From Non-punctuality to Non-adjacency: A Quest for Decidability of Timed Temporal Logics with Quantifiers

2.1 Linear Temporal Logic

Formulae of \(\text{LTL}\) are built over a finite set of propositions \(\Sigma\) using Boolean connectives and temporal modalities (\(\mathsf {U}\) and \(\mathsf {S}\)) as follows: \(\varphi ::=a~|\top ~|~\varphi \wedge \varphi ~|~\lnot \varphi ~| ~\varphi \mathsf {U}\varphi ~|~ \varphi \mathsf {S}\varphi\), where \(a \in \Sigma\). The satisfaction of an \(\text{LTL}\) formula is evaluated over pointed words. For a word \(\sigma = \sigma _1 \sigma _2 \ldots \sigma _n \in \Sigma ^*\) and a point \(i \in dom(\sigma)\), the satisfaction of an \(\text{LTL}\) formula \(\varphi\) at point i in \(\sigma\) is defined, recursively, as follows:

Derived operators can be defined as follows: \(\mathsf {F}\varphi = \top \mathsf {U}\varphi\), and \(\mathcal {G}\varphi = \lnot \mathsf {F}\lnot \varphi\). Symmetrically, \(\mathsf {P}\varphi = \top \mathsf {S}\varphi\), and \(\mathcal {H}\varphi = \lnot \mathsf {P}\lnot \varphi\). An LTL formula is said to be in negation normal form if it is constructed out of basic and derived operators above, but where negation appears only in front of propositional letters. It is well known that every LTL formula can be converted to an equivalent formula that is in negation normal form.

2.2 Metric Temporal Logic (MTL)

\(\text{MTL}\) is a real-time extension of \(\text{LTL}\) where the modalities (\(\mathsf {U}\) and \(\mathsf {S}\)) are guarded with intervals. Formulae of \(\text{MTL}\) are built from \(\Sigma\) using Boolean connectives and time-constrained versions \(\mathsf {U}_I\) and \(\mathsf {S}_I\) of the standard \(\mathsf {U},\mathsf {S}\) modalities, where \(I \in \mathcal {I}_\mathsf {nat}\). Intervals of the form \([x,x]\) are called punctual; a non-punctual interval is one that is not punctual. Formulae in \(\text{MTL}\) are defined as follows: \(\varphi ::=a ~|\top ~|\varphi \wedge \varphi ~|~\lnot \varphi ~| ~\varphi \mathsf {U}_I \varphi ~|~ \varphi \mathsf {S}_I \varphi\), where \(a \in \Sigma\) and \(I \in \mathcal {I}_\mathsf {nat}\). For a timed word \(\rho = (\sigma _1, \tau _1) (\sigma _2, \tau _2) \ldots (\sigma _n, \tau _n) \in T\Sigma ^*\), a position \(i \in dom(\rho)\), an \(\text{MTL}\) formula \(\varphi\), the satisfaction of \(\varphi\) at a position i of \(\rho\), denoted \(\rho , i \models \varphi\), is defined below. We discuss the time-constrained modalities.

The language of an \(\text{MTL}\) formula \(\varphi\) is defined as \(L(\varphi) = \lbrace \rho | \rho , 1 \models \varphi \rbrace\). Using the above, we obtain some derived formulae: the constrained eventual operator \(\mathsf {F}_I \varphi \equiv \top \mathsf {U}_I \varphi\) and its dual is \(\mathcal {G}_I \varphi \equiv \lnot \mathsf {F}_I \lnot \varphi\). Similarly \(\mathcal {H}_I \varphi \equiv \top \mathsf {S}_I \varphi\). The next operator is defined as \(\oplus _I \varphi \equiv \bot \mathsf {U}_I \varphi\). The non-strict versions of \(\mathsf {F}, \mathcal {G}\) are, respectively, defined as \(\mathsf {F}^w \varphi \equiv \varphi ~\vee ~ \mathsf {F}\varphi\) and \(\mathcal {G}^w\varphi \equiv \varphi \wedge \mathcal {G}\varphi\) include the present point. Symmetric non-strict versions for past operators are also allowed. The subclass of \(\text{MTL}\) obtained by restricting the intervals I in the until and since modalities to non-punctual intervals is known as Metric Interval Temporal logic and denoted by \(\text{MITL}[\mathsf {U}, \mathsf {S}]\). We say that a formula \(\varphi\) is satisfiable iff \(L(\varphi)\ne \emptyset\).

2.3 Timed Propositional Temporal Logic (TPTL)

The logic \(\text{TPTL}\) also extends \(\text{LTL}\) using freeze quantifiers. Like \(\text{MTL}\), \(\text{TPTL}\) is also evaluated on timed words. Formulae of \(\text{TPTL}\) are built from \(\Sigma\) using Boolean connectives, modalities \(\mathsf {U}\) and \(\mathsf {S}\) of \(\text{LTL}\). In addition, \(\text{TPTL}\) uses a finite set of real valued clock variables \(X = \lbrace x_1,\ldots ,x_n\rbrace\). Let \(\nu : X \rightarrow \mathbb {R}_{\ge 0}\) represent a valuation assigning a non-negative real value to each clock variable. The formulae of \(\text{TPTL}\) are defined as follows: Without loss of generality, we work with \(\text{TPTL}\) in the negation normal form. \(\varphi ::=a~|~\lnot a ~|\top ~|~\bot ~|~ x.\varphi ~|~ T-x \in I ~|~x-T \in I~|~\varphi \wedge \varphi ~|~ \varphi \vee \varphi ~| ~\varphi \mathsf {U}\varphi ~|~ \varphi \mathsf {S}\varphi ~|~ \mathcal {G}\varphi ~|~ \mathcal {H}\varphi\), where \(x \in X\), \(a \in \Sigma\), \(I \in \mathcal {I}_\mathsf {int}\). Here, T denotes the timestamp of the point where the formula is being evaluated. \(x. \varphi\) is the freeze quantification construct that remembers the timestamp of the current point in variable x and evaluates \(\varphi\).

For a timed word \(\rho =(\sigma _1,\tau _1)\ldots (\sigma _n,\tau _n)\), \(i \in dom(\rho)\) and a \(\text{TPTL}\) formula \(\varphi\), we define the satisfiability relation, \(\rho , i, \nu \models \varphi\) with valuation \(\nu\) of all the clock variables. We omit the semantics of Boolean, \(\mathsf {U}\) and \(\mathsf {S}\) operators as they are similar to those of \(\text{LTL}\).

Let \(\overline{0}=(0,0,\ldots ,0)\) represent the initial valuation of all clock variables. For a timed word \(\rho\) and \(i \in dom(\rho)\), we say that \(\rho , i\) satisfies \(\varphi\) denoted \(\rho , i \models \varphi\) iff \(\rho ,i,\overline{0}\models \varphi\). The language of \(\varphi\), \(L(\varphi) = \lbrace \rho | \rho , 1 \models \varphi \rbrace\). The Pointed Language of \(\varphi\) is defined as \(L_{pt}(\varphi) = \lbrace \rho ,i ~\mid ~ \rho , i \models \varphi \rbrace\). A \(\text{TPTL}\) formula is said to be closed if every variable is quantified using freeze quantifier before it appears in a clock constraint. For example, \(x.y.(a \mathsf {U}(b \wedge x \in (1,2) \wedge y\in (2,3)))\) is a closed formula while \(x.(a \wedge y\in (2,3))\mathsf {U}y.(b \wedge x \in (1,2))\) is not closed (or open), as y is used in a clock constraint before it is frozen. Note that for a closed formula, the satisfaction of the model is independent of the clock valuation. In other words, if \(\psi\) is a closed formula, then either for every valuation \(\nu\), \(\rho , i, \nu \models \psi\); or for every valuation \(\nu\), \(\rho ,i, \nu \nVdash \psi\). Hence, for a closed formula \(\psi\), we drop the valuation tuple while evaluating for satisfaction as \(\rho ,i,\nu \models \psi\) for any valuation \(\nu\), iff \(\rho ,i,\overline{0} \models \psi\).

Logic 1-TPTL: The subclass of \(\text{TPTL}\) that uses only 1 clock variable (i.e., \(|X| = 1\)) is known as 1-\(\text{TPTL}\). As an example, the closed formula \(\varphi =x.(a \mathsf {U}(b \mathsf {U}(c \wedge T-x \in [1,2])))\) is satisfied by the timed word \(\rho =(a,0)(a,0.2)(b,1.1)(b,1.9)(c,1.91)(c,2.1)\), since \(\rho , 1 \models \varphi\). The word \(\rho ^{\prime }=(a,0)(a,0.3)(b,1.4) (c,2.1)(c,2.5)\) does not satisfy \(\varphi\). However, \(\rho ^{\prime },2 \models \varphi\): If we start from the second position of \(\rho ^{\prime }\), then we assign \(\nu (x)=0.3\), and when we reach the position 4 of \(\rho ^{\prime }\) with \(\tau _4=2.1,\) we obtain \(T-x=2.1-0.3 \in [1,2]\). Note that an \(\text{MTL}[\mathsf {U},\mathsf {S}]\) formula can straightforwardly be translated to an equivalent 1-\(\text{TPTL}[\mathsf {U}, \mathsf {S}]\) (closed) formula. Hence, by Theorem 2.1, we get that the satisfiability checking for 1-\(\text{TPTL}[\mathsf {U}, \mathsf {S}]\) is undecidable.

Notation: Let x denote the unique freeze variable we use in 1-\(\text{TPTL}\). All constraints in 1-TPTL have the form \(T-x \in I\). (Note that \(x-T \in I\) is equivalent to \(T-x \in -I\).) Thus, for 1-TPTL, let \(\widehat{I}\) abbreviate \(T-x \in I\).

2.4 Expressive Completeness and Strong Equivalence

Given any specification (formula or automaton) X and Y, X is equivalent to Y when for any pointed timed word \(\rho ,i\), \(\rho ,i \models X \iff \rho ,i \models Y\). We say that a formalism \(\mathcal {X}\) (logic or machine) is expressively complete to \(\mathcal {Y}\), denoted by \(\mathcal {Y} \subseteq \mathcal {X}\), if and only if, for any formulae/automata \(Y \in \mathcal {Y}\) there exists an equivalent \(X \in \mathcal {X}\). \(\mathcal {X}\) is said to be expressively equivalent to \(\mathcal {Y}\), denoted by \(\mathcal {X} \cong \mathcal {Y}\), when \(\mathcal {X} \subseteq \mathcal {Y}\) and \(\mathcal {Y} \subseteq \mathcal {X}\).

3.1 Non-adjacent 1-TPTL

Non-Adjacent 1-\(\text{TPTL}\) (NA-1-TPTL) is defined as a subclass of 1-\(\text{TPTL}\) where adjacent intervals within the scope of any freeze quantifier is disallowed. Two intervals \(I_1, I_2 \in \mathcal {I}_\mathsf {int}\) are non-adjacent iff \(\sup (I_1) {\ne } \inf (I_2)~~ \vee ~~ \sup (I_1) = 0\). A set \(\mathcal {I}_{\nu }\) of intervals is non-adjacent iff any two intervals in \(\mathcal {I}_{\nu }\) are non-adjacent. It does not contain punctual intervals other than \([0,0],\) as every punctual interval is adjacent to itself. For example, the set \(\lbrace [1,2), (2,3], [5,6)\rbrace\) is not a non-adjacent set, while \(\lbrace [0,0], [0,1), (3,4], [5,6)\rbrace\) is. Let \(\mathcal {I}_{na}\) denote a set of non-adjacent intervals with end points in \(\mathbb {Z} \cup \lbrace -\infty ,\infty \rbrace\). Consider the following example of a formula in non-adjacent 1-\(\text{TPTL}\):

The freeze depth of a \(\text{TPTL}\) formula \(\varphi\), \(\mathsf {fd}(\varphi)\) is defined inductively. For a propositional formula prop, \(\mathsf {fd}(prop)=0\). Also, \(\mathsf {fd}(x.\varphi)=\mathsf {fd}(\varphi)+1\), and \(\mathsf {fd}(\varphi _1 \mathsf {U}\varphi _2)=\mathsf {fd}(\varphi _1 \mathsf {S}\varphi _2) =\mathsf {fd}(\varphi _1 \wedge \varphi _2)=\mathsf {fd}(\varphi _1 \vee \varphi _2)=\mathsf {Max(\mathsf {fd}(\varphi _1),\mathsf {fd}(\varphi _2))}, \mathsf {fd}(\mathcal {G}(\varphi))=\mathsf {fd}(\mathcal {H}(\varphi))=\mathsf {fd}(\varphi)\).

3.2 Pnueli Automata Modalities

There have been several attempts to extend logic \(\text{MTL}\) with regular expression/automaton modalities [17, 27, 32, 46]. One of the most general amongst these is Automata Modalities, proposed by Wilke [46]. MITL (or MTL) extended with these automata modalities was called \(\text{EMITL}\) (or EMTL, respectively). We further generalize these automata modalities to give automata modalities of arbitrary arity. We call these modalities as Pnueli Automata Modalities. The extension is in the same spirit as the extension of future and past modalities to Pnueli future and Pnueli Past modalities in Reference [26]. We call MTL extended with these Pnueli Automata Modalities as \(\text{PnEMTL}\). We now first introduce EMTL before introducing \(\text{PnEMTL}\) for the sake of readability. For any finite automaton A, let \(L(A)\) denote the language of A.

3.2.2 MTL Extended with Pnueli Automata Modalities, PnEMTL.

\(\text{PnEMTL}\) is defined similarly as \(\text{EMTL}\). Given a finite alphabet \(\Sigma\), formulae of \(\text{PnEMTL}\) have the following syntax: \(\varphi ::=a~|\varphi \wedge \varphi ~|~\lnot \varphi ~| \mathcal {F}^k_{I_1,\ldots ,I_k} (\mathsf {A}_1,\ldots , \mathsf {A}_{k+1})(S)~|~ \mathcal {P}^k_{I_1,\ldots ,I_k} (\mathsf {A}_1,\ldots ,\mathsf {A}_{k+1})(S)\) where \(a \in \Sigma\), \(I_1, I_2, \ldots I_k \in \mathcal {I}_\mathsf {nat}\) and \(\mathsf {A}_1, \ldots \mathsf {A}_{k+1}\) are automata over \(2^S\) where S is a set of formulae from \(\text{PnEMTL}\). \(\mathcal {F}^k\) and \(\mathcal {P}^k\) are the new modalities called future and past Pnueli Automata Modalities, respectively, where k is the arity of these modalities.

Let \(\rho = (\sigma _1, \tau _1),\ldots (\sigma _n, \tau _n) \in T\Sigma ^*\), \(x,y \in dom(\rho)\), \(x\le y\) and \(S = \lbrace \varphi _1,\ldots , \varphi _n\rbrace\) be a given set of \(\text{PnEMTL}\) formulae. Let \(\mathsf {Seg^+}({\rho },{x},{y},S)\) and \(\mathsf {Seg^{-}}({\rho },{y},{x},S)\) be as defined previously. Then, the satisfaction relation for \(\rho ,i_0\) satisfying a \(\text{PnEMTL}\) formula \(\varphi\) is defined recursively as follows:

•

\(\rho ,i_0 \models \mathcal {F}^k_{I_1,\ldots ,I_k}(\mathsf {A}_1,\ldots ,\mathsf {A}_{k+1})(S)\) iff \({\exists } {i_0 \le i_1\le i_2 \ldots \le i_k \le n}\) s.t. \(\bigwedge \nolimits _{w=1}^{k}{[(\tau _{i_w} - \tau _{i_0} \in I_w)} \wedge \mathsf {Seg^+}(\rho , i_{w-1}, i_w,S) \in L({\mathsf {A}_w})] \wedge \mathsf {Seg^+}(\rho , i_{k}, n,S) \in L({\mathsf {A}_{k+1}})\),

•

\(\rho ,i_0 \models \mathcal {P}^k_{I_1,I_2,\ldots ,I_k} (\mathsf {A}_1,\ldots ,\mathsf {A}_k, \mathsf {A}_{k+1})(S)\) iff \({\exists } i_0 \ge i_1 \ge i_2 \ldots \ge i_k \ge 1\) s.t. \(\bigwedge \nolimits _{w=1}^{k}[(\tau _{i_0} - \tau _{i_w} \in I_w) \wedge \mathsf {Seg^{-}}(\rho , i_{w-1}, i_w,S) \in L({\mathsf {A}_{w}})] \wedge \mathsf {Seg^{-}}(\rho , i_{k}, 1,S) \in L({\mathsf {A}_{k+1}})\).

Refer to Figure 1 for semantics of \(\mathcal {F}^{k}\).

Fig. 1.

View Figure

Language of any \(\text{PnEMTL}\) formula \(\varphi\), as \(L(\varphi) = \lbrace \rho ~\mid ~ \rho ,1 \models \varphi \rbrace\). The Pointed Language of \(\varphi\) is defined as \(L_{pt}(\varphi) = \lbrace \rho ,i ~\mid ~ \rho , i \models \varphi \rbrace\). Given a \(\text{PnEMTL}\) formula \(\varphi\), its arity is the maximum number of intervals appearing in any \(\mathcal {F}, \mathcal {P}\) modality of \(\varphi\). For example, the arity of \(\varphi =\mathcal {F}^2_{I_1,I_2}(\mathsf {A}_1,\mathsf {A}_2, \mathsf {A}_3)(S_1) \wedge \mathcal {P}^1_{I_1} (\mathsf {A}_1,\mathsf {A}_2)(S_2)\) for some sets of formulae \(S_1, S_2\) is 2. For the sake of brevity, \(\mathcal {F}^k_{I_1,\ldots ,I_k}(\mathsf {A}_1,\ldots ,\mathsf {A}_{k})(S)\) denotes \(\mathcal {F}^k_{I_1,\ldots ,I_k}(\mathsf {A}_1,\ldots ,\mathsf {A}_{k}, \mathsf {A}_{k+1})(S)\) where automata \(\mathsf {A}_{k+1}\) accepts all the strings over S. We define non-adjacent \(\text{PnEMTL}\) (NA-\(\text{PnEMTL}\)) as a subclass where every modality \(\mathcal {F}^{k}_{\mathsf {I_1,\ldots , I_k}}\) and \(\mathcal {P}^{k}_{\mathsf {I_1,\ldots , I_k}}\) is such that \(\lbrace \mathsf {I_1, \ldots , I_k}\rbrace\) is a non-adjacent set of intervals.

Note that \(\text{EMITL}\) of Reference [46] (and variants of it studied in References [27, 32, 33]) are special cases of the non-adjacent \(\text{PnEMTL}\) modality where the arity is restricted to 1 and the second automata in the argument accepts all the strings. Hence, automaton modality of Reference [46] is of the form \(\mathsf {\mathcal {F}_I}(A)(S)\) and \(\mathcal {P}_I(A)(S)\). Following is an example of a specification that could be naturally written as non-adjacent \(\text{PnEMTL}\) formula.

Example 3.4

(Non-adjacent PnEMTL)

A sugar-level test involves the following: A patient visits the lab and is given a sugar measurement test (prop sm) to get fasting sugar level. After this, she is given glucose (prop gl) and this must be within 5 min of coming to the lab. After this, the patient rests between 120 and 150 minutes and she is administered sugar measurement again to check the sugar clearance level. Following this, the result (prop rez) is given out between 23 to 25 hours (1,380, 1,500 min) of coming to the lab. We assume that these propositions are mutually exclusive and prop idle denotes negation of all of them. This protocol is specified by the following non-adjacent \(\text{PnEMTL}\) formula. For convenience, we specify the automata by their regular expressions. We follow the convention where the tail automaton \(A_{k+1}\) can be omitted in \(\mathcal {F}^k\). \(\begin{equation*} \mathcal {F}^2_{[0,5],~ [1,380,1,500]} \left[ \begin{array}{l} sm \cdot (idle^*) \cdot (gl \wedge \mathcal {F}^1_{[120,150]}(~gl \cdot (idle^*) \cdot sm~), \\ gl \cdot ((\lnot rez)^*) \cdot rez \end{array} \right] \end{equation*}\) For readability, the two regular expressions of the top \(\mathcal {F}^2\) are given in two separate lines. It states that the first regular expression must end at time within \([0,5]\) of starting and the second regular expression must end at a time within [1,380, 1,500] of starting. Note the nested use of \(\mathcal {F}\) to anchor the duration between glucose and the second sugar measurement.

3.3 Size of Formulae

The size of a temporal logic formula can be measured as usual, using the parse tree of the formula, or using the parse DAG (Directed Acyclic Graph) of the formula, where a syntactically unique subformula occurs only once. The latter representation is more succinct and is used widely starting from the classical LTL formula-to-automaton construction [14, 45]. For our results also, we will use the notion of DAG-size of a formula.

The (DAG) size of a formula \(\varphi\) denoted by \(|\varphi |\) is a measure of how many bits are required to store it in the DAG representation. The size of a \(\text{TPTL}\) formula is defined as the sum of the number of \(\mathsf {U}\), \(\mathsf {S}\) and Boolean operators and freeze quantifiers in it. For \(\text{PnEMTL}\) formulae, \(|op|\) is defined as the number of Boolean operators and variables used in it. \(|(\mathcal {F}^{k}_{I_1,\ldots ,I_k}(\mathsf {A}_1, \ldots , \mathsf {A}_{k+1})(S)|=\sum \nolimits _{\varphi \in S}(|\varphi |)+ |\mathsf {A}_1| + \cdots + |\mathsf {A}_{k+1}|+ 2k\times log(\mathsf {cmax})\) where \(|\mathsf {A}|\) denotes the size of the automaton \(\mathsf {A}\) given by the sum of number of its states and transitions and \(\mathsf {cmax}\) denotes the maximum allowable value of the constant used in the intervals \(I_1, \ldots , I_k.\)⁶

5.1 Simple TPTL to NFA over Interval Words

In this section, we elaborate the first step of the reduction.

5.2 Constructing Normalized Automata for Each Type Sequence

In this section, we elaborate on step 2 of the reduction. We discuss here how to partition W, the set of all collapsed \(I_\nu\)-interval words, into finitely many classes. Each class is characterized by its type given as a finite sequences \(\mathsf {seq}\) over \(I_{\nu } \cup \lbrace \mathsf {anch}\rbrace\). For any collapsed \(w \in W\), its type \(\mathsf {seq}\) gives an ordering between \(\mathsf {anch}(w)\), \(\mathsf {first}(w,I)\) and \(\mathsf {last}(w,I)\) for all \(I \in I_\nu\), such that, any \(I \in I_{\nu }\) appears at most twice and \(\mathsf {anch}\) appears exactly once in \(\mathsf {seq}\). For instance, \(\mathsf {seq}=I_1 I_1 \mathsf {anch}I_2 I_2\) is a sequence different from \(\mathsf {seq}^{\prime }=I_1I_2 \mathsf {anch}I_2I_1\), since the relative orderings between the first and last occurrences of \(I_1, I_2\) and \(\mathsf {anch}\) differ in both. Let the set of types \(\mathcal {T}(I_\nu)\) be the set of all such sequences; by definition, \(\mathcal {T}(I_\nu)\) is finite.

Intuition: For every type \(\mathsf {seq}\in \mathcal {T}(I_\nu)\), we construct an automaton \(A_{\mathsf {seq}}\) that accepts the normalization of all the words of type \(\mathsf {seq}\) accepted by A (i.e., \(L(A_\mathsf {seq}) = \lbrace Norm(w)| w\in L(A) \wedge w\) is of type \(\mathsf {seq}\rbrace\). Hence, \(\bigcup _{\mathsf {seq}\in \mathcal {T}(I_\nu)} \mathsf {Time}(L(A_\mathsf {seq})) = \mathsf {Time}(\mathsf {Norm}(L(A))) = \mathsf {Time}(L(A))\). Hence, the union of all these newly constructed automata encodes the required timed languages. The motivation behind construction of such an automaton is as follows: Each of the words accepted by \(A_\mathsf {seq}\) for any \(\mathsf {seq}\in \mathcal {T}(I_\nu)\) has bounded number of (as \(|\mathsf {seq}| \le 2 \times |I_\nu | + 1\)) time-restricted points. The main reason to do this is so we get automata (i.e., \(A_\mathsf {seq}\)) with structure similar to that shown in Figure 7. Such an automaton over \(I_\nu\)-interval words can be factored at time-restricted points and its corresponding timed language can then be expressed using a PnEMTL formula, \(\phi _\mathsf {seq}\), with arity bounded by the length of sequence \(\mathsf {seq}\). The construction of the required formula will be presented in Section 5.3. Hence, restricting to only normalized words makes it possible to construct a PnEMTL formula with bounded arity. Moreover, as \(\mathcal {T}(I_\nu)\) is bounded, we can get a bounded size formula, \(\phi = \mathsf {Time}(L(A))\), by disjuncting \(\phi _\mathsf {seq}\) over all possible values of \(\mathsf {seq}\in \mathcal {T}(I_\nu)\).

Fig. 7.

View Figure

Given \(w \in W\), let \(\mathsf {Boundary}(w)=\lbrace i_1, i_2, \ldots , i_k\rbrace\) be the positions of w that are either \(\mathsf {first}(w,I)\) or \(\mathsf {last}(w,I)\) for some \(I \in I_{\nu }\) or is \(\mathsf {anch}(w)\). Let \(w\downarrow _{\mathsf {Boundary}(w)}\) be the subword of w obtained by projecting w to the positions in \(\mathsf {Boundary}(w)\), restricted to the subalphabet \(2^{I_{\nu }}\cup \lbrace \mathsf {anch}\rbrace\). For example, \(w=\lbrace a,I_1\rbrace \lbrace b,I_1\rbrace \lbrace c,I_2\rbrace \lbrace \mathsf {anch},a\rbrace \lbrace b,I_1\rbrace \lbrace b,I_2\rbrace \lbrace c,I_2\rbrace\) gives \(w\downarrow _{\mathsf {Boundary}(w)}\) as \(I_1I_2\mathsf {anch}I_1I_2\). Then, w is in the partition \(W_{\mathsf {seq}}\) iff \(w\downarrow _{\mathsf {Boundary}(w)}=\mathsf {seq}\). Clearly, \(W=\bigcup _{\mathsf {seq}\in \mathcal {T}(I_\nu)}W_{\mathsf {seq}}\). Continuing with the example above, w is a collapsed \(\lbrace I_1, I_2\rbrace\)-interval word over \(\lbrace a,b,c\rbrace\), with \(\mathsf {Boundary}(w)=\lbrace 1,3,4,5,7\rbrace\), and \(w \in W_{\mathsf {seq}}\) for \(\mathsf {seq}=I_1I_2\mathsf {anch}I_1 I_2\), while \(w\notin W_{\mathsf {seq}^{\prime }}\) for \(\mathsf {seq}^{\prime }=I_1I_1\mathsf {anch}I_2 I_2\).

For type sequence \(\mathsf {seq}=I_1,I_2, \ldots , I_k\), let \(Support(\mathsf {seq})\) give the set of intervals (including \(\mathsf {anch}\)) occurring in \(\mathsf {seq}\). Each such interval occurs 1 or 2 times. Let \(Idx(\mathsf {seq})=\lbrace 1 \ldots k+1\rbrace\). We define function \(Status(\mathsf {seq}) ~:~ Idx(\mathsf {seq}) \rightarrow Support(\mathsf {seq}) \rightarrow \lbrace pre,mid,post\rbrace\) as follows: Let \(j \in Idx(\mathsf {seq})\) and \(I \in Support(\mathsf {seq})\). Then, \(Status(j)(I)=pre\) if I does not occur in \(\mathsf {seq}\) strictly before index j. Also, \(Status(j)(I)=post\) if I does not occur in \(\mathsf {seq}\) at or after index j. Finally, \(Status(j)(I)=mid\) if I occurs in \(\mathsf {seq}\) both strictly before j and also at or after index j. For example, for \(\mathsf {seq}= \mathsf {anch}~I_1 I_2 I_1\), we have \(Status(2)(I_1)=pre\) and \(Status(2)(I_2)=pre\) and \(Status(2)(\mathsf {anch})=post\). Also, \(Status(4)(I_1)=mid\) and \(Status(4)(I_2)=post\).

Let \(\mathsf {seq}\) be any sequence in \(\mathcal {T}(I_\nu)\). We construct an NFA, \(Aut_\mathsf {seq}\), which recognizes exactly the collapsed interval words, \(W_\mathsf {seq}\), of type seq. Automaton \(Aut_\mathsf {seq}=(Idx(\mathsf {seq})), 1, 2^{\Sigma ^{\prime }}, \delta _2,\lbrace |\mathsf {seq}|+1\rbrace)\). Its transitions are as follows: Let \(S \subseteq \Sigma\), \(j \in Idx(seq)\), \(I_j\) be the jth element of \(\mathsf {seq}\) and \(I \in Support(seq)\). Then,

The following proposition follows directly from the construction:

Given collapsed interval word automaton \(A=(Q, \mathsf {init}, 2^{\Sigma ^{\prime }}, \delta , F)\) for the LTL formula as constructed above, the product automaton \(A_{prod}= (A \times Aut_\mathsf {seq})\) has the property \(L(A_{prod})=(L(A) \cap W_\mathsf {seq})\). Thus, \(A_{prod}\) accepts the collapsed words belonging to the partition \(W_\mathsf {seq}\) and accepted by A. The automaton \(A_{prod}\) has the form \(((Q \times Idx(\mathsf {seq})), (\mathsf {init}, 1), 2^{\Sigma ^{\prime }}, \delta _1, F \times \lbrace |\mathsf {seq}|+1\rbrace),\) where \(\delta _1\) is obtained by synchronous composition of \(\delta\) and \(\delta _2\) as usual. Observe that in an accepting run of \(A_{prod}\) on a word w, the progress transitions increment the index component j of the product state \((q,j)\). These transitions occur exactly at \(Boundary(w)\) positions in the word and they represent intervals in w that are retained in the normalized version of w. The middle type transitions, which leave the index component j unchanged, correspond to redundant middle intervals that do not occur in the normalized version of w.

To obtain the automaton \(A_\mathsf {seq}\) accepting normalized words corresponding to words accepted by the product \(A_{prod}\), we project out the redundant intervals in middle type transition in the automaton \(A_{prod}\). Thus, \(A_\mathsf {seq}\) has same states (including initial and final states) but its transition function \(\delta _\mathsf {seq}\) differs from the transition function \(\delta _1\) of \(A_{prod}\). Let \(A_\mathsf {seq}=((Q \times Pos(\mathsf {seq})), (\mathsf {init}, 1), 2^{\Sigma ^{\prime }}, \delta _\mathsf {seq}, F \times \lbrace |\mathsf {seq}|+1\rbrace)\). Its transitions are:

The reader may notice the following features of \(A_\mathsf {seq}\): Let I be any element of where \(I_\nu \cup \lbrace \mathsf {anch}\rbrace\). The only transitions with labels of the form \(S \cup \lbrace I\rbrace\) (these are called time-constrained transitions) are the progress transition, and they occur in order specified by \(\mathsf {seq}\) in any accepting run. All other transitions are labelled with \(S \subseteq \Sigma\). They are unconstrained. Hence, the automaton graph partitions into disjoint subgraphs with only unconstrained transitions. These subgraphs are connected by progress transitions. See Figure 7.

From the construction of \(A_\mathsf {seq}\), the following property clearly holds:

From the above proposition, it follows that \(\bigcup _{\mathsf {seq}\in \mathcal {T}(I_\nu)}L(A_\mathsf {seq}) = \mathsf {Norm}(L(A))\). Hence, using Theorem 5.2, we get \(\begin{equation*} \bigcup _{\mathsf {seq}\in \mathcal {T}(I_\nu)} \mathsf {Time}(L(A_\mathsf {seq})) = \mathsf {Time}(\mathsf {Norm}(L(A))) = \mathsf {Time}(L(A)) = L_{pt}(\psi) . \end{equation*}\) Hence, \(A_\mathsf {seq}\) is the required Normalized Automata for type \(\mathsf {seq}\).

5.3 Reducing NFA of Each Type to PnEMTL

Our next step is to reduce the NFAs \(A_{\mathsf {seq}}\) corresponding to each type \(\mathsf {seq}\) as constructed in the previous step to a language equivalent formula of logic \(\text{PnEMTL}\). This is step 3 of the reduction. The words in \(L(A_{\mathsf {seq}})\) are all normalized and have at most \(2|I_\nu |+1\)-time-restricted points. Thanks to this, its corresponding timed language can be expressed using \(\text{PnEMTL}\) formulae with arity at most \(2|I_\nu |\).

For each \(A_\mathsf {seq}\), we construct \(\text{PnEMTL}\) formula \(\phi _\mathsf {seq}\) such that, for a timed word \(\rho\) with \(i \in dom(\rho), \rho , i \models \phi _\mathsf {seq}\) iff \(\rho , i \in \mathsf {Time}(L(A_\mathsf {seq}))\).

6.1 GQMSO: Syntax and Semantics

We define a real-time logic GQMSO that is interpreted over timed words. It includes \(\text{MSO}[\lt ]\) over words with respect to some alphabet \(\Sigma\). This is extended with a notion of time-constraint formula \(\psi (t)\), where t is a free first-order variable. All variables in our logic range over positions in the timed word and not over timestamps (unlike continuous interpretation of these logics). There are two sorts of formulae in GQMSO that are mutually recursively defined: \(\text{MSO}^{\mathsf {UT}}\) and \(\text{MSO}^{\mathsf {T}}\) (where \(\mathsf {UT}\) stands for untimed and \(\mathsf {T}\) for timed). An \(\text{MSO}^{\mathsf {UT}}\) formula \(\phi\) has no real-time constraints except for the time-constraint subformula \(\psi (t) \in \text{MSO}^{\mathsf {T}}\). A formula \(\psi (t)\) has only one free variable t (called anchor), which is a first-order variable. \(\psi (t)\) is defined as a block of real-time-constrained quantification applied to a GQMSO formula with no free second-order variables; it has the form \(\mathcal {Q}_1t_1. \mathcal {Q}_2t_2. \dots \mathcal {Q}_jt_j. ~ \phi (t,t_1,\ldots t_j)\) where \(\phi \in \text{MSO}^{\mathsf {UT}}\). All the metric quantifiers in the quantifier block constrain their variable relative only to the anchor t. The precise syntax follows below.¹⁰

Remark: This form of real time constraints in first-order logic were pioneered by Hirshfeld and Rabinovich [25] in their logic Q2MLO (with only non-punctual guards) and its punctual extension was later shown to be expressively complete to FO[\(\lt ,+1\)] by Hunter [28] over signals. Here, we extend the quantification to an anchored block of quantifiers of arbitrary depth.

We have a two sorted logic consisting of \(\text{MSO}^{UT}\) formulae \(\phi\) and time-constrained formulae \(\psi\). Let \(a \in \Sigma\), and let \(t,t^{\prime }\) range over first-order variables, while T range over second-order variables. The syntax of \(\phi \in \text{MSO}^{\mathsf {UT}}\) is given by:

\(t=t^{\prime }~|~t\lt t^{\prime }~|~Q_a(t)~|~T(t) \mid \phi \wedge \phi ~|~{\lnot } \phi ~|~ {\exists } t. \phi ~|~{\exists } T \phi ~ |~\psi (t)\).

Here, \(\psi (t) \in \text{MSO}^{\mathsf {T}}\) is a time-constraint formula whose syntax and semantics are given a little later. A formula in \(\text{MSO}^{\mathsf {UT}}\) with first-order free variables \(t_0,t_1, \ldots t_k\) and second-order free variables \(T_1, \ldots , T_m\) is denoted \(\phi (t_0,\ldots t_k,T_1, \ldots , T_m)\). The semantics of such formulae is as usual. Let \(\rho = (\sigma _1, \tau _1) \ldots (\sigma _n, \tau _n)\) be a timed word over \(\Sigma\). Given \(\rho\), positions \(i_0, \ldots , i_k\) in \(dom(\rho)\), and sets of positions \(A_1, \ldots , A_m\) with \(A_i \subseteq dom(\rho)\), we define \(\rho ,(i_0,i_1,\ldots ,i_k,A_1,\ldots ,A_m) \models \phi (t_0,t_1, \ldots t_k,T_1, \ldots , T_m)\) inductively in \(\text{MSO}[\lt ]\).

The time-constraint formula \(\psi (t) \in \text{MSO}^{\mathsf {T}}\) has the form: \(\mathcal {Q}_1t_1. \mathcal {Q}_2t_2. \dots \mathcal {Q}_jt_j. ~ \phi (t,t_1,\ldots t_j)\) where \(t_1, \ldots , t_j\) are first-order variables and \(\phi \in \text{MSO}^{\mathsf {UT}}\). Each quantifier \(\mathcal {Q}_x t_x\) has the form \(\overline{\exists }t_x \in t+ I_x\) or \(\overline{\forall }t_x \in t+ I_x\) for a time interval \(I_x \in \mathcal {I}_\mathsf {int}\). \(\mathcal {Q}_x\) is called a metric quantifier. Note that each metric quantifier constrains its variable only relative to the anchor variable t. Moreover, \(\psi (t)\) has no free second-order variables. The semantics of such an anchored metric quantifier is obtained recursively as follows: Let

\((\rho ,i_0,i_1,\ldots ,i_{j-1}) \models \overline{\exists }t_j \in t+I_j. \phi (t,t_1,\ldots ,t_j)\) iff \(\begin{Bmatrix} \text{there exists } i_j \text{ such that }\tau _{i_j} \in \tau _{i_0}+I_j \text{ and,}\\ (\rho ,i_0,i_1 \ldots i_j) \models \phi (t,t_1,\ldots , t_j) \end{Bmatrix}\),

\((\rho ,i_0,i_1,\ldots ,i_{j-1}) \models \overline{\forall }t_j \in t+I_j. \phi (t,t_1,\ldots t_j)\) iff \(\begin{Bmatrix} \text{for all } i_j \text{ such that }\tau _{i_j} \in \tau _{i_0}+I_j \text{ implies,}\\ (\rho ,i_0,i_1 \ldots i_j) \models \phi (t,t_1,\ldots , t_j) \end{Bmatrix}\).

Note that metric quantifiers quantify over positions of the timed word, and the metric constraint is applied on the timestamp of the corresponding positions. Each time-constraint formula in GQMSO has exactly one free variable; variables \(t_1,\ldots ,t_j\) are called time-constrained in \(\psi (t)\). If we restrict the grammar of a time-constrained formula \(\psi (t) \in \text{MSO}^{\mathsf {T}}\) to contain only a single metric quantifier (i.e., \(\mathcal {Q}_1t_1. \phi (t,t_1)\)) and disallow the usage of second-order quantification, then we get the logic Q2MLO of Reference [26].

Note that, while GQMSO extends classical MSO\([\lt ]\), it is not closed under second-order quantification: Arbitrary use of second-order quantification is not allowed, and its syntactic usage, as explained above, is restricted to prevent a second-order free variable from occurring in the scope of the real-time constraint (similar to References [23, 43, 46]). For example, \(\exists X. \exists t. [X(t) \wedge \overline{\exists }t^{\prime } \in t+(1,2) Q_a(t^{\prime })]\) is a well-formed GQMSO formula, while \(\exists X. \exists t. \overline{\exists }t^{\prime } \in t+(1,2)[Q_a(t^{\prime })\wedge X(t)]\) is not, since X occurs freely within the scope of the metric quantifier.

Metric Depth. The metric depth of a formula \(\varphi\) denoted (\(\mathsf {MtD}(\varphi)\)) gives the nesting depth of time constraint constructs and is defined inductively: For atomic formulae \(\varphi\), \(\mathsf {MtD}(\varphi)=0\). \(\mathsf {MtD}[\varphi _1 \wedge \varphi _2]= \mathsf {MtD}[\varphi _1 \vee \varphi _2] = max(\mathsf {MtD}[\varphi _1],\mathsf {MtD}[\varphi _2])\) and \(\mathsf {MtD}[\exists t. \varphi (t)]=\mathsf {MtD}[\lnot \varphi ]=\mathsf {MtD}(\varphi (t))\). \(\mathsf {MtD}[\mathcal {Q}_1t_1 \ldots \mathcal {Q}_j t_j \phi ]\) \(=\) \(\mathsf {MtD}[\phi ] + 1\). For example, the sentence \(\forall t_3~\overline{\forall }t_1 \in t_3 + (1,2)~ \lbrace Q_a(t_1) {\rightarrow } (\overline{\exists }t_0 \in t_1 + [1,1]~ Q_b(t_0))\rbrace\) accepts all timed words such that for each a that is at distance \((1,2)\) from some timestamp t, there is a b at distance 1 from it. This sentence has metric depth two with time-constrained variables \(t_0,t_1\).

6.2 GQMSO with Alternation Free Metric Quantifiers (AF-GQMSO)

We define a syntactic fragment of GQMSO, called AF-GQMSO, where all the metric quantifiers in any anchored metric quantifier block only consist existential metric quantifiers. More precisely, AF-GQMSO is a syntactic fragment of GQMSO where the time constraint \(\psi (t_0)\) has the form \(\overline{\exists }t_1 \in t_0+I_1. \overline{\exists }t_2 \in t_0 + I_2. \dots \overline{\exists }t_j \in t_0 +I_j. ~ \phi (t_0,t_1,\ldots t_j)\) with \(\phi \in \text{MSO}^{\mathsf {UT} }\). Hence, there is no alternation of metric quantifiers within a block of the metric quantifier. Note that the negation of the timed subformula is allowed in the syntax of GQMSO (and hence AF-GQMSO). Hence, alternation free \(\overline{\forall }^* \phi\) formulae can also be expressed as equivalent \(\lnot \overline{\exists }^* \lnot \phi\) using AF-GQMSO. We now show that, surprisingly, AF-GQMSO is as expressive as GQMSO.

6.3 Non-Adjacent GQMSO (NA-GQMSO)

Any AF-GQMSO formula \(\varphi\) is said to be non-adjacent if and only if for every subformula \(\psi\) of \(\varphi\) of the form \(\overline{\exists }t_1 \in t + I_1 \ldots \overline{\exists }t_j \in t+I_j \Phi (t,t_1,\ldots ,t_j)\), the set of intervals \(\lbrace I_1, \ldots , I_j\rbrace\) is non-adjacent. Notice that NA-GQMSO is a syntactic subclass of AF-GQMSO. For example, \(\overline{\exists }t_1 \in t_0 +(2,3) \overline{\exists }t_2. \in t_0+ (3,4) [\exists t \lt t_0 \wedge \overline{\exists }t_3 \in t_0+(4,5)]\) is not non-adjacent, as intervals \((2,3)\) and \((3,4)\) appear within the same metric quantifier block and are adjacent. However, \(\overline{\exists }t_1 \in t_0 +(2,3) \overline{\exists }t_2. \in t_0+ (4,5) [\exists t \lt t_0 \wedge \overline{\exists }t_3 \in t_0+(3,4)]\) is non-adjacent, as \(\lbrace (1,2), (4,5)\rbrace\) and \((2,3)\) is non-punctual (and hence non-adjacent to itself). The formula in Example 6.3 is also an NA-GQMSO formula.

8.1 Behavior of Oversampling Points

We oversample timed words over \(\Sigma\) by adding new points where only propositions from \(\mathsf {Int}\) holds, where \(\mathsf {Int}\cap \Sigma = \emptyset\). Given a timed word \(\rho\) over \(\Sigma\), consider an extension of \(\rho\) called \(\rho ^{\prime }\), by extending the alphabet \(\Sigma\) of \(\rho\) to \(\Sigma ^{\prime } = \Sigma \cup \mathsf {Int}\). Compared to \(\rho\), \(\rho ^{\prime }\) has extra points called oversampling points, where \(\lnot \bigvee \Sigma\) (and \(\bigvee \mathsf {Int}\)) hold. These extra points are added at all integer timestamps in such a way that, if \(\rho\) already has points with integer timestamps, then the oversampled point with the same timestamp appears last among all points with the same timestamp in \(\rho ^{\prime }\). We will make use of these oversampling points to reduce the \(\text{PnEMTL}\) modalities into \(\text{EMITL}_{0,\infty }\). These oversampling points are labelled with a modulo counter \(\mathsf {Int}=\lbrace \mathsf {int}_0,\mathsf {int}_1,\ldots , \mathsf {int}_{\mathsf {cmax}-1}\rbrace\). The counter is initialized to be 0 at the first oversampled point with timestamp 0 and is incremented, modulo \(\mathsf {cmax}\), after exactly one time unit till the last point of \(\rho\). Let \(i \oplus j=(i+ j) \% \mathsf {cmax}\). The oversampled behaviors are expressed using the formula \(\varphi _{\mathsf {ovs}}\): \(\lbrace \lnot \mathsf {F}_{(0,1)} \bigvee \mathsf {Int}\wedge \mathsf {F}_{[0,1)} \mathsf {int}_{0}\rbrace\) \(\wedge\) \(\lbrace \bigwedge \nolimits _{i=0}^{\mathsf {cmax}-1}\mathcal {G}^w\lbrace (\mathsf {int}_i \wedge \mathsf {F}(\bigvee \Sigma))\rightarrow (\lnot \mathsf {F}_{(0,1)} (\bigvee \mathsf {Int}) \wedge \mathsf {F}_{(0,1]} (\mathsf {int}_{i \oplus 1} \wedge (\lnot \bigvee \Sigma) \wedge \mathsf {LastTS}))\rbrace\). to an extension \(\rho ^{\prime }\) given by \(\mathsf {ext}(\rho)=\rho ^{\prime }\) iff (i) \(\rho\) can be obtained from \(\rho ^{\prime }\) by deleting oversampling points and (ii) \(\rho ^{\prime } \models \varphi _{\mathsf {ovs}}\). Map \(\mathsf {ext}\) is well defined as for any \(\rho\), \(\rho ^{\prime }=\mathsf {ext}(\rho)\) if and only if \(\rho ^{\prime }\) can be constructed from \(\rho\) by appending oversampling points at integer timestamps and labelling kth such oversampling point (appearing at time \(k-1\)) with \(\mathsf {int}_{k{\%}\mathsf {cmax}}\).

8.2 Flattening

Next, we flatten \(\phi\) to eliminate the nested \(\mathcal {F}^{k}_{\mathsf {I_1,\ldots , I_k}}\) and \(\mathcal {P}^{k}_{\mathsf {I_1,\ldots , I_k}}\) modalities while preserving satisfiability. Flattening is well studied [27, 31, 35, 40]. The idea is to associate a fresh witness variable \(b_i\) to each subformula \(\phi _i\) that needs to be flattened. This is achieved using the temporal definition, \(T_i=\mathcal {G}^w((\bigvee \Sigma \wedge \phi _i) \leftrightarrow b_i)\), and replacing \(\phi _i\) with \(b_i\) in \(\phi\), \(\phi ^{\prime \prime }_i=\phi [b_i /\phi _i]\), where \(\mathcal {G}^w\) is the weaker form of \(\mathcal {G}\) asserting formula (within its scope) at the current point and all the strict future points. Then, \(\phi ^{\prime }_i=\phi ^{\prime \prime }_i \wedge T_i \wedge \bigvee \Sigma\) is equisatisfiable to \(\phi\). Repeating this across all subformulae of \(\phi\), we obtain \(\phi _{flat}=\phi _t \wedge T\) over the alphabet \(\Sigma ^{\prime }=\Sigma \cup W\), where W is the set of the witness variables, \(T=\bigwedge _i T_i\), \(\phi _t\) is a propositional logic formula over W. Each \(T_i\) is of the form \(\mathcal {G}^w(b_i \leftrightarrow (\phi _f \wedge \bigvee \Sigma)),\) where \(\phi _f=\mathcal {F}^{n}_{\mathsf {I_1,\ldots , I_n}}(\mathsf {A}_1, \ldots , \mathsf {A}_{n+1})(S)\) (or uses \(\mathcal {P}^{n}_{\mathsf {I_1,\ldots , I_n}}\)) and \(S \subseteq \Sigma ^{\prime }\). For example, consider the formula \(\phi =\mathcal {F}^2_{(0,1)(2,3)}(\mathcal {A}_1, \mathcal {A}_2,\mathcal {A}_3)(\lbrace \phi _1, \phi _2\rbrace)\), where \(\phi _1 = \mathcal {P}^2_{(0,2)(3,4)}(A_4,A_5, A_6)(\Sigma),\phi _2 = \mathcal {P}^2_{(1,2)(4,5)}(A_7,A_8, A_9)(\Sigma)\). Replacing the \(\phi _1, \phi _2\) modality with witness propositions \(b_1, b_2\), respectively, we get \(\phi _t=\mathcal {F}^2_{(0,1)(2,3)}(A_1,A_2,A_3)(\lbrace b_1, b_2\rbrace) \wedge T\), where \(T=\mathcal {G}^w(b_1 \leftrightarrow (\bigvee \Sigma \wedge \phi _1)) \wedge \mathcal {G}^w(b_2 \leftrightarrow (\bigvee \Sigma \wedge \phi _2))\), \(A_1,A_2,A_3\) are automata constructed from \(\mathcal {A}_1, \mathcal {A}_2, \mathcal {A}_3\), respectively, by replacing \(\phi _1\) by \(b_1\) and \(\phi _2\) by \(b_2\) in the labels of their transitions. Hence, \(\phi _{flat}=\phi _t \wedge T\) is obtained by flattening the \(\mathcal {F}^{k}_{\mathsf {I_1,\ldots , I_k}},\mathcal {P}^{k}_{\mathsf {I_1,\ldots , I_k}}\) modalities.

8.3 Constructing Equisatisfiable EMITL_0,∞ Formula

In this step, for every \(\text{PnEMTL}\) formula \(\phi _f\) appearing in each \(T_i=\mathcal {G}^w(b_i \leftrightarrow (\phi _f \wedge \bigvee \Sigma))\), we will obtain an equisatisfiable \(\text{EMITL}_{0,\infty }\) formula \(\psi _f\). We use oversampling to construct the formula \(\psi _f\) such that for any timed word \(\rho\) over \(\Sigma\), \(i \in dom(\rho)\), there is an extension \(\rho ^{\prime }=\mathsf {ext}(\rho)\) over an extended alphabet \(\Sigma ^{\prime }\), and a point \(i^{\prime } \in dom(\rho ^{\prime })\) that is an old point corresponding to i such that \(\rho ^{\prime }, i^{\prime } \models \psi _f\) iff \(\rho , i \models \phi _f\).

Consider \(\phi _f=\mathcal {F}^{n}_{\mathsf {I_1,\ldots , I_n}}(\mathsf {A}_1, \ldots , \mathsf {A}_{n+1})(S)\) where \(S \subseteq \Sigma ^{\prime }\). Without loss of generality, we assume:

Let \(\rho =(\sigma _1, \tau _1) \dots (\sigma _n, \tau _n)\in T\Sigma ^*\), \(i \in dom(\rho)\). Let \(\rho ^{\prime }=\mathsf {ext}(\rho)\) be defined by \((\sigma ^{\prime }_1, \tau ^{\prime }_1)\dots (\sigma ^{\prime }_m, \tau ^{\prime }_m)\) with \(m \ge n\), and each \(\tau ^{\prime }_x\) is a either a new integer timestamp not among \(\lbrace \tau _1, \ldots , \tau _n\rbrace\) or is some \(\tau _y\) where x is an old action point corresponding to y. Let \(i^{\prime }\) be an old point in \(\rho ^{\prime }\) corresponding to i. Let \(i^{\prime }_0=i^{\prime }\) and \(i^{\prime }_{n+1} = |\rho ^{\prime }|\). As mentioned above, we make use of these extra action points in \(\rho ^{\prime }\) to assert specification same as \(\phi _f\) without using \(\text{EMITL}_{0,\infty }\) modalities (in case \(\phi _f\) is arity 1 formula) or using \(\text{PnEMTL}\) modality with strictly smaller arity. We first construct a formula \(\phi ^{\prime }_f\) in \(\text{PnEMTL}\) such that \(\rho , i \models \phi _f\) iff \(\rho ^{\prime },i^{\prime } \models \phi ^{\prime }_f\). Note that the satisfaction of \(\phi _f\) is sensitive to these extra action points of \(\rho ^{\prime }\). Hence, \(\rho , i \models \phi _f\) does not guarantee \(\rho ^{\prime }, i^{\prime } \models \phi _f\) unless \(\phi _f\) can be made to ignore oversampling points while checking for satisfaction. We do this as follows: For any \(1\le j \le n+1\), let \(\mathsf {A}^{\prime }_j\) be the automata built from \(\mathsf {A}_j\) by adding self loop on \(\lnot \bigvee \Sigma\) (oversampling points) and \(S^{\prime } = S \cup \lbrace \lnot \bigvee \Sigma \rbrace\). This self loop makes sure that \(\mathsf {A}^{\prime }_j\) ignores (or skips) all the oversampling points while checking for \(\mathsf {A}_j\). Hence, \(\mathsf {A}^{\prime }_j\) allows arbitrary interleaving of oversampling points while checking for \(\mathsf {A}_j\). We call such an NFA as NFA relativized w.r.t. \(\Sigma\). Thus, we have the following proposition:

From this point, we will work on eliminating \(\text{PnEMTL}\) modality from \(\phi ^{\prime }_f\) rather than \(\phi _f\), as they are both equisatisfiable (if the former is restricted to be evaluated on models satisfying \(\varphi _{ovs}\), i.e., oversampled models).

We present the reduction by applying induction on arity of the formula. That is, given a \(\text{PnEMTL}\) formula of arity k, we construct a formula of arity at most \(k-1\) such that, for all timed words \(\rho ^{\prime } \models \varphi _{ovs}\), for any old action point \(i^{\prime }\) of \(\rho ^{\prime }\), \(\rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_f\) iff \(\rho ^{\prime },i^{\prime }\models \phi ^{k-1}_f\) (Recursion Step). In other words, \(\phi ^{\prime }_f \wedge \varphi _{ovs}\) is equivalent to \(\phi ^{k-1}_f \wedge \varphi _{ovs}\). Similarly, if \(\phi ^{\prime }_f\) has arity 1, then we reduce it to an \(\text{EMITL}_{0,\infty }\) formula, \(\psi _f\), such that \(\phi ^{\prime }_f \wedge \varphi _{ovs}\) is equivalent to \(\psi _f \wedge \varphi _{ovs}\) (Base Step). We start with the latter (Base step). That is, we assume that \(\phi ^{\prime }_f = \mathcal {F}_{I_1}(\mathsf {A}^{\prime }_1, \mathsf {A}^{\prime }_2)(S^{\prime })\), we construct a formula \(\psi _f\) such that \(\psi _f\) only contains \(\text{EMITL}_{0,\infty }\) modalities. Before starting with the reduction, we state some useful notations and lemma. For the sake of readability, from this point onward, we do not explicitly mention set of formulae over which the automata modalities are being evaluated unless it is not clear from the context. For example, \(\phi ^{\prime }_f = \mathcal {F}^{n}_{\mathsf {I_1,\ldots , I_n}}(\mathsf {A}^{\prime }_1, \ldots , \mathsf {A}^{\prime }_{n+1})(S \cup \lnot (\bigvee \Sigma \rbrace)\) will be simply written as \(\mathcal {F}^{n}_{\mathsf {I_1,\ldots , I_n}}(\mathsf {A}^{\prime }_1, \ldots , \mathsf {A}^{\prime }_{n+1})\).

8.3.2 Lemma for Factoring Regular Languages.

As mentioned above, we fix \(\phi _f = \mathcal {F}^{n}_{\mathsf {I_1,\ldots , I_n}}(\mathsf {A}_1, \ldots , \mathsf {A}_{n+1})\) and \(\phi ^{\prime }_f = \mathcal {F}^{n}_{\mathsf {I_1,\ldots , I_n}}(\mathsf {A}^{\prime }_1, \ldots , \mathsf {A}^{\prime }_{n+1}),\) where \(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{n+1}\) are NFA relativized w.r.t. \(\Sigma\). The case of \(\mathcal {P}^{k}_{\mathsf {I_1,\ldots , I_k}}\) modality can be handled symmetrically. We fix \(\rho = (\sigma _1, \tau _1) \ldots (\sigma _m, \tau _m)\) and \({\rho ^{\prime } = (\sigma ^{\prime }_1, \tau ^{\prime }_1) \ldots (\sigma ^{\prime }_{m^{\prime }}, \tau ^{\prime }_{m^{\prime }})=} \mathsf {ext}(\rho)\). Let i be any arbitrary point of \(\rho\) and \(i^{\prime }\) be an old action point of \(\rho ^{\prime }\) corresponding to i. \(i^{\prime }_0=i^{\prime }\). We first present a lemma that reduces the check for condition of the form \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i)\) by asserting some \(\text{EMITL}_{0,\infty }\) formulae at \(g^{\prime }\) and \(h^{\prime }\) for any \(i \in \lbrace 1,\ldots , n+1\rbrace\). For any \(g^{\prime },h^{\prime } \in dom (\rho)\), let us call segments of the form \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime })\) or \(\mathsf {Seg}^{-}(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime })\) as Segments of \(\rho ^{\prime }\) over \(S^{\prime }\). Let \(i \in \lbrace 1,\ldots ,n+1\rbrace\) be any integer.

Remark: As mentioned above, when \(\mathsf {A}^{\prime }_i\) is evaluated over segments of \(\rho ^{\prime }\) over \(S^{\prime }\), it skips all the oversampling points. But note that the same \(\mathsf {A}^{\prime }_i\) when evaluated over segments of \(S^{\prime } \cup \lbrace \mathsf {int}_j\rbrace\) for some \(0 \le j \lt \mathsf {cmax}\) skips all oversampling points except those labelled with \(\mathsf {int}_j\). This is because the transitions of \(\mathsf {A}^{\prime }_i\) are labelled using subformulae in \(S^{\prime }\) that do not contain any symbols from \(\mathsf {Int}\). Hence, \(\mathsf {A}^{\prime }_i\) has no transition on symbol \(\mathsf {int}_j\). Thus, \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i \cdot \lbrace \mathsf {int}_j, \lnot \bigvee \Sigma \rbrace)\) iff \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime }-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i)\), none of the points between \(g^{\prime }\) to \(h^{\prime }-1\) are labelled with \(\mathsf {int}_j\) and point \(h^{\prime }\) is labelled with proposition \(\mathsf {int}_j\). Hence, \(h^{\prime }\) is the first point after \(g^{\prime }\) where \(\mathsf {int}_j\) holds.

Let \(\mathsf {A}^{\prime }_i = (Q_i, init_i, S^{\prime }, \delta , F_i)\).

Lemma 8.3 (Factoring Check for Regular Language).

Let \(g^{\prime }, h^{\prime }\) be any two points of \(\rho ^{\prime }\) such that \(g^{\prime } \lt h^{\prime }\), \(\tau ^{\prime }_{h^{\prime }} - \tau ^{\prime }_{g^{\prime }} \le \mathsf {cmax}\) and \(\lceil \tau ^{\prime }_{g^{\prime }} \rceil \ne \lceil \tau ^{\prime }_{h^{\prime }} \rceil\). Then, \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i)\) iff \(\bigvee \nolimits _{j=0}^{\mathsf {cmax}-1} \bigvee \nolimits _{q \in Q_i}\bigvee \nolimits _{f \in F_i}[\rho ^{\prime }, g^{\prime } \models \psi ^+(i,init_i,q,j)\wedge \rho ^{\prime }, h^{\prime } \models \psi ^-(i,q,f,j),\) where \(\psi ^+(i,init_i,q,j) = \mathcal {F}(\mathsf {A}_i[init_i,q].\lbrace \mathsf {int}_j, \lnot \bigvee \Sigma \rbrace)(S^{\prime }\cup \lbrace \mathsf {int}_j\rbrace)\) and \(\psi ^-(i,q,f,j) = \mathcal {P}((\mathsf {A}^{\prime }_i[q,f]).\lbrace \mathsf {int}_j, \lnot \bigvee \Sigma \rbrace)(S^{\prime }\cup \lbrace \mathsf {int}_j\rbrace)]\).

Proof.

Intuition: We encourage readers to look at Figure 8. As mentioned above, the main purpose of this lemma is to reduce the checking of condition \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i)\) by asserting some \(\text{EMITL}_{0,\infty }\) formulae at \(g^{\prime }\) and \(h^{\prime }\). As \(\rho ^{\prime }\) satisfies \(\varphi _{\mathsf {ovs}}\) and \(\tau ^{\prime }_{h^{\prime }} - \tau ^{\prime }_{g^{\prime }} \le \mathsf {cmax}\), all the oversampling integer points between \(g^{\prime }\) and \(h^{\prime }\) are labelled with unique counters, as the counters increment at every oversampling point modulo \(\mathsf {cmax}\). Hence, if the oversampling integer time point immediately after \(g^{\prime }\) is labelled \(\mathsf {int}_j\), then no other point between \(g^{\prime }\) and \(h^{\prime }\) is labelled \(\mathsf {int}_j\). Moreover, the oversampling integer time point immediately after \(g^{\prime }\) (say, c) is labelled with a proposition \(\mathsf {int}_j\) iff \(\lceil \tau ^{\prime }_{g^{\prime }} \rceil \% \mathsf {cmax}= j\). For checking \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i)\), we make use of this oversampling point c to split the run(s) as follows:

Fig. 8.

View Figure

(1)

Checking the First Part: Concretely, checking for \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i)\), we start at \(g^{\prime }\) in \(\rho ^{\prime }\), from the initial state \(init_i\) of \(\mathsf {A}_i\), and move to the state (say, q) that is reached at the closest oversampling point c. Note that we use only \(\mathsf {A}_i\) (without any \(\lnot \bigvee \Sigma\) self loops) to disallow occurrence of any oversampling point except at the last point. This ensures that we end our run after reading the closest oversampling point c.

(2)

Checking the Latter Part: Reaching q from \(init_i\), we have read a partial behavior between \(g^{\prime }\) and c; this must be extended to check full behavior by starting from state q, continuing from point c, with transition rules of \(\mathsf {A}^{\prime }_i\) and assert that we end at an accepting state after reading the point \(h^{\prime }\). Note that we use \(\mathsf {A}^{\prime }_i\) instead of \(\mathsf {A}_i\) (used in the first part) to ignore the oversampling points that could be encountered while checking the latter part, i.e., from c to \(h^{\prime }\)). Hence, starting from \(g^{\prime }\) with initial state of \(\mathsf {A}^{\prime }_i\), we reach at the accepting state of \(\mathsf {A}^{\prime }_i\) after reading point \(h^{\prime }\) iff we end at some state q after the end of checking the first part while simulating \(\mathsf {A}_i\), after which on simulating \(\mathsf {A}^{\prime }_i\) and continuing from state q, we reach some accepting state of \(\mathsf {A}^{\prime }_i\) on reading till \(h^{\prime }\) and hence ending the check for the second part.

Note that check for the first part ending at some state q can be characterized by \(\rho ^{\prime }, g^{\prime } \models \mathcal {F}(\mathsf {A}_i[init,q].\lbrace \mathsf {int}_j, \lnot \bigvee \Sigma \rbrace)\). For reducing the check of latter part with a formula asserting at \(h^{\prime }\), we start the check for automata in reverse. That is, we assert that: Starting from some final state f from \(h^{\prime }\), if we simulate the \(\mathsf {A}^{\prime }_i\) in reverse direction till point c, then we should be able to reach q. Note that the end point of the segment in \(\text{EMITL}_{0,\infty }\) formula is within an existential quantifier. Then, how do we make sure that we end our check at c? This can be done by asserting that the check ends at the nearest point before \(h^{\prime }\) where \(\mathsf {int}_j\) holds first. As c is the only point between \(g^{\prime }\) and \(h^{\prime }\) where \(\mathsf {int}_j\) holds, we are sure to end at c. Hence, checking for latter part is equivalent to check \(\rho ^{\prime },h^{\prime } \models \mathcal {P}((\mathsf {A}^{\prime }_i[q,f]).\lbrace \mathsf {int}_j, \lnot \bigvee \Sigma \rbrace)(S^{\prime }\cup \lbrace \mathsf {int}_j\rbrace)\). Before starting the proof, we give a very simple example that gives some intuition about the construction.

Example 8.4.

Consider the formula \(\phi = \mathcal {F}^2_{(1,2),(3,4)}(Even_a, b^*,\Sigma ^*)\), where \(Even_a\) is an automaton accepting strings containing even number of \(a^{\prime }s\). \(\rho , i\) satisfies \(\phi\) if and only if there exist points \(i_1\) (within \((1,2)\) of i) and \(i_2\) (within \((3,4)\) of i) such that there is an even number of \(a^{\prime }s\) between i and \(i_1\) and only \(b^{\prime }s\) occur between \(i_1\) and \(i_2\). Observe the following Figure 9. Consider \(\rho ^{\prime } = \mathsf {ext}(\rho)\). Let \(i^{\prime }, i^{\prime }_1, i^{\prime }_2\) be the points of \(\rho ^{\prime }\) corresponding to old action points \(i, i_1, i_2\) of \(\rho\), respectively. Now, we can break the check between \(i^{\prime }\) and \(i_1^{\prime }\) at the smallest integer oversampling point occurring after \(i^{\prime }\) labelled \(\mathsf {int}_j\). The number of \(a^{\prime }s\) between \(i^{\prime }\) and \(i^{\prime }_1\) (and hence number of \(a^{\prime }s\) between i and \(i_1\)) is even iff the number of \(a^{\prime }s\) between \(i^{\prime }\) and next occurring \(\mathsf {int}_j\) and the number of \(a^{\prime }s\) between \(\mathsf {int}_j\) and \(i_1^{\prime }\) are either both odd or both even. Similarly, all points between \(i_1\) and \(i_2\) are labelled b iff at all old action points between \(i^{\prime }_1\) and nearest point x labelled \(\mathsf {int}_{j^{\prime }}\) (where \(j^{\prime } \in \lbrace 0,\ldots ,\mathsf {cmax}-1\rbrace)\), and continuing from x to \(i_2\) only b or \(\mathsf {int}_{j^{\prime \prime }}\) occurs where \(j^{\prime \prime } \ne j^{\prime }\). Hence, formula \(\phi\) is satisfiable iff the following formula \(\psi\) is satisfiable:

Fig. 9.

View Figure

\(\psi = \varphi _{ovs} \wedge \bigvee \nolimits _{0\le j,j^{\prime } \le \mathsf {cmax}-1,j^{\prime \prime } \ne j^{\prime }} [\mathsf {F}_{(0,1]}(\mathsf {int}_{j}) \rightarrow [\lbrace \mathsf {F}_{(3,4)}(\mathcal {P}((b+\mathsf {int}_{j^{\prime \prime }})^*.\mathsf {int}{j^{\prime }})\rbrace \wedge \lbrace \lbrace \mathcal {F}(Even_a.\mathsf {int}_j) \wedge \mathsf {F}_{(1,2)}(\mathcal {P}(Even_a.\mathsf {int}_j) \wedge \mathcal {F}(b^*.\mathsf {int}_{j\oplus 2})\rbrace \vee \lbrace \mathcal {F}(Odd_a.\mathsf {int}_j) \wedge \mathsf {F}_{(1,2)}(\mathcal {P}(Odd_a.\mathsf {int}_j) \wedge \mathcal {F}(b^*.\mathsf {int}_{j^{\prime }})))\rbrace \rbrace ]]\).□

Formal Proof: We argue for correctness as follows:

(1)	Let \(c^{\prime }\) be any point between \(g^{\prime }\) and \(h^{\prime }\). Then, any accepting run from point \(g^{\prime }\) to \(h^{\prime }\) ending at an accepting state \(f \in F\) will pass through point \(c^{\prime }\) such that after reading the point \(c^{\prime }\) the run ends up at some state q. Thus, the behavior from \(g^{\prime }\) to \(c^{\prime }\) is given by all the runs starting from init and ending at state q (hence in \(\mathsf {A}^{\prime }_i[init, q]\)). Similarly, the remaining part of the run from \(c^{\prime }+1\) to \(h^{\prime }\) is characterized by those continuing from q to f (hence, in \(\mathsf {A}^{\prime }_i(q, f)\)). Disjuncting over all possible values of \(q \in Q\) and \(f \in F\), we get all the possible accepting runs. Hence, \(\forall c^{\prime }. g^{\prime }\lt c^{\prime }\lt h^{\prime }\), we have (1) \(\begin{equation} \begin{aligned} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i) \iff &\bigvee \limits _{q \in Q_i}\bigvee \limits _{f \in F_i}&\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i[init, q]) \\ &&\wedge \mathsf {Seg}^+(\rho ^{\prime },c^{\prime }+1,h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,f]). \end{aligned} \end{equation}\)
(2)	As \(\lceil \tau ^{\prime }_{g^{\prime }} \rceil \ne \lceil \tau ^{\prime }_{h^{\prime }} \rceil\) and \(g^{\prime } \lt h^{\prime }\), \(\tau ^{\prime }_{h^{\prime }} \gt \lceil \tau ^{\prime }_{g^{\prime }} \rceil\). Moreover, as \(\rho ^{\prime } \models \varphi _{\mathsf {ovs}}\), there is an oversampling point c with timestamp \(\tau ^{\prime }_c = \lceil \tau ^{\prime }_{g^{\prime }} \rceil\) where \(\mathsf {int}_j\) holds. Hence, by Equation (1) and as \(g^{\prime } \le c \le h^{\prime }\), we have (2) \(\begin{equation} \begin{aligned} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i) \iff &\bigvee \limits _{q \in Q_i}\bigvee \limits _{f \in F_i}&\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c,S^{\prime }\cup) \in L(\mathsf {A}^{\prime }_i[init, q]) \\ &&\wedge \mathsf {Seg}^+(\rho ^{\prime },c+1,h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,f]). \end{aligned} \end{equation}\)
(3)	As \(\mathsf {A}^{\prime }_i\) has a self loop over \(\lnot \bigvee \Sigma\), the states do not change on reading (or not reading) the oversampling point c. Hence, \(\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,Q_f]) \iff \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,Q_f])\). This implies: (3) \(\begin{equation} \begin{aligned} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i) \iff & \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F}&\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[init, q]) \\ &&\wedge \mathsf {Seg}^+(\rho ^{\prime },c+1,h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,f]). \end{aligned} \end{equation}\)
(4)	By definition of \(\mathsf {Seg}^+\) and \(\mathsf {Seg}^-\), \(\mathsf {Seg}^+(\rho ^{\prime },c+1,h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,f]) \iff \mathsf {Seg}^{-}(\rho ^{\prime },h^{\prime },c+1,S^{\prime }) \in L((\mathsf {A}^{\prime }_i[f,q]))\). This, along with Equation (3), implies, (4) \(\begin{equation} \begin{aligned} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i) \iff &\bigvee \limits _{q \in Q_i}\bigvee \limits _{f \in F_i}&[\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[init_i, q]) \\ &&\wedge \mathsf {Seg}^{-}(\rho ^{\prime },h^{\prime },c+1,S^{\prime }) \in L((\mathsf {A}^{\prime }_i[q,f])]. \end{aligned} \end{equation}\)
(5)	As \(\rho ^{\prime } \models \varphi _{\mathsf {ovs}}\). If \(j = \lceil \tau ^{\prime }_{g^{\prime }} \rceil \%\mathsf {cmax}\), then point c is labelled with \(\mathsf {int}_j\). Moreover, there is no oversampling point between \(g^{\prime }\) and c. Hence, (5) \(\begin{equation} \begin{aligned} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[init_i,q]) \iff \exists g^{\prime }\lt c^{\prime }. \\ \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c^{\prime },S^{\prime } \cup \lbrace \mathsf {int}_j\rbrace) \in L\left(\mathsf {A}_i[init_i, q]\cdot \lbrace \mathsf {int}_j, \bigvee \Sigma \rbrace \right)\!. \end{aligned} \end{equation}\) Note that we use \(\mathsf {A}_i\) instead of \(\mathsf {A}^{\prime }_i\), as \(\mathsf {A}_i\) will make sure that in the initial part from \(g^{\prime }\) to \(c^{\prime }-1\) there is no oversampling point, as it has no self loops on \(\lnot \bigvee \Sigma\). This will ensure that the \(c^{\prime }\) point is the very first oversampling point after \(g^{\prime }\). Hence, there is only one choice for \(c^{\prime }\), i.e., c. Moreover, concatenating \(\lbrace \mathsf {int}_j, \bigvee \Sigma \rbrace\) at the end makes sure that c is labelled as \(\mathsf {int}_j\).
(6)	Similarly, (6) \(\begin{equation} \begin{aligned} \mathsf {Seg}^{-}(\rho ^{\prime },h^{\prime },c+1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,f]) \iff \exists c^{\prime }\lt h^{\prime }. \\ \mathsf {Seg}^{-}(\rho ^{\prime },h^{\prime },c^{\prime },S^{\prime } \cup \lbrace \mathsf {int}_j\rbrace) \in L\left(\left(\mathsf {A}^{\prime }_i[q, f]\right)\cdot \left\lbrace \mathsf {int}_j, \bigvee \Sigma \right\rbrace \right)\!. \end{aligned} \end{equation}\) As \(\mathsf {A}^{\prime }_i\) does not contain symbols from \(\mathsf {Int}\), \(c^{\prime }\) is the nearest such point before \(h^{\prime }\) where \(\mathsf {int}_j\) holds. As \(\tau ^{\prime }_{h^{\prime }}\) - \(\tau ^{\prime }_{g^{\prime }} \le \mathsf {cmax}\) and the counters are incremented modulo \(\mathsf {cmax}\) at integer timestamps by \(\varphi _{ovs}\), if c is labelled as \(\mathsf {int}_j\), then there is no other point between \(g^{\prime }\) and \(h^{\prime }\) that will be labelled \(\mathsf {int}_j\). Hence, there is only one choice for \(c^{\prime }\), i.e., c.
(7)	By semantics of \(\mathcal {F}\) and Equation (5), we have: (7) \(\begin{equation} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },c-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[init_i,q]) \iff \rho ^{\prime }, g^{\prime } \models \mathcal {F}\left(\mathsf {A}_i[init_i, q]\cdot \left\lbrace \mathsf {int}_j, \bigvee \Sigma \right\rbrace \right)\!. \end{equation}\) Similarly, by semantics of \(\mathcal {P}\) and Equation (6), we have: (8) \(\begin{equation} \mathsf {Seg}^{-}(\rho ^{\prime },h^{\prime },c+1,S^{\prime }) \in L(\mathsf {A}^{\prime }_i[q,f]) \iff \rho ^{\prime },h^{\prime } \models \mathcal {P}\left(\left(\mathsf {A}_i[q, f]\right)\cdot \left\lbrace \mathsf {int}_j, \bigvee \Sigma \right\rbrace \right)\!. \end{equation}\)
(8)	By Equations (4), (7), and (8) and disjuncting over all possible values of \(q\in Q_i\) and \(f\in F_i\), if \(j = \lceil \tau ^{\prime }_{g^{\prime }} \rceil \%\mathsf {cmax}\), we have: (9) \(\begin{equation} \mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i) \iff \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F} [\rho ^{\prime }, g^{\prime } \models \psi ^+(i,init_i,q,j) \wedge \rho ^{\prime }, h^{\prime } \models \psi ^-(i,q,f,j). \end{equation}\) Finally, disjuncting over all possible values of \(j \in \lbrace 0,\ldots ,\mathsf {cmax}-1\rbrace ,\) we have the required result: (10) \(\begin{equation} \begin{aligned}\mathsf {Seg}^+(\rho ^{\prime },g^{\prime },h^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_i) \iff \bigvee \limits _{j=0}^{\mathsf {cmax}-1} \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F} [\rho ^{\prime }, g^{\prime } \models \psi ^+(i,init_i,q,j) \wedge \rho ^{\prime }, h^{\prime } \models \psi ^-(i,q,f,j)]. \end{aligned} \end{equation}\)

We now start with the base case of the construction.

Lemma 8.5 (Base Lemma).

If \(\phi ^{\prime }_f = \mathcal {F}^1_{\langle l, u \rangle }(\mathsf {A}^{\prime }_1, \mathsf {A}^{\prime }_2)(S^{\prime })\)(i.e., \(n=1\)), then we can construct an \(\text{EMITL}_{0,\infty }\) formula \(\psi _f\) such that \(\rho ^{\prime }, i^{\prime }\) satisfies \(\phi ^{\prime }_f\) if and only if it satisfies \(\psi _f\). Moreover, the total number of operators (temporal and Boolean), \(N= \mathcal {O}(\mathsf {cmax}\times |\mathsf {A}_1| \times |\mathsf {A}_1| \times |\phi _f|)\).

Proof.

To reiterate the semantics of \(\phi ^{\prime }_f\): (11) \(\begin{equation} \rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_f \iff \exists i_1^{\prime }. \tau _{i^{\prime }_1} - \tau _{i^{\prime }} \in \langle l, u \rangle \wedge \mathsf {Seg}^+(\rho ^{\prime },i_0^{\prime },i_1^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_1) \wedge \mathsf {Seg}^+(\rho ^{\prime },i^{\prime }_1,m^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_2). \end{equation}\)

•

Case 1: \(l=0\) or \(u = \infty\). Intuition: This case is straightforward. As we have only \(\text{PnEMTL}\) modality with unit arity and the intervals are either of the form \(\langle 0,u\rangle\) or \(\langle l, \infty \rangle\), we can use an \(\mathcal {F}_{\langle l,u \rangle }\) \(\text{EMITL}_{0,\infty }\) formula to assert the check for \(\mathsf {A}^{\prime }_1\), which has a nested untimed \(\text{EMITL}\) formulae to check \(\mathsf {A}^{\prime }_2\). Formal Construction and proof: In this case, we can trivially reduce \(\phi ^{\prime }_f\) into an equivalent \(\psi _f\) that is already in \(\text{EMITL}_{0,\infty }\) using nesting: \(\psi _f = \mathcal {F}_{\langle l, u \rangle }({\mathsf {A}^{\prime }_{1}}^{\mathsf {last}, \beta })\) where \(\beta = \mathcal {F}(\mathsf {A}^{\prime }_2\cdot {\mathsf {Last}}) (S^{\prime }\cup \lbrace \mathsf {Last}\rbrace)\). By semantics of \(\mathcal {F}\) modality, (12) \(\begin{equation} \rho ^{\prime },i^{\prime } \models \psi _f \iff \exists i_1^{\prime }. \tau _{i^{\prime }_1} - \tau _{i^{\prime }} \in \langle l, u \rangle \wedge \mathsf {Seg}^+(\rho ^{\prime },i^{\prime },i_1^{\prime },S^{\prime }\cup \lbrace \beta , \mathsf {last}\rbrace) \in L({\mathsf {A}^{\prime }_{1}}^{\mathsf {last}, \beta }). \end{equation}\) Moreover, by definition of \(\mathsf {A}^{last, a}\), (13) \(\begin{equation} \rho ^{\prime },i^{\prime } \models \psi _f \iff \tau _{i^{\prime }_1} - \tau _{i^{\prime }} \in \langle l, u \rangle \wedge \mathsf {Seg}^+(\rho ^{\prime },i^{\prime },i_1^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_1) \wedge \rho ^{\prime }, i^{\prime }_1 \models \beta . \end{equation}\) Note that (14) \(\begin{equation} \rho ^{\prime }, i^{\prime }_1 \models \beta \iff \mathsf {Seg}^+(\rho ^{\prime },i^{\prime }_1,m^{\prime }-1,S^{\prime }) \in L(\mathsf {A}^{\prime }_2)\ \text{(by semantics)} \iff \mathsf {Seg}^+(\rho ^{\prime },i^{\prime }_1,m^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_2). \end{equation}\) The equivalence in the right is due to the observation the last point is always an oversampling point, as \(\rho ^{\prime } \models \varphi _{\mathsf {ovs}}\), and \(\mathsf {A}^{\prime }_2\) loops over oversampling points when evaluated on segments over \(S^{\prime }\) (hence, the set of states reached at \(m^{\prime }-1\) and m are the same). By Equations (14) and (13), we get \(\rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_f \iff \rho ^{\prime }, i^{\prime } \models \psi _f\), where \(\psi _f\) is an \(\text{EMITL}_{0,\infty }\) formula. Note that in this case \(|\psi _f| = \mathcal {O}(|\phi _f|).\)

•

Case 2: \(\langle l, u \rangle\) is a bounded interval where \(l \gt 0\). Hence, \(\mathsf {cmax}\ge \tau ^{\prime }_{i^{\prime }_1} - \tau ^{\prime }_{i^{\prime }} \ge 1\). As \(\tau ^{\prime }_{i^{\prime }_1} - \tau ^{\prime }_{i^{\prime }} \ge 1\) implies \(\lceil \tau ^{\prime }_{i^{\prime }_{1}} \rceil \ne \lceil \tau ^{\prime }_{i^{\prime }} \rceil\), we can apply the Lemma 8.3. Let \(\mathsf {A}_1 = (Q,init, 2^{S^{\prime }}, \delta , F)\). Intuition: In this case, to check \(\mathsf {Seg}^+(\rho ^{\prime },i_0^{\prime },i_1^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_1)\), we use Lemma 8.3, which gives us \(\text{EMITL}_{0,\infty }\) \(\mathcal {F}\) formulae (of the form \(\psi ^+\), as mentioned in Lemma 8.3) to be asserted at \(i^{\prime }\) and \(\mathcal {P}\) formulae of the form \(\psi ^-\) to be asserted at \(i_1^{\prime }\). The former can be asserted directly, as \(i^{\prime }\) is the present point. For asserting formulae at \(i^{\prime }_1\), we jump from \(i^{\prime }\) to \(i^{\prime }_1\) using \(\mathsf {F}_{\langle l, u \rangle }\) modality and assert the corresponding \(\mathcal {P}\) modality. For checking \(\mathsf {A}^{\prime }_2\), we assert formulae \(\beta\), as constructed in the previous case at \(i_1^{\prime }\). Formal Construction and Proof: (15) \(\begin{equation} \mathsf {Seg}^+(\rho ^{\prime },i_0^{\prime },i_1^{\prime },S^{\prime }) \in L(\mathsf {A}^{\prime }_1) \iff \bigvee \limits _{j=0}^{\mathsf {cmax}-1} \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F}[\rho ^{\prime }, g^{\prime } \models \psi ^+(1,init,q,j) \wedge \rho ^{\prime }, h^{\prime } \models \psi ^-(1,q,f,j)] \end{equation}\) Using Equations (15) and (14) in Equation (11), we get: (16) \(\begin{equation} \begin{aligned}\rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_f \iff & \\ \exists i_1^{\prime }. \tau _{i^{\prime }_1} - \tau _{i^{\prime }} \in \langle l, u \rangle \wedge & \bigvee \limits _{j=0}^{\mathsf {cmax}-1} \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F}[\rho ^{\prime }, i_0^{\prime } \models \psi ^+(1,init,q,j) \wedge \rho ^{\prime }, i_1^{\prime } \models \psi ^-(1,q,f,j)] \wedge \rho ^{\prime }, i_1^{\prime } \models \beta , \end{aligned} \end{equation}\) where \(\beta\) is the same as one used in Equation (14). We can eliminate the quantifier guarded by the timing constraint \(\exists i_1^{\prime }. \tau _{i^{\prime }_1} - \tau _{i^{\prime }} \in \langle l, u \rangle\) using \(\mathsf {F}_{\langle l, u \rangle }\) modality. Hence, by semantics of \(\mathsf {F}_{\langle l, u \rangle }\) modality, if \(\psi _f = \bigvee \nolimits _{j=0}^{\mathsf {cmax}-1} \bigvee \nolimits _{q \in Q}\bigvee \nolimits _{f \in F}\psi ^+(1,init,q,j) \wedge \mathsf {F}_{I_1}(\psi ^-(1,q,f,j) \wedge \beta ],\) then by semantics of \(\rho ^{\prime },i^{\prime } \models \phi ^{\prime }_f \iff \rho ^{\prime }, i^{\prime } \models \psi _f\). Note that \(\psi _f\) contains only \(\text{EMITL}_{0,\infty }\) and \(\mathsf {F}_{np}\) modalities and hence is the required formulae. Also note that, as each \(\psi ^+(1,init,q,j)\) and \(\psi ^-(1,q,f,j)\) formulae are of the size of \(\mathcal {O}(\phi _f)\), we have \(|\psi _f| = \mathcal {O}(\mathsf {cmax}\times |Q_1|\) \(\times\) \(|F_1| \times |\phi _f|)\).

□

We now give the recursive reduction. We show that, given any non-adjacent \(\text{PnEMTL}\) formula of arity k, we can construct an equisatisfiable formulae non-adjacent \(\text{PnEMTL}\) formula of arity \(k-1\) or less.

Lemma 8.6 (Recursive Reduction Lemma).

If \(\phi ^{\prime }_f = \mathcal {F}^{k}_{I_1,\ldots I_{k}}(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{k+1})\), then we can construct an \(\text{PnEMTL}\) formula \(\psi ^{k-1}_f\) with arity at most \(k-1\) such that \(\rho ^{\prime }, i^{\prime }\) satisfies \(\phi ^{\prime }_f\) if and only if it satisfies \(\psi ^{k-1}_f\). Moreover, the total number of operators \(N = \mathcal {O}(\mathsf {cmax}\times |\mathsf {A}_k| \times |\mathsf {A}_k| \times |\phi _f|)\).

Proof.

To rephrase the semantics of \(\rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_f\) (by pushing \(\exists i^{\prime }_{k-1}\le i^{\prime }_{k}. (\tau ^{\prime }_{i^{\prime }_k} -\tau ^{\prime }_{i^{\prime }} \in \mathsf {I}_k\) inside): (17) \(\begin{equation} \begin{aligned}\rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_k \!{\iff }\!\!&\exists i^{\prime }\le i_1^{\prime } \le \cdots \le i^{\prime }_{k-1}. \bigwedge \limits _{g=1}^{k-1} (\tau ^{\prime }_{i^{\prime }_g} -\tau ^{\prime }_{i^{\prime }} \in \mathsf {I}_g {\wedge }\rho ^{\prime },i^{\prime }_g \models \bigvee \Sigma \wedge \mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{g-1}, i^{\prime }_g, S^{\prime }) \in L(\mathsf {A}^{\prime }_g)) \\ & \wedge \exists i^{\prime }_{k-1}\le i^{\prime }_{k}. (\tau ^{\prime }_{i^{\prime }_k} -\tau ^{\prime }_{i^{\prime }} \in \mathsf {I}_k \!\wedge \! \mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, i^{\prime }_{k}, S^{\prime }) \in L(\mathsf {A}^{\prime }_{k}) \!\wedge \! \mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{k}, m^{\prime }, S^{\prime }) \in L(\mathsf {A}^{\prime }_{k+1}). \end{aligned} \end{equation}\) Let \(\mathsf {A}^{\prime }_k = (Q,\mathsf {init}, 2^{S^{\prime }}, \delta , F)\), \(I_{k-1} = \langle l_{k-1}, u_{k-1} \rangle\) and \(I_{k} = \langle l_k, u_k \rangle\).

•	Case 1: \(I_{k-1}\) and \(I_{k}\) are non-overlapping. That is, \(u_{k-1} \lt l_k\) (strict \(\lt\) is implied by the fact that the set of intervals \(\lbrace \mathsf {I_1, \ldots , I_k}\rbrace\) is non-adjacent). Hence, \(\tau ^{\prime }_{i^{\prime }_{k-1}} -\tau ^{\prime }_{i^{\prime }_k} \ge 1\) for any possible value of \(i^{\prime }_{k-1}\) and \(i^{\prime }_k\). – Case 1.1: \(I_{k}\) is bounded, i.e., \(u_k \ne \infty\). Then, \(\tau ^{\prime }_{i^{\prime }_{k-1}} -\tau ^{\prime }_{i^{\prime }_k} \le \mathsf {cmax}\) holds. Intuition: Refer to Figure 10. Similar to case 2 of Lemma 8.5, we apply Lemma 8.3 to split the check for \(\mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, i^{\prime }_{k}, S^{\prime }) \in L(\mathsf {A}^{\prime }_{k})\) at the nearest oversampling point c after \(i^{\prime }_{k-1}\). The first part of the check (from \(i^{\prime }_{k-1}\) to c) can be asserted using the kth tail automata of \(k-1\)-ary \(\text{PnEMTL}\) formula, where the first \(k-2\) arguments are identical to that of \(\phi ^{\prime }_f\). The second part of the check (from c to \(i^{\prime }_k\)) can be asserted in the reverse direction from \(i^{\prime }_k\) by jumping to it from \(i^{\prime }\) using \(\mathsf {F}_{I_k}\) modality. Fig. 10. View Figure Construction: By Lemma 8.3, (18) \(\begin{equation} \begin{aligned} \mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, i^{\prime }_{k}, S^{\prime }) \in L(\mathsf {A}^{\prime }_{k}) & \equiv & \bigvee \limits _{j=0}^{\mathsf {cmax}-1} \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F}\! \rho ^{\prime }, i^{\prime }_{k-1} \models \exists c^{\prime }. {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, c^{\prime }, S^{\prime })& \\ && \in L(\mathsf {A}_k[init, q] \cdot \mathsf {int}_j) \wedge \rho ^{\prime }, i^{\prime }_{k} \models \psi ^-(k,q,f,j)&. \end{aligned} \end{equation}\) For the sake of brevity, we make following abuses of notation: For any NFA \(\mathsf {A}\) and any proposition \(\mathsf {int}_j \in \mathsf {Int}\), \(\mathsf {A}\cdot \lbrace nt_j, \lnot \bigvee \Sigma \rbrace\) is denoted by \(\mathsf {A}\cdot \mathsf {int}_j\). Moreover, automata accepting all possible behaviors over any given set of subformulae is denoted by \(\Sigma ^*\). Moreover, (19) \(\begin{equation} \exists c^{\prime }. {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, c, S^{\prime }) \in L(\mathsf {A}_k[init, q]\cdot \mathsf {int}_j) \iff {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, m^{\prime }, S^{\prime }) \in L(\mathsf {A}_k[init, q]\cdot \mathsf {int}_j\cdot \Sigma ^*). \end{equation}\) Hence, by Equations (17), (18), and (19), we have \(\rho ^{\prime }, i^{\prime } \models \phi ^{\prime }_k \iff\) (20) \(\begin{equation} \begin{aligned}\rho ^{\prime },i^{\prime } \models &\bigvee \limits _{j=0}^{\mathsf {cmax}-1} \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F} \left[\left\lbrace \exists i^{\prime }\le i_1^{\prime } \le \cdots \le i^{\prime }_{k-1}. \bigwedge \limits _{g=1}^{k-1} (\tau ^{\prime }_{i^{\prime }_g} -\tau ^{\prime }_{i^{\prime }}) \in \mathsf {I}_g \wedge \rho ^{\prime },i^{\prime }_g \models \bigvee \Sigma \right.\right.\\ & \left.\wedge \mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{g-1}, i^{\prime }_g, S^{\prime }) \in L(\mathsf {A}^{\prime }_g)) \wedge {Seg^+}(\rho ^{\prime }, i^{\prime }_{k-1}, m^{\prime }, S^{\prime }) \in L(\mathsf {A}_k[init, q]\cdot \mathsf {int}_j\cdot \Sigma ^*)\right\rbrace \\ &\left.\wedge \left\lbrace \exists i^{\prime }_{k}. (\tau ^{\prime }_{i^{\prime }_k} -\tau ^{\prime }_{i^{\prime }}) \in \mathsf {I}_k. \rho ^{\prime }, i^{\prime }_k \models \psi ^-(k,q,f,j) \wedge \mathsf {Seg^+}(\rho ^{\prime }, i^{\prime }_{k}, m^{\prime }, S^{\prime }) \in L(\mathsf {A}^{\prime }_{k+1})\right\rbrace \right]\!. \end{aligned} \end{equation}\) By semantics of \(\text{PnEMTL}\) and \(\text{EMITL}\) logic, the above condition is equivalent to \(\rho ^{\prime }, i^{\prime } \models \psi ^{1.1}_f=\) (21) \(\begin{equation} \bigvee \limits _{j=0}^{\mathsf {cmax}-1} \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F}[\lbrace \mathcal {F}^{k-1}_{\mathsf {I_1, \dots ,I_{k-1}}}(\mathsf {A}^{\prime }_1, \ldots , \mathsf {A}^{\prime }_{k-1}, \mathsf {A}_k[init, q]\cdot \mathsf {int}_j \cdot \Sigma ^*)\rbrace \wedge \lbrace \mathsf {F}_{I_k} (\psi ^-(k,q,f,j) \wedge \mathcal {F}(\mathsf {A}^{\prime }_{k+1}\cdot \mathsf {Last}))\rbrace ]. \end{equation}\) – Case 1.2: \(I_{k}\) is unbounded, i.e., \(u = \infty\). There are two possibilities. Either (1) \(i^{\prime }_{k}\) occurs within \(\langle l_k, l_k+1)\) from \(i^{\prime }\) or (2) \(i^{\prime }_k\) occurs beyond timestamp \(\lceil \tau ^{\prime }_{i^{\prime }}+l_k \rceil\): Possibility 1: \(i^{\prime }_{k}\) occurs within \(\langle l_k, l_k+1)\). Hence, \(\tau ^{\prime }_{i^{\prime }_{k}} \in \langle \tau ^{\prime }_{i^{\prime }} + l_{k}, \tau ^{\prime }_{i^{\prime }} + l_k+1)\). The case can be handled using the following formulae: (22) \(\begin{equation} \phi ^{1.2.1} = \mathcal {F}^{k-1}_{\mathsf {I_1, \dots ,I_{k-1}},\langle l_k, l_k+1)} (\mathsf {A}_1, \ldots , \mathsf {A}_{k+1}). \end{equation}\) This formulae now falls under case 1.1, as \(I_k\) and \(I_{k-1}\) are non-overlapping and bounded and, \(l_{k} + 1 \le \mathsf {cmax}\). Hence, it can be handled similarly. Let \(\psi ^{1.2.1}\) be the formula that we get after applying the reduction as mentioned in case 1.1 on \(\phi {1.2.1}_f\). Possibility 2: \(\tau ^{\prime }_{i^{\prime }_k} \gt \lceil \tau ^{\prime }_{i^{\prime }}+l_k \rceil\). In this case, we use the oversampling point, c, at integer timestamp \(\lceil \tau ^{\prime }_{i^{\prime }}+l_k \rceil\) to break the check for \(\mathsf {A}_k\). Note that if the nearest oversampling integer point next to \(i^{\prime }\) is labelled \(\mathsf {int}_j\), then (by \(\varphi _{ovs}\)), \(\lceil \tau ^{\prime }_{i^{\prime }}+l_k \rceil\) is labelled as \(\mathsf {int}_{j^{\prime }}\) where \(j^{\prime } = j \oplus l_k\). Moreover, as the time difference between \(\mathsf {int}_{j^{\prime }}\) and \(i^{\prime }\) is less than \(l_k+1 \le \mathsf {cmax}\), there is no other oversampling point between \(i^{\prime }\) and c (hence, between \(i^{\prime }_{k-1}\) and c) with the same label as \(\mathsf {int}_{j^{\prime }}\). Hence, to assert \(\mathsf {A}_{k}\) from \(i^{\prime }_{k-1}\) to some point beyond c, we start with checking for \(\mathsf {A}^{\prime }_{k}\) from \(i^{\prime }_k\) to c reaching some state q and continuing the run from c to check for the remaining part starting from q and ending up at some final state f at some point (i.e., the required \(i^{\prime \prime }\)) in the future of c from where we again assert that the behavior till the end of the word is accepted by \(\mathsf {A}^{\prime }_{k+1}\) (in which case \(i^{\prime \prime }\) becomes the required \(i^{\prime }_{k}\)). This can be expressed using the following formula: (23) \(\begin{equation} \psi ^{1.2.2} = \bigvee \limits _{j=0}^{\mathsf {cmax}-1}\left[(\mathsf {F}_{[0,1)} \mathsf {int}_j) \rightarrow \left\lbrace \bigvee \limits _{q \in Q}\bigvee \limits _{f \in F} [\mathcal {F}^{k-1}_{\mathsf {I_1, \dots ,I_{k-1}}} (\mathsf {A}_1, \ldots , \mathsf {A}_{k-1}, \mathsf {A}^{\prime }_k[init,q] \cdot \mathsf {int}_{j^{\prime }},\mathsf {A}^{\prime }_k[q,f] \cdot \mathsf {A}_{k+1})\right]\right\rbrace \!. \end{equation}\) We encourage readers to refer to Figure 11. Hence, \(\psi ^{1.2} = \psi ^{1.2.1} \vee \psi ^{1.2.2}\) is the required formula for this case. Note that Possibilities 1 and 2 are not disjoint. That is, there are positions of \(i^{\prime }_k\) that fall within both sets of possibilities. This simply means that there are models for which both \(\psi ^{1.2.1}, \psi ^{1.2.2}\) hold. Hence, the restrictions imposed by both these formulae might be redundant, but together both these formulae cover all the possibilities for occurrence of \(i^{\prime }_k\). Fig. 11. View Figure
•	Case 2: \(I_{k-1}\) and \(I_k\) overlap each other. That is, \(l_k \lt u_{k-1}\) (again, the strict \(\lt\) is due to the fact that \(\phi ^{\prime }_f\) is a non-adjacent formula). Hence, it is possible that there is no oversampling point between \(i^{\prime }_{k-1}\) and \(i^{\prime }_k\), because of which we can not only rely on Lemma 8.3. There are following subcases depending on how the intervals \(I_{k-1}\) and \(I_{k}\) overlap and whether \(I_k\) is bounded or not: – Case 2.1: \(I_k\) is bounded, \(l_{k-1} = l_{k}\) and \(u_{k-1} \lt u_{k}\). There are two possibilities based on the relative positions of \(i^{\prime }_{k-1}\) and \(i^{\prime }_k\). Possibility 1: There is an oversampling point between \(i^{\prime }_{k-1}\) and \(i^{\prime }_{k}\). As \(I_k\) is bounded, the time difference between the former and the latter is bounded by \(\mathsf {cmax}\). Hence, using Lemma 8.3 and identical reasoning used in case 1.1, the same formula \(\psi ^{1.1}\) takes care of this possibility. Possibility 2: There is no oversampling point between \(i^{\prime }_{k-1}\) and \(i^{\prime }_{k}\). If \(i^{\prime }_{k-1}\) lies within \(I_{k-1}\) from \(i^{\prime }\), then \(\tau ^{\prime }_{i^{\prime }_k} \le \lceil \tau ^{\prime }_{i^{\prime }_{k}} \rceil = \lceil \tau ^{\prime }_{i^{\prime }_{k-1}} \rceil\)(timestamps of both the points have same integer parts) \(\lt \tau ^{\prime }_{i^{\prime }_{k-1}}+1\)(property of ceiling function) \(\le \tau ^{\prime }_{i^{\prime }}+1+u_{k-1}\) (\(i^{\prime }_{k-1}\) lies within \(I_{k-1}\) of \(i^{\prime }\)) \(\le \tau ^{\prime }_{i^{\prime }}+u_{k}\) (\(u_k \lt u_{k-1}\) and \(u_k\) is an integer). Similarly, \(i^{\prime }_{k-1}\) lies within \(I_{k-1}\), and the \(i^{\prime }_k\) occurs after \(i^{\prime }_{k-1}\) implies the time difference between \(i^{\prime }_k\) and \(i^{\prime }\) is more than \(l_{k-1} = l_k\) units. Hence, (a) \(i^{\prime }_{k-1}\) within \(I_{k-1}\) from \(i^{\prime }\), (b) \(i^{\prime }_k\) occurs after \(i^{\prime }_{k-1}\), and (c) there is no oversampling point between them, implies that \(i^{\prime }_{k}\) is within \(I_k\) from \(i^{\prime }\). We check this inline using the following \(k-1\) ary \(\text{PnEMTL}\) formula: (a) is checked using the last interval \(I_{k-1}\), (b) is asserted by concatenating \(\mathsf {A}_k\) with \(\mathsf {A}^{\prime }_{k+1}\) appearing in the last argument, and (c) is asserted by using \(\mathsf {A}_k\) (which disallows any oversampling points) rather than \(\mathsf {A}^{\prime }_k\) for concatenation with \(\mathsf {A}^{\prime }_{k+1}\) in the last argument. Hence, the following formula covers this possibility: (24) \(\begin{equation} \psi ^{2.1.2} = \mathcal {F}^{k-1}_{I_1,\ldots I_{k-1}}(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{k-1},\mathsf {A}_k\cdot \mathsf {A}^{\prime }_{k+1}). \end{equation}\) We encourage the readers to go through Figure 12. Finally, the formula for this kind of overlapping of \(I_{k-1}\) and \(I_k\) is \(\psi ^{2.1} = \psi ^{1.1} \vee \psi ^{2.1.2}\). Fig. 12. View Figure – Case 2.2: \(I_k\) is bounded, \(u_{k-1} = u_{k}\) and \(l_{k-1} \lt l_{k}\). This case is similar to the case above. There are two possibilities as in case 2.1. Possibility 1: There is an oversampling point between \(i^{\prime }_{k-1}\) and \(i^{\prime }_{k}\). Similar to case 1.1 and 2.1, \(\psi ^{1.1}\) covers this possibility. Possibility 2: There is no oversampling point between \(i^{\prime }_{k-1}\) and \(i^{\prime }_{k}\). The argument here is symmetric. But we just need to check \(i^{\prime }_{k}\)’s position rather than \(i^{\prime }_{k-1}\). If \(i^{\prime }_k\) lies within \(I_{k}\) from \(i^{\prime }\), then \(\tau ^{\prime }_{i^{\prime }_{k-1}} \ge \lfloor \tau ^{\prime }_{i^{\prime }_{k}} \rfloor\) (timestamps of both the points have same integer parts) \(\gt \tau ^{\prime }_{i^{\prime }_{k}}-1\) (property of floor function) \(\ge \tau ^{\prime }_{i^{\prime }}-1+l_{k}\) (\(i^{\prime }_{k}\) lies within \(I_{k}\) of \(i^{\prime }\)) \(\le \tau ^{\prime }_{i^{\prime }}+l_{k-1}\) (\(l_{k-1} \lt l_{k}\) and \(l_{k-1}\) is an integer). Similarly, \(i^{\prime }_{k}\) lies within \(I_{k}\) and the \(i^{\prime }_{k-1}\) occurs before \(i^{\prime }_{k}\) implies the time difference between \(i^{\prime }_{k-1}\) and \(i^{\prime }\) is less than \(u_k\) = \(u_{k-1}\) units. Hence, (a) \(i^{\prime }_k\) occurring within \(I_{k}\) from \(i^{\prime }\), (b) \(i^{\prime }_{k-1}\) occurs after \(i^{\prime }_{k}\), and (c) there is no oversampling point between them, implies that \(i^{\prime }_{k-1}\) is within \(I_{k-1}\) from \(i^{\prime }\). We check this inline using the following \(k-1\)-ary \(\text{PnEMTL}\) formula: (a) is checked setting the last interval \(I_{k}\), (b) is asserted by concatenating \(\mathsf {A}^{\prime }_{k-1}\) with \(\mathsf {A}_{k}\) in the second last argument, and (c) is asserted by using \(\mathsf {A}_k\) (which disallows any oversampling points) rather than \(\mathsf {A}^{\prime }_k\) for concatenation with \(\mathsf {A}^{\prime }_{k-1}\) in the last but second argument. Hence, the following formula covers this possibility: (25) \(\begin{equation} \psi ^{2.2.2} = \mathcal {F}^{k-1}_{I_1,\ldots , I_{k-2}, I_{k}}(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{k-1}\cdot \mathsf {A}_k, \mathsf {A}^{\prime }_{k+1}). \end{equation}\) Finally, the formula for this kind of overlapping between \(I_{k-1}\) and \(I_k\) is \(\psi ^{2.2} = \psi ^{1.1} \vee \psi ^{2.2.2}\). – Case 2.3: \(I_k\) is bounded, \(l_{k-1} \lt l_{k}\) and \(u_{k-1} \lt u_{k}\). As above, there are two possibilities. Possibility 1, when point \(i^{\prime }_{k-1}\) and \(i^{\prime }_k\) have an oversampling point in between them. This possibility is identical to case 1.1 and hence \(\psi ^{1.1}\) covers it. For possibility 2, when both the points are within same integer timestamps, consider the following: Let \(I^{\prime } = I_{k-1} \cap I_{k} = \langle l_k, u_{k-1} \rangle .\)12 Then, for possibility 2 to occur, either (a) \(i^{\prime }_{k-1}\) occurs within \(I^{\prime }\) from \(i^{\prime }\) or (b) \(i^{\prime }_k\) occur within \(I^{\prime }\) from \(i^{\prime }\), because if both of them do not occur within the intersection, then there is at least one oversampling point between them (which is already covered by \(\psi ^{1.1})\)). Hence, it suffices to reduce arity of formula \(\phi ^{2.3} = \phi ^{2.3}_{a} \vee \phi ^{2.3}_{b}\) for this possibility where (26) \(\begin{equation} \phi ^{2.3}_{a} = \mathcal {F}^{k-1}_{I_1,\ldots ,I_{k-2}, I^{\prime }, I_{k}}(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{k-1},\mathsf {A}^{\prime }_k, \mathsf {A}^{\prime }_{k+1}), \end{equation}\) (27) \(\begin{equation} \phi ^{2.3}_{b} = \mathcal {F}^{k-1}_{I_1,\ldots ,I_{k-2}, I_{k-1}, I^{\prime }}(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{k-1},\mathsf {A}^{\prime }_k, \mathsf {A}^{\prime }_{k+1}). \end{equation}\) Note that these k-ary \(\text{PnEMTL}\) formulae can be reduced individually, as \(\phi ^{2.3}_{a}\) falls under the case 2.1, while \(\phi ^{2.3}_{b}\) falls under the case 2.2. Let \(\psi ^{2.3}_{a}\) and \(\psi ^{2.3}_{b}\) be the formulae we get after applying the reduction from cases 2.1 and 2.2 to the formulae \(\phi ^{2.3}_{a}\) and \(\phi ^{2.3}_{b}\), respectively. Then, the required formula covering this case is \(\psi ^{2.3} = \psi ^{1.1} \vee \psi ^{2.3}_{a} \vee \psi ^{2.3}_{b}\). – Case 2.4: \(l_{k-1} = l_k = l\) and \(u_{k-1} = u_k = u\). Let \(I_{k-1} = (l,u) = I_k\).13 Like the previous subcases, possibility in which there is an oversampling point between \(i^{\prime }_k\) and \(i^{\prime }_{k-1}\), is handled by formula \(\psi ^{1.1}\). There are two other possibilities. Possibility 2: (a) There is no oversampling point between \(i^{\prime }_{k-1}\) and \(i^{\prime }_{k}\), and (b)\(\tau ^{\prime }_{i^{\prime }_{k-1}} \in (\tau ^{\prime }_{i^{\prime }} + l, \lfloor \tau ^{\prime }_{i^{\prime }} + u \rfloor)\). Note that (a) and (b) implies \(i^{\prime }_{k-1}\) and \(i^{\prime }_{k}\) are within \((l,u)\) from \(i^{\prime }\). To check (a), we nest a \(\mathcal {F}\) modality within the \(k-1\)-ary \(\text{PnEMTL}\) formula asserting \(\mathsf {A}_k\) instead of \(\mathsf {A}^{\prime }_k\) from point \(i^{\prime }_{k-1}\) in the kth argument of \(k-1\)-ary \(\text{PnEMTL}\) formula (see formula \(\Gamma _j\)). To check (e), we just have to assert that if \(\rho ^{\prime }, i^{\prime } \models \mathsf {F}_{[0,1)} (\mathsf {int}_j)\), then \(\tau ^{\prime }_{i^{\prime }_{k-1}} - \tau ^{\prime }_{i^{\prime }} \in (l, u) \wedge \rho ^{\prime }, i^{\prime }_{k-1} \models \lnot \mathsf {F}_{[0,1)}(\mathsf {int}_{j\oplus u_{k}})\) (again, see formula \(\Gamma _j\)). Let \(\Gamma _j = \lnot \mathsf {F}_{[0,1)}(\mathsf {int}_{j\oplus u_k}) \wedge \mathcal {F}(\mathsf {A}_k \cdot \mathsf {A}^{\prime }_{k+1})\) and \(S^{\prime \prime } = S^{\prime } \cup \Gamma _j\). Let \(\mathcal {S}\) sets of subsets of \(S^{\prime \prime }\) containing \(\Gamma _j\). (28) \(\begin{equation} \psi ^{2.4(i)} = \bigvee \limits _{X \in \mathcal {S}} \subseteq \bigvee \limits _{j=1}^{\mathsf {cmax}} (\mathsf {F}_{[0,1)}(\mathsf {int}_j) \rightarrow \mathcal {F}^{k-1}_{I_1,\ldots ,I_{k-1}}(\mathsf {A}^{\prime \prime }_1,\ldots , \mathsf {A}^{\prime \prime }_{k-1}, X \cdot \Sigma ^*)(S^{\prime \prime }), \end{equation}\) where \(\mathsf {A}^{\prime \prime }_i = \mathsf {A}^{\prime \Gamma _j}_i\). That is, the transitions of \(\mathsf {A}^{\prime \prime }_i\) do not depend on the truth value of \(\Gamma _j\). Possibility 3: (a) holds and (c) \(\tau ^{\prime }_{i^{\prime }_{k}} \in (\lfloor \tau ^{\prime }_{i^{\prime }} + u_k \rfloor , \tau ^{\prime }_{i^{\prime }} + u_k)\). Then, (a) and (c) implies \(i^{\prime }_{k-1}\) and \({i^{\prime }_{k}}\) are within \((l,u)\) from \(i^{\prime }\). Like the previous possibility, to check (a), concatenate \(\mathsf {A}^{\prime }_{k-1}\) with \(\mathsf {A}_k\) instead of \(\mathsf {A}^{\prime }_k\) in the \(k-1\)th argument of \(k-1\)-ary \(\text{PnEMTL}\) formula. To check (c), we just have to assert that if \(\rho ^{\prime }, i^{\prime } \models \mathsf {F}_[0,1) (\mathsf {int}_j)\), then \(\tau ^{\prime }_{i^{\prime }_{k}} - \tau ^{\prime }_{i^{\prime }} \in (l, u) \wedge \rho ^{\prime }, i^{\prime }_{k-1} \models \mathsf {F}_{[0,1)}(\mathsf {int}_{j\oplus u_{k}})\) (check \(\Gamma ^{\prime }_j\)). Let \(\Gamma ^{\prime }_j = \mathsf {F}_{[0,1)}(\mathsf {int}_{j\oplus u_k}) \wedge \mathcal {F}(\mathsf {A}^{\prime }_{k+1})\), \(S^{\prime \prime } = S^{\prime } \cup \Gamma ^{\prime }_j\). Let \(\mathcal {S}^{\prime }\) sets of subsets of \(S^{\prime \prime }\) containing \(\Gamma ^{\prime }_j\). (29) \(\begin{equation} \psi ^{2.4(ii)} = \bigvee \limits _{X \in \mathcal {S}^{\prime }} \wedge \Gamma _j \in S \subset \bigvee \limits _{j=1}^{\mathsf {cmax}} (\mathsf {F}_{[0,1)}(\mathsf {int}_j) \rightarrow \mathcal {F}^{k-1}_{I_1,\ldots ,I_{k-2}, I_{k}}(\mathsf {A}^{\prime \prime }_1,\ldots , \mathsf {A}^{\prime \prime }_{k-1}\cdot \mathsf {A}_k^{\Gamma ^{\prime }_j}, X\cdot \Sigma ^*), \end{equation}\) where \(\mathsf {A}^{\prime \prime }_i = \mathsf {A}^{\prime \Gamma ^{\prime }_j}_i\) for \(i\le k-1\). Let \(\psi ^{2.4} = \psi ^{1.1} \vee \psi ^{2.4(i)} \vee \psi ^{2.4(ii)}\).
–	Case 2.5: \(I_{k}\) is an unbounded interval. We break this case into two possibilities. (1) \(i^{\prime }_{k}\) occurs within \(J_1 = \langle l_{k}, u_{k-1} + 1)\).14 (2) \(i^{\prime }_{k}\) occurs within \(J_2 = [u_{k-1} + 1, \infty)\). Hence, \(\phi ^{\prime }_f\) can be rewritten as \(\phi ^{\prime }_{f,1} \vee \phi ^{\prime }_{f,2}\) where for \(i \in \lbrace 1,2\rbrace\), (30) \(\begin{equation} \phi ^{\prime }_{f,i} = \mathcal {F}^{k}_{I_1,\ldots ,I_{k-1}, J_i}(\mathsf {A}^{\prime }_1,\ldots , \mathsf {A}^{\prime }_{k-1},\mathsf {A}^{\prime }_k, \mathsf {A}^{\prime }_{k+1}). \end{equation}\) Note that \(\phi ^{\prime }_{f,1}\) falls under case 2.3 if \(l_k \gt l_{k-1}\) and case 2.1 if \(l_{k} = l_{k-1}\). Moreover, \(\phi ^{\prime }_{f,2}\) is within the case 1.2 and, hence, can be handled accordingly. Let \(\psi ^{\prime }_{f,1}\) and \(\psi ^{\prime }_{f,2}\) be the formulae we get after applying corresponding reductions to \(\phi ^{\prime }_{f,1}\) and \(\phi ^{\prime }_{f,2}\), respectively. Then, \(\psi ^{2.5} = \psi ^{\prime }_{f,1} \vee \psi ^{\prime }_{f,2}\).
•	Note that all other cases are disallowed by Assumptions 1 and 2.

Hence, the required formula \(\phi ^{k-1}_f\) depends on the type of intervals \(I_k\) and \(I_{k-1}\). For example, if \(I_{k}\) is bounded and does not have an intersection with \(I_{k-1}\), then it falls within case 1.1 and \(\psi ^{1.1}\) is the required \(\text{PnEMTL}\). Moreover, note that the total number of operators (temporal, Boolean, etc.) in \(\text{PnEMTL}\) and \(\text{EMITL}_{0,\infty }\) is \(\mathcal {O}(\mathsf {cmax}\times |Q_k| \times |F_k| \times |\phi _f|)\).□

After recursively applying the above reductions, we get a formula \(\psi _f\) that contains modalities from \(\text{EMITL}_{0,\infty }\) and \(\mathsf {F}_{np}\) of the size in \(\mathcal {O}((\mathsf {cmax}\times |\phi _f|)^{n}) = \mathcal {O}(|\phi _f|^{Poly(n,M)}),\) where n is the arity of \(\phi _f\) and M is the number of bits required to store the constants of its timing interval.

8.4 Eliminating 𝖥_{⟨ l, u ⟩} Modalities Where l > 0 And u ≠ ∞

Let \(I = \langle l, u \rangle\) be any interval appearing in \(\psi ^{\prime }\) where \(l\gt 1\) and \(u\lt \infty\) (hence, \(u\le \mathsf {cmax}\)). Let \(\rho ^{\prime } = (\sigma ^{\prime }_1,\tau ^{\prime }_1) \ldots (\sigma ^{\prime }_{m^{\prime }}, \tau ^{\prime }_{m^{\prime }})\) such that \(\rho ^{\prime } \models \varphi _{ovs}\). In this section, given any formula of the form \(\mathsf {F}_{I}(\alpha)\), we construct a specification \(\delta ({{I}},\alpha)\) using \(\alpha\) and modalities from \(\text{MITL}_{0,\infty }\) such that, for any \(i^{\prime }\in dom(\rho ^{\prime })\), \(\rho ^{\prime },i^{\prime } \models \mathsf {F}_{I}(\alpha)\) iff \(\rho ^{\prime },i^{\prime }\models \delta (\mathsf {F}_{I},\alpha)\). Notice that \(\rho ^{\prime },i^{\prime } \models \mathsf {F}_{I} (\alpha)\) iff there exists a point \(j\gt i^{\prime }\) such that \(\tau ^{\prime }_j - \tau ^{\prime }_{i^{\prime }} \in \langle l, u \rangle\) and \(\rho ^{\prime },j \models \alpha\). Let c be the nearest integer oversampling point after \(i^{\prime }\). Let \(c^{\prime }\) be the integer oversampling point with timestamp \(\lceil \tau ^{\prime }_{i^{\prime }} + l \rceil\). There are two possibilities, depending on the occurrence of j.

Case 1: Either \(\tau ^{\prime }_j \in \langle \tau ^{\prime }_{i^{\prime }} + l, \lceil \tau ^{\prime }_{i^{\prime }} + l \rceil ]\). This implies j occurs before \(c^{\prime }\). If \(\mathsf {int}_{j}\) is true at point c, then \(\mathsf {int}_{j\oplus l}\) is true at point \(c^{\prime }\). Moreover, \(c^{\prime }\) will be the very first point after \(i^{\prime }\) with \(\mathsf {int}_{j\oplus l}\) counter value as \(l \le \mathsf {cmax}\). Hence, if j is any point in \(\langle l,\infty)\) from \(i^{\prime }\) that occurs before c, then timestamp of j is within \(\langle \tau ^{\prime }_{i^{\prime }} + l, \lceil \tau ^{\prime }_{i^{\prime }} + l \rceil ]\). This could be easily expressed using formula \(\delta _1({I}, \alpha) = \bigvee \nolimits _{i=0}^{\mathsf {cmax}-1} [\mathsf {F}_{[0,1)}(\mathsf {int}_j) \rightarrow (\lnot \mathsf {int}_{j\oplus l} \mathsf {U}_{\langle l, \infty)} \alpha)].\)

Case 2: Or \(\tau ^{\prime }_j \in (\lceil \tau ^{\prime }_{i^{\prime }} + l \rceil , \tau ^{\prime }_{i^{\prime }}+ u \rangle\). Hence, j occurs after \(c^{\prime }\). Notice that u is not greater than \(\mathsf {cmax}\). Hence, all the oversampling points in \(\langle \tau ^{\prime }_{i^{\prime }}, \tau ^{\prime }_{i^{\prime }}+ u \rangle\) are labelled with unique counters as the counters increment modulo \(\mathsf {cmax}\). Hence, the counter values at all the oversampling points between c and \(c^{\prime }\) are different than the counter values (or labels) at all the oversampling points with timestamp in \(\tau ^{\prime }_{i^{\prime }} + l \rceil , \tau ^{\prime }_{i^{\prime }}+ u \rangle\). More precisely, if c is labelled with \(\mathsf {int}_j\), then all the oversampling points within \((\tau ^{\prime }_{i^{\prime }}, \lceil \tau ^{\prime }_{i^{\prime }} + l \rceil ]\) will be labelled with propositions in \(\lbrace \mathsf {int}_{j\oplus 1},\ldots \mathsf {int}_{j \oplus l}\rbrace\), while the oversampling points within \((\lceil \tau ^{\prime }_{i^{\prime }} + l \rceil , \lceil \tau ^{\prime }_{i^{\prime }}+ u \rceil \rangle\) will be labelled with propositions from \(E = \lbrace \mathsf {int}_{j\oplus l+1},\ldots , \mathsf {int}_{j \oplus u}\rbrace\). Hence, any point within \([0,u\rangle\) of \(i^{\prime }\) where \(\mathsf {F}_{[0,1)} \bigvee E\) holds, occurs within time \((\lceil \tau ^{\prime }_{i^{\prime }} + l \rceil , \tau ^{\prime }_{i^{\prime }}+ u \rangle\). Hence, to assert that \(j \in (\lceil \tau ^{\prime }_{i^{\prime }} + l \rceil , \tau ^{\prime }_{i^{\prime }}+ u \rangle\), we construct formula \(\delta _2({I}, \alpha) = \bigvee \nolimits _{i=0}^{\mathsf {cmax}-1} [\mathsf {F}_{[0,1)}(\mathsf {int}_j) \rightarrow \mathsf {F}_{[0,u)}(\alpha \wedge \mathsf {F}_{[0,1)} (\bigvee E))]\).

Hence, \(\delta ({I}, \alpha) = \delta _1({I}, \alpha) \vee \delta _2({I}, \alpha)\) is the required formula free from any bounded interval with non-zero lower bound (provided \(\alpha\) is free from such intervals). Notice that size of \(\delta (I, \alpha) = \mathcal {O}(\mathsf {cmax}\times |\mathsf {F}_I(\alpha)|)\).

Hence, when this step is applied to formula \(\psi _f\) from the previous step, we get a formula \(\psi ^{\prime }_f\) in \(\text{EMITL}_{0,\infty }\) (\(\text{MITL}_{0,\infty }\) is a sublogic of \(\text{EMITL}_{0,\infty }\)). Moreover, in the DAG corresponding to \(\psi _f\) there will be at most \(|\psi _f|\) \(\mathsf {F}_{np}\) operators. Hence, size of \(\psi ^{\prime }_f\) is \(\mathcal {O}(|\psi _f| \times \mathsf {cmax}) = \mathcal {O}(|\phi _f|^{Poly(n,M)})\).

Applying all the above steps to every \(\text{PnEMTL}\) modality in \(\phi _{flat}\), we get a formula \(\psi ^{\prime } \in \text{EMITL}_{0,\infty }\) that is equisatisfiable to \(\phi\). Moreover, the size of \(\psi ^{\prime }\) is at most \(|\psi |\) times the size of max \(\psi ^{\prime }_f\). Hence, \(\psi ^{\prime }\) is of the size in \(\mathcal {O}(|\phi |^{Poly(n,M)})\).

8.5 Concluding Proof

The above three steps of construction show that:

9.1 Definition of Logics over Infinite Timed Words

The syntax and semantics for logic \(\text{LTL}\), \(\text{MTL}\), \(\text{TPTL},\) and \(\text{MSO}\) remain the same. For \(\text{EMTL}\) and \(\text{PnEMTL},\) the following changes are required:

9.2 Anchored Interval Infinite Timed Words

As the name suggests, Anchored Interval \(\omega\)-words are \(\omega\) extension of interval words. For the sake of completeness, we define these formally. Let \(I_\nu \subseteq \mathcal {I}_\mathsf {int}\). An \(I_\nu\) anchored \(\omega\)-interval word over \(\Sigma\) is an \(\omega\)-word \(\kappa\) of the form \(\sigma _1 \sigma _2 \ldots \in 2^{\Sigma \cup \lbrace anch\rbrace \cup I_\nu }\) such that there is a unique point \(i \in \mathbb {N}\) where \(\mathsf {anch}\) holds. As before, this point is called an anchor point of \(\kappa\) and denoted by \(\mathsf {anch}(\kappa)\). Moreover, for every \(i \in \mathbb {N}\), \(\Sigma \cap \sigma _i \ne \emptyset\). That is, at every point in \(\kappa\), at least one of the propositions from \(\Sigma\) holds. Let \(\rho = (\sigma _1, \tau _1) \ldots\) be any \(\omega\)-timed word. \(\rho ,i\) is consistent with an \(I_\nu\) \(\omega\)-interval word \(\kappa = \sigma ^{\prime }_1 \ldots\) if and only if for any \(j \in \mathbb {N}\), \(\sigma ^{\prime }_j \cap \Sigma = \sigma _j\), \(\tau _j - \tau _i \in \sigma ^{\prime }_j \cap I_\nu\) and \(i = \mathsf {anch}(\kappa)\). Let \(\mathsf {Time}(\kappa)\) be all the non-zeno pointed \(\omega\)-timed word \(\rho ,i\) consistent with \(\kappa\). In what follows, let \(\kappa\) be an \(I_\nu\) \(\omega\)-interval word. Let \(I \in I_\nu\) be any interval of the form \(\langle l,u \rangle\), where \(u \ne \infty\). If \(\lbrace j | I \in \kappa [j]\rbrace\) is an infinite set (i.e., I occurs infinitely often in \(\kappa\)), then we call \(\kappa\) a Zeno Interval Word. The following proposition is straightforward:

This is because there will be infinitely many points j is \(\rho = (\sigma _1, \tau _1) \ldots\) such that \(\tau _j - \tau _i \le u\). This, by definition, implies that \(\rho\) is a zeno word. Hence, if \(\kappa\) is a Zeno Interval Word, then \(\mathsf {Time}(\kappa)\) is an empty set. The definition of Collapsed \(\omega\)-Interval word is the same as Collapsed Interval words appearing in Section 4. As the proof of Lemma 4.2 does not require \(\kappa\) to be a finite word, it holds for non-zeno \(\omega\)-interval words, too.

9.3 Translation from 1-TPTL to PnEMTL

All the reduction in Section 5.1.1, i.e., translation from simple \(\text{TPTL}\) formulae to LTL over interval words, remains the same, as all the lemmas in that section hold for non-zeno infinite words, too. Translation from LTL to Büchi Automata over Collapsed Interval Words remains the same, as those techniques and results are standard for both finite and infinite timed words.

9.4 Equivalence of PnEMTL and GQMSO

Here, too, the existing reduction from PnEMTL to GQMSO and vice versa works. The only difference is, we need to use the standard Büchi Elgot Trakhtenbrot Theorem for infinite words.

9.5 Satisfiability Checking for Non-adjacent PnEMTL

This remains the same, too. The only difference is, wherever \(\mathsf {A}_{n+1}\) appears, it is a Büchi Automaton. As in the reduction mentioned in Section 8, \(\mathsf {A}_{n+1}\) always appears as the last argument (or the tail automaton) in the modalities of \(\text{EMITL}\) and \(\text{PnEMTL}\) in output and all the intermediate formulae. This is in accordance with the new syntax and semantics of \(\text{PnEMTL}\) for infinite words, as mentioned in Section 9.1. And in the base case Lemma 8.5, \(\mathsf {A}^{\prime }_2\) is a Büchi Automaton. We reduce the logic to \(\text{EMITL}_{0,\infty }\) extended with \(\mathcal {F}^{\omega }\). On inspection of Reference [27], the \(\mathcal {F}^{\omega }\) modality could be trivially reduced to Büchi Timed Automaton with size polynomial to that of the formulae. Hence, the result.