite forest and w ∈ W . Lemma C.1.
Let j ≥ . M , w | = init ( j ) if and only if for every ≤ i ≤ j , every w ′ ∈ R i ( w ) and every ax ∈ Aux , ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
1. if M , w ′ | = t then ∀ w ′ , w ′ ∈ R ( w ′ ) , if M , w ′ | = ax and M , w ′ | = ax then w ′ = w ′ (i.e. at most one child of w ′ satisfies ax );2. for every w ′′ ∈ R ( w ′ ) , if M , w ′′ | = ax , then R ( w ′′ ) = ∅ (i.e. w ′′ does not have children) and it cannot be that M , w ′′ | = bx for some bx ∈ Aux syntactically different from ax (i.e. among the propositions in Aux , w ′′ only satisfies ax ).Moreover, given M ′ ⊑ M , M ′ , w | = init ( j ) .Proof. (sketch). Recall that init ( j ) is defined as follows: ⊞ j (cid:219) ax ∈ Aux (cid:16)(cid:0) t ⇒ ¬( (cid:51) ax ∗ (cid:51) ax ) (cid:1) ∧ (cid:50) (cid:0) ax ⇒ (cid:50) ⊥ ∧ (cid:219) bx ∈ Aux \{ ax } ¬ bx (cid:1)(cid:17) The proof is straightforward (and hence here only sketched). Indeed, the statement “for every 0 ≤ i ≤ j , every w ′ ∈ R i ( w ) and every ax ∈ Aux ” is captured by the prefix ⊞ j (cid:211) ax ∈ Aux of init ( j ) . Then, (1) corresponds to the conjunct t ⇒ ¬( (cid:51) ax ∗ (cid:51) ax ) whereas (2) corresponds to the conjunct (cid:50) (cid:0) ax ⇒ (cid:50) ⊥ ∧ (cid:211) bx ∈ Aux \{ ax } ¬ bx (cid:1) . □ Lemma C.2.
Let ax ∈ Aux and < i ≤ j ∈ N . Suppose M , w | = init ( j ) . M , w | = nom i ( ax ) if and only if ax is a nominal for the depth i . Recall that ax is a nominal for the depth i if there is exactly onet-world in R i ( w ) having a child satisfying ax .Proof. Recall that nom i ( ax ) is defined as follows: ⟨ t ⟩ i (cid:51) ax ∧ (cid:219) k ∈[ , i − ] [ t ] k ¬ (cid:0) ⟨ t ⟩ i − k (cid:51) ax ∗ ⟨ t ⟩ i − k (cid:51) ax (cid:1) . ( ⇒ ): Suppose M , w | = nom i ( ax ) , then by definition of | = and the relativised modality ⟨ t ⟩ , there exists a path of t -worlds w , w , . . . , w i , such that wRw Rw . . . Rw i , and there exists w ′ such that ( w i , w ′ ) ∈ R and M , w ′ | = ax . The second conjunctof nom i ( ax ) guarantees that there is only one such paths, leading to w i being a nominal for the depth i . Indeed, suppose adabsurdum that there is a second world w ′ i ∈ R i ( w ) , distinct from w i , such that M , w ′ i | = (cid:51) ax . Since M , w | = init ( j ) , w ′ i mustbe a t -node and there must be a path of t -worlds w ′ , w ′ , . . . , w ′ i such that wRw ′ Rw ′ . . . Rw ′ i . Then, there must be k ∈ [ , i − ] such that for every j ≤ k , w j = w ′ j , and for every l ∈ [ j + , i ] , w l (cid:44) w ′ l . By considering the pointed forest ( M , w k ) , we caneasily show that M , w k | = ⟨ t ⟩ i − k (cid:51) ax ∗ ⟨ t ⟩ i − k (cid:51) ax . This implies that M , w | = ⟨ t ⟩ k (cid:0) ⟨ t ⟩ i − k (cid:51) ax ∗ ⟨ t ⟩ i − k (cid:51) ax (cid:1) , in contradictionwith the second conjunct of nom i ( ax ) . Hence, w ′ i cannot be distinct from w i .( ⇐ ): This direction is analogous. Suppose that M , w | = init ( j ) and ax is a nominal for the depth i . By definition, there is aunique t -world w ′ in R i ( w ) having a child satisfying ax . Since M , w | = init ( j ) , the path from w to w ′ must only witness t -nodes.Hence M , w | = ⟨ t ⟩ i (cid:51) ax . Moreover, by the uniqueness of this path we conclude that M , w | = (cid:211) k ∈[ , i − ] [ t ] k ¬ (cid:0) ⟨ t ⟩ i − k (cid:51) ax ∗⟨ t ⟩ i − k (cid:51) ax (cid:1) also holds. Thus, M , w | = nom i ( ax ) . □ Lemma C.3.
Let ax ∈ Aux and < i ≤ j ∈ N . Suppose M , w | = init ( j ) ∧ nom i ( ax ) . M , w | = @ i ax φ if and only if the world (say w ′ ) corresponding to the nominal ax for the depth i is such that M , w ′ | = φ .Proof. Both directions are straightforward. Recall that @ i ax φ is defined as ⟨ t ⟩ i ( (cid:51) ax ∧ φ ) . Moreover, as we are working underthe hypothesis that M , w | = init ( j ) ∧ nom i ( ax ) , by Lemma C.2, ax is a nominal for the depth i . In the following, let w ′ be theworld in R i ( w ) corresponding to the nominal ax (i.e. w ′ has an ax -child).( ⇒ ): Suppose M , w | = @ i ax φ . By definition, there is w ′′ ∈ R i ( w ) s.t. M , w ′′ | = (cid:51) ax ∧ φ . Since ax is a nominal for the depth i ,we conclude that w ′ = w ′′ and hence M , w ′′ | = φ .( ⇐ ): Suppose that w ′ is such that M , w ′ | = φ . By definition, w ′ is the world corresponding to the nominal ax (for the depth i ). Hence M , w ′ | = (cid:51) ax . Since w ′ ∈ R i ( w ) by M , w | = init ( j ) we conclude that there is a path of t -nodes from w to w ′ , oflength i . Thus, M , w | = ⟨ t ⟩ i ( (cid:51) ax ∧ φ ) . □ Lemma C.4.
Let ax (cid:44) bx ∈ Aux and < i ≤ j ∈ N . Suppose M , w | = init ( j ) . M , w | = nom i ( ax (cid:44) bx ) if and only if ax and bx are nominals for the depth i , corresponding to two different worlds.Proof. Given Lemmata C.2 and C.3, this proof is straightforward. Recall that nom i ( ax (cid:44) bx ) def = nom i ( ax ) ∧ nom i ( bx ) ∧ ¬ @ i ax (cid:51) bx .( ⇒ ): Suppose M , w | = nom i ( ax (cid:44) bx ) . By Lemma C.2 ax and bx are nominals for depth i . Let w ax (resp. w bx ) be theworld in R i ( w ) corresponding to the nominal ax (resp. bx ). Notice that, in particular, M , w bx | = (cid:51) bx . By M , w | = ¬ @ i ax (cid:51) bx and Lemma C.3, we conclude that M , w ax ̸| = (cid:51) bx . Thus, w ax (cid:44) w bx .( ⇐ ): This direction is analogous and simply relies on Lemmata C.2 and C.3. □ C.2 Formal semantics of the inductively defined formulae used for type ( j ) Let us formalise the expected semantics of the formulae introduced in order to define type ( j ) , and whose definition is inductive.Let M = ( W , R , V ) be a finite forest and w ∈ W . Let 1 ≤ i ≤ j and let ax (cid:44) bx ∈ Aux . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany ( fork ij ( ax , bx ) ): Suppose M , w | = init ( j ) . M , w | = fork ij ( ax , bx ) if and only if (i) w has exactly two t -children and exactly two paths of t -nodes, both of length i ; (ii) one of these two paths ends on a world (say w ax ) corresponding to the nominal ax whereas the other ends on a world(say w bx ) corresponding to the nominal bx ; (iii) if i < j then ( M , w ax ) and ( M , w bx ) satisfy type lsr ( j − i ) def = type ( j − i ) ∧[ t ]( (cid:51) l ∧ (cid:51) s ∧ (cid:51) r ) . ( [ ax < bx ] ij ): Suppose M , w | = init ( j ) ∧ fork ij ( ax , bx ) . M , w | = [ ax < bx ] ij if and only if there are two distinct t -nodes w ax , w bx ∈ R i ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n ( w ax ) < n ( w bx ) . ( [ bx = ax + ] j ): Suppose M , w | = init ( j ) ∧ fork j ( ax , bx ) . M , w | = [ bx = ax + ] j if and only if there are two distinct t -nodes w ax , w bx ∈ R ( w ) such that w ax corresponds to thenominal ax , w bx corresponds to the nominal bx and n ( w bx ) = n ( w ax ) + ( uniq ( j ) ): Suppose M , w | = init ( j ) ∧ sub ( j ) ∧ aux . M , w | = uniq ( j ) if and only if ( M , w ) satisfies (uniq j ), i.e. distinct t -nodes in R ( w ) encode different numbers. ( compl ( j ) ): Suppose M , w | = init ( j ) ∧ sub ( j ) ∧ aux . M , w | = compl ( j ) if and only if ( M , w ) satisfies (compl j ), i.e. for every t -node w ∈ R ( w ) , if n ( w ) < t ( j , n ) − n ( w ) = n ( w ) + t -node w ∈ R ( w ) . ( type ( j ) ): Suppose M , w | = init ( j ) . M , w | = type ( j ) if and only if ( M , w ) satisfies (sub j ), (zero j ), (uniq j ), (compl j ) and (aux).The formulae sub ( j ) , aux and zero ( j ) ( j ≥
1) are also required in order to define correctly type ( j ) . However their definitionand proof of correctness are straightforward. Hence we omit the proofs, and simply state the expected semantics of theseformulae. It should be noted that a formal proof of zero ( j ) relies on type ( j − ) , which (as we will see multiple times in thenext sections), we can assume to be correctly defined by inductive hypothesis (on j ). Lemma C.5.
Let j ≥ . Let M = ( W , R , V ) be a finite forest and w ∈ W . • M , w | = sub ( j ) if and only if ( M , w ) satisfies (sub j ), i.e. every t-node in R ( w ) satisfies type ( j − ) . • M , w | = aux if and only if ( M , w ) satisfies (aux), i.e. w is a t-node, every t-node in R ( w ) has one x -child and one y -child,and every t-node in R ( w ) has three children satisfying l , r and s , respectively. • Suppose M , w | = sub ( j ) . M , w | = zero ( j ) if and only if ( M , w ) satisfies (zero j ), i.e. there is a t-node ˜ w ∈ R ( w ) s.t. n ( ˜ w ) = . We now prove the correctness of all the formulae listed above, starting from the base case where j = i = j , to then showthe proof for 1 ≤ i < j . C.3 Base case i = j / j = : Correctness of fork jj ( ax , bx ) , [ ax < bx ] jj and [ bx = ax + ] In the following statements and proofs, let M = ( W , R , V ) be a finite forest and w ∈ W . Lemma C.6.
Let ax (cid:44) bx ∈ Aux and j ≥ . Suppose M , w | = init ( j ) . M , w | = fork jj ( ax , bx ) if and only if1. w has exactly two t-children and exactly two paths of t-nodes, both of length j , ending in two t-nodes (say w and w );2. w corresponds to the nominal ax (for the depth j ), whereas w corresponds to the nominal bx (for the depth j ).Proof. Reall that fork jj ( ax , bx ) is defined as (cid:51) = t ∧ [ t ] ⊞ j − ( t ⇒ (cid:51) = t ) ∧ nom j ( ax (cid:44) bx ) .( ⇒ ): Suppose M , w | = fork jj ( ax , bx ) . By M , w | = (cid:51) = t , w has exactly two t -children (let us say w ′ and w ′ ). Then, by M , w | = [ t ] ⊞ j − ( t ⇒ (cid:51) = t ) , it is easy to show that • there is exactly one path of t -nodes of length j −
1, starting in w ′ and ending in a t -node w ∈ R j ( w ) ; • there is exactly one path of t -nodes of length j −
1, starting in w ′ and ending in a t -node w ∈ R j ( w ) .Then, the property (1) of the statement is verified and { w , w } = R j ( w ) . The property (2) of the statement is then verified bysimply applying Lemma C.4.( ⇐ ): This direction is straightforward. In short, from (1) we conclude that M , w | = (cid:51) = t ∧ [ t ] ⊞ j − ( t ⇒ (cid:51) = t ) , whereas from(2) together with Lemma C.4 we have M , w | = nom j ( ax (cid:44) bx ) . □ Lemma C.7.
Let ax (cid:44) bx ∈ Aux and j ≥ . Suppose M , w | = init ( j ) ∧ fork jj ( ax , bx ) . M , w | = [ ax < bx ] jj if and only if there are two distinct t-nodes w ax , w bx ∈ R j ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n ( w ax ) < n ( w bx ) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Proof.
Recall that [ ax < bx ] jj is defined as (cid:212) u ∈[ , n ] (cid:0) @ j ax ¬ p u ∧ @ j bx p u ∧ (cid:211) v ∈[ u + , n ] ( @ j ax p v ⇔ @ j bx p v ) (cid:1) . The proof uses standardproperties of numbers encoded in binary. Let x , y be two natural numbers that can be represented in binary by using n bits.Let us denote with x i (resp. y i ) the i -th bit of the binary representation of x (resp. y ). We have that x < y if and only if(A) there is a position i ∈ [ , n ] such that x i = y i = j > i , x j = ⇔ y j = [ ax < bx ] jj uses exactly this characterisation in order to state that n ( w ax ) < n ( w bx ) .In the following, since we are working under the hypothesis that M , w | = init ( j ) ∧ fork jj ( ax , bx ) , let w ax (resp. w bx ) be theworld corresponding to the nominal ax (resp. bx ), w.r.t. the depth j .( ⇒ ): Suppose M , w | = [ ax < bx ] jj . Then there is u ∈ [ , n ] s.t. M , w | = @ j ax ¬ p u ∧ @ j bx p u ∧ (cid:211) v ∈[ u + , n ] ( @ j ax p v ⇔ @ j bx p v ) .By Lemma C.3 and M , w | = @ j ax ¬ p u ∧ @ j bx p u we conclude that M , w ax | = ¬ p u and M , w bx | = p u . Hence, the u -th bit is 0 inthe number encoded by w ax , whereas it is 1 in the number encoded by w bx , as required by (A). Similarly, by Lemma C.3 and M , w | = (cid:211) v ∈[ u + , n ] ( @ j ax p v ⇔ @ j bx p v ) , we conclude that for every v ∈ [ u + , n ] , M , w ax | = p v if and only if M , w bx | = p v .This corresponds to the property (B) above, leading to n ( w ax ) < n ( w bx ) .( ⇐ ): This direction follows similar arguments (backwards). □ Lemma C.8.
Let ax (cid:44) bx ∈ Aux . Suppose M , w | = init ( ) ∧ fork ( ax , bx ) . M , w | = [ bx = ax + ] if and only if there are two distinct t-nodes w ax , w bx ∈ R ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n ( w bx ) = n ( w ax ) + .Proof. Recall the definition of [ bx = ax + ] : (cid:220) u ∈[ , n ] (cid:0) @ ax (¬ p u ∧ (cid:219) v ∈[ , u − ] p v ) ∧ @ bx ( p u ∧ (cid:219) v ∈[ , u − ] ¬ p v )∧ (cid:219) v ∈[ u + , n ] ( @ ax p v ⇔ @ bx p v ) (cid:1) The proof uses standard properties of numbers encoded in binary. Let x , y be two natural numbers that can be represented inbinary by using n bits. Let us denote with x i (resp. y i ) the i -th bit of the binary representation of x (resp. y ). We have that y = x + i ∈ [ , n ] such that x i = y i = j > i , x j = ⇔ y j = j < i , x j = y j = x < y given in Lemma C.7. The formula [ bx = ax + ] uses exactly thischaracterisation in order to state that n ( w bx ) = n ( w ax ) + M , w | = init ( ) ∧ fork ( ax , bx ) , there are two distinct worlds w ax and w bx corresponding to the two nominals ax and bx for the depth 1, respectively. Then, the proof of this lemma follows closely theproof of Lemma C.7, and enforcing (C) by means of the subformula @ ax (¬ p u ∧ (cid:211) v ∈[ , u − ] p v ) ∧ @ bx ( p u ∧ (cid:211) v ∈[ , u − ] ¬ p v ) . □ C.4 Base case i = j / j = : Correctness of uniq ( ) and compl ( ) In the following statements and proofs, let M = ( W , R , V ) be a finite forest and w ∈ W . Lemma C.9.
Suppose M , w | = init ( ) ∧ aux . M , w | = uniq ( ) if and only if ( M , w ) satisfies (uniq ), i.e. distinct t-nodes in R ( w ) encode different numbers.Proof. Let us recall that uniq ( ) def = ¬ (cid:0) ⊤ ∗ ( fork ( x , y ) ∧ [ x = y ] ) (cid:1) where [ x = y ] stands for ¬([ x < y ] ∨ [ y < x ] ) .( ⇒ ): Conversely, suppose that there are two distinct t -nodes w x and w y encoding the same number. Since M , w | = init ( ) ∧ aux , every world in R ( w ) has exactly one child satisfying x and exactly one (different) child satisfying y . Let us then considerthe submodel M ′ = ( W , R , V ) where R ( w ) = { w x , w y } , R ( w x ) = { w } and R ( w y ) = { w } , so that w satisfies x whereas w satisfies y . By Lemma C.6, M ′ , w | = fork ( x , y ) . By hypothesis, n ( w x ) = n ( w y ) and therefore we also have M ′ , w | = [ x = y ] .Thus, by definition, M , w ̸| = uniq ( ) .( ⇐ ): Again conversely, suppose that M , w ̸| = uniq ( ) and therefore M , w | = ⊤ ∗ ( fork ( x , y ) ∧ [ x = y ] ) . Then, by definitionthere is a submodel M ′ = ( W , R , V ) of M such that M ′ , w | = fork ( x , y ) ∧ [ x = y ] . Moreover, since the satisfaction of init ( ) is monotonic w.r.t. submodels, we have M ′ , w | = init ( ) . We can then apply Lemmata C.6 and C.7 in order to conclude thatthere are two distinct worlds w x and w y in R ′ ( w ) such that n ( w x ) = n ( w y ) . Since the encoding of a number (for j =
1) onlydepends on the satisfaction of the propositional symbols p , . . . , p n on a certain world, we conclude that the same propertyholds for M : the two worlds w x and w y in R ( w ) are such that n ( w x ) = n ( w y ) . Therefore, ( M , w ) does not satisfy (uniq ). □ odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Lemma C.10.
Suppose M , w | = init ( ) ∧ aux . M , w | = compl ( ) if and only if ( M , w ) satisfies (compl ), i.e. for every t-node w ∈ R ( w ) , if n ( w ) < n − then n ( w ) = n ( w ) + for some t-node w ∈ R ( w ) .Proof. Recall that compl ( ) is defined as: ¬ (cid:0) (cid:50) ⊥ ∗ (cid:0) [ t ] (cid:51) y ∧ @ x ¬ ∧ ¬(⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] )) (cid:1)(cid:1) . ( ⇒ ): Suppose M , w | = compl ( ) . By definition of | = , this implies that for any M ′ = ( W , R ′ , V ) submodel of M suchthat R ′ ( w ) = R ( w ) , if M ′ , w | = [ t ] (cid:51) y ∧ @ x ¬ , then M ′ , w | = ⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] ) . Then, let us pick a t -node w x ∈ R ′ ( w ) = R ( w ) such that n ( w x ) < n −
1. We show that there must be a world w y ∈ R ′ ( w ) such that n ( w y ) = n ( w x ) + M ′′ = ( W , R ′ , V ) of M such that for every w ∈ W , if w (cid:44) w x then R ′ ( w ) = R ( w ) andotherwise R ′ ( w x ) = { w } where w is the only Aux -child of w x (w.r.t. R ) satisfying x . Notice that w exists and it is unique by M , w | = init ( ) ∧ aux . Moreover, w x corresponds in M ′ to the nominal x for the depth 1. Again by M , w | = init ( ) ∧ aux , weconclude that M ′ , w | = [ t ] (cid:51) y . Moreover, since n ( w x ) < n −
1, by Lemma C.3 we have M ′ , w | = @ x ¬ . Hence by hypothesis, M ′ , w | = ⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] ) . Then, let M ′′ = ( W , R ′′ , V ) ⊑ M ′ be such that M ′′ , w | = fork ( x , y ) ∧ [ y = x + ] .By Lemmata C.6 and C.8, there is w y ∈ R ′′ ( w ) such that n ( w y ) = n ( w x ) +
1. Since the encoding of a number (for j =
1) onlydepends on the satisfaction of the propositional symbols p , . . . , p n on a certain world, we conclude that the same propertyholds for M . Thus, ( M , w ) satisfies (compl ).( ⇐ ): Suppose that ( M , w ) satisfies (compl ), and ad absurdum assume that M , w ̸| = compl ( ) , hence M , w | = (cid:50) ⊥ ∗ (cid:0) [ t ] (cid:51) y ∧ @ x ¬ ∧ ¬(⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] )) (cid:1) . Then, there is a submodel M ′ = ( W , R ′ , V ) of M such that R ′ ( w ) = R ( w ) and M ′ , w | = [ t ] (cid:51) y ∧ @ x ¬ ∧ ¬(⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] )) . Notice that this formula does not enforce x to be a nominalfor the depth 1, however from M ′ , w | = @ x ¬ we deduce that there is at least one t -node w x such that M ′ , w x | = (cid:51) x ∧ ¬ .Then, n ( w x ) < n − t -node w y such that n ( w y ) = n ( w x ) +
1. Let us consider now the submodel M ′′ = ( W , R ′′ , V ) of M ′ where R ′′ ( w ) = { w x , w y } , R ′′ ( w x ) = { w } and R ′′ ( w y ) = { w } , where w (resp. w ) is the only Aux -children of w x (resp. w y ) that satisfies x (resp. y ). The existence of w and w is guaranteed by M ′ , w x | = (cid:51) x ∧ ¬ and M ′ , w | = [ t ] (cid:51) y . By Lemma C.6, M ′′ , w | = fork ( x , y ) . Moreover, as the encoding of a number (for j =
1) only depends onthe satisfaction of the propositional symbols p , . . . , p n on a certain world, M ′′ , w | = [ y = x + ] . Then, we conclude that M ′ , w | = ⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] ) , in contradiction with M ′ , w | = [ t ] (cid:51) y ∧ @ x ¬ ∧ ¬(⊤ ∗ ( fork ( x , y ) ∧ [ y = x + ] )) .Thus, M , w | = compl ( ) . □ C.5 Proof of Lemma 4.1 and satisfiability of type ( ) Proof. (Lemma 4.1) Follows directly from Lemmata C.5, C.9 and C.10. □ A quick check of init ( ) and the conditions (sub ), (zero ), (uniq ), (compl ) and (aux) should convince the reader that theyare simultaneously satisfiable, leading to init ( ) ∧ type ( ) being satisfiable. However, in the following we provide an explicitmodel satisfiying this formula Lemma C.11. init ( ) ∧ type ( ) is satisfiable.Proof. Consider the finite forest M = ( W , R , V ) and a world w such that1. R is the minimal set of pairs such that R ( w ) = { w , . . . , w n − } (where w , . . . , w n − are all distinct worlds), and forevery i ∈ [ , n − ] , R ( w i ) = { w x i , w y i } (again, w x i , w y i distincts);2. W = { w } ∪ R ( w ) ∪ (cid:208) w ′ ∈ R ( w ) R ( w ′ ) ;3. V ( x ) = { w x , . . . , w x n − } , V ( y ) = { w y , . . . , w y n − } and for every i ∈ [ , n − ] and j ∈ [ , n ] , w i ∈ V ( p j ) if and only if the j -th bit in the binary encoding of i is 1.It is easy to check that ( M , w ) satisfies init ( ) as well as (sub ), (zero ), (uniq ), (compl ) and (aux). Thus, by Lemma 4.1 M , w | = init ( ) ∧ type ( ) . □ C.6 Inductive case ≤ i < j : Correctness of fork ij ( ax , bx ) , lsr ( j ) , [ ax < bx ] ij and [ bx = ax + ] j In the following statements and proofs, let M = ( W , R , V ) be a finite forest and w ∈ W . Let 1 ≤ i < j . We show the correctnessof the definitions of fork ij ( ax , bx ) , lsr ( j ) , [ ax < bx ] ij and [ bx = ax + ] j , under the inductive hypothesis that all the statementsin Appendix C.2 holds for all i ′ , j ′ ∈ N such that 1 ≥ i ′ ≥ j ′ ≥ j and ( j ′ < j or j ′ − i ′ < j − i ).First of all, assume for a moment that type ( j ) is correctly defined, with semantics as in C.2. Then the following result holds. Lemma C.12.
Let ≤ i ≤ j with j ≥ . Let M = ( W , R , V ) and w ∈ W such that M , w | = init ( j ) ∧ type ( j ) . Consider a world w ′ ∈ R i ( w ) and a number m ∈ [ , t ( j − i , n ) − ] . Lastly, suppose M ′ ⊑ M such that M ′ , w ′ | = type ( j − i ) . Then, n j − i ( w ′ ) = m w.r.t. ( M , w ′ ) if and only if n j − i ( w ′ ) = m w.r.t. ( M ′ , w ′ ) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Proof.
The proof is rather straightforward. From the semantics of type ( j ) , w.r.t. any of the two models ( M , w ′ ) or ( M ′ , w ′ ) , n j − i ( w ′ ) is encoded by using1. the t -nodes reachable from w ′ in at most j − i steps;2. the { x , y } -nodes reachable from w ′ in exactly 2 steps;3. the Aux -nodes reachable from w ′ in at least 3 steps and at most j − i + M ′ = ( W , R , V ) . From M ′ , w ′ | = type ( j − i ) we can show that the accessibility to all these nodes is preserved between ( M , w ′ ) and ( M ′ , w ′ ) , leading to the result (or rather, that losing the accessibility to any of these nodes leads to a model notsatisfying type ( j − i ) ). Indeed,1. suppose that there is a t -node w ∈ R k ( w ′ ) , with k ∈ [ , j − i ] , not in R k ( w ′ ) . Let w be the parent of w in R . Then inparticular, w ∈ R k − ( w ′ ) and ( w , w ) ∈ R . Since w (cid:60) R k ( w ′ ) , we conclude that ( M ′ , w ) does not satisfy (compl j ) andtherefore M ′ , w ̸| = type ( j − i − k ) . Then, ( M ′ , w ′ ) cannot satisfy (sub j ), in contradiction with M ′ , w ′ | = type ( j − i ) ;2. suppose that one { x , y } -node in R ( w ′ ) is not in R ( w ′ ) . Then trivially ( M ′ , w ′ ) cannot satisfy (aux), in contradictionwith M ′ , w ′ | = type ( j ) ;3. similarly, suppose that one Aux -node in R k ( w ′ ) , where k ∈ [ , j − i + ] , is not in R ( w ′ ) . Then again ( M ′ , w ′ ) cannotsatisfy (aux), in contradiction with M ′ , w ′ | = type ( j ) . □ Lemma C.13.
Let ax (cid:44) bx ∈ Aux and ≤ i < j . Suppose M , w | = init ( j ) . M , w | = fork ij ( ax , bx ) if and only if (i) w has exactly two t-children and exactly two paths of t-nodes, both of length i ; (ii) one of these two paths ends on a world (say w ax ) corresponding to the nominal ax whereas the other ends on a world (say w bx )corresponding to the nominal bx ; (iii) ( M , w ax ) and ( M , w bx ) satisfy type lsr ( j − i ) def = type ( j − i ) ∧ [ t ]( (cid:51) l ∧ (cid:51) s ∧ (cid:51) r ) .Proof. Recall that fork ij ( ax , bx ) is defined as fork ii ( ax , bx ) ∧ [ t ] i type lsr ( j − i ) . We have: • M , w | = fork ii ( ax , bx ) if and only if (by Lemma C.6) (i) w has exactly two t -children and exactly two paths of t -nodes,both of length j ; (ii) one of these two paths ends on a world corresponding to the nominal ax whereas the other ends ona world corresponding to the nominal bx . • Let w ax , w bx ∈ R i ( w ) , since M , w | = [ t ] i type lsr ( j − i ) we get M , w ′ | = type lsr ( j − i ) , for w ′ ∈ { w ax , w bx } .This concludes the proof. □ Lemma C.14.
Let ≤ i < j . Suppose M , w | = init ( j ) . M , w | = lsr ( j − i ) if and only if1. M , w | = type ( j − i ) ;2. every t-node in R ( w ) has exactly one Aux -child satisfying an atomic proposition from { l , s , r } ;3. exactly one t-node in R ( w ) (say w s ) has an Aux -child satisfying s ;4. given w ′ ∈ R ( w ) , w ′ has an Aux -child satisfying l if and only if n ( w ′ ) > n ( w s ) ;5. given w ′ ∈ R ( w ) , w ′ has an Aux -child satisfying r if and only if n ( w ′ ) < n ( w s ) .Proof. This proof is rather straightforward. Recall that lsr ( j − i ) is defined as type ( j − i ) ∧ [ t ] (cid:51) = ( l ∨ s ∨ r ) ∧ nom ( s ) ∧ ¬(⊤ ∗ ( fork j − i ( s , l ) ∧ ¬[ s < l ] j − i )) ∧ ¬(⊤ ∗ ( fork j − i ( s , r ) ∧ ¬[ r < s ] j − i )) . Then, • the first conjunct of lsr ( j − i ) , i.e. type ( j − i ) , directly realises the requirement (1); • the second conjunct of lsr ( j − i ) , i.e. [ t ] (cid:51) = ( l ∨ s ∨ r ) , directly realises the requirement (2); • the third conjunct of lsr ( j − i ) , i.e. nom ( s ) , directly realised the requirement (3); • the fourth conjunct of lsr ( j − i ) realises the requirement (4). Suppose M , w | = ¬(⊤ ∗ ( fork j − i ( s , l ) ∧ ¬[ s < l ] j − i )) .Then, for all submodels M ′ ⊑ M , if M ′ , w | = fork j − i ( s , l ) then M ′ , w | = [ s < l ] j − i . Let w ′ ∈ R ( w ) be such that w ′ hasan Aux -child satisfying l . Then by Lemma C.13 M , w | = fork j − ( s , l ) and as a consequence M , w | = [ s < l ] j − i . Let usconsider M ′ = ( W , R ′ , W ) obtained from M by removing from R every pair ( w , w ) ∈ R such that – w and w are t -nodes; – ( w , w ) does not belong to the path from w to w s , nor to the path from w to w ′ ; – ( w , w ) does not belong to any path starting from w s or w ′ .Then, we can show that M ′ , w | = fork j − i ( s , l ) and therefore, by hypothesis, M ′ , w | = [ s < l ] j − i . By inductive hypothesis,from [ s < l ] j − i we conclude that n ( w ′ ) > n ( w s ) with respect to ( M ′ , w ) . Now, from M ′ , w | = fork j − i ( s , l ) we alsoconclude that M ′ , w s | = type ( j − i ) and M ′ , w ′ | = type ( j − i ) . Then, by C.12, n ( w ′ ) > n ( w s ) also holds with respect to ( M , w ) . The other direction is analogous; odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany • the fifth conjunct of lsr ( j − i ) realises the requirement (5). The proof is similar to the one for the requirement (4), justabove. □ We prove a technical lemma that will help us with the proof of correctness of [ ax < bx ] ij and [ bx = ax + ] j . Lemma C.15.
Let ax (cid:44) bx ∈ Aux and ≤ i < j . Suppose that ( M , w ) is such that R i ( w ) = { w ax , w bx } for some t-nodes w ax and w bx in W , and these two worlds satisfy the conditions of lsr ( j − i ) , i.e. for every b ∈ { ax , bx } (A) M , w b | = type ( j − i ) ;(B) every t-node in R ( w b ) has exactly one Aux -child satisfying an atomic proposition from { l , s , r } ;(C) exactly one t-node in R ( w b ) (say w b , s ) has an Aux -child satisfying s ;(D) given w ′ ∈ R ( w b ) , w ′ has an Aux -child satisfying l if and only if n ( w ′ ) > n ( w b , s ) ;(E) given w ′ ∈ R ( w b ) , w ′ has an Aux -child satisfying r if and only if n ( w ′ ) < n ( w b , s ) .Then,I. M , w | = S ij ( ax , bx ) if and only if n ( w ax , s ) = n ( w bx , s ) , M , w ax , s | = ¬ val and M , w bx , s | = val ;II. M , w | = L ij ( ax , bx ) if and only if for every two worlds w ax , l ∈ R ( w ax ) and w bx , l ∈ R ( w bx ) such that n ( w ax , l ) > n ( w ax , s ) and n ( w bx , l ) > n ( w bx , s ) , if n ( w ax , l ) = n ( w bx , l ) then, M , w ax , l | = val if and only if M , w bx , l | = val .III. If i = then, M , w | = R ( ax , bx ) if and only if • for every world w ax , r ∈ R ( w ax ) , if n ( w ax , r ) < n ( w ax , s ) then M , w ax , r | = val ; • for every world w bx , r ∈ R ( w bx ) , if n ( w bx , r ) < n ( w bx , s ) then M , w bx , r | = ¬ val .Proof. We will prove each item.(Proof of I) We recall that S ij ( ax , bx ) is defined as ⊤ ∗ (cid:0) fork i + j ( x , y ) ∧ @ i ax ⟨ t ⟩( (cid:51) s ∧ (cid:51) x ) ∧ @ i bx ⟨ t ⟩( (cid:51) s ∧ (cid:51) y ) ∧ [ x = y ] i + j ∧ @ i + x ¬ val ∧ @ i + y val (cid:1) .( ⇒ ): Suppose M , w | = S ij ( ax , bx ) . By unfolding the definition just given, there exists M ′ = ⟨ W , R , V ⟩ , such that M ′ ⊑ M and:a. w has exactly two t -children and exactly two paths of t -nodes, both of length i + w x ) corresponding to the nominal x whereas the other ends on a world(say w y ) corresponding to the nominal y ;c. there exists a t -world w ax ∈ R i ( w ) corresponding to the nominal ax such that M ′ , w ax | = ⟨ t ⟩( (cid:51) s ∧ (cid:51) x ) ;d. there exists a t -world w bx ∈ R i ( w ) corresponding to the nominal bx such that M ′ , w bx | = ⟨ t ⟩( (cid:51) s ∧ (cid:51) y ) ;e. M ′ , w | = [ x = y ] i + j ;f. M ′ , w x | = ¬ val and M ′ , w y | = val .Let w ax , s ∈ R ( w ax ) and w bx , s ∈ R ( w bx ) be such that they are the only t -children of w ax and w bx respectively, havinga child satisfying s (notice they exist due to hypothesis ( C ) ). Notice by item b. above, there exists w ′ ∈ R ( w ax ) suchthat M ′ , w ′ | = t and M ′ , w | = (cid:51) s ∧ (cid:51) x . Since w ax , s is the only child of w ax having an s -child, then w ax , s = w ′ , and as aconsequence M ′ , w ax , s | = (cid:51) x . The same argument can be applied by using item c. above in order to get M ′ w bx , s | = (cid:51) y .By item a. and b. above, we have that the corresponding w x and w y must be the unique t -worlds at distance i + w having x and y children, respectively. Therefore, we have necessarily w ax , s = w x and w bx , s = w y , so M , w ax , s | = ¬ val and M , w bx , s | = val as wanted (by using item f. above).Finally, by applying inductive hypothesis on item e., together with Lemma C.12, we get n ( w ax , s ) = n ( w bx , s ) , whichconcludes the proof of this direction.( ⇐ ): For this direction, we can use a similar argument backwards.(Proof of II) We recall that L ij ( ax , bx ) is defined as ¬ (cid:0) ⊤ ∗ (cid:0) fork i + j ( x , y ) ∧ @ i ax ⟨ t ⟩( (cid:51) l ∧ (cid:51) x ) ∧ @ i bx ⟨ t ⟩( (cid:51) l ∧ (cid:51) y ) ∧ [ x = y ] i + j ∧¬( @ i + x val ⇔ @ i + y val ) (cid:1)(cid:1) .Notice also that by definition of the satisfaction relation | = , we have that M , w | = L ij ( ax , bx ) if and only if for all M ′ = ⟨ W , R , V ⟩ such that M ′ ⊑ M , we have M ′ , w | = ( fork i + j ( x , y ) ∧ @ i ax ⟨ t ⟩( (cid:51) l ∧ (cid:51) x ) ∧ @ i bx ⟨ t ⟩( (cid:51) l ∧ (cid:51) y ) ∧ [ x = y ] i + j ) ⇒ ( @ i + x val ⇔ @ i + y val ) ( ⇒ ): Suppose M , w | = L ij ( ax , bx ) . Then, for all M ′ = ⟨ W , R , V ⟩ such that M ′ ⊑ M , if the following conditions holda. w has exactly two t -children and exactly two paths of t -nodes, both of length i + w x ) corresponding to the nominal x whereas the other ends on a world(say w y ) corresponding to the nominal y ;c. there exists a t -world w ax ∈ R i ( w ) corresponding to the nominal ax such that M ′ , w ax | = ⟨ t ⟩( (cid:51) l ∧ (cid:51) x ) ; ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti d. there exists a t -world w bx ∈ R i ( w ) corresponding to the nominal bx such that M ′ , w bx | = ⟨ t ⟩( (cid:51) l ∧ (cid:51) y ) ;e. M ′ , w | = [ x = y ] i + j ;then it follows thatf. M ′ , w x | = val iff M ′ , w y | = val .By hypothesis, there exist w ax , w bx at distance i from w corresponding to nominals ax and bx , respectively. Let w ax , l ∈ R ( w ax )) and w bx , l ∈ R ( w bx )) such that n ( w ax , l ) > n ( w ax , s ) and n ( w bx , l ) > n ( w bx , s ) . If we are able to satisfy all theconditions a.–e. above, we can conclude what we want. Suppose n ( w ax , l ) = n ( w bx , l ) . By the induction hypothesis,together with Lemma C.12, we get M , w | = [ x = y ] i + j . Also, since by hypothesis M , w b | = type ( j − i ) , for w b ∈ { w ax , w bx } ,then it is easy to check that we satisfy the remaining conditions above. Therefore we can conclude M ′ , w x | = val iff M ′ , w y | = val .( ⇐ ): The other direction uses similar steps backwards.(Proof of III) We recall that R ( ax , bx ) def = @ ax [ t ]( (cid:51) r ⇒ val ) ∧ @ bx [ t ]( (cid:51) r ⇒ ¬ val ) .( ⇒ ): Suppose M , w | = R ( ax , bx ) . By unfolding the definition above, there exist two distinct t -nodes w ax , w bx ∈ R ( w ) ,corresponding to nominals ax and bx respectively, such that:a. M , w ax | = [ t ]( (cid:51) r ⇒ val ) , andb. M , w bx | = [ t ]( (cid:51) r ⇒ ¬ val ) .By item ( C ) in the hypothesis, we know that there is exactly one t -node in R ( w ax ) (say w ax , s ) having an Aux -childsatisfying s . Let w ax , r ∈ R ( w ax ) be such that n ( w ax , r ) < n ( w ax , s ) . By item ( E ) in the hypothesis, there exists w ′ ∈ R ( w ax , r ) such that M , w ′ | = r , so M , w ax , r | = (cid:51) r . As a consequence, by the item a. above, we have M , w ax , r | = val .By applying the same reasoning with w bx , r ∈ R ( w bx ) such that n ( w bx , r ) < n ( w bx , s ) , and the item b. above, we get M , w bx , r | = ¬ val .( ⇐ ): This direction uses similar arguments (backwards). □ Lemma C.16.
Let ax (cid:44) bx ∈ Aux and ≤ i < j . Suppose M , w | = init ( j ) ∧ fork ij ( ax , bx ) . M , w | = [ ax < bx ] ij if and only if there are two distinct t-nodes w ax , w bx ∈ R i ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n ( w ax ) < n ( w bx ) .Proof. Recall that [ ax < bx ] ij is defined as ⊤ ∗ ( nom i ( ax (cid:44) bx ) ∧ [ t ] i lsr ( j − i ) ∧ S ij ( ax , bx ) ∧ L ij ( ax , bx )) . As in Lemma C.7, theproof uses standard properties of numbers encoded in binary. Again, let x , y be two natural numbers that can be representedin binary by using n bits. Let us denote with x i (resp. y i ) the i -th bit of the binary representation of x (resp. y ). We have that x < y if and only if(A) there is a position i ∈ [ , n ] such that x i = y i = j > i , x j = ⇔ y j = [ ax < bx ] ij uses exactly this characterisation in order to state that n ( w ax ) < n ( w bx ) .Suppose M , w | = init ( j ) ∧ fork ij ( ax , bx ) . From Lemma C.13, in ( M , w ) it holds that(i) w has exactly two t -children and exactly two paths of t -nodes, both of length i ;(ii) one of these two paths ends on a world (say w ax ) corresponding to the nominal ax whereas the other ends on a world(say w bx ) corresponding to the nominal bx ;(iii) ( M , w ax ) and ( M , w bx ) satisfy type lsr ( j − i ) def = type ( j − i ) ∧ [ t ]( (cid:51) l ∧ (cid:51) s ∧ (cid:51) r ) .To complete the proof, we prove each direction separately.( ⇒ ): Suppose M , w | = [ ax < bx ] ij . Then (by | = ) there exists M ′ = ⟨ W , R ′ , V ⟩ , such that M ′ ⊑ M and M ′ , w | = nom i ( ax (cid:44) bx ) ∧ [ t ] i lsr ( j − i ) ∧ S ij ( ax , bx ) ∧ L ij ( ax , bx ) .Then, from (i)–(iii), we can conclude that in ( M ′ , w ) , the two worlds w ax and w bx (corresponding to the nominals ax and bx in ( M , w ) ) are exactly the ones responsible for the satisfaction of nom i ( ax (cid:44) bx ) . Moreover, from M ′ , w | = [ t ] i lsr ( j − i ) and Lemma C.14, we have M ′ , w ax | = type ( j − i ) . Then, by Lemma C.12 we conclude that w ax encodes the same numberw.r.t. ( M , w ) and ( M ′ , w ) . The same property holds for w bx , since again by M ′ , w | = [ t ] i lsr ( j − i ) and Lemma C.14, we have M ′ , w bx | = type ( j − i ) . Lastly, again from Lemma C.14,1. every t -node in R ′ ( w ax ) and R ′ ( w bx ) has exactly one Aux -child satisfying an atomic proposition from { l , s , r } ;2. exactly one t -node in R ′ ( w ax ) (say w ax , s ) has an Aux -child satisfying s . Similarly, exactly one t -node in R ′ ( w bx ) (say w bx , s ) has an Aux -child satisfying s .3. given w ax , l ∈ R ′ ( w ax ) (resp. w bx , l ∈ R ′ ( w bx ) ), it has an Aux -child satisfying l if and only if n ( w ax , l ) > n ( w ax , s ) (resp. n ( w bx , l ) > n ( w bx , s ) ). odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Recall that the number n ( w ax ) (resp. n ( w bx ) ) is represented by the binary encoding of the truth values of val on the t -childrenof w ax (resp. w bx ) which, since ( M ′ , w ax ) | = type ( j − i ) (resp. ( M ′ , w bx ) | = type ( j − i ) ), are t ( j − i , n ) children implicitly orderedby the number they, in turn, encode. As ( M ′ , w ) satisfies the hypothesis of Lemma C.15, from M ′ , w | = S ij ( ax , bx ) ∧ L ij ( ax , bx ) we conclude that • n ( w ax , s ) = n ( w bx , s ) , M , w ax , s | = ¬ val and M , w bx , s | = val . Thus, in the binary representation of n ( w ax ) , the n ( w ax , s ) -bitis 0, whereas in the binary representation of n ( w bx ) , it is 1. Hence, the property (A) of numbers encoded in binary holdsfor n ( w ax ) and n ( w bx ) ; • for all worlds w ax , l ∈ R ( w ax ) and w bx , l ∈ R ( w bx ) such that n ( w ax , l ) > n ( w ax , s ) and n ( w bx , l ) > n ( w bx , s ) , if n ( w ax , l ) = n ( w bx , l ) then M , w ax , l | = val if and only if M , w bx , l | = val .Thus, the binary representation of n ( w ax ) and n ( w bx ) , is the same when restricted to the bits that are more significantthan n ( w ax , s ) (which is equal to n ( w bx , s ) by the previous case). Hence, the property (B) is also verified by n ( w ax ) and n ( w bx ) .Directly, we then conclude that n ( w ax ) < n ( w bx ) .( ⇐ ): The right-to-left direction is proven analogously by essentially relying on Lemma C.15 (I and II). □ Lemma C.17.
Let ax (cid:44) bx ∈ Aux and ≤ i < j . Suppose M , w | = init ( j ) ∧ fork j ( ax , bx ) . M , w | = [ bx = ax + ] j if and only if there are two distinct t-nodes w ax , w bx ∈ R ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n ( w bx ) = n ( w ax ) + .Proof. We recall the definition of [ bx = ax + ] j (where we expand the definition of LS j ( ax , bx ) given in the body of the paper): [ bx = ax + ] j def = ⊤∗ (cid:0) nom ( ax (cid:44) bx ) ∧ [ t ] lsr ( j − ) ∧ S j ( ax , bx ) ∧ L j ( ax , bx ) ∧ R ( ax , bx ) (cid:1) . As in Lemma C.8, the proof uses standard properties of numbers encoded in binary. Again, let x , y be two natural numbersthat can be represented in binary by using n bits. Let us denote with x i (resp. y i ) the i -th bit of the binary representation of x (resp. y ). We have that y = x + i ∈ [ , n ] such that x i = y i = j > i , x j = ⇔ y j = j < i , x j = y j = [ bx = ax + ] j uses exactly this characterisation in order to state that n ( w bx ) = n ( w ax ) + [ bx = ax + ] j can be obtained (syntactically) from the formula [ ax < bx ] j def = ⊤ ∗ ( nom ( ax (cid:44) bx ) ∧ [ t ] i lsr ( j − ) ∧ S j ( ax , bx ) ∧ L j ( ax , bx )) by simply adding the conjunct R ( ax , bx ) to the right of L j ( ax , bx ) . Because of this,it is easy to see that the proof of this lemma follows very closely the structure of the proof of Lemma C.16. Indeed, to prove (A)and (B) we essentially rely on Lemma C.15 (I and II), whereas to prove (C) we rely on the third point of Lemma C.15. □ C.7 Inductive case ≤ i < j : Correctness of uniq ( j ) and compl ( j ) Let M = ( W , R , V ) be a finite forest and w ∈ W . Lemma C.18.
Let j ≥ . Suppose M , w | = init ( j ) ∧ aux . M , w | = uniq ( j ) if and only if ( M , w ) satisfies (uniq j ), i.e. distinct t-nodes in R ( w ) encode different numbers.Proof. As in Lemma C.9, but using Lemma C.16 on the inductive formula [ x = y ] j . □ Lemma C.19.
Let j ≥ . Suppose M , w | = init ( j ) ∧ aux . M , w | = compl ( j ) if and only if ( M , w ) satisfies (compl j ), i.e. for every t-node w ∈ R ( w ) , if n ( w ) < t ( j , n ) − then n ( w ) = n ( w ) + for some t-node w ∈ R ( w ) .Proof. As in Lemma C.10, but using Lemma C.17 and the formula type lsr ( j − ) in order to properly evaluate fork j ( x , y ) . □ C.8 Proof of Lemma 4.2
Proof.
It follows directly from Lemmata C.5, C.18 and C.19. □ Again, a quick check of init ( j ) and the conditions (sub j ), (zero j ), (uniq j ), (compl j ) and (aux) should be enough to convincethe reader that they are simultaneously satisfiable, making init ( j ) ∧ type ( j ) also satisfiable. However, in the following weshow a model satisfying init ( j ) ∧ type ( j ) . Lemma C.20.
Let j ≥ . init ( j ) ∧ type ( j ) is satisfiable. ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Proof.
Let j ≥
2. By induction on j , we suppose that init ( j − ) ∧ type ( j − ) is satisfiable (we already treated the base casefor j = w , . . . , w t ( j , n )− distinct worlds. By the induction hypothesis, we can construct t ( j , n ) models M i = ( W i , R i , V i ) ( i ∈ [ , t ( j , n ) − ] ), so that w i ∈ W i and M i , w i | = init ( j − ) ∧ type ( j − ) . W.l.o.g. we canassume, for each two disjoint i , j ∈ [ , t ( j , n ) − ] , W i ∩ W j = ∅ . Similarly, we can assume that each M i is minimal, i.e. for every M ′ ⊑ M i different from M ′ , M ′ , w i ̸| = init ( j − ) ∧ type ( j − ) . This implies that w i does not have any Aux -children, andevery t -node in R i ( w i ) does not have { l , s , r } -children (as these two properties are not guaranteed by (aux)).Let w be a fresh world not appearing in the aforementioned models. Similarly, for every i ∈ [ , t ( j , n ) − ] , let w x i and w y i befresh worlds. Lastly, we also introduce, for every world w ∈ R i ( w i ) , three (distinct) new worlds w l w , w s w and w r w .Then, let us consider the model M = ( W , R , V ) defined as follows:1. W def = { w } ∪ W i ∪ { w x i , w y i | i ∈ [ , t ( j , n ) − ]} ∪ { w w l , w w s , w w r , | i ∈ [ , t ( j , n ) − ] , w ∈ R i ( w i )} R def = {( w , w ) , . . . , ( w , w t ( j , n )− )} ∪ (cid:208) i ∈[ , t ( j , n )− ] R i ∪ {( w i , w x i ) , ( w i , w y i ) | i ∈ [ , t ( j , n ) − ]}∪ {( w , w w l ) , ( w , w w s ) , ( w , w w r ) , | i ∈ [ , t ( j , n ) − ] , w ∈ R i ( w i )} V is such that • for every i ∈ [ , t ( j , n ) − ] , p ∈ AP and every w ′ ∈ R i ( w i ) , w ′ ∈ V ( p ) if and only if w ′ ∈ V i ( p ) . Hence, w.r.t. ( M , w ) ,the evaluations w.r.t. worlds in R i ( w ) ∩ W i is unchanged compared to the one in ( M i , w i ) . • For every i ∈ [ , t ( j , n ) − ] and every w ′ ∈ R i ( w i ) , w ′ ∈ V ( val ) if and only if w.r.t. ( M i , w i ) , the n ( w ′ ) -bit in the binaryrepresentation of i is 1. Notice that this will lead to n ( w i ) = i . • For every i ∈ [ , t ( j , n ) − ] and ax ∈ Aux , w x i ∈ V ( ax ) if and only if ax = x . Similarly, w y i ∈ V ( ax ) if and only if ax = y .Thus, every w x i is a x -node, whereas every w y i is a y -node. • For every ax ∈ Aux , w (cid:60) V ( ax ) and for every i ∈ [ , t ( j , n ) − ] , w i (cid:60) V ( ax ) . Moreover, for every w ∈ R i ( w i ) , w (cid:60) V ( ax ) (notice that, by minimality, w is a t -node also in M i ). Thus, w , w i and w (as above) are all t -nodes. • For every ax ∈ Aux , w (cid:60) V ( ax ) and for every i ∈ [ , t ( j , n ) − ] and w ∈ R i ( w i ) , (1) w l w ∈ V ( ax ) iff ax = l , (2) w s w ∈ V ( ax ) iff ax = s , (3) w r w ∈ V ( ax ) iff ax = r . Hence, every w l w , w s w and w r w (as above) is a l -node, s -node and r -node, respectively.We can check that ( M , w ) satisfies init ( j ) as well as (sub j ), (zero j ), (uniq j ), (compl j ) and (aux). Thus, by Lemma 4.2, M , w | = init ( j ) ∧ type ( j ) . □ C.9 Definitions and Proofs of Section 4.2
We develop the material from Section 4.2, providing all the necessary details. As usual, in the following we let M = ( W , R , V ) be a finite forest and consider one of its worlds w ∈ W .Let k ≥ (TT , c ) be an instance of Tile k , where TT = (T , H , V) and c ∈ T . In the following, we define a formula tiling TT , c ( k ) such that the following lemma holds. Lemma C.21. (TT , c ) as a solution for Tile k if and only if the formula tiling TT , c ( k ) is satisfiable. Recall that a solution for (TT , c ) w.r.t. Tile k is a map τ : [ , t ( k , n ) − ]×[ , t ( k , n ) − ] → T satisfying (first) and (hor&vert).W.l.o.g. we assume T to be a set of atomic propositions, disjoint from { p , . . . , p n , val } ∪ Aux used in the definition of type ( j ) .Let us first describe how to represent a grid [ , t ( k , n ) − ] in the pointed forest ( M , w ) . We use the same ideas needed inorder to define type ( k ) , but with some minor modifications. As previously stated, if M , w | = type ( k ) then given a t -node w ′ ∈ R ( w ) , the number n ( w ′ ) ∈ [ , t ( k , n ) − ] is encoded using the t -children of w ′ , where the numbers encoded by thesechildren represent positions in the binary encoding of n ( w ′ ) . Instead of being a single number, a position in the grid is a pairof numbers ( h , v ) ∈ [ , t ( k , n ) − ] . Hence, in a model ( M , w ) satisfying tiling TT , c ( k ) we require that w ′ ∈ R ( w ) encodes twonumbers n H ( w ′ ) and n V ( w ′ ) , and say that w ′ encodes the position ( h , v ) if and only if n H ( w ′ ) = h and n V ( w ′ ) = v . Sinceboth numbers are from [ , t ( k , n ) − ] , the same amount of t -children as in type ( k ) can be used in order to encode both n H ( w ′ ) and n V ( w ′ ) . Thus, we rely on the formula type ( k − ) to force w ′ to have the correct amount of t -children, by requiring it tohold in ( M , w ′ ) . Similarly to what is done previously for type ( j ) ( j ≥ n H ( w ′ ) and n V ( w ′ ) by usingthe truth value, on the t -children of w ′ , of two new atomic propositions val H and val V , respectively. Then, we use similarformulae to zero ( k ) , uniq ( k ) and compl ( k ) in order to state that w witnesses exactly one child for each position in the grid.Once the grid is encoded, the tiling conditions can be enforced rather easily.We introduce the formula grid TT ( k ) that characterises the set of models encoding the [ , t ( k , n ) − ] grid. A model ( M = ( W , R , V ) , w ) satisfying grid TT ( k ) is such that: (zero TT , k ) One t -node in R ( w ) encodes the position ( , ) , i.e. there is an t -node ˜ w ∈ R ( w ) s.t. n H ( ˜ w ) = n V ( ˜ w ) = (uniq TT , k ) for all two distinct t -nodes w , w ∈ R ( w ) , n H ( w ) (cid:44) n H ( w ) or n H ( w ) (cid:44) n H ( w ) ; (compl TT , k ) for every t -node w ∈ R ( w ) , odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany • if n H ( w ) < t ( j , n ) − n H ( w ) = n H ( w ) + n V ( w ) = n V ( w ) , for some t -node w ∈ R ( w ) ; • if n V ( w ) < t ( j , n ) − n V ( w ) = n V ( w ) + n H ( w ) = n H ( w ) , for some t -node w ∈ R ( w ) ; (init/sub/aux) ( M , w ) satisfies init ( k ) , sub ( k ) and aux ;It is easy to see that, with these conditions, ( M , w ) correctly encodes the grid. The definition of grid TT ( k ) follows rather closelythe definition of type ( j ) . It is defined as zero TT ( k ) ∧ uniq TT ( k ) ∧ compl TT ( k ) ∧ init ( k ) ∧ sub ( k ) ∧ aux where each conjunct expresses the homonymous property above. In order to define the first three conjuncts of grid TT ( k ) (hencecompleting its definition) we start by defining the formulae [ ax D = bx ] k and [ bx D = ax + ] k , where D ∈ {H , V} . Similarly to [ ax = bx ] k and [ bx = ax + ] k , Given a model ( M = ( W , R , V ) , w ) satisfying fork k ( ax , bx ) , and the two t -nodes w ax , w bx ∈ R ( w ) corresponding to the nominals ax and bx , respectively, • [ ax D = bx ] k states that n D ( w ax ) = n D ( w bx ) ; • [ bx D = ax + ] k states that n D ( w bx ) = n D ( w ax ) + [ ax D = bx ] k we simply require that for all two t -children w x ∈ R ( w ax ) and w y ∈ R ( w bx ) , if n ( w x ) = n ( w y ) then w x and w y agree on the satisfaction of val D . In formula: [ ax D = bx ] k def = ¬ (cid:0) ⊤ ∗ ( fork k ( x , y ) ∧ @ ax ⟨ t ⟩ (cid:51) x ∧ @ bx ⟨ t ⟩ (cid:51) y ∧ [ x = y ] k ∧ ¬( @ x val D ⇔ @ y val D )) (cid:1) . Lemma C.22.
Let ax (cid:44) bx ∈ Aux and k ≥ . Suppose M , w | = init ( k ) ∧ fork k ( ax , bx ) . M , w | = [ ax D = bx ] k if and only if there are two distinct t-nodes w ax , w bx ∈ R i ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n D ( w ax ) = n D ( w bx ) .Proof. This proof is similar to the one of Lemma C.15 (II). Since M , w | = init ( k ) ∧ fork k ( ax , bx ) , by Lemma C.13 there aretwo worlds w ax and w bx in R ( w ) corresponding to the nominals (for the depth 1) ax and bx , respectively.( ⇒ ): Suppose M , w | = [ ax D = bx ] k . Then, for every M ′ = ( W , R , V ) , if M ′ ⊑ M and M ′ , w | = fork k ( x , y ) ∧ @ ax ⟨ t ⟩ (cid:51) x ∧ @ bx ⟨ t ⟩ (cid:51) y ∧ [ x = y ] k then M ′ , w | = @ x val D ⇔ @ y val D . Now, from M , w | = fork k ( ax , bx ) we have M , w ax | = type ( k − ) and M , w bx | = type ( k − ) (notice that then, all the worlds in R ( w ax ) ∪ R ( w bx ) satisfy type ( k − ) ). Thus, let us consider anytwo worlds w x and w y such that • w x ∈ R ( w ax ) and w y ∈ R ( w bx ) ; • n k − ( w x ) = n k − ( w y ) .We show that M , w x | = val D if and only if M , w y | = val D , thus concluding that n D ( w ax ) = n D ( w bx ) . Let us consider the finiteforest M ′ = ( W , R , V ) where R is obtained from R by removing every edge ( w b , w ′ ) ∈ R where b ∈ { ax , bx } , and w ′ is a t -nodedifferent from w x and w y . We also remove the edge ( w x , w ′ ) ∈ R where w ′ is the only y -child of w x , as well as ( w y , w ′′ ) where w ′′ is the only x -child of w y . The existence of these nodes is guaranteed by M , w ax | = type ( k − ) and M , w bx | = type ( k − ) .By Lemma C.13 we have M ′ , w | = fork k ( x , y ) , where w x corresponds to the nominal (at depth 2) x , whereas w y correspondsto the nominal (at depth 2) y . Moreover, Lemma C.13 ensures that M , w x | = type ( k − ) and M , w y | = type ( k − ) , hence byLemma C.12 we conclude that w x (resp. w y ) encodes the same number w.r.t. ( M , w ) and ( M ′ , w ) . Again from the definitionof R it is easy to see that M ′ , w | = @ ax ⟨ t ⟩ (cid:51) x ∧ @ bx ⟨ t ⟩ (cid:51) y . Lastly, by hypothesis on w x and w y , together with Lemma C.16and [ x = y ] k def = ¬([ x < y ] k ∨ [ y < x ] k ) , we conclude that M ′ , w | = [ x = y ] k . Thus, by hypothesis, M ′ , w | = @ x val D ⇔ @ y val D ,concluding the proof.( ⇐ ): This direction is proved analogously by essentially relying on Lemma C.16 and Lemma C.12. □ The formula [ bx D = ax + ] k can be defined by slightly modifying the formula [ bx = ax + ] k . We start by defining the formulae L [ D ] k ( ax , bx ) , S [ D ] k ( ax , bx ) and R [ D ]( ax , bx ) with semantics similar to L k ( ax , bx ) , S k ( ax , bx ) and R ( ax , bx ) , respectively, butwhere, for a given t -node in R ( w ) , we are interested in the satisfaction of val D instead of val . For example, the formula S [ D ] k ( ax , bx ) is defined as S [ D ] k ( ax , bx ) def = ⊤ ∗ (cid:0) fork k ( x , y ) ∧ @ ax ⟨ t ⟩( (cid:51) s ∧ (cid:51) x ) ∧ @ bx ⟨ t ⟩( (cid:51) s ∧ (cid:51) y ) ∧ [ x = y ] k ∧ @ x ¬ val D ∧ @ y val D (cid:1) i.e. by replacing the two last conjuncts of S k ( ax , bx ) , @ x ¬ val and @ y val with @ x ¬ val D and @ y val D , respectively. Sim-ilarly, L [ D ] k ( ax , bx ) is defined from L k ( ax , bx ) by replacing the last conjunct of this formula, i.e. ¬( @ x val ⇔ @ y val ) , by ¬( @ x val D ⇔ @ y val D ) . Lastly, R [ D ]( ax , bx ) is defined from R ( ax , bx ) by replacing every occurrence of val by val D . Theformula [ bx D = ax + ] k is then defined as follows: [ bx D = ax + ] k def = ⊤ ∗ (cid:0) nom ( ax (cid:44) bx ) ∧ [ t ] lsr ( k − ) ∧ L [ D ] k ( ax , bx ) ∧ S [ D ] k ( ax , bx ) ∧ R [ D ]( ax , bx ) (cid:1) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Lemma C.23.
Let ax (cid:44) bx ∈ Aux and k ≥ . Suppose M , w | = init ( k ) ∧ fork k ( ax , bx ) . M , w | = [ bx D = ax + ] k if and only if there are two distinct t-nodes w ax , w bx ∈ R i ( w ) such that w ax corresponds to the nominal ax , w bx corresponds to the nominal bx and n D ( w bx ) = n D ( w ax ) + .Proof. The proof unfolds as the proofs of Lemmata C.8 and C.17. □ We are now ready to define the formulae zero TT ( k ) , uniq TT ( k ) and compl TT ( k ) , achieving the conditions (zero TT , k ), (uniq TT , k )and (compl TT , k ), respectively. All these formulae follow closely the definitions of zero ( k ) , uniq ( k ) and compl ( k ) of the previoussections, hence we refer to these latter formulae for an informal description on how they work. The formula zero TT ( k ) issimply defined as ⟨ t ⟩([ t ](¬ val H ∧ ¬ val V )) . Lemma C.24. M , w | = zero TT ( k ) if and only if ( M , w ) satisfies (zero TT , k ).Proof. The proof is straightforward, by definition of zero TT ( k ) and how ( , ) is encoded in the grid. □ The formula uniq TT ( k ) is defined from uniq ( k ) by simply replacing [ x = y ] k with [ x H = y ] k ∧ [ x V = y ] k : uniq TT ( k ) = ¬ (cid:0) ⊤ ∗ ( fork k ( x , y ) ∧ [ x H = y ] k ∧ [ x V = y ] k ) (cid:1) Lemma C.25.
Let k ≥ . Suppose M , w | = init ( k ) ∧ aux . M , w | = uniq ( k ) if and only if ( M , w ) satisfies (uniq TT , k ), i.e. distinct t-nodes in R ( w ) encode different pairs of numbers.Proof. This lemma is proven as Lemma C.9 and Lemma C.18, by relying on Lemma C.22 in order to show that, given twodistinct worlds w x and w y corresponding to nominals (for the depth 1) x and y , respectively, [ x H = y ] k ∧ [ x V = y ] k holds if andonly if n H ( w x ) = n H ( w y ) and n V ( w x ) = n V ( w y ) . □ Lastly, compl TT ( k ) def = compl [H ] TT ( k ) ∧ compl [V] TT ( k ) where compl [H ] TT ( k ) def = ¬ (cid:16) (cid:50) ⊥∗ (cid:16) [ t ]( type lsr ( k − ) ∧ (cid:51) y ) ∧ nom ( x ) ∧ @ x ¬ H k ∧ ¬ (cid:0) ⊤ ∗ ( fork j ( x , y ) ∧ [ y H = x + ] k ∧ [ x V = y ] k ) (cid:1)(cid:17)(cid:17) and compl [V] TT ( k ) is defined form compl [H ] TT ( k ) by replacing H k , [ y H = x + ] k and [ x V = y ] k with V k , [ y V = x + ] k and [ x H = y ] k ,respectively. Here, Dk ( D ∈ {H , V} ) is defined as [ t ] val D , and hence it is satisfied by the t -nodes w ′ ∈ R ( w ) such that n D ( w ′ ) = t ( k , n ) − Lemma C.26.
Let k ≥ . Suppose M , w | = init ( k ) ∧ aux . M , w | = compl TT ( k ) if and only if ( M , w ) satisfies (compl TT , k ).More precisely,1. M , w | = compl [H ] TT ( k ) if and only if for every t-node w ∈ R ( w ) , if n H ( w ) < t ( j , n ) − then there is a t-node w ∈ R ( w ) such that n H ( w ) = n H ( w ) + and n V ( w ) = n V ( w ) ;2. M , w | = compl [V] TT ( k ) if and only if for every t-node w ∈ R ( w ) , if n V ( w ) < t ( j , n ) − then there is a t-node w ∈ R ( w ) such that n H ( w ) = n H ( w ) and n V ( w ) = n V ( w ) + .Proof. Both (1) and (2) are proved as Lemma C.10 and Lemma C.19, with the sole difference that we rely on Lemma C.22and Lemma C.23 in order to show that, given two distinct worlds w x and w y corresponding to nominals (for the depth 1) x and y , respectively, [ y H = x + ] k ∧ [ x V = y ] k holds if and only if n H ( w x ) = n H ( w y ) + n V ( w x ) = n V ( w y ) (in the proof of 1).Similarly, (in the proof of 2) [ y V = x + ] k ∧ [ x H = y ] k holds if and only if n H ( w x ) = n H ( w y ) and n V ( w x ) = n V ( w y ) + □ This concludes the definition of grid TT ( k ) . It is proved correct in the following lemma. Lemma C.27. M , w | = grid TT ( k ) if and only if ( M , w ) satisfies (zero TT , k ), (uniq TT , k ), (compl TT , k ) and (init/sub/aux).Proof. Directly from Lemmata C.1, C.5 and C.24 to C.26. □ Corollary C.28. grid TT ( k ) is satisfiable.Proof. (sketch) The satisfiability of grid TT ( k ) can be established by Lemma C.27 as (zero TT , k ), (uniq TT , k ), (compl TT , k ) and(init/sub/aux) can be simultaneously satisfied. A model satisfying these constraints can be defined similarly to what is done inLemma C.20, the main difference being that t ( k , n ) t -nodes need to be considered, instead of just t ( k , n ) . □ We can now proceed to the encoding of the tiling conditions (first) and (hor&vert). Given a model ( M = ( W , R , V ) , w ) satisfying grid TT ( k ) , the existence of a solution for (TT , c ) , w.r.t. Tile k , can be expressed with the following conditions: (one TT ) every p -node in R ( w ) satisfies exactly one tile in T ; (first TT , c ) for ˜ w ∈ R ( w ) , if n H ( ˜ w ) = n V ( ˜ w ) = w ∈ V ( c ) ; odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany (hor TT ) for all w , w ∈ R ( w ) , if n H ( w ) = n H ( w ) + n V ( w ) = n V ( w ) then there is ( c , c ) ∈ H such that w ∈ V ( c ) and w ∈ V ( c ) ; (vert TT ) for all w , w ∈ R ( w ) , if n V ( w ) = n V ( w ) + n H ( w ) = n H ( w ) then there is ( c , c ) ∈ V such that w ∈ V ( c ) and w ∈ V ( c ) .Then, the formula tiling TT , c ( k ) can be defined as grid TT ( k ) ∧ one TT ∧ first TT , c ( k ) ∧ hor TT ( k ) ∧ vert TT ( k ) where the last four conjuncts express the homonymous property above. Given the toolkit of formulae introduced up to now,these four formulae are easy to define. one TT is simply defined as [ t ] (cid:212) c ∈T ( c ∧ (cid:211) c ∈T ¬ c ) . Similarly, first TT , c ( k ) is alsostraightforward to define: first TT , c ( k ) def = [ t ] (cid:0) [ t ](¬ val H ∧ ¬ val V ) ⇒ c (cid:1) . Notice that, in this formula, we use the fact that the t -node w ′ ∈ R ( w ) encoding ( , ) is the only one, among the t -children of w , satisfying [ t ](¬ val H ∧ ¬ val V ) . Lemma C.29.
Let k ≥ and suppose M , w | = grid TT ( k ) . Then,I. M , w | = one TT if and only if ( M , w ) satisfies (one TT );II. M , w | = first TT , c ( k ) if and only if ( M , w ) satisfies (first TT , c ).Proof. Both I and II are easily proven directly from the definition of one TT and first TT , c ( k ) . □ For the formula hor TT ( k ) , we essentially state that there cannot be two t -nodes w , w ∈ R ( w ) such that w encodes theposition ( n H ( w ) + , n V ( w )) and w ∈ V ( c ) , w ∈ V ( c ) does not hold for any ( c , c ) ∈ H . In formula: hor TT ( k ) def = ¬ (cid:0) ⊤ ∗ (cid:0) fork k ( x , y ) ∧ [ y H = x + ] k ∧ [ x V = y ] k ∧ ¬ (cid:212) ( c , c )∈H ( @ x c ∧ @ y c ) (cid:1)(cid:1) . Lastly, vert TT ( k ) is defined as hor TT ( k ) , but replacing H by V and vice-versa: vert TT ( k ) def = ¬ (cid:0) ⊤ ∗ (cid:0) fork k ( x , y ) ∧ [ y V = x + ] k ∧ [ x H = y ] k ∧ ¬ (cid:212) ( c , c )∈V ( @ x c ∧ @ y c ) (cid:1)(cid:1) . Lemma C.30.
Let k ≥ and suppose M , w | = grid TT ( k ) . Then,I. M , w | = hor TT ( k ) if and only if ( M , w ) satisfies (hor TT );II. M , w | = vert TT ( k ) if and only if ( M , w ) satisfies (vert TT ).Proof. We show the proof for I, the one for II being analogous. Recall that (hor TT ) stands for: ∀ w , w ∈ R ( w ) , if n H ( w ) = n H ( w ) + n V ( w ) = n V ( w ) then there is ( c , c ) ∈ H s.t. w ∈ V ( c ) and w ∈ V ( c ) .Suppose M , w | = grid TT ( k ) . Then in particular M , w | = type ( k ) and every world w ′ ∈ R ( w ) encodes a pair of numbers ( n H ( w ) , n V ( w )) ∈ [ , t ( k , n ) − ] .( ⇒ ): Suppose M , w | = hor TT ( k ) . Then, by definition, for every M ′ ⊑ M , if M ′ , w | = fork k ( x , y ) ∧ [ y H = x + ] k ∧ [ x V = y ] k then M ′ , w | = (cid:212) ( c , c )∈H ( @ x c ∧ @ y c ) . Consider now two worlds ∀ w x , w y ∈ R ( w ) such that n H ( w y ) = n H ( w x ) + n V ( w y ) = n V ( w x ) . Let M ′ = ( W , R , V ) be the submodel of M where R is defined from R by removing the following pairs ofworlds: • ( w , w ′ ) ∈ R where w ′ is different from w and w ; • ( w x , w ′′ ) ∈ R where w ′′ is the only Aux -child of w x satisfying y (this world exists as M , w | = type ( k ) ); • ( w y , w ′′′ ) ∈ R where w ′′′ is the only Aux -child of w y satisfying x (again, this world exists as M , w | = type ( k ) ).We can easily check that the pointed forest ( M ′ , w ) satisfies fork k ( x , y ) , where w x and w y correspond to two nominals (forthe depth 1) x and y , respectively. Thus, M ′ , w x | = type ( k − ) and M ′ , w y | = type ( k − ) . Therefore, by Lemma C.12 (whichcan be easily extended in order to consider pairs of numbers described with val H and val V , instead of a single numberdescribed with val ), we conclude that w x and w y keep encoding the same two pairs of numbers when M is modified to M ′ . Then, since by hypothesis n H ( w y ) = n H ( w x ) + n V ( w y ) = n V ( w x ) , by Lemmata C.22 and C.23 we conclude that M ′ , w | = [ y H = x + ] k ∧ [ x V = y ] k . Then, by hypothesis M , w | = hor TT ( k ) , we conclude that M ′ , w | = (cid:212) ( c , c )∈H ( @ x c ∧ @ y c ) .Thus, there must be a pair ( c , c ) ∈ H such that M ′ , w | = @ x c ∧ @ y c . Since w x (resp. w y ) corresponds to the nominal (forthe depth 1) x (resp. y ), we conclude that M , w x | = c and M , w y | = c . By definition, this implies that ( M , w ) satisfies (hor TT ).( ⇐ ): This direction is rather straightforward and, analogously to the left-to-right direction, relies on Lemmata C.12, C.22and C.23. Briefly, suppose that ( M , w ) satisfies (hor TT ) and, ad absurdum , assume that M , w ̸| = hor TT ( k ) . Therefore, M , w | = ⊤ ∗ (cid:0) fork k ( x , y ) ∧ [ y H = x + ] k ∧ [ x V = y ] k ∧ ¬ (cid:212) ( c , c )∈H ( @ x c ∧ @ y c ) (cid:1) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Then, there is a submodel M ′ = ( W , R , V ) of M such that M ′ , w | = fork k ( x , y )∧[ y H = x + ] k ∧[ x V = y ] k ∧¬ (cid:212) ( c , c )∈H ( @ x c ∧ @ y c ) .By M ′ , w | = fork k ( x , y ) we conclude that there are two worlds w x and w y corresponding to two nominals (depth 1) x and y , respectively. Moreover, by C.12, these worlds encode the same two numbers w.r.t. ( M , w ) and ( M ′ , w ) . From M ′ , w | = [ y H = x + ] k ∧ [ x V = y ] k and the fact that ( M , w ) satisfies (hor TT ), together with Lemmata C.22 and C.23 we conclude that thereis a pair ( c , c ) ∈ H such that w x ∈ V ( c ) and w y ∈ V ( c ) . However, this contradicts M ′ , w | = ¬ (cid:212) ( c , c )∈H ( @ x c ∧ @ y c ) .Thus, M , w | = hor TT ( k ) . □ This concludes the definition of tiling TT , c ( k ) . Lemma C.31. M , w | = tiling TT , c ( k ) if and only if ( M , w ) satisfies (zero TT , k ), (uniq TT , k ), (compl TT , k ), (init/sub/aux), (one TT ),(first TT , c ), (hor TT ) and (vert TT ).Proof. Directly from Lemmata C.27, C.29 and C.30. □ We can now prove Lemma C.21 (shown below), leading directly to Theorem 4.3.
Lemma [C.21] Let k ≥ and let (TT , c ) be an instance of Tile k , where TT = (T , H , V) and c ∈ T . Then, (TT , c ) as a solution for Tile k if and only if the formula tiling TT , c ( k ) is satisfiable.Proof. ( ⇒ ): Suppose that (TT , c ) has a solution τ : [ , t ( k , n ) − ] → T . Let M = ( W , R , V ) and w ∈ W be such that M , w | = grid TT ( k ) (such a pointed forest exists by Corollary C.28). We slightly modify V so that the resulting model stillsatisfies grid TT ( k ) , but also satisfies (one TT ), (first TT , c ), (hor TT ) and (vert TT ). This can be done rather straightforwardly. Indeed,since M , w | = grid TT ( k ) , by Lemma C.27 every t -node w ′ ∈ R ( w ) encodes a pair of numbers ( n H ( w ′ ) , n V ( w ′ )) ∈ [ , t ( k , n ) − ] .Then, let us consider the model M ′ = ( W , R , V ′ ) such that1. for every p ∈ AP \ T , V ′ ( p ) = V ( p ) . This property leads to M ′ , w | = grid TT ( k ) , since grid TT ( k ) is written withpropositional symbols not appearing in T .2. for every c ∈ T and w ′ ∈ R ( w ) , w ′ ∈ V ( c ) if and only if τ ( n H ( w ′ ) , n V ( w ′ )) = c .The second condition allows us to conclude that ( M ′ , w ) satisfies (one TT ), (first TT , c ), (hor TT ) and (vert TT ). Indeed, (one TT )holds as τ is functional; (first TT , c ) holds as τ satisfies (first); whereas (hor TT ) and (vert TT ) hold as τ satisfies (hor&vert). Thus, ( M ′ , w ) | = tiling TT , c ( k ) and therefore tiling TT , c ( k ) is satisfiable.( ⇐ ): Suppose tiling TT , c ( k ) satisfiable and let M = ( W , R , V ) and w ∈ W s.t. M , w | = tiling TT , c ( k ) . Let us consider therelation τ ⊆ [ , t ( k , n ) − ] × [ , t ( k , n ) − ] × T defined as ( i , j , c ′ ) ∈ τ if and only if there is w ′ ∈ R ( w ) s.t. n H ( w ′ ) = i , n V ( w ′ ) = j and w ′ ∈ V ( c ′ ) .Directly by Lemma C.31 we have that:I. from (uniq TT , k ) and (one TT ), τ is (possibly weakly) functional in its first two components, i.e. for every ( i , j ) ∈ [ , t ( k , n )− ] there is at most one c ′ such that ( i , j , c ′ ) ∈ τ ;II. from (zero TT , k ) and (compl TT , k ), τ is total (hence not weakly functional), i.e. cannot be that there is ( i , j ) ∈ [ , t ( k , n ) − ] such that for every c ′ ∈ T , ( i , j , c ′ ) (cid:60) τ . Together with I, this means that τ is a map;III. from (first TT , c ), ( , , c ) ∈ τ ;IV. from (hor TT ) and (vert TT ), for all i ∈ [ , t ( k , n )− ] and j ∈ [ , t ( k , n )− ] , ( τ ( j , i ) , τ ( j + , i )) ∈ H and ( τ ( i , j ) , τ ( i , j + )) ∈ V .Therefore, we conclude that τ is a solution for Tile k . □ D Proofs of Section 5
To show the existence of a formula in
GML that is equivalent to φ , we rely on the indistinguishability relation GML , calledg-bisimulation and studied in [21]. So, let us first recall what is a g-bisimulation. Let M = ( W , R , V ) and M ′ = ( W ′ , R ′ , V ′ ) betwo finite forests. Let m ∈ N , k ∈ N > and P ⊆ fin AP. A g-bisimulation up to ( m , k , P ) between M and M ′ is a sequence of m + k -uple Z = (Z , Z , . . . , Z k ) , . . . , Z m = (Z m , Z m , . . . , Z mk ) satisfying: init: Z is not empty and for every i ∈ [ , k ] and j ∈ [ , m ] , Z ji ⊆ P( W ) × P( W ′ ) ; refine: for every i ∈ [ , k ] and j ∈ [ , m ] , Z ji ⊆ Z j − i ; size: if X Z ji Y then | X | = | Y | = i ; atoms: if { w }Z { w ′ } then for every p ∈ P , w ∈ V ( p ) if and only if w ′ ∈ V ′ ( p ) ; m-forth: if { w }Z j + { w ′ } and X ⊆ R ( w ) with | X |∈[ , k ] , then there is Y ⊆ R ′ ( w ′ ) such that X Z j | X | Y ; m-back: if { w }Z j + { w ′ } and Y ⊆ R ′ ( w ′ ) with | Y |∈[ , k ] , then there is X ⊆ R ( w ) such that X Z j | Y | Y ; odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany g-forth: if X Z ji Y and w ∈ X , then there is w ′ ∈ Y such that { w }Z j { w ′ } ; g-back: if X Z ji Y and w ′ ∈ Y , then there is w ∈ X such that { w }Z j { w ′ } .We write M , w ⇆ P m , k M ′ , w ′ and we say that the two models are g-bisimilar iff there is a g-bisimulation up to ( m , k , P ) between M and M ′ , say Z , . . . , Z m , such that { w }Z m { w ′ } . We write Γ ( M , w ) P m , k to denote the set of formulae in GML of rank ( m , k ) and with propositional symbols from P that are satisfied in M , w , i.e. Γ ( M , w ) P m , k def = { ψ ∈ GML [ m , k , P ] | M , w | = ψ } . We write T P ( m , k ) the quotient set induced by the equivalence relation ⇆ P m , k . Let us summarise the main results from [21]. Proposition D.1 ([21]) . Γ ( M , w ) P m , k contains finitely many non-equivalent formulae.2. M , w ⇆ P m , k M ′ , w ′ if and only if Γ ( M , w ) P m , k = Γ ( M ′ , w ′ ) P m , k .3. ⇆ P m , k is a finite index equivalence relation. T P ( m , k ) is finite. So, ≡ P m , k and ⇆ P m , k are identical relations (see the definitions for ≡ P m , k and GML [ m , k , P ] in Section 5.1) and there is a finiteset { χ , . . . , χ Q } ⊆ GML [ m , k , P ] such that • χ ∨ · · · ∨ χ Q is valid, and each χ i is satisfiable, • for all i (cid:44) j ∈ [ , Q ] , χ i ∧ χ j is unsatisfiable, • ( M , w ) ≡ P m , k ( M ′ , w ′ ) iff there is i such that ( M , w ) | = χ i and ( M ′ , w ′ ) | = χ i .Hence, χ i characterises one equivalence class of ≡ P m , k (or equivalently of ⇆ P m , k ).In what follows, recall that R | w def = {( w ′ , w ′′ ) ∈ R | w ′ ⊆ R ∗ ( w )} . Lemma D.2.
Let m ∈ N , k ∈ N > and P ⊆ fin AP . Let M = ( W , R , V ) be a finite forest and let w ∈ W . Then, M , w ⇆ P m , k ( W , R | w , V ) , w .Proof. As ⇆ P m , k is an equivalence relation (Proposition D.1.3), it is reflexive and hence M , w ⇆ P m , k M , w . There is thereforea g-bisimulation up to ( m , k , P ) between M and itself, say Z , . . . , Z m where Z i = (Z i , . . . , Z ik ) for every i ∈ [ , m ] , suchthat { w }Z m { w } . Consider now the restriction of Z ij , where i ∈ [ , m ] and j ∈ [ , k ] , to those sets where every element isreachable from w . Formally, we define (cid:99) Z ij = {( X , Y ) ∈ Z ij | X ∪ Y ⊆ R ∗ ( w )} . It is easy to show that (cid:99) Z , . . . , (cid:100) Z m , where (cid:99) Z i = ( (cid:99) Z i , . . . , (cid:99) Z ik ) for every i ∈ [ , m ] , is a g-bisimulation up to ( m , k , P ) between M and ( W , R | w , V ) . Moreover, as { w } (cid:100) Z m { w } by definition, we conclude that M , w ⇆ P m , k ( W , R | w , V ) , w . □ D.1 Proof of Lemma 5.1
In the following, we denote with T P ( m , k ) the set T P ( m , f ( m , k )) . Then, notice that T P ( m , k ) = T P ( , k ) for m =
0, andotherwise ( m ≥ T P ( m , k ) = T P ( m , k × (| T P ( m − , k )| + )) . Since T P ′ ( m ′ , k ′ ) is finite for all m ′ , k ′ and P ′ , T P ( m , k ) iswell-defined and finite. Lemma 5.1 can be reformulated using T P ( m , k ) as follows. Lemma
Let m , k ∈ N and P ⊆ fin AP . Let ( M , w ) , ( M ′ , w ′ ) be pointed forests such that M = ( W , R , V ) and M ′ = ( W ′ , R ′ , V ′ ) . If {( M , w ) , ( M ′ , w ′ )} ⊆ T for some T ∈ T P ( m , k ) , then for every R ⊆ R there is R ′ ⊆ R ′ s.t. (( W , R , V ) , w ) ≡ P m , k (( W ′ , R ′ , V ′ ) , w ′ ) ,and if R ( w ) = R ( w ) then R ′ ( w ′ ) = R ′ ( w ′ ) .Proof. In the case k =
0, any formula in
GML [ m , , P ] is equivalent to a formula in the propositional calculus built overpropositional variables in P as (cid:51) ≥ ψ is logically equivalent to ⊤ . Hence, the lemma trivially holds.Otherwise ( k ≥ ≡ P m , k and ⇆ P m , k are identical relations. The proof is by induction onthe modal depth m . The induction step is articulated in three main steps: (I) definition and proof of various properties of the two models, (II) definition of a strategy to reduce R ′ to R ′ that closely follows the relationship between R and R with respect to thechildren of w and, (III) a proof that the relation R ′ is such that ( W , R , V ) , w ⇆ P m , k ( W ′ , R ′ , V ′ ) , w ′ . By construction, we also obtain that if R ( w ) = R ( w ) then R ′ ( w ′ ) = R ′ ( w ′ ) .Let us begin with the base case. Base case: m = . The base case is straightforward from the following property of g-bisimulations. When m =
0, given (cid:98) M = ( (cid:98) W , (cid:98) R , (cid:98) V ) , (cid:98) R ⊆ (cid:98) R , (cid:98) w ∈ (cid:98) W and (cid:98) k ∈ N , we have (cid:98) M , (cid:98) w ⇆ P , (cid:98) k ( (cid:98) W , (cid:98) R , (cid:98) V ) , (cid:98) w . This statement holds as it can be easilyshown that the set of relations Z = (Z , . . . , Z (cid:98) k ) where Z = {( w , w )} and Z j = ∅ for j ∈ [ , (cid:98) k ] satisfies all therequirements for being a g-bisimulation. ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Then, with respect to the statement of the lemma, by definition, we have ( W , R , V ) , w ⇆ P , k M , w . Now, by definition T P ( , k ) = T P ( , k ) and by hypothesis there is T ∈ T P ( , k ) such that {( M , w ) , ( M ′ , w ′ )} ⊆ T . By definition of T P ( , k ) ,we have M , w ⇆ P , k M ′ , w ′ . As ⇆ P , k is an equivalence relation, we conclude ( W , R , V ) , w ⇆ P , k M ′ , w ′ and therefore it is sufficient to take R ′ def = R ′ to end the proof. Note that in this case, R ′ ( w ′ ) = R ′ ( w ′ ) holds too. Induction case.
In particular, we have m > T P ( m , k ) = T P ( m , k × (| T P ( m − , k )| + )) . Moreover, by hypothesisthere exists T ∈ T P ( m , k × (| T P ( m − , k )| + )) such that {( M , w ) , ( M ′ , w ′ )} ⊆ T . By definition, we have M , w ⇆ P m , k ×(| T P ( m − , k )| + ) M ′ , w ′ . Let us explain the main idea of the proof. Let us pick one child w of w in M . Obviously, the pointed forest ( M , w ) belongs to a specific equivalence class T ∈ T P ( m − , k ) . The effect of reducing R to R is that w , together with theupdated model, “jumps” to an equivalence class T ∈ T P ( m − , k ) . Obviously, ( M , w ) already belongs to a class in T P ( m − , k ) . However (from the statement of the lemma), we are only interested in T P ( m − , k ) when considering R ,whereas we focus on T P ( m − , k ) when studying R . To prove the result, we have to show that there is a child w ′ of w ′ in M ′ so that ( M ′ , w ′ ) is in the same equivalence class T of ( M , w ) and to show that it is possible to update R ′ tomake w ′ (together with the updated model) “jump” to the equivalence class T . However, we need to do this for all thechildren of w and w ′ , respecting the constraints of being a g-bisimulation. The key step is to show that the graded rank k × (| T P ( m − , k )| + ) is all we need to find enough children in R ′ ( w ′ ) and to be able to construct a relation R ′ so thatthe resulting models are g-bisimilar up to ( m , k , P ) . Let us now formalise the proof, which requires some intermediatesteps that are below highlighted .We start by considering a single equivalence class T ∈ T P ( m − , k ) (in fact, our proof is done modularly on theseclasses). We introduce the two following sets: • R ( w )| T def = { w ∈ R ( w ) | ( M , w ) ∈ T } . • R ′ ( w ′ )| T def = { w ′ ∈ R ′ ( w ′ ) | ( M ′ , w ′ ) ∈ T } .It is fairly simple to see that the following property holds:( ⋆ ): min (| R ( w )| T | , k × (| T P ( m − , k )| + )) = min (| R ′ ( w ′ )| T | , k × (| T P ( m − , k )| + )) Indeed, ad absurdum, suppose that( † ): | R ( w )| T | < k × (| T P ( m − , k )| + ) and | R ( w )| T | < | R ′ ( w ′ )| T | The other case | R ′ ( w ′ )| T | < k × (| T P ( m − , k )| + ) and | R ′ ( w ′ )| T | < | R ( w )| T | is analogous and therefore its treatmentis omitted below. Since it holds by hypothesis that M , w ⇆ P m , k ×(| T P ( m − , k )| + ) M ′ , w ′ , there is a g-bisimulation up to ( m , k × (| T P ( m − , k )| + ) , P ) between M and M ′ , say Z , . . . , Z m , such that { w }Z m { w ′ } . • From (m-back), by taking Y as a subset of R ′ ( w ′ )| T such that | Y | = min (| R ′ ( w ′ )| T | , k × (| T P ( m − , k )| + )) ,it must hold that there is a subset X ⊆ R ( w ) such that X Z m − | Y | Y . • From (size), | X | = | Y | . Hence, by ( † ) there must be a world w ∈ X s.t. ( M , w ) (cid:60) T . • From (g-forth), there is w ′ ∈ Y such that { w }Z m − { w ′ } . • As { w }Z m − { w ′ } , from the definition of g-bisimulation it holds that M , w ⇆ P m − , k ×(| T P ( m − , k )| + ) M ′ , w ′ . • Again by definition of g-bisimulation, it is easy to see that if two models are in the same equivalence class w.r.t. ⇆ P m ′ , k ′ then they are in the same equivalence class w.r.t. ⇆ P m ′ , k ′′ for every k ′′ ≤ k ′ . Therefore M , w ⇆ P m − , k ×(| T P ( m − , k )| + ) M ′ , w ′ . Notice that the set of equivalence classes induced by ⇆ P m − , k ×(| T P ( m − , k )| + ) is T P ( m − , k ) . We concludethat ( M , w ) and ( M ′ , w ′ ) belong to the same class in T P ( m − , k ) . However, this leads to a contradiction as we have w (cid:60) T and w ′ ∈ T (where T ∈ T P ( m − , k ) ).This concludes the proof of ( ⋆ ).Given an equivalence class T ′ in T P ( m − , k ) , we define the set below R ( w )| T ▶ T ′ def = R ( w )| T ∩ R ( w )| T ′ . We always put the word “jump” in quotes as it is used in an informal way. odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany
Following the proof idea presented above, a world w ∈ R ( w )| T ▶ T ′ is a child of w such that ( M , w ) is in the class T and “jumps” to the class T ′ when updating the accessibility relation from R to R . In what follows, we denote with R | w the restriction of R to those worlds reachable from w , i.e. the set {( w , w ) ∈ R | { w , w } ⊆ R ∗ ( w )} , as defined in thestatement of Lemma D.2. We also consider similar restrictions for R ′ and R ′ . We are interested in the following keyproperty: ( ⋆⋆ ): for every w ∈ R ( w )| T ▶ T ′ and w ′ ∈ R ′ ( w ′ )| T there is R ′ , w ′ ⊆ R ′ | w ′ such that ( W , R | w , V ) , w ⇆ P m − , k ( W ′ , R ′ , w ′ , V ′ ) , w ′ Let us prove ( ⋆⋆ ). By definition, we have w ∈ R ( w )| T and w ′ ∈ R ′ ( w ′ )| T . Therefore, {( M , w ) , ( M ′ , w ′ )} ⊆ T ∈ T P ( m − , k ) . By Lemma D.2, it follows that ( W , R | w , V ) , w and ( W ′ , R ′ | w ′ , V ′ ) , w ′ are also in T . Moreover, by definition R | w ⊆ R | w . Then, we can use the induction hypothesis (notice that the modal degree is now m −
1) to concludethat there is R ′ , w ′ ⊆ R ′ | w ′ such that ( W , R | w , V ) , w ⇆ P m − , k ( W ′ , R ′ , w ′ , V ′ ) , w ′ , concluding the proof of ( ⋆⋆ ). Thisintermediate result gives us an important information: every single “jump” (as informally expressed above) done whileupdating the accessibility relation of M can be mimicked by updating M ′ . An important missing piece is proving that alljumps can be simultaneously mimicked. In order to prove this, we start by considering the following partition of R ( w )| T : R ( w ) T ▶ R def = { R ( w )| T ▶ T ′ | T ′ ∈ T P ( m − , k )} ∪ { R ( w )| T \ R ( w )} . Informally, R ( w ) T ▶ R partitions the children of w in R ( w )| T in different sets depending on what is the set T ′ ∈ T P ( m − , k ) they “jump” to. One additional set, i.e. R ( w )| T \ R ( w ) , contains all the children of w in R ( w )| T that are lost when updating R to R . To be completely formal, let us first prove that R ( w ) T ▶ R is a partition of R ( w )| T . Indeed, R ( w )| T can be writtenas ( R ( w )| T ∩ R ( w )) ∪ ( R ( w )| T \ R ( w )) . Moreover, by definition of T P ( m − , k ) as the quotient set of ⇆ P m − , k , we have R ( w ) = (cid:208) T ′ ∈T P ( m − , k ) R ( w )| T ′ . Lastly, R ( w )| T ∩ (cid:208) T ′ ∈T P ( m − , k ) R ( w )| T ′ is equivalent to (cid:208) T ′ ∈T P ( m − , k ) ( R ( w )| T ∩ R ( w )| T ′ ) ,which leads to the definition of the partition R ( w ) T ▶ R from the definition of R ( w )| T ▶ T ′ together with the remainingcomponent R ( w )| T \ R ( w ) . The figure below presents schematically the results we have shown so far, only consideringthe children of w in R ( w )| T (on the left) and the children of w ′ in R ′ ( w ′ )| T (on the right). w w ′ T T T ▶ T T ▶ T ... T ▶ T |T P ( m − , k )| { R ( w )| T ▶ T ′ | T ′ ∈ T P ( m − , k )} R ( w )| T \ R ( w ) ( ⋆ ): if | R ( w )| T | < k × (| T P ( m − , k )| + ) thenthere are | R ( w )| T | children, otherwise thereare at least k × (| T P ( m − , k )| + ) children. To work towards the definition of R ′ (as in the statement of the lemma), we now deal with the children in R ′ ( w ′ )| T and find suitable subsets of R ′ in order to define a partition of R ′ ( w ′ )| T that is similar to R ( w ) T ▶ R (where “similar” heremeans that, later, we will be able to construct a g-bisimulation using this partition). More precisely, we show that:( ⋆ ⋆ ⋆ ): it is possible to construct a family of sets R ′ ( w ′ )| T (cid:59) T ′ for every T ′ ∈ T P ( m − , k )G T satisfying the following properties.1. For every T ′ ∈ T P ( m − , k ) , R ′ ( w ′ )| T (cid:59) T ′ is a set of pairs ( R ′ , w ′ , w ′ ) s.t. w ′ ∈ R ′ ( w ′ )| T , R ′ , w ′ ⊆ R ′ , (( W ′ , R ′ , w ′ , V ′ ) , w ′ ) ∈ T ′ , and for all ( w ′ , w ′ ) ∈ R ′ , w ′ , { w ′ , w ′ } ⊆ R ′∗ ( w ′ ) .2. G T ⊆ R ′ ( w ′ )| T .3. Every w ′ ∈ R ′ ( w ′ )| T appears in exactly one set among R ′ ( w ′ )| T (cid:59) T ′ (for every T ′ ∈ T P ( m − , k ) ) and G T . Then,these sets underlie a partition of R ′ ( w ′ )| T .4. For every T ′ ∈ T P ( m − , k ) , min (| R ( w )| T ▶ T ′ | , k ) = min (| R ′ ( w ′ )| T (cid:59) T ′ | , k ) .5. min (| R ( w )| T \ R ( w )| , k ) = min (|G T | , k ) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Let us informally explain these properties (apart from the second and third properties, which are self-explanatory). Thefirst property basically requires us to modify R ′ so that the children of R ′ ( w ′ )| T “jumps” to specific sets in T P ( m − , k ) ,in line with the developments that lead to the proof of ( ⋆⋆ ). Instead, the set G T is dedicated to those worlds that shouldbe made unaccessible from w ′ . The updates to R ′ cannot be arbitrary, and this is where the fourth and fifth propertiescome into play. These properties impose cardinality constraints on the sets we construct, in line with the graded rank k that is used in the equivalence relation ⇆ P m , k . For example, suppose that for a given set T ′ we have | R ( w )| T ▶ T ′ | < k .Then, we need to select exactly | R ( w )| T ▶ T ′ | children in R ′ ( w ′ )| T and modify R ′ so that all of them can be used to definethe set R ′ ( w ′ )| T (cid:59) T ′ . If instead | R ( w )| T ▶ T ′ | ≥ k , it is possible to select an arbitrary amount of children from R ′ ( w ′ )| T ,as long as they are at least k . Again, after selecting these children we need to modify R ′ so that they define the set R ′ ( w ′ )| T (cid:59) T ′ . To comply with these two last properties we rely on ( ⋆ ). The proof of ( ⋆⋆⋆ ) distinguishes two cases (whichare very similar in substance): • | R ( w )| T | < k × (| T P ( m − , k )| + ) . By ( ⋆ ) it follows that | R ′ ( w ′ )| T | = | R ( w )| T | . This case is the easiest one. Considera bijection f : R ( w )| T → R ′ ( w ′ )| T . Then define G T as the set { f ( w ) | w ∈ R ( w )| T \ R ( w )} . By doing this, triviallythe second and fifth properties required by ( ⋆ ⋆ ⋆ ) are satisfied. In order to define the sets of the form R ′ ( w ′ )| T (cid:59) T ′ ,we start by an initialisation to the empty set ∅ and then we populate them. Iteratively, for every T ′ ∈ T P ( m − , k ) and every w ∈ R ( w )| T ▶ T ′ , consider f ( w ) . By ( ⋆⋆ ), there is R ′ , f ( w ) ⊆ R ′ | f ( w ) such that ( W , R | w , V ) , w ⇆ P m − , k ( W ′ , R ′ , f ( w ) , V ′ ) , f ( w ) . By Lemma D.2, it follows that ( W , R , V ) , w ⇆ P m − , k ( W ′ , R ′ , f ( w ) , V ′ ) , f ( w ) and therefore (( W ′ , R ′ , f ( w ) , V ′ ) , f ( w )) ∈ T ′ . Then, add to R ′ ( w ′ )| T (cid:59) T ′ the pair ( R ′ , f ( w ) , f ( w )) . Notice that this pair satisfies theconstraints required in the first property of ( ⋆ ⋆ ⋆ ). After the iterations over all T ′ ∈ T P ( m − , k ) and over all w ∈ R ( w )| T ▶ T ′ , the construction is completed. As we are guided by the bijection f , we obtain that every w ′ ∈ R ′ ( w ′ )| T appears in exactly one set among R ′ ( w ′ )| T (cid:59) T ′ for some T ′ ∈ T P ( m − , k ) or in G T (condition 3 of ( ⋆ ⋆ ⋆ )). Moreover(again thanks to the bijection f ) it holds that for every T ′ ∈ T P ( m − , k ) , | R ′ ( w ′ )| T (cid:59) T ′ | = | R ( w )| T ▶ T ′ | , which impliescondition 4 of ( ⋆ ⋆ ⋆ ). Hence, ( ⋆ ⋆ ⋆ ) is proved. • | R ( w )| T | ≥ k × (| T P ( m − , k )| + ) . By ( ⋆ ), it follows that | R ′ ( w ′ )| T | ≥ k × (| T P ( m − , k )| + ) too. For this case,it is easy to show that there is a set in the partition R ( w ) T ▶ R of R ( w )| T that has cardinality at least k . Indeed, adabsurdum, suppose all the sets in R ( w ) T ▶ R are of cardinality less than k . As R ( w ) T ▶ R partitions R ( w )| T and it contains |T P ( m − , )| + + R ( w )| T \ R ( w ) ) this would imply that | R ( w )| T | ≤ ( k − ) ×(|T P ( m − , k )| + ) . This leads to a contradiction as by definition |T P ( m − , k )| ≤ | T P ( m − , k )| and we are in thecase where | R ( w )| T | ≥ k × (| T P ( m − , k )| + ) . Hence, let Ω be a set in R ( w ) T ▶ R that has at least k elements.For the construction, we initialise all the sets R ′ ( w ′ )| T (cid:59) T ′ and G T to the empty set ∅ and we show how to populatethem. Moreover, we introduce an auxiliary set ∆ which is initially equal to R ′ ( w ′ )| T and keeps track of which elementsof this latter set have not been already used in the construction (and are hence available). The set ∆ can be understoodas a copy of R ′ ( w ′ )| T with unmarked elements and marked elements. Unmarked elements are the worlds yet to behandled by the algorithm. Iteratively,1. consider some T ′ ∈ T P ( m − , k ) such that R ( w )| T ▶ T ′ (cid:44) Ω and that was not already treated;2. select β = min (| R ( w )| T ▶ T ′ | , k ) worlds, say w ′ , . . . , w ′ β from the pool of available worlds ∆ .3. As in the previous case of the proof, by ( ⋆⋆ ) we have that for each i ∈ [ , β ] there is R ′ , w ′ i ⊆ R ′ | w ′ i such that forevery w ∈ R ( w )| T ▶ T ′ it holds that ( W , R | w , V ) , w ⇆ P m − , k ( W ′ , R ′ , w ′ i , V ′ ) , w ′ i .By Lemma D.2, it follows also that ( W , R , V ) , w ⇆ P m − , k ( W ′ , R ′ , w ′ i , V ′ ) , w ′ i and therefore (( W ′ , R ′ , w ′ i , V ′ ) , w ′ i ) ∈ T ′ .Then, define the set R ′ ( w ′ )| T (cid:59) T ′ as {( R ′ , w ′ i , w ′ i ) | i ∈ [ , β ]} .Notice that by construction this set satisfies the first and fourth properties of ( ⋆ ⋆ ⋆ ).4. Remove w ′ , . . . , w ′ β from ∆ (they will not be used in the successive iterations).After this iterative construction, only two sets still need to be handled: Ω and R ( w )| T \ R ( w ) . In the case these twosets are different, we proceed as follows.1. We start by considering R ( w )| T \ R ( w ) , and we select β = min (| R ( w )| T \ R ( w )| , k ) worlds, say w ′ , . . . , w ′ β from thepool of available worlds ∆ .2. We define G T as { w ′ , . . . , w ′ β } and remove these worlds from ∆ . By construction, G T satisfies the second and fifthproperties of ( ⋆ ⋆ ⋆ ). odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany
3. We consider Ω . A few things should be noted now. • There is T ′ ∈ T P ( m − , k ) such that Ω = R ( w )| T ▶ T ′ , and by definition of Ω , we have | R ( w )| T ▶ T ′ | ≥ k . • At this point of the construction, we dealt with |T P ( m − , k )| of the |T P ( m − , k )| + k new worlds of R ′ ( w ′ )| T . Hence, as | R ′ ( w ′ )| T | ≥ k ×(| T P ( m − , k )| + ) and | T P ( m − , k )| ≥ |T P ( m − , k )| , we conclude that ∆ has at least k elements.4. Consider the set ∆ . By ( ⋆⋆ ) we have that for each w ′ ∈ ∆ there is R ′ , w ′ ⊆ R ′ | w ′ such that for every w ∈ R ( w )| T ▶ T ′ it holds that ( W , R | w , V ) , w ⇆ P m − , k ( W ′ , R ′ , w ′ , V ′ ) , w ′ .By Lemma D.2, it follows that ( W , R , V ) , w ⇆ P m − , k ( W ′ , R ′ , w ′ , V ′ ) , w ′ and therefore (( W ′ , R ′ , w ′ , V ′ ) , w ′ ) ∈ T ′ .Then, define the set R ′ ( w ′ )| T (cid:59) T ′ as {( R ′ , w ′ , w ′ ) | w ′ ∈ ∆ } .By construction, this set satisfies the first and fourth properties of ( ⋆⋆⋆ ) (recall that both R ′ ( w ′ )| T (cid:59) T ′ and R ( w )| T ▶ T ′ have at least k elements, see the previous point).5. Empty ∆ as every remaining world in it is now used. We completed the construction in the case of Ω (cid:44) R ( w )| T \ R ( w ) .In the case Ω = R ( w )| T \ R ( w ) , the construction is trivially completed by adding to G T every world in ∆ . Notice thatfor the same considerations done before (point 3 of the construction for Ω (cid:44) R ( w )| T \ R ( w ) ) it holds that ∆ has atleast k elements. Hence, G T satisfies both the second and the fifth properties of ( ⋆ ⋆ ⋆ ). Again, as a last step, we empty ∆ as every remaining world is now used.During the definition of the construction, we already detailed why the first, second, fourth and fifth properties of ( ⋆⋆⋆ )are satisfied. The same holds true for the third one, as we relied on the set ∆ to never use twice the same world, and atthe end of the construction ∆ was always empty.Therefore ( ⋆⋆⋆ ) holds. A last note about this construction: from the first and third properties of ( ⋆⋆⋆ ), in particular that“for all ( w ′ , w ′ ) ∈ R ′ , w ′ , { w ′ , w ′ } ⊆ R ′∗ ( w ′ )} ”, it is easy to see that for all ( R ′ , w ′ , w ′ ) ∈ R ′ ( w ′ )| T (cid:59) T and ( R ′ , w ′ , w ′ ) ∈ R ′ ( w ′ )| T (cid:59) T with w ′ (cid:44) w ′ , we have R ′ , w ′ ∩ R ′ , w ′ = ∅ . Keeping this in mind, we are now ready to construct R ′ .We consider every T ∈ T P ( m − , k ) and apply ( ⋆ ⋆ ⋆ ) to construct the sets R ′ ( w ′ )| T (cid:59) T ′ (for every T ′ ∈ T P ( m − , k ) )and G T . We then define R ′ as R ′ def = (cid:216) T ∈ T P ( m − , k ) T ′ ∈T P ( m − , k )( R ′ , w ′ , w ′ )∈ R ′ ( w ′ )| T (cid:59) T ′ {( w ′ , w ′ )} ∪ R ′ , w ′ .Clearly. we have that R ′ ⊆ R . Moreover, from the properties of ( ⋆ ⋆ ⋆ ), it holds that for every w ′ ∈ R ′ ( w ) , R ′ | w ′ = R ′ , w ′ . Inorder to conclude the proof, we need to show that1. ( W , R , V ) , w ⇆ P m , k ( W ′ , R ′ , V ′ ) , w ′ ;2. if R ( w ) = R ( w ) then R ′ ( w ′ ) = R ′ ( w ′ ) .Let us first prove (2) by using the fifth property of ( ⋆ ⋆ ⋆ ). Suppose R ( w ) = R ( w ) and hence R ( w ) \ R ( w ) = ∅ . It is easy tosee that R ( w ) \ R ( w ) can also be written as (cid:208) T ∈ T P ( m − , k ) ( R ( w )| T \ R ( w )) . We conclude that | R ( w )| T \ R ( w )| = T ∈ T P ( m − , k ) . Similarly, R ′ ( w ′ ) \ R ′ ( w ′ ) can be shown to be equivalent to (cid:208) T ∈ T P ( m − , k ) ( R ′ ( w ′ )| T \ R ′ ( w ′ )) . Notice thatfor every T ∈ T P ( m − , k ) , a world w ′ ∈ R ′ ( w ′ )| T \ R ′ ( w ′ ) cannot be inside a pair of R ′ ( w ′ )| T (cid:59) T ′ (for any T ′ ∈ T P ( m − , k ) ).Indeed, if this was the case, then ( w ′ , w ′ ) ∈ R ′ (see definition of R ′ ) in contradiction with w ′ ∈ R ′ ( w ′ )| T \ R ′ ( w ′ ) . Then w ′ ∈ G T and we conclude that R ′ ( w ′ )| T \ R ′ ( w ′ ) = G T and R ′ ( w ′ ) \ R ′ ( w ′ ) = (cid:208) T ∈ T P ( m − , k ) G T . By construction, every world w ′ ∈ R ′ ( w ) can appear in at most one set in {G T | T ′ ∈ T P ( m − , k )} and hence | R ′ ( w ′ ) \ R ′ ( w ′ )| = (cid:205) T ∈ T P ( m − , k ) |G T | . We can now applythe fifth property of ( ⋆ ⋆ ⋆ ), i.e. min (| R ( w )| T \ R ( w )| , k ) = min (|G T | , k ) that, together with k ≥ | R ( w )| T \ R ( w )| = | R ′ ( w ′ ) \ R ′ ( w ′ )| =
0. As bydefinition R ′ ( w ′ ) ⊆ R ′ ( w ′ ) , this ends the proof of (2).In order to conclude the proof, let us prove (1) and this is done by constructing a g-bisimulation Z , . . . , Z m up to ( m , k , P ) between ( W , R , V ) and ( W ′ , R ′ , V ′ ) such that { w }Z m { w ′ } . Here, we iteratively construct the g-bisimulation starting from thesets Z ji = {( w , w ′ )} (for every i ∈ [ , k ] and j ∈ [ , m ] ). During the construction we make sure to always preserve the satisfactionof the conditions (init), (refine), (size) and (atoms). Notice that these conditions hold for our initial sequence of relations. In ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti particular, (atoms) holds as by hypothesis there is T ∈ T P ( m , k × (| T P ( m − , k )| + )) such that {( M , w ) , ( M ′ , w ′ )} ⊆ T andhence M , w ⇆ P m , k ×(| T P ( m − , k )| + ) M ′ , w ′ . The construction can be split into four steps: m-forth-step: Let X ⊆ R ( w ) be a set such that | X | ∈ [ , k ] . As required by the condition (m-forth), we want to pair thisset with a suitable subset Y ⊆ R ′ ( w ) of cardinality | X | so that it is possible to then satisfy the conditions (g-forth)and (g-back). Let us consider the partition of X defined as { X T ▶ T ′ | T ∈ T P ( m − , k ) and T ′ ∈ T P ( m − , k )} where X T ▶ T ′ = X ∩ R ( w )| T ▶ T ′ . We consider the set R ′ ( w ′ )| T (cid:59) T ′ and select | X T ▶ T ′ | worlds appearing in one of its pairs (whichare of the form ( R ′ , w ′ , w ′ ) ). Let Y T (cid:59) T ′ be the set of these selected worlds. By ( ⋆ ⋆ ⋆ ) this set is guaranteed to exist and issuch that every world w ′ in it is also in R ′ ( w ′ ) . Let Y = (cid:208) T ∈ T P ( m − , k ) , T ′ ∈T P ( m − , k ) Y T (cid:59) T ′ . It is easy to see that | X | = | Y | .For every j ∈ [ , m − ] we add ( X , Y ) to Z j | X | . m-back-step: Let Y ⊆ R ′ ( w ) be a set such that | Y | ∈ [ , k ] . Let us follow the condition (m-back) symmetrically to what wasdone for the condition (m-forth) in the previous step of the construction. Let us first consider the partition of Y defined as { Y T (cid:59) T ′ | T ∈ T P ( m − , k ) and T ′ ∈ T P ( m − , k )} where Y T (cid:59) T ′ = Y ∩ { w ′ | ( R ′ , w ′ , w ′ ) ∈ R ′ ( w ′ )| T (cid:59) T ′ for some R ′ , w ′ } .We select a subset X T ▶ T ′ of R ( w )| T ▶ T ′ having cardinality | Y T (cid:59) T ′ | , which is guaranteed to exist by ( ⋆ ⋆ ⋆ ). Let X = (cid:208) T ∈ T P ( m − , k ) , T ′ ∈T P ( m − , k ) X T ▶ T ′ . It is easy to see that | Y | = | X | . For every j ∈ [ , m − ] we add ( X , Y ) to Z j | Y | . g-forth-step: From the first two steps of the construction, the set Z ji was updated with new pairs ( X , Y ) where everyelement in X is from R ( w ) and every element of Y is from R ′ ( w ) . Consider then one of these pairs ( X , Y ) and let w ∈ X .There is T ∈ T P ( m − , k ) and T ′ ∈ T P ( m − , k ) such that w ∈ R ( w )| T ▶ T ′ . By construction (first and second stepsabove), there is w ′ ∈ Y such that for some R ′ , w ′ ⊆ R ′ it holds that ( R ′ , w ′ , w ′ ) ∈ R ′ ( w ′ )| T (cid:59) T ′ . Again, by applying ( ⋆ ⋆ ⋆ )we obtain that ( W , R , V ) , w ⇆ P m − , k ( W ′ , R , w ′ , V ′ ) , w ′ . Since by definition R ′ , w ′ = R ′ | w ′ and from Lemma D.2 weobtain ( W , R , V ) , w ⇆ P m − , k ( W ′ , R ′ , V ′ ) , w ′ . Then, let K , . . . , K m − be the g-bisimulation up to ( m − , k , P ) between ( W , R , V ) and ( W ′ , R ′ , V ′ ) such that { w }K m − { w ′ } . For every i ∈ [ , k ] and every j ∈ [ , m − ] , update Z ji to Z ji ∪ K ji . g-back-step: Symmetrically to the previous point of the construction, let us consider again a pair ( X , Y ) introduced by oneof the two steps (m-forth-step) and (m-back-step). Let w ′ ∈ Y . Then there is T ∈ T P ( m − , k ) and T ′ ∈ T P ( m − , k ) and R ′ , w ′ ⊆ R ′ such that ( R ′ , w ′ , w ′ ) ∈ R ′ ( w ′ )| T (cid:59) T ′ . By construction (steps (m-forth-step) and (m-back-step)), there is w ∈ X such that w ∈ R ′ ( w )| T ▶ T ′ . Then by ( ⋆⋆⋆ ), we obtain that ( W , R , V ) , w ⇆ P m − , k ( W ′ , R , w ′ , V ′ ) , w ′ . Again, by definition R ′ , w ′ = R ′ | w ′ and from Lemma D.2 we obtain ( W , R , V ) , w ⇆ P m − , k ( W ′ , R ′ , V ′ ) , w ′ . Then, let K , . . . , K m − be theg-bisimulation up to ( m − , k , P ) between ( W , R , V ) and ( W ′ , R ′ , V ′ ) such that { w }K m − { w ′ } . For every i ∈ [ , k ] andevery j ∈ [ , m − ] , update Z ji to Z ji ∪ K ji .It is simple to see that this construction leads to a sequence of relations Z , . . . , Z m that is a g-bisimulation up to ( m , k , P ) between ( W , R , V ) and ( W ′ , R ′ , V ′ ) such that { w }Z m { w ′ } . Indeed, the conditions (init), (refine), (size) and (atoms) hold atany point during the construction. For the other condition, let ( X , Y ) be a pair in some Z ji . If it was not introduced by the firsttwo steps of the construction, then ( X , Y ) is a member of some set K ji ⊆ Z ji that is used in a g-bisimulation whose elementsare all used to construct Z , . . . , Z m (third and fourth point of the proof). Hence, w.r.t. ( X , Y ) no condition can be violated. Ifinstead ( X , Y ) is added to the g-bisimulation during the first and second point of the construction, then by construction it iseasy to check that it satisfies all the conditions. Therefore ( W , R , V ) , w ⇆ P m , k ( W ′ , R ′ , V ′ ) , w ′ , which ends the proof of thewhole lemma. □ D.2 Proof of Lemma 5.2
Proof. If k =
0, then the proof is by an easy verification as the formula φ from the statement is logically equivalent toa formula from the propositional calculus (each subformula (cid:51) ≥ ψ is logically equivalent to ⊤ ). Otherwise ( k ≥ k + = k × (| T P ( m − , k )| + ) . As, ≡ P m , k + and ⇆ P m , k + are identical relations, there is a finite set { χ , . . . , χ Q } ⊆ GML [ m , k + , P ] such that • χ ∨ · · · ∨ χ Q is valid, and each χ i is satisfiable, • for all i (cid:44) j ∈ [ , Q ] , χ i ∧ χ j is unsatisfiable, • ( M , w ) ≡ P m , k + ( M ′ , w ′ ) iff there is i such that ( M , w ) | = χ i and ( M ′ , w ′ ) | = χ i .This is a direct consequence of Proposition D.1 containing results established in [21]. Let ψ be the formula (cid:212) { χ i | ∃ M , w s . t . M , w | = χ i ∧ φ } . An empty disjunction is understood as ⊥ .Now, we show that ψ is logically equivalent to φ . Suppose that M , w | = φ . As χ ∨ · · · ∨ χ Q is valid, there is i ∈ [ , Q ] such that M , w | = χ i . Therefore χ i occurs in ψ and consequently, M , w | = ψ . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Conversely, suppose that M , w | = ψ with M = ( W , R , V ) . So, there is χ i occuring in ψ such that M , w | = χ i and there exist amodel M ′ = ( W ′ , R ′ , V ′ ) and w ′ ∈ W ′ such that M ′ , w ′ | = χ i ∧ φ . So, ( M , w ) ≡ P m , k + ( M ′ , w ′ ) . By the definition of the satisfactionrelation | = , there is R ′ ⊆ R ′ such that R ′ ( w ′ ) = R ′ ( w ′ ) and ( W ′ , R ′ , V ′ ) , w ′ | = φ . All the assumptions of Lemma 5.1 apply andtherefore, there is R ⊆ R such that R ( w ) = R ( w ) , ( W , R , V ) , w ⇆ P m , k ( W ′ , R ′ , V ′ ) , w ′ and ( W , R , V ) , w ≡ P m , k ( W ′ , R ′ , V ′ ) , w ′ .As φ belongs to GML [ m , k , P ] , we also get that ( W , R , V ) , w | = φ . But then by definition of | = , we conclude that M , w | = φ . □ D.3 Proof of ML (∗) ⪯ GML
Lemma D.3. ML (∗) ⪯ GML .Proof.
Let φ be a formula in ML (∗) . As (cid:51) ψ ≡ (cid:51) ≥ ψ , we can replace every occurrence of the modality (cid:51) appearing in φ withthe modality (cid:51) ≥ . Moreover, by Lemma 2.2, we can replace every subformula of the form ψ ∗ χ with the formula ( ψ χ ) . Inthis way, we obtain a formula φ ′ that is equivalent to φ and where all the modalities are of the form (cid:51) ≥ , and . If φ ′ has nooccurrence of or , we are done. Otherwise, let ψ be a subformula of φ ′ of the form ( φ φ ) where φ and φ are in GML . • By Theorem 3.2, there is a formula ψ ′ in GML such that ψ ′ ≡ φ φ . • By Lemma 5.2 there is a formula ψ ′′ in GML such that ψ ′′ ≡ ψ ′ .One can show that φ ′ ≡ φ ′ [ ψ ← ψ ′′ ] , where φ ′ [ ψ ← ψ ′′ ] is obtained from φ ′ by replacing every occurrence of ψ by ψ ′′ . Notethat the number of occurrences of and in φ ′ [ ψ ← ψ ′′ ] is strictly less than the number of occurrences of and in φ ′ . Byrepeating such a type of replacement, eventually we obtain a formula φ ′′ in GML such that φ ′ ≡ φ ′′ . Indeed, all the occurrencesof and only appear as instances of the pattern ( ψ χ ) . Hence, we get a formula in GML logically equivalent to φ . □ D.4 Proof that ML (∗)[ m , s , P ] is finite up to logical equivalenceLemma D.4. ML (∗)[ m , s , P ] is finite up to logical equivalence.Proof. This proof is standard and relies on the analogous result from classical logic [33]:( ⋆ ): given a finite set of formulae X there are only finitely many Boolean combinations of formulaefrom X , up to logical equivalence.The proof of the lemma is by induction on ( m , s ) . For the base case, i.e. ( , ) , every formula of ML (∗)[ , , P ] is by definition aBoolean combination of formulae from P . Then by ( ⋆ ) this set of formulae is clearly finite up to logical equivalence. For theinduction step, we divide the set of formulae of ML (∗)[ m , s , P ] in three disjoint sets and we show that each of them is finite upto logical equivalence.1. We consider the set of formulae dominated by the operator (cid:51) , i.e. the set of every formula φ that is syntacticallyequivalent to (cid:51) ψ for some ψ ∈ ML (∗)[ m − , s , P ] . By the induction hypothesis, there are only finitely many such ψ upto logical equivalence. Hence, the set of formulae dominated by (cid:51) is finite up to logical equivalence.2. We consider the set of formulae dominated by the operator ∗ , i.e. the set of every formula φ that is syntactically equivalentto ψ ∗ χ for some ψ ∈ ML (∗)[ m , s ′ , P ] and ψ ∈ ML (∗)[ m , s ′′ , P ] such that max ( s ′ , s ′′ ) = s −
1. By the induction hypothesis,there are only finitely many such ψ and χ up to logical equivalence. Hence, the set of formulae dominated by the operator ∗ is finite up to logical equivalence.3. Lastly, we consider the set of formulae of ML (∗)[ m , s , P ] that are not dominated by (cid:51) or ∗ operators. Each formula φ of this set is therefore a Boolean combination of formulae φ , . . . , φ n of ML (∗)[ m , s , P ] that are dominated by (cid:51) or ∗ operators (hence every of these formulae are different form φ ). From the previous two cases, the set of such φ , . . . , φ n formulae is finite up to logical equivalence. Then, by ( ⋆ ) we conclude that the set of formulae of ML (∗)[ m , s , P ] that arenot dominated by (cid:51) or ∗ operators is also finite up to logical equivalence, concluding the proof. □ D.5 Characteristic formulae
As usual, thanks to Lemma D.4, given a pointed forest ( M , w ) , we can define a finite characteristic formula Π ( M , w ) P m , s in ML (∗)[ m , s , P ] that is logically equivalent to the infinite conjunction (cid:211) { φ ∈ ML (∗)[ m , s , P ] | M , w | = φ } . Notice that Π ( M , w ) P m , s is in ML (∗)[ m , s , P ] . Moreover, we can prove the following result. Lemma D.5.
Let ( M , w ) and ( M ′ , w ′ ) be two pointed forests. For every rank ( m , s , P ) it holds that • M , w | = Π ( M , w ) P m , s ; • M , w | = Π ( M ′ , w ′ ) P m , s iff M ′ , w ′ | = Π ( M , w ) P m , s .Proof. This proof is standard. The first part of the lemma follows directly by definition of the characteristic formulae. For thesecond part, by symmetry we just need to show one direction. Assume that M , w | = Π ( M ′ , w ′ ) P m , s . Let ψ ∈ ML (∗)[ m , s , P ] such ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti that M , w | = ψ . To prove the result it is sufficient to show that then M ′ , w ′ | = ψ . Ad absurdum, suppose that M ′ , w ′ ̸| = ψ . Bydefinition M ′ , w ′ | = ¬ ψ and notice that ¬ ψ ∈ ML (∗)[ m , s , P ] . Therefore from the equivalence Π ( M ′ , w ′ ) P m , s ≡ (cid:211) { φ ∈ ML (∗)[ m , s , P ] | M ′ , w ′ | = φ } , it is easy to see that Π ( M ′ , w ′ ) P m , s ⇒ ¬ ψ is a tautology. From M , w | = Π ( M ′ , w ′ ) P m , s we then derive that M , w | = ¬ ψ , incontradiction with the hypothesis M , w | = ψ . Hence, M ′ , w ′ | = ψ . □ D.6 Proof of Lemma 5.3
Proof.
We first prove that the games are sound (right to left direction).If there is φ ∈ ML (∗)[ m , s , P ] s.t. M , w | = φ and M ′ , w ′ ̸| = φ then ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) The proof is rather standard and is done by structural induction on φ . Base case: φ = p , where p ∈ P . Then by hypothesis M , w | = p and M ′ , w ′ ̸| = p and the spoiler wins from the condition of thegame imposed before each round. Induction case: φ = ψ ∧ χ . By hypothesis M , w | = ψ ∧ χ whereas M ′ , w ′ ̸| = ψ or M ′ , w ′ ̸| = χ . In both cases ( M ′ , w ′ ̸| = ψ or M ′ , w ′ ̸| = χ ), by the induction hypothesis the spoiler has a winning strategy for (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) , i.e. ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) . Induction case: φ = ¬ ψ . By hypothesis M , w ̸| = ψ whereas M ′ , w ′ | = ψ . Then by symmetry and by the induction hypothesis ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) . Induction case: φ = (cid:51) ψ . By hypothesis M , w | = (cid:51) ψ and M ′ , w ′ ̸| = (cid:51) ψ . Then there is a world w accessible from w and suchthat M , w | = ψ . Moreover by definition the modal depth of (cid:51) ψ is at least 1 and the spoiler can play a modal move.Then, the spoiler chooses the structure ( M , w ) and chooses exactly w . The duplicator has then to reply by choosing aworld w ′ accessible from w ′ (otherwise the spoiler wins and the result clearly follows). Since M ′ , w ′ ̸| = (cid:51) ψ , it holds that M ′ , w ′ ̸| = ψ . By the induction hypothesis, it holds that ( M , w ) (cid:48) P m − , s ( M ′ , w ′ ) . Hence, by choosing w , the spoiler buildsa winning strategy for the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) . Induction case: φ = ψ ∗ χ . By hypothesis, M , w | = ψ ∗ χ and M ′ , w ′ ̸| = ψ ∗ χ . Then, there are M and M such that M + M = M , M , w | = ψ and M , w | = χ . Moreover, by definition, the number of nested stars in ψ ∗ χ is at least1 and therefore the spoiler can play a spatial move. The spoiler chooses the structure ( M , w ) and chooses exactly M and M . The duplicator has then to reply by choosing two structures M ′ and M ′ such that M ′ + M ′ = M ′ .Since M ′ , w ′ ̸| = ψ ∗ χ , either M ′ , w ′ ̸| = ψ or M ′ , w ′ ̸| = χ . If the former holds, then by the induction hypothesis, ( M , w ) (cid:48) P m , s − ( M ′ , w ′ ) . Hence, by choosing to continue the game on (( M , w ) , ( M ′ , w ′ ) , ( m , s − , P )) the spoiler built awinning strategy for the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) . Symmetrically, if instead M ′ , w ′ ̸| = χ then by the induction hy-pothesis ( M , w ) (cid:48) P m , s − ( M ′ , w ′ ) . Hence, by choosing to continue the game on (( M , w ) , ( M ′ , w ′ ) , ( m , s − , P )) , the spoilerbuilds a winning strategy for the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) . In either case, we conclude that ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) .We now prove that the games are complete (left to right direction).If ( M , w ) (cid:48) P m , s ( M ′ , w ′ ) then there is φ ∈ ML (∗)[ m , s , P ] s.t. M , w | = φ and M ′ , w ′ ̸| = φ Again, the proof is rather standard and it is by induction on ( m , s ) and by cases on the first move that the spoiler makes in hiswinning stategy for the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) . Base case: m = and s = . Since the spoiler has a winning strategy, in particular it wins the game of rank ( , , P ) andtherefore by definition of the game it must hold that there is a propositional symbol p ∈ P such that M , w | = p iff M ′ , w ′ ̸| = p . If M , w | = p , then φ (as in the statement) is p . Otherwise (i.e. M ′ , w ′ | = p ) we take φ = ¬ p .Notice that this case also holds for games on arbitrary rank ( m , s , P ) : the spoiler wins simply from the conditions of thegame that are imposed before each round. Induction case: the spoiler plays a modal move.
Notice that then m ≥
1. Suppose that, by following its strategy, thespoiler chooses ( M , w ) and a world w accessible from w . By Lemma D.5, we have that M , w | = Π ( M , w ) P m − , s . Let φ bedefined as the formula (cid:51) Π ( M , w ) P m − , s . By definition, M , w | = φ and φ ∈ ML (∗)[ m , s , P ] . Ad absurdum, suppose that M ′ , w ′ | = φ . Then there is a world w ′ accessible from w ′ such that M ′ , w ′ | = Π ( M , w ) P m − , s . By Lemma D.5 there is noformula in ML (∗)[ m − , s , P ] that can discriminate between ( M , w ) and ( M ′ , w ′ ) . As our games are determined, by theinduction hypothesis this implies that the duplicator has a winning strategy for the game (( M , w ) , ( M ′ , w ′ ) , ( m − , s , P )) .This is contradictory, as by hypothesis the spoiler has a winning strategy and the move it played is part of this strategy.Hence, M , w | = φ and M ′ , w ′ ̸| = φ . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany The proof is analogous for the case where the spoiler chooses ( M ′ , w ′ ) and a world w ′ accessible from w . In this casewe obtain M , w ̸| = ψ and M ′ , w ′ | = ψ , where ψ is defined as (cid:51) Π ( M ′ , w ′ ) P m − , s . Hence, we take φ (as in the statement)defined as ¬ ψ . Induction case: the spoiler plays a spatial move.
Notice that then s ≥
1. Suppose that, by following its strategy, thespoiler chooses ( M , w ) and two finite forests M and M such that M + M = M . Recall that, by Lemma D.5, M , w | = Π ( M , w ) P m , s − and M , w | = Π ( M , w ) P m , s − . Let φ be defined as Π ( M , w ) P m , s − ∗ Π ( M , w ) P m , s − . By definition M , w | = φ and φ ∈ ML (∗)[ m , s , P ] . Ad absurdum, suppose that M ′ , w ′ | = φ . Then there are M ′ and M ′ such that M ′ + M ′ = M ′ , M ′ , w ′ | = Π ( M , w ) P m , s − and M ′ , w ′ | = Π ( M , w ) P m , s − . Then, by Lemma D.5, there is no formula in ML (∗)[ m , s − , P ] that can discriminate between ( M , w ) and ( M ′ , w ′ ) , or that can discriminate between ( M , w ) and ( M ′ , w ′ ) . As ourgames are determined, by the induction hypothesis this implies that the duplicator has a winning strategy for both thegames (( M , w ) , ( M ′ , w ′ ) , ( m , s − , P )) and (( M , w ) , ( M ′ , w ′ ) , ( m , s − , P )) . This leads to a contradiction, as by hypothesisthe spoiler has a winning strategy and the move it played is part of this strategy. Hence, M , w | = φ and M ′ , w ′ ̸| = φ .The proof is analogous for the case where the spoiler chooses ( M ′ , w ′ ) and two finite forests M ′ and M ′ such that M ′ + M ′ = M ′ . In this case we obtain M , w ̸| = ψ and M ′ , w ′ | = ψ where ψ is defined as Π ( M ′ , w ′ ) P m , s − ∗ Π ( M ′ , w ′ ) P m , s − .Hence, we take φ (as in the statement) defined as ¬ ψ . □ D.7 Proof of Lemma 5.4
Proof.
As usual, the non-expressivity of (cid:51) = (cid:51) = ⊤ is shown by proving that for every rank ( m , s , P ) there are two structures ( M , w ) and ( M ′ , w ′ ) such that • ( M , w ) ≈ P m , s ( M ′ , w ′ ) , and • M , w | = (cid:51) = (cid:51) = ⊤ whereas M ′ , w ′ ̸| = (cid:51) = (cid:51) = ⊤ .Here, we divide the proof into two parts, named below (A) and (B). We start with some preliminary definitions. Let M = ( W , R , V ) be a finite forest and w ∈ W . We denote with R ( w ) = n the set of worlds in R ( w ) having exactly n children, i.e. { w ∈ R ( w ) | | R ( w )| = n } . During the proof, we only use pointed forests ( M , w ) satisfying the following properties:I V ( p ) = ∅ for every p ∈ AP;II R ( w ) = , R ( w ) = and R ( w ) = form a partition of R ( w ) ;III R ( w ) = ∅ , i.e. the set of worlds reachable from w in at least three steps is empty.Below, we represent schematically the models satisfying the properties I, II and III (notice that each world does not satisfy anypropositional symbol). w . . . . . . . . . R ( w ) = R ( w ) = R ( w ) = Let us consider two models M = ( W , R , V ) and M = ( W , R , V ) such that M + M = M . We pinpoint three importantproperties of the models we are considering. S1:
Every world in R ( w ) = is either in R ( w ) = or R ( w ) = ; S2:
Every world w ∈ R ( w ) = is in R ( w ) = , R ( w ) = , R ( w ) = or in R ( w ) = . Indeed, suppose ( w , w ) ∈ R i (for some i ∈ { , } ).If w is in the domain of the same relation R i then w ∈ R i ( w ) = . Otherwise ( w is in the domain of R − i ) then w ∈ R i ( w ) = . S3:
Every world in R ( w ) = is in R ( w ) = , R ( w ) = , R ( w ) = , R ( w ) = , R ( w ) = or R ( w ) = . The justification is similar to theone given above for R ( w ) = . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
We first prove the following property:(A): Given a rank ( m , s , P ) and two pointed forests ( M = ( W , R , V ) , w ) and ( M ′ = ( W ′ , R ′ , V ′ ) , w ′ ) satisfying I, II and III, if • min (| R ( w ) = | , s ) = min (| R ′ ( w ′ ) = | , s ) ; • min (| R ( w ) = | , s ( s + )) = min (| R ′ ( w ′ ) = | , s ( s + )) ; • min (| R ( w ) = | , s − ( s + )( s + )) = min (| R ′ ( w ′ ) = | , s − ( s + )( s + )) then ( M , w ) ≈ P m , s ( M ′ , w ′ ) First, as worlds in our models do not satisfy any propositional symbol, the spoiler cannot win because of distinct propositionalvaluations. The proof is by cases on m and on the moves done by the spoiler, and by induction on s . First, suppose m =
0. Thenit is easy to see that the duplicator has a winning strategy. Indeed, as m =
0, the spoiler cannot play the modal move andtherefore cannot change the current worlds w and w ′ . Then, after s spatial moves the game will be in the state ( M , w ) and ( M ′ , w ′ ) w.r.t. the rank ( , , P ) . From I we conclude that the duplicator wins.Suppose now m ≥ s = ( M , w ) (thecase where it picks ( M ′ , w ′ ) is analogous). We have to distinguish the following situations. • Suppose that the spoiler chooses a world w ∈ R ( w ) = . Then | R ( w ) = | ≥ (| R ( w ) = | , s ) = min (| R ′ ( w ′ ) = | , s ) , it follows that | R ′ ( w ′ ) = | ≥
1. It is then sufficient for the duplicator to choose w ∈ R ′ ( w ′ ) = toguarantee him a victory, as the subtrees rooted in w and w ′ are isomorphic. • Suppose that the spoiler chooses a world w ∈ R ( w ) = . Then | R ( w ) = | ≥ (| R ( w ) = | , s ( s + )) = min (| R ′ ( w ′ ) = | , s ( s + )) , it follows that | R ′ ( w ′ ) = | ≥
1. Then again, it is sufficient for the duplicator to choose w ∈ R ′ ( w ′ ) = to guarantee him a victory, as the subtrees rooted in w and w ′ are isomorphic. • Suppose that the spoiler chooses a world w ∈ R ( w ) = . Then | R ( w ) = | ≥ (| R ( w ) = | , s − ( s + )( s + )) = min (| R ′ ( w ′ ) = | , s − ( s + )( s + )) , it follows that | R ′ ( w ′ ) = | ≥ s − ( s + )( s + ) = s = w ∈ R ′ ( w ′ ) = to guarantee him a victory, as the subtreesrooted in w and w ′ are isomorphic.As stated before, the case where the spoiler decides to perform a modal move also captures the base case of the inductionon s . Then, it remains to show the case where s ≥ ( M , w ) (the case where it picks ( M ′ , w ′ ) is analogous). It then picks two structures M = ( W , R , V ) and M = ( W , R , V ) such that M + M = M . Notice that these two structures are such what both ( M , w ) and ( M , w ) satisfy I, IIand III, as it is easy to see that these three properties are all preserved when taking submodels. The duplicator has now to picktwo structures M ′ = ( W ′ , R ′ , V ′ ) and M ′ = ( W ′ , R ′ , V ′ ) such that M ′ + M ′ = M ′ and that guarantees him a victory. It does soby constructing R ′ and R ′ as follows (from the empty set): Split of R ′ ( w ) = . We introduce the sets R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = . It is easy to see that these sets are pairwise disjoint. From (S1) it follows that R ( w ) = = ( R ( w ) = ∩ R ( w ) = ) ∪ ( R ( w ) = ∩ R ( w ) = ) .The duplicator start by partitioning R ′ ( w ) = into two sets Z and Z according to the cardinalities of the two componentsof R ( w ) = highlighted above, namely the two sets R ( w ) = ∩ R ( w ) = and R ( w ) = ∩ R ( w ) = . • Suppose that | R ( w )| ▶ | < s − and | R ( w )| ▶ | < s − . Hence, | R ( w ) = | < s and by hypothesis | R ′ ( w ′ ) = | = | R ( w ) = | .Then the split of R ′ ( w ) = into Z and Z is made so that | Z | = | R ( w )| ▶ | and | Z | = | R ( w )| ▶ | . • Suppose that there is i ∈ { , } such that | R i ( w )| ▶ | < s − and | R j ( w )| ▶ | ≥ s − , where j = − i is the index of theother set. Then the split of R ′ ( w ) = into Z i and Z j is made so that | Z i | = | R i ( w )| ▶ | . Notice that by hypothesis on thecardinality of R ′ ( w ) = it holds that | Z j | ≥ s − (otherwise min (| R ( w ) = | , s ) (cid:44) min (| R ′ ( w ′ ) = | , s ) ). • Suppose that | R ( w )| ▶ | ≥ s − and | R ( w )| ▶ | ≥ s − . Then the split of R ′ ( w ) = into Z and Z is made so that | Z | = s − . Notice that by hypothesis on the cardinality of R ′ ( w ) = it holds that | Z j | ≥ s − .For each w ′ ∈ Z , the duplicator adds ( w ′ , w ′ ) to R ′ . For each w ′ ∈ Z , it adds ( w ′ , w ′ ) to R ′ . Notice that by constructionthe two sets introduced are always such that Z1: min (| R ( w )| ▶ | , s − ) = min (| Z | , s − ) Z2: min (| R ( w )| ▶ | , s − ) = min (| Z | , s − ) . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany Split of R ′ ( w ) = . We introduce the following sets: R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = . It is easy to see that these sets are pairwise disjoint. From (S2) it follows that R ( w ) = = R ( w )| ▶ ∪ R ( w )| ▶ ∪ R ( w )| ▶ ∪ R ( w )| ▶ . The duplicator starts by partitioning R ′ ( w ) = into four sets Z ′ , Z ′ , O and O according to the cardinalities of thefour sets above (‘Z’ for ‘zero’, ‘O’ for ’one’). In order to shorten the presentation, instead of concretely make ex-plicit all the cases as we did in the previous point of the construction, we treat them “schematically”. Let X = { R ( w )| ▶ , R ( w )| ▶ , R ( w )| ▶ , R ( w )| ▶ } and let f be the bijection f ( R ( w )| ▶ ) def = Z ′ , f ( R ( w )| ▶ ) def = Z ′ f ( R ( w )| ▶ ) def = O , f ( R ( w )| ▶ ) def = O .Moreover, we define ( B stands for “bound”) B( R ( w )| ▶ ) def = B( R ( w )| ▶ ) def = s − B( R ( w )| ▶ ) def = B( R ( w )| ▶ ) def = s − s . So, these definitions (actually notations) are helpful at the metalevel. Besides, notice that, from s ≥
1, it holds that 2 s − and 2 s − s are both at least 1. • Suppose that for every set S ∈ X it holds that | S | < B( S ) . Then, since it holds that | R ( w ) = | = | R ( w )| ▶ | + | R ( w )| ▶ | + | R ( w )| ▶ | + | R ( w )| ▶ | it holds that | R ( w ) = | < s − + s − + s − s + s − s = s ( s + ) and therefore by hypothesis we conclude that | R ( w ) = | = | R ′ ( w ′ ) = | . Then, the split of R ′ ( w ′ ) = into Z ′ , Z ′ , O and O is made so that for every S ∈ X , | f ( S )| = | S | . • Suppose instead that there is (cid:98) S ∈ X such that | (cid:98) S | ≥ B( (cid:98) S ) . Then, the split of R ′ ( w ′ ) = into Z ′ , Z ′ , O and O is made sothat for every S ∈ X \ { (cid:98) S } , | f ( S )| = min (| S | , B( S )) . From the hypothesismin (| R ( w ) = | , s ( s + )) = min (| R ′ ( w ′ ) = | , s ( s + )) we conclude that this construction can be effectively made and it is such that | f ( (cid:98) S )| ≥ B( (cid:98) S ) .For each w ′ ∈ Z ′ , the duplicator adds ( w ′ , w ′ ) to R ′ and the only element of R ′ | w ′ to R ′ . For each w ′ ∈ Z ′ , it adds ( w ′ , w ′ ) to R ′ and the only element of R ′ | w ′ to R ′ . For each w ′ ∈ O , it adds ( w ′ , w ′ ) and the only element of R ′ | w ′ to R ′ .Lastly, for each w ′ ∈ O , it adds ( w ′ , w ′ ) and the only element of R ′ | w ′ to R ′ . Notice that by construction the four setsintroduced are always such that Z11: min (| R ( w )| ▶ | , s − ) = min (| Z ′ | , s − ) Z21: min (| R ( w )| ▶ | , s − ) = min (| Z ′ | , s − ) O1: min (| R ( w )| ▶ | , s − s ) = min (| O | , s − s ) O2: min (| R ( w )| ▶ | , s − s ) = min (| O | , s − s ) or, more schematically, for every S ∈ X , min (| S | , B( S )) = min (| f ( S )| , B( S )) . Split of R ′ ( w ) = . Similarly to the previous steps, we introduce the following sets: R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = R ( w )| ▶ def = R ( w ) = ∩ R ( w ) = . It is easy to see that these sets are pairwise disjoint. From (S3) it follows that R ( w ) = = R ( w )| ▶ ∪ R ( w )| ▶ ∪ R ( w )| ▶ ∪ R ( w )| ▶ ∪ R ( w )| ▶ ∪ R ( w )| ▶ The duplicator starts by partitioning R ′ ( w ) = into six sets Z ′′ , Z ′′ , O ′ , O ′ , T and T according to the cardinalities of thesix sets above (‘T’ for ‘two’). Again, to shorten the presentation we introduce the set X = { R ( w )| ▶ , R ( w )| ▶ , R ( w )| ▶ , R ( w )| ▶ , R ( w )| ▶ , R ( w )| ▶ } ,and the bijection f such that f ( R ( w )| ▶ ) def = Z ′′ , f ( R ( w )| ▶ ) def = Z ′′ f ( R ( w )| ▶ ) def = O ′ , f ( R ( w )| ▶ ) def = O ′ , f ( R ( w )| ▶ ) def = T , f ( R ( w )| ▶ ) def = T .Moreover, we define B( R ( w )| ▶ ) def = B( R ( w )| ▶ ) def = s − B( R ( w )| ▶ ) def = B( R ( w )| ▶ ) def = s − s B( R ( w )| ▶ ) def = B( R ( w )| ▶ ) def = s − s ( s + ) ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Notice that, from s ≥
1, it holds that 2 s − , 2 s − s and 2 s − s ( s + ) are both at least 1. • Suppose that for every set S ∈ X it holds that | S | < B( S ) . Then, since | R ( w ) = | is | R ( w )| ▶ | + | R ( w )| ▶ | + | R ( w )| ▶ | + | R ( w )| ▶ | + | R ( w )| ▶ | + | R ( w )| ▶ | it holds that | R ( w ) = | < × s − + × s − s + × s − s ( s + ) = s − ( s + )( s + ) and therefore by hypothesis we conclude that | R ( w ) = | = | R ′ ( w ′ ) = | . Then, the split of R ′ ( w ′ ) = into Z ′′ , Z ′′ , O ′ , O ′ , T and T is made so that for every S ∈ X , | f ( S )| = | S | . • Suppose instead that there is (cid:98) S ∈ X such that | (cid:98) S | ≥ B( (cid:98) S ) . Then, the split of R ′ ( w ′ ) = into Z ′′ , Z ′′ , O ′ , O ′ , T and T ismade so that for every S ∈ X \ (cid:98) S , | f ( S )| = min (| S | , B( S )) . From the hypothesismin (| R ( w ) = | , s − ( s + )( s + )) = min (| R ′ ( w ′ ) = | , s − ( s + )( s + )) we conclude that this construction can be effectively made and it is such that | f ( (cid:98) S )| ≥ B( (cid:98) S ) .Then, the duplicator updates R ′ and R ′ as follows: • For each w ′ ∈ Z ′′ , the duplicator adds ( w ′ , w ′ ) to R ′ and the two elements of R ′ | w ′ to R ′ . • For each w ′ ∈ Z ′′ , it adds ( w ′ , w ′ ) to R ′ and the two elements of R ′ | w ′ to R ′ . • For each w ′ ∈ O ′ , it adds ( w ′ , w ′ ) and one of the two elements of R ′ | w ′ to R ′ . The other element of R ′ | w ′ is assigned to R ′ . • For each w ′ ∈ O ′ , it adds ( w ′ , w ′ ) and one of the two elements of R ′ | w ′ to R ′ . The other element of R ′ | w ′ is assigned to R ′ . • For each w ′ ∈ T , it adds ( w ′ , w ′ ) to R ′ and the two elements of R ′ | w ′ to R ′ . • For each w ′ ∈ T , it adds ( w ′ , w ′ ) to R ′ and the two elements of R ′ | w ′ to R ′ .Notice that by construction the six sets introduced are always such that Z12: min (| R ( w )| ▶ | , s − ) = min (| Z ′′ | , s − ) Z22: min (| R ( w )| ▶ | , s − ) = min (| Z ′′ | , s − ) O11: min (| R ( w )| ▶ | , s − s ) = min (| O ′ | , s − s ) O21: min (| R ( w )| ▶ | , s − s ) = min (| O ′ | , s − s ) T1: min (| R ( w )| ▶ | , s − s ( s + )) = min (| T | , s − s ( s + )) T2: min (| R ( w )| ▶ | , s − s ( s + )) = min (| T | , s − s ( s + )) or, more schematically, for every S ∈ X , min (| S | , B( S )) = min (| f ( S )| , B( S )) .After these steps, since ( M ′ , w ′ ) satisfies II and III, every element ( w ′ , w ′ ) ∈ R ′ such that w ′ ∈ R ′∗ ( w ) has been assigned toeither R ′ or R ′ . Duplicator then conclude the construction of M ′ and M ′ by assigning the remaining elements of R ′ (i.e. thepairs ( w ′ , w ′ ) ∈ R ′ such that w ′ (cid:60) R ′∗ ( w ) ) to either R ′ or R ′ (for example, it can put all these elements in R ′ ). The two models M ′ and M ′ are now defined and they trivially satisfy I, II and III (as they are submodels of M ′ ). Moreover, by construction it iseasy to verify that: • R ′ ( w ′ ) = = Z + Z ′ + Z ′′ • R ′ ( w ′ ) = = O + O ′ • R ′ ( w ′ ) = = T • for every n > R ′ ( w ′ ) = n = ∅ • R ′ ( w ′ ) = = Z + Z ′ + Z ′′ • R ′ ( w ′ ) = = O + O ′ • R ′ ( w ′ ) = = T • for every n > R ′ ( w ′ ) = n = ∅ Indeed, we specifically built R ′ and R ′ so that these properties (which we later refer to with ( † ):) hold. Now, we end the proofof (A) by showing that for all i ∈ { , } , zero: min (| R i ( w ) = | , s − ) = min (| R ′ i ( w ′ ) = | , s − ) ; one: min (| R i ( w ) = | , s − s ) = min (| R ′ i ( w ′ ) = | , s − s ) ; two: min (| R i ( w ) = | , s − s ( s + )) = min (| R ′ i ( w ′ ) = | , s − s ( s + )) .Indeed, once these three properties are shown we can apply the induction hypothesis to conclude that ( M , w ) ≈ P m , s − ( M ′ , w ′ ) and ( M , w ) ≈ P m , s − ( M ′ , w ′ ) and therefore, the play described with the construction above leads to a winning strategy for theduplicator on the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) , i.e. ( M , w ) ≈ P m , s ( M ′ , w ′ ) . The proof of these three properties is quite easy(each case is similar to the others). Let i ∈ { , } . By using the definitions given during the construction of R ′ and R ′ it holdsthat • R i ( w ) = = R i ( w )| ▶ ∪ R i ( w )| ▶ ∪ R i ( w )| ▶ , and by definition for all j , k ∈ [ , ] such that j (cid:44) k it holds that R i ( w )| j ▶ ∩ R i ( w )| k ▶ = ∅ . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany • R i ( w ) = = R i ( w )| ▶ ∪ R i ( w )| ▶ , and by definition R i ( w )| ▶ ∩ R i ( w )| ▶ = ∅ . • R i ( w )| = = R i ( w )| ▶ .In what follows, we refer to these three properties with ( ‡ ):. proof of (zero). By ( ‡ ), it holds that | R i ( w ) = | = | R i ( w )| ▶ | + | R i ( w )| ▶ | + | R i ( w )| ▶ | . We divide the proof into two cases.For the first case, suppose | R i ( w )| ▶ | < s − , | R i ( w )| ▶ | < s − and | R i ( w )| ▶ | < s − . Then,1. | Z i | = | R i ( w )| ▶ | (by (Z1) or (Z2), depending on whether i = i = | Z ′ i | = | R i ( w )| ▶ | (by (Z11)/(Z21))3. | Z ′′ i | = | R i ( w )| ▶ | (by (Z12)/(Z22))4. | R ′ i ( w ′ ) = | = | R i ( w )| ▶ | + | R i ( w )| ▶ | + | R i ( w )| ▶ | (from (1), (2) and (3), by ( † ))5. | R ′ i ( w ′ ) = | = | R i ( w ) = | (from 4, by ( ‡ )).Otherwise, suppose that there is a set among R i ( w )| ▶ , R i ( w )| ▶ and R i ( w )| ▶ whose cardinality is at least 2 s − . Thenfrom (Z1)/(Z2), (Z11)/(Z21) or (Z12)/(Z22) (depending on whether i = i = s − elements) there is a set among Z i , Z ′ i and Z ′′ i that has cardinality 2 s − . Then, by ( † ) and ( ‡ ) we have that R i ( w ) = and R ′ i ( w ′ ) = have both more than 2 s − elements. proof of (one). By ( ‡ ), it holds that | R i ( w ) = | = | R i ( w )| ▶ | + | R i ( w )| ▶ | . We divide the proof into two cases. First, suppose | R i ( w )| ▶ | < s − s and | R i ( w )| ▶ | < s − s . Then,1. | O i | = | R i ( w )| ▶ | (by (O1) or (O2), depending on whether i = i = | O ′ i | = | R i ( w )| ▶ | (by (O11)/(O21))3. | R ′ i ( w ′ ) = | = | R i ( w )| ▶ | + | R i ( w )| ▶ | (from (1) and (2), by ( † ))4. | R ′ i ( w ′ ) = | = | R i ( w ) = | (from 3, by ( ‡ )).Otherwise, suppose that there is a set among R i ( w )| ▶ and R i ( w )| ▶ whose cardinality is at least 2 s − s . Then from(O1)/(O2) or (O11)/(O21) (depending on whether i = i = s − s elements) there is a setamong O i , O ′ i that has cardinality 2 s − s . Then, by ( † ) and ( ‡ ) we have that R i ( w ) = and R ′ i ( w ′ ) = have both more than2 s − s elements. proof of (two). By ( ‡ ), it holds that | R i ( w ) = | = | R i ( w )| ▶ | . Again we divide the proof into two cases. First, suppose | R i ( w )| ▶ | < s − s ( s + ) . Then,1. | T i | = | R i ( w )| ▶ | (by (T1) or (T2), depending on whether i = i = | R ′ i ( w ′ ) = | = | R i ( w )| ▶ | (from (1), by ( † ))3. | R ′ i ( w ′ ) = | = | R i ( w ) = | (from 2, by ( ‡ )).Otherwise, suppose that | R i ( w )| ▶ | , and hence | R i ( w ) = | , is at least 2 s − s ( s + ) . Then,1. | T i | ≥ s − s ( s + ) (by (T1)/(T2))2. | R ′ i ( w ′ ) = | ≥ s − s ( s + ) (from (1), by ( † )).By relying on the (now proved) validity of (A), we show the following crucial property.(B): Given a rank ( m , s , P ) and two structures ( M = ( W , R , V ) , w ) and ( M ′ = ( W ′ , R ′ , V ′ ) , w ′ ) satisfying I, II and III, if • | R ( w ) = | ≥ s + | R ′ ( w ′ ) = | ≥ s + • | R ( w ) = | = | R ′ ( w ′ ) = | = • | R ( w ) = | ≥ s − ( s + )( s + ) + | R ′ ( w ′ ) = | ≥ s − ( s + )( s + ) + ( M , w ) ≈ P m , s ( M ′ , w ′ ) Notice that (B) implies the statement of the lemma, as M , w | = (cid:51) = (cid:51) = ⊤ whereas M ′ , w ′ ̸| = (cid:51) = (cid:51) = ⊤ . Indeed, ad absurdumsuppose that such an ML (∗) formula φ exists. Let m be its modal degree, s be its maximal number of imbricated ∗ and P be the set of propositional variables occurring in φ . Let us consider two pointed forests ( M , w ) and ( M , w ) such that M , w | = (cid:51) = (cid:51) = ⊤ , M , w ̸| = (cid:51) = (cid:51) = ⊤ and satisfying the conditions in (B). This would lead to a contradiction, as ( M , w ) and ( M , w ) are supposed to satisfy φ (or not) equivalently. ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
The two finite forests of the statement are schematically represented below, with ( M , w ) on the left and ( M ′ , w ′ ) on theright. w . . . . . . ≥ s + ≥ s − ( s + )( s + ) + w ′ . . . . . . ≥ s + ≥ s − ( s + )( s + ) + The proof of (B) is shown by cases on m , s and on the moves done by the spoiler. As in the proof of (A), if m = s spatial moves the game will be in the state ( M , w ) and ( M ′ , w ′ ) (notice that w and w ′ do not change, since m =
0) w.r.t. the rank ( , , P ) . From I, we conclude that the duplicator wins.Now, suppose m ≥ s = ( M , w ) (thecase where it picks ( M ′ , w ′ ) is analogous). Then, suppose that the spoiler chooses a world w ∈ R ( w ) = n for some n ∈ { , , } .It is then sufficient for the duplicator to choose w ∈ R ′ ( w ′ ) = n (which is a non-empty set by hypothesis) to guarantee him avictory, as the subtrees rooted in w and w ′ are isomorphic.It remains to show the strategy for the duplicator when the spoiler decides to perform a spatial move (and therefore s ≥ The spoiler picks ( M , w ) . Notice that then the spoiler chooses the structure such that | R ( w ) = | = ( M ′ , w ′ ) , where we recall that | R ′ ( w ′ ) = | =
1. The idea is to make up for this discrepancy by usingan element of R ′ ( w ′ ) = . Let us see how.For a moment, consider the model obtained from M ′ by removing from R ′ exactly one pair ( w ′ , w ′ ) where w ′ is a worldof R ′ ( w ′ ) = . Formally, we are interested in a model (cid:99) M ′ = ( W ′ , (cid:98) R ′ , V ′ ) such that (cid:98) R ′ = R ′ \ {( w ′ , w ′ )} where ( w ′ , w ′ ) ∈ R ′ and w ′ ∈ R ′ ( w ′ ) = . If the game was played on ( M , w ) and ( (cid:99) M ′ , w ′ ) w.r.t. ( m , s , P ) then it is clear than the duplicatorwould have a winning strategy. Indeed, both ( M , w ) and ( (cid:99) M ′ , w ′ ) satisfy I, II and III. Moreover, • | R ( w ) = | and | (cid:98) R ′ ( w ′ ) = | are both at least 2 s . Notice that by definition (cid:98) R ′ ( w ′ ) = = R ′ ( w ′ ) = . • | R ( w ) = | = | (cid:98) R ′ ( w ′ ) = | =
2. Here, by definition (cid:98) R ′ ( w ′ ) = = R ′ ( w ′ ) = ∪ { w ′ } . • | R ( w ) = | and | (cid:98) R ′ ( w ′ ) = | are both at least 2 s − ( s + )( s + ) . Here, by definition (cid:98) R ′ ( w ′ ) = = R ′ ( w ′ ) = \ { w ′ } .These properties allow us to apply (A) and conclude that ( M , w ) ≈ P m , s ( (cid:99) M ′ , w ′ ) . In particular, in this game, if the spoilerpicks ( M , w ) and chooses M = ( W , R , V ) and M = ( W , R , V ) such that M + M = M , then the duplicator can applythe strategy described in (A) in order to construct two structures (cid:99) M ′ = ( W ′ , (cid:98) R ′ , V ′ ) and (cid:99) M ′ = ( W ′ , (cid:98) R ′ , V ′ ) such that (cid:99) M ′ + (cid:99) M ′ = (cid:99) M ′ and for every i ∈ { , } : • min (| R i ( w ) = | , s − ) = min (| (cid:98) R ′ i ( w ′ ) = | , s − ) ; • min (| R i ( w ) = | , s − s ) = min (| (cid:98) R ′ i ( w ′ ) = | , s − s ) ; • min (| R i ( w ) = | , s − s ( s + )) = min (| (cid:98) R ′ i ( w ′ ) = | , s − s ( s + )) .Notice that these properties, which we later refer to with ( †† ): are exactly (zero), (one) and (two) in the proof of (A).Let us see how to use these pieces of information to derive a strategy for the duplicator in the original game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) .As the spoiler chooses ( M , w ) , it selects M and M such that M + M = M . Consider the two structures (cid:99) M ′ = ( W ′ , (cid:98) R ′ , V ′ ) and (cid:99) M ′ = ( W ′ , (cid:98) R ′ , V ′ ) choosen by the duplicator following the strategy, discussed above, for the game (( M , w ) , ( (cid:99) M ′ , w ′ ) , ( m , s , P )) in the case when the spoiler chooses ( M , w ) and again selects M and M . In particu-lar these structures satisfy ( †† ). Moreover, the two forests (cid:99) M ′ and (cid:99) M ′ are such that (cid:99) M ′ + (cid:99) M ′ = (cid:98) M and therefore (cid:98) R ′ ∪ (cid:98) R ′ = (cid:98) R ′ = R ′ \ {( w ′ , w ′ )} where ( w ′ , w ′ ) ∈ R ′ and w ′ ∈ R ′ ( w ′ ) = . We distinguish two cases. • If w ′ ∈ (cid:98) R ′ ( w ′ ) then in the original game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) , the duplicator replies to M and M with the twoforests M ′ = ( W ′ , R ′ , V ′ ) and M ′ = ( W ′ , R ′ , V ′ ) such that R ′ = (cid:98) R ′ and R ′ = (cid:98) R ′ ∪ {( w ′ , w ′ )} . • Otherwise w ′ ∈ (cid:98) R ′ ( w ′ ) and in the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) the duplicator replies to M and M with the twoforests M ′ = ( W ′ , R ′ , V ′ ) and M ′ = ( W ′ , R ′ , V ′ ) such that R ′ = (cid:98) R ′ ∪ {( w ′ , w ′ )} and R ′ = (cid:98) R ′ . odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany In both cases, as the pair ( w ′ , w ′ ) is in one relation between R ′ and R ′ whereas ( w ′ , w ′ ) is in the other relation, theworld w ′ effectively behaves like if it was a member of the set R ′ ( w ′ ) = instead of R ′ ( w ′ ) = , exactly as in the case of (cid:98) R ′ .In particular, it is easy to see that for i ∈ { , } : | R ′ i ( w ′ ) = | = | (cid:98) R ′ i ( w ′ ) = | | R ′ i ( w ′ ) = | = | (cid:98) R ′ i ( w ′ ) = | | R ′ i ( w ′ ) = | = | (cid:98) R ′ i ( w ′ ) = | Hence, by ( †† ) we have that • min (| R i ( w ) = | , s − ) = min (| R ′ i ( w ′ ) = | , s − ) ; • min (| R i ( w ) = | , s − s ) = min (| R ′ i ( w ′ ) = | , s − s ) ; • min (| R i ( w ) = | , s − s ( s + )) = min (| R ′ i ( w ′ ) = | , s − s ( s + )) .Moreover, M , M , M ′ and M ′ all satisfy I, II and III (as they are submodels of M or M ′ ), we can apply (A) and concludethat ( M , w ) ≈ P m , s − ( M ′ , w ′ ) and ( M , w ) ≈ P m , s − ( M ′ , w ′ ) . Therefore, the play we just described leads to a winningstrategy for the duplicator on the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) , under the hypothesis that the spoiler chooses ( M , w ) . The spoiler picks ( M ′ , w ′ ) . Then, the spoiler chooses the structure such that | R ′ ( w ′ ) = | = ( M , w ) where | R ( w ) = | =
2. The proof is very similar to the previous case, but instead of choosing anelement of R ′ ( w ′ ) = to make up for the discrepancy between | R ( w ) = | and | R ′ ( w ′ ) = | , the duplicator manipulates theadditional element in R ( w ) = so that it becomes a member of R ( w ) = or R ( w ) = . Let us formalise this strategy.For a moment, consider the model obtained from M by removing from R exactly one pair ( w , w ) where w is a worldof R ( w ) = . Formally, we are interested in a model (cid:98) M = ( W , (cid:98) R , V ) such that (cid:98) R = R \ {( w , w )} where ( w , w ) ∈ R and w ∈ R ( w ) = . If the game was played on ( (cid:98) M , w ) and ( M ′ , w ′ ) w.r.t. ( m , s , P ) then it is clear than the duplicator wouldhave a winning strategy. Indeed, both ( (cid:98) M , w ) and ( M ′ , w ′ ) satisfy I, II and III. Moreover, • | (cid:98) R ( w ) = | and | R ′ ( w ′ ) = | are both at least 2 s . Here, by definition, (cid:98) R ( w ) = = R ( w ) = ∪ { w } . • | (cid:98) R ( w ) = | = | R ′ ( w ′ ) = | =
1. Here, by definition (cid:98) R ( w ) = = R ( w ) = \ { w } . • | (cid:98) R ( w ) = | and | R ′ ( w ′ ) = | are both at least 2 s − ( s + )( s + ) . Here, by definiton (cid:98) R ( w ) = = R ( w ) = .These properties allow us to apply (A) and conclude that ( (cid:98) M , w ) ≈ P m , s ( M ′ , w ′ ) . In particular, in this game, if the spoilerpicks ( M ′ , w ′ ) and chooses M ′ = ( W ′ , R ′ , V ′ ) and M ′ = ( W ′ , R ′ , V ′ ) such that M ′ + M ′ = M ′ , then the duplicator canapply the strategy described in (A). Two structures (cid:99) M = ( W , (cid:98) R , V ) and (cid:99) M = ( W , (cid:98) R , V ) are constructed such that (cid:99) M + (cid:99) M = (cid:98) M and for every i ∈ { , } : • min (| (cid:98) R i ( w ) = | , s − ) = min (| R ′ i ( w ′ ) = | , s − ) ; • min (| (cid:98) R i ( w ) = | , s − s ) = min (| R ′ i ( w ′ ) = | , s − s ) ; • min (| (cid:98) R i ( w ) = | , s − s ( s + )) = min (| R ′ i ( w ′ ) = | , s − s ( s + )) .Again, notice that these properties, which we later refer to with ( ‡‡ ), are exactly (zero), (one) and (two) in the proofof (A). Let us see how to use these pieces of information to derive a strategy for the duplicator in the original game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) . As the spoiler chooses ( M ′ , w ′ ) , it selects M ′ and M ′ such that M ′ + M ′ = M ′ . Consider thetwo structures (cid:99) M = ( W , (cid:98) R , V ) and (cid:99) M = ( W , (cid:98) R , V ) choosen by the duplicator following the strategy, discussed above,for the game (( (cid:98) M , w ) , ( M ′ , w ′ ) , ( m , s , P )) in the case when the spoiler chooses ( M ′ , w ′ ) and again select M ′ and M ′ . Inparticular these structures satisfy ( ‡‡ ). Moreover, the two forests (cid:99) M and (cid:99) M are such that (cid:99) M + (cid:99) M = (cid:98) M and therefore (cid:98) R ∪ (cid:98) R = (cid:98) R = R \ {( w , w )} where ( w , w ) ∈ R and w ∈ R ( w ) = . We distinguish two cases. • If w ∈ (cid:98) R ( w ) then in the original game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) , the duplicator replies to M ′ and M ′ with the twostructures M = ( W , R , V ) and M = ( W , R , V ) such that R = (cid:98) R and R = (cid:98) R ∪ {( w , w )} . • Otherwise w ∈ (cid:98) R ( w ) and in the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) the duplicator replies to M ′ and M ′ with the twostructures M = ( W , R , V ) and M = ( W , R , V ) such that R = (cid:98) R ∪ {( w , w )} and R = (cid:98) R .In both cases, as the pair ( w , w ) is in one relation between R and R ′ whereas ( w , w ) is in the other relation, the world w effectively behaves as if it was a member of the set R ( w ) = instead of R ( w ) = , exactly as in the case of (cid:98) R ′ . In particular,it is easy to see that for i ∈ { , } : | R i ( w ) = | = | (cid:98) R i ( w ) = | | R i ( w ) = | = | (cid:98) R i ( w ) = | | R i ( w ) = | = | (cid:98) R i ( w ) = | Hence, by ( ‡‡ ) we have • min (| R i ( w ) = | , s − ) = min (| R ′ i ( w ′ ) = | , s − ) ; • min (| R i ( w ) = | , s − s ) = min (| R ′ i ( w ′ ) = | , s − s ) ; • min (| R i ( w ) = | , s − s ( s + )) = min (| R ′ i ( w ′ ) = | , s − s ( s + )) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Moreover, M , M , M ′ and M ′ all satisfy I, II and III (as they are submodels of M or M ′ ), we can apply (A) and concludethat ( M , w ) ≈ P m , s − ( M ′ , w ′ ) and ( M , w ) ≈ P m , s − ( M ′ , w ′ ) . Therefore, the play we just described leads to a winningstrategy for the duplicator on the game (( M , w ) , ( M ′ , w ′ ) , ( m , s , P )) , under the hypothesis that the spoiler chooses ( M ′ , w ′ ) .As we constructed a strategy for the duplicator in both cases where the spoiler picks ( M , w ) and ( M ′ , w ′ ) , we have that ( M , w ) ≈ P m , s ( M ′ , w ′ ) and therefore (B) holds. This implies that the class of models satisfying (cid:51) = (cid:51) = ⊤ cannot be characterisedby a formula in ML (∗) . □ E Proofs of Section 6
E.1 Definitions and Proofs of Section 6.1 (Static Ambient Logic)
In this part of the appendix, we provide equisatisfiability preserving translations from
SAL ( ) to ML ( ) , and from ML ( ) to SAL ( ) . Since the translations are in polynomial-time and in Section 3.2 we have shown that Sat( ML ( ) ) is AExp Pol -complete,this entails that the complexity of the satisfiability problem for
SAL ( ) is also AExp
Pol -complete. In the body of the paper, theseresults are shown with respect to Kripke-like structures that can be shown isomorphic to the syntactical trees historically usedin ambient calculus. Here, we provide the reductions directly on these syntactical trees. Let us start by introducing
SAL ( ) .Let Σ be a countably infinite set of ambient names . The formulae of SAL ( ) are built from: φ : = ⊤ | | n [ φ ] | φ ∧ φ | ¬ φ | φ φ , where n ∈ Σ . SAL ( ) is interpreted on edge-labelled finite trees: syntactical objects equipped with a structural equivalencerelation ≡ . We denote with T SAL the set of these finite trees. The grammar used to construct these structures, their structuralequivalence as well as the satisfaction predicate | = for SAL ( ) are provided in Figure 2 (the cases for ∧ and ¬ being omitted). Trees T : = | n [ T ] | T T
Semantics T | = ⊤ always holds T | = iff T ≡ T | = n [ φ ] iff ∃ T ′ s.t. T ≡ n [ T ′ ] and T ′ | = φT | = φ ψ iff ∃ T , T s.t. T ≡ T T , T | = φ and T | = ψ Structural eqivalence • T ≡ T • T ≡ T ⇒ T ≡ T • T ≡ T , T ≡ T ⇒ T ≡ T • T T ≡ T T • ( T T ) T ≡ T ( T T )• T ≡ T ⇒ T T ≡ T T • T ≡ T ⇒ n [ T ] ≡ n [ T ] Figure 2.
Interpretation and semantics of
SAL ( ) .Obviously
SAL ( ) and ML ( ) are strongly related, but how close? For example, n [ φ ] ⊤ can be seen as a relativised version of (cid:51) of the form (cid:51) ( n ∧ φ ) . To formalise this intuition, we borrow the syntax from HML [29] and define the formulae ⟨ n ⟩ φ def = n [ φ ] ⊤ and its dual [ n ] φ def = ¬⟨ n ⟩¬ φ . Below, w.l.o.g. we assume Σ = AP (for the sake of clarity).From Sat(
SAL ( ) ) to Sat( ML ( ) ). This reduction is also quite simple as SAL ( ) is essentially interpreted on finite trees whereeach world satisfies a single propositional variable (its ambient name). Let T ∈ T SAL be a tree built with ambient names from P ⊆ fin AP, M = ( W , R , V ) be a finite forest and w ∈ W . We say that ( M , w ) encodes T iff:1. every w ′ ∈ R ∗ ( w ) satisfies at most one symbol in P ;2. there is f : W → T SAL such that f ( w ) ≡ T and for all w ′ ∈ R ∗ ( w ) , we have f ( w ′ ) ≡ (cid:205) i ∈[ , K ] n i [ f ( w i )] where { w , . . . , w K } = R ( w ′ ) and ∀ i ∈ [ , K ] , w i ∈ V ( n i ) (given I = { i , . . . , i m } , (cid:205) i ∈ I T i def = T i T i . . . T i m ).It is easy to verify that every tree in T SAL has an encoding. The figure just below depicts a tree T (on the left) and one of itspossible encodings as a finite forest (on the right).
00 0 n n n n n n n n Lemma E.1.
Every tree in T SAL has an encoding.Proof.
Let T ∈ T SAL . Let m be the number of ambients in T , i.e. the number of occurrences of the n [ T ′ ] constructor in T . Let W be a set of m + < with least element 0 on W . Then T < ( W , ∅ , ∅) ( T , ) is an encoding of T , where • T < ( W , R , V ) ( , w ) = ( W , R , V ) ; odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany • T < ( W , R , V ) ( T T , w ) = T < T < ( W , R , V ) ( T , w ) ( T , w ) ; • T < ( W , R , V ) ( n [ T ] , w ) = T < ( W , R ′ , V ′ ) ( T , w ′ ) where – w ′ = min < { w ′′ | w ′′ (cid:60) π ( R ) ∪ π ( R ) ∪ { w }} ; – R ′ = R ∪ {( w , w ′ )} ; – V ′ = λp . (cid:40) V ( p ) ∪ { w ′ } if p = n V ( p ) otherwiseIt remains to verify that T < ( W , ∅ , ∅) ( T , ) is an encoding of T . Condition 1 is obvious, since each ambient name correspondsto a different state in T < ( W , ∅ , ∅) ( T , ) . For condition 2, we need to check that there is a map f such that f ( w ) ≡ T and for every w ′ ∈ W reachable from w (i.e. ( w , w ′ ) ∈ R ∗ ) it holds that f ( w ′ ) ≡ (cid:205) i ∈[ , K ] n i [ f ( w i )] , where { w , . . . , w K } = { w ′′ | ( w ′ , w ′′ ) ∈ R } is the set of distinct worlds accessible from w ′ , and for every i ∈ [ , K ] , w i ∈ V ( n i ) . Take the mapping that assigns f ( w ) ≡ T ,and if T ≡ n [ T ] T , ( w , w ′ ) ∈ R and w ′ ∈ V ( n ) , then f ( w ′ ) ≡ T . One can easily show that f validates condition 2. □ As done in the previous section, we now state two intermediate lemmata that will be helpful to prove the correctness of theforthcoming translation (Lemma E.4).
Lemma E.2.
Let T ∈ T SAL and ( M , w ) be an encoding of T . Let f be a witness of this encoding. For every w ′ accessible from w itholds that ( M , w ′ ) encodes f ( w ′ ) .Proof. It trivially follows from the definition of encoding of a tree in T SAL . Moreover, for every world w ′ accessible from w , thefunction f is also the witness of the encoding of f ( w ′ ) in ( M , w ′ ) . □ Lemma E.3.
Let T be a SAL ( ) -tree and ( M , w ) an encoding of T . Then,1. for every T and T such that T ≡ T T there are M and M such that M = M + w M , ( M , w ) is an encoding of T , and ( M , w ) is an encoding of T .2. For every M and M such that M = M + w M there are T and T such that T ≡ T T , ( M , w ) is an encoding of T , and ( M , w ) is an encoding of T .Proof. In the proof of both points, let M (as in the statement) be a model ( W , R , V ) . Moreover, let f be the witness of theencoding of T in ( M , w ) .1. Suppose T and T such that T ≡ T T . Let R w = { w , . . . , w K } def = { w ′ | ( w , w ′ ) ∈ R } be the set of worlds that areaccessible from w (notice that this set could be empty). By definition of f , we have f ( w ) ≡ T ≡ (cid:205) i ∈[ , K ] n i [ f ( w i )] forsome n , . . . , n k ∈ Σ . Notice that if R w is empty then (cid:205) i ∈[ , K ] n i [ f ( w i )] is equivalent to the empty tree . Following (cid:205) i ∈[ , K ] n i [ f ( w i )] ≡ T ≡ T T , we know that we can partition R w into two sets R ′ w = { w i , . . . , w i c } and R ′′ w = { w i c + , . . . , w i K } ( c ∈ [ , K ] ) such that • T ≡ (cid:205) j ∈[ , c ] n i j [ f ( w i j )] ; • T ≡ (cid:205) j ∈[ c + , K ] n i j [ f ( w i j )] .By relying on the partitioning of R w into R ′ w and R ′′ w it is easy to show that we can derive two finite forests M = ( W , R , V ) and M = ( W , R , V ) such that • M = M + w M ; • every w ′ ∈ R ′ w is accessible from w in R , i.e. ( w , w ′ ) ∈ R ; • every w ′′ ∈ R ′′ w is accessible from w in R , i.e. ( w , w ′′ ) ∈ R .Concretely, by defining R def = {( w ′ , w ′′ ) ∈ R | there is w ′′′ ∈ R ′ w such that ( w ′′′ , w ′′ ) ∈ R ∗ } and R def = R \ R , we obtain M and M satisfying these properties. It is now sufficient to consider the two functions f and f defined as: • f ( w ) = T and f ( w ) = T • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ R ′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ R ′′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′ ∈ W s.t. ( w , w ′ ) (cid:60) R ∗ , f ( w ′ ) = f ( w ′ ) = .By definition of the witness function, f is a witness of the encoding of T in ( M , w ) , and f is a witness of the encodingof T in ( M , w ) , ending the first part of the proof.2. The proof is analogous to the case above. Suppose M = ( W , R , V ) and M = ( W , R , V ) such that M = M + w M . Let R w = { w , . . . , w K } def = { w ′ | ( w , w ′ ) ∈ R } , R ′ w def = { w ′ | ( w , w ′ ) ∈ R } and R ′′ w def = { w ′ | ( w , w ′ ) ∈ R } . By definition of M and M , the two sets R ′ w and R ′′ w partition R w . Let then R ′ w = { w i , . . . , w i c } and R ′′ w = { w i c + , . . . , w i K } ( c ∈ [ , K ] ). Bydefinition of f , it holds that f ( w ) ≡ T ≡ (cid:205) i ∈[ , K ] n i [ f ( w i )] and from the properties of the congruence relation ≡ we obtain (cid:205) i ∈[ , K ] n i [ f ( w i )] ≡ (cid:16) (cid:205) j ∈[ , c ] n i j [ f ( w i j )] (cid:17) (cid:16) (cid:205) j ∈[ c + , K ] n i j [ f ( w i j )] (cid:17) ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Let T ≡ (cid:205) j ∈[ , c ] n i j [ w i j ] and T ≡ (cid:205) j ∈[ c + , K ] n i j [ w i j ] . Trivially, by definition T T ≡ T . Again, it is now sufficient toconsider the two functions f and f defined as: • f ( w ) = T and f ( w ) = T • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ R ′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ R ′′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′ ∈ W s.t. ( w , w ′ ) (cid:60) R ∗ , f ( w ′ ) = f ( w ′ ) = .By definition of witness function, it is easy to show that f is a witness of the encoding of T in ( M , w ) , and f is awitness of the encoding of T in ( M , w ) . □ Given a formula φ of SAL ( ) , we define its translation τ ( φ ) in ML ( ) . τ is homomorphic for Boolean connectives and ⊤ , andotherwise it is inductively defined as follows: τ ( ) def = (cid:50) ⊥ ; τ ( φ ψ ) def = τ ( φ ) τ ( ψ ) ; τ ( n [ φ ]) def = (cid:51) ( n ∧ τ ( φ )) ∧ ¬( (cid:51) ⊤ (cid:51) ⊤) .We prove that this translation is correct. Lemma E.4. If ( M , w ) encodes T ∈ T SAL , for every φ be in SAL ( ) , T | = φ iff M , w | = τ ( φ ) . We are now ready to tackle the proof of Lemma E.4. Thanks to the previous three results, the proof can be achieved with aneasy structural induction.
Proof of Lemma E.4.
Let M be defined as ( W , R , V ) and f be the witness of the encoding of T in ( M , w ) . The proof is by structuralinduction on φ , as done for Lemma E.9 (again, the cases for ∧ and ¬ are omitted, see proof of Lemma A.1). Base case: φ = ⊤ . Trivially T | = ⊤ and M , w | = ⊤ . Base case: φ = . • T | = • if and only if T ≡ (by definition of | = ) • if and only if f ( w ) ≡ (by definition of f ) • if and only if w (cid:60) π ( R ) (by definition of f ) • if and only if M , w | = (cid:50) ⊥ (by definition of | = for (cid:50) ⊥ ) • if and only if M , w | = τ ( ) (by definition of τ ). Induction case: φ = n [ ψ ] . For the left to right direction, suppose T | = n [ ψ ] . Then,1. there is T ′ such that T ≡ n [ T ′ ] and T ′ | = ψ (by definition of | = and hypothesis T | = n [ ψ ] )2. f ( w ) ≡ n [ T ′ ] and there is w ′ ∈ W such that { w ′ } = R ( w ) , f ( w ′ ) ≡ T ′ and w ′ ∈ V ( n ) (from (1), by definition of f )3. ( M , w ′ ) encodes T ′ (from (2), by Lemma E.2)4. M , w ′ | = τ ( ψ ) (from (1) and (3), by the induction hypothesis)5. M , w ′ | = n (from w ′ ∈ V ( n ) (see 2), by definition of | = )6. M , w ′ | = n ∧ τ ( ψ ) (from (4) and (5), by definition of | = )7. M , w | = (cid:51) ( n ∧ τ ( ψ )) (from (6) and ( w , w ′ ) ∈ R (see 2), by def. of | = )8. M , w | = ¬( (cid:51) ⊤ (cid:51) ⊤) (from { w ′ } = R ( w ) (see 2), by def. of | = )9. M , w | = (cid:51) ( n ∧ τ ( ψ )) ∧ ¬( (cid:51) ⊤ (cid:51) ⊤) (from (7) and (8), by def. of | = )10. M , w | = τ ( n [ φ ]) (from (9), by definition of τ ).For the right to left direction, suppose M , w | = τ ( n [ φ ]) . Then,1. M , w | = (cid:51) ( n ∧ τ ( ψ )) ∧ ¬( (cid:51) ⊤ (cid:51) ⊤) (by def. of τ and hyp. M , w | = τ ( n [ φ ]) )2. | R ( w )| is at most 1 (from M , w ̸| = (cid:51) ⊤ (cid:51) ⊤ (1), by def. of | = )3. ( w , w ′ ) ∈ R and M , w ′ | = n ∧ τ ( ψ ) for some w ′ ∈ W (from (1), by def. of | = )4. w ′ ∈ V ( n ) (from (3), by def. of | = )5. M , w ′ | = τ ( ψ ) (from (3), by def. of | = )6. ( M , w ′ ) encodes f ( w ′ ) (by Lemma E.2, since ( M , w ) encodes T )7. f ( w ′ ) | = ψ (from (5) and (6), by the induction hypothesis)8. T ≡ f ( w ) ≡ n [ f ( w ′ )] (from (2), (3), (4) and (6), by definition of f )9. there is T ′ (concretely, f ( w ′ ) ) such that T ≡ n [ T ′ ] and T ′ | = ψ (from (7) and (8))10. T | = n [ ψ ] (from (9) by definition of | = ). Induction case: φ = ψ χ . For the left to right direction, suppose T | = ψ χ . Then,1. there are T and T such that T ≡ T T , T | = ψ and T | = χ (by definition of | = )2. there are M and M such that M = M + w M , ( M , w ) encodes T , and ( M , w ) encodes T (from (1) and ( M , w ) encodes T , by Lemma E.3.1) odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany M , w | = τ ( ψ ) and M , w | = τ ( χ ) (from (1) and (2), by the induction hypothesis)4. M | = τ ( ψ ) τ ( χ ) (from (2) and (3), by definition of | = )5. M | = τ ( ψ χ ) (from (4), by definition of τ )For the right to left direction, suppose M , w | = τ ( ψ χ ) . Then,1. there are M and M such that M = M + w M , M , w | = τ ( ψ ) , and M , w | = τ ( χ ) (by definition of τ and | = )2. there are T and T such that T ≡ T T , ( M , w ) encodes T , and ( M , w ) encodes T (from (1) and ( M , w ) encodes T ,by Lemma E.3.2)3. T | = ψ and T | = χ (from (1) and (2), by the induction hypothesis)4. T | = ψ χ (from (2) and (3), by definition of | = ) □ So, we can complete the reduction.
Theorem E.5.
Let φ be in SAL ( ) built over P ⊆ fin AP and p (cid:60) P . φ is satisfiable if and only if τ ( φ )∧ (cid:211) i ∈[ , size ( φ )] (cid:50) i (cid:212) n ∈ P ∪{ p } (cid:0) n ∧ (cid:211) m ∈( P ∪{ p })\{ n } ¬ m (cid:1) is satisfiable.Proof. Suppose φ satisfiable. Then, there is T such that T | = φ . In general, it could be that T contains ambient names that do notappear in φ . However, we can assume that there is only one name in T that does not appear in φ and that name is p (as in thestatement of this theorem). Indeed, this assumption relies on the following property of static ambient logic (see [13], Lemma 8).Let p , q be two ambient names not appearing in φ . Then T | = φ iff T [ p ← q ] | = φ , where T [ p ← q ] is the tree obtainedfrom T by replacing every occurrence of p with q .Let ( M , w ) be a pointed forest, where M = ( W , R , V ) , encoding of T (it exists by Lemma E.1). By Lemma E.4 we have M , w | = τ ( φ ) .Let us recall the properties of the encoding of T by a model ( M , w ) :1. every world in W satisfies at most one propositional symbol in P ;2. there is a function f from W to T SAL such that f ( w ) ≡ T and for every w ′ ∈ R ∗ ( w ) , we have f ( w ′ ) ≡ (cid:205) i ∈[ , K ] n i [ f ( w i )] where { w , . . . , w K } = R ( w ′ ) and for all i ∈ [ , K ] , w i ∈ V ( n i ) .The first property together with the highlighted part of the second property imply that every world reachable in at least one stepfrom w satisfies exactly one propositional symbol of P . Then trivially M , w | = (cid:211) i ∈[ , size ( φ )] (cid:50) i (cid:212) n ∈ P ∪{ p } (cid:0) n ∧ (cid:211) m ∈( P ∪{ p })\{ n } ¬ m (cid:1) .Conversely, suppose ψ = τ ( φ )∧ (cid:211) i ∈[ , size ( φ )] (cid:50) i (cid:212) n ∈ P ∪{ p } (cid:0) n ∧ (cid:211) m ∈( P ∪{ p })\{ n } ¬ m (cid:1) satisfiable. To prove the result it is sufficientto show that there is a pair ( M , w ) encoding a tree T that satisfies ψ . Indeed, if this is the case then by M , w | = τ ( φ ) we obtain T | = φ by Lemma E.4. As ψ is satisfiable, we know that there is a forest M = ( W , R , V ) and a world w ∈ W such that M , w | = ψ .It is important to notice that, as in Theorem E.10, we can get rid of all the parts beyond md ( φ ) , so we can ensure that as M , w | = ψ , then it is a encoding of some T , and therefore, T | = φ . □ From Sat( ML ( ) ) to Sat( SAL ( ) ). As explained in Section 6.1, to obtain a polynomial-time reduction from Sat( ML ( ) ) toSat( SAL ( ) ), we have to understand how to encode a finite set of propositional symbols. It is crucial to deal with two issues: weneed to avoid an exponential blow up in the representation, and we have to maintain information about the children of a node.We solve both issues by representing a propositional symbol p as a particular ambient, and copying enough times the ambientencoding p . Let P ⊆ fin AP and n ∈ N > , where N > denotes the set of positive natural numbers. Let M = ( W , R , V ) be a finiteforest and w ∈ W . Let rel and ap be two ambient names not in P . The ambient name rel encodes the relation R whereas ap can be seen as a container for propositional variables holding on the current world. We say that T ∈ T SAL is an encoding of ( M , w ) with respect to P and n iff1. every ambient name in T is from P ∪ { rel , ap } ;2. there is a function f from W to T SAL s.t. f ( w ) ≡ T and for every w ′ ∈ R ∗ ( w ) there is m ≥ n s.t. f ( w ′ ) ≡ (cid:16) (cid:213) i ∈[ , m ] ap [ (cid:213) p ∈ P w ′ ∈ V ( p ) p [ ]] (cid:17) (cid:213) w ′′ ∈ R ( w ′ ) rel [ f ( w ′′ )] We recall that given I = { i , . . . , i m } , (cid:205) i ∈ I T i def = T i T i . . . T i m .The figure below shows on the right a possible encoding of the model on the left.It is easy to verify that ( M , w ) always admits such an encoding.We start by stating three intermediate results about the encoding of a finite forest in a model of static ambient logic. Theselemmata will be fundamental to show the correctness of the translation in Lemma E.9. The first lemma below shows that suchan encoding always exists. In what follows, we call f (as in the definition of the encoding) the witness of the encoding of ( M , w ) in T . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti w { p , . . . , p l } w . . . w k f ( w ) f ( w k ) . . . m . . . times f ( w ) . . .. . .. . . ap ap p p p l p l rel r e l Lemma E.6.
Let M be a finite forest and w be one of its worlds. Let P ⊆ fin AP and n ∈ N > . There is a tree T ∈ T SAL that encodes ( M , w ) w.r.t. P and n .Proof. Let M = ( W , R , V ) be a model. By following directly the properties of the witness function, we define the tree T as T P ( W , R , V ) ( w , n ) where T P ( W , R , V ) ( w , n ) = (cid:16) (cid:213) i ∈[ , n ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:17) (cid:213) w ′ ∈ W ( w , w ′ )∈ R rel [T P ( W , R , V ) ( w ′ , n )] As M is a finite forest, for every w ∈ W and n ∈ N , the computation of T P ( W , R , V ) ( w , n ) terminates. Let f ( w ) def = T P ( W , R , V ) ( w , n ) .Trivially, f witnesses that T is an encoding of ( M , w ) w.r.t. P and n . □ The second lemma can be seen as a semantical counterpart of the modality (cid:51) . Lemma E.7.
Let M be a finite forest and w be one of its worlds. Let P ⊆ fin AP and n ∈ N > . Let T ∈ T SAL be an encoding of ( M , w ) with respect to P and n . Then,1. For every n ′ ≤ n , T is also an encoding of ( M , w ) with respect to P and n ′ .2. Let f be a witness of this encoding. For every w ′ accessible from w it holds that f ( w ′ ) is an encoding of ( M , w ′ ) with respectto P and n .Proof. Both properties trivially follow from the definition of encoding. Moreover, for (2) notice that for every world w ′ accessiblefrom w the function f is also the witness that f ( w ′ ) is an encoding of ( M , w ′ ) with respect to P and n . □ The third lemma can be seen as the semantical counterpart of the modality .
Lemma E.8.
Let M be a finite forest and w be one of its worlds. Let P ⊆ fin AP and n ∈ N > . Let T ∈ T SAL be an encoding of ( M , w ) with respect to P and n . Let n , n ∈ N such that n = n + n . Then,1. For all M and M such that M = M + w M there are T and T such that T ≡ T T , T is an encoding of ( M , w ) withrespect to P and n , and T is an encoding of ( M , w ) with respect to P and n .2. For all T and T such that T ≡ T T (cid:205) i ∈[ , n ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] , there are M and M such that M = M + w M and • T (cid:205) i ∈[ , n ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] is an encoding of ( M , w ) w.r.t. P and n ; • T (cid:205) i ∈[ , n ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] is an encoding of ( M , w ) w.r.t. P and n .Proof. In the proof of both points, let M (as in the statement) be ( W , R , V ) . Moreover, let f be the witness of the encoding of ( M , w ) in T .1. Suppose M = ( W , R , V ) and M = ( W , R , V ) such that M = M + w M . Let W w = { w , . . . , w K } def = { w ′ | ( w , w ′ ) ∈ R } , W ′ w def = { w ′ | ( w , w ′ ) ∈ R } and R ′′ w def = { w ′ | ( w , w ′ ) ∈ R } be the set of worlds accessible from w by considering respectively R , R and R as accessibility relations. By definition of M and M , the two sets W ′ w and W ′′ w partition W w . Then, let W ′ w = { w i , . . . , w i c } and W ′′ w = { w i c + , . . . , w i K } ( c ∈ [ , K ] ). By definition of f , it holds that f ( w ) ≡ T ≡ (cid:16) (cid:213) i ∈[ , m ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:17) (cid:213) i ∈[ , K ] rel [ f ( w i )] .where m ≥ n . As m ≥ n , there are m and m such that m = m + m , m ≥ n and m ≥ n . From the properties of thecongruence relation ≡ we can show that T is equivalent to T T , where T def = (cid:0) (cid:213) i ∈[ , m ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:1) (cid:213) j ∈[ , c ] rel [ f ( w i j )] ; odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany T def = (cid:0) (cid:213) i ∈[ , m ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:1) (cid:213) i ∈[ c + , K ] rel [ f ( w i j )] .By definition, T T ≡ T . We now consider the two functions f and f defined as: • f ( w ) = T and f ( w ) = T • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ W ′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ W ′′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′ ∈ W s.t. ( w , w ′ ) (cid:60) R ∗ , f ( w ′ ) = f ( w ′ ) = .By definition of the witness function and recalling that m ≥ n and m ≥ n , it is easy to show that f witnesses that T is an encoding of ( M , w ) w.r.t. P and n , whereas f witnesses that T is an encoding of ( M , w ) w.r.t. P and n .2. Suppose now T and T such that T ≡ T T (cid:205) i ∈[ , n ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] .By recalling that n = n + n , from the properties of the congruence relation ≡ , we can then show that T is equivalent to (†) (cid:16) T (cid:213) i ∈[ , n ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:17) (cid:16) T (cid:213) i ∈[ , n ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:17) Then, for j ∈ { , } let T ′ j def = T j (cid:205) i ∈[ , n j ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] so that T ≡ T ′ T ′ . In order to conclude the proof, we have to show that it is possible to partition R into R and R so that M = ( W , R , V ) , M = ( W , R , V ) , M = M + w M and • T ′ is an encoding of ( M , w ) w.r.t. P and n ; • T ′ is an encoding of ( M , w ) w.r.t. P and n .We consider the accessibility relation R . Let W w = { w , . . . , w K } def = { w ′ | ( w , w ′ ) ∈ R } be the set of worlds that areaccessible from w (notice that this set could be empty). As T is an encoding of ( M , w ) , we have the following equivalence: f ( w ) ≡ T ≡ (cid:16) (cid:213) i ∈[ , m ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:17) (cid:213) i ∈[ , K ] rel [ f ( w i )] ,with m ≥ n . Notice that if W w is empty then we have that (cid:205) i ∈[ , K ] rel [ f ( w i )] is equivalent to the empty tree .Following the equivalence between T and (†) , we know that we can partition W w into two sets W ′ w = { w i , . . . , w i c } and W ′′ w = { w i c + , . . . , w i K } ( c ∈ [ , K ] ) so that, for some m , m ∈ N such that m = m + m , m ≥ n and m ≥ n we have • T ′ ≡ (cid:0) (cid:205) j ∈[ , c ] rel [ f ( w i j )] (cid:1) (cid:205) i ∈[ , m ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] ; • T ≡ (cid:0) (cid:205) j ∈[ c + , K ] rel [ f ( w i j )] (cid:1) (cid:205) i ∈[ , m ] ap [ (cid:205) p ∈ P , w ∈ V ( p ) p [ ]] .By relying on the partitioning of W w into W ′ w and W ′′ w it is easy to show that we can derive two finite forests M = ( W , R , V ) and M = ( W , R , V ) such that • M = M + w M ; • every w ′ ∈ W ′ w is accessible from w in R , i.e. ( w , w ′ ) ∈ R ; • every w ′′ ∈ W ′′ w is accessible from w in R , i.e. ( w , w ′′ ) ∈ R .By defining R def = {( w ′ , w ′′ ) ∈ R | there is w ′′′ ∈ W ′ w such that ( w ′′′ , w ′′ ) ∈ R ∗ } and R def = R \ R we obtain M and M satisfying these properties. It is now sufficient to consider the two functions f and f defined as: • f ( w ) = T ′ and f ( w ) = T ′ • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ W ′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′′ ∈ W s.t. ( w ′ , w ′′ ) ∈ R ∗ for some w ′ ∈ W ′′ w , f ( w ′′ ) = f ( w ′′ ) and f ( w ′′ ) = ; • for every w ′ ∈ W s.t. ( w , w ′ ) (cid:60) R ∗ , f ( w ′ ) = f ( w ′ ) = .By definition of the witness function, f witnesses the encoding of T ′ in ( M , w ) , and f witnesses the encoding of T ′ in ( M , w ) . □ In the figure just above, we present a model for ML ( ) (on the left), and one possible encoding (on the right), via some f andw.r.t. n . We define the translation of φ , written τ ( φ ) , into SAL ( ) . It is homomorphic for Boolean connectives and ⊤ , τ ( p ) def = ⟨ ap ⟩⟨ p ⟩⊤ and otherwise it is inductively defined: τ ( (cid:51) φ ) def = ⟨ rel ⟩ τ ( φ ) ; τ ( φ ψ ) def = (cid:0) τ ( φ ) ∧ ⟨ ap ⟩ ≥ size ( φ ) ⊤ (cid:1) (cid:0) τ ( ψ ) ∧ ⟨ ap ⟩ ≥ size ( ψ ) ⊤ (cid:1) , ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti where ⟨ n ⟩ ≥ k φ is the graded modality defined as ⊤ for k =
0, otherwise (⟨ n ⟩ φ ) ⟨ n ⟩ ≥ k − φ . In the translation of , the modelof SAL ( ) has to be split in such a way that both subtrees contain enough ap ambients to correctly answer to the formula ⟨ ap ⟩⟨ p ⟩⊤ . It is easy to see that the size of τ ( φ ) is quadratic in size ( φ ) . Lemma E.9.
Let M be a finite forest and w be one of its worlds. Let P ⊆ fin AP and n ∈ N > . Let T be an encoding of ( M , w ) w.r.t P and n . For every formula φ built over P with size ( φ ) ≤ n , we have M , w | = φ iff T | = τ ( φ ) .Proof. Let M be a model ( W , R , V ) . and f be the witness that T encodes ( M , w ) with respect to P and n . The proof is by structuralinduction on φ and it is quite straightforward (cases for ∧ and ¬ omitted, see the proof of Lemma A.1). Base case: φ = p . • M , w | = p • if and only if w ∈ V ( p ) (by definition of | = ) • if and only if there are T , T ∈ T SAL such that f ( w ) ≡ T ≡ ap [ p [ ] T ] T (by def. of f ) • if and only if T | = ⟨ ap ⟩⟨ p ⟩⊤ (by definition of | = ) • if and only if T | = τ ( p ) (by definition of τ ). Induction case: φ = (cid:51) ψ . For the left to right direction, suppose M , w | = (cid:51) ψ . Then,1. there is w ′ ∈ W s.t. ( w , w ′ ) ∈ R and M , w ′ | = ψ (by def. of | = and hyp. M , w | = (cid:51) ψ )2. f ( w ′ ) is an encoding of ( M , w ′ ) w.r.t. P and n (from ( w , w ′ ) ∈ R (see 1), by Lemma E.7.2)3. f ( w ′ ) | = τ ( ψ ) (from (1) and (2), by the induction hypothesis)4. there is T ′ ∈ T SAL s.t. f ( w ) ≡ T ≡ rel [ f ( w ′ )] T ′ (by def. of f , as T encodes ( M , w ) )5. T | = ⟨ rel ⟩ τ ( ψ ) (from (3) and (4), by definition of | = )6. T | = τ ( (cid:51) ψ ) (from (5), by definition of τ ).For the right to left direction, suppose T | = τ ( (cid:51) ψ ) . Then,1. T | = ⟨ rel ⟩ τ ( ψ ) (by definition of τ )2. T ≡ rel [ T ] T and T | = τ ( ψ ) for some T , T ∈ T SAL (from (1), by def. of | = )3. there is w ′ ∈ W s.t. ( w , w ′ ) ∈ R and f ( w ′ ) ≡ T (from (2) and f ( w ) ≡ T , by def. of f )4. T is an encoding of ( M , w ′ ) w.r.t. P and n (from (3), by Lemma E.7.2)5. M , w ′ | = ψ (from (2) and (4), by the induction hypothesis)6. M , w | = (cid:51) ( ψ ) (from ( w , w ′ ) ∈ R (see 3) and (5), by definition of | = ). Induction case: φ = ψ χ For the left to right direction, suppose M , w | = ψ χ . Then,1. M , w | = ψ and M , w | = χ for some M and M such that M = M + w M (by def of | = and hyp. M , w | = ψ χ )2. There are n , n ∈ N s.t. n + n = n , n ≥ size ( ψ ) and n ≥ size ( χ ) (as n ≥ size ( φ ) = size ( ψ ) + size ( χ ) + T and T such that T ≡ T T , T is an encoding of ( M , w ) with respect to P and n , and T is an encoding of ( M , w ) with respect to P and n (from (1), (2) and since T is an encoding of ( M , w ) , from Lemma E.8.1)4. T | = τ ( ψ ) and T | = τ ( χ ) (from (1) and (3), by the induction hypothesis)5. T | = ⟨ ap ⟩ ≥ size ( ψ ) ⊤ and T | = ⟨ ap ⟩ ≥ size ( χ ) ⊤ (from (3), by the definition of witness of an encoding, recalling that n ≥ size ( ψ ) and n ≥ size ( χ ) )6. T | = τ ( ψ χ ) (from T ≡ T T (see 3), (4) and (5), by def. of | = and τ ).For the right to left direction, suppose T | = τ ( ψ χ ) .1. There are two trees T and T such that T ≡ T T , T | = τ ( ψ ) ∧ ⟨ ap ⟩ ≥ size ( ψ ) ⊤ and T | = τ ( χ ) ∧ ⟨ ap ⟩ ≥ size ( χ ) ⊤ (bydefinition of τ and | = )2. f ( w ) ≡ T ≡ (cid:16) (cid:213) i ∈[ , m ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (cid:17) (cid:213) i ∈[ , k ] rel [ f ( w i )] for some m ≥ n (by hypothesis T encodes ( M , w ) )3. there are n , n ∈ N , T ′ and T ′ so that n = n + n , n ≥ size ( ψ ) , n ≥ size ( χ ) and T ≡ T ′ | (cid:213) i ∈[ , n ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] T ≡ T ′ | (cid:213) i ∈[ , n ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (from (1) and (2) as otherwise T ̸| = ⟨ ap ⟩ ≥ size ( ψ ) ⊤ or T ̸| = ⟨ ap ⟩ ≥ size ( χ ) ⊤ )4. T ≡ T ′ | T ′ | (cid:213) i ∈[ , n ] ap [ (cid:213) p ∈ P w ∈ V ( p ) p [ ]] (from T ≡ T T (see 1) and (3) by the definition of ≡ ) odal Logics with Composition on Finite Forests LICS ’20, July 8–11, 2020, Saarbrücken, Germany
5. there are M and M s.t. M = M + w M , T is an encoding of ( M , w ) w.r.t. P and n , and T is an encoding of ( M , w ) w.r.t. P and n (from (3) and (4), by Lemma E.8.2)6. M , w | = ψ and M , w | = χ (from (1) and 5, by the induction hypothesis)7. M , w | = ψ χ (from M = M + w M (see 5) and (6), by definition of | = ) □ The subset of T SAL encoding pointed forests can be properly approximated, which completes our reduction.
Theorem E.10.
Let φ be in ML ( ) built over P . φ is satisfiable iff ψ below is satisfiable: ψ def = τ ( φ ) ∧ (cid:219) i ∈[ , size ( φ )] [ rel ] i (cid:16) ⟨ ap ⟩ ≥ size ( φ ) ⊤ ∧ (cid:219) p ∈ P (cid:0) ⟨ ap ⟩⟨ p ⟩⊤ ⇒ [ ap ]⟨ p ⟩⊤ (cid:1) ∧ [ ap ] (cid:213) p ∈ P ( p [ ] ∨ ) (cid:17) . Now, we are ready to provide the proof of the correctness of the reduction from Sat( ML ( ) ) to Sat( SAL ( ) ). Proof.
Let φ be in ML ( ) built over propositional variables in P ⊆ fin AP. For the left to the right direction, suppose that φ issatisfiable. There exist a finite forest M and a world w such that M , w | = φ . Let T be an encoding of ( M , w ) via f , with respectto P and size ( φ ) . Given a tree T congruent to n [ T ′ ] T ′′ , by an n -successor of T , we mean a tree T ′ .First, by Lemma E.9 we know that T | = τ ( φ ) . For the second conjunct, suppose f ( w ) has at least one rel -successor, otherwiseit becomes trivially true. Take some child f ( w ′ ) reachable from f ( w ) in an arbitrary number of rel steps. So, by the definition of f , there is at least size ( φ ) ap -successors. On the other hand, suppose ⟨ ap ⟩⟨ p ⟩⊤ is true at f ( w ′ ) , for p ∈ P . Again, since f ( w ′ ) isan encoding of ( M , w ′ ) , for each ap -successor of f ( w ′ ) , there exists a p -successor. Finally, to check [ ap ] (cid:205) p ∈ P ( p [ ] ∨ ) , noticethat each ap -successor of f ( w ′ ) is either the ambient (in case the valuation of w ′ is the empty set), or there are successors viasome p ∈ P , and these successors are the ambient .For the other direction, suppose T | = ψ , for some T ∈ T SAL . Let P ′ = P ∪ { rel , ap } and T | P ′ be the tree obtained from T byreplacing with every occurrence of n [ T ′ ] s.t. n (cid:60) P ′ . One can show that T | P ′ | = τ ( φ ) . Let us extend adequately the notion ofmodal degree to formulae in SAL ( ) , for example by counting the maximal number of imbricated formulae of the form n [·] .Notice that a property similar to Lemma A.1 (Appendix A) holds for SAL ( ) , so we can remove all the parts of the model whichare not reachable beyond md ( ψ ) steps. Hence, w.l.o.g., we can assume that T such that T | = ψ has tree depth at most md ( ψ ) with md ( τ ( φ )) ≤ md ( ψ ) ≤ md ( φ ) +
2. As seen earlier, T | P ′ | = τ ( φ ) . What about the satisfaction of ψ ′ def = (cid:219) i ∈[ , size ( φ )] [ rel ] i (cid:16) ⟨ ap ⟩ ≥ size ( φ ) ⊤ ∧ (cid:219) p ∈ P (cid:0) ⟨ ap ⟩⟨ p ⟩⊤ ⇒ [ ap ]⟨ p ⟩⊤ (cid:1) ∧ [ ap ] (cid:213) p ∈ P ( p [ ] ∨ ) (cid:17) ?It is easy to show that T | P ′ | = ψ ′ , as transforming T to T | P ′ does not remove any edge labelled by a name in { ap } ∪ P , which isthe set of names that may occur in ψ ′ with a “ ⟨·⟩ polarity”. Note that T | P ′ is almost the encoding of some pointed forest, exceptthat there may exist a subtree reachable from the root with a path rel d with d = md ( φ ) that does not satisfy the conditionsfor being part of an encoding. Thanks to the satisfaction of ψ ′ , we know that the subtree is congruent to a tree of the form T ′ ap [ T · · · T n ] · · · ap [ T · · · T n ] where P = { p , . . . , p n } , and each T i is either or p i [ ] . Moreover, T ′ is not congruent to a tree of the form ap [ T ′′ ] T ⋆ . In T | P ′ ,we replace that occurrence of the subtree by ap [ T · · · T n ] · · · ap [ T · · · T n ] . By performing all the necessary replacements,we obtain a tree T ′ that is the encoding of some pointed forest ( M , w ) with respect to size ( φ ) and P ′ . Note also that ψ ′ issatisfied by T ′ because we took the precaution to keep the subtrees of the form ap [ T · · · T n ] · · · ap [ T · · · T n ] . Similarly,one can show by structural induction that T ′ | = τ ( φ ) , using essentially that in the formula tree of τ ( φ ) , there is no branch withstrictly more than d + ⟨ rel ⟩ nodes and the truncations to define T ′ preserve the number of ap -successors. By Lemma E.9, weconclude that M , w | = φ . □ E.2 Proofs of Section 6.2 (Modal Separation Logic)
Let M = ( W , R , V ) be a finite forest and w ∈ W . Let M ′ = ( W ′ , R ′ , V ′ ) and w ′ ∈ W ′ be a model of MSL (∗ , (cid:51) − ) . Given n ∈ N and r ∈ AP, we say that ( M ′ , w ′ ) is an ( n , r ) - encoding of ( M , w ) if and only if there is a bijection f : ( R | ≤ nw ) ∗ ( w ) → ( R ′− | ≤ nw ′ ) ∗ ( w ′ ) such that1. f ( w ) = w ′ and for every ( w , w ) ∈ R | ≤ nw , ( f ( w ) , f ( w )) ∈ R ′− | ≤ nw ′ ;2. for every p ∈ AP \ { r } and w ∈ ( R | ≤ nw ) ∗ ( w ) , w ∈ V ( p ) ⇔ f ( w ) ∈ V ′ ( p ) ;3. V ′ ( r ) ∩ ( R | ≤ nw ) ∗ ( w ) = { w } .Recall that ( R | ≤ nw ) ∗ ( w ) corresponds to the set of worlds appearing in R | ≤ nw . Notice that then, in particular f describes a treeisomorphism between the trees defined from R | ≤ nw and R ′− | ≤ nw ′ . Moreover, for every n ≥
2, if ( M ′ , w ′ ) is a n -encoding of ( M , w ) then ( M ′ , w ′ ) is also a ( n − ) -encoding of ( M , w ) . ICS ’20, July 8–11, 2020, Saarbrücken, Germany Bednarczyk, Demri, Fervari & Mansutti
Lemma E.11.
Let φ in ML (∗) . Let M = ( W , R , V ) be a finite forest and w ∈ W . Let M ′ = ( W ′ , R ′ , V ′ ) and w ′ ∈ W ′ be a modelof MSL (∗ , (cid:51) − ) such that ( M ′ , w ′ ) is a ( n , r ) -encoding of ( M , w ) , for some n ≥ md ( φ ) and r ∈ AP not appearing in φ . Then, M , w | = φ ⇔ M ′ , w ′ | = φ [ (cid:51) ← (cid:51) − ] .Proof. The result is proven with a rather straightforward structural induction on φ , by using the property of f , the bijectionwitnessing that ( M ′ , w ′ ) is an ( n , r ) -encoding of ( M , w ) . The base case for atomic propositions, as well as the inductive casesfor Boolean connectives are trivial. For the inductive cases (cid:51) ψ and φ ∗ φ , we have ( φ = (cid:51) ψ ). ( ⇒ ) If M , w | = (cid:51) ψ then there is w ∈ R ( w ) such that M , w | = ψ . It is easy to see that ( M ′ , f ( w )) is a ( n − , r ) -encoding of ( M , w ) . By the induction hypothesis, M ′ , f ( w ) | = ψ [ (cid:51) ← (cid:51) − ] . Moreover, by definition of f , ( f ( w ) , w ′ ) ∈ R ′− . Hence, M ′ , w ′ | = (cid:51) − ψ [ (cid:51) ← (cid:51) − ] . The other direction is analogous. ( φ = φ ∗ φ ) ( ⇒ ) If M , w | = φ ∗ φ then there are M = ( W , R , V ) and M = ( W , R , V ) s.t. M = M + M , M , w | = φ and M , w | = φ . We partition R ′ into R ′ and R ′ (hence, M ′ = ( W ′ , R ′ , V ′ ) + ( W ′ , R ′ , V ′ ) ) so that • for every ( w , w ) ∈ R | ≤ nw R ′ − , ( w , w ) ∈ R ′ ; • for every ( w , w ) ∈ R | ≤ nw R ′ − , ( w , w ) ∈ R ′ .From the first property of f , this partitioning can always be done, and moreover (( W ′ , R ′ , V ′ ) , w ′ ) can be shown tobe a ( n , r ) -encoding of ( M , w ) , whereas (( W ′ , R ′ , V ′ ) , w ′ ) is a ( n , r ) -encoding of ( M , w ) . By the induction hypothesis, ( W ′ , R ′ , V ′ ) , w ′ | = φ [ (cid:51) ← (cid:51) − ] and ( W ′ , R ′ , V ′ ) , w ′ | = φ [ (cid:51) ← (cid:51) − ] . Thus, M ′ , w ′ | = ( φ ∗ φ )[ (cid:51) ← (cid:51) − ] . The otherdirection is analogous. □ Lemma E.12.
Let φ in ML (∗) . Let locacycl be the MSL (∗ , (cid:51) − ) formula r ∧ (cid:211) i ∈[ , md ( φ )] ( (cid:50) − ) i ¬ r , where r is an atomic propositionno appearing in φ . φ is satisfiable w.r.t. ML (∗) if and only if φ [ (cid:51) ← (cid:51) − ] ∧ locacycl is satisfiable w.r.t. MSL (∗ , (cid:51) − ) .Proof. ( ⇒ ): Let φ be satisfiable and suppose M = ( W , R , V ) be a finite forest and w ∈ W s.t. ( M , w ) | = φ . W.l.o.g. assume W ⊆ fin N . Let us consider the MSL (∗ , (cid:51) − ) model M ′ = ( N , R − , V ′ ) , where V ′ ( r ) def = { w } whereas for every p ∈ AP \ { r } V ′ ( p ) = V ( p ) .It is straightforward to show that ( M ′ , w ) is a ( md ( φ ) , r ) -encoding of ( M , w ) . Since M is acyclic, so is M ′ and from thedefinition of V ′ we conclude that M , w | = locacycl . By Lemma E.11, M , w | = φ [ (cid:51) ← (cid:51) − ] . ( ⇐ ): Let φ [ (cid:51) ← (cid:51) − ] ∧ locacycl be satisfiable. Let M ′ = ( W ′ , R ′ , V ′ ) be a model of MSL (∗ , (cid:51) − ) and w ′ ∈ W ′ such that M ′ , w ′ | = φ [ (cid:51) ← (cid:51) − ] ∧ locacycl . Let us consider the Kripke-like structure M = ( W , R , V ) such that • R = R ′− | ≤ md ( φ ) w ′ ; • W = R ∗ ( w ′ ) , i.e. the set of worlds appearing in R ′− | ≤ md ( φ ) w ′ ; • for every p ∈ AP, V ( p ) = V ′ ( p ) ∩ W .By ( M ′ , w ′ ) | = locacycl , we can show that R is acyclic. Hence, M is a finite forest. By definition, ( M ′ , w ′ ) is a ( md ( φ ) , r ) -encoding of ( M , w ′ ) . Thus, from ( M ′ , w ′ ) | = φ [ (cid:51) ← (cid:51) − ] and by Lemma E.11, we conclude that ( M , w ′ ) | = φ ..