A Decision Method for First-Order Stream Logic

Abstract

Our main result is a doubly exponential decision procedure for the first-order equality theory of streams with addition, convolution, and control-oriented stream operations. This stream logic is shown to be expressive for solving basic problems in stream calculus.

1 Introduction

Quantified stream constraints are often used in the principled design of reactive computing systems [7, 8, 10, 25, 26]. However, automated solutions to these constraints can be challenging, as quantifying over streams effectively is second-order.

Quantifying over sets of natural numbers, for instance, encodes quantifying over streams in the monadic second-order logic \(MSO(\omega )\) [19] of \(\omega \)-infinite words over a finite alphabet.¹ This logic is decidable, but only non-elementarily so, based on the well-known characterization of the set of models of any \( MSO (\omega )\) formula in terms of a finite-state machine [9]. Equivalently, the logic-automaton connection yields a non-elementary decision procedure for a first-order equality theory of streams [34].

Here we study a first-order stream logic that is not limited to finite alphabets, and which includes an expressive combination of nonlinear arithmetic stream operators, such as convolution, with control-oriented stream operators, such as shifting. Compared to \( MSO (\omega )\), however, this stream logic is restrictive in that it only supports quantifying over streams, not over positions in streams.

Our main result is that the validity of first-order stream formulas (in the language of ordered rings) in the structure of real-valued streams is decided in doubly exponential time. In contrast to automata-based procedures for monadic second-order logics, our decision procedure is not limited to streams over a finite alphabet, and the time complexity of our procedure is doubly exponential instead of non-elementary as in [34]. Definitional extensions demonstrate the expressive power of this stream logic in solving a number of fundamental problems in the coalgebraic stream calculus [38].

The structure of the developments is as follows. Section 2 motivates quantified stream logic with typical examples from stream calculus [38], and Sect. 3 summarizes, with the intention of making the exposition largely self-contained, essential properties of streams. Since we are targeting stream calculus, we restrict ourselves to streams with real-numbered elements only. However, the results in this paper clearly generalize to streams with elements from either a totally ordered commutative integral ring or a totally ordered field. Streams are identified with formal power series [32] and the superset of streams with finite history prefixes is identified with formal Laurent series. Based on this identification of streams with their generating function it is straightforward to establish that streams are orderable and also Cauchy complete for the prefix distance.

Based on these developments it is shown in Sect. 4 that streams are a real closed valuation ring and their extension with finite histories are a real closed field. The main technical hurdle is the derivation of an intermediate value property (IVP) for streams. As an ordered and complete non-Archimedean domain, streams lack the least upper bound property. The usual dichotomic procedure for proving IVP therefore does not apply. Ordered streams admit quantifier elimination as a consequence of real closedness.

The results in Sect. 5 therefore are direct consequences of the quantifier elimination procedures for real closed valuation rings [12] and for real closed ordered fields [44] together with the doubly exponential bound obtained by cylindrical algebraic decomposition [18] in the case of real closed ordered fields. In Sect. 6, the language of decidable stream logic is conservatively extended by shift operators, constants for rational and automatic streams, and stream projections. Section 7 concludes with some remarks.

Fig. 1.

Stream circuit.

2 Examples

We motivate the rôle of quantified stream logic for encoding some typical problems from stream calculus.

Observational Equivalence. Two stream processors \(T_1\), \(T_2\) are observationally equivalent if the first-order formula in Example 1 holds.

Example 1

(Observational Equivalence).

$$ (\forall {z, y_1, y_2})\,{T}_1(z, y_1) \,\wedge \,T_2(z, y_2) \,\Rightarrow \,y_1 = y_2 $$

The logical variables z, \(y_1\), and \(y_2\) are interpreted over discrete and real-valued streams, and \(T_i(z, y_i)\), for \(i = 1, 2\), are binary predicates for defining the possible output streams \(y_i\) of processor \(T_i\) on input stream z.

In stream calculus [38], the relations \(T_i(z, y_i)\) are typically of the form \(y_i = f_i \cdot z\), where the transfer function \(f_i\) is a stream, and the output stream \(y_i\) is obtained by stream convolution of \(f_i\) with the input stream z. These algebraic specifications are expressive for the set of all stream circuits [40].

Functionality. A stream processor T is functional if the first-order stream formula in Example 2 with one quantifier alternation holds.

Example 2

(Functionality).

$$(\forall z)(\exists y)\, T(z, y) \,\wedge \,(\forall u)\, u \ne y \,\Rightarrow \,\lnot T(z, u) $$

Non-Interference. We now consider streams of system output that are divided into a low and a high security part. In such an environment, a stream processor T is said to be non-interfering [22, 29, 30] if executing T always results in indistinguishable low outputs at every step.

Example 3

(Non-Interference).

$$(\forall {z, y_1, y_2})\,{T(z, y_1) \,\wedge \,T(z, y_2) \,\Rightarrow \, hd {(y_1)} =_L hd {(y_2)} \,\Rightarrow \,y_1 =_L y_2}, $$

where \( hd {(y_i)}\), for \(i = 1, 2\), denote initial values, and \( hd {(y_1)} =_L hd {(y_2)}\) is assumed to hold if and only if the low parts of the two head elements \( hd {(y_1)}\) and \( hd {(y_1)}\) are equal. Similarly, the (overloaded) relation \(y_1 =_L y_2\) on streams is assumed to hold if all the respective projections to the low parts are equal. These non-interference properties are prominent examples of a larger class of hyper-properties [14] for comparing two or more traces. Quantifier alternation between existential and universal quantifiers is required for the formalization of more general hyper-properties.

Stream Circuits. We take into consideration some typical design steps for the stream circuit in Fig. 1. At moment 0 this circuit inputs the first value \(z_0\). The initial value 0 of the register \(D_1\) is added to this by A, and the result \(y_0 = z_0 + 0 = z_0\) is the first value to be output. At the same time, this value \(z_0\) is copied by C, and stored as the new value of the register \(D_1\). The next step is to input the value \(z_1\), add the current value \(z_0\) of the register to it, and output the resulting value \(y_1 = z_0 + z_1\). Simultaneously, this value is copied and saved as the new value of the register. In the next step, the input is \(z_2\) and the output is the value \(y_2 = z_0 + z_1 + z_2\). In general, the output \(y_k\), for \(k \in \mathbb {N}\), of the circuit in Fig. 1 is determined by the sum \(\sum _{i = 0}^k z_i\) of the finite history \(z_0\ldots z_k\) of inputs. In other words, \(y = (1, 1, 1, \ldots )\; \cdot \; z\), where \('\cdot '\) denotes stream convolution. This input-output behavior of the stream circuit in Fig. 1 can be verified by showing that the stream logic formula in Example 4 is valid.

Example 4

(Analysis).

$$\begin{aligned} & (\forall z, y, h_1, h_2, h_3) \\ & ~~~h_1 = D_1(h_2) \,\wedge \,h_3 = A(z, h_1) \,\wedge \,h_2 = C(h_3) \,\wedge \,y = C(h_3) \\ & ~~~~~~ \,\Rightarrow \,y = (1, 1, 1, \ldots ) \cdot z \end{aligned}$$

The stream \((1, 1, \ldots )\) is considered to be an interpreted constant symbol in the logic, and \(D_1\), A, and C are interpreted function symbols.

Finally, the formula in Example 5 with one quantifier alternation allows to synthesize the transfer function by constructing explicit witnesses for existentially quantified variables in an underlying proof procedure.

Example 5

(Synthesis).

$$\begin{aligned} & (\forall z, y, h_1, h_2, h_3) \\ & ~~~h_1 = D_1(h_2) \,\wedge \,h_3 = A(z, h_1) \,\wedge \,h_2 = C(h_3) \,\wedge \,y = C(h_3) \\ & ~~~~~~ \,\Rightarrow \,(\exists u)\, y = u \cdot z \end{aligned}$$

3 On Streams

A real-valued stream is an infinite sequence \((a_i)_{i \in \mathbb {N}}\) with \(a_i \in {\mathcal {R}}\), where \({\mathcal {R}}\) denotes the real numbers. Depending on the context, streams are also referred to as real-valued discrete streams or signals, \(\omega \)-streams, \(\omega \)-sequences, or \(\omega \)-words. The generating function [11] of a stream is a formal power series

$$\begin{aligned} \sum _{i\in \mathbb {N}} a_i X^i \end{aligned}$$

(1)

in the indefinite X. These power series are formal because the symbol X is not instantiated and there is no notion of convergence. The element \(a_i \in {\mathcal {R}}\) is the coefficient of \(X^i\), and the set of formal power series with coefficients in \({\mathcal {R}}\) is denoted by \({{\mathcal {R}}}\llbracket {X}\rrbracket \). We also write \(f_i\) for the coefficient of \(X^i\) in the formal power series. Now, a polynomial in \({{\mathcal {R}}}[{X}]\) of degree \(n \in \mathbb {N}\) is a formal power series f with \(f_n \ne 0\) and \(f_i = 0\) for all \(i > n\). We use the terms streams and formal power series interchangeably for their one-to-one correspondence.

Addition of streams \(f, g \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) is pointwise, and streams are multiplied by convolution.

$$\begin{aligned} f + g &{:}{=}\sum _{i\in \mathbb {N}} (f_i + g_i) X^i \end{aligned}$$

(2)

$$\begin{aligned} f \cdot g &{:}{=}\sum _{i \in \mathbb {N}} (\sum _{j = 0}^i f_j g_{i-j}) X^i \end{aligned}$$

(3)

With these operations \(({{\mathcal {R}}}\llbracket {X}\rrbracket , +, \cdot , 0, 1)\) becomes a commutative integral ring with additive unit \(0 {:}{=}(0, 0, \ldots )\) and multiplicative unit \(1 {:}{=}(1, 0, 0, \ldots )\). The real number line \({\mathcal {R}}\) is embedded in the polynomial ring \({{\mathcal {R}}}[{X}]\), which itself is embedded in \({{\mathcal {R}}}\llbracket {X}\rrbracket \). Moreover, the rational functions \({{\mathcal {R}}}({X})\) are defined as the fraction field of the polynomials \({{\mathcal {R}}}[{X}]\). \({{\mathcal {R}}}\llbracket {X}\rrbracket \) and \({{\mathcal {R}}}({X})\) are incomparable in that neither \({{\mathcal {R}}}\llbracket {X}\rrbracket \) nor \({{\mathcal {R}}}({X})\) contains the other.

Proposition 1

For \(f \in {{\mathcal {R}}}\llbracket {X}\rrbracket \), the multiplicative inverse \(f^{-1} \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) exists if only if \(f_0 \ne 0\).

Proof

Let \(f, g \in {{\mathcal {R}}}\llbracket {X}\rrbracket \). The identity \(f \cdot g = 1\) holds, by the defining identity (3) for convolution, if and only if \(f_0 g_0 = 1\) and \(\sum _{i=0}^k f_i g_{k-i} = 0\) for all \(k \ge 1\). The latter equality is rewritten as \(f_0 g_k = -\sum _{i = 1}^k f_i g_{k-i}\). Now, \(f_0 g_0 = 1\) can be solved for \(g_0\) if and only if \(f_0 \ne 0\). In this case, \(g_0 = 1/f_0\) and \(g_k = - g_0 \sum _{i = 1}^k f_i g_{k - i}\), for \(k \ge 1\), yielding a solution for g, which gives the multiplicative inverse of f.

We also write the quotient \(f/g\) instead of \(f \cdot g^{-1}\), whenever \(g^{-1}\) exists.

Example 6

$$\begin{aligned} 1/(1 - X) &= (1, 1, 1, 1, \ldots ) & \\ 1/(1 - X)^2 &= (1, 2, 3, 4, \ldots ) & \\ 1/(1 - rX) &= (1, r, r^2, r^3, \ldots ) &\text {for }r \in {\mathcal {R}}\end{aligned}$$

These identities are easily verified by the defining identities for convolution (3) and for the multiplicative inverse. The first stream identity, for instance, is verified by the identity \((1, -1, 0, \ldots ) \cdot (1, 1, 1, \ldots ) = (1, 0, 0, \ldots )\), since \(1 - X\) is identified with \((1, -1, 0, \ldots )\).

A stream in \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is rational if it is expressible as a quotient \(p/q\) of polynomials \(p, q \in {{\mathcal {R}}}[{X}]\) such that \(q_0 \ne 0\) [40]. Rational streams, as a subring of the formal power series \({{\mathcal {R}}}\llbracket {X}\rrbracket \), are central to stream calculus because of their close correspondence to stream circuits [40].

Example 7

([37]).  Let f, g be rational streams with real-valued coefficients. Using the defining equations

$$\begin{aligned} D_1(f) &{:}{=}X \cdot f \\ A(f, g) & {:}{=}f + g \\ C(f) & {:}{=}f \end{aligned}$$

for the unit delay register \(D_1\), addition A of two streams, and copying C of a stream, we obtain from the stream circuit in Fig. 1 a system of defining equations \( h_1 = X \cdot h_2,\, h_3 = z + h_1,\, h_2 = h_3,\, y = h_3 \). Back substitution for the intermediate streams \(h_3\), \(h_1\), and \(h_2\), in this order, yields an equational constraint \(y = z + (X \cdot y)\), which is equivalent to \( y = 1/(1 - X) \cdot z\). Now, \(y = (\sum _{i = 0}^k z_i)_{k\in \mathbb {N}}\) as a result of the identity for \(1/(1 - X)\) in Example 6.

Remark 1

Rational streams substantially differ from the rational functions. The inverse \(1/X\), for example, is not a rational stream, and it is not even a formal power series. But it is in \({{\mathcal {R}}}({X})\).

The field \({{\mathcal {R}}}(\!({X})\!)\) of formal Laurent series is the fraction field of the formal power series \({{\mathcal {R}}}\llbracket {X}\rrbracket \). Elements of \({{\mathcal {R}}}(\!({X})\!)\) therefore are of the form

$$\begin{aligned} \sum _{i = -n}^{\infty } a_i X^i, \end{aligned}$$

(4)

for \(n \in \mathbb {N}\) and \(a_i \in {\mathcal {R}}\). They can therefore be thought of as streams that are preceded by a finite, and possibly empty, history, which are used for “rewinding computations”. In fact, every formal Laurent series is of the form \(X^{-n} \cdot f\), for some \(n \in \mathbb {N}\) and for \(f \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) a formal power series.

The valuation \(v: {{\mathcal {R}}}(\!({X})\!) \rightarrow \mathbb {Z}\,\cup \,\{\infty \}\) with \(v(0) {:}{=}\infty \) and v(f), for \(f \ne 0\), is the minimal index \(k\in \mathbb {Z}\) with \(f_k \ne 0\). In the latter case, \(f_k\) is also said to be the lead coefficient of f. Now, the set \({{\mathcal {R}}}(\!({X})\!)\) of formal Laurent series is orderable (see Appendix A) by the positive cone \({{{\mathcal {R}}}(\!({X})\!)}_{+}\) of formal Laurent series with positive lead coefficient. This set determines a strict ordering \( f < g\), for \(f, g \in {{\mathcal {R}}}(\!({X})\!)\), which is defined to hold if and only if \(g - f \in {{{\mathcal {R}}}(\!({X})\!)}_{+}\), and a total ordering \(f \le g\), which holds if and only if \(f < g\) or \(f = g\). The restriction of \(\le \) to the formal power series in \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is also a total order.

Proposition 2

 

1. 1.

   \(({{\mathcal {R}}}\llbracket {X}\rrbracket ; +, \cdot , 0, 1; \le )\) is a totally ordered commutative integral ring.

2. 2.

   \(({{\mathcal {R}}}(\!({X})\!); +, \cdot , 0, 1; \le )\) is a totally ordered field.

As a consequence of Proposition 2.2, \({{\mathcal {R}}}(\!({X})\!)\) is formally real (\(-1\) can not be written as a sum of nonzero squares in \({{\mathcal {R}}}(\!({X})\!)\)), \({{\mathcal {R}}}(\!({X})\!)\) is not algebraically closed (for example, the polynomial \(X^2 + 1\) has no root), and \({{\mathcal {R}}}(\!({X})\!)\) is of characteristic 0 (0 can not be written as a sum of 1s). Moreover, the Archimedean property (see [41]) fails to hold for \({{\mathcal {R}}}(\!({X})\!)\), because \(X \not < 1 + 1 + \ldots + 1\), no matter how many 1’s we add together.

Fig. 2.

Commuting stream embeddings (‘\(*\)’ denotes completion for valuation |.|, and ‘/’ the fraction field construction.

From the (normalized) valuation v one obtains, with the convention \(2^{-\infty } {:}{=}0\), the absolute value function \(|.|: {{\mathcal {R}}}(\!({X})\!) \rightarrow {\mathcal {R}}^{\ge 0}\) by setting

$$\begin{aligned} |f| &{:}{=}2^{-v(f)}. \end{aligned}$$

(5)

By construction, |.| is the non-Archimedean absolute value on \({{\mathcal {R}}}(\!({X})\!)\) corresponding to the valuation v [31]. Now, the induced metric \(d: {{\mathcal {R}}}(\!({X})\!) \times {{\mathcal {R}}}(\!({X})\!) \rightarrow {\mathcal {R}}^{\ge 0}\) with

$$\begin{aligned} d(f, g) &{:}{=}|f - g| \end{aligned}$$

(6)

measures the distance between f and g in terms of the longest common prefix. Again, by construction, the strong triangle inequality

$$\begin{aligned} d(f, h) \le \textrm{max}({d(f,g)},{d(g, h)}). \end{aligned}$$

(7)

holds for all \(f, g, h \in {{\mathcal {R}}}(\!({X})\!)\), and therefore d is ultrametric.

Proposition 3

\(({{\mathcal {R}}}(\!({X})\!), d)\) is an ultrametric space.

Example 8

The scaled identity function \(I_f(x) {:}{=}f \cdot x\), for \(f \ne 0\), is uniformly continuous in the topology induced by the metric d.² For given \(\varepsilon > 0\), let \(\delta {:}{=}\varepsilon /|f|\). Now, \(d(x, y) < \delta \) implies \(d(f\cdot x, f \cdot y) = |f|\,d(x, y) < |f|\,\delta = \varepsilon \) for all \(x, y \in {{\mathcal {R}}}(\!({X})\!)\).

Proposition 4

Both addition and multiplication of formal Laurent series in \({{\mathcal {R}}}(\!({X})\!)\) are continuous in the topology induced by the prefix metric d.

The notions of Cauchy sequences and convergence in the metric space \(({{\mathcal {R}}}(\!({X})\!), d)\) are defined as usual. For example, \(\lim _{n\rightarrow \infty } X^n = 0\) and \(\lim _{n\rightarrow \infty } \sum _{k = 0}^n X^k = 1/(1 - X)\). For a given sequence \((f_k)_{k\in \mathbb {N}}\) of formal Laurent series, (1) the sequence \((f_k)_{k\in \mathbb {N}}\) is Cauchy iff \(\lim _{k\rightarrow \infty } d(f_{k+1}, f_k) = 0\), (2) the series \(\sum _{k = 0}^\infty f_k {:}{=}\lim _{n\rightarrow \infty } \sum _{k = 0}^n f_k\) converges iff \(\lim _{k\rightarrow \infty } f_k = 0\), and (3) suppose that \(\lim _{k\rightarrow \infty } f_k = f \ne 0\), then there exists an integer \(N > 0\) such that for all \(m \ge N\), \(|f_m| = |f_N| = |f|\). These properties follow directly from the fact that |.| is a non-Archimedean absolute value.

Proposition 5

  \(({{\mathcal {R}}}(\!({X})\!), d)\) is Cauchy complete.

Proof

Let \((f_k)_{k \in \mathbb {N}}\) be a Cauchy sequence with \(f_k \in {{\mathcal {R}}}(\!({X})\!)\). Then, for all \(c\in \mathbb {N}\) there is \(N_c \in \mathbb {N}\) such that \(d(f_n, f_m) < |X^c|\) for all \(n, m \ge N_c\). But this means that \(f_n - f_m \in X^c \cdot {{\mathcal {R}}}(\!({X})\!)\). Since \(f_k\) are Laurent series, there are \(M_k \in \mathbb {Z}\) and \(a_{k,i} \in {\mathcal {R}}\) such that \(f_k = \sum _{i \ge M_k} a_{k,i} X^i\). Consequently, \((a_{k,i})_{k \in \mathbb {N}}\) is constant for k large enough. Now, there exists \(J \in \mathbb {Z}\) such that

$$ \lim _{k\rightarrow \infty } f_k = \sum _{i \ge J } (\lim _{k\rightarrow \infty } a_{k, i}) X^i \in {{\mathcal {R}}}(\!({X})\!), $$

and therefore \({{\mathcal {R}}}(\!({X})\!)\) is Cauchy complete.

Indeed, \({{\mathcal {R}}}(\!({X})\!)\) can be shown to be the Cauchy completion of \({{\mathcal {R}}}({X})\), and the stream embeddings discussed so far commute as displayed in Fig. 2.³ Finally, as a non-Archimedean, Cauchy complete, and totally ordered field, \({{\mathcal {R}}}(\!({X})\!)\) lacks the least upper bound property, that is, there exists a non-empty subset of \({{\mathcal {R}}}(\!({X})\!)\) with an upper bound and no least upper bound in \({{\mathcal {R}}}(\!({X})\!)\).

4 Real Closedness

\({{\mathcal {R}}}(\!({X})\!)\) is a totally ordered field by Proposition 2. To show that \({{\mathcal {R}}}(\!({X})\!)\) is real closed, we therefore still need to demonstrate the existence of a square root for streams and the existence of roots for all odd degree polynomials in \({{{\mathcal {R}}}(\!({X})\!)}[{Y}]\), where Y is a single indeterminate (cmp. Appendix B). General results on the preservation of real-closedness ([1], \(\mathsection \)6.23, (1)-(2); [42], p. 221) are not applicable for demonstrating real-closedness of \({{\mathcal {R}}}(\!({X})\!)\).

The main step for showing real-closedness of \({{\mathcal {R}}}(\!({X})\!)\) is an intermediate value property (IVP) for streams. It should be recalled that the standard proof of the IVP for a continuous function over the field of real numbers essentially uses the fact that intervals and connected subsets coincide in the real number field and that continuous functions preserve connectedness. When working with the non-Archimedean, complete, and ordered field \({{\mathcal {R}}}(\!({X})\!)\), however, such an argument is no longer applicable, as it lacks the least upper bound property and therefore also the dichotomic procedure for proving IVP. In this case, not only do the Archimedean proofs of the IVP not work, but the IVP does not hold in general. It nevertheless holds for special cases [6].

Lemma 1

(IVP). For a polynomial \(P(Y) \in {{{\mathcal {R}}}\llbracket {X}\rrbracket }[{Y}]\) and \(\alpha , \beta \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) such that \(P(\alpha ) < 0 < P(\beta )\), there exists \(\gamma \in {{\mathcal {R}}}\llbracket {X}\rrbracket \,\cap \,(\alpha , \beta )\) with \(P(\gamma ) = 0\).

Proof

Since \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is the Cauchy completion of \({{\mathcal {R}}}[{X}]\), there are sequences \((a_n)_{n\in \mathbb {N}}\) and \((b_n)_{n\in \mathbb {N}}\) of polynomials \(a_n, b_n\in {{\mathcal {R}}}[{X}]\) such that \(\lim _{n\rightarrow \infty } a_n = \alpha \) and \(\lim _{n\rightarrow \infty } b_n = \beta \). From the assumptions \(P(\alpha ) < 0 < P(\beta )\) and continuity of the polynomial P in the topology induced by the prefix metric d, one can therefore find \(a, b \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) in the sequences \((a_n)\) and \((b_n)\) with \(\alpha \le a < b \le \beta \) and \(P(a) < 0 < P(b)\). For continuity of P, \(P(\alpha ) = P(\lim _{n\rightarrow \infty } a_n) = \lim _{n\rightarrow \infty } P(a_n)\). Now, for \(0 < \varepsilon {:}{=}|P(\alpha )|/2\), there exists \(N \in \mathbb {N}\) such that for \(d(P(a_n), P(\alpha )) < \varepsilon \) for all \(n \ge N\). Therefore, \(P(a) < 0\) for \(a {:}{=}a_N\). The construction for b is similar.

The proof proceeds along two cases. If there is \(\gamma \in {{\mathcal {R}}}\llbracket {X}\rrbracket \,\cap \,(a, b)\) such that \(P(\gamma ) = 0\) we are finished. Otherwise, \(f(\gamma ) \ne 0\) for all \(\gamma \in {{\mathcal {R}}}\llbracket {X}\rrbracket \,\cap \,(a, b)\). We define \(\alpha _0 {:}{=}a\), \(\beta _0 {:}{=}b\), and, for \(m \in \mathbb {N}\),

$$\begin{aligned} {[}\alpha _{m+1}, \beta _{m+1}{]} &= {\left\{ \begin{array}{ll} {[}\alpha _m, \delta _m{]} : \text { if } f(\delta _m) > 0 \\ {[}\delta _m, \beta _m{]} : \text { if } f(\delta _m) < 0 \\ \end{array}\right. }, \end{aligned}$$

where \(\delta _m {:}{=}1/2(\alpha _m + \beta _m) \in {{\mathcal {R}}}\llbracket {X}\rrbracket \). By assumption, \(P(\delta _m) \ne 0\), and, by construction, \((\alpha _m)_{m\in \mathbb {N}}\) is a non-decreasing and \((\beta _m)_{m\in \mathbb {N}}\) a non-increasing sequence in \({{\mathcal {R}}}[{X}]\) such that, for all \(m \in \mathbb {N}\), \(\alpha _m < \beta _m\), \(d(\alpha _m, \beta _m) \le 2^{-m}\), \(T(\alpha _m) < 0\), and \(T(\beta _m) > 0\). Therefore, both \((\alpha _m)_{m\in \mathbb {N}}\) and \((\beta _m)_{m\in \mathbb {N}}\) are Cauchy, \((\alpha _m)_{m\in \mathbb {N}}\) converges from below, and \((\beta _m)_{m\in \mathbb {N}}\) converges from above to a point \(\gamma \). Now, \(\gamma \in {{\mathcal {R}}}\llbracket {X}\rrbracket \), since \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is the Cauchy completion of \({{\mathcal {R}}}[{X}]\). Since P is continuous we obtain

$$\begin{aligned} \lim _{m\rightarrow \infty } \underbrace{P(\alpha _m)}_{<0} = P(\lim _{m\rightarrow \infty } \alpha _m) = P(\gamma ) = P(\lim _{m\rightarrow \infty } \beta _m) = \lim _{m\rightarrow \infty } \underbrace{P(\beta _m)}_{>0}, \end{aligned}$$

and therefore \(P(\gamma ) = 0\). This establishes the claim.

A real closed ring is an ordered domain which has the intermediate value property for polynomials in one variable. From the IVP for formal power series in Lemma 1 we immediately obtain the following three properties that characterize real closed rings [12].

Proposition 6

 

1. 1.

   f divides g for all \(f, g \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) with \( 0 < g < f\);

2. 2.

   Every positive element in \({{\mathcal {R}}}\llbracket {X}\rrbracket \) has a square root in \({{\mathcal {R}}}\llbracket {X}\rrbracket \);

3. 3.

   Every monic polynomial in \({{{\mathcal {R}}}\llbracket {X}\rrbracket }[{Y}]\) of odd degree has a root in \({{\mathcal {R}}}\llbracket {X}\rrbracket \).

Proof

In each of the three cases a certain polynomial changes sign, and hence has a root. The relevant polynomials in \({{{\mathcal {R}}}\llbracket {X}\rrbracket }[{Y}]\) are:

1. 1.

   \(f \cdot Y + g\) on [0, 1];

2. 2.

   \(Y^2 - f\) on \([0, \textrm{max}({f},{1})]\);

3. 3.

   \(Y^n + f_{n-1} \cdot Y^{n-1} + \ldots + f_1 \cdot Y + f_0\) on \([-N, N]\), where \(n\in \mathbb {N}\) is odd and \(N {:}{=}1 + |f_{n-1}| + \ldots + |f_0|\).

Example 9

\(\sqrt{(1, 2, 3, \ldots )} = (1, 1, 1, \ldots )\), since, using the identities in Example 6, \( (1, 1, 1, \ldots )^2 = (1/(1 - X))^2 = 1/(1 - X)^2 = (1, 2, 3, \ldots )\).

Alternatively, square roots of streams are constructed as unique solutions of corecursive identities.

Remark 2

(Corecursive definition of square root [39]). Assume \(f \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) with head coefficient \(f_0 > 0\) and tail \(f' \in {{\mathcal {R}}}\llbracket {X}\rrbracket \). Then, \(\sqrt{f} \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) is the unique solution (for the unknown g) of the corecursive identity \({g}' = {f}'/(\sqrt{f_0} + g) \), for the tail \(g'\) of g, and the initial condition \(g_0 = \sqrt{f_0}\) for the head \(g_0\) of g. Now, for all \(f, g \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) with \({f}' > 0\), if \(g \cdot g = f\) then either \(g = \sqrt{f}\) or \(g = -\sqrt{f}\), depending on whether the head \(g_0\) is positive or negative ([39], Theorem 7.1).

It is an immediate consequence of property (1) of Proposition 6 that the formal power series \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is a proper valuation ring of its fraction field \({{\mathcal {R}}}(\!({X})\!)\); that is, f or \(f^{-1}\) lies in \({{\mathcal {R}}}\llbracket {X}\rrbracket \) for each nonzero \(f \in {{\mathcal {R}}}(\!({X})\!)\). Since \({{\mathcal {R}}}\llbracket {X}\rrbracket \) also satisfies the IVP (Lemma 1) we obtain:

Corollary 1

\(({{\mathcal {R}}}\llbracket {X}\rrbracket ; +, \cdot , 0, 1; \le )\) is a real closed ordered valuation ring.

Formal Laurent series, as the fraction field of formal power series, inherit the properties (2) and (3) in Proposition 6.

Proposition 7

 

1. 1.

   Every positive stream in \({{\mathcal {R}}}(\!({X})\!)\) has a square root in \({{\mathcal {R}}}(\!({X})\!)\).

2. 2.

   Every monic polynomial in \({{{\mathcal {R}}}(\!({X})\!)}[{Y}]\) of odd degree has a root in \({{\mathcal {R}}}(\!({X})\!)\).

Proof

Assume \(0 < f/g \in {{\mathcal {R}}}(\!({X})\!)\). Then \(0 < f\cdot g \in {{\mathcal {R}}}\llbracket {X}\rrbracket \), and \(\sqrt{f\cdot g}/g\) is the square root of \(f/g\). For establishing (2), assume \(P(Y) \in {{{\mathcal {R}}}(\!({X})\!)}[{Y}]\) be a polynomial of odd degree n. Choose \(0 \ne h \in {{\mathcal {R}}}(\!({X})\!)\) such that \(h \cdot P(Y) \in {{{\mathcal {R}}}\llbracket {X}\rrbracket }[{Y}]\). Now, \(Q(Y) {:}{=}h^n \cdot P(Y/h)\) is a monic polynomial in \({{{\mathcal {R}}}\llbracket {X}\rrbracket }[{Y}]\) of odd degree. Applying Proposition (6.2) to q(Y) we see that p(Y) has a root in \({{\mathcal {R}}}(\!({X})\!)\).

Formal Laurent series are real closed (see Appendix B) as an immediate consequence of Proposition 7.

Corollary 2

\(({{\mathcal {R}}}(\!({X})\!); +, \cdot , 0, 1; \le )\) is a real closed ordered field.

Therefore the ordering \(\le \) on \({{\mathcal {R}}}(\!({X})\!)\) is unique.

5 Decision Method

The first-order theory \(\mathcal {T}_{\text {rcf}}\) of ordered, real closed fields (see Appendix B) admits quantifier elimination [16, 44]. That is, for every formula \(\phi \) in the language \({\mathcal {L}}_{or}\) (cmp. Appendix B) of ordered rings/fields there exists a quantifier free formula \(\psi \) in this language with \( FV (\psi ) \subseteq FV (\phi )\)⁴ such that \(\mathcal {T}_{\text {rcf}}\models (\phi \iff \psi )\). Thus, Corollary 2 implies quantifier elimination for the streams in \({{\mathcal {R}}}(\!({X})\!)\).

Theorem 1

  Let \(\varphi \) be a first-order formula in the language \({\mathcal {L}}_{or}\) of ordered fields; then there is a computable function for deciding whether \(\varphi \) holds in the \({\mathcal {L}}_{or}\)-structure \(({{\mathcal {R}}}(\!({X})\!); +, \cdot , 0, 1; \le )\) of streams.

As an immediate consequence of the quantifier elimination property for \({{\mathcal {R}}}(\!({X})\!)\), the structure of formal Laurent series with real-valued coefficients is elementarily equivalent to the real numbers in that they satisfy the same first-order \({\mathcal {L}}_{or}\)-sentences. Notice that decidability of \({{\mathcal {R}}}(\!({X})\!)\) already follows from the developments in ([4], Corollary), since the field \({\mathcal {R}}\) is of characteristic 0. This observation, however, does not yield quantifier elimination.

There is an explicit quantifier elimination procedure for real closed valuation rings, which uses quantifier elimination on its fraction field as a subprocedure ([12], Section 2). Therefore, by Corollary 1, we obtain a decision procedure for first-order formulas and streams in \({{\mathcal {R}}}\llbracket {X}\rrbracket \), which has quantifier elimination for \({{\mathcal {R}}}(\!({X})\!)\) as a subprocedure.

Theorem 2

  Let \(\varphi \) be a first-order formula in the language \({\mathcal {L}}_{or}\cup \{|\}\) of ordered rings extended with divisibility; then there is a computable function for deciding whether \(\varphi \) holds in the \({\mathcal {L}}_{or}\cup \{|\}\)-structure \(({{\mathcal {R}}}\llbracket {X}\rrbracket ; +, \cdot , 0, 1; |, \le )\) of streams.

Tarski’s original algorithm for quantifier elimination has non-elementary computational complexity [44], but cylindrical algebraic decomposition provides a decision procedure of complexity \(d^{2^{O(n)}}\) [18], where n is the total number of variables (free and bound), and d is the product of the degrees of the polynomials occurring in the formula.

Theorem 3

Let \(\varphi \) be a first-order formula in the language \({\mathcal {L}}_{or}\) of ordered fields. Then the validity of \(\varphi \) in the structure \({{\mathcal {R}}}(\!({X})\!)\) of streams is decided with complexity \(d^{2^{O(n)}}\), where n is the total number of variables (free and bound), and d is the product of the degrees of the polynomials occurring in \(\varphi \).

This worst-case complexity is nearly optimal for quantifier elimination for real closed fields [20]. For existentially quantified conjunctions of literals of the form \((\exists x_1, \ldots , x_k) \wedge _{i=1}^n p_i(x_1, \ldots , x_k) \bowtie 0\), where \(\bowtie \) stands for either <, \(=\), or > the worst-case complexity is \(n^{k+1} \cdot d^{O(k)}\) arithmetic operations and polynomial space [5]. Various implementations of decision procedures for real closed fields use virtual term substitution [46] or conflict-driven clause learning [24].

6 Definitional Extensions

We consider definitional extensions of the first-order theory \(\mathcal {T}_{\text {rcf}}\) of ordered real closed fields for encoding some fundamental concepts of stream calculus. The transfer function in Example 7 of the stream circuit in Fig. 1, for example, is encoded as a first-order formula in the language \({\mathcal {L}}_{or}\) of (ordered) rings extended with constant symbols \(\overline{X}\) and \(\overline{1/(1 - X)}\).

Example 10

$$ (\forall z, y, h_1)\, (h_1 = \overline{X} \cdot y \,\wedge \,y = z + h_1) \,\Rightarrow \,y = \overline{1/(1 - X)} \cdot z, $$

where the logical variables z, y, \(h_1\) are interpreted over streams in \({{\mathcal {R}}}\llbracket {X}\rrbracket \). To obtain a decision procedure for these kinds of formula, we therefore

• Relativize quantification in \(\mathcal {T}_{\text {rcf}}\) to formal power series;

• Define constant symbols \(\overline{f}\) for rational streams f (including \(\overline{X}\)).

Relativization. There is a monadic formula with an \(\exists \forall \exists \forall \) quantifier prefix and no parameters for uniformly defining the formal power series \({{\mathcal {R}}}\llbracket {X}\rrbracket \) in \({{\mathcal {R}}}(\!({X})\!)\), as a direct consequence of Ax’s construction [4].⁵ Moreover, \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is \(\forall \exists \)-definable in \({{\mathcal {R}}}(\!({X})\!)\) by ([35], Theorem 2 together with footnote 2), since the valuation ring \({{\mathcal {R}}}\llbracket {X}\rrbracket \) is Henselian. The model-theoretic developments in [35], however, do not provide an explicit definitional formula. But explicit definitions of valuation rings in valued fields are studied in [3, 15, 21].

From these considerations we obtain an explicit definition in \({{\mathcal {R}}}(\!({X})\!)\) of the monadic predicate \(\overline{S}(x)\) for characterizing the set of streams in \({{\mathcal {R}}}\llbracket {X}\rrbracket \). By relativization of quantifiers with respect to this predicate \(\overline{S}\) we therefore assume from now on that all logical variables are interpreted over the streams in \({{\mathcal {R}}}\llbracket {X}\rrbracket \). In addition, we are assuming definitions \(\overline{R}(x)\) for given, and possibly finite, subsets R of real number embeddings. For example, the algebraic definition

$$\begin{aligned} (\forall x)\,\overline{{\mathbb F}_{2}}(x) \,\iff \,x = x^2 \end{aligned}$$

(8)

defines the binary set \(\{0,1\}\) of streams.

Shifting Streams. The fundamental theorem of stream calculus [38] states that for every \(f \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) there exist unique \(r \in {\mathcal {R}}\) and \(f' \in {{\mathcal {R}}}\llbracket {X}\rrbracket \) with \(f = [r] + X \cdot f'\). In this case, r is the head coefficient, [r] is the embedding of the real number r as a stream in \({{\mathcal {R}}}\llbracket {X}\rrbracket \), and \(f'\) is the tail of the stream f. Therefore, the definition

$$\begin{aligned} (\forall z)\, \overline{X} = z \,\iff \,(\forall y)\,(\exists ^1 y_0, y')\, \overline{R}(y_0) \wedge y = y_0 + z \cdot y', \end{aligned}$$

(9)

for \(\overline{X}\) a fresh constant symbol, yields a conservative extension \(\mathcal {T}_{\text {rcf}}[\overline{S}, \overline{R}, \overline{X}]\) of the theory \(\mathcal {T}_{\text {rcf}}\), with X, as an element of \({{\mathcal {R}}}\llbracket {X}\rrbracket \), the only possible interpretation for the constant symbol \(\overline{X}\). Notice that the definitional formula (9) for \(\overline{X}\) requires \(\forall \exists \forall \) quantifier alternation due to the \(\exists ^1\) quantifier involved.

Example 11

The basic stream constructors of stream circuits for addition A, multiplication \(M_q\) by a rational \(q \in \mathbb {Q}\), and unit delay \(D_1\) are defined by (the universal closures of)

$$\begin{aligned} \overline{A}(x_1, x_2) = y &\,\iff \,y = x_1 + x_2 \\ \overline{M_{n/m}}(x) = y &\,\iff \,m y = n x \\ \overline{D_1}(x) = y &\,\iff \,y = \overline{X} \cdot x, \end{aligned}$$

where \(\overline{D_1}\), \(\overline{A}\), and \(\overline{M_{n/m}}\) for \(n, m \in \mathbb {N}\) with \(m \ne 0\), are new function symbols, and the variables are interpreted over \({{\mathcal {R}}}(\!({X})\!)\). Synchronous composition of two stream circuits, say S(x, y) and T(y, z), is specified in terms of the quantified conjunction \( (\exists {y})\,{S(x, y) \,\wedge \,T(y, z)} \), where existential quantification is used for hiding the intermediate y stream [43].

Rational Streams. We are now extending the language of ordered rings with constant symbols for rational streams (with rational coefficients). This extended language is expressive, for example, for encoding equivalence of rational stream transformers. We are considering rational streams \(f = p(X)/q(X)\) with rational coefficients. In this case, the head for q(X) is nonzero and \(f \in {{\mathcal {R}}}\llbracket {X}\rrbracket \). Multiplication by q(X) and by the least common multiple of the denominators of all rational coefficients in p(X) and q(X) yields an equality constraint in the language \({\mathcal {L}}_{or}[\overline{S}, \overline{R},\overline{X}]\). More precisely, let \(\overline{{\mathcal {R}}_{\mathbb {Q}}}\) be a set of fresh constant symbols for all rational streams (except for X) and \(\mathcal {T}_{\text {rcf}}[\overline{S}, \overline{R}, \overline{X}, \overline{{\mathcal {R}}_{\mathbb {Q}}}]\) the extension of \(\mathcal {T}_{\text {rcf}}\) by the definitions

$$\begin{aligned} (\forall y)\,\overline{f} = y \,\iff \,{\tilde{p}}(\overline{X}) \cdot y = {\tilde{q}}(\overline{X}) \end{aligned}$$

(10)

for each (but X) rational stream f, \({\tilde{p}}(x) {:}{=}c \, p(x)\), and \({\tilde{q}}(x) {:}{=}c \, q(x)\), for \(c \in \mathbb {N}\) the least common multiple of the denominators of coefficients of p(x) and q(x); then: \(\mathcal {T}_{\text {rcf}}[\overline{S}, \overline{R}, \overline{X}, \overline{{\mathcal {R}}_{\mathbb {Q}}}]\) is a conservative extension of \(\mathcal {T}_{\text {rcf}}\), and all the symbols \(\overline{f} \in \overline{{\mathcal {R}}_{\mathbb {Q}}}\) have the rational stream interpretation f.

Remark 3

Alternatively, a rational stream f (with rational coefficients) can be finitely represented in terms of linear transformations \(H: \mathbb {Q}^d \rightarrow \mathbb {Q}\) and \(G: \mathbb {Q}^d \rightarrow \mathbb {Q}^d\), where d is the finite dimension of the linear span of the iterated tails of f [40]. Constraints for the finite number d of linear independent iterated tails are obtained from the anamorphism , which is the unique homomorphism from the coalgebra \(\langle {H},\,{G}\rangle \in \mathbb {Q}^d \rightarrow \mathbb {Q}\times \mathbb {Q}^d\) to the corresponding final stream coalgebra.

Automatic Streams. We exemplify the encoding of a certain class of regular streams as (semi-)algebraic constraints in stream logic. Consider the Prouhet-Thue-Morse [2] stream \( ptm \in {{\mathbb F}_{2}}\llbracket {X}\rrbracket \), for \({\mathbb F}_{2}\) the finite field of characteristic 2. The \(n^{ th }\)-coefficient of this stream is 1 if and only if the number of 1’s in the 2-adic representation \([n]_2\) of n is even. In other words, the \(n^{ th }\)-coefficient is 1 if and only if \([n]_2\) is in \(0^*(10^*10^*)^*\). This regular expression yields an equivalent deterministic finite automaton with two states, namely “odd number of 1s” and “even number of 1s”. Such a stream is also said to be automatic [2].

Christol’s characterization [13] of algebraic (over the rational functions with coefficients from a finite field) power series in terms of deterministic finite automata (with outputs) implies that the stream \( ptm \) is algebraic over \({{\mathbb F}_{2}}[{X}]\). For instance, the stream \({ p tm}\) can be shown to be a root of the polynomial \(X + (1 + X^2) \cdot Y + (1 + X)^3 \cdot Y^2\) of degree 2 and coefficients in \({{\mathbb F}_{2}}[{X}]\). A semi-algebraic constraint for ruling out other than the intended solution can be read-off, say, from a Sturm chain.

In this way, Christol’s theorem supports the logical definition in stream logic of all kinds of analytic functions (\(\sin \), \(\cos \), ...) over finite fields. But not over the reals, as otherwise we could define the natural numbers using expressions such as \(\sin {(\pi x)} = 0\). And we could therefore encode undecidable identity problems over certain classes of analytic functions [36], even without using \(\pi \) [28].

Heads and Tails. On the basis of the fundamental law of the stream calculus for formal power series, we define operators for stream projection and consing. Now, the theory \(\mathcal {T}_{\text {rcf}}[\overline{S}, \overline{R}, \overline{X}, \overline{hd}, \overline{tl}, \overline{cons}]\) with the new (compared with \(\mathcal {T}_{\text {rcf}}[\overline{S}, \overline{R}, \overline{X}]\)) definitional axioms

$$\begin{aligned} (\forall x, x')\, \overline{tl}(x) = x' &\,\iff \,(\exists x_0)\, \overline{R}(x_0) \wedge x = x_0 + \overline{X} \cdot x' \end{aligned}$$

(11)

$$\begin{aligned} (\forall x, x_0)\, \overline{hd}(x) = x_0 &\,\iff \,\overline{R}(x_0) \wedge (\exists x')\, x = x_0 + \overline{X} \cdot x' \end{aligned}$$

(12)

$$\begin{aligned} (\forall x_0, x', y)\, \overline{cons}(x_0, x') = y &\,\iff \,\overline{R}(x_0) \wedge y = x_0 + \overline{X} \cdot x' \end{aligned}$$

(13)

is a conservative extension of \(\mathcal {T}_{\text {rcf}}\). Moreover, \(\overline{hd}(x) = y\) (\(\overline{tl}(x) = y\)) holds in the structure \({{\mathcal {R}}}\llbracket {X}\rrbracket \) if and only if y is interpreted by the head (tail) of the interpretation of x; similarly for consing.

With these definitions we may now also express corecursive identities in a decidable first-order equality theory. The following example codifies the Fibonacci recurrence (see Example 6) in our (extended) decidable logic.

Example 12

$$\begin{aligned} \overline{ hd }(x) &= 0 \\ \overline{ hd }(\overline{ tl }(x)) &= 1 \\ \overline{ tl }^2(x) - \overline{ tl }(x) - x &= 0. \end{aligned}$$

These kinds of behavioral stream identities are ubiquitous in stream calculus [38], for example, for specifying filter circuits.

Example 13

(3-2-filter).   A 3-2-filter with input stream x and output y is specified in stream logic by three initial conditions and the difference equation

$$\begin{aligned} \overline{hd}(y) &= \overline{hd}(\overline{tl}(y)) = \overline{hd}(\overline{tl}^2(y)) = 0 \\ \overline{tl}^3(y) &= c_0 x + c_1 \overline{tl}(x) + \overline{tl}^3(x) + c_2 c_3 \overline{tl}^2(y) + c_4 \overline{tl}(y), \end{aligned}$$

for constants \(c_0, \ldots , c_4 \in \mathbb {Z}\).

Example 14

(Timing Diagrams). The rising edge stream is specified in Scade-like [17] programming notation using the combined equation

$$y = 0 \rightarrow x \,\wedge \,\lnot pre (x).$$

That is, the head of y is 0 and the tail of y is specified by the expression to the right of the arrow. Notice that the Scade notation \( pre (x)\) is similar to the shift operation in that \( pre (x) = (\bot , x_0, x_1, \ldots )\), where \(\bot \) indicates that the head element is undefined. The rising edge stream E is specified corecursively in stream logic by

$$\begin{aligned} (\forall x, y)\, \overline{E}(x) = y \,\iff \,&(\overline{hd}(y) = 0 ~\wedge ~ \overline{tl}(y) = \overline{ and }(x, \overline{ not }(\overline{tl}(x)))), \end{aligned}$$

for an arithmetic encoding of the logical stream operators \(\overline{ and }\) and \(\overline{ not }\).

The decision procedure for stream logic may also be used in coinductive proofs for deciding whether or not a given binary stream relation is a bisimulation.

Example 15

(Bisimulation).  A binary relation B on streams, expressed as a formula in stream logic with two free variables, is a bisimulation [38] if and only if the \({\mathcal {L}}_{or}[\overline{S}, \overline{R}, \overline{X}, \overline{hd}, \overline{tl}]\) formula

$$\begin{aligned} (\forall x, y)\, B(x, y) \,\Rightarrow \,&\,\overline{hd}(x) = \overline{hd}(y) \,\wedge \,B(\overline{tl}(x), \overline{tl}(y)) \end{aligned}$$

holds in the structure of streams.

Finally, we exemplify how corecursively defined stream functions are defined in a conservative extension of \(\mathcal {T}_{\text {rcf}}\).

Example 16

(Stream Zip).  The function \( Z \) for zipping the coefficients of two streams is defined by the corecursive identities

$$\begin{aligned} (\forall x, y)\,\; &\overline{hd}(\overline{Z}(x, y)) = \overline{hd}(x) ~\wedge ~ \overline{tl}(\overline{Z}(x, y)) = \overline{Z}(y, \overline{tl}(x)). \end{aligned}$$

Since there is a unique⁶ interpretation in \({{\mathcal {R}}}\llbracket {X}\rrbracket \) satisfying these identities, the function symbol \(\overline{Z}\) is defined implicitly in the theory \(\mathcal {T}_{\text {rcf}}[\overline{S}, \overline{R}, \overline{X}, \overline{hd}, \overline{tl}, \overline{Z}]\). Now, by Beth’s definability theorem [23], \(\overline{Z}\) is also explicitly definable, say, on the basis of Craig interpolation.

Example 17

  Assuming definitions \(\overline{E}(x)\) and \(\overline{O}(x)\) for sampling its stream argument x at even and at odd positions, respectively, we may now prompt our verification procedure to establish stream equalities such as

$$\begin{aligned} (\forall x)\, x = \overline{Z}(\overline{E}(x), \overline{O}(x)), \end{aligned}$$

without using the bisimulation principle and without the need for constructing an explicit bisimulation relation.

The developments in Examples 16 and 17 generalize to all stream differential equations ([38], Chapter 11).

7 Conclusions

First-order stream logic is expressive for encoding problems of stream calculus. It is decidable in doubly exponential time, and its decision procedure is based on quantifier elimination for the theory of real closed ordered fields. Some of the proposed encodings for the relativization of quantifiers, however, lead to additional quantifier alternations (and variables and constraints) in problem formulations, which significantly increases the computational effort required to solve these constraints. Thus, it remains to be seen whether and how exactly a decision procedure for stream logic based on quantifier elimination for real closed fields makes practical progress compared to mature implementations of the non-elementary logic-automaton connection [27, 33].

Alternatively, the decision procedure for first-order stream logic can be based directly, that is, without relativizing the stream quantifiers, on a quantifier elimination procedure for real closed valuation rings [12]. But these algorithms have not been studied and explored nearly as much as quantifier elimination for real closed fields, and the author is not aware of a reasonable computer implementation.

Appendices

A Orderable Fields

A field \({\mathcal {K}}\) is orderable if there exists a non-empty \({{\mathcal {K}}}_{+} \subset {\mathcal {K}}\) such that

1. 1.

   \(0 \notin {{\mathcal {K}}}_{+}\)

2. 2.

   \((x + y), xy\in {{\mathcal {K}}}_{+}\) for all \(x, y \in {{\mathcal {K}}}_{+}\)

3. 3.

   Either \(x \in {{\mathcal {K}}}_{+}\) or \(-x \in {{\mathcal {K}}}_{+}\) for all \(x \in {\mathcal {K}}\setminus \{0 \}\)

Provided that \({\mathcal {K}}\) is orderable we can generate a strict order on \({\mathcal {K}}\) by \(x < y\) if and only if \((y - x) \in {{\mathcal {K}}}_{+}\). Furthermore, a total ordering \(\le \) on \({\mathcal {K}}\) is defined by \(x \le y\) if and only if \(x < y\) or \(x = y\), and \(({\mathcal {K}}, \le )\) is said to be a (totally) ordered field. Now, the absolute value of \(x \in {\mathcal {K}}\) is defined by \(|x| {:}{=}\textrm{max}({-x},{x})\). The triangle inequality

$$\begin{aligned} |x + y| &\le |x| + |y| \end{aligned}$$

(14)

holds for ordered fields. As \(-|x|-|y| \le x + y \le |x|+|y|\), we have \(|x+y|\le |x|+|y|\), because \(x+y\le |x|+|y|\) and \(-(x+y)\le |x|+|y|\).

Let \({\mathcal {K}}\) be an ordered field and \(a \in {\mathcal {K}}\setminus \{0\}\) fixed. The scaled identity function \(I_a(x) {:}{=}ax\) is uniformly continuous in the order topology of \({\mathcal {K}}\). For given \(\varepsilon \in {{\mathcal {K}}}_{+}\), let \(\delta {:}{=}\varepsilon /|a|\). Indeed, for all \(x, y \in {\mathcal {K}}\), \(|x-y| < \delta \) implies \(|ax - ay| = |a|\,|x - y| < |a|\delta = \varepsilon \). Consequently, every polynomial in \({\mathcal {K}}\) is continuous.

A field \({\mathcal {K}}\) is orderable iff it is formally real (see [45], Chapter 11), that is, \(-1\) is not the sum of squares, or alternatively, the equation \(x_0^2 + \ldots + x_n^2 = 0\) has only trivial (that is, \(x_k = 0\) for each k) solutions in \({\mathcal {K}}\).

B Real Closed Fields

A field \({\mathcal {K}}\) is a real closed field if it satisfies the following.

1. 1.

   \({\mathcal {K}}\) is formally real (or orderable).

2. 2.

   For all \(x \in {\mathcal {K}}\) there exists \(y \in {\mathcal {K}}\) such that \(x = y^2\) or \(x = -y^2\).

3. 3.

   For all polynomial \(P \in {\mathcal {K}}[t]\) (over the single indeterminate t) with odd degree there exists \(x \in {\mathcal {K}}\) such that \(P(x) = 0\).

Alternatively, a field \({\mathcal {K}}\) is real closed if \({\mathcal {K}}\) is formally real, but has no formally real proper algebraic extension field.

Let \({\mathcal {K}}\) be a real closed totally ordered field and \(x \in {\mathcal {K}}\). Then \(x > 0\) iff \(x = y^2\) for some \(y \in {\mathcal {K}}\). Suppose \(x > 0\), then, by definition of real closedness, there exists \(y \in {\mathcal {K}}\) such that \(x = y^2\). Conversely, suppose \(x = y^2\) for some \(y \in {\mathcal {K}}\), then, by the definition of \({{\mathcal {K}}}_{+}\), we have \(y^2 \in {{\mathcal {K}}}_{+}\) for all \(y \in {\mathcal {K}}\), and therefore \(x > 0\). Thus every real closed field is ordered in a unique way.

Artin and Schreier’s theorem gives us two equivalent conditions for a field \({\mathcal {K}}\) to be real closed: for a field \({\mathcal {K}}\), the following are equivalent

1. 1.

   \({\mathcal {K}}\) is real closed.

2. 2.

   \({\mathcal {K}}^2\) is a positive cone of \({\mathcal {K}}\) and every polynomial of odd degree has a root in \({\mathcal {K}}\).

3. 3.

   \({\mathcal {K}}(i)\) is algebraically closed and \({\mathcal {K}}\ne {\mathcal {K}}(i)\) (where i denotes \(\sqrt{-1}\)).

This characterization provides the basis (see axioms 16) and 17 below) for a first-order axiomatization of (ordered) real closed fields. The language of ordered rings (and fields), \({\mathcal {L}}_{or}\) consists of a binary relation symbols \(\le \), two binary operator symbols, \(+\), \(\cdot \), one unary operator symbol −, and two constant symbols 0, 1. Now, the first-order theory \(\mathcal {T}_{\text {rcf}}\) of ordered real closed fields consists of all \({\mathcal {L}}_{or}\)-structures M satisfying the following set of axioms.

Field Axioms.

1. 1.

   \((\forall x, y, z)\, x \cdot (y + z) = x \cdot y + x \cdot z\)

2. 2.

   \((\forall x, y, z)\, x + (y + z) = (x + y) + z\)

3. 3.

   \((\forall x, y, z)\, x \cdot (y \cdot z) = (x \cdot y) \cdot z\)

4. 4.

   \((\forall x, y)\, x + y = y + x\)

5. 5.

   \((\forall x, y)\, x \cdot y = y \cdot x\)

6. 6.

   \((\forall x)\, x + 0 = x\)

7. 7.

   \((\forall x)\, x + (-x) = 0\)

8. 8.

   \((\forall x)\, x \cdot 1 = x\)

9. 9.

   \((\forall x)\, x \ne 0 \,\Rightarrow \,(\exists y)\, x \cdot y = 1\)

Total Ordering Axioms.

1. 10.

   \((\forall x)\, x \le x\)

2. 11.

   \((\forall x, y, z)\, x \le y \,\wedge \,y \le z \,\Rightarrow \,x \le z\)

3. 12.

   \((\forall x, y)\, x \le y \,\wedge \,y \le x \,\Rightarrow \,x = y\)

4. 13.

   \((\forall x, y)\, x \le y \,\vee \,y \le x\)

5. 14.

   \((\forall x, y, z)\, x \le y \,\Rightarrow \,x + z \le y + z\)

6. 15.

   \((\forall x, y)\, 0 \le x \,\wedge \,0 \le y \,\Rightarrow \,0 \le x \cdot y\)

Existence of Square Root.

1. 16.

   \((\forall x)(\exists y)\, y \cdot y = x \,\vee \,y \cdot y = -x\)

Every polynomial of odd degree has a root.

1. 17.

   \((\forall a_0, \ldots , a_n)\, a_n \ne 0 \,\Rightarrow \,(\exists x)\, a_0 + a_1 \cdot x + \ldots + a_n \cdot x^n = 0\) for odd \(n \in \mathbb {N}\)

If an \({\mathcal {L}}_{or}\)-structure M satisfies the axioms for ordered real closed fields above, then M is called a model of \(\mathcal {T}_{\text {rcf}}\). Any model of \(\mathcal {T}_{\text {rcf}}\) is elementarily equivalent to the real numbers. In other words, it has the same first-order properties as the field of ordered reals.