An exercise on the generation of many-valued dynamic logics Programming Journal of Logical and Algebraic Methods in

Contents lists available atScienceDirect

Journal of Logical and Algebraic Methods in Programming

www.elsevier.com/locate/jlamp

An exercise on the generation of many-valued dynamic logics

Alexandre Madeira

, Renato Neves

, Manuel A. Martins

aINESCTEC(HASLab)&MinhoUniversity,Portugal

bCIDMA–Dep.ofMathematics,AveiroUniversity,Portugal

a r t i c l e i n f o a b s t r a c t

Articlehistory:

Received7July2015

Receivedinrevisedform24March2016 Accepted30March2016

Availableonlinexxxx Keywords:

Dynamiclogic Many-valuedlogic Kleenealgebra Actionlattice

In the last decades, dynamic logics have been used in different domains as a suitable formalism to reason about and specify a wide range of systems. On the other hand, logics withmany-valuedsemantics areemergingas aninterestingtooltohandle devices and scenarioswhere uncertaintyis aprime concern. This paper contributestowards the combinationofthesetwoaspectsthroughthedevelopmentofamethodforthesystematic construction of many-valued dynamic logics. Technically, the method is parameterised by an action lattice that defines both the computational paradigm and the truth space (correspondingtotheunderlyingKleenealgebraandresiduatedlattices,respectively).

©2016ElsevierInc.All rights reserved.

1. Introduction

1.1. Context

Propositions,capturingstatic propertiesof programstates,and events,oractions, standingfor statetransitions, arethe keyingredientsinmodellingandanalysingaboutstate-basedsoftware systems.Programsaretypicallycombinedthrougha Kleenealgebratoexpresssequential,nondeterministic, iterativebehaviours, whilepropositions bringto thescenealogical structure.

Dynamic logic [17], a generalisation of the logic of Floyd–Hoare, is a well known and particularly powerful way of combiningthesetwo dimensionsintoaformalframeworktoreasonaboutcomputationalsystems.Itspotentialstemsfrom blendingtogetherclassicallogic,enrichedwithamodaldimensiontoexpress system’sdynamics,anda(Kleene)algebraof actionstostructureprograms.

Over time dynamic logic grew to an entire family of logics increasingly popular in the verification of computational systems, and able to evolve and adapt to new, and complex validation challenges. One could mention its role in model validation(as ine.g.[26]),orthewhole familyofvariantstailored tospecificprogramminglanguages(as ine.g. [32,2]),or itsimportantextensionstonewcomputingdomains,namelyprobabilistic[20]orcontinuous[38,39].

The latter is particularly relevant from an Engineering point of view: Actually, Platzer’s hybrid dynamic logic, and its associated tool, KeYmaera, combiningan algebraofactions basedon realnumbersassignments, withthestandard Kleene operators and differentialequationstospecify continuous transitionsfrom the“real”(physical)world, providesapowerful frameworkwithincreasedindustrialrelevanceforthedesignandvalidationofhybridsystems.

If hybrid systems entail the need to handle continuous state spaces, in a number of other cases dealing with some form of “quantitative” transitions (weighted, costed, probabilistic, certainty degrees etc.) is also a must. This motivates

*

E-mailaddresses:[email protected](A. Madeira),[email protected](R. Neves),[email protected](M.A. Martins).

http://dx.doi.org/10.1016/j.jlamp.2016.03.004 2352-2208/©2016ElsevierInc.All rights reserved.

research to define dynamic logics over structures able to model weighted computations. On the logical side, expressing the validity of a formula through a Boolean outcome can be also bequite restrictivewhen dealing with complex, often unpredictable,systems. Thismotivatestheadoptionoflogicswithmany-valuedsemantics,e.g.fuzzy [15],probabilistic[33]

orweighted[10].

Insuchacontext, thiswork attemptstocombinedynamic logicandmany-valuedsemantics to capturesmoothly these kind ofphenomena. The firststeps in thisdirection appeared in aprevious conferencepaper [29] wherea generic, para- metric, methodtoconstruct(propositional) many-valueddynamiclogics was discussed.Technically, thedefinitionofthese logics isparameterised by anaction lattice [21]which combinesaKleene algebrawith aresiduatedlattice structure. This algebraicstructurefitswellourgoal.Ontheonehand,asaresiduatedlattice,itprovidesanabstractstructureforthetruth spaces –most of the semantic structuresused as truth spaces, such as Booleanalgebras, Heytingalgebras, MValgebras or Łukasiewiczarithmeticlattices,are residuatedlattices (e.g.,[14,19]).Here,the residuestaketherole oflogicimplication. On theother handasaKleenealgebra,itprovidesanabstract,generic,modelforcomputations(e.g.,probabilistic,weighted,...).

MoreovertheextensionofKleenealgebraswitharesiduatedoperator,providingaleftinversetosequentialcompositionas in [40], as well aswith a lattice structure, leads to afinitely-based equational varietywhich, as plain Kleene algebras, is closedundertheformationofsquarematrices[22].Therelevanceofthisclosurepropertyliesinthefactthatseveralprob- lemsmodelledas(weighted)transitionsystemscanbeformulatedasmatricesoveraKleenealgebraorarelatedstructure.

Following suchatrend, werepresent programs asmatrices supporting theinformationabout their effects when executed fromeachstateinthestatespace.

1.2. Contributions

Thispaperispartofaresearchagendaonasystematicdevelopmentofdynamiclogics.¹Inparticular,itextendsprelimi- naryresultsdocumentedin[29]inseveraldirections.Ontheonehand,thescopeoftheparametersisgeneralisedbytaking arbitrary action lattices insteadof just theintegral ones. The expressiveness of the dynamisation process is also strongly enriched, throughthe considerationof negations,[^_]-modalitiesand tests. On theother hand, wetook thechallenge here tocharacterise,insome sense,“howdynamicdynamisationsare?”.The issueisaddressedthroughanexercise: assumingthe axiomatics ofpropositional dynamic logic(PDL) asa reference, wecarry on a systematic study ofthe validityof some of itsparticularfragmentswithrespecttoparticulardynamisation classes.Note, thatthiscriteriaisnot anabsolutereference tojudge whatis,and whatisnot,adynamiclogic.AlthoughPDL isprobablythemostpopular dynamiclogic,othersexist whichdonotsatisfysuchaxiomatics.Suchisthecase,forexample,ofgamelogic[37].

To the best of our knowledge, beyond our preliminary work [29], the approaches reported in [18,25] are the unique references intheliterature addressingmany-valueddynamic logic.Inthefirst paperJ. Hughes etal.introduced aproposi- tionaldynamiclogicoverthecontinuumtruth(0,1)-latticewiththestandardfuzzyresidues(actually theones adoptedin Example 4). In particular, this logiccan be achieved byweakening aspecific instance built with the general construction introducedinthepresentpaper.However,fromtheperspectiveofdynamiclogic,thisformalismisquiterestrictive,sinceit leftsbehindbothtransitiveclosureandnon-deterministic choice.

Inthecontextofrationaldecisiontheory,C.Liau[25]introducedamany-valueddynamiclogicw.r.t. thespecificcontin- uumtruth(0,1)-lattice.Admittingsome levelofparametricityon theimplicationadopted(throughanotionofimplication function,ofwhich theimplicationsofŁukasiewicz andGödel areexamples),thesemantics of[^_]-modalitiesbecomesquite different fromwhat weget.By thisreason, differentlyfrom whathappens withthe oneintroduced in[18], thislogiccan notbecaptured withourgenericformalism.

More extensive work exist in the related field of many-valued modal logics. Two approaches are usually considered.

The first one is clearly conservative, in the sense that the many-valued semantics only affects the modal valuation of propositions. In thiscase the accessibilityrelations are crispy (classic). The second one, closerto our own, considers that accessibility relationscan themselvesbemany-valued. Thisapproach was introduced byM. Fitting in[11,12], withmany- valuenessevaluatedinfiniteHeyting algebras.LateritwasdeeplyinvestigatedbyF. Bouetal.in[6],whoadoptedthemore generic truth support of finite integral commutative residuated lattices. A middle-term between crispy and many-valued accessibilityrelations,appearsinsomeworks(e.g.[5,31])throughmulti-modalities:for thecaseswherethetruthlattice is achain,anymulti-valuedrelationcanbeequivalentlyexpressedusingadecreasingfamilyofcrispymodalrelations,indexed bythesupportoftherespectivelattice.

1.3. AtributetoJoséNunoOliveira

The interplay between logic and computation, lying at the very heart of dynamic logic, is pervasive in the scientific workofJosé NunoOliveira.Fromhisperspective,any computationalphenomenonisanarrowinasuitableuniverse whose source and target are logic expressions. Thus, we find computations typed by invariants, as in a calculus of conductive programs [1], functions, in a calculus of data dependencies used for type checking database operations and query opti- misation [36], or program assertions,in the form of coreflexive relations, as in a Hoare logic like calculus [34] targeting correct-by-constructionprogramdesign,ratherthanverification.

1 http://wiki.di.uminho.pt/twiki/bin/view/Research/Dali/WebHome.

a+(b+^c)=(a+^b)+^{c (1)}

a+^b=^b+^{a (2)}

a+^a=^{a (3)}

a+⁰=⁰+^a=^{a (4)}

a;(b;^c)=(a;^b);^{c (5)}

a;1=1;^a=^a (6)

a;(b+^c)=(a;^b)+(a;^c) (7) (a+^b);^c=(a;^c)+(b;^c) (8)

a;⁰=⁰;^a=^{0 (9)}

1+^a+(a^∗;^a∗)≤^{a∗ (10)} a;^x≤^x⇒^a∗;^x≤^{x (11)}

x;^a≤^x⇒^x;^a∗≤^{x (12)}

a;^x≤^b⇔^x≤^a→^{b (13)}

a→^b≤^a→(b+^c) (14)

(x→^x)^∗=^x→^x (15)

x≤^a→(a;^x) (16)

a·(b·^c)=(a·^b)·^{c (17)}

a·^b=^b·^{a (18)}

a·^a=^{a (19)}

a+(a·^b)=^{a (20)}

a·(a+^b)=^a (21)

a;(a→^b)≤^{b (22)}

Fig. 1.Axiomatisation of action lattices (from[21]).

Insuchcalculi,universal coalgebra,thetheoryof functionaldependenciesor (generalised)Hoarelogics, allrenderedin aTarskian, point-freestyle amenableto algebraicmanipulation, play therole oftypesystems whose ruleshelpinreason- ing about computations withoutdiving intotheir semanticintricacies. Moreover, they providethe basisof extended type checkingmechanismstodischarge therelevantproofobligations.

José’sworkexploresthepowerofabstractalgebraicstructuresasawaytopromote calculationinsoftware design.Such structures, ofwhich Kleene algebras are aprime example, endow techniques which have been shown to be amenable to automation.Moreover,theyhavethepower tounifyseeminglydisparatedomainsandtheoriesonce thelatterareencoded intothesameabstractterms.

Webelievethepieceofresearchreportedinthispaper,seekingtoformulate dynamiclogicsforweighted, multi-valued computations,goesinasimilardirection.Inparticular,itmaycontributetosetthecontextforthechallengeJoséidentified inalandmarktutorial[34]:

TheideathattheproposedcalculusbridgesHoarelogicandtypetheoryneedstobebetterexploited,inparticularconcern- ingtheworkbyKozenonsubsumingpropositionalHoarelogicunderKleenealgebrawithtests(ofwhichtherelational calculusisawellknowninstance).

Thegenericnature oftheapproachtaken here,inwhichlogics areparameterised byspecifickindsofactionlattices, as wellasthepossiblerelevanceofourresultstothestudyofweightedtransitionsystems(anotherofJosé’sresearchinterests [35]),arealsoatributetohiswork.Soistheformofthispaper,setasanexercise,which,aswehavelearnedfromJosé, is themosteffectivesource ofallgenerality.

1.4. Outlineofthepaper

Thepaperisorganisedasfollows.Section2,recallswhatanactionlatticeis.Thewholecatalogueoftechnical properties used in the paper are proven. Then, an hierarchy of three classes of action lattices is introduced and characterised in detail. The parametric construction of many-valued dynamic logics is presented in Section 3. Both the generality of the computationalmodelsandsemanticsare illustratedinthissection.Thequestion“howdynamicaredynamisations?”isthen addressed,leadingtoasystematicstudyonthevalidityofPDLfragmentswithrespecttoparticularclassesofactionlattices.

Finally,Section4concludesandenumerateselementsforfuturework.

2. Actionlattices

2.1. Definitionandproperties

Letusstartbyrecallingfrom[21]thefollowingdefinition:

Definition1.Anactionlatticeisatuple A

= (

, + , ; ,

,

, ∗ , → , · )

where A isaset,0 and 1 areconstantsand +,;,∗,→^and ·^{arebinaryoperations in A satisfyingtheaxioms enumerated} inFig. 1,wheretherelation≤^isinducedby+^:a≤^biffa+^b=^b.

Note that, by (20) and (21), the natural order ≤ ^{can be} equivalently defined by a≤^{b iff a}·^b=^{a. Observe that by} restrictingthedefinitionofAtothestructure(A,+,;,0,1,∗) axiomatisedby(1)–(12)weobtain thedefinitionofaKleene algebra[8,22].Inthecontextofthiswork,thiswillbecalledtheunderlyingKleenealgebra ofA.Moreover, byconsidering structure (A,+,;,0,1,→,∗) axiomatised by (1)–(16)we obtain thedefinition of(left-residuated) actionalgebra[40]. The interestedreader isreferredto [13]for adetaileddiscussionon the relationship betweenKleene algebras,action algebras and actionlattices. Asstatedintheintroduction, thestructure ofanaction latticeisexplored inthispaperalongadouble dimension:asacomputationalmodelandasatruthspace.Theintuitionsforsomeofitsoperationsshallbetakenfromboth oftheseperspectives.Suchisthecaseofoperation+^{,whichplaystheroleof}non-deterministicchoice,intheinterpretation ofprograms,and oflogicaldisjunction,intheinterpretation ofsentences.However,thereareoperationswhoseintuitionis borrowedfrom just inone ofthese domains.For instance, whileoperations ∗^and ; ^{aretaken asiterative}application and sequentialcompositionofactions,operations→ ^and·^{play theroleoflogical}implicationandconjunction,respectively.

ThefollowingtheoremestablishesasetofwellknownKleenealgebrapropertiestobeusedinthesequel.

Theorem1.(See[8].) Let(A,+,;,0,1,∗)beaKleenealgebra.Thefollowingpropertieshold:

a

≤

a^∗

=

a^∗

=

;

1

+

;

=

Anactionlatticeissaidtobecompletewhenanysubsetof Ahasbothasupremumandaninfimumw.r.t.≤^.Thegreatest and least elements, when they exist, are denoted in the sequel by ⊤ ^and ⊥^, respectively. Note that in any action lattice

⊥=^{0, sinceforany a}∈^{A, a}+⁰=^{a, i.e.,0}≤^{a. Inthe caseofcompleteaction lattices, theexistence ofgreatestelements} isalsoensured. Since+ ^and· ^areassociative,wecangeneralise themton-aryoperators,and weresorttonotation! _for theiteratedversionofthe(join)operator+^,and "_{fortheiteratedversionofthe(meet) operator}

·^{ofactionlattices. The} left associativity of operators + ^and · ^{is, asusual, assumed.} Differentlyfrom the original definition [21], where a pair of residuesisconsidered,wekeeponlytheleftone. Equivalencea↔^{b isunderstoodasthevalue}(a→^b);(b→^a).Notethat, as usual (e.g. [6]), thecomposition ;^{, rather than meet} ·^{, is taken as}conjunction in the definitionof ↔^{. The reasons for} thischoicewillbecomeclearinthediscussionofduality betweenboxand diamondmodalities(subsection3.2.4).Actually, theadjointofimplication→^iscomposition; ^{(andnotthejoin} ·^{).Inthecontextof}many-valuedlogics,theconnective;^is calledstrong conjunction

As mentionedabove, thisstructure supportsboth thecomputational paradigm (to distinguishbetween e.g. imperative, deterministicornon-deterministic computations,orbetweenplain orweighted transitions)andthetruthspace(tocapture e.g.thestandardBooleanreasoningormorecomplextruthspaces).

ThefollowingLemma providesacatalogueofusefulpropertiesofactionlattices.

Lemma1.LetAbeanactionlattice.

IfAiscompleteandI finite:

x

→ (

i∈I

y_i

) =

i∈I

(

→

)

(

i∈I

x_i

) →

=

i∈I

(

→

)

a

· ⊤ =

= ⊤ ·

(

→ ⊤ ) = ⊤

ThefollowingpropertiesholdinanyactionlatticeA:

x≤^y⇒^a;^x≤^a;^{y (31)}

x≤^y⇒^x;^a≤^y;^{a (32)}

a≤^b&c≤^d⇒^a+^c≤^b+^{d (33)}

a→(b·^c)≤^a→^{b (34)}

a≤^b&c≤^d⇒^a·^c≤^b·^{d (35)}

a;(b·^c)≤(a;^b)·(a;^c) (36) a→(b·^c)≤(a→^b)·(a→^c) (37)

a≤^b⇒(c→^a)≤(c→^b) (38) a≤^b⇒(b→^c)≤(a→^c) (39) a→(b→^c)=(b;^a)→^{c (40)}

a≤^b&a≤^c⇒^a≤^b·^{c (41)}

a≤^b&c≤^d⇒^a;^c≤^b;^{d (42)}

1≤(0→^a) (43)

IfAis;-commutative,

x

;

=

⇒ (

→ (

→

)) ; (

→

) ≤ (

→

)

WhenI finite,wehavealso,

$

i∈^I

(

·

) ≤

i∈^I ai

·

i∈^I

bi (45)

Proof. For theproofof(27)and(28)see[6].Theremainingcasesareprovedinthesequel.

Equation(29)holdssince⊤ ^{isthegreatestelementofthelattice,i.e.,thatforanya}∈^A,a≤ ⊤^.

To establish (30) we just have to note that, since ⊤ ^{is the greatest element, we have y}≤ ⊤ ^{for any y}∈^{A and, in} particular,a;⊤≤ ⊤^{.Hence,by(13),}⊤≤^a→ ⊤^.Since⊤^{isthegreatestelement,} (a→ ⊤)=⊤^.

For(31),assuming x≤^{y,i.e., x}+^y=^{y.By(7).Then,a};^x+^a;^y=^a;(x+^y)=^a;^y.

Theprooffor(32)isanalogousbutresortingtodistributivity(8).

For(33),assuminga≤^bandc≤^d,i.e.,a+^b=^bandc+^d=^{d.By(1)and(2),wehave}(a+^c)+(b+^d)=(a+^b)+(c+^d)= b+^d.

Inordertoprove(34)weobservethat a

→

≤

→ (

+

)

⇒ {

}

a

→ (

·

) ≤

→ ((

·

) +

)

⇔ {

}

→ (

·

) ≤

→

Inordertoprove(35),assuminga·^b=^aandc·^d=^{c andapplying(17)and (18)wehave}(a·^c)·(b·^d)=(a·^b)·(c·^d)= a·(c·^d)=^a·^c.

For(36),weobservethat b

.

≤

.

≤

⇔ {

}

a

; (

.

) ≤

;

; (

.

) ≤

;

⇔ {

}

a

; (

.

) ·

; (

.

) ≤ (

;

) · (

;

)

⇔ {

}

a

; (

.

) ≤ (

;

) · (

;

)

Sincebypropertiesforanya,b,c∈^A,b.c≤^{b andb}.c≤^{c,wehavethata};(b.c)≤(a;^b)·(a;^c). Inordertoprove(37),weobservethat

a

→ (

·

) ≤

→

→ (

·

) ≤

→

⇒ {

}

(

→ (

·

)) · (

→ (

·

)) ≤ (

→

) · (

→

)

⇔ {

} (

→ (

·

)) ≤ (

→

) · (

→

)

By(34),wehavea→(b·^c)≤^a→^{b anda}→(b·^c)≤^a→^c.Therefore(a→(b·^c))≤(a→^b)·(a→^c).

Inordertoprove(38),property(14)yields (c→^a)≤(c→(a+^b)).Byhypothesisa≤^{b, i.e.,a}+^b=^b.Thus,(c→^a)≤ (c→^b).

Inordertoprove(39),wehavebyhypothesisthata≤^b,i.e.,a+^b=^b.Hence(b→^c)=((a+^b)→^c).By(28),((a+^b)→ c)=(a→^c)·(b→^c).Hence(b→^c)=(a→^c)·(b→^c),i.e.,(b→^c)≤(a→^c).

Toestablish (40)wereason

b

→

≤

→

⇔ {

}

; (

→

) ≤

⇒ {

} (

;

) ; ((

;

) →

) ≤

⇔ {

}

b

; (

; ((

;

) →

)) ≤

⇔ {

}

a

; ((

;

) →

) ≤

→

⇔ {

}

(

;

) →

≤

→ (

→

)

Moreover,

a

→

≤

→

⇔ {

}

; (

→

) ≤

⇒ {

}

; (

→ (

→

)) ≤

→

⇒ {

}

b

; (

; (

→ (

→

))) ≤

; (

→

)

⇒ {

}

; (

; (

→ (

→

))) ≤

⇔ {

}

(

;

) ; (

→ (

→

)) ≤

⇔ {

}

a

→ (

→

) ≤ (

;

) →

Fortheproofof(41)letussupposea≤^banda≤^c,i.e.,thata·^b=^aanda·^c=^a.Then,(a·^b)·^c=^a·^c=^a,i.e.,a≤^b·^c.

Regardingproperty(42)assumethat a≤^{b and c}≤^{d.Then, by(7)and sincec}≤^d⇔^c+^d=^{d, wehaveb};^c+^b;^d=^b; (c+^d)=^b;^{d, i.e., b};^c≤^b;^{d. Moreover, by (8) and since a}≤^b⇔^a+^b=^{b, we have b};^c=(a+^b);^c=^a;^c+^b;^{c, i.e.,} a;^c≤^b;^d.

Inordertoprove(43),since0 isthesmallestelement ofthelattice,by(6),(32)and (13),wehavethat, 0≤^a⇒⁰;¹≤ a;¹⇒⁰;¹≤^a⇔¹≤⁰→^a.

Fortheproofof(44)letAbe;-commutativeand letusassumethatx=^x;^x.

((

→ (

→

)) ; (

→

)) ;

= {

}

((

→ (

→

)) ; (

→

)) ; (

;

)

= {

}

(

; (

→

)) ; (

; (

→ (

→

)))

≤ {

}

; (

→

)

≤ {

}

Hence,

(

→ (

→

)) ; (

→

) ;

≤

⇔ {

}

x

; (

→ (

→

)) ; (

→

) ≤

⇔ {

}

(

→ (

→

)) ; (

→

) ≤ (

→

)

In the proof of (45), supposing a finite I, and a_i ·^bi ≤^ai and a_i ·^bi ≤^bi we have by (33) that !

i∈I(a_i ·^bi)≤

!

i∈Ia_i and !

i∈I(a_i·^bi)≤!

i∈Ib_i.Hence,by(41)!

i∈I(a_i·^bi)≤!

i∈Ia_i·!

i∈Ib_i holds. ✷

Pleasenote that we extended some of the axioms for + ^and · ^{to the} corresponding generalised versions, ! _and "_, respectively (e.g. ai≤^bi⇒!

i∈^Iai≤!

i∈^Ibi stands for thegeneralised version of(33)). Generalised versions of(33), (35) and(41)areusedinthisway.

Nowwediscussanumberofillustrativeexamples.Amongthem,Examples 1,2,4,and5werealreadypresentedin[29].

Example1(2–lineartwo-valueslattice).Letusconsiderthewellknown binarystructure 2

= ( {⊤ , ⊥} , ∨ , ∧ , ⊥ , ⊤ , ∗ , → , ∧ )

withthestandardbooleanconnectives:

∨ ⊥ ⊤

⊥ ⊥ ⊤

⊤ ⊤ ⊤

∧ ⊥ ⊤

⊥ ⊥ ⊥

⊤ ⊥ ⊤

→ ⊥ ⊤

⊥ ⊤ ⊤

⊤ ⊥ ⊤

∗⊥ ⊤

⊤ ⊤

Itisnotdifficulttoseethat2isanactionlattice.Moreover,theactionlatticeisobviouslycompleteanditsatisfiescondition (36)(notethatbothcompositionandmeetarerealised by∧^).

Example2 (3–linearthree-valuelattice). The explicit introduction of a denotation for unknown give rise to the following threeelementslinearlattice

3

= ( {⊤ ,

, ⊥} , ∨ , ∧ , ⊥ , ⊤ , ∗ , → , ∧ )

∨ ⊥ ^u ⊤

⊥ ⊥ ^u ⊤

u u u ⊤

⊤ ⊤ ⊤ ⊤

∧ ⊥ ^u ⊤

⊥ ⊥ ⊥ ⊥

u ⊥ ^{u u}

⊤ ⊥ ^u ⊤

→ ⊥ ^u ⊤

⊥ ⊤ ⊤ ⊤

u ⊥ ⊤ ⊤

⊤ ⊥ ^u ⊤

∗⊥ ⊤

u ⊤

⊤ ⊤

Itiseasytoseethat alltheconditionsinDefinition 1hold.Moreover,theactionlattice iscomplete.

Example3(2^A– powerset of A). Forafixed,finiteset A,letusconsiderthestructure 2^A

= (

(

), ∪ , ∩ , ∅ ,

, ∗ , → , ∩ )

whereP(A) denotesthepowersetofA,∪^and∩^{areset unionand}intersectionoperations,∗^{mapseachset X}∈P(A) into A and X→^Y =^Xc∪^{Y,where Xc}= {^x∈^A|^x∈/^X}^{.Thisactionlatticeisalsocomplete.}

Example4(Ł–theŁukasiewiczarithmeticlattice).Thisexampleisbasedonthewell-knownŁukasiewicz arithmeticlattice Ł

= ( [

,

] ,

, ⊙ ,

,

, ∗ , → ,

)

wherex→^y = ^min{¹,1−^x+^y}^,x⊙^y=^max{⁰,y+^x−¹}^and ∗^{mapseachpointof}[⁰,1]^{to1.Again,thisisacomplete} actionlattice.

Example5(FW–theFloyd–Warshallalgebra).TheFloyd–Warshallalgebraconsistsofatuple N⁺_⊥⊤

= ( {⊥ ,

,

, . . . , ⊤} ,

, + , ⊥ ,

, ∗ ,

,

)

where+^{extendsadditionon}N^byconsidering⊥^{asitsabsorbentelementanda}+⊤=⊤=⊤+^aforanya̸=⊥^.Operation max(respectively,min)isdefinedasthemaximum(respectively, minimum)undertheorder⊥<0<· · ·<⊤^.Operation⌣ istruncatedsubtraction

a⌣b

=

⎧⎪

⎪⎪

⎨

⎪⎪

⎪⎩

⊤ ,

= ⊥

= ⊤

−

,

≥

,

∈

,

>

,

∈

⊥

and,forany naturali>0,

∗⊥ ⁰ 0 0 i ⊤

⊤ ⊤ .

Note that theorder induced bya≤^{b iff max}{^a,b}=^b corresponds to the one mentioned above. The action lattice is complete.

Example6(REL(A)-relational algebra over a set A). Let us consider the action lattice defined by relationsover a set A. The corresponding Kleene algebra turns to be quite paradigmatic, since it underlies most standard semantics for sequential programsbasedoninput/outputrelations.

Givenaset A,wehave

REL

(

) = (

(

), ∪ , ◦ , ∅ ,

, ∗ , \ , ∩ )

where ∪ ^and ∩ ^{stand for set union and} intersection, respectively, ∅ ^{represents the empty relation and} " the diagonal relation {(a,a)|^a∈ ^A}^{. Operation} ∗ ^{is Kleene closure,} recursively defined, for each R∈P(A²), by R^∗=)

n≤ωRⁿ, where R⁰=" and Rⁿ⁺¹=^Rn◦^{R. Finally theresiduum is given by Q} \^R= {(x,y)| ^{for everyzif}(y,z)∈^{Q then}(x,z)∈^R}^{. The} actionlatticeiscomplete.

Example7 (LAN($)-languages over an alphabet$). Let us consider the action lattice defined by the finite languages on a finitealphabet $.Then,foragivenfinitealphabet $,wedefinetheactionlatticeoflanguagesover$ as

LAN

($) = (

($

), ∪ , · , ∅ , { ϵ _} , ∗ , → , ∩ )

where∪^and∩^{stand forsetunionand}intersection,∅^{representstheemptylanguage,}ϵistheemptyword,theoperation∗ istheKleenestardefinedbyL^∗=)

n≥⁰Lⁿ= {^w1· · · · ·^wn|^wi∈^L,1≤ⁱ≤ⁿ}^{and L0}= {ϵ_}and Lⁿ⁺¹=^L·^Ln.Thecomposition

·^{isdefinedby L}1·^L2= {^w1·^w2|^w1∈^L1and w2∈^L2}^{and theresiduum} →^byL1→^L2= {^v|∀^u(u∈^L1⇒^u·^v∈^L2)}^.The actionlatticeiscomplete.

Example8 (W_k finiteWajsberghoops). We consider now an action lattice endowing the finite Wajsberghoops [4] with a suitablestaroperation.Hence,forafix naturalk>0 andageneratora,wedefinethestructure

W_k

= (

, + , ; ,

,

, ∗ , → , · )

where W_k = {^a0,a¹,· · ·,a^k−1}^{, 1}=^{a0 and 0}=^{ak−1. Moreover, for any m},n≤^k−^{1, am}+^an=^{amin{m,n}, am};^an=^am+n, (a^m)^∗=^a0,am→^an=^{amax{n−m,0} andam}·^an=^amax{m,n}.

Fig. 2.Examples in theAL^hierarchy.

2.2. I^,H^andMV^{-actionlattices}

This section introduces three strict classes ofaction lattices (AL^{) which become much relevant in the context of the} presentwork.Thefirstclassissoundwithrespecttothepositive existentialfragmentofPDL;thesecondoneisalsosound with respect to the remaining positive axioms involving box modalities and tests. The third one captures the standard dualitybetween[^_]^and⟨^_⟩modalities. Thus,

Definition2.LetA=(A,+,;,0,1,∗,→,·)beanactionlattice.ThenAissaid tobe

1. AI^{-actionlattice,whentheidentityoftheKleenealgebracoincideswiththegreatestelement oftheresiduatedlattice,} i.e.,

1

= ⊤

2. A H^{-actionlattice, if it belongs to the class of} I^{-action lattices whose Kleene algebra} composition coincides with the infimumoftheresiduatedlattice,i.e.,suchthatforanya,b∈^A,

a

;

=

·

3. AMV^{-actionlattice,ifitisontheclassof}I^{-actionlatticesand satisfiescondition}

(

→

) →

=

+

The symbols I H^, MV ^{refer to the residuated lattices from which these properties come from, in} particular, integral, Heyting and MV algebras. We can find a succinct presentation of these classes in the survey [19]. For a more complete accountofsuchalgebraicstructuressupportingmany-valuedlogicsseebooks[7]and [14].

With exception of Examples 5, 6,and 7, all theaction lattices introduced in the previoussection are I^{-actionlattices.}

Thiscomes from observingthat thegreatest element ofeachsupporting set,w.r.t.the orderinducedby+^{, istheidentity} of;^.

Sincetheirrealisations of·^and;^{coincide, thestructurespresentedin}Examples 1,3,and 2,aswellas,theactionlatticeof thecasek=^{2 in Example 8,areexamplesof}H^{-actionlattices.}

Moreover,theH^{-actionlatticesof}Examples 1 and3areexamplesofMV^{-actionlattices–for2,(48)canbeeasilychecked} by constructing a truth table and for 2^A, we observe that (X→^Y)→^Y =(X^c∪^Y)^c∪^Y =(X^cc∩^Yc)∪^Y =(X^{c c}∪^Y)∩ (Y^c∪^Y)=(X∪^Y)∩^A=^X∪^{Y. The lattice 3 of Example 2} illustrates a H^{-action lattice that is not a} MV^{-actionlattice} (since(u→ ⊥)→ ⊥=⊤̸=^u+⊥^{).Theactionlattice ŁofExample 4}illustratesaMV^{-actionlatticethatisnotan}H^-action lattice.Infact,condition (48)canbeverifiedforExample 4asfollows:

(

→

) →

⇔ {

}

1

,

−

{

,

−

+

} +

⇔ {

}

1

,

+

{−

,

−

−

} +

⇔ {

}

1

,

{

,

−

} +

⇔ {

}

1

,

{

,

}

⇔ {

}

{

,

}

⇔ {

}

+

Finally, wecan observethat, forany k, theaction lattices ofExample 8 are MV^{-action lattices. Actually, bythedefinition} of Wk,wehave that:(a^m→^an)→^an=^{amax{n−m,0}}→^an=^{amax,n−max{n−m,0},0-}=^{amax,n+min{m−n,0},0-}=^amin(m,n)=^am+^an. TheexamplesdiscussedabovearesummarisedinFig. 2.

Thefollowinglemmaisavery importantresultforwhatfollows.

Lemma2.ThefollowingpropertiesholdinanyI^-lattice:

1. (a→¹)=¹ 2. (1→^a)=^a 3. (⊥→^a)=¹ 4. (a→^a)=¹

5. 1=^a;^b⇔^a=^1&b=¹ 6. a≤^b⇔(a→^b)=¹ 7. a=^b⇔(a↔^b)=¹

Proof. Inordertoprove1.,notethatrules(46),(6)and(13)entaila≤¹⇔^a;¹≤¹⇔¹≤(a→¹).By(46),1=(a→¹). In order to prove 2., we have by (6) and (13), a≤^a⇔¹;^a≤^a⇔^a≤(1→^a). Moreover, by (6) and (22), (1→^a)= 1;(1→^a)≤^a.I.e.,(1→^a)=^a.

Inorderto prove 3.,we haveby (6)and (13), ⊥≤^a⇔ ⊥;¹≤^a⇔¹≤(⊥→^a). Since(46), wehave 1≤(⊥→^a)≤^1, i.e.,(⊥→^a)=^1.

For4.wejustneedtoobserve,by(6)and (13)a;¹≤^a⇔¹≤(a→^a).By(46),1=(a→^a).

Inordertoprove5.,wehaveby(13)and2.thata;^b≤¹⇔^b≤(a→¹)=^1.Since1=⊤^,b=^{1.Then,by(6),a};¹=¹⇔ a=^1.

For6.,by(6),(13)and(46),wehavea≤^b⇔^a;¹≤^b⇔¹≤^a→^b⇔¹=(a→^b). Inordertoprove7.wehave

a

=

⇔ {

}

≤

≤

⇔ {

}

1

=

→

=

→

⇔ {

}

;

= (

→

) ; (

→

)

⇔ {

}

= (

↔

)

✷

Proposition1.LetAbeaI^{-actionlattice.Then,ifAisa}H^{-actionlattice,property}

(

→ ⊥ ) ·

= ⊥

holds.Moreover,ifAisalsoaMV^{-actionlattice,theproperty}

(

→ ⊥ ) +

=

alsoholds.

Proof. Inordertoprove(49),weobservethat a

→ ⊥ ≤

→ ⊥

⇔ {

}

; (

→ ⊥ ) ≤ ⊥

⇔ {

}

· (

→ ⊥ ) = ⊥

Theproofof(50)canbedoneasfollows:

(

→ ⊥ ) +

= {

}

((

→ ⊥ ) →

) →

= {

} (

; (

→ ⊥ )) →

= {

}

⊥ →

= {

}

✷

Note that conditions (49) and (50) actually fail for MV ^and H^{-action lattices,} respectively –(49) failsin the H^-action lattice 3,and (50), failsintheH^{-actionlatticeŁ.Finally, wenotethat, asa}consequence, every MV^{-actionlattice whichis} alsoaH^{-actionlattice,satisfiestheentireaxiomaticsofBooleanalgebras.}

3. Parametricconstructionofmany-valueddynamiclogics

3.1. Themethod

Oncerevisitedthenotionofanactionlattice,wearenowpreparedtointroducethegeneralconstructionofmany-valued dynamiclogics.Wewillthereforeintroduceitssignatures,formulæ, semanticsandsatisfaction,ontopofanarbitrarycom- pleteactionlattice A=(A,+,;,0,1,∗,→,·).ThelogicobtainedisdenotedbyGDL(A).

Signatures.SignaturesofGDL(A)arepairs(&,Prop)correspondingtothedenotationsofatomiccomputationsand propo- sitions,respectively.

Formulæ.Acoreingredientofanydynamiclogicisitssetofprograms.Letusdenotethesetofatomicprogramsby&.The setof&-programs,denotedbyPrg(&),consistsofallexpressionsgeneratedby

π _∋ π

| π _; π _| π ₊ π _| π

forπ0∈&. Givenasignature(&,Prop), wedefinetheGDL(A)-formulæfor(&,Prop), denotedbyFm^GDL(A)(&,Prop),as theonesgeneratedbygrammar

ρ _{∋ ⊤ | ⊥ |}

| ρ _∨ ρ _| ρ _∧ ρ _| ρ _→ ρ _| ρ _↔ ρ _{| ⟨} π _⟩ ρ _{| [} π _] ρ

for p∈^{Prop and}π_∈Prg(&).Notethatthiscorrespondstothepositivefragmentofthepropositional dynamiclogic.

Semantics.ThefirststepistointroducethespacewherethecomputationsofGDL(A) aretobeinterpreted. Basedonthe classicmatricialconstructionsoverKleenealgebras(see[8,22])define

Mn

(

) = (

(

), + ,

,

,

, ∗ )

1. Mn(A)isthespaceof(n×ⁿ)-matricesoverA.

2. Forany A,B∈^Mn(A),define M=^A+^BbyMij=^Aij+^Bij,i,j≤^n.

3. Forany A,B∈^Mn(A),define M=^A;^{B byM}ij=!n

k=¹(Aik;^Bkj) foranyi,j≤^n.

4. 1and0arethe(n×ⁿ)-matrices definedby1_ij=

.1 if i= ^j

0 otherwise and0_ij=^{0,forany i},j≤^n.

5. Forany M= [^a]∈M1(A), M^∗= [^a∗]^; forany M=

/A B C D 0

∈^Mn(A),n>1,where A and D aresquarematrices,define

M^∗

=

/F^∗ F^∗;^B;^D∗ D^∗

;

;

+ (

)

where F=^A+^B;^D∗;^{C.Notethatthis}constructionisrecursivelydefined fromthebasecase(wheren=^2)wherethe operationsofthebaseactionlattice Aareused.

Finally,aclassicresult(e.g.,[8,22])establishesthatKleenealgebrasareclosedunderformationofmatrices.