Satisfiability and Model Checking for the Logic of Sub-Intervals under the Homogeneity Assumption

The expressive power of interval temporal logics (ITLs) makes them one of the most natural choices in a number of application domains, ranging from the specification and verification of complex reactive systems to automated planning. However, for a long time, because of their high computational complexity, they were considered not suitable for practical purposes. The recent discovery of several computationally well-behaved ITLs has finally changed the scenario. In this paper, we investigate the finite satisfiability and model checking problems for the ITL D, that has a single modality for the sub-interval relation, under the homogeneity assumption (that constrains a proposition letter to hold over an interval if and only if it holds over all its points). We first prove that the satisfiability problem for D, over finite linear orders, is PSPACE-complete, and then we show that the same holds for its model checking problem, over finite Kripke structures. In such a way, we enrich the set of tractable interval temporal logics with a new meaningful representative.


Introduction
For a long time, interval temporal logics (ITLs) were considered an attractive, but impractical, alternative to standard point-based ones. On the one hand, as stated by Kamp and Reyle [KR93], "truth, as it pertains to language in the way we use it, relates sentences not to instants but to temporal intervals", and thus ITLs are a natural choice as a specification/representation language; on the other hand, the high undecidability of the satisfiability problem for the most well-known ITLs, such as Halpern and Shoham's modal logic of time intervals (HS for short) [HS91] and Venema's CDT [Ven91], prevented an extensive use of them (in fact, some quite restricted variants of them have been applied in formal verification and artificial intelligence over the years). with x ≤ y, we denote by [x, y] the (closed) interval over S consisting of the set of elements z ∈ S such that x ≤ z and z ≤ y. For z ∈ S, we write z ∈ [x, y] to mean that z is an element of the interval [x, y]. We denote the set of all intervals over S by I(S). We consider two possible sub-interval relations: (1) the proper sub-interval relation (denoted as ), defined by [x, y] [x , y ] if x ≤ x, y ≤ y , and [x, y] = [x , y ] (corresponding to the proper subset relation over intervals), (2) and the strict sub-interval relation (denoted as · ), defined by [x, y] · [x , y ] if and only if x < x and y < y .
The two modal logics D and D · feature the same language, consisting of a finite set AP of proposition letters/variables, the logical connectives ¬ and ∨, and the modal operator D . Formally, formulae are defined by the grammar: with p ∈ AP . The other connectives, as well as the logical constants (true) and ⊥ (false), are defined as usual; moreover, the dual universal modality [D]ϕ is defined as ¬ D ¬ϕ. The length of a formula ϕ, denoted as |ϕ|, is the number of sub-formulas of ϕ.
The semantics of D and D · only differ in the interpretation of the D modality. For the sake of brevity, we use • ∈ { , · } as a shorthand for any of the two sub-interval relations. The semantics of a sub-interval logic D In this paper, we restrict our attention to the finite satisfiability problem, that is, satisfiability over the class of finite linear orders. The problem has been shown to be undecidable for D and D · [MM14]. In the following, we show that decidability for D and D · can be recovered by restricting to the class of homogeneous interval models. We fully work out the case of D (for the sake of simplicity, hereafter we will write D for D ), and then we briefly explain how to adapt the proofs to D · . In the following, we will refer to D interpreted over homogeneous models as D| Hom . Moreover, we refer to D · interpreted over homogeneous models as D| Hom, · .
2.1. Closure, atoms, and temporal requests. We now introduce some basic definitions and notation which will be extensively used in the following. Given a D-formula (resp., D · -formula) ϕ, we define the closure of ϕ, denoted by CL(ϕ), as the set of all sub-formulas ψ of ϕ and of their negations ¬ψ (we identify ¬¬ψ with ψ and ¬ D ψ with [D]¬ψ).
Intuitively, a ϕ-atom describes a maximal set of sub-formulas of ϕ which can hold at an interval of an interval model. In particular, the idea underlying atoms is to enforce a "local" (or Boolean) form of consistency among the formulas it contains, that is, a ϕ-atom A is a maximal, locally consistent subset of CL(ϕ). As an example, ¬(ψ 1 ∨ ψ 2 ) ∈ A iff ¬ψ 1 ∈ A and ¬ψ 2 ∈ A. Note, however, that the definition does not set any constraint on sub-formulas of ϕ of the form D ψ, hence the word "local". We denote the set of all ϕ-atoms by A ϕ . Its cardinality is clearly bounded by 2 |ϕ| (by the first item of Definition 2.2). Atoms are connected by the following binary relation D ϕ which, intuitively, represents the "symbolic" counterpart of the inverse of relation between pairs of intervals, if ϕ is a D-formula, and the inverse · of relation · , otherwise.  (by definition of ϕ-atom). Moreover, we denote by REQ ϕ the set of all arguments of Dformulas in CL(ϕ), namely, REQ ϕ = {ψ : D ψ ∈ CL(ϕ)}. Finally, we denote by Obs D (A) the set {ψ ∈ A : ψ ∈ REQ ϕ } of "observables" of A.
The next proposition, stating that, once proposition letters and temporal requests of A have been fixed, A gets unambiguously determined, can be easily proved by induction.
In the rest of the paper, we will exploit the following characterization of the relation D ϕ .

2.2.
A spatial representation of interval models. We now provide a natural interpretation of D (resp., D · ) over grid-like structures, called compass structures, by exploiting the existence of a natural bijection between intervals [x, y] and points (x, y), with x ≤ y, of an S × S grid, where S = S, < is a finite linear order. Such an interpretation was originally proposed by Venema in [Ven90], and it can also be given for HS and all its (other) fragments.
As an example, Figure 2 shows four intervals [x 0 , y 0 ], . . . , [x 3 , y 3 ], respectively represented by the points in the grid (x 0 , y 0 ), . . . , (x 3 , y 3 ), such that: The red region highlighted in Figure 2 contains all and only those points (x, y) such that [x, y] [x 3 , y 3 ]. Allen interval relation contains can thus be represented as a spatial relation between pairs of points. In the following, we make use of and · also for relating points: given two points (x, y), (x , y ) of the grid, (x , y ) ( Compass structures, that will be repeatedly exploited to solve the satisfiability and model-checking problems for D| Hom and D| Hom, · , can be formally defined as follows. Definition 2.6. Given a linear order S = S, < and a D-formula (resp., D · -formula) ϕ, a compass ϕ-structure is a pair G = (P S , L), where P S is the set of points of the form (x, y), with x, y ∈ S and x ≤ y, and L is a function that maps any point (x, y) ∈ P S to a ϕ-atom L(x, y) in such a way that for every pair of points (x, y), (x , y ) ∈ P S , if (x , y ) (x, y) (resp., (x , y ) · (x, y)), then L(x, y) D ϕ L(x , y ) (temporal consistency).
A weak compass ϕ-structure is a ϕ-compass structure where the temporal consistency requirement has been relaxed. A (weak) compass ϕ-structure G = (P S , L) induces the interval model M(G) over I(S) whose valuation function V is defined as follows: for each By exploiting Proposition 2.5 and temporal consistency, we can prove the following lemma, that states an important property of compass structures.
We now introduce an additional requirement on compass ϕ-structures stating that each temporal request is eventually fulfilled. Formally, fulfilling structures are defined as follows.
Definition 2.8. Let ϕ be a D-formula (resp., D · -formula) and G = (P S , L) a compass ϕ-structure. We say that G is fulfilling if for every point (x, y) ∈ P S and any formula ψ ∈ Req D (L(x, y)), there exists a point (x , y ) (x, y) (resp., (x , y ) · (x, y)) in P S such that ψ ∈ L(x , y ).
It is worth pointing out that if G is fulfilling, then Req D (L(x, x)) = ∅ for all points "on the diagonal" (x, x) ∈ P S (corresponding to the singleton intervals of I(S)).
As proved by Proposition 2.9 below, the fulfillment requirement ensures that, for each point (x, y), the atom L(x, y) represents the set of formulas in CL(ϕ) that hold over the interval [x, y] of the underlying interval model M(G).
We say that a compass ϕ-structure G = (P S , L) features a formula ψ if there exists a point (x, y) ∈ P S such that ψ ∈ L(x, y).
The next proposition provides a characterization of the set of satisfiable D-formulas.
Proposition 2.9. Let ϕ be a D-formula (resp., D · -formula). The, the following statements hold: (1) given a fulfilling compass ϕ-structure G = (P S , L), it holds that for all points (x, y) of G and ψ ∈ CL(ϕ), ψ ∈ L(x, y) if and only if M(G), [x, y] |= ψ; (2) ϕ is satisfiable if and only if there is a fulfilling compass ϕ-structure that features it.
Proof. We assume that ϕ is a D-formula (the case where ϕ is a D · -formula is similar).
We first prove statement (1) by induction on the structure of the formula ψ ∈ CL(ϕ). The base case (ψ is a proposition letter) directly follows from the definition of M(G). The cases of the Boolean connectives follow from the induction hypothesis and the definition of ϕ-atoms. It remains to consider the case where ψ is of the form D ψ . If ψ ∈ L(x, y), then, being G fulfilling, there exists a point (x , y ) such that (x , y ) (x, y) and ψ ∈ L(x , y ). By the induction hypothesis, it follows that M(G), [x , y ] |= ψ , hence, M(G), [x, y] |= ψ. As for the opposite direction, assume that M(G), [x, y] |= ψ. Hence, M(G), [x , y ] |= ψ for some interval [x , y ] such that [x , y ] [x, y]. By the induction hypothesis, ψ ∈ L(x , y ); by Lemma 2.7, we obtain that ψ ∈ L(x, y). Let us prove now statement (2). First, assume that ϕ is satisfiable. Hence, there exists an interval model M over I(S) and an interval [x, y] ∈ I(S) such that M, [x, y] |= ϕ. Let G = (P S , L) be the weak compass ϕ-structure where for all points (x, y), L(x, y) is the set of formulas ψ ∈ CL(ϕ) such that M, [x, y] |= ψ. Since M, [x, y] |= ϕ, by the semantics of D, it follows that G is a fulfilling compass ϕ-structure that features ϕ. The opposite direction directly follows from statement (1).
The notion of homogeneous models directly transfers to compass structures.
Definition 2.10. A compass ϕ-structure G = (P S , L) is homogeneous if for every point (x, y) ∈ P S and any p ∈ AP , p ∈ L(x, y) if and only if p ∈ L(x , x ) for all x ∈ [x, y].
Proposition 2.9 (item 2) can be tailored to homogeneous compass structures as follows.
Proposition 2.11. A D| Hom -formula (resp., D| Hom, · -formula) ϕ is satisfiable if and only if there is a fulfilling homogeneous compass ϕ-structure that features it.
3. Satisfiability of D| Hom and D| Hom, · over finite linear orders In this section, we devise a satisfiability checking procedure for D| Hom -formulas over finite linear orders, which will also allow us to easily derive a model checking algorithm for D| Hom over finite Kripke structures (see Section 4). At the end of this section (see Subsection 3.4), we show how to adapt the proposed approach for D| Hom in order to obtain a decision procedure for satisfiability of D| Hom, · over finite linear orders.
In the following, we fix a D| Hom -formula ϕ. We first introduce a ternary relation among ϕ-atoms, that we denote by Dϕ , such that if it holds among all atoms in consecutive positions of a weak compass ϕ-structure, then the structure is homogeneous and satisfies both the temporal consistency requirement and the fulfilling one. Hence, we may say that Dϕ is the rule for labeling fulfilling compasses.
Next, we introduce an equivalence relation ∼ between rows of a compass ϕ-structure. Since it has finite index-exponentially bounded by |ϕ|-and it preserves fulfillment of compasses, it makes it possible to "contract" the structures when we identify two related rows. Moreover, any contraction done according to ∼ keeps the same atoms (only the number of their occurrences may vary), and thus if a compass features ϕ before the contraction, then ϕ is still featured after it. This fact is exploited to build a satisfiability checking algorithm for D| Hom -formulas which makes use of polynomial working space only, because (i) it only needs to keep track of two rows of a compass at a time, (ii) all rows satisfy some nice properties that allow one to succinctly encode them, and (iii) compass contractions are implicitly done by means of a reachability check in a suitable graph, whose nodes are the minimal representatives of the equivalence classes of ∼.
3.1. Labeling of homogeneous fulfilling compasses. We first show how to label homogeneous fulfilling compass ϕ-structures. Such a labeling is based on the aforementioned ternary relation Dϕ among atoms, which is defined as follows.
Definition 3.1. Given three ϕ-atoms A 1 , A 2 and A 3 , we say that A 3 is D ϕ -generated by It is immediate to show that , the order of the first two components in the ternary relation is irrelevant). Intuitively, the first item of the definition enforces the homogeneity assumption.
The next result, which immediately follows from Proposition 2.4, proves that Dϕ expresses a functional dependency on ϕ-atoms.
Definition 3.1 and Lemma 3.2 can be exploited to label a homogeneous compass ϕstructure G, namely, to determine the ϕ-atoms labeling all the points (x, y) of G, starting from the ones on the diagonal. The idea is the following: if two ϕ-atoms A 1 and A 2 label respectively the greatest proper prefix [x, y − 1] and the greatest proper suffix [x + 1, y] of the same non-singleton interval [x, y], then the atom A 3 labeling point (x, y) is unique, and it is precisely the one satisfying A 1 A 2 Dϕ A 3 (see Figure 3). The next lemma proves that this is the general rule for labeling homogeneous fulfilling compasses.
(⇐) Let us consider a weak compass ϕ-structure G = (P S , L) such that for every point (x, y) ∈ P S , we have L(x, y − 1)L(x + 1, y) Dϕ L(x, y) if x < y, and Req D (L(x, y)) = ∅ if x = y. We have to prove that G is a homogeneous fulfilling compass ϕ-structure.
First, we prove consistency with respect to the relation D ϕ . Let us show that for all pairs of points (x, y) and ( , being the other case symmetric. By the inductive hypothesis, Let us now show that G is fulfilling. We need to prove that for every point (x, y) ∈ P S and for every ψ ∈ Req D (L(x, y)), there exists (x , y ) ∈ P S such that (x , y ) (x, y) and ) is symmetric and thus omitted), by the inductive hypothesis, ψ ∈ L(x , y ) for some (x , y ) (x + 1, y) (x, y).
It remains to prove that G is homogeneous. We have to show that for every (x, y) ∈ P S , The proof is by induction on y − x ≥ 0. If x = y, the property trivially holds. Let us assume now y − x > 0 (inductive step). Since L(x + 1, y)L(x, y − 1) Dϕ L(x, y), by condition (i) of Definition 3.1 and the induction hypothesis, we obtain that L(x, y) Hence, the result directly follows.
3.2. The contraction method. In this section, we describe the proposed contraction method. To begin with, we introduce the notion of ϕ-row, which can be viewed as the ordered sequence of (the occurrences of) atoms labelling a row of a compass ϕ-structure.
For a non-empty finite word (or sequence) w over some finite alphabet Σ, we denote by |w| the length of w. Moreover, for all 0 ≤ i < |w|, w[i] denotes the (i + 1) th letter of w.
Given two non-empty finite words w, w over Σ, we denote by w · w the concatenation of w and w . If the last letter of w coincides with the first letter of w , we denote by w w the word w · w [1] . . . w [n − 1], where n = |w |, that is, the word obtained by concatenating w with the word obtained from w by erasing the first letter. When |w | = 1, w w = w.
Definition 3.4. A ϕ-row row is a non-empty finite sequence of ϕ-atoms such that for all We represent a ϕ-row row in the form row = A m 0 0 · · · A mn n (maximal factorization), where A m stands for m repetitions of the ϕ-atom A, m i > 0 for all i ∈ [0, n], and A i = A i+1 for all i ∈ [0, n − 1]. Let Rows ϕ be the set of all possible ϕ-rows. This set is infinite. The next lemma proves that the number of distinct atoms in any ϕ-row row = A m 0 0 · · · A mn n is linearly bounded in the size of ϕ.
Lemma 3.5. The number of distinct atoms in a ϕ-row row is at most 2|ϕ|. Moreover, if . Therefore, two monotonic sequences can be associated with every ϕ-row, one ). The number of distinct elements is bounded by |ϕ| in the former sequence and by |ϕ| + 1 in the latter, as | REQ ϕ | ≤ |ϕ| − 1 and |AP | ≤ |ϕ|, since, w.l.o.g., we can restrict ourselves to the proposition letters actually occurring in ϕ. Given that, as already shown (Proposition 2.4), a set of requests and a set of proposition letters uniquely determine a ϕ-atom, any ϕ-row may feature at most 2|ϕ| distinct atoms, that is, n ≤ 2|ϕ|. The proof of the second statement is immediate.
Given a homogeneous compass ϕ-structure G = (P S , L) (for S = (S, <)), for every y ∈ S, we define row y as the word of ϕ-atoms row y = L(y, y) · · · L(0, y), that is, the sequence of atoms labeling points of G with the same y-coordinate, starting from the one on the diagonal inwards (see Figure 3). Since in a fulfilling compass ϕ-structure there are no temporal requests in the atoms labeling the diagonal points, we obtain the following result.
Lemma 3.6. Let G = (P S , L) (for S = (S, <)) be a homogeneous fulfilling compass ϕstructure. For every y ∈ S, row y is an initialized ϕ-row.
We now define the successor function over ϕ-rows, which, given a ϕ-row row and a ϕ-atom A, returns the ϕ-row of length |row| + 1 and first atom A obtained by a componentwise application of Dϕ starting from A and the first atom of row.
Definition 3.7. Given a ϕ-atom A and a ϕ-row row with |row| = n, the A-successor of row, denoted by succ ϕ (row, A), is the sequence B 0 . . . B n of ϕ-atoms defined as follows: By Proposition 2.5 and Definition 3.1, we deduce the following lemma.
Lemma 3.8. The following properties hold: (1) Let row be a ϕ-row and A be a ϕ-atom. Then, succ ϕ (row, A) is a ϕ-row.
(2) Let row be a ϕ-row of the form row = row 1 · row 2 and A be a ϕ-atom. Then, Proof. Property (2) directly follows from Definition 3.7. As for Property (1), let succ ϕ (row, A) = B 0 . . . B n , where n = |row|. By Definitions 3.1 and 3.7, for all Moreover, by Lemma 3.3, consecutive rows in homogeneous fulfilling compass ϕstructures respect the successor function. In particular, the next result directly follows from Lemmata 3.3 and 3.6. Lemma 3.9. Let G = (P S , L) be a weak compass ϕ-structure such that Req D (L(x, x)) = ∅ for all (x, x) ∈ P S . Then, G is a homogeneous fulfilling compass ϕ-structure if and only if for each 0 ≤ y < |S| − 1, row y+1 = succ ϕ (row y , row y+1 [0]).
We now illustrate the kernel of the proposed approach to solve satisfiability for D| Homformulas. We introduce an equivalence relation ∼ of finite index over Rows ϕ whose number of classes is singly exponential in the size of ϕ and such that each class has a representative whose length is polynomial in the size of ϕ. As a crucial result, we show that the successor function preserves the equivalence between ϕ-rows.
The equivalence relation ∼ is based on the notion of rank of ϕ-atoms. Given an atom A ∈ A ϕ , we define the rank of A, written rank(A), as | REQ ϕ | − |Req D (A)|. Clearly, 0 ≤ rank(A) < |ϕ|. Whenever A D ϕ A , for some A ∈ A ϕ , Req D (A ) ⊆ Req D (A), and hence rank(A) ≤ rank(A ). We can see the rank of an atom as the "number of degrees of freedom" that it gives to the atoms that stay "above it". In particular, by Definition 3.4, for every ϕ-row row = A m 0 0 · · · A mn n , we have rank(A 0 ) ≥ · · · ≥ rank(A n ).
Definition 3.10. Given two ϕ-rows row 1 = A m 0 0 · · · A mn n and row 2 =Âm 0 0 · · ·Âmn n (represented in maximal factorization form), we say that they are equivalent, written row 1 ∼ row 2 , if (i) n =n, and (ii) for each 0 ≤ i ≤ n, A i =Â i , and either m i =m i or both m i andm i are (strictly) greater than rank(A i ).
A minimal ϕ-row is a ϕ-row whose maximal factorization A m 0 0 · · · A mn n satisfies the following condition: Note that if two rows feature the same set of atoms, the lower the rank of an atom A i , the lower the number of occurrences of A i both the rows have to feature in order to belong to the same equivalence class. As an example, let row 1 and row 2 be two rows with row 1 = A m 0 0 A m 1 1 , row 2 = A m 0 0 A m 1 1 , rank(A 0 ) = 4, and rank(A 1 ) = 3. If m 1 = 4 and m 1 = 5 they are both greater than rank(A 1 ), and hence they do not violate the condition for row 1 ∼ row 2 . On the other hand, if m 0 = 4 and m 0 = 5, we have that m 0 is less than or equal to rank(A 0 ). Thus, in this case, row 1 ∼ row 2 due to the indexes of A 0 . This happens because rank(A 0 ) is greater than rank(A 1 ). Two cases in which row 1 ∼ row 2 are m 0 = m 0 and m 0 , m 0 ≥ 5.
The next result directly follows from the definition of ∼ and Lemma 3.5.
Lemma 3.11. Each equivalent class of ∼ contains a unique minimal ϕ-row. Moreover, the length of a minimal ϕ-row is at most O(|ϕ| 2 ).
Thus, the equivalence relation ∼ has finite index given by the number of minimal ϕ-rows. This number is roughly bounded by the number of all the possible ϕ-rows row = A m 0 0 · · · A mn n , with exponents m i ranging from 1 to |ϕ|. Since (i) the number of possible ϕ-atoms is 2 |ϕ| , (ii) the number of distinct atoms in any ϕ-row is at most 2|ϕ|, and (iii) the number of possible functions f : {1, . . . , } → {1, . . . , |ϕ|} is |ϕ| , we have that the number of distinct equivalence classes of ∼ is bounded by 2|ϕ| j=1 (2 |ϕ| ) j · |ϕ| j ≤ 2 3|ϕ| 2 , which is exponential in the length of the input formula ϕ.
Next, we observe that if we replace a segment (sub-row) of a ϕ-row with an equivalent one, we obtain a ϕ-row which is equivalent to the original one. The following lemma holds. Lemma 3.12. Let row 1 , row 1 , row 2 , row 2 be ϕ-rows such that row 1 ∼ row 1 and row 2 ∼ row 2 . If row 1 row 2 and row 1 row 2 are defined, then row 1 row 2 ∼ row 1 row 2 .
Proof. Let A be the first common ϕ-atom A of row 2 and row 2 . By hypothesis, A is also the last common atom of row 1 and row 1 . By hypothesis and Definition 3.10, one can easily deduce that, representing by m (resp., m ) the number of occurrences of A in row 1 row 2 (resp., row 1 row 2 ), it holds that either m = m , or both of them are greater than rank(A). Hence, the result easily follows.
We now show that the successor function on ϕ-rows preserves the equivalence of ϕ-rows. We first show that the result holds for ϕ-rows of the form B m for some ϕ-atom B and m ≥ 1.
Lemma 3.13. Let A and B be two ϕ-atoms and m > rank(B). Then, the following properties hold: • the ϕ-row succ ϕ (B m , A) is of the form AA 1 . . . A k for some k, ≥ 1 such that A 1 , . . . , A k are pairwise distinct ϕ-atoms and > rank(A k ) (note that A and A 1 may be equal), Since row[0] = A and |row| = m + 1, it follows that row is of the form AA 1 . . . A k for some k, ≥ 1 such that k + − 1 = m, A 1 , . . . , A k are pairwise distinct ϕ-atoms, and rank(B) ≥ rank(A 1 ) > · · · > rank(A k ). Hence, rank(B) ≥ rank(A k ) + k − 1. By hypothesis, m > rank(B) which entails that = m − k + 1 > rank(A k ), and the first statement of Lemma 3.13 follows.
As for the second statement, we have that succ ϕ (B m+t , A) = succ ϕ (B m , A) succ ϕ (B t , A k ) (by Lemma 3.8(2)). If = 1, then, being 0 ≤ rank(A k ) < , it holds that rank(A k ) = 0. Hence, we deduce that each atom occurring in succ ϕ (B t , A k ) is A k . On the other hand, if > 1 then A k B Dϕ A k . Hence, in both the cases, we obtain that succ ϕ (B t , A k ) is A t+1 k and succ ϕ (B m+t , A) = succ ϕ (B m , A) · A t k , which concludes the proof. We now generalize Lemma 3.13 to arbitrary ϕ-rows.
Lemma 3.14. Let A be a ϕ-atom and row, row be two ϕ-rows such that row ∼ row . Then, it holds that succ ϕ (row, A) ∼ succ ϕ (row , A).
Proof. The proof is by induction on the number of distinct ϕ-atoms occurring in row, denoted by N (row). Being row and row equivalent, N (row ) = N (row). Base case: N (row) = N (row ) = 1. Assume that |row| ≤ |row | (the case where |row | ≤ |row| being symmetric). Since row and row are equivalent, there is a ϕ-atom B such that row = B m , row = B m+t , m = |row|, t = |row| − |row |, and either t = 0 or m > rank(B). If t = 0, that is, row = row , the result is obvious. Otherwise, the result directly follows from Lemma 3.13. Inductive step: N (row) = N (row ) > 1. Hence, being row ∼ row , row (resp., row ) can be written in the form row = row 1 · row 2 (resp., row = row 1 · row 2 ) such that 24:14
3.3. A satisfiability checking procedure for D| Hom . Let us now focus on the complexity of the satisfiability checking problem for a D| Hom -formula ϕ over finite linear orders, which has been proved, by Proposition 2.11, to be equivalent to the problem of deciding whether there is a homogeneous fulfilling compass ϕ-structure that features ϕ. By exploiting Lemma 3.14, we reduce such a problem to a reachability problem in a finite graph with the initialized minimal ϕ-rows as vertices.
Definition 3.15. Let row be a minimal ϕ-row and A an atom. We denote by succ min ϕ (row, A) the unique minimal ϕ-row in the equivalence class of ∼ containing succ ϕ (row, A).
We associate with formula ϕ the finite graph G min ϕ = (Rows min ϕ , ⇒ min ϕ ) defined as: • Rows min ϕ is the set of initialized minimal ϕ-rows; • for all row, row ∈ Rows min ϕ , row ⇒ min ϕ row iff row = succ min ϕ (row, row [0]). We now prove the main technical result of the section.
The size of Rows min ϕ is bounded by M = 2 3|ϕ| 2 . By Theorem 3.16, ϕ is satisfiable if and only if there is path in the finite graph G min ϕ = (Rows min ϕ , ⇒ min ϕ ) of length at most M from a ϕ-row in Rows min ϕ of length 1 to a ϕ-row row 2 ∈ Rows min ϕ such that ϕ ∈ row 2 [i], for some 0 ≤ i < |row 2 |. The non-deterministic procedure SAT(ϕ) in Algorithm 1 exploits such a characterization to decide the satisfiability of a D| Hom -formula ϕ. Initially, the algorithm guesses a ϕ-atom having no temporal request, that is, a row in Rows min ϕ of length 1. At the j-th iteration, if the currently processed ϕ-row row ∈ Rows min ϕ has some atom which contains ϕ, then the algorithm terminates with success. Otherwise, the algorithm guesses a successor row of the current ϕ-row row in G min ϕ . The procedure terminates after at most M iterations. The working space used by the procedure is polynomial: M and step (which ranges in [0, M − 1]) can be encoded in binary with log 2 M + 1 = O(|ϕ| 2 ) bits. Moreover, at each step, the algorithm keeps in memory only two minimal initialized ϕrows: the current one row and the guessed successor row in G min ϕ . By Lemma 3.11, each minimal initialized ϕ-row can be represented by using space polynomial in ϕ. Thus, since NPSPACE = PSPACE, we obtain the following result.
Theorem 3.17. The satisfiability problem for D| Hom -formulas over finite linear orders is in PSPACE.
3.4. The easy adaptation to D| Hom, · . We conclude the section by sketching the changes to the previous notions that allow us to prove the decidability of the satisfiability problem for D| Hom, · over finite linear orders. As a matter of fact, it suffices to replace the definitions of Dϕ , ϕ-row, and succ ϕ by the following ones. For the sake of simplicity, we introduce a dummy atom , for which we assume Req D ( ) = Obs D ( ) = ∅.
Definition 3.18. Given the ϕ-atoms A 1 , A 3 , A 4 ∈ A ϕ and A 2 ∈ A ϕ ∪ { }, we say that A 4 is D ϕ · -generated by A 1 , A 2 , A 3 (written A 1 , A 2 , A 3 Dϕ · A 4 ) if: The intuition behind Definition 3.18 is that if an interval [x, y], with x < y, is labeled by A 4 , and its three sub-intervals [x, y − 1], [x + 1, y − 1], and [x + 1, y] are labeled by A 1 , A 2 , and A 3 , respectively, we require that A 1 , A 2 , A 3 Dϕ · A 4 holds. In particular, in the special Definition 3.19. A ϕ-· -row row is a non-empty finite sequence of ϕ-atoms such that for Definition 3.20. Given a ϕ-atom A and a ϕ-· -row row, with |row| = n, the A-· -successor of row, denoted by succ ϕ, · (row, A), is the sequence B 0 . . . B n of ϕ-atoms defined as follows: Once the above-defined changes have been to the basic notions, following exactly the same steps of the proof of Theorem 3.17, we can show that like D| Hom , satisfiability for D| Hom, · over finite linear orders is in PSPACE.
Theorem 3.21. The satisfiability problem for D| Hom, · -formulas over finite linear orders is in PSPACE.
PSPACE-completeness of the satisfiability problem for D| Hom and D| Hom, · will be proved in Section 5. In the next section, we focus on their model checking problem.

Model checking of D| Hom and D| Hom, · formulas over Kripke structures
In this section, we deal with the model checking problem for D| Hom and D| Hom, · , namely, the problem of checking whether a model of a given system satisfies some behavioural properties expressed as D| Hom -or D| Hom, · -formulas. The usual models are Kripke structures, which will now be introduced along with the definition of the semantics of D| Hom and D| Hom, · formulas over them.
Definition 4.1. A finite Kripke structure is a tuple K = (AP , W, E, µ, s 0 ), where AP is a finite set of proposition letters, W is a finite set of states, E ⊆ W × W is a left-total binary relation over W , µ : W → 2 AP is a labelling function over W , and s 0 ∈ W is the initial state.
For all s ∈ W , µ(s) is the set of proposition letters that hold on s, while E is the transition relation that describes the evolution of the system over time. Definition 4.2 (Paths and traces). Given a finite Kripke structure K = (AP , W, E, µ, s 0 ), a path of K is a non-empty finite sequence of states ρ = s 1 · · · s n such that (s i , s i+1 ) ∈ E for i = 1, . . . , n − 1. A path is initial if it starts from the initial state of K .
We extend the labeling µ to paths of K in the usual way: for a path ρ = s 1 . . . s n , µ(ρ) denotes the word over 2 AP of length n given by µ(s 1 ) . . . µ(s n ). A trace of K is a non-empty finite word over 2 AP of the form µ(ρ) for some path ρ of K . A trace is initial if it is of the form µ(ρ) for some initial path ρ of K .
Given a non-empty finite word w over 2 AP , we can associate with w, in a natural way, a homogeneous interval model M(w) over the finite linear order induced by w. for all x ∈ [x, y].
Example 4.5. In Figure 5, we give an example of a finite Kripke structure K Sched that models the behaviour of a scheduler serving three processes which are continuously requesting the use of a common resource. The initial state is v 0 : no process is served in that state. In the states v i and v i , with i ∈ {1, 2, 3}, the i-th process is served (this is denoted by the fact that p i holds in those states). For the sake of readability, edges are marked either by r i , for request(i), or by u i , for unlock(i). Edge labels do not have a semantic value, that is, they are neither part of the structure definition, nor proposition letters; they are simply used to ease reference to edges. Process i is served in state v i , then, after "some time", a transition u i from v i to v i is taken; subsequently, process i cannot be served again immediately, as v i is not directly reachable from v i (the scheduler cannot serve the same process twice in two successive rounds). A transition r j , with j = i, from v i to v j is then taken and process j is served. This structure can be easily generalised to an arbitrary number of processes. We now show how some meaningful behavioural properties of the Kripke structure K Sched can be expressed by D| Hom -formulas.
Preliminarily, we observe that the formula len ≥i := D i−1 is satisfied by traces at least i units long, and, analogously, len ≤i := [D] i ⊥ by traces at most i units long. We define len =i := len ≥i ∧ len ≤i .
In all the following formulas, we force the validity of the considered properties over all legal computation sub-intervals by using the modality [D] (all computation sub-intervals are sub-intervals of at least one initial trace of the Kripke structure).
The first formula requires that "at least 2 processes are witnessed in any sub-interval of length at least 5 of an initial trace". Since a process cannot be executed twice in a row, such a formula is satisfied by K Sched : The second formula requires that "in any sub-interval of length at least 11 of an initial trace, process 3 is executed at least once in some states" (non starvation). K Sched does not satisfy it, because the scheduler can postpone the execution of a process ad libitum: The third formula requires that "in any sub-interval of length at least 6 of an initial trace, p 1 , p 2 , and p 3 are all witnessed". The only way to satisfy this property would be to force the scheduler to execute the three processes in a strictly periodic manner (strict alternation), that is, p i p j p k p i p j p k p i p j p k · · · , for i, j, k ∈ {1, 2, 3} and i = j = k = i, but K Sched does not meet such a requirement: Finally, we write two formulas expressing safety properties: "it is never the case that processes 1 and 2 are executed consecutively", and "it is never the case that a state where process 1 is executed, is reached". Neither of these is satisfied: We now show how, by slightly modifying the satisfiability checking procedure given in Section 3, it is possible to obtain an automata-theoretic MC algorithm for D| Hom -formulas over finite Kripke structures K . Let G min ϕ = (Rows min ϕ , ⇒ min ϕ ) be the finite graph of Definition 3.15 associated with the D| Hom -formula ϕ. We first show that it is possible to construct a standard deterministic finite automaton (DFA)Ñ ϕ over the alphabet 2 AP with set of states Rows min ϕ , which accepts all and only the non-empty finite words over 2 AP that satisfy formula ϕ. Next, given a finite Kripke structure K and a D| Hom -formula ϕ, to check whether K is a model of ϕ, we apply the standard approach to MC taking the synchronous product of K with the automatonÑ ¬ϕ for the negation of the formula ϕ (K ×Ñ ¬ϕ for short). K ×Ñ ¬ϕ accepts all and only the initial traces of K that violate the property ϕ. Hence, K is a model of ϕ if and only if the language accepted by K ×Ñ ¬ϕ is empty.
We now provide the technical details. A nondeterministic finite-state automaton (NFA) is a tuple N = (Σ, Q, q 1 , δ, F ), where Σ is a finite alphabet, Q is a finite set of states, q 1 ∈ Q is the initial state, δ : Q × Σ → 2 Q is the transition function, and F ⊆ Q is the set of accepting states. Given a finite word w over Σ, with |w| = n, a computation of N over w is a finite sequence of states q 1 , . . . , q n+1 such that q 1 = q 1 , and for all i ∈ [0, n−1], q i+2 ∈ δ(q i+1 , w[i]). The language L(N ) accepted by N consists of the finite words w over Σ such that there is a computation over w ending in some accepting state. A deterministic finite-state automaton (DFA) is an NFAÑ = (Σ,Q,q 1 ,δ,F ) such that for all (q, c) ∈Q × Σ,δ(q, c) is a singleton. Let K = (AP , W, E, µ, s 0 ) be a finite Kripke structure and N = (2 AP , Q, q 1 , δ, F ) be an NFA. The synchronous product of K and N (denoted by K × N ) is the NFA (2 AP , W × Q, (s 0 , q 1 ), δ , W × F ), where for all (s, q) ∈ W × Q and P ∈ 2 AP , δ ((s, q), P ) = ∅ if P = µ(s), and δ ((s, q), P ) is the set of pairs (s , q ) ∈ W × Q such that (s, s ) ∈ E and q ∈ δ(q, P ) otherwise. It can be easily seen that K × N accepts all and only the initial traces of K which are accepted by N .
By exploiting Theorem 3.16, we get the following result, that outlines an automatatheoretic approach to MC for D| Hom . By Theorem 4.7, we get the main result of the section.
Theorem 4.8. The MC problem for D| Hom -formulas (resp., D| Hom, · -formulas) over finite linear orders is in PSPACE. For constant-length formulas, it is in NLOGSPACE.
Proof. By Theorem 4.7, given a finite Kripke structure K and a D| Hom -formula ϕ, K |= ϕ if and only if the language accepted by K ×Ñ ¬ϕ is not empty. Similarly to Algorithm 1 of Section 3, the problem of establishing whether L(K ×Ñ ¬ϕ ) = ∅ can be solved by a nondeterministic algorithm which uses space logarithmic in the number of states of K ×Ñ ¬ϕ and checks whether some accepting state is reachable from the initial one. Since the number of states in K ×Ñ ¬ϕ is linear in the number of states of K and singly exponential in the length of ϕ, and the complexity classes NPSPACE = PSPACE and NLOGSPACE are closed under complementation, the result for D| Hom directly follows. The MC procedure for D| Hom can be easily adapted to D| Hom, · by making use of Definitions 3.18-3.20.
In the next section, we will prove that MC for D| Hom -formulas and D| Hom, · -formulas is PSPACE-hard.

5.
Hardness of MC and satisfiability checking of D| Hom and D| Hom, · formulas over finite linear orders In this section, we provide lower bounds for MC and satisfiability checking for D| Hom (resp., D| Hom, · ) over finite linear orders that match the upper bounds of Theorem 4.8 and Theorem 3.17 (resp., Theorem 3.21).
By a trivial reduction from the problem of (non-)reachability of two nodes in a directed graph, it easily follows that MC for constant-length D| Hom -formulas (resp., D| Hom, ·formulas) is NLOGSPACE-hard. By taking into account the upper bounds given by Theorems 4.8, 3.17, and 3.21, we obtain the following corollary.
Corollary 5.2. MC and satisfiability checking for D| Hom -formulas (resp., D| Hom, · -formulas) over finite linear orders are both PSPACE-complete. Moreover, when the length of the formula is fixed, MC is NLOGSPACE-complete.
The rest of the section is devoted to the proof of Theorem 5.1. We focus on D| Hom . The proof for D| Hom, · is very similar, and thus we omit it.
We prove Theorem 5.1 by means of a polynomial time reduction from a domino-tiling problem for grids with rows of linear length [Har92]. To start with, we fix an instance I of such a problem, which is a tuple I = (C, ∆, n, d init , d final ), where C is a finite set of colors, ∆ ⊆ C 4 is a set of tuples (c down , c left , c up , c right ) of four colors, called domino-types, n > 1 is a natural number encoded in unary, and d init , d final ∈ ∆ are two distinguished domino-types (respectively, the initial and final ones). A grid of I is a mapping f : [1, ] × [1, n] → ∆ for some natural number > 0. Note that each row of a grid consists of n cells and each cell contains a domino type. A tiling of I is a grid f : [1, ] × [1, n] → ∆ satisfying the following additional requirements. It is well known that the problem of checking the existence of a tiling of I is PSPACEcomplete [Har92]. To prove the statement about MC of Theorem 5.1, we show how to construct, in polynomial time, a finite Kripke structure K I and a D| Hom formula Φ I such that there is a tiling of I if and only if K I |= ¬Φ I (Subsection 5.1). As for the claim about satisfiability checking, we explain how to construct, in polynomial time for the given instance I, a D| Hom formula which is satisfiable if and only if there is a tiling of I (Subsection 5.2).
First, we define a suitable encoding of the tilings of I by non-empty finite words over 2 AP , where the set AP of atomic propositions is given by AP = ∆ × [1, n] × {0, 1}. In the following, we identify non-empty finite words w over 2 AP with the induced homogeneous interval models M(w).
We encode the row of a tiling by concatenating the codes of the row's cells starting from the first cell, and by marking the encoding with a tag which is a bit in {0, 1}. Each cell code keeps track of the associated content and position along the row. Formally, a row-code with tag b ∈ {0, 1} is a word over 2 AP of length n having the form {(d 1 , 1, b)} . . . {(d n , n, b)} such that the following holds: • for all i ∈ [1, n − 1], [d i ] right = [d i+1 ] left (row constraint). A sequence ν of row-codes is well-formed if for each non-last row-code in ν with tag b, the next row-code in ν has tag 1 − b for all b ∈ {0, 1} (i.e., the tag changes in moving from a row-code to the next one). Tilings f are then encoded by words over 2 AP corresponding to well-formed concatenations of the codes of the rows of f starting from the first row.
Note that by adding two additional padding colors c L and c R and domino types whose up and down parts are distinct from c L and c R , we can also assume that each partial row-code {(d i , i, b)} . . . {(d j , j, b)}, where i ≤ j, d i = d init if i = 1, and d j = d final if j = n, can always be extended to a whole row-code. 5.1. PSPACE-hardness for MC against D| Hom . Let as define an initialized well-formed sequence of row-codes as a sequence whose first symbol is {(d init , 1, 0)}). By construction, the following result trivially holds.
Proposition 5.4. A finite Kripke structure K I over 2 AP such that the initial traces w of K correspond to the non-empty prefixes of the initialized well-formed sequences of row-codes can be built in time polynomial in the size of I.
We now construct in polynomial time a D| Hom formula Φ I such that, given a non-empty prefix w of an initialized well-formed sequence of row-codes, w is a model of Φ I if and only if w has some prefix encoding a tiling of I. Hence, by Proposition 5.4, there exists a tiling of I if and only if there is some initial trace w of K I such that K I , w |= Φ I if and only if K I |= ¬Φ I .
Let w be a non-empty prefix of an initialized well-formed sequence of row-codes. Formula Φ I must enforce the acceptance requirement and the column constraint between adjacent row-codes. For acceptance, it suffices to force w to visit some position where proposition (d final , n, b) holds for some tag b ∈ {0, 1}. This can be done with the following D| Hom formula: For the column constraint, it suffices to ensure the following requirement. where len =n+1 is the formula D n ∧ [D] n+1 ⊥ capturing the infixes of length n + 1. The desired formula Φ I is given by ϕ final ∧ ϕ C . This concludes the proof of the statement about MC of Theorem 5.1 (assuming the -semantics).
5.2. PSPACE-hardness for D| Hom satisfiability checking. For an instance I of the considered domino-tiling problem, we construct in polynomial time a D| Hom formula Ψ I (under the -semantics) such that I has some tiling if and only if Ψ I is satisfiable.
To build the formula Ψ I , we exploit as conjuncts the two D| Hom formulas ϕ final and ϕ C , ensuring the acceptance requirement and the column constraint, respectively, given in Subsection 5.1. Additionally, we introduce as a third conjunct in the definition of Ψ I , the D| Hom formula ϕ wf , which, intuitively, "emulates" the behaviour of the Kripke structure K I in Proposition 5.4. Thus, Ψ I := ϕ wf ∧ ϕ final ∧ ϕ C .
The models of ϕ wf are all and only the non-empty finite words w over 2 AP satisfying the following condition: either w or its reverse w R coincides with the infix η of some well-formed sequence of row-codes such that (i) η visits some cell code with cell index 1 and content d init , and (ii) η contains some row-code. By construction (see Subsection 5.1), in both cases (w = η or w R = η) the conjunct ϕ C in the definition of Ψ I enforces the column constraint on η. Moreover, our assumption on the instance I (see Remark 5.3) entails that the d final -positions in η follow the d init -positions. This ensures that (i) for each model w of ψ I , either w or its reverse w R has an infix encoding a tiling of I, and (ii) each tiling of I is a model of Ψ I .