1 Introduction

A family of paraconsistent logic called annotated logics \(P\!{\mathcal {T}}\) was proposed by da Costa et al. [4]. They can deal with inconsistency with many truth values called annotations, although the semantics of annotated logics is basically two valued. The paraconsistent annotated logic has been developed from the viewpoint of logic programming [3], aiming at application to computer science. Furthermore, we have developed the paraconsistent annotated logic program to deal with inconsistency and some kinds of non-monotonic reasoning in a framework of annotated logic programming by using ontological (strong) negation and the stable model semantics [6], which is called annotated logic program with strong negation (ALPSN for short). Later, to deal with defeasible reasoning [14], we proposed a new version of ALPSN called vector annotated logic program with strong negation (VALPSN for short) and applied it to resolving conflicts [7]. Furthermore, we have extended VALPSN to deal with deontic notions (obligation, forbiddance, etc.) and named extended VALPSN (EVALPSN for short) [8, 9]. We have shown that EVALPSN can deal with defeasible deontic reasoning and the safety verification for process control.

Considering the safety verification for process control, there are many cases in which the safety verification for process order is significant. For example, suppose a pipeline network in which two kinds of liquids, nitric acid and caustic soda, are used for cleaning the pipelines. If those liquids are processed continuously and mixed in the same pipeline by accident, explosion by neutralization would be caused. To avoid such a dangerous accident, the safety for process order should be strictly verified in a formal way. However, it seems to be a little difficult to utilize EVALPSN for the safety verification of process order control different from that of process control. Therefore, we have developed EVALPSN toward treating before–after relations between time intervals and applied it to process order control [11], which has been named before–after (bf)-EVALPSN. The before–after relation reasoning system based on bf-EVALPSN consists of two groups of inference rules called the basic bf-inference rule and the transitive bf-inference rule.

The original ideas of treating such before–after relations in logic were proposed for developing practical planning and natural language understanding systems by Allen [1] and Allen and Ferguson [2]. In his logic, before–after relations between two time intervals are represented in some special predicates and treated in a framework of first-order temporal logic. On the other hands, in bf-EVALPSN, before–after relations between two time intervals are regarded as paraconsistency between before and after degrees, and they can be represented more minutely in vector annotations of a special literal \(R(p_i,p_j,t)\) representing the before–after relation between two processes (time intervals) at time \(t\). Bf-EVALPSN-based before–after relation reasoning system consists of two kinds of efficient inference rules called the basic bf-inference rule and the transitive bf-inference rule that can be implemented as a bf-EVALPSN.

This paper is organized as follows: in Sect. 2, EVALPSN is reviewed briefly; in Sect. 3, bf-EVALPSN is formally defined and its simple reasoning example is introduced; in Sect. 4, the bf-EVALPSN reasoning system consisting of two kinds of inference rules is defined and explained in detail with some examples; in Sect. 5, the paraconsistent process order control method based on bf-EVALPSN reasoning is introduced with a small example of pipeline process order control; lastly, we conclude this paper.

2 Annotated logic program EVALPSN

In this section, we review EVALPSN briefly [9]. Generally, a truth value called an annotation is explicitly attached to each literal in annotated logic programs [3]. For example, let \(p\) be a literal and \(\mu \) an annotation, then \(p:\mu \) is called an annotated literal. The set of annotations constitutes a complete lattice. An annotation in EVALPSN has a form of \([(i,j),\mu ]\) called an extended vector annotation. The first component \((i,j)\) is called a vector annotation and the set of vector annotations constitutes the complete lattice,

$$\begin{aligned} {\mathcal {T}}_{v}(n)=\{(x,y)\; |\; 0 \le x \le n, 0 \le y \le n, x, y, n \hbox { are integers} \} \end{aligned}$$

in Fig. 1. The ordering (\(\preceq _{v}\)) of \(\mathcal{T}_{v}(n)\) is defined as: let \((x_1,y_1)\,, (x_2,y_2)\, \in {\mathcal {T}}_{v}(n)\),

$$\begin{aligned} (x_1,y_1) \preceq _{v} (x_2,y_2) \;\; \hbox {iff} \;\; x_1 \le x_2 \;\hbox { and }\; y_1 \le y_2. \end{aligned}$$

For each extended vector annotated literal \(p\!:\![(i,j),\mu ]\), the integer \(i\) denotes the amount of positive information to support the literal \(p\) and the integer \(j\) denotes that of negative one. The second component \(\mu \) is an index of fact and deontic notions such as obligation, and the set of the second components constitutes the complete lattice,

$$\begin{aligned} {\mathcal {T}}_{d}= \{\bot , \alpha , \beta , \gamma , *_1, *_2, *_3, \top \}. \end{aligned}$$

The ordering (\(\preceq _{d}\)) of \(\mathcal{T}_{d}\) is described by the Hasse’s diagram in Fig. 1. The intuitive meaning of each member of \(\mathcal{T}_{d}\) is \(\bot \)(unknown), \(\alpha \)(fact), \(\beta \)(obligation), \(\gamma \)(non-obligation), \(*_1\)(fact and obligation), \(*_2\)(obligation and non-obligation) and \(*_3\)(fact and non-obligation), \(\top \)(inconsistency).

Fig. 1
figure 1

Lattice \({\mathcal {T}}_{v}(2)\) and lattice \({\mathcal {T}}_{d}\)

Full size image

Then, the complete lattice \(\mathcal{T}_{e}(n)\) of extended vector annotations is defined as the product, \(\mathcal{T}_{v}(n) \times \mathcal{T}_{d}\). The ordering (\(\preceq _{e}\)) of \(\mathcal{T}_{e}(n)\) is defined: let \([(i_1, j_1), \mu _1]\), \([(i_2, j_2), \mu _2]\)\(\in \mathcal{T}_{e}\),

$$\begin{aligned}&[(i_1, j_1), \mu _1] \preceq _{e} [(i_2, j_2), \mu _2] \quad \hbox {iff} \quad (i_1, j_1) \preceq _{v} (i_2, j_2)\\&\quad \hbox {and} \; \mu _1 \preceq _{d} \mu _2. \end{aligned}$$
Fig. 2
figure 2

Before (be)/after (af) and disjoint before (db)/after (da)

Full size image

There are two kinds of epistemic negations (\(\lnot _1\) and \(\lnot _2\)) in EVALPSN, both of which are defined as mappings over \(\mathcal{T}_{v}(n)\) and \(\mathcal{T}_{d}\), respectively.

Definition 1

(epistemic negations\(\lnot _1\)and\(\lnot _2\)in EVALPSN)

$$\begin{aligned}&\lnot _1([(i,j),\mu ])=[(j,i),\mu ],\quad \forall \mu \in \mathcal{T}_d, \\&\lnot _2([(i,j),\bot ])=[(i,j),\bot ], \quad \lnot _2([(i,j),\alpha ])=[(i,j),\alpha ],\\&\lnot _2([(i,j),\beta ])=[(i,j),\gamma ],\quad \lnot _2([(i,j),\gamma ])=[(i,j),\beta ],\\&\lnot _2([(i,j),*_1])=[(i,j),*_3],\quad \lnot _2([(i,j),*_2])=[(i,j),*_2],\\&\lnot _2([(i,j),*_3])=[(i,j),*_1],\quad \lnot _2([(i,j),\top ])=[(i,j),\top ]. \end{aligned}$$

If we regard the epistemic negations as syntactical operations, the epistemic negations followed by literals can be eliminated by the syntactical operations. For example, \(\lnot _1 (p\!:\![(2,0),\alpha ]) = p\!:\![(0,2),\alpha ] \; \text{ and } \; \lnot _2 (q\!:\![(1,0),\beta ]) = p\!:\![(1,0),\gamma ]\). There is another negation called strong negation (\(\sim \)) in EVALPSN, and it is treated as well as classical negation [4].

Definition 2

(strong negation\(\sim \)) Let \(F\) be any formula and \(\lnot \) be \(\lnot _1\) or \(\lnot _2\).

$$\begin{aligned} \sim F=_\mathrm{def}F \rightarrow ((F \rightarrow F) \wedge \lnot (F \rightarrow F)). \end{aligned}$$

Definition 3

(well-extended vector annotated literal) Let \(p\) be a literal.

$$\begin{aligned} p\!:\![(i,0),\mu ] \qquad \text{ and } \qquad p\!:\![(0,j),\mu ] \end{aligned}$$

are called well-extended vector annotated literals, where \(i,j\) are non-negative integers and \(\mu \in \{\alpha ,\;\beta ,\;\gamma \}\).

Definition 4

(EVALPSN) If \(L_0,\ldots ,L_n\) are weva-literals,

$$\begin{aligned} L_1 \wedge \ldots \wedge L_i \wedge \sim L_{i+1} \wedge \ldots \wedge \sim L_n \rightarrow L_0 \end{aligned}$$

is called an EVALPSN clause. An EVALPSN is a finite set of EVALPSN clauses.

Here, we comment that if the annotations \(\alpha \) and \(\beta \) represent fact and obligation, notions “fact”, “obligation”, “forbiddance” and “permission” can be represented by extended vector annotations, \([(m,0),\alpha ]\,, [(m,0),\beta ]\), \([(0,m),\beta ]\), and \([(0,m),\gamma ]\), respectively, in EVALPSN, where \(m\) is a non-negative integer.

3 Before–after EVALPSN

In this section, we review bf-EVALPSN. The details are found in [12, 13].

In bf-EVALPSN, a special annotated literal \(R(p_m,p_n,t)\!:\![(i,j),\mu ]\) called bf-literal whose non-negative integer vector annotation \((i,j)\) represents the before–after relation between processes \(\mathrm{Pr}_m\) and \(\mathrm{Pr}_n\) at time \(t\) is introduced. The integer components \(i\) and \(j\) of the vector annotation \((i,j)\) represent the after and before degrees between processes \(\mathrm{Pr}_m(p_m)\) and \(\mathrm{Pr}_n(p_n)\), respectively, and before–after relations are represented paraconsistently in vector annotations.

Definition 5

(bf-EVALPSN) An extended vector annotated literal,

$$\begin{aligned} R(p_i,p_j,t)\!:\![(i,j),\mu ] \end{aligned}$$

is called a bf-EVALP literal or a bf-literal for short, where \((i,j)\) is a vector annotation and \(\mu \in \{ \alpha , \beta , \gamma \}\). If an EVALPSN clause contains bf-EVALP literals, it is called a bf-EVALPSN clause or just a bf-EVALP clause if it contains no strong negation. A bf-EVALPSN is a finite set of bf-EVALPSN clauses.

We provide a paraconsistent before–after interpretation for vector annotations representing bf-relations in bf-EVALPSN, and such a vector annotation is called a bf-annotation. Exactly speaking, there are 15 kinds of bf-relation according to before–after order between four start/finish times of two processes.

Before (be)/after (af) is defined according to the bf-relation between each start time of the two processes. If one process has started before/after another one starts, then the bf-relations between them are defined as “before/after”, which are represented in the left in Fig. 2.

We introduce other kinds of bf-relations as well as before (be)/after (af).

Disjoint before (db)/after (da) is defined as having a time lag between the earlier process finish time and the later one’s start time; this is described on the right in Fig. 2.

Immediate before (mb)/after (ma) is defined as having no time lag between the earlier process finish time and the later one’s start time; it is described on the left in Fig. 3.

Fig. 3
figure 3

Immediate before (mb)/after (ma) and joint before (jb)/after (ja)

Full size image

Joint before (jb)/after (ja) is defined as two processes that overlap, where the earlier process had finished before the later one finished; it is described on the right in Fig. 3.

S-included before (sb)/S-included after (sa) is defined as two processes, where one had started before the other started, but finished at the same time; it is described on the left in Fig. 4.

Fig. 4
figure 4

S-included before (sb)/after (sa) and included before (ib)/after (ia)

Full size image

Included before (ib)/after (ia) is defined as two processes, where one had started/finished before/after another one started/finished; it is described on the right in Fig. 4.

F-included before (fb)/after (fa) is defined as two processes that started at the same time, but with one finishing before another one finished; it is described in the left in Fig. 5.

Fig. 5
figure 5

F-included before (fb)/after (fa) and paraconsistent before–after (pba)

Full size image

Paraconsistent before–after (pba) is defined as having two processes that started at the same time and also finished at the same time; it is described on the right in Fig. 5.

The epistemic negation over bf-annotations, be, af, db, da, mb, ma, jb, ja, ib, ia, sb, sa, fb, fa and pba is defined and the complete lattice of bf-annotations is shown in Fig. 6.

Definition 6

(epistemic negation\(\lnot _1\)for bf-annotations) The epistemic negation \(\lnot _1\) over the bf-annotations is obviously defined as the following mappings:

$$\begin{aligned}&\lnot _1(\mathtt{af})=\mathtt{be}, \quad \lnot _1(\mathtt{be})=\mathtt{af}, \quad \lnot _1(\mathtt{da})=\mathtt{db}, \\&\lnot _1(\mathtt{db})=\mathtt{da}, \quad \lnot _1(\mathtt{ma})=\mathtt{mb},\quad \lnot _1(\mathtt{mb})=\mathtt{ma},\\&\lnot _1(\mathtt{ja})=\mathtt{jb},\quad \lnot _1(\mathtt{jb})=\mathtt{ja}, \quad \lnot _1(\mathtt{sa})=\mathtt{sb}, \\&\lnot _1(\mathtt{sb})=\mathtt{sa},\quad \lnot _1(\mathtt{ia})=\mathtt{ib}, \quad \lnot _1(\mathtt{ib})=\mathtt{ia}, \\&\lnot _1(\mathtt{fa})=\mathtt{fb},\quad \lnot _1(\mathtt{fb})=\mathtt{fa}, \quad \lnot _1(\mathtt{pba})=\mathtt{pba}. \end{aligned}$$

Therefore, each bf-annotation can be translated into vector annotations as bf\(=(0,8)\), db\(=(0,12)\), mb\(=(1,11)\), jb\(=(2,10)\), sb\(=(3,9)\), ib\(=(4,8)\), fb\(=(5,7)\) and pba\(=(6,6)\).

Fig. 6
figure 6

The complete lattice \(\mathcal{T}_v(12)_\mathrm{bf}\) for bf-annotations

Full size image

4 Reasoning system in bf-EVALPSN

To represent the basic bf-inference rule in bf-EVALPSN, we newly introduce two literals:

  • \(\mathrm{st}(p_i,t)\), which is interpreted as process \(\mathrm{Pr}_i\) starts at time \(t\), and

  • \(\mathrm{fi}(p_i,t)\), which is interpreted as process \(\mathrm{Pr}_i\) finishes at time \(t\).

Those literals are used for expressing process start/finish information and may have one of the vector annotations, \(\{\bot (0,0), \mathtt{t}(1,0),\mathtt{f}(0,1),\top (1,1)\}\), where annotations \(\mathtt{t}(1,0)\) and \(\mathtt{f}(0,1)\) can be intuitively interpreted as “true” and “false”, respectively.

First of all, we introduce a group of basic bf-inference rules to be applied at the initial stage (time \(t_0\)), which are named \((0,0)\)-rules.

(0,0)-rules Suppose that no process has started yet and the vector annotation of bf-literal \(R(p_i,p_j,t)\) is \((0,0)\), which shows that there is no knowledge in terms of the bf-relation between processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_j\), then the following two basic bf-inference rules are applied at the initial stage.

  • (0,0)-rule-1    If process \(\mathrm{Pr}_i\) started before process \(\mathrm{Pr}_j\) starts, then the vector annotation \((0,0)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{be}(0,8)\), which is the greatest lower bound of the set, \(\{ \mathtt{db}(0,12),\; \mathtt{mb}(1,11),\)\(\mathtt{jb}(2,10),\; \mathtt{sb}(3,9), \; \mathtt{ib}(4,8) \}\).

  • (0,0)-rule-2    If both processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_j\) have started at the same time, then it is reasonably anticipated that the bf-relation between processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_j\) will be one of the bf-annotations, \(\{ \mathtt{fb}(5,7),\; \mathtt{pba}(6,6),\; \mathtt{fa}(7,5) \}\) whose greatest lower bound is \((5,5)\) (refer to Fig. 6). Therefore, the vector annotation \((0,0)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \((5,5)\).

\((0,0)\)-rule-1 and \((0,0)\)-rule-2 are translated into the bf-EVALPSN,

$$\begin{aligned}&R(p_i,p_j,t)\!:\![(0,0),\alpha ] \wedge \mathrm{st}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge \sim \mathrm{st}(p_j,t)\!:[\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(0,8),\alpha ]\end{aligned}$$
(1)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(0,0),\alpha ] \wedge \mathrm{st}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~\mathrm{st}(p_j,t)\!:\![\mathtt{t},\alpha ] \rightarrow R(p_i,p_j,t)\!:\![(5,5),\alpha ] \end{aligned}$$
(2)

Suppose that \((0,0)\)-rule-1 or 2 has been applied, then the vector annotation of bf-literal \(R(p_i,p_j,t)\) should be one of \((0,8)\) or \((5,5)\). Therefore, we need to consider two groups of basic bf-inference rules to be applied for following \((0,0)\)-rule-1 and 2, which are named (0,8)-rules and (5,5)-rules, respectively.

(0,8)-rules Suppose that process \(\mathrm{Pr}_i\) has started before process \(\mathrm{Pr}_j\) starts, then the vector annotation of bf-literal \(R(p_i,p_j,t)\) should be \((0,8)\). We have the following inference rules to be applied for following \((0,0)\)-rule-1.

  • (0,8)-rule-1   If process \(\mathrm{Pr}_i\) has finished before process \(\mathrm{Pr}_j\) starts, and process \(\mathrm{Pr}_j\) starts immediately after process \(\mathrm{Pr}_i\) finished, then the vector annotation \((0,8)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{mb}(1,11)\).

  • (0,8)-rule-2   If process \(\mathrm{Pr}_i\) has finished before process \(\mathrm{Pr}_j\) starts, and process \(\mathrm{Pr}_j\) has not started immediately after process \(\mathrm{Pr}_i\) finished, then the vector annotation \((0,8)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{db}(0,12)\).

  • (0,8)-rule-3   If process \(\mathrm{Pr}_j\) starts before process \(\mathrm{Pr}_i\) finishes, then the vector annotation \((0,8)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \((2,8)\) that is the greatest lower bound of the set, \(\{ \mathtt{jb}(2,10),\; \mathtt{sb}(3,9),\; \mathtt{ib}(4,8) \}\).

\((0,8)\)-rule-1, 2 and 3 are translated into the bf-EVALPSN,

$$\begin{aligned}&R(p_i,p_j,t)\!:\![(0,8),\alpha ] \wedge \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~\mathrm{st}(p_j,t)\!:\![\mathtt{t},\alpha ] \rightarrow R(p_i,p_j,t)\!:\![(1,11),\alpha ] \end{aligned}$$
(3)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(0,8),\alpha ] \wedge \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge \sim \mathrm{st}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(0,12),\alpha ]\end{aligned}$$
(4)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(0,8),\alpha ] \wedge \sim \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~\mathrm{st}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(2,8),\alpha ] \end{aligned}$$
(5)

(5,5)-rules Suppose that both processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_j\) have already started at the same time, then the vector annotation of bf-literal \(R(p_i,p_j,t)\) should be \((5,5)\). We have the following inference rules to be applied for following \((0,0)\)-rule-2.

  • (5,5)-rule-1   If process \(\mathrm{Pr}_i\) has finished before process \(\mathrm{Pr}_j\) finishes, then the vector annotation \((5,5)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{sb}(5,7)\).

  • (5,5)-rule-2   If both processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_j\) have finished at the same time, then the vector annotation \((5,5)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{pba}(6,6)\).

  • (5,5)-rule-3   If process \(\mathrm{Pr}_j\) has finished before process \(\mathrm{Pr}_i\) finishes, then the vector annotation \((5,5)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{sa}(7,5)\).

Basic bf-inference rules \((5,5)\)-rule-1, 2 and 3 are translated into the bf-EVALPSN,

$$\begin{aligned}&R(p_i,p_j,t)\!:\![(5,5),\alpha ] \wedge \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge \sim \mathrm{fi}(p_j,t):[\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(5,7),\alpha ] \end{aligned}$$
(6)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(5,5),\alpha ] \wedge \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~ \mathrm{fi}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(6,6),\alpha ] \end{aligned}$$
(7)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(5,5),\alpha ]~\wedge \sim \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~\mathrm{fi}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(7,5),\alpha ] \end{aligned}$$
(8)

If one of \((0,8)\)-rule-1,2, \((5,5)\)-rule-1,2 and 3 has been applied, a final bf-annotation such as \(\mathtt{jb}(2,10)\) between two processes should be derived. However, even if \((0,8)\)-rule-3 has been applied, no bf-annotation could be derived. Therefore, a group of basic bf-inference rules named \((2,8)\)-rules should be considered for following \((0,8)\)-rule-3.

(2,8)-rules Suppose that process \(\mathrm{Pr}_i\) has started before process \(\mathrm{Pr}_j\) starts and process \(\mathrm{Pr}_j\) has started before process \(\mathrm{Pr}_i\) finishes, then the vector annotation of bf-literal \(R(p_i,p_j,t)\) should be \((2,8)\) and the following three rules should be considered.

  • (2,8)-rule-1 If process \(\mathrm{Pr}_i\) finished before process \(\mathrm{Pr}_j\) finishes, then the vector annotation \((2,8)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{jb}(2,10)\).

  • (2,8)-rule-2 If both processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_j\) have finished at the same time, then the vector annotation \((2,8)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{fb}(3,9)\).

  • (2,8)-rule-3 If process \(\mathrm{Pr}_j\) has finished before \(\mathrm{Pr}_i\) finishes, then the vector annotation \((2,8)\) of bf-literal \(R(p_i,p_j,t)\) should turn to \(\mathtt{ib}(4,8)\).

Basic bf-inference rules \((2,8)\)-rule-1, 2 and 3 are translated into the bf-EVALPSN,

$$\begin{aligned}&R(p_i,p_j,t)\!:\![(2,8),\alpha ] \wedge \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge \sim \mathrm{fi}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(2,10),\alpha ] \end{aligned}$$
(9)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(2,8),\alpha ] \wedge \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~\mathrm{fi}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(3,9),\alpha ] \end{aligned}$$
(10)
$$\begin{aligned}&R(p_i,p_j,t)\!:\![(2,8),\alpha ]~\wedge \sim \mathrm{fi}(p_i,t)\!:\![\mathtt{{t}},\alpha ] \nonumber \\&\quad \wedge ~\mathrm{fi}(p_j,t)\!:\![\mathtt{t},\alpha ]\rightarrow R(p_i,p_j,t)\!:\![(4,8),\alpha ] \end{aligned}$$
(11)

The application orders of all basic bf-inference rules are summarized in Table 1.

Table 1 Application orders of basic bf-inference rules
Full size table

Now, we introduce the transitive bf-inference rule, which can reason a vector annotation of bf-literal transitively.

Suppose that there are three processes \(\mathrm{Pr}_i\), \(\mathrm{Pr}_j\) and \(\mathrm{Pr}_k\) starting sequentially, then we consider deriving the vector annotation of bf-literal \(R(p_i,p_k,t)\) from those of bf-literals \(R(p_i,p_j,t)\) and \(R(p_j,p_k,t)\) transitively. We describe only the variation of vector annotations in the following rules.

Transitive bf-inference rules

$$\begin{aligned}&\mathbf {TR0} \quad (0,0) \wedge (0,0) \rightarrow (0,0) \nonumber \\&\mathbf {TR1} \quad (0,8) \wedge (0,0) \rightarrow (0,8) \nonumber \\&\qquad \mathbf {TR1\hbox {-}1}\quad (0,12) \wedge (0,0) \rightarrow (0,12) \nonumber \\&\qquad \mathbf {TR1\hbox {-}2}\quad (1,11) \wedge (0,8) \rightarrow (0,12) \nonumber \\&\qquad \mathbf {TR1\hbox {-}3}\quad (1,11) \wedge (5,5) \rightarrow (1,11) \nonumber \\&\qquad \mathbf {TR1\hbox {-}4}\quad (2,8) \wedge (0,8) \rightarrow (0,8) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}1}\quad (2,10) \wedge (0,8) \rightarrow (0,12) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}2}\quad (4,8) \wedge (0,12) \rightarrow (0,8)\end{aligned}$$
(12)
$$\begin{aligned}&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3}\quad (2,8) \wedge (2,8) \rightarrow (2,8) \nonumber \\&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}1}\quad (2,10) \wedge (2,8) \rightarrow (2,10) \nonumber \\&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}2}\quad (4,8) \wedge (2,10) \rightarrow (2,8)\end{aligned}$$
(13)
$$\begin{aligned}&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}3}\quad (2,8) \wedge (4,8) \rightarrow (4,8) \nonumber \\&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}4}\quad (3,9) \wedge (2,10) \rightarrow (2,10) \nonumber \\&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}5}\quad (2,10) \wedge (4,8) \rightarrow (3,9) \nonumber \\&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}6}\quad (4,8) \wedge (3,9) \rightarrow (4,8) \end{aligned}$$
(14)
$$\begin{aligned}&\qquad \qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}7}\quad (3,9) \wedge (3,9) \rightarrow (3,9)\nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}4}\quad (3,9) \wedge (0,12) \rightarrow (0,12) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}5}\quad (2,10) \wedge (2,8) \rightarrow (1,11) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}6}\quad (4,8) \wedge (1,11) \rightarrow (2,8)\nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}4\hbox {-}7}\quad (3,9) \wedge (1,11) \rightarrow (1,11)\nonumber \\&\qquad \mathbf {TR1\hbox {-}5}\quad (2,8) \wedge (5,5) \rightarrow (2,8) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}5\hbox {-}1}\quad (4,8) \wedge (5,7) \rightarrow (2,8) \end{aligned}$$
(15)
$$\begin{aligned}&\qquad \qquad \mathbf {TR1\hbox {-}5\hbox {-}2}\quad (2,8) \wedge (7,5) \rightarrow (4,8) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}5\hbox {-}3}\quad (3,9) \wedge (5,7) \rightarrow (2,10) \nonumber \\&\qquad \qquad \mathbf {TR1\hbox {-}5\hbox {-}4}\quad (2,10) \wedge (7,5) \rightarrow (3,9)\nonumber \\&\mathbf {TR2}\quad (5,5) \wedge (0,8) \rightarrow (0,8) \nonumber \\&\qquad \mathbf {TR2\hbox {-}1}\quad (5,7) \wedge (0,8) \rightarrow (0,12) \nonumber \\&\qquad \mathbf {TR2\hbox {-}2}\quad (7,5) \wedge (0,12) \rightarrow (0,8)\end{aligned}$$
(16)
$$\begin{aligned}&\qquad \mathbf {TR2\hbox {-}3}\quad (5,5) \wedge (2,8) \rightarrow (2,8)\nonumber \\&\qquad \qquad \mathbf {TR2\hbox {-}3\hbox {-}1}\quad (5,7) \wedge (2,8) \rightarrow (2,10) \nonumber \\&\qquad \qquad \mathbf {TR2\hbox {-}3\hbox {-}2}\quad (7,5) \wedge (2,10) \rightarrow (2,8)\end{aligned}$$
(17)
$$\begin{aligned}&\qquad \qquad \mathbf {TR2\hbox {-}3\hbox {-}3}\quad (5,5) \wedge (4,8) \rightarrow (4,8)\nonumber \\&\qquad \qquad \mathbf {TR2\hbox {-}3\hbox {-}4}\quad (7,5) \wedge (3,9) \rightarrow (4,8) \nonumber \\&\qquad \mathbf {TR2\hbox {-}4}\quad (5,7) \wedge (2,8) \rightarrow (1,11) \nonumber \\&\qquad \mathbf {TR2\hbox {-}5}\quad (7,5) \wedge (1,11) \rightarrow (2,8)\end{aligned}$$
(18)
$$\begin{aligned}&\mathbf {TR3}\quad (5,5) \wedge (5,5) \rightarrow (5,5) \nonumber \\&\qquad \mathbf {TR3\hbox {-}1}\quad (7,5) \wedge (5,7) \rightarrow (5,5)\\&\qquad \mathbf {TR3\hbox {-}2}\quad (5,7) \wedge (7,5) \rightarrow (6,6)\nonumber \end{aligned}$$
(19)

Note (I) The name of a transitive bf-inference rule such as TR1-4-3 indicates the application sequence of transitive bf-inference rules until the transitive bf-inference rule has been applied. For example, if the rule TR1 has been applied, one of the rules TR1-1, TR1-2, \(\ldots \) or TR1-5 should be applied at the following stage; and if the rule TR1-4 has been applied after the rule TR1, one of the rules TR1-4-1, TR1-4-2, \(\ldots \) or TR1-4-7 should be applied at the following stage; on the other hand, if one of the rules TR1-1, TR1-2 or TR1-3 has been applied after the rule TR1, there should be no transitive bf-inference rule to be applied at the following stage because one of bf-relations \(\mathtt{db}(0,12)\), \(\mathtt{mb}(1,11)\) has been derived.

Note (II) Transitive bf-inference rules,

$$\begin{aligned}&\mathbf {TR1\hbox {-}4\hbox {-}2} \quad (12),\quad \mathbf {TR1\hbox {-}4\hbox {-}3\hbox {-}2} \quad (13),\quad \mathbf {TR1\hbox {-}4\hbox {-}6} \quad (14),\\&\mathbf {TR1\hbox {-}5\hbox {-}1} \quad (15),\quad \mathbf {TR2\hbox {-}2} \quad \;\;\; (16),\quad \quad \, \mathbf {TR2\hbox {-}3\hbox {-}2} \quad (17),\\&\mathbf {TR2\hbox {-}5} \quad \;\;\; (18),\quad \mathbf {TR3\hbox {-}1} \quad \;\;\; (19) \end{aligned}$$

have no following rule to be applied, even though they cannot derive the final bf-relations between processes represented by bf-annotations such as \(\mathtt{jb}(2,10)\). For example, suppose that the rule TR1-4-3-2 has been applied, then vector annotation \((2,8)\) of bf-literal \((p_i,p_k,t)\) just indicates that the final bf-relation between processes \(\mathrm{Pr}_i\) and \(\mathrm{Pr}_k\) is represented by one of three bf-annotations, \(\mathtt{jb}(2,10)\), \(\mathtt{sb}(3,9)\) or \(\mathtt{ib}(4,8)\) because vector annotation \((2,8)\) is the greatest lower bound of those bf-annotations. Therefore, if one of transitive bf-inference rules (12),(13),(14),(15),(16), (17),(18) and (19), has been applied, one of \((0,8)\)-rule, \((2,8)\)-rule or \((5,5)\)-rule should be applied for deriving the final bf-annotation at the following stage. For example, if the rule TR1-4-3-2 has been applied, \((2,8)\)-rule should be applied at the following stage.

5 The process order control method in bf-EVALPSN

In this section, we present the process order control method with a simple example for pipeline process order verification.

The process order control method has the following three steps:

  • Step 1 translate the safety properties of the process order control system into bf-EVALPSN;

  • Step 2 verify if permission for starting the process can be derived from the bf-EVALPSN in step1 by the basic bf-inference rule and the transitive bf-inference rule or not.

The verification step 2 can be carried out not only just before starting the process, but also at any time.

We assume a pipeline system consisting of two pipelines, PIPELINE-1 and 2, which deal with pipeline processes \(\mathrm{Pr}_0\,, \mathrm{Pr}_1\,, \mathrm{Pr}_2\) and \(\mathrm{Pr}_3\). The process schedule of those processes are shown in Fig. 7. Moreover, we assume that the pipeline system has four safety properties \(\mathrm{SPR}~\hbox {-}i (i=0,1,2,3)\).

  • \({SPR\hbox {-}0}\) process \(\mathrm{Pr}_0\) must start before any other processes, and process \(\mathrm{Pr}_0\) must finish before process \(\mathrm{Pr}_2\) finishes,

  • \({SPR\hbox {-}1}\) process \(\mathrm{Pr}_1\) must start after process \(\mathrm{Pr}_0\) starts,

  • \({SPR\hbox {-}2}\) process \(\mathrm{Pr}_2\) must start immediately after process \(\mathrm{Pr}_1\) finishes,

  • \({SPR\hbox {-}3}\) process \(\mathrm{Pr}_3\) must start immediately after processes \(\mathrm{Pr}_0\) and \(\mathrm{Pr}_2\) finish.

Fig. 7
figure 7

Pipeline process schedule

Full size image

Step 1 All safety properties \(\mathrm{SPR}\hbox {-}i (i=0,1,2,3)\) can be translated into the following bf-EVALPSN clauses.

$$\begin{aligned} \mathrm{SPR}\hbox {-}0&\sim R(p_0,p_1,t)\!:\![(0,8),\alpha ] \rightarrow \mathrm{st}(p_1,t)\!:\![\mathtt{f},\beta ], \nonumber \\ \end{aligned}$$
(20)
$$\begin{aligned}&\sim R(p_0,p_2,t)\!:\![(0,8),\alpha ] \rightarrow \mathrm{st}(p_2,t)\!:\![\mathtt{f},\beta ], \nonumber \\ \end{aligned}$$
(21)
$$\begin{aligned}&\sim R(p_0,p_3,t)\!:\![(0,8),\alpha ] \rightarrow \mathrm{st}(p_3,t)\!:\![\mathtt{f},\beta ], \nonumber \\\end{aligned}$$
(22)
$$\begin{aligned}&\mathrm{st}(p_1,t)\!:\![\mathtt{f},\beta ] \wedge \mathrm{st}(p_2,t)\!:\![\mathtt{f},\beta ] \nonumber \\&\quad {}\wedge \mathrm{st}(p_3,t)\!:\![\mathtt{f},\beta ]\rightarrow \mathrm{st}(p_0,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(23)
$$\begin{aligned}&\sim \mathrm{fi}(p_0,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{fi}(p_0,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(24)

where bf-EVALPSN clauses (20), (21) and (22) declare that if process \(\mathrm{Pr}_0\) has not started before other processes \(\mathrm{Pr}_i(i=1,2,3)\) start, it should be forbidden from starting each process \(\mathrm{Pr}_i(i=1,2,3)\); bf-EVALPSN clause (23) declares that if each process \(\mathrm{Pr}_i(i=1,2,3)\) is forbidden from starting, it should be permitted to start process \(\mathrm{Pr}_0\); and bf-EVALPSN clause (24) declares that if there is no forbiddance from finishing process \(\mathrm{Pr}_0\), it should be permitted to finish process \(\mathrm{Pr}_0\).

$$\begin{aligned} \mathrm{SPR}\hbox {-}1&\sim \mathrm{st}(p_1,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{st}(p_1,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(25)
$$\begin{aligned}&\sim \mathrm{fi}(p_1,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{fi}(p_1,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(26)

where bf-EVALPSN clause (25)/(26) declares that if there is no forbiddance from starting/finishing process \(\mathrm{Pr}_1\), it should be permitted to start/finish process \(\mathrm{Pr}_1\), respectively.

$$\begin{aligned} \mathrm{SPR}\hbox {-}2&\sim R(p_2,p_1,t)\!:\![(11,0),\alpha ] \rightarrow \mathrm{st}(p_2,t)\!:\![\mathtt{f},\beta ], \nonumber \\\end{aligned}$$
(27)
$$\begin{aligned}&\sim \mathrm{st}(p_2,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{st}(p_2,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(28)
$$\begin{aligned}&\sim R(p_2,p_0,t)\!:\![(10,2),\alpha ] \rightarrow \mathrm{fi}(p_2,t)\!:\![\mathtt{f},\beta ], \nonumber \\\end{aligned}$$
(29)
$$\begin{aligned}&\sim \mathrm{fi}(p_2,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{fi}(p_2,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(30)

where bf-EVALPSN clause (27) declares that if process \(\mathrm{Pr}_1\) has not finished before process \(\mathrm{Pr}_2\) starts, it should be forbidden from starting process \(\mathrm{Pr}_2\); the vector annotation \((11,0)\) of bf-literal \(R(p_2,p_1,t)\) is the greatest lower bound of \(\{\mathtt{da}(12,0)\), \(\mathtt{ma}(11,1)\}\), which implies that process \(\mathrm{Pr}_1\) has finished before process \(\mathrm{Pr}_2\) starts; bf-EVALPSN clauses (28)/(30) declare that if there is no forbiddance from starting/finishing process \(\mathrm{Pr}_2\), it should be permitted to start/finish process \(\mathrm{Pr}_2\), respectively; and bf-EVALPSN clauses (29) declare that if process \(\mathrm{Pr}_0\) has not finished before process \(\mathrm{Pr}_2\) finishes, it should be forbidden from finishing process \(\mathrm{Pr}_2\).

$$\begin{aligned} \mathrm{SPR}\hbox {-}3&\sim R(p_3,p_0,t)\!:\![(11,0),\alpha ] \rightarrow \mathrm{st}(p_3,t)\!:\![\mathtt{f},\beta ], \nonumber \\\end{aligned}$$
(31)
$$\begin{aligned}&\sim R(p_3,p_1,t)\!:\![(11,0),\alpha ] \rightarrow \mathrm{st}(p_3,t)\!:\![\mathtt{f},\beta ], \nonumber \\\end{aligned}$$
(32)
$$\begin{aligned}&\sim R(p_3,p_2,t)\!:\![(11,0),\alpha ] \rightarrow \mathrm{st}(p_3,t)\!:\![\mathtt{f},\beta ], \nonumber \\\end{aligned}$$
(33)
$$\begin{aligned}&\sim \mathrm{st}(p_3,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{st}(p_3,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(34)
$$\begin{aligned}&\sim \mathrm{fi}(p_3,t)\!:\![\mathtt{f},\beta ] \rightarrow \mathrm{fi}(p_3,t)\!:\![\mathtt{f},\gamma ], \end{aligned}$$
(35)

where bf-EVALPSN clauses (31), (32) and (33) declare that if one of processes \(\mathrm{Pr}_i(i=0,1,2)\) has not finished yet, it should be forbidden from starting process \(\mathrm{Pr}_3\); and bf-EVALPSN clauses (34)/(35) declare that if there is no forbiddance from starting/finishing process \(\mathrm{Pr}_3\), it should be permitted to start/finish process \(\mathrm{Pr}_3\), respectively.

Step 2 Here, we show how the bf-EVALPSN process order safety verification is carried out at five time points, \(t_0\), \(t_1\), \(t_2\), \(t_3\) and \(t_4\) in the process schedule (Fig. 7). We consider five bf-relations between processes \(\mathrm{Pr}_0\), \(\mathrm{Pr}_1\), \(\mathrm{Pr}_2\) and \(\mathrm{Pr}_3,\) represented by the vector annotations of bf-literals,

$$\begin{aligned}&R(p_0,p_1,t),\;R(p_0,p_2,t), \; R(p_0,p_3,t),\\&R(p_1,p_2,t), \; R(p_2,p_3,t) \end{aligned}$$

which should be verified based on safety properties \(\mathrm{SPR}\hbox {-}0,1,2\) and \(3\) in real time.

Initial stage (at time \(t_0\)) no process has started at time \(t_0\), thus, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_1,t_0)\!:\![(0,0),\alpha ], \end{aligned}$$
(36)
$$\begin{aligned}&R(p_1,p_2,t_0)\!:\![(0,0),\alpha ], \end{aligned}$$
(37)
$$\begin{aligned}&R(p_2,p_3,t_0)\!:\![(0,0),\alpha ] \end{aligned}$$
(38)
$$\begin{aligned}&R(p_0,p_2,t_0)\!:\![(0,0),\alpha ], \end{aligned}$$
(39)
$$\begin{aligned}&R(p_0,p_3,t_0)\!:\![(0,0),\alpha ] \end{aligned}$$
(40)

are obtained by transitive bf-inference rule TR0; then, bf-EVALP clauses (36), (39) and (40) satisfy each body of bf-EVALPSN clauses (20), (21) and (22), respectively; therefore, the forbiddance,

$$\begin{aligned}&\mathrm{st}(p_1,t_0)\!:\![\mathtt{f},\beta ], \end{aligned}$$
(41)
$$\begin{aligned}&\mathrm{st}(p_2,t_0)\!:\![\mathtt{f},\beta ], \end{aligned}$$
(42)
$$\begin{aligned}&\mathrm{st}(p_3,t_0)\!:\![\mathtt{f},\beta ] \end{aligned}$$
(43)

from starting each process \(\mathrm{Pr}_i(i=1,2,3)\) is derived. Moreover, since bf-EVALP clauses (41), (42) and (43) satisfy the body of bf-EVALPSN clause (23), the permission for starting process \(\mathrm{Pr}_0\),

$$\begin{aligned} \mathrm{st}(p_0,t_0)\!:\![\mathtt{f},\gamma ] \end{aligned}$$

is derived; therefore, process \(\mathrm{Pr}_0\) is permitted to start at time \(t_0\).

2nd Stage (at time \(t_1\)) process \(\mathrm{Pr}_0\) has already started but all other processes \(\mathrm{Pr}_i(i=1,2,3)\) have not started yet; then the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_1,t_1)\!:\![(0,8),\alpha ], \end{aligned}$$
(44)
$$\begin{aligned}&R(p_1,p_2,t_1)\!:\![(0,0),\alpha ], \end{aligned}$$
(45)
$$\begin{aligned}&R(p_2,p_3,t_1)\!:\![(0,0),\alpha ] \end{aligned}$$
(46)

are obtained, where the bf-EVALP clause (44) is derived by basic bf-inference rule \((0,0)\)-rule-1. Moreover, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_2,t_1)\!:\![(0,8),\alpha ], \end{aligned}$$
(47)
$$\begin{aligned}&R(p_0,p_3,t_1)\!:\![(0,8),\alpha ] \end{aligned}$$
(48)

are obtained by transitive bf-inference rule TR1; as bf-EVALP clause (44) does not satisfy the body of bf-EVALPSN clause (20), the forbiddance from starting process \(\mathrm{Pr}_1\),

$$\begin{aligned} \mathrm{st}(p_1,t_1)\!:\![\mathtt{f},\beta ] \end{aligned}$$
(49)

cannot be derived. Then, since there is no forbiddance (49), the body of bf-EVALPSN clause (25) is satisfied and the permission for starting process \(\mathrm{Pr}_1\),

$$\begin{aligned} \mathrm{st}(p_1,t_1)\!:\![\mathtt{f},\gamma ] \end{aligned}$$

is derived. On the other hand, since bf-EVALP clauses (47) and (48) satisfy the body of bf-EVALPSN clauses (27) and (31), respectively, the forbiddance from starting both processes \(\mathrm{Pr}_2\) and \(\mathrm{Pr}_3\),

$$\begin{aligned} \mathrm{st}(p_2,t_1)\!:\![\mathtt{f},\beta ], \quad \mathrm{st}(p_3,t_1)\!:\![\mathtt{f},\beta ] \end{aligned}$$

are derived; therefore, process \(\mathrm{Pr}_1\) is permitted to start at time \(t_1\).

3rd Stage (at time \(t_2\)) process \(\mathrm{Pr}_1\) has just finished and process \(\mathrm{Pr}_0\) has not finished yet; then, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_1,t_2)\!:\![(4,8),\alpha ], \end{aligned}$$
(50)
$$\begin{aligned}&R(p_1,p_2,t_2)\!:\![(1,11),\alpha ], \end{aligned}$$
(51)
$$\begin{aligned}&R(p_2,p_3,t_2)\!:\![(0,8),\alpha ] \end{aligned}$$
(52)

are derived by basic bf-inference rules \((2,8)\)-rule-3, \((0,8)\)-rule-2 and \((0,0)\)-rule-1, respectively. Moreover, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_2,t_2)\!:\![(2,8),\alpha ], \\&R(p_0,p_3,t_2)\!:\![(0,12),\alpha ] \end{aligned}$$

are obtained by transitive bf-inference rules TR1-4-6 and TR1-2, respectively. Then, since bf-EVALP clause (51) does not satisfy the body of bf-EVALPSN clause (27), the forbiddance from starting process \(\mathrm{Pr}_2\),

$$\begin{aligned} \mathrm{st}(p_2,t_2)\!:\![\mathtt{f},\beta ] \end{aligned}$$
(53)

cannot be derived. Since there is no forbiddance (53), it satisfies the body of bf-EVALPSN clause (28), and the permission for starting process \(\mathrm{Pr}_2\),

$$\begin{aligned} st(p_2,t_2)\!:\![\mathtt{f},\gamma ] \end{aligned}$$

is derived. On the other hand, since bf-EVALP clause (53) satisfies the body of bf-EVALPSN clause (31), the forbiddance from starting process \(\mathrm{Pr}_3\),

$$\begin{aligned} t(p_3,t_2)\!:\![\mathtt{f},\beta ] \end{aligned}$$

is derived; therefore, process \(\mathrm{Pr}_2\) is permitted to start. However, process \(\mathrm{Pr}_3\) is still forbidden from starting at time \(t_2\).

4th Stage (at the \(t_3\)) process \(\mathrm{Pr}_0\) has finished, process \(\mathrm{Pr}_2\) has not finished yet, and process \(\mathrm{Pr}_3\) has not started yet; then, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_1,t_3)\!:\![(4,8),\alpha ], \end{aligned}$$
(54)
$$\begin{aligned}&R(p_1,p_2,t_3)\!:\![(1,11),\alpha ], \end{aligned}$$
(55)
$$\begin{aligned}&R(p_2,p_3,t_3)\!:\![(0,8),\alpha ] \end{aligned}$$
(56)

in which the vector annotations are the same as in the previous stage are obtained because bf-annotations of bf-EVALP clauses (54) and (55) have been already reasoned, and the before–after relation between processes \(\mathrm{Pr}_2\) and \(\mathrm{Pr}_3\) is the same as in the previous stage. Moreover, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_2,t_3)\!:\![(2,10),\alpha ], \end{aligned}$$
(57)
$$\begin{aligned}&R(p_0,p_3,t_3)\!:\![(0,12),\alpha ] \end{aligned}$$
(58)

are obtained, where bf-EVALP clause (57) is derived by basic bf-inference rule \((2,8)\)-rule-1. Then, bf-EVALP clause (57) satisfies the body of bf-EVALP clause (33), and the forbiddance from starting process \(\mathrm{Pr}_3\),

$$\begin{aligned} S(p_3,t_3)\!:\![\mathtt{f},\beta ] \end{aligned}$$

is derived. Therefore, process \(\mathrm{Pr}_3\) is still forbidden from starting because process \(\mathrm{Pr}_2\) has not finished yet at time \(t_3\).

5th Stage (at time \(t_4\)) process \(\mathrm{Pr}_2\) has just finished and process \(\mathrm{Pr}_3\) has not started yet; then, the bf-EVALP clauses,

$$\begin{aligned}&R(p_0,p_1,t_4)\!:\![(4,8),\alpha ], \end{aligned}$$
(59)
$$\begin{aligned}&R(p_1,p_2,t_4)\!:\![(1,11),\alpha ], \end{aligned}$$
(60)
$$\begin{aligned}&R(p_2,p_3,t_4)\!:\![(1,11),\alpha ], \end{aligned}$$
(61)
$$\begin{aligned}&R(p_0,p_2,t_4)\!:\![(2,10),\alpha ], \end{aligned}$$
(62)
$$\begin{aligned}&R(p_0,p_3,t_4)\!:\![(0,12),\alpha ] \end{aligned}$$
(63)

are obtained. bf-EVALP clause (61) is derived by basic bf-inference rule \((0,8)\)-rule-2. Moreover, since bf-EVALP clauses (59), (62) and (63) do not satisfy the bodies of bf-EVALP clauses (31), (32) and (33), the forbiddance from starting process \(\mathrm{Pr}_3\),

$$\begin{aligned} \mathrm{st}(p_3,t_4)\!:\![\mathtt{f},\beta ] \end{aligned}$$
(64)

cannot be derived. Therefore, the body of bf-EVALPSN clause (34) is satisfied, and the permission for starting process \(\mathrm{Pr}_3\),

$$\begin{aligned} \mathrm{st}(p_3,t_4)\!:\![\mathtt{f},\gamma ] \end{aligned}$$

is derived. Therefore, process \(\mathrm{Pr}_3\) is permitted to start because processes \(\mathrm{Pr}_0\), \(\mathrm{Pr}_1\) and \(\mathrm{Pr}_2\) have finished at time \(t_4\).

6 Concluding remarks

In this paper, we have introduced the process order control method based on a paraconsistent annotated logic program bf-EVALPSN, which can deal with before–after relation between processes with a small pipeline process order safety verification control.

We would like to conclude this paper by describing the advantages and disadvantages of the process order control method based on bf-EVALPSN safety verification.

Advantages

  • If a bf-EVALPSN is locally stratified [5], it can be easily implemented in Prolog, C language, Programmable Logic Controller (PLC) ladder program, etc. In practice, such control bf-EVALPSNs are locally stratified.

  • It has been proved that EVALPSN can be implemented as electronic circuits on micro chips [10]. Therefore, if real-time processing is required in the system, the method might be very useful.

  • The safety verification methods for both process control and process order control can be implemented under the same environment.

Disadvantages

  • Since EVALPSN/bf-EVALPSN itself is basically not a specific tool of formal safety verification, it includes complicated and redundant expressions to construct safety verification systems. Therefore, it should be better to develop safety verification-oriented tool or programming language based on EVALPSN/bf-EVALPSN if EVALPSN/bf-EVALPSN can be applied to formal safety verification.