Transaction Logic with (Complex) Events

Transaction Logic with (Complex) Events

Ana Sofia Gomes and Jos´e J´ulio Alferes∗ CENTRIA, Departamento de Inform´atica

Faculdade Ciˆencias e Tecnologias Universidade Nova de Lisboa 2829-516 Caparica, Portugal

submitted 1 January 2003; revised 1 January 2003; accepted 1 January 2003

Abstract

This work deals with the problem of combining reactive features, such as the ability to respond to events and define complex events, with the execution of ACID transactions over general Knowledge Bases (KBs). With this as goal, we build on Transaction Logic (T R), a logic precisely designed to model and execute (ACID) transactions in KBs defined by arbitrary logic theories. In it, transactions are written in a logic-programming style, by combining primitive update operations over a general KB, with the usual logic programming connectives and some additional connectives e.g. to express sequence of actions. WhileT R

is a natural choice to deal with transactions, it remains the question whetherT Rcan be used to express complex events, but also to deal simultaneously with the detection of complex events and the execution of transactions. In this paper we show that the former is possible while the latter is not. For that, we start by illustrating howT Rcan express complex events, and in particular, how SNOOP event expressions can be translated in the logic. Afterwards, we show whyT Rfails to deal with the two issues together, and propose Transaction Logic with Events to solve the intended problem. The achieved solution is a non-monotonic conservative extension of T R, which guarantees that every complex event detected in a transaction is necessarily responded. Along with its syntax, model theory and executional semantics, we prove some properties, including that it is indeed a conservative extension, and that it enjoys from important properties of non-monotonic logics, like support.

1 Introduction

Reactivity stands for the ability to detect complex changes (also denoted as events) in the environ-ment and react automatically to them according to some pre-defined rules. This is a pre-requisite of many real-world applications, such as, web-services providing different services depending on external information, multi-agent systems adapting their knowledge and actions according to the happening of changes in the environment, or monitoring systems reacting to information detected by their sensors and issuing actions automatically in response to it. In reactive systems, e.g. in those based on Event-Condition-Action (ECA) languages (Alferes et al. 2011; Bry et al. 2006; Chomicki et al. 2003), the reaction triggered by the detection of a complex event may itself be a complex action, formed e.g. by the sequencial execution of several basic actions. Moreover, we sustain that sometimes reactive systems are also required to executetransactionsin response to events. For example, consider an airline web-service scenario where an external event arrives stating that a partner airline is on strike for a given time period. Then, the airline must address this event by e.g. rescheduling flights with alternative partners or refund tickets for passengers who do not accept the changes. Clearly, some transactional properties regarding these changes

must be ensured: viz. it can never be the case that a passenger is simultaneously not refunded nor have an alternative flight; or that she is completely refunded and has a rescheduled flight.

Although the possibility of executing transactions, obeying the traditional ACID properties, is of crucial importance in the majority of today’s systems, and a must e.g. in database systems, most reactive languages do not deal with it. Some exceptions exist, but are either completely procedural and thus lack from a clear declarative semantics (as e.g. in (Papamarkos et al. 2006)), or have a strong limitation on the expressivity of either the actions or events (as e.g. in (Zaniolo 1995; Lausen et al. 1998)). This is further discussed in Section 4.

In this paper we propose Transaction Logic with Events,T Rev, an extension ofT R(Bonner and Kifer 1993) integrating the ability to reason and execute transactions over very general forms of KBs, with the ability to detect complex events. For this, after a brief overview ofT R, we show how it can be used to express and reason about complex events, and in particular, how it can express most SNOOP event operators (Adaikkalavan and Chakravarthy 2006) (Section 2). We proceed by showing whyT Ralone is not able to deal with both the detection of complex events and the execution of transactions, and in particular, why it does not guarantee that all complex events detected during the execution of a transaction are responded within that execution. For solving this problem, we defineT Rev, its language and model theory (Section 3.1), as well as its executional semantics (Section 3.3). We end with a discussion and related work. This is the extended version of the paper submitted for ICLP’14 containing the proofs of the enunciated results.

2 UsingT Rto express complex events

In this section we briefly recallT R’s syntax and semantics with minor syntactic changes from the original, to help distinguish between actions and event occurrences, something that is useful ahead in the paper when extendingT Rto deal with reactive transactions and complex events.

Atoms inT Rhave the formp(t1, . . . , tn)wherepis a predicate symbol andti’s are terms (variables, constants, function terms). For simplicity, and without loss of generality (Bonner and Kifer 1998), we work with a Herbrand instantiation of the language where the Herbrand base Bis the set of all ground atoms that can be constructed with the functions and constants of the language, and a Herbrand structure is any subset of B. To build complex formulas,T Ruses the classical connectives∧,∨,¬,←and the connectives⊗,♦denoting serial conjunction and hypothetical execution. Informally, the formulaφ⊗ψis an action composed of an execution of

φfollowed by an execution ofψ; and♦φtests ifφcan be executed without materializing the changes. Then,φ∧ψis the simultaneous execution ofφandψ; whileφ∨ψdefines the non-deterministic choice of either executingφ,ψor both simultaneously.φ←ψis arulesaying that one way to execute ofφis by executingψ. As in classical logic,∧and←can be written using ∨and¬, asφ∧ψ≡ ¬(¬φ∨ ¬ψ)andφ← ψ≡φ∨ ¬ψ. Finally, we also use the connective ;as it is useful to express common complex events.φ;ψsays thatψis true afterφbut possibly interleaved with other occurrences, and it can be written inT Rsyntax as:φ⊗path⊗ψwhere path≡(ϕ∨ ¬ϕ)is a tautology that holds in paths of arbitrary size (Bonner and Kifer 1998).

A very powerful feature ofT Ris the incorporation of a pair of oraclesOd_{(data oracle) and}

Ot_{(transition oracle) as a parameter of the theory. These define the elementary KB primitives,}

relational databases, well-founded semantics, action languages, etc. (Bonner and Kifer 1993). These oracles are mappings that assume a set ofstate identifiers.Od _{is a mapping from state}

identifiers to a set of formulas that hold in that state, andOt_{is a mapping from pairs of state}

identifiers to sets of formulas that hold in the transition of those states. Example 1(Relational Oracle - (Bonner and Kifer 1993))

A KB made of a relational database can be modeled by having states represented as sets of ground atomic formulas. The data oracle simply returns all these formulas, i.e.,Od_{(D) =D. Moreover,}

for each predicatepin the KB, the transition oracle definesp.insandp.del, representing the insertion and deletion ofp, respectively. Formally,p.ins∈ Ot_(D

1, D2)iffD2=D1∪ {p}and,

p.del∈ Ot_(D

1, D2)iffD2=D1\{p}. SQL-style bulk updates can also be defined byOt. Example 2(Moving objects -T R)

As an illustration ofT R, assume the previous oracle definition and the actionmove(O, X, Y) defining the relocation of objectO from position X into position Y. In such a KB, states are defined using the predicateslocation(O, P)saying that objectOis in positionP, andclear(X) stating thatXis clear to receive an object. InT R, the move (trans)action can be expressed by:

move(O, X, Y)←location(O, X)⊗clear(Y)⊗localU pdt(O, X, Y)

localU pdt(O, X, Y)←location(O, X).del⊗location(O, Y).ins⊗clear(Y).del⊗clear(X).ins

T R’s theory is built upon the notion of sequences of states denoted aspaths. Formulas are evaluated over paths, and truth inT Rmeansexecution: a formula is said to succeed over a path, if that path represents a valid execution for that formula. Although not part of the originalT R, here paths’ state transitions are labeled with information about what (atomic occurrences) happen in the transition of states. Precisely, paths have the formhD0,O1D2,O2. . . ,OkDki, whereDi’s are states andOi’s are labels (used later to annotate atomic event occurrences).

As usual, satisfaction of complex formulas is based on interpretations. These define what atoms are true in what paths, by mapping every path to a Herbrand structure. However, only the mappings compliant with the specified oracles are considered as interpretations:

Definition 1(Interpretation)

An interpretation is a mappingMassigning a classical Herbrand structure (or⊤1) to every path, with the following restrictions (whereDis are states, andϕa formula):

1. ϕ∈M(hDi) if ϕ∈ Od_(D)

2. {ϕ,o(ϕ)} ⊆M(hD₁,o(ϕ)D₂i) if ϕ∈ Ot(D₁, D2)

In point 2 we additionally (i.e., when compared to the original definition) forceo(ϕ)to belong

to the same path where the primitive actionϕis made true by the oracle, something that later (in Section 3) will help detect events associated with primitive actions, like “on insert/delete”.

Next, we define operations on paths, and satisfaction of complex formulas over general paths.

Definition 2(Path Splits, Subpaths and Prefixes)

Letπbe ak-path, i.e. a path of lengthkof the formhD1,O1. . . ,Ok−1Dki. Asplitofπis any pair of subpaths,π1andπ2, such thatπ1=hD1,O1. . . ,Oi−1_D

iiandπ2=hDi,Oi. . . ,Ok−1Dki

for somei(1≤i≤k). In this case, we writeπ=π1◦π2. A subpathπ′

ofπis any subset of states and annotations ofπwhere both the order of the states and their annotations is preserved. A prefixπ1ofπis any subpath ofπsharing the initial state.

1

Definition 3(T RSatisfaction of Complex Formulas)

LetM be an interpretation,πa path andφa formula. IfM(π) =⊤thenM, π |=T Rφ; else:

1. Base Case:M, π|=T Rφiffφ∈M(π)for every event occurrenceφ

2. Negation:M, π|=T R¬φiff it is not the case thatM, π|=T Rφ

3. Disjunction:M, π|=T Rφ∨ψiffM, π|=T RφorM, π|=T Rψ.

4. Serial Conjunction:M, π|=T Rφ⊗ψiff there exists a splitπ1◦π2ofπs.t.M, π1|=T Rφ

andM, π2|=T Rψ

5. Executional Possibility:M, π|=T R♦φiffπis a 1-path of the formhDifor some stateD

andM, π′ |=T Rφfor some pathπ′that begins atD.

Models and logical entailment are defined as usual. An interpretation models/satisfies a set of rules if each rule is satisfied in every possible path, and an interpretation models a rule in a path, if whenever it satisfies the antecedent, it also satisfies the consequent.

Definition 4(Models, and Logical Entailment)

An interpretationM is amodelof a formulaφiff for every pathπ,M, π|=T Rφ.M is a model

of a set of rulesP (denotedM |=T RP) iff it is a model of every rule inP.

φis said to logical entail another formulaψiff every model ofφis also a model ofψ.

Logical entailment is useful to define general equivalence and implication of formulas that express properties like “transactionφis equivalent to transactionψ” or “whenever transactionψ

is executed,ψ′

is also executed”. Moreover, if instead of transactions, we view the propositions as representing event occurrences, this entailment can be used to express complex events. For instance, imagine we want to state a complex eventalarmtriggered, e.g. whenever eventev1 occurs after the eventsev2andev3simultaneously occur. This can be expressed inT Ras:

o(alarm)←(o(e2)∧o(e3));o(e1) (1)

In every model of this formula, whenever there is a (sub)path where botho(e2)ando(e3)are

true, followed by a (sub)path whereo(e1)holds, theno(alarm)is true in thewholepath.

Other complex event definitions are possible, and in fact we can encode most of SNOOP (Adaikkalavan and Chakravarthy 2006) operators inT R. This is shown in Theorem 1 where, for a given history of past event occurrences, we prove that if an event expression is true in SNOOP, then there is a translation into aT Rformula which is also true in that history. Since a SNOOP history is a set of atomic events associated with discrete points in time, the first step is to build aT Rpath expressing such history. We construct it as a sequence of state identifiers labeled with time, where time pointitakes place in the transition of stateshsi, si+1i, and only consider interpretationsM over such a path that arecompatiblewith SNOOP’s history, i.e. such that, for every atomic event that is true in a timei,M makes the same event true in the pathhsi, si+1i. Theorem 1(SNOOP Algebra andT R)

LetEbe aSNOOPalgebra expression without periodic and aperiodic operators,Hbe a history containing the set of all SNOOP primitive eventsei_j[t1]that have occurred over the time interval

t1, tmax, andhs1, . . . smax+1ibe a path with sizetmax−t1+ 1. Letτbe the following function: Primitive: τ(E) =o(E)whereEis a primitive event

Sequence: τ(E1;E2) =τ(E1)⊗path⊗τ(E2)

Or: τ(E1▽E2) =τ(E1)∨τ(E2)

AND: τ(E1△E2) = [(τ(E1)⊗path)∧(path⊗τ(E2))]∨

[(τ(E2)⊗path)∧(path⊗τ(E1))]

NOT: τ(¬(E3)[E1, E2]) = (τ(E1)⊗path⊗τ(E2))∧ ¬(path⊗τ(E2)⊗path)

If[ti, tf]∈E[H]then∀M compatible withH,M,hsti, . . . , stf+1i |=T Rτ(E)

where, cf. (Adaikkalavan and Chakravarthy 2006),E[H]is the set of time intervals(ti, tf)where

E occurs over H in an unrestricted context, and whereM is compatible withH if, for each

ei_j[ti]∈H:M,hsti, sti+1i |=T Ro(ej).

Proof

We prove by induction on the structure ofE.

Base Primitive: E=Ej

Assume[ti, tf] ∈ Ej[H]then since Ej is a primitive event, it must exist aei_j[ti] ∈ H and

ti = tf. Then, sinceM is compatible withH we have thatM,hsti, sti+1i |=T R o(ej)as intended.

Sequence: E =E1;E2

Assume[ti, tf]∈ (E1;E2)[H]then, by SNOOP’s definition we know that∃tf1, ti2s.t.ti ≤

tf1< ti2≤tfand[ti, tf1]∈E1[H],[ti2, tf]∈E2[H]. Then, we can apply the I.H. and

con-clude that∀M compatible withH,M,hsti, . . . , stf1+1i |=T Rτ(E1)and thatM,hsti2, . . . , stf+1i |=T R

τ(E2).

Additionallyhsti, . . . , stf1+1i andhsti2, . . . , stfiare subsets of hs1, . . . smax+1i where the former subpath occurs before the latter. As a result, by the satisfaction relation definition of T R, we know thatM,hsti, . . . , stf1+1, . . . sti2, . . . , stfi |=T Rτ(E1)⊗path⊗τ(E2)which is equivalent toM,hsti, . . . , stf1+1, . . . sti2, . . . , stfi |=T Rτ(E1);τ(E2)

Or: E=E1▽E2

Assume[ti, tf] ∈ (E1▽E2)[H]then, by SNOOP’s definition we know that either[ti, tf] ∈ E1[H] or [ti, tf] ∈ E2[H]. Then by I.H. we can conclude that ∀M compatible with H,

M,hsti, . . . , stf+1i |=T R τ(E1)or M,hsti, . . . , stf+1i |=T R τ(E2). Finally, by the satis-faction relation definition ofT Rwe know thatM,hsti, . . . , stf+1i |=T Rτ(E1)∨τ(E2). AND: E=τ(E1△E2)

Assume[ti, tf]∈ (E1▽E2)[H]then, by SNOOP’s definition we know that∃tf′, ti′ s.t.ti ≤

tf′ ≤t_i′ ≤t_f and either one of the two cases is true: • [ti, tf′]∈E1[H],[ti′, tf]∈E2[H]; or

• [ti, tf′]∈E2[H],[t_i′, t_f]∈E1[H]

Let’s assume (1). Then by I.H. we know that∀M compatible withH,M,hsti, . . . , stf′i |=T R

τ(E1)andM,hsti′, . . . , stfi |=T R τ(E2). Sincetf′ ≤ti′ we haveM,hsti, . . . , stfi |=T R (τ(E1)⊗path)andM,hsti, . . . , stfi |=T R(path⊗τ(E2)). ThusM,hsti, . . . , stfi |=T R (τ(E1)⊗path)∧(path⊗τ(E2))andM,hsti, . . . , stfi |=T R[(τ(E1)⊗path)∧(path⊗

τ(E2))]∨[(τ(E2)⊗path)∧(path⊗τ(E1))]

Let’s assume (2). Then by I.H. we know that∀M compatible withH,M,hsti, . . . , stf′i |=T R

τ(E2)andM,hsti′, . . . , stfi |=T R τ(E1). Sincetf′ ≤ti′ we haveM,hsti, . . . , stfi |=T R (τ(E2)⊗path)andM,hsti, . . . , stfi |=T R(path⊗τ(E1)). ThusM,hsti, . . . , stfi |=T R (τ(E2)⊗path)∧(path⊗τ(E1))andM,hsti, . . . , stfi |=T R[(τ(E1)⊗path)∧(path⊗

τ(E2))]∨[(τ(E2)⊗path)∧(path⊗τ(E1))]. NOT: E=¬(E3)[E1, E2]

Assume[ti, tf]∈ ¬(E3)[E1, E2][H]then, by SNOOP’s definition we know that∃tf1, ti2s.t.

Additionally let’s assume that∃ti3, tf3 whereti ≤ti3 ≤ tf3 ≤ tf and[ti3, tf3] ∈ E(H). Then by I.H. we know thatM,hsti3, . . . , stf3+1i |=T Rτ(E3). Sinceti≤ti3≤tf3≤tfthen

M,hsti, . . . , stf+1i |=T Rpath⊗τ(E3)⊗path.

Additionally, if it is not the case thatM,hsti, . . . , stf+1i |=T Rpath⊗τ(E3)⊗path, then we can concludeM,hsti, . . . stf+1i |=T R ¬(path⊗τ(E3)⊗). Based on this we know that

M,hsti, . . . , stf+1i |=T R(τ(E1);τ(E2))∧(path⊗τ(E3)⊗path

Besides the logical entailment, T R also provides the notion of executional entailment for reasoning about properties of aspecificexecution path.

Definition 5(Executional Entailment)

LetPbe a set of rules,φa formula, andD0,O1. . . ,OnDna path.

P,(D0,O1. . . ,OnDn)|=φ(⋆) iff for every modelMofP,M,hD0,O1. . . ,OnDni |=φ. Additionally,P, D0–|=φholds, if there is a pathD0,O1. . . ,OnDnthat makes (⋆) true.

P,(D0,O1. . . ,OnDn) |= φsays that a successful execution of transactionφrespecting the rules inP, can change the KB from stateD0intoDnwith a sequence of occurrencesO1, . . . , On.

E.g., in the Example 2 (with obvious abbreviations), the statementP,({cl(t), l(c, o)},o(_l(_c,o)_.del) {cl(t)},o(l(c,t).ins)

{cl(t), l(c, t)},o(cl(t).del)

{l(c, t)},o(cl(o).ins)

{l(c, t), cl(o)})|=move(c, o, t) means that a possible result of executing the transactionmove(c, oven, table)starting in the state {clear(table), loc(c, oven)}is the path with those 5 states, ending in{loc(c, table), clear(oven)}.

This entailment has a corresponding proof theory (Bonner and Kifer 1993) which, for a subset of T R, is capable ofconstructingsuch a path given a program, aT Rformula, and an initial state. I.e. a path where the formula can be executed respecting the ACID properties. If no such path exists, then the transaction fails, and nothing is built after the initial state.

3 T Rev_{: combining the execution of transactions with complex event detection}

Reactive languages need to express behaviors like: “on alarm do actiona1followed by action

a2”, where the actionsa1⊗a2may define a transaction, and alarm is e.g. the complex event in (1). Clearly,T Rcan individually express and reason about transactiona1⊗a2, and its complex event. So, the question is whether it can deal with both simultaneously. For that, two important issues must be tackled: 1) how to model the triggering behavior of reactive systems, where the occurrence of an event drives the execution of a transaction in its response; 2) how to model the transaction behavior that prevents transactions to commit until all occurring events are responded.

Regarding 1), (Bonner et al. 1993) shows that simple events can be triggered inT Ras: p←body⊗ev

ev←r(ev) (2)

With such rules, in all paths that makeptrue (i.e. in all executions of transactionp) the event

ev is triggered/fired (after the execution of some arbitrary body), and ev’s response, r(ev), is

executed. Note that, bothr(e)andbodycan be defined as arbitrary formulas.

external eventevfrom an initial state, all we need to do is find the pathsπstarting in that state, s.t.P, π|=ev, whereP includes the last rule above plus the rules stating how to respond toev.

The occurrences of primitive actions can be tackled by Point 2 of Def. 1, and the occurrence of complex events can be defined as prescribed in Section 2. However, the above approach of (Bonner et al. 1993) does not help for driving the execution of an event response when such occurrences become true. For instance, the ECA-rule before could be stated as:

o(alarm)←(o(e2)∧o(e3));o(e1)

r(alarm)←a1⊗a2

But this does not drive the execution ofr(alarm)wheno(alarm)holds; one has further to force

that whenevero(alarm)holds,r(alarm)must be made true subsequently. Of course, adding a

ruler(alarm) ← o(alarm)would not work: such rule would only state that, one alternative

way to satisfy the response of alarm is to make its occurrence true. And for that, it would be enough to satisfyo(alarm)to maker(alarm)true, which is not what is intended.

Clearly, this combination implies two different types of formulas with two very different be-haviors: the detectionof events which are tested for occurrence w.r.t. a past history; and the executionof transactions as a response to them, which intends to construct paths where formu-las can succeed respecting transactional properties. This has to be reflected in the semantics and these formulas should be evaluated differently accordingly to their nature.

Regarding 2), as in database triggers, transaction’s execution must depend on the events trig-gered. Viz., an event occurring during a transaction execution can delay that transaction to com-mit/succeed until the event response is successfully executed, and the failure of such response should imply the failure of the whole transaction. Encoding this behavior requires that, if an event occurs during a transaction, then its execution needs to beexpandedwith the event response. Ad-ditionally, this also precludes transactions to succeed in paths where an event occurs and is not responded (even if the transaction would succeed in that path if the event did not existed).

For addressing theses issues, below we defineT Rev_{. It evaluates event formulas and}

transac-tion formulas differently, using two distinct relatransac-tions (respectively|=T Rand|=), and occurrences

and responses are syntactic represented w.r.t. a given event namee, aso(e)andr(e), respectively.

|=requires transactions to be satisfied in expanded paths, where every occurring event (i.e. made true by|=T R) is properly responded. We shall see that|=implies a non-monotonic relation, as

truth of transactions on a path may change if a new event occurrences is learned to be true.

3.1 T Rev_{Syntax and Model Theory}

T Revalphabet contains an infinite number of constantsC, function symbolsF, variablesV and predicate symbolsP. To make it possible to evaluate events and transactions differently, pred-icate symbols are further partitioned into transaction names (Pt), event names (Pe), and oracle

primitives (PO) and, as withT R, we work with the Herbrand instantiation of the language.

Formulas inT Rev_{are partitioned into transaction formulas and event formulas.Event}

formu-lasdenote formulas meant to be detectedand are either an event occurrence, or an expression defined inductively as¬φ,φ∧ψ,φ∨ψ,φ⊗ψ, orφ;ψwhereφandψare event formulas. An event occurrenceis of the formo(ϕ)s.t.ϕ∈ P_eorϕ∈ P_O, and where the latter corresponds

to the case where occurrences arise from detecting the execution of an oracle defined primitive. Note that, we preclude the usage of the hypothetical execution operator♦in event formulas, as it would make little sense to detect occurrences based on what could possibly be executed.

an expression defined inductively as¬φ,♦φ,φ∧ψ,φ∨ψ, orφ⊗ψ. Atransaction atomis either a proposition inPt,PO,r(ϕ)whereϕ∈ P_O∪ P_e, orP_e. I.e. a transaction atom is either

a transaction name, an oracle defined primitive, the response of an event, or an event name. The latter corresponds to the (trans)action ofexplicitlytriggering an event directly in a transaction as in (2) or as an external event. As we shall see (Def. 2) explicitly triggering an event changes the path of execution (by asserting the information that the event has happened in the current state) and, as such, is different from simply inferring (or detecting) what events hold given a past path. Finally, rules have the formϕ ← ψand can be transaction or (complex) event rules. In a transaction ruleϕis a transaction atom andψa transaction formula; whereas in an event ruleϕ

is an event occurrence andψis a event formula. Aprogramis a set of transaction and event rules. Importantly, besides the data and transition oracles,T Revis also parametric to achoice func-tion defining what event should be selected at a given time in case of conflict. Since defining what event should be picked from the set of occurring events depends on the application in mind, to be useful for a a wide spectrum of applications,T Revdoes not commit to any particular definition, encapsulating it in functionchoice. This will be further elaborated in Section 3.2.

As a reactive system,T Revreceives a series of external events which may cause the execution of transactions in response. This is defined asP, D0– |=e1⊗. . .⊗ek, whereD0is the initial KB state ande1⊗. . .⊗ek is the sequence of external events that arrive to the system. Here, we

want to find the pathD0,O1. . . ,OnDnencoding a KB evolution that responds toe1⊗. . .⊗ek. As mentioned, triggering explicit events is a transaction formula encoding theactionof making an occurrence explicitly true. This is handled by the definition of interpretation, in a similar way to how atomic events defined by oracles primitives are made true:

Definition 6(T Rev_{interpretations)}

AT Revinterpretation is aT Rinterpretation that additionally satisfies the restriction: 3. o(e)∈M(hD,o(e)Di)ife∈ P_e

We can now define the satisfaction of complex formulas, and then models of a program. As mentioned, event formulas are evaluated w.r.t. the relation|=T Rspecified in Def. 3. Transaction

formulas are evaluated w.r.t. the relation|=which requires formulas to be true inexpanded paths, in which every occurring event is responded (something dealt byexp_M(π), defined below).

Definition 7(Satisfaction of Transaction Formulas)

LetMbe an interpretation,πa path,φtransaction formula. IfM(π) =⊤thenM, π|=φ; else: 1. Base Case:M, π |= piff∃π′ prefix ofπs.t.p ∈ M(π′)andπ = exp_M(π′), for every

transaction atompwherep6∈ Pe.

2. Event Case:M, π|=eiffe∈ Pe,∃π′prefix ofπs.t.M, π′|=T Ro(e)andπ=_exp

M(π ′

). 3. Negation:M, π|=¬φiff it is not the case thatM, π|=φ

4. Disjunction:M, π|=φ∨ψiffM, π|=φorM, π|=ψ. 5. Serial Conjunction:M, π |=φ⊗ψiff∃π′

prefix ofπand some splitπ1◦π2ofπ′ such thatM, π1|=φandM, π2|=ψandπ=exp_M(π′).

6. Executional Possibility:M, π|=♦φiffπis a 1-path of the formhDifor some stateDand

M, π′

|=φfor some pathπ′

that begins atD.

Definition 8(Model of a Program)

An interpretationMis amodelof a transaction formula (resp. event formula)φiff for every path

π,M, π |=φ(resp.M, π |=T R φ).M is a model of a programP(denotedM |=P) iff it is a

We have yet to defined exp_M(π), a function that, given a path with possibly unanswered events, expands it with the result of responding to those events. The definition of this function must perforce have some procedural nature: it must start by detecting which are the unanswered events; pick one of them, according to a givenchoice function; then expand the path with the response of the chosen event. The response to this event may, in turn, generate the occurrence of further events. So, this process must be iterated until no more unanswered events exist.

The response operatorRM, defined below, computes one step of this iteration. At each

itera-tion,RM receives a pathπand returns a pathπ′. Ifπhas unanswered events w.r.t.M, thenπ′

is an extension ofπwhere one of the events unanswered inπis now responded inπ′

; otherwise,

π′ =π. As stated, since complex events exist, nothing preventsRM(π)to return a pathπ′ with

more unanswered events thanπ. Moreover, it may not be possible to address all events in a finite path, and thus,RM may not have a fixed-point. In fact, non-termination is a known problem of

reactive systems, and is often undecidable for the general case (Bailey et al. 2004). However, if termination is possible, then a fixed-point exists and each iteration ofRM is an approximation

of the expansion operatorexp_M.

Definition 9(Expansion of a Path)

For a pathπ1and an interpretationM, the response operatorRM(π1)is defined as follows:

RM(π1) =

π1◦π2 ifchoice(M, π1) =eandM, π2|=r(e)

π1 ifchoice(M, π1) =ǫ

The expansion of a pathπisexp_M(π) =↑ RM(π).

Before discussing thechoicefunction, we first formalize the effect ofexp_M(π)on satisfying transaction formulas, and exemplify the semantics in examples where thechoiceis not crucial (viz. there is always at most one event to choose).

Lemma 1

LetM be an interpretation,φbe a transaction formula without negation, andπbe a path. IfM, π |=φthenexp_M(π) =π

Proof

Immediately from Definition 2

Example 3

p←a.ins

r(e1)←c.ins

(P3)

p←a.ins

r(e1)←c.ins

o(e1)←o(a.ins)

(P4)

Consider the programs2P3andP4. InP3,pholds in the pathh{},o(a.ins){a}i. This is true since all interpretations must comply with the oracles and thus ∀M:a.ins ∈ M(h{},o(a.ins)

{a}i) implyingM,h{},o(_a.ins)

{a}i |=a.ins. Assuming thatM is a model ofP3, then it satisfies the rulep←a.ins, which means thatp∈M(h{},o(a.ins)

{a}i)andM,h{},o(a.ins)

{a}i |=p. However, since o(e1) ← o(a.ins) ∈P₄and∀M.o(a.ins) ∈ M(h{},o(a.ins){a}i), forM

to be a model ofP4, theno(e1)∈M(h{},o(a.ins){a}i). Sincee₁has a response defined, then

in pathh{},o(a.ins)

{a}ithe occurrencee1is unanswered and both the transactionspanda.ins

2

For brevity, in this and the following examples we assume the ruler(p)←true_{to appear in every program for every}

primitive actionpdefined in the signature of the oracles, unless when stated otherwise. I.e., we assume the responses

cannot succeed in that path. Namely,o(e1)constrains the execution ofeverytransaction in the

pathh{},o(a.ins)

{a}iand, for transaction formulas to succeed, such path needs to beexpanded withe1’s response. Since,expM(h{},a.ins{a}i) = h{},

o(_a.ins)

{a},o(_c.ins)

{a, c}i then, both transactionspanda.inssucceed in thelongerpathh{},o(a.ins)

{a},o(c.ins)

{a, c}i, i.e. for anM

model ofP4:M,h{},o(a.ins){a},o(c.ins){a, c}i |=pandM,h{},o(a.ins){a},o(c.ins){a, c}i |=

a.ins. This illustrates the non-monotonicity ofT Rev, viz. that adding a new event definition to

P3falsifies the transaction formulaspanda.insin paths where they were previously true.

As inT Rwhen talking about transactions, inT Revevery formula that is meant to be exe-cuted, is meant to be executed as a transaction. As such, the primitivea.insin exampleP4cannot succeed in the pathh{},o(a.ins)_{

a}isince there exist unanswered events in that path. However, note thata.insbelongs to every interpretationM of that path (due to the restrictions in Def. 1). Thus the primitivea.insis true inh{},o(_a.ins)

{a}ialthough the transactiona.insis not. Example 4

p←a.ins q←b.ins

r(ex)←p⊗q r(e1)←d.ins

r(a.ins)←c.ins

o(e1)←o(a.ins)⊗o(b.ins)

{a} p

{a, c}

r(e1)

{} {a, b, c} {a, b, c, d} q

o(e1)

o(a.ins) o(c.ins) o(b.ins) r(a.ins)

o(d.ins) a.ins

c.ins b.ins d.ins

ex

o(ex)

p⊗q

{}

The right-hand side figure illustrates a satisfaction of the external eventex. The occurrence ofex

forces the satisfaction of the transactionp⊗q, which is true if both its “subformulas” (pandq) are satisfied over smaller paths. Note that, by definition of the relation|=, all occurrences detected over the independent paths that satisfypandqare already responded in those paths. Thus, we need only to cater for the events triggered due to the serial conjunction. Here, for a modelM

of the program,M,h{},o(_a.ins)

{a},o(_c.ins)

{a, c}i |= pandM,h{a, c},o(_b.ins)

{a, b, c}i |=q. Further, the ruleo(e1)←o(a.ins)⊗o(b.ins)defines one pattern for the occurrence ofe₁which

constrains the execution of transactionp⊗qand forces the expansion of the path to satisfyr(e1).

Consequently,M,h{},o(a.ins)_{

a},o(c.ins)_{

a, c},o(b.ins)_{

a, b, c},o(d.ins)_{

a, b, c, d}i |= p⊗q, andM,h{},o(e_x)

{},o(a.ins)

{a},o(c.ins)

{a, c},o(b.ins)

{a, b, c},o(d.ins)

{a, b, c, d}i |=ex

3.2 Event Choice Function

The previous examples were defined s.t. only one event is triggered at each moment. However, this may not be the case, and for that a reactive language specifies aoperational semanticswhich encases two major decisions: 1) in which order should events be responded and 2) how should an event be responded. The former defines the handling order of events in case of conflict, e.g. based on when events have occurred (temporal order), on a priority list, or any other criteria. Then, the latter decision defines the response policy of an ECA-language, i.e. when is an event considered to be responded. E.g., if an event occurs more than once before the system can respond to it, this specifies if such response should be issued only once or equally to the amount of occurrences.

Definition 10(choicefunction)

LetM be an interpretation andπbe a path. Then functionchoice(M, π)is defined as follows: choice(M, π) =firstUnans(M, π, order(M, π))

As stated,choicedefines at each moment what is the next event to be responded. For that, it is based on aorderfunction which sorts events w.r.t. a given criteria, and a functionfirstUnans which checks what events are unanswered and returns the first one based on this order.

Example 5(Ordering-Functions)

Lethe1, . . . , enibe a sequence of events,πa path andM an interpretation.

Temporal Ending Order order(M, π) =he1, . . . , eniiff∀eis.t.1 ≤i≤nthen∃πisubpath ofπwhereM, π |=T Ro(e_i)and∀e_js.t.i < jthene_joccurs aftere_i

Temporal Starting Order order(M, π) =he1, . . . , eniiff∀eis.t.1≤i≤nthen∃πisubpath

ofπwhereM, π |=T Ro(ei)and∀ejs.t.i < jthenejstarts beforeei

Priority List Order LetLbe a priority list where events are linked with numbers starting in1, where1is the most priority event.orderL(M, π) =he1, . . . , eniiff∀ei∃πisubpath ofπs.t. M, πi|=T Ro(ei)and∀ejwhere1≤i < j ≤n,πj is subpath ofπandM, πj |=_{T R} o(ej)

thenL(ei)≤L(ej).

These examples are based on the notion of order of events, which is standardly defined as:

Definition 11(Ordering of Events)

Lete1, e2be events andπa path andM an interpretation. We say thate2occurs aftere1w.r.t.

π andM iff there exists π1, π2 subpaths of π such that π1 = hDi,Oi. . . ,Oj−1Dji, π2 = hDn,On. . . ,Om−1Dmi, M, π1 |= o(e1), M, π₂ |= o(e2) andD_j ≤ D_m w.r.t. the ordering

inπ. We say thate1starts beforee2w.r.t.πifDi≤Dn

After exemplifying how events can be ordered, it remains to define the response policy, i.e. what requisites should be imposed w.r.t. the response executions. As illustration, as follows we define a functionfirstUnansthat retrieves the first unanswered evente, given the ordering func-tion above. In this example, if an event occurs more than once before it is responded, then it is sufficient to respond to it once. Other definitions are possible, e.g. wherefirstUnansrequires the execution of a response for every individual occurrence, but these are omitted for lack of space.

Definition 12(Answering Choice)

LetM be an interpretation,πa path,he1, . . . , enian event sequence.firstUnans(M, π,he1, . . . ,

eni) = eiiffei is the first event inhe1, . . . , eniwhere givenπ′ subpath ofπandM, π′ |=T R

o(e)then¬∃π′′s.t.π′′is also a subpath ofπ,π′′is afterπ′andM, π′′|=r(e).

3.3 Entailment and Properties

As inT R,T Revdefines two entailments: logical and executional entailment. Logical entailment is defined exactly as in Def. 4 and can be used to reason about properties of transaction and event formulas that hold for everypossible path of execution. It can also express relations between transactions and occurrences, e.g. to say “eventψoccurs whenever transactionφsucceeds”.

transaction formulas that were previously true. As such, adding a new rule to a program may make a formula that was previously satisfied in a pathπto be false inπ.

To deal with a similar behavior, non-monotonic logics rely on the concept of minimal or pre-ferred models: instead of considering all possible models, non-monotonic theories restrict to the most skeptical ones. Likewise,T Revuses the minimal models of a program to define entailment, whenever talking about a particular execution of a formula. As usual, minimality is defined by set inclusion on the amount of predicates that an interpretation satisfies, and a minimal model is a model that minimizes the set of formulas that an interpretation satisfies in a path.

Definition 13(Minimal Model)

LetM1andM2be interpretations. ThenM1≤M2if∀π:M2(π) =⊤ ∨M1(π)⊆M2(π) Letφbe aT Rev formula, andP a program.M is aminimal modelofφ(resp.P) ifM is a model ofφ(resp.P) andM ≤M′

for every modelM′

ofφ(resp.P).

Thus, to know if a formula succeeds in a particular path, we need only to consider the event occurrencessupportedby that path, either because they appear as occurrences in the transition of states, or because they are a necessary consequence of the program’s rules given that path. Because of this, executional entailment inT Rev_{is defined w.r.t. minimal models (cf. Def. 5).}

Definition 14(T RevExecutional Entailment)

Let P be a program, φ a transaction formula and D1,O0. . . ,OnDn a path. Then statement

P,(D1,O0. . . ,OnDn)|=φ(⋆) iff for every minimal modelM ofP,M,hD1,O0. . . ,OnDni |= φ.P, D1–|=φis said to be true, if there is a pathD1,O0. . . ,OnDnthat makes (⋆) true. Example 6

Recall program P of example 4 above. Since for every minimal model Mm of P we have

Mm,h{},o(_ex)

{},o(_a.ins)

{a},o(_c.ins)

{a, c},o(_b.ins)

{a, b, c},o(_d.ins)

{a, b, c, d}i |= exthen we concludeP,({},o(e_x)

{},o(a.ins)

{a},o(c.ins)

{a, c},o(b.ins)

{a, b, c},o(d.ins)

{a, b, c, d})|=ex

Interestingly, as in logic programs, formulas satisfied by this entailment have some support.

Lemma 2(Support)

LetPbe a program,πa path,φa transaction atom. Then, ifP, π|=φone of the following holds: 1. φis an elementary action and eitherφ∈ Od_{(π)orφ∈ O}t_(π);

2. φis the head of a transaction rule inP(φ←body) andP, π|=body;

Proof

Clearly by Definitions 1 and 13 both items are true in all minimal models of programP. As such, it remains to show that everyφthat holds in a path arises from these. Let’s assume thatφdoes not fall in either of the two previous cases. Then, sinceφis a transaction atom, then by definition ofET Rlanguage,φmust either be (1) primitive defined in the oracles but whereφ6∈ Od_(π)

andφ6∈ Ot_{(π); or (2) a transaction name that is neither the head of a transaction rule, or that it}

is the head andP, π6|=body; or (3)φappears in the body of a rule whose head isnottrue; Let’s consider each of these cases individually.

(2) ifφis a transaction name that is not the head of a transaction rule, thenφcannot be true in any minimal model ofP. Moreover, ifφappears in the head of a rule whereP, π6|=body, then it means that at least one minimal models fails to satisfybodyin pathπ. As such, it means that at in that minimal modelφdoes not need to be true from that rule in pathπ.

(3) The latter case is the trickiest and is the case where for all minimal modelsM, they must satisfy a rulehead←bodyinπand the head is known to be false in all minimal models for path

π. However, for a given head to be false in all minimal models, it means thatM, π |=headis not the case in every minimal model ofM. For that to be true, and since such rule exists andbody

is true inπfor all minimal models, then¬headmust be a direct consequence of the program. Since negation cannot appear in the head of rules, and the failure of a primitive oracle does not directly cause failure in the interpretation (cf. Definition1), then this case is impossible.

As expected,T RevextendsT R. Precisely, if a programP has no complex event rules, and for every elementary actionadefined by the oracles the only rule forr(a)inPisr(a)←true,

then executional entailment inT Revcan be recast inT R. As an immediate corollary of this, it follows that ifP isevent-freethen executional entailment inT Revand inT Rcoincide.

To prove these results, we start by formalizing some auxiliary lemmas and properties.

Definition 15(Valid Paths)

Given a transaction programP, a pathD1,O0. . . ,OnDn is said to be valid iff for every occur-rence such thato(e)∈O_i(0≤i≤n)it exists a transaction rule inPof the formr(e)←ψ.

To respond to occurrences is of paramount importance inT Revin the sense that, not respond-ing to an event occurrence in a path implies transaction formulas to not hold in that path. As an implicit result of this behavior, if an event occurs in a path and this event does not have a response defined, then the event will prevent all transaction formulas to succeed. This can be circumvented by adding the ruler(e)←truewhenever the response of eventeis not meant to constrain the

satisfaction of transactions.

Theorem 2(Valid Paths and Satisfaction)

LetP be aT Rev_{program, andφ, ψany two transaction formulas. IfP, D}

0,O1. . . ,OnDn |=φ then∀o(e)∈O_i(1≤i≤n)it exists a ruler(e)←ψ∈P

Proof

We prove this property by contradiction. Assume that it exists a pathhDj,ODj+1iand where

o(e) =Oand it does not exist a rule such thatr(e)←ψ. Also, letM₁andM₂be two minimal

models ofP. By DefinitionM1andM2must satisfyo(e)in that path, but there is no restriction

(by the program) on how to satisfyr(e). However, note that bothM₁andM₂must satisfyr(e)

otherwise the operatorexpwill diverge andM1andM2would not be models. Since bothM1 andM2need to satisfyr(e)in some path, but there is no imposition of the program on how this

must be done, we can simply define it forM1as follows:

• for any pathhDj,ODj+1i: whenevero(e)∈M1(hD_j,OD_ji)andr(e)6∈ Pthenr(e)∈

M1(hDj,O_Dji)

• for any pathhDj,ODj+1i: whenevero(e)∈M2(hD_j,OD_ji)andr(e)6∈ Pthenr(e)∈

M2(hDki)whereDkis any state exceptDj, Dj+1.

Clearly, ifr(e)6∈P thenr(e)will never be satisfied in the same path inM₁as it is inM₂. Since

o(e)of such events will never converge at the same path. As a result for any formulaφ,φwill

never be proven byallminimal models ofP in a path that contains occurrences which response is not defined in the program.

Based on this last result, we can state that transactions are only executable in paths where all events that occur can be responded.

Theorem 3

LetPbe a transaction program andφa transaction formula. Then,

P, D1,O0. . . ,OnDn |= φiffM,hD1,O0. . . ,OnDni |= φfor all models that are minimal in

valid paths

Proof

Immediately from Theorem 2

By definition, all primitive actions are also event occurrences. To distinguish the cases where events occur because of explicit events from inferred primitive actions we state the following:

Definition 16

We say that an annotated pathπdoes not have explicit events if for every occurrenceOi in an annotated pathπ,Oi ∈ PO.

Definition 17(Event-Free Program)

We say thatP is an event-free program iffP does not contain complex event rules,for all prim-itive actionsϕ∈ PO it exists the ruler(ϕ)←trueinPand if it does not contain any formula

fromPein the body of a transaction rule.

Corollary 1

LetPbe an event-freeT Revprogram, andφan event-free transaction formulas. IfP, D1,O. . . ,OnDn|= φthenD1,O. . . ,OnDndoes not have explicit events.

Proof

Special case of Theorem 2

Corollary 2

LetPbe an event-free program andφan event-free formula.

P, D1,O0. . . ,OnDn |= φiffM,hD1,O0. . . ,OnDnifor all models that are minimal in paths without explicit events.

Proof

Immediately from Corollary 1 and Theorem 3

Lemma 3

Proof

SinceP is an event-free program, it means that complex event rules do not exist inP and every response of primitive occurrences hold trivially in every path. Thus, ifπdoes not have explicit events andM is minimal, every occurrence that is made true inπis trivially responded. Conse-quentlyexp_M(π) =π.

Lemma 4(Minimal Models inT R)

For all modelsM ofP and for all the minimal modelsMM ofPthe following property is true:

M |=T RφiffMM |=T Rφ

Proof

⇒: IfM |=T RφthenMM |=T Rφ

Trivially true. IfM |=T R φthenφis true inallmodels ofP including in the minimal ones: MM.

⇐: IfMM |=T RφthenM |=T Rφ

Let us assume that the latter is not true, and soφis true inMM but not in a given modelMF

of the program such thatMF is not a minimal model. Then there must exist a pathπsuch that

φ∈MM(π)butφ6∈MF(π). However by definition of minimal modelsMMis a minimal model if for every pathπand every modelM ofP,MM(π)⊆M(π). Consequently ifφ∈ MM(π)

butφ 6∈ MF(π)then eitherMF is a minimal model (andMM andMF are incomparable) or

MM is not a minimal model. Since both hypothesis lead to a contradiction, then we prove that MM |=T RφthenM |=T Rφ.

Lemma 5

LetP be an event-free program andM be a minimal model ofP. Ifπis does not have explicit events, then:

exp_M(π) =π

Proof

Let’s assume thatM(π)6=⊤, otherwise the proof is trivial. We know thatexp_M(π) = πif all event occurrences that are true in any subpath ofπare responded withinπ. So let’s assume the contrary, i.e. that it exists an event that occurs in a subpathπ′ of π(M, π′ |= o(e)) but¬∃π′′

subpath ofπ such thatπ′′

is after π′

andM, π′′ _|=

r(e). SinceM is a minimal model ofP,

andP does not contain complex event rules, thenM, π′

|= o(e)only ifπ′ = hD_i,OD_iiand o(e)∈O. However, by definition there is no occurrence in any transition ofπand consequently

¬∃e:M, π′

|=o(e)

Next we will define a functionsthat will allow us to prove the desired correspondence between T RevandT R.

Definition 18

We definesas a function from Herbrand path structures to Herbrand path structures defined as follows:

• ∀φ, πsuch thatπis an annotated path,φis an atomic formula andφ6∈ Pe. Ifφ∈M(π)

thenφ∈s(M(π′₎₎

whereπ′

Lemma 6

LetM1andM2be two interpretations inT Rev

M1⊆M2⇒s(M1)⊆s(M2)

Proof

Immediately from the definition ofs(M).

Definition 19

Let M be an interpretation inT R, then we define M−1 to be an interpretation in T Rev as follows:

• ∀πifp∈M′(π)thenp∈M−1(π)

• whenever∃o(e)such thatD₁,OD₁,o(e)∈Oande∈ P_Otheno(e)∈M−1,hD₁,OD₁i

andr(e)∈M−1,hD₁,OD₁i.

Lemma 7

LetM be a herbrand path structure inT R, thens(M−1) =M

Proof

Immediately from definition ofs.

Lemma 8

LetP be an event-free transaction program. IfM is a minimal model ofP inT RthenM−1_is also a minimal model ofP inT Rev.

Proof

Since for every occurrenceo(e)thatM−1makes true in,r(e)is also true, then_exp

M−1(π) =π for any annotated pathπ. As a result it is trivial to show that for every transaction formulaφand every pathπ′

ifM, π1 |=T R φthenM−1, π1 |=φ, and consequently ifM′ is a model ofP in T RthenM−1is a model ofP inT Rev_.

It remains to show thatM−1_{is minimal ifM is also minimal. So let’s assume that it exists a}

Mminsuch thatMmin ⊂M−1. This is equivalent to say that∃φ, πsuch thatφ∈M−1(π)but

φ 6∈ Mmin(π). Also, as a result by Lemma 6 it follows thats(Mmin) ⊆s(M−1)SinceM is

minimal ands(M−1) =M thens(M−1) =s(Mmin)Let’s analyze the possible structure ofφ

• φ6∈ Pe

By definition 18 ifφ ∈ M−1(π) but φ 6∈ Mmin(π) then φ ∈ s(M−1)(π)but φ 6∈

s(Mmin)(π). Thens(M−1_{)6=s(M)which leads to a contradiction.} • φ=o(e)orφ=r(e)

Moreover, for all formulaso(e)such that o(e) ∈ M−1(π), sinceπ must beD₁,OD₁

ando(e) = Othen by Definition 1allinterpretations must also satisfyo(e)in that path

includingMmin. Furthermore, in order for any givenMminto be model, and by definition

Lemma 9

LetPbe an event-free program andM a model ofP. IfM |=PandM′ =s(M)thenM′|=T RP

Proof

P is a transaction base, i.e. it is formed by a set of rules with the structureh←φwhereφis any transaction formula (event-free) andhis an atomic formula.M is a model ofP iff∀h←b∈P,

M, π |= φ ← b. To prove this, it is sufficient to show that wheneverM′, π |=T R φthen M′

, π|=T Rh.

Let’s assume thatM′, π |=φWe will prove by induction on the structure ofφ, note thatφ

cannot be an event-formula sincePis event-free.

• Base Case: Ifφis an atomic formula, thenM′

, π |= φiff φ ∈ M′₍

π). Since M is a model of P we know that whenever M, π |= φ thenM, π |= h. By the definition of T R: M′

, π |= φiffφ ∈ M′₍

π), and thus by Definition 18 we have that φ ∈ M(π). Moreover by Lemma 3 we know thatexp_M(π′

) = π′

for everyπ′

that does not have explicit event occurrences. ThusM, π′ |= hwhich implies thath ∈ M(π′). SinceT R does not have annotated occurrences we know that for every pathπvalid inT Rit holds thatM, π|=T Rh

• Serial Conjunctionφ=φ1⊗φ2: By definition,M′

, π |=T R φ1⊗φ2iffM′, π1 |=T R φ1 andM′, π2 |=T R φ2 andπ=

π1◦π2. SinceT Rdoes not have any annotations in the paths, we can assume thatπdoes not have explicit occurrences. Then by Lemma 3 we know thatexp_M(π) = π. If this is the case, then it follows thatM, π |= φ1⊗φ2. As a result,M, π |= hand thus since exp_M(π) =πthenh∈M(π)and by definition 18h∈M′(π)and thusM′, π|=T Rh.

• “Classical” Conjunction:Let’s assume this is true forφ, i.e. whenever M′

, π |=T R φ

thenM′

, π |=T R hifh← φ∈ P. We want to prove that it still holds forφ1∧φ2. So assumeM′, π|=T Rφ1∧φ2then we know thatM′, π|=T Rφ1andM′, π|=T Rφ2. By I.H. we can conclude thatM′

, π|=T Rh.

• Executional Possibility:Let’s assume this is true forφ, i.e. wheneverM′

, π|=T Rφthen M′, π |=T R hifh ← φ ∈ P. We want to prove that it still holds for♦φ. So assume M′

, π |=T R ♦φthenπ is a 1-path and it exists aπ′ starting in πs.t. M, π′ |=T R φ.

Moreover, we know thatM is a model of the program and thatM′

= s(M). Then ifφ

is an atomic formula, thenφ∈M′₍ π′₎

andM, π |=hwhich means thath∈M(π)and thusM, π |=T Rh. Otherwise, ifφis not an atomic formula, then we can still decompose

it in one of the cases above and try to prove it inductively again. However, the formula must terminate in an atom, and thus we can say that eventually for someπ′′

starting inπ,

M, π′′|=φand thusM, π |=h, i.e.h∈M(π)and thusM, π |=T Rh.

Definition 20 The relation⊆∗

is a binary relation for any two interpretationsM1,M2is defined as follows.

The relation=∗

is a binary relation for any two interpretationsM1,M2is defined as follows.

M1=∗M2

iff∀πsuch thatπis valid w.r.t.PandM1(π) =M2(π)

Lemma 10

M1⊆∗M2⇔s(M1)⊆s(M2)

Proof

Immediate by definition as for pathsπwithout explicit eventsM(π) =s(π)

Lemma 11

M1=∗M2⇔s(M1) =s(M2)

Proof

Immediate by definition as for pathsπwithout explicit eventsM(π) =s(π)

Lemma 12

Letπbe a path without explicit events.M is minimal w.r.t.πinT Reviffs(M)is minimal w.r.t.

πinT R

Proof

Immediate by Lemmas 10 and 11

Theorem 4

LetPbe anevent-freetransaction program and|=T Rthe satisfaction relation specified in

(Bon-ner and Kifer 1993). Then the following property is true for every annotated pathD1,O0. . . ,OnDn without explicit events and every transaction formulaφsuch thatφ6∈ Pe:

M, D1,O0. . . ,OnDn |=φiffs(M), D1, . . . , Dn |=T Rφ

Proof ⇒:

Proof by induction on the structure ofφ. Recall thatφis event-free and thus we don’t need to consider the event case.

• Base Case:SincehD1,O0. . . ,OnDniis without explicit events then by Lemma 5: exp_M(hD1,O0. . . ,OnDni) =hD1,O0. . . ,OnDniand thus we know that:

• Serial Conjunction Case:φ=φ1⊗φ2

SincehD1,O0. . . ,OnDnidoes not have explicit events then Lemma 5 tells us that it holds

exp_M(hD1,O0. . . ,OnDni) = hD1,O0. . . ,OnDni and thus M,hD1,O0. . . ,OnDni |=

φ1⊗φ2 iffM, π1 |= φ1andM, π2 |= φ2andπ1◦π2 = hD1,O0. . . ,OnDni. By

ap-plying the induction hypothesis we know thats(M), π1′ |=T Rφ1ands(M), π′2|=T Rφ2 for pathsπ′

1 andπ

′

2that are obtained fromπ1 andπ2 by eliminating the annotated tran-sitions. Therefore, sinceπ1◦π2 = hD1,O0. . . ,OnDnithenπ′1◦π

′

2 = hD1, . . . , Dni. Giving this we can conclude thats(M),hD1, . . . , Dni |=T Rφ1⊗φ2

• Negation:φ=¬φ

So assume thatM, π |=¬φ. Then it is not the case thatM, πi |=φ. Moreover sinceπdoes not have explicit events thenexp_M(π) =π. In this case, the satisfaction relation coincide and thus sinces(M)makes the same event-free formulas true then,s(M), π|=T Rφ.

• “Classical” Conjunction:Trivially true by applying the induction hypothesis.

• Executional Possibility:Trivially true by applying the induction hypothesis and since exp_M(hD1,O0. . . ,OnDni) =hD1,O0. . . ,OnDni.

⇐:

Proof by induction in the structure ofφ:

• Base Case:s(M),hD1, . . . , Dni |=T R φiffφ∈ s(M)(hD1, . . . , Dni), then by defini-tion,φ∈M(hD1,O0. . . ,OnDni). SincehD1,O0. . . ,OnDnidoes not have explicit events

thenexp_M(hD1,O0. . . ,OnDni) = hD1,O0. . . ,OnDni, and thus, as intended, it holds thatM,hD1,O0. . . ,OnDni |=φ.

• Serial Conjunction:s(M),hD1, . . . , Dni |=T Rφ1⊗φ2iff it exists aπ1′◦π2′ =hD1, . . . , Dni ands(M)π′

1 |=T R φ1ands(M)π′2 |=T R φ2. Moreover sincehD1,O0. . . ,OnDnidoes

not have explicit events thenexp_M(hD1,O0. . . ,OnDni) = hD1,O0. . . ,OnDni. Conse-quently by applying the induction hypothesis we have thatM, π1 |=φ1, andM, π2|=φ2 and thusM,hD1,O0. . . ,OnDni |=φ1⊗φ2

• Negation: Trivially true sincehD1,O0. . . ,OnDnidoes not have explicit events. Then, by

definitions(M)satisfies a formula wheneverM also satisfies it. Then since it is true that exp_M(hD1,O0. . . ,OnDni) =hD1,O0. . . ,OnDni, then the relations coincide.

• “Classical” Conjunction:Trivially true by applying the induction hypothesis similar to the serial-conjunction case.

• Executional Possibility:Trivially true by applying the induction hypothesis and since hD1,O0. . . ,OnDniis event-free

We can now formulate the comparison withT Ras follows. Theorem 5(Simple Comparison withT R)

LetPbe anevent-freetransaction program and|=T Rthe satisfaction relation specified in

(Bon-ner and Kifer 1993). LetD1,O0. . . ,OnDn be a path andφan event-free transaction formula.

Then:

Proof

By Lemma 1 we know thatφwill only be proven inPifD1,O0. . . ,OnDndoes not have explicit events.

⇒:

By Definition, we know that P, D1,O0. . . ,OnDn |= φ iff for all minimal models M of P,

M, D1,O0. . . ,OnDn |= φ. Moreover by Theorem 3 we know that it is equivalent to check

ifM1, D1,O0. . . ,OnDn |= φfor all minimal modelsM1 that are only minimal in event-free paths.

By Theorem 4 we know that ifM modelsφinT Revin a path, thens(M)also modelsφin T Rin the same path. By Lemma 12 we know that ifM is a minimal model ofPw.r.t. event-free paths iffs(M)is also a minimal model ofP inT Rw.r.t. the same path.

Since for every minimal modelM1ofPinT Rwe know that it exists aM2such thatM2is a minimal model inT Revands(M2) =M1, then we can conclude that ifM,hD1,O0. . . ,OnDn |= φfor every minimal modelMthen for every minimal modelM1ofPinT R:M1,hD1, . . . , Dni |=T R φ

By Lemma 4 we know that if a formula inT Ris satisfied by all minimal models, iff it is also satisfied by the intersection of all models of the program. And therefore by definition, if

P, D1,O1. . . ,On−1_D

n|=φthenP, D1. . . , Dn|=T Rφ.

⇐:

By Definition,P, D1, . . . , Dn |=T Rφiff for all modelsM ofP,M, D1, . . . , Dn |=T R φ. By

lemma 4 it is equivalent to check in all minimal models ofPinT R.

By Theorem 4 we know that whenevers(M), D1, . . . , Dn|=T Rφholds thenM, D1, . . . , Dn|=T R φalso holds. Since for every minimal modelMT R of P it exists a minimal modelM1 such that s(M1) = MT R. Moreover since the minimal models w.r.t. interesting paths coincide for T RevandT Rthen ifs(M), D1, . . . , Dn |=T R φis true for all minimal models ofT Rthen M, D1, . . . , Dn|=T Rφfor all models that are minimal w.r.t. event-free paths. And thus by

The-orem 3 it follows thatφis proven in every minimal model. Therefore it holds that:P, D1,O0. . . ,OnDn |= φ

Based on this we can prove a stronger relation withT R. Similarly to what was done for the previous result we have to start with some basic lemmas as follows.

Definition 21

We definetas a function from interpretations to interpretations defined as follows:

• ∀φ, πsuch thatπis an annotated path,φis an atomic formula thatφ6∈ Pe.

Ifφ∈M(π)thenφ∈t(M(π∗))

• ∀e∈ Peventssuch thate∈M(π1◦π2)∧o(e)∈M(π1)∧r(e)∈M(π2)∧π=π₁◦π₂

thene∈M(π∗

)

• Nothing else belongs tot(M)(π) whereπ∗

is obtained by eliminating the annotated transitions ofπand collapsing the redundant statesπ1◦ hDi, Dii ◦π2intoπ1◦ hDii ◦π2.

Lemma 13

LetM1andM2be interpretations inT Rev

Proof

Immediate by definition 21

Lemma 14

LetMbe an interpretation, andPbe a program without complex events. IfM is a minimal model ofP inT Revthent(M)is also a model ofP′ inT R, whereP′is obtained byP substituting all the rules for eventse:r(e)←bodybye←body

Proof

∀h←φ∈P′

. We need to prove that ift(M), π |=T R φthent(M), π|=T Rh. Let’s prove by

induction in the structure ofφand assume thatt(M), π|=T Rφ

• Base Case: Thenφ∈t(M)(π)and by Definition 21φ∈M(π)and one of the three cases may be true:

1. exp_M(π) =π

And thusM, π|=φ. SinceM is a model ofφthenM, π |=handt(M), π|=T Rh

2. exp_M(π) =π1∧π16=π

And thus sinceφ ∈ M(π)andexp_M(π) = π1 thenM, π1 |= φandh ∈ M(π1). Since complex events are not possible, ifhis not an event, it follows immediately that

t(M), π |=T R h. Ifhis an event, the only possible case is thath=r(e)and thus in

P′

the rule is defined ase←φand by definitiont(M), π|=T Re.

3. ¬∃π′s.t.exp_M(π) =π′thenM, π6|=bodyalthoughbody∈M(π). Moreover,¬∃π′

s.t.exp_M(π) =π′

only ifo(e)∈π. Sincebodyis an atomic formula, then it is only

true in 1-paths or 2-paths. Ifπis a 1-path thenexp_M(π) =π(and therefore we reach a contradiction). Ifπis a 2-path, sinceMis minimalo(e)∈πonly ifπ=hD,o(e)Di.

Moreover, in this path sinceM is minimal ando(e)cannot appear in the body of any

(transaction) rule, thenbody6∈M(π)which also leads to a contradiction. • Event Case:i.e.φ=e

Sinceo(e)andr(e)cannot appear in the body of a program without complex event rules,

it exists a rulee←body∈P. Moreover, sincee∈t(M)(π)thenr(e)∈M(π)∧o(e)∈

M(π1)∧e∈M(π1◦π). Thush∈M(π1◦π). Moreover,π1◦πreduces toπ(aso(e)

is only valid inhDi,ODiipaths). Now ifhis not an event, it follows immediately that t(M), π |=T R h. Ifhis an event, the only possible case is thath=r(e)and thus inP′

the rule is defined ase←φand by definitiont(M), π|=T Re.

• Serial Conjunction Case:φ=φ1⊗φ2

Thent(M), π |=T R φ1⊗φ2iff it exists a splitπ1◦π2ofπs.t.t(M), π1 |=T R φ1 and

t(M), π2|=T Rφ2. By applying the Induction Hypothesis we know thatM, π1|=φ1and

M, π2|=φ2. Then one of the three cases may be true: 1. exp_M(π) =π

And thusM, π |=φ1⊗φ2. Consequently sinceM is a model, we have thatM, π|=h, i.e.h∈M(π). By definition it follows immediate thath∈t(M)(π)andt(M), π|=T R h

2. exp_M(π) =π1∧π16=π

Then,M, π1|=handexp_M(π) =πand by definition we have thath∈M(π). Since

3. ¬∃π′

s.t.exp_M(π) =π′

This may never be the case, sinceM, π1 |=φ1andM, π2 |=φ2and complex events are not possible.

• The other cases follow immediate by Induction Hypothesis.

Lemma 15

Lett(M)be a minimal model inT R. ThenM_t−1is an interpretation inT Revdefined as follows: 1. ∀φ6∈ PeofT Rev

Ifφ∈t(M)(π)thenφ∈M_t−1(π∗) 2. ∀e∈ Pe

Ife∈t(M)(π)thenr(e)∈M−1

t (π ∗

) 3. ∀o(e)

Ifπ1=hDi,ODii ∧o(e)∈O

(a) Ife∈t(M)(π2)∧π=π1◦π2 theno(e)∈M−1

t (π1)∧e∈M −1

t (π ∗

) (b) If¬∃e.e∈t(M)(π2)∧π=π1◦π2

theno(e)∈M−1

t (π ∗

1)andr(e)∈M

−1

t (π ∗

1)

andM_t−1is a model ofPinT Rev

Proof

Note thatexp_M−1

t (π)converges for every pathπ. Then it easy to prove, using the method of 14 thatMt−1is still a model ofPinT Rev

Lemma 16

Ift(M1)⊂t(M2)⇒M1⊂M2orM1andM2are incomparable

Lemma 17

M1⊆∗M2⇔t(M1)⊆(M2)

Proof

Immediate by definition 21

Lemma 18

M1=∗M2⇔t(M1) =t(M2)

Proof

Immediate by definition 21

Lemma 19

Proof

Immediate by Lemmas 10 and 11

Definition 22(Complex Event-Free Program)

We say thatP is a complex event-free program iffPdoes not contain complex event rules and for all primitive actionsϕ∈ POit exists the ruler(ϕ)←trueinP.

Additionally we also say that a transaction formula is event-free if it does not contain any formula fromPe.

Lemma 20

LetPbe a program without complex event rules,M be a minimal model ofP,φbe a transaction formula such thatφ 6= o(e). Ifφ ∈ M(π)∧ ∃e, π_s.o(e) ∈ M(π_s)forπ_ssubpath ofπthen

e∈M(π1)for aπ1superpath ofπs Proof

By Lemma 2 we know that every formula inM(π)must be supported by the program or the pathπ. Ifφ ∈M(π)ando(e)∈ πsthen it means thatφis inπonly because it derives from o(e). SincePdoes not have complex rules, this can only be the case whenevereis present in the

interpretation ofπ.

Lemma 21

LetPbe a complex-event free program. LetM be a minimal model ofP. Letφbe a transaction formula such thatφis not an event occurrence.

φ∈M(π)⇒exp_M(π) =π

Proof

Trivially true by Lemma 20, sinceeis always proven (and thusr(e)) whenevero(e)andφare

simultaneous true in a path.

Theorem 6

LetPbe a complex-event free program, and letP′be obtained fromP by replacing inP; every eventeand every occurrence ofr(e), such thate∈ P_e, by a new fluentpe. Letπbe an annotated

path andπ′

be a path obtained fromπs.t. for every event occurrenceϕinπ1◦ hD,ϕDi ◦π2, the path is transformed intoπ1◦ hDi ◦π2. Let|=T Rthe satisfaction relation specified in (Bonner

and Kifer 1993). Then the following property is true for every transaction formulaφ:

M, π|=φifft(M), π′ |=T Rφ

Proof ⇒:

Trivial since Lemma 21 and thusexp_M(π) =π

⇐:

Trivially true since for every formulaφ∈t(M)(π)it must be inM(π′

). Also for every formula

e ∈ t(M)(π)it must exist a o(e) and an r(e) inπ′ andπ is the simplification of π′. Thus

exp_M(π′_{) =} π.

Theorem 7(Comparison toT R)

LetP be a complex-event free program, and letP′be obtained fromP by replacing inP every eventeand every responser(e), s.t.e∈ P_e, by a new fluentpe. Letπbe an annotated path and

π′

be a path obtained fromπremoving the annotations and for every event occurrenceϕinπ

s.t.π=π1◦ hD,ϕDi ◦π2, thenπ′=π1◦ hDi ◦π2. Then for every transaction formulaφ:

P, π|=φiffP′ , π′

|=T Rφ

Proof

P, π|=φiffM, π|=φfor all minimal models ofP. Since from Theorem 6 the models coincide then the result comes immediately from Theorem 6. Similarly we can say thatP′, π′ |=T Rφiff t(M), π|=T Rφ, and thus the reverse is also true.

4 Discussion and Related Work

Several solutions exist to reason about complex events and execute (trans)actions. Complex event processing (CEP) systems as (Adaikkalavan and Chakravarthy 2004; Wu et al. 2006) can reason very efficiently with large streams of data and detect (complex) events. These support a rich specification of events based on event pattern rules combining atomic events with some temporal constructs. As shown in Theorem 1,T RandT Revcan express most event patterns of SNOOP, failing only to translate the expressions that require the explicit specification of time. ETALIS (Anicic et al. 2012) CEP system even usesT R’s syntax and connectives, although abandon-ingT R’s model theory and providing a different satisfaction definition. However, contrarily to T Rev, CEP systems do not deal with the execution of actions in reaction to the events detected. To reason about (trans)actions, solutions like the Situation Calculus, Event Calculus, Action Languages, etc. are popular for their ability to model, very expressively, the direct and indirect effects of actions in KBs. Motivated by the success of relational and deductive databases, several extensions of these languages like (Baral et al. 1997; Bertossi et al. 1998) have been proposed to reason about the effects of a subset of actions that follows a transactional behavior and, some of these solutions can also reason about events that behave similarly to database triggers. However, as in database triggers, these events are restricted to detect simple actions like “on insert/delete” and thus have a very limited expressivity that fails to encode complex events, as defined in CEP systems and inT Rev. Further, although the examples herein are all based on a relational oracle, nothing prevents T Rev _{to use alternative KBs and subsequently primitive actions. E.g., with}

r(event)←♦cond⊗action

r(event)← ¬♦cond (3)

r(event)←rule1⊗rule2⊗. . .⊗rulen

Assuming that a rule is defined as follows: rulei←♦condi⊗acti

rulei← ¬♦condi

(4)

where the (3) and (4) define the different consumption policies of an ECA. Viz. (3) is the case where for one event occurrence only one ECA-rule is fired, while (4) fires all its ECA-rules.

T Revcan also be compared with (Chomicki et al. 2003) which proposes a policy description language where policies are formulated as sets of ECA rules and conflicts between policies are captured by logic programs. This work is very interesting as it also provides properties on the execution of the actions, and transaction-like actions can be achieved if the user provides the correct specification for conflict rules. Yet, only a relaxed model of transactions can be achieved and it requires a complete low-level specification of the transaction conflicts by the user.

In the context of multi-agent systems, (Kowalski and Sadri 2012; Costantini and Gasperis 2012) propose logic programming languages that react and execute actions in response to com-plex events. Unfortunately, these actions fail to follow any kind of transaction model.

T Rev is a logic programming like language integrating complex events rules with reactive rules that execute transactions. It is parametric on a pair of oracles and on a functionchoicethat picks the event to be responded at a given time.T Rev_{gives an important contribution to model}

transactional behavior in arbitrary reactive systems, and which is elegantly expressed in a non-monotonic manner. With it, one is able to talk about what properties (or fluents) hold after the execution of a reactive transaction, but also,howand in which paths such a reactive transaction can succeed. The latter isT Rev’s main innovation: to reason about the correct execution paths of arbitrary transactions that react to internal and external events. We have also defined a procedure to execute these reactive transaction, which is built upon the complex event detection algorithm of ETALIS and the execution algorithm ofT R, but it is omitted for lack of space.

References

ADAIKKALAVAN, R.ANDCHAKRAVARTHY, S. 2004. Formalization and detection of events over a sliding window in active databases using interval-based semantics. InADBIS. 241–256.

ADAIKKALAVAN, R. ANDCHAKRAVARTHY, S. 2006. Snoopib: Interval-based event specification and detection for active databases.Data Knowl. Eng. 59,1, 139–165.

ALFERES, J. J., BANTI, F.,ANDBROGI, A. 2011. Evolving reactive logic programs. Intelligenza Artifi-ciale 5,1, 77–81.

ANICIC, D., RUDOLPH, S., FODOR, P.,ANDSTOJANOVIC, N. 2012. Stream reasoning and complex event processing in etalis.Semantic Web 3,4, 397–407.

BAILEY, J., DONG, G.,ANDRAMAMOHANARAO, K. 2004. On the decidability of the termination problem of active database systems.Theor. Comput. Sci. 311,1-3, 389–437.

BARAL, C., LOBO, J.,ANDTRAJCEVSKI, G. 1997. Formal characterizations of active databases: Part ii. InDOOD. LNCS, vol. 1341. Springer, 247–264.

BERTOSSI, L. E., PINTO, J.,ANDVALDIVIA, R. 1998. Specifying active databases in the situation calcu-lus. InSCCC. IEEE Computer Society, 32–39.

BONNER, A. J.ANDKIFER, M. 1993. Transaction logic programming. InICLP. 257–279.

BONNER, A. J.ANDKIFER, M. 1998. Results on reasoning about updates in transaction logic. In Trans-actions and Change in Logic Databases. 166–196.

BRY, F., ECKERT, M.,ANDPATRANJAN, P.-L. 2006. Reactivity on the web: Paradigms and applications of the language xchange.J. Web Eng. 5,1, 3–24.

CHOMICKI, J., LOBO, J.,ANDNAQVI, S. A. 2003. Conflict resolution using logic programming. IEEE Trans. Knowl. Data Eng. 15,1, 244–249.

COSTANTINI, S.ANDGASPERIS, G. D. 2012. Complex reactivity with preferences in rule-based agents. InRuleML. 167–181.

GOMES, A. S.ANDALFERES, J. J. 2013. External transaction logic with automatic compensations. In CLIMA. Springer, 239–255.

KOWALSKI, R. A.ANDSADRI, F. 2012. A logic-based framework for reactive systems. InRuleML. 1–15. LAUSEN, G., LUDASCHER¨ , B.,ANDMAY, W. 1998. On active deductive databases: The statelog approach.

InTransactions and Change in Logic Databases. 69–106.

PAPAMARKOS, G., POULOVASSILIS, A.,ANDWOOD, P. T. 2006. Event-condition-action rules on rdf metadata in p2p environments.Comp. Networks 50,10, 1513–1532.

WU, E., DIAO, Y.,ANDRIZVI, S. 2006. High-performance complex event processing over streams. In SIGMOD Conference. ACM, 407–418.