LTL Semantic Tableaux and Alternating \(\omega \)-automata via Linear Factors

Abstract

Linear Temporal Logic (LTL) is a widely used specification framework for linear time properties of systems. The standard approach for verifying such properties is by transforming LTL formulae to suitable \(\omega \)-automata and then applying model checking. We revisit Vardi’s transformation of an LTL formula to an alternating \(\omega \)-automaton and Wolper’s LTL tableau method for satisfiability checking. We observe that both constructions effectively rely on a decomposition of formulae into linear factors. Linear factors have been introduced previously by Antimirov in the context of regular expressions. We establish the notion of linear factors for LTL and verify essential properties such as expansion and finiteness. Our results shed new insights on the connection between the construction of alternating \(\omega \)-automata and semantic tableaux.

Appendices

A Properties of Partial Derivatives

Our finiteness proof follows the method suggested by Broda et al. [3]. We look at the set of iterated partial derivatives of a formula \(\varphi \), which turns out to be just the set of temporal subformulae of \(\varphi \). This set is finite and closed under the partial derivative operation. Thus, finiteness follows.

Definition 16

(Iterated Partial Derivatives)

$$\begin{array}{lcl} \partial ^+ (\ell ) &{}=&{} \{ \ell \} \\ \partial ^+ (\mathbf {tt}) &{}=&{} \{ \mathbf {tt}\} \\ \partial ^+ (\mathbf {ff}) &{}=&{} \{\mathbf {ff}\} \\ \partial ^+ (\varphi \vee \psi ) &{}=&{} \partial ^+ (\varphi )\cup \partial ^+ (\psi ) \\ \partial ^+ (\varphi \wedge \psi ) &{}=&{} \partial ^+ (\varphi ) \cup \partial ^+ (\psi ) \\ \partial ^+ (\bigcirc \, \varphi ) &{}=&{} \{\bigcirc \, \varphi \} \cup \partial ^+ (\varphi ) \\ \partial ^+ (\Diamond \, \varphi ) &{}=&{} \{ \Diamond \, \varphi \} \cup \partial ^+ (\varphi ) \\ \partial ^+ (\Box \, \varphi ) &{}=&{} \{ \Box \, \varphi \} \cup \partial ^+ (\varphi ) \\ \partial ^+ (\varphi \, \mathbf {U} \, \psi ) &{}=&{} \{ \varphi \, \mathbf {U} \, \psi \} \cup \partial ^+ (\psi ) \cup \partial ^+ (\varphi ) \\ \partial ^+ (\varphi \, \mathbf {R} \, \psi ) &{}=&{} \{ \varphi \, \mathbf {R} \, \psi \} \cup \partial ^+ (\psi ) \cup \partial ^+ (\varphi ) \end{array}$$

It is trivial to see that the set \(\partial ^+ (\varphi )\) is finite because it is a subset of the set of subformulae of \(\varphi \).

Lemma 7

(Finiteness). For all \(\varphi \), \(\partial ^+ (\varphi )\) is finite.

The iterated partial derivative only consider subformulae whereas the partial derivative elides disjunctions but returns a set of formal conjunctions. To connect both the following definition is required.

Definition 17

(Subsets of Formal Conjunctions). For an ordered set \(X = \{ x_1, x_2, \dots \}\), we define the set of all formal conjunctions of X as follows.

$$\begin{aligned} \mathcal {S}(X)&= \{ x_{i_1} \wedge \ldots \wedge x_{i_n} \mid n\ge 0, i_1< i_2< \dots < i_n \} \end{aligned}$$

We regard a subset of \(\mathcal {S}(X)\) as a positive Boolean formula over X in conjunctive normal form. We write \(\mathbf {tt}\) for the empty conjunction.

Clearly, if a set of formulae \(\varPhi \) is finite, then so is \(\mathcal {S}(\varPhi )\), where we assume an arbitrary, but fixed total ordering on formulae.

The set of temporal subformulae of a given formula \(\varphi \) is also a formal conjunction of subformulae.

Lemma 8

For all \(\varphi \), \(\mathcal {T}(\varphi ) \subseteq \mathcal {S}(\partial ^+ (\varphi ))\).

Lemma 9

(Closedness under derivation)  

1. 1.

   For all \(x\in \varSigma \), \(\partial _{x}(\varphi ) \subseteq \mathcal {S}( \partial ^+ (\varphi )) \).

2. 2.

   For all \(\varphi ' \in \partial ^+ (\varphi )\) and \(x\in \varSigma \), \(\partial _{x}(\varphi ') \subseteq \mathcal {S}(\partial ^+ (\varphi ))\).

From Lemmas 8 and 9 it follows that the set of descendants of a fixed LTL formula \(\varphi \) is finite. In fact, we can show that the cardinality of this set is exponential in the size of \(\varphi \). We will state this result for a more “direct” definition of partial derivatives which does not require having to compute linear factors first.

Definition 18

(Direct Partial Derivatives). Let \(x \in \varSigma \). Then, \({ p d}_{x}(\cdot )\) maps LTL formulae to sets of LTL formulae and is defined as follows.

$$\begin{array}{lcl} { p d}_{x}(\mathbf {tt}) &{} = &{} \{\mathbf {tt}\} \\ { p d}_{x}(\mathbf {ff}) &{} = &{} \{\} \\ { p d}_{x}(\ell ) &{} = &{} \left\{ \begin{array}{ll} \{ \mathbf {tt}\} &{} x \models \ell \\ \{ \} &{} \text{ otherwise } \end{array} \right. \\ { p d}_{x}(\varphi \vee \psi ) &{} = &{} { p d}_{x}(\varphi ) \cup { p d}_{x}(\psi ) \\ { p d}_{x}(\varphi \wedge \psi ) &{} = &{} \{ \varphi ' \wedge \psi ' \mid \varphi ' \in { p d}_{x}(\varphi ), \psi ' \in { p d}_{x}(\psi ) \} \\ { p d}_{x}(\bigcirc \, \varphi ) &{} = &{} \mathcal {T}(\varphi ) \\ { p d}_{x}(\varphi \, \mathbf {U} \, \psi ) &{} = &{} { p d}_{x}(\psi ) \cup \{ \varphi ' \wedge \varphi \, \mathbf {U} \, \psi \mid \varphi ' \in { p d}_{x}(\varphi ) \} \\ { p d}_{x}(\varphi \, \mathbf {R} \, \psi ) &{} = &{} \{ \varphi ' \wedge \psi ' \mid \varphi ' \in { p d}_{x}(\varphi ), \psi ' \in { p d}_{x}(\psi ) \} \\ &{}&{}\qquad \quad {} \cup \{ \psi ' \wedge \varphi \, \mathbf {R} \, \psi \mid \psi ' \in { p d}_{x}(\psi ) \} \\ { p d}_{x}(\Diamond \, \varphi ) &{} = &{} { p d}_{x}(\varphi ) \cup \{ \Diamond \, \varphi \} \\ { p d}_{x}(\Box \, \varphi ) &{} = &{} \{ \varphi ' \wedge \Box \, \varphi \mid \varphi ' \in { p d}_{x}(\varphi ) \} \end{array}$$

where conjunctions of temporal formulae are normalized as usual.

For \(w \in \varSigma ^*\), we define \({ p d}_{\varepsilon }(\varphi ) = \{ \varphi \}\) and \({ p d}_{x w}(\varphi ) = \bigcup _{\varphi ' \in { p d}_{x}(\varphi )} { p d}_{w}(\varphi ')\). For \(L \subseteq \varSigma *\), we define \({ p d}_{L}(\varphi ) = \bigcup _{w \in L} { p d}_{w}(\varphi )\). We refer to the special case \({ p d}_{\varSigma ^*}(\varphi )\) as the set of partial derivative descendants of \(\varphi \).

Example 3

Consider the formula \(\Box \, \Diamond \, p\). We calculate

$$\begin{array}{lcl} { p d}_{p}(\Diamond \, p) &{} = &{} \{ \mathbf {tt}, \Diamond \, p \} \\ { p d}_{p}(\Box \, \Diamond \, p) &{} = &{} \{ \mathbf {tt}\wedge \Box \, \Diamond \, p, \Diamond \, p \wedge \Box \, \Diamond \, p \} \\ &{} &{} \text{(normalize) } \\ &{} = &{} \{ \Box \, \Diamond \, p, \Diamond \, p \wedge \Box \, \Diamond \, p \}\\ {{ p d}_{p}(\Diamond \, p \wedge \Box \, \Diamond \, p)}&{}&{}\\ &{} = &{} \{ \mathbf {tt}\wedge \mathbf {tt}\wedge \Box \, \Diamond \, p, \Diamond \, p \wedge \Box \, \Diamond \, p, \mathbf {tt}\wedge \Diamond \, p \wedge \Box \, \Diamond \, p, \Diamond \, p \wedge \Diamond \, p \wedge \Box \, \Diamond \, p \} \\ &{} &{} \text{(normalize) } \\ &{} = &{} \{ \Box \, \Diamond \, p, \Diamond \, p \wedge \Box \, \Diamond \, p \} \end{array}$$

Lemma 10

For all \(\varphi \) and \(x \in \varSigma \), \(\partial _{x}(\varphi ) = { p d}_{x}(\varphi )\).

The next result follows from Theorem 2 and Lemma 10.

Lemma 11

For all \(\varphi \), \(\varphi \Leftrightarrow \bigvee _{x \in \varSigma , \varphi ' \in { p d}_{x}(\varphi )} x \wedge \bigcirc \, \varphi '\).

Definition 19

The size of a temporal formula \(\varphi \) is the sum of the number of literals, temporal and Boolean operators in \(\varphi \).

If \(\varphi \) has size n, the number of subformulae in \(\varphi \) is bounded by O(n).

Lemma 12

For all \(\varphi \), the cardinality of \({ p d}_{\varSigma ^*}(\varphi )\) is bounded by \(O(2^n)\) where n is the size of \(\varphi \).

Fig. 1.

Tableau before elimination: \(\Box \, p \wedge \Diamond \, \lnot p\)

B Tableau Examples

Example 4

Consider \(\Box \, p \wedge \Diamond \, \lnot p\). Figure 1 shows the tableau generated before elimination. In case of decomposition, edges are annotated with the number of the respective decomposition rule. For example, from the initial node \(S_0\) we reach node \(S_1\) by decomposition via (D2). Node \(S_4\) consists of only elementary and marked nodes and therefore we apply the step rule to reach node \(S_5\). The same applies to node \(S_3\). For brevity, we ignore its child node because this node is obviously unsatisfiable (E1). The same applies to node \(S_7\).

We consider elimination of nodes. Nodes \(S_3\), \(S_4\), \(S_7\) and \(S_8\) are states. Therefore, \(S_0\) and \(S_5\) are pre-states. Nodes \(S_3\) and \(S_7\) can be immediately eliminated due to E1. Node \(S_5\) contains \(\Diamond \, \lnot p\). This formula is not satisfiable because there is not path from \(S_5\) along which we reach a node which contains \(\lnot p\). Hence, we eliminate \(S_5\) due to E3. All other nodes are eliminated due to E3. Hence, we conclude that the formula \(\Box \, p \wedge \Diamond \, \lnot p\) is unsatisfiable.

Example 5

Consider \(\Box \, p \wedge \Diamond \, \lnot p\). Our variant of Wolper’s tableau construction method yields the following.

Node \(S_4'\) corresponds to node \(S_4\) in Fig. 1. Nodes \(S_1\), \(S_2\), and \(S_3\) from the original construction do not arise in our variant because we skip intermediate nodes and eliminate aggressively during construction whereas Wolper’s construction method gives rise \(S_5\). We avoid such intermediate nodes and immediately link \(S_4'\) to the initial node \(S_0\).

Example 6

Consider \(\lnot p \wedge \bigcirc \, \lnot p \wedge q\, \mathbf {U} \, p\) where

$$\begin{array}{lcl} \textsc {lf}(\lnot p) &{} = &{} \{ \langle \lnot p, \mathbf {tt}\rangle \} \\ \textsc {lf}(\mathbf {tt}) &{} = &{} \{ \langle \mathbf {tt}, \mathbf {tt}\rangle \} \\ \textsc {lf}(\bigcirc \, \lnot p) &{} = &{} \{ \langle \mathbf {tt}, \lnot p\rangle \} \\ \textsc {lf}(q\, \mathbf {U} \, p) &{} = &{} \{ \langle p, \mathbf {tt}\rangle , \langle q, q\, \mathbf {U} \, p\rangle \} \\ \textsc {lf}(\lnot p \wedge q\, \mathbf {U} \, p) &{} = &{} \{ \langle \lnot p \wedge q, q\, \mathbf {U} \, p\rangle \} \\ \textsc {lf}(\lnot p \wedge \bigcirc \, \lnot p \wedge q\, \mathbf {U} \, p) &{} = &{} \{ \langle \lnot p \wedge q, \lnot p \wedge q\, \mathbf {U} \, p\rangle \} \end{array}$$

We carry out the tableau construction using linear factors notation where we use LF to label pre-state (derivatives) to state (linear factor) relations and PD to label state to pre-state relations.

C Proofs

1.1 C.1 Proof of Theorem 2

Proof

Show by induction on \(\varphi \): for all \(\sigma \in \varSigma ^\omega \), \(\sigma \models \varphi \) iff \(\sigma \models \varTheta (\textsc {lf}(\varphi ))\).

Case p.

$$\begin{aligned} \varTheta (\textsc {lf}(p))&= \varTheta (\{ \langle p, \mathbf {tt}\rangle \}) = p \wedge \bigcirc \, \mathbf {tt}\Leftrightarrow p \end{aligned}$$

Case \(\lnot p\). Analogous.

Case \(\mathbf {tt}\).

$$\begin{aligned} \varTheta (\textsc {lf}(\mathbf {tt}))&= \varTheta (\{ \langle \mathbf {tt}, \mathbf {tt}\rangle \}) = \mathbf {tt}\wedge \bigcirc \, \mathbf {tt}\Leftrightarrow \mathbf {tt}\end{aligned}$$

Case \(\mathbf {ff}\).

$$\begin{aligned} \varTheta (\textsc {lf}(\mathbf {ff}))&= \varTheta (\{ \}) = \mathbf {ff}\end{aligned}$$

Case \(\varphi \vee \psi \).

$$\begin{aligned} \varTheta (\textsc {lf}(\varphi \vee \psi ))&= \varTheta (\textsc {lf}(\varphi ) \cup \textsc {lf}(\psi )) = \varTheta (\textsc {lf}(\varphi )) \vee \varTheta ( \textsc {lf}(\psi )) \end{aligned}$$

Now

$$\begin{aligned} \sigma \models \varphi \vee \psi&\Leftrightarrow (\sigma \models \varphi ) \vee (\sigma \models \psi ) \\&\text {by IH}\\&\Leftrightarrow (\sigma \models \varTheta (\textsc {lf}(\varphi ))) \vee (\sigma \models \varTheta (\textsc {lf}(\psi ))) \\&\Leftrightarrow (\sigma \models \varTheta (\textsc {lf}(\varphi )) \vee \varTheta (\textsc {lf}(\psi ))) \end{aligned}$$

Case \(\varphi \wedge \psi \).

$$\begin{aligned} \varTheta (\textsc {lf}(\varphi \wedge \psi ))&= \varTheta (\{ \langle \mu \odot \nu ,\varphi ' \wedge \psi '\rangle \mid \langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu ,\psi '\rangle \in \textsc {lf}(\psi ) \}) \\&= \bigvee \{ (\mu \odot \nu ) \wedge \bigcirc \, (\varphi ' \wedge \psi ') \mid \langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu ,\psi '\rangle \in \textsc {lf}(\psi ) \} \end{aligned}$$

Now

$$\begin{aligned} \sigma&\models \varphi \wedge \psi \\&\Leftrightarrow (\sigma \models \varphi ) \wedge (\sigma \models \psi )\\&\text {by IH} \\&\Leftrightarrow (\sigma \models \varTheta (\textsc {lf}(\varphi ))) \wedge (\sigma \models \varTheta (\textsc {lf}(\psi ))) \\&\Leftrightarrow (\sigma \models \bigvee \{ \mu \wedge \bigcirc \, \varphi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi )\}) \\&\qquad \wedge (\sigma \models \bigvee \{ \nu \wedge \bigcirc \, \psi ' \mid \langle \nu , \psi '\rangle \in \textsc {lf}(\psi )\}) \\&\Leftrightarrow \sigma \models (\bigvee \{ \mu \wedge \bigcirc \, \varphi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi )\}) \wedge (\bigvee \{ \nu \wedge \bigcirc \, \psi ' \mid \langle \nu , \psi '\rangle \in \textsc {lf}(\psi )\}) \\&\Leftrightarrow \sigma \models (\bigvee \{ \mu \wedge \bigcirc \, \varphi ' \wedge \nu \wedge \bigcirc \, \psi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi )\}) \end{aligned}$$

by Lemma 2 \(\mu \wedge \nu \Leftrightarrow \varTheta (\mu \odot \nu )\)

$$\begin{aligned}&\Leftrightarrow \sigma \models (\bigvee \{ (\mu \odot \nu ) \wedge \bigcirc \, \varphi ' \wedge \bigcirc \, \psi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi )\}) \\&\Leftrightarrow \sigma \models (\bigvee \{ (\mu \odot \nu ) \wedge \bigcirc \, (\varphi ' \wedge \psi ') \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi ) \}) \end{aligned}$$

Case \(\bigcirc \, \varphi \). (using Lemma 3)

$$\begin{aligned} \varTheta (\textsc {lf}(\bigcirc \, \varphi ))&= \varTheta (\{ \langle \mathbf {tt},\varphi '\rangle \mid \varphi ' \in \mathcal {T}(\varphi ) \}) \\&=\bigvee \{ \mathbf {tt}\wedge \bigcirc \, \varphi ' \mid \varphi ' \in \mathcal {T}(\varphi ) \}\\&= \bigcirc \, (\bigvee \mathcal {T}(\varphi )) \\&\Leftrightarrow \bigcirc \, \varphi \end{aligned}$$

Case \(\varphi \, \mathbf {U} \, \psi \).

$$\begin{aligned} \varTheta (\varphi \, \mathbf {U} \, \psi )&= \varTheta (\textsc {lf}(\psi ) \cup \{ \langle \mu ,\varphi ' \wedge \varphi \, \mathbf {U} \, \psi \rangle \mid \langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi ) \}) \\&= \varTheta (\textsc {lf}(\psi )) \vee \bigvee \{ {\mu \wedge \bigcirc \, (\varphi ' \wedge \varphi \, \mathbf {U} \, \psi )} \mid \langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi ) \} \\&\Leftrightarrow \varTheta (\textsc {lf}(\psi )) \vee \bigvee \{ \mu \wedge \bigcirc \, \varphi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi )\} \wedge \bigcirc \, (\varphi \, \mathbf {U} \, \psi ) \\&\Leftrightarrow \varTheta (\textsc {lf}(\psi )) \vee (\varTheta (\textsc {lf}(\varphi )) \wedge \bigcirc \, (\varphi \, \mathbf {U} \, \psi )) \\&\text {by IH} \\&\Leftrightarrow \psi \vee (\varphi \wedge \bigcirc \, (\varphi \, \mathbf {U} \, \psi )) \\&\Leftrightarrow \varphi \, \mathbf {U} \, \psi \end{aligned}$$

Case \(\varphi \, \mathbf {R} \, \psi \).

$$\begin{aligned} \varTheta ( \textsc {lf}(\varphi \, \mathbf {R} \, \psi ))&= \varTheta ( \begin{array}{l} \{ \langle \mu \odot \nu , \varphi ' \wedge \psi '\rangle \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi ) \} \\ \cup \{ \langle \nu , \psi ' \wedge \varphi \, \mathbf {R} \, \psi \rangle \mid \langle \nu ,\psi '\rangle \in \textsc {lf}(\psi )\} \end{array} ) \\&= \begin{array}{l} \bigvee _{\langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi )} (\varTheta (\mu \odot \nu ) \wedge \bigcirc \, (\varphi ' \wedge \psi ')) \\ \vee \bigvee _{\langle \nu ,\psi '\rangle \in \textsc {lf}(\psi )} (\varTheta ( \nu ) \wedge \bigcirc \, (\psi ' \wedge \varphi \, \mathbf {R} \, \psi )) \end{array} \\&\text {by Lemma}~\text {2 and the fact that} \bigcirc \, (\varphi \wedge \psi ) \Leftrightarrow \bigcirc \, \varphi \wedge \bigcirc \, \psi \\&\Leftrightarrow \begin{array}{l} \bigvee _{\langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi )} (\varTheta (\mu ) \wedge \varTheta (\nu ) \wedge \bigcirc \, \varphi ' \wedge \bigcirc \, \psi ') \\ \vee \bigvee _{\langle \nu ,\psi '\rangle \in \textsc {lf}(\psi )} (\varTheta ( \nu ) \wedge \bigcirc \, \psi ' \wedge \bigcirc \, (\varphi \, \mathbf {R} \, \psi )) \end{array} \\&\text {by repeated application of the following distributivity laws} \\&(\varphi _1 \wedge \varphi _2) \vee (\varphi _1 \wedge \varphi _3) \Leftrightarrow \varphi _1 \wedge (\varphi _2 \vee \varphi _3) \\&(\varphi _1 \wedge \varphi _2) \vee (\varphi _3 \wedge \varphi _2) \Leftrightarrow (\varphi _1 \vee \varphi _3) \wedge \varphi _2 \\&\Leftrightarrow \begin{array}{l} \bigvee _{\langle \nu ,\psi '\rangle \in \textsc {lf}(\psi )} (\varTheta (\nu ) \wedge \bigcirc \, \psi ') \\ \wedge (((\bigvee _{\langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi )} (\varTheta (\mu ) \wedge \bigcirc \, \varphi '))) \vee \bigcirc \, (\varphi \, \mathbf {R} \, \psi )) \end{array} \\&= \varTheta (\textsc {lf}(\psi )) \wedge (\varTheta (\textsc {lf}(\varphi )) \vee \bigcirc \, (\varphi \, \mathbf {R} \, \psi )) \\&\text {by IH} \\&\Leftrightarrow \psi \wedge (\varphi \vee \bigcirc \, (\varphi \, \mathbf {R} \, \psi )) \\&\text {by Theorem}~1 \\&\Leftrightarrow \varphi \, \mathbf {R} \, \psi \end{aligned}$$

\(\square \)

1.2 C.2 Proof of Lemma 7

Proof

By straightforward induction on the linear temporal formula. \(\square \)

1.3 C.3 Proof of Lemma 8

Proof

By straightforward induction on the linear temporal formula. \(\square \)

1.4 C.4 Proof of Lemma 10

Proof

By induction on \(\varphi \).

Case \(\varphi \, \mathbf {R} \, \psi \). By definition,

$$\begin{array}{lcll} \partial _{x}(\varphi \, \mathbf {R} \, \psi ) &{} = &{} \{ \varphi ' \wedge \psi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi ), x \models \mu \odot \nu \} &{} (1) \\ &{}&{} \cup \{ \psi ' \wedge \varphi \, \mathbf {R} \, \psi \mid \langle \nu ,\psi '\rangle \in \textsc {lf}(\psi ), x \models \nu \} &{} (2) \end{array}$$

Consider (1). For \(\mu \odot \nu = \mathbf {ff}\), the second components of the respective linear forms can be ignored. Hence, by IH we find that \(\{ \varphi ' \wedge \psi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi ), x \models \mu \odot \nu \} \subseteq \{ \varphi ' \wedge \psi ' \mid \varphi ' \in { p d}_{x}(\varphi ), \psi ' \in { p d}_{x}(\psi ) \}\). The other direction follows as well as \(x \models \mu \) and \(x \models \nu \) implies that \(\mu \odot \nu \not = \mathbf {ff}\). Consider (2). By IH we have that \(\{ \psi ' \wedge \varphi \, \mathbf {R} \, \psi \mid \langle \nu ,\psi '\rangle \in \textsc {lf}(\psi ), x \models \nu \} = \{ \psi ' \wedge \varphi \, \mathbf {R} \, \psi \mid \psi ' \in { p d}_{x}(\psi ) \}\). Hence, \(\partial _{x}(\varphi \, \mathbf {R} \, \psi ) = { p d}_{x}(\varphi \, \mathbf {R} \, \psi )\).

The other cases can be proven similarly.

1.5 C.5 Proof of Lemma 12

Proof

The cardinality of \(\partial ^+ (\varphi )\) is bounded by O(n). By Lemma 9 (second part) elements in the set of descendants are in the set \(\mathcal {S}(\partial ^+ (\varphi ))\). The mapping \(\mathcal {S}\) builds all possible (conjunctive) combinations of the underlying set. Hence, the cardinality of \(\mathcal {S}(\partial ^+ (\varphi ))\) is bounded by \(O(2^n)\) and we are done.

1.6 C.6 Proof of Lemma 9

Proof

First part. By induction on \(\varphi \) we show that \(\{ \varphi ' \mid \langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi ) \} \subseteq \mathcal {S}(\partial ^+ (\varphi ))\).

Case \(\mathbf {tt}\). \(\textsc {lf}( \mathbf {tt}) = \{ \langle \mathbf {tt}, \mathbf {tt}\rangle \}\) and \(\mathbf {tt}\in \mathcal {S}(\partial ^+ (\mathbf {tt}))\).

Case \(\ell \). Analogous.

Case \(\mathbf {ff}\). Holds vacuously.

Case \(\varphi \vee \psi \). Immediate by induction.

Case \(\varphi \wedge \psi \). Immediate by induction.

Case \(\bigcirc \, \varphi \). \(\textsc {lf}(\bigcirc \, \varphi ) = \{ \langle \mathbf {tt}, \varphi '\rangle \mid \varphi ' \in \mathcal {T}(\varphi )\}\) and by Lemma 8, \(\mathcal {T}(\varphi ) \subseteq \mathcal {S}(\partial ^+ (\varphi ))\).

Case \(\varphi \, \mathbf {U} \, \psi \). \(\textsc {lf}(\varphi \, \mathbf {U} \, \psi ) = \textsc {lf}(\psi ) \cup \{ \langle \mu ,\varphi ' \wedge \varphi \, \mathbf {U} \, \psi \rangle \mid \langle \mu ,\varphi '\rangle \in \textsc {lf}(\varphi ) \}\). By induction, the second components of \(\textsc {lf}(\psi )\) are in \(\mathcal {S}(\partial ^+ (\psi )) \subseteq \mathcal {S}(\partial ^+ (\varphi \, \mathbf {U} \, \psi ))\). By induction, the second components \(\varphi '\) of \(\textsc {lf}(\varphi )\) are in \(\mathcal {S}(\partial ^+ (\varphi ))\), so that \(\varphi ' \wedge \varphi \, \mathbf {U} \, \psi \in \mathcal {S}(\partial ^+ (\varphi ) \cup \{ \varphi \, \mathbf {U} \, \psi \}) \subseteq \mathcal {S}(\partial ^+ (\varphi \, \mathbf {U} \, \psi ))\).

Case \(\varphi \, \mathbf {R} \, \psi \). \(\textsc {lf}(\varphi \, \mathbf {R} \, \psi ) = \{ \langle \mu \odot \nu , \varphi ' \wedge \psi '\rangle \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ), \langle \nu , \psi '\rangle \in \textsc {lf}(\psi ) \} \cup \{ \langle \nu , \psi ' \wedge \varphi \, \mathbf {R} \, \psi \rangle \mid \langle \nu ,\psi '\rangle \in \textsc {lf}(\psi )\}\). By induction \(\varphi ' \in \mathcal {S}(\partial ^+ (\varphi ))\) and \(\psi ' \in \mathcal {S}(\partial ^+ (\psi ))\) so that \(\varphi '\wedge \psi ' \in \mathcal {S}(\partial ^+ (\varphi ) \cup \partial ^+ (\psi )) \subseteq \mathcal {S}(\partial ^+ (\varphi \, \mathbf {R} \, \psi ))\). Furthermore, \(\psi ' \wedge \varphi \, \mathbf {R} \, \psi \in \mathcal {S}(\partial ^+ (\psi ) \cup \{ \varphi \, \mathbf {R} \, \psi \}) \subseteq \mathcal {S}(\partial ^+ (\varphi \, \mathbf {R} \, \psi ))\).

Second part. By induction on \(\varphi \).

Case \(\ell \). If \(\varphi ' = \ell \) or \(\varphi ' = \mathbf {tt}\), then \(\mathbf {tt}\in \mathcal {S}(\partial ^+ (\ell ))\).

Case \(\mathbf {tt}\). Analogous.

Case \(\mathbf {ff}\). Vacuously true.

Case \(\varphi \vee \psi \). Immediate by induction.

Case \(\varphi \wedge \psi \). Immediate by induction.

Case \(\varphi \, \mathbf {U} \, \psi \). By induction and the first part.

Case \(\varphi \, \mathbf {R} \, \psi \). By induction and the first part.

1.7 C.7 Proof of Theorem 3

Proof

Suppose that \(\sigma \models \varphi \). Show by induction on \(\varphi \) that \(\sigma \in \mathcal {L}(\mathcal {A}(\varphi ))\).

Case \(\mathbf {tt}\). Accepted by run \(\mathbf {tt}, \mathbf {tt}, \dots \) which visits \(\mathbf {tt}\in F\) infinitely often.

Case \(\mathbf {ff}\). No run.

Case p. As \(p\in \sigma _0\), \(\sigma \) is accepted by run \(p, \mathbf {tt}, \mathbf {tt}, \dots \).

Case \(\lnot p\). Accepted by run \(\lnot p, \mathbf {tt}, \mathbf {tt}, \dots \).

Case \(\varphi \wedge \psi \). By definition \(\sigma \models \varphi \) and \(\sigma \models \psi \). By induction, there are accepting runs \(\alpha _0, \alpha _1, \dots \) on \(\sigma \) in \(\mathcal {A}(\varphi )\) and \(\beta _0, \beta _1, \dots \) on \(\sigma \) in \(\mathcal {A}(\psi )\). But then \(\alpha _0 \wedge \beta _0, \alpha _1 \wedge \beta _1, \dots \) is an accepting run on \(\sigma \) in \(\mathcal {A}(\varphi \wedge \psi )\) because the state sets of the automata are disjoint.

Case \(\varphi \vee \psi \). By definition \(\sigma \models \varphi \) or \(\sigma \models \psi \). If we assume that \(\sigma \models \varphi \), then induction yields an accepting run \(\alpha _0, \alpha _1, \dots \) on \(\sigma \) in \(\mathcal {A}(\varphi )\). As the initial state of \(\mathcal {A}(\varphi \vee \psi )\) is chosen from \(\{\alpha _0, \beta _0 \}\), for some \(\beta _0\), we have that \(\alpha _0, \alpha _1, \dots \) is an accepting run on \(\sigma \) in \(\mathcal {A}(\varphi \vee \psi )\).

Case \(\bigcirc \, \varphi \). By definition \(\sigma [1\dots ] \models \varphi \). By induction, there is an accepting run \(\alpha _0, \alpha _1, \dots \) on \(\sigma [1\dots ]\) in \(\mathcal {A}(\varphi )\) with \(\alpha _0 = \mathcal {T}(\varphi )\). Thus, there is an accepting run \(\bigcirc \, \varphi , \alpha _0, \alpha _1, \dots \) on \(\sigma \) in \(\mathcal {A}(\bigcirc \, \varphi )\).

Case \(\varphi \, \mathbf {U} \, \psi \). By definition \(\exists n \in \omega , \forall j \in \omega , j<n \Rightarrow \sigma [j\dots ] \models \varphi \) and \(\sigma [n\dots ] \models \psi \). By induction, there is an accepting run on \(\sigma [n\dots ]\) in \(\mathcal {A}(\psi )\) and, for all \(0 \le j<n\), there are accepting runs on \(\sigma [j\dots ]\) in \(\mathcal {A}(\varphi )\).

We proceed by induction on n.

Subcase \(n=0\). In this case, there is an accepting run \(\beta _0, \beta _1, \dots \) on \(\sigma [0\dots ] = \sigma \) in \(\mathcal {A}(\psi )\) so that \(\beta _0 = \mathcal {T}(\psi )\). We want to show that \(\varphi \, \mathbf {U} \, \psi , \beta _1, \dots \) is an accepting run on \(\sigma \) in \(\mathcal {A}(\varphi \, \mathbf {U} \, \psi )\). To see this, observe that \(\beta _1 \in \partial _{\sigma _0}(\beta _0)\) and that \(\partial _{\sigma _0}(\varphi \, \mathbf {U} \, \psi ) = \partial _{\sigma _0}(\beta _0) \cup \partial _{\sigma _0}(\alpha _0) \wedge \varphi \, \mathbf {U} \, \psi \), where \(\alpha _0 = \mathcal {T}(\varphi )\), which proves the claim.

Subcase \(n>0\). There must be an accepting run \(\alpha _0, \alpha _1, \dots \) on \(\sigma [0\dots ] = \sigma \) in \(\mathcal {A}(\varphi )\) so that \(\alpha _0 = \mathcal {T}(\varphi )\). By induction (on n) there must be an accepting run \(\beta _0, \beta _1, \dots \) on \(\sigma [1\dots ]\) in \(\mathcal {A}(\varphi \, \mathbf {U} \, \psi )\) where \(\beta _0 = \varphi \, \mathbf {U} \, \psi \). We need to show that \(\varphi \, \mathbf {U} \, \psi , \alpha _1 \wedge \beta _0, \alpha _2 \wedge \beta _1, \dots \) is an accepting run on \(\sigma \) in \(\mathcal {A}(\varphi \, \mathbf {U} \, \psi )\). By the analysis in the base case, the automaton can step from \(\varphi \, \mathbf {U} \, \psi \) to \(\partial _{\sigma _0}(\alpha _0) \wedge \varphi \, \mathbf {U} \, \psi \).

Case \(\varphi \, \mathbf {R} \, \psi \).

By definition, \(\forall n \in \omega , ( \sigma [n\dots ] \models \psi \text { or } \exists j \in \omega , ((j<n) \wedge \sigma [j\dots ] \models \varphi )) \). By induction, there is either an accepting run on \(\sigma [n\dots ]\) in \(\mathcal {A}(\psi )\), for each \(n\in \omega \), or there exists some \(j\in \omega \) such that there is an accepting run on \(\sigma [j\dots ]\) in \(\mathcal {A}(\varphi )\) and for all \(0\le i\le j\), there is an accepting run on \(\sigma [i\dots ]\) in \(\mathcal {A}(\psi )\).

If there is an accepting run \(\pi _0^n, E_0^n, \pi _1^n, E_1^n, \dots \) in \(\mathcal {A}(\psi )\) on \(\sigma [n\dots ]\) for each \(n\in \omega \) where \(\pi _0^n \in \mathcal {T}(\psi )\) and \(\pi _{i+1}^n \in \partial _{\sigma _{i+n}}(\pi _i^n)\), then there is an accepting run in \(\mathcal {A}(\varphi \, \mathbf {R} \, \psi )\):

\(\partial _{\sigma _0}(\varphi \, \mathbf {R} \, \psi ) = \partial _{\sigma _0}(\varphi \wedge \psi ) \cup \partial _{\sigma _0}(\psi ) \wedge \varphi \, \mathbf {R} \, \psi \).

Suppose that there is either an accepting run on \(\sigma [n\dots ]\) in \(\mathcal {A}(\psi )\), for each \(n\in \omega \). In this case, there is an accepting run in \(\mathcal {A}(\varphi \, \mathbf {R} \, \psi )\): there is infinite path of accepting states \(\varphi \, \mathbf {R} \, \psi , \dots \) and, as \(\psi \) holds at every n, every infinite path that starts in a state in \(\partial _{\sigma _n}(\psi )\) visits infinitely many accepting states.

Otherwise, the run visits only finitely many states of the form \(\varphi \, \mathbf {R} \, \psi \) and then continues according to the accepting runs on \(\varphi \) and \(\psi \) starting with \(\partial _{\sigma _j}(\varphi \wedge \psi )\). Furthermore, any infinite path starting at some \(\partial _{\sigma _i}(\psi ) \wedge \varphi \, \mathbf {R} \, \psi \) that goes through \(\partial _{\sigma _i}(\psi )\) visits infinitely many accepting states (for \(0\le i<j\)).

Suppose now that \(\sigma \not \models \varphi \) and show that \(\sigma \notin \mathcal {L}(\mathcal {A}(\varphi ))\).

\(\sigma \not \models \varphi \) is equivalent to \(\sigma \models \lnot \varphi \). We prove by induction on \(\varphi \) that \(\sigma \notin \mathcal {L}(\mathcal {A}(\varphi ))\).

Case \(\mathbf {tt}\). The statement \(\sigma \not \models \mathbf {tt}\) is contradictory.

Case \(\mathbf {ff}\). The statement \(\sigma \not \models \mathbf {ff}\) holds for all \(\sigma \) and the automaton \(\mathcal {A}(\mathbf {ff})\) has no transitions, so \(\sigma \notin \mathcal {L}(\mathcal {A}(\mathbf {ff}))\).

Case p. The statement \(\sigma \not \models p\) is equivalent to \(\sigma \models \lnot p\). That is, \(p \notin \sigma _0\). As \(\textsc {lf}(p) = \{ \langle p, \mathbf {tt}\rangle \}\), we find that \(\partial _{\sigma _0}(p) = \emptyset \) so that \(\mathcal {A}(p)\) has no run on p.

Case \(\lnot p\). Similar.

Case \(\varphi \wedge \psi \). If \(\sigma \not \models \varphi \wedge \psi \), then \(\sigma \not \models \varphi \) or \(\sigma \not \models \psi \). If we assume that \(\sigma \not \models \varphi \) and appeal to induction, then either there is no run of \(\mathcal {A}(\varphi )\) on \(\sigma \): in this case, there is no run of \(\mathcal {A}(\varphi \wedge \psi )\) on \(\sigma \), either. Alternatively, every run of \(\mathcal {A}(\varphi )\) on \(\sigma \) has a path with only finitely many accepting states. This property is inherited by \(\mathcal {A}(\varphi \wedge \psi )\).

Case \(\varphi \vee \psi \). If \(\sigma \not \models \varphi \vee \psi \), then \(\sigma \not \models \varphi \) and \(\sigma \not \models \psi \). By appeal to induction, every run of \(\mathcal {A}(\varphi )\) on \(\sigma \) as well as every run of \(\mathcal {A}(\psi )\) on \(\sigma \) has a path with only finitely many accepting states. Thus, every run of \(\mathcal {A}(\varphi \vee \psi )\) on \(\sigma \) will have an infinite path with only finitely many accepting states.

Case \(\bigcirc \, \varphi \). If \(\sigma \not \models \bigcirc \, \varphi \), then \(\sigma \models \lnot \bigcirc \, \varphi \) which is equivalent to \(\sigma \models \bigcirc \, \lnot \varphi \) and thus \(\sigma [1\dots ]\not \models \varphi \). By induction every run of \(\mathcal {A}(\varphi )\) on \(\sigma [1\dots ]\) has an infinite path with only finitely many accepting states, so has every run of \(\mathcal {A}(\bigcirc \, \varphi )\) on \(\sigma \).

Case \(\varphi \, \mathbf {U} \, \psi \). If \(\sigma \not \models \varphi \, \mathbf {U} \, \psi \), then it must be that \(\sigma \models (\lnot \varphi )\, \mathbf {R} \, (\lnot \psi )\).

By definition, the release formula holds if

$$\begin{aligned} \forall n\in \omega , (\sigma [n\dots ] \not \models \psi \text { or }\exists j\in \omega , (j< n \wedge \sigma [j\dots ] \not \models \varphi )) \end{aligned}$$

We obtain, by induction, for all \(n\in \omega \) that either

1. 1.

   every run of \(\mathcal {A}(\psi )\) on \(\sigma [n\dots ]\) has an infinite path with only finitely many accepting states or

2. 2.

   \(\exists j\in \omega \) with \(j<n\) and every run of \(\mathcal {A}(\varphi )\) on \(\sigma [j\dots ]\) has an infinite path with only finitely many accepting states.

Now we consider a run of \(\mathcal {A}(\varphi \, \mathbf {U} \, \psi )\) on \(\sigma \).

$$\begin{aligned} \partial _{\sigma _0}(\varphi \, \mathbf {U} \, \psi )&= \{ \varphi ' \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi \, \mathbf {U} \, \psi ), \sigma _0 \models \mu \} \\&= \{ \psi ' \mid \langle \nu , \psi '\rangle \in \textsc {lf}(\psi ) , \sigma _0 \models \nu \} \\&\cup \{ \varphi ' \wedge \varphi \, \mathbf {U} \, \psi \mid \langle \mu , \varphi '\rangle \in \textsc {lf}(\varphi ) , \sigma _0 \models \mu \} \end{aligned}$$

To be accepting, the run cannot always choose the alternative that contains \(\varphi \, \mathbf {U} \, \psi \) because that would give rise to an infinite path \((\varphi \, \mathbf {U} \, \psi )^\omega \) which contains no accepting state.

Thus, any accepting run must choose the alternative containing \(\psi '\) a derivative of \(\psi \). Suppose this choice happens at \(\sigma _i\). If the release formula is accepted because case 1 holds always, then a run of \(\mathcal {A}(\psi )\) starting at \(\sigma _i\) has an infinite path with only finitely many accepting states. So this run cannot be accepting.

If the release formula is accepted because eventually case 2 holds, then \(i<j\) is not possible for the same reason as just discussed. However, starting from \(\sigma _j\), we have a state component from \(\mathcal {A}(\varphi )\) which has an infinite path with only finitely many accepting states. So this run cannot be accepting, either.

Case \(\varphi \, \mathbf {R} \, \psi \). If \(\sigma \not \models \varphi \, \mathbf {R} \, \psi \), then \(\sigma \models \lnot (\varphi \, \mathbf {R} \, \psi )\) which is equivalent to \(\sigma \models (\lnot \varphi )\, \mathbf {U} \, (\lnot \psi )\).

By definition, the until formula holds if

$$\begin{aligned} \exists n \in \omega , (\forall j \in \omega , j<n \Rightarrow \sigma [j\dots ] \not \models \varphi ) \text { and } \sigma [n\dots ] \not \models \psi \end{aligned}$$

We obtain, by induction, that there is some \(n\in \omega \) such that

1. 1.

   for all \(j\in \omega \) with \(j<n\) every run of \(\mathcal {A}(\varphi )\) on \(\sigma [j\dots ]\) has an infinite path with only finitely many accepting states and

2. 2.

   every run of \(\mathcal {A}(\psi )\) on \(\sigma [n\dots ]\) has an infinite path with only finitely many accepting states.

Now we assume that there is an accepting run of \(\mathcal {A}(\varphi \, \mathbf {R} \, \psi )\) on \(\sigma \). Consider

$$\begin{aligned} \partial _{\sigma _0}(\varphi \, \mathbf {R} \, \psi )&= \partial _{\sigma _0}(\varphi \wedge \psi ) \cup \partial _{\sigma _0}(\psi ) \wedge \varphi \, \mathbf {R} \, \psi \end{aligned}$$

Suppose that the run always chooses the alternative containing the formula \(\varphi \, \mathbf {R} \, \psi \). However, at \(\sigma _n\), this formula is paired with a run of \(\mathcal {A}(\psi )\) on \(\sigma [n\dots ]\) which has an infinite path with only finitely many accepting states. A contradiction.

Hence, there must be some \(i\in \omega \) such that \(\mathcal {A}(\varphi \, \mathbf {R} \, \psi )\) chooses its next states from \(\partial _{\sigma _i}(\varphi \wedge \psi )\). If this index \(i<n\), then this run cannot be accepting because it contains a run of \(\mathcal {A}(\varphi )\) on \(\sigma [i\dots ]\), which has an infinite path with only finitely many accepting states. Contradiction.

On the other hand, \(i\ge n\) is not possible either because it would contradict case 2.

Hence, there cannot be an accepting run. \(\square \)

1.8 C.8 Proof of Theorem 5

We observe that exhaustive decomposition yields to the same set of states, regardless of the order decomposition rules are applied.

Example 7

Consider \(\Box \, p \wedge \Diamond \, \lnot p\). Starting with \(\{ \{ \Box \, p \wedge \Diamond \, \lnot p \} \}\) the following rewrite steps can be applied. Individual rewrite steps are annotated with the decomposition rule (number) that has been applied.

$$\begin{array}{lcl} \Box \, p \wedge \Diamond \, \lnot p &{} {\mathop {\rightarrowtail }\limits ^{2}} &{} \{ \{ \Box \, p, \Diamond \, \lnot p \} \} \\ {} &{} {\mathop {\rightarrowtail }\limits ^{4}} &{} \{ \{ p, \bigcirc \, \Box \, p, \Diamond \, \lnot p \} \} \\ {} &{} {\mathop {\rightarrowtail }\limits ^{3}} &{} \{ \{ p, \bigcirc \, \Box \, p, \lnot p \}, \{ p, \bigcirc \, \Box \, p, \bigcirc \, \Diamond \, \lnot p \} \} \end{array}$$

In the final set of nodes we effectively find nodes \(S_3\) and \(S_4\) from Wolper’s tableau construction. Intermediate nodes \(S_1\) and \(S_2\) arise in some intermediate rewrite steps. See Fig. 1. The only difference is that marked formulae are dropped.

An interesting observation is that there is an alternative rewriting, which reaches the same set of children.

$$\begin{array}{lcl} \Box \, p \wedge \Diamond \, \lnot p &{} {\mathop {\rightarrowtail }\limits ^{2}} &{} \{ \{ \Box \, p, \Diamond \, \lnot p \} \} \\ {} &{} {\mathop {\rightarrowtail }\limits ^{3}} &{} \{ \{ \Box \, p, \lnot p \}, \{ \Box \, p, \bigcirc \, \Diamond \, \lnot p \} \} \\ {} &{} {\mathop {\rightarrowtail }\limits ^{4}} &{} \{ \{ p, \bigcirc \, \Box \, p, \lnot p \}, \{ \Box \, p, \bigcirc \, \Diamond \, \lnot p \} \} \\ &{} {\mathop {\rightarrowtail }\limits ^{4}} &{} \{ \{ p, \bigcirc \, \Box \, p, \lnot p \}, \{ p, \bigcirc \, \Box \, p, \bigcirc \, \Diamond \, \lnot p \} \} \end{array}$$

We formalize the observations made in the above example. Decomposition yields the same set of nodes regardless of the choice of intermediate steps.

Lemma 13

The rewrite relation \(\rightarrowtail \) is terminating and confluent.

Proof

By inspection of the decomposition rules D1–6.

Hence, our reformulation of Wolper’s tableau construction method yields the same nodes (ignoring marked formulae and intermediate nodes).

Lemma 14

Let S be a pre-state node in Wolper’s tableau construction and \(S'\) be a node derived from S via some (possibly repeated) decomposition steps where \(S'\) is a state. Then, \(\{ S \} \rightarrowtail ^* N\) for some N where \(S'' \in N\) such that \(S''\) and \(S'\) are equivalent modulo marked formulae.

Proof

No further decomposition rules can be applied to a state. The only difference between our rewriting-based formulation of Wolper’s tableau construction is that we drop marked formulae. Hence, the result follows immediately.

Wolper’s proof does not require marked formulae nor does it make use of intermediate nodes in any essential way. Hence, correctness of the optimized Wolper-style tableau construction method follows from Wolper’s proof.

1.9 C.9 Proof of Lemma 6

We first state some auxiliary result.

Lemma 15

Let \(\{ S \cup \{\varphi \} \} \cup N \rightarrowtail \{ S \cup S_1 \} \cup \dots \cup \{ S \cup S_n \} \cup N \rightarrowtail ^* N'\) where \(\varphi \rightarrow \{ S_1, \dots , S_n \}\) and \(\{ \{ \varphi \} \} \rightarrowtail ^* \{ S_1', \dots , S_m' \}\). Then, \(\{ S \cup \{\varphi \} \} \cup N \rightarrowtail \{ S \cup S'_1 \} \cup \dots \cup \{ S \cup S'_m \} \cup N \rightarrowtail ^* N'\).

Proof

By induction over the length of the derivation \(\{ \{ \varphi \} \} \rightarrowtail ^* \{ S_1', \dots , S_m' \}\) and the fact that the rewriting relation is terminating and confluent (Lemma 13).

Lemma 15 says that we obtain the same result if we exhaustively decompose a single formula or apply decomposition steps that alternate among multiple formulae. This observation simplifies the up-coming inductive proof of Lemma 13.

By induction on \(\varphi \) we show that if \(\varphi \rightarrowtail ^* N\) then \(\textsc {lf}(\varphi ) = [\![N]\!]\).

Proof

Case \(\varphi \wedge \psi \). By assumption \(\varphi \wedge \psi \rightarrowtail \{ \{\varphi , \psi \} \} \rightarrowtail ^* N\). By induction we find that (1) \(\textsc {lf}(\varphi ) = [\![N_1]\!]\) and (2) \(\textsc {lf}(\psi ) = [\![N_2]\!]\) where \(\varphi \rightarrowtail ^* \{ S_1,\dots , S_n \}\), \(\psi \rightarrowtail ^* \{ T_1,\dots , T_m \}\), \(N_1 = \{ S_1,\dots , S_n \}\) and \(N_2 = \{ T_1,\dots , T_m \}\). By Lemma 15, we can conclude that \(\varphi \wedge \psi \rightarrowtail \{ \{ \psi \} \cup S_1, \dots , \{ \psi \} \cup S_n \} \rightarrowtail \{ S \cup T \mid S \in \{S_1,\dots ,S_n\}, T \in \{T_1,\dots ,T_m \}\}\) where \(N = \{ S \cup T \mid S \in \{S_1,\dots ,S_n\}, T \in \{T_1,\dots ,T_m \}\}\). From this and via (1) and (2), we can derive that \(\textsc {lf}(\varphi \wedge \psi ) = [\![N]\!]\). Elimination via (E1) is integrated as part of rewriting (see Definition 14).

Case \(\varphi \, \mathbf {R} \, \psi \). By assumption

$$\varphi \, \mathbf {R} \, \psi \rightarrowtail \{ \{ \psi , \varphi \vee \bigcirc \, (\varphi \, \mathbf {R} \, \psi ) \} \} \rightarrowtail \{ \{ \psi , \varphi \}, \{ \psi , \bigcirc \, (\varphi \, \mathbf {R} \, \psi ) \} \} \rightarrowtail ^* N \text{. }$$

By reasoning analogously as in case of conjunction, we find \(\textsc {lf}(\varphi \, \mathbf {R} \, \psi ) = [\![N]\!]\)

The remaining cases follow the same pattern.