theory.stanford.edutheory.stanford.edu/~sipma/papers/cade05l.pdf · The Decidability of the...

The Decidability of the First-order Theory ofKnuth-Bendix Order

Ting Zhang, Henny B. Sipma, Zohar Manna?

Computer Science DepartmentStanford University

Stanford, CA 94305-9045{tingz,sipma,zm}@theory.stanford.edu

Abstract. Two kinds of orderings are widely used in term rewriting andtheorem proving, namely recursive path ordering (RPO) and Knuth-Bendixordering (KBO). They provide powerful tools to prove the termination ofrewriting systems. They are also applied in ordered resolution to prunethe search space without compromising refutational completeness. Solv-ing ordering constraints is therefore essential to the successful applicationof ordered rewriting and ordered resolution. Besides the needs for deci-sion procedures for quantifier-free theories, situations arise in constraineddeduction where the truth value of quantified formulas must be decided.Unfortunately, the full first-order theory of recursive path orderings is un-decidable. This leaves an open question whether the first-order theory ofKBO is decidable. In this paper, we give a positive answer to this questionusing quantifier elimination. In fact, we shall show the decidability of atheory that is more expressive than the theory of KBO.

1 IntroductionTwo kinds of orderings are widely used in term rewriting and theorem prov-

ing. One is recursive path ordering (RPO) which is based on syntactic precedence[9]. The other is Knuth-Bendix ordering (KBO) which is of hybrid nature; it re-lies on numerical values assigned to symbols as well as syntactic precedence[13]. In ordered term rewriting, a strategy built on ordering constraints can dy-namically orient an equation, at the time of instantiation, even if the equationis not uniformly orientable. This provides a powerful tool to prove the ter-mination of rewriting systems [6]. In ordered resolution and paramodulation,ordering constraints are used to select maximal literals to perform resolution.It also serves as enabling conditions for inference rules and such conditionscan be inherited from previous inferences at each deduction step. This helpsto prune redundancy of the search space without compromising refutationalcompleteness [25].

Solving ordering constraints is therefore essential to the successful applica-tion of ordered rewriting and ordered resolution. The decision procedures for? This research was supported in part by NSF grants CCR-01-21403, CCR-02-20134,

CCR-02-09237, CNS-0411363, and CCF-0430102, by ARO grant DAAD19-01-1-0723,and by NAVY/ONR contract N00014-03-1-0939.

quantifier-free constraints of both types of orderings have been well-studied[3, 12, 23, 22, 24, 14, 15]. However, situations arise where we need to decide thetruth values of quantified formulas on those orderings, especially in the ∃∗∀∗fragment. Examples include checking the soundness of simplification rules inconstrained deduction [7]. Unfortunately, the full first-order theory of recursivepath orderings is undecidable [28, 7] except for the special case where the lan-guage only has unary functions and the precedence order is total [21]. Until nowit has been an open question whether the first-order theory of Knuth-Bendixorder is decidable (RTA open problem ] 99). Here we answer this questionaffirmatively by showing that an extended theory of term algebras with Knuth-Bendix order admits quantifier elimination.

The basic framework is the combination of term algebras with Presburgerarithmetic. The extended language has two sorts; the integer sortZ and the termsort TA. Intuitively, the language is the set-theoretic union of the language ofterm algebras and the language of Presburger arithmetic. Formulas are formedfrom term literals and integer literals using logical connectives and quantifica-tions. The combination is tightly coupled in the following sense. We have aweight function mapping terms to integers as well as various boundary functionsmapping integers to terms. In addition, the Knuth-Bendix order is expandedin two directions. First, the order is decomposed into three disjoint subordersdepending on which of three conditions is used in the definition. Secondly, allorders (including the suborders) are extended to gap orders, which assert theleast number of distinct objects between two terms. Moreover, as Knuth-Bendixorder is recursively defined on a lexicographic extension of itself, gap ordersare extended to tuples of terms. Thus we actually establish the decidability of aricher theory.

Related Work and Comparison. Presburger arithmetic (PA) was first shownto be decidable in 1929 by the quantifier elimination method [10]. Efficientalgorithms were later discovered by Cooper [8] and further improved in [26].

The decidability of the first-order theory of term algebras was first shownby Mal’cev using quantifier elimination [20]. This result was proved again laterin different settings [19, 5, 11, 4, 2, 27, 17, 18, 29, 30].

Quantifier elimination has been used to obtain decidability results for var-ious extensions of term algebras. [19] shows the decidability of the theory ofinfinite and rational trees. [4] presents an elimination procedure for term alge-bras with membership predicate in the regular tree language. [2] presents anelimination procedure for structures of feature trees with arity constraints. [27]shows the decidability of term algebras with queues. [18] shows the decidabil-ity of term powers, which are term algebras augmented with coordinatewise-defined predicates. [29] extends the quantifier elimination procedure in [11] forterm algebras with constant weight function.

The decidability of the theory of RPO has been well-studied. [3] proves thedecidability of the quantifier-free theory of total lexicographic path ordering(LPO, a variant of RPO). A similar result holds for RPO [12]. [23] (resp. [22])establishes the NP-completeness for the quantifier-free theory of LPO (resp.

2

RPO). A more efficient algorithm for the quantifier-free theory of RPO is givenin [24]. [28, 7] show the undecidability of the first-order theory of LPO and theundecidability of the first-order theory of RPO in case of partial precedence. Thedecidability of the first-order theory of RPO (LPO) in case of unary signatureand total precedence is due to [21]. The decidability of the first-order theory ofRPO in case of total precedence remains open.

Recently some partial decidability results for the theory of KBO have beenobtained. [14] shows the decidability of the quantifier-free theory of term alge-bras with KBO. [15] improves the algorithm and shows that the quantifier-freetheory of KBO is NP-complete. Analogous to [21], [16] shows the decidabilityof the first-order theory of KBO in the case where all functions are unary.

In this paper, we show the general decidability result for an extended theoryof KBO with arbitrary function symbols and weight functions. The methodcombines the extraction of integer constraints from term constraints with areduction of quantifiers on term variables to quantifiers on integer variables.Paper Organization. Section 2 defines term algebras. Section 3 introduces thetheory of term algebras with Knuth-Bendix ordering and presents the technicalmachinery for eliminating quantifiers. Section 4 presents the main contributionof this paper: it expands the elimination procedure in [29] for the extendedtheory of KBO and proves its correctness. Section 5 briefly explains how toadapt the elimination procedure to the special case where the language containsa unary function of weight 0. Section 6 concludes with some ideas for futurework. Due to space limitation all proofs have been omitted from this paper. Anextended version of this paper, which includes a detailed description of notationand terminology, and all proofs, is available from the first author’s webpage.

2 Term AlgebrasWe present a general language and structure of term algebras. In this paper

we assume that the signature of our language is finite. For notation convenience, wedo not distinguish syntactic terms in the language from semantic terms in thecorresponding structure. The meaning should be clear from the context.

Definition 1. A term algebra ATA : 〈TA;C,A,S,T〉 consists of1. TA: The term domain, which exclusively consists of terms recursively built up from

constants by applying constructors. The type of a term t, denoted by type(t), is theoutmost constructor of t. We say that t is α-typed (or is an α-term) if α = type(t).

2. C: A finite set of constructors: α, β, γ, . . . The arity of α is denoted by ar(α).3. A: A finite set of constants: a, b, c, . . . We requireA , ∅ andA ⊆ C. For a ∈ A,

ar(a) = 0 and type(a) = a.4. S: A finite set of selectors. For a constructor αwith arity k > 0, there are k selectors

sα1 , . . . , sαk in S. We call sαi (1 ≤ i ≤ k) the ith α-selector. For a term x, sαi (x) returns

the ith component of x if x is an α-term and x itself otherwise.5. T : A finite set of testers. For each constructor α there is a corresponding tester Isα.

For a term x, Isα(x) is true if and only if x is an α-term. Note that for a constant a,Isa(x) is just x = a. In addition there is a special tester IsA such that IsA(x) is trueif and only if x is a constant.

3

We use LTA to denote the language of term algebras.

Proposition 1 (Axiomatization of Term Algebras). Let zα abbreviate z1,. . . ,zar(α).The following formula schemes, in which variables are implicitly universally quantifiedover TA, axiomatize Th(ATA).

A1. t(x) , x, if t is built solely by constructors and t properly contains x.A2. α(x1 . . . , xar(α)) , β(y1, . . . , yar(β)), if α, β ∈ C and α . β.A3. α(x1, . . . , xar(α)) = α(y1, . . . , yar(α))→

∧

1≤i≤ar(α) xi = yi.A4. Isα(x)↔ ∃ zαα(zα) = x, if α ∈ C \ A; Isa(x)↔ x = a, if a ∈ A.A5. IsA(x)↔

∨

a∈A Isa(x).A6. sαi (x) = y↔ ∃zα

(

α(zα) = x ∧ y = zi))

∨(

∀zα(α(zα) , x) ∧ x = y)

.

This set of axioms is a variant of the axiomatization given in [11].

Selectors and testers can be defined by constructors and vice versa. Onedirection has been shown by (A4-A6), which are pure definitional axioms. Theother direction follows from the equivalence of

∧ki=1 sαi (x) = xi ∧ Isα(x) and

x = α(x1, . . . , xk). For simplicity, from now on we assume LTA only has selectorfunctions, and we use x = α(x1, . . . , xk) only in discussions at the semantic level.

We write α = (sα1 , . . . , sαk ) (k > 0) to mean that α is a constructor of arity k,

and sα1 , . . . , sαk are the corresponding selectors of α. We use L to denote selector

sequences. If L = s1, . . . , sn, Lx stands for s1(. . . (sn(x) . . .)), and we say that thedepth of x in Lx is n. The depth of x in a formula ϕ is the maximum depth of x inthe selector terms in ϕ, denoted by depthϕ(x).

3 Term Algebras with Knuth-Bendix OrderIn this section we introduce the theory of term algebras with KBO and present

the technical machinery needed in the quantifier elimination procedure.Let Σ be a finite signature in the constructor language (i.e., Σ = C in Def.

1) and W : Σ → N a weight function. We expand dom(W) to TA by recursivelydefining W(α(t1, . . . , tk)) =W(α)+

∑ki=1 W(ti). Let ≺Σ be a linear precedence order

on symbols inΣ. We enumerate all symbols in the decreasing≺Σ-order such thatα1 �

Σ α2 �Σ . . . �Σ α|Σ|.

Definition 2 (Knuth-Bendix Order [13]). A Knuth-Bendix order (KBO) ≺kb (pa-rameterized with a weight function W and a precedence order ≺Σ) is defined recursivelysuch that for u, v ∈ TA, u ≺kb v if and only if one of the following conditions holds:(i) W(u) < W(v), (ii) W(u) = W(v) and type(u) ≺Σ type(v), (iii) W(u) = W(v),u ≡ α(u1, . . . , uk), v ≡ α(v1, . . . , vk) and

(∃i)[

1 ≤ i ≤ k ∧ ui ≺kb vi ∧ ∀ j(1 ≤ j < i→ u j = v j)

]

. (1)

The KBO ≺kb is a well-founded total order on TA [13, 1]. To guarantee well-foundedness, two compatibility conditions for W and ≺Σ are required: (i) W(a) > 0for any constant a, and (ii) a unary function of weight 0, if present, should bethe maximum in ≺Σ. Let us denote by ⊥ the smallest term with respect to ≺kb.

4

It follows from (i) and (ii) that ⊥ must be an atom and so it can be determinedwhen W and ≺Σ are given. By (ii) if a unary function of weight 0 exists, it mustbe unique. For presentation simplicity, we assume that W(α1) > 0. However, theexistence of such function actually simplifies our decision procedure. We deferthe discussion to Sec. 5.

Definition 3. The structure of term algebras with KBO is Akb = 〈ATA;≺kb〉. Let Lkb

denote the language of Akb.

3.1 Proof PlanWe shall show the decidability of Th(Akb) by quantifier elimination. The

procedure relies on the following two ideas: solved form and depth reduction.

1. Solved Form. A quantifier-free formula ϕ(x, y) is solved in x if it is in the form∧

i≤m

ui ≺kb x ∧

∧

j≤n

x ≺kb v j ∧ ϕ′(y), (2)

where x does not appear in ui, vi andϕ′. It is not hard to argue that (∃x)ϕ(x, y)simplifies to

∧

i≤m, j≤n

ui ≺kb2 v j ∧ ϕ′(y) (3)

where ≺kbn , called gap order, is an extension of ≺kb such that x ≺kb

n y statesthere is an increasing chain from x to y with at least n−1 elements in between[10, page 196]. It is clear that the elimination of ∃x, the transformation from(2) to (3), becomes straightforward once the matrix ϕ(x, y) is solved in x, orequivalently, depthϕ(x) = 0. That leads us to the notion of depth reduction.

2. Depth Reduction. Let us first consider the simple case where x is α-typed fora proper constructor α and all occurrences of x have depth greater than 0.By introducing new variables x1, . . . , xar(α) (called the descendants of x) torepresent x, we can rewrite ∃xϕ(x, y) to

∃x1, . . . ,∃xar(α)ϕ′(x1, . . . , xar(α), y), (4)

where ϕ′(x1, . . . , xar(α), y) is obtained from ϕ(x, y) by substituting xi for sαi x(1 ≤ i ≤ ar(α)). It is clear that depthϕ′ (xi) < depthϕ(x). If all occurrences ofx have the same depth, then by repeating the process we can generate aformula solved in x∗ where x∗ are descendants of x. A difficulty arises whennot all occurrences of x have equal depth. So eventually we meet the situationwhere some occurrences of x have depth 0 and some do not. Here we haveto represent all occurrences of x of depth 0 in terms of sα1 (x), . . . , sαar(α)(x).This amounts to reducing literals of the form x ≺kb

n t and literals of the formt ≺kb

n x to quantifier-free formulas using sα1 (x), . . . , sαar(α)(x). After that wecan introduce new variables and do quantifier manipulation just as in thesimple case to bring ∃xϕ(x, y) into the form of (4). Therefore depth reductionessentially depends on the reduction of x ≺kb

n t and reduction of t ≺kbn x. In

order to carry out the reduction we need to extend the language as follows.

5

(a) We decompose ≺kb into three disjoint suborders ≺w, ≺p and ≺l, each ofwhich is also extended to gap orders.

(b) We introduce Presburger arithmetic explicitly in order to define countingconstraints to count how many distinct terms there are at certain weight,and define boundary functions to delineate gap orders.

(c) The reduction of literals like x ≺kbn t or t ≺kb

n x eventually comes downto resolving relations between two terms of the same weight and of thesame type. So we need to extend all aforementioned notions to tuplesof terms of the same total weight.

In the rest of this section we define these extensions.

3.2 Decomposition of Knuth-Bendix OrderDefinition 4. A Knuth-Bendix order≺kb can be decomposed into three disjoint orders,a weight order ≺w, a precedence order ≺p, and a lexicographical order ≺l, asfollows:

u ≺w v⇔W(u) < W(v),u ≺p v⇔W(u) =W(s) & type(u) ≺Σ type(v),u ≺l v⇔W(u) =W(v) & type(u) = type(v) & u ≺kb v,

such that u ≺kb v is equivalent to u ≺w v ∨ u ≺p v ∨ u ≺l v. We write u ≺pl v as anabbreviation for u ≺p v ∨ u ≺l v.

3.3 Gap OrdersTo express formulas of the form ∃x(u ≺] x ≺] v) in a quantifier-free language

we need to extend all aforementioned orders to “gap” orders.

Definition 5 (Gap Orders). Define ≺kbn (n ≥ 0) such that

u ≺kbn v↔ (∃u1, . . . ,∃un)

[

u ≺kb u1 ≺kb . . . ≺kb un �

kb v]

.

For ] ∈ {w, p, l, pl}, define ≺]n such that u ≺]n v ↔ u ≺kbn v ∧ u ≺] v, and u �]n v such

that (u ≺]n v) ∧ ¬(u ≺]n+1 v).

A gap order u ≺]n v (n ≥ 1) states that “u is less than v w.r.t. ≺], and there areat least n − 1 elements in between.” Similarly, u �]n v (n ≥ 1) states that “u is lessthan v w.r.t. ≺], and there are exactly n− 1 elements in between”. Note that ≺]1 isjust ≺], ≺]0 is �], �]0 is =, and we have u ≺]n v↔ u ≺]n+1 v ∨ u �]n v.

Example 1. The formula ∃x(u ≺l x ≺l v) reduces to u ≺l2 v if u, v do not contain x.

3.4 Boundary FunctionsConsider the formula u �w

1 v. Intuitively it states “W(u) < W(v) and thereare no terms z such that u ≺kb z ≺kb v, that is, u is the largest term of weightW(u) and v is the smallest term of weight W(v)”. To express this we introduceboundary functions.

6

Definition 6 (Boundary Functions). Let n, p > 0. The following functions are calledboundary functions:

1. 0w :N→ TA such that 0w(n) is the smallest term (w.r.t. ≺kb) of weight n,2. 0p :N2 → TA such that 0p(n, p) is the smallest term (w.r.t. ≺kb) of weight n and

type αp,

where, for all of the above, f (n) = ⊥ and f (n, p) = ⊥, if no such term exists.

Similarly we define 1w :N → TA and 1p :N2 → TA as the largest terms withthe corresponding properties. We write 0](...) for 0](. . .) and 1](...) for 1](. . .). Termshaving one of these functions as root symbol are called boundary terms. A literalof the form u ? v, where ? is either equality or a gap order, is open if both uand v are ordinary terms in TA, closed if both u and v are boundary terms, andhalf-open otherwise.

3.5 Integer Extension of Term AlgebrasTo be able to express the boundary terms in the formal language, we extend

term algebras with Presburger arithmetic (PA).

Definition 7. The structure of term algebras with integers is AZTA = 〈ATA;AZ;(.)w〉,where AZ is Presburger arithmetic and (.)w denotes the weight function.

We call terms of sort TA (resp. Z) TA-terms (resp. integer terms), similarlyfor variables and quantifiers. We also use “term” for “TA” when there is noconfusion. A TA-term can occur inside the weight function. Such occurrenceis called integer occurrence to be distinguished from the normal term occurrence.From now on, we freely use integer terms tw to form Presburger formulas, andwe use depthϕ(x) to denote the maximum depth of term occurrences of x in ϕ.

Example 2. The formula (∃x : TA)[

0w(xw) ≺

pl x ≺pl 1w(xw)

]

states that there exists aterm t ∈ TA such that there are at least three elements with the same weight as t(including t itself). Note that the first and the third occurrences of x are integralwhile the second one is an ordinary term.

The truth value of the formula in Ex. 2 relies on the number of distinct TA-termsof a certain weight. This is the essential use of Presburger arithmetic.

Definition 8 (Counting Constraint). A counting constraint is a predicate CNTαn(z)that states there are at least n+1 different α-terms of weight z. CNTn(z) is similarlydefined with α-terms replaced by TA-terms. We write Treeα (resp. Tree) for CNTα0(resp. CNT0).

Counting constraints play a central role in our elimination procedure; it helpsreduce term quantifiers to integer quantifiers.

Example 3. The formula from Ex. 2 is reduced to (∃z :Z) CNT2(z).

It was proved in [14, 29] that counting constraints can be expressed in PA.

7

Example 4. Consider AZlist = (Alist;AZ; (.)w) where Alist = 〈list, cons, car, cdr, a〉 isthe LISP list structure with the only atom a, and (.)w is a constant weight functionequal to 1. It has been shown in [30] that CNTcons

n (x) is x ≥ 2m− 1∧ 2 - m wherem is the least number such that the m-th Catalan number Cm =

1m(2m−2

m−1)

is greaterthan n. This is not surprising as Cm gives the number of binary trees with mleaves (that tree has 2m − 1 nodes).

3.6 Extension of Knuth-Bendix OrderDefinition 9. The structure of term algebras with KBO, extended with gap orders,boundary functions and Presburger arithmetic, is

AZkb+ = 〈Akb; AZ; ≺]n,�

]n, ] ∈ {kb,w, p, l, pl}, n ≥ 0; 0∗(...), 1

∗(...), ∗ ∈ {w, p}〉.

We denote by Lkb+ the language extending Lkb with gap orders and bound-ary terms and by LZ the language of Presburger arithmetic (including weightfunctions on terms). The complete language is denoted by L Z

kb+ .3.7 Tuples of Terms

The extensions for tuples of terms are defined as follows:

Definition 10 (Orders on Tuples). Let u = 〈u1, . . . , uk〉, v = 〈v1, . . . , vk〉 such thatΣk

i=1W(ui) = Σki=1W(vi). The lexicographical extension ≺k;kb (k ≥ 1) of ≺kb on k-tuples

of the same weight is defined such that u ≺k;kb v if and only if (1) holds.

Definition 11 (Suborders on Tuples). Let u = 〈u1, . . . , uk〉, v = 〈v1, . . . , vk〉 ∈ TAk,] ∈ {w, p, l, pl}. We define those composite orders on tuples as follows.

u ≺k;] v↔ u1 ≺] v1 ∨ (u1 = v1 ∧ 〈u2, . . . , uk〉 ≺

k−1;kb 〈v2, . . . , vk〉)

We say that u ≺k;] v is proper if u1 ≺] v1 and we have u ≺k;kb v↔ u ≺k;w v ∨ u ≺k;p

v ∨ u ≺k;l v.

Definition 12 (Gap Orders between Tuples). We define ≺k;kbn (k ≥ 1; n ≥ 0) such

thatu ≺k;kb

n v↔ (∃u1, . . . ,∃un :TAk)[

u ≺k;kb u1 ≺k;kb . . . ≺k;kb un �

k;kb v]

.

For ] ∈ {w, p, l, pl}, define ≺k;]n such that u ≺k;]

n v↔ u ≺k;kbn v ∧ u ≺k;] v, and u �k;]

n vsuch that (u ≺k;]

n v) ∧ ¬(u ≺k;]n+1 v). Again note that ≺k;]

1 is just ≺k;], ≺k;]0 is �k;], �k;]

0 is=, and u ≺k;]

n v↔ u ≺k;]n+1 v ∨ u �k;]

n v.

Definition 13 (Tuple Boundary Functions). Let k, n,m, p > 0. Define partial func-tions:

1. 0k;kb :N→ TAk (k ≥ 1) such that 0k;kb(n) is the smallest k-tuple (w.r.t. ≺k;kb) ofweight n.

2. 0k;w :N2→TAk (k ≥ 1) such that 0k;w(n,m) is the smallest k-tuple (w.r.t. ≺k;kb) ofweight n and the first component has weight m.

3. 0k;p :N3→TAk (k ≥ 1) such that 0k;p(n,m, p) is the smallest k-tuple (w.r.t. ≺k;kb) ofweight n and the first component has weight m and type αp.

8

Similarly we define 1k;kb : N → TAk, 1k;w : N2 → TAk and 1k;p : N3 → TAk

to be the largest k-tuples with the corresponding properties. As before thesefunctions are made total by assigning 〈⊥, . . .⊥〉 to undefined values. We write0k;]

(...) for 0k;](. . .) and 1k;](...) for 1k;](. . .). Terms having one of these functions as root

symbol are called boundary tuples. As before we call a literal u ? v open if bothu and v are ordinary tuples, closed if both u and v are boundary tuples, andhalf-open otherwise.

To avoid unnecessary complications, we choose to treat tuples (includingboundary tuples) as “syntactic sugar”; they are only used in the intermediatesteps of the reduction. Lemma 5 shows that literals containing tuples can bereduced to formulas in L Z

kb+ .

3.8 Delineated Gap Order CompletionRevisiting the transformation from (2) to (3), we see that the number of gap

orders in (3) is quadratic in the number of gap orders in (2). This complicatesthe termination proof for the elimination procedure. Nevertheless, we can avoidthis difficulty by postulating the relative positions of parameters. This leads tothe notion of order completion.

Definition 14 (Gap Order Completion). A gap order completion (GOC) ϕ′ of aconjunction of literalsϕ(t1, . . . , tn) is chain t f (1) � . . . � t f (n),where f is a permutationfunction on {1, . . . , n} and � stands for =, �]n or ≺]n (] ∈ {w, p, l, pl}, n ≥ 1).

Example 5. A possible GOC of ϕ(x, y, z) : x ≺w9 y∧ x ≺pl z∧ z ≺w y is x ≺pl

5 z ≺w4 y.

However, gap order completions are not sufficient. It is quite clear to see(∃x : TA)[u ≺w x ≺p v] implies u ≺w

2 v. But for the converse to hold, v , 0w(vw)

is required. As another example, (∃x : TA)[u ≺p x ≺p v] implies u ≺p2 v, but not

vice versa. In order to preserve equivalence, intuitively, we need to “delineate”a GOC to make sure ordinary terms in different intervals (a notion to be defineprecisely soon) are not related in any gap orders. For example, consider thelinear order x1 ≺

wn1

x2 ≺pn2

x3 ≺ln3

x4 The order imposed may be viewed asfollows

•⊥

•x1

•x2

•x3

•x4

p−intvl�

oo p−intvl �

// p−intvl�

oo p−intvl �

// p−intvl�

oo p−intvl �

//

w−intvl�

oo w−intvl�

// w−intvl�

oo w−intvl�

//

The weight of x1 is strictly lower than that of x2, x3, and x4. The weight ofx2, x3, and x4 is the same, but the precedence of x2 is lower than that of x3 andx4. Finally, x3 is smaller than x4 in the lexicographic order. We call a maximallist of elements with the same weight a w-interval, and similarly a maximal listof elements with the same weight and precedence order a p-interval. Thus, thesecond w-interval above has two inner p-intervals.

We want to avoid relating ordinary elements at different levels in differentintervals. Therefore we augment the gap order completion with boundary terms,called a delineated gap order completion.

9

Definition 15 (Delineated Gap Order Completion). A delineated gap order com-pletion (DGOC) is a GOC in which if there occurs the following pattern v1 �

]n1

u�\n2

v2,where n1, n2 > 0, � stands for either ≺ or �, ], \ ∈ {w, p, l, pl}, and u is an ordinaryterm in Lkb, then either ] ≡ \ ≡ pl or ] ≡ \ ≡ l. I.e., ordinary terms do not delineatetwo intervals unless they are asserted equal to boundary terms.

Example 6. Revisit Ex. 5. A possible DGOC of ϕ(x, y, z) is

ϕ′(x, y, z) : 0w(xw) ≺

pl1 x ≺pl

5 z ≺pl2 1w

(xw)︸︷︷︸

w-interval

≺w1 0w

(yw) ≺pl1 y ≺pl

1 1w(yw)

︸︷︷︸

w-interval

Now we have (∃z :TA)ϕ′(x, y, z)↔ 0w(xw) ≺

pl1 x ≺pl

7 1w(xw) ≺

w1 0w

(yw) ≺pl1 y ≺pl

1 1w(yw).

Lemma 1 (Delineated Gap Order Completion). Any conjunction of positive lit-erals in Lkb+ is equivalent to a finite disjunction of delineated gap order completions.

Now we state a sequence of lemmas which will justify the elimination pro-cedure given in the next section. These lemmas share the following commonfeatures: (i) they state the soundness of symbolic transformations for formulasin primitive form, a special prenex form where the prefix only consists of exis-tential quantifiers and the matrix is a conjunction of literals; (ii) a formula ϕ istransformed to a finite disjunction

∨

i ϕi where for any i, ϕi is in primitive formand the matrix of ϕi contains no more open gap order literals than that of ϕdoes. To save space, we omit these conditions in the description of each lemma.

In principle, boundary terms can appear in the weight function or in selec-tors, selector terms can occur in the weight function, and the weight functioncan be used to construct boundary terms. Repeating this process we can buildmore and more complex terms. The following lemma eliminates this superficialcomplication. From now on, we assume that boundary terms are not properlyembedded in other terms.

Lemma 2 (Depth Reduction of Boundary Terms). Any formula in L Zkb+ can be

effectively reduced to an equivalent formula in which no boundary terms appear insideselectors or the weight function.

The following lemma states that we can always assume that all term occur-rences of a TA-variable have the same depth, and hence we are able to reducethem all together to depth 0.

Lemma 3 (Depth Reduction). Let? ∈ {≺kbn ,≺

wn ,≺

pn,≺

ln,≺

pln ,�

kbn ,�

wn ,�

pn,�

ln,�

pln }. If

x is of type αp with αp = (sαp

1 , . . . , sαp

k ) and t is an arbitrary term, then x ? t (t ? x)can be effectively reduced to an equivalent quantifier-free formula ϕ(sαp

1 x, . . . , sαp

k x) (inL Z

kb+ ) in which x does not appear and sαp

i x (1 ≤ i ≤ k) is not inside selectors.

As we mentioned before, this is the main battlefield of quantifier elimination.To streamline the proof, we introduce the following two lemmas.

Lemma 4 (Term Reduction). Let ? ∈ {≺kbn ,≺

wn ,≺

pn,≺

ln,≺

pln ,�

kbn ,�

wn ,�

pn,�

ln,�

pln }.

10

1. If x is an ordinary term of type αp with αp = (sαp

1 , . . . , sαp

k ) and t is either a boundaryterm or an ordinary term not containing x, then x?t (t?x) can be effectively reducedto an equivalent quantifier-free formula ϕ(sαp

1 x, . . . , sαp

k x) in which x does not occurand s

αp

i x (1 ≤ i ≤ k) is not inside selectors.2. If x?t (t?x) is closed, i.e., both t and x are boundary terms, then it can be effectively

reduced to an equivalent Presburger formula.

Lemma 4 states that literals containing non-atom terms can be expressed onlyusing the components of those terms. The reduction eventually comes down tothe success of decomposing relations between tuples of the same weight, as isstated by the following lemma.

Lemma 5 (Tuple Reduction). Let ? ∈ {≺k;kbn ,≺k;w

n ,≺k;pn ,≺k;l

n ,≺k;pln ,�k;kb

n ,�k;wn ,�k;p

n

,�k;ln ,�

k;pln }, and U,V be k-tuples of the same weight.

1. If U = 〈u1, . . . , uk〉 is an ordinary tuple, then U ? V (V ? U) can be effectivelyreduced to an equivalent quantifier-free formula ϕ(u1, . . . , uk) (in L Z

kb+ ) in whichui (1 ≤ i ≤ k) does not occur inside selectors.

2. If U ? V (V ?U) is a closed tuple, i.e., both U and V are boundary tuples, then itcan be effectively reduced to an equivalent Presburger formula.

Lemma 6 (Elimination of Term Variables). Let x be a term variable, ϕkb+(x) aconjunction of literals in Lkb+ with depthϕkb+

(x) = 0, and ϕZ(x) a Presburger formulain which x occurs inside the weight function. Then (∃x : TA)[ϕkb+(x) ∧ ϕZ(x)] can beeffectively reduced to ϕ′kb+ ∧ ϕ

′Z

in which x does not occur and ϕ′kb+ is quantifier-free.

Lemma 6 states that we can remove term quantifiers by reducing them to integerquantifiers. The next lemma guarantees the elimination of integer quantifiers.

Lemma 7 (Elimination of Integer Variables). Let z be an integer variable, ϕkb+(z)a conjunction of literals in Lkb+ where z occurs inside boundary terms, and ϕZ(z)a Presburger formula. Then (∃z : Z)[ϕkb+(z) ∧ ϕZ(z)] can be effectively reduced toϕ′kb+ ∧ ϕ

′Z

where no z occurs and ϕ′kb+ is quantifier-free.

4 Quantifier Elimination for Th(AZkb+

)In this section we extend the quantifier elimination procedure for Th(AZTA)

[29] to an elimination procedure for Th(AZkb+ ). First we introduce some notationsto simplify the algorithm description.

4.1 Primitive FormIt is well-known that eliminating arbitrary quantifiers reduces to eliminating

existential quantifiers from primitive formulas of the form

(∃x) ϕ(x, y) ≡ (∃x)[

Ai(x, y) ∧ · · · ∧ An(x, y)]

, (5)

where Ai(x, y) are (1 ≤ i ≤ n) literals [11]. We also assume that Ai(x, y) are notof the form x = t in case t does not contain x, as (∃x)[x = t ∧ ϕ′(x, y)] simplifiesto ϕ′(t, y). In addition we can assume Ai are positive literals. The details ofelimination of negation are given in the extended version of this paper.

11

4.2 NondeterminismAll transformations are carried out on formulas of the form (5). Each step

of the transformations manipulates (5) to produce a version of the same form(or multiple versions of the same form in case disjunctions are introduced), andthus in each step (∃x)ϕ(x, y) refers to the updated version rather than to theoriginal input formula. Whenever we say “guess ψ”, we mean to add a finitedisjunction

∨

i ϕi, which is valid in the context and contains ψ as a disjunct, toϕ(x, y). It should be understood that an implicit disjunctive splitting is carriedout and we work on each resultant “simultaneously”.

4.3 Type CompletionWe say a selector term sαi (t) is proper if Isα(t) holds. We can make selector

terms proper with type information.

Definition 16 (Type Completion). ϕ′ is a type completion of ϕ if ϕ′ is obtainedfrom ϕ by conjoining tester predicates such that for any term t in ϕ, exactly one type oftester predicate Isα(t) (α ∈ C) is in ϕ′.

Example 7. Let α, β ∈ C, α . β and α = (sα1 ). A possible type completion fory = sα1 (x) is y = sα1 (x) ∧ Isβ(x) ∧ Isβ(sα1 (x)) ∧ Isβ(y), which simplifies to y =x ∧ Isβ(x) ∧ Isβ(y) by Axioms (A4) and (A6). Another type completion is y =sα1 (x) ∧ Isα(x) ∧ Isβ(sα1 (x)) ∧ Isβ(y) in which the selector term is proper. As thethird example, a type completion could be y = sα1 (x)∧ Isα(x)∧ Isα(sα1 (x))∧ Isβ(y)which simplifies to false.

We assume that all formulas are type-complete. In particular, all selector termsare (simplified to) proper ones. The reason behind this assumption is that asymbolic transformation can always be carried to replace a non-type-completeformula ϕ by an equivalent finite disjunction of type completions of ϕ. In termsof efficiency, however, one would prefer doing the on-the-fly disjunctive split-ting when the type information of a specific term is needed. We also assume thatevery type completion is sound with respect to types. Certain type completionof ϕ may be contradictory due to type conflicts. For example, IsA(x) ∧ Isα(s(x))(α ∈ C \ A) is unsatisfiable. Nevertheless, unsatisfiable disjuncts will not affectsoundness of the transformation and they can be easily detected and removed.At last, note that we omit listing tester literals unless they are needed for cor-rectness proof.

4.4 Elimination ProcedureThe elimination procedure consists of the following two algorithms:

Algorithm 1 (Elimination of Integer Variables).We assume that formulas with quantifiers on integer variables are in the form

(∃z :Z)[

ϕZ(x, y, z) ∧ ϕkb+(x, y, z)]

, (6)where y, z are integer variables, x are term variables. Note that x may occur insidethe weight function in ϕZ(x, y, z) and y, z may appear inside boundary terms inϕkb+(x, y, z).

Repeatedly apply the following subprocedures (A’) and (B’) to (6) until z = ∅.

12

1. If none of z appears inside any boundary terms, then ϕkb+(x, y, z) is just ϕkb+(x, y),which can be moved out of ∃z. We then obtain

(∃z :Z)[

ϕZ(x, y, z)]

∧ ϕkb+(x, y).

Since (∃z :Z)[ϕZ(x, y, z)] is in LZ, we can proceed to remove the block of existentialquantifiers using Cooper’s method ([8, 26]). In fact, we can defer the eliminationuntil all term quantifiers are gone.

2. If for some z ∈ z, z occurs inside some boundary terms, we eliminate z by Lemma 7.

Algorithm 2 (Elimination of Term Variables).We assume that formulas with quantifiers on term variables are in the form

(∃x :TA)[

ϕkb+(x, y, z) ∧ ϕZ(x, y, z)]

, (7)

where x, y are term variables, z are integer variables. Note that z may occur in-side boundary terms in ϕkb+(x, y, z), and x, y may occur inside weight function inϕZ(x, y, z).

Repeatedly apply the following subprocedures (A) and (B) to (7) until x = ∅.

(A) Depth Reduction. Repeat (a),(b),(c) in the order while (∀x ∈ x) depthϕkb+(x) > 0.

(a) S. Select a α-typed variable x ∈ x for some α = (sα1 , . . . , sαar(α)). This

selection is always possible as depthϕkb+(x) > 0. We require that in the next

run of (a), we choose one of the variables generated by this run of (b). I.e., thevariable selection is done in depth-first manner. This is crucial to guaranteethat a run eventually leaves (A). Let x′ ≡ x \ x.

(b) D. We rewrite (7) to:(

∃ x′, x1, . . . , xar(α), x :TA) [

Isα(x) ∧∧

1≤i≤ar(α)

sαi (x) = xi

∧ ϕkb+(x, y, z) ∧ ϕZ(x, y, z)]

. (8)

(c) S. Exhaustively apply the following simplification rules to ϕkb+

and ϕZ in (8):(1) replace sαi (x) by xi (1 ≤ i ≤ ar(α));(2) replace xw by Σar(α)

i=1 xwi +W(α);

(3) replace x ≺]n t by - ( x ≺]n t );(4) similar for t ≺]n x, x �]n t and t �]n x.The existence of - follows from Lemma 3. Let the resultingformula be(

∃ x′, x1, . . . , xar(α), x :TA) [

Isα(x) ∧∧

1≤i≤ar(α)

sαi (x) = xi

ϕ′kb+(x′, sα1 (x), . . . , sαar(α)(x), y, z) ∧ ϕ′Z(x′, sα1 (x), . . . , sαar(α)(x), y, z)

]

. (9)

It is now clear that if x occurs in ϕ′kb+ and ϕ′Z

it occurs inside some ofsα1 (x), . . . , sαar(α)(x). Since

(

∀x1, . . . , xar(α) :TA)(

∃x :TA)[

Isα(x) ∧∧

1≤i≤ar(α)

sαi (x) = xi]

13

is valid in ATA, we can replace in (9), sα1 (x), . . . , sαar(α)(x), respectively, byx1, . . . , xar(α), and hence remove

∧

1≤i≤ar(α) sαi (x) = xi, Isα(x) together with ∃x,obtaining(

∃ x′, x1, . . . , xar(α) :TA) [

ϕ′kb+(x′, x1, . . . , xar(α), y, z)

∧ ϕ′Z(x′, x1, . . . , xar(α), y, z)]

. (10)

(B) Elimination. Repeat (B) while (∃x ∈ x) depthϕkb+(x) = 0.

Take the x as in the guard condition, guess a DGOC for all terms related with x ingap order literals (by Lemma 1) and then eliminate x by Lemma 6.

Theorem 1. Th(AZkb+) is decidable, and hence so is Th(Akb).

Example 8. Let us go through an example with emphasis on the depth reduction.Due to space limitation, we only show one simple trace of the reduction. Considerin the LISP list structure the following formula

(∃x)[

car(x) ≺l2 cdr(cdr(x)) ∧ cdr(cdr(car(x))) ≺l

3 y]

, (11)

where depth(11)(x) = 3. At the first run of (A), we introduce fresh variablesx1 and x2 to replace car(x) and cdr(x), respectively. By a standard quantifiermanipulation we obtain

(∃x1∃x2)[

x1 ≺l2 cdr(x2) ∧ cdr(cdr(x1)) ≺l

3 y]

, (12)

where depth(12)(x1) = 2 and depth(12)(x2) = 1, both less than depth(11)(x). In thesecond run of (A), we pick x1 and replace x1 ≺

l2 cdr(x2) by car(x1) = car(cdr(x2))∧

cdr(x1) ≺l2 cdr(cdr(x2)) (which is one of several choices). We obtain

(∃x2∃x11∃x12)[

x11 = car(cdr(x2)) ∧ x12 ≺l2 cdr(cdr(x2)) ∧ cdr(x12) ≺l

3 y]

. (13)

At this point we have depth(13)(x11) = 0 and the run enters (B). In this case wecan immediately remove ∃x11, obtaining

(∃x2∃x12)[

x12 ≺l2 cdr(cdr(x2)) ∧ cdr(x12) ≺l

3 y]

, (14)

where depth(14)(x12) = 1 and depth(14)(x2) = 2. At the third run of (A), we selectx12. The run could give us

(∃x2∃x121∃x122)[

x121 = car(cdr(cdr(x2))) ∧ x122 ≺l2 cdr(cdr(x2)) ∧ x122 ≺

l3 y]

, (15)

which as before by (B) simplifies to

(∃x2∃x122)[

x122 ≺l2 cdr(cdr(x2)) ∧ x122 ≺

l3 y]

. (16)

Still we have depth(16)(x122) = 0 which justifies another run of (B). Let us take agap order completion x122 ≺

l2 cdr(cdr(x2)) ≺l

1 y (which again is just one of manychoices) and rewrite (16) to

(∃x2∃x122)[

x122 ≺l2 cdr(cdr(x2)) ≺l

1 y]

. (17)

With the help of boundary functions, (17) reduces to

(∃x2)[

0w((cdr(cdr(x2)))w) ≺

l2 cdr(cdr(x2)) ≺l

1 y]

. (18)

14

The fourth and the fifth runs of (A) (with the same trick of quantifier manipu-lation) give us

(∃x222)[

0w(xw

222) ≺l2 x222 ≺

l1 y]

. (19)

After that the run comes back again to (B) as depth(19)(x222) = 0. Here we haveto reduce term quantifiers to integer quantifiers in that x222 also appears inboundary terms. By Lemma 6, (19) is equivalent to

(∃z)[

0w(z) ≺

l3 y ∧ Treecons(z)

]

, (20)

which simplifies to 0w(yw) ≺

l3 y ∧ Treecons(yw), and in turn to

0w(yw) ≺

l3 y, (21)

as 0w(yw) ≺

l3 y implies Treecons(yw). It is not hard to verify that (21) implies (11) as

desired. (We do not have equivalence because this is just one trace of reduction.)

We note that the depth reduction of a variable is at the expense of increasingthe depth of a term on the other side of a relation. This happens when ϕcontains x ? t (or t ? x) and depthϕ(x) > 0. For example, from (12) to (13), thedepth of x2 increases by 1. Moreover, the depth reduction in general introducesmore existential quantifiers and more equalities in the matrix (e.g., also in thereduction from (12) to (13)). However, in each transformation, the number ofopen gap order literals in each resulting primitive formula is no more than thatin the original (primitive) formula. Moreover, the final elimination procedureremoves at least one open gap order literal if the eliminated variable occurs insuch literals (e.g., from (17) to (18) and from (19) to (20)). When all open gaporder literals are gone, the depths of terms will be strictly decreasing. This forcesthe run to eventually leave (A) and from then on to stay in (B) until all existentialquantifiers are removed.

5 Presence of a 0-weight unary functionAs mentioned earlier, the presence of a unary function α0 of weight 0 in Σ

simplifies the elimination procedure. Intuitively, the existence of α0 makes ≺w

and ≺p dense almost everywhere except around atoms. This follows from thefact that 1w

(m) and 1p(m,p) are undefined (i.e., no maximum) except when αp is an

atom and m =W(αp). Accordingly, if u is not an atom, then for any n ≥ 1, u ≺wn v

(resp. u ≺pn v) is equivalent to u ≺w v (resp. u ≺p v). Also, it suffices for L Z

kb+ toonly have lower boundary functions in order to decompose gap orders. Moredetails are given in the extended version of this paper.

6 ConclusionWe showed the decidability of the first-order theory of term algebras with

Knuth-Bendix order by quantifier elimination. Our method combines the extrac-tion of integer constraints from term constraints with the reduction of quantifierson term variables to quantifiers on integer variables. In fact, we established thedecidability of a much more expressive theory.

15

Two problems related to practical complexity need further investigation.First, as a rule of thumb, more expressive power means higher complexity. Evenif the theoretical complexity bound is the same, in practice the efficiency willbe compromised. It is worthwhile to search for the smallest extension of KBOwhich admits quantifier elimination. Second, the elimination is intrinsicallylimited to processing quantified variables one at a time. We plan to extend themethod in [30] to eliminate a block of quantifiers of the same kind in one step.We believe this will be a significant improvement in pragmatic terms, since inmost applications the quantifier alternation depth is small.

We also plan to investigate the decidability issue of the first-order theory ofKBO in the term domain with variables [13, 1].

7 AcknowledgmentsWe thank Aaron Bradley for his comments on an earlier version of this paper.

We thank the anonymous referees for their careful reading and suggestions.

References1. Franz Baader and Tobias Nipkow. Term Rewriting and All That. Cambridge University Press,

Cambridge, UK, 1999.2. Rolf Backofen. A complete axiomatization of a theory with feature and arity constraints. Journal

of Logical Programming, 24(1&2):37–71, 1995.3. Hubert Comon. Solving symbolic ordering constraints. International Journal of Foundations of

Computer Science, 1(4):387–411, 1990.4. Hubert Comon and Catherine Delor. Equational formulae with membership constraints. Infor-

mation and Computation, 112(2):167–216, 1994.5. Hubert Comon and Pierre Lescanne. Equational problems and disunification. Journal of Symbolic

Computation, 7:371–425, 1989.6. Hubert Comon and Ralf Treinen. Ordering constraints on trees. In Proceedings of the 19th

International Colloquium on Trees in Algebra and Programming (CAAP’94), volume 787 of LectureNotes in Computer Science, pages 1–14, Edinburgh, U.K., Apr 1994. Springer-Verlag.

7. Hubert Comon and Ralf Treinen. The first-order theory of lexicographic path orderings isundecidable. Theoretical Computer Science, 176(1-2):67–87, 1997.

8. D. C. Cooper. Theorem proving in arithmetic without multiplication. In Machine Intelligence,volume 7, pages 91–99. American Elsevier, 1972.

9. Nachum Dershowitz. Orderings for term-rewriting systems. Theoretical Computer Science, 7:279–301, 1982.

10. H. B. Enderton. A Mathematical Introduction to Logic. Academic Press, 2001.11. Wilfrid Hodges. Model Theory. Cambridge University Press, Cambridge, UK, 1993.12. Jean-Pierre Jouannaud and Mitsuhiro Okada. Satisfiability of systems of ordinal notation with

the subterm property is decidable. In Proceedings of the 18th International Colloquium on Automata,Languages and Programming (ICALP’91), volume 510 of Lecture Notes in Computer Science, pages455–468. Springer-Verlag, 1991.

13. Donald E. Knuth and Peter Bendix. Simple word problems in universal algebras. In Computa-tional Problems in Abstract Algebra, pages 263–297. Pergamon Press, 1970. Reprinted in Automationof Reasoning, Vol. 2 Jurgen Siekmann and G. Wrightson, editors, pp. 342-376, Springer-Verlag,1983.

14. Konstantin Korovin and Andrei Voronkov. A decision procedure for the existential theory ofterm algebras with the Knuth-Bendix ordering. In Proceedings of the 15th IEEE Symposium onLogic in Computer Science (LICS’00), pages 291 – 302, IEEE Computer Society Press, 2000.

16

15. Konstantin Korovin and Andrei Voronkov. Knuth-Bendix constraint solving is NP-complete. InProceedings of 28th International Colloquium on Automata, Languages and Programming (ICALP’01),volume 2076 of Lecture Notes in Computer Science, pages 979–992. Springer-Verlag, 2001.

16. Konstantin Korovin and Andrei Voronkov. The decidability of the first-order theory of theKnuth-Bendix order in the case of unary signatures. In Proceedings of the 22th Conference onFoundations of Software Technology and Theoretical Computer Science, (FSTTCS’02), volume 2556 ofLecture Notes in Computer Science, pages 230–240. Springer-Verlag, 2002.

17. Viktor Kuncak and Martin Rinard. On the theory of structural subtyping. Technical ReportMIT-LCS-TR-879, Massachusetts Institute of Technology, January 2003.

18. Viktor Kuncak and Martin Rinard. The structural subtyping of non-recursive types is decidable.In Proceedings of the 18th IEEE Symposium on Logic in Computer Science (LICS’03), pages 96–107.IEEE Computer Society Press, 2003.

19. M. J. Maher. Complete axiomatizations of the algebras of finite, rational and infinite tree. InProceedings of the 3th IEEE Symposium on Logic in Computer Science (LICS’88), pages 348–357.IEEE Computer Society Press, 1988.

20. A. I. Mal’cev. Axiomatizable classes of locally free algebras of various types. In The Meta-mathematics of Algebraic Systems, Collected Papers, chapter 23, pages 262–281. North Holland,1971.

21. Paliath Narendran and Michael Rusinowitch. The theory of total unary RPO is decidable. InProceedings of the 1st International Conference on Computational Logic (CL 2000), volume 1861 ofLecture Notes in Artificial Intelligence, pages 660–672. Springer-Verlag, 2000.

22. Paliath Narendran, Michael Rusinowitch, and Rakesh M. Verma. RPO constraint solving is inNP. In Proceedings of the 12th International Workshop on Computer Science Logic (CSL’98), volume1584 of Lecture Notes in Computer Science, pages 385 – 398. Springer-Verlag, 1999.

23. Robert Nieuwenhuis. Simple LPO constraint solving methods. Information Processing Letters,47(2):65–69, 1993.

24. Robert Nieuwenhuis and J. Rivero. Solved forms for path ordering constraints. In Proceedingsof 10th International Conference on Rewriting Techniques and Applications (RTA’99), volume 1631 ofLecture Notes in Computer Science, pages 1–15. Springer-Verlag, 1999.

25. Robert Nieuwenhuis and Albert Rubio. Theorem proving with ordering and equality con-strained clauses. Journal of Symbolic Computation, 19(4):321–351, 1995.

26. C. R. Reddy and D. W. Loveland. Presburger arithmetic with bounded quantifier alternation.In Proceedings of the 10th Annual Symposium on Theory of Computing, pages 320–325. ACM Press,1978.

27. Tatiana Rybina and Andrei Voronkov. A decision procedure for term algebras with queues.ACM Transactions on Computational Logic, 2(2):155–181, 2001.

28. Ralf Treinen. A new method for undecidability proofs of first order theories. Journal of SymbolicComputation, 14:437–457, 1992.

29. Ting Zhang, Henny Sipma, and Zohar Manna. Decision procedures for recursive data structureswith integer constraints. In Proceedings of the 2nd International Joint Conference on AutomatedReasoning (IJCAR’04), volume 3097 of Lecture Notes in Computer Science, pages 152–167. Springer-Verlag, 2004.

30. Ting Zhang, Henny Sipma, and Zohar Manna. Term algebras with length function and boundedquantifier alternation. In Proceedings of the 17th International Conference on Theorem Proving inHigher Order Logics (TPHOLs’04), volume 3223 of Lecture Notes in Computer Science, pages 321–336. Springer-Verlag, 2004.

17

A Preliminaries

We assume the first-order syntactic notions of variables, parameters andquantifiers, and semantic notions of structures, satisfiability and validity as in[10].

A signatureΣ is a set of parameters (function symbols and predicate symbols) eachof which is associated with an arity. The function symbols with arity 0 are alsocalled constants. The set of Σ-terms T (Σ,X) is recursively defined by: (i) everyconstant c ∈ Σ or variable x ∈ X is a term, and (ii) if f ∈ Σ is an n-place functionsymbol and t1, . . . , tn are terms, then f (t1, . . . , tn) is a term. Equality = is alwaysincluded as a binary predicate symbol. We reserve ≡ to denote the syntacticequality. If ϕ is a formula, we use T (ϕ) to denote the set of terms occurring inϕ,V(ϕ) to denote the set of variables in ϕ.

An atomic formula is a formula of the form P(t1, . . . , tn) where P is an n-place predicate symbol and t1, . . . , tn are terms. A literal is an atomic formulaor its negation. A variable occurs free in a formula if it is not in the scope ofa quantifier. A formula without quantifiers is called quantifier-free. A groundformula is a formula with no variables. A sentence is a formula in which novariable occurs free. Every quantifier-free formula can be put into disjunctivenormal form, that is, a disjunction of conjunctions. A formula ψ(x) can be putinto prenex form Q1y1, . . . ,Qnyn ϕ(x, y1, . . . , yn), where Qi’s are either ∃ or ∀ andϕ(x, y1, . . . , yn) is quantifier-free, called the matrix of ψ.

A Σ-structure A is a tuple 〈A, I〉 where A is a non-empty domain and I is afunction that associates each n-place function symbol f (resp. predicate symbolP) with an n-place function fA (resp. relation PA) on A. We use Gothic letters(like A) for structures and Roman letters (like A) for the underlying domain. Weusually denoteA by 〈A;Σ〉which is called the signature ofA. A variable assignmentσ (in A) is a function that assigns each variable an element of A. We use JxKσto denote the assigned values of x under σ and JϕKσ for the truth value of ϕunder σ. A ` JϕKσ means ϕ is true under σ. A formula ϕ is satisfiable, denotedby A `s ϕ, if A ` JϕKσ for some σ; is unsatisfiable, denoted by A 0s ϕ, if A ` JϕKσfor no σ; is valid, denoted by A ` ϕ, if A ` JϕKσ for any σ. A formula ϕ is validif and only if ¬ϕ is unsatisfiable.A is a model of a set T of sentences if every sentence in T is true in A. A

sentence ϕ is (logically) implied by T (or T-valid), written T |= ϕ, if ϕ is true inevery model of T. Similarly we say that ϕ is T-satisfiable if ϕ is true in somemodel of T and it is T-unsatisfiable otherwise. The notions of (T-)validity and(T-)satisfiability naturally extend to a set of formulas. A theory T is a set ofsentences that is closed under logical implication, that is, if T |= ϕ, then ϕ ∈ T.The theory of A, written Th(A), is the set of all valid sentences in A. By Th∀(A)we denote the quantifier-free subclass of Th(A).

We use x to denote a set of variables, say, x1, . . . , xn, and ∃x (resp. ∀x) as anabbreviation of ∃x1, . . . ,∃xn (resp. ∀x1, . . . ,∀xn). We write ϕ(x) to mean that xoccur free in ϕ. (∃x)ϕ(x) and (∀x)ϕ(x) are called existential closure and universalclosure of ϕ(x), respectively. If ϕ(x) is quantifier-free, then (∃x)ϕ(x) is called ∃1

18

and (∀x)ϕ(x) is called ∀1. By satisfiability and validity of a quantifier-free theory,we actually mean the validity of ∃1 and ∀1 formulas, respectively.

A theory T is said to admit quantifier elimination if any formula can be equiv-alently (modulo T) and effectively transformed into a quantifier-free formula. Ifa theory admits quantifier elimination, then the truth value of any sentence isreducible to the truth value of a ground formula.

A term algebra (TA) of Σ with basis X is the structure A whose domain isT (Σ,X) and for any n-place function symbol f ∈ Σ and t1,. . . ,tn ∈ T (Σ,X),fA(t1,. . . ,tn) = f (t1, . . . , tn). We assume that Σ does not contain any predicatesymbols except equality.

Presburger arithmetic is the first-order theory of addition in the arithmeticof integers. The corresponding structure is denoted by PA = 〈Z; 0,+, <〉. We useLZ to denote the formal language of PA.

We adopt conventional notations in discussion of orderings; we write u � vfor v ≺ u, u � v for u ≺ v ∨ u = v and u ≺ v ≺ w for u ≺ v ∧ v ≺ w.

19

B Proofs of LemmasB.1 Proof of Lemma 1.

Proof. We show that any conjunction of positive literals in Lkb+ is equivalent toa finite disjunction of delineated gap order completions.

Let ϕkb+ be a conjunction of positive literals in Lkb+ and Σ(ϕkb+) be the set ofall TA-terms inϕkb+ . We describe our algorithm as a construction of a disjunctivedecision tree. When we say “guess” we mean going down a disjunctive branch.

We can viewϕkb+ as a directed labeled graph Gkb+ in whichΣ(ϕkb+) are vertexlabels and u �]n v (or u ≺]n v) represents an edge with number label n and colorlabel ]. An edge of the form u ≺]n v (resp. u �]n v) is called stretchable (resp. rigid).A path is rigid if every edge on the path is rigid; a path is stretchable if it containsa stretchable edge. A length of a path is the sum of all number labels on the path.

First we guess an equality partition for Σ(ϕkb+). All vertexes in the sameequivalence class are merged by consolidating corresponding outgoing andincoming edges. We choose an arbitrary representative for each equivalenceclass as the node label.

Second we guess a linear order for Σ(ϕkb+). It amounts to adding to Gkb+

a Hamilton path, a path between two distinct vertexes of Gkb+ that visits eachvertex exactly once. We call this path primary path and edges on the path primaryedges. Note that the primary path corresponds to a gap order completion andit is a prototype of the delineated gap order completion we are to construct. Atthis phase, all primary edges are labeled by 1.

Third we insert boundary terms to delineate the primary path if necessary.To reduce ϕkb+ to a DGOC, we need to remove all non-primary edges. A

non-primary edge from u to v is called an overpath (resp. underpath) if its lengthis greater than (esp. less than) the length of the primary path from u to v. It iseasily seen that a non-primary edge is redundant if it is neither an overpath noran underpath.

Before removing non-primary edges we need to do the consistency check.There are two types of inconsistency.

1. Gkb+ contains a loop.2. The color of a non-primary edge is incompatible with colors on the corre-

sponding primary path. Let order {w, p, l} as l ≺c p ≺c w. We say that thecolor c of a non-primary edge is incompatible with colors {ci | 1 ≤ i ≤ k} onthe corresponding primary path if c , max{ci | 1 ≤ i ≤ k} with respect to ≺c.For example, u ≺l

n1v ≺p

n2w is incompatible with neither u ≺w

n3w nor u ≺l

n4w

while it is compatible with u ≺pn5

w.

If inconsistency is detected, the constraint simplifies to false.It is not hard to see that the existence of an overpath means the current gap

order completion “over-approximates” ϕkb+ . To discharge a overpath, we refinethe number labels on primary stretchable edges by distributing the extra lengthto each such edges covered by the overpath. For example consider the following

20

primary path from u to v to w.

up1−→ v

p2−→ w, (22)

where both two edges are stretchable. Suppose that a overpath from u to wlabeled with p > p1 + p2. We replace the subgraph (22) by one of the following.

∨

n1+n2=p−p1−p2n1,n2≥0

up1+n1−→ v

p2+n2−→ w. (23)

Note that we do not add extra length to rigid primary edges, and if the cor-responding primary path is not stretchable, then the constraint simplifies tofalse. After the distribution, we make a stretchable primary edge rigid if thecorresponding overpath is rigid.

One by one, we can remove all overpath obtaining a graph in which all non-primary edges are underpath (assuming redundant edges have been removed).A stretchable underpath is also redundant and can be removed. If there exists arigid underpath, then constraint simplifies to false.

Eventually we obtain a decision tree, each leaf of which, if not simplified tofalse, corresponds to a delineated gap order completion, and hence ϕkb+ can beequivalently transformed to a finite disjunction of GDOCs.

ut

Lemma 8. Let Ckb+ :∧n

i=1 ti �i u∧∧m

i=1 u�n+i tn+i be a conjunction of positive literalsin Lkb+ where � j are gap orders and u is an ordinary term. Then Ckb+ is equivalent to afinite disjunction of delineated gap order completions and in each of GDOCs the numberof open order literals is no more than that in Ckb+ . Moreover, if both the predecessor andthe successor of x in the GDOC are boundary terms, then the GDOC has one fewer openorder literals than Ckb+ (x) providing Ckb+ (x) contains at least one open order literals.

Proof. By Lemma 1 it suffices to show that in each of GDOCs the number ofopen order literals is no more than that in Ckb+ . We assume there are n1 ≤ nordinary terms which are less than u and m1 ≤ m ordinary terms which aregreater than u. So in Ckb+ there are m1 + n1 open order literals and m1 + n1 + 1ordinary terms. In each of GDOCs obtained by the decision tree construction,the number of ordinary terms can not exceed m1 + n1 + 1 as no new ordinaryterms are introduced. It is not hard to argue that in an linear order containing atmost m1 + n1 + 1 ordinary terms, the number of open order literals are at mostm1 +n1. Note that the introduction of boundary terms (to delineate a gap order)and the merge of two vertexes (to equalize two terms) can only decrease thenumber of open order literals. Moreover, suppose Ckb+ (x) contains at least oneopen order literals. Without loss of generality, let us assume n1 > 0. Since boththe predecessor and the successor of x in the GDOC are boundary terms, x isseparated from other ordinary terms, and so there are at most n1 − 1 open orderliterals at the left-hand side of x (in the GDOC). Also there are at most m1 openorder literals at the right-hand side of x. Therefore, the total number of openorder literals is m1 + n1 − 1, one less than that in Ckb+ (x). ut

21

B.2 Proof of Lemma 2.Proof. We show that any formula in L Z

kb+ can be effectively reduced to an equiv-alent formula in which no boundary terms appear inside selectors or the weightfunction.

First we show how to eliminate selectors in front of boundary terms. Supposeϕ contains a selector term s

αp

i 0w(m), where ar(αp) = k. We need to consider four

cases.

Case 1. 0w(m) is not well-defined. In this case 0w

(m) = ⊥, and hence sαp

i 0w(m) simpli-

fies to ⊥.Case 2. 0w

(m) is well-defined, but Tree(αp)(m) is false. Since Tree(αp)(m) does nothold, 0w

(m) can not be of type αp. So sαp

i 0w(m) simplifies to 0w

(m).Case 3. Tree(αp)(m) is true but there exists p′ such that p < p′ ≤ |Σ| and

Tree(αp′ )(m) holds. As in the previous case, 0w(m) can not be of type αp, and

hence sαp


(m).Case 4. Tree(αp)(m) is true and for any p′ such that p < p′ ≤ |Σ|, Tree(αp′ )(m) does

not hold. The condition says that 0w(m) is of type αp, i.e., 0w

(m) = α(t1, . . . , tar(αp)).It is not hard to argue that 〈t1, . . . , tar(αp)〉 should be the smallest k-tuple ofweight n. Therefore, s

αp


(SCWki (m−W(αp)))

, where SCWki (n)

returns the weight of the ith component of a k-tuple which is the smallest(with respect to ≺k;kb) k-tuples of weight n. The definition of SCWk

i (n) isgiven in Appendix E. Note that SCWk

i (n) and all these conditions can beexpressed in Presburger arithmetic.

Similarly, if a selector term sαp

j 0p(m,p′), where ar(αp) = k, appears in ϕ, we have

three cases to consider.

Case 1. 0p(m,p′) is not well-defined. s

αp

j 0w(m,p′) simplifies to ⊥.

Case 2. 0p(m,p′) is well-defined, but p , p′. s

αp

j 0w(m,p′) simplifies to 0w

(m,p′).Case 3. 0p

(m,p′) is well-defined, and p = p′. sαp

j 0w(m,p′) simplifies to 0p

(SCWkj (m−W(αp)))

.

Similarly we can handle terms of the form sαp

j 1w(m) or s

αp

j 1p(m,p′).

Next we note that boundary terms in the weight function can be reducedto integer terms. For example, (0w

(m))w reduces to m if WD0w (m) and to W(⊥)

otherwise.Though we do the transformation at semantic level by case distinction, the

corresponding syntactic transformations (that we really need) can be recoveredas follows. Let ϕ(t) be a formula in which term t occurs. Consider there are ncases in each of which under the precondition θi, t is reduced to ti (1 ≤ i ≤ n).Then ϕ(t) is rewritten as

n∧

i=1

(

θi → ϕ(ti))

, (24)

22

or equivalently to

n∨

i=1

(

θi ∧ ϕ(ti))

. (25)

It is easy to verify that all preconditions given above are expressible in Pres-burger arithmetic formulas. For example, consider Case 4 in the reduction ofsαp

i 0w(m). The precondition states that

Tree(αp)(m) is true and for any p′ such that p < p′ ≤ |Σ|, Tree(αp′ )(m) doesnot hold,

which can be expressed formally as

Tree(αp)(m) ∧∧

p<p′≤|Σ|

¬Tree(αp′ )(m). (26)

Repeating this transformation, eventually all selectors in front of boundaryterms are pealed off and we obtain ϕ′ in which no boundary terms occur insideselectors.

Also it is easily seen from (25) that the transformation involves disjunctivesplittings and since θi are Presburger formulas, the transformation does notincrease the number of open order literals in each of resulting conjunctions. ut

B.3 Proof of Lemma 3.Proof. This lemma states the following: If x is of type αp with αp = (sαp

1 , . . . , sαp

k )and t is an arbitrary term, then x ? t where ? ∈ {≺w

n ,≺pn,≺

ln,�

wn ,�

pn,�

ln}, can be

effectively reduced to an equivalent quantifier-free formula ϕ(sαp

1 x, . . . , sαp

k x) (inL Z

kb+ ) in which x does not appear and sαp

i x (1 ≤ i ≤ k) is not inside selectors. Thesame for t ? x.

If t is a boundary term or an ordinary term not containing x, then the resultfollows directly from Lemma 4. Suppose otherwise t must be in the form Lxwhere L is non-empty block of selectors. We have two cases depending onwhether Lx is at the left-hand side or the right-hand side of ?.

Case 1. x ? Lx, for ? ∈ {≺wn ,≺

pn,≺

ln,�

wn ,�

pn,�

ln}. Then x ? Lx simplifies to false.

Since L is non-empty and constraints are type-complete, Lx is a proper subtermof x. For n = 0, x ? Lx does not hold as x , Lx. For n > 1, x ? Lx violates thesubterm property of KBO [1].

Case 2. Lx ? x, for ? ∈ {≺wn ,≺

pn,≺

ln,�

wn ,�

pn,�

ln}. We assume n > 1 as x , Lx. If ?

is ≺wn (resp. ≺p

n), Reduction F.1 (resp. F.2) puts x and Lx in separate literals, andhence the problem goes away. Similarly if ? is �w

n or �pn. The last two cases are

Lx ≺ln x and Lx �l

n x, which are only possible when the language contains theunary function f of weight 0, and L must be a non-empty block of s f (where s fis the corresponding selector of f ). (If L is not of the form {s f }

+, then {Lx}w < xw

23

and hence Lx ≺ln x simplifies to false.) We first consider Lx ≺l

n x, which is of theform

sif (x) ≺l

n x (27)

where n > 0, sif denote i time applications of s f . First note that (27) certainly

implies Is f (sif (x)). There are two subcases:

A. There is a non-atom term whose weight is xw and type is not f . Letg(t1, . . . , t j) be such a term; i.e., g . f and (g(t1, . . . , t j))w = xw.1. If si

f (x) is f k(a) (where k > 0 and a is an atom), then x is f i+k(a).Since (g(t1, . . . , t j))w = xw = aw, we have either a ≺p g(t1, . . . , t j) org(t1, . . . , t j) ≺p a.(a) a ≺p g(t1, . . . , t j). Then

f k(a) ≺l f k(g(t1, . . . , t j)) ≺l . . . ≺l f k(g( f l(t1), . . . , t j)) ≺l . . . ≺l f i+k(a).

(b) g(t1, . . . , t j) ≺p a. Then

f k(a) ≺l f i+k(g(t1, . . . , t j)) ≺l . . . ≺l f i+k(g( f l(t1), . . . , t j)) ≺l . . . ≺l f i+k(a).

2. If sif (x) is f k(h(t1, . . . , t j)) (where k > 0 and h . f ), then x is f k+i(h(t1, . . . , t j)).

We have

f k(h(t1, . . . , t j)) ≺l . . . ≺l f k(h( f l(t1), . . . , t j)) ≺l . . . ≺l f i+k(a)

In all of cases, there are infinitely many terms in between sif (x) and x, and

hence (27) simplifies to Is f (sif (x)).

B. Any term of weight xw consists of only f -terms ( f -type terms) or atoms. Thecondition says that si

f (x) must be in the form f k(a) (for some atom a and k > 0)and then x is in the form f k+i(a). Note that in this situation, f k(a) �l

r f k+i(a)where r is i times the number of trees of weight xw in the signature with fexcluded. For example, let Σ = 〈 f , a, b〉, we have f (a) �l

4 f 3(a), namely

f (a) �l f (b) �l f 2(a) �l f 2(b) �l f 3(a).

It is not hard to see that (27) simplifies to

Is f (sif (x)) ∧ CNTm(xw),

where m = dn/ie−1 and CNTm(xw) is defined in the language with f excluded.

Similarly we can simplify Lx �ln x, which has the form

sif (x) �l

n x (28)

where n > 0, sif denote i time applications of s f . As before (28) certainly implies

Is f (sif (x)). There are two subcases:

24

A. There is a non-atom term whose weight is xw and type is not f . Since thereare infinitely many terms in between si

f (x) and x, (28) simplifies to false.B. Any term of weight xw consists of only f -terms ( f -type terms) or atoms. It

is not hard to see that (28) simplifies to

Is f (sif (x)) ∧ CNTm(xw) ∧ ¬CNTm+1(xw) ∧ i | n,


At last we note that each of preconditions can be expressed in Presburgerarithmetic; the condition for A is

∨

α∈C\A\{ f }

Treeα(xw), (29)

and the condition for B is just the negation of (29). ut

B.4 Proof of Lemma 4.Proof. This lemma states the following: Let x, t be terms and ? ∈ {≺w

n ,≺pn,≺

ln,�

wn

,�pn,�

ln}.

1. If x is an ordinary term of type αp with αp = (sαp

1 , . . . , sαp

k ) and t is either aboundary term or an ordinary term not containing x, then x? t (t? x) can beeffectively reduced to an equivalent quantifier-free formula ϕ(sαp

1 x, . . . , sαp

k x)in which x dose not occur and s

αp

i x (1 ≤ i ≤ k) is not inside selectors.2. If x ? t (t ? x) is closed, i.e., both t and x are boundary terms, then it can be

effectively reduced to an equivalent Presburger formula.

As there are many combinations of x ? t, the detailed reductions are givenin Appendices F-J. Here we only highlight the main idea.General Idea: Gap Order Delineation.

The general reduction rule is to delineate a gap order to “indecomposable”intervals by inserting boundary terms. For example, suppose both u and v areordinary terms, u ≺w

n v (n ≥ 1) reduces to∨

n1+n2+n3=nn1,n3≥0,n2≥1

u ≺pln1

1w(uw) ≺

wn2

0w(vw) ≺

pln3

v. (30)

Recall that x ≺pl y ≡ x ≺p y ∨ x ≺l y. Suppose we choose the branch

u ≺pn1

1w(uw) ≺

wn2

0w(vw) ≺

pn3

v. (31)

Assuming u is of type αp, v is of type αq, we can further delineate (31) to∨

n1=n11+n12n3=n31+n32

u ≺ln11

1p(uw,p) ≺

pn12

1w(uw) ≺

wn2

0w(vw) ≺

pn31

0p(vw,q) ≺

pln32

v. (32)

25

In general suppose we have u ≺]n v and insert m boundary terms t1, . . . , tm inbetween u and v satisfying

u �]0 t1 �]1 · · · �]m−1 tm �

]m v, (33)

where ]i ∈ {w, p, l} (i ≤ m) and the maximum of {]i | i ≤ m} is ]. Recall that wedefine ≺c such that l ≺c p ≺c w. For example, max{w, p} = w and min{p, l} = l. Itis not hard to argue that u ≺]n v is equivalent to

∨

n0+...+nm=nn0,...,nm≥0

u ≺]0n0

t1 ≺]1n1

t2 ≺]2n2· · · ≺

]m−1nm−1

tm ≺]mnm v. (34)

Note that in such a delineation, ≺]0 can be read as =. This saves an unnecessarysplittings for �]. But it is not essential as the termination of our reductions doesnot rely on the decrease of gap counts.

Similarly, u �]n v can be delineated as∨

n0+...+nm=nn0,...,nm≥0

u �]0n0

t1 �]1n1

t2 �]2n2· · · �

]m−1nm−1

tm �]mnm v. (35)

As an example for closed relations, we consider 1w(m) ≺

wn 0w

(m′). If n = 0,1w

(m) ≺wn 0w

(m′) reduces to

1w(m) ≺

w0 0w

(m′) ↔ 1w(m) = 0w

(m′) ∨ 1w(m) ≺

w 0w(m′).

As was shown in Reduction I.3, 1w(m) = 0w

(m′) reduces to m = m′ ∧ ¬CNT1(m). Ifn = 1, 1w

(m) ≺wn 0w

(m′) reduces to m < m′. If n > 1, 1w(m) ≺

wn 0w

(m′) reduces to

n−1∨

r=1

(∃z1) . . . (∃zr)[

m < z1 < . . . < zr < m′ ∧∨

n1+...+nr=n−1n1,...,nr>0

r∧

i=1

CNTni−1(zi)]

. (36)

We briefly explain the meaning of (36). Since 1w(m) is the largest term of weight

m and 0w(m′) is the smallest term of weight of m′, 1w

(m) ≺wn 0w

(m′) means that thereare at least n− 1 terms whose weights are in between (but excluding) m and m′.We can assume all terms in between 1w

(m) and 0w(m′) are distributed in r different

weights with 1 ≤ r ≤ n − 1. For fixed r we can also assume the n − 1 terms aredistributed into r levels, which is represented formally as

∨

n1+...+nr=n−1n1,...,nr>0

r∧

i=1

CNTni−1(zi).

Notice that (36) is not in in the syntax of (first-order) logic. However, it isstraightforward to translate this abbreviation back to a first-order formula.

26

Termination

The termination of reductions does not reply on the decrease of gap counts.Rather, a gap order is delineated to “indecomposable” p-intervals. A closedequality literal or a closed gap order literal can be reduced to a Presburgerformula (Appendices I and J). Eventually half open gap order literals or opengap order literals involves terms in the same p-interval; i.e., they are in the formof x ≺l

n t (n ≥ 0). Suppose x and t are of type αp with αp = (sαp

1 , . . . , sαp

k ).Let us first assume t is an ordinary term. Then x = αp(sαp

1 x, . . . , sαp

k x), t =αp(sαp

1 t, . . . , sαp

k t), and x ≺ln t is equivalent to

〈sαp

1 x, . . . , sαp

k x〉 ≺k;kbn 〈s

αp

1 t, . . . , sαp

k t〉,

which, by Lemma 5, further reduces to a formula in L Zkb+ in terms of s

αp

i x, sαp

i t(1 ≤ i ≤ k).

Now let us assume t is a boundary term, say t ≡ 0w(m). We can rewrite t as

αp(sαp

1 0w(m), . . . , s

αp

k 0w(m)). So x ≺l

n t is equivalent to

〈sαp

1 x, . . . , sαp

k x〉 ≺k;kbn 〈s

αp

1 0w(m), . . . , s

αp

k 0w(m)〉,

which, by Lemma 5, further reduces to a formula in L Zkb+ in terms of s

αp

i x, sαp

i 0w(m)

(1 ≤ i ≤ k). By Lemma 2, sαp

1 0w(m), . . . , s

αp

k 0w(m) are simplified to boundary terms

not inside selectors, say 0w( f1(m)), . . . , 0

w( fk(m)) where f1, . . . , fk are integer functions

definable in Presburger arithmetic. (Note that each sαp

i 0w(m) must be the smallest

(w.r.t. ≺kb) of weight (sαp

i 0w(m))

w.)

Similarly if t ≺ln x is a half-open or open gap order literal. Note that we never

need to reduce a half-open or open equality literal in that a direct quantifierelimination can be carried out (Part 1, Lemma 6).

Well-definedness of boundary terms

For simplicity, reductions listed in Appendices G, H, I, and J implicitlyassumes well-definedness of boundary terms. The final reduction result shouldincorporate predicates WD (Appendix E). For example, suppose n > 1, 1w

(m) ≺wn

0w(m′) should be equivalent to

WD1w (m) ∧ WD0w (m′) ∧ (36)∨ ¬WD1w (m) ∧ WD0w (m′) ∧ ⊥ ≺w

n 0w(m′)

∨ WD1w(m) ∧ ¬WD0w(m′) ∧ 1w(m) ≺

wn ⊥

∨ ¬WD1w (m) ∧ ¬WD0w (m′) ∧ ⊥ ≺wn ⊥. (37)

Note that we do not need to go through this detour if the parameters in boundaryterms comes from weights TA-terms, as predicates WD are valid. For example,

27

for n > 1, the final reduction result of 1w(xw) ≺

wn 0w

(yw) is just

n−1∨

r=1

(∃z1) . . . (∃zr)[

xw < z1 < . . . < zr < yw ∧∨

n1+...+nr=n−1n1,...,nr>0

r∧

i=1

CNTni−1(zi)]

. (38)

Also note that we chose⊥ as the “sink value” to make boundary functions total.In general, the choice of a sink value affects the truth values of formulas in L Z

kb+ ;i.e., Th(AZkb+ ) varies as the sink value does. However, Th(Akb) remains the samethanks to the incorporation of well-definedness predicates.Reduction of Relations Involving Atoms.

There is no separate lists for reductions involving atoms, in that atoms areboundary terms. For example, 0p

(W(αp),p) is another name for an atom αp. So is

1p(W(αp),p).

Presence of the Unary Function of Weight 0.Up to now we assume that the language does not contain the unary func-

tion of weight 0. However, the presence of a unary function α0 of weight 0 inΣ simplifies the elimination procedure. Intuitively, the existence of α0 makes≺w and ≺p dense almost everywhere unless the left-hand operand is an atom.This follows from the fact that 1w

(m) and 1p(m,p) are undefined (i.e., no maximum)

except when αp is an atom and m = W(αp). Accordingly, L Zkb+ only needs to

include lower boundary functions in order to decompose gap orders. All re-ductions listed in the appendices can be changed accordingly by eliminatingupper boundary terms and merging the neighboring gap orders. For example,consider the reduction of u ≺w

n v (n ≥ 1). Instead of (30), we have two cases.

Case A. If u is not an atom (asserted by tester literals), u ≺wn v becomes u ≺w v.

Case B. If u is an atom, we can instantiate u with one of atoms as our signatureis finite. Suppose u ≺w

n v reduces to a ≺wn v for some atom a. Then we check

if there exists a non-atom term with the weight of W(a). This is obviouslycomputable due to finiteness of our signature. If so, a ≺w

n v reduces a ≺w vfor the same reason as Case A. Otherwise, 1w

(W(a)) must also be an atom, sayb, and so are any terms between a and b. Suppose there are m − 1 atomsin between a and b. It is easily verified that a ≺w

n v is just b ≺wn−m v (i.e.,

1w(W(a)) ≺

wn−m v), which further reduces to

∨

n1+n2=n−mn2≥0,n1≥1

1w(W(a)) ≺

wn1

0w(vw) ≺

pln2

v. (39)

In summary,

1. Appendices I and J list reductions for closed equalities and closed gap orderliterals.

2. Appendices G and H list reductions for half-open equalities and half-opengap order literals.

28

3. Appendices F list reductions for open gap literals.

ut

B.5 Proof of Lemma 5.Proof. This lemma states the following: Let U,V be k-tuples of the same weight,and ? ∈ {≺k;w

n ,≺k;pn ,≺k;l

n ,�k;wn ,�k;p

n ,�k;ln }.

1. If U = 〈u1, . . . , uk〉 is an ordinary tuple, then U?V (V?U) can be effectivelyreduced to an equivalent quantifier-free formula ϕ(u1, . . . , uk) (in L Z

kb+ ) inwhich vi (1 ≤ i ≤ k) does not occur inside selectors.

2. If U ? V (V ? U) is a closed tuple, i.e., both U and V are boundary tuples,then it can be effectively reduced to an equivalent Presburger formula.

There are many types of tuple literals, especially the closed tuple literals.However, as tuples are only used in intermediate reduction steps, we onlymeet a small portion of combinations. The detailed reductions are given inAppendices K-O. Here we only highlight the main points.

NotationsFirst note that we define tuple relations between tuples of the same weight.

So tuple relations are not only parameterized by k, the tuple length, but alsoparameterized by m, the total weight.

Second note that we define suborders on tuples 〈u1, . . . , uk〉 ≺k;] 〈v1, . . . , vk〉

(] ∈ {w, p, l}) as

u1 ≺] v1 ∨ u1 = v1 ∧ 〈u2, . . . , uk〉 ≺

k;kb 〈v2, . . . , vk〉, (40)

instead as

∃i(1 ≤ i ≤ k)[

ui ≺] vi ∧ ∀ j(1 ≤ j < i)u j = v j

]

. (41)

As we shall see soon, this technical choice can give reduction formulas uniformappearance.

Third recall that 〈u1, . . . , uk〉 ≺k;]n 〈v1, . . . , vk〉 is proper if u1 ≺

] v1. We claim thatimproper orders can be decomposed to a Boolean combination of proper ordersbetween k-tuples and proper orders between tuples of shorter length. ConsiderU ≺k;]

n V.

1. U, V are ordinary tuples. Let U = 〈u1, . . . , uk〉 and V = 〈v1, . . . , vk〉. So U ≺k;]n V

is equivalent to

(

(u1 = v1) ∧ 〈u2, . . . , uk〉 ≺k;kbn 〈v2, . . . , vk〉

)

∨(

(u1 ≺] v1) ∧ 〈u1, . . . , uk〉 ≺

k;]n 〈v1, . . . , vk〉

)

.

29

2. U is an ordinary tuple and V is a boundary tuple. It is easily seen thatV = 〈v1, . . . , vk〉where v1, . . . , vk are boundary terms. For example, 1k;w

(sum,m) is

〈1w(m), 1

w(LCWk−1

1 (sum−m)), . . . , 1w

(LCWk−1k−1(sum−m))

〉,

where LCWki (n) returns the weight of the ith component of the largest k-tuple

(w.r.t. ≺k;kb) of weight n (see Sec. E.13). Then U ≺k;]n V reduces to

(

(u1 = v1) ∧ 〈u2, . . . , uk〉 ≺k;kbn 〈v2, . . . , vk〉

)

∨(

(u1 ≺] v1) ∧ 〈u1, . . . , uk〉 ≺

k;]n V)

.

3. U is a boundary tuple and V is an ordinary tuple. Similar to Case 2.4. Both U and V are boundary tuples. Similar to Case 2.

In each case, U ≺k;]n V reduces to a proper tuple order or an order between tuples

of shorter length. Iteratively applying the process, an improper k-tuple ordercan be decomposed to a Boolean combination of a proper k-tuple order andproper orders between tuples of shorter length. Therefore in order to reducetuple orders to non-tuple order literals (in terms of components of those tuples),it suffices to show proper reductions, the reductions for proper orders betweentuples of the same weight. Those proper reductions are given in AppendicesK-O. Note that there is an implicit side conditions u1 ≺

] v1 in redexes (reductiontargets) of all reduction rules.

General Idea: Gap Order Delineation and Tuple Length Reduction.

The general reduction rule is the same as before, namely, using boundarytuples to delineate a tuple order to “indecomposable” intervals. For example, LetU = 〈u1, . . . , uk〉, V = 〈v1, . . . , vk〉 be ordinary tuples, n ≥ 1 and sum =

∑ki=1 uw

i =∑k

i=1 vwi . U ≺k;w

n V reduces to (Reduction K.1)

∨

n1+n2+n3=nn1,n3≥0,n2≥1

〈u1, . . . , uk〉 ≺k;pln1

1k;w(sum,uw

1 ) ≺k;wn2

0k;w(sum,vw

1 ) ≺k;pln3〈v1, . . . , vk〉. (42)

Now it is clear why we define 〈u1, . . . , uk〉 ≺k;]n 〈v1, . . . , vk〉 by (40). other than

by (41). Suppose we did it in the other way. Then in the decomposition (42),we can not have 〈u1, . . . , uk〉 ≺

k;pln1

1k;w(sum,uw

1 ), because the order between 〈u1, . . . , uk〉

and 1k;w(sum,uw

1 ) may be determined by the weights of the ith (i > 1) respectivecomponents.

Besides gap order delineation, we also need to decompose tuple orders usingterm order and tuple order in the smaller dimension. For example, consider〈u1, . . . , uk〉 ≺

k;pn1

1k;w(sum,uw

1 ), a literal in a branch of (42), which reduces to (Reduction

30

M.8)∨

n11(n12+1)+n13≥n1,0≤n11,n12,n13≤n1

u1 ≺pn11

1w(uw

1 ) ∧ 0k−1;kb(sum−uw

1 ) ≺k−1;kbn12

1k−1;kb(sum−uw

1 )

∧ 〈u2, . . . , uk〉 ≺k−1;kbn13

1k−1;kb(sum−uw

1 ). (43)

We briefly explain the reason behind (43). The tuples in between 〈u1, . . . , uk〉 and1k;w

(sum,uw1 ) can be divided into n11+1 segments where n11+1 is the number of terms

in between (and including) u1 and 1w(uw

1 ). Each of the first n11 segments containsn12 + 1 k-tuples, where n12 + 1 is the number of k−1-tuples of weight sum − uw

1 .The last segment contains n13 k-tuples because where n13 is the number of k−1-tuples greater than or equal to 〈u2, . . . , uk〉 but less than 1k−1;kb

(sum−uw1 ). We require

n11(n12 + 1) + n13 ≥ n1 and 0 ≤ n11, n12, n13 ≤ n1.As an example for closed relations, 1k;w

(sum,m) ≺k;wn 0k;w

(sum,m′) reduces to (ReductionO.25)

n−1∨

r=1

[

m < CWk1(sum,m,m′) < . . . < CWk

r(sum,m,m′) < m′ ∧

∨

∑ri=1 ni=n−1

ni≥1

r∧

i=1

0k;w(sum,CWk

i (sum,m,m′))≺

k;wni−1 1k;w

(sum,CWki (sum,m,m′))

]

. (44)

We explain the reason for (44). Since 1k;w(sum,m) is the largest k-tuple of weight sum

with the first component having weight m and 0w(m′) is the smallest tuple of

weight of sum with the first component having weight m′ 1k;w(sum,m) ≺

k;wn 0k;w

(sum,m′)means that there are at least n − 1 k-tuples of weight sum for which the weightsof the first components are greater than m and smaller than m′. We can assumeall k-tuples in between 1k;w

(sum,m) and 0k;w(sum,m′) are distributed in r different weights

with 1 ≤ r ≤ n − 1. For a fixed r we can also assume the n − 1 k-tuples aredistributed into r levels, which is represented formally as

∨

∑ri=1 ni=n−1

ni≥1

r∧

i=1

0k;w(sum,CWk

i (sum,m,m′))≺

k;wni−1 1k;w


.

Note that CWki (n, r, r′) returns the ith smallest integer in (r, r′) which is the weight

of a component in a k-tuple having weight n, and hence

0k;w(sum,CWk

i (sum,m,m′))≺

k;wni−1 1k;w


express that there are ni k-tuples of weight sum with the first component havingweight CWk

i (sum,m,m′). We require∑r

i=1 ni = n − 1 and ni ≥ 1 for 1 ≤ i ≤ r.

31

TerminationAs before the termination of reductions does not reply on the decrease of

gap counts. Rather, a tuple gap order is first delineated to “indecomposable”intervals which is turn reduced to gap order between tuples of shorter length.So eventually a tuple order is reduced to a formula in L Z

kb+ . In particular, aclosed tuple gap order or a closed tuple equality literals can be reduced to aPresburger formula. Iteratively applying the reduction, eventually only termorder ≺]n (] ∈ {w, p, l}) appears and the reduction terminates.

Well-definedness of Boundary TuplesReductions listed in Appendices G, H, I, and J implicitly assume well-

definedness of boundary tuples. This is safe as parameters of boundary tuplescomes from weights of well-defined TA-terms.

Reduction of Literals Involving 0k;kb(sum)

or 1k;kb(sum)

.

There is no separate lists for reductions of literals involving 0k;kb(sum) or 1k;kb

(sum).as they can be expressed, respectively, by

0k;kb(sum) = 0k;w

(sum,MinCWk(sum)), 1k;kb

(sum) = 1k;w(sum,MaxCWk(sum))

.

Here MinCWk(sum)) (resp. MaxCWk(sum)) abbreviates MaxCWk(sum, 0, sum+ 1)(resp. MinCWk(sum, 0, sum+1)), the largest integer (resp. the smallest integer) in(0, sum+ 1) which is the weight of a component in a k-tuple having weight sum.

The Number of Open Gap Order Literals.As we mentioned before, tuple orders are reduced to term orders. The re-

duction does not increase the number of open gap order literals. The onlyreduction generating open gap order literals is reduction of open tuple order〈u1, . . . , uk〉 ≺

k;ln 〈v1, . . . , vk〉 (Reduction K.3), copied below

∨

n1+n2+n3=n,n1,n2≥0,n3≥1

[

〈u2, . . . , uk〉 ≺k−1;kbn1

1k−1;kb(rem) ∧ 0k−1;kb

(rem) ≺k−1;kbn2

〈v2, . . . , vk〉

∧∨

(m1+1)(m2−1)≥(n3−1)m1≥0,m2>0,m1,m2<n3

(

0k−1;kb(rem) ≺

k−1;kbm1

1k−1;kb(rem) ∧ u1 ≺

lm2

v1

)]

, (45)

where rem =∑k

i=2 uwi =∑k

i=2 vwi . It is not hard to argue that in the final result of

(45), each conjunction only contains one open gap order literals. As the reductionis triggered by a open gap order literal, it does not add more open gap orderliterals. Note that though u1 ≺

] v1 is an implicit term gap order in redexes, itdoes not included in reducts (results of reductions). In particular, the implicitcondition u1 ≺

l v1 for 〈u1, . . . , uk〉 ≺k;ln 〈v1, . . . , vk〉 is replaced by more precise

relation u1 ≺lm2

v1.In summary,

32

1. Appendices N and O, respectively, list reductions for closed equality literalsand closed tuple order literals.

2. Appendices L and M, respectively, list reductions for half-open equalityliterals and half-open tuple order literals.

3. Appendices K list reductions for open tuple order literals. ut

B.6 Proof of Lemma 7.Proof. The lemma states the following claim: Let z be an integer variable, Ckb+ (z)a conjunction of literals in Lkb+ where z occurs inside boundary terms, andϕZ(z)a Presburger formula. Then (∃z :Z)[Ckb+ (z) ∧ ϕZ(z)] can be effectively reducedto C′kb+ ∧ ϕ

′Z

where no z occurs and C′kb+ is quantifier-free.Let z, Ckb+ (z) and ϕZ(z) as stated above. Let us assume z has n occurrences

in Ckb+ (z), namelyf1(z), . . . , fn(z),

where fi (1 ≤ i ≤ n) are arbitrary integer function definable in Presburgerarithmetic, and fi(z) (1 ≤ i ≤ n) occur inside boundary terms. Note that fi’s areintroduced during reductions in Appendices F-O, and they are built up usingusual integer functions as well as those defined in Appendix E.

For each 1 ≤ i ≤ n, we do simplification as follows. Let us assume fi(z)occurs inside a boundary term t. Without loss of generality, let assume fi(z) isthe outmost integer function, i.e., t has one of the following forms:

0w( fi(z)), 0p

( fi(z), ), 1w( fi(z)), 1p

( fi(z), )

Consider the occurrences of t in Ckb+ (z).

Case 1 t occurs in literals of the forms

t ≺]n t′, t �]n t′, t′ ≺]n t, t′ �]n t,

where ] ∈ {w, p, l} and t′ is also a boundary term. By Lemma 4, we canremove all such closed literals from Ckb+ (z) and add the correspondingequivalent Presburger formulas to ϕZ(z).


t ≺∗n t′, t �∗n t′, t′ ≺∗n t, t′ �∗n t,

where ∗ ∈ {p, l} and t′ is an ordinary term. Then we replace every occurrenceof fi(z) in Ckb+(z) by (t′)w and add fi(z) = (t′)w to ϕZ(z), and set

Ckb+ (z) := Ckb+ (z)[

fi(z)/(t′)w]

,

ϕZ(z) := ϕZ(z) ∧ fi(z) = (t′)w.


t ≺wn t′, t �w

n t′, t′ ≺wn t, t′ �w

n t,

33

where t′ is an ordinary term. In this case, we introduce new boundary termsto delineate those gap orders. For example, t ≺w

n t′ is replaced by∨

n1+n2=nn1≥0,n2≥0

t ≺wn1

0w((t′)w) ≺

pln2

t′

Similar transformations apply to t �wn t′, t′ ≺w

n t and t′ �wn t. By the transfor-

mation we reduce this case to Case 1.

In this way we can remove all fi(z) from Ckb+ , obtaining

(∃z :Z)[

C′kb+ ∧ ϕ′Z(z)]

,

where C′kb+ does not contain z. Now we can move C′kb+ out of ∃z, obtaining

C′kb+ ∧ (∃z :Z)ϕ′Z

(z),

which is our desired result. ut

B.7 Proof of Lemma 6.Proof. This lemma states the following: Let x be a term variable, Ckb+ (x) a con-junction of literals in Lkb+ in which all term occurrences of x have depth 0, andϕZ(x) a Presburger formula in which x occurs inside the weight function. Then(∃x :TA)[Ckb+ (x)∧ϕZ(x)] can be effectively reduced to C′kb+ ∧ϕ

′Z

in which x doesnot occur and C′kb+ is quantifier-free.

Note that in the antecedent of the lemma, we only require that all term oc-currences of x have depth 0 and x can have arbitrarily many integer occurrencesof the form (Lx)w where L is a (possibly empty) selector sequence.

We divide the proof into two parts.Part 1. Ckb+ (x) contains x = t where t may contain x.

We rewrite (∃x :TA)[Ckb+ (x) ∧ ϕZ(x)] as

(∃x :TA)[

x = t ∧ ϕ(x)]

, (46)

where ϕ(x) is an arbitrary conjunction of literals in L Zkb+ .

If t does not contain x, then (46) simplifies to ϕ(t). Otherwise, we have threecases to consider.

Case 1. t ≡ x. Then (∃x)[x = x ∧ ϕ(x)] simplifies to (∃x)ϕ(x).Case 2. t ≡ Lx where L is a non-empty selector block. Then (∃x)(x = Lx∧ϕ(x))

simplifies to false. Note that here we assume that terms like Lx are proper(see Def. 16)

Case 3. t is a boundary term in which (Lix)w (i ≤ n) occur (as parts of an integerfunction). In this case (46) has the form

(∃x :TA)[

x = t[ f ((L0x)w, . . . , (Lnx)w, xw)] ∧ ϕ(x)]

, (47)

34

where f ((L0x)w, . . . , (Lnx)w, xw) denotes the outmost Presburger function con-taining (Lix)w (i ≤ n) and xw. We assume t[ f ((L0x)w, . . . , (Lnx)w, xw)] is a well-defined boundary term (see Sec. E.15). Otherwise t = ⊥ and hence (46)reduces to ϕ(⊥). Without loss of generality, we assume Lix enumerate all se-lector terms containing x in (47) and they form a tree (with x being the root,Lix including all leaves). In addition, in this tree sibling nodes are coexistent,called sibling-complete. For example, in Alist if car(x) appear, we can assumethat cdr(x) also appear. The induced tree is cons(car(x), cdr(x)) where x is theroot, car(x), cdr(x) are two leaves. Note that Lix also include intermediatenodes in the induced tree. In general, if we need L′x to appear, we can justset

f ((L0x)w, . . . , (Lnx)w, (L′x)w, xw) := f ((L0x)w, . . . , (Lnx)w, xw) + (L′x)w − (L′x)w.

It is easily seen that (47) is equivalent to

(∃x :TA)[

x = t[ f ((L0x)w, . . . , (Lnx)w, xw)] ∧ ϕ(t[ f ((L0x)w, . . . , (Lnx)w, xw)])]

.

(48)

Note that in (48) x only has one term occurrence, namely, as the left-handside of

x = t[ f ((L0x)w, . . . , (Lnx)w, xw)]. (49)

We claim that (48) is equivalent to

(∃(L0x)w, . . . (Lnx)w, xw :Z)[

ϕ(t[ f ((L0x)w, . . . , (Lnx)w, xw)]) ∧ ∆]

, (50)

where ∆ is the constraint to describe the weight relations in the inducedtree. More precisely, it satisfies the following conditions.1. If Lix is of type αp and has immediate children s

αp

1 Lix, . . . , sαp

k Lix, then ∆includes

(Lix)w =(

k∑

j=1

(sαp

j Lix)w)

+W(αp).

In particular, it includes

xw =∑

i∈I⊆{0..n}

(Lix)w + c.

where I is the index of all leaf nodes and c is the sum of the weight ofintermediate nodes of the tree with root x.

2. For i ∈ I,∆ includes Tree((Lix)w); if Lix isα-typed,∆ includes Treeα((Lix)w).These assertions constrains each leaf to have a well-defined weight.

35

3. ∆ also includes constraints that require that L0x, . . . , Lnx, x form a bound-ary term. For example, suppose t ≡ 0w

( f ((L0x)w,...,(Lnx)w,xw)). Then each nodeLix must be the smallest (w.r.t. ≺kb) of weight (Lix)w. If Lix is of type αp,then there exists no p′ such that p < p′ ≤ |Σ| and Treeαp′ ((Lix)w) holds.This constraint is formally expressed by

∧

p<p′≤|Σ|

¬Treeαp′ ((Lix)w).

A similar constraint is added for x. Besides that, if Lix has k siblings,namely, in the order from left to right, Li1 x, . . . , Lik x (where Li j ≡ s

αp

j for1 ≤ j ≤ k), we require that 〈Li1 x, . . . , Lik〉 be the smallest k-tuple (w.r.t.≺k;kb) of weight n =

∑kj=1(Li j x)w. This constraint is formally expressed by

k∧

j=1

(Li j x)w = SCWkj (n),

where SCWkj (n) returns the weight of the jth component of the small-

est k-tuple (w.r.t. ≺k;kb) of weight n (see Sec. E.11). Similarly we obtainconstraints for

t ≡ 0p( f ((L0x)w,...,(Lnx)w,xw), ), t ≡ 1w

( f ((L0x)w,...,(Lnx)w,xw)), t ≡ 1p( f ((L0x)w,...,(Lnx)w,xw), ).

Notice that here (Lix)w, xw serve as purely syntactical variables. A variablerenaming can bring (50) to

(∃z0, . . . zn, z :Z)[

ϕ′(t[ f (z0, . . . , zn, z)]) ∧ ∆(z0, . . . , zn, z)]

. (51)

We show the equivalence between (48) and (50). First it is obvious that (48)implies (50) because ∆ describes weight constraints on the boundary termtree rooted at x. To show that (50) implies (48), it suffices to show there existsx such that (49) holds. Again because of ∆, (L0x)w, . . . , (Lnx)w, xw satisfiesweight constraints of a boundary term (tree) and f ((L0x)w, . . . , (Lnx)w, xw)makes t well-defined. Therefore (L0x)w, . . . , (Lnx)w, xw can be “realized” bya TA-term x which is a boundary term. Intuitively, when a term x occursinside the weight function, its term properties is deprived.We like to point out three things about this elimination by substitution. Firstwe can proceed with this elimination procedure even if x has other termoccurrences with depths great than 1. Second the substitution from (47) to(48) may put a boundary term inside a selector term. In fact, it is only thesubstitution that makes a boundary term appear inside a selector. However,Lemma 2 eliminates this superficial complication. Third, the substitutionobviously does not increase the number of open order literals.

36

Part 2. Ckb+ (x) does not contain equalities like x = t.Since x is the only term occurrence of x in Ckb+ , we can move other constraints

not containing x out of (∃x :TA). So we can assume that Ckb+ is in the form

l∧

i=1

ui �i x ∧m∧

j=1

x �l+ j v j, (52)

where �i (1 ≤ i ≤ l+m) are gap orders. By Lemma 8, Ckb+ is equivalent to a dis-junction of delineated gap order completions, each of which contains no moreopen order literals than Ckb+ (x) does. Now we assume Ckb+ (x) is a DGOC, de-noted by DGOC(x, (L0x)w, . . . , (Lnx)w, xw) where (L0x)w, . . . , (Lnx)w, xw enumerateall integer occurrence of x in Ckb+ (x) and ϕZ(x). Note that (L0x)w, . . . , (Lnx)w, xw

could be parts of integer functions which are in turn inside boundary terms. Let{x}w abbreviate (L0x)w, . . . , (Lnx)w, xw. As in Part 1, we also assume L0x, . . . , Lnx, xenumerate all selector terms containing x and they form a sibling-complete tree(with x being the root and Lix including all leaves).

Without loss of generality, we assume that DGOC(x, {x}w) has the followingform:

t1 �1 . . . �i−2 ti−1 �i−1 x �i ti+1 �i+1 . . . �n−1 tn.

Let Head({x}w) (resp. Tail({x}w)) denote the linear order before x (resp. after x) inthe above sequence. We can decompose DGOC(x, {x}w) as follows.

t1 �1 . . . �i−2 ti−1︸︷︷︸

Head(xw)

�i−1 x �i ti+1 �i+1 . . . �n−1 tn︸︷︷︸

Tail(xw)

.

Since DGOC(x, {x}w) is a DGOC, we can further assume �i−1 is ≺]n1and �i is ≺]n2

where ] ∈ {pl, l}. So DGOC(x, {x}w) is in the form

Head({x}w) ≺]n1x ≺]n2

Tail({x}w).

We write Head({x}w) ≺]n1+n2Tail({x}w) to denote the ordering obtained from

DGOC(x, {x}w) by removing the term occurrence of x and accordingly joining twogap orders before and after such occurrence, namely,

t1 �1 . . . �i−2 ti−1︸︷︷︸

Head({x}w)

≺]n1+n2

ti+1 �i+1 . . . �n−1 tn︸︷︷︸

Tail({x}w)

.

Let us first assume that ] ≡ l; the case that ] ≡ pl is similar. We further assumeall terms in the p-interval where x is have type αp. Recall that DGOC(x, {x}w) istype-complete and tester literals are not listed for simplicity. We claim that

(∃x :TA)[

Head({x}w) ≺ln1

x ≺ln2

Tail({x}w) ∧ ϕZ({x}w)]

(53)

37

is equivalent to

(∃{x}w :Z)[

Head({x}w) ≺ln1+n2

Tail({x}w) ∧ ∆({x}w) ∧ ϕZ({x}w)]

, (54)

where as in Part 1, ∆({x}w) are weight constraints describing the tree structureformed by L0x, . . . , Lnx, x. Note that {x}w now are purely syntactical integervariable.

We show the equivalence between (53) and (54). First it is obvious that (53)implies (54). On the other hand, (54) implies

(∃{x}w :Z)(∃x :TA)[

Isαp (x) ∧ ∆({x}w) ∧ ϕZ({x}w) ∧

Head({x}w) ≺ln1

x ≺ln2

Tail({x}w)]

. (55)

which is equivalent to

(∃x :TA)(∃{x}w :Z)[

Isαp (x) ∧ ∆({x}w) ∧ ϕZ({x}w) ∧

Head({x}w) ≺ln1

x ≺ln2

Tail({x}w)]

. (56)

which obviously implies (53). Therefore (53) is equivalent to (54). By variablerenaming we rewrite (54) as

(∃z :Z)[

Head(z) ≺ln1+n2

Tail(z) ∧ ∆(z) ∧ ϕZ(z)]

. (57)

Now by Lemma 7 we can eliminate ∃z from (57).ut

38

C Proofs of TheoremsWe devote this section to prove the correctness of the elimination algorithm.

Lemma 9. Each transformation step in the elimination procedure is sound, i.e., itpreserves equivalence.

Proof. Preservation of equivalence has been established by lemmas in AppendixB. More precisely, Lemma 7 justifies transformation equivalence in Algorithm 1;Lemmas 4 and 6 justifies subprocedures [2] and [2], respectively, in Algorithm2. Axioms in Proposition 1 justifies basic simplification steps in [2]. ut

Lemma 10. The elimination procedure terminates.

Proof. It is clear that Alg. 1 terminates. The termination of Alg. 2 is a bit involved.The difficulty comes from Step [2]. It is easily seen that each run of Step [2]terminates as the decomposition is done in depth-first manner (Step [2]), whicheventually produces a variable with depth 0. However this process in generalintroduces new quantified variables (Step [2]). In addition the -subprocedure (in Step [2]) may increase the depth of the term on the other sideof an order relation. By Lemmas 3, 4 and 5, the increase of depths of termsonly happens to the reductions of open order literals. Checking all reductionsin Appendices F-O, we see this actually happens in Reduction F.3. Moreoverthis reduction can also increase the number of equalities and the substitutionin elimination of equality (Part 1, Lemma 6), may also increase depths of termsif the equality to be eliminated is open. But the source of the depth increase isalso the existence of open order literals. So to show the termination of the wholeprocedure it suffices to show the decrease of the number of open order literals.

First we notice that negation elimination (Sec. D) and substitution in elimi-nating equalities (Part 1 in Lemma. 6) do not introduce new open order literals(as conjuncts) into the resulting matrix. Second it is not hard to argue that Re-duction F.3, which comes from a reduction of an open order literal, replaces theold open order literal by a new one in each resulting conjunction. Third whenthe depth of a variable x is reduced to 0, we meet conjunction of the form (52),denoted by Ckb+ (x). We assume Ckb+ (x) contains at least one open order literals.By Part 2 in Lemma 6 and Lemma 8 the corresponding DGOC(x, {x}w) has nomore open order literals than Ckb+ (x) does. Moreover, let DGOC(x, {x}w) be

t1 �1 . . . �i−2 ti−1︸︷︷︸

Head(xw)

�i−1 x �i ti+1 �i+1 . . . �n−1 tn︸︷︷︸

Tail(xw)

. (58)

The elimination of x will give Head({x}w) �? Tail({x}w), the ordering obtainedby removing the term occurrence of x. It is not hard to argue that if either ti−1 orti+1 is an ordinary term, Head({x}w) �? Tail({x}w) has one less open order literalsthan DGOC(x, {x}w). If both ti−1 and ti+1 are boundary terms, then by Lemma 8DGOC(x, {x}w) has one fewer open order literals than Ckb+ (x) providing Ckb+ (x)contains at least one open order literals. Note that the delineation process couldassert x to be a boundary term. For example, �i−1 is ≺l

0 and ti−1 is a boundary

39

term. Recall ti−1 ≺l0 x is equivalent to ti−1 ≺

l x ∨ x = ti−1. If we choose x = ti−1,then we proceed as Part 1 in Lemma. 6. As we mentioned before, this processdoes not add more open order literals and in case that x occurs in at least oneopen order literals in Ckb+ (x), the substitution will reduce the number of openorder literals.

We showed that the quantifier elimination of (∃x :TA) where x involves in anopen order literal will result in a quantifier-free formula which contains feweropen order literals in each conjunction. When all open order literals are gone,the depth reduction procedure will not increase the depths of terms on the otherside of an order relation. Note that the depth reduction can still generate moreequalities. However, those generated equalities are half-open equalities (i.e., oneside of an equality is a boundary term), and hence the subsequent substitutions(in elimination of equalities) will not increase the depths of terms either. Eventu-ally all term occurrences of TA-terms have depth 0. The termination follows. ut

C.1 Proof of Theorem 1.Proof. By Lemmas 9 and 10. ut

C.2 A Variant Elimination Procedure.We present a variant elimination procedure. Other than guessing a delin-

eated gap order completion, we only need to guess a smallest upper bound anda largest lower bound. We assume no x = t occurs inside (∃x :TA) as this case isidentical to Part 1 in Lemma 6.

Lemma 11. Formulas of the form

(∃x :TA)[

m∧

i=1

ui �]ipi x ∧

n∧

j=1

x �∗ jq j v j]

, (59)

where � stands for ≺ or �, ]i, ∗ j ∈ {w, p, l}, and pi, q j ≥ 1, can be effectively reduced toa quantifier-free formula which has fewer open literals than the original formula.

Proof. We first introduce the following notations. For a term t, let t + n denotethe nth term after t (w.r.t. ≺kb). So t + 0, t − 0 are just t itself. Let t − n denote theterm s such that t = s+n. In case of presence of unary function symbol of weight0 and there exists no s such that s + n = t, let t − n (n ≥ 1) denote an arbitraryfixed term s′ such that s′ ≺kb

n t. Note that t + n, t − n are just syntactic sugars.Gap orders between these terms can be brought back to L Z

kb . For example,

t + 3 ≺kb s − 5 ↔ t + 8 ≺kb s ↔ t ≺kb9 s.

As another example,

t �kb2 s + 3 ↔ t ≺kb s ∨ t = s ∨ s �kb t.

40

It is easily seen that for n ≥ 1, t ≺]n s is equivalent to t+(n−1) ≺] s or t ≺] s−(n−1).Therefore we can rewrite (59) to

(∃x :TA)[

m∧

i=1

ui + (pi − 1) �]i x ∧

n∧

j=1

x �∗ j v j − (q j − 1)

]

, (60)

Now we guess the largest term from all lower bounds in{

ui + (pi − 1) | 1 ≤ i ≤ m}

and dually, the smallest term from all upper bounds in{

v j − (q j − 1) | 1 ≤ j ≤ n}

.

Note that the combination is finite and in general, there could be multiple termsequal to the largest lower bound or the smallest upper bound. Without loss ofgenerality we assume u1 + (p1 − 1) (resp. v1 − (q1 − 1)) is only the largest lowerbound (resp. the smallest upper bound) of x. Then (60) can be rewritten as

(∃x :TA)[

m∧

i=2

ui + (pi − 1) ≺kb u1 + (p1 − 1) ∧ u1 + (p1 − 1) �]1 x

∧ x �∗1 v1 − (q1 − 1) ∧

n∧

j=2

v1 − (q1 − 1) ≺kb v j − (n j − 1)]

, (61)

which in turn is equivalent to

m∧

i=2

ui + (pi − 1) ≺kb u1 + (p1 − 1)

∧ (∃x :TA)[

u1 + (p1 − 1) �]1 x ∧ x �

∗1 v1 − (q1 − 1)]

∧

n∧

j=2

v1 − (q1 − 1) ≺kb v j − (n j − 1) (62)

Let us consider

(∃x :TA)[

u1 + (p1 − 1) �]1 x ∧ x �

∗1 v1 − (q1 − 1)]

If necessary, we introduce boundary terms to delineate

u1 + (p1 − 1) �]1 x ∧ x �

∗1 v1 − (q1 − 1).

This process does not increase open order literals. If the delineation processcould assert x to be a boundary term, then we proceed as in Part 1 in Lemma 6.This also reduces the number of open order literals providing that x occurs inat least one open order literals in (59).

41

Now let us count the number of open order literals in (62). Suppose in(59) there are m′ ordinary lower bounds and n′ ordinary upper bounds. Weassume m′, n′ ≥ 1. Otherwise, obviously there is no open order literal left aftereliminating x. Hence there are m′ + n′ open literals in (59). We first count thenumber of open order literals outside (∃x :TA). There are four cases.

Case 1. Both u1 + (p1 − 1) and v1 − (q1 − 1) are ordinary. (More precisely, bothu1 and v1 are.) Then there are m′ − 1 + n′ − 1 open literals.

Case 2. Both u1 + (p1 − 1) and v1 − (q1 − 1) are boundary terms. Then there areno open literals.

Case 3. u1 + (p1 − 1) is an ordinary term and v1 − (q1 − 1) is a boundary term.Then there are m′ − 1 open literals.

Case 4. u1 + (p1 − 1) is a boundary term and v1 − (q1 − 1) is an ordinary term.Then there are n′ − 1 open literals.

In any case, there are at least two fewer open order literals in the quantifier-freepart of (62) than in (59). The the elimination of (∃x :TA) can generate at most oneopen literal. Therefore, the transformation from (59) to (62) reduces the numberof open order literals. The rest of work is the same as that in Part 2 in Alg. 6.

ut

42

D Negation EliminationIn this section we show the elimination of negative literals (in Lkb+). Note

that we do not care about negative integer literals.First it is easily seen that

u , v↔ u ≺w v ∨ u ≺p v ∨ u ≺l v ∨ v ≺w u ∨ v ≺p u ∨ v ≺l u

Let ] ∈ {w, p, l}. Recall that for n ≥ 0.

u �]n v↔ (u ≺]n v) ∧ ¬(u ≺]n+1 v).

For n > 0, we have

¬(u ≺wn v)↔ v ≺w u ∨

n−1∨

i=0

u �wi v,

¬(u ≺pn v)↔ uw

, vw ∨ v ≺p u ∨n−1∨

i=0

u �pi v,

¬(u ≺ln v)↔ uw

, vw ∨ ¬( ∧

1≤p≤|Σ|

Isαp (u)↔ Isαp (v))

∨ v ≺l u ∨n−1∨

i=0

u �li v,

¬(u �wn v)↔ v ≺w u ∨

n−1∨

i=0

u �wi v ∨ u ≺w

n+1 v,

¬(u �pn v)↔ uw

, vw ∨ v ≺p u ∨n−1∨

i=0

u �pi v ∨ u ≺p

n+1 v,

¬(u �ln v)↔ uw

, vw ∨ ¬( ∧

1≤p≤|Σ|

Isαp (u)↔ Isαp (v))

∨ v ≺l u

∨

n−1∨

i=0

u �li v ∨ u ≺l

n+1 v.

Note that u �]0 v is just u = v and u ≺]0 v is just u ≺] v∨u = v. So without lossof generality we assume that all literals occur positively.

We can also assume no negation of test literals occurs because

¬Isαp (x)↔∨

αq∈C,αp.αq

Isαq (x), ¬IsA(x)↔∨

αp∈C\A

Isαp (x).

43

E DefinitionsIn this section, we show the the integer functions used in reductions in

Appendices F-O can be defined in Presburger arithmetic. As a consequence, wecan freely use the following functions to form any integer terms.

E.1 Definition of IsTWk(n).IsTWk(n) says that n is the weight of a k-tuple.

∃z1, . . . ,∃zk > 0(

k∑

i=1

zi = n ∧k∧

i=1

Tree(zi))

.

E.2 Definition of IsTWk(n, p).

IsTWk(n, p) says that n is the weight of a k-tuple whose first component is oftype αp.

∃z1, . . . ,∃zk > 0(

k∑

i=1

zi = n ∧k∧

i=1

Tree(zi) ∧ Treeαp (z1))

.

E.3 Definition of IsCWk(n,m).IsCWk(n,m) says that m is the weight of a component in a k-tuple of weight

n.IsTWk(n) ∧ IsTWk−1(n −m).

E.4 Definition of IsCWk(n,m, p).

IsCWk(n,m, p) says that m is the weight of a component in a k-tuple of weightn whose first component is of type αp.

IsTWk(n, p) ∧ IsTWk−1(n −m)

E.5 Definition of x = MinCWk(n, r, r′).MinCWk(n, r, r′) returns the smallest integer in (r, r′) which is the weight of a

component in a k-tuple of weight n. It returns r if there is no such integer.[

¬IsTWk(n) ∨ ∀z(r < z < r′ → ¬IsCWk(n, z))→ x = r]

∨[

IsTWk(n) ∧ ∃z(r < z < r′ ∧ IsCWk(n, z))

→ IsCWk(n, x) ∧ ∀z(r < z < x→ ¬IsCWk(n, z))]

.

E.6 Definition of x = MinCWk(n, p, r, r′).

MinCWk(n, p, r, r′) returns the smallest integer in (r, r′) which is the weight ofa component in a k-tuple of weight n and with the first component be of typeαp. It returns r if there is no such integer.

[

¬IsTWk(n, p) ∨ ∀z(r < z < r′ → ¬IsCWk(n, z, p))→ x = r]

∨[

IsTWk(n, p) ∧ ∃z(r < z < r′ ∧ IsCWk(n, z, p))

→ IsCWk(n, x, p) ∧ ∀z(r < z < x→ ¬IsCWk(n, z, p))]

.

44

E.7 Definition of x = MaxCWk(n, r, r′).MaxCWk(n, r, r′) returns the largest integer in (r, r′) which is the weight of a

component in a k-tuple of weight n. It returns r if there is no such integer.[

¬IsTWk(n) ∨ ∀z(r < z < r′ → ¬IsCWk(n, z))→ x = r]

∨[

IsTWk(n) ∧ ∃z(r < z < r′ ∧ IsCWk(n, z))

→ IsCWk(n, x) ∧ ∀z(x < z < r′ → ¬IsCWk(n, z))]

.

E.8 Definition of x = MaxCWk(n, p, r, r′).

MaxCWk(n, p, r, r′) returns the largest integer in (r, r′) which is the weight ofa component in a k-tuple of weight n and with the first component be of typeαp. It returns r if there is no such integer.

[

¬IsTWk(n, p) ∨ ∀z(r < z < r′ → ¬IsCWk(n, z, p))→ x = r]

∨[

IsTWk(n, p) ∧ ∃z(r < z < r′ ∧ IsCWk(n, z, p))

→ IsCWk(n, x, p) ∧ ∀z(x < z < r′ → ¬IsCWk(n, z, p))]

.

E.9 Definition of x = CWki (n, r, r′) (i > 0).

CWki (n, r, r′) returns the ith smallest integer in (r, r′) which is the weight of

a component in a k-tuple of weight n. Suppose that there are m (m ≥ 0) suchdistinct integers in (r, r′) which are weights of components in a k-tuple of weightn. If i > m, then CWk

i (n, r, r′) = MaxCWk(n, r, r′). We give the definition byinduction on m.Case i = 1.

x = MinCWk(n, r, r′).

Case i > 1.[

x > CWki−1(n, r, r′) ∧ r < x < r′ ∧ IsCWk(n, x)

∧ ∀z(CWki−1(n, r, r′) < z < x→ ¬IsCWk(n, z)

]

∨[

∀z(z > CWki−1(n) ∧ r < z < r′ → ¬IsCWk(n, z)) ∧ x = CWk

i−1(n)]

.

E.10 Definition of x = CWki (n, p, r, r′) (i > 0).

CWki (n, p, r, r′) returns the ith smallest integer in (r, r′) which is the weight

of a component in a k-tuple of weight n and with the first component of typeαp. Suppose that there are m (m ≥ 0) such distinct integers in (r, r′) which areweights of components in a k-tuple of weight n. If i > m, then CWk

i (n, p, r, r′) =MaxCWk(n, p, r, r′). We give the definition by induction on m.Case i = 1.

x = MinCWk(n, p, r, r′).

45

Case i > 1.[

x > CWki−1(n, p, r, r′) ∧ r < x < r′ ∧ IsCWk(n, x, p)

∧ ∀z(CWki−1(n, p, r, r′) < z < x→ ¬IsCWk(n, z, p)

]

∨[

∀z(z > CWki−1(n, p) ∧ r < z < r′ → ¬IsCWk(n, z, p)) ∧ x = CWk

i−1(n, p)]

.

With no risk of confusion, we write MinCWk(n), MaxCWk(n) and CWki (n) for

MinCWk(n, 0, n + 1), MaxCWk(n, 0, n + 1) and CWki (n, 0, n + 1) respectively. Simi-

larly MinCWk(n, p), MaxCWk(n, p) and CWki (n, p) stand for MinCWk(n, p, 0, n+ 1),

MaxCWk(n, p, 0, n + 1) and CWki (n, p, 0, n + 1) respectively.

E.11 Definition of x = SCWki (n) (1 ≤ i ≤ k).

SCWki (n) returns the weight of the ith component of the smallest k-tuple (w.r.t.

≺k;kb) of weight n. It returns 0 if no such weight exists. We define it inductivelyas follows.Case i = 1.

x = MinCWk(n).

Case 1 < i ≤ k.

¬IsTWk(n)→ x = 0 ∧

IsTWk(n)→ x = MinCWk−i+1(

n −i−1∑

j=1

SCWkj (n))

.

E.12 Definition of x = SCWki (n, p) (1 ≤ i ≤ k).

SCWki (n) returns the weight of the ith component of the smallest k-tuple (w.r.t.

≺k;kb) of weight n and with the first component of type αp. It returns 0 if no suchweight exists. We define it inductively as follows.Case i = 1.

x = MinCWk(n, p).

Case 1 < j ≤ k.

¬IsTWk(n, p)→ x = 0 ∧

IsTWk(n, p)→ x = MinCWk−i+1(

n −i−1∑

j=1

SCWkj (n, p)

)

.

E.13 Definition of x = LCWki (n) (1 ≤ i ≤ k).

LCWki (n) returns the weight of the ith component of the largest k-tuple (w.r.t.

≺k;kb) of weight n. It returns 0 if no such weight exists. We define it inductivelyas follows.Case i = 1.

x = MaxCWk(n).

46

Case 1 < i ≤ k.

¬IsTWk(n)→ x = 0 ∧

IsTWk(n)→ x = MaxCWk−i+1(

n −i−1∑

j=1

LCWkj (n))

.

E.14 Definition of x = LCWki (n, p) (1 ≤ i ≤ k).

LCWki (n, p) returns the weight of the ith component of the largest k-tuple

(w.r.t. ≺k;kb) of weight n and with the first component of type αp. It returns 0 ifno such weight exists. We define it inductively as follows.Case i = 1.

x = MaxCWk(n, p).

Case 1 < i ≤ k.

¬IsTWk(n, p)→ x = 0 ∧

IsTWk(n, p)→ x = MaxCWk−i+1(

n −i−1∑

j=1

LCWkj (n, p)

)

.

E.15 Definition of Well-definedness.The following are well-definedness predicates for boundary terms or bound-

ary tuples.

WD0w (m)↔ Tree(m)WD1w (m)↔ Tree(m)

WD0p(m, p)↔ Tree(αp)(m)WD1p(m, p)↔ Tree(αp)(m)WD0k;kb (n)↔ IsTWk(n)

WD1k;kb (n)↔ IsTWk(n)

WD0k;w (n,m)↔ IsCWk(n,m)

WD1k;w (n,m)↔ IsCWk(n,m)

WD0k;p (n,m, p)↔ IsCWk(n,m) ∧ Tree(αp)(m)

WD1k;p (n,m, p)↔ IsCWk(n,m) ∧ Tree(αp)(m)

47

F Reductions of Open Gap OrdersFrom from this section to Sec. O, we define reductions on ≺]n and ≺k;]

n (] ∈{w, p, l}, n ≥ 0, k > 0). The reductions on �]n and �k;]

n can be similarly defined.F.1 Reduction of u ≺w

n v.∨

n1+n2+n3=nn1,n3≥0,n2≥1

u ≺pln1

1w(uw) ≺

wn2

0w(vw) ≺

pln3

v.

F.2 Reduction of u ≺pn v.

Let type(u) = αp and type(v) = αq.∨

n1+n2+n3=nn1,n3≥0,n2≥1

u ≺ln1

1puw,p ≺

pn2

0pvw,q ≺

ln3

v.

F.3 Reduction of u ≺ln v.

Let u = α(u1, . . . , uk) and v = α(v1, . . . , vk).

〈u1, . . . , uk〉 ≺k;kbn 〈v1, . . . , vk〉.

48

G Reduction of Half Open Equalities.Let u = αq(u1, . . . , uk).

G.1 Reduction of 1w(m)= u.

q−1∧

i=1

¬Tree(αi)(uw) ∧m = uw ∧ 1kb(uw−W(αq)) = 〈u1, . . . , uk〉

G.2 Reduction of 1p

(m,p)= u.

p = q ∧m = uw ∧ 1kb(uw−W(αq)) = 〈u1, . . . , uk〉

G.3 Reduction of 0w(m)= u.

|Σ|∧

i=q+1

¬Tree(αi)(uw) ∧m = uw ∧ 0kb(uw−W(αq)) = 〈u1, . . . , uk〉

G.4 Reduction of 0p

(m,p)= u.

p = q ∧m = uw ∧ 0kb(uw−W(αp)) = 〈u1, . . . , uk〉

49

H Reduction of Half Open Gap OrdersLet u = αq(u1, . . . , uk).

H.1 Reduction of 0w(m)≺w

n u.

∨

n1+n2=nn1≥1,n2≥0

0w(m) ≺

wn1

0w(uw) ≺

pln2

u.

H.2 Reduction of 0w(m)≺

pn u.

∨

n1+n2=nn1≥1,n2≥0

0w(m) ≺

pn1

0p(m,q) ≺

ln2

u.

H.3 Reduction of 0w(m)≺l

n u.

Isαq (u) ∧m = uw ∧

|Σ|∧

i=q+1

¬Tree(αi)(uw) ∧ 0k;kb(m−W(αq)) ≺

k;kbn 〈u1, . . . , uk〉.

H.4 Reduction of 0p

(m,p)≺w

n u.

∨

n1+n2=nn1≥1,n2≥0

0p(m,p) ≺

wn1

0w(uw) ≺

pln2

u.

H.5 Reduction of 0p

(m,p)≺

pn u.

∨

n1+n2=nn1≥1,n2≥0

0p(m,p) ≺

pn1

0p(m,q) ≺

ln2

u.

H.6 Reduction of 0p

(m,p)≺l

n u.

p = q ∧ Isαq (u) ∧m = uw ∧ 0k;kb(m−W(αq)) ≺

k;kbn 〈u1, . . . , uk〉.

H.7 Reduction of 1w(m)≺w

n u.

∨

n1+n2=nn1≥1,n2≥0

1w(m) ≺

wn1

0w(uw) ≺

pln2

u.

H.8 Reduction of 1p

(m,p)≺w

n u.

∨

n1+n2=nn1≥1,n2≥0

1p(m,p) ≺

wn1

0w(uw) ≺

pln2

u.

50

H.9 Reduction of u ≺wn 1w

(m).∨

n1+n2=nn1≥0,n2≥1

u ≺pln1

1w(uw) ≺

wn2

1w(m).

H.10 Reduction of u ≺pn 1w

(m).∨

n1+n2=nn1≥0,n2≥1

u ≺ln1

1p(m,q) ≺

pn2

1w(m).

H.11 Reduction of u ≺ln 1w

(m).

Isαq (u) ∧m = uw ∧

q−1∧

i=1

¬Tree(αi)(uw) ∧ 〈u1, . . . , uk〉 ≺k;kbn 1k;kb

(m−W(αq)).

H.12 Reduction of u ≺wn 1p

(m,p).

∨

n1+n2=nn1≥0,n2≥1

u ≺pln1

1w(uw) ≺

wn2

1p(m,p).

H.13 Reduction of u ≺pn 1p

(m,p).

∨

n1+n2=nn1≥0,n2≥1

u ≺ln1

1p(m,q) ≺

pn2

1p(m,p).

H.14 Reduction of u ≺ln 1p

(m,p).

p = q ∧ Isαq (u) ∧m = uw ∧ 〈u1, . . . , uk〉 ≺k;kbn 1k;kb

(m−W(αq)).

H.15 Reduction of u ≺wn 0w

(m).∨

n1+n2=nn1≥0,n2≥1

u ≺pln1

1w(uw) ≺

wn2

0w(m).

H.16 Reduction of u ≺wn 0p

(m,p).

∨

n1+n2=nn1≥0,n2≥1

u ≺pln1

1w(uw) ≺

wn2

0p(m,p).

51

I Reduction of Closed EqualitiesI.1 Reduction of 0w

(m)= 0w

(m′).

m = m′.

I.2 Reduction of 0w(m)= 0p

(m′,p′).

m = m′ ∧|Σ|∧

i=p′+1

¬Tree(αi)(m).

I.3 Reduction of 0w(m)= 1w

(m′).

m = m′ ∧ ¬CNT1(m).


(m′,p′).

m = m′ ∧|Σ|∧

i=p′+1

¬Tree(αi)(m) ∧ ¬CNT(αp′ )1 (m).

I.5 Reduction of 0p

(m,p)= 0p

(m′,p′).

m = m′ ∧ p = p′.

I.6 Reduction of 0p

(m,p)= 1w

(m′).

m = m′ ∧p−1∧

i=1

¬Tree(αi)(m) ∧ ¬CNT(αp)1 (m).

I.7 Reduction of 0p

(m,p)= 1p

(m′,p′).

m = m′ ∧ p = p′ ∧ ¬CNT(αp)1 (m).

I.8 Reduction of 1w(m)= 1w

(m′).

m = m′.


(m′,p′).

m = m′ ∧p′−1∧

i=1

¬Tree(αi)(m).

I.10 Reduction of 1p

(m,p)= 1p

(m′,p′).

m = m′ ∧ p = p′

52

J Reduction of Closed Gap OrdersJ.1 Reduction of 0w

(m)≺w

n 0w(m′)

.

∨

n1+n2=nn1≥0,n2≥1

0w(m) ≺

pln1

1w(m) ≺

wn2

0w(m′).

J.2 Reduction of 0w(m)≺

pn 0w

(m′).

false.

J.3 Reduction of 0w(m)≺l

n 0w(m′)

.

false.

J.4 Reduction of 0w(m)≺w

n 0p

(m′,p′).

∨

n1+n2+n3=nn1,n3≥0,n2≥1

0w(m) ≺

pln1

1w(m) ≺

wn2

0w(m′) ≺

wn3

0p(m′ ,p′).


pn 0p

(m′,p′).

m = m′ ∧∨

np′+1+...+n|Σ|=nnp′+1,...,n|Σ|≥0

[|Σ|∧

i=p′+1

(

ni > 0→ CNT(αi)ni−1(m)

)]

.


n 0p

(m′,p′).

false.


n 1w(m′)

.

∨

n1+n2+n3=nn1,n3≥0,n2≥1

0w(m) ≺

pln1

1w(m) ≺

wn2

0w(m′) ≺

pln3

1w(m′).


pn 1w

(m′).

m = m′ ∧∨

p,p′∈{1,...,|Σ|}p,p′

[

Tree(αp)(m) ∧ Tree(αp′ )(m)]

∧

∨

n1+...+n|Σ|=n+1n1,...,n|Σ|≥0

[|Σ|∧

i=1

(


)]

.

53


n 1w(m′)

.

m = m′ ∧∧

p,p′∈{1,...,|Σ|}p,p′

[

Tree(αp)(m)→ ¬Tree(αp′ )(m)]

∧

∨

n1+...+n|Σ|=n+1n1,...,n|Σ|≥0

[|Σ|∧

i=1

(


)]

.


n 1p

(m′,p′).

∨

n1+n2+n3+n4=nn1,n3,n4≥0,n2≥1

0w(m) ≺

pln1

1w(m) ≺

wn2

0w(m′) ≺

pln3

0w(m′,p′) ≺

pln4

1w(m′ ,p′).


pn 1p

(m′,p′).

m = m′ ∧∨

p∈{p′+1,...,|Σ|}

[

Tree(αp)(m)]

∧

∨

np′+...+n|Σ|=n+1np′ ,...,n|Σ|≥0

[|Σ|∧

i=p′

(


)]

.


n 1p

(m′,p′).

m = m′ ∧∧

p∈{p′+1,...,|Σ|}

[

¬Tree(αp)(m)]

∧ CNT(αp′ )n (m).

J.13 Reduction of 0p

(m,p)≺w

n 0w(m′)

.

∨

n1+n2=nn1≥0,n2≥1

0p(m,p) ≺

pln1

1w(m) ≺

wn2

0w(m′).


(m,p)≺

pn 0w

(m′).

false.


(m,p)≺l

n 0w(m′)

.

false.

54


(m,p)≺w

n 0p

(m′,p′).

∨

n1+n2+n3+n4=nn1,n2,n4≥0,n3≥1

0p(m,p) ≺

pln1

1p(m,p) ≺

pln2

1w(m) ≺

wn3

0w(m′) ≺

pln4

0p(m′,p′).


(m,p)≺

pn 0p

(m′,p′).

m = m′ ∧ p′ < p ∧∨

np′+...+np−1=nnp′ ,...,np−1≥0

[p−1∧

i=p′

(


)]

.


(m,p)≺l

n 0p

(m′,p′).

false.


(m,p)≺w

n 1w(m′)

.

∨

n1+n2+n3+n4=nn1,n2,n4≥0,n3≥1

0p(m,p) ≺

pln1

1p(m,p) ≺

pln2

1w(m) ≺

wn3

0w(m′) ≺

pln4

1w(m′).


(m,p)≺

pn 1w

(m′).

m = m′ ∧∨

p′∈{1,...,p−1}

[

Tree(αp′ )(m)]

∧

∨

n1+...+np=n+1n1,...,np≥0

[p∧

i=1

(


)]

.


(m,p)≺l

n 1w(m′)

.

m = m′ ∧∧

p′∈{1,...,p−1}

[

¬Tree(αp′ )(m)]

∧ CNT(αp)n (m).


(m,p)≺w

n 1p

(m′,p′).

∨

n1+n2+n3+n4+n5=nn1,n2,n4,n5≥0,n3≥1

0p(m,p) ≺

pln1

1p(m,p) ≺

pln2

1w(m) ≺

wn3

0w(m′) ≺

pln4

0p(m′,p′) ≺

pln5

1p(m′ ,p′).

55


(m,p)≺

pn 1p

(m′,p′).

m = m′ ∧ p′ < p ∧∨

np′+...+np=n+1np′ ,...,np≥0

[p∧

i=p′

(


)]

.


(m,p)≺l

n 1p

(m′,p′).

m = m′ ∧ p = p′ ∧ CNT(αp)n (m).


n 0w(m′)

.

Case n = 1.m < m′.

Case n > 1.n−1∨

r=1

∃z1 . . .∃zr[

m < z1 < . . . < zr < m′ ∧∨

n1+...+nr=n−1n1,...,nr>0

r∧

i=1

CNTni−1(zi)]

.


pn 0w

(m′).

false.


n 0w(m′)

.

false.


n 0p

(m′,p′).

∨

n1+n2=nn2≥0,n1≥1

1w(m) ≺

wn1

0w(m′) ≺

pln2

0p(m′ ,p′).


pn 0p

(m′,p′).

false.


n 0p

(m′,p′).

false.


n 1w(m′)

.

∨

n1+n2=nn2≥0,n1≥1

1w(m) ≺

wn1

0w(m′) ≺

pln2

1w(m′).

56


pn 1w

(m′).

false.


n 1w(m′)

.

false.


n 1p

(m′,p′).

∨

n1+n2+n3=nn2,n3≥0,n1≥1

1w(m) ≺

wn1

0w(m′) ≺

pln2

0w(m′,p′) ≺

pln3

1w(m′ ,p′).


pn 1p

(m′,p′).

false.


n 1p

(m′,p′).

false.


(m,p)≺w

n 0w(m′)

.

∨

n1+n2=nn1≥0,n2≥1

1p(m,p) ≺

pln1

1w(m) ≺

wn2

0w(m′).


(m,p)≺

pn 0w

(m′).

false.


(m,p)≺l

n 0w(m′)

.

false.


(m,p)≺w

n 0p

(m′,p′).

∨

n1+n2+n3=nn1,n3≥0,n2≥1

1p(m,p) ≺

pln1

1w(m) ≺

wn2

0w(m′) ≺

wn3

0p(m′,p′).

57


(m,p)≺

pn 0p

(m′,p′).

Case n = 1.m = m′ ∧ p′ < p.

Case n > 1.m = m′ ∧ p′ < p − 1 ∧

∨

np′+1+...+np−1=n−1np′+1,...,np−1≥0

[p−1∧

i=p′+1

(


)]

.


(m,p)≺l

n 0p

(m′,p′).

false.


(m,p)≺w

n 1w(m′)

.

∨

n1+n2+n3=nn1,n3≥0,n2≥1

1p(m,p) ≺

pln1

1w(m) ≺

wn2

0w(m′) ≺

pln3

1w(m′).


(m,p)≺

pn 1w

(m′).

m = m′ ∧∨

n1+...+np−1=nn1,...,np−1≥0

[p−1∧

i=1

(


)]

.


(m,p)≺l

n 1w(m′)

.

false.


(m,p)≺w

n 1p

(m′,p′).

∨

n1+n2+n3+n4=nn1,n3,n4≥0,n2≥1

1p(m,p) ≺

pln1

1w(m) ≺

wn2

0w(m′) ≺

pln3

0w(m′,p′) ≺

pln4

1w(m′ ,p′).


(m,p)≺

pn 1p

(m′,p′).

m = m′ ∧ p′ < p ∧∨

np′+...+np−1=nnp′ ...,np−1≥0

[p−1∧

i=p′

(


)]

.


(m,p)≺l

n 1p

(m′,p′).

false.

58

K Reductions of Open Gap Orders on TuplesNote that we define suborders on tuples 〈u1, . . . , uk〉 ≺

k;] 〈v1, . . . , vk〉 (] ∈{w, p, l}) as

u1 ≺] v1 ∨ u1 = v1 ∧ 〈u2, . . . , uk〉 ≺

k;kb 〈v2, . . . , vk〉,

instead as

∃i(1 ≤ i ≤ k)[

ui ≺] vi ∧ ∀ j(1 ≤ j < i)u j = v j

]

.

As we showed, this is a purely technical choice to give reduction formulasuniform appearance.

Recall that 〈u1, . . . , uk〉 ≺k;]n 〈v1, . . . , vk〉 is proper if u1 ≺

] v1. All reductionsshown in Appendices K-O are reductions of proper orders between tuples ofthe same weight. This amounts to assume implicit side conditions u1 ≺

] v1 inredexes (reduction targets).

Let sum =∑k

i=1 uwi =∑k

i=1 vwi .

K.1 Reduction of 〈u1, . . . , uk〉 ≺k;wn 〈v1, . . . , vk〉.

∨

n1+n2+n3=nn1,n3≥0,n2≥1

〈u1, . . . , uk〉 ≺k;pln1

1k;w(sum,uw

1 ) ≺k;wn2

0k;w(sum,vw

1 ) ≺k;pln3〈v1, . . . , vk〉.

K.2 Reduction of 〈u1, . . . , uk〉 ≺k;pn 〈v1, . . . , vk〉.

Let type(u1) = αp and type(v1) = αp′ .∨

n1+n2+n3=n,n1,n3≥0,n2≥1

〈u1, . . . , uk〉 ≺k;ln1

1k;p(sum,uw

1 ,p) ≺k;pn2

0k;p(sum,vw

1 ,p′) ≺

k;ln3〈v1, . . . , vk〉.

K.3 Reduction of 〈u1, . . . , uk〉 ≺k;ln 〈v1, . . . , vk〉.

Let rem =∑k

i=2 uwi =∑k

i=2 vwi .

∨

n1+n2+n3=n,n1,n2≥0,n3≥1

[

〈u2, . . . , uk〉 ≺k−1;kbn1

1k−1;kb(rem) ∧ 0k−1;kb

(rem) ≺k−1;kbn2

〈v2, . . . , vk〉

∧∨

(m1+1)(m2−1)≥(n3−1)m1≥0,m2>0,m1,m2<n3

(

0k−1;kb(rem) ≺

k−1;kbm1

1k−1;kb(rem) ∧ u1 ≺

lm2

v1

)]

,

59

L Reduction of Half Open Equalities on Tuples.L.1 Reduction of 0k;kb

(sum)= 〈u1, . . . , uk〉.

0k;w(sum,MinCWk(sum))

= 〈u1, . . . , uk〉.

L.2 Reduction of 0k;w(sum,m)

= 〈u1, . . . , uk〉.

0w(m) = u1 ∧ 0k−1;kb

(sum−m) = 〈u2, . . . , uk〉.

L.3 Reduction of 0k;p(sum,m,p)

= 〈u1, . . . , uk〉.

0p(m,p) = u1 ∧ 0k−1;kb

(sum−m) = 〈u2, . . . , uk〉

L.4 Reduction of 1k;kb(sum)

= 〈u1, . . . , uk〉.

1k;w(sum,MaxCWk(sum))

= 〈u1, . . . , uk〉.

L.5 Reduction of 1k;w(sum,m)

= 〈u1, . . . , uk〉.

1w(m) = u1 ∧ 1k−1;kb

(sum−m) = 〈u2, . . . , uk〉

L.6 Reduction of 1k;p(sum,m,p)

= 〈u1, . . . , uk〉.

1w(m,p) = u1 ∧ 1k−1;kb

(sum−m) = 〈u2, . . . , uk〉

60

M Reductions of Half Open Gap Orders on TuplesM.1 Reduction of 0k;w

(sum,m)≺

k;wn 〈u1, . . . , uk〉.

∨

n1+n2=n,n1≥1,n2≥0

0k;w(sum,m) ≺

k;wn1

0k;w(sum,uw

1 ) ≺k;pln2〈u1, . . . , uk〉.

M.2 Reduction of 0k;w(sum,m)

≺k;pn 〈u1, . . . , uk〉.

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

0w(m) ≺

pn1

u1 ∧ 0k−1;kb(sum−m) ≺

k−1;kbn2

1k−1;kb(sum−m)

∧ 0k−1;kb(sum−m) ≺

k−1;kbn3

〈u2, . . . , uk〉.

M.3 Reduction of 0k;w(sum,m)

≺k;ln 〈u1, . . . , uk〉.

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

0w(m) ≺

ln1

u1 ∧ 0k−1;kb(sum−m) ≺

k−1;kbn2

1k−1;kb(sum−m)

∧ 0k−1;kb(sum−m) ≺

k−1;kbn3

〈u2, . . . , uk〉.

M.4 Reduction of 0k;p(sum,m,p)

≺k;wn 〈u1, . . . , uk〉.

∨

n1+n2=n,n1≥1,n2≥0

0k;p(sum,m,p) ≺

k;wn1

0k;w(sum,uw

1 ) ≺k;pln2〈u1, . . . , uk〉.


≺k;pn 〈u1, . . . , uk〉.

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

0p(m,p) ≺

pn1

u1 ∧ 0k−1;kb(sum−m) ≺

k−1;kbn2

1k−1;kb(sum−m)

∧ 0k−1;kb(sum−m) ≺

k−1;kbn3

〈u2, . . . , uk〉.


≺k;ln 〈u1, . . . , uk〉.

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

0p(m,p) ≺

ln1

u1 ∧ 0k−1;kb(sum−m) ≺

k−1;kbn2

1k−1;kb(sum−m)

∧ 0k−1;kb(sum−m) ≺

k−1;kbn3

〈u2, . . . , uk〉.

61

M.7 Reduction of 〈u1, . . . , uk〉 ≺k;wn 1k;w

(sum,m).

∨

n1+n2=n,n1≥0,n2≥1

〈u1, . . . , uk〉 ≺k;pln1

1k;w(sum,uw

1 ) ≺k;wn2

1k;w(sum,m).

M.8 Reduction of 〈u1, . . . , uk〉 ≺k;pn 1k;w

(sum,m).

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

u1 ≺pn1

1w(m) ∧ 0k−1;kb

(sum−m) ≺k−1;kbn2

1k−1;kb(sum−m)

∧ 〈u2, . . . , uk〉 ≺k−1;kbn3

1k−1;kb(sum−m).

M.9 Reduction of 〈u1, . . . , uk〉 ≺k;ln 1k;w

(sum,m).

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

u1 ≺ln1

1w(m) ∧ 0k−1;kb


1k−1;kb(sum−m)

∧ 〈u2, . . . , uk〉 ≺k−1;kbn3

1k−1;kb(sum−m).

M.10 Reduction of 〈u1, . . . , uk〉 ≺k;wn 1k;p

(sum,m,p).

∨

n1+n2=n,n1≥0,n2≥1

〈u1, . . . , uk〉 ≺k;pln1

1k;w(sum,uw

1 ) ≺k;wn2

1k;p(sum,m,p).

M.11 Reduction of 〈u1, . . . , uk〉 ≺k;pn 1k;p

(sum,m,p).

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

u1 ≺pn1

1p(m,p) ∧ 0k−1;kb


1k−1;kb(sum−m)

∧ 〈u2, . . . , uk〉 ≺k−1;kbn3

1k−1;kb(sum−m).

M.12 Reduction of 〈u1, . . . , uk〉 ≺k;ln 1k;p

(sum,m,p).

∨

n1(n2+1)+n3≥n,0≤n1,n2,n3≤n

u1 ≺ln1

1p(m,p) ∧ 0k−1;kb


1k−1;kb(sum−m)

∧ 〈u2, . . . , uk〉 ≺k−1;kbn3

1k−1;kb(sum−m).

62

N Reduction of Closed Equalities on TuplesN.1 Reduction of 0k;w

(sum,m)= 0k;w

(sum′,m′).

sum = sum′ ∧m = m′.

N.2 Reduction of 0k;w(sum,m)

= 0k;p(sum′,m′,p′)

.

sum = sum′ ∧m = m′ ∧|Σ|∧

i=p′+1

¬Tree(αi)(m).


= 1k;w(sum′,m′)

.

sum = sum′ ∧m = m′ ∧ ¬CNT1(m) ∧ 0k−1;kb(sum−m) = 1k−1;kb

(sum′−m′).


= 1k;p(sum′,m′,p′)

.

sum = sum′ ∧ m = m′ ∧|Σ|∧

i=p′+1

¬Tree(αi)(m) ∧

¬CNT(αp′ )1 (m) ∧ 0k−1;kb

(sum−m) = 1k−1;kb(sum′−m′).

N.5 Reduction of 0k;p(sum,m,p)

= 0k;p(sum′,m′,p′)

.

sum = sum′ ∧m = m′ ∧ p = p′.


= 1k;w(sum′,m′)

.

sum = sum′ ∧ m = m′ ∧p−1∧

i=1

¬Tree(αi)(m) ∧

¬CNT(αp)1 (m) ∧ 0k−1;kb



= 1k;p(sum′,m′,p′)

.

sum = sum′ ∧ m = m′ ∧ p = p′ ∧

¬CNT(αp)1 (m) ∧ 0k−1;kb



= 1k;w(sum′,m′)

.

sum = sum′ ∧m = m′.

63


= 1k;p(sum′,m′,p′)

.

sum = sum′ ∧m = m′ ∧p′−1∧

i=1

¬Tree(αi)(m).


= 1k;p(sum′,m′,p′)

.

sum = sum′ ∧m = m′ ∧ p = p′.

64

O Reductions of Closed Gap Orders on TuplesAs relations between tuples are syntactic sugar, we only need a small portion

of reductions in the following list.

O.1 Reduction of 0k;w(sum,m)

≺k;wn 0k;w

(sum,m′).

∨

n1+n2=nn1≥0,n2≥1

0k;w(sum,m) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′).


≺k;pn 0k;w

(sum,m′).

false.


≺k;ln 0k;w

(sum,m′).

false.


≺k;wn 0k;p

(sum,m′,p′).

∨

n1+n2+n3=nn1,n3≥0,n2≥1

0k;w(sum,m) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′) ≺

k;pln3

0k;p(sum,m′,p′).


≺k;pn 0k;p

(sum,m′,p′).

∨

n1(n2+1)≥nn1>0,n2≥0,n1,n2≤n

0w(m) ≺

pn1

0p(m′,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 0k;p

(sum,m′,p′).

false.


≺k;wn 1k;w

(sum,m′).

Case m = m′.∨

(n1+1)(n2+1)≥n+10≤n1,n2≤(n+1)

0w(m) ≺

wn1

1w(m) ∧ 0k−1;kb

sum−m ≺k−1;kbn2

1k−1;kbsum−m.

Case m < m′.n−1∨

r=1

[

m ≤ CWk1(sum,m,m′) < . . . < CWk

r(sum,m,m′) ≤ m′ ∧

∨

∑ri=1 ni=n+1

ni≥1

r∧

i=1

0k;w(sum,CWk

i (sum,m,m′))≺

k;wni−1 1k;w


]

.

65


≺k;pn 1k;w

(sum,m′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0w(m) ≺

pn1

1w(m′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 1k;w

(sum,m′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0w(m) ≺

ln1

1w(m′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;wn 1k;p

(sum,m′,p′).

∨

n1+n2+n3+n4=nn1,n3,n4≥0,n2≥1

0k;w(sum,m) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′) ≺

k;pln3

0k;p(sum,m′,p′) ≺

k;pln4



≺k;pn 1k;p

(sum,m′,p′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0w(m) ≺

pn1

1p(m′,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 1k;p

(sum,m′,p′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0w(m) ≺

ln1

1p(m′,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).

O.13 Reduction of 0k;p(sum,m,p)

≺k;wn 0k;w

(sum,m′).

∨

n1+n2=nn1≥0,n2≥1

0k;p(sum,m,p) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′).


≺k;pn 0k;w

(sum,m′).

false.


≺k;ln 0k;w

(sum,m′).

false.

66


≺k;wn 0k;p

(sum,m′,p′).

∨

n1+n2+n3+n4=nn1,n2,n4≥0,n3≥1

0k;p(sum,m,p) ≺

k;pln1

1k;p(sum,m,p) ≺

k;pln2

1k;w(sum,m) ≺

k;wn3

0k;w(sum,m′) ≺

k;pln4



≺k;pn 0k;p

(sum,m′,p′).

∨

n1(n2+1)≥nn1>0,n2≥0,n1,n2≤n

0p(m,p) ≺

pn1

0p(m′ ,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 0k;p

(sum,m′,p′).

false.


≺k;wn 1k;w

(sum,m′).

∨

n1+n2+n3+n4=nn1,n2,n4≥0,n3≥1

0k;p(sum,m,p) ≺

k;pln1

1k;p(sum,m,p) ≺

k;wn2

1k;w(sum,m) ≺

k;pln3

0k;w(sum,m′) ≺

k;pln4

1k;w(sum,m′).


≺k;pn 1k;w

(sum,m′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0p(m,p) ≺

pn1

1w(m′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 1k;w

(sum,m′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0p(m,p) ≺

ln1

1w(m′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;wn 1k;p

(sum,m′,p′).

∨

n1+n2+n3+n4+n+5=nn1,n2,n4,n5≥0,n3≥1

0k;p(sum,m,p) ≺

k;pln1

1k;p(sum,m,p) ≺

k;pln2

1k;w(sum,m,p)

≺k;wn3

0k;w(sum,m′) ≺

k;pln4


k;pln5


67


≺k;pn 1k;p

(sum,m′,p′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0p(m,p) ≺

pn1

1p(m′,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 1k;p

(sum,m′,p′).

∨

(n1+1)(n2+1)≥n+1n1>0,n2≥0,n1,n2≤n+1

0p(m,p) ≺

ln1

1p(m′,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;wn 0k;w

(sum,m′).

n−1∨

r=1

[

m < CWk1(sum,m,m′) < . . . < CWk

r(sum,m,m′) < m′ ∧

∨

∑ri=1 ni=n−1

ni≥1

r∧

i=1

0k;w(sum,CWk

i (sum,m,m′))≺

k;wni−1 1k;w


]

.


≺k;pn 0k;w

(sum,m′).

false.


≺k;ln 0k;w

(sum,m′).

false.


≺k;wn 0k;p

(sum,m′,p′).

∨

n1+n2+n3=nn1≥1,n2≥0

1k;w(sum,m) ≺

k;wn1

0k;w(sum,m′) ≺

k;pln2



≺k;pn 0k;p

(sum,m′,p′).

false


≺k;ln 0k;p

(sum,m′,p′).

false.

68


≺k;wn 1k;w

(sum,m′).

∨

n1+n2=nn2≥0,n1≥1

1k;w(sum,m) ≺

k;wn1

0k;w(sum,m′) ≺

k;pln2

1k;w(sum,m′).


≺k;pn 1k;w

(sum,m′).

false


≺k;ln 1k;w

(sum,m′).

false.


≺k;wn 1k;p

(sum,m′,p′).

∨

n1+n2+n3=nn2,n3≥0,n1≥1

1k;w(sum,m) ≺

k;wn1

0k;w(sum,m′) ≺

k;pln2

0k;p(sum,m′,p′). ≺

k;pln3



≺k;pn 1k;p

(sum,m′,p′).

false.


≺k;ln 1k;p

(sum,m′,p′).

false.


≺k;wn 0k;w

(sum,m′).

∨

n1+n2=nn1≥0,n2≥1

1k;p(sum,m,p) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′).


≺k;pn 0k;w

(sum,m′).

false.


≺k;ln 0k;w

(sum,m′).

false.


≺k;wn 0k;p

(sum,m′,p′).

∨

n1+n2+n3=nn1,n3≥0,n2≥1

1k;p(sum,m,p) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′) ≺

k;pln3


69


≺k;pn 0k;p

(sum,m′,p′).

∨

(n1−1)(n2+1)≥n−1n1>0,n2≥0,n1,n2≤n−1

0p(m) ≺

pn1

1p(m) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 0k;p

(sum,m′,p′).

false.


≺k;wn 1k;w

(sum,m′).

∨

n1+n2+n3+n4=nn1,n3≥0,n2≥1

1k;p(sum,m,p) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′) ≺

k;pln3

1k;w(sum,m′)


≺k;pn 1k;w

(sum,m′).

∨

(n1)(n2+1)≥nn1>0,n2≥0,n1,n2≤n

1p(m,p) ≺

pn1

1w(m′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 1k;w

(sum,m′).

false.


≺k;wn 1k;p

(sum,m′,p′).

∨

n1+n2+n3+n4=nn1,n3,n4≥0,n2≥1

1k;p(sum,m,p) ≺

k;pln1

1k;w(sum,m) ≺

k;wn2

0k;w(sum,m′) ≺

k;pln3


k;pln4



≺k;pn 1k;p

(sum,m′,p′).

∨

n1(n2+1)≥nn1>0,n2≥0,n1,n2≤n

1p(m,p) ≺

pn1

1p(m′ ,p′) ∧ 0k−1;kb


1k−1;kb(sum−m).


≺k;ln 1k;p

(sum,m′,p′).

false.

70

P FAQThis section contains frequently asked questions and answers. The concerns

have been addressed in the previous sections. We collect them here just for easeof reference.

P.1 Question:If a language with the unary function f of weight 0, how to do depth-reduction

for literals of the forms Lx ≺ln x and Lx �l

n x where L is a proper non-emptyselector sequence?

Answer:If t is a boundary term or an ordinary term not containing x, then the result

follows directly from Lemma 4. Suppose otherwise t must be in the form Lxwhere L is non-empty block of selectors. We have two cases depending onwhether Lx is at the left-hand side or the right-hand side of ?.

As x is αp-typed, without loss of generality we may assume L ≡ L′s1 wheres1 is the 1st αp-selector.

Case 1. x ? Lx, for ? ∈ {≺wn ,≺

pn,≺

ln,�

wn ,�

pn,�

ln}. Then x ? Lx simplifies to false.

Since L is non-empty and constraints are type-complete, Lx is a proper subtermof x. For n = 0, x ? Lx does not hold as x , Lx. For n > 1, x ? Lx violates thesubterm property of KBO [1].

Case 2. Lx ? x, for ? ∈ {≺wn ,≺

pn,≺

ln,�

wn ,�

pn,�

ln}. We assume n > 1 as x , Lx. If ?

is ≺wn (resp. ≺p

n), Reduction F.1 (resp. F.2) puts x and Lx in separate literals, andhence the problem goes away. Similarly if ? is �w

n or �pn. The last two cases are

Lx ≺ln x and Lx �l

n x, which are only possible when the language contains theunary function f of weight 0, and L must be a non-empty block of s f (where s fis the corresponding selector of f ). (If L is not of the form {s f }

+, then {Lx}w < xw

and hence Lx ≺ln x simplifies to false.) We first consider Lx ≺l

n x, which is of theform

sif (x) ≺l

n x (63)

where n > 0, sif denote i time applications of s f . First note that (63) certainly

implies Is f (sif (x)). There are two subcases:

A. There is a non-atom term whose weight is xw and type is not f . Letg(t1, . . . , t j) be such a term; i.e., g . f and (g(t1, . . . , t j))w = xw.1. If si

f (x) is f k(a) (where k > 0 and a is an atom), then x is f i+k(a).Since (g(t1, . . . , t j))w = xw = aw, we have either a ≺p g(t1, . . . , t j) org(t1, . . . , t j) ≺p a.(a) a ≺p g(t1, . . . , t j). Then

f k(a) ≺l f k(g(t1, . . . , t j)) ≺l . . . ≺l f k(g( f l(t1), . . . , t j)) ≺l . . . ≺l f i+k(a).

71

(b) g(t1, . . . , t j) ≺p a. Then

f k(a) ≺l f i+k(g(t1, . . . , t j)) ≺l . . . ≺l f i+k(g( f l(t1), . . . , t j)) ≺l . . . ≺l f i+k(a).

2. If sif (x) is f k(h(t1, . . . , t j)) (where k > 0 and h . f ), then x is f k+i(h(t1, . . . , t j)).

We have

f k(h(t1, . . . , t j)) ≺l . . . ≺l f k(h( f l(t1), . . . , t j)) ≺l . . . ≺l f i+k(a)

In all of cases, there are infinitely many terms in between sif (x) and x, and

hence (63) simplifies to Is f (sif (x)).

B. Any term of weight xw consists of only f -terms ( f -type terms) or atoms. Thecondition says that si

f (x) must be in the form f k(a) (for some atom a and k > 0)and then x is in the form f k+i(a). Note that in this situation, f k(a) �l

r f k+i(a)where r is i times the number of trees of weight xw in the signature with fexcluded. For example, let Σ = 〈 f , a, b〉, we have f (a) �l

4 f 3(a), namely

f (a) �l f (b) �l f 2(a) �l f 2(b) �l f 3(a).

It is not hard to see that (63) simplifies to

Is f (sif (x)) ∧ CNTm(xw),


Similarly we can simplify Lx �ln x, which has the form

sif (x) �l

n x (64)

where n > 0, sif denote i time applications of s f . As before (64) certainly implies

Is f (sif (x)). There are two subcases:

A. There is a non-atom term whose weight is xw and type is not f . Since thereare infinitely many terms in between si

f (x) and x, (64) simplifies to false.B. Any term of weight xw consists of only f -terms ( f -type terms) or atoms. It

is not hard to see that (64) simplifies to

Is f (sif (x)) ∧ CNTm(xw) ∧ ¬CNTm+1(xw) ∧ i | n,


At last we note that each of preconditions can be expressed in Presburgerarithmetic; the condition for A is

∨

α∈C\A\{ f }

Treeα(xw), (65)

and the condition for B is just the negation of (65).

72

P.2 Question:In some proofs, you do a transformation by case distinction, but these cases

depend on the values of variables. However, you have to give syntactic trans-formations which are equivalences for all values of the variables.Answer:

Though we do the transformation at semantic level by case distinction, thecorresponding syntactic transformations (that we really need) can be recoveredstraightforwardly as follows. Let ϕ(t) be a formula in which term t occurs. Con-sider there are n cases in each of which under the precondition θi (expressible inour language), t is reduced to ti (1 ≤ i ≤ n). Then ϕ(t) can be rewritten as eitherone of

∧

i

(

θi → ϕ(ti))

,∨

i

(

θi ∧ ϕ(ti))

.

Succinctly, t can be written as either∧n

i=1

(

θi → ti)

or∨n

i=1

(

θi ∧ ti)

, which iscalled a conditional term. For details, see pages 124-129 in

“The Deductive Foundations of Computer Programming”, by ZoharManna and Richard Waldinger, Addison-Wesley, 1993

P.3 Question:How do you eliminate equalities like

(∃x : TA)[

x = t ∧ ϕ(x)]

(66)

where ϕ(x) is an arbitrary conjunction of literals in L Zkb+ .

Answer:If t does not contain x, then (66) simplifies to ϕ(t). Otherwise, we have three

cases to consider.

Case 1. t ≡ x. Then (∃x)[x = x ∧ ϕ(x)] simplifies to (∃x)ϕ(x).Case 2. t ≡ Lx where L is a non-empty selector block. Then (∃x)(x = Lx∧ϕ(x))

simplifies to false. Note that here we assume that terms like Lx are proper(see Def. 16)

Case 3. t is a boundary term in which (Lix)w (i ≤ n) occur (as parts of an integerfunction). In this case (66) has the form

(∃x :TA)[

x = t[ f ((L0x)w, . . . , (Lnx)w, xw)] ∧ ϕ(x)]

, (67)

where f ((L0x)w, . . . , (Lnx)w, xw) denotes the outmost Presburger function con-taining (Lix)w (i ≤ n) and xw. We assume t[ f ((L0x)w, . . . , (Lnx)w, xw)] is a well-defined boundary term (see Sec. E.15). Otherwise t = ⊥ and hence (46)reduces to ϕ(⊥). Without loss of generality, we assume Lix enumerate all se-lector terms containing x in (47) and they form a tree (with x being the root,Lix including all leaves). In addition, in this tree sibling nodes are coexistent,

73

called sibling-complete. For example, in Alist if car(x) appear, we can assumethat cdr(x) also appear. The induced tree is cons(car(x), cdr(x)) where x is theroot, car(x), cdr(x) are two leaves. Note that Lix also include intermediatenodes in the induced tree. In general, if we need L′x to appear, we can justset

f ((L0x)w, . . . , (Lnx)w, (L′x)w, xw) := f ((L0x)w, . . . , (Lnx)w, xw) + (L′x)w − (L′x)w.

It is easily seen that (67) is equivalent to

(∃x :TA)[

x = t[ f ((L0x)w, . . . , (Lnx)w, xw)] ∧ ϕ(t[ f ((L0x)w, . . . , (Lnx)w, xw)])]

.

(68)

Note that in (68) x only has one term occurrence, namely, as the left-handside of

x = t[ f ((L0x)w, . . . , (Lnx)w, xw)]. (69)

We claim that (68) is equivalent to

(∃(L0x)w, . . . (Lnx)w, xw :Z)[

ϕ(t[ f ((L0x)w, . . . , (Lnx)w, xw)]) ∧ ∆]

, (70)

where ∆ is the constraint to describe the weight relations in the inducedtree. More precisely, it satisfies the following conditions.1. If Lix is of type αp and has immediate children s

αp

1 Lix, . . . , sαp

k Lix, then ∆includes

(Lix)w =(

k∑

j=1

(sαp

j Lix)w)

+W(αp).

In particular, it includes

xw =∑

i∈I⊆{0..n}

(Lix)w + c.

where I is the index of all leaf nodes and c is the sum of the weight ofintermediate nodes of the tree with root x.

2. For i ∈ I,∆ includes Tree((Lix)w); if Lix isα-typed,∆ includes Treeα((Lix)w).These assertions constrains each leaf to have a well-defined weight.

3. ∆ also includes constraints that require that L0x, . . . , Lnx, x form a bound-ary term. For example, suppose t ≡ 0w

( f ((L0x)w,...,(Lnx)w,xw)). Then each nodeLix must be the smallest (w.r.t. ≺kb) of weight (Lix)w. If Lix is of type αp,then there exists no p′ such that p < p′ ≤ |Σ| and Treeαp′ ((Lix)w) holds.This constraint is formally expressed by

∧

p<p′≤|Σ|

¬Treeαp′ ((Lix)w).

74

A similar constraint is added for x. Besides that, if Lix has k siblings,namely, in the order from left to right, Li1 x, . . . , Lik x (where Li j ≡ s

αp

j for1 ≤ j ≤ k), we require that 〈Li1 x, . . . , Lik〉 be the smallest k-tuple (w.r.t.≺k;kb) of weight n =

∑kj=1(Li j x)w. This constraint is formally expressed by

k∧

j=1

(Li j x)w = SCWkj (n),

where SCWkj (n) returns the weight of the jth component of the small-

est k-tuple (w.r.t. ≺k;kb) of weight n (see Sec. E.11). Similarly we obtainconstraints for

t ≡ 0p( f ((L0x)w,...,(Lnx)w,xw), ), t ≡ 1w

( f ((L0x)w,...,(Lnx)w,xw)), t ≡ 1p( f ((L0x)w,...,(Lnx)w,xw), ).

Notice that here (Lix)w, xw serve as purely syntactical variables. A variablerenaming can bring (70) to

(∃z0, . . . zn, z :Z)[

ϕ′(t[ f (z0, . . . , zn, z)]) ∧ ∆(z0, . . . , zn, z)]

. (71)

We show the equivalence between (68) and (70). First it is obvious that (68)implies (70) because ∆ describes weight constraints on the boundary termtree rooted at x. To show that (70) implies (68), it suffices to show there existsx such that (69) holds. Again because of ∆, (L0x)w, . . . , (Lnx)w, xw satisfiesweight constraints of a boundary term (tree) and f ((L0x)w, . . . , (Lnx)w, xw)makes t well-defined. Therefore (L0x)w, . . . , (Lnx)w, xw can be “realized” bya TA-term x which is a boundary term. Intuitively, when a term x occursinside the weight function, its term properties is deprived.We like to point out two things in this elimination by substitution. First thesubstitution from (67) to (68) may put a boundary term inside a selectorterm. In fact, it is only the substitution that makes a boundary term appearinside a selector. However, Lemma 2 eliminates this superficial complica-tion. Second, the substitution obviously does not increase the number ofopen order literals.

75

Date post:	25-Jun-2020
Category:	Documents
Upload:	others
View:	6 times
Download:	0 times

theory.stanford.edutheory.stanford.edu/~sipma/papers/cade05l.pdf · The Decidability of the...

Documents